diff --git a/Makefile b/Makefile index d49f4201..48747e87 100644 --- a/Makefile +++ b/Makefile @@ -21,26 +21,32 @@ CFLAGS += \ LDFLAGS += -Wl,-gc-sections NDK_PATH := /usr/lib/android-sdk/ndk-bundle -NDK_SSL_PATH := deps/openssl_android NDK_API_VERSION := 30 NDK_TARGET_TRIPLE := aarch64-linux-android debug windebug androiddebug: CFLAGS += -Og debug release androidrelease: LDFLAGS += -rdynamic release winrelease: CFLAGS += -DNDEBUG -O3 -windebug winrelease: CC = i686-w64-mingw32-gcc-win32 +windebug winrelease: CC = x86_64-w64-mingw32-gcc-win32 windebug winrelease: AS = $(CC) -windebug winrelease: CFLAGS += -D_WIN32_WINNT=0x0A00 -DWINVER=0x0A00 -DNTDDI_VERSION=NTDDI_WIN10 -windebug winrelease: LDFLAGS += -static +windebug winrelease: CFLAGS += \ + -D_WIN32_WINNT=0x0A00 \ + -DWINVER=0x0A00 \ + -DNTDDI_VERSION=NTDDI_WIN10 \ + -Ideps/openssl/mingw64/include +windebug winrelease: LDFLAGS += \ + -static \ + -lm \ + -Ldeps/openssl/mingw64/lib androiddebug androidrelease: CC = $(NDK_PATH)/toolchains/llvm/prebuilt/linux-x86_64/bin/clang androiddebug androidrelease: AS = $(CC) androiddebug androidrelease: CFLAGS += \ -target $(NDK_TARGET_TRIPLE)$(NDK_API_VERSION) \ - -I$(NDK_SSL_PATH)/arm64-v8a/usr/local/include \ + -Ideps/openssl/android/arm64-v8a/usr/local/include \ -Wno-unknown-warning-option androiddebug androidrelease: LDFLAGS += \ -target $(NDK_TARGET_TRIPLE)$(NDK_API_VERSION) \ - -L$(NDK_SSL_PATH)/arm64-v8a/usr/local/lib + -Ldeps/openssl/android/arm64-v8a/usr/local/lib ifeq ($(UNAME_M),x86_64) debug: CFLAGS += -fsanitize=address -fsanitize=undefined -fno-common @@ -300,7 +306,11 @@ windebug winrelease: LDFLAGS += \ -lws2_32 \ -lkernel32 \ -liphlpapi \ - -luserenv + -luserenv \ + -lssl \ + -lcrypto \ + -lws2_32 \ + -lcrypt32 androiddebug androidrelease: LDFLAGS += \ -ldl \ -lssl \ diff --git a/deps/openssl/android/arm64-v8a/usr/local/bin/c_rehash b/deps/openssl/android/arm64-v8a/usr/local/bin/c_rehash new file mode 100755 index 00000000..f226d613 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/bin/c_rehash @@ -0,0 +1,232 @@ +#!/usr/bin/env perl + +# WARNING: do not edit! +# Generated by Makefile from tools/c_rehash.in +# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Perl c_rehash script, scan all files in a directory +# and add symbolic links to their hash values. + +my $dir = ""; +my $prefix = ""; + +my $errorcount = 0; +my $openssl = $ENV{OPENSSL} || "openssl"; +my $pwd; +my $x509hash = "-subject_hash"; +my $crlhash = "-hash"; +my $verbose = 0; +my $symlink_exists=eval {symlink("",""); 1}; +my $removelinks = 1; + +## Parse flags. +while ( $ARGV[0] =~ /^-/ ) { + my $flag = shift @ARGV; + last if ( $flag eq '--'); + if ( $flag eq '-old') { + $x509hash = "-subject_hash_old"; + $crlhash = "-hash_old"; + } elsif ( $flag eq '-h' || $flag eq '-help' ) { + help(); + } elsif ( $flag eq '-n' ) { + $removelinks = 0; + } elsif ( $flag eq '-v' ) { + $verbose++; + } + else { + print STDERR "Usage error; try -h.\n"; + exit 1; + } +} + +sub help { + print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n"; + print " -old use old-style digest\n"; + print " -h or -help print this help text\n"; + print " -v print files removed and linked\n"; + exit 0; +} + +eval "require Cwd"; +if (defined(&Cwd::getcwd)) { + $pwd=Cwd::getcwd(); +} else { + $pwd=`pwd`; + chomp($pwd); +} + +# DOS/Win32 or Unix delimiter? Prefix our installdir, then search. +my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; +$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); + +if (! -x $openssl) { + my $found = 0; + foreach (split /$path_delim/, $ENV{PATH}) { + if (-x "$_/$openssl") { + $found = 1; + $openssl = "$_/$openssl"; + last; + } + } + if ($found == 0) { + print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; + exit 0; + } +} + +if (@ARGV) { + @dirlist = @ARGV; +} elsif ($ENV{SSL_CERT_DIR}) { + @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; +} else { + $dirlist[0] = "$dir/certs"; +} + +if (-d $dirlist[0]) { + chdir $dirlist[0]; + $openssl="$pwd/$openssl" if (!-x $openssl); + chdir $pwd; +} + +foreach (@dirlist) { + if (-d $_ ) { + if ( -w $_) { + hash_dir($_); + } else { + print "Skipping $_, can't write\n"; + $errorcount++; + } + } +} +exit($errorcount); + +sub hash_dir { + my %hashlist; + print "Doing $_[0]\n"; + chdir $_[0]; + opendir(DIR, "."); + my @flist = sort readdir(DIR); + closedir DIR; + if ( $removelinks ) { + # Delete any existing symbolic links + foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { + if (-l $_) { + print "unlink $_" if $verbose; + unlink $_ || warn "Can't unlink $_, $!\n"; + } + } + } + FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { + # Check to see if certificates and/or CRLs present. + my ($cert, $crl) = check_file($fname); + if (!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } + link_hash_cert($fname) if ($cert); + link_hash_crl($fname) if ($crl); + } +} + +sub check_file { + my ($is_cert, $is_crl) = (0,0); + my $fname = $_[0]; + open IN, $fname; + while() { + if (/^-----BEGIN (.*)-----/) { + my $hdr = $1; + if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { + $is_cert = 1; + last if ($is_crl); + } elsif ($hdr eq "X509 CRL") { + $is_crl = 1; + last if ($is_cert); + } + } + } + close IN; + return ($is_cert, $is_crl); +} + + +# Link a certificate to its subject name hash value, each hash is of +# the form . where n is an integer. If the hash value already exists +# then we need to up the value of n, unless its a duplicate in which +# case we skip the link. We check for duplicates by comparing the +# certificate fingerprints + +sub link_hash_cert { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if ($hashlist{"$hash.$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate certificate $fname\n"; + return; + } + $suffix++; + } + $hash .= ".$suffix"; + if ($symlink_exists) { + print "link $fname -> $hash\n" if $verbose; + symlink $fname, $hash || warn "Can't symlink, $!"; + } else { + print "copy $fname -> $hash\n" if $verbose; + if (open($in, "<", $fname)) { + if (open($out,">", $hash)) { + print $out $_ while (<$in>); + close $out; + } else { + warn "can't open $hash for write, $!"; + } + close $in; + } else { + warn "can't open $fname for read, $!"; + } + } + $hashlist{$hash} = $fprint; +} + +# Same as above except for a CRL. CRL links are of the form .r + +sub link_hash_crl { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.r$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if ($hashlist{"$hash.r$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate CRL $fname\n"; + return; + } + $suffix++; + } + $hash .= ".r$suffix"; + if ($symlink_exists) { + print "link $fname -> $hash\n" if $verbose; + symlink $fname, $hash || warn "Can't symlink, $!"; + } else { + print "cp $fname -> $hash\n" if $verbose; + system ("cp", $fname, $hash); + warn "Can't copy, $!" if ($? >> 8) != 0; + } + $hashlist{$hash} = $fprint; +} diff --git a/deps/openssl/android/arm64-v8a/usr/local/bin/openssl b/deps/openssl/android/arm64-v8a/usr/local/bin/openssl new file mode 100755 index 00000000..caf3541a Binary files /dev/null and b/deps/openssl/android/arm64-v8a/usr/local/bin/openssl differ diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/aes.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/aes.h new file mode 100644 index 00000000..245c552a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/aes.h @@ -0,0 +1,92 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_AES_H +# define HEADER_AES_H + +# include + +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define AES_ENCRYPT 1 +# define AES_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ +# define AES_MAXNR 14 +# define AES_BLOCK_SIZE 16 + +/* This should be a hidden type, but EVP requires that the size be known */ +struct aes_key_st { +# ifdef AES_LONG + unsigned long rd_key[4 * (AES_MAXNR + 1)]; +# else + unsigned int rd_key[4 * (AES_MAXNR + 1)]; +# endif + int rounds; +}; +typedef struct aes_key_st AES_KEY; + +const char *AES_options(void); + +int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); + +void AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void AES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key, const int enc); +void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num); +/* NB: the IV is _two_ blocks long */ +void AES_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +/* NB: the IV is _four_ blocks long */ +void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + const AES_KEY *key2, const unsigned char *ivec, + const int enc); + +int AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); +int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); + + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/asn1.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/asn1.h new file mode 100644 index 00000000..9522eec1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/asn1.h @@ -0,0 +1,886 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1_H +# define HEADER_ASN1_H + +# include +# include +# include +# include +# include +# include +# include + +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define V_ASN1_UNIVERSAL 0x00 +# define V_ASN1_APPLICATION 0x40 +# define V_ASN1_CONTEXT_SPECIFIC 0x80 +# define V_ASN1_PRIVATE 0xc0 + +# define V_ASN1_CONSTRUCTED 0x20 +# define V_ASN1_PRIMITIVE_TAG 0x1f +# define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG + +# define V_ASN1_APP_CHOOSE -2/* let the recipient choose */ +# define V_ASN1_OTHER -3/* used in ASN1_TYPE */ +# define V_ASN1_ANY -4/* used in ASN1 template code */ + +# define V_ASN1_UNDEF -1 +/* ASN.1 tag values */ +# define V_ASN1_EOC 0 +# define V_ASN1_BOOLEAN 1 /**/ +# define V_ASN1_INTEGER 2 +# define V_ASN1_BIT_STRING 3 +# define V_ASN1_OCTET_STRING 4 +# define V_ASN1_NULL 5 +# define V_ASN1_OBJECT 6 +# define V_ASN1_OBJECT_DESCRIPTOR 7 +# define V_ASN1_EXTERNAL 8 +# define V_ASN1_REAL 9 +# define V_ASN1_ENUMERATED 10 +# define V_ASN1_UTF8STRING 12 +# define V_ASN1_SEQUENCE 16 +# define V_ASN1_SET 17 +# define V_ASN1_NUMERICSTRING 18 /**/ +# define V_ASN1_PRINTABLESTRING 19 +# define V_ASN1_T61STRING 20 +# define V_ASN1_TELETEXSTRING 20/* alias */ +# define V_ASN1_VIDEOTEXSTRING 21 /**/ +# define V_ASN1_IA5STRING 22 +# define V_ASN1_UTCTIME 23 +# define V_ASN1_GENERALIZEDTIME 24 /**/ +# define V_ASN1_GRAPHICSTRING 25 /**/ +# define V_ASN1_ISO64STRING 26 /**/ +# define V_ASN1_VISIBLESTRING 26/* alias */ +# define V_ASN1_GENERALSTRING 27 /**/ +# define V_ASN1_UNIVERSALSTRING 28 /**/ +# define V_ASN1_BMPSTRING 30 + +/* + * NB the constants below are used internally by ASN1_INTEGER + * and ASN1_ENUMERATED to indicate the sign. They are *not* on + * the wire tag values. + */ + +# define V_ASN1_NEG 0x100 +# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) + +/* For use with d2i_ASN1_type_bytes() */ +# define B_ASN1_NUMERICSTRING 0x0001 +# define B_ASN1_PRINTABLESTRING 0x0002 +# define B_ASN1_T61STRING 0x0004 +# define B_ASN1_TELETEXSTRING 0x0004 +# define B_ASN1_VIDEOTEXSTRING 0x0008 +# define B_ASN1_IA5STRING 0x0010 +# define B_ASN1_GRAPHICSTRING 0x0020 +# define B_ASN1_ISO64STRING 0x0040 +# define B_ASN1_VISIBLESTRING 0x0040 +# define B_ASN1_GENERALSTRING 0x0080 +# define B_ASN1_UNIVERSALSTRING 0x0100 +# define B_ASN1_OCTET_STRING 0x0200 +# define B_ASN1_BIT_STRING 0x0400 +# define B_ASN1_BMPSTRING 0x0800 +# define B_ASN1_UNKNOWN 0x1000 +# define B_ASN1_UTF8STRING 0x2000 +# define B_ASN1_UTCTIME 0x4000 +# define B_ASN1_GENERALIZEDTIME 0x8000 +# define B_ASN1_SEQUENCE 0x10000 +/* For use with ASN1_mbstring_copy() */ +# define MBSTRING_FLAG 0x1000 +# define MBSTRING_UTF8 (MBSTRING_FLAG) +# define MBSTRING_ASC (MBSTRING_FLAG|1) +# define MBSTRING_BMP (MBSTRING_FLAG|2) +# define MBSTRING_UNIV (MBSTRING_FLAG|4) +# define SMIME_OLDMIME 0x400 +# define SMIME_CRLFEOL 0x800 +# define SMIME_STREAM 0x1000 + struct X509_algor_st; +DEFINE_STACK_OF(X509_ALGOR) + +# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ +/* + * This indicates that the ASN1_STRING is not a real value but just a place + * holder for the location where indefinite length constructed data should be + * inserted in the memory buffer + */ +# define ASN1_STRING_FLAG_NDEF 0x010 + +/* + * This flag is used by the CMS code to indicate that a string is not + * complete and is a place holder for content when it had all been accessed. + * The flag will be reset when content has been written to it. + */ + +# define ASN1_STRING_FLAG_CONT 0x020 +/* + * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +# define ASN1_STRING_FLAG_MSTRING 0x040 +/* String is embedded and only content should be freed */ +# define ASN1_STRING_FLAG_EMBED 0x080 +/* String should be parsed in RFC 5280's time format */ +# define ASN1_STRING_FLAG_X509_TIME 0x100 +/* This is the base type that holds just about everything :-) */ +struct asn1_string_st { + int length; + int type; + unsigned char *data; + /* + * The value of the following field depends on the type being held. It + * is mostly being used for BIT_STRING so if the input data has a + * non-zero 'unused bits' value, it will be handled correctly + */ + long flags; +}; + +/* + * ASN1_ENCODING structure: this is used to save the received encoding of an + * ASN1 type. This is useful to get round problems with invalid encodings + * which can break signatures. + */ + +typedef struct ASN1_ENCODING_st { + unsigned char *enc; /* DER encoding */ + long len; /* Length of encoding */ + int modified; /* set to 1 if 'enc' is invalid */ +} ASN1_ENCODING; + +/* Used with ASN1 LONG type: if a long is set to this it is omitted */ +# define ASN1_LONG_UNDEF 0x7fffffffL + +# define STABLE_FLAGS_MALLOC 0x01 +/* + * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted + * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting + * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias + * STABLE_FLAGS_CLEAR to reflect this. + */ +# define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC +# define STABLE_NO_MASK 0x02 +# define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) +# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) + +typedef struct asn1_string_table_st { + int nid; + long minsize; + long maxsize; + unsigned long mask; + unsigned long flags; +} ASN1_STRING_TABLE; + +DEFINE_STACK_OF(ASN1_STRING_TABLE) + +/* size limits: this stuff is taken straight from RFC2459 */ + +# define ub_name 32768 +# define ub_common_name 64 +# define ub_locality_name 128 +# define ub_state_name 128 +# define ub_organization_name 64 +# define ub_organization_unit_name 64 +# define ub_title 64 +# define ub_email_address 128 + +/* + * Declarations for template structures: for full definitions see asn1t.h + */ +typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; +typedef struct ASN1_TLC_st ASN1_TLC; +/* This is just an opaque pointer */ +typedef struct ASN1_VALUE_st ASN1_VALUE; + +/* Declare ASN1 functions: the implement macro in in asn1t.h */ + +# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) + +# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(itname) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(const type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(name) + +# define DECLARE_ASN1_NDEF_FUNCTION(name) \ + int i2d_##name##_NDEF(name *a, unsigned char **out); + +# define DECLARE_ASN1_FUNCTIONS_const(name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + type *name##_new(void); \ + void name##_free(type *a); + +# define DECLARE_ASN1_PRINT_FUNCTION(stname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) + +# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx); + +# define D2I_OF(type) type *(*)(type **,const unsigned char **,long) +# define I2D_OF(type) int (*)(type *,unsigned char **) +# define I2D_OF_const(type) int (*)(const type *,unsigned char **) + +# define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) +# define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) +# define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) +# define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +# define CHECKED_PPTR_OF(type, p) \ + ((void**) (1 ? p : (type**)0)) + +# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) +# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) +# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) + +TYPEDEF_D2I2D_OF(void); + +/*- + * The following macros and typedefs allow an ASN1_ITEM + * to be embedded in a structure and referenced. Since + * the ASN1_ITEM pointers need to be globally accessible + * (possibly from shared libraries) they may exist in + * different forms. On platforms that support it the + * ASN1_ITEM structure itself will be globally exported. + * Other platforms will export a function that returns + * an ASN1_ITEM pointer. + * + * To handle both cases transparently the macros below + * should be used instead of hard coding an ASN1_ITEM + * pointer in a structure. + * + * The structure will look like this: + * + * typedef struct SOMETHING_st { + * ... + * ASN1_ITEM_EXP *iptr; + * ... + * } SOMETHING; + * + * It would be initialised as e.g.: + * + * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...}; + * + * and the actual pointer extracted with: + * + * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr); + * + * Finally an ASN1_ITEM pointer can be extracted from an + * appropriate reference with: ASN1_ITEM_rptr(X509). This + * would be used when a function takes an ASN1_ITEM * argument. + * + */ + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM ASN1_ITEM_EXP; + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +# define ASN1_ITEM_ptr(iptr) (iptr) + +/* Macro to include ASN1_ITEM pointer from base type */ +# define ASN1_ITEM_ref(iptr) (&(iptr##_it)) + +# define ASN1_ITEM_rptr(ref) (&(ref##_it)) + +# define DECLARE_ASN1_ITEM(name) \ + OPENSSL_EXTERN const ASN1_ITEM name##_it; + +# else + +/* + * Platforms that can't easily handle shared global variables are declared as + * functions returning ASN1_ITEM pointers. + */ + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +# define ASN1_ITEM_ptr(iptr) (iptr()) + +/* Macro to include ASN1_ITEM pointer from base type */ +# define ASN1_ITEM_ref(iptr) (iptr##_it) + +# define ASN1_ITEM_rptr(ref) (ref##_it()) + +# define DECLARE_ASN1_ITEM(name) \ + const ASN1_ITEM * name##_it(void); + +# endif + +/* Parameters used by ASN1_STRING_print_ex() */ + +/* + * These determine which characters to escape: RFC2253 special characters, + * control characters and MSB set characters + */ + +# define ASN1_STRFLGS_ESC_2253 1 +# define ASN1_STRFLGS_ESC_CTRL 2 +# define ASN1_STRFLGS_ESC_MSB 4 + +/* + * This flag determines how we do escaping: normally RC2253 backslash only, + * set this to use backslash and quote. + */ + +# define ASN1_STRFLGS_ESC_QUOTE 8 + +/* These three flags are internal use only. */ + +/* Character is a valid PrintableString character */ +# define CHARTYPE_PRINTABLESTRING 0x10 +/* Character needs escaping if it is the first character */ +# define CHARTYPE_FIRST_ESC_2253 0x20 +/* Character needs escaping if it is the last character */ +# define CHARTYPE_LAST_ESC_2253 0x40 + +/* + * NB the internal flags are safely reused below by flags handled at the top + * level. + */ + +/* + * If this is set we convert all character strings to UTF8 first + */ + +# define ASN1_STRFLGS_UTF8_CONVERT 0x10 + +/* + * If this is set we don't attempt to interpret content: just assume all + * strings are 1 byte per character. This will produce some pretty odd + * looking output! + */ + +# define ASN1_STRFLGS_IGNORE_TYPE 0x20 + +/* If this is set we include the string type in the output */ +# define ASN1_STRFLGS_SHOW_TYPE 0x40 + +/* + * This determines which strings to display and which to 'dump' (hex dump of + * content octets or DER encoding). We can only dump non character strings or + * everything. If we don't dump 'unknown' they are interpreted as character + * strings with 1 octet per character and are subject to the usual escaping + * options. + */ + +# define ASN1_STRFLGS_DUMP_ALL 0x80 +# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 + +/* + * These determine what 'dumping' does, we can dump the content octets or the + * DER encoding: both use the RFC2253 #XXXXX notation. + */ + +# define ASN1_STRFLGS_DUMP_DER 0x200 + +/* + * This flag specifies that RC2254 escaping shall be performed. + */ +#define ASN1_STRFLGS_ESC_2254 0x400 + +/* + * All the string flags consistent with RFC2253, escaping control characters + * isn't essential in RFC2253 but it is advisable anyway. + */ + +# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | \ + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) + +DEFINE_STACK_OF(ASN1_INTEGER) + +DEFINE_STACK_OF(ASN1_GENERALSTRING) + +DEFINE_STACK_OF(ASN1_UTF8STRING) + +typedef struct asn1_type_st { + int type; + union { + char *ptr; + ASN1_BOOLEAN boolean; + ASN1_STRING *asn1_string; + ASN1_OBJECT *object; + ASN1_INTEGER *integer; + ASN1_ENUMERATED *enumerated; + ASN1_BIT_STRING *bit_string; + ASN1_OCTET_STRING *octet_string; + ASN1_PRINTABLESTRING *printablestring; + ASN1_T61STRING *t61string; + ASN1_IA5STRING *ia5string; + ASN1_GENERALSTRING *generalstring; + ASN1_BMPSTRING *bmpstring; + ASN1_UNIVERSALSTRING *universalstring; + ASN1_UTCTIME *utctime; + ASN1_GENERALIZEDTIME *generalizedtime; + ASN1_VISIBLESTRING *visiblestring; + ASN1_UTF8STRING *utf8string; + /* + * set and sequence are left complete and still contain the set or + * sequence bytes + */ + ASN1_STRING *set; + ASN1_STRING *sequence; + ASN1_VALUE *asn1_value; + } value; +} ASN1_TYPE; + +DEFINE_STACK_OF(ASN1_TYPE) + +typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) + +/* This is used to contain a list of bit names */ +typedef struct BIT_STRING_BITNAME_st { + int bitnum; + const char *lname; + const char *sname; +} BIT_STRING_BITNAME; + +# define B_ASN1_TIME \ + B_ASN1_UTCTIME | \ + B_ASN1_GENERALIZEDTIME + +# define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING| \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_T61STRING| \ + B_ASN1_IA5STRING| \ + B_ASN1_BIT_STRING| \ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING|\ + B_ASN1_SEQUENCE|\ + B_ASN1_UNKNOWN + +# define B_ASN1_DIRECTORYSTRING \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_TELETEXSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_UTF8STRING + +# define B_ASN1_DISPLAYTEXT \ + B_ASN1_IA5STRING| \ + B_ASN1_VISIBLESTRING| \ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING + +DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) + +int ASN1_TYPE_get(const ASN1_TYPE *a); +void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); + +ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t); +void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); + +ASN1_OBJECT *ASN1_OBJECT_new(void); +void ASN1_OBJECT_free(ASN1_OBJECT *a); +int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp); +ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long length); + +DECLARE_ASN1_ITEM(ASN1_OBJECT) + +DEFINE_STACK_OF(ASN1_OBJECT) + +ASN1_STRING *ASN1_STRING_new(void); +void ASN1_STRING_free(ASN1_STRING *a); +void ASN1_STRING_clear_free(ASN1_STRING *a); +int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); +ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); +ASN1_STRING *ASN1_STRING_type_new(int type); +int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); + /* + * Since this is used to store all sorts of things, via macros, for now, + * make its data void * + */ +int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); +int ASN1_STRING_length(const ASN1_STRING *x); +void ASN1_STRING_length_set(ASN1_STRING *x, int n); +int ASN1_STRING_type(const ASN1_STRING *x); +DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x)) +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); + +DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) +int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); +int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); +int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); +int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, + const unsigned char *flags, int flags_len); + +int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent); +int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); +int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, + BIT_STRING_BITNAME *tbl); + +DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); +ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x); +int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); + +DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) + +int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); +ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); + +int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + time_t t); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, + long offset_sec); +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); + +int ASN1_TIME_diff(int *pday, int *psec, + const ASN1_TIME *from, const ASN1_TIME *to); + +DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) +ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a); +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, + const ASN1_OCTET_STRING *b); +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, + int len); + +DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_NULL) +DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING) + +int UTF8_getc(const unsigned char *str, int len, unsigned long *val); +int UTF8_putc(unsigned char *str, int len, unsigned long value); + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT) +DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_TIME) + +DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) + +ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_TIME_check(const ASN1_TIME *t); +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, + ASN1_GENERALIZEDTIME **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); +int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +int ASN1_TIME_normalize(ASN1_TIME *s); +int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); +int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); + +int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); +int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); +int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); +int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); +int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); +int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); +int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); +int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); + +int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); +ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, + const char *sn, const char *ln); + +int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); + +int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); +long ASN1_INTEGER_get(const ASN1_INTEGER *a); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); + +int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); +int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); + + +int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); + +/* General */ +/* given a string, return the correct type, max is the maximum length */ +int ASN1_PRINTABLE_type(const unsigned char *s, int max); + +unsigned long ASN1_tag2bit(int tag); + +/* SPECIALS */ +int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax); +int ASN1_check_infinite_end(unsigned char **p, long len); +int ASN1_const_check_infinite_end(const unsigned char **p, long len); +void ASN1_put_object(unsigned char **pp, int constructed, int length, + int tag, int xclass); +int ASN1_put_eoc(unsigned char **pp); +int ASN1_object_size(int constructed, int length, int tag); + +/* Used to implement other functions */ +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x); + +# define ASN1_dup_of(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_dup_of_const(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(const type, x))) + +void *ASN1_item_dup(const ASN1_ITEM *it, void *x); + +/* ASN1 alloc/free macros for when a type is only used internally */ + +# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) +# define M_ASN1_free_of(x, type) \ + ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) + +# ifndef OPENSSL_NO_STDIO +void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); + +# define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); +int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x); + +# define ASN1_i2d_fp_of(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_i2d_fp_of_const(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); +int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); +# endif + +int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); + +void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); + +# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); +int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x); + +# define ASN1_i2d_bio_of(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_i2d_bio_of_const(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); +int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); +int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); +int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); +int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); +int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off); +int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off); +int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); +int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, + int dump); +const char *ASN1_tag2str(int tag); + +/* Used to load and write Netscape format cert */ + +int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); + +int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); +int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len); +int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, + unsigned char *data, int len); +int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len); + +void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); + +ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, + ASN1_OCTET_STRING **oct); + +void ASN1_STRING_set_default_mask(unsigned long mask); +int ASN1_STRING_set_default_mask_asc(const char *p); +unsigned long ASN1_STRING_get_default_mask(void); +int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask); +int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask, + long minsize, long maxsize); + +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + const unsigned char *in, int inlen, + int inform, int nid); +ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); +int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); +void ASN1_STRING_TABLE_cleanup(void); + +/* ASN1 template functions */ + +/* Old API compatible functions */ +ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); +void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); +ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it); +int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); +int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it); + +void ASN1_add_oid_module(void); +void ASN1_add_stable_module(void); + +ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); +int ASN1_str2mask(const char *str, unsigned long *pmask); + +/* ASN1 Print flags */ + +/* Indicate missing OPTIONAL fields */ +# define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +/* Mark start and end of SEQUENCE */ +# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +/* Mark start and end of SEQUENCE/SET OF */ +# define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +/* Show the ASN1 type of primitives */ +# define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +/* Don't show ASN1 type of ANY */ +# define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +/* Don't show ASN1 type of MSTRINGs */ +# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +/* Don't show field names in SEQUENCE */ +# define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +/* Show structure names of each SEQUENCE field */ +# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +/* Don't show structure name even at top level */ +# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 + +int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx); +ASN1_PCTX *ASN1_PCTX_new(void); +void ASN1_PCTX_free(ASN1_PCTX *p); +unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); + +ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)); +void ASN1_SCTX_free(ASN1_SCTX *p); +const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p); +const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p); +unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p); +void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data); +void *ASN1_SCTX_get_app_data(ASN1_SCTX *p); + +const BIO_METHOD *BIO_f_asn1(void); + +BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); + +int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it); +int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const char *hdr, const ASN1_ITEM *it); +int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); +int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +int SMIME_text(BIO *in, BIO *out); + +const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); +const ASN1_ITEM *ASN1_ITEM_get(size_t i); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/asn1_mac.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/asn1_mac.h new file mode 100644 index 00000000..7ac1782a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/asn1_mac.h @@ -0,0 +1,10 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#error "This file is obsolete; please update your software." diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/asn1err.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/asn1err.h new file mode 100644 index 00000000..faed5a55 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/asn1err.h @@ -0,0 +1,256 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1ERR_H +# define HEADER_ASN1ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASN1_strings(void); + +/* + * ASN1 function codes. + */ +# define ASN1_F_A2D_ASN1_OBJECT 100 +# define ASN1_F_A2I_ASN1_INTEGER 102 +# define ASN1_F_A2I_ASN1_STRING 103 +# define ASN1_F_APPEND_EXP 176 +# define ASN1_F_ASN1_BIO_INIT 113 +# define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 +# define ASN1_F_ASN1_CB 177 +# define ASN1_F_ASN1_CHECK_TLEN 104 +# define ASN1_F_ASN1_COLLECT 106 +# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 +# define ASN1_F_ASN1_D2I_FP 109 +# define ASN1_F_ASN1_D2I_READ_BIO 107 +# define ASN1_F_ASN1_DIGEST 184 +# define ASN1_F_ASN1_DO_ADB 110 +# define ASN1_F_ASN1_DO_LOCK 233 +# define ASN1_F_ASN1_DUP 111 +# define ASN1_F_ASN1_ENC_SAVE 115 +# define ASN1_F_ASN1_EX_C2I 204 +# define ASN1_F_ASN1_FIND_END 190 +# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 +# define ASN1_F_ASN1_GENERATE_V3 178 +# define ASN1_F_ASN1_GET_INT64 224 +# define ASN1_F_ASN1_GET_OBJECT 114 +# define ASN1_F_ASN1_GET_UINT64 225 +# define ASN1_F_ASN1_I2D_BIO 116 +# define ASN1_F_ASN1_I2D_FP 117 +# define ASN1_F_ASN1_ITEM_D2I_FP 206 +# define ASN1_F_ASN1_ITEM_DUP 191 +# define ASN1_F_ASN1_ITEM_EMBED_D2I 120 +# define ASN1_F_ASN1_ITEM_EMBED_NEW 121 +# define ASN1_F_ASN1_ITEM_FLAGS_I2D 118 +# define ASN1_F_ASN1_ITEM_I2D_BIO 192 +# define ASN1_F_ASN1_ITEM_I2D_FP 193 +# define ASN1_F_ASN1_ITEM_PACK 198 +# define ASN1_F_ASN1_ITEM_SIGN 195 +# define ASN1_F_ASN1_ITEM_SIGN_CTX 220 +# define ASN1_F_ASN1_ITEM_UNPACK 199 +# define ASN1_F_ASN1_ITEM_VERIFY 197 +# define ASN1_F_ASN1_MBSTRING_NCOPY 122 +# define ASN1_F_ASN1_OBJECT_NEW 123 +# define ASN1_F_ASN1_OUTPUT_DATA 214 +# define ASN1_F_ASN1_PCTX_NEW 205 +# define ASN1_F_ASN1_PRIMITIVE_NEW 119 +# define ASN1_F_ASN1_SCTX_NEW 221 +# define ASN1_F_ASN1_SIGN 128 +# define ASN1_F_ASN1_STR2TYPE 179 +# define ASN1_F_ASN1_STRING_GET_INT64 227 +# define ASN1_F_ASN1_STRING_GET_UINT64 230 +# define ASN1_F_ASN1_STRING_SET 186 +# define ASN1_F_ASN1_STRING_TABLE_ADD 129 +# define ASN1_F_ASN1_STRING_TO_BN 228 +# define ASN1_F_ASN1_STRING_TYPE_NEW 130 +# define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 +# define ASN1_F_ASN1_TEMPLATE_NEW 133 +# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 +# define ASN1_F_ASN1_TIME_ADJ 217 +# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 +# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 +# define ASN1_F_ASN1_UTCTIME_ADJ 218 +# define ASN1_F_ASN1_VERIFY 137 +# define ASN1_F_B64_READ_ASN1 209 +# define ASN1_F_B64_WRITE_ASN1 210 +# define ASN1_F_BIO_NEW_NDEF 208 +# define ASN1_F_BITSTR_CB 180 +# define ASN1_F_BN_TO_ASN1_STRING 229 +# define ASN1_F_C2I_ASN1_BIT_STRING 189 +# define ASN1_F_C2I_ASN1_INTEGER 194 +# define ASN1_F_C2I_ASN1_OBJECT 196 +# define ASN1_F_C2I_IBUF 226 +# define ASN1_F_C2I_UINT64_INT 101 +# define ASN1_F_COLLECT_DATA 140 +# define ASN1_F_D2I_ASN1_OBJECT 147 +# define ASN1_F_D2I_ASN1_UINTEGER 150 +# define ASN1_F_D2I_AUTOPRIVATEKEY 207 +# define ASN1_F_D2I_PRIVATEKEY 154 +# define ASN1_F_D2I_PUBLICKEY 155 +# define ASN1_F_DO_BUF 142 +# define ASN1_F_DO_CREATE 124 +# define ASN1_F_DO_DUMP 125 +# define ASN1_F_DO_TCREATE 222 +# define ASN1_F_I2A_ASN1_OBJECT 126 +# define ASN1_F_I2D_ASN1_BIO_STREAM 211 +# define ASN1_F_I2D_ASN1_OBJECT 143 +# define ASN1_F_I2D_DSA_PUBKEY 161 +# define ASN1_F_I2D_EC_PUBKEY 181 +# define ASN1_F_I2D_PRIVATEKEY 163 +# define ASN1_F_I2D_PUBLICKEY 164 +# define ASN1_F_I2D_RSA_PUBKEY 165 +# define ASN1_F_LONG_C2I 166 +# define ASN1_F_NDEF_PREFIX 127 +# define ASN1_F_NDEF_SUFFIX 136 +# define ASN1_F_OID_MODULE_INIT 174 +# define ASN1_F_PARSE_TAGGING 182 +# define ASN1_F_PKCS5_PBE2_SET_IV 167 +# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 231 +# define ASN1_F_PKCS5_PBE_SET 202 +# define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 +# define ASN1_F_PKCS5_PBKDF2_SET 219 +# define ASN1_F_PKCS5_SCRYPT_SET 232 +# define ASN1_F_SMIME_READ_ASN1 212 +# define ASN1_F_SMIME_TEXT 213 +# define ASN1_F_STABLE_GET 138 +# define ASN1_F_STBL_MODULE_INIT 223 +# define ASN1_F_UINT32_C2I 105 +# define ASN1_F_UINT32_NEW 139 +# define ASN1_F_UINT64_C2I 112 +# define ASN1_F_UINT64_NEW 141 +# define ASN1_F_X509_CRL_ADD0_REVOKED 169 +# define ASN1_F_X509_INFO_NEW 170 +# define ASN1_F_X509_NAME_ENCODE 203 +# define ASN1_F_X509_NAME_EX_D2I 158 +# define ASN1_F_X509_NAME_EX_NEW 171 +# define ASN1_F_X509_PKEY_NEW 173 + +/* + * ASN1 reason codes. + */ +# define ASN1_R_ADDING_OBJECT 171 +# define ASN1_R_ASN1_PARSE_ERROR 203 +# define ASN1_R_ASN1_SIG_PARSE_ERROR 204 +# define ASN1_R_AUX_ERROR 100 +# define ASN1_R_BAD_OBJECT_HEADER 102 +# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 +# define ASN1_R_BN_LIB 105 +# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +# define ASN1_R_BUFFER_TOO_SMALL 107 +# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +# define ASN1_R_CONTEXT_NOT_INITIALISED 217 +# define ASN1_R_DATA_IS_WRONG 109 +# define ASN1_R_DECODE_ERROR 110 +# define ASN1_R_DEPTH_EXCEEDED 174 +# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 +# define ASN1_R_ENCODE_ERROR 112 +# define ASN1_R_ERROR_GETTING_TIME 173 +# define ASN1_R_ERROR_LOADING_SECTION 172 +# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 +# define ASN1_R_EXPECTING_AN_INTEGER 115 +# define ASN1_R_EXPECTING_AN_OBJECT 116 +# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 +# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 +# define ASN1_R_FIELD_MISSING 121 +# define ASN1_R_FIRST_NUM_TOO_LARGE 122 +# define ASN1_R_HEADER_TOO_LONG 123 +# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +# define ASN1_R_ILLEGAL_BOOLEAN 176 +# define ASN1_R_ILLEGAL_CHARACTERS 124 +# define ASN1_R_ILLEGAL_FORMAT 177 +# define ASN1_R_ILLEGAL_HEX 178 +# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +# define ASN1_R_ILLEGAL_INTEGER 180 +# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 +# define ASN1_R_ILLEGAL_NESTED_TAGGING 181 +# define ASN1_R_ILLEGAL_NULL 125 +# define ASN1_R_ILLEGAL_NULL_VALUE 182 +# define ASN1_R_ILLEGAL_OBJECT 183 +# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 +# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +# define ASN1_R_ILLEGAL_PADDING 221 +# define ASN1_R_ILLEGAL_TAGGED_ANY 127 +# define ASN1_R_ILLEGAL_TIME_VALUE 184 +# define ASN1_R_ILLEGAL_ZERO_CONTENT 222 +# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 +# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 +# define ASN1_R_INVALID_BMPSTRING_LENGTH 129 +# define ASN1_R_INVALID_DIGIT 130 +# define ASN1_R_INVALID_MIME_TYPE 205 +# define ASN1_R_INVALID_MODIFIER 186 +# define ASN1_R_INVALID_NUMBER 187 +# define ASN1_R_INVALID_OBJECT_ENCODING 216 +# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 +# define ASN1_R_INVALID_SEPARATOR 131 +# define ASN1_R_INVALID_STRING_TABLE_VALUE 218 +# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 +# define ASN1_R_INVALID_UTF8STRING 134 +# define ASN1_R_INVALID_VALUE 219 +# define ASN1_R_LIST_ERROR 188 +# define ASN1_R_MIME_NO_CONTENT_TYPE 206 +# define ASN1_R_MIME_PARSE_ERROR 207 +# define ASN1_R_MIME_SIG_PARSE_ERROR 208 +# define ASN1_R_MISSING_EOC 137 +# define ASN1_R_MISSING_SECOND_NUMBER 138 +# define ASN1_R_MISSING_VALUE 189 +# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 +# define ASN1_R_MSTRING_WRONG_TAG 140 +# define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 201 +# define ASN1_R_NON_HEX_CHARACTERS 141 +# define ASN1_R_NOT_ASCII_FORMAT 190 +# define ASN1_R_NOT_ENOUGH_DATA 142 +# define ASN1_R_NO_CONTENT_TYPE 209 +# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +# define ASN1_R_NO_MULTIPART_BOUNDARY 211 +# define ASN1_R_NO_SIG_CONTENT_TYPE 212 +# define ASN1_R_NULL_IS_WRONG_LENGTH 144 +# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 +# define ASN1_R_ODD_NUMBER_OF_CHARS 145 +# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 +# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 +# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 +# define ASN1_R_SHORT_LINE 150 +# define ASN1_R_SIG_INVALID_MIME_TYPE 213 +# define ASN1_R_STREAMING_NOT_SUPPORTED 202 +# define ASN1_R_STRING_TOO_LONG 151 +# define ASN1_R_STRING_TOO_SHORT 152 +# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +# define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +# define ASN1_R_TOO_LARGE 223 +# define ASN1_R_TOO_LONG 155 +# define ASN1_R_TOO_SMALL 224 +# define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +# define ASN1_R_TYPE_NOT_PRIMITIVE 195 +# define ASN1_R_UNEXPECTED_EOC 159 +# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 +# define ASN1_R_UNKNOWN_FORMAT 160 +# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 +# define ASN1_R_UNKNOWN_OBJECT_TYPE 162 +# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 +# define ASN1_R_UNKNOWN_TAG 194 +# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +# define ASN1_R_UNSUPPORTED_CIPHER 228 +# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +# define ASN1_R_UNSUPPORTED_TYPE 196 +# define ASN1_R_WRONG_INTEGER_TYPE 225 +# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 +# define ASN1_R_WRONG_TAG 168 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/asn1t.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/asn1t.h new file mode 100644 index 00000000..a450ba0d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/asn1t.h @@ -0,0 +1,945 @@ +/* + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1T_H +# define HEADER_ASN1T_H + +# include +# include +# include + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +/* ASN1 template defines, structures and functions */ + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr)) + +/* Macros for start and end of ASN1_ITEM definition */ + +# define ASN1_ITEM_start(itname) \ + const ASN1_ITEM itname##_it = { + +# define static_ASN1_ITEM_start(itname) \ + static const ASN1_ITEM itname##_it = { + +# define ASN1_ITEM_end(itname) \ + }; + +# else + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)())) + +/* Macros for start and end of ASN1_ITEM definition */ + +# define ASN1_ITEM_start(itname) \ + const ASN1_ITEM * itname##_it(void) \ + { \ + static const ASN1_ITEM local_it = { + +# define static_ASN1_ITEM_start(itname) \ + static ASN1_ITEM_start(itname) + +# define ASN1_ITEM_end(itname) \ + }; \ + return &local_it; \ + } + +# endif + +/* Macros to aid ASN1 template writing */ + +# define ASN1_ITEM_TEMPLATE(tname) \ + static const ASN1_TEMPLATE tname##_item_tt + +# define ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) + +/* This is a ASN1 type which just embeds a template */ + +/*- + * This pair helps declare a SEQUENCE. We can do: + * + * ASN1_SEQUENCE(stname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END(stname) + * + * This will produce an ASN1_ITEM called stname_it + * for a structure called stname. + * + * If you want the same structure but a different + * name then use: + * + * ASN1_SEQUENCE(itname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END_name(stname, itname) + * + * This will create an item called itname_it using + * a structure called stname. + */ + +# define ASN1_SEQUENCE(tname) \ + static const ASN1_TEMPLATE tname##_seq_tt[] + +# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) + +# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) + +# define ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + +# define ASN1_SEQUENCE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_BROKEN_SEQUENCE(tname) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_ref(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_enc(tname, enc, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) + +# define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) +# define static_ASN1_BROKEN_SEQUENCE_END(stname) \ + static_ASN1_SEQUENCE_END_ref(stname, stname) + +# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/*- + * This pair helps declare a CHOICE type. We can do: + * + * ASN1_CHOICE(chname) = { + * ... CHOICE options ... + * ASN1_CHOICE_END(chname) + * + * This will produce an ASN1_ITEM called chname_it + * for a structure called chname. The structure + * definition must look like this: + * typedef struct { + * int type; + * union { + * ASN1_SOMETHING *opt1; + * ASN1_SOMEOTHER *opt2; + * } value; + * } chname; + * + * the name of the selector must be 'type'. + * to use an alternative selector name use the + * ASN1_CHOICE_END_selector() version. + */ + +# define ASN1_CHOICE(tname) \ + static const ASN1_TEMPLATE tname##_ch_tt[] + +# define ASN1_CHOICE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_CHOICE(tname) + +# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) + +# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) + +# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) + +# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) + +# define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/* This helps with the template wrapper form of ASN1_ITEM */ + +# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ + (flags), (tag), 0,\ + #name, ASN1_ITEM_ref(type) } + +/* These help with SEQUENCE or CHOICE components */ + +/* used to declare other types */ + +# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ + (flags), (tag), offsetof(stname, field),\ + #field, ASN1_ITEM_ref(type) } + +/* implicit and explicit helper macros */ + +# define ASN1_IMP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type) + +# define ASN1_EXP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type) + +/* Any defined by macros: the field used is in the table itself */ + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +# else +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } +# endif +/* Plain simple type */ +# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) +/* Embedded simple type */ +# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type) + +/* OPTIONAL simple type */ +# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) +# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type) + +/* IMPLICIT tagged simple type */ +# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) +# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) + +/* IMPLICIT tagged OPTIONAL simple type */ +# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* Same as above but EXPLICIT */ + +# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) +# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) +# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* SEQUENCE OF type */ +# define ASN1_SEQUENCE_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) + +/* OPTIONAL SEQUENCE OF */ +# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Same as above but for SET OF */ + +# define ASN1_SET_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) + +# define ASN1_SET_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ + +# define ASN1_IMP_SET_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_EXP_SET_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +/* EXPLICIT using indefinite length constructed form */ +# define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) + +/* EXPLICIT OPTIONAL using indefinite length constructed form */ +# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) + +/* Macros for the ASN1_ADB structure */ + +# define ASN1_ADB(name) \ + static const ASN1_ADB_TABLE name##_adbtbl[] + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ + ;\ + static const ASN1_ADB name##_adb = {\ + flags,\ + offsetof(name, field),\ + adb_cb,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + } + +# else + +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ + ;\ + static const ASN1_ITEM *name##_adb(void) \ + { \ + static const ASN1_ADB internal_adb = \ + {\ + flags,\ + offsetof(name, field),\ + adb_cb,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + }; \ + return (const ASN1_ITEM *) &internal_adb; \ + } \ + void dummy_function(void) + +# endif + +# define ADB_ENTRY(val, template) {val, template} + +# define ASN1_ADB_TEMPLATE(name) \ + static const ASN1_TEMPLATE name##_tt + +/* + * This is the ASN1 template structure that defines a wrapper round the + * actual type. It determines the actual position of the field in the value + * structure, various flags such as OPTIONAL and the field name. + */ + +struct ASN1_TEMPLATE_st { + unsigned long flags; /* Various flags */ + long tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ + const char *field_name; /* Field name */ + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ +}; + +/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ + +# define ASN1_TEMPLATE_item(t) (t->item_ptr) +# define ASN1_TEMPLATE_adb(t) (t->item_ptr) + +typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE; +typedef struct ASN1_ADB_st ASN1_ADB; + +struct ASN1_ADB_st { + unsigned long flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ + int (*adb_cb)(long *psel); /* Application callback */ + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ + const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ + const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ +}; + +struct ASN1_ADB_TABLE_st { + long value; /* NID for an object or value for an int */ + const ASN1_TEMPLATE tt; /* item for this value */ +}; + +/* template flags */ + +/* Field is optional */ +# define ASN1_TFLG_OPTIONAL (0x1) + +/* Field is a SET OF */ +# define ASN1_TFLG_SET_OF (0x1 << 1) + +/* Field is a SEQUENCE OF */ +# define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) + +/* + * Special case: this refers to a SET OF that will be sorted into DER order + * when encoded *and* the corresponding STACK will be modified to match the + * new order. + */ +# define ASN1_TFLG_SET_ORDER (0x3 << 1) + +/* Mask for SET OF or SEQUENCE OF */ +# define ASN1_TFLG_SK_MASK (0x3 << 1) + +/* + * These flags mean the tag should be taken from the tag field. If EXPLICIT + * then the underlying type is used for the inner tag. + */ + +/* IMPLICIT tagging */ +# define ASN1_TFLG_IMPTAG (0x1 << 3) + +/* EXPLICIT tagging, inner tag from underlying type */ +# define ASN1_TFLG_EXPTAG (0x2 << 3) + +# define ASN1_TFLG_TAG_MASK (0x3 << 3) + +/* context specific IMPLICIT */ +# define ASN1_TFLG_IMPLICIT (ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT) + +/* context specific EXPLICIT */ +# define ASN1_TFLG_EXPLICIT (ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT) + +/* + * If tagging is in force these determine the type of tag to use. Otherwise + * the tag is determined by the underlying type. These values reflect the + * actual octet format. + */ + +/* Universal tag */ +# define ASN1_TFLG_UNIVERSAL (0x0<<6) +/* Application tag */ +# define ASN1_TFLG_APPLICATION (0x1<<6) +/* Context specific tag */ +# define ASN1_TFLG_CONTEXT (0x2<<6) +/* Private tag */ +# define ASN1_TFLG_PRIVATE (0x3<<6) + +# define ASN1_TFLG_TAG_CLASS (0x3<<6) + +/* + * These are for ANY DEFINED BY type. In this case the 'item' field points to + * an ASN1_ADB structure which contains a table of values to decode the + * relevant type + */ + +# define ASN1_TFLG_ADB_MASK (0x3<<8) + +# define ASN1_TFLG_ADB_OID (0x1<<8) + +# define ASN1_TFLG_ADB_INT (0x1<<9) + +/* + * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes + * indefinite length constructed encoding to be used if required. + */ + +# define ASN1_TFLG_NDEF (0x1<<11) + +/* Field is embedded and not a pointer */ +# define ASN1_TFLG_EMBED (0x1 << 12) + +/* This is the actual ASN1 item itself */ + +struct ASN1_ITEM_st { + char itype; /* The item type, primitive, SEQUENCE, CHOICE + * or extern */ + long utype; /* underlying type */ + const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains + * the contents */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* functions that handle this type */ + long size; /* Structure size (usually) */ + const char *sname; /* Structure name */ +}; + +/*- + * These are values for the itype field and + * determine how the type is interpreted. + * + * For PRIMITIVE types the underlying type + * determines the behaviour if items is NULL. + * + * Otherwise templates must contain a single + * template and the type is treated in the + * same way as the type specified in the template. + * + * For SEQUENCE types the templates field points + * to the members, the size field is the + * structure size. + * + * For CHOICE types the templates field points + * to each possible member (typically a union) + * and the 'size' field is the offset of the + * selector. + * + * The 'funcs' field is used for application + * specific functions. + * + * The EXTERN type uses a new style d2i/i2d. + * The new style should be used where possible + * because it avoids things like the d2i IMPLICIT + * hack. + * + * MSTRING is a multiple string type, it is used + * for a CHOICE of character strings where the + * actual strings all occupy an ASN1_STRING + * structure. In this case the 'utype' field + * has a special meaning, it is used as a mask + * of acceptable types using the B_ASN1 constants. + * + * NDEF_SEQUENCE is the same as SEQUENCE except + * that it will use indefinite length constructed + * encoding if requested. + * + */ + +# define ASN1_ITYPE_PRIMITIVE 0x0 + +# define ASN1_ITYPE_SEQUENCE 0x1 + +# define ASN1_ITYPE_CHOICE 0x2 + +# define ASN1_ITYPE_EXTERN 0x4 + +# define ASN1_ITYPE_MSTRING 0x5 + +# define ASN1_ITYPE_NDEF_SEQUENCE 0x6 + +/* + * Cache for ASN1 tag and length, so we don't keep re-reading it for things + * like CHOICE + */ + +struct ASN1_TLC_st { + char valid; /* Values below are valid */ + int ret; /* return value */ + long plen; /* length */ + int ptag; /* class value */ + int pclass; /* class value */ + int hdrlen; /* header length */ +}; + +/* Typedefs for ASN1 function pointers */ +typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); +typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + +typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, + int indent, const char *fname, + const ASN1_PCTX *pctx); + +typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, + int *putype, const ASN1_ITEM *it); +typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, + int len, int utype, char *free_cont, + const ASN1_ITEM *it); +typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, + const ASN1_ITEM *it, int indent, + const ASN1_PCTX *pctx); + +typedef struct ASN1_EXTERN_FUNCS_st { + void *app_data; + ASN1_ex_new_func *asn1_ex_new; + ASN1_ex_free_func *asn1_ex_free; + ASN1_ex_free_func *asn1_ex_clear; + ASN1_ex_d2i *asn1_ex_d2i; + ASN1_ex_i2d *asn1_ex_i2d; + ASN1_ex_print_func *asn1_ex_print; +} ASN1_EXTERN_FUNCS; + +typedef struct ASN1_PRIMITIVE_FUNCS_st { + void *app_data; + unsigned long flags; + ASN1_ex_new_func *prim_new; + ASN1_ex_free_func *prim_free; + ASN1_ex_free_func *prim_clear; + ASN1_primitive_c2i *prim_c2i; + ASN1_primitive_i2c *prim_i2c; + ASN1_primitive_print *prim_print; +} ASN1_PRIMITIVE_FUNCS; + +/* + * This is the ASN1_AUX structure: it handles various miscellaneous + * requirements. For example the use of reference counts and an informational + * callback. The "informational callback" is called at various points during + * the ASN1 encoding and decoding. It can be used to provide minor + * customisation of the structures used. This is most useful where the + * supplied routines *almost* do the right thing but need some extra help at + * a few points. If the callback returns zero then it is assumed a fatal + * error has occurred and the main operation should be abandoned. If major + * changes in the default behaviour are required then an external type is + * more appropriate. + */ + +typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, + void *exarg); + +typedef struct ASN1_AUX_st { + void *app_data; + int flags; + int ref_offset; /* Offset of reference value */ + int ref_lock; /* Lock type to use */ + ASN1_aux_cb *asn1_cb; + int enc_offset; /* Offset of ASN1_ENCODING structure */ +} ASN1_AUX; + +/* For print related callbacks exarg points to this structure */ +typedef struct ASN1_PRINT_ARG_st { + BIO *out; + int indent; + const ASN1_PCTX *pctx; +} ASN1_PRINT_ARG; + +/* For streaming related callbacks exarg points to this structure */ +typedef struct ASN1_STREAM_ARG_st { + /* BIO to stream through */ + BIO *out; + /* BIO with filters appended */ + BIO *ndef_bio; + /* Streaming I/O boundary */ + unsigned char **boundary; +} ASN1_STREAM_ARG; + +/* Flags in ASN1_AUX */ + +/* Use a reference count */ +# define ASN1_AFLG_REFCOUNT 1 +/* Save the encoding of structure (useful for signatures) */ +# define ASN1_AFLG_ENCODING 2 +/* The Sequence length is invalid */ +# define ASN1_AFLG_BROKEN 4 + +/* operation values for asn1_cb */ + +# define ASN1_OP_NEW_PRE 0 +# define ASN1_OP_NEW_POST 1 +# define ASN1_OP_FREE_PRE 2 +# define ASN1_OP_FREE_POST 3 +# define ASN1_OP_D2I_PRE 4 +# define ASN1_OP_D2I_POST 5 +# define ASN1_OP_I2D_PRE 6 +# define ASN1_OP_I2D_POST 7 +# define ASN1_OP_PRINT_PRE 8 +# define ASN1_OP_PRINT_POST 9 +# define ASN1_OP_STREAM_PRE 10 +# define ASN1_OP_STREAM_POST 11 +# define ASN1_OP_DETACHED_PRE 12 +# define ASN1_OP_DETACHED_POST 13 + +/* Macro to implement a primitive type */ +# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) +# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ + ASN1_ITEM_end(itname) + +/* Macro to implement a multi string type */ +# define IMPLEMENT_ASN1_MSTRING(itname, mask) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ + ASN1_ITEM_end(itname) + +# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_EXTERN, \ + tag, \ + NULL, \ + 0, \ + &fptrs, \ + 0, \ + #sname \ + ASN1_ITEM_end(sname) + +/* Macro to implement standard functions in terms of ASN1_ITEM structures */ + +# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) + +# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + +# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ + stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ + int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ + { \ + return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ + } + +# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \ + static stname *d2i_##stname(stname **a, \ + const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ + ASN1_ITEM_rptr(stname)); \ + } \ + static int i2d_##stname(stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, \ + ASN1_ITEM_rptr(stname)); \ + } + +/* + * This includes evil casts to remove const: they will go away when full ASN1 + * constification is done. + */ +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ + stname * stname##_dup(stname *x) \ + { \ + return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + } + +# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } + +# define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ + IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) + +# define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +/* external definitions for primitive types */ + +DECLARE_ASN1_ITEM(ASN1_BOOLEAN) +DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_SEQUENCE) +DECLARE_ASN1_ITEM(CBIGNUM) +DECLARE_ASN1_ITEM(BIGNUM) +DECLARE_ASN1_ITEM(INT32) +DECLARE_ASN1_ITEM(ZINT32) +DECLARE_ASN1_ITEM(UINT32) +DECLARE_ASN1_ITEM(ZUINT32) +DECLARE_ASN1_ITEM(INT64) +DECLARE_ASN1_ITEM(ZINT64) +DECLARE_ASN1_ITEM(UINT64) +DECLARE_ASN1_ITEM(ZUINT64) + +# if OPENSSL_API_COMPAT < 0x10200000L +/* + * LONG and ZLONG are strongly discouraged for use as stored data, as the + * underlying C type (long) differs in size depending on the architecture. + * They are designed with 32-bit longs in mind. + */ +DECLARE_ASN1_ITEM(LONG) +DECLARE_ASN1_ITEM(ZLONG) +# endif + +DEFINE_STACK_OF(ASN1_VALUE) + +/* Functions used internally by the ASN1 code */ + +int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); +void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/async.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/async.h new file mode 100644 index 00000000..7052b890 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/async.h @@ -0,0 +1,76 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifndef HEADER_ASYNC_H +# define HEADER_ASYNC_H + +#if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include to use this */ +#define OSSL_ASYNC_FD HANDLE +#define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE +# endif +#else +#define OSSL_ASYNC_FD int +#define OSSL_BAD_ASYNC_FD -1 +#endif +# include + + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct async_job_st ASYNC_JOB; +typedef struct async_wait_ctx_st ASYNC_WAIT_CTX; + +#define ASYNC_ERR 0 +#define ASYNC_NO_JOBS 1 +#define ASYNC_PAUSE 2 +#define ASYNC_FINISH 3 + +int ASYNC_init_thread(size_t max_size, size_t init_size); +void ASYNC_cleanup_thread(void); + +#ifdef OSSL_ASYNC_FD +ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); +void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); +int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD fd, + void *custom_data, + void (*cleanup)(ASYNC_WAIT_CTX *, const void *, + OSSL_ASYNC_FD, void *)); +int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD *fd, void **custom_data); +int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, + size_t *numfds); +int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +#endif + +int ASYNC_is_capable(void); + +int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, + int (*func)(void *), void *args, size_t size); +int ASYNC_pause_job(void); + +ASYNC_JOB *ASYNC_get_current_job(void); +ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); +void ASYNC_block_pause(void); +void ASYNC_unblock_pause(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/asyncerr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/asyncerr.h new file mode 100644 index 00000000..91afbbb2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/asyncerr.h @@ -0,0 +1,42 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASYNCERR_H +# define HEADER_ASYNCERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASYNC_strings(void); + +/* + * ASYNC function codes. + */ +# define ASYNC_F_ASYNC_CTX_NEW 100 +# define ASYNC_F_ASYNC_INIT_THREAD 101 +# define ASYNC_F_ASYNC_JOB_NEW 102 +# define ASYNC_F_ASYNC_PAUSE_JOB 103 +# define ASYNC_F_ASYNC_START_FUNC 104 +# define ASYNC_F_ASYNC_START_JOB 105 +# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD 106 + +/* + * ASYNC reason codes. + */ +# define ASYNC_R_FAILED_TO_SET_POOL 101 +# define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102 +# define ASYNC_R_INIT_FAILED 105 +# define ASYNC_R_INVALID_POOL_SIZE 103 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/bio.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/bio.h new file mode 100644 index 00000000..ae559a51 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/bio.h @@ -0,0 +1,801 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BIO_H +# define HEADER_BIO_H + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* There are the classes of BIOs */ +# define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ +# define BIO_TYPE_FILTER 0x0200 +# define BIO_TYPE_SOURCE_SINK 0x0400 + +/* These are the 'types' of BIOs */ +# define BIO_TYPE_NONE 0 +# define BIO_TYPE_MEM ( 1|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_FILE ( 2|BIO_TYPE_SOURCE_SINK) + +# define BIO_TYPE_FD ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_SOCKET ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_NULL ( 6|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_SSL ( 7|BIO_TYPE_FILTER) +# define BIO_TYPE_MD ( 8|BIO_TYPE_FILTER) +# define BIO_TYPE_BUFFER ( 9|BIO_TYPE_FILTER) +# define BIO_TYPE_CIPHER (10|BIO_TYPE_FILTER) +# define BIO_TYPE_BASE64 (11|BIO_TYPE_FILTER) +# define BIO_TYPE_CONNECT (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ACCEPT (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) + +# define BIO_TYPE_NBIO_TEST (16|BIO_TYPE_FILTER)/* server proxy BIO */ +# define BIO_TYPE_NULL_FILTER (17|BIO_TYPE_FILTER) +# define BIO_TYPE_BIO (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */ +# define BIO_TYPE_LINEBUFFER (20|BIO_TYPE_FILTER) +# define BIO_TYPE_DGRAM (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ASN1 (22|BIO_TYPE_FILTER) +# define BIO_TYPE_COMP (23|BIO_TYPE_FILTER) +# ifndef OPENSSL_NO_SCTP +# define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# endif + +#define BIO_TYPE_START 128 + +/* + * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. + * BIO_set_fp(in,stdin,BIO_NOCLOSE); + */ +# define BIO_NOCLOSE 0x00 +# define BIO_CLOSE 0x01 + +/* + * These are used in the following macros and are passed to BIO_ctrl() + */ +# define BIO_CTRL_RESET 1/* opt - rewind/zero etc */ +# define BIO_CTRL_EOF 2/* opt - are we at the eof */ +# define BIO_CTRL_INFO 3/* opt - extra tit-bits */ +# define BIO_CTRL_SET 4/* man - set the 'IO' type */ +# define BIO_CTRL_GET 5/* man - get the 'IO' type */ +# define BIO_CTRL_PUSH 6/* opt - internal, used to signify change */ +# define BIO_CTRL_POP 7/* opt - internal, used to signify change */ +# define BIO_CTRL_GET_CLOSE 8/* man - set the 'close' on free */ +# define BIO_CTRL_SET_CLOSE 9/* man - set the 'close' on free */ +# define BIO_CTRL_PENDING 10/* opt - is their more data buffered */ +# define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */ +# define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */ +# define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */ +# define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ +# define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ + +# define BIO_CTRL_PEEK 29/* BIO_f_buffer special */ +# define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */ + +/* dgram BIO stuff */ +# define BIO_CTRL_DGRAM_CONNECT 31/* BIO dgram special */ +# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected + * socket to be passed in */ +# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */ +# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */ + +# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */ + +/* #ifdef IP_MTU_DISCOVER */ +# define BIO_CTRL_DGRAM_MTU_DISCOVER 39/* set DF bit on egress packets */ +/* #endif */ + +# define BIO_CTRL_DGRAM_QUERY_MTU 40/* as kernel for current MTU */ +# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 +# define BIO_CTRL_DGRAM_GET_MTU 41/* get cached value for MTU */ +# define BIO_CTRL_DGRAM_SET_MTU 42/* set cached value for MTU. + * want to use this if asking + * the kernel fails */ + +# define BIO_CTRL_DGRAM_MTU_EXCEEDED 43/* check whether the MTU was + * exceed in the previous write + * operation */ + +# define BIO_CTRL_DGRAM_GET_PEER 46 +# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */ + +# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout + * to adjust socket timeouts */ +# define BIO_CTRL_DGRAM_SET_DONT_FRAG 48 + +# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 + +/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */ +# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 +# ifndef OPENSSL_NO_SCTP +/* SCTP stuff */ +# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 +# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 +# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 +# define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 +# define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 +# define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 +# define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 +# define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 +# define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 +# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 +# endif + +# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 + +/* modifiers */ +# define BIO_FP_READ 0x02 +# define BIO_FP_WRITE 0x04 +# define BIO_FP_APPEND 0x08 +# define BIO_FP_TEXT 0x10 + +# define BIO_FLAGS_READ 0x01 +# define BIO_FLAGS_WRITE 0x02 +# define BIO_FLAGS_IO_SPECIAL 0x04 +# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) +# define BIO_FLAGS_SHOULD_RETRY 0x08 +# ifndef BIO_FLAGS_UPLINK +/* + * "UPLINK" flag denotes file descriptors provided by application. It + * defaults to 0, as most platforms don't require UPLINK interface. + */ +# define BIO_FLAGS_UPLINK 0 +# endif + +# define BIO_FLAGS_BASE64_NO_NL 0x100 + +/* + * This is used with memory BIOs: + * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way; + * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset. + */ +# define BIO_FLAGS_MEM_RDONLY 0x200 +# define BIO_FLAGS_NONCLEAR_RST 0x400 +# define BIO_FLAGS_IN_EOF 0x800 + +typedef union bio_addr_st BIO_ADDR; +typedef struct bio_addrinfo_st BIO_ADDRINFO; + +int BIO_get_new_index(void); +void BIO_set_flags(BIO *b, int flags); +int BIO_test_flags(const BIO *b, int flags); +void BIO_clear_flags(BIO *b, int flags); + +# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) +# define BIO_set_retry_special(b) \ + BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_read(b) \ + BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_write(b) \ + BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) + +/* These are normally used internally in BIOs */ +# define BIO_clear_retry_flags(b) \ + BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_get_retry_flags(b) \ + BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + +/* These should be used by the application to tell why we should retry */ +# define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +# define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +# define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +# define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +# define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) + +/* + * The next three are used in conjunction with the BIO_should_io_special() + * condition. After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int + * *reason); will walk the BIO stack and return the 'reason' for the special + * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return + * the code. + */ +/* + * Returned from the SSL bio when the certificate retrieval code had an error + */ +# define BIO_RR_SSL_X509_LOOKUP 0x01 +/* Returned from the connect BIO when a connect would have blocked */ +# define BIO_RR_CONNECT 0x02 +/* Returned from the accept BIO when an accept would have blocked */ +# define BIO_RR_ACCEPT 0x03 + +/* These are passed by the BIO callback */ +# define BIO_CB_FREE 0x01 +# define BIO_CB_READ 0x02 +# define BIO_CB_WRITE 0x03 +# define BIO_CB_PUTS 0x04 +# define BIO_CB_GETS 0x05 +# define BIO_CB_CTRL 0x06 + +/* + * The callback is called before and after the underling operation, The + * BIO_CB_RETURN flag indicates if it is after the call + */ +# define BIO_CB_RETURN 0x80 +# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) +# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) +# define BIO_cb_post(a) ((a)&BIO_CB_RETURN) + +typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, + long argl, long ret); +typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, + size_t len, int argi, + long argl, int ret, size_t *processed); +BIO_callback_fn BIO_get_callback(const BIO *b); +void BIO_set_callback(BIO *b, BIO_callback_fn callback); + +BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); + +char *BIO_get_callback_arg(const BIO *b); +void BIO_set_callback_arg(BIO *b, char *arg); + +typedef struct bio_method_st BIO_METHOD; + +const char *BIO_method_name(const BIO *b); +int BIO_method_type(const BIO *b); + +typedef int BIO_info_cb(BIO *, int, int); +typedef BIO_info_cb bio_info_cb; /* backward compatibility */ + +DEFINE_STACK_OF(BIO) + +/* Prefix and suffix callback in ASN1 BIO */ +typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen, + void *parg); + +# ifndef OPENSSL_NO_SCTP +/* SCTP parameter structs */ +struct bio_dgram_sctp_sndinfo { + uint16_t snd_sid; + uint16_t snd_flags; + uint32_t snd_ppid; + uint32_t snd_context; +}; + +struct bio_dgram_sctp_rcvinfo { + uint16_t rcv_sid; + uint16_t rcv_ssn; + uint16_t rcv_flags; + uint32_t rcv_ppid; + uint32_t rcv_tsn; + uint32_t rcv_cumtsn; + uint32_t rcv_context; +}; + +struct bio_dgram_sctp_prinfo { + uint16_t pr_policy; + uint32_t pr_value; +}; +# endif + +/* + * #define BIO_CONN_get_param_hostname BIO_ctrl + */ + +# define BIO_C_SET_CONNECT 100 +# define BIO_C_DO_STATE_MACHINE 101 +# define BIO_C_SET_NBIO 102 +/* # define BIO_C_SET_PROXY_PARAM 103 */ +# define BIO_C_SET_FD 104 +# define BIO_C_GET_FD 105 +# define BIO_C_SET_FILE_PTR 106 +# define BIO_C_GET_FILE_PTR 107 +# define BIO_C_SET_FILENAME 108 +# define BIO_C_SET_SSL 109 +# define BIO_C_GET_SSL 110 +# define BIO_C_SET_MD 111 +# define BIO_C_GET_MD 112 +# define BIO_C_GET_CIPHER_STATUS 113 +# define BIO_C_SET_BUF_MEM 114 +# define BIO_C_GET_BUF_MEM_PTR 115 +# define BIO_C_GET_BUFF_NUM_LINES 116 +# define BIO_C_SET_BUFF_SIZE 117 +# define BIO_C_SET_ACCEPT 118 +# define BIO_C_SSL_MODE 119 +# define BIO_C_GET_MD_CTX 120 +/* # define BIO_C_GET_PROXY_PARAM 121 */ +# define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ +# define BIO_C_GET_CONNECT 123 +# define BIO_C_GET_ACCEPT 124 +# define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +# define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +# define BIO_C_FILE_SEEK 128 +# define BIO_C_GET_CIPHER_CTX 129 +# define BIO_C_SET_BUF_MEM_EOF_RETURN 130/* return end of input + * value */ +# define BIO_C_SET_BIND_MODE 131 +# define BIO_C_GET_BIND_MODE 132 +# define BIO_C_FILE_TELL 133 +# define BIO_C_GET_SOCKS 134 +# define BIO_C_SET_SOCKS 135 + +# define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ +# define BIO_C_GET_WRITE_BUF_SIZE 137 +# define BIO_C_MAKE_BIO_PAIR 138 +# define BIO_C_DESTROY_BIO_PAIR 139 +# define BIO_C_GET_WRITE_GUARANTEE 140 +# define BIO_C_GET_READ_REQUEST 141 +# define BIO_C_SHUTDOWN_WR 142 +# define BIO_C_NREAD0 143 +# define BIO_C_NREAD 144 +# define BIO_C_NWRITE0 145 +# define BIO_C_NWRITE 146 +# define BIO_C_RESET_READ_REQUEST 147 +# define BIO_C_SET_MD_CTX 148 + +# define BIO_C_SET_PREFIX 149 +# define BIO_C_GET_PREFIX 150 +# define BIO_C_SET_SUFFIX 151 +# define BIO_C_GET_SUFFIX 152 + +# define BIO_C_SET_EX_ARG 153 +# define BIO_C_GET_EX_ARG 154 + +# define BIO_C_SET_CONNECT_MODE 155 + +# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) +# define BIO_get_app_data(s) BIO_get_ex_data(s,0) + +# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) + +# ifndef OPENSSL_NO_SOCK +/* IP families we support, for BIO_s_connect() and BIO_s_accept() */ +/* Note: the underlying operating system may not support some of them */ +# define BIO_FAMILY_IPV4 4 +# define BIO_FAMILY_IPV6 6 +# define BIO_FAMILY_IPANY 256 + +/* BIO_s_connect() */ +# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0, \ + (char *)(name)) +# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1, \ + (char *)(port)) +# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2, \ + (char *)(addr)) +# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f) +# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)) +# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) +# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) +# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) +# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) + +/* BIO_s_accept() */ +# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \ + (char *)(name)) +# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1, \ + (char *)(port)) +# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)) +# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1)) +# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2)) +# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3)) +/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ +# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL) +# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3, \ + (char *)(bio)) +# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) +# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) + +/* Aliases kept for backward compatibility */ +# define BIO_BIND_NORMAL 0 +# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR +# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR +# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) +# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) + +/* BIO_s_accept() and BIO_s_connect() */ +# define BIO_do_connect(b) BIO_do_handshake(b) +# define BIO_do_accept(b) BIO_do_handshake(b) +# endif /* OPENSSL_NO_SOCK */ + +# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) + +/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ +# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) +# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)(c)) + +/* BIO_s_file() */ +# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)(fp)) +# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)(fpp)) + +/* BIO_s_fd() and BIO_s_file() */ +# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) +# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) + +/* + * name is cast to lose const, but might be better to route through a + * function so we can do it safely + */ +# ifdef CONST_STRICT +/* + * If you are wondering why this isn't defined, its because CONST_STRICT is + * purely a compile-time kludge to allow const to be checked. + */ +int BIO_read_filename(BIO *b, const char *name); +# else +# define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ,(char *)(name)) +# endif +# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_WRITE,name) +# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_APPEND,name) +# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) + +/* + * WARNING WARNING, this ups the reference count on the read bio of the SSL + * structure. This is because the ssl read BIO is now pointed to by the + * next_bio field in the bio. So when you free the BIO, make sure you are + * doing a BIO_free_all() to catch the underlying BIO. + */ +# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)(ssl)) +# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)(sslp)) +# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) +# define BIO_set_ssl_renegotiate_bytes(b,num) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) +# define BIO_get_num_renegotiates(b) \ + BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL) +# define BIO_set_ssl_renegotiate_timeout(b,seconds) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) + +/* defined in evp.h */ +/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)(md)) */ + +# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)(pp)) +# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)(bm)) +# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0, \ + (char *)(pp)) +# define BIO_set_mem_eof_return(b,v) \ + BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) + +/* For the BIO_f_buffer() type */ +# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) +# define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) +# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) +# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) +# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) + +/* Don't use the next one unless you know what you are doing :-) */ +# define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) + +# define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) +# define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) +# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) +# define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) +# define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +# define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) +/* ...pending macros have inappropriate return type */ +size_t BIO_ctrl_pending(BIO *b); +size_t BIO_ctrl_wpending(BIO *b); +# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) +# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ + cbp) +# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) + +/* For the BIO_f_buffer() type */ +# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) +# define BIO_buffer_peek(b,s,l) BIO_ctrl(b,BIO_CTRL_PEEK,(l),(s)) + +/* For BIO_s_bio() */ +# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) +# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) +# define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) +# define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) +# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) +/* macros with inappropriate type -- but ...pending macros use int too: */ +# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) +# define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) +size_t BIO_ctrl_get_write_guarantee(BIO *b); +size_t BIO_ctrl_get_read_request(BIO *b); +int BIO_ctrl_reset_read_request(BIO *b); + +/* ctrl macros for dgram */ +# define BIO_ctrl_dgram_connect(b,peer) \ + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)(peer)) +# define BIO_ctrl_set_connected(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer)) +# define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +# define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +# define BIO_dgram_get_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) +# define BIO_dgram_set_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) +# define BIO_dgram_get_mtu_overhead(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) + +#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) +int BIO_set_ex_data(BIO *bio, int idx, void *data); +void *BIO_get_ex_data(BIO *bio, int idx); +uint64_t BIO_number_read(BIO *bio); +uint64_t BIO_number_written(BIO *bio); + +/* For BIO_f_asn1() */ +int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, + asn1_ps_func *prefix_free); +int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, + asn1_ps_func **pprefix_free); +int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, + asn1_ps_func *suffix_free); +int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, + asn1_ps_func **psuffix_free); + +const BIO_METHOD *BIO_s_file(void); +BIO *BIO_new_file(const char *filename, const char *mode); +# ifndef OPENSSL_NO_STDIO +BIO *BIO_new_fp(FILE *stream, int close_flag); +# endif +BIO *BIO_new(const BIO_METHOD *type); +int BIO_free(BIO *a); +void BIO_set_data(BIO *a, void *ptr); +void *BIO_get_data(BIO *a); +void BIO_set_init(BIO *a, int init); +int BIO_get_init(BIO *a); +void BIO_set_shutdown(BIO *a, int shut); +int BIO_get_shutdown(BIO *a); +void BIO_vfree(BIO *a); +int BIO_up_ref(BIO *a); +int BIO_read(BIO *b, void *data, int dlen); +int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +int BIO_gets(BIO *bp, char *buf, int size); +int BIO_write(BIO *b, const void *data, int dlen); +int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +int BIO_puts(BIO *bp, const char *buf); +int BIO_indent(BIO *b, int indent, int max); +long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); +void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +BIO *BIO_push(BIO *b, BIO *append); +BIO *BIO_pop(BIO *b); +void BIO_free_all(BIO *a); +BIO *BIO_find_type(BIO *b, int bio_type); +BIO *BIO_next(BIO *b); +void BIO_set_next(BIO *b, BIO *next); +BIO *BIO_get_retry_BIO(BIO *bio, int *reason); +int BIO_get_retry_reason(BIO *bio); +void BIO_set_retry_reason(BIO *bio, int reason); +BIO *BIO_dup_chain(BIO *in); + +int BIO_nread0(BIO *bio, char **buf); +int BIO_nread(BIO *bio, char **buf, int num); +int BIO_nwrite0(BIO *bio, char **buf); +int BIO_nwrite(BIO *bio, char **buf, int num); + +long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, + long argl, long ret); + +const BIO_METHOD *BIO_s_mem(void); +const BIO_METHOD *BIO_s_secmem(void); +BIO *BIO_new_mem_buf(const void *buf, int len); +# ifndef OPENSSL_NO_SOCK +const BIO_METHOD *BIO_s_socket(void); +const BIO_METHOD *BIO_s_connect(void); +const BIO_METHOD *BIO_s_accept(void); +# endif +const BIO_METHOD *BIO_s_fd(void); +const BIO_METHOD *BIO_s_log(void); +const BIO_METHOD *BIO_s_bio(void); +const BIO_METHOD *BIO_s_null(void); +const BIO_METHOD *BIO_f_null(void); +const BIO_METHOD *BIO_f_buffer(void); +const BIO_METHOD *BIO_f_linebuffer(void); +const BIO_METHOD *BIO_f_nbio_test(void); +# ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_datagram(void); +int BIO_dgram_non_fatal_error(int error); +BIO *BIO_new_dgram(int fd, int close_flag); +# ifndef OPENSSL_NO_SCTP +const BIO_METHOD *BIO_s_datagram_sctp(void); +BIO *BIO_new_dgram_sctp(int fd, int close_flag); +int BIO_dgram_is_sctp(BIO *bio); +int BIO_dgram_sctp_notification_cb(BIO *b, + void (*handle_notifications) (BIO *bio, + void *context, + void *buf), + void *context); +int BIO_dgram_sctp_wait_for_dry(BIO *b); +int BIO_dgram_sctp_msg_waiting(BIO *b); +# endif +# endif + +# ifndef OPENSSL_NO_SOCK +int BIO_sock_should_retry(int i); +int BIO_sock_non_fatal_error(int error); +# endif + +int BIO_fd_should_retry(int i); +int BIO_fd_non_fatal_error(int error); +int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const char *s, int len); +int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const char *s, int len, int indent); +int BIO_dump(BIO *b, const char *bytes, int len); +int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); +# ifndef OPENSSL_NO_STDIO +int BIO_dump_fp(FILE *fp, const char *s, int len); +int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); +# endif +int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, + int datalen); + +# ifndef OPENSSL_NO_SOCK +BIO_ADDR *BIO_ADDR_new(void); +int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, + const void *where, size_t wherelen, unsigned short port); +void BIO_ADDR_free(BIO_ADDR *); +void BIO_ADDR_clear(BIO_ADDR *ap); +int BIO_ADDR_family(const BIO_ADDR *ap); +int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); +unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); +char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_path_string(const BIO_ADDR *ap); + +const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); +const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); +void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); + +enum BIO_hostserv_priorities { + BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV +}; +int BIO_parse_hostserv(const char *hostserv, char **host, char **service, + enum BIO_hostserv_priorities hostserv_prio); +enum BIO_lookup_type { + BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER +}; +int BIO_lookup(const char *host, const char *service, + enum BIO_lookup_type lookup_type, + int family, int socktype, BIO_ADDRINFO **res); +int BIO_lookup_ex(const char *host, const char *service, + int lookup_type, int family, int socktype, int protocol, + BIO_ADDRINFO **res); +int BIO_sock_error(int sock); +int BIO_socket_ioctl(int fd, long type, void *arg); +int BIO_socket_nbio(int fd, int mode); +int BIO_sock_init(void); +# if OPENSSL_API_COMPAT < 0x10100000L +# define BIO_sock_cleanup() while(0) continue +# endif +int BIO_set_tcp_ndelay(int sock, int turn_on); + +DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name)) +DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr)) +DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip)) +DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode)) +DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port)) + +union BIO_sock_info_u { + BIO_ADDR *addr; +}; +enum BIO_sock_info_type { + BIO_SOCK_INFO_ADDRESS +}; +int BIO_sock_info(int sock, + enum BIO_sock_info_type type, union BIO_sock_info_u *info); + +# define BIO_SOCK_REUSEADDR 0x01 +# define BIO_SOCK_V6_ONLY 0x02 +# define BIO_SOCK_KEEPALIVE 0x04 +# define BIO_SOCK_NONBLOCK 0x08 +# define BIO_SOCK_NODELAY 0x10 + +int BIO_socket(int domain, int socktype, int protocol, int options); +int BIO_connect(int sock, const BIO_ADDR *addr, int options); +int BIO_bind(int sock, const BIO_ADDR *addr, int options); +int BIO_listen(int sock, const BIO_ADDR *addr, int options); +int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options); +int BIO_closesocket(int sock); + +BIO *BIO_new_socket(int sock, int close_flag); +BIO *BIO_new_connect(const char *host_port); +BIO *BIO_new_accept(const char *host_port); +# endif /* OPENSSL_NO_SOCK*/ + +BIO *BIO_new_fd(int fd, int close_flag); + +int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +/* + * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. + * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default + * value. + */ + +void BIO_copy_next_retry(BIO *b); + +/* + * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); + */ + +# define ossl_bio__attr__(x) +# if defined(__GNUC__) && defined(__STDC_VERSION__) \ + && !defined(__APPLE__) + /* + * Because we support the 'z' modifier, which made its appearance in C99, + * we can't use __attribute__ with pre C99 dialects. + */ +# if __STDC_VERSION__ >= 199901L +# undef ossl_bio__attr__ +# define ossl_bio__attr__ __attribute__ +# if __GNUC__*10 + __GNUC_MINOR__ >= 44 +# define ossl_bio__printf__ __gnu_printf__ +# else +# define ossl_bio__printf__ __printf__ +# endif +# endif +# endif +int BIO_printf(BIO *bio, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3))); +int BIO_vprintf(BIO *bio, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0))); +int BIO_snprintf(char *buf, size_t n, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4))); +int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); +# undef ossl_bio__attr__ +# undef ossl_bio__printf__ + + +BIO_METHOD *BIO_meth_new(int type, const char *name); +void BIO_meth_free(BIO_METHOD *biom); +int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); +int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t, + size_t *); +int BIO_meth_set_write(BIO_METHOD *biom, + int (*write) (BIO *, const char *, int)); +int BIO_meth_set_write_ex(BIO_METHOD *biom, + int (*bwrite) (BIO *, const char *, size_t, size_t *)); +int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *); +int BIO_meth_set_read(BIO_METHOD *biom, + int (*read) (BIO *, char *, int)); +int BIO_meth_set_read_ex(BIO_METHOD *biom, + int (*bread) (BIO *, char *, size_t, size_t *)); +int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); +int BIO_meth_set_puts(BIO_METHOD *biom, + int (*puts) (BIO *, const char *)); +int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); +int BIO_meth_set_gets(BIO_METHOD *biom, + int (*gets) (BIO *, char *, int)); +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); +int BIO_meth_set_ctrl(BIO_METHOD *biom, + long (*ctrl) (BIO *, int, long, void *)); +int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); +int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); +int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); +int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) + (BIO *, int, BIO_info_cb *); +int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, + long (*callback_ctrl) (BIO *, int, + BIO_info_cb *)); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/bioerr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/bioerr.h new file mode 100644 index 00000000..46e2c96e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/bioerr.h @@ -0,0 +1,124 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BIOERR_H +# define HEADER_BIOERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BIO_strings(void); + +/* + * BIO function codes. + */ +# define BIO_F_ACPT_STATE 100 +# define BIO_F_ADDRINFO_WRAP 148 +# define BIO_F_ADDR_STRINGS 134 +# define BIO_F_BIO_ACCEPT 101 +# define BIO_F_BIO_ACCEPT_EX 137 +# define BIO_F_BIO_ACCEPT_NEW 152 +# define BIO_F_BIO_ADDR_NEW 144 +# define BIO_F_BIO_BIND 147 +# define BIO_F_BIO_CALLBACK_CTRL 131 +# define BIO_F_BIO_CONNECT 138 +# define BIO_F_BIO_CONNECT_NEW 153 +# define BIO_F_BIO_CTRL 103 +# define BIO_F_BIO_GETS 104 +# define BIO_F_BIO_GET_HOST_IP 106 +# define BIO_F_BIO_GET_NEW_INDEX 102 +# define BIO_F_BIO_GET_PORT 107 +# define BIO_F_BIO_LISTEN 139 +# define BIO_F_BIO_LOOKUP 135 +# define BIO_F_BIO_LOOKUP_EX 143 +# define BIO_F_BIO_MAKE_PAIR 121 +# define BIO_F_BIO_METH_NEW 146 +# define BIO_F_BIO_NEW 108 +# define BIO_F_BIO_NEW_DGRAM_SCTP 145 +# define BIO_F_BIO_NEW_FILE 109 +# define BIO_F_BIO_NEW_MEM_BUF 126 +# define BIO_F_BIO_NREAD 123 +# define BIO_F_BIO_NREAD0 124 +# define BIO_F_BIO_NWRITE 125 +# define BIO_F_BIO_NWRITE0 122 +# define BIO_F_BIO_PARSE_HOSTSERV 136 +# define BIO_F_BIO_PUTS 110 +# define BIO_F_BIO_READ 111 +# define BIO_F_BIO_READ_EX 105 +# define BIO_F_BIO_READ_INTERN 120 +# define BIO_F_BIO_SOCKET 140 +# define BIO_F_BIO_SOCKET_NBIO 142 +# define BIO_F_BIO_SOCK_INFO 141 +# define BIO_F_BIO_SOCK_INIT 112 +# define BIO_F_BIO_WRITE 113 +# define BIO_F_BIO_WRITE_EX 119 +# define BIO_F_BIO_WRITE_INTERN 128 +# define BIO_F_BUFFER_CTRL 114 +# define BIO_F_CONN_CTRL 127 +# define BIO_F_CONN_STATE 115 +# define BIO_F_DGRAM_SCTP_NEW 149 +# define BIO_F_DGRAM_SCTP_READ 132 +# define BIO_F_DGRAM_SCTP_WRITE 133 +# define BIO_F_DOAPR_OUTCH 150 +# define BIO_F_FILE_CTRL 116 +# define BIO_F_FILE_READ 130 +# define BIO_F_LINEBUFFER_CTRL 129 +# define BIO_F_LINEBUFFER_NEW 151 +# define BIO_F_MEM_WRITE 117 +# define BIO_F_NBIOF_NEW 154 +# define BIO_F_SLG_WRITE 155 +# define BIO_F_SSL_NEW 118 + +/* + * BIO reason codes. + */ +# define BIO_R_ACCEPT_ERROR 100 +# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141 +# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129 +# define BIO_R_BAD_FOPEN_MODE 101 +# define BIO_R_BROKEN_PIPE 124 +# define BIO_R_CONNECT_ERROR 103 +# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +# define BIO_R_GETSOCKNAME_ERROR 132 +# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133 +# define BIO_R_GETTING_SOCKTYPE 134 +# define BIO_R_INVALID_ARGUMENT 125 +# define BIO_R_INVALID_SOCKET 135 +# define BIO_R_IN_USE 123 +# define BIO_R_LENGTH_TOO_LONG 102 +# define BIO_R_LISTEN_V6_ONLY 136 +# define BIO_R_LOOKUP_RETURNED_NOTHING 142 +# define BIO_R_MALFORMED_HOST_OR_SERVICE 130 +# define BIO_R_NBIO_CONNECT_ERROR 110 +# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 +# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 +# define BIO_R_NO_PORT_DEFINED 113 +# define BIO_R_NO_SUCH_FILE 128 +# define BIO_R_NULL_PARAMETER 115 +# define BIO_R_UNABLE_TO_BIND_SOCKET 117 +# define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +# define BIO_R_UNABLE_TO_KEEPALIVE 137 +# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +# define BIO_R_UNABLE_TO_NODELAY 138 +# define BIO_R_UNABLE_TO_REUSEADDR 139 +# define BIO_R_UNAVAILABLE_IP_FAMILY 145 +# define BIO_R_UNINITIALIZED 120 +# define BIO_R_UNKNOWN_INFO_TYPE 140 +# define BIO_R_UNSUPPORTED_IP_FAMILY 146 +# define BIO_R_UNSUPPORTED_METHOD 121 +# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 +# define BIO_R_WRITE_TO_READ_ONLY_BIO 126 +# define BIO_R_WSASTARTUP 122 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/blowfish.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/blowfish.h new file mode 100644 index 00000000..cd3e460e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/blowfish.h @@ -0,0 +1,61 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BLOWFISH_H +# define HEADER_BLOWFISH_H + +# include + +# ifndef OPENSSL_NO_BF +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define BF_ENCRYPT 1 +# define BF_DECRYPT 0 + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! BF_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define BF_LONG unsigned int + +# define BF_ROUNDS 16 +# define BF_BLOCK 8 + +typedef struct bf_key_st { + BF_LONG P[BF_ROUNDS + 2]; + BF_LONG S[4 * 256]; +} BF_KEY; + +void BF_set_key(BF_KEY *key, int len, const unsigned char *data); + +void BF_encrypt(BF_LONG *data, const BF_KEY *key); +void BF_decrypt(BF_LONG *data, const BF_KEY *key); + +void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, + const BF_KEY *key, int enc); +void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + const BF_KEY *schedule, unsigned char *ivec, int enc); +void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num); +const char *BF_options(void); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/bn.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/bn.h new file mode 100644 index 00000000..8af05d00 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/bn.h @@ -0,0 +1,539 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BN_H +# define HEADER_BN_H + +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * 64-bit processor with LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT_LONG +# define BN_ULONG unsigned long +# define BN_BYTES 8 +# endif + +/* + * 64-bit processor other than LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT +# define BN_ULONG unsigned long long +# define BN_BYTES 8 +# endif + +# ifdef THIRTY_TWO_BIT +# define BN_ULONG unsigned int +# define BN_BYTES 4 +# endif + +# define BN_BITS2 (BN_BYTES * 8) +# define BN_BITS (BN_BITS2 * 2) +# define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1)) + +# define BN_FLG_MALLOCED 0x01 +# define BN_FLG_STATIC_DATA 0x02 + +/* + * avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ +# define BN_FLG_CONSTTIME 0x04 +# define BN_FLG_SECURE 0x08 + +# if OPENSSL_API_COMPAT < 0x00908000L +/* deprecated name for the flag */ +# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME +# define BN_FLG_FREE 0x8000 /* used for debugging */ +# endif + +void BN_set_flags(BIGNUM *b, int n); +int BN_get_flags(const BIGNUM *b, int n); + +/* Values for |top| in BN_rand() */ +#define BN_RAND_TOP_ANY -1 +#define BN_RAND_TOP_ONE 0 +#define BN_RAND_TOP_TWO 1 + +/* Values for |bottom| in BN_rand() */ +#define BN_RAND_BOTTOM_ANY 0 +#define BN_RAND_BOTTOM_ODD 1 + +/* + * get a clone of a BIGNUM with changed flags, for *temporary* use only (the + * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The + * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that + * has not been otherwise initialised or used. + */ +void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); + +/* Wrapper function to make using BN_GENCB easier */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); + +BN_GENCB *BN_GENCB_new(void); +void BN_GENCB_free(BN_GENCB *cb); + +/* Populate a BN_GENCB structure with an "old"-style callback */ +void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), + void *cb_arg); + +/* Populate a BN_GENCB structure with a "new"-style callback */ +void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), + void *cb_arg); + +void *BN_GENCB_get_arg(BN_GENCB *cb); + +# define BN_prime_checks 0 /* default: select number of iterations based + * on the size of the number */ + +/* + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit + */ + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) + +# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + +int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_zero(const BIGNUM *a); +int BN_is_one(const BIGNUM *a); +int BN_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_odd(const BIGNUM *a); + +# define BN_one(a) (BN_set_word((a),1)) + +void BN_zero_ex(BIGNUM *a); + +# if OPENSSL_API_COMPAT >= 0x00908000L +# define BN_zero(a) BN_zero_ex(a) +# else +# define BN_zero(a) (BN_set_word((a),0)) +# endif + +const BIGNUM *BN_value_one(void); +char *BN_options(void); +BN_CTX *BN_CTX_new(void); +BN_CTX *BN_CTX_secure_new(void); +void BN_CTX_free(BN_CTX *c); +void BN_CTX_start(BN_CTX *ctx); +BIGNUM *BN_CTX_get(BN_CTX *ctx); +void BN_CTX_end(BN_CTX *ctx); +int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_num_bits(const BIGNUM *a); +int BN_num_bits_word(BN_ULONG l); +int BN_security_bits(int L, int N); +BIGNUM *BN_new(void); +BIGNUM *BN_secure_new(void); +void BN_clear_free(BIGNUM *a); +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +void BN_swap(BIGNUM *a, BIGNUM *b); +BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2bin(const BIGNUM *a, unsigned char *to); +int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +void BN_set_negative(BIGNUM *b, int n); +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param b pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +int BN_is_negative(const BIGNUM *b); + +int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +int BN_mul_word(BIGNUM *a, BN_ULONG w); +int BN_add_word(BIGNUM *a, BN_ULONG w); +int BN_sub_word(BIGNUM *a, BN_ULONG w); +int BN_set_word(BIGNUM *a, BN_ULONG w); +BN_ULONG BN_get_word(const BIGNUM *a); + +int BN_cmp(const BIGNUM *a, const BIGNUM *b); +void BN_free(BIGNUM *a); +int BN_is_bit_set(const BIGNUM *a, int n); +int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_lshift1(BIGNUM *r, const BIGNUM *a); +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); +int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); + +int BN_mask_bits(BIGNUM *a, int n); +# ifndef OPENSSL_NO_STDIO +int BN_print_fp(FILE *fp, const BIGNUM *a); +# endif +int BN_print(BIO *bio, const BIGNUM *a); +int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); +int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_rshift1(BIGNUM *r, const BIGNUM *a); +void BN_clear(BIGNUM *a); +BIGNUM *BN_dup(const BIGNUM *a); +int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +int BN_set_bit(BIGNUM *a, int n); +int BN_clear_bit(BIGNUM *a, int n); +char *BN_bn2hex(const BIGNUM *a); +char *BN_bn2dec(const BIGNUM *a); +int BN_hex2bn(BIGNUM **a, const char *str); +int BN_dec2bn(BIGNUM **a, const char *str); +int BN_asc2bn(BIGNUM **a, const char *str); +int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns + * -2 for + * error */ +BIGNUM *BN_mod_inverse(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); +BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + +/* Deprecated versions */ +DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, + const BIGNUM *rem, + void (*callback) (int, int, + void *), + void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime_fasttest(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg, + int do_trial_division)) + +/* Newer versions */ +int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); + +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, + const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, + BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, + BN_CTX *ctx, BN_GENCB *cb); + +BN_MONT_CTX *BN_MONT_CTX_new(void); +int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +void BN_MONT_CTX_free(BN_MONT_CTX *mont); +int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, + const BIGNUM *mod, BN_CTX *ctx); + +/* BN_BLINDING flags */ +# define BN_BLINDING_NO_UPDATE 0x00000001 +# define BN_BLINDING_NO_RECREATE 0x00000002 + +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); +void BN_BLINDING_free(BN_BLINDING *b); +int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, + BN_CTX *); + +int BN_BLINDING_is_current_thread(BN_BLINDING *b); +void BN_BLINDING_set_current_thread(BN_BLINDING *b); +int BN_BLINDING_lock(BN_BLINDING *b); +int BN_BLINDING_unlock(BN_BLINDING *b); + +unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); + +DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont)) +DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3 + * mont */ + +BN_RECP_CTX *BN_RECP_CTX_new(void); +void BN_RECP_CTX_free(BN_RECP_CTX *recp); +int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); +int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, + BN_RECP_CTX *recp, BN_CTX *ctx); +int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx); + +# ifndef OPENSSL_NO_EC2M + +/* + * Functions for arithmetic over binary polynomials represented by BIGNUMs. + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is + * ignored. Note that input arguments are not const so that their bit arrays + * can be expanded to the appropriate size if needed. + */ + +/* + * r = a + b + */ +int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +/* + * r=a mod p + */ +int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +/*- + * Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +/* r = a mod p */ +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], + BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], + BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); +int BN_GF2m_arr2poly(const int p[], BIGNUM *a); + +# endif + +/* + * faster mod functions for the 'NIST primes' 0 <= a < p^2 + */ +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +const BIGNUM *BN_get0_nist_prime_192(void); +const BIGNUM *BN_get0_nist_prime_224(void); +const BIGNUM *BN_get0_nist_prime_256(void); +const BIGNUM *BN_get0_nist_prime_384(void); +const BIGNUM *BN_get0_nist_prime_521(void); + +int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, + const BIGNUM *field, BN_CTX *ctx); + +int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, + const BIGNUM *priv, const unsigned char *message, + size_t message_len, BN_CTX *ctx); + +/* Primes from RFC 2409 */ +BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 +# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 +# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 +# define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048 +# define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072 +# define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096 +# define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144 +# define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192 +# endif + +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/bnerr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/bnerr.h new file mode 100644 index 00000000..9f3c7cfa --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/bnerr.h @@ -0,0 +1,100 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BNERR_H +# define HEADER_BNERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BN_strings(void); + +/* + * BN function codes. + */ +# define BN_F_BNRAND 127 +# define BN_F_BNRAND_RANGE 138 +# define BN_F_BN_BLINDING_CONVERT_EX 100 +# define BN_F_BN_BLINDING_CREATE_PARAM 128 +# define BN_F_BN_BLINDING_INVERT_EX 101 +# define BN_F_BN_BLINDING_NEW 102 +# define BN_F_BN_BLINDING_UPDATE 103 +# define BN_F_BN_BN2DEC 104 +# define BN_F_BN_BN2HEX 105 +# define BN_F_BN_COMPUTE_WNAF 142 +# define BN_F_BN_CTX_GET 116 +# define BN_F_BN_CTX_NEW 106 +# define BN_F_BN_CTX_START 129 +# define BN_F_BN_DIV 107 +# define BN_F_BN_DIV_RECP 130 +# define BN_F_BN_EXP 123 +# define BN_F_BN_EXPAND_INTERNAL 120 +# define BN_F_BN_GENCB_NEW 143 +# define BN_F_BN_GENERATE_DSA_NONCE 140 +# define BN_F_BN_GENERATE_PRIME_EX 141 +# define BN_F_BN_GF2M_MOD 131 +# define BN_F_BN_GF2M_MOD_EXP 132 +# define BN_F_BN_GF2M_MOD_MUL 133 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 +# define BN_F_BN_GF2M_MOD_SQR 136 +# define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 +# define BN_F_BN_MOD_EXP2_MONT 118 +# define BN_F_BN_MOD_EXP_MONT 109 +# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 +# define BN_F_BN_MOD_EXP_MONT_WORD 117 +# define BN_F_BN_MOD_EXP_RECP 125 +# define BN_F_BN_MOD_EXP_SIMPLE 126 +# define BN_F_BN_MOD_INVERSE 110 +# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 +# define BN_F_BN_MOD_LSHIFT_QUICK 119 +# define BN_F_BN_MOD_SQRT 121 +# define BN_F_BN_MONT_CTX_NEW 149 +# define BN_F_BN_MPI2BN 112 +# define BN_F_BN_NEW 113 +# define BN_F_BN_POOL_GET 147 +# define BN_F_BN_RAND 114 +# define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RECP_CTX_NEW 150 +# define BN_F_BN_RSHIFT 146 +# define BN_F_BN_SET_WORDS 144 +# define BN_F_BN_STACK_PUSH 148 +# define BN_F_BN_USUB 115 + +/* + * BN reason codes. + */ +# define BN_R_ARG2_LT_ARG3 100 +# define BN_R_BAD_RECIPROCAL 101 +# define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 +# define BN_R_CALLED_WITH_EVEN_MODULUS 102 +# define BN_R_DIV_BY_ZERO 103 +# define BN_R_ENCODING_ERROR 104 +# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +# define BN_R_INPUT_NOT_REDUCED 110 +# define BN_R_INVALID_LENGTH 106 +# define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 +# define BN_R_NOT_A_SQUARE 111 +# define BN_R_NOT_INITIALIZED 107 +# define BN_R_NO_INVERSE 108 +# define BN_R_NO_SOLUTION 116 +# define BN_R_PRIVATE_KEY_TOO_LARGE 117 +# define BN_R_P_IS_NOT_PRIME 112 +# define BN_R_TOO_MANY_ITERATIONS 113 +# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/buffer.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/buffer.h new file mode 100644 index 00000000..d2765766 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/buffer.h @@ -0,0 +1,58 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BUFFER_H +# define HEADER_BUFFER_H + +# include +# ifndef HEADER_CRYPTO_H +# include +# endif +# include + + +#ifdef __cplusplus +extern "C" { +#endif + +# include +# include + +/* + * These names are outdated as of OpenSSL 1.1; a future release + * will move them to be deprecated. + */ +# define BUF_strdup(s) OPENSSL_strdup(s) +# define BUF_strndup(s, size) OPENSSL_strndup(s, size) +# define BUF_memdup(data, size) OPENSSL_memdup(data, size) +# define BUF_strlcpy(dst, src, size) OPENSSL_strlcpy(dst, src, size) +# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size) +# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen) + +struct buf_mem_st { + size_t length; /* current number of bytes */ + char *data; + size_t max; /* size of buffer */ + unsigned long flags; +}; + +# define BUF_MEM_FLAG_SECURE 0x01 + +BUF_MEM *BUF_MEM_new(void); +BUF_MEM *BUF_MEM_new_ex(unsigned long flags); +void BUF_MEM_free(BUF_MEM *a); +size_t BUF_MEM_grow(BUF_MEM *str, size_t len); +size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/buffererr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/buffererr.h new file mode 100644 index 00000000..04f6ff7a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/buffererr.h @@ -0,0 +1,34 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BUFERR_H +# define HEADER_BUFERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BUF_strings(void); + +/* + * BUF function codes. + */ +# define BUF_F_BUF_MEM_GROW 100 +# define BUF_F_BUF_MEM_GROW_CLEAN 105 +# define BUF_F_BUF_MEM_NEW 101 + +/* + * BUF reason codes. + */ + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/camellia.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/camellia.h new file mode 100644 index 00000000..151f3c13 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/camellia.h @@ -0,0 +1,83 @@ +/* + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CAMELLIA_H +# define HEADER_CAMELLIA_H + +# include + +# ifndef OPENSSL_NO_CAMELLIA +# include +#ifdef __cplusplus +extern "C" { +#endif + +# define CAMELLIA_ENCRYPT 1 +# define CAMELLIA_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ + +/* This should be a hidden type, but EVP requires that the size be known */ + +# define CAMELLIA_BLOCK_SIZE 16 +# define CAMELLIA_TABLE_BYTE_LEN 272 +# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) + +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match + * with WORD */ + +struct camellia_key_st { + union { + double d; /* ensures 64-bit align */ + KEY_TABLE_TYPE rd_key; + } u; + int grand_rounds; +}; +typedef struct camellia_key_st CAMELLIA_KEY; + +int Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); + +void Camellia_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); +void Camellia_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); + +void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key, const int enc); +void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, const int enc); +void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num); +void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cast.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cast.h new file mode 100644 index 00000000..2cc89ae0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cast.h @@ -0,0 +1,53 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CAST_H +# define HEADER_CAST_H + +# include + +# ifndef OPENSSL_NO_CAST +# ifdef __cplusplus +extern "C" { +# endif + +# define CAST_ENCRYPT 1 +# define CAST_DECRYPT 0 + +# define CAST_LONG unsigned int + +# define CAST_BLOCK 8 +# define CAST_KEY_LENGTH 16 + +typedef struct cast_key_st { + CAST_LONG data[32]; + int short_key; /* Use reduced rounds for short key */ +} CAST_KEY; + +void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAST_KEY *key, int enc); +void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *ks, unsigned char *iv, + int enc); +void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cmac.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cmac.h new file mode 100644 index 00000000..3535a9ab --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cmac.h @@ -0,0 +1,41 @@ +/* + * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMAC_H +# define HEADER_CMAC_H + +# ifndef OPENSSL_NO_CMAC + +#ifdef __cplusplus +extern "C" { +#endif + +# include + +/* Opaque */ +typedef struct CMAC_CTX_st CMAC_CTX; + +CMAC_CTX *CMAC_CTX_new(void); +void CMAC_CTX_cleanup(CMAC_CTX *ctx); +void CMAC_CTX_free(CMAC_CTX *ctx); +EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx); +int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); + +int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl); +int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); +int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen); +int CMAC_resume(CMAC_CTX *ctx); + +#ifdef __cplusplus +} +#endif + +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cms.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cms.h new file mode 100644 index 00000000..c7627968 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cms.h @@ -0,0 +1,339 @@ +/* + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMS_H +# define HEADER_CMS_H + +# include + +# ifndef OPENSSL_NO_CMS +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct CMS_ContentInfo_st CMS_ContentInfo; +typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_CertificateChoices CMS_CertificateChoices; +typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; +typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; +typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; +typedef struct CMS_Receipt_st CMS_Receipt; +typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; +typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; + +DEFINE_STACK_OF(CMS_SignerInfo) +DEFINE_STACK_OF(CMS_RecipientEncryptedKey) +DEFINE_STACK_OF(CMS_RecipientInfo) +DEFINE_STACK_OF(CMS_RevocationInfoChoice) +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) +DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) +DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) + +# define CMS_SIGNERINFO_ISSUER_SERIAL 0 +# define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +# define CMS_RECIPINFO_NONE -1 +# define CMS_RECIPINFO_TRANS 0 +# define CMS_RECIPINFO_AGREE 1 +# define CMS_RECIPINFO_KEK 2 +# define CMS_RECIPINFO_PASS 3 +# define CMS_RECIPINFO_OTHER 4 + +/* S/MIME related flags */ + +# define CMS_TEXT 0x1 +# define CMS_NOCERTS 0x2 +# define CMS_NO_CONTENT_VERIFY 0x4 +# define CMS_NO_ATTR_VERIFY 0x8 +# define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) +# define CMS_NOINTERN 0x10 +# define CMS_NO_SIGNER_CERT_VERIFY 0x20 +# define CMS_NOVERIFY 0x20 +# define CMS_DETACHED 0x40 +# define CMS_BINARY 0x80 +# define CMS_NOATTR 0x100 +# define CMS_NOSMIMECAP 0x200 +# define CMS_NOOLDMIMETYPE 0x400 +# define CMS_CRLFEOL 0x800 +# define CMS_STREAM 0x1000 +# define CMS_NOCRL 0x2000 +# define CMS_PARTIAL 0x4000 +# define CMS_REUSE_DIGEST 0x8000 +# define CMS_USE_KEYID 0x10000 +# define CMS_DEBUG_DECRYPT 0x20000 +# define CMS_KEY_PARAM 0x40000 +# define CMS_ASCIICRLF 0x80000 + +const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +int CMS_is_detached(CMS_ContentInfo *cms); +int CMS_set_detached(CMS_ContentInfo *cms, int detached); + +# ifdef HEADER_PEM_H +DECLARE_PEM_rw_const(CMS, CMS_ContentInfo) +# endif +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); + +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, + int flags); +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, + unsigned int flags); + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, BIO *data, + unsigned int flags); + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, unsigned int flags); + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags); + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags); + +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, + size_t keylen, unsigned int flags); + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen); + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags); + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags); + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, + BIO *dcont, BIO *out, unsigned int flags); + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, + const unsigned char *id, size_t idlen); +int CMS_decrypt_set1_password(CMS_ContentInfo *cms, + unsigned char *pass, ossl_ssize_t passlen); + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, + X509 *recip, unsigned int flags); +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg); +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype); + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, + unsigned char *key, size_t keylen); + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen); + +int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, + unsigned char *pass, + ossl_ssize_t passlen); + +CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, + int iter, int wrap_nid, + int pbe_nid, + unsigned char *pass, + ossl_ssize_t passlen, + const EVP_CIPHER *kekciph); + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); + +int CMS_SignedData_init(CMS_ContentInfo *cms); +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags); +EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); +EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + unsigned int flags); +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, + X509 **signer, X509_ALGOR **pdig, + X509_ALGOR **psig); +ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +int CMS_SignerInfo_sign(CMS_SignerInfo *si); +int CMS_SignerInfo_verify(CMS_SignerInfo *si); +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, + int algnid, int keysize); +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si); +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, + int allorfirst, + STACK_OF(GENERAL_NAMES) + *receiptList, STACK_OF(GENERAL_NAMES) + *receiptsTo); +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); +int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pukm); +STACK_OF(CMS_RecipientEncryptedKey) +*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); + +int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, + X509_ALGOR **pubalg, + ASN1_BIT_STRING **pubkey, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); + +int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, + ASN1_OCTET_STRING **keyid, + ASN1_GENERALIZEDTIME **tm, + CMS_OtherKeyAttribute **other, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, + X509 *cert); +int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); +EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); +int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri, + CMS_RecipientEncryptedKey *rek); + +int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, + ASN1_OCTET_STRING *ukm, int keylen); + +/* Backward compatibility for spelling errors. */ +# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM +# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \ + CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cmserr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cmserr.h new file mode 100644 index 00000000..7dbc13dc --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cmserr.h @@ -0,0 +1,202 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMSERR_H +# define HEADER_CMSERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_CMS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CMS_strings(void); + +/* + * CMS function codes. + */ +# define CMS_F_CHECK_CONTENT 99 +# define CMS_F_CMS_ADD0_CERT 164 +# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 +# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165 +# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 +# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 +# define CMS_F_CMS_ADD1_SIGNER 102 +# define CMS_F_CMS_ADD1_SIGNINGTIME 103 +# define CMS_F_CMS_COMPRESS 104 +# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 +# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 +# define CMS_F_CMS_COPY_CONTENT 107 +# define CMS_F_CMS_COPY_MESSAGEDIGEST 108 +# define CMS_F_CMS_DATA 109 +# define CMS_F_CMS_DATAFINAL 110 +# define CMS_F_CMS_DATAINIT 111 +# define CMS_F_CMS_DECRYPT 112 +# define CMS_F_CMS_DECRYPT_SET1_KEY 113 +# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166 +# define CMS_F_CMS_DECRYPT_SET1_PKEY 114 +# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 +# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 +# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 +# define CMS_F_CMS_DIGEST_VERIFY 118 +# define CMS_F_CMS_ENCODE_RECEIPT 161 +# define CMS_F_CMS_ENCRYPT 119 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 179 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 +# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 +# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 +# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 +# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 +# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 +# define CMS_F_CMS_ENVELOPED_DATA_INIT 126 +# define CMS_F_CMS_ENV_ASN1_CTRL 171 +# define CMS_F_CMS_FINAL 127 +# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 +# define CMS_F_CMS_GET0_CONTENT 129 +# define CMS_F_CMS_GET0_ECONTENT_TYPE 130 +# define CMS_F_CMS_GET0_ENVELOPED 131 +# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 +# define CMS_F_CMS_GET0_SIGNED 133 +# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 +# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 +# define CMS_F_CMS_RECEIPT_VERIFY 160 +# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 +# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 +# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167 +# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 +# define CMS_F_CMS_SD_ASN1_CTRL 170 +# define CMS_F_CMS_SET1_IAS 176 +# define CMS_F_CMS_SET1_KEYID 177 +# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 +# define CMS_F_CMS_SET_DETACHED 147 +# define CMS_F_CMS_SIGN 148 +# define CMS_F_CMS_SIGNED_DATA_INIT 149 +# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 +# define CMS_F_CMS_SIGNERINFO_SIGN 151 +# define CMS_F_CMS_SIGNERINFO_VERIFY 152 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 +# define CMS_F_CMS_SIGN_RECEIPT 163 +# define CMS_F_CMS_SI_CHECK_ATTRIBUTES 183 +# define CMS_F_CMS_STREAM 155 +# define CMS_F_CMS_UNCOMPRESS 156 +# define CMS_F_CMS_VERIFY 157 +# define CMS_F_KEK_UNWRAP_KEY 180 + +/* + * CMS reason codes. + */ +# define CMS_R_ADD_SIGNER_ERROR 99 +# define CMS_R_ATTRIBUTE_ERROR 161 +# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +# define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +# define CMS_R_CIPHER_INITIALISATION_ERROR 101 +# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +# define CMS_R_CMS_DATAFINAL_ERROR 103 +# define CMS_R_CMS_LIB 104 +# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +# define CMS_R_CONTENT_NOT_FOUND 105 +# define CMS_R_CONTENT_TYPE_MISMATCH 171 +# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +# define CMS_R_CONTENT_VERIFY_ERROR 109 +# define CMS_R_CTRL_ERROR 110 +# define CMS_R_CTRL_FAILURE 111 +# define CMS_R_DECRYPT_ERROR 112 +# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +# define CMS_R_ERROR_SETTING_KEY 115 +# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 +# define CMS_R_INVALID_KEY_LENGTH 118 +# define CMS_R_MD_BIO_INIT_ERROR 119 +# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +# define CMS_R_MSGSIGDIGEST_ERROR 172 +# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +# define CMS_R_NEED_ONE_SIGNER 164 +# define CMS_R_NOT_A_SIGNED_RECEIPT 165 +# define CMS_R_NOT_ENCRYPTED_DATA 122 +# define CMS_R_NOT_KEK 123 +# define CMS_R_NOT_KEY_AGREEMENT 181 +# define CMS_R_NOT_KEY_TRANSPORT 124 +# define CMS_R_NOT_PWRI 177 +# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +# define CMS_R_NO_CIPHER 126 +# define CMS_R_NO_CONTENT 127 +# define CMS_R_NO_CONTENT_TYPE 173 +# define CMS_R_NO_DEFAULT_DIGEST 128 +# define CMS_R_NO_DIGEST_SET 129 +# define CMS_R_NO_KEY 130 +# define CMS_R_NO_KEY_OR_CERT 174 +# define CMS_R_NO_MATCHING_DIGEST 131 +# define CMS_R_NO_MATCHING_RECIPIENT 132 +# define CMS_R_NO_MATCHING_SIGNATURE 166 +# define CMS_R_NO_MSGSIGDIGEST 167 +# define CMS_R_NO_PASSWORD 178 +# define CMS_R_NO_PRIVATE_KEY 133 +# define CMS_R_NO_PUBLIC_KEY 134 +# define CMS_R_NO_RECEIPT_REQUEST 168 +# define CMS_R_NO_SIGNERS 135 +# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +# define CMS_R_RECEIPT_DECODE_ERROR 169 +# define CMS_R_RECIPIENT_ERROR 137 +# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +# define CMS_R_SIGNFINAL_ERROR 139 +# define CMS_R_SMIME_TEXT_ERROR 140 +# define CMS_R_STORE_INIT_ERROR 141 +# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +# define CMS_R_TYPE_NOT_DATA 143 +# define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +# define CMS_R_UNKNOWN_CIPHER 148 +# define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149 +# define CMS_R_UNKNOWN_ID 150 +# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 +# define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 +# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +# define CMS_R_UNSUPPORTED_TYPE 156 +# define CMS_R_UNWRAP_ERROR 157 +# define CMS_R_UNWRAP_FAILURE 180 +# define CMS_R_VERIFICATION_FAILURE 158 +# define CMS_R_WRAP_ERROR 159 + +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/comp.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/comp.h new file mode 100644 index 00000000..d814d3cf --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/comp.h @@ -0,0 +1,53 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_COMP_H +# define HEADER_COMP_H + +# include + +# ifndef OPENSSL_NO_COMP +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + + +COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); +int COMP_CTX_get_type(const COMP_CTX* comp); +int COMP_get_type(const COMP_METHOD *meth); +const char *COMP_get_name(const COMP_METHOD *meth); +void COMP_CTX_free(COMP_CTX *ctx); + +int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); +int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); + +COMP_METHOD *COMP_zlib(void); + +#if OPENSSL_API_COMPAT < 0x10100000L +#define COMP_zlib_cleanup() while(0) continue +#endif + +# ifdef HEADER_BIO_H +# ifdef ZLIB +const BIO_METHOD *BIO_f_zlib(void); +# endif +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/comperr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/comperr.h new file mode 100644 index 00000000..90231e9a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/comperr.h @@ -0,0 +1,44 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_COMPERR_H +# define HEADER_COMPERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_COMP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_COMP_strings(void); + +/* + * COMP function codes. + */ +# define COMP_F_BIO_ZLIB_FLUSH 99 +# define COMP_F_BIO_ZLIB_NEW 100 +# define COMP_F_BIO_ZLIB_READ 101 +# define COMP_F_BIO_ZLIB_WRITE 102 +# define COMP_F_COMP_CTX_NEW 103 + +/* + * COMP reason codes. + */ +# define COMP_R_ZLIB_DEFLATE_ERROR 99 +# define COMP_R_ZLIB_INFLATE_ERROR 100 +# define COMP_R_ZLIB_NOT_SUPPORTED 101 + +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/conf.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/conf.h new file mode 100644 index 00000000..7336cd2f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/conf.h @@ -0,0 +1,168 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONF_H +# define HEADER_CONF_H + +# include +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + char *section; + char *name; + char *value; +} CONF_VALUE; + +DEFINE_STACK_OF(CONF_VALUE) +DEFINE_LHASH_OF(CONF_VALUE); + +struct conf_st; +struct conf_method_st; +typedef struct conf_method_st CONF_METHOD; + +struct conf_method_st { + const char *name; + CONF *(*create) (CONF_METHOD *meth); + int (*init) (CONF *conf); + int (*destroy) (CONF *conf); + int (*destroy_data) (CONF *conf); + int (*load_bio) (CONF *conf, BIO *bp, long *eline); + int (*dump) (const CONF *conf, BIO *bp); + int (*is_number) (const CONF *conf, char c); + int (*to_int) (const CONF *conf, char c); + int (*load) (CONF *conf, const char *name, long *eline); +}; + +/* Module definitions */ + +typedef struct conf_imodule_st CONF_IMODULE; +typedef struct conf_module_st CONF_MODULE; + +DEFINE_STACK_OF(CONF_MODULE) +DEFINE_STACK_OF(CONF_IMODULE) + +/* DSO module function typedefs */ +typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); +typedef void conf_finish_func (CONF_IMODULE *md); + +# define CONF_MFLAGS_IGNORE_ERRORS 0x1 +# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 +# define CONF_MFLAGS_SILENT 0x4 +# define CONF_MFLAGS_NO_DSO 0x8 +# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +# define CONF_MFLAGS_DEFAULT_SECTION 0x20 + +int CONF_set_default_method(CONF_METHOD *meth); +void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); +LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + long *eline); +# ifndef OPENSSL_NO_STDIO +LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline); +# endif +LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, + long *eline); +STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, + const char *section); +char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +void CONF_free(LHASH_OF(CONF_VALUE) *conf); +#ifndef OPENSSL_NO_STDIO +int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +#endif +int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); + +DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name)) + +#if OPENSSL_API_COMPAT < 0x10100000L +# define OPENSSL_no_config() \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) +#endif + +/* + * New conf code. The semantics are different from the functions above. If + * that wasn't the case, the above functions would have been replaced + */ + +struct conf_st { + CONF_METHOD *meth; + void *meth_data; + LHASH_OF(CONF_VALUE) *data; +}; + +CONF *NCONF_new(CONF_METHOD *meth); +CONF_METHOD *NCONF_default(void); +CONF_METHOD *NCONF_WIN32(void); +void NCONF_free(CONF *conf); +void NCONF_free_data(CONF *conf); + +int NCONF_load(CONF *conf, const char *file, long *eline); +# ifndef OPENSSL_NO_STDIO +int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); +# endif +int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); +STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, + const char *section); +char *NCONF_get_string(const CONF *conf, const char *group, const char *name); +int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, + long *result); +#ifndef OPENSSL_NO_STDIO +int NCONF_dump_fp(const CONF *conf, FILE *out); +#endif +int NCONF_dump_bio(const CONF *conf, BIO *out); + +#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) + +/* Module functions */ + +int CONF_modules_load(const CONF *cnf, const char *appname, + unsigned long flags); +int CONF_modules_load_file(const char *filename, const char *appname, + unsigned long flags); +void CONF_modules_unload(int all); +void CONF_modules_finish(void); +#if OPENSSL_API_COMPAT < 0x10100000L +# define CONF_modules_free() while(0) continue +#endif +int CONF_module_add(const char *name, conf_init_func *ifunc, + conf_finish_func *ffunc); + +const char *CONF_imodule_get_name(const CONF_IMODULE *md); +const char *CONF_imodule_get_value(const CONF_IMODULE *md); +void *CONF_imodule_get_usr_data(const CONF_IMODULE *md); +void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data); +CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md); +unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md); +void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags); +void *CONF_module_get_usr_data(CONF_MODULE *pmod); +void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); + +char *CONF_get1_default_config_file(void); + +int CONF_parse_list(const char *list, int sep, int nospc, + int (*list_cb) (const char *elem, int len, void *usr), + void *arg); + +void OPENSSL_load_builtin_modules(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/conf_api.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/conf_api.h new file mode 100644 index 00000000..a0275ad7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/conf_api.h @@ -0,0 +1,40 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONF_API_H +# define HEADER_CONF_API_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Up until OpenSSL 0.9.5a, this was new_section */ +CONF_VALUE *_CONF_new_section(CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was get_section */ +CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was CONF_get_section */ +STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, + const char *section); + +int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); +char *_CONF_get_string(const CONF *conf, const char *section, + const char *name); +long _CONF_get_number(const CONF *conf, const char *section, + const char *name); + +int _CONF_new_data(CONF *conf); +void _CONF_free_data(CONF *conf); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/conferr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/conferr.h new file mode 100644 index 00000000..32b92291 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/conferr.h @@ -0,0 +1,76 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONFERR_H +# define HEADER_CONFERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CONF_strings(void); + +/* + * CONF function codes. + */ +# define CONF_F_CONF_DUMP_FP 104 +# define CONF_F_CONF_LOAD 100 +# define CONF_F_CONF_LOAD_FP 103 +# define CONF_F_CONF_PARSE_LIST 119 +# define CONF_F_DEF_LOAD 120 +# define CONF_F_DEF_LOAD_BIO 121 +# define CONF_F_GET_NEXT_FILE 107 +# define CONF_F_MODULE_ADD 122 +# define CONF_F_MODULE_INIT 115 +# define CONF_F_MODULE_LOAD_DSO 117 +# define CONF_F_MODULE_RUN 118 +# define CONF_F_NCONF_DUMP_BIO 105 +# define CONF_F_NCONF_DUMP_FP 106 +# define CONF_F_NCONF_GET_NUMBER_E 112 +# define CONF_F_NCONF_GET_SECTION 108 +# define CONF_F_NCONF_GET_STRING 109 +# define CONF_F_NCONF_LOAD 113 +# define CONF_F_NCONF_LOAD_BIO 110 +# define CONF_F_NCONF_LOAD_FP 114 +# define CONF_F_NCONF_NEW 111 +# define CONF_F_PROCESS_INCLUDE 116 +# define CONF_F_SSL_MODULE_INIT 123 +# define CONF_F_STR_COPY 101 + +/* + * CONF reason codes. + */ +# define CONF_R_ERROR_LOADING_DSO 110 +# define CONF_R_LIST_CANNOT_BE_NULL 115 +# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 +# define CONF_R_MISSING_EQUAL_SIGN 101 +# define CONF_R_MISSING_INIT_FUNCTION 112 +# define CONF_R_MODULE_INITIALIZATION_ERROR 109 +# define CONF_R_NO_CLOSE_BRACE 102 +# define CONF_R_NO_CONF 105 +# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +# define CONF_R_NO_SECTION 107 +# define CONF_R_NO_SUCH_FILE 114 +# define CONF_R_NO_VALUE 108 +# define CONF_R_NUMBER_TOO_LARGE 121 +# define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 +# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 +# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 +# define CONF_R_SSL_SECTION_EMPTY 119 +# define CONF_R_SSL_SECTION_NOT_FOUND 120 +# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 +# define CONF_R_UNKNOWN_MODULE_NAME 113 +# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 +# define CONF_R_VARIABLE_HAS_NO_VALUE 104 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/crypto.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/crypto.h new file mode 100644 index 00000000..7d0b5262 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/crypto.h @@ -0,0 +1,445 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CRYPTO_H +# define HEADER_CRYPTO_H + +# include +# include + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif + +# include +# include +# include +# include +# include + +# ifdef CHARSET_EBCDIC +# include +# endif + +/* + * Resolve problems on some operating systems with symbol names that clash + * one way or another + */ +# include + +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSLeay OpenSSL_version_num +# define SSLeay_version OpenSSL_version +# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +# define SSLEAY_VERSION OPENSSL_VERSION +# define SSLEAY_CFLAGS OPENSSL_CFLAGS +# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON +# define SSLEAY_PLATFORM OPENSSL_PLATFORM +# define SSLEAY_DIR OPENSSL_DIR + +/* + * Old type for allocating dynamic locks. No longer used. Use the new thread + * API instead. + */ +typedef struct { + int dummy; +} CRYPTO_dynlock; + +# endif /* OPENSSL_API_COMPAT */ + +typedef void CRYPTO_RWLOCK; + +CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); +int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); +void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); + +int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); + +/* + * The following can be used to detect memory leaks in the library. If + * used, it turns on malloc checking + */ +# define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */ +# define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */ + +struct crypto_ex_data_st { + STACK_OF(void) *sk; +}; +DEFINE_STACK_OF(void) + +/* + * Per class, we have a STACK of function pointers. + */ +# define CRYPTO_EX_INDEX_SSL 0 +# define CRYPTO_EX_INDEX_SSL_CTX 1 +# define CRYPTO_EX_INDEX_SSL_SESSION 2 +# define CRYPTO_EX_INDEX_X509 3 +# define CRYPTO_EX_INDEX_X509_STORE 4 +# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +# define CRYPTO_EX_INDEX_DH 6 +# define CRYPTO_EX_INDEX_DSA 7 +# define CRYPTO_EX_INDEX_EC_KEY 8 +# define CRYPTO_EX_INDEX_RSA 9 +# define CRYPTO_EX_INDEX_ENGINE 10 +# define CRYPTO_EX_INDEX_UI 11 +# define CRYPTO_EX_INDEX_BIO 12 +# define CRYPTO_EX_INDEX_APP 13 +# define CRYPTO_EX_INDEX_UI_METHOD 14 +# define CRYPTO_EX_INDEX_DRBG 15 +# define CRYPTO_EX_INDEX__COUNT 16 + +/* No longer needed, so this is a no-op */ +#define OPENSSL_malloc_init() while(0) continue + +int CRYPTO_mem_ctrl(int mode); + +# define OPENSSL_malloc(num) \ + CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_zalloc(num) \ + CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_realloc(addr, num) \ + CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_realloc(addr, old_num, num) \ + CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_free(addr, num) \ + CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_free(addr) \ + CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_memdup(str, s) \ + CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strdup(str) \ + CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strndup(str, n) \ + CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_malloc(num) \ + CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_zalloc(num) \ + CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_free(addr) \ + CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_clear_free(addr, num) \ + CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_actual_size(ptr) \ + CRYPTO_secure_actual_size(ptr) + +size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz); +size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz); +size_t OPENSSL_strnlen(const char *str, size_t maxlen); +char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len); +unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); +int OPENSSL_hexchar2int(unsigned char c); + +# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) + +unsigned long OpenSSL_version_num(void); +const char *OpenSSL_version(int type); +# define OPENSSL_VERSION 0 +# define OPENSSL_CFLAGS 1 +# define OPENSSL_BUILT_ON 2 +# define OPENSSL_PLATFORM 3 +# define OPENSSL_DIR 4 +# define OPENSSL_ENGINES_DIR 5 + +int OPENSSL_issetugid(void); + +typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp); +__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +/* No longer use an index. */ +int CRYPTO_free_ex_index(int class_index, int idx); + +/* + * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a + * given class (invokes whatever per-class callbacks are applicable) + */ +int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, + const CRYPTO_EX_DATA *from); + +void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); + +/* + * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular + * index (relative to the class type involved) + */ +int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); +void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); + +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * This function cleans up all "ex_data" state. It mustn't be called under + * potential race-conditions. + */ +# define CRYPTO_cleanup_all_ex_data() while(0) continue + +/* + * The old locking functions have been removed completely without compatibility + * macros. This is because the old functions either could not properly report + * errors, or the returned error values were not clearly documented. + * Replacing the locking functions with no-ops would cause race condition + * issues in the affected applications. It is far better for them to fail at + * compile time. + * On the other hand, the locking callbacks are no longer used. Consequently, + * the callback management functions can be safely replaced with no-op macros. + */ +# define CRYPTO_num_locks() (1) +# define CRYPTO_set_locking_callback(func) +# define CRYPTO_get_locking_callback() (NULL) +# define CRYPTO_set_add_lock_callback(func) +# define CRYPTO_get_add_lock_callback() (NULL) + +/* + * These defines where used in combination with the old locking callbacks, + * they are not called anymore, but old code that's not called might still + * use them. + */ +# define CRYPTO_LOCK 1 +# define CRYPTO_UNLOCK 2 +# define CRYPTO_READ 4 +# define CRYPTO_WRITE 8 + +/* This structure is no longer used */ +typedef struct crypto_threadid_st { + int dummy; +} CRYPTO_THREADID; +/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ +# define CRYPTO_THREADID_set_numeric(id, val) +# define CRYPTO_THREADID_set_pointer(id, ptr) +# define CRYPTO_THREADID_set_callback(threadid_func) (0) +# define CRYPTO_THREADID_get_callback() (NULL) +# define CRYPTO_THREADID_current(id) +# define CRYPTO_THREADID_cmp(a, b) (-1) +# define CRYPTO_THREADID_cpy(dest, src) +# define CRYPTO_THREADID_hash(id) (0UL) + +# if OPENSSL_API_COMPAT < 0x10000000L +# define CRYPTO_set_id_callback(func) +# define CRYPTO_get_id_callback() (NULL) +# define CRYPTO_thread_id() (0UL) +# endif /* OPENSSL_API_COMPAT < 0x10000000L */ + +# define CRYPTO_set_dynlock_create_callback(dyn_create_function) +# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) +# define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function) +# define CRYPTO_get_dynlock_create_callback() (NULL) +# define CRYPTO_get_dynlock_lock_callback() (NULL) +# define CRYPTO_get_dynlock_destroy_callback() (NULL) +# endif /* OPENSSL_API_COMPAT < 0x10100000L */ + +int CRYPTO_set_mem_functions( + void *(*m) (size_t, const char *, int), + void *(*r) (void *, size_t, const char *, int), + void (*f) (void *, const char *, int)); +int CRYPTO_set_mem_debug(int flag); +void CRYPTO_get_mem_functions( + void *(**m) (size_t, const char *, int), + void *(**r) (void *, size_t, const char *, int), + void (**f) (void *, const char *, int)); + +void *CRYPTO_malloc(size_t num, const char *file, int line); +void *CRYPTO_zalloc(size_t num, const char *file, int line); +void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); +void CRYPTO_free(void *ptr, const char *file, int line); +void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); +void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); +void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, + const char *file, int line); + +int CRYPTO_secure_malloc_init(size_t sz, int minsize); +int CRYPTO_secure_malloc_done(void); +void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +void CRYPTO_secure_free(void *ptr, const char *file, int line); +void CRYPTO_secure_clear_free(void *ptr, size_t num, + const char *file, int line); +int CRYPTO_secure_allocated(const void *ptr); +int CRYPTO_secure_malloc_initialized(void); +size_t CRYPTO_secure_actual_size(void *ptr); +size_t CRYPTO_secure_used(void); + +void OPENSSL_cleanse(void *ptr, size_t len); + +# ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_mem_debug_push(info) \ + CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_mem_debug_pop() \ + CRYPTO_mem_debug_pop() +int CRYPTO_mem_debug_push(const char *info, const char *file, int line); +int CRYPTO_mem_debug_pop(void); +void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); + +/*- + * Debugging functions (enabled by CRYPTO_set_mem_debug(1)) + * The flag argument has the following significance: + * 0: called before the actual memory allocation has taken place + * 1: called after the actual memory allocation has taken place + */ +void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag, + const char *file, int line); +void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag, + const char *file, int line); +void CRYPTO_mem_debug_free(void *addr, int flag, + const char *file, int line); + +int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); +# ifndef OPENSSL_NO_STDIO +int CRYPTO_mem_leaks_fp(FILE *); +# endif +int CRYPTO_mem_leaks(BIO *bio); +# endif + +/* die if we have to */ +ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); +# if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) +# endif +# define OPENSSL_assert(e) \ + (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1)) + +int OPENSSL_isservice(void); + +int FIPS_mode(void); +int FIPS_mode_set(int r); + +void OPENSSL_init(void); +# ifdef OPENSSL_SYS_UNIX +void OPENSSL_fork_prepare(void); +void OPENSSL_fork_parent(void); +void OPENSSL_fork_child(void); +# endif + +struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); +int OPENSSL_gmtime_diff(int *pday, int *psec, + const struct tm *from, const struct tm *to); + +/* + * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. + * It takes an amount of time dependent on |len|, but independent of the + * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements + * into a defined order as the return value when a != b is undefined, other + * than to be non-zero. + */ +int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); + +/* Standard initialisation options */ +# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L +# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L +# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L +# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L +# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L +# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L +# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L +# define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L +# define OPENSSL_INIT_ASYNC 0x00000100L +# define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L +# define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L +# define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L +# define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L +# define OPENSSL_INIT_ENGINE_CAPI 0x00002000L +# define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L +# define OPENSSL_INIT_ENGINE_AFALG 0x00008000L +/* OPENSSL_INIT_ZLIB 0x00010000L */ +# define OPENSSL_INIT_ATFORK 0x00020000L +/* OPENSSL_INIT_BASE_ONLY 0x00040000L */ +# define OPENSSL_INIT_NO_ATEXIT 0x00080000L +/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */ +/* Max OPENSSL_INIT flag value is 0x80000000 */ + +/* openssl and dasync not counted as builtin */ +# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ + (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \ + | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ + OPENSSL_INIT_ENGINE_PADLOCK) + + +/* Library initialisation functions */ +void OPENSSL_cleanup(void); +int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +int OPENSSL_atexit(void (*handler)(void)); +void OPENSSL_thread_stop(void); + +/* Low-level control of initialization */ +OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +# ifndef OPENSSL_NO_STDIO +int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *config_filename); +void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, + unsigned long flags); +int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, + const char *config_appname); +# endif +void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); + +# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) +# if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include in order to use this */ +typedef DWORD CRYPTO_THREAD_LOCAL; +typedef DWORD CRYPTO_THREAD_ID; + +typedef LONG CRYPTO_ONCE; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif +# else +# include +typedef pthread_once_t CRYPTO_ONCE; +typedef pthread_key_t CRYPTO_THREAD_LOCAL; +typedef pthread_t CRYPTO_THREAD_ID; + +# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT +# endif +# endif + +# if !defined(CRYPTO_ONCE_STATIC_INIT) +typedef unsigned int CRYPTO_ONCE; +typedef unsigned int CRYPTO_THREAD_LOCAL; +typedef unsigned int CRYPTO_THREAD_ID; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif + +int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); + +int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)); +void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key); +int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val); +int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key); + +CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void); +int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cryptoerr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cryptoerr.h new file mode 100644 index 00000000..3db5a4ee --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cryptoerr.h @@ -0,0 +1,57 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CRYPTOERR_H +# define HEADER_CRYPTOERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CRYPTO_strings(void); + +/* + * CRYPTO function codes. + */ +# define CRYPTO_F_CMAC_CTX_NEW 120 +# define CRYPTO_F_CRYPTO_DUP_EX_DATA 110 +# define CRYPTO_F_CRYPTO_FREE_EX_DATA 111 +# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 +# define CRYPTO_F_CRYPTO_MEMDUP 115 +# define CRYPTO_F_CRYPTO_NEW_EX_DATA 112 +# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 121 +# define CRYPTO_F_CRYPTO_OCB128_INIT 122 +# define CRYPTO_F_CRYPTO_SET_EX_DATA 102 +# define CRYPTO_F_FIPS_MODE_SET 109 +# define CRYPTO_F_GET_AND_LOCK 113 +# define CRYPTO_F_OPENSSL_ATEXIT 114 +# define CRYPTO_F_OPENSSL_BUF2HEXSTR 117 +# define CRYPTO_F_OPENSSL_FOPEN 119 +# define CRYPTO_F_OPENSSL_HEXSTR2BUF 118 +# define CRYPTO_F_OPENSSL_INIT_CRYPTO 116 +# define CRYPTO_F_OPENSSL_LH_NEW 126 +# define CRYPTO_F_OPENSSL_SK_DEEP_COPY 127 +# define CRYPTO_F_OPENSSL_SK_DUP 128 +# define CRYPTO_F_PKEY_HMAC_INIT 123 +# define CRYPTO_F_PKEY_POLY1305_INIT 124 +# define CRYPTO_F_PKEY_SIPHASH_INIT 125 +# define CRYPTO_F_SK_RESERVE 129 + +/* + * CRYPTO reason codes. + */ +# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 +# define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 +# define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ct.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ct.h new file mode 100644 index 00000000..ebdba34d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ct.h @@ -0,0 +1,474 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CT_H +# define HEADER_CT_H + +# include + +# ifndef OPENSSL_NO_CT +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + +/* Minimum RSA key size, from RFC6962 */ +# define SCT_MIN_RSA_BITS 2048 + +/* All hashes are SHA256 in v1 of Certificate Transparency */ +# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH + +typedef enum { + CT_LOG_ENTRY_TYPE_NOT_SET = -1, + CT_LOG_ENTRY_TYPE_X509 = 0, + CT_LOG_ENTRY_TYPE_PRECERT = 1 +} ct_log_entry_type_t; + +typedef enum { + SCT_VERSION_NOT_SET = -1, + SCT_VERSION_V1 = 0 +} sct_version_t; + +typedef enum { + SCT_SOURCE_UNKNOWN, + SCT_SOURCE_TLS_EXTENSION, + SCT_SOURCE_X509V3_EXTENSION, + SCT_SOURCE_OCSP_STAPLED_RESPONSE +} sct_source_t; + +typedef enum { + SCT_VALIDATION_STATUS_NOT_SET, + SCT_VALIDATION_STATUS_UNKNOWN_LOG, + SCT_VALIDATION_STATUS_VALID, + SCT_VALIDATION_STATUS_INVALID, + SCT_VALIDATION_STATUS_UNVERIFIED, + SCT_VALIDATION_STATUS_UNKNOWN_VERSION +} sct_validation_status_t; + +DEFINE_STACK_OF(SCT) +DEFINE_STACK_OF(CTLOG) + +/****************************************** + * CT policy evaluation context functions * + ******************************************/ + +/* + * Creates a new, empty policy evaluation context. + * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished + * with the CT_POLICY_EVAL_CTX. + */ +CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); + +/* Deletes a policy evaluation context and anything it owns. */ +void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); + +/* Gets the peer certificate that the SCTs are for */ +X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the certificate associated with the received SCTs. + * Increments the reference count of cert. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); + +/* Gets the issuer of the aforementioned certificate */ +X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the issuer of the certificate associated with the received SCTs. + * Increments the reference count of issuer. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); + +/* Gets the CT logs that are trusted sources of SCTs */ +const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); + +/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ +void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, + CTLOG_STORE *log_store); + +/* + * Gets the time, in milliseconds since the Unix epoch, that will be used as the + * current time when checking whether an SCT was issued in the future. + * Such SCTs will fail validation, as required by RFC6962. + */ +uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch. + * If an SCT's timestamp is after this time, it will be interpreted as having + * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs + * whose timestamp is in the future", so an SCT will not validate in this case. + */ +void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); + +/***************** + * SCT functions * + *****************/ + +/* + * Creates a new, blank SCT. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new(void); + +/* + * Creates a new SCT from some base64-encoded strings. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new_from_base64(unsigned char version, + const char *logid_base64, + ct_log_entry_type_t entry_type, + uint64_t timestamp, + const char *extensions_base64, + const char *signature_base64); + +/* + * Frees the SCT and the underlying data structures. + */ +void SCT_free(SCT *sct); + +/* + * Free a stack of SCTs, and the underlying SCTs themselves. + * Intended to be compatible with X509V3_EXT_FREE. + */ +void SCT_LIST_free(STACK_OF(SCT) *a); + +/* + * Returns the version of the SCT. + */ +sct_version_t SCT_get_version(const SCT *sct); + +/* + * Set the version of an SCT. + * Returns 1 on success, 0 if the version is unrecognized. + */ +__owur int SCT_set_version(SCT *sct, sct_version_t version); + +/* + * Returns the log entry type of the SCT. + */ +ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); + +/* + * Set the log entry type of an SCT. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); + +/* + * Gets the ID of the log that an SCT came from. + * Ownership of the log ID remains with the SCT. + * Returns the length of the log ID. + */ +size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); + +/* + * Set the log ID of an SCT to point directly to the *log_id specified. + * The SCT takes ownership of the specified pointer. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); + +/* + * Set the log ID of an SCT. + * This makes a copy of the log_id. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, + size_t log_id_len); + +/* + * Returns the timestamp for the SCT (epoch time in milliseconds). + */ +uint64_t SCT_get_timestamp(const SCT *sct); + +/* + * Set the timestamp of an SCT (epoch time in milliseconds). + */ +void SCT_set_timestamp(SCT *sct, uint64_t timestamp); + +/* + * Return the NID for the signature used by the SCT. + * For CT v1, this will be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset). + */ +int SCT_get_signature_nid(const SCT *sct); + +/* + * Set the signature type of an SCT + * For CT v1, this should be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_signature_nid(SCT *sct, int nid); + +/* + * Set *ext to point to the extension data for the SCT. ext must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); + +/* + * Set the extensions of an SCT to point directly to the *ext specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); + +/* + * Set the extensions of an SCT. + * This takes a copy of the ext. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext, + size_t ext_len); + +/* + * Set *sig to point to the signature for the SCT. sig must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); + +/* + * Set the signature of an SCT to point directly to the *sig specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); + +/* + * Set the signature of an SCT to be a copy of the *sig specified. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig, + size_t sig_len); + +/* + * The origin of this SCT, e.g. TLS extension, OCSP response, etc. + */ +sct_source_t SCT_get_source(const SCT *sct); + +/* + * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_source(SCT *sct, sct_source_t source); + +/* + * Returns a text string describing the validation status of |sct|. + */ +const char *SCT_validation_status_string(const SCT *sct); + +/* + * Pretty-prints an |sct| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came + * from, so that the log name can be printed. + */ +void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); + +/* + * Pretty-prints an |sct_list| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * SCTs will be delimited by |separator|. + * If |logs| is not NULL, it will be used to lookup the CT log that each SCT + * came from, so that the log names can be printed. + */ +void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, + const char *separator, const CTLOG_STORE *logs); + +/* + * Gets the last result of validating this SCT. + * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET. + */ +sct_validation_status_t SCT_get_validation_status(const SCT *sct); + +/* + * Validates the given SCT with the provided context. + * Sets the "validation_status" field of the SCT. + * Returns 1 if the SCT is valid and the signature verifies. + * Returns 0 if the SCT is invalid or could not be verified. + * Returns -1 if an error occurs. + */ +__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); + +/* + * Validates the given list of SCTs with the provided context. + * Sets the "validation_status" field of each SCT. + * Returns 1 if there are no invalid SCTs and all signatures verify. + * Returns 0 if at least one SCT is invalid or could not be verified. + * Returns a negative integer if an error occurs. + */ +__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts, + CT_POLICY_EVAL_CTX *ctx); + + +/********************************* + * SCT parsing and serialisation * + *********************************/ + +/* + * Serialize (to TLS format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just return the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Convert TLS format SCT list to a stack of SCTs. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + size_t len); + +/* + * Serialize (to DER format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just returns the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Parses an SCT list in DER format and returns it. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + long len); + +/* + * Serialize (to TLS format) an |sct| and write it to |out|. + * If |out| is null, no SCT will be output but the length will still be returned. + * If |out| points to a null pointer, a string will be allocated to hold the + * TLS-format SCT. It is the responsibility of the caller to free it. + * If |out| points to an allocated string, the TLS-format SCT will be written + * to it. + * The length of the SCT in TLS format will be returned. + */ +__owur int i2o_SCT(const SCT *sct, unsigned char **out); + +/* + * Parses an SCT in TLS format and returns it. + * If |psct| is not null, it will end up pointing to the parsed SCT. If it + * already points to a non-null pointer, the pointer will be free'd. + * |in| should be a pointer to a string containing the TLS-format SCT. + * |in| will be advanced to the end of the SCT if parsing succeeds. + * |len| should be the length of the SCT in |in|. + * Returns NULL if an error occurs. + * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len' + * fields will be populated (with |in| and |len| respectively). + */ +SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); + +/******************** + * CT log functions * + ********************/ + +/* + * Creates a new CT log instance with the given |public_key| and |name|. + * Takes ownership of |public_key| but copies |name|. + * Returns NULL if malloc fails or if |public_key| cannot be converted to DER. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); + +/* + * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER + * in |pkey_base64|. The |name| is a string to help users identify this log. + * Returns 1 on success, 0 on failure. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +int CTLOG_new_from_base64(CTLOG ** ct_log, + const char *pkey_base64, const char *name); + +/* + * Deletes a CT log instance and its fields. + */ +void CTLOG_free(CTLOG *log); + +/* Gets the name of the CT log */ +const char *CTLOG_get0_name(const CTLOG *log); +/* Gets the ID of the CT log */ +void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, + size_t *log_id_len); +/* Gets the public key of the CT log */ +EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); + +/************************** + * CT log store functions * + **************************/ + +/* + * Creates a new CT log store. + * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. + */ +CTLOG_STORE *CTLOG_STORE_new(void); + +/* + * Deletes a CT log store and all of the CT log instances held within. + */ +void CTLOG_STORE_free(CTLOG_STORE *store); + +/* + * Finds a CT log in the store based on its log ID. + * Returns the CT log, or NULL if no match is found. + */ +const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, + const uint8_t *log_id, + size_t log_id_len); + +/* + * Loads a CT log list into a |store| from a |file|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); + +/* + * Loads the default CT log list into a |store|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cterr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cterr.h new file mode 100644 index 00000000..feb7bc56 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/cterr.h @@ -0,0 +1,80 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CTERR_H +# define HEADER_CTERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_CT + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CT_strings(void); + +/* + * CT function codes. + */ +# define CT_F_CTLOG_NEW 117 +# define CT_F_CTLOG_NEW_FROM_BASE64 118 +# define CT_F_CTLOG_NEW_FROM_CONF 119 +# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 +# define CT_F_CTLOG_STORE_LOAD_FILE 123 +# define CT_F_CTLOG_STORE_LOAD_LOG 130 +# define CT_F_CTLOG_STORE_NEW 131 +# define CT_F_CT_BASE64_DECODE 124 +# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 +# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 +# define CT_F_I2O_SCT 107 +# define CT_F_I2O_SCT_LIST 108 +# define CT_F_I2O_SCT_SIGNATURE 109 +# define CT_F_O2I_SCT 110 +# define CT_F_O2I_SCT_LIST 111 +# define CT_F_O2I_SCT_SIGNATURE 112 +# define CT_F_SCT_CTX_NEW 126 +# define CT_F_SCT_CTX_VERIFY 128 +# define CT_F_SCT_NEW 100 +# define CT_F_SCT_NEW_FROM_BASE64 127 +# define CT_F_SCT_SET0_LOG_ID 101 +# define CT_F_SCT_SET1_EXTENSIONS 114 +# define CT_F_SCT_SET1_LOG_ID 115 +# define CT_F_SCT_SET1_SIGNATURE 116 +# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 +# define CT_F_SCT_SET_SIGNATURE_NID 103 +# define CT_F_SCT_SET_VERSION 104 + +/* + * CT reason codes. + */ +# define CT_R_BASE64_DECODE_ERROR 108 +# define CT_R_INVALID_LOG_ID_LENGTH 100 +# define CT_R_LOG_CONF_INVALID 109 +# define CT_R_LOG_CONF_INVALID_KEY 110 +# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +# define CT_R_LOG_CONF_MISSING_KEY 112 +# define CT_R_LOG_KEY_INVALID 113 +# define CT_R_SCT_FUTURE_TIMESTAMP 116 +# define CT_R_SCT_INVALID 104 +# define CT_R_SCT_INVALID_SIGNATURE 107 +# define CT_R_SCT_LIST_INVALID 105 +# define CT_R_SCT_LOG_ID_MISMATCH 114 +# define CT_R_SCT_NOT_SET 106 +# define CT_R_SCT_UNSUPPORTED_VERSION 115 +# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +# define CT_R_UNSUPPORTED_VERSION 103 + +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/des.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/des.h new file mode 100644 index 00000000..be4abbdf --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/des.h @@ -0,0 +1,174 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DES_H +# define HEADER_DES_H + +# include + +# ifndef OPENSSL_NO_DES +# ifdef __cplusplus +extern "C" { +# endif +# include + +typedef unsigned int DES_LONG; + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +typedef unsigned char DES_cblock[8]; +typedef /* const */ unsigned char const_DES_cblock[8]; +/* + * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and + * const_DES_cblock * are incompatible pointer types. + */ + +typedef struct DES_ks { + union { + DES_cblock cblock; + /* + * make sure things are correct size on machines with 8 byte longs + */ + DES_LONG deslong[2]; + } ks[16]; +} DES_key_schedule; + +# define DES_KEY_SZ (sizeof(DES_cblock)) +# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) + +# define DES_ENCRYPT 1 +# define DES_DECRYPT 0 + +# define DES_CBC_MODE 0 +# define DES_PCBC_MODE 1 + +# define DES_ecb2_encrypt(i,o,k1,k2,e) \ + DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */ +# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) + +const char *DES_options(void); +void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, int enc); +DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, + long length, DES_key_schedule *schedule, + const_DES_cblock *ivec); +/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ +void DES_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, const_DES_cblock *inw, + const_DES_cblock *outw, int enc); +void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks, int enc); + +/* + * This is the DES encryption function that gets called by just about every + * other DES routine in the library. You should not use this function except + * to implement 'modes' of DES. I say this because the functions that call + * this routine do the conversion from 'char *' to long, and this needs to be + * done to make sure 'non-aligned' memory access do not occur. The + * characters are loaded 'little endian'. Data is a pointer to 2 unsigned + * long's and ks is the DES_key_schedule to use. enc, is non zero specifies + * encryption, zero if decryption. + */ +void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc); + +/* + * This functions is the same as DES_encrypt1() except that the DES initial + * permutation (IP) and final permutation (FP) have been left out. As for + * DES_encrypt1(), you should not use this function. It is used by the + * routines in the library that implement triple DES. IP() DES_encrypt2() + * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1() + * DES_encrypt1() DES_encrypt1() except faster :-). + */ +void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc); + +void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, DES_cblock *ivec, int enc); +void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num, int enc); +void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, + int numbits, long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int enc); +void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num); +char *DES_fcrypt(const char *buf, const char *salt, char *ret); +char *DES_crypt(const char *buf, const char *salt); +void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec); +void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], + long length, int out_count, DES_cblock *seed); +int DES_random_key(DES_cblock *ret); +void DES_set_odd_parity(DES_cblock *key); +int DES_check_key_parity(const_DES_cblock *key); +int DES_is_weak_key(const_DES_cblock *key); +/* + * DES_set_key (= set_key = DES_key_sched = key_sched) calls + * DES_set_key_checked if global variable DES_check_key is set, + * DES_set_key_unchecked otherwise. + */ +int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); +void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); +void DES_string_to_key(const char *str, DES_cblock *key); +void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); +void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num, int enc); +void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num); + +# define DES_fixup_key_parity DES_set_odd_parity + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/dh.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/dh.h new file mode 100644 index 00000000..3527540c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/dh.h @@ -0,0 +1,340 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DH_H +# define HEADER_DH_H + +# include + +# ifndef OPENSSL_NO_DH +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +# endif + +# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + +# define DH_FLAG_CACHE_MONT_P 0x01 + +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DH_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +/* + * If this flag is set the DH method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DH_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DH_FLAG_NON_FIPS_ALLOW 0x0400 + +/* Already defined in ossl_typ.h */ +/* typedef struct dh_st DH; */ +/* typedef struct dh_method DH_METHOD; */ + +DECLARE_ASN1_ITEM(DHparams) + +# define DH_GENERATOR_2 2 +/* #define DH_GENERATOR_3 3 */ +# define DH_GENERATOR_5 5 + +/* DH_check error codes */ +# define DH_CHECK_P_NOT_PRIME 0x01 +# define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +# define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +# define DH_NOT_SUITABLE_GENERATOR 0x08 +# define DH_CHECK_Q_NOT_PRIME 0x10 +# define DH_CHECK_INVALID_Q_VALUE 0x20 +# define DH_CHECK_INVALID_J_VALUE 0x40 + +/* DH_check_pub_key error codes */ +# define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +# define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +# define DH_CHECK_PUBKEY_INVALID 0x04 + +/* + * primes p where (p-1)/2 is prime too are called "safe"; we define this for + * backward compatibility: + */ +# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +# define d2i_DHparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x)) +# define d2i_DHparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x) +# define i2d_DHparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) + +# define d2i_DHxparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHxparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHxparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x)) +# define d2i_DHxparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x) +# define i2d_DHxparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x) + +DH *DHparams_dup(DH *); + +const DH_METHOD *DH_OpenSSL(void); + +void DH_set_default_method(const DH_METHOD *meth); +const DH_METHOD *DH_get_default_method(void); +int DH_set_method(DH *dh, const DH_METHOD *meth); +DH *DH_new_method(ENGINE *engine); + +DH *DH_new(void); +void DH_free(DH *dh); +int DH_up_ref(DH *dh); +int DH_bits(const DH *dh); +int DH_size(const DH *dh); +int DH_security_bits(const DH *dh); +#define DH_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) +int DH_set_ex_data(DH *d, int idx, void *arg); +void *DH_get_ex_data(DH *d, int idx); + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, + void *), + void *cb_arg)) + +/* New version */ +int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, + BN_GENCB *cb); + +int DH_check_params_ex(const DH *dh); +int DH_check_ex(const DH *dh); +int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); +int DH_check_params(const DH *dh, int *ret); +int DH_check(const DH *dh, int *codes); +int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); +int DH_generate_key(DH *dh); +int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); +int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh); +DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); +int i2d_DHparams(const DH *a, unsigned char **pp); +DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length); +int i2d_DHxparams(const DH *a, unsigned char **pp); +# ifndef OPENSSL_NO_STDIO +int DHparams_print_fp(FILE *fp, const DH *x); +# endif +int DHparams_print(BIO *bp, const DH *x); + +/* RFC 5114 parameters */ +DH *DH_get_1024_160(void); +DH *DH_get_2048_224(void); +DH *DH_get_2048_256(void); + +/* Named parameters, currently RFC7919 */ +DH *DH_new_by_nid(int nid); +int DH_get_nid(const DH *dh); + +# ifndef OPENSSL_NO_CMS +/* RFC2631 KDF */ +int DH_KDF_X9_42(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + ASN1_OBJECT *key_oid, + const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); +# endif + +void DH_get0_pqg(const DH *dh, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DH_get0_key(const DH *dh, + const BIGNUM **pub_key, const BIGNUM **priv_key); +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DH_get0_p(const DH *dh); +const BIGNUM *DH_get0_q(const DH *dh); +const BIGNUM *DH_get0_g(const DH *dh); +const BIGNUM *DH_get0_priv_key(const DH *dh); +const BIGNUM *DH_get0_pub_key(const DH *dh); +void DH_clear_flags(DH *dh, int flags); +int DH_test_flags(const DH *dh, int flags); +void DH_set_flags(DH *dh, int flags); +ENGINE *DH_get0_engine(DH *d); +long DH_get_length(const DH *dh); +int DH_set_length(DH *dh, long length); + +DH_METHOD *DH_meth_new(const char *name, int flags); +void DH_meth_free(DH_METHOD *dhm); +DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); +const char *DH_meth_get0_name(const DH_METHOD *dhm); +int DH_meth_set1_name(DH_METHOD *dhm, const char *name); +int DH_meth_get_flags(const DH_METHOD *dhm); +int DH_meth_set_flags(DH_METHOD *dhm, int flags); +void *DH_meth_get0_app_data(const DH_METHOD *dhm); +int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); +int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *); +int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *)); +int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) + (unsigned char *key, const BIGNUM *pub_key, DH *dh); +int DH_meth_set_compute_key(DH_METHOD *dhm, + int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh)); +int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) + (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *); +int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, + int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); +int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); +int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); +int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *); +int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)); +int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) + (DH *, int, int, BN_GENCB *); +int DH_meth_set_generate_params(DH_METHOD *dhm, + int (*generate_params) (DH *, int, int, BN_GENCB *)); + + +# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \ + EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_DH_NID, nid, NULL) + +# define EVP_PKEY_CTX_set_dh_pad(ctx, pad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_PAD, pad, NULL) + +# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid)) + +# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid)) + +# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen)) + +# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p)) + +# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p)) + +# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) +# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) +# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15) +# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16) + +/* KDF types */ +# define EVP_PKEY_DH_KDF_NONE 1 +# ifndef OPENSSL_NO_CMS +# define EVP_PKEY_DH_KDF_X9_42 2 +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/dherr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/dherr.h new file mode 100644 index 00000000..916b3bed --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/dherr.h @@ -0,0 +1,88 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DHERR_H +# define HEADER_DHERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_DH + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DH_strings(void); + +/* + * DH function codes. + */ +# define DH_F_COMPUTE_KEY 102 +# define DH_F_DHPARAMS_PRINT_FP 101 +# define DH_F_DH_BUILTIN_GENPARAMS 106 +# define DH_F_DH_CHECK_EX 121 +# define DH_F_DH_CHECK_PARAMS_EX 122 +# define DH_F_DH_CHECK_PUB_KEY_EX 123 +# define DH_F_DH_CMS_DECRYPT 114 +# define DH_F_DH_CMS_SET_PEERKEY 115 +# define DH_F_DH_CMS_SET_SHARED_INFO 116 +# define DH_F_DH_METH_DUP 117 +# define DH_F_DH_METH_NEW 118 +# define DH_F_DH_METH_SET1_NAME 119 +# define DH_F_DH_NEW_BY_NID 104 +# define DH_F_DH_NEW_METHOD 105 +# define DH_F_DH_PARAM_DECODE 107 +# define DH_F_DH_PKEY_PUBLIC_CHECK 124 +# define DH_F_DH_PRIV_DECODE 110 +# define DH_F_DH_PRIV_ENCODE 111 +# define DH_F_DH_PUB_DECODE 108 +# define DH_F_DH_PUB_ENCODE 109 +# define DH_F_DO_DH_PRINT 100 +# define DH_F_GENERATE_KEY 103 +# define DH_F_PKEY_DH_CTRL_STR 120 +# define DH_F_PKEY_DH_DERIVE 112 +# define DH_F_PKEY_DH_INIT 125 +# define DH_F_PKEY_DH_KEYGEN 113 + +/* + * DH reason codes. + */ +# define DH_R_BAD_GENERATOR 101 +# define DH_R_BN_DECODE_ERROR 109 +# define DH_R_BN_ERROR 106 +# define DH_R_CHECK_INVALID_J_VALUE 115 +# define DH_R_CHECK_INVALID_Q_VALUE 116 +# define DH_R_CHECK_PUBKEY_INVALID 122 +# define DH_R_CHECK_PUBKEY_TOO_LARGE 123 +# define DH_R_CHECK_PUBKEY_TOO_SMALL 124 +# define DH_R_CHECK_P_NOT_PRIME 117 +# define DH_R_CHECK_P_NOT_SAFE_PRIME 118 +# define DH_R_CHECK_Q_NOT_PRIME 119 +# define DH_R_DECODE_ERROR 104 +# define DH_R_INVALID_PARAMETER_NAME 110 +# define DH_R_INVALID_PARAMETER_NID 114 +# define DH_R_INVALID_PUBKEY 102 +# define DH_R_KDF_PARAMETER_ERROR 112 +# define DH_R_KEYS_NOT_SET 108 +# define DH_R_MISSING_PUBKEY 125 +# define DH_R_MODULUS_TOO_LARGE 103 +# define DH_R_NOT_SUITABLE_GENERATOR 120 +# define DH_R_NO_PARAMETERS_SET 107 +# define DH_R_NO_PRIVATE_VALUE 100 +# define DH_R_PARAMETER_ENCODING_ERROR 105 +# define DH_R_PEER_KEY_ERROR 111 +# define DH_R_SHARED_INFO_ERROR 113 +# define DH_R_UNABLE_TO_CHECK_GENERATOR 121 + +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/dsa.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/dsa.h new file mode 100644 index 00000000..6d8a18a4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/dsa.h @@ -0,0 +1,244 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DSA_H +# define HEADER_DSA_H + +# include + +# ifndef OPENSSL_NO_DSA +# ifdef __cplusplus +extern "C" { +# endif +# include +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include + +# ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +# endif + +# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 + +# define DSA_FLAG_CACHE_MONT_P 0x01 +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DSA_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +/* + * If this flag is set the DSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DSA_FLAG_NON_FIPS_ALLOW 0x0400 +# define DSA_FLAG_FIPS_CHECKED 0x0800 + +/* Already defined in ossl_typ.h */ +/* typedef struct dsa_st DSA; */ +/* typedef struct dsa_method DSA_METHOD; */ + +typedef struct DSA_SIG_st DSA_SIG; + +# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ + (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) +# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ + (unsigned char *)(x)) +# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) +# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) + +DSA *DSAparams_dup(DSA *x); +DSA_SIG *DSA_SIG_new(void); +void DSA_SIG_free(DSA_SIG *a); +int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); +DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +int DSA_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + +const DSA_METHOD *DSA_OpenSSL(void); + +void DSA_set_default_method(const DSA_METHOD *); +const DSA_METHOD *DSA_get_default_method(void); +int DSA_set_method(DSA *dsa, const DSA_METHOD *); +const DSA_METHOD *DSA_get_method(DSA *d); + +DSA *DSA_new(void); +DSA *DSA_new_method(ENGINE *engine); +void DSA_free(DSA *r); +/* "up" the DSA object's reference count */ +int DSA_up_ref(DSA *r); +int DSA_size(const DSA *); +int DSA_bits(const DSA *d); +int DSA_security_bits(const DSA *d); + /* next 4 return -1 on error */ +DEPRECATEDIN_1_2_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)) +int DSA_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, DSA *dsa); +int DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa); +#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) +int DSA_set_ex_data(DSA *d, int idx, void *arg); +void *DSA_get_ex_data(DSA *d, int idx); + +DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); +DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); +DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits, + unsigned char *seed, + int seed_len, + int *counter_ret, + unsigned long *h_ret, void + (*callback) (int, int, + void *), + void *cb_arg)) + +/* New version */ +int DSA_generate_parameters_ex(DSA *dsa, int bits, + const unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + +int DSA_generate_key(DSA *a); +int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +int i2d_DSAparams(const DSA *a, unsigned char **pp); + +int DSAparams_print(BIO *bp, const DSA *x); +int DSA_print(BIO *bp, const DSA *x, int off); +# ifndef OPENSSL_NO_STDIO +int DSAparams_print_fp(FILE *fp, const DSA *x); +int DSA_print_fp(FILE *bp, const DSA *x, int off); +# endif + +# define DSS_prime_checks 64 +/* + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. + */ +# define DSA_is_prime(n, callback, cb_arg) \ + BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) + +# ifndef OPENSSL_NO_DH +/* + * Convert DSA structure (key or just parameters) into DH structure (be + * careful to avoid small subgroup attacks when using this!) + */ +DH *DSA_dup_DH(const DSA *r); +# endif + +# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) + +void DSA_get0_pqg(const DSA *d, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DSA_get0_key(const DSA *d, + const BIGNUM **pub_key, const BIGNUM **priv_key); +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DSA_get0_p(const DSA *d); +const BIGNUM *DSA_get0_q(const DSA *d); +const BIGNUM *DSA_get0_g(const DSA *d); +const BIGNUM *DSA_get0_pub_key(const DSA *d); +const BIGNUM *DSA_get0_priv_key(const DSA *d); +void DSA_clear_flags(DSA *d, int flags); +int DSA_test_flags(const DSA *d, int flags); +void DSA_set_flags(DSA *d, int flags); +ENGINE *DSA_get0_engine(DSA *d); + +DSA_METHOD *DSA_meth_new(const char *name, int flags); +void DSA_meth_free(DSA_METHOD *dsam); +DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam); +const char *DSA_meth_get0_name(const DSA_METHOD *dsam); +int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); +int DSA_meth_get_flags(const DSA_METHOD *dsam); +int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); +void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); +int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); +DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA *); +int DSA_meth_set_sign(DSA_METHOD *dsam, + DSA_SIG *(*sign) (const unsigned char *, int, DSA *)); +int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) + (DSA *, BN_CTX *, BIGNUM **, BIGNUM **); +int DSA_meth_set_sign_setup(DSA_METHOD *dsam, + int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)); +int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA_SIG *, DSA *); +int DSA_meth_set_verify(DSA_METHOD *dsam, + int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)); +int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *); +int DSA_meth_set_mod_exp(DSA_METHOD *dsam, + int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *)); +int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *); +int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, + int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); +int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); +int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); +int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *); +int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *)); +int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) + (DSA *, int, const unsigned char *, int, int *, unsigned long *, + BN_GENCB *); +int DSA_meth_set_paramgen(DSA_METHOD *dsam, + int (*paramgen) (DSA *, int, const unsigned char *, int, int *, + unsigned long *, BN_GENCB *)); +int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *); +int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)); + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/dsaerr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/dsaerr.h new file mode 100644 index 00000000..495a1ac8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/dsaerr.h @@ -0,0 +1,72 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DSAERR_H +# define HEADER_DSAERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_DSA + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DSA_strings(void); + +/* + * DSA function codes. + */ +# define DSA_F_DSAPARAMS_PRINT 100 +# define DSA_F_DSAPARAMS_PRINT_FP 101 +# define DSA_F_DSA_BUILTIN_PARAMGEN 125 +# define DSA_F_DSA_BUILTIN_PARAMGEN2 126 +# define DSA_F_DSA_DO_SIGN 112 +# define DSA_F_DSA_DO_VERIFY 113 +# define DSA_F_DSA_METH_DUP 127 +# define DSA_F_DSA_METH_NEW 128 +# define DSA_F_DSA_METH_SET1_NAME 129 +# define DSA_F_DSA_NEW_METHOD 103 +# define DSA_F_DSA_PARAM_DECODE 119 +# define DSA_F_DSA_PRINT_FP 105 +# define DSA_F_DSA_PRIV_DECODE 115 +# define DSA_F_DSA_PRIV_ENCODE 116 +# define DSA_F_DSA_PUB_DECODE 117 +# define DSA_F_DSA_PUB_ENCODE 118 +# define DSA_F_DSA_SIGN 106 +# define DSA_F_DSA_SIGN_SETUP 107 +# define DSA_F_DSA_SIG_NEW 102 +# define DSA_F_OLD_DSA_PRIV_DECODE 122 +# define DSA_F_PKEY_DSA_CTRL 120 +# define DSA_F_PKEY_DSA_CTRL_STR 104 +# define DSA_F_PKEY_DSA_KEYGEN 121 + +/* + * DSA reason codes. + */ +# define DSA_R_BAD_Q_VALUE 102 +# define DSA_R_BN_DECODE_ERROR 108 +# define DSA_R_BN_ERROR 109 +# define DSA_R_DECODE_ERROR 104 +# define DSA_R_INVALID_DIGEST_TYPE 106 +# define DSA_R_INVALID_PARAMETERS 112 +# define DSA_R_MISSING_PARAMETERS 101 +# define DSA_R_MISSING_PRIVATE_KEY 111 +# define DSA_R_MODULUS_TOO_LARGE 103 +# define DSA_R_NO_PARAMETERS_SET 107 +# define DSA_R_PARAMETER_ENCODING_ERROR 105 +# define DSA_R_Q_NOT_PRIME 113 +# define DSA_R_SEED_LEN_SMALL 110 + +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/dtls1.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/dtls1.h new file mode 100644 index 00000000..d55ca9c3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/dtls1.h @@ -0,0 +1,55 @@ +/* + * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DTLS1_H +# define HEADER_DTLS1_H + +#ifdef __cplusplus +extern "C" { +#endif + +# define DTLS1_VERSION 0xFEFF +# define DTLS1_2_VERSION 0xFEFD +# define DTLS_MIN_VERSION DTLS1_VERSION +# define DTLS_MAX_VERSION DTLS1_2_VERSION +# define DTLS1_VERSION_MAJOR 0xFE + +# define DTLS1_BAD_VER 0x0100 + +/* Special value for method supporting multiple versions */ +# define DTLS_ANY_VERSION 0x1FFFF + +/* lengths of messages */ +/* + * Actually the max cookie length in DTLS is 255. But we can't change this now + * due to compatibility concerns. + */ +# define DTLS1_COOKIE_LENGTH 256 + +# define DTLS1_RT_HEADER_LENGTH 13 + +# define DTLS1_HM_HEADER_LENGTH 12 + +# define DTLS1_HM_BAD_FRAGMENT -2 +# define DTLS1_HM_FRAGMENT_RETRY -3 + +# define DTLS1_CCS_HEADER_LENGTH 1 + +# define DTLS1_AL_HEADER_LENGTH 2 + +/* Timeout multipliers */ +# define DTLS1_TMO_READ_COUNT 2 +# define DTLS1_TMO_WRITE_COUNT 2 + +# define DTLS1_TMO_ALERT_COUNT 12 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/e_os2.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/e_os2.h new file mode 100644 index 00000000..97a776cd --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/e_os2.h @@ -0,0 +1,300 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_E_OS2_H +# define HEADER_E_OS2_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/****************************************************************************** + * Detect operating systems. This probably needs completing. + * The result is that at least one OPENSSL_SYS_os macro should be defined. + * However, if none is defined, Unix is assumed. + **/ + +# define OPENSSL_SYS_UNIX + +/* --------------------- Microsoft operating systems ---------------------- */ + +/* + * Note that MSDOS actually denotes 32-bit environments running on top of + * MS-DOS, such as DJGPP one. + */ +# if defined(OPENSSL_SYS_MSDOS) +# undef OPENSSL_SYS_UNIX +# endif + +/* + * For 32 bit environment, there seems to be the CygWin environment and then + * all the others that try to do the same thing Microsoft does... + */ +/* + * UEFI lives here because it might be built with a Microsoft toolchain and + * we need to avoid the false positive match on Windows. + */ +# if defined(OPENSSL_SYS_UEFI) +# undef OPENSSL_SYS_UNIX +# elif defined(OPENSSL_SYS_UWIN) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WIN32_UWIN +# else +# if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) +# define OPENSSL_SYS_WIN32_CYGWIN +# else +# if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN32) +# define OPENSSL_SYS_WIN32 +# endif +# endif +# if defined(_WIN64) || defined(OPENSSL_SYS_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif +# if defined(OPENSSL_SYS_WINNT) +# undef OPENSSL_SYS_UNIX +# endif +# if defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# endif +# endif +# endif + +/* Anything that tries to look like Microsoft is "Windows" */ +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_SYS_MSDOS +# define OPENSSL_SYS_MSDOS +# endif +# endif + +/* + * DLL settings. This part is a bit tough, because it's up to the + * application implementor how he or she will link the application, so it + * requires some macro to be used. + */ +# ifdef OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_OPT_WINDLL +# if defined(_WINDLL) /* This is used when building OpenSSL to + * indicate that DLL linkage should be used */ +# define OPENSSL_OPT_WINDLL +# endif +# endif +# endif + +/* ------------------------------- OpenVMS -------------------------------- */ +# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS) +# if !defined(OPENSSL_SYS_VMS) +# undef OPENSSL_SYS_UNIX +# endif +# define OPENSSL_SYS_VMS +# if defined(__DECC) +# define OPENSSL_SYS_VMS_DECC +# elif defined(__DECCXX) +# define OPENSSL_SYS_VMS_DECC +# define OPENSSL_SYS_VMS_DECCXX +# else +# define OPENSSL_SYS_VMS_NODECC +# endif +# endif + +/* -------------------------------- Unix ---------------------------------- */ +# ifdef OPENSSL_SYS_UNIX +# if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX) +# define OPENSSL_SYS_LINUX +# endif +# if defined(_AIX) && !defined(OPENSSL_SYS_AIX) +# define OPENSSL_SYS_AIX +# endif +# endif + +/* -------------------------------- VOS ----------------------------------- */ +# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS) +# define OPENSSL_SYS_VOS +# ifdef __HPPA__ +# define OPENSSL_SYS_VOS_HPPA +# endif +# ifdef __IA32__ +# define OPENSSL_SYS_VOS_IA32 +# endif +# endif + +/** + * That's it for OS-specific stuff + *****************************************************************************/ + +/* Specials for I/O an exit */ +# ifdef OPENSSL_SYS_MSDOS +# define OPENSSL_UNISTD_IO +# define OPENSSL_DECLARE_EXIT extern void exit(int); +# else +# define OPENSSL_UNISTD_IO OPENSSL_UNISTD +# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */ +# endif + +/*- + * OPENSSL_EXTERN is normally used to declare a symbol with possible extra + * attributes to handle its presence in a shared library. + * OPENSSL_EXPORT is used to define a symbol with extra possible attributes + * to make it visible in a shared library. + * Care needs to be taken when a header file is used both to declare and + * define symbols. Basically, for any library that exports some global + * variables, the following code must be present in the header file that + * declares them, before OPENSSL_EXTERN is used: + * + * #ifdef SOME_BUILD_FLAG_MACRO + * # undef OPENSSL_EXTERN + * # define OPENSSL_EXTERN OPENSSL_EXPORT + * #endif + * + * The default is to have OPENSSL_EXPORT and OPENSSL_EXTERN + * have some generally sensible values. + */ + +# if defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) +# define OPENSSL_EXPORT extern __declspec(dllexport) +# define OPENSSL_EXTERN extern __declspec(dllimport) +# else +# define OPENSSL_EXPORT extern +# define OPENSSL_EXTERN extern +# endif + +/*- + * Macros to allow global variables to be reached through function calls when + * required (if a shared library version requires it, for example. + * The way it's done allows definitions like this: + * + * // in foobar.c + * OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0) + * // in foobar.h + * OPENSSL_DECLARE_GLOBAL(int,foobar); + * #define foobar OPENSSL_GLOBAL_REF(foobar) + */ +# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) \ + type *_shadow_##name(void) \ + { static type _hide_##name=value; return &_hide_##name; } +# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void) +# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name())) +# else +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) type _shadow_##name=value; +# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name +# define OPENSSL_GLOBAL_REF(name) _shadow_##name +# endif + +# ifdef _WIN32 +# ifdef _WIN64 +# define ossl_ssize_t __int64 +# define OSSL_SSIZE_MAX _I64_MAX +# else +# define ossl_ssize_t int +# define OSSL_SSIZE_MAX INT_MAX +# endif +# endif + +# if defined(OPENSSL_SYS_UEFI) && !defined(ossl_ssize_t) +# define ossl_ssize_t INTN +# define OSSL_SSIZE_MAX MAX_INTN +# endif + +# ifndef ossl_ssize_t +# define ossl_ssize_t ssize_t +# if defined(SSIZE_MAX) +# define OSSL_SSIZE_MAX SSIZE_MAX +# elif defined(_POSIX_SSIZE_MAX) +# define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX +# else +# define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX>>1)) +# endif +# endif + +# ifdef DEBUG_UNUSED +# define __owur __attribute__((__warn_unused_result__)) +# else +# define __owur +# endif + +/* Standard integer types */ +# if defined(OPENSSL_SYS_UEFI) +typedef INT8 int8_t; +typedef UINT8 uint8_t; +typedef INT16 int16_t; +typedef UINT16 uint16_t; +typedef INT32 int32_t; +typedef UINT32 uint32_t; +typedef INT64 int64_t; +typedef UINT64 uint64_t; +# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ + defined(__osf__) || defined(__sgi) || defined(__hpux) || \ + defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) +# include +# elif defined(_MSC_VER) && _MSC_VER<=1500 +/* + * minimally required typdefs for systems not supporting inttypes.h or + * stdint.h: currently just older VC++ + */ +typedef signed char int8_t; +typedef unsigned char uint8_t; +typedef short int16_t; +typedef unsigned short uint16_t; +typedef int int32_t; +typedef unsigned int uint32_t; +typedef __int64 int64_t; +typedef unsigned __int64 uint64_t; +# else +# include +# endif + +/* ossl_inline: portable inline definition usable in public headers */ +# if !defined(inline) && !defined(__cplusplus) +# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L + /* just use inline */ +# define ossl_inline inline +# elif defined(__GNUC__) && __GNUC__>=2 +# define ossl_inline __inline__ +# elif defined(_MSC_VER) + /* + * Visual Studio: inline is available in C++ only, however + * __inline is available for C, see + * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx + */ +# define ossl_inline __inline +# else +# define ossl_inline +# endif +# else +# define ossl_inline inline +# endif + +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L +# define ossl_noreturn _Noreturn +# elif defined(__GNUC__) && __GNUC__ >= 2 +# define ossl_noreturn __attribute__((noreturn)) +# else +# define ossl_noreturn +# endif + +/* ossl_unused: portable unused attribute for use in public headers */ +# if defined(__GNUC__) +# define ossl_unused __attribute__((unused)) +# else +# define ossl_unused +# endif + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ebcdic.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ebcdic.h new file mode 100644 index 00000000..aa012855 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ebcdic.h @@ -0,0 +1,33 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EBCDIC_H +# define HEADER_EBCDIC_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Avoid name clashes with other applications */ +# define os_toascii _openssl_os_toascii +# define os_toebcdic _openssl_os_toebcdic +# define ebcdic2ascii _openssl_ebcdic2ascii +# define ascii2ebcdic _openssl_ascii2ebcdic + +extern const unsigned char os_toascii[256]; +extern const unsigned char os_toebcdic[256]; +void *ebcdic2ascii(void *dest, const void *srce, size_t count); +void *ascii2ebcdic(void *dest, const void *srce, size_t count); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ec.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ec.h new file mode 100644 index 00000000..5af9ebdc --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ec.h @@ -0,0 +1,1479 @@ +/* + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EC_H +# define HEADER_EC_H + +# include + +# ifndef OPENSSL_NO_EC +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_ECC_MAX_FIELD_BITS +# define OPENSSL_ECC_MAX_FIELD_BITS 661 +# endif + +/** Enum for the point conversion form as defined in X9.62 (ECDSA) + * for the encoding of a elliptic curve point (x,y) */ +typedef enum { + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x04 */ + POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_HYBRID = 6 +} point_conversion_form_t; + +typedef struct ec_method_st EC_METHOD; +typedef struct ec_group_st EC_GROUP; +typedef struct ec_point_st EC_POINT; +typedef struct ecpk_parameters_st ECPKPARAMETERS; +typedef struct ec_parameters_st ECPARAMETERS; + +/********************************************************************/ +/* EC_METHODs for curves over GF(p) */ +/********************************************************************/ + +/** Returns the basic GFp ec methods which provides the basis for the + * optimized methods. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_simple_method(void); + +/** Returns GFp methods using montgomery multiplication. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_mont_method(void); + +/** Returns GFp methods using optimized methods for NIST recommended curves + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nist_method(void); + +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/** Returns 64-bit optimized methods for nistp224 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp224_method(void); + +/** Returns 64-bit optimized methods for nistp256 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp256_method(void); + +/** Returns 64-bit optimized methods for nistp521 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp521_method(void); +# endif + +# ifndef OPENSSL_NO_EC2M +/********************************************************************/ +/* EC_METHOD for curves over GF(2^m) */ +/********************************************************************/ + +/** Returns the basic GF2m ec method + * \return EC_METHOD object + */ +const EC_METHOD *EC_GF2m_simple_method(void); + +# endif + +/********************************************************************/ +/* EC_GROUP functions */ +/********************************************************************/ + +/** Creates a new EC_GROUP object + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + +/** Frees a EC_GROUP object + * \param group EC_GROUP object to be freed. + */ +void EC_GROUP_free(EC_GROUP *group); + +/** Clears and frees a EC_GROUP object + * \param group EC_GROUP object to be cleared and freed. + */ +void EC_GROUP_clear_free(EC_GROUP *group); + +/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. + * \param dst destination EC_GROUP object + * \param src source EC_GROUP object + * \return 1 on success and 0 if an error occurred. + */ +int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + +/** Creates a new EC_GROUP object and copies the copies the content + * form src to the newly created EC_KEY object + * \param src source EC_GROUP object + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + +/** Returns the EC_METHOD of the EC_GROUP object. + * \param group EC_GROUP object + * \return EC_METHOD used in this EC_GROUP object. + */ +const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + +/** Returns the field type of the EC_METHOD. + * \param meth EC_METHOD object + * \return NID of the underlying field type OID. + */ +int EC_METHOD_get_field_type(const EC_METHOD *meth); + +/** Sets the generator and its order/cofactor of a EC_GROUP object. + * \param group EC_GROUP object + * \param generator EC_POINT object with the generator. + * \param order the order of the group generated by the generator. + * \param cofactor the index of the sub-group generated by the generator + * in the group of all points on the elliptic curve. + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, + const BIGNUM *order, const BIGNUM *cofactor); + +/** Returns the generator of a EC_GROUP object. + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). + */ +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + +/** Returns the montgomery data for order(Generator) + * \param group EC_GROUP object + * \return the currently used montgomery data (possibly NULL). +*/ +BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); + +/** Gets the order of a EC_GROUP + * \param group EC_GROUP object + * \param order BIGNUM to which the order is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + +/** Gets the order of an EC_GROUP + * \param group EC_GROUP object + * \return the group order + */ +const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); + +/** Gets the number of bits of the order of an EC_GROUP + * \param group EC_GROUP object + * \return number of bits of group order. + */ +int EC_GROUP_order_bits(const EC_GROUP *group); + +/** Gets the cofactor of a EC_GROUP + * \param group EC_GROUP object + * \param cofactor BIGNUM to which the cofactor is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, + BN_CTX *ctx); + +/** Gets the cofactor of an EC_GROUP + * \param group EC_GROUP object + * \return the group cofactor + */ +const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); + +/** Sets the name of a EC_GROUP object + * \param group EC_GROUP object + * \param nid NID of the curve name OID + */ +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + +/** Returns the curve name of a EC_GROUP object + * \param group EC_GROUP object + * \return NID of the curve name OID or 0 if not set. + */ +int EC_GROUP_get_curve_name(const EC_GROUP *group); + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, + point_conversion_form_t form); +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +size_t EC_GROUP_get_seed_len(const EC_GROUP *); +size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + +/** Sets the parameters of a ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); + +/** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) + +# ifndef OPENSSL_NO_EC2M +/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) +# endif +/** Returns the number of bits needed to represent a field element + * \param group EC_GROUP object + * \return number of bits needed to represent a field element + */ +int EC_GROUP_get_degree(const EC_GROUP *group); + +/** Checks whether the parameter in the EC_GROUP define a valid ec group + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if group is a valid ec group and 0 otherwise + */ +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + +/** Checks whether the discriminant of the elliptic curve is zero or not + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if the discriminant is not zero and 0 otherwise + */ +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + +/** Compares two EC_GROUP objects + * \param a first EC_GROUP object + * \param b second EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 0 if the groups are equal, 1 if not, or -1 on error + */ +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + +/* + * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after + * choosing an appropriate EC_METHOD + */ + +/** Creates a new EC_GROUP object with the specified parameters defined + * over GFp (defined by the equation y^2 = x^3 + a*x + b) + * \param p BIGNUM with the prime number + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# ifndef OPENSSL_NO_EC2M +/** Creates a new EC_GROUP object with the specified parameters defined + * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# endif + +/** Creates a EC_GROUP object with a curve specified by a NID + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + +/** Creates a new EC_GROUP object from an ECPARAMETERS object + * \param params pointer to the ECPARAMETERS object + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params); + +/** Creates an ECPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPARAMETERS object or NULL + * \return pointer to the new ECPARAMETERS object or NULL + * if an error occurred. + */ +ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + ECPARAMETERS *params); + +/** Creates a new EC_GROUP object from an ECPKPARAMETERS object + * \param params pointer to an existing ECPKPARAMETERS object, or NULL + * \return newly created EC_GROUP object with specified curve, or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params); + +/** Creates an ECPKPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPKPARAMETERS object or NULL + * \return pointer to the new ECPKPARAMETERS object or NULL + * if an error occurred. + */ +ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, + ECPKPARAMETERS *params); + +/********************************************************************/ +/* handling of internal curves */ +/********************************************************************/ + +typedef struct { + int nid; + const char *comment; +} EC_builtin_curve; + +/* + * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all + * available curves or zero if a error occurred. In case r is not zero, + * nitems EC_builtin_curve structures are filled with the data of the first + * nitems internal groups + */ +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + +const char *EC_curve_nid2nist(int nid); +int EC_curve_nist2nid(const char *name); + +/********************************************************************/ +/* EC_POINT functions */ +/********************************************************************/ + +/** Creates a new EC_POINT object for the specified EC_GROUP + * \param group EC_GROUP the underlying EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_new(const EC_GROUP *group); + +/** Frees a EC_POINT object + * \param point EC_POINT object to be freed + */ +void EC_POINT_free(EC_POINT *point); + +/** Clears and frees a EC_POINT object + * \param point EC_POINT object to be cleared and freed + */ +void EC_POINT_clear_free(EC_POINT *point); + +/** Copies EC_POINT object + * \param dst destination EC_POINT object + * \param src source EC_POINT object + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + +/** Creates a new EC_POINT object and copies the content of the supplied + * EC_POINT + * \param src source EC_POINT object + * \param group underlying the EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + +/** Returns the EC_METHOD used in EC_POINT object + * \param point EC_POINT object + * \return the EC_METHOD used + */ +const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + +/** Sets a point to infinity (neutral element) + * \param group underlying EC_GROUP object + * \param point EC_POINT to set to infinity + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + +/** Sets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param z BIGNUM with the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, + const BIGNUM *y, const BIGNUM *z, + BN_CTX *ctx); + +/** Gets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param z BIGNUM for the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, + BIGNUM *y, BIGNUM *z, + BN_CTX *ctx); + +/** Sets the affine coordinates of an EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx); + +/** Gets the affine coordinates of an EC_POINT. + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, + BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) +# ifndef OPENSSL_NO_EC2M +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) +# endif +/** Encodes a EC_POINT object to a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param form point conversion form + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Decodes a EC_POINT from a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Encodes an EC_POINT object to an allocated octet string + * \param group underlying EC_GROUP object + * \param point EC_POINT object + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, + point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/* other interfaces to point2oct/oct2point: */ +BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); +EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); +char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); +EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + +/********************************************************************/ +/* functions for doing EC_POINT arithmetic */ +/********************************************************************/ + +/** Computes the sum of two EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = a + b) + * \param a EC_POINT object with the first summand + * \param b EC_POINT object with the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx); + +/** Computes the double of a EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = 2 * a) + * \param a EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + BN_CTX *ctx); + +/** Computes the inverse of a EC_POINT + * \param group underlying EC_GROUP object + * \param a EC_POINT object to be inverted (it's used for the result as well) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + +/** Checks whether the point is the neutral element of the group + * \param group the underlying EC_GROUP object + * \param p EC_POINT object + * \return 1 if the point is the neutral element and 0 otherwise + */ +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + +/** Checks whether the point is on the curve + * \param group underlying EC_GROUP object + * \param point EC_POINT object to check + * \param ctx BN_CTX object (optional) + * \return 1 if the point is on the curve, 0 if not, or -1 on error + */ +int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, + BN_CTX *ctx); + +/** Compares two EC_POINTs + * \param group underlying EC_GROUP object + * \param a first EC_POINT object + * \param b second EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 if the points are not equal, 0 if they are, or -1 on error + */ +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, + BN_CTX *ctx); + +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx); + +/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i] + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param num number further summands + * \param p array of size num of EC_POINT objects + * \param m array of size num of BIGNUM objects + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + size_t num, const EC_POINT *p[], const BIGNUM *m[], + BN_CTX *ctx); + +/** Computes r = generator * n + q * m + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param q EC_POINT object with the first factor of the second summand + * \param m BIGNUM with the second factor of the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + +/** Stores multiples of generator for faster point multiplication + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + +/** Reports whether a precomputation has been done + * \param group EC_GROUP object + * \return 1 if a pre-computation has been done and 0 otherwise + */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + +/********************************************************************/ +/* ASN1 stuff */ +/********************************************************************/ + +DECLARE_ASN1_ITEM(ECPKPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS) +DECLARE_ASN1_ITEM(ECPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) + +/* + * EC_GROUP_get_basis_type() returns the NID of the basis type used to + * represent the field elements + */ +int EC_GROUP_get_basis_type(const EC_GROUP *); +# ifndef OPENSSL_NO_EC2M +int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); +# endif + +# define OPENSSL_EC_EXPLICIT_CURVE 0x000 +# define OPENSSL_EC_NAMED_CURVE 0x001 + +EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); +int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + +# define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) +# define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) +# define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ + (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) +# define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ + (unsigned char *)(x)) + +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +# ifndef OPENSSL_NO_STDIO +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +# endif + +/********************************************************************/ +/* EC_KEY functions */ +/********************************************************************/ + +/* some values for the encoding_flag */ +# define EC_PKEY_NO_PARAMETERS 0x001 +# define EC_PKEY_NO_PUBKEY 0x002 + +/* some values for the flags field */ +# define EC_FLAG_NON_FIPS_ALLOW 0x1 +# define EC_FLAG_FIPS_CHECKED 0x2 +# define EC_FLAG_COFACTOR_ECDH 0x1000 + +/** Creates a new EC_KEY object. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new(void); + +int EC_KEY_get_flags(const EC_KEY *key); + +void EC_KEY_set_flags(EC_KEY *key, int flags); + +void EC_KEY_clear_flags(EC_KEY *key, int flags); + +/** Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new_by_curve_name(int nid); + +/** Frees a EC_KEY object. + * \param key EC_KEY object to be freed. + */ +void EC_KEY_free(EC_KEY *key); + +/** Copies a EC_KEY object. + * \param dst destination EC_KEY object + * \param src src EC_KEY object + * \return dst or NULL if an error occurred. + */ +EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + +/** Creates a new EC_KEY object and copies the content from src to it. + * \param src the source EC_KEY object + * \return newly created EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_dup(const EC_KEY *src); + +/** Increases the internal reference count of a EC_KEY object. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_up_ref(EC_KEY *key); + +/** Returns the ENGINE object of a EC_KEY object + * \param eckey EC_KEY object + * \return the ENGINE object (possibly NULL). + */ +ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); + +/** Returns the EC_GROUP object of a EC_KEY object + * \param key EC_KEY object + * \return the EC_GROUP object (possibly NULL). + */ +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + +/** Sets the EC_GROUP of a EC_KEY object. + * \param key EC_KEY object + * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY + * object will use an own copy of the EC_GROUP). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + +/** Returns the private key of a EC_KEY object. + * \param key EC_KEY object + * \return a BIGNUM with the private key (possibly NULL). + */ +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + +/** Sets the private key of a EC_KEY object. + * \param key EC_KEY object + * \param prv BIGNUM with the private key (note: the EC_KEY object + * will use an own copy of the BIGNUM). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + +/** Returns the public key of a EC_KEY object. + * \param key the EC_KEY object + * \return a EC_POINT object with the public key (possibly NULL) + */ +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + +/** Sets the public key of a EC_KEY object. + * \param key EC_KEY object + * \param pub EC_POINT object with the public key (note: the EC_KEY object + * will use an own copy of the EC_POINT object). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + +unsigned EC_KEY_get_enc_flags(const EC_KEY *key); +void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); + +#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) +int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); +void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); + +/* wrapper functions for the underlying EC_GROUP object */ +void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + +/** Creates a table of pre-computed multiples of the generator to + * accelerate further EC_KEY operations. + * \param key EC_KEY object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + +/** Creates a new ec private (and optional a new public) key. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_generate_key(EC_KEY *key); + +/** Verifies that a private and/or public key is valid. + * \param key the EC_KEY object + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_check_key(const EC_KEY *key); + +/** Indicates if an EC_KEY can be used for signing. + * \param eckey the EC_KEY object + * \return 1 if can can sign and 0 otherwise. + */ +int EC_KEY_can_sign(const EC_KEY *eckey); + +/** Sets a public key from affine coordinates performing + * necessary NIST PKV tests. + * \param key the EC_KEY object + * \param x public key x coordinate + * \param y public key y coordinate + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, + BIGNUM *y); + +/** Encodes an EC_KEY public key to an allocated octet string + * \param key key to encode + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/** Decodes a EC_KEY public key from a octet string + * \param key key to decode + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, + BN_CTX *ctx); + +/** Decodes an EC_KEY private key from an octet string + * \param key key to decode + * \param buf memory buffer with the encoded private key + * \param len length of the encoded key + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len); + +/** Encodes a EC_KEY private key to an octet string + * \param key key to encode + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ + +size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len); + +/** Encodes an EC_KEY private key to an allocated octet string + * \param eckey key to encode + * \param pbuf returns pointer to allocated buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); + +/********************************************************************/ +/* de- and encoding functions for SEC1 ECPrivateKey */ +/********************************************************************/ + +/** Decodes a private key from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded private key + * \param len length of the DER encoded private key + * \return the decoded private key or NULL if an error occurred. + */ +EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a private key object and stores the result in a buffer. + * \param key the EC_KEY object to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC parameters */ +/********************************************************************/ + +/** Decodes ec parameter from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded ec parameters + * \param len length of the DER encoded ec parameters + * \return a EC_KEY object with the decoded parameters or NULL if an error + * occurred. + */ +EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes ec parameter and stores the result in a buffer. + * \param key the EC_KEY object with ec parameters to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECParameters(EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC public key */ +/* (octet string, not DER -- hence 'o2i' and 'i2o') */ +/********************************************************************/ + +/** Decodes a ec public key from a octet string. + * \param key a pointer to a EC_KEY object which should be used + * \param in memory buffer with the encoded public key + * \param len length of the encoded public key + * \return EC_KEY object with decoded public key or NULL if an error + * occurred. + */ +EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a ec public key in an octet string. + * \param key the EC_KEY object with the public key + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred + */ +int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); + +/** Prints out the ec parameters on human readable form. + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print(BIO *bp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + +# ifndef OPENSSL_NO_STDIO +/** Prints out the ec parameters on human readable form. + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + +# endif + +const EC_KEY_METHOD *EC_KEY_OpenSSL(void); +const EC_KEY_METHOD *EC_KEY_get_default_method(void); +void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); +const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +EC_KEY *EC_KEY_new_method(ENGINE *engine); + +/** The old name for ecdh_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md); + +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + const EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, + void *out, size_t *outlen)); + +typedef struct ECDSA_SIG_st ECDSA_SIG; + +/** Allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_SIG_new(void); + +/** frees a ECDSA_SIG structure + * \param sig pointer to the ECDSA_SIG structure + */ +void ECDSA_SIG_free(ECDSA_SIG *sig); + +/** DER encode content of ECDSA_SIG object (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param sig pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or a negative value + * on error + */ +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); + +/** Decodes a DER encoded ECDSA signature (note: this function changes *pp + * (*pp += len)). + * \param sig pointer to ECDSA_SIG pointer (may be NULL) + * \param pp memory buffer with the DER encoded signature + * \param len length of the buffer + * \return pointer to the decoded ECDSA_SIG structure (or NULL) + */ +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); + +/** Accessor for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param pr pointer to BIGNUM pointer for r (may be NULL) + * \param ps pointer to BIGNUM pointer for s (may be NULL) + */ +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + +/** Accessor for r field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); + +/** Accessor for s field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); + +/** Setter for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param r pointer to BIGNUM for r (may be NULL) + * \param s pointer to BIGNUM for s (may be NULL) + */ +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +/** Computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, + EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, + EC_KEY *eckey); + +/** Verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig ECDSA_SIG structure + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); + +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); + +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); + +/** Returns the maximum length of the DER encoded signature + * \param eckey EC_KEY object + * \return numbers of bytes required for the DER encoded signature + */ +int ECDSA_size(const EC_KEY *eckey); + +/********************************************************************/ +/* EC_KEY_METHOD constructors, destructors, writers and accessors */ +/********************************************************************/ + +EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); +void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); +void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, + const EC_POINT *pub_key)); + +void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, + int (*keygen)(EC_KEY *key)); + +void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, + int (*ckey)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)); + +void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, + int (*sign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); + +void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, + const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, + const EC_POINT *pub_key)); + +void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, + int (**pkeygen)(EC_KEY *key)); + +void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, + int (**pck)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)); + +void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, + int (**psign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); + +# define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) + +# ifndef __cplusplus +# if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +# endif +# endif + +# define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + +# define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL) + +# define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL) + +# define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL) + +# define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, \ + (void *)(plen)) + +# define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)(p)) + +# define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)(p)) + +/* SM2 will skip the operation check so no need to pass operation here */ +# define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id)) + +# define EVP_PKEY_CTX_get1_id(ctx, id) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id)) + +# define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len)) + +# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SET1_ID (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET1_ID (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13) +/* KDF types */ +# define EVP_PKEY_ECDH_KDF_NONE 1 +# define EVP_PKEY_ECDH_KDF_X9_63 2 +/** The old name for EVP_PKEY_ECDH_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ecdh.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ecdh.h new file mode 100644 index 00000000..681f3d5e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ecdh.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ecdsa.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ecdsa.h new file mode 100644 index 00000000..681f3d5e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ecdsa.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ecerr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ecerr.h new file mode 100644 index 00000000..f7b91834 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ecerr.h @@ -0,0 +1,275 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ECERR_H +# define HEADER_ECERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_EC + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EC_strings(void); + +/* + * EC function codes. + */ +# define EC_F_BN_TO_FELEM 224 +# define EC_F_D2I_ECPARAMETERS 144 +# define EC_F_D2I_ECPKPARAMETERS 145 +# define EC_F_D2I_ECPRIVATEKEY 146 +# define EC_F_DO_EC_KEY_PRINT 221 +# define EC_F_ECDH_CMS_DECRYPT 238 +# define EC_F_ECDH_CMS_SET_SHARED_INFO 239 +# define EC_F_ECDH_COMPUTE_KEY 246 +# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 257 +# define EC_F_ECDSA_DO_SIGN_EX 251 +# define EC_F_ECDSA_DO_VERIFY 252 +# define EC_F_ECDSA_SIGN_EX 254 +# define EC_F_ECDSA_SIGN_SETUP 248 +# define EC_F_ECDSA_SIG_NEW 265 +# define EC_F_ECDSA_VERIFY 253 +# define EC_F_ECD_ITEM_VERIFY 270 +# define EC_F_ECKEY_PARAM2TYPE 223 +# define EC_F_ECKEY_PARAM_DECODE 212 +# define EC_F_ECKEY_PRIV_DECODE 213 +# define EC_F_ECKEY_PRIV_ENCODE 214 +# define EC_F_ECKEY_PUB_DECODE 215 +# define EC_F_ECKEY_PUB_ENCODE 216 +# define EC_F_ECKEY_TYPE2PARAM 220 +# define EC_F_ECPARAMETERS_PRINT 147 +# define EC_F_ECPARAMETERS_PRINT_FP 148 +# define EC_F_ECPKPARAMETERS_PRINT 149 +# define EC_F_ECPKPARAMETERS_PRINT_FP 150 +# define EC_F_ECP_NISTZ256_GET_AFFINE 240 +# define EC_F_ECP_NISTZ256_INV_MOD_ORD 275 +# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 +# define EC_F_ECP_NISTZ256_POINTS_MUL 241 +# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 +# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 +# define EC_F_ECX_KEY_OP 266 +# define EC_F_ECX_PRIV_ENCODE 267 +# define EC_F_ECX_PUB_ENCODE 268 +# define EC_F_EC_ASN1_GROUP2CURVE 153 +# define EC_F_EC_ASN1_GROUP2FIELDID 154 +# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 +# define EC_F_EC_GF2M_SIMPLE_FIELD_INV 296 +# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 +# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 +# define EC_F_EC_GF2M_SIMPLE_LADDER_POST 285 +# define EC_F_EC_GF2M_SIMPLE_LADDER_PRE 288 +# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 +# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 +# define EC_F_EC_GF2M_SIMPLE_POINTS_MUL 289 +# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 +# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 +# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 +# define EC_F_EC_GFP_MONT_FIELD_DECODE 133 +# define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 +# define EC_F_EC_GFP_MONT_FIELD_INV 297 +# define EC_F_EC_GFP_MONT_FIELD_MUL 131 +# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 +# define EC_F_EC_GFP_MONT_FIELD_SQR 132 +# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 +# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 +# define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 +# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 +# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 230 +# define EC_F_EC_GFP_NISTP256_POINTS_MUL 231 +# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232 +# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 233 +# define EC_F_EC_GFP_NISTP521_POINTS_MUL 234 +# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235 +# define EC_F_EC_GFP_NIST_FIELD_MUL 200 +# define EC_F_EC_GFP_NIST_FIELD_SQR 201 +# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 +# define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 287 +# define EC_F_EC_GFP_SIMPLE_FIELD_INV 298 +# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 +# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 +# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 +# define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 +# define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 +# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 +# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 +# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 +# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 +# define EC_F_EC_GROUP_CHECK 170 +# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 +# define EC_F_EC_GROUP_COPY 106 +# define EC_F_EC_GROUP_GET_CURVE 291 +# define EC_F_EC_GROUP_GET_CURVE_GF2M 172 +# define EC_F_EC_GROUP_GET_CURVE_GFP 130 +# define EC_F_EC_GROUP_GET_DEGREE 173 +# define EC_F_EC_GROUP_GET_ECPARAMETERS 261 +# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 262 +# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 +# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 +# define EC_F_EC_GROUP_NEW 108 +# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 +# define EC_F_EC_GROUP_NEW_FROM_DATA 175 +# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 263 +# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 264 +# define EC_F_EC_GROUP_SET_CURVE 292 +# define EC_F_EC_GROUP_SET_CURVE_GF2M 176 +# define EC_F_EC_GROUP_SET_CURVE_GFP 109 +# define EC_F_EC_GROUP_SET_GENERATOR 111 +# define EC_F_EC_GROUP_SET_SEED 286 +# define EC_F_EC_KEY_CHECK_KEY 177 +# define EC_F_EC_KEY_COPY 178 +# define EC_F_EC_KEY_GENERATE_KEY 179 +# define EC_F_EC_KEY_NEW 182 +# define EC_F_EC_KEY_NEW_METHOD 245 +# define EC_F_EC_KEY_OCT2PRIV 255 +# define EC_F_EC_KEY_PRINT 180 +# define EC_F_EC_KEY_PRINT_FP 181 +# define EC_F_EC_KEY_PRIV2BUF 279 +# define EC_F_EC_KEY_PRIV2OCT 256 +# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 +# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258 +# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 259 +# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 260 +# define EC_F_EC_PKEY_CHECK 273 +# define EC_F_EC_PKEY_PARAM_CHECK 274 +# define EC_F_EC_POINTS_MAKE_AFFINE 136 +# define EC_F_EC_POINTS_MUL 290 +# define EC_F_EC_POINT_ADD 112 +# define EC_F_EC_POINT_BN2POINT 280 +# define EC_F_EC_POINT_CMP 113 +# define EC_F_EC_POINT_COPY 114 +# define EC_F_EC_POINT_DBL 115 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES 293 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 +# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 +# define EC_F_EC_POINT_INVERT 210 +# define EC_F_EC_POINT_IS_AT_INFINITY 118 +# define EC_F_EC_POINT_IS_ON_CURVE 119 +# define EC_F_EC_POINT_MAKE_AFFINE 120 +# define EC_F_EC_POINT_NEW 121 +# define EC_F_EC_POINT_OCT2POINT 122 +# define EC_F_EC_POINT_POINT2BUF 281 +# define EC_F_EC_POINT_POINT2OCT 123 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES 294 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES 295 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 +# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 +# define EC_F_EC_POINT_SET_TO_INFINITY 127 +# define EC_F_EC_PRE_COMP_NEW 196 +# define EC_F_EC_SCALAR_MUL_LADDER 284 +# define EC_F_EC_WNAF_MUL 187 +# define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 +# define EC_F_I2D_ECPARAMETERS 190 +# define EC_F_I2D_ECPKPARAMETERS 191 +# define EC_F_I2D_ECPRIVATEKEY 192 +# define EC_F_I2O_ECPUBLICKEY 151 +# define EC_F_NISTP224_PRE_COMP_NEW 227 +# define EC_F_NISTP256_PRE_COMP_NEW 236 +# define EC_F_NISTP521_PRE_COMP_NEW 237 +# define EC_F_O2I_ECPUBLICKEY 152 +# define EC_F_OLD_EC_PRIV_DECODE 222 +# define EC_F_OSSL_ECDH_COMPUTE_KEY 247 +# define EC_F_OSSL_ECDSA_SIGN_SIG 249 +# define EC_F_OSSL_ECDSA_VERIFY_SIG 250 +# define EC_F_PKEY_ECD_CTRL 271 +# define EC_F_PKEY_ECD_DIGESTSIGN 272 +# define EC_F_PKEY_ECD_DIGESTSIGN25519 276 +# define EC_F_PKEY_ECD_DIGESTSIGN448 277 +# define EC_F_PKEY_ECX_DERIVE 269 +# define EC_F_PKEY_EC_CTRL 197 +# define EC_F_PKEY_EC_CTRL_STR 198 +# define EC_F_PKEY_EC_DERIVE 217 +# define EC_F_PKEY_EC_INIT 282 +# define EC_F_PKEY_EC_KDF_DERIVE 283 +# define EC_F_PKEY_EC_KEYGEN 199 +# define EC_F_PKEY_EC_PARAMGEN 219 +# define EC_F_PKEY_EC_SIGN 218 +# define EC_F_VALIDATE_ECX_DERIVE 278 + +/* + * EC reason codes. + */ +# define EC_R_ASN1_ERROR 115 +# define EC_R_BAD_SIGNATURE 156 +# define EC_R_BIGNUM_OUT_OF_RANGE 144 +# define EC_R_BUFFER_TOO_SMALL 100 +# define EC_R_CANNOT_INVERT 165 +# define EC_R_COORDINATES_OUT_OF_RANGE 146 +# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 +# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 +# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +# define EC_R_DECODE_ERROR 142 +# define EC_R_DISCRIMINANT_IS_ZERO 118 +# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +# define EC_R_FIELD_TOO_LARGE 143 +# define EC_R_GF2M_NOT_SUPPORTED 147 +# define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +# define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 +# define EC_R_INCOMPATIBLE_OBJECTS 101 +# define EC_R_INVALID_ARGUMENT 112 +# define EC_R_INVALID_COMPRESSED_POINT 110 +# define EC_R_INVALID_COMPRESSION_BIT 109 +# define EC_R_INVALID_CURVE 141 +# define EC_R_INVALID_DIGEST 151 +# define EC_R_INVALID_DIGEST_TYPE 138 +# define EC_R_INVALID_ENCODING 102 +# define EC_R_INVALID_FIELD 103 +# define EC_R_INVALID_FORM 104 +# define EC_R_INVALID_GROUP_ORDER 122 +# define EC_R_INVALID_KEY 116 +# define EC_R_INVALID_OUTPUT_LENGTH 161 +# define EC_R_INVALID_PEER_KEY 133 +# define EC_R_INVALID_PENTANOMIAL_BASIS 132 +# define EC_R_INVALID_PRIVATE_KEY 123 +# define EC_R_INVALID_TRINOMIAL_BASIS 137 +# define EC_R_KDF_PARAMETER_ERROR 148 +# define EC_R_KEYS_NOT_SET 140 +# define EC_R_LADDER_POST_FAILURE 136 +# define EC_R_LADDER_PRE_FAILURE 153 +# define EC_R_LADDER_STEP_FAILURE 162 +# define EC_R_MISSING_PARAMETERS 124 +# define EC_R_MISSING_PRIVATE_KEY 125 +# define EC_R_NEED_NEW_SETUP_VALUES 157 +# define EC_R_NOT_A_NIST_PRIME 135 +# define EC_R_NOT_IMPLEMENTED 126 +# define EC_R_NOT_INITIALIZED 111 +# define EC_R_NO_PARAMETERS_SET 139 +# define EC_R_NO_PRIVATE_VALUE 154 +# define EC_R_OPERATION_NOT_SUPPORTED 152 +# define EC_R_PASSED_NULL_PARAMETER 134 +# define EC_R_PEER_KEY_ERROR 149 +# define EC_R_PKPARAMETERS2GROUP_FAILURE 127 +# define EC_R_POINT_ARITHMETIC_FAILURE 155 +# define EC_R_POINT_AT_INFINITY 106 +# define EC_R_POINT_COORDINATES_BLIND_FAILURE 163 +# define EC_R_POINT_IS_NOT_ON_CURVE 107 +# define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 +# define EC_R_SHARED_INFO_ERROR 150 +# define EC_R_SLOT_FULL 108 +# define EC_R_UNDEFINED_GENERATOR 113 +# define EC_R_UNDEFINED_ORDER 128 +# define EC_R_UNKNOWN_COFACTOR 164 +# define EC_R_UNKNOWN_GROUP 129 +# define EC_R_UNKNOWN_ORDER 114 +# define EC_R_UNSUPPORTED_FIELD 131 +# define EC_R_WRONG_CURVE_PARAMETERS 145 +# define EC_R_WRONG_ORDER 130 + +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/engine.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/engine.h new file mode 100644 index 00000000..0780f0fb --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/engine.h @@ -0,0 +1,751 @@ +/* + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENGINE_H +# define HEADER_ENGINE_H + +# include + +# ifndef OPENSSL_NO_ENGINE +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# include +# include +# include +# include +# include +# include +# include +# endif +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* + * These flags are used to control combinations of algorithm (methods) by + * bitwise "OR"ing. + */ +# define ENGINE_METHOD_RSA (unsigned int)0x0001 +# define ENGINE_METHOD_DSA (unsigned int)0x0002 +# define ENGINE_METHOD_DH (unsigned int)0x0004 +# define ENGINE_METHOD_RAND (unsigned int)0x0008 +# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 +# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +# define ENGINE_METHOD_EC (unsigned int)0x0800 +/* Obvious all-or-nothing cases. */ +# define ENGINE_METHOD_ALL (unsigned int)0xFFFF +# define ENGINE_METHOD_NONE (unsigned int)0x0000 + +/* + * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used + * internally to control registration of ENGINE implementations, and can be + * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to + * initialise registered ENGINEs if they are not already initialised. + */ +# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 + +/* ENGINE flags that can be set by ENGINE_set_flags(). */ +/* Not used */ +/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ + +/* + * This flag is for ENGINEs that wish to handle the various 'CMD'-related + * control commands on their own. Without this flag, ENGINE_ctrl() handles + * these control commands on behalf of the ENGINE using their "cmd_defns" + * data. + */ +# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 + +/* + * This flag is for ENGINEs who return new duplicate structures when found + * via "ENGINE_by_id()". When an ENGINE must store state (eg. if + * ENGINE_ctrl() commands are called in sequence as part of some stateful + * process like key-generation setup and execution), it can set this flag - + * then each attempt to obtain the ENGINE will result in it being copied into + * a new structure. Normally, ENGINEs don't declare this flag so + * ENGINE_by_id() just increments the existing ENGINE's structural reference + * count. + */ +# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 + +/* + * This flag if for an ENGINE that does not want its methods registered as + * part of ENGINE_register_all_complete() for example if the methods are not + * usable as default methods. + */ + +# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 + +/* + * ENGINEs can support their own command types, and these flags are used in + * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input + * each command expects. Currently only numeric and string input is + * supported. If a control command supports none of the _NUMERIC, _STRING, or + * _NO_INPUT options, then it is regarded as an "internal" control command - + * and not for use in config setting situations. As such, they're not + * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() + * access. Changes to this list of 'command types' should be reflected + * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). + */ + +/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ +# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +/* + * accepts string input (cast from 'void*' to 'const char *', 4th parameter + * to ENGINE_ctrl) + */ +# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +/* + * Indicates that the control command takes *no* input. Ie. the control + * command is unparameterised. + */ +# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +/* + * Indicates that the control command is internal. This control command won't + * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() + * function. + */ +# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 + +/* + * NB: These 3 control commands are deprecated and should not be used. + * ENGINEs relying on these commands should compile conditional support for + * compatibility (eg. if these symbols are defined) but should also migrate + * the same functionality to their own ENGINE-specific control functions that + * can be "discovered" by calling applications. The fact these control + * commands wouldn't be "executable" (ie. usable by text-based config) + * doesn't change the fact that application code can find and use them + * without requiring per-ENGINE hacking. + */ + +/* + * These flags are used to tell the ctrl function what should be done. All + * command numbers are shared between all engines, even if some don't make + * sense to some engines. In such a case, they do nothing but return the + * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. + */ +# define ENGINE_CTRL_SET_LOGSTREAM 1 +# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 +# define ENGINE_CTRL_HUP 3/* Close and reinitialise + * any handles/connections + * etc. */ +# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */ +# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used + * when calling the password + * callback and the user + * interface */ +# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration, + * given a string that + * represents a file name + * or so */ +# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given + * section in the already + * loaded configuration */ + +/* + * These control commands allow an application to deal with an arbitrary + * engine in a dynamic way. Warn: Negative return values indicate errors FOR + * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other + * commands, including ENGINE-specific command types, return zero for an + * error. An ENGINE can choose to implement these ctrl functions, and can + * internally manage things however it chooses - it does so by setting the + * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise + * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the + * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's + * ctrl() handler need only implement its own commands - the above "meta" + * commands will be taken care of. + */ + +/* + * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", + * then all the remaining control commands will return failure, so it is + * worth checking this first if the caller is trying to "discover" the + * engine's capabilities and doesn't want errors generated unnecessarily. + */ +# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 +/* + * Returns a positive command number for the first command supported by the + * engine. Returns zero if no ctrl commands are supported. + */ +# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +/* + * The 'long' argument specifies a command implemented by the engine, and the + * return value is the next command supported, or zero if there are no more. + */ +# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +/* + * The 'void*' argument is a command name (cast from 'const char *'), and the + * return value is the command that corresponds to it. + */ +# define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +/* + * The next two allow a command to be converted into its corresponding string + * form. In each case, the 'long' argument supplies the command. In the + * NAME_LEN case, the return value is the length of the command name (not + * counting a trailing EOL). In the NAME case, the 'void*' argument must be a + * string buffer large enough, and it will be populated with the name of the + * command (WITH a trailing EOL). + */ +# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +# define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +/* The next two are similar but give a "short description" of a command. */ +# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +# define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +/* + * With this command, the return value is the OR'd combination of + * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given + * engine-specific ctrl command expects. + */ +# define ENGINE_CTRL_GET_CMD_FLAGS 18 + +/* + * ENGINE implementations should start the numbering of their own control + * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). + */ +# define ENGINE_CMD_BASE 200 + +/* + * NB: These 2 nCipher "chil" control commands are deprecated, and their + * functionality is now available through ENGINE-specific control commands + * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 + * commands should be migrated to the more general command handling before + * these are removed. + */ + +/* Flags specific to the nCipher "chil" engine */ +# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 + /* + * Depending on the value of the (long)i argument, this sets or + * unsets the SimpleForkCheck flag in the CHIL API to enable or + * disable checking and workarounds for applications that fork(). + */ +# define ENGINE_CTRL_CHIL_NO_LOCKING 101 + /* + * This prevents the initialisation function from providing mutex + * callbacks to the nCipher library. + */ + +/* + * If an ENGINE supports its own specific control commands and wishes the + * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on + * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN + * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl() + * handler that supports the stated commands (ie. the "cmd_num" entries as + * described by the array). NB: The array must be ordered in increasing order + * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element + * has cmd_num set to zero and/or cmd_name set to NULL. + */ +typedef struct ENGINE_CMD_DEFN_st { + unsigned int cmd_num; /* The command number */ + const char *cmd_name; /* The command name itself */ + const char *cmd_desc; /* A short description of the command */ + unsigned int cmd_flags; /* The input the command expects */ +} ENGINE_CMD_DEFN; + +/* Generic function pointer */ +typedef int (*ENGINE_GEN_FUNC_PTR) (void); +/* Generic function pointer taking no arguments */ +typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *); +/* Specific control function pointer */ +typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *, + void (*f) (void)); +/* Generic load_key function pointer */ +typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, + UI_METHOD *ui_method, + void *callback_data); +typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, + X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, + void *callback_data); +/*- + * These callback types are for an ENGINE's handler for cipher and digest logic. + * These handlers have these prototypes; + * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); + * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); + * Looking at how to implement these handlers in the case of cipher support, if + * the framework wants the EVP_CIPHER for 'nid', it will call; + * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure) + * If the framework wants a list of supported 'nid's, it will call; + * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) + */ +/* + * Returns to a pointer to the array of supported cipher 'nid's. If the + * second parameter is non-NULL it is set to the size of the returned array. + */ +typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **, + const int **, int); +typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **, + int); +typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **, + const int **, int); +typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **, + const int **, int); +/* + * STRUCTURE functions ... all of these functions deal with pointers to + * ENGINE structures where the pointers have a "structural reference". This + * means that their reference is to allowed access to the structure but it + * does not imply that the structure is functional. To simply increment or + * decrement the structural reference count, use ENGINE_by_id and + * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next + * as it will automatically decrement the structural reference count of the + * "current" ENGINE and increment the structural reference count of the + * ENGINE it returns (unless it is NULL). + */ + +/* Get the first/last "ENGINE" type available. */ +ENGINE *ENGINE_get_first(void); +ENGINE *ENGINE_get_last(void); +/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ +ENGINE *ENGINE_get_next(ENGINE *e); +ENGINE *ENGINE_get_prev(ENGINE *e); +/* Add another "ENGINE" type into the array. */ +int ENGINE_add(ENGINE *e); +/* Remove an existing "ENGINE" type from the array. */ +int ENGINE_remove(ENGINE *e); +/* Retrieve an engine from the list by its unique "id" value. */ +ENGINE *ENGINE_by_id(const char *id); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define ENGINE_load_openssl() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) +# define ENGINE_load_dynamic() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) +# ifndef OPENSSL_NO_STATIC_ENGINE +# define ENGINE_load_padlock() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) +# define ENGINE_load_capi() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) +# define ENGINE_load_afalg() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL) +# endif +# define ENGINE_load_cryptodev() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) +# define ENGINE_load_rdrand() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) +#endif +void ENGINE_load_builtin_engines(void); + +/* + * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation + * "registry" handling. + */ +unsigned int ENGINE_get_table_flags(void); +void ENGINE_set_table_flags(unsigned int flags); + +/*- Manage registration of ENGINEs per "table". For each type, there are 3 + * functions; + * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) + * ENGINE_unregister_***(e) - unregister the implementation from 'e' + * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list + * Cleanup is automatically registered from each table when required. + */ + +int ENGINE_register_RSA(ENGINE *e); +void ENGINE_unregister_RSA(ENGINE *e); +void ENGINE_register_all_RSA(void); + +int ENGINE_register_DSA(ENGINE *e); +void ENGINE_unregister_DSA(ENGINE *e); +void ENGINE_register_all_DSA(void); + +int ENGINE_register_EC(ENGINE *e); +void ENGINE_unregister_EC(ENGINE *e); +void ENGINE_register_all_EC(void); + +int ENGINE_register_DH(ENGINE *e); +void ENGINE_unregister_DH(ENGINE *e); +void ENGINE_register_all_DH(void); + +int ENGINE_register_RAND(ENGINE *e); +void ENGINE_unregister_RAND(ENGINE *e); +void ENGINE_register_all_RAND(void); + +int ENGINE_register_ciphers(ENGINE *e); +void ENGINE_unregister_ciphers(ENGINE *e); +void ENGINE_register_all_ciphers(void); + +int ENGINE_register_digests(ENGINE *e); +void ENGINE_unregister_digests(ENGINE *e); +void ENGINE_register_all_digests(void); + +int ENGINE_register_pkey_meths(ENGINE *e); +void ENGINE_unregister_pkey_meths(ENGINE *e); +void ENGINE_register_all_pkey_meths(void); + +int ENGINE_register_pkey_asn1_meths(ENGINE *e); +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); +void ENGINE_register_all_pkey_asn1_meths(void); + +/* + * These functions register all support from the above categories. Note, use + * of these functions can result in static linkage of code your application + * may not need. If you only need a subset of functionality, consider using + * more selective initialisation. + */ +int ENGINE_register_complete(ENGINE *e); +int ENGINE_register_all_complete(void); + +/* + * Send parameterised control commands to the engine. The possibilities to + * send down an integer, a pointer to data or a function pointer are + * provided. Any of the parameters may or may not be NULL, depending on the + * command number. In actuality, this function only requires a structural + * (rather than functional) reference to an engine, but many control commands + * may require the engine be functional. The caller should be aware of trying + * commands that require an operational ENGINE, and only use functional + * references in such situations. + */ +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); + +/* + * This function tests if an ENGINE-specific command is usable as a + * "setting". Eg. in an application's config file that gets processed through + * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to + * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). + */ +int ENGINE_cmd_is_executable(ENGINE *e, int cmd); + +/* + * This function works like ENGINE_ctrl() with the exception of taking a + * command name instead of a command number, and can handle optional + * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation + * on how to use the cmd_name and cmd_optional. + */ +int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, + long i, void *p, void (*f) (void), int cmd_optional); + +/* + * This function passes a command-name and argument to an ENGINE. The + * cmd_name is converted to a command number and the control command is + * called using 'arg' as an argument (unless the ENGINE doesn't support such + * a command, in which case no control command is called). The command is + * checked for input flags, and if necessary the argument will be converted + * to a numeric value. If cmd_optional is non-zero, then if the ENGINE + * doesn't support the given cmd_name the return value will be success + * anyway. This function is intended for applications to use so that users + * (or config files) can supply engine-specific config data to the ENGINE at + * run-time to control behaviour of specific engines. As such, it shouldn't + * be used for calling ENGINE_ctrl() functions that return data, deal with + * binary data, or that are otherwise supposed to be used directly through + * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl() + * operation in this function will be lost - the return value is interpreted + * as failure if the return value is zero, success otherwise, and this + * function returns a boolean value as a result. In other words, vendors of + * 'ENGINE'-enabled devices should write ENGINE implementations with + * parameterisations that work in this scheme, so that compliant ENGINE-based + * applications can work consistently with the same configuration for the + * same ENGINE-enabled devices, across applications. + */ +int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, + int cmd_optional); + +/* + * These functions are useful for manufacturing new ENGINE structures. They + * don't address reference counting at all - one uses them to populate an + * ENGINE structure with personalised implementations of things prior to + * using it directly or adding it to the builtin ENGINE list in OpenSSL. + * These are also here so that the ENGINE structure doesn't have to be + * exposed and break binary compatibility! + */ +ENGINE *ENGINE_new(void); +int ENGINE_free(ENGINE *e); +int ENGINE_up_ref(ENGINE *e); +int ENGINE_set_id(ENGINE *e, const char *id); +int ENGINE_set_name(ENGINE *e, const char *name); +int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth); +int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +int ENGINE_set_load_privkey_function(ENGINE *e, + ENGINE_LOAD_KEY_PTR loadpriv_f); +int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR + loadssl_f); +int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); +int ENGINE_set_flags(ENGINE *e, int flags); +int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +/* These functions allow control over any per-structure ENGINE data. */ +#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef) +int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +void *ENGINE_get_ex_data(const ENGINE *e, int idx); + +#if OPENSSL_API_COMPAT < 0x10100000L +/* + * This function previously cleaned up anything that needs it. Auto-deinit will + * now take care of it so it is no longer required to call this function. + */ +# define ENGINE_cleanup() while(0) continue +#endif + +/* + * These return values from within the ENGINE structure. These can be useful + * with functional references as well as structural references - it depends + * which you obtained. Using the result for functional purposes if you only + * obtained a structural reference may be problematic! + */ +const char *ENGINE_get_id(const ENGINE *e); +const char *ENGINE_get_name(const ENGINE *e); +const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e); +const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE + *e); +ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); +const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, + int len); +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, + int len); +const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +int ENGINE_get_flags(const ENGINE *e); + +/* + * FUNCTIONAL functions. These functions deal with ENGINE structures that + * have (or will) be initialised for use. Broadly speaking, the structural + * functions are useful for iterating the list of available engine types, + * creating new engine types, and other "list" operations. These functions + * actually deal with ENGINEs that are to be used. As such these functions + * can fail (if applicable) when particular engines are unavailable - eg. if + * a hardware accelerator is not attached or not functioning correctly. Each + * ENGINE has 2 reference counts; structural and functional. Every time a + * functional reference is obtained or released, a corresponding structural + * reference is automatically obtained or released too. + */ + +/* + * Initialise a engine type for use (or up its reference count if it's + * already in use). This will fail if the engine is not currently operational + * and cannot initialise. + */ +int ENGINE_init(ENGINE *e); +/* + * Free a functional reference to a engine type. This does not require a + * corresponding call to ENGINE_free as it also releases a structural + * reference. + */ +int ENGINE_finish(ENGINE *e); + +/* + * The following functions handle keys that are stored in some secondary + * location, handled by the engine. The storage may be on a card or + * whatever. + */ +EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, + EVP_PKEY **ppkey, STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data); + +/* + * This returns a pointer for the current ENGINE structure that is (by + * default) performing any RSA operations. The value returned is an + * incremented reference, so it should be free'd (ENGINE_finish) before it is + * discarded. + */ +ENGINE *ENGINE_get_default_RSA(void); +/* Same for the other "methods" */ +ENGINE *ENGINE_get_default_DSA(void); +ENGINE *ENGINE_get_default_EC(void); +ENGINE *ENGINE_get_default_DH(void); +ENGINE *ENGINE_get_default_RAND(void); +/* + * These functions can be used to get a functional reference to perform + * ciphering or digesting corresponding to "nid". + */ +ENGINE *ENGINE_get_cipher_engine(int nid); +ENGINE *ENGINE_get_digest_engine(int nid); +ENGINE *ENGINE_get_pkey_meth_engine(int nid); +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); + +/* + * This sets a new default ENGINE structure for performing RSA operations. If + * the result is non-zero (success) then the ENGINE structure will have had + * its reference count up'd so the caller should still free their own + * reference 'e'. + */ +int ENGINE_set_default_RSA(ENGINE *e); +int ENGINE_set_default_string(ENGINE *e, const char *def_list); +/* Same for the other "methods" */ +int ENGINE_set_default_DSA(ENGINE *e); +int ENGINE_set_default_EC(ENGINE *e); +int ENGINE_set_default_DH(ENGINE *e); +int ENGINE_set_default_RAND(ENGINE *e); +int ENGINE_set_default_ciphers(ENGINE *e); +int ENGINE_set_default_digests(ENGINE *e); +int ENGINE_set_default_pkey_meths(ENGINE *e); +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); + +/* + * The combination "set" - the flags are bitwise "OR"d from the + * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" + * function, this function can result in unnecessary static linkage. If your + * application requires only specific functionality, consider using more + * selective functions. + */ +int ENGINE_set_default(ENGINE *e, unsigned int flags); + +void ENGINE_add_conf_module(void); + +/* Deprecated functions ... */ +/* int ENGINE_clear_defaults(void); */ + +/**************************/ +/* DYNAMIC ENGINE SUPPORT */ +/**************************/ + +/* Binary/behaviour compatibility levels */ +# define OSSL_DYNAMIC_VERSION (unsigned long)0x00030000 +/* + * Binary versions older than this are too old for us (whether we're a loader + * or a loadee) + */ +# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00030000 + +/* + * When compiling an ENGINE entirely as an external shared library, loadable + * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' + * structure type provides the calling application's (or library's) error + * functionality and memory management function pointers to the loaded + * library. These should be used/set in the loaded library code so that the + * loading application's 'state' will be used/changed in all operations. The + * 'static_state' pointer allows the loaded library to know if it shares the + * same static data as the calling application (or library), and thus whether + * these callbacks need to be set or not. + */ +typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int); +typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int); +typedef void (*dyn_MEM_free_fn) (void *, const char *, int); +typedef struct st_dynamic_MEM_fns { + dyn_MEM_malloc_fn malloc_fn; + dyn_MEM_realloc_fn realloc_fn; + dyn_MEM_free_fn free_fn; +} dynamic_MEM_fns; +/* + * FIXME: Perhaps the memory and locking code (crypto.h) should declare and + * use these types so we (and any other dependent code) can simplify a bit?? + */ +/* The top-level structure */ +typedef struct st_dynamic_fns { + void *static_state; + dynamic_MEM_fns mem_fns; +} dynamic_fns; + +/* + * The version checking function should be of this prototype. NB: The + * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading + * code. If this function returns zero, it indicates a (potential) version + * incompatibility and the loaded library doesn't believe it can proceed. + * Otherwise, the returned value is the (latest) version supported by the + * loading library. The loader may still decide that the loaded code's + * version is unsatisfactory and could veto the load. The function is + * expected to be implemented with the symbol name "v_check", and a default + * implementation can be fully instantiated with + * IMPLEMENT_DYNAMIC_CHECK_FN(). + */ +typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); +# define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ + if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ + return 0; } + +/* + * This function is passed the ENGINE structure to initialise with its own + * function and command settings. It should not adjust the structural or + * functional reference counts. If this function returns zero, (a) the load + * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto + * the structure, and (c) the shared library will be unloaded. So + * implementations should do their own internal cleanup in failure + * circumstances otherwise they could leak. The 'id' parameter, if non-NULL, + * represents the ENGINE id that the loader is looking for. If this is NULL, + * the shared library can choose to return failure or to initialise a + * 'default' ENGINE. If non-NULL, the shared library must initialise only an + * ENGINE matching the passed 'id'. The function is expected to be + * implemented with the symbol name "bind_engine". A standard implementation + * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter + * 'fn' is a callback function that populates the ENGINE structure and + * returns an int value (zero for failure). 'fn' should have prototype; + * [static] int fn(ENGINE *e, const char *id); + */ +typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, + const dynamic_fns *fns); +# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ + CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ + fns->mem_fns.realloc_fn, \ + fns->mem_fns.free_fn); \ + skip_cbs: \ + if (!fn(e, id)) return 0; \ + return 1; } + +/* + * If the loading application (or library) and the loaded ENGINE library + * share the same static data (eg. they're both dynamically linked to the + * same libcrypto.so) we need a way to avoid trying to set system callbacks - + * this would fail, and for the same reason that it's unnecessary to try. If + * the loaded ENGINE has (or gets from through the loader) its own copy of + * the libcrypto static data, we will need to set the callbacks. The easiest + * way to detect this is to have a function that returns a pointer to some + * static data and let the loading application and loaded ENGINE compare + * their respective values. + */ +void *ENGINE_get_static_state(void); + +# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) +DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void)) +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/engineerr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/engineerr.h new file mode 100644 index 00000000..05e84bd2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/engineerr.h @@ -0,0 +1,111 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENGINEERR_H +# define HEADER_ENGINEERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_ENGINE + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ENGINE_strings(void); + +/* + * ENGINE function codes. + */ +# define ENGINE_F_DIGEST_UPDATE 198 +# define ENGINE_F_DYNAMIC_CTRL 180 +# define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 +# define ENGINE_F_DYNAMIC_LOAD 182 +# define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 +# define ENGINE_F_ENGINE_ADD 105 +# define ENGINE_F_ENGINE_BY_ID 106 +# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 +# define ENGINE_F_ENGINE_CTRL 142 +# define ENGINE_F_ENGINE_CTRL_CMD 178 +# define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 +# define ENGINE_F_ENGINE_FINISH 107 +# define ENGINE_F_ENGINE_GET_CIPHER 185 +# define ENGINE_F_ENGINE_GET_DIGEST 186 +# define ENGINE_F_ENGINE_GET_FIRST 195 +# define ENGINE_F_ENGINE_GET_LAST 196 +# define ENGINE_F_ENGINE_GET_NEXT 115 +# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 +# define ENGINE_F_ENGINE_GET_PKEY_METH 192 +# define ENGINE_F_ENGINE_GET_PREV 116 +# define ENGINE_F_ENGINE_INIT 119 +# define ENGINE_F_ENGINE_LIST_ADD 120 +# define ENGINE_F_ENGINE_LIST_REMOVE 121 +# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 +# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 +# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 +# define ENGINE_F_ENGINE_NEW 122 +# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 197 +# define ENGINE_F_ENGINE_REMOVE 123 +# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 +# define ENGINE_F_ENGINE_SET_ID 129 +# define ENGINE_F_ENGINE_SET_NAME 130 +# define ENGINE_F_ENGINE_TABLE_REGISTER 184 +# define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 +# define ENGINE_F_ENGINE_UP_REF 190 +# define ENGINE_F_INT_CLEANUP_ITEM 199 +# define ENGINE_F_INT_CTRL_HELPER 172 +# define ENGINE_F_INT_ENGINE_CONFIGURE 188 +# define ENGINE_F_INT_ENGINE_MODULE_INIT 187 +# define ENGINE_F_OSSL_HMAC_INIT 200 + +/* + * ENGINE reason codes. + */ +# define ENGINE_R_ALREADY_LOADED 100 +# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 +# define ENGINE_R_CMD_NOT_EXECUTABLE 134 +# define ENGINE_R_COMMAND_TAKES_INPUT 135 +# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 +# define ENGINE_R_CONFLICTING_ENGINE_ID 103 +# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +# define ENGINE_R_DSO_FAILURE 104 +# define ENGINE_R_DSO_NOT_FOUND 132 +# define ENGINE_R_ENGINES_SECTION_ERROR 148 +# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 +# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 +# define ENGINE_R_ENGINE_SECTION_ERROR 149 +# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 +# define ENGINE_R_FINISH_FAILED 106 +# define ENGINE_R_ID_OR_NAME_MISSING 108 +# define ENGINE_R_INIT_FAILED 109 +# define ENGINE_R_INTERNAL_LIST_ERROR 110 +# define ENGINE_R_INVALID_ARGUMENT 143 +# define ENGINE_R_INVALID_CMD_NAME 137 +# define ENGINE_R_INVALID_CMD_NUMBER 138 +# define ENGINE_R_INVALID_INIT_VALUE 151 +# define ENGINE_R_INVALID_STRING 150 +# define ENGINE_R_NOT_INITIALISED 117 +# define ENGINE_R_NOT_LOADED 112 +# define ENGINE_R_NO_CONTROL_FUNCTION 120 +# define ENGINE_R_NO_INDEX 144 +# define ENGINE_R_NO_LOAD_FUNCTION 125 +# define ENGINE_R_NO_REFERENCE 130 +# define ENGINE_R_NO_SUCH_ENGINE 116 +# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 +# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 +# define ENGINE_R_VERSION_INCOMPATIBILITY 145 + +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/err.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/err.h new file mode 100644 index 00000000..b49f8812 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/err.h @@ -0,0 +1,274 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ERR_H +# define HEADER_ERR_H + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# include +# endif + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_NO_ERR +# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) +# else +# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) +# endif + +# include + +# define ERR_TXT_MALLOCED 0x01 +# define ERR_TXT_STRING 0x02 + +# define ERR_FLAG_MARK 0x01 +# define ERR_FLAG_CLEAR 0x02 + +# define ERR_NUM_ERRORS 16 +typedef struct err_state_st { + int err_flags[ERR_NUM_ERRORS]; + unsigned long err_buffer[ERR_NUM_ERRORS]; + char *err_data[ERR_NUM_ERRORS]; + int err_data_flags[ERR_NUM_ERRORS]; + const char *err_file[ERR_NUM_ERRORS]; + int err_line[ERR_NUM_ERRORS]; + int top, bottom; +} ERR_STATE; + +/* library */ +# define ERR_LIB_NONE 1 +# define ERR_LIB_SYS 2 +# define ERR_LIB_BN 3 +# define ERR_LIB_RSA 4 +# define ERR_LIB_DH 5 +# define ERR_LIB_EVP 6 +# define ERR_LIB_BUF 7 +# define ERR_LIB_OBJ 8 +# define ERR_LIB_PEM 9 +# define ERR_LIB_DSA 10 +# define ERR_LIB_X509 11 +/* #define ERR_LIB_METH 12 */ +# define ERR_LIB_ASN1 13 +# define ERR_LIB_CONF 14 +# define ERR_LIB_CRYPTO 15 +# define ERR_LIB_EC 16 +# define ERR_LIB_SSL 20 +/* #define ERR_LIB_SSL23 21 */ +/* #define ERR_LIB_SSL2 22 */ +/* #define ERR_LIB_SSL3 23 */ +/* #define ERR_LIB_RSAREF 30 */ +/* #define ERR_LIB_PROXY 31 */ +# define ERR_LIB_BIO 32 +# define ERR_LIB_PKCS7 33 +# define ERR_LIB_X509V3 34 +# define ERR_LIB_PKCS12 35 +# define ERR_LIB_RAND 36 +# define ERR_LIB_DSO 37 +# define ERR_LIB_ENGINE 38 +# define ERR_LIB_OCSP 39 +# define ERR_LIB_UI 40 +# define ERR_LIB_COMP 41 +# define ERR_LIB_ECDSA 42 +# define ERR_LIB_ECDH 43 +# define ERR_LIB_OSSL_STORE 44 +# define ERR_LIB_FIPS 45 +# define ERR_LIB_CMS 46 +# define ERR_LIB_TS 47 +# define ERR_LIB_HMAC 48 +/* # define ERR_LIB_JPAKE 49 */ +# define ERR_LIB_CT 50 +# define ERR_LIB_ASYNC 51 +# define ERR_LIB_KDF 52 +# define ERR_LIB_SM2 53 + +# define ERR_LIB_USER 128 + +# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + +# define ERR_PACK(l,f,r) ( \ + (((unsigned int)(l) & 0x0FF) << 24L) | \ + (((unsigned int)(f) & 0xFFF) << 12L) | \ + (((unsigned int)(r) & 0xFFF) ) ) +# define ERR_GET_LIB(l) (int)(((l) >> 24L) & 0x0FFL) +# define ERR_GET_FUNC(l) (int)(((l) >> 12L) & 0xFFFL) +# define ERR_GET_REASON(l) (int)( (l) & 0xFFFL) +# define ERR_FATAL_ERROR(l) (int)( (l) & ERR_R_FATAL) + +/* OS functions */ +# define SYS_F_FOPEN 1 +# define SYS_F_CONNECT 2 +# define SYS_F_GETSERVBYNAME 3 +# define SYS_F_SOCKET 4 +# define SYS_F_IOCTLSOCKET 5 +# define SYS_F_BIND 6 +# define SYS_F_LISTEN 7 +# define SYS_F_ACCEPT 8 +# define SYS_F_WSASTARTUP 9/* Winsock stuff */ +# define SYS_F_OPENDIR 10 +# define SYS_F_FREAD 11 +# define SYS_F_GETADDRINFO 12 +# define SYS_F_GETNAMEINFO 13 +# define SYS_F_SETSOCKOPT 14 +# define SYS_F_GETSOCKOPT 15 +# define SYS_F_GETSOCKNAME 16 +# define SYS_F_GETHOSTBYNAME 17 +# define SYS_F_FFLUSH 18 +# define SYS_F_OPEN 19 +# define SYS_F_CLOSE 20 +# define SYS_F_IOCTL 21 +# define SYS_F_STAT 22 +# define SYS_F_FCNTL 23 +# define SYS_F_FSTAT 24 + +/* reasons */ +# define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ +# define ERR_R_BN_LIB ERR_LIB_BN/* 3 */ +# define ERR_R_RSA_LIB ERR_LIB_RSA/* 4 */ +# define ERR_R_DH_LIB ERR_LIB_DH/* 5 */ +# define ERR_R_EVP_LIB ERR_LIB_EVP/* 6 */ +# define ERR_R_BUF_LIB ERR_LIB_BUF/* 7 */ +# define ERR_R_OBJ_LIB ERR_LIB_OBJ/* 8 */ +# define ERR_R_PEM_LIB ERR_LIB_PEM/* 9 */ +# define ERR_R_DSA_LIB ERR_LIB_DSA/* 10 */ +# define ERR_R_X509_LIB ERR_LIB_X509/* 11 */ +# define ERR_R_ASN1_LIB ERR_LIB_ASN1/* 13 */ +# define ERR_R_EC_LIB ERR_LIB_EC/* 16 */ +# define ERR_R_BIO_LIB ERR_LIB_BIO/* 32 */ +# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */ +# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */ +# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */ +# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ +# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ +# define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */ + +# define ERR_R_NESTED_ASN1_ERROR 58 +# define ERR_R_MISSING_ASN1_EOS 63 + +/* fatal error */ +# define ERR_R_FATAL 64 +# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) +# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) +# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) +# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) +# define ERR_R_DISABLED (5|ERR_R_FATAL) +# define ERR_R_INIT_FAIL (6|ERR_R_FATAL) +# define ERR_R_PASSED_INVALID_ARGUMENT (7) +# define ERR_R_OPERATION_FAIL (8|ERR_R_FATAL) + +/* + * 99 is the maximum possible ERR_R_... code, higher values are reserved for + * the individual libraries + */ + +typedef struct ERR_string_data_st { + unsigned long error; + const char *string; +} ERR_STRING_DATA; + +DEFINE_LHASH_OF(ERR_STRING_DATA); + +void ERR_put_error(int lib, int func, int reason, const char *file, int line); +void ERR_set_error_data(char *data, int flags); + +unsigned long ERR_get_error(void); +unsigned long ERR_get_error_line(const char **file, int *line); +unsigned long ERR_get_error_line_data(const char **file, int *line, + const char **data, int *flags); +unsigned long ERR_peek_error(void); +unsigned long ERR_peek_error_line(const char **file, int *line); +unsigned long ERR_peek_error_line_data(const char **file, int *line, + const char **data, int *flags); +unsigned long ERR_peek_last_error(void); +unsigned long ERR_peek_last_error_line(const char **file, int *line); +unsigned long ERR_peek_last_error_line_data(const char **file, int *line, + const char **data, int *flags); +void ERR_clear_error(void); +char *ERR_error_string(unsigned long e, char *buf); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); +const char *ERR_lib_error_string(unsigned long e); +const char *ERR_func_error_string(unsigned long e); +const char *ERR_reason_error_string(unsigned long e); +void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); +# ifndef OPENSSL_NO_STDIO +void ERR_print_errors_fp(FILE *fp); +# endif +void ERR_print_errors(BIO *bp); +void ERR_add_error_data(int num, ...); +void ERR_add_error_vdata(int num, va_list args); +int ERR_load_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_strings_const(const ERR_STRING_DATA *str); +int ERR_unload_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_ERR_strings(void); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define ERR_load_crypto_strings() \ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# define ERR_free_strings() while(0) continue +#endif + +DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *)) +DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid)) +ERR_STATE *ERR_get_state(void); + +int ERR_get_next_error_library(void); + +int ERR_set_mark(void); +int ERR_pop_to_mark(void); +int ERR_clear_last_mark(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/evp.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/evp.h new file mode 100644 index 00000000..a411f3f2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/evp.h @@ -0,0 +1,1666 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENVELOPE_H +# define HEADER_ENVELOPE_H + +# include +# include +# include +# include +# include + +# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ +# define EVP_MAX_KEY_LENGTH 64 +# define EVP_MAX_IV_LENGTH 16 +# define EVP_MAX_BLOCK_LENGTH 32 + +# define PKCS5_SALT_LEN 8 +/* Default PKCS#5 iteration count */ +# define PKCS5_DEFAULT_ITER 2048 + +# include + +# define EVP_PK_RSA 0x0001 +# define EVP_PK_DSA 0x0002 +# define EVP_PK_DH 0x0004 +# define EVP_PK_EC 0x0008 +# define EVP_PKT_SIGN 0x0010 +# define EVP_PKT_ENC 0x0020 +# define EVP_PKT_EXCH 0x0040 +# define EVP_PKS_RSA 0x0100 +# define EVP_PKS_DSA 0x0200 +# define EVP_PKS_EC 0x0400 + +# define EVP_PKEY_NONE NID_undef +# define EVP_PKEY_RSA NID_rsaEncryption +# define EVP_PKEY_RSA2 NID_rsa +# define EVP_PKEY_RSA_PSS NID_rsassaPss +# define EVP_PKEY_DSA NID_dsa +# define EVP_PKEY_DSA1 NID_dsa_2 +# define EVP_PKEY_DSA2 NID_dsaWithSHA +# define EVP_PKEY_DSA3 NID_dsaWithSHA1 +# define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 +# define EVP_PKEY_DH NID_dhKeyAgreement +# define EVP_PKEY_DHX NID_dhpublicnumber +# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +# define EVP_PKEY_SM2 NID_sm2 +# define EVP_PKEY_HMAC NID_hmac +# define EVP_PKEY_CMAC NID_cmac +# define EVP_PKEY_SCRYPT NID_id_scrypt +# define EVP_PKEY_TLS1_PRF NID_tls1_prf +# define EVP_PKEY_HKDF NID_hkdf +# define EVP_PKEY_POLY1305 NID_poly1305 +# define EVP_PKEY_SIPHASH NID_siphash +# define EVP_PKEY_X25519 NID_X25519 +# define EVP_PKEY_ED25519 NID_ED25519 +# define EVP_PKEY_X448 NID_X448 +# define EVP_PKEY_ED448 NID_ED448 + +#ifdef __cplusplus +extern "C" { +#endif + +# define EVP_PKEY_MO_SIGN 0x0001 +# define EVP_PKEY_MO_VERIFY 0x0002 +# define EVP_PKEY_MO_ENCRYPT 0x0004 +# define EVP_PKEY_MO_DECRYPT 0x0008 + +# ifndef EVP_MD +EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +void EVP_MD_meth_free(EVP_MD *md); + +int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, + const void *data, + size_t count)); +int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, + unsigned char *md)); +int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, + const EVP_MD_CTX *from)); +int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2)); + +int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +int EVP_MD_meth_get_result_size(const EVP_MD *md); +int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, + const void *data, + size_t count); +int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, + unsigned char *md); +int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, + const EVP_MD_CTX *from); +int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2); + +/* digest can only handle a single block */ +# define EVP_MD_FLAG_ONESHOT 0x0001 + +/* digest is extensible-output function, XOF */ +# define EVP_MD_FLAG_XOF 0x0002 + +/* DigestAlgorithmIdentifier flags... */ + +# define EVP_MD_FLAG_DIGALGID_MASK 0x0018 + +/* NULL or absent parameter accepted. Use NULL */ + +# define EVP_MD_FLAG_DIGALGID_NULL 0x0000 + +/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ + +# define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 + +/* Custom handling via ctrl */ + +# define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 + +/* Note if suitable for use in FIPS mode */ +# define EVP_MD_FLAG_FIPS 0x0400 + +/* Digest ctrls */ + +# define EVP_MD_CTRL_DIGALGID 0x1 +# define EVP_MD_CTRL_MICALG 0x2 +# define EVP_MD_CTRL_XOF_LEN 0x3 + +/* Minimum Algorithm specific ctrl value */ + +# define EVP_MD_CTRL_ALG_CTRL 0x1000 + +# endif /* !EVP_MD */ + +/* values for EVP_MD_CTX flags */ + +# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be + * called once only */ +# define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been + * cleaned */ +# define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data + * in EVP_MD_CTX_reset */ +/* + * FIPS and pad options are ignored in 1.0.0, definitions are here so we + * don't accidentally reuse the values for other purposes. + */ + +# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS + * digest in FIPS mode */ + +/* + * The following PAD options are also currently ignored in 1.0.0, digest + * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() + * instead. + */ +# define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */ +# define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ +# define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ +# define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ + +# define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ +/* + * Some functions such as EVP_DigestSign only finalise copies of internal + * contexts so additional data can be included after the finalisation call. + * This is inefficient if this functionality is not required: it is disabled + * if the following flag is set. + */ +# define EVP_MD_CTX_FLAG_FINALISE 0x0200 +/* NOTE: 0x0400 is reserved for internal usage */ + +EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); + +int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, + int (*init) (EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc)); +int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, + int (*do_cipher) (EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl)); +int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, + int (*cleanup) (EVP_CIPHER_CTX *)); +int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, + int (*set_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, + int (*get_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, + int (*ctrl) (EVP_CIPHER_CTX *, int type, + int arg, void *ptr)); + +int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc); +int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl); +int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + int type, int arg, + void *ptr); + +/* Values for cipher flags */ + +/* Modes for ciphers */ + +# define EVP_CIPH_STREAM_CIPHER 0x0 +# define EVP_CIPH_ECB_MODE 0x1 +# define EVP_CIPH_CBC_MODE 0x2 +# define EVP_CIPH_CFB_MODE 0x3 +# define EVP_CIPH_OFB_MODE 0x4 +# define EVP_CIPH_CTR_MODE 0x5 +# define EVP_CIPH_GCM_MODE 0x6 +# define EVP_CIPH_CCM_MODE 0x7 +# define EVP_CIPH_XTS_MODE 0x10001 +# define EVP_CIPH_WRAP_MODE 0x10002 +# define EVP_CIPH_OCB_MODE 0x10003 +# define EVP_CIPH_MODE 0xF0007 +/* Set if variable length cipher */ +# define EVP_CIPH_VARIABLE_LENGTH 0x8 +/* Set if the iv handling should be done by the cipher itself */ +# define EVP_CIPH_CUSTOM_IV 0x10 +/* Set if the cipher's init() function should be called if key is NULL */ +# define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +/* Call ctrl() to init cipher parameters */ +# define EVP_CIPH_CTRL_INIT 0x40 +/* Don't use standard key length function */ +# define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 +/* Don't use standard block padding */ +# define EVP_CIPH_NO_PADDING 0x100 +/* cipher handles random key generation */ +# define EVP_CIPH_RAND_KEY 0x200 +/* cipher has its own additional copying logic */ +# define EVP_CIPH_CUSTOM_COPY 0x400 +/* Don't use standard iv length function */ +# define EVP_CIPH_CUSTOM_IV_LENGTH 0x800 +/* Allow use default ASN1 get/set iv */ +# define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 +/* Buffer length in bits not bytes: CFB1 mode only */ +# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 +/* Note if suitable for use in FIPS mode */ +# define EVP_CIPH_FLAG_FIPS 0x4000 +/* Allow non FIPS cipher in FIPS mode */ +# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 +/* + * Cipher handles any and all padding logic as well as finalisation. + */ +# define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 +# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 +/* Cipher can handle pipeline operations */ +# define EVP_CIPH_FLAG_PIPELINE 0X800000 + +/* + * Cipher context flag to indicate we can handle wrap mode: if allowed in + * older applications it could overflow buffers. + */ + +# define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 + +/* ctrl() values */ + +# define EVP_CTRL_INIT 0x0 +# define EVP_CTRL_SET_KEY_LENGTH 0x1 +# define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +# define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +# define EVP_CTRL_GET_RC5_ROUNDS 0x4 +# define EVP_CTRL_SET_RC5_ROUNDS 0x5 +# define EVP_CTRL_RAND_KEY 0x6 +# define EVP_CTRL_PBE_PRF_NID 0x7 +# define EVP_CTRL_COPY 0x8 +# define EVP_CTRL_AEAD_SET_IVLEN 0x9 +# define EVP_CTRL_AEAD_GET_TAG 0x10 +# define EVP_CTRL_AEAD_SET_TAG 0x11 +# define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_GCM_IV_GEN 0x13 +# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_CCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_CCM_SET_L 0x14 +# define EVP_CTRL_CCM_SET_MSGLEN 0x15 +/* + * AEAD cipher deduces payload length and returns number of bytes required to + * store MAC and eventual padding. Subsequent call to EVP_Cipher even + * appends/verifies MAC. + */ +# define EVP_CTRL_AEAD_TLS1_AAD 0x16 +/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ +# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 +/* Set the GCM invocation field, decrypt only */ +# define EVP_CTRL_GCM_SET_IV_INV 0x18 + +# define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 +# define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a +# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b +# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c + +# define EVP_CTRL_SSL3_MASTER_SECRET 0x1d + +/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */ +# define EVP_CTRL_SET_SBOX 0x1e +/* + * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a + * pre-allocated buffer with specified size + */ +# define EVP_CTRL_SBOX_USED 0x1f +/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after, + * 0 switches meshing off + */ +# define EVP_CTRL_KEY_MESH 0x20 +/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */ +# define EVP_CTRL_BLOCK_PADDING_MODE 0x21 + +/* Set the output buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS 0x22 +/* Set the input buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23 +/* Set the input buffer lengths to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 + +# define EVP_CTRL_GET_IVLEN 0x25 + +/* Padding modes */ +#define EVP_PADDING_PKCS7 1 +#define EVP_PADDING_ISO7816_4 2 +#define EVP_PADDING_ANSI923 3 +#define EVP_PADDING_ISO10126 4 +#define EVP_PADDING_ZERO 5 + +/* RFC 5246 defines additional data to be 13 bytes in length */ +# define EVP_AEAD_TLS1_AAD_LEN 13 + +typedef struct { + unsigned char *out; + const unsigned char *inp; + size_t len; + unsigned int interleave; +} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM; + +/* GCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_GCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 +/* Length of tag for TLS */ +# define EVP_GCM_TLS_TAG_LEN 16 + +/* CCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_CCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 +/* Total length of CCM IV length for TLS */ +# define EVP_CCM_TLS_IV_LEN 12 +/* Length of tag for TLS */ +# define EVP_CCM_TLS_TAG_LEN 16 +/* Length of CCM8 tag for TLS */ +# define EVP_CCM8_TLS_TAG_LEN 8 + +/* Length of tag for TLS */ +# define EVP_CHACHAPOLY_TLS_TAG_LEN 16 + +typedef struct evp_cipher_info_st { + const EVP_CIPHER *cipher; + unsigned char iv[EVP_MAX_IV_LENGTH]; +} EVP_CIPHER_INFO; + + +/* Password based encryption function */ +typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de); + +# ifndef OPENSSL_NO_RSA +# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) +# endif + +# ifndef OPENSSL_NO_DSA +# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (char *)(dsa)) +# endif + +# ifndef OPENSSL_NO_DH +# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ + (char *)(dh)) +# endif + +# ifndef OPENSSL_NO_EC +# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ + (char *)(eckey)) +# endif +# ifndef OPENSSL_NO_SIPHASH +# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),EVP_PKEY_SIPHASH,\ + (char *)(shkey)) +# endif + +# ifndef OPENSSL_NO_POLY1305 +# define EVP_PKEY_assign_POLY1305(pkey,polykey) EVP_PKEY_assign((pkey),EVP_PKEY_POLY1305,\ + (char *)(polykey)) +# endif + +/* Add some extra combinations */ +# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + +int EVP_MD_type(const EVP_MD *md); +# define EVP_MD_nid(e) EVP_MD_type(e) +# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) +int EVP_MD_pkey_type(const EVP_MD *md); +int EVP_MD_size(const EVP_MD *md); +int EVP_MD_block_size(const EVP_MD *md); +unsigned long EVP_MD_flags(const EVP_MD *md); + +const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count); +void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update) (EVP_MD_CTX *ctx, + const void *data, size_t count)); +# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) +EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); + +int EVP_CIPHER_nid(const EVP_CIPHER *cipher); +# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) +int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); +int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); +unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); +# define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) + +const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); +void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +# if OPENSSL_API_COMPAT < 0x10100000L +# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c)) +# endif +# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c)) + +# define EVP_ENCODE_LENGTH(l) ((((l)+2)/3*4)+((l)/48+1)*2+80) +# define EVP_DECODE_LENGTH(l) (((l)+3)/4*3+80) + +# define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_SignInit(a,b) EVP_DigestInit(a,b) +# define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) +# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) +# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) +# define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) + +# ifdef CONST_STRICT +void BIO_set_md(BIO *, const EVP_MD *md); +# else +# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)(md)) +# endif +# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)(mdp)) +# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0, \ + (char *)(mdcp)) +# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0, \ + (char *)(mdcp)) +# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) +# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0, \ + (char *)(c_pp)) + +/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, + unsigned char *out, + const unsigned char *in, unsigned int inl); + +# define EVP_add_cipher_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_add_digest_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_delete_cipher_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); +# define EVP_delete_digest_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); + +int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +EVP_MD_CTX *EVP_MD_CTX_new(void); +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +# define EVP_MD_CTX_create() EVP_MD_CTX_new() +# define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) +# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx)) +__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); +__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, + ENGINE *impl); +__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, + size_t cnt); +__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_Digest(const void *data, size_t count, + unsigned char *md, unsigned int *size, + const EVP_MD *type, ENGINE *impl); + +__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); +__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, + size_t len); + +int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); +int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, + const char *prompt, int verify); +void EVP_set_pw_prompt(const char *prompt); +char *EVP_get_pw_prompt(void); + +__owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, + const unsigned char *data, int datal, int count, + unsigned char *key, unsigned char *iv); + +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); + +__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); +/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); + +__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, + int enc); +/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv, int enc); +__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + EVP_PKEY *pkey); + +__owur int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen, const unsigned char *tbs, + size_t tbslen); + +__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey); + +__owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + +/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen); + +__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen); + +# ifndef OPENSSL_NO_RSA +__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, + const unsigned char *iv, EVP_PKEY *priv); +__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); +__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +# endif + +EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx); +int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned + char *out, int *outl); +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) +# define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) +# endif +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); + +const BIO_METHOD *BIO_f_md(void); +const BIO_METHOD *BIO_f_base64(void); +const BIO_METHOD *BIO_f_cipher(void); +const BIO_METHOD *BIO_f_reliable(void); +__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int enc); + +const EVP_MD *EVP_md_null(void); +# ifndef OPENSSL_NO_MD2 +const EVP_MD *EVP_md2(void); +# endif +# ifndef OPENSSL_NO_MD4 +const EVP_MD *EVP_md4(void); +# endif +# ifndef OPENSSL_NO_MD5 +const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_md5_sha1(void); +# endif +# ifndef OPENSSL_NO_BLAKE2 +const EVP_MD *EVP_blake2b512(void); +const EVP_MD *EVP_blake2s256(void); +# endif +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); +const EVP_MD *EVP_sha512_224(void); +const EVP_MD *EVP_sha512_256(void); +const EVP_MD *EVP_sha3_224(void); +const EVP_MD *EVP_sha3_256(void); +const EVP_MD *EVP_sha3_384(void); +const EVP_MD *EVP_sha3_512(void); +const EVP_MD *EVP_shake128(void); +const EVP_MD *EVP_shake256(void); +# ifndef OPENSSL_NO_MDC2 +const EVP_MD *EVP_mdc2(void); +# endif +# ifndef OPENSSL_NO_RMD160 +const EVP_MD *EVP_ripemd160(void); +# endif +# ifndef OPENSSL_NO_WHIRLPOOL +const EVP_MD *EVP_whirlpool(void); +# endif +# ifndef OPENSSL_NO_SM3 +const EVP_MD *EVP_sm3(void); +# endif +const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +# ifndef OPENSSL_NO_DES +const EVP_CIPHER *EVP_des_ecb(void); +const EVP_CIPHER *EVP_des_ede(void); +const EVP_CIPHER *EVP_des_ede3(void); +const EVP_CIPHER *EVP_des_ede_ecb(void); +const EVP_CIPHER *EVP_des_ede3_ecb(void); +const EVP_CIPHER *EVP_des_cfb64(void); +# define EVP_des_cfb EVP_des_cfb64 +const EVP_CIPHER *EVP_des_cfb1(void); +const EVP_CIPHER *EVP_des_cfb8(void); +const EVP_CIPHER *EVP_des_ede_cfb64(void); +# define EVP_des_ede_cfb EVP_des_ede_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb64(void); +# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb1(void); +const EVP_CIPHER *EVP_des_ede3_cfb8(void); +const EVP_CIPHER *EVP_des_ofb(void); +const EVP_CIPHER *EVP_des_ede_ofb(void); +const EVP_CIPHER *EVP_des_ede3_ofb(void); +const EVP_CIPHER *EVP_des_cbc(void); +const EVP_CIPHER *EVP_des_ede_cbc(void); +const EVP_CIPHER *EVP_des_ede3_cbc(void); +const EVP_CIPHER *EVP_desx_cbc(void); +const EVP_CIPHER *EVP_des_ede3_wrap(void); +/* + * This should now be supported through the dev_crypto ENGINE. But also, why + * are rc4 and md5 declarations made here inside a "NO_DES" precompiler + * branch? + */ +# endif +# ifndef OPENSSL_NO_RC4 +const EVP_CIPHER *EVP_rc4(void); +const EVP_CIPHER *EVP_rc4_40(void); +# ifndef OPENSSL_NO_MD5 +const EVP_CIPHER *EVP_rc4_hmac_md5(void); +# endif +# endif +# ifndef OPENSSL_NO_IDEA +const EVP_CIPHER *EVP_idea_ecb(void); +const EVP_CIPHER *EVP_idea_cfb64(void); +# define EVP_idea_cfb EVP_idea_cfb64 +const EVP_CIPHER *EVP_idea_ofb(void); +const EVP_CIPHER *EVP_idea_cbc(void); +# endif +# ifndef OPENSSL_NO_RC2 +const EVP_CIPHER *EVP_rc2_ecb(void); +const EVP_CIPHER *EVP_rc2_cbc(void); +const EVP_CIPHER *EVP_rc2_40_cbc(void); +const EVP_CIPHER *EVP_rc2_64_cbc(void); +const EVP_CIPHER *EVP_rc2_cfb64(void); +# define EVP_rc2_cfb EVP_rc2_cfb64 +const EVP_CIPHER *EVP_rc2_ofb(void); +# endif +# ifndef OPENSSL_NO_BF +const EVP_CIPHER *EVP_bf_ecb(void); +const EVP_CIPHER *EVP_bf_cbc(void); +const EVP_CIPHER *EVP_bf_cfb64(void); +# define EVP_bf_cfb EVP_bf_cfb64 +const EVP_CIPHER *EVP_bf_ofb(void); +# endif +# ifndef OPENSSL_NO_CAST +const EVP_CIPHER *EVP_cast5_ecb(void); +const EVP_CIPHER *EVP_cast5_cbc(void); +const EVP_CIPHER *EVP_cast5_cfb64(void); +# define EVP_cast5_cfb EVP_cast5_cfb64 +const EVP_CIPHER *EVP_cast5_ofb(void); +# endif +# ifndef OPENSSL_NO_RC5 +const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); +# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 +const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); +# endif +const EVP_CIPHER *EVP_aes_128_ecb(void); +const EVP_CIPHER *EVP_aes_128_cbc(void); +const EVP_CIPHER *EVP_aes_128_cfb1(void); +const EVP_CIPHER *EVP_aes_128_cfb8(void); +const EVP_CIPHER *EVP_aes_128_cfb128(void); +# define EVP_aes_128_cfb EVP_aes_128_cfb128 +const EVP_CIPHER *EVP_aes_128_ofb(void); +const EVP_CIPHER *EVP_aes_128_ctr(void); +const EVP_CIPHER *EVP_aes_128_ccm(void); +const EVP_CIPHER *EVP_aes_128_gcm(void); +const EVP_CIPHER *EVP_aes_128_xts(void); +const EVP_CIPHER *EVP_aes_128_wrap(void); +const EVP_CIPHER *EVP_aes_128_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_128_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_192_ecb(void); +const EVP_CIPHER *EVP_aes_192_cbc(void); +const EVP_CIPHER *EVP_aes_192_cfb1(void); +const EVP_CIPHER *EVP_aes_192_cfb8(void); +const EVP_CIPHER *EVP_aes_192_cfb128(void); +# define EVP_aes_192_cfb EVP_aes_192_cfb128 +const EVP_CIPHER *EVP_aes_192_ofb(void); +const EVP_CIPHER *EVP_aes_192_ctr(void); +const EVP_CIPHER *EVP_aes_192_ccm(void); +const EVP_CIPHER *EVP_aes_192_gcm(void); +const EVP_CIPHER *EVP_aes_192_wrap(void); +const EVP_CIPHER *EVP_aes_192_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_192_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_256_ecb(void); +const EVP_CIPHER *EVP_aes_256_cbc(void); +const EVP_CIPHER *EVP_aes_256_cfb1(void); +const EVP_CIPHER *EVP_aes_256_cfb8(void); +const EVP_CIPHER *EVP_aes_256_cfb128(void); +# define EVP_aes_256_cfb EVP_aes_256_cfb128 +const EVP_CIPHER *EVP_aes_256_ofb(void); +const EVP_CIPHER *EVP_aes_256_ctr(void); +const EVP_CIPHER *EVP_aes_256_ccm(void); +const EVP_CIPHER *EVP_aes_256_gcm(void); +const EVP_CIPHER *EVP_aes_256_xts(void); +const EVP_CIPHER *EVP_aes_256_wrap(void); +const EVP_CIPHER *EVP_aes_256_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_256_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); +# ifndef OPENSSL_NO_ARIA +const EVP_CIPHER *EVP_aria_128_ecb(void); +const EVP_CIPHER *EVP_aria_128_cbc(void); +const EVP_CIPHER *EVP_aria_128_cfb1(void); +const EVP_CIPHER *EVP_aria_128_cfb8(void); +const EVP_CIPHER *EVP_aria_128_cfb128(void); +# define EVP_aria_128_cfb EVP_aria_128_cfb128 +const EVP_CIPHER *EVP_aria_128_ctr(void); +const EVP_CIPHER *EVP_aria_128_ofb(void); +const EVP_CIPHER *EVP_aria_128_gcm(void); +const EVP_CIPHER *EVP_aria_128_ccm(void); +const EVP_CIPHER *EVP_aria_192_ecb(void); +const EVP_CIPHER *EVP_aria_192_cbc(void); +const EVP_CIPHER *EVP_aria_192_cfb1(void); +const EVP_CIPHER *EVP_aria_192_cfb8(void); +const EVP_CIPHER *EVP_aria_192_cfb128(void); +# define EVP_aria_192_cfb EVP_aria_192_cfb128 +const EVP_CIPHER *EVP_aria_192_ctr(void); +const EVP_CIPHER *EVP_aria_192_ofb(void); +const EVP_CIPHER *EVP_aria_192_gcm(void); +const EVP_CIPHER *EVP_aria_192_ccm(void); +const EVP_CIPHER *EVP_aria_256_ecb(void); +const EVP_CIPHER *EVP_aria_256_cbc(void); +const EVP_CIPHER *EVP_aria_256_cfb1(void); +const EVP_CIPHER *EVP_aria_256_cfb8(void); +const EVP_CIPHER *EVP_aria_256_cfb128(void); +# define EVP_aria_256_cfb EVP_aria_256_cfb128 +const EVP_CIPHER *EVP_aria_256_ctr(void); +const EVP_CIPHER *EVP_aria_256_ofb(void); +const EVP_CIPHER *EVP_aria_256_gcm(void); +const EVP_CIPHER *EVP_aria_256_ccm(void); +# endif +# ifndef OPENSSL_NO_CAMELLIA +const EVP_CIPHER *EVP_camellia_128_ecb(void); +const EVP_CIPHER *EVP_camellia_128_cbc(void); +const EVP_CIPHER *EVP_camellia_128_cfb1(void); +const EVP_CIPHER *EVP_camellia_128_cfb8(void); +const EVP_CIPHER *EVP_camellia_128_cfb128(void); +# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_128_ctr(void); +const EVP_CIPHER *EVP_camellia_192_ecb(void); +const EVP_CIPHER *EVP_camellia_192_cbc(void); +const EVP_CIPHER *EVP_camellia_192_cfb1(void); +const EVP_CIPHER *EVP_camellia_192_cfb8(void); +const EVP_CIPHER *EVP_camellia_192_cfb128(void); +# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ctr(void); +const EVP_CIPHER *EVP_camellia_256_ecb(void); +const EVP_CIPHER *EVP_camellia_256_cbc(void); +const EVP_CIPHER *EVP_camellia_256_cfb1(void); +const EVP_CIPHER *EVP_camellia_256_cfb8(void); +const EVP_CIPHER *EVP_camellia_256_cfb128(void); +# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +const EVP_CIPHER *EVP_camellia_256_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ctr(void); +# endif +# ifndef OPENSSL_NO_CHACHA +const EVP_CIPHER *EVP_chacha20(void); +# ifndef OPENSSL_NO_POLY1305 +const EVP_CIPHER *EVP_chacha20_poly1305(void); +# endif +# endif + +# ifndef OPENSSL_NO_SEED +const EVP_CIPHER *EVP_seed_ecb(void); +const EVP_CIPHER *EVP_seed_cbc(void); +const EVP_CIPHER *EVP_seed_cfb128(void); +# define EVP_seed_cfb EVP_seed_cfb128 +const EVP_CIPHER *EVP_seed_ofb(void); +# endif + +# ifndef OPENSSL_NO_SM4 +const EVP_CIPHER *EVP_sm4_ecb(void); +const EVP_CIPHER *EVP_sm4_cbc(void); +const EVP_CIPHER *EVP_sm4_cfb128(void); +# define EVP_sm4_cfb EVP_sm4_cfb128 +const EVP_CIPHER *EVP_sm4_ofb(void); +const EVP_CIPHER *EVP_sm4_ctr(void); +# endif + +# if OPENSSL_API_COMPAT < 0x10100000L +# define OPENSSL_add_all_algorithms_conf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ + | OPENSSL_INIT_LOAD_CONFIG, NULL) +# define OPENSSL_add_all_algorithms_noconf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# ifdef OPENSSL_LOAD_CONF +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf() +# else +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf() +# endif + +# define OpenSSL_add_all_ciphers() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL) +# define OpenSSL_add_all_digests() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# define EVP_cleanup() while(0) continue +# endif + +int EVP_add_cipher(const EVP_CIPHER *cipher); +int EVP_add_digest(const EVP_MD *digest); + +const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +const EVP_MD *EVP_get_digestbyname(const char *name); + +void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_CIPHER_do_all_sorted(void (*fn) + (const EVP_CIPHER *ciph, const char *from, + const char *to, void *x), void *arg); + +void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_MD_do_all_sorted(void (*fn) + (const EVP_MD *ciph, const char *from, + const char *to, void *x), void *arg); + +int EVP_PKEY_decrypt_old(unsigned char *dec_key, + const unsigned char *enc_key, int enc_key_len, + EVP_PKEY *private_key); +int EVP_PKEY_encrypt_old(unsigned char *enc_key, + const unsigned char *key, int key_len, + EVP_PKEY *pub_key); +int EVP_PKEY_type(int type); +int EVP_PKEY_id(const EVP_PKEY *pkey); +int EVP_PKEY_base_id(const EVP_PKEY *pkey); +int EVP_PKEY_bits(const EVP_PKEY *pkey); +int EVP_PKEY_security_bits(const EVP_PKEY *pkey); +int EVP_PKEY_size(const EVP_PKEY *pkey); +int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); +int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); +# ifndef OPENSSL_NO_ENGINE +int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); +ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); +# endif +int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); +void *EVP_PKEY_get0(const EVP_PKEY *pkey); +const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); +# ifndef OPENSSL_NO_POLY1305 +const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); +# endif +# ifndef OPENSSL_NO_SIPHASH +const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); +# endif + +# ifndef OPENSSL_NO_RSA +struct rsa_st; +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); +struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); +struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DSA +struct dsa_st; +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); +struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); +struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DH +struct dh_st; +int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); +struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey); +struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_EC +struct ec_key_st; +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); +struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); +struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +# endif + +EVP_PKEY *EVP_PKEY_new(void); +int EVP_PKEY_up_ref(EVP_PKEY *pkey); +void EVP_PKEY_free(EVP_PKEY *pkey); + +EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); + +EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); + +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); + +int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, + const unsigned char *pt, size_t ptlen); +size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt); + +int EVP_CIPHER_type(const EVP_CIPHER *ctx); + +/* calls methods */ +int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* These are used by EVP_CIPHER methods */ +int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* PKCS5 password based encryption */ +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); +int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out); +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, unsigned char *out); +int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); + +#ifndef OPENSSL_NO_SCRYPT +int EVP_PBE_scrypt(const char *pass, size_t passlen, + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen); + +int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de); +#endif + +void PKCS5_PBE_add(void); + +int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + +/* PBE type */ + +/* Can appear as the outermost AlgorithmIdentifier */ +# define EVP_PBE_TYPE_OUTER 0x0 +/* Is an PRF type OID */ +# define EVP_PBE_TYPE_PRF 0x1 +/* Is a PKCS#5 v2.0 KDF */ +# define EVP_PBE_TYPE_KDF 0x2 + +int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, + int md_nid, EVP_PBE_KEYGEN *keygen); +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen); +int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, + EVP_PBE_KEYGEN **pkeygen); +void EVP_PBE_cleanup(void); +int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); + +# define ASN1_PKEY_ALIAS 0x1 +# define ASN1_PKEY_DYNAMIC 0x2 +# define ASN1_PKEY_SIGPARAM_NULL 0x4 + +# define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 +# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 +# define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 +# define ASN1_PKEY_CTRL_CMS_SIGN 0x5 +# define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 +# define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 + +# define ASN1_PKEY_CTRL_SET1_TLS_ENCPT 0x9 +# define ASN1_PKEY_CTRL_GET1_TLS_ENCPT 0xa + +int EVP_PKEY_asn1_get_count(void); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); +int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +int EVP_PKEY_asn1_add_alias(int to, int from); +int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, + int *ppkey_flags, const char **pinfo, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); +EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, + const char *pem_str, + const char *info); +void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + const EVP_PKEY_ASN1_METHOD *src); +void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pub_decode) (EVP_PKEY *pk, + X509_PUBKEY *pub), + int (*pub_encode) (X509_PUBKEY *pub, + const EVP_PKEY *pk), + int (*pub_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*pub_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx), + int (*pkey_size) (const EVP_PKEY *pk), + int (*pkey_bits) (const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode) (EVP_PKEY *pk, + const PKCS8_PRIV_KEY_INFO + *p8inf), + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, + const EVP_PKEY *pk), + int (*priv_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); +void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, + int (*param_decode) (EVP_PKEY *pkey, + const unsigned char **pder, + int derlen), + int (*param_encode) (const EVP_PKEY *pkey, + unsigned char **pder), + int (*param_missing) (const EVP_PKEY *pk), + int (*param_copy) (EVP_PKEY *to, + const EVP_PKEY *from), + int (*param_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*param_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); + +void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, + void (*pkey_free) (EVP_PKEY *pkey)); +void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, + long arg1, void *arg2)); +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); + +void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, + int (*siginf_set) (X509_SIG_INFO *siginf, + const X509_ALGOR *alg, + const ASN1_STRING *sig)); + +void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_pub_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_param_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_priv_key) (EVP_PKEY *pk, + const unsigned char + *priv, + size_t len)); +void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_pub_key) (EVP_PKEY *pk, + const unsigned char *pub, + size_t len)); +void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_priv_key) (const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)); +void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_pub_key) (const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)); + +void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits) (const EVP_PKEY + *pk)); + +# define EVP_PKEY_OP_UNDEFINED 0 +# define EVP_PKEY_OP_PARAMGEN (1<<1) +# define EVP_PKEY_OP_KEYGEN (1<<2) +# define EVP_PKEY_OP_SIGN (1<<3) +# define EVP_PKEY_OP_VERIFY (1<<4) +# define EVP_PKEY_OP_VERIFYRECOVER (1<<5) +# define EVP_PKEY_OP_SIGNCTX (1<<6) +# define EVP_PKEY_OP_VERIFYCTX (1<<7) +# define EVP_PKEY_OP_ENCRYPT (1<<8) +# define EVP_PKEY_OP_DECRYPT (1<<9) +# define EVP_PKEY_OP_DERIVE (1<<10) + +# define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +# define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +# define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE) + +# define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) + +# define EVP_PKEY_CTX_set_signature_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_GET_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_mac_key(ctx, key, len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)(key)) + +# define EVP_PKEY_CTRL_MD 1 +# define EVP_PKEY_CTRL_PEER_KEY 2 + +# define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 +# define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 + +# define EVP_PKEY_CTRL_PKCS7_SIGN 5 + +# define EVP_PKEY_CTRL_SET_MAC_KEY 6 + +# define EVP_PKEY_CTRL_DIGESTINIT 7 + +/* Used by GOST key encryption in TLS */ +# define EVP_PKEY_CTRL_SET_IV 8 + +# define EVP_PKEY_CTRL_CMS_ENCRYPT 9 +# define EVP_PKEY_CTRL_CMS_DECRYPT 10 +# define EVP_PKEY_CTRL_CMS_SIGN 11 + +# define EVP_PKEY_CTRL_CIPHER 12 + +# define EVP_PKEY_CTRL_GET_MD 13 + +# define EVP_PKEY_CTRL_SET_DIGEST_SIZE 14 + +# define EVP_PKEY_ALG_CTRL 0x1000 + +# define EVP_PKEY_FLAG_AUTOARGLEN 2 +/* + * Method handles all operations: don't assume any digest related defaults. + */ +# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 + +const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); +void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, + const EVP_PKEY_METHOD *meth); +void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); +size_t EVP_PKEY_meth_get_count(void); +const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); +int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, uint64_t value); + +int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); +int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); + +int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, + const unsigned char *key, int keylen); +EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, + const unsigned char *priv, + size_t len); +EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, + const unsigned char *pub, + size_t len); +int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len); +int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len); + +EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, + size_t len, const EVP_CIPHER *cipher); + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); + +void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init) (EVP_PKEY_CTX *ctx), + int (*paramgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init) (EVP_PKEY_CTX *ctx), + int (*keygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init) (EVP_PKEY_CTX *ctx), + int (*sign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init) (EVP_PKEY_CTX *ctx), + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init) (EVP_PKEY_CTX + *ctx), + int (*verify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*signctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*verifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init) (EVP_PKEY_CTX *ctx), + int (*encryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init) (EVP_PKEY_CTX *ctx), + int (*decrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init) (EVP_PKEY_CTX *ctx), + int (*derive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (*ctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, + int (*digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, + int (*digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, + int (*digest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, + int (**digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, + int (**digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, + int (**pdigest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); +void EVP_add_alg_module(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/evperr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/evperr.h new file mode 100644 index 00000000..d2b26ea5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/evperr.h @@ -0,0 +1,205 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EVPERR_H +# define HEADER_EVPERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EVP_strings(void); + +/* + * EVP function codes. + */ +# define EVP_F_AESNI_INIT_KEY 165 +# define EVP_F_AESNI_XTS_INIT_KEY 207 +# define EVP_F_AES_GCM_CTRL 196 +# define EVP_F_AES_INIT_KEY 133 +# define EVP_F_AES_OCB_CIPHER 169 +# define EVP_F_AES_T4_INIT_KEY 178 +# define EVP_F_AES_T4_XTS_INIT_KEY 208 +# define EVP_F_AES_WRAP_CIPHER 170 +# define EVP_F_AES_XTS_INIT_KEY 209 +# define EVP_F_ALG_MODULE_INIT 177 +# define EVP_F_ARIA_CCM_INIT_KEY 175 +# define EVP_F_ARIA_GCM_CTRL 197 +# define EVP_F_ARIA_GCM_INIT_KEY 176 +# define EVP_F_ARIA_INIT_KEY 185 +# define EVP_F_B64_NEW 198 +# define EVP_F_CAMELLIA_INIT_KEY 159 +# define EVP_F_CHACHA20_POLY1305_CTRL 182 +# define EVP_F_CMLL_T4_INIT_KEY 179 +# define EVP_F_DES_EDE3_WRAP_CIPHER 171 +# define EVP_F_DO_SIGVER_INIT 161 +# define EVP_F_ENC_NEW 199 +# define EVP_F_EVP_CIPHERINIT_EX 123 +# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 204 +# define EVP_F_EVP_CIPHER_CTX_COPY 163 +# define EVP_F_EVP_CIPHER_CTX_CTRL 124 +# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 +# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 205 +# define EVP_F_EVP_DECRYPTFINAL_EX 101 +# define EVP_F_EVP_DECRYPTUPDATE 166 +# define EVP_F_EVP_DIGESTFINALXOF 174 +# define EVP_F_EVP_DIGESTINIT_EX 128 +# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 +# define EVP_F_EVP_ENCRYPTFINAL_EX 127 +# define EVP_F_EVP_ENCRYPTUPDATE 167 +# define EVP_F_EVP_MD_CTX_COPY_EX 110 +# define EVP_F_EVP_MD_SIZE 162 +# define EVP_F_EVP_OPENINIT 102 +# define EVP_F_EVP_PBE_ALG_ADD 115 +# define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 +# define EVP_F_EVP_PBE_CIPHERINIT 116 +# define EVP_F_EVP_PBE_SCRYPT 181 +# define EVP_F_EVP_PKCS82PKEY 111 +# define EVP_F_EVP_PKEY2PKCS8 113 +# define EVP_F_EVP_PKEY_ASN1_ADD0 188 +# define EVP_F_EVP_PKEY_CHECK 186 +# define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +# define EVP_F_EVP_PKEY_CTX_CTRL 137 +# define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 +# define EVP_F_EVP_PKEY_CTX_DUP 156 +# define EVP_F_EVP_PKEY_CTX_MD 168 +# define EVP_F_EVP_PKEY_DECRYPT 104 +# define EVP_F_EVP_PKEY_DECRYPT_INIT 138 +# define EVP_F_EVP_PKEY_DECRYPT_OLD 151 +# define EVP_F_EVP_PKEY_DERIVE 153 +# define EVP_F_EVP_PKEY_DERIVE_INIT 154 +# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 +# define EVP_F_EVP_PKEY_ENCRYPT 105 +# define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 +# define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 +# define EVP_F_EVP_PKEY_GET0_DH 119 +# define EVP_F_EVP_PKEY_GET0_DSA 120 +# define EVP_F_EVP_PKEY_GET0_EC_KEY 131 +# define EVP_F_EVP_PKEY_GET0_HMAC 183 +# define EVP_F_EVP_PKEY_GET0_POLY1305 184 +# define EVP_F_EVP_PKEY_GET0_RSA 121 +# define EVP_F_EVP_PKEY_GET0_SIPHASH 172 +# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY 202 +# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY 203 +# define EVP_F_EVP_PKEY_KEYGEN 146 +# define EVP_F_EVP_PKEY_KEYGEN_INIT 147 +# define EVP_F_EVP_PKEY_METH_ADD0 194 +# define EVP_F_EVP_PKEY_METH_NEW 195 +# define EVP_F_EVP_PKEY_NEW 106 +# define EVP_F_EVP_PKEY_NEW_CMAC_KEY 193 +# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 191 +# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY 192 +# define EVP_F_EVP_PKEY_PARAMGEN 148 +# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 +# define EVP_F_EVP_PKEY_PARAM_CHECK 189 +# define EVP_F_EVP_PKEY_PUBLIC_CHECK 190 +# define EVP_F_EVP_PKEY_SET1_ENGINE 187 +# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE 206 +# define EVP_F_EVP_PKEY_SIGN 140 +# define EVP_F_EVP_PKEY_SIGN_INIT 141 +# define EVP_F_EVP_PKEY_VERIFY 142 +# define EVP_F_EVP_PKEY_VERIFY_INIT 143 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 +# define EVP_F_EVP_SIGNFINAL 107 +# define EVP_F_EVP_VERIFYFINAL 108 +# define EVP_F_INT_CTX_NEW 157 +# define EVP_F_OK_NEW 200 +# define EVP_F_PKCS5_PBE_KEYIVGEN 117 +# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 +# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 +# define EVP_F_PKEY_SET_TYPE 158 +# define EVP_F_RC2_MAGIC_TO_METH 109 +# define EVP_F_RC5_CTRL 125 +# define EVP_F_R_32_12_16_INIT_KEY 242 +# define EVP_F_S390X_AES_GCM_CTRL 201 +# define EVP_F_UPDATE 173 + +/* + * EVP reason codes. + */ +# define EVP_R_AES_KEY_SETUP_FAILED 143 +# define EVP_R_ARIA_KEY_SETUP_FAILED 176 +# define EVP_R_BAD_DECRYPT 100 +# define EVP_R_BAD_KEY_LENGTH 195 +# define EVP_R_BUFFER_TOO_SMALL 155 +# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +# define EVP_R_CIPHER_PARAMETER_ERROR 122 +# define EVP_R_COMMAND_NOT_SUPPORTED 147 +# define EVP_R_COPY_ERROR 173 +# define EVP_R_CTRL_NOT_IMPLEMENTED 132 +# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 +# define EVP_R_DECODE_ERROR 114 +# define EVP_R_DIFFERENT_KEY_TYPES 101 +# define EVP_R_DIFFERENT_PARAMETERS 153 +# define EVP_R_ERROR_LOADING_SECTION 165 +# define EVP_R_ERROR_SETTING_FIPS_MODE 166 +# define EVP_R_EXPECTING_AN_HMAC_KEY 174 +# define EVP_R_EXPECTING_AN_RSA_KEY 127 +# define EVP_R_EXPECTING_A_DH_KEY 128 +# define EVP_R_EXPECTING_A_DSA_KEY 129 +# define EVP_R_EXPECTING_A_EC_KEY 142 +# define EVP_R_EXPECTING_A_POLY1305_KEY 164 +# define EVP_R_EXPECTING_A_SIPHASH_KEY 175 +# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 +# define EVP_R_GET_RAW_KEY_FAILED 182 +# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 +# define EVP_R_INITIALIZATION_ERROR 134 +# define EVP_R_INPUT_NOT_INITIALIZED 111 +# define EVP_R_INVALID_DIGEST 152 +# define EVP_R_INVALID_FIPS_MODE 168 +# define EVP_R_INVALID_IV_LENGTH 194 +# define EVP_R_INVALID_KEY 163 +# define EVP_R_INVALID_KEY_LENGTH 130 +# define EVP_R_INVALID_OPERATION 148 +# define EVP_R_KEYGEN_FAILURE 120 +# define EVP_R_KEY_SETUP_FAILED 180 +# define EVP_R_MEMORY_LIMIT_EXCEEDED 172 +# define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +# define EVP_R_METHOD_NOT_SUPPORTED 144 +# define EVP_R_MISSING_PARAMETERS 103 +# define EVP_R_NOT_XOF_OR_INVALID_LENGTH 178 +# define EVP_R_NO_CIPHER_SET 131 +# define EVP_R_NO_DEFAULT_DIGEST 158 +# define EVP_R_NO_DIGEST_SET 139 +# define EVP_R_NO_KEY_SET 154 +# define EVP_R_NO_OPERATION_SET 149 +# define EVP_R_ONLY_ONESHOT_SUPPORTED 177 +# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +# define EVP_R_OPERATON_NOT_INITIALIZED 151 +# define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PBKDF2_ERROR 181 +# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 +# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 +# define EVP_R_PUBLIC_KEY_NOT_RSA 106 +# define EVP_R_UNKNOWN_CIPHER 160 +# define EVP_R_UNKNOWN_DIGEST 161 +# define EVP_R_UNKNOWN_OPTION 169 +# define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +# define EVP_R_UNSUPPORTED_ALGORITHM 156 +# define EVP_R_UNSUPPORTED_CIPHER 107 +# define EVP_R_UNSUPPORTED_KEYLENGTH 123 +# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +# define EVP_R_UNSUPPORTED_KEY_SIZE 108 +# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 +# define EVP_R_UNSUPPORTED_PRF 125 +# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +# define EVP_R_UNSUPPORTED_SALT_TYPE 126 +# define EVP_R_WRAP_MODE_NOT_ALLOWED 170 +# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +# define EVP_R_XTS_DUPLICATED_KEYS 183 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/hmac.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/hmac.h new file mode 100644 index 00000000..458efc1d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/hmac.h @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_HMAC_H +# define HEADER_HMAC_H + +# include + +# include + +# if OPENSSL_API_COMPAT < 0x10200000L +# define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */ +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +size_t HMAC_size(const HMAC_CTX *e); +HMAC_CTX *HMAC_CTX_new(void); +int HMAC_CTX_reset(HMAC_CTX *ctx); +void HMAC_CTX_free(HMAC_CTX *ctx); + +DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md)) + +/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md, ENGINE *impl); +/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, + size_t len); +/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, + unsigned int *len); +unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + const unsigned char *d, size_t n, unsigned char *md, + unsigned int *md_len); +__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); + +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); +const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/idea.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/idea.h new file mode 100644 index 00000000..4334f3ea --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/idea.h @@ -0,0 +1,64 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_IDEA_H +# define HEADER_IDEA_H + +# include + +# ifndef OPENSSL_NO_IDEA +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned int IDEA_INT; + +# define IDEA_ENCRYPT 1 +# define IDEA_DECRYPT 0 + +# define IDEA_BLOCK 8 +# define IDEA_KEY_LENGTH 16 + +typedef struct idea_key_st { + IDEA_INT data[9][6]; +} IDEA_KEY_SCHEDULE; + +const char *IDEA_options(void); +void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out, + IDEA_KEY_SCHEDULE *ks); +void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); +void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int enc); +void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num, int enc); +void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num); +void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define idea_options IDEA_options +# define idea_ecb_encrypt IDEA_ecb_encrypt +# define idea_set_encrypt_key IDEA_set_encrypt_key +# define idea_set_decrypt_key IDEA_set_decrypt_key +# define idea_cbc_encrypt IDEA_cbc_encrypt +# define idea_cfb64_encrypt IDEA_cfb64_encrypt +# define idea_ofb64_encrypt IDEA_ofb64_encrypt +# define idea_encrypt IDEA_encrypt +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/kdf.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/kdf.h new file mode 100644 index 00000000..5abd4c37 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/kdf.h @@ -0,0 +1,97 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_KDF_H +# define HEADER_KDF_H + +# include +#ifdef __cplusplus +extern "C" { +#endif + +# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) +# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_PASS (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_SCRYPT_SALT (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_SCRYPT_N (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SCRYPT_R (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_SCRYPT_P (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES (EVP_PKEY_ALG_CTRL + 13) + +# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0 +# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1 +# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2 + +# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)(sec)) + +# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)(seed)) + +# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key)) + +# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info)) + +# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MODE, mode, NULL) + +# define EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, passlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_PASS, passlen, (void *)(pass)) + +# define EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set_scrypt_N(pctx, n) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_N, n) + +# define EVP_PKEY_CTX_set_scrypt_r(pctx, r) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_R, r) + +# define EVP_PKEY_CTX_set_scrypt_p(pctx, p) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_P, p) + +# define EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem_bytes) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes) + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/kdferr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/kdferr.h new file mode 100644 index 00000000..3f51bd02 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/kdferr.h @@ -0,0 +1,55 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_KDFERR_H +# define HEADER_KDFERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_KDF_strings(void); + +/* + * KDF function codes. + */ +# define KDF_F_PKEY_HKDF_CTRL_STR 103 +# define KDF_F_PKEY_HKDF_DERIVE 102 +# define KDF_F_PKEY_HKDF_INIT 108 +# define KDF_F_PKEY_SCRYPT_CTRL_STR 104 +# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 105 +# define KDF_F_PKEY_SCRYPT_DERIVE 109 +# define KDF_F_PKEY_SCRYPT_INIT 106 +# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 107 +# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 +# define KDF_F_PKEY_TLS1_PRF_DERIVE 101 +# define KDF_F_PKEY_TLS1_PRF_INIT 110 +# define KDF_F_TLS1_PRF_ALG 111 + +/* + * KDF reason codes. + */ +# define KDF_R_INVALID_DIGEST 100 +# define KDF_R_MISSING_ITERATION_COUNT 109 +# define KDF_R_MISSING_KEY 104 +# define KDF_R_MISSING_MESSAGE_DIGEST 105 +# define KDF_R_MISSING_PARAMETER 101 +# define KDF_R_MISSING_PASS 110 +# define KDF_R_MISSING_SALT 111 +# define KDF_R_MISSING_SECRET 107 +# define KDF_R_MISSING_SEED 106 +# define KDF_R_UNKNOWN_PARAMETER_TYPE 103 +# define KDF_R_VALUE_ERROR 108 +# define KDF_R_VALUE_MISSING 102 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/lhash.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/lhash.h new file mode 100644 index 00000000..2e42d727 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/lhash.h @@ -0,0 +1,241 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Header for dynamic hash table routines Author - Eric Young + */ + +#ifndef HEADER_LHASH_H +# define HEADER_LHASH_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct lhash_node_st OPENSSL_LH_NODE; +typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *); +typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *); +typedef void (*OPENSSL_LH_DOALL_FUNC) (void *); +typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *); +typedef struct lhash_st OPENSSL_LHASH; + +/* + * Macros for declaring and implementing type-safe wrappers for LHASH + * callbacks. This way, callbacks can be provided to LHASH structures without + * function pointer casting and the macro-defined callbacks provide + * per-variable casting before deferring to the underlying type-specific + * callbacks. NB: It is possible to place a "static" in front of both the + * DECLARE and IMPLEMENT macros if the functions are strictly internal. + */ + +/* First: "hash" functions */ +# define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) { \ + const o_type *a = arg; \ + return name##_hash(a); } +# define LHASH_HASH_FN(name) name##_LHASH_HASH + +/* Second: "compare" functions */ +# define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a,b); } +# define LHASH_COMP_FN(name) name##_LHASH_COMP + +/* Fourth: "doall_arg" functions */ +# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); } +# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + + +# define LH_LOAD_MULT 256 + +int OPENSSL_LH_error(OPENSSL_LHASH *lh); +OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); +void OPENSSL_LH_free(OPENSSL_LHASH *lh); +void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data); +void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data); +void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data); +void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func); +void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg); +unsigned long OPENSSL_LH_strhash(const char *c); +unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh); +unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh); +void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load); + +# ifndef OPENSSL_NO_STDIO +void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); +void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); +void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); +# endif +void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define _LHASH OPENSSL_LHASH +# define LHASH_NODE OPENSSL_LH_NODE +# define lh_error OPENSSL_LH_error +# define lh_new OPENSSL_LH_new +# define lh_free OPENSSL_LH_free +# define lh_insert OPENSSL_LH_insert +# define lh_delete OPENSSL_LH_delete +# define lh_retrieve OPENSSL_LH_retrieve +# define lh_doall OPENSSL_LH_doall +# define lh_doall_arg OPENSSL_LH_doall_arg +# define lh_strhash OPENSSL_LH_strhash +# define lh_num_items OPENSSL_LH_num_items +# ifndef OPENSSL_NO_STDIO +# define lh_stats OPENSSL_LH_stats +# define lh_node_stats OPENSSL_LH_node_stats +# define lh_node_usage_stats OPENSSL_LH_node_usage_stats +# endif +# define lh_stats_bio OPENSSL_LH_stats_bio +# define lh_node_stats_bio OPENSSL_LH_node_stats_bio +# define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio +# endif + +/* Type checking... */ + +# define LHASH_OF(type) struct lhash_st_##type + +# define DEFINE_LHASH_OF(type) \ + LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \ + static ossl_unused ossl_inline LHASH_OF(type) *lh_##type##_new(unsigned long (*hfn)(const type *), \ + int (*cfn)(const type *, const type *)) \ + { \ + return (LHASH_OF(type) *) \ + OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ + } \ + static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ + { \ + OPENSSL_LH_free((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ + { \ + return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ + { \ + OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ + } \ + static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ + void (*doall)(type *)) \ + { \ + OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ + } \ + LHASH_OF(type) + +#define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \ + int_implement_lhash_doall(type, argtype, const type) + +#define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \ + int_implement_lhash_doall(type, argtype, type) + +#define int_implement_lhash_doall(type, argtype, cbargtype) \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ + void (*fn)(cbargtype *, argtype *), \ + argtype *arg) \ + { \ + OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \ + } \ + LHASH_OF(type) + +DEFINE_LHASH_OF(OPENSSL_STRING); +# ifdef _MSC_VER +/* + * push and pop this warning: + * warning C4090: 'function': different 'const' qualifiers + */ +# pragma warning (push) +# pragma warning (disable: 4090) +# endif + +DEFINE_LHASH_OF(OPENSSL_CSTRING); + +# ifdef _MSC_VER +# pragma warning (pop) +# endif + +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_LH_new +# pragma weak OPENSSL_LH_free +# pragma weak OPENSSL_LH_insert +# pragma weak OPENSSL_LH_delete +# pragma weak OPENSSL_LH_retrieve +# pragma weak OPENSSL_LH_error +# pragma weak OPENSSL_LH_num_items +# pragma weak OPENSSL_LH_node_stats_bio +# pragma weak OPENSSL_LH_node_usage_stats_bio +# pragma weak OPENSSL_LH_stats_bio +# pragma weak OPENSSL_LH_get_down_load +# pragma weak OPENSSL_LH_set_down_load +# pragma weak OPENSSL_LH_doall +# pragma weak OPENSSL_LH_doall_arg +# endif /* __SUNPRO_C */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/md2.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/md2.h new file mode 100644 index 00000000..7faf8e3d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/md2.h @@ -0,0 +1,44 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MD2_H +# define HEADER_MD2_H + +# include + +# ifndef OPENSSL_NO_MD2 +# include +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned char MD2_INT; + +# define MD2_DIGEST_LENGTH 16 +# define MD2_BLOCK 16 + +typedef struct MD2state_st { + unsigned int num; + unsigned char data[MD2_BLOCK]; + MD2_INT cksm[MD2_BLOCK]; + MD2_INT state[MD2_BLOCK]; +} MD2_CTX; + +const char *MD2_options(void); +int MD2_Init(MD2_CTX *c); +int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); +int MD2_Final(unsigned char *md, MD2_CTX *c); +unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/md4.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/md4.h new file mode 100644 index 00000000..940e29db --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/md4.h @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MD4_H +# define HEADER_MD4_H + +# include + +# ifndef OPENSSL_NO_MD4 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD4_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD4_LONG unsigned int + +# define MD4_CBLOCK 64 +# define MD4_LBLOCK (MD4_CBLOCK/4) +# define MD4_DIGEST_LENGTH 16 + +typedef struct MD4state_st { + MD4_LONG A, B, C, D; + MD4_LONG Nl, Nh; + MD4_LONG data[MD4_LBLOCK]; + unsigned int num; +} MD4_CTX; + +int MD4_Init(MD4_CTX *c); +int MD4_Update(MD4_CTX *c, const void *data, size_t len); +int MD4_Final(unsigned char *md, MD4_CTX *c); +unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md); +void MD4_Transform(MD4_CTX *c, const unsigned char *b); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/md5.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/md5.h new file mode 100644 index 00000000..2deb7721 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/md5.h @@ -0,0 +1,50 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MD5_H +# define HEADER_MD5_H + +# include + +# ifndef OPENSSL_NO_MD5 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD5_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD5_LONG unsigned int + +# define MD5_CBLOCK 64 +# define MD5_LBLOCK (MD5_CBLOCK/4) +# define MD5_DIGEST_LENGTH 16 + +typedef struct MD5state_st { + MD5_LONG A, B, C, D; + MD5_LONG Nl, Nh; + MD5_LONG data[MD5_LBLOCK]; + unsigned int num; +} MD5_CTX; + +int MD5_Init(MD5_CTX *c); +int MD5_Update(MD5_CTX *c, const void *data, size_t len); +int MD5_Final(unsigned char *md, MD5_CTX *c); +unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); +void MD5_Transform(MD5_CTX *c, const unsigned char *b); +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/mdc2.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/mdc2.h new file mode 100644 index 00000000..aabd2bfa --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/mdc2.h @@ -0,0 +1,42 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MDC2_H +# define HEADER_MDC2_H + +# include + +#ifndef OPENSSL_NO_MDC2 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define MDC2_BLOCK 8 +# define MDC2_DIGEST_LENGTH 16 + +typedef struct mdc2_ctx_st { + unsigned int num; + unsigned char data[MDC2_BLOCK]; + DES_cblock h, hh; + int pad_type; /* either 1 or 2, default 1 */ +} MDC2_CTX; + +int MDC2_Init(MDC2_CTX *c); +int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); +int MDC2_Final(unsigned char *md, MDC2_CTX *c); +unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/modes.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/modes.h new file mode 100644 index 00000000..d544f98d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/modes.h @@ -0,0 +1,208 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MODES_H +# define HEADER_MODES_H + +# include + +# ifdef __cplusplus +extern "C" { +# endif +typedef void (*block128_f) (const unsigned char in[16], + unsigned char out[16], const void *key); + +typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); + +typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16]); + +typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); + +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], unsigned int *num, + block128_f block); + +void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], + unsigned int *num, ctr128_f ctr); + +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); + +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +typedef struct gcm128_context GCM128_CONTEXT; + +GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); +void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block); +void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, + size_t len); +int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); + +typedef struct ccm128_context CCM128_CONTEXT; + +void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, + unsigned int M, unsigned int L, void *key, + block128_f block); +int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce, + size_t nlen, size_t mlen); +void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad, + size_t alen); +int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len); + +typedef struct xts128_context XTS128_CONTEXT; + +int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc); + +size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); + +size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); +size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); +size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); + +# ifndef OPENSSL_NO_OCB +typedef struct ocb128_context OCB128_CONTEXT; + +typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); + +OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, + void *keyenc, void *keydec); +int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, + size_t len, size_t taglen); +int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx); +# endif /* OPENSSL_NO_OCB */ + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/obj_mac.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/obj_mac.h new file mode 100644 index 00000000..483fc050 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/obj_mac.h @@ -0,0 +1,5198 @@ +/* + * WARNING: do not edit! + * Generated by crypto/objects/objects.pl + * + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L + +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 645 +#define OBJ_itu_t 0L + +#define NID_ccitt 404 +#define OBJ_ccitt OBJ_itu_t + +#define SN_iso "ISO" +#define LN_iso "iso" +#define NID_iso 181 +#define OBJ_iso 1L + +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 646 +#define OBJ_joint_iso_itu_t 2L + +#define NID_joint_iso_ccitt 393 +#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t + +#define SN_member_body "member-body" +#define LN_member_body "ISO Member Body" +#define NID_member_body 182 +#define OBJ_member_body OBJ_iso,2L + +#define SN_identified_organization "identified-organization" +#define NID_identified_organization 676 +#define OBJ_identified_organization OBJ_iso,3L + +#define SN_hmac_md5 "HMAC-MD5" +#define LN_hmac_md5 "hmac-md5" +#define NID_hmac_md5 780 +#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L + +#define SN_hmac_sha1 "HMAC-SHA1" +#define LN_hmac_sha1 "hmac-sha1" +#define NID_hmac_sha1 781 +#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L + +#define SN_x509ExtAdmission "x509ExtAdmission" +#define LN_x509ExtAdmission "Professional Information or basis for Admission" +#define NID_x509ExtAdmission 1093 +#define OBJ_x509ExtAdmission OBJ_identified_organization,36L,8L,3L,3L + +#define SN_certicom_arc "certicom-arc" +#define NID_certicom_arc 677 +#define OBJ_certicom_arc OBJ_identified_organization,132L + +#define SN_ieee "ieee" +#define NID_ieee 1170 +#define OBJ_ieee OBJ_identified_organization,111L + +#define SN_ieee_siswg "ieee-siswg" +#define LN_ieee_siswg "IEEE Security in Storage Working Group" +#define NID_ieee_siswg 1171 +#define OBJ_ieee_siswg OBJ_ieee,2L,1619L + +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 647 +#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + +#define SN_wap "wap" +#define NID_wap 678 +#define OBJ_wap OBJ_international_organizations,43L + +#define SN_wap_wsg "wap-wsg" +#define NID_wap_wsg 679 +#define OBJ_wap_wsg OBJ_wap,1L + +#define SN_selected_attribute_types "selected-attribute-types" +#define LN_selected_attribute_types "Selected Attribute Types" +#define NID_selected_attribute_types 394 +#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L + +#define SN_clearance "clearance" +#define NID_clearance 395 +#define OBJ_clearance OBJ_selected_attribute_types,55L + +#define SN_ISO_US "ISO-US" +#define LN_ISO_US "ISO US Member Body" +#define NID_ISO_US 183 +#define OBJ_ISO_US OBJ_member_body,840L + +#define SN_X9_57 "X9-57" +#define LN_X9_57 "X9.57" +#define NID_X9_57 184 +#define OBJ_X9_57 OBJ_ISO_US,10040L + +#define SN_X9cm "X9cm" +#define LN_X9cm "X9.57 CM ?" +#define NID_X9cm 185 +#define OBJ_X9cm OBJ_X9_57,4L + +#define SN_ISO_CN "ISO-CN" +#define LN_ISO_CN "ISO CN Member Body" +#define NID_ISO_CN 1140 +#define OBJ_ISO_CN OBJ_member_body,156L + +#define SN_oscca "oscca" +#define NID_oscca 1141 +#define OBJ_oscca OBJ_ISO_CN,10197L + +#define SN_sm_scheme "sm-scheme" +#define NID_sm_scheme 1142 +#define OBJ_sm_scheme OBJ_oscca,1L + +#define SN_dsa "DSA" +#define LN_dsa "dsaEncryption" +#define NID_dsa 116 +#define OBJ_dsa OBJ_X9cm,1L + +#define SN_dsaWithSHA1 "DSA-SHA1" +#define LN_dsaWithSHA1 "dsaWithSHA1" +#define NID_dsaWithSHA1 113 +#define OBJ_dsaWithSHA1 OBJ_X9cm,3L + +#define SN_ansi_X9_62 "ansi-X9-62" +#define LN_ansi_X9_62 "ANSI X9.62" +#define NID_ansi_X9_62 405 +#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L + +#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L + +#define SN_X9_62_prime_field "prime-field" +#define NID_X9_62_prime_field 406 +#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L + +#define SN_X9_62_characteristic_two_field "characteristic-two-field" +#define NID_X9_62_characteristic_two_field 407 +#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L + +#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" +#define NID_X9_62_id_characteristic_two_basis 680 +#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L + +#define SN_X9_62_onBasis "onBasis" +#define NID_X9_62_onBasis 681 +#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L + +#define SN_X9_62_tpBasis "tpBasis" +#define NID_X9_62_tpBasis 682 +#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L + +#define SN_X9_62_ppBasis "ppBasis" +#define NID_X9_62_ppBasis 683 +#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L + +#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L + +#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" +#define NID_X9_62_id_ecPublicKey 408 +#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L + +#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L + +#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L + +#define SN_X9_62_c2pnb163v1 "c2pnb163v1" +#define NID_X9_62_c2pnb163v1 684 +#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L + +#define SN_X9_62_c2pnb163v2 "c2pnb163v2" +#define NID_X9_62_c2pnb163v2 685 +#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L + +#define SN_X9_62_c2pnb163v3 "c2pnb163v3" +#define NID_X9_62_c2pnb163v3 686 +#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L + +#define SN_X9_62_c2pnb176v1 "c2pnb176v1" +#define NID_X9_62_c2pnb176v1 687 +#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L + +#define SN_X9_62_c2tnb191v1 "c2tnb191v1" +#define NID_X9_62_c2tnb191v1 688 +#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L + +#define SN_X9_62_c2tnb191v2 "c2tnb191v2" +#define NID_X9_62_c2tnb191v2 689 +#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L + +#define SN_X9_62_c2tnb191v3 "c2tnb191v3" +#define NID_X9_62_c2tnb191v3 690 +#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L + +#define SN_X9_62_c2onb191v4 "c2onb191v4" +#define NID_X9_62_c2onb191v4 691 +#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L + +#define SN_X9_62_c2onb191v5 "c2onb191v5" +#define NID_X9_62_c2onb191v5 692 +#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L + +#define SN_X9_62_c2pnb208w1 "c2pnb208w1" +#define NID_X9_62_c2pnb208w1 693 +#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L + +#define SN_X9_62_c2tnb239v1 "c2tnb239v1" +#define NID_X9_62_c2tnb239v1 694 +#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L + +#define SN_X9_62_c2tnb239v2 "c2tnb239v2" +#define NID_X9_62_c2tnb239v2 695 +#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L + +#define SN_X9_62_c2tnb239v3 "c2tnb239v3" +#define NID_X9_62_c2tnb239v3 696 +#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L + +#define SN_X9_62_c2onb239v4 "c2onb239v4" +#define NID_X9_62_c2onb239v4 697 +#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L + +#define SN_X9_62_c2onb239v5 "c2onb239v5" +#define NID_X9_62_c2onb239v5 698 +#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L + +#define SN_X9_62_c2pnb272w1 "c2pnb272w1" +#define NID_X9_62_c2pnb272w1 699 +#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L + +#define SN_X9_62_c2pnb304w1 "c2pnb304w1" +#define NID_X9_62_c2pnb304w1 700 +#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L + +#define SN_X9_62_c2tnb359v1 "c2tnb359v1" +#define NID_X9_62_c2tnb359v1 701 +#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L + +#define SN_X9_62_c2pnb368w1 "c2pnb368w1" +#define NID_X9_62_c2pnb368w1 702 +#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L + +#define SN_X9_62_c2tnb431r1 "c2tnb431r1" +#define NID_X9_62_c2tnb431r1 703 +#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L + +#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L + +#define SN_X9_62_prime192v1 "prime192v1" +#define NID_X9_62_prime192v1 409 +#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L + +#define SN_X9_62_prime192v2 "prime192v2" +#define NID_X9_62_prime192v2 410 +#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L + +#define SN_X9_62_prime192v3 "prime192v3" +#define NID_X9_62_prime192v3 411 +#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L + +#define SN_X9_62_prime239v1 "prime239v1" +#define NID_X9_62_prime239v1 412 +#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L + +#define SN_X9_62_prime239v2 "prime239v2" +#define NID_X9_62_prime239v2 413 +#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L + +#define SN_X9_62_prime239v3 "prime239v3" +#define NID_X9_62_prime239v3 414 +#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L + +#define SN_X9_62_prime256v1 "prime256v1" +#define NID_X9_62_prime256v1 415 +#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L + +#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L + +#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" +#define NID_ecdsa_with_SHA1 416 +#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L + +#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" +#define NID_ecdsa_with_Recommended 791 +#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L + +#define SN_ecdsa_with_Specified "ecdsa-with-Specified" +#define NID_ecdsa_with_Specified 792 +#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L + +#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" +#define NID_ecdsa_with_SHA224 793 +#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L + +#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" +#define NID_ecdsa_with_SHA256 794 +#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L + +#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" +#define NID_ecdsa_with_SHA384 795 +#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L + +#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" +#define NID_ecdsa_with_SHA512 796 +#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L + +#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L + +#define SN_secp112r1 "secp112r1" +#define NID_secp112r1 704 +#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L + +#define SN_secp112r2 "secp112r2" +#define NID_secp112r2 705 +#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L + +#define SN_secp128r1 "secp128r1" +#define NID_secp128r1 706 +#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L + +#define SN_secp128r2 "secp128r2" +#define NID_secp128r2 707 +#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L + +#define SN_secp160k1 "secp160k1" +#define NID_secp160k1 708 +#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L + +#define SN_secp160r1 "secp160r1" +#define NID_secp160r1 709 +#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L + +#define SN_secp160r2 "secp160r2" +#define NID_secp160r2 710 +#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L + +#define SN_secp192k1 "secp192k1" +#define NID_secp192k1 711 +#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L + +#define SN_secp224k1 "secp224k1" +#define NID_secp224k1 712 +#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L + +#define SN_secp224r1 "secp224r1" +#define NID_secp224r1 713 +#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L + +#define SN_secp256k1 "secp256k1" +#define NID_secp256k1 714 +#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L + +#define SN_secp384r1 "secp384r1" +#define NID_secp384r1 715 +#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L + +#define SN_secp521r1 "secp521r1" +#define NID_secp521r1 716 +#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L + +#define SN_sect113r1 "sect113r1" +#define NID_sect113r1 717 +#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L + +#define SN_sect113r2 "sect113r2" +#define NID_sect113r2 718 +#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L + +#define SN_sect131r1 "sect131r1" +#define NID_sect131r1 719 +#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L + +#define SN_sect131r2 "sect131r2" +#define NID_sect131r2 720 +#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L + +#define SN_sect163k1 "sect163k1" +#define NID_sect163k1 721 +#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L + +#define SN_sect163r1 "sect163r1" +#define NID_sect163r1 722 +#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L + +#define SN_sect163r2 "sect163r2" +#define NID_sect163r2 723 +#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L + +#define SN_sect193r1 "sect193r1" +#define NID_sect193r1 724 +#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L + +#define SN_sect193r2 "sect193r2" +#define NID_sect193r2 725 +#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L + +#define SN_sect233k1 "sect233k1" +#define NID_sect233k1 726 +#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L + +#define SN_sect233r1 "sect233r1" +#define NID_sect233r1 727 +#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L + +#define SN_sect239k1 "sect239k1" +#define NID_sect239k1 728 +#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L + +#define SN_sect283k1 "sect283k1" +#define NID_sect283k1 729 +#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L + +#define SN_sect283r1 "sect283r1" +#define NID_sect283r1 730 +#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L + +#define SN_sect409k1 "sect409k1" +#define NID_sect409k1 731 +#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L + +#define SN_sect409r1 "sect409r1" +#define NID_sect409r1 732 +#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L + +#define SN_sect571k1 "sect571k1" +#define NID_sect571k1 733 +#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L + +#define SN_sect571r1 "sect571r1" +#define NID_sect571r1 734 +#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L + +#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L + +#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" +#define NID_wap_wsg_idm_ecid_wtls1 735 +#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L + +#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" +#define NID_wap_wsg_idm_ecid_wtls3 736 +#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L + +#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" +#define NID_wap_wsg_idm_ecid_wtls4 737 +#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L + +#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" +#define NID_wap_wsg_idm_ecid_wtls5 738 +#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L + +#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" +#define NID_wap_wsg_idm_ecid_wtls6 739 +#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L + +#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" +#define NID_wap_wsg_idm_ecid_wtls7 740 +#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L + +#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" +#define NID_wap_wsg_idm_ecid_wtls8 741 +#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L + +#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" +#define NID_wap_wsg_idm_ecid_wtls9 742 +#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L + +#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" +#define NID_wap_wsg_idm_ecid_wtls10 743 +#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L + +#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" +#define NID_wap_wsg_idm_ecid_wtls11 744 +#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L + +#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" +#define NID_wap_wsg_idm_ecid_wtls12 745 +#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L + +#define SN_cast5_cbc "CAST5-CBC" +#define LN_cast5_cbc "cast5-cbc" +#define NID_cast5_cbc 108 +#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L + +#define SN_cast5_ecb "CAST5-ECB" +#define LN_cast5_ecb "cast5-ecb" +#define NID_cast5_ecb 109 + +#define SN_cast5_cfb64 "CAST5-CFB" +#define LN_cast5_cfb64 "cast5-cfb" +#define NID_cast5_cfb64 110 + +#define SN_cast5_ofb64 "CAST5-OFB" +#define LN_cast5_ofb64 "cast5-ofb" +#define NID_cast5_ofb64 111 + +#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" +#define NID_pbeWithMD5AndCast5_CBC 112 +#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L + +#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" +#define LN_id_PasswordBasedMAC "password based MAC" +#define NID_id_PasswordBasedMAC 782 +#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L + +#define SN_id_DHBasedMac "id-DHBasedMac" +#define LN_id_DHBasedMac "Diffie-Hellman based MAC" +#define NID_id_DHBasedMac 783 +#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L + +#define SN_rsadsi "rsadsi" +#define LN_rsadsi "RSA Data Security, Inc." +#define NID_rsadsi 1 +#define OBJ_rsadsi OBJ_ISO_US,113549L + +#define SN_pkcs "pkcs" +#define LN_pkcs "RSA Data Security, Inc. PKCS" +#define NID_pkcs 2 +#define OBJ_pkcs OBJ_rsadsi,1L + +#define SN_pkcs1 "pkcs1" +#define NID_pkcs1 186 +#define OBJ_pkcs1 OBJ_pkcs,1L + +#define LN_rsaEncryption "rsaEncryption" +#define NID_rsaEncryption 6 +#define OBJ_rsaEncryption OBJ_pkcs1,1L + +#define SN_md2WithRSAEncryption "RSA-MD2" +#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +#define NID_md2WithRSAEncryption 7 +#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L + +#define SN_md4WithRSAEncryption "RSA-MD4" +#define LN_md4WithRSAEncryption "md4WithRSAEncryption" +#define NID_md4WithRSAEncryption 396 +#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L + +#define SN_md5WithRSAEncryption "RSA-MD5" +#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +#define NID_md5WithRSAEncryption 8 +#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L + +#define SN_sha1WithRSAEncryption "RSA-SHA1" +#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +#define NID_sha1WithRSAEncryption 65 +#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L + +#define SN_rsaesOaep "RSAES-OAEP" +#define LN_rsaesOaep "rsaesOaep" +#define NID_rsaesOaep 919 +#define OBJ_rsaesOaep OBJ_pkcs1,7L + +#define SN_mgf1 "MGF1" +#define LN_mgf1 "mgf1" +#define NID_mgf1 911 +#define OBJ_mgf1 OBJ_pkcs1,8L + +#define SN_pSpecified "PSPECIFIED" +#define LN_pSpecified "pSpecified" +#define NID_pSpecified 935 +#define OBJ_pSpecified OBJ_pkcs1,9L + +#define SN_rsassaPss "RSASSA-PSS" +#define LN_rsassaPss "rsassaPss" +#define NID_rsassaPss 912 +#define OBJ_rsassaPss OBJ_pkcs1,10L + +#define SN_sha256WithRSAEncryption "RSA-SHA256" +#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" +#define NID_sha256WithRSAEncryption 668 +#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L + +#define SN_sha384WithRSAEncryption "RSA-SHA384" +#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" +#define NID_sha384WithRSAEncryption 669 +#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L + +#define SN_sha512WithRSAEncryption "RSA-SHA512" +#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" +#define NID_sha512WithRSAEncryption 670 +#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L + +#define SN_sha224WithRSAEncryption "RSA-SHA224" +#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" +#define NID_sha224WithRSAEncryption 671 +#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L + +#define SN_sha512_224WithRSAEncryption "RSA-SHA512/224" +#define LN_sha512_224WithRSAEncryption "sha512-224WithRSAEncryption" +#define NID_sha512_224WithRSAEncryption 1145 +#define OBJ_sha512_224WithRSAEncryption OBJ_pkcs1,15L + +#define SN_sha512_256WithRSAEncryption "RSA-SHA512/256" +#define LN_sha512_256WithRSAEncryption "sha512-256WithRSAEncryption" +#define NID_sha512_256WithRSAEncryption 1146 +#define OBJ_sha512_256WithRSAEncryption OBJ_pkcs1,16L + +#define SN_pkcs3 "pkcs3" +#define NID_pkcs3 27 +#define OBJ_pkcs3 OBJ_pkcs,3L + +#define LN_dhKeyAgreement "dhKeyAgreement" +#define NID_dhKeyAgreement 28 +#define OBJ_dhKeyAgreement OBJ_pkcs3,1L + +#define SN_pkcs5 "pkcs5" +#define NID_pkcs5 187 +#define OBJ_pkcs5 OBJ_pkcs,5L + +#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +#define NID_pbeWithMD2AndDES_CBC 9 +#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L + +#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +#define NID_pbeWithMD5AndDES_CBC 10 +#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L + +#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +#define NID_pbeWithMD2AndRC2_CBC 168 +#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L + +#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +#define NID_pbeWithMD5AndRC2_CBC 169 +#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L + +#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +#define NID_pbeWithSHA1AndDES_CBC 170 +#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L + +#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +#define NID_pbeWithSHA1AndRC2_CBC 68 +#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L + +#define LN_id_pbkdf2 "PBKDF2" +#define NID_id_pbkdf2 69 +#define OBJ_id_pbkdf2 OBJ_pkcs5,12L + +#define LN_pbes2 "PBES2" +#define NID_pbes2 161 +#define OBJ_pbes2 OBJ_pkcs5,13L + +#define LN_pbmac1 "PBMAC1" +#define NID_pbmac1 162 +#define OBJ_pbmac1 OBJ_pkcs5,14L + +#define SN_pkcs7 "pkcs7" +#define NID_pkcs7 20 +#define OBJ_pkcs7 OBJ_pkcs,7L + +#define LN_pkcs7_data "pkcs7-data" +#define NID_pkcs7_data 21 +#define OBJ_pkcs7_data OBJ_pkcs7,1L + +#define LN_pkcs7_signed "pkcs7-signedData" +#define NID_pkcs7_signed 22 +#define OBJ_pkcs7_signed OBJ_pkcs7,2L + +#define LN_pkcs7_enveloped "pkcs7-envelopedData" +#define NID_pkcs7_enveloped 23 +#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L + +#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +#define NID_pkcs7_signedAndEnveloped 24 +#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L + +#define LN_pkcs7_digest "pkcs7-digestData" +#define NID_pkcs7_digest 25 +#define OBJ_pkcs7_digest OBJ_pkcs7,5L + +#define LN_pkcs7_encrypted "pkcs7-encryptedData" +#define NID_pkcs7_encrypted 26 +#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L + +#define SN_pkcs9 "pkcs9" +#define NID_pkcs9 47 +#define OBJ_pkcs9 OBJ_pkcs,9L + +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L + +#define LN_pkcs9_unstructuredName "unstructuredName" +#define NID_pkcs9_unstructuredName 49 +#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L + +#define LN_pkcs9_contentType "contentType" +#define NID_pkcs9_contentType 50 +#define OBJ_pkcs9_contentType OBJ_pkcs9,3L + +#define LN_pkcs9_messageDigest "messageDigest" +#define NID_pkcs9_messageDigest 51 +#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L + +#define LN_pkcs9_signingTime "signingTime" +#define NID_pkcs9_signingTime 52 +#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L + +#define LN_pkcs9_countersignature "countersignature" +#define NID_pkcs9_countersignature 53 +#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L + +#define LN_pkcs9_challengePassword "challengePassword" +#define NID_pkcs9_challengePassword 54 +#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L + +#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +#define NID_pkcs9_unstructuredAddress 55 +#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L + +#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +#define NID_pkcs9_extCertAttributes 56 +#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L + +#define SN_ext_req "extReq" +#define LN_ext_req "Extension Request" +#define NID_ext_req 172 +#define OBJ_ext_req OBJ_pkcs9,14L + +#define SN_SMIMECapabilities "SMIME-CAPS" +#define LN_SMIMECapabilities "S/MIME Capabilities" +#define NID_SMIMECapabilities 167 +#define OBJ_SMIMECapabilities OBJ_pkcs9,15L + +#define SN_SMIME "SMIME" +#define LN_SMIME "S/MIME" +#define NID_SMIME 188 +#define OBJ_SMIME OBJ_pkcs9,16L + +#define SN_id_smime_mod "id-smime-mod" +#define NID_id_smime_mod 189 +#define OBJ_id_smime_mod OBJ_SMIME,0L + +#define SN_id_smime_ct "id-smime-ct" +#define NID_id_smime_ct 190 +#define OBJ_id_smime_ct OBJ_SMIME,1L + +#define SN_id_smime_aa "id-smime-aa" +#define NID_id_smime_aa 191 +#define OBJ_id_smime_aa OBJ_SMIME,2L + +#define SN_id_smime_alg "id-smime-alg" +#define NID_id_smime_alg 192 +#define OBJ_id_smime_alg OBJ_SMIME,3L + +#define SN_id_smime_cd "id-smime-cd" +#define NID_id_smime_cd 193 +#define OBJ_id_smime_cd OBJ_SMIME,4L + +#define SN_id_smime_spq "id-smime-spq" +#define NID_id_smime_spq 194 +#define OBJ_id_smime_spq OBJ_SMIME,5L + +#define SN_id_smime_cti "id-smime-cti" +#define NID_id_smime_cti 195 +#define OBJ_id_smime_cti OBJ_SMIME,6L + +#define SN_id_smime_mod_cms "id-smime-mod-cms" +#define NID_id_smime_mod_cms 196 +#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L + +#define SN_id_smime_mod_ess "id-smime-mod-ess" +#define NID_id_smime_mod_ess 197 +#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L + +#define SN_id_smime_mod_oid "id-smime-mod-oid" +#define NID_id_smime_mod_oid 198 +#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L + +#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" +#define NID_id_smime_mod_msg_v3 199 +#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L + +#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" +#define NID_id_smime_mod_ets_eSignature_88 200 +#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L + +#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" +#define NID_id_smime_mod_ets_eSignature_97 201 +#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L + +#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" +#define NID_id_smime_mod_ets_eSigPolicy_88 202 +#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L + +#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" +#define NID_id_smime_mod_ets_eSigPolicy_97 203 +#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L + +#define SN_id_smime_ct_receipt "id-smime-ct-receipt" +#define NID_id_smime_ct_receipt 204 +#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L + +#define SN_id_smime_ct_authData "id-smime-ct-authData" +#define NID_id_smime_ct_authData 205 +#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L + +#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" +#define NID_id_smime_ct_publishCert 206 +#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L + +#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" +#define NID_id_smime_ct_TSTInfo 207 +#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L + +#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" +#define NID_id_smime_ct_TDTInfo 208 +#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L + +#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" +#define NID_id_smime_ct_contentInfo 209 +#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L + +#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" +#define NID_id_smime_ct_DVCSRequestData 210 +#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L + +#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" +#define NID_id_smime_ct_DVCSResponseData 211 +#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L + +#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" +#define NID_id_smime_ct_compressedData 786 +#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L + +#define SN_id_smime_ct_contentCollection "id-smime-ct-contentCollection" +#define NID_id_smime_ct_contentCollection 1058 +#define OBJ_id_smime_ct_contentCollection OBJ_id_smime_ct,19L + +#define SN_id_smime_ct_authEnvelopedData "id-smime-ct-authEnvelopedData" +#define NID_id_smime_ct_authEnvelopedData 1059 +#define OBJ_id_smime_ct_authEnvelopedData OBJ_id_smime_ct,23L + +#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +#define NID_id_ct_asciiTextWithCRLF 787 +#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + +#define SN_id_ct_xml "id-ct-xml" +#define NID_id_ct_xml 1060 +#define OBJ_id_ct_xml OBJ_id_smime_ct,28L + +#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" +#define NID_id_smime_aa_receiptRequest 212 +#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L + +#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" +#define NID_id_smime_aa_securityLabel 213 +#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L + +#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" +#define NID_id_smime_aa_mlExpandHistory 214 +#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L + +#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" +#define NID_id_smime_aa_contentHint 215 +#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L + +#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" +#define NID_id_smime_aa_msgSigDigest 216 +#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L + +#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" +#define NID_id_smime_aa_encapContentType 217 +#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L + +#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" +#define NID_id_smime_aa_contentIdentifier 218 +#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L + +#define SN_id_smime_aa_macValue "id-smime-aa-macValue" +#define NID_id_smime_aa_macValue 219 +#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L + +#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" +#define NID_id_smime_aa_equivalentLabels 220 +#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L + +#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" +#define NID_id_smime_aa_contentReference 221 +#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L + +#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" +#define NID_id_smime_aa_encrypKeyPref 222 +#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L + +#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" +#define NID_id_smime_aa_signingCertificate 223 +#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L + +#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" +#define NID_id_smime_aa_smimeEncryptCerts 224 +#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L + +#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" +#define NID_id_smime_aa_timeStampToken 225 +#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L + +#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" +#define NID_id_smime_aa_ets_sigPolicyId 226 +#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L + +#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" +#define NID_id_smime_aa_ets_commitmentType 227 +#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L + +#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" +#define NID_id_smime_aa_ets_signerLocation 228 +#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L + +#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" +#define NID_id_smime_aa_ets_signerAttr 229 +#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L + +#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" +#define NID_id_smime_aa_ets_otherSigCert 230 +#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L + +#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" +#define NID_id_smime_aa_ets_contentTimestamp 231 +#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L + +#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" +#define NID_id_smime_aa_ets_CertificateRefs 232 +#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L + +#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" +#define NID_id_smime_aa_ets_RevocationRefs 233 +#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L + +#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" +#define NID_id_smime_aa_ets_certValues 234 +#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L + +#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" +#define NID_id_smime_aa_ets_revocationValues 235 +#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L + +#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" +#define NID_id_smime_aa_ets_escTimeStamp 236 +#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L + +#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" +#define NID_id_smime_aa_ets_certCRLTimestamp 237 +#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L + +#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" +#define NID_id_smime_aa_ets_archiveTimeStamp 238 +#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L + +#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" +#define NID_id_smime_aa_signatureType 239 +#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L + +#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" +#define NID_id_smime_aa_dvcs_dvc 240 +#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L + +#define SN_id_smime_aa_signingCertificateV2 "id-smime-aa-signingCertificateV2" +#define NID_id_smime_aa_signingCertificateV2 1086 +#define OBJ_id_smime_aa_signingCertificateV2 OBJ_id_smime_aa,47L + +#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" +#define NID_id_smime_alg_ESDHwith3DES 241 +#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L + +#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" +#define NID_id_smime_alg_ESDHwithRC2 242 +#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L + +#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" +#define NID_id_smime_alg_3DESwrap 243 +#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L + +#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" +#define NID_id_smime_alg_RC2wrap 244 +#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L + +#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" +#define NID_id_smime_alg_ESDH 245 +#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L + +#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" +#define NID_id_smime_alg_CMS3DESwrap 246 +#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L + +#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" +#define NID_id_smime_alg_CMSRC2wrap 247 +#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L + +#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" +#define NID_id_alg_PWRI_KEK 893 +#define OBJ_id_alg_PWRI_KEK OBJ_id_smime_alg,9L + +#define SN_id_smime_cd_ldap "id-smime-cd-ldap" +#define NID_id_smime_cd_ldap 248 +#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L + +#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" +#define NID_id_smime_spq_ets_sqt_uri 249 +#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L + +#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" +#define NID_id_smime_spq_ets_sqt_unotice 250 +#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L + +#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" +#define NID_id_smime_cti_ets_proofOfOrigin 251 +#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L + +#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" +#define NID_id_smime_cti_ets_proofOfReceipt 252 +#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L + +#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" +#define NID_id_smime_cti_ets_proofOfDelivery 253 +#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L + +#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" +#define NID_id_smime_cti_ets_proofOfSender 254 +#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L + +#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" +#define NID_id_smime_cti_ets_proofOfApproval 255 +#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L + +#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" +#define NID_id_smime_cti_ets_proofOfCreation 256 +#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L + +#define LN_friendlyName "friendlyName" +#define NID_friendlyName 156 +#define OBJ_friendlyName OBJ_pkcs9,20L + +#define LN_localKeyID "localKeyID" +#define NID_localKeyID 157 +#define OBJ_localKeyID OBJ_pkcs9,21L + +#define SN_ms_csp_name "CSPName" +#define LN_ms_csp_name "Microsoft CSP Name" +#define NID_ms_csp_name 417 +#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L + +#define SN_LocalKeySet "LocalKeySet" +#define LN_LocalKeySet "Microsoft Local Key set" +#define NID_LocalKeySet 856 +#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L + +#define OBJ_certTypes OBJ_pkcs9,22L + +#define LN_x509Certificate "x509Certificate" +#define NID_x509Certificate 158 +#define OBJ_x509Certificate OBJ_certTypes,1L + +#define LN_sdsiCertificate "sdsiCertificate" +#define NID_sdsiCertificate 159 +#define OBJ_sdsiCertificate OBJ_certTypes,2L + +#define OBJ_crlTypes OBJ_pkcs9,23L + +#define LN_x509Crl "x509Crl" +#define NID_x509Crl 160 +#define OBJ_x509Crl OBJ_crlTypes,1L + +#define OBJ_pkcs12 OBJ_pkcs,12L + +#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L + +#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +#define NID_pbe_WithSHA1And128BitRC4 144 +#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L + +#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +#define NID_pbe_WithSHA1And40BitRC4 145 +#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L + +#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L + +#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L + +#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +#define NID_pbe_WithSHA1And128BitRC2_CBC 148 +#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L + +#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +#define NID_pbe_WithSHA1And40BitRC2_CBC 149 +#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L + +#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L + +#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L + +#define LN_keyBag "keyBag" +#define NID_keyBag 150 +#define OBJ_keyBag OBJ_pkcs12_BagIds,1L + +#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +#define NID_pkcs8ShroudedKeyBag 151 +#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L + +#define LN_certBag "certBag" +#define NID_certBag 152 +#define OBJ_certBag OBJ_pkcs12_BagIds,3L + +#define LN_crlBag "crlBag" +#define NID_crlBag 153 +#define OBJ_crlBag OBJ_pkcs12_BagIds,4L + +#define LN_secretBag "secretBag" +#define NID_secretBag 154 +#define OBJ_secretBag OBJ_pkcs12_BagIds,5L + +#define LN_safeContentsBag "safeContentsBag" +#define NID_safeContentsBag 155 +#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L + +#define SN_md2 "MD2" +#define LN_md2 "md2" +#define NID_md2 3 +#define OBJ_md2 OBJ_rsadsi,2L,2L + +#define SN_md4 "MD4" +#define LN_md4 "md4" +#define NID_md4 257 +#define OBJ_md4 OBJ_rsadsi,2L,4L + +#define SN_md5 "MD5" +#define LN_md5 "md5" +#define NID_md5 4 +#define OBJ_md5 OBJ_rsadsi,2L,5L + +#define SN_md5_sha1 "MD5-SHA1" +#define LN_md5_sha1 "md5-sha1" +#define NID_md5_sha1 114 + +#define LN_hmacWithMD5 "hmacWithMD5" +#define NID_hmacWithMD5 797 +#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L + +#define LN_hmacWithSHA1 "hmacWithSHA1" +#define NID_hmacWithSHA1 163 +#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L + +#define SN_sm2 "SM2" +#define LN_sm2 "sm2" +#define NID_sm2 1172 +#define OBJ_sm2 OBJ_sm_scheme,301L + +#define SN_sm3 "SM3" +#define LN_sm3 "sm3" +#define NID_sm3 1143 +#define OBJ_sm3 OBJ_sm_scheme,401L + +#define SN_sm3WithRSAEncryption "RSA-SM3" +#define LN_sm3WithRSAEncryption "sm3WithRSAEncryption" +#define NID_sm3WithRSAEncryption 1144 +#define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L + +#define LN_hmacWithSHA224 "hmacWithSHA224" +#define NID_hmacWithSHA224 798 +#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L + +#define LN_hmacWithSHA256 "hmacWithSHA256" +#define NID_hmacWithSHA256 799 +#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L + +#define LN_hmacWithSHA384 "hmacWithSHA384" +#define NID_hmacWithSHA384 800 +#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L + +#define LN_hmacWithSHA512 "hmacWithSHA512" +#define NID_hmacWithSHA512 801 +#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L + +#define LN_hmacWithSHA512_224 "hmacWithSHA512-224" +#define NID_hmacWithSHA512_224 1193 +#define OBJ_hmacWithSHA512_224 OBJ_rsadsi,2L,12L + +#define LN_hmacWithSHA512_256 "hmacWithSHA512-256" +#define NID_hmacWithSHA512_256 1194 +#define OBJ_hmacWithSHA512_256 OBJ_rsadsi,2L,13L + +#define SN_rc2_cbc "RC2-CBC" +#define LN_rc2_cbc "rc2-cbc" +#define NID_rc2_cbc 37 +#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L + +#define SN_rc2_ecb "RC2-ECB" +#define LN_rc2_ecb "rc2-ecb" +#define NID_rc2_ecb 38 + +#define SN_rc2_cfb64 "RC2-CFB" +#define LN_rc2_cfb64 "rc2-cfb" +#define NID_rc2_cfb64 39 + +#define SN_rc2_ofb64 "RC2-OFB" +#define LN_rc2_ofb64 "rc2-ofb" +#define NID_rc2_ofb64 40 + +#define SN_rc2_40_cbc "RC2-40-CBC" +#define LN_rc2_40_cbc "rc2-40-cbc" +#define NID_rc2_40_cbc 98 + +#define SN_rc2_64_cbc "RC2-64-CBC" +#define LN_rc2_64_cbc "rc2-64-cbc" +#define NID_rc2_64_cbc 166 + +#define SN_rc4 "RC4" +#define LN_rc4 "rc4" +#define NID_rc4 5 +#define OBJ_rc4 OBJ_rsadsi,3L,4L + +#define SN_rc4_40 "RC4-40" +#define LN_rc4_40 "rc4-40" +#define NID_rc4_40 97 + +#define SN_des_ede3_cbc "DES-EDE3-CBC" +#define LN_des_ede3_cbc "des-ede3-cbc" +#define NID_des_ede3_cbc 44 +#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L + +#define SN_rc5_cbc "RC5-CBC" +#define LN_rc5_cbc "rc5-cbc" +#define NID_rc5_cbc 120 +#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L + +#define SN_rc5_ecb "RC5-ECB" +#define LN_rc5_ecb "rc5-ecb" +#define NID_rc5_ecb 121 + +#define SN_rc5_cfb64 "RC5-CFB" +#define LN_rc5_cfb64 "rc5-cfb" +#define NID_rc5_cfb64 122 + +#define SN_rc5_ofb64 "RC5-OFB" +#define LN_rc5_ofb64 "rc5-ofb" +#define NID_rc5_ofb64 123 + +#define SN_ms_ext_req "msExtReq" +#define LN_ms_ext_req "Microsoft Extension Request" +#define NID_ms_ext_req 171 +#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L + +#define SN_ms_code_ind "msCodeInd" +#define LN_ms_code_ind "Microsoft Individual Code Signing" +#define NID_ms_code_ind 134 +#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L + +#define SN_ms_code_com "msCodeCom" +#define LN_ms_code_com "Microsoft Commercial Code Signing" +#define NID_ms_code_com 135 +#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L + +#define SN_ms_ctl_sign "msCTLSign" +#define LN_ms_ctl_sign "Microsoft Trust List Signing" +#define NID_ms_ctl_sign 136 +#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L + +#define SN_ms_sgc "msSGC" +#define LN_ms_sgc "Microsoft Server Gated Crypto" +#define NID_ms_sgc 137 +#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L + +#define SN_ms_efs "msEFS" +#define LN_ms_efs "Microsoft Encrypted File System" +#define NID_ms_efs 138 +#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L + +#define SN_ms_smartcard_login "msSmartcardLogin" +#define LN_ms_smartcard_login "Microsoft Smartcard Login" +#define NID_ms_smartcard_login 648 +#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L + +#define SN_ms_upn "msUPN" +#define LN_ms_upn "Microsoft User Principal Name" +#define NID_ms_upn 649 +#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L + +#define SN_idea_cbc "IDEA-CBC" +#define LN_idea_cbc "idea-cbc" +#define NID_idea_cbc 34 +#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L + +#define SN_idea_ecb "IDEA-ECB" +#define LN_idea_ecb "idea-ecb" +#define NID_idea_ecb 36 + +#define SN_idea_cfb64 "IDEA-CFB" +#define LN_idea_cfb64 "idea-cfb" +#define NID_idea_cfb64 35 + +#define SN_idea_ofb64 "IDEA-OFB" +#define LN_idea_ofb64 "idea-ofb" +#define NID_idea_ofb64 46 + +#define SN_bf_cbc "BF-CBC" +#define LN_bf_cbc "bf-cbc" +#define NID_bf_cbc 91 +#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L + +#define SN_bf_ecb "BF-ECB" +#define LN_bf_ecb "bf-ecb" +#define NID_bf_ecb 92 + +#define SN_bf_cfb64 "BF-CFB" +#define LN_bf_cfb64 "bf-cfb" +#define NID_bf_cfb64 93 + +#define SN_bf_ofb64 "BF-OFB" +#define LN_bf_ofb64 "bf-ofb" +#define NID_bf_ofb64 94 + +#define SN_id_pkix "PKIX" +#define NID_id_pkix 127 +#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L + +#define SN_id_pkix_mod "id-pkix-mod" +#define NID_id_pkix_mod 258 +#define OBJ_id_pkix_mod OBJ_id_pkix,0L + +#define SN_id_pe "id-pe" +#define NID_id_pe 175 +#define OBJ_id_pe OBJ_id_pkix,1L + +#define SN_id_qt "id-qt" +#define NID_id_qt 259 +#define OBJ_id_qt OBJ_id_pkix,2L + +#define SN_id_kp "id-kp" +#define NID_id_kp 128 +#define OBJ_id_kp OBJ_id_pkix,3L + +#define SN_id_it "id-it" +#define NID_id_it 260 +#define OBJ_id_it OBJ_id_pkix,4L + +#define SN_id_pkip "id-pkip" +#define NID_id_pkip 261 +#define OBJ_id_pkip OBJ_id_pkix,5L + +#define SN_id_alg "id-alg" +#define NID_id_alg 262 +#define OBJ_id_alg OBJ_id_pkix,6L + +#define SN_id_cmc "id-cmc" +#define NID_id_cmc 263 +#define OBJ_id_cmc OBJ_id_pkix,7L + +#define SN_id_on "id-on" +#define NID_id_on 264 +#define OBJ_id_on OBJ_id_pkix,8L + +#define SN_id_pda "id-pda" +#define NID_id_pda 265 +#define OBJ_id_pda OBJ_id_pkix,9L + +#define SN_id_aca "id-aca" +#define NID_id_aca 266 +#define OBJ_id_aca OBJ_id_pkix,10L + +#define SN_id_qcs "id-qcs" +#define NID_id_qcs 267 +#define OBJ_id_qcs OBJ_id_pkix,11L + +#define SN_id_cct "id-cct" +#define NID_id_cct 268 +#define OBJ_id_cct OBJ_id_pkix,12L + +#define SN_id_ppl "id-ppl" +#define NID_id_ppl 662 +#define OBJ_id_ppl OBJ_id_pkix,21L + +#define SN_id_ad "id-ad" +#define NID_id_ad 176 +#define OBJ_id_ad OBJ_id_pkix,48L + +#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" +#define NID_id_pkix1_explicit_88 269 +#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L + +#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" +#define NID_id_pkix1_implicit_88 270 +#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L + +#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" +#define NID_id_pkix1_explicit_93 271 +#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L + +#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" +#define NID_id_pkix1_implicit_93 272 +#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L + +#define SN_id_mod_crmf "id-mod-crmf" +#define NID_id_mod_crmf 273 +#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L + +#define SN_id_mod_cmc "id-mod-cmc" +#define NID_id_mod_cmc 274 +#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L + +#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" +#define NID_id_mod_kea_profile_88 275 +#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L + +#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" +#define NID_id_mod_kea_profile_93 276 +#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L + +#define SN_id_mod_cmp "id-mod-cmp" +#define NID_id_mod_cmp 277 +#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L + +#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" +#define NID_id_mod_qualified_cert_88 278 +#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L + +#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" +#define NID_id_mod_qualified_cert_93 279 +#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L + +#define SN_id_mod_attribute_cert "id-mod-attribute-cert" +#define NID_id_mod_attribute_cert 280 +#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L + +#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" +#define NID_id_mod_timestamp_protocol 281 +#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L + +#define SN_id_mod_ocsp "id-mod-ocsp" +#define NID_id_mod_ocsp 282 +#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L + +#define SN_id_mod_dvcs "id-mod-dvcs" +#define NID_id_mod_dvcs 283 +#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L + +#define SN_id_mod_cmp2000 "id-mod-cmp2000" +#define NID_id_mod_cmp2000 284 +#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L + +#define SN_info_access "authorityInfoAccess" +#define LN_info_access "Authority Information Access" +#define NID_info_access 177 +#define OBJ_info_access OBJ_id_pe,1L + +#define SN_biometricInfo "biometricInfo" +#define LN_biometricInfo "Biometric Info" +#define NID_biometricInfo 285 +#define OBJ_biometricInfo OBJ_id_pe,2L + +#define SN_qcStatements "qcStatements" +#define NID_qcStatements 286 +#define OBJ_qcStatements OBJ_id_pe,3L + +#define SN_ac_auditEntity "ac-auditEntity" +#define NID_ac_auditEntity 287 +#define OBJ_ac_auditEntity OBJ_id_pe,4L + +#define SN_ac_targeting "ac-targeting" +#define NID_ac_targeting 288 +#define OBJ_ac_targeting OBJ_id_pe,5L + +#define SN_aaControls "aaControls" +#define NID_aaControls 289 +#define OBJ_aaControls OBJ_id_pe,6L + +#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" +#define NID_sbgp_ipAddrBlock 290 +#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L + +#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" +#define NID_sbgp_autonomousSysNum 291 +#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L + +#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" +#define NID_sbgp_routerIdentifier 292 +#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L + +#define SN_ac_proxying "ac-proxying" +#define NID_ac_proxying 397 +#define OBJ_ac_proxying OBJ_id_pe,10L + +#define SN_sinfo_access "subjectInfoAccess" +#define LN_sinfo_access "Subject Information Access" +#define NID_sinfo_access 398 +#define OBJ_sinfo_access OBJ_id_pe,11L + +#define SN_proxyCertInfo "proxyCertInfo" +#define LN_proxyCertInfo "Proxy Certificate Information" +#define NID_proxyCertInfo 663 +#define OBJ_proxyCertInfo OBJ_id_pe,14L + +#define SN_tlsfeature "tlsfeature" +#define LN_tlsfeature "TLS Feature" +#define NID_tlsfeature 1020 +#define OBJ_tlsfeature OBJ_id_pe,24L + +#define SN_id_qt_cps "id-qt-cps" +#define LN_id_qt_cps "Policy Qualifier CPS" +#define NID_id_qt_cps 164 +#define OBJ_id_qt_cps OBJ_id_qt,1L + +#define SN_id_qt_unotice "id-qt-unotice" +#define LN_id_qt_unotice "Policy Qualifier User Notice" +#define NID_id_qt_unotice 165 +#define OBJ_id_qt_unotice OBJ_id_qt,2L + +#define SN_textNotice "textNotice" +#define NID_textNotice 293 +#define OBJ_textNotice OBJ_id_qt,3L + +#define SN_server_auth "serverAuth" +#define LN_server_auth "TLS Web Server Authentication" +#define NID_server_auth 129 +#define OBJ_server_auth OBJ_id_kp,1L + +#define SN_client_auth "clientAuth" +#define LN_client_auth "TLS Web Client Authentication" +#define NID_client_auth 130 +#define OBJ_client_auth OBJ_id_kp,2L + +#define SN_code_sign "codeSigning" +#define LN_code_sign "Code Signing" +#define NID_code_sign 131 +#define OBJ_code_sign OBJ_id_kp,3L + +#define SN_email_protect "emailProtection" +#define LN_email_protect "E-mail Protection" +#define NID_email_protect 132 +#define OBJ_email_protect OBJ_id_kp,4L + +#define SN_ipsecEndSystem "ipsecEndSystem" +#define LN_ipsecEndSystem "IPSec End System" +#define NID_ipsecEndSystem 294 +#define OBJ_ipsecEndSystem OBJ_id_kp,5L + +#define SN_ipsecTunnel "ipsecTunnel" +#define LN_ipsecTunnel "IPSec Tunnel" +#define NID_ipsecTunnel 295 +#define OBJ_ipsecTunnel OBJ_id_kp,6L + +#define SN_ipsecUser "ipsecUser" +#define LN_ipsecUser "IPSec User" +#define NID_ipsecUser 296 +#define OBJ_ipsecUser OBJ_id_kp,7L + +#define SN_time_stamp "timeStamping" +#define LN_time_stamp "Time Stamping" +#define NID_time_stamp 133 +#define OBJ_time_stamp OBJ_id_kp,8L + +#define SN_OCSP_sign "OCSPSigning" +#define LN_OCSP_sign "OCSP Signing" +#define NID_OCSP_sign 180 +#define OBJ_OCSP_sign OBJ_id_kp,9L + +#define SN_dvcs "DVCS" +#define LN_dvcs "dvcs" +#define NID_dvcs 297 +#define OBJ_dvcs OBJ_id_kp,10L + +#define SN_ipsec_IKE "ipsecIKE" +#define LN_ipsec_IKE "ipsec Internet Key Exchange" +#define NID_ipsec_IKE 1022 +#define OBJ_ipsec_IKE OBJ_id_kp,17L + +#define SN_capwapAC "capwapAC" +#define LN_capwapAC "Ctrl/provision WAP Access" +#define NID_capwapAC 1023 +#define OBJ_capwapAC OBJ_id_kp,18L + +#define SN_capwapWTP "capwapWTP" +#define LN_capwapWTP "Ctrl/Provision WAP Termination" +#define NID_capwapWTP 1024 +#define OBJ_capwapWTP OBJ_id_kp,19L + +#define SN_sshClient "secureShellClient" +#define LN_sshClient "SSH Client" +#define NID_sshClient 1025 +#define OBJ_sshClient OBJ_id_kp,21L + +#define SN_sshServer "secureShellServer" +#define LN_sshServer "SSH Server" +#define NID_sshServer 1026 +#define OBJ_sshServer OBJ_id_kp,22L + +#define SN_sendRouter "sendRouter" +#define LN_sendRouter "Send Router" +#define NID_sendRouter 1027 +#define OBJ_sendRouter OBJ_id_kp,23L + +#define SN_sendProxiedRouter "sendProxiedRouter" +#define LN_sendProxiedRouter "Send Proxied Router" +#define NID_sendProxiedRouter 1028 +#define OBJ_sendProxiedRouter OBJ_id_kp,24L + +#define SN_sendOwner "sendOwner" +#define LN_sendOwner "Send Owner" +#define NID_sendOwner 1029 +#define OBJ_sendOwner OBJ_id_kp,25L + +#define SN_sendProxiedOwner "sendProxiedOwner" +#define LN_sendProxiedOwner "Send Proxied Owner" +#define NID_sendProxiedOwner 1030 +#define OBJ_sendProxiedOwner OBJ_id_kp,26L + +#define SN_cmcCA "cmcCA" +#define LN_cmcCA "CMC Certificate Authority" +#define NID_cmcCA 1131 +#define OBJ_cmcCA OBJ_id_kp,27L + +#define SN_cmcRA "cmcRA" +#define LN_cmcRA "CMC Registration Authority" +#define NID_cmcRA 1132 +#define OBJ_cmcRA OBJ_id_kp,28L + +#define SN_id_it_caProtEncCert "id-it-caProtEncCert" +#define NID_id_it_caProtEncCert 298 +#define OBJ_id_it_caProtEncCert OBJ_id_it,1L + +#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" +#define NID_id_it_signKeyPairTypes 299 +#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L + +#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" +#define NID_id_it_encKeyPairTypes 300 +#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L + +#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" +#define NID_id_it_preferredSymmAlg 301 +#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L + +#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" +#define NID_id_it_caKeyUpdateInfo 302 +#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L + +#define SN_id_it_currentCRL "id-it-currentCRL" +#define NID_id_it_currentCRL 303 +#define OBJ_id_it_currentCRL OBJ_id_it,6L + +#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" +#define NID_id_it_unsupportedOIDs 304 +#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L + +#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" +#define NID_id_it_subscriptionRequest 305 +#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L + +#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" +#define NID_id_it_subscriptionResponse 306 +#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L + +#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" +#define NID_id_it_keyPairParamReq 307 +#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L + +#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" +#define NID_id_it_keyPairParamRep 308 +#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L + +#define SN_id_it_revPassphrase "id-it-revPassphrase" +#define NID_id_it_revPassphrase 309 +#define OBJ_id_it_revPassphrase OBJ_id_it,12L + +#define SN_id_it_implicitConfirm "id-it-implicitConfirm" +#define NID_id_it_implicitConfirm 310 +#define OBJ_id_it_implicitConfirm OBJ_id_it,13L + +#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" +#define NID_id_it_confirmWaitTime 311 +#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L + +#define SN_id_it_origPKIMessage "id-it-origPKIMessage" +#define NID_id_it_origPKIMessage 312 +#define OBJ_id_it_origPKIMessage OBJ_id_it,15L + +#define SN_id_it_suppLangTags "id-it-suppLangTags" +#define NID_id_it_suppLangTags 784 +#define OBJ_id_it_suppLangTags OBJ_id_it,16L + +#define SN_id_regCtrl "id-regCtrl" +#define NID_id_regCtrl 313 +#define OBJ_id_regCtrl OBJ_id_pkip,1L + +#define SN_id_regInfo "id-regInfo" +#define NID_id_regInfo 314 +#define OBJ_id_regInfo OBJ_id_pkip,2L + +#define SN_id_regCtrl_regToken "id-regCtrl-regToken" +#define NID_id_regCtrl_regToken 315 +#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L + +#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" +#define NID_id_regCtrl_authenticator 316 +#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L + +#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" +#define NID_id_regCtrl_pkiPublicationInfo 317 +#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L + +#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" +#define NID_id_regCtrl_pkiArchiveOptions 318 +#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L + +#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" +#define NID_id_regCtrl_oldCertID 319 +#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L + +#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" +#define NID_id_regCtrl_protocolEncrKey 320 +#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L + +#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" +#define NID_id_regInfo_utf8Pairs 321 +#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L + +#define SN_id_regInfo_certReq "id-regInfo-certReq" +#define NID_id_regInfo_certReq 322 +#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L + +#define SN_id_alg_des40 "id-alg-des40" +#define NID_id_alg_des40 323 +#define OBJ_id_alg_des40 OBJ_id_alg,1L + +#define SN_id_alg_noSignature "id-alg-noSignature" +#define NID_id_alg_noSignature 324 +#define OBJ_id_alg_noSignature OBJ_id_alg,2L + +#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" +#define NID_id_alg_dh_sig_hmac_sha1 325 +#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L + +#define SN_id_alg_dh_pop "id-alg-dh-pop" +#define NID_id_alg_dh_pop 326 +#define OBJ_id_alg_dh_pop OBJ_id_alg,4L + +#define SN_id_cmc_statusInfo "id-cmc-statusInfo" +#define NID_id_cmc_statusInfo 327 +#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L + +#define SN_id_cmc_identification "id-cmc-identification" +#define NID_id_cmc_identification 328 +#define OBJ_id_cmc_identification OBJ_id_cmc,2L + +#define SN_id_cmc_identityProof "id-cmc-identityProof" +#define NID_id_cmc_identityProof 329 +#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L + +#define SN_id_cmc_dataReturn "id-cmc-dataReturn" +#define NID_id_cmc_dataReturn 330 +#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L + +#define SN_id_cmc_transactionId "id-cmc-transactionId" +#define NID_id_cmc_transactionId 331 +#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L + +#define SN_id_cmc_senderNonce "id-cmc-senderNonce" +#define NID_id_cmc_senderNonce 332 +#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L + +#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" +#define NID_id_cmc_recipientNonce 333 +#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L + +#define SN_id_cmc_addExtensions "id-cmc-addExtensions" +#define NID_id_cmc_addExtensions 334 +#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L + +#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" +#define NID_id_cmc_encryptedPOP 335 +#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L + +#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" +#define NID_id_cmc_decryptedPOP 336 +#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L + +#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" +#define NID_id_cmc_lraPOPWitness 337 +#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L + +#define SN_id_cmc_getCert "id-cmc-getCert" +#define NID_id_cmc_getCert 338 +#define OBJ_id_cmc_getCert OBJ_id_cmc,15L + +#define SN_id_cmc_getCRL "id-cmc-getCRL" +#define NID_id_cmc_getCRL 339 +#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L + +#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" +#define NID_id_cmc_revokeRequest 340 +#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L + +#define SN_id_cmc_regInfo "id-cmc-regInfo" +#define NID_id_cmc_regInfo 341 +#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L + +#define SN_id_cmc_responseInfo "id-cmc-responseInfo" +#define NID_id_cmc_responseInfo 342 +#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L + +#define SN_id_cmc_queryPending "id-cmc-queryPending" +#define NID_id_cmc_queryPending 343 +#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L + +#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" +#define NID_id_cmc_popLinkRandom 344 +#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L + +#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" +#define NID_id_cmc_popLinkWitness 345 +#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L + +#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" +#define NID_id_cmc_confirmCertAcceptance 346 +#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L + +#define SN_id_on_personalData "id-on-personalData" +#define NID_id_on_personalData 347 +#define OBJ_id_on_personalData OBJ_id_on,1L + +#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" +#define LN_id_on_permanentIdentifier "Permanent Identifier" +#define NID_id_on_permanentIdentifier 858 +#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L + +#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" +#define NID_id_pda_dateOfBirth 348 +#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L + +#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" +#define NID_id_pda_placeOfBirth 349 +#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L + +#define SN_id_pda_gender "id-pda-gender" +#define NID_id_pda_gender 351 +#define OBJ_id_pda_gender OBJ_id_pda,3L + +#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" +#define NID_id_pda_countryOfCitizenship 352 +#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L + +#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" +#define NID_id_pda_countryOfResidence 353 +#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L + +#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" +#define NID_id_aca_authenticationInfo 354 +#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L + +#define SN_id_aca_accessIdentity "id-aca-accessIdentity" +#define NID_id_aca_accessIdentity 355 +#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L + +#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" +#define NID_id_aca_chargingIdentity 356 +#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L + +#define SN_id_aca_group "id-aca-group" +#define NID_id_aca_group 357 +#define OBJ_id_aca_group OBJ_id_aca,4L + +#define SN_id_aca_role "id-aca-role" +#define NID_id_aca_role 358 +#define OBJ_id_aca_role OBJ_id_aca,5L + +#define SN_id_aca_encAttrs "id-aca-encAttrs" +#define NID_id_aca_encAttrs 399 +#define OBJ_id_aca_encAttrs OBJ_id_aca,6L + +#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" +#define NID_id_qcs_pkixQCSyntax_v1 359 +#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L + +#define SN_id_cct_crs "id-cct-crs" +#define NID_id_cct_crs 360 +#define OBJ_id_cct_crs OBJ_id_cct,1L + +#define SN_id_cct_PKIData "id-cct-PKIData" +#define NID_id_cct_PKIData 361 +#define OBJ_id_cct_PKIData OBJ_id_cct,2L + +#define SN_id_cct_PKIResponse "id-cct-PKIResponse" +#define NID_id_cct_PKIResponse 362 +#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L + +#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" +#define LN_id_ppl_anyLanguage "Any language" +#define NID_id_ppl_anyLanguage 664 +#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L + +#define SN_id_ppl_inheritAll "id-ppl-inheritAll" +#define LN_id_ppl_inheritAll "Inherit all" +#define NID_id_ppl_inheritAll 665 +#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L + +#define SN_Independent "id-ppl-independent" +#define LN_Independent "Independent" +#define NID_Independent 667 +#define OBJ_Independent OBJ_id_ppl,2L + +#define SN_ad_OCSP "OCSP" +#define LN_ad_OCSP "OCSP" +#define NID_ad_OCSP 178 +#define OBJ_ad_OCSP OBJ_id_ad,1L + +#define SN_ad_ca_issuers "caIssuers" +#define LN_ad_ca_issuers "CA Issuers" +#define NID_ad_ca_issuers 179 +#define OBJ_ad_ca_issuers OBJ_id_ad,2L + +#define SN_ad_timeStamping "ad_timestamping" +#define LN_ad_timeStamping "AD Time Stamping" +#define NID_ad_timeStamping 363 +#define OBJ_ad_timeStamping OBJ_id_ad,3L + +#define SN_ad_dvcs "AD_DVCS" +#define LN_ad_dvcs "ad dvcs" +#define NID_ad_dvcs 364 +#define OBJ_ad_dvcs OBJ_id_ad,4L + +#define SN_caRepository "caRepository" +#define LN_caRepository "CA Repository" +#define NID_caRepository 785 +#define OBJ_caRepository OBJ_id_ad,5L + +#define OBJ_id_pkix_OCSP OBJ_ad_OCSP + +#define SN_id_pkix_OCSP_basic "basicOCSPResponse" +#define LN_id_pkix_OCSP_basic "Basic OCSP Response" +#define NID_id_pkix_OCSP_basic 365 +#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L + +#define SN_id_pkix_OCSP_Nonce "Nonce" +#define LN_id_pkix_OCSP_Nonce "OCSP Nonce" +#define NID_id_pkix_OCSP_Nonce 366 +#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L + +#define SN_id_pkix_OCSP_CrlID "CrlID" +#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" +#define NID_id_pkix_OCSP_CrlID 367 +#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L + +#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" +#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" +#define NID_id_pkix_OCSP_acceptableResponses 368 +#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L + +#define SN_id_pkix_OCSP_noCheck "noCheck" +#define LN_id_pkix_OCSP_noCheck "OCSP No Check" +#define NID_id_pkix_OCSP_noCheck 369 +#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L + +#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" +#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" +#define NID_id_pkix_OCSP_archiveCutoff 370 +#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L + +#define SN_id_pkix_OCSP_serviceLocator "serviceLocator" +#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" +#define NID_id_pkix_OCSP_serviceLocator 371 +#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L + +#define SN_id_pkix_OCSP_extendedStatus "extendedStatus" +#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" +#define NID_id_pkix_OCSP_extendedStatus 372 +#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L + +#define SN_id_pkix_OCSP_valid "valid" +#define NID_id_pkix_OCSP_valid 373 +#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L + +#define SN_id_pkix_OCSP_path "path" +#define NID_id_pkix_OCSP_path 374 +#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L + +#define SN_id_pkix_OCSP_trustRoot "trustRoot" +#define LN_id_pkix_OCSP_trustRoot "Trust Root" +#define NID_id_pkix_OCSP_trustRoot 375 +#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L + +#define SN_algorithm "algorithm" +#define LN_algorithm "algorithm" +#define NID_algorithm 376 +#define OBJ_algorithm 1L,3L,14L,3L,2L + +#define SN_md5WithRSA "RSA-NP-MD5" +#define LN_md5WithRSA "md5WithRSA" +#define NID_md5WithRSA 104 +#define OBJ_md5WithRSA OBJ_algorithm,3L + +#define SN_des_ecb "DES-ECB" +#define LN_des_ecb "des-ecb" +#define NID_des_ecb 29 +#define OBJ_des_ecb OBJ_algorithm,6L + +#define SN_des_cbc "DES-CBC" +#define LN_des_cbc "des-cbc" +#define NID_des_cbc 31 +#define OBJ_des_cbc OBJ_algorithm,7L + +#define SN_des_ofb64 "DES-OFB" +#define LN_des_ofb64 "des-ofb" +#define NID_des_ofb64 45 +#define OBJ_des_ofb64 OBJ_algorithm,8L + +#define SN_des_cfb64 "DES-CFB" +#define LN_des_cfb64 "des-cfb" +#define NID_des_cfb64 30 +#define OBJ_des_cfb64 OBJ_algorithm,9L + +#define SN_rsaSignature "rsaSignature" +#define NID_rsaSignature 377 +#define OBJ_rsaSignature OBJ_algorithm,11L + +#define SN_dsa_2 "DSA-old" +#define LN_dsa_2 "dsaEncryption-old" +#define NID_dsa_2 67 +#define OBJ_dsa_2 OBJ_algorithm,12L + +#define SN_dsaWithSHA "DSA-SHA" +#define LN_dsaWithSHA "dsaWithSHA" +#define NID_dsaWithSHA 66 +#define OBJ_dsaWithSHA OBJ_algorithm,13L + +#define SN_shaWithRSAEncryption "RSA-SHA" +#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +#define NID_shaWithRSAEncryption 42 +#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L + +#define SN_des_ede_ecb "DES-EDE" +#define LN_des_ede_ecb "des-ede" +#define NID_des_ede_ecb 32 +#define OBJ_des_ede_ecb OBJ_algorithm,17L + +#define SN_des_ede3_ecb "DES-EDE3" +#define LN_des_ede3_ecb "des-ede3" +#define NID_des_ede3_ecb 33 + +#define SN_des_ede_cbc "DES-EDE-CBC" +#define LN_des_ede_cbc "des-ede-cbc" +#define NID_des_ede_cbc 43 + +#define SN_des_ede_cfb64 "DES-EDE-CFB" +#define LN_des_ede_cfb64 "des-ede-cfb" +#define NID_des_ede_cfb64 60 + +#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +#define LN_des_ede3_cfb64 "des-ede3-cfb" +#define NID_des_ede3_cfb64 61 + +#define SN_des_ede_ofb64 "DES-EDE-OFB" +#define LN_des_ede_ofb64 "des-ede-ofb" +#define NID_des_ede_ofb64 62 + +#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +#define LN_des_ede3_ofb64 "des-ede3-ofb" +#define NID_des_ede3_ofb64 63 + +#define SN_desx_cbc "DESX-CBC" +#define LN_desx_cbc "desx-cbc" +#define NID_desx_cbc 80 + +#define SN_sha "SHA" +#define LN_sha "sha" +#define NID_sha 41 +#define OBJ_sha OBJ_algorithm,18L + +#define SN_sha1 "SHA1" +#define LN_sha1 "sha1" +#define NID_sha1 64 +#define OBJ_sha1 OBJ_algorithm,26L + +#define SN_dsaWithSHA1_2 "DSA-SHA1-old" +#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +#define NID_dsaWithSHA1_2 70 +#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L + +#define SN_sha1WithRSA "RSA-SHA1-2" +#define LN_sha1WithRSA "sha1WithRSA" +#define NID_sha1WithRSA 115 +#define OBJ_sha1WithRSA OBJ_algorithm,29L + +#define SN_ripemd160 "RIPEMD160" +#define LN_ripemd160 "ripemd160" +#define NID_ripemd160 117 +#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L + +#define SN_ripemd160WithRSA "RSA-RIPEMD160" +#define LN_ripemd160WithRSA "ripemd160WithRSA" +#define NID_ripemd160WithRSA 119 +#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L + +#define SN_blake2b512 "BLAKE2b512" +#define LN_blake2b512 "blake2b512" +#define NID_blake2b512 1056 +#define OBJ_blake2b512 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L + +#define SN_blake2s256 "BLAKE2s256" +#define LN_blake2s256 "blake2s256" +#define NID_blake2s256 1057 +#define OBJ_blake2s256 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L + +#define SN_sxnet "SXNetID" +#define LN_sxnet "Strong Extranet ID" +#define NID_sxnet 143 +#define OBJ_sxnet 1L,3L,101L,1L,4L,1L + +#define SN_X500 "X500" +#define LN_X500 "directory services (X.500)" +#define NID_X500 11 +#define OBJ_X500 2L,5L + +#define SN_X509 "X509" +#define NID_X509 12 +#define OBJ_X509 OBJ_X500,4L + +#define SN_commonName "CN" +#define LN_commonName "commonName" +#define NID_commonName 13 +#define OBJ_commonName OBJ_X509,3L + +#define SN_surname "SN" +#define LN_surname "surname" +#define NID_surname 100 +#define OBJ_surname OBJ_X509,4L + +#define LN_serialNumber "serialNumber" +#define NID_serialNumber 105 +#define OBJ_serialNumber OBJ_X509,5L + +#define SN_countryName "C" +#define LN_countryName "countryName" +#define NID_countryName 14 +#define OBJ_countryName OBJ_X509,6L + +#define SN_localityName "L" +#define LN_localityName "localityName" +#define NID_localityName 15 +#define OBJ_localityName OBJ_X509,7L + +#define SN_stateOrProvinceName "ST" +#define LN_stateOrProvinceName "stateOrProvinceName" +#define NID_stateOrProvinceName 16 +#define OBJ_stateOrProvinceName OBJ_X509,8L + +#define SN_streetAddress "street" +#define LN_streetAddress "streetAddress" +#define NID_streetAddress 660 +#define OBJ_streetAddress OBJ_X509,9L + +#define SN_organizationName "O" +#define LN_organizationName "organizationName" +#define NID_organizationName 17 +#define OBJ_organizationName OBJ_X509,10L + +#define SN_organizationalUnitName "OU" +#define LN_organizationalUnitName "organizationalUnitName" +#define NID_organizationalUnitName 18 +#define OBJ_organizationalUnitName OBJ_X509,11L + +#define SN_title "title" +#define LN_title "title" +#define NID_title 106 +#define OBJ_title OBJ_X509,12L + +#define LN_description "description" +#define NID_description 107 +#define OBJ_description OBJ_X509,13L + +#define LN_searchGuide "searchGuide" +#define NID_searchGuide 859 +#define OBJ_searchGuide OBJ_X509,14L + +#define LN_businessCategory "businessCategory" +#define NID_businessCategory 860 +#define OBJ_businessCategory OBJ_X509,15L + +#define LN_postalAddress "postalAddress" +#define NID_postalAddress 861 +#define OBJ_postalAddress OBJ_X509,16L + +#define LN_postalCode "postalCode" +#define NID_postalCode 661 +#define OBJ_postalCode OBJ_X509,17L + +#define LN_postOfficeBox "postOfficeBox" +#define NID_postOfficeBox 862 +#define OBJ_postOfficeBox OBJ_X509,18L + +#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +#define NID_physicalDeliveryOfficeName 863 +#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L + +#define LN_telephoneNumber "telephoneNumber" +#define NID_telephoneNumber 864 +#define OBJ_telephoneNumber OBJ_X509,20L + +#define LN_telexNumber "telexNumber" +#define NID_telexNumber 865 +#define OBJ_telexNumber OBJ_X509,21L + +#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +#define NID_teletexTerminalIdentifier 866 +#define OBJ_teletexTerminalIdentifier OBJ_X509,22L + +#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +#define NID_facsimileTelephoneNumber 867 +#define OBJ_facsimileTelephoneNumber OBJ_X509,23L + +#define LN_x121Address "x121Address" +#define NID_x121Address 868 +#define OBJ_x121Address OBJ_X509,24L + +#define LN_internationaliSDNNumber "internationaliSDNNumber" +#define NID_internationaliSDNNumber 869 +#define OBJ_internationaliSDNNumber OBJ_X509,25L + +#define LN_registeredAddress "registeredAddress" +#define NID_registeredAddress 870 +#define OBJ_registeredAddress OBJ_X509,26L + +#define LN_destinationIndicator "destinationIndicator" +#define NID_destinationIndicator 871 +#define OBJ_destinationIndicator OBJ_X509,27L + +#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +#define NID_preferredDeliveryMethod 872 +#define OBJ_preferredDeliveryMethod OBJ_X509,28L + +#define LN_presentationAddress "presentationAddress" +#define NID_presentationAddress 873 +#define OBJ_presentationAddress OBJ_X509,29L + +#define LN_supportedApplicationContext "supportedApplicationContext" +#define NID_supportedApplicationContext 874 +#define OBJ_supportedApplicationContext OBJ_X509,30L + +#define SN_member "member" +#define NID_member 875 +#define OBJ_member OBJ_X509,31L + +#define SN_owner "owner" +#define NID_owner 876 +#define OBJ_owner OBJ_X509,32L + +#define LN_roleOccupant "roleOccupant" +#define NID_roleOccupant 877 +#define OBJ_roleOccupant OBJ_X509,33L + +#define SN_seeAlso "seeAlso" +#define NID_seeAlso 878 +#define OBJ_seeAlso OBJ_X509,34L + +#define LN_userPassword "userPassword" +#define NID_userPassword 879 +#define OBJ_userPassword OBJ_X509,35L + +#define LN_userCertificate "userCertificate" +#define NID_userCertificate 880 +#define OBJ_userCertificate OBJ_X509,36L + +#define LN_cACertificate "cACertificate" +#define NID_cACertificate 881 +#define OBJ_cACertificate OBJ_X509,37L + +#define LN_authorityRevocationList "authorityRevocationList" +#define NID_authorityRevocationList 882 +#define OBJ_authorityRevocationList OBJ_X509,38L + +#define LN_certificateRevocationList "certificateRevocationList" +#define NID_certificateRevocationList 883 +#define OBJ_certificateRevocationList OBJ_X509,39L + +#define LN_crossCertificatePair "crossCertificatePair" +#define NID_crossCertificatePair 884 +#define OBJ_crossCertificatePair OBJ_X509,40L + +#define SN_name "name" +#define LN_name "name" +#define NID_name 173 +#define OBJ_name OBJ_X509,41L + +#define SN_givenName "GN" +#define LN_givenName "givenName" +#define NID_givenName 99 +#define OBJ_givenName OBJ_X509,42L + +#define SN_initials "initials" +#define LN_initials "initials" +#define NID_initials 101 +#define OBJ_initials OBJ_X509,43L + +#define LN_generationQualifier "generationQualifier" +#define NID_generationQualifier 509 +#define OBJ_generationQualifier OBJ_X509,44L + +#define LN_x500UniqueIdentifier "x500UniqueIdentifier" +#define NID_x500UniqueIdentifier 503 +#define OBJ_x500UniqueIdentifier OBJ_X509,45L + +#define SN_dnQualifier "dnQualifier" +#define LN_dnQualifier "dnQualifier" +#define NID_dnQualifier 174 +#define OBJ_dnQualifier OBJ_X509,46L + +#define LN_enhancedSearchGuide "enhancedSearchGuide" +#define NID_enhancedSearchGuide 885 +#define OBJ_enhancedSearchGuide OBJ_X509,47L + +#define LN_protocolInformation "protocolInformation" +#define NID_protocolInformation 886 +#define OBJ_protocolInformation OBJ_X509,48L + +#define LN_distinguishedName "distinguishedName" +#define NID_distinguishedName 887 +#define OBJ_distinguishedName OBJ_X509,49L + +#define LN_uniqueMember "uniqueMember" +#define NID_uniqueMember 888 +#define OBJ_uniqueMember OBJ_X509,50L + +#define LN_houseIdentifier "houseIdentifier" +#define NID_houseIdentifier 889 +#define OBJ_houseIdentifier OBJ_X509,51L + +#define LN_supportedAlgorithms "supportedAlgorithms" +#define NID_supportedAlgorithms 890 +#define OBJ_supportedAlgorithms OBJ_X509,52L + +#define LN_deltaRevocationList "deltaRevocationList" +#define NID_deltaRevocationList 891 +#define OBJ_deltaRevocationList OBJ_X509,53L + +#define SN_dmdName "dmdName" +#define NID_dmdName 892 +#define OBJ_dmdName OBJ_X509,54L + +#define LN_pseudonym "pseudonym" +#define NID_pseudonym 510 +#define OBJ_pseudonym OBJ_X509,65L + +#define SN_role "role" +#define LN_role "role" +#define NID_role 400 +#define OBJ_role OBJ_X509,72L + +#define LN_organizationIdentifier "organizationIdentifier" +#define NID_organizationIdentifier 1089 +#define OBJ_organizationIdentifier OBJ_X509,97L + +#define SN_countryCode3c "c3" +#define LN_countryCode3c "countryCode3c" +#define NID_countryCode3c 1090 +#define OBJ_countryCode3c OBJ_X509,98L + +#define SN_countryCode3n "n3" +#define LN_countryCode3n "countryCode3n" +#define NID_countryCode3n 1091 +#define OBJ_countryCode3n OBJ_X509,99L + +#define LN_dnsName "dnsName" +#define NID_dnsName 1092 +#define OBJ_dnsName OBJ_X509,100L + +#define SN_X500algorithms "X500algorithms" +#define LN_X500algorithms "directory services - algorithms" +#define NID_X500algorithms 378 +#define OBJ_X500algorithms OBJ_X500,8L + +#define SN_rsa "RSA" +#define LN_rsa "rsa" +#define NID_rsa 19 +#define OBJ_rsa OBJ_X500algorithms,1L,1L + +#define SN_mdc2WithRSA "RSA-MDC2" +#define LN_mdc2WithRSA "mdc2WithRSA" +#define NID_mdc2WithRSA 96 +#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L + +#define SN_mdc2 "MDC2" +#define LN_mdc2 "mdc2" +#define NID_mdc2 95 +#define OBJ_mdc2 OBJ_X500algorithms,3L,101L + +#define SN_id_ce "id-ce" +#define NID_id_ce 81 +#define OBJ_id_ce OBJ_X500,29L + +#define SN_subject_directory_attributes "subjectDirectoryAttributes" +#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" +#define NID_subject_directory_attributes 769 +#define OBJ_subject_directory_attributes OBJ_id_ce,9L + +#define SN_subject_key_identifier "subjectKeyIdentifier" +#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +#define NID_subject_key_identifier 82 +#define OBJ_subject_key_identifier OBJ_id_ce,14L + +#define SN_key_usage "keyUsage" +#define LN_key_usage "X509v3 Key Usage" +#define NID_key_usage 83 +#define OBJ_key_usage OBJ_id_ce,15L + +#define SN_private_key_usage_period "privateKeyUsagePeriod" +#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +#define NID_private_key_usage_period 84 +#define OBJ_private_key_usage_period OBJ_id_ce,16L + +#define SN_subject_alt_name "subjectAltName" +#define LN_subject_alt_name "X509v3 Subject Alternative Name" +#define NID_subject_alt_name 85 +#define OBJ_subject_alt_name OBJ_id_ce,17L + +#define SN_issuer_alt_name "issuerAltName" +#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +#define NID_issuer_alt_name 86 +#define OBJ_issuer_alt_name OBJ_id_ce,18L + +#define SN_basic_constraints "basicConstraints" +#define LN_basic_constraints "X509v3 Basic Constraints" +#define NID_basic_constraints 87 +#define OBJ_basic_constraints OBJ_id_ce,19L + +#define SN_crl_number "crlNumber" +#define LN_crl_number "X509v3 CRL Number" +#define NID_crl_number 88 +#define OBJ_crl_number OBJ_id_ce,20L + +#define SN_crl_reason "CRLReason" +#define LN_crl_reason "X509v3 CRL Reason Code" +#define NID_crl_reason 141 +#define OBJ_crl_reason OBJ_id_ce,21L + +#define SN_invalidity_date "invalidityDate" +#define LN_invalidity_date "Invalidity Date" +#define NID_invalidity_date 142 +#define OBJ_invalidity_date OBJ_id_ce,24L + +#define SN_delta_crl "deltaCRL" +#define LN_delta_crl "X509v3 Delta CRL Indicator" +#define NID_delta_crl 140 +#define OBJ_delta_crl OBJ_id_ce,27L + +#define SN_issuing_distribution_point "issuingDistributionPoint" +#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" +#define NID_issuing_distribution_point 770 +#define OBJ_issuing_distribution_point OBJ_id_ce,28L + +#define SN_certificate_issuer "certificateIssuer" +#define LN_certificate_issuer "X509v3 Certificate Issuer" +#define NID_certificate_issuer 771 +#define OBJ_certificate_issuer OBJ_id_ce,29L + +#define SN_name_constraints "nameConstraints" +#define LN_name_constraints "X509v3 Name Constraints" +#define NID_name_constraints 666 +#define OBJ_name_constraints OBJ_id_ce,30L + +#define SN_crl_distribution_points "crlDistributionPoints" +#define LN_crl_distribution_points "X509v3 CRL Distribution Points" +#define NID_crl_distribution_points 103 +#define OBJ_crl_distribution_points OBJ_id_ce,31L + +#define SN_certificate_policies "certificatePolicies" +#define LN_certificate_policies "X509v3 Certificate Policies" +#define NID_certificate_policies 89 +#define OBJ_certificate_policies OBJ_id_ce,32L + +#define SN_any_policy "anyPolicy" +#define LN_any_policy "X509v3 Any Policy" +#define NID_any_policy 746 +#define OBJ_any_policy OBJ_certificate_policies,0L + +#define SN_policy_mappings "policyMappings" +#define LN_policy_mappings "X509v3 Policy Mappings" +#define NID_policy_mappings 747 +#define OBJ_policy_mappings OBJ_id_ce,33L + +#define SN_authority_key_identifier "authorityKeyIdentifier" +#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +#define NID_authority_key_identifier 90 +#define OBJ_authority_key_identifier OBJ_id_ce,35L + +#define SN_policy_constraints "policyConstraints" +#define LN_policy_constraints "X509v3 Policy Constraints" +#define NID_policy_constraints 401 +#define OBJ_policy_constraints OBJ_id_ce,36L + +#define SN_ext_key_usage "extendedKeyUsage" +#define LN_ext_key_usage "X509v3 Extended Key Usage" +#define NID_ext_key_usage 126 +#define OBJ_ext_key_usage OBJ_id_ce,37L + +#define SN_freshest_crl "freshestCRL" +#define LN_freshest_crl "X509v3 Freshest CRL" +#define NID_freshest_crl 857 +#define OBJ_freshest_crl OBJ_id_ce,46L + +#define SN_inhibit_any_policy "inhibitAnyPolicy" +#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" +#define NID_inhibit_any_policy 748 +#define OBJ_inhibit_any_policy OBJ_id_ce,54L + +#define SN_target_information "targetInformation" +#define LN_target_information "X509v3 AC Targeting" +#define NID_target_information 402 +#define OBJ_target_information OBJ_id_ce,55L + +#define SN_no_rev_avail "noRevAvail" +#define LN_no_rev_avail "X509v3 No Revocation Available" +#define NID_no_rev_avail 403 +#define OBJ_no_rev_avail OBJ_id_ce,56L + +#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" +#define LN_anyExtendedKeyUsage "Any Extended Key Usage" +#define NID_anyExtendedKeyUsage 910 +#define OBJ_anyExtendedKeyUsage OBJ_ext_key_usage,0L + +#define SN_netscape "Netscape" +#define LN_netscape "Netscape Communications Corp." +#define NID_netscape 57 +#define OBJ_netscape 2L,16L,840L,1L,113730L + +#define SN_netscape_cert_extension "nsCertExt" +#define LN_netscape_cert_extension "Netscape Certificate Extension" +#define NID_netscape_cert_extension 58 +#define OBJ_netscape_cert_extension OBJ_netscape,1L + +#define SN_netscape_data_type "nsDataType" +#define LN_netscape_data_type "Netscape Data Type" +#define NID_netscape_data_type 59 +#define OBJ_netscape_data_type OBJ_netscape,2L + +#define SN_netscape_cert_type "nsCertType" +#define LN_netscape_cert_type "Netscape Cert Type" +#define NID_netscape_cert_type 71 +#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L + +#define SN_netscape_base_url "nsBaseUrl" +#define LN_netscape_base_url "Netscape Base Url" +#define NID_netscape_base_url 72 +#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L + +#define SN_netscape_revocation_url "nsRevocationUrl" +#define LN_netscape_revocation_url "Netscape Revocation Url" +#define NID_netscape_revocation_url 73 +#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L + +#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +#define NID_netscape_ca_revocation_url 74 +#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L + +#define SN_netscape_renewal_url "nsRenewalUrl" +#define LN_netscape_renewal_url "Netscape Renewal Url" +#define NID_netscape_renewal_url 75 +#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L + +#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +#define NID_netscape_ca_policy_url 76 +#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L + +#define SN_netscape_ssl_server_name "nsSslServerName" +#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +#define NID_netscape_ssl_server_name 77 +#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L + +#define SN_netscape_comment "nsComment" +#define LN_netscape_comment "Netscape Comment" +#define NID_netscape_comment 78 +#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L + +#define SN_netscape_cert_sequence "nsCertSequence" +#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +#define NID_netscape_cert_sequence 79 +#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L + +#define SN_ns_sgc "nsSGC" +#define LN_ns_sgc "Netscape Server Gated Crypto" +#define NID_ns_sgc 139 +#define OBJ_ns_sgc OBJ_netscape,4L,1L + +#define SN_org "ORG" +#define LN_org "org" +#define NID_org 379 +#define OBJ_org OBJ_iso,3L + +#define SN_dod "DOD" +#define LN_dod "dod" +#define NID_dod 380 +#define OBJ_dod OBJ_org,6L + +#define SN_iana "IANA" +#define LN_iana "iana" +#define NID_iana 381 +#define OBJ_iana OBJ_dod,1L + +#define OBJ_internet OBJ_iana + +#define SN_Directory "directory" +#define LN_Directory "Directory" +#define NID_Directory 382 +#define OBJ_Directory OBJ_internet,1L + +#define SN_Management "mgmt" +#define LN_Management "Management" +#define NID_Management 383 +#define OBJ_Management OBJ_internet,2L + +#define SN_Experimental "experimental" +#define LN_Experimental "Experimental" +#define NID_Experimental 384 +#define OBJ_Experimental OBJ_internet,3L + +#define SN_Private "private" +#define LN_Private "Private" +#define NID_Private 385 +#define OBJ_Private OBJ_internet,4L + +#define SN_Security "security" +#define LN_Security "Security" +#define NID_Security 386 +#define OBJ_Security OBJ_internet,5L + +#define SN_SNMPv2 "snmpv2" +#define LN_SNMPv2 "SNMPv2" +#define NID_SNMPv2 387 +#define OBJ_SNMPv2 OBJ_internet,6L + +#define LN_Mail "Mail" +#define NID_Mail 388 +#define OBJ_Mail OBJ_internet,7L + +#define SN_Enterprises "enterprises" +#define LN_Enterprises "Enterprises" +#define NID_Enterprises 389 +#define OBJ_Enterprises OBJ_Private,1L + +#define SN_dcObject "dcobject" +#define LN_dcObject "dcObject" +#define NID_dcObject 390 +#define OBJ_dcObject OBJ_Enterprises,1466L,344L + +#define SN_mime_mhs "mime-mhs" +#define LN_mime_mhs "MIME MHS" +#define NID_mime_mhs 504 +#define OBJ_mime_mhs OBJ_Mail,1L + +#define SN_mime_mhs_headings "mime-mhs-headings" +#define LN_mime_mhs_headings "mime-mhs-headings" +#define NID_mime_mhs_headings 505 +#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L + +#define SN_mime_mhs_bodies "mime-mhs-bodies" +#define LN_mime_mhs_bodies "mime-mhs-bodies" +#define NID_mime_mhs_bodies 506 +#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L + +#define SN_id_hex_partial_message "id-hex-partial-message" +#define LN_id_hex_partial_message "id-hex-partial-message" +#define NID_id_hex_partial_message 507 +#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L + +#define SN_id_hex_multipart_message "id-hex-multipart-message" +#define LN_id_hex_multipart_message "id-hex-multipart-message" +#define NID_id_hex_multipart_message 508 +#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L + +#define SN_zlib_compression "ZLIB" +#define LN_zlib_compression "zlib compression" +#define NID_zlib_compression 125 +#define OBJ_zlib_compression OBJ_id_smime_alg,8L + +#define OBJ_csor 2L,16L,840L,1L,101L,3L + +#define OBJ_nistAlgorithms OBJ_csor,4L + +#define OBJ_aes OBJ_nistAlgorithms,1L + +#define SN_aes_128_ecb "AES-128-ECB" +#define LN_aes_128_ecb "aes-128-ecb" +#define NID_aes_128_ecb 418 +#define OBJ_aes_128_ecb OBJ_aes,1L + +#define SN_aes_128_cbc "AES-128-CBC" +#define LN_aes_128_cbc "aes-128-cbc" +#define NID_aes_128_cbc 419 +#define OBJ_aes_128_cbc OBJ_aes,2L + +#define SN_aes_128_ofb128 "AES-128-OFB" +#define LN_aes_128_ofb128 "aes-128-ofb" +#define NID_aes_128_ofb128 420 +#define OBJ_aes_128_ofb128 OBJ_aes,3L + +#define SN_aes_128_cfb128 "AES-128-CFB" +#define LN_aes_128_cfb128 "aes-128-cfb" +#define NID_aes_128_cfb128 421 +#define OBJ_aes_128_cfb128 OBJ_aes,4L + +#define SN_id_aes128_wrap "id-aes128-wrap" +#define NID_id_aes128_wrap 788 +#define OBJ_id_aes128_wrap OBJ_aes,5L + +#define SN_aes_128_gcm "id-aes128-GCM" +#define LN_aes_128_gcm "aes-128-gcm" +#define NID_aes_128_gcm 895 +#define OBJ_aes_128_gcm OBJ_aes,6L + +#define SN_aes_128_ccm "id-aes128-CCM" +#define LN_aes_128_ccm "aes-128-ccm" +#define NID_aes_128_ccm 896 +#define OBJ_aes_128_ccm OBJ_aes,7L + +#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" +#define NID_id_aes128_wrap_pad 897 +#define OBJ_id_aes128_wrap_pad OBJ_aes,8L + +#define SN_aes_192_ecb "AES-192-ECB" +#define LN_aes_192_ecb "aes-192-ecb" +#define NID_aes_192_ecb 422 +#define OBJ_aes_192_ecb OBJ_aes,21L + +#define SN_aes_192_cbc "AES-192-CBC" +#define LN_aes_192_cbc "aes-192-cbc" +#define NID_aes_192_cbc 423 +#define OBJ_aes_192_cbc OBJ_aes,22L + +#define SN_aes_192_ofb128 "AES-192-OFB" +#define LN_aes_192_ofb128 "aes-192-ofb" +#define NID_aes_192_ofb128 424 +#define OBJ_aes_192_ofb128 OBJ_aes,23L + +#define SN_aes_192_cfb128 "AES-192-CFB" +#define LN_aes_192_cfb128 "aes-192-cfb" +#define NID_aes_192_cfb128 425 +#define OBJ_aes_192_cfb128 OBJ_aes,24L + +#define SN_id_aes192_wrap "id-aes192-wrap" +#define NID_id_aes192_wrap 789 +#define OBJ_id_aes192_wrap OBJ_aes,25L + +#define SN_aes_192_gcm "id-aes192-GCM" +#define LN_aes_192_gcm "aes-192-gcm" +#define NID_aes_192_gcm 898 +#define OBJ_aes_192_gcm OBJ_aes,26L + +#define SN_aes_192_ccm "id-aes192-CCM" +#define LN_aes_192_ccm "aes-192-ccm" +#define NID_aes_192_ccm 899 +#define OBJ_aes_192_ccm OBJ_aes,27L + +#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" +#define NID_id_aes192_wrap_pad 900 +#define OBJ_id_aes192_wrap_pad OBJ_aes,28L + +#define SN_aes_256_ecb "AES-256-ECB" +#define LN_aes_256_ecb "aes-256-ecb" +#define NID_aes_256_ecb 426 +#define OBJ_aes_256_ecb OBJ_aes,41L + +#define SN_aes_256_cbc "AES-256-CBC" +#define LN_aes_256_cbc "aes-256-cbc" +#define NID_aes_256_cbc 427 +#define OBJ_aes_256_cbc OBJ_aes,42L + +#define SN_aes_256_ofb128 "AES-256-OFB" +#define LN_aes_256_ofb128 "aes-256-ofb" +#define NID_aes_256_ofb128 428 +#define OBJ_aes_256_ofb128 OBJ_aes,43L + +#define SN_aes_256_cfb128 "AES-256-CFB" +#define LN_aes_256_cfb128 "aes-256-cfb" +#define NID_aes_256_cfb128 429 +#define OBJ_aes_256_cfb128 OBJ_aes,44L + +#define SN_id_aes256_wrap "id-aes256-wrap" +#define NID_id_aes256_wrap 790 +#define OBJ_id_aes256_wrap OBJ_aes,45L + +#define SN_aes_256_gcm "id-aes256-GCM" +#define LN_aes_256_gcm "aes-256-gcm" +#define NID_aes_256_gcm 901 +#define OBJ_aes_256_gcm OBJ_aes,46L + +#define SN_aes_256_ccm "id-aes256-CCM" +#define LN_aes_256_ccm "aes-256-ccm" +#define NID_aes_256_ccm 902 +#define OBJ_aes_256_ccm OBJ_aes,47L + +#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" +#define NID_id_aes256_wrap_pad 903 +#define OBJ_id_aes256_wrap_pad OBJ_aes,48L + +#define SN_aes_128_xts "AES-128-XTS" +#define LN_aes_128_xts "aes-128-xts" +#define NID_aes_128_xts 913 +#define OBJ_aes_128_xts OBJ_ieee_siswg,0L,1L,1L + +#define SN_aes_256_xts "AES-256-XTS" +#define LN_aes_256_xts "aes-256-xts" +#define NID_aes_256_xts 914 +#define OBJ_aes_256_xts OBJ_ieee_siswg,0L,1L,2L + +#define SN_aes_128_cfb1 "AES-128-CFB1" +#define LN_aes_128_cfb1 "aes-128-cfb1" +#define NID_aes_128_cfb1 650 + +#define SN_aes_192_cfb1 "AES-192-CFB1" +#define LN_aes_192_cfb1 "aes-192-cfb1" +#define NID_aes_192_cfb1 651 + +#define SN_aes_256_cfb1 "AES-256-CFB1" +#define LN_aes_256_cfb1 "aes-256-cfb1" +#define NID_aes_256_cfb1 652 + +#define SN_aes_128_cfb8 "AES-128-CFB8" +#define LN_aes_128_cfb8 "aes-128-cfb8" +#define NID_aes_128_cfb8 653 + +#define SN_aes_192_cfb8 "AES-192-CFB8" +#define LN_aes_192_cfb8 "aes-192-cfb8" +#define NID_aes_192_cfb8 654 + +#define SN_aes_256_cfb8 "AES-256-CFB8" +#define LN_aes_256_cfb8 "aes-256-cfb8" +#define NID_aes_256_cfb8 655 + +#define SN_aes_128_ctr "AES-128-CTR" +#define LN_aes_128_ctr "aes-128-ctr" +#define NID_aes_128_ctr 904 + +#define SN_aes_192_ctr "AES-192-CTR" +#define LN_aes_192_ctr "aes-192-ctr" +#define NID_aes_192_ctr 905 + +#define SN_aes_256_ctr "AES-256-CTR" +#define LN_aes_256_ctr "aes-256-ctr" +#define NID_aes_256_ctr 906 + +#define SN_aes_128_ocb "AES-128-OCB" +#define LN_aes_128_ocb "aes-128-ocb" +#define NID_aes_128_ocb 958 + +#define SN_aes_192_ocb "AES-192-OCB" +#define LN_aes_192_ocb "aes-192-ocb" +#define NID_aes_192_ocb 959 + +#define SN_aes_256_ocb "AES-256-OCB" +#define LN_aes_256_ocb "aes-256-ocb" +#define NID_aes_256_ocb 960 + +#define SN_des_cfb1 "DES-CFB1" +#define LN_des_cfb1 "des-cfb1" +#define NID_des_cfb1 656 + +#define SN_des_cfb8 "DES-CFB8" +#define LN_des_cfb8 "des-cfb8" +#define NID_des_cfb8 657 + +#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" +#define LN_des_ede3_cfb1 "des-ede3-cfb1" +#define NID_des_ede3_cfb1 658 + +#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" +#define LN_des_ede3_cfb8 "des-ede3-cfb8" +#define NID_des_ede3_cfb8 659 + +#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L + +#define SN_sha256 "SHA256" +#define LN_sha256 "sha256" +#define NID_sha256 672 +#define OBJ_sha256 OBJ_nist_hashalgs,1L + +#define SN_sha384 "SHA384" +#define LN_sha384 "sha384" +#define NID_sha384 673 +#define OBJ_sha384 OBJ_nist_hashalgs,2L + +#define SN_sha512 "SHA512" +#define LN_sha512 "sha512" +#define NID_sha512 674 +#define OBJ_sha512 OBJ_nist_hashalgs,3L + +#define SN_sha224 "SHA224" +#define LN_sha224 "sha224" +#define NID_sha224 675 +#define OBJ_sha224 OBJ_nist_hashalgs,4L + +#define SN_sha512_224 "SHA512-224" +#define LN_sha512_224 "sha512-224" +#define NID_sha512_224 1094 +#define OBJ_sha512_224 OBJ_nist_hashalgs,5L + +#define SN_sha512_256 "SHA512-256" +#define LN_sha512_256 "sha512-256" +#define NID_sha512_256 1095 +#define OBJ_sha512_256 OBJ_nist_hashalgs,6L + +#define SN_sha3_224 "SHA3-224" +#define LN_sha3_224 "sha3-224" +#define NID_sha3_224 1096 +#define OBJ_sha3_224 OBJ_nist_hashalgs,7L + +#define SN_sha3_256 "SHA3-256" +#define LN_sha3_256 "sha3-256" +#define NID_sha3_256 1097 +#define OBJ_sha3_256 OBJ_nist_hashalgs,8L + +#define SN_sha3_384 "SHA3-384" +#define LN_sha3_384 "sha3-384" +#define NID_sha3_384 1098 +#define OBJ_sha3_384 OBJ_nist_hashalgs,9L + +#define SN_sha3_512 "SHA3-512" +#define LN_sha3_512 "sha3-512" +#define NID_sha3_512 1099 +#define OBJ_sha3_512 OBJ_nist_hashalgs,10L + +#define SN_shake128 "SHAKE128" +#define LN_shake128 "shake128" +#define NID_shake128 1100 +#define OBJ_shake128 OBJ_nist_hashalgs,11L + +#define SN_shake256 "SHAKE256" +#define LN_shake256 "shake256" +#define NID_shake256 1101 +#define OBJ_shake256 OBJ_nist_hashalgs,12L + +#define SN_hmac_sha3_224 "id-hmacWithSHA3-224" +#define LN_hmac_sha3_224 "hmac-sha3-224" +#define NID_hmac_sha3_224 1102 +#define OBJ_hmac_sha3_224 OBJ_nist_hashalgs,13L + +#define SN_hmac_sha3_256 "id-hmacWithSHA3-256" +#define LN_hmac_sha3_256 "hmac-sha3-256" +#define NID_hmac_sha3_256 1103 +#define OBJ_hmac_sha3_256 OBJ_nist_hashalgs,14L + +#define SN_hmac_sha3_384 "id-hmacWithSHA3-384" +#define LN_hmac_sha3_384 "hmac-sha3-384" +#define NID_hmac_sha3_384 1104 +#define OBJ_hmac_sha3_384 OBJ_nist_hashalgs,15L + +#define SN_hmac_sha3_512 "id-hmacWithSHA3-512" +#define LN_hmac_sha3_512 "hmac-sha3-512" +#define NID_hmac_sha3_512 1105 +#define OBJ_hmac_sha3_512 OBJ_nist_hashalgs,16L + +#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA224 "dsa_with_SHA224" +#define NID_dsa_with_SHA224 802 +#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L + +#define SN_dsa_with_SHA256 "dsa_with_SHA256" +#define NID_dsa_with_SHA256 803 +#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L + +#define OBJ_sigAlgs OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA384 "id-dsa-with-sha384" +#define LN_dsa_with_SHA384 "dsa_with_SHA384" +#define NID_dsa_with_SHA384 1106 +#define OBJ_dsa_with_SHA384 OBJ_sigAlgs,3L + +#define SN_dsa_with_SHA512 "id-dsa-with-sha512" +#define LN_dsa_with_SHA512 "dsa_with_SHA512" +#define NID_dsa_with_SHA512 1107 +#define OBJ_dsa_with_SHA512 OBJ_sigAlgs,4L + +#define SN_dsa_with_SHA3_224 "id-dsa-with-sha3-224" +#define LN_dsa_with_SHA3_224 "dsa_with_SHA3-224" +#define NID_dsa_with_SHA3_224 1108 +#define OBJ_dsa_with_SHA3_224 OBJ_sigAlgs,5L + +#define SN_dsa_with_SHA3_256 "id-dsa-with-sha3-256" +#define LN_dsa_with_SHA3_256 "dsa_with_SHA3-256" +#define NID_dsa_with_SHA3_256 1109 +#define OBJ_dsa_with_SHA3_256 OBJ_sigAlgs,6L + +#define SN_dsa_with_SHA3_384 "id-dsa-with-sha3-384" +#define LN_dsa_with_SHA3_384 "dsa_with_SHA3-384" +#define NID_dsa_with_SHA3_384 1110 +#define OBJ_dsa_with_SHA3_384 OBJ_sigAlgs,7L + +#define SN_dsa_with_SHA3_512 "id-dsa-with-sha3-512" +#define LN_dsa_with_SHA3_512 "dsa_with_SHA3-512" +#define NID_dsa_with_SHA3_512 1111 +#define OBJ_dsa_with_SHA3_512 OBJ_sigAlgs,8L + +#define SN_ecdsa_with_SHA3_224 "id-ecdsa-with-sha3-224" +#define LN_ecdsa_with_SHA3_224 "ecdsa_with_SHA3-224" +#define NID_ecdsa_with_SHA3_224 1112 +#define OBJ_ecdsa_with_SHA3_224 OBJ_sigAlgs,9L + +#define SN_ecdsa_with_SHA3_256 "id-ecdsa-with-sha3-256" +#define LN_ecdsa_with_SHA3_256 "ecdsa_with_SHA3-256" +#define NID_ecdsa_with_SHA3_256 1113 +#define OBJ_ecdsa_with_SHA3_256 OBJ_sigAlgs,10L + +#define SN_ecdsa_with_SHA3_384 "id-ecdsa-with-sha3-384" +#define LN_ecdsa_with_SHA3_384 "ecdsa_with_SHA3-384" +#define NID_ecdsa_with_SHA3_384 1114 +#define OBJ_ecdsa_with_SHA3_384 OBJ_sigAlgs,11L + +#define SN_ecdsa_with_SHA3_512 "id-ecdsa-with-sha3-512" +#define LN_ecdsa_with_SHA3_512 "ecdsa_with_SHA3-512" +#define NID_ecdsa_with_SHA3_512 1115 +#define OBJ_ecdsa_with_SHA3_512 OBJ_sigAlgs,12L + +#define SN_RSA_SHA3_224 "id-rsassa-pkcs1-v1_5-with-sha3-224" +#define LN_RSA_SHA3_224 "RSA-SHA3-224" +#define NID_RSA_SHA3_224 1116 +#define OBJ_RSA_SHA3_224 OBJ_sigAlgs,13L + +#define SN_RSA_SHA3_256 "id-rsassa-pkcs1-v1_5-with-sha3-256" +#define LN_RSA_SHA3_256 "RSA-SHA3-256" +#define NID_RSA_SHA3_256 1117 +#define OBJ_RSA_SHA3_256 OBJ_sigAlgs,14L + +#define SN_RSA_SHA3_384 "id-rsassa-pkcs1-v1_5-with-sha3-384" +#define LN_RSA_SHA3_384 "RSA-SHA3-384" +#define NID_RSA_SHA3_384 1118 +#define OBJ_RSA_SHA3_384 OBJ_sigAlgs,15L + +#define SN_RSA_SHA3_512 "id-rsassa-pkcs1-v1_5-with-sha3-512" +#define LN_RSA_SHA3_512 "RSA-SHA3-512" +#define NID_RSA_SHA3_512 1119 +#define OBJ_RSA_SHA3_512 OBJ_sigAlgs,16L + +#define SN_hold_instruction_code "holdInstructionCode" +#define LN_hold_instruction_code "Hold Instruction Code" +#define NID_hold_instruction_code 430 +#define OBJ_hold_instruction_code OBJ_id_ce,23L + +#define OBJ_holdInstruction OBJ_X9_57,2L + +#define SN_hold_instruction_none "holdInstructionNone" +#define LN_hold_instruction_none "Hold Instruction None" +#define NID_hold_instruction_none 431 +#define OBJ_hold_instruction_none OBJ_holdInstruction,1L + +#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" +#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" +#define NID_hold_instruction_call_issuer 432 +#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L + +#define SN_hold_instruction_reject "holdInstructionReject" +#define LN_hold_instruction_reject "Hold Instruction Reject" +#define NID_hold_instruction_reject 433 +#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L + +#define SN_data "data" +#define NID_data 434 +#define OBJ_data OBJ_itu_t,9L + +#define SN_pss "pss" +#define NID_pss 435 +#define OBJ_pss OBJ_data,2342L + +#define SN_ucl "ucl" +#define NID_ucl 436 +#define OBJ_ucl OBJ_pss,19200300L + +#define SN_pilot "pilot" +#define NID_pilot 437 +#define OBJ_pilot OBJ_ucl,100L + +#define LN_pilotAttributeType "pilotAttributeType" +#define NID_pilotAttributeType 438 +#define OBJ_pilotAttributeType OBJ_pilot,1L + +#define LN_pilotAttributeSyntax "pilotAttributeSyntax" +#define NID_pilotAttributeSyntax 439 +#define OBJ_pilotAttributeSyntax OBJ_pilot,3L + +#define LN_pilotObjectClass "pilotObjectClass" +#define NID_pilotObjectClass 440 +#define OBJ_pilotObjectClass OBJ_pilot,4L + +#define LN_pilotGroups "pilotGroups" +#define NID_pilotGroups 441 +#define OBJ_pilotGroups OBJ_pilot,10L + +#define LN_iA5StringSyntax "iA5StringSyntax" +#define NID_iA5StringSyntax 442 +#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L + +#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" +#define NID_caseIgnoreIA5StringSyntax 443 +#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L + +#define LN_pilotObject "pilotObject" +#define NID_pilotObject 444 +#define OBJ_pilotObject OBJ_pilotObjectClass,3L + +#define LN_pilotPerson "pilotPerson" +#define NID_pilotPerson 445 +#define OBJ_pilotPerson OBJ_pilotObjectClass,4L + +#define SN_account "account" +#define NID_account 446 +#define OBJ_account OBJ_pilotObjectClass,5L + +#define SN_document "document" +#define NID_document 447 +#define OBJ_document OBJ_pilotObjectClass,6L + +#define SN_room "room" +#define NID_room 448 +#define OBJ_room OBJ_pilotObjectClass,7L + +#define LN_documentSeries "documentSeries" +#define NID_documentSeries 449 +#define OBJ_documentSeries OBJ_pilotObjectClass,9L + +#define SN_Domain "domain" +#define LN_Domain "Domain" +#define NID_Domain 392 +#define OBJ_Domain OBJ_pilotObjectClass,13L + +#define LN_rFC822localPart "rFC822localPart" +#define NID_rFC822localPart 450 +#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L + +#define LN_dNSDomain "dNSDomain" +#define NID_dNSDomain 451 +#define OBJ_dNSDomain OBJ_pilotObjectClass,15L + +#define LN_domainRelatedObject "domainRelatedObject" +#define NID_domainRelatedObject 452 +#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L + +#define LN_friendlyCountry "friendlyCountry" +#define NID_friendlyCountry 453 +#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L + +#define LN_simpleSecurityObject "simpleSecurityObject" +#define NID_simpleSecurityObject 454 +#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L + +#define LN_pilotOrganization "pilotOrganization" +#define NID_pilotOrganization 455 +#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L + +#define LN_pilotDSA "pilotDSA" +#define NID_pilotDSA 456 +#define OBJ_pilotDSA OBJ_pilotObjectClass,21L + +#define LN_qualityLabelledData "qualityLabelledData" +#define NID_qualityLabelledData 457 +#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L + +#define SN_userId "UID" +#define LN_userId "userId" +#define NID_userId 458 +#define OBJ_userId OBJ_pilotAttributeType,1L + +#define LN_textEncodedORAddress "textEncodedORAddress" +#define NID_textEncodedORAddress 459 +#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L + +#define SN_rfc822Mailbox "mail" +#define LN_rfc822Mailbox "rfc822Mailbox" +#define NID_rfc822Mailbox 460 +#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L + +#define SN_info "info" +#define NID_info 461 +#define OBJ_info OBJ_pilotAttributeType,4L + +#define LN_favouriteDrink "favouriteDrink" +#define NID_favouriteDrink 462 +#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L + +#define LN_roomNumber "roomNumber" +#define NID_roomNumber 463 +#define OBJ_roomNumber OBJ_pilotAttributeType,6L + +#define SN_photo "photo" +#define NID_photo 464 +#define OBJ_photo OBJ_pilotAttributeType,7L + +#define LN_userClass "userClass" +#define NID_userClass 465 +#define OBJ_userClass OBJ_pilotAttributeType,8L + +#define SN_host "host" +#define NID_host 466 +#define OBJ_host OBJ_pilotAttributeType,9L + +#define SN_manager "manager" +#define NID_manager 467 +#define OBJ_manager OBJ_pilotAttributeType,10L + +#define LN_documentIdentifier "documentIdentifier" +#define NID_documentIdentifier 468 +#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L + +#define LN_documentTitle "documentTitle" +#define NID_documentTitle 469 +#define OBJ_documentTitle OBJ_pilotAttributeType,12L + +#define LN_documentVersion "documentVersion" +#define NID_documentVersion 470 +#define OBJ_documentVersion OBJ_pilotAttributeType,13L + +#define LN_documentAuthor "documentAuthor" +#define NID_documentAuthor 471 +#define OBJ_documentAuthor OBJ_pilotAttributeType,14L + +#define LN_documentLocation "documentLocation" +#define NID_documentLocation 472 +#define OBJ_documentLocation OBJ_pilotAttributeType,15L + +#define LN_homeTelephoneNumber "homeTelephoneNumber" +#define NID_homeTelephoneNumber 473 +#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L + +#define SN_secretary "secretary" +#define NID_secretary 474 +#define OBJ_secretary OBJ_pilotAttributeType,21L + +#define LN_otherMailbox "otherMailbox" +#define NID_otherMailbox 475 +#define OBJ_otherMailbox OBJ_pilotAttributeType,22L + +#define LN_lastModifiedTime "lastModifiedTime" +#define NID_lastModifiedTime 476 +#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L + +#define LN_lastModifiedBy "lastModifiedBy" +#define NID_lastModifiedBy 477 +#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L + +#define SN_domainComponent "DC" +#define LN_domainComponent "domainComponent" +#define NID_domainComponent 391 +#define OBJ_domainComponent OBJ_pilotAttributeType,25L + +#define LN_aRecord "aRecord" +#define NID_aRecord 478 +#define OBJ_aRecord OBJ_pilotAttributeType,26L + +#define LN_pilotAttributeType27 "pilotAttributeType27" +#define NID_pilotAttributeType27 479 +#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L + +#define LN_mXRecord "mXRecord" +#define NID_mXRecord 480 +#define OBJ_mXRecord OBJ_pilotAttributeType,28L + +#define LN_nSRecord "nSRecord" +#define NID_nSRecord 481 +#define OBJ_nSRecord OBJ_pilotAttributeType,29L + +#define LN_sOARecord "sOARecord" +#define NID_sOARecord 482 +#define OBJ_sOARecord OBJ_pilotAttributeType,30L + +#define LN_cNAMERecord "cNAMERecord" +#define NID_cNAMERecord 483 +#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L + +#define LN_associatedDomain "associatedDomain" +#define NID_associatedDomain 484 +#define OBJ_associatedDomain OBJ_pilotAttributeType,37L + +#define LN_associatedName "associatedName" +#define NID_associatedName 485 +#define OBJ_associatedName OBJ_pilotAttributeType,38L + +#define LN_homePostalAddress "homePostalAddress" +#define NID_homePostalAddress 486 +#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L + +#define LN_personalTitle "personalTitle" +#define NID_personalTitle 487 +#define OBJ_personalTitle OBJ_pilotAttributeType,40L + +#define LN_mobileTelephoneNumber "mobileTelephoneNumber" +#define NID_mobileTelephoneNumber 488 +#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L + +#define LN_pagerTelephoneNumber "pagerTelephoneNumber" +#define NID_pagerTelephoneNumber 489 +#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L + +#define LN_friendlyCountryName "friendlyCountryName" +#define NID_friendlyCountryName 490 +#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L + +#define SN_uniqueIdentifier "uid" +#define LN_uniqueIdentifier "uniqueIdentifier" +#define NID_uniqueIdentifier 102 +#define OBJ_uniqueIdentifier OBJ_pilotAttributeType,44L + +#define LN_organizationalStatus "organizationalStatus" +#define NID_organizationalStatus 491 +#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L + +#define LN_janetMailbox "janetMailbox" +#define NID_janetMailbox 492 +#define OBJ_janetMailbox OBJ_pilotAttributeType,46L + +#define LN_mailPreferenceOption "mailPreferenceOption" +#define NID_mailPreferenceOption 493 +#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L + +#define LN_buildingName "buildingName" +#define NID_buildingName 494 +#define OBJ_buildingName OBJ_pilotAttributeType,48L + +#define LN_dSAQuality "dSAQuality" +#define NID_dSAQuality 495 +#define OBJ_dSAQuality OBJ_pilotAttributeType,49L + +#define LN_singleLevelQuality "singleLevelQuality" +#define NID_singleLevelQuality 496 +#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L + +#define LN_subtreeMinimumQuality "subtreeMinimumQuality" +#define NID_subtreeMinimumQuality 497 +#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L + +#define LN_subtreeMaximumQuality "subtreeMaximumQuality" +#define NID_subtreeMaximumQuality 498 +#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L + +#define LN_personalSignature "personalSignature" +#define NID_personalSignature 499 +#define OBJ_personalSignature OBJ_pilotAttributeType,53L + +#define LN_dITRedirect "dITRedirect" +#define NID_dITRedirect 500 +#define OBJ_dITRedirect OBJ_pilotAttributeType,54L + +#define SN_audio "audio" +#define NID_audio 501 +#define OBJ_audio OBJ_pilotAttributeType,55L + +#define LN_documentPublisher "documentPublisher" +#define NID_documentPublisher 502 +#define OBJ_documentPublisher OBJ_pilotAttributeType,56L + +#define SN_id_set "id-set" +#define LN_id_set "Secure Electronic Transactions" +#define NID_id_set 512 +#define OBJ_id_set OBJ_international_organizations,42L + +#define SN_set_ctype "set-ctype" +#define LN_set_ctype "content types" +#define NID_set_ctype 513 +#define OBJ_set_ctype OBJ_id_set,0L + +#define SN_set_msgExt "set-msgExt" +#define LN_set_msgExt "message extensions" +#define NID_set_msgExt 514 +#define OBJ_set_msgExt OBJ_id_set,1L + +#define SN_set_attr "set-attr" +#define NID_set_attr 515 +#define OBJ_set_attr OBJ_id_set,3L + +#define SN_set_policy "set-policy" +#define NID_set_policy 516 +#define OBJ_set_policy OBJ_id_set,5L + +#define SN_set_certExt "set-certExt" +#define LN_set_certExt "certificate extensions" +#define NID_set_certExt 517 +#define OBJ_set_certExt OBJ_id_set,7L + +#define SN_set_brand "set-brand" +#define NID_set_brand 518 +#define OBJ_set_brand OBJ_id_set,8L + +#define SN_setct_PANData "setct-PANData" +#define NID_setct_PANData 519 +#define OBJ_setct_PANData OBJ_set_ctype,0L + +#define SN_setct_PANToken "setct-PANToken" +#define NID_setct_PANToken 520 +#define OBJ_setct_PANToken OBJ_set_ctype,1L + +#define SN_setct_PANOnly "setct-PANOnly" +#define NID_setct_PANOnly 521 +#define OBJ_setct_PANOnly OBJ_set_ctype,2L + +#define SN_setct_OIData "setct-OIData" +#define NID_setct_OIData 522 +#define OBJ_setct_OIData OBJ_set_ctype,3L + +#define SN_setct_PI "setct-PI" +#define NID_setct_PI 523 +#define OBJ_setct_PI OBJ_set_ctype,4L + +#define SN_setct_PIData "setct-PIData" +#define NID_setct_PIData 524 +#define OBJ_setct_PIData OBJ_set_ctype,5L + +#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" +#define NID_setct_PIDataUnsigned 525 +#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L + +#define SN_setct_HODInput "setct-HODInput" +#define NID_setct_HODInput 526 +#define OBJ_setct_HODInput OBJ_set_ctype,7L + +#define SN_setct_AuthResBaggage "setct-AuthResBaggage" +#define NID_setct_AuthResBaggage 527 +#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L + +#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" +#define NID_setct_AuthRevReqBaggage 528 +#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L + +#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" +#define NID_setct_AuthRevResBaggage 529 +#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L + +#define SN_setct_CapTokenSeq "setct-CapTokenSeq" +#define NID_setct_CapTokenSeq 530 +#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L + +#define SN_setct_PInitResData "setct-PInitResData" +#define NID_setct_PInitResData 531 +#define OBJ_setct_PInitResData OBJ_set_ctype,12L + +#define SN_setct_PI_TBS "setct-PI-TBS" +#define NID_setct_PI_TBS 532 +#define OBJ_setct_PI_TBS OBJ_set_ctype,13L + +#define SN_setct_PResData "setct-PResData" +#define NID_setct_PResData 533 +#define OBJ_setct_PResData OBJ_set_ctype,14L + +#define SN_setct_AuthReqTBS "setct-AuthReqTBS" +#define NID_setct_AuthReqTBS 534 +#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L + +#define SN_setct_AuthResTBS "setct-AuthResTBS" +#define NID_setct_AuthResTBS 535 +#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L + +#define SN_setct_AuthResTBSX "setct-AuthResTBSX" +#define NID_setct_AuthResTBSX 536 +#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L + +#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" +#define NID_setct_AuthTokenTBS 537 +#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L + +#define SN_setct_CapTokenData "setct-CapTokenData" +#define NID_setct_CapTokenData 538 +#define OBJ_setct_CapTokenData OBJ_set_ctype,20L + +#define SN_setct_CapTokenTBS "setct-CapTokenTBS" +#define NID_setct_CapTokenTBS 539 +#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L + +#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" +#define NID_setct_AcqCardCodeMsg 540 +#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L + +#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" +#define NID_setct_AuthRevReqTBS 541 +#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L + +#define SN_setct_AuthRevResData "setct-AuthRevResData" +#define NID_setct_AuthRevResData 542 +#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L + +#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" +#define NID_setct_AuthRevResTBS 543 +#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L + +#define SN_setct_CapReqTBS "setct-CapReqTBS" +#define NID_setct_CapReqTBS 544 +#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L + +#define SN_setct_CapReqTBSX "setct-CapReqTBSX" +#define NID_setct_CapReqTBSX 545 +#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L + +#define SN_setct_CapResData "setct-CapResData" +#define NID_setct_CapResData 546 +#define OBJ_setct_CapResData OBJ_set_ctype,28L + +#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" +#define NID_setct_CapRevReqTBS 547 +#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L + +#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" +#define NID_setct_CapRevReqTBSX 548 +#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L + +#define SN_setct_CapRevResData "setct-CapRevResData" +#define NID_setct_CapRevResData 549 +#define OBJ_setct_CapRevResData OBJ_set_ctype,31L + +#define SN_setct_CredReqTBS "setct-CredReqTBS" +#define NID_setct_CredReqTBS 550 +#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L + +#define SN_setct_CredReqTBSX "setct-CredReqTBSX" +#define NID_setct_CredReqTBSX 551 +#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L + +#define SN_setct_CredResData "setct-CredResData" +#define NID_setct_CredResData 552 +#define OBJ_setct_CredResData OBJ_set_ctype,34L + +#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" +#define NID_setct_CredRevReqTBS 553 +#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L + +#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" +#define NID_setct_CredRevReqTBSX 554 +#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L + +#define SN_setct_CredRevResData "setct-CredRevResData" +#define NID_setct_CredRevResData 555 +#define OBJ_setct_CredRevResData OBJ_set_ctype,37L + +#define SN_setct_PCertReqData "setct-PCertReqData" +#define NID_setct_PCertReqData 556 +#define OBJ_setct_PCertReqData OBJ_set_ctype,38L + +#define SN_setct_PCertResTBS "setct-PCertResTBS" +#define NID_setct_PCertResTBS 557 +#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L + +#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" +#define NID_setct_BatchAdminReqData 558 +#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L + +#define SN_setct_BatchAdminResData "setct-BatchAdminResData" +#define NID_setct_BatchAdminResData 559 +#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L + +#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" +#define NID_setct_CardCInitResTBS 560 +#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L + +#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" +#define NID_setct_MeAqCInitResTBS 561 +#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L + +#define SN_setct_RegFormResTBS "setct-RegFormResTBS" +#define NID_setct_RegFormResTBS 562 +#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L + +#define SN_setct_CertReqData "setct-CertReqData" +#define NID_setct_CertReqData 563 +#define OBJ_setct_CertReqData OBJ_set_ctype,45L + +#define SN_setct_CertReqTBS "setct-CertReqTBS" +#define NID_setct_CertReqTBS 564 +#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L + +#define SN_setct_CertResData "setct-CertResData" +#define NID_setct_CertResData 565 +#define OBJ_setct_CertResData OBJ_set_ctype,47L + +#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" +#define NID_setct_CertInqReqTBS 566 +#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L + +#define SN_setct_ErrorTBS "setct-ErrorTBS" +#define NID_setct_ErrorTBS 567 +#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L + +#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" +#define NID_setct_PIDualSignedTBE 568 +#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L + +#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" +#define NID_setct_PIUnsignedTBE 569 +#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L + +#define SN_setct_AuthReqTBE "setct-AuthReqTBE" +#define NID_setct_AuthReqTBE 570 +#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L + +#define SN_setct_AuthResTBE "setct-AuthResTBE" +#define NID_setct_AuthResTBE 571 +#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L + +#define SN_setct_AuthResTBEX "setct-AuthResTBEX" +#define NID_setct_AuthResTBEX 572 +#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L + +#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" +#define NID_setct_AuthTokenTBE 573 +#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L + +#define SN_setct_CapTokenTBE "setct-CapTokenTBE" +#define NID_setct_CapTokenTBE 574 +#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L + +#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" +#define NID_setct_CapTokenTBEX 575 +#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L + +#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" +#define NID_setct_AcqCardCodeMsgTBE 576 +#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L + +#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" +#define NID_setct_AuthRevReqTBE 577 +#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L + +#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" +#define NID_setct_AuthRevResTBE 578 +#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L + +#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" +#define NID_setct_AuthRevResTBEB 579 +#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L + +#define SN_setct_CapReqTBE "setct-CapReqTBE" +#define NID_setct_CapReqTBE 580 +#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L + +#define SN_setct_CapReqTBEX "setct-CapReqTBEX" +#define NID_setct_CapReqTBEX 581 +#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L + +#define SN_setct_CapResTBE "setct-CapResTBE" +#define NID_setct_CapResTBE 582 +#define OBJ_setct_CapResTBE OBJ_set_ctype,64L + +#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" +#define NID_setct_CapRevReqTBE 583 +#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L + +#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" +#define NID_setct_CapRevReqTBEX 584 +#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L + +#define SN_setct_CapRevResTBE "setct-CapRevResTBE" +#define NID_setct_CapRevResTBE 585 +#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L + +#define SN_setct_CredReqTBE "setct-CredReqTBE" +#define NID_setct_CredReqTBE 586 +#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L + +#define SN_setct_CredReqTBEX "setct-CredReqTBEX" +#define NID_setct_CredReqTBEX 587 +#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L + +#define SN_setct_CredResTBE "setct-CredResTBE" +#define NID_setct_CredResTBE 588 +#define OBJ_setct_CredResTBE OBJ_set_ctype,70L + +#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" +#define NID_setct_CredRevReqTBE 589 +#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L + +#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" +#define NID_setct_CredRevReqTBEX 590 +#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L + +#define SN_setct_CredRevResTBE "setct-CredRevResTBE" +#define NID_setct_CredRevResTBE 591 +#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L + +#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" +#define NID_setct_BatchAdminReqTBE 592 +#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L + +#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" +#define NID_setct_BatchAdminResTBE 593 +#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L + +#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" +#define NID_setct_RegFormReqTBE 594 +#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L + +#define SN_setct_CertReqTBE "setct-CertReqTBE" +#define NID_setct_CertReqTBE 595 +#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L + +#define SN_setct_CertReqTBEX "setct-CertReqTBEX" +#define NID_setct_CertReqTBEX 596 +#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L + +#define SN_setct_CertResTBE "setct-CertResTBE" +#define NID_setct_CertResTBE 597 +#define OBJ_setct_CertResTBE OBJ_set_ctype,79L + +#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" +#define NID_setct_CRLNotificationTBS 598 +#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L + +#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" +#define NID_setct_CRLNotificationResTBS 599 +#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L + +#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" +#define NID_setct_BCIDistributionTBS 600 +#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L + +#define SN_setext_genCrypt "setext-genCrypt" +#define LN_setext_genCrypt "generic cryptogram" +#define NID_setext_genCrypt 601 +#define OBJ_setext_genCrypt OBJ_set_msgExt,1L + +#define SN_setext_miAuth "setext-miAuth" +#define LN_setext_miAuth "merchant initiated auth" +#define NID_setext_miAuth 602 +#define OBJ_setext_miAuth OBJ_set_msgExt,3L + +#define SN_setext_pinSecure "setext-pinSecure" +#define NID_setext_pinSecure 603 +#define OBJ_setext_pinSecure OBJ_set_msgExt,4L + +#define SN_setext_pinAny "setext-pinAny" +#define NID_setext_pinAny 604 +#define OBJ_setext_pinAny OBJ_set_msgExt,5L + +#define SN_setext_track2 "setext-track2" +#define NID_setext_track2 605 +#define OBJ_setext_track2 OBJ_set_msgExt,7L + +#define SN_setext_cv "setext-cv" +#define LN_setext_cv "additional verification" +#define NID_setext_cv 606 +#define OBJ_setext_cv OBJ_set_msgExt,8L + +#define SN_set_policy_root "set-policy-root" +#define NID_set_policy_root 607 +#define OBJ_set_policy_root OBJ_set_policy,0L + +#define SN_setCext_hashedRoot "setCext-hashedRoot" +#define NID_setCext_hashedRoot 608 +#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L + +#define SN_setCext_certType "setCext-certType" +#define NID_setCext_certType 609 +#define OBJ_setCext_certType OBJ_set_certExt,1L + +#define SN_setCext_merchData "setCext-merchData" +#define NID_setCext_merchData 610 +#define OBJ_setCext_merchData OBJ_set_certExt,2L + +#define SN_setCext_cCertRequired "setCext-cCertRequired" +#define NID_setCext_cCertRequired 611 +#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L + +#define SN_setCext_tunneling "setCext-tunneling" +#define NID_setCext_tunneling 612 +#define OBJ_setCext_tunneling OBJ_set_certExt,4L + +#define SN_setCext_setExt "setCext-setExt" +#define NID_setCext_setExt 613 +#define OBJ_setCext_setExt OBJ_set_certExt,5L + +#define SN_setCext_setQualf "setCext-setQualf" +#define NID_setCext_setQualf 614 +#define OBJ_setCext_setQualf OBJ_set_certExt,6L + +#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" +#define NID_setCext_PGWYcapabilities 615 +#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L + +#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" +#define NID_setCext_TokenIdentifier 616 +#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L + +#define SN_setCext_Track2Data "setCext-Track2Data" +#define NID_setCext_Track2Data 617 +#define OBJ_setCext_Track2Data OBJ_set_certExt,9L + +#define SN_setCext_TokenType "setCext-TokenType" +#define NID_setCext_TokenType 618 +#define OBJ_setCext_TokenType OBJ_set_certExt,10L + +#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" +#define NID_setCext_IssuerCapabilities 619 +#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L + +#define SN_setAttr_Cert "setAttr-Cert" +#define NID_setAttr_Cert 620 +#define OBJ_setAttr_Cert OBJ_set_attr,0L + +#define SN_setAttr_PGWYcap "setAttr-PGWYcap" +#define LN_setAttr_PGWYcap "payment gateway capabilities" +#define NID_setAttr_PGWYcap 621 +#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L + +#define SN_setAttr_TokenType "setAttr-TokenType" +#define NID_setAttr_TokenType 622 +#define OBJ_setAttr_TokenType OBJ_set_attr,2L + +#define SN_setAttr_IssCap "setAttr-IssCap" +#define LN_setAttr_IssCap "issuer capabilities" +#define NID_setAttr_IssCap 623 +#define OBJ_setAttr_IssCap OBJ_set_attr,3L + +#define SN_set_rootKeyThumb "set-rootKeyThumb" +#define NID_set_rootKeyThumb 624 +#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L + +#define SN_set_addPolicy "set-addPolicy" +#define NID_set_addPolicy 625 +#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L + +#define SN_setAttr_Token_EMV "setAttr-Token-EMV" +#define NID_setAttr_Token_EMV 626 +#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L + +#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" +#define NID_setAttr_Token_B0Prime 627 +#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L + +#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" +#define NID_setAttr_IssCap_CVM 628 +#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L + +#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" +#define NID_setAttr_IssCap_T2 629 +#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L + +#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" +#define NID_setAttr_IssCap_Sig 630 +#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L + +#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" +#define LN_setAttr_GenCryptgrm "generate cryptogram" +#define NID_setAttr_GenCryptgrm 631 +#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L + +#define SN_setAttr_T2Enc "setAttr-T2Enc" +#define LN_setAttr_T2Enc "encrypted track 2" +#define NID_setAttr_T2Enc 632 +#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L + +#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" +#define LN_setAttr_T2cleartxt "cleartext track 2" +#define NID_setAttr_T2cleartxt 633 +#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L + +#define SN_setAttr_TokICCsig "setAttr-TokICCsig" +#define LN_setAttr_TokICCsig "ICC or token signature" +#define NID_setAttr_TokICCsig 634 +#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L + +#define SN_setAttr_SecDevSig "setAttr-SecDevSig" +#define LN_setAttr_SecDevSig "secure device signature" +#define NID_setAttr_SecDevSig 635 +#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L + +#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" +#define NID_set_brand_IATA_ATA 636 +#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L + +#define SN_set_brand_Diners "set-brand-Diners" +#define NID_set_brand_Diners 637 +#define OBJ_set_brand_Diners OBJ_set_brand,30L + +#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" +#define NID_set_brand_AmericanExpress 638 +#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L + +#define SN_set_brand_JCB "set-brand-JCB" +#define NID_set_brand_JCB 639 +#define OBJ_set_brand_JCB OBJ_set_brand,35L + +#define SN_set_brand_Visa "set-brand-Visa" +#define NID_set_brand_Visa 640 +#define OBJ_set_brand_Visa OBJ_set_brand,4L + +#define SN_set_brand_MasterCard "set-brand-MasterCard" +#define NID_set_brand_MasterCard 641 +#define OBJ_set_brand_MasterCard OBJ_set_brand,5L + +#define SN_set_brand_Novus "set-brand-Novus" +#define NID_set_brand_Novus 642 +#define OBJ_set_brand_Novus OBJ_set_brand,6011L + +#define SN_des_cdmf "DES-CDMF" +#define LN_des_cdmf "des-cdmf" +#define NID_des_cdmf 643 +#define OBJ_des_cdmf OBJ_rsadsi,3L,10L + +#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" +#define NID_rsaOAEPEncryptionSET 644 +#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L + +#define SN_ipsec3 "Oakley-EC2N-3" +#define LN_ipsec3 "ipsec3" +#define NID_ipsec3 749 + +#define SN_ipsec4 "Oakley-EC2N-4" +#define LN_ipsec4 "ipsec4" +#define NID_ipsec4 750 + +#define SN_whirlpool "whirlpool" +#define NID_whirlpool 804 +#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L + +#define SN_cryptopro "cryptopro" +#define NID_cryptopro 805 +#define OBJ_cryptopro OBJ_member_body,643L,2L,2L + +#define SN_cryptocom "cryptocom" +#define NID_cryptocom 806 +#define OBJ_cryptocom OBJ_member_body,643L,2L,9L + +#define SN_id_tc26 "id-tc26" +#define NID_id_tc26 974 +#define OBJ_id_tc26 OBJ_member_body,643L,7L,1L + +#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" +#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" +#define NID_id_GostR3411_94_with_GostR3410_2001 807 +#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L + +#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" +#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" +#define NID_id_GostR3411_94_with_GostR3410_94 808 +#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L + +#define SN_id_GostR3411_94 "md_gost94" +#define LN_id_GostR3411_94 "GOST R 34.11-94" +#define NID_id_GostR3411_94 809 +#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L + +#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" +#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" +#define NID_id_HMACGostR3411_94 810 +#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L + +#define SN_id_GostR3410_2001 "gost2001" +#define LN_id_GostR3410_2001 "GOST R 34.10-2001" +#define NID_id_GostR3410_2001 811 +#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L + +#define SN_id_GostR3410_94 "gost94" +#define LN_id_GostR3410_94 "GOST R 34.10-94" +#define NID_id_GostR3410_94 812 +#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L + +#define SN_id_Gost28147_89 "gost89" +#define LN_id_Gost28147_89 "GOST 28147-89" +#define NID_id_Gost28147_89 813 +#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L + +#define SN_gost89_cnt "gost89-cnt" +#define NID_gost89_cnt 814 + +#define SN_gost89_cnt_12 "gost89-cnt-12" +#define NID_gost89_cnt_12 975 + +#define SN_gost89_cbc "gost89-cbc" +#define NID_gost89_cbc 1009 + +#define SN_gost89_ecb "gost89-ecb" +#define NID_gost89_ecb 1010 + +#define SN_gost89_ctr "gost89-ctr" +#define NID_gost89_ctr 1011 + +#define SN_id_Gost28147_89_MAC "gost-mac" +#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" +#define NID_id_Gost28147_89_MAC 815 +#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L + +#define SN_gost_mac_12 "gost-mac-12" +#define NID_gost_mac_12 976 + +#define SN_id_GostR3411_94_prf "prf-gostr3411-94" +#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" +#define NID_id_GostR3411_94_prf 816 +#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L + +#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" +#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" +#define NID_id_GostR3410_2001DH 817 +#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L + +#define SN_id_GostR3410_94DH "id-GostR3410-94DH" +#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" +#define NID_id_GostR3410_94DH 818 +#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L + +#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" +#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 +#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L + +#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" +#define NID_id_Gost28147_89_None_KeyMeshing 820 +#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L + +#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" +#define NID_id_GostR3411_94_TestParamSet 821 +#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L + +#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" +#define NID_id_GostR3411_94_CryptoProParamSet 822 +#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L + +#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" +#define NID_id_Gost28147_89_TestParamSet 823 +#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L + +#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 +#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L + +#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 +#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L + +#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 +#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L + +#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 +#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L + +#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L + +#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" +#define NID_id_GostR3410_94_TestParamSet 831 +#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L + +#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 +#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L + +#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 +#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L + +#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 +#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L + +#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 +#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L + +#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L + +#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L + +#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L + +#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" +#define NID_id_GostR3410_2001_TestParamSet 839 +#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L + +#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 +#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L + +#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 +#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L + +#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 +#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L + +#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L + +#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L + +#define SN_id_GostR3410_94_a "id-GostR3410-94-a" +#define NID_id_GostR3410_94_a 845 +#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L + +#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" +#define NID_id_GostR3410_94_aBis 846 +#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L + +#define SN_id_GostR3410_94_b "id-GostR3410-94-b" +#define NID_id_GostR3410_94_b 847 +#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L + +#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" +#define NID_id_GostR3410_94_bBis 848 +#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L + +#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" +#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" +#define NID_id_Gost28147_89_cc 849 +#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L + +#define SN_id_GostR3410_94_cc "gost94cc" +#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" +#define NID_id_GostR3410_94_cc 850 +#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L + +#define SN_id_GostR3410_2001_cc "gost2001cc" +#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" +#define NID_id_GostR3410_2001_cc 851 +#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L + +#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" +#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 +#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L + +#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" +#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 +#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L + +#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" +#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" +#define NID_id_GostR3410_2001_ParamSet_cc 854 +#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L + +#define SN_id_tc26_algorithms "id-tc26-algorithms" +#define NID_id_tc26_algorithms 977 +#define OBJ_id_tc26_algorithms OBJ_id_tc26,1L + +#define SN_id_tc26_sign "id-tc26-sign" +#define NID_id_tc26_sign 978 +#define OBJ_id_tc26_sign OBJ_id_tc26_algorithms,1L + +#define SN_id_GostR3410_2012_256 "gost2012_256" +#define LN_id_GostR3410_2012_256 "GOST R 34.10-2012 with 256 bit modulus" +#define NID_id_GostR3410_2012_256 979 +#define OBJ_id_GostR3410_2012_256 OBJ_id_tc26_sign,1L + +#define SN_id_GostR3410_2012_512 "gost2012_512" +#define LN_id_GostR3410_2012_512 "GOST R 34.10-2012 with 512 bit modulus" +#define NID_id_GostR3410_2012_512 980 +#define OBJ_id_GostR3410_2012_512 OBJ_id_tc26_sign,2L + +#define SN_id_tc26_digest "id-tc26-digest" +#define NID_id_tc26_digest 981 +#define OBJ_id_tc26_digest OBJ_id_tc26_algorithms,2L + +#define SN_id_GostR3411_2012_256 "md_gost12_256" +#define LN_id_GostR3411_2012_256 "GOST R 34.11-2012 with 256 bit hash" +#define NID_id_GostR3411_2012_256 982 +#define OBJ_id_GostR3411_2012_256 OBJ_id_tc26_digest,2L + +#define SN_id_GostR3411_2012_512 "md_gost12_512" +#define LN_id_GostR3411_2012_512 "GOST R 34.11-2012 with 512 bit hash" +#define NID_id_GostR3411_2012_512 983 +#define OBJ_id_GostR3411_2012_512 OBJ_id_tc26_digest,3L + +#define SN_id_tc26_signwithdigest "id-tc26-signwithdigest" +#define NID_id_tc26_signwithdigest 984 +#define OBJ_id_tc26_signwithdigest OBJ_id_tc26_algorithms,3L + +#define SN_id_tc26_signwithdigest_gost3410_2012_256 "id-tc26-signwithdigest-gost3410-2012-256" +#define LN_id_tc26_signwithdigest_gost3410_2012_256 "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_256 985 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_256 OBJ_id_tc26_signwithdigest,2L + +#define SN_id_tc26_signwithdigest_gost3410_2012_512 "id-tc26-signwithdigest-gost3410-2012-512" +#define LN_id_tc26_signwithdigest_gost3410_2012_512 "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_512 986 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_512 OBJ_id_tc26_signwithdigest,3L + +#define SN_id_tc26_mac "id-tc26-mac" +#define NID_id_tc26_mac 987 +#define OBJ_id_tc26_mac OBJ_id_tc26_algorithms,4L + +#define SN_id_tc26_hmac_gost_3411_2012_256 "id-tc26-hmac-gost-3411-2012-256" +#define LN_id_tc26_hmac_gost_3411_2012_256 "HMAC GOST 34.11-2012 256 bit" +#define NID_id_tc26_hmac_gost_3411_2012_256 988 +#define OBJ_id_tc26_hmac_gost_3411_2012_256 OBJ_id_tc26_mac,1L + +#define SN_id_tc26_hmac_gost_3411_2012_512 "id-tc26-hmac-gost-3411-2012-512" +#define LN_id_tc26_hmac_gost_3411_2012_512 "HMAC GOST 34.11-2012 512 bit" +#define NID_id_tc26_hmac_gost_3411_2012_512 989 +#define OBJ_id_tc26_hmac_gost_3411_2012_512 OBJ_id_tc26_mac,2L + +#define SN_id_tc26_cipher "id-tc26-cipher" +#define NID_id_tc26_cipher 990 +#define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L + +#define SN_id_tc26_cipher_gostr3412_2015_magma "id-tc26-cipher-gostr3412-2015-magma" +#define NID_id_tc26_cipher_gostr3412_2015_magma 1173 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma OBJ_id_tc26_cipher,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_magma,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_magma,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik "id-tc26-cipher-gostr3412-2015-kuznyechik" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik 1176 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik OBJ_id_tc26_cipher,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L + +#define SN_id_tc26_agreement "id-tc26-agreement" +#define NID_id_tc26_agreement 991 +#define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L + +#define SN_id_tc26_agreement_gost_3410_2012_256 "id-tc26-agreement-gost-3410-2012-256" +#define NID_id_tc26_agreement_gost_3410_2012_256 992 +#define OBJ_id_tc26_agreement_gost_3410_2012_256 OBJ_id_tc26_agreement,1L + +#define SN_id_tc26_agreement_gost_3410_2012_512 "id-tc26-agreement-gost-3410-2012-512" +#define NID_id_tc26_agreement_gost_3410_2012_512 993 +#define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L + +#define SN_id_tc26_wrap "id-tc26-wrap" +#define NID_id_tc26_wrap 1179 +#define OBJ_id_tc26_wrap OBJ_id_tc26_algorithms,7L + +#define SN_id_tc26_wrap_gostr3412_2015_magma "id-tc26-wrap-gostr3412-2015-magma" +#define NID_id_tc26_wrap_gostr3412_2015_magma 1180 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma OBJ_id_tc26_wrap,1L + +#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 "id-tc26-wrap-gostr3412-2015-magma-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 1181 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik "id-tc26-wrap-gostr3412-2015-kuznyechik" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik 1182 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik OBJ_id_tc26_wrap,2L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_constants "id-tc26-constants" +#define NID_id_tc26_constants 994 +#define OBJ_id_tc26_constants OBJ_id_tc26,2L + +#define SN_id_tc26_sign_constants "id-tc26-sign-constants" +#define NID_id_tc26_sign_constants 995 +#define OBJ_id_tc26_sign_constants OBJ_id_tc26_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_constants "id-tc26-gost-3410-2012-256-constants" +#define NID_id_tc26_gost_3410_2012_256_constants 1147 +#define OBJ_id_tc26_gost_3410_2012_256_constants OBJ_id_tc26_sign_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetA "id-tc26-gost-3410-2012-256-paramSetA" +#define LN_id_tc26_gost_3410_2012_256_paramSetA "GOST R 34.10-2012 (256 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_256_paramSetA 1148 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetA OBJ_id_tc26_gost_3410_2012_256_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetB "id-tc26-gost-3410-2012-256-paramSetB" +#define LN_id_tc26_gost_3410_2012_256_paramSetB "GOST R 34.10-2012 (256 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_256_paramSetB 1184 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetB OBJ_id_tc26_gost_3410_2012_256_constants,2L + +#define SN_id_tc26_gost_3410_2012_256_paramSetC "id-tc26-gost-3410-2012-256-paramSetC" +#define LN_id_tc26_gost_3410_2012_256_paramSetC "GOST R 34.10-2012 (256 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_256_paramSetC 1185 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetC OBJ_id_tc26_gost_3410_2012_256_constants,3L + +#define SN_id_tc26_gost_3410_2012_256_paramSetD "id-tc26-gost-3410-2012-256-paramSetD" +#define LN_id_tc26_gost_3410_2012_256_paramSetD "GOST R 34.10-2012 (256 bit) ParamSet D" +#define NID_id_tc26_gost_3410_2012_256_paramSetD 1186 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetD OBJ_id_tc26_gost_3410_2012_256_constants,4L + +#define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants" +#define NID_id_tc26_gost_3410_2012_512_constants 996 +#define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetTest "id-tc26-gost-3410-2012-512-paramSetTest" +#define LN_id_tc26_gost_3410_2012_512_paramSetTest "GOST R 34.10-2012 (512 bit) testing parameter set" +#define NID_id_tc26_gost_3410_2012_512_paramSetTest 997 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest OBJ_id_tc26_gost_3410_2012_512_constants,0L + +#define SN_id_tc26_gost_3410_2012_512_paramSetA "id-tc26-gost-3410-2012-512-paramSetA" +#define LN_id_tc26_gost_3410_2012_512_paramSetA "GOST R 34.10-2012 (512 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_512_paramSetA 998 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetA OBJ_id_tc26_gost_3410_2012_512_constants,1L + +#define SN_id_tc26_gost_3410_2012_512_paramSetB "id-tc26-gost-3410-2012-512-paramSetB" +#define LN_id_tc26_gost_3410_2012_512_paramSetB "GOST R 34.10-2012 (512 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_512_paramSetB 999 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetB OBJ_id_tc26_gost_3410_2012_512_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetC "id-tc26-gost-3410-2012-512-paramSetC" +#define LN_id_tc26_gost_3410_2012_512_paramSetC "GOST R 34.10-2012 (512 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_512_paramSetC 1149 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetC OBJ_id_tc26_gost_3410_2012_512_constants,3L + +#define SN_id_tc26_digest_constants "id-tc26-digest-constants" +#define NID_id_tc26_digest_constants 1000 +#define OBJ_id_tc26_digest_constants OBJ_id_tc26_constants,2L + +#define SN_id_tc26_cipher_constants "id-tc26-cipher-constants" +#define NID_id_tc26_cipher_constants 1001 +#define OBJ_id_tc26_cipher_constants OBJ_id_tc26_constants,5L + +#define SN_id_tc26_gost_28147_constants "id-tc26-gost-28147-constants" +#define NID_id_tc26_gost_28147_constants 1002 +#define OBJ_id_tc26_gost_28147_constants OBJ_id_tc26_cipher_constants,1L + +#define SN_id_tc26_gost_28147_param_Z "id-tc26-gost-28147-param-Z" +#define LN_id_tc26_gost_28147_param_Z "GOST 28147-89 TC26 parameter set" +#define NID_id_tc26_gost_28147_param_Z 1003 +#define OBJ_id_tc26_gost_28147_param_Z OBJ_id_tc26_gost_28147_constants,1L + +#define SN_INN "INN" +#define LN_INN "INN" +#define NID_INN 1004 +#define OBJ_INN OBJ_member_body,643L,3L,131L,1L,1L + +#define SN_OGRN "OGRN" +#define LN_OGRN "OGRN" +#define NID_OGRN 1005 +#define OBJ_OGRN OBJ_member_body,643L,100L,1L + +#define SN_SNILS "SNILS" +#define LN_SNILS "SNILS" +#define NID_SNILS 1006 +#define OBJ_SNILS OBJ_member_body,643L,100L,3L + +#define SN_subjectSignTool "subjectSignTool" +#define LN_subjectSignTool "Signing Tool of Subject" +#define NID_subjectSignTool 1007 +#define OBJ_subjectSignTool OBJ_member_body,643L,100L,111L + +#define SN_issuerSignTool "issuerSignTool" +#define LN_issuerSignTool "Signing Tool of Issuer" +#define NID_issuerSignTool 1008 +#define OBJ_issuerSignTool OBJ_member_body,643L,100L,112L + +#define SN_grasshopper_ecb "grasshopper-ecb" +#define NID_grasshopper_ecb 1012 + +#define SN_grasshopper_ctr "grasshopper-ctr" +#define NID_grasshopper_ctr 1013 + +#define SN_grasshopper_ofb "grasshopper-ofb" +#define NID_grasshopper_ofb 1014 + +#define SN_grasshopper_cbc "grasshopper-cbc" +#define NID_grasshopper_cbc 1015 + +#define SN_grasshopper_cfb "grasshopper-cfb" +#define NID_grasshopper_cfb 1016 + +#define SN_grasshopper_mac "grasshopper-mac" +#define NID_grasshopper_mac 1017 + +#define SN_magma_ecb "magma-ecb" +#define NID_magma_ecb 1187 + +#define SN_magma_ctr "magma-ctr" +#define NID_magma_ctr 1188 + +#define SN_magma_ofb "magma-ofb" +#define NID_magma_ofb 1189 + +#define SN_magma_cbc "magma-cbc" +#define NID_magma_cbc 1190 + +#define SN_magma_cfb "magma-cfb" +#define NID_magma_cfb 1191 + +#define SN_magma_mac "magma-mac" +#define NID_magma_mac 1192 + +#define SN_camellia_128_cbc "CAMELLIA-128-CBC" +#define LN_camellia_128_cbc "camellia-128-cbc" +#define NID_camellia_128_cbc 751 +#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L + +#define SN_camellia_192_cbc "CAMELLIA-192-CBC" +#define LN_camellia_192_cbc "camellia-192-cbc" +#define NID_camellia_192_cbc 752 +#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L + +#define SN_camellia_256_cbc "CAMELLIA-256-CBC" +#define LN_camellia_256_cbc "camellia-256-cbc" +#define NID_camellia_256_cbc 753 +#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L + +#define SN_id_camellia128_wrap "id-camellia128-wrap" +#define NID_id_camellia128_wrap 907 +#define OBJ_id_camellia128_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,2L + +#define SN_id_camellia192_wrap "id-camellia192-wrap" +#define NID_id_camellia192_wrap 908 +#define OBJ_id_camellia192_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,3L + +#define SN_id_camellia256_wrap "id-camellia256-wrap" +#define NID_id_camellia256_wrap 909 +#define OBJ_id_camellia256_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,4L + +#define OBJ_ntt_ds 0L,3L,4401L,5L + +#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L + +#define SN_camellia_128_ecb "CAMELLIA-128-ECB" +#define LN_camellia_128_ecb "camellia-128-ecb" +#define NID_camellia_128_ecb 754 +#define OBJ_camellia_128_ecb OBJ_camellia,1L + +#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" +#define LN_camellia_128_ofb128 "camellia-128-ofb" +#define NID_camellia_128_ofb128 766 +#define OBJ_camellia_128_ofb128 OBJ_camellia,3L + +#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" +#define LN_camellia_128_cfb128 "camellia-128-cfb" +#define NID_camellia_128_cfb128 757 +#define OBJ_camellia_128_cfb128 OBJ_camellia,4L + +#define SN_camellia_128_gcm "CAMELLIA-128-GCM" +#define LN_camellia_128_gcm "camellia-128-gcm" +#define NID_camellia_128_gcm 961 +#define OBJ_camellia_128_gcm OBJ_camellia,6L + +#define SN_camellia_128_ccm "CAMELLIA-128-CCM" +#define LN_camellia_128_ccm "camellia-128-ccm" +#define NID_camellia_128_ccm 962 +#define OBJ_camellia_128_ccm OBJ_camellia,7L + +#define SN_camellia_128_ctr "CAMELLIA-128-CTR" +#define LN_camellia_128_ctr "camellia-128-ctr" +#define NID_camellia_128_ctr 963 +#define OBJ_camellia_128_ctr OBJ_camellia,9L + +#define SN_camellia_128_cmac "CAMELLIA-128-CMAC" +#define LN_camellia_128_cmac "camellia-128-cmac" +#define NID_camellia_128_cmac 964 +#define OBJ_camellia_128_cmac OBJ_camellia,10L + +#define SN_camellia_192_ecb "CAMELLIA-192-ECB" +#define LN_camellia_192_ecb "camellia-192-ecb" +#define NID_camellia_192_ecb 755 +#define OBJ_camellia_192_ecb OBJ_camellia,21L + +#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" +#define LN_camellia_192_ofb128 "camellia-192-ofb" +#define NID_camellia_192_ofb128 767 +#define OBJ_camellia_192_ofb128 OBJ_camellia,23L + +#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" +#define LN_camellia_192_cfb128 "camellia-192-cfb" +#define NID_camellia_192_cfb128 758 +#define OBJ_camellia_192_cfb128 OBJ_camellia,24L + +#define SN_camellia_192_gcm "CAMELLIA-192-GCM" +#define LN_camellia_192_gcm "camellia-192-gcm" +#define NID_camellia_192_gcm 965 +#define OBJ_camellia_192_gcm OBJ_camellia,26L + +#define SN_camellia_192_ccm "CAMELLIA-192-CCM" +#define LN_camellia_192_ccm "camellia-192-ccm" +#define NID_camellia_192_ccm 966 +#define OBJ_camellia_192_ccm OBJ_camellia,27L + +#define SN_camellia_192_ctr "CAMELLIA-192-CTR" +#define LN_camellia_192_ctr "camellia-192-ctr" +#define NID_camellia_192_ctr 967 +#define OBJ_camellia_192_ctr OBJ_camellia,29L + +#define SN_camellia_192_cmac "CAMELLIA-192-CMAC" +#define LN_camellia_192_cmac "camellia-192-cmac" +#define NID_camellia_192_cmac 968 +#define OBJ_camellia_192_cmac OBJ_camellia,30L + +#define SN_camellia_256_ecb "CAMELLIA-256-ECB" +#define LN_camellia_256_ecb "camellia-256-ecb" +#define NID_camellia_256_ecb 756 +#define OBJ_camellia_256_ecb OBJ_camellia,41L + +#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" +#define LN_camellia_256_ofb128 "camellia-256-ofb" +#define NID_camellia_256_ofb128 768 +#define OBJ_camellia_256_ofb128 OBJ_camellia,43L + +#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" +#define LN_camellia_256_cfb128 "camellia-256-cfb" +#define NID_camellia_256_cfb128 759 +#define OBJ_camellia_256_cfb128 OBJ_camellia,44L + +#define SN_camellia_256_gcm "CAMELLIA-256-GCM" +#define LN_camellia_256_gcm "camellia-256-gcm" +#define NID_camellia_256_gcm 969 +#define OBJ_camellia_256_gcm OBJ_camellia,46L + +#define SN_camellia_256_ccm "CAMELLIA-256-CCM" +#define LN_camellia_256_ccm "camellia-256-ccm" +#define NID_camellia_256_ccm 970 +#define OBJ_camellia_256_ccm OBJ_camellia,47L + +#define SN_camellia_256_ctr "CAMELLIA-256-CTR" +#define LN_camellia_256_ctr "camellia-256-ctr" +#define NID_camellia_256_ctr 971 +#define OBJ_camellia_256_ctr OBJ_camellia,49L + +#define SN_camellia_256_cmac "CAMELLIA-256-CMAC" +#define LN_camellia_256_cmac "camellia-256-cmac" +#define NID_camellia_256_cmac 972 +#define OBJ_camellia_256_cmac OBJ_camellia,50L + +#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" +#define LN_camellia_128_cfb1 "camellia-128-cfb1" +#define NID_camellia_128_cfb1 760 + +#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" +#define LN_camellia_192_cfb1 "camellia-192-cfb1" +#define NID_camellia_192_cfb1 761 + +#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" +#define LN_camellia_256_cfb1 "camellia-256-cfb1" +#define NID_camellia_256_cfb1 762 + +#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" +#define LN_camellia_128_cfb8 "camellia-128-cfb8" +#define NID_camellia_128_cfb8 763 + +#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" +#define LN_camellia_192_cfb8 "camellia-192-cfb8" +#define NID_camellia_192_cfb8 764 + +#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" +#define LN_camellia_256_cfb8 "camellia-256-cfb8" +#define NID_camellia_256_cfb8 765 + +#define OBJ_aria 1L,2L,410L,200046L,1L,1L + +#define SN_aria_128_ecb "ARIA-128-ECB" +#define LN_aria_128_ecb "aria-128-ecb" +#define NID_aria_128_ecb 1065 +#define OBJ_aria_128_ecb OBJ_aria,1L + +#define SN_aria_128_cbc "ARIA-128-CBC" +#define LN_aria_128_cbc "aria-128-cbc" +#define NID_aria_128_cbc 1066 +#define OBJ_aria_128_cbc OBJ_aria,2L + +#define SN_aria_128_cfb128 "ARIA-128-CFB" +#define LN_aria_128_cfb128 "aria-128-cfb" +#define NID_aria_128_cfb128 1067 +#define OBJ_aria_128_cfb128 OBJ_aria,3L + +#define SN_aria_128_ofb128 "ARIA-128-OFB" +#define LN_aria_128_ofb128 "aria-128-ofb" +#define NID_aria_128_ofb128 1068 +#define OBJ_aria_128_ofb128 OBJ_aria,4L + +#define SN_aria_128_ctr "ARIA-128-CTR" +#define LN_aria_128_ctr "aria-128-ctr" +#define NID_aria_128_ctr 1069 +#define OBJ_aria_128_ctr OBJ_aria,5L + +#define SN_aria_192_ecb "ARIA-192-ECB" +#define LN_aria_192_ecb "aria-192-ecb" +#define NID_aria_192_ecb 1070 +#define OBJ_aria_192_ecb OBJ_aria,6L + +#define SN_aria_192_cbc "ARIA-192-CBC" +#define LN_aria_192_cbc "aria-192-cbc" +#define NID_aria_192_cbc 1071 +#define OBJ_aria_192_cbc OBJ_aria,7L + +#define SN_aria_192_cfb128 "ARIA-192-CFB" +#define LN_aria_192_cfb128 "aria-192-cfb" +#define NID_aria_192_cfb128 1072 +#define OBJ_aria_192_cfb128 OBJ_aria,8L + +#define SN_aria_192_ofb128 "ARIA-192-OFB" +#define LN_aria_192_ofb128 "aria-192-ofb" +#define NID_aria_192_ofb128 1073 +#define OBJ_aria_192_ofb128 OBJ_aria,9L + +#define SN_aria_192_ctr "ARIA-192-CTR" +#define LN_aria_192_ctr "aria-192-ctr" +#define NID_aria_192_ctr 1074 +#define OBJ_aria_192_ctr OBJ_aria,10L + +#define SN_aria_256_ecb "ARIA-256-ECB" +#define LN_aria_256_ecb "aria-256-ecb" +#define NID_aria_256_ecb 1075 +#define OBJ_aria_256_ecb OBJ_aria,11L + +#define SN_aria_256_cbc "ARIA-256-CBC" +#define LN_aria_256_cbc "aria-256-cbc" +#define NID_aria_256_cbc 1076 +#define OBJ_aria_256_cbc OBJ_aria,12L + +#define SN_aria_256_cfb128 "ARIA-256-CFB" +#define LN_aria_256_cfb128 "aria-256-cfb" +#define NID_aria_256_cfb128 1077 +#define OBJ_aria_256_cfb128 OBJ_aria,13L + +#define SN_aria_256_ofb128 "ARIA-256-OFB" +#define LN_aria_256_ofb128 "aria-256-ofb" +#define NID_aria_256_ofb128 1078 +#define OBJ_aria_256_ofb128 OBJ_aria,14L + +#define SN_aria_256_ctr "ARIA-256-CTR" +#define LN_aria_256_ctr "aria-256-ctr" +#define NID_aria_256_ctr 1079 +#define OBJ_aria_256_ctr OBJ_aria,15L + +#define SN_aria_128_cfb1 "ARIA-128-CFB1" +#define LN_aria_128_cfb1 "aria-128-cfb1" +#define NID_aria_128_cfb1 1080 + +#define SN_aria_192_cfb1 "ARIA-192-CFB1" +#define LN_aria_192_cfb1 "aria-192-cfb1" +#define NID_aria_192_cfb1 1081 + +#define SN_aria_256_cfb1 "ARIA-256-CFB1" +#define LN_aria_256_cfb1 "aria-256-cfb1" +#define NID_aria_256_cfb1 1082 + +#define SN_aria_128_cfb8 "ARIA-128-CFB8" +#define LN_aria_128_cfb8 "aria-128-cfb8" +#define NID_aria_128_cfb8 1083 + +#define SN_aria_192_cfb8 "ARIA-192-CFB8" +#define LN_aria_192_cfb8 "aria-192-cfb8" +#define NID_aria_192_cfb8 1084 + +#define SN_aria_256_cfb8 "ARIA-256-CFB8" +#define LN_aria_256_cfb8 "aria-256-cfb8" +#define NID_aria_256_cfb8 1085 + +#define SN_aria_128_ccm "ARIA-128-CCM" +#define LN_aria_128_ccm "aria-128-ccm" +#define NID_aria_128_ccm 1120 +#define OBJ_aria_128_ccm OBJ_aria,37L + +#define SN_aria_192_ccm "ARIA-192-CCM" +#define LN_aria_192_ccm "aria-192-ccm" +#define NID_aria_192_ccm 1121 +#define OBJ_aria_192_ccm OBJ_aria,38L + +#define SN_aria_256_ccm "ARIA-256-CCM" +#define LN_aria_256_ccm "aria-256-ccm" +#define NID_aria_256_ccm 1122 +#define OBJ_aria_256_ccm OBJ_aria,39L + +#define SN_aria_128_gcm "ARIA-128-GCM" +#define LN_aria_128_gcm "aria-128-gcm" +#define NID_aria_128_gcm 1123 +#define OBJ_aria_128_gcm OBJ_aria,34L + +#define SN_aria_192_gcm "ARIA-192-GCM" +#define LN_aria_192_gcm "aria-192-gcm" +#define NID_aria_192_gcm 1124 +#define OBJ_aria_192_gcm OBJ_aria,35L + +#define SN_aria_256_gcm "ARIA-256-GCM" +#define LN_aria_256_gcm "aria-256-gcm" +#define NID_aria_256_gcm 1125 +#define OBJ_aria_256_gcm OBJ_aria,36L + +#define SN_kisa "KISA" +#define LN_kisa "kisa" +#define NID_kisa 773 +#define OBJ_kisa OBJ_member_body,410L,200004L + +#define SN_seed_ecb "SEED-ECB" +#define LN_seed_ecb "seed-ecb" +#define NID_seed_ecb 776 +#define OBJ_seed_ecb OBJ_kisa,1L,3L + +#define SN_seed_cbc "SEED-CBC" +#define LN_seed_cbc "seed-cbc" +#define NID_seed_cbc 777 +#define OBJ_seed_cbc OBJ_kisa,1L,4L + +#define SN_seed_cfb128 "SEED-CFB" +#define LN_seed_cfb128 "seed-cfb" +#define NID_seed_cfb128 779 +#define OBJ_seed_cfb128 OBJ_kisa,1L,5L + +#define SN_seed_ofb128 "SEED-OFB" +#define LN_seed_ofb128 "seed-ofb" +#define NID_seed_ofb128 778 +#define OBJ_seed_ofb128 OBJ_kisa,1L,6L + +#define SN_sm4_ecb "SM4-ECB" +#define LN_sm4_ecb "sm4-ecb" +#define NID_sm4_ecb 1133 +#define OBJ_sm4_ecb OBJ_sm_scheme,104L,1L + +#define SN_sm4_cbc "SM4-CBC" +#define LN_sm4_cbc "sm4-cbc" +#define NID_sm4_cbc 1134 +#define OBJ_sm4_cbc OBJ_sm_scheme,104L,2L + +#define SN_sm4_ofb128 "SM4-OFB" +#define LN_sm4_ofb128 "sm4-ofb" +#define NID_sm4_ofb128 1135 +#define OBJ_sm4_ofb128 OBJ_sm_scheme,104L,3L + +#define SN_sm4_cfb128 "SM4-CFB" +#define LN_sm4_cfb128 "sm4-cfb" +#define NID_sm4_cfb128 1137 +#define OBJ_sm4_cfb128 OBJ_sm_scheme,104L,4L + +#define SN_sm4_cfb1 "SM4-CFB1" +#define LN_sm4_cfb1 "sm4-cfb1" +#define NID_sm4_cfb1 1136 +#define OBJ_sm4_cfb1 OBJ_sm_scheme,104L,5L + +#define SN_sm4_cfb8 "SM4-CFB8" +#define LN_sm4_cfb8 "sm4-cfb8" +#define NID_sm4_cfb8 1138 +#define OBJ_sm4_cfb8 OBJ_sm_scheme,104L,6L + +#define SN_sm4_ctr "SM4-CTR" +#define LN_sm4_ctr "sm4-ctr" +#define NID_sm4_ctr 1139 +#define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L + +#define SN_hmac "HMAC" +#define LN_hmac "hmac" +#define NID_hmac 855 + +#define SN_cmac "CMAC" +#define LN_cmac "cmac" +#define NID_cmac 894 + +#define SN_rc4_hmac_md5 "RC4-HMAC-MD5" +#define LN_rc4_hmac_md5 "rc4-hmac-md5" +#define NID_rc4_hmac_md5 915 + +#define SN_aes_128_cbc_hmac_sha1 "AES-128-CBC-HMAC-SHA1" +#define LN_aes_128_cbc_hmac_sha1 "aes-128-cbc-hmac-sha1" +#define NID_aes_128_cbc_hmac_sha1 916 + +#define SN_aes_192_cbc_hmac_sha1 "AES-192-CBC-HMAC-SHA1" +#define LN_aes_192_cbc_hmac_sha1 "aes-192-cbc-hmac-sha1" +#define NID_aes_192_cbc_hmac_sha1 917 + +#define SN_aes_256_cbc_hmac_sha1 "AES-256-CBC-HMAC-SHA1" +#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" +#define NID_aes_256_cbc_hmac_sha1 918 + +#define SN_aes_128_cbc_hmac_sha256 "AES-128-CBC-HMAC-SHA256" +#define LN_aes_128_cbc_hmac_sha256 "aes-128-cbc-hmac-sha256" +#define NID_aes_128_cbc_hmac_sha256 948 + +#define SN_aes_192_cbc_hmac_sha256 "AES-192-CBC-HMAC-SHA256" +#define LN_aes_192_cbc_hmac_sha256 "aes-192-cbc-hmac-sha256" +#define NID_aes_192_cbc_hmac_sha256 949 + +#define SN_aes_256_cbc_hmac_sha256 "AES-256-CBC-HMAC-SHA256" +#define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" +#define NID_aes_256_cbc_hmac_sha256 950 + +#define SN_chacha20_poly1305 "ChaCha20-Poly1305" +#define LN_chacha20_poly1305 "chacha20-poly1305" +#define NID_chacha20_poly1305 1018 + +#define SN_chacha20 "ChaCha20" +#define LN_chacha20 "chacha20" +#define NID_chacha20 1019 + +#define SN_dhpublicnumber "dhpublicnumber" +#define LN_dhpublicnumber "X9.42 DH" +#define NID_dhpublicnumber 920 +#define OBJ_dhpublicnumber OBJ_ISO_US,10046L,2L,1L + +#define SN_brainpoolP160r1 "brainpoolP160r1" +#define NID_brainpoolP160r1 921 +#define OBJ_brainpoolP160r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,1L + +#define SN_brainpoolP160t1 "brainpoolP160t1" +#define NID_brainpoolP160t1 922 +#define OBJ_brainpoolP160t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,2L + +#define SN_brainpoolP192r1 "brainpoolP192r1" +#define NID_brainpoolP192r1 923 +#define OBJ_brainpoolP192r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,3L + +#define SN_brainpoolP192t1 "brainpoolP192t1" +#define NID_brainpoolP192t1 924 +#define OBJ_brainpoolP192t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,4L + +#define SN_brainpoolP224r1 "brainpoolP224r1" +#define NID_brainpoolP224r1 925 +#define OBJ_brainpoolP224r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,5L + +#define SN_brainpoolP224t1 "brainpoolP224t1" +#define NID_brainpoolP224t1 926 +#define OBJ_brainpoolP224t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,6L + +#define SN_brainpoolP256r1 "brainpoolP256r1" +#define NID_brainpoolP256r1 927 +#define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L + +#define SN_brainpoolP256t1 "brainpoolP256t1" +#define NID_brainpoolP256t1 928 +#define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L + +#define SN_brainpoolP320r1 "brainpoolP320r1" +#define NID_brainpoolP320r1 929 +#define OBJ_brainpoolP320r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,9L + +#define SN_brainpoolP320t1 "brainpoolP320t1" +#define NID_brainpoolP320t1 930 +#define OBJ_brainpoolP320t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,10L + +#define SN_brainpoolP384r1 "brainpoolP384r1" +#define NID_brainpoolP384r1 931 +#define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L + +#define SN_brainpoolP384t1 "brainpoolP384t1" +#define NID_brainpoolP384t1 932 +#define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L + +#define SN_brainpoolP512r1 "brainpoolP512r1" +#define NID_brainpoolP512r1 933 +#define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L + +#define SN_brainpoolP512t1 "brainpoolP512t1" +#define NID_brainpoolP512t1 934 +#define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L + +#define OBJ_x9_63_scheme 1L,3L,133L,16L,840L,63L,0L + +#define OBJ_secg_scheme OBJ_certicom_arc,1L + +#define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme" +#define NID_dhSinglePass_stdDH_sha1kdf_scheme 936 +#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L + +#define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme" +#define NID_dhSinglePass_stdDH_sha224kdf_scheme 937 +#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L + +#define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme" +#define NID_dhSinglePass_stdDH_sha256kdf_scheme 938 +#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L + +#define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme" +#define NID_dhSinglePass_stdDH_sha384kdf_scheme 939 +#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L + +#define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme" +#define NID_dhSinglePass_stdDH_sha512kdf_scheme 940 +#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L + +#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 941 +#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L + +#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 942 +#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L + +#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 943 +#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L + +#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 944 +#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L + +#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 945 +#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L + +#define SN_dh_std_kdf "dh-std-kdf" +#define NID_dh_std_kdf 946 + +#define SN_dh_cofactor_kdf "dh-cofactor-kdf" +#define NID_dh_cofactor_kdf 947 + +#define SN_ct_precert_scts "ct_precert_scts" +#define LN_ct_precert_scts "CT Precertificate SCTs" +#define NID_ct_precert_scts 951 +#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L + +#define SN_ct_precert_poison "ct_precert_poison" +#define LN_ct_precert_poison "CT Precertificate Poison" +#define NID_ct_precert_poison 952 +#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L + +#define SN_ct_precert_signer "ct_precert_signer" +#define LN_ct_precert_signer "CT Precertificate Signer" +#define NID_ct_precert_signer 953 +#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L + +#define SN_ct_cert_scts "ct_cert_scts" +#define LN_ct_cert_scts "CT Certificate SCTs" +#define NID_ct_cert_scts 954 +#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L + +#define SN_jurisdictionLocalityName "jurisdictionL" +#define LN_jurisdictionLocalityName "jurisdictionLocalityName" +#define NID_jurisdictionLocalityName 955 +#define OBJ_jurisdictionLocalityName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L + +#define SN_jurisdictionStateOrProvinceName "jurisdictionST" +#define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" +#define NID_jurisdictionStateOrProvinceName 956 +#define OBJ_jurisdictionStateOrProvinceName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L + +#define SN_jurisdictionCountryName "jurisdictionC" +#define LN_jurisdictionCountryName "jurisdictionCountryName" +#define NID_jurisdictionCountryName 957 +#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L + +#define SN_id_scrypt "id-scrypt" +#define LN_id_scrypt "scrypt" +#define NID_id_scrypt 973 +#define OBJ_id_scrypt 1L,3L,6L,1L,4L,1L,11591L,4L,11L + +#define SN_tls1_prf "TLS1-PRF" +#define LN_tls1_prf "tls1-prf" +#define NID_tls1_prf 1021 + +#define SN_hkdf "HKDF" +#define LN_hkdf "hkdf" +#define NID_hkdf 1036 + +#define SN_id_pkinit "id-pkinit" +#define NID_id_pkinit 1031 +#define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L + +#define SN_pkInitClientAuth "pkInitClientAuth" +#define LN_pkInitClientAuth "PKINIT Client Auth" +#define NID_pkInitClientAuth 1032 +#define OBJ_pkInitClientAuth OBJ_id_pkinit,4L + +#define SN_pkInitKDC "pkInitKDC" +#define LN_pkInitKDC "Signing KDC Response" +#define NID_pkInitKDC 1033 +#define OBJ_pkInitKDC OBJ_id_pkinit,5L + +#define SN_X25519 "X25519" +#define NID_X25519 1034 +#define OBJ_X25519 1L,3L,101L,110L + +#define SN_X448 "X448" +#define NID_X448 1035 +#define OBJ_X448 1L,3L,101L,111L + +#define SN_ED25519 "ED25519" +#define NID_ED25519 1087 +#define OBJ_ED25519 1L,3L,101L,112L + +#define SN_ED448 "ED448" +#define NID_ED448 1088 +#define OBJ_ED448 1L,3L,101L,113L + +#define SN_kx_rsa "KxRSA" +#define LN_kx_rsa "kx-rsa" +#define NID_kx_rsa 1037 + +#define SN_kx_ecdhe "KxECDHE" +#define LN_kx_ecdhe "kx-ecdhe" +#define NID_kx_ecdhe 1038 + +#define SN_kx_dhe "KxDHE" +#define LN_kx_dhe "kx-dhe" +#define NID_kx_dhe 1039 + +#define SN_kx_ecdhe_psk "KxECDHE-PSK" +#define LN_kx_ecdhe_psk "kx-ecdhe-psk" +#define NID_kx_ecdhe_psk 1040 + +#define SN_kx_dhe_psk "KxDHE-PSK" +#define LN_kx_dhe_psk "kx-dhe-psk" +#define NID_kx_dhe_psk 1041 + +#define SN_kx_rsa_psk "KxRSA_PSK" +#define LN_kx_rsa_psk "kx-rsa-psk" +#define NID_kx_rsa_psk 1042 + +#define SN_kx_psk "KxPSK" +#define LN_kx_psk "kx-psk" +#define NID_kx_psk 1043 + +#define SN_kx_srp "KxSRP" +#define LN_kx_srp "kx-srp" +#define NID_kx_srp 1044 + +#define SN_kx_gost "KxGOST" +#define LN_kx_gost "kx-gost" +#define NID_kx_gost 1045 + +#define SN_kx_any "KxANY" +#define LN_kx_any "kx-any" +#define NID_kx_any 1063 + +#define SN_auth_rsa "AuthRSA" +#define LN_auth_rsa "auth-rsa" +#define NID_auth_rsa 1046 + +#define SN_auth_ecdsa "AuthECDSA" +#define LN_auth_ecdsa "auth-ecdsa" +#define NID_auth_ecdsa 1047 + +#define SN_auth_psk "AuthPSK" +#define LN_auth_psk "auth-psk" +#define NID_auth_psk 1048 + +#define SN_auth_dss "AuthDSS" +#define LN_auth_dss "auth-dss" +#define NID_auth_dss 1049 + +#define SN_auth_gost01 "AuthGOST01" +#define LN_auth_gost01 "auth-gost01" +#define NID_auth_gost01 1050 + +#define SN_auth_gost12 "AuthGOST12" +#define LN_auth_gost12 "auth-gost12" +#define NID_auth_gost12 1051 + +#define SN_auth_srp "AuthSRP" +#define LN_auth_srp "auth-srp" +#define NID_auth_srp 1052 + +#define SN_auth_null "AuthNULL" +#define LN_auth_null "auth-null" +#define NID_auth_null 1053 + +#define SN_auth_any "AuthANY" +#define LN_auth_any "auth-any" +#define NID_auth_any 1064 + +#define SN_poly1305 "Poly1305" +#define LN_poly1305 "poly1305" +#define NID_poly1305 1061 + +#define SN_siphash "SipHash" +#define LN_siphash "siphash" +#define NID_siphash 1062 + +#define SN_ffdhe2048 "ffdhe2048" +#define NID_ffdhe2048 1126 + +#define SN_ffdhe3072 "ffdhe3072" +#define NID_ffdhe3072 1127 + +#define SN_ffdhe4096 "ffdhe4096" +#define NID_ffdhe4096 1128 + +#define SN_ffdhe6144 "ffdhe6144" +#define NID_ffdhe6144 1129 + +#define SN_ffdhe8192 "ffdhe8192" +#define NID_ffdhe8192 1130 + +#define SN_ISO_UA "ISO-UA" +#define NID_ISO_UA 1150 +#define OBJ_ISO_UA OBJ_member_body,804L + +#define SN_ua_pki "ua-pki" +#define NID_ua_pki 1151 +#define OBJ_ua_pki OBJ_ISO_UA,2L,1L,1L,1L + +#define SN_dstu28147 "dstu28147" +#define LN_dstu28147 "DSTU Gost 28147-2009" +#define NID_dstu28147 1152 +#define OBJ_dstu28147 OBJ_ua_pki,1L,1L,1L + +#define SN_dstu28147_ofb "dstu28147-ofb" +#define LN_dstu28147_ofb "DSTU Gost 28147-2009 OFB mode" +#define NID_dstu28147_ofb 1153 +#define OBJ_dstu28147_ofb OBJ_dstu28147,2L + +#define SN_dstu28147_cfb "dstu28147-cfb" +#define LN_dstu28147_cfb "DSTU Gost 28147-2009 CFB mode" +#define NID_dstu28147_cfb 1154 +#define OBJ_dstu28147_cfb OBJ_dstu28147,3L + +#define SN_dstu28147_wrap "dstu28147-wrap" +#define LN_dstu28147_wrap "DSTU Gost 28147-2009 key wrap" +#define NID_dstu28147_wrap 1155 +#define OBJ_dstu28147_wrap OBJ_dstu28147,5L + +#define SN_hmacWithDstu34311 "hmacWithDstu34311" +#define LN_hmacWithDstu34311 "HMAC DSTU Gost 34311-95" +#define NID_hmacWithDstu34311 1156 +#define OBJ_hmacWithDstu34311 OBJ_ua_pki,1L,1L,2L + +#define SN_dstu34311 "dstu34311" +#define LN_dstu34311 "DSTU Gost 34311-95" +#define NID_dstu34311 1157 +#define OBJ_dstu34311 OBJ_ua_pki,1L,2L,1L + +#define SN_dstu4145le "dstu4145le" +#define LN_dstu4145le "DSTU 4145-2002 little endian" +#define NID_dstu4145le 1158 +#define OBJ_dstu4145le OBJ_ua_pki,1L,3L,1L,1L + +#define SN_dstu4145be "dstu4145be" +#define LN_dstu4145be "DSTU 4145-2002 big endian" +#define NID_dstu4145be 1159 +#define OBJ_dstu4145be OBJ_dstu4145le,1L,1L + +#define SN_uacurve0 "uacurve0" +#define LN_uacurve0 "DSTU curve 0" +#define NID_uacurve0 1160 +#define OBJ_uacurve0 OBJ_dstu4145le,2L,0L + +#define SN_uacurve1 "uacurve1" +#define LN_uacurve1 "DSTU curve 1" +#define NID_uacurve1 1161 +#define OBJ_uacurve1 OBJ_dstu4145le,2L,1L + +#define SN_uacurve2 "uacurve2" +#define LN_uacurve2 "DSTU curve 2" +#define NID_uacurve2 1162 +#define OBJ_uacurve2 OBJ_dstu4145le,2L,2L + +#define SN_uacurve3 "uacurve3" +#define LN_uacurve3 "DSTU curve 3" +#define NID_uacurve3 1163 +#define OBJ_uacurve3 OBJ_dstu4145le,2L,3L + +#define SN_uacurve4 "uacurve4" +#define LN_uacurve4 "DSTU curve 4" +#define NID_uacurve4 1164 +#define OBJ_uacurve4 OBJ_dstu4145le,2L,4L + +#define SN_uacurve5 "uacurve5" +#define LN_uacurve5 "DSTU curve 5" +#define NID_uacurve5 1165 +#define OBJ_uacurve5 OBJ_dstu4145le,2L,5L + +#define SN_uacurve6 "uacurve6" +#define LN_uacurve6 "DSTU curve 6" +#define NID_uacurve6 1166 +#define OBJ_uacurve6 OBJ_dstu4145le,2L,6L + +#define SN_uacurve7 "uacurve7" +#define LN_uacurve7 "DSTU curve 7" +#define NID_uacurve7 1167 +#define OBJ_uacurve7 OBJ_dstu4145le,2L,7L + +#define SN_uacurve8 "uacurve8" +#define LN_uacurve8 "DSTU curve 8" +#define NID_uacurve8 1168 +#define OBJ_uacurve8 OBJ_dstu4145le,2L,8L + +#define SN_uacurve9 "uacurve9" +#define LN_uacurve9 "DSTU curve 9" +#define NID_uacurve9 1169 +#define OBJ_uacurve9 OBJ_dstu4145le,2L,9L diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/objects.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/objects.h new file mode 100644 index 00000000..5e8b5762 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/objects.h @@ -0,0 +1,175 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OBJECTS_H +# define HEADER_OBJECTS_H + +# include +# include +# include +# include + +# define OBJ_NAME_TYPE_UNDEF 0x00 +# define OBJ_NAME_TYPE_MD_METH 0x01 +# define OBJ_NAME_TYPE_CIPHER_METH 0x02 +# define OBJ_NAME_TYPE_PKEY_METH 0x03 +# define OBJ_NAME_TYPE_COMP_METH 0x04 +# define OBJ_NAME_TYPE_NUM 0x05 + +# define OBJ_NAME_ALIAS 0x8000 + +# define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct obj_name_st { + int type; + int alias; + const char *name; + const char *data; +} OBJ_NAME; + +# define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) + +int OBJ_NAME_init(void); +int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), + int (*cmp_func) (const char *, const char *), + void (*free_func) (const char *, int, const char *)); +const char *OBJ_NAME_get(const char *name, int type); +int OBJ_NAME_add(const char *name, int type, const char *data); +int OBJ_NAME_remove(const char *name, int type); +void OBJ_NAME_cleanup(int type); /* -1 for everything */ +void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), + void *arg); +void OBJ_NAME_do_all_sorted(int type, + void (*fn) (const OBJ_NAME *, void *arg), + void *arg); + +ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o); +ASN1_OBJECT *OBJ_nid2obj(int n); +const char *OBJ_nid2ln(int n); +const char *OBJ_nid2sn(int n); +int OBJ_obj2nid(const ASN1_OBJECT *o); +ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); +int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +int OBJ_txt2nid(const char *s); +int OBJ_ln2nid(const char *s); +int OBJ_sn2nid(const char *s); +int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, + int (*cmp) (const void *, const void *)); +const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, + int size, + int (*cmp) (const void *, const void *), + int flags); + +# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ + static int nm##_cmp(type1 const *, type2 const *); \ + scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +/*- + * Unsolved problem: if a type is actually a pointer type, like + * nid_triple is, then its impossible to get a const where you need + * it. Consider: + * + * typedef int nid_triple[3]; + * const void *a_; + * const nid_triple const *a = a_; + * + * The assignment discards a const because what you really want is: + * + * const int const * const *a = a_; + * + * But if you do that, you lose the fact that a is an array of 3 ints, + * which breaks comparison functions. + * + * Thus we end up having to cast, sadly, or unpack the + * declarations. Or, as I finally did in this case, declare nid_triple + * to be a struct, which it should have been in the first place. + * + * Ben, August 2008. + * + * Also, strictly speaking not all types need be const, but handling + * the non-constness means a lot of complication, and in practice + * comparison routines do always not touch their arguments. + */ + +# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define OBJ_bsearch(type1,key,type2,base,num,cmp) \ + ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN))) + +# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ + ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN)),flags) + +int OBJ_new_nid(int num); +int OBJ_add_object(const ASN1_OBJECT *obj); +int OBJ_create(const char *oid, const char *sn, const char *ln); +#if OPENSSL_API_COMPAT < 0x10100000L +# define OBJ_cleanup() while(0) continue +#endif +int OBJ_create_objects(BIO *in); + +size_t OBJ_length(const ASN1_OBJECT *obj); +const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); + +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); +int OBJ_add_sigid(int signid, int dig_id, int pkey_id); +void OBJ_sigid_free(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/objectserr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/objectserr.h new file mode 100644 index 00000000..02e166f1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/objectserr.h @@ -0,0 +1,42 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OBJERR_H +# define HEADER_OBJERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OBJ_strings(void); + +/* + * OBJ function codes. + */ +# define OBJ_F_OBJ_ADD_OBJECT 105 +# define OBJ_F_OBJ_ADD_SIGID 107 +# define OBJ_F_OBJ_CREATE 100 +# define OBJ_F_OBJ_DUP 101 +# define OBJ_F_OBJ_NAME_NEW_INDEX 106 +# define OBJ_F_OBJ_NID2LN 102 +# define OBJ_F_OBJ_NID2OBJ 103 +# define OBJ_F_OBJ_NID2SN 104 +# define OBJ_F_OBJ_TXT2OBJ 108 + +/* + * OBJ reason codes. + */ +# define OBJ_R_OID_EXISTS 102 +# define OBJ_R_UNKNOWN_NID 101 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ocsp.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ocsp.h new file mode 100644 index 00000000..4d759a49 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ocsp.h @@ -0,0 +1,352 @@ +/* + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OCSP_H +# define HEADER_OCSP_H + +#include + +/* + * These definitions are outside the OPENSSL_NO_OCSP guard because although for + * historical reasons they have OCSP_* names, they can actually be used + * independently of OCSP. E.g. see RFC5280 + */ +/*- + * CRLReason ::= ENUMERATED { + * unspecified (0), + * keyCompromise (1), + * cACompromise (2), + * affiliationChanged (3), + * superseded (4), + * cessationOfOperation (5), + * certificateHold (6), + * removeFromCRL (8) } + */ +# define OCSP_REVOKED_STATUS_NOSTATUS -1 +# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +# define OCSP_REVOKED_STATUS_SUPERSEDED 4 +# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 + + +# ifndef OPENSSL_NO_OCSP + +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Various flags and values */ + +# define OCSP_DEFAULT_NONCE_LENGTH 16 + +# define OCSP_NOCERTS 0x1 +# define OCSP_NOINTERN 0x2 +# define OCSP_NOSIGS 0x4 +# define OCSP_NOCHAIN 0x8 +# define OCSP_NOVERIFY 0x10 +# define OCSP_NOEXPLICIT 0x20 +# define OCSP_NOCASIGN 0x40 +# define OCSP_NODELEGATED 0x80 +# define OCSP_NOCHECKS 0x100 +# define OCSP_TRUSTOTHER 0x200 +# define OCSP_RESPID_KEY 0x400 +# define OCSP_NOTIME 0x800 + +typedef struct ocsp_cert_id_st OCSP_CERTID; + +DEFINE_STACK_OF(OCSP_CERTID) + +typedef struct ocsp_one_request_st OCSP_ONEREQ; + +DEFINE_STACK_OF(OCSP_ONEREQ) + +typedef struct ocsp_req_info_st OCSP_REQINFO; +typedef struct ocsp_signature_st OCSP_SIGNATURE; +typedef struct ocsp_request_st OCSP_REQUEST; + +# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +# define OCSP_RESPONSE_STATUS_TRYLATER 3 +# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 + +typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; + +# define V_OCSP_RESPID_NAME 0 +# define V_OCSP_RESPID_KEY 1 + +DEFINE_STACK_OF(OCSP_RESPID) + +typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; + +# define V_OCSP_CERTSTATUS_GOOD 0 +# define V_OCSP_CERTSTATUS_REVOKED 1 +# define V_OCSP_CERTSTATUS_UNKNOWN 2 + +typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; +typedef struct ocsp_single_response_st OCSP_SINGLERESP; + +DEFINE_STACK_OF(OCSP_SINGLERESP) + +typedef struct ocsp_response_data_st OCSP_RESPDATA; + +typedef struct ocsp_basic_response_st OCSP_BASICRESP; + +typedef struct ocsp_crl_id_st OCSP_CRLID; +typedef struct ocsp_service_locator_st OCSP_SERVICELOC; + +# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" +# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" + +# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) + +# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) + +# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \ + bp,(char **)(x),cb,NULL) + +# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio(\ + (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \ + bp,(char **)(x),cb,NULL) + +# define PEM_write_bio_OCSP_REQUEST(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) + +# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) + +# define ASN1_BIT_STRING_digest(data,type,md,len) \ + ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) + +# define OCSP_CERTSTATUS_dup(cs)\ + (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ + (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) + +OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id); + +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, + int maxline); +int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx); +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline); +void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); +int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, + ASN1_VALUE *val); +int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval, + const ASN1_ITEM *it); +BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx); +int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path); +int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); +int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, + const char *name, const char *value); + +OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, + const X509 *issuer); + +OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, + const X509_NAME *issuerName, + const ASN1_BIT_STRING *issuerKey, + const ASN1_INTEGER *serialNumber); + +OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + +int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); + +int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); +int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); + +int OCSP_request_sign(OCSP_REQUEST *req, + X509 *signer, + EVP_PKEY *key, + const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); + +int OCSP_response_status(OCSP_RESPONSE *resp); +OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); + +const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); + +int OCSP_resp_count(OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs); +const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, + const X509_NAME **pname); +int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, + ASN1_OCTET_STRING **pid, + X509_NAME **pname); + +int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, + int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + +int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, + X509_STORE *store, unsigned long flags); + +int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, + int *pssl); + +int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); + +int OCSP_request_onereq_count(OCSP_REQUEST *req); +OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); +int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid); +int OCSP_request_is_signed(OCSP_REQUEST *req); +OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, + OCSP_CERTID *cid, + int status, int reason, + ASN1_TIME *revtime, + ASN1_TIME *thisupd, + ASN1_TIME *nextupd); +int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); +int OCSP_basic_sign(OCSP_BASICRESP *brsp, + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, + X509 *signer, EVP_MD_CTX *ctx, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); + +X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); + +X509_EXTENSION *OCSP_accept_responses_new(char **oids); + +X509_EXTENSION *OCSP_archive_cutoff_new(char *tim); + +X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls); + +int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); +int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); +int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); +X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); +X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); +void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, + int *idx); +int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); + +int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); +int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); +int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos); +int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); +X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); +X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); +void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); +int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); + +int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); +int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); +int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); +X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); +void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, + int *idx); +int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); + +int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); +int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); +int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); +X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); +void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, + int *idx); +int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); +const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x); + +DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) +DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES) +DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTID) +DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST) +DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE) +DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) +DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) + +const char *OCSP_response_status_str(long s); +const char *OCSP_cert_status_str(long s); +const char *OCSP_crl_reason_str(long s); + +int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags); +int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); + +int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ocsperr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ocsperr.h new file mode 100644 index 00000000..8dd9e01a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ocsperr.h @@ -0,0 +1,78 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OCSPERR_H +# define HEADER_OCSPERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_OCSP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OCSP_strings(void); + +/* + * OCSP function codes. + */ +# define OCSP_F_D2I_OCSP_NONCE 102 +# define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 +# define OCSP_F_OCSP_BASIC_SIGN 104 +# define OCSP_F_OCSP_BASIC_SIGN_CTX 119 +# define OCSP_F_OCSP_BASIC_VERIFY 105 +# define OCSP_F_OCSP_CERT_ID_NEW 101 +# define OCSP_F_OCSP_CHECK_DELEGATED 106 +# define OCSP_F_OCSP_CHECK_IDS 107 +# define OCSP_F_OCSP_CHECK_ISSUER 108 +# define OCSP_F_OCSP_CHECK_VALIDITY 115 +# define OCSP_F_OCSP_MATCH_ISSUERID 109 +# define OCSP_F_OCSP_PARSE_URL 114 +# define OCSP_F_OCSP_REQUEST_SIGN 110 +# define OCSP_F_OCSP_REQUEST_VERIFY 116 +# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 +# define OCSP_F_PARSE_HTTP_LINE1 118 + +/* + * OCSP reason codes. + */ +# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 +# define OCSP_R_DIGEST_ERR 102 +# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +# define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 +# define OCSP_R_ERROR_PARSING_URL 121 +# define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 +# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 +# define OCSP_R_NOT_BASIC_RESPONSE 104 +# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 +# define OCSP_R_NO_RESPONSE_DATA 108 +# define OCSP_R_NO_REVOKED_TIME 109 +# define OCSP_R_NO_SIGNER_KEY 130 +# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 +# define OCSP_R_REQUEST_NOT_SIGNED 128 +# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 +# define OCSP_R_ROOT_CA_NOT_TRUSTED 112 +# define OCSP_R_SERVER_RESPONSE_ERROR 114 +# define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 +# define OCSP_R_SIGNATURE_FAILURE 117 +# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 +# define OCSP_R_STATUS_EXPIRED 125 +# define OCSP_R_STATUS_NOT_YET_VALID 126 +# define OCSP_R_STATUS_TOO_OLD 127 +# define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 +# define OCSP_R_UNKNOWN_NID 120 +# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 + +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/opensslconf.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/opensslconf.h new file mode 100644 index 00000000..1b0705db --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/opensslconf.h @@ -0,0 +1,195 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/opensslconf.h.in + * + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_ALGORITHM_DEFINES +# error OPENSSL_ALGORITHM_DEFINES no longer supported +#endif + +/* + * OpenSSL was configured with the following options: + */ + +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_RAND_SEED_OS +# define OPENSSL_RAND_SEED_OS +#endif +#ifndef OPENSSL_NO_AFALGENG +# define OPENSSL_NO_AFALGENG +#endif +#ifndef OPENSSL_NO_ASAN +# define OPENSSL_NO_ASAN +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_NO_CRYPTO_MDEBUG +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +#endif +#ifndef OPENSSL_NO_DEVCRYPTOENG +# define OPENSSL_NO_DEVCRYPTOENG +#endif +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +#endif +#ifndef OPENSSL_NO_EGD +# define OPENSSL_NO_EGD +#endif +#ifndef OPENSSL_NO_EXTERNAL_TESTS +# define OPENSSL_NO_EXTERNAL_TESTS +#endif +#ifndef OPENSSL_NO_FUZZ_AFL +# define OPENSSL_NO_FUZZ_AFL +#endif +#ifndef OPENSSL_NO_FUZZ_LIBFUZZER +# define OPENSSL_NO_FUZZ_LIBFUZZER +#endif +#ifndef OPENSSL_NO_HEARTBEATS +# define OPENSSL_NO_HEARTBEATS +#endif +#ifndef OPENSSL_NO_MSAN +# define OPENSSL_NO_MSAN +#endif +#ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +#endif +#ifndef OPENSSL_NO_SSL_TRACE +# define OPENSSL_NO_SSL_TRACE +#endif +#ifndef OPENSSL_NO_SSL3 +# define OPENSSL_NO_SSL3 +#endif +#ifndef OPENSSL_NO_SSL3_METHOD +# define OPENSSL_NO_SSL3_METHOD +#endif +#ifndef OPENSSL_NO_UBSAN +# define OPENSSL_NO_UBSAN +#endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +# define OPENSSL_NO_WEAK_SSL_CIPHERS +#endif +#ifndef OPENSSL_NO_STATIC_ENGINE +# define OPENSSL_NO_STATIC_ENGINE +#endif + + +/* + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers + * don't like that. This will hopefully silence them. + */ +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; + +/* + * Applications should use -DOPENSSL_API_COMPAT= to suppress the + * declarations of functions deprecated in or before . Otherwise, they + * still won't see them if the library has been built to disable deprecated + * functions. + */ +#ifndef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +#endif + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif +#endif + +#ifndef OPENSSL_MIN_API +# define OPENSSL_MIN_API 0 +#endif + +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API +# undef OPENSSL_API_COMPAT +# define OPENSSL_API_COMPAT OPENSSL_MIN_API +#endif + +/* + * Do not deprecate things to be deprecated in version 1.2.0 before the + * OpenSSL version number matches. + */ +#if OPENSSL_VERSION_NUMBER < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) f; +#elif OPENSSL_API_COMPAT < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_2_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10100000L +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_1_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10000000L +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_0_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x00908000L +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_0_9_8(f) +#endif + +/* Generate 80386 code? */ +#undef I386_ONLY + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* + * The following are cipher-specific, but are part of the public API. + */ +#if !defined(OPENSSL_SYS_UEFI) +# undef BN_LLONG +/* Only one for the following should be defined */ +# define SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT +#endif + +#define RC4_INT unsigned char + +#ifdef __cplusplus +} +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/opensslv.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/opensslv.h new file mode 100644 index 00000000..17d271f5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/opensslv.h @@ -0,0 +1,101 @@ +/* + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OPENSSLV_H +# define HEADER_OPENSSLV_H + +#ifdef __cplusplus +extern "C" { +#endif + +/*- + * Numeric release version identifier: + * MNNFFPPS: major minor fix patch status + * The status nibble has one of the values 0 for development, 1 to e for betas + * 1 to 14, and f for release. The patch level is exactly that. + * For example: + * 0.9.3-dev 0x00903000 + * 0.9.3-beta1 0x00903001 + * 0.9.3-beta2-dev 0x00903002 + * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) + * 0.9.3 0x0090300f + * 0.9.3a 0x0090301f + * 0.9.4 0x0090400f + * 1.2.3z 0x102031af + * + * For continuity reasons (because 0.9.5 is already out, and is coded + * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level + * part is slightly different, by setting the highest bit. This means + * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start + * with 0x0090600S... + * + * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.) + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +# define OPENSSL_VERSION_NUMBER 0x1010107fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1g 21 Apr 2020" + +/*- + * The macros below are to be used for shared library (.so, .dll, ...) + * versioning. That kind of versioning works a bit differently between + * operating systems. The most usual scheme is to set a major and a minor + * number, and have the runtime loader check that the major number is equal + * to what it was at application link time, while the minor number has to + * be greater or equal to what it was at application link time. With this + * scheme, the version number is usually part of the file name, like this: + * + * libcrypto.so.0.9 + * + * Some unixen also make a softlink with the major version number only: + * + * libcrypto.so.0 + * + * On Tru64 and IRIX 6.x it works a little bit differently. There, the + * shared library version is stored in the file, and is actually a series + * of versions, separated by colons. The rightmost version present in the + * library when linking an application is stored in the application to be + * matched at run time. When the application is run, a check is done to + * see if the library version stored in the application matches any of the + * versions in the version string of the library itself. + * This version string can be constructed in any way, depending on what + * kind of matching is desired. However, to implement the same scheme as + * the one used in the other unixen, all compatible versions, from lowest + * to highest, should be part of the string. Consecutive builds would + * give the following versions strings: + * + * 3.0 + * 3.0:3.1 + * 3.0:3.1:3.2 + * 4.0 + * 4.0:4.1 + * + * Notice how version 4 is completely incompatible with version, and + * therefore give the breach you can see. + * + * There may be other schemes as well that I haven't yet discovered. + * + * So, here's the way it works here: first of all, the library version + * number doesn't need at all to match the overall OpenSSL version. + * However, it's nice and more understandable if it actually does. + * The current library version is stored in the macro SHLIB_VERSION_NUMBER, + * which is just a piece of text in the format "M.m.e" (Major, minor, edit). + * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways, + * we need to keep a history of version numbers, which is done in the + * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and + * should only keep the versions that are binary compatible with the current. + */ +# define SHLIB_VERSION_HISTORY "" +# define SHLIB_VERSION_NUMBER "1.1" + + +#ifdef __cplusplus +} +#endif +#endif /* HEADER_OPENSSLV_H */ diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ossl_typ.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ossl_typ.h new file mode 100644 index 00000000..e0edfaaf --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ossl_typ.h @@ -0,0 +1,197 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OPENSSL_TYPES_H +# define HEADER_OPENSSL_TYPES_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +# include + +# ifdef NO_ASN1_TYPEDEFS +# define ASN1_INTEGER ASN1_STRING +# define ASN1_ENUMERATED ASN1_STRING +# define ASN1_BIT_STRING ASN1_STRING +# define ASN1_OCTET_STRING ASN1_STRING +# define ASN1_PRINTABLESTRING ASN1_STRING +# define ASN1_T61STRING ASN1_STRING +# define ASN1_IA5STRING ASN1_STRING +# define ASN1_UTCTIME ASN1_STRING +# define ASN1_GENERALIZEDTIME ASN1_STRING +# define ASN1_TIME ASN1_STRING +# define ASN1_GENERALSTRING ASN1_STRING +# define ASN1_UNIVERSALSTRING ASN1_STRING +# define ASN1_BMPSTRING ASN1_STRING +# define ASN1_VISIBLESTRING ASN1_STRING +# define ASN1_UTF8STRING ASN1_STRING +# define ASN1_BOOLEAN int +# define ASN1_NULL int +# else +typedef struct asn1_string_st ASN1_INTEGER; +typedef struct asn1_string_st ASN1_ENUMERATED; +typedef struct asn1_string_st ASN1_BIT_STRING; +typedef struct asn1_string_st ASN1_OCTET_STRING; +typedef struct asn1_string_st ASN1_PRINTABLESTRING; +typedef struct asn1_string_st ASN1_T61STRING; +typedef struct asn1_string_st ASN1_IA5STRING; +typedef struct asn1_string_st ASN1_GENERALSTRING; +typedef struct asn1_string_st ASN1_UNIVERSALSTRING; +typedef struct asn1_string_st ASN1_BMPSTRING; +typedef struct asn1_string_st ASN1_UTCTIME; +typedef struct asn1_string_st ASN1_TIME; +typedef struct asn1_string_st ASN1_GENERALIZEDTIME; +typedef struct asn1_string_st ASN1_VISIBLESTRING; +typedef struct asn1_string_st ASN1_UTF8STRING; +typedef struct asn1_string_st ASN1_STRING; +typedef int ASN1_BOOLEAN; +typedef int ASN1_NULL; +# endif + +typedef struct asn1_object_st ASN1_OBJECT; + +typedef struct ASN1_ITEM_st ASN1_ITEM; +typedef struct asn1_pctx_st ASN1_PCTX; +typedef struct asn1_sctx_st ASN1_SCTX; + +# ifdef _WIN32 +# undef X509_NAME +# undef X509_EXTENSIONS +# undef PKCS7_ISSUER_AND_SERIAL +# undef PKCS7_SIGNER_INFO +# undef OCSP_REQUEST +# undef OCSP_RESPONSE +# endif + +# ifdef BIGNUM +# undef BIGNUM +# endif +struct dane_st; +typedef struct bio_st BIO; +typedef struct bignum_st BIGNUM; +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; + +typedef struct buf_mem_st BUF_MEM; + +typedef struct evp_cipher_st EVP_CIPHER; +typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; +typedef struct evp_md_st EVP_MD; +typedef struct evp_md_ctx_st EVP_MD_CTX; +typedef struct evp_pkey_st EVP_PKEY; + +typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + +typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + +typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; + +typedef struct hmac_ctx_st HMAC_CTX; + +typedef struct dh_st DH; +typedef struct dh_method DH_METHOD; + +typedef struct dsa_st DSA; +typedef struct dsa_method DSA_METHOD; + +typedef struct rsa_st RSA; +typedef struct rsa_meth_st RSA_METHOD; +typedef struct rsa_pss_params_st RSA_PSS_PARAMS; + +typedef struct ec_key_st EC_KEY; +typedef struct ec_key_method_st EC_KEY_METHOD; + +typedef struct rand_meth_st RAND_METHOD; +typedef struct rand_drbg_st RAND_DRBG; + +typedef struct ssl_dane_st SSL_DANE; +typedef struct x509_st X509; +typedef struct X509_algor_st X509_ALGOR; +typedef struct X509_crl_st X509_CRL; +typedef struct x509_crl_method_st X509_CRL_METHOD; +typedef struct x509_revoked_st X509_REVOKED; +typedef struct X509_name_st X509_NAME; +typedef struct X509_pubkey_st X509_PUBKEY; +typedef struct x509_store_st X509_STORE; +typedef struct x509_store_ctx_st X509_STORE_CTX; + +typedef struct x509_object_st X509_OBJECT; +typedef struct x509_lookup_st X509_LOOKUP; +typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; +typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; + +typedef struct x509_sig_info_st X509_SIG_INFO; + +typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; + +typedef struct v3_ext_ctx X509V3_CTX; +typedef struct conf_st CONF; +typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS; + +typedef struct ui_st UI; +typedef struct ui_method_st UI_METHOD; + +typedef struct engine_st ENGINE; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; + +typedef struct comp_ctx_st COMP_CTX; +typedef struct comp_method_st COMP_METHOD; + +typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; +typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; +typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; +typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; + +typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; +typedef struct DIST_POINT_st DIST_POINT; +typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; +typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; + +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; + +typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; +typedef struct ocsp_response_st OCSP_RESPONSE; +typedef struct ocsp_responder_id_st OCSP_RESPID; + +typedef struct sct_st SCT; +typedef struct sct_ctx_st SCT_CTX; +typedef struct ctlog_st CTLOG; +typedef struct ctlog_store_st CTLOG_STORE; +typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; + +typedef struct ossl_store_info_st OSSL_STORE_INFO; +typedef struct ossl_store_search_st OSSL_STORE_SEARCH; + +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ + defined(INTMAX_MAX) && defined(UINTMAX_MAX) +typedef intmax_t ossl_intmax_t; +typedef uintmax_t ossl_uintmax_t; +#else +/* + * Not long long, because the C-library can only be expected to provide + * strtoll(), strtoull() at the same time as intmax_t and strtoimax(), + * strtoumax(). Since we use these for parsing arguments, we need the + * conversion functions, not just the sizes. + */ +typedef long ossl_intmax_t; +typedef unsigned long ossl_uintmax_t; +#endif + +#ifdef __cplusplus +} +#endif +#endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pem.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pem.h new file mode 100644 index 00000000..2ef5b5d0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pem.h @@ -0,0 +1,378 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEM_H +# define HEADER_PEM_H + +# include +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PEM_BUFSIZE 1024 + +# define PEM_STRING_X509_OLD "X509 CERTIFICATE" +# define PEM_STRING_X509 "CERTIFICATE" +# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" +# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +# define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +# define PEM_STRING_X509_CRL "X509 CRL" +# define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" +# define PEM_STRING_PUBLIC "PUBLIC KEY" +# define PEM_STRING_RSA "RSA PRIVATE KEY" +# define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +# define PEM_STRING_DSA "DSA PRIVATE KEY" +# define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" +# define PEM_STRING_PKCS7 "PKCS7" +# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" +# define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" +# define PEM_STRING_PKCS8INF "PRIVATE KEY" +# define PEM_STRING_DHPARAMS "DH PARAMETERS" +# define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS" +# define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +# define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +# define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +# define PEM_STRING_PARAMETERS "PARAMETERS" +# define PEM_STRING_CMS "CMS" + +# define PEM_TYPE_ENCRYPTED 10 +# define PEM_TYPE_MIC_ONLY 20 +# define PEM_TYPE_MIC_CLEAR 30 +# define PEM_TYPE_CLEAR 40 + +/* + * These macros make the PEM_read/PEM_write functions easier to maintain and + * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or + * IMPLEMENT_PEM_rw_cb(...) + */ + +# ifdef OPENSSL_NO_STDIO + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ +# else + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ +type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ +} + +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, const type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +# endif + +# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ +type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ +} + +# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, const type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_read_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb(name, type, str, asn1) + +/* These are the same except they are for the declarations */ + +# if defined(OPENSSL_NO_STDIO) + +# define DECLARE_PEM_read_fp(name, type) /**/ +# define DECLARE_PEM_write_fp(name, type) /**/ +# define DECLARE_PEM_write_fp_const(name, type) /**/ +# define DECLARE_PEM_write_cb_fp(name, type) /**/ +# else + +# define DECLARE_PEM_read_fp(name, type) \ + type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x); + +# define DECLARE_PEM_write_fp_const(name, type) \ + int PEM_write_##name(FILE *fp, const type *x); + +# define DECLARE_PEM_write_cb_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +# endif + +# define DECLARE_PEM_read_bio(name, type) \ + type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x); + +# define DECLARE_PEM_write_bio_const(name, type) \ + int PEM_write_bio_##name(BIO *bp, const type *x); + +# define DECLARE_PEM_write_cb_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write(name, type) \ + DECLARE_PEM_write_bio(name, type) \ + DECLARE_PEM_write_fp(name, type) +# define DECLARE_PEM_write_const(name, type) \ + DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_fp_const(name, type) +# define DECLARE_PEM_write_cb(name, type) \ + DECLARE_PEM_write_cb_bio(name, type) \ + DECLARE_PEM_write_cb_fp(name, type) +# define DECLARE_PEM_read(name, type) \ + DECLARE_PEM_read_bio(name, type) \ + DECLARE_PEM_read_fp(name, type) +# define DECLARE_PEM_rw(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write(name, type) +# define DECLARE_PEM_rw_const(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_const(name, type) +# define DECLARE_PEM_rw_cb(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_cb(name, type) +typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); + +int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); +int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, + pem_password_cb *callback, void *u); + +int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data, long *len); +# define PEM_FLAG_SECURE 0x1 +# define PEM_FLAG_EAY_COMPATIBLE 0x2 +# define PEM_FLAG_ONLY_B64 0x4 +int PEM_read_bio_ex(BIO *bp, char **name, char **header, + unsigned char **data, long *len, unsigned int flags); +int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +int PEM_write_bio(BIO *bp, const char *name, const char *hdr, + const unsigned char *data, long len); +int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cd, void *u); + +#ifndef OPENSSL_NO_STDIO +int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data, long *len); +int PEM_write(FILE *fp, const char *name, const char *hdr, + const unsigned char *data, long len); +void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + void *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u); +STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +#endif + +int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); +int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey); + +/* The default pem_password_cb that's used internally */ +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata); +void PEM_proc_type(char *buf, int type); +void PEM_dek_info(char *buf, const char *type, int len, char *str); + +# include + +DECLARE_PEM_rw(X509, X509) +DECLARE_PEM_rw(X509_AUX, X509) +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) +DECLARE_PEM_rw(X509_CRL, X509_CRL) +DECLARE_PEM_rw(PKCS7, PKCS7) +DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) +DECLARE_PEM_rw(PKCS8, X509_SIG) +DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) +# ifndef OPENSSL_NO_RSA +DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) +DECLARE_PEM_rw_const(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) +# endif +# ifndef OPENSSL_NO_DSA +DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) +DECLARE_PEM_rw(DSA_PUBKEY, DSA) +DECLARE_PEM_rw_const(DSAparams, DSA) +# endif +# ifndef OPENSSL_NO_EC +DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +# endif +# ifndef OPENSSL_NO_DH +DECLARE_PEM_rw_const(DHparams, DH) +DECLARE_PEM_write_const(DHxparams, DH) +# endif +DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) +DECLARE_PEM_rw(PUBKEY, EVP_PKEY) + +int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, + const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, + char *, int, pem_password_cb *, void *); +int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); + +EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cd, + void *u); +# endif +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); + +# ifndef OPENSSL_NO_DSA +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PrivateKey_bio(BIO *in); +EVP_PKEY *b2i_PublicKey_bio(BIO *in); +int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); +int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); +# ifndef OPENSSL_NO_RC4 +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u); +# endif +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pem2.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pem2.h new file mode 100644 index 00000000..038fe790 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pem2.h @@ -0,0 +1,13 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEM2_H +# define HEADER_PEM2_H +# include +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pemerr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pemerr.h new file mode 100644 index 00000000..0c45918f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pemerr.h @@ -0,0 +1,103 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEMERR_H +# define HEADER_PEMERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PEM_strings(void); + +/* + * PEM function codes. + */ +# define PEM_F_B2I_DSS 127 +# define PEM_F_B2I_PVK_BIO 128 +# define PEM_F_B2I_RSA 129 +# define PEM_F_CHECK_BITLEN_DSA 130 +# define PEM_F_CHECK_BITLEN_RSA 131 +# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 +# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 +# define PEM_F_DO_B2I 132 +# define PEM_F_DO_B2I_BIO 133 +# define PEM_F_DO_BLOB_HEADER 134 +# define PEM_F_DO_I2B 146 +# define PEM_F_DO_PK8PKEY 126 +# define PEM_F_DO_PK8PKEY_FP 125 +# define PEM_F_DO_PVK_BODY 135 +# define PEM_F_DO_PVK_HEADER 136 +# define PEM_F_GET_HEADER_AND_DATA 143 +# define PEM_F_GET_NAME 144 +# define PEM_F_I2B_PVK 137 +# define PEM_F_I2B_PVK_BIO 138 +# define PEM_F_LOAD_IV 101 +# define PEM_F_PEM_ASN1_READ 102 +# define PEM_F_PEM_ASN1_READ_BIO 103 +# define PEM_F_PEM_ASN1_WRITE 104 +# define PEM_F_PEM_ASN1_WRITE_BIO 105 +# define PEM_F_PEM_DEF_CALLBACK 100 +# define PEM_F_PEM_DO_HEADER 106 +# define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +# define PEM_F_PEM_READ 108 +# define PEM_F_PEM_READ_BIO 109 +# define PEM_F_PEM_READ_BIO_DHPARAMS 141 +# define PEM_F_PEM_READ_BIO_EX 145 +# define PEM_F_PEM_READ_BIO_PARAMETERS 140 +# define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 +# define PEM_F_PEM_READ_DHPARAMS 142 +# define PEM_F_PEM_READ_PRIVATEKEY 124 +# define PEM_F_PEM_SIGNFINAL 112 +# define PEM_F_PEM_WRITE 113 +# define PEM_F_PEM_WRITE_BIO 114 +# define PEM_F_PEM_WRITE_PRIVATEKEY 139 +# define PEM_F_PEM_X509_INFO_READ 115 +# define PEM_F_PEM_X509_INFO_READ_BIO 116 +# define PEM_F_PEM_X509_INFO_WRITE_BIO 117 + +/* + * PEM reason codes. + */ +# define PEM_R_BAD_BASE64_DECODE 100 +# define PEM_R_BAD_DECRYPT 101 +# define PEM_R_BAD_END_LINE 102 +# define PEM_R_BAD_IV_CHARS 103 +# define PEM_R_BAD_MAGIC_NUMBER 116 +# define PEM_R_BAD_PASSWORD_READ 104 +# define PEM_R_BAD_VERSION_NUMBER 117 +# define PEM_R_BIO_WRITE_FAILURE 118 +# define PEM_R_CIPHER_IS_NULL 127 +# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +# define PEM_R_HEADER_TOO_LONG 128 +# define PEM_R_INCONSISTENT_HEADER 121 +# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +# define PEM_R_KEYBLOB_TOO_SHORT 123 +# define PEM_R_MISSING_DEK_IV 129 +# define PEM_R_NOT_DEK_INFO 105 +# define PEM_R_NOT_ENCRYPTED 106 +# define PEM_R_NOT_PROC_TYPE 107 +# define PEM_R_NO_START_LINE 108 +# define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +# define PEM_R_PVK_DATA_TOO_SHORT 124 +# define PEM_R_PVK_TOO_SHORT 125 +# define PEM_R_READ_KEY 111 +# define PEM_R_SHORT_HEADER 112 +# define PEM_R_UNEXPECTED_DEK_IV 130 +# define PEM_R_UNSUPPORTED_CIPHER 113 +# define PEM_R_UNSUPPORTED_ENCRYPTION 114 +# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pkcs12.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pkcs12.h new file mode 100644 index 00000000..3f43dad6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pkcs12.h @@ -0,0 +1,223 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS12_H +# define HEADER_PKCS12_H + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PKCS12_KEY_ID 1 +# define PKCS12_IV_ID 2 +# define PKCS12_MAC_ID 3 + +/* Default iteration count */ +# ifndef PKCS12_DEFAULT_ITER +# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER +# endif + +# define PKCS12_MAC_KEY_LENGTH 20 + +# define PKCS12_SALT_LEN 8 + +/* It's not clear if these are actually needed... */ +# define PKCS12_key_gen PKCS12_key_gen_utf8 +# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 + +/* MS key usage constants */ + +# define KEY_EX 0x10 +# define KEY_SIG 0x80 + +typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; + +typedef struct PKCS12_st PKCS12; + +typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; + +DEFINE_STACK_OF(PKCS12_SAFEBAG) + +typedef struct pkcs12_bag_st PKCS12_BAGS; + +# define PKCS12_ERROR 0 +# define PKCS12_OK 1 + +/* Compatibility macros */ + +#if OPENSSL_API_COMPAT < 0x10100000L + +# define M_PKCS12_bag_type PKCS12_bag_type +# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type +# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type + +# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert +# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl +# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid +# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid +# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl +# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf +# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt + +#endif + +DEPRECATEDIN_1_1_0(ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)) + +ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); +int PKCS12_mac_present(const PKCS12 *p12); +void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, + const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, + const ASN1_INTEGER **piter, + const PKCS12 *p12); + +const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, + int attr_nid); +const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); + +X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); +const STACK_OF(PKCS12_SAFEBAG) * +PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); +const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); +const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf); + +PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + int nid1, int nid2); +PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, + int passlen); +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, + const char *pass, int passlen); +X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); +X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); +PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); +PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + int passlen); + +int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); +STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); + +int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, + int namelen); +int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, + const unsigned char *name, int namelen); +int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); +ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, + int attr_nid); +char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +const STACK_OF(X509_ATTRIBUTE) * +PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, + const char *pass, int passlen, + const unsigned char *in, int inlen, + unsigned char **data, int *datalen, + int en_de); +void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, + const ASN1_OCTET_STRING *oct, int zbuf); +ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf); +PKCS12 *PKCS12_init(int mode); +int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md_type, int en_de); +int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen); +int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); +int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); +int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); +unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen); + +DECLARE_ASN1_FUNCTIONS(PKCS12) +DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) +DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) +DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) + +DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) +DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) + +void PKCS12_PBE_add(void); +int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); +PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype); + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, + EVP_PKEY *key, int key_usage, int iter, + int key_nid, const char *pass); +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int safe_nid, int iter, const char *pass); +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); + +int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); +# endif +PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); +# ifndef OPENSSL_NO_STDIO +PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); +# endif +int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pkcs12err.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pkcs12err.h new file mode 100644 index 00000000..eff5eb26 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pkcs12err.h @@ -0,0 +1,81 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS12ERR_H +# define HEADER_PKCS12ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS12_strings(void); + +/* + * PKCS12 function codes. + */ +# define PKCS12_F_OPENSSL_ASC2UNI 121 +# define PKCS12_F_OPENSSL_UNI2ASC 124 +# define PKCS12_F_OPENSSL_UNI2UTF8 127 +# define PKCS12_F_OPENSSL_UTF82UNI 129 +# define PKCS12_F_PKCS12_CREATE 105 +# define PKCS12_F_PKCS12_GEN_MAC 107 +# define PKCS12_F_PKCS12_INIT 109 +# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 +# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 +# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 +# define PKCS12_F_PKCS12_KEY_GEN_ASC 110 +# define PKCS12_F_PKCS12_KEY_GEN_UNI 111 +# define PKCS12_F_PKCS12_KEY_GEN_UTF8 116 +# define PKCS12_F_PKCS12_NEWPASS 128 +# define PKCS12_F_PKCS12_PACK_P7DATA 114 +# define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 +# define PKCS12_F_PKCS12_PARSE 118 +# define PKCS12_F_PKCS12_PBE_CRYPT 119 +# define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 112 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 113 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 133 +# define PKCS12_F_PKCS12_SETUP_MAC 122 +# define PKCS12_F_PKCS12_SET_MAC 123 +# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 +# define PKCS12_F_PKCS12_UNPACK_P7DATA 131 +# define PKCS12_F_PKCS12_VERIFY_MAC 126 +# define PKCS12_F_PKCS8_ENCRYPT 125 +# define PKCS12_F_PKCS8_SET0_PBE 132 + +/* + * PKCS12 reason codes. + */ +# define PKCS12_R_CANT_PACK_STRUCTURE 100 +# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 +# define PKCS12_R_DECODE_ERROR 101 +# define PKCS12_R_ENCODE_ERROR 102 +# define PKCS12_R_ENCRYPT_ERROR 103 +# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 +# define PKCS12_R_INVALID_NULL_ARGUMENT 104 +# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 +# define PKCS12_R_IV_GEN_ERROR 106 +# define PKCS12_R_KEY_GEN_ERROR 107 +# define PKCS12_R_MAC_ABSENT 108 +# define PKCS12_R_MAC_GENERATION_ERROR 109 +# define PKCS12_R_MAC_SETUP_ERROR 110 +# define PKCS12_R_MAC_STRING_SET_ERROR 111 +# define PKCS12_R_MAC_VERIFY_FAILURE 113 +# define PKCS12_R_PARSE_ERROR 114 +# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 +# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 +# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 +# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 +# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pkcs7.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pkcs7.h new file mode 100644 index 00000000..9b66e002 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pkcs7.h @@ -0,0 +1,319 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS7_H +# define HEADER_PKCS7_H + +# include +# include +# include + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- +Encryption_ID DES-CBC +Digest_ID MD5 +Digest_Encryption_ID rsaEncryption +Key_Encryption_ID rsaEncryption +*/ + +typedef struct pkcs7_issuer_and_serial_st { + X509_NAME *issuer; + ASN1_INTEGER *serial; +} PKCS7_ISSUER_AND_SERIAL; + +typedef struct pkcs7_signer_info_st { + ASN1_INTEGER *version; /* version 1 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *digest_alg; + STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ + X509_ALGOR *digest_enc_alg; + ASN1_OCTET_STRING *enc_digest; + STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ + /* The private key to sign with */ + EVP_PKEY *pkey; +} PKCS7_SIGNER_INFO; + +DEFINE_STACK_OF(PKCS7_SIGNER_INFO) + +typedef struct pkcs7_recip_info_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *key_enc_algor; + ASN1_OCTET_STRING *enc_key; + X509 *cert; /* get the pub-key from this */ +} PKCS7_RECIP_INFO; + +DEFINE_STACK_OF(PKCS7_RECIP_INFO) + +typedef struct pkcs7_signed_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + struct pkcs7_st *contents; +} PKCS7_SIGNED; +/* + * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about + * merging the two + */ + +typedef struct pkcs7_enc_content_st { + ASN1_OBJECT *content_type; + X509_ALGOR *algorithm; + ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ + const EVP_CIPHER *cipher; +} PKCS7_ENC_CONTENT; + +typedef struct pkcs7_enveloped_st { + ASN1_INTEGER *version; /* version 0 */ + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENVELOPE; + +typedef struct pkcs7_signedandenveloped_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + PKCS7_ENC_CONTENT *enc_data; + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; +} PKCS7_SIGN_ENVELOPE; + +typedef struct pkcs7_digest_st { + ASN1_INTEGER *version; /* version 0 */ + X509_ALGOR *md; /* md used */ + struct pkcs7_st *contents; + ASN1_OCTET_STRING *digest; +} PKCS7_DIGEST; + +typedef struct pkcs7_encrypted_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENCRYPT; + +typedef struct pkcs7_st { + /* + * The following is non NULL if it contains ASN1 encoding of this + * structure + */ + unsigned char *asn1; + long length; +# define PKCS7_S_HEADER 0 +# define PKCS7_S_BODY 1 +# define PKCS7_S_TAIL 2 + int state; /* used during processing */ + int detached; + ASN1_OBJECT *type; + /* content as defined by the type */ + /* + * all encryption/message digests are applied to the 'contents', leaving + * out the 'type' field. + */ + union { + char *ptr; + /* NID_pkcs7_data */ + ASN1_OCTET_STRING *data; + /* NID_pkcs7_signed */ + PKCS7_SIGNED *sign; + /* NID_pkcs7_enveloped */ + PKCS7_ENVELOPE *enveloped; + /* NID_pkcs7_signedAndEnveloped */ + PKCS7_SIGN_ENVELOPE *signed_and_enveloped; + /* NID_pkcs7_digest */ + PKCS7_DIGEST *digest; + /* NID_pkcs7_encrypted */ + PKCS7_ENCRYPT *encrypted; + /* Anything else */ + ASN1_TYPE *other; + } d; +} PKCS7; + +DEFINE_STACK_OF(PKCS7) + +# define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +# define PKCS7_OP_GET_DETACHED_SIGNATURE 2 + +# define PKCS7_get_signed_attributes(si) ((si)->auth_attr) +# define PKCS7_get_attributes(si) ((si)->unauth_attr) + +# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +# define PKCS7_type_is_signedAndEnveloped(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) +# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + +# define PKCS7_set_detached(p,v) \ + PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) +# define PKCS7_get_detached(p) \ + PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) + +# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) + +/* S/MIME related flags */ + +# define PKCS7_TEXT 0x1 +# define PKCS7_NOCERTS 0x2 +# define PKCS7_NOSIGS 0x4 +# define PKCS7_NOCHAIN 0x8 +# define PKCS7_NOINTERN 0x10 +# define PKCS7_NOVERIFY 0x20 +# define PKCS7_DETACHED 0x40 +# define PKCS7_BINARY 0x80 +# define PKCS7_NOATTR 0x100 +# define PKCS7_NOSMIMECAP 0x200 +# define PKCS7_NOOLDMIMETYPE 0x400 +# define PKCS7_CRLFEOL 0x800 +# define PKCS7_STREAM 0x1000 +# define PKCS7_NOCRL 0x2000 +# define PKCS7_PARTIAL 0x4000 +# define PKCS7_REUSE_DIGEST 0x8000 +# define PKCS7_NO_DUAL_CONTENT 0x10000 + +/* Flags: for compatibility with older code */ + +# define SMIME_TEXT PKCS7_TEXT +# define SMIME_NOCERTS PKCS7_NOCERTS +# define SMIME_NOSIGS PKCS7_NOSIGS +# define SMIME_NOCHAIN PKCS7_NOCHAIN +# define SMIME_NOINTERN PKCS7_NOINTERN +# define SMIME_NOVERIFY PKCS7_NOVERIFY +# define SMIME_DETACHED PKCS7_DETACHED +# define SMIME_BINARY PKCS7_BINARY +# define SMIME_NOATTR PKCS7_NOATTR + +/* CRLF ASCII canonicalisation */ +# define SMIME_ASCIICRLF 0x80000 + +DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) + +int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, + unsigned int *len); +# ifndef OPENSSL_NO_STDIO +PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); +int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); +# endif +PKCS7 *PKCS7_dup(PKCS7 *p7); +PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); +int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7); +int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); +int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); + +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT) +DECLARE_ASN1_FUNCTIONS(PKCS7) + +DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) +DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) + +DECLARE_ASN1_NDEF_FUNCTION(PKCS7) +DECLARE_ASN1_PRINT_FUNCTION(PKCS7) + +long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); + +int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); +int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); +int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst); +int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); +int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); +int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +int PKCS7_content_new(PKCS7 *p7, int nid); +int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + X509 *x509); + +BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); +int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); +BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); + +PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, + EVP_PKEY *pkey, const EVP_MD *dgst); +X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); +STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); + +PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); +void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig); +void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); +int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); +int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); +int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); +int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); + +PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); +ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, + void *data); +int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value); +ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); +ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); +int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); + +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags); + +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, + X509 *signcert, EVP_PKEY *pkey, + const EVP_MD *md, int flags); + +int PKCS7_final(PKCS7 *p7, BIO *data, int flags); +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags); +STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, + int flags); +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int flags); +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, + int flags); + +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, + STACK_OF(X509_ALGOR) *cap); +STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); +int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); + +int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); +int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); +int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + const unsigned char *md, int mdlen); + +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pkcs7err.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pkcs7err.h new file mode 100644 index 00000000..02e0299a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/pkcs7err.h @@ -0,0 +1,103 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS7ERR_H +# define HEADER_PKCS7ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS7_strings(void); + +/* + * PKCS7 function codes. + */ +# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 +# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 +# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 +# define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 +# define PKCS7_F_PKCS7_ADD_CRL 101 +# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 +# define PKCS7_F_PKCS7_ADD_SIGNATURE 131 +# define PKCS7_F_PKCS7_ADD_SIGNER 103 +# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 +# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 +# define PKCS7_F_PKCS7_CTRL 104 +# define PKCS7_F_PKCS7_DATADECODE 112 +# define PKCS7_F_PKCS7_DATAFINAL 128 +# define PKCS7_F_PKCS7_DATAINIT 105 +# define PKCS7_F_PKCS7_DATAVERIFY 107 +# define PKCS7_F_PKCS7_DECRYPT 114 +# define PKCS7_F_PKCS7_DECRYPT_RINFO 133 +# define PKCS7_F_PKCS7_ENCODE_RINFO 132 +# define PKCS7_F_PKCS7_ENCRYPT 115 +# define PKCS7_F_PKCS7_FINAL 134 +# define PKCS7_F_PKCS7_FIND_DIGEST 127 +# define PKCS7_F_PKCS7_GET0_SIGNERS 124 +# define PKCS7_F_PKCS7_RECIP_INFO_SET 130 +# define PKCS7_F_PKCS7_SET_CIPHER 108 +# define PKCS7_F_PKCS7_SET_CONTENT 109 +# define PKCS7_F_PKCS7_SET_DIGEST 126 +# define PKCS7_F_PKCS7_SET_TYPE 110 +# define PKCS7_F_PKCS7_SIGN 116 +# define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 +# define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 +# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 +# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 +# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 +# define PKCS7_F_PKCS7_VERIFY 117 + +/* + * PKCS7 reason codes. + */ +# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 +# define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +# define PKCS7_R_CTRL_ERROR 152 +# define PKCS7_R_DECRYPT_ERROR 119 +# define PKCS7_R_DIGEST_FAILURE 101 +# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 +# define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +# define PKCS7_R_ERROR_SETTING_CIPHER 121 +# define PKCS7_R_INVALID_NULL_POINTER 143 +# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 +# define PKCS7_R_NO_CONTENT 122 +# define PKCS7_R_NO_DEFAULT_DIGEST 151 +# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 +# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +# define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +# define PKCS7_R_NO_SIGNERS 142 +# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 +# define PKCS7_R_PKCS7_DATASIGN 145 +# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 +# define PKCS7_R_SIGNATURE_FAILURE 105 +# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +# define PKCS7_R_SIGNING_CTRL_FAILURE 147 +# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 +# define PKCS7_R_SMIME_TEXT_ERROR 129 +# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 +# define PKCS7_R_UNKNOWN_OPERATION 110 +# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 +# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 +# define PKCS7_R_WRONG_CONTENT_TYPE 113 +# define PKCS7_R_WRONG_PKCS7_TYPE 114 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rand.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rand.h new file mode 100644 index 00000000..38a2a271 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rand.h @@ -0,0 +1,77 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RAND_H +# define HEADER_RAND_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +struct rand_meth_st { + int (*seed) (const void *buf, int num); + int (*bytes) (unsigned char *buf, int num); + void (*cleanup) (void); + int (*add) (const void *buf, int num, double randomness); + int (*pseudorand) (unsigned char *buf, int num); + int (*status) (void); +}; + +int RAND_set_rand_method(const RAND_METHOD *meth); +const RAND_METHOD *RAND_get_rand_method(void); +# ifndef OPENSSL_NO_ENGINE +int RAND_set_rand_engine(ENGINE *engine); +# endif + +RAND_METHOD *RAND_OpenSSL(void); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define RAND_cleanup() while(0) continue +# endif +int RAND_bytes(unsigned char *buf, int num); +int RAND_priv_bytes(unsigned char *buf, int num); +DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) + +void RAND_seed(const void *buf, int num); +void RAND_keep_random_devices_open(int keep); + +# if defined(__ANDROID__) && defined(__NDK_FPABI__) +__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ +# endif +void RAND_add(const void *buf, int num, double randomness); +int RAND_load_file(const char *file, long max_bytes); +int RAND_write_file(const char *file); +const char *RAND_file_name(char *file, size_t num); +int RAND_status(void); + +# ifndef OPENSSL_NO_EGD +int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); +int RAND_egd(const char *path); +int RAND_egd_bytes(const char *path, int bytes); +# endif + +int RAND_poll(void); + +# if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) +/* application has to include in order to use these */ +DEPRECATEDIN_1_1_0(void RAND_screen(void)) +DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) +# endif + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rand_drbg.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rand_drbg.h new file mode 100644 index 00000000..45b731b7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rand_drbg.h @@ -0,0 +1,130 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DRBG_RAND_H +# define HEADER_DRBG_RAND_H + +# include +# include +# include + +/* + * RAND_DRBG flags + * + * Note: if new flags are added, the constant `rand_drbg_used_flags` + * in drbg_lib.c needs to be updated accordingly. + */ + +/* In CTR mode, disable derivation function ctr_df */ +# define RAND_DRBG_FLAG_CTR_NO_DF 0x1 + + +# if OPENSSL_API_COMPAT < 0x10200000L +/* This #define was replaced by an internal constant and should not be used. */ +# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF) +# endif + +/* + * Default security strength (in the sense of [NIST SP 800-90Ar1]) + * + * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that + * of the cipher by collecting less entropy. The current DRBG implementation + * does not take RAND_DRBG_STRENGTH into account and sets the strength of the + * DRBG to that of the cipher. + * + * RAND_DRBG_STRENGTH is currently only used for the legacy RAND + * implementation. + * + * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and + * NID_aes_256_ctr + */ +# define RAND_DRBG_STRENGTH 256 +/* Default drbg type */ +# define RAND_DRBG_TYPE NID_aes_256_ctr +/* Default drbg flags */ +# define RAND_DRBG_FLAGS 0 + + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * Object lifetime functions. + */ +RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent); +RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent); +int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags); +int RAND_DRBG_set_defaults(int type, unsigned int flags); +int RAND_DRBG_instantiate(RAND_DRBG *drbg, + const unsigned char *pers, size_t perslen); +int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); +void RAND_DRBG_free(RAND_DRBG *drbg); + +/* + * Object "use" functions. + */ +int RAND_DRBG_reseed(RAND_DRBG *drbg, + const unsigned char *adin, size_t adinlen, + int prediction_resistance); +int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, + int prediction_resistance, + const unsigned char *adin, size_t adinlen); +int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen); + +int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval); +int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval); + +int RAND_DRBG_set_reseed_defaults( + unsigned int master_reseed_interval, + unsigned int slave_reseed_interval, + time_t master_reseed_time_interval, + time_t slave_reseed_time_interval + ); + +RAND_DRBG *RAND_DRBG_get0_master(void); +RAND_DRBG *RAND_DRBG_get0_public(void); +RAND_DRBG *RAND_DRBG_get0_private(void); + +/* + * EXDATA + */ +# define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef) +int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg); +void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx); + +/* + * Callback function typedefs + */ +typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *drbg, + unsigned char **pout, + int entropy, size_t min_len, + size_t max_len, + int prediction_resistance); +typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx, + unsigned char *out, size_t outlen); +typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *drbg, unsigned char **pout, + int entropy, size_t min_len, + size_t max_len); +typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *drbg, + unsigned char *out, size_t outlen); + +int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, + RAND_DRBG_get_entropy_fn get_entropy, + RAND_DRBG_cleanup_entropy_fn cleanup_entropy, + RAND_DRBG_get_nonce_fn get_nonce, + RAND_DRBG_cleanup_nonce_fn cleanup_nonce); + + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/randerr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/randerr.h new file mode 100644 index 00000000..79d57905 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/randerr.h @@ -0,0 +1,94 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RANDERR_H +# define HEADER_RANDERR_H + +# include + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RAND_strings(void); + +/* + * RAND function codes. + */ +# define RAND_F_DATA_COLLECT_METHOD 127 +# define RAND_F_DRBG_BYTES 101 +# define RAND_F_DRBG_GET_ENTROPY 105 +# define RAND_F_DRBG_SETUP 117 +# define RAND_F_GET_ENTROPY 106 +# define RAND_F_RAND_BYTES 100 +# define RAND_F_RAND_DRBG_ENABLE_LOCKING 119 +# define RAND_F_RAND_DRBG_GENERATE 107 +# define RAND_F_RAND_DRBG_GET_ENTROPY 120 +# define RAND_F_RAND_DRBG_GET_NONCE 123 +# define RAND_F_RAND_DRBG_INSTANTIATE 108 +# define RAND_F_RAND_DRBG_NEW 109 +# define RAND_F_RAND_DRBG_RESEED 110 +# define RAND_F_RAND_DRBG_RESTART 102 +# define RAND_F_RAND_DRBG_SET 104 +# define RAND_F_RAND_DRBG_SET_DEFAULTS 121 +# define RAND_F_RAND_DRBG_UNINSTANTIATE 118 +# define RAND_F_RAND_LOAD_FILE 111 +# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 +# define RAND_F_RAND_POOL_ADD 103 +# define RAND_F_RAND_POOL_ADD_BEGIN 113 +# define RAND_F_RAND_POOL_ADD_END 114 +# define RAND_F_RAND_POOL_ATTACH 124 +# define RAND_F_RAND_POOL_BYTES_NEEDED 115 +# define RAND_F_RAND_POOL_GROW 125 +# define RAND_F_RAND_POOL_NEW 116 +# define RAND_F_RAND_PSEUDO_BYTES 126 +# define RAND_F_RAND_WRITE_FILE 112 + +/* + * RAND reason codes. + */ +# define RAND_R_ADDITIONAL_INPUT_TOO_LONG 102 +# define RAND_R_ALREADY_INSTANTIATED 103 +# define RAND_R_ARGUMENT_OUT_OF_RANGE 105 +# define RAND_R_CANNOT_OPEN_FILE 121 +# define RAND_R_DRBG_ALREADY_INITIALIZED 129 +# define RAND_R_DRBG_NOT_INITIALISED 104 +# define RAND_R_ENTROPY_INPUT_TOO_LONG 106 +# define RAND_R_ENTROPY_OUT_OF_RANGE 124 +# define RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED 127 +# define RAND_R_ERROR_INITIALISING_DRBG 107 +# define RAND_R_ERROR_INSTANTIATING_DRBG 108 +# define RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 109 +# define RAND_R_ERROR_RETRIEVING_ENTROPY 110 +# define RAND_R_ERROR_RETRIEVING_NONCE 111 +# define RAND_R_FAILED_TO_CREATE_LOCK 126 +# define RAND_R_FUNC_NOT_IMPLEMENTED 101 +# define RAND_R_FWRITE_ERROR 123 +# define RAND_R_GENERATE_ERROR 112 +# define RAND_R_INTERNAL_ERROR 113 +# define RAND_R_IN_ERROR_STATE 114 +# define RAND_R_NOT_A_REGULAR_FILE 122 +# define RAND_R_NOT_INSTANTIATED 115 +# define RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED 128 +# define RAND_R_PARENT_LOCKING_NOT_ENABLED 130 +# define RAND_R_PARENT_STRENGTH_TOO_WEAK 131 +# define RAND_R_PERSONALISATION_STRING_TOO_LONG 116 +# define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED 133 +# define RAND_R_PRNG_NOT_SEEDED 100 +# define RAND_R_RANDOM_POOL_OVERFLOW 125 +# define RAND_R_RANDOM_POOL_UNDERFLOW 134 +# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG 117 +# define RAND_R_RESEED_ERROR 118 +# define RAND_R_SELFTEST_FAILURE 119 +# define RAND_R_TOO_LITTLE_NONCE_REQUESTED 135 +# define RAND_R_TOO_MUCH_NONCE_REQUESTED 136 +# define RAND_R_UNSUPPORTED_DRBG_FLAGS 132 +# define RAND_R_UNSUPPORTED_DRBG_TYPE 120 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rc2.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rc2.h new file mode 100644 index 00000000..585f9e4c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rc2.h @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RC2_H +# define HEADER_RC2_H + +# include + +# ifndef OPENSSL_NO_RC2 +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned int RC2_INT; + +# define RC2_ENCRYPT 1 +# define RC2_DECRYPT 0 + +# define RC2_BLOCK 8 +# define RC2_KEY_LENGTH 16 + +typedef struct rc2_key_st { + RC2_INT data[64]; +} RC2_KEY; + +void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); +void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, + RC2_KEY *key, int enc); +void RC2_encrypt(unsigned long *data, RC2_KEY *key); +void RC2_decrypt(unsigned long *data, RC2_KEY *key); +void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + RC2_KEY *ks, unsigned char *iv, int enc); +void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num, int enc); +void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rc4.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rc4.h new file mode 100644 index 00000000..86803b37 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rc4.h @@ -0,0 +1,36 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RC4_H +# define HEADER_RC4_H + +# include + +# ifndef OPENSSL_NO_RC4 +# include +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct rc4_key_st { + RC4_INT x, y; + RC4_INT data[256]; +} RC4_KEY; + +const char *RC4_options(void); +void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rc5.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rc5.h new file mode 100644 index 00000000..793f88e4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rc5.h @@ -0,0 +1,63 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RC5_H +# define HEADER_RC5_H + +# include + +# ifndef OPENSSL_NO_RC5 +# ifdef __cplusplus +extern "C" { +# endif + +# define RC5_ENCRYPT 1 +# define RC5_DECRYPT 0 + +# define RC5_32_INT unsigned int + +# define RC5_32_BLOCK 8 +# define RC5_32_KEY_LENGTH 16/* This is a default, max is 255 */ + +/* + * This are the only values supported. Tweak the code if you want more The + * most supported modes will be RC5-32/12/16 RC5-32/16/8 + */ +# define RC5_8_ROUNDS 8 +# define RC5_12_ROUNDS 12 +# define RC5_16_ROUNDS 16 + +typedef struct rc5_key_st { + /* Number of rounds */ + int rounds; + RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)]; +} RC5_32_KEY; + +void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, + int rounds); +void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, + RC5_32_KEY *key, int enc); +void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key); +void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key); +void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *ks, unsigned char *iv, + int enc); +void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ripemd.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ripemd.h new file mode 100644 index 00000000..c42026aa --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ripemd.h @@ -0,0 +1,47 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RIPEMD_H +# define HEADER_RIPEMD_H + +# include + +#ifndef OPENSSL_NO_RMD160 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define RIPEMD160_LONG unsigned int + +# define RIPEMD160_CBLOCK 64 +# define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) +# define RIPEMD160_DIGEST_LENGTH 20 + +typedef struct RIPEMD160state_st { + RIPEMD160_LONG A, B, C, D, E; + RIPEMD160_LONG Nl, Nh; + RIPEMD160_LONG data[RIPEMD160_LBLOCK]; + unsigned int num; +} RIPEMD160_CTX; + +int RIPEMD160_Init(RIPEMD160_CTX *c); +int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); +int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md); +void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); + +# ifdef __cplusplus +} +# endif +# endif + + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rsa.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rsa.h new file mode 100644 index 00000000..5e76365c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rsa.h @@ -0,0 +1,513 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RSA_H +# define HEADER_RSA_H + +# include + +# ifndef OPENSSL_NO_RSA +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* The types RSA and RSA_METHOD are defined in ossl_typ.h */ + +# ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +# endif + +# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 + +# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +# endif +# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS + +/* exponent limit enforced for "large" modulus only */ +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 +# endif + +# define RSA_3 0x3L +# define RSA_F4 0x10001L + +/* based on RFC 8017 appendix A.1.2 */ +# define RSA_ASN1_VERSION_DEFAULT 0 +# define RSA_ASN1_VERSION_MULTI 1 + +# define RSA_DEFAULT_PRIME_NUM 2 + +# define RSA_METHOD_FLAG_NO_CHECK 0x0001/* don't check pub/private + * match */ + +# define RSA_FLAG_CACHE_PUBLIC 0x0002 +# define RSA_FLAG_CACHE_PRIVATE 0x0004 +# define RSA_FLAG_BLINDING 0x0008 +# define RSA_FLAG_THREAD_SAFE 0x0010 +/* + * This flag means the private key operations will be handled by rsa_mod_exp + * and that they do not depend on the private key components being present: + * for example a key stored in external hardware. Without this flag + * bn_mod_exp gets called when private key components are absent. + */ +# define RSA_FLAG_EXT_PKEY 0x0020 + +/* + * new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ +# define RSA_FLAG_NO_BLINDING 0x0080 +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define RSA_FLAG_NO_CONSTTIME 0x0000 +# endif +# if OPENSSL_API_COMPAT < 0x00908000L +/* deprecated name for the flag*/ +/* + * new with 0.9.7h; the built-in RSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME +# endif + +# define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ + RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_RSA_PADDING, pad, NULL) + +# define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \ + RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) + +# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ + RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) +/* Salt length matches digest */ +# define RSA_PSS_SALTLEN_DIGEST -1 +/* Verify only: auto detect salt length */ +# define RSA_PSS_SALTLEN_AUTO -2 +/* Set salt length to maximum possible */ +# define RSA_PSS_SALTLEN_MAX -3 +/* Old compatible max salt length for sign only */ +# define RSA_PSS_SALTLEN_MAX_SIGN -2 + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \ + RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen) + +# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) + +# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + +# define EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, primes, NULL) + +# define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l)) + +# define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)(l)) + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \ + EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \ + 0, (void *)(md)) + +# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) + +# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) + +# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) + +# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) + +# define RSA_PKCS1_PADDING 1 +# define RSA_SSLV23_PADDING 2 +# define RSA_NO_PADDING 3 +# define RSA_PKCS1_OAEP_PADDING 4 +# define RSA_X931_PADDING 5 +/* EVP_PKEY_ only */ +# define RSA_PKCS1_PSS_PADDING 6 + +# define RSA_PKCS1_PADDING_SIZE 11 + +# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) +# define RSA_get_app_data(s) RSA_get_ex_data(s,0) + +RSA *RSA_new(void); +RSA *RSA_new_method(ENGINE *engine); +int RSA_bits(const RSA *rsa); +int RSA_size(const RSA *rsa); +int RSA_security_bits(const RSA *rsa); + +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], + BIGNUM *coeffs[], int pnum); +void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +int RSA_get_multi_prime_extra_count(const RSA *r); +int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); +void RSA_get0_crt_params(const RSA *r, + const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp); +int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], + const BIGNUM *coeffs[]); +const BIGNUM *RSA_get0_n(const RSA *d); +const BIGNUM *RSA_get0_e(const RSA *d); +const BIGNUM *RSA_get0_d(const RSA *d); +const BIGNUM *RSA_get0_p(const RSA *d); +const BIGNUM *RSA_get0_q(const RSA *d); +const BIGNUM *RSA_get0_dmp1(const RSA *r); +const BIGNUM *RSA_get0_dmq1(const RSA *r); +const BIGNUM *RSA_get0_iqmp(const RSA *r); +const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); +void RSA_clear_flags(RSA *r, int flags); +int RSA_test_flags(const RSA *r, int flags); +void RSA_set_flags(RSA *r, int flags); +int RSA_get_version(RSA *r); +ENGINE *RSA_get0_engine(const RSA *r); + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void + (*callback) (int, int, void *), + void *cb_arg)) + +/* New version */ +int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +/* Multi-prime version */ +int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, + BIGNUM *e, BN_GENCB *cb); + +int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, + BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, + const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb); +int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, + BN_GENCB *cb); + +int RSA_check_key(const RSA *); +int RSA_check_key_ex(const RSA *, BN_GENCB *cb); + /* next 4 return -1 on error */ +int RSA_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +void RSA_free(RSA *r); +/* "up" the RSA object's reference count */ +int RSA_up_ref(RSA *r); + +int RSA_flags(const RSA *r); + +void RSA_set_default_method(const RSA_METHOD *meth); +const RSA_METHOD *RSA_get_default_method(void); +const RSA_METHOD *RSA_null_method(void); +const RSA_METHOD *RSA_get_method(const RSA *rsa); +int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); + +/* these are the actual RSA functions */ +const RSA_METHOD *RSA_PKCS1_OpenSSL(void); + +int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) + +struct rsa_pss_params_st { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; + /* Decoded hash algorithm from maskGenAlgorithm */ + X509_ALGOR *maskHash; +}; + +DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) + +typedef struct rsa_oaep_params_st { + X509_ALGOR *hashFunc; + X509_ALGOR *maskGenFunc; + X509_ALGOR *pSourceFunc; + /* Decoded hash algorithm from maskGenFunc */ + X509_ALGOR *maskHash; +} RSA_OAEP_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) + +# ifndef OPENSSL_NO_STDIO +int RSA_print_fp(FILE *fp, const RSA *r, int offset); +# endif + +int RSA_print(BIO *bp, const RSA *r, int offset); + +/* + * The following 2 functions sign and verify a X509_SIG ASN1 object inside + * PKCS#1 padded RSA encryption + */ +int RSA_sign(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int RSA_verify(int type, const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +/* + * The following 2 function sign and verify a ASN1_OCTET_STRING object inside + * PKCS#1 padded RSA encryption + */ +int RSA_sign_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + RSA *rsa); +int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigbuf, + unsigned int siglen, RSA *rsa); + +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +void RSA_blinding_off(RSA *rsa); +BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); + +int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed, + long seedlen, const EVP_MD *dgst); +int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, + const unsigned char *p, int pl); +int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len, + const unsigned char *p, int pl); +int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, int plen, + const EVP_MD *md, const EVP_MD *mgf1md); +int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + int num, const unsigned char *param, + int plen, const EVP_MD *md, + const EVP_MD *mgf1md); +int RSA_padding_add_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f, + int fl); +int RSA_padding_check_none(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f, + int fl); +int RSA_padding_check_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_X931_hash_id(int nid); + +int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const unsigned char *EM, + int sLen); +int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, const EVP_MD *Hash, + int sLen); + +int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + const unsigned char *EM, int sLen); + +int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + int sLen); + +#define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) +int RSA_set_ex_data(RSA *r, int idx, void *arg); +void *RSA_get_ex_data(const RSA *r, int idx); + +RSA *RSAPublicKey_dup(RSA *rsa); +RSA *RSAPrivateKey_dup(RSA *rsa); + +/* + * If this flag is set the RSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define RSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +/* + * Application has decided PRNG is good enough to generate a key: don't + * check. + */ +# define RSA_FLAG_CHECKED 0x0800 + +RSA_METHOD *RSA_meth_new(const char *name, int flags); +void RSA_meth_free(RSA_METHOD *meth); +RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +const char *RSA_meth_get0_name(const RSA_METHOD *meth); +int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +int RSA_meth_get_flags(const RSA_METHOD *meth); +int RSA_meth_set_flags(RSA_METHOD *meth, int flags); +void *RSA_meth_get0_app_data(const RSA_METHOD *meth); +int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); +int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_pub_enc(RSA_METHOD *rsa, + int (*pub_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_pub_dec(RSA_METHOD *rsa, + int (*pub_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_priv_enc(RSA_METHOD *rsa, + int (*priv_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_priv_dec(RSA_METHOD *rsa, + int (*priv_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) + (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); +int RSA_meth_set_mod_exp(RSA_METHOD *rsa, + int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, + BN_CTX *ctx)); +int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) + (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx)); +int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa); +int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa)); +int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa); +int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa)); +int (*RSA_meth_get_sign(const RSA_METHOD *meth)) + (int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa); +int RSA_meth_set_sign(RSA_METHOD *rsa, + int (*sign) (int type, const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa)); +int (*RSA_meth_get_verify(const RSA_METHOD *meth)) + (int dtype, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); +int RSA_meth_set_verify(RSA_METHOD *rsa, + int (*verify) (int dtype, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa)); +int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +int RSA_meth_set_keygen(RSA_METHOD *rsa, + int (*keygen) (RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb)); +int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); +int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, + int (*keygen) (RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb)); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rsaerr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rsaerr.h new file mode 100644 index 00000000..59b15e13 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/rsaerr.h @@ -0,0 +1,167 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RSAERR_H +# define HEADER_RSAERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RSA_strings(void); + +/* + * RSA function codes. + */ +# define RSA_F_CHECK_PADDING_MD 140 +# define RSA_F_ENCODE_PKCS1 146 +# define RSA_F_INT_RSA_VERIFY 145 +# define RSA_F_OLD_RSA_PRIV_DECODE 147 +# define RSA_F_PKEY_PSS_INIT 165 +# define RSA_F_PKEY_RSA_CTRL 143 +# define RSA_F_PKEY_RSA_CTRL_STR 144 +# define RSA_F_PKEY_RSA_SIGN 142 +# define RSA_F_PKEY_RSA_VERIFY 149 +# define RSA_F_PKEY_RSA_VERIFYRECOVER 141 +# define RSA_F_RSA_ALGOR_TO_MD 156 +# define RSA_F_RSA_BUILTIN_KEYGEN 129 +# define RSA_F_RSA_CHECK_KEY 123 +# define RSA_F_RSA_CHECK_KEY_EX 160 +# define RSA_F_RSA_CMS_DECRYPT 159 +# define RSA_F_RSA_CMS_VERIFY 158 +# define RSA_F_RSA_ITEM_VERIFY 148 +# define RSA_F_RSA_METH_DUP 161 +# define RSA_F_RSA_METH_NEW 162 +# define RSA_F_RSA_METH_SET1_NAME 163 +# define RSA_F_RSA_MGF1_TO_MD 157 +# define RSA_F_RSA_MULTIP_INFO_NEW 166 +# define RSA_F_RSA_NEW_METHOD 106 +# define RSA_F_RSA_NULL 124 +# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 +# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 +# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 +# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 +# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 101 +# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 102 +# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 103 +# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 104 +# define RSA_F_RSA_PADDING_ADD_NONE 107 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 154 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 152 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 +# define RSA_F_RSA_PADDING_ADD_SSLV23 110 +# define RSA_F_RSA_PADDING_ADD_X931 127 +# define RSA_F_RSA_PADDING_CHECK_NONE 111 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 153 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 +# define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +# define RSA_F_RSA_PADDING_CHECK_X931 128 +# define RSA_F_RSA_PARAM_DECODE 164 +# define RSA_F_RSA_PRINT 115 +# define RSA_F_RSA_PRINT_FP 116 +# define RSA_F_RSA_PRIV_DECODE 150 +# define RSA_F_RSA_PRIV_ENCODE 138 +# define RSA_F_RSA_PSS_GET_PARAM 151 +# define RSA_F_RSA_PSS_TO_CTX 155 +# define RSA_F_RSA_PUB_DECODE 139 +# define RSA_F_RSA_SETUP_BLINDING 136 +# define RSA_F_RSA_SIGN 117 +# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 +# define RSA_F_RSA_VERIFY 119 +# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 +# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 126 +# define RSA_F_SETUP_TBUF 167 + +/* + * RSA reason codes. + */ +# define RSA_R_ALGORITHM_MISMATCH 100 +# define RSA_R_BAD_E_VALUE 101 +# define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +# define RSA_R_BAD_PAD_BYTE_COUNT 103 +# define RSA_R_BAD_SIGNATURE 104 +# define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +# define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +# define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +# define RSA_R_DATA_TOO_LARGE 109 +# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 +# define RSA_R_DATA_TOO_SMALL 111 +# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +# define RSA_R_DIGEST_DOES_NOT_MATCH 158 +# define RSA_R_DIGEST_NOT_ALLOWED 145 +# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +# define RSA_R_FIRST_OCTET_INVALID 133 +# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +# define RSA_R_INVALID_DIGEST 157 +# define RSA_R_INVALID_DIGEST_LENGTH 143 +# define RSA_R_INVALID_HEADER 137 +# define RSA_R_INVALID_LABEL 160 +# define RSA_R_INVALID_MESSAGE_LENGTH 131 +# define RSA_R_INVALID_MGF1_MD 156 +# define RSA_R_INVALID_MULTI_PRIME_KEY 167 +# define RSA_R_INVALID_OAEP_PARAMETERS 161 +# define RSA_R_INVALID_PADDING 138 +# define RSA_R_INVALID_PADDING_MODE 141 +# define RSA_R_INVALID_PSS_PARAMETERS 149 +# define RSA_R_INVALID_PSS_SALTLEN 146 +# define RSA_R_INVALID_SALT_LENGTH 150 +# define RSA_R_INVALID_TRAILER 139 +# define RSA_R_INVALID_X931_DIGEST 142 +# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +# define RSA_R_KEY_PRIME_NUM_INVALID 165 +# define RSA_R_KEY_SIZE_TOO_SMALL 120 +# define RSA_R_LAST_OCTET_INVALID 134 +# define RSA_R_MISSING_PRIVATE_KEY 179 +# define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 +# define RSA_R_MODULUS_TOO_LARGE 105 +# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168 +# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 +# define RSA_R_MP_R_NOT_PRIME 170 +# define RSA_R_NO_PUBLIC_EXPONENT 140 +# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172 +# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +# define RSA_R_OAEP_DECODING_ERROR 121 +# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 +# define RSA_R_PADDING_CHECK_FAILED 114 +# define RSA_R_PKCS_DECODING_ERROR 159 +# define RSA_R_PSS_SALTLEN_TOO_SMALL 164 +# define RSA_R_P_NOT_PRIME 128 +# define RSA_R_Q_NOT_PRIME 129 +# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +# define RSA_R_SLEN_CHECK_FAILED 136 +# define RSA_R_SLEN_RECOVERY_FAILED 135 +# define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +# define RSA_R_UNKNOWN_DIGEST 166 +# define RSA_R_UNKNOWN_MASK_DIGEST 151 +# define RSA_R_UNKNOWN_PADDING_TYPE 118 +# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 +# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 +# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 +# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 +# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 +# define RSA_R_VALUE_MISSING 147 +# define RSA_R_WRONG_SIGNATURE_LENGTH 119 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/safestack.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/safestack.h new file mode 100644 index 00000000..38b55789 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/safestack.h @@ -0,0 +1,207 @@ +/* + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SAFESTACK_H +# define HEADER_SAFESTACK_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define STACK_OF(type) struct stack_st_##type + +# define SKM_DEFINE_STACK_OF(t1, t2, t3) \ + STACK_OF(t1); \ + typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ + typedef void (*sk_##t1##_freefunc)(t3 *a); \ + typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ + static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ + { \ + return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \ + { \ + return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_free((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ + { \ + return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ + (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ + { \ + OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ + { \ + return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_sort((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ + sk_##t1##_copyfunc copyfunc, \ + sk_##t1##_freefunc freefunc) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \ + (OPENSSL_sk_copyfunc)copyfunc, \ + (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \ + { \ + return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \ + } + +# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2) +# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) +# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \ + SKM_DEFINE_STACK_OF(t1, const t2, t2) +# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t) + +/*- + * Strings are special: normally an lhash entry will point to a single + * (somewhat) mutable object. In the case of strings: + * + * a) Instead of a single char, there is an array of chars, NUL-terminated. + * b) The string may have be immutable. + * + * So, they need their own declarations. Especially important for + * type-checking tools, such as Deputy. + * + * In practice, however, it appears to be hard to have a const + * string. For now, I'm settling for dealing with the fact it is a + * string at all. + */ +typedef char *OPENSSL_STRING; +typedef const char *OPENSSL_CSTRING; + +/*- + * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned + * above, instead of a single char each entry is a NUL-terminated array of + * chars. So, we have to implement STRING specially for STACK_OF. This is + * dealt with in the autogenerated macros below. + */ +DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char) +DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char) + +/* + * Similarly, we sometimes use a block of characters, NOT nul-terminated. + * These should also be distinguished from "normal" stacks. + */ +typedef void *OPENSSL_BLOCK; +DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) + +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_sk_num +# pragma weak OPENSSL_sk_value +# pragma weak OPENSSL_sk_new +# pragma weak OPENSSL_sk_new_null +# pragma weak OPENSSL_sk_new_reserve +# pragma weak OPENSSL_sk_reserve +# pragma weak OPENSSL_sk_free +# pragma weak OPENSSL_sk_zero +# pragma weak OPENSSL_sk_delete +# pragma weak OPENSSL_sk_delete_ptr +# pragma weak OPENSSL_sk_push +# pragma weak OPENSSL_sk_unshift +# pragma weak OPENSSL_sk_pop +# pragma weak OPENSSL_sk_shift +# pragma weak OPENSSL_sk_pop_free +# pragma weak OPENSSL_sk_insert +# pragma weak OPENSSL_sk_set +# pragma weak OPENSSL_sk_find +# pragma weak OPENSSL_sk_find_ex +# pragma weak OPENSSL_sk_sort +# pragma weak OPENSSL_sk_is_sorted +# pragma weak OPENSSL_sk_dup +# pragma weak OPENSSL_sk_deep_copy +# pragma weak OPENSSL_sk_set_cmp_func +# endif /* __SUNPRO_C */ + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/seed.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/seed.h new file mode 100644 index 00000000..de10b085 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/seed.h @@ -0,0 +1,96 @@ +/* + * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of author nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef HEADER_SEED_H +# define HEADER_SEED_H + +# include + +# ifndef OPENSSL_NO_SEED +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* look whether we need 'long' to get 32 bits */ +# ifdef AES_LONG +# ifndef SEED_LONG +# define SEED_LONG 1 +# endif +# endif + +# include + +# define SEED_BLOCK_SIZE 16 +# define SEED_KEY_LENGTH 16 + +typedef struct seed_key_st { +# ifdef SEED_LONG + unsigned long data[32]; +# else + unsigned int data[32]; +# endif +} SEED_KEY_SCHEDULE; + +void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], + SEED_KEY_SCHEDULE *ks); + +void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); +void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); + +void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, + const SEED_KEY_SCHEDULE *ks, int enc); +void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, + const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int enc); +void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num, + int enc); +void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/sha.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/sha.h new file mode 100644 index 00000000..6a1eb0de --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/sha.h @@ -0,0 +1,119 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SHA_H +# define HEADER_SHA_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! SHA_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define SHA_LONG unsigned int + +# define SHA_LBLOCK 16 +# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ +# define SHA_LAST_BLOCK (SHA_CBLOCK-8) +# define SHA_DIGEST_LENGTH 20 + +typedef struct SHAstate_st { + SHA_LONG h0, h1, h2, h3, h4; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num; +} SHA_CTX; + +int SHA1_Init(SHA_CTX *c); +int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +int SHA1_Final(unsigned char *md, SHA_CTX *c); +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); +void SHA1_Transform(SHA_CTX *c, const unsigned char *data); + +# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ + +typedef struct SHA256state_st { + SHA_LONG h[8]; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num, md_len; +} SHA256_CTX; + +int SHA224_Init(SHA256_CTX *c); +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA224_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); +int SHA256_Init(SHA256_CTX *c); +int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA256_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); +void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); + +# define SHA224_DIGEST_LENGTH 28 +# define SHA256_DIGEST_LENGTH 32 +# define SHA384_DIGEST_LENGTH 48 +# define SHA512_DIGEST_LENGTH 64 + +/* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c + * for further details. + */ +/* + * SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. + */ +# define SHA512_CBLOCK (SHA_LBLOCK*8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define SHA_LONG64 unsigned __int64 +# define U64(C) C##UI64 +# elif defined(__arch64__) +# define SHA_LONG64 unsigned long +# define U64(C) C##UL +# else +# define SHA_LONG64 unsigned long long +# define U64(C) C##ULL +# endif + +typedef struct SHA512state_st { + SHA_LONG64 h[8]; + SHA_LONG64 Nl, Nh; + union { + SHA_LONG64 d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; + unsigned int num, md_len; +} SHA512_CTX; + +int SHA384_Init(SHA512_CTX *c); +int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA384_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); +int SHA512_Init(SHA512_CTX *c); +int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA512_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); +void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/srp.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/srp.h new file mode 100644 index 00000000..aaf13558 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/srp.h @@ -0,0 +1,135 @@ +/* + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2004, EdelKey Project. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Christophe Renou and Peter Sylvester, + * for the EdelKey project. + */ + +#ifndef HEADER_SRP_H +# define HEADER_SRP_H + +#include + +#ifndef OPENSSL_NO_SRP +# include +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct SRP_gN_cache_st { + char *b64_bn; + BIGNUM *bn; +} SRP_gN_cache; + + +DEFINE_STACK_OF(SRP_gN_cache) + +typedef struct SRP_user_pwd_st { + /* Owned by us. */ + char *id; + BIGNUM *s; + BIGNUM *v; + /* Not owned by us. */ + const BIGNUM *g; + const BIGNUM *N; + /* Owned by us. */ + char *info; +} SRP_user_pwd; + +void SRP_user_pwd_free(SRP_user_pwd *user_pwd); + +DEFINE_STACK_OF(SRP_user_pwd) + +typedef struct SRP_VBASE_st { + STACK_OF(SRP_user_pwd) *users_pwd; + STACK_OF(SRP_gN_cache) *gN_cache; +/* to simulate a user */ + char *seed_key; + const BIGNUM *default_g; + const BIGNUM *default_N; +} SRP_VBASE; + +/* + * Internal structure storing N and g pair + */ +typedef struct SRP_gN_st { + char *id; + const BIGNUM *g; + const BIGNUM *N; +} SRP_gN; + +DEFINE_STACK_OF(SRP_gN) + +SRP_VBASE *SRP_VBASE_new(char *seed_key); +void SRP_VBASE_free(SRP_VBASE *vb); +int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); + +/* This method ignores the configured seed and fails for an unknown user. */ +DEPRECATEDIN_1_1_0(SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)) +/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ +SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); + +char *SRP_create_verifier(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g); +int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g); + +# define SRP_NO_ERROR 0 +# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +# define SRP_ERR_VBASE_BN_LIB 2 +# define SRP_ERR_OPEN_FILE 3 +# define SRP_ERR_MEMORY 4 + +# define DB_srptype 0 +# define DB_srpverifier 1 +# define DB_srpsalt 2 +# define DB_srpid 3 +# define DB_srpgN 4 +# define DB_srpinfo 5 +# undef DB_NUMBER +# define DB_NUMBER 6 + +# define DB_SRP_INDEX 'I' +# define DB_SRP_VALID 'V' +# define DB_SRP_REVOKED 'R' +# define DB_SRP_MODIF 'v' + +/* see srp.c */ +char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); +SRP_gN *SRP_get_default_gN(const char *id); + +/* server side .... */ +BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, + const BIGNUM *b, const BIGNUM *N); +BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v); +int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N); +BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); + +/* client side .... */ +BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); +BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); +BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); +int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N); + +# define SRP_MINIMAL_N 1024 + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/srtp.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/srtp.h new file mode 100644 index 00000000..0b57c235 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/srtp.h @@ -0,0 +1,50 @@ +/* + * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * DTLS code by Eric Rescorla + * + * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. + */ + +#ifndef HEADER_D1_SRTP_H +# define HEADER_D1_SRTP_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define SRTP_AES128_CM_SHA1_80 0x0001 +# define SRTP_AES128_CM_SHA1_32 0x0002 +# define SRTP_AES128_F8_SHA1_80 0x0003 +# define SRTP_AES128_F8_SHA1_32 0x0004 +# define SRTP_NULL_SHA1_80 0x0005 +# define SRTP_NULL_SHA1_32 0x0006 + +/* AEAD SRTP protection profiles from RFC 7714 */ +# define SRTP_AEAD_AES_128_GCM 0x0007 +# define SRTP_AEAD_AES_256_GCM 0x0008 + +# ifndef OPENSSL_NO_SRTP + +__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); + +__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ssl.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ssl.h new file mode 100644 index 00000000..6724ccf2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ssl.h @@ -0,0 +1,2438 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL_H +# define HEADER_SSL_H + +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# include +# include +# endif +# include +# include +# include +# include + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* OpenSSL version number for ASN.1 encoding of the session information */ +/*- + * Version 0 - initial version + * Version 1 - added the optional peer certificate + */ +# define SSL_SESSION_ASN1_VERSION 0x0001 + +# define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +# define SSL_MAX_SID_CTX_LENGTH 32 + +# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) +# define SSL_MAX_KEY_ARG_LENGTH 8 +# define SSL_MAX_MASTER_KEY_LENGTH 48 + +/* The maximum number of encrypt/decrypt pipelines we can support */ +# define SSL_MAX_PIPELINES 32 + +/* text strings for the ciphers */ + +/* These are used to specify which ciphers to use and not to use */ + +# define SSL_TXT_LOW "LOW" +# define SSL_TXT_MEDIUM "MEDIUM" +# define SSL_TXT_HIGH "HIGH" +# define SSL_TXT_FIPS "FIPS" + +# define SSL_TXT_aNULL "aNULL" +# define SSL_TXT_eNULL "eNULL" +# define SSL_TXT_NULL "NULL" + +# define SSL_TXT_kRSA "kRSA" +# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ +# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ +# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ +# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ +# define SSL_TXT_kDHE "kDHE" +# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ +# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ +# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ +# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ +# define SSL_TXT_kECDHE "kECDHE" +# define SSL_TXT_kPSK "kPSK" +# define SSL_TXT_kRSAPSK "kRSAPSK" +# define SSL_TXT_kECDHEPSK "kECDHEPSK" +# define SSL_TXT_kDHEPSK "kDHEPSK" +# define SSL_TXT_kGOST "kGOST" +# define SSL_TXT_kSRP "kSRP" + +# define SSL_TXT_aRSA "aRSA" +# define SSL_TXT_aDSS "aDSS" +# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDSA "aECDSA" +# define SSL_TXT_aPSK "aPSK" +# define SSL_TXT_aGOST94 "aGOST94" +# define SSL_TXT_aGOST01 "aGOST01" +# define SSL_TXT_aGOST12 "aGOST12" +# define SSL_TXT_aGOST "aGOST" +# define SSL_TXT_aSRP "aSRP" + +# define SSL_TXT_DSS "DSS" +# define SSL_TXT_DH "DH" +# define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */ +# define SSL_TXT_EDH "EDH"/* alias for DHE */ +# define SSL_TXT_ADH "ADH" +# define SSL_TXT_RSA "RSA" +# define SSL_TXT_ECDH "ECDH" +# define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */ +# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ +# define SSL_TXT_AECDH "AECDH" +# define SSL_TXT_ECDSA "ECDSA" +# define SSL_TXT_PSK "PSK" +# define SSL_TXT_SRP "SRP" + +# define SSL_TXT_DES "DES" +# define SSL_TXT_3DES "3DES" +# define SSL_TXT_RC4 "RC4" +# define SSL_TXT_RC2 "RC2" +# define SSL_TXT_IDEA "IDEA" +# define SSL_TXT_SEED "SEED" +# define SSL_TXT_AES128 "AES128" +# define SSL_TXT_AES256 "AES256" +# define SSL_TXT_AES "AES" +# define SSL_TXT_AES_GCM "AESGCM" +# define SSL_TXT_AES_CCM "AESCCM" +# define SSL_TXT_AES_CCM_8 "AESCCM8" +# define SSL_TXT_CAMELLIA128 "CAMELLIA128" +# define SSL_TXT_CAMELLIA256 "CAMELLIA256" +# define SSL_TXT_CAMELLIA "CAMELLIA" +# define SSL_TXT_CHACHA20 "CHACHA20" +# define SSL_TXT_GOST "GOST89" +# define SSL_TXT_ARIA "ARIA" +# define SSL_TXT_ARIA_GCM "ARIAGCM" +# define SSL_TXT_ARIA128 "ARIA128" +# define SSL_TXT_ARIA256 "ARIA256" + +# define SSL_TXT_MD5 "MD5" +# define SSL_TXT_SHA1 "SHA1" +# define SSL_TXT_SHA "SHA"/* same as "SHA1" */ +# define SSL_TXT_GOST94 "GOST94" +# define SSL_TXT_GOST89MAC "GOST89MAC" +# define SSL_TXT_GOST12 "GOST12" +# define SSL_TXT_GOST89MAC12 "GOST89MAC12" +# define SSL_TXT_SHA256 "SHA256" +# define SSL_TXT_SHA384 "SHA384" + +# define SSL_TXT_SSLV3 "SSLv3" +# define SSL_TXT_TLSV1 "TLSv1" +# define SSL_TXT_TLSV1_1 "TLSv1.1" +# define SSL_TXT_TLSV1_2 "TLSv1.2" + +# define SSL_TXT_ALL "ALL" + +/*- + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) + * ciphers normally not being used. + * Example: "RC4" will activate all ciphers using RC4 including ciphers + * without authentication, which would normally disabled by DEFAULT (due + * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" + * will make sure that it is also disabled in the specific selection. + * COMPLEMENTOF* identifiers are portable between version, as adjustments + * to the default cipher setup will also be included here. + * + * COMPLEMENTOFDEFAULT does not experience the same special treatment that + * DEFAULT gets, as only selection is being done and no sorting as needed + * for DEFAULT. + */ +# define SSL_TXT_CMPALL "COMPLEMENTOFALL" +# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" + +/* + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + * This applies to ciphersuites for TLSv1.2 and below. + */ +# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" +/* This is the default set of TLSv1.3 ciphersuites */ +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_CHACHA20_POLY1305_SHA256:" \ + "TLS_AES_128_GCM_SHA256" +# else +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_AES_128_GCM_SHA256" +#endif +/* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is + * throwing out anonymous and unencrypted ciphersuites! (The latter are not + * actually enabled by ALL, but "ALL:RSA" would enable some of them.) + */ + +/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ +# define SSL_SENT_SHUTDOWN 1 +# define SSL_RECEIVED_SHUTDOWN 2 + +#ifdef __cplusplus +} +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +# define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +/* + * This is needed to stop compilers complaining about the 'struct ssl_st *' + * function parameters used to prototype callbacks in SSL_CTX. + */ +typedef struct ssl_st *ssl_crock_st; +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; +typedef struct ssl_method_st SSL_METHOD; +typedef struct ssl_cipher_st SSL_CIPHER; +typedef struct ssl_session_st SSL_SESSION; +typedef struct tls_sigalgs_st TLS_SIGALGS; +typedef struct ssl_conf_ctx_st SSL_CONF_CTX; +typedef struct ssl_comp_st SSL_COMP; + +STACK_OF(SSL_CIPHER); +STACK_OF(SSL_COMP); + +/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ +typedef struct srtp_protection_profile_st { + const char *name; + unsigned long id; +} SRTP_PROTECTION_PROFILE; + +DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) + +typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, + int len, void *arg); +typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg); + +/* Extension context codes */ +/* This extension is only allowed in TLS */ +#define SSL_EXT_TLS_ONLY 0x0001 +/* This extension is only allowed in DTLS */ +#define SSL_EXT_DTLS_ONLY 0x0002 +/* Some extensions may be allowed in DTLS but we don't implement them for it */ +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 +/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ +#define SSL_EXT_SSL3_ALLOWED 0x0008 +/* Extension is only defined for TLS1.2 and below */ +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 +/* Extension is only defined for TLS1.3 and above */ +#define SSL_EXT_TLS1_3_ONLY 0x0020 +/* Ignore this extension during parsing if we are resuming */ +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 +#define SSL_EXT_CLIENT_HELLO 0x0080 +/* Really means TLS1.2 or below */ +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 + +/* Typedefs for handling custom extensions */ + +typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, + const unsigned char **out, size_t *outlen, + int *al, void *add_arg); + +typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, + const unsigned char *out, void *add_arg); + +typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, + const unsigned char *in, size_t inlen, + int *al, void *parse_arg); + + +typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, + size_t chainidx, + int *al, void *add_arg); + +typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *out, + void *add_arg); + +typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, + size_t chainidx, + int *al, void *parse_arg); + +/* Typedef for verification callback */ +typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); + +/* + * Some values are reserved until OpenSSL 1.2.0 because they were previously + * included in SSL_OP_ALL in a 1.1.x release. + * + * Reserved value (until OpenSSL 1.2.0) 0x00000001U + * Reserved value (until OpenSSL 1.2.0) 0x00000002U + */ +/* Allow initial connection to servers that don't support RI */ +# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U + +/* Reserved value (until OpenSSL 1.2.0) 0x00000008U */ +# define SSL_OP_TLSEXT_PADDING 0x00000010U +/* Reserved value (until OpenSSL 1.2.0) 0x00000020U */ +# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U +/* + * Reserved value (until OpenSSL 1.2.0) 0x00000080U + * Reserved value (until OpenSSL 1.2.0) 0x00000100U + * Reserved value (until OpenSSL 1.2.0) 0x00000200U + */ + +/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ +# define SSL_OP_ALLOW_NO_DHE_KEX 0x00000400U + +/* + * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in + * OpenSSL 0.9.6d. Usually (depending on the application protocol) the + * workaround is not needed. Unfortunately some broken SSL/TLS + * implementations cannot handle it at all, which is why we include it in + * SSL_OP_ALL. Added in 0.9.6e + */ +# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U + +/* DTLS options */ +# define SSL_OP_NO_QUERY_MTU 0x00001000U +/* Turn on Cookie Exchange (on relevant for servers) */ +# define SSL_OP_COOKIE_EXCHANGE 0x00002000U +/* Don't use RFC4507 ticket extension */ +# define SSL_OP_NO_TICKET 0x00004000U +# ifndef OPENSSL_NO_DTLS1_METHOD +/* Use Cisco's "speshul" version of DTLS_BAD_VER + * (only with deprecated DTLSv1_client_method()) */ +# define SSL_OP_CISCO_ANYCONNECT 0x00008000U +# endif + +/* As server, disallow session resumption on renegotiation */ +# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U +/* Don't use compression even if supported */ +# define SSL_OP_NO_COMPRESSION 0x00020000U +/* Permit unsafe legacy renegotiation */ +# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U +/* Disable encrypt-then-mac */ +# define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U + +/* + * Enable TLSv1.3 Compatibility mode. This is on by default. A future version + * of OpenSSL may have this disabled by default. + */ +# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0x00100000U + +/* Prioritize Chacha20Poly1305 when client does. + * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */ +# define SSL_OP_PRIORITIZE_CHACHA 0x00200000U + +/* + * Set on servers to choose the cipher according to the server's preferences + */ +# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U +/* + * If set, a server will allow a client to issue a SSLv3.0 version number as + * latest version supported in the premaster secret, even when TLSv1.0 + * (version 3.1) was announced in the client hello. Normally this is + * forbidden to prevent version rollback attacks. + */ +# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U + +/* + * Switches off automatic TLSv1.3 anti-replay protection for early data. This + * is a server-side option only (no effect on the client). + */ +# define SSL_OP_NO_ANTI_REPLAY 0x01000000U + +# define SSL_OP_NO_SSLv3 0x02000000U +# define SSL_OP_NO_TLSv1 0x04000000U +# define SSL_OP_NO_TLSv1_2 0x08000000U +# define SSL_OP_NO_TLSv1_1 0x10000000U +# define SSL_OP_NO_TLSv1_3 0x20000000U + +# define SSL_OP_NO_DTLSv1 0x04000000U +# define SSL_OP_NO_DTLSv1_2 0x08000000U + +# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ + SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3) +# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) + +/* Disallow all renegotiation */ +# define SSL_OP_NO_RENEGOTIATION 0x40000000U + +/* + * Make server add server-hello extension from early version of cryptopro + * draft, when GOST ciphersuite is negotiated. Required for interoperability + * with CryptoPro CSP 3.x + */ +# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U + +/* + * SSL_OP_ALL: various bug workarounds that should be rather harmless. + * This used to be 0x000FFFFFL before 0.9.7. + * This used to be 0x80000BFFU before 1.1.1. + */ +# define SSL_OP_ALL (SSL_OP_CRYPTOPRO_TLSEXT_BUG|\ + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|\ + SSL_OP_LEGACY_SERVER_CONNECT|\ + SSL_OP_TLSEXT_PADDING|\ + SSL_OP_SAFARI_ECDHE_ECDSA_BUG) + +/* OBSOLETE OPTIONS: retained for compatibility */ + +/* Removed from OpenSSL 1.1.0. Was 0x00000001L */ +/* Related to removed SSLv2. */ +# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000002L */ +/* Related to removed SSLv2. */ +# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 +/* Removed from OpenSSL 0.9.8q and 1.0.0c. Was 0x00000008L */ +/* Dead forever, see CVE-2010-4180 */ +# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 +/* Removed from OpenSSL 1.0.1h and 1.0.2. Was 0x00000010L */ +/* Refers to ancient SSLREF and SSLv2. */ +# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000020 */ +# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 +/* Removed from OpenSSL 0.9.7h and 0.9.8b. Was 0x00000040L */ +# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000080 */ +/* Ancient SSLeay version. */ +# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000100L */ +# define SSL_OP_TLS_D5_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000200L */ +# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00080000L */ +# define SSL_OP_SINGLE_ECDH_USE 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00100000L */ +# define SSL_OP_SINGLE_DH_USE 0x0 +/* Removed from OpenSSL 1.0.1k and 1.0.2. Was 0x00200000L */ +# define SSL_OP_EPHEMERAL_RSA 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x01000000L */ +# define SSL_OP_NO_SSLv2 0x0 +/* Removed from OpenSSL 1.0.1. Was 0x08000000L */ +# define SSL_OP_PKCS1_CHECK_1 0x0 +/* Removed from OpenSSL 1.0.1. Was 0x10000000L */ +# define SSL_OP_PKCS1_CHECK_2 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x20000000L */ +# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x40000000L */ +# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 + +/* + * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + * when just a single record has been written): + */ +# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U +/* + * Make it possible to retry SSL_write() with changed buffer location (buffer + * contents must stay the same!); this is not the default to avoid the + * misconception that non-blocking SSL_write() behaves like non-blocking + * write(): + */ +# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U +/* + * Never bother the application with retries if the transport is blocking: + */ +# define SSL_MODE_AUTO_RETRY 0x00000004U +/* Don't attempt to automatically build certificate chain */ +# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U +/* + * Save RAM by releasing read and write buffers when they're empty. (SSL3 and + * TLS only.) Released buffers are freed. + */ +# define SSL_MODE_RELEASE_BUFFERS 0x00000010U +/* + * Send the current time in the Random fields of the ClientHello and + * ServerHello records for compatibility with hypothetical implementations + * that require it. + */ +# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U +# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U +/* + * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications + * that reconnect with a downgraded protocol version; see + * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your + * application attempts a normal handshake. Only use this in explicit + * fallback retries, following the guidance in + * draft-ietf-tls-downgrade-scsv-00. + */ +# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U +/* + * Support Asynchronous operation + */ +# define SSL_MODE_ASYNC 0x00000100U + +/* + * When using DTLS/SCTP, include the terminating zero in the label + * used for computing the endpoint-pair shared secret. Required for + * interoperability with implementations having this bug like these + * older version of OpenSSL: + * - OpenSSL 1.0.0 series + * - OpenSSL 1.0.1 series + * - OpenSSL 1.0.2 series + * - OpenSSL 1.1.0 series + * - OpenSSL 1.1.1 and 1.1.1a + */ +# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U + +/* Cert related flags */ +/* + * Many implementations ignore some aspects of the TLS standards such as + * enforcing certificate chain algorithms. When this is set we enforce them. + */ +# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U + +/* Suite B modes, takes same values as certificate verify flags */ +# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 + +/* Perform all sorts of protocol violations for testing purposes */ +# define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 + +/* Flags for building certificate chains */ +/* Treat any existing certificates as untrusted CAs */ +# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 +/* Don't include root CA in chain */ +# define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +/* Just check certificates already there */ +# define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 +/* Ignore verification errors */ +# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 +/* Clear verification errors from queue */ +# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 + +/* Flags returned by SSL_check_chain */ +/* Certificate can be used with this session */ +# define CERT_PKEY_VALID 0x1 +/* Certificate can also be used for signing */ +# define CERT_PKEY_SIGN 0x2 +/* EE certificate signing algorithm OK */ +# define CERT_PKEY_EE_SIGNATURE 0x10 +/* CA signature algorithms OK */ +# define CERT_PKEY_CA_SIGNATURE 0x20 +/* EE certificate parameters OK */ +# define CERT_PKEY_EE_PARAM 0x40 +/* CA certificate parameters OK */ +# define CERT_PKEY_CA_PARAM 0x80 +/* Signing explicitly allowed as opposed to SHA1 fallback */ +# define CERT_PKEY_EXPLICIT_SIGN 0x100 +/* Client CA issuer names match (always set for server cert) */ +# define CERT_PKEY_ISSUER_NAME 0x200 +/* Cert type matches client types (always set for server cert) */ +# define CERT_PKEY_CERT_TYPE 0x400 +/* Cert chain suitable to Suite B */ +# define CERT_PKEY_SUITEB 0x800 + +# define SSL_CONF_FLAG_CMDLINE 0x1 +# define SSL_CONF_FLAG_FILE 0x2 +# define SSL_CONF_FLAG_CLIENT 0x4 +# define SSL_CONF_FLAG_SERVER 0x8 +# define SSL_CONF_FLAG_SHOW_ERRORS 0x10 +# define SSL_CONF_FLAG_CERTIFICATE 0x20 +# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 +/* Configuration value types */ +# define SSL_CONF_TYPE_UNKNOWN 0x0 +# define SSL_CONF_TYPE_STRING 0x1 +# define SSL_CONF_TYPE_FILE 0x2 +# define SSL_CONF_TYPE_DIR 0x3 +# define SSL_CONF_TYPE_NONE 0x4 + +/* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */ +# define SSL_COOKIE_LENGTH 4096 + +/* + * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they + * cannot be used to clear bits. + */ + +unsigned long SSL_CTX_get_options(const SSL_CTX *ctx); +unsigned long SSL_get_options(const SSL *s); +unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_clear_options(SSL *s, unsigned long op); +unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_set_options(SSL *s, unsigned long op); + +# define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +# define SSL_CTX_clear_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) +# define SSL_clear_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_set_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +# define SSL_get_mode(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) +# define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) +# define DTLS_set_link_mtu(ssl, mtu) \ + SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) +# define DTLS_get_link_min_mtu(ssl) \ + SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) + +# define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_heartbeat(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL) +# endif + +# define SSL_CTX_set_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_set_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_CTX_clear_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) +# define SSL_clear_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +void SSL_set_msg_callback(SSL *ssl, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + +# define SSL_get_extms_support(s) \ + SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) + +# ifndef OPENSSL_NO_SRP + +/* see tls_srp.c */ +__owur int SSL_SRP_CTX_init(SSL *s); +__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); +int SSL_SRP_CTX_free(SSL *ctx); +int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); +__owur int SSL_srp_server_param_with_username(SSL *s, int *ad); +__owur int SRP_Calc_A_param(SSL *s); + +# endif + +/* 100k max cert list */ +# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 + +# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) + +/* + * This callback type is used inside SSL_CTX, SSL, and in the functions that + * set them. It is used to override the generation of SSL/TLS session IDs in + * a server. Return value should be zero on an error, non-zero to proceed. + * Also, callbacks should themselves check if the id they generate is unique + * otherwise the SSL handshake will fail with an error - callbacks can do + * this using the 'ssl' value they're passed by; + * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in + * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32 + * bytes. The callback can alter this length to be less if desired. It is + * also an error for the callback to set the size to zero. + */ +typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id, + unsigned int *id_len); + +# define SSL_SESS_CACHE_OFF 0x0000 +# define SSL_SESS_CACHE_CLIENT 0x0001 +# define SSL_SESS_CACHE_SERVER 0x0002 +# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) +# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ +# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +# define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) + +LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); +# define SSL_CTX_sess_number(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) +# define SSL_CTX_sess_connect(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) +# define SSL_CTX_sess_connect_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) +# define SSL_CTX_sess_connect_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) +# define SSL_CTX_sess_accept_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) +# define SSL_CTX_sess_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) +# define SSL_CTX_sess_cb_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) +# define SSL_CTX_sess_misses(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) +# define SSL_CTX_sess_timeouts(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) +# define SSL_CTX_sess_cache_full(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) + +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, + int (*new_session_cb) (struct ssl_st *ssl, + SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + SSL_SESSION *sess); +void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, + void (*remove_session_cb) (struct ssl_ctx_st + *ctx, + SSL_SESSION *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, + SSL_SESSION *sess); +void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, + SSL_SESSION *(*get_session_cb) (struct ssl_st + *ssl, + const unsigned char + *data, int len, + int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + const unsigned char *data, + int len, int *copy); +void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, + int val); +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*client_cert_cb) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey); +# ifndef OPENSSL_NO_ENGINE +__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); +# endif +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*app_gen_cookie_cb) (SSL *ssl, + unsigned char + *cookie, + unsigned int + *cookie_len)); +void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*app_verify_cookie_cb) (SSL *ssl, + const unsigned + char *cookie, + unsigned int + cookie_len)); + +void SSL_CTX_set_stateless_cookie_generate_cb( + SSL_CTX *ctx, + int (*gen_stateless_cookie_cb) (SSL *ssl, + unsigned char *cookie, + size_t *cookie_len)); +void SSL_CTX_set_stateless_cookie_verify_cb( + SSL_CTX *ctx, + int (*verify_stateless_cookie_cb) (SSL *ssl, + const unsigned char *cookie, + size_t cookie_len)); +# ifndef OPENSSL_NO_NEXTPROTONEG + +typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg); +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, + SSL_CTX_npn_advertised_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb + +typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, + SSL_CTX_npn_select_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb + +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len); +# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated +# endif + +__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); + +# define OPENSSL_NPN_UNSUPPORTED 0 +# define OPENSSL_NPN_NEGOTIATED 1 +# define OPENSSL_NPN_NO_OVERLAP 2 + +__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, + unsigned int protos_len); +__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, + unsigned int protos_len); +typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + SSL_CTX_alpn_select_cb_func cb, + void *arg); +void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, + unsigned int *len); + +# ifndef OPENSSL_NO_PSK +/* + * the maximum length of the buffer given to callbacks containing the + * resulting identity/psk + */ +# define PSK_MAX_IDENTITY_LEN 128 +# define PSK_MAX_PSK_LEN 256 +typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, + const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); +void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); + +typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, + const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); +void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); + +__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); +__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); +const char *SSL_get_psk_identity_hint(const SSL *s); +const char *SSL_get_psk_identity(const SSL *s); +# endif + +typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, + const unsigned char *identity, + size_t identity_len, + SSL_SESSION **sess); +typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, + const unsigned char **id, + size_t *idlen, + SSL_SESSION **sess); + +void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); +void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, + SSL_psk_find_session_cb_func cb); +void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, + SSL_psk_use_session_cb_func cb); + +/* Register callbacks to handle custom TLS Extensions for client or server. */ + +__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, + unsigned int ext_type); + +__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg); + +__owur int SSL_extension_supported(unsigned int ext_type); + +# define SSL_NOTHING 1 +# define SSL_WRITING 2 +# define SSL_READING 3 +# define SSL_X509_LOOKUP 4 +# define SSL_ASYNC_PAUSED 5 +# define SSL_ASYNC_NO_JOBS 6 +# define SSL_CLIENT_HELLO_CB 7 + +/* These will only be used when doing non-blocking IO */ +# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +# define SSL_want_read(s) (SSL_want(s) == SSL_READING) +# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) +# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) +# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) + +# define SSL_MAC_FLAG_READ_MAC_STREAM 1 +# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 + +/* + * A callback for logging out TLS key material. This callback should log out + * |line| followed by a newline. + */ +typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); + +/* + * SSL_CTX_set_keylog_callback configures a callback to log key material. This + * is intended for debugging use with tools like Wireshark. The cb function + * should log line followed by a newline. + */ +void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); + +/* + * SSL_CTX_get_keylog_callback returns the callback configured by + * SSL_CTX_set_keylog_callback. + */ +SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); + +int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); +uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); +int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); +uint32_t SSL_get_max_early_data(const SSL *s); +int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); +uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); +int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); +uint32_t SSL_get_recv_max_early_data(const SSL *s); + +#ifdef __cplusplus +} +#endif + +# include +# include +# include /* This is mostly sslv3 with a few tweaks */ +# include /* Datagram TLS */ +# include /* Support for the use_srtp extension */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * These need to be after the above set of includes due to a compiler bug + * in VisualStudio 2015 + */ +DEFINE_STACK_OF_CONST(SSL_CIPHER) +DEFINE_STACK_OF(SSL_COMP) + +/* compatibility */ +# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)(arg))) +# define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) +# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0, \ + (char *)(a))) +# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) +# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) +# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0, \ + (char *)(arg))) +DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug)) + +/* TLSv1.3 KeyUpdate message types */ +/* -1 used so that this is an invalid value for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NONE -1 +/* Values as defined for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NOT_REQUESTED 0 +#define SSL_KEY_UPDATE_REQUESTED 1 + +/* + * The valid handshake states (one for each type message sent and one for each + * type of message received). There are also two "special" states: + * TLS = TLS or DTLS state + * DTLS = DTLS specific state + * CR/SR = Client Read/Server Read + * CW/SW = Client Write/Server Write + * + * The "special" states are: + * TLS_ST_BEFORE = No handshake has been initiated yet + * TLS_ST_OK = A handshake has been successfully completed + */ +typedef enum { + TLS_ST_BEFORE, + TLS_ST_OK, + DTLS_ST_CR_HELLO_VERIFY_REQUEST, + TLS_ST_CR_SRVR_HELLO, + TLS_ST_CR_CERT, + TLS_ST_CR_CERT_STATUS, + TLS_ST_CR_KEY_EXCH, + TLS_ST_CR_CERT_REQ, + TLS_ST_CR_SRVR_DONE, + TLS_ST_CR_SESSION_TICKET, + TLS_ST_CR_CHANGE, + TLS_ST_CR_FINISHED, + TLS_ST_CW_CLNT_HELLO, + TLS_ST_CW_CERT, + TLS_ST_CW_KEY_EXCH, + TLS_ST_CW_CERT_VRFY, + TLS_ST_CW_CHANGE, + TLS_ST_CW_NEXT_PROTO, + TLS_ST_CW_FINISHED, + TLS_ST_SW_HELLO_REQ, + TLS_ST_SR_CLNT_HELLO, + DTLS_ST_SW_HELLO_VERIFY_REQUEST, + TLS_ST_SW_SRVR_HELLO, + TLS_ST_SW_CERT, + TLS_ST_SW_KEY_EXCH, + TLS_ST_SW_CERT_REQ, + TLS_ST_SW_SRVR_DONE, + TLS_ST_SR_CERT, + TLS_ST_SR_KEY_EXCH, + TLS_ST_SR_CERT_VRFY, + TLS_ST_SR_NEXT_PROTO, + TLS_ST_SR_CHANGE, + TLS_ST_SR_FINISHED, + TLS_ST_SW_SESSION_TICKET, + TLS_ST_SW_CERT_STATUS, + TLS_ST_SW_CHANGE, + TLS_ST_SW_FINISHED, + TLS_ST_SW_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_CERT_VRFY, + TLS_ST_SW_CERT_VRFY, + TLS_ST_CR_HELLO_REQ, + TLS_ST_SW_KEY_UPDATE, + TLS_ST_CW_KEY_UPDATE, + TLS_ST_SR_KEY_UPDATE, + TLS_ST_CR_KEY_UPDATE, + TLS_ST_EARLY_DATA, + TLS_ST_PENDING_EARLY_DATA_END, + TLS_ST_CW_END_OF_EARLY_DATA, + TLS_ST_SR_END_OF_EARLY_DATA +} OSSL_HANDSHAKE_STATE; + +/* + * Most of the following state values are no longer used and are defined to be + * the closest equivalent value in the current state machine code. Not all + * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT + * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP, + * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. + */ + +# define SSL_ST_CONNECT 0x1000 +# define SSL_ST_ACCEPT 0x2000 + +# define SSL_ST_MASK 0x0FFF + +# define SSL_CB_LOOP 0x01 +# define SSL_CB_EXIT 0x02 +# define SSL_CB_READ 0x04 +# define SSL_CB_WRITE 0x08 +# define SSL_CB_ALERT 0x4000/* used in callback */ +# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) +# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) +# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) +# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) +# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) +# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) +# define SSL_CB_HANDSHAKE_START 0x10 +# define SSL_CB_HANDSHAKE_DONE 0x20 + +/* Is the SSL_connection established? */ +# define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) +# define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) +int SSL_in_init(const SSL *s); +int SSL_in_before(const SSL *s); +int SSL_is_init_finished(const SSL *s); + +/* + * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you + * should not need these + */ +# define SSL_ST_READ_HEADER 0xF0 +# define SSL_ST_READ_BODY 0xF1 +# define SSL_ST_READ_DONE 0xF2 + +/*- + * Obtain latest Finished message + * -- that we sent (SSL_get_finished) + * -- that we expected from peer (SSL_get_peer_finished). + * Returns length (0 == no Finished so far), copies up to 'count' bytes. + */ +size_t SSL_get_finished(const SSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + +/* + * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are + * 'ored' with SSL_VERIFY_PEER if they are desired + */ +# define SSL_VERIFY_NONE 0x00 +# define SSL_VERIFY_PEER 0x01 +# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +# define SSL_VERIFY_CLIENT_ONCE 0x04 +# define SSL_VERIFY_POST_HANDSHAKE 0x08 + +# if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSL_add_ssl_algorithms() SSL_library_init() +# define SSLeay_add_ssl_algorithms() SSL_library_init() +# endif + +/* More backward compatibility */ +# define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_cipher_bits(s,np) \ + SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +# define SSL_get_cipher_version(s) \ + SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +# define SSL_get_cipher_name(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_time(a) SSL_SESSION_get_time(a) +# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) +# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) +# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) + +# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) +# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) + +DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) +# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value + * from SSL_AD_... */ +/* These alert types are for SSLv3 and TLSv1 */ +# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY +/* fatal */ +# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +/* fatal */ +# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC +# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED +# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW +/* fatal */ +# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +/* fatal */ +# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +/* Not for TLS */ +# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE +# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE +# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE +# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED +# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED +# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN +/* fatal */ +# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +/* fatal */ +# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +/* fatal */ +# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +/* fatal */ +# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR +# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR +/* fatal */ +# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +/* fatal */ +# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +/* fatal */ +# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +/* fatal */ +# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR +# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED +# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +# define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION +# define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED +# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION +# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE +# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE +# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE +/* fatal */ +# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +/* fatal */ +# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK +# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL +# define SSL_ERROR_NONE 0 +# define SSL_ERROR_SSL 1 +# define SSL_ERROR_WANT_READ 2 +# define SSL_ERROR_WANT_WRITE 3 +# define SSL_ERROR_WANT_X509_LOOKUP 4 +# define SSL_ERROR_SYSCALL 5/* look at error stack/return + * value/errno */ +# define SSL_ERROR_ZERO_RETURN 6 +# define SSL_ERROR_WANT_CONNECT 7 +# define SSL_ERROR_WANT_ACCEPT 8 +# define SSL_ERROR_WANT_ASYNC 9 +# define SSL_ERROR_WANT_ASYNC_JOB 10 +# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 +# define SSL_CTRL_SET_TMP_DH 3 +# define SSL_CTRL_SET_TMP_ECDH 4 +# define SSL_CTRL_SET_TMP_DH_CB 6 +# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 +# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +# define SSL_CTRL_GET_FLAGS 13 +# define SSL_CTRL_EXTRA_CHAIN_CERT 14 +# define SSL_CTRL_SET_MSG_CALLBACK 15 +# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 +/* only applies to datagram connections */ +# define SSL_CTRL_SET_MTU 17 +/* Stats */ +# define SSL_CTRL_SESS_NUMBER 20 +# define SSL_CTRL_SESS_CONNECT 21 +# define SSL_CTRL_SESS_CONNECT_GOOD 22 +# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 +# define SSL_CTRL_SESS_ACCEPT 24 +# define SSL_CTRL_SESS_ACCEPT_GOOD 25 +# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 +# define SSL_CTRL_SESS_HIT 27 +# define SSL_CTRL_SESS_CB_HIT 28 +# define SSL_CTRL_SESS_MISSES 29 +# define SSL_CTRL_SESS_TIMEOUTS 30 +# define SSL_CTRL_SESS_CACHE_FULL 31 +# define SSL_CTRL_MODE 33 +# define SSL_CTRL_GET_READ_AHEAD 40 +# define SSL_CTRL_SET_READ_AHEAD 41 +# define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +# define SSL_CTRL_GET_SESS_CACHE_SIZE 43 +# define SSL_CTRL_SET_SESS_CACHE_MODE 44 +# define SSL_CTRL_GET_SESS_CACHE_MODE 45 +# define SSL_CTRL_GET_MAX_CERT_LIST 50 +# define SSL_CTRL_SET_MAX_CERT_LIST 51 +# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 +/* see tls1.h for macros based on these */ +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 +# define SSL_CTRL_SET_SRP_ARG 78 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT 85 +# define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING 86 +# define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS 87 +# endif +# define DTLS_CTRL_GET_TIMEOUT 73 +# define DTLS_CTRL_HANDLE_TIMEOUT 74 +# define SSL_CTRL_GET_RI_SUPPORT 76 +# define SSL_CTRL_CLEAR_MODE 78 +# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 +# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +# define SSL_CTRL_CHAIN 88 +# define SSL_CTRL_CHAIN_CERT 89 +# define SSL_CTRL_GET_GROUPS 90 +# define SSL_CTRL_SET_GROUPS 91 +# define SSL_CTRL_SET_GROUPS_LIST 92 +# define SSL_CTRL_GET_SHARED_GROUP 93 +# define SSL_CTRL_SET_SIGALGS 97 +# define SSL_CTRL_SET_SIGALGS_LIST 98 +# define SSL_CTRL_CERT_FLAGS 99 +# define SSL_CTRL_CLEAR_CERT_FLAGS 100 +# define SSL_CTRL_SET_CLIENT_SIGALGS 101 +# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 +# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 +# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 +# define SSL_CTRL_BUILD_CERT_CHAIN 105 +# define SSL_CTRL_SET_VERIFY_CERT_STORE 106 +# define SSL_CTRL_SET_CHAIN_CERT_STORE 107 +# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 +# define SSL_CTRL_GET_PEER_TMP_KEY 109 +# define SSL_CTRL_GET_RAW_CIPHERLIST 110 +# define SSL_CTRL_GET_EC_POINT_FORMATS 111 +# define SSL_CTRL_GET_CHAIN_CERTS 115 +# define SSL_CTRL_SELECT_CURRENT_CERT 116 +# define SSL_CTRL_SET_CURRENT_CERT 117 +# define SSL_CTRL_SET_DH_AUTO 118 +# define DTLS_CTRL_SET_LINK_MTU 120 +# define DTLS_CTRL_GET_LINK_MIN_MTU 121 +# define SSL_CTRL_GET_EXTMS_SUPPORT 122 +# define SSL_CTRL_SET_MIN_PROTO_VERSION 123 +# define SSL_CTRL_SET_MAX_PROTO_VERSION 124 +# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 +# define SSL_CTRL_SET_MAX_PIPELINES 126 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 +# define SSL_CTRL_GET_MIN_PROTO_VERSION 130 +# define SSL_CTRL_GET_MAX_PROTO_VERSION 131 +# define SSL_CTRL_GET_SIGNATURE_NID 132 +# define SSL_CTRL_GET_TMP_KEY 133 +# define SSL_CERT_SET_FIRST 1 +# define SSL_CERT_SET_NEXT 2 +# define SSL_CERT_SET_SERVER 3 +# define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg)) +# define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) +# define SSL_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_clear_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) +# define SSL_CTX_set_tmp_dh(ctx,dh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# define SSL_CTX_set_dh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_dh_auto(s, onoff) \ + SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_tmp_dh(ssl,dh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# define SSL_set_tmp_ecdh(ssl,ecdh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# define SSL_CTX_add_extra_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_get_extra_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) +# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) +# define SSL_CTX_clear_extra_chain_certs(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) +# define SSL_CTX_set0_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_CTX_set1_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_CTX_add0_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_add1_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_CTX_get0_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_CTX_clear_chain_certs(ctx) \ + SSL_CTX_set0_chain(ctx,NULL) +# define SSL_CTX_build_cert_chain(ctx, flags) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_CTX_select_current_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_CTX_set_current_cert(ctx, op) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_CTX_set0_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +# define SSL_CTX_set0_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_set0_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_set1_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_add0_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_add1_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_get0_chain_certs(s,px509) \ + SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_clear_chain_certs(s) \ + SSL_set0_chain(s,NULL) +# define SSL_build_cert_chain(s, flags) \ + SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_select_current_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_set_current_cert(s,op) \ + SSL_ctrl(s,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_set0_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_set1_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +# define SSL_set0_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_set1_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_get1_groups(s, glist) \ + SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) +# define SSL_CTX_set1_groups(ctx, glist, glistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_CTX_set1_groups_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) +# define SSL_set1_groups(s, glist, glistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_set1_groups_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str)) +# define SSL_get_shared_group(s, n) \ + SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) +# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(str)) +# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_client_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_client_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(str)) +# define SSL_get0_certificate_types(s, clist) \ + SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) +# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \ + (char *)(clist)) +# define SSL_set1_client_certificate_types(s, clist, clistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) +# define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) +# define SSL_get_peer_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) +# define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) +# define SSL_get_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) +# define SSL_get0_raw_cipherlist(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) +# define SSL_get0_ec_point_formats(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) +# define SSL_CTX_set_min_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_CTX_set_max_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_CTX_get_min_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_CTX_get_max_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +# define SSL_set_min_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_set_max_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_get_min_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_get_max_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) + +/* Backwards compatibility, original 1.1.0 names */ +# define SSL_CTRL_GET_SERVER_TMP_KEY \ + SSL_CTRL_GET_PEER_TMP_KEY +# define SSL_get_server_tmp_key(s, pk) \ + SSL_get_peer_tmp_key(s, pk) + +/* + * The following symbol names are old and obsolete. They are kept + * for compatibility reasons only and should not be used anymore. + */ +# define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS +# define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS +# define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST +# define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP + +# define SSL_get1_curves SSL_get1_groups +# define SSL_CTX_set1_curves SSL_CTX_set1_groups +# define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list +# define SSL_set1_curves SSL_set1_groups +# define SSL_set1_curves_list SSL_set1_groups_list +# define SSL_get_shared_curve SSL_get_shared_group + + +# if OPENSSL_API_COMPAT < 0x10100000L +/* Provide some compatibility macros for removed functionality. */ +# define SSL_CTX_need_tmp_RSA(ctx) 0 +# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 +# define SSL_need_tmp_RSA(ssl) 0 +# define SSL_set_tmp_rsa(ssl,rsa) 1 +# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +/* + * We "pretend" to call the callback to avoid warnings about unused static + * functions. + */ +# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) +# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) +# endif +__owur const BIO_METHOD *BIO_f_ssl(void); +__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from); +void BIO_ssl_shutdown(BIO *ssl_bio); + +__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); +__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +int SSL_CTX_up_ref(SSL_CTX *ctx); +void SSL_CTX_free(SSL_CTX *); +__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); +__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); +void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); +void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *); +__owur int SSL_want(const SSL *s); +__owur int SSL_clear(SSL *s); + +void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); + +__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s); +__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); +__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); +__owur const char *OPENSSL_cipher_name(const char *rfc_name); +__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +__owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); +__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c); + +__owur int SSL_get_fd(const SSL *s); +__owur int SSL_get_rfd(const SSL *s); +__owur int SSL_get_wfd(const SSL *s); +__owur const char *SSL_get_cipher_list(const SSL *s, int n); +__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); +__owur int SSL_get_read_ahead(const SSL *s); +__owur int SSL_pending(const SSL *s); +__owur int SSL_has_pending(const SSL *s); +# ifndef OPENSSL_NO_SOCK +__owur int SSL_set_fd(SSL *s, int fd); +__owur int SSL_set_rfd(SSL *s, int fd); +__owur int SSL_set_wfd(SSL *s, int fd); +# endif +void SSL_set0_rbio(SSL *s, BIO *rbio); +void SSL_set0_wbio(SSL *s, BIO *wbio); +void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); +__owur BIO *SSL_get_rbio(const SSL *s); +__owur BIO *SSL_get_wbio(const SSL *s); +__owur int SSL_set_cipher_list(SSL *s, const char *str); +__owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +__owur int SSL_set_ciphersuites(SSL *s, const char *str); +void SSL_set_read_ahead(SSL *s, int yes); +__owur int SSL_get_verify_mode(const SSL *s); +__owur int SSL_get_verify_depth(const SSL *s); +__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s); +void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback); +void SSL_set_verify_depth(SSL *s, int depth); +void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); +# ifndef OPENSSL_NO_RSA +__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, + long len); +# endif +__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, + long len); +__owur int SSL_use_certificate(SSL *ssl, X509 *x); +__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); +__owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + + +/* serverinfo file format versions */ +# define SSL_SERVERINFOV1 1 +# define SSL_SERVERINFOV2 2 + +/* Set serverinfo data for the current active cert. */ +__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, + const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); + +#ifndef OPENSSL_NO_RSA +__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +#endif + +__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); + +#ifndef OPENSSL_NO_RSA +__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +#endif +__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, + int type); +/* PEM type */ +__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *file); +int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *dir); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_load_error_strings() \ + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# endif + +__owur const char *SSL_state_string(const SSL *s); +__owur const char *SSL_rstate_string(const SSL *s); +__owur const char *SSL_state_string_long(const SSL *s); +__owur const char *SSL_rstate_string_long(const SSL *s); +__owur long SSL_SESSION_get_time(const SSL_SESSION *s); +__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t); +__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s); +__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); + +__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len); +__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, + const unsigned char *alpn, + size_t len); +__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); +__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); +__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); +__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, + size_t *len); +__owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); +__owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s, + uint32_t max_early_data); +__owur int SSL_copy_session_id(SSL *to, const SSL *from); +__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); +__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, + unsigned int sid_len); +__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); + +__owur SSL_SESSION *SSL_SESSION_new(void); +__owur SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, + unsigned int *len); +const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, + unsigned int *len); +__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +# ifndef OPENSSL_NO_STDIO +int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); +# endif +int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +int SSL_SESSION_up_ref(SSL_SESSION *ses); +void SSL_SESSION_free(SSL_SESSION *ses); +__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +__owur int SSL_set_session(SSL *to, SSL_SESSION *session); +int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session); +int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session); +__owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +__owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb); +__owur int SSL_has_matching_session_id(const SSL *s, + const unsigned char *id, + unsigned int id_len); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, + long length); + +# ifdef HEADER_X509_H +__owur X509 *SSL_get_peer_certificate(const SSL *s); +# endif + +__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); + +__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx); +void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback); +void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, + int (*cb) (X509_STORE_CTX *, void *), + void *arg); +void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), + void *arg); +# ifndef OPENSSL_NO_RSA +__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, + long len); +# endif +__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, + const unsigned char *d, long len); +__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, + const unsigned char *d); +__owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); +pem_password_cb *SSL_get_default_passwd_cb(SSL *s); +void *SSL_get_default_passwd_cb_userdata(SSL *s); + +__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); +__owur int SSL_check_private_key(const SSL *ctx); + +__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +SSL *SSL_new(SSL_CTX *ctx); +int SSL_up_ref(SSL *s); +int SSL_is_dtls(const SSL *s); +__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +__owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); +__owur int SSL_set_purpose(SSL *ssl, int purpose); +__owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); +__owur int SSL_set_trust(SSL *ssl, int trust); + +__owur int SSL_set1_host(SSL *s, const char *hostname); +__owur int SSL_add1_host(SSL *s, const char *hostname); +__owur const char *SSL_get0_peername(SSL *s); +void SSL_set_hostflags(SSL *s, unsigned int flags); + +__owur int SSL_CTX_dane_enable(SSL_CTX *ctx); +__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, + uint8_t mtype, uint8_t ord); +__owur int SSL_dane_enable(SSL *s, const char *basedomain); +__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, + uint8_t mtype, unsigned const char *data, size_t dlen); +__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); +__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, + uint8_t *mtype, unsigned const char **data, + size_t *dlen); +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +SSL_DANE *SSL_get0_dane(SSL *ssl); +/* + * DANE flags + */ +unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); +unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); + +__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); + +__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); +__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); + +# ifndef OPENSSL_NO_SRP +int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); +int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); +int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); +int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, + char *(*cb) (SSL *, void *)); +int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, + int (*cb) (SSL *, void *)); +int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, + int (*cb) (SSL *, int *, void *)); +int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); + +int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, + BIGNUM *sa, BIGNUM *v, char *info); +int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, + const char *grp); + +__owur BIGNUM *SSL_get_srp_g(SSL *s); +__owur BIGNUM *SSL_get_srp_N(SSL *s); + +__owur char *SSL_get_srp_username(SSL *s); +__owur char *SSL_get_srp_userinfo(SSL *s); +# endif + +/* + * ClientHello callback and helpers. + */ + +# define SSL_CLIENT_HELLO_SUCCESS 1 +# define SSL_CLIENT_HELLO_ERROR 0 +# define SSL_CLIENT_HELLO_RETRY (-1) + +typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg); +void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, + void *arg); +int SSL_client_hello_isv2(SSL *s); +unsigned int SSL_client_hello_get0_legacy_version(SSL *s); +size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_compression_methods(SSL *s, + const unsigned char **out); +int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); +int SSL_client_hello_get0_ext(SSL *s, unsigned int type, + const unsigned char **out, size_t *outlen); + +void SSL_certs_clear(SSL *s); +void SSL_free(SSL *ssl); +# ifdef OSSL_ASYNC_FD +/* + * Windows application developer has to include windows.h to use these. + */ +__owur int SSL_waiting_for_async(SSL *s); +__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); +__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +# endif +__owur int SSL_accept(SSL *ssl); +__owur int SSL_stateless(SSL *s); +__owur int SSL_connect(SSL *ssl); +__owur int SSL_read(SSL *ssl, void *buf, int num); +__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); + +# define SSL_READ_EARLY_DATA_ERROR 0 +# define SSL_READ_EARLY_DATA_SUCCESS 1 +# define SSL_READ_EARLY_DATA_FINISH 2 + +__owur int SSL_read_early_data(SSL *s, void *buf, size_t num, + size_t *readbytes); +__owur int SSL_peek(SSL *ssl, void *buf, int num); +__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +__owur int SSL_write(SSL *ssl, const void *buf, int num); +__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); +__owur int SSL_write_early_data(SSL *s, const void *buf, size_t num, + size_t *written); +long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +long SSL_callback_ctrl(SSL *, int, void (*)(void)); +long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); + +# define SSL_EARLY_DATA_NOT_SENT 0 +# define SSL_EARLY_DATA_REJECTED 1 +# define SSL_EARLY_DATA_ACCEPTED 2 + +__owur int SSL_get_early_data_status(const SSL *s); + +__owur int SSL_get_error(const SSL *s, int ret_code); +__owur const char *SSL_get_version(const SSL *s); + +/* This sets the 'default' SSL version that SSL_new() will create */ +__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + +# ifndef OPENSSL_NO_SSL3_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) +# endif + +#define SSLv23_method TLS_method +#define SSLv23_server_method TLS_server_method +#define SSLv23_client_method TLS_client_method + +/* Negotiate highest available SSL/TLS version */ +__owur const SSL_METHOD *TLS_method(void); +__owur const SSL_METHOD *TLS_server_method(void); +__owur const SSL_METHOD *TLS_client_method(void); + +# ifndef OPENSSL_NO_TLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_TLS1_1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_TLS1_2_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) +# endif + +# ifndef OPENSSL_NO_DTLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_DTLS1_2_METHOD +/* DTLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) +# endif + +__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ + +__owur size_t DTLS_get_data_mtu(const SSL *s); + +__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); +__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); + +__owur int SSL_do_handshake(SSL *s); +int SSL_key_update(SSL *s, int updatetype); +int SSL_get_key_update_type(const SSL *s); +int SSL_renegotiate(SSL *s); +int SSL_renegotiate_abbreviated(SSL *s); +__owur int SSL_renegotiate_pending(const SSL *s); +int SSL_shutdown(SSL *s); +__owur int SSL_verify_client_post_handshake(SSL *s); +void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +void SSL_set_post_handshake_auth(SSL *s, int val); + +__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); +__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s); +__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +__owur const char *SSL_alert_type_string_long(int value); +__owur const char *SSL_alert_type_string(int value); +__owur const char *SSL_alert_desc_string_long(int value); +__owur const char *SSL_alert_desc_string(int value); + +void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); +__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); +__owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); +__owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); +__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); + +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); +__owur int SSL_add_client_CA(SSL *ssl, X509 *x); +__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + +void SSL_set_connect_state(SSL *s); +void SSL_set_accept_state(SSL *s); + +__owur long SSL_get_default_timeout(const SSL *s); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_library_init() OPENSSL_init_ssl(0, NULL) +# endif + +__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); +__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); + +__owur SSL *SSL_dup(SSL *ssl); + +__owur X509 *SSL_get_certificate(const SSL *ssl); +/* + * EVP_PKEY + */ +struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); + +__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); +__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); + +void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +void SSL_set_quiet_shutdown(SSL *ssl, int mode); +__owur int SSL_get_quiet_shutdown(const SSL *ssl); +void SSL_set_shutdown(SSL *ssl, int mode); +__owur int SSL_get_shutdown(const SSL *ssl); +__owur int SSL_version(const SSL *ssl); +__owur int SSL_client_version(const SSL *s); +__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath); +# define SSL_get0_session SSL_get_session/* just peek at pointer */ +__owur SSL_SESSION *SSL_get_session(const SSL *ssl); +__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ +__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); +void SSL_set_info_callback(SSL *ssl, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, + int val); +__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); + +void SSL_set_verify_result(SSL *ssl, long v); +__owur long SSL_get_verify_result(const SSL *ssl); +__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); + +__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess, + unsigned char *out, size_t outlen); +__owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess, + const unsigned char *in, size_t len); +uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess); + +#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) +__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); +void *SSL_get_ex_data(const SSL *ssl, int idx); +#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef) +__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); +void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); +#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) +__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); +void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); + +__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); + +# define SSL_CTX_sess_set_cache_size(ctx,t) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) +# define SSL_CTX_sess_get_cache_size(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) +# define SSL_CTX_set_session_cache_mode(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) +# define SSL_CTX_get_session_cache_mode(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) + +# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) +# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) +# define SSL_CTX_get_read_ahead(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) +# define SSL_CTX_set_read_ahead(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) +# define SSL_CTX_get_max_cert_list(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_CTX_set_max_cert_list(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) +# define SSL_get_max_cert_list(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_set_max_cert_list(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) + +# define SSL_CTX_set_max_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_set_max_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_split_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_set_split_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_max_pipelines(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) +# define SSL_set_max_pipelines(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) + +void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +void SSL_set_default_read_buffer_len(SSL *s, size_t len); + +# ifndef OPENSSL_NO_DH +/* NB: the |keylength| is only applicable when is_export is true */ +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +void SSL_set_tmp_dh_callback(SSL *ssl, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +# endif + +__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); +__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); +__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); +__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); +__owur int SSL_COMP_get_id(const SSL_COMP *comp); +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) + *meths); +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_COMP_free_compression_methods() while(0) continue +# endif +__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + +const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); +int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, + int isv2format, STACK_OF(SSL_CIPHER) **sk, + STACK_OF(SSL_CIPHER) **scsvs); + +/* TLS extensions functions */ +__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); + +__owur int SSL_set_session_ticket_ext_cb(SSL *s, + tls_session_ticket_ext_cb_fn cb, + void *arg); + +/* Pre-shared secret session resumption functions */ +__owur int SSL_set_session_secret_cb(SSL *s, + tls_session_secret_cb_fn session_secret_cb, + void *arg); + +void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, + int (*cb) (SSL *ssl, + int + is_forward_secure)); + +void SSL_set_not_resumable_session_callback(SSL *ssl, + int (*cb) (SSL *ssl, + int is_forward_secure)); + +void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); +void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); +int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); + +void SSL_set_record_padding_callback(SSL *ssl, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); +void *SSL_get_record_padding_callback_arg(const SSL *ssl); +int SSL_set_block_padding(SSL *ssl, size_t block_size); + +int SSL_set_num_tickets(SSL *s, size_t num_tickets); +size_t SSL_get_num_tickets(const SSL *s); +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_cache_hit(s) SSL_session_reused(s) +# endif + +__owur int SSL_session_reused(const SSL *s); +__owur int SSL_is_server(const SSL *s); + +__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); +int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); +void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, + unsigned int flags); +__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); + +void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); + +__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); + +void SSL_add_ssl_module(void); +int SSL_config(SSL *s, const char *name); +int SSL_CTX_config(SSL_CTX *ctx, const char *name); + +# ifndef OPENSSL_NO_SSL_TRACE +void SSL_trace(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); +# endif + +# ifndef OPENSSL_NO_SOCK +int DTLSv1_listen(SSL *s, BIO_ADDR *client); +# endif + +# ifndef OPENSSL_NO_CT + +/* + * A callback for verifying that the received SCTs are sufficient. + * Expected to return 1 if they are sufficient, otherwise 0. + * May return a negative integer if an error occurs. + * A connection should be aborted if the SCTs are deemed insufficient. + */ +typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *arg); + +/* + * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate + * the received SCTs. + * If the callback returns a non-positive result, the connection is terminated. + * Call this function before beginning a handshake. + * If a NULL |callback| is provided, SCT validation is disabled. + * |arg| is arbitrary userdata that will be passed to the callback whenever it + * is invoked. Ownership of |arg| remains with the caller. + * + * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response + * will be requested. + */ +int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, + void *arg); +int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, + ssl_ct_validation_cb callback, + void *arg); +#define SSL_disable_ct(s) \ + ((void) SSL_set_validation_callback((s), NULL, NULL)) +#define SSL_CTX_disable_ct(ctx) \ + ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL)) + +/* + * The validation type enumerates the available behaviours of the built-in SSL + * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct(). + * The underlying callback is a static function in libssl. + */ +enum { + SSL_CT_VALIDATION_PERMISSIVE = 0, + SSL_CT_VALIDATION_STRICT +}; + +/* + * Enable CT by setting up a callback that implements one of the built-in + * validation variants. The SSL_CT_VALIDATION_PERMISSIVE variant always + * continues the handshake, the application can make appropriate decisions at + * handshake completion. The SSL_CT_VALIDATION_STRICT variant requires at + * least one valid SCT, or else handshake termination will be requested. The + * handshake may continue anyway if SSL_VERIFY_NONE is in effect. + */ +int SSL_enable_ct(SSL *s, int validation_mode); +int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); + +/* + * Report whether a non-NULL callback is enabled. + */ +int SSL_ct_is_enabled(const SSL *s); +int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); + +/* Gets the SCTs received from a connection */ +const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); + +/* + * Loads the CT log list from the default location. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); + +/* + * Loads the CT log list from the specified file path. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); + +/* + * Sets the CT log list used by all SSL connections created from this SSL_CTX. + * Ownership of the CTLOG_STORE is transferred to the SSL_CTX. + */ +void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs); + +/* + * Gets the CT log list used by all SSL connections created from this SSL_CTX. + * This will be NULL unless one of the following functions has been called: + * - SSL_CTX_set_default_ctlog_list_file + * - SSL_CTX_set_ctlog_list_file + * - SSL_CTX_set_ctlog_store + */ +const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); + +# endif /* OPENSSL_NO_CT */ + +/* What the "other" parameter contains in security callback */ +/* Mask for type */ +# define SSL_SECOP_OTHER_TYPE 0xffff0000 +# define SSL_SECOP_OTHER_NONE 0 +# define SSL_SECOP_OTHER_CIPHER (1 << 16) +# define SSL_SECOP_OTHER_CURVE (2 << 16) +# define SSL_SECOP_OTHER_DH (3 << 16) +# define SSL_SECOP_OTHER_PKEY (4 << 16) +# define SSL_SECOP_OTHER_SIGALG (5 << 16) +# define SSL_SECOP_OTHER_CERT (6 << 16) + +/* Indicated operation refers to peer key or certificate */ +# define SSL_SECOP_PEER 0x1000 + +/* Values for "op" parameter in security callback */ + +/* Called to filter ciphers */ +/* Ciphers client supports */ +# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +/* Cipher shared by client/server */ +# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +/* Sanity check of cipher server selects */ +# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +/* Curves supported by client */ +# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +/* Curves shared by client/server */ +# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +/* Sanity check of curve server selects */ +# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +/* Temporary DH key */ +# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) +/* SSL/TLS version */ +# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +/* Session tickets */ +# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +/* Supported signature algorithms sent to peer */ +# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +/* Shared signature algorithm */ +# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +/* Sanity check signature algorithm allowed */ +# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +/* Used to get mask of supported public key signature algorithms */ +# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +/* Use to see if compression is allowed */ +# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +/* EE key in certificate */ +# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +/* CA key in certificate */ +# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +/* CA digest algorithm in certificate */ +# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +/* Peer EE key in certificate */ +# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +/* Peer CA key in certificate */ +# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +/* Peer CA digest algorithm in certificate */ +# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) + +void SSL_set_security_level(SSL *s, int level); +__owur int SSL_get_security_level(const SSL *s); +void SSL_set_security_callback(SSL *s, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, + const SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex); +void SSL_set0_security_ex_data(SSL *s, void *ex); +__owur void *SSL_get0_security_ex_data(const SSL *s); + +void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); +void SSL_CTX_set_security_callback(SSL_CTX *ctx, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, + const SSL_CTX *ctx, + int op, int bits, + int nid, + void *other, + void *ex); +void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); + +/* OPENSSL_INIT flag 0x010000 reserved for internal use */ +# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L +# define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L + +# define OPENSSL_INIT_SSL_DEFAULT \ + (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) + +int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); + +# ifndef OPENSSL_NO_UNIT_TEST +__owur const struct openssl_ssl_test_functions *SSL_test_functions(void); +# endif + +__owur int SSL_free_buffers(SSL *ssl); +__owur int SSL_alloc_buffers(SSL *ssl); + +/* Status codes passed to the decrypt session ticket callback. Some of these + * are for internal use only and are never passed to the callback. */ +typedef int SSL_TICKET_STATUS; + +/* Support for ticket appdata */ +/* fatal error, malloc failure */ +# define SSL_TICKET_FATAL_ERR_MALLOC 0 +/* fatal error, either from parsing or decrypting the ticket */ +# define SSL_TICKET_FATAL_ERR_OTHER 1 +/* No ticket present */ +# define SSL_TICKET_NONE 2 +/* Empty ticket present */ +# define SSL_TICKET_EMPTY 3 +/* the ticket couldn't be decrypted */ +# define SSL_TICKET_NO_DECRYPT 4 +/* a ticket was successfully decrypted */ +# define SSL_TICKET_SUCCESS 5 +/* same as above but the ticket needs to be renewed */ +# define SSL_TICKET_SUCCESS_RENEW 6 + +/* Return codes for the decrypt session ticket callback */ +typedef int SSL_TICKET_RETURN; + +/* An error occurred */ +#define SSL_TICKET_RETURN_ABORT 0 +/* Do not use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE 1 +/* Do not use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE_RENEW 2 +/* Use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE 3 +/* Use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE_RENEW 4 + +typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); +typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, + const unsigned char *keyname, + size_t keyname_length, + SSL_TICKET_STATUS status, + void *arg); +int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, + SSL_CTX_generate_session_ticket_fn gen_cb, + SSL_CTX_decrypt_session_ticket_fn dec_cb, + void *arg); +int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); +int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); + +extern const char SSL_version_str[]; + +typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); + +void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); + + +typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); +void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, + SSL_allow_early_data_cb_fn cb, + void *arg); +void SSL_set_allow_early_data_cb(SSL *s, + SSL_allow_early_data_cb_fn cb, + void *arg); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ssl2.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ssl2.h new file mode 100644 index 00000000..5321bd27 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ssl2.h @@ -0,0 +1,24 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL2_H +# define HEADER_SSL2_H + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL2_VERSION 0x0002 + +# define SSL2_MT_CLIENT_HELLO 1 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ssl3.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ssl3.h new file mode 100644 index 00000000..8d01fcc4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ssl3.h @@ -0,0 +1,339 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL3_H +# define HEADER_SSL3_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) + */ +# define SSL3_CK_SCSV 0x030000FF + +/* + * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) + */ +# define SSL3_CK_FALLBACK_SCSV 0x03005600 + +# define SSL3_CK_RSA_NULL_MD5 0x03000001 +# define SSL3_CK_RSA_NULL_SHA 0x03000002 +# define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +# define SSL3_CK_RSA_RC4_128_MD5 0x03000004 +# define SSL3_CK_RSA_RC4_128_SHA 0x03000005 +# define SSL3_CK_RSA_RC2_40_MD5 0x03000006 +# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 +# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 +# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 +# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A + +# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B +# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C +# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D +# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E +# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F +# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + +# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011 +# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012 +# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013 +# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA +# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014 +# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015 +# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016 +# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA + +# define SSL3_CK_ADH_RC4_40_MD5 0x03000017 +# define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 +# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A +# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define SSL3_RFC_RSA_NULL_MD5 "TLS_RSA_WITH_NULL_MD5" +# define SSL3_RFC_RSA_NULL_SHA "TLS_RSA_WITH_NULL_SHA" +# define SSL3_RFC_RSA_DES_192_CBC3_SHA "TLS_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_ADH_DES_192_CBC_SHA "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_RSA_IDEA_128_SHA "TLS_RSA_WITH_IDEA_CBC_SHA" +# define SSL3_RFC_RSA_RC4_128_MD5 "TLS_RSA_WITH_RC4_128_MD5" +# define SSL3_RFC_RSA_RC4_128_SHA "TLS_RSA_WITH_RC4_128_SHA" +# define SSL3_RFC_ADH_RC4_128_MD5 "TLS_DH_anon_WITH_RC4_128_MD5" + +# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" +# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" +# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" +# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" +# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" +# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" + +# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA" + +/* + * This next block of six "EDH" labels is for backward compatibility with + * older versions of OpenSSL. New code should use the six "DHE" labels above + * instead: + */ +# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" +# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" +# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" + +# define SSL3_SSL_SESSION_ID_LENGTH 32 +# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 + +# define SSL3_MASTER_SECRET_SIZE 48 +# define SSL3_RANDOM_SIZE 32 +# define SSL3_SESSION_ID_SIZE 32 +# define SSL3_RT_HEADER_LENGTH 5 + +# define SSL3_HM_HEADER_LENGTH 4 + +# ifndef SSL3_ALIGN_PAYLOAD + /* + * Some will argue that this increases memory footprint, but it's not + * actually true. Point is that malloc has to return at least 64-bit aligned + * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case. + * Suggested pre-gaping simply moves these wasted bytes from the end of + * allocated region to its front, but makes data payload aligned, which + * improves performance:-) + */ +# define SSL3_ALIGN_PAYLOAD 8 +# else +# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 +# error "insane SSL3_ALIGN_PAYLOAD" +# undef SSL3_ALIGN_PAYLOAD +# endif +# endif + +/* + * This is the maximum MAC (digest) size used by the SSL library. Currently + * maximum of 20 is used by SHA1, but we reserve for future extension for + * 512-bit hashes. + */ + +# define SSL3_RT_MAX_MD_SIZE 64 + +/* + * Maximum block size used in all ciphersuites. Currently 16 for AES. + */ + +# define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 + +# define SSL3_RT_MAX_EXTRA (16384) + +/* Maximum plaintext length: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_PLAIN_LENGTH 16384 +/* Maximum compression overhead: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 + +/* + * The standards give a maximum encryption overhead of 1024 bytes. In + * practice the value is lower than this. The overhead is the maximum number + * of padding bytes (256) plus the mac size. + */ +# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD 256 + +/* + * OpenSSL currently only uses a padding length of at most one block so the + * send overhead is smaller. + */ + +# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ + (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) + +/* If compression isn't used don't include the compression overhead */ + +# ifdef OPENSSL_NO_COMP +# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +# else +# define SSL3_RT_MAX_COMPRESSED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) +# endif +# define SSL3_RT_MAX_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD) +# define SSL3_RT_MAX_PACKET_SIZE \ + (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) + +# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" +# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" + +# define SSL3_VERSION 0x0300 +# define SSL3_VERSION_MAJOR 0x03 +# define SSL3_VERSION_MINOR 0x00 + +# define SSL3_RT_CHANGE_CIPHER_SPEC 20 +# define SSL3_RT_ALERT 21 +# define SSL3_RT_HANDSHAKE 22 +# define SSL3_RT_APPLICATION_DATA 23 +# define DTLS1_RT_HEARTBEAT 24 + +/* Pseudo content types to indicate additional parameters */ +# define TLS1_RT_CRYPTO 0x1000 +# define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) +# define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) +# define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) +# define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) + +# define TLS1_RT_CRYPTO_READ 0x0000 +# define TLS1_RT_CRYPTO_WRITE 0x0100 +# define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) +# define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) +# define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) +# define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) + +/* Pseudo content types for SSL/TLS header info */ +# define SSL3_RT_HEADER 0x100 +# define SSL3_RT_INNER_CONTENT_TYPE 0x101 + +# define SSL3_AL_WARNING 1 +# define SSL3_AL_FATAL 2 + +# define SSL3_AD_CLOSE_NOTIFY 0 +# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ +# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ +# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */ +# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */ +# define SSL3_AD_NO_CERTIFICATE 41 +# define SSL3_AD_BAD_CERTIFICATE 42 +# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +# define SSL3_AD_CERTIFICATE_REVOKED 44 +# define SSL3_AD_CERTIFICATE_EXPIRED 45 +# define SSL3_AD_CERTIFICATE_UNKNOWN 46 +# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ + +# define TLS1_HB_REQUEST 1 +# define TLS1_HB_RESPONSE 2 + + +# define SSL3_CT_RSA_SIGN 1 +# define SSL3_CT_DSS_SIGN 2 +# define SSL3_CT_RSA_FIXED_DH 3 +# define SSL3_CT_DSS_FIXED_DH 4 +# define SSL3_CT_RSA_EPHEMERAL_DH 5 +# define SSL3_CT_DSS_EPHEMERAL_DH 6 +# define SSL3_CT_FORTEZZA_DMS 20 +/* + * SSL3_CT_NUMBER is used to size arrays and it must be large enough to + * contain all of the cert types defined for *either* SSLv3 and TLSv1. + */ +# define SSL3_CT_NUMBER 10 + +# if defined(TLS_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +/* No longer used as of OpenSSL 1.1.1 */ +# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 + +/* Removed from OpenSSL 1.1.0 */ +# define TLS1_FLAGS_TLS_PADDING_BUG 0x0 + +# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 + +/* Set if we encrypt then mac instead of usual mac then encrypt */ +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ 0x0100 +# define TLS1_FLAGS_ENCRYPT_THEN_MAC TLS1_FLAGS_ENCRYPT_THEN_MAC_READ + +/* Set if extended master secret extension received from peer */ +# define TLS1_FLAGS_RECEIVED_EXTMS 0x0200 + +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE 0x0400 + +# define TLS1_FLAGS_STATELESS 0x0800 + +# define SSL3_MT_HELLO_REQUEST 0 +# define SSL3_MT_CLIENT_HELLO 1 +# define SSL3_MT_SERVER_HELLO 2 +# define SSL3_MT_NEWSESSION_TICKET 4 +# define SSL3_MT_END_OF_EARLY_DATA 5 +# define SSL3_MT_ENCRYPTED_EXTENSIONS 8 +# define SSL3_MT_CERTIFICATE 11 +# define SSL3_MT_SERVER_KEY_EXCHANGE 12 +# define SSL3_MT_CERTIFICATE_REQUEST 13 +# define SSL3_MT_SERVER_DONE 14 +# define SSL3_MT_CERTIFICATE_VERIFY 15 +# define SSL3_MT_CLIENT_KEY_EXCHANGE 16 +# define SSL3_MT_FINISHED 20 +# define SSL3_MT_CERTIFICATE_URL 21 +# define SSL3_MT_CERTIFICATE_STATUS 22 +# define SSL3_MT_SUPPLEMENTAL_DATA 23 +# define SSL3_MT_KEY_UPDATE 24 +# ifndef OPENSSL_NO_NEXTPROTONEG +# define SSL3_MT_NEXT_PROTO 67 +# endif +# define SSL3_MT_MESSAGE_HASH 254 +# define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + +/* Dummy message type for handling CCS like a normal handshake message */ +# define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101 + +# define SSL3_MT_CCS 1 + +/* These are used when changing over to a new cipher */ +# define SSL3_CC_READ 0x001 +# define SSL3_CC_WRITE 0x002 +# define SSL3_CC_CLIENT 0x010 +# define SSL3_CC_SERVER 0x020 +# define SSL3_CC_EARLY 0x040 +# define SSL3_CC_HANDSHAKE 0x080 +# define SSL3_CC_APPLICATION 0x100 +# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) +# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/sslerr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/sslerr.h new file mode 100644 index 00000000..82983d3c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/sslerr.h @@ -0,0 +1,773 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSLERR_H +# define HEADER_SSLERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_SSL_strings(void); + +/* + * SSL function codes. + */ +# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT 438 +# define SSL_F_ADD_KEY_SHARE 512 +# define SSL_F_BYTES_TO_CIPHER_LIST 519 +# define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 +# define SSL_F_CIPHERSUITE_CB 622 +# define SSL_F_CONSTRUCT_CA_NAMES 552 +# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 553 +# define SSL_F_CONSTRUCT_STATEFUL_TICKET 636 +# define SSL_F_CONSTRUCT_STATELESS_TICKET 637 +# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 539 +# define SSL_F_CREATE_TICKET_PREQUEL 638 +# define SSL_F_CT_MOVE_SCTS 345 +# define SSL_F_CT_STRICT 349 +# define SSL_F_CUSTOM_EXT_ADD 554 +# define SSL_F_CUSTOM_EXT_PARSE 555 +# define SSL_F_D2I_SSL_SESSION 103 +# define SSL_F_DANE_CTX_ENABLE 347 +# define SSL_F_DANE_MTYPE_SET 393 +# define SSL_F_DANE_TLSA_ADD 394 +# define SSL_F_DERIVE_SECRET_KEY_AND_IV 514 +# define SSL_F_DO_DTLS1_WRITE 245 +# define SSL_F_DO_SSL3_WRITE 104 +# define SSL_F_DTLS1_BUFFER_RECORD 247 +# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 318 +# define SSL_F_DTLS1_HEARTBEAT 305 +# define SSL_F_DTLS1_HM_FRAGMENT_NEW 623 +# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 +# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 +# define SSL_F_DTLS1_PROCESS_RECORD 257 +# define SSL_F_DTLS1_READ_BYTES 258 +# define SSL_F_DTLS1_READ_FAILED 339 +# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 390 +# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 +# define SSL_F_DTLS1_WRITE_BYTES 545 +# define SSL_F_DTLSV1_LISTEN 350 +# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371 +# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 +# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 +# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 +# define SSL_F_DTLS_RECORD_LAYER_NEW 635 +# define SSL_F_DTLS_WAIT_FOR_DRY 592 +# define SSL_F_EARLY_DATA_COUNT_OK 532 +# define SSL_F_FINAL_EARLY_DATA 556 +# define SSL_F_FINAL_EC_PT_FORMATS 485 +# define SSL_F_FINAL_EMS 486 +# define SSL_F_FINAL_KEY_SHARE 503 +# define SSL_F_FINAL_MAXFRAGMENTLEN 557 +# define SSL_F_FINAL_RENEGOTIATE 483 +# define SSL_F_FINAL_SERVER_NAME 558 +# define SSL_F_FINAL_SIG_ALGS 497 +# define SSL_F_GET_CERT_VERIFY_TBS_DATA 588 +# define SSL_F_NSS_KEYLOG_INT 500 +# define SSL_F_OPENSSL_INIT_SSL 342 +# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 436 +# define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION 598 +# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 430 +# define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE 593 +# define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE 594 +# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 +# define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION 599 +# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION 437 +# define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION 600 +# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 431 +# define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 601 +# define SSL_F_OSSL_STATEM_SERVER_POST_WORK 602 +# define SSL_F_OSSL_STATEM_SERVER_PRE_WORK 640 +# define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 603 +# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 +# define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 604 +# define SSL_F_PARSE_CA_NAMES 541 +# define SSL_F_PITEM_NEW 624 +# define SSL_F_PQUEUE_NEW 625 +# define SSL_F_PROCESS_KEY_SHARE_EXT 439 +# define SSL_F_READ_STATE_MACHINE 352 +# define SSL_F_SET_CLIENT_CIPHERSUITE 540 +# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 595 +# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 589 +# define SSL_F_SRP_VERIFY_SERVER_PARAM 596 +# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 +# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 +# define SSL_F_SSL3_CTRL 213 +# define SSL_F_SSL3_CTX_CTRL 133 +# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 +# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 +# define SSL_F_SSL3_ENC 608 +# define SSL_F_SSL3_FINAL_FINISH_MAC 285 +# define SSL_F_SSL3_FINISH_MAC 587 +# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 +# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 +# define SSL_F_SSL3_GET_RECORD 143 +# define SSL_F_SSL3_INIT_FINISHED_MAC 397 +# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 +# define SSL_F_SSL3_READ_BYTES 148 +# define SSL_F_SSL3_READ_N 149 +# define SSL_F_SSL3_SETUP_KEY_BLOCK 157 +# define SSL_F_SSL3_SETUP_READ_BUFFER 156 +# define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 +# define SSL_F_SSL3_WRITE_BYTES 158 +# define SSL_F_SSL3_WRITE_PENDING 159 +# define SSL_F_SSL_ADD_CERT_CHAIN 316 +# define SSL_F_SSL_ADD_CERT_TO_BUF 319 +# define SSL_F_SSL_ADD_CERT_TO_WPACKET 493 +# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 +# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 +# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 +# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 +# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 +# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 +# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 +# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 +# define SSL_F_SSL_BAD_METHOD 160 +# define SSL_F_SSL_BUILD_CERT_CHAIN 332 +# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +# define SSL_F_SSL_CACHE_CIPHERLIST 520 +# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 346 +# define SSL_F_SSL_CERT_DUP 221 +# define SSL_F_SSL_CERT_NEW 162 +# define SSL_F_SSL_CERT_SET0_CHAIN 340 +# define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 +# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO 606 +# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 +# define SSL_F_SSL_CHOOSE_CLIENT_VERSION 607 +# define SSL_F_SSL_CIPHER_DESCRIPTION 626 +# define SSL_F_SSL_CIPHER_LIST_TO_BYTES 425 +# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 +# define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 +# define SSL_F_SSL_CLEAR 164 +# define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT 627 +# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 +# define SSL_F_SSL_CONF_CMD 334 +# define SSL_F_SSL_CREATE_CIPHER_LIST 166 +# define SSL_F_SSL_CTRL 232 +# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 +# define SSL_F_SSL_CTX_ENABLE_CT 398 +# define SSL_F_SSL_CTX_MAKE_PROFILES 309 +# define SSL_F_SSL_CTX_NEW 169 +# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 343 +# define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 +# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 +# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 396 +# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 +# define SSL_F_SSL_CTX_SET_SSL_VERSION 170 +# define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH 551 +# define SSL_F_SSL_CTX_USE_CERTIFICATE 171 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 +# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 +# define SSL_F_SSL_CTX_USE_SERVERINFO 336 +# define SSL_F_SSL_CTX_USE_SERVERINFO_EX 543 +# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 +# define SSL_F_SSL_DANE_DUP 403 +# define SSL_F_SSL_DANE_ENABLE 395 +# define SSL_F_SSL_DERIVE 590 +# define SSL_F_SSL_DO_CONFIG 391 +# define SSL_F_SSL_DO_HANDSHAKE 180 +# define SSL_F_SSL_DUP_CA_LIST 408 +# define SSL_F_SSL_ENABLE_CT 402 +# define SSL_F_SSL_GENERATE_PKEY_GROUP 559 +# define SSL_F_SSL_GENERATE_SESSION_ID 547 +# define SSL_F_SSL_GET_NEW_SESSION 181 +# define SSL_F_SSL_GET_PREV_SESSION 217 +# define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 +# define SSL_F_SSL_GET_SIGN_PKEY 183 +# define SSL_F_SSL_HANDSHAKE_HASH 560 +# define SSL_F_SSL_INIT_WBIO_BUFFER 184 +# define SSL_F_SSL_KEY_UPDATE 515 +# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +# define SSL_F_SSL_LOG_MASTER_SECRET 498 +# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 499 +# define SSL_F_SSL_MODULE_INIT 392 +# define SSL_F_SSL_NEW 186 +# define SSL_F_SSL_NEXT_PROTO_VALIDATE 565 +# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 +# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 +# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 +# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 +# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 +# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 +# define SSL_F_SSL_PEEK 270 +# define SSL_F_SSL_PEEK_EX 432 +# define SSL_F_SSL_PEEK_INTERNAL 522 +# define SSL_F_SSL_READ 223 +# define SSL_F_SSL_READ_EARLY_DATA 529 +# define SSL_F_SSL_READ_EX 434 +# define SSL_F_SSL_READ_INTERNAL 523 +# define SSL_F_SSL_RENEGOTIATE 516 +# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 546 +# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 +# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 +# define SSL_F_SSL_SESSION_DUP 348 +# define SSL_F_SSL_SESSION_NEW 189 +# define SSL_F_SSL_SESSION_PRINT_FP 190 +# define SSL_F_SSL_SESSION_SET1_ID 423 +# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 +# define SSL_F_SSL_SET_ALPN_PROTOS 344 +# define SSL_F_SSL_SET_CERT 191 +# define SSL_F_SSL_SET_CERT_AND_KEY 621 +# define SSL_F_SSL_SET_CIPHER_LIST 271 +# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 399 +# define SSL_F_SSL_SET_FD 192 +# define SSL_F_SSL_SET_PKEY 193 +# define SSL_F_SSL_SET_RFD 194 +# define SSL_F_SSL_SET_SESSION 195 +# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 +# define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 +# define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH 550 +# define SSL_F_SSL_SET_WFD 196 +# define SSL_F_SSL_SHUTDOWN 224 +# define SSL_F_SSL_SRP_CTX_INIT 313 +# define SSL_F_SSL_START_ASYNC_JOB 389 +# define SSL_F_SSL_UNDEFINED_FUNCTION 197 +# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 +# define SSL_F_SSL_USE_CERTIFICATE 198 +# define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 +# define SSL_F_SSL_USE_CERTIFICATE_FILE 200 +# define SSL_F_SSL_USE_PRIVATEKEY 201 +# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 +# define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 +# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 +# define SSL_F_SSL_USE_RSAPRIVATEKEY 204 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 +# define SSL_F_SSL_VALIDATE_CT 400 +# define SSL_F_SSL_VERIFY_CERT_CHAIN 207 +# define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE 616 +# define SSL_F_SSL_WRITE 208 +# define SSL_F_SSL_WRITE_EARLY_DATA 526 +# define SSL_F_SSL_WRITE_EARLY_FINISH 527 +# define SSL_F_SSL_WRITE_EX 433 +# define SSL_F_SSL_WRITE_INTERNAL 524 +# define SSL_F_STATE_MACHINE 353 +# define SSL_F_TLS12_CHECK_PEER_SIGALG 333 +# define SSL_F_TLS12_COPY_SIGALGS 533 +# define SSL_F_TLS13_CHANGE_CIPHER_STATE 440 +# define SSL_F_TLS13_ENC 609 +# define SSL_F_TLS13_FINAL_FINISH_MAC 605 +# define SSL_F_TLS13_GENERATE_SECRET 591 +# define SSL_F_TLS13_HKDF_EXPAND 561 +# define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA 617 +# define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA 618 +# define SSL_F_TLS13_SETUP_KEY_BLOCK 441 +# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 +# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341 +# define SSL_F_TLS1_ENC 401 +# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 +# define SSL_F_TLS1_GET_CURVELIST 338 +# define SSL_F_TLS1_PRF 284 +# define SSL_F_TLS1_SAVE_U16 628 +# define SSL_F_TLS1_SETUP_KEY_BLOCK 211 +# define SSL_F_TLS1_SET_GROUPS 629 +# define SSL_F_TLS1_SET_RAW_SIGALGS 630 +# define SSL_F_TLS1_SET_SERVER_SIGALGS 335 +# define SSL_F_TLS1_SET_SHARED_SIGALGS 631 +# define SSL_F_TLS1_SET_SIGALGS 632 +# define SSL_F_TLS_CHOOSE_SIGALG 513 +# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 +# define SSL_F_TLS_COLLECT_EXTENSIONS 435 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES 542 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS 429 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY 494 +# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY 496 +# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 427 +# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404 +# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405 +# define SSL_F_TLS_CONSTRUCT_CKE_GOST 406 +# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407 +# define SSL_F_TLS_CONSTRUCT_CKE_RSA 409 +# define SSL_F_TLS_CONSTRUCT_CKE_SRP 410 +# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 484 +# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 487 +# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 488 +# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 489 +# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN 466 +# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 355 +# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE 535 +# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA 530 +# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS 467 +# define SSL_F_TLS_CONSTRUCT_CTOS_EMS 468 +# define SSL_F_TLS_CONSTRUCT_CTOS_ETM 469 +# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO 356 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE 357 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 470 +# define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN 549 +# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 471 +# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 472 +# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 619 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK 501 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 509 +# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 473 +# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 474 +# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 475 +# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET 476 +# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS 477 +# define SSL_F_TLS_CONSTRUCT_CTOS_SRP 478 +# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST 479 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS 480 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS 481 +# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP 482 +# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY 358 +# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 443 +# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA 536 +# define SSL_F_TLS_CONSTRUCT_EXTENSIONS 447 +# define SSL_F_TLS_CONSTRUCT_FINISHED 359 +# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 +# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST 510 +# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE 517 +# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428 +# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 426 +# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 490 +# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 491 +# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 492 +# define SSL_F_TLS_CONSTRUCT_STOC_ALPN 451 +# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 374 +# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 613 +# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 452 +# define SSL_F_TLS_CONSTRUCT_STOC_DONE 375 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA 531 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO 525 +# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS 453 +# define SSL_F_TLS_CONSTRUCT_STOC_EMS 454 +# define SSL_F_TLS_CONSTRUCT_STOC_ETM 455 +# define SSL_F_TLS_CONSTRUCT_STOC_HELLO 376 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE 377 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE 456 +# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 548 +# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 457 +# define SSL_F_TLS_CONSTRUCT_STOC_PSK 504 +# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 458 +# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 459 +# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 460 +# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST 461 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS 544 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS 611 +# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP 462 +# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 521 +# define SSL_F_TLS_FINISH_HANDSHAKE 597 +# define SSL_F_TLS_GET_MESSAGE_BODY 351 +# define SSL_F_TLS_GET_MESSAGE_HEADER 387 +# define SSL_F_TLS_HANDLE_ALPN 562 +# define SSL_F_TLS_HANDLE_STATUS_REQUEST 563 +# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 566 +# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 449 +# define SSL_F_TLS_PARSE_CTOS_ALPN 567 +# define SSL_F_TLS_PARSE_CTOS_COOKIE 614 +# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 568 +# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 569 +# define SSL_F_TLS_PARSE_CTOS_EMS 570 +# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 463 +# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 571 +# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 620 +# define SSL_F_TLS_PARSE_CTOS_PSK 505 +# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 572 +# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464 +# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 573 +# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 574 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 575 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT 615 +# define SSL_F_TLS_PARSE_CTOS_SRP 576 +# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 577 +# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 578 +# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465 +# define SSL_F_TLS_PARSE_STOC_ALPN 579 +# define SSL_F_TLS_PARSE_STOC_COOKIE 534 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 538 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528 +# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 580 +# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445 +# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 581 +# define SSL_F_TLS_PARSE_STOC_NPN 582 +# define SSL_F_TLS_PARSE_STOC_PSK 502 +# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448 +# define SSL_F_TLS_PARSE_STOC_SCT 564 +# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 583 +# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 584 +# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 585 +# define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS 612 +# define SSL_F_TLS_PARSE_STOC_USE_SRTP 446 +# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378 +# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384 +# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360 +# define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST 610 +# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 361 +# define SSL_F_TLS_PROCESS_CERT_STATUS 362 +# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY 495 +# define SSL_F_TLS_PROCESS_CERT_VERIFY 379 +# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363 +# define SSL_F_TLS_PROCESS_CKE_DHE 411 +# define SSL_F_TLS_PROCESS_CKE_ECDHE 412 +# define SSL_F_TLS_PROCESS_CKE_GOST 413 +# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 414 +# define SSL_F_TLS_PROCESS_CKE_RSA 415 +# define SSL_F_TLS_PROCESS_CKE_SRP 416 +# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380 +# define SSL_F_TLS_PROCESS_CLIENT_HELLO 381 +# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382 +# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS 444 +# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA 537 +# define SSL_F_TLS_PROCESS_FINISHED 364 +# define SSL_F_TLS_PROCESS_HELLO_REQ 507 +# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST 511 +# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT 442 +# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365 +# define SSL_F_TLS_PROCESS_KEY_UPDATE 518 +# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 366 +# define SSL_F_TLS_PROCESS_NEXT_PROTO 383 +# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367 +# define SSL_F_TLS_PROCESS_SERVER_DONE 368 +# define SSL_F_TLS_PROCESS_SERVER_HELLO 369 +# define SSL_F_TLS_PROCESS_SKE_DHE 419 +# define SSL_F_TLS_PROCESS_SKE_ECDHE 420 +# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 421 +# define SSL_F_TLS_PROCESS_SKE_SRP 422 +# define SSL_F_TLS_PSK_DO_BINDER 506 +# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 450 +# define SSL_F_TLS_SETUP_HANDSHAKE 508 +# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220 +# define SSL_F_WPACKET_INTERN_INIT_LEN 633 +# define SSL_F_WPACKET_START_SUB_PACKET_LEN__ 634 +# define SSL_F_WRITE_STATE_MACHINE 586 + +/* + * SSL reason codes. + */ +# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291 +# define SSL_R_APP_DATA_IN_HANDSHAKE 100 +# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143 +# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 +# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +# define SSL_R_BAD_CIPHER 186 +# define SSL_R_BAD_DATA 390 +# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +# define SSL_R_BAD_DECOMPRESSION 107 +# define SSL_R_BAD_DH_VALUE 102 +# define SSL_R_BAD_DIGEST_LENGTH 111 +# define SSL_R_BAD_EARLY_DATA 233 +# define SSL_R_BAD_ECC_CERT 304 +# define SSL_R_BAD_ECPOINT 306 +# define SSL_R_BAD_EXTENSION 110 +# define SSL_R_BAD_HANDSHAKE_LENGTH 332 +# define SSL_R_BAD_HANDSHAKE_STATE 236 +# define SSL_R_BAD_HELLO_REQUEST 105 +# define SSL_R_BAD_HRR_VERSION 263 +# define SSL_R_BAD_KEY_SHARE 108 +# define SSL_R_BAD_KEY_UPDATE 122 +# define SSL_R_BAD_LEGACY_VERSION 292 +# define SSL_R_BAD_LENGTH 271 +# define SSL_R_BAD_PACKET 240 +# define SSL_R_BAD_PACKET_LENGTH 115 +# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +# define SSL_R_BAD_PSK 219 +# define SSL_R_BAD_PSK_IDENTITY 114 +# define SSL_R_BAD_RECORD_TYPE 443 +# define SSL_R_BAD_RSA_ENCRYPT 119 +# define SSL_R_BAD_SIGNATURE 123 +# define SSL_R_BAD_SRP_A_LENGTH 347 +# define SSL_R_BAD_SRP_PARAMETERS 371 +# define SSL_R_BAD_SRTP_MKI_VALUE 352 +# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 +# define SSL_R_BAD_SSL_FILETYPE 124 +# define SSL_R_BAD_VALUE 384 +# define SSL_R_BAD_WRITE_RETRY 127 +# define SSL_R_BINDER_DOES_NOT_VERIFY 253 +# define SSL_R_BIO_NOT_SET 128 +# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +# define SSL_R_BN_LIB 130 +# define SSL_R_CALLBACK_FAILED 234 +# define SSL_R_CANNOT_CHANGE_CIPHER 109 +# define SSL_R_CA_DN_LENGTH_MISMATCH 131 +# define SSL_R_CA_KEY_TOO_SMALL 397 +# define SSL_R_CA_MD_TOO_WEAK 398 +# define SSL_R_CCS_RECEIVED_EARLY 133 +# define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +# define SSL_R_CERT_CB_ERROR 377 +# define SSL_R_CERT_LENGTH_MISMATCH 135 +# define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED 218 +# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 +# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 +# define SSL_R_CLIENTHELLO_TLSEXT 226 +# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +# define SSL_R_COMPRESSION_DISABLED 343 +# define SSL_R_COMPRESSION_FAILURE 141 +# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 +# define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +# define SSL_R_CONNECTION_TYPE_NOT_SET 144 +# define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 +# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 +# define SSL_R_COOKIE_MISMATCH 308 +# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 +# define SSL_R_DANE_ALREADY_ENABLED 172 +# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 +# define SSL_R_DANE_NOT_ENABLED 175 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE 180 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE 184 +# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH 189 +# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH 192 +# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE 200 +# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY 201 +# define SSL_R_DANE_TLSA_BAD_SELECTOR 202 +# define SSL_R_DANE_TLSA_NULL_DATA 203 +# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 +# define SSL_R_DATA_LENGTH_TOO_LONG 146 +# define SSL_R_DECRYPTION_FAILED 147 +# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 394 +# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 +# define SSL_R_DIGEST_CHECK_FAILED 149 +# define SSL_R_DTLS_MESSAGE_TOO_BIG 334 +# define SSL_R_DUPLICATE_COMPRESSION_ID 309 +# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 +# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 +# define SSL_R_EE_KEY_TOO_SMALL 399 +# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 +# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 +# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 +# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 +# define SSL_R_EXTENSION_NOT_RECEIVED 279 +# define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +# define SSL_R_EXT_LENGTH_MISMATCH 163 +# define SSL_R_FAILED_TO_INIT_ASYNC 405 +# define SSL_R_FRAGMENTED_CLIENT_HELLO 401 +# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +# define SSL_R_HTTPS_PROXY_REQUEST 155 +# define SSL_R_HTTP_REQUEST 156 +# define SSL_R_ILLEGAL_POINT_COMPRESSION 162 +# define SSL_R_ILLEGAL_SUITEB_DIGEST 380 +# define SSL_R_INAPPROPRIATE_FALLBACK 373 +# define SSL_R_INCONSISTENT_COMPRESSION 340 +# define SSL_R_INCONSISTENT_EARLY_DATA_ALPN 222 +# define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231 +# define SSL_R_INCONSISTENT_EXTMS 104 +# define SSL_R_INSUFFICIENT_SECURITY 241 +# define SSL_R_INVALID_ALERT 205 +# define SSL_R_INVALID_CCS_MESSAGE 260 +# define SSL_R_INVALID_CERTIFICATE_OR_ALG 238 +# define SSL_R_INVALID_COMMAND 280 +# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +# define SSL_R_INVALID_CONFIG 283 +# define SSL_R_INVALID_CONFIGURATION_NAME 113 +# define SSL_R_INVALID_CONTEXT 282 +# define SSL_R_INVALID_CT_VALIDATION_TYPE 212 +# define SSL_R_INVALID_KEY_UPDATE_TYPE 120 +# define SSL_R_INVALID_MAX_EARLY_DATA 174 +# define SSL_R_INVALID_NULL_CMD_NAME 385 +# define SSL_R_INVALID_SEQUENCE_NUMBER 402 +# define SSL_R_INVALID_SERVERINFO_DATA 388 +# define SSL_R_INVALID_SESSION_ID 999 +# define SSL_R_INVALID_SRP_USERNAME 357 +# define SSL_R_INVALID_STATUS_RESPONSE 328 +# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 +# define SSL_R_LENGTH_MISMATCH 159 +# define SSL_R_LENGTH_TOO_LONG 404 +# define SSL_R_LENGTH_TOO_SHORT 160 +# define SSL_R_LIBRARY_BUG 274 +# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +# define SSL_R_MISSING_DSA_SIGNING_CERT 165 +# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 +# define SSL_R_MISSING_FATAL 256 +# define SSL_R_MISSING_PARAMETERS 290 +# define SSL_R_MISSING_RSA_CERTIFICATE 168 +# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 +# define SSL_R_MISSING_RSA_SIGNING_CERT 170 +# define SSL_R_MISSING_SIGALGS_EXTENSION 112 +# define SSL_R_MISSING_SIGNING_CERT 221 +# define SSL_R_MISSING_SRP_PARAM 358 +# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209 +# define SSL_R_MISSING_TMP_DH_KEY 171 +# define SSL_R_MISSING_TMP_ECDH_KEY 311 +# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 +# define SSL_R_NOT_ON_RECORD_BOUNDARY 182 +# define SSL_R_NOT_REPLACING_CERTIFICATE 289 +# define SSL_R_NOT_SERVER 284 +# define SSL_R_NO_APPLICATION_PROTOCOL 235 +# define SSL_R_NO_CERTIFICATES_RETURNED 176 +# define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +# define SSL_R_NO_CERTIFICATE_SET 179 +# define SSL_R_NO_CHANGE_FOLLOWING_HRR 214 +# define SSL_R_NO_CIPHERS_AVAILABLE 181 +# define SSL_R_NO_CIPHERS_SPECIFIED 183 +# define SSL_R_NO_CIPHER_MATCH 185 +# define SSL_R_NO_CLIENT_CERT_METHOD 331 +# define SSL_R_NO_COMPRESSION_SPECIFIED 187 +# define SSL_R_NO_COOKIE_CALLBACK_SET 287 +# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 +# define SSL_R_NO_METHOD_SPECIFIED 188 +# define SSL_R_NO_PEM_EXTENSIONS 389 +# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +# define SSL_R_NO_PROTOCOLS_AVAILABLE 191 +# define SSL_R_NO_RENEGOTIATION 339 +# define SSL_R_NO_REQUIRED_DIGEST 324 +# define SSL_R_NO_SHARED_CIPHER 193 +# define SSL_R_NO_SHARED_GROUPS 410 +# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 +# define SSL_R_NO_SRTP_PROFILES 359 +# define SSL_R_NO_SUITABLE_KEY_SHARE 101 +# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 118 +# define SSL_R_NO_VALID_SCTS 216 +# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 +# define SSL_R_NULL_SSL_CTX 195 +# define SSL_R_NULL_SSL_METHOD_PASSED 196 +# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +# define SSL_R_OVERFLOW_ERROR 237 +# define SSL_R_PACKET_LENGTH_TOO_LONG 198 +# define SSL_R_PARSE_TLSEXT 227 +# define SSL_R_PATH_TOO_LONG 270 +# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 +# define SSL_R_PEM_NAME_BAD_PREFIX 391 +# define SSL_R_PEM_NAME_TOO_SHORT 392 +# define SSL_R_PIPELINE_FAILURE 406 +# define SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR 278 +# define SSL_R_PRIVATE_KEY_MISMATCH 288 +# define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +# define SSL_R_PSK_IDENTITY_NOT_FOUND 223 +# define SSL_R_PSK_NO_CLIENT_CB 224 +# define SSL_R_PSK_NO_SERVER_CB 225 +# define SSL_R_READ_BIO_NOT_SET 211 +# define SSL_R_READ_TIMEOUT_EXPIRED 312 +# define SSL_R_RECORD_LENGTH_MISMATCH 213 +# define SSL_R_RECORD_TOO_SMALL 298 +# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 +# define SSL_R_RENEGOTIATION_ENCODING_ERR 336 +# define SSL_R_RENEGOTIATION_MISMATCH 337 +# define SSL_R_REQUEST_PENDING 285 +# define SSL_R_REQUEST_SENT 286 +# define SSL_R_REQUIRED_CIPHER_MISSING 215 +# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 +# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +# define SSL_R_SCT_VERIFICATION_FAILED 208 +# define SSL_R_SERVERHELLO_TLSEXT 275 +# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 +# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 +# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +# define SSL_R_SRP_A_CALC 361 +# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 +# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 +# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 +# define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 +# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 +# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 +# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 +# define SSL_R_SSL_HANDSHAKE_FAILURE 229 +# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +# define SSL_R_SSL_NEGATIVE_LENGTH 372 +# define SSL_R_SSL_SECTION_EMPTY 126 +# define SSL_R_SSL_SECTION_NOT_FOUND 136 +# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +# define SSL_R_SSL_SESSION_ID_CONFLICT 302 +# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 +# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +# define SSL_R_SSL_SESSION_ID_TOO_LONG 408 +# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 +# define SSL_R_STILL_IN_INIT 121 +# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 +# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 +# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 +# define SSL_R_TLS_HEARTBEAT_PENDING 366 +# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 +# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_KEY_UPDATES 132 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 +# define SSL_R_TOO_MUCH_EARLY_DATA 164 +# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 +# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 +# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 +# define SSL_R_UNEXPECTED_CCS_MESSAGE 262 +# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 +# define SSL_R_UNEXPECTED_MESSAGE 244 +# define SSL_R_UNEXPECTED_RECORD 245 +# define SSL_R_UNINITIALIZED 276 +# define SSL_R_UNKNOWN_ALERT_TYPE 246 +# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 +# define SSL_R_UNKNOWN_CIPHER_RETURNED 248 +# define SSL_R_UNKNOWN_CIPHER_TYPE 249 +# define SSL_R_UNKNOWN_CMD_NAME 386 +# define SSL_R_UNKNOWN_COMMAND 139 +# define SSL_R_UNKNOWN_DIGEST 368 +# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +# define SSL_R_UNKNOWN_PKEY_TYPE 251 +# define SSL_R_UNKNOWN_PROTOCOL 252 +# define SSL_R_UNKNOWN_SSL_VERSION 254 +# define SSL_R_UNKNOWN_STATE 255 +# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 +# define SSL_R_UNSOLICITED_EXTENSION 217 +# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +# define SSL_R_UNSUPPORTED_PROTOCOL 258 +# define SSL_R_UNSUPPORTED_SSL_VERSION 259 +# define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +# define SSL_R_VERSION_TOO_HIGH 166 +# define SSL_R_VERSION_TOO_LOW 396 +# define SSL_R_WRONG_CERTIFICATE_TYPE 383 +# define SSL_R_WRONG_CIPHER_RETURNED 261 +# define SSL_R_WRONG_CURVE 378 +# define SSL_R_WRONG_SIGNATURE_LENGTH 264 +# define SSL_R_WRONG_SIGNATURE_SIZE 265 +# define SSL_R_WRONG_SIGNATURE_TYPE 370 +# define SSL_R_WRONG_SSL_VERSION 266 +# define SSL_R_WRONG_VERSION_NUMBER 267 +# define SSL_R_X509_LIB 268 +# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/stack.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/stack.h new file mode 100644 index 00000000..cfc07505 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/stack.h @@ -0,0 +1,83 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_STACK_H +# define HEADER_STACK_H + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */ + +typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); +typedef void (*OPENSSL_sk_freefunc)(void *); +typedef void *(*OPENSSL_sk_copyfunc)(const void *); + +int OPENSSL_sk_num(const OPENSSL_STACK *); +void *OPENSSL_sk_value(const OPENSSL_STACK *, int); + +void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data); + +OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_new_null(void); +OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n); +int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n); +void OPENSSL_sk_free(OPENSSL_STACK *); +void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *)); +OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, + OPENSSL_sk_copyfunc c, + OPENSSL_sk_freefunc f); +int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where); +void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc); +void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p); +int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data); +void *OPENSSL_sk_shift(OPENSSL_STACK *st); +void *OPENSSL_sk_pop(OPENSSL_STACK *st); +void OPENSSL_sk_zero(OPENSSL_STACK *st); +OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, + OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st); +void OPENSSL_sk_sort(OPENSSL_STACK *st); +int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define _STACK OPENSSL_STACK +# define sk_num OPENSSL_sk_num +# define sk_value OPENSSL_sk_value +# define sk_set OPENSSL_sk_set +# define sk_new OPENSSL_sk_new +# define sk_new_null OPENSSL_sk_new_null +# define sk_free OPENSSL_sk_free +# define sk_pop_free OPENSSL_sk_pop_free +# define sk_deep_copy OPENSSL_sk_deep_copy +# define sk_insert OPENSSL_sk_insert +# define sk_delete OPENSSL_sk_delete +# define sk_delete_ptr OPENSSL_sk_delete_ptr +# define sk_find OPENSSL_sk_find +# define sk_find_ex OPENSSL_sk_find_ex +# define sk_push OPENSSL_sk_push +# define sk_unshift OPENSSL_sk_unshift +# define sk_shift OPENSSL_sk_shift +# define sk_pop OPENSSL_sk_pop +# define sk_zero OPENSSL_sk_zero +# define sk_set_cmp_func OPENSSL_sk_set_cmp_func +# define sk_dup OPENSSL_sk_dup +# define sk_sort OPENSSL_sk_sort +# define sk_is_sorted OPENSSL_sk_is_sorted +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/store.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/store.h new file mode 100644 index 00000000..a40a7339 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/store.h @@ -0,0 +1,266 @@ +/* + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OSSL_STORE_H +# define HEADER_OSSL_STORE_H + +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * The main OSSL_STORE functions. + * ------------------------------ + * + * These allow applications to open a channel to a resource with supported + * data (keys, certs, crls, ...), read the data a piece at a time and decide + * what to do with it, and finally close. + */ + +typedef struct ossl_store_ctx_st OSSL_STORE_CTX; + +/* + * Typedef for the OSSL_STORE_INFO post processing callback. This can be used + * to massage the given OSSL_STORE_INFO, or to drop it entirely (by returning + * NULL). + */ +typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, + void *); + +/* + * Open a channel given a URI. The given UI method will be used any time the + * loader needs extra input, for example when a password or pin is needed, and + * will be passed the same user data every time it's needed in this context. + * + * Returns a context reference which represents the channel to communicate + * through. + */ +OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, + void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); + +/* + * Control / fine tune the OSSL_STORE channel. |cmd| determines what is to be + * done, and depends on the underlying loader (use OSSL_STORE_get0_scheme to + * determine which loader is used), except for common commands (see below). + * Each command takes different arguments. + */ +int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); +int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args); + +/* + * Common ctrl commands that different loaders may choose to support. + */ +/* int on = 0 or 1; STORE_ctrl(ctx, STORE_C_USE_SECMEM, &on); */ +# define OSSL_STORE_C_USE_SECMEM 1 +/* Where custom commands start */ +# define OSSL_STORE_C_CUSTOM_START 100 + +/* + * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE + * functionality, given a context. + * Returns a OSSL_STORE_INFO pointer, from which OpenSSL typed data can be + * extracted with OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), ... + * NULL is returned on error, which may include that the data found at the URI + * can't be figured out for certain or is ambiguous. + */ +OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); + +/* + * Check if end of data (end of file) is reached + * Returns 1 on end, 0 otherwise. + */ +int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); + +/* + * Check if an error occurred + * Returns 1 if it did, 0 otherwise. + */ +int OSSL_STORE_error(OSSL_STORE_CTX *ctx); + +/* + * Close the channel + * Returns 1 on success, 0 on error. + */ +int OSSL_STORE_close(OSSL_STORE_CTX *ctx); + + +/*- + * Extracting OpenSSL types from and creating new OSSL_STORE_INFOs + * --------------------------------------------------------------- + */ + +/* + * Types of data that can be ossl_stored in a OSSL_STORE_INFO. + * OSSL_STORE_INFO_NAME is typically found when getting a listing of + * available "files" / "tokens" / what have you. + */ +# define OSSL_STORE_INFO_NAME 1 /* char * */ +# define OSSL_STORE_INFO_PARAMS 2 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_PKEY 3 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_CERT 4 /* X509 * */ +# define OSSL_STORE_INFO_CRL 5 /* X509_CRL * */ + +/* + * Functions to generate OSSL_STORE_INFOs, one function for each type we + * support having in them, as well as a generic constructor. + * + * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO + * and will therefore be freed when the OSSL_STORE_INFO is freed. + */ +OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); +int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); + +/* + * Functions to try to extract data from a OSSL_STORE_INFO. + */ +int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info); + +const char *OSSL_STORE_INFO_type_string(int type); + +/* + * Free the OSSL_STORE_INFO + */ +void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info); + + +/*- + * Functions to construct a search URI from a base URI and search criteria + * ----------------------------------------------------------------------- + */ + +/* OSSL_STORE search types */ +# define OSSL_STORE_SEARCH_BY_NAME 1 /* subject in certs, issuer in CRLs */ +# define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 2 +# define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 3 +# define OSSL_STORE_SEARCH_BY_ALIAS 4 + +/* To check what search types the scheme handler supports */ +int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type); + +/* Search term constructors */ +/* + * The input is considered to be owned by the caller, and must therefore + * remain present throughout the lifetime of the returned OSSL_STORE_SEARCH + */ +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, + const ASN1_INTEGER + *serial); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, + const unsigned char + *bytes, size_t len); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); + +/* Search term destructor */ +void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); + +/* Search term accessors */ +int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); +X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion); +const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH + *criterion); +const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH + *criterion, size_t *length); +const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); +const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion); + +/* + * Add search criterion and expected return type (which can be unspecified) + * to the loading channel. This MUST happen before the first OSSL_STORE_load(). + */ +int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); +int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); + + +/*- + * Function to register a loader for the given URI scheme. + * ------------------------------------------------------- + * + * The loader receives all the main components of an URI except for the + * scheme. + */ + +typedef struct ossl_store_loader_st OSSL_STORE_LOADER; +OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); +const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader); +const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); +/* struct ossl_store_loader_ctx_st is defined differently by each loader */ +typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const OSSL_STORE_LOADER + *loader, + const char *uri, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, + OSSL_STORE_open_fn open_function); +typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, + va_list args); +int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, + OSSL_STORE_ctrl_fn ctrl_function); +typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); +int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, + OSSL_STORE_expect_fn expect_function); +typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, + OSSL_STORE_SEARCH *criteria); +int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, + OSSL_STORE_find_fn find_function); +typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, + OSSL_STORE_load_fn load_function); +typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, + OSSL_STORE_eof_fn eof_function); +typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, + OSSL_STORE_error_fn error_function); +typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, + OSSL_STORE_close_fn close_function); +void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); + +int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); +OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); + +/*- + * Functions to list STORE loaders + * ------------------------------- + */ +int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER + *loader, void *do_arg), + void *do_arg); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/storeerr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/storeerr.h new file mode 100644 index 00000000..190eab07 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/storeerr.h @@ -0,0 +1,91 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OSSL_STOREERR_H +# define HEADER_OSSL_STOREERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OSSL_STORE_strings(void); + +/* + * OSSL_STORE function codes. + */ +# define OSSL_STORE_F_FILE_CTRL 129 +# define OSSL_STORE_F_FILE_FIND 138 +# define OSSL_STORE_F_FILE_GET_PASS 118 +# define OSSL_STORE_F_FILE_LOAD 119 +# define OSSL_STORE_F_FILE_LOAD_TRY_DECODE 124 +# define OSSL_STORE_F_FILE_NAME_TO_URI 126 +# define OSSL_STORE_F_FILE_OPEN 120 +# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO 127 +# define OSSL_STORE_F_OSSL_STORE_EXPECT 130 +# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT 128 +# define OSSL_STORE_F_OSSL_STORE_FIND 131 +# define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT 100 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT 101 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL 102 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME 103 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 135 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS 104 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY 105 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT 106 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL 107 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED 123 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME 109 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS 110 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY 111 +# define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 134 +# define OSSL_STORE_F_OSSL_STORE_INIT_ONCE 112 +# define OSSL_STORE_F_OSSL_STORE_LOADER_NEW 113 +# define OSSL_STORE_F_OSSL_STORE_OPEN 114 +# define OSSL_STORE_F_OSSL_STORE_OPEN_INT 115 +# define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT 117 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS 132 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 133 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 136 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME 137 +# define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT 116 +# define OSSL_STORE_F_TRY_DECODE_PARAMS 121 +# define OSSL_STORE_F_TRY_DECODE_PKCS12 122 +# define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED 125 + +/* + * OSSL_STORE reason codes. + */ +# define OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE 107 +# define OSSL_STORE_R_BAD_PASSWORD_READ 115 +# define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC 113 +# define OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST 121 +# define OSSL_STORE_R_INVALID_SCHEME 106 +# define OSSL_STORE_R_IS_NOT_A 112 +# define OSSL_STORE_R_LOADER_INCOMPLETE 116 +# define OSSL_STORE_R_LOADING_STARTED 117 +# define OSSL_STORE_R_NOT_A_CERTIFICATE 100 +# define OSSL_STORE_R_NOT_A_CRL 101 +# define OSSL_STORE_R_NOT_A_KEY 102 +# define OSSL_STORE_R_NOT_A_NAME 103 +# define OSSL_STORE_R_NOT_PARAMETERS 104 +# define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR 114 +# define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE 108 +# define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119 +# define OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 109 +# define OSSL_STORE_R_UNREGISTERED_SCHEME 105 +# define OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE 110 +# define OSSL_STORE_R_UNSUPPORTED_OPERATION 118 +# define OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE 120 +# define OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED 111 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/symhacks.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/symhacks.h new file mode 100644 index 00000000..156ea6e4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/symhacks.h @@ -0,0 +1,37 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SYMHACKS_H +# define HEADER_SYMHACKS_H + +# include + +/* Case insensitive linking causes problems.... */ +# if defined(OPENSSL_SYS_VMS) +# undef ERR_load_CRYPTO_strings +# define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings +# undef OCSP_crlID_new +# define OCSP_crlID_new OCSP_crlID2_new + +# undef d2i_ECPARAMETERS +# define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +# undef i2d_ECPARAMETERS +# define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +# undef d2i_ECPKPARAMETERS +# define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +# undef i2d_ECPKPARAMETERS +# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS + +/* This one clashes with CMS_data_create */ +# undef cms_Data_create +# define cms_Data_create priv_cms_Data_create + +# endif + +#endif /* ! defined HEADER_VMS_IDHACKS_H */ diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/tls1.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/tls1.h new file mode 100644 index 00000000..76d9fda4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/tls1.h @@ -0,0 +1,1237 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TLS1_H +# define HEADER_TLS1_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Default security level if not overridden at config time */ +# ifndef OPENSSL_TLS_SECURITY_LEVEL +# define OPENSSL_TLS_SECURITY_LEVEL 1 +# endif + +# define TLS1_VERSION 0x0301 +# define TLS1_1_VERSION 0x0302 +# define TLS1_2_VERSION 0x0303 +# define TLS1_3_VERSION 0x0304 +# define TLS_MAX_VERSION TLS1_3_VERSION + +/* Special value for method supporting multiple versions */ +# define TLS_ANY_VERSION 0x10000 + +# define TLS1_VERSION_MAJOR 0x03 +# define TLS1_VERSION_MINOR 0x01 + +# define TLS1_1_VERSION_MAJOR 0x03 +# define TLS1_1_VERSION_MINOR 0x02 + +# define TLS1_2_VERSION_MAJOR 0x03 +# define TLS1_2_VERSION_MINOR 0x03 + +# define TLS1_get_version(s) \ + ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0) + +# define TLS1_get_client_version(s) \ + ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0) + +# define TLS1_AD_DECRYPTION_FAILED 21 +# define TLS1_AD_RECORD_OVERFLOW 22 +# define TLS1_AD_UNKNOWN_CA 48/* fatal */ +# define TLS1_AD_ACCESS_DENIED 49/* fatal */ +# define TLS1_AD_DECODE_ERROR 50/* fatal */ +# define TLS1_AD_DECRYPT_ERROR 51 +# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ +# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ +# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ +# define TLS1_AD_INTERNAL_ERROR 80/* fatal */ +# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ +# define TLS1_AD_USER_CANCELLED 90 +# define TLS1_AD_NO_RENEGOTIATION 100 +/* TLSv1.3 alerts */ +# define TLS13_AD_MISSING_EXTENSION 109 /* fatal */ +# define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */ +/* codes 110-114 are from RFC3546 */ +# define TLS1_AD_UNSUPPORTED_EXTENSION 110 +# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +# define TLS1_AD_UNRECOGNIZED_NAME 112 +# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ +# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ + +/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ +# define TLSEXT_TYPE_server_name 0 +# define TLSEXT_TYPE_max_fragment_length 1 +# define TLSEXT_TYPE_client_certificate_url 2 +# define TLSEXT_TYPE_trusted_ca_keys 3 +# define TLSEXT_TYPE_truncated_hmac 4 +# define TLSEXT_TYPE_status_request 5 +/* ExtensionType values from RFC4681 */ +# define TLSEXT_TYPE_user_mapping 6 +/* ExtensionType values from RFC5878 */ +# define TLSEXT_TYPE_client_authz 7 +# define TLSEXT_TYPE_server_authz 8 +/* ExtensionType values from RFC6091 */ +# define TLSEXT_TYPE_cert_type 9 + +/* ExtensionType values from RFC4492 */ +/* + * Prior to TLSv1.3 the supported_groups extension was known as + * elliptic_curves + */ +# define TLSEXT_TYPE_supported_groups 10 +# define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups +# define TLSEXT_TYPE_ec_point_formats 11 + + +/* ExtensionType value from RFC5054 */ +# define TLSEXT_TYPE_srp 12 + +/* ExtensionType values from RFC5246 */ +# define TLSEXT_TYPE_signature_algorithms 13 + +/* ExtensionType value from RFC5764 */ +# define TLSEXT_TYPE_use_srtp 14 + +/* ExtensionType value from RFC5620 */ +# define TLSEXT_TYPE_heartbeat 15 + +/* ExtensionType value from RFC7301 */ +# define TLSEXT_TYPE_application_layer_protocol_negotiation 16 + +/* + * Extension type for Certificate Transparency + * https://tools.ietf.org/html/rfc6962#section-3.3.1 + */ +# define TLSEXT_TYPE_signed_certificate_timestamp 18 + +/* + * ExtensionType value for TLS padding extension. + * http://tools.ietf.org/html/draft-agl-tls-padding + */ +# define TLSEXT_TYPE_padding 21 + +/* ExtensionType value from RFC7366 */ +# define TLSEXT_TYPE_encrypt_then_mac 22 + +/* ExtensionType value from RFC7627 */ +# define TLSEXT_TYPE_extended_master_secret 23 + +/* ExtensionType value from RFC4507 */ +# define TLSEXT_TYPE_session_ticket 35 + +/* As defined for TLS1.3 */ +# define TLSEXT_TYPE_psk 41 +# define TLSEXT_TYPE_early_data 42 +# define TLSEXT_TYPE_supported_versions 43 +# define TLSEXT_TYPE_cookie 44 +# define TLSEXT_TYPE_psk_kex_modes 45 +# define TLSEXT_TYPE_certificate_authorities 47 +# define TLSEXT_TYPE_post_handshake_auth 49 +# define TLSEXT_TYPE_signature_algorithms_cert 50 +# define TLSEXT_TYPE_key_share 51 + +/* Temporary extension type */ +# define TLSEXT_TYPE_renegotiate 0xff01 + +# ifndef OPENSSL_NO_NEXTPROTONEG +/* This is not an IANA defined extension number */ +# define TLSEXT_TYPE_next_proto_neg 13172 +# endif + +/* NameType value from RFC3546 */ +# define TLSEXT_NAMETYPE_host_name 0 +/* status request value from RFC3546 */ +# define TLSEXT_STATUSTYPE_ocsp 1 + +/* ECPointFormat values from RFC4492 */ +# define TLSEXT_ECPOINTFORMAT_first 0 +# define TLSEXT_ECPOINTFORMAT_uncompressed 0 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 +# define TLSEXT_ECPOINTFORMAT_last 2 + +/* Signature and hash algorithms from RFC5246 */ +# define TLSEXT_signature_anonymous 0 +# define TLSEXT_signature_rsa 1 +# define TLSEXT_signature_dsa 2 +# define TLSEXT_signature_ecdsa 3 +# define TLSEXT_signature_gostr34102001 237 +# define TLSEXT_signature_gostr34102012_256 238 +# define TLSEXT_signature_gostr34102012_512 239 + +/* Total number of different signature algorithms */ +# define TLSEXT_signature_num 7 + +# define TLSEXT_hash_none 0 +# define TLSEXT_hash_md5 1 +# define TLSEXT_hash_sha1 2 +# define TLSEXT_hash_sha224 3 +# define TLSEXT_hash_sha256 4 +# define TLSEXT_hash_sha384 5 +# define TLSEXT_hash_sha512 6 +# define TLSEXT_hash_gostr3411 237 +# define TLSEXT_hash_gostr34112012_256 238 +# define TLSEXT_hash_gostr34112012_512 239 + +/* Total number of different digest algorithms */ + +# define TLSEXT_hash_num 10 + +/* Flag set for unrecognised algorithms */ +# define TLSEXT_nid_unknown 0x1000000 + +/* ECC curves */ + +# define TLSEXT_curve_P_256 23 +# define TLSEXT_curve_P_384 24 + +/* OpenSSL value to disable maximum fragment length extension */ +# define TLSEXT_max_fragment_length_DISABLED 0 +/* Allowed values for max fragment length extension */ +# define TLSEXT_max_fragment_length_512 1 +# define TLSEXT_max_fragment_length_1024 2 +# define TLSEXT_max_fragment_length_2048 3 +# define TLSEXT_max_fragment_length_4096 4 + +int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); +int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); + +# define TLSEXT_MAXLEN_host_name 255 + +__owur const char *SSL_get_servername(const SSL *s, const int type); +__owur int SSL_get_servername_type(const SSL *s); +/* + * SSL_export_keying_material exports a value derived from the master secret, + * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + * optional context. (Since a zero length context is allowed, the |use_context| + * flag controls whether a context is included.) It returns 1 on success and + * 0 or -1 otherwise. + */ +__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); + +/* + * SSL_export_keying_material_early exports a value derived from the + * early exporter master secret, as specified in + * https://tools.ietf.org/html/draft-ietf-tls-tls13-23. It writes + * |olen| bytes to |out| given a label and optional context. It + * returns 1 on success and 0 otherwise. + */ +__owur int SSL_export_keying_material_early(SSL *s, unsigned char *out, + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); + +int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid); +int SSL_get_signature_type_nid(const SSL *s, int *pnid); + +int SSL_get_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +int SSL_get_shared_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); + +# define SSL_set_tlsext_host_name(s,name) \ + SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,\ + (void *)name) + +# define SSL_set_tlsext_debug_callback(ssl, cb) \ + SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,\ + (void (*)(void))cb) + +# define SSL_set_tlsext_debug_arg(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0,arg) + +# define SSL_get_tlsext_status_type(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# define SSL_set_tlsext_status_type(ssl, type) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_get_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_set_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_get_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_set_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0,arg) + +# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen,arg) + +# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ + SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,\ + (void (*)(void))cb) + +# define SSL_TLSEXT_ERR_OK 0 +# define SSL_TLSEXT_ERR_ALERT_WARNING 1 +# define SSL_TLSEXT_ERR_ALERT_FATAL 2 +# define SSL_TLSEXT_ERR_NOACK 3 + +# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0,arg) + +# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_TICKET_KEYS,keylen,keys) +# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_TICKET_KEYS,keylen,keys) + +# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0,(void *)cb) +# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,\ + (void (*)(void))cb) + +# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) +# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) + +# define SSL_CTX_set_tlsext_status_type(ssl, type) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_CTX_get_tlsext_status_type(ssl) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,\ + (void (*)(void))cb) + +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_DTLSEXT_HB_ENABLED 0x01 +# define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS 0x02 +# define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS 0x04 +# define SSL_get_dtlsext_heartbeat_pending(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL) +# define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \ + SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT +# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \ + SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING +# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \ + SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS +# define SSL_TLSEXT_HB_ENABLED \ + SSL_DTLSEXT_HB_ENABLED +# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \ + SSL_DTLSEXT_HB_DONT_SEND_REQUESTS +# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \ + SSL_DTLSEXT_HB_DONT_RECV_REQUESTS +# define SSL_get_tlsext_heartbeat_pending(ssl) \ + SSL_get_dtlsext_heartbeat_pending(ssl) +# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ + SSL_set_dtlsext_heartbeat_no_requests(ssl,arg) +# endif +# endif + +/* PSK ciphersuites from 4279 */ +# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A +# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D +# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E +# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091 +# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092 +# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095 + +/* PSK ciphersuites from 5487 */ +# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 +# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256 0x030000AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB +# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC +# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF +# define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0 +# define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E + +/* AES ciphersuites from RFC3268 */ +# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 +# define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 +# define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 +# define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B +# define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C +# define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B +# define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C +# define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +# define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +# define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +# define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +# define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +# define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C +# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D +# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E +# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F +# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 +# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 +# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 +# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 +# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 +# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 +# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 +# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_CK_RSA_WITH_AES_128_CCM 0x0300C09C +# define TLS1_CK_RSA_WITH_AES_256_CCM 0x0300C09D +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM 0x0300C09E +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM 0x0300C09F +# define TLS1_CK_RSA_WITH_AES_128_CCM_8 0x0300C0A0 +# define TLS1_CK_RSA_WITH_AES_256_CCM_8 0x0300C0A1 +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8 0x0300C0A2 +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8 0x0300C0A3 +# define TLS1_CK_PSK_WITH_AES_128_CCM 0x0300C0A4 +# define TLS1_CK_PSK_WITH_AES_256_CCM 0x0300C0A5 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM 0x0300C0A6 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM 0x0300C0A7 +# define TLS1_CK_PSK_WITH_AES_128_CCM_8 0x0300C0A8 +# define TLS1_CK_PSK_WITH_AES_256_CCM_8 0x0300C0A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8 0x0300C0AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8 0x0300C0AB + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8 0x0300C0AE +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8 0x0300C0AF + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF + +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 + +# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A + +# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F + +# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 + +# define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 + +/* SRP ciphersuites from RFC 5054 */ +# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A +# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B +# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C +# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F +# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 + +/* ECDHE PSK ciphersuites from RFC5489 */ +# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA 0x0300C033 +# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300C034 +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 + +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072 +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C074 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C075 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C076 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C077 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079 + +# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094 +# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099 +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 +# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 +# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA +# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305 0x0300CCAB +# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAC +# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD +# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE + +/* TLS v1.3 ciphersuites */ +# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 +# define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 +# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 +# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 +# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050 +# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051 +# define TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C052 +# define TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C053 +# define TLS1_CK_DH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C054 +# define TLS1_CK_DH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C055 +# define TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C056 +# define TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C057 +# define TLS1_CK_DH_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C058 +# define TLS1_CK_DH_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C059 +# define TLS1_CK_DH_anon_WITH_ARIA_128_GCM_SHA256 0x0300C05A +# define TLS1_CK_DH_anon_WITH_ARIA_256_GCM_SHA384 0x0300C05B +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05C +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05D +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05E +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05F +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C060 +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C061 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C062 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C063 +# define TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06A +# define TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06B +# define TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06C +# define TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06D +# define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06E +# define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06F + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_128_SHA "TLS_DH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_WITH_AES_256_SHA "TLS_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_256_SHA "TLS_DH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_NULL_SHA256 "TLS_RSA_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_SHA256 "TLS_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_SHA256 "TLS_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_128_SHA256 "TLS_DH_anon_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_SHA256 "TLS_DH_anon_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256 "TLS_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384 "TLS_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256 "TLS_DH_anon_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384 "TLS_DH_anon_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_WITH_AES_128_CCM "TLS_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_RSA_WITH_AES_256_CCM "TLS_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM "TLS_DHE_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM "TLS_DHE_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_RSA_WITH_AES_128_CCM_8 "TLS_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_RSA_WITH_AES_256_CCM_8 "TLS_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8 "TLS_DHE_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8 "TLS_DHE_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_128_CCM "TLS_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_PSK_WITH_AES_256_CCM "TLS_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM "TLS_DHE_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM "TLS_DHE_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_PSK_WITH_AES_128_CCM_8 "TLS_PSK_WITH_AES_128_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_256_CCM_8 "TLS_PSK_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8 "TLS_PSK_DHE_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8 "TLS_PSK_DHE_WITH_AES_256_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" +# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" +# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" +# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" +# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA "TLS_ECDHE_RSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA "TLS_ECDH_anon_WITH_NULL_SHA" +# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA "TLS_PSK_WITH_NULL_SHA" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA "TLS_DHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA "TLS_RSA_PSK_WITH_NULL_SHA" +# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA "TLS_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA "TLS_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA "TLS_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256 "TLS_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384 "TLS_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256 "TLS_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384 "TLS_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA256 "TLS_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_PSK_WITH_NULL_SHA384 "TLS_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256 "TLS_DHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384 "TLS_DHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256 "TLS_RSA_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384 "TLS_RSA_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA "TLS_ECDHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256 "TLS_ECDHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384 "TLS_ECDHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305 "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_WITH_SEED_SHA "TLS_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA "TLS_DHE_DSS_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA "TLS_DHE_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ADH_WITH_SEED_SHA "TLS_DH_anon_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA "TLS_ECDHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA "TLS_ECDH_anon_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA "TLS_ECDHE_RSA_WITH_RC4_128_SHA" +# define TLS1_RFC_PSK_WITH_RC4_128_SHA "TLS_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA "TLS_RSA_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA "TLS_DHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_anon_WITH_ARIA_128_GCM_SHA256 "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_anon_WITH_ARIA_256_GCM_SHA384 "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" + + +/* + * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE + * ciphers names with "EDH" instead of "DHE". Going forward, we should be + * using DHE everywhere, though we may indefinitely maintain aliases for + * users or configurations that used "EDH" + */ +# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" + +# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA" + +/* AES ciphersuites from RFC3268 */ +# define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" +# define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" + +# define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" +# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" + +# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" +# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" +# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" + +/* PSK ciphersuites from RFC 4279 */ +# define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" +# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" + +# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA "DHE-PSK-RC4-SHA" +# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA "DHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA "DHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA "DHE-PSK-AES256-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA" +# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA" + +/* PSK ciphersuites from RFC 5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256 "DHE-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384 "DHE-PSK-AES256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384" + +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384" +# define TLS1_TXT_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256" +# define TLS1_TXT_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384" + +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256 "DHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384 "DHE-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256 "DHE-PSK-NULL-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384 "DHE-PSK-NULL-SHA384" + +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256 "RSA-PSK-NULL-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384 "RSA-PSK-NULL-SHA384" + +/* SRP ciphersuite from RFC 5054 */ +# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" + +# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384" + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +# define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +# define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" + +/* TLS v1.2 ciphersuites */ +# define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" +# define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" +# define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM" +# define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM "DHE-RSA-AES256-CCM" + +# define TLS1_TXT_RSA_WITH_AES_128_CCM_8 "AES128-CCM8" +# define TLS1_TXT_RSA_WITH_AES_256_CCM_8 "AES256-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8 "DHE-RSA-AES128-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8 "DHE-RSA-AES256-CCM8" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM "PSK-AES128-CCM" +# define TLS1_TXT_PSK_WITH_AES_256_CCM "PSK-AES256-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM "DHE-PSK-AES128-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM "DHE-PSK-AES256-CCM" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM8" +# define TLS1_TXT_PSK_WITH_AES_256_CCM_8 "PSK-AES256-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8 "DHE-PSK-AES128-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8" + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8" + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" + +/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" + +/* ECDHE PSK ciphersuites from RFC 5489 */ +# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA "ECDHE-PSK-RC4-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "ECDHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" + +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-AES256-CBC-SHA384" + +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA "ECDHE-PSK-NULL-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256 "ECDHE-PSK-NULL-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384 "ECDHE-PSK-NULL-SHA384" + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-RSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305 "PSK-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305 "ECDHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256 "ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384 "ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "DHE-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "DHE-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_ARIA_128_GCM_SHA256 "DH-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_ARIA_256_GCM_SHA384 "DH-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "DHE-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "DHE-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_ARIA_128_GCM_SHA256 "DH-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_ARIA_256_GCM_SHA384 "DH-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_anon_WITH_ARIA_128_GCM_SHA256 "ADH-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_anon_WITH_ARIA_256_GCM_SHA384 "ADH-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ARIA256-GCM-SHA384" +# define TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256 "PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384 "PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "DHE-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "DHE-PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384" + +# define TLS_CT_RSA_SIGN 1 +# define TLS_CT_DSS_SIGN 2 +# define TLS_CT_RSA_FIXED_DH 3 +# define TLS_CT_DSS_FIXED_DH 4 +# define TLS_CT_ECDSA_SIGN 64 +# define TLS_CT_RSA_FIXED_ECDH 65 +# define TLS_CT_ECDSA_FIXED_ECDH 66 +# define TLS_CT_GOST01_SIGN 22 +# define TLS_CT_GOST12_SIGN 238 +# define TLS_CT_GOST12_512_SIGN 239 + +/* + * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see + * comment there) + */ +# define TLS_CT_NUMBER 10 + +# if defined(SSL3_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +# define TLS1_FINISH_MAC_LENGTH 12 + +# define TLS_MD_MAX_CONST_SIZE 22 +# define TLS_MD_CLIENT_FINISH_CONST "client finished" +# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 +# define TLS_MD_SERVER_FINISH_CONST "server finished" +# define TLS_MD_SERVER_FINISH_CONST_SIZE 15 +# define TLS_MD_KEY_EXPANSION_CONST "key expansion" +# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 +# define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" +# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_IV_BLOCK_CONST "IV block" +# define TLS_MD_IV_BLOCK_CONST_SIZE 8 +# define TLS_MD_MASTER_SECRET_CONST "master secret" +# define TLS_MD_MASTER_SECRET_CONST_SIZE 13 +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret" +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22 + +# ifdef CHARSET_EBCDIC +# undef TLS_MD_CLIENT_FINISH_CONST +/* + * client finished + */ +# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_FINISH_CONST +/* + * server finished + */ +# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_KEY_EXPANSION_CONST +/* + * key expansion + */ +# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" + +# undef TLS_MD_CLIENT_WRITE_KEY_CONST +/* + * client write key + */ +# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_IV_BLOCK_CONST +/* + * IV block + */ +# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" + +# undef TLS_MD_MASTER_SECRET_CONST +/* + * master secret + */ +# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# undef TLS_MD_EXTENDED_MASTER_SECRET_CONST +/* + * extended master secret + */ +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# endif + +/* TLS Session Ticket extension struct */ +struct tls_session_ticket_ext_st { + unsigned short length; + void *data; +}; + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ts.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ts.h new file mode 100644 index 00000000..3b58aa52 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ts.h @@ -0,0 +1,559 @@ +/* + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TS_H +# define HEADER_TS_H + +# include + +# ifndef OPENSSL_NO_TS +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# include +# include + +typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; +typedef struct TS_req_st TS_REQ; +typedef struct TS_accuracy_st TS_ACCURACY; +typedef struct TS_tst_info_st TS_TST_INFO; + +/* Possible values for status. */ +# define TS_STATUS_GRANTED 0 +# define TS_STATUS_GRANTED_WITH_MODS 1 +# define TS_STATUS_REJECTION 2 +# define TS_STATUS_WAITING 3 +# define TS_STATUS_REVOCATION_WARNING 4 +# define TS_STATUS_REVOCATION_NOTIFICATION 5 + +/* Possible values for failure_info. */ +# define TS_INFO_BAD_ALG 0 +# define TS_INFO_BAD_REQUEST 2 +# define TS_INFO_BAD_DATA_FORMAT 5 +# define TS_INFO_TIME_NOT_AVAILABLE 14 +# define TS_INFO_UNACCEPTED_POLICY 15 +# define TS_INFO_UNACCEPTED_EXTENSION 16 +# define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +# define TS_INFO_SYSTEM_FAILURE 25 + + +typedef struct TS_status_info_st TS_STATUS_INFO; +typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; +typedef struct ESS_cert_id ESS_CERT_ID; +typedef struct ESS_signing_cert ESS_SIGNING_CERT; + +DEFINE_STACK_OF(ESS_CERT_ID) + +typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2; +typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2; + +DEFINE_STACK_OF(ESS_CERT_ID_V2) + +typedef struct TS_resp_st TS_RESP; + +TS_REQ *TS_REQ_new(void); +void TS_REQ_free(TS_REQ *a); +int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp); +TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); + +TS_REQ *TS_REQ_dup(TS_REQ *a); + +#ifndef OPENSSL_NO_STDIO +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); +int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); +#endif +TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); +int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void); +void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a); +int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, + const unsigned char **pp, long length); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); + +#ifndef OPENSSL_NO_STDIO +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); +#endif +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a); + +TS_RESP *TS_RESP_new(void); +void TS_RESP_free(TS_RESP *a); +int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp); +TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); +TS_RESP *TS_RESP_dup(TS_RESP *a); + +#ifndef OPENSSL_NO_STDIO +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); +int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); +#endif +TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a); + +TS_STATUS_INFO *TS_STATUS_INFO_new(void); +void TS_STATUS_INFO_free(TS_STATUS_INFO *a); +int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp); +TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, + const unsigned char **pp, long length); +TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a); + +TS_TST_INFO *TS_TST_INFO_new(void); +void TS_TST_INFO_free(TS_TST_INFO *a); +int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp); +TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, + long length); +TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); + +#ifndef OPENSSL_NO_STDIO +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); +#endif +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a); + +TS_ACCURACY *TS_ACCURACY_new(void); +void TS_ACCURACY_free(TS_ACCURACY *a); +int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp); +TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp, + long length); +TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a); + +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void); +void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a); +int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **pp); +ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, + const unsigned char **pp, + long length); +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a); + +ESS_CERT_ID *ESS_CERT_ID_new(void); +void ESS_CERT_ID_free(ESS_CERT_ID *a); +int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp); +ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp, + long length); +ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a); + +ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void); +void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a); +int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **pp); +ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, + const unsigned char **pp, long length); +ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); + +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void); +void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a); +int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **pp); +ESS_CERT_ID_V2 *d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a, + const unsigned char **pp, long length); +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *a); + +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void); +void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a); +int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a, unsigned char **pp); +ESS_SIGNING_CERT_V2 *d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a, + const unsigned char **pp, + long length); +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *a); + +int TS_REQ_set_version(TS_REQ *a, long version); +long TS_REQ_get_version(const TS_REQ *a); + +int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i); +const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a); + +const STACK_OF(ASN1_UTF8STRING) * +TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a); + +const ASN1_BIT_STRING * +TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a); + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); +int TS_REQ_get_cert_req(const TS_REQ *a); + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); +void TS_REQ_ext_free(TS_REQ *a); +int TS_REQ_get_ext_count(TS_REQ *a); +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); + +/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a); + +/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); +PKCS7 *TS_RESP_get_token(TS_RESP *a); +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); +long TS_TST_INFO_get_version(const TS_TST_INFO *a); + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); +void TS_TST_INFO_ext_free(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, + int lastpos); +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); + +/* + * Declarations related to response generation, defined in ts/ts_resp_sign.c. + */ + +/* Optional flags for response generation. */ + +/* Don't include the TSA name in response. */ +# define TS_TSA_NAME 0x01 + +/* Set ordering to true in response. */ +# define TS_ORDERING 0x02 + +/* + * Include the signer certificate and the other specified certificates in + * the ESS signing certificate attribute beside the PKCS7 signed data. + * Only the signer certificates is included by default. + */ +# define TS_ESS_CERT_ID_CHAIN 0x04 + +/* Forward declaration. */ +struct TS_resp_ctx; + +/* This must return a unique number less than 160 bits long. */ +typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *); + +/* + * This must return the seconds and microseconds since Jan 1, 1970 in the sec + * and usec variables allocated by the caller. Return non-zero for success + * and zero for failure. + */ +typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, + long *usec); + +/* + * This must process the given extension. It can modify the TS_TST_INFO + * object of the context. Return values: !0 (processed), 0 (error, it must + * set the status info/failure info of the response). + */ +typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, + void *); + +typedef struct TS_resp_ctx TS_RESP_CTX; + +DEFINE_STACK_OF_CONST(EVP_MD) + +/* Creates a response context that can be used for generating responses. */ +TS_RESP_CTX *TS_RESP_CTX_new(void); +void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, + const EVP_MD *signer_digest); +int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); + +/* No additional certs are included in the response by default. */ +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + +/* + * Adds a new acceptable policy, only the default policy is accepted by + * default. + */ +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); + +/* + * Adds a new acceptable message digest. Note that no message digests are + * accepted by default. The md argument is shared with the caller. + */ +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* Accuracy is not included by default. */ +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros); + +/* + * Clock precision digits, i.e. the number of decimal digits: '0' means sec, + * '3' msec, '6' usec, and so on. Default is 0. + */ +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, + unsigned clock_precision_digits); +/* At most we accept usec precision. */ +# define TS_MAX_CLOCK_PRECISION_DIGITS 6 + +/* Maximum status message length */ +# define TS_MAX_STATUS_LENGTH (1024 * 1024) + +/* No flags are set by default. */ +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); + +/* Default callback always returns a constant. */ +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); + +/* Default callback uses the gettimeofday() and gmtime() system calls. */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + +/* + * Default callback rejects all extensions. The extension callback is called + * when the TS_TST_INFO object is already set up and not signed yet. + */ +/* FIXME: extension handling is not tested yet. */ +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data); + +/* The following methods can be used in the callbacks. */ +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text); + +/* Sets the status info only if it is still TS_STATUS_GRANTED. */ +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text); + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); + +/* The get methods below can be used in the extension callback. */ +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); + +/* + * Creates the signed TS_TST_INFO and puts it in TS_RESP. + * In case of errors it sets the status info properly. + * Returns NULL only in case of memory allocation/fatal error. + */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); + +/* + * Declarations related to response verification, + * they are defined in ts/ts_resp_verify.c. + */ + +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out); + +/* Context structure for the generic verify method. */ + +/* Verify the signer's certificate and the signature of the response. */ +# define TS_VFY_SIGNATURE (1u << 0) +/* Verify the version number of the response. */ +# define TS_VFY_VERSION (1u << 1) +/* Verify if the policy supplied by the user matches the policy of the TSA. */ +# define TS_VFY_POLICY (1u << 2) +/* + * Verify the message imprint provided by the user. This flag should not be + * specified with TS_VFY_DATA. + */ +# define TS_VFY_IMPRINT (1u << 3) +/* + * Verify the message imprint computed by the verify method from the user + * provided data and the MD algorithm of the response. This flag should not + * be specified with TS_VFY_IMPRINT. + */ +# define TS_VFY_DATA (1u << 4) +/* Verify the nonce value. */ +# define TS_VFY_NONCE (1u << 5) +/* Verify if the TSA name field matches the signer certificate. */ +# define TS_VFY_SIGNER (1u << 6) +/* Verify if the TSA name field equals to the user provided name. */ +# define TS_VFY_TSA_NAME (1u << 7) + +/* You can use the following convenience constants. */ +# define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +# define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +typedef struct TS_verify_ctx TS_VERIFY_CTX; + +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + +/* + * Declarations related to response verification context, + */ +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); +int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f); +int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f); +BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b); +unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, + unsigned char *hexstr, long len); +X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s); +STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); + +/*- + * If ctx is NULL, it allocates and returns a new object, otherwise + * it returns ctx. It initialises all the members as follows: + * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) + * certs = NULL + * store = NULL + * policy = policy from the request or NULL if absent (in this case + * TS_VFY_POLICY is cleared from flags as well) + * md_alg = MD algorithm from request + * imprint, imprint_len = imprint from request + * data = NULL + * nonce, nonce_len = nonce from the request or NULL if absent (in this case + * TS_VFY_NONCE is cleared from flags as well) + * tsa_name = NULL + * Important: after calling this method TS_VFY_SIGNATURE should be added! + */ +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); + +/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a); +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); + +/* Common utility functions defined in ts/ts_lib.c */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + +/* + * Function declarations for handling configuration options, defined in + * ts/ts_conf.c + */ + +X509 *TS_CONF_load_cert(const char *file); +STACK_OF(X509) *TS_CONF_load_certs(const char *file); +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +#ifndef OPENSSL_NO_ENGINE +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device); +int TS_CONF_set_default_engine(const char *name); +#endif +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_digest(CONF *conf, const char *section, + const char *md, TS_RESP_CTX *ctx); +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); +int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, + TS_RESP_CTX *ctx); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/tserr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/tserr.h new file mode 100644 index 00000000..07f23339 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/tserr.h @@ -0,0 +1,132 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TSERR_H +# define HEADER_TSERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_TS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_TS_strings(void); + +/* + * TS function codes. + */ +# define TS_F_DEF_SERIAL_CB 110 +# define TS_F_DEF_TIME_CB 111 +# define TS_F_ESS_ADD_SIGNING_CERT 112 +# define TS_F_ESS_ADD_SIGNING_CERT_V2 147 +# define TS_F_ESS_CERT_ID_NEW_INIT 113 +# define TS_F_ESS_CERT_ID_V2_NEW_INIT 156 +# define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 +# define TS_F_ESS_SIGNING_CERT_V2_NEW_INIT 157 +# define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 +# define TS_F_PKCS7_TO_TS_TST_INFO 148 +# define TS_F_TS_ACCURACY_SET_MICROS 115 +# define TS_F_TS_ACCURACY_SET_MILLIS 116 +# define TS_F_TS_ACCURACY_SET_SECONDS 117 +# define TS_F_TS_CHECK_IMPRINTS 100 +# define TS_F_TS_CHECK_NONCES 101 +# define TS_F_TS_CHECK_POLICY 102 +# define TS_F_TS_CHECK_SIGNING_CERTS 103 +# define TS_F_TS_CHECK_STATUS_INFO 104 +# define TS_F_TS_COMPUTE_IMPRINT 145 +# define TS_F_TS_CONF_INVALID 151 +# define TS_F_TS_CONF_LOAD_CERT 153 +# define TS_F_TS_CONF_LOAD_CERTS 154 +# define TS_F_TS_CONF_LOAD_KEY 155 +# define TS_F_TS_CONF_LOOKUP_FAIL 152 +# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 +# define TS_F_TS_GET_STATUS_TEXT 105 +# define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 +# define TS_F_TS_REQ_SET_MSG_IMPRINT 119 +# define TS_F_TS_REQ_SET_NONCE 120 +# define TS_F_TS_REQ_SET_POLICY_ID 121 +# define TS_F_TS_RESP_CREATE_RESPONSE 122 +# define TS_F_TS_RESP_CREATE_TST_INFO 123 +# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 +# define TS_F_TS_RESP_CTX_ADD_MD 125 +# define TS_F_TS_RESP_CTX_ADD_POLICY 126 +# define TS_F_TS_RESP_CTX_NEW 127 +# define TS_F_TS_RESP_CTX_SET_ACCURACY 128 +# define TS_F_TS_RESP_CTX_SET_CERTS 129 +# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 +# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 +# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 +# define TS_F_TS_RESP_GET_POLICY 133 +# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 +# define TS_F_TS_RESP_SET_STATUS_INFO 135 +# define TS_F_TS_RESP_SET_TST_INFO 150 +# define TS_F_TS_RESP_SIGN 136 +# define TS_F_TS_RESP_VERIFY_SIGNATURE 106 +# define TS_F_TS_TST_INFO_SET_ACCURACY 137 +# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 +# define TS_F_TS_TST_INFO_SET_NONCE 139 +# define TS_F_TS_TST_INFO_SET_POLICY_ID 140 +# define TS_F_TS_TST_INFO_SET_SERIAL 141 +# define TS_F_TS_TST_INFO_SET_TIME 142 +# define TS_F_TS_TST_INFO_SET_TSA 143 +# define TS_F_TS_VERIFY 108 +# define TS_F_TS_VERIFY_CERT 109 +# define TS_F_TS_VERIFY_CTX_NEW 144 + +/* + * TS reason codes. + */ +# define TS_R_BAD_PKCS7_TYPE 132 +# define TS_R_BAD_TYPE 133 +# define TS_R_CANNOT_LOAD_CERT 137 +# define TS_R_CANNOT_LOAD_KEY 138 +# define TS_R_CERTIFICATE_VERIFY_ERROR 100 +# define TS_R_COULD_NOT_SET_ENGINE 127 +# define TS_R_COULD_NOT_SET_TIME 115 +# define TS_R_DETACHED_CONTENT 134 +# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +# define TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR 139 +# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +# define TS_R_INVALID_NULL_POINTER 102 +# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +# define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +# define TS_R_NONCE_MISMATCH 104 +# define TS_R_NONCE_NOT_RETURNED 105 +# define TS_R_NO_CONTENT 106 +# define TS_R_NO_TIME_STAMP_TOKEN 107 +# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +# define TS_R_POLICY_MISMATCH 108 +# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +# define TS_R_RESPONSE_SETUP_ERROR 121 +# define TS_R_SIGNATURE_FAILURE 109 +# define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +# define TS_R_TIME_SYSCALL_ERROR 122 +# define TS_R_TOKEN_NOT_PRESENT 130 +# define TS_R_TOKEN_PRESENT 131 +# define TS_R_TSA_NAME_MISMATCH 111 +# define TS_R_TSA_UNTRUSTED 112 +# define TS_R_TST_INFO_SETUP_ERROR 123 +# define TS_R_TS_DATASIGN 124 +# define TS_R_UNACCEPTABLE_POLICY 125 +# define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +# define TS_R_UNSUPPORTED_VERSION 113 +# define TS_R_VAR_BAD_VALUE 135 +# define TS_R_VAR_LOOKUP_FAILURE 136 +# define TS_R_WRONG_CONTENT_TYPE 114 + +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/txt_db.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/txt_db.h new file mode 100644 index 00000000..ec981a43 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/txt_db.h @@ -0,0 +1,57 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TXT_DB_H +# define HEADER_TXT_DB_H + +# include +# include +# include +# include + +# define DB_ERROR_OK 0 +# define DB_ERROR_MALLOC 1 +# define DB_ERROR_INDEX_CLASH 2 +# define DB_ERROR_INDEX_OUT_OF_RANGE 3 +# define DB_ERROR_NO_INDEX 4 +# define DB_ERROR_INSERT_INDEX_CLASH 5 +# define DB_ERROR_WRONG_NUM_FIELDS 6 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef OPENSSL_STRING *OPENSSL_PSTRING; +DEFINE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) + +typedef struct txt_db_st { + int num_fields; + STACK_OF(OPENSSL_PSTRING) *data; + LHASH_OF(OPENSSL_STRING) **index; + int (**qual) (OPENSSL_STRING *); + long error; + long arg1; + long arg2; + OPENSSL_STRING *arg_row; +} TXT_DB; + +TXT_DB *TXT_DB_read(BIO *in, int num); +long TXT_DB_write(BIO *out, TXT_DB *db); +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), + OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp); +void TXT_DB_free(TXT_DB *db); +OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, + OPENSSL_STRING *value); +int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ui.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ui.h new file mode 100644 index 00000000..7c721ec8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/ui.h @@ -0,0 +1,368 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_UI_H +# define HEADER_UI_H + +# include + +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# include +# include +# include + +/* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */ +# if OPENSSL_API_COMPAT < 0x10200000L +# ifdef OPENSSL_NO_UI_CONSOLE +# define OPENSSL_NO_UI +# endif +# endif + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * All the following functions return -1 or NULL on error and in some cases + * (UI_process()) -2 if interrupted or in some other way cancelled. When + * everything is fine, they return 0, a positive value or a non-NULL pointer, + * all depending on their purpose. + */ + +/* Creators and destructor. */ +UI *UI_new(void); +UI *UI_new_method(const UI_METHOD *method); +void UI_free(UI *ui); + +/*- + The following functions are used to add strings to be printed and prompt + strings to prompt for data. The names are UI_{add,dup}__string + and UI_{add,dup}_input_boolean. + + UI_{add,dup}__string have the following meanings: + add add a text or prompt string. The pointers given to these + functions are used verbatim, no copying is done. + dup make a copy of the text or prompt string, then add the copy + to the collection of strings in the user interface. + + The function is a name for the functionality that the given + string shall be used for. It can be one of: + input use the string as data prompt. + verify use the string as verification prompt. This + is used to verify a previous input. + info use the string for informational output. + error use the string for error output. + Honestly, there's currently no difference between info and error for the + moment. + + UI_{add,dup}_input_boolean have the same semantics for "add" and "dup", + and are typically used when one wants to prompt for a yes/no response. + + All of the functions in this group take a UI and a prompt string. + The string input and verify addition functions also take a flag argument, + a buffer for the result to end up with, a minimum input size and a maximum + input size (the result buffer MUST be large enough to be able to contain + the maximum number of characters). Additionally, the verify addition + functions takes another buffer to compare the result against. + The boolean input functions take an action description string (which should + be safe to ignore if the expected user action is obvious, for example with + a dialog box with an OK button and a Cancel button), a string of acceptable + characters to mean OK and to mean Cancel. The two last strings are checked + to make sure they don't have common characters. Additionally, the same + flag argument as for the string input is taken, as well as a result buffer. + The result buffer is required to be at least one byte long. Depending on + the answer, the first character from the OK or the Cancel character strings + will be stored in the first byte of the result buffer. No NUL will be + added, so the result is *not* a string. + + On success, the all return an index of the added information. That index + is useful when retrieving results with UI_get0_result(). */ +int UI_add_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_dup_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_add_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_dup_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_add_info_string(UI *ui, const char *text); +int UI_dup_info_string(UI *ui, const char *text); +int UI_add_error_string(UI *ui, const char *text); +int UI_dup_error_string(UI *ui, const char *text); + +/* These are the possible flags. They can be or'ed together. */ +/* Use to have echoing of input */ +# define UI_INPUT_FLAG_ECHO 0x01 +/* + * Use a default password. Where that password is found is completely up to + * the application, it might for example be in the user data set with + * UI_add_user_data(). It is not recommended to have more than one input in + * each UI being marked with this flag, or the application might get + * confused. + */ +# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 + +/*- + * The user of these routines may want to define flags of their own. The core + * UI won't look at those, but will pass them on to the method routines. They + * must use higher bits so they don't get confused with the UI bits above. + * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good + * example of use is this: + * + * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) + * +*/ +# define UI_INPUT_FLAG_USER_BASE 16 + +/*- + * The following function helps construct a prompt. object_desc is a + * textual short description of the object, for example "pass phrase", + * and object_name is the name of the object (might be a card name or + * a file name. + * The returned string shall always be allocated on the heap with + * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). + * + * If the ui_method doesn't contain a pointer to a user-defined prompt + * constructor, a default string is built, looking like this: + * + * "Enter {object_desc} for {object_name}:" + * + * So, if object_desc has the value "pass phrase" and object_name has + * the value "foo.key", the resulting string is: + * + * "Enter pass phrase for foo.key:" +*/ +char *UI_construct_prompt(UI *ui_method, + const char *object_desc, const char *object_name); + +/* + * The following function is used to store a pointer to user-specific data. + * Any previous such pointer will be returned and replaced. + * + * For callback purposes, this function makes a lot more sense than using + * ex_data, since the latter requires that different parts of OpenSSL or + * applications share the same ex_data index. + * + * Note that the UI_OpenSSL() method completely ignores the user data. Other + * methods may not, however. + */ +void *UI_add_user_data(UI *ui, void *user_data); +/* + * Alternatively, this function is used to duplicate the user data. + * This uses the duplicator method function. The destroy function will + * be used to free the user data in this case. + */ +int UI_dup_user_data(UI *ui, void *user_data); +/* We need a user data retrieving function as well. */ +void *UI_get0_user_data(UI *ui); + +/* Return the result associated with a prompt given with the index i. */ +const char *UI_get0_result(UI *ui, int i); +int UI_get_result_length(UI *ui, int i); + +/* When all strings have been added, process the whole thing. */ +int UI_process(UI *ui); + +/* + * Give a user interface parameterised control commands. This can be used to + * send down an integer, a data pointer or a function pointer, as well as be + * used to get information from a UI. + */ +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); + +/* The commands */ +/* + * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the + * OpenSSL error stack before printing any info or added error messages and + * before any prompting. + */ +# define UI_CTRL_PRINT_ERRORS 1 +/* + * Check if a UI_process() is possible to do again with the same instance of + * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 + * if not. + */ +# define UI_CTRL_IS_REDOABLE 2 + +/* Some methods may use extra data */ +# define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) +# define UI_get_app_data(s) UI_get_ex_data(s,0) + +# define UI_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) +int UI_set_ex_data(UI *r, int idx, void *arg); +void *UI_get_ex_data(UI *r, int idx); + +/* Use specific methods instead of the built-in one */ +void UI_set_default_method(const UI_METHOD *meth); +const UI_METHOD *UI_get_default_method(void); +const UI_METHOD *UI_get_method(UI *ui); +const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); + +# ifndef OPENSSL_NO_UI_CONSOLE + +/* The method with all the built-in thingies */ +UI_METHOD *UI_OpenSSL(void); + +# endif + +/* + * NULL method. Literally does nothing, but may serve as a placeholder + * to avoid internal default. + */ +const UI_METHOD *UI_null(void); + +/* ---------- For method writers ---------- */ +/*- + A method contains a number of functions that implement the low level + of the User Interface. The functions are: + + an opener This function starts a session, maybe by opening + a channel to a tty, or by opening a window. + a writer This function is called to write a given string, + maybe to the tty, maybe as a field label in a + window. + a flusher This function is called to flush everything that + has been output so far. It can be used to actually + display a dialog box after it has been built. + a reader This function is called to read a given prompt, + maybe from the tty, maybe from a field in a + window. Note that it's called with all string + structures, not only the prompt ones, so it must + check such things itself. + a closer This function closes the session, maybe by closing + the channel to the tty, or closing the window. + + All these functions are expected to return: + + 0 on error. + 1 on success. + -1 on out-of-band events, for example if some prompting has + been canceled (by pressing Ctrl-C, for example). This is + only checked when returned by the flusher or the reader. + + The way this is used, the opener is first called, then the writer for all + strings, then the flusher, then the reader for all strings and finally the + closer. Note that if you want to prompt from a terminal or other command + line interface, the best is to have the reader also write the prompts + instead of having the writer do it. If you want to prompt from a dialog + box, the writer can be used to build up the contents of the box, and the + flusher to actually display the box and run the event loop until all data + has been given, after which the reader only grabs the given data and puts + them back into the UI strings. + + All method functions take a UI as argument. Additionally, the writer and + the reader take a UI_STRING. +*/ + +/* + * The UI_STRING type is the data structure that contains all the needed info + * about a string or a prompt, including test data for a verification prompt. + */ +typedef struct ui_string_st UI_STRING; +DEFINE_STACK_OF(UI_STRING) + +/* + * The different types of strings that are currently supported. This is only + * needed by method authors. + */ +enum UI_string_types { + UIT_NONE = 0, + UIT_PROMPT, /* Prompt for a string */ + UIT_VERIFY, /* Prompt for a string and verify */ + UIT_BOOLEAN, /* Prompt for a yes/no response */ + UIT_INFO, /* Send info to the user */ + UIT_ERROR /* Send an error message to the user */ +}; + +/* Create and manipulate methods */ +UI_METHOD *UI_create_method(const char *name); +void UI_destroy_method(UI_METHOD *ui_method); +int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +int UI_method_set_writer(UI_METHOD *method, + int (*writer) (UI *ui, UI_STRING *uis)); +int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); +int UI_method_set_reader(UI_METHOD *method, + int (*reader) (UI *ui, UI_STRING *uis)); +int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +int UI_method_set_data_duplicator(UI_METHOD *method, + void *(*duplicator) (UI *ui, void *ui_data), + void (*destructor)(UI *ui, void *ui_data)); +int UI_method_set_prompt_constructor(UI_METHOD *method, + char *(*prompt_constructor) (UI *ui, + const char + *object_desc, + const char + *object_name)); +int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); +int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); +int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); +int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); +char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) + (UI *, const char *, const char *); +void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); +void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); + +/* + * The following functions are helpers for method writers to access relevant + * data from a UI_STRING. + */ + +/* Return type of the UI_STRING */ +enum UI_string_types UI_get_string_type(UI_STRING *uis); +/* Return input flags of the UI_STRING */ +int UI_get_input_flags(UI_STRING *uis); +/* Return the actual string to output (the prompt, info or error) */ +const char *UI_get0_output_string(UI_STRING *uis); +/* + * Return the optional action string to output (the boolean prompt + * instruction) + */ +const char *UI_get0_action_string(UI_STRING *uis); +/* Return the result of a prompt */ +const char *UI_get0_result_string(UI_STRING *uis); +int UI_get_result_string_length(UI_STRING *uis); +/* + * Return the string to test the result against. Only useful with verifies. + */ +const char *UI_get0_test_string(UI_STRING *uis); +/* Return the required minimum size of the result */ +int UI_get_result_minsize(UI_STRING *uis); +/* Return the required maximum size of the result */ +int UI_get_result_maxsize(UI_STRING *uis); +/* Set the result of a UI_STRING. */ +int UI_set_result(UI *ui, UI_STRING *uis, const char *result); +int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); + +/* A couple of popular utility functions */ +int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, + int verify); +int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, + int verify); +UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/uierr.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/uierr.h new file mode 100644 index 00000000..bd68864d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/uierr.h @@ -0,0 +1,65 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_UIERR_H +# define HEADER_UIERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_UI_strings(void); + +/* + * UI function codes. + */ +# define UI_F_CLOSE_CONSOLE 115 +# define UI_F_ECHO_CONSOLE 116 +# define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 +# define UI_F_GENERAL_ALLOCATE_PROMPT 109 +# define UI_F_NOECHO_CONSOLE 117 +# define UI_F_OPEN_CONSOLE 114 +# define UI_F_UI_CONSTRUCT_PROMPT 121 +# define UI_F_UI_CREATE_METHOD 112 +# define UI_F_UI_CTRL 111 +# define UI_F_UI_DUP_ERROR_STRING 101 +# define UI_F_UI_DUP_INFO_STRING 102 +# define UI_F_UI_DUP_INPUT_BOOLEAN 110 +# define UI_F_UI_DUP_INPUT_STRING 103 +# define UI_F_UI_DUP_USER_DATA 118 +# define UI_F_UI_DUP_VERIFY_STRING 106 +# define UI_F_UI_GET0_RESULT 107 +# define UI_F_UI_GET_RESULT_LENGTH 119 +# define UI_F_UI_NEW_METHOD 104 +# define UI_F_UI_PROCESS 113 +# define UI_F_UI_SET_RESULT 105 +# define UI_F_UI_SET_RESULT_EX 120 + +/* + * UI reason codes. + */ +# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 +# define UI_R_INDEX_TOO_LARGE 102 +# define UI_R_INDEX_TOO_SMALL 103 +# define UI_R_NO_RESULT_BUFFER 105 +# define UI_R_PROCESSING_ERROR 107 +# define UI_R_RESULT_TOO_LARGE 100 +# define UI_R_RESULT_TOO_SMALL 101 +# define UI_R_SYSASSIGN_ERROR 109 +# define UI_R_SYSDASSGN_ERROR 110 +# define UI_R_SYSQIOW_ERROR 111 +# define UI_R_UNKNOWN_CONTROL_COMMAND 106 +# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE 108 +# define UI_R_USER_DATA_DUPLICATION_UNSUPPORTED 112 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/whrlpool.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/whrlpool.h new file mode 100644 index 00000000..20ea3503 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/whrlpool.h @@ -0,0 +1,48 @@ +/* + * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_WHRLPOOL_H +# define HEADER_WHRLPOOL_H + +#include + +# ifndef OPENSSL_NO_WHIRLPOOL +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define WHIRLPOOL_DIGEST_LENGTH (512/8) +# define WHIRLPOOL_BBLOCK 512 +# define WHIRLPOOL_COUNTER (256/8) + +typedef struct { + union { + unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; + /* double q is here to ensure 64-bit alignment */ + double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)]; + } H; + unsigned char data[WHIRLPOOL_BBLOCK / 8]; + unsigned int bitoff; + size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; +} WHIRLPOOL_CTX; + +int WHIRLPOOL_Init(WHIRLPOOL_CTX *c); +int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes); +void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits); +int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c); +unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/x509.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/x509.h new file mode 100644 index 00000000..39ca0ba5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/x509.h @@ -0,0 +1,1047 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509_H +# define HEADER_X509_H + +# include +# include +# include +# include +# include +# include +# include +# include +# include + +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# include +# include +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + + +/* Flags for X509_get_signature_info() */ +/* Signature info is valid */ +# define X509_SIG_INFO_VALID 0x1 +/* Signature is suitable for TLS use */ +# define X509_SIG_INFO_TLS 0x2 + +# define X509_FILETYPE_PEM 1 +# define X509_FILETYPE_ASN1 2 +# define X509_FILETYPE_DEFAULT 3 + +# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +# define X509v3_KU_NON_REPUDIATION 0x0040 +# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +# define X509v3_KU_KEY_AGREEMENT 0x0008 +# define X509v3_KU_KEY_CERT_SIGN 0x0004 +# define X509v3_KU_CRL_SIGN 0x0002 +# define X509v3_KU_ENCIPHER_ONLY 0x0001 +# define X509v3_KU_DECIPHER_ONLY 0x8000 +# define X509v3_KU_UNDEF 0xffff + +struct X509_algor_st { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameter; +} /* X509_ALGOR */ ; + +typedef STACK_OF(X509_ALGOR) X509_ALGORS; + +typedef struct X509_val_st { + ASN1_TIME *notBefore; + ASN1_TIME *notAfter; +} X509_VAL; + +typedef struct X509_sig_st X509_SIG; + +typedef struct X509_name_entry_st X509_NAME_ENTRY; + +DEFINE_STACK_OF(X509_NAME_ENTRY) + +DEFINE_STACK_OF(X509_NAME) + +# define X509_EX_V_NETSCAPE_HACK 0x8000 +# define X509_EX_V_INIT 0x0001 +typedef struct X509_extension_st X509_EXTENSION; + +typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + +DEFINE_STACK_OF(X509_EXTENSION) + +typedef struct x509_attributes_st X509_ATTRIBUTE; + +DEFINE_STACK_OF(X509_ATTRIBUTE) + +typedef struct X509_req_info_st X509_REQ_INFO; + +typedef struct X509_req_st X509_REQ; + +typedef struct x509_cert_aux_st X509_CERT_AUX; + +typedef struct x509_cinf_st X509_CINF; + +DEFINE_STACK_OF(X509) + +/* This is used for a table of trust checking functions */ + +typedef struct x509_trust_st { + int trust; + int flags; + int (*check_trust) (struct x509_trust_st *, X509 *, int); + char *name; + int arg1; + void *arg2; +} X509_TRUST; + +DEFINE_STACK_OF(X509_TRUST) + +/* standard trust ids */ + +# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ + +# define X509_TRUST_COMPAT 1 +# define X509_TRUST_SSL_CLIENT 2 +# define X509_TRUST_SSL_SERVER 3 +# define X509_TRUST_EMAIL 4 +# define X509_TRUST_OBJECT_SIGN 5 +# define X509_TRUST_OCSP_SIGN 6 +# define X509_TRUST_OCSP_REQUEST 7 +# define X509_TRUST_TSA 8 + +/* Keep these up to date! */ +# define X509_TRUST_MIN 1 +# define X509_TRUST_MAX 8 + +/* trust_flags values */ +# define X509_TRUST_DYNAMIC (1U << 0) +# define X509_TRUST_DYNAMIC_NAME (1U << 1) +/* No compat trust if self-signed, preempts "DO_SS" */ +# define X509_TRUST_NO_SS_COMPAT (1U << 2) +/* Compat trust if no explicit accepted trust EKUs */ +# define X509_TRUST_DO_SS_COMPAT (1U << 3) +/* Accept "anyEKU" as a wildcard trust OID */ +# define X509_TRUST_OK_ANY_EKU (1U << 4) + +/* check_trust return codes */ + +# define X509_TRUST_TRUSTED 1 +# define X509_TRUST_REJECTED 2 +# define X509_TRUST_UNTRUSTED 3 + +/* Flags for X509_print_ex() */ + +# define X509_FLAG_COMPAT 0 +# define X509_FLAG_NO_HEADER 1L +# define X509_FLAG_NO_VERSION (1L << 1) +# define X509_FLAG_NO_SERIAL (1L << 2) +# define X509_FLAG_NO_SIGNAME (1L << 3) +# define X509_FLAG_NO_ISSUER (1L << 4) +# define X509_FLAG_NO_VALIDITY (1L << 5) +# define X509_FLAG_NO_SUBJECT (1L << 6) +# define X509_FLAG_NO_PUBKEY (1L << 7) +# define X509_FLAG_NO_EXTENSIONS (1L << 8) +# define X509_FLAG_NO_SIGDUMP (1L << 9) +# define X509_FLAG_NO_AUX (1L << 10) +# define X509_FLAG_NO_ATTRIBUTES (1L << 11) +# define X509_FLAG_NO_IDS (1L << 12) + +/* Flags specific to X509_NAME_print_ex() */ + +/* The field separator information */ + +# define XN_FLAG_SEP_MASK (0xf << 16) + +# define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */ +# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ +# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ +# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ +# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */ + +# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */ + +/* How the field name is shown */ + +# define XN_FLAG_FN_MASK (0x3 << 21) + +# define XN_FLAG_FN_SN 0/* Object short name */ +# define XN_FLAG_FN_LN (1 << 21)/* Object long name */ +# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */ +# define XN_FLAG_FN_NONE (3 << 21)/* No field names */ + +# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */ + +/* + * This determines if we dump fields we don't recognise: RFC2253 requires + * this. + */ + +# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) + +# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20 + * characters */ + +/* Complete set of RFC2253 flags */ + +# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ + XN_FLAG_SEP_COMMA_PLUS | \ + XN_FLAG_DN_REV | \ + XN_FLAG_FN_SN | \ + XN_FLAG_DUMP_UNKNOWN_FIELDS) + +/* readable oneline form */ + +# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + XN_FLAG_SEP_CPLUS_SPC | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_SN) + +/* readable multiline form */ + +# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + XN_FLAG_SEP_MULTILINE | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_LN | \ + XN_FLAG_FN_ALIGN) + +DEFINE_STACK_OF(X509_REVOKED) + +typedef struct X509_crl_info_st X509_CRL_INFO; + +DEFINE_STACK_OF(X509_CRL) + +typedef struct private_key_st { + int version; + /* The PKCS#8 data types */ + X509_ALGOR *enc_algor; + ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ + /* When decrypted, the following will not be NULL */ + EVP_PKEY *dec_pkey; + /* used to encrypt and decrypt */ + int key_length; + char *key_data; + int key_free; /* true if we should auto free key_data */ + /* expanded version of 'enc_algor' */ + EVP_CIPHER_INFO cipher; +} X509_PKEY; + +typedef struct X509_info_st { + X509 *x509; + X509_CRL *crl; + X509_PKEY *x_pkey; + EVP_CIPHER_INFO enc_cipher; + int enc_len; + char *enc_data; +} X509_INFO; + +DEFINE_STACK_OF(X509_INFO) + +/* + * The next 2 structures and their 8 routines are used to manipulate Netscape's + * spki structures - useful if you are writing a CA web page + */ +typedef struct Netscape_spkac_st { + X509_PUBKEY *pubkey; + ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ +} NETSCAPE_SPKAC; + +typedef struct Netscape_spki_st { + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ + X509_ALGOR sig_algor; + ASN1_BIT_STRING *signature; +} NETSCAPE_SPKI; + +/* Netscape certificate sequence structure */ +typedef struct Netscape_certificate_sequence { + ASN1_OBJECT *type; + STACK_OF(X509) *certs; +} NETSCAPE_CERT_SEQUENCE; + +/*- Unused (and iv length is wrong) +typedef struct CBCParameter_st + { + unsigned char iv[8]; + } CBC_PARAM; +*/ + +/* Password based encryption structure */ + +typedef struct PBEPARAM_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; +} PBEPARAM; + +/* Password based encryption V2 structures */ + +typedef struct PBE2PARAM_st { + X509_ALGOR *keyfunc; + X509_ALGOR *encryption; +} PBE2PARAM; + +typedef struct PBKDF2PARAM_st { +/* Usually OCTET STRING but could be anything */ + ASN1_TYPE *salt; + ASN1_INTEGER *iter; + ASN1_INTEGER *keylength; + X509_ALGOR *prf; +} PBKDF2PARAM; + +#ifndef OPENSSL_NO_SCRYPT +typedef struct SCRYPT_PARAMS_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *costParameter; + ASN1_INTEGER *blockSize; + ASN1_INTEGER *parallelizationParameter; + ASN1_INTEGER *keyLength; +} SCRYPT_PARAMS; +#endif + +#ifdef __cplusplus +} +#endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define X509_EXT_PACK_UNKNOWN 1 +# define X509_EXT_PACK_STRING 2 + +# define X509_extract_key(x) X509_get_pubkey(x)/*****/ +# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) + +void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); +X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), + int (*crl_free) (X509_CRL *crl), + int (*crl_lookup) (X509_CRL *crl, + X509_REVOKED **ret, + ASN1_INTEGER *ser, + X509_NAME *issuer), + int (*crl_verify) (X509_CRL *crl, + EVP_PKEY *pk)); +void X509_CRL_METHOD_free(X509_CRL_METHOD *m); + +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); +void *X509_CRL_get_meth_data(X509_CRL *crl); + +const char *X509_verify_cert_error_string(long n); + +int X509_verify(X509 *a, EVP_PKEY *r); + +int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); + +NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len); +char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); +EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); +int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + +int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); + +int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); +int X509_signature_print(BIO *bp, const X509_ALGOR *alg, + const ASN1_STRING *sig); + +int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +# ifndef OPENSSL_NO_OCSP +int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert); +# endif +int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +# ifndef OPENSSL_NO_OCSP +int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl); +# endif +int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); + +int X509_pubkey_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); + +# ifndef OPENSSL_NO_STDIO +X509 *d2i_X509_fp(FILE *fp, X509 **x509); +int i2d_X509_fp(FILE *fp, X509 *x509); +X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); +int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl); +X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); +int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa); +RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa); +RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); +int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); +int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); +DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); +int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); +int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); +int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); +int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); +int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); +int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +# endif + +X509 *d2i_X509_bio(BIO *bp, X509 **x509); +int i2d_X509_bio(BIO *bp, X509 *x509); +X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); +int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl); +X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); +int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa); +RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa); +RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); +int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); +int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); +DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); +int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); +int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); +int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); +int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); +int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); + +X509 *X509_dup(X509 *x509); +X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); +X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); +X509_CRL *X509_CRL_dup(X509_CRL *crl); +X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev); +X509_REQ *X509_REQ_dup(X509_REQ *req); +X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, + void *pval); +void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, + const void **ppval, const X509_ALGOR *algor); +void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); + +X509_NAME *X509_NAME_dup(X509_NAME *xn); +X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); + +int X509_cmp_time(const ASN1_TIME *s, time_t *t); +int X509_cmp_current_time(const ASN1_TIME *s); +ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, + int offset_day, long offset_sec, time_t *t); +ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); + +const char *X509_get_default_cert_area(void); +const char *X509_get_default_cert_dir(void); +const char *X509_get_default_cert_file(void); +const char *X509_get_default_cert_dir_env(void); +const char *X509_get_default_cert_file_env(void); +const char *X509_get_default_private_dir(void); + +X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey); + +DECLARE_ASN1_FUNCTIONS(X509_ALGOR) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) +DECLARE_ASN1_FUNCTIONS(X509_VAL) + +DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) + +int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); +EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); +long X509_get_pathlen(X509 *x); +int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); +EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); +# ifndef OPENSSL_NO_RSA +int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); +RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length); +# endif +# ifndef OPENSSL_NO_DSA +int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp); +DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); +# endif +# ifndef OPENSSL_NO_EC +int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); +EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length); +# endif + +DECLARE_ASN1_FUNCTIONS(X509_SIG) +void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, + const ASN1_OCTET_STRING **pdigest); +void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest); + +DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) +DECLARE_ASN1_FUNCTIONS(X509_REQ) + +DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) +X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); + +DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) + +DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) + +DECLARE_ASN1_FUNCTIONS(X509_NAME) + +int X509_NAME_set(X509_NAME **xn, X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(X509_CINF) + +DECLARE_ASN1_FUNCTIONS(X509) +DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) + +#define X509_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) +int X509_set_ex_data(X509 *r, int idx, void *arg); +void *X509_get_ex_data(X509 *r, int idx); +int i2d_X509_AUX(X509 *a, unsigned char **pp); +X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); + +int i2d_re_X509_tbs(X509 *x, unsigned char **pp); + +int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, + int *secbits, uint32_t *flags); +void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, + int secbits, uint32_t flags); + +int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, + uint32_t *flags); + +void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x); +int X509_get_signature_nid(const X509 *x); + +int X509_trusted(const X509 *x); +int X509_alias_set1(X509 *x, const unsigned char *name, int len); +int X509_keyid_set1(X509 *x, const unsigned char *id, int len); +unsigned char *X509_alias_get0(X509 *x, int *len); +unsigned char *X509_keyid_get0(X509 *x, int *len); +int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, + int); +int X509_TRUST_set(int *t, int trust); +int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj); +void X509_trust_clear(X509 *x); +void X509_reject_clear(X509 *x); + +STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x); +STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x); + +DECLARE_ASN1_FUNCTIONS(X509_REVOKED) +DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) +DECLARE_ASN1_FUNCTIONS(X509_CRL) + +int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial); +int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); + +X509_PKEY *X509_PKEY_new(void); +void X509_PKEY_free(X509_PKEY *a); + +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) + +X509_INFO *X509_INFO_new(void); +void X509_INFO_free(X509_INFO *a); +char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); + +int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); + +int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, + unsigned char *md, unsigned int *len); + +int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + char *data, EVP_PKEY *pkey, const EVP_MD *type); + +int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, + unsigned char *md, unsigned int *len); + +int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey); + +int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data, + EVP_PKEY *pkey, const EVP_MD *type); +int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + void *asn, EVP_MD_CTX *ctx); + +long X509_get_version(const X509 *x); +int X509_set_version(X509 *x, long version); +int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +ASN1_INTEGER *X509_get_serialNumber(X509 *x); +const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); +int X509_set_issuer_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_issuer_name(const X509 *a); +int X509_set_subject_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_subject_name(const X509 *a); +const ASN1_TIME * X509_get0_notBefore(const X509 *x); +ASN1_TIME *X509_getm_notBefore(const X509 *x); +int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +const ASN1_TIME *X509_get0_notAfter(const X509 *x); +ASN1_TIME *X509_getm_notAfter(const X509 *x); +int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +int X509_up_ref(X509 *x); +int X509_get_signature_type(const X509 *x); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_get_notBefore X509_getm_notBefore +# define X509_get_notAfter X509_getm_notAfter +# define X509_set_notBefore X509_set1_notBefore +# define X509_set_notAfter X509_set1_notAfter +#endif + + +/* + * This one is only used so that a binary form can output, as in + * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) + */ +X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); +const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, + const ASN1_BIT_STRING **psuid); +const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); + +EVP_PKEY *X509_get0_pubkey(const X509 *x); +EVP_PKEY *X509_get_pubkey(X509 *x); +ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); +int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey); + +long X509_REQ_get_version(const X509_REQ *req); +int X509_REQ_set_version(X509_REQ *x, long version); +X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); +int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +int X509_REQ_get_signature_nid(const X509_REQ *req); +int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); +int X509_REQ_extension_nid(int nid); +int *X509_REQ_get_extension_nids(void); +void X509_REQ_set_extension_nids(int *nids); +STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid); +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); +int X509_REQ_get_attr_count(const X509_REQ *req); +int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); +int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); +X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); +int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); +int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_NID(X509_REQ *req, + int nid, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_txt(X509_REQ *req, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_CRL_set_version(X509_CRL *x, long version); +int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_sort(X509_CRL *crl); +int X509_CRL_up_ref(X509_CRL *crl); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate +# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate +#endif + +long X509_CRL_get_version(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)) +DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)) +X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +int X509_CRL_get_signature_nid(const X509_CRL *crl); +int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); + +const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); +int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x); +int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +const STACK_OF(X509_EXTENSION) * +X509_REVOKED_get0_extensions(const X509_REVOKED *r); + +X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, + EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); + +int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); + +int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); +int X509_chain_check_suiteb(int *perror_depth, + X509 *x, STACK_OF(X509) *chain, + unsigned long flags); +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); + +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_and_serial_hash(X509 *a); + +int X509_issuer_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_name_hash(X509 *a); + +int X509_subject_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_subject_name_hash(X509 *x); + +# ifndef OPENSSL_NO_MD5 +unsigned long X509_issuer_name_hash_old(X509 *a); +unsigned long X509_subject_name_hash_old(X509 *x); +# endif + +int X509_cmp(const X509 *a, const X509 *b); +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +unsigned long X509_NAME_hash(X509_NAME *x); +unsigned long X509_NAME_hash_old(X509_NAME *x); + +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +int X509_aux_print(BIO *out, X509 *x, int indent); +# ifndef OPENSSL_NO_STDIO +int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print_fp(FILE *bp, X509 *x); +int X509_CRL_print_fp(FILE *bp, X509_CRL *x); +int X509_REQ_print_fp(FILE *bp, X509_REQ *req); +int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, + unsigned long flags); +# endif + +int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, + unsigned long flags); +int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print(BIO *bp, X509 *x); +int X509_ocspid_print(BIO *bp, X509 *x); +int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag); +int X509_CRL_print(BIO *bp, X509_CRL *x); +int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, + unsigned long cflag); +int X509_REQ_print(BIO *bp, X509_REQ *req); + +int X509_NAME_entry_count(const X509_NAME *name); +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + char *buf, int len); + +/* + * NOTE: you should be passing -1, not 0 as lastpos. The functions that use + * lastpos, search after that position on. + */ +int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); +int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + int lastpos); +X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, + int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len, int loc, + int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, + const char *field, int type, + const unsigned char *bytes, + int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, + int type, + const unsigned char *bytes, + int len); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, + int len); +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + const unsigned char *bytes, int len); +ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); + +int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, + size_t *pderlen); + +int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, + int nid, int lastpos); +int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, + const ASN1_OBJECT *obj, int lastpos); +int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, + int crit, int lastpos); +X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, + X509_EXTENSION *ex, int loc); + +int X509_get_ext_count(const X509 *x); +int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); +int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +X509_EXTENSION *X509_get_ext(const X509 *x, int loc); +X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); +int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_CRL_get_ext_count(const X509_CRL *x); +int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); +X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); +X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); +int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); +int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, + int lastpos); +X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); +X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, + int *idx); +int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, + unsigned long flags); + +X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, + ASN1_OCTET_STRING *data); +X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, + const ASN1_OBJECT *obj, int crit, + ASN1_OCTET_STRING *data); +int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); +int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); +ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); +ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); + +int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); +int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos); +int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); +X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) + **x, const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) + **x, int nid, int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) + **x, const char *attrname, + int type, + const unsigned char *bytes, + int len); +void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, + const ASN1_OBJECT *obj, int lastpos, int type); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, + const ASN1_OBJECT *obj, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, + const char *atrname, int type, + const unsigned char *bytes, + int len); +int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); +int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + const void *data, int len); +void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, + void *data); +int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); +ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); +ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + +int EVP_PKEY_get_attr_count(const EVP_PKEY *key); +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_verify_cert(X509_STORE_CTX *ctx); + +/* lookup a cert from a X509 STACK */ +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, + ASN1_INTEGER *serial); +X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(PBEPARAM) +DECLARE_ASN1_FUNCTIONS(PBE2PARAM) +DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) +#ifndef OPENSSL_NO_SCRYPT +DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS) +#endif + +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen); + +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + const unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); + +#ifndef OPENSSL_NO_SCRYPT +X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, + const unsigned char *salt, int saltlen, + unsigned char *aiv, uint64_t N, uint64_t r, + uint64_t p); +#endif + +X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen); + +/* PKCS#8 utilities */ + +DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) + +EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); + +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, + int version, int ptype, void *pval, + unsigned char *penc, int penclen); +int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); + +const STACK_OF(X509_ATTRIBUTE) * +PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); +int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, + const unsigned char *bytes, int len); + +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, + int ptype, void *pval, + unsigned char *penc, int penclen); +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, X509_PUBKEY *pub); + +int X509_check_trust(X509 *x, int id, int flags); +int X509_TRUST_get_count(void); +X509_TRUST *X509_TRUST_get0(int idx); +int X509_TRUST_get_by_id(int id); +int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), + const char *name, int arg1, void *arg2); +void X509_TRUST_cleanup(void); +int X509_TRUST_get_flags(const X509_TRUST *xp); +char *X509_TRUST_get0_name(const X509_TRUST *xp); +int X509_TRUST_get_trust(const X509_TRUST *xp); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/x509_vfy.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/x509_vfy.h new file mode 100644 index 00000000..adb8bce7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/x509_vfy.h @@ -0,0 +1,628 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509_VFY_H +# define HEADER_X509_VFY_H + +/* + * Protect against recursion, x509.h and x509_vfy.h each include the other. + */ +# ifndef HEADER_X509_H +# include +# endif + +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- +SSL_CTX -> X509_STORE + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + +SSL -> X509_STORE_CTX + ->X509_STORE + +The X509_STORE holds the tables etc for verification stuff. +A X509_STORE_CTX is used while validating a single certificate. +The X509_STORE has X509_LOOKUPs for looking up certs. +The X509_STORE then calls a function to actually verify the +certificate chain. +*/ + +typedef enum { + X509_LU_NONE = 0, + X509_LU_X509, X509_LU_CRL +} X509_LOOKUP_TYPE; + +#if OPENSSL_API_COMPAT < 0x10100000L +#define X509_LU_RETRY -1 +#define X509_LU_FAIL 0 +#endif + +DEFINE_STACK_OF(X509_LOOKUP) +DEFINE_STACK_OF(X509_OBJECT) +DEFINE_STACK_OF(X509_VERIFY_PARAM) + +int X509_STORE_set_depth(X509_STORE *store, int depth); + +typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); +typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, + X509_STORE_CTX *ctx, X509 *x); +typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, + X509 *x, X509 *issuer); +typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); +typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL **crl, X509 *x); +typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); +typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL *crl, X509 *x); +typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); +typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, + X509_NAME *nm); +typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, + X509_NAME *nm); +typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); + + +void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + +# define X509_STORE_CTX_set_app_data(ctx,data) \ + X509_STORE_CTX_set_ex_data(ctx,0,data) +# define X509_STORE_CTX_get_app_data(ctx) \ + X509_STORE_CTX_get_ex_data(ctx,0) + +# define X509_L_FILE_LOAD 1 +# define X509_L_ADD_DIR 2 + +# define X509_LOOKUP_load_file(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) + +# define X509_LOOKUP_add_dir(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) + +# define X509_V_OK 0 +# define X509_V_ERR_UNSPECIFIED 1 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +# define X509_V_ERR_UNABLE_TO_GET_CRL 3 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +# define X509_V_ERR_CERT_NOT_YET_VALID 9 +# define X509_V_ERR_CERT_HAS_EXPIRED 10 +# define X509_V_ERR_CRL_NOT_YET_VALID 11 +# define X509_V_ERR_CRL_HAS_EXPIRED 12 +# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +# define X509_V_ERR_OUT_OF_MEM 17 +# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +# define X509_V_ERR_CERT_REVOKED 23 +# define X509_V_ERR_INVALID_CA 24 +# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +# define X509_V_ERR_INVALID_PURPOSE 26 +# define X509_V_ERR_CERT_UNTRUSTED 27 +# define X509_V_ERR_CERT_REJECTED 28 +/* These are 'informational' when looking for issuer cert */ +# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +# define X509_V_ERR_AKID_SKID_MISMATCH 30 +# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 +# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +# define X509_V_ERR_INVALID_NON_CA 37 +# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 +# define X509_V_ERR_INVALID_EXTENSION 41 +# define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +# define X509_V_ERR_NO_EXPLICIT_POLICY 43 +# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 +# define X509_V_ERR_UNNESTED_RESOURCE 46 +# define X509_V_ERR_PERMITTED_VIOLATION 47 +# define X509_V_ERR_EXCLUDED_VIOLATION 48 +# define X509_V_ERR_SUBTREE_MINMAX 49 +/* The application is not happy */ +# define X509_V_ERR_APPLICATION_VERIFICATION 50 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 +/* Another issuer check debug option */ +# define X509_V_ERR_PATH_LOOP 55 +/* Suite B mode algorithm violation */ +# define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +# define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 +/* Host, email and IP check errors */ +# define X509_V_ERR_HOSTNAME_MISMATCH 62 +# define X509_V_ERR_EMAIL_MISMATCH 63 +# define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +/* DANE TLSA errors */ +# define X509_V_ERR_DANE_NO_MATCH 65 +/* security level errors */ +# define X509_V_ERR_EE_KEY_TOO_SMALL 66 +# define X509_V_ERR_CA_KEY_TOO_SMALL 67 +# define X509_V_ERR_CA_MD_TOO_WEAK 68 +/* Caller error */ +# define X509_V_ERR_INVALID_CALL 69 +/* Issuer lookup error */ +# define X509_V_ERR_STORE_LOOKUP 70 +/* Certificate transparency */ +# define X509_V_ERR_NO_VALID_SCTS 71 + +# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +/* OCSP status errors */ +# define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ +# define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ +# define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ + +/* Certificate verify flags */ + +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ +# endif +/* Use check time instead of current time */ +# define X509_V_FLAG_USE_CHECK_TIME 0x2 +/* Lookup CRLs */ +# define X509_V_FLAG_CRL_CHECK 0x4 +/* Lookup CRLs for whole chain */ +# define X509_V_FLAG_CRL_CHECK_ALL 0x8 +/* Ignore unhandled critical extensions */ +# define X509_V_FLAG_IGNORE_CRITICAL 0x10 +/* Disable workarounds for broken certificates */ +# define X509_V_FLAG_X509_STRICT 0x20 +/* Enable proxy certificate validation */ +# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 +/* Enable policy checking */ +# define X509_V_FLAG_POLICY_CHECK 0x80 +/* Policy variable require-explicit-policy */ +# define X509_V_FLAG_EXPLICIT_POLICY 0x100 +/* Policy variable inhibit-any-policy */ +# define X509_V_FLAG_INHIBIT_ANY 0x200 +/* Policy variable inhibit-policy-mapping */ +# define X509_V_FLAG_INHIBIT_MAP 0x400 +/* Notify callback that policy is OK */ +# define X509_V_FLAG_NOTIFY_POLICY 0x800 +/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ +# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +/* Delta CRL support */ +# define X509_V_FLAG_USE_DELTAS 0x2000 +/* Check self-signed CA signature */ +# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* Use trusted store first */ +# define X509_V_FLAG_TRUSTED_FIRST 0x8000 +/* Suite B 128 bit only mode: not normally used */ +# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define X509_V_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define X509_V_FLAG_SUITEB_128_LOS 0x30000 +/* Allow partial chains if at least one certificate is in trusted store */ +# define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag + * will force the behaviour to match that of previous versions. + */ +# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 +/* Do not check certificate/CRL validity against current time */ +# define X509_V_FLAG_NO_CHECK_TIME 0x200000 + +# define X509_VP_FLAG_DEFAULT 0x1 +# define X509_VP_FLAG_OVERWRITE 0x2 +# define X509_VP_FLAG_RESET_FLAGS 0x4 +# define X509_VP_FLAG_LOCKED 0x8 +# define X509_VP_FLAG_ONCE 0x10 + +/* Internal use: mask of policy related options */ +# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ + | X509_V_FLAG_EXPLICIT_POLICY \ + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) + +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, + X509_LOOKUP_TYPE type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, + X509_OBJECT *x); +int X509_OBJECT_up_ref_count(X509_OBJECT *a); +X509_OBJECT *X509_OBJECT_new(void); +void X509_OBJECT_free(X509_OBJECT *a); +X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); +X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); +X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); +X509_STORE *X509_STORE_new(void); +void X509_STORE_free(X509_STORE *v); +int X509_STORE_lock(X509_STORE *ctx); +int X509_STORE_unlock(X509_STORE *ctx); +int X509_STORE_up_ref(X509_STORE *v); +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); + +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); +int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); +int X509_STORE_set_trust(X509_STORE *ctx, int trust); +int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); + +void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +#define X509_STORE_set_verify_func(ctx, func) \ + X509_STORE_set_verify((ctx),(func)) +void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_fn verify); +X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); +void X509_STORE_set_verify_cb(X509_STORE *ctx, + X509_STORE_CTX_verify_cb verify_cb); +# define X509_STORE_set_verify_cb_func(ctx,func) \ + X509_STORE_set_verify_cb((ctx),(func)) +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx); +void X509_STORE_set_get_issuer(X509_STORE *ctx, + X509_STORE_CTX_get_issuer_fn get_issuer); +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx); +void X509_STORE_set_check_issued(X509_STORE *ctx, + X509_STORE_CTX_check_issued_fn check_issued); +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx); +void X509_STORE_set_check_revocation(X509_STORE *ctx, + X509_STORE_CTX_check_revocation_fn check_revocation); +X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx); +void X509_STORE_set_get_crl(X509_STORE *ctx, + X509_STORE_CTX_get_crl_fn get_crl); +X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx); +void X509_STORE_set_check_crl(X509_STORE *ctx, + X509_STORE_CTX_check_crl_fn check_crl); +X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx); +void X509_STORE_set_cert_crl(X509_STORE *ctx, + X509_STORE_CTX_cert_crl_fn cert_crl); +X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx); +void X509_STORE_set_check_policy(X509_STORE *ctx, + X509_STORE_CTX_check_policy_fn check_policy); +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx); +void X509_STORE_set_lookup_certs(X509_STORE *ctx, + X509_STORE_CTX_lookup_certs_fn lookup_certs); +X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx); +void X509_STORE_set_lookup_crls(X509_STORE *ctx, + X509_STORE_CTX_lookup_crls_fn lookup_crls); +#define X509_STORE_set_lookup_crls_cb(ctx, func) \ + X509_STORE_set_lookup_crls((ctx), (func)) +X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx); +void X509_STORE_set_cleanup(X509_STORE *ctx, + X509_STORE_CTX_cleanup_fn cleanup); +X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx); + +#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) +int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); +void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx); + +X509_STORE_CTX *X509_STORE_CTX_new(void); + +int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + +void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + X509 *x509, STACK_OF(X509) *chain); +void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + +X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_cb verify); +X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); +X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); +X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); +X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain +# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted +# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack +# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs +# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls +/* the following macro is misspelled; use X509_STORE_get1_certs instead */ +# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs +/* the following macro is misspelled; use X509_STORE_get1_crls instead */ +# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls +#endif + +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); +X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +X509_LOOKUP_METHOD *X509_LOOKUP_file(void); + +typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); +typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + ASN1_INTEGER *serial, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free_fn) (X509_LOOKUP *ctx)); +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn fn); +X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + +int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); + +int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, + X509_NAME *name); + +int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); + +int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); + +X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +void X509_LOOKUP_free(X509_LOOKUP *ctx); +int X509_LOOKUP_init(X509_LOOKUP *ctx); +int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, ASN1_INTEGER *serial, + X509_OBJECT *ret); +int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const unsigned char *bytes, int len, + X509_OBJECT *ret); +int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const char *str, int len, X509_OBJECT *ret); +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); +int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); + +int X509_STORE_load_locations(X509_STORE *ctx, + const char *file, const char *dir); +int X509_STORE_set_default_paths(X509_STORE *ctx); + +#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) +int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); +void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); +int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); +X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); +void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); +int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); +int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); +int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + int purpose, int trust); +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + time_t t); + +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane); +#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0) + +/* X509_VERIFY_PARAM functions */ + +X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); +void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); +int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); +time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); +void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); + +int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, + uint32_t flags); +uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, + unsigned int flags); +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); +char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); +void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); +int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, + const char *email, size_t emaillen); +int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, + const unsigned char *ip, size_t iplen); +int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, + const char *ipasc); + +int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); +const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_count(void); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); +void X509_VERIFY_PARAM_table_cleanup(void); + +/* Non positive return values are errors */ +#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */ +#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */ +#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */ + +/* + * Positive return values form a bit mask, all but the first are internal to + * the library and don't appear in results from X509_policy_check(). + */ +#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */ +#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */ +#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */ + +int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); + +void X509_policy_tree_free(X509_POLICY_TREE *tree); + +int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); +X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, + int i); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const + X509_POLICY_TREE + *tree); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const + X509_POLICY_TREE + *tree); + +int X509_policy_level_node_count(X509_POLICY_LEVEL *level); + +X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, + int i); + +const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); + +STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const + X509_POLICY_NODE + *node); +const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE + *node); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/x509err.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/x509err.h new file mode 100644 index 00000000..02738531 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/x509err.h @@ -0,0 +1,130 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509ERR_H +# define HEADER_X509ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509_strings(void); + +/* + * X509 function codes. + */ +# define X509_F_ADD_CERT_DIR 100 +# define X509_F_BUILD_CHAIN 106 +# define X509_F_BY_FILE_CTRL 101 +# define X509_F_CHECK_NAME_CONSTRAINTS 149 +# define X509_F_CHECK_POLICY 145 +# define X509_F_DANE_I2D 107 +# define X509_F_DIR_CTRL 102 +# define X509_F_GET_CERT_BY_SUBJECT 103 +# define X509_F_I2D_X509_AUX 151 +# define X509_F_LOOKUP_CERTS_SK 152 +# define X509_F_NETSCAPE_SPKI_B64_DECODE 129 +# define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 +# define X509_F_NEW_DIR 153 +# define X509_F_X509AT_ADD1_ATTR 135 +# define X509_F_X509V3_ADD_EXT 104 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 +# define X509_F_X509_ATTRIBUTE_GET0_DATA 139 +# define X509_F_X509_ATTRIBUTE_SET1_DATA 138 +# define X509_F_X509_CHECK_PRIVATE_KEY 128 +# define X509_F_X509_CRL_DIFF 105 +# define X509_F_X509_CRL_METHOD_NEW 154 +# define X509_F_X509_CRL_PRINT_FP 147 +# define X509_F_X509_EXTENSION_CREATE_BY_NID 108 +# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 +# define X509_F_X509_GET_PUBKEY_PARAMETERS 110 +# define X509_F_X509_LOAD_CERT_CRL_FILE 132 +# define X509_F_X509_LOAD_CERT_FILE 111 +# define X509_F_X509_LOAD_CRL_FILE 112 +# define X509_F_X509_LOOKUP_METH_NEW 160 +# define X509_F_X509_LOOKUP_NEW 155 +# define X509_F_X509_NAME_ADD_ENTRY 113 +# define X509_F_X509_NAME_CANON 156 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 +# define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 +# define X509_F_X509_NAME_ONELINE 116 +# define X509_F_X509_NAME_PRINT 117 +# define X509_F_X509_OBJECT_NEW 150 +# define X509_F_X509_PRINT_EX_FP 118 +# define X509_F_X509_PUBKEY_DECODE 148 +# define X509_F_X509_PUBKEY_GET0 119 +# define X509_F_X509_PUBKEY_SET 120 +# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 +# define X509_F_X509_REQ_PRINT_EX 121 +# define X509_F_X509_REQ_PRINT_FP 122 +# define X509_F_X509_REQ_TO_X509 123 +# define X509_F_X509_STORE_ADD_CERT 124 +# define X509_F_X509_STORE_ADD_CRL 125 +# define X509_F_X509_STORE_ADD_LOOKUP 157 +# define X509_F_X509_STORE_CTX_GET1_ISSUER 146 +# define X509_F_X509_STORE_CTX_INIT 143 +# define X509_F_X509_STORE_CTX_NEW 142 +# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 +# define X509_F_X509_STORE_NEW 158 +# define X509_F_X509_TO_X509_REQ 126 +# define X509_F_X509_TRUST_ADD 133 +# define X509_F_X509_TRUST_SET 141 +# define X509_F_X509_VERIFY_CERT 127 +# define X509_F_X509_VERIFY_PARAM_NEW 159 + +/* + * X509 reason codes. + */ +# define X509_R_AKID_MISMATCH 110 +# define X509_R_BAD_SELECTOR 133 +# define X509_R_BAD_X509_FILETYPE 100 +# define X509_R_BASE64_DECODE_ERROR 118 +# define X509_R_CANT_CHECK_DH_KEY 114 +# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +# define X509_R_CRL_ALREADY_DELTA 127 +# define X509_R_CRL_VERIFY_FAILURE 131 +# define X509_R_IDP_MISMATCH 128 +# define X509_R_INVALID_ATTRIBUTES 138 +# define X509_R_INVALID_DIRECTORY 113 +# define X509_R_INVALID_FIELD_NAME 119 +# define X509_R_INVALID_TRUST 123 +# define X509_R_ISSUER_MISMATCH 129 +# define X509_R_KEY_TYPE_MISMATCH 115 +# define X509_R_KEY_VALUES_MISMATCH 116 +# define X509_R_LOADING_CERT_DIR 103 +# define X509_R_LOADING_DEFAULTS 104 +# define X509_R_METHOD_NOT_SUPPORTED 124 +# define X509_R_NAME_TOO_LONG 134 +# define X509_R_NEWER_CRL_NOT_NEWER 132 +# define X509_R_NO_CERTIFICATE_FOUND 135 +# define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 +# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +# define X509_R_NO_CRL_FOUND 137 +# define X509_R_NO_CRL_NUMBER 130 +# define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 +# define X509_R_SHOULD_RETRY 106 +# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +# define X509_R_UNKNOWN_KEY_TYPE 117 +# define X509_R_UNKNOWN_NID 109 +# define X509_R_UNKNOWN_PURPOSE_ID 121 +# define X509_R_UNKNOWN_TRUST_ID 120 +# define X509_R_UNSUPPORTED_ALGORITHM 111 +# define X509_R_WRONG_LOOKUP_TYPE 112 +# define X509_R_WRONG_TYPE 122 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/x509v3.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/x509v3.h new file mode 100644 index 00000000..6c6eca38 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/x509v3.h @@ -0,0 +1,937 @@ +/* + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509V3_H +# define HEADER_X509V3_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Forward reference */ +struct v3_ext_method; +struct v3_ext_ctx; + +/* Useful typedefs */ + +typedef void *(*X509V3_EXT_NEW)(void); +typedef void (*X509V3_EXT_FREE) (void *); +typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); +typedef int (*X509V3_EXT_I2D) (void *, unsigned char **); +typedef STACK_OF(CONF_VALUE) * + (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, + void *ext); +typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, + BIO *out, int indent); +typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); + +/* V3 extension structure */ + +struct v3_ext_method { + int ext_nid; + int ext_flags; +/* If this is set the following four fields are ignored */ + ASN1_ITEM_EXP *it; +/* Old style ASN1 calls */ + X509V3_EXT_NEW ext_new; + X509V3_EXT_FREE ext_free; + X509V3_EXT_D2I d2i; + X509V3_EXT_I2D i2d; +/* The following pair is used for string extensions */ + X509V3_EXT_I2S i2s; + X509V3_EXT_S2I s2i; +/* The following pair is used for multi-valued extensions */ + X509V3_EXT_I2V i2v; + X509V3_EXT_V2I v2i; +/* The following are used for raw extensions */ + X509V3_EXT_I2R i2r; + X509V3_EXT_R2I r2i; + void *usr_data; /* Any extension specific data */ +}; + +typedef struct X509V3_CONF_METHOD_st { + char *(*get_string) (void *db, const char *section, const char *value); + STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section); + void (*free_string) (void *db, char *string); + void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); +} X509V3_CONF_METHOD; + +/* Context specific info */ +struct v3_ext_ctx { +# define CTX_TEST 0x1 +# define X509V3_CTX_REPLACE 0x2 + int flags; + X509 *issuer_cert; + X509 *subject_cert; + X509_REQ *subject_req; + X509_CRL *crl; + X509V3_CONF_METHOD *db_meth; + void *db; +/* Maybe more here */ +}; + +typedef struct v3_ext_method X509V3_EXT_METHOD; + +DEFINE_STACK_OF(X509V3_EXT_METHOD) + +/* ext_flags values */ +# define X509V3_EXT_DYNAMIC 0x1 +# define X509V3_EXT_CTX_DEP 0x2 +# define X509V3_EXT_MULTILINE 0x4 + +typedef BIT_STRING_BITNAME ENUMERATED_NAMES; + +typedef struct BASIC_CONSTRAINTS_st { + int ca; + ASN1_INTEGER *pathlen; +} BASIC_CONSTRAINTS; + +typedef struct PKEY_USAGE_PERIOD_st { + ASN1_GENERALIZEDTIME *notBefore; + ASN1_GENERALIZEDTIME *notAfter; +} PKEY_USAGE_PERIOD; + +typedef struct otherName_st { + ASN1_OBJECT *type_id; + ASN1_TYPE *value; +} OTHERNAME; + +typedef struct EDIPartyName_st { + ASN1_STRING *nameAssigner; + ASN1_STRING *partyName; +} EDIPARTYNAME; + +typedef struct GENERAL_NAME_st { +# define GEN_OTHERNAME 0 +# define GEN_EMAIL 1 +# define GEN_DNS 2 +# define GEN_X400 3 +# define GEN_DIRNAME 4 +# define GEN_EDIPARTY 5 +# define GEN_URI 6 +# define GEN_IPADD 7 +# define GEN_RID 8 + int type; + union { + char *ptr; + OTHERNAME *otherName; /* otherName */ + ASN1_IA5STRING *rfc822Name; + ASN1_IA5STRING *dNSName; + ASN1_TYPE *x400Address; + X509_NAME *directoryName; + EDIPARTYNAME *ediPartyName; + ASN1_IA5STRING *uniformResourceIdentifier; + ASN1_OCTET_STRING *iPAddress; + ASN1_OBJECT *registeredID; + /* Old names */ + ASN1_OCTET_STRING *ip; /* iPAddress */ + X509_NAME *dirn; /* dirn */ + ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, + * uniformResourceIdentifier */ + ASN1_OBJECT *rid; /* registeredID */ + ASN1_TYPE *other; /* x400Address */ + } d; +} GENERAL_NAME; + +typedef struct ACCESS_DESCRIPTION_st { + ASN1_OBJECT *method; + GENERAL_NAME *location; +} ACCESS_DESCRIPTION; + +typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; + +typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; + +typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; + +DEFINE_STACK_OF(GENERAL_NAME) +typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; +DEFINE_STACK_OF(GENERAL_NAMES) + +DEFINE_STACK_OF(ACCESS_DESCRIPTION) + +typedef struct DIST_POINT_NAME_st { + int type; + union { + GENERAL_NAMES *fullname; + STACK_OF(X509_NAME_ENTRY) *relativename; + } name; +/* If relativename then this contains the full distribution point name */ + X509_NAME *dpname; +} DIST_POINT_NAME; +/* All existing reasons */ +# define CRLDP_ALL_REASONS 0x807f + +# define CRL_REASON_NONE -1 +# define CRL_REASON_UNSPECIFIED 0 +# define CRL_REASON_KEY_COMPROMISE 1 +# define CRL_REASON_CA_COMPROMISE 2 +# define CRL_REASON_AFFILIATION_CHANGED 3 +# define CRL_REASON_SUPERSEDED 4 +# define CRL_REASON_CESSATION_OF_OPERATION 5 +# define CRL_REASON_CERTIFICATE_HOLD 6 +# define CRL_REASON_REMOVE_FROM_CRL 8 +# define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +# define CRL_REASON_AA_COMPROMISE 10 + +struct DIST_POINT_st { + DIST_POINT_NAME *distpoint; + ASN1_BIT_STRING *reasons; + GENERAL_NAMES *CRLissuer; + int dp_reasons; +}; + +typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; + +DEFINE_STACK_OF(DIST_POINT) + +struct AUTHORITY_KEYID_st { + ASN1_OCTET_STRING *keyid; + GENERAL_NAMES *issuer; + ASN1_INTEGER *serial; +}; + +/* Strong extranet structures */ + +typedef struct SXNET_ID_st { + ASN1_INTEGER *zone; + ASN1_OCTET_STRING *user; +} SXNETID; + +DEFINE_STACK_OF(SXNETID) + +typedef struct SXNET_st { + ASN1_INTEGER *version; + STACK_OF(SXNETID) *ids; +} SXNET; + +typedef struct NOTICEREF_st { + ASN1_STRING *organization; + STACK_OF(ASN1_INTEGER) *noticenos; +} NOTICEREF; + +typedef struct USERNOTICE_st { + NOTICEREF *noticeref; + ASN1_STRING *exptext; +} USERNOTICE; + +typedef struct POLICYQUALINFO_st { + ASN1_OBJECT *pqualid; + union { + ASN1_IA5STRING *cpsuri; + USERNOTICE *usernotice; + ASN1_TYPE *other; + } d; +} POLICYQUALINFO; + +DEFINE_STACK_OF(POLICYQUALINFO) + +typedef struct POLICYINFO_st { + ASN1_OBJECT *policyid; + STACK_OF(POLICYQUALINFO) *qualifiers; +} POLICYINFO; + +typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; + +DEFINE_STACK_OF(POLICYINFO) + +typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; +} POLICY_MAPPING; + +DEFINE_STACK_OF(POLICY_MAPPING) + +typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + +typedef struct GENERAL_SUBTREE_st { + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; +} GENERAL_SUBTREE; + +DEFINE_STACK_OF(GENERAL_SUBTREE) + +struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +}; + +typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; +} POLICY_CONSTRAINTS; + +/* Proxy certificate structures, see RFC 3820 */ +typedef struct PROXY_POLICY_st { + ASN1_OBJECT *policyLanguage; + ASN1_OCTET_STRING *policy; +} PROXY_POLICY; + +typedef struct PROXY_CERT_INFO_EXTENSION_st { + ASN1_INTEGER *pcPathLengthConstraint; + PROXY_POLICY *proxyPolicy; +} PROXY_CERT_INFO_EXTENSION; + +DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) +DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + +struct ISSUING_DIST_POINT_st { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; +}; + +/* Values in idp_flags field */ +/* IDP present */ +# define IDP_PRESENT 0x1 +/* IDP values inconsistent */ +# define IDP_INVALID 0x2 +/* onlyuser true */ +# define IDP_ONLYUSER 0x4 +/* onlyCA true */ +# define IDP_ONLYCA 0x8 +/* onlyattr true */ +# define IDP_ONLYATTR 0x10 +/* indirectCRL true */ +# define IDP_INDIRECT 0x20 +/* onlysomereasons present */ +# define IDP_REASONS 0x40 + +# define X509V3_conf_err(val) ERR_add_error_data(6, \ + "section:", (val)->section, \ + ",name:", (val)->name, ",value:", (val)->value) + +# define X509V3_set_ctx_test(ctx) \ + X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) +# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; + +# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ + 0,0,0,0, \ + 0,0, \ + (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ + (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ + NULL, NULL, \ + table} + +# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ + 0,0,0,0, \ + (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ + 0,0,0,0, \ + NULL} + +# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} + +/* X509_PURPOSE stuff */ + +# define EXFLAG_BCONS 0x1 +# define EXFLAG_KUSAGE 0x2 +# define EXFLAG_XKUSAGE 0x4 +# define EXFLAG_NSCERT 0x8 + +# define EXFLAG_CA 0x10 +/* Really self issued not necessarily self signed */ +# define EXFLAG_SI 0x20 +# define EXFLAG_V1 0x40 +# define EXFLAG_INVALID 0x80 +/* EXFLAG_SET is set to indicate that some values have been precomputed */ +# define EXFLAG_SET 0x100 +# define EXFLAG_CRITICAL 0x200 +# define EXFLAG_PROXY 0x400 + +# define EXFLAG_INVALID_POLICY 0x800 +# define EXFLAG_FRESHEST 0x1000 +/* Self signed */ +# define EXFLAG_SS 0x2000 + +# define KU_DIGITAL_SIGNATURE 0x0080 +# define KU_NON_REPUDIATION 0x0040 +# define KU_KEY_ENCIPHERMENT 0x0020 +# define KU_DATA_ENCIPHERMENT 0x0010 +# define KU_KEY_AGREEMENT 0x0008 +# define KU_KEY_CERT_SIGN 0x0004 +# define KU_CRL_SIGN 0x0002 +# define KU_ENCIPHER_ONLY 0x0001 +# define KU_DECIPHER_ONLY 0x8000 + +# define NS_SSL_CLIENT 0x80 +# define NS_SSL_SERVER 0x40 +# define NS_SMIME 0x20 +# define NS_OBJSIGN 0x10 +# define NS_SSL_CA 0x04 +# define NS_SMIME_CA 0x02 +# define NS_OBJSIGN_CA 0x01 +# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) + +# define XKU_SSL_SERVER 0x1 +# define XKU_SSL_CLIENT 0x2 +# define XKU_SMIME 0x4 +# define XKU_CODE_SIGN 0x8 +# define XKU_SGC 0x10 +# define XKU_OCSP_SIGN 0x20 +# define XKU_TIMESTAMP 0x40 +# define XKU_DVCS 0x80 +# define XKU_ANYEKU 0x100 + +# define X509_PURPOSE_DYNAMIC 0x1 +# define X509_PURPOSE_DYNAMIC_NAME 0x2 + +typedef struct x509_purpose_st { + int purpose; + int trust; /* Default trust ID */ + int flags; + int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); + char *name; + char *sname; + void *usr_data; +} X509_PURPOSE; + +# define X509_PURPOSE_SSL_CLIENT 1 +# define X509_PURPOSE_SSL_SERVER 2 +# define X509_PURPOSE_NS_SSL_SERVER 3 +# define X509_PURPOSE_SMIME_SIGN 4 +# define X509_PURPOSE_SMIME_ENCRYPT 5 +# define X509_PURPOSE_CRL_SIGN 6 +# define X509_PURPOSE_ANY 7 +# define X509_PURPOSE_OCSP_HELPER 8 +# define X509_PURPOSE_TIMESTAMP_SIGN 9 + +# define X509_PURPOSE_MIN 1 +# define X509_PURPOSE_MAX 9 + +/* Flags for X509V3_EXT_print() */ + +# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +/* Return error for unknown extensions */ +# define X509V3_EXT_DEFAULT 0 +/* Print error for unknown extensions */ +# define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +/* ASN1 parse unknown extensions */ +# define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +/* BIO_dump unknown extensions */ +# define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + +/* Flags for X509V3_add1_i2d */ + +# define X509V3_ADD_OP_MASK 0xfL +# define X509V3_ADD_DEFAULT 0L +# define X509V3_ADD_APPEND 1L +# define X509V3_ADD_REPLACE 2L +# define X509V3_ADD_REPLACE_EXISTING 3L +# define X509V3_ADD_KEEP_EXISTING 4L +# define X509V3_ADD_DELETE 5L +# define X509V3_ADD_SILENT 0x10 + +DEFINE_STACK_OF(X509_PURPOSE) + +DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) + +DECLARE_ASN1_FUNCTIONS(SXNET) +DECLARE_ASN1_FUNCTIONS(SXNETID) + +int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen); +int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, + int userlen); +int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, + int userlen); + +ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); +ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); +ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); + +DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) + +DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) +GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); +int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); + +ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); +STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); +char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); +ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, + GENERAL_NAME *gen, + STACK_OF(CONF_VALUE) *ret); +int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, + GENERAL_NAMES *gen, + STACK_OF(CONF_VALUE) *extlist); +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +DECLARE_ASN1_FUNCTIONS(OTHERNAME) +DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) +int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); +void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); +void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); +int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + ASN1_OBJECT *oid, ASN1_TYPE *value); +int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + const ASN1_OCTET_STRING *ia5); +ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) +int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) + +DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) +DECLARE_ASN1_FUNCTIONS(POLICYINFO) +DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) +DECLARE_ASN1_FUNCTIONS(USERNOTICE) +DECLARE_ASN1_FUNCTIONS(NOTICEREF) + +DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) +DECLARE_ASN1_FUNCTIONS(DIST_POINT) +DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) +DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) + +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); +int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc); + +DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) +DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) + +DECLARE_ASN1_ITEM(POLICY_MAPPING) +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) +DECLARE_ASN1_ITEM(POLICY_MAPPINGS) + +DECLARE_ASN1_ITEM(GENERAL_SUBTREE) +DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + +DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) +DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) +DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, + const char *value, int is_nc); + +# ifdef HEADER_CONF_H +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, + int is_nc); +void X509V3_conf_free(CONF_VALUE *val); + +X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, + const char *value); +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, + STACK_OF(X509_EXTENSION) **sk); +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509 *cert); +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_REQ *req); +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_CRL *crl); + +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, + X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *name, const char *value); +int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509 *cert); +int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_REQ *req); +int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_CRL *crl); + +int X509V3_add_value_bool_nf(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); +int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); +void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); +void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); +# endif + +char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section); +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); +void X509V3_string_free(X509V3_CTX *ctx, char *str); +void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); +void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, + X509_REQ *req, X509_CRL *crl, int flags); + +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_uchar(const char *name, const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_bool(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist); +char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); +ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); +char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, + const ASN1_ENUMERATED *aint); +int X509V3_EXT_add(X509V3_EXT_METHOD *ext); +int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); +int X509V3_EXT_add_alias(int nid_to, int nid_from); +void X509V3_EXT_cleanup(void); + +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +int X509V3_add_standard_extensions(void); +STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); +void *X509V3_EXT_d2i(X509_EXTENSION *ext); +void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, + int *idx); + +X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); +int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, + int crit, unsigned long flags); + +#if OPENSSL_API_COMPAT < 0x10100000L +/* The new declarations are in crypto.h, but the old ones were here. */ +# define hex_to_string OPENSSL_buf2hexstr +# define string_to_hex OPENSSL_hexstr2buf +#endif + +void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, + int ml); +int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + int indent); +#ifndef OPENSSL_NO_STDIO +int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); +#endif +int X509V3_extensions_print(BIO *out, const char *title, + const STACK_OF(X509_EXTENSION) *exts, + unsigned long flag, int indent); + +int X509_check_ca(X509 *x); +int X509_check_purpose(X509 *x, int id, int ca); +int X509_supported_extension(X509_EXTENSION *ex); +int X509_PURPOSE_set(int *p, int purpose); +int X509_check_issued(X509 *issuer, X509 *subject); +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); +void X509_set_proxy_flag(X509 *x); +void X509_set_proxy_pathlen(X509 *x, long l); +long X509_get_proxy_pathlen(X509 *x); + +uint32_t X509_get_extension_flags(X509 *x); +uint32_t X509_get_key_usage(X509 *x); +uint32_t X509_get_extended_key_usage(X509 *x); +const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); +const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); +const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); + +int X509_PURPOSE_get_count(void); +X509_PURPOSE *X509_PURPOSE_get0(int idx); +int X509_PURPOSE_get_by_sname(const char *sname); +int X509_PURPOSE_get_by_id(int id); +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck) (const X509_PURPOSE *, const X509 *, int), + const char *name, const char *sname, void *arg); +char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); +char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); +int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); +void X509_PURPOSE_cleanup(void); +int X509_PURPOSE_get_id(const X509_PURPOSE *); + +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); +void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); +/* Flags for X509_check_* functions */ + +/* + * Always check subject name for host match even if subject alt names present + */ +# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +/* Disable wildcard matching for dnsName fields and common name. */ +# define X509_CHECK_FLAG_NO_WILDCARDS 0x2 +/* Wildcards must not match a partial label. */ +# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 +/* Allow (non-partial) wildcards to match multiple labels. */ +# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 +/* Constraint verifier subdomain patterns to match a single labels. */ +# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/* Never check the subject CN */ +# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 +/* + * Match reference identifiers starting with "." to any sub-domain. + * This is a non-public flag, turned on implicitly when the subject + * reference identity is a DNS name. + */ +# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 + +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername); +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); + +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, + unsigned long chtype); + +void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +DEFINE_STACK_OF(X509_POLICY_NODE) + +#ifndef OPENSSL_NO_RFC3779 +typedef struct ASRange_st { + ASN1_INTEGER *min, *max; +} ASRange; + +# define ASIdOrRange_id 0 +# define ASIdOrRange_range 1 + +typedef struct ASIdOrRange_st { + int type; + union { + ASN1_INTEGER *id; + ASRange *range; + } u; +} ASIdOrRange; + +typedef STACK_OF(ASIdOrRange) ASIdOrRanges; +DEFINE_STACK_OF(ASIdOrRange) + +# define ASIdentifierChoice_inherit 0 +# define ASIdentifierChoice_asIdsOrRanges 1 + +typedef struct ASIdentifierChoice_st { + int type; + union { + ASN1_NULL *inherit; + ASIdOrRanges *asIdsOrRanges; + } u; +} ASIdentifierChoice; + +typedef struct ASIdentifiers_st { + ASIdentifierChoice *asnum, *rdi; +} ASIdentifiers; + +DECLARE_ASN1_FUNCTIONS(ASRange) +DECLARE_ASN1_FUNCTIONS(ASIdOrRange) +DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) +DECLARE_ASN1_FUNCTIONS(ASIdentifiers) + +typedef struct IPAddressRange_st { + ASN1_BIT_STRING *min, *max; +} IPAddressRange; + +# define IPAddressOrRange_addressPrefix 0 +# define IPAddressOrRange_addressRange 1 + +typedef struct IPAddressOrRange_st { + int type; + union { + ASN1_BIT_STRING *addressPrefix; + IPAddressRange *addressRange; + } u; +} IPAddressOrRange; + +typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; +DEFINE_STACK_OF(IPAddressOrRange) + +# define IPAddressChoice_inherit 0 +# define IPAddressChoice_addressesOrRanges 1 + +typedef struct IPAddressChoice_st { + int type; + union { + ASN1_NULL *inherit; + IPAddressOrRanges *addressesOrRanges; + } u; +} IPAddressChoice; + +typedef struct IPAddressFamily_st { + ASN1_OCTET_STRING *addressFamily; + IPAddressChoice *ipAddressChoice; +} IPAddressFamily; + +typedef STACK_OF(IPAddressFamily) IPAddrBlocks; +DEFINE_STACK_OF(IPAddressFamily) + +DECLARE_ASN1_FUNCTIONS(IPAddressRange) +DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) +DECLARE_ASN1_FUNCTIONS(IPAddressChoice) +DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + +/* + * API tag for elements of the ASIdentifer SEQUENCE. + */ +# define V3_ASID_ASNUM 0 +# define V3_ASID_RDI 1 + +/* + * AFI values, assigned by IANA. It'd be nice to make the AFI + * handling code totally generic, but there are too many little things + * that would need to be defined for other address families for it to + * be worth the trouble. + */ +# define IANA_AFI_IPV4 1 +# define IANA_AFI_IPV6 2 + +/* + * Utilities to construct and extract values from RFC3779 extensions, + * since some of the encodings (particularly for IP address prefixes + * and ranges) are a bit tedious to work with directly. + */ +int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); +int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, + ASN1_INTEGER *min, ASN1_INTEGER *max); +int X509v3_addr_add_inherit(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi); +int X509v3_addr_add_prefix(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *a, const int prefixlen); +int X509v3_addr_add_range(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *min, unsigned char *max); +unsigned X509v3_addr_get_afi(const IPAddressFamily *f); +int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, + unsigned char *min, unsigned char *max, + const int length); + +/* + * Canonical forms. + */ +int X509v3_asid_is_canonical(ASIdentifiers *asid); +int X509v3_addr_is_canonical(IPAddrBlocks *addr); +int X509v3_asid_canonize(ASIdentifiers *asid); +int X509v3_addr_canonize(IPAddrBlocks *addr); + +/* + * Tests for inheritance and containment. + */ +int X509v3_asid_inherits(ASIdentifiers *asid); +int X509v3_addr_inherits(IPAddrBlocks *addr); +int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); +int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); + +/* + * Check whether RFC 3779 extensions nest properly in chains. + */ +int X509v3_asid_validate_path(X509_STORE_CTX *); +int X509v3_addr_validate_path(X509_STORE_CTX *); +int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, + ASIdentifiers *ext, + int allow_inheritance); +int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, + IPAddrBlocks *ext, int allow_inheritance); + +#endif /* OPENSSL_NO_RFC3779 */ + +DEFINE_STACK_OF(ASN1_STRING) + +/* + * Admission Syntax + */ +typedef struct NamingAuthority_st NAMING_AUTHORITY; +typedef struct ProfessionInfo_st PROFESSION_INFO; +typedef struct Admissions_st ADMISSIONS; +typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; +DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY) +DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO) +DECLARE_ASN1_FUNCTIONS(ADMISSIONS) +DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX) +DEFINE_STACK_OF(ADMISSIONS) +DEFINE_STACK_OF(PROFESSION_INFO) +typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; + +const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( + const NAMING_AUTHORITY *n); +const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( + const NAMING_AUTHORITY *n); +const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( + const NAMING_AUTHORITY *n); +void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, + ASN1_OBJECT* namingAuthorityId); +void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, + ASN1_IA5STRING* namingAuthorityUrl); +void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, + ASN1_STRING* namingAuthorityText); + +const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_admissionAuthority( + ADMISSION_SYNTAX *as, GENERAL_NAME *aa); +const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_contentsOfAdmissions( + ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); +const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); +const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); +const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); +void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); +const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_addProfessionInfo( + PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); +const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_namingAuthority( + PROFESSION_INFO *pi, NAMING_AUTHORITY *na); +const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionItems( + PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); +const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionOIDs( + PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); +const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_registrationNumber( + PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/include/openssl/x509v3err.h b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/x509v3err.h new file mode 100644 index 00000000..5f25442f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/include/openssl/x509v3err.h @@ -0,0 +1,162 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509V3ERR_H +# define HEADER_X509V3ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509V3_strings(void); + +/* + * X509V3 function codes. + */ +# define X509V3_F_A2I_GENERAL_NAME 164 +# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166 +# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 +# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 +# define X509V3_F_BIGNUM_TO_STRING 167 +# define X509V3_F_COPY_EMAIL 122 +# define X509V3_F_COPY_ISSUER 123 +# define X509V3_F_DO_DIRNAME 144 +# define X509V3_F_DO_EXT_I2D 135 +# define X509V3_F_DO_EXT_NCONF 151 +# define X509V3_F_GNAMES_FROM_SECTNAME 156 +# define X509V3_F_I2S_ASN1_ENUMERATED 121 +# define X509V3_F_I2S_ASN1_IA5STRING 149 +# define X509V3_F_I2S_ASN1_INTEGER 120 +# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 +# define X509V3_F_LEVEL_ADD_NODE 168 +# define X509V3_F_NOTICE_SECTION 132 +# define X509V3_F_NREF_NOS 133 +# define X509V3_F_POLICY_CACHE_CREATE 169 +# define X509V3_F_POLICY_CACHE_NEW 170 +# define X509V3_F_POLICY_DATA_NEW 171 +# define X509V3_F_POLICY_SECTION 131 +# define X509V3_F_PROCESS_PCI_VALUE 150 +# define X509V3_F_R2I_CERTPOL 130 +# define X509V3_F_R2I_PCI 155 +# define X509V3_F_S2I_ASN1_IA5STRING 100 +# define X509V3_F_S2I_ASN1_INTEGER 108 +# define X509V3_F_S2I_ASN1_OCTET_STRING 112 +# define X509V3_F_S2I_SKEY_ID 115 +# define X509V3_F_SET_DIST_POINT_NAME 158 +# define X509V3_F_SXNET_ADD_ID_ASC 125 +# define X509V3_F_SXNET_ADD_ID_INTEGER 126 +# define X509V3_F_SXNET_ADD_ID_ULONG 127 +# define X509V3_F_SXNET_GET_ID_ASC 128 +# define X509V3_F_SXNET_GET_ID_ULONG 129 +# define X509V3_F_TREE_INIT 172 +# define X509V3_F_V2I_ASIDENTIFIERS 163 +# define X509V3_F_V2I_ASN1_BIT_STRING 101 +# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 +# define X509V3_F_V2I_AUTHORITY_KEYID 119 +# define X509V3_F_V2I_BASIC_CONSTRAINTS 102 +# define X509V3_F_V2I_CRLD 134 +# define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 +# define X509V3_F_V2I_GENERAL_NAMES 118 +# define X509V3_F_V2I_GENERAL_NAME_EX 117 +# define X509V3_F_V2I_IDP 157 +# define X509V3_F_V2I_IPADDRBLOCKS 159 +# define X509V3_F_V2I_ISSUER_ALT 153 +# define X509V3_F_V2I_NAME_CONSTRAINTS 147 +# define X509V3_F_V2I_POLICY_CONSTRAINTS 146 +# define X509V3_F_V2I_POLICY_MAPPINGS 145 +# define X509V3_F_V2I_SUBJECT_ALT 154 +# define X509V3_F_V2I_TLS_FEATURE 165 +# define X509V3_F_V3_GENERIC_EXTENSION 116 +# define X509V3_F_X509V3_ADD1_I2D 140 +# define X509V3_F_X509V3_ADD_VALUE 105 +# define X509V3_F_X509V3_EXT_ADD 104 +# define X509V3_F_X509V3_EXT_ADD_ALIAS 106 +# define X509V3_F_X509V3_EXT_I2D 136 +# define X509V3_F_X509V3_EXT_NCONF 152 +# define X509V3_F_X509V3_GET_SECTION 142 +# define X509V3_F_X509V3_GET_STRING 143 +# define X509V3_F_X509V3_GET_VALUE_BOOL 110 +# define X509V3_F_X509V3_PARSE_LIST 109 +# define X509V3_F_X509_PURPOSE_ADD 137 +# define X509V3_F_X509_PURPOSE_SET 141 + +/* + * X509V3 reason codes. + */ +# define X509V3_R_BAD_IP_ADDRESS 118 +# define X509V3_R_BAD_OBJECT 119 +# define X509V3_R_BN_DEC2BN_ERROR 100 +# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +# define X509V3_R_DIRNAME_ERROR 149 +# define X509V3_R_DISTPOINT_ALREADY_SET 160 +# define X509V3_R_DUPLICATE_ZONE_ID 133 +# define X509V3_R_ERROR_CONVERTING_ZONE 131 +# define X509V3_R_ERROR_CREATING_EXTENSION 144 +# define X509V3_R_ERROR_IN_EXTENSION 128 +# define X509V3_R_EXPECTED_A_SECTION_NAME 137 +# define X509V3_R_EXTENSION_EXISTS 145 +# define X509V3_R_EXTENSION_NAME_ERROR 115 +# define X509V3_R_EXTENSION_NOT_FOUND 102 +# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 +# define X509V3_R_EXTENSION_VALUE_ERROR 116 +# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 +# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +# define X509V3_R_INVALID_ASNUMBER 162 +# define X509V3_R_INVALID_ASRANGE 163 +# define X509V3_R_INVALID_BOOLEAN_STRING 104 +# define X509V3_R_INVALID_EXTENSION_STRING 105 +# define X509V3_R_INVALID_INHERITANCE 165 +# define X509V3_R_INVALID_IPADDRESS 166 +# define X509V3_R_INVALID_MULTIPLE_RDNS 161 +# define X509V3_R_INVALID_NAME 106 +# define X509V3_R_INVALID_NULL_ARGUMENT 107 +# define X509V3_R_INVALID_NULL_NAME 108 +# define X509V3_R_INVALID_NULL_VALUE 109 +# define X509V3_R_INVALID_NUMBER 140 +# define X509V3_R_INVALID_NUMBERS 141 +# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +# define X509V3_R_INVALID_OPTION 138 +# define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 +# define X509V3_R_INVALID_PURPOSE 146 +# define X509V3_R_INVALID_SAFI 164 +# define X509V3_R_INVALID_SECTION 135 +# define X509V3_R_INVALID_SYNTAX 143 +# define X509V3_R_ISSUER_DECODE_ERROR 126 +# define X509V3_R_MISSING_VALUE 124 +# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 +# define X509V3_R_NO_CONFIG_DATABASE 136 +# define X509V3_R_NO_ISSUER_CERTIFICATE 121 +# define X509V3_R_NO_ISSUER_DETAILS 127 +# define X509V3_R_NO_POLICY_IDENTIFIER 139 +# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 +# define X509V3_R_NO_PUBLIC_KEY 114 +# define X509V3_R_NO_SUBJECT_DETAILS 125 +# define X509V3_R_OPERATION_NOT_DEFINED 148 +# define X509V3_R_OTHERNAME_ERROR 147 +# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 +# define X509V3_R_POLICY_PATH_LENGTH 156 +# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 +# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +# define X509V3_R_SECTION_NOT_FOUND 150 +# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 +# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 +# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 +# define X509V3_R_UNKNOWN_EXTENSION 129 +# define X509V3_R_UNKNOWN_EXTENSION_NAME 130 +# define X509V3_R_UNKNOWN_OPTION 120 +# define X509V3_R_UNSUPPORTED_OPTION 117 +# define X509V3_R_UNSUPPORTED_TYPE 167 +# define X509V3_R_USER_TOO_LONG 132 + +#endif diff --git a/deps/openssl/android/arm64-v8a/usr/local/lib/pkgconfig/libcrypto.pc b/deps/openssl/android/arm64-v8a/usr/local/lib/pkgconfig/libcrypto.pc new file mode 100644 index 00000000..8ad5521b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/lib/pkgconfig/libcrypto.pc @@ -0,0 +1,12 @@ +prefix=/usr/local +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include +enginesdir=${libdir}/engines-1.1 + +Name: OpenSSL-libcrypto +Description: OpenSSL cryptography library +Version: 1.1.1g +Libs: -L${libdir} -lcrypto +Libs.private: -ldl -pthread +Cflags: -I${includedir} diff --git a/deps/openssl/android/arm64-v8a/usr/local/lib/pkgconfig/libssl.pc b/deps/openssl/android/arm64-v8a/usr/local/lib/pkgconfig/libssl.pc new file mode 100644 index 00000000..556e6a1e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/lib/pkgconfig/libssl.pc @@ -0,0 +1,11 @@ +prefix=/usr/local +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +Name: OpenSSL-libssl +Description: Secure Sockets Layer and cryptography libraries +Version: 1.1.1g +Requires.private: libcrypto +Libs: -L${libdir} -lssl +Cflags: -I${includedir} diff --git a/deps/openssl/android/arm64-v8a/usr/local/lib/pkgconfig/openssl.pc b/deps/openssl/android/arm64-v8a/usr/local/lib/pkgconfig/openssl.pc new file mode 100644 index 00000000..551cf717 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/lib/pkgconfig/openssl.pc @@ -0,0 +1,9 @@ +prefix=/usr/local +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +Name: OpenSSL +Description: Secure Sockets Layer and cryptography libraries and tools +Version: 1.1.1g +Requires: libssl libcrypto diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/CA.pl.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/CA.pl.html new file mode 100644 index 00000000..be1293ff --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/CA.pl.html @@ -0,0 +1,198 @@ + + + + +CA.pl + + + + + + + + + + +

NAME

+ +

CA.pl - friendlier interface for OpenSSL certificate programs

+ +

SYNOPSIS

+ +

CA.pl -? | -h | -help

+ +

CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]

+ +

CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]

+ +

CA.pl -verify [-extra-verify extra-params] certfile...

+ +

CA.pl -revoke [-extra-ca extra-params] certfile [reason]

+ +

DESCRIPTION

+ +

The CA.pl script is a perl script that supplies the relevant command line arguments to the openssl command for some common certificate operations. It is intended to simplify the process of certificate creation and management by the use of some simple options.

+ +

OPTIONS

+ +
+ +
?, -h, -help
+
+ +

Prints a usage message.

+ +
+
-newcert
+
+ +

Creates a new self signed certificate. The private key is written to the file "newkey.pem" and the request written to the file "newreq.pem". This argument invokes openssl req command.

+ +
+
-newreq
+
+ +

Creates a new certificate request. The private key is written to the file "newkey.pem" and the request written to the file "newreq.pem". Executes openssl req command below the hood.

+ +
+
-newreq-nodes
+
+ +

Is like -newreq except that the private key will not be encrypted. Uses openssl req command.

+ +
+
-newca
+
+ +

Creates a new CA hierarchy for use with the ca program (or the -signcert and -xsign options). The user is prompted to enter the filename of the CA certificates (which should also contain the private key) or by hitting ENTER details of the CA will be prompted for. The relevant files and directories are created in a directory called "demoCA" in the current directory. openssl req and openssl ca commands are get invoked.

+ +
+
-pkcs12
+
+ +

Create a PKCS#12 file containing the user certificate, private key and CA certificate. It expects the user certificate and private key to be in the file "newcert.pem" and the CA certificate to be in the file demoCA/cacert.pem, it creates a file "newcert.p12". This command can thus be called after the -sign option. The PKCS#12 file can be imported directly into a browser. If there is an additional argument on the command line it will be used as the "friendly name" for the certificate (which is typically displayed in the browser list box), otherwise the name "My Certificate" is used. Delegates work to openssl pkcs12 command.

+ +
+
-sign, -signcert, -xsign
+
+ +

Calls the ca program to sign a certificate request. It expects the request to be in the file "newreq.pem". The new certificate is written to the file "newcert.pem" except in the case of the -xsign option when it is written to standard output. Leverages openssl ca command.

+ +
+
-signCA
+
+ +

This option is the same as the -signreq option except it uses the configuration file section v3_ca and so makes the signed request a valid CA certificate. This is useful when creating intermediate CA from a root CA. Extra params are passed on to openssl ca command.

+ +
+
-signcert
+
+ +

This option is the same as -sign except it expects a self signed certificate to be present in the file "newreq.pem". Extra params are passed on to openssl x509 and openssl ca commands.

+ +
+
-crl
+
+ +

Generate a CRL. Executes openssl ca command.

+ +
+
-revoke certfile [reason]
+
+ +

Revoke the certificate contained in the specified certfile. An optional reason may be specified, and must be one of: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, or removeFromCRL. Leverages openssl ca command.

+ +
+
-verify
+
+ +

Verifies certificates against the CA certificate for "demoCA". If no certificates are specified on the command line it tries to verify the file "newcert.pem". Invokes openssl verify command.

+ +
+
-extra-req | -extra-ca | -extra-pkcs12 | -extra-x509 | -extra-verify <extra-params>
+
+ +

The purpose of these parameters is to allow optional parameters to be supplied to openssl that this command executes. The -extra-cmd are specific to the option being used and the openssl command getting invoked. For example when this command invokes openssl req extra parameters can be passed on with the -extra-req parameter. The openssl commands being invoked per option are documented below. Users should consult openssl command documentation for more information.

+ +
+
+ +

EXAMPLES

+ +

Create a CA hierarchy:

+ +
CA.pl -newca
+ +

Complete certificate creation example: create a CA, create a request, sign the request and finally create a PKCS#12 file containing it.

+ +
CA.pl -newca
+CA.pl -newreq
+CA.pl -signreq
+CA.pl -pkcs12 "My Test Certificate"
+ +

DSA CERTIFICATES

+ +

Although the CA.pl creates RSA CAs and requests it is still possible to use it with DSA certificates and requests using the req(1) command directly. The following example shows the steps that would typically be taken.

+ +

Create some DSA parameters:

+ +
openssl dsaparam -out dsap.pem 1024
+ +

Create a DSA CA certificate and private key:

+ +
openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem
+ +

Create the CA directories and files:

+ +
CA.pl -newca
+ +

enter cacert.pem when prompted for the CA file name.

+ +

Create a DSA certificate request and private key (a different set of parameters can optionally be created first):

+ +
openssl req -out newreq.pem -newkey dsa:dsap.pem
+ +

Sign the request:

+ +
CA.pl -signreq
+ +

NOTES

+ +

Most of the filenames mentioned can be modified by editing the CA.pl script.

+ +

If the demoCA directory already exists then the -newca command will not overwrite it and will do nothing. This can happen if a previous call using the -newca option terminated abnormally. To get the correct behaviour delete the demoCA directory if it already exists.

+ +

Under some environments it may not be possible to run the CA.pl script directly (for example Win32) and the default configuration file location may be wrong. In this case the command:

+ +
perl -S CA.pl
+ +

can be used and the OPENSSL_CONF environment variable changed to point to the correct path of the configuration file.

+ +

The script is intended as a simple front end for the openssl program for use by a beginner. Its behaviour isn't always what is wanted. For more control over the behaviour of the certificate commands call the openssl command directly.

+ +

SEE ALSO

+ +

x509(1), ca(1), req(1), pkcs12(1), config(5)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/asn1parse.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/asn1parse.html new file mode 100644 index 00000000..d7b6f514 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/asn1parse.html @@ -0,0 +1,227 @@ + + + + +asn1parse + + + + + + + + + + +

NAME

+ +

openssl-asn1parse, asn1parse - ASN.1 parsing tool

+ +

SYNOPSIS

+ +

openssl asn1parse [-help] [-inform PEM|DER] [-in filename] [-out filename] [-noout] [-offset number] [-length number] [-i] [-oid filename] [-dump] [-dlimit num] [-strparse offset] [-genstr string] [-genconf file] [-strictpem] [-item name]

+ +

DESCRIPTION

+ +

The asn1parse command is a diagnostic utility that can parse ASN.1 structures. It can also be used to extract data from ASN.1 formatted data.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

The input format. DER is binary format and PEM (the default) is base64 encoded.

+ +
+
-in filename
+
+ +

The input file, default is standard input.

+ +
+
-out filename
+
+ +

Output file to place the DER encoded data into. If this option is not present then no data will be output. This is most useful when combined with the -strparse option.

+ +
+
-noout
+
+ +

Don't output the parsed version of the input file.

+ +
+
-offset number
+
+ +

Starting offset to begin parsing, default is start of file.

+ +
+
-length number
+
+ +

Number of bytes to parse, default is until end of file.

+ +
+
-i
+
+ +

Indents the output according to the "depth" of the structures.

+ +
+
-oid filename
+
+ +

A file containing additional OBJECT IDENTIFIERs (OIDs). The format of this file is described in the NOTES section below.

+ +
+
-dump
+
+ +

Dump unknown data in hex format.

+ +
+
-dlimit num
+
+ +

Like -dump, but only the first num bytes are output.

+ +
+
-strparse offset
+
+ +

Parse the contents octets of the ASN.1 object starting at offset. This option can be used multiple times to "drill down" into a nested structure.

+ +
+
-genstr string, -genconf file
+
+ +

Generate encoded data based on string, file or both using ASN1_generate_nconf(3) format. If file only is present then the string is obtained from the default section using the name asn1. The encoded data is passed through the ASN1 parser and printed out as though it came from a file, the contents can thus be examined and written to a file using the out option.

+ +
+
-strictpem
+
+ +

If this option is used then -inform will be ignored. Without this option any data in a PEM format input file will be treated as being base64 encoded and processed whether it has the normal PEM BEGIN and END markers or not. This option will ignore any data prior to the start of the BEGIN marker, or after an END marker in a PEM file.

+ +
+
-item name
+
+ +

Attempt to decode and print the data as ASN1_ITEM name. This can be used to print out the fields of any supported ASN.1 structure if the type is known.

+ +
+
+ +

Output

+ +

The output will typically contain lines like this:

+ +
0:d=0  hl=4 l= 681 cons: SEQUENCE
+ +

.....

+ +
229:d=3  hl=3 l= 141 prim: BIT STRING
+373:d=2  hl=3 l= 162 cons: cont [ 3 ]
+376:d=3  hl=3 l= 159 cons: SEQUENCE
+379:d=4  hl=2 l=  29 cons: SEQUENCE
+381:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
+386:d=5  hl=2 l=  22 prim: OCTET STRING
+410:d=4  hl=2 l= 112 cons: SEQUENCE
+412:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
+417:d=5  hl=2 l= 105 prim: OCTET STRING
+524:d=4  hl=2 l=  12 cons: SEQUENCE
+ +

.....

+ +

This example is part of a self-signed certificate. Each line starts with the offset in decimal. d=XX specifies the current depth. The depth is increased within the scope of any SET or SEQUENCE. hl=XX gives the header length (tag and length octets) of the current type. l=XX gives the length of the contents octets.

+ +

The -i option can be used to make the output more readable.

+ +

Some knowledge of the ASN.1 structure is needed to interpret the output.

+ +

In this example the BIT STRING at offset 229 is the certificate public key. The contents octets of this will contain the public key information. This can be examined using the option -strparse 229 to yield:

+ +
  0:d=0  hl=3 l= 137 cons: SEQUENCE
+  3:d=1  hl=3 l= 129 prim: INTEGER           :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
+135:d=1  hl=2 l=   3 prim: INTEGER           :010001
+ +

NOTES

+ +

If an OID is not part of OpenSSL's internal table it will be represented in numerical form (for example 1.2.3.4). The file passed to the -oid option allows additional OIDs to be included. Each line consists of three columns, the first column is the OID in numerical format and should be followed by white space. The second column is the "short name" which is a single word followed by white space. The final column is the rest of the line and is the "long name". asn1parse displays the long name. Example:

+ +

1.2.3.4 shortName A long name

+ +

EXAMPLES

+ +

Parse a file:

+ +
openssl asn1parse -in file.pem
+ +

Parse a DER file:

+ +
openssl asn1parse -inform DER -in file.der
+ +

Generate a simple UTF8String:

+ +
openssl asn1parse -genstr 'UTF8:Hello World'
+ +

Generate and write out a UTF8String, don't print parsed output:

+ +
openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der
+ +

Generate using a config file:

+ +
openssl asn1parse -genconf asn1.cnf -noout -out asn1.der
+ +

Example config file:

+ +
asn1=SEQUENCE:seq_sect
+
+[seq_sect]
+
+field1=BOOL:TRUE
+field2=EXP:0, UTF8:some random string
+ +

BUGS

+ +

There should be options to change the format of output lines. The output of some ASN.1 types is not well handled (if at all).

+ +

SEE ALSO

+ +

ASN1_generate_nconf(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ca.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ca.html new file mode 100644 index 00000000..7f277476 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ca.html @@ -0,0 +1,671 @@ + + + + +ca + + + + + + + + + + +

NAME

+ +

openssl-ca, ca - sample minimal CA application

+ +

SYNOPSIS

+ +

openssl ca [-help] [-verbose] [-config filename] [-name section] [-gencrl] [-revoke file] [-valid file] [-status serial] [-updatedb] [-crl_reason reason] [-crl_hold instruction] [-crl_compromise time] [-crl_CA_compromise time] [-crldays days] [-crlhours hours] [-crlexts section] [-startdate date] [-enddate date] [-days arg] [-md arg] [-policy arg] [-keyfile arg] [-keyform PEM|DER] [-key arg] [-passin arg] [-cert file] [-selfsign] [-in file] [-out file] [-notext] [-outdir dir] [-infiles] [-spkac file] [-ss_cert file] [-preserveDN] [-noemailDN] [-batch] [-msie_hack] [-extensions section] [-extfile section] [-engine id] [-subj arg] [-utf8] [-sigopt nm:v] [-create_serial] [-rand_serial] [-multivalue-rdn] [-rand file...] [-writerand file]

+ +

DESCRIPTION

+ +

The ca command is a minimal CA application. It can be used to sign certificate requests in a variety of forms and generate CRLs it also maintains a text database of issued certificates and their status.

+ +

The options descriptions will be divided into each purpose.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-verbose
+
+ +

This prints extra details about the operations being performed.

+ +
+
-config filename
+
+ +

Specifies the configuration file to use. Optional; for a description of the default value, see "COMMAND SUMMARY" in openssl(1).

+ +
+
-name section
+
+ +

Specifies the configuration file section to use (overrides default_ca in the ca section).

+ +
+
-in filename
+
+ +

An input filename containing a single certificate request to be signed by the CA.

+ +
+
-ss_cert filename
+
+ +

A single self-signed certificate to be signed by the CA.

+ +
+
-spkac filename
+
+ +

A file containing a single Netscape signed public key and challenge and additional field values to be signed by the CA. See the SPKAC FORMAT section for information on the required input and output format.

+ +
+
-infiles
+
+ +

If present this should be the last option, all subsequent arguments are taken as the names of files containing certificate requests.

+ +
+
-out filename
+
+ +

The output file to output certificates to. The default is standard output. The certificate details will also be printed out to this file in PEM format (except that -spkac outputs DER format).

+ +
+
-outdir directory
+
+ +

The directory to output certificates to. The certificate will be written to a filename consisting of the serial number in hex with ".pem" appended.

+ +
+
-cert
+
+ +

The CA certificate file.

+ +
+
-keyfile filename
+
+ +

The private key to sign requests with.

+ +
+
-keyform PEM|DER
+
+ +

The format of the data in the private key file. The default is PEM.

+ +
+
-sigopt nm:v
+
+ +

Pass options to the signature algorithm during sign or verify operations. Names and values of these options are algorithm-specific.

+ +
+
-key password
+
+ +

The password used to encrypt the private key. Since on some systems the command line arguments are visible (e.g. Unix with the 'ps' utility) this option should be used with caution.

+ +
+
-selfsign
+
+ +

Indicates the issued certificates are to be signed with the key the certificate requests were signed with (given with -keyfile). Certificate requests signed with a different key are ignored. If -spkac, -ss_cert or -gencrl are given, -selfsign is ignored.

+ +

A consequence of using -selfsign is that the self-signed certificate appears among the entries in the certificate database (see the configuration option database), and uses the same serial number counter as all other certificates sign with the self-signed certificate.

+ +
+
-passin arg
+
+ +

The key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-notext
+
+ +

Don't output the text form of a certificate to the output file.

+ +
+
-startdate date
+
+ +

This allows the start date to be explicitly set. The format of the date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In both formats, seconds SS and timezone Z must be present.

+ +
+
-enddate date
+
+ +

This allows the expiry date to be explicitly set. The format of the date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In both formats, seconds SS and timezone Z must be present.

+ +
+
-days arg
+
+ +

The number of days to certify the certificate for.

+ +
+
-md alg
+
+ +

The message digest to use. Any digest supported by the OpenSSL dgst command can be used. For signing algorithms that do not support a digest (i.e. Ed25519 and Ed448) any message digest that is set is ignored. This option also applies to CRLs.

+ +
+
-policy arg
+
+ +

This option defines the CA "policy" to use. This is a section in the configuration file which decides which fields should be mandatory or match the CA certificate. Check out the POLICY FORMAT section for more information.

+ +
+
-msie_hack
+
+ +

This is a deprecated option to make ca work with very old versions of the IE certificate enrollment control "certenr3". It used UniversalStrings for almost everything. Since the old control has various security bugs its use is strongly discouraged.

+ +
+
-preserveDN
+
+ +

Normally the DN order of a certificate is the same as the order of the fields in the relevant policy section. When this option is set the order is the same as the request. This is largely for compatibility with the older IE enrollment control which would only accept certificates if their DNs match the order of the request. This is not needed for Xenroll.

+ +
+
-noemailDN
+
+ +

The DN of a certificate can contain the EMAIL field if present in the request DN, however it is good policy just having the e-mail set into the altName extension of the certificate. When this option is set the EMAIL field is removed from the certificate' subject and set only in the, eventually present, extensions. The email_in_dn keyword can be used in the configuration file to enable this behaviour.

+ +
+
-batch
+
+ +

This sets the batch mode. In this mode no questions will be asked and all certificates will be certified automatically.

+ +
+
-extensions section
+
+ +

The section of the configuration file containing certificate extensions to be added when a certificate is issued (defaults to x509_extensions unless the -extfile option is used). If no extension section is present then, a V1 certificate is created. If the extension section is present (even if it is empty), then a V3 certificate is created. See the x509v3_config(5) manual page for details of the extension section format.

+ +
+
-extfile file
+
+ +

An additional configuration file to read certificate extensions from (using the default section unless the -extensions option is also used).

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause ca to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-subj arg
+
+ +

Supersedes subject name given in the request. The arg must be formatted as /type0=value0/type1=value1/type2=.... Keyword characters may be escaped by \ (backslash), and whitespace is retained. Empty values are permitted, but the corresponding type will not be included in the resulting certificate.

+ +
+
-utf8
+
+ +

This option causes field values to be interpreted as UTF8 strings, by default they are interpreted as ASCII. This means that the field values, whether prompted from a terminal or obtained from a configuration file, must be valid UTF8 strings.

+ +
+
-create_serial
+
+ +

If reading serial from the text file as specified in the configuration fails, specifying this option creates a new random serial to be used as next serial number. To get random serial numbers, use the -rand_serial flag instead; this should only be used for simple error-recovery.

+ +
+
-rand_serial
+
+ +

Generate a large random number to use as the serial number. This overrides any option or configuration to use a serial number file.

+ +
+
-multivalue-rdn
+
+ +

This option causes the -subj argument to be interpreted with full support for multivalued RDNs. Example:

+ +

/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe

+ +

If -multi-rdn is not used then the UID value is 123456+CN=John Doe.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
+ +

CRL OPTIONS

+ +
+ +
-gencrl
+
+ +

This option generates a CRL based on information in the index file.

+ +
+
-crldays num
+
+ +

The number of days before the next CRL is due. That is the days from now to place in the CRL nextUpdate field.

+ +
+
-crlhours num
+
+ +

The number of hours before the next CRL is due.

+ +
+
-revoke filename
+
+ +

A filename containing a certificate to revoke.

+ +
+
-valid filename
+
+ +

A filename containing a certificate to add a Valid certificate entry.

+ +
+
-status serial
+
+ +

Displays the revocation status of the certificate with the specified serial number and exits.

+ +
+
-updatedb
+
+ +

Updates the database index to purge expired certificates.

+ +
+
-crl_reason reason
+
+ +

Revocation reason, where reason is one of: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold or removeFromCRL. The matching of reason is case insensitive. Setting any revocation reason will make the CRL v2.

+ +

In practice removeFromCRL is not particularly useful because it is only used in delta CRLs which are not currently implemented.

+ +
+
-crl_hold instruction
+
+ +

This sets the CRL revocation reason code to certificateHold and the hold instruction to instruction which must be an OID. Although any OID can be used only holdInstructionNone (the use of which is discouraged by RFC2459) holdInstructionCallIssuer or holdInstructionReject will normally be used.

+ +
+
-crl_compromise time
+
+ +

This sets the revocation reason to keyCompromise and the compromise time to time. time should be in GeneralizedTime format that is YYYYMMDDHHMMSSZ.

+ +
+
-crl_CA_compromise time
+
+ +

This is the same as crl_compromise except the revocation reason is set to CACompromise.

+ +
+
-crlexts section
+
+ +

The section of the configuration file containing CRL extensions to include. If no CRL extension section is present then a V1 CRL is created, if the CRL extension section is present (even if it is empty) then a V2 CRL is created. The CRL extensions specified are CRL extensions and not CRL entry extensions. It should be noted that some software (for example Netscape) can't handle V2 CRLs. See x509v3_config(5) manual page for details of the extension section format.

+ +
+
+ +

CONFIGURATION FILE OPTIONS

+ +

The section of the configuration file containing options for ca is found as follows: If the -name command line option is used, then it names the section to be used. Otherwise the section to be used must be named in the default_ca option of the ca section of the configuration file (or in the default section of the configuration file). Besides default_ca, the following options are read directly from the ca section: RANDFILE preserve msie_hack With the exception of RANDFILE, this is probably a bug and may change in future releases.

+ +

Many of the configuration file options are identical to command line options. Where the option is present in the configuration file and the command line the command line value is used. Where an option is described as mandatory then it must be present in the configuration file or the command line equivalent (if any) used.

+ +
+ +
oid_file
+
+ +

This specifies a file containing additional OBJECT IDENTIFIERS. Each line of the file should consist of the numerical form of the object identifier followed by white space then the short name followed by white space and finally the long name.

+ +
+
oid_section
+
+ +

This specifies a section in the configuration file containing extra object identifiers. Each line should consist of the short name of the object identifier followed by = and the numerical form. The short and long names are the same when this option is used.

+ +
+
new_certs_dir
+
+ +

The same as the -outdir command line option. It specifies the directory where new certificates will be placed. Mandatory.

+ +
+
certificate
+
+ +

The same as -cert. It gives the file containing the CA certificate. Mandatory.

+ +
+
private_key
+
+ +

Same as the -keyfile option. The file containing the CA private key. Mandatory.

+ +
+
RANDFILE
+
+ +

At startup the specified file is loaded into the random number generator, and at exit 256 bytes will be written to it.

+ +
+
default_days
+
+ +

The same as the -days option. The number of days to certify a certificate for.

+ +
+
default_startdate
+
+ +

The same as the -startdate option. The start date to certify a certificate for. If not set the current time is used.

+ +
+
default_enddate
+
+ +

The same as the -enddate option. Either this option or default_days (or the command line equivalents) must be present.

+ +
+
default_crl_hours default_crl_days
+
+ +

The same as the -crlhours and the -crldays options. These will only be used if neither command line option is present. At least one of these must be present to generate a CRL.

+ +
+
default_md
+
+ +

The same as the -md option. Mandatory except where the signing algorithm does not require a digest (i.e. Ed25519 and Ed448).

+ +
+
database
+
+ +

The text database file to use. Mandatory. This file must be present though initially it will be empty.

+ +
+
unique_subject
+
+ +

If the value yes is given, the valid certificate entries in the database must have unique subjects. if the value no is given, several valid certificate entries may have the exact same subject. The default value is yes, to be compatible with older (pre 0.9.8) versions of OpenSSL. However, to make CA certificate roll-over easier, it's recommended to use the value no, especially if combined with the -selfsign command line option.

+ +

Note that it is valid in some circumstances for certificates to be created without any subject. In the case where there are multiple certificates without subjects this does not count as a duplicate.

+ +
+
serial
+
+ +

A text file containing the next serial number to use in hex. Mandatory. This file must be present and contain a valid serial number.

+ +
+
crlnumber
+
+ +

A text file containing the next CRL number to use in hex. The crl number will be inserted in the CRLs only if this file exists. If this file is present, it must contain a valid CRL number.

+ +
+
x509_extensions
+
+ +

The same as -extensions.

+ +
+
crl_extensions
+
+ +

The same as -crlexts.

+ +
+
preserve
+
+ +

The same as -preserveDN

+ +
+
email_in_dn
+
+ +

The same as -noemailDN. If you want the EMAIL field to be removed from the DN of the certificate simply set this to 'no'. If not present the default is to allow for the EMAIL filed in the certificate's DN.

+ +
+
msie_hack
+
+ +

The same as -msie_hack

+ +
+
policy
+
+ +

The same as -policy. Mandatory. See the POLICY FORMAT section for more information.

+ +
+
name_opt, cert_opt
+
+ +

These options allow the format used to display the certificate details when asking the user to confirm signing. All the options supported by the x509 utilities -nameopt and -certopt switches can be used here, except the no_signame and no_sigdump are permanently set and cannot be disabled (this is because the certificate signature cannot be displayed because the certificate has not been signed at this point).

+ +

For convenience the values ca_default are accepted by both to produce a reasonable output.

+ +

If neither option is present the format used in earlier versions of OpenSSL is used. Use of the old format is strongly discouraged because it only displays fields mentioned in the policy section, mishandles multicharacter string types and does not display extensions.

+ +
+
copy_extensions
+
+ +

Determines how extensions in certificate requests should be handled. If set to none or this option is not present then extensions are ignored and not copied to the certificate. If set to copy then any extensions present in the request that are not already present are copied to the certificate. If set to copyall then all extensions in the request are copied to the certificate: if the extension is already present in the certificate it is deleted first. See the WARNINGS section before using this option.

+ +

The main use of this option is to allow a certificate request to supply values for certain extensions such as subjectAltName.

+ +
+
+ +

POLICY FORMAT

+ +

The policy section consists of a set of variables corresponding to certificate DN fields. If the value is "match" then the field value must match the same field in the CA certificate. If the value is "supplied" then it must be present. If the value is "optional" then it may be present. Any fields not mentioned in the policy section are silently deleted, unless the -preserveDN option is set but this can be regarded more of a quirk than intended behaviour.

+ +

SPKAC FORMAT

+ +

The input to the -spkac command line option is a Netscape signed public key and challenge. This will usually come from the KEYGEN tag in an HTML form to create a new private key. It is however possible to create SPKACs using the spkac utility.

+ +

The file should contain the variable SPKAC set to the value of the SPKAC and also the required DN components as name value pairs. If you need to include the same component twice then it can be preceded by a number and a '.'.

+ +

When processing SPKAC format, the output is DER if the -out flag is used, but PEM format if sending to stdout or the -outdir flag is used.

+ +

EXAMPLES

+ +

Note: these examples assume that the ca directory structure is already set up and the relevant files already exist. This usually involves creating a CA certificate and private key with req, a serial number file and an empty index file and placing them in the relevant directories.

+ +

To use the sample configuration file below the directories demoCA, demoCA/private and demoCA/newcerts would be created. The CA certificate would be copied to demoCA/cacert.pem and its private key to demoCA/private/cakey.pem. A file demoCA/serial would be created containing for example "01" and the empty index file demoCA/index.txt.

+ +

Sign a certificate request:

+ +
openssl ca -in req.pem -out newcert.pem
+ +

Sign a certificate request, using CA extensions:

+ +
openssl ca -in req.pem -extensions v3_ca -out newcert.pem
+ +

Generate a CRL

+ +
openssl ca -gencrl -out crl.pem
+ +

Sign several requests:

+ +
openssl ca -infiles req1.pem req2.pem req3.pem
+ +

Certify a Netscape SPKAC:

+ +
openssl ca -spkac spkac.txt
+ +

A sample SPKAC file (the SPKAC line has been truncated for clarity):

+ +
SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5
+CN=Steve Test
+emailAddress=steve@openssl.org
+0.OU=OpenSSL Group
+1.OU=Another Group
+ +

A sample configuration file with the relevant sections for ca:

+ +
[ ca ]
+default_ca      = CA_default            # The default ca section
+
+[ CA_default ]
+
+dir            = ./demoCA              # top dir
+database       = $dir/index.txt        # index file.
+new_certs_dir  = $dir/newcerts         # new certs dir
+
+certificate    = $dir/cacert.pem       # The CA cert
+serial         = $dir/serial           # serial no file
+#rand_serial    = yes                  # for random serial#'s
+private_key    = $dir/private/cakey.pem# CA private key
+RANDFILE       = $dir/private/.rand    # random number file
+
+default_days   = 365                   # how long to certify for
+default_crl_days= 30                   # how long before next CRL
+default_md     = md5                   # md to use
+
+policy         = policy_any            # default policy
+email_in_dn    = no                    # Don't add the email into cert DN
+
+name_opt       = ca_default            # Subject name display option
+cert_opt       = ca_default            # Certificate display option
+copy_extensions = none                 # Don't copy extensions from request
+
+[ policy_any ]
+countryName            = supplied
+stateOrProvinceName    = optional
+organizationName       = optional
+organizationalUnitName = optional
+commonName             = supplied
+emailAddress           = optional
+ +

FILES

+ +

Note: the location of all files can change either by compile time options, configuration file entries, environment variables or command line options. The values below reflect the default values.

+ +
/usr/local/ssl/lib/openssl.cnf - master configuration file
+./demoCA                       - main CA directory
+./demoCA/cacert.pem            - CA certificate
+./demoCA/private/cakey.pem     - CA private key
+./demoCA/serial                - CA serial number file
+./demoCA/serial.old            - CA serial number backup file
+./demoCA/index.txt             - CA text database file
+./demoCA/index.txt.old         - CA text database backup file
+./demoCA/certs                 - certificate output file
+./demoCA/.rnd                  - CA random seed information
+ +

RESTRICTIONS

+ +

The text database index file is a critical part of the process and if corrupted it can be difficult to fix. It is theoretically possible to rebuild the index file from all the issued certificates and a current CRL: however there is no option to do this.

+ +

V2 CRL features like delta CRLs are not currently supported.

+ +

Although several requests can be input and handled at once it is only possible to include one SPKAC or self-signed certificate.

+ +

BUGS

+ +

The use of an in-memory text database can cause problems when large numbers of certificates are present because, as the name implies the database has to be kept in memory.

+ +

The ca command really needs rewriting or the required functionality exposed at either a command or interface level so a more friendly utility (perl script or GUI) can handle things properly. The script CA.pl helps a little but not very much.

+ +

Any fields in a request that are not present in a policy are silently deleted. This does not happen if the -preserveDN option is used. To enforce the absence of the EMAIL field within the DN, as suggested by RFCs, regardless the contents of the request' subject the -noemailDN option can be used. The behaviour should be more friendly and configurable.

+ +

Canceling some commands by refusing to certify a certificate can create an empty file.

+ +

WARNINGS

+ +

The ca command is quirky and at times downright unfriendly.

+ +

The ca utility was originally meant as an example of how to do things in a CA. It was not supposed to be used as a full blown CA itself: nevertheless some people are using it for this purpose.

+ +

The ca command is effectively a single user command: no locking is done on the various files and attempts to run more than one ca command on the same database can have unpredictable results.

+ +

The copy_extensions option should be used with caution. If care is not taken then it can be a security risk. For example if a certificate request contains a basicConstraints extension with CA:TRUE and the copy_extensions value is set to copyall and the user does not spot this when the certificate is displayed then this will hand the requester a valid CA certificate.

+ +

This situation can be avoided by setting copy_extensions to copy and including basicConstraints with CA:FALSE in the configuration file. Then if the request contains a basicConstraints extension it will be ignored.

+ +

It is advisable to also include values for other extensions such as keyUsage to prevent a request supplying its own values.

+ +

Additional restrictions can be placed on the CA certificate itself. For example if the CA certificate has:

+ +
basicConstraints = CA:TRUE, pathlen:0
+ +

then even if a certificate is issued with CA:TRUE it will not be valid.

+ +

HISTORY

+ +

Since OpenSSL 1.1.1, the program follows RFC5280. Specifically, certificate validity period (specified by any of -startdate, -enddate and -days) will be encoded as UTCTime if the dates are earlier than year 2049 (included), and as GeneralizedTime if the dates are in year 2050 or later.

+ +

SEE ALSO

+ +

req(1), spkac(1), x509(1), CA.pl(1), config(5), x509v3_config(5)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ciphers.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ciphers.html new file mode 100644 index 00000000..98131fc7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ciphers.html @@ -0,0 +1,811 @@ + + + + +ciphers + + + + + + + + + + +

NAME

+ +

openssl-ciphers, ciphers - SSL cipher display and cipher list tool

+ +

SYNOPSIS

+ +

openssl ciphers [-help] [-s] [-v] [-V] [-ssl3] [-tls1] [-tls1_1] [-tls1_2] [-tls1_3] [-s] [-psk] [-srp] [-stdname] [-convert name] [-ciphersuites val] [cipherlist]

+ +

DESCRIPTION

+ +

The ciphers command converts textual OpenSSL cipher lists into ordered SSL cipher preference lists. It can be used as a test tool to determine the appropriate cipherlist.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print a usage message.

+ +
+
-s
+
+ +

Only list supported ciphers: those consistent with the security level, and minimum and maximum protocol version. This is closer to the actual cipher list an application will support.

+ +

PSK and SRP ciphers are not enabled by default: they require -psk or -srp to enable them.

+ +

It also does not change the default list of supported signature algorithms.

+ +

On a server the list of supported ciphers might also exclude other ciphers depending on the configured certificates and presence of DH parameters.

+ +

If this option is not used then all ciphers that match the cipherlist will be listed.

+ +
+
-psk
+
+ +

When combined with -s includes cipher suites which require PSK.

+ +
+
-srp
+
+ +

When combined with -s includes cipher suites which require SRP.

+ +
+
-v
+
+ +

Verbose output: For each cipher suite, list details as provided by SSL_CIPHER_description(3).

+ +
+
-V
+
+ +

Like -v, but include the official cipher suite values in hex.

+ +
+
-tls1_3, -tls1_2, -tls1_1, -tls1, -ssl3
+
+ +

In combination with the -s option, list the ciphers which could be used if the specified protocol were negotiated. Note that not all protocols and flags may be available, depending on how OpenSSL was built.

+ +
+
-stdname
+
+ +

Precede each cipher suite by its standard name.

+ +
+
-convert name
+
+ +

Convert a standard cipher name to its OpenSSL name.

+ +
+
-ciphersuites val
+
+ +

Sets the list of TLSv1.3 ciphersuites. This list will be combined with any TLSv1.2 and below ciphersuites that have been configured. The format for this list is a simple colon (":") separated list of TLSv1.3 ciphersuite names. By default this value is:

+ +
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+ +
+
cipherlist
+
+ +

A cipher list of TLSv1.2 and below ciphersuites to convert to a cipher preference list. This list will be combined with any TLSv1.3 ciphersuites that have been configured. If it is not included then the default cipher list will be used. The format is described below.

+ +
+
+ +

CIPHER LIST FORMAT

+ +

The cipher list consists of one or more cipher strings separated by colons. Commas or spaces are also acceptable separators but colons are normally used.

+ +

The actual cipher string can take several different forms.

+ +

It can consist of a single cipher suite such as RC4-SHA.

+ +

It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For example SHA1 represents all ciphers suites using the digest algorithm SHA1 and SSLv3 represents all SSL v3 algorithms.

+ +

Lists of cipher suites can be combined in a single cipher string using the + character. This is used as a logical and operation. For example SHA1+DES represents all cipher suites containing the SHA1 and the DES algorithms.

+ +

Each cipher string can be optionally preceded by the characters !, - or +.

+ +

If ! is used then the ciphers are permanently deleted from the list. The ciphers deleted can never reappear in the list even if they are explicitly stated.

+ +

If - is used then the ciphers are deleted from the list, but some or all of the ciphers can be added again by later options.

+ +

If + is used then the ciphers are moved to the end of the list. This option doesn't add any new ciphers it just moves matching existing ones.

+ +

If none of these characters is present then the string is just interpreted as a list of ciphers to be appended to the current preference list. If the list includes any ciphers already present they will be ignored: that is they will not moved to the end of the list.

+ +

The cipher string @STRENGTH can be used at any point to sort the current cipher list in order of encryption algorithm key length.

+ +

The cipher string @SECLEVEL=n can be used at any point to set the security level to n, which should be a number between zero and five, inclusive. See SSL_CTX_set_security_level for a description of what each level means.

+ +

The cipher list can be prefixed with the DEFAULT keyword, which enables the default cipher list as defined below. Unlike cipher strings, this prefix may not be combined with other strings using + character. For example, DEFAULT+DES is not valid.

+ +

The content of the default list is determined at compile time and normally corresponds to ALL:!COMPLEMENTOFDEFAULT:!eNULL.

+ +

CIPHER STRINGS

+ +

The following is a list of all permitted cipher strings and their meanings.

+ +
+ +
COMPLEMENTOFDEFAULT
+
+ +

The ciphers included in ALL, but not enabled by default. Currently this includes all RC4 and anonymous ciphers. Note that this rule does not cover eNULL, which is not included by ALL (use COMPLEMENTOFALL if necessary). Note that RC4 based cipher suites are not built into OpenSSL by default (see the enable-weak-ssl-ciphers option to Configure).

+ +
+
ALL
+
+ +

All cipher suites except the eNULL ciphers (which must be explicitly enabled if needed). As of OpenSSL 1.0.0, the ALL cipher suites are sensibly ordered by default.

+ +
+
COMPLEMENTOFALL
+
+ +

The cipher suites not enabled by ALL, currently eNULL.

+ +
+
HIGH
+
+ +

"High" encryption cipher suites. This currently means those with key lengths larger than 128 bits, and some cipher suites with 128-bit keys.

+ +
+
MEDIUM
+
+ +

"Medium" encryption cipher suites, currently some of those using 128 bit encryption.

+ +
+
LOW
+
+ +

"Low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms but excluding export cipher suites. All these cipher suites have been removed as of OpenSSL 1.1.0.

+ +
+
eNULL, NULL
+
+ +

The "NULL" ciphers that is those offering no encryption. Because these offer no encryption at all and are a security risk they are not enabled via either the DEFAULT or ALL cipher strings. Be careful when building cipherlists out of lower-level primitives such as kRSA or aECDSA as these do overlap with the eNULL ciphers. When in doubt, include !eNULL in your cipherlist.

+ +
+
aNULL
+
+ +

The cipher suites offering no authentication. This is currently the anonymous DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable to "man in the middle" attacks and so their use is discouraged. These are excluded from the DEFAULT ciphers, but included in the ALL ciphers. Be careful when building cipherlists out of lower-level primitives such as kDHE or AES as these do overlap with the aNULL ciphers. When in doubt, include !aNULL in your cipherlist.

+ +
+
kRSA, aRSA, RSA
+
+ +

Cipher suites using RSA key exchange or authentication. RSA is an alias for kRSA.

+ +
+
kDHr, kDHd, kDH
+
+ +

Cipher suites using static DH key agreement and DH certificates signed by CAs with RSA and DSS keys or either respectively. All these cipher suites have been removed in OpenSSL 1.1.0.

+ +
+
kDHE, kEDH, DH
+
+ +

Cipher suites using ephemeral DH key agreement, including anonymous cipher suites.

+ +
+
DHE, EDH
+
+ +

Cipher suites using authenticated ephemeral DH key agreement.

+ +
+
ADH
+
+ +

Anonymous DH cipher suites, note that this does not include anonymous Elliptic Curve DH (ECDH) cipher suites.

+ +
+
kEECDH, kECDHE, ECDH
+
+ +

Cipher suites using ephemeral ECDH key agreement, including anonymous cipher suites.

+ +
+
ECDHE, EECDH
+
+ +

Cipher suites using authenticated ephemeral ECDH key agreement.

+ +
+
AECDH
+
+ +

Anonymous Elliptic Curve Diffie-Hellman cipher suites.

+ +
+
aDSS, DSS
+
+ +

Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.

+ +
+
aDH
+
+ +

Cipher suites effectively using DH authentication, i.e. the certificates carry DH keys. All these cipher suites have been removed in OpenSSL 1.1.0.

+ +
+
aECDSA, ECDSA
+
+ +

Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA keys.

+ +
+
TLSv1.2, TLSv1.0, SSLv3
+
+ +

Lists cipher suites which are only supported in at least TLS v1.2, TLS v1.0 or SSL v3.0 respectively. Note: there are no cipher suites specific to TLS v1.1. Since this is only the minimum version, if, for example, TLSv1.0 is negotiated then both TLSv1.0 and SSLv3.0 cipher suites are available.

+ +

Note: these cipher strings do not change the negotiated version of SSL or TLS, they only affect the list of available cipher suites.

+ +
+
AES128, AES256, AES
+
+ +

cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES.

+ +
+
AESGCM
+
+ +

AES in Galois Counter Mode (GCM): these cipher suites are only supported in TLS v1.2.

+ +
+
AESCCM, AESCCM8
+
+ +

AES in Cipher Block Chaining - Message Authentication Mode (CCM): these cipher suites are only supported in TLS v1.2. AESCCM references CCM cipher suites using both 16 and 8 octet Integrity Check Value (ICV) while AESCCM8 only references 8 octet ICV.

+ +
+
ARIA128, ARIA256, ARIA
+
+ +

Cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit ARIA.

+ +
+
CAMELLIA128, CAMELLIA256, CAMELLIA
+
+ +

Cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit CAMELLIA.

+ +
+
CHACHA20
+
+ +

Cipher suites using ChaCha20.

+ +
+
3DES
+
+ +

Cipher suites using triple DES.

+ +
+
DES
+
+ +

Cipher suites using DES (not triple DES). All these cipher suites have been removed in OpenSSL 1.1.0.

+ +
+
RC4
+
+ +

Cipher suites using RC4.

+ +
+
RC2
+
+ +

Cipher suites using RC2.

+ +
+
IDEA
+
+ +

Cipher suites using IDEA.

+ +
+
SEED
+
+ +

Cipher suites using SEED.

+ +
+
MD5
+
+ +

Cipher suites using MD5.

+ +
+
SHA1, SHA
+
+ +

Cipher suites using SHA1.

+ +
+
SHA256, SHA384
+
+ +

Cipher suites using SHA256 or SHA384.

+ +
+
aGOST
+
+ +

Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication (needs an engine supporting GOST algorithms).

+ +
+
aGOST01
+
+ +

Cipher suites using GOST R 34.10-2001 authentication.

+ +
+
kGOST
+
+ +

Cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.

+ +
+
GOST94
+
+ +

Cipher suites, using HMAC based on GOST R 34.11-94.

+ +
+
GOST89MAC
+
+ +

Cipher suites using GOST 28147-89 MAC instead of HMAC.

+ +
+
PSK
+
+ +

All cipher suites using pre-shared keys (PSK).

+ +
+
kPSK, kECDHEPSK, kDHEPSK, kRSAPSK
+
+ +

Cipher suites using PSK key exchange, ECDHE_PSK, DHE_PSK or RSA_PSK.

+ +
+
aPSK
+
+ +

Cipher suites using PSK authentication (currently all PSK modes apart from RSA_PSK).

+ +
+
SUITEB128, SUITEB128ONLY, SUITEB192
+
+ +

Enables suite B mode of operation using 128 (permitting 192 bit mode by peer) 128 bit (not permitting 192 bit by peer) or 192 bit level of security respectively. If used these cipherstrings should appear first in the cipher list and anything after them is ignored. Setting Suite B mode has additional consequences required to comply with RFC6460. In particular the supported signature algorithms is reduced to support only ECDSA and SHA256 or SHA384, only the elliptic curves P-256 and P-384 can be used and only the two suite B compliant cipher suites (ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-ECDSA-AES256-GCM-SHA384) are permissible.

+ +
+
+ +

CIPHER SUITE NAMES

+ +

The following lists give the SSL or TLS cipher suites names from the relevant specification and their OpenSSL equivalents. It should be noted, that several cipher suite names do not include the authentication used, e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.

+ +

SSL v3.0 cipher suites

+ +
SSL_RSA_WITH_NULL_MD5                   NULL-MD5
+SSL_RSA_WITH_NULL_SHA                   NULL-SHA
+SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
+SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
+SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
+
+SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        DH-DSS-DES-CBC3-SHA
+SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        DH-RSA-DES-CBC3-SHA
+SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
+SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
+
+SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
+
+SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
+SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
+SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
+ +

TLS v1.0 cipher suites

+ +
TLS_RSA_WITH_NULL_MD5                   NULL-MD5
+TLS_RSA_WITH_NULL_SHA                   NULL-SHA
+TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
+TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
+TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
+
+TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
+TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
+
+TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
+ +

AES cipher suites from RFC3268, extending TLS v1.0

+ +
TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
+TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
+
+TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
+TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
+TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
+TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
+
+TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
+TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
+TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
+TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
+
+TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
+TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
+ +

Camellia cipher suites from RFC4132, extending TLS v1.0

+ +
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      CAMELLIA128-SHA
+TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      CAMELLIA256-SHA
+
+TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   DH-DSS-CAMELLIA128-SHA
+TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   DH-DSS-CAMELLIA256-SHA
+TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   DH-RSA-CAMELLIA128-SHA
+TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   DH-RSA-CAMELLIA256-SHA
+
+TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  DHE-DSS-CAMELLIA128-SHA
+TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  DHE-DSS-CAMELLIA256-SHA
+TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  DHE-RSA-CAMELLIA128-SHA
+TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  DHE-RSA-CAMELLIA256-SHA
+
+TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  ADH-CAMELLIA128-SHA
+TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  ADH-CAMELLIA256-SHA
+ +

SEED cipher suites from RFC4162, extending TLS v1.0

+ +
TLS_RSA_WITH_SEED_CBC_SHA              SEED-SHA
+
+TLS_DH_DSS_WITH_SEED_CBC_SHA           DH-DSS-SEED-SHA
+TLS_DH_RSA_WITH_SEED_CBC_SHA           DH-RSA-SEED-SHA
+
+TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
+TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA
+
+TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
+ +

GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0

+ +

Note: these ciphers require an engine which including GOST cryptographic algorithms, such as the ccgost engine, included in the OpenSSL distribution.

+ +
TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
+TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
+TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
+TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
+ +

Additional Export 1024 and other cipher suites

+ +

Note: these ciphers can also be used in SSL v3.

+ +
TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
+ +

Elliptic curve cipher suites.

+ +
TLS_ECDHE_RSA_WITH_NULL_SHA             ECDHE-RSA-NULL-SHA
+TLS_ECDHE_RSA_WITH_RC4_128_SHA          ECDHE-RSA-RC4-SHA
+TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     ECDHE-RSA-DES-CBC3-SHA
+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      ECDHE-RSA-AES128-SHA
+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      ECDHE-RSA-AES256-SHA
+
+TLS_ECDHE_ECDSA_WITH_NULL_SHA           ECDHE-ECDSA-NULL-SHA
+TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        ECDHE-ECDSA-RC4-SHA
+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   ECDHE-ECDSA-DES-CBC3-SHA
+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    ECDHE-ECDSA-AES128-SHA
+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    ECDHE-ECDSA-AES256-SHA
+
+TLS_ECDH_anon_WITH_NULL_SHA             AECDH-NULL-SHA
+TLS_ECDH_anon_WITH_RC4_128_SHA          AECDH-RC4-SHA
+TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     AECDH-DES-CBC3-SHA
+TLS_ECDH_anon_WITH_AES_128_CBC_SHA      AECDH-AES128-SHA
+TLS_ECDH_anon_WITH_AES_256_CBC_SHA      AECDH-AES256-SHA
+ +

TLS v1.2 cipher suites

+ +
TLS_RSA_WITH_NULL_SHA256                  NULL-SHA256
+
+TLS_RSA_WITH_AES_128_CBC_SHA256           AES128-SHA256
+TLS_RSA_WITH_AES_256_CBC_SHA256           AES256-SHA256
+TLS_RSA_WITH_AES_128_GCM_SHA256           AES128-GCM-SHA256
+TLS_RSA_WITH_AES_256_GCM_SHA384           AES256-GCM-SHA384
+
+TLS_DH_RSA_WITH_AES_128_CBC_SHA256        DH-RSA-AES128-SHA256
+TLS_DH_RSA_WITH_AES_256_CBC_SHA256        DH-RSA-AES256-SHA256
+TLS_DH_RSA_WITH_AES_128_GCM_SHA256        DH-RSA-AES128-GCM-SHA256
+TLS_DH_RSA_WITH_AES_256_GCM_SHA384        DH-RSA-AES256-GCM-SHA384
+
+TLS_DH_DSS_WITH_AES_128_CBC_SHA256        DH-DSS-AES128-SHA256
+TLS_DH_DSS_WITH_AES_256_CBC_SHA256        DH-DSS-AES256-SHA256
+TLS_DH_DSS_WITH_AES_128_GCM_SHA256        DH-DSS-AES128-GCM-SHA256
+TLS_DH_DSS_WITH_AES_256_GCM_SHA384        DH-DSS-AES256-GCM-SHA384
+
+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       DHE-RSA-AES128-SHA256
+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       DHE-RSA-AES256-SHA256
+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       DHE-RSA-AES128-GCM-SHA256
+TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       DHE-RSA-AES256-GCM-SHA384
+
+TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       DHE-DSS-AES128-SHA256
+TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       DHE-DSS-AES256-SHA256
+TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       DHE-DSS-AES128-GCM-SHA256
+TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       DHE-DSS-AES256-GCM-SHA384
+
+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     ECDHE-RSA-AES128-SHA256
+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     ECDHE-RSA-AES256-SHA384
+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     ECDHE-RSA-AES128-GCM-SHA256
+TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     ECDHE-RSA-AES256-GCM-SHA384
+
+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   ECDHE-ECDSA-AES128-SHA256
+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDHE-ECDSA-AES256-SHA384
+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDHE-ECDSA-AES128-GCM-SHA256
+TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDHE-ECDSA-AES256-GCM-SHA384
+
+TLS_DH_anon_WITH_AES_128_CBC_SHA256       ADH-AES128-SHA256
+TLS_DH_anon_WITH_AES_256_CBC_SHA256       ADH-AES256-SHA256
+TLS_DH_anon_WITH_AES_128_GCM_SHA256       ADH-AES128-GCM-SHA256
+TLS_DH_anon_WITH_AES_256_GCM_SHA384       ADH-AES256-GCM-SHA384
+
+RSA_WITH_AES_128_CCM                      AES128-CCM
+RSA_WITH_AES_256_CCM                      AES256-CCM
+DHE_RSA_WITH_AES_128_CCM                  DHE-RSA-AES128-CCM
+DHE_RSA_WITH_AES_256_CCM                  DHE-RSA-AES256-CCM
+RSA_WITH_AES_128_CCM_8                    AES128-CCM8
+RSA_WITH_AES_256_CCM_8                    AES256-CCM8
+DHE_RSA_WITH_AES_128_CCM_8                DHE-RSA-AES128-CCM8
+DHE_RSA_WITH_AES_256_CCM_8                DHE-RSA-AES256-CCM8
+ECDHE_ECDSA_WITH_AES_128_CCM              ECDHE-ECDSA-AES128-CCM
+ECDHE_ECDSA_WITH_AES_256_CCM              ECDHE-ECDSA-AES256-CCM
+ECDHE_ECDSA_WITH_AES_128_CCM_8            ECDHE-ECDSA-AES128-CCM8
+ECDHE_ECDSA_WITH_AES_256_CCM_8            ECDHE-ECDSA-AES256-CCM8
+ +

ARIA cipher suites from RFC6209, extending TLS v1.2

+ +

Note: the CBC modes mentioned in this RFC are not supported.

+ +
TLS_RSA_WITH_ARIA_128_GCM_SHA256          ARIA128-GCM-SHA256
+TLS_RSA_WITH_ARIA_256_GCM_SHA384          ARIA256-GCM-SHA384
+TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256      DHE-RSA-ARIA128-GCM-SHA256
+TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384      DHE-RSA-ARIA256-GCM-SHA384
+TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256      DHE-DSS-ARIA128-GCM-SHA256
+TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384      DHE-DSS-ARIA256-GCM-SHA384
+TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256  ECDHE-ECDSA-ARIA128-GCM-SHA256
+TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384  ECDHE-ECDSA-ARIA256-GCM-SHA384
+TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256    ECDHE-ARIA128-GCM-SHA256
+TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384    ECDHE-ARIA256-GCM-SHA384
+TLS_PSK_WITH_ARIA_128_GCM_SHA256          PSK-ARIA128-GCM-SHA256
+TLS_PSK_WITH_ARIA_256_GCM_SHA384          PSK-ARIA256-GCM-SHA384
+TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256      DHE-PSK-ARIA128-GCM-SHA256
+TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384      DHE-PSK-ARIA256-GCM-SHA384
+TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256      RSA-PSK-ARIA128-GCM-SHA256
+TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384      RSA-PSK-ARIA256-GCM-SHA384
+ +

Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2

+ +
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
+TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
+TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-RSA-CAMELLIA128-SHA256
+TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-RSA-CAMELLIA256-SHA384
+ +

Pre-shared keying (PSK) cipher suites

+ +
PSK_WITH_NULL_SHA                         PSK-NULL-SHA
+DHE_PSK_WITH_NULL_SHA                     DHE-PSK-NULL-SHA
+RSA_PSK_WITH_NULL_SHA                     RSA-PSK-NULL-SHA
+
+PSK_WITH_RC4_128_SHA                      PSK-RC4-SHA
+PSK_WITH_3DES_EDE_CBC_SHA                 PSK-3DES-EDE-CBC-SHA
+PSK_WITH_AES_128_CBC_SHA                  PSK-AES128-CBC-SHA
+PSK_WITH_AES_256_CBC_SHA                  PSK-AES256-CBC-SHA
+
+DHE_PSK_WITH_RC4_128_SHA                  DHE-PSK-RC4-SHA
+DHE_PSK_WITH_3DES_EDE_CBC_SHA             DHE-PSK-3DES-EDE-CBC-SHA
+DHE_PSK_WITH_AES_128_CBC_SHA              DHE-PSK-AES128-CBC-SHA
+DHE_PSK_WITH_AES_256_CBC_SHA              DHE-PSK-AES256-CBC-SHA
+
+RSA_PSK_WITH_RC4_128_SHA                  RSA-PSK-RC4-SHA
+RSA_PSK_WITH_3DES_EDE_CBC_SHA             RSA-PSK-3DES-EDE-CBC-SHA
+RSA_PSK_WITH_AES_128_CBC_SHA              RSA-PSK-AES128-CBC-SHA
+RSA_PSK_WITH_AES_256_CBC_SHA              RSA-PSK-AES256-CBC-SHA
+
+PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
+PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
+DHE_PSK_WITH_AES_128_GCM_SHA256           DHE-PSK-AES128-GCM-SHA256
+DHE_PSK_WITH_AES_256_GCM_SHA384           DHE-PSK-AES256-GCM-SHA384
+RSA_PSK_WITH_AES_128_GCM_SHA256           RSA-PSK-AES128-GCM-SHA256
+RSA_PSK_WITH_AES_256_GCM_SHA384           RSA-PSK-AES256-GCM-SHA384
+
+PSK_WITH_AES_128_CBC_SHA256               PSK-AES128-CBC-SHA256
+PSK_WITH_AES_256_CBC_SHA384               PSK-AES256-CBC-SHA384
+PSK_WITH_NULL_SHA256                      PSK-NULL-SHA256
+PSK_WITH_NULL_SHA384                      PSK-NULL-SHA384
+DHE_PSK_WITH_AES_128_CBC_SHA256           DHE-PSK-AES128-CBC-SHA256
+DHE_PSK_WITH_AES_256_CBC_SHA384           DHE-PSK-AES256-CBC-SHA384
+DHE_PSK_WITH_NULL_SHA256                  DHE-PSK-NULL-SHA256
+DHE_PSK_WITH_NULL_SHA384                  DHE-PSK-NULL-SHA384
+RSA_PSK_WITH_AES_128_CBC_SHA256           RSA-PSK-AES128-CBC-SHA256
+RSA_PSK_WITH_AES_256_CBC_SHA384           RSA-PSK-AES256-CBC-SHA384
+RSA_PSK_WITH_NULL_SHA256                  RSA-PSK-NULL-SHA256
+RSA_PSK_WITH_NULL_SHA384                  RSA-PSK-NULL-SHA384
+PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
+PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
+
+ECDHE_PSK_WITH_RC4_128_SHA                ECDHE-PSK-RC4-SHA
+ECDHE_PSK_WITH_3DES_EDE_CBC_SHA           ECDHE-PSK-3DES-EDE-CBC-SHA
+ECDHE_PSK_WITH_AES_128_CBC_SHA            ECDHE-PSK-AES128-CBC-SHA
+ECDHE_PSK_WITH_AES_256_CBC_SHA            ECDHE-PSK-AES256-CBC-SHA
+ECDHE_PSK_WITH_AES_128_CBC_SHA256         ECDHE-PSK-AES128-CBC-SHA256
+ECDHE_PSK_WITH_AES_256_CBC_SHA384         ECDHE-PSK-AES256-CBC-SHA384
+ECDHE_PSK_WITH_NULL_SHA                   ECDHE-PSK-NULL-SHA
+ECDHE_PSK_WITH_NULL_SHA256                ECDHE-PSK-NULL-SHA256
+ECDHE_PSK_WITH_NULL_SHA384                ECDHE-PSK-NULL-SHA384
+
+PSK_WITH_CAMELLIA_128_CBC_SHA256          PSK-CAMELLIA128-SHA256
+PSK_WITH_CAMELLIA_256_CBC_SHA384          PSK-CAMELLIA256-SHA384
+
+DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256      DHE-PSK-CAMELLIA128-SHA256
+DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384      DHE-PSK-CAMELLIA256-SHA384
+
+RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256      RSA-PSK-CAMELLIA128-SHA256
+RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384      RSA-PSK-CAMELLIA256-SHA384
+
+ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256    ECDHE-PSK-CAMELLIA128-SHA256
+ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384    ECDHE-PSK-CAMELLIA256-SHA384
+
+PSK_WITH_AES_128_CCM                      PSK-AES128-CCM
+PSK_WITH_AES_256_CCM                      PSK-AES256-CCM
+DHE_PSK_WITH_AES_128_CCM                  DHE-PSK-AES128-CCM
+DHE_PSK_WITH_AES_256_CCM                  DHE-PSK-AES256-CCM
+PSK_WITH_AES_128_CCM_8                    PSK-AES128-CCM8
+PSK_WITH_AES_256_CCM_8                    PSK-AES256-CCM8
+DHE_PSK_WITH_AES_128_CCM_8                DHE-PSK-AES128-CCM8
+DHE_PSK_WITH_AES_256_CCM_8                DHE-PSK-AES256-CCM8
+ +

ChaCha20-Poly1305 cipher suites, extending TLS v1.2

+ +
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256      ECDHE-RSA-CHACHA20-POLY1305
+TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256    ECDHE-ECDSA-CHACHA20-POLY1305
+TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256        DHE-RSA-CHACHA20-POLY1305
+TLS_PSK_WITH_CHACHA20_POLY1305_SHA256            PSK-CHACHA20-POLY1305
+TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256      ECDHE-PSK-CHACHA20-POLY1305
+TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256        DHE-PSK-CHACHA20-POLY1305
+TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256        RSA-PSK-CHACHA20-POLY1305
+ +

TLS v1.3 cipher suites

+ +
TLS_AES_128_GCM_SHA256                     TLS_AES_128_GCM_SHA256
+TLS_AES_256_GCM_SHA384                     TLS_AES_256_GCM_SHA384
+TLS_CHACHA20_POLY1305_SHA256               TLS_CHACHA20_POLY1305_SHA256
+TLS_AES_128_CCM_SHA256                     TLS_AES_128_CCM_SHA256
+TLS_AES_128_CCM_8_SHA256                   TLS_AES_128_CCM_8_SHA256
+ +

Older names used by OpenSSL

+ +

The following names are accepted by older releases:

+ +
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA    EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA)
+SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA    EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA)
+ +

NOTES

+ +

Some compiled versions of OpenSSL may not include all the ciphers listed here because some ciphers were excluded at compile time.

+ +

EXAMPLES

+ +

Verbose listing of all OpenSSL ciphers including NULL ciphers:

+ +
openssl ciphers -v 'ALL:eNULL'
+ +

Include all ciphers except NULL and anonymous DH then sort by strength:

+ +
openssl ciphers -v 'ALL:!ADH:@STRENGTH'
+ +

Include all ciphers except ones with no encryption (eNULL) or no authentication (aNULL):

+ +
openssl ciphers -v 'ALL:!aNULL'
+ +

Include only 3DES ciphers and then place RSA ciphers last:

+ +
openssl ciphers -v '3DES:+RSA'
+ +

Include all RC4 ciphers but leave out those without authentication:

+ +
openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
+ +

Include all ciphers with RSA authentication but leave out ciphers without encryption.

+ +
openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
+ +

Set security level to 2 and display all ciphers consistent with level 2:

+ +
openssl ciphers -s -v 'ALL:@SECLEVEL=2'
+ +

SEE ALSO

+ +

s_client(1), s_server(1), ssl(7)

+ +

HISTORY

+ +

The -V option for the ciphers command was added in OpenSSL 1.0.0.

+ +

The -stdname is only available if OpenSSL is built with tracing enabled (enable-ssl-trace argument to Configure) before OpenSSL 1.1.1.

+ +

The -convert option was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/cms.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/cms.html new file mode 100644 index 00000000..28ef380c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/cms.html @@ -0,0 +1,636 @@ + + + + +cms + + + + + + + + + + +

NAME

+ +

openssl-cms, cms - CMS utility

+ +

SYNOPSIS

+ +

openssl cms [-help] [-encrypt] [-decrypt] [-sign] [-verify] [-cmsout] [-resign] [-data_create] [-data_out] [-digest_create] [-digest_verify] [-compress] [-uncompress] [-EncryptedData_encrypt] [-sign_receipt] [-verify_receipt receipt] [-in filename] [-inform SMIME|PEM|DER] [-rctform SMIME|PEM|DER] [-out filename] [-outform SMIME|PEM|DER] [-stream -indef -noindef] [-noindef] [-content filename] [-text] [-noout] [-print] [-CAfile file] [-CApath dir] [-no-CAfile] [-no-CApath] [-attime timestamp] [-check_ss_sig] [-crl_check] [-crl_check_all] [-explicit_policy] [-extended_crl] [-ignore_critical] [-inhibit_any] [-inhibit_map] [-no_check_time] [-partial_chain] [-policy arg] [-policy_check] [-policy_print] [-purpose purpose] [-suiteB_128] [-suiteB_128_only] [-suiteB_192] [-trusted_first] [-no_alt_chains] [-use_deltas] [-auth_level num] [-verify_depth num] [-verify_email email] [-verify_hostname hostname] [-verify_ip ip] [-verify_name name] [-x509_strict] [-md digest] [-cipher] [-nointern] [-noverify] [-nocerts] [-noattr] [-nosmimecap] [-binary] [-crlfeol] [-asciicrlf] [-nodetach] [-certfile file] [-certsout file] [-signer file] [-recip file] [-keyid] [-receipt_request_all] [-receipt_request_first] [-receipt_request_from emailaddress] [-receipt_request_to emailaddress] [-receipt_request_print] [-secretkey key] [-secretkeyid id] [-econtent_type type] [-inkey file] [-keyopt name:parameter] [-passin arg] [-rand file...] [-writerand file] [cert.pem...] [-to addr] [-from addr] [-subject subj] [cert.pem]...

+ +

DESCRIPTION

+ +

The cms command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME messages.

+ +

OPTIONS

+ +

There are fourteen operation options that set the type of operation to be performed. The meaning of the other options varies according to the operation type.

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-encrypt
+
+ +

Encrypt mail for the given recipient certificates. Input file is the message to be encrypted. The output file is the encrypted mail in MIME format. The actual CMS type is <B>EnvelopedData<B>.

+ +

Note that no revocation check is done for the recipient cert, so if that key has been compromised, others may be able to decrypt the text.

+ +
+
-decrypt
+
+ +

Decrypt mail using the supplied certificate and private key. Expects an encrypted mail message in MIME format for the input file. The decrypted mail is written to the output file.

+ +
+
-debug_decrypt
+
+ +

This option sets the CMS_DEBUG_DECRYPT flag. This option should be used with caution: see the notes section below.

+ +
+
-sign
+
+ +

Sign mail using the supplied certificate and private key. Input file is the message to be signed. The signed message in MIME format is written to the output file.

+ +
+
-verify
+
+ +

Verify signed mail. Expects a signed mail message on input and outputs the signed data. Both clear text and opaque signing is supported.

+ +
+
-cmsout
+
+ +

Takes an input message and writes out a PEM encoded CMS structure.

+ +
+
-resign
+
+ +

Resign a message: take an existing message and one or more new signers.

+ +
+
-data_create
+
+ +

Create a CMS Data type.

+ +
+
-data_out
+
+ +

Data type and output the content.

+ +
+
-digest_create
+
+ +

Create a CMS DigestedData type.

+ +
+
-digest_verify
+
+ +

Verify a CMS DigestedData type and output the content.

+ +
+
-compress
+
+ +

Create a CMS CompressedData type. OpenSSL must be compiled with zlib support for this option to work, otherwise it will output an error.

+ +
+
-uncompress
+
+ +

Uncompress a CMS CompressedData type and output the content. OpenSSL must be compiled with zlib support for this option to work, otherwise it will output an error.

+ +
+
-EncryptedData_encrypt
+
+ +

Encrypt content using supplied symmetric key and algorithm using a CMS EncryptedData type and output the content.

+ +
+
-sign_receipt
+
+ +

Generate and output a signed receipt for the supplied message. The input message must contain a signed receipt request. Functionality is otherwise similar to the -sign operation.

+ +
+
-verify_receipt receipt
+
+ +

Verify a signed receipt in filename receipt. The input message must contain the original receipt request. Functionality is otherwise similar to the -verify operation.

+ +
+
-in filename
+
+ +

The input message to be encrypted or signed or the message to be decrypted or verified.

+ +
+
-inform SMIME|PEM|DER
+
+ +

This specifies the input format for the CMS structure. The default is SMIME which reads an S/MIME format message. PEM and DER format change this to expect PEM and DER format CMS structures instead. This currently only affects the input format of the CMS structure, if no CMS structure is being input (for example with -encrypt or -sign) this option has no effect.

+ +
+
-rctform SMIME|PEM|DER
+
+ +

Specify the format for a signed receipt for use with the -receipt_verify operation.

+ +
+
-out filename
+
+ +

The message text that has been decrypted or verified or the output MIME format message that has been signed or verified.

+ +
+
-outform SMIME|PEM|DER
+
+ +

This specifies the output format for the CMS structure. The default is SMIME which writes an S/MIME format message. PEM and DER format change this to write PEM and DER format CMS structures instead. This currently only affects the output format of the CMS structure, if no CMS structure is being output (for example with -verify or -decrypt) this option has no effect.

+ +
+
-stream -indef -noindef
+
+ +

The -stream and -indef options are equivalent and enable streaming I/O for encoding operations. This permits single pass processing of data without the need to hold the entire contents in memory, potentially supporting very large files. Streaming is automatically set for S/MIME signing with detached data if the output format is SMIME it is currently off by default for all other operations.

+ +
+
-noindef
+
+ +

Disable streaming I/O where it would produce and indefinite length constructed encoding. This option currently has no effect. In future streaming will be enabled by default on all relevant operations and this option will disable it.

+ +
+
-content filename
+
+ +

This specifies a file containing the detached content, this is only useful with the -verify command. This is only usable if the CMS structure is using the detached signature form where the content is not included. This option will override any content if the input format is S/MIME and it uses the multipart/signed MIME content type.

+ +
+
-text
+
+ +

This option adds plain text (text/plain) MIME headers to the supplied message if encrypting or signing. If decrypting or verifying it strips off text headers: if the decrypted or verified message is not of MIME type text/plain then an error occurs.

+ +
+
-noout
+
+ +

For the -cmsout operation do not output the parsed CMS structure. This is useful when combined with the -print option or if the syntax of the CMS structure is being checked.

+ +
+
-print
+
+ +

For the -cmsout operation print out all fields of the CMS structure. This is mainly useful for testing purposes.

+ +
+
-CAfile file
+
+ +

A file containing trusted CA certificates, only used with -verify.

+ +
+
-CApath dir
+
+ +

A directory containing trusted CA certificates, only used with -verify. This directory must be a standard certificate directory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location

+ +
+
-md digest
+
+ +

Digest algorithm to use when signing or resigning. If not present then the default digest algorithm for the signing key will be used (usually SHA1).

+ +
+
-cipher
+
+ +

The encryption algorithm to use. For example triple DES (168 bits) - -des3 or 256 bit AES - -aes256. Any standard algorithm name (as used by the EVP_get_cipherbyname() function) can also be used preceded by a dash, for example -aes-128-cbc. See enc(1) for a list of ciphers supported by your version of OpenSSL.

+ +

If not specified triple DES is used. Only used with -encrypt and -EncryptedData_create commands.

+ +
+
-nointern
+
+ +

When verifying a message normally certificates (if any) included in the message are searched for the signing certificate. With this option only the certificates specified in the -certfile option are used. The supplied certificates can still be used as untrusted CAs however.

+ +
+
-noverify
+
+ +

Do not verify the signers certificate of a signed message.

+ +
+
-nocerts
+
+ +

When signing a message the signer's certificate is normally included with this option it is excluded. This will reduce the size of the signed message but the verifier must have a copy of the signers certificate available locally (passed using the -certfile option for example).

+ +
+
-noattr
+
+ +

Normally when a message is signed a set of attributes are included which include the signing time and supported symmetric algorithms. With this option they are not included.

+ +
+
-nosmimecap
+
+ +

Exclude the list of supported algorithms from signed attributes, other options such as signing time and content type are still included.

+ +
+
-binary
+
+ +

Normally the input message is converted to "canonical" format which is effectively using CR and LF as end of line: as required by the S/MIME specification. When this option is present no translation occurs. This is useful when handling binary data which may not be in MIME format.

+ +
+
-crlfeol
+
+ +

Normally the output file uses a single LF as end of line. When this option is present CRLF is used instead.

+ +
+
-asciicrlf
+
+ +

When signing use ASCII CRLF format canonicalisation. This strips trailing whitespace from all lines, deletes trailing blank lines at EOF and sets the encapsulated content type. This option is normally used with detached content and an output signature format of DER. This option is not normally needed when verifying as it is enabled automatically if the encapsulated content format is detected.

+ +
+
-nodetach
+
+ +

When signing a message use opaque signing: this form is more resistant to translation by mail relays but it cannot be read by mail agents that do not support S/MIME. Without this option cleartext signing with the MIME type multipart/signed is used.

+ +
+
-certfile file
+
+ +

Allows additional certificates to be specified. When signing these will be included with the message. When verifying these will be searched for the signers certificates. The certificates should be in PEM format.

+ +
+
-certsout file
+
+ +

Any certificates contained in the message are written to file.

+ +
+
-signer file
+
+ +

A signing certificate when signing or resigning a message, this option can be used multiple times if more than one signer is required. If a message is being verified then the signers certificates will be written to this file if the verification was successful.

+ +
+
-recip file
+
+ +

When decrypting a message this specifies the recipients certificate. The certificate must match one of the recipients of the message or an error occurs.

+ +

When encrypting a message this option may be used multiple times to specify each recipient. This form must be used if customised parameters are required (for example to specify RSA-OAEP).

+ +

Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this option.

+ +
+
-keyid
+
+ +

Use subject key identifier to identify certificates instead of issuer name and serial number. The supplied certificate must include a subject key identifier extension. Supported by -sign and -encrypt options.

+ +
+
-receipt_request_all, -receipt_request_first
+
+ +

For -sign option include a signed receipt request. Indicate requests should be provided by all recipient or first tier recipients (those mailed directly and not from a mailing list). Ignored it -receipt_request_from is included.

+ +
+
-receipt_request_from emailaddress
+
+ +

For -sign option include a signed receipt request. Add an explicit email address where receipts should be supplied.

+ +
+
-receipt_request_to emailaddress
+
+ +

Add an explicit email address where signed receipts should be sent to. This option must but supplied if a signed receipt it requested.

+ +
+
-receipt_request_print
+
+ +

For the -verify operation print out the contents of any signed receipt requests.

+ +
+
-secretkey key
+
+ +

Specify symmetric key to use. The key must be supplied in hex format and be consistent with the algorithm used. Supported by the -EncryptedData_encrypt -EncryptedData_decrypt, -encrypt and -decrypt options. When used with -encrypt or -decrypt the supplied key is used to wrap or unwrap the content encryption key using an AES key in the KEKRecipientInfo type.

+ +
+
-secretkeyid id
+
+ +

The key identifier for the supplied symmetric key for KEKRecipientInfo type. This option must be present if the -secretkey option is used with -encrypt. With -decrypt operations the id is used to locate the relevant key if it is not supplied then an attempt is used to decrypt any KEKRecipientInfo structures.

+ +
+
-econtent_type type
+
+ +

Set the encapsulated content type to type if not supplied the Data type is used. The type argument can be any valid OID name in either text or numerical format.

+ +
+
-inkey file
+
+ +

The private key to use when signing or decrypting. This must match the corresponding certificate. If this option is not specified then the private key must be included in the certificate file specified with the -recip or -signer file. When signing this option can be used multiple times to specify successive keys.

+ +
+
-keyopt name:opt
+
+ +

For signing and encryption this option can be used multiple times to set customised parameters for the preceding key or certificate. It can currently be used to set RSA-PSS for signing, RSA-OAEP for encryption or to modify default parameters for ECDH.

+ +
+
-passin arg
+
+ +

The private key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
cert.pem...
+
+ +

One or more certificates of message recipients: used when encrypting a message.

+ +
+
-to, -from, -subject
+
+ +

The relevant mail headers. These are included outside the signed portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address.

+ +
+
-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict
+
+ +

Set various certificate chain validation options. See the verify(1) manual page for details.

+ +
+
+ +

NOTES

+ +

The MIME message must be sent without any blank lines between the headers and the output. Some mail programs will automatically add a blank line. Piping the mail directly to sendmail is one way to achieve the correct format.

+ +

The supplied message to be signed or encrypted must include the necessary MIME headers or many S/MIME clients won't display it properly (if at all). You can use the -text option to automatically add plain text headers.

+ +

A "signed and encrypted" message is one where a signed message is then encrypted. This can be produced by encrypting an already signed message: see the examples section.

+ +

This version of the program only allows one signer per message but it will verify multiple signers on received messages. Some S/MIME clients choke if a message contains multiple signers. It is possible to sign messages "in parallel" by signing an already signed message.

+ +

The options -encrypt and -decrypt reflect common usage in S/MIME clients. Strictly speaking these process CMS enveloped data: CMS encrypted data is used for other purposes.

+ +

The -resign option uses an existing message digest when adding a new signer. This means that attributes must be present in at least one existing signer using the same message digest or this operation will fail.

+ +

The -stream and -indef options enable streaming I/O support. As a result the encoding is BER using indefinite length constructed encoding and no longer DER. Streaming is supported for the -encrypt operation and the -sign operation if the content is not detached.

+ +

Streaming is always used for the -sign operation with detached data but since the content is no longer part of the CMS structure the encoding remains DER.

+ +

If the -decrypt option is used without a recipient certificate then an attempt is made to locate the recipient by trying each potential recipient in turn using the supplied private key. To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or not and if no recipients match the message is "decrypted" using a random key which will typically output garbage. The -debug_decrypt option can be used to disable the MMA attack protection and return an error if no recipient can be found: this option should be used with caution. For a fuller description see CMS_decrypt(3)).

+ +

EXIT CODES

+ +
+ +
0
+
+ +

The operation was completely successfully.

+ +
+
1
+
+ +

An error occurred parsing the command options.

+ +
+
2
+
+ +

One of the input files could not be read.

+ +
+
3
+
+ +

An error occurred creating the CMS file or when reading the MIME message.

+ +
+
4
+
+ +

An error occurred decrypting or verifying the message.

+ +
+
5
+
+ +

The message was verified correctly but an error occurred writing out the signers certificates.

+ +
+
+ +

COMPATIBILITY WITH PKCS#7 format.

+ +

The smime utility can only process the older PKCS#7 format. The cms utility supports Cryptographic Message Syntax format. Use of some features will result in messages which cannot be processed by applications which only support the older format. These are detailed below.

+ +

The use of the -keyid option with -sign or -encrypt.

+ +

The -outform PEM option uses different headers.

+ +

The -compress option.

+ +

The -secretkey option when used with -encrypt.

+ +

The use of PSS with -sign.

+ +

The use of OAEP or non-RSA keys with -encrypt.

+ +

Additionally the -EncryptedData_create and -data_create type cannot be processed by the older smime command.

+ +

EXAMPLES

+ +

Create a cleartext signed message:

+ +
openssl cms -sign -in message.txt -text -out mail.msg \
+       -signer mycert.pem
+ +

Create an opaque signed message

+ +
openssl cms -sign -in message.txt -text -out mail.msg -nodetach \
+       -signer mycert.pem
+ +

Create a signed message, include some additional certificates and read the private key from another file:

+ +
openssl cms -sign -in in.txt -text -out mail.msg \
+       -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
+ +

Create a signed message with two signers, use key identifier:

+ +
openssl cms -sign -in message.txt -text -out mail.msg \
+       -signer mycert.pem -signer othercert.pem -keyid
+ +

Send a signed message under Unix directly to sendmail, including headers:

+ +
openssl cms -sign -in in.txt -text -signer mycert.pem \
+       -from steve@openssl.org -to someone@somewhere \
+       -subject "Signed message" | sendmail someone@somewhere
+ +

Verify a message and extract the signer's certificate if successful:

+ +
openssl cms -verify -in mail.msg -signer user.pem -out signedtext.txt
+ +

Send encrypted mail using triple DES:

+ +
openssl cms -encrypt -in in.txt -from steve@openssl.org \
+       -to someone@somewhere -subject "Encrypted message" \
+       -des3 user.pem -out mail.msg
+ +

Sign and encrypt mail:

+ +
openssl cms -sign -in ml.txt -signer my.pem -text \
+       | openssl cms -encrypt -out mail.msg \
+       -from steve@openssl.org -to someone@somewhere \
+       -subject "Signed and Encrypted message" -des3 user.pem
+ +

Note: the encryption command does not include the -text option because the message being encrypted already has MIME headers.

+ +

Decrypt mail:

+ +
openssl cms -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
+ +

The output from Netscape form signing is a PKCS#7 structure with the detached signature format. You can use this program to verify the signature by line wrapping the base64 encoded structure and surrounding it with:

+ +
-----BEGIN PKCS7-----
+-----END PKCS7-----
+ +

and using the command,

+ +
openssl cms -verify -inform PEM -in signature.pem -content content.txt
+ +

alternatively you can base64 decode the signature and use

+ +
openssl cms -verify -inform DER -in signature.der -content content.txt
+ +

Create an encrypted message using 128 bit Camellia:

+ +
openssl cms -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
+ +

Add a signer to an existing message:

+ +
openssl cms -resign -in mail.msg -signer newsign.pem -out mail2.msg
+ +

Sign mail using RSA-PSS:

+ +
openssl cms -sign -in message.txt -text -out mail.msg \
+       -signer mycert.pem -keyopt rsa_padding_mode:pss
+ +

Create encrypted mail using RSA-OAEP:

+ +
openssl cms -encrypt -in plain.txt -out mail.msg \
+       -recip cert.pem -keyopt rsa_padding_mode:oaep
+ +

Use SHA256 KDF with an ECDH certificate:

+ +
openssl cms -encrypt -in plain.txt -out mail.msg \
+       -recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256
+ +

BUGS

+ +

The MIME parser isn't very clever: it seems to handle most messages that I've thrown at it but it may choke on others.

+ +

The code currently will only write out the signer's certificate to a file: if the signer has a separate encryption certificate this must be manually extracted. There should be some heuristic that determines the correct encryption certificate.

+ +

Ideally a database should be maintained of a certificates for each email address.

+ +

The code doesn't currently take note of the permitted symmetric encryption algorithms as supplied in the SMIMECapabilities signed attribute. this means the user has to manually include the correct encryption algorithm. It should store the list of permitted ciphers in a database and only use those.

+ +

No revocation checking is done on the signer's certificate.

+ +

HISTORY

+ +

The use of multiple -signer options and the -resign command were first added in OpenSSL 1.0.0.

+ +

The keyopt option was added in OpenSSL 1.0.2.

+ +

Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2.

+ +

The use of non-RSA keys with -encrypt and -decrypt was added in OpenSSL 1.0.2.

+ +

The -no_alt_chains option was added in OpenSSL 1.0.2b.

+ +

COPYRIGHT

+ +

Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/crl.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/crl.html new file mode 100644 index 00000000..c2280be5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/crl.html @@ -0,0 +1,170 @@ + + + + +crl + + + + + + + + + + +

NAME

+ +

openssl-crl, crl - CRL utility

+ +

SYNOPSIS

+ +

openssl crl [-help] [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename] [-out filename] [-nameopt option] [-noout] [-hash] [-issuer] [-lastupdate] [-nextupdate] [-CAfile file] [-CApath dir]

+ +

DESCRIPTION

+ +

The crl command processes CRL files in DER or PEM format.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. DER format is DER encoded CRL structure. PEM (the default) is a base64 encoded version of the DER form with header and footer lines.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

Specifies the output filename to write to or standard output by default.

+ +
+
-text
+
+ +

Print out the CRL in text form.

+ +
+
-nameopt option
+
+ +

Option which determines how the subject or issuer names are displayed. See the description of -nameopt in x509(1).

+ +
+
-noout
+
+ +

Don't output the encoded version of the CRL.

+ +
+
-hash
+
+ +

Output a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name.

+ +
+
-hash_old
+
+ +

Outputs the "hash" of the CRL issuer name using the older algorithm as used by OpenSSL before version 1.0.0.

+ +
+
-issuer
+
+ +

Output the issuer name.

+ +
+
-lastupdate
+
+ +

Output the lastUpdate field.

+ +
+
-nextupdate
+
+ +

Output the nextUpdate field.

+ +
+
-CAfile file
+
+ +

Verify the signature on a CRL by looking up the issuing certificate in file.

+ +
+
-CApath dir
+
+ +

Verify the signature on a CRL by looking up the issuing certificate in dir. This directory must be a standard certificate directory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate.

+ +
+
+ +

NOTES

+ +

The PEM CRL format uses the header and footer lines:

+ +
-----BEGIN X509 CRL-----
+-----END X509 CRL-----
+ +

EXAMPLES

+ +

Convert a CRL file from PEM to DER:

+ +
openssl crl -in crl.pem -outform DER -out crl.der
+ +

Output the text form of a DER encoded certificate:

+ +
openssl crl -in crl.der -inform DER -text -noout
+ +

BUGS

+ +

Ideally it should be possible to create a CRL using appropriate options and files too.

+ +

SEE ALSO

+ +

crl2pkcs7(1), ca(1), x509(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/crl2pkcs7.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/crl2pkcs7.html new file mode 100644 index 00000000..82157935 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/crl2pkcs7.html @@ -0,0 +1,119 @@ + + + + +crl2pkcs7 + + + + + + + + + + +

NAME

+ +

openssl-crl2pkcs7, crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates

+ +

SYNOPSIS

+ +

openssl crl2pkcs7 [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out filename] [-certfile filename] [-nocrl]

+ +

DESCRIPTION

+ +

The crl2pkcs7 command takes an optional CRL and one or more certificates and converts them into a PKCS#7 degenerate "certificates only" structure.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the CRL input format. DER format is DER encoded CRL structure.PEM (the default) is a base64 encoded version of the DER form with header and footer lines. The default format is PEM.

+ +
+
-outform DER|PEM
+
+ +

This specifies the PKCS#7 structure output format. DER format is DER encoded PKCS#7 structure.PEM (the default) is a base64 encoded version of the DER form with header and footer lines. The default format is PEM.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a CRL from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

Specifies the output filename to write the PKCS#7 structure to or standard output by default.

+ +
+
-certfile filename
+
+ +

Specifies a filename containing one or more certificates in PEM format. All certificates in the file will be added to the PKCS#7 structure. This option can be used more than once to read certificates form multiple files.

+ +
+
-nocrl
+
+ +

Normally a CRL is included in the output file. With this option no CRL is included in the output file and a CRL is not read from the input file.

+ +
+
+ +

EXAMPLES

+ +

Create a PKCS#7 structure from a certificate and CRL:

+ +
openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
+ +

Creates a PKCS#7 structure in DER format with no CRL from several different certificates:

+ +
openssl crl2pkcs7 -nocrl -certfile newcert.pem
+       -certfile demoCA/cacert.pem -outform DER -out p7.der
+ +

NOTES

+ +

The output file is a PKCS#7 signed data structure containing no signers and just certificates and an optional CRL.

+ +

This utility can be used to send certificates and CAs to Netscape as part of the certificate enrollment process. This involves sending the DER encoded output as MIME type application/x-x509-user-cert.

+ +

The PEM encoded form with the header and footer lines removed can be used to install user certificates and CAs in MSIE using the Xenroll control.

+ +

SEE ALSO

+ +

pkcs7(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/dgst.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/dgst.html new file mode 100644 index 00000000..ed3dcce8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/dgst.html @@ -0,0 +1,250 @@ + + + + +dgst + + + + + + + + + + +

NAME

+ +

openssl-dgst, dgst - perform digest operations

+ +

SYNOPSIS

+ +

openssl dgst [-digest] [-help] [-c] [-d] [-list] [-hex] [-binary] [-r] [-out filename] [-sign filename] [-keyform arg] [-passin arg] [-verify filename] [-prverify filename] [-signature filename] [-sigopt nm:v] [-hmac key] [-fips-fingerprint] [-rand file...] [-engine id] [-engine_impl] [file...]

+ +

openssl digest [...]

+ +

DESCRIPTION

+ +

The digest functions output the message digest of a supplied file or files in hexadecimal. The digest functions also generate and verify digital signatures using message digests.

+ +

The generic name, dgst, may be used with an option specifying the algorithm to be used. The default digest is sha256. A supported digest name may also be used as the command name. To see the list of supported algorithms, use the list --digest-commands command.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-digest
+
+ +

Specifies name of a supported digest to be used. To see the list of supported digests, use the command list --digest-commands.

+ +
+
-c
+
+ +

Print out the digest in two digit groups separated by colons, only relevant if hex format output is used.

+ +
+
-d
+
+ +

Print out BIO debugging information.

+ +
+
-list
+
+ +

Prints out a list of supported message digests.

+ +
+
-hex
+
+ +

Digest is to be output as a hex dump. This is the default case for a "normal" digest as opposed to a digital signature. See NOTES below for digital signatures using -hex.

+ +
+
-binary
+
+ +

Output the digest or signature in binary form.

+ +
+
-r
+
+ +

Output the digest in the "coreutils" format, including newlines. Used by programs like sha1sum.

+ +
+
-out filename
+
+ +

Filename to output to, or standard output by default.

+ +
+
-sign filename
+
+ +

Digitally sign the digest using the private key in "filename". Note this option does not support Ed25519 or Ed448 private keys. Use the pkeyutl command instead for this.

+ +
+
-keyform arg
+
+ +

Specifies the key format to sign digest with. The DER, PEM, P12, and ENGINE formats are supported.

+ +
+
-sigopt nm:v
+
+ +

Pass options to the signature algorithm during sign or verify operations. Names and values of these options are algorithm-specific.

+ +
+
-passin arg
+
+ +

The private key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-verify filename
+
+ +

Verify the signature using the public key in "filename". The output is either "Verification OK" or "Verification Failure".

+ +
+
-prverify filename
+
+ +

Verify the signature using the private key in "filename".

+ +
+
-signature filename
+
+ +

The actual signature to verify.

+ +
+
-hmac key
+
+ +

Create a hashed MAC using "key".

+ +
+
-mac alg
+
+ +

Create MAC (keyed Message Authentication Code). The most popular MAC algorithm is HMAC (hash-based MAC), but there are other MAC algorithms which are not based on hash, for instance gost-mac algorithm, supported by ccgost engine. MAC keys and other options should be set via -macopt parameter.

+ +
+
-macopt nm:v
+
+ +

Passes options to MAC algorithm, specified by -mac key. Following options are supported by both by HMAC and gost-mac:

+ +
+ +
key:string
+
+ +

Specifies MAC key as alphanumeric string (use if key contain printable characters only). String length must conform to any restrictions of the MAC algorithm for example exactly 32 chars for gost-mac.

+ +
+
hexkey:string
+
+ +

Specifies MAC key in hexadecimal form (two hex digits per byte). Key length must conform to any restrictions of the MAC algorithm for example exactly 32 chars for gost-mac.

+ +
+
+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-fips-fingerprint
+
+ +

Compute HMAC using a specific key for certain OpenSSL-FIPS operations.

+ +
+
-engine id
+
+ +

Use engine id for operations (including private key storage). This engine is not used as source for digest algorithms, unless it is also specified in the configuration file or -engine_impl is also specified.

+ +
+
-engine_impl
+
+ +

When used with the -engine option, it specifies to also use engine id for digest operations.

+ +
+
file...
+
+ +

File or files to digest. If no files are specified then standard input is used.

+ +
+
+ +

EXAMPLES

+ +

To create a hex-encoded message digest of a file: openssl dgst -md5 -hex file.txt

+ +

To sign a file using SHA-256 with binary file output: openssl dgst -sha256 -sign privatekey.pem -out signature.sign file.txt

+ +

To verify a signature: openssl dgst -sha256 -verify publickey.pem \ -signature signature.sign \ file.txt

+ +

NOTES

+ +

The digest mechanisms that are available will depend on the options used when building OpenSSL. The list digest-commands command can be used to list them.

+ +

New or agile applications should use probably use SHA-256. Other digests, particularly SHA-1 and MD5, are still widely used for interoperating with existing formats and protocols.

+ +

When signing a file, dgst will automatically determine the algorithm (RSA, ECC, etc) to use for signing based on the private key's ASN.1 info. When verifying signatures, it only handles the RSA, DSA, or ECDSA signature itself, not the related data to identify the signer and algorithm used in formats such as x.509, CMS, and S/MIME.

+ +

A source of random numbers is required for certain signing algorithms, in particular ECDSA and DSA.

+ +

The signing and verify options should only be used if a single file is being signed or verified.

+ +

Hex signatures cannot be verified using openssl. Instead, use "xxd -r" or similar program to transform the hex signature into a binary signature prior to verification.

+ +

HISTORY

+ +

The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. The FIPS-related options were removed in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/dhparam.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/dhparam.html new file mode 100644 index 00000000..10947929 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/dhparam.html @@ -0,0 +1,170 @@ + + + + +dhparam + + + + + + + + + + +

NAME

+ +

openssl-dhparam, dhparam - DH parameter manipulation and generation

+ +

SYNOPSIS

+ +

openssl dhparam [-help] [-inform DER|PEM] [-outform DER|PEM] [-in filename] [-out filename] [-dsaparam] [-check] [-noout] [-text] [-C] [-2] [-5] [-rand file...] [-writerand file] [-engine id] [numbits]

+ +

DESCRIPTION

+ +

This command is used to manipulate DH parameter files.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option uses an ASN1 DER encoded form compatible with the PKCS#3 DHparameter structure. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read parameters from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

This specifies the output filename parameters to. Standard output is used if this option is not present. The output filename should not be the same as the input filename.

+ +
+
-dsaparam
+
+ +

If this option is used, DSA rather than DH parameters are read or created; they are converted to DH format. Otherwise, "strong" primes (such that (p-1)/2 is also prime) will be used for DH parameter generation.

+ +

DH parameter generation with the -dsaparam option is much faster, and the recommended exponent length is shorter, which makes DH key exchange more efficient. Beware that with such DSA-style DH parameters, a fresh DH key should be created for each use to avoid small-subgroup attacks that may be possible otherwise.

+ +
+
-check
+
+ +

Performs numerous checks to see if the supplied parameters are valid and displays a warning if not.

+ +
+
-2, -5
+
+ +

The generator to use, either 2 or 5. If present then the input file is ignored and parameters are generated instead. If not present but numbits is present, parameters are generated with the default generator 2.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
numbits
+
+ +

This option specifies that a parameter set should be generated of size numbits. It must be the last option. If this option is present then the input file is ignored and parameters are generated instead. If this option is not present but a generator (-2 or -5) is present, parameters are generated with a default length of 2048 bits.

+ +
+
-noout
+
+ +

This option inhibits the output of the encoded version of the parameters.

+ +
+
-text
+
+ +

This option prints out the DH parameters in human readable form.

+ +
+
-C
+
+ +

This option converts the parameters into C code. The parameters can then be loaded by calling the get_dhNNNN() function.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause dhparam to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

WARNINGS

+ +

The program dhparam combines the functionality of the programs dh and gendh in previous versions of OpenSSL. The dh and gendh programs are retained for now but may have different purposes in future versions of OpenSSL.

+ +

NOTES

+ +

PEM format DH parameters use the header and footer lines:

+ +
-----BEGIN DH PARAMETERS-----
+-----END DH PARAMETERS-----
+ +

OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42 DH.

+ +

This program manipulates DH parameters not keys.

+ +

BUGS

+ +

There should be a way to generate and manipulate DH keys.

+ +

SEE ALSO

+ +

dsaparam(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/dsa.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/dsa.html new file mode 100644 index 00000000..55891a02 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/dsa.html @@ -0,0 +1,178 @@ + + + + +dsa + + + + + + + + + + +

NAME

+ +

openssl-dsa, dsa - DSA key processing

+ +

SYNOPSIS

+ +

openssl dsa [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-aes128] [-aes192] [-aes256] [-aria128] [-aria192] [-aria256] [-camellia128] [-camellia192] [-camellia256] [-des] [-des3] [-idea] [-text] [-noout] [-modulus] [-pubin] [-pubout] [-engine id]

+ +

DESCRIPTION

+ +

The dsa command processes DSA keys. They can be converted between various forms and their components printed out. Note This command uses the traditional SSLeay compatible format for private key encryption: newer applications should use the more secure PKCS#8 format using the pkcs8

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option with a private key uses an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of version (currently zero), p, q, g, the public and private key components respectively as ASN.1 INTEGERs. When used with a public key it uses a SubjectPublicKeyInfo structure: it is an error if the key is not DSA.

+ +

The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines. In the case of a private key PKCS#8 format is also accepted.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for.

+ +
+
-passin arg
+
+ +

The input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-out filename
+
+ +

This specifies the output filename to write a key to or standard output by is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should not be the same as the input filename.

+ +
+
-passout arg
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
+
+ +

These options encrypt the private key with the specified cipher before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the dsa utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by setting the encryption options it can be use to add or change the pass phrase. These options can only be used with PEM format output files.

+ +
+
-text
+
+ +

Prints out the public, private key components and parameters.

+ +
+
-noout
+
+ +

This option prevents output of the encoded version of the key.

+ +
+
-modulus
+
+ +

This option prints out the value of the public key component of the key.

+ +
+
-pubin
+
+ +

By default, a private key is read from the input file. With this option a public key is read instead.

+ +
+
-pubout
+
+ +

By default, a private key is output. With this option a public key will be output instead. This option is automatically set if the input is a public key.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause dsa to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

NOTES

+ +

The PEM private key format uses the header and footer lines:

+ +
-----BEGIN DSA PRIVATE KEY-----
+-----END DSA PRIVATE KEY-----
+ +

The PEM public key format uses the header and footer lines:

+ +
-----BEGIN PUBLIC KEY-----
+-----END PUBLIC KEY-----
+ +

EXAMPLES

+ +

To remove the pass phrase on a DSA private key:

+ +
openssl dsa -in key.pem -out keyout.pem
+ +

To encrypt a private key using triple DES:

+ +
openssl dsa -in key.pem -des3 -out keyout.pem
+ +

To convert a private key from PEM to DER format:

+ +
openssl dsa -in key.pem -outform DER -out keyout.der
+ +

To print out the components of a private key to standard output:

+ +
openssl dsa -in key.pem -text -noout
+ +

To just output the public part of a private key:

+ +
openssl dsa -in key.pem -pubout -out pubkey.pem
+ +

SEE ALSO

+ +

dsaparam(1), gendsa(1), rsa(1), genrsa(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/dsaparam.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/dsaparam.html new file mode 100644 index 00000000..418e2646 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/dsaparam.html @@ -0,0 +1,144 @@ + + + + +dsaparam + + + + + + + + + + +

NAME

+ +

openssl-dsaparam, dsaparam - DSA parameter manipulation and generation

+ +

SYNOPSIS

+ +

openssl dsaparam [-help] [-inform DER|PEM] [-outform DER|PEM] [-in filename] [-out filename] [-noout] [-text] [-C] [-rand file...] [-writerand file] [-genkey] [-engine id] [numbits]

+ +

DESCRIPTION

+ +

This command is used to manipulate or generate DSA parameter files.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option uses an ASN1 DER encoded form compatible with RFC2459 (PKIX) DSS-Parms that is a SEQUENCE consisting of p, q and g respectively. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read parameters from or standard input if this option is not specified. If the numbits parameter is included then this option will be ignored.

+ +
+
-out filename
+
+ +

This specifies the output filename parameters to. Standard output is used if this option is not present. The output filename should not be the same as the input filename.

+ +
+
-noout
+
+ +

This option inhibits the output of the encoded version of the parameters.

+ +
+
-text
+
+ +

This option prints out the DSA parameters in human readable form.

+ +
+
-C
+
+ +

This option converts the parameters into C code. The parameters can then be loaded by calling the get_dsaXXX() function.

+ +
+
-genkey
+
+ +

This option will generate a DSA either using the specified or generated parameters.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
numbits
+
+ +

This option specifies that a parameter set should be generated of size numbits. It must be the last option. If this option is included then the input file (if any) is ignored.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause dsaparam to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

NOTES

+ +

PEM format DSA parameters use the header and footer lines:

+ +
-----BEGIN DSA PARAMETERS-----
+-----END DSA PARAMETERS-----
+ +

DSA parameter generation is a slow process and as a result the same set of DSA parameters is often used to generate several distinct keys.

+ +

SEE ALSO

+ +

gendsa(1), dsa(1), genrsa(1), rsa(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ec.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ec.html new file mode 100644 index 00000000..864feca4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ec.html @@ -0,0 +1,198 @@ + + + + +ec + + + + + + + + + + +

NAME

+ +

openssl-ec, ec - EC key processing

+ +

SYNOPSIS

+ +

openssl ec [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-des] [-des3] [-idea] [-text] [-noout] [-param_out] [-pubin] [-pubout] [-conv_form arg] [-param_enc arg] [-no_public] [-check] [-engine id]

+ +

DESCRIPTION

+ +

The ec command processes EC keys. They can be converted between various forms and their components printed out. Note OpenSSL uses the private key format specified in 'SEC 1: Elliptic Curve Cryptography' (http://www.secg.org/). To convert an OpenSSL EC private key into the PKCS#8 private key format use the pkcs8 command.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option with a private key uses an ASN.1 DER encoded SEC1 private key. When used with a public key it uses the SubjectPublicKeyInfo structure as specified in RFC 3280. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines. In the case of a private key PKCS#8 format is also accepted.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for.

+ +
+
-passin arg
+
+ +

The input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-out filename
+
+ +

This specifies the output filename to write a key to or standard output by is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should not be the same as the input filename.

+ +
+
-passout arg
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-des|-des3|-idea
+
+ +

These options encrypt the private key with the DES, triple DES, IDEA or any other cipher supported by OpenSSL before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the ec utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by setting the encryption options it can be use to add or change the pass phrase. These options can only be used with PEM format output files.

+ +
+
-text
+
+ +

Prints out the public, private key components and parameters.

+ +
+
-noout
+
+ +

This option prevents output of the encoded version of the key.

+ +
+
-pubin
+
+ +

By default, a private key is read from the input file. With this option a public key is read instead.

+ +
+
-pubout
+
+ +

By default a private key is output. With this option a public key will be output instead. This option is automatically set if the input is a public key.

+ +
+
-conv_form
+
+ +

This specifies how the points on the elliptic curve are converted into octet strings. Possible values are: compressed (the default value), uncompressed and hybrid. For more information regarding the point conversion forms please read the X9.62 standard. Note Due to patent issues the compressed option is disabled by default for binary curves and can be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at compile time.

+ +
+
-param_enc arg
+
+ +

This specifies how the elliptic curve parameters are encoded. Possible value are: named_curve, i.e. the ec parameters are specified by an OID, or explicit where the ec parameters are explicitly given (see RFC 3279 for the definition of the EC parameters structures). The default value is named_curve. Note the implicitlyCA alternative, as specified in RFC 3279, is currently not implemented in OpenSSL.

+ +
+
-no_public
+
+ +

This option omits the public key components from the private key output.

+ +
+
-check
+
+ +

This option checks the consistency of an EC private or public key.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause ec to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

NOTES

+ +

The PEM private key format uses the header and footer lines:

+ +
-----BEGIN EC PRIVATE KEY-----
+-----END EC PRIVATE KEY-----
+ +

The PEM public key format uses the header and footer lines:

+ +
-----BEGIN PUBLIC KEY-----
+-----END PUBLIC KEY-----
+ +

EXAMPLES

+ +

To encrypt a private key using triple DES:

+ +
openssl ec -in key.pem -des3 -out keyout.pem
+ +

To convert a private key from PEM to DER format:

+ +
openssl ec -in key.pem -outform DER -out keyout.der
+ +

To print out the components of a private key to standard output:

+ +
openssl ec -in key.pem -text -noout
+ +

To just output the public part of a private key:

+ +
openssl ec -in key.pem -pubout -out pubkey.pem
+ +

To change the parameters encoding to explicit:

+ +
openssl ec -in key.pem -param_enc explicit -out keyout.pem
+ +

To change the point conversion form to compressed:

+ +
openssl ec -in key.pem -conv_form compressed -out keyout.pem
+ +

SEE ALSO

+ +

ecparam(1), dsa(1), rsa(1)

+ +

COPYRIGHT

+ +

Copyright 2003-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ecparam.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ecparam.html new file mode 100644 index 00000000..440835d3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ecparam.html @@ -0,0 +1,201 @@ + + + + +ecparam + + + + + + + + + + +

NAME

+ +

openssl-ecparam, ecparam - EC parameter manipulation and generation

+ +

SYNOPSIS

+ +

openssl ecparam [-help] [-inform DER|PEM] [-outform DER|PEM] [-in filename] [-out filename] [-noout] [-text] [-C] [-check] [-name arg] [-list_curves] [-conv_form arg] [-param_enc arg] [-no_seed] [-rand file...] [-writerand file] [-genkey] [-engine id]

+ +

DESCRIPTION

+ +

This command is used to manipulate or generate EC parameter files.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option uses an ASN.1 DER encoded form compatible with RFC 3279 EcpkParameters. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read parameters from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

This specifies the output filename parameters to. Standard output is used if this option is not present. The output filename should not be the same as the input filename.

+ +
+
-noout
+
+ +

This option inhibits the output of the encoded version of the parameters.

+ +
+
-text
+
+ +

This option prints out the EC parameters in human readable form.

+ +
+
-C
+
+ +

This option converts the EC parameters into C code. The parameters can then be loaded by calling the get_ec_group_XXX() function.

+ +
+
-check
+
+ +

Validate the elliptic curve parameters.

+ +
+
-name arg
+
+ +

Use the EC parameters with the specified 'short' name. Use -list_curves to get a list of all currently implemented EC parameters.

+ +
+
-list_curves
+
+ +

If this options is specified ecparam will print out a list of all currently implemented EC parameters names and exit.

+ +
+
-conv_form
+
+ +

This specifies how the points on the elliptic curve are converted into octet strings. Possible values are: compressed, uncompressed (the default value) and hybrid. For more information regarding the point conversion forms please read the X9.62 standard. Note Due to patent issues the compressed option is disabled by default for binary curves and can be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at compile time.

+ +
+
-param_enc arg
+
+ +

This specifies how the elliptic curve parameters are encoded. Possible value are: named_curve, i.e. the ec parameters are specified by an OID, or explicit where the ec parameters are explicitly given (see RFC 3279 for the definition of the EC parameters structures). The default value is named_curve. Note the implicitlyCA alternative, as specified in RFC 3279, is currently not implemented in OpenSSL.

+ +
+
-no_seed
+
+ +

This option inhibits that the 'seed' for the parameter generation is included in the ECParameters structure (see RFC 3279).

+ +
+
-genkey
+
+ +

This option will generate an EC private key using the specified parameters.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause ecparam to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

NOTES

+ +

PEM format EC parameters use the header and footer lines:

+ +
-----BEGIN EC PARAMETERS-----
+-----END EC PARAMETERS-----
+ +

OpenSSL is currently not able to generate new groups and therefore ecparam can only create EC parameters from known (named) curves.

+ +

EXAMPLES

+ +

To create EC parameters with the group 'prime192v1':

+ +
openssl ecparam -out ec_param.pem -name prime192v1
+ +

To create EC parameters with explicit parameters:

+ +
openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
+ +

To validate given EC parameters:

+ +
openssl ecparam -in ec_param.pem -check
+ +

To create EC parameters and a private key:

+ +
openssl ecparam -out ec_key.pem -name prime192v1 -genkey
+ +

To change the point encoding to 'compressed':

+ +
openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
+ +

To print out the EC parameters to standard output:

+ +
openssl ecparam -in ec_param.pem -noout -text
+ +

SEE ALSO

+ +

ec(1), dsaparam(1)

+ +

COPYRIGHT

+ +

Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/enc.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/enc.html new file mode 100644 index 00000000..ce215fe4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/enc.html @@ -0,0 +1,412 @@ + + + + +enc + + + + + + + + + + +

NAME

+ +

openssl-enc, enc - symmetric cipher routines

+ +

SYNOPSIS

+ +

openssl enc -cipher [-help] [-list] [-ciphers] [-in filename] [-out filename] [-pass arg] [-e] [-d] [-a] [-base64] [-A] [-k password] [-kfile filename] [-K key] [-iv IV] [-S salt] [-salt] [-nosalt] [-z] [-md digest] [-iter count] [-pbkdf2] [-p] [-P] [-bufsize number] [-nopad] [-debug] [-none] [-rand file...] [-writerand file] [-engine id]

+ +

openssl [cipher] [...]

+ +

DESCRIPTION

+ +

The symmetric cipher commands allow data to be encrypted or decrypted using various block and stream ciphers using keys based on passwords or explicitly provided. Base64 encoding or decoding can also be performed either by itself or in addition to the encryption or decryption.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-list
+
+ +

List all supported ciphers.

+ +
+
-ciphers
+
+ +

Alias of -list to display all supported ciphers.

+ +
+
-in filename
+
+ +

The input filename, standard input by default.

+ +
+
-out filename
+
+ +

The output filename, standard output by default.

+ +
+
-pass arg
+
+ +

The password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-e
+
+ +

Encrypt the input data: this is the default.

+ +
+
-d
+
+ +

Decrypt the input data.

+ +
+
-a
+
+ +

Base64 process the data. This means that if encryption is taking place the data is base64 encoded after encryption. If decryption is set then the input data is base64 decoded before being decrypted.

+ +
+
-base64
+
+ +

Same as -a

+ +
+
-A
+
+ +

If the -a option is set then base64 process the data on one line.

+ +
+
-k password
+
+ +

The password to derive the key from. This is for compatibility with previous versions of OpenSSL. Superseded by the -pass argument.

+ +
+
-kfile filename
+
+ +

Read the password to derive the key from the first line of filename. This is for compatibility with previous versions of OpenSSL. Superseded by the -pass argument.

+ +
+
-md digest
+
+ +

Use the specified digest to create the key from the passphrase. The default algorithm is sha-256.

+ +
+
-iter count
+
+ +

Use a given number of iterations on the password in deriving the encryption key. High values increase the time required to brute-force the resulting file. This option enables the use of PBKDF2 algorithm to derive the key.

+ +
+
-pbkdf2
+
+ +

Use PBKDF2 algorithm with default iteration count unless otherwise specified.

+ +
+
-nosalt
+
+ +

Don't use a salt in the key derivation routines. This option SHOULD NOT be used except for test purposes or compatibility with ancient versions of OpenSSL.

+ +
+
-salt
+
+ +

Use salt (randomly generated or provide with -S option) when encrypting, this is the default.

+ +
+
-S salt
+
+ +

The actual salt to use: this must be represented as a string of hex digits.

+ +
+
-K key
+
+ +

The actual key to use: this must be represented as a string comprised only of hex digits. If only the key is specified, the IV must additionally specified using the -iv option. When both a key and a password are specified, the key given with the -K option will be used and the IV generated from the password will be taken. It does not make much sense to specify both key and password.

+ +
+
-iv IV
+
+ +

The actual IV to use: this must be represented as a string comprised only of hex digits. When only the key is specified using the -K option, the IV must explicitly be defined. When a password is being specified using one of the other options, the IV is generated from this password.

+ +
+
-p
+
+ +

Print out the key and IV used.

+ +
+
-P
+
+ +

Print out the key and IV used then immediately exit: don't do any encryption or decryption.

+ +
+
-bufsize number
+
+ +

Set the buffer size for I/O.

+ +
+
-nopad
+
+ +

Disable standard block padding.

+ +
+
-debug
+
+ +

Debug the BIOs used for I/O.

+ +
+
-z
+
+ +

Compress or decompress clear text using zlib before encryption or after decryption. This option exists only if OpenSSL with compiled with zlib or zlib-dynamic option.

+ +
+
-none
+
+ +

Use NULL cipher (no encryption or decryption of input).

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
+ +

NOTES

+ +

The program can be called either as openssl cipher or openssl enc -cipher. The first form doesn't work with engine-provided ciphers, because this form is processed before the configuration file is read and any ENGINEs loaded. Use the list command to get a list of supported ciphers.

+ +

Engines which provide entirely new encryption algorithms (such as the ccgost engine which provides gost89 algorithm) should be configured in the configuration file. Engines specified on the command line using -engine options can only be used for hardware-assisted implementations of ciphers which are supported by the OpenSSL core or another engine specified in the configuration file.

+ +

When the enc command lists supported ciphers, ciphers provided by engines, specified in the configuration files are listed too.

+ +

A password will be prompted for to derive the key and IV if necessary.

+ +

The -salt option should ALWAYS be used if the key is being derived from a password unless you want compatibility with previous versions of OpenSSL.

+ +

Without the -salt option it is possible to perform efficient dictionary attacks on the password and to attack stream cipher encrypted data. The reason for this is that without the salt the same password always generates the same encryption key. When the salt is being used the first eight bytes of the encrypted data are reserved for the salt: it is generated at random when encrypting a file and read from the encrypted file when it is decrypted.

+ +

Some of the ciphers do not have large keys and others have security implications if not used correctly. A beginner is advised to just use a strong block cipher, such as AES, in CBC mode.

+ +

All the block ciphers normally use PKCS#5 padding, also known as standard block padding. This allows a rudimentary integrity or password check to be performed. However since the chance of random data passing the test is better than 1 in 256 it isn't a very good test.

+ +

If padding is disabled then the input data must be a multiple of the cipher block length.

+ +

All RC2 ciphers have the same key and effective key length.

+ +

Blowfish and RC5 algorithms use a 128 bit key.

+ +

SUPPORTED CIPHERS

+ +

Note that some of these ciphers can be disabled at compile time and some are available only if an appropriate engine is configured in the configuration file. The output of the enc command run with the -ciphers option (that is openssl enc -ciphers) produces a list of ciphers, supported by your version of OpenSSL, including ones provided by configured engines.

+ +

The enc program does not support authenticated encryption modes like CCM and GCM, and will not support such modes in the future. The enc interface by necessity must begin streaming output (e.g., to standard output when -out is not used) before the authentication tag could be validated, leading to the usage of enc in pipelines that begin processing untrusted data and are not capable of rolling back upon authentication failure. The AEAD modes currently in common use also suffer from catastrophic failure of confidentiality and/or integrity upon reuse of key/iv/nonce, and since enc places the entire burden of key/iv/nonce management upon the user, the risk of exposing AEAD modes is too great to allow. These key/iv/nonce management issues also affect other modes currently exposed in enc, but the failure modes are less extreme in these cases, and the functionality cannot be removed with a stable release branch. For bulk encryption of data, whether using authenticated encryption modes or other modes, cms(1) is recommended, as it provides a standard data format and performs the needed key/iv/nonce management.

+ +
base64             Base 64
+
+bf-cbc             Blowfish in CBC mode
+bf                 Alias for bf-cbc
+blowfish           Alias for bf-cbc
+bf-cfb             Blowfish in CFB mode
+bf-ecb             Blowfish in ECB mode
+bf-ofb             Blowfish in OFB mode
+
+cast-cbc           CAST in CBC mode
+cast               Alias for cast-cbc
+cast5-cbc          CAST5 in CBC mode
+cast5-cfb          CAST5 in CFB mode
+cast5-ecb          CAST5 in ECB mode
+cast5-ofb          CAST5 in OFB mode
+
+chacha20           ChaCha20 algorithm
+
+des-cbc            DES in CBC mode
+des                Alias for des-cbc
+des-cfb            DES in CFB mode
+des-ofb            DES in OFB mode
+des-ecb            DES in ECB mode
+
+des-ede-cbc        Two key triple DES EDE in CBC mode
+des-ede            Two key triple DES EDE in ECB mode
+des-ede-cfb        Two key triple DES EDE in CFB mode
+des-ede-ofb        Two key triple DES EDE in OFB mode
+
+des-ede3-cbc       Three key triple DES EDE in CBC mode
+des-ede3           Three key triple DES EDE in ECB mode
+des3               Alias for des-ede3-cbc
+des-ede3-cfb       Three key triple DES EDE CFB mode
+des-ede3-ofb       Three key triple DES EDE in OFB mode
+
+desx               DESX algorithm.
+
+gost89             GOST 28147-89 in CFB mode (provided by ccgost engine)
+gost89-cnt        `GOST 28147-89 in CNT mode (provided by ccgost engine)
+
+idea-cbc           IDEA algorithm in CBC mode
+idea               same as idea-cbc
+idea-cfb           IDEA in CFB mode
+idea-ecb           IDEA in ECB mode
+idea-ofb           IDEA in OFB mode
+
+rc2-cbc            128 bit RC2 in CBC mode
+rc2                Alias for rc2-cbc
+rc2-cfb            128 bit RC2 in CFB mode
+rc2-ecb            128 bit RC2 in ECB mode
+rc2-ofb            128 bit RC2 in OFB mode
+rc2-64-cbc         64 bit RC2 in CBC mode
+rc2-40-cbc         40 bit RC2 in CBC mode
+
+rc4                128 bit RC4
+rc4-64             64 bit RC4
+rc4-40             40 bit RC4
+
+rc5-cbc            RC5 cipher in CBC mode
+rc5                Alias for rc5-cbc
+rc5-cfb            RC5 cipher in CFB mode
+rc5-ecb            RC5 cipher in ECB mode
+rc5-ofb            RC5 cipher in OFB mode
+
+seed-cbc           SEED cipher in CBC mode
+seed               Alias for seed-cbc
+seed-cfb           SEED cipher in CFB mode
+seed-ecb           SEED cipher in ECB mode
+seed-ofb           SEED cipher in OFB mode
+
+sm4-cbc            SM4 cipher in CBC mode
+sm4                Alias for sm4-cbc
+sm4-cfb            SM4 cipher in CFB mode
+sm4-ctr            SM4 cipher in CTR mode
+sm4-ecb            SM4 cipher in ECB mode
+sm4-ofb            SM4 cipher in OFB mode
+
+aes-[128|192|256]-cbc  128/192/256 bit AES in CBC mode
+aes[128|192|256]       Alias for aes-[128|192|256]-cbc
+aes-[128|192|256]-cfb  128/192/256 bit AES in 128 bit CFB mode
+aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
+aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
+aes-[128|192|256]-ctr  128/192/256 bit AES in CTR mode
+aes-[128|192|256]-ecb  128/192/256 bit AES in ECB mode
+aes-[128|192|256]-ofb  128/192/256 bit AES in OFB mode
+
+aria-[128|192|256]-cbc  128/192/256 bit ARIA in CBC mode
+aria[128|192|256]       Alias for aria-[128|192|256]-cbc
+aria-[128|192|256]-cfb  128/192/256 bit ARIA in 128 bit CFB mode
+aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
+aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
+aria-[128|192|256]-ctr  128/192/256 bit ARIA in CTR mode
+aria-[128|192|256]-ecb  128/192/256 bit ARIA in ECB mode
+aria-[128|192|256]-ofb  128/192/256 bit ARIA in OFB mode
+
+camellia-[128|192|256]-cbc  128/192/256 bit Camellia in CBC mode
+camellia[128|192|256]       Alias for camellia-[128|192|256]-cbc
+camellia-[128|192|256]-cfb  128/192/256 bit Camellia in 128 bit CFB mode
+camellia-[128|192|256]-cfb1 128/192/256 bit Camellia in 1 bit CFB mode
+camellia-[128|192|256]-cfb8 128/192/256 bit Camellia in 8 bit CFB mode
+camellia-[128|192|256]-ctr  128/192/256 bit Camellia in CTR mode
+camellia-[128|192|256]-ecb  128/192/256 bit Camellia in ECB mode
+camellia-[128|192|256]-ofb  128/192/256 bit Camellia in OFB mode
+ +

EXAMPLES

+ +

Just base64 encode a binary file:

+ +
openssl base64 -in file.bin -out file.b64
+ +

Decode the same file

+ +
openssl base64 -d -in file.b64 -out file.bin
+ +

Encrypt a file using AES-128 using a prompted password and PBKDF2 key derivation:

+ +
openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128
+ +

Decrypt a file using a supplied password:

+ +
openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \
+   -pass pass:<password>
+ +

Encrypt a file then base64 encode it (so it can be sent via mail for example) using AES-256 in CTR mode and PBKDF2 key derivation:

+ +
openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256
+ +

Base64 decode a file then decrypt it using a password supplied in a file:

+ +
openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \
+   -pass file:<passfile>
+ +

BUGS

+ +

The -A option when used with large files doesn't work properly.

+ +

The enc program only supports a fixed number of algorithms with certain parameters. So if, for example, you want to use RC2 with a 76 bit key or RC4 with an 84 bit key you can't use this program.

+ +

HISTORY

+ +

The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.

+ +

The -list option was added in OpenSSL 1.1.1e.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/engine.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/engine.html new file mode 100644 index 00000000..b40fb1c5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/engine.html @@ -0,0 +1,133 @@ + + + + +engine + + + + + + + + + + +

NAME

+ +

openssl-engine, engine - load and query engines

+ +

SYNOPSIS

+ +

openssl engine [ engine... ] [-v] [-vv] [-vvv] [-vvv] [-vvv] [-c] [-t] [-tt] [-pre command] [-post command] [ engine... ]

+ +

DESCRIPTION

+ +

The engine command is used to query the status and capabilities of the specified engine's. Engines may be specified before and after all other command-line flags. Only those specified are queried.

+ +

OPTIONS

+ +
+ +
-v -vv -vvv -vvvv
+
+ +

Provides information about each specified engine. The first flag lists all the possible run-time control commands; the second adds a description of each command; the third adds the input flags, and the final option adds the internal input flags.

+ +
+
-c
+
+ +

Lists the capabilities of each engine.

+ +
+
-t
+
+ +

Tests if each specified engine is available, and displays the answer.

+ +
+
-tt
+
+ +

Displays an error trace for any unavailable engine.

+ +
+
-pre command
+
+ +
+
-post command
+
+ +

Command-line configuration of engines. The -pre command is given to the engine before it is loaded and the -post command is given after the engine is loaded. The command is of the form cmd:val where cmd is the command, and val is the value for the command. See the example below.

+ +
+
+ +

EXAMPLES

+ +

To list all the commands available to a dynamic engine:

+ +
$ openssl engine -t -tt -vvvv dynamic
+(dynamic) Dynamic engine loading support
+     [ unavailable ]
+     SO_PATH: Specifies the path to the new ENGINE shared library
+          (input flags): STRING
+     NO_VCHECK: Specifies to continue even if version checking fails (boolean)
+          (input flags): NUMERIC
+     ID: Specifies an ENGINE id name for loading
+          (input flags): STRING
+     LIST_ADD: Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)
+          (input flags): NUMERIC
+     DIR_LOAD: Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)
+          (input flags): NUMERIC
+     DIR_ADD: Adds a directory from which ENGINEs can be loaded
+          (input flags): STRING
+     LOAD: Load up the ENGINE specified by other settings
+          (input flags): NO_INPUT
+ +

To list the capabilities of the rsax engine:

+ +
$ openssl engine -c
+(rsax) RSAX engine support
+ [RSA]
+(dynamic) Dynamic engine loading support
+ +

ENVIRONMENT

+ +
+ +
OPENSSL_ENGINES
+
+ +

The path to the engines directory.

+ +
+
+ +

SEE ALSO

+ +

config(5)

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/errstr.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/errstr.html new file mode 100644 index 00000000..0d4868cb --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/errstr.html @@ -0,0 +1,64 @@ + + + + +errstr + + + + + + + + + + +

NAME

+ +

openssl-errstr, errstr - lookup error codes

+ +

SYNOPSIS

+ +

openssl errstr error_code

+ +

DESCRIPTION

+ +

Sometimes an application will not load error message and only numerical forms will be available. The errstr utility can be used to display the meaning of the hex code. The hex code is the hex digits after the second colon.

+ +

OPTIONS

+ +

None.

+ +

EXAMPLES

+ +

The error code:

+ +
27594:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107:
+ +

can be displayed with:

+ +
openssl errstr 2006D080
+ +

to produce the error message:

+ +
error:2006D080:BIO routines:BIO_new_file:no such file
+ +

COPYRIGHT

+ +

Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/gendsa.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/gendsa.html new file mode 100644 index 00000000..7a2dd65a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/gendsa.html @@ -0,0 +1,103 @@ + + + + +gendsa + + + + + + + + + + +

NAME

+ +

openssl-gendsa, gendsa - generate a DSA private key from a set of parameters

+ +

SYNOPSIS

+ +

openssl gendsa [-help] [-out filename] [-aes128] [-aes192] [-aes256] [-aria128] [-aria192] [-aria256] [-camellia128] [-camellia192] [-camellia256] [-des] [-des3] [-idea] [-rand file...] [-writerand file] [-engine id] [paramfile]

+ +

DESCRIPTION

+ +

The gendsa command generates a DSA private key from a DSA parameter file (which will be typically generated by the openssl dsaparam command).

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-out filename
+
+ +

Output the key to the specified file. If this argument is not specified then standard output is used.

+ +
+
-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
+
+ +

These options encrypt the private key with specified cipher before outputting it. A pass phrase is prompted for. If none of these options is specified no encryption is used.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause gendsa to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
paramfile
+
+ +

This option specifies the DSA parameter file to use. The parameters in this file determine the size of the private key. DSA parameters can be generated and examined using the openssl dsaparam command.

+ +
+
+ +

NOTES

+ +

DSA key generation is little more than random number generation so it is much quicker that RSA key generation for example.

+ +

SEE ALSO

+ +

dsaparam(1), dsa(1), genrsa(1), rsa(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/genpkey.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/genpkey.html new file mode 100644 index 00000000..453fdde1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/genpkey.html @@ -0,0 +1,363 @@ + + + + +genpkey + + + + + + + + + + +

NAME

+ +

openssl-genpkey, genpkey - generate a private key

+ +

SYNOPSIS

+ +

openssl genpkey [-help] [-out filename] [-outform PEM|DER] [-pass arg] [-cipher] [-engine id] [-paramfile file] [-algorithm alg] [-pkeyopt opt:value] [-genparam] [-text]

+ +

DESCRIPTION

+ +

The genpkey command generates a private key.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-out filename
+
+ +

Output the key to the specified file. If this argument is not specified then standard output is used.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format DER or PEM. The default format is PEM.

+ +
+
-pass arg
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-cipher
+
+ +

This option encrypts the private key with the supplied cipher. Any algorithm name accepted by EVP_get_cipherbyname() is acceptable such as des3.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause genpkey to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. If used this option should precede all other options.

+ +
+
-algorithm alg
+
+ +

Public key algorithm to use such as RSA, DSA or DH. If used this option must precede any -pkeyopt options. The options -paramfile and -algorithm are mutually exclusive. Engines may add algorithms in addition to the standard built-in ones.

+ +

Valid built-in algorithm names for private key generation are RSA, RSA-PSS, EC, X25519, X448, ED25519 and ED448.

+ +

Valid built-in algorithm names for parameter generation (see the -genparam option) are DH, DSA and EC.

+ +

Note that the algorithm name X9.42 DH may be used as a synonym for the DH algorithm. These are identical and do not indicate the type of parameters that will be generated. Use the dh_paramgen_type option to indicate whether PKCS#3 or X9.42 DH parameters are required. See "DH Parameter Generation Options" below for more details.

+ +
+
-pkeyopt opt:value
+
+ +

Set the public key algorithm option opt to value. The precise set of options supported depends on the public key algorithm used and its implementation. See "KEY GENERATION OPTIONS" and "PARAMETER GENERATION OPTIONS" below for more details.

+ +
+
-genparam
+
+ +

Generate a set of parameters instead of a private key. If used this option must precede any -algorithm, -paramfile or -pkeyopt options.

+ +
+
-paramfile filename
+
+ +

Some public key algorithms generate a private key based on a set of parameters. They can be supplied using this option. If this option is used the public key algorithm used is determined by the parameters. If used this option must precede any -pkeyopt options. The options -paramfile and -algorithm are mutually exclusive.

+ +
+
-text
+
+ +

Print an (unencrypted) text representation of private and public keys and parameters along with the PEM or DER structure.

+ +
+
+ +

KEY GENERATION OPTIONS

+ +

The options supported by each algorithm and indeed each implementation of an algorithm can vary. The options for the OpenSSL implementations are detailed below. There are no key generation options defined for the X25519, X448, ED25519 or ED448 algorithms.

+ +

RSA Key Generation Options

+ +
+ +
rsa_keygen_bits:numbits
+
+ +

The number of bits in the generated key. If not specified 2048 is used.

+ +
+
rsa_keygen_primes:numprimes
+
+ +

The number of primes in the generated key. If not specified 2 is used.

+ +
+
rsa_keygen_pubexp:value
+
+ +

The RSA public exponent value. This can be a large decimal or hexadecimal value if preceded by 0x. Default value is 65537.

+ +
+
+ +

RSA-PSS Key Generation Options

+ +

Note: by default an RSA-PSS key has no parameter restrictions.

+ +
+ +
rsa_keygen_bits:numbits, rsa_keygen_primes:numprimes, rsa_keygen_pubexp:value
+
+ +

These options have the same meaning as the RSA algorithm.

+ +
+
rsa_pss_keygen_md:digest
+
+ +

If set the key is restricted and can only use digest for signing.

+ +
+
rsa_pss_keygen_mgf1_md:digest
+
+ +

If set the key is restricted and can only use digest as it's MGF1 parameter.

+ +
+
rsa_pss_keygen_saltlen:len
+
+ +

If set the key is restricted and len specifies the minimum salt length.

+ +
+
+ +

EC Key Generation Options

+ +

The EC key generation options can also be used for parameter generation.

+ +
+ +
ec_paramgen_curve:curve
+
+ +

The EC curve to use. OpenSSL supports NIST curve names such as "P-256".

+ +
+
ec_param_enc:encoding
+
+ +

The encoding to use for parameters. The "encoding" parameter must be either "named_curve" or "explicit". The default value is "named_curve".

+ +
+
+ +

PARAMETER GENERATION OPTIONS

+ +

The options supported by each algorithm and indeed each implementation of an algorithm can vary. The options for the OpenSSL implementations are detailed below.

+ +

DSA Parameter Generation Options

+ +
+ +
dsa_paramgen_bits:numbits
+
+ +

The number of bits in the generated prime. If not specified 2048 is used.

+ +
+
dsa_paramgen_q_bits:numbits
+
+ +

The number of bits in the q parameter. Must be one of 160, 224 or 256. If not specified 224 is used.

+ +
+
dsa_paramgen_md:digest
+
+ +

The digest to use during parameter generation. Must be one of sha1, sha224 or sha256. If set, then the number of bits in q will match the output size of the specified digest and the dsa_paramgen_q_bits parameter will be ignored. If not set, then a digest will be used that gives an output matching the number of bits in q, i.e. sha1 if q length is 160, sha224 if it 224 or sha256 if it is 256.

+ +
+
+ +

DH Parameter Generation Options

+ +
+ +
dh_paramgen_prime_len:numbits
+
+ +

The number of bits in the prime parameter p. The default is 2048.

+ +
+
dh_paramgen_subprime_len:numbits
+
+ +

The number of bits in the sub prime parameter q. The default is 256 if the prime is at least 2048 bits long or 160 otherwise. Only relevant if used in conjunction with the dh_paramgen_type option to generate X9.42 DH parameters.

+ +
+
dh_paramgen_generator:value
+
+ +

The value to use for the generator g. The default is 2.

+ +
+
dh_paramgen_type:value
+
+ +

The type of DH parameters to generate. Use 0 for PKCS#3 DH and 1 for X9.42 DH. The default is 0.

+ +
+
dh_rfc5114:num
+
+ +

If this option is set, then the appropriate RFC5114 parameters are used instead of generating new parameters. The value num can take the values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of 1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections 2.1, 2.2 and 2.3 respectively. If present this overrides all other DH parameter options.

+ +
+
+ +

EC Parameter Generation Options

+ +

The EC parameter generation options are the same as for key generation. See "EC Key Generation Options" above.

+ +

NOTES

+ +

The use of the genpkey program is encouraged over the algorithm specific utilities because additional algorithm options and ENGINE provided algorithms can be used.

+ +

EXAMPLES

+ +

Generate an RSA private key using default parameters:

+ +
openssl genpkey -algorithm RSA -out key.pem
+ +

Encrypt output private key using 128 bit AES and the passphrase "hello":

+ +
openssl genpkey -algorithm RSA -out key.pem -aes-128-cbc -pass pass:hello
+ +

Generate a 2048 bit RSA key using 3 as the public exponent:

+ +
openssl genpkey -algorithm RSA -out key.pem \
+    -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
+ +

Generate 2048 bit DSA parameters:

+ +
openssl genpkey -genparam -algorithm DSA -out dsap.pem \
+    -pkeyopt dsa_paramgen_bits:2048
+ +

Generate DSA key from parameters:

+ +
openssl genpkey -paramfile dsap.pem -out dsakey.pem
+ +

Generate 2048 bit DH parameters:

+ +
openssl genpkey -genparam -algorithm DH -out dhp.pem \
+    -pkeyopt dh_paramgen_prime_len:2048
+ +

Generate 2048 bit X9.42 DH parameters:

+ +
openssl genpkey -genparam -algorithm DH -out dhpx.pem \
+    -pkeyopt dh_paramgen_prime_len:2048 \
+    -pkeyopt dh_paramgen_type:1
+ +

Output RFC5114 2048 bit DH parameters with 224 bit subgroup:

+ +
openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt dh_rfc5114:2
+ +

Generate DH key from parameters:

+ +
openssl genpkey -paramfile dhp.pem -out dhkey.pem
+ +

Generate EC parameters:

+ +
openssl genpkey -genparam -algorithm EC -out ecp.pem \
+       -pkeyopt ec_paramgen_curve:secp384r1 \
+       -pkeyopt ec_param_enc:named_curve
+ +

Generate EC key from parameters:

+ +
openssl genpkey -paramfile ecp.pem -out eckey.pem
+ +

Generate EC key directly:

+ +
openssl genpkey -algorithm EC -out eckey.pem \
+       -pkeyopt ec_paramgen_curve:P-384 \
+       -pkeyopt ec_param_enc:named_curve
+ +

Generate an X25519 private key:

+ +
openssl genpkey -algorithm X25519 -out xkey.pem
+ +

Generate an ED448 private key:

+ +
openssl genpkey -algorithm ED448 -out xkey.pem
+ +

HISTORY

+ +

The ability to use NIST curve names, and to generate an EC key directly, were added in OpenSSL 1.0.2. The ability to generate X25519 keys was added in OpenSSL 1.1.0. The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/genrsa.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/genrsa.html new file mode 100644 index 00000000..80ad33de --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/genrsa.html @@ -0,0 +1,123 @@ + + + + +genrsa + + + + + + + + + + +

NAME

+ +

openssl-genrsa, genrsa - generate an RSA private key

+ +

SYNOPSIS

+ +

openssl genrsa [-help] [-out filename] [-passout arg] [-aes128] [-aes192] [-aes256] [-aria128] [-aria192] [-aria256] [-camellia128] [-camellia192] [-camellia256] [-des] [-des3] [-idea] [-f4] [-3] [-rand file...] [-writerand file] [-engine id] [-primes num] [numbits]

+ +

DESCRIPTION

+ +

The genrsa command generates an RSA private key.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-out filename
+
+ +

Output the key to the specified file. If this argument is not specified then standard output is used.

+ +
+
-passout arg
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
+
+ +

These options encrypt the private key with specified cipher before outputting it. If none of these options is specified no encryption is used. If encryption is used a pass phrase is prompted for if it is not supplied via the -passout argument.

+ +
+
-F4|-3
+
+ +

The public exponent to use, either 65537 or 3. The default is 65537.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause genrsa to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-primes num
+
+ +

Specify the number of primes to use while generating the RSA key. The num parameter must be a positive integer that is greater than 1 and less than 16. If num is greater than 2, then the generated key is called a 'multi-prime' RSA key, which is defined in RFC 8017.

+ +
+
numbits
+
+ +

The size of the private key to generate in bits. This must be the last option specified. The default is 2048 and values less than 512 are not allowed.

+ +
+
+ +

NOTES

+ +

RSA private key generation essentially involves the generation of two or more prime numbers. When generating a private key various symbols will be output to indicate the progress of the generation. A . represents each number which has passed an initial sieve test, + means a number has passed a single round of the Miller-Rabin primality test, * means the current prime starts a regenerating progress due to some failed tests. A newline means that the number has passed all the prime tests (the actual number depends on the key size).

+ +

Because key generation is a random process the time taken to generate a key may vary somewhat. But in general, more primes lead to less generation time of a key.

+ +

SEE ALSO

+ +

gendsa(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/list.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/list.html new file mode 100644 index 00000000..f0c5e04b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/list.html @@ -0,0 +1,111 @@ + + + + +list + + + + + + + + + + +

NAME

+ +

openssl-list, list - list algorithms and features

+ +

SYNOPSIS

+ +

openssl list [-help] [-1] [-commands] [-digest-commands] [-digest-algorithms] [-cipher-commands] [-cipher-algorithms] [-public-key-algorithms] [-public-key-methods] [-disabled]

+ +

DESCRIPTION

+ +

This command is used to generate list of algorithms or disabled features.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Display a usage message.

+ +
+
-1
+
+ +

List the commands, digest-commands, or cipher-commands in a single column. If used, this option must be given first.

+ +
+
-commands
+
+ +

Display a list of standard commands.

+ +
+
-digest-commands
+
+ +

Display a list of message digest commands, which are typically used as input to the dgst(1) or speed(1) commands.

+ +
+
-digest-algorithms
+
+ +

Display a list of message digest algorithms. If a line is of the form foo => bar then foo is an alias for the official algorithm name, bar.

+ +
+
-cipher-commands
+
+ +

Display a list of cipher commands, which are typically used as input to the dgst(1) or speed(1) commands.

+ +
+
-cipher-algorithms
+
+ +

Display a list of cipher algorithms. If a line is of the form foo => bar then foo is an alias for the official algorithm name, bar.

+ +
+
-public-key-algorithms
+
+ +

Display a list of public key algorithms, with each algorithm as a block of multiple lines, all but the first are indented.

+ +
+
-public-key-methods
+
+ +

Display a list of public key method OIDs: this also includes public key methods without an associated ASN.1 method, for example, KDF algorithms.

+ +
+
-disabled
+
+ +

Display a list of disabled features, those that were compiled out of the installation.

+ +
+
+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/nseq.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/nseq.html new file mode 100644 index 00000000..3983f48a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/nseq.html @@ -0,0 +1,101 @@ + + + + +nseq + + + + + + + + + + +

NAME

+ +

openssl-nseq, nseq - create or examine a Netscape certificate sequence

+ +

SYNOPSIS

+ +

openssl nseq [-help] [-in filename] [-out filename] [-toseq]

+ +

DESCRIPTION

+ +

The nseq command takes a file containing a Netscape certificate sequence and prints out the certificates contained in it or takes a file of certificates and converts it into a Netscape certificate sequence.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-in filename
+
+ +

This specifies the input filename to read or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

Specifies the output filename or standard output by default.

+ +
+
-toseq
+
+ +

Normally a Netscape certificate sequence will be input and the output is the certificates contained in it. With the -toseq option the situation is reversed: a Netscape certificate sequence is created from a file of certificates.

+ +
+
+ +

EXAMPLES

+ +

Output the certificates in a Netscape certificate sequence

+ +
openssl nseq -in nseq.pem -out certs.pem
+ +

Create a Netscape certificate sequence

+ +
openssl nseq -in certs.pem -toseq -out nseq.pem
+ +

NOTES

+ +

The PEM encoded form uses the same headers and footers as a certificate:

+ +
-----BEGIN CERTIFICATE-----
+-----END CERTIFICATE-----
+ +

A Netscape certificate sequence is a Netscape specific format that can be sent to browsers as an alternative to the standard PKCS#7 format when several certificates are sent to the browser: for example during certificate enrollment. It is used by Netscape certificate server for example.

+ +

BUGS

+ +

This program needs a few more options: like allowing DER or PEM input and output files and allowing multiple certificate files to be used.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ocsp.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ocsp.html new file mode 100644 index 00000000..d8d27273 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ocsp.html @@ -0,0 +1,415 @@ + + + + +ocsp + + + + + + + + + + +

NAME

+ +

openssl-ocsp, ocsp - Online Certificate Status Protocol utility

+ +

SYNOPSIS

+ +

openssl ocsp [-help] [-out file] [-issuer file] [-cert file] [-serial n] [-signer file] [-signkey file] [-sign_other file] [-no_certs] [-req_text] [-resp_text] [-text] [-reqout file] [-respout file] [-reqin file] [-respin file] [-nonce] [-no_nonce] [-url URL] [-host host:port] [-multi process-count] [-header] [-path] [-CApath dir] [-CAfile file] [-no-CAfile] [-no-CApath] [-attime timestamp] [-check_ss_sig] [-crl_check] [-crl_check_all] [-explicit_policy] [-extended_crl] [-ignore_critical] [-inhibit_any] [-inhibit_map] [-no_check_time] [-partial_chain] [-policy arg] [-policy_check] [-policy_print] [-purpose purpose] [-suiteB_128] [-suiteB_128_only] [-suiteB_192] [-trusted_first] [-no_alt_chains] [-use_deltas] [-auth_level num] [-verify_depth num] [-verify_email email] [-verify_hostname hostname] [-verify_ip ip] [-verify_name name] [-x509_strict] [-VAfile file] [-validity_period n] [-status_age n] [-noverify] [-verify_other file] [-trust_other] [-no_intern] [-no_signature_verify] [-no_cert_verify] [-no_chain] [-no_cert_checks] [-no_explicit] [-port num] [-ignore_err] [-index file] [-CA file] [-rsigner file] [-rkey file] [-rother file] [-rsigopt nm:v] [-resp_no_certs] [-nmin n] [-ndays n] [-resp_key_id] [-nrequest n] [-digest]

+ +

DESCRIPTION

+ +

The Online Certificate Status Protocol (OCSP) enables applications to determine the (revocation) state of an identified certificate (RFC 2560).

+ +

The ocsp command performs many common OCSP tasks. It can be used to print out requests and responses, create requests and send queries to an OCSP responder and behave like a mini OCSP server itself.

+ +

OPTIONS

+ +

This command operates as either a client or a server. The options are described below, divided into those two modes.

+ +

OCSP Client Options

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-out filename
+
+ +

specify output filename, default is standard output.

+ +
+
-issuer filename
+
+ +

This specifies the current issuer certificate. This option can be used multiple times. The certificate specified in filename must be in PEM format. This option MUST come before any -cert options.

+ +
+
-cert filename
+
+ +

Add the certificate filename to the request. The issuer certificate is taken from the previous issuer option, or an error occurs if no issuer certificate is specified.

+ +
+
-serial num
+
+ +

Same as the cert option except the certificate with serial number num is added to the request. The serial number is interpreted as a decimal integer unless preceded by 0x. Negative integers can also be specified by preceding the value by a - sign.

+ +
+
-signer filename, -signkey filename
+
+ +

Sign the OCSP request using the certificate specified in the signer option and the private key specified by the signkey option. If the signkey option is not present then the private key is read from the same file as the certificate. If neither option is specified then the OCSP request is not signed.

+ +
+
-sign_other filename
+
+ +

Additional certificates to include in the signed request.

+ +
+
-nonce, -no_nonce
+
+ +

Add an OCSP nonce extension to a request or disable OCSP nonce addition. Normally if an OCSP request is input using the reqin option no nonce is added: using the nonce option will force addition of a nonce. If an OCSP request is being created (using cert and serial options) a nonce is automatically added specifying no_nonce overrides this.

+ +
+
-req_text, -resp_text, -text
+
+ +

Print out the text form of the OCSP request, response or both respectively.

+ +
+
-reqout file, -respout file
+
+ +

Write out the DER encoded certificate request or response to file.

+ +
+
-reqin file, -respin file
+
+ +

Read OCSP request or response file from file. These option are ignored if OCSP request or response creation is implied by other options (for example with serial, cert and host options).

+ +
+
-url responder_url
+
+ +

Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified.

+ +
+
-host hostname:port, -path pathname
+
+ +

If the host option is present then the OCSP request is sent to the host hostname on port port. path specifies the HTTP path name to use or "/" by default. This is equivalent to specifying -url with scheme http:// and the given hostname, port, and pathname.

+ +
+
-header name=value
+
+ +

Adds the header name with the specified value to the OCSP request that is sent to the responder. This may be repeated.

+ +
+
-timeout seconds
+
+ +

Connection timeout to the OCSP responder in seconds. On POSIX systems, when running as an OCSP responder, this option also limits the time that the responder is willing to wait for the client request. This time is measured from the time the responder accepts the connection until the complete request is received.

+ +
+
-multi process-count
+
+ +

Run the specified number of OCSP responder child processes, with the parent process respawning child processes as needed. Child processes will detect changes in the CA index file and automatically reload it. When running as a responder -timeout option is recommended to limit the time each child is willing to wait for the client's OCSP response. This option is available on POSIX systems (that support the fork() and other required unix system-calls).

+ +
+
-CAfile file, -CApath pathname
+
+ +

File or pathname containing trusted CA certificates. These are used to verify the signature on the OCSP response.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location

+ +
+
-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict
+
+ +

Set different certificate verification options. See verify(1) manual page for details.

+ +
+
-verify_other file
+
+ +

File containing additional certificates to search when attempting to locate the OCSP response signing certificate. Some responders omit the actual signer's certificate from the response: this option can be used to supply the necessary certificate in such cases.

+ +
+
-trust_other
+
+ +

The certificates specified by the -verify_other option should be explicitly trusted and no additional checks will be performed on them. This is useful when the complete responder certificate chain is not available or trusting a root CA is not appropriate.

+ +
+
-VAfile file
+
+ +

File containing explicitly trusted responder certificates. Equivalent to the -verify_other and -trust_other options.

+ +
+
-noverify
+
+ +

Don't attempt to verify the OCSP response signature or the nonce values. This option will normally only be used for debugging since it disables all verification of the responders certificate.

+ +
+
-no_intern
+
+ +

Ignore certificates contained in the OCSP response when searching for the signers certificate. With this option the signers certificate must be specified with either the -verify_other or -VAfile options.

+ +
+
-no_signature_verify
+
+ +

Don't check the signature on the OCSP response. Since this option tolerates invalid signatures on OCSP responses it will normally only be used for testing purposes.

+ +
+
-no_cert_verify
+
+ +

Don't verify the OCSP response signers certificate at all. Since this option allows the OCSP response to be signed by any certificate it should only be used for testing purposes.

+ +
+
-no_chain
+
+ +

Do not use certificates in the response as additional untrusted CA certificates.

+ +
+
-no_explicit
+
+ +

Do not explicitly trust the root CA if it is set to be trusted for OCSP signing.

+ +
+
-no_cert_checks
+
+ +

Don't perform any additional checks on the OCSP response signers certificate. That is do not make any checks to see if the signers certificate is authorised to provide the necessary status information: as a result this option should only be used for testing purposes.

+ +
+
-validity_period nsec, -status_age age
+
+ +

These options specify the range of times, in seconds, which will be tolerated in an OCSP response. Each certificate status response includes a notBefore time and an optional notAfter time. The current time should fall between these two values, but the interval between the two times may be only a few seconds. In practice the OCSP responder and clients clocks may not be precisely synchronised and so such a check may fail. To avoid this the -validity_period option can be used to specify an acceptable error range in seconds, the default value is 5 minutes.

+ +

If the notAfter time is omitted from a response then this means that new status information is immediately available. In this case the age of the notBefore field is checked to see it is not older than age seconds old. By default this additional check is not performed.

+ +
+
-digest
+
+ +

This option sets digest algorithm to use for certificate identification in the OCSP request. Any digest supported by the OpenSSL dgst command can be used. The default is SHA-1. This option may be used multiple times to specify the digest used by subsequent certificate identifiers.

+ +
+
+ +

OCSP Server Options

+ +
+ +
-index indexfile
+
+ +

The indexfile parameter is the name of a text index file in ca format containing certificate revocation information.

+ +

If the index option is specified the ocsp utility is in responder mode, otherwise it is in client mode. The request(s) the responder processes can be either specified on the command line (using issuer and serial options), supplied in a file (using the reqin option) or via external OCSP clients (if port or url is specified).

+ +

If the index option is present then the CA and rsigner options must also be present.

+ +
+
-CA file
+
+ +

CA certificate corresponding to the revocation information in indexfile.

+ +
+
-rsigner file
+
+ +

The certificate to sign OCSP responses with.

+ +
+
-rother file
+
+ +

Additional certificates to include in the OCSP response.

+ +
+
-resp_no_certs
+
+ +

Don't include any certificates in the OCSP response.

+ +
+
-resp_key_id
+
+ +

Identify the signer certificate using the key ID, default is to use the subject name.

+ +
+
-rkey file
+
+ +

The private key to sign OCSP responses with: if not present the file specified in the rsigner option is used.

+ +
+
-rsigopt nm:v
+
+ +

Pass options to the signature algorithm when signing OCSP responses. Names and values of these options are algorithm-specific.

+ +
+
-port portnum
+
+ +

Port to listen for OCSP requests on. The port may also be specified using the url option.

+ +
+
-ignore_err
+
+ +

Ignore malformed requests or responses: When acting as an OCSP client, retry if a malformed response is received. When acting as an OCSP responder, continue running instead of terminating upon receiving a malformed request.

+ +
+
-nrequest number
+
+ +

The OCSP server will exit after receiving number requests, default unlimited.

+ +
+
-nmin minutes, -ndays days
+
+ +

Number of minutes or days when fresh revocation information is available: used in the nextUpdate field. If neither option is present then the nextUpdate field is omitted meaning fresh revocation information is immediately available.

+ +
+
+ +

OCSP Response verification.

+ +

OCSP Response follows the rules specified in RFC2560.

+ +

Initially the OCSP responder certificate is located and the signature on the OCSP request checked using the responder certificate's public key.

+ +

Then a normal certificate verify is performed on the OCSP responder certificate building up a certificate chain in the process. The locations of the trusted certificates used to build the chain can be specified by the CAfile and CApath options or they will be looked for in the standard OpenSSL certificates directory.

+ +

If the initial verify fails then the OCSP verify process halts with an error.

+ +

Otherwise the issuing CA certificate in the request is compared to the OCSP responder certificate: if there is a match then the OCSP verify succeeds.

+ +

Otherwise the OCSP responder certificate's CA is checked against the issuing CA certificate in the request. If there is a match and the OCSPSigning extended key usage is present in the OCSP responder certificate then the OCSP verify succeeds.

+ +

Otherwise, if -no_explicit is not set the root CA of the OCSP responders CA is checked to see if it is trusted for OCSP signing. If it is the OCSP verify succeeds.

+ +

If none of these checks is successful then the OCSP verify fails.

+ +

What this effectively means if that if the OCSP responder certificate is authorised directly by the CA it is issuing revocation information about (and it is correctly configured) then verification will succeed.

+ +

If the OCSP responder is a "global responder" which can give details about multiple CAs and has its own separate certificate chain then its root CA can be trusted for OCSP signing. For example:

+ +
openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem
+ +

Alternatively the responder certificate itself can be explicitly trusted with the -VAfile option.

+ +

NOTES

+ +

As noted, most of the verify options are for testing or debugging purposes. Normally only the -CApath, -CAfile and (if the responder is a 'global VA') -VAfile options need to be used.

+ +

The OCSP server is only useful for test and demonstration purposes: it is not really usable as a full OCSP responder. It contains only a very simple HTTP request handling and can only handle the POST form of OCSP queries. It also handles requests serially meaning it cannot respond to new requests until it has processed the current one. The text index file format of revocation is also inefficient for large quantities of revocation data.

+ +

It is possible to run the ocsp application in responder mode via a CGI script using the reqin and respout options.

+ +

EXAMPLES

+ +

Create an OCSP request and write it to a file:

+ +
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
+ +

Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the response to a file, print it out in text form, and verify the response:

+ +
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
+    -url http://ocsp.myhost.com/ -resp_text -respout resp.der
+ +

Read in an OCSP response and print out text form:

+ +
openssl ocsp -respin resp.der -text -noverify
+ +

OCSP server on port 8888 using a standard ca configuration, and a separate responder certificate. All requests and responses are printed to a file.

+ +
openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
+       -text -out log.txt
+ +

As above but exit after processing one request:

+ +
openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
+    -nrequest 1
+ +

Query status information using an internally generated request:

+ +
openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
+    -issuer demoCA/cacert.pem -serial 1
+ +

Query status information using request read from a file, and write the response to a second file.

+ +
openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
+    -reqin req.der -respout resp.der
+ +

HISTORY

+ +

The -no_alt_chains option was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/openssl.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/openssl.html new file mode 100644 index 00000000..f90b19ce --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/openssl.html @@ -0,0 +1,712 @@ + + + + +openssl + + + + + + + + + + +

NAME

+ +

openssl - OpenSSL command line tool

+ +

SYNOPSIS

+ +

openssl command [ command_opts ] [ command_args ]

+ +

openssl list [ standard-commands | digest-commands | cipher-commands | cipher-algorithms | digest-algorithms | public-key-algorithms]

+ +

openssl no-XXX [ arbitrary options ]

+ +

DESCRIPTION

+ +

OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.

+ +

The openssl program is a command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for

+ +
o  Creation and management of private keys, public keys and parameters
+o  Public key cryptographic operations
+o  Creation of X.509 certificates, CSRs and CRLs
+o  Calculation of Message Digests
+o  Encryption and Decryption with Ciphers
+o  SSL/TLS Client and Server Tests
+o  Handling of S/MIME signed or encrypted mail
+o  Time Stamp requests, generation and verification
+ +

COMMAND SUMMARY

+ +

The openssl program provides a rich variety of commands (command in the SYNOPSIS above), each of which often has a wealth of options and arguments (command_opts and command_args in the SYNOPSIS).

+ +

Detailed documentation and use cases for most standard subcommands are available (e.g., x509(1) or openssl-x509(1)).

+ +

Many commands use an external configuration file for some or all of their arguments and have a -config option to specify that file. The environment variable OPENSSL_CONF can be used to specify the location of the file. If the environment variable is not specified, then the file is named openssl.cnf in the default certificate storage area, whose value depends on the configuration flags specified when the OpenSSL was built.

+ +

The list parameters standard-commands, digest-commands, and cipher-commands output a list (one entry per line) of the names of all standard commands, message digest commands, or cipher commands, respectively, that are available in the present openssl utility.

+ +

The list parameters cipher-algorithms and digest-algorithms list all cipher and message digest names, one entry per line. Aliases are listed as:

+ +
from => to
+ +

The list parameter public-key-algorithms lists all supported public key algorithms.

+ +

The command no-XXX tests whether a command of the specified name is available. If no command named XXX exists, it returns 0 (success) and prints no-XXX; otherwise it returns 1 and prints XXX. In both cases, the output goes to stdout and nothing is printed to stderr. Additional command line arguments are always ignored. Since for each cipher there is a command of the same name, this provides an easy way for shell scripts to test for the availability of ciphers in the openssl program. (no-XXX is not able to detect pseudo-commands such as quit, list, or no-XXX itself.)

+ +

Standard Commands

+ +
+ +
asn1parse
+
+ +

Parse an ASN.1 sequence.

+ +
+
ca
+
+ +

Certificate Authority (CA) Management.

+ +
+
ciphers
+
+ +

Cipher Suite Description Determination.

+ +
+
cms
+
+ +

CMS (Cryptographic Message Syntax) utility.

+ +
+
crl
+
+ +

Certificate Revocation List (CRL) Management.

+ +
+
crl2pkcs7
+
+ +

CRL to PKCS#7 Conversion.

+ +
+
dgst
+
+ +

Message Digest Calculation.

+ +
+
dh
+
+ +

Diffie-Hellman Parameter Management. Obsoleted by dhparam(1).

+ +
+
dhparam
+
+ +

Generation and Management of Diffie-Hellman Parameters. Superseded by genpkey(1) and pkeyparam(1).

+ +
+
dsa
+
+ +

DSA Data Management.

+ +
+
dsaparam
+
+ +

DSA Parameter Generation and Management. Superseded by genpkey(1) and pkeyparam(1).

+ +
+
ec
+
+ +

EC (Elliptic curve) key processing.

+ +
+
ecparam
+
+ +

EC parameter manipulation and generation.

+ +
+
enc
+
+ +

Encoding with Ciphers.

+ +
+
engine
+
+ +

Engine (loadable module) information and manipulation.

+ +
+
errstr
+
+ +

Error Number to Error String Conversion.

+ +
+
gendh
+
+ +

Generation of Diffie-Hellman Parameters. Obsoleted by dhparam(1).

+ +
+
gendsa
+
+ +

Generation of DSA Private Key from Parameters. Superseded by genpkey(1) and pkey(1).

+ +
+
genpkey
+
+ +

Generation of Private Key or Parameters.

+ +
+
genrsa
+
+ +

Generation of RSA Private Key. Superseded by genpkey(1).

+ +
+
nseq
+
+ +

Create or examine a Netscape certificate sequence.

+ +
+
ocsp
+
+ +

Online Certificate Status Protocol utility.

+ +
+
passwd
+
+ +

Generation of hashed passwords.

+ +
+
pkcs12
+
+ +

PKCS#12 Data Management.

+ +
+
pkcs7
+
+ +

PKCS#7 Data Management.

+ +
+
pkcs8
+
+ +

PKCS#8 format private key conversion tool.

+ +
+
pkey
+
+ +

Public and private key management.

+ +
+
pkeyparam
+
+ +

Public key algorithm parameter management.

+ +
+
pkeyutl
+
+ +

Public key algorithm cryptographic operation utility.

+ +
+
prime
+
+ +

Compute prime numbers.

+ +
+
rand
+
+ +

Generate pseudo-random bytes.

+ +
+
rehash
+
+ +

Create symbolic links to certificate and CRL files named by the hash values.

+ +
+
req
+
+ +

PKCS#10 X.509 Certificate Signing Request (CSR) Management.

+ +
+
rsa
+
+ +

RSA key management.

+ +
+
rsautl
+
+ +

RSA utility for signing, verification, encryption, and decryption. Superseded by pkeyutl(1).

+ +
+
s_client
+
+ +

This implements a generic SSL/TLS client which can establish a transparent connection to a remote server speaking SSL/TLS. It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the OpenSSL ssl library.

+ +
+
s_server
+
+ +

This implements a generic SSL/TLS server which accepts connections from remote clients speaking SSL/TLS. It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the OpenSSL ssl library. It provides both an own command line oriented protocol for testing SSL functions and a simple HTTP response facility to emulate an SSL/TLS-aware webserver.

+ +
+
s_time
+
+ +

SSL Connection Timer.

+ +
+
sess_id
+
+ +

SSL Session Data Management.

+ +
+
smime
+
+ +

S/MIME mail processing.

+ +
+
speed
+
+ +

Algorithm Speed Measurement.

+ +
+
spkac
+
+ +

SPKAC printing and generating utility.

+ +
+
srp
+
+ +

Maintain SRP password file.

+ +
+
storeutl
+
+ +

Utility to list and display certificates, keys, CRLs, etc.

+ +
+
ts
+
+ +

Time Stamping Authority tool (client/server).

+ +
+
verify
+
+ +

X.509 Certificate Verification.

+ +
+
version
+
+ +

OpenSSL Version Information.

+ +
+
x509
+
+ +

X.509 Certificate Data Management.

+ +
+
+ +

Message Digest Commands

+ +
+ +
blake2b512
+
+ +

BLAKE2b-512 Digest

+ +
+
blake2s256
+
+ +

BLAKE2s-256 Digest

+ +
+
md2
+
+ +

MD2 Digest

+ +
+
md4
+
+ +

MD4 Digest

+ +
+
md5
+
+ +

MD5 Digest

+ +
+
mdc2
+
+ +

MDC2 Digest

+ +
+
rmd160
+
+ +

RMD-160 Digest

+ +
+
sha1
+
+ +

SHA-1 Digest

+ +
+
sha224
+
+ +

SHA-2 224 Digest

+ +
+
sha256
+
+ +

SHA-2 256 Digest

+ +
+
sha384
+
+ +

SHA-2 384 Digest

+ +
+
sha512
+
+ +

SHA-2 512 Digest

+ +
+
sha3-224
+
+ +

SHA-3 224 Digest

+ +
+
sha3-256
+
+ +

SHA-3 256 Digest

+ +
+
sha3-384
+
+ +

SHA-3 384 Digest

+ +
+
sha3-512
+
+ +

SHA-3 512 Digest

+ +
+
shake128
+
+ +

SHA-3 SHAKE128 Digest

+ +
+
shake256
+
+ +

SHA-3 SHAKE256 Digest

+ +
+
sm3
+
+ +

SM3 Digest

+ +
+
+ +

Encoding and Cipher Commands

+ +

The following aliases provide convenient access to the most used encodings and ciphers.

+ +

Depending on how OpenSSL was configured and built, not all ciphers listed here may be present. See enc(1) for more information and command usage.

+ +
+ +
aes128, aes-128-cbc, aes-128-cfb, aes-128-ctr, aes-128-ecb, aes-128-ofb
+
+ +

AES-128 Cipher

+ +
+
aes192, aes-192-cbc, aes-192-cfb, aes-192-ctr, aes-192-ecb, aes-192-ofb
+
+ +

AES-192 Cipher

+ +
+
aes256, aes-256-cbc, aes-256-cfb, aes-256-ctr, aes-256-ecb, aes-256-ofb
+
+ +

AES-256 Cipher

+ +
+
aria128, aria-128-cbc, aria-128-cfb, aria-128-ctr, aria-128-ecb, aria-128-ofb
+
+ +

Aria-128 Cipher

+ +
+
aria192, aria-192-cbc, aria-192-cfb, aria-192-ctr, aria-192-ecb, aria-192-ofb
+
+ +

Aria-192 Cipher

+ +
+
aria256, aria-256-cbc, aria-256-cfb, aria-256-ctr, aria-256-ecb, aria-256-ofb
+
+ +

Aria-256 Cipher

+ +
+
base64
+
+ +

Base64 Encoding

+ +
+
bf, bf-cbc, bf-cfb, bf-ecb, bf-ofb
+
+ +

Blowfish Cipher

+ +
+
camellia128, camellia-128-cbc, camellia-128-cfb, camellia-128-ctr, camellia-128-ecb, camellia-128-ofb
+
+ +

Camellia-128 Cipher

+ +
+
camellia192, camellia-192-cbc, camellia-192-cfb, camellia-192-ctr, camellia-192-ecb, camellia-192-ofb
+
+ +

Camellia-192 Cipher

+ +
+
camellia256, camellia-256-cbc, camellia-256-cfb, camellia-256-ctr, camellia-256-ecb, camellia-256-ofb
+
+ +

Camellia-256 Cipher

+ +
+
cast, cast-cbc
+
+ +

CAST Cipher

+ +
+
cast5-cbc, cast5-cfb, cast5-ecb, cast5-ofb
+
+ +

CAST5 Cipher

+ +
+
chacha20
+
+ +

Chacha20 Cipher

+ +
+
des, des-cbc, des-cfb, des-ecb, des-ede, des-ede-cbc, des-ede-cfb, des-ede-ofb, des-ofb
+
+ +

DES Cipher

+ +
+
des3, desx, des-ede3, des-ede3-cbc, des-ede3-cfb, des-ede3-ofb
+
+ +

Triple-DES Cipher

+ +
+
idea, idea-cbc, idea-cfb, idea-ecb, idea-ofb
+
+ +

IDEA Cipher

+ +
+
rc2, rc2-cbc, rc2-cfb, rc2-ecb, rc2-ofb
+
+ +

RC2 Cipher

+ +
+
rc4
+
+ +

RC4 Cipher

+ +
+
rc5, rc5-cbc, rc5-cfb, rc5-ecb, rc5-ofb
+
+ +

RC5 Cipher

+ +
+
seed, seed-cbc, seed-cfb, seed-ecb, seed-ofb
+
+ +

SEED Cipher

+ +
+
sm4, sm4-cbc, sm4-cfb, sm4-ctr, sm4-ecb, sm4-ofb
+
+ +

SM4 Cipher

+ +
+
+ +

OPTIONS

+ +

Details of which options are available depend on the specific command. This section describes some common options with common behavior.

+ +

Common Options

+ +
+ +
-help
+
+ +

Provides a terse summary of all options.

+ +
+
+ +

Pass Phrase Options

+ +

Several commands accept password arguments, typically using -passin and -passout for input and output passwords respectively. These allow the password to be obtained from a variety of sources. Both of these options take a single argument whose format is described below. If no password argument is given and a password is required then the user is prompted to enter one: this will typically be read from the current terminal with echoing turned off.

+ +

Note that character encoding may be relevant, please see passphrase-encoding(7).

+ +
+ +
pass:password
+
+ +

The actual password is password. Since the password is visible to utilities (like 'ps' under Unix) this form should only be used where security is not important.

+ +
+
env:var
+
+ +

Obtain the password from the environment variable var. Since the environment of other processes is visible on certain platforms (e.g. ps under certain Unix OSes) this option should be used with caution.

+ +
+
file:pathname
+
+ +

The first line of pathname is the password. If the same pathname argument is supplied to -passin and -passout arguments then the first line will be used for the input password and the next line for the output password. pathname need not refer to a regular file: it could for example refer to a device or named pipe.

+ +
+
fd:number
+
+ +

Read the password from the file descriptor number. This can be used to send the data via a pipe for example.

+ +
+
stdin
+
+ +

Read the password from standard input.

+ +
+
+ +

SEE ALSO

+ +

asn1parse(1), ca(1), ciphers(1), cms(1), config(5), crl(1), crl2pkcs7(1), dgst(1), dhparam(1), dsa(1), dsaparam(1), ec(1), ecparam(1), enc(1), engine(1), errstr(1), gendsa(1), genpkey(1), genrsa(1), nseq(1), ocsp(1), passwd(1), pkcs12(1), pkcs7(1), pkcs8(1), pkey(1), pkeyparam(1), pkeyutl(1), prime(1), rand(1), rehash(1), req(1), rsa(1), rsautl(1), s_client(1), s_server(1), s_time(1), sess_id(1), smime(1), speed(1), spkac(1), srp(1), storeutl(1), ts(1), verify(1), version(1), x509(1), crypto(7), ssl(7), x509v3_config(5)

+ +

HISTORY

+ +

The list-XXX-algorithms pseudo-commands were added in OpenSSL 1.0.0; For notes on the availability of other commands, see their individual manual pages.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/passwd.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/passwd.html new file mode 100644 index 00000000..30e8706a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/passwd.html @@ -0,0 +1,154 @@ + + + + +passwd + + + + + + + + + + +

NAME

+ +

openssl-passwd, passwd - compute password hashes

+ +

SYNOPSIS

+ +

openssl passwd [-help] [-crypt] [-1] [-apr1] [-aixmd5] [-5] [-6] [-salt string] [-in file] [-stdin] [-noverify] [-quiet] [-table] [-rand file...] [-writerand file] {password}

+ +

DESCRIPTION

+ +

The passwd command computes the hash of a password typed at run-time or the hash of each password in a list. The password list is taken from the named file for option -in file, from stdin for option -stdin, or from the command line, or from the terminal otherwise. The Unix standard algorithm crypt and the MD5-based BSD password algorithm 1, its Apache variant apr1, and its AIX variant are available.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-crypt
+
+ +

Use the crypt algorithm (default).

+ +
+
-1
+
+ +

Use the MD5 based BSD password algorithm 1.

+ +
+
-apr1
+
+ +

Use the apr1 algorithm (Apache variant of the BSD algorithm).

+ +
+
-aixmd5
+
+ +

Use the AIX MD5 algorithm (AIX variant of the BSD algorithm).

+ +
+
-5
+
+ +
+
-6
+
+ +

Use the SHA256 / SHA512 based algorithms defined by Ulrich Drepper. See https://www.akkadia.org/drepper/SHA-crypt.txt.

+ +
+
-salt string
+
+ +

Use the specified salt. When reading a password from the terminal, this implies -noverify.

+ +
+
-in file
+
+ +

Read passwords from file.

+ +
+
-stdin
+
+ +

Read passwords from stdin.

+ +
+
-noverify
+
+ +

Don't verify when reading a password from the terminal.

+ +
+
-quiet
+
+ +

Don't output warnings when passwords given at the command line are truncated.

+ +
+
-table
+
+ +

In the output list, prepend the cleartext password and a TAB character to each password hash.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
+ +

EXAMPLES

+ +
% openssl passwd -crypt -salt xx password
+xxj31ZMTZzkVA
+
+% openssl passwd -1 -salt xxxxxxxx password
+$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.
+
+% openssl passwd -apr1 -salt xxxxxxxx password
+$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0
+
+% openssl passwd -aixmd5 -salt xxxxxxxx password
+xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/
+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkcs12.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkcs12.html new file mode 100644 index 00000000..4a8cf87c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkcs12.html @@ -0,0 +1,379 @@ + + + + +pkcs12 + + + + + + + + + + +

NAME

+ +

openssl-pkcs12, pkcs12 - PKCS#12 file utility

+ +

SYNOPSIS

+ +

openssl pkcs12 [-help] [-export] [-chain] [-inkey file_or_id] [-certfile filename] [-name name] [-caname name] [-in filename] [-out filename] [-noout] [-nomacver] [-nocerts] [-clcerts] [-cacerts] [-nokeys] [-info] [-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -aria128 | -aria192 | -aria256 | -camellia128 | -camellia192 | -camellia256 | -nodes] [-noiter] [-maciter | -nomaciter | -nomac] [-twopass] [-descert] [-certpbe cipher] [-keypbe cipher] [-macalg digest] [-keyex] [-keysig] [-password arg] [-passin arg] [-passout arg] [-rand file...] [-writerand file] [-CAfile file] [-CApath dir] [-no-CAfile] [-no-CApath] [-CSP name]

+ +

DESCRIPTION

+ +

The pkcs12 command allows PKCS#12 files (sometimes referred to as PFX files) to be created and parsed. PKCS#12 files are used by several programs including Netscape, MSIE and MS Outlook.

+ +

OPTIONS

+ +

There are a lot of options the meaning of some depends of whether a PKCS#12 file is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 file can be created by using the -export option (see below).

+ +

PARSING OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-in filename
+
+ +

This specifies filename of the PKCS#12 file to be parsed. Standard input is used by default.

+ +
+
-out filename
+
+ +

The filename to write certificates and private keys to, standard output by default. They are all written in PEM format.

+ +
+
-passin arg
+
+ +

The PKCS#12 file (i.e. input file) password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-passout arg
+
+ +

Pass phrase source to encrypt any outputted private keys with. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-password arg
+
+ +

With -export, -password is equivalent to -passout. Otherwise, -password is equivalent to -passin.

+ +
+
-noout
+
+ +

This option inhibits output of the keys and certificates to the output file version of the PKCS#12 file.

+ +
+
-clcerts
+
+ +

Only output client certificates (not CA certificates).

+ +
+
-cacerts
+
+ +

Only output CA certificates (not client certificates).

+ +
+
-nocerts
+
+ +

No certificates at all will be output.

+ +
+
-nokeys
+
+ +

No private keys will be output.

+ +
+
-info
+
+ +

Output additional information about the PKCS#12 file structure, algorithms used and iteration counts.

+ +
+
-des
+
+ +

Use DES to encrypt private keys before outputting.

+ +
+
-des3
+
+ +

Use triple DES to encrypt private keys before outputting, this is the default.

+ +
+
-idea
+
+ +

Use IDEA to encrypt private keys before outputting.

+ +
+
-aes128, -aes192, -aes256
+
+ +

Use AES to encrypt private keys before outputting.

+ +
+
-aria128, -aria192, -aria256
+
+ +

Use ARIA to encrypt private keys before outputting.

+ +
+
-camellia128, -camellia192, -camellia256
+
+ +

Use Camellia to encrypt private keys before outputting.

+ +
+
-nodes
+
+ +

Don't encrypt the private keys at all.

+ +
+
-nomacver
+
+ +

Don't attempt to verify the integrity MAC before reading the file.

+ +
+
-twopass
+
+ +

Prompt for separate integrity and encryption passwords: most software always assumes these are the same so this option will render such PKCS#12 files unreadable. Cannot be used in combination with the options -password, -passin (if importing) or -passout (if exporting).

+ +
+
+ +

FILE CREATION OPTIONS

+ +
+ +
-export
+
+ +

This option specifies that a PKCS#12 file will be created rather than parsed.

+ +
+
-out filename
+
+ +

This specifies filename to write the PKCS#12 file to. Standard output is used by default.

+ +
+
-in filename
+
+ +

The filename to read certificates and private keys from, standard input by default. They must all be in PEM format. The order doesn't matter but one private key and its corresponding certificate should be present. If additional certificates are present they will also be included in the PKCS#12 file.

+ +
+
-inkey file_or_id
+
+ +

File to read private key from. If not present then a private key must be present in the input file. If no engine is used, the argument is taken as a file; if an engine is specified, the argument is given to the engine as a key identifier.

+ +
+
-name friendlyname
+
+ +

This specifies the "friendly name" for the certificate and private key. This name is typically displayed in list boxes by software importing the file.

+ +
+
-certfile filename
+
+ +

A filename to read additional certificates from.

+ +
+
-caname friendlyname
+
+ +

This specifies the "friendly name" for other certificates. This option may be used multiple times to specify names for all certificates in the order they appear. Netscape ignores friendly names on other certificates whereas MSIE displays them.

+ +
+
-pass arg, -passout arg
+
+ +

The PKCS#12 file (i.e. output file) password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-passin password
+
+ +

Pass phrase source to decrypt any input private keys with. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-chain
+
+ +

If this option is present then an attempt is made to include the entire certificate chain of the user certificate. The standard CA store is used for this search. If the search fails it is considered a fatal error.

+ +
+
-descert
+
+ +

Encrypt the certificate using triple DES, this may render the PKCS#12 file unreadable by some "export grade" software. By default the private key is encrypted using triple DES and the certificate using 40 bit RC2 unless RC2 is disabled in which case triple DES is used.

+ +
+
-keypbe alg, -certpbe alg
+
+ +

These options allow the algorithm used to encrypt the private key and certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used (see NOTES section for more information). If a cipher name (as output by the list-cipher-algorithms command is specified then it is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only use PKCS#12 algorithms.

+ +
+
-keyex|-keysig
+
+ +

Specifies that the private key is to be used for key exchange or just signing. This option is only interpreted by MSIE and similar MS software. Normally "export grade" software will only allow 512 bit RSA keys to be used for encryption purposes but arbitrary length keys for signing. The -keysig option marks the key for signing only. Signing only keys can be used for S/MIME signing, authenticode (ActiveX control signing) and SSL client authentication, however due to a bug only MSIE 5.0 and later support the use of signing only keys for SSL client authentication.

+ +
+
-macalg digest
+
+ +

Specify the MAC digest algorithm. If not included them SHA1 will be used.

+ +
+
-nomaciter, -noiter
+
+ +

These options affect the iteration counts on the MAC and key algorithms. Unless you wish to produce files compatible with MSIE 4.0 you should leave these options alone.

+ +

To discourage attacks by using large dictionaries of common passwords the algorithm that derives keys from passwords can have an iteration count applied to it: this causes a certain part of the algorithm to be repeated and slows it down. The MAC is used to check the file integrity but since it will normally have the same password as the keys and certificates it could also be attacked. By default both MAC and encryption iteration counts are set to 2048, using these options the MAC and encryption iteration counts can be set to 1, since this reduces the file security you should not use these options unless you really have to. Most software supports both MAC and key iteration counts. MSIE 4.0 doesn't support MAC iteration counts so it needs the -nomaciter option.

+ +
+
-maciter
+
+ +

This option is included for compatibility with previous versions, it used to be needed to use MAC iterations counts but they are now used by default.

+ +
+
-nomac
+
+ +

Don't attempt to provide the MAC integrity.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-CAfile file
+
+ +

CA storage as a file.

+ +
+
-CApath dir
+
+ +

CA storage as a directory. This directory must be a standard certificate directory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location.

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location.

+ +
+
-CSP name
+
+ +

Write name as a Microsoft CSP name.

+ +
+
+ +

NOTES

+ +

Although there are a large number of options most of them are very rarely used. For PKCS#12 file parsing only -in and -out need to be used for PKCS#12 file creation -export and -name are also used.

+ +

If none of the -clcerts, -cacerts or -nocerts options are present then all certificates will be output in the order they appear in the input PKCS#12 files. There is no guarantee that the first certificate present is the one corresponding to the private key. Certain software which requires a private key and certificate and assumes the first certificate in the file is the one corresponding to the private key: this may not always be the case. Using the -clcerts option will solve this problem by only outputting the certificate corresponding to the private key. If the CA certificates are required then they can be output to a separate file using the -nokeys -cacerts options to just output CA certificates.

+ +

The -keypbe and -certpbe algorithms allow the precise encryption algorithms for private keys and certificates to be specified. Normally the defaults are fine but occasionally software can't handle triple DES encrypted private keys, then the option -keypbe PBE-SHA1-RC2-40 can be used to reduce the private key encryption to 40 bit RC2. A complete description of all algorithms is contained in the pkcs8 manual page.

+ +

Prior 1.1 release passwords containing non-ASCII characters were encoded in non-compliant manner, which limited interoperability, in first hand with Windows. But switching to standard-compliant password encoding poses problem accessing old data protected with broken encoding. For this reason even legacy encodings is attempted when reading the data. If you use PKCS#12 files in production application you are advised to convert the data, because implemented heuristic approach is not MT-safe, its sole goal is to facilitate the data upgrade with this utility.

+ +

EXAMPLES

+ +

Parse a PKCS#12 file and output it to a file:

+ +
openssl pkcs12 -in file.p12 -out file.pem
+ +

Output only client certificates to a file:

+ +
openssl pkcs12 -in file.p12 -clcerts -out file.pem
+ +

Don't encrypt the private key:

+ +
openssl pkcs12 -in file.p12 -out file.pem -nodes
+ +

Print some info about a PKCS#12 file:

+ +
openssl pkcs12 -in file.p12 -info -noout
+ +

Create a PKCS#12 file:

+ +
openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate"
+ +

Include some extra certificates:

+ +
openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \
+ -certfile othercerts.pem
+ +

SEE ALSO

+ +

pkcs8(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkcs7.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkcs7.html new file mode 100644 index 00000000..1bebd969 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkcs7.html @@ -0,0 +1,141 @@ + + + + +pkcs7 + + + + + + + + + + +

NAME

+ +

openssl-pkcs7, pkcs7 - PKCS#7 utility

+ +

SYNOPSIS

+ +

openssl pkcs7 [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out filename] [-print_certs] [-text] [-noout] [-engine id]

+ +

DESCRIPTION

+ +

The pkcs7 command processes PKCS#7 files in DER or PEM format.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. DER format is DER encoded PKCS#7 v1.5 structure.PEM (the default) is a base64 encoded version of the DER form with header and footer lines.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

Specifies the output filename to write to or standard output by default.

+ +
+ +
+ +

Prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format.

+ +
+
-text
+
+ +

Prints out certificates details in full rather than just subject and issuer names.

+ +
+
-noout
+
+ +

Don't output the encoded version of the PKCS#7 structure (or certificates is -print_certs is set).

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause pkcs7 to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

EXAMPLES

+ +

Convert a PKCS#7 file from PEM to DER:

+ +
openssl pkcs7 -in file.pem -outform DER -out file.der
+ +

Output all certificates in a file:

+ +
openssl pkcs7 -in file.pem -print_certs -out certs.pem
+ +

NOTES

+ +

The PEM PKCS#7 format uses the header and footer lines:

+ +
-----BEGIN PKCS7-----
+-----END PKCS7-----
+ +

For compatibility with some CAs it will also accept:

+ +
-----BEGIN CERTIFICATE-----
+-----END CERTIFICATE-----
+ +

RESTRICTIONS

+ +

There is no option to print out all the fields of a PKCS#7 file.

+ +

This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they cannot currently parse, for example, the new CMS as described in RFC2630.

+ +

SEE ALSO

+ +

crl2pkcs7(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkcs8.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkcs8.html new file mode 100644 index 00000000..be9b789b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkcs8.html @@ -0,0 +1,291 @@ + + + + +pkcs8 + + + + + + + + + + +

NAME

+ +

openssl-pkcs8, pkcs8 - PKCS#8 format private key conversion tool

+ +

SYNOPSIS

+ +

openssl pkcs8 [-help] [-topk8] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-iter count] [-noiter] [-rand file...] [-writerand file] [-nocrypt] [-traditional] [-v2 alg] [-v2prf alg] [-v1 alg] [-engine id] [-scrypt] [-scrypt_N N] [-scrypt_r r] [-scrypt_p p]

+ +

DESCRIPTION

+ +

The pkcs8 command processes private keys in PKCS#8 format. It can handle both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-topk8
+
+ +

Normally a PKCS#8 private key is expected on input and a private key will be written to the output file. With the -topk8 option the situation is reversed: it reads a private key and writes a PKCS#8 format key.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format: see "KEY FORMATS" for more details. The default format is PEM.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format: see "KEY FORMATS" for more details. The default format is PEM.

+ +
+
-traditional
+
+ +

When this option is present and -topk8 is not a traditional format private key is written.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for.

+ +
+
-passin arg
+
+ +

The input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-out filename
+
+ +

This specifies the output filename to write a key to or standard output by default. If any encryption options are set then a pass phrase will be prompted for. The output filename should not be the same as the input filename.

+ +
+
-passout arg
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-iter count
+
+ +

When creating new PKCS#8 containers, use a given number of iterations on the password in deriving the encryption key for the PKCS#8 output. High values increase the time required to brute-force a PKCS#8 container.

+ +
+
-nocrypt
+
+ +

PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo structures using an appropriate password based encryption algorithm. With this option an unencrypted PrivateKeyInfo structure is expected or output. This option does not encrypt private keys at all and should only be used when absolutely necessary. Certain software such as some versions of Java code signing software used unencrypted private keys.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-v2 alg
+
+ +

This option sets the PKCS#5 v2.0 algorithm.

+ +

The alg argument is the encryption algorithm to use, valid values include aes128, aes256 and des3. If this option isn't specified then aes256 is used.

+ +
+
-v2prf alg
+
+ +

This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value value would be hmacWithSHA256. If this option isn't set then the default for the cipher is used or hmacWithSHA256 if there is no default.

+ +

Some implementations may not support custom PRF algorithms and may require the hmacWithSHA1 option to work.

+ +
+
-v1 alg
+
+ +

This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some older implementations may not support PKCS#5 v2.0 and may require this option. If not specified PKCS#5 v2.0 form is used.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause pkcs8 to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-scrypt
+
+ +

Uses the scrypt algorithm for private key encryption using default parameters: currently N=16384, r=8 and p=1 and AES in CBC mode with a 256 bit key. These parameters can be modified using the -scrypt_N, -scrypt_r, -scrypt_p and -v2 options.

+ +
+
-scrypt_N N -scrypt_r r -scrypt_p p
+
+ +

Sets the scrypt N, r or p parameters.

+ +
+
+ +

KEY FORMATS

+ +

Various different formats are used by the pkcs8 utility. These are detailed below.

+ +

If a key is being converted from PKCS#8 form (i.e. the -topk8 option is not used) then the input file must be in PKCS#8 format. An encrypted key is expected unless -nocrypt is included.

+ +

If -topk8 is not used and PEM mode is set the output file will be an unencrypted private key in PKCS#8 format. If the -traditional option is used then a traditional format private key is written instead.

+ +

If -topk8 is not used and DER mode is set the output file will be an unencrypted private key in traditional DER format.

+ +

If -topk8 is used then any supported private key can be used for the input file in a format specified by -inform. The output file will be encrypted PKCS#8 format using the specified encryption parameters unless -nocrypt is included.

+ +

NOTES

+ +

By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit AES with HMAC and SHA256 is used.

+ +

Some older implementations do not support PKCS#5 v2.0 format and require the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak encryption algorithms such as 56 bit DES.

+ +

The encrypted form of a PEM encode PKCS#8 files uses the following headers and footers:

+ +
-----BEGIN ENCRYPTED PRIVATE KEY-----
+-----END ENCRYPTED PRIVATE KEY-----
+ +

The unencrypted form uses:

+ +
-----BEGIN PRIVATE KEY-----
+-----END PRIVATE KEY-----
+ +

Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts are more secure that those encrypted using the traditional SSLeay compatible formats. So if additional security is considered important the keys should be converted.

+ +

It is possible to write out DER encoded encrypted private keys in PKCS#8 format because the encryption details are included at an ASN1 level whereas the traditional format includes them at a PEM level.

+ +

PKCS#5 v1.5 and PKCS#12 algorithms.

+ +

Various algorithms can be used with the -v1 command line option, including PKCS#5 v1.5 and PKCS#12. These are described in more detail below.

+ +
+ +
PBE-MD2-DES PBE-MD5-DES
+
+ +

These algorithms were included in the original PKCS#5 v1.5 specification. They only offer 56 bits of protection since they both use DES.

+ +
+
PBE-SHA1-RC2-64, PBE-MD2-RC2-64, PBE-MD5-RC2-64, PBE-SHA1-DES
+
+ +

These algorithms are not mentioned in the original PKCS#5 v1.5 specification but they use the same key derivation algorithm and are supported by some software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or 56 bit DES.

+ +
+
PBE-SHA1-RC4-128, PBE-SHA1-RC4-40, PBE-SHA1-3DES, PBE-SHA1-2DES, PBE-SHA1-RC2-128, PBE-SHA1-RC2-40
+
+ +

These algorithms use the PKCS#12 password based encryption algorithm and allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.

+ +
+
+ +

EXAMPLES

+ +

Convert a private key to PKCS#8 format using default parameters (AES with 256 bit key and hmacWithSHA256):

+ +
openssl pkcs8 -in key.pem -topk8 -out enckey.pem
+ +

Convert a private key to PKCS#8 unencrypted format:

+ +
openssl pkcs8 -in key.pem -topk8 -nocrypt -out enckey.pem
+ +

Convert a private key to PKCS#5 v2.0 format using triple DES:

+ +
openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
+ +

Convert a private key to PKCS#5 v2.0 format using AES with 256 bits in CBC mode and hmacWithSHA512 PRF:

+ +
openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA512 -out enckey.pem
+ +

Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm (DES):

+ +
openssl pkcs8 -in key.pem -topk8 -v1 PBE-MD5-DES -out enckey.pem
+ +

Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm (3DES):

+ +
openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES
+ +

Read a DER unencrypted PKCS#8 format private key:

+ +
openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
+ +

Convert a private key from any PKCS#8 encrypted format to traditional format:

+ +
openssl pkcs8 -in pk8.pem -traditional -out key.pem
+ +

Convert a private key to PKCS#8 format, encrypting with AES-256 and with one million iterations of the password:

+ +
openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
+ +

STANDARDS

+ +

Test vectors from this PKCS#5 v2.0 implementation were posted to the pkcs-tng mailing list using triple DES, DES and RC2 with high iteration counts, several people confirmed that they could decrypt the private keys produced and Therefore it can be assumed that the PKCS#5 v2.0 implementation is reasonably accurate at least as far as these algorithms are concerned.

+ +

The format of PKCS#8 DSA (and other) private keys is not well documented: it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA PKCS#8 private key format complies with this standard.

+ +

BUGS

+ +

There should be an option that prints out the encryption algorithm in use and other details such as the iteration count.

+ +

SEE ALSO

+ +

dsa(1), rsa(1), genrsa(1), gendsa(1)

+ +

HISTORY

+ +

The -iter option was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkey.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkey.html new file mode 100644 index 00000000..9ee24a3b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkey.html @@ -0,0 +1,185 @@ + + + + +pkey + + + + + + + + + + +

NAME

+ +

openssl-pkey, pkey - public or private key processing tool

+ +

SYNOPSIS

+ +

openssl pkey [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-traditional] [-cipher] [-text] [-text_pub] [-noout] [-pubin] [-pubout] [-engine id] [-check] [-pubcheck]

+ +

DESCRIPTION

+ +

The pkey command processes public or private keys. They can be converted between various forms and their components printed out.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format DER or PEM. The default format is PEM.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for.

+ +
+
-passin arg
+
+ +

The input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-out filename
+
+ +

This specifies the output filename to write a key to or standard output if this option is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should not be the same as the input filename.

+ +
+
-passout password
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-traditional
+
+ +

Normally a private key is written using standard format: this is PKCS#8 form with the appropriate encryption algorithm (if any). If the -traditional option is specified then the older "traditional" format is used instead.

+ +
+
-cipher
+
+ +

These options encrypt the private key with the supplied cipher. Any algorithm name accepted by EVP_get_cipherbyname() is acceptable such as des3.

+ +
+
-text
+
+ +

Prints out the various public or private key components in plain text in addition to the encoded version.

+ +
+
-text_pub
+
+ +

Print out only public key components even if a private key is being processed.

+ +
+
-noout
+
+ +

Do not output the encoded version of the key.

+ +
+
-pubin
+
+ +

By default a private key is read from the input file: with this option a public key is read instead.

+ +
+
-pubout
+
+ +

By default a private key is output: with this option a public key will be output instead. This option is automatically set if the input is a public key.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause pkey to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-check
+
+ +

This option checks the consistency of a key pair for both public and private components.

+ +
+
-pubcheck
+
+ +

This option checks the correctness of either a public key or the public component of a key pair.

+ +
+
+ +

EXAMPLES

+ +

To remove the pass phrase on an RSA private key:

+ +
openssl pkey -in key.pem -out keyout.pem
+ +

To encrypt a private key using triple DES:

+ +
openssl pkey -in key.pem -des3 -out keyout.pem
+ +

To convert a private key from PEM to DER format:

+ +
openssl pkey -in key.pem -outform DER -out keyout.der
+ +

To print out the components of a private key to standard output:

+ +
openssl pkey -in key.pem -text -noout
+ +

To print out the public components of a private key to standard output:

+ +
openssl pkey -in key.pem -text_pub -noout
+ +

To just output the public part of a private key:

+ +
openssl pkey -in key.pem -pubout -out pubkey.pem
+ +

SEE ALSO

+ +

genpkey(1), rsa(1), pkcs8(1), dsa(1), genrsa(1), gendsa(1)

+ +

COPYRIGHT

+ +

Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkeyparam.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkeyparam.html new file mode 100644 index 00000000..0e763dac --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkeyparam.html @@ -0,0 +1,110 @@ + + + + +pkeyparam + + + + + + + + + + +

NAME

+ +

openssl-pkeyparam, pkeyparam - public key algorithm parameter processing tool

+ +

SYNOPSIS

+ +

openssl pkeyparam [-help] [-in filename] [-out filename] [-text] [-noout] [-engine id] [-check]

+ +

DESCRIPTION

+ +

The pkeyparam command processes public key algorithm parameters. They can be checked for correctness and their components printed out.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-in filename
+
+ +

This specifies the input filename to read parameters from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

This specifies the output filename to write parameters to or standard output if this option is not specified.

+ +
+
-text
+
+ +

Prints out the parameters in plain text in addition to the encoded version.

+ +
+
-noout
+
+ +

Do not output the encoded version of the parameters.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause pkeyparam to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-check
+
+ +

This option checks the correctness of parameters.

+ +
+
+ +

EXAMPLES

+ +

Print out text version of parameters:

+ +
openssl pkeyparam -in param.pem -text
+ +

NOTES

+ +

There are no -inform or -outform options for this command because only PEM format is supported because the key type is determined by the PEM headers.

+ +

SEE ALSO

+ +

genpkey(1), rsa(1), pkcs8(1), dsa(1), genrsa(1), gendsa(1)

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkeyutl.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkeyutl.html new file mode 100644 index 00000000..9a7e88c7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/pkeyutl.html @@ -0,0 +1,331 @@ + + + + +pkeyutl + + + + + + + + + + +

NAME

+ +

openssl-pkeyutl, pkeyutl - public key algorithm utility

+ +

SYNOPSIS

+ +

openssl pkeyutl [-help] [-in file] [-out file] [-sigfile file] [-inkey file] [-keyform PEM|DER|ENGINE] [-passin arg] [-peerkey file] [-peerform PEM|DER|ENGINE] [-pubin] [-certin] [-rev] [-sign] [-verify] [-verifyrecover] [-encrypt] [-decrypt] [-derive] [-kdf algorithm] [-kdflen length] [-pkeyopt opt:value] [-hexdump] [-asn1parse] [-rand file...] [-writerand file] [-engine id] [-engine_impl]

+ +

DESCRIPTION

+ +

The pkeyutl command can be used to perform low level public key operations using any supported algorithm.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-in filename
+
+ +

This specifies the input filename to read data from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

Specifies the output filename to write to or standard output by default.

+ +
+
-sigfile file
+
+ +

Signature file, required for verify operations only

+ +
+
-inkey file
+
+ +

The input key file, by default it should be a private key.

+ +
+
-keyform PEM|DER|ENGINE
+
+ +

The key format PEM, DER or ENGINE. Default is PEM.

+ +
+
-passin arg
+
+ +

The input key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-peerkey file
+
+ +

The peer key file, used by key derivation (agreement) operations.

+ +
+
-peerform PEM|DER|ENGINE
+
+ +

The peer key format PEM, DER or ENGINE. Default is PEM.

+ +
+
-pubin
+
+ +

The input file is a public key.

+ +
+
-certin
+
+ +

The input is a certificate containing a public key.

+ +
+
-rev
+
+ +

Reverse the order of the input buffer. This is useful for some libraries (such as CryptoAPI) which represent the buffer in little endian format.

+ +
+
-sign
+
+ +

Sign the input data (which must be a hash) and output the signed result. This requires a private key.

+ +
+
-verify
+
+ +

Verify the input data (which must be a hash) against the signature file and indicate if the verification succeeded or failed.

+ +
+
-verifyrecover
+
+ +

Verify the input data (which must be a hash) and output the recovered data.

+ +
+
-encrypt
+
+ +

Encrypt the input data using a public key.

+ +
+
-decrypt
+
+ +

Decrypt the input data using a private key.

+ +
+
-derive
+
+ +

Derive a shared secret using the peer key.

+ +
+
-kdf algorithm
+
+ +

Use key derivation function algorithm. The supported algorithms are at present TLS1-PRF and HKDF. Note: additional parameters and the KDF output length will normally have to be set for this to work. See EVP_PKEY_CTX_set_hkdf_md(3) and EVP_PKEY_CTX_set_tls1_prf_md(3) for the supported string parameters of each algorithm.

+ +
+
-kdflen length
+
+ +

Set the output length for KDF.

+ +
+
-pkeyopt opt:value
+
+ +

Public key options specified as opt:value. See NOTES below for more details.

+ +
+
-hexdump
+
+ +

hex dump the output data.

+ +
+
-asn1parse
+
+ +

Parse the ASN.1 output data, this is useful when combined with the -verifyrecover option when an ASN1 structure is signed.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause pkeyutl to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-engine_impl
+
+ +

When used with the -engine option, it specifies to also use engine id for crypto operations.

+ +
+
+ +

NOTES

+ +

The operations and options supported vary according to the key algorithm and its implementation. The OpenSSL operations and options are indicated below.

+ +

Unless otherwise mentioned all algorithms support the digest:alg option which specifies the digest in use for sign, verify and verifyrecover operations. The value alg should represent a digest name as used in the EVP_get_digestbyname() function for example sha1. This value is not used to hash the input data. It is used (by some algorithms) for sanity-checking the lengths of data passed in to the pkeyutl and for creating the structures that make up the signature (e.g. DigestInfo in RSASSA PKCS#1 v1.5 signatures).

+ +

This utility does not hash the input data but rather it will use the data directly as input to the signature algorithm. Depending on the key type, signature type, and mode of padding, the maximum acceptable lengths of input data differ. The signed data can't be longer than the key modulus with RSA. In case of ECDSA and DSA the data shouldn't be longer than the field size, otherwise it will be silently truncated to the field size. In any event the input size must not be larger than the largest supported digest size.

+ +

In other words, if the value of digest is sha1 the input should be the 20 bytes long binary encoding of the SHA-1 hash function output.

+ +

The Ed25519 and Ed448 signature algorithms are not supported by this utility. They accept non-hashed input, but this utility can only be used to sign hashed input.

+ +

RSA ALGORITHM

+ +

The RSA algorithm generally supports the encrypt, decrypt, sign, verify and verifyrecover operations. However, some padding modes support only a subset of these operations. The following additional pkeyopt values are supported:

+ +
+ +
rsa_padding_mode:mode
+
+ +

This sets the RSA padding mode. Acceptable values for mode are pkcs1 for PKCS#1 padding, sslv23 for SSLv23 padding, none for no padding, oaep for OAEP mode, x931 for X9.31 mode and pss for PSS.

+ +

In PKCS#1 padding if the message digest is not set then the supplied data is signed or verified directly instead of using a DigestInfo structure. If a digest is set then the a DigestInfo structure is used and its the length must correspond to the digest type.

+ +

For oaep mode only encryption and decryption is supported.

+ +

For x931 if the digest type is set it is used to format the block data otherwise the first byte is used to specify the X9.31 digest ID. Sign, verify and verifyrecover are can be performed in this mode.

+ +

For pss mode only sign and verify are supported and the digest type must be specified.

+ +
+
rsa_pss_saltlen:len
+
+ +

For pss mode only this option specifies the salt length. Three special values are supported: "digest" sets the salt length to the digest length, "max" sets the salt length to the maximum permissible value. When verifying "auto" causes the salt length to be automatically determined based on the PSS block structure.

+ +
+
rsa_mgf1_md:digest
+
+ +

For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not explicitly set in PSS mode then the signing digest is used.

+ +
+
+ +

RSA-PSS ALGORITHM

+ +

The RSA-PSS algorithm is a restricted version of the RSA algorithm which only supports the sign and verify operations with PSS padding. The following additional pkeyopt values are supported:

+ +
+ +
rsa_padding_mode:mode, rsa_pss_saltlen:len, rsa_mgf1_md:digest
+
+ +

These have the same meaning as the RSA algorithm with some additional restrictions. The padding mode can only be set to pss which is the default value.

+ +

If the key has parameter restrictions than the digest, MGF1 digest and salt length are set to the values specified in the parameters. The digest and MG cannot be changed and the salt length cannot be set to a value less than the minimum restriction.

+ +
+
+ +

DSA ALGORITHM

+ +

The DSA algorithm supports signing and verification operations only. Currently there are no additional -pkeyopt options other than digest. The SHA1 digest is assumed by default.

+ +

DH ALGORITHM

+ +

The DH algorithm only supports the derivation operation and no additional -pkeyopt options.

+ +

EC ALGORITHM

+ +

The EC algorithm supports sign, verify and derive operations. The sign and verify operations use ECDSA and derive uses ECDH. SHA1 is assumed by default for the -pkeyopt digest option.

+ +

X25519 and X448 ALGORITHMS

+ +

The X25519 and X448 algorithms support key derivation only. Currently there are no additional options.

+ +

EXAMPLES

+ +

Sign some data using a private key:

+ +
openssl pkeyutl -sign -in file -inkey key.pem -out sig
+ +

Recover the signed data (e.g. if an RSA key is used):

+ +
openssl pkeyutl -verifyrecover -in sig -inkey key.pem
+ +

Verify the signature (e.g. a DSA key):

+ +
openssl pkeyutl -verify -in file -sigfile sig -inkey key.pem
+ +

Sign data using a message digest value (this is currently only valid for RSA):

+ +
openssl pkeyutl -sign -in file -inkey key.pem -out sig -pkeyopt digest:sha256
+ +

Derive a shared secret value:

+ +
openssl pkeyutl -derive -inkey key.pem -peerkey pubkey.pem -out secret
+ +

Hexdump 48 bytes of TLS1 PRF using digest SHA256 and shared secret and seed consisting of the single byte 0xFF:

+ +
openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \
+   -pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump
+ +

SEE ALSO

+ +

genpkey(1), pkey(1), rsautl(1) dgst(1), rsa(1), genrsa(1), EVP_PKEY_CTX_set_hkdf_md(3), EVP_PKEY_CTX_set_tls1_prf_md(3)

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/prime.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/prime.html new file mode 100644 index 00000000..243eade4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/prime.html @@ -0,0 +1,89 @@ + + + + +prime + + + + + + + + + + +

NAME

+ +

openssl-prime, prime - compute prime numbers

+ +

SYNOPSIS

+ +

openssl prime [-help] [-hex] [-generate] [-bits] [-safe] [-checks] [number...]

+ +

DESCRIPTION

+ +

The prime command checks if the specified numbers are prime.

+ +

If no numbers are given on the command line, the -generate flag should be used to generate primes according to the requirements specified by the rest of the flags.

+ +

OPTIONS

+ +
+ +
[-help]
+
+ +

Display an option summary.

+ +
+
[-hex]
+
+ +

Generate hex output.

+ +
+
[-generate]
+
+ +

Generate a prime number.

+ +
+
[-bits num]
+
+ +

Generate a prime with num bits.

+ +
+
[-safe]
+
+ +

When used with -generate, generates a "safe" prime. If the number generated is n, then check that (n-1)/2 is also prime.

+ +
+
[-checks num]
+
+ +

Perform the checks num times to see that the generated number is prime. The default is 20.

+ +
+
+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/rand.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/rand.html new file mode 100644 index 00000000..ba233d99 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/rand.html @@ -0,0 +1,101 @@ + + + + +rand + + + + + + + + + + +

NAME

+ +

openssl-rand, rand - generate pseudo-random bytes

+ +

SYNOPSIS

+ +

openssl rand [-help] [-out file] [-rand file...] [-writerand file] [-base64] [-hex] num

+ +

DESCRIPTION

+ +

This command generates num random bytes using a cryptographically secure pseudo random number generator (CSPRNG).

+ +

The random bytes are generated using the RAND_bytes(3) function, which provides a security level of 256 bits, provided it managed to seed itself successfully from a trusted operating system entropy source. Otherwise, the command will fail with a nonzero error code. For more details, see RAND_bytes(3), RAND(7), and RAND_DRBG(7).

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-out file
+
+ +

Write to file instead of standard output.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others. Explicitly specifying a seed file is in general not necessary, see the "NOTES" section for more information.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-base64
+
+ +

Perform base64 encoding on the output.

+ +
+
-hex
+
+ +

Show the output as a hex string.

+ +
+
+ +

NOTES

+ +

Prior to OpenSSL 1.1.1, it was common for applications to store information about the state of the random-number generator in a file that was loaded at startup and rewritten upon exit. On modern operating systems, this is generally no longer necessary as OpenSSL will seed itself from a trusted entropy source provided by the operating system. The -rand and -writerand flags are still supported for special platforms or circumstances that might require them.

+ +

It is generally an error to use the same seed file more than once and every use of -rand should be paired with -writerand.

+ +

SEE ALSO

+ +

RAND_bytes(3), RAND(7), RAND_DRBG(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/rehash.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/rehash.html new file mode 100644 index 00000000..e14b3f7e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/rehash.html @@ -0,0 +1,132 @@ + + + + +rehash + + + + + + + + + + +

NAME

+ +

openssl-c_rehash, openssl-rehash, c_rehash, rehash - Create symbolic links to files named by the hash values

+ +

SYNOPSIS

+ +

openssl rehash [-h] [-help] [-old] [-n] [-v] [ directory...]

+ +

c_rehash flags...

+ +

DESCRIPTION

+ +

On some platforms, the OpenSSL rehash command is available as an external script called c_rehash. They are functionally equivalent, except for minor differences noted below.

+ +

rehash scans directories and calculates a hash value of each .pem, .crt, .cer, or .crl file in the specified directory list and creates symbolic links for each file, where the name of the link is the hash value. (If the platform does not support symbolic links, a copy is made.) This utility is useful as many programs that use OpenSSL require directories to be set up like this in order to find certificates.

+ +

If any directories are named on the command line, then those are processed in turn. If not, then the SSL_CERT_DIR environment variable is consulted; this should be a colon-separated list of directories, like the Unix PATH variable. If that is not set then the default directory (installation-specific but often /usr/local/ssl/certs) is processed.

+ +

In order for a directory to be processed, the user must have write permissions on that directory, otherwise an error will be generated.

+ +

The links created are of the form HHHHHHHH.D, where each H is a hexadecimal character and D is a single decimal digit. When processing a directory, rehash will first remove all links that have a name in that syntax, even if they are being used for some other purpose. To skip the removal step, use the -n flag. Hashes for CRL's look similar except the letter r appears after the period, like this: HHHHHHHH.rD.

+ +

Multiple objects may have the same hash; they will be indicated by incrementing the D value. Duplicates are found by comparing the full SHA-1 fingerprint. A warning will be displayed if a duplicate is found.

+ +

A warning will also be displayed if there are files that cannot be parsed as either a certificate or a CRL or if more than one such object appears in the file.

+ +

Script Configuration

+ +

The c_rehash script uses the openssl program to compute the hashes and fingerprints. If not found in the user's PATH, then set the OPENSSL environment variable to the full pathname. Any program can be used, it will be invoked as follows for either a certificate or CRL:

+ +
$OPENSSL x509 -hash -fingerprint -noout -in FILENAME
+$OPENSSL crl -hash -fingerprint -noout -in FILENAME
+ +

where FILENAME is the filename. It must output the hash of the file on the first line, and the fingerprint on the second, optionally prefixed with some text and an equals sign.

+ +

OPTIONS

+ +
+ +
-help -h
+
+ +

Display a brief usage message.

+ +
+
-old
+
+ +

Use old-style hashing (MD5, as opposed to SHA-1) for generating links to be used for releases before 1.0.0. Note that current versions will not use the old style.

+ +
+
-n
+
+ +

Do not remove existing links. This is needed when keeping new and old-style links in the same directory.

+ +
+
-compat
+
+ +

Generate links for both old-style (MD5) and new-style (SHA1) hashing. This allows releases before 1.0.0 to use these links along-side newer releases.

+ +
+
-v
+
+ +

Print messages about old links removed and new links created. By default, rehash only lists each directory as it is processed.

+ +
+
+ +

ENVIRONMENT

+ +
+ +
OPENSSL
+
+ +

The path to an executable to use to generate hashes and fingerprints (see above).

+ +
+
SSL_CERT_DIR
+
+ +

Colon separated list of directories to operate on. Ignored if directories are listed on the command line.

+ +
+
+ +

SEE ALSO

+ +

openssl(1), crl(1). x509(1).

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/req.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/req.html new file mode 100644 index 00000000..3494c087 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/req.html @@ -0,0 +1,612 @@ + + + + +req + + + + + + + + + + +

NAME

+ +

openssl-req, req - PKCS#10 certificate request and certificate generating utility

+ +

SYNOPSIS

+ +

openssl req [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-text] [-pubkey] [-noout] [-verify] [-modulus] [-new] [-rand file...] [-writerand file] [-newkey rsa:bits] [-newkey alg:file] [-nodes] [-key filename] [-keyform PEM|DER] [-keyout filename] [-keygen_engine id] [-digest] [-config filename] [-multivalue-rdn] [-x509] [-days n] [-set_serial n] [-newhdr] [-addext ext] [-extensions section] [-reqexts section] [-precert] [-utf8] [-nameopt] [-reqopt] [-subject] [-subj arg] [-sigopt nm:v] [-batch] [-verbose] [-engine id]

+ +

DESCRIPTION

+ +

The req command primarily creates and processes certificate requests in PKCS#10 format. It can additionally create self signed certificates for use as root CAs for example.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option uses an ASN1 DER encoded form compatible with the PKCS#10. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a request from or standard input if this option is not specified. A request is only read if the creation options (-new and -newkey) are not specified.

+ +
+
-sigopt nm:v
+
+ +

Pass options to the signature algorithm during sign or verify operations. Names and values of these options are algorithm-specific.

+ +
+
-passin arg
+
+ +

The input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-out filename
+
+ +

This specifies the output filename to write to or standard output by default.

+ +
+
-passout arg
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-text
+
+ +

Prints out the certificate request in text form.

+ +
+
-subject
+
+ +

Prints out the request subject (or certificate subject if -x509 is specified)

+ +
+
-pubkey
+
+ +

Outputs the public key.

+ +
+
-noout
+
+ +

This option prevents output of the encoded version of the request.

+ +
+
-modulus
+
+ +

This option prints out the value of the modulus of the public key contained in the request.

+ +
+
-verify
+
+ +

Verifies the signature on the request.

+ +
+
-new
+
+ +

This option generates a new certificate request. It will prompt the user for the relevant field values. The actual fields prompted for and their maximum and minimum sizes are specified in the configuration file and any requested extensions.

+ +

If the -key option is not used it will generate a new RSA private key using information specified in the configuration file.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-newkey arg
+
+ +

This option creates a new certificate request and a new private key. The argument takes one of several forms. rsa:nbits, where nbits is the number of bits, generates an RSA key nbits in size. If nbits is omitted, i.e. -newkey rsa specified, the default key size, specified in the configuration file is used.

+ +

All other algorithms support the -newkey alg:file form, where file may be an algorithm parameter file, created by the genpkey -genparam command or and X.509 certificate for a key with appropriate algorithm.

+ +

param:file generates a key using the parameter file or certificate file, the algorithm is determined by the parameters. algname:file use algorithm algname and parameter file file: the two algorithms must match or an error occurs. algname just uses algorithm algname, and parameters, if necessary should be specified via -pkeyopt parameter.

+ +

dsa:filename generates a DSA key using the parameters in the file filename. ec:filename generates EC key (usable both with ECDSA or ECDH algorithms), gost2001:filename generates GOST R 34.10-2001 key (requires ccgost engine configured in the configuration file). If just gost2001 is specified a parameter set should be specified by -pkeyopt paramset:X

+ +
+
-pkeyopt opt:value
+
+ +

Set the public key algorithm option opt to value. The precise set of options supported depends on the public key algorithm used and its implementation. See KEY GENERATION OPTIONS in the genpkey manual page for more details.

+ +
+
-key filename
+
+ +

This specifies the file to read the private key from. It also accepts PKCS#8 format private keys for PEM format files.

+ +
+
-keyform PEM|DER
+
+ +

The format of the private key file specified in the -key argument. PEM is the default.

+ +
+
-keyout filename
+
+ +

This gives the filename to write the newly created private key to. If this option is not specified then the filename present in the configuration file is used.

+ +
+
-nodes
+
+ +

If this option is specified then if a private key is created it will not be encrypted.

+ +
+
-digest
+
+ +

This specifies the message digest to sign the request. Any digest supported by the OpenSSL dgst command can be used. This overrides the digest algorithm specified in the configuration file.

+ +

Some public key algorithms may override this choice. For instance, DSA signatures always use SHA1, GOST R 34.10 signatures always use GOST R 34.11-94 (-md_gost94), Ed25519 and Ed448 never use any digest.

+ +
+
-config filename
+
+ +

This allows an alternative configuration file to be specified. Optional; for a description of the default value, see "COMMAND SUMMARY" in openssl(1).

+ +
+
-subj arg
+
+ +

Sets subject name for new request or supersedes the subject name when processing a request. The arg must be formatted as /type0=value0/type1=value1/type2=.... Keyword characters may be escaped by \ (backslash), and whitespace is retained. Empty values are permitted, but the corresponding type will not be included in the request.

+ +
+
-multivalue-rdn
+
+ +

This option causes the -subj argument to be interpreted with full support for multivalued RDNs. Example:

+ +

/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe

+ +

If -multi-rdn is not used then the UID value is 123456+CN=John Doe.

+ +
+
-x509
+
+ +

This option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA. The extensions added to the certificate (if any) are specified in the configuration file. Unless specified using the set_serial option, a large random number will be used for the serial number.

+ +

If existing request is specified with the -in option, it is converted to the self signed certificate otherwise new request is created.

+ +
+
-days n
+
+ +

When the -x509 option is being used this specifies the number of days to certify the certificate for, otherwise it is ignored. n should be a positive integer. The default is 30 days.

+ +
+
-set_serial n
+
+ +

Serial number to use when outputting a self signed certificate. This may be specified as a decimal value or a hex value if preceded by 0x.

+ +
+
-addext ext
+
+ +

Add a specific extension to the certificate (if the -x509 option is present) or certificate request. The argument must have the form of a key=value pair as it would appear in a config file.

+ +

This option can be given multiple times.

+ +
+
-extensions section
+
+ +
+
-reqexts section
+
+ +

These options specify alternative sections to include certificate extensions (if the -x509 option is present) or certificate request extensions. This allows several different sections to be used in the same configuration file to specify requests for a variety of purposes.

+ +
+
-precert
+
+ +

A poison extension will be added to the certificate, making it a "pre-certificate" (see RFC6962). This can be submitted to Certificate Transparency logs in order to obtain signed certificate timestamps (SCTs). These SCTs can then be embedded into the pre-certificate as an extension, before removing the poison and signing the certificate.

+ +

This implies the -new flag.

+ +
+
-utf8
+
+ +

This option causes field values to be interpreted as UTF8 strings, by default they are interpreted as ASCII. This means that the field values, whether prompted from a terminal or obtained from a configuration file, must be valid UTF8 strings.

+ +
+
-nameopt option
+
+ +

Option which determines how the subject or issuer names are displayed. The option argument can be a single option or multiple options separated by commas. Alternatively the -nameopt switch may be used more than once to set multiple options. See the x509(1) manual page for details.

+ +
+
-reqopt
+
+ +

Customise the output format used with -text. The option argument can be a single option or multiple options separated by commas.

+ +

See discussion of the -certopt parameter in the x509(1) command.

+ +
+
-newhdr
+
+ +

Adds the word NEW to the PEM file header and footer lines on the outputted request. Some software (Netscape certificate server) and some CAs need this.

+ +
+
-batch
+
+ +

Non-interactive mode.

+ +
+
-verbose
+
+ +

Print extra details about the operations being performed.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause req to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-keygen_engine id
+
+ +

Specifies an engine (by its unique id string) which would be used for key generation operations.

+ +
+
+ +

CONFIGURATION FILE FORMAT

+ +

The configuration options are specified in the req section of the configuration file. As with all configuration files if no value is specified in the specific section (i.e. req) then the initial unnamed or default section is searched too.

+ +

The options available are described in detail below.

+ +
+ +
input_password output_password
+
+ +

The passwords for the input private key file (if present) and the output private key file (if one will be created). The command line options passin and passout override the configuration file values.

+ +
+
default_bits
+
+ +

Specifies the default key size in bits.

+ +

This option is used in conjunction with the -new option to generate a new key. It can be overridden by specifying an explicit key size in the -newkey option. The smallest accepted key size is 512 bits. If no key size is specified then 2048 bits is used.

+ +
+
default_keyfile
+
+ +

This is the default filename to write a private key to. If not specified the key is written to standard output. This can be overridden by the -keyout option.

+ +
+
oid_file
+
+ +

This specifies a file containing additional OBJECT IDENTIFIERS. Each line of the file should consist of the numerical form of the object identifier followed by white space then the short name followed by white space and finally the long name.

+ +
+
oid_section
+
+ +

This specifies a section in the configuration file containing extra object identifiers. Each line should consist of the short name of the object identifier followed by = and the numerical form. The short and long names are the same when this option is used.

+ +
+
RANDFILE
+
+ +

At startup the specified file is loaded into the random number generator, and at exit 256 bytes will be written to it. It is used for private key generation.

+ +
+
encrypt_key
+
+ +

If this is set to no then if a private key is generated it is not encrypted. This is equivalent to the -nodes command line option. For compatibility encrypt_rsa_key is an equivalent option.

+ +
+
default_md
+
+ +

This option specifies the digest algorithm to use. Any digest supported by the OpenSSL dgst command can be used. This option can be overridden on the command line. Certain signing algorithms (i.e. Ed25519 and Ed448) will ignore any digest that has been set.

+ +
+
string_mask
+
+ +

This option masks out the use of certain string types in certain fields. Most users will not need to change this option.

+ +

It can be set to several values default which is also the default option uses PrintableStrings, T61Strings and BMPStrings if the pkix value is used then only PrintableStrings and BMPStrings will be used. This follows the PKIX recommendation in RFC2459. If the utf8only option is used then only UTF8Strings will be used: this is the PKIX recommendation in RFC2459 after 2003. Finally the nombstr option just uses PrintableStrings and T61Strings: certain software has problems with BMPStrings and UTF8Strings: in particular Netscape.

+ +
+
req_extensions
+
+ +

This specifies the configuration file section containing a list of extensions to add to the certificate request. It can be overridden by the -reqexts command line switch. See the x509v3_config(5) manual page for details of the extension section format.

+ +
+
x509_extensions
+
+ +

This specifies the configuration file section containing a list of extensions to add to certificate generated when the -x509 switch is used. It can be overridden by the -extensions command line switch.

+ +
+
prompt
+
+ +

If set to the value no this disables prompting of certificate fields and just takes values from the config file directly. It also changes the expected format of the distinguished_name and attributes sections.

+ +
+
utf8
+
+ +

If set to the value yes then field values to be interpreted as UTF8 strings, by default they are interpreted as ASCII. This means that the field values, whether prompted from a terminal or obtained from a configuration file, must be valid UTF8 strings.

+ +
+
attributes
+
+ +

This specifies the section containing any request attributes: its format is the same as distinguished_name. Typically these may contain the challengePassword or unstructuredName types. They are currently ignored by OpenSSL's request signing utilities but some CAs might want them.

+ +
+
distinguished_name
+
+ +

This specifies the section containing the distinguished name fields to prompt for when generating a certificate or certificate request. The format is described in the next section.

+ +
+
+ +

DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT

+ +

There are two separate formats for the distinguished name and attribute sections. If the prompt option is set to no then these sections just consist of field names and values: for example,

+ +
CN=My Name
+OU=My Organization
+emailAddress=someone@somewhere.org
+ +

This allows external programs (e.g. GUI based) to generate a template file with all the field names and values and just pass it to req. An example of this kind of configuration file is contained in the EXAMPLES section.

+ +

Alternatively if the prompt option is absent or not set to no then the file contains field prompting information. It consists of lines of the form:

+ +
fieldName="prompt"
+fieldName_default="default field value"
+fieldName_min= 2
+fieldName_max= 4
+ +

"fieldName" is the field name being used, for example commonName (or CN). The "prompt" string is used to ask the user to enter the relevant details. If the user enters nothing then the default value is used if no default value is present then the field is omitted. A field can still be omitted if a default value is present if the user just enters the '.' character.

+ +

The number of characters entered must be between the fieldName_min and fieldName_max limits: there may be additional restrictions based on the field being used (for example countryName can only ever be two characters long and must fit in a PrintableString).

+ +

Some fields (such as organizationName) can be used more than once in a DN. This presents a problem because configuration files will not recognize the same name occurring twice. To avoid this problem if the fieldName contains some characters followed by a full stop they will be ignored. So for example a second organizationName can be input by calling it "1.organizationName".

+ +

The actual permitted field names are any object identifier short or long names. These are compiled into OpenSSL and include the usual values such as commonName, countryName, localityName, organizationName, organizationalUnitName, stateOrProvinceName. Additionally emailAddress is included as well as name, surname, givenName, initials, and dnQualifier.

+ +

Additional object identifiers can be defined with the oid_file or oid_section options in the configuration file. Any additional fields will be treated as though they were a DirectoryString.

+ +

EXAMPLES

+ +

Examine and verify certificate request:

+ +
openssl req -in req.pem -text -verify -noout
+ +

Create a private key and then generate a certificate request from it:

+ +
openssl genrsa -out key.pem 2048
+openssl req -new -key key.pem -out req.pem
+ +

The same but just using req:

+ +
openssl req -newkey rsa:2048 -keyout key.pem -out req.pem
+ +

Generate a self signed root certificate:

+ +
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem
+ +

Example of a file pointed to by the oid_file option:

+ +
1.2.3.4        shortName       A longer Name
+1.2.3.6        otherName       Other longer Name
+ +

Example of a section pointed to by oid_section making use of variable expansion:

+ +
testoid1=1.2.3.5
+testoid2=${testoid1}.6
+ +

Sample configuration file prompting for field values:

+ +
[ req ]
+default_bits           = 2048
+default_keyfile        = privkey.pem
+distinguished_name     = req_distinguished_name
+attributes             = req_attributes
+req_extensions         = v3_ca
+
+dirstring_type = nobmp
+
+[ req_distinguished_name ]
+countryName                    = Country Name (2 letter code)
+countryName_default            = AU
+countryName_min                = 2
+countryName_max                = 2
+
+localityName                   = Locality Name (eg, city)
+
+organizationalUnitName         = Organizational Unit Name (eg, section)
+
+commonName                     = Common Name (eg, YOUR name)
+commonName_max                 = 64
+
+emailAddress                   = Email Address
+emailAddress_max               = 40
+
+[ req_attributes ]
+challengePassword              = A challenge password
+challengePassword_min          = 4
+challengePassword_max          = 20
+
+[ v3_ca ]
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical, CA:true
+ +

Sample configuration containing all field values:

+ +
RANDFILE               = $ENV::HOME/.rnd
+
+[ req ]
+default_bits           = 2048
+default_keyfile        = keyfile.pem
+distinguished_name     = req_distinguished_name
+attributes             = req_attributes
+prompt                 = no
+output_password        = mypass
+
+[ req_distinguished_name ]
+C                      = GB
+ST                     = Test State or Province
+L                      = Test Locality
+O                      = Organization Name
+OU                     = Organizational Unit Name
+CN                     = Common Name
+emailAddress           = test@email.address
+
+[ req_attributes ]
+challengePassword              = A challenge password
+ +

Example of giving the most common attributes (subject and extensions) on the command line:

+ +
openssl req -new -subj "/C=GB/CN=foo" \
+                 -addext "subjectAltName = DNS:foo.co.uk" \
+                 -addext "certificatePolicies = 1.2.3.4" \
+                 -newkey rsa:2048 -keyout key.pem -out req.pem
+ +

NOTES

+ +

The header and footer lines in the PEM format are normally:

+ +
-----BEGIN CERTIFICATE REQUEST-----
+-----END CERTIFICATE REQUEST-----
+ +

some software (some versions of Netscape certificate server) instead needs:

+ +
-----BEGIN NEW CERTIFICATE REQUEST-----
+-----END NEW CERTIFICATE REQUEST-----
+ +

which is produced with the -newhdr option but is otherwise compatible. Either form is accepted transparently on input.

+ +

The certificate requests generated by Xenroll with MSIE have extensions added. It includes the keyUsage extension which determines the type of key (signature only or general purpose) and any additional OIDs entered by the script in an extendedKeyUsage extension.

+ +

DIAGNOSTICS

+ +

The following messages are frequently asked about:

+ +
Using configuration from /some/path/openssl.cnf
+Unable to load config info
+ +

This is followed some time later by...

+ +
unable to find 'distinguished_name' in config
+problems making Certificate Request
+ +

The first error message is the clue: it can't find the configuration file! Certain operations (like examining a certificate request) don't need a configuration file so its use isn't enforced. Generation of certificates or requests however does need a configuration file. This could be regarded as a bug.

+ +

Another puzzling message is this:

+ +
Attributes:
+    a0:00
+ +

this is displayed when no attributes are present and the request includes the correct empty SET OF structure (the DER encoding of which is 0xa0 0x00). If you just see:

+ +
Attributes:
+ +

then the SET OF is missing and the encoding is technically invalid (but it is tolerated). See the description of the command line option -asn1-kludge for more information.

+ +

BUGS

+ +

OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour. This can cause problems if you need characters that aren't available in PrintableStrings and you don't want to or can't use BMPStrings.

+ +

As a consequence of the T61String handling the only correct way to represent accented characters in OpenSSL is to use a BMPString: unfortunately Netscape currently chokes on these. If you have to use accented characters with Netscape and MSIE then you currently need to use the invalid T61String form.

+ +

The current prompting is not very friendly. It doesn't allow you to confirm what you've just entered. Other things like extensions in certificate requests are statically defined in the configuration file. Some of these: like an email address in subjectAltName should be input by the user.

+ +

SEE ALSO

+ +

x509(1), ca(1), genrsa(1), gendsa(1), config(5), x509v3_config(5)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/rsa.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/rsa.html new file mode 100644 index 00000000..b5a0ba9f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/rsa.html @@ -0,0 +1,202 @@ + + + + +rsa + + + + + + + + + + +

NAME

+ +

openssl-rsa, rsa - RSA key processing tool

+ +

SYNOPSIS

+ +

openssl rsa [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-aes128] [-aes192] [-aes256] [-aria128] [-aria192] [-aria256] [-camellia128] [-camellia192] [-camellia256] [-des] [-des3] [-idea] [-text] [-noout] [-modulus] [-check] [-pubin] [-pubout] [-RSAPublicKey_in] [-RSAPublicKey_out] [-engine id]

+ +

DESCRIPTION

+ +

The rsa command processes RSA keys. They can be converted between various forms and their components printed out. Note this command uses the traditional SSLeay compatible format for private key encryption: newer applications should use the more secure PKCS#8 format using the pkcs8 utility.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option uses an ASN1 DER encoded form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines. On input PKCS#8 format private keys are also accepted.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for.

+ +
+
-passin arg
+
+ +

The input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-out filename
+
+ +

This specifies the output filename to write a key to or standard output if this option is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should not be the same as the input filename.

+ +
+
-passout password
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
+
+ +

These options encrypt the private key with the specified cipher before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the rsa utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by setting the encryption options it can be use to add or change the pass phrase. These options can only be used with PEM format output files.

+ +
+
-text
+
+ +

Prints out the various public or private key components in plain text in addition to the encoded version.

+ +
+
-noout
+
+ +

This option prevents output of the encoded version of the key.

+ +
+
-modulus
+
+ +

This option prints out the value of the modulus of the key.

+ +
+
-check
+
+ +

This option checks the consistency of an RSA private key.

+ +
+
-pubin
+
+ +

By default a private key is read from the input file: with this option a public key is read instead.

+ +
+
-pubout
+
+ +

By default a private key is output: with this option a public key will be output instead. This option is automatically set if the input is a public key.

+ +
+
-RSAPublicKey_in, -RSAPublicKey_out
+
+ +

Like -pubin and -pubout except RSAPublicKey format is used instead.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause rsa to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

NOTES

+ +

The PEM private key format uses the header and footer lines:

+ +
-----BEGIN RSA PRIVATE KEY-----
+-----END RSA PRIVATE KEY-----
+ +

The PEM public key format uses the header and footer lines:

+ +
-----BEGIN PUBLIC KEY-----
+-----END PUBLIC KEY-----
+ +

The PEM RSAPublicKey format uses the header and footer lines:

+ +
-----BEGIN RSA PUBLIC KEY-----
+-----END RSA PUBLIC KEY-----
+ +

EXAMPLES

+ +

To remove the pass phrase on an RSA private key:

+ +
openssl rsa -in key.pem -out keyout.pem
+ +

To encrypt a private key using triple DES:

+ +
openssl rsa -in key.pem -des3 -out keyout.pem
+ +

To convert a private key from PEM to DER format:

+ +
openssl rsa -in key.pem -outform DER -out keyout.der
+ +

To print out the components of a private key to standard output:

+ +
openssl rsa -in key.pem -text -noout
+ +

To just output the public part of a private key:

+ +
openssl rsa -in key.pem -pubout -out pubkey.pem
+ +

Output the public part of a private key in RSAPublicKey format:

+ +
openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem
+ +

BUGS

+ +

There should be an option that automatically handles .key files, without having to manually edit them.

+ +

SEE ALSO

+ +

pkcs8(1), dsa(1), genrsa(1), gendsa(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/rsautl.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/rsautl.html new file mode 100644 index 00000000..c922ee05 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/rsautl.html @@ -0,0 +1,236 @@ + + + + +rsautl + + + + + + + + + + +

NAME

+ +

openssl-rsautl, rsautl - RSA utility

+ +

SYNOPSIS

+ +

openssl rsautl [-help] [-in file] [-out file] [-inkey file] [-keyform PEM|DER|ENGINE] [-pubin] [-certin] [-sign] [-verify] [-encrypt] [-decrypt] [-rand file...] [-writerand file] [-pkcs] [-ssl] [-raw] [-hexdump] [-asn1parse]

+ +

DESCRIPTION

+ +

The rsautl command can be used to sign, verify, encrypt and decrypt data using the RSA algorithm.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-in filename
+
+ +

This specifies the input filename to read data from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

Specifies the output filename to write to or standard output by default.

+ +
+
-inkey file
+
+ +

The input key file, by default it should be an RSA private key.

+ +
+
-keyform PEM|DER|ENGINE
+
+ +

The key format PEM, DER or ENGINE.

+ +
+
-pubin
+
+ +

The input file is an RSA public key.

+ +
+
-certin
+
+ +

The input is a certificate containing an RSA public key.

+ +
+
-sign
+
+ +

Sign the input data and output the signed result. This requires an RSA private key.

+ +
+
-verify
+
+ +

Verify the input data and output the recovered data.

+ +
+
-encrypt
+
+ +

Encrypt the input data using an RSA public key.

+ +
+
-decrypt
+
+ +

Decrypt the input data using an RSA private key.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-pkcs, -oaep, -ssl, -raw
+
+ +

The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, special padding used in SSL v2 backwards compatible handshakes, or no padding, respectively. For signatures, only -pkcs and -raw can be used.

+ +
+
-hexdump
+
+ +

Hex dump the output data.

+ +
+
-asn1parse
+
+ +

Parse the ASN.1 output data, this is useful when combined with the -verify option.

+ +
+
+ +

NOTES

+ +

rsautl because it uses the RSA algorithm directly can only be used to sign or verify small pieces of data.

+ +

EXAMPLES

+ +

Sign some data using a private key:

+ +
openssl rsautl -sign -in file -inkey key.pem -out sig
+ +

Recover the signed data

+ +
openssl rsautl -verify -in sig -inkey key.pem
+ +

Examine the raw signed data:

+ +
openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
+
+0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64   .....hello world
+ +

The PKCS#1 block formatting is evident from this. If this was done using encrypt and decrypt the block would have been of type 2 (the second byte) and random padding data visible instead of the 0xff bytes.

+ +

It is possible to analyse the signature of certificates using this utility in conjunction with asn1parse. Consider the self signed example in certs/pca-cert.pem . Running asn1parse as follows yields:

+ +
openssl asn1parse -in pca-cert.pem
+
+   0:d=0  hl=4 l= 742 cons: SEQUENCE
+   4:d=1  hl=4 l= 591 cons:  SEQUENCE
+   8:d=2  hl=2 l=   3 cons:   cont [ 0 ]
+  10:d=3  hl=2 l=   1 prim:    INTEGER           :02
+  13:d=2  hl=2 l=   1 prim:   INTEGER           :00
+  16:d=2  hl=2 l=  13 cons:   SEQUENCE
+  18:d=3  hl=2 l=   9 prim:    OBJECT            :md5WithRSAEncryption
+  29:d=3  hl=2 l=   0 prim:    NULL
+  31:d=2  hl=2 l=  92 cons:   SEQUENCE
+  33:d=3  hl=2 l=  11 cons:    SET
+  35:d=4  hl=2 l=   9 cons:     SEQUENCE
+  37:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
+  42:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :AU
+ ....
+ 599:d=1  hl=2 l=  13 cons:  SEQUENCE
+ 601:d=2  hl=2 l=   9 prim:   OBJECT            :md5WithRSAEncryption
+ 612:d=2  hl=2 l=   0 prim:   NULL
+ 614:d=1  hl=3 l= 129 prim:  BIT STRING
+ +

The final BIT STRING contains the actual signature. It can be extracted with:

+ +
openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
+ +

The certificate public key can be extracted with:

+ +
openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
+ +

The signature can be analysed with:

+ +
openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
+
+   0:d=0  hl=2 l=  32 cons: SEQUENCE
+   2:d=1  hl=2 l=  12 cons:  SEQUENCE
+   4:d=2  hl=2 l=   8 prim:   OBJECT            :md5
+  14:d=2  hl=2 l=   0 prim:   NULL
+  16:d=1  hl=2 l=  16 prim:  OCTET STRING
+     0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5   .F...Js.7...H%..
+ +

This is the parsed version of an ASN1 DigestInfo structure. It can be seen that the digest used was md5. The actual part of the certificate that was signed can be extracted with:

+ +
openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
+ +

and its digest computed with:

+ +
openssl md5 -c tbs
+MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
+ +

which it can be seen agrees with the recovered value above.

+ +

SEE ALSO

+ +

dgst(1), rsa(1), genrsa(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/s_client.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/s_client.html new file mode 100644 index 00000000..11617c97 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/s_client.html @@ -0,0 +1,681 @@ + + + + +s_client + + + + + + + + + + +

NAME

+ +

openssl-s_client, s_client - SSL/TLS client program

+ +

SYNOPSIS

+ +

openssl s_client [-help] [-connect host:port] [-bind host:port] [-proxy host:port] [-unix path] [-4] [-6] [-servername name] [-noservername] [-verify depth] [-verify_return_error] [-cert filename] [-certform DER|PEM] [-key filename] [-keyform DER|PEM] [-cert_chain filename] [-build_chain] [-xkey] [-xcert] [-xchain] [-xchain_build] [-xcertform PEM|DER] [-xkeyform PEM|DER] [-pass arg] [-CApath directory] [-CAfile filename] [-chainCApath directory] [-chainCAfile filename] [-no-CAfile] [-no-CApath] [-requestCAfile filename] [-dane_tlsa_domain domain] [-dane_tlsa_rrdata rrdata] [-dane_ee_no_namechecks] [-attime timestamp] [-check_ss_sig] [-crl_check] [-crl_check_all] [-explicit_policy] [-extended_crl] [-ignore_critical] [-inhibit_any] [-inhibit_map] [-no_check_time] [-partial_chain] [-policy arg] [-policy_check] [-policy_print] [-purpose purpose] [-suiteB_128] [-suiteB_128_only] [-suiteB_192] [-trusted_first] [-no_alt_chains] [-use_deltas] [-auth_level num] [-nameopt option] [-verify_depth num] [-verify_email email] [-verify_hostname hostname] [-verify_ip ip] [-verify_name name] [-build_chain] [-x509_strict] [-reconnect] [-showcerts] [-debug] [-msg] [-nbio_test] [-state] [-nbio] [-crlf] [-ign_eof] [-no_ign_eof] [-psk_identity identity] [-psk key] [-psk_session file] [-quiet] [-ssl3] [-tls1] [-tls1_1] [-tls1_2] [-tls1_3] [-no_ssl3] [-no_tls1] [-no_tls1_1] [-no_tls1_2] [-no_tls1_3] [-dtls] [-dtls1] [-dtls1_2] [-sctp] [-sctp_label_bug] [-fallback_scsv] [-async] [-max_send_frag] [-split_send_frag] [-max_pipelines] [-read_buf] [-bugs] [-comp] [-no_comp] [-allow_no_dhe_kex] [-sigalgs sigalglist] [-curves curvelist] [-cipher cipherlist] [-ciphersuites val] [-serverpref] [-starttls protocol] [-xmpphost hostname] [-name hostname] [-engine id] [-tlsextdebug] [-no_ticket] [-sess_out filename] [-sess_in filename] [-rand file...] [-writerand file] [-serverinfo types] [-status] [-alpn protocols] [-nextprotoneg protocols] [-ct] [-noct] [-ctlogfile] [-keylogfile file] [-early_data file] [-enable_pha] [target]

+ +

DESCRIPTION

+ +

The s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS. It is a very useful diagnostic tool for SSL servers.

+ +

OPTIONS

+ +

In addition to the options below the s_client utility also supports the common and client only options documented in the "Supported Command Line Commands" section of the SSL_CONF_cmd(3) manual page.

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-connect host:port
+
+ +

This specifies the host and optional port to connect to. It is possible to select the host and port using the optional target positional argument instead. If neither this nor the target positional argument are specified then an attempt is made to connect to the local host on port 4433.

+ +
+
-bind host:port]
+
+ +

This specifies the host address and or port to bind as the source for the connection. For Unix-domain sockets the port is ignored and the host is used as the source socket address.

+ +
+
-proxy host:port
+
+ +

When used with the -connect flag, the program uses the host and port specified with this flag and issues an HTTP CONNECT command to connect to the desired server.

+ +
+
-unix path
+
+ +

Connect over the specified Unix-domain socket.

+ +
+
-4
+
+ +

Use IPv4 only.

+ +
+
-6
+
+ +

Use IPv6 only.

+ +
+
-servername name
+
+ +

Set the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value. If -servername is not provided, the TLS SNI extension will be populated with the name given to -connect if it follows a DNS name format. If -connect is not provided either, the SNI is set to "localhost". This is the default since OpenSSL 1.1.1.

+ +

Even though SNI should normally be a DNS name and not an IP address, if -servername is provided then that name will be sent, regardless of whether it is a DNS name or not.

+ +

This option cannot be used in conjunction with -noservername.

+ +
+
-noservername
+
+ +

Suppresses sending of the SNI (Server Name Indication) extension in the ClientHello message. Cannot be used in conjunction with the -servername or <-dane_tlsa_domain> options.

+ +
+
-cert certname
+
+ +

The certificate to use, if one is requested by the server. The default is not to use a certificate.

+ +
+
-certform format
+
+ +

The certificate format to use: DER or PEM. PEM is the default.

+ +
+
-key keyfile
+
+ +

The private key to use. If not specified then the certificate file will be used.

+ +
+
-keyform format
+
+ +

The private format to use: DER or PEM. PEM is the default.

+ +
+
-cert_chain
+
+ +

A file containing trusted certificates to use when attempting to build the client/server certificate chain related to the certificate specified via the -cert option.

+ +
+
-build_chain
+
+ +

Specify whether the application should build the certificate chain to be provided to the server.

+ +
+
-xkey infile, -xcert infile, -xchain
+
+ +

Specify an extra certificate, private key and certificate chain. These behave in the same manner as the -cert, -key and -cert_chain options. When specified, the callback returning the first valid chain will be in use by the client.

+ +
+
-xchain_build
+
+ +

Specify whether the application should build the certificate chain to be provided to the server for the extra certificates provided via -xkey infile, -xcert infile, -xchain options.

+ +
+
-xcertform PEM|DER, -xkeyform PEM|DER
+
+ +

Extra certificate and private key format respectively.

+ +
+
-pass arg
+
+ +

the private key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-verify depth
+
+ +

The verify depth to use. This specifies the maximum length of the server certificate chain and turns on server certificate verification. Currently the verify operation continues after errors so all the problems with a certificate chain can be seen. As a side effect the connection will never fail due to a server certificate verify failure.

+ +
+
-verify_return_error
+
+ +

Return verification errors instead of continuing. This will typically abort the handshake with a fatal error.

+ +
+
-nameopt option
+
+ +

Option which determines how the subject or issuer names are displayed. The option argument can be a single option or multiple options separated by commas. Alternatively the -nameopt switch may be used more than once to set multiple options. See the x509(1) manual page for details.

+ +
+
-CApath directory
+
+ +

The directory to use for server certificate verification. This directory must be in "hash format", see verify(1) for more information. These are also used when building the client certificate chain.

+ +
+
-CAfile file
+
+ +

A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain.

+ +
+
-chainCApath directory
+
+ +

The directory to use for building the chain provided to the server. This directory must be in "hash format", see verify(1) for more information.

+ +
+
-chainCAfile file
+
+ +

A file containing trusted certificates to use when attempting to build the client certificate chain.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location

+ +
+
-requestCAfile file
+
+ +

A file containing a list of certificates whose subject names will be sent to the server in the certificate_authorities extension. Only supported for TLS 1.3

+ +
+
-dane_tlsa_domain domain
+
+ +

Enable RFC6698/RFC7671 DANE TLSA authentication and specify the TLSA base domain which becomes the default SNI hint and the primary reference identifier for hostname checks. This must be used in combination with at least one instance of the -dane_tlsa_rrdata option below.

+ +

When DANE authentication succeeds, the diagnostic output will include the lowest (closest to 0) depth at which a TLSA record authenticated a chain certificate. When that TLSA record is a "2 1 0" trust anchor public key that signed (rather than matched) the top-most certificate of the chain, the result is reported as "TA public key verified". Otherwise, either the TLSA record "matched TA certificate" at a positive depth or else "matched EE certificate" at depth 0.

+ +
+
-dane_tlsa_rrdata rrdata
+
+ +

Use one or more times to specify the RRDATA fields of the DANE TLSA RRset associated with the target service. The rrdata value is specified in "presentation form", that is four whitespace separated fields that specify the usage, selector, matching type and associated data, with the last of these encoded in hexadecimal. Optional whitespace is ignored in the associated data field. For example:

+ +
$ openssl s_client -brief -starttls smtp \
+  -connect smtp.example.com:25 \
+  -dane_tlsa_domain smtp.example.com \
+  -dane_tlsa_rrdata "2 1 1
+    B111DD8A1C2091A89BD4FD60C57F0716CCE50FEEFF8137CDBEE0326E 02CF362B" \
+  -dane_tlsa_rrdata "2 1 1
+    60B87575447DCBA2A36B7D11AC09FB24A9DB406FEE12D2CC90180517 616E8A18"
+...
+Verification: OK
+Verified peername: smtp.example.com
+DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1
+...
+ +
+
-dane_ee_no_namechecks
+
+ +

This disables server name checks when authenticating via DANE-EE(3) TLSA records. For some applications, primarily web browsers, it is not safe to disable name checks due to "unknown key share" attacks, in which a malicious server can convince a client that a connection to a victim server is instead a secure connection to the malicious server. The malicious server may then be able to violate cross-origin scripting restrictions. Thus, despite the text of RFC7671, name checks are by default enabled for DANE-EE(3) TLSA records, and can be disabled in applications where it is safe to do so. In particular, SMTP and XMPP clients should set this option as SRV and MX records already make it possible for a remote domain to redirect client connections to any server of its choice, and in any case SMTP and XMPP clients do not execute scripts downloaded from remote servers.

+ +
+
-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict
+
+ +

Set various certificate chain validation options. See the verify(1) manual page for details.

+ +
+
-reconnect
+
+ +

Reconnects to the same server 5 times using the same session ID, this can be used as a test that session caching is working.

+ +
+
-showcerts
+
+ +

Displays the server certificate list as sent by the server: it only consists of certificates the server has sent (in the order the server has sent them). It is not a verified chain.

+ +
+
-prexit
+
+ +

Print session information when the program exits. This will always attempt to print out information even if the connection fails. Normally information will only be printed out once if the connection succeeds. This option is useful because the cipher in use may be renegotiated or the connection may fail because a client certificate is required or is requested only after an attempt is made to access a certain URL. Note: the output produced by this option is not always accurate because a connection might never have been established.

+ +
+
-state
+
+ +

Prints out the SSL session states.

+ +
+
-debug
+
+ +

Print extensive debugging information including a hex dump of all traffic.

+ +
+
-msg
+
+ +

Show all protocol messages with hex dump.

+ +
+
-trace
+
+ +

Show verbose trace output of protocol messages. OpenSSL needs to be compiled with enable-ssl-trace for this option to work.

+ +
+
-msgfile
+
+ +

File to send output of -msg or -trace to, default standard output.

+ +
+
-nbio_test
+
+ +

Tests non-blocking I/O

+ +
+
-nbio
+
+ +

Turns on non-blocking I/O

+ +
+
-crlf
+
+ +

This option translated a line feed from the terminal into CR+LF as required by some servers.

+ +
+
-ign_eof
+
+ +

Inhibit shutting down the connection when end of file is reached in the input.

+ +
+
-quiet
+
+ +

Inhibit printing of session and certificate information. This implicitly turns on -ign_eof as well.

+ +
+
-no_ign_eof
+
+ +

Shut down the connection when end of file is reached in the input. Can be used to override the implicit -ign_eof after -quiet.

+ +
+
-psk_identity identity
+
+ +

Use the PSK identity identity when using a PSK cipher suite. The default value is "Client_identity" (without the quotes).

+ +
+
-psk key
+
+ +

Use the PSK key key when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. This option must be provided in order to use a PSK cipher.

+ +
+
-psk_session file
+
+ +

Use the pem encoded SSL_SESSION data stored in file as the basis of a PSK. Note that this will only work if TLSv1.3 is negotiated.

+ +
+
-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3
+
+ +

These options require or disable the use of the specified SSL or TLS protocols. By default s_client will negotiate the highest mutually supported protocol version. When a specific TLS version is required, only that version will be offered to and accepted from the server. Note that not all protocols and flags may be available, depending on how OpenSSL was built.

+ +
+
-dtls, -dtls1, -dtls1_2
+
+ +

These options make s_client use DTLS protocols instead of TLS. With -dtls, s_client will negotiate any supported DTLS protocol version, whilst -dtls1 and -dtls1_2 will only support DTLS1.0 and DTLS1.2 respectively.

+ +
+
-sctp
+
+ +

Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in conjunction with -dtls, -dtls1 or -dtls1_2. This option is only available where OpenSSL has support for SCTP enabled.

+ +
+
-sctp_label_bug
+
+ +

Use the incorrect behaviour of older OpenSSL implementations when computing endpoint-pair shared secrets for DTLS/SCTP. This allows communication with older broken implementations but breaks interoperability with correct implementations. Must be used in conjunction with -sctp. This option is only available where OpenSSL has support for SCTP enabled.

+ +
+
-fallback_scsv
+
+ +

Send TLS_FALLBACK_SCSV in the ClientHello.

+ +
+
-async
+
+ +

Switch on asynchronous mode. Cryptographic operations will be performed asynchronously. This will only have an effect if an asynchronous capable engine is also used via the -engine option. For test purposes the dummy async engine (dasync) can be used (if available).

+ +
+
-max_send_frag int
+
+ +

The maximum size of data fragment to send. See SSL_CTX_set_max_send_fragment(3) for further information.

+ +
+
-split_send_frag int
+
+ +

The size used to split data for encrypt pipelines. If more data is written in one go than this value then it will be split into multiple pipelines, up to the maximum number of pipelines defined by max_pipelines. This only has an effect if a suitable cipher suite has been negotiated, an engine that supports pipelining has been loaded, and max_pipelines is greater than 1. See SSL_CTX_set_split_send_fragment(3) for further information.

+ +
+
-max_pipelines int
+
+ +

The maximum number of encrypt/decrypt pipelines to be used. This will only have an effect if an engine has been loaded that supports pipelining (e.g. the dasync engine) and a suitable cipher suite has been negotiated. The default value is 1. See SSL_CTX_set_max_pipelines(3) for further information.

+ +
+
-read_buf int
+
+ +

The default read buffer size to be used for connections. This will only have an effect if the buffer size is larger than the size that would otherwise be used and pipelining is in use (see SSL_CTX_set_default_read_buffer_len(3) for further information).

+ +
+
-bugs
+
+ +

There are several known bugs in SSL and TLS implementations. Adding this option enables various workarounds.

+ +
+
-comp
+
+ +

Enables support for SSL/TLS compression. This option was introduced in OpenSSL 1.1.0. TLS compression is not recommended and is off by default as of OpenSSL 1.1.0.

+ +
+
-no_comp
+
+ +

Disables support for SSL/TLS compression. TLS compression is not recommended and is off by default as of OpenSSL 1.1.0.

+ +
+
-brief
+
+ +

Only provide a brief summary of connection parameters instead of the normal verbose output.

+ +
+
-sigalgs sigalglist
+
+ +

Specifies the list of signature algorithms that are sent by the client. The server selects one entry in the list based on its preferences. For example strings, see SSL_CTX_set1_sigalgs(3)

+ +
+
-curves curvelist
+
+ +

Specifies the list of supported curves to be sent by the client. The curve is ultimately selected by the server. For a list of all curves, use:

+ +
$ openssl ecparam -list_curves
+ +
+
-cipher cipherlist
+
+ +

This allows the TLSv1.2 and below cipher list sent by the client to be modified. This list will be combined with any TLSv1.3 ciphersuites that have been configured. Although the server determines which ciphersuite is used it should take the first supported cipher in the list sent by the client. See the ciphers command for more information.

+ +
+
-ciphersuites val
+
+ +

This allows the TLSv1.3 ciphersuites sent by the client to be modified. This list will be combined with any TLSv1.2 and below ciphersuites that have been configured. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See the ciphers command for more information. The format for this list is a simple colon (":") separated list of TLSv1.3 ciphersuite names.

+ +
+
-starttls protocol
+
+ +

Send the protocol-specific message(s) to switch to TLS for communication. protocol is a keyword for the intended protocol. Currently, the only supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server", "irc", "postgres", "mysql", "lmtp", "nntp", "sieve" and "ldap".

+ +
+
-xmpphost hostname
+
+ +

This option, when used with "-starttls xmpp" or "-starttls xmpp-server", specifies the host for the "to" attribute of the stream element. If this option is not specified, then the host specified with "-connect" will be used.

+ +

This option is an alias of the -name option for "xmpp" and "xmpp-server".

+ +
+
-name hostname
+
+ +

This option is used to specify hostname information for various protocols used with -starttls option. Currently only "xmpp", "xmpp-server", "smtp" and "lmtp" can utilize this -name option.

+ +

If this option is used with "-starttls xmpp" or "-starttls xmpp-server", if specifies the host for the "to" attribute of the stream element. If this option is not specified, then the host specified with "-connect" will be used.

+ +

If this option is used with "-starttls lmtp" or "-starttls smtp", it specifies the name to use in the "LMTP LHLO" or "SMTP EHLO" message, respectively. If this option is not specified, then "mail.example.com" will be used.

+ +
+
-tlsextdebug
+
+ +

Print out a hex dump of any TLS extensions received from the server.

+ +
+
-no_ticket
+
+ +

Disable RFC4507bis session ticket support.

+ +
+
-sess_out filename
+
+ +

Output SSL session to filename.

+ +
+
-sess_in sess.pem
+
+ +

Load SSL session from filename. The client will attempt to resume a connection from this session.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause s_client to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-serverinfo types
+
+ +

A list of comma-separated TLS Extension Types (numbers between 0 and 65535). Each type will be sent as an empty ClientHello TLS Extension. The server's response (if any) will be encoded and displayed as a PEM file.

+ +
+
-status
+
+ +

Sends a certificate status request to the server (OCSP stapling). The server response (if any) is printed out.

+ +
+
-alpn protocols, -nextprotoneg protocols
+
+ +

These flags enable the Enable the Application-Layer Protocol Negotiation or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the IETF standard and replaces NPN. The protocols list is a comma-separated list of protocol names that the client should advertise support for. The list should contain the most desirable protocols first. Protocol names are printable ASCII strings, for example "http/1.1" or "spdy/3". An empty list of protocols is treated specially and will cause the client to advertise support for the TLS extension but disconnect just after receiving ServerHello with a list of server supported protocols. The flag -nextprotoneg cannot be specified if -tls1_3 is used.

+ +
+
-ct, -noct
+
+ +

Use one of these two options to control whether Certificate Transparency (CT) is enabled (-ct) or disabled (-noct). If CT is enabled, signed certificate timestamps (SCTs) will be requested from the server and reported at handshake completion.

+ +

Enabling CT also enables OCSP stapling, as this is one possible delivery method for SCTs.

+ +
+
-ctlogfile
+
+ +

A file containing a list of known Certificate Transparency logs. See SSL_CTX_set_ctlog_list_file(3) for the expected file format.

+ +
+
-keylogfile file
+
+ +

Appends TLS secrets to the specified keylog file such that external programs (like Wireshark) can decrypt TLS connections.

+ +
+
-early_data file
+
+ +

Reads the contents of the specified file and attempts to send it as early data to the server. This will only work with resumed sessions that support early data and when the server accepts the early data.

+ +
+
-enable_pha
+
+ +

For TLSv1.3 only, send the Post-Handshake Authentication extension. This will happen whether or not a certificate has been provided via -cert.

+ +
+
[target]
+
+ +

Rather than providing -connect, the target hostname and optional port may be provided as a single positional argument after all options. If neither this nor -connect are provided, falls back to attempting to connect to localhost on port 4433.

+ +
+
+ +

CONNECTED COMMANDS

+ +

If a connection is established with an SSL server then any data received from the server is displayed and any key presses will be sent to the server. If end of file is reached then the connection will be closed down. When used interactively (which means neither -quiet nor -ign_eof have been given), then certain commands are also recognized which perform special operations. These commands are a letter which must appear at the start of a line. They are listed below.

+ +
+ +
Q
+
+ +

End the current SSL connection and exit.

+ +
+
R
+
+ +

Renegotiate the SSL session (TLSv1.2 and below only).

+ +
+
B
+
+ +

Send a heartbeat message to the server (DTLS only)

+ +
+
k
+
+ +

Send a key update message to the server (TLSv1.3 only)

+ +
+
K
+
+ +

Send a key update message to the server and request one back (TLSv1.3 only)

+ +
+
+ +

NOTES

+ +

s_client can be used to debug SSL servers. To connect to an SSL HTTP server the command:

+ +
openssl s_client -connect servername:443
+ +

would typically be used (https uses port 443). If the connection succeeds then an HTTP command can be given such as "GET /" to retrieve a web page.

+ +

If the handshake fails then there are several possible causes, if it is nothing obvious like no client certificate then the -bugs, -ssl3, -tls1, -no_ssl3, -no_tls1 options can be tried in case it is a buggy server. In particular you should play with these options before submitting a bug report to an OpenSSL mailing list.

+ +

A frequent problem when attempting to get client certificates working is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using s_client the CA list can be viewed and checked. However some servers only request client authentication after a specific URL is requested. To obtain the list in this case it is necessary to use the -prexit option and send an HTTP request for an appropriate page.

+ +

If a certificate is specified on the command line using the -cert option it will not be used unless the server specifically requests a client certificate. Therefor merely including a client certificate on the command line is no guarantee that the certificate works.

+ +

If there are problems verifying a server certificate then the -showcerts option can be used to show all the certificates sent by the server.

+ +

The s_client utility is a test tool and is designed to continue the handshake after any certificate verification errors. As a result it will accept any certificate chain (trusted or not) sent by the peer. None test applications should not do this as it makes them vulnerable to a MITM attack. This behaviour can be changed by with the -verify_return_error option: any verify errors are then returned aborting the handshake.

+ +

The -bind option may be useful if the server or a firewall requires connections to come from some particular address and or port.

+ +

BUGS

+ +

Because this program has a lot of options and also because some of the techniques used are rather old, the C source of s_client is rather hard to read and not a model of how things should be done. A typical SSL client program would be much simpler.

+ +

The -prexit option is a bit of a hack. We should really report information whenever a session is renegotiated.

+ +

SEE ALSO

+ +

SSL_CONF_cmd(3), sess_id(1), s_server(1), ciphers(1), SSL_CTX_set_max_send_fragment(3), SSL_CTX_set_split_send_fragment(3), SSL_CTX_set_max_pipelines(3)

+ +

HISTORY

+ +

The -no_alt_chains option was added in OpenSSL 1.1.0. The -name option was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/s_server.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/s_server.html new file mode 100644 index 00000000..8dfa0356 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/s_server.html @@ -0,0 +1,714 @@ + + + + +s_server + + + + + + + + + + +

NAME

+ +

openssl-s_server, s_server - SSL/TLS server program

+ +

SYNOPSIS

+ +

openssl s_server [-help] [-port +int] [-accept val] [-unix val] [-4] [-6] [-unlink] [-context val] [-verify int] [-Verify int] [-cert infile] [-nameopt val] [-naccept +int] [-serverinfo val] [-certform PEM|DER] [-key infile] [-keyform format] [-pass val] [-dcert infile] [-dcertform PEM|DER] [-dkey infile] [-dkeyform PEM|DER] [-dpass val] [-nbio_test] [-crlf] [-debug] [-msg] [-msgfile outfile] [-state] [-CAfile infile] [-CApath dir] [-no-CAfile] [-no-CApath] [-nocert] [-quiet] [-no_resume_ephemeral] [-www] [-WWW] [-servername] [-servername_fatal] [-cert2 infile] [-key2 infile] [-tlsextdebug] [-HTTP] [-id_prefix val] [-rand file...] [-writerand file] [-keymatexport val] [-keymatexportlen +int] [-CRL infile] [-crl_download] [-cert_chain infile] [-dcert_chain infile] [-chainCApath dir] [-verifyCApath dir] [-no_cache] [-ext_cache] [-CRLform PEM|DER] [-verify_return_error] [-verify_quiet] [-build_chain] [-chainCAfile infile] [-verifyCAfile infile] [-ign_eof] [-no_ign_eof] [-status] [-status_verbose] [-status_timeout int] [-status_url val] [-status_file infile] [-trace] [-security_debug] [-security_debug_verbose] [-brief] [-rev] [-async] [-ssl_config val] [-max_send_frag +int] [-split_send_frag +int] [-max_pipelines +int] [-read_buf +int] [-no_ssl3] [-no_tls1] [-no_tls1_1] [-no_tls1_2] [-no_tls1_3] [-bugs] [-no_comp] [-comp] [-no_ticket] [-num_tickets] [-serverpref] [-legacy_renegotiation] [-no_renegotiation] [-legacy_server_connect] [-no_resumption_on_reneg] [-no_legacy_server_connect] [-allow_no_dhe_kex] [-prioritize_chacha] [-strict] [-sigalgs val] [-client_sigalgs val] [-groups val] [-curves val] [-named_curve val] [-cipher val] [-ciphersuites val] [-dhparam infile] [-record_padding val] [-debug_broken_protocol] [-policy val] [-purpose val] [-verify_name val] [-verify_depth int] [-auth_level int] [-attime intmax] [-verify_hostname val] [-verify_email val] [-verify_ip] [-ignore_critical] [-issuer_checks] [-crl_check] [-crl_check_all] [-policy_check] [-explicit_policy] [-inhibit_any] [-inhibit_map] [-x509_strict] [-extended_crl] [-use_deltas] [-policy_print] [-check_ss_sig] [-trusted_first] [-suiteB_128_only] [-suiteB_128] [-suiteB_192] [-partial_chain] [-no_alt_chains] [-no_check_time] [-allow_proxy_certs] [-xkey] [-xcert] [-xchain] [-xchain_build] [-xcertform PEM|DER] [-xkeyform PEM|DER] [-nbio] [-psk_identity val] [-psk_hint val] [-psk val] [-psk_session file] [-srpvfile infile] [-srpuserseed val] [-ssl3] [-tls1] [-tls1_1] [-tls1_2] [-tls1_3] [-dtls] [-timeout] [-mtu +int] [-listen] [-dtls1] [-dtls1_2] [-sctp] [-sctp_label_bug] [-no_dhe] [-nextprotoneg val] [-use_srtp val] [-alpn val] [-engine val] [-keylogfile outfile] [-max_early_data int] [-early_data] [-anti_replay] [-no_anti_replay]

+ +

DESCRIPTION

+ +

The s_server command implements a generic SSL/TLS server which listens for connections on a given port using SSL/TLS.

+ +

OPTIONS

+ +

In addition to the options below the s_server utility also supports the common and server only options documented in the "Supported Command Line Commands" section of the SSL_CONF_cmd(3) manual page.

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-port +int
+
+ +

The TCP port to listen on for connections. If not specified 4433 is used.

+ +
+
-accept val
+
+ +

The optional TCP host and port to listen on for connections. If not specified, *:4433 is used.

+ +
+
-unix val
+
+ +

Unix domain socket to accept on.

+ +
+
-4
+
+ +

Use IPv4 only.

+ +
+
-6
+
+ +

Use IPv6 only.

+ +
+ +
+ +

For -unix, unlink any existing socket first.

+ +
+
-context val
+
+ +

Sets the SSL context id. It can be given any string value. If this option is not present a default value will be used.

+ +
+
-verify int, -Verify int
+
+ +

The verify depth to use. This specifies the maximum length of the client certificate chain and makes the server request a certificate from the client. With the -verify option a certificate is requested but the client does not have to send one, with the -Verify option the client must supply a certificate or an error occurs.

+ +

If the cipher suite cannot request a client certificate (for example an anonymous cipher suite or PSK) this option has no effect.

+ +
+
-cert infile
+
+ +

The certificate to use, most servers cipher suites require the use of a certificate and some require a certificate with a certain public key type: for example the DSS cipher suites require a certificate containing a DSS (DSA) key. If not specified then the filename "server.pem" will be used.

+ +
+
-cert_chain
+
+ +

A file containing trusted certificates to use when attempting to build the client/server certificate chain related to the certificate specified via the -cert option.

+ +
+
-build_chain
+
+ +

Specify whether the application should build the certificate chain to be provided to the client.

+ +
+
-nameopt val
+
+ +

Option which determines how the subject or issuer names are displayed. The val argument can be a single option or multiple options separated by commas. Alternatively the -nameopt switch may be used more than once to set multiple options. See the x509(1) manual page for details.

+ +
+
-naccept +int
+
+ +

The server will exit after receiving the specified number of connections, default unlimited.

+ +
+
-serverinfo val
+
+ +

A file containing one or more blocks of PEM data. Each PEM block must encode a TLS ServerHello extension (2 bytes type, 2 bytes length, followed by "length" bytes of extension data). If the client sends an empty TLS ClientHello extension matching the type, the corresponding ServerHello extension will be returned.

+ +
+
-certform PEM|DER
+
+ +

The certificate format to use: DER or PEM. PEM is the default.

+ +
+
-key infile
+
+ +

The private key to use. If not specified then the certificate file will be used.

+ +
+
-keyform format
+
+ +

The private format to use: DER or PEM. PEM is the default.

+ +
+
-pass val
+
+ +

The private key password source. For more information about the format of val see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-dcert infile, -dkey infile
+
+ +

Specify an additional certificate and private key, these behave in the same manner as the -cert and -key options except there is no default if they are not specified (no additional certificate and key is used). As noted above some cipher suites require a certificate containing a key of a certain type. Some cipher suites need a certificate carrying an RSA key and some a DSS (DSA) key. By using RSA and DSS certificates and keys a server can support clients which only support RSA or DSS cipher suites by using an appropriate certificate.

+ +
+
-dcert_chain
+
+ +

A file containing trusted certificates to use when attempting to build the server certificate chain when a certificate specified via the -dcert option is in use.

+ +
+
-dcertform PEM|DER, -dkeyform PEM|DER, -dpass val
+
+ +

Additional certificate and private key format and passphrase respectively.

+ +
+
-xkey infile, -xcert infile, -xchain
+
+ +

Specify an extra certificate, private key and certificate chain. These behave in the same manner as the -cert, -key and -cert_chain options. When specified, the callback returning the first valid chain will be in use by the server.

+ +
+
-xchain_build
+
+ +

Specify whether the application should build the certificate chain to be provided to the client for the extra certificates provided via -xkey infile, -xcert infile, -xchain options.

+ +
+
-xcertform PEM|DER, -xkeyform PEM|DER
+
+ +

Extra certificate and private key format respectively.

+ +
+
-nbio_test
+
+ +

Tests non blocking I/O.

+ +
+
-crlf
+
+ +

This option translated a line feed from the terminal into CR+LF.

+ +
+
-debug
+
+ +

Print extensive debugging information including a hex dump of all traffic.

+ +
+
-msg
+
+ +

Show all protocol messages with hex dump.

+ +
+
-msgfile outfile
+
+ +

File to send output of -msg or -trace to, default standard output.

+ +
+
-state
+
+ +

Prints the SSL session states.

+ +
+
-CAfile infile
+
+ +

A file containing trusted certificates to use during client authentication and to use when attempting to build the server certificate chain. The list is also used in the list of acceptable client CAs passed to the client when a certificate is requested.

+ +
+
-CApath dir
+
+ +

The directory to use for client certificate verification. This directory must be in "hash format", see verify(1) for more information. These are also used when building the server certificate chain.

+ +
+
-chainCApath dir
+
+ +

The directory to use for building the chain provided to the client. This directory must be in "hash format", see verify(1) for more information.

+ +
+
-chainCAfile file
+
+ +

A file containing trusted certificates to use when attempting to build the server certificate chain.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location.

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location.

+ +
+
-nocert
+
+ +

If this option is set then no certificate is used. This restricts the cipher suites available to the anonymous ones (currently just anonymous DH).

+ +
+
-quiet
+
+ +

Inhibit printing of session and certificate information.

+ +
+
-www
+
+ +

Sends a status message back to the client when it connects. This includes information about the ciphers used and various session parameters. The output is in HTML format so this option will normally be used with a web browser. Cannot be used in conjunction with -early_data.

+ +
+
-WWW
+
+ +

Emulates a simple web server. Pages will be resolved relative to the current directory, for example if the URL https://myhost/page.html is requested the file ./page.html will be loaded. Cannot be used in conjunction with -early_data.

+ +
+
-tlsextdebug
+
+ +

Print a hex dump of any TLS extensions received from the server.

+ +
+
-HTTP
+
+ +

Emulates a simple web server. Pages will be resolved relative to the current directory, for example if the URL https://myhost/page.html is requested the file ./page.html will be loaded. The files loaded are assumed to contain a complete and correct HTTP response (lines that are part of the HTTP response line and headers must end with CRLF). Cannot be used in conjunction with -early_data.

+ +
+
-id_prefix val
+
+ +

Generate SSL/TLS session IDs prefixed by val. This is mostly useful for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple servers, when each of which might be generating a unique range of session IDs (eg. with a certain prefix).

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-verify_return_error
+
+ +

Verification errors normally just print a message but allow the connection to continue, for debugging purposes. If this option is used, then verification errors close the connection.

+ +
+
-status
+
+ +

Enables certificate status request support (aka OCSP stapling).

+ +
+
-status_verbose
+
+ +

Enables certificate status request support (aka OCSP stapling) and gives a verbose printout of the OCSP response.

+ +
+
-status_timeout int
+
+ +

Sets the timeout for OCSP response to int seconds.

+ +
+
-status_url val
+
+ +

Sets a fallback responder URL to use if no responder URL is present in the server certificate. Without this option an error is returned if the server certificate does not contain a responder address.

+ +
+
-status_file infile
+
+ +

Overrides any OCSP responder URLs from the certificate and always provides the OCSP Response stored in the file. The file must be in DER format.

+ +
+
-trace
+
+ +

Show verbose trace output of protocol messages. OpenSSL needs to be compiled with enable-ssl-trace for this option to work.

+ +
+
-brief
+
+ +

Provide a brief summary of connection parameters instead of the normal verbose output.

+ +
+
-rev
+
+ +

Simple test server which just reverses the text received from the client and sends it back to the server. Also sets -brief. Cannot be used in conjunction with -early_data.

+ +
+
-async
+
+ +

Switch on asynchronous mode. Cryptographic operations will be performed asynchronously. This will only have an effect if an asynchronous capable engine is also used via the -engine option. For test purposes the dummy async engine (dasync) can be used (if available).

+ +
+
-max_send_frag +int
+
+ +

The maximum size of data fragment to send. See SSL_CTX_set_max_send_fragment(3) for further information.

+ +
+
-split_send_frag +int
+
+ +

The size used to split data for encrypt pipelines. If more data is written in one go than this value then it will be split into multiple pipelines, up to the maximum number of pipelines defined by max_pipelines. This only has an effect if a suitable cipher suite has been negotiated, an engine that supports pipelining has been loaded, and max_pipelines is greater than 1. See SSL_CTX_set_split_send_fragment(3) for further information.

+ +
+
-max_pipelines +int
+
+ +

The maximum number of encrypt/decrypt pipelines to be used. This will only have an effect if an engine has been loaded that supports pipelining (e.g. the dasync engine) and a suitable cipher suite has been negotiated. The default value is 1. See SSL_CTX_set_max_pipelines(3) for further information.

+ +
+
-read_buf +int
+
+ +

The default read buffer size to be used for connections. This will only have an effect if the buffer size is larger than the size that would otherwise be used and pipelining is in use (see SSL_CTX_set_default_read_buffer_len(3) for further information).

+ +
+
-ssl2, -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl2, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3
+
+ +

These options require or disable the use of the specified SSL or TLS protocols. By default s_server will negotiate the highest mutually supported protocol version. When a specific TLS version is required, only that version will be accepted from the client. Note that not all protocols and flags may be available, depending on how OpenSSL was built.

+ +
+
-bugs
+
+ +

There are several known bugs in SSL and TLS implementations. Adding this option enables various workarounds.

+ +
+
-no_comp
+
+ +

Disable negotiation of TLS compression. TLS compression is not recommended and is off by default as of OpenSSL 1.1.0.

+ +
+
-comp
+
+ +

Enable negotiation of TLS compression. This option was introduced in OpenSSL 1.1.0. TLS compression is not recommended and is off by default as of OpenSSL 1.1.0.

+ +
+
-no_ticket
+
+ +

Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3 is negotiated. See -num_tickets.

+ +
+
-num_tickets
+
+ +

Control the number of tickets that will be sent to the client after a full handshake in TLSv1.3. The default number of tickets is 2. This option does not affect the number of tickets sent after a resumption handshake.

+ +
+
-serverpref
+
+ +

Use the server's cipher preferences, rather than the client's preferences.

+ +
+
-prioritize_chacha
+
+ +

Prioritize ChaCha ciphers when preferred by clients. Requires -serverpref.

+ +
+
-no_resumption_on_reneg
+
+ +

Set the SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION option.

+ +
+
-client_sigalgs val
+
+ +

Signature algorithms to support for client certificate authentication (colon-separated list).

+ +
+
-named_curve val
+
+ +

Specifies the elliptic curve to use. NOTE: this is single curve, not a list. For a list of all possible curves, use:

+ +
$ openssl ecparam -list_curves
+ +
+
-cipher val
+
+ +

This allows the list of TLSv1.2 and below ciphersuites used by the server to be modified. This list is combined with any TLSv1.3 ciphersuites that have been configured. When the client sends a list of supported ciphers the first client cipher also included in the server list is used. Because the client specifies the preference order, the order of the server cipherlist is irrelevant. See the ciphers command for more information.

+ +
+
-ciphersuites val
+
+ +

This allows the list of TLSv1.3 ciphersuites used by the server to be modified. This list is combined with any TLSv1.2 and below ciphersuites that have been configured. When the client sends a list of supported ciphers the first client cipher also included in the server list is used. Because the client specifies the preference order, the order of the server cipherlist is irrelevant. See the ciphers command for more information. The format for this list is a simple colon (":") separated list of TLSv1.3 ciphersuite names.

+ +
+
-dhparam infile
+
+ +

The DH parameter file to use. The ephemeral DH cipher suites generate keys using a set of DH parameters. If not specified then an attempt is made to load the parameters from the server certificate file. If this fails then a static set of parameters hard coded into the s_server program will be used.

+ +
+
-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict
+
+ +

Set different peer certificate verification options. See the verify(1) manual page for details.

+ +
+
-crl_check, -crl_check_all
+
+ +

Check the peer certificate has not been revoked by its CA. The CRL(s) are appended to the certificate file. With the -crl_check_all option all CRLs of all CAs in the chain are checked.

+ +
+
-nbio
+
+ +

Turns on non blocking I/O.

+ +
+
-psk_identity val
+
+ +

Expect the client to send PSK identity val when using a PSK cipher suite, and warn if they do not. By default, the expected PSK identity is the string "Client_identity".

+ +
+
-psk_hint val
+
+ +

Use the PSK identity hint val when using a PSK cipher suite.

+ +
+
-psk val
+
+ +

Use the PSK key val when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. This option must be provided in order to use a PSK cipher.

+ +
+
-psk_session file
+
+ +

Use the pem encoded SSL_SESSION data stored in file as the basis of a PSK. Note that this will only work if TLSv1.3 is negotiated.

+ +
+
-listen
+
+ +

This option can only be used in conjunction with one of the DTLS options above. With this option s_server will listen on a UDP port for incoming connections. Any ClientHellos that arrive will be checked to see if they have a cookie in them or not. Any without a cookie will be responded to with a HelloVerifyRequest. If a ClientHello with a cookie is received then s_server will connect to that peer and complete the handshake.

+ +
+
-dtls, -dtls1, -dtls1_2
+
+ +

These options make s_server use DTLS protocols instead of TLS. With -dtls, s_server will negotiate any supported DTLS protocol version, whilst -dtls1 and -dtls1_2 will only support DTLSv1.0 and DTLSv1.2 respectively.

+ +
+
-sctp
+
+ +

Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in conjunction with -dtls, -dtls1 or -dtls1_2. This option is only available where OpenSSL has support for SCTP enabled.

+ +
+
-sctp_label_bug
+
+ +

Use the incorrect behaviour of older OpenSSL implementations when computing endpoint-pair shared secrets for DTLS/SCTP. This allows communication with older broken implementations but breaks interoperability with correct implementations. Must be used in conjunction with -sctp. This option is only available where OpenSSL has support for SCTP enabled.

+ +
+
-no_dhe
+
+ +

If this option is set then no DH parameters will be loaded effectively disabling the ephemeral DH cipher suites.

+ +
+
-alpn val, -nextprotoneg val
+
+ +

These flags enable the Enable the Application-Layer Protocol Negotiation or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the IETF standard and replaces NPN. The val list is a comma-separated list of supported protocol names. The list should contain the most desirable protocols first. Protocol names are printable ASCII strings, for example "http/1.1" or "spdy/3". The flag -nextprotoneg cannot be specified if -tls1_3 is used.

+ +
+
-engine val
+
+ +

Specifying an engine (by its unique id string in val) will cause s_server to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-keylogfile outfile
+
+ +

Appends TLS secrets to the specified keylog file such that external programs (like Wireshark) can decrypt TLS connections.

+ +
+
-max_early_data int
+
+ +

Change the default maximum early data bytes that are specified for new sessions and any incoming early data (when used in conjunction with the -early_data flag). The default value is approximately 16k. The argument must be an integer greater than or equal to 0.

+ +
+
-early_data
+
+ +

Accept early data where possible. Cannot be used in conjunction with -www, -WWW, -HTTP or -rev.

+ +
+
-anti_replay, -no_anti_replay
+
+ +

Switches replay protection on or off, respectively. Replay protection is on by default unless overridden by a configuration file. When it is on, OpenSSL will automatically detect if a session ticket has been used more than once, TLSv1.3 has been negotiated, and early data is enabled on the server. A full handshake is forced if a session ticket is used a second or subsequent time. Any early data that was sent will be rejected.

+ +
+
+ +

CONNECTED COMMANDS

+ +

If a connection request is established with an SSL client and neither the -www nor the -WWW option has been used then normally any data received from the client is displayed and any key presses will be sent to the client.

+ +

Certain commands are also recognized which perform special operations. These commands are a letter which must appear at the start of a line. They are listed below.

+ +
+ +
q
+
+ +

End the current SSL connection but still accept new connections.

+ +
+
Q
+
+ +

End the current SSL connection and exit.

+ +
+
r
+
+ +

Renegotiate the SSL session (TLSv1.2 and below only).

+ +
+
R
+
+ +

Renegotiate the SSL session and request a client certificate (TLSv1.2 and below only).

+ +
+
P
+
+ +

Send some plain text down the underlying TCP connection: this should cause the client to disconnect due to a protocol violation.

+ +
+
S
+
+ +

Print out some session cache status information.

+ +
+
B
+
+ +

Send a heartbeat message to the client (DTLS only)

+ +
+
k
+
+ +

Send a key update message to the client (TLSv1.3 only)

+ +
+
K
+
+ +

Send a key update message to the client and request one back (TLSv1.3 only)

+ +
+
c
+
+ +

Send a certificate request to the client (TLSv1.3 only)

+ +
+
+ +

NOTES

+ +

s_server can be used to debug SSL clients. To accept connections from a web browser the command:

+ +
openssl s_server -accept 443 -www
+ +

can be used for example.

+ +

Although specifying an empty list of CAs when requesting a client certificate is strictly speaking a protocol violation, some SSL clients interpret this to mean any CA is acceptable. This is useful for debugging purposes.

+ +

The session parameters can printed out using the sess_id program.

+ +

BUGS

+ +

Because this program has a lot of options and also because some of the techniques used are rather old, the C source of s_server is rather hard to read and not a model of how things should be done. A typical SSL server program would be much simpler.

+ +

The output of common ciphers is wrong: it just gives the list of ciphers that OpenSSL recognizes and the client supports.

+ +

There should be a way for the s_server program to print out details of any unknown cipher suites a client says it supports.

+ +

SEE ALSO

+ +

SSL_CONF_cmd(3), sess_id(1), s_client(1), ciphers(1) SSL_CTX_set_max_send_fragment(3), SSL_CTX_set_split_send_fragment(3), SSL_CTX_set_max_pipelines(3)

+ +

HISTORY

+ +

The -no_alt_chains option was added in OpenSSL 1.1.0.

+ +

The -allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/s_time.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/s_time.html new file mode 100644 index 00000000..81cd2961 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/s_time.html @@ -0,0 +1,190 @@ + + + + +s_time + + + + + + + + + + +

NAME

+ +

openssl-s_time, s_time - SSL/TLS performance timing program

+ +

SYNOPSIS

+ +

openssl s_time [-help] [-connect host:port] [-www page] [-cert filename] [-key filename] [-CApath directory] [-CAfile filename] [-no-CAfile] [-no-CApath] [-reuse] [-new] [-verify depth] [-nameopt option] [-time seconds] [-ssl3] [-bugs] [-cipher cipherlist] [-ciphersuites val]

+ +

DESCRIPTION

+ +

The s_time command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS. It can request a page from the server and includes the time to transfer the payload data in its timing measurements. It measures the number of connections within a given timeframe, the amount of data transferred (if any), and calculates the average time spent for one connection.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-connect host:port
+
+ +

This specifies the host and optional port to connect to.

+ +
+
-www page
+
+ +

This specifies the page to GET from the server. A value of '/' gets the index.htm[l] page. If this parameter is not specified, then s_time will only perform the handshake to establish SSL connections but not transfer any payload data.

+ +
+
-cert certname
+
+ +

The certificate to use, if one is requested by the server. The default is not to use a certificate. The file is in PEM format.

+ +
+
-key keyfile
+
+ +

The private key to use. If not specified then the certificate file will be used. The file is in PEM format.

+ +
+
-verify depth
+
+ +

The verify depth to use. This specifies the maximum length of the server certificate chain and turns on server certificate verification. Currently the verify operation continues after errors so all the problems with a certificate chain can be seen. As a side effect the connection will never fail due to a server certificate verify failure.

+ +
+
-nameopt option
+
+ +

Option which determines how the subject or issuer names are displayed. The option argument can be a single option or multiple options separated by commas. Alternatively the -nameopt switch may be used more than once to set multiple options. See the x509(1) manual page for details.

+ +
+
-CApath directory
+
+ +

The directory to use for server certificate verification. This directory must be in "hash format", see verify for more information. These are also used when building the client certificate chain.

+ +
+
-CAfile file
+
+ +

A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location

+ +
+
-new
+
+ +

Performs the timing test using a new session ID for each connection. If neither -new nor -reuse are specified, they are both on by default and executed in sequence.

+ +
+
-reuse
+
+ +

Performs the timing test using the same session ID; this can be used as a test that session caching is working. If neither -new nor -reuse are specified, they are both on by default and executed in sequence.

+ +
+
-ssl3
+
+ +

This option disables the use of SSL version 3. By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3 or TLS as appropriate.

+ +

The timing program is not as rich in options to turn protocols on and off as the s_client(1) program and may not connect to all servers. Unfortunately there are a lot of ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only work if TLS is turned off with the -ssl3 option.

+ +

Note that this option may not be available, depending on how OpenSSL was built.

+ +
+
-bugs
+
+ +

There are several known bugs in SSL and TLS implementations. Adding this option enables various workarounds.

+ +
+
-cipher cipherlist
+
+ +

This allows the TLSv1.2 and below cipher list sent by the client to be modified. This list will be combined with any TLSv1.3 ciphersuites that have been configured. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See ciphers(1) for more information.

+ +
+
-ciphersuites val
+
+ +

This allows the TLSv1.3 ciphersuites sent by the client to be modified. This list will be combined with any TLSv1.2 and below ciphersuites that have been configured. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See ciphers(1) for more information. The format for this list is a simple colon (":") separated list of TLSv1.3 ciphersuite names.

+ +
+
-time length
+
+ +

Specifies how long (in seconds) s_time should establish connections and optionally transfer payload data from a server. Server and client performance and the link speed determine how many connections s_time can establish.

+ +
+
+ +

NOTES

+ +

s_time can be used to measure the performance of an SSL connection. To connect to an SSL HTTP server and get the default page the command

+ +
openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3]
+ +

would typically be used (https uses port 443). 'commoncipher' is a cipher to which both client and server can agree, see the ciphers(1) command for details.

+ +

If the handshake fails then there are several possible causes, if it is nothing obvious like no client certificate then the -bugs and -ssl3 options can be tried in case it is a buggy server. In particular you should play with these options before submitting a bug report to an OpenSSL mailing list.

+ +

A frequent problem when attempting to get client certificates working is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using s_client(1) the CA list can be viewed and checked. However some servers only request client authentication after a specific URL is requested. To obtain the list in this case it is necessary to use the -prexit option of s_client(1) and send an HTTP request for an appropriate page.

+ +

If a certificate is specified on the command line using the -cert option it will not be used unless the server specifically requests a client certificate. Therefor merely including a client certificate on the command line is no guarantee that the certificate works.

+ +

BUGS

+ +

Because this program does not have all the options of the s_client(1) program to turn protocols on and off, you may not be able to measure the performance of all protocols with all servers.

+ +

The -verify option should really exit if the server verification fails.

+ +

SEE ALSO

+ +

s_client(1), s_server(1), ciphers(1)

+ +

COPYRIGHT

+ +

Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/sess_id.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/sess_id.html new file mode 100644 index 00000000..c2ae674e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/sess_id.html @@ -0,0 +1,195 @@ + + + + +sess_id + + + + + + + + + + +

NAME

+ +

openssl-sess_id, sess_id - SSL/TLS session handling utility

+ +

SYNOPSIS

+ +

openssl sess_id [-help] [-inform PEM|DER] [-outform PEM|DER|NSS] [-in filename] [-out filename] [-text] [-noout] [-context ID]

+ +

DESCRIPTION

+ +

The sess_id process the encoded version of the SSL session structure and optionally prints out SSL session details (for example the SSL session master key) in human readable format. Since this is a diagnostic tool that needs some knowledge of the SSL protocol to use properly, most users will not need to use it.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option uses an ASN1 DER encoded format containing session details. The precise format can vary from one version to the next. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines.

+ +
+
-outform DER|PEM|NSS
+
+ +

This specifies the output format. The PEM and DER options have the same meaning and default as the -inform option. The NSS option outputs the session id and the master key in NSS keylog format.

+ +
+
-in filename
+
+ +

This specifies the input filename to read session information from or standard input by default.

+ +
+
-out filename
+
+ +

This specifies the output filename to write session information to or standard output if this option is not specified.

+ +
+
-text
+
+ +

Prints out the various public or private key components in plain text in addition to the encoded version.

+ +
+
-cert
+
+ +

If a certificate is present in the session it will be output using this option, if the -text option is also present then it will be printed out in text form.

+ +
+
-noout
+
+ +

This option prevents output of the encoded version of the session.

+ +
+
-context ID
+
+ +

This option can set the session id so the output session information uses the supplied ID. The ID can be any string of characters. This option won't normally be used.

+ +
+
+ +

OUTPUT

+ +

Typical output:

+ +
SSL-Session:
+    Protocol  : TLSv1
+    Cipher    : 0016
+    Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
+    Session-ID-ctx: 01000000
+    Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
+    Key-Arg   : None
+    Start Time: 948459261
+    Timeout   : 300 (sec)
+    Verify return code 0 (ok)
+ +

These are described below in more detail.

+ +
+ +
Protocol
+
+ +

This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3.

+ +
+
Cipher
+
+ +

The cipher used this is the actual raw SSL or TLS cipher code, see the SSL or TLS specifications for more information.

+ +
+
Session-ID
+
+ +

The SSL session ID in hex format.

+ +
+
Session-ID-ctx
+
+ +

The session ID context in hex format.

+ +
+
Master-Key
+
+ +

This is the SSL session master key.

+ +
+
Start Time
+
+ +

This is the session start time represented as an integer in standard Unix format.

+ +
+
Timeout
+
+ +

The timeout in seconds.

+ +
+
Verify return code
+
+ +

This is the return code when an SSL client certificate is verified.

+ +
+
+ +

NOTES

+ +

The PEM encoded session format uses the header and footer lines:

+ +
-----BEGIN SSL SESSION PARAMETERS-----
+-----END SSL SESSION PARAMETERS-----
+ +

Since the SSL session output contains the master key it is possible to read the contents of an encrypted session using this information. Therefore appropriate security precautions should be taken if the information is being output by a "real" application. This is however strongly discouraged and should only be used for debugging purposes.

+ +

BUGS

+ +

The cipher and start time should be printed out in human readable form.

+ +

SEE ALSO

+ +

ciphers(1), s_server(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/smime.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/smime.html new file mode 100644 index 00000000..5e78ea5f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/smime.html @@ -0,0 +1,454 @@ + + + + +smime + + + + + + + + + + +

NAME

+ +

openssl-smime, smime - S/MIME utility

+ +

SYNOPSIS

+ +

openssl smime [-help] [-encrypt] [-decrypt] [-sign] [-resign] [-verify] [-pk7out] [-binary] [-crlfeol] [-cipher] [-in file] [-CAfile file] [-CApath dir] [-no-CAfile] [-no-CApath] [-attime timestamp] [-check_ss_sig] [-crl_check] [-crl_check_all] [-explicit_policy] [-extended_crl] [-ignore_critical] [-inhibit_any] [-inhibit_map] [-partial_chain] [-policy arg] [-policy_check] [-policy_print] [-purpose purpose] [-suiteB_128] [-suiteB_128_only] [-suiteB_192] [-trusted_first] [-no_alt_chains] [-use_deltas] [-auth_level num] [-verify_depth num] [-verify_email email] [-verify_hostname hostname] [-verify_ip ip] [-verify_name name] [-x509_strict] [-certfile file] [-signer file] [-recip file] [-inform SMIME|PEM|DER] [-passin arg] [-inkey file_or_id] [-out file] [-outform SMIME|PEM|DER] [-content file] [-to addr] [-from ad] [-subject s] [-text] [-indef] [-noindef] [-stream] [-rand file...] [-writerand file] [-md digest] [cert.pem]...

+ +

DESCRIPTION

+ +

The smime command handles S/MIME mail. It can encrypt, decrypt, sign and verify S/MIME messages.

+ +

OPTIONS

+ +

There are six operation options that set the type of operation to be performed. The meaning of the other options varies according to the operation type.

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-encrypt
+
+ +

Encrypt mail for the given recipient certificates. Input file is the message to be encrypted. The output file is the encrypted mail in MIME format.

+ +

Note that no revocation check is done for the recipient cert, so if that key has been compromised, others may be able to decrypt the text.

+ +
+
-decrypt
+
+ +

Decrypt mail using the supplied certificate and private key. Expects an encrypted mail message in MIME format for the input file. The decrypted mail is written to the output file.

+ +
+
-sign
+
+ +

Sign mail using the supplied certificate and private key. Input file is the message to be signed. The signed message in MIME format is written to the output file.

+ +
+
-verify
+
+ +

Verify signed mail. Expects a signed mail message on input and outputs the signed data. Both clear text and opaque signing is supported.

+ +
+
-pk7out
+
+ +

Takes an input message and writes out a PEM encoded PKCS#7 structure.

+ +
+
-resign
+
+ +

Resign a message: take an existing message and one or more new signers.

+ +
+
-in filename
+
+ +

The input message to be encrypted or signed or the MIME message to be decrypted or verified.

+ +
+
-inform SMIME|PEM|DER
+
+ +

This specifies the input format for the PKCS#7 structure. The default is SMIME which reads an S/MIME format message. PEM and DER format change this to expect PEM and DER format PKCS#7 structures instead. This currently only affects the input format of the PKCS#7 structure, if no PKCS#7 structure is being input (for example with -encrypt or -sign) this option has no effect.

+ +
+
-out filename
+
+ +

The message text that has been decrypted or verified or the output MIME format message that has been signed or verified.

+ +
+
-outform SMIME|PEM|DER
+
+ +

This specifies the output format for the PKCS#7 structure. The default is SMIME which write an S/MIME format message. PEM and DER format change this to write PEM and DER format PKCS#7 structures instead. This currently only affects the output format of the PKCS#7 structure, if no PKCS#7 structure is being output (for example with -verify or -decrypt) this option has no effect.

+ +
+
-stream -indef -noindef
+
+ +

The -stream and -indef options are equivalent and enable streaming I/O for encoding operations. This permits single pass processing of data without the need to hold the entire contents in memory, potentially supporting very large files. Streaming is automatically set for S/MIME signing with detached data if the output format is SMIME it is currently off by default for all other operations.

+ +
+
-noindef
+
+ +

Disable streaming I/O where it would produce and indefinite length constructed encoding. This option currently has no effect. In future streaming will be enabled by default on all relevant operations and this option will disable it.

+ +
+
-content filename
+
+ +

This specifies a file containing the detached content, this is only useful with the -verify command. This is only usable if the PKCS#7 structure is using the detached signature form where the content is not included. This option will override any content if the input format is S/MIME and it uses the multipart/signed MIME content type.

+ +
+
-text
+
+ +

This option adds plain text (text/plain) MIME headers to the supplied message if encrypting or signing. If decrypting or verifying it strips off text headers: if the decrypted or verified message is not of MIME type text/plain then an error occurs.

+ +
+
-CAfile file
+
+ +

A file containing trusted CA certificates, only used with -verify.

+ +
+
-CApath dir
+
+ +

A directory containing trusted CA certificates, only used with -verify. This directory must be a standard certificate directory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location.

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location.

+ +
+
-md digest
+
+ +

Digest algorithm to use when signing or resigning. If not present then the default digest algorithm for the signing key will be used (usually SHA1).

+ +
+
-cipher
+
+ +

The encryption algorithm to use. For example DES (56 bits) - -des, triple DES (168 bits) - -des3, EVP_get_cipherbyname() function) can also be used preceded by a dash, for example -aes-128-cbc. See enc for list of ciphers supported by your version of OpenSSL.

+ +

If not specified triple DES is used. Only used with -encrypt.

+ +
+
-nointern
+
+ +

When verifying a message normally certificates (if any) included in the message are searched for the signing certificate. With this option only the certificates specified in the -certfile option are used. The supplied certificates can still be used as untrusted CAs however.

+ +
+
-noverify
+
+ +

Do not verify the signers certificate of a signed message.

+ +
+
-nochain
+
+ +

Do not do chain verification of signers certificates: that is don't use the certificates in the signed message as untrusted CAs.

+ +
+
-nosigs
+
+ +

Don't try to verify the signatures on the message.

+ +
+
-nocerts
+
+ +

When signing a message the signer's certificate is normally included with this option it is excluded. This will reduce the size of the signed message but the verifier must have a copy of the signers certificate available locally (passed using the -certfile option for example).

+ +
+
-noattr
+
+ +

Normally when a message is signed a set of attributes are included which include the signing time and supported symmetric algorithms. With this option they are not included.

+ +
+
-binary
+
+ +

Normally the input message is converted to "canonical" format which is effectively using CR and LF as end of line: as required by the S/MIME specification. When this option is present no translation occurs. This is useful when handling binary data which may not be in MIME format.

+ +
+
-crlfeol
+
+ +

Normally the output file uses a single LF as end of line. When this option is present CRLF is used instead.

+ +
+
-nodetach
+
+ +

When signing a message use opaque signing: this form is more resistant to translation by mail relays but it cannot be read by mail agents that do not support S/MIME. Without this option cleartext signing with the MIME type multipart/signed is used.

+ +
+
-certfile file
+
+ +

Allows additional certificates to be specified. When signing these will be included with the message. When verifying these will be searched for the signers certificates. The certificates should be in PEM format.

+ +
+
-signer file
+
+ +

A signing certificate when signing or resigning a message, this option can be used multiple times if more than one signer is required. If a message is being verified then the signers certificates will be written to this file if the verification was successful.

+ +
+
-recip file
+
+ +

The recipients certificate when decrypting a message. This certificate must match one of the recipients of the message or an error occurs.

+ +
+
-inkey file_or_id
+
+ +

The private key to use when signing or decrypting. This must match the corresponding certificate. If this option is not specified then the private key must be included in the certificate file specified with the -recip or -signer file. When signing this option can be used multiple times to specify successive keys. If no engine is used, the argument is taken as a file; if an engine is specified, the argument is given to the engine as a key identifier.

+ +
+
-passin arg
+
+ +

The private key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
cert.pem...
+
+ +

One or more certificates of message recipients: used when encrypting a message.

+ +
+
-to, -from, -subject
+
+ +

The relevant mail headers. These are included outside the signed portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address.

+ +
+
-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict
+
+ +

Set various options of certificate chain verification. See verify(1) manual page for details.

+ +
+
+ +

NOTES

+ +

The MIME message must be sent without any blank lines between the headers and the output. Some mail programs will automatically add a blank line. Piping the mail directly to sendmail is one way to achieve the correct format.

+ +

The supplied message to be signed or encrypted must include the necessary MIME headers or many S/MIME clients won't display it properly (if at all). You can use the -text option to automatically add plain text headers.

+ +

A "signed and encrypted" message is one where a signed message is then encrypted. This can be produced by encrypting an already signed message: see the examples section.

+ +

This version of the program only allows one signer per message but it will verify multiple signers on received messages. Some S/MIME clients choke if a message contains multiple signers. It is possible to sign messages "in parallel" by signing an already signed message.

+ +

The options -encrypt and -decrypt reflect common usage in S/MIME clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 encrypted data is used for other purposes.

+ +

The -resign option uses an existing message digest when adding a new signer. This means that attributes must be present in at least one existing signer using the same message digest or this operation will fail.

+ +

The -stream and -indef options enable streaming I/O support. As a result the encoding is BER using indefinite length constructed encoding and no longer DER. Streaming is supported for the -encrypt operation and the -sign operation if the content is not detached.

+ +

Streaming is always used for the -sign operation with detached data but since the content is no longer part of the PKCS#7 structure the encoding remains DER.

+ +

EXIT CODES

+ +
+ +
0
+
+ +

The operation was completely successfully.

+ +
+
1
+
+ +

An error occurred parsing the command options.

+ +
+
2
+
+ +

One of the input files could not be read.

+ +
+
3
+
+ +

An error occurred creating the PKCS#7 file or when reading the MIME message.

+ +
+
4
+
+ +

An error occurred decrypting or verifying the message.

+ +
+
5
+
+ +

The message was verified correctly but an error occurred writing out the signers certificates.

+ +
+
+ +

EXAMPLES

+ +

Create a cleartext signed message:

+ +
openssl smime -sign -in message.txt -text -out mail.msg \
+       -signer mycert.pem
+ +

Create an opaque signed message:

+ +
openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
+       -signer mycert.pem
+ +

Create a signed message, include some additional certificates and read the private key from another file:

+ +
openssl smime -sign -in in.txt -text -out mail.msg \
+       -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
+ +

Create a signed message with two signers:

+ +
openssl smime -sign -in message.txt -text -out mail.msg \
+       -signer mycert.pem -signer othercert.pem
+ +

Send a signed message under Unix directly to sendmail, including headers:

+ +
openssl smime -sign -in in.txt -text -signer mycert.pem \
+       -from steve@openssl.org -to someone@somewhere \
+       -subject "Signed message" | sendmail someone@somewhere
+ +

Verify a message and extract the signer's certificate if successful:

+ +
openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt
+ +

Send encrypted mail using triple DES:

+ +
openssl smime -encrypt -in in.txt -from steve@openssl.org \
+       -to someone@somewhere -subject "Encrypted message" \
+       -des3 user.pem -out mail.msg
+ +

Sign and encrypt mail:

+ +
openssl smime -sign -in ml.txt -signer my.pem -text \
+       | openssl smime -encrypt -out mail.msg \
+       -from steve@openssl.org -to someone@somewhere \
+       -subject "Signed and Encrypted message" -des3 user.pem
+ +

Note: the encryption command does not include the -text option because the message being encrypted already has MIME headers.

+ +

Decrypt mail:

+ +
openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
+ +

The output from Netscape form signing is a PKCS#7 structure with the detached signature format. You can use this program to verify the signature by line wrapping the base64 encoded structure and surrounding it with:

+ +
-----BEGIN PKCS7-----
+-----END PKCS7-----
+ +

and using the command:

+ +
openssl smime -verify -inform PEM -in signature.pem -content content.txt
+ +

Alternatively you can base64 decode the signature and use:

+ +
openssl smime -verify -inform DER -in signature.der -content content.txt
+ +

Create an encrypted message using 128 bit Camellia:

+ +
openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
+ +

Add a signer to an existing message:

+ +
openssl smime -resign -in mail.msg -signer newsign.pem -out mail2.msg
+ +

BUGS

+ +

The MIME parser isn't very clever: it seems to handle most messages that I've thrown at it but it may choke on others.

+ +

The code currently will only write out the signer's certificate to a file: if the signer has a separate encryption certificate this must be manually extracted. There should be some heuristic that determines the correct encryption certificate.

+ +

Ideally a database should be maintained of a certificates for each email address.

+ +

The code doesn't currently take note of the permitted symmetric encryption algorithms as supplied in the SMIMECapabilities signed attribute. This means the user has to manually include the correct encryption algorithm. It should store the list of permitted ciphers in a database and only use those.

+ +

No revocation checking is done on the signer's certificate.

+ +

The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 structures may cause parsing errors.

+ +

HISTORY

+ +

The use of multiple -signer options and the -resign command were first added in OpenSSL 1.0.0

+ +

The -no_alt_chains option was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/speed.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/speed.html new file mode 100644 index 00000000..c1c2d44d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/speed.html @@ -0,0 +1,117 @@ + + + + +speed + + + + + + + + + + +

NAME

+ +

openssl-speed, speed - test library performance

+ +

SYNOPSIS

+ +

openssl speed [-help] [-engine id] [-elapsed] [-evp algo] [-decrypt] [-rand file...] [-writerand file] [-primes num] [-seconds num] [-bytes num] [algorithm...]

+ +

DESCRIPTION

+ +

This command is used to test the performance of cryptographic algorithms. To see the list of supported algorithms, use the list --digest-commands or list --cipher-commands command. The global CSPRNG is denoted by the rand algorithm name.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause speed to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-elapsed
+
+ +

When calculating operations- or bytes-per-second, use wall-clock time instead of CPU user time as divisor. It can be useful when testing speed of hardware engines.

+ +
+
-evp algo
+
+ +

Use the specified cipher or message digest algorithm via the EVP interface. If algo is an AEAD cipher, then you can pass <-aead> to benchmark a TLS-like sequence. And if algo is a multi-buffer capable cipher, e.g. aes-128-cbc-hmac-sha1, then -mb will time multi-buffer operation.

+ +
+
-decrypt
+
+ +

Time the decryption instead of encryption. Affects only the EVP testing.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-primes num
+
+ +

Generate a num-prime RSA key and use it to run the benchmarks. This option is only effective if RSA algorithm is specified to test.

+ +
+
-seconds num
+
+ +

Run benchmarks for num seconds.

+ +
+
-bytes num
+
+ +

Run benchmarks on num-byte buffers. Affects ciphers, digests and the CSPRNG.

+ +
+
[zero or more test algorithms]
+
+ +

If any options are given, speed tests those algorithms, otherwise a pre-compiled grand selection is tested.

+ +
+
+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/spkac.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/spkac.html new file mode 100644 index 00000000..40fbd64a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/spkac.html @@ -0,0 +1,167 @@ + + + + +spkac + + + + + + + + + + +

NAME

+ +

openssl-spkac, spkac - SPKAC printing and generating utility

+ +

SYNOPSIS

+ +

openssl spkac [-help] [-in filename] [-out filename] [-key keyfile] [-keyform PEM|DER|ENGINE] [-passin arg] [-challenge string] [-pubkey] [-spkac spkacname] [-spksect section] [-noout] [-verify] [-engine id]

+ +

DESCRIPTION

+ +

The spkac command processes Netscape signed public key and challenge (SPKAC) files. It can print out their contents, verify the signature and produce its own SPKACs from a supplied private key.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-in filename
+
+ +

This specifies the input filename to read from or standard input if this option is not specified. Ignored if the -key option is used.

+ +
+
-out filename
+
+ +

Specifies the output filename to write to or standard output by default.

+ +
+
-key keyfile
+
+ +

Create an SPKAC file using the private key in keyfile. The -in, -noout, -spksect and -verify options are ignored if present.

+ +
+
-keyform PEM|DER|ENGINE
+
+ +

Whether the key format is PEM, DER, or an engine-backed key. The default is PEM.

+ +
+
-passin password
+
+ +

The input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-challenge string
+
+ +

Specifies the challenge string if an SPKAC is being created.

+ +
+
-spkac spkacname
+
+ +

Allows an alternative name form the variable containing the SPKAC. The default is "SPKAC". This option affects both generated and input SPKAC files.

+ +
+
-spksect section
+
+ +

Allows an alternative name form the section containing the SPKAC. The default is the default section.

+ +
+
-noout
+
+ +

Don't output the text version of the SPKAC (not used if an SPKAC is being created).

+ +
+
-pubkey
+
+ +

Output the public key of an SPKAC (not used if an SPKAC is being created).

+ +
+
-verify
+
+ +

Verifies the digital signature on the supplied SPKAC.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause spkac to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

EXAMPLES

+ +

Print out the contents of an SPKAC:

+ +
openssl spkac -in spkac.cnf
+ +

Verify the signature of an SPKAC:

+ +
openssl spkac -in spkac.cnf -noout -verify
+ +

Create an SPKAC using the challenge string "hello":

+ +
openssl spkac -key key.pem -challenge hello -out spkac.cnf
+ +

Example of an SPKAC, (long lines split up for clarity):

+ +
SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\
+1cCoq2Wa3Ixs47uI7FPVwHVIPDx5yso105Y6zpozam135a\
+8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03uPFoQIDAQAB\
+FgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJ\
+h1bEIYuc2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnD\
+dq+NQ3F+X4deMx9AaEglZtULwV4=
+ +

NOTES

+ +

A created SPKAC with suitable DN components appended can be fed into the ca utility.

+ +

SPKACs are typically generated by Netscape when a form is submitted containing the KEYGEN tag as part of the certificate enrollment process.

+ +

The challenge string permits a primitive form of proof of possession of private key. By checking the SPKAC signature and a random challenge string some guarantee is given that the user knows the private key corresponding to the public key being certified. This is important in some applications. Without this it is possible for a previous SPKAC to be used in a "replay attack".

+ +

SEE ALSO

+ +

ca(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/srp.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/srp.html new file mode 100644 index 00000000..4fb653c9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/srp.html @@ -0,0 +1,71 @@ + + + + +srp + + + + + + + + + + +

NAME

+ +

openssl-srp, srp - maintain SRP password file

+ +

SYNOPSIS

+ +

openssl srp [-help] [-verbose] [-add] [-modify] [-delete] [-list] [-name section] [-config file] [-srpvfile file] [-gn identifier] [-userinfo text...] [-passin arg] [-passout arg] [user...]

+ +

DESCRIPTION

+ +

The srp command is user to maintain an SRP (secure remote password) file. At most one of the -add, -modify, -delete, and -list options can be specified. These options take zero or more usernames as parameters and perform the appropriate operation on the SRP file. For -list, if no user is given then all users are displayed.

+ +

The configuration file to use, and the section within the file, can be specified with the -config and -name flags, respectively. If the config file is not specified, the -srpvfile can be used to just specify the file to operate on.

+ +

The -userinfo option specifies additional information to add when adding or modifying a user.

+ +

The -gn flag specifies the g and N values, using one of the strengths defined in IETF RFC 5054.

+ +

The -passin and -passout arguments are parsed as described in the openssl(1) command.

+ +

OPTIONS

+ +
+ +
[-help]
+
+ +

Display an option summary.

+ +
+
[-verbose]
+
+ +

Generate verbose output while processing.

+ +
+
+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/storeutl.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/storeutl.html new file mode 100644 index 00000000..27ed22e6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/storeutl.html @@ -0,0 +1,151 @@ + + + + +storeutl + + + + + + + + + + +

NAME

+ +

openssl-storeutl, storeutl - STORE utility

+ +

SYNOPSIS

+ +

openssl storeutl [-help] [-out file] [-noout] [-passin arg] [-text arg] [-engine id] [-r] [-certs] [-keys] [-crls] [-subject arg] [-issuer arg] [-serial arg] [-alias arg] [-fingerprint arg] [-digest] uri ...

+ +

DESCRIPTION

+ +

The storeutl command can be used to display the contents (after decryption as the case may be) fetched from the given URIs.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-out filename
+
+ +

specifies the output filename to write to or standard output by default.

+ +
+
-noout
+
+ +

this option prevents output of the PEM data.

+ +
+
-passin arg
+
+ +

the key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-text
+
+ +

Prints out the objects in text form, similarly to the -text output from openssl x509, openssl pkey, etc.

+ +
+
-engine id
+
+ +

specifying an engine (by its unique id string) will cause storeutl to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-r
+
+ +

Fetch objects recursively when possible.

+ +
+
-certs
+
+ +
+
-keys
+
+ +
+
-crls
+
+ +

Only select the certificates, keys or CRLs from the given URI. However, if this URI would return a set of names (URIs), those are always returned.

+ +
+
-subject arg
+
+ +

Search for an object having the subject name arg. The arg must be formatted as /type0=value0/type1=value1/type2=.... Keyword characters may be escaped by \ (backslash), and whitespace is retained. Empty values are permitted but are ignored for the search. That is, a search with an empty value will have the same effect as not specifying the type at all.

+ +
+
-issuer arg
+
+ +
+
-serial arg
+
+ +

Search for an object having the given issuer name and serial number. These two options must be used together. The issuer arg must be formatted as /type0=value0/type1=value1/type2=..., characters may be escaped by \ (backslash), no spaces are skipped. The serial arg may be specified as a decimal value or a hex value if preceded by 0x.

+ +
+
-alias arg
+
+ +

Search for an object having the given alias.

+ +
+
-fingerprint arg
+
+ +

Search for an object having the given fingerprint.

+ +
+
-digest
+
+ +

The digest that was used to compute the fingerprint given with -fingerprint.

+ +
+
+ +

SEE ALSO

+ +

openssl(1)

+ +

HISTORY

+ +

The openssl storeutl app was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ts.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ts.html new file mode 100644 index 00000000..b8d5a619 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/ts.html @@ -0,0 +1,555 @@ + + + + +ts + + + + + + + + + + +

NAME

+ +

openssl-ts, ts - Time Stamping Authority tool (client/server)

+ +

SYNOPSIS

+ +

openssl ts -query [-rand file...] [-writerand file] [-config configfile] [-data file_to_hash] [-digest digest_bytes] [-digest] [-tspolicy object_id] [-no_nonce] [-cert] [-in request.tsq] [-out request.tsq] [-text]

+ +

openssl ts -reply [-config configfile] [-section tsa_section] [-queryfile request.tsq] [-passin password_src] [-signer tsa_cert.pem] [-inkey file_or_id] [-digest] [-chain certs_file.pem] [-tspolicy object_id] [-in response.tsr] [-token_in] [-out response.tsr] [-token_out] [-text] [-engine id]

+ +

openssl ts -verify [-data file_to_hash] [-digest digest_bytes] [-queryfile request.tsq] [-in response.tsr] [-token_in] [-CApath trusted_cert_path] [-CAfile trusted_certs.pem] [-untrusted cert_file.pem] [verify options]

+ +

verify options: [-attime timestamp] [-check_ss_sig] [-crl_check] [-crl_check_all] [-explicit_policy] [-extended_crl] [-ignore_critical] [-inhibit_any] [-inhibit_map] [-issuer_checks] [-no_alt_chains] [-no_check_time] [-partial_chain] [-policy arg] [-policy_check] [-policy_print] [-purpose purpose] [-suiteB_128] [-suiteB_128_only] [-suiteB_192] [-trusted_first] [-use_deltas] [-auth_level num] [-verify_depth num] [-verify_email email] [-verify_hostname hostname] [-verify_ip ip] [-verify_name name] [-x509_strict]

+ +

DESCRIPTION

+ +

The ts command is a basic Time Stamping Authority (TSA) client and server application as specified in RFC 3161 (Time-Stamp Protocol, TSP). A TSA can be part of a PKI deployment and its role is to provide long term proof of the existence of a certain datum before a particular time. Here is a brief description of the protocol:

+ +
    + +
  1. The TSA client computes a one-way hash value for a data file and sends the hash to the TSA.

    + +
  2. +
  3. The TSA attaches the current date and time to the received hash value, signs them and sends the time stamp token back to the client. By creating this token the TSA certifies the existence of the original data file at the time of response generation.

    + +
  4. +
  5. The TSA client receives the time stamp token and verifies the signature on it. It also checks if the token contains the same hash value that it had sent to the TSA.

    + +
  6. +
+ +

There is one DER encoded protocol data unit defined for transporting a time stamp request to the TSA and one for sending the time stamp response back to the client. The ts command has three main functions: creating a time stamp request based on a data file, creating a time stamp response based on a request, verifying if a response corresponds to a particular request or a data file.

+ +

There is no support for sending the requests/responses automatically over HTTP or TCP yet as suggested in RFC 3161. The users must send the requests either by ftp or e-mail.

+ +

OPTIONS

+ +

Time Stamp Request generation

+ +

The -query switch can be used for creating and printing a time stamp request with the following options:

+ +
+ +
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-config configfile
+
+ +

The configuration file to use. Optional; for a description of the default value, see "COMMAND SUMMARY" in openssl(1).

+ +
+
-data file_to_hash
+
+ +

The data file for which the time stamp request needs to be created. stdin is the default if neither the -data nor the -digest parameter is specified. (Optional)

+ +
+
-digest digest_bytes
+
+ +

It is possible to specify the message imprint explicitly without the data file. The imprint must be specified in a hexadecimal format, two characters per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or 1AF601...). The number of bytes must match the message digest algorithm in use. (Optional)

+ +
+
-digest
+
+ +

The message digest to apply to the data file. Any digest supported by the OpenSSL dgst command can be used. The default is SHA-1. (Optional)

+ +
+
-tspolicy object_id
+
+ +

The policy that the client expects the TSA to use for creating the time stamp token. Either the dotted OID notation or OID names defined in the config file can be used. If no policy is requested the TSA will use its own default policy. (Optional)

+ +
+
-no_nonce
+
+ +

No nonce is specified in the request if this option is given. Otherwise a 64 bit long pseudo-random none is included in the request. It is recommended to use nonce to protect against replay-attacks. (Optional)

+ +
+
-cert
+
+ +

The TSA is expected to include its signing certificate in the response. (Optional)

+ +
+
-in request.tsq
+
+ +

This option specifies a previously created time stamp request in DER format that will be printed into the output file. Useful when you need to examine the content of a request in human-readable format. (Optional)

+ +
+
-out request.tsq
+
+ +

Name of the output file to which the request will be written. Default is stdout. (Optional)

+ +
+
-text
+
+ +

If this option is specified the output is human-readable text format instead of DER. (Optional)

+ +
+
+ +

Time Stamp Response generation

+ +

A time stamp response (TimeStampResp) consists of a response status and the time stamp token itself (ContentInfo), if the token generation was successful. The -reply command is for creating a time stamp response or time stamp token based on a request and printing the response/token in human-readable format. If -token_out is not specified the output is always a time stamp response (TimeStampResp), otherwise it is a time stamp token (ContentInfo).

+ +
+ +
-config configfile
+
+ +

The configuration file to use. Optional; for a description of the default value, see "COMMAND SUMMARY" in openssl(1). See CONFIGURATION FILE OPTIONS for configurable variables.

+ +
+
-section tsa_section
+
+ +

The name of the config file section containing the settings for the response generation. If not specified the default TSA section is used, see CONFIGURATION FILE OPTIONS for details. (Optional)

+ +
+
-queryfile request.tsq
+
+ +

The name of the file containing a DER encoded time stamp request. (Optional)

+ +
+
-passin password_src
+
+ +

Specifies the password source for the private key of the TSA. See PASS PHRASE ARGUMENTS in openssl(1). (Optional)

+ +
+
-signer tsa_cert.pem
+
+ +

The signer certificate of the TSA in PEM format. The TSA signing certificate must have exactly one extended key usage assigned to it: timeStamping. The extended key usage must also be critical, otherwise the certificate is going to be refused. Overrides the signer_cert variable of the config file. (Optional)

+ +
+
-inkey file_or_id
+
+ +

The signer private key of the TSA in PEM format. Overrides the signer_key config file option. (Optional) If no engine is used, the argument is taken as a file; if an engine is specified, the argument is given to the engine as a key identifier.

+ +
+
-digest
+
+ +

Signing digest to use. Overrides the signer_digest config file option. (Mandatory unless specified in the config file)

+ +
+
-chain certs_file.pem
+
+ +

The collection of certificates in PEM format that will all be included in the response in addition to the signer certificate if the -cert option was used for the request. This file is supposed to contain the certificate chain for the signer certificate from its issuer upwards. The -reply command does not build a certificate chain automatically. (Optional)

+ +
+
-tspolicy object_id
+
+ +

The default policy to use for the response unless the client explicitly requires a particular TSA policy. The OID can be specified either in dotted notation or with its name. Overrides the default_policy config file option. (Optional)

+ +
+
-in response.tsr
+
+ +

Specifies a previously created time stamp response or time stamp token (if -token_in is also specified) in DER format that will be written to the output file. This option does not require a request, it is useful e.g. when you need to examine the content of a response or token or you want to extract the time stamp token from a response. If the input is a token and the output is a time stamp response a default 'granted' status info is added to the token. (Optional)

+ +
+
-token_in
+
+ +

This flag can be used together with the -in option and indicates that the input is a DER encoded time stamp token (ContentInfo) instead of a time stamp response (TimeStampResp). (Optional)

+ +
+
-out response.tsr
+
+ +

The response is written to this file. The format and content of the file depends on other options (see -text, -token_out). The default is stdout. (Optional)

+ +
+
-token_out
+
+ +

The output is a time stamp token (ContentInfo) instead of time stamp response (TimeStampResp). (Optional)

+ +
+
-text
+
+ +

If this option is specified the output is human-readable text format instead of DER. (Optional)

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause ts to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. Default is builtin. (Optional)

+ +
+
+ +

Time Stamp Response verification

+ +

The -verify command is for verifying if a time stamp response or time stamp token is valid and matches a particular time stamp request or data file. The -verify command does not use the configuration file.

+ +
+ +
-data file_to_hash
+
+ +

The response or token must be verified against file_to_hash. The file is hashed with the message digest algorithm specified in the token. The -digest and -queryfile options must not be specified with this one. (Optional)

+ +
+
-digest digest_bytes
+
+ +

The response or token must be verified against the message digest specified with this option. The number of bytes must match the message digest algorithm specified in the token. The -data and -queryfile options must not be specified with this one. (Optional)

+ +
+
-queryfile request.tsq
+
+ +

The original time stamp request in DER format. The -data and -digest options must not be specified with this one. (Optional)

+ +
+
-in response.tsr
+
+ +

The time stamp response that needs to be verified in DER format. (Mandatory)

+ +
+
-token_in
+
+ +

This flag can be used together with the -in option and indicates that the input is a DER encoded time stamp token (ContentInfo) instead of a time stamp response (TimeStampResp). (Optional)

+ +
+
-CApath trusted_cert_path
+
+ +

The name of the directory containing the trusted CA certificates of the client. See the similar option of verify(1) for additional details. Either this option or -CAfile must be specified. (Optional)

+ +
+
-CAfile trusted_certs.pem
+
+ +

The name of the file containing a set of trusted self-signed CA certificates in PEM format. See the similar option of verify(1) for additional details. Either this option or -CApath must be specified. (Optional)

+ +
+
-untrusted cert_file.pem
+
+ +

Set of additional untrusted certificates in PEM format which may be needed when building the certificate chain for the TSA's signing certificate. This file must contain the TSA signing certificate and all intermediate CA certificates unless the response includes them. (Optional)

+ +
+
verify options
+
+ +

The options -attime timestamp, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -issuer_checks, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, and -x509_strict can be used to control timestamp verification. See verify(1).

+ +
+
+ +

CONFIGURATION FILE OPTIONS

+ +

The -query and -reply commands make use of a configuration file. See config(5) for a general description of the syntax of the config file. The -query command uses only the symbolic OID names section and it can work without it. However, the -reply command needs the config file for its operation.

+ +

When there is a command line switch equivalent of a variable the switch always overrides the settings in the config file.

+ +
+ +
tsa section, default_tsa
+
+ +

This is the main section and it specifies the name of another section that contains all the options for the -reply command. This default section can be overridden with the -section command line switch. (Optional)

+ +
+
oid_file
+
+ +

See ca(1) for description. (Optional)

+ +
+
oid_section
+
+ +

See ca(1) for description. (Optional)

+ +
+
RANDFILE
+
+ +

See ca(1) for description. (Optional)

+ +
+
serial
+
+ +

The name of the file containing the hexadecimal serial number of the last time stamp response created. This number is incremented by 1 for each response. If the file does not exist at the time of response generation a new file is created with serial number 1. (Mandatory)

+ +
+
crypto_device
+
+ +

Specifies the OpenSSL engine that will be set as the default for all available algorithms. The default value is builtin, you can specify any other engines supported by OpenSSL (e.g. use chil for the NCipher HSM). (Optional)

+ +
+
signer_cert
+
+ +

TSA signing certificate in PEM format. The same as the -signer command line option. (Optional)

+ +
+
certs
+
+ +

A file containing a set of PEM encoded certificates that need to be included in the response. The same as the -chain command line option. (Optional)

+ +
+
signer_key
+
+ +

The private key of the TSA in PEM format. The same as the -inkey command line option. (Optional)

+ +
+
signer_digest
+
+ +

Signing digest to use. The same as the -digest command line option. (Mandatory unless specified on the command line)

+ +
+
default_policy
+
+ +

The default policy to use when the request does not mandate any policy. The same as the -tspolicy command line option. (Optional)

+ +
+
other_policies
+
+ +

Comma separated list of policies that are also acceptable by the TSA and used only if the request explicitly specifies one of them. (Optional)

+ +
+
digests
+
+ +

The list of message digest algorithms that the TSA accepts. At least one algorithm must be specified. (Mandatory)

+ +
+
accuracy
+
+ +

The accuracy of the time source of the TSA in seconds, milliseconds and microseconds. E.g. secs:1, millisecs:500, microsecs:100. If any of the components is missing zero is assumed for that field. (Optional)

+ +
+
clock_precision_digits
+
+ +

Specifies the maximum number of digits, which represent the fraction of seconds, that need to be included in the time field. The trailing zeroes must be removed from the time, so there might actually be fewer digits, or no fraction of seconds at all. Supported only on UNIX platforms. The maximum value is 6, default is 0. (Optional)

+ +
+
ordering
+
+ +

If this option is yes the responses generated by this TSA can always be ordered, even if the time difference between two responses is less than the sum of their accuracies. Default is no. (Optional)

+ +
+
tsa_name
+
+ +

Set this option to yes if the subject name of the TSA must be included in the TSA name field of the response. Default is no. (Optional)

+ +
+
ess_cert_id_chain
+
+ +

The SignedData objects created by the TSA always contain the certificate identifier of the signing certificate in a signed attribute (see RFC 2634, Enhanced Security Services). If this option is set to yes and either the certs variable or the -chain option is specified then the certificate identifiers of the chain will also be included in the SigningCertificate signed attribute. If this variable is set to no, only the signing certificate identifier is included. Default is no. (Optional)

+ +
+
ess_cert_id_alg
+
+ +

This option specifies the hash function to be used to calculate the TSA's public key certificate identifier. Default is sha1. (Optional)

+ +
+
+ +

EXAMPLES

+ +

All the examples below presume that OPENSSL_CONF is set to a proper configuration file, e.g. the example configuration file openssl/apps/openssl.cnf will do.

+ +

Time Stamp Request

+ +

To create a time stamp request for design1.txt with SHA-1 without nonce and policy and no certificate is required in the response:

+ +
openssl ts -query -data design1.txt -no_nonce \
+      -out design1.tsq
+ +

To create a similar time stamp request with specifying the message imprint explicitly:

+ +
openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
+       -no_nonce -out design1.tsq
+ +

To print the content of the previous request in human readable format:

+ +
openssl ts -query -in design1.tsq -text
+ +

To create a time stamp request which includes the MD-5 digest of design2.txt, requests the signer certificate and nonce, specifies a policy id (assuming the tsa_policy1 name is defined in the OID section of the config file):

+ +
openssl ts -query -data design2.txt -md5 \
+      -tspolicy tsa_policy1 -cert -out design2.tsq
+ +

Time Stamp Response

+ +

Before generating a response a signing certificate must be created for the TSA that contains the timeStamping critical extended key usage extension without any other key usage extensions. You can add this line to the user certificate section of the config file to generate a proper certificate;

+ +
extendedKeyUsage = critical,timeStamping
+ +

See req(1), ca(1), and x509(1) for instructions. The examples below assume that cacert.pem contains the certificate of the CA, tsacert.pem is the signing certificate issued by cacert.pem and tsakey.pem is the private key of the TSA.

+ +

To create a time stamp response for a request:

+ +
openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \
+      -signer tsacert.pem -out design1.tsr
+ +

If you want to use the settings in the config file you could just write:

+ +
openssl ts -reply -queryfile design1.tsq -out design1.tsr
+ +

To print a time stamp reply to stdout in human readable format:

+ +
openssl ts -reply -in design1.tsr -text
+ +

To create a time stamp token instead of time stamp response:

+ +
openssl ts -reply -queryfile design1.tsq -out design1_token.der -token_out
+ +

To print a time stamp token to stdout in human readable format:

+ +
openssl ts -reply -in design1_token.der -token_in -text -token_out
+ +

To extract the time stamp token from a response:

+ +
openssl ts -reply -in design1.tsr -out design1_token.der -token_out
+ +

To add 'granted' status info to a time stamp token thereby creating a valid response:

+ +
openssl ts -reply -in design1_token.der -token_in -out design1.tsr
+ +

Time Stamp Verification

+ +

To verify a time stamp reply against a request:

+ +
openssl ts -verify -queryfile design1.tsq -in design1.tsr \
+      -CAfile cacert.pem -untrusted tsacert.pem
+ +

To verify a time stamp reply that includes the certificate chain:

+ +
openssl ts -verify -queryfile design2.tsq -in design2.tsr \
+      -CAfile cacert.pem
+ +

To verify a time stamp token against the original data file: openssl ts -verify -data design2.txt -in design2.tsr \ -CAfile cacert.pem

+ +

To verify a time stamp token against a message imprint: openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ -in design2.tsr -CAfile cacert.pem

+ +

You could also look at the 'test' directory for more examples.

+ +

BUGS

+ +
    + +
  • No support for time stamps over SMTP, though it is quite easy to implement an automatic e-mail based TSA with procmail(1) and perl(1). HTTP server support is provided in the form of a separate apache module. HTTP client support is provided by tsget(1). Pure TCP/IP protocol is not supported.

    + +
  • +
  • The file containing the last serial number of the TSA is not locked when being read or written. This is a problem if more than one instance of openssl(1) is trying to create a time stamp response at the same time. This is not an issue when using the apache server module, it does proper locking.

    + +
  • +
  • Look for the FIXME word in the source files.

    + +
  • +
  • The source code should really be reviewed by somebody else, too.

    + +
  • +
  • More testing is needed, I have done only some basic tests (see test/testtsa).

    + +
  • +
+ +

SEE ALSO

+ +

tsget(1), openssl(1), req(1), x509(1), ca(1), genrsa(1), config(5)

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/tsget.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/tsget.html new file mode 100644 index 00000000..ed6c7bdc --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/tsget.html @@ -0,0 +1,190 @@ + + + + +tsget + + + + + + + + + + +

NAME

+ +

openssl-tsget, tsget - Time Stamping HTTP/HTTPS client

+ +

SYNOPSIS

+ +

tsget -h server_url [-e extension] [-o output] [-v] [-d] [-k private_key.pem] [-p key_password] [-c client_cert.pem] [-C CA_certs.pem] [-P CA_path] [-r file:file...] [-g EGD_socket] [request]...

+ +

DESCRIPTION

+ +

The tsget command can be used for sending a time stamp request, as specified in RFC 3161, to a time stamp server over HTTP or HTTPS and storing the time stamp response in a file. This tool cannot be used for creating the requests and verifying responses, you can use the OpenSSL ts(1) command to do that. tsget can send several requests to the server without closing the TCP connection if more than one requests are specified on the command line.

+ +

The tool sends the following HTTP request for each time stamp request:

+ +
POST url HTTP/1.1
+User-Agent: OpenTSA tsget.pl/<version>
+Host: <host>:<port>
+Pragma: no-cache
+Content-Type: application/timestamp-query
+Accept: application/timestamp-reply
+Content-Length: length of body
+
+...binary request specified by the user...
+ +

tsget expects a response of type application/timestamp-reply, which is written to a file without any interpretation.

+ +

OPTIONS

+ +
+ +
-h server_url
+
+ +

The URL of the HTTP/HTTPS server listening for time stamp requests.

+ +
+
-e extension
+
+ +

If the -o option is not given this argument specifies the extension of the output files. The base name of the output file will be the same as those of the input files. Default extension is '.tsr'. (Optional)

+ +
+
-o output
+
+ +

This option can be specified only when just one request is sent to the server. The time stamp response will be written to the given output file. '-' means standard output. In case of multiple time stamp requests or the absence of this argument the names of the output files will be derived from the names of the input files and the default or specified extension argument. (Optional)

+ +
+
-v
+
+ +

The name of the currently processed request is printed on standard error. (Optional)

+ +
+
-d
+
+ +

Switches on verbose mode for the underlying curl library. You can see detailed debug messages for the connection. (Optional)

+ +
+
-k private_key.pem
+
+ +

(HTTPS) In case of certificate-based client authentication over HTTPS <private_key.pem> must contain the private key of the user. The private key file can optionally be protected by a passphrase. The -c option must also be specified. (Optional)

+ +
+
-p key_password
+
+ +

(HTTPS) Specifies the passphrase for the private key specified by the -k argument. If this option is omitted and the key is passphrase protected tsget will ask for it. (Optional)

+ +
+
-c client_cert.pem
+
+ +

(HTTPS) In case of certificate-based client authentication over HTTPS <client_cert.pem> must contain the X.509 certificate of the user. The -k option must also be specified. If this option is not specified no certificate-based client authentication will take place. (Optional)

+ +
+
-C CA_certs.pem
+
+ +

(HTTPS) The trusted CA certificate store. The certificate chain of the peer's certificate must include one of the CA certificates specified in this file. Either option -C or option -P must be given in case of HTTPS. (Optional)

+ +
+
-P CA_path
+
+ +

(HTTPS) The path containing the trusted CA certificates to verify the peer's certificate. The directory must be prepared with the c_rehash OpenSSL utility. Either option -C or option -P must be given in case of HTTPS. (Optional)

+ +
+
-rand file:file...
+
+ +

The files containing random data for seeding the random number generator. Multiple files can be specified, the separator is ; for MS-Windows, , for VMS and : for all other platforms. (Optional)

+ +
+
-g EGD_socket
+
+ +

The name of an EGD socket to get random data from. (Optional)

+ +
+
[request]...
+
+ +

List of files containing RFC 3161 DER-encoded time stamp requests. If no requests are specified only one request will be sent to the server and it will be read from the standard input. (Optional)

+ +
+
+ +

ENVIRONMENT VARIABLES

+ +

The TSGET environment variable can optionally contain default arguments. The content of this variable is added to the list of command line arguments.

+ +

EXAMPLES

+ +

The examples below presume that file1.tsq and file2.tsq contain valid time stamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests and at port 8443 for HTTPS requests, the TSA service is available at the /tsa absolute path.

+ +

Get a time stamp response for file1.tsq over HTTP, output is written to file1.tsr:

+ +
tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq
+ +

Get a time stamp response for file1.tsq and file2.tsq over HTTP showing progress, output is written to file1.reply and file2.reply respectively:

+ +
tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \
+      file1.tsq file2.tsq
+ +

Create a time stamp request, write it to file3.tsq, send it to the server and write the response to file3.tsr:

+ +
openssl ts -query -data file3.txt -cert | tee file3.tsq \
+      | tsget -h http://tsa.opentsa.org:8080/tsa \
+      -o file3.tsr
+ +

Get a time stamp response for file1.tsq over HTTPS without client authentication:

+ +
tsget -h https://tsa.opentsa.org:8443/tsa \
+      -C cacerts.pem file1.tsq
+ +

Get a time stamp response for file1.tsq over HTTPS with certificate-based client authentication (it will ask for the passphrase if client_key.pem is protected):

+ +
tsget -h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
+      -k client_key.pem -c client_cert.pem file1.tsq
+ +

You can shorten the previous command line if you make use of the TSGET environment variable. The following commands do the same as the previous example:

+ +
TSGET='-h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
+      -k client_key.pem -c client_cert.pem'
+export TSGET
+tsget file1.tsq
+ +

SEE ALSO

+ +

openssl(1), ts(1), curl(1), RFC 3161

+ +

COPYRIGHT

+ +

Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/verify.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/verify.html new file mode 100644 index 00000000..da3e6252 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/verify.html @@ -0,0 +1,825 @@ + + + + +verify + + + + + + + + + + +

NAME

+ +

openssl-verify, verify - Utility to verify certificates

+ +

SYNOPSIS

+ +

openssl verify [-help] [-CAfile file] [-CApath directory] [-no-CAfile] [-no-CApath] [-allow_proxy_certs] [-attime timestamp] [-check_ss_sig] [-CRLfile file] [-crl_download] [-crl_check] [-crl_check_all] [-engine id] [-explicit_policy] [-extended_crl] [-ignore_critical] [-inhibit_any] [-inhibit_map] [-nameopt option] [-no_check_time] [-partial_chain] [-policy arg] [-policy_check] [-policy_print] [-purpose purpose] [-suiteB_128] [-suiteB_128_only] [-suiteB_192] [-trusted_first] [-no_alt_chains] [-untrusted file] [-trusted file] [-use_deltas] [-verbose] [-auth_level level] [-verify_depth num] [-verify_email email] [-verify_hostname hostname] [-verify_ip ip] [-verify_name name] [-x509_strict] [-show_chain] [-] [certificates]

+ +

DESCRIPTION

+ +

The verify command verifies certificate chains.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-CAfile file
+
+ +

A file of trusted certificates. The file should contain one or more certificates in PEM format.

+ +
+
-CApath directory
+
+ +

A directory of trusted certificates. The certificates should have names of the form: hash.0 or have symbolic links to them of this form ("hash" is the hashed certificate subject name: see the -hash option of the x509 utility). Under Unix the c_rehash script will automatically create symbolic links to a directory of certificates.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location.

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location.

+ +
+
-allow_proxy_certs
+
+ +

Allow the verification of proxy certificates.

+ +
+
-attime timestamp
+
+ +

Perform validation checks using time specified by timestamp and not current system time. timestamp is the number of seconds since 01.01.1970 (UNIX time).

+ +
+
-check_ss_sig
+
+ +

Verify the signature on the self-signed root CA. This is disabled by default because it doesn't add any security.

+ +
+
-CRLfile file
+
+ +

The file should contain one or more CRLs in PEM format. This option can be specified more than once to include CRLs from multiple files.

+ +
+
-crl_download
+
+ +

Attempt to download CRL information for this certificate.

+ +
+
-crl_check
+
+ +

Checks end entity certificate validity by attempting to look up a valid CRL. If a valid CRL cannot be found an error occurs.

+ +
+
-crl_check_all
+
+ +

Checks the validity of all certificates in the chain by attempting to look up valid CRLs.

+ +
+
-engine id
+
+ +

Specifying an engine id will cause verify(1) to attempt to load the specified engine. The engine will then be set as the default for all its supported algorithms. If you want to load certificates or CRLs that require engine support via any of the -trusted, -untrusted or -CRLfile options, the -engine option must be specified before those options.

+ +
+
-explicit_policy
+
+ +

Set policy variable require-explicit-policy (see RFC5280).

+ +
+
-extended_crl
+
+ +

Enable extended CRL features such as indirect CRLs and alternate CRL signing keys.

+ +
+
-ignore_critical
+
+ +

Normally if an unhandled critical extension is present which is not supported by OpenSSL the certificate is rejected (as required by RFC5280). If this option is set critical extensions are ignored.

+ +
+
-inhibit_any
+
+ +

Set policy variable inhibit-any-policy (see RFC5280).

+ +
+
-inhibit_map
+
+ +

Set policy variable inhibit-policy-mapping (see RFC5280).

+ +
+
-nameopt option
+
+ +

Option which determines how the subject or issuer names are displayed. The option argument can be a single option or multiple options separated by commas. Alternatively the -nameopt switch may be used more than once to set multiple options. See the x509(1) manual page for details.

+ +
+
-no_check_time
+
+ +

This option suppresses checking the validity period of certificates and CRLs against the current time. If option -attime timestamp is used to specify a verification time, the check is not suppressed.

+ +
+
-partial_chain
+
+ +

Allow verification to succeed even if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed.

+ +
+
-policy arg
+
+ +

Enable policy processing and add arg to the user-initial-policy-set (see RFC5280). The policy arg can be an object name an OID in numeric form. This argument can appear more than once.

+ +
+
-policy_check
+
+ +

Enables certificate policy processing.

+ +
+
-policy_print
+
+ +

Print out diagnostics related to policy processing.

+ +
+
-purpose purpose
+
+ +

The intended use for the certificate. If this option is not specified, verify will not consider certificate purpose during chain verification. Currently accepted uses are sslclient, sslserver, nssslserver, smimesign, smimeencrypt. See the VERIFY OPERATION section for more information.

+ +
+
-suiteB_128_only, -suiteB_128, -suiteB_192
+
+ +

Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or 192 bit, or only 192 bit Level of Security respectively. See RFC6460 for details. In particular the supported signature algorithms are reduced to support only ECDSA and SHA256 or SHA384 and only the elliptic curves P-256 and P-384.

+ +
+
-trusted_first
+
+ +

When constructing the certificate chain, use the trusted certificates specified via -CAfile, -CApath or -trusted before any certificates specified via -untrusted. This can be useful in environments with Bridge or Cross-Certified CAs. As of OpenSSL 1.1.0 this option is on by default and cannot be disabled.

+ +
+
-no_alt_chains
+
+ +

By default, unless -trusted_first is specified, when building a certificate chain, if the first certificate chain found is not trusted, then OpenSSL will attempt to replace untrusted issuer certificates with certificates from the trust store to see if an alternative chain can be found that is trusted. As of OpenSSL 1.1.0, with -trusted_first always on, this option has no effect.

+ +
+
-untrusted file
+
+ +

A file of additional untrusted certificates (intermediate issuer CAs) used to construct a certificate chain from the subject certificate to a trust-anchor. The file should contain one or more certificates in PEM format. This option can be specified more than once to include untrusted certificates from multiple files.

+ +
+
-trusted file
+
+ +

A file of trusted certificates, which must be self-signed, unless the -partial_chain option is specified. The file contains one or more certificates in PEM format. With this option, no additional (e.g., default) certificate lists are consulted. That is, the only trust-anchors are those listed in file. This option can be specified more than once to include trusted certificates from multiple files. This option implies the -no-CAfile and -no-CApath options. This option cannot be used in combination with either of the -CAfile or -CApath options.

+ +
+
-use_deltas
+
+ +

Enable support for delta CRLs.

+ +
+
-verbose
+
+ +

Print extra information about the operations being performed.

+ +
+
-auth_level level
+
+ +

Set the certificate chain authentication security level to level. The authentication security level determines the acceptable signature and public key strength when verifying certificate chains. For a certificate chain to validate, the public keys of all the certificates must meet the specified security level. The signature algorithm security level is enforced for all the certificates in the chain except for the chain's trust anchor, which is either directly trusted or validated by means other than its signature. See SSL_CTX_set_security_level(3) for the definitions of the available levels. The default security level is -1, or "not set". At security level 0 or lower all algorithms are acceptable. Security level 1 requires at least 80-bit-equivalent security and is broadly interoperable, though it will, for example, reject MD5 signatures or RSA keys shorter than 1024 bits.

+ +
+
-verify_depth num
+
+ +

Limit the certificate chain to num intermediate CA certificates. A maximal depth chain can have up to num+2 certificates, since neither the end-entity certificate nor the trust-anchor certificate count against the -verify_depth limit.

+ +
+
-verify_email email
+
+ +

Verify if the email matches the email address in Subject Alternative Name or the email in the subject Distinguished Name.

+ +
+
-verify_hostname hostname
+
+ +

Verify if the hostname matches DNS name in Subject Alternative Name or Common Name in the subject certificate.

+ +
+
-verify_ip ip
+
+ +

Verify if the ip matches the IP address in Subject Alternative Name of the subject certificate.

+ +
+
-verify_name name
+
+ +

Use default verification policies like trust model and required certificate policies identified by name. The trust model determines which auxiliary trust or reject OIDs are applicable to verifying the given certificate chain. See the -addtrust and -addreject options of the x509(1) command-line utility. Supported policy names include: default, pkcs7, smime_sign, ssl_client, ssl_server. These mimics the combinations of purpose and trust settings used in SSL, CMS and S/MIME. As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not specified, so the -verify_name options are functionally equivalent to the corresponding -purpose settings.

+ +
+
-x509_strict
+
+ +

For strict X.509 compliance, disable non-compliant workarounds for broken certificates.

+ +
+
-show_chain
+
+ +

Display information about the certificate chain that has been built (if successful). Certificates in the chain that came from the untrusted list will be flagged as "untrusted".

+ +
+
-
+
+ +

Indicates the last option. All arguments following this are assumed to be certificate files. This is useful if the first certificate filename begins with a -.

+ +
+
certificates
+
+ +

One or more certificates to verify. If no certificates are given, verify will attempt to read a certificate from standard input. Certificates must be in PEM format.

+ +
+
+ +

VERIFY OPERATION

+ +

The verify program uses the same functions as the internal SSL and S/MIME verification, therefore this description applies to these verify operations too.

+ +

There is one crucial difference between the verify operations performed by the verify program: wherever possible an attempt is made to continue after an error whereas normally the verify operation would halt on the first error. This allows all the problems with a certificate chain to be determined.

+ +

The verify operation consists of a number of separate steps.

+ +

Firstly a certificate chain is built up starting from the supplied certificate and ending in the root CA. It is an error if the whole chain cannot be built up. The chain is built up by looking up the issuers certificate of the current certificate. If a certificate is found which is its own issuer it is assumed to be the root CA.

+ +

The process of 'looking up the issuers certificate' itself involves a number of steps. After all certificates whose subject name matches the issuer name of the current certificate are subject to further tests. The relevant authority key identifier components of the current certificate (if present) must match the subject key identifier (if present) and issuer and serial number of the candidate issuer, in addition the keyUsage extension of the candidate issuer (if present) must permit certificate signing.

+ +

The lookup first looks in the list of untrusted certificates and if no match is found the remaining lookups are from the trusted certificates. The root CA is always looked up in the trusted certificate list: if the certificate to verify is a root certificate then an exact match must be found in the trusted list.

+ +

The second operation is to check every untrusted certificate's extensions for consistency with the supplied purpose. If the -purpose option is not included then no checks are done. The supplied or "leaf" certificate must have extensions compatible with the supplied purpose and all other certificates must also be valid CA certificates. The precise extensions required are described in more detail in the CERTIFICATE EXTENSIONS section of the x509 utility.

+ +

The third operation is to check the trust settings on the root CA. The root CA should be trusted for the supplied purpose. For compatibility with previous versions of OpenSSL, a certificate with no trust settings is considered to be valid for all purposes.

+ +

The final operation is to check the validity of the certificate chain. The validity period is checked against the current system time and the notBefore and notAfter dates in the certificate. The certificate signatures are also checked at this point.

+ +

If all operations complete successfully then certificate is considered valid. If any operation fails then the certificate is not valid.

+ +

DIAGNOSTICS

+ +

When a verify operation fails the output messages can be somewhat cryptic. The general form of the error message is:

+ +
server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+error 24 at 1 depth lookup:invalid CA certificate
+ +

The first line contains the name of the certificate being verified followed by the subject name of the certificate. The second line contains the error number and the depth. The depth is number of the certificate being verified when a problem was detected starting with zero for the certificate being verified itself then 1 for the CA that signed the certificate and so on. Finally a text version of the error number is presented.

+ +

A partial list of the error codes and messages is shown below, this also includes the name of the error code as defined in the header file x509_vfy.h Some of the error codes are defined but never returned: these are described as "unused".

+ +
+ +
X509_V_OK
+
+ +

The operation was successful.

+ +
+
X509_V_ERR_UNSPECIFIED
+
+ +

Unspecified error; should not happen.

+ +
+
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
+
+ +

The issuer certificate of a looked up certificate could not be found. This normally means the list of trusted certificates is not complete.

+ +
+
X509_V_ERR_UNABLE_TO_GET_CRL
+
+ +

The CRL of a certificate could not be found.

+ +
+
X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
+
+ +

The certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for RSA keys.

+ +
+
X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
+
+ +

The CRL signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused.

+ +
+
X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
+
+ +

The public key in the certificate SubjectPublicKeyInfo could not be read.

+ +
+
X509_V_ERR_CERT_SIGNATURE_FAILURE
+
+ +

The signature of the certificate is invalid.

+ +
+
X509_V_ERR_CRL_SIGNATURE_FAILURE
+
+ +

The signature of the certificate is invalid.

+ +
+
X509_V_ERR_CERT_NOT_YET_VALID
+
+ +

The certificate is not yet valid: the notBefore date is after the current time.

+ +
+
X509_V_ERR_CERT_HAS_EXPIRED
+
+ +

The certificate has expired: that is the notAfter date is before the current time.

+ +
+
X509_V_ERR_CRL_NOT_YET_VALID
+
+ +

The CRL is not yet valid.

+ +
+
X509_V_ERR_CRL_HAS_EXPIRED
+
+ +

The CRL has expired.

+ +
+
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
+
+ +

The certificate notBefore field contains an invalid time.

+ +
+
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
+
+ +

The certificate notAfter field contains an invalid time.

+ +
+
X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
+
+ +

The CRL lastUpdate field contains an invalid time.

+ +
+
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
+
+ +

The CRL nextUpdate field contains an invalid time.

+ +
+
X509_V_ERR_OUT_OF_MEM
+
+ +

An error occurred trying to allocate memory. This should never happen.

+ +
+
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
+
+ +

The passed certificate is self-signed and the same certificate cannot be found in the list of trusted certificates.

+ +
+
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
+
+ +

The certificate chain could be built up using the untrusted certificates but the root could not be found locally.

+ +
+
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
+
+ +

The issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found.

+ +
+
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
+
+ +

No signatures could be verified because the chain contains only one certificate and it is not self signed.

+ +
+
X509_V_ERR_CERT_CHAIN_TOO_LONG
+
+ +

The certificate chain length is greater than the supplied maximum depth. Unused.

+ +
+
X509_V_ERR_CERT_REVOKED
+
+ +

The certificate has been revoked.

+ +
+
X509_V_ERR_INVALID_CA
+
+ +

A CA certificate is invalid. Either it is not a CA or its extensions are not consistent with the supplied purpose.

+ +
+
X509_V_ERR_PATH_LENGTH_EXCEEDED
+
+ +

The basicConstraints pathlength parameter has been exceeded.

+ +
+
X509_V_ERR_INVALID_PURPOSE
+
+ +

The supplied certificate cannot be used for the specified purpose.

+ +
+
X509_V_ERR_CERT_UNTRUSTED
+
+ +

The root CA is not marked as trusted for the specified purpose.

+ +
+
X509_V_ERR_CERT_REJECTED
+
+ +

The root CA is marked to reject the specified purpose.

+ +
+
X509_V_ERR_SUBJECT_ISSUER_MISMATCH
+
+ +

Not used as of OpenSSL 1.1.0 as a result of the deprecation of the -issuer_checks option.

+ +
+
X509_V_ERR_AKID_SKID_MISMATCH
+
+ +

Not used as of OpenSSL 1.1.0 as a result of the deprecation of the -issuer_checks option.

+ +
+
X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
+
+ +

Not used as of OpenSSL 1.1.0 as a result of the deprecation of the -issuer_checks option.

+ +
+
X509_V_ERR_KEYUSAGE_NO_CERTSIGN
+
+ +

Not used as of OpenSSL 1.1.0 as a result of the deprecation of the -issuer_checks option.

+ +
+
X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
+
+ +

Unable to get CRL issuer certificate.

+ +
+
X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
+
+ +

Unhandled critical extension.

+ +
+
X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
+
+ +

Key usage does not include CRL signing.

+ +
+
X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
+
+ +

Unhandled critical CRL extension.

+ +
+
X509_V_ERR_INVALID_NON_CA
+
+ +

Invalid non-CA certificate has CA markings.

+ +
+
X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
+
+ +

Proxy path length constraint exceeded.

+ +
+
X509_V_ERR_PROXY_SUBJECT_INVALID
+
+ +

Proxy certificate subject is invalid. It MUST be the same as the issuer with a single CN component added.

+ +
+
X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
+
+ +

Key usage does not include digital signature.

+ +
+
X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
+
+ +

Proxy certificates not allowed, please use -allow_proxy_certs.

+ +
+
X509_V_ERR_INVALID_EXTENSION
+
+ +

Invalid or inconsistent certificate extension.

+ +
+
X509_V_ERR_INVALID_POLICY_EXTENSION
+
+ +

Invalid or inconsistent certificate policy extension.

+ +
+
X509_V_ERR_NO_EXPLICIT_POLICY
+
+ +

No explicit policy.

+ +
+
X509_V_ERR_DIFFERENT_CRL_SCOPE
+
+ +

Different CRL scope.

+ +
+
X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
+
+ +

Unsupported extension feature.

+ +
+
X509_V_ERR_UNNESTED_RESOURCE
+
+ +

RFC 3779 resource not subset of parent's resources.

+ +
+
X509_V_ERR_PERMITTED_VIOLATION
+
+ +

Permitted subtree violation.

+ +
+
X509_V_ERR_EXCLUDED_VIOLATION
+
+ +

Excluded subtree violation.

+ +
+
X509_V_ERR_SUBTREE_MINMAX
+
+ +

Name constraints minimum and maximum not supported.

+ +
+
X509_V_ERR_APPLICATION_VERIFICATION
+
+ +

Application verification failure. Unused.

+ +
+
X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
+
+ +

Unsupported name constraint type.

+ +
+
X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
+
+ +

Unsupported or invalid name constraint syntax.

+ +
+
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
+
+ +

Unsupported or invalid name syntax.

+ +
+
X509_V_ERR_CRL_PATH_VALIDATION_ERROR
+
+ +

CRL path validation error.

+ +
+
X509_V_ERR_PATH_LOOP
+
+ +

Path loop.

+ +
+
X509_V_ERR_SUITE_B_INVALID_VERSION
+
+ +

Suite B: certificate version invalid.

+ +
+
X509_V_ERR_SUITE_B_INVALID_ALGORITHM
+
+ +

Suite B: invalid public key algorithm.

+ +
+
X509_V_ERR_SUITE_B_INVALID_CURVE
+
+ +

Suite B: invalid ECC curve.

+ +
+
X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
+
+ +

Suite B: invalid signature algorithm.

+ +
+
X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
+
+ +

Suite B: curve not allowed for this LOS.

+ +
+
X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256
+
+ +

Suite B: cannot sign P-384 with P-256.

+ +
+
X509_V_ERR_HOSTNAME_MISMATCH
+
+ +

Hostname mismatch.

+ +
+
X509_V_ERR_EMAIL_MISMATCH
+
+ +

Email address mismatch.

+ +
+
X509_V_ERR_IP_ADDRESS_MISMATCH
+
+ +

IP address mismatch.

+ +
+
X509_V_ERR_DANE_NO_MATCH
+
+ +

DANE TLSA authentication is enabled, but no TLSA records matched the certificate chain. This error is only possible in s_client(1).

+ +
+
X509_V_ERR_EE_KEY_TOO_SMALL
+
+ +

EE certificate key too weak.

+ +
+
X509_ERR_CA_KEY_TOO_SMALL
+
+ +

CA certificate key too weak.

+ +
+
X509_ERR_CA_MD_TOO_WEAK
+
+ +

CA signature digest algorithm too weak.

+ +
+
X509_V_ERR_INVALID_CALL
+
+ +

nvalid certificate verification context.

+ +
+
X509_V_ERR_STORE_LOOKUP
+
+ +

Issuer certificate lookup error.

+ +
+
X509_V_ERR_NO_VALID_SCTS
+
+ +

Certificate Transparency required, but no valid SCTs found.

+ +
+
X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION
+
+ +

Proxy subject name violation.

+ +
+
X509_V_ERR_OCSP_VERIFY_NEEDED
+
+ +

Returned by the verify callback to indicate an OCSP verification is needed.

+ +
+
X509_V_ERR_OCSP_VERIFY_FAILED
+
+ +

Returned by the verify callback to indicate OCSP verification failed.

+ +
+
X509_V_ERR_OCSP_CERT_UNKNOWN
+
+ +

Returned by the verify callback to indicate that the certificate is not recognized by the OCSP responder.

+ +
+
+ +

BUGS

+ +

Although the issuer checks are a considerable improvement over the old technique they still suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that trusted certificates with matching subject name must either appear in a file (as specified by the -CAfile option) or a directory (as specified by -CApath). If they occur in both then only the certificates in the file will be recognised.

+ +

Previous versions of OpenSSL assume certificates with matching subject name are identical and mishandled them.

+ +

Previous versions of this documentation swapped the meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error codes.

+ +

SEE ALSO

+ +

x509(1)

+ +

HISTORY

+ +

The -show_chain option was added in OpenSSL 1.1.0.

+ +

The -issuer_checks option is deprecated as of OpenSSL 1.1.0 and is silently ignored.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/version.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/version.html new file mode 100644 index 00000000..0d36c192 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/version.html @@ -0,0 +1,110 @@ + + + + +version + + + + + + + + + + +

NAME

+ +

openssl-version, version - print OpenSSL version information

+ +

SYNOPSIS

+ +

openssl version [-help] [-a] [-v] [-b] [-o] [-f] [-p] [-d] [-e]

+ +

DESCRIPTION

+ +

This command is used to print out version information about OpenSSL.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-a
+
+ +

All information, this is the same as setting all the other flags.

+ +
+
-v
+
+ +

The current OpenSSL version.

+ +
+
-b
+
+ +

The date the current version of OpenSSL was built.

+ +
+
-o
+
+ +

Option information: various options set when the library was built.

+ +
+
-f
+
+ +

Compilation flags.

+ +
+
-p
+
+ +

Platform setting.

+ +
+
-d
+
+ +

OPENSSLDIR setting.

+ +
+
-e
+
+ +

ENGINESDIR setting.

+ +
+
+ +

NOTES

+ +

The output of openssl version -a would typically be used when sending in a bug report.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/x509.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/x509.html new file mode 100644 index 00000000..a1482747 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man1/x509.html @@ -0,0 +1,892 @@ + + + + +x509 + + + + + + + + + + +

NAME

+ +

openssl-x509, x509 - Certificate display and signing utility

+ +

SYNOPSIS

+ +

openssl x509 [-help] [-inform DER|PEM] [-outform DER|PEM] [-keyform DER|PEM|ENGINE] [-CAform DER|PEM] [-CAkeyform DER|PEM] [-in filename] [-out filename] [-serial] [-hash] [-subject_hash] [-issuer_hash] [-ocspid] [-subject] [-issuer] [-nameopt option] [-email] [-ocsp_uri] [-startdate] [-enddate] [-purpose] [-dates] [-checkend num] [-modulus] [-pubkey] [-fingerprint] [-alias] [-noout] [-trustout] [-clrtrust] [-clrreject] [-addtrust arg] [-addreject arg] [-setalias arg] [-days arg] [-set_serial n] [-signkey arg] [-passin arg] [-x509toreq] [-req] [-CA filename] [-CAkey filename] [-CAcreateserial] [-CAserial filename] [-force_pubkey key] [-text] [-ext extensions] [-certopt option] [-C] [-digest] [-clrext] [-extfile filename] [-extensions section] [-sigopt nm:v] [-rand file...] [-writerand file] [-engine id] [-preserve_dates]

+ +

DESCRIPTION

+ +

The x509 command is a multi purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests like a "mini CA" or edit certificate trust settings.

+ +

Since there are a large number of options they will split up into various sections.

+ +

OPTIONS

+ +

Input, Output, and General Purpose Options

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format normally the command will expect an X509 certificate but this can change if other options such as -req are present. The DER format is the DER encoding of the certificate and PEM is the base64 encoding of the DER encoding with header and footer lines added. The default format is PEM.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a certificate from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

This specifies the output filename to write to or standard output by default.

+ +
+
-digest
+
+ +

The digest to use. This affects any signing or display option that uses a message digest, such as the -fingerprint, -signkey and -CA options. Any digest supported by the OpenSSL dgst command can be used. If not specified then SHA1 is used with -fingerprint or the default digest for the signing algorithm is used, typically SHA256.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause x509 to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-preserve_dates
+
+ +

When signing a certificate, preserve the "notBefore" and "notAfter" dates instead of adjusting them to current time and duration. Cannot be used with the -days option.

+ +
+
+ +

Display Options

+ +

Note: the -alias and -purpose options are also display options but are described in the TRUST SETTINGS section.

+ +
+ +
-text
+
+ +

Prints out the certificate in text form. Full details are output including the public key, signature algorithms, issuer and subject names, serial number any extensions present and any trust settings.

+ +
+
-ext extensions
+
+ +

Prints out the certificate extensions in text form. Extensions are specified with a comma separated string, e.g., "subjectAltName,subjectKeyIdentifier". See the x509v3_config(5) manual page for the extension names.

+ +
+
-certopt option
+
+ +

Customise the output format used with -text. The option argument can be a single option or multiple options separated by commas. The -certopt switch may be also be used more than once to set multiple options. See the TEXT OPTIONS section for more information.

+ +
+
-noout
+
+ +

This option prevents output of the encoded version of the certificate.

+ +
+
-pubkey
+
+ +

Outputs the certificate's SubjectPublicKeyInfo block in PEM format.

+ +
+
-modulus
+
+ +

This option prints out the value of the modulus of the public key contained in the certificate.

+ +
+
-serial
+
+ +

Outputs the certificate serial number.

+ +
+
-subject_hash
+
+ +

Outputs the "hash" of the certificate subject name. This is used in OpenSSL to form an index to allow certificates in a directory to be looked up by subject name.

+ +
+
-issuer_hash
+
+ +

Outputs the "hash" of the certificate issuer name.

+ +
+
-ocspid
+
+ +

Outputs the OCSP hash values for the subject name and public key.

+ +
+
-hash
+
+ +

Synonym for "-subject_hash" for backward compatibility reasons.

+ +
+
-subject_hash_old
+
+ +

Outputs the "hash" of the certificate subject name using the older algorithm as used by OpenSSL before version 1.0.0.

+ +
+
-issuer_hash_old
+
+ +

Outputs the "hash" of the certificate issuer name using the older algorithm as used by OpenSSL before version 1.0.0.

+ +
+
-subject
+
+ +

Outputs the subject name.

+ +
+
-issuer
+
+ +

Outputs the issuer name.

+ +
+
-nameopt option
+
+ +

Option which determines how the subject or issuer names are displayed. The option argument can be a single option or multiple options separated by commas. Alternatively the -nameopt switch may be used more than once to set multiple options. See the NAME OPTIONS section for more information.

+ +
+
-email
+
+ +

Outputs the email address(es) if any.

+ +
+
-ocsp_uri
+
+ +

Outputs the OCSP responder address(es) if any.

+ +
+
-startdate
+
+ +

Prints out the start date of the certificate, that is the notBefore date.

+ +
+
-enddate
+
+ +

Prints out the expiry date of the certificate, that is the notAfter date.

+ +
+
-dates
+
+ +

Prints out the start and expiry dates of a certificate.

+ +
+
-checkend arg
+
+ +

Checks if the certificate expires within the next arg seconds and exits non-zero if yes it will expire or zero if not.

+ +
+
-fingerprint
+
+ +

Calculates and outputs the digest of the DER encoded version of the entire certificate (see digest options). This is commonly called a "fingerprint". Because of the nature of message digests, the fingerprint of a certificate is unique to that certificate and two certificates with the same fingerprint can be considered to be the same.

+ +
+
-C
+
+ +

This outputs the certificate in the form of a C source file.

+ +
+
+ +

Trust Settings

+ +

A trusted certificate is an ordinary certificate which has several additional pieces of information attached to it such as the permitted and prohibited uses of the certificate and an "alias".

+ +

Normally when a certificate is being verified at least one certificate must be "trusted". By default a trusted certificate must be stored locally and must be a root CA: any certificate chain ending in this CA is then usable for any purpose.

+ +

Trust settings currently are only used with a root CA. They allow a finer control over the purposes the root CA can be used for. For example a CA may be trusted for SSL client but not SSL server use.

+ +

See the description of the verify utility for more information on the meaning of trust settings.

+ +

Future versions of OpenSSL will recognize trust settings on any certificate: not just root CAs.

+ +
+ +
-trustout
+
+ +

This causes x509 to output a trusted certificate. An ordinary or trusted certificate can be input but by default an ordinary certificate is output and any trust settings are discarded. With the -trustout option a trusted certificate is output. A trusted certificate is automatically output if any trust settings are modified.

+ +
+
-setalias arg
+
+ +

Sets the alias of the certificate. This will allow the certificate to be referred to using a nickname for example "Steve's Certificate".

+ +
+
-alias
+
+ +

Outputs the certificate alias, if any.

+ +
+
-clrtrust
+
+ +

Clears all the permitted or trusted uses of the certificate.

+ +
+
-clrreject
+
+ +

Clears all the prohibited or rejected uses of the certificate.

+ +
+
-addtrust arg
+
+ +

Adds a trusted certificate use. Any object name can be used here but currently only clientAuth (SSL client use), serverAuth (SSL server use), emailProtection (S/MIME email) and anyExtendedKeyUsage are used. As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or enables all purposes when trusted. Other OpenSSL applications may define additional uses.

+ +
+
-addreject arg
+
+ +

Adds a prohibited use. It accepts the same values as the -addtrust option.

+ +
+
-purpose
+
+ +

This option performs tests on the certificate extensions and outputs the results. For a more complete description see the CERTIFICATE EXTENSIONS section.

+ +
+
+ +

Signing Options

+ +

The x509 utility can be used to sign certificates and requests: it can thus behave like a "mini CA".

+ +
+ +
-signkey arg
+
+ +

This option causes the input file to be self signed using the supplied private key or engine. The private key's format is specified with the -keyform option.

+ +

If the input file is a certificate it sets the issuer name to the subject name (i.e. makes it self signed) changes the public key to the supplied value and changes the start and end dates. The start date is set to the current time and the end date is set to a value determined by the -days option. Any certificate extensions are retained unless the -clrext option is supplied; this includes, for example, any existing key identifier extensions.

+ +

If the input is a certificate request then a self signed certificate is created using the supplied private key using the subject name in the request.

+ +
+
-sigopt nm:v
+
+ +

Pass options to the signature algorithm during sign or verify operations. Names and values of these options are algorithm-specific.

+ +
+
-passin arg
+
+ +

The key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-clrext
+
+ +

Delete any extensions from a certificate. This option is used when a certificate is being created from another certificate (for example with the -signkey or the -CA options). Normally all extensions are retained.

+ +
+
-keyform PEM|DER|ENGINE
+
+ +

Specifies the format (DER or PEM) of the private key file used in the -signkey option.

+ +
+
-days arg
+
+ +

Specifies the number of days to make a certificate valid for. The default is 30 days. Cannot be used with the -preserve_dates option.

+ +
+
-x509toreq
+
+ +

Converts a certificate into a certificate request. The -signkey option is used to pass the required private key.

+ +
+
-req
+
+ +

By default a certificate is expected on input. With this option a certificate request is expected instead.

+ +
+
-set_serial n
+
+ +

Specifies the serial number to use. This option can be used with either the -signkey or -CA options. If used in conjunction with the -CA option the serial number file (as specified by the -CAserial or -CAcreateserial options) is not used.

+ +

The serial number can be decimal or hex (if preceded by 0x).

+ +
+
-CA filename
+
+ +

Specifies the CA certificate to be used for signing. When this option is present x509 behaves like a "mini CA". The input file is signed by this CA using this option: that is its issuer name is set to the subject name of the CA and it is digitally signed using the CAs private key.

+ +

This option is normally combined with the -req option. Without the -req option the input is a certificate which must be self signed.

+ +
+
-CAkey filename
+
+ +

Sets the CA private key to sign a certificate with. If this option is not specified then it is assumed that the CA private key is present in the CA certificate file.

+ +
+
-CAserial filename
+
+ +

Sets the CA serial number file to use.

+ +

When the -CA option is used to sign a certificate it uses a serial number specified in a file. This file consists of one line containing an even number of hex digits with the serial number to use. After each use the serial number is incremented and written out to the file again.

+ +

The default filename consists of the CA certificate file base name with ".srl" appended. For example if the CA certificate file is called "mycacert.pem" it expects to find a serial number file called "mycacert.srl".

+ +
+
-CAcreateserial
+
+ +

With this option the CA serial number file is created if it does not exist: it will contain the serial number "02" and the certificate being signed will have the 1 as its serial number. If the -CA option is specified and the serial number file does not exist a random number is generated; this is the recommended practice.

+ +
+
-extfile filename
+
+ +

File containing certificate extensions to use. If not specified then no extensions are added to the certificate.

+ +
+
-extensions section
+
+ +

The section to add certificate extensions from. If this option is not specified then the extensions should either be contained in the unnamed (default) section or the default section should contain a variable called "extensions" which contains the section to use. See the x509v3_config(5) manual page for details of the extension section format.

+ +
+
-force_pubkey key
+
+ +

When a certificate is created set its public key to key instead of the key in the certificate or certificate request. This option is useful for creating certificates where the algorithm can't normally sign requests, for example DH.

+ +

The format or key can be specified using the -keyform option.

+ +
+
+ +

Name Options

+ +

The nameopt command line switch determines how the subject and issuer names are displayed. If no nameopt switch is present the default "oneline" format is used which is compatible with previous versions of OpenSSL. Each option is described in detail below, all options can be preceded by a - to turn the option off. Only the first four will normally be used.

+ +
+ +
compat
+
+ +

Use the old format.

+ +
+
RFC2253
+
+ +

Displays names compatible with RFC2253 equivalent to esc_2253, esc_ctrl, esc_msb, utf8, dump_nostr, dump_unknown, dump_der, sep_comma_plus, dn_rev and sname.

+ +
+
oneline
+
+ +

A oneline format which is more readable than RFC2253. It is equivalent to specifying the esc_2253, esc_ctrl, esc_msb, utf8, dump_nostr, dump_der, use_quote, sep_comma_plus_space, space_eq and sname options. This is the default of no name options are given explicitly.

+ +
+
multiline
+
+ +

A multiline format. It is equivalent esc_ctrl, esc_msb, sep_multiline, space_eq, lname and align.

+ +
+
esc_2253
+
+ +

Escape the "special" characters required by RFC2253 in a field. That is ,+"<>;. Additionally # is escaped at the beginning of a string and a space character at the beginning or end of a string.

+ +
+
esc_2254
+
+ +

Escape the "special" characters required by RFC2254 in a field. That is the NUL character as well as and ()*.

+ +
+
esc_ctrl
+
+ +

Escape control characters. That is those with ASCII values less than 0x20 (space) and the delete (0x7f) character. They are escaped using the RFC2253 \XX notation (where XX are two hex digits representing the character value).

+ +
+
esc_msb
+
+ +

Escape characters with the MSB set, that is with ASCII values larger than 127.

+ +
+
use_quote
+
+ +

Escapes some characters by surrounding the whole string with " characters, without the option all escaping is done with the \ character.

+ +
+
utf8
+
+ +

Convert all strings to UTF8 format first. This is required by RFC2253. If you are lucky enough to have a UTF8 compatible terminal then the use of this option (and not setting esc_msb) may result in the correct display of multibyte (international) characters. Is this option is not present then multibyte characters larger than 0xff will be represented using the format \UXXXX for 16 bits and \WXXXXXXXX for 32 bits. Also if this option is off any UTF8Strings will be converted to their character form first.

+ +
+
ignore_type
+
+ +

This option does not attempt to interpret multibyte characters in any way. That is their content octets are merely dumped as though one octet represents each character. This is useful for diagnostic purposes but will result in rather odd looking output.

+ +
+
show_type
+
+ +

Show the type of the ASN1 character string. The type precedes the field contents. For example "BMPSTRING: Hello World".

+ +
+
dump_der
+
+ +

When this option is set any fields that need to be hexdumped will be dumped using the DER encoding of the field. Otherwise just the content octets will be displayed. Both options use the RFC2253 #XXXX... format.

+ +
+
dump_nostr
+
+ +

Dump non character string types (for example OCTET STRING) if this option is not set then non character string types will be displayed as though each content octet represents a single character.

+ +
+
dump_all
+
+ +

Dump all fields. This option when used with dump_der allows the DER encoding of the structure to be unambiguously determined.

+ +
+
dump_unknown
+
+ +

Dump any field whose OID is not recognised by OpenSSL.

+ +
+
sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space, sep_multiline
+
+ +

These options determine the field separators. The first character is between RDNs and the second between multiple AVAs (multiple AVAs are very rare and their use is discouraged). The options ending in "space" additionally place a space after the separator to make it more readable. The sep_multiline uses a linefeed character for the RDN separator and a spaced + for the AVA separator. It also indents the fields by four characters. If no field separator is specified then sep_comma_plus_space is used by default.

+ +
+
dn_rev
+
+ +

Reverse the fields of the DN. This is required by RFC2253. As a side effect this also reverses the order of multiple AVAs but this is permissible.

+ +
+
nofname, sname, lname, oid
+
+ +

These options alter how the field name is displayed. nofname does not display the field at all. sname uses the "short name" form (CN for commonName for example). lname uses the long form. oid represents the OID in numerical form and is useful for diagnostic purpose.

+ +
+
align
+
+ +

Align field values for a more readable output. Only usable with sep_multiline.

+ +
+
space_eq
+
+ +

Places spaces round the = character which follows the field name.

+ +
+
+ +

Text Options

+ +

As well as customising the name output format, it is also possible to customise the actual fields printed using the certopt options when the text option is present. The default behaviour is to print all fields.

+ +
+ +
compatible
+
+ +

Use the old format. This is equivalent to specifying no output options at all.

+ +
+
no_header
+
+ +

Don't print header information: that is the lines saying "Certificate" and "Data".

+ +
+
no_version
+
+ +

Don't print out the version number.

+ +
+
no_serial
+
+ +

Don't print out the serial number.

+ +
+
no_signame
+
+ +

Don't print out the signature algorithm used.

+ +
+
no_validity
+
+ +

Don't print the validity, that is the notBefore and notAfter fields.

+ +
+
no_subject
+
+ +

Don't print out the subject name.

+ +
+
no_issuer
+
+ +

Don't print out the issuer name.

+ +
+
no_pubkey
+
+ +

Don't print out the public key.

+ +
+
no_sigdump
+
+ +

Don't give a hexadecimal dump of the certificate signature.

+ +
+
no_aux
+
+ +

Don't print out certificate trust information.

+ +
+
no_extensions
+
+ +

Don't print out any X509V3 extensions.

+ +
+
ext_default
+
+ +

Retain default extension behaviour: attempt to print out unsupported certificate extensions.

+ +
+
ext_error
+
+ +

Print an error message for unsupported certificate extensions.

+ +
+
ext_parse
+
+ +

ASN1 parse unsupported extensions.

+ +
+
ext_dump
+
+ +

Hex dump unsupported extensions.

+ +
+
ca_default
+
+ +

The value used by the ca utility, equivalent to no_issuer, no_pubkey, no_header, and no_version.

+ +
+
+ +

EXAMPLES

+ +

Note: in these examples the '\' means the example should be all on one line.

+ +

Display the contents of a certificate:

+ +
openssl x509 -in cert.pem -noout -text
+ +

Display the "Subject Alternative Name" extension of a certificate:

+ +
openssl x509 -in cert.pem -noout -ext subjectAltName
+ +

Display more extensions of a certificate:

+ +
openssl x509 -in cert.pem -noout -ext subjectAltName,nsCertType
+ +

Display the certificate serial number:

+ +
openssl x509 -in cert.pem -noout -serial
+ +

Display the certificate subject name:

+ +
openssl x509 -in cert.pem -noout -subject
+ +

Display the certificate subject name in RFC2253 form:

+ +
openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
+ +

Display the certificate subject name in oneline form on a terminal supporting UTF8:

+ +
openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
+ +

Display the certificate SHA1 fingerprint:

+ +
openssl x509 -sha1 -in cert.pem -noout -fingerprint
+ +

Convert a certificate from PEM to DER format:

+ +
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
+ +

Convert a certificate to a certificate request:

+ +
openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
+ +

Convert a certificate request into a self signed certificate using extensions for a CA:

+ +
openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
+       -signkey key.pem -out cacert.pem
+ +

Sign a certificate request using the CA certificate above and add user certificate extensions:

+ +
openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
+       -CA cacert.pem -CAkey key.pem -CAcreateserial
+ +

Set a certificate to be trusted for SSL client use and change set its alias to "Steve's Class 1 CA"

+ +
openssl x509 -in cert.pem -addtrust clientAuth \
+       -setalias "Steve's Class 1 CA" -out trust.pem
+ +

NOTES

+ +

The PEM format uses the header and footer lines:

+ +
-----BEGIN CERTIFICATE-----
+-----END CERTIFICATE-----
+ +

it will also handle files containing:

+ +
-----BEGIN X509 CERTIFICATE-----
+-----END X509 CERTIFICATE-----
+ +

Trusted certificates have the lines

+ +
-----BEGIN TRUSTED CERTIFICATE-----
+-----END TRUSTED CERTIFICATE-----
+ +

The conversion to UTF8 format used with the name options assumes that T61Strings use the ISO8859-1 character set. This is wrong but Netscape and MSIE do this as do many certificates. So although this is incorrect it is more likely to display the majority of certificates correctly.

+ +

The -email option searches the subject name and the subject alternative name extension. Only unique email addresses will be printed out: it will not print the same address more than once.

+ +

CERTIFICATE EXTENSIONS

+ +

The -purpose option checks the certificate extensions and determines what the certificate can be used for. The actual checks done are rather complex and include various hacks and workarounds to handle broken certificates and software.

+ +

The same code is used when verifying untrusted certificates in chains so this section is useful if a chain is rejected by the verify code.

+ +

The basicConstraints extension CA flag is used to determine whether the certificate can be used as a CA. If the CA flag is true then it is a CA, if the CA flag is false then it is not a CA. All CAs should have the CA flag set to true.

+ +

If the basicConstraints extension is absent then the certificate is considered to be a "possible CA" other extensions are checked according to the intended use of the certificate. A warning is given in this case because the certificate should really not be regarded as a CA: however it is allowed to be a CA to work around some broken software.

+ +

If the certificate is a V1 certificate (and thus has no extensions) and it is self signed it is also assumed to be a CA but a warning is again given: this is to work around the problem of Verisign roots which are V1 self signed certificates.

+ +

If the keyUsage extension is present then additional restraints are made on the uses of the certificate. A CA certificate must have the keyCertSign bit set if the keyUsage extension is present.

+ +

The extended key usage extension places additional restrictions on the certificate uses. If this extension is present (whether critical or not) the key can only be used for the purposes specified.

+ +

A complete description of each test is given below. The comments about basicConstraints and keyUsage and V1 certificates above apply to all CA certificates.

+ +
+ +
SSL Client
+
+ +

The extended key usage extension must be absent or include the "web client authentication" OID. keyUsage must be absent or it must have the digitalSignature bit set. Netscape certificate type must be absent or it must have the SSL client bit set.

+ +
+
SSL Client CA
+
+ +

The extended key usage extension must be absent or include the "web client authentication" OID. Netscape certificate type must be absent or it must have the SSL CA bit set: this is used as a work around if the basicConstraints extension is absent.

+ +
+
SSL Server
+
+ +

The extended key usage extension must be absent or include the "web server authentication" and/or one of the SGC OIDs. keyUsage must be absent or it must have the digitalSignature, the keyEncipherment set or both bits set. Netscape certificate type must be absent or have the SSL server bit set.

+ +
+
SSL Server CA
+
+ +

The extended key usage extension must be absent or include the "web server authentication" and/or one of the SGC OIDs. Netscape certificate type must be absent or the SSL CA bit must be set: this is used as a work around if the basicConstraints extension is absent.

+ +
+
Netscape SSL Server
+
+ +

For Netscape SSL clients to connect to an SSL server it must have the keyEncipherment bit set if the keyUsage extension is present. This isn't always valid because some cipher suites use the key for digital signing. Otherwise it is the same as a normal SSL server.

+ +
+
Common S/MIME Client Tests
+
+ +

The extended key usage extension must be absent or include the "email protection" OID. Netscape certificate type must be absent or should have the S/MIME bit set. If the S/MIME bit is not set in Netscape certificate type then the SSL client bit is tolerated as an alternative but a warning is shown: this is because some Verisign certificates don't set the S/MIME bit.

+ +
+
S/MIME Signing
+
+ +

In addition to the common S/MIME client tests the digitalSignature bit or the nonRepudiation bit must be set if the keyUsage extension is present.

+ +
+
S/MIME Encryption
+
+ +

In addition to the common S/MIME tests the keyEncipherment bit must be set if the keyUsage extension is present.

+ +
+
S/MIME CA
+
+ +

The extended key usage extension must be absent or include the "email protection" OID. Netscape certificate type must be absent or must have the S/MIME CA bit set: this is used as a work around if the basicConstraints extension is absent.

+ +
+
CRL Signing
+
+ +

The keyUsage extension must be absent or it must have the CRL signing bit set.

+ +
+
CRL Signing CA
+
+ +

The normal CA tests apply. Except in this case the basicConstraints extension must be present.

+ +
+
+ +

BUGS

+ +

Extensions in certificates are not transferred to certificate requests and vice versa.

+ +

It is possible to produce invalid certificates or requests by specifying the wrong private key or using inconsistent options in some cases: these should be checked.

+ +

There should be options to explicitly set such things as start and end dates rather than an offset from the current time.

+ +

SEE ALSO

+ +

req(1), ca(1), genrsa(1), gendsa(1), verify(1), x509v3_config(5)

+ +

HISTORY

+ +

The hash algorithm used in the -subject_hash and -issuer_hash options before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding of the distinguished name. In OpenSSL 1.0.0 and later it is based on a canonical version of the DN using SHA1. This means that any directories using the old form must have their links rebuilt using c_rehash or similar.

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ADMISSIONS.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ADMISSIONS.html new file mode 100644 index 00000000..75b33cf0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ADMISSIONS.html @@ -0,0 +1,120 @@ + + + + +ADMISSIONS + + + + + + + + + + +

NAME

+ +

ADMISSIONS, ADMISSIONS_get0_admissionAuthority, ADMISSIONS_get0_namingAuthority, ADMISSIONS_get0_professionInfos, ADMISSIONS_set0_admissionAuthority, ADMISSIONS_set0_namingAuthority, ADMISSIONS_set0_professionInfos, ADMISSION_SYNTAX, ADMISSION_SYNTAX_get0_admissionAuthority, ADMISSION_SYNTAX_get0_contentsOfAdmissions, ADMISSION_SYNTAX_set0_admissionAuthority, ADMISSION_SYNTAX_set0_contentsOfAdmissions, NAMING_AUTHORITY, NAMING_AUTHORITY_get0_authorityId, NAMING_AUTHORITY_get0_authorityURL, NAMING_AUTHORITY_get0_authorityText, NAMING_AUTHORITY_set0_authorityId, NAMING_AUTHORITY_set0_authorityURL, NAMING_AUTHORITY_set0_authorityText, PROFESSION_INFO, PROFESSION_INFOS, PROFESSION_INFO_get0_addProfessionInfo, PROFESSION_INFO_get0_namingAuthority, PROFESSION_INFO_get0_professionItems, PROFESSION_INFO_get0_professionOIDs, PROFESSION_INFO_get0_registrationNumber, PROFESSION_INFO_set0_addProfessionInfo, PROFESSION_INFO_set0_namingAuthority, PROFESSION_INFO_set0_professionItems, PROFESSION_INFO_set0_professionOIDs, PROFESSION_INFO_set0_registrationNumber - Accessors and settors for ADMISSION_SYNTAX

+ +

SYNOPSIS

+ +
typedef struct NamingAuthority_st NAMING_AUTHORITY;
+typedef struct ProfessionInfo_st PROFESSION_INFO;
+typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS;
+typedef struct Admissions_st ADMISSIONS;
+typedef struct AdmissionSyntax_st ADMISSION_SYNTAX;
+
+const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(
+    const NAMING_AUTHORITY *n);
+void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n,
+    ASN1_OBJECT* namingAuthorityId);
+const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(
+    const NAMING_AUTHORITY *n);
+void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n,
+    ASN1_IA5STRING* namingAuthorityUrl);
+const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(
+    const NAMING_AUTHORITY *n);
+void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n,
+    ASN1_STRING* namingAuthorityText);
+
+const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(
+    const ADMISSION_SYNTAX *as);
+void ADMISSION_SYNTAX_set0_admissionAuthority(
+    ADMISSION_SYNTAX *as, GENERAL_NAME *aa);
+const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(
+    const ADMISSION_SYNTAX *as);
+void ADMISSION_SYNTAX_set0_contentsOfAdmissions(
+    ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a);
+
+const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a);
+void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa);
+const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a);
+void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na);
+const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a);
+void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi);
+
+const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_addProfessionInfo(
+    PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos);
+const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_namingAuthority(
+    PROFESSION_INFO *pi, NAMING_AUTHORITY *na);
+const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_professionItems(
+    PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as);
+const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_professionOIDs(
+    PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po);
+const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_registrationNumber(
+    PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn);
+ +

DESCRIPTION

+ +

The PROFESSION_INFOS, ADMISSION_SYNTAX, ADMISSIONS, and PROFESSION_INFO types are opaque structures representing the analogous types defined in the Common PKI Specification published by https://www.t7ev.org. Knowledge of those structures and their semantics is assumed.

+ +

The conventional routines to convert between DER and the local format are described in d2i_X509(3). The conventional routines to allocate and free the types are defined in X509_dup(3).

+ +

The PROFESSION_INFOS type is a stack of PROFESSION_INFO; see DEFINE_STACK_OF(3) for details.

+ +

The NAMING_AUTHORITY type has an authority ID and URL, and text fields. The NAMING_AUTHORITY_get0_authorityId(), NAMING_AUTHORITY_get0_get0_authorityURL(), and NAMING_AUTHORITY_get0_get0_authorityText(), functions return pointers to those values within the object. The NAMING_AUTHORITY_set0_authorityId(), NAMING_AUTHORITY_set0_get0_authorityURL(), and NAMING_AUTHORITY_set0_get0_authorityText(), functions free any existing value and set the pointer to the specified value.

+ +

The ADMISSION_SYNTAX type has an authority name and a stack of ADMISSION objects. The ADMISSION_SYNTAX_get0_admissionAuthority() and ADMISSION_SYNTAX_get0_contentsOfAdmissions() functions return pointers to those values within the object. The ADMISSION_SYNTAX_set0_admissionAuthority() and ADMISSION_SYNTAX_set0_contentsOfAdmissions() functions free any existing value and set the pointer to the specified value.

+ +

The ADMISSION type has an authority name, authority object, and a stack of PROFESSION_INFO items. The ADMISSIONS_get0_admissionAuthority(), ADMISSIONS_get0_namingAuthority(), and ADMISSIONS_get0_professionInfos() functions return pointers to those values within the object. The ADMISSIONS_set0_admissionAuthority(), ADMISSIONS_set0_namingAuthority(), and ADMISSIONS_set0_professionInfos() functions free any existing value and set the pointer to the specified value.

+ +

The PROFESSION_INFO type has a name authority, stacks of profession Items and OIDs, a registration number, and additional profession info. The functions PROFESSION_INFO_get0_addProfessionInfo(), PROFESSION_INFO_get0_namingAuthority(), PROFESSION_INFO_get0_professionItems(), PROFESSION_INFO_get0_professionOIDs(), and PROFESSION_INFO_get0_registrationNumber() functions return pointers to those values within the object. The PROFESSION_INFO_set0_addProfessionInfo(), PROFESSION_INFO_set0_namingAuthority(), PROFESSION_INFO_set0_professionItems(), PROFESSION_INFO_set0_professionOIDs(), and PROFESSION_INFO_set0_registrationNumber() functions free any existing value and set the pointer to the specified value.

+ +

RETURN VALUES

+ +

Described above. Note that all of the get0 functions return a pointer to the internal data structure and must not be freed.

+ +

SEE ALSO

+ +

X509_dup(3), d2i_X509(3),

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_INTEGER_get_int64.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_INTEGER_get_int64.html new file mode 100644 index 00000000..9c7c7536 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_INTEGER_get_int64.html @@ -0,0 +1,116 @@ + + + + +ASN1_INTEGER_get_int64 + + + + + + + + + + +

NAME

+ +

ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN - ASN.1 INTEGER and ENUMERATED utilities

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a);
+long ASN1_INTEGER_get(const ASN1_INTEGER *a);
+
+int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r);
+int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v);
+
+int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a);
+int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r);
+
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
+
+int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a);
+long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
+
+int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r);
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn);
+ +

DESCRIPTION

+ +

These functions convert to and from ASN1_INTEGER and ASN1_ENUMERATED structures.

+ +

ASN1_INTEGER_get_int64() converts an ASN1_INTEGER into an int64_t type If successful it returns 1 and sets *pr to the value of a. If it fails (due to invalid type or the value being too big to fit into an int64_t type) it returns 0.

+ +

ASN1_INTEGER_get_uint64() is similar to ASN1_INTEGER_get_int64_t() except it converts to a uint64_t type and an error is returned if the passed integer is negative.

+ +

ASN1_INTEGER_get() also returns the value of a but it returns 0 if a is NULL and -1 on error (which is ambiguous because -1 is a legitimate value for an ASN1_INTEGER). New applications should use ASN1_INTEGER_get_int64() instead.

+ +

ASN1_INTEGER_set_int64() sets the value of ASN1_INTEGER a to the int64_t value r.

+ +

ASN1_INTEGER_set_uint64() sets the value of ASN1_INTEGER a to the uint64_t value r.

+ +

ASN1_INTEGER_set() sets the value of ASN1_INTEGER a to the long value v.

+ +

BN_to_ASN1_INTEGER() converts BIGNUM bn to an ASN1_INTEGER. If ai is NULL a new ASN1_INTEGER structure is returned. If ai is not NULL then the existing structure will be used instead.

+ +

ASN1_INTEGER_to_BN() converts ASN1_INTEGER ai into a BIGNUM. If bn is NULL a new BIGNUM structure is returned. If bn is not NULL then the existing structure will be used instead.

+ +

ASN1_ENUMERATED_get_int64(), ASN1_ENUMERATED_set_int64(), ASN1_ENUMERATED_set(), BN_to_ASN1_ENUMERATED() and ASN1_ENUMERATED_to_BN() behave in an identical way to their ASN1_INTEGER counterparts except they operate on an ASN1_ENUMERATED value.

+ +

ASN1_ENUMERATED_get() returns the value of a in a similar way to ASN1_INTEGER_get() but it returns 0xffffffffL if the value of a will not fit in a long type. New applications should use ASN1_ENUMERATED_get_int64() instead.

+ +

NOTES

+ +

In general an ASN1_INTEGER or ASN1_ENUMERATED type can contain an integer of almost arbitrary size and so cannot always be represented by a C int64_t type. However in many cases (for example version numbers) they represent small integers which can be more easily manipulated if converted to an appropriate C integer type.

+ +

BUGS

+ +

The ambiguous return values of ASN1_INTEGER_get() and ASN1_ENUMERATED_get() mean these functions should be avoided if possible. They are retained for compatibility. Normally the ambiguous return values are not legitimate values for the fields they represent.

+ +

RETURN VALUES

+ +

ASN1_INTEGER_set_int64(), ASN1_INTEGER_set(), ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_set() return 1 for success and 0 for failure. They will only fail if a memory allocation error occurs.

+ +

ASN1_INTEGER_get_int64() and ASN1_ENUMERATED_get_int64() return 1 for success and 0 for failure. They will fail if the passed type is incorrect (this will only happen if there is a programming error) or if the value exceeds the range of an int64_t type.

+ +

BN_to_ASN1_INTEGER() and BN_to_ASN1_ENUMERATED() return an ASN1_INTEGER or ASN1_ENUMERATED structure respectively or NULL if an error occurs. They will only fail due to a memory allocation error.

+ +

ASN1_INTEGER_to_BN() and ASN1_ENUMERATED_to_BN() return a BIGNUM structure of NULL if an error occurs. They can fail if the passed type is incorrect (due to programming error) or due to a memory allocation failure.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

HISTORY

+ +

ASN1_INTEGER_set_int64(), ASN1_INTEGER_get_int64(), ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_get_int64() were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_ITEM_lookup.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_ITEM_lookup.html new file mode 100644 index 00000000..3080e388 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_ITEM_lookup.html @@ -0,0 +1,59 @@ + + + + +ASN1_ITEM_lookup + + + + + + + + + + +

NAME

+ +

ASN1_ITEM_lookup, ASN1_ITEM_get - lookup ASN.1 structures

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+const ASN1_ITEM *ASN1_ITEM_lookup(const char *name);
+const ASN1_ITEM *ASN1_ITEM_get(size_t i);
+ +

DESCRIPTION

+ +

ASN1_ITEM_lookup() returns the ASN1_ITEM name.

+ +

ASN1_ITEM_get() returns the ASN1_ITEM with index i. This function returns NULL if the index i is out of range.

+ +

RETURN VALUES

+ +

ASN1_ITEM_lookup() and ASN1_ITEM_get() return a valid ASN1_ITEM structure or NULL if an error occurred.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_OBJECT_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_OBJECT_new.html new file mode 100644 index 00000000..6b9b0c30 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_OBJECT_new.html @@ -0,0 +1,68 @@ + + + + +ASN1_OBJECT_new + + + + + + + + + + +

NAME

+ +

ASN1_OBJECT_new, ASN1_OBJECT_free - object allocation functions

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+ASN1_OBJECT *ASN1_OBJECT_new(void);
+void ASN1_OBJECT_free(ASN1_OBJECT *a);
+ +

DESCRIPTION

+ +

The ASN1_OBJECT allocation routines, allocate and free an ASN1_OBJECT structure, which represents an ASN1 OBJECT IDENTIFIER.

+ +

ASN1_OBJECT_new() allocates and initializes an ASN1_OBJECT structure.

+ +

ASN1_OBJECT_free() frees up the ASN1_OBJECT structure a. If a is NULL, nothing is done.

+ +

NOTES

+ +

Although ASN1_OBJECT_new() allocates a new ASN1_OBJECT structure it is almost never used in applications. The ASN1 object utility functions such as OBJ_nid2obj() are used instead.

+ +

RETURN VALUES

+ +

If the allocation fails, ASN1_OBJECT_new() returns NULL and sets an error code that can be obtained by ERR_get_error(3). Otherwise it returns a pointer to the newly allocated structure.

+ +

ASN1_OBJECT_free() returns no value.

+ +

SEE ALSO

+ +

ERR_get_error(3), d2i_ASN1_OBJECT(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_STRING_TABLE_add.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_STRING_TABLE_add.html new file mode 100644 index 00000000..879c2bea --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_STRING_TABLE_add.html @@ -0,0 +1,82 @@ + + + + +ASN1_STRING_TABLE_add + + + + + + + + + + +

NAME

+ +

ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, ASN1_STRING_TABLE_cleanup - ASN1_STRING_TABLE manipulation functions

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+typedef struct asn1_string_table_st ASN1_STRING_TABLE;
+
+int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize,
+                          unsigned long mask, unsigned long flags);
+ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid);
+void ASN1_STRING_TABLE_cleanup(void);
+ +

DESCRIPTION

+ +

Types

+ +

ASN1_STRING_TABLE is a table which holds string information (basically minimum size, maximum size, type and etc) for a NID object.

+ +

Functions

+ +

ASN1_STRING_TABLE_add() adds a new ASN1_STRING_TABLE item into the local ASN1 string table based on the nid along with other parameters.

+ +

If the item is already in the table, fields of ASN1_STRING_TABLE are updated (depending on the values of those parameters, e.g., minsize and maxsize >= 0, mask and flags != 0). If the nid is standard, a copy of the standard ASN1_STRING_TABLE is created and updated with other parameters.

+ +

ASN1_STRING_TABLE_get() searches for an ASN1_STRING_TABLE item based on nid. It will search the local table first, then the standard one.

+ +

ASN1_STRING_TABLE_cleanup() frees all ASN1_STRING_TABLE items added by ASN1_STRING_TABLE_add().

+ +

RETURN VALUES

+ +

ASN1_STRING_TABLE_add() returns 1 on success, 0 if an error occurred.

+ +

ASN1_STRING_TABLE_get() returns a valid ASN1_STRING_TABLE structure or NULL if nothing is found.

+ +

ASN1_STRING_TABLE_cleanup() does not return a value.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_STRING_length.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_STRING_length.html new file mode 100644 index 00000000..9aaa61c5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_STRING_length.html @@ -0,0 +1,107 @@ + + + + +ASN1_STRING_length + + + + + + + + + + +

NAME

+ +

ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data, ASN1_STRING_to_UTF8 - ASN1_STRING utility functions

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+int ASN1_STRING_length(ASN1_STRING *x);
+const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x);
+unsigned char * ASN1_STRING_data(ASN1_STRING *x);
+
+ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a);
+
+int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+
+int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+
+int ASN1_STRING_type(const ASN1_STRING *x);
+
+int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
+ +

DESCRIPTION

+ +

These functions allow an ASN1_STRING structure to be manipulated.

+ +

ASN1_STRING_length() returns the length of the content of x.

+ +

ASN1_STRING_get0_data() returns an internal pointer to the data of x. Since this is an internal pointer it should not be freed or modified in any way.

+ +

ASN1_STRING_data() is similar to ASN1_STRING_get0_data() except the returned value is not constant. This function is deprecated: applications should use ASN1_STRING_get0_data() instead.

+ +

ASN1_STRING_dup() returns a copy of the structure a.

+ +

ASN1_STRING_cmp() compares a and b returning 0 if the two are identical. The string types and content are compared.

+ +

ASN1_STRING_set() sets the data of string str to the buffer data or length len. The supplied data is copied. If len is -1 then the length is determined by strlen(data).

+ +

ASN1_STRING_type() returns the type of x, using standard constants such as V_ASN1_OCTET_STRING.

+ +

ASN1_STRING_to_UTF8() converts the string in to UTF8 format, the converted data is allocated in a buffer in *out. The length of out is returned or a negative error code. The buffer *out should be freed using OPENSSL_free().

+ +

NOTES

+ +

Almost all ASN1 types in OpenSSL are represented as an ASN1_STRING structure. Other types such as ASN1_OCTET_STRING are simply typedef'ed to ASN1_STRING and the functions call the ASN1_STRING equivalents. ASN1_STRING is also used for some CHOICE types which consist entirely of primitive string types such as DirectoryString and Time.

+ +

These functions should not be used to examine or modify ASN1_INTEGER or ASN1_ENUMERATED types: the relevant INTEGER or ENUMERATED utility functions should be used instead.

+ +

In general it cannot be assumed that the data returned by ASN1_STRING_data() is null terminated or does not contain embedded nulls. The actual format of the data will depend on the actual string type itself: for example for an IA5String the data will be ASCII, for a BMPString two bytes per character in big endian format, and for an UTF8String it will be in UTF8 format.

+ +

Similar care should be take to ensure the data is in the correct format when calling ASN1_STRING_set().

+ +

RETURN VALUES

+ +

ASN1_STRING_length() returns the length of the content of x.

+ +

ASN1_STRING_get0_data() and ASN1_STRING_data() return an internal pointer to the data of x.

+ +

ASN1_STRING_dup() returns a valid ASN1_STRING structure or NULL if an error occurred.

+ +

ASN1_STRING_cmp() returns an integer greater than, equal to, or less than 0, according to whether a is greater than, equal to, or less than b.

+ +

ASN1_STRING_set() returns 1 on success or 0 on error.

+ +

ASN1_STRING_type() returns the type of x.

+ +

ASN1_STRING_to_UTF8() returns the number of bytes in output string out or a negative value if an error occurred.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_STRING_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_STRING_new.html new file mode 100644 index 00000000..4e006e50 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_STRING_new.html @@ -0,0 +1,69 @@ + + + + +ASN1_STRING_new + + + + + + + + + + +

NAME

+ +

ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free - ASN1_STRING allocation functions

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+ASN1_STRING * ASN1_STRING_new(void);
+ASN1_STRING * ASN1_STRING_type_new(int type);
+void ASN1_STRING_free(ASN1_STRING *a);
+ +

DESCRIPTION

+ +

ASN1_STRING_new() returns an allocated ASN1_STRING structure. Its type is undefined.

+ +

ASN1_STRING_type_new() returns an allocated ASN1_STRING structure of type type.

+ +

ASN1_STRING_free() frees up a. If a is NULL nothing is done.

+ +

NOTES

+ +

Other string types call the ASN1_STRING functions. For example ASN1_OCTET_STRING_new() calls ASN1_STRING_type(V_ASN1_OCTET_STRING).

+ +

RETURN VALUES

+ +

ASN1_STRING_new() and ASN1_STRING_type_new() return a valid ASN1_STRING structure or NULL if an error occurred.

+ +

ASN1_STRING_free() does not return a value.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_STRING_print_ex.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_STRING_print_ex.html new file mode 100644 index 00000000..afe4abff --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_STRING_print_ex.html @@ -0,0 +1,103 @@ + + + + +ASN1_STRING_print_ex + + + + + + + + + + +

NAME

+ +

ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print - ASN1_STRING output routines

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags);
+int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags);
+int ASN1_STRING_print(BIO *out, const ASN1_STRING *str);
+
+const char *ASN1_tag2str(int tag);
+ +

DESCRIPTION

+ +

These functions output an ASN1_STRING structure. ASN1_STRING is used to represent all the ASN1 string types.

+ +

ASN1_STRING_print_ex() outputs str to out, the format is determined by the options flags. ASN1_STRING_print_ex_fp() is identical except it outputs to fp instead.

+ +

ASN1_STRING_print() prints str to out but using a different format to ASN1_STRING_print_ex(). It replaces unprintable characters (other than CR, LF) with '.'.

+ +

ASN1_tag2str() returns a human-readable name of the specified ASN.1 tag.

+ +

NOTES

+ +

ASN1_STRING_print() is a deprecated function which should be avoided; use ASN1_STRING_print_ex() instead.

+ +

Although there are a large number of options frequently ASN1_STRFLGS_RFC2253 is suitable, or on UTF8 terminals ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB.

+ +

The complete set of supported options for flags is listed below.

+ +

Various characters can be escaped. If ASN1_STRFLGS_ESC_2253 is set the characters determined by RFC2253 are escaped. If ASN1_STRFLGS_ESC_CTRL is set control characters are escaped. If ASN1_STRFLGS_ESC_MSB is set characters with the MSB set are escaped: this option should not be used if the terminal correctly interprets UTF8 sequences.

+ +

Escaping takes several forms.

+ +

If the character being escaped is a 16 bit character then the form "\UXXXX" is used using exactly four characters for the hex representation. If it is 32 bits then "\WXXXXXXXX" is used using eight characters of its hex representation. These forms will only be used if UTF8 conversion is not set (see below).

+ +

Printable characters are normally escaped using the backslash '\' character. If ASN1_STRFLGS_ESC_QUOTE is set then the whole string is instead surrounded by double quote characters: this is arguably more readable than the backslash notation. Other characters use the "\XX" using exactly two characters of the hex representation.

+ +

If ASN1_STRFLGS_UTF8_CONVERT is set then characters are converted to UTF8 format first. If the terminal supports the display of UTF8 sequences then this option will correctly display multi byte characters.

+ +

If ASN1_STRFLGS_IGNORE_TYPE is set then the string type is not interpreted at all: everything is assumed to be one byte per character. This is primarily for debugging purposes and can result in confusing output in multi character strings.

+ +

If ASN1_STRFLGS_SHOW_TYPE is set then the string type itself is printed out before its value (for example "BMPSTRING"), this actually uses ASN1_tag2str().

+ +

The content of a string instead of being interpreted can be "dumped": this just outputs the value of the string using the form #XXXX using hex format for each octet.

+ +

If ASN1_STRFLGS_DUMP_ALL is set then any type is dumped.

+ +

Normally non character string types (such as OCTET STRING) are assumed to be one byte per character, if ASN1_STRFLGS_DUMP_UNKNOWN is set then they will be dumped instead.

+ +

When a type is dumped normally just the content octets are printed, if ASN1_STRFLGS_DUMP_DER is set then the complete encoding is dumped instead (including tag and length octets).

+ +

ASN1_STRFLGS_RFC2253 includes all the flags required by RFC2253. It is equivalent to: ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER

+ +

RETURN VALUES

+ +

ASN1_STRING_print_ex() and ASN1_STRING_print_ex_fp() return the number of characters written or -1 if an error occurred.

+ +

ASN1_STRING_print() returns 1 on success or 0 on error.

+ +

ASN1_tag2str() returns a human-readable name of the specified ASN.1 tag.

+ +

SEE ALSO

+ +

X509_NAME_print_ex(3), ASN1_tag2str(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_TIME_set.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_TIME_set.html new file mode 100644 index 00000000..81f883b8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_TIME_set.html @@ -0,0 +1,190 @@ + + + + +ASN1_TIME_set + + + + + + + + + + +

NAME

+ +

ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, ASN1_TIME_adj, ASN1_UTCTIME_adj, ASN1_GENERALIZEDTIME_adj, ASN1_TIME_check, ASN1_UTCTIME_check, ASN1_GENERALIZEDTIME_check, ASN1_TIME_set_string, ASN1_UTCTIME_set_string, ASN1_GENERALIZEDTIME_set_string, ASN1_TIME_set_string_X509, ASN1_TIME_normalize, ASN1_TIME_to_tm, ASN1_TIME_print, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, ASN1_TIME_diff, ASN1_TIME_cmp_time_t, ASN1_UTCTIME_cmp_time_t, ASN1_TIME_compare, ASN1_TIME_to_generalizedtime - ASN.1 Time functions

+ +

SYNOPSIS

+ +
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+                                               time_t t);
+
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day,
+                         long offset_sec);
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                               int offset_day, long offset_sec);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+                                               time_t t, int offset_day,
+                                               long offset_sec);
+
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
+int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s,
+                                    const char *str);
+
+int ASN1_TIME_normalize(ASN1_TIME *s);
+
+int ASN1_TIME_check(const ASN1_TIME *t);
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *t);
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *t);
+
+int ASN1_TIME_print(BIO *b, const ASN1_TIME *s);
+int ASN1_UTCTIME_print(BIO *b, const ASN1_UTCTIME *s);
+int ASN1_GENERALIZEDTIME_print(BIO *b, const ASN1_GENERALIZEDTIME *s);
+
+int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm);
+int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from,
+                   const ASN1_TIME *to);
+
+int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t);
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+
+int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b);
+
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
+                                                   ASN1_GENERALIZEDTIME **out);
+ +

DESCRIPTION

+ +

The ASN1_TIME_set(), ASN1_UTCTIME_set() and ASN1_GENERALIZEDTIME_set() functions set the structure s to the time represented by the time_t value t. If s is NULL a new time structure is allocated and returned.

+ +

The ASN1_TIME_adj(), ASN1_UTCTIME_adj() and ASN1_GENERALIZEDTIME_adj() functions set the time structure s to the time represented by the time offset_day and offset_sec after the time_t value t. The values of offset_day or offset_sec can be negative to set a time before t. The offset_sec value can also exceed the number of seconds in a day. If s is NULL a new structure is allocated and returned.

+ +

The ASN1_TIME_set_string(), ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() functions set the time structure s to the time represented by string str which must be in appropriate ASN.1 time format (for example YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ). If s is NULL this function performs a format check on str only. The string str is copied into s.

+ +

ASN1_TIME_set_string_X509() sets ASN1_TIME structure s to the time represented by string str which must be in appropriate time format that RFC 5280 requires, which means it only allows YYMMDDHHMMSSZ and YYYYMMDDHHMMSSZ (leap second is rejected), all other ASN.1 time format are not allowed. If s is NULL this function performs a format check on str only.

+ +

The ASN1_TIME_normalize() function converts an ASN1_GENERALIZEDTIME or ASN1_UTCTIME into a time value that can be used in a certificate. It should be used after the ASN1_TIME_set_string() functions and before ASN1_TIME_print() functions to get consistent (i.e. GMT) results.

+ +

The ASN1_TIME_check(), ASN1_UTCTIME_check() and ASN1_GENERALIZEDTIME_check() functions check the syntax of the time structure s.

+ +

The ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() functions print the time structure s to BIO b in human readable format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example "Feb 3 00:55:52 2015 GMT" it does not include a newline. If the time structure has invalid format it prints out "Bad time value" and returns an error. The output for generalized time may include a fractional part following the second.

+ +

ASN1_TIME_to_tm() converts the time s to the standard tm structure. If s is NULL, then the current time is converted. The output time is GMT. The tm_sec, tm_min, tm_hour, tm_mday, tm_wday, tm_yday, tm_mon and tm_year fields of tm structure are set to proper values, whereas all other fields are set to 0. If tm is NULL this function performs a format check on s only. If s is in Generalized format with fractional seconds, e.g. YYYYMMDDHHMMSS.SSSZ, the fractional seconds will be lost while converting s to tm structure.

+ +

ASN1_TIME_diff() sets *pday and *psec to the time difference between from and to. If to represents a time later than from then one or both (depending on the time difference) of *pday and *psec will be positive. If to represents a time earlier than from then one or both of *pday and *psec will be negative. If to and from represent the same time then *pday and *psec will both be zero. If both *pday and *psec are non-zero they will always have the same sign. The value of *psec will always be less than the number of seconds in a day. If from or to is NULL the current time is used.

+ +

The ASN1_TIME_cmp_time_t() and ASN1_UTCTIME_cmp_time_t() functions compare the two times represented by the time structure s and the time_t t.

+ +

The ASN1_TIME_compare() function compares the two times represented by the time structures a and b.

+ +

The ASN1_TIME_to_generalizedtime() function converts an ASN1_TIME to an ASN1_GENERALIZEDTIME, regardless of year. If either out or *out are NULL, then a new object is allocated and must be freed after use.

+ +

NOTES

+ +

The ASN1_TIME structure corresponds to the ASN.1 structure Time defined in RFC5280 et al. The time setting functions obey the rules outlined in RFC5280: if the date can be represented by UTCTime it is used, else GeneralizedTime is used.

+ +

The ASN1_TIME, ASN1_UTCTIME and ASN1_GENERALIZEDTIME structures are represented as an ASN1_STRING internally and can be freed up using ASN1_STRING_free().

+ +

The ASN1_TIME structure can represent years from 0000 to 9999 but no attempt is made to correct ancient calendar changes (for example from Julian to Gregorian calendars).

+ +

ASN1_UTCTIME is limited to a year range of 1950 through 2049.

+ +

Some applications add offset times directly to a time_t value and pass the results to ASN1_TIME_set() (or equivalent). This can cause problems as the time_t value can overflow on some systems resulting in unexpected results. New applications should use ASN1_TIME_adj() instead and pass the offset value in the offset_sec and offset_day parameters instead of directly manipulating a time_t value.

+ +

ASN1_TIME_adj() may change the type from ASN1_GENERALIZEDTIME to ASN1_UTCTIME, or vice versa, based on the resulting year. The ASN1_GENERALIZEDTIME_adj() and ASN1_UTCTIME_adj() functions will not modify the type of the return structure.

+ +

It is recommended that functions starting with ASN1_TIME be used instead of those starting with ASN1_UTCTIME or ASN1_GENERALIZEDTIME. The functions starting with ASN1_UTCTIME and ASN1_GENERALIZEDTIME act only on that specific time format. The functions starting with ASN1_TIME will operate on either format.

+ +

BUGS

+ +

ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() do not print out the time zone: it either prints out "GMT" or nothing. But all certificates complying with RFC5280 et al use GMT anyway.

+ +

Use the ASN1_TIME_normalize() function to normalize the time value before printing to get GMT results.

+ +

RETURN VALUES

+ +

ASN1_TIME_set(), ASN1_UTCTIME_set(), ASN1_GENERALIZEDTIME_set(), ASN1_TIME_adj(), ASN1_UTCTIME_adj and ASN1_GENERALIZEDTIME_set return a pointer to a time structure or NULL if an error occurred.

+ +

ASN1_TIME_set_string(), ASN1_UTCTIME_set_string(), ASN1_GENERALIZEDTIME_set_string() ASN1_TIME_set_string_X509() return 1 if the time value is successfully set and 0 otherwise.

+ +

ASN1_TIME_normalize() returns 1 on success, and 0 on error.

+ +

ASN1_TIME_check(), ASN1_UTCTIME_check and ASN1_GENERALIZEDTIME_check() return 1 if the structure is syntactically correct and 0 otherwise.

+ +

ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() return 1 if the time is successfully printed out and 0 if an error occurred (I/O error or invalid time format).

+ +

ASN1_TIME_to_tm() returns 1 if the time is successfully parsed and 0 if an error occurred (invalid time format).

+ +

ASN1_TIME_diff() returns 1 for success and 0 for failure. It can fail if the passed-in time structure has invalid syntax, for example.

+ +

ASN1_TIME_cmp_time_t() and ASN1_UTCTIME_cmp_time_t() return -1 if s is before t, 0 if s equals t, or 1 if s is after t. -2 is returned on error.

+ +

ASN1_TIME_compare() returns -1 if a is before b, 0 if a equals b, or 1 if a is after b. -2 is returned on error.

+ +

ASN1_TIME_to_generalizedtime() returns a pointer to the appropriate time structure on success or NULL if an error occurred.

+ +

EXAMPLES

+ +

Set a time structure to one hour after the current time and print it out:

+ +
#include <time.h>
+#include <openssl/asn1.h>
+
+ASN1_TIME *tm;
+time_t t;
+BIO *b;
+
+t = time(NULL);
+tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60);
+b = BIO_new_fp(stdout, BIO_NOCLOSE);
+ASN1_TIME_print(b, tm);
+ASN1_STRING_free(tm);
+BIO_free(b);
+ +

Determine if one time is later or sooner than the current time:

+ +
int day, sec;
+
+if (!ASN1_TIME_diff(&day, &sec, NULL, to))
+    /* Invalid time format */
+
+if (day > 0 || sec > 0)
+    printf("Later\n");
+else if (day < 0 || sec < 0)
+    printf("Sooner\n");
+else
+    printf("Same\n");
+ +

HISTORY

+ +

The ASN1_TIME_to_tm() function was added in OpenSSL 1.1.1. The ASN1_TIME_set_string_X509() function was added in OpenSSL 1.1.1. The ASN1_TIME_normalize() function was added in OpenSSL 1.1.1. The ASN1_TIME_cmp_time_t() function was added in OpenSSL 1.1.1. The ASN1_TIME_compare() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_TYPE_get.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_TYPE_get.html new file mode 100644 index 00000000..f2526bc3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_TYPE_get.html @@ -0,0 +1,89 @@ + + + + +ASN1_TYPE_get + + + + + + + + + + +

NAME

+ +

ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_sequence, ASN1_TYPE_pack_sequence - ASN1_TYPE utility functions

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+int ASN1_TYPE_get(const ASN1_TYPE *a);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
+
+void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t);
+ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s,
+                                   ASN1_TYPE **t);
+ +

DESCRIPTION

+ +

These functions allow an ASN1_TYPE structure to be manipulated. The ASN1_TYPE structure can contain any ASN.1 type or constructed type such as a SEQUENCE: it is effectively equivalent to the ASN.1 ANY type.

+ +

ASN1_TYPE_get() returns the type of a.

+ +

ASN1_TYPE_set() sets the value of a to type and value. This function uses the pointer value internally so it must not be freed up after the call.

+ +

ASN1_TYPE_set1() sets the value of a to type a copy of value.

+ +

ASN1_TYPE_cmp() compares ASN.1 types a and b and returns 0 if they are identical and non-zero otherwise.

+ +

ASN1_TYPE_unpack_sequence() attempts to parse the SEQUENCE present in t using the ASN.1 structure it. If successful it returns a pointer to the ASN.1 structure corresponding to it which must be freed by the caller. If it fails it return NULL.

+ +

ASN1_TYPE_pack_sequence() attempts to encode the ASN.1 structure s corresponding to it into an ASN1_TYPE. If successful the encoded ASN1_TYPE is returned. If t and *t are not NULL the encoded type is written to t overwriting any existing data. If t is not NULL but *t is NULL the returned ASN1_TYPE is written to *t.

+ +

NOTES

+ +

The type and meaning of the value parameter for ASN1_TYPE_set() and ASN1_TYPE_set1() is determined by the type parameter. If type is V_ASN1_NULL value is ignored. If type is V_ASN1_BOOLEAN then the boolean is set to TRUE if value is not NULL. If type is V_ASN1_OBJECT then value is an ASN1_OBJECT structure. Otherwise type is and ASN1_STRING structure. If type corresponds to a primitive type (or a string type) then the contents of the ASN1_STRING contain the content octets of the type. If type corresponds to a constructed type or a tagged type (V_ASN1_SEQUENCE, V_ASN1_SET or V_ASN1_OTHER) then the ASN1_STRING contains the entire ASN.1 encoding verbatim (including tag and length octets).

+ +

ASN1_TYPE_cmp() may not return zero if two types are equivalent but have different encodings. For example the single content octet of the boolean TRUE value under BER can have any non-zero encoding but ASN1_TYPE_cmp() will only return zero if the values are the same.

+ +

If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the return value is non-zero. Technically if both parameters are NULL the two types could be absent OPTIONAL fields and so should match, however passing NULL values could also indicate a programming error (for example an unparsable type which returns NULL) for types which do not match. So applications should handle the case of two absent values separately.

+ +

RETURN VALUES

+ +

ASN1_TYPE_get() returns the type of the ASN1_TYPE argument.

+ +

ASN1_TYPE_set() does not return a value.

+ +

ASN1_TYPE_set1() returns 1 for success and 0 for failure.

+ +

ASN1_TYPE_cmp() returns 0 if the types are identical and non-zero otherwise.

+ +

ASN1_TYPE_unpack_sequence() returns a pointer to an ASN.1 structure or NULL on failure.

+ +

ASN1_TYPE_pack_sequence() return an ASN1_TYPE structure if it succeeds or NULL on failure.

+ +

COPYRIGHT

+ +

Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_generate_nconf.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_generate_nconf.html new file mode 100644 index 00000000..faee7086 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASN1_generate_nconf.html @@ -0,0 +1,274 @@ + + + + +ASN1_generate_nconf + + + + + + + + + + +

NAME

+ +

ASN1_generate_nconf, ASN1_generate_v3 - ASN1 generation functions

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
+ +

DESCRIPTION

+ +

These functions generate the ASN1 encoding of a string in an ASN1_TYPE structure.

+ +

str contains the string to encode nconf or cnf contains the optional configuration information where additional strings will be read from. nconf will typically come from a config file whereas cnf is obtained from an X509V3_CTX structure which will typically be used by X509 v3 certificate extension functions. cnf or nconf can be set to NULL if no additional configuration will be used.

+ +

GENERATION STRING FORMAT

+ +

The actual data encoded is determined by the string str and the configuration information. The general format of the string is:

+ +
+ +
[modifier,]type[:value]
+
+ +
+
+ +

That is zero or more comma separated modifiers followed by a type followed by an optional colon and a value. The formats of type, value and modifier are explained below.

+ +

Supported Types

+ +

The supported types are listed below. Unless otherwise specified only the ASCII format is permissible.

+ +
+ +
BOOLEAN, BOOL
+
+ +

This encodes a boolean type. The value string is mandatory and should be TRUE or FALSE. Additionally TRUE, true, Y, y, YES, yes, FALSE, false, N, n, NO and no are acceptable.

+ +
+
NULL
+
+ +

Encode the NULL type, the value string must not be present.

+ +
+
INTEGER, INT
+
+ +

Encodes an ASN1 INTEGER type. The value string represents the value of the integer, it can be prefaced by a minus sign and is normally interpreted as a decimal value unless the prefix 0x is included.

+ +
+
ENUMERATED, ENUM
+
+ +

Encodes the ASN1 ENUMERATED type, it is otherwise identical to INTEGER.

+ +
+
OBJECT, OID
+
+ +

Encodes an ASN1 OBJECT IDENTIFIER, the value string can be a short name, a long name or numerical format.

+ +
+
UTCTIME, UTC
+
+ +

Encodes an ASN1 UTCTime structure, the value should be in the format YYMMDDHHMMSSZ.

+ +
+
GENERALIZEDTIME, GENTIME
+
+ +

Encodes an ASN1 GeneralizedTime structure, the value should be in the format YYYYMMDDHHMMSSZ.

+ +
+
OCTETSTRING, OCT
+
+ +

Encodes an ASN1 OCTET STRING. value represents the contents of this structure, the format strings ASCII and HEX can be used to specify the format of value.

+ +
+
BITSTRING, BITSTR
+
+ +

Encodes an ASN1 BIT STRING. value represents the contents of this structure, the format strings ASCII, HEX and BITLIST can be used to specify the format of value.

+ +

If the format is anything other than BITLIST the number of unused bits is set to zero.

+ +
+
UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC
+
+ +

These encode the corresponding string types. value represents the contents of this structure. The format can be ASCII or UTF8.

+ +
+
SEQUENCE, SEQ, SET
+
+ +

Formats the result as an ASN1 SEQUENCE or SET type. value should be a section name which will contain the contents. The field names in the section are ignored and the values are in the generated string format. If value is absent then an empty SEQUENCE will be encoded.

+ +
+
+ +

Modifiers

+ +

Modifiers affect the following structure, they can be used to add EXPLICIT or IMPLICIT tagging, add wrappers or to change the string format of the final type and value. The supported formats are documented below.

+ +
+ +
EXPLICIT, EXP
+
+ +

Add an explicit tag to the following structure. This string should be followed by a colon and the tag value to use as a decimal value.

+ +

By following the number with U, A, P or C UNIVERSAL, APPLICATION, PRIVATE or CONTEXT SPECIFIC tagging can be used, the default is CONTEXT SPECIFIC.

+ +
+
IMPLICIT, IMP
+
+ +

This is the same as EXPLICIT except IMPLICIT tagging is used instead.

+ +
+
OCTWRAP, SEQWRAP, SETWRAP, BITWRAP
+
+ +

The following structure is surrounded by an OCTET STRING, a SEQUENCE, a SET or a BIT STRING respectively. For a BIT STRING the number of unused bits is set to zero.

+ +
+
FORMAT
+
+ +

This specifies the format of the ultimate value. It should be followed by a colon and one of the strings ASCII, UTF8, HEX or BITLIST.

+ +

If no format specifier is included then ASCII is used. If UTF8 is specified then the value string must be a valid UTF8 string. For HEX the output must be a set of hex digits. BITLIST (which is only valid for a BIT STRING) is a comma separated list of the indices of the set bits, all other bits are zero.

+ +
+
+ +

RETURN VALUES

+ +

ASN1_generate_nconf() and ASN1_generate_v3() return the encoded data as an ASN1_TYPE structure or NULL if an error occurred.

+ +

The error codes that can be obtained by ERR_get_error(3).

+ +

EXAMPLES

+ +

A simple IA5String:

+ +
IA5STRING:Hello World
+ +

An IA5String explicitly tagged:

+ +
EXPLICIT:0,IA5STRING:Hello World
+ +

An IA5String explicitly tagged using APPLICATION tagging:

+ +
EXPLICIT:0A,IA5STRING:Hello World
+ +

A BITSTRING with bits 1 and 5 set and all others zero:

+ +
FORMAT:BITLIST,BITSTRING:1,5
+ +

A more complex example using a config file to produce a SEQUENCE consisting of a BOOL an OID and a UTF8String:

+ +
asn1 = SEQUENCE:seq_section
+
+[seq_section]
+
+field1 = BOOLEAN:TRUE
+field2 = OID:commonName
+field3 = UTF8:Third field
+ +

This example produces an RSAPrivateKey structure, this is the key contained in the file client.pem in all OpenSSL distributions (note: the field names such as 'coeff' are ignored and are present just for clarity):

+ +
asn1=SEQUENCE:private_key
+[private_key]
+version=INTEGER:0
+
+n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
+D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
+
+e=INTEGER:0x010001
+
+d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\
+F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D
+
+p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\
+D4BD57
+
+q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\
+46EC4F
+
+exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\
+9C0A39B9
+
+exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\
+E7B2458F
+
+coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\
+628657053A
+ +

This example is the corresponding public key in a SubjectPublicKeyInfo structure:

+ +
# Start with a SEQUENCE
+asn1=SEQUENCE:pubkeyinfo
+
+# pubkeyinfo contains an algorithm identifier and the public key wrapped
+# in a BIT STRING
+[pubkeyinfo]
+algorithm=SEQUENCE:rsa_alg
+pubkey=BITWRAP,SEQUENCE:rsapubkey
+
+# algorithm ID for RSA is just an OID and a NULL
+[rsa_alg]
+algorithm=OID:rsaEncryption
+parameter=NULL
+
+# Actual public key: modulus and exponent
+[rsapubkey]
+n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
+D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
+
+e=INTEGER:0x010001
+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASYNC_WAIT_CTX_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASYNC_WAIT_CTX_new.html new file mode 100644 index 00000000..fc33210b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASYNC_WAIT_CTX_new.html @@ -0,0 +1,96 @@ + + + + +ASYNC_WAIT_CTX_new + + + + + + + + + + +

NAME

+ +

ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd - functions to manage waiting for asynchronous jobs to complete

+ +

SYNOPSIS

+ +
#include <openssl/async.h>
+
+ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void);
+void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx);
+int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                               OSSL_ASYNC_FD fd,
+                               void *custom_data,
+                               void (*cleanup)(ASYNC_WAIT_CTX *, const void *,
+                                               OSSL_ASYNC_FD, void *));
+int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                          OSSL_ASYNC_FD *fd, void **custom_data);
+int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
+                               size_t *numfds);
+int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
+                                   size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                   size_t *numdelfds);
+int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
+ +

DESCRIPTION

+ +

For an overview of how asynchronous operations are implemented in OpenSSL see ASYNC_start_job(3). An ASYNC_WAIT_CTX object represents an asynchronous "session", i.e. a related set of crypto operations. For example in SSL terms this would have a one-to-one correspondence with an SSL connection.

+ +

Application code must create an ASYNC_WAIT_CTX using the ASYNC_WAIT_CTX_new() function prior to calling ASYNC_start_job() (see ASYNC_start_job(3)). When the job is started it is associated with the ASYNC_WAIT_CTX for the duration of that job. An ASYNC_WAIT_CTX should only be used for one ASYNC_JOB at any one time, but can be reused after an ASYNC_JOB has finished for a subsequent ASYNC_JOB. When the session is complete (e.g. the SSL connection is closed), application code cleans up with ASYNC_WAIT_CTX_free().

+ +

ASYNC_WAIT_CTXs can have "wait" file descriptors associated with them. Calling ASYNC_WAIT_CTX_get_all_fds() and passing in a pointer to an ASYNC_WAIT_CTX in the ctx parameter will return the wait file descriptors associated with that job in *fd. The number of file descriptors returned will be stored in *numfds. It is the caller's responsibility to ensure that sufficient memory has been allocated in *fd to receive all the file descriptors. Calling ASYNC_WAIT_CTX_get_all_fds() with a NULL fd value will return no file descriptors but will still populate *numfds. Therefore application code is typically expected to call this function twice: once to get the number of fds, and then again when sufficient memory has been allocated. If only one asynchronous engine is being used then normally this call will only ever return one fd. If multiple asynchronous engines are being used then more could be returned.

+ +

The function ASYNC_WAIT_CTX_get_changed_fds() can be used to detect if any fds have changed since the last call time ASYNC_start_job() returned an ASYNC_PAUSE result (or since the ASYNC_WAIT_CTX was created if no ASYNC_PAUSE result has been received). The numaddfds and numdelfds parameters will be populated with the number of fds added or deleted respectively. *addfd and *delfd will be populated with the list of added and deleted fds respectively. Similarly to ASYNC_WAIT_CTX_get_all_fds() either of these can be NULL, but if they are not NULL then the caller is responsible for ensuring sufficient memory is allocated.

+ +

Implementors of async aware code (e.g. engines) are encouraged to return a stable fd for the lifetime of the ASYNC_WAIT_CTX in order to reduce the "churn" of regularly changing fds - although no guarantees of this are provided to applications.

+ +

Applications can wait for the file descriptor to be ready for "read" using a system function call such as select or poll (being ready for "read" indicates that the job should be resumed). If no file descriptor is made available then an application will have to periodically "poll" the job by attempting to restart it to see if it is ready to continue.

+ +

Async aware code (e.g. engines) can get the current ASYNC_WAIT_CTX from the job via ASYNC_get_wait_ctx(3) and provide a file descriptor to use for waiting on by calling ASYNC_WAIT_CTX_set_wait_fd(). Typically this would be done by an engine immediately prior to calling ASYNC_pause_job() and not by end user code. An existing association with a file descriptor can be obtained using ASYNC_WAIT_CTX_get_fd() and cleared using ASYNC_WAIT_CTX_clear_fd(). Both of these functions requires a key value which is unique to the async aware code. This could be any unique value but a good candidate might be the ENGINE * for the engine. The custom_data parameter can be any value, and will be returned in a subsequent call to ASYNC_WAIT_CTX_get_fd(). The ASYNC_WAIT_CTX_set_wait_fd() function also expects a pointer to a "cleanup" routine. This can be NULL but if provided will automatically get called when the ASYNC_WAIT_CTX is freed, and gives the engine the opportunity to close the fd or any other resources. Note: The "cleanup" routine does not get called if the fd is cleared directly via a call to ASYNC_WAIT_CTX_clear_fd().

+ +

An example of typical usage might be an async capable engine. User code would initiate cryptographic operations. The engine would initiate those operations asynchronously and then call ASYNC_WAIT_CTX_set_wait_fd() followed by ASYNC_pause_job() to return control to the user code. The user code can then perform other tasks or wait for the job to be ready by calling "select" or other similar function on the wait file descriptor. The engine can signal to the user code that the job should be resumed by making the wait file descriptor "readable". Once resumed the engine should clear the wake signal on the wait file descriptor.

+ +

RETURN VALUES

+ +

ASYNC_WAIT_CTX_new() returns a pointer to the newly allocated ASYNC_WAIT_CTX or NULL on error.

+ +

ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, ASYNC_WAIT_CTX_get_changed_fds and ASYNC_WAIT_CTX_clear_fd all return 1 on success or 0 on error.

+ +

NOTES

+ +

On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore it is defined as an application developer's responsibility to include windows.h prior to async.h.

+ +

SEE ALSO

+ +

crypto(7), ASYNC_start_job(3)

+ +

HISTORY

+ +

ASYNC_WAIT_CTX_new(), ASYNC_WAIT_CTX_free(), ASYNC_WAIT_CTX_set_wait_fd(), ASYNC_WAIT_CTX_get_fd(), ASYNC_WAIT_CTX_get_all_fds(), ASYNC_WAIT_CTX_get_changed_fds() and ASYNC_WAIT_CTX_clear_fd() were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASYNC_start_job.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASYNC_start_job.html new file mode 100644 index 00000000..b7f8c77b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ASYNC_start_job.html @@ -0,0 +1,273 @@ + + + + +ASYNC_start_job + + + + + + + + + + +

NAME

+ +

ASYNC_get_wait_ctx, ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable - asynchronous job management functions

+ +

SYNOPSIS

+ +
#include <openssl/async.h>
+
+int ASYNC_init_thread(size_t max_size, size_t init_size);
+void ASYNC_cleanup_thread(void);
+
+int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
+                    int (*func)(void *), void *args, size_t size);
+int ASYNC_pause_job(void);
+
+ASYNC_JOB *ASYNC_get_current_job(void);
+ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job);
+void ASYNC_block_pause(void);
+void ASYNC_unblock_pause(void);
+
+int ASYNC_is_capable(void);
+ +

DESCRIPTION

+ +

OpenSSL implements asynchronous capabilities through an ASYNC_JOB. This represents code that can be started and executes until some event occurs. At that point the code can be paused and control returns to user code until some subsequent event indicates that the job can be resumed.

+ +

The creation of an ASYNC_JOB is a relatively expensive operation. Therefore, for efficiency reasons, jobs can be created up front and reused many times. They are held in a pool until they are needed, at which point they are removed from the pool, used, and then returned to the pool when the job completes. If the user application is multi-threaded, then ASYNC_init_thread() may be called for each thread that will initiate asynchronous jobs. Before user code exits per-thread resources need to be cleaned up. This will normally occur automatically (see OPENSSL_init_crypto(3)) but may be explicitly initiated by using ASYNC_cleanup_thread(). No asynchronous jobs must be outstanding for the thread when ASYNC_cleanup_thread() is called. Failing to ensure this will result in memory leaks.

+ +

The max_size argument limits the number of ASYNC_JOBs that will be held in the pool. If max_size is set to 0 then no upper limit is set. When an ASYNC_JOB is needed but there are none available in the pool already then one will be automatically created, as long as the total of ASYNC_JOBs managed by the pool does not exceed max_size. When the pool is first initialised init_size ASYNC_JOBs will be created immediately. If ASYNC_init_thread() is not called before the pool is first used then it will be called automatically with a max_size of 0 (no upper limit) and an init_size of 0 (no ASYNC_JOBs created up front).

+ +

An asynchronous job is started by calling the ASYNC_start_job() function. Initially *job should be NULL. ctx should point to an ASYNC_WAIT_CTX object created through the ASYNC_WAIT_CTX_new(3) function. ret should point to a location where the return value of the asynchronous function should be stored on completion of the job. func represents the function that should be started asynchronously. The data pointed to by args and of size size will be copied and then passed as an argument to func when the job starts. ASYNC_start_job will return one of the following values:

+ +
+ +
ASYNC_ERR
+
+ +

An error occurred trying to start the job. Check the OpenSSL error queue (e.g. see ERR_print_errors(3)) for more details.

+ +
+
ASYNC_NO_JOBS
+
+ +

There are no jobs currently available in the pool. This call can be retried again at a later time.

+ +
+
ASYNC_PAUSE
+
+ +

The job was successfully started but was "paused" before it completed (see ASYNC_pause_job() below). A handle to the job is placed in *job. Other work can be performed (if desired) and the job restarted at a later time. To restart a job call ASYNC_start_job() again passing the job handle in *job. The func, args and size parameters will be ignored when restarting a job. When restarting a job ASYNC_start_job() must be called from the same thread that the job was originally started from.

+ +
+
ASYNC_FINISH
+
+ +

The job completed. *job will be NULL and the return value from func will be placed in *ret.

+ +
+
+ +

At any one time there can be a maximum of one job actively running per thread (you can have many that are paused). ASYNC_get_current_job() can be used to get a pointer to the currently executing ASYNC_JOB. If no job is currently executing then this will return NULL.

+ +

If executing within the context of a job (i.e. having been called directly or indirectly by the function "func" passed as an argument to ASYNC_start_job()) then ASYNC_pause_job() will immediately return control to the calling application with ASYNC_PAUSE returned from the ASYNC_start_job() call. A subsequent call to ASYNC_start_job passing in the relevant ASYNC_JOB in the *job parameter will resume execution from the ASYNC_pause_job() call. If ASYNC_pause_job() is called whilst not within the context of a job then no action is taken and ASYNC_pause_job() returns immediately.

+ +

ASYNC_get_wait_ctx() can be used to get a pointer to the ASYNC_WAIT_CTX for the job. ASYNC_WAIT_CTXs can have a "wait" file descriptor associated with them. Applications can wait for the file descriptor to be ready for "read" using a system function call such as select or poll (being ready for "read" indicates that the job should be resumed). If no file descriptor is made available then an application will have to periodically "poll" the job by attempting to restart it to see if it is ready to continue.

+ +

An example of typical usage might be an async capable engine. User code would initiate cryptographic operations. The engine would initiate those operations asynchronously and then call ASYNC_WAIT_CTX_set_wait_fd(3) followed by ASYNC_pause_job() to return control to the user code. The user code can then perform other tasks or wait for the job to be ready by calling "select" or other similar function on the wait file descriptor. The engine can signal to the user code that the job should be resumed by making the wait file descriptor "readable". Once resumed the engine should clear the wake signal on the wait file descriptor.

+ +

The ASYNC_block_pause() function will prevent the currently active job from pausing. The block will remain in place until a subsequent call to ASYNC_unblock_pause(). These functions can be nested, e.g. if you call ASYNC_block_pause() twice then you must call ASYNC_unblock_pause() twice in order to re-enable pausing. If these functions are called while there is no currently active job then they have no effect. This functionality can be useful to avoid deadlock scenarios. For example during the execution of an ASYNC_JOB an application acquires a lock. It then calls some cryptographic function which invokes ASYNC_pause_job(). This returns control back to the code that created the ASYNC_JOB. If that code then attempts to acquire the same lock before resuming the original job then a deadlock can occur. By calling ASYNC_block_pause() immediately after acquiring the lock and ASYNC_unblock_pause() immediately before releasing it then this situation cannot occur.

+ +

Some platforms cannot support async operations. The ASYNC_is_capable() function can be used to detect whether the current platform is async capable or not.

+ +

RETURN VALUES

+ +

ASYNC_init_thread returns 1 on success or 0 otherwise.

+ +

ASYNC_start_job returns one of ASYNC_ERR, ASYNC_NO_JOBS, ASYNC_PAUSE or ASYNC_FINISH as described above.

+ +

ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when not within the context of an ASYNC_JOB then this is counted as success so 1 is returned.

+ +

ASYNC_get_current_job returns a pointer to the currently executing ASYNC_JOB or NULL if not within the context of a job.

+ +

ASYNC_get_wait_ctx() returns a pointer to the ASYNC_WAIT_CTX for the job.

+ +

ASYNC_is_capable() returns 1 if the current platform is async capable or 0 otherwise.

+ +

NOTES

+ +

On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore it is defined as an application developer's responsibility to include windows.h prior to async.h.

+ +

EXAMPLES

+ +

The following example demonstrates how to use most of the core async APIs:

+ +
#ifdef _WIN32
+# include <windows.h>
+#endif
+#include <stdio.h>
+#include <unistd.h>
+#include <openssl/async.h>
+#include <openssl/crypto.h>
+
+int unique = 0;
+
+void cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD r, void *vw)
+{
+    OSSL_ASYNC_FD *w = (OSSL_ASYNC_FD *)vw;
+
+    close(r);
+    close(*w);
+    OPENSSL_free(w);
+}
+
+int jobfunc(void *arg)
+{
+    ASYNC_JOB *currjob;
+    unsigned char *msg;
+    int pipefds[2] = {0, 0};
+    OSSL_ASYNC_FD *wptr;
+    char buf = 'X';
+
+    currjob = ASYNC_get_current_job();
+    if (currjob != NULL) {
+        printf("Executing within a job\n");
+    } else {
+        printf("Not executing within a job - should not happen\n");
+        return 0;
+    }
+
+    msg = (unsigned char *)arg;
+    printf("Passed in message is: %s\n", msg);
+
+    if (pipe(pipefds) != 0) {
+        printf("Failed to create pipe\n");
+        return 0;
+    }
+    wptr = OPENSSL_malloc(sizeof(OSSL_ASYNC_FD));
+    if (wptr == NULL) {
+        printf("Failed to malloc\n");
+        return 0;
+    }
+    *wptr = pipefds[1];
+    ASYNC_WAIT_CTX_set_wait_fd(ASYNC_get_wait_ctx(currjob), &unique,
+                               pipefds[0], wptr, cleanup);
+
+    /*
+     * Normally some external event would cause this to happen at some
+     * later point - but we do it here for demo purposes, i.e.
+     * immediately signalling that the job is ready to be woken up after
+     * we return to main via ASYNC_pause_job().
+     */
+    write(pipefds[1], &buf, 1);
+
+    /* Return control back to main */
+    ASYNC_pause_job();
+
+    /* Clear the wake signal */
+    read(pipefds[0], &buf, 1);
+
+    printf ("Resumed the job after a pause\n");
+
+    return 1;
+}
+
+int main(void)
+{
+    ASYNC_JOB *job = NULL;
+    ASYNC_WAIT_CTX *ctx = NULL;
+    int ret;
+    OSSL_ASYNC_FD waitfd;
+    fd_set waitfdset;
+    size_t numfds;
+    unsigned char msg[13] = "Hello world!";
+
+    printf("Starting...\n");
+
+    ctx = ASYNC_WAIT_CTX_new();
+    if (ctx == NULL) {
+        printf("Failed to create ASYNC_WAIT_CTX\n");
+        abort();
+    }
+
+    for (;;) {
+        switch (ASYNC_start_job(&job, ctx, &ret, jobfunc, msg, sizeof(msg))) {
+        case ASYNC_ERR:
+        case ASYNC_NO_JOBS:
+            printf("An error occurred\n");
+            goto end;
+        case ASYNC_PAUSE:
+            printf("Job was paused\n");
+            break;
+        case ASYNC_FINISH:
+            printf("Job finished with return value %d\n", ret);
+            goto end;
+        }
+
+        /* Wait for the job to be woken */
+        printf("Waiting for the job to be woken up\n");
+
+        if (!ASYNC_WAIT_CTX_get_all_fds(ctx, NULL, &numfds)
+                || numfds > 1) {
+            printf("Unexpected number of fds\n");
+            abort();
+        }
+        ASYNC_WAIT_CTX_get_all_fds(ctx, &waitfd, &numfds);
+        FD_ZERO(&waitfdset);
+        FD_SET(waitfd, &waitfdset);
+        select(waitfd + 1, &waitfdset, NULL, NULL, NULL);
+    }
+
+end:
+    ASYNC_WAIT_CTX_free(ctx);
+    printf("Finishing\n");
+
+    return 0;
+}
+ +

The expected output from executing the above example program is:

+ +
Starting...
+Executing within a job
+Passed in message is: Hello world!
+Job was paused
+Waiting for the job to be woken up
+Resumed the job after a pause
+Job finished with return value 1
+Finishing
+ +

SEE ALSO

+ +

crypto(7), ERR_print_errors(3)

+ +

HISTORY

+ +

ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_get_wait_ctx(), ASYNC_block_pause(), ASYNC_unblock_pause() and ASYNC_is_capable() were first added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BF_encrypt.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BF_encrypt.html new file mode 100644 index 00000000..781f1f8c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BF_encrypt.html @@ -0,0 +1,95 @@ + + + + +BF_encrypt + + + + + + + + + + +

NAME

+ +

BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption

+ +

SYNOPSIS

+ +
#include <openssl/blowfish.h>
+
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                    BF_KEY *key, int enc);
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                    long length, BF_KEY *schedule,
+                    unsigned char *ivec, int enc);
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, BF_KEY *schedule,
+                      unsigned char *ivec, int *num, int enc);
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, BF_KEY *schedule,
+                      unsigned char *ivec, int *num);
+const char *BF_options(void);
+
+void BF_encrypt(BF_LONG *data, const BF_KEY *key);
+void BF_decrypt(BF_LONG *data, const BF_KEY *key);
+ +

DESCRIPTION

+ +

This library implements the Blowfish cipher, which was invented and described by Counterpane (see http://www.counterpane.com/blowfish.html ).

+ +

Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. It uses a variable size key, but typically, 128 bit (16 byte) keys are considered good for strong encryption. Blowfish can be used in the same modes as DES (see des_modes(7)). Blowfish is currently one of the faster block ciphers. It is quite a bit faster than DES, and much faster than IDEA or RC2.

+ +

Blowfish consists of a key setup phase and the actual encryption or decryption phase.

+ +

BF_set_key() sets up the BF_KEY key using the len bytes long key at data.

+ +

BF_ecb_encrypt() is the basic Blowfish encryption and decryption function. It encrypts or decrypts the first 64 bits of in using the key key, putting the result in out. enc decides if encryption (BF_ENCRYPT) or decryption (BF_DECRYPT) shall be performed. The vector pointed at by in and out must be 64 bits in length, no less. If they are larger, everything after the first 64 bits is ignored.

+ +

The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt() all operate on variable length data. They all take an initialization vector ivec which needs to be passed along into the next call of the same function for the same message. ivec may be initialized with anything, but the recipient needs to know what it was initialized with, or it won't be able to decrypt. Some programs and protocols simplify this, like SSH, where ivec is simply initialized to zero. BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable number of bytes (the amount does not have to be an exact multiple of 8). The purpose of the latter two is to simulate stream ciphers, and therefore, they need the parameter num, which is a pointer to an integer where the current offset in ivec is stored between calls. This integer must be initialized to zero when ivec is initialized.

+ +

BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It encrypts or decrypts the 64 bits chunks of in using the key schedule, putting the result in out. enc decides if encryption (BF_ENCRYPT) or decryption (BF_DECRYPT) shall be performed. ivec must point at an 8 byte long initialization vector.

+ +

BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback. It encrypts or decrypts the bytes in in using the key schedule, putting the result in out. enc decides if encryption (BF_ENCRYPT) or decryption (BF_DECRYPT) shall be performed. ivec must point at an 8 byte long initialization vector. num must point at an integer which must be initially zero.

+ +

BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback. It uses the same parameters as BF_cfb64_encrypt(), which must be initialized the same way.

+ +

BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish encryption. They encrypt/decrypt the first 64 bits of the vector pointed by data, using the key key. These functions should not be used unless you implement 'modes' of Blowfish. The alternative is to use BF_ecb_encrypt(). If you still want to use these functions, you should be aware that they take each 32-bit chunk in host-byte order, which is little-endian on little-endian platforms and big-endian on big-endian ones.

+ +

RETURN VALUES

+ +

None of the functions presented here return any value.

+ +

NOTE

+ +

Applications should use the higher level functions EVP_EncryptInit(3) etc. instead of calling these functions directly.

+ +

SEE ALSO

+ +

EVP_EncryptInit(3), des_modes(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_ADDR.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_ADDR.html new file mode 100644 index 00000000..d2e27afc --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_ADDR.html @@ -0,0 +1,96 @@ + + + + +BIO_ADDR + + + + + + + + + + +

NAME

+ +

BIO_ADDR, BIO_ADDR_new, BIO_ADDR_clear, BIO_ADDR_free, BIO_ADDR_rawmake, BIO_ADDR_family, BIO_ADDR_rawaddress, BIO_ADDR_rawport, BIO_ADDR_hostname_string, BIO_ADDR_service_string, BIO_ADDR_path_string - BIO_ADDR routines

+ +

SYNOPSIS

+ +
#include <sys/types.h>
+#include <openssl/bio.h>
+
+typedef union bio_addr_st BIO_ADDR;
+
+BIO_ADDR *BIO_ADDR_new(void);
+void BIO_ADDR_free(BIO_ADDR *);
+void BIO_ADDR_clear(BIO_ADDR *ap);
+int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
+                     const void *where, size_t wherelen, unsigned short port);
+int BIO_ADDR_family(const BIO_ADDR *ap);
+int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l);
+unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap);
+char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric);
+char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric);
+char *BIO_ADDR_path_string(const BIO_ADDR *ap);
+ +

DESCRIPTION

+ +

The BIO_ADDR type is a wrapper around all types of socket addresses that OpenSSL deals with, currently transparently supporting AF_INET, AF_INET6 and AF_UNIX according to what's available on the platform at hand.

+ +

BIO_ADDR_new() creates a new unfilled BIO_ADDR, to be used with routines that will fill it with information, such as BIO_accept_ex().

+ +

BIO_ADDR_free() frees a BIO_ADDR created with BIO_ADDR_new().

+ +

BIO_ADDR_clear() clears any data held within the provided BIO_ADDR and sets it back to an uninitialised state.

+ +

BIO_ADDR_rawmake() takes a protocol family, an byte array of size wherelen with an address in network byte order pointed at by where and a port number in network byte order in port (except for the AF_UNIX protocol family, where port is meaningless and therefore ignored) and populates the given BIO_ADDR with them. In case this creates a AF_UNIX BIO_ADDR, wherelen is expected to be the length of the path string (not including the terminating NUL, such as the result of a call to strlen()). Read on about the addresses in "RAW ADDRESSES" below.

+ +

BIO_ADDR_family() returns the protocol family of the given BIO_ADDR. The possible non-error results are one of the constants AF_INET, AF_INET6 and AF_UNIX. It will also return AF_UNSPEC if the BIO_ADDR has not been initialised.

+ +

BIO_ADDR_rawaddress() will write the raw address of the given BIO_ADDR in the area pointed at by p if p is non-NULL, and will set *l to be the amount of bytes the raw address takes up if l is non-NULL. A technique to only find out the size of the address is a call with p set to NULL. The raw address will be in network byte order, most significant byte first. In case this is a AF_UNIX BIO_ADDR, l gets the length of the path string (not including the terminating NUL, such as the result of a call to strlen()). Read on about the addresses in "RAW ADDRESSES" below.

+ +

BIO_ADDR_rawport() returns the raw port of the given BIO_ADDR. The raw port will be in network byte order.

+ +

BIO_ADDR_hostname_string() returns a character string with the hostname of the given BIO_ADDR. If numeric is 1, the string will contain the numerical form of the address. This only works for BIO_ADDR of the protocol families AF_INET and AF_INET6. The returned string has been allocated on the heap and must be freed with OPENSSL_free().

+ +

BIO_ADDR_service_string() returns a character string with the service name of the port of the given BIO_ADDR. If numeric is 1, the string will contain the port number. This only works for BIO_ADDR of the protocol families AF_INET and AF_INET6. The returned string has been allocated on the heap and must be freed with OPENSSL_free().

+ +

BIO_ADDR_path_string() returns a character string with the path of the given BIO_ADDR. This only works for BIO_ADDR of the protocol family AF_UNIX. The returned string has been allocated on the heap and must be freed with OPENSSL_free().

+ +

RAW ADDRESSES

+ +

Both BIO_ADDR_rawmake() and BIO_ADDR_rawaddress() take a pointer to a network byte order address of a specific site. Internally, those are treated as a pointer to struct in_addr (for AF_INET), struct in6_addr (for AF_INET6) or char * (for AF_UNIX), all depending on the protocol family the address is for.

+ +

RETURN VALUES

+ +

The string producing functions BIO_ADDR_hostname_string(), BIO_ADDR_service_string() and BIO_ADDR_path_string() will return NULL on error and leave an error indication on the OpenSSL error stack.

+ +

All other functions described here return 0 or NULL when the information they should return isn't available.

+ +

SEE ALSO

+ +

BIO_connect(3), BIO_s_connect(3)

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_ADDRINFO.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_ADDRINFO.html new file mode 100644 index 00000000..285455e3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_ADDRINFO.html @@ -0,0 +1,101 @@ + + + + +BIO_ADDRINFO + + + + + + + + + + +

NAME

+ +

BIO_lookup_type, BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free, BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol, BIO_ADDRINFO_address, BIO_lookup_ex, BIO_lookup - BIO_ADDRINFO type and routines

+ +

SYNOPSIS

+ +
#include <sys/types.h>
+#include <openssl/bio.h>
+
+typedef union bio_addrinfo_st BIO_ADDRINFO;
+
+enum BIO_lookup_type {
+    BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER
+};
+
+int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
+                  int family, int socktype, int protocol, BIO_ADDRINFO **res);
+int BIO_lookup(const char *node, const char *service,
+               enum BIO_lookup_type lookup_type,
+               int family, int socktype, BIO_ADDRINFO **res);
+
+const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai);
+const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai);
+void BIO_ADDRINFO_free(BIO_ADDRINFO *bai);
+ +

DESCRIPTION

+ +

The BIO_ADDRINFO type is a wrapper for address information types provided on your platform.

+ +

BIO_ADDRINFO normally forms a chain of several that can be picked at one by one.

+ +

BIO_lookup_ex() looks up a specified host and service, and uses lookup_type to determine what the default address should be if host is NULL. family, socktype and protocol are used to determine what protocol family, socket type and protocol should be used for the lookup. family can be any of AF_INET, AF_INET6, AF_UNIX and AF_UNSPEC. socktype can be SOCK_STREAM, SOCK_DGRAM or 0. Specifying 0 indicates that any type can be used. protocol specifies a protocol such as IPPROTO_TCP, IPPROTO_UDP or IPPORTO_SCTP. If set to 0 than any protocol can be used. res points at a pointer to hold the start of a BIO_ADDRINFO chain.

+ +

For the family AF_UNIX, BIO_lookup_ex() will ignore the service parameter and expects the node parameter to hold the path to the socket file.

+ +

BIO_lookup() does the same as BIO_lookup_ex() but does not provide the ability to select based on the protocol (any protocol may be returned).

+ +

BIO_ADDRINFO_family() returns the family of the given BIO_ADDRINFO. The result will be one of the constants AF_INET, AF_INET6 and AF_UNIX.

+ +

BIO_ADDRINFO_socktype() returns the socket type of the given BIO_ADDRINFO. The result will be one of the constants SOCK_STREAM and SOCK_DGRAM.

+ +

BIO_ADDRINFO_protocol() returns the protocol id of the given BIO_ADDRINFO. The result will be one of the constants IPPROTO_TCP and IPPROTO_UDP.

+ +

BIO_ADDRINFO_address() returns the underlying BIO_ADDR of the given BIO_ADDRINFO.

+ +

BIO_ADDRINFO_next() returns the next BIO_ADDRINFO in the chain from the given one.

+ +

BIO_ADDRINFO_free() frees the chain of BIO_ADDRINFO starting with the given one.

+ +

RETURN VALUES

+ +

BIO_lookup_ex() and BIO_lookup() return 1 on success and 0 when an error occurred, and will leave an error indication on the OpenSSL error stack in that case.

+ +

All other functions described here return 0 or NULL when the information they should return isn't available.

+ +

NOTES

+ +

The BIO_lookup_ex() implementation uses the platform provided getaddrinfo() function. On Linux it is known that specifying 0 for the protocol will not return any SCTP based addresses when calling getaddrinfo(). Therefore if an SCTP address is required then the protocol parameter to BIO_lookup_ex() should be explicitly set to IPPROTO_SCTP. The same may be true on other platforms.

+ +

HISTORY

+ +

The BIO_lookup_ex() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_connect.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_connect.html new file mode 100644 index 00000000..81740adc --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_connect.html @@ -0,0 +1,121 @@ + + + + +BIO_connect + + + + + + + + + + +

NAME

+ +

BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket - BIO socket communication setup routines

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+int BIO_socket(int domain, int socktype, int protocol, int options);
+int BIO_bind(int sock, const BIO_ADDR *addr, int options);
+int BIO_connect(int sock, const BIO_ADDR *addr, int options);
+int BIO_listen(int sock, const BIO_ADDR *addr, int options);
+int BIO_accept_ex(int accept_sock, BIO_ADDR *peer, int options);
+int BIO_closesocket(int sock);
+ +

DESCRIPTION

+ +

BIO_socket() creates a socket in the domain domain, of type socktype and protocol. Socket options are currently unused, but is present for future use.

+ +

BIO_bind() binds the source address and service to a socket and may be useful before calling BIO_connect(). The options may include BIO_SOCK_REUSEADDR, which is described in "FLAGS" below.

+ +

BIO_connect() connects sock to the address and service given by addr. Connection options may be zero or any combination of BIO_SOCK_KEEPALIVE, BIO_SOCK_NONBLOCK and BIO_SOCK_NODELAY. The flags are described in "FLAGS" below.

+ +

BIO_listen() has sock start listening on the address and service given by addr. Connection options may be zero or any combination of BIO_SOCK_KEEPALIVE, BIO_SOCK_NONBLOCK, BIO_SOCK_NODELAY, BIO_SOCK_REUSEADDR and BIO_SOCK_V6_ONLY. The flags are described in "FLAGS" below.

+ +

BIO_accept_ex() waits for an incoming connections on the given socket accept_sock. When it gets a connection, the address and port of the peer gets stored in peer if that one is non-NULL. Accept options may be zero or BIO_SOCK_NONBLOCK, and is applied on the accepted socket. The flags are described in "FLAGS" below.

+ +

BIO_closesocket() closes sock.

+ +

FLAGS

+ +
+ +
BIO_SOCK_KEEPALIVE
+
+ +

Enables regular sending of keep-alive messages.

+ +
+
BIO_SOCK_NONBLOCK
+
+ +

Sets the socket to non-blocking mode.

+ +
+
BIO_SOCK_NODELAY
+
+ +

Corresponds to TCP_NODELAY, and disables the Nagle algorithm. With this set, any data will be sent as soon as possible instead of being buffered until there's enough for the socket to send out in one go.

+ +
+
BIO_SOCK_REUSEADDR
+
+ +

Try to reuse the address and port combination for a recently closed port.

+ +
+
BIO_SOCK_V6_ONLY
+
+ +

When creating an IPv6 socket, make it only listen for IPv6 addresses and not IPv4 addresses mapped to IPv6.

+ +
+
+ +

These flags are bit flags, so they are to be combined with the | operator, for example:

+ +
BIO_connect(sock, addr, BIO_SOCK_KEEPALIVE | BIO_SOCK_NONBLOCK);
+ +

RETURN VALUES

+ +

BIO_socket() returns the socket number on success or INVALID_SOCKET (-1) on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error.

+ +

BIO_bind(), BIO_connect() and BIO_listen() return 1 on success or 0 on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error.

+ +

BIO_accept_ex() returns the accepted socket on success or INVALID_SOCKET (-1) on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error.

+ +

SEE ALSO

+ +

BIO_ADDR(3)

+ +

HISTORY

+ +

BIO_gethostname(), BIO_get_port(), BIO_get_host_ip(), BIO_get_accept_socket() and BIO_accept() were deprecated in OpenSSL 1.1.0. Use the functions described above instead.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_ctrl.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_ctrl.html new file mode 100644 index 00000000..b1671037 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_ctrl.html @@ -0,0 +1,115 @@ + + + + +BIO_ctrl + + + + + + + + + + +

NAME

+ +

BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb - BIO control operations

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+typedef int BIO_info_cb(BIO *b, int state, int res);
+
+long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
+long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb);
+char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
+long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
+
+int BIO_reset(BIO *b);
+int BIO_seek(BIO *b, int ofs);
+int BIO_tell(BIO *b);
+int BIO_flush(BIO *b);
+int BIO_eof(BIO *b);
+int BIO_set_close(BIO *b, long flag);
+int BIO_get_close(BIO *b);
+int BIO_pending(BIO *b);
+int BIO_wpending(BIO *b);
+size_t BIO_ctrl_pending(BIO *b);
+size_t BIO_ctrl_wpending(BIO *b);
+
+int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp);
+int BIO_set_info_callback(BIO *b, BIO_info_cb *cb);
+ +

DESCRIPTION

+ +

BIO_ctrl(), BIO_callback_ctrl(), BIO_ptr_ctrl() and BIO_int_ctrl() are BIO "control" operations taking arguments of various types. These functions are not normally called directly, various macros are used instead. The standard macros are described below, macros specific to a particular type of BIO are described in the specific BIOs manual page as well as any special features of the standard calls.

+ +

BIO_reset() typically resets a BIO to some initial state, in the case of file related BIOs for example it rewinds the file pointer to the start of the file.

+ +

BIO_seek() resets a file related BIO's (that is file descriptor and FILE BIOs) file position pointer to ofs bytes from start of file.

+ +

BIO_tell() returns the current file position of a file related BIO.

+ +

BIO_flush() normally writes out any internally buffered data, in some cases it is used to signal EOF and that no more data will be written.

+ +

BIO_eof() returns 1 if the BIO has read EOF, the precise meaning of "EOF" varies according to the BIO type.

+ +

BIO_set_close() sets the BIO b close flag to flag. flag can take the value BIO_CLOSE or BIO_NOCLOSE. Typically BIO_CLOSE is used in a source/sink BIO to indicate that the underlying I/O stream should be closed when the BIO is freed.

+ +

BIO_get_close() returns the BIOs close flag.

+ +

BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending() return the number of pending characters in the BIOs read and write buffers. Not all BIOs support these calls. BIO_ctrl_pending() and BIO_ctrl_wpending() return a size_t type and are functions, BIO_pending() and BIO_wpending() are macros which call BIO_ctrl().

+ +

RETURN VALUES

+ +

BIO_reset() normally returns 1 for success and 0 or -1 for failure. File BIOs are an exception, they return 0 for success and -1 for failure.

+ +

BIO_seek() and BIO_tell() both return the current file position on success and -1 for failure, except file BIOs which for BIO_seek() always return 0 for success and -1 for failure.

+ +

BIO_flush() returns 1 for success and 0 or -1 for failure.

+ +

BIO_eof() returns 1 if EOF has been reached 0 otherwise.

+ +

BIO_set_close() always returns 1.

+ +

BIO_get_close() returns the close flag value: BIO_CLOSE or BIO_NOCLOSE.

+ +

BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending() return the amount of pending data.

+ +

NOTES

+ +

BIO_flush(), because it can write data may return 0 or -1 indicating that the call should be retried later in a similar manner to BIO_write_ex(). The BIO_should_retry() call should be used and appropriate action taken is the call fails.

+ +

The return values of BIO_pending() and BIO_wpending() may not reliably determine the amount of pending data in all cases. For example in the case of a file BIO some data may be available in the FILE structures internal buffers but it is not possible to determine this in a portably way. For other types of BIO they may not be supported.

+ +

Filter BIOs if they do not internally handle a particular BIO_ctrl() operation usually pass the operation to the next BIO in the chain. This often means there is no need to locate the required BIO for a particular operation, it can be called on a chain and it will be automatically passed to the relevant BIO. However this can cause unexpected results: for example no current filter BIOs implement BIO_seek(), but this may still succeed if the chain ends in a FILE or file descriptor BIO.

+ +

Source/sink BIOs return an 0 if they do not recognize the BIO_ctrl() operation.

+ +

BUGS

+ +

Some of the return values are ambiguous and care should be taken. In particular a return value of 0 can be returned if an operation is not supported, if an error occurred, if EOF has not been reached and in the case of BIO_seek() on a file BIO for a successful operation.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_base64.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_base64.html new file mode 100644 index 00000000..9a2092c8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_base64.html @@ -0,0 +1,102 @@ + + + + +BIO_f_base64 + + + + + + + + + + +

NAME

+ +

BIO_f_base64 - base64 BIO filter

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+const BIO_METHOD *BIO_f_base64(void);
+ +

DESCRIPTION

+ +

BIO_f_base64() returns the base64 BIO method. This is a filter BIO that base64 encodes any data written through it and decodes any data read through it.

+ +

Base64 BIOs do not support BIO_gets() or BIO_puts().

+ +

BIO_flush() on a base64 BIO that is being written through is used to signal that no more data is to be encoded: this is used to flush the final block through the BIO.

+ +

The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags() to encode the data all on one line or expect the data to be all on one line.

+ +

NOTES

+ +

Because of the format of base64 encoding the end of the encoded block cannot always be reliably determined.

+ +

RETURN VALUES

+ +

BIO_f_base64() returns the base64 BIO method.

+ +

EXAMPLES

+ +

Base64 encode the string "Hello World\n" and write the result to standard output:

+ +
BIO *bio, *b64;
+char message[] = "Hello World \n";
+
+b64 = BIO_new(BIO_f_base64());
+bio = BIO_new_fp(stdout, BIO_NOCLOSE);
+BIO_push(b64, bio);
+BIO_write(b64, message, strlen(message));
+BIO_flush(b64);
+
+BIO_free_all(b64);
+ +

Read Base64 encoded data from standard input and write the decoded data to standard output:

+ +
BIO *bio, *b64, *bio_out;
+char inbuf[512];
+int inlen;
+
+b64 = BIO_new(BIO_f_base64());
+bio = BIO_new_fp(stdin, BIO_NOCLOSE);
+bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+BIO_push(b64, bio);
+while ((inlen = BIO_read(b64, inbuf, 512)) > 0)
+    BIO_write(bio_out, inbuf, inlen);
+
+BIO_flush(bio_out);
+BIO_free_all(b64);
+ +

BUGS

+ +

The ambiguity of EOF in base64 encoded data can cause additional data following the base64 encoded block to be misinterpreted.

+ +

There should be some way of specifying a test that the BIO can perform to reliably determine EOF (for example a MIME boundary).

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_buffer.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_buffer.html new file mode 100644 index 00000000..59f97e65 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_buffer.html @@ -0,0 +1,89 @@ + + + + +BIO_f_buffer + + + + + + + + + + +

NAME

+ +

BIO_get_buffer_num_lines, BIO_set_read_buffer_size, BIO_set_write_buffer_size, BIO_set_buffer_size, BIO_set_buffer_read_data, BIO_f_buffer - buffering BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_f_buffer(void);
+
+long BIO_get_buffer_num_lines(BIO *b);
+long BIO_set_read_buffer_size(BIO *b, long size);
+long BIO_set_write_buffer_size(BIO *b, long size);
+long BIO_set_buffer_size(BIO *b, long size);
+long BIO_set_buffer_read_data(BIO *b, void *buf, long num);
+ +

DESCRIPTION

+ +

BIO_f_buffer() returns the buffering BIO method.

+ +

Data written to a buffering BIO is buffered and periodically written to the next BIO in the chain. Data read from a buffering BIO comes from an internal buffer which is filled from the next BIO in the chain. Both BIO_gets() and BIO_puts() are supported.

+ +

Calling BIO_reset() on a buffering BIO clears any buffered data.

+ +

BIO_get_buffer_num_lines() returns the number of lines currently buffered.

+ +

BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size() set the read, write or both read and write buffer sizes to size. The initial buffer size is DEFAULT_BUFFER_SIZE, currently 4096. Any attempt to reduce the buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared when the buffer is resized.

+ +

BIO_set_buffer_read_data() clears the read buffer and fills it with num bytes of buf. If num is larger than the current buffer size the buffer is expanded.

+ +

NOTES

+ +

These functions, other than BIO_f_buffer(), are implemented as macros.

+ +

Buffering BIOs implement BIO_read_ex() and BIO_gets() by using BIO_read_ex() operations on the next BIO in the chain and storing the result in an internal buffer, from which bytes are given back to the caller as appropriate for the call; a BIO_gets() is guaranteed to give the caller a whole line, and BIO_read_ex() is guaranteed to give the caller the number of bytes it asks for, unless there's an error or end of communication is reached in the next BIO. By prepending a buffering BIO to a chain it is therefore possible to provide BIO_gets() or exact size BIO_read_ex() functionality if the following BIOs do not support it.

+ +

Do not add more than one BIO_f_buffer() to a BIO chain. The result of doing so will force a full read of the size of the internal buffer of the top BIO_f_buffer(), which is 4 KiB at a minimum.

+ +

Data is only written to the next BIO in the chain when the write buffer fills or when BIO_flush() is called. It is therefore important to call BIO_flush() whenever any pending data should be written such as when removing a buffering BIO using BIO_pop(). BIO_flush() may need to be retried if the ultimate source/sink BIO is non blocking.

+ +

RETURN VALUES

+ +

BIO_f_buffer() returns the buffering BIO method.

+ +

BIO_get_buffer_num_lines() returns the number of lines buffered (may be 0).

+ +

BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size() return 1 if the buffer was successfully resized or 0 for failure.

+ +

BIO_set_buffer_read_data() returns 1 if the data was set correctly or 0 if there was an error.

+ +

SEE ALSO

+ +

bio(7), BIO_reset(3), BIO_flush(3), BIO_pop(3), BIO_ctrl(3).

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_cipher.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_cipher.html new file mode 100644 index 00000000..7d724984 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_cipher.html @@ -0,0 +1,81 @@ + + + + +BIO_f_cipher + + + + + + + + + + +

NAME

+ +

BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher BIO filter

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+const BIO_METHOD *BIO_f_cipher(void);
+void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher,
+                    unsigned char *key, unsigned char *iv, int enc);
+int BIO_get_cipher_status(BIO *b)
+int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
+ +

DESCRIPTION

+ +

BIO_f_cipher() returns the cipher BIO method. This is a filter BIO that encrypts any data written through it, and decrypts any data read from it. It is a BIO wrapper for the cipher routines EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal().

+ +

Cipher BIOs do not support BIO_gets() or BIO_puts().

+ +

BIO_flush() on an encryption BIO that is being written through is used to signal that no more data is to be encrypted: this is used to flush and possibly pad the final block through the BIO.

+ +

BIO_set_cipher() sets the cipher of BIO b to cipher using key key and IV iv. enc should be set to 1 for encryption and zero for decryption.

+ +

When reading from an encryption BIO the final block is automatically decrypted and checked when EOF is detected. BIO_get_cipher_status() is a BIO_ctrl() macro which can be called to determine whether the decryption operation was successful.

+ +

BIO_get_cipher_ctx() is a BIO_ctrl() macro which retrieves the internal BIO cipher context. The retrieved context can be used in conjunction with the standard cipher routines to set it up. This is useful when BIO_set_cipher() is not flexible enough for the applications needs.

+ +

NOTES

+ +

When encrypting BIO_flush() must be called to flush the final block through the BIO. If it is not then the final block will fail a subsequent decrypt.

+ +

When decrypting an error on the final block is signaled by a zero return value from the read operation. A successful decrypt followed by EOF will also return zero for the final read. BIO_get_cipher_status() should be called to determine if the decrypt was successful.

+ +

As always, if BIO_gets() or BIO_puts() support is needed then it can be achieved by preceding the cipher BIO with a buffering BIO.

+ +

RETURN VALUES

+ +

BIO_f_cipher() returns the cipher BIO method.

+ +

BIO_set_cipher() does not return a value.

+ +

BIO_get_cipher_status() returns 1 for a successful decrypt and 0 for failure.

+ +

BIO_get_cipher_ctx() currently always returns 1.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_md.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_md.html new file mode 100644 index 00000000..95b95556 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_md.html @@ -0,0 +1,156 @@ + + + + +BIO_f_md + + + + + + + + + + +

NAME

+ +

BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+const BIO_METHOD *BIO_f_md(void);
+int BIO_set_md(BIO *b, EVP_MD *md);
+int BIO_get_md(BIO *b, EVP_MD **mdp);
+int BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp);
+ +

DESCRIPTION

+ +

BIO_f_md() returns the message digest BIO method. This is a filter BIO that digests any data passed through it, it is a BIO wrapper for the digest routines EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal().

+ +

Any data written or read through a digest BIO using BIO_read_ex() and BIO_write_ex() is digested.

+ +

BIO_gets(), if its size parameter is large enough finishes the digest calculation and returns the digest value. BIO_puts() is not supported.

+ +

BIO_reset() reinitialises a digest BIO.

+ +

BIO_set_md() sets the message digest of BIO b to md: this must be called to initialize a digest BIO before any data is passed through it. It is a BIO_ctrl() macro.

+ +

BIO_get_md() places the a pointer to the digest BIOs digest method in mdp, it is a BIO_ctrl() macro.

+ +

BIO_get_md_ctx() returns the digest BIOs context into mdcp.

+ +

NOTES

+ +

The context returned by BIO_get_md_ctx() can be used in calls to EVP_DigestFinal() and also the signature routines EVP_SignFinal() and EVP_VerifyFinal().

+ +

The context returned by BIO_get_md_ctx() is an internal context structure. Changes made to this context will affect the digest BIO itself and the context pointer will become invalid when the digest BIO is freed.

+ +

After the digest has been retrieved from a digest BIO it must be reinitialized by calling BIO_reset(), or BIO_set_md() before any more data is passed through it.

+ +

If an application needs to call BIO_gets() or BIO_puts() through a chain containing digest BIOs then this can be done by prepending a buffering BIO.

+ +

Calling BIO_get_md_ctx() will return the context and initialize the BIO state. This allows applications to initialize the context externally if the standard calls such as BIO_set_md() are not sufficiently flexible.

+ +

RETURN VALUES

+ +

BIO_f_md() returns the digest BIO method.

+ +

BIO_set_md(), BIO_get_md() and BIO_md_ctx() return 1 for success and 0 for failure.

+ +

EXAMPLES

+ +

The following example creates a BIO chain containing an SHA1 and MD5 digest BIO and passes the string "Hello World" through it. Error checking has been omitted for clarity.

+ +
BIO *bio, *mdtmp;
+char message[] = "Hello World";
+
+bio = BIO_new(BIO_s_null());
+mdtmp = BIO_new(BIO_f_md());
+BIO_set_md(mdtmp, EVP_sha1());
+/*
+ * For BIO_push() we want to append the sink BIO and keep a note of
+ * the start of the chain.
+ */
+bio = BIO_push(mdtmp, bio);
+mdtmp = BIO_new(BIO_f_md());
+BIO_set_md(mdtmp, EVP_md5());
+bio = BIO_push(mdtmp, bio);
+/* Note: mdtmp can now be discarded */
+BIO_write(bio, message, strlen(message));
+ +

The next example digests data by reading through a chain instead:

+ +
BIO *bio, *mdtmp;
+char buf[1024];
+int rdlen;
+
+bio = BIO_new_file(file, "rb");
+mdtmp = BIO_new(BIO_f_md());
+BIO_set_md(mdtmp, EVP_sha1());
+bio = BIO_push(mdtmp, bio);
+mdtmp = BIO_new(BIO_f_md());
+BIO_set_md(mdtmp, EVP_md5());
+bio = BIO_push(mdtmp, bio);
+do {
+    rdlen = BIO_read(bio, buf, sizeof(buf));
+    /* Might want to do something with the data here */
+} while (rdlen > 0);
+ +

This next example retrieves the message digests from a BIO chain and outputs them. This could be used with the examples above.

+ +
BIO *mdtmp;
+unsigned char mdbuf[EVP_MAX_MD_SIZE];
+int mdlen;
+int i;
+
+mdtmp = bio;   /* Assume bio has previously been set up */
+do {
+    EVP_MD *md;
+
+    mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
+    if (!mdtmp)
+        break;
+    BIO_get_md(mdtmp, &md);
+    printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
+    mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
+    for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
+    printf("\n");
+    mdtmp = BIO_next(mdtmp);
+} while (mdtmp);
+
+BIO_free_all(bio);
+ +

BUGS

+ +

The lack of support for BIO_puts() and the non standard behaviour of BIO_gets() could be regarded as anomalous. It could be argued that BIO_gets() and BIO_puts() should be passed to the next BIO in the chain and digest the data passed through and that digests should be retrieved using a separate BIO_ctrl() call.

+ +

HISTORY

+ +

Before OpenSSL 1.0.0., the call to BIO_get_md_ctx() would only work if the BIO was initialized first.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_null.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_null.html new file mode 100644 index 00000000..d969ee91 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_null.html @@ -0,0 +1,58 @@ + + + + +BIO_f_null + + + + + + + + + + +

NAME

+ +

BIO_f_null - null filter

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_f_null(void);
+ +

DESCRIPTION

+ +

BIO_f_null() returns the null filter BIO method. This is a filter BIO that does nothing.

+ +

All requests to a null filter BIO are passed through to the next BIO in the chain: this means that a BIO chain containing a null filter BIO behaves just as though the BIO was not there.

+ +

NOTES

+ +

As may be apparent a null filter BIO is not particularly useful.

+ +

RETURN VALUES

+ +

BIO_f_null() returns the null filter BIO method.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_ssl.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_ssl.html new file mode 100644 index 00000000..e1688c5f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_f_ssl.html @@ -0,0 +1,263 @@ + + + + +BIO_f_ssl + + + + + + + + + + +

NAME

+ +

BIO_do_handshake, BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, BIO_ssl_shutdown - SSL BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+#include <openssl/ssl.h>
+
+const BIO_METHOD *BIO_f_ssl(void);
+
+long BIO_set_ssl(BIO *b, SSL *ssl, long c);
+long BIO_get_ssl(BIO *b, SSL **sslp);
+long BIO_set_ssl_mode(BIO *b, long client);
+long BIO_set_ssl_renegotiate_bytes(BIO *b, long num);
+long BIO_set_ssl_renegotiate_timeout(BIO *b, long seconds);
+long BIO_get_num_renegotiates(BIO *b);
+
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+int BIO_ssl_copy_session_id(BIO *to, BIO *from);
+void BIO_ssl_shutdown(BIO *bio);
+
+long BIO_do_handshake(BIO *b);
+ +

DESCRIPTION

+ +

BIO_f_ssl() returns the SSL BIO method. This is a filter BIO which is a wrapper round the OpenSSL SSL routines adding a BIO "flavour" to SSL I/O.

+ +

I/O performed on an SSL BIO communicates using the SSL protocol with the SSLs read and write BIOs. If an SSL connection is not established then an attempt is made to establish one on the first I/O call.

+ +

If a BIO is appended to an SSL BIO using BIO_push() it is automatically used as the SSL BIOs read and write BIOs.

+ +

Calling BIO_reset() on an SSL BIO closes down any current SSL connection by calling SSL_shutdown(). BIO_reset() is then sent to the next BIO in the chain: this will typically disconnect the underlying transport. The SSL BIO is then reset to the initial accept or connect state.

+ +

If the close flag is set when an SSL BIO is freed then the internal SSL structure is also freed using SSL_free().

+ +

BIO_set_ssl() sets the internal SSL pointer of BIO b to ssl using the close flag c.

+ +

BIO_get_ssl() retrieves the SSL pointer of BIO b, it can then be manipulated using the standard SSL library functions.

+ +

BIO_set_ssl_mode() sets the SSL BIO mode to client. If client is 1 client mode is set. If client is 0 server mode is set.

+ +

BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count to num. When set after every num bytes of I/O (read and write) the SSL session is automatically renegotiated. num must be at least 512 bytes.

+ +

BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout to seconds. When the renegotiate timeout elapses the session is automatically renegotiated.

+ +

BIO_get_num_renegotiates() returns the total number of session renegotiations due to I/O or timeout.

+ +

BIO_new_ssl() allocates an SSL BIO using SSL_CTX ctx and using client mode if client is non zero.

+ +

BIO_new_ssl_connect() creates a new BIO chain consisting of an SSL BIO (using ctx) followed by a connect BIO.

+ +

BIO_new_buffer_ssl_connect() creates a new BIO chain consisting of a buffering BIO, an SSL BIO (using ctx) and a connect BIO.

+ +

BIO_ssl_copy_session_id() copies an SSL session id between BIO chains from and to. It does this by locating the SSL BIOs in each chain and calling SSL_copy_session_id() on the internal SSL pointer.

+ +

BIO_ssl_shutdown() closes down an SSL connection on BIO chain bio. It does this by locating the SSL BIO in the chain and calling SSL_shutdown() on its internal SSL pointer.

+ +

BIO_do_handshake() attempts to complete an SSL handshake on the supplied BIO and establish the SSL connection. It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the call BIO_should_retry() should be used for non blocking connect BIOs to determine if the call should be retried. If an SSL connection has already been established this call has no effect.

+ +

NOTES

+ +

SSL BIOs are exceptional in that if the underlying transport is non blocking they can still request a retry in exceptional circumstances. Specifically this will happen if a session renegotiation takes place during a BIO_read_ex() operation, one case where this happens is when step up occurs.

+ +

The SSL flag SSL_AUTO_RETRY can be set to disable this behaviour. That is when this flag is set an SSL BIO using a blocking transport will never request a retry.

+ +

Since unknown BIO_ctrl() operations are sent through filter BIOs the servers name and port can be set using BIO_set_host() on the BIO returned by BIO_new_ssl_connect() without having to locate the connect BIO first.

+ +

Applications do not have to call BIO_do_handshake() but may wish to do so to separate the handshake process from other I/O processing.

+ +

BIO_set_ssl(), BIO_get_ssl(), BIO_set_ssl_mode(), BIO_set_ssl_renegotiate_bytes(), BIO_set_ssl_renegotiate_timeout(), BIO_get_num_renegotiates(), and BIO_do_handshake() are implemented as macros.

+ +

RETURN VALUES

+ +

BIO_f_ssl() returns the SSL BIO_METHOD structure.

+ +

BIO_set_ssl(), BIO_get_ssl(), BIO_set_ssl_mode(), BIO_set_ssl_renegotiate_bytes(), BIO_set_ssl_renegotiate_timeout() and BIO_get_num_renegotiates() return 1 on success or a value which is less than or equal to 0 if an error occurred.

+ +

BIO_new_ssl(), BIO_new_ssl_connect() and BIO_new_buffer_ssl_connect() return a valid BIO structure on success or NULL if an error occurred.

+ +

BIO_ssl_copy_session_id() returns 1 on success or 0 on error.

+ +

BIO_do_handshake() returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established.

+ +

EXAMPLES

+ +

This SSL/TLS client example attempts to retrieve a page from an SSL/TLS web server. The I/O routines are identical to those of the unencrypted example in BIO_s_connect(3).

+ +
BIO *sbio, *out;
+int len;
+char tmpbuf[1024];
+SSL_CTX *ctx;
+SSL *ssl;
+
+/* XXX Seed the PRNG if needed. */
+
+ctx = SSL_CTX_new(TLS_client_method());
+
+/* XXX Set verify paths and mode here. */
+
+sbio = BIO_new_ssl_connect(ctx);
+BIO_get_ssl(sbio, &ssl);
+if (ssl == NULL) {
+    fprintf(stderr, "Can't locate SSL pointer\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+
+/* Don't want any retries */
+SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+/* XXX We might want to do other things with ssl here */
+
+/* An empty host part means the loopback address */
+BIO_set_conn_hostname(sbio, ":https");
+
+out = BIO_new_fp(stdout, BIO_NOCLOSE);
+if (BIO_do_connect(sbio) <= 0) {
+    fprintf(stderr, "Error connecting to server\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+if (BIO_do_handshake(sbio) <= 0) {
+    fprintf(stderr, "Error establishing SSL connection\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+
+/* XXX Could examine ssl here to get connection info */
+
+BIO_puts(sbio, "GET / HTTP/1.0\n\n");
+for (;;) {
+    len = BIO_read(sbio, tmpbuf, 1024);
+    if (len <= 0)
+        break;
+    BIO_write(out, tmpbuf, len);
+}
+BIO_free_all(sbio);
+BIO_free(out);
+ +

Here is a simple server example. It makes use of a buffering BIO to allow lines to be read from the SSL BIO using BIO_gets. It creates a pseudo web page containing the actual request from a client and also echoes the request to standard output.

+ +
BIO *sbio, *bbio, *acpt, *out;
+int len;
+char tmpbuf[1024];
+SSL_CTX *ctx;
+SSL *ssl;
+
+/* XXX Seed the PRNG if needed. */
+
+ctx = SSL_CTX_new(TLS_server_method());
+if (!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM)
+        || !SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM)
+        || !SSL_CTX_check_private_key(ctx)) {
+    fprintf(stderr, "Error setting up SSL_CTX\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+
+/* XXX Other things like set verify locations, EDH temp callbacks. */
+
+/* New SSL BIO setup as server */
+sbio = BIO_new_ssl(ctx, 0);
+BIO_get_ssl(sbio, &ssl);
+if (ssl == NULL) {
+    fprintf(stderr, "Can't locate SSL pointer\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+
+SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+bbio = BIO_new(BIO_f_buffer());
+sbio = BIO_push(bbio, sbio);
+acpt = BIO_new_accept("4433");
+
+/*
+ * By doing this when a new connection is established
+ * we automatically have sbio inserted into it. The
+ * BIO chain is now 'swallowed' by the accept BIO and
+ * will be freed when the accept BIO is freed.
+ */
+BIO_set_accept_bios(acpt, sbio);
+out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+/* Setup accept BIO */
+if (BIO_do_accept(acpt) <= 0) {
+    fprintf(stderr, "Error setting up accept BIO\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+
+/* We only want one connection so remove and free accept BIO */
+sbio = BIO_pop(acpt);
+BIO_free_all(acpt);
+
+if (BIO_do_handshake(sbio) <= 0) {
+    fprintf(stderr, "Error in SSL handshake\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+
+BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
+BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
+BIO_puts(sbio, "--------------------------------------------------\r\n");
+
+for (;;) {
+    len = BIO_gets(sbio, tmpbuf, 1024);
+    if (len <= 0)
+        break;
+    BIO_write(sbio, tmpbuf, len);
+    BIO_write(out, tmpbuf, len);
+    /* Look for blank line signifying end of headers*/
+    if (tmpbuf[0] == '\r' || tmpbuf[0] == '\n')
+        break;
+}
+
+BIO_puts(sbio, "--------------------------------------------------\r\n");
+BIO_puts(sbio, "\r\n");
+BIO_flush(sbio);
+BIO_free_all(sbio);
+ +

HISTORY

+ +

In OpenSSL before 1.0.0 the BIO_pop() call was handled incorrectly, the I/O BIO reference count was incorrectly incremented (instead of decremented) and dissociated with the SSL BIO even if the SSL BIO was not explicitly being popped (e.g. a pop higher up the chain). Applications which included workarounds for this bug (e.g. freeing BIOs more than once) should be modified to handle this fix or they may free up an already freed BIO.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_find_type.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_find_type.html new file mode 100644 index 00000000..51188228 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_find_type.html @@ -0,0 +1,83 @@ + + + + +BIO_find_type + + + + + + + + + + +

NAME

+ +

BIO_find_type, BIO_next, BIO_method_type - BIO chain traversal

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+BIO *BIO_find_type(BIO *b, int bio_type);
+BIO *BIO_next(BIO *b);
+int BIO_method_type(const BIO *b);
+ +

DESCRIPTION

+ +

The BIO_find_type() searches for a BIO of a given type in a chain, starting at BIO b. If type is a specific type (such as BIO_TYPE_MEM) then a search is made for a BIO of that type. If type is a general type (such as BIO_TYPE_SOURCE_SINK) then the next matching BIO of the given general type is searched for. BIO_find_type() returns the next matching BIO or NULL if none is found.

+ +

The following general types are defined: BIO_TYPE_DESCRIPTOR, BIO_TYPE_FILTER, and BIO_TYPE_SOURCE_SINK.

+ +

For a list of the specific types, see the openssl/bio.h header file.

+ +

BIO_next() returns the next BIO in a chain. It can be used to traverse all BIOs in a chain or used in conjunction with BIO_find_type() to find all BIOs of a certain type.

+ +

BIO_method_type() returns the type of a BIO.

+ +

RETURN VALUES

+ +

BIO_find_type() returns a matching BIO or NULL for no match.

+ +

BIO_next() returns the next BIO in a chain.

+ +

BIO_method_type() returns the type of the BIO b.

+ +

EXAMPLES

+ +

Traverse a chain looking for digest BIOs:

+ +
BIO *btmp;
+
+btmp = in_bio; /* in_bio is chain to search through */
+do {
+    btmp = BIO_find_type(btmp, BIO_TYPE_MD);
+    if (btmp == NULL)
+        break; /* Not found */
+    /* btmp is a digest BIO, do something with it ...*/
+    ...
+
+    btmp = BIO_next(btmp);
+} while (btmp);
+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_get_data.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_get_data.html new file mode 100644 index 00000000..7eb54c2f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_get_data.html @@ -0,0 +1,76 @@ + + + + +BIO_get_data + + + + + + + + + + +

NAME

+ +

BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, BIO_get_shutdown - functions for managing BIO state information

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+void BIO_set_data(BIO *a, void *ptr);
+void *BIO_get_data(BIO *a);
+void BIO_set_init(BIO *a, int init);
+int BIO_get_init(BIO *a);
+void BIO_set_shutdown(BIO *a, int shut);
+int BIO_get_shutdown(BIO *a);
+ +

DESCRIPTION

+ +

These functions are mainly useful when implementing a custom BIO.

+ +

The BIO_set_data() function associates the custom data pointed to by ptr with the BIO. This data can subsequently be retrieved via a call to BIO_get_data(). This can be used by custom BIOs for storing implementation specific information.

+ +

The BIO_set_init() function sets the value of the BIO's "init" flag to indicate whether initialisation has been completed for this BIO or not. A non-zero value indicates that initialisation is complete, whilst zero indicates that it is not. Often initialisation will complete during initial construction of the BIO. For some BIOs however, initialisation may not complete until after additional steps have occurred (for example through calling custom ctrls). The BIO_get_init() function returns the value of the "init" flag.

+ +

The BIO_set_shutdown() and BIO_get_shutdown() functions set and get the state of this BIO's shutdown (i.e. BIO_CLOSE) flag. If set then the underlying resource is also closed when the BIO is freed.

+ +

RETURN VALUES

+ +

BIO_get_data() returns a pointer to the implementation specific custom data associated with this BIO, or NULL if none has been set.

+ +

BIO_get_init() returns the state of the BIO's init flag.

+ +

BIO_get_shutdown() returns the stat of the BIO's shutdown (i.e. BIO_CLOSE) flag.

+ +

SEE ALSO

+ +

bio, BIO_meth_new

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_get_ex_new_index.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_get_ex_new_index.html new file mode 100644 index 00000000..6739e44e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_get_ex_new_index.html @@ -0,0 +1,75 @@ + + + + +BIO_get_ex_new_index + + + + + + + + + + +

NAME

+ +

BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data, UI_get_ex_new_index, UI_set_ex_data, UI_get_ex_data, X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data, X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data, X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data, DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data, EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data, RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - application-specific data

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int TYPE_get_ex_new_index(long argl, void *argp,
+                          CRYPTO_EX_new *new_func,
+                          CRYPTO_EX_dup *dup_func,
+                          CRYPTO_EX_free *free_func);
+
+int TYPE_set_ex_data(TYPE *d, int idx, void *arg);
+
+void *TYPE_get_ex_data(TYPE *d, int idx);
+ +

DESCRIPTION

+ +

In the description here, TYPE is used a placeholder for any of the OpenSSL datatypes listed in CRYPTO_get_ex_new_index(3).

+ +

These functions handle application-specific data for OpenSSL data structures.

+ +

TYPE_get_ex_new_index() is a macro that calls CRYPTO_get_ex_new_index() with the correct index value.

+ +

TYPE_set_ex_data() is a function that calls CRYPTO_set_ex_data() with an offset into the opaque exdata part of the TYPE object.

+ +

TYPE_get_ex_data() is a function that calls CRYPTO_get_ex_data() with an offset into the opaque exdata part of the TYPE object.

+ +

RETURN VALUES

+ +

TYPE_get_ex_new_index() returns a new index on success or -1 on error.

+ +

TYPE_set_ex_data() returns 1 on success or 0 on error.

+ +

TYPE_get_ex_data() returns the application data or NULL if an error occurred.

+ +

SEE ALSO

+ +

CRYPTO_get_ex_new_index(3).

+ +

COPYRIGHT

+ +

Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_meth_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_meth_new.html new file mode 100644 index 00000000..fccdeefc --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_meth_new.html @@ -0,0 +1,128 @@ + + + + +BIO_meth_new + + + + + + + + + + +

NAME

+ +

BIO_get_new_index, BIO_meth_new, BIO_meth_free, BIO_meth_get_read_ex, BIO_meth_set_read_ex, BIO_meth_get_write_ex, BIO_meth_set_write_ex, BIO_meth_get_write, BIO_meth_set_write, BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, BIO_meth_set_puts, BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, BIO_meth_set_ctrl, BIO_meth_get_create, BIO_meth_set_create, BIO_meth_get_destroy, BIO_meth_set_destroy, BIO_meth_get_callback_ctrl, BIO_meth_set_callback_ctrl - Routines to build up BIO methods

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+int BIO_get_new_index(void);
+
+BIO_METHOD *BIO_meth_new(int type, const char *name);
+
+void BIO_meth_free(BIO_METHOD *biom);
+
+int (*BIO_meth_get_write_ex(const BIO_METHOD *biom))(BIO *, const char *, size_t,
+                                               size_t *);
+int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int);
+int BIO_meth_set_write_ex(BIO_METHOD *biom,
+                          int (*bwrite)(BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_write(BIO_METHOD *biom,
+                       int (*write)(BIO *, const char *, int));
+
+int (*BIO_meth_get_read_ex(const BIO_METHOD *biom))(BIO *, char *, size_t, size_t *);
+int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int);
+int BIO_meth_set_read_ex(BIO_METHOD *biom,
+                         int (*bread)(BIO *, char *, size_t, size_t *));
+int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int));
+
+int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *);
+int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *));
+
+int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int);
+int BIO_meth_set_gets(BIO_METHOD *biom,
+                      int (*gets)(BIO *, char *, int));
+
+long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *);
+int BIO_meth_set_ctrl(BIO_METHOD *biom,
+                      long (*ctrl)(BIO *, int, long, void *));
+
+int (*BIO_meth_get_create(const BIO_METHOD *bion))(BIO *);
+int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *));
+
+int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *);
+int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *));
+
+long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *);
+int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+                               long (*callback_ctrl)(BIO *, int, BIO_info_cb *));
+ +

DESCRIPTION

+ +

The BIO_METHOD type is a structure used for the implementation of new BIO types. It provides a set of functions used by OpenSSL for the implementation of the various BIO capabilities. See the bio page for more information.

+ +

BIO_meth_new() creates a new BIO_METHOD structure. It should be given a unique integer type and a string that represents its name. Use BIO_get_new_index() to get the value for type.

+ +

The set of standard OpenSSL provided BIO types is provided in bio.h. Some examples include BIO_TYPE_BUFFER and BIO_TYPE_CIPHER. Filter BIOs should have a type which have the "filter" bit set (BIO_TYPE_FILTER). Source/sink BIOs should have the "source/sink" bit set (BIO_TYPE_SOURCE_SINK). File descriptor based BIOs (e.g. socket, fd, connect, accept etc) should additionally have the "descriptor" bit set (BIO_TYPE_DESCRIPTOR). See the BIO_find_type page for more information.

+ +

BIO_meth_free() destroys a BIO_METHOD structure and frees up any memory associated with it.

+ +

BIO_meth_get_write_ex() and BIO_meth_set_write_ex() get and set the function used for writing arbitrary length data to the BIO respectively. This function will be called in response to the application calling BIO_write_ex() or BIO_write(). The parameters for the function have the same meaning as for BIO_write_ex(). Older code may call BIO_meth_get_write() and BIO_meth_set_write() instead. Applications should not call both BIO_meth_set_write_ex() and BIO_meth_set_write() or call BIO_meth_get_write() when the function was set with BIO_meth_set_write_ex().

+ +

BIO_meth_get_read_ex() and BIO_meth_set_read_ex() get and set the function used for reading arbitrary length data from the BIO respectively. This function will be called in response to the application calling BIO_read_ex() or BIO_read(). The parameters for the function have the same meaning as for BIO_read_ex(). Older code may call BIO_meth_get_read() and BIO_meth_set_read() instead. Applications should not call both BIO_meth_set_read_ex() and BIO_meth_set_read() or call BIO_meth_get_read() when the function was set with BIO_meth_set_read_ex().

+ +

BIO_meth_get_puts() and BIO_meth_set_puts() get and set the function used for writing a NULL terminated string to the BIO respectively. This function will be called in response to the application calling BIO_puts(). The parameters for the function have the same meaning as for BIO_puts().

+ +

BIO_meth_get_gets() and BIO_meth_set_gets() get and set the function typically used for reading a line of data from the BIO respectively (see the BIO_gets(3) page for more information). This function will be called in response to the application calling BIO_gets(). The parameters for the function have the same meaning as for BIO_gets().

+ +

BIO_meth_get_ctrl() and BIO_meth_set_ctrl() get and set the function used for processing ctrl messages in the BIO respectively. See the BIO_ctrl page for more information. This function will be called in response to the application calling BIO_ctrl(). The parameters for the function have the same meaning as for BIO_ctrl().

+ +

BIO_meth_get_create() and BIO_meth_set_create() get and set the function used for creating a new instance of the BIO respectively. This function will be called in response to the application calling BIO_new() and passing in a pointer to the current BIO_METHOD. The BIO_new() function will allocate the memory for the new BIO, and a pointer to this newly allocated structure will be passed as a parameter to the function.

+ +

BIO_meth_get_destroy() and BIO_meth_set_destroy() get and set the function used for destroying an instance of a BIO respectively. This function will be called in response to the application calling BIO_free(). A pointer to the BIO to be destroyed is passed as a parameter. The destroy function should be used for BIO specific clean up. The memory for the BIO itself should not be freed by this function.

+ +

BIO_meth_get_callback_ctrl() and BIO_meth_set_callback_ctrl() get and set the function used for processing callback ctrl messages in the BIO respectively. See the BIO_callback_ctrl(3) page for more information. This function will be called in response to the application calling BIO_callback_ctrl(). The parameters for the function have the same meaning as for BIO_callback_ctrl().

+ +

RETURN VALUES

+ +

BIO_get_new_index() returns the new BIO type value or -1 if an error occurred.

+ +

BIO_meth_new(int type, const char *name) returns a valid BIO_METHOD or NULL if an error occurred.

+ +

The BIO_meth_set functions return 1 on success or 0 on error.

+ +

The BIO_meth_get functions return the corresponding function pointers.

+ +

SEE ALSO

+ +

bio, BIO_find_type, BIO_ctrl, BIO_read_ex, BIO_new

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_new.html new file mode 100644 index 00000000..30b46277 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_new.html @@ -0,0 +1,84 @@ + + + + +BIO_new + + + + + + + + + + +

NAME

+ +

BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all - BIO allocation and freeing functions

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+BIO *  BIO_new(const BIO_METHOD *type);
+int    BIO_up_ref(BIO *a);
+int    BIO_free(BIO *a);
+void   BIO_vfree(BIO *a);
+void   BIO_free_all(BIO *a);
+ +

DESCRIPTION

+ +

The BIO_new() function returns a new BIO using method type.

+ +

BIO_up_ref() increments the reference count associated with the BIO object.

+ +

BIO_free() frees up a single BIO, BIO_vfree() also frees up a single BIO but it does not return a value. If a is NULL nothing is done. Calling BIO_free() may also have some effect on the underlying I/O structure, for example it may close the file being referred to under certain circumstances. For more details see the individual BIO_METHOD descriptions.

+ +

BIO_free_all() frees up an entire BIO chain, it does not halt if an error occurs freeing up an individual BIO in the chain. If a is NULL nothing is done.

+ +

RETURN VALUES

+ +

BIO_new() returns a newly created BIO or NULL if the call fails.

+ +

BIO_up_ref() and BIO_free() return 1 for success and 0 for failure.

+ +

BIO_free_all() and BIO_vfree() do not return values.

+ +

NOTES

+ +

If BIO_free() is called on a BIO chain it will only free one BIO resulting in a memory leak.

+ +

Calling BIO_free_all() on a single BIO has the same effect as calling BIO_free() on it other than the discarded return value.

+ +

HISTORY

+ +

BIO_set() was removed in OpenSSL 1.1.0 as BIO type is now opaque.

+ +

EXAMPLES

+ +

Create a memory BIO:

+ +
BIO *mem = BIO_new(BIO_s_mem());
+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_new_CMS.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_new_CMS.html new file mode 100644 index 00000000..78652b7e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_new_CMS.html @@ -0,0 +1,81 @@ + + + + +BIO_new_CMS + + + + + + + + + + +

NAME

+ +

BIO_new_CMS - CMS streaming filter BIO

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
+ +

DESCRIPTION

+ +

BIO_new_CMS() returns a streaming filter BIO chain based on cms. The output of the filter is written to out. Any data written to the chain is automatically translated to a BER format CMS structure of the appropriate type.

+ +

NOTES

+ +

The chain returned by this function behaves like a standard filter BIO. It supports non blocking I/O. Content is processed and streamed on the fly and not all held in memory at once: so it is possible to encode very large structures. After all content has been written through the chain BIO_flush() must be called to finalise the structure.

+ +

The CMS_STREAM flag must be included in the corresponding flags parameter of the cms creation function.

+ +

If an application wishes to write additional data to out BIOs should be removed from the chain using BIO_pop() and freed with BIO_free() until out is reached. If no additional data needs to be written BIO_free_all() can be called to free up the whole chain.

+ +

Any content written through the filter is used verbatim: no canonical translation is performed.

+ +

It is possible to chain multiple BIOs to, for example, create a triple wrapped signed, enveloped, signed structure. In this case it is the applications responsibility to set the inner content type of any outer CMS_ContentInfo structures.

+ +

Large numbers of small writes through the chain should be avoided as this will produce an output consisting of lots of OCTET STRING structures. Prepending a BIO_f_buffer() buffering BIO will prevent this.

+ +

BUGS

+ +

There is currently no corresponding inverse BIO: i.e. one which can decode a CMS structure on the fly.

+ +

RETURN VALUES

+ +

BIO_new_CMS() returns a BIO chain when successful or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_encrypt(3)

+ +

HISTORY

+ +

The BIO_new_CMS() function was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_parse_hostserv.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_parse_hostserv.html new file mode 100644 index 00000000..3c75e8b4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_parse_hostserv.html @@ -0,0 +1,91 @@ + + + + +BIO_parse_hostserv + + + + + + + + + + +

NAME

+ +

BIO_hostserv_priorities, BIO_parse_hostserv - utility routines to parse a standard host and service string

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+enum BIO_hostserv_priorities {
+    BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV
+};
+int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
+                       enum BIO_hostserv_priorities hostserv_prio);
+ +

DESCRIPTION

+ +

BIO_parse_hostserv() will parse the information given in hostserv, create strings with the host name and service name and give those back via host and service. Those will need to be freed after they are used. hostserv_prio helps determine if hostserv shall be interpreted primarily as a host name or a service name in ambiguous cases.

+ +

The syntax the BIO_parse_hostserv() recognises is:

+ +
host + ':' + service
+host + ':' + '*'
+host + ':'
+       ':' + service
+'*'  + ':' + service
+host
+service
+ +

The host part can be a name or an IP address. If it's a IPv6 address, it MUST be enclosed in brackets, such as '[::1]'.

+ +

The service part can be a service name or its port number.

+ +

The returned values will depend on the given hostserv string and hostserv_prio, as follows:

+ +
host + ':' + service  => *host = "host", *service = "service"
+host + ':' + '*'      => *host = "host", *service = NULL
+host + ':'            => *host = "host", *service = NULL
+       ':' + service  => *host = NULL, *service = "service"
+ '*' + ':' + service  => *host = NULL, *service = "service"
+
+in case no ':' is present in the string, the result depends on
+hostserv_prio, as follows:
+
+when hostserv_prio == BIO_PARSE_PRIO_HOST
+host                 => *host = "host", *service untouched
+
+when hostserv_prio == BIO_PARSE_PRIO_SERV
+service              => *host untouched, *service = "service"
+ +

RETURN VALUES

+ +

BIO_parse_hostserv() returns 1 on success or 0 on error.

+ +

SEE ALSO

+ +

BIO_ADDRINFO(3)

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_printf.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_printf.html new file mode 100644 index 00000000..cc2c06fe --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_printf.html @@ -0,0 +1,61 @@ + + + + +BIO_printf + + + + + + + + + + +

NAME

+ +

BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf - formatted output to a BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+int BIO_printf(BIO *bio, const char *format, ...)
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
+
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+ +

DESCRIPTION

+ +

BIO_printf() is similar to the standard C printf() function, except that the output is sent to the specified BIO, bio, rather than standard output. All common format specifiers are supported.

+ +

BIO_vprintf() is similar to the vprintf() function found on many platforms, the output is sent to the specified BIO, bio, rather than standard output. All common format specifiers are supported. The argument list args is a stdarg argument list.

+ +

BIO_snprintf() is for platforms that do not have the common snprintf() function. It is like sprintf() except that the size parameter, n, specifies the size of the output buffer.

+ +

BIO_vsnprintf() is to BIO_snprintf() as BIO_vprintf() is to BIO_printf().

+ +

RETURN VALUES

+ +

All functions return the number of bytes written, or -1 on error. For BIO_snprintf() and BIO_vsnprintf() this includes when the output buffer is too small.

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_push.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_push.html new file mode 100644 index 00000000..6c490997 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_push.html @@ -0,0 +1,98 @@ + + + + +BIO_push + + + + + + + + + + +

NAME

+ +

BIO_push, BIO_pop, BIO_set_next - add and remove BIOs from a chain

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+BIO *BIO_push(BIO *b, BIO *append);
+BIO *BIO_pop(BIO *b);
+void BIO_set_next(BIO *b, BIO *next);
+ +

DESCRIPTION

+ +

The BIO_push() function appends the BIO append to b, it returns b.

+ +

BIO_pop() removes the BIO b from a chain and returns the next BIO in the chain, or NULL if there is no next BIO. The removed BIO then becomes a single BIO with no association with the original chain, it can thus be freed or attached to a different chain.

+ +

BIO_set_next() replaces the existing next BIO in a chain with the BIO pointed to by next. The new chain may include some of the same BIOs from the old chain or it may be completely different.

+ +

NOTES

+ +

The names of these functions are perhaps a little misleading. BIO_push() joins two BIO chains whereas BIO_pop() deletes a single BIO from a chain, the deleted BIO does not need to be at the end of a chain.

+ +

The process of calling BIO_push() and BIO_pop() on a BIO may have additional consequences (a control call is made to the affected BIOs) any effects will be noted in the descriptions of individual BIOs.

+ +

RETURN VALUES

+ +

BIO_push() returns the end of the chain, b.

+ +

BIO_pop() returns the next BIO in the chain, or NULL if there is no next BIO.

+ +

EXAMPLES

+ +

For these examples suppose md1 and md2 are digest BIOs, b64 is a base64 BIO and f is a file BIO.

+ +

If the call:

+ +
BIO_push(b64, f);
+ +

is made then the new chain will be b64-f. After making the calls

+ +
BIO_push(md2, b64);
+BIO_push(md1, md2);
+ +

the new chain is md1-md2-b64-f. Data written to md1 will be digested by md1 and md2, base64 encoded and written to f.

+ +

It should be noted that reading causes data to pass in the reverse direction, that is data is read from f, base64 decoded and digested by md1 and md2. If the call:

+ +
BIO_pop(md2);
+ +

The call will return b64 and the new chain will be md1-b64-f data can be written to md1 as before.

+ +

SEE ALSO

+ +

bio

+ +

HISTORY

+ +

The BIO_set_next() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_read.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_read.html new file mode 100644 index 00000000..05fce951 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_read.html @@ -0,0 +1,90 @@ + + + + +BIO_read + + + + + + + + + + +

NAME

+ +

BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts - BIO I/O functions

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+
+int BIO_read(BIO *b, void *data, int dlen);
+int BIO_gets(BIO *b, char *buf, int size);
+int BIO_write(BIO *b, const void *data, int dlen);
+int BIO_puts(BIO *b, const char *buf);
+ +

DESCRIPTION

+ +

BIO_read_ex() attempts to read dlen bytes from BIO b and places the data in data. If any bytes were successfully read then the number of bytes read is stored in *readbytes.

+ +

BIO_write_ex() attempts to write dlen bytes from data to BIO b. If successful then the number of bytes written is stored in *written.

+ +

BIO_read() attempts to read len bytes from BIO b and places the data in buf.

+ +

BIO_gets() performs the BIOs "gets" operation and places the data in buf. Usually this operation will attempt to read a line of data from the BIO of maximum length size-1. There are exceptions to this, however; for example, BIO_gets() on a digest BIO will calculate and return the digest and other BIOs may not support BIO_gets() at all. The returned string is always NUL-terminated and the '\n' is preserved if present in the input data.

+ +

BIO_write() attempts to write len bytes from buf to BIO b.

+ +

BIO_puts() attempts to write a NUL-terminated string buf to BIO b.

+ +

RETURN VALUES

+ +

BIO_read_ex() and BIO_write_ex() return 1 if data was successfully read or written, and 0 otherwise.

+ +

All other functions return either the amount of data successfully read or written (if the return value is positive) or that no data was successfully read or written if the result is 0 or -1. If the return value is -2 then the operation is not implemented in the specific BIO type. The trailing NUL is not included in the length returned by BIO_gets().

+ +

NOTES

+ +

A 0 or -1 return is not necessarily an indication of an error. In particular when the source/sink is non-blocking or of a certain type it may merely be an indication that no data is currently available and that the application should retry the operation later.

+ +

One technique sometimes used with blocking sockets is to use a system call (such as select(), poll() or equivalent) to determine when data is available and then call read() to read the data. The equivalent with BIOs (that is call select() on the underlying I/O structure and then call BIO_read() to read the data) should not be used because a single call to BIO_read() can cause several reads (and writes in the case of SSL BIOs) on the underlying I/O structure and may block as a result. Instead select() (or equivalent) should be combined with non blocking I/O so successive reads will request a retry instead of blocking.

+ +

See BIO_should_retry(3) for details of how to determine the cause of a retry and other I/O issues.

+ +

If the BIO_gets() function is not supported by a BIO then it possible to work around this by adding a buffering BIO BIO_f_buffer(3) to the chain.

+ +

SEE ALSO

+ +

BIO_should_retry(3)

+ +

HISTORY

+ +

BIO_gets() on 1.1.0 and older when called on BIO_fd() based BIO does not keep the '\n' at the end of the line in the buffer.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_accept.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_accept.html new file mode 100644 index 00000000..23ad9cde --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_accept.html @@ -0,0 +1,175 @@ + + + + +BIO_s_accept + + + + + + + + + + +

NAME

+ +

BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, BIO_get_peer_name, BIO_get_peer_port, BIO_get_accept_ip_family, BIO_set_accept_ip_family, BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept - accept BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_s_accept(void);
+
+long BIO_set_accept_name(BIO *b, char *name);
+char *BIO_get_accept_name(BIO *b);
+
+long BIO_set_accept_port(BIO *b, char *port);
+char *BIO_get_accept_port(BIO *b);
+
+BIO *BIO_new_accept(char *host_port);
+
+long BIO_set_nbio_accept(BIO *b, int n);
+long BIO_set_accept_bios(BIO *b, char *bio);
+
+char *BIO_get_peer_name(BIO *b);
+char *BIO_get_peer_port(BIO *b);
+long BIO_get_accept_ip_family(BIO *b);
+long BIO_set_accept_ip_family(BIO *b, long family);
+
+long BIO_set_bind_mode(BIO *b, long mode);
+long BIO_get_bind_mode(BIO *b);
+
+int BIO_do_accept(BIO *b);
+ +

DESCRIPTION

+ +

BIO_s_accept() returns the accept BIO method. This is a wrapper round the platform's TCP/IP socket accept routines.

+ +

Using accept BIOs, TCP/IP connections can be accepted and data transferred using only BIO routines. In this way any platform specific operations are hidden by the BIO abstraction.

+ +

Read and write operations on an accept BIO will perform I/O on the underlying connection. If no connection is established and the port (see below) is set up properly then the BIO waits for an incoming connection.

+ +

Accept BIOs support BIO_puts() but not BIO_gets().

+ +

If the close flag is set on an accept BIO then any active connection on that chain is shutdown and the socket closed when the BIO is freed.

+ +

Calling BIO_reset() on an accept BIO will close any active connection and reset the BIO into a state where it awaits another incoming connection.

+ +

BIO_get_fd() and BIO_set_fd() can be called to retrieve or set the accept socket. See BIO_s_fd(3)

+ +

BIO_set_accept_name() uses the string name to set the accept name. The name is represented as a string of the form "host:port", where "host" is the interface to use and "port" is the port. The host can be "*" or empty which is interpreted as meaning any interface. If the host is an IPv6 address, it has to be enclosed in brackets, for example "[::1]:https". "port" has the same syntax as the port specified in BIO_set_conn_port() for connect BIOs, that is it can be a numerical port string or a string to lookup using getservbyname() and a string table.

+ +

BIO_set_accept_port() uses the string port to set the accept port. "port" has the same syntax as the port specified in BIO_set_conn_port() for connect BIOs, that is it can be a numerical port string or a string to lookup using getservbyname() and a string table.

+ +

BIO_new_accept() combines BIO_new() and BIO_set_accept_name() into a single call: that is it creates a new accept BIO with port host_port.

+ +

BIO_set_nbio_accept() sets the accept socket to blocking mode (the default) if n is 0 or non blocking mode if n is 1.

+ +

BIO_set_accept_bios() can be used to set a chain of BIOs which will be duplicated and prepended to the chain when an incoming connection is received. This is useful if, for example, a buffering or SSL BIO is required for each connection. The chain of BIOs must not be freed after this call, they will be automatically freed when the accept BIO is freed.

+ +

BIO_set_bind_mode() and BIO_get_bind_mode() set and retrieve the current bind mode. If BIO_BIND_NORMAL (the default) is set then another socket cannot be bound to the same port. If BIO_BIND_REUSEADDR is set then other sockets can bind to the same port. If BIO_BIND_REUSEADDR_IF_UNUSED is set then and attempt is first made to use BIO_BIN_NORMAL, if this fails and the port is not in use then a second attempt is made using BIO_BIND_REUSEADDR.

+ +

BIO_do_accept() serves two functions. When it is first called, after the accept BIO has been setup, it will attempt to create the accept socket and bind an address to it. Second and subsequent calls to BIO_do_accept() will await an incoming connection, or request a retry in non blocking mode.

+ +

NOTES

+ +

When an accept BIO is at the end of a chain it will await an incoming connection before processing I/O calls. When an accept BIO is not at then end of a chain it passes I/O calls to the next BIO in the chain.

+ +

When a connection is established a new socket BIO is created for the connection and appended to the chain. That is the chain is now accept->socket. This effectively means that attempting I/O on an initial accept socket will await an incoming connection then perform I/O on it.

+ +

If any additional BIOs have been set using BIO_set_accept_bios() then they are placed between the socket and the accept BIO, that is the chain will be accept->otherbios->socket.

+ +

If a server wishes to process multiple connections (as is normally the case) then the accept BIO must be made available for further incoming connections. This can be done by waiting for a connection and then calling:

+ +
connection = BIO_pop(accept);
+ +

After this call connection will contain a BIO for the recently established connection and accept will now be a single BIO again which can be used to await further incoming connections. If no further connections will be accepted the accept can be freed using BIO_free().

+ +

If only a single connection will be processed it is possible to perform I/O using the accept BIO itself. This is often undesirable however because the accept BIO will still accept additional incoming connections. This can be resolved by using BIO_pop() (see above) and freeing up the accept BIO after the initial connection.

+ +

If the underlying accept socket is non-blocking and BIO_do_accept() is called to await an incoming connection it is possible for BIO_should_io_special() with the reason BIO_RR_ACCEPT. If this happens then it is an indication that an accept attempt would block: the application should take appropriate action to wait until the underlying socket has accepted a connection and retry the call.

+ +

BIO_set_accept_name(), BIO_get_accept_name(), BIO_set_accept_port(), BIO_get_accept_port(), BIO_set_nbio_accept(), BIO_set_accept_bios(), BIO_get_peer_name(), BIO_get_peer_port(), BIO_get_accept_ip_family(), BIO_set_accept_ip_family(), BIO_set_bind_mode(), BIO_get_bind_mode() and BIO_do_accept() are macros.

+ +

RETURN VALUES

+ +

BIO_do_accept(), BIO_set_accept_name(), BIO_set_accept_port(), BIO_set_nbio_accept(), BIO_set_accept_bios(), BIO_set_accept_ip_family(), and BIO_set_bind_mode() return 1 for success and 0 or -1 for failure.

+ +

BIO_get_accept_name() returns the accept name or NULL on error. BIO_get_peer_name() returns the peer name or NULL on error.

+ +

BIO_get_accept_port() returns the accept port as a string or NULL on error. BIO_get_peer_port() returns the peer port as a string or NULL on error. BIO_get_accept_ip_family() returns the IP family or -1 on error.

+ +

BIO_get_bind_mode() returns the set of BIO_BIND flags, or -1 on failure.

+ +

BIO_new_accept() returns a BIO or NULL on error.

+ +

EXAMPLES

+ +

This example accepts two connections on port 4444, sends messages down each and finally closes both down.

+ +
BIO *abio, *cbio, *cbio2;
+
+/* First call to BIO_accept() sets up accept BIO */
+abio = BIO_new_accept("4444");
+if (BIO_do_accept(abio) <= 0) {
+    fprintf(stderr, "Error setting up accept\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+
+/* Wait for incoming connection */
+if (BIO_do_accept(abio) <= 0) {
+    fprintf(stderr, "Error accepting connection\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+fprintf(stderr, "Connection 1 established\n");
+
+/* Retrieve BIO for connection */
+cbio = BIO_pop(abio);
+BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\n");
+fprintf(stderr, "Sent out data on connection 1\n");
+
+/* Wait for another connection */
+if (BIO_do_accept(abio) <= 0) {
+    fprintf(stderr, "Error accepting connection\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+fprintf(stderr, "Connection 2 established\n");
+
+/* Close accept BIO to refuse further connections */
+cbio2 = BIO_pop(abio);
+BIO_free(abio);
+BIO_puts(cbio2, "Connection 2: Sending out Data on second\n");
+fprintf(stderr, "Sent out data on connection 2\n");
+
+BIO_puts(cbio, "Connection 1: Second connection established\n");
+
+/* Close the two established connections */
+BIO_free(cbio);
+BIO_free(cbio2);
+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_bio.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_bio.html new file mode 100644 index 00000000..4d6cd528 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_bio.html @@ -0,0 +1,157 @@ + + + + +BIO_s_bio + + + + + + + + + + +

NAME

+ +

BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request, BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_s_bio(void);
+
+int BIO_make_bio_pair(BIO *b1, BIO *b2);
+int BIO_destroy_bio_pair(BIO *b);
+int BIO_shutdown_wr(BIO *b);
+
+int BIO_set_write_buf_size(BIO *b, long size);
+size_t BIO_get_write_buf_size(BIO *b, long size);
+
+int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
+
+int BIO_get_write_guarantee(BIO *b);
+size_t BIO_ctrl_get_write_guarantee(BIO *b);
+int BIO_get_read_request(BIO *b);
+size_t BIO_ctrl_get_read_request(BIO *b);
+int BIO_ctrl_reset_read_request(BIO *b);
+ +

DESCRIPTION

+ +

BIO_s_bio() returns the method for a BIO pair. A BIO pair is a pair of source/sink BIOs where data written to either half of the pair is buffered and can be read from the other half. Both halves must usually by handled by the same application thread since no locking is done on the internal data structures.

+ +

Since BIO chains typically end in a source/sink BIO it is possible to make this one half of a BIO pair and have all the data processed by the chain under application control.

+ +

One typical use of BIO pairs is to place TLS/SSL I/O under application control, this can be used when the application wishes to use a non standard transport for TLS/SSL or the normal socket routines are inappropriate.

+ +

Calls to BIO_read_ex() will read data from the buffer or request a retry if no data is available.

+ +

Calls to BIO_write_ex() will place data in the buffer or request a retry if the buffer is full.

+ +

The standard calls BIO_ctrl_pending() and BIO_ctrl_wpending() can be used to determine the amount of pending data in the read or write buffer.

+ +

BIO_reset() clears any data in the write buffer.

+ +

BIO_make_bio_pair() joins two separate BIOs into a connected pair.

+ +

BIO_destroy_pair() destroys the association between two connected BIOs. Freeing up any half of the pair will automatically destroy the association.

+ +

BIO_shutdown_wr() is used to close down a BIO b. After this call no further writes on BIO b are allowed (they will return an error). Reads on the other half of the pair will return any pending data or EOF when all pending data has been read.

+ +

BIO_set_write_buf_size() sets the write buffer size of BIO b to size. If the size is not initialized a default value is used. This is currently 17K, sufficient for a maximum size TLS record.

+ +

BIO_get_write_buf_size() returns the size of the write buffer.

+ +

BIO_new_bio_pair() combines the calls to BIO_new(), BIO_make_bio_pair() and BIO_set_write_buf_size() to create a connected pair of BIOs bio1, bio2 with write buffer sizes writebuf1 and writebuf2. If either size is zero then the default size is used. BIO_new_bio_pair() does not check whether bio1 or bio2 do point to some other BIO, the values are overwritten, BIO_free() is not called.

+ +

BIO_get_write_guarantee() and BIO_ctrl_get_write_guarantee() return the maximum length of data that can be currently written to the BIO. Writes larger than this value will return a value from BIO_write_ex() less than the amount requested or if the buffer is full request a retry. BIO_ctrl_get_write_guarantee() is a function whereas BIO_get_write_guarantee() is a macro.

+ +

BIO_get_read_request() and BIO_ctrl_get_read_request() return the amount of data requested, or the buffer size if it is less, if the last read attempt at the other half of the BIO pair failed due to an empty buffer. This can be used to determine how much data should be written to the BIO so the next read will succeed: this is most useful in TLS/SSL applications where the amount of data read is usually meaningful rather than just a buffer size. After a successful read this call will return zero. It also will return zero once new data has been written satisfying the read request or part of it. Note that BIO_get_read_request() never returns an amount larger than that returned by BIO_get_write_guarantee().

+ +

BIO_ctrl_reset_read_request() can also be used to reset the value returned by BIO_get_read_request() to zero.

+ +

NOTES

+ +

Both halves of a BIO pair should be freed. That is even if one half is implicit freed due to a BIO_free_all() or SSL_free() call the other half needs to be freed.

+ +

When used in bidirectional applications (such as TLS/SSL) care should be taken to flush any data in the write buffer. This can be done by calling BIO_pending() on the other half of the pair and, if any data is pending, reading it and sending it to the underlying transport. This must be done before any normal processing (such as calling select() ) due to a request and BIO_should_read() being true.

+ +

To see why this is important consider a case where a request is sent using BIO_write_ex() and a response read with BIO_read_ex(), this can occur during an TLS/SSL handshake for example. BIO_write_ex() will succeed and place data in the write buffer. BIO_read_ex() will initially fail and BIO_should_read() will be true. If the application then waits for data to be available on the underlying transport before flushing the write buffer it will never succeed because the request was never sent!

+ +

BIO_eof() is true if no data is in the peer BIO and the peer BIO has been shutdown.

+ +

BIO_make_bio_pair(), BIO_destroy_bio_pair(), BIO_shutdown_wr(), BIO_set_write_buf_size(), BIO_get_write_buf_size(), BIO_get_write_guarantee(), and BIO_get_read_request() are implemented as macros.

+ +

RETURN VALUES

+ +

BIO_new_bio_pair() returns 1 on success, with the new BIOs available in bio1 and bio2, or 0 on failure, with NULL pointers stored into the locations for bio1 and bio2. Check the error stack for more information.

+ +

[XXXXX: More return values need to be added here]

+ +

EXAMPLES

+ +

The BIO pair can be used to have full control over the network access of an application. The application can call select() on the socket as required without having to go through the SSL-interface.

+ +
BIO *internal_bio, *network_bio;
+
+...
+BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0);
+SSL_set_bio(ssl, internal_bio, internal_bio);
+SSL_operations(); /* e.g SSL_read and SSL_write */
+...
+
+application |   TLS-engine
+   |        |
+   +----------> SSL_operations()
+            |     /\    ||
+            |     ||    \/
+            |   BIO-pair (internal_bio)
+            |   BIO-pair (network_bio)
+            |     ||     /\
+            |     \/     ||
+   +-----------< BIO_operations()
+   |        |
+   |        |
+  socket
+
+ ...
+ SSL_free(ssl);                /* implicitly frees internal_bio */
+ BIO_free(network_bio);
+ ...
+ +

As the BIO pair will only buffer the data and never directly access the connection, it behaves non-blocking and will return as soon as the write buffer is full or the read buffer is drained. Then the application has to flush the write buffer and/or fill the read buffer.

+ +

Use the BIO_ctrl_pending(), to find out whether data is buffered in the BIO and must be transferred to the network. Use BIO_ctrl_get_read_request() to find out, how many bytes must be written into the buffer before the SSL_operation() can successfully be continued.

+ +

WARNINGS

+ +

As the data is buffered, SSL_operation() may return with an ERROR_SSL_WANT_READ condition, but there is still data in the write buffer. An application must not rely on the error value of SSL_operation() but must assure that the write buffer is always flushed first. Otherwise a deadlock may occur as the peer might be waiting for the data before being able to continue.

+ +

SEE ALSO

+ +

SSL_set_bio(3), ssl(7), bio(7), BIO_should_retry(3), BIO_read_ex(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_connect.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_connect.html new file mode 100644 index 00000000..1c28920a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_connect.html @@ -0,0 +1,171 @@ + + + + +BIO_s_connect + + + + + + + + + + +

NAME

+ +

BIO_set_conn_address, BIO_get_conn_address, BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port, BIO_set_conn_ip_family, BIO_get_conn_ip_family, BIO_get_conn_hostname, BIO_get_conn_port, BIO_set_nbio, BIO_do_connect - connect BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD * BIO_s_connect(void);
+
+BIO *BIO_new_connect(char *name);
+
+long BIO_set_conn_hostname(BIO *b, char *name);
+long BIO_set_conn_port(BIO *b, char *port);
+long BIO_set_conn_address(BIO *b, BIO_ADDR *addr);
+long BIO_set_conn_ip_family(BIO *b, long family);
+const char *BIO_get_conn_hostname(BIO *b);
+const char *BIO_get_conn_port(BIO *b);
+const BIO_ADDR *BIO_get_conn_address(BIO *b);
+const long BIO_get_conn_ip_family(BIO *b);
+
+long BIO_set_nbio(BIO *b, long n);
+
+int BIO_do_connect(BIO *b);
+ +

DESCRIPTION

+ +

BIO_s_connect() returns the connect BIO method. This is a wrapper round the platform's TCP/IP socket connection routines.

+ +

Using connect BIOs, TCP/IP connections can be made and data transferred using only BIO routines. In this way any platform specific operations are hidden by the BIO abstraction.

+ +

Read and write operations on a connect BIO will perform I/O on the underlying connection. If no connection is established and the port and hostname (see below) is set up properly then a connection is established first.

+ +

Connect BIOs support BIO_puts() but not BIO_gets().

+ +

If the close flag is set on a connect BIO then any active connection is shutdown and the socket closed when the BIO is freed.

+ +

Calling BIO_reset() on a connect BIO will close any active connection and reset the BIO into a state where it can connect to the same host again.

+ +

BIO_get_fd() places the underlying socket in c if it is not NULL, it also returns the socket . If c is not NULL it should be of type (int *).

+ +

BIO_set_conn_hostname() uses the string name to set the hostname. The hostname can be an IP address; if the address is an IPv6 one, it must be enclosed with brackets. The hostname can also include the port in the form hostname:port.

+ +

BIO_set_conn_port() sets the port to port. port can be the numerical form or a string such as "http". A string will be looked up first using getservbyname() on the host platform but if that fails a standard table of port names will be used. This internal list is http, telnet, socks, https, ssl, ftp, and gopher.

+ +

BIO_set_conn_address() sets the address and port information using a BIO_ADDR(3ssl).

+ +

BIO_set_conn_ip_family() sets the IP family.

+ +

BIO_get_conn_hostname() returns the hostname of the connect BIO or NULL if the BIO is initialized but no hostname is set. This return value is an internal pointer which should not be modified.

+ +

BIO_get_conn_port() returns the port as a string. This return value is an internal pointer which should not be modified.

+ +

BIO_get_conn_address() returns the address information as a BIO_ADDR. This return value is an internal pointer which should not be modified.

+ +

BIO_get_conn_ip_family() returns the IP family of the connect BIO.

+ +

BIO_set_nbio() sets the non blocking I/O flag to n. If n is zero then blocking I/O is set. If n is 1 then non blocking I/O is set. Blocking I/O is the default. The call to BIO_set_nbio() should be made before the connection is established because non blocking I/O is set during the connect process.

+ +

BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into a single call: that is it creates a new connect BIO with name.

+ +

BIO_do_connect() attempts to connect the supplied BIO. It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the call BIO_should_retry() should be used for non blocking connect BIOs to determine if the call should be retried.

+ +

NOTES

+ +

If blocking I/O is set then a non positive return value from any I/O call is caused by an error condition, although a zero return will normally mean that the connection was closed.

+ +

If the port name is supplied as part of the host name then this will override any value set with BIO_set_conn_port(). This may be undesirable if the application does not wish to allow connection to arbitrary ports. This can be avoided by checking for the presence of the ':' character in the passed hostname and either indicating an error or truncating the string at that point.

+ +

The values returned by BIO_get_conn_hostname(), BIO_get_conn_address(), and BIO_get_conn_port() are updated when a connection attempt is made. Before any connection attempt the values returned are those set by the application itself.

+ +

Applications do not have to call BIO_do_connect() but may wish to do so to separate the connection process from other I/O processing.

+ +

If non blocking I/O is set then retries will be requested as appropriate.

+ +

It addition to BIO_should_read() and BIO_should_write() it is also possible for BIO_should_io_special() to be true during the initial connection process with the reason BIO_RR_CONNECT. If this is returned then this is an indication that a connection attempt would block, the application should then take appropriate action to wait until the underlying socket has connected and retry the call.

+ +

BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_get_conn_hostname(), BIO_set_conn_address(), BIO_get_conn_port(), BIO_get_conn_address(), BIO_set_conn_ip_family(), BIO_get_conn_ip_family(), BIO_set_nbio(), and BIO_do_connect() are macros.

+ +

RETURN VALUES

+ +

BIO_s_connect() returns the connect BIO method.

+ +

BIO_get_fd() returns the socket or -1 if the BIO has not been initialized.

+ +

BIO_set_conn_address(), BIO_set_conn_port(), and BIO_set_conn_ip_family() always return 1.

+ +

BIO_set_conn_hostname() returns 1 on success and 0 on failure.

+ +

BIO_get_conn_address() returns the address information or NULL if none was set.

+ +

BIO_get_conn_hostname() returns the connected hostname or NULL if none was set.

+ +

BIO_get_conn_ip_family() returns the address family or -1 if none was set.

+ +

BIO_get_conn_port() returns a string representing the connected port or NULL if not set.

+ +

BIO_set_nbio() always returns 1.

+ +

BIO_do_connect() returns 1 if the connection was successfully established and 0 or -1 if the connection failed.

+ +

EXAMPLES

+ +

This is example connects to a webserver on the local host and attempts to retrieve a page and copy the result to standard output.

+ +
BIO *cbio, *out;
+int len;
+char tmpbuf[1024];
+
+cbio = BIO_new_connect("localhost:http");
+out = BIO_new_fp(stdout, BIO_NOCLOSE);
+if (BIO_do_connect(cbio) <= 0) {
+    fprintf(stderr, "Error connecting to server\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+BIO_puts(cbio, "GET / HTTP/1.0\n\n");
+for (;;) {
+    len = BIO_read(cbio, tmpbuf, 1024);
+    if (len <= 0)
+        break;
+    BIO_write(out, tmpbuf, len);
+}
+BIO_free(cbio);
+BIO_free(out);
+ +

SEE ALSO

+ +

BIO_ADDR(3)

+ +

HISTORY

+ +

BIO_set_conn_int_port(), BIO_get_conn_int_port(), BIO_set_conn_ip(), and BIO_get_conn_ip() were removed in OpenSSL 1.1.0. Use BIO_set_conn_address() and BIO_get_conn_address() instead.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_fd.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_fd.html new file mode 100644 index 00000000..509451c9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_fd.html @@ -0,0 +1,103 @@ + + + + +BIO_s_fd + + + + + + + + + + +

NAME

+ +

BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd - file descriptor BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_s_fd(void);
+
+int BIO_set_fd(BIO *b, int fd, int c);
+int BIO_get_fd(BIO *b, int *c);
+
+BIO *BIO_new_fd(int fd, int close_flag);
+ +

DESCRIPTION

+ +

BIO_s_fd() returns the file descriptor BIO method. This is a wrapper round the platforms file descriptor routines such as read() and write().

+ +

BIO_read_ex() and BIO_write_ex() read or write the underlying descriptor. BIO_puts() is supported but BIO_gets() is not.

+ +

If the close flag is set then close() is called on the underlying file descriptor when the BIO is freed.

+ +

BIO_reset() attempts to change the file pointer to the start of file such as by using lseek(fd, 0, 0).

+ +

BIO_seek() sets the file pointer to position ofs from start of file such as by using lseek(fd, ofs, 0).

+ +

BIO_tell() returns the current file position such as by calling lseek(fd, 0, 1).

+ +

BIO_set_fd() sets the file descriptor of BIO b to fd and the close flag to c.

+ +

BIO_get_fd() places the file descriptor in c if it is not NULL, it also returns the file descriptor.

+ +

BIO_new_fd() returns a file descriptor BIO using fd and close_flag.

+ +

NOTES

+ +

The behaviour of BIO_read_ex() and BIO_write_ex() depends on the behavior of the platforms read() and write() calls on the descriptor. If the underlying file descriptor is in a non blocking mode then the BIO will behave in the manner described in the BIO_read_ex(3) and BIO_should_retry(3) manual pages.

+ +

File descriptor BIOs should not be used for socket I/O. Use socket BIOs instead.

+ +

BIO_set_fd() and BIO_get_fd() are implemented as macros.

+ +

RETURN VALUES

+ +

BIO_s_fd() returns the file descriptor BIO method.

+ +

BIO_set_fd() always returns 1.

+ +

BIO_get_fd() returns the file descriptor or -1 if the BIO has not been initialized.

+ +

BIO_new_fd() returns the newly allocated BIO or NULL is an error occurred.

+ +

EXAMPLES

+ +

This is a file descriptor BIO version of "Hello World":

+ +
BIO *out;
+
+out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
+BIO_printf(out, "Hello World\n");
+BIO_free(out);
+ +

SEE ALSO

+ +

BIO_seek(3), BIO_tell(3), BIO_reset(3), BIO_read_ex(3), BIO_write_ex(3), BIO_puts(3), BIO_gets(3), BIO_printf(3), BIO_set_close(3), BIO_get_close(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_file.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_file.html new file mode 100644 index 00000000..31246e59 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_file.html @@ -0,0 +1,159 @@ + + + + +BIO_s_file + + + + + + + + + + +

NAME

+ +

BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, BIO_read_filename, BIO_write_filename, BIO_append_filename, BIO_rw_filename - FILE bio

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_s_file(void);
+BIO *BIO_new_file(const char *filename, const char *mode);
+BIO *BIO_new_fp(FILE *stream, int flags);
+
+BIO_set_fp(BIO *b, FILE *fp, int flags);
+BIO_get_fp(BIO *b, FILE **fpp);
+
+int BIO_read_filename(BIO *b, char *name)
+int BIO_write_filename(BIO *b, char *name)
+int BIO_append_filename(BIO *b, char *name)
+int BIO_rw_filename(BIO *b, char *name)
+ +

DESCRIPTION

+ +

BIO_s_file() returns the BIO file method. As its name implies it is a wrapper round the stdio FILE structure and it is a source/sink BIO.

+ +

Calls to BIO_read_ex() and BIO_write_ex() read and write data to the underlying stream. BIO_gets() and BIO_puts() are supported on file BIOs.

+ +

BIO_flush() on a file BIO calls the fflush() function on the wrapped stream.

+ +

BIO_reset() attempts to change the file pointer to the start of file using fseek(stream, 0, 0).

+ +

BIO_seek() sets the file pointer to position ofs from start of file using fseek(stream, ofs, 0).

+ +

BIO_eof() calls feof().

+ +

Setting the BIO_CLOSE flag calls fclose() on the stream when the BIO is freed.

+ +

BIO_new_file() creates a new file BIO with mode mode the meaning of mode is the same as the stdio function fopen(). The BIO_CLOSE flag is set on the returned BIO.

+ +

BIO_new_fp() creates a file BIO wrapping stream. Flags can be: BIO_CLOSE, BIO_NOCLOSE (the close flag) BIO_FP_TEXT (sets the underlying stream to text mode, default is binary: this only has any effect under Win32).

+ +

BIO_set_fp() sets the fp of a file BIO to fp. flags has the same meaning as in BIO_new_fp(), it is a macro.

+ +

BIO_get_fp() retrieves the fp of a file BIO, it is a macro.

+ +

BIO_seek() is a macro that sets the position pointer to offset bytes from the start of file.

+ +

BIO_tell() returns the value of the position pointer.

+ +

BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and BIO_rw_filename() set the file BIO b to use file name for reading, writing, append or read write respectively.

+ +

NOTES

+ +

When wrapping stdout, stdin or stderr the underlying stream should not normally be closed so the BIO_NOCLOSE flag should be set.

+ +

Because the file BIO calls the underlying stdio functions any quirks in stdio behaviour will be mirrored by the corresponding BIO.

+ +

On Windows BIO_new_files reserves for the filename argument to be UTF-8 encoded. In other words if you have to make it work in multi- lingual environment, encode file names in UTF-8.

+ +

RETURN VALUES

+ +

BIO_s_file() returns the file BIO method.

+ +

BIO_new_file() and BIO_new_fp() return a file BIO or NULL if an error occurred.

+ +

BIO_set_fp() and BIO_get_fp() return 1 for success or 0 for failure (although the current implementation never return 0).

+ +

BIO_seek() returns the same value as the underlying fseek() function: 0 for success or -1 for failure.

+ +

BIO_tell() returns the current file position.

+ +

BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and BIO_rw_filename() return 1 for success or 0 for failure.

+ +

EXAMPLES

+ +

File BIO "hello world":

+ +
BIO *bio_out;
+
+bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+BIO_printf(bio_out, "Hello World\n");
+ +

Alternative technique:

+ +
BIO *bio_out;
+
+bio_out = BIO_new(BIO_s_file());
+if (bio_out == NULL)
+    /* Error */
+if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE))
+    /* Error */
+BIO_printf(bio_out, "Hello World\n");
+ +

Write to a file:

+ +
BIO *out;
+
+out = BIO_new_file("filename.txt", "w");
+if (!out)
+    /* Error */
+BIO_printf(out, "Hello World\n");
+BIO_free(out);
+ +

Alternative technique:

+ +
BIO *out;
+
+out = BIO_new(BIO_s_file());
+if (out == NULL)
+    /* Error */
+if (!BIO_write_filename(out, "filename.txt"))
+    /* Error */
+BIO_printf(out, "Hello World\n");
+BIO_free(out);
+ +

BUGS

+ +

BIO_reset() and BIO_seek() are implemented using fseek() on the underlying stream. The return value for fseek() is 0 for success or -1 if an error occurred this differs from other types of BIO which will typically return 1 for success and a non positive value if an error occurred.

+ +

SEE ALSO

+ +

BIO_seek(3), BIO_tell(3), BIO_reset(3), BIO_flush(3), BIO_read_ex(3), BIO_write_ex(3), BIO_puts(3), BIO_gets(3), BIO_printf(3), BIO_set_close(3), BIO_get_close(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_mem.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_mem.html new file mode 100644 index 00000000..d427457a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_mem.html @@ -0,0 +1,137 @@ + + + + +BIO_s_mem + + + + + + + + + + +

NAME

+ +

BIO_s_secmem, BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_s_mem(void);
+const BIO_METHOD *BIO_s_secmem(void);
+
+BIO_set_mem_eof_return(BIO *b, int v)
+long BIO_get_mem_data(BIO *b, char **pp)
+BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c)
+BIO_get_mem_ptr(BIO *b, BUF_MEM **pp)
+
+BIO *BIO_new_mem_buf(const void *buf, int len);
+ +

DESCRIPTION

+ +

BIO_s_mem() returns the memory BIO method function.

+ +

A memory BIO is a source/sink BIO which uses memory for its I/O. Data written to a memory BIO is stored in a BUF_MEM structure which is extended as appropriate to accommodate the stored data.

+ +

BIO_s_secmem() is like BIO_s_mem() except that the secure heap is used for buffer storage.

+ +

Any data written to a memory BIO can be recalled by reading from it. Unless the memory BIO is read only any data read from it is deleted from the BIO.

+ +

Memory BIOs support BIO_gets() and BIO_puts().

+ +

If the BIO_CLOSE flag is set when a memory BIO is freed then the underlying BUF_MEM structure is also freed.

+ +

Calling BIO_reset() on a read write memory BIO clears any data in it if the flag BIO_FLAGS_NONCLEAR_RST is not set, otherwise it just restores the read pointer to the state it was just after the last write was performed and the data can be read again. On a read only BIO it similarly restores the BIO to its original state and the read only data can be read again.

+ +

BIO_eof() is true if no data is in the BIO.

+ +

BIO_ctrl_pending() returns the number of bytes currently stored.

+ +

BIO_set_mem_eof_return() sets the behaviour of memory BIO b when it is empty. If the v is zero then an empty memory BIO will return EOF (that is it will return zero and BIO_should_retry(b) will be false. If v is non zero then it will return v when it is empty and it will set the read retry flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal positive return value v should be set to a negative value, typically -1.

+ +

BIO_get_mem_data() sets *pp to a pointer to the start of the memory BIOs data and returns the total amount of data available. It is implemented as a macro.

+ +

BIO_set_mem_buf() sets the internal BUF_MEM structure to bm and sets the close flag to c, that is c should be either BIO_CLOSE or BIO_NOCLOSE. It is a macro.

+ +

BIO_get_mem_ptr() places the underlying BUF_MEM structure in *pp. It is a macro.

+ +

BIO_new_mem_buf() creates a memory BIO using len bytes of data at buf, if len is -1 then the buf is assumed to be nul terminated and its length is determined by strlen. The BIO is set to a read only state and as a result cannot be written to. This is useful when some data needs to be made available from a static area of memory in the form of a BIO. The supplied data is read directly from the supplied buffer: it is not copied first, so the supplied area of memory must be unchanged until the BIO is freed.

+ +

NOTES

+ +

Writes to memory BIOs will always succeed if memory is available: that is their size can grow indefinitely.

+ +

Every write after partial read (not all data in the memory buffer was read) to a read write memory BIO will have to move the unread data with an internal copy operation, if a BIO contains a lot of data and it is read in small chunks intertwined with writes the operation can be very slow. Adding a buffering BIO to the chain can speed up the process.

+ +

Calling BIO_set_mem_buf() on a BIO created with BIO_new_secmem() will give undefined results, including perhaps a program crash.

+ +

Switching the memory BIO from read write to read only is not supported and can give undefined results including a program crash. There are two notable exceptions to the rule. The first one is to assign a static memory buffer immediately after BIO creation and set the BIO as read only.

+ +

The other supported sequence is to start with read write BIO then temporarily switch it to read only and call BIO_reset() on the read only BIO immediately before switching it back to read write. Before the BIO is freed it must be switched back to the read write mode.

+ +

Calling BIO_get_mem_ptr() on read only BIO will return a BUF_MEM that contains only the remaining data to be read. If the close status of the BIO is set to BIO_NOCLOSE, before freeing the BUF_MEM the data pointer in it must be set to NULL as the data pointer does not point to an allocated memory.

+ +

Calling BIO_reset() on a read write memory BIO with BIO_FLAGS_NONCLEAR_RST flag set can have unexpected outcome when the reads and writes to the BIO are intertwined. As documented above the BIO will be reset to the state after the last completed write operation. The effects of reads preceding that write operation cannot be undone.

+ +

Calling BIO_get_mem_ptr() prior to a BIO_reset() call with BIO_FLAGS_NONCLEAR_RST set has the same effect as a write operation.

+ +

BUGS

+ +

There should be an option to set the maximum size of a memory BIO.

+ +

RETURN VALUES

+ +

BIO_s_mem() and BIO_s_secmem() return a valid memory BIO_METHOD structure.

+ +

BIO_set_mem_eof_return(), BIO_set_mem_buf() and BIO_get_mem_ptr() return 1 on success or a value which is less than or equal to 0 if an error occurred.

+ +

BIO_get_mem_data() returns the total number of bytes available on success, 0 if b is NULL, or a negative value in case of other errors.

+ +

BIO_new_mem_buf() returns a valid BIO structure on success or NULL on error.

+ +

EXAMPLES

+ +

Create a memory BIO and write some data to it:

+ +
BIO *mem = BIO_new(BIO_s_mem());
+
+BIO_puts(mem, "Hello World\n");
+ +

Create a read only memory BIO:

+ +
char data[] = "Hello World";
+BIO *mem = BIO_new_mem_buf(data, -1);
+ +

Extract the BUF_MEM structure from a memory BIO and then free up the BIO:

+ +
BUF_MEM *bptr;
+
+BIO_get_mem_ptr(mem, &bptr);
+BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
+BIO_free(mem);
+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_null.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_null.html new file mode 100644 index 00000000..f4c20ae8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_null.html @@ -0,0 +1,60 @@ + + + + +BIO_s_null + + + + + + + + + + +

NAME

+ +

BIO_s_null - null data sink

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_s_null(void);
+ +

DESCRIPTION

+ +

BIO_s_null() returns the null sink BIO method. Data written to the null sink is discarded, reads return EOF.

+ +

NOTES

+ +

A null sink BIO behaves in a similar manner to the Unix /dev/null device.

+ +

A null bio can be placed on the end of a chain to discard any data passed through it.

+ +

A null sink is useful if, for example, an application wishes to digest some data by writing through a digest bio but not send the digested data anywhere. Since a BIO chain must normally include a source/sink BIO this can be achieved by adding a null sink BIO to the end of the chain

+ +

RETURN VALUES

+ +

BIO_s_null() returns the null sink BIO method.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_socket.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_socket.html new file mode 100644 index 00000000..947c9180 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_s_socket.html @@ -0,0 +1,68 @@ + + + + +BIO_s_socket + + + + + + + + + + +

NAME

+ +

BIO_s_socket, BIO_new_socket - socket BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_s_socket(void);
+
+BIO *BIO_new_socket(int sock, int close_flag);
+ +

DESCRIPTION

+ +

BIO_s_socket() returns the socket BIO method. This is a wrapper round the platform's socket routines.

+ +

BIO_read_ex() and BIO_write_ex() read or write the underlying socket. BIO_puts() is supported but BIO_gets() is not.

+ +

If the close flag is set then the socket is shut down and closed when the BIO is freed.

+ +

BIO_new_socket() returns a socket BIO using sock and close_flag.

+ +

NOTES

+ +

Socket BIOs also support any relevant functionality of file descriptor BIOs.

+ +

The reason for having separate file descriptor and socket BIOs is that on some platforms sockets are not file descriptors and use distinct I/O routines, Windows is one such platform. Any code mixing the two will not work on all platforms.

+ +

RETURN VALUES

+ +

BIO_s_socket() returns the socket BIO method.

+ +

BIO_new_socket() returns the newly allocated BIO or NULL is an error occurred.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_set_callback.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_set_callback.html new file mode 100644 index 00000000..025db3a7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_set_callback.html @@ -0,0 +1,251 @@ + + + + +BIO_set_callback + + + + + + + + + + +

NAME

+ +

BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback, BIO_callback_fn_ex, BIO_callback_fn - BIO callback functions

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp,
+                                   size_t len, int argi,
+                                   long argl, int ret, size_t *processed);
+typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
+                                long argl, long ret);
+
+void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback);
+BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b);
+
+void BIO_set_callback(BIO *b, BIO_callback_fn cb);
+BIO_callback_fn BIO_get_callback(BIO *b);
+void BIO_set_callback_arg(BIO *b, char *arg);
+char *BIO_get_callback_arg(const BIO *b);
+
+long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
+                        long argl, long ret);
+ +

DESCRIPTION

+ +

BIO_set_callback_ex() and BIO_get_callback_ex() set and retrieve the BIO callback. The callback is called during most high level BIO operations. It can be used for debugging purposes to trace operations on a BIO or to modify its operation.

+ +

BIO_set_callback() and BIO_get_callback() set and retrieve the old format BIO callback. New code should not use these functions, but they are retained for backwards compatibility. Any callback set via BIO_set_callback_ex() will get called in preference to any set by BIO_set_callback().

+ +

BIO_set_callback_arg() and BIO_get_callback_arg() are macros which can be used to set and retrieve an argument for use in the callback.

+ +

BIO_debug_callback() is a standard debugging callback which prints out information relating to each BIO operation. If the callback argument is set it is interpreted as a BIO to send the information to, otherwise stderr is used.

+ +

BIO_callback_fn_ex() is the type of the callback function and BIO_callback_fn() is the type of the old format callback function. The meaning of each argument is described below:

+ +
+ +
b
+
+ +

The BIO the callback is attached to is passed in b.

+ +
+
oper
+
+ +

oper is set to the operation being performed. For some operations the callback is called twice, once before and once after the actual operation, the latter case has oper or'ed with BIO_CB_RETURN.

+ +
+
len
+
+ +

The length of the data requested to be read or written. This is only useful if oper is BIO_CB_READ, BIO_CB_WRITE or BIO_CB_GETS.

+ +
+
argp argi argl
+
+ +

The meaning of the arguments argp, argi and argl depends on the value of oper, that is the operation being performed.

+ +
+
processed
+
+ +

processed is a pointer to a location which will be updated with the amount of data that was actually read or written. Only used for BIO_CB_READ, BIO_CB_WRITE, BIO_CB_GETS and BIO_CB_PUTS.

+ +
+
ret
+
+ +

ret is the return value that would be returned to the application if no callback were present. The actual value returned is the return value of the callback itself. In the case of callbacks called before the actual BIO operation 1 is placed in ret, if the return value is not positive it will be immediately returned to the application and the BIO operation will not be performed.

+ +
+
+ +

The callback should normally simply return ret when it has finished processing, unless it specifically wishes to modify the value returned to the application.

+ +

CALLBACK OPERATIONS

+ +

In the notes below, callback defers to the actual callback function that is called.

+ +
+ +
BIO_free(b)
+
+ +
callback_ex(b, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL)
+ +

or

+ +
callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L)
+ +

is called before the free operation.

+ +
+
BIO_read_ex(b, data, dlen, readbytes)
+
+ +
callback_ex(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, NULL)
+ +

or

+ +
callback(b, BIO_CB_READ, data, dlen, 0L, 1L)
+ +

is called before the read and

+ +
callback_ex(b, BIO_CB_READ | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue,
+            &readbytes)
+ +

or

+ +
callback(b, BIO_CB_READ|BIO_CB_RETURN, data, dlen, 0L, retvalue)
+ +

after.

+ +
+
BIO_write(b, data, dlen, written)
+
+ +
callback_ex(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, NULL)
+ +

or

+ +
callback(b, BIO_CB_WRITE, datat, dlen, 0L, 1L)
+ +

is called before the write and

+ +
callback_ex(b, BIO_CB_WRITE | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue,
+            &written)
+ +

or

+ +
callback(b, BIO_CB_WRITE|BIO_CB_RETURN, data, dlen, 0L, retvalue)
+ +

after.

+ +
+
BIO_gets(b, buf, size)
+
+ +
callback_ex(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL, NULL)
+ +

or

+ +
callback(b, BIO_CB_GETS, buf, size, 0L, 1L)
+ +

is called before the operation and

+ +
callback_ex(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, 0, 0L, retvalue,
+            &readbytes)
+ +

or

+ +
callback(b, BIO_CB_GETS|BIO_CB_RETURN, buf, size, 0L, retvalue)
+ +

after.

+ +
+
BIO_puts(b, buf)
+
+ +
callback_ex(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL);
+ +

or

+ +
callback(b, BIO_CB_PUTS, buf, 0, 0L, 1L)
+ +

is called before the operation and

+ +
callback_ex(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, 0L, retvalue, &written)
+ +

or

+ +
callback(b, BIO_CB_PUTS|BIO_CB_RETURN, buf, 0, 0L, retvalue)
+ +

after.

+ +
+
BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
+
+ +
callback_ex(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL)
+ +

or

+ +
callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L)
+ +

is called before the call and

+ +
callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, larg, ret, NULL)
+ +

or

+ +
callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret)
+ +

after.

+ +

Note: cmd == BIO_CTRL_SET_CALLBACK is special, because parg is not the argument of type BIO_info_cb itself. In this case parg is a pointer to the actual call parameter, see BIO_callback_ctrl.

+ +
+
+ +

RETURN VALUES

+ +

BIO_get_callback_ex() and BIO_get_callback() return the callback function previously set by a call to BIO_set_callback_ex() and BIO_set_callback() respectively.

+ +

BIO_get_callback_arg() returns a char pointer to the value previously set via a call to BIO_set_callback_arg().

+ +

BIO_debug_callback() returns 1 or ret if it's called after specific BIO operations.

+ +

EXAMPLES

+ +

The BIO_debug_callback() function is a good example, its source is in crypto/bio/bio_cb.c

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_should_retry.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_should_retry.html new file mode 100644 index 00000000..56dca25b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BIO_should_retry.html @@ -0,0 +1,115 @@ + + + + +BIO_should_retry + + + + + + + + + + +

NAME

+ +

BIO_should_read, BIO_should_write, BIO_should_io_special, BIO_retry_type, BIO_should_retry, BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason - BIO retry functions

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+int BIO_should_read(BIO *b);
+int BIO_should_write(BIO *b);
+int BIO_should_io_special(iBIO *b);
+int BIO_retry_type(BIO *b);
+int BIO_should_retry(BIO *b);
+
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
+int BIO_get_retry_reason(BIO *bio);
+void BIO_set_retry_reason(BIO *bio, int reason);
+ +

DESCRIPTION

+ +

These functions determine why a BIO is not able to read or write data. They will typically be called after a failed BIO_read_ex() or BIO_write_ex() call.

+ +

BIO_should_retry() is true if the call that produced this condition should then be retried at a later time.

+ +

If BIO_should_retry() is false then the cause is an error condition.

+ +

BIO_should_read() is true if the cause of the condition is that the BIO has insufficient data to return. Check for readability and/or retry the last operation.

+ +

BIO_should_write() is true if the cause of the condition is that the BIO has pending data to write. Check for writability and/or retry the last operation.

+ +

BIO_should_io_special() is true if some "special" condition, that is a reason other than reading or writing is the cause of the condition.

+ +

BIO_retry_type() returns a mask of the cause of a retry condition consisting of the values BIO_FLAGS_READ, BIO_FLAGS_WRITE, BIO_FLAGS_IO_SPECIAL though current BIO types will only set one of these.

+ +

BIO_get_retry_BIO() determines the precise reason for the special condition, it returns the BIO that caused this condition and if reason is not NULL it contains the reason code. The meaning of the reason code and the action that should be taken depends on the type of BIO that resulted in this condition.

+ +

BIO_get_retry_reason() returns the reason for a special condition if passed the relevant BIO, for example as returned by BIO_get_retry_BIO().

+ +

BIO_set_retry_reason() sets the retry reason for a special condition for a given BIO. This would usually only be called by BIO implementations.

+ +

NOTES

+ +

BIO_should_read(), BIO_should_write(), BIO_should_io_special(), BIO_retry_type(), and BIO_should_retry(), are implemented as macros.

+ +

If BIO_should_retry() returns false then the precise "error condition" depends on the BIO type that caused it and the return code of the BIO operation. For example if a call to BIO_read_ex() on a socket BIO returns 0 and BIO_should_retry() is false then the cause will be that the connection closed. A similar condition on a file BIO will mean that it has reached EOF. Some BIO types may place additional information on the error queue. For more details see the individual BIO type manual pages.

+ +

If the underlying I/O structure is in a blocking mode almost all current BIO types will not request a retry, because the underlying I/O calls will not. If the application knows that the BIO type will never signal a retry then it need not call BIO_should_retry() after a failed BIO I/O call. This is typically done with file BIOs.

+ +

SSL BIOs are the only current exception to this rule: they can request a retry even if the underlying I/O structure is blocking, if a handshake occurs during a call to BIO_read(). An application can retry the failed call immediately or avoid this situation by setting SSL_MODE_AUTO_RETRY on the underlying SSL structure.

+ +

While an application may retry a failed non blocking call immediately this is likely to be very inefficient because the call will fail repeatedly until data can be processed or is available. An application will normally wait until the necessary condition is satisfied. How this is done depends on the underlying I/O structure.

+ +

For example if the cause is ultimately a socket and BIO_should_read() is true then a call to select() may be made to wait until data is available and then retry the BIO operation. By combining the retry conditions of several non blocking BIOs in a single select() call it is possible to service several BIOs in a single thread, though the performance may be poor if SSL BIOs are present because long delays can occur during the initial handshake process.

+ +

It is possible for a BIO to block indefinitely if the underlying I/O structure cannot process or return any data. This depends on the behaviour of the platforms I/O functions. This is often not desirable: one solution is to use non blocking I/O and use a timeout on the select() (or equivalent) call.

+ +

BUGS

+ +

The OpenSSL ASN1 functions cannot gracefully deal with non blocking I/O: that is they cannot retry after a partial read or write. This is usually worked around by only passing the relevant data to ASN1 functions when the entire structure can be read or written.

+ +

RETURN VALUES

+ +

BIO_should_read(), BIO_should_write(), BIO_should_io_special(), and BIO_should_retry() return either 1 or 0 based on the actual conditions of the BIO.

+ +

BIO_retry_type() returns a flag combination presenting the cause of a retry condition or false if there is no retry condition.

+ +

BIO_get_retry_BIO() returns a valid BIO structure.

+ +

BIO_get_retry_reason() returns the reason for a special condition.

+ +

SEE ALSO

+ +

bio

+ +

HISTORY

+ +

The BIO_get_retry_reason() and BIO_set_retry_reason() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_BLINDING_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_BLINDING_new.html new file mode 100644 index 00000000..8e33d782 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_BLINDING_new.html @@ -0,0 +1,112 @@ + + + + +BN_BLINDING_new + + + + + + + + + + +

NAME

+ +

BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread, BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags, BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functions

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
+                             BIGNUM *mod);
+void BN_BLINDING_free(BN_BLINDING *b);
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
+                           BN_CTX *ctx);
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+                          BN_CTX *ctx);
+int BN_BLINDING_is_current_thread(BN_BLINDING *b);
+void BN_BLINDING_set_current_thread(BN_BLINDING *b);
+int BN_BLINDING_lock(BN_BLINDING *b);
+int BN_BLINDING_unlock(BN_BLINDING *b);
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+                                      const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+                                      int (*bn_mod_exp)(BIGNUM *r,
+                                                        const BIGNUM *a,
+                                                        const BIGNUM *p,
+                                                        const BIGNUM *m,
+                                                        BN_CTX *ctx,
+                                                        BN_MONT_CTX *m_ctx),
+                                      BN_MONT_CTX *m_ctx);
+ +

DESCRIPTION

+ +

BN_BLINDING_new() allocates a new BN_BLINDING structure and copies the A and Ai values into the newly created BN_BLINDING object.

+ +

BN_BLINDING_free() frees the BN_BLINDING structure. If b is NULL, nothing is done.

+ +

BN_BLINDING_update() updates the BN_BLINDING parameters by squaring the A and Ai or, after specific number of uses and if the necessary parameters are set, by re-creating the blinding parameters.

+ +

BN_BLINDING_convert_ex() multiplies n with the blinding factor A. If r is not NULL a copy the inverse blinding factor Ai will be returned in r (this is useful if a RSA object is shared among several threads). BN_BLINDING_invert_ex() multiplies n with the inverse blinding factor Ai. If r is not NULL it will be used as the inverse blinding.

+ +

BN_BLINDING_convert() and BN_BLINDING_invert() are wrapper functions for BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() with r set to NULL.

+ +

BN_BLINDING_is_current_thread() returns whether the BN_BLINDING structure is owned by the current thread. This is to help users provide proper locking if needed for multi-threaded use.

+ +

BN_BLINDING_set_current_thread() sets the current thread as the owner of the BN_BLINDING structure.

+ +

BN_BLINDING_lock() locks the BN_BLINDING structure.

+ +

BN_BLINDING_unlock() unlocks the BN_BLINDING structure.

+ +

BN_BLINDING_get_flags() returns the BN_BLINDING flags. Currently there are two supported flags: BN_BLINDING_NO_UPDATE and BN_BLINDING_NO_RECREATE. BN_BLINDING_NO_UPDATE inhibits the automatic update of the BN_BLINDING parameters after each use and BN_BLINDING_NO_RECREATE inhibits the automatic re-creation of the BN_BLINDING parameters after a fixed number of uses (currently 32). In newly allocated BN_BLINDING objects no flags are set. BN_BLINDING_set_flags() sets the BN_BLINDING parameters flags.

+ +

BN_BLINDING_create_param() creates new BN_BLINDING parameters using the exponent e and the modulus m. bn_mod_exp and m_ctx can be used to pass special functions for exponentiation (normally BN_mod_exp_mont() and BN_MONT_CTX).

+ +

RETURN VALUES

+ +

BN_BLINDING_new() returns the newly allocated BN_BLINDING structure or NULL in case of an error.

+ +

BN_BLINDING_update(), BN_BLINDING_convert(), BN_BLINDING_invert(), BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() return 1 on success and 0 if an error occurred.

+ +

BN_BLINDING_is_current_thread() returns 1 if the current thread owns the BN_BLINDING object, 0 otherwise.

+ +

BN_BLINDING_set_current_thread() doesn't return anything.

+ +

BN_BLINDING_lock(), BN_BLINDING_unlock() return 1 if the operation succeeded or 0 on error.

+ +

BN_BLINDING_get_flags() returns the currently set BN_BLINDING flags (a unsigned long value).

+ +

BN_BLINDING_create_param() returns the newly created BN_BLINDING parameters or NULL on error.

+ +

HISTORY

+ +

BN_BLINDING_thread_id() was first introduced in OpenSSL 1.0.0, and it deprecates BN_BLINDING_set_thread_id() and BN_BLINDING_get_thread_id().

+ +

COPYRIGHT

+ +

Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_CTX_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_CTX_new.html new file mode 100644 index 00000000..a5532ca3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_CTX_new.html @@ -0,0 +1,87 @@ + + + + +BN_CTX_new + + + + + + + + + + +

NAME

+ +

BN_CTX_new, BN_CTX_secure_new, BN_CTX_free - allocate and free BN_CTX structures

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+BN_CTX *BN_CTX_new(void);
+
+BN_CTX *BN_CTX_secure_new(void);
+
+void BN_CTX_free(BN_CTX *c);
+ +

DESCRIPTION

+ +

A BN_CTX is a structure that holds BIGNUM temporary variables used by library functions. Since dynamic memory allocation to create BIGNUMs is rather expensive when used in conjunction with repeated subroutine calls, the BN_CTX structure is used.

+ +

BN_CTX_new() allocates and initializes a BN_CTX structure. BN_CTX_secure_new() allocates and initializes a BN_CTX structure but uses the secure heap (see CRYPTO_secure_malloc(3)) to hold the BIGNUMs.

+ +

BN_CTX_free() frees the components of the BN_CTX and the structure itself. Since BN_CTX_start() is required in order to obtain BIGNUMs from the BN_CTX, in most cases BN_CTX_end() must be called before the BN_CTX may be freed by BN_CTX_free(). If c is NULL, nothing is done.

+ +

A given BN_CTX must only be used by a single thread of execution. No locking is performed, and the internal pool allocator will not properly handle multiple threads of execution.

+ +

RETURN VALUES

+ +

BN_CTX_new() and BN_CTX_secure_new() return a pointer to the BN_CTX. If the allocation fails, they return NULL and sets an error code that can be obtained by ERR_get_error(3).

+ +

BN_CTX_free() has no return values.

+ +

REMOVED FUNCTIONALITY

+ +
void BN_CTX_init(BN_CTX *c);
+ +

BN_CTX_init() is no longer available as of OpenSSL 1.1.0. Applications should replace use of BN_CTX_init with BN_CTX_new instead:

+ +
BN_CTX *ctx;
+ctx = BN_CTX_new();
+if (!ctx)
+    /* error */
+...
+BN_CTX_free(ctx);
+ +

SEE ALSO

+ +

ERR_get_error(3), BN_add(3), BN_CTX_start(3)

+ +

HISTORY

+ +

BN_CTX_init() was removed in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_CTX_start.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_CTX_start.html new file mode 100644 index 00000000..b3774985 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_CTX_start.html @@ -0,0 +1,66 @@ + + + + +BN_CTX_start + + + + + + + + + + +

NAME

+ +

BN_CTX_start, BN_CTX_get, BN_CTX_end - use temporary BIGNUM variables

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+void BN_CTX_start(BN_CTX *ctx);
+
+BIGNUM *BN_CTX_get(BN_CTX *ctx);
+
+void BN_CTX_end(BN_CTX *ctx);
+ +

DESCRIPTION

+ +

These functions are used to obtain temporary BIGNUM variables from a BN_CTX (which can been created by using BN_CTX_new(3)) in order to save the overhead of repeatedly creating and freeing BIGNUMs in functions that are called from inside a loop.

+ +

A function must call BN_CTX_start() first. Then, BN_CTX_get() may be called repeatedly to obtain temporary BIGNUMs. All BN_CTX_get() calls must be made before calling any other functions that use the ctx as an argument.

+ +

Finally, BN_CTX_end() must be called before returning from the function. If ctx is NULL, nothing is done. When BN_CTX_end() is called, the BIGNUM pointers obtained from BN_CTX_get() become invalid.

+ +

RETURN VALUES

+ +

BN_CTX_start() and BN_CTX_end() return no values.

+ +

BN_CTX_get() returns a pointer to the BIGNUM, or NULL on error. Once BN_CTX_get() has failed, the subsequent calls will return NULL as well, so it is sufficient to check the return value of the last BN_CTX_get() call. In case of an error, an error code is set, which can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

BN_CTX_new(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_add.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_add.html new file mode 100644 index 00000000..94cd8a60 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_add.html @@ -0,0 +1,117 @@ + + + + +BN_add + + + + + + + + + + +

NAME

+ +

BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd - arithmetic operations on BIGNUMs

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+
+int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+
+int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+           BN_CTX *ctx);
+
+int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
+int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
+int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+
+int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+
+int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+
+int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
+int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+
+int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx);
+
+int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ +

DESCRIPTION

+ +

BN_add() adds a and b and places the result in r (r=a+b). r may be the same BIGNUM as a or b.

+ +

BN_sub() subtracts b from a and places the result in r (r=a-b). r may be the same BIGNUM as a or b.

+ +

BN_mul() multiplies a and b and places the result in r (r=a*b). r may be the same BIGNUM as a or b. For multiplication by powers of 2, use BN_lshift(3).

+ +

BN_sqr() takes the square of a and places the result in r (r=a^2). r and a may be the same BIGNUM. This function is faster than BN_mul(r,a,a).

+ +

BN_div() divides a by d and places the result in dv and the remainder in rem (dv=a/d, rem=a%d). Either of dv and rem may be NULL, in which case the respective value is not returned. The result is rounded towards zero; thus if a is negative, the remainder will be zero or negative. For division by powers of 2, use BN_rshift(3).

+ +

BN_mod() corresponds to BN_div() with dv set to NULL.

+ +

BN_nnmod() reduces a modulo m and places the non-negative remainder in r.

+ +

BN_mod_add() adds a to b modulo m and places the non-negative result in r.

+ +

BN_mod_sub() subtracts b from a modulo m and places the non-negative result in r.

+ +

BN_mod_mul() multiplies a by b and finds the non-negative remainder respective to modulus m (r=(a*b) mod m). r may be the same BIGNUM as a or b. For more efficient algorithms for repeated computations using the same modulus, see BN_mod_mul_montgomery(3) and BN_mod_mul_reciprocal(3).

+ +

BN_mod_sqr() takes the square of a modulo m and places the result in r.

+ +

BN_exp() raises a to the p-th power and places the result in r (r=a^p). This function is faster than repeated applications of BN_mul().

+ +

BN_mod_exp() computes a to the p-th power modulo m (r=a^p % m). This function uses less time and space than BN_exp(). Do not call this function when m is even and any of the parameters have the BN_FLG_CONSTTIME flag set.

+ +

BN_gcd() computes the greatest common divisor of a and b and places the result in r. r may be the same BIGNUM as a or b.

+ +

For all functions, ctx is a previously allocated BN_CTX used for temporary variables; see BN_CTX_new(3).

+ +

Unless noted otherwise, the result BIGNUM must be different from the arguments.

+ +

RETURN VALUES

+ +

For all functions, 1 is returned for success, 0 on error. The return value should always be checked (e.g., if (!BN_add(r,a,b)) goto err;). The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), BN_CTX_new(3), BN_add_word(3), BN_set_bit(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_add_word.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_add_word.html new file mode 100644 index 00000000..cbe1dce8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_add_word.html @@ -0,0 +1,78 @@ + + + + +BN_add_word + + + + + + + + + + +

NAME

+ +

BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word - arithmetic functions on BIGNUMs with integers

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_add_word(BIGNUM *a, BN_ULONG w);
+
+int BN_sub_word(BIGNUM *a, BN_ULONG w);
+
+int BN_mul_word(BIGNUM *a, BN_ULONG w);
+
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+ +

DESCRIPTION

+ +

These functions perform arithmetic operations on BIGNUMs with unsigned integers. They are much more efficient than the normal BIGNUM arithmetic operations.

+ +

BN_add_word() adds w to a (a+=w).

+ +

BN_sub_word() subtracts w from a (a-=w).

+ +

BN_mul_word() multiplies a and w (a*=w).

+ +

BN_div_word() divides a by w (a/=w) and returns the remainder.

+ +

BN_mod_word() returns the remainder of a divided by w (a%w).

+ +

For BN_div_word() and BN_mod_word(), w must not be 0.

+ +

RETURN VALUES

+ +

BN_add_word(), BN_sub_word() and BN_mul_word() return 1 for success, 0 on error. The error codes can be obtained by ERR_get_error(3).

+ +

BN_mod_word() and BN_div_word() return a%w on success and (BN_ULONG)-1 if an error occurred.

+ +

SEE ALSO

+ +

ERR_get_error(3), BN_add(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_bn2bin.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_bn2bin.html new file mode 100644 index 00000000..62dc51c2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_bn2bin.html @@ -0,0 +1,100 @@ + + + + +BN_bn2bin + + + + + + + + + + +

NAME

+ +

BN_bn2binpad, BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn - format conversions

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+
+int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+
+char *BN_bn2hex(const BIGNUM *a);
+char *BN_bn2dec(const BIGNUM *a);
+int BN_hex2bn(BIGNUM **a, const char *str);
+int BN_dec2bn(BIGNUM **a, const char *str);
+
+int BN_print(BIO *fp, const BIGNUM *a);
+int BN_print_fp(FILE *fp, const BIGNUM *a);
+
+int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
+ +

DESCRIPTION

+ +

BN_bn2bin() converts the absolute value of a into big-endian form and stores it at to. to must point to BN_num_bytes(a) bytes of memory.

+ +

BN_bn2binpad() also converts the absolute value of a into big-endian form and stores it at to. tolen indicates the length of the output buffer to. The result is padded with zeroes if necessary. If tolen is less than BN_num_bytes(a) an error is returned.

+ +

BN_bin2bn() converts the positive integer in big-endian form of length len at s into a BIGNUM and places it in ret. If ret is NULL, a new BIGNUM is created.

+ +

BN_bn2lebinpad() and BN_lebin2bn() are identical to BN_bn2binpad() and BN_bin2bn() except the buffer is in little-endian format.

+ +

BN_bn2hex() and BN_bn2dec() return printable strings containing the hexadecimal and decimal encoding of a respectively. For negative numbers, the string is prefaced with a leading '-'. The string must be freed later using OPENSSL_free().

+ +

BN_hex2bn() takes as many characters as possible from the string str, including the leading character '-' which means negative, to form a valid hexadecimal number representation and converts them to a BIGNUM and stores it in **a. If *a is NULL, a new BIGNUM is created. If a is NULL, it only computes the length of valid representation. A "negative zero" is converted to zero. BN_dec2bn() is the same using the decimal system.

+ +

BN_print() and BN_print_fp() write the hexadecimal encoding of a, with a leading '-' for negative numbers, to the BIO or FILE fp.

+ +

BN_bn2mpi() and BN_mpi2bn() convert BIGNUMs from and to a format that consists of the number's length in bytes represented as a 4-byte big-endian number, and the number itself in big-endian format, where the most significant bit signals a negative number (the representation of numbers with the MSB set is prefixed with null byte).

+ +

BN_bn2mpi() stores the representation of a at to, where to must be large enough to hold the result. The size can be determined by calling BN_bn2mpi(a, NULL).

+ +

BN_mpi2bn() converts the len bytes long representation at s to a BIGNUM and stores it at ret, or in a newly allocated BIGNUM if ret is NULL.

+ +

RETURN VALUES

+ +

BN_bn2bin() returns the length of the big-endian number placed at to. BN_bin2bn() returns the BIGNUM, NULL on error.

+ +

BN_bn2binpad() returns the number of bytes written or -1 if the supplied buffer is too small.

+ +

BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL on error. BN_hex2bn() and BN_dec2bn() return the number of characters used in parsing, or 0 on error, in which case no new BIGNUM will be created.

+ +

BN_print_fp() and BN_print() return 1 on success, 0 on write errors.

+ +

BN_bn2mpi() returns the length of the representation. BN_mpi2bn() returns the BIGNUM, and NULL on error.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), BN_zero(3), ASN1_INTEGER_to_BN(3), BN_num_bytes(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_cmp.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_cmp.html new file mode 100644 index 00000000..71e45612 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_cmp.html @@ -0,0 +1,63 @@ + + + + +BN_cmp + + + + + + + + + + +

NAME

+ +

BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_cmp(BIGNUM *a, BIGNUM *b);
+int BN_ucmp(BIGNUM *a, BIGNUM *b);
+
+int BN_is_zero(BIGNUM *a);
+int BN_is_one(BIGNUM *a);
+int BN_is_word(BIGNUM *a, BN_ULONG w);
+int BN_is_odd(BIGNUM *a);
+ +

DESCRIPTION

+ +

BN_cmp() compares the numbers a and b. BN_ucmp() compares their absolute values.

+ +

BN_is_zero(), BN_is_one() and BN_is_word() test if a equals 0, 1, or w respectively. BN_is_odd() tests if a is odd.

+ +

BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros.

+ +

RETURN VALUES

+ +

BN_cmp() returns -1 if a < b, 0 if a == b and 1 if a > b. BN_ucmp() is the same using the absolute values of a and b.

+ +

BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if the condition is true, 0 otherwise.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_copy.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_copy.html new file mode 100644 index 00000000..7dc6a019 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_copy.html @@ -0,0 +1,75 @@ + + + + +BN_copy + + + + + + + + + + +

NAME

+ +

BN_copy, BN_dup, BN_with_flags - copy BIGNUMs

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from);
+
+BIGNUM *BN_dup(const BIGNUM *from);
+
+void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags);
+ +

DESCRIPTION

+ +

BN_copy() copies from to to. BN_dup() creates a new BIGNUM containing the value from.

+ +

BN_with_flags creates a temporary shallow copy of b in dest. It places significant restrictions on the copied data. Applications that do no adhere to these restrictions may encounter unexpected side effects or crashes. For that reason use of this function is discouraged. Any flags provided in flags will be set in dest in addition to any flags already set in b. For example this might commonly be used to create a temporary copy of a BIGNUM with the BN_FLG_CONSTTIME flag set for constant time operations. The temporary copy in dest will share some internal state with b. For this reason the following restrictions apply to the use of dest:

+ +
    + +
  • dest should be a newly allocated BIGNUM obtained via a call to BN_new(). It should not have been used for other purposes or initialised in any way.

    + +
  • +
  • dest must only be used in "read-only" operations, i.e. typically those functions where the relevant parameter is declared "const".

    + +
  • +
  • dest must be used and freed before any further subsequent use of b

    + +
  • +
+ +

RETURN VALUES

+ +

BN_copy() returns to on success, NULL on error. BN_dup() returns the new BIGNUM, and NULL on error. The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_generate_prime.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_generate_prime.html new file mode 100644 index 00000000..bdb2ff7d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_generate_prime.html @@ -0,0 +1,174 @@ + + + + +BN_generate_prime + + + + + + + + + + +

NAME

+ +

BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+                         const BIGNUM *rem, BN_GENCB *cb);
+
+int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+
+int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
+                            int do_trial_division, BN_GENCB *cb);
+
+int BN_GENCB_call(BN_GENCB *cb, int a, int b);
+
+BN_GENCB *BN_GENCB_new(void);
+
+void BN_GENCB_free(BN_GENCB *cb);
+
+void BN_GENCB_set_old(BN_GENCB *gencb,
+                      void (*callback)(int, int, void *), void *cb_arg);
+
+void BN_GENCB_set(BN_GENCB *gencb,
+                  int (*callback)(int, int, BN_GENCB *), void *cb_arg);
+
+void *BN_GENCB_get_arg(BN_GENCB *cb);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x00908000L
+BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
+                          BIGNUM *rem, void (*callback)(int, int, void *),
+                          void *cb_arg);
+
+int BN_is_prime(const BIGNUM *a, int checks,
+                void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
+
+int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+                         void (*callback)(int, int, void *), BN_CTX *ctx,
+                         void *cb_arg, int do_trial_division);
+#endif
+ +

DESCRIPTION

+ +

BN_generate_prime_ex() generates a pseudo-random prime number of at least bit length bits. The returned number is probably prime with a negligible error. If add is NULL the returned prime number will have exact bit length bits with the top most two bits set.

+ +

If ret is not NULL, it will be used to store the number.

+ +

If cb is not NULL, it is used as follows:

+ +
    + +
  • BN_GENCB_call(cb, 0, i) is called after generating the i-th potential prime number.

    + +
  • +
  • While the number is being tested for primality, BN_GENCB_call(cb, 1, j) is called as described below.

    + +
  • +
  • When a prime has been found, BN_GENCB_call(cb, 2, i) is called.

    + +
  • +
  • The callers of BN_generate_prime_ex() may call BN_GENCB_call(cb, i, j) with other values as described in their respective man pages; see "SEE ALSO".

    + +
  • +
+ +

The prime may have to fulfill additional requirements for use in Diffie-Hellman key exchange:

+ +

If add is not NULL, the prime will fulfill the condition p % add == rem (p % add == 1 if rem == NULL) in order to suit a given generator.

+ +

If safe is true, it will be a safe prime (i.e. a prime p so that (p-1)/2 is also prime). If safe is true, and rem == NULL the condition will be p % add == 3. It is recommended that add is a multiple of 4.

+ +

The random generator must be seeded prior to calling BN_generate_prime_ex(). If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

BN_is_prime_ex() and BN_is_prime_fasttest_ex() test if the number p is prime. The following tests are performed until one of them shows that p is composite; if p passes all these tests, it is considered prime.

+ +

BN_is_prime_fasttest_ex(), when called with do_trial_division == 1, first attempts trial division by a number of small primes; if no divisors are found by this test and cb is not NULL, BN_GENCB_call(cb, 1, -1) is called. If do_trial_division == 0, this test is skipped.

+ +

Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin probabilistic primality test with nchecks iterations. If nchecks == BN_prime_checks, a number of iterations is used that yields a false positive rate of at most 2^-64 for random input. The error rate depends on the size of the prime and goes down for bigger primes. The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bits, 2^-128 at 1080 bits, 2^-192 at 3747 bits and 2^-256 at 6394 bits.

+ +

When the source of the prime is not random or not trusted, the number of checks needs to be much higher to reach the same level of assurance: It should equal half of the targeted security level in bits (rounded up to the next integer if necessary). For instance, to reach the 128 bit security level, nchecks should be set to 64.

+ +

If cb is not NULL, BN_GENCB_call(cb, 1, j) is called after the j-th iteration (j = 0, 1, ...). ctx is a pre-allocated BN_CTX (to save the overhead of allocating and freeing the structure in a loop), or NULL.

+ +

BN_GENCB_call() calls the callback function held in the BN_GENCB structure and passes the ints a and b as arguments. There are two types of BN_GENCB structure that are supported: "new" style and "old" style. New programs should prefer the "new" style, whilst the "old" style is provided for backwards compatibility purposes.

+ +

A BN_GENCB structure should be created through a call to BN_GENCB_new(), and freed through a call to BN_GENCB_free().

+ +

For "new" style callbacks a BN_GENCB structure should be initialised with a call to BN_GENCB_set(), where gencb is a BN_GENCB *, callback is of type int (*callback)(int, int, BN_GENCB *) and cb_arg is a void *. "Old" style callbacks are the same except they are initialised with a call to BN_GENCB_set_old() and callback is of type void (*callback)(int, int, void *).

+ +

A callback is invoked through a call to BN_GENCB_call. This will check the type of the callback and will invoke callback(a, b, gencb) for new style callbacks or callback(a, b, cb_arg) for old style.

+ +

It is possible to obtain the argument associated with a BN_GENCB structure (set via a call to BN_GENCB_set or BN_GENCB_set_old) using BN_GENCB_get_arg.

+ +

BN_generate_prime() (deprecated) works in the same way as BN_generate_prime_ex() but expects an old-style callback function directly in the callback parameter, and an argument to pass to it in the cb_arg. BN_is_prime() and BN_is_prime_fasttest() can similarly be compared to BN_is_prime_ex() and BN_is_prime_fasttest_ex(), respectively.

+ +

RETURN VALUES

+ +

BN_generate_prime_ex() return 1 on success or 0 on error.

+ +

BN_is_prime_ex(), BN_is_prime_fasttest_ex(), BN_is_prime() and BN_is_prime_fasttest() return 0 if the number is composite, 1 if it is prime with an error probability of less than 0.25^nchecks, and -1 on error.

+ +

BN_generate_prime() returns the prime number on success, NULL otherwise.

+ +

BN_GENCB_new returns a pointer to a BN_GENCB structure on success, or NULL otherwise.

+ +

BN_GENCB_get_arg returns the argument previously associated with a BN_GENCB structure.

+ +

Callback functions should return 1 on success or 0 on error.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

REMOVED FUNCTIONALITY

+ +

As of OpenSSL 1.1.0 it is no longer possible to create a BN_GENCB structure directly, as in:

+ +
BN_GENCB callback;
+ +

Instead applications should create a BN_GENCB structure using BN_GENCB_new:

+ +
BN_GENCB *callback;
+callback = BN_GENCB_new();
+if (!callback)
+    /* error */
+...
+BN_GENCB_free(callback);
+ +

SEE ALSO

+ +

DH_generate_parameters(3), DSA_generate_parameters(3), RSA_generate_key(3), ERR_get_error(3), RAND_bytes(3), RAND(7)

+ +

HISTORY

+ +

The BN_GENCB_new(), BN_GENCB_free(), and BN_GENCB_get_arg() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_mod_inverse.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_mod_inverse.html new file mode 100644 index 00000000..4bd456bb --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_mod_inverse.html @@ -0,0 +1,59 @@ + + + + +BN_mod_inverse + + + + + + + + + + +

NAME

+ +

BN_mod_inverse - compute inverse modulo n

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+                       BN_CTX *ctx);
+ +

DESCRIPTION

+ +

BN_mod_inverse() computes the inverse of a modulo n places the result in r ((a*r)%n==1). If r is NULL, a new BIGNUM is created.

+ +

ctx is a previously allocated BN_CTX used for temporary variables. r may be the same BIGNUM as a or n.

+ +

RETURN VALUES

+ +

BN_mod_inverse() returns the BIGNUM containing the inverse, and NULL on error. The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), BN_add(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_mod_mul_montgomery.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_mod_mul_montgomery.html new file mode 100644 index 00000000..825b3ed1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_mod_mul_montgomery.html @@ -0,0 +1,99 @@ + + + + +BN_mod_mul_montgomery + + + + + + + + + + +

NAME

+ +

BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, BN_from_montgomery, BN_to_montgomery - Montgomery multiplication

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+BN_MONT_CTX *BN_MONT_CTX_new(void);
+void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+
+int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx);
+
+int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+                       BN_CTX *ctx);
+
+int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+                     BN_CTX *ctx);
+ +

DESCRIPTION

+ +

These functions implement Montgomery multiplication. They are used automatically when BN_mod_exp(3) is called with suitable input, but they may be useful when several operations are to be performed using the same modulus.

+ +

BN_MONT_CTX_new() allocates and initializes a BN_MONT_CTX structure.

+ +

BN_MONT_CTX_set() sets up the mont structure from the modulus m by precomputing its inverse and a value R.

+ +

BN_MONT_CTX_copy() copies the BN_MONT_CTX from to to.

+ +

BN_MONT_CTX_free() frees the components of the BN_MONT_CTX, and, if it was created by BN_MONT_CTX_new(), also the structure itself. If mont is NULL, nothing is done.

+ +

BN_mod_mul_montgomery() computes Mont(a,b):=a*b*R^-1 and places the result in r.

+ +

BN_from_montgomery() performs the Montgomery reduction r = a*R^-1.

+ +

BN_to_montgomery() computes Mont(a,R^2), i.e. a*R. Note that a must be non-negative and smaller than the modulus.

+ +

For all functions, ctx is a previously allocated BN_CTX used for temporary variables.

+ +

RETURN VALUES

+ +

BN_MONT_CTX_new() returns the newly allocated BN_MONT_CTX, and NULL on error.

+ +

BN_MONT_CTX_free() has no return value.

+ +

For the other functions, 1 is returned for success, 0 on error. The error codes can be obtained by ERR_get_error(3).

+ +

WARNINGS

+ +

The inputs must be reduced modulo m, otherwise the result will be outside the expected range.

+ +

SEE ALSO

+ +

ERR_get_error(3), BN_add(3), BN_CTX_new(3)

+ +

HISTORY

+ +

BN_MONT_CTX_init() was removed in OpenSSL 1.1.0

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_mod_mul_reciprocal.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_mod_mul_reciprocal.html new file mode 100644 index 00000000..6c144944 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_mod_mul_reciprocal.html @@ -0,0 +1,84 @@ + + + + +BN_mod_mul_reciprocal + + + + + + + + + + +

NAME

+ +

BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_free, BN_RECP_CTX_set - modular multiplication using reciprocal

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+BN_RECP_CTX *BN_RECP_CTX_new(void);
+void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
+
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp,
+                BN_CTX *ctx);
+
+int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+                          BN_RECP_CTX *recp, BN_CTX *ctx);
+ +

DESCRIPTION

+ +

BN_mod_mul_reciprocal() can be used to perform an efficient BN_mod_mul(3) operation when the operation will be performed repeatedly with the same modulus. It computes r=(a*b)%m using recp=1/m, which is set as described below. ctx is a previously allocated BN_CTX used for temporary variables.

+ +

BN_RECP_CTX_new() allocates and initializes a BN_RECP structure.

+ +

BN_RECP_CTX_free() frees the components of the BN_RECP, and, if it was created by BN_RECP_CTX_new(), also the structure itself. If recp is NULL, nothing is done.

+ +

BN_RECP_CTX_set() stores m in recp and sets it up for computing 1/m and shifting it left by BN_num_bits(m)+1 to make it an integer. The result and the number of bits it was shifted left will later be stored in recp.

+ +

BN_div_recp() divides a by m using recp. It places the quotient in dv and the remainder in rem.

+ +

The BN_RECP_CTX structure cannot be shared between threads.

+ +

RETURN VALUES

+ +

BN_RECP_CTX_new() returns the newly allocated BN_RECP_CTX, and NULL on error.

+ +

BN_RECP_CTX_free() has no return value.

+ +

For the other functions, 1 is returned for success, 0 on error. The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), BN_add(3), BN_CTX_new(3)

+ +

HISTORY

+ +

BN_RECP_CTX_init() was removed in OpenSSL 1.1.0

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_new.html new file mode 100644 index 00000000..cf03b245 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_new.html @@ -0,0 +1,75 @@ + + + + +BN_new + + + + + + + + + + +

NAME

+ +

BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+BIGNUM *BN_new(void);
+
+BIGNUM *BN_secure_new(void);
+
+void BN_clear(BIGNUM *a);
+
+void BN_free(BIGNUM *a);
+
+void BN_clear_free(BIGNUM *a);
+ +

DESCRIPTION

+ +

BN_new() allocates and initializes a BIGNUM structure. BN_secure_new() does the same except that the secure heap OPENSSL_secure_malloc(3) is used to store the value.

+ +

BN_clear() is used to destroy sensitive data such as keys when they are no longer needed. It erases the memory used by a and sets it to the value 0. If a is NULL, nothing is done.

+ +

BN_free() frees the components of the BIGNUM, and if it was created by BN_new(), also the structure itself. BN_clear_free() additionally overwrites the data before the memory is returned to the system. If a is NULL, nothing is done.

+ +

RETURN VALUES

+ +

BN_new() and BN_secure_new() return a pointer to the BIGNUM initialised to the value 0. If the allocation fails, they return NULL and set an error code that can be obtained by ERR_get_error(3).

+ +

BN_clear(), BN_free() and BN_clear_free() have no return values.

+ +

SEE ALSO

+ +

ERR_get_error(3), OPENSSL_secure_malloc(3)

+ +

HISTORY

+ +

BN_init() was removed in OpenSSL 1.1.0; use BN_new() instead.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_num_bytes.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_num_bytes.html new file mode 100644 index 00000000..fa66fc8c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_num_bytes.html @@ -0,0 +1,71 @@ + + + + +BN_num_bytes + + + + + + + + + + +

NAME

+ +

BN_num_bits, BN_num_bytes, BN_num_bits_word - get BIGNUM size

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_num_bytes(const BIGNUM *a);
+
+int BN_num_bits(const BIGNUM *a);
+
+int BN_num_bits_word(BN_ULONG w);
+ +

DESCRIPTION

+ +

BN_num_bytes() returns the size of a BIGNUM in bytes.

+ +

BN_num_bits_word() returns the number of significant bits in a word. If we take 0x00000432 as an example, it returns 11, not 16, not 32. Basically, except for a zero, it returns floor(log2(w))+1.

+ +

BN_num_bits() returns the number of significant bits in a BIGNUM, following the same principle as BN_num_bits_word().

+ +

BN_num_bytes() is a macro.

+ +

RETURN VALUES

+ +

The size.

+ +

NOTES

+ +

Some have tried using BN_num_bits() on individual numbers in RSA keys, DH keys and DSA keys, and found that they don't always come up with the number of bits they expected (something like 512, 1024, 2048, ...). This is because generating a number with some specific number of bits doesn't always set the highest bits, thereby making the number of significant bits a little lower. If you want to know the "key size" of such a key, either use functions like RSA_size(), DH_size() and DSA_size(), or use BN_num_bytes() and multiply with 8 (although there's no real guarantee that will match the "key size", just a lot more probability).

+ +

SEE ALSO

+ +

DH_size(3), DSA_size(3), RSA_size(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_rand.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_rand.html new file mode 100644 index 00000000..6f99cbbd --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_rand.html @@ -0,0 +1,88 @@ + + + + +BN_rand + + + + + + + + + + +

NAME

+ +

BN_rand, BN_priv_rand, BN_pseudo_rand, BN_rand_range, BN_priv_rand_range, BN_pseudo_rand_range - generate pseudo-random number

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+
+int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range);
+
+int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+ +

DESCRIPTION

+ +

BN_rand() generates a cryptographically strong pseudo-random number of bits in length and stores it in rnd. If bits is less than zero, or too small to accommodate the requirements specified by the top and bottom parameters, an error is returned. The top parameters specifies requirements on the most significant bit of the generated number. If it is BN_RAND_TOP_ANY, there is no constraint. If it is BN_RAND_TOP_ONE, the top bit must be one. If it is BN_RAND_TOP_TWO, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*bits length. If bottom is BN_RAND_BOTTOM_ODD, the number will be odd; if it is BN_RAND_BOTTOM_ANY it can be odd or even. If bits is 1 then top cannot also be BN_RAND_FLG_TOPTWO.

+ +

BN_rand_range() generates a cryptographically strong pseudo-random number rnd in the range 0 <= rnd < range.

+ +

BN_priv_rand() and BN_priv_rand_range() have the same semantics as BN_rand() and BN_rand_range() respectively. They are intended to be used for generating values that should remain private, and mirror the same difference between RAND_bytes(3) and RAND_priv_bytes(3).

+ +

NOTES

+ +

Always check the error return value of these functions and do not take randomness for granted: an error occurs if the CSPRNG has not been seeded with enough randomness to ensure an unpredictable byte sequence.

+ +

RETURN VALUES

+ +

The functions return 1 on success, 0 on error. The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), RAND_add(3), RAND_bytes(3), RAND_priv_bytes(3), RAND(7), RAND_DRBG(7)

+ +

HISTORY

+ +
    + +
  • Starting with OpenSSL release 1.1.0, BN_pseudo_rand() has been identical to BN_rand() and BN_pseudo_rand_range() has been identical to BN_rand_range(). The "pseudo" functions should not be used and may be deprecated in a future release.

    + +
  • +
  • The BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1.

    + +
  • +
+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_security_bits.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_security_bits.html new file mode 100644 index 00000000..fa6966ba --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_security_bits.html @@ -0,0 +1,66 @@ + + + + +BN_security_bits + + + + + + + + + + +

NAME

+ +

BN_security_bits - returns bits of security based on given numbers

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_security_bits(int L, int N);
+ +

DESCRIPTION

+ +

BN_security_bits() returns the number of bits of security provided by a specific algorithm and a particular key size. The bits of security is defined in NIST SP800-57. Currently, BN_security_bits() support two types of asymmetric algorithms: the FFC (Finite Field Cryptography) and IFC (Integer Factorization Cryptography). For FFC, e.g., DSA and DH, both parameters L and N are used to decide the bits of security, where L is the size of the public key and N is the size of the private key. For IFC, e.g., RSA, only L is used and it's commonly considered to be the key size (modulus).

+ +

RETURN VALUES

+ +

Number of security bits.

+ +

NOTES

+ +

ECC (Elliptic Curve Cryptography) is not covered by the BN_security_bits() function. The symmetric algorithms are not covered neither.

+ +

SEE ALSO

+ +

DH_security_bits(3), DSA_security_bits(3), RSA_security_bits(3)

+ +

HISTORY

+ +

The BN_security_bits() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_set_bit.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_set_bit.html new file mode 100644 index 00000000..9a6c6fc0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_set_bit.html @@ -0,0 +1,81 @@ + + + + +BN_set_bit + + + + + + + + + + +

NAME

+ +

BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, BN_lshift1, BN_rshift, BN_rshift1 - bit operations on BIGNUMs

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_set_bit(BIGNUM *a, int n);
+int BN_clear_bit(BIGNUM *a, int n);
+
+int BN_is_bit_set(const BIGNUM *a, int n);
+
+int BN_mask_bits(BIGNUM *a, int n);
+
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_lshift1(BIGNUM *r, BIGNUM *a);
+
+int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+int BN_rshift1(BIGNUM *r, BIGNUM *a);
+ +

DESCRIPTION

+ +

BN_set_bit() sets bit n in a to 1 (a|=(1<<n)). The number is expanded if necessary.

+ +

BN_clear_bit() sets bit n in a to 0 (a&=~(1<<n)). An error occurs if a is shorter than n bits.

+ +

BN_is_bit_set() tests if bit n in a is set.

+ +

BN_mask_bits() truncates a to an n bit number (a&=~((~0)>>n)). An error occurs if a already is shorter than n bits.

+ +

BN_lshift() shifts a left by n bits and places the result in r (r=a*2^n). Note that n must be non-negative. BN_lshift1() shifts a left by one and places the result in r (r=2*a).

+ +

BN_rshift() shifts a right by n bits and places the result in r (r=a/2^n). Note that n must be non-negative. BN_rshift1() shifts a right by one and places the result in r (r=a/2).

+ +

For the shift functions, r and a may be the same variable.

+ +

RETURN VALUES

+ +

BN_is_bit_set() returns 1 if the bit is set, 0 otherwise.

+ +

All other functions return 1 for success, 0 on error. The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

BN_num_bytes(3), BN_add(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_swap.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_swap.html new file mode 100644 index 00000000..53b37a20 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_swap.html @@ -0,0 +1,51 @@ + + + + +BN_swap + + + + + + + + + + +

NAME

+ +

BN_swap - exchange BIGNUMs

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+void BN_swap(BIGNUM *a, BIGNUM *b);
+ +

DESCRIPTION

+ +

BN_swap() exchanges the values of a and b.

+ +

RETURN VALUES

+ +

BN_swap() does not return a value.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_zero.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_zero.html new file mode 100644 index 00000000..e92b821c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BN_zero.html @@ -0,0 +1,82 @@ + + + + +BN_zero + + + + + + + + + + +

NAME

+ +

BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word - BIGNUM assignment operations

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+void BN_zero(BIGNUM *a);
+int BN_one(BIGNUM *a);
+
+const BIGNUM *BN_value_one(void);
+
+int BN_set_word(BIGNUM *a, BN_ULONG w);
+unsigned BN_ULONG BN_get_word(BIGNUM *a);
+ +

DESCRIPTION

+ +

BN_ULONG is a macro that will be an unsigned integral type optimized for the most efficient implementation on the local platform.

+ +

BN_zero(), BN_one() and BN_set_word() set a to the values 0, 1 and w respectively. BN_zero() and BN_one() are macros.

+ +

BN_value_one() returns a BIGNUM constant of value 1. This constant is useful for use in comparisons and assignment.

+ +

BN_get_word() returns a, if it can be represented as a BN_ULONG.

+ +

RETURN VALUES

+ +

BN_get_word() returns the value a, or all-bits-set if a cannot be represented as a single integer.

+ +

BN_one() and BN_set_word() return 1 on success, 0 otherwise. BN_value_one() returns the constant. BN_zero() never fails and returns no value.

+ +

BUGS

+ +

If a BIGNUM is equal to the value of all-bits-set, it will collide with the error condition returned by BN_get_word() which uses that as an error value.

+ +

BN_ULONG should probably be a typedef.

+ +

SEE ALSO

+ +

BN_bn2bin(3)

+ +

HISTORY

+ +

In OpenSSL 0.9.8, BN_zero() was changed to not return a value; previous versions returned an int.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BUF_MEM_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BUF_MEM_new.html new file mode 100644 index 00000000..fa6c957f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/BUF_MEM_new.html @@ -0,0 +1,86 @@ + + + + +BUF_MEM_new + + + + + + + + + + +

NAME

+ +

BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, BUF_MEM_grow_clean, BUF_reverse - simple character array structure

+ +

SYNOPSIS

+ +
#include <openssl/buffer.h>
+
+BUF_MEM *BUF_MEM_new(void);
+
+BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
+
+void BUF_MEM_free(BUF_MEM *a);
+
+int BUF_MEM_grow(BUF_MEM *str, int len);
+size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
+
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size);
+ +

DESCRIPTION

+ +

The buffer library handles simple character arrays. Buffers are used for various purposes in the library, most notably memory BIOs.

+ +

BUF_MEM_new() allocates a new buffer of zero size.

+ +

BUF_MEM_new_ex() allocates a buffer with the specified flags. The flag BUF_MEM_FLAG_SECURE specifies that the data pointer should be allocated on the secure heap; see CRYPTO_secure_malloc(3).

+ +

BUF_MEM_free() frees up an already existing buffer. The data is zeroed before freeing up in case the buffer contains sensitive data.

+ +

BUF_MEM_grow() changes the size of an already existing buffer to len. Any data already in the buffer is preserved if it increases in size.

+ +

BUF_MEM_grow_clean() is similar to BUF_MEM_grow() but it sets any free'd or additionally-allocated memory to zero.

+ +

BUF_reverse() reverses size bytes at in into out. If in is NULL, the array is reversed in-place.

+ +

RETURN VALUES

+ +

BUF_MEM_new() returns the buffer or NULL on error.

+ +

BUF_MEM_free() has no return value.

+ +

BUF_MEM_grow() and BUF_MEM_grow_clean() return zero on error or the new size (i.e., len).

+ +

SEE ALSO

+ +

bio(7), CRYPTO_secure_malloc(3).

+ +

HISTORY

+ +

The BUF_MEM_new_ex() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_add0_cert.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_add0_cert.html new file mode 100644 index 00000000..963021b2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_add0_cert.html @@ -0,0 +1,79 @@ + + + + +CMS_add0_cert + + + + + + + + + + +

NAME

+ +

CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls - CMS certificate and CRL utility functions

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
+
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
+ +

DESCRIPTION

+ +

CMS_add0_cert() and CMS_add1_cert() add certificate cert to cms. must be of type signed data or enveloped data.

+ +

CMS_get1_certs() returns all certificates in cms.

+ +

CMS_add0_crl() and CMS_add1_crl() add CRL crl to cms. CMS_get1_crls() returns any CRLs in cms.

+ +

NOTES

+ +

The CMS_ContentInfo structure cms must be of type signed data or enveloped data or an error will be returned.

+ +

For signed data certificates and CRLs are added to the certificates and crls fields of SignedData structure. For enveloped data they are added to OriginatorInfo.

+ +

As the 0 implies CMS_add0_cert() adds cert internally to cms and it must not be freed up after the call as opposed to CMS_add1_cert() where cert must be freed up.

+ +

The same certificate or CRL must not be added to the same cms structure more than once.

+ +

RETURN VALUES

+ +

CMS_add0_cert(), CMS_add1_cert() and CMS_add0_crl() and CMS_add1_crl() return 1 for success and 0 for failure.

+ +

CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs or NULL if there are none or an error occurs. The only error which will occur in practice is if the cms type is invalid.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_encrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_add1_recipient_cert.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_add1_recipient_cert.html new file mode 100644 index 00000000..15da3724 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_add1_recipient_cert.html @@ -0,0 +1,77 @@ + + + + +CMS_add1_recipient_cert + + + + + + + + + + +

NAME

+ +

CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+                                           X509 *recip, unsigned int flags);
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+                                          unsigned char *key, size_t keylen,
+                                          unsigned char *id, size_t idlen,
+                                          ASN1_GENERALIZEDTIME *date,
+                                          ASN1_OBJECT *otherTypeId,
+                                          ASN1_TYPE *otherType);
+ +

DESCRIPTION

+ +

CMS_add1_recipient_cert() adds recipient recip to CMS_ContentInfo enveloped data structure cms as a KeyTransRecipientInfo structure.

+ +

CMS_add0_recipient_key() adds symmetric key key of length keylen using wrapping algorithm nid, identifier id of length idlen and optional values date, otherTypeId and otherType to CMS_ContentInfo enveloped data structure cms as a KEKRecipientInfo structure.

+ +

The CMS_ContentInfo structure should be obtained from an initial call to CMS_encrypt() with the flag CMS_PARTIAL set.

+ +

NOTES

+ +

The main purpose of this function is to provide finer control over a CMS enveloped data structure where the simpler CMS_encrypt() function defaults are not appropriate. For example if one or more KEKRecipientInfo structures need to be added. New attributes can also be added using the returned CMS_RecipientInfo structure and the CMS attribute utility functions.

+ +

OpenSSL will by default identify recipient certificates using issuer name and serial number. If CMS_USE_KEYID is set it will use the subject key identifier value instead. An error occurs if all recipient certificates do not have a subject key identifier extension.

+ +

Currently only AES based key wrapping algorithms are supported for nid, specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. If nid is set to NID_undef then an AES wrap algorithm will be used consistent with keylen.

+ +

RETURN VALUES

+ +

CMS_add1_recipient_cert() and CMS_add0_recipient_key() return an internal pointer to the CMS_RecipientInfo structure just added or NULL if an error occurs.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_decrypt(3), CMS_final(3),

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_add1_signer.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_add1_signer.html new file mode 100644 index 00000000..b2e91064 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_add1_signer.html @@ -0,0 +1,89 @@ + + + + +CMS_add1_signer + + + + + + + + + + +

NAME

+ +

CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert,
+                                EVP_PKEY *pkey, const EVP_MD *md,
+                                unsigned int flags);
+
+int CMS_SignerInfo_sign(CMS_SignerInfo *si);
+ +

DESCRIPTION

+ +

CMS_add1_signer() adds a signer with certificate signcert and private key pkey using message digest md to CMS_ContentInfo SignedData structure cms.

+ +

The CMS_ContentInfo structure should be obtained from an initial call to CMS_sign() with the flag CMS_PARTIAL set or in the case or re-signing a valid CMS_ContentInfo SignedData structure.

+ +

If the md parameter is NULL then the default digest for the public key algorithm will be used.

+ +

Unless the CMS_REUSE_DIGEST flag is set the returned CMS_ContentInfo structure is not complete and must be finalized either by streaming (if applicable) or a call to CMS_final().

+ +

The CMS_SignerInfo_sign() function will explicitly sign a CMS_SignerInfo structure, its main use is when CMS_REUSE_DIGEST and CMS_PARTIAL flags are both set.

+ +

NOTES

+ +

The main purpose of CMS_add1_signer() is to provide finer control over a CMS signed data structure where the simpler CMS_sign() function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed. New attributes can also be added using the returned CMS_SignerInfo structure and the CMS attribute utility functions or the CMS signed receipt request functions.

+ +

Any of the following flags (ored together) can be passed in the flags parameter.

+ +

If CMS_REUSE_DIGEST is set then an attempt is made to copy the content digest value from the CMS_ContentInfo structure: to add a signer to an existing structure. An error occurs if a matching digest value cannot be found to copy. The returned CMS_ContentInfo structure will be valid and finalized when this flag is set.

+ +

If CMS_PARTIAL is set in addition to CMS_REUSE_DIGEST then the CMS_SignerInfo structure will not be finalized so additional attributes can be added. In this case an explicit call to CMS_SignerInfo_sign() is needed to finalize it.

+ +

If CMS_NOCERTS is set the signer's certificate will not be included in the CMS_ContentInfo structure, the signer's certificate must still be supplied in the signcert parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message.

+ +

The SignedData structure includes several CMS signedAttributes including the signing time, the CMS content type and the supported list of ciphers in an SMIMECapabilities attribute. If CMS_NOATTR is set then no signedAttributes will be used. If CMS_NOSMIMECAP is set then just the SMIMECapabilities are omitted.

+ +

OpenSSL will by default identify signing certificates using issuer name and serial number. If CMS_USE_KEYID is set it will use the subject key identifier value instead. An error occurs if the signing certificate does not have a subject key identifier extension.

+ +

If present the SMIMECapabilities attribute indicates support for the following algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is not loaded.

+ +

CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo structure just added, this can be used to set additional attributes before it is finalized.

+ +

RETURN VALUES

+ +

CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo structure just added or NULL if an error occurs.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_final(3),

+ +

COPYRIGHT

+ +

Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_compress.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_compress.html new file mode 100644 index 00000000..069b0ede --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_compress.html @@ -0,0 +1,85 @@ + + + + +CMS_compress + + + + + + + + + + +

NAME

+ +

CMS_compress - create a CMS CompressedData structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_compress() creates and returns a CMS CompressedData structure. comp_nid is the compression algorithm to use or NID_undef to use the default algorithm (zlib compression). in is the content to be compressed. flags is an optional set of flags.

+ +

NOTES

+ +

The only currently supported compression algorithm is zlib using the NID NID_zlib_compression.

+ +

If zlib support is not compiled into OpenSSL then CMS_compress() will return an error.

+ +

If the CMS_TEXT flag is set MIME headers for type text/plain are prepended to the data.

+ +

Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) if CMS_BINARY is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. If CMS_BINARY is set then CMS_TEXT is ignored.

+ +

If the CMS_STREAM flag is set a partial CMS_ContentInfo structure is returned suitable for streaming I/O: no data is read from the BIO in.

+ +

The compressed data is included in the CMS_ContentInfo structure, unless CMS_DETACHED is set in which case it is omitted. This is rarely used in practice and is not supported by SMIME_write_CMS().

+ +

NOTES

+ +

If the flag CMS_STREAM is set the returned CMS_ContentInfo structure is not complete and outputting its contents via a function that does not properly finalize the CMS_ContentInfo structure will give unpredictable results.

+ +

Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization can be performed by obtaining the streaming ASN1 BIO directly using BIO_new_CMS().

+ +

Additional compression parameters such as the zlib compression level cannot currently be set.

+ +

RETURN VALUES

+ +

CMS_compress() returns either a CMS_ContentInfo structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_uncompress(3)

+ +

HISTORY

+ +

The CMS_STREAM flag was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_decrypt.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_decrypt.html new file mode 100644 index 00000000..b900628c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_decrypt.html @@ -0,0 +1,79 @@ + + + + +CMS_decrypt + + + + + + + + + + +

NAME

+ +

CMS_decrypt - decrypt content from a CMS envelopedData structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
+                BIO *dcont, BIO *out, unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_decrypt() extracts and decrypts the content from a CMS EnvelopedData structure. pkey is the private key of the recipient, cert is the recipient's certificate, out is a BIO to write the content to and flags is an optional set of flags.

+ +

The dcont parameter is used in the rare case where the encrypted content is detached. It will normally be set to NULL.

+ +

NOTES

+ +

Although the recipients certificate is not needed to decrypt the data it is needed to locate the appropriate (of possible several) recipients in the CMS structure.

+ +

If cert is set to NULL all possible recipients are tried. This case however is problematic. To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or not. If no recipient succeeds then a random symmetric key is used to decrypt the content: this will typically output garbage and may (but is not guaranteed to) ultimately return a padding error only. If CMS_decrypt() just returned an error when all recipient encrypted keys failed to decrypt an attacker could use this in a timing attack. If the special flag CMS_DEBUG_DECRYPT is set then the above behaviour is modified and an error is returned if no recipient encrypted key can be decrypted without generating a random content encryption key. Applications should use this flag with extreme caution especially in automated gateways as it can leave them open to attack.

+ +

It is possible to determine the correct recipient key by other means (for example looking them up in a database) and setting them in the CMS structure in advance using the CMS utility functions such as CMS_set1_pkey(). In this case both cert and pkey should be set to NULL.

+ +

To process KEKRecipientInfo types CMS_set1_key() or CMS_RecipientInfo_set0_key() and CMS_RecipientInfo_decrypt() should be called before CMS_decrypt() and cert and pkey set to NULL.

+ +

The following flags can be passed in the flags parameter.

+ +

If the CMS_TEXT flag is set MIME headers for type text/plain are deleted from the content. If the content is not of type text/plain then an error is returned.

+ +

RETURN VALUES

+ +

CMS_decrypt() returns either 1 for success or 0 for failure. The error can be obtained from ERR_get_error(3)

+ +

BUGS

+ +

The lack of single pass processing and the need to hold all data in memory as mentioned in CMS_verify() also applies to CMS_decrypt().

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_encrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_encrypt.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_encrypt.html new file mode 100644 index 00000000..8221d8c5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_encrypt.html @@ -0,0 +1,98 @@ + + + + +CMS_encrypt + + + + + + + + + + +

NAME

+ +

CMS_encrypt - create a CMS envelopedData structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+                             const EVP_CIPHER *cipher, unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_encrypt() creates and returns a CMS EnvelopedData structure. certs is a list of recipient certificates. in is the content to be encrypted. cipher is the symmetric cipher to use. flags is an optional set of flags.

+ +

NOTES

+ +

Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this function.

+ +

EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because most clients will support it.

+ +

The algorithm passed in the cipher parameter must support ASN1 encoding of its parameters.

+ +

Many browsers implement a "sign and encrypt" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory BIO and passing it to CMS_encrypt().

+ +

The following flags can be passed in the flags parameter.

+ +

If the CMS_TEXT flag is set MIME headers for type text/plain are prepended to the data.

+ +

Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) if CMS_BINARY is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. If CMS_BINARY is set then CMS_TEXT is ignored.

+ +

OpenSSL will by default identify recipient certificates using issuer name and serial number. If CMS_USE_KEYID is set it will use the subject key identifier value instead. An error occurs if all recipient certificates do not have a subject key identifier extension.

+ +

If the CMS_STREAM flag is set a partial CMS_ContentInfo structure is returned suitable for streaming I/O: no data is read from the BIO in.

+ +

If the CMS_PARTIAL flag is set a partial CMS_ContentInfo structure is returned to which additional recipients and attributes can be added before finalization.

+ +

The data being encrypted is included in the CMS_ContentInfo structure, unless CMS_DETACHED is set in which case it is omitted. This is rarely used in practice and is not supported by SMIME_write_CMS().

+ +

NOTES

+ +

If the flag CMS_STREAM is set the returned CMS_ContentInfo structure is not complete and outputting its contents via a function that does not properly finalize the CMS_ContentInfo structure will give unpredictable results.

+ +

Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization can be performed by obtaining the streaming ASN1 BIO directly using BIO_new_CMS().

+ +

The recipients specified in certs use a CMS KeyTransRecipientInfo info structure. KEKRecipientInfo is also supported using the flag CMS_PARTIAL and CMS_add0_recipient_key().

+ +

The parameter certs may be NULL if CMS_PARTIAL is set and recipients added later using CMS_add1_recipient_cert() or CMS_add0_recipient_key().

+ +

RETURN VALUES

+ +

CMS_encrypt() returns either a CMS_ContentInfo structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_decrypt(3)

+ +

HISTORY

+ +

The CMS_STREAM flag was first supported in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_final.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_final.html new file mode 100644 index 00000000..42ed3701 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_final.html @@ -0,0 +1,61 @@ + + + + +CMS_final + + + + + + + + + + +

NAME

+ +

CMS_final - finalise a CMS_ContentInfo structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_final() finalises the structure cms. Its purpose is to perform any operations necessary on cms (digest computation for example) and set the appropriate fields. The parameter data contains the content to be processed. The dcont parameter contains a BIO to write content to after processing: this is only used with detached data and will usually be set to NULL.

+ +

NOTES

+ +

This function will normally be called when the CMS_PARTIAL flag is used. It should only be used when streaming is not performed because the streaming I/O functions perform finalisation operations internally.

+ +

RETURN VALUES

+ +

CMS_final() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_encrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_get0_RecipientInfos.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_get0_RecipientInfos.html new file mode 100644 index 00000000..717dcf6e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_get0_RecipientInfos.html @@ -0,0 +1,110 @@ + + + + +CMS_get0_RecipientInfos + + + + + + + + + + +

NAME

+ +

CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt - CMS envelopedData RecipientInfo routines

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
+
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+                                          ASN1_OCTET_STRING **keyid,
+                                          X509_NAME **issuer,
+                                          ASN1_INTEGER **sno);
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
+                                    ASN1_OCTET_STRING **pid,
+                                    ASN1_GENERALIZEDTIME **pdate,
+                                    ASN1_OBJECT **potherid,
+                                    ASN1_TYPE **pothertype);
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+                                   const unsigned char *id, size_t idlen);
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+                               unsigned char *key, size_t keylen);
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+ +

DESCRIPTION

+ +

The function CMS_get0_RecipientInfos() returns all the CMS_RecipientInfo structures associated with a CMS EnvelopedData structure.

+ +

CMS_RecipientInfo_type() returns the type of CMS_RecipientInfo structure ri. It will currently return CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER.

+ +

CMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate recipient identifier associated with a specific CMS_RecipientInfo structure ri, which must be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in keyid or both issuer name and serial number in issuer and sno.

+ +

CMS_RecipientInfo_ktri_cert_cmp() compares the certificate cert against the CMS_RecipientInfo structure ri, which must be of type CMS_RECIPINFO_TRANS. It returns zero if the comparison is successful and non zero if not.

+ +

CMS_RecipientInfo_set0_pkey() associates the private key pkey with the CMS_RecipientInfo structure ri, which must be of type CMS_RECIPINFO_TRANS.

+ +

CMS_RecipientInfo_kekri_get0_id() retrieves the key information from the CMS_RecipientInfo structure ri which must be of type CMS_RECIPINFO_KEK. Any of the remaining parameters can be NULL if the application is not interested in the value of a field. Where a field is optional and absent NULL will be written to the corresponding parameter. The keyEncryptionAlgorithm field is written to palg, the keyIdentifier field is written to pid, the date field if present is written to pdate, if the other field is present the components keyAttrId and keyAttr are written to parameters potherid and pothertype.

+ +

CMS_RecipientInfo_kekri_id_cmp() compares the ID in the id and idlen parameters against the keyIdentifier CMS_RecipientInfo structure ri, which must be of type CMS_RECIPINFO_KEK. It returns zero if the comparison is successful and non zero if not.

+ +

CMS_RecipientInfo_set0_key() associates the symmetric key key of length keylen with the CMS_RecipientInfo structure ri, which must be of type CMS_RECIPINFO_KEK.

+ +

CMS_RecipientInfo_decrypt() attempts to decrypt CMS_RecipientInfo structure ri in structure cms. A key must have been associated with the structure first.

+ +

CMS_RecipientInfo_encrypt() attempts to encrypt CMS_RecipientInfo structure ri in structure cms. A key must have been associated with the structure first and the content encryption key must be available: for example by a previous call to CMS_RecipientInfo_decrypt().

+ +

NOTES

+ +

The main purpose of these functions is to enable an application to lookup recipient keys using any appropriate technique when the simpler method of CMS_decrypt() is not appropriate.

+ +

In typical usage and application will retrieve all CMS_RecipientInfo structures using CMS_get0_RecipientInfos() and check the type of each using CMS_RecipientInfo_type(). Depending on the type the CMS_RecipientInfo structure can be ignored or its key identifier data retrieved using an appropriate function. Then if the corresponding secret or private key can be obtained by any appropriate means it can then associated with the structure and CMS_RecipientInfo_decrypt() called. If successful CMS_decrypt() can be called with a NULL key to decrypt the enveloped content.

+ +

The CMS_RecipientInfo_encrypt() can be used to add a new recipient to an existing enveloped data structure. Typically an application will first decrypt an appropriate CMS_RecipientInfo structure to make the content encrypt key available, it will then add a new recipient using a function such as CMS_add1_recipient_cert() and finally encrypt the content encryption key using CMS_RecipientInfo_encrypt().

+ +

RETURN VALUES

+ +

CMS_get0_RecipientInfos() returns all CMS_RecipientInfo structures, or NULL if an error occurs.

+ +

CMS_RecipientInfo_ktri_get0_signer_id(), CMS_RecipientInfo_set0_pkey(), CMS_RecipientInfo_kekri_get0_id(), CMS_RecipientInfo_set0_key() and CMS_RecipientInfo_decrypt() return 1 for success or 0 if an error occurs. CMS_RecipientInfo_encrypt() return 1 for success or 0 if an error occurs.

+ +

CMS_RecipientInfo_ktri_cert_cmp() and CMS_RecipientInfo_kekri_cmp() return 0 for a successful comparison and non zero otherwise.

+ +

Any error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_decrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_get0_SignerInfos.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_get0_SignerInfos.html new file mode 100644 index 00000000..4b47af2b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_get0_SignerInfos.html @@ -0,0 +1,89 @@ + + + + +CMS_get0_SignerInfos + + + + + + + + + + +

NAME

+ +

CMS_SignerInfo_set1_signer_cert, CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp - CMS signedData signer functions

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
+
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid,
+                                  X509_NAME **issuer, ASN1_INTEGER **sno);
+ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
+ +

DESCRIPTION

+ +

The function CMS_get0_SignerInfos() returns all the CMS_SignerInfo structures associated with a CMS signedData structure.

+ +

CMS_SignerInfo_get0_signer_id() retrieves the certificate signer identifier associated with a specific CMS_SignerInfo structure si. Either the keyidentifier will be set in keyid or both issuer name and serial number in issuer and sno.

+ +

CMS_SignerInfo_get0_signature() retrieves the signature associated with si in a pointer to an ASN1_OCTET_STRING structure. This pointer returned corresponds to the internal signature value if si so it may be read or modified.

+ +

CMS_SignerInfo_cert_cmp() compares the certificate cert against the signer identifier si. It returns zero if the comparison is successful and non zero if not.

+ +

CMS_SignerInfo_set1_signer_cert() sets the signers certificate of si to signer.

+ +

NOTES

+ +

The main purpose of these functions is to enable an application to lookup signers certificates using any appropriate technique when the simpler method of CMS_verify() is not appropriate.

+ +

In typical usage and application will retrieve all CMS_SignerInfo structures using CMS_get0_SignerInfo() and retrieve the identifier information using CMS. It will then obtain the signer certificate by some unspecified means (or return and error if it cannot be found) and set it using CMS_SignerInfo_set1_signer_cert().

+ +

Once all signer certificates have been set CMS_verify() can be used.

+ +

Although CMS_get0_SignerInfos() can return NULL if an error occurs or if there are no signers this is not a problem in practice because the only error which can occur is if the cms structure is not of type signedData due to application error.

+ +

RETURN VALUES

+ +

CMS_get0_SignerInfos() returns all CMS_SignerInfo structures, or NULL there are no signers or an error occurs.

+ +

CMS_SignerInfo_get0_signer_id() returns 1 for success and 0 for failure.

+ +

CMS_SignerInfo_cert_cmp() returns 0 for a successful comparison and non zero otherwise.

+ +

CMS_SignerInfo_set1_signer_cert() does not return a value.

+ +

Any error can be obtained from ERR_get_error(3)

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_verify(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_get0_type.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_get0_type.html new file mode 100644 index 00000000..947c3fd9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_get0_type.html @@ -0,0 +1,87 @@ + + + + +CMS_get0_type + + + + + + + + + + +

NAME

+ +

CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - get and set CMS content types and content

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
+ +

DESCRIPTION

+ +

CMS_get0_type() returns the content type of a CMS_ContentInfo structure as an ASN1_OBJECT pointer. An application can then decide how to process the CMS_ContentInfo structure based on this value.

+ +

CMS_set1_eContentType() sets the embedded content type of a CMS_ContentInfo structure. It should be called with CMS functions (such as CMS_sign, CMS_encrypt) with the CMS_PARTIAL flag and before the structure is finalised, otherwise the results are undefined.

+ +

ASN1_OBJECT *CMS_get0_eContentType() returns a pointer to the embedded content type.

+ +

CMS_get0_content() returns a pointer to the ASN1_OCTET_STRING pointer containing the embedded content.

+ +

NOTES

+ +

As the 0 implies CMS_get0_type(), CMS_get0_eContentType() and CMS_get0_content() return internal pointers which should not be freed up. CMS_set1_eContentType() copies the supplied OID and it should be freed up after use.

+ +

The ASN1_OBJECT values returned can be converted to an integer NID value using OBJ_obj2nid(). For the currently supported content types the following values are returned:

+ +
NID_pkcs7_data
+NID_pkcs7_signed
+NID_pkcs7_digest
+NID_id_smime_ct_compressedData:
+NID_pkcs7_encrypted
+NID_pkcs7_enveloped
+ +

The return value of CMS_get0_content() is a pointer to the ASN1_OCTET_STRING content pointer. That means that for example:

+ +
ASN1_OCTET_STRING **pconf = CMS_get0_content(cms);
+ +

*pconf could be NULL if there is no embedded content. Applications can access, modify or create the embedded content in a CMS_ContentInfo structure using this function. Applications usually will not need to modify the embedded content as it is normally set by higher level functions.

+ +

RETURN VALUES

+ +

CMS_get0_type() and CMS_get0_eContentType() return an ASN1_OBJECT structure.

+ +

CMS_set1_eContentType() returns 1 for success or 0 if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_get1_ReceiptRequest.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_get1_ReceiptRequest.html new file mode 100644 index 00000000..da08c1a4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_get1_ReceiptRequest.html @@ -0,0 +1,82 @@ + + + + +CMS_get1_ReceiptRequest + + + + + + + + + + +

NAME

+ +

CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values - CMS signed receipt request functions

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+                                               int allorfirst,
+                                               STACK_OF(GENERAL_NAMES) *receiptList,
+                                               STACK_OF(GENERAL_NAMES) *receiptsTo);
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
+                                    int *pallorfirst,
+                                    STACK_OF(GENERAL_NAMES) **plist,
+                                    STACK_OF(GENERAL_NAMES) **prto);
+ +

DESCRIPTION

+ +

CMS_ReceiptRequest_create0() creates a signed receipt request structure. The signedContentIdentifier field is set using id and idlen, or it is set to 32 bytes of pseudo random data if id is NULL. If receiptList is NULL the allOrFirstTier option in receiptsFrom is used and set to the value of the allorfirst parameter. If receiptList is not NULL the receiptList option in receiptsFrom is used. The receiptsTo parameter specifies the receiptsTo field value.

+ +

The CMS_add1_ReceiptRequest() function adds a signed receipt request rr to SignerInfo structure si.

+ +

int CMS_get1_ReceiptRequest() looks for a signed receipt request in si, if any is found it is decoded and written to prr.

+ +

CMS_ReceiptRequest_get0_values() retrieves the values of a receipt request. The signedContentIdentifier is copied to pcid. If the allOrFirstTier option of receiptsFrom is used its value is copied to pallorfirst otherwise the receiptList field is copied to plist. The receiptsTo parameter is copied to prto.

+ +

NOTES

+ +

For more details of the meaning of the fields see RFC2634.

+ +

The contents of a signed receipt should only be considered meaningful if the corresponding CMS_ContentInfo structure can be successfully verified using CMS_verify().

+ +

RETURN VALUES

+ +

CMS_ReceiptRequest_create0() returns a signed receipt request structure or NULL if an error occurred.

+ +

CMS_add1_ReceiptRequest() returns 1 for success or 0 if an error occurred.

+ +

CMS_get1_ReceiptRequest() returns 1 is a signed receipt request is found and decoded. It returns 0 if a signed receipt request is not present and -1 if it is present but malformed.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_sign_receipt(3), CMS_verify(3) CMS_verify_receipt(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_sign.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_sign.html new file mode 100644 index 00000000..66ecd5f3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_sign.html @@ -0,0 +1,104 @@ + + + + +CMS_sign + + + + + + + + + + +

NAME

+ +

CMS_sign - create a CMS SignedData structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                          BIO *data, unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_sign() creates and returns a CMS SignedData structure. signcert is the certificate to sign with, pkey is the corresponding private key. certs is an optional additional set of certificates to include in the CMS structure (for example any intermediate CAs in the chain). Any or all of these parameters can be NULL, see NOTES below.

+ +

The data to be signed is read from BIO data.

+ +

flags is an optional set of flags.

+ +

NOTES

+ +

Any of the following flags (ored together) can be passed in the flags parameter.

+ +

Many S/MIME clients expect the signed content to include valid MIME headers. If the CMS_TEXT flag is set MIME headers for type text/plain are prepended to the data.

+ +

If CMS_NOCERTS is set the signer's certificate will not be included in the CMS_ContentInfo structure, the signer's certificate must still be supplied in the signcert parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message.

+ +

The data being signed is included in the CMS_ContentInfo structure, unless CMS_DETACHED is set in which case it is omitted. This is used for CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed messages for example.

+ +

Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) if CMS_BINARY is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it.

+ +

The SignedData structure includes several CMS signedAttributes including the signing time, the CMS content type and the supported list of ciphers in an SMIMECapabilities attribute. If CMS_NOATTR is set then no signedAttributes will be used. If CMS_NOSMIMECAP is set then just the SMIMECapabilities are omitted.

+ +

If present the SMIMECapabilities attribute indicates support for the following algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is not loaded.

+ +

OpenSSL will by default identify signing certificates using issuer name and serial number. If CMS_USE_KEYID is set it will use the subject key identifier value instead. An error occurs if the signing certificate does not have a subject key identifier extension.

+ +

If the flags CMS_STREAM is set then the returned CMS_ContentInfo structure is just initialized ready to perform the signing operation. The signing is however not performed and the data to be signed is not read from the data parameter. Signing is deferred until after the data has been written. In this way data can be signed in a single pass.

+ +

If the CMS_PARTIAL flag is set a partial CMS_ContentInfo structure is output to which additional signers and capabilities can be added before finalization.

+ +

If the flag CMS_STREAM is set the returned CMS_ContentInfo structure is not complete and outputting its contents via a function that does not properly finalize the CMS_ContentInfo structure will give unpredictable results.

+ +

Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization can be performed by obtaining the streaming ASN1 BIO directly using BIO_new_CMS().

+ +

If a signer is specified it will use the default digest for the signing algorithm. This is SHA1 for both RSA and DSA keys.

+ +

If signcert and pkey are NULL then a certificates only CMS structure is output.

+ +

The function CMS_sign() is a basic CMS signing function whose output will be suitable for many purposes. For finer control of the output format the certs, signcert and pkey parameters can all be NULL and the CMS_PARTIAL flag set. Then one or more signers can be added using the function CMS_sign_add1_signer(), non default digests can be used and custom attributes added. CMS_final() must then be called to finalize the structure if streaming is not enabled.

+ +

BUGS

+ +

Some attributes such as counter signatures are not supported.

+ +

RETURN VALUES

+ +

CMS_sign() returns either a valid CMS_ContentInfo structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_verify(3)

+ +

HISTORY

+ +

The CMS_STREAM flag is only supported for detached data in OpenSSL 0.9.8, it is supported for embedded data in OpenSSL 1.0.0 and later.

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_sign_receipt.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_sign_receipt.html new file mode 100644 index 00000000..e77d654c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_sign_receipt.html @@ -0,0 +1,65 @@ + + + + +CMS_sign_receipt + + + + + + + + + + +

NAME

+ +

CMS_sign_receipt - create a CMS signed receipt

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert,
+                                  EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                                  unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_sign_receipt() creates and returns a CMS signed receipt structure. si is the CMS_SignerInfo structure containing the signed receipt request. signcert is the certificate to sign with, pkey is the corresponding private key. certs is an optional additional set of certificates to include in the CMS structure (for example any intermediate CAs in the chain).

+ +

flags is an optional set of flags.

+ +

NOTES

+ +

This functions behaves in a similar way to CMS_sign() except the flag values CMS_DETACHED, CMS_BINARY, CMS_NOATTR, CMS_TEXT and CMS_STREAM are not supported since they do not make sense in the context of signed receipts.

+ +

RETURN VALUES

+ +

CMS_sign_receipt() returns either a valid CMS_ContentInfo structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_verify_receipt(3), CMS_sign(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_uncompress.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_uncompress.html new file mode 100644 index 00000000..ed1f08ea --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_uncompress.html @@ -0,0 +1,74 @@ + + + + +CMS_uncompress + + + + + + + + + + +

NAME

+ +

CMS_uncompress - uncompress a CMS CompressedData structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_uncompress() extracts and uncompresses the content from a CMS CompressedData structure cms. data is a BIO to write the content to and flags is an optional set of flags.

+ +

The dcont parameter is used in the rare case where the compressed content is detached. It will normally be set to NULL.

+ +

NOTES

+ +

The only currently supported compression algorithm is zlib: if the structure indicates the use of any other algorithm an error is returned.

+ +

If zlib support is not compiled into OpenSSL then CMS_uncompress() will always return an error.

+ +

The following flags can be passed in the flags parameter.

+ +

If the CMS_TEXT flag is set MIME headers for type text/plain are deleted from the content. If the content is not of type text/plain then an error is returned.

+ +

RETURN VALUES

+ +

CMS_uncompress() returns either 1 for success or 0 for failure. The error can be obtained from ERR_get_error(3)

+ +

BUGS

+ +

The lack of single pass processing and the need to hold all data in memory as mentioned in CMS_verify() also applies to CMS_decompress().

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_compress(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_verify.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_verify.html new file mode 100644 index 00000000..8f37373c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_verify.html @@ -0,0 +1,114 @@ + + + + +CMS_verify + + + + + + + + + + +

NAME

+ +

CMS_verify, CMS_get0_signers - verify a CMS SignedData structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store,
+               BIO *indata, BIO *out, unsigned int flags);
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
+ +

DESCRIPTION

+ +

CMS_verify() verifies a CMS SignedData structure. cms is the CMS_ContentInfo structure to verify. certs is a set of certificates in which to search for the signing certificate(s). store is a trusted certificate store used for chain verification. indata is the detached content if the content is not present in cms. The content is written to out if it is not NULL.

+ +

flags is an optional set of flags, which can be used to modify the verify operation.

+ +

CMS_get0_signers() retrieves the signing certificate(s) from cms, it must be called after a successful CMS_verify() operation.

+ +

VERIFY PROCESS

+ +

Normally the verify process proceeds as follows.

+ +

Initially some sanity checks are performed on cms. The type of cms must be SignedData. There must be at least one signature on the data and if the content is detached indata cannot be NULL.

+ +

An attempt is made to locate all the signing certificate(s), first looking in the certs parameter (if it is not NULL) and then looking in any certificates contained in the cms structure itself. If any signing certificate cannot be located the operation fails.

+ +

Each signing certificate is chain verified using the smimesign purpose and the supplied trusted certificate store. Any internal certificates in the message are used as untrusted CAs. If CRL checking is enabled in store any internal CRLs are used in addition to attempting to look them up in store. If any chain verify fails an error code is returned.

+ +

Finally the signed content is read (and written to out if it is not NULL) and the signature's checked.

+ +

If all signature's verify correctly then the function is successful.

+ +

Any of the following flags (ored together) can be passed in the flags parameter to change the default verify behaviour.

+ +

If CMS_NOINTERN is set the certificates in the message itself are not searched when locating the signing certificate(s). This means that all the signing certificates must be in the certs parameter.

+ +

If CMS_NOCRL is set and CRL checking is enabled in store then any CRLs in the message itself are ignored.

+ +

If the CMS_TEXT flag is set MIME headers for type text/plain are deleted from the content. If the content is not of type text/plain then an error is returned.

+ +

If CMS_NO_SIGNER_CERT_VERIFY is set the signing certificates are not verified.

+ +

If CMS_NO_ATTR_VERIFY is set the signed attributes signature is not verified.

+ +

If CMS_NO_CONTENT_VERIFY is set then the content digest is not checked.

+ +

NOTES

+ +

One application of CMS_NOINTERN is to only accept messages signed by a small number of certificates. The acceptable certificates would be passed in the certs parameter. In this case if the signer is not one of the certificates supplied in certs then the verify will fail because the signer cannot be found.

+ +

In some cases the standard techniques for looking up and validating certificates are not appropriate: for example an application may wish to lookup certificates in a database or perform customised verification. This can be achieved by setting and verifying the signers certificates manually using the signed data utility functions.

+ +

Care should be taken when modifying the default verify behaviour, for example setting CMS_NO_CONTENT_VERIFY will totally disable all content verification and any modified content will be considered valid. This combination is however useful if one merely wishes to write the content to out and its validity is not considered important.

+ +

Chain verification should arguably be performed using the signing time rather than the current time. However since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp).

+ +

RETURN VALUES

+ +

CMS_verify() returns 1 for a successful verification and zero if an error occurred.

+ +

CMS_get0_signers() returns all signers or NULL if an error occurred.

+ +

The error can be obtained from ERR_get_error(3)

+ +

BUGS

+ +

The trusted certificate store is not searched for the signing certificate, this is primarily due to the inadequacies of the current X509_STORE functionality.

+ +

The lack of single pass processing means that the signed content must all be held in memory if it is not detached.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_verify_receipt.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_verify_receipt.html new file mode 100644 index 00000000..21b0e8df --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CMS_verify_receipt.html @@ -0,0 +1,67 @@ + + + + +CMS_verify_receipt + + + + + + + + + + +

NAME

+ +

CMS_verify_receipt - verify a CMS signed receipt

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+                       STACK_OF(X509) *certs, X509_STORE *store,
+                       unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_verify_receipt() verifies a CMS signed receipt. rcms is the signed receipt to verify. ocms is the original SignedData structure containing the receipt request. certs is a set of certificates in which to search for the signing certificate. store is a trusted certificate store (used for chain verification).

+ +

flags is an optional set of flags, which can be used to modify the verify operation.

+ +

NOTES

+ +

This functions behaves in a similar way to CMS_verify() except the flag values CMS_DETACHED, CMS_BINARY, CMS_TEXT and CMS_STREAM are not supported since they do not make sense in the context of signed receipts.

+ +

RETURN VALUES

+ +

CMS_verify_receipt() returns 1 for a successful verification and zero if an error occurred.

+ +

The error can be obtained from ERR_get_error(3)

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign_receipt(3), CMS_verify(3),

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CONF_modules_free.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CONF_modules_free.html new file mode 100644 index 00000000..10a53ee2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CONF_modules_free.html @@ -0,0 +1,72 @@ + + + + +CONF_modules_free + + + + + + + + + + +

NAME

+ +

CONF_modules_free, CONF_modules_finish, CONF_modules_unload - OpenSSL configuration cleanup functions

+ +

SYNOPSIS

+ +
#include <openssl/conf.h>
+
+void CONF_modules_finish(void);
+void CONF_modules_unload(int all);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10100000L
+void CONF_modules_free(void)
+#endif
+ +

DESCRIPTION

+ +

CONF_modules_free() closes down and frees up all memory allocated by all configuration modules. Normally, in versions of OpenSSL prior to 1.1.0, applications called CONF_modules_free() at exit to tidy up any configuration performed.

+ +

CONF_modules_finish() calls each configuration modules finish handler to free up any configuration that module may have performed.

+ +

CONF_modules_unload() finishes and unloads configuration modules. If all is set to 0 only modules loaded from DSOs will be unloads. If all is 1 all modules, including builtin modules will be unloaded.

+ +

RETURN VALUES

+ +

None of the functions return a value.

+ +

SEE ALSO

+ +

config(5), OPENSSL_config(3), CONF_modules_load_file(3)

+ +

HISTORY

+ +

CONF_modules_free() was deprecated in OpenSSL 1.1.0; do not use it. For more information see OPENSSL_init_crypto(3).

+ +

COPYRIGHT

+ +

Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CONF_modules_load_file.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CONF_modules_load_file.html new file mode 100644 index 00000000..82d5c546 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CONF_modules_load_file.html @@ -0,0 +1,137 @@ + + + + +CONF_modules_load_file + + + + + + + + + + +

NAME

+ +

CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions

+ +

SYNOPSIS

+ +
#include <openssl/conf.h>
+
+int CONF_modules_load_file(const char *filename, const char *appname,
+                           unsigned long flags);
+int CONF_modules_load(const CONF *cnf, const char *appname,
+                      unsigned long flags);
+ +

DESCRIPTION

+ +

The function CONF_modules_load_file() configures OpenSSL using file filename and application name appname. If filename is NULL the standard OpenSSL configuration file is used. If appname is NULL the standard OpenSSL application name openssl_conf is used. The behaviour can be customized using flags.

+ +

CONF_modules_load() is identical to CONF_modules_load_file() except it reads configuration information from cnf.

+ +

NOTES

+ +

The following flags are currently recognized:

+ +

If CONF_MFLAGS_IGNORE_ERRORS is set errors returned by individual configuration modules are ignored. If not set the first module error is considered fatal and no further modules are loaded.

+ +

Normally any modules errors will add error information to the error queue. If CONF_MFLAGS_SILENT is set no error information is added.

+ +

If CONF_MFLAGS_IGNORE_RETURN_CODES is set the function unconditionally returns success. This is used by default in OPENSSL_init_crypto(3) to ignore any errors in the default system-wide configuration file, as having all OpenSSL applications fail to start when there are potentially minor issues in the file is too risky. Applications calling CONF_modules_load_file explicitly should not generally set this flag.

+ +

If CONF_MFLAGS_NO_DSO is set configuration module loading from DSOs is disabled.

+ +

CONF_MFLAGS_IGNORE_MISSING_FILE if set will make CONF_load_modules_file() ignore missing configuration files. Normally a missing configuration file return an error.

+ +

CONF_MFLAGS_DEFAULT_SECTION if set and appname is not NULL will use the default section pointed to by openssl_conf if appname does not exist.

+ +

By using CONF_modules_load_file() with appropriate flags an application can customise application configuration to best suit its needs. In some cases the use of a configuration file is optional and its absence is not an error: in this case CONF_MFLAGS_IGNORE_MISSING_FILE would be set.

+ +

Errors during configuration may also be handled differently by different applications. For example in some cases an error may simply print out a warning message and the application continue. In other cases an application might consider a configuration file error as fatal and exit immediately.

+ +

Applications can use the CONF_modules_load() function if they wish to load a configuration file themselves and have finer control over how errors are treated.

+ +

RETURN VALUES

+ +

These functions return 1 for success and a zero or negative value for failure. If module errors are not ignored the return code will reflect the return value of the failing module (this will always be zero or negative).

+ +

EXAMPLES

+ +

Load a configuration file and print out any errors and exit (missing file considered fatal):

+ +
if (CONF_modules_load_file(NULL, NULL, 0) <= 0) {
+    fprintf(stderr, "FATAL: error loading configuration file\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+ +

Load default configuration file using the section indicated by "myapp", tolerate missing files, but exit on other errors:

+ +
if (CONF_modules_load_file(NULL, "myapp",
+                           CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+    fprintf(stderr, "FATAL: error loading configuration file\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+ +

Load custom configuration file and section, only print warnings on error, missing configuration file ignored:

+ +
if (CONF_modules_load_file("/something/app.cnf", "myapp",
+                           CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+    fprintf(stderr, "WARNING: error loading configuration file\n");
+    ERR_print_errors_fp(stderr);
+}
+ +

Load and parse configuration file manually, custom error handling:

+ +
FILE *fp;
+CONF *cnf = NULL;
+long eline;
+
+fp = fopen("/somepath/app.cnf", "r");
+if (fp == NULL) {
+    fprintf(stderr, "Error opening configuration file\n");
+    /* Other missing configuration file behaviour */
+} else {
+    cnf = NCONF_new(NULL);
+    if (NCONF_load_fp(cnf, fp, &eline) == 0) {
+        fprintf(stderr, "Error on line %ld of configuration file\n", eline);
+        ERR_print_errors_fp(stderr);
+        /* Other malformed configuration file behaviour */
+    } else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
+        fprintf(stderr, "Error configuring application\n");
+        ERR_print_errors_fp(stderr);
+        /* Other configuration error behaviour */
+    }
+    fclose(fp);
+    NCONF_free(cnf);
+}
+ +

SEE ALSO

+ +

config(5), OPENSSL_config(3)

+ +

COPYRIGHT

+ +

Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CRYPTO_THREAD_run_once.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CRYPTO_THREAD_run_once.html new file mode 100644 index 00000000..8a519eaa --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CRYPTO_THREAD_run_once.html @@ -0,0 +1,159 @@ + + + + +CRYPTO_THREAD_run_once + + + + + + + + + + +

NAME

+ +

CRYPTO_THREAD_run_once, CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock, CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add - OpenSSL thread support

+ +

SYNOPSIS

+ +
#include <openssl/crypto.h>
+
+CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT;
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
+ +

DESCRIPTION

+ +

OpenSSL can be safely used in multi-threaded applications provided that support for the underlying OS threading API is built-in. Currently, OpenSSL supports the pthread and Windows APIs. OpenSSL can also be built without any multi-threading support, for example on platforms that don't provide any threading support or that provide a threading API that is not yet supported by OpenSSL.

+ +

The following multi-threading function are provided:

+ +
    + +
  • CRYPTO_THREAD_run_once() can be used to perform one-time initialization. The once argument must be a pointer to a static object of type CRYPTO_ONCE that was statically initialized to the value CRYPTO_ONCE_STATIC_INIT. The init argument is a pointer to a function that performs the desired exactly once initialization. In particular, this can be used to allocate locks in a thread-safe manner, which can then be used with the locking functions below.

    + +
  • +
  • CRYPTO_THREAD_lock_new() allocates, initializes and returns a new read/write lock.

    + +
  • +
  • CRYPTO_THREAD_read_lock() locks the provided lock for reading.

    + +
  • +
  • CRYPTO_THREAD_write_lock() locks the provided lock for writing.

    + +
  • +
  • CRYPTO_THREAD_unlock() unlocks the previously locked lock.

    + +
  • +
  • CRYPTO_THREAD_lock_free() frees the provided lock.

    + +
  • +
  • CRYPTO_atomic_add() atomically adds amount to val and returns the result of the operation in ret. lock will be locked, unless atomic operations are supported on the specific platform. Because of this, if a variable is modified by CRYPTO_atomic_add() then CRYPTO_atomic_add() must be the only way that the variable is modified.

    + +
  • +
+ +

RETURN VALUES

+ +

CRYPTO_THREAD_run_once() returns 1 on success, or 0 on error.

+ +

CRYPTO_THREAD_lock_new() returns the allocated lock, or NULL on error.

+ +

CRYPTO_THREAD_lock_free() returns no value.

+ +

The other functions return 1 on success, or 0 on error.

+ +

NOTES

+ +

On Windows platforms the CRYPTO_THREAD_* types and functions in the openssl/crypto.h header are dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore it is defined as an application developer's responsibility to include windows.h prior to crypto.h where use of CRYPTO_THREAD_* types and functions is required.

+ +

EXAMPLES

+ +

This example safely initializes and uses a lock.

+ +
#ifdef _WIN32
+# include <windows.h>
+#endif
+#include <openssl/crypto.h>
+
+static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT;
+static CRYPTO_RWLOCK *lock;
+
+static void myinit(void)
+{
+    lock = CRYPTO_THREAD_lock_new();
+}
+
+static int mylock(void)
+{
+    if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL)
+        return 0;
+    return CRYPTO_THREAD_write_lock(lock);
+}
+
+static int myunlock(void)
+{
+    return CRYPTO_THREAD_unlock(lock);
+}
+
+int serialized(void)
+{
+    int ret = 0;
+
+    if (mylock()) {
+        /* Your code here, do not return without releasing the lock! */
+        ret = ... ;
+    }
+    myunlock();
+    return ret;
+}
+ +

Finalization of locks is an advanced topic, not covered in this example. This can only be done at process exit or when a dynamically loaded library is no longer in use and is unloaded. The simplest solution is to just "leak" the lock in applications and not repeatedly load/unload shared libraries that allocate locks.

+ +

NOTES

+ +

You can find out if OpenSSL was configured with thread support:

+ +
#include <openssl/opensslconf.h>
+#if defined(OPENSSL_THREADS)
+    /* thread support enabled */
+#else
+    /* no thread support */
+#endif
+ +

SEE ALSO

+ +

crypto(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CRYPTO_get_ex_new_index.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CRYPTO_get_ex_new_index.html new file mode 100644 index 00000000..b39927a4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CRYPTO_get_ex_new_index.html @@ -0,0 +1,129 @@ + + + + +CRYPTO_get_ex_new_index + + + + + + + + + + +

NAME

+ +

CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup, CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, CRYPTO_set_ex_data, CRYPTO_get_ex_data, CRYPTO_free_ex_data, CRYPTO_new_ex_data - functions supporting application-specific data

+ +

SYNOPSIS

+ +
#include <openssl/crypto.h>
+
+int CRYPTO_get_ex_new_index(int class_index,
+                            long argl, void *argp,
+                            CRYPTO_EX_new *new_func,
+                            CRYPTO_EX_dup *dup_func,
+                            CRYPTO_EX_free *free_func);
+
+typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                           int idx, long argl, void *argp);
+typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                            int idx, long argl, void *argp);
+typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                          void *from_d, int idx, long argl, void *argp);
+
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
+
+void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
+
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *r);
+
+int CRYPTO_free_ex_index(int class_index, int idx);
+ +

DESCRIPTION

+ +

Several OpenSSL structures can have application-specific data attached to them, known as "exdata." The specific structures are:

+ +
APP
+BIO
+DH
+DRBG
+DSA
+EC_KEY
+ENGINE
+RSA
+SSL
+SSL_CTX
+SSL_SESSION
+UI
+UI_METHOD
+X509
+X509_STORE
+X509_STORE_CTX
+ +

Each is identified by an CRYPTO_EX_INDEX_xxx define in the crypto.h header file. In addition, CRYPTO_EX_INDEX_APP is reserved for applications to use this facility for their own structures.

+ +

The API described here is used by OpenSSL to manipulate exdata for specific structures. Since the application data can be anything at all it is passed and retrieved as a void * type.

+ +

The CRYPTO_EX_DATA type is opaque. To initialize the exdata part of a structure, call CRYPTO_new_ex_data(). This is only necessary for CRYPTO_EX_INDEX_APP objects.

+ +

Exdata types are identified by an index, an integer guaranteed to be unique within structures for the lifetime of the program. Applications using exdata typically call CRYPTO_get_ex_new_index at startup, and store the result in a global variable, or write a wrapper function to provide lazy evaluation. The class_index should be one of the CRYPTO_EX_INDEX_xxx values. The argl and argp parameters are saved to be passed to the callbacks but are otherwise not used. In order to transparently manipulate exdata, three callbacks must be provided. The semantics of those callbacks are described below.

+ +

When copying or releasing objects with exdata, the callback functions are called in increasing order of their index value.

+ +

If a dynamic library can be unloaded, it should call CRYPTO_free_ex_index() when this is done. This will replace the callbacks with no-ops so that applications don't crash. Any existing exdata will be leaked.

+ +

To set or get the exdata on an object, the appropriate type-specific routine must be used. This is because the containing structure is opaque and the CRYPTO_EX_DATA field is not accessible. In both API's, the idx parameter should be an already-created index value.

+ +

When setting exdata, the pointer specified with a particular index is saved, and returned on a subsequent "get" call. If the application is going to release the data, it must make sure to set a NULL value at the index, to avoid likely double-free crashes.

+ +

The function CRYPTO_free_ex_data is used to free all exdata attached to a structure. The appropriate type-specific routine must be used. The class_index identifies the structure type, the obj is a pointer to the actual structure, and r is a pointer to the structure's exdata field.

+ +

Callback Functions

+ +

This section describes how the callback functions are used. Applications that are defining their own exdata using CYPRTO_EX_INDEX_APP must call them as described here.

+ +

When a structure is initially allocated (such as RSA_new()) then the new_func() is called for every defined index. There is no requirement that the entire parent, or containing, structure has been set up. The new_func() is typically used only to allocate memory to store the exdata, and perhaps an "initialized" flag within that memory. The exdata value should be set by calling CRYPTO_set_ex_data().

+ +

When a structure is free'd (such as SSL_CTX_free()) then the free_func() is called for every defined index. Again, the state of the parent structure is not guaranteed. The free_func() may be called with a NULL pointer.

+ +

Both new_func() and free_func() take the same parameters. The parent is the pointer to the structure that contains the exdata. The ptr is the current exdata item; for new_func() this will typically be NULL. The r parameter is a pointer to the exdata field of the object. The idx is the index and is the value returned when the callbacks were initially registered via CRYPTO_get_ex_new_index() and can be used if the same callback handles different types of exdata.

+ +

dup_func() is called when a structure is being copied. This is only done for SSL, SSL_SESSION, EC_KEY objects and BIO chains via BIO_dup_chain(). The to and from parameters are pointers to the destination and source CRYPTO_EX_DATA structures, respectively. The from_d parameter needs to be cast to a void **pptr as the API has currently the wrong signature; that will be changed in a future version. The *pptr is a pointer to the source exdata. When the dup_func() returns, the value in *pptr is copied to the destination ex_data. If the pointer contained in *pptr is not modified by the dup_func(), then both to and from will point to the same data. The idx, argl and argp parameters are as described for the other two callbacks. If the dup_func() returns 0 the whole CRYPTO_dup_ex_data() will fail.

+ +

RETURN VALUES

+ +

CRYPTO_get_ex_new_index() returns a new index or -1 on failure.

+ +

CRYPTO_free_ex_index() and CRYPTO_set_ex_data() return 1 on success or 0 on failure.

+ +

CRYPTO_get_ex_data() returns the application data or NULL on failure; note that NULL may be a valid value.

+ +

dup_func() should return 0 for failure and 1 for success.

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CRYPTO_memcmp.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CRYPTO_memcmp.html new file mode 100644 index 00000000..31a0228a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CRYPTO_memcmp.html @@ -0,0 +1,56 @@ + + + + +CRYPTO_memcmp + + + + + + + + + + +

NAME

+ +

CRYPTO_memcmp - Constant time memory comparison

+ +

SYNOPSIS

+ +
#include <openssl/crypto.h>
+
+int CRYPTO_memcmp(const void *a, const void *b, size_t len);
+ +

DESCRIPTION

+ +

The CRYPTO_memcmp function compares the len bytes pointed to by a and b for equality. It takes an amount of time dependent on len, but independent of the contents of the memory regions pointed to by a and b.

+ +

RETURN VALUES

+ +

CRYPTO_memcmp() returns 0 if the memory regions are equal and non-zero otherwise.

+ +

NOTES

+ +

Unlike memcmp(2), this function cannot be used to order the two memory regions as the return value when they differ is undefined, other than being non-zero.

+ +

COPYRIGHT

+ +

Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CTLOG_STORE_get0_log_by_id.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CTLOG_STORE_get0_log_by_id.html new file mode 100644 index 00000000..6db95676 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CTLOG_STORE_get0_log_by_id.html @@ -0,0 +1,65 @@ + + + + +CTLOG_STORE_get0_log_by_id + + + + + + + + + + +

NAME

+ +

CTLOG_STORE_get0_log_by_id - Get a Certificate Transparency log from a CTLOG_STORE

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
+                                        const uint8_t *log_id,
+                                        size_t log_id_len);
+ +

DESCRIPTION

+ +

A Signed Certificate Timestamp (SCT) identifies the Certificate Transparency (CT) log that issued it using the log's LogID (see RFC 6962, Section 3.2). Therefore, it is useful to be able to look up more information about a log (e.g. its public key) using this LogID.

+ +

CTLOG_STORE_get0_log_by_id() provides a way to do this. It will find a CTLOG in a CTLOG_STORE that has a given LogID.

+ +

RETURN VALUES

+ +

CTLOG_STORE_get0_log_by_id returns a CTLOG with the given LogID, if it exists in the given CTLOG_STORE, otherwise it returns NULL.

+ +

SEE ALSO

+ +

ct(7), CTLOG_STORE_new(3)

+ +

HISTORY

+ +

The CTLOG_STORE_get0_log_by_id() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CTLOG_STORE_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CTLOG_STORE_new.html new file mode 100644 index 00000000..b2a22a62 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CTLOG_STORE_new.html @@ -0,0 +1,86 @@ + + + + +CTLOG_STORE_new + + + + + + + + + + +

NAME

+ +

CTLOG_STORE_new, CTLOG_STORE_free, CTLOG_STORE_load_default_file, CTLOG_STORE_load_file - Create and populate a Certificate Transparency log list

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+CTLOG_STORE *CTLOG_STORE_new(void);
+void CTLOG_STORE_free(CTLOG_STORE *store);
+
+int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
+int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
+ +

DESCRIPTION

+ +

A CTLOG_STORE is a container for a list of CTLOGs (Certificate Transparency logs). The list can be loaded from one or more files and then searched by LogID (see RFC 6962, Section 3.2, for the definition of a LogID).

+ +

CTLOG_STORE_new() creates an empty list of CT logs. This is then populated by CTLOG_STORE_load_default_file() or CTLOG_STORE_load_file(). CTLOG_STORE_load_default_file() loads from the default file, which is named "ct_log_list.cnf" in OPENSSLDIR (see the output of version). This can be overridden using an environment variable named "CTLOG_FILE". CTLOG_STORE_load_file() loads from a caller-specified file path instead. Both of these functions append any loaded CT logs to the CTLOG_STORE.

+ +

The expected format of the file is:

+ +
enabled_logs=foo,bar
+
+[foo]
+description = Log 1
+key = <base64-encoded DER SubjectPublicKeyInfo here>
+
+[bar]
+description = Log 2
+key = <base64-encoded DER SubjectPublicKeyInfo here>
+ +

Once a CTLOG_STORE is no longer required, it should be passed to CTLOG_STORE_free(). This will delete all of the CTLOGs stored within, along with the CTLOG_STORE itself.

+ +

NOTES

+ +

If there are any invalid CT logs in a file, they are skipped and the remaining valid logs will still be added to the CTLOG_STORE. A CT log will be considered invalid if it is missing a "key" or "description" field.

+ +

RETURN VALUES

+ +

Both CTLOG_STORE_load_default_file and CTLOG_STORE_load_file return 1 if all CT logs in the file are successfully parsed and loaded, 0 otherwise.

+ +

SEE ALSO

+ +

ct(7), CTLOG_STORE_get0_log_by_id(3), SSL_CTX_set_ctlog_list_file(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CTLOG_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CTLOG_new.html new file mode 100644 index 00000000..4a3c641b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CTLOG_new.html @@ -0,0 +1,80 @@ + + + + +CTLOG_new + + + + + + + + + + +

NAME

+ +

CTLOG_new, CTLOG_new_from_base64, CTLOG_free, CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key - encapsulates information about a Certificate Transparency log

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
+int CTLOG_new_from_base64(CTLOG ** ct_log,
+                          const char *pkey_base64, const char *name);
+void CTLOG_free(CTLOG *log);
+const char *CTLOG_get0_name(const CTLOG *log);
+void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
+                       size_t *log_id_len);
+EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
+ +

DESCRIPTION

+ +

CTLOG_new() returns a new CTLOG that represents the Certificate Transparency (CT) log with the given public key. A name must also be provided that can be used to help users identify this log. Ownership of the public key is transferred.

+ +

CTLOG_new_from_base64() also creates a new CTLOG, but takes the public key in base64-encoded DER form and sets the ct_log pointer to point to the new CTLOG. The base64 will be decoded and the public key parsed.

+ +

Regardless of whether CTLOG_new() or CTLOG_new_from_base64() is used, it is the caller's responsibility to pass the CTLOG to CTLOG_free() once it is no longer needed. This will delete it and, if created by CTLOG_new(), the EVP_PKEY that was passed to it.

+ +

CTLOG_get0_name() returns the name of the log, as provided when the CTLOG was created. Ownership of the string remains with the CTLOG.

+ +

CTLOG_get0_log_id() sets *log_id to point to a string containing that log's LogID (see RFC 6962). It sets *log_id_len to the length of that LogID. For a v1 CT log, the LogID will be a SHA-256 hash (i.e. 32 bytes long). Ownership of the string remains with the CTLOG.

+ +

CTLOG_get0_public_key() returns the public key of the CT log. Ownership of the EVP_PKEY remains with the CTLOG.

+ +

RETURN VALUES

+ +

CTLOG_new() will return NULL if an error occurs.

+ +

CTLOG_new_from_base64() will return 1 on success, 0 otherwise.

+ +

SEE ALSO

+ +

ct(7)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CT_POLICY_EVAL_CTX_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CT_POLICY_EVAL_CTX_new.html new file mode 100644 index 00000000..5b3fbb7d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/CT_POLICY_EVAL_CTX_new.html @@ -0,0 +1,126 @@ + + + + +CT_POLICY_EVAL_CTX_new + + + + + + + + + + +

NAME

+ +

CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free, CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert, CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer, CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE, CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time - Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
+void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
+X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
+X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
+const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
+void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+                                               CTLOG_STORE *log_store);
+uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx);
+void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms);
+ +

DESCRIPTION

+ +

A CT_POLICY_EVAL_CTX is used by functions that evaluate whether Signed Certificate Timestamps (SCTs) fulfil a Certificate Transparency (CT) policy. This policy may be, for example, that at least one valid SCT is available. To determine this, an SCT's timestamp and signature must be verified. This requires:

+ +
    + +
  • the public key of the log that issued the SCT

    + +
  • +
  • the certificate that the SCT was issued for

    + +
  • +
  • the issuer certificate (if the SCT was issued for a pre-certificate)

    + +
  • +
  • the current time

    + +
  • +
+ +

The above requirements are met using the setters described below.

+ +

CT_POLICY_EVAL_CTX_new() creates an empty policy evaluation context. This should then be populated using:

+ +
    + +
  • CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs were issued for

    + +

    Increments the reference count of the certificate.

    + +
  • +
  • CT_POLICY_EVAL_CTX_set1_issuer() to provide the issuer certificate

    + +

    Increments the reference count of the certificate.

    + +
  • +
  • CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE() to provide a list of logs that are trusted as sources of SCTs

    + +

    Holds a pointer to the CTLOG_STORE, so the CTLOG_STORE must outlive the CT_POLICY_EVAL_CTX.

    + +
  • +
  • CT_POLICY_EVAL_CTX_set_time() to set the time SCTs should be compared with to determine if they are valid

    + +

    The SCT timestamp will be compared to this time to check whether the SCT was issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose timestamp is in the future". By default, this will be set to 5 minutes in the future (e.g. (time() + 300) * 1000), to allow for clock drift.

    + +

    The time should be in milliseconds since the Unix epoch.

    + +
  • +
+ +

Each setter has a matching getter for accessing the current value.

+ +

When no longer required, the CT_POLICY_EVAL_CTX should be passed to CT_POLICY_EVAL_CTX_free() to delete it.

+ +

NOTES

+ +

The issuer certificate only needs to be provided if at least one of the SCTs was issued for a pre-certificate. This will be the case for SCTs embedded in a certificate (i.e. those in an X.509 extension), but may not be the case for SCTs found in the TLS SCT extension or OCSP response.

+ +

RETURN VALUES

+ +

CT_POLICY_EVAL_CTX_new() will return NULL if malloc fails.

+ +

SEE ALSO

+ +

ct(7)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DEFINE_STACK_OF.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DEFINE_STACK_OF.html new file mode 100644 index 00000000..9cc97517 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DEFINE_STACK_OF.html @@ -0,0 +1,197 @@ + + + + +DEFINE_STACK_OF + + + + + + + + + + +

NAME

+ +

DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, DEFINE_SPECIAL_STACK_OF_CONST, sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, sk_TYPE_reserve, sk_TYPE_free, sk_TYPE_zero, sk_TYPE_delete, sk_TYPE_delete_ptr, sk_TYPE_push, sk_TYPE_unshift, sk_TYPE_pop, sk_TYPE_shift, sk_TYPE_pop_free, sk_TYPE_insert, sk_TYPE_set, sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort, sk_TYPE_is_sorted, sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func, sk_TYPE_new_reserve - stack container

+ +

SYNOPSIS

+ +
#include <openssl/safestack.h>
+
+STACK_OF(TYPE)
+DEFINE_STACK_OF(TYPE)
+DEFINE_STACK_OF_CONST(TYPE)
+DEFINE_SPECIAL_STACK_OF(FUNCTYPE, TYPE)
+DEFINE_SPECIAL_STACK_OF_CONST(FUNCTYPE, TYPE)
+
+typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b);
+typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a);
+typedef void (*sk_TYPE_freefunc)(TYPE *a);
+
+int sk_TYPE_num(const STACK_OF(TYPE) *sk);
+TYPE *sk_TYPE_value(const STACK_OF(TYPE) *sk, int idx);
+STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare);
+STACK_OF(TYPE) *sk_TYPE_new_null(void);
+int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n);
+void sk_TYPE_free(const STACK_OF(TYPE) *sk);
+void sk_TYPE_zero(const STACK_OF(TYPE) *sk);
+TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i);
+TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr);
+int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr);
+int sk_TYPE_unshift(STACK_OF(TYPE) *sk, const TYPE *ptr);
+TYPE *sk_TYPE_pop(STACK_OF(TYPE) *sk);
+TYPE *sk_TYPE_shift(STACK_OF(TYPE) *sk);
+void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc);
+int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx);
+TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, const TYPE *ptr);
+int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr);
+int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr);
+void sk_TYPE_sort(const STACK_OF(TYPE) *sk);
+int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk);
+STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk);
+STACK_OF(TYPE) *sk_TYPE_deep_copy(const STACK_OF(TYPE) *sk,
+                                  sk_TYPE_copyfunc copyfunc,
+                                  sk_TYPE_freefunc freefunc);
+sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk,
+                                        sk_TYPE_compfunc compare));
+STACK_OF(TYPE) *sk_TYPE_new_reserve(sk_TYPE_compfunc compare, int n);
+ +

DESCRIPTION

+ +

Applications can create and use their own stacks by placing any of the macros described below in a header file. These macros define typesafe inline functions that wrap around the utility OPENSSL_sk_ API. In the description here, TYPE is used as a placeholder for any of the OpenSSL datatypes, such as X509.

+ +

STACK_OF() returns the name for a stack of the specified TYPE. DEFINE_STACK_OF() creates set of functions for a stack of TYPE. This will mean that type TYPE is stored in each stack, the type is referenced by STACK_OF(TYPE) and each function name begins with sk_TYPE_. For example:

+ +
TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
+ +

DEFINE_STACK_OF_CONST() is identical to DEFINE_STACK_OF() except each element is constant. For example:

+ +
const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
+ +

DEFINE_SPECIAL_STACK_OF() defines a stack of TYPE but each function uses FUNCNAME in the function name. For example:

+ +
TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
+ +

DEFINE_SPECIAL_STACK_OF_CONST() is similar except that each element is constant:

+ +
const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
+ +

sk_TYPE_num() returns the number of elements in sk or -1 if sk is NULL.

+ +

sk_TYPE_value() returns element idx in sk, where idx starts at zero. If idx is out of range then NULL is returned.

+ +

sk_TYPE_new() allocates a new empty stack using comparison function compare. If compare is NULL then no comparison function is used. This function is equivalent to sk_TYPE_new_reserve(compare, 0).

+ +

sk_TYPE_new_null() allocates a new empty stack with no comparison function. This function is equivalent to sk_TYPE_new_reserve(NULL, 0).

+ +

sk_TYPE_reserve() allocates additional memory in the sk structure such that the next n calls to sk_TYPE_insert(), sk_TYPE_push() or sk_TYPE_unshift() will not fail or cause memory to be allocated or reallocated. If n is zero, any excess space allocated in the sk structure is freed. On error sk is unchanged.

+ +

sk_TYPE_new_reserve() allocates a new stack. The new stack will have additional memory allocated to hold n elements if n is positive. The next n calls to sk_TYPE_insert(), sk_TYPE_push() or sk_TYPE_unshift() will not fail or cause memory to be allocated or reallocated. If n is zero or less than zero, no memory is allocated. sk_TYPE_new_reserve() also sets the comparison function compare to the newly created stack. If compare is NULL then no comparison function is used.

+ +

sk_TYPE_set_cmp_func() sets the comparison function of sk to compare. The previous comparison function is returned or NULL if there was no previous comparison function.

+ +

sk_TYPE_free() frees up the sk structure. It does not free up any elements of sk. After this call sk is no longer valid.

+ +

sk_TYPE_zero() sets the number of elements in sk to zero. It does not free sk so after this call sk is still valid.

+ +

sk_TYPE_pop_free() frees up all elements of sk and sk itself. The free function freefunc() is called on each element to free it.

+ +

sk_TYPE_delete() deletes element i from sk. It returns the deleted element or NULL if i is out of range.

+ +

sk_TYPE_delete_ptr() deletes element matching ptr from sk. It returns the deleted element or NULL if no element matching ptr was found.

+ +

sk_TYPE_insert() inserts ptr into sk at position idx. Any existing elements at or after idx are moved downwards. If idx is out of range the new element is appended to sk. sk_TYPE_insert() either returns the number of elements in sk after the new element is inserted or zero if an error (such as memory allocation failure) occurred.

+ +

sk_TYPE_push() appends ptr to sk it is equivalent to:

+ +
sk_TYPE_insert(sk, ptr, -1);
+ +

sk_TYPE_unshift() inserts ptr at the start of sk it is equivalent to:

+ +
sk_TYPE_insert(sk, ptr, 0);
+ +

sk_TYPE_pop() returns and removes the last element from sk.

+ +

sk_TYPE_shift() returns and removes the first element from sk.

+ +

sk_TYPE_set() sets element idx of sk to ptr replacing the current element. The new element value is returned or NULL if an error occurred: this will only happen if sk is NULL or idx is out of range.

+ +

sk_TYPE_find() searches sk for the element ptr. In the case where no comparison function has been specified, the function performs a linear search for a pointer equal to ptr. The index of the first matching element is returned or -1 if there is no match. In the case where a comparison function has been specified, sk is sorted then sk_TYPE_find() returns the index of a matching element or -1 if there is no match. Note that, in this case, the matching element returned is not guaranteed to be the first; the comparison function will usually compare the values pointed to rather than the pointers themselves and the order of elements in sk could change.

+ +

sk_TYPE_find_ex() operates like sk_TYPE_find() except when a comparison function has been specified and no matching element is found. Instead of returning -1, sk_TYPE_find_ex() returns the index of the element either before or after the location where ptr would be if it were present in sk.

+ +

sk_TYPE_sort() sorts sk using the supplied comparison function.

+ +

sk_TYPE_is_sorted() returns 1 if sk is sorted and 0 otherwise.

+ +

sk_TYPE_dup() returns a copy of sk. Note the pointers in the copy are identical to the original.

+ +

sk_TYPE_deep_copy() returns a new stack where each element has been copied. Copying is performed by the supplied copyfunc() and freeing by freefunc(). The function freefunc() is only called if an error occurs.

+ +

NOTES

+ +

Care should be taken when accessing stacks in multi-threaded environments. Any operation which increases the size of a stack such as sk_TYPE_insert() or sk_push() can "grow" the size of an internal array and cause race conditions if the same stack is accessed in a different thread. Operations such as sk_find() and sk_sort() can also reorder the stack.

+ +

Any comparison function supplied should use a metric suitable for use in a binary search operation. That is it should return zero, a positive or negative value if a is equal to, greater than or less than b respectively.

+ +

Care should be taken when checking the return values of the functions sk_TYPE_find() and sk_TYPE_find_ex(). They return an index to the matching element. In particular 0 indicates a matching first element. A failed search is indicated by a -1 return value.

+ +

STACK_OF(), DEFINE_STACK_OF(), DEFINE_STACK_OF_CONST(), and DEFINE_SPECIAL_STACK_OF() are implemented as macros.

+ +

The underlying utility OPENSSL_sk_ API should not be used directly. It defines these functions: OPENSSL_sk_deep_copy(), OPENSSL_sk_delete(), OPENSSL_sk_delete_ptr(), OPENSSL_sk_dup(), OPENSSL_sk_find(), OPENSSL_sk_find_ex(), OPENSSL_sk_free(), OPENSSL_sk_insert(), OPENSSL_sk_is_sorted(), OPENSSL_sk_new(), OPENSSL_sk_new_null(), OPENSSL_sk_num(), OPENSSL_sk_pop(), OPENSSL_sk_pop_free(), OPENSSL_sk_push(), OPENSSL_sk_reserve(), OPENSSL_sk_set(), OPENSSL_sk_set_cmp_func(), OPENSSL_sk_shift(), OPENSSL_sk_sort(), OPENSSL_sk_unshift(), OPENSSL_sk_value(), OPENSSL_sk_zero().

+ +

RETURN VALUES

+ +

sk_TYPE_num() returns the number of elements in the stack or -1 if the passed stack is NULL.

+ +

sk_TYPE_value() returns a pointer to a stack element or NULL if the index is out of range.

+ +

sk_TYPE_new(), sk_TYPE_new_null() and sk_TYPE_new_reserve() return an empty stack or NULL if an error occurs.

+ +

sk_TYPE_reserve() returns 1 on successful allocation of the required memory or 0 on error.

+ +

sk_TYPE_set_cmp_func() returns the old comparison function or NULL if there was no old comparison function.

+ +

sk_TYPE_free(), sk_TYPE_zero(), sk_TYPE_pop_free() and sk_TYPE_sort() do not return values.

+ +

sk_TYPE_pop(), sk_TYPE_shift(), sk_TYPE_delete() and sk_TYPE_delete_ptr() return a pointer to the deleted element or NULL on error.

+ +

sk_TYPE_insert(), sk_TYPE_push() and sk_TYPE_unshift() return the total number of elements in the stack and 0 if an error occurred.

+ +

sk_TYPE_set() returns a pointer to the replacement element or NULL on error.

+ +

sk_TYPE_find() and sk_TYPE_find_ex() return an index to the found element or -1 on error.

+ +

sk_TYPE_is_sorted() returns 1 if the stack is sorted and 0 if it is not.

+ +

sk_TYPE_dup() and sk_TYPE_deep_copy() return a pointer to the copy of the stack.

+ +

HISTORY

+ +

Before OpenSSL 1.1.0, this was implemented via macros and not inline functions and was not a public API.

+ +

sk_TYPE_reserve() and sk_TYPE_new_reserve() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DES_random_key.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DES_random_key.html new file mode 100644 index 00000000..086cbefc --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DES_random_key.html @@ -0,0 +1,217 @@ + + + + +DES_random_key + + + + + + + + + + +

NAME

+ +

DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, DES_fcrypt, DES_crypt - DES encryption

+ +

SYNOPSIS

+ +
#include <openssl/des.h>
+
+void DES_random_key(DES_cblock *ret);
+
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
+
+void DES_set_odd_parity(DES_cblock *key);
+int DES_is_weak_key(const_DES_cblock *key);
+
+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+                     DES_key_schedule *ks, int enc);
+void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
+                      DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+                      DES_key_schedule *ks1, DES_key_schedule *ks2,
+                      DES_key_schedule *ks3, int enc);
+
+void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                      int enc);
+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
+                     int numbits, long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec, int enc);
+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
+                     int numbits, long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec);
+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                      int enc);
+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                       int *num, int enc);
+void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                       int *num);
+
+void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                      const_DES_cblock *inw, const_DES_cblock *outw, int enc);
+
+void DES_ede2_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                          long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_cblock *ivec, int enc);
+void DES_ede2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_cblock *ivec,
+                            int *num, int enc);
+void DES_ede2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_cblock *ivec, int *num);
+
+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                          long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_key_schedule *ks3,
+                          DES_cblock *ivec, int enc);
+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_key_schedule *ks3,
+                            DES_cblock *ivec, int *num, int enc);
+void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_key_schedule *ks3,
+                            DES_cblock *ivec, int *num);
+
+DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
+                       long length, DES_key_schedule *schedule,
+                       const_DES_cblock *ivec);
+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+                        long length, int out_count, DES_cblock *seed);
+void DES_string_to_key(const char *str, DES_cblock *key);
+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
+
+char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+char *DES_crypt(const char *buf, const char *salt);
+ +

DESCRIPTION

+ +

This library contains a fast implementation of the DES encryption algorithm.

+ +

There are two phases to the use of DES encryption. The first is the generation of a DES_key_schedule from a key, the second is the actual encryption. A DES key is of type DES_cblock. This type consists of 8 bytes with odd parity. The least significant bit in each byte is the parity bit. The key schedule is an expanded form of the key; it is used to speed the encryption process.

+ +

DES_random_key() generates a random key. The random generator must be seeded when calling this function. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail. If the function fails, 0 is returned.

+ +

Before a DES key can be used, it must be converted into the architecture dependent DES_key_schedule via the DES_set_key_checked() or DES_set_key_unchecked() function.

+ +

DES_set_key_checked() will check that the key passed is of odd parity and is not a weak or semi-weak key. If the parity is wrong, then -1 is returned. If the key is a weak key, then -2 is returned. If an error is returned, the key schedule is not generated.

+ +

DES_set_key() works like DES_set_key_checked() if the DES_check_key flag is non-zero, otherwise like DES_set_key_unchecked(). These functions are available for compatibility; it is recommended to use a function that does not depend on a global variable.

+ +

DES_set_odd_parity() sets the parity of the passed key to odd.

+ +

DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it is ok.

+ +

The following routines mostly operate on an input and output stream of DES_cblocks.

+ +

DES_ecb_encrypt() is the basic DES encryption routine that encrypts or decrypts a single 8-byte DES_cblock in electronic code book (ECB) mode. It always transforms the input data, pointed to by input, into the output data, pointed to by the output argument. If the encrypt argument is non-zero (DES_ENCRYPT), the input (cleartext) is encrypted in to the output (ciphertext) using the key_schedule specified by the schedule argument, previously set via DES_set_key. If encrypt is zero (DES_DECRYPT), the input (now ciphertext) is decrypted into the output (now cleartext). Input and output may overlap. DES_ecb_encrypt() does not return a value.

+ +

DES_ecb3_encrypt() encrypts/decrypts the input block by using three-key Triple-DES encryption in ECB mode. This involves encrypting the input with ks1, decrypting with the key schedule ks2, and then encrypting with ks3. This routine greatly reduces the chances of brute force breaking of DES and has the advantage of if ks1, ks2 and ks3 are the same, it is equivalent to just encryption using ECB mode and ks1 as the key.

+ +

The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES encryption by using ks1 for the final encryption.

+ +

DES_ncbc_encrypt() encrypts/decrypts using the cipher-block-chaining (CBC) mode of DES. If the encrypt argument is non-zero, the routine cipher-block-chain encrypts the cleartext data pointed to by the input argument into the ciphertext pointed to by the output argument, using the key schedule provided by the schedule argument, and initialization vector provided by the ivec argument. If the length argument is not an integral multiple of eight bytes, the last block is copied to a temporary area and zero filled. The output is always an integral multiple of eight bytes.

+ +

DES_xcbc_encrypt() is RSA's DESX mode of DES. It uses inw and outw to 'whiten' the encryption. inw and outw are secret (unlike the iv) and are as such, part of the key. So the key is sort of 24 bytes. This is much better than CBC DES.

+ +

DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with three keys. This means that each DES operation inside the CBC mode is C=E(ks3,D(ks2,E(ks1,M))). This mode is used by SSL.

+ +

The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by reusing ks1 for the final encryption. C=E(ks1,D(ks2,E(ks1,M))). This form of Triple-DES is used by the RSAREF library.

+ +

DES_pcbc_encrypt() encrypts/decrypts using the propagating cipher block chaining mode used by Kerberos v4. Its parameters are the same as DES_ncbc_encrypt().

+ +

DES_cfb_encrypt() encrypts/decrypts using cipher feedback mode. This method takes an array of characters as input and outputs an array of characters. It does not require any padding to 8 character groups. Note: the ivec variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs a complete DES ECB encryption per numbits, this function is only suggested for use when sending a small number of characters.

+ +

DES_cfb64_encrypt() implements CFB mode of DES with 64-bit feedback. Why is this useful you ask? Because this routine will allow you to encrypt an arbitrary number of bytes, without 8 byte padding. Each call to this routine will encrypt the input bytes to output and then update ivec and num. num contains 'how far' we are though ivec. If this does not make much sense, read more about CFB mode of DES.

+ +

DES_ede3_cfb64_encrypt() and DES_ede2_cfb64_encrypt() is the same as DES_cfb64_encrypt() except that Triple-DES is used.

+ +

DES_ofb_encrypt() encrypts using output feedback mode. This method takes an array of characters as input and outputs an array of characters. It does not require any padding to 8 character groups. Note: the ivec variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs a complete DES ECB encryption per numbits, this function is only suggested for use when sending a small number of characters.

+ +

DES_ofb64_encrypt() is the same as DES_cfb64_encrypt() using Output Feed Back mode.

+ +

DES_ede3_ofb64_encrypt() and DES_ede2_ofb64_encrypt() is the same as DES_ofb64_encrypt(), using Triple-DES.

+ +

The following functions are included in the DES library for compatibility with the MIT Kerberos library.

+ +

DES_cbc_cksum() produces an 8 byte checksum based on the input stream (via CBC encryption). The last 4 bytes of the checksum are returned and the complete 8 bytes are placed in output. This function is used by Kerberos v4. Other applications should use EVP_DigestInit(3) etc. instead.

+ +

DES_quad_cksum() is a Kerberos v4 function. It returns a 4 byte checksum from the input bytes. The algorithm can be iterated over the input, depending on out_count, 1, 2, 3 or 4 times. If output is non-NULL, the 8 bytes generated by each pass are written into output.

+ +

The following are DES-based transformations:

+ +

DES_fcrypt() is a fast version of the Unix crypt(3) function. This version takes only a small amount of space relative to other fast crypt() implementations. This is different to the normal crypt() in that the third parameter is the buffer that the return value is written into. It needs to be at least 14 bytes long. This function is thread safe, unlike the normal crypt().

+ +

DES_crypt() is a faster replacement for the normal system crypt(). This function calls DES_fcrypt() with a static array passed as the third parameter. This mostly emulates the normal non-thread-safe semantics of crypt(3). The salt must be two ASCII characters.

+ +

The values returned by DES_fcrypt() and DES_crypt() are terminated by NUL character.

+ +

DES_enc_write() writes len bytes to file descriptor fd from buffer buf. The data is encrypted via pcbc_encrypt (default) using sched for the key and iv as a starting vector. The actual data send down fd consists of 4 bytes (in network byte order) containing the length of the following encrypted data. The encrypted data then follows, padded with random data out to a multiple of 8 bytes.

+ +

BUGS

+ +

DES_cbc_encrypt() does not modify ivec; use DES_ncbc_encrypt() instead.

+ +

DES_cfb_encrypt() and DES_ofb_encrypt() operates on input of 8 bits. What this means is that if you set numbits to 12, and length to 2, the first 12 bits will come from the 1st input byte and the low half of the second input byte. The second 12 bits will have the low 8 bits taken from the 3rd input byte and the top 4 bits taken from the 4th input byte. The same holds for output. This function has been implemented this way because most people will be using a multiple of 8 and because once you get into pulling bytes input bytes apart things get ugly!

+ +

DES_string_to_key() is available for backward compatibility with the MIT library. New applications should use a cryptographic hash function. The same applies for DES_string_to_2key().

+ +

NOTES

+ +

The des library was written to be source code compatible with the MIT Kerberos library.

+ +

Applications should use the higher level functions EVP_EncryptInit(3) etc. instead of calling these functions directly.

+ +

Single-key DES is insecure due to its short key size. ECB mode is not suitable for most applications; see des_modes(7).

+ +

RETURN VALUES

+ +

DES_set_key(), DES_key_sched(), DES_set_key_checked() and DES_is_weak_key() return 0 on success or negative values on error.

+ +

DES_cbc_cksum() and DES_quad_cksum() return 4-byte integer representing the last 4 bytes of the checksum of the input.

+ +

DES_fcrypt() returns a pointer to the caller-provided buffer and DES_crypt() - to a static buffer on success; otherwise they return NULL.

+ +

SEE ALSO

+ +

des_modes(7), EVP_EncryptInit(3)

+ +

HISTORY

+ +

The requirement that the salt parameter to DES_crypt() and DES_fcrypt() be two ASCII characters was first enforced in OpenSSL 1.1.0. Previous versions tried to use the letter uppercase A if both character were not present, and could crash when given non-ASCII on some platforms.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_generate_key.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_generate_key.html new file mode 100644 index 00000000..07b78000 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_generate_key.html @@ -0,0 +1,66 @@ + + + + +DH_generate_key + + + + + + + + + + +

NAME

+ +

DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+int DH_generate_key(DH *dh);
+
+int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+ +

DESCRIPTION

+ +

DH_generate_key() performs the first step of a Diffie-Hellman key exchange by generating private and public DH values. By calling DH_compute_key(), these are combined with the other party's public value to compute the shared key.

+ +

DH_generate_key() expects dh to contain the shared parameters dh->p and dh->g. It generates a random private DH value unless dh->priv_key is already set, and computes the corresponding public value dh->pub_key, which can then be published.

+ +

DH_compute_key() computes the shared secret from the private DH value in dh and the other party's public value in pub_key and stores it in key. key must point to DH_size(dh) bytes of memory.

+ +

RETURN VALUES

+ +

DH_generate_key() returns 1 on success, 0 otherwise.

+ +

DH_compute_key() returns the size of the shared secret on success, -1 on error.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

DH_new(3), ERR_get_error(3), RAND_bytes(3), DH_size(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_generate_parameters.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_generate_parameters.html new file mode 100644 index 00000000..9338b659 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_generate_parameters.html @@ -0,0 +1,155 @@ + + + + +DH_generate_parameters + + + + + + + + + + +

NAME

+ +

DH_generate_parameters_ex, DH_generate_parameters, DH_check, DH_check_params, DH_check_ex, DH_check_params_ex, DH_check_pub_key_ex - generate and check Diffie-Hellman parameters

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb);
+
+int DH_check(DH *dh, int *codes);
+int DH_check_params(DH *dh, int *codes);
+
+int DH_check_ex(const DH *dh);
+int DH_check_params_ex(const DH *dh);
+int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x00908000L
+DH *DH_generate_parameters(int prime_len, int generator,
+                           void (*callback)(int, int, void *), void *cb_arg);
+#endif
+ +

DESCRIPTION

+ +

DH_generate_parameters_ex() generates Diffie-Hellman parameters that can be shared among a group of users, and stores them in the provided DH structure. The pseudo-random number generator must be seeded before calling it. The parameters generated by DH_generate_parameters_ex() should not be used in signature schemes.

+ +

prime_len is the length in bits of the safe prime to be generated. generator is a small number > 1, typically 2 or 5.

+ +

A callback function may be used to provide feedback about the progress of the key generation. If cb is not NULL, it will be called as described in BN_generate_prime(3) while a random prime number is generated, and when a prime has been found, BN_GENCB_call(cb, 3, 0) is called. See BN_generate_prime_ex(3) for information on the BN_GENCB_call() function.

+ +

DH_generate_parameters() is similar to DH_generate_prime_ex() but expects an old-style callback function; see BN_generate_prime(3) for information on the old-style callback.

+ +

DH_check_params() confirms that the p and g are likely enough to be valid. This is a lightweight check, if a more thorough check is needed, use DH_check(). The value of *codes is updated with any problems found. If *codes is zero then no problems were found, otherwise the following bits may be set:

+ +
+ +
DH_CHECK_P_NOT_PRIME
+
+ +

The parameter p has been determined to not being an odd prime. Note that the lack of this bit doesn't guarantee that p is a prime.

+ +
+
DH_NOT_SUITABLE_GENERATOR
+
+ +

The generator g is not suitable. Note that the lack of this bit doesn't guarantee that g is suitable, unless p is known to be a strong prime.

+ +
+
+ +

DH_check() confirms that the Diffie-Hellman parameters dh are valid. The value of *codes is updated with any problems found. If *codes is zero then no problems were found, otherwise the following bits may be set:

+ +
+ +
DH_CHECK_P_NOT_PRIME
+
+ +

The parameter p is not prime.

+ +
+
DH_CHECK_P_NOT_SAFE_PRIME
+
+ +

The parameter p is not a safe prime and no q value is present.

+ +
+
DH_UNABLE_TO_CHECK_GENERATOR
+
+ +

The generator g cannot be checked for suitability.

+ +
+
DH_NOT_SUITABLE_GENERATOR
+
+ +

The generator g is not suitable.

+ +
+
DH_CHECK_Q_NOT_PRIME
+
+ +

The parameter q is not prime.

+ +
+
DH_CHECK_INVALID_Q_VALUE
+
+ +

The parameter q is invalid.

+ +
+
DH_CHECK_INVALID_J_VALUE
+
+ +

The parameter j is invalid.

+ +
+
+ +

DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() are similar to DH_check() and DH_check_params() respectively, but the error reasons are added to the thread's error queue instead of provided as return values from the function.

+ +

RETURN VALUES

+ +

DH_generate_parameters_ex(), DH_check() and DH_check_params() return 1 if the check could be performed, 0 otherwise.

+ +

DH_generate_parameters() returns a pointer to the DH structure or NULL if the parameter generation fails.

+ +

DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() return 1 if the check is successful, 0 for failed.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

DH_new(3), ERR_get_error(3), RAND_bytes(3), DH_free(3)

+ +

HISTORY

+ +

DH_generate_parameters() was deprecated in OpenSSL 0.9.8; use DH_generate_parameters_ex() instead.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_get0_pqg.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_get0_pqg.html new file mode 100644 index 00000000..abeb59f0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_get0_pqg.html @@ -0,0 +1,106 @@ + + + + +DH_get0_pqg + + + + + + + + + + +

NAME

+ +

DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, DH_get0_p, DH_get0_q, DH_get0_g, DH_get0_priv_key, DH_get0_pub_key, DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, DH_get_length, DH_set_length - Routines for getting and setting data in a DH object

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+void DH_get0_pqg(const DH *dh,
+                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DH_get0_key(const DH *dh,
+                 const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+const BIGNUM *DH_get0_p(const DH *dh);
+const BIGNUM *DH_get0_q(const DH *dh);
+const BIGNUM *DH_get0_g(const DH *dh);
+const BIGNUM *DH_get0_priv_key(const DH *dh);
+const BIGNUM *DH_get0_pub_key(const DH *dh);
+void DH_clear_flags(DH *dh, int flags);
+int DH_test_flags(const DH *dh, int flags);
+void DH_set_flags(DH *dh, int flags);
+ENGINE *DH_get0_engine(DH *d);
+long DH_get_length(const DH *dh);
+int DH_set_length(DH *dh, long length);
+ +

DESCRIPTION

+ +

A DH object contains the parameters p, q and g. Note that the q parameter is optional. It also contains a public key (pub_key) and (optionally) a private key (priv_key).

+ +

The p, q and g parameters can be obtained by calling DH_get0_pqg(). If the parameters have not yet been set then *p, *q and *g will be set to NULL. Otherwise they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed directly. Any of the out parameters p, q, and g can be NULL, in which case no value will be returned for that parameter.

+ +

The p, q and g values can be set by calling DH_set0_pqg() and passing the new values for p, q and g as parameters to the function. Calling this function transfers the memory management of the values to the DH object, and therefore the values that have been passed in should not be freed directly after this function has been called. The q parameter may be NULL.

+ +

To get the public and private key values use the DH_get0_key() function. A pointer to the public key will be stored in *pub_key, and a pointer to the private key will be stored in *priv_key. Either may be NULL if they have not been set yet, although if the private key has been set then the public key must be. The values point to the internal representation of the public key and private key values. This memory should not be freed directly. Any of the out parameters pub_key and priv_key can be NULL, in which case no value will be returned for that parameter.

+ +

The public and private key values can be set using DH_set0_key(). Either parameter may be NULL, which means the corresponding DH field is left untouched. As with DH_set0_pqg() this function transfers the memory management of the key values to the DH object, and therefore they should not be freed directly after this function has been called.

+ +

Any of the values p, q, g, priv_key, and pub_key can also be retrieved separately by the corresponding function DH_get0_p(), DH_get0_q(), DH_get0_g(), DH_get0_priv_key(), and DH_get0_pub_key(), respectively.

+ +

DH_set_flags() sets the flags in the flags parameter on the DH object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. DH_test_flags() tests to see whether the flags passed in the flags parameter are currently set in the DH object. Multiple flags can be tested in one go. All flags that are currently set are returned, or zero if none of the flags are set. DH_clear_flags() clears the specified flags within the DH object.

+ +

DH_get0_engine() returns a handle to the ENGINE that has been set for this DH object, or NULL if no such ENGINE has been set.

+ +

The DH_get_length() and DH_set_length() functions get and set the optional length parameter associated with this DH object. If the length is non-zero then it is used, otherwise it is ignored. The length parameter indicates the length of the secret exponent (private key) in bits.

+ +

NOTES

+ +

Values retrieved with DH_get0_key() are owned by the DH object used in the call and may therefore not be passed to DH_set0_key(). If needed, duplicate the received value using BN_dup() and pass the duplicate. The same applies to DH_get0_pqg() and DH_set0_pqg().

+ +

RETURN VALUES

+ +

DH_set0_pqg() and DH_set0_key() return 1 on success or 0 on failure.

+ +

DH_get0_p(), DH_get0_q(), DH_get0_g(), DH_get0_priv_key(), and DH_get0_pub_key() return the respective value, or NULL if it is unset.

+ +

DH_test_flags() returns the current state of the flags in the DH object.

+ +

DH_get0_engine() returns the ENGINE set for the DH object or NULL if no ENGINE has been set.

+ +

DH_get_length() returns the length of the secret exponent (private key) in bits, or zero if no such length has been explicitly set.

+ +

SEE ALSO

+ +

DH_new(3), DH_new(3), DH_generate_parameters(3), DH_generate_key(3), DH_set_method(3), DH_size(3), DH_meth_new(3)

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_get_1024_160.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_get_1024_160.html new file mode 100644 index 00000000..f810914f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_get_1024_160.html @@ -0,0 +1,71 @@ + + + + +DH_get_1024_160 + + + + + + + + + + +

NAME

+ +

DH_get_1024_160, DH_get_2048_224, DH_get_2048_256, BN_get0_nist_prime_192, BN_get0_nist_prime_224, BN_get0_nist_prime_256, BN_get0_nist_prime_384, BN_get0_nist_prime_521, BN_get_rfc2409_prime_768, BN_get_rfc2409_prime_1024, BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192 - Create standardized public primes or DH pairs

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+DH *DH_get_1024_160(void)
+DH *DH_get_2048_224(void)
+DH *DH_get_2048_256(void)
+
+const BIGNUM *BN_get0_nist_prime_192(void)
+const BIGNUM *BN_get0_nist_prime_224(void)
+const BIGNUM *BN_get0_nist_prime_256(void)
+const BIGNUM *BN_get0_nist_prime_384(void)
+const BIGNUM *BN_get0_nist_prime_521(void)
+
+BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn)
+BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn)
+ +

DESCRIPTION

+ +

DH_get_1024_160(), DH_get_2048_224(), and DH_get_2048_256() each return a DH object for the IETF RFC 5114 value.

+ +

BN_get0_nist_prime_192(), BN_get0_nist_prime_224(), BN_get0_nist_prime_256(), BN_get0_nist_prime_384(), and BN_get0_nist_prime_521() functions return a BIGNUM for the specific NIST prime curve (e.g., P-256).

+ +

BN_get_rfc2409_prime_768(), BN_get_rfc2409_prime_1024(), BN_get_rfc3526_prime_1536(), BN_get_rfc3526_prime_2048(), BN_get_rfc3526_prime_3072(), BN_get_rfc3526_prime_4096(), BN_get_rfc3526_prime_6144(), and BN_get_rfc3526_prime_8192() functions return a BIGNUM for the specified size from IETF RFC 2409. If bn is not NULL, the BIGNUM will be set into that location as well.

+ +

RETURN VALUES

+ +

Defined above.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_meth_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_meth_new.html new file mode 100644 index 00000000..f06d81b8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_meth_new.html @@ -0,0 +1,135 @@ + + + + +DH_meth_new + + + + + + + + + + +

NAME

+ +

DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data, DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key, DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp, DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish, DH_meth_get_generate_params, DH_meth_set_generate_params - Routines to build up DH methods

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+DH_METHOD *DH_meth_new(const char *name, int flags);
+
+void DH_meth_free(DH_METHOD *dhm);
+
+DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
+
+const char *DH_meth_get0_name(const DH_METHOD *dhm);
+int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
+
+int DH_meth_get_flags(const DH_METHOD *dhm);
+int DH_meth_set_flags(DH_METHOD *dhm, int flags);
+
+void *DH_meth_get0_app_data(const DH_METHOD *dhm);
+int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
+
+int (*DH_meth_get_generate_key(const DH_METHOD *dhm))(DH *);
+int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key)(DH *));
+
+int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+    (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+int DH_meth_set_compute_key(DH_METHOD *dhm,
+    int (*compute_key)(unsigned char *key, const BIGNUM *pub_key, DH *dh));
+
+int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+    (const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+    int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
+                      const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                      BN_MONT_CTX *m_ctx));
+
+int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
+int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
+
+int (*DH_meth_get_finish(const DH_METHOD *dhm))(DH *);
+int DH_meth_set_finish(DH_METHOD *dhm, int (*finish)(DH *));
+
+int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+    (DH *, int, int, BN_GENCB *);
+int DH_meth_set_generate_params(DH_METHOD *dhm,
+    int (*generate_params)(DH *, int, int, BN_GENCB *));
+ +

DESCRIPTION

+ +

The DH_METHOD type is a structure used for the provision of custom DH implementations. It provides a set of functions used by OpenSSL for the implementation of the various DH capabilities.

+ +

DH_meth_new() creates a new DH_METHOD structure. It should be given a unique name and a set of flags. The name should be a NULL terminated string, which will be duplicated and stored in the DH_METHOD object. It is the callers responsibility to free the original string. The flags will be used during the construction of a new DH object based on this DH_METHOD. Any new DH object will have those flags set by default.

+ +

DH_meth_dup() creates a duplicate copy of the DH_METHOD object passed as a parameter. This might be useful for creating a new DH_METHOD based on an existing one, but with some differences.

+ +

DH_meth_free() destroys a DH_METHOD structure and frees up any memory associated with it.

+ +

DH_meth_get0_name() will return a pointer to the name of this DH_METHOD. This is a pointer to the internal name string and so should not be freed by the caller. DH_meth_set1_name() sets the name of the DH_METHOD to name. The string is duplicated and the copy is stored in the DH_METHOD structure, so the caller remains responsible for freeing the memory associated with the name.

+ +

DH_meth_get_flags() returns the current value of the flags associated with this DH_METHOD. DH_meth_set_flags() provides the ability to set these flags.

+ +

The functions DH_meth_get0_app_data() and DH_meth_set0_app_data() provide the ability to associate implementation specific data with the DH_METHOD. It is the application's responsibility to free this data before the DH_METHOD is freed via a call to DH_meth_free().

+ +

DH_meth_get_generate_key() and DH_meth_set_generate_key() get and set the function used for generating a new DH key pair respectively. This function will be called in response to the application calling DH_generate_key(). The parameter for the function has the same meaning as for DH_generate_key().

+ +

DH_meth_get_compute_key() and DH_meth_set_compute_key() get and set the function used for computing a new DH shared secret respectively. This function will be called in response to the application calling DH_compute_key(). The parameters for the function have the same meaning as for DH_compute_key().

+ +

DH_meth_get_bn_mod_exp() and DH_meth_set_bn_mod_exp() get and set the function used for computing the following value:

+ +
r = a ^ p mod m
+ +

This function will be called by the default OpenSSL function for DH_generate_key(). The result is stored in the r parameter. This function may be NULL unless using the default generate key function, in which case it must be present.

+ +

DH_meth_get_init() and DH_meth_set_init() get and set the function used for creating a new DH instance respectively. This function will be called in response to the application calling DH_new() (if the current default DH_METHOD is this one) or DH_new_method(). The DH_new() and DH_new_method() functions will allocate the memory for the new DH object, and a pointer to this newly allocated structure will be passed as a parameter to the function. This function may be NULL.

+ +

DH_meth_get_finish() and DH_meth_set_finish() get and set the function used for destroying an instance of a DH object respectively. This function will be called in response to the application calling DH_free(). A pointer to the DH to be destroyed is passed as a parameter. The destroy function should be used for DH implementation specific clean up. The memory for the DH itself should not be freed by this function. This function may be NULL.

+ +

DH_meth_get_generate_params() and DH_meth_set_generate_params() get and set the function used for generating DH parameters respectively. This function will be called in response to the application calling DH_generate_parameters_ex() (or DH_generate_parameters()). The parameters for the function have the same meaning as for DH_generate_parameters_ex(). This function may be NULL.

+ +

RETURN VALUES

+ +

DH_meth_new() and DH_meth_dup() return the newly allocated DH_METHOD object or NULL on failure.

+ +

DH_meth_get0_name() and DH_meth_get_flags() return the name and flags associated with the DH_METHOD respectively.

+ +

All other DH_meth_get_*() functions return the appropriate function pointer that has been set in the DH_METHOD, or NULL if no such pointer has yet been set.

+ +

DH_meth_set1_name() and all DH_meth_set_*() functions return 1 on success or 0 on failure.

+ +

SEE ALSO

+ +

DH_new(3), DH_new(3), DH_generate_parameters(3), DH_generate_key(3), DH_set_method(3), DH_size(3), DH_get0_pqg(3)

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_new.html new file mode 100644 index 00000000..336c9cf6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_new.html @@ -0,0 +1,62 @@ + + + + +DH_new + + + + + + + + + + +

NAME

+ +

DH_new, DH_free - allocate and free DH objects

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+DH* DH_new(void);
+
+void DH_free(DH *dh);
+ +

DESCRIPTION

+ +

DH_new() allocates and initializes a DH structure.

+ +

DH_free() frees the DH structure and its components. The values are erased before the memory is returned to the system. If dh is NULL nothing is done.

+ +

RETURN VALUES

+ +

If the allocation fails, DH_new() returns NULL and sets an error code that can be obtained by ERR_get_error(3). Otherwise it returns a pointer to the newly allocated structure.

+ +

DH_free() returns no value.

+ +

SEE ALSO

+ +

DH_new(3), ERR_get_error(3), DH_generate_parameters(3), DH_generate_key(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_new_by_nid.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_new_by_nid.html new file mode 100644 index 00000000..035fd433 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_new_by_nid.html @@ -0,0 +1,55 @@ + + + + +DH_new_by_nid + + + + + + + + + + +

NAME

+ +

DH_new_by_nid, DH_get_nid - get or find DH named parameters

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+DH *DH_new_by_nid(int nid);
+int *DH_get_nid(const DH *dh);
+ +

DESCRIPTION

+ +

DH_new_by_nid() creates and returns a DH structure containing named parameters nid. Currently nid must be NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096, NID_ffdhe6144 or NID_ffdhe8192.

+ +

DH_get_nid() determines if the parameters contained in dh match any named set. It returns the NID corresponding to the matching parameters or NID_undef if there is no match.

+ +

RETURN VALUES

+ +

DH_new_by_nid() returns a set of DH parameters or NULL if an error occurred.

+ +

DH_get_nid() returns the NID of the matching set of parameters or NID_undef if there is no match.

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_set_method.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_set_method.html new file mode 100644 index 00000000..252a6480 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_set_method.html @@ -0,0 +1,82 @@ + + + + +DH_set_method + + + + + + + + + + +

NAME

+ +

DH_set_default_method, DH_get_default_method, DH_set_method, DH_new_method, DH_OpenSSL - select DH method

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+void DH_set_default_method(const DH_METHOD *meth);
+
+const DH_METHOD *DH_get_default_method(void);
+
+int DH_set_method(DH *dh, const DH_METHOD *meth);
+
+DH *DH_new_method(ENGINE *engine);
+
+const DH_METHOD *DH_OpenSSL(void);
+ +

DESCRIPTION

+ +

A DH_METHOD specifies the functions that OpenSSL uses for Diffie-Hellman operations. By modifying the method, alternative implementations such as hardware accelerators may be used. IMPORTANT: See the NOTES section for important information about how these DH API functions are affected by the use of ENGINE API calls.

+ +

Initially, the default DH_METHOD is the OpenSSL internal implementation, as returned by DH_OpenSSL().

+ +

DH_set_default_method() makes meth the default method for all DH structures created later. NB: This is true only whilst no ENGINE has been set as a default for DH, so this function is no longer recommended. This function is not thread-safe and should not be called at the same time as other OpenSSL functions.

+ +

DH_get_default_method() returns a pointer to the current default DH_METHOD. However, the meaningfulness of this result is dependent on whether the ENGINE API is being used, so this function is no longer recommended.

+ +

DH_set_method() selects meth to perform all operations using the key dh. This will replace the DH_METHOD used by the DH key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have DH keys that only work with certain DH_METHOD implementations (eg. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the DH_METHOD for the key can have unexpected results.

+ +

DH_new_method() allocates and initializes a DH structure so that engine will be used for the DH operations. If engine is NULL, the default ENGINE for DH operations is used, and if no default ENGINE is set, the DH_METHOD controlled by DH_set_default_method() is used.

+ +

A new DH_METHOD object may be constructed using DH_meth_new() (see DH_meth_new(3)).

+ +

RETURN VALUES

+ +

DH_OpenSSL() and DH_get_default_method() return pointers to the respective DH_METHODs.

+ +

DH_set_default_method() returns no value.

+ +

DH_set_method() returns non-zero if the provided meth was successfully set as the method for dh (including unloading the ENGINE handle if the previous method was supplied by an ENGINE).

+ +

DH_new_method() returns NULL and sets an error code that can be obtained by ERR_get_error(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure.

+ +

SEE ALSO

+ +

DH_new(3), DH_new(3), DH_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_size.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_size.html new file mode 100644 index 00000000..8bb1aa3b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DH_size.html @@ -0,0 +1,75 @@ + + + + +DH_size + + + + + + + + + + +

NAME

+ +

DH_size, DH_bits, DH_security_bits - get Diffie-Hellman prime size and security bits

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+int DH_size(const DH *dh);
+
+int DH_bits(const DH *dh);
+
+int DH_security_bits(const DH *dh);
+ +

DESCRIPTION

+ +

DH_size() returns the Diffie-Hellman prime size in bytes. It can be used to determine how much memory must be allocated for the shared secret computed by DH_compute_key(3).

+ +

DH_bits() returns the number of significant bits.

+ +

dh and dh->p must not be NULL.

+ +

DH_security_bits() returns the number of security bits of the given dh key. See BN_security_bits(3).

+ +

RETURN VALUES

+ +

DH_size() returns the prime size of Diffie-Hellman in bytes.

+ +

DH_bits() returns the number of bits in the key.

+ +

DH_security_bits() returns the number of security bits.

+ +

SEE ALSO

+ +

DH_new(3), DH_generate_key(3), BN_num_bits(3)

+ +

HISTORY

+ +

The DH_bits() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_SIG_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_SIG_new.html new file mode 100644 index 00000000..bcb1bc84 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_SIG_new.html @@ -0,0 +1,69 @@ + + + + +DSA_SIG_new + + + + + + + + + + +

NAME

+ +

DSA_SIG_get0, DSA_SIG_set0, DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+DSA_SIG *DSA_SIG_new(void);
+void DSA_SIG_free(DSA_SIG *a);
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+ +

DESCRIPTION

+ +

DSA_SIG_new() allocates an empty DSA_SIG structure.

+ +

DSA_SIG_free() frees the DSA_SIG structure and its components. The values are erased before the memory is returned to the system.

+ +

DSA_SIG_get0() returns internal pointers to the r and s values contained in sig.

+ +

The r and s values can be set by calling DSA_SIG_set0() and passing the new values for r and s as parameters to the function. Calling this function transfers the memory management of the values to the DSA_SIG object, and therefore the values that have been passed in should not be freed directly after this function has been called.

+ +

RETURN VALUES

+ +

If the allocation fails, DSA_SIG_new() returns NULL and sets an error code that can be obtained by ERR_get_error(3). Otherwise it returns a pointer to the newly allocated structure.

+ +

DSA_SIG_free() returns no value.

+ +

DSA_SIG_set0() returns 1 on success or 0 on failure.

+ +

SEE ALSO

+ +

DSA_new(3), ERR_get_error(3), DSA_do_sign(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_do_sign.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_do_sign.html new file mode 100644 index 00000000..62e99a71 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_do_sign.html @@ -0,0 +1,63 @@ + + + + +DSA_do_sign + + + + + + + + + + +

NAME

+ +

DSA_do_sign, DSA_do_verify - raw DSA signature operations

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+
+int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+                  DSA_SIG *sig, DSA *dsa);
+ +

DESCRIPTION

+ +

DSA_do_sign() computes a digital signature on the len byte message digest dgst using the private key dsa and returns it in a newly allocated DSA_SIG structure.

+ +

DSA_sign_setup(3) may be used to precompute part of the signing operation in case signature generation is time-critical.

+ +

DSA_do_verify() verifies that the signature sig matches a given message digest dgst of size len. dsa is the signer's public key.

+ +

RETURN VALUES

+ +

DSA_do_sign() returns the signature, NULL on error. DSA_do_verify() returns 1 for a valid signature, 0 for an incorrect signature and -1 on error. The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

DSA_new(3), ERR_get_error(3), RAND_bytes(3), DSA_SIG_new(3), DSA_sign(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_dup_DH.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_dup_DH.html new file mode 100644 index 00000000..f18c70e1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_dup_DH.html @@ -0,0 +1,61 @@ + + + + +DSA_dup_DH + + + + + + + + + + +

NAME

+ +

DSA_dup_DH - create a DH structure out of DSA structure

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+DH *DSA_dup_DH(const DSA *r);
+ +

DESCRIPTION

+ +

DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q is lost during that conversion, but the resulting DH parameters contain its length.

+ +

RETURN VALUES

+ +

DSA_dup_DH() returns the new DH structure, and NULL on error. The error codes can be obtained by ERR_get_error(3).

+ +

NOTE

+ +

Be careful to avoid small subgroup attacks when using this.

+ +

SEE ALSO

+ +

DH_new(3), DSA_new(3), ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_generate_key.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_generate_key.html new file mode 100644 index 00000000..e535d8d0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_generate_key.html @@ -0,0 +1,58 @@ + + + + +DSA_generate_key + + + + + + + + + + +

NAME

+ +

DSA_generate_key - generate DSA key pair

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+int DSA_generate_key(DSA *a);
+ +

DESCRIPTION

+ +

DSA_generate_key() expects a to contain DSA parameters. It generates a new key pair and stores it in a->pub_key and a->priv_key.

+ +

The random generator must be seeded prior to calling DSA_generate_key(). If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

RETURN VALUES

+ +

DSA_generate_key() returns 1 on success, 0 otherwise. The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

DSA_new(3), ERR_get_error(3), RAND_bytes(3), DSA_generate_parameters_ex(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_generate_parameters.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_generate_parameters.html new file mode 100644 index 00000000..301678a5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_generate_parameters.html @@ -0,0 +1,114 @@ + + + + +DSA_generate_parameters + + + + + + + + + + +

NAME

+ +

DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+int DSA_generate_parameters_ex(DSA *dsa, int bits,
+                               const unsigned char *seed, int seed_len,
+                               int *counter_ret, unsigned long *h_ret,
+                               BN_GENCB *cb);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x00908000L
+DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len,
+                             int *counter_ret, unsigned long *h_ret,
+                             void (*callback)(int, int, void *), void *cb_arg);
+#endif
+ +

DESCRIPTION

+ +

DSA_generate_parameters_ex() generates primes p and q and a generator g for use in the DSA and stores the result in dsa.

+ +

bits is the length of the prime p to be generated. For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits.

+ +

If seed is NULL, the primes will be generated at random. If seed_len is less than the length of q, an error is returned.

+ +

DSA_generate_parameters_ex() places the iteration count in *counter_ret and a counter used for finding a generator in *h_ret, unless these are NULL.

+ +

A callback function may be used to provide feedback about the progress of the key generation. If cb is not NULL, it will be called as shown below. For information on the BN_GENCB structure and the BN_GENCB_call function discussed below, refer to BN_generate_prime(3).

+ +

DSA_generate_prime() is similar to DSA_generate_prime_ex() but expects an old-style callback function; see BN_generate_prime(3) for information on the old-style callback.

+ +
    + +
  • When a candidate for q is generated, BN_GENCB_call(cb, 0, m++) is called (m is 0 for the first candidate).

    + +
  • +
  • When a candidate for q has passed a test by trial division, BN_GENCB_call(cb, 1, -1) is called. While a candidate for q is tested by Miller-Rabin primality tests, BN_GENCB_call(cb, 1, i) is called in the outer loop (once for each witness that confirms that the candidate may be prime); i is the loop counter (starting at 0).

    + +
  • +
  • When a prime q has been found, BN_GENCB_call(cb, 2, 0) and BN_GENCB_call(cb, 3, 0) are called.

    + +
  • +
  • Before a candidate for p (other than the first) is generated and tested, BN_GENCB_call(cb, 0, counter) is called.

    + +
  • +
  • When a candidate for p has passed the test by trial division, BN_GENCB_call(cb, 1, -1) is called. While it is tested by the Miller-Rabin primality test, BN_GENCB_call(cb, 1, i) is called in the outer loop (once for each witness that confirms that the candidate may be prime). i is the loop counter (starting at 0).

    + +
  • +
  • When p has been found, BN_GENCB_call(cb, 2, 1) is called.

    + +
  • +
  • When the generator has been found, BN_GENCB_call(cb, 3, 1) is called.

    + +
  • +
+ +

RETURN VALUES

+ +

DSA_generate_parameters_ex() returns a 1 on success, or 0 otherwise. The error codes can be obtained by ERR_get_error(3).

+ +

DSA_generate_parameters() returns a pointer to the DSA structure or NULL if the parameter generation fails.

+ +

BUGS

+ +

Seed lengths greater than 20 are not supported.

+ +

SEE ALSO

+ +

DSA_new(3), ERR_get_error(3), RAND_bytes(3), DSA_free(3), BN_generate_prime(3)

+ +

HISTORY

+ +

DSA_generate_parameters() was deprecated in OpenSSL 0.9.8; use DSA_generate_parameters_ex() instead.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_get0_pqg.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_get0_pqg.html new file mode 100644 index 00000000..10a918fe --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_get0_pqg.html @@ -0,0 +1,98 @@ + + + + +DSA_get0_pqg + + + + + + + + + + +

NAME

+ +

DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, DSA_get0_g, DSA_get0_pub_key, DSA_get0_priv_key, DSA_clear_flags, DSA_test_flags, DSA_set_flags, DSA_get0_engine - Routines for getting and setting data in a DSA object

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+void DSA_get0_pqg(const DSA *d,
+                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DSA_get0_key(const DSA *d,
+                  const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+const BIGNUM *DSA_get0_p(const DSA *d);
+const BIGNUM *DSA_get0_q(const DSA *d);
+const BIGNUM *DSA_get0_g(const DSA *d);
+const BIGNUM *DSA_get0_pub_key(const DSA *d);
+const BIGNUM *DSA_get0_priv_key(const DSA *d);
+void DSA_clear_flags(DSA *d, int flags);
+int DSA_test_flags(const DSA *d, int flags);
+void DSA_set_flags(DSA *d, int flags);
+ENGINE *DSA_get0_engine(DSA *d);
+ +

DESCRIPTION

+ +

A DSA object contains the parameters p, q and g. It also contains a public key (pub_key) and (optionally) a private key (priv_key).

+ +

The p, q and g parameters can be obtained by calling DSA_get0_pqg(). If the parameters have not yet been set then *p, *q and *g will be set to NULL. Otherwise they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed directly.

+ +

The p, q and g values can be set by calling DSA_set0_pqg() and passing the new values for p, q and g as parameters to the function. Calling this function transfers the memory management of the values to the DSA object, and therefore the values that have been passed in should not be freed directly after this function has been called.

+ +

To get the public and private key values use the DSA_get0_key() function. A pointer to the public key will be stored in *pub_key, and a pointer to the private key will be stored in *priv_key. Either may be NULL if they have not been set yet, although if the private key has been set then the public key must be. The values point to the internal representation of the public key and private key values. This memory should not be freed directly.

+ +

The public and private key values can be set using DSA_set0_key(). The public key must be non-NULL the first time this function is called on a given DSA object. The private key may be NULL. On subsequent calls, either may be NULL, which means the corresponding DSA field is left untouched. As for DSA_set0_pqg() this function transfers the memory management of the key values to the DSA object, and therefore they should not be freed directly after this function has been called.

+ +

Any of the values p, q, g, priv_key, and pub_key can also be retrieved separately by the corresponding function DSA_get0_p(), DSA_get0_q(), DSA_get0_g(), DSA_get0_priv_key(), and DSA_get0_pub_key(), respectively.

+ +

DSA_set_flags() sets the flags in the flags parameter on the DSA object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. DSA_test_flags() tests to see whether the flags passed in the flags parameter are currently set in the DSA object. Multiple flags can be tested in one go. All flags that are currently set are returned, or zero if none of the flags are set. DSA_clear_flags() clears the specified flags within the DSA object.

+ +

DSA_get0_engine() returns a handle to the ENGINE that has been set for this DSA object, or NULL if no such ENGINE has been set.

+ +

NOTES

+ +

Values retrieved with DSA_get0_key() are owned by the DSA object used in the call and may therefore not be passed to DSA_set0_key(). If needed, duplicate the received value using BN_dup() and pass the duplicate. The same applies to DSA_get0_pqg() and DSA_set0_pqg().

+ +

RETURN VALUES

+ +

DSA_set0_pqg() and DSA_set0_key() return 1 on success or 0 on failure.

+ +

DSA_test_flags() returns the current state of the flags in the DSA object.

+ +

DSA_get0_engine() returns the ENGINE set for the DSA object or NULL if no ENGINE has been set.

+ +

SEE ALSO

+ +

DSA_new(3), DSA_new(3), DSA_generate_parameters(3), DSA_generate_key(3), DSA_dup_DH(3), DSA_do_sign(3), DSA_set_method(3), DSA_SIG_new(3), DSA_sign(3), DSA_size(3), DSA_meth_new(3)

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_meth_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_meth_new.html new file mode 100644 index 00000000..50ad2d3b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_meth_new.html @@ -0,0 +1,171 @@ + + + + +DSA_meth_new + + + + + + + + + + +

NAME

+ +

DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign, DSA_meth_set_sign, DSA_meth_get_sign_setup, DSA_meth_set_sign_setup, DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen, DSA_meth_set_keygen - Routines to build up DSA methods

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+DSA_METHOD *DSA_meth_new(const char *name, int flags);
+
+void DSA_meth_free(DSA_METHOD *dsam);
+
+DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth);
+
+const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
+int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
+
+int DSA_meth_get_flags(const DSA_METHOD *dsam);
+int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
+
+void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
+int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
+
+DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))(const unsigned char *,
+                                                      int, DSA *);
+int DSA_meth_set_sign(DSA_METHOD *dsam, DSA_SIG *(*sign)(const unsigned char *,
+                                                         int, DSA *));
+
+int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))(DSA *, BN_CTX *,$
+                                                       BIGNUM **, BIGNUM **);
+int DSA_meth_set_sign_setup(DSA_METHOD *dsam, int (*sign_setup)(DSA *, BN_CTX *,
+                                                                BIGNUM **, BIGNUM **));
+
+int (*DSA_meth_get_verify(const DSA_METHOD *dsam))(const unsigned char *,
+                                                   int, DSA_SIG *, DSA *);
+int DSA_meth_set_verify(DSA_METHOD *dsam, int (*verify)(const unsigned char *,
+                                                        int, DSA_SIG *, DSA *));
+
+int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                                                    BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
+                                                    BIGNUM *m, BN_CTX *ctx,
+                                                    BN_MONT_CTX *in_mont);
+int DSA_meth_set_mod_exp(DSA_METHOD *dsam, int (*mod_exp)(DSA *dsa, BIGNUM *rr,
+                                                          BIGNUM *a1, BIGNUM *p1,
+                                                          BIGNUM *a2, BIGNUM *p2,
+                                                          BIGNUM *m, BN_CTX *ctx,
+                                                          BN_MONT_CTX *mont));
+
+int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                                                       const BIGNUM *p, const BIGNUM *m,
+                                                       BN_CTX *ctx, BN_MONT_CTX *mont);
+int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, int (*bn_mod_exp)(DSA *dsa,
+                                                                BIGNUM *r,
+                                                                BIGNUM *a,
+                                                                const BIGNUM *p,
+                                                                const BIGNUM *m,
+                                                                BN_CTX *ctx,
+                                                                BN_MONT_CTX *mont));
+
+int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
+int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
+
+int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *);
+int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish)(DSA *));
+
+int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))(DSA *, int,
+                                                     const unsigned char *,
+                                                     int, int *, unsigned long *,
+                                                     BN_GENCB *);
+int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+                          int (*paramgen)(DSA *, int, const unsigned char *,
+                                          int, int *, unsigned long *, BN_GENCB *));
+
+int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *);
+int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen)(DSA *));
+ +

DESCRIPTION

+ +

The DSA_METHOD type is a structure used for the provision of custom DSA implementations. It provides a set of functions used by OpenSSL for the implementation of the various DSA capabilities. See the dsa page for more information.

+ +

DSA_meth_new() creates a new DSA_METHOD structure. It should be given a unique name and a set of flags. The name should be a NULL terminated string, which will be duplicated and stored in the DSA_METHOD object. It is the callers responsibility to free the original string. The flags will be used during the construction of a new DSA object based on this DSA_METHOD. Any new DSA object will have those flags set by default.

+ +

DSA_meth_dup() creates a duplicate copy of the DSA_METHOD object passed as a parameter. This might be useful for creating a new DSA_METHOD based on an existing one, but with some differences.

+ +

DSA_meth_free() destroys a DSA_METHOD structure and frees up any memory associated with it.

+ +

DSA_meth_get0_name() will return a pointer to the name of this DSA_METHOD. This is a pointer to the internal name string and so should not be freed by the caller. DSA_meth_set1_name() sets the name of the DSA_METHOD to name. The string is duplicated and the copy is stored in the DSA_METHOD structure, so the caller remains responsible for freeing the memory associated with the name.

+ +

DSA_meth_get_flags() returns the current value of the flags associated with this DSA_METHOD. DSA_meth_set_flags() provides the ability to set these flags.

+ +

The functions DSA_meth_get0_app_data() and DSA_meth_set0_app_data() provide the ability to associate implementation specific data with the DSA_METHOD. It is the application's responsibility to free this data before the DSA_METHOD is freed via a call to DSA_meth_free().

+ +

DSA_meth_get_sign() and DSA_meth_set_sign() get and set the function used for creating a DSA signature respectively. This function will be called in response to the application calling DSA_do_sign() (or DSA_sign()). The parameters for the function have the same meaning as for DSA_do_sign().

+ +

DSA_meth_get_sign_setup() and DSA_meth_set_sign_setup() get and set the function used for precalculating the DSA signature values k^-1 and r. This function will be called in response to the application calling DSA_sign_setup(). The parameters for the function have the same meaning as for DSA_sign_setup().

+ +

DSA_meth_get_verify() and DSA_meth_set_verify() get and set the function used for verifying a DSA signature respectively. This function will be called in response to the application calling DSA_do_verify() (or DSA_verify()). The parameters for the function have the same meaning as for DSA_do_verify().

+ +

DSA_meth_get_mod_exp() and DSA_meth_set_mod_exp() get and set the function used for computing the following value:

+ +
rr = a1^p1 * a2^p2 mod m
+ +

This function will be called by the default OpenSSL method during verification of a DSA signature. The result is stored in the rr parameter. This function may be NULL.

+ +

DSA_meth_get_bn_mod_exp() and DSA_meth_set_bn_mod_exp() get and set the function used for computing the following value:

+ +
r = a ^ p mod m
+ +

This function will be called by the default OpenSSL function for DSA_sign_setup(). The result is stored in the r parameter. This function may be NULL.

+ +

DSA_meth_get_init() and DSA_meth_set_init() get and set the function used for creating a new DSA instance respectively. This function will be called in response to the application calling DSA_new() (if the current default DSA_METHOD is this one) or DSA_new_method(). The DSA_new() and DSA_new_method() functions will allocate the memory for the new DSA object, and a pointer to this newly allocated structure will be passed as a parameter to the function. This function may be NULL.

+ +

DSA_meth_get_finish() and DSA_meth_set_finish() get and set the function used for destroying an instance of a DSA object respectively. This function will be called in response to the application calling DSA_free(). A pointer to the DSA to be destroyed is passed as a parameter. The destroy function should be used for DSA implementation specific clean up. The memory for the DSA itself should not be freed by this function. This function may be NULL.

+ +

DSA_meth_get_paramgen() and DSA_meth_set_paramgen() get and set the function used for generating DSA parameters respectively. This function will be called in response to the application calling DSA_generate_parameters_ex() (or DSA_generate_parameters()). The parameters for the function have the same meaning as for DSA_generate_parameters_ex().

+ +

DSA_meth_get_keygen() and DSA_meth_set_keygen() get and set the function used for generating a new DSA key pair respectively. This function will be called in response to the application calling DSA_generate_key(). The parameter for the function has the same meaning as for DSA_generate_key().

+ +

RETURN VALUES

+ +

DSA_meth_new() and DSA_meth_dup() return the newly allocated DSA_METHOD object or NULL on failure.

+ +

DSA_meth_get0_name() and DSA_meth_get_flags() return the name and flags associated with the DSA_METHOD respectively.

+ +

All other DSA_meth_get_*() functions return the appropriate function pointer that has been set in the DSA_METHOD, or NULL if no such pointer has yet been set.

+ +

DSA_meth_set1_name() and all DSA_meth_set_*() functions return 1 on success or 0 on failure.

+ +

SEE ALSO

+ +

DSA_new(3), DSA_new(3), DSA_generate_parameters(3), DSA_generate_key(3), DSA_dup_DH(3), DSA_do_sign(3), DSA_set_method(3), DSA_SIG_new(3), DSA_sign(3), DSA_size(3), DSA_get0_pqg(3)

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_new.html new file mode 100644 index 00000000..2f57958d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_new.html @@ -0,0 +1,62 @@ + + + + +DSA_new + + + + + + + + + + +

NAME

+ +

DSA_new, DSA_free - allocate and free DSA objects

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+DSA* DSA_new(void);
+
+void DSA_free(DSA *dsa);
+ +

DESCRIPTION

+ +

DSA_new() allocates and initializes a DSA structure. It is equivalent to calling DSA_new_method(NULL).

+ +

DSA_free() frees the DSA structure and its components. The values are erased before the memory is returned to the system. If dsa is NULL nothing is done.

+ +

RETURN VALUES

+ +

If the allocation fails, DSA_new() returns NULL and sets an error code that can be obtained by ERR_get_error(3). Otherwise it returns a pointer to the newly allocated structure.

+ +

DSA_free() returns no value.

+ +

SEE ALSO

+ +

DSA_new(3), ERR_get_error(3), DSA_generate_parameters(3), DSA_generate_key(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_set_method.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_set_method.html new file mode 100644 index 00000000..35e36fd6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_set_method.html @@ -0,0 +1,80 @@ + + + + +DSA_set_method + + + + + + + + + + +

NAME

+ +

DSA_set_default_method, DSA_get_default_method, DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+void DSA_set_default_method(const DSA_METHOD *meth);
+
+const DSA_METHOD *DSA_get_default_method(void);
+
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
+
+DSA *DSA_new_method(ENGINE *engine);
+
+DSA_METHOD *DSA_OpenSSL(void);
+ +

DESCRIPTION

+ +

A DSA_METHOD specifies the functions that OpenSSL uses for DSA operations. By modifying the method, alternative implementations such as hardware accelerators may be used. IMPORTANT: See the NOTES section for important information about how these DSA API functions are affected by the use of ENGINE API calls.

+ +

Initially, the default DSA_METHOD is the OpenSSL internal implementation, as returned by DSA_OpenSSL().

+ +

DSA_set_default_method() makes meth the default method for all DSA structures created later. NB: This is true only whilst no ENGINE has been set as a default for DSA, so this function is no longer recommended. This function is not thread-safe and should not be called at the same time as other OpenSSL functions.

+ +

DSA_get_default_method() returns a pointer to the current default DSA_METHOD. However, the meaningfulness of this result is dependent on whether the ENGINE API is being used, so this function is no longer recommended.

+ +

DSA_set_method() selects meth to perform all operations using the key rsa. This will replace the DSA_METHOD used by the DSA key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have DSA keys that only work with certain DSA_METHOD implementations (eg. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the DSA_METHOD for the key can have unexpected results. See DSA_meth_new for information on constructing custom DSA_METHOD objects;

+ +

DSA_new_method() allocates and initializes a DSA structure so that engine will be used for the DSA operations. If engine is NULL, the default engine for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD controlled by DSA_set_default_method() is used.

+ +

RETURN VALUES

+ +

DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective DSA_METHODs.

+ +

DSA_set_default_method() returns no value.

+ +

DSA_set_method() returns non-zero if the provided meth was successfully set as the method for dsa (including unloading the ENGINE handle if the previous method was supplied by an ENGINE).

+ +

DSA_new_method() returns NULL and sets an error code that can be obtained by ERR_get_error(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure.

+ +

SEE ALSO

+ +

DSA_new(3), DSA_new(3), DSA_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_sign.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_sign.html new file mode 100644 index 00000000..f79dcb70 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_sign.html @@ -0,0 +1,75 @@ + + + + +DSA_sign + + + + + + + + + + +

NAME

+ +

DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+int DSA_sign(int type, const unsigned char *dgst, int len,
+             unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, BIGNUM **rp);
+
+int DSA_verify(int type, const unsigned char *dgst, int len,
+               unsigned char *sigbuf, int siglen, DSA *dsa);
+ +

DESCRIPTION

+ +

DSA_sign() computes a digital signature on the len byte message digest dgst using the private key dsa and places its ASN.1 DER encoding at sigret. The length of the signature is places in *siglen. sigret must point to DSA_size(dsa) bytes of memory.

+ +

DSA_sign_setup() is defined only for backward binary compatibility and should not be used. Since OpenSSL 1.1.0 the DSA type is opaque and the output of DSA_sign_setup() cannot be used anyway: calling this function will only cause overhead, and does not affect the actual signature (pre-)computation.

+ +

DSA_verify() verifies that the signature sigbuf of size siglen matches a given message digest dgst of size len. dsa is the signer's public key.

+ +

The type parameter is ignored.

+ +

The random generator must be seeded when DSA_sign() (or DSA_sign_setup()) is called. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

RETURN VALUES

+ +

DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error. DSA_verify() returns 1 for a valid signature, 0 for an incorrect signature and -1 on error. The error codes can be obtained by ERR_get_error(3).

+ +

CONFORMING TO

+ +

US Federal Information Processing Standard FIPS 186 (Digital Signature Standard, DSS), ANSI X9.30

+ +

SEE ALSO

+ +

DSA_new(3), ERR_get_error(3), RAND_bytes(3), DSA_do_sign(3), RAND(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_size.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_size.html new file mode 100644 index 00000000..241aa9e5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DSA_size.html @@ -0,0 +1,66 @@ + + + + +DSA_size + + + + + + + + + + +

NAME

+ +

DSA_size, DSA_bits, DSA_security_bits - get DSA signature size, key bits or security bits

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+int DSA_size(const DSA *dsa);
+int DSA_bits(const DSA *dsa);
+int DSA_security_bits(const DSA *dsa);
+ +

DESCRIPTION

+ +

DSA_size() returns the maximum size of an ASN.1 encoded DSA signature for key dsa in bytes. It can be used to determine how much memory must be allocated for a DSA signature.

+ +

dsa->q must not be NULL.

+ +

DSA_bits() returns the number of bits in key dsa: this is the number of bits in the p parameter.

+ +

DSA_security_bits() returns the number of security bits of the given dsa key. See BN_security_bits(3).

+ +

RETURN VALUES

+ +

DSA_size() returns the signature size in bytes.

+ +

DSA_bits() returns the number of bits in the key.

+ +

SEE ALSO

+ +

DSA_new(3), DSA_sign(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DTLS_get_data_mtu.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DTLS_get_data_mtu.html new file mode 100644 index 00000000..6005a6d6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DTLS_get_data_mtu.html @@ -0,0 +1,56 @@ + + + + +DTLS_get_data_mtu + + + + + + + + + + +

NAME

+ +

DTLS_get_data_mtu - Get maximum data payload size

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+size_t DTLS_get_data_mtu(const SSL *ssl);
+ +

DESCRIPTION

+ +

This function obtains the maximum data payload size for the established DTLS connection ssl, based on the DTLS record MTU and the overhead of the DTLS record header, encryption and authentication currently in use.

+ +

RETURN VALUES

+ +

Returns the maximum data payload size on success, or 0 on failure.

+ +

HISTORY

+ +

The DTLS_get_data_mtu() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DTLS_set_timer_cb.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DTLS_set_timer_cb.html new file mode 100644 index 00000000..3289503b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DTLS_set_timer_cb.html @@ -0,0 +1,58 @@ + + + + +DTLS_set_timer_cb + + + + + + + + + + +

NAME

+ +

DTLS_timer_cb, DTLS_set_timer_cb - Set callback for controlling DTLS timer duration

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us);
+
+void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb);
+ +

DESCRIPTION

+ +

This function sets an optional callback function for controlling the timeout interval on the DTLS protocol. The callback function will be called by DTLS for every new DTLS packet that is sent.

+ +

RETURN VALUES

+ +

Returns void.

+ +

HISTORY

+ +

The DTLS_set_timer_cb() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DTLSv1_listen.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DTLSv1_listen.html new file mode 100644 index 00000000..616c36f9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/DTLSv1_listen.html @@ -0,0 +1,95 @@ + + + + +DTLSv1_listen + + + + + + + + + + +

NAME

+ +

SSL_stateless, DTLSv1_listen - Statelessly listen for incoming connections

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_stateless(SSL *s);
+int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer);
+ +

DESCRIPTION

+ +

SSL_stateless() statelessly listens for new incoming TLSv1.3 connections. DTLSv1_listen() statelessly listens for new incoming DTLS connections. If a ClientHello is received that does not contain a cookie, then they respond with a request for a new ClientHello that does contain a cookie. If a ClientHello is received with a cookie that is verified then the function returns in order to enable the handshake to be completed (for example by using SSL_accept()).

+ +

NOTES

+ +

Some transport protocols (such as UDP) can be susceptible to amplification attacks. Unlike TCP there is no initial connection setup in UDP that validates that the client can actually receive messages on its advertised source address. An attacker could forge its source IP address and then send handshake initiation messages to the server. The server would then send its response to the forged source IP. If the response messages are larger than the original message then the amplification attack has succeeded.

+ +

If DTLS is used over UDP (or any datagram based protocol that does not validate the source IP) then it is susceptible to this type of attack. TLSv1.3 is designed to operate over a stream-based transport protocol (such as TCP). If TCP is being used then there is no need to use SSL_stateless(). However some stream-based transport protocols (e.g. QUIC) may not validate the source address. In this case a TLSv1.3 application would be susceptible to this attack.

+ +

As a countermeasure to this issue TLSv1.3 and DTLS include a stateless cookie mechanism. The idea is that when a client attempts to connect to a server it sends a ClientHello message. The server responds with a HelloRetryRequest (in TLSv1.3) or a HelloVerifyRequest (in DTLS) which contains a unique cookie. The client then resends the ClientHello, but this time includes the cookie in the message thus proving that the client is capable of receiving messages sent to that address. All of this can be done by the server without allocating any state, and thus without consuming expensive resources.

+ +

OpenSSL implements this capability via the SSL_stateless() and DTLSv1_listen() functions. The ssl parameter should be a newly allocated SSL object with its read and write BIOs set, in the same way as might be done for a call to SSL_accept(). Typically, for DTLS, the read BIO will be in an "unconnected" state and thus capable of receiving messages from any peer.

+ +

When a ClientHello is received that contains a cookie that has been verified, then these functions will return with the ssl parameter updated into a state where the handshake can be continued by a call to (for example) SSL_accept(). Additionally, for DTLSv1_listen(), the BIO_ADDR pointed to by peer will be filled in with details of the peer that sent the ClientHello. If the underlying BIO is unable to obtain the BIO_ADDR of the peer (for example because the BIO does not support this), then *peer will be cleared and the family set to AF_UNSPEC. Typically user code is expected to "connect" the underlying socket to the peer and continue the handshake in a connected state.

+ +

Prior to calling DTLSv1_listen() user code must ensure that cookie generation and verification callbacks have been set up using SSL_CTX_set_cookie_generate_cb(3) and SSL_CTX_set_cookie_verify_cb(3) respectively. For SSL_stateless(), SSL_CTX_set_stateless_cookie_generate_cb(3) and SSL_CTX_set_stateless_cookie_verify_cb(3) must be used instead.

+ +

Since DTLSv1_listen() operates entirely statelessly whilst processing incoming ClientHellos it is unable to process fragmented messages (since this would require the allocation of state). An implication of this is that DTLSv1_listen() only supports ClientHellos that fit inside a single datagram.

+ +

For SSL_stateless() if an entire ClientHello message cannot be read without the "read" BIO becoming empty then the SSL_stateless() call will fail. It is the application's responsibility to ensure that data read from the "read" BIO during a single SSL_stateless() call is all from the same peer.

+ +

SSL_stateless() will fail (with a 0 return value) if some TLS version less than TLSv1.3 is used.

+ +

Both SSL_stateless() and DTLSv1_listen() will clear the error queue when they start.

+ +

RETURN VALUES

+ +

For SSL_stateless() a return value of 1 indicates success and the ssl object will be set up ready to continue the handshake. A return value of 0 or -1 indicates failure. If the value is 0 then a HelloRetryRequest was sent. A value of -1 indicates any other error. User code may retry the SSL_stateless() call.

+ +

For DTLSv1_listen() a return value of >= 1 indicates success. The ssl object will be set up ready to continue the handshake. the peer value will also be filled in.

+ +

A return value of 0 indicates a non-fatal error. This could (for example) be because of non-blocking IO, or some invalid message having been received from a peer. Errors may be placed on the OpenSSL error queue with further information if appropriate. Typically user code is expected to retry the call to DTLSv1_listen() in the event of a non-fatal error.

+ +

A return value of <0 indicates a fatal error. This could (for example) be because of a failure to allocate sufficient memory for the operation.

+ +

For DTLSv1_listen(), prior to OpenSSL 1.1.0, fatal and non-fatal errors both produce return codes <= 0 (in typical implementations user code treats all errors as non-fatal), whilst return codes >0 indicate success.

+ +

SEE ALSO

+ +

SSL_CTX_set_cookie_generate_cb(3), SSL_CTX_set_cookie_verify_cb(3), SSL_CTX_set_stateless_cookie_generate_cb(3), SSL_CTX_set_stateless_cookie_verify_cb(3), SSL_get_error(3), SSL_accept(3), ssl(7), bio(7)

+ +

HISTORY

+ +

The SSL_stateless() function was added in OpenSSL 1.1.1.

+ +

The DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. The type of "peer" also changed in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ECDSA_SIG_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ECDSA_SIG_new.html new file mode 100644 index 00000000..67ed3ab4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ECDSA_SIG_new.html @@ -0,0 +1,180 @@ + + + + +ECDSA_SIG_new + + + + + + + + + + +

NAME

+ +

ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, ECDSA_do_sign_ex - low level elliptic curve digital signature algorithm (ECDSA) functions

+ +

SYNOPSIS

+ +
#include <openssl/ecdsa.h>
+
+ECDSA_SIG *ECDSA_SIG_new(void);
+void ECDSA_SIG_free(ECDSA_SIG *sig);
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig);
+const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+int ECDSA_size(const EC_KEY *eckey);
+
+int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
+               unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
+                         EC_KEY *eckey);
+
+int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
+                 const unsigned char *sig, int siglen, EC_KEY *eckey);
+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+                    const ECDSA_SIG *sig, EC_KEY* eckey);
+
+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
+                            const BIGNUM *kinv, const BIGNUM *rp,
+                            EC_KEY *eckey);
+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
+                  unsigned char *sig, unsigned int *siglen,
+                  const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
+ +

DESCRIPTION

+ +

Note: these functions provide a low level interface to ECDSA. Most applications should use the higher level EVP interface such as EVP_DigestSignInit(3) or EVP_DigestVerifyInit(3) instead.

+ +

ECDSA_SIG is an opaque structure consisting of two BIGNUMs for the r and s value of an ECDSA signature (see X9.62 or FIPS 186-2).

+ +

ECDSA_SIG_new() allocates an empty ECDSA_SIG structure. Note: before OpenSSL 1.1.0 the: the r and s components were initialised.

+ +

ECDSA_SIG_free() frees the ECDSA_SIG structure sig.

+ +

ECDSA_SIG_get0() returns internal pointers the r and s values contained in sig and stores them in *pr and *ps, respectively. The pointer pr or ps can be NULL, in which case the corresponding value is not returned.

+ +

The values r, s can also be retrieved separately by the corresponding function ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s(), respectively.

+ +

The r and s values can be set by calling ECDSA_SIG_set0() and passing the new values for r and s as parameters to the function. Calling this function transfers the memory management of the values to the ECDSA_SIG object, and therefore the values that have been passed in should not be freed directly after this function has been called.

+ +

See i2d_ECDSA_SIG(3) and d2i_ECDSA_SIG(3) for information about encoding and decoding ECDSA signatures to/from DER.

+ +

ECDSA_size() returns the maximum length of a DER encoded ECDSA signature created with the private EC key eckey.

+ +

ECDSA_sign() computes a digital signature of the dgstlen bytes hash value dgst using the private EC key eckey. The DER encoded signatures is stored in sig and its length is returned in sig_len. Note: sig must point to ECDSA_size(eckey) bytes of memory. The parameter type is currently ignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with kinv and rp set to NULL.

+ +

ECDSA_do_sign() is similar to ECDSA_sign() except the signature is returned as a newly allocated ECDSA_SIG structure (or NULL on error). ECDSA_do_sign() is a wrapper function for ECDSA_do_sign_ex() with kinv and rp set to NULL.

+ +

ECDSA_verify() verifies that the signature in sig of size siglen is a valid ECDSA signature of the hash value dgst of size dgstlen using the public key eckey. The parameter type is ignored.

+ +

ECDSA_do_verify() is similar to ECDSA_verify() except the signature is presented in the form of a pointer to an ECDSA_SIG structure.

+ +

The remaining functions utilise the internal kinv and r values used during signature computation. Most applications will never need to call these and some external ECDSA ENGINE implementations may not support them at all if either kinv or r is not NULL.

+ +

ECDSA_sign_setup() may be used to precompute parts of the signing operation. eckey is the private EC key and ctx is a pointer to BN_CTX structure (or NULL). The precomputed values or returned in kinv and rp and can be used in a later call to ECDSA_sign_ex() or ECDSA_do_sign_ex().

+ +

ECDSA_sign_ex() computes a digital signature of the dgstlen bytes hash value dgst using the private EC key eckey and the optional pre-computed values kinv and rp. The DER encoded signature is stored in sig and its length is returned in sig_len. Note: sig must point to ECDSA_size(eckey) bytes of memory. The parameter type is ignored.

+ +

ECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is returned as a newly allocated ECDSA_SIG structure (or NULL on error).

+ +

RETURN VALUES

+ +

ECDSA_SIG_new() returns NULL if the allocation fails.

+ +

ECDSA_SIG_set0() returns 1 on success or 0 on failure.

+ +

ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s() return the corresponding value, or NULL if it is unset.

+ +

ECDSA_size() returns the maximum length signature or 0 on error.

+ +

ECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful or 0 on error.

+ +

ECDSA_do_sign() and ECDSA_do_sign_ex() return a pointer to an allocated ECDSA_SIG structure or NULL on error.

+ +

ECDSA_verify() and ECDSA_do_verify() return 1 for a valid signature, 0 for an invalid signature and -1 on error. The error codes can be obtained by ERR_get_error(3).

+ +

EXAMPLES

+ +

Creating an ECDSA signature of a given SHA-256 hash value using the named curve prime256v1 (aka P-256).

+ +

First step: create an EC_KEY object (note: this part is not ECDSA specific)

+ +
int ret;
+ECDSA_SIG *sig;
+EC_KEY *eckey;
+
+eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+if (eckey == NULL)
+    /* error */
+if (EC_KEY_generate_key(eckey) == 0)
+    /* error */
+ +

Second step: compute the ECDSA signature of a SHA-256 hash value using ECDSA_do_sign():

+ +
sig = ECDSA_do_sign(digest, 32, eckey);
+if (sig == NULL)
+    /* error */
+ +

or using ECDSA_sign():

+ +
unsigned char *buffer, *pp;
+int buf_len;
+
+buf_len = ECDSA_size(eckey);
+buffer = OPENSSL_malloc(buf_len);
+pp = buffer;
+if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0)
+    /* error */
+ +

Third step: verify the created ECDSA signature using ECDSA_do_verify():

+ +
ret = ECDSA_do_verify(digest, 32, sig, eckey);
+ +

or using ECDSA_verify():

+ +
ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey);
+ +

and finally evaluate the return value:

+ +
if (ret == 1)
+    /* signature ok */
+else if (ret == 0)
+    /* incorrect signature */
+else
+    /* error */
+ +

CONFORMING TO

+ +

ANSI X9.62, US Federal Information Processing Standard FIPS 186-2 (Digital Signature Standard, DSS)

+ +

SEE ALSO

+ +

EC_KEY_new(3), EVP_DigestSignInit(3), EVP_DigestVerifyInit(3), i2d_ECDSA_SIG(3), d2i_ECDSA_SIG(3)

+ +

COPYRIGHT

+ +

Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ECPKParameters_print.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ECPKParameters_print.html new file mode 100644 index 00000000..0dc61ec9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ECPKParameters_print.html @@ -0,0 +1,59 @@ + + + + +ECPKParameters_print + + + + + + + + + + +

NAME

+ +

ECPKParameters_print, ECPKParameters_print_fp - Functions for decoding and encoding ASN1 representations of elliptic curve entities

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
+ +

DESCRIPTION

+ +

The ECPKParameters represent the public parameters for an EC_GROUP structure, which represents a curve.

+ +

The ECPKParameters_print() and ECPKParameters_print_fp() functions print a human-readable output of the public parameters of the EC_GROUP to bp or fp. The output lines are indented by off spaces.

+ +

RETURN VALUES

+ +

ECPKParameters_print() and ECPKParameters_print_fp() return 1 for success and 0 if an error occurs.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), EC_GFp_simple_method(3),

+ +

COPYRIGHT

+ +

Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_GFp_simple_method.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_GFp_simple_method.html new file mode 100644 index 00000000..fe835d4b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_GFp_simple_method.html @@ -0,0 +1,75 @@ + + + + +EC_GFp_simple_method + + + + + + + + + + +

NAME

+ +

EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type - Functions for obtaining EC_METHOD objects

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+const EC_METHOD *EC_GFp_simple_method(void);
+const EC_METHOD *EC_GFp_mont_method(void);
+const EC_METHOD *EC_GFp_nist_method(void);
+const EC_METHOD *EC_GFp_nistp224_method(void);
+const EC_METHOD *EC_GFp_nistp256_method(void);
+const EC_METHOD *EC_GFp_nistp521_method(void);
+
+const EC_METHOD *EC_GF2m_simple_method(void);
+
+int EC_METHOD_get_field_type(const EC_METHOD *meth);
+ +

DESCRIPTION

+ +

The Elliptic Curve library provides a number of different implementations through a single common interface. When constructing a curve using EC_GROUP_new (see EC_GROUP_new(3)) an implementation method must be provided. The functions described here all return a const pointer to an EC_METHOD structure that can be passed to EC_GROUP_NEW. It is important that the correct implementation type for the form of curve selected is used.

+ +

For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method.

+ +

For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the use of montgomery multiplication (see BN_mod_mul_montgomery(3)). EC_GFp_nist_method offers an implementation optimised for use with NIST recommended curves (NIST curves are available through EC_GROUP_new_by_curve_name as described in EC_GROUP_new(3)).

+ +

The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit optimised implementations for the NIST P224, P256 and P521 curves respectively. Note, however, that these implementations are not available on all platforms.

+ +

EC_METHOD_get_field_type identifies what type of field the EC_METHOD structure supports, which will be either F2^m or Fp. If the field type is Fp then the value NID_X9_62_prime_field is returned. If the field type is F2^m then the value NID_X9_62_characteristic_two_field is returned. These values are defined in the obj_mac.h header file.

+ +

RETURN VALUES

+ +

All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an EC_METHOD structure.

+ +

EC_METHOD_get_field_type returns an integer that identifies the type of field the EC_METHOD structure supports.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), d2i_ECPKParameters(3), BN_mod_mul_montgomery(3)

+ +

COPYRIGHT

+ +

Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_GROUP_copy.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_GROUP_copy.html new file mode 100644 index 00000000..1344c7b1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_GROUP_copy.html @@ -0,0 +1,180 @@ + + + + +EC_GROUP_copy + + + + + + + + + + +

NAME

+ +

EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis - Functions for manipulating EC_GROUP objects

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
+EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
+
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
+
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
+                           const BIGNUM *order, const BIGNUM *cofactor);
+const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
+
+int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
+const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
+int EC_GROUP_order_bits(const EC_GROUP *group);
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
+const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
+
+void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
+int EC_GROUP_get_curve_name(const EC_GROUP *group);
+
+void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
+int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
+
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
+point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group);
+
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
+size_t EC_GROUP_get_seed_len(const EC_GROUP *);
+size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
+
+int EC_GROUP_get_degree(const EC_GROUP *group);
+
+int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
+
+int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
+
+int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
+
+int EC_GROUP_get_basis_type(const EC_GROUP *);
+int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
+int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
+                                   unsigned int *k2, unsigned int *k3);
+ +

DESCRIPTION

+ +

EC_GROUP_copy() copies the curve src into dst. Both src and dst must use the same EC_METHOD.

+ +

EC_GROUP_dup() creates a new EC_GROUP object and copies the content from src to the newly created EC_GROUP object.

+ +

EC_GROUP_method_of() obtains the EC_METHOD of group.

+ +

EC_GROUP_set_generator() sets curve parameters that must be agreed by all participants using the curve. These parameters include the generator, the order and the cofactor. The generator is a well defined point on the curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and n-1 where n is the order. The order multiplied by the cofactor gives the number of points on the curve.

+ +

EC_GROUP_get0_generator() returns the generator for the identified group.

+ +

EC_GROUP_get_order() retrieves the order of group and copies its value into order. It fails in case group is not fully initialized (i.e., its order is not set or set to zero).

+ +

EC_GROUP_get_cofactor() retrieves the cofactor of group and copies its value into cofactor. It fails in case group is not fully initialized or if the cofactor is not set (or set to zero).

+ +

The functions EC_GROUP_set_curve_name() and EC_GROUP_get_curve_name(), set and get the NID for the curve respectively (see EC_GROUP_new(3)). If a curve does not have a NID associated with it, then EC_GROUP_get_curve_name will return NID_undef.

+ +

The asn1_flag value is used to determine whether the curve encoding uses explicit parameters or a named curve using an ASN1 OID: many applications only support the latter form. If asn1_flag is OPENSSL_EC_NAMED_CURVE then the named curve form is used and the parameters must have a corresponding named curve NID set. If asn1_flags is OPENSSL_EC_EXPLICIT_CURVE the parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag() and EC_GROUP_set_asn1_flag() get and set the status of the asn1_flag for the curve. Note: OPENSSL_EC_EXPLICIT_CURVE was added in OpenSSL 1.1.0, for previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL 1.1.0 the default form was to use explicit parameters (meaning that applications would have to explicitly set the named curve form) in OpenSSL 1.1.0 and later the named curve form is the default.

+ +

The point_conversion_form for a curve controls how EC_POINT data is encoded as ASN1 as defined in X9.62 (ECDSA). point_conversion_form_t is an enum defined as follows:

+ +
typedef enum {
+       /** the point is encoded as z||x, where the octet z specifies
+        *   which solution of the quadratic equation y is  */
+       POINT_CONVERSION_COMPRESSED = 2,
+       /** the point is encoded as z||x||y, where z is the octet 0x04  */
+       POINT_CONVERSION_UNCOMPRESSED = 4,
+       /** the point is encoded as z||x||y, where the octet z specifies
+        *  which solution of the quadratic equation y is  */
+       POINT_CONVERSION_HYBRID = 6
+} point_conversion_form_t;
+ +

For POINT_CONVERSION_UNCOMPRESSED the point is encoded as an octet signifying the UNCOMPRESSED form has been used followed by the octets for x, followed by the octets for y.

+ +

For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For POINT_CONVERSION_COMPRESSED the point is encoded as an octet signifying that the COMPRESSED form has been used AND which of the two possible solutions for y has been used, followed by the octets for x.

+ +

For POINT_CONVERSION_HYBRID the point is encoded as an octet signifying the HYBRID form has been used AND which of the two possible solutions for y has been used, followed by the octets for x, followed by the octets for y.

+ +

The functions EC_GROUP_set_point_conversion_form() and EC_GROUP_get_point_conversion_form(), set and get the point_conversion_form for the curve respectively.

+ +

ANSI X9.62 (ECDSA standard) defines a method of generating the curve parameter b from a random number. This provides advantages in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it. If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL EC library does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed(). This returns a pointer to a memory block containing the seed that was used. The length of the memory block can be obtained using EC_GROUP_get_seed_len(). A number of the built-in curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using EC_GROUP_set_seed() and passing a pointer to a memory block, along with the length of the seed. Again, the EC library will not use this seed value, although it will be preserved in any ASN1 based communications.

+ +

EC_GROUP_get_degree() gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be the value m.

+ +

The function EC_GROUP_check_discriminant() calculates the discriminant for the curve and verifies that it is valid. For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is simply b. In either case for the curve to be valid the discriminant must be non zero.

+ +

The function EC_GROUP_check() performs a number of checks on a curve to verify that it is valid. Checks performed include verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has the correct order.

+ +

EC_GROUP_cmp() compares a and b to determine whether they represent the same curve or not.

+ +

The functions EC_GROUP_get_basis_type(), EC_GROUP_get_trinomial_basis() and EC_GROUP_get_pentanomial_basis() should only be called for curves defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial function f(x). This function is either a trinomial of the form:

+ +

f(x) = x^m + x^k + 1 with m > k >= 1

+ +

or a pentanomial of the form:

+ +

f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1

+ +

The function EC_GROUP_get_basis_type() returns a NID identifying whether a trinomial or pentanomial is in use for the field. The function EC_GROUP_get_trinomial_basis() must only be called where f(x) is of the trinomial form, and returns the value of k. Similarly the function EC_GROUP_get_pentanomial_basis() must only be called where f(x) is of the pentanomial form, and returns the values of k1, k2 and k3 respectively.

+ +

RETURN VALUES

+ +

The following functions return 1 on success or 0 on error: EC_GROUP_copy(), EC_GROUP_set_generator(), EC_GROUP_check(), EC_GROUP_check_discriminant(), EC_GROUP_get_trinomial_basis() and EC_GROUP_get_pentanomial_basis().

+ +

EC_GROUP_dup() returns a pointer to the duplicated curve, or NULL on error.

+ +

EC_GROUP_method_of() returns the EC_METHOD implementation in use for the given curve or NULL on error.

+ +

EC_GROUP_get0_generator() returns the generator for the given curve or NULL on error.

+ +

EC_GROUP_get_order() returns 0 if the order is not set (or set to zero) for group or if copying into order fails, 1 otherwise.

+ +

EC_GROUP_get_cofactor() returns 0 if the cofactor is not set (or is set to zero) for group or if copying into cofactor fails, 1 otherwise.

+ +

EC_GROUP_get_curve_name() returns the curve name (NID) for group or will return NID_undef if no curve name is associated.

+ +

EC_GROUP_get_asn1_flag() returns the ASN1 flag for the specified group .

+ +

EC_GROUP_get_point_conversion_form() returns the point_conversion_form for group.

+ +

EC_GROUP_get_degree() returns the degree for group or 0 if the operation is not supported by the underlying group implementation.

+ +

EC_GROUP_get0_order() returns an internal pointer to the group order. EC_GROUP_order_bits() returns the number of bits in the group order. EC_GROUP_get0_cofactor() returns an internal pointer to the group cofactor.

+ +

EC_GROUP_get0_seed() returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not specified. EC_GROUP_get_seed_len() returns the length of the seed or 0 if the seed is not specified.

+ +

EC_GROUP_set_seed() returns the length of the seed that has been set. If the supplied seed is NULL, or the supplied seed length is 0, the return value will be 1. On error 0 is returned.

+ +

EC_GROUP_cmp() returns 0 if the curves are equal, 1 if they are not equal, or -1 on error.

+ +

EC_GROUP_get_basis_type() returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in <openssl/obj_mac.h>) for a trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_new(3), EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), EC_GFp_simple_method(3), d2i_ECPKParameters(3)

+ +

COPYRIGHT

+ +

Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_GROUP_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_GROUP_new.html new file mode 100644 index 00000000..ab1f5d05 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_GROUP_new.html @@ -0,0 +1,123 @@ + + + + +EC_GROUP_new + + + + + + + + + + +

NAME

+ +

EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters, EC_GROUP_new, EC_GROUP_new_from_ecparameters, EC_GROUP_new_from_ecpkparameters, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp, EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve, EC_GROUP_get_curve, EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m, EC_get_builtin_curves - Functions for creating and destroying EC_GROUP objects

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
+EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
+EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
+void EC_GROUP_free(EC_GROUP *group);
+void EC_GROUP_clear_free(EC_GROUP *group);
+
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
+                                 const BIGNUM *b, BN_CTX *ctx);
+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
+                                  const BIGNUM *b, BN_CTX *ctx);
+EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
+
+int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                       const BIGNUM *b, BN_CTX *ctx);
+int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+                       BN_CTX *ctx);
+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
+                           const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
+                           BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
+                            const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p,
+                            BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+
+ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params)
+ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params)
+
+size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
+ +

DESCRIPTION

+ +

Within the library there are two forms of elliptic curve that are of interest. The first form is those defined over the prime field Fp. The elements of Fp are the integers 0 to p-1, where p is a prime number. This gives us a revised elliptic curve equation as follows:

+ +

y^2 mod p = x^3 +ax + b mod p

+ +

The second form is those defined over a binary field F2^m where the elements of the field are integers of length at most m bits. For this form the elliptic curve equation is modified to:

+ +

y^2 + xy = x^3 + ax^2 + b (where b != 0)

+ +

Operations in a binary field are performed relative to an irreducible polynomial. All such curves with OpenSSL use a trinomial or a pentanomial for this parameter.

+ +

A new curve can be constructed by calling EC_GROUP_new(), using the implementation provided by meth (see EC_GFp_simple_method(3)). It is then necessary to call EC_GROUP_set_curve() to set the curve parameters. EC_GROUP_new_from_ecparameters() will create a group from the specified params and EC_GROUP_new_from_ecpkparameters() will create a group from the specific PK params.

+ +

EC_GROUP_set_curve() sets the curve parameters p, a and b. For a curve over Fp p is the prime for the field. For a curve over F2^m p represents the irreducible polynomial - each bit represents a term in the polynomial. Therefore there will either be three or five bits set dependent on whether the polynomial is a trinomial or a pentanomial. In either case, a and b represents the coefficients a and b from the relevant equation introduced above.

+ +

EC_group_get_curve() obtains the previously set curve parameters.

+ +

EC_GROUP_set_curve_GFp() and EC_GROUP_set_curve_GF2m() are synonyms for EC_GROUP_set_curve(). They are defined for backwards compatibility only and should not be used.

+ +

EC_GROUP_get_curve_GFp() and EC_GROUP_get_curve_GF2m() are synonyms for EC_GROUP_get_curve(). They are defined for backwards compatibility only and should not be used.

+ +

The functions EC_GROUP_new_curve_GFp() and EC_GROUP_new_curve_GF2m() are shortcuts for calling EC_GROUP_new() and then the EC_GROUP_set_curve() function. An appropriate default implementation method will be used.

+ +

Whilst the library can be used to create any curve using the functions described above, there are also a number of predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function EC_get_builtin_curves(). The parameter r should be an array of EC_builtin_curve structures of size nitems. The function will populate the r array with information about the builtin curves. If nitems is less than the total number of curves available, then the first nitems curves will be returned. Otherwise the total number of curves will be provided. The return value is the total number of curves available (whether that number has been populated in r or not). Passing a NULL r, or setting nitems to 0 will do nothing other than return the total number of curves available. The EC_builtin_curve structure is defined as follows:

+ +
typedef struct {
+       int nid;
+       const char *comment;
+       } EC_builtin_curve;
+ +

Each EC_builtin_curve item has a unique integer id (nid), and a human readable comment string describing the curve.

+ +

In order to construct a builtin curve use the function EC_GROUP_new_by_curve_name() and provide the nid of the curve to be constructed.

+ +

EC_GROUP_free() frees the memory associated with the EC_GROUP. If group is NULL nothing is done.

+ +

EC_GROUP_clear_free() destroys any sensitive data held within the EC_GROUP and then frees its memory. If group is NULL nothing is done.

+ +

RETURN VALUES

+ +

All EC_GROUP_new* functions return a pointer to the newly constructed group, or NULL on error.

+ +

EC_get_builtin_curves() returns the number of builtin curves that are available.

+ +

EC_GROUP_set_curve_GFp(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(), EC_GROUP_get_curve_GF2m() return 1 on success or 0 on error.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_copy(3), EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), EC_GFp_simple_method(3), d2i_ECPKParameters(3)

+ +

COPYRIGHT

+ +

Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_KEY_get_enc_flags.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_KEY_get_enc_flags.html new file mode 100644 index 00000000..cfbb2338 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_KEY_get_enc_flags.html @@ -0,0 +1,61 @@ + + + + +EC_KEY_get_enc_flags + + + + + + + + + + +

NAME

+ +

EC_KEY_get_enc_flags, EC_KEY_set_enc_flags - Get and set flags for encoding EC_KEY structures

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+unsigned int EC_KEY_get_enc_flags(const EC_KEY *key);
+void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+ +

DESCRIPTION

+ +

The format of the external representation of the public key written by i2d_ECPrivateKey() (such as whether it is stored in a compressed form or not) is described by the point_conversion_form. See EC_GROUP_copy(3) for a description of point_conversion_form.

+ +

When reading a private key encoded without an associated public key (e.g. if EC_PKEY_NO_PUBKEY has been used - see below), then d2i_ECPrivateKey() generates the missing public key automatically. Private keys encoded without parameters (e.g. if EC_PKEY_NO_PARAMETERS has been used - see below) cannot be loaded using d2i_ECPrivateKey().

+ +

The functions EC_KEY_get_enc_flags() and EC_KEY_set_enc_flags() get and set the value of the encoding flags for the key. There are two encoding flags currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags define the behaviour of how the key is converted into ASN1 in a call to i2d_ECPrivateKey(). If EC_PKEY_NO_PARAMETERS is set then the public parameters for the curve are not encoded along with the private key. If EC_PKEY_NO_PUBKEY is set then the public key is not encoded along with the private key.

+ +

RETURN VALUES

+ +

EC_KEY_get_enc_flags() returns the value of the current encoding flags for the EC_KEY.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), EC_POINT_new(3), EC_POINT_add(3), EC_GFp_simple_method(3), d2i_ECPKParameters(3), d2i_ECPrivateKey(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_KEY_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_KEY_new.html new file mode 100644 index 00000000..1919e81e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_KEY_new.html @@ -0,0 +1,143 @@ + + + + +EC_KEY_new + + + + + + + + + + +

NAME

+ +

EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_conv_form, EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, EC_KEY_priv2buf - Functions for creating, destroying and manipulating EC_KEY objects

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+EC_KEY *EC_KEY_new(void);
+int EC_KEY_get_flags(const EC_KEY *key);
+void EC_KEY_set_flags(EC_KEY *key, int flags);
+void EC_KEY_clear_flags(EC_KEY *key, int flags);
+EC_KEY *EC_KEY_new_by_curve_name(int nid);
+void EC_KEY_free(EC_KEY *key);
+EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
+EC_KEY *EC_KEY_dup(const EC_KEY *src);
+int EC_KEY_up_ref(EC_KEY *key);
+ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey);
+const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
+int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
+const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
+int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
+const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
+int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
+void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
+int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
+int EC_KEY_generate_key(EC_KEY *key);
+int EC_KEY_check_key(const EC_KEY *key);
+int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);
+const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
+int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
+
+int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len, BN_CTX *ctx);
+size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form,
+                      unsigned char **pbuf, BN_CTX *ctx);
+
+int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len);
+size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len);
+
+size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
+ +

DESCRIPTION

+ +

An EC_KEY represents a public key and, optionally, the associated private key. A new EC_KEY with no associated curve can be constructed by calling EC_KEY_new(). The reference count for the newly created EC_KEY is initially set to 1. A curve can be associated with the EC_KEY by calling EC_KEY_set_group().

+ +

Alternatively a new EC_KEY can be constructed by calling EC_KEY_new_by_curve_name() and supplying the nid of the associated curve. See EC_GROUP_new(3) for a description of curve names. This function simply wraps calls to EC_KEY_new() and EC_GROUP_new_by_curve_name().

+ +

Calling EC_KEY_free() decrements the reference count for the EC_KEY object, and if it has dropped to zero then frees the memory associated with it. If key is NULL nothing is done.

+ +

EC_KEY_copy() copies the contents of the EC_KEY in src into dest.

+ +

EC_KEY_dup() creates a new EC_KEY object and copies ec_key into it.

+ +

EC_KEY_up_ref() increments the reference count associated with the EC_KEY object.

+ +

EC_KEY_get0_engine() returns a handle to the ENGINE that has been set for this EC_KEY object.

+ +

EC_KEY_generate_key() generates a new public and private key for the supplied eckey object. eckey must have an EC_GROUP object associated with it before calling this function. The private key is a random integer (0 < priv_key < order, where order is the order of the EC_GROUP object). The public key is an EC_POINT on the curve calculated by multiplying the generator for the curve by the private key.

+ +

EC_KEY_check_key() performs various sanity checks on the EC_KEY object to confirm that it is valid.

+ +

EC_KEY_set_public_key_affine_coordinates() sets the public key for key based on its affine co-ordinates; i.e., it constructs an EC_POINT object based on the supplied x and y values and sets the public key to be this EC_POINT. It also performs certain sanity checks on the key to confirm that it is valid.

+ +

The functions EC_KEY_get0_group(), EC_KEY_set_group(), EC_KEY_get0_private_key(), EC_KEY_set_private_key(), EC_KEY_get0_public_key(), and EC_KEY_set_public_key() get and set the EC_GROUP object, the private key, and the EC_POINT public key for the key respectively.

+ +

The functions EC_KEY_get_conv_form() and EC_KEY_set_conv_form() get and set the point_conversion_form for the key. For a description of point_conversion_forms please see EC_POINT_new(3).

+ +

EC_KEY_set_flags() sets the flags in the flags parameter on the EC_KEY object. Any flags that are already set are left set. The flags currently defined are EC_FLAG_NON_FIPS_ALLOW and EC_FLAG_FIPS_CHECKED. In addition there is the flag EC_FLAG_COFACTOR_ECDH which is specific to ECDH. EC_KEY_get_flags() returns the current flags that are set for this EC_KEY. EC_KEY_clear_flags() clears the flags indicated by the flags parameter; all other flags are left in their existing state.

+ +

EC_KEY_set_asn1_flag() sets the asn1_flag on the underlying EC_GROUP object (if set). Refer to EC_GROUP_copy(3) for further information on the asn1_flag.

+ +

EC_KEY_precompute_mult() stores multiples of the underlying EC_GROUP generator for faster point multiplication. See also EC_POINT_add(3).

+ +

EC_KEY_oct2key() and EC_KEY_key2buf() are identical to the functions EC_POINT_oct2point() and EC_KEY_point2buf() except they use the public key EC_POINT in eckey.

+ +

EC_KEY_oct2priv() and EC_KEY_priv2oct() convert between the private key component of eckey and octet form. The octet form consists of the content octets of the privateKey OCTET STRING in an ECPrivateKey ASN.1 structure.

+ +

The function EC_KEY_priv2oct() must be supplied with a buffer long enough to store the octet form. The return value provides the number of octets stored. Calling the function with a NULL buffer will not perform the conversion but will just return the required buffer length.

+ +

The function EC_KEY_priv2buf() allocates a buffer of suitable length and writes an EC_KEY to it in octet format. The allocated buffer is written to *pbuf and its length is returned. The caller must free up the allocated buffer with a call to OPENSSL_free(). Since the allocated buffer value is written to *pbuf the pbuf parameter MUST NOT be NULL.

+ +

EC_KEY_priv2buf() converts an EC_KEY private key into an allocated buffer.

+ +

RETURN VALUES

+ +

EC_KEY_new(), EC_KEY_new_by_curve_name() and EC_KEY_dup() return a pointer to the newly created EC_KEY object, or NULL on error.

+ +

EC_KEY_get_flags() returns the flags associated with the EC_KEY object as an integer.

+ +

EC_KEY_copy() returns a pointer to the destination key, or NULL on error.

+ +

EC_KEY_get0_engine() returns a pointer to an ENGINE, or NULL if it wasn't set.

+ +

EC_KEY_up_ref(), EC_KEY_set_group(), EC_KEY_set_private_key(), EC_KEY_set_public_key(), EC_KEY_precompute_mult(), EC_KEY_generate_key(), EC_KEY_check_key(), EC_KEY_set_public_key_affine_coordinates(), EC_KEY_oct2key() and EC_KEY_oct2priv() return 1 on success or 0 on error.

+ +

EC_KEY_get0_group() returns the EC_GROUP associated with the EC_KEY.

+ +

EC_KEY_get0_private_key() returns the private key associated with the EC_KEY.

+ +

EC_KEY_get_conv_form() return the point_conversion_form for the EC_KEY.

+ +

EC_KEY_key2buf(), EC_KEY_priv2oct() and EC_KEY_priv2buf() return the length of the buffer or 0 on error.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), EC_POINT_new(3), EC_POINT_add(3), EC_GFp_simple_method(3), d2i_ECPKParameters(3)

+ +

COPYRIGHT

+ +

Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_POINT_add.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_POINT_add.html new file mode 100644 index 00000000..2c197ebc --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_POINT_add.html @@ -0,0 +1,95 @@ + + + + +EC_POINT_add + + + + + + + + + + +

NAME

+ +

EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult - Functions for performing mathematical operations and tests on EC_POINT objects

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 const EC_POINT *b, BN_CTX *ctx);
+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
+int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
+int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
+                          EC_POINT *points[], BN_CTX *ctx);
+int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num,
+                  const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
+int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
+                 const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
+int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
+ +

DESCRIPTION

+ +

EC_POINT_add adds the two points a and b and places the result in r. Similarly EC_POINT_dbl doubles the point a and places the result in r. In both cases it is valid for r to be one of a or b.

+ +

EC_POINT_invert calculates the inverse of the supplied point a. The result is placed back in a.

+ +

The function EC_POINT_is_at_infinity tests whether the supplied point is at infinity or not.

+ +

EC_POINT_is_on_curve tests whether the supplied point is on the curve or not.

+ +

EC_POINT_cmp compares the two supplied points and tests whether or not they are equal.

+ +

The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the EC_POINT(s) into the affine co-ordinate system. In the case of EC_POINTs_make_affine the value num provides the number of points in the array points to be forced.

+ +

EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * n + q * m and stores the result in r. The value n may be NULL in which case the result is just q * m (variable point multiplication). Alternatively, both q and m may be NULL, and n non-NULL, in which case the result is just generator * n (fixed point multiplication). When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either n or m) is in the range [0, ec_group_order).

+ +

EC_POINTs_mul calculates the value generator * n + q[0] * m[0] + ... + q[num-1] * m[num-1]. As for EC_POINT_mul the value n may be NULL or num may be zero. When performing a fixed point multiplication (n is non-NULL and num is 0) or a variable point multiplication (n is NULL and num is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either n or m[0]) is in the range [0, ec_group_order).

+ +

The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See EC_GROUP_copy(3) for information about the generator.

+ +

RETURN VALUES

+ +

The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_make_affine, EC_POINT_mul, EC_POINTs_mul and EC_GROUP_precompute_mult.

+ +

EC_POINT_is_at_infinity returns 1 if the point is at infinity, or 0 otherwise.

+ +

EC_POINT_is_on_curve returns 1 if the point is on the curve, 0 if not, or -1 on error.

+ +

EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or -1 on error.

+ +

EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), EC_POINT_new(3), EC_KEY_new(3), EC_GFp_simple_method(3), d2i_ECPKParameters(3)

+ +

COPYRIGHT

+ +

Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_POINT_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_POINT_new.html new file mode 100644 index 00000000..3d2cf8a7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EC_POINT_new.html @@ -0,0 +1,169 @@ + + + + +EC_POINT_new + + + + + + + + + + +

NAME

+ +

EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of, EC_POINT_set_to_infinity, EC_POINT_get_Jprojective_coordinates_GFp, EC_POINT_set_affine_coordinates, EC_POINT_get_affine_coordinates, EC_POINT_set_compressed_coordinates, EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m, EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex, EC_POINT_hex2point - Functions for creating, destroying and manipulating EC_POINT objects

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+EC_POINT *EC_POINT_new(const EC_GROUP *group);
+void EC_POINT_free(EC_POINT *point);
+void EC_POINT_clear_free(EC_POINT *point);
+int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
+EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
+int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             EC_POINT *p,
+                                             const BIGNUM *x, const BIGNUM *y,
+                                             const BIGNUM *z, BN_CTX *ctx);
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             const EC_POINT *p,
+                                             BIGNUM *x, BIGNUM *y, BIGNUM *z,
+                                             BN_CTX *ctx);
+int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                    const BIGNUM *x, const BIGNUM *y,
+                                    BN_CTX *ctx);
+int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
+                                    BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                        const BIGNUM *x, int y_bit,
+                                        BN_CTX *ctx);
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
+                                        const BIGNUM *x, const BIGNUM *y,
+                                        BN_CTX *ctx);
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+                                        const EC_POINT *p,
+                                        BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+                                            EC_POINT *p,
+                                            const BIGNUM *x, int y_bit,
+                                            BN_CTX *ctx);
+int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
+                                         const BIGNUM *x, const BIGNUM *y,
+                                         BN_CTX *ctx);
+int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+                                         const EC_POINT *p,
+                                         BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
+                                             EC_POINT *p,
+                                             const BIGNUM *x, int y_bit,
+                                             BN_CTX *ctx);
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
+                          point_conversion_form_t form,
+                          unsigned char *buf, size_t len, BN_CTX *ctx);
+size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
+                          point_conversion_form_t form,
+                          unsigned char **pbuf, BN_CTX *ctx);
+int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
+                       const unsigned char *buf, size_t len, BN_CTX *ctx);
+BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *p,
+                          point_conversion_form_t form, BIGNUM *bn,
+                          BN_CTX *ctx);
+EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn,
+                            EC_POINT *p, BN_CTX *ctx);
+char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p,
+                         point_conversion_form_t form, BN_CTX *ctx);
+EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex,
+                             EC_POINT *p, BN_CTX *ctx);
+ +

DESCRIPTION

+ +

An EC_POINT structure represents a point on a curve. A new point is constructed by calling the function EC_POINT_new() and providing the group object that the point relates to.

+ +

EC_POINT_free() frees the memory associated with the EC_POINT. if point is NULL nothing is done.

+ +

EC_POINT_clear_free() destroys any sensitive data held within the EC_POINT and then frees its memory. If point is NULL nothing is done.

+ +

EC_POINT_copy() copies the point src into dst. Both src and dst must use the same EC_METHOD.

+ +

EC_POINT_dup() creates a new EC_POINT object and copies the content from src to the newly created EC_POINT object.

+ +

EC_POINT_method_of() obtains the EC_METHOD associated with point.

+ +

A valid point on a curve is the special point at infinity. A point is set to be at infinity by calling EC_POINT_set_to_infinity().

+ +

The affine co-ordinates for a point describe a point in terms of its x and y position. The function EC_POINT_set_affine_coordinates() sets the x and y co-ordinates for the point p defined over the curve given in group. The function EC_POINT_get_affine_coordinates() sets x and y, either of which may be NULL, to the corresponding coordinates of p.

+ +

The functions EC_POINT_set_affine_coordinates_GFp() and EC_POINT_set_affine_coordinates_GF2m() are synonyms for EC_POINT_set_affine_coordinates(). They are defined for backwards compatibility only and should not be used.

+ +

The functions EC_POINT_get_affine_coordinates_GFp() and EC_POINT_get_affine_coordinates_GF2m() are synonyms for EC_POINT_get_affine_coordinates(). They are defined for backwards compatibility only and should not be used.

+ +

As well as the affine co-ordinates, a point can alternatively be described in terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian projective co-ordinates are expressed as three values x, y and z. Working in this co-ordinate system provides more efficient point multiplication operations. A mapping exists between Jacobian projective co-ordinates and affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped to (x, y, 1). To set or get the projective co-ordinates use EC_POINT_set_Jprojective_coordinates_GFp() and EC_POINT_get_Jprojective_coordinates_GFp() respectively.

+ +

Points can also be described in terms of their compressed co-ordinates. For a point (x, y), for any given value for x such that the point is on the curve there will only ever be two possible values for y. Therefore a point can be set using the EC_POINT_set_compressed_coordinates() function where x is the x co-ordinate and y_bit is a value 0 or 1 to identify which of the two possible values for y should be used.

+ +

The functions EC_POINT_set_compressed_coordinates_GFp() and EC_POINT_set_compressed_coordinates_GF2m() are synonyms for EC_POINT_set_compressed_coordinates(). They are defined for backwards compatibility only and should not be used.

+ +

In addition EC_POINT can be converted to and from various external representations. The octet form is the binary encoding of the ECPoint structure (as defined in RFC5480 and used in certificates and TLS records): only the content octets are present, the OCTET STRING tag and length are not included. BIGNUM form is the octet form interpreted as a big endian integer converted to a BIGNUM structure. Hexadecimal form is the octet form converted to a NULL terminated character string where each character is one of the printable values 0-9 or A-F (or a-f).

+ +

The functions EC_POINT_point2oct(), EC_POINT_oct2point(), EC_POINT_point2bn(), EC_POINT_bn2point(), EC_POINT_point2hex() and EC_POINT_hex2point() convert from and to EC_POINTs for the formats: octet, BIGNUM and hexadecimal respectively.

+ +

The function EC_POINT_point2oct() encodes the given curve point p as an octet string into the buffer buf of size len, using the specified conversion form form. The encoding conforms with Sec. 2.3.3 of the SECG SEC 1 ("Elliptic Curve Cryptography") standard. Similarly the function EC_POINT_oct2point() decodes a curve point into p from the octet string contained in the given buffer buf of size len, conforming to Sec. 2.3.4 of the SECG SEC 1 ("Elliptic Curve Cryptography") standard.

+ +

The functions EC_POINT_point2hex() and EC_POINT_point2bn() convert a point p, respectively, to the hexadecimal or BIGNUM representation of the same encoding of the function EC_POINT_point2oct(). Vice versa, similarly to the function EC_POINT_oct2point(), the functions EC_POINT_hex2point() and EC_POINT_point2bn() decode the hexadecimal or BIGNUM representation into the EC_POINT p.

+ +

Notice that, according to the standard, the octet string encoding of the point at infinity for a given curve is fixed to a single octet of value zero and that, vice versa, a single octet of size zero is decoded as the point at infinity.

+ +

The function EC_POINT_point2oct() must be supplied with a buffer long enough to store the octet form. The return value provides the number of octets stored. Calling the function with a NULL buffer will not perform the conversion but will still return the required buffer length.

+ +

The function EC_POINT_point2buf() allocates a buffer of suitable length and writes an EC_POINT to it in octet format. The allocated buffer is written to *pbuf and its length is returned. The caller must free up the allocated buffer with a call to OPENSSL_free(). Since the allocated buffer value is written to *pbuf the pbuf parameter MUST NOT be NULL.

+ +

The function EC_POINT_point2hex() will allocate sufficient memory to store the hexadecimal string. It is the caller's responsibility to free this memory with a subsequent call to OPENSSL_free().

+ +

RETURN VALUES

+ +

EC_POINT_new() and EC_POINT_dup() return the newly allocated EC_POINT or NULL on error.

+ +

The following functions return 1 on success or 0 on error: EC_POINT_copy(), EC_POINT_set_to_infinity(), EC_POINT_set_Jprojective_coordinates_GFp(), EC_POINT_get_Jprojective_coordinates_GFp(), EC_POINT_set_affine_coordinates_GFp(), EC_POINT_get_affine_coordinates_GFp(), EC_POINT_set_compressed_coordinates_GFp(), EC_POINT_set_affine_coordinates_GF2m(), EC_POINT_get_affine_coordinates_GF2m(), EC_POINT_set_compressed_coordinates_GF2m() and EC_POINT_oct2point().

+ +

EC_POINT_method_of returns the EC_METHOD associated with the supplied EC_POINT.

+ +

EC_POINT_point2oct() and EC_POINT_point2buf() return the length of the required buffer or 0 on error.

+ +

EC_POINT_point2bn() returns the pointer to the BIGNUM supplied, or NULL on error.

+ +

EC_POINT_bn2point() returns the pointer to the EC_POINT supplied, or NULL on error.

+ +

EC_POINT_point2hex() returns a pointer to the hex string, or NULL on error.

+ +

EC_POINT_hex2point() returns the pointer to the EC_POINT supplied, or NULL on error.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), EC_POINT_add(3), EC_KEY_new(3), EC_GFp_simple_method(3), d2i_ECPKParameters(3)

+ +

COPYRIGHT

+ +

Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ENGINE_add.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ENGINE_add.html new file mode 100644 index 00000000..52d622ad --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ENGINE_add.html @@ -0,0 +1,422 @@ + + + + +ENGINE_add + + + + + + + + + + +

NAME

+ +

ENGINE_get_DH, ENGINE_get_DSA, ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH, ENGINE_get_default_DSA, ENGINE_get_default_RAND, ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first, ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new, ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests, ENGINE_get_destroy_function, ENGINE_get_finish_function, ENGINE_get_init_function, ENGINE_get_load_privkey_function, ENGINE_get_load_pubkey_function, ENGINE_load_private_key, ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id, ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher, ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable, ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string, ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init, ENGINE_register_DH, ENGINE_register_DSA, ENGINE_register_RAND, ENGINE_register_RSA, ENGINE_register_all_complete, ENGINE_register_ciphers, ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove, ENGINE_set_DH, ENGINE_set_DSA, ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers, ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default, ENGINE_set_default_DH, ENGINE_set_default_DSA, ENGINE_set_default_RAND, ENGINE_set_default_RSA, ENGINE_set_default_ciphers, ENGINE_set_default_digests, ENGINE_set_default_string, ENGINE_set_destroy_function, ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags, ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function, ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref, ENGINE_get_table_flags, ENGINE_cleanup, ENGINE_load_builtin_engines, ENGINE_register_all_DH, ENGINE_register_all_DSA, ENGINE_register_all_RAND, ENGINE_register_all_RSA, ENGINE_register_all_ciphers, ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH, ENGINE_unregister_DSA, ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers, ENGINE_unregister_digests - ENGINE cryptographic module support

+ +

SYNOPSIS

+ +
#include <openssl/engine.h>
+
+ENGINE *ENGINE_get_first(void);
+ENGINE *ENGINE_get_last(void);
+ENGINE *ENGINE_get_next(ENGINE *e);
+ENGINE *ENGINE_get_prev(ENGINE *e);
+
+int ENGINE_add(ENGINE *e);
+int ENGINE_remove(ENGINE *e);
+
+ENGINE *ENGINE_by_id(const char *id);
+
+int ENGINE_init(ENGINE *e);
+int ENGINE_finish(ENGINE *e);
+
+void ENGINE_load_builtin_engines(void);
+
+ENGINE *ENGINE_get_default_RSA(void);
+ENGINE *ENGINE_get_default_DSA(void);
+ENGINE *ENGINE_get_default_DH(void);
+ENGINE *ENGINE_get_default_RAND(void);
+ENGINE *ENGINE_get_cipher_engine(int nid);
+ENGINE *ENGINE_get_digest_engine(int nid);
+
+int ENGINE_set_default_RSA(ENGINE *e);
+int ENGINE_set_default_DSA(ENGINE *e);
+int ENGINE_set_default_DH(ENGINE *e);
+int ENGINE_set_default_RAND(ENGINE *e);
+int ENGINE_set_default_ciphers(ENGINE *e);
+int ENGINE_set_default_digests(ENGINE *e);
+int ENGINE_set_default_string(ENGINE *e, const char *list);
+
+int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+unsigned int ENGINE_get_table_flags(void);
+void ENGINE_set_table_flags(unsigned int flags);
+
+int ENGINE_register_RSA(ENGINE *e);
+void ENGINE_unregister_RSA(ENGINE *e);
+void ENGINE_register_all_RSA(void);
+int ENGINE_register_DSA(ENGINE *e);
+void ENGINE_unregister_DSA(ENGINE *e);
+void ENGINE_register_all_DSA(void);
+int ENGINE_register_DH(ENGINE *e);
+void ENGINE_unregister_DH(ENGINE *e);
+void ENGINE_register_all_DH(void);
+int ENGINE_register_RAND(ENGINE *e);
+void ENGINE_unregister_RAND(ENGINE *e);
+void ENGINE_register_all_RAND(void);
+int ENGINE_register_ciphers(ENGINE *e);
+void ENGINE_unregister_ciphers(ENGINE *e);
+void ENGINE_register_all_ciphers(void);
+int ENGINE_register_digests(ENGINE *e);
+void ENGINE_unregister_digests(ENGINE *e);
+void ENGINE_register_all_digests(void);
+int ENGINE_register_complete(ENGINE *e);
+int ENGINE_register_all_complete(void);
+
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+                    long i, void *p, void (*f)(void), int cmd_optional);
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                           int cmd_optional);
+
+ENGINE *ENGINE_new(void);
+int ENGINE_free(ENGINE *e);
+int ENGINE_up_ref(ENGINE *e);
+
+int ENGINE_set_id(ENGINE *e, const char *id);
+int ENGINE_set_name(ENGINE *e, const char *name);
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+int ENGINE_set_flags(ENGINE *e, int flags);
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+
+const char *ENGINE_get_id(const ENGINE *e);
+const char *ENGINE_get_name(const ENGINE *e);
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+int ENGINE_get_flags(const ENGINE *e);
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+                                  UI_METHOD *ui_method, void *callback_data);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+                                 UI_METHOD *ui_method, void *callback_data);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10100000L
+void ENGINE_cleanup(void)
+#endif
+ +

DESCRIPTION

+ +

These functions create, manipulate, and use cryptographic modules in the form of ENGINE objects. These objects act as containers for implementations of cryptographic algorithms, and support a reference-counted mechanism to allow them to be dynamically loaded in and out of the running application.

+ +

The cryptographic functionality that can be provided by an ENGINE implementation includes the following abstractions;

+ +
RSA_METHOD - for providing alternative RSA implementations
+DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD,
+      - similarly for other OpenSSL APIs
+EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
+EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
+key-loading - loading public and/or private EVP_PKEY keys
+ +

Reference counting and handles

+ +

Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be treated as handles - ie. not only as pointers, but also as references to the underlying ENGINE object. Ie. one should obtain a new reference when making copies of an ENGINE pointer if the copies will be used (and released) independently.

+ +

ENGINE objects have two levels of reference-counting to match the way in which the objects are used. At the most basic level, each ENGINE pointer is inherently a structural reference - a structural reference is required to use the pointer value at all, as this kind of reference is a guarantee that the structure can not be deallocated until the reference is released.

+ +

However, a structural reference provides no guarantee that the ENGINE is initialised and able to use any of its cryptographic implementations. Indeed it's quite possible that most ENGINEs will not initialise at all in typical environments, as ENGINEs are typically used to support specialised hardware. To use an ENGINE's functionality, you need a functional reference. This kind of reference can be considered a specialised form of structural reference, because each functional reference implicitly contains a structural reference as well - however to avoid difficult-to-find programming bugs, it is recommended to treat the two kinds of reference independently. If you have a functional reference to an ENGINE, you have a guarantee that the ENGINE has been initialised and is ready to perform cryptographic operations, and will remain initialised until after you have released your reference.

+ +

Structural references

+ +

This basic type of reference is used for instantiating new ENGINEs, iterating across OpenSSL's internal linked-list of loaded ENGINEs, reading information about an ENGINE, etc. Essentially a structural reference is sufficient if you only need to query or manipulate the data of an ENGINE implementation rather than use its functionality.

+ +

The ENGINE_new() function returns a structural reference to a new (empty) ENGINE object. There are other ENGINE API functions that return structural references such as; ENGINE_by_id(), ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next(), ENGINE_get_prev(). All structural references should be released by a corresponding to call to the ENGINE_free() function - the ENGINE object itself will only actually be cleaned up and deallocated when the last structural reference is released.

+ +

It should also be noted that many ENGINE API function calls that accept a structural reference will internally obtain another reference - typically this happens whenever the supplied ENGINE will be needed by OpenSSL after the function has returned. Eg. the function to add a new ENGINE to OpenSSL's internal list is ENGINE_add() - if this function returns success, then OpenSSL will have stored a new structural reference internally so the caller is still responsible for freeing their own reference with ENGINE_free() when they are finished with it. In a similar way, some functions will automatically release the structural reference passed to it if part of the function's job is to do so. Eg. the ENGINE_get_next() and ENGINE_get_prev() functions are used for iterating across the internal ENGINE list - they will return a new structural reference to the next (or previous) ENGINE in the list or NULL if at the end (or beginning) of the list, but in either case the structural reference passed to the function is released on behalf of the caller.

+ +

To clarify a particular function's handling of references, one should always consult that function's documentation "man" page, or failing that the openssl/engine.h header file includes some hints.

+ +

Functional references

+ +

As mentioned, functional references exist when the cryptographic functionality of an ENGINE is required to be available. A functional reference can be obtained in one of two ways; from an existing structural reference to the required ENGINE, or by asking OpenSSL for the default operational ENGINE for a given cryptographic purpose.

+ +

To obtain a functional reference from an existing structural reference, call the ENGINE_init() function. This returns zero if the ENGINE was not already operational and couldn't be successfully initialised (eg. lack of system drivers, no special hardware attached, etc), otherwise it will return non-zero to indicate that the ENGINE is now operational and will have allocated a new functional reference to the ENGINE. All functional references are released by calling ENGINE_finish() (which removes the implicit structural reference as well).

+ +

The second way to get a functional reference is by asking OpenSSL for a default implementation for a given task, eg. by ENGINE_get_default_RSA(), ENGINE_get_default_cipher_engine(), etc. These are discussed in the next section, though they are not usually required by application programmers as they are used automatically when creating and using the relevant algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.

+ +

Default implementations

+ +

For each supported abstraction, the ENGINE code maintains an internal table of state to control which implementations are available for a given abstraction and which should be used by default. These implementations are registered in the tables and indexed by an 'nid' value, because abstractions like EVP_CIPHER and EVP_DIGEST support many distinct algorithms and modes, and ENGINEs can support arbitrarily many of them. In the case of other abstractions like RSA, DSA, etc, there is only one "algorithm" so all implementations implicitly register using the same 'nid' index.

+ +

When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg. when calling RSA_new_method(NULL)), a "get_default" call will be made to the ENGINE subsystem to process the corresponding state table and return a functional reference to an initialised ENGINE whose implementation should be used. If no ENGINE should (or can) be used, it will return NULL and the caller will operate with a NULL ENGINE handle - this usually equates to using the conventional software implementation. In the latter case, OpenSSL will from then on behave the way it used to before the ENGINE API existed.

+ +

Each state table has a flag to note whether it has processed this "get_default" query since the table was last modified, because to process this question it must iterate across all the registered ENGINEs in the table trying to initialise each of them in turn, in case one of them is operational. If it returns a functional reference to an ENGINE, it will also cache another reference to speed up processing future queries (without needing to iterate across the table). Likewise, it will cache a NULL response if no ENGINE was available so that future queries won't repeat the same iteration unless the state table changes. This behaviour can also be changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using ENGINE_set_table_flags()), no attempted initialisations will take place, instead the only way for the state table to return a non-NULL ENGINE to the "get_default" query will be if one is expressly set in the table. Eg. ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except that it also sets the state table's cached response for the "get_default" query. In the case of abstractions like EVP_CIPHER, where implementations are indexed by 'nid', these flags and cached-responses are distinct for each 'nid' value.

+ +

Application requirements

+ +

This section will explain the basic things an application programmer should support to make the most useful elements of the ENGINE functionality available to the user. The first thing to consider is whether the programmer wishes to make alternative ENGINE modules available to the application and user. OpenSSL maintains an internal linked list of "visible" ENGINEs from which it has to operate - at start-up, this list is empty and in fact if an application does not call any ENGINE API calls and it uses static linking against openssl, then the resulting application binary will not contain any alternative ENGINE code at all. So the first consideration is whether any/all available ENGINE implementations should be made visible to OpenSSL - this is controlled by calling the various "load" functions.

+ +

The fact that ENGINEs are made visible to OpenSSL (and thus are linked into the program and loaded into memory at run-time) does not mean they are "registered" or called into use by OpenSSL automatically - that behaviour is something for the application to control. Some applications will want to allow the user to specify exactly which ENGINE they want used if any is to be used at all. Others may prefer to load all support and have OpenSSL automatically use at run-time any ENGINE that is able to successfully initialise - ie. to assume that this corresponds to acceleration hardware attached to the machine or some such thing. There are probably numerous other ways in which applications may prefer to handle things, so we will simply illustrate the consequences as they apply to a couple of simple cases and leave developers to consider these and the source code to openssl's builtin utilities as guides.

+ +

If no ENGINE API functions are called within an application, then OpenSSL will not allocate any internal resources. Prior to OpenSSL 1.1.0, however, if any ENGINEs are loaded, even if not registered or used, it was necessary to call ENGINE_cleanup() before the program exits.

+ +

Using a specific ENGINE implementation

+ +

Here we'll assume an application has been configured by its user or admin to want to use the "ACME" ENGINE if it is available in the version of OpenSSL the application was compiled with. If it is available, it should be used by default for all RSA, DSA, and symmetric cipher operations, otherwise OpenSSL should use its builtin software as per usual. The following code illustrates how to approach this;

+ +
ENGINE *e;
+const char *engine_id = "ACME";
+ENGINE_load_builtin_engines();
+e = ENGINE_by_id(engine_id);
+if (!e)
+    /* the engine isn't available */
+    return;
+if (!ENGINE_init(e)) {
+    /* the engine couldn't initialise, release 'e' */
+    ENGINE_free(e);
+    return;
+}
+if (!ENGINE_set_default_RSA(e))
+    /*
+     * This should only happen when 'e' can't initialise, but the previous
+     * statement suggests it did.
+     */
+    abort();
+ENGINE_set_default_DSA(e);
+ENGINE_set_default_ciphers(e);
+/* Release the functional reference from ENGINE_init() */
+ENGINE_finish(e);
+/* Release the structural reference from ENGINE_by_id() */
+ENGINE_free(e);
+ +

Automatically using builtin ENGINE implementations

+ +

Here we'll assume we want to load and register all ENGINE implementations bundled with OpenSSL, such that for any cryptographic algorithm required by OpenSSL - if there is an ENGINE that implements it and can be initialised, it should be used. The following code illustrates how this can work;

+ +
/* Load all bundled ENGINEs into memory and make them visible */
+ENGINE_load_builtin_engines();
+/* Register all of them for every algorithm they collectively implement */
+ENGINE_register_all_complete();
+ +

That's all that's required. Eg. the next time OpenSSL tries to set up an RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to ENGINE_init() and if any of those succeed, that ENGINE will be set as the default for RSA use from then on.

+ +

Advanced configuration support

+ +

There is a mechanism supported by the ENGINE framework that allows each ENGINE implementation to define an arbitrary set of configuration "commands" and expose them to OpenSSL and any applications based on OpenSSL. This mechanism is entirely based on the use of name-value pairs and assumes ASCII input (no unicode or UTF for now!), so it is ideal if applications want to provide a transparent way for users to provide arbitrary configuration "directives" directly to such ENGINEs. It is also possible for the application to dynamically interrogate the loaded ENGINE implementations for the names, descriptions, and input flags of their available "control commands", providing a more flexible configuration scheme. However, if the user is expected to know which ENGINE device he/she is using (in the case of specialised hardware, this goes without saying) then applications may not need to concern themselves with discovering the supported control commands and simply prefer to pass settings into ENGINEs exactly as they are provided by the user.

+ +

Before illustrating how control commands work, it is worth mentioning what they are typically used for. Broadly speaking there are two uses for control commands; the first is to provide the necessary details to the implementation (which may know nothing at all specific to the host system) so that it can be initialised for use. This could include the path to any driver or config files it needs to load, required network addresses, smart-card identifiers, passwords to initialise protected devices, logging information, etc etc. This class of commands typically needs to be passed to an ENGINE before attempting to initialise it, ie. before calling ENGINE_init(). The other class of commands consist of settings or operations that tweak certain behaviour or cause certain operations to take place, and these commands may work either before or after ENGINE_init(), or in some cases both. ENGINE implementations should provide indications of this in the descriptions attached to builtin control commands and/or in external product documentation.

+ +

Issuing control commands to an ENGINE

+ +

Let's illustrate by example; a function for which the caller supplies the name of the ENGINE it wishes to use, a table of string-pairs for use before initialisation, and another table for use after initialisation. Note that the string-pairs used for control commands consist of a command "name" followed by the command "parameter" - the parameter could be NULL in some cases but the name can not. This function should initialise the ENGINE (issuing the "pre" commands beforehand and the "post" commands afterwards) and set it as the default for everything except RAND and then return a boolean success or failure.

+ +
int generic_load_engine_fn(const char *engine_id,
+                           const char **pre_cmds, int pre_num,
+                           const char **post_cmds, int post_num)
+{
+    ENGINE *e = ENGINE_by_id(engine_id);
+    if (!e) return 0;
+    while (pre_num--) {
+        if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
+            fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                    pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
+            ENGINE_free(e);
+            return 0;
+        }
+        pre_cmds += 2;
+    }
+    if (!ENGINE_init(e)) {
+        fprintf(stderr, "Failed initialisation\n");
+        ENGINE_free(e);
+        return 0;
+    }
+    /*
+     * ENGINE_init() returned a functional reference, so free the structural
+     * reference from ENGINE_by_id().
+     */
+    ENGINE_free(e);
+    while (post_num--) {
+        if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
+            fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                    post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
+            ENGINE_finish(e);
+            return 0;
+        }
+        post_cmds += 2;
+    }
+    ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
+    /* Success */
+    return 1;
+}
+ +

Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can relax the semantics of the function - if set non-zero it will only return failure if the ENGINE supported the given command name but failed while executing it, if the ENGINE doesn't support the command name it will simply return success without doing anything. In this case we assume the user is only supplying commands specific to the given ENGINE so we set this to FALSE.

+ +

Discovering supported control commands

+ +

It is possible to discover at run-time the names, numerical-ids, descriptions and input parameters of the control commands supported by an ENGINE using a structural reference. Note that some control commands are defined by OpenSSL itself and it will intercept and handle these control commands on behalf of the ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command. openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands implemented by ENGINEs should be numbered from. Any command value lower than this symbol is considered a "generic" command is handled directly by the OpenSSL core routines.

+ +

It is using these "core" control commands that one can discover the control commands implemented by a given ENGINE, specifically the commands:

+ +
ENGINE_HAS_CTRL_FUNCTION
+ENGINE_CTRL_GET_FIRST_CMD_TYPE
+ENGINE_CTRL_GET_NEXT_CMD_TYPE
+ENGINE_CTRL_GET_CMD_FROM_NAME
+ENGINE_CTRL_GET_NAME_LEN_FROM_CMD
+ENGINE_CTRL_GET_NAME_FROM_CMD
+ENGINE_CTRL_GET_DESC_LEN_FROM_CMD
+ENGINE_CTRL_GET_DESC_FROM_CMD
+ENGINE_CTRL_GET_CMD_FLAGS
+ +

Whilst these commands are automatically processed by the OpenSSL framework code, they use various properties exposed by each ENGINE to process these queries. An ENGINE has 3 properties it exposes that can affect how this behaves; it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in the ENGINE's flags, and it can expose an array of control command descriptions. If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will simply pass all these "core" control commands directly to the ENGINE's ctrl() handler (and thus, it must have supplied one), so it is up to the ENGINE to reply to these "discovery" commands itself. If that flag is not set, then the OpenSSL framework code will work with the following rules:

+ +
if no ctrl() handler supplied;
+    ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
+    all other commands fail.
+if a ctrl() handler was supplied but no array of control commands;
+    ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+    all other commands fail.
+if a ctrl() handler and array of control commands was supplied;
+    ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+    all other commands proceed processing ...
+ +

If the ENGINE's array of control commands is empty then all other commands will fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the identifier of a command supported by the ENGINE and returns the next command identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string name for a command and returns the corresponding identifier or fails if no such command name exists, and the remaining commands take a command identifier and return properties of the corresponding commands. All except ENGINE_CTRL_GET_FLAGS return the string length of a command name or description, or populate a supplied character buffer with a copy of the command name or description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following possible values:

+ +
ENGINE_CMD_FLAG_NUMERIC
+ENGINE_CMD_FLAG_STRING
+ENGINE_CMD_FLAG_NO_INPUT
+ENGINE_CMD_FLAG_INTERNAL
+ +

If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely informational to the caller - this flag will prevent the command being usable for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string(). "INTERNAL" commands are not intended to be exposed to text-based configuration by applications, administrations, users, etc. These can support arbitrary operations via ENGINE_ctrl(), including passing to and/or from the control commands data of any arbitrary type. These commands are supported in the discovery mechanisms simply to allow applications to determine if an ENGINE supports certain specific commands it might want to use (eg. application "foo" might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" - and ENGINE could therefore decide whether or not to support this "foo"-specific extension).

+ +

ENVIRONMENT

+ +
+ +
OPENSSL_ENGINES
+
+ +

The path to the engines directory. Ignored in set-user-ID and set-group-ID programs.

+ +
+
+ +

RETURN VALUES

+ +

ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next() and ENGINE_get_prev() return a valid ENGINE structure or NULL if an error occurred.

+ +

ENGINE_add() and ENGINE_remove() return 1 on success or 0 on error.

+ +

ENGINE_by_id() returns a valid ENGINE structure or NULL if an error occurred.

+ +

ENGINE_init() and ENGINE_finish() return 1 on success or 0 on error.

+ +

All ENGINE_get_default_TYPE() functions, ENGINE_get_cipher_engine() and ENGINE_get_digest_engine() return a valid ENGINE structure on success or NULL if an error occurred.

+ +

All ENGINE_set_default_TYPE() functions return 1 on success or 0 on error.

+ +

ENGINE_set_default() returns 1 on success or 0 on error.

+ +

ENGINE_get_table_flags() returns an unsigned integer value representing the global table flags which are used to control the registration behaviour of ENGINE implementations.

+ +

All ENGINE_register_TYPE() functions return 1 on success or 0 on error.

+ +

ENGINE_register_complete() and ENGINE_register_all_complete() return 1 on success or 0 on error.

+ +

ENGINE_ctrl() returns a positive value on success or others on error.

+ +

ENGINE_cmd_is_executable() returns 1 if cmd is executable or 0 otherwise.

+ +

ENGINE_ctrl_cmd() and ENGINE_ctrl_cmd_string() return 1 on success or 0 on error.

+ +

ENGINE_new() returns a valid ENGINE structure on success or NULL if an error occurred.

+ +

ENGINE_free() returns 1 on success or 0 on error.

+ +

ENGINE_up_ref() returns 1 on success or 0 on error.

+ +

ENGINE_set_id() and ENGINE_set_name() return 1 on success or 0 on error.

+ +

All other ENGINE_set_* functions return 1 on success or 0 on error.

+ +

ENGINE_get_id() and ENGINE_get_name() return a string representing the identifier and the name of the ENGINE e respectively.

+ +

ENGINE_get_RSA(), ENGINE_get_DSA(), ENGINE_get_DH() and ENGINE_get_RAND() return corresponding method structures for each algorithms.

+ +

ENGINE_get_destroy_function(), ENGINE_get_init_function(), ENGINE_get_finish_function(), ENGINE_get_ctrl_function(), ENGINE_get_load_privkey_function(), ENGINE_get_load_pubkey_function(), ENGINE_get_ciphers() and ENGINE_get_digests() return corresponding function pointers of the callbacks.

+ +

ENGINE_get_cipher() returns a valid EVP_CIPHER structure on success or NULL if an error occurred.

+ +

ENGINE_get_digest() returns a valid EVP_MD structure on success or NULL if an error occurred.

+ +

ENGINE_get_flags() returns an integer representing the ENGINE flags which are used to control various behaviours of an ENGINE.

+ +

ENGINE_get_cmd_defns() returns an ENGINE_CMD_DEFN structure or NULL if it's not set.

+ +

ENGINE_load_private_key() and ENGINE_load_public_key() return a valid EVP_PKEY structure on success or NULL if an error occurred.

+ +

SEE ALSO

+ +

OPENSSL_init_crypto(3), RSA_new_method(3), DSA_new(3), DH_new(3), RAND_bytes(3), config(5)

+ +

HISTORY

+ +

ENGINE_cleanup() was deprecated in OpenSSL 1.1.0 by the automatic cleanup done by OPENSSL_cleanup() and should not be used.

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_GET_LIB.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_GET_LIB.html new file mode 100644 index 00000000..d745dd0a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_GET_LIB.html @@ -0,0 +1,77 @@ + + + + +ERR_GET_LIB + + + + + + + + + + +

NAME

+ +

ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR - get information from error codes

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+int ERR_GET_LIB(unsigned long e);
+
+int ERR_GET_FUNC(unsigned long e);
+
+int ERR_GET_REASON(unsigned long e);
+
+int ERR_FATAL_ERROR(unsigned long e);
+ +

DESCRIPTION

+ +

The error code returned by ERR_get_error() consists of a library number, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() can be used to extract these.

+ +

ERR_FATAL_ERROR() indicates whether a given error code is a fatal error.

+ +

The library number and function code describe where the error occurred, the reason code is the information about what went wrong.

+ +

Each sub-library of OpenSSL has a unique library number; function and reason codes are unique within each sub-library. Note that different libraries may use the same value to signal different functions and reasons.

+ +

ERR_R_... reason codes such as ERR_R_MALLOC_FAILURE are globally unique. However, when checking for sub-library specific reason codes, be sure to also compare the library number.

+ +

ERR_GET_LIB(), ERR_GET_FUNC(), ERR_GET_REASON(), and ERR_FATAL_ERROR() are macros.

+ +

RETURN VALUES

+ +

The library number, function code, reason code, and whether the error is fatal, respectively.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

HISTORY

+ +

ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in all versions of OpenSSL.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_clear_error.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_clear_error.html new file mode 100644 index 00000000..a568fdf9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_clear_error.html @@ -0,0 +1,56 @@ + + + + +ERR_clear_error + + + + + + + + + + +

NAME

+ +

ERR_clear_error - clear the error queue

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+void ERR_clear_error(void);
+ +

DESCRIPTION

+ +

ERR_clear_error() empties the current thread's error queue.

+ +

RETURN VALUES

+ +

ERR_clear_error() has no return value.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_error_string.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_error_string.html new file mode 100644 index 00000000..1679ef6f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_error_string.html @@ -0,0 +1,77 @@ + + + + +ERR_error_string + + + + + + + + + + +

NAME

+ +

ERR_error_string, ERR_error_string_n, ERR_lib_error_string, ERR_func_error_string, ERR_reason_error_string - obtain human-readable error message

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+char *ERR_error_string(unsigned long e, char *buf);
+void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+
+const char *ERR_lib_error_string(unsigned long e);
+const char *ERR_func_error_string(unsigned long e);
+const char *ERR_reason_error_string(unsigned long e);
+ +

DESCRIPTION

+ +

ERR_error_string() generates a human-readable string representing the error code e, and places it at buf. buf must be at least 256 bytes long. If buf is NULL, the error string is placed in a static buffer. Note that this function is not thread-safe and does no checks on the size of the buffer; use ERR_error_string_n() instead.

+ +

ERR_error_string_n() is a variant of ERR_error_string() that writes at most len characters (including the terminating 0) and truncates the string if necessary. For ERR_error_string_n(), buf may not be NULL.

+ +

The string will have the following format:

+ +
error:[error code]:[library name]:[function name]:[reason string]
+ +

error code is an 8 digit hexadecimal number, library name, function name and reason string are ASCII text.

+ +

ERR_lib_error_string(), ERR_func_error_string() and ERR_reason_error_string() return the library name, function name and reason string respectively.

+ +

If there is no text string registered for the given error code, the error string will contain the numeric code.

+ +

ERR_print_errors(3) can be used to print all error codes currently in the queue.

+ +

RETURN VALUES

+ +

ERR_error_string() returns a pointer to a static buffer containing the string if buf == NULL, buf otherwise.

+ +

ERR_lib_error_string(), ERR_func_error_string() and ERR_reason_error_string() return the strings, and NULL if none is registered for the error code.

+ +

SEE ALSO

+ +

ERR_get_error(3), ERR_print_errors(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_get_error.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_get_error.html new file mode 100644 index 00000000..bb244e7c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_get_error.html @@ -0,0 +1,81 @@ + + + + +ERR_get_error + + + + + + + + + + +

NAME

+ +

ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data - obtain error code and data

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+unsigned long ERR_get_error(void);
+unsigned long ERR_peek_error(void);
+unsigned long ERR_peek_last_error(void);
+
+unsigned long ERR_get_error_line(const char **file, int *line);
+unsigned long ERR_peek_error_line(const char **file, int *line);
+unsigned long ERR_peek_last_error_line(const char **file, int *line);
+
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+                                      const char **data, int *flags);
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+                                       const char **data, int *flags);
+unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+                                            const char **data, int *flags);
+ +

DESCRIPTION

+ +

ERR_get_error() returns the earliest error code from the thread's error queue and removes the entry. This function can be called repeatedly until there are no more error codes to return.

+ +

ERR_peek_error() returns the earliest error code from the thread's error queue without modifying it.

+ +

ERR_peek_last_error() returns the latest error code from the thread's error queue without modifying it.

+ +

See ERR_GET_LIB(3) for obtaining information about location and reason of the error, and ERR_error_string(3) for human-readable error messages.

+ +

ERR_get_error_line(), ERR_peek_error_line() and ERR_peek_last_error_line() are the same as the above, but they additionally store the file name and line number where the error occurred in *file and *line, unless these are NULL.

+ +

ERR_get_error_line_data(), ERR_peek_error_line_data() and ERR_peek_last_error_line_data() store additional data and flags associated with the error code in *data and *flags, unless these are NULL. *data contains a string if *flags&ERR_TXT_STRING is true.

+ +

An application MUST NOT free the *data pointer (or any other pointers returned by these functions) with OPENSSL_free() as freeing is handled automatically by the error library.

+ +

RETURN VALUES

+ +

The error code, or 0 if there is no error in the queue.

+ +

SEE ALSO

+ +

ERR_error_string(3), ERR_GET_LIB(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_load_crypto_strings.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_load_crypto_strings.html new file mode 100644 index 00000000..6bff77db --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_load_crypto_strings.html @@ -0,0 +1,74 @@ + + + + +ERR_load_crypto_strings + + + + + + + + + + +

NAME

+ +

ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings - load and free error strings

+ +

SYNOPSIS

+ +

Deprecated:

+ +
#include <openssl/err.h>
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void ERR_load_crypto_strings(void);
+void ERR_free_strings(void);
+#endif
+
+#include <openssl/ssl.h>
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void SSL_load_error_strings(void);
+#endif
+ +

DESCRIPTION

+ +

ERR_load_crypto_strings() registers the error strings for all libcrypto functions. SSL_load_error_strings() does the same, but also registers the libssl error strings.

+ +

In versions prior to OpenSSL 1.1.0, ERR_free_strings() releases any resources created by the above functions.

+ +

RETURN VALUES

+ +

ERR_load_crypto_strings(), SSL_load_error_strings() and ERR_free_strings() return no values.

+ +

SEE ALSO

+ +

ERR_error_string(3)

+ +

HISTORY

+ +

The ERR_load_crypto_strings(), SSL_load_error_strings(), and ERR_free_strings() functions were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto() and OPENSSL_init_ssl() and should not be used.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_load_strings.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_load_strings.html new file mode 100644 index 00000000..69fb1bb3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_load_strings.html @@ -0,0 +1,74 @@ + + + + +ERR_load_strings + + + + + + + + + + +

NAME

+ +

ERR_load_strings, ERR_PACK, ERR_get_next_error_library - load arbitrary error strings

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
+
+int ERR_get_next_error_library(void);
+
+unsigned long ERR_PACK(int lib, int func, int reason);
+ +

DESCRIPTION

+ +

ERR_load_strings() registers error strings for library number lib.

+ +

str is an array of error string data:

+ +
typedef struct ERR_string_data_st
+{
+    unsigned long error;
+    char *string;
+} ERR_STRING_DATA;
+ +

The error code is generated from the library number and a function and reason code: error = ERR_PACK(lib, func, reason). ERR_PACK() is a macro.

+ +

The last entry in the array is {0,0}.

+ +

ERR_get_next_error_library() can be used to assign library numbers to user libraries at runtime.

+ +

RETURN VALUES

+ +

ERR_load_strings() returns no value. ERR_PACK() return the error code. ERR_get_next_error_library() returns zero on failure, otherwise a new library number.

+ +

SEE ALSO

+ +

ERR_load_strings(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_print_errors.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_print_errors.html new file mode 100644 index 00000000..9a8d5543 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_print_errors.html @@ -0,0 +1,70 @@ + + + + +ERR_print_errors + + + + + + + + + + +

NAME

+ +

ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb - print error messages

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+void ERR_print_errors(BIO *bp);
+void ERR_print_errors_fp(FILE *fp);
+void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u)
+ +

DESCRIPTION

+ +

ERR_print_errors() is a convenience function that prints the error strings for all errors that OpenSSL has recorded to bp, thus emptying the error queue.

+ +

ERR_print_errors_fp() is the same, except that the output goes to a FILE.

+ +

ERR_print_errors_cb() is the same, except that the callback function, cb, is called for each error line with the string, length, and userdata u as the callback parameters.

+ +

The error strings will have the following format:

+ +
[pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message]
+ +

error code is an 8 digit hexadecimal number. library name, function name and reason string are ASCII text, as is optional text message if one was set for the respective error code.

+ +

If there is no text string registered for the given error code, the error string will contain the numeric code.

+ +

RETURN VALUES

+ +

ERR_print_errors() and ERR_print_errors_fp() return no values.

+ +

SEE ALSO

+ +

ERR_error_string(3), ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_put_error.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_put_error.html new file mode 100644 index 00000000..f158c6f8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_put_error.html @@ -0,0 +1,79 @@ + + + + +ERR_put_error + + + + + + + + + + +

NAME

+ +

ERR_put_error, ERR_add_error_data, ERR_add_error_vdata - record an error

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+void ERR_put_error(int lib, int func, int reason, const char *file, int line);
+
+void ERR_add_error_data(int num, ...);
+void ERR_add_error_vdata(int num, va_list arg);
+ +

DESCRIPTION

+ +

ERR_put_error() adds an error code to the thread's error queue. It signals that the error of reason code reason occurred in function func of library lib, in line number line of file. This function is usually called by a macro.

+ +

ERR_add_error_data() associates the concatenation of its num string arguments with the error code added last. ERR_add_error_vdata() is similar except the argument is a va_list.

+ +

ERR_load_strings(3) can be used to register error strings so that the application can a generate human-readable error messages for the error code.

+ +

Reporting errors

+ +

Each sub-library has a specific macro XXXerr() that is used to report errors. Its first argument is a function code XXX_F_..., the second argument is a reason code XXX_R_.... Function codes are derived from the function names; reason codes consist of textual error descriptions. For example, the function ssl3_read_bytes() reports a "handshake failure" as follows:

+ +
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+ +

Function and reason codes should consist of upper case characters, numbers and underscores only. The error file generation script translates function codes into function names by looking in the header files for an appropriate function name, if none is found it just uses the capitalized form such as "SSL3_READ_BYTES" in the above example.

+ +

The trailing section of a reason code (after the "_R_") is translated into lower case and underscores changed to spaces.

+ +

Although a library will normally report errors using its own specific XXXerr macro, another library's macro can be used. This is normally only done when a library wants to include ASN1 code which must use the ASN1err() macro.

+ +

RETURN VALUES

+ +

ERR_put_error() and ERR_add_error_data() return no values.

+ +

SEE ALSO

+ +

ERR_load_strings(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_remove_state.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_remove_state.html new file mode 100644 index 00000000..ed6cec47 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_remove_state.html @@ -0,0 +1,67 @@ + + + + +ERR_remove_state + + + + + + + + + + +

NAME

+ +

ERR_remove_thread_state, ERR_remove_state - DEPRECATED

+ +

SYNOPSIS

+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10000000L
+void ERR_remove_state(unsigned long tid);
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void ERR_remove_thread_state(void *tid);
+#endif
+ +

DESCRIPTION

+ +

ERR_remove_state() frees the error queue associated with the specified thread, identified by tid. ERR_remove_thread_state() does the same thing, except the identifier is an opaque pointer.

+ +

RETURN VALUES

+ +

ERR_remove_state() and ERR_remove_thread_state() return no value.

+ +

SEE ALSO

+ +

LOPENSSL_init_crypto(3)

+ +

HISTORY

+ +

ERR_remove_state() was deprecated in OpenSSL 1.0.0 and ERR_remove_thread_state() was deprecated in OpenSSL 1.1.0; these functions and should not be used.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_set_mark.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_set_mark.html new file mode 100644 index 00000000..b8cf1a61 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/ERR_set_mark.html @@ -0,0 +1,57 @@ + + + + +ERR_set_mark + + + + + + + + + + +

NAME

+ +

ERR_set_mark, ERR_pop_to_mark - set marks and pop errors until mark

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+int ERR_set_mark(void);
+
+int ERR_pop_to_mark(void);
+ +

DESCRIPTION

+ +

ERR_set_mark() sets a mark on the current topmost error record if there is one.

+ +

ERR_pop_to_mark() will pop the top of the error stack until a mark is found. The mark is then removed. If there is no mark, the whole stack is removed.

+ +

RETURN VALUES

+ +

ERR_set_mark() returns 0 if the error stack is empty, otherwise 1.

+ +

ERR_pop_to_mark() returns 0 if there was no mark in the error stack, which implies that the stack became empty, otherwise 1.

+ +

COPYRIGHT

+ +

Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_BytesToKey.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_BytesToKey.html new file mode 100644 index 00000000..64eb0e29 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_BytesToKey.html @@ -0,0 +1,81 @@ + + + + +EVP_BytesToKey + + + + + + + + + + +

NAME

+ +

EVP_BytesToKey - password based encryption routine

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+                   const unsigned char *salt,
+                   const unsigned char *data, int datal, int count,
+                   unsigned char *key, unsigned char *iv);
+ +

DESCRIPTION

+ +

EVP_BytesToKey() derives a key and IV from various parameters. type is the cipher to derive the key and IV for. md is the message digest to use. The salt parameter is used as a salt in the derivation: it should point to an 8 byte buffer or NULL if no salt is used. data is a buffer containing datal bytes which is used to derive the keying data. count is the iteration count to use. The derived key and IV will be written to key and iv respectively.

+ +

NOTES

+ +

A typical application of this function is to derive keying material for an encryption algorithm from a password in the data parameter.

+ +

Increasing the count parameter slows down the algorithm which makes it harder for an attacker to perform a brute force attack using a large number of candidate passwords.

+ +

If the total key and IV length is less than the digest length and MD5 is used then the derivation algorithm is compatible with PKCS#5 v1.5 otherwise a non standard extension is used to derive the extra data.

+ +

Newer applications should use a more modern algorithm such as PBKDF2 as defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC.

+ +

KEY DERIVATION ALGORITHM

+ +

The key and IV is derived by concatenating D_1, D_2, etc until enough data is available for the key and IV. D_i is defined as:

+ +
D_i = HASH^count(D_(i-1) || data || salt)
+ +

where || denotes concatenation, D_0 is empty, HASH is the digest algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data) is HASH(HASH(data)) and so on.

+ +

The initial bytes are used for the key and the subsequent bytes for the IV.

+ +

RETURN VALUES

+ +

If data is NULL, then EVP_BytesToKey() returns the number of bytes needed to store the derived key. Otherwise, EVP_BytesToKey() returns the size of the derived key in bytes, or 0 on error.

+ +

SEE ALSO

+ +

evp(7), RAND_bytes(3), PKCS5_PBKDF2_HMAC(3), EVP_EncryptInit(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_CIPHER_CTX_get_cipher_data.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_CIPHER_CTX_get_cipher_data.html new file mode 100644 index 00000000..2fc6c01a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_CIPHER_CTX_get_cipher_data.html @@ -0,0 +1,61 @@ + + + + +EVP_CIPHER_CTX_get_cipher_data + + + + + + + + + + +

NAME

+ +

EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data - Routines to inspect and modify EVP_CIPHER_CTX objects

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
+void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
+ +

DESCRIPTION

+ +

The EVP_CIPHER_CTX_get_cipher_data() function returns a pointer to the cipher data relevant to EVP_CIPHER_CTX. The contents of this data is specific to the particular implementation of the cipher. For example this data can be used by engines to store engine specific information. The data is automatically allocated and freed by OpenSSL, so applications and engines should not normally free this directly (but see below).

+ +

The EVP_CIPHER_CTX_set_cipher_data() function allows an application or engine to replace the cipher data with new data. A pointer to any existing cipher data is returned from this function. If the old data is no longer required then it should be freed through a call to OPENSSL_free().

+ +

RETURN VALUES

+ +

The EVP_CIPHER_CTX_get_cipher_data() function returns a pointer to the current cipher data for the EVP_CIPHER_CTX.

+ +

The EVP_CIPHER_CTX_set_cipher_data() function returns a pointer to the old cipher data for the EVP_CIPHER_CTX.

+ +

HISTORY

+ +

The EVP_CIPHER_CTX_get_cipher_data() and EVP_CIPHER_CTX_set_cipher_data() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_CIPHER_meth_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_CIPHER_meth_new.html new file mode 100644 index 00000000..fbb13ec2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_CIPHER_meth_new.html @@ -0,0 +1,217 @@ + + + + +EVP_CIPHER_meth_new + + + + + + + + + + +

NAME

+ +

EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags, EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init, EVP_CIPHER_meth_set_do_cipher, EVP_CIPHER_meth_set_cleanup, EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params, EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init, EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup, EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
+EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
+
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
+int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size);
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+                             int (*init)(EVP_CIPHER_CTX *ctx,
+                                         const unsigned char *key,
+                                         const unsigned char *iv,
+                                         int enc));
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+                                  int (*do_cipher)(EVP_CIPHER_CTX *ctx,
+                                                   unsigned char *out,
+                                                   const unsigned char *in,
+                                                   size_t inl));
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+                                int (*cleanup)(EVP_CIPHER_CTX *));
+int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
+                                        int (*set_asn1_parameters)(EVP_CIPHER_CTX *,
+                                                                   ASN1_TYPE *));
+int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
+                                        int (*get_asn1_parameters)(EVP_CIPHER_CTX *,
+                                                                   ASN1_TYPE *));
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+                             int (*ctrl)(EVP_CIPHER_CTX *, int type,
+                                         int arg, void *ptr));
+
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                          const unsigned char *key,
+                                                          const unsigned char *iv,
+                                                          int enc);
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                               unsigned char *out,
+                                                               const unsigned char *in,
+                                                               size_t inl);
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *);
+int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                     ASN1_TYPE *);
+int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                     ASN1_TYPE *);
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                          int type, int arg,
+                                                          void *ptr);
+ +

DESCRIPTION

+ +

The EVP_CIPHER type is a structure for symmetric cipher method implementation.

+ +

EVP_CIPHER_meth_new() creates a new EVP_CIPHER structure.

+ +

EVP_CIPHER_meth_dup() creates a copy of cipher.

+ +

EVP_CIPHER_meth_free() destroys a EVP_CIPHER structure.

+ +

EVP_CIPHER_meth_set_iv_length() sets the length of the IV. This is only needed when the implemented cipher mode requires it.

+ +

EVP_CIPHER_meth_set_flags() sets the flags to describe optional behaviours in the particular cipher. With the exception of cipher modes, of which only one may be present, several flags can be or'd together. The available flags are:

+ +
+ +
EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE
+
+ +

The cipher mode.

+ +
+
EVP_CIPH_VARIABLE_LENGTH
+
+ +

This cipher is of variable length.

+ +
+
EVP_CIPH_CUSTOM_IV
+
+ +

Storing and initialising the IV is left entirely to the implementation.

+ +
+
EVP_CIPH_ALWAYS_CALL_INIT
+
+ +

Set this if the implementation's init() function should be called even if key is NULL.

+ +
+
EVP_CIPH_CTRL_INIT
+
+ +

Set this to have the implementation's ctrl() function called with command code EVP_CTRL_INIT early in its setup.

+ +
+
EVP_CIPH_CUSTOM_KEY_LENGTH
+
+ +

Checking and setting the key length after creating the EVP_CIPHER is left to the implementation. Whenever someone uses EVP_CIPHER_CTX_set_key_length() on a EVP_CIPHER with this flag set, the implementation's ctrl() function will be called with the control code EVP_CTRL_SET_KEY_LENGTH and the key length in arg.

+ +
+
EVP_CIPH_NO_PADDING
+
+ +

Don't use standard block padding.

+ +
+
EVP_CIPH_RAND_KEY
+
+ +

Making a key with random content is left to the implementation. This is done by calling the implementation's ctrl() function with the control code EVP_CTRL_RAND_KEY and the pointer to the key memory storage in ptr.

+ +
+
EVP_CIPH_CUSTOM_COPY
+
+ +

Set this to have the implementation's ctrl() function called with command code EVP_CTRL_COPY at the end of EVP_CIPHER_CTX_copy(). The intended use is for further things to deal with after the implementation specific data block has been copied. The destination EVP_CIPHER_CTX is passed to the control with the ptr parameter. The implementation specific data block is reached with EVP_CIPHER_CTX_get_cipher_data().

+ +
+
EVP_CIPH_FLAG_DEFAULT_ASN1
+
+ +

Use the default EVP routines to pass IV to and from ASN.1.

+ +
+
EVP_CIPH_FLAG_LENGTH_BITS
+
+ +

Signals that the length of the input buffer for encryption / decryption is to be understood as the number of bits instead of bytes for this implementation. This is only useful for CFB1 ciphers.

+ +
+
EVP_CIPH_FLAG_CUSTOM_CIPHER
+
+ +

This indicates that the implementation takes care of everything, including padding, buffering and finalization. The EVP routines will simply give them control and do nothing more.

+ +
+
EVP_CIPH_FLAG_AEAD_CIPHER
+
+ +

This indicates that this is an AEAD cipher implementation.

+ +
+
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+
+ +

Allow interleaving of crypto blocks, a particular optimization only applicable to certain TLS ciphers.

+ +
+
+ +

EVP_CIPHER_meth_set_impl_ctx_size() sets the size of the EVP_CIPHER's implementation context so that it can be automatically allocated.

+ +

EVP_CIPHER_meth_set_init() sets the cipher init function for cipher. The cipher init function is called by EVP_CipherInit(), EVP_CipherInit_ex(), EVP_EncryptInit(), EVP_EncryptInit_ex(), EVP_DecryptInit(), EVP_DecryptInit_ex().

+ +

EVP_CIPHER_meth_set_do_cipher() sets the cipher function for cipher. The cipher function is called by EVP_CipherUpdate(), EVP_EncryptUpdate(), EVP_DecryptUpdate(), EVP_CipherFinal(), EVP_EncryptFinal(), EVP_EncryptFinal_ex(), EVP_DecryptFinal() and EVP_DecryptFinal_ex().

+ +

EVP_CIPHER_meth_set_cleanup() sets the function for cipher to do extra cleanup before the method's private data structure is cleaned out and freed. Note that the cleanup function is passed a EVP_CIPHER_CTX *, the private data structure is then available with EVP_CIPHER_CTX_get_cipher_data(). This cleanup function is called by EVP_CIPHER_CTX_reset() and EVP_CIPHER_CTX_free().

+ +

EVP_CIPHER_meth_set_set_asn1_params() sets the function for cipher to set the AlgorithmIdentifier "parameter" based on the passed cipher. This function is called by EVP_CIPHER_param_to_asn1(). EVP_CIPHER_meth_set_get_asn1_params() sets the function for cipher that sets the cipher parameters based on an ASN.1 AlgorithmIdentifier "parameter". Both these functions are needed when there is a need for custom data (more or other than the cipher IV). They are called by EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() respectively if defined.

+ +

EVP_CIPHER_meth_set_ctrl() sets the control function for cipher.

+ +

EVP_CIPHER_meth_get_init(), EVP_CIPHER_meth_get_do_cipher(), EVP_CIPHER_meth_get_cleanup(), EVP_CIPHER_meth_get_set_asn1_params(), EVP_CIPHER_meth_get_get_asn1_params() and EVP_CIPHER_meth_get_ctrl() are all used to retrieve the method data given with the EVP_CIPHER_meth_set_*() functions above.

+ +

RETURN VALUES

+ +

EVP_CIPHER_meth_new() and EVP_CIPHER_meth_dup() return a pointer to a newly created EVP_CIPHER, or NULL on failure. All EVP_CIPHER_meth_set_*() functions return 1. All EVP_CIPHER_meth_get_*() functions return pointers to their respective cipher function.

+ +

SEE ALSO

+ +

EVP_EncryptInit

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_DigestInit.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_DigestInit.html new file mode 100644 index 00000000..3f48d1e4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_DigestInit.html @@ -0,0 +1,442 @@ + + + + +EVP_DigestInit + + + + + + + + + + +

NAME

+ +

EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, EVP_md_null, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_MD_CTX *EVP_MD_CTX_new(void);
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2);
+void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
+void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
+
+int EVP_Digest(const void *data, size_t count, unsigned char *md,
+               unsigned int *size, const EVP_MD *type, ENGINE *impl);
+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
+int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
+
+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+
+int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
+
+int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in);
+
+int EVP_MD_type(const EVP_MD *md);
+int EVP_MD_pkey_type(const EVP_MD *md);
+int EVP_MD_size(const EVP_MD *md);
+int EVP_MD_block_size(const EVP_MD *md);
+unsigned long EVP_MD_flags(const EVP_MD *md);
+
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+int EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
+int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
+int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
+void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
+int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+                                             const void *data, size_t count);
+void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+                              int (*update)(EVP_MD_CTX *ctx,
+                                            const void *data, size_t count));
+
+const EVP_MD *EVP_md_null(void);
+
+const EVP_MD *EVP_get_digestbyname(const char *name);
+const EVP_MD *EVP_get_digestbynid(int type);
+const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o);
+
+EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
+void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
+ +

DESCRIPTION

+ +

The EVP digest routines are a high level interface to message digests, and should be used instead of the cipher-specific functions.

+ +
+ +
EVP_MD_CTX_new()
+
+ +

Allocates and returns a digest context.

+ +
+
EVP_MD_CTX_reset()
+
+ +

Resets the digest context ctx. This can be used to reuse an already existing context.

+ +
+
EVP_MD_CTX_free()
+
+ +

Cleans up digest context ctx and frees up the space allocated to it.

+ +
+
EVP_MD_CTX_ctrl()
+
+ +

Performs digest-specific control actions on context ctx. The control command is indicated in cmd and any additional arguments in p1 and p2. EVP_MD_CTX_ctrl() must be called after EVP_DigestInit_ex(). Other restrictions may apply depending on the control type and digest implementation. See "CONTROLS" below for more information.

+ +
+
EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()
+
+ +

Sets, clears and tests ctx flags. See "FLAGS" below for more information.

+ +
+
EVP_Digest()
+
+ +

A wrapper around the Digest Init_ex, Update and Final_ex functions. Hashes count bytes of data at data using a digest type from ENGINE impl. The digest value is placed in md and its length is written at size if the pointer is not NULL. At most EVP_MAX_MD_SIZE bytes will be written. If impl is NULL the default implementation of digest type is used.

+ +
+
EVP_DigestInit_ex()
+
+ +

Sets up digest context ctx to use a digest type from ENGINE impl. type will typically be supplied by a function such as EVP_sha1(). If impl is NULL then the default implementation of digest type is used.

+ +
+
EVP_DigestUpdate()
+
+ +

Hashes cnt bytes of data at d into the digest context ctx. This function can be called several times on the same ctx to hash additional data.

+ +
+
EVP_DigestFinal_ex()
+
+ +

Retrieves the digest value from ctx and places it in md. If the s parameter is not NULL then the number of bytes of data written (i.e. the length of the digest) will be written to the integer at s, at most EVP_MAX_MD_SIZE bytes will be written. After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate() can be made, but EVP_DigestInit_ex() can be called to initialize a new digest operation.

+ +
+
EVP_DigestFinalXOF()
+
+ +

Interfaces to extendable-output functions, XOFs, such as SHAKE128 and SHAKE256. It retrieves the digest value from ctx and places it in len-sized <B>md. After calling this function no additional calls to EVP_DigestUpdate() can be made, but EVP_DigestInit_ex() can be called to initialize a new operation.

+ +
+
EVP_MD_CTX_copy_ex()
+
+ +

Can be used to copy the message digest state from in to out. This is useful if large amounts of data are to be hashed which only differ in the last few bytes.

+ +
+
EVP_DigestInit()
+
+ +

Behaves in the same way as EVP_DigestInit_ex() except it always uses the default digest implementation and calls EVP_MD_CTX_reset().

+ +
+
EVP_DigestFinal()
+
+ +

Similar to EVP_DigestFinal_ex() except the digest context ctx is automatically cleaned up.

+ +
+
EVP_MD_CTX_copy()
+
+ +

Similar to EVP_MD_CTX_copy_ex() except the destination out does not have to be initialized.

+ +
+
EVP_MD_size(), EVP_MD_CTX_size()
+
+ +

Return the size of the message digest when passed an EVP_MD or an EVP_MD_CTX structure, i.e. the size of the hash.

+ +
+
EVP_MD_block_size(), EVP_MD_CTX_block_size()
+
+ +

Return the block size of the message digest when passed an EVP_MD or an EVP_MD_CTX structure.

+ +
+
EVP_MD_type(), EVP_MD_CTX_type()
+
+ +

Return the NID of the OBJECT IDENTIFIER representing the given message digest when passed an EVP_MD structure. For example, EVP_MD_type(EVP_sha1()) returns NID_sha1. This function is normally used when setting ASN1 OIDs.

+ +
+
EVP_MD_CTX_md_data()
+
+ +

Return the digest method private data for the passed EVP_MD_CTX. The space is allocated by OpenSSL and has the size originally set with EVP_MD_meth_set_app_datasize().

+ +
+
EVP_MD_CTX_md()
+
+ +

Returns the EVP_MD structure corresponding to the passed EVP_MD_CTX.

+ +
+
EVP_MD_CTX_set_update_fn()
+
+ +

Sets the update function for ctx to update. This is the function that is called by EVP_DigestUpdate. If not set, the update function from the EVP_MD type specified at initialization is used.

+ +
+
EVP_MD_CTX_update_fn()
+
+ +

Returns the update function for ctx.

+ +
+
EVP_MD_flags()
+
+ +

Returns the md flags. Note that these are different from the EVP_MD_CTX ones. See EVP_MD_meth_set_flags(3) for more information.

+ +
+
EVP_MD_pkey_type()
+
+ +

Returns the NID of the public key signing algorithm associated with this digest. For example EVP_sha1() is associated with RSA so this will return NID_sha1WithRSAEncryption. Since digests and signature algorithms are no longer linked this function is only retained for compatibility reasons.

+ +
+
EVP_md_null()
+
+ +

A "null" message digest that does nothing: i.e. the hash it returns is of zero length.

+ +
+
EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()
+
+ +

Returns an EVP_MD structure when passed a digest name, a digest NID or an ASN1_OBJECT structure respectively.

+ +
+
EVP_MD_CTX_pkey_ctx()
+
+ +

Returns the EVP_PKEY_CTX assigned to ctx. The returned pointer should not be freed by the caller.

+ +
+
EVP_MD_CTX_set_pkey_ctx()
+
+ +

Assigns an EVP_PKEY_CTX to EVP_MD_CTX. This is usually used to provide a customized EVP_PKEY_CTX to EVP_DigestSignInit(3) or EVP_DigestVerifyInit(3). The pctx passed to this function should be freed by the caller. A NULL pctx pointer is also allowed to clear the EVP_PKEY_CTX assigned to ctx. In such case, freeing the cleared EVP_PKEY_CTX or not depends on how the EVP_PKEY_CTX is created.

+ +
+
+ +

CONTROLS

+ +

EVP_MD_CTX_ctrl() can be used to send the following standard controls:

+ +
+ +
EVP_MD_CTRL_MICALG
+
+ +

Gets the digest Message Integrity Check algorithm string. This is used when creating S/MIME multipart/signed messages, as specified in RFC 3851. The string value is written to p2.

+ +
+
EVP_MD_CTRL_XOF_LEN
+
+ +

This control sets the digest length for extendable output functions to p1. Sending this control directly should not be necessary, the use of EVP_DigestFinalXOF() is preferred. Currently used by SHAKE.

+ +
+
+ +

FLAGS

+ +

EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags() and EVP_MD_CTX_test_flags() can be used the manipulate and test these EVP_MD_CTX flags:

+ +
+ +
EVP_MD_CTX_FLAG_ONESHOT
+
+ +

This flag instructs the digest to optimize for one update only, if possible.

+ +
+
EVP_MD_CTX_FLAG_NO_INIT
+
+ +

This flag instructs EVP_DigestInit() and similar not to initialise the implementation specific data.

+ +
+
EVP_MD_CTX_FLAG_FINALISE
+
+ +

Some functions such as EVP_DigestSign only finalise copies of internal contexts so additional data can be included after the finalisation call. This is inefficient if this functionality is not required, and can be disabled with this flag.

+ +
+
+ +

RETURN VALUES

+ +
+ +
EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex()
+
+ +

Returns 1 for success and 0 for failure.

+ +
+
EVP_MD_CTX_ctrl()
+
+ +

Returns 1 if successful or 0 for failure.

+ +
+
EVP_MD_CTX_copy_ex()
+
+ +

Returns 1 if successful or 0 for failure.

+ +
+
EVP_MD_type(), EVP_MD_pkey_type()
+
+ +

Returns the NID of the corresponding OBJECT IDENTIFIER or NID_undef if none exists.

+ +
+
EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size()
+
+ +

Returns the digest or block size in bytes.

+ +
+
EVP_md_null()
+
+ +

Returns a pointer to the EVP_MD structure of the "null" message digest.

+ +
+
EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()
+
+ +

Returns either an EVP_MD structure or NULL if an error occurs.

+ +
+
EVP_MD_CTX_set_pkey_ctx()
+
+ +

This function has no return value.

+ +
+
+ +

NOTES

+ +

The EVP interface to message digests should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the digest used and much more flexible.

+ +

New applications should use the SHA-2 (such as EVP_sha256(3)) or the SHA-3 digest algorithms (such as EVP_sha3_512(3)). The other digest algorithms are still in common use.

+ +

For most applications the impl parameter to EVP_DigestInit_ex() will be set to NULL to use the default digest implementation.

+ +

The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are obsolete but are retained to maintain compatibility with existing code. New applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context instead of initializing and cleaning it up on each call and allow non default implementations of digests to be specified.

+ +

If digest contexts are not cleaned up after use, memory leaks will occur.

+ +

EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), EVP_MD_CTX_type(), EVP_get_digestbynid() and EVP_get_digestbyobj() are defined as macros.

+ +

EVP_MD_CTX_ctrl() sends commands to message digests for additional configuration or control.

+ +

EXAMPLES

+ +

This example digests the data "Test Message\n" and "Hello World\n", using the digest name passed on the command line.

+ +
#include <stdio.h>
+#include <string.h>
+#include <openssl/evp.h>
+
+int main(int argc, char *argv[])
+{
+    EVP_MD_CTX *mdctx;
+    const EVP_MD *md;
+    char mess1[] = "Test Message\n";
+    char mess2[] = "Hello World\n";
+    unsigned char md_value[EVP_MAX_MD_SIZE];
+    unsigned int md_len, i;
+
+    if (argv[1] == NULL) {
+        printf("Usage: mdtest digestname\n");
+        exit(1);
+    }
+
+    md = EVP_get_digestbyname(argv[1]);
+    if (md == NULL) {
+        printf("Unknown message digest %s\n", argv[1]);
+        exit(1);
+    }
+
+    mdctx = EVP_MD_CTX_new();
+    EVP_DigestInit_ex(mdctx, md, NULL);
+    EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
+    EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
+    EVP_DigestFinal_ex(mdctx, md_value, &md_len);
+    EVP_MD_CTX_free(mdctx);
+
+    printf("Digest is: ");
+    for (i = 0; i < md_len; i++)
+        printf("%02x", md_value[i]);
+    printf("\n");
+
+    exit(0);
+}
+ +

SEE ALSO

+ +

EVP_MD_meth_new(3), dgst(1), evp(7)

+ +

The full list of digest algorithms are provided below.

+ +

EVP_blake2b512(3), EVP_md2(3), EVP_md4(3), EVP_md5(3), EVP_mdc2(3), EVP_ripemd160(3), EVP_sha1(3), EVP_sha224(3), EVP_sha3_224(3), EVP_sm3(3), EVP_whirlpool(3)

+ +

HISTORY

+ +

The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0, respectively.

+ +

The link between digests and signing algorithms was fixed in OpenSSL 1.0 and later, so now EVP_sha1() can be used with RSA and DSA.

+ +

The EVP_dss1() function was removed in OpenSSL 1.1.0.

+ +

The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_DigestSignInit.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_DigestSignInit.html new file mode 100644 index 00000000..3f44a370 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_DigestSignInit.html @@ -0,0 +1,157 @@ + + + + +EVP_DigestSignInit + + + + + + + + + + +

NAME

+ +

EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal, EVP_DigestSign - EVP signing functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                       const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
+
+int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret,
+                   size_t *siglen, const unsigned char *tbs,
+                   size_t tbslen);
+ +

DESCRIPTION

+ +

The EVP signature routines are a high level interface to digital signatures.

+ +

EVP_DigestSignInit() sets up signing context ctx to use digest type from ENGINE e and private key pkey. ctx must be created with EVP_MD_CTX_new() before calling this function. If pctx is not NULL, the EVP_PKEY_CTX of the signing operation will be written to *pctx: this can be used to set alternative signing options. Note that any existing value in *pctx is overwritten. The EVP_PKEY_CTX value returned must not be freed directly by the application if ctx is not assigned an EVP_PKEY_CTX value before being passed to EVP_DigestSignInit() (which means the EVP_PKEY_CTX is created inside EVP_DigestSignInit() and it will be freed automatically when the EVP_MD_CTX is freed).

+ +

The digest type may be NULL if the signing algorithm supports it.

+ +

No EVP_PKEY_CTX will be created by EVP_DigestSignInit() if the passed ctx has already been assigned one via EVP_MD_CTX_set_pkey_ctx(3). See also SM2(7).

+ +

Only EVP_PKEY types that support signing can be used with these functions. This includes MAC algorithms where the MAC generation is considered as a form of "signing". Built-in EVP_PKEY types supported by these functions are CMAC, Poly1305, DSA, ECDSA, HMAC, RSA, SipHash, Ed25519 and Ed448.

+ +

Not all digests can be used for all key types. The following combinations apply.

+ +
+ +
DSA
+
+ +

Supports SHA1, SHA224, SHA256, SHA384 and SHA512

+ +
+
ECDSA
+
+ +

Supports SHA1, SHA224, SHA256, SHA384, SHA512 and SM3

+ +
+
RSA with no padding
+
+ +

Supports no digests (the digest type must be NULL)

+ +
+
RSA with X931 padding
+
+ +

Supports SHA1, SHA256, SHA384 and SHA512

+ +
+
All other RSA padding types
+
+ +

Support SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, SHA3-224, SHA3-256, SHA3-384, SHA3-512

+ +
+
Ed25519 and Ed448
+
+ +

Support no digests (the digest type must be NULL)

+ +
+
HMAC
+
+ +

Supports any digest

+ +
+
CMAC, Poly1305 and SipHash
+
+ +

Will ignore any digest provided.

+ +
+
+ +

If RSA-PSS is used and restrictions apply then the digest must match.

+ +

EVP_DigestSignUpdate() hashes cnt bytes of data at d into the signature context ctx. This function can be called several times on the same ctx to include additional data. This function is currently implemented using a macro.

+ +

EVP_DigestSignFinal() signs the data in ctx and places the signature in sig. If sig is NULL then the maximum size of the output buffer is written to the siglen parameter. If sig is not NULL then before the call the siglen parameter should contain the length of the sig buffer. If the call is successful the signature is written to sig and the amount of data written to siglen.

+ +

EVP_DigestSign() signs tbslen bytes of data at tbs and places the signature in sig and its length in siglen in a similar way to EVP_DigestSignFinal().

+ +

RETURN VALUES

+ +

EVP_DigestSignInit(), EVP_DigestSignUpdate(), EVP_DigestSignFinal() and EVP_DigestSign() return 1 for success and 0 for failure.

+ +

The error codes can be obtained from ERR_get_error(3).

+ +

NOTES

+ +

The EVP interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible.

+ +

EVP_DigestSign() is a one shot operation which signs a single block of data in one function. For algorithms that support streaming it is equivalent to calling EVP_DigestSignUpdate() and EVP_DigestSignFinal(). For algorithms which do not support streaming (e.g. PureEdDSA) it is the only way to sign data.

+ +

In previous versions of OpenSSL there was a link between message digest types and public key algorithms. This meant that "clone" digests such as EVP_dss1() needed to be used to sign using SHA1 and DSA. This is no longer necessary and the use of clone digest is now discouraged.

+ +

For some key types and parameters the random number generator must be seeded. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

The call to EVP_DigestSignFinal() internally finalizes a copy of the digest context. This means that calls to EVP_DigestSignUpdate() and EVP_DigestSignFinal() can be called later to digest and sign additional data.

+ +

Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur.

+ +

The use of EVP_PKEY_size() with these functions is discouraged because some signature operations may have a signature length which depends on the parameters set. As a result EVP_PKEY_size() would have to return a value which indicates the maximum possible signature for any set of parameters.

+ +

SEE ALSO

+ +

EVP_DigestVerifyInit(3), EVP_DigestInit(3), evp(7), HMAC(3), MD2(3), MD5(3), MDC2(3), RIPEMD160(3), SHA1(3), dgst(1), RAND(7)

+ +

HISTORY

+ +

EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_DigestVerifyInit.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_DigestVerifyInit.html new file mode 100644 index 00000000..39ee47aa --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_DigestVerifyInit.html @@ -0,0 +1,96 @@ + + + + +EVP_DigestVerifyInit + + + + + + + + + + +

NAME

+ +

EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_DigestVerify - EVP signature verification functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                         const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+                          size_t siglen);
+int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+                     size_t siglen, const unsigned char *tbs, size_t tbslen);
+ +

DESCRIPTION

+ +

The EVP signature routines are a high level interface to digital signatures.

+ +

EVP_DigestVerifyInit() sets up verification context ctx to use digest type from ENGINE e and public key pkey. ctx must be created with EVP_MD_CTX_new() before calling this function. If pctx is not NULL, the EVP_PKEY_CTX of the verification operation will be written to *pctx: this can be used to set alternative verification options. Note that any existing value in *pctx is overwritten. The EVP_PKEY_CTX value returned must not be freed directly by the application if ctx is not assigned an EVP_PKEY_CTX value before being passed to EVP_DigestVerifyInit() (which means the EVP_PKEY_CTX is created inside EVP_DigestVerifyInit() and it will be freed automatically when the EVP_MD_CTX is freed).

+ +

No EVP_PKEY_CTX will be created by EVP_DigestSignInit() if the passed ctx has already been assigned one via EVP_MD_CTX_set_pkey_ctx(3). See also SM2(7).

+ +

EVP_DigestVerifyUpdate() hashes cnt bytes of data at d into the verification context ctx. This function can be called several times on the same ctx to include additional data. This function is currently implemented using a macro.

+ +

EVP_DigestVerifyFinal() verifies the data in ctx against the signature in sig of length siglen.

+ +

EVP_DigestVerify() verifies tbslen bytes at tbs against the signature in sig of length siglen.

+ +

RETURN VALUES

+ +

EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0 for failure.

+ +

EVP_DigestVerifyFinal() and EVP_DigestVerify() return 1 for success; any other value indicates failure. A return value of zero indicates that the signature did not verify successfully (that is, tbs did not match the original data or the signature had an invalid form), while other values indicate a more serious error (and sometimes also indicate an invalid signature form).

+ +

The error codes can be obtained from ERR_get_error(3).

+ +

NOTES

+ +

The EVP interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible.

+ +

EVP_DigestVerify() is a one shot operation which verifies a single block of data in one function. For algorithms that support streaming it is equivalent to calling EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal(). For algorithms which do not support streaming (e.g. PureEdDSA) it is the only way to verify data.

+ +

In previous versions of OpenSSL there was a link between message digest types and public key algorithms. This meant that "clone" digests such as EVP_dss1() needed to be used to sign using SHA1 and DSA. This is no longer necessary and the use of clone digest is now discouraged.

+ +

For some key types and parameters the random number generator must be seeded. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data.

+ +

Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur.

+ +

SEE ALSO

+ +

EVP_DigestSignInit(3), EVP_DigestInit(3), evp(7), HMAC(3), MD2(3), MD5(3), MDC2(3), RIPEMD160(3), SHA1(3), dgst(1), RAND(7)

+ +

HISTORY

+ +

EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_EncodeInit.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_EncodeInit.html new file mode 100644 index 00000000..8301e17b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_EncodeInit.html @@ -0,0 +1,108 @@ + + + + +EVP_EncodeInit + + + + + + + + + + +

NAME

+ +

EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy, EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64 encode/decode routines

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
+int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx);
+int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl);
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl);
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
+ +

DESCRIPTION

+ +

The EVP encode routines provide a high level interface to base 64 encoding and decoding. Base 64 encoding converts binary data into a printable form that uses the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3 bytes of binary data provided 4 bytes of base 64 encoded data will be produced plus some occasional newlines (see below). If the input data length is not a multiple of 3 then the output data will be padded at the end using the "=" character.

+ +

EVP_ENCODE_CTX_new() allocates, initializes and returns a context to be used for the encode/decode functions.

+ +

EVP_ENCODE_CTX_free() cleans up an encode/decode context ctx and frees up the space allocated to it.

+ +

Encoding of binary data is performed in blocks of 48 input bytes (or less for the final block). For each 48 byte input block encoded 64 bytes of base 64 data is output plus an additional newline character (i.e. 65 bytes in total). The final block (which may be less than 48 bytes) will output 4 bytes for every 3 bytes of input. If the data length is not divisible by 3 then a full 4 bytes is still output for the final 1 or 2 bytes of input. Similarly a newline character will also be output.

+ +

EVP_EncodeInit() initialises ctx for the start of a new encoding operation.

+ +

EVP_EncodeUpdate() encode inl bytes of data found in the buffer pointed to by in. The output is stored in the buffer out and the number of bytes output is stored in *outl. It is the caller's responsibility to ensure that the buffer at out is sufficiently large to accommodate the output data. Only full blocks of data (48 bytes) will be immediately processed and output by this function. Any remainder is held in the ctx object and will be processed by a subsequent call to EVP_EncodeUpdate() or EVP_EncodeFinal(). To calculate the required size of the output buffer add together the value of inl with the amount of unprocessed data held in ctx and divide the result by 48 (ignore any remainder). This gives the number of blocks of data that will be processed. Ensure the output buffer contains 65 bytes of storage for each block, plus an additional byte for a NUL terminator. EVP_EncodeUpdate() may be called repeatedly to process large amounts of input data. In the event of an error EVP_EncodeUpdate() will set *outl to 0 and return 0. On success 1 will be returned.

+ +

EVP_EncodeFinal() must be called at the end of an encoding operation. It will process any partial block of data remaining in the ctx object. The output data will be stored in out and the length of the data written will be stored in *outl. It is the caller's responsibility to ensure that out is sufficiently large to accommodate the output data which will never be more than 65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).

+ +

EVP_ENCODE_CTX_copy() can be used to copy a context sctx to a context dctx. dctx must be initialized before calling this function.

+ +

EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still to be encoded or decoded that are pending in the ctx object.

+ +

EVP_EncodeBlock() encodes a full block of input data in f and of length dlen and stores it in t. For every 3 bytes of input provided 4 bytes of output data will be produced. If dlen is not divisible by 3 then the block is encoded as a final block of data and the output is padded such that it is always divisible by 4. Additionally a NUL terminator character will be added. For example if 16 bytes of input data is provided then 24 bytes of encoded data is created plus 1 byte for a NUL terminator (i.e. 25 bytes in total). The length of the data generated without the NUL terminator is returned from the function.

+ +

EVP_DecodeInit() initialises ctx for the start of a new decoding operation.

+ +

EVP_DecodeUpdate() decodes inl characters of data found in the buffer pointed to by in. The output is stored in the buffer out and the number of bytes output is stored in *outl. It is the caller's responsibility to ensure that the buffer at out is sufficiently large to accommodate the output data. This function will attempt to decode as much data as possible in 4 byte chunks. Any whitespace, newline or carriage return characters are ignored. Any partial chunk of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in the ctx object and processed by a subsequent call to EVP_DecodeUpdate(). If any illegal base 64 characters are encountered or if the base 64 padding character "=" is encountered in the middle of the data then the function returns -1 to indicate an error. A return value of 0 or 1 indicates successful processing of the data. A return value of 0 additionally indicates that the last input data characters processed included the base 64 padding character "=" and therefore no more non-padding character data is expected to be processed. For every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and line feeds), 3 bytes of binary output data will be produced (or less at the end of the data where the padding character "=" has been used).

+ +

EVP_DecodeFinal() must be called at the end of a decoding operation. If there is any unprocessed data still in ctx then the input data must not have been a multiple of 4 and therefore an error has occurred. The function will return -1 in this case. Otherwise the function returns 1 on success.

+ +

EVP_DecodeBlock() will decode the block of n characters of base 64 data contained in f and store the result in t. Any leading whitespace will be trimmed as will any trailing whitespace, newlines, carriage returns or EOF characters. After such trimming the length of the data in f must be divisible by 4. For every 4 input bytes exactly 3 output bytes will be produced. The output will be padded with 0 bits if necessary to ensure that the output is always 3 bytes for every 4 input bytes. This function will return the length of the data decoded or -1 on error.

+ +

RETURN VALUES

+ +

EVP_ENCODE_CTX_new() returns a pointer to the newly allocated EVP_ENCODE_CTX object or NULL on error.

+ +

EVP_ENCODE_CTX_num() returns the number of bytes pending encoding or decoding in ctx.

+ +

EVP_EncodeUpdate() returns 0 on error or 1 on success.

+ +

EVP_EncodeBlock() returns the number of bytes encoded excluding the NUL terminator.

+ +

EVP_DecodeUpdate() returns -1 on error and 0 or 1 on success. If 0 is returned then no more non-padding base 64 characters are expected.

+ +

EVP_DecodeFinal() returns -1 on error or 1 on success.

+ +

EVP_DecodeBlock() returns the length of the data decoded or -1 on error.

+ +

SEE ALSO

+ +

evp(7)

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_EncryptInit.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_EncryptInit.html new file mode 100644 index 00000000..9f820dd4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_EncryptInit.html @@ -0,0 +1,467 @@ + + + + +EVP_EncryptInit + + + + + + + + + + +

NAME

+ +

EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl, EVP_EncryptInit, EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, EVP_CIPHER_CTX_set_padding, EVP_enc_null - EVP cipher routines

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
+
+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                       ENGINE *impl, const unsigned char *key, const unsigned char *iv);
+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      int *outl, const unsigned char *in, int inl);
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                       ENGINE *impl, const unsigned char *key, const unsigned char *iv);
+int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      int *outl, const unsigned char *in, int inl);
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                      ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
+int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                     int *outl, const unsigned char *in, int inl);
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                    const unsigned char *key, const unsigned char *iv);
+int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                    const unsigned char *key, const unsigned char *iv);
+int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                   const unsigned char *key, const unsigned char *iv, int enc);
+int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
+
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+const EVP_CIPHER *EVP_get_cipherbynid(int nid);
+const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a);
+
+int EVP_CIPHER_nid(const EVP_CIPHER *e);
+int EVP_CIPHER_block_size(const EVP_CIPHER *e);
+int EVP_CIPHER_key_length(const EVP_CIPHER *e);
+int EVP_CIPHER_iv_length(const EVP_CIPHER *e);
+unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e);
+unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e);
+int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+
+const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
+void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data);
+int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx);
+
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ +

DESCRIPTION

+ +

The EVP cipher routines are a high level interface to certain symmetric ciphers.

+ +

EVP_CIPHER_CTX_new() creates a cipher context.

+ +

EVP_CIPHER_CTX_free() clears all information from a cipher context and free up any allocated memory associate with it, including ctx itself. This function should be called after all operations using a cipher are complete so sensitive information does not remain in memory.

+ +

EVP_EncryptInit_ex() sets up cipher context ctx for encryption with cipher type from ENGINE impl. ctx must be created before calling this function. type is normally supplied by a function such as EVP_aes_256_cbc(). If impl is NULL then the default implementation is used. key is the symmetric key to use and iv is the IV to use (if necessary), the actual number of bytes used for the key and IV depends on the cipher. It is possible to set all parameters to NULL except type in an initial call and supply the remaining parameters in subsequent calls, all of which have type set to NULL. This is done when the default cipher parameters are not appropriate.

+ +

EVP_EncryptUpdate() encrypts inl bytes from the buffer in and writes the encrypted version to out. This function can be called multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data: as a result the amount of data written may be anything from zero bytes to (inl + cipher_block_size - 1) so out should contain sufficient room. The actual number of bytes written is placed in outl. It also checks if in and out are partially overlapping, and if they are 0 is returned to indicate failure.

+ +

If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts the "final" data, that is any data that remains in a partial block. It uses standard block padding (aka PKCS padding) as described in the NOTES section, below. The encrypted final data is written to out which should have sufficient space for one cipher block. The number of bytes written is placed in outl. After this function is called the encryption operation is finished and no further calls to EVP_EncryptUpdate() should be made.

+ +

If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more data and it will return an error if any data remains in a partial block: that is if the total data length is not a multiple of the block size.

+ +

EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the corresponding decryption operations. EVP_DecryptFinal() will return an error code if padding is enabled and the final block is not correctly formatted. The parameters and restrictions are identical to the encryption operations except that if padding is enabled the decrypted data buffer out passed to EVP_DecryptUpdate() should have sufficient room for (inl + cipher_block_size) bytes unless the cipher block size is 1 in which case inl bytes is sufficient.

+ +

EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are functions that can be used for decryption or encryption. The operation performed depends on the value of the enc parameter. It should be set to 1 for encryption, 0 for decryption and -1 to leave the value unchanged (the actual value of 'enc' being supplied in a previous call).

+ +

EVP_CIPHER_CTX_reset() clears all information from a cipher context and free up any allocated memory associate with it, except the ctx itself. This function should be called anytime ctx is to be reused for another EVP_CipherInit() / EVP_CipherUpdate() / EVP_CipherFinal() series of calls.

+ +

EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex() and EVP_CipherInit_ex() except they always use the default cipher implementation.

+ +

EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() are identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and EVP_CipherFinal_ex(). In previous releases they also cleaned up the ctx, but this is no longer done and EVP_CIPHER_CTX_clean() must be called to free any context resources.

+ +

EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() return an EVP_CIPHER structure when passed a cipher name, a NID or an ASN1_OBJECT structure.

+ +

EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX structure. The actual NID value is an internal value which may not have a corresponding OBJECT IDENTIFIER.

+ +

EVP_CIPHER_CTX_set_padding() enables or disables padding. This function should be called after the context is set up for encryption or decryption with EVP_EncryptInit_ex(), EVP_DecryptInit_ex() or EVP_CipherInit_ex(). By default encryption operations are padded using standard block padding and the padding is checked and removed when decrypting. If the pad parameter is zero then no padding is performed, the total amount of data encrypted or decrypted must then be a multiple of the block size or an error will occur.

+ +

EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key length of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX structure. The constant EVP_MAX_KEY_LENGTH is the maximum key length for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a given cipher, the value of EVP_CIPHER_CTX_key_length() may be different for variable key length ciphers.

+ +

EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx. If the cipher is a fixed length cipher then attempting to set the key length to any value other than the fixed value is an error.

+ +

EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV length of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX. It will return zero if the cipher does not use an IV. The constant EVP_MAX_IV_LENGTH is the maximum IV length for all ciphers.

+ +

EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block size of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX structure. The constant EVP_MAX_BLOCK_LENGTH is also the maximum block length for all ciphers.

+ +

EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed cipher or context. This "type" is the actual NID of the cipher OBJECT IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and 128 bit RC2 have the same NID. If the cipher does not have an object identifier or does not have ASN1 support this function will return NID_undef.

+ +

EVP_CIPHER_CTX_cipher() returns the EVP_CIPHER structure when passed an EVP_CIPHER_CTX structure.

+ +

EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode: EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE or EVP_CIPH_OCB_MODE. If the cipher is a stream cipher then EVP_CIPH_STREAM_CIPHER is returned.

+ +

EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based on the passed cipher. This will typically include any parameters and an IV. The cipher IV (if any) must be set when this call is made. This call should be made before the cipher is actually "used" (before any EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function may fail if the cipher does not have any ASN1 support.

+ +

EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1 AlgorithmIdentifier "parameter". The precise effect depends on the cipher In the case of RC2, for example, it will set the IV and effective key length. This function should be called after the base cipher type is set but before the key is set. For example EVP_CipherInit() will be called with the IV and key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally EVP_CipherInit() again with all parameters except the key set to NULL. It is possible for this function to fail if the cipher does not have any ASN1 support or the parameters cannot be set (for example the RC2 effective key length is not supported.

+ +

EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined and set.

+ +

EVP_CIPHER_CTX_rand_key() generates a random key of the appropriate length based on the cipher context. The EVP_CIPHER can provide its own random key generation routine to support keys of a specific form. Key must point to a buffer at least as big as the value returned by EVP_CIPHER_CTX_key_length().

+ +

RETURN VALUES

+ +

EVP_CIPHER_CTX_new() returns a pointer to a newly created EVP_CIPHER_CTX for success and NULL for failure.

+ +

EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex() return 1 for success and 0 for failure.

+ +

EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure. EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.

+ +

EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure. EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success.

+ +

EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure.

+ +

EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() return an EVP_CIPHER structure or NULL on error.

+ +

EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID.

+ +

EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block size.

+ +

EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key length.

+ +

EVP_CIPHER_CTX_set_padding() always returns 1.

+ +

EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV length or zero if the cipher does not use an IV.

+ +

EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.

+ +

EVP_CIPHER_CTX_cipher() returns an EVP_CIPHER structure.

+ +

EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return greater than zero for success and zero or a negative number on failure.

+ +

EVP_CIPHER_CTX_rand_key() returns 1 for success.

+ +

CIPHER LISTING

+ +

All algorithms have a fixed key length unless otherwise stated.

+ +

Refer to "SEE ALSO" for the full list of ciphers available through the EVP interface.

+ +
+ +
EVP_enc_null()
+
+ +

Null cipher: does nothing.

+ +
+
+ +

AEAD Interface

+ +

The EVP interface for Authenticated Encryption with Associated Data (AEAD) modes are subtly altered and several additional ctrl operations are supported depending on the mode specified.

+ +

To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output parameter out set to NULL.

+ +

When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal() indicates whether the operation was successful. If it does not indicate success, the authentication operation has failed and any output data MUST NOT be used as it is corrupted.

+ +

GCM and OCB Modes

+ +

The following ctrls are supported in GCM and OCB modes.

+ +
+ +
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
+
+ +

Sets the IV length. This call can only be made before specifying an IV. If not called a default IV length is used.

+ +

For GCM AES and OCB AES the default is 12 (i.e. 96 bits). For OCB mode the maximum is 15.

+ +
+
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)
+
+ +

Writes taglen bytes of the tag value to the buffer indicated by tag. This call can only be made when encrypting data and after all data has been processed (e.g. after an EVP_EncryptFinal() call).

+ +

For OCB, taglen must either be 16 or the value previously set via EVP_CTRL_AEAD_SET_TAG.

+ +
+
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
+
+ +

Sets the expected tag to taglen bytes from tag. The tag length can only be set before specifying an IV. taglen must be between 1 and 16 inclusive.

+ +

For GCM, this call is only valid when decrypting data.

+ +

For OCB, this call is valid when decrypting data to set the expected tag, and before encryption to set the desired tag length.

+ +

In OCB mode, calling this before encryption with tag set to NULL sets the tag length. If this is not called prior to encryption, a default tag length is used.

+ +

For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the maximum tag length for OCB.

+ +
+
+ +

CCM Mode

+ +

The EVP interface for CCM mode is similar to that of the GCM mode but with a few additional requirements and different ctrl values.

+ +

For CCM mode, the total plaintext or ciphertext length MUST be passed to EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() with the output and input parameters (in and out) set to NULL and the length passed in the inl parameter.

+ +

The following ctrls are supported in CCM mode.

+ +
+ +
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
+
+ +

This call is made to set the expected CCM tag value when decrypting or the length of the tag (with the tag parameter set to NULL) when encrypting. The tag length is often referred to as M. If not set a default value is used (12 for AES). When decrypting, the tag needs to be set before passing in data to be decrypted, but as in GCM and OCB mode, it can be set after passing additional authenticated data (see "AEAD Interface").

+ +
+
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)
+
+ +

Sets the CCM L value. If not set a default is used (8 for AES).

+ +
+
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
+
+ +

Sets the CCM nonce (IV) length. This call can only be made before specifying an nonce value. The nonce length is given by 15 - L so it is 7 by default for AES.

+ +
+
+ +

ChaCha20-Poly1305

+ +

The following ctrls are supported for the ChaCha20-Poly1305 AEAD algorithm.

+ +
+ +
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
+
+ +

Sets the nonce length. This call can only be made before specifying the nonce. If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum nonce length is 12 bytes (i.e. 96-bits). If a nonce of less than 12 bytes is set then the nonce is automatically padded with leading 0 bytes to make it 12 bytes in length.

+ +
+
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)
+
+ +

Writes taglen bytes of the tag value to the buffer indicated by tag. This call can only be made when encrypting data and after all data has been processed (e.g. after an EVP_EncryptFinal() call).

+ +

taglen specified here must be 16 (POLY1305_BLOCK_SIZE, i.e. 128-bits) or less.

+ +
+
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
+
+ +

Sets the expected tag to taglen bytes from tag. The tag length can only be set before specifying an IV. taglen must be between 1 and 16 (POLY1305_BLOCK_SIZE) inclusive. This call is only valid when decrypting data.

+ +
+
+ +

NOTES

+ +

Where possible the EVP interface to symmetric ciphers should be used in preference to the low level interfaces. This is because the code then becomes transparent to the cipher used and much more flexible. Additionally, the EVP interface will ensure the use of platform specific cryptographic acceleration such as AES-NI (the low level interfaces do not provide the guarantee).

+ +

PKCS padding works by adding n padding bytes of value n to make the total length of the encrypted data a multiple of the block size. Padding is always added so if the data is already a multiple of the block size n will equal the block size. For example if the block size is 8 and 11 bytes are to be encrypted then 5 padding bytes of value 5 will be added.

+ +

When decrypting the final block is checked to see if it has the correct form.

+ +

Although the decryption operation can produce an error if padding is enabled, it is not a strong test that the input data or key is correct. A random block has better than 1 in 256 chance of being of the correct format and problems with the input data earlier on will not produce a final decrypt error.

+ +

If padding is disabled then the decryption operation will always succeed if the total amount of data decrypted is a multiple of the block size.

+ +

The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(), EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for compatibility with existing code. New code should use EVP_EncryptInit_ex(), EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an existing context without allocating and freeing it up on each call.

+ +

There are some differences between functions EVP_CipherInit() and EVP_CipherInit_ex(), significant in some circumstances. EVP_CipherInit() fills the passed context object with zeros. As a consequence, EVP_CipherInit() does not allow step-by-step initialization of the ctx when the key and iv are passed in separate calls. It also means that the flags set for the CTX are removed, and it is especially important for the EVP_CIPHER_CTX_FLAG_WRAP_ALLOW flag treated specially in EVP_CipherInit_ex().

+ +

EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros.

+ +

BUGS

+ +

EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with default key lengths. If custom ciphers exceed these values the results are unpredictable. This is because it has become standard practice to define a generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes.

+ +

The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.

+ +

EXAMPLES

+ +

Encrypt a string using IDEA:

+ +
int do_crypt(char *outfile)
+{
+    unsigned char outbuf[1024];
+    int outlen, tmplen;
+    /*
+     * Bogus key and IV: we'd normally set these from
+     * another source.
+     */
+    unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+    unsigned char iv[] = {1,2,3,4,5,6,7,8};
+    char intext[] = "Some Crypto Text";
+    EVP_CIPHER_CTX *ctx;
+    FILE *out;
+
+    ctx = EVP_CIPHER_CTX_new();
+    EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
+
+    if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) {
+        /* Error */
+        EVP_CIPHER_CTX_free(ctx);
+        return 0;
+    }
+    /*
+     * Buffer passed to EVP_EncryptFinal() must be after data just
+     * encrypted to avoid overwriting it.
+     */
+    if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) {
+        /* Error */
+        EVP_CIPHER_CTX_free(ctx);
+        return 0;
+    }
+    outlen += tmplen;
+    EVP_CIPHER_CTX_free(ctx);
+    /*
+     * Need binary mode for fopen because encrypted data is
+     * binary data. Also cannot use strlen() on it because
+     * it won't be NUL terminated and may contain embedded
+     * NULs.
+     */
+    out = fopen(outfile, "wb");
+    if (out == NULL) {
+        /* Error */
+        return 0;
+    }
+    fwrite(outbuf, 1, outlen, out);
+    fclose(out);
+    return 1;
+}
+ +

The ciphertext from the above example can be decrypted using the openssl utility with the command line (shown on two lines for clarity):

+ +
openssl idea -d \
+    -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 <filename
+ +

General encryption and decryption function example using FILE I/O and AES128 with a 128-bit key:

+ +
int do_crypt(FILE *in, FILE *out, int do_encrypt)
+{
+    /* Allow enough space in output buffer for additional block */
+    unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
+    int inlen, outlen;
+    EVP_CIPHER_CTX *ctx;
+    /*
+     * Bogus key and IV: we'd normally set these from
+     * another source.
+     */
+    unsigned char key[] = "0123456789abcdeF";
+    unsigned char iv[] = "1234567887654321";
+
+    /* Don't set key or IV right away; we want to check lengths */
+    ctx = EVP_CIPHER_CTX_new();
+    EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
+                      do_encrypt);
+    OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
+    OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
+
+    /* Now we can set key and IV */
+    EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
+
+    for (;;) {
+        inlen = fread(inbuf, 1, 1024, in);
+        if (inlen <= 0)
+            break;
+        if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) {
+            /* Error */
+            EVP_CIPHER_CTX_free(ctx);
+            return 0;
+        }
+        fwrite(outbuf, 1, outlen, out);
+    }
+    if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) {
+        /* Error */
+        EVP_CIPHER_CTX_free(ctx);
+        return 0;
+    }
+    fwrite(outbuf, 1, outlen, out);
+
+    EVP_CIPHER_CTX_free(ctx);
+    return 1;
+}
+ +

SEE ALSO

+ +

evp(7)

+ +

Supported ciphers are listed in:

+ +

EVP_aes(3), EVP_aria(3), EVP_bf(3), EVP_camellia(3), EVP_cast5(3), EVP_chacha20(3), EVP_des(3), EVP_desx(3), EVP_idea(3), EVP_rc2(3), EVP_rc4(3), EVP_rc5(3), EVP_seed(3), EVP_sm4(3)

+ +

HISTORY

+ +

Support for OCB mode was added in OpenSSL 1.1.0.

+ +

EVP_CIPHER_CTX was made opaque in OpenSSL 1.1.0. As a result, EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() disappeared. EVP_CIPHER_CTX_init() remains as an alias for EVP_CIPHER_CTX_reset().

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_MD_meth_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_MD_meth_new.html new file mode 100644 index 00000000..9bf2afd8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_MD_meth_new.html @@ -0,0 +1,163 @@ + + + + +EVP_MD_meth_new + + + + + + + + + + +

NAME

+ +

EVP_MD_meth_dup, EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize, EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update, EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup, EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, EVP_MD_meth_get_ctrl - Routines to build up EVP_MD methods

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
+void EVP_MD_meth_free(EVP_MD *md);
+EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
+
+int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
+int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize);
+int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize);
+int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags);
+int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx));
+int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
+                                                     const void *data,
+                                                     size_t count));
+int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
+                                                   unsigned char *md));
+int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
+                                                 const EVP_MD_CTX *from));
+int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx));
+int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
+                                                 int p1, void *p2));
+
+int EVP_MD_meth_get_input_blocksize(const EVP_MD *md);
+int EVP_MD_meth_get_result_size(const EVP_MD *md);
+int EVP_MD_meth_get_app_datasize(const EVP_MD *md);
+unsigned long EVP_MD_meth_get_flags(const EVP_MD *md);
+int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx);
+int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                const void *data,
+                                                size_t count);
+int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                               unsigned char *md);
+int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
+                                              const EVP_MD_CTX *from);
+int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx);
+int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
+                                              int p1, void *p2);
+ +

DESCRIPTION

+ +

The EVP_MD type is a structure for digest method implementation. It can also have associated public/private key signing and verifying routines.

+ +

EVP_MD_meth_new() creates a new EVP_MD structure.

+ +

EVP_MD_meth_dup() creates a copy of md.

+ +

EVP_MD_meth_free() destroys a EVP_MD structure.

+ +

EVP_MD_meth_set_input_blocksize() sets the internal input block size for the method md to blocksize bytes.

+ +

EVP_MD_meth_set_result_size() sets the size of the result that the digest method in md is expected to produce to resultsize bytes.

+ +

The digest method may have its own private data, which OpenSSL will allocate for it. EVP_MD_meth_set_app_datasize() should be used to set the size for it to datasize.

+ +

EVP_MD_meth_set_flags() sets the flags to describe optional behaviours in the particular md. Several flags can be or'd together. The available flags are:

+ +
+ +
EVP_MD_FLAG_ONESHOT
+
+ +

This digest method can only handle one block of input.

+ +
+
EVP_MD_FLAG_XOF
+
+ +

This digest method is an extensible-output function (XOF) and supports the EVP_MD_CTRL_XOF_LEN control.

+ +
+
EVP_MD_FLAG_DIGALGID_NULL
+
+ +

When setting up a DigestAlgorithmIdentifier, this flag will have the parameter set to NULL by default. Use this for PKCS#1. Note: if combined with EVP_MD_FLAG_DIGALGID_ABSENT, the latter will override.

+ +
+
EVP_MD_FLAG_DIGALGID_ABSENT
+
+ +

When setting up a DigestAlgorithmIdentifier, this flag will have the parameter be left absent by default. Note: if combined with EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.

+ +
+
EVP_MD_FLAG_DIGALGID_CUSTOM
+
+ +

Custom DigestAlgorithmIdentifier handling via ctrl, with EVP_MD_FLAG_DIGALGID_ABSENT as default. Note: if combined with EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden. Currently unused.

+ +
+
EVP_MD_FLAG_FIPS
+
+ +

This digest method is suitable for use in FIPS mode. Currently unused.

+ +
+
+ +

EVP_MD_meth_set_init() sets the digest init function for md. The digest init function is called by EVP_Digest(), EVP_DigestInit(), EVP_DigestInit_ex(), EVP_SignInit, EVP_SignInit_ex(), EVP_VerifyInit() and EVP_VerifyInit_ex().

+ +

EVP_MD_meth_set_update() sets the digest update function for md. The digest update function is called by EVP_Digest(), EVP_DigestUpdate() and EVP_SignUpdate().

+ +

EVP_MD_meth_set_final() sets the digest final function for md. The digest final function is called by EVP_Digest(), EVP_DigestFinal(), EVP_DigestFinal_ex(), EVP_SignFinal() and EVP_VerifyFinal().

+ +

EVP_MD_meth_set_copy() sets the function for md to do extra computations after the method's private data structure has been copied from one EVP_MD_CTX to another. If all that's needed is to copy the data, there is no need for this copy function. Note that the copy function is passed two EVP_MD_CTX *, the private data structure is then available with EVP_MD_CTX_md_data(). This copy function is called by EVP_MD_CTX_copy() and EVP_MD_CTX_copy_ex().

+ +

EVP_MD_meth_set_cleanup() sets the function for md to do extra cleanup before the method's private data structure is cleaned out and freed. Note that the cleanup function is passed a EVP_MD_CTX *, the private data structure is then available with EVP_MD_CTX_md_data(). This cleanup function is called by EVP_MD_CTX_reset() and EVP_MD_CTX_free().

+ +

EVP_MD_meth_set_ctrl() sets the control function for md. See EVP_MD_CTX_ctrl(3) for the available controls.

+ +

EVP_MD_meth_get_input_blocksize(), EVP_MD_meth_get_result_size(), EVP_MD_meth_get_app_datasize(), EVP_MD_meth_get_flags(), EVP_MD_meth_get_init(), EVP_MD_meth_get_update(), EVP_MD_meth_get_final(), EVP_MD_meth_get_copy(), EVP_MD_meth_get_cleanup() and EVP_MD_meth_get_ctrl() are all used to retrieve the method data given with the EVP_MD_meth_set_*() functions above.

+ +

RETURN VALUES

+ +

EVP_MD_meth_new() and EVP_MD_meth_dup() return a pointer to a newly created EVP_MD, or NULL on failure. All EVP_MD_meth_set_*() functions return 1. EVP_MD_get_input_blocksize(), EVP_MD_meth_get_result_size(), EVP_MD_meth_get_app_datasize() and EVP_MD_meth_get_flags() return the indicated sizes or flags. All other EVP_CIPHER_meth_get_*() functions return pointers to their respective md function.

+ +

SEE ALSO

+ +

EVP_DigestInit(3), EVP_SignInit(3), EVP_VerifyInit(3)

+ +

HISTORY

+ +

The EVP_MD structure was openly available in OpenSSL before version 1.1. The functions described here were added in OpenSSL 1.1.

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_OpenInit.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_OpenInit.html new file mode 100644 index 00000000..c1c73618 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_OpenInit.html @@ -0,0 +1,75 @@ + + + + +EVP_OpenInit + + + + + + + + + + +

NAME

+ +

EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
+                 int ekl, unsigned char *iv, EVP_PKEY *priv);
+int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                   int *outl, unsigned char *in, int inl);
+int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+ +

DESCRIPTION

+ +

The EVP envelope routines are a high level interface to envelope decryption. They decrypt a public key encrypted symmetric key and then decrypt data using it.

+ +

EVP_OpenInit() initializes a cipher context ctx for decryption with cipher type. It decrypts the encrypted symmetric key of length ekl bytes passed in the ek parameter using the private key priv. The IV is supplied in the iv parameter.

+ +

EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as documented on the EVP_EncryptInit(3) manual page.

+ +

NOTES

+ +

It is possible to call EVP_OpenInit() twice in the same way as EVP_DecryptInit(). The first call should have priv set to NULL and (after setting any cipher parameters) it should be called again with type set to NULL.

+ +

If the cipher passed in the type parameter is a variable length cipher then the key length will be set to the value of the recovered key length. If the cipher is a fixed length cipher then the recovered key length must match the fixed cipher length.

+ +

RETURN VALUES

+ +

EVP_OpenInit() returns 0 on error or a non zero integer (actually the recovered secret key size) if successful.

+ +

EVP_OpenUpdate() returns 1 for success or 0 for failure.

+ +

EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success.

+ +

SEE ALSO

+ +

evp(7), RAND_bytes(3), EVP_EncryptInit(3), EVP_SealInit(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_ASN1_METHOD.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_ASN1_METHOD.html new file mode 100644 index 00000000..5860824b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_ASN1_METHOD.html @@ -0,0 +1,341 @@ + + + + +EVP_PKEY_ASN1_METHOD + + + + + + + + + + +

NAME

+ +

EVP_PKEY_ASN1_METHOD, EVP_PKEY_asn1_new, EVP_PKEY_asn1_copy, EVP_PKEY_asn1_free, EVP_PKEY_asn1_add0, EVP_PKEY_asn1_add_alias, EVP_PKEY_asn1_set_public, EVP_PKEY_asn1_set_private, EVP_PKEY_asn1_set_param, EVP_PKEY_asn1_set_free, EVP_PKEY_asn1_set_ctrl, EVP_PKEY_asn1_set_item, EVP_PKEY_asn1_set_siginf, EVP_PKEY_asn1_set_check, EVP_PKEY_asn1_set_public_check, EVP_PKEY_asn1_set_param_check, EVP_PKEY_asn1_set_security_bits, EVP_PKEY_asn1_set_set_priv_key, EVP_PKEY_asn1_set_set_pub_key, EVP_PKEY_asn1_set_get_priv_key, EVP_PKEY_asn1_set_get_pub_key, EVP_PKEY_get0_asn1 - manipulating and registering EVP_PKEY_ASN1_METHOD structure

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
+
+EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
+                                        const char *pem_str,
+                                        const char *info);
+void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
+                        const EVP_PKEY_ASN1_METHOD *src);
+void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
+int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
+int EVP_PKEY_asn1_add_alias(int to, int from);
+
+void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*pub_decode) (EVP_PKEY *pk,
+                                                 X509_PUBKEY *pub),
+                              int (*pub_encode) (X509_PUBKEY *pub,
+                                                 const EVP_PKEY *pk),
+                              int (*pub_cmp) (const EVP_PKEY *a,
+                                              const EVP_PKEY *b),
+                              int (*pub_print) (BIO *out,
+                                                const EVP_PKEY *pkey,
+                                                int indent, ASN1_PCTX *pctx),
+                              int (*pkey_size) (const EVP_PKEY *pk),
+                              int (*pkey_bits) (const EVP_PKEY *pk));
+void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
+                               int (*priv_decode) (EVP_PKEY *pk,
+                                                   const PKCS8_PRIV_KEY_INFO
+                                                   *p8inf),
+                               int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8,
+                                                   const EVP_PKEY *pk),
+                               int (*priv_print) (BIO *out,
+                                                  const EVP_PKEY *pkey,
+                                                  int indent,
+                                                  ASN1_PCTX *pctx));
+void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*param_decode) (EVP_PKEY *pkey,
+                                                  const unsigned char **pder,
+                                                  int derlen),
+                             int (*param_encode) (const EVP_PKEY *pkey,
+                                                  unsigned char **pder),
+                             int (*param_missing) (const EVP_PKEY *pk),
+                             int (*param_copy) (EVP_PKEY *to,
+                                                const EVP_PKEY *from),
+                             int (*param_cmp) (const EVP_PKEY *a,
+                                               const EVP_PKEY *b),
+                             int (*param_print) (BIO *out,
+                                                 const EVP_PKEY *pkey,
+                                                 int indent,
+                                                 ASN1_PCTX *pctx));
+
+void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
+                            void (*pkey_free) (EVP_PKEY *pkey));
+void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
+                                              long arg1, void *arg2));
+void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*item_verify) (EVP_MD_CTX *ctx,
+                                                const ASN1_ITEM *it,
+                                                void *asn,
+                                                X509_ALGOR *a,
+                                                ASN1_BIT_STRING *sig,
+                                                EVP_PKEY *pkey),
+                            int (*item_sign) (EVP_MD_CTX *ctx,
+                                              const ASN1_ITEM *it,
+                                              void *asn,
+                                              X509_ALGOR *alg1,
+                                              X509_ALGOR *alg2,
+                                              ASN1_BIT_STRING *sig));
+
+void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*siginf_set) (X509_SIG_INFO *siginf,
+                                                 const X509_ALGOR *alg,
+                                                 const ASN1_STRING *sig));
+
+void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*pkey_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*pkey_pub_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*pkey_param_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*pkey_security_bits) (const EVP_PKEY
+                                                                *pk));
+
+void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*set_priv_key) (EVP_PKEY *pk,
+                                                         const unsigned char
+                                                            *priv,
+                                                         size_t len));
+
+void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*set_pub_key) (EVP_PKEY *pk,
+                                                       const unsigned char *pub,
+                                                       size_t len));
+
+void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*get_priv_key) (const EVP_PKEY *pk,
+                                                         unsigned char *priv,
+                                                         size_t *len));
+
+void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*get_pub_key) (const EVP_PKEY *pk,
+                                                       unsigned char *pub,
+                                                       size_t *len));
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey);
+ +

DESCRIPTION

+ +

EVP_PKEY_ASN1_METHOD is a structure which holds a set of ASN.1 conversion, printing and information methods for a specific public key algorithm.

+ +

There are two places where the EVP_PKEY_ASN1_METHOD objects are stored: one is a built-in array representing the standard methods for different algorithms, and the other one is a stack of user-defined application-specific methods, which can be manipulated by using EVP_PKEY_asn1_add0(3).

+ +

Methods

+ +

The methods are the underlying implementations of a particular public key algorithm present by the EVP_PKEY object.

+ +
int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub);
+int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk);
+int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                  ASN1_PCTX *pctx);
+ +

The pub_decode() and pub_encode() methods are called to decode / encode X509_PUBKEY ASN.1 parameters to / from pk. They MUST return 0 on error, 1 on success. They're called by X509_PUBKEY_get0(3) and X509_PUBKEY_set(3).

+ +

The pub_cmp() method is called when two public keys are to be compared. It MUST return 1 when the keys are equal, 0 otherwise. It's called by EVP_PKEY_cmp(3).

+ +

The pub_print() method is called to print a public key in humanly readable text to out, indented indent spaces. It MUST return 0 on error, 1 on success. It's called by EVP_PKEY_print_public(3).

+ +
int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
+int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
+int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                   ASN1_PCTX *pctx);
+ +

The priv_decode() and priv_encode() methods are called to decode / encode PKCS8_PRIV_KEY_INFO form private key to / from pk. They MUST return 0 on error, 1 on success. They're called by EVP_PKCS82PKEY(3) and EVP_PKEY2PKCS8(3).

+ +

The priv_print() method is called to print a private key in humanly readable text to out, indented indent spaces. It MUST return 0 on error, 1 on success. It's called by EVP_PKEY_print_private(3).

+ +
int (*pkey_size) (const EVP_PKEY *pk);
+int (*pkey_bits) (const EVP_PKEY *pk);
+int (*pkey_security_bits) (const EVP_PKEY *pk);
+ +

The pkey_size() method returns the key size in bytes. It's called by EVP_PKEY_size(3).

+ +

The pkey_bits() method returns the key size in bits. It's called by EVP_PKEY_bits(3).

+ +
int (*param_decode) (EVP_PKEY *pkey,
+                     const unsigned char **pder, int derlen);
+int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+int (*param_missing) (const EVP_PKEY *pk);
+int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from);
+int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                    ASN1_PCTX *pctx);
+ +

The param_decode() and param_encode() methods are called to decode / encode DER formatted parameters to / from pk. They MUST return 0 on error, 1 on success. They're called by PEM_read_bio_Parameters(3) and the file: OSSL_STORE_LOADER(3).

+ +

The param_missing() method returns 0 if a key parameter is missing, otherwise 1. It's called by EVP_PKEY_missing_parameters(3).

+ +

The param_copy() method copies key parameters from from to to. It MUST return 0 on error, 1 on success. It's called by EVP_PKEY_copy_parameters(3).

+ +

The param_cmp() method compares the parameters of keys a and b. It MUST return 1 when the keys are equal, 0 when not equal, or a negative number on error. It's called by EVP_PKEY_cmp_parameters(3).

+ +

The param_print() method prints the private key parameters in humanly readable text to out, indented indent spaces. It MUST return 0 on error, 1 on success. It's called by EVP_PKEY_print_params(3).

+ +
int (*sig_print) (BIO *out,
+                  const X509_ALGOR *sigalg, const ASN1_STRING *sig,
+                  int indent, ASN1_PCTX *pctx);
+ +

The sig_print() method prints a signature in humanly readable text to out, indented indent spaces. sigalg contains the exact signature algorithm. If the signature in sig doesn't correspond to what this method expects, X509_signature_dump() must be used as a last resort. It MUST return 0 on error, 1 on success. It's called by X509_signature_print(3).

+ +
void (*pkey_free) (EVP_PKEY *pkey);
+ +

The pkey_free() method helps freeing the internals of pkey. It's called by EVP_PKEY_free(3), EVP_PKEY_set_type(3), EVP_PKEY_set_type_str(3), and EVP_PKEY_assign(3).

+ +
int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2);
+ +

The pkey_ctrl() method adds extra algorithm specific control. It's called by EVP_PKEY_get_default_digest_nid(3), EVP_PKEY_set1_tls_encodedpoint(3), EVP_PKEY_get1_tls_encodedpoint(3), PKCS7_SIGNER_INFO_set(3), PKCS7_RECIP_INFO_set(3), ...

+ +
int (*old_priv_decode) (EVP_PKEY *pkey,
+                        const unsigned char **pder, int derlen);
+int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+ +

The old_priv_decode() and old_priv_encode() methods decode / encode they private key pkey from / to a DER formatted array. These are exclusively used to help decoding / encoding older (pre PKCS#8) PEM formatted encrypted private keys. old_priv_decode() MUST return 0 on error, 1 on success. old_priv_encode() MUST the return same kind of values as i2d_PrivateKey(). They're called by d2i_PrivateKey(3) and i2d_PrivateKey(3).

+ +
int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                    X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
+int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                  X509_ALGOR *alg1, X509_ALGOR *alg2,
+                  ASN1_BIT_STRING *sig);
+ +

The item_sign() and item_verify() methods make it possible to have algorithm specific signatures and verification of them.

+ +

item_sign() MUST return one of:

+ +
+ +
<=0
+
+ +

error

+ +
+
1
+
+ +

item_sign() did everything, OpenSSL internals just needs to pass the signature length back.

+ +
+
2
+
+ +

item_sign() did nothing, OpenSSL internal standard routines are expected to continue with the default signature production.

+ +
+
3
+
+ +

item_sign() set the algorithm identifier algor1 and algor2, OpenSSL internals should just sign using those algorithms.

+ +
+
+ +

item_verify() MUST return one of:

+ +
+ +
<=0
+
+ +

error

+ +
+
1
+
+ +

item_sign() did everything, OpenSSL internals just needs to pass the signature length back.

+ +
+
2
+
+ +

item_sign() did nothing, OpenSSL internal standard routines are expected to continue with the default signature production.

+ +
+
+ +

item_verify() and item_sign() are called by ASN1_item_verify(3) and ASN1_item_sign(3), and by extension, X509_verify(3), X509_REQ_verify(3), X509_sign(3), X509_REQ_sign(3), ...

+ +
int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                   const ASN1_STRING *sig);
+ +

The siginf_set() method is used to set custom X509_SIG_INFO parameters. It MUST return 0 on error, or 1 on success. It's called as part of X509_check_purpose(3), X509_check_ca(3) and X509_check_issued(3).

+ +
int (*pkey_check) (const EVP_PKEY *pk);
+int (*pkey_public_check) (const EVP_PKEY *pk);
+int (*pkey_param_check) (const EVP_PKEY *pk);
+ +

The pkey_check(), pkey_public_check() and pkey_param_check() methods are used to check the validity of pk for key-pair, public component and parameters, respectively. They MUST return 0 for an invalid key, or 1 for a valid key. They are called by EVP_PKEY_check(3), EVP_PKEY_public_check(3) and EVP_PKEY_param_check(3) respectively.

+ +
int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len);
+int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len);
+ +

The set_priv_key() and set_pub_key() methods are used to set the raw private and public key data for an EVP_PKEY. They MUST return 0 on error, or 1 on success. They are called by EVP_PKEY_new_raw_private_key(3), and EVP_PKEY_new_raw_public_key(3) respectively.

+ +

Functions

+ +

EVP_PKEY_asn1_new() creates and returns a new EVP_PKEY_ASN1_METHOD object, and associates the given id, flags, pem_str and info. id is a NID, pem_str is the PEM type string, info is a descriptive string. The following flags are supported:

+ +
ASN1_PKEY_SIGPARAM_NULL
+ +

If ASN1_PKEY_SIGPARAM_NULL is set, then the signature algorithm parameters are given the type V_ASN1_NULL by default, otherwise they will be given the type V_ASN1_UNDEF (i.e. the parameter is omitted). See X509_ALGOR_set0(3) for more information.

+ +

EVP_PKEY_asn1_copy() copies an EVP_PKEY_ASN1_METHOD object from src to dst. This function is not thread safe, it's recommended to only use this when initializing the application.

+ +

EVP_PKEY_asn1_free() frees an existing EVP_PKEY_ASN1_METHOD pointed by ameth.

+ +

EVP_PKEY_asn1_add0() adds ameth to the user defined stack of methods unless another EVP_PKEY_ASN1_METHOD with the same NID is already there. This function is not thread safe, it's recommended to only use this when initializing the application.

+ +

EVP_PKEY_asn1_add_alias() creates an alias with the NID to for the EVP_PKEY_ASN1_METHOD with NID from unless another EVP_PKEY_ASN1_METHOD with the same NID is already added. This function is not thread safe, it's recommended to only use this when initializing the application.

+ +

EVP_PKEY_asn1_set_public(), EVP_PKEY_asn1_set_private(), EVP_PKEY_asn1_set_param(), EVP_PKEY_asn1_set_free(), EVP_PKEY_asn1_set_ctrl(), EVP_PKEY_asn1_set_item(), EVP_PKEY_asn1_set_siginf(), EVP_PKEY_asn1_set_check(), EVP_PKEY_asn1_set_public_check(), EVP_PKEY_asn1_set_param_check(), EVP_PKEY_asn1_set_security_bits(), EVP_PKEY_asn1_set_set_priv_key(), EVP_PKEY_asn1_set_set_pub_key(), EVP_PKEY_asn1_set_get_priv_key() and EVP_PKEY_asn1_set_get_pub_key() set the diverse methods of the given EVP_PKEY_ASN1_METHOD object.

+ +

EVP_PKEY_get0_asn1() finds the EVP_PKEY_ASN1_METHOD associated with the key pkey.

+ +

RETURN VALUES

+ +

EVP_PKEY_asn1_new() returns NULL on error, or a pointer to an EVP_PKEY_ASN1_METHOD object otherwise.

+ +

EVP_PKEY_asn1_add0() and EVP_PKEY_asn1_add_alias() return 0 on error, or 1 on success.

+ +

EVP_PKEY_get0_asn1() returns NULL on error, or a pointer to a constant EVP_PKEY_ASN1_METHOD object otherwise.

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_ctrl.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_ctrl.html new file mode 100644 index 00000000..5c0108cd --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_ctrl.html @@ -0,0 +1,278 @@ + + + + +EVP_PKEY_CTX_ctrl + + + + + + + + + + +

NAME

+ +

EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX_md, EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_get_signature_md, EVP_PKEY_CTX_set_mac_key, EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_CTX_get_rsa_padding, EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_get_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits, EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_rsa_keygen_primes, EVP_PKEY_CTX_set_rsa_mgf1_md, EVP_PKEY_CTX_get_rsa_mgf1_md, EVP_PKEY_CTX_set_rsa_oaep_md, EVP_PKEY_CTX_get_rsa_oaep_md, EVP_PKEY_CTX_set0_rsa_oaep_label, EVP_PKEY_CTX_get0_rsa_oaep_label, EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dsa_paramgen_q_bits, EVP_PKEY_CTX_set_dsa_paramgen_md, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_subprime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, EVP_PKEY_CTX_set_dh_paramgen_type, EVP_PKEY_CTX_set_dh_rfc5114, EVP_PKEY_CTX_set_dhx_rfc5114, EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid, EVP_PKEY_CTX_set_dh_kdf_type, EVP_PKEY_CTX_get_dh_kdf_type, EVP_PKEY_CTX_set0_dh_kdf_oid, EVP_PKEY_CTX_get0_dh_kdf_oid, EVP_PKEY_CTX_set_dh_kdf_md, EVP_PKEY_CTX_get_dh_kdf_md, EVP_PKEY_CTX_set_dh_kdf_outlen, EVP_PKEY_CTX_get_dh_kdf_outlen, EVP_PKEY_CTX_set0_dh_kdf_ukm, EVP_PKEY_CTX_get0_dh_kdf_ukm, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc, EVP_PKEY_CTX_set_ecdh_cofactor_mode, EVP_PKEY_CTX_get_ecdh_cofactor_mode, EVP_PKEY_CTX_set_ecdh_kdf_type, EVP_PKEY_CTX_get_ecdh_kdf_type, EVP_PKEY_CTX_set_ecdh_kdf_md, EVP_PKEY_CTX_get_ecdh_kdf_md, EVP_PKEY_CTX_set_ecdh_kdf_outlen, EVP_PKEY_CTX_get_ecdh_kdf_outlen, EVP_PKEY_CTX_set0_ecdh_kdf_ukm, EVP_PKEY_CTX_get0_ecdh_kdf_ukm, EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len - algorithm specific control operations

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                      int cmd, int p1, void *p2);
+int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                             int cmd, uint64_t value);
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                          const char *value);
+
+int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md);
+
+int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd);
+
+int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, unsigned char *key, int len);
+
+#include <openssl/rsa.h>
+
+int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
+int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad);
+int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
+int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len);
+int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
+int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
+int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes);
+int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len);
+int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
+
+#include <openssl/dsa.h>
+
+int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
+int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits);
+int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+
+#include <openssl/dh.h>
+
+int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len);
+int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len);
+int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type);
+int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
+int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid);
+int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid);
+int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid);
+int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
+int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
+
+#include <openssl/ec.h>
+
+int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
+int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
+int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode);
+int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
+int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
+
+int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len);
+int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id);
+int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len);
+ +

DESCRIPTION

+ +

The function EVP_PKEY_CTX_ctrl() sends a control operation to the context ctx. The key type used must match keytype if it is not -1. The parameter optype is a mask indicating which operations the control can be applied to. The control command is indicated in cmd and any additional arguments in p1 and p2.

+ +

For cmd = EVP_PKEY_CTRL_SET_MAC_KEY, p1 is the length of the MAC key, and p2 is MAC key. This is used by Poly1305, SipHash, HMAC and CMAC.

+ +

Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will instead call one of the algorithm specific macros below.

+ +

The function EVP_PKEY_CTX_ctrl_uint64() is a wrapper that directly passes a uint64 value as p2 to EVP_PKEY_CTX_ctrl().

+ +

The function EVP_PKEY_CTX_ctrl_str() allows an application to send an algorithm specific control operation to a context ctx in string form. This is intended to be used for options specified on the command line or in text files. The commands supported are documented in the openssl utility command line pages for the option -pkeyopt which is supported by the pkeyutl, genpkey and req commands.

+ +

The function EVP_PKEY_CTX_md() sends a message digest control operation to the context ctx. The message digest is specified by its name md.

+ +

All the remaining "functions" are implemented as macros.

+ +

The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used in a signature. It can be used in the RSA, DSA and ECDSA algorithms.

+ +

The EVP_PKEY_CTX_get_signature_md() macro gets the message digest type used in a signature. It can be used in the RSA, DSA and ECDSA algorithms.

+ +

Key generation typically involves setting up parameters to be used and generating the private and public key data. Some algorithm implementations allow private key data to be set explicitly using the EVP_PKEY_CTX_set_mac_key() macro. In this case key generation is simply the process of setting up the parameters for the key and then setting the raw key data to the value explicitly provided by that macro. Normally applications would call EVP_PKEY_new_raw_private_key(3) or similar functions instead of this macro.

+ +

The EVP_PKEY_CTX_set_mac_key() macro can be used with any of the algorithms supported by the EVP_PKEY_new_raw_private_key(3) function.

+ +

RSA parameters

+ +

The EVP_PKEY_CTX_set_rsa_padding() macro sets the RSA padding mode for ctx. The pad parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding, RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding, RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only), RSA_X931_PADDING for X9.31 padding (signature operations only) and RSA_PKCS1_PSS_PADDING (sign and verify only).

+ +

Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md() is used. If this macro is called for PKCS#1 padding the plaintext buffer is an actual digest value and is encapsulated in a DigestInfo structure according to PKCS#1 when signing and this structure is expected (and stripped off) when verifying. If this control is not used with RSA and PKCS#1 padding then the supplied data is used directly and not encapsulated. In the case of X9.31 padding for RSA the algorithm identifier byte is added or checked and removed if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte.

+ +

The EVP_PKEY_CTX_get_rsa_padding() macro gets the RSA padding mode for ctx.

+ +

The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to len. As its name implies it is only supported for PSS padding. Three special values are supported: RSA_PSS_SALTLEN_DIGEST sets the salt length to the digest length, RSA_PSS_SALTLEN_MAX sets the salt length to the maximum permissible value. When verifying RSA_PSS_SALTLEN_AUTO causes the salt length to be automatically determined based on the PSS block structure. If this macro is not called maximum salt length is used when signing and auto detection when verifying is used by default.

+ +

The EVP_PKEY_CTX_get_rsa_pss_saltlen() macro gets the RSA PSS salt length for ctx. The padding mode must have been set to RSA_PKCS1_PSS_PADDING.

+ +

The EVP_PKEY_CTX_set_rsa_keygen_bits() macro sets the RSA key length for RSA key generation to bits. If not specified 1024 bits is used.

+ +

The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value for RSA key generation to pubexp. Currently it should be an odd integer. The pubexp pointer is used internally by this function so it should not be modified or freed after the call. If not specified 65537 is used.

+ +

The EVP_PKEY_CTX_set_rsa_keygen_primes() macro sets the number of primes for RSA key generation to primes. If not specified 2 is used.

+ +

The EVP_PKEY_CTX_set_rsa_mgf1_md() macro sets the MGF1 digest for RSA padding schemes to md. If not explicitly set the signing digest is used. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING or RSA_PKCS1_PSS_PADDING.

+ +

The EVP_PKEY_CTX_get_rsa_mgf1_md() macro gets the MGF1 digest for ctx. If not explicitly set the signing digest is used. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING or RSA_PKCS1_PSS_PADDING.

+ +

The EVP_PKEY_CTX_set_rsa_oaep_md() macro sets the message digest type used in RSA OAEP to md. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING.

+ +

The EVP_PKEY_CTX_get_rsa_oaep_md() macro gets the message digest type used in RSA OAEP to md. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING.

+ +

The EVP_PKEY_CTX_set0_rsa_oaep_label() macro sets the RSA OAEP label to label and its length to len. If label is NULL or len is 0, the label is cleared. The library takes ownership of the label so the caller should not free the original memory pointed to by label. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING.

+ +

The EVP_PKEY_CTX_get0_rsa_oaep_label() macro gets the RSA OAEP label to label. The return value is the label length. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING. The resulting pointer is owned by the library and should not be freed by the caller.

+ +

DSA parameters

+ +

The EVP_PKEY_CTX_set_dsa_paramgen_bits() macro sets the number of bits used for DSA parameter generation to nbits. If not specified, 1024 is used.

+ +

The EVP_PKEY_CTX_set_dsa_paramgen_q_bits() macro sets the number of bits in the subprime parameter q for DSA parameter generation to qbits. If not specified, 160 is used. If a digest function is specified below, this parameter is ignored and instead, the number of bits in q matches the size of the digest.

+ +

The EVP_PKEY_CTX_set_dsa_paramgen_md() macro sets the digest function used for DSA parameter generation to md. If not specified, one of SHA-1, SHA-224, or SHA-256 is selected to match the bit length of q above.

+ +

DH parameters

+ +

The EVP_PKEY_CTX_set_dh_paramgen_prime_len() macro sets the length of the DH prime parameter p for DH parameter generation. If this macro is not called then 1024 is used. Only accepts lengths greater than or equal to 256.

+ +

The EVP_PKEY_CTX_set_dh_paramgen_subprime_len() macro sets the length of the DH optional subprime parameter q for DH parameter generation. The default is 256 if the prime is at least 2048 bits long or 160 otherwise. The DH paramgen type must have been set to x9.42.

+ +

The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to gen for DH parameter generation. If not specified 2 is used.

+ +

The EVP_PKEY_CTX_set_dh_paramgen_type() macro sets the key type for DH parameter generation. Use 0 for PKCS#3 DH and 1 for X9.42 DH. The default is 0.

+ +

The EVP_PKEY_CTX_set_dh_pad() macro sets the DH padding mode. If pad is 1 the shared secret is padded with zeroes up to the size of the DH prime p. If pad is zero (the default) then no padding is performed.

+ +

EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to nid as defined in RFC7919. The nid parameter must be NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096, NID_ffdhe6144, NID_ffdhe8192 or NID_undef to clear the stored value. This macro can be called during parameter or key generation. The nid parameter and the rfc5114 parameter are mutually exclusive.

+ +

The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are synonymous. They set the DH parameters to the values defined in RFC5114. The rfc5114 parameter must be 1, 2 or 3 corresponding to RFC5114 sections 2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called during parameter generation. The ctx must have a key type of EVP_PKEY_DHX. The rfc5114 parameter and the nid parameter are mutually exclusive.

+ +

DH key derivation function parameters

+ +

Note that all of the following functions require that the ctx parameter has a private key type of EVP_PKEY_DHX. When using key derivation, the output of EVP_PKEY_derive() is the output of the KDF instead of the DH shared secret. The KDF output is typically used as a Key Encryption Key (KEK) that in turn encrypts a Content Encryption Key (CEK).

+ +

The EVP_PKEY_CTX_set_dh_kdf_type() macro sets the key derivation function type to kdf for DH key derivation. Possible values are EVP_PKEY_DH_KDF_NONE and EVP_PKEY_DH_KDF_X9_42 which uses the key derivation specified in RFC2631 (based on the keying algorithm described in X9.42). When using key derivation, the kdf_oid, kdf_md and kdf_outlen parameters must also be specified.

+ +

The EVP_PKEY_CTX_get_dh_kdf_type() macro gets the key derivation function type for ctx used for DH key derivation. Possible values are EVP_PKEY_DH_KDF_NONE and EVP_PKEY_DH_KDF_X9_42.

+ +

The EVP_PKEY_CTX_set0_dh_kdf_oid() macro sets the key derivation function object identifier to oid for DH key derivation. This OID should identify the algorithm to be used with the Content Encryption Key. The library takes ownership of the object identifier so the caller should not free the original memory pointed to by oid.

+ +

The EVP_PKEY_CTX_get0_dh_kdf_oid() macro gets the key derivation function oid for ctx used for DH key derivation. The resulting pointer is owned by the library and should not be freed by the caller.

+ +

The EVP_PKEY_CTX_set_dh_kdf_md() macro sets the key derivation function message digest to md for DH key derivation. Note that RFC2631 specifies that this digest should be SHA1 but OpenSSL tolerates other digests.

+ +

The EVP_PKEY_CTX_get_dh_kdf_md() macro gets the key derivation function message digest for ctx used for DH key derivation.

+ +

The EVP_PKEY_CTX_set_dh_kdf_outlen() macro sets the key derivation function output length to len for DH key derivation.

+ +

The EVP_PKEY_CTX_get_dh_kdf_outlen() macro gets the key derivation function output length for ctx used for DH key derivation.

+ +

The EVP_PKEY_CTX_set0_dh_kdf_ukm() macro sets the user key material to ukm and its length to len for DH key derivation. This parameter is optional and corresponds to the partyAInfo field in RFC2631 terms. The specification requires that it is 512 bits long but this is not enforced by OpenSSL. The library takes ownership of the user key material so the caller should not free the original memory pointed to by ukm.

+ +

The EVP_PKEY_CTX_get0_dh_kdf_ukm() macro gets the user key material for ctx. The return value is the user key material length. The resulting pointer is owned by the library and should not be freed by the caller.

+ +

EC parameters

+ +

The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter generation to nid. For EC parameter generation this macro must be called or an error occurs because there is no default curve. This function can also be called to set the curve explicitly when generating an EC key.

+ +

The EVP_PKEY_CTX_set_ec_param_enc() macro sets the EC parameter encoding to param_enc when generating EC parameters or an EC key. The encoding can be OPENSSL_EC_EXPLICIT_CURVE for explicit parameters (the default in versions of OpenSSL before 1.1.0) or OPENSSL_EC_NAMED_CURVE to use named curve form. For maximum compatibility the named curve form should be used. Note: the OPENSSL_EC_NAMED_CURVE value was added in OpenSSL 1.1.0; previous versions should use 0 instead.

+ +

ECDH parameters

+ +

The EVP_PKEY_CTX_set_ecdh_cofactor_mode() macro sets the cofactor mode to cofactor_mode for ECDH key derivation. Possible values are 1 to enable cofactor key derivation, 0 to disable it and -1 to clear the stored cofactor mode and fallback to the private key cofactor mode.

+ +

The EVP_PKEY_CTX_get_ecdh_cofactor_mode() macro returns the cofactor mode for ctx used for ECDH key derivation. Possible values are 1 when cofactor key derivation is enabled and 0 otherwise.

+ +

ECDH key derivation function parameters

+ +

The EVP_PKEY_CTX_set_ecdh_kdf_type() macro sets the key derivation function type to kdf for ECDH key derivation. Possible values are EVP_PKEY_ECDH_KDF_NONE and EVP_PKEY_ECDH_KDF_X9_63 which uses the key derivation specified in X9.63. When using key derivation, the kdf_md and kdf_outlen parameters must also be specified.

+ +

The EVP_PKEY_CTX_get_ecdh_kdf_type() macro returns the key derivation function type for ctx used for ECDH key derivation. Possible values are EVP_PKEY_ECDH_KDF_NONE and EVP_PKEY_ECDH_KDF_X9_63.

+ +

The EVP_PKEY_CTX_set_ecdh_kdf_md() macro sets the key derivation function message digest to md for ECDH key derivation. Note that X9.63 specifies that this digest should be SHA1 but OpenSSL tolerates other digests.

+ +

The EVP_PKEY_CTX_get_ecdh_kdf_md() macro gets the key derivation function message digest for ctx used for ECDH key derivation.

+ +

The EVP_PKEY_CTX_set_ecdh_kdf_outlen() macro sets the key derivation function output length to len for ECDH key derivation.

+ +

The EVP_PKEY_CTX_get_ecdh_kdf_outlen() macro gets the key derivation function output length for ctx used for ECDH key derivation.

+ +

The EVP_PKEY_CTX_set0_ecdh_kdf_ukm() macro sets the user key material to ukm for ECDH key derivation. This parameter is optional and corresponds to the shared info in X9.63 terms. The library takes ownership of the user key material so the caller should not free the original memory pointed to by ukm.

+ +

The EVP_PKEY_CTX_get0_ecdh_kdf_ukm() macro gets the user key material for ctx. The return value is the user key material length. The resulting pointer is owned by the library and should not be freed by the caller.

+ +

Other parameters

+ +

The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() macros are used to manipulate the special identifier field for specific signature algorithms such as SM2. The EVP_PKEY_CTX_set1_id() sets an ID pointed by id with the length id_len to the library. The library takes a copy of the id so that the caller can safely free the original memory pointed to by id. The EVP_PKEY_CTX_get1_id_len() macro returns the length of the ID set via a previous call to EVP_PKEY_CTX_set1_id(). The length is usually used to allocate adequate memory for further calls to EVP_PKEY_CTX_get1_id(). The EVP_PKEY_CTX_get1_id() macro returns the previously set ID value to caller in id. The caller should allocate adequate memory space for the id before calling EVP_PKEY_CTX_get1_id().

+ +

RETURN VALUES

+ +

EVP_PKEY_CTX_ctrl() and its macros return a positive value for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3), EVP_PKEY_derive(3), EVP_PKEY_keygen(3)

+ +

HISTORY

+ +

The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_new.html new file mode 100644 index 00000000..1e985841 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_new.html @@ -0,0 +1,77 @@ + + + + +EVP_PKEY_CTX_new + + + + + + + + + + +

NAME

+ +

EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free - public key algorithm context functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+ +

DESCRIPTION

+ +

The EVP_PKEY_CTX_new() function allocates public key algorithm context using the algorithm specified in pkey and ENGINE e.

+ +

The EVP_PKEY_CTX_new_id() function allocates public key algorithm context using the algorithm specified by id and ENGINE e. It is normally used when no EVP_PKEY structure is associated with the operations, for example during parameter generation of key generation for some algorithms.

+ +

EVP_PKEY_CTX_dup() duplicates the context ctx.

+ +

EVP_PKEY_CTX_free() frees up the context ctx. If ctx is NULL, nothing is done.

+ +

NOTES

+ +

The EVP_PKEY_CTX structure is an opaque public key algorithm context used by the OpenSSL high level public key API. Contexts MUST NOT be shared between threads: that is it is not permissible to use the same context simultaneously in two threads.

+ +

RETURN VALUES

+ +

EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() returns either the newly allocated EVP_PKEY_CTX structure of NULL if an error occurred.

+ +

EVP_PKEY_CTX_free() does not return a value.

+ +

SEE ALSO

+ +

EVP_PKEY_new(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html new file mode 100644 index 00000000..a44d4aef --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html @@ -0,0 +1,69 @@ + + + + +EVP_PKEY_CTX_set1_pbe_pass + + + + + + + + + + +

NAME

+ +

EVP_PKEY_CTX_set1_pbe_pass - generic KDF support functions

+ +

SYNOPSIS

+ +
#include <openssl/kdf.h>
+
+int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *pctx, unsigned char *pass,
+                               int passlen);
+ +

DESCRIPTION

+ +

These functions are generic support functions for all KDF algorithms.

+ +

EVP_PKEY_CTX_set1_pbe_pass() sets the password to the passlen first bytes from pass.

+ +

STRING CTRLS

+ +

There is also support for string based control operations via EVP_PKEY_CTX_ctrl_str(3). The password can be directly specified using the type parameter "pass" or given in hex encoding using the "hexpass" parameter.

+ +

NOTES

+ +

All these functions are implemented as macros.

+ +

RETURN VALUES

+ +

All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_hkdf_md.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_hkdf_md.html new file mode 100644 index 00000000..98216a1c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_hkdf_md.html @@ -0,0 +1,153 @@ + + + + +EVP_PKEY_CTX_set_hkdf_md + + + + + + + + + + +

NAME

+ +

EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, EVP_PKEY_CTX_hkdf_mode - HMAC-based Extract-and-Expand key derivation algorithm

+ +

SYNOPSIS

+ +
#include <openssl/kdf.h>
+
+int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode);
+
+int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
+
+int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt,
+                                int saltlen);
+
+int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key,
+                               int keylen);
+
+int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info,
+                                int infolen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function. HKDF follows the "extract-then-expand" paradigm, where the KDF logically consists of two modules. The first stage takes the input keying material and "extracts" from it a fixed-length pseudorandom key K. The second stage "expands" the key K into several additional pseudorandom keys (the output of the KDF).

+ +

EVP_PKEY_CTX_hkdf_mode() sets the mode for the HKDF operation. There are three modes that are currently defined:

+ +
+ +
EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND
+
+ +

This is the default mode. Calling EVP_PKEY_derive(3) on an EVP_PKEY_CTX set up for HKDF will perform an extract followed by an expand operation in one go. The derived key returned will be the result after the expand operation. The intermediate fixed-length pseudorandom key K is not returned.

+ +

In this mode the digest, key, salt and info values must be set before a key is derived or an error occurs.

+ +
+
EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY
+
+ +

In this mode calling EVP_PKEY_derive(3) will just perform the extract operation. The value returned will be the intermediate fixed-length pseudorandom key K.

+ +

The digest, key and salt values must be set before a key is derived or an error occurs.

+ +
+
EVP_PKEY_HKDEF_MODE_EXPAND_ONLY
+
+ +

In this mode calling EVP_PKEY_derive(3) will just perform the expand operation. The input key should be set to the intermediate fixed-length pseudorandom key K returned from a previous extract operation.

+ +

The digest, key and info values must be set before a key is derived or an error occurs.

+ +
+
+ +

EVP_PKEY_CTX_set_hkdf_md() sets the message digest associated with the HKDF.

+ +

EVP_PKEY_CTX_set1_hkdf_salt() sets the salt to saltlen bytes of the buffer salt. Any existing value is replaced.

+ +

EVP_PKEY_CTX_set1_hkdf_key() sets the key to keylen bytes of the buffer key. Any existing value is replaced.

+ +

EVP_PKEY_CTX_add1_hkdf_info() sets the info value to infolen bytes of the buffer info. If a value is already set, it is appended to the existing value.

+ +

STRING CTRLS

+ +

HKDF also supports string based control operations via EVP_PKEY_CTX_ctrl_str(3). The type parameter "md" uses the supplied value as the name of the digest algorithm to use. The type parameter "mode" uses the values "EXTRACT_AND_EXPAND", "EXTRACT_ONLY" and "EXPAND_ONLY" to determine the mode to use. The type parameters "salt", "key" and "info" use the supplied value parameter as a seed, key or info value. The names "hexsalt", "hexkey" and "hexinfo" are similar except they take a hex string which is converted to binary.

+ +

NOTES

+ +

All these functions are implemented as macros.

+ +

A context for HKDF can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+ +

The total length of the info buffer cannot exceed 1024 bytes in length: this should be more than enough for any normal use of HKDF.

+ +

The output length of an HKDF expand operation is specified via the length parameter to the EVP_PKEY_derive(3) function. Since the HKDF output length is variable, passing a NULL buffer as a means to obtain the requisite length is not meaningful with HKDF in any mode that performs an expand operation. Instead, the caller must allocate a buffer of the desired length, and pass that buffer to EVP_PKEY_derive(3) along with (a pointer initialized to) the desired length. Passing a NULL buffer to obtain the length is allowed when using EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY.

+ +

Optimised versions of HKDF can be implemented in an ENGINE.

+ +

RETURN VALUES

+ +

All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

This example derives 10 bytes using SHA-256 with the secret key "secret", salt value "salt" and info value "label":

+ +
EVP_PKEY_CTX *pctx;
+unsigned char out[10];
+size_t outlen = sizeof(out);
+pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+
+if (EVP_PKEY_derive_init(pctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0)
+    /* Error */
+if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
+    /* Error */
+ +

CONFORMING TO

+ +

RFC 5869

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html new file mode 100644 index 00000000..1ad95838 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html @@ -0,0 +1,93 @@ + + + + +EVP_PKEY_CTX_set_rsa_pss_keygen_md + + + + + + + + + + +

NAME

+ +

EVP_PKEY_CTX_set_rsa_pss_keygen_md, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen - EVP_PKEY RSA-PSS algorithm support functions

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx,
+                                       const EVP_MD *md);
+int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx,
+                                            const EVP_MD *md);
+int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx,
+                                            int saltlen);
+ +

DESCRIPTION

+ +

These are the functions that implement RSA-PSS(7).

+ +

Signing and Verification

+ +

The macro EVP_PKEY_CTX_set_rsa_padding() is supported but an error is returned if an attempt is made to set the padding mode to anything other than PSS. It is otherwise similar to the RSA version.

+ +

The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro is used to set the salt length. If the key has usage restrictions then an error is returned if an attempt is made to set the salt length below the minimum value. It is otherwise similar to the RSA operation except detection of the salt length (using RSA_PSS_SALTLEN_AUTO) is not supported for verification if the key has usage restrictions.

+ +

The EVP_PKEY_CTX_set_signature_md() and EVP_PKEY_CTX_set_rsa_mgf1_md() macros are used to set the digest and MGF1 algorithms respectively. If the key has usage restrictions then an error is returned if an attempt is made to set the digest to anything other than the restricted value. Otherwise these are similar to the RSA versions.

+ +

Key Generation

+ +

As with RSA key generation the EVP_PKEY_CTX_set_rsa_keygen_bits() and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS: they have exactly the same meaning as for the RSA algorithm.

+ +

Optional parameter restrictions can be specified when generating a PSS key. If any restrictions are set (using the macros described below) then all parameters are restricted. For example, setting a minimum salt length also restricts the digest and MGF1 algorithms. If any restrictions are in place then they are reflected in the corresponding parameters of the public key when (for example) a certificate request is signed.

+ +

EVP_PKEY_CTX_set_rsa_pss_keygen_md() restricts the digest algorithm the generated key can use to md.

+ +

EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md() restricts the MGF1 algorithm the generated key can use to md.

+ +

EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen() restricts the minimum salt length to saltlen.

+ +

NOTES

+ +

A context for the RSA-PSS algorithm can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL);
+ +

RETURN VALUES

+ +

All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

SEE ALSO

+ +

RSA-PSS(7), EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_scrypt_N.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_scrypt_N.html new file mode 100644 index 00000000..006cbd3b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_scrypt_N.html @@ -0,0 +1,84 @@ + + + + +EVP_PKEY_CTX_set_scrypt_N + + + + + + + + + + +

NAME

+ +

EVP_PKEY_CTX_set1_scrypt_salt, EVP_PKEY_CTX_set_scrypt_N, EVP_PKEY_CTX_set_scrypt_r, EVP_PKEY_CTX_set_scrypt_p, EVP_PKEY_CTX_set_scrypt_maxmem_bytes - EVP_PKEY scrypt KDF support functions

+ +

SYNOPSIS

+ +
#include <openssl/kdf.h>
+
+int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *pctx, unsigned char *salt,
+                                  int saltlen);
+
+int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *pctx, uint64_t N);
+
+int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *pctx, uint64_t r);
+
+int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *pctx, uint64_t p);
+
+int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx,
+                                         uint64_t maxmem);
+ +

DESCRIPTION

+ +

These functions are used to set up the necessary data to use the scrypt KDF. For more information on scrypt, see scrypt(7).

+ +

EVP_PKEY_CTX_set1_scrypt_salt() sets the saltlen bytes long salt value.

+ +

EVP_PKEY_CTX_set_scrypt_N(), EVP_PKEY_CTX_set_scrypt_r() and EVP_PKEY_CTX_set_scrypt_p() configure the work factors N, r and p.

+ +

EVP_PKEY_CTX_set_scrypt_maxmem_bytes() sets how much RAM key derivation may maximally use, given in bytes. If RAM is exceeded because the load factors are chosen too high, the key derivation will fail.

+ +

STRING CTRLS

+ +

scrypt also supports string based control operations via EVP_PKEY_CTX_ctrl_str(3). Similarly, the salt can either be specified using the type parameter "salt" or in hex encoding by using the "hexsalt" parameter. The work factors N, r and p as well as maxmem_bytes can be set by using the parameters "N", "r", "p" and "maxmem_bytes", respectively.

+ +

NOTES

+ +

The scrypt KDF also uses EVP_PKEY_CTX_set1_pbe_pass() as well as the value from the string controls "pass" and "hexpass". See EVP_PKEY_CTX_set1_pbe_pass(3).

+ +

All the functions described here are implemented as macros.

+ +

RETURN VALUES

+ +

All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

SEE ALSO

+ +

scrypt(7), EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html new file mode 100644 index 00000000..de581770 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html @@ -0,0 +1,109 @@ + + + + +EVP_PKEY_CTX_set_tls1_prf_md + + + + + + + + + + +

NAME

+ +

EVP_PKEY_CTX_set_tls1_prf_md, EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed - TLS PRF key derivation algorithm

+ +

SYNOPSIS

+ +
#include <openssl/kdf.h>
+
+int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
+int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx,
+                                      unsigned char *sec, int seclen);
+int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx,
+                                    unsigned char *seed, int seedlen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_TLS1_PRF algorithm implements the PRF key derivation function for TLS. It has no associated private key and only implements key derivation using EVP_PKEY_derive(3).

+ +

EVP_PKEY_set_tls1_prf_md() sets the message digest associated with the TLS PRF. EVP_md5_sha1() is treated as a special case which uses the PRF algorithm using both MD5 and SHA1 as used in TLS 1.0 and 1.1.

+ +

EVP_PKEY_CTX_set_tls1_prf_secret() sets the secret value of the TLS PRF to seclen bytes of the buffer sec. Any existing secret value is replaced and any seed is reset.

+ +

EVP_PKEY_CTX_add1_tls1_prf_seed() sets the seed to seedlen bytes of seed. If a seed is already set it is appended to the existing value.

+ +

STRING CTRLS

+ +

The TLS PRF also supports string based control operations using EVP_PKEY_CTX_ctrl_str(3). The type parameter "md" uses the supplied value as the name of the digest algorithm to use. The type parameters "secret" and "seed" use the supplied value parameter as a secret or seed value. The names "hexsecret" and "hexseed" are similar except they take a hex string which is converted to binary.

+ +

NOTES

+ +

All these functions are implemented as macros.

+ +

A context for the TLS PRF can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+ +

The digest, secret value and seed must be set before a key is derived or an error occurs.

+ +

The total length of all seeds cannot exceed 1024 bytes in length: this should be more than enough for any normal use of the TLS PRF.

+ +

The output length of the PRF is specified by the length parameter in the EVP_PKEY_derive() function. Since the output length is variable, setting the buffer to NULL is not meaningful for the TLS PRF.

+ +

Optimised versions of the TLS PRF can be implemented in an ENGINE.

+ +

RETURN VALUES

+ +

All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

This example derives 10 bytes using SHA-256 with the secret key "secret" and seed value "seed":

+ +
EVP_PKEY_CTX *pctx;
+unsigned char out[10];
+size_t outlen = sizeof(out);
+
+pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+if (EVP_PKEY_derive_init(pctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0)
+    /* Error */
+if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
+    /* Error */
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_asn1_get_count.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_asn1_get_count.html new file mode 100644 index 00000000..781e9fe2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_asn1_get_count.html @@ -0,0 +1,78 @@ + + + + +EVP_PKEY_asn1_get_count + + + + + + + + + + +

NAME

+ +

EVP_PKEY_asn1_find, EVP_PKEY_asn1_find_str, EVP_PKEY_asn1_get_count, EVP_PKEY_asn1_get0, EVP_PKEY_asn1_get0_info - enumerate public key ASN.1 methods

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_asn1_get_count(void);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
+                                                   const char *str, int len);
+int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id,
+                            int *ppkey_flags, const char **pinfo,
+                            const char **ppem_str,
+                            const EVP_PKEY_ASN1_METHOD *ameth);
+ +

DESCRIPTION

+ +

EVP_PKEY_asn1_count() returns a count of the number of public key ASN.1 methods available: it includes standard methods and any methods added by the application.

+ +

EVP_PKEY_asn1_get0() returns the public key ASN.1 method idx. The value of idx must be between zero and EVP_PKEY_asn1_get_count() - 1.

+ +

EVP_PKEY_asn1_find() looks up the EVP_PKEY_ASN1_METHOD with NID type. If pe isn't NULL, then it will look up an engine implementing a EVP_PKEY_ASN1_METHOD for the NID type and return that instead, and also set *pe to point at the engine that implements it.

+ +

EVP_PKEY_asn1_find_str() looks up the EVP_PKEY_ASN1_METHOD with PEM type string str. Just like EVP_PKEY_asn1_find(), if pe isn't NULL, then it will look up an engine implementing a EVP_PKEY_ASN1_METHOD for the NID type and return that instead, and also set *pe to point at the engine that implements it.

+ +

EVP_PKEY_asn1_get0_info() returns the public key ID, base public key ID (both NIDs), any flags, the method description and PEM type string associated with the public key ASN.1 method *ameth.

+ +

EVP_PKEY_asn1_count(), EVP_PKEY_asn1_get0(), EVP_PKEY_asn1_find() and EVP_PKEY_asn1_find_str() are not thread safe, but as long as all EVP_PKEY_ASN1_METHOD objects are added before the application gets threaded, using them is safe. See EVP_PKEY_asn1_add0(3).

+ +

RETURN VALUES

+ +

EVP_PKEY_asn1_count() returns the number of available public key methods.

+ +

EVP_PKEY_asn1_get0() return a public key method or NULL if idx is out of range.

+ +

EVP_PKEY_asn1_get0_info() returns 0 on failure, 1 on success.

+ +

SEE ALSO

+ +

EVP_PKEY_asn1_new(3), EVP_PKEY_asn1_add0(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_cmp.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_cmp.html new file mode 100644 index 00000000..cf0a6dd4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_cmp.html @@ -0,0 +1,77 @@ + + + + +EVP_PKEY_cmp + + + + + + + + + + +

NAME

+ +

EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp - public key parameter and comparison functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
+int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
+
+int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
+int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
+ +

DESCRIPTION

+ +

The function EVP_PKEY_missing_parameters() returns 1 if the public key parameters of pkey are missing and 0 if they are present or the algorithm doesn't use parameters.

+ +

The function EVP_PKEY_copy_parameters() copies the parameters from key from to key to. An error is returned if the parameters are missing in from or present in both from and to and mismatch. If the parameters in from and to are both present and match this function has no effect.

+ +

The function EVP_PKEY_cmp_parameters() compares the parameters of keys a and b.

+ +

The function EVP_PKEY_cmp() compares the public key components and parameters (if present) of keys a and b.

+ +

NOTES

+ +

The main purpose of the functions EVP_PKEY_missing_parameters() and EVP_PKEY_copy_parameters() is to handle public keys in certificates where the parameters are sometimes omitted from a public key if they are inherited from the CA that signed it.

+ +

Since OpenSSL private keys contain public key components too the function EVP_PKEY_cmp() can also be used to determine if a private key matches a public key.

+ +

RETURN VALUES

+ +

The function EVP_PKEY_missing_parameters() returns 1 if the public key parameters of pkey are missing and 0 if they are present or the algorithm doesn't use parameters.

+ +

These functions EVP_PKEY_copy_parameters() returns 1 for success and 0 for failure.

+ +

The function EVP_PKEY_cmp_parameters() and EVP_PKEY_cmp() return 1 if the keys match, 0 if they don't match, -1 if the key types are different and -2 if the operation is not supported.

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_keygen(3)

+ +

COPYRIGHT

+ +

Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_decrypt.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_decrypt.html new file mode 100644 index 00000000..301bb7d6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_decrypt.html @@ -0,0 +1,113 @@ + + + + +EVP_PKEY_decrypt + + + + + + + + + + +

NAME

+ +

EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_decrypt_init() function initializes a public key algorithm context using key pkey for a decryption operation.

+ +

The EVP_PKEY_decrypt() function performs a public key decryption operation using ctx. The data to be decrypted is specified using the in and inlen parameters. If out is NULL then the maximum size of the output buffer is written to the outlen parameter. If out is not NULL then before the call the outlen parameter should contain the length of the out buffer, if the call is successful the decrypted data is written to out and the amount of data written to outlen.

+ +

NOTES

+ +

After the call to EVP_PKEY_decrypt_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation.

+ +

The function EVP_PKEY_decrypt() can be called more than once on the same context if several operations are performed using the same parameters.

+ +

RETURN VALUES

+ +

EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

Decrypt data using OAEP (for RSA keys):

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+EVP_PKEY_CTX *ctx;
+ENGINE *eng;
+unsigned char *out, *in;
+size_t outlen, inlen;
+EVP_PKEY *key;
+
+/*
+ * NB: assumes key, eng, in, inlen are already set up
+ * and that key is an RSA private key
+ */
+ctx = EVP_PKEY_CTX_new(key, eng);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_decrypt_init(ctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+    /* Error */
+
+/* Determine buffer length */
+if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+    /* Error */
+
+out = OPENSSL_malloc(outlen);
+
+if (!out)
+    /* malloc failure */
+
+if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
+    /* Error */
+
+/* Decrypted data is outlen bytes written to buffer out */
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_encrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3), EVP_PKEY_derive(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_derive.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_derive.html new file mode 100644 index 00000000..af93a8ed --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_derive.html @@ -0,0 +1,111 @@ + + + + +EVP_PKEY_derive + + + + + + + + + + +

NAME

+ +

EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public key algorithm shared secret

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_derive_init() function initializes a public key algorithm context using key pkey for shared secret derivation.

+ +

The EVP_PKEY_derive_set_peer() function sets the peer key: this will normally be a public key.

+ +

The EVP_PKEY_derive() derives a shared secret using ctx. If key is NULL then the maximum size of the output buffer is written to the keylen parameter. If key is not NULL then before the call the keylen parameter should contain the length of the key buffer, if the call is successful the shared secret is written to key and the amount of data written to keylen.

+ +

NOTES

+ +

After the call to EVP_PKEY_derive_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation.

+ +

The function EVP_PKEY_derive() can be called more than once on the same context if several operations are performed using the same parameters.

+ +

RETURN VALUES

+ +

EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

Derive shared secret (for example DH or EC keys):

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+EVP_PKEY_CTX *ctx;
+ENGINE *eng;
+unsigned char *skey;
+size_t skeylen;
+EVP_PKEY *pkey, *peerkey;
+/* NB: assumes pkey, eng, peerkey have been already set up */
+
+ctx = EVP_PKEY_CTX_new(pkey, eng);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_derive_init(ctx) <= 0)
+    /* Error */
+if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
+    /* Error */
+
+/* Determine buffer length */
+if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
+    /* Error */
+
+skey = OPENSSL_malloc(skeylen);
+
+if (!skey)
+    /* malloc failure */
+
+if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
+    /* Error */
+
+/* Shared secret is skey bytes written to buffer skey */
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3),

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_encrypt.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_encrypt.html new file mode 100644 index 00000000..e2def41a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_encrypt.html @@ -0,0 +1,114 @@ + + + + +EVP_PKEY_encrypt + + + + + + + + + + +

NAME

+ +

EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_encrypt_init() function initializes a public key algorithm context using key pkey for an encryption operation.

+ +

The EVP_PKEY_encrypt() function performs a public key encryption operation using ctx. The data to be encrypted is specified using the in and inlen parameters. If out is NULL then the maximum size of the output buffer is written to the outlen parameter. If out is not NULL then before the call the outlen parameter should contain the length of the out buffer, if the call is successful the encrypted data is written to out and the amount of data written to outlen.

+ +

NOTES

+ +

After the call to EVP_PKEY_encrypt_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation.

+ +

The function EVP_PKEY_encrypt() can be called more than once on the same context if several operations are performed using the same parameters.

+ +

RETURN VALUES

+ +

EVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

Encrypt data using OAEP (for RSA keys). See also PEM_read_PUBKEY(3) or d2i_X509(3) for means to load a public key. You may also simply set 'eng = NULL;' to start with the default OpenSSL RSA implementation:

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/engine.h>
+
+EVP_PKEY_CTX *ctx;
+ENGINE *eng;
+unsigned char *out, *in;
+size_t outlen, inlen;
+EVP_PKEY *key;
+
+/*
+ * NB: assumes eng, key, in, inlen are already set up,
+ * and that key is an RSA public key
+ */
+ctx = EVP_PKEY_CTX_new(key, eng);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_encrypt_init(ctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+    /* Error */
+
+/* Determine buffer length */
+if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+    /* Error */
+
+out = OPENSSL_malloc(outlen);
+
+if (!out)
+    /* malloc failure */
+
+if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
+    /* Error */
+
+/* Encrypted data is outlen bytes written to buffer out */
+ +

SEE ALSO

+ +

d2i_X509(3), ENGINE_by_id(3), EVP_PKEY_CTX_new(3), EVP_PKEY_decrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3), EVP_PKEY_derive(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_get_default_digest_nid.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_get_default_digest_nid.html new file mode 100644 index 00000000..b744d9c3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_get_default_digest_nid.html @@ -0,0 +1,65 @@ + + + + +EVP_PKEY_get_default_digest_nid + + + + + + + + + + +

NAME

+ +

EVP_PKEY_get_default_digest_nid - get default signature digest

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+ +

DESCRIPTION

+ +

The EVP_PKEY_get_default_digest_nid() function sets pnid to the default message digest NID for the public key signature operations associated with key pkey. Note that some signature algorithms (i.e. Ed25519 and Ed448) do not use a digest during signing. In this case pnid will be set to NID_undef.

+ +

NOTES

+ +

For all current standard OpenSSL public key algorithms SHA1 is returned.

+ +

RETURN VALUES

+ +

The EVP_PKEY_get_default_digest_nid() function returns 1 if the message digest is advisory (that is other digests can be used) and 2 if it is mandatory (other digests can not be used). It returns 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3),

+ +

HISTORY

+ +

This function was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_keygen.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_keygen.html new file mode 100644 index 00000000..671b7a3a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_keygen.html @@ -0,0 +1,181 @@ + + + + +EVP_PKEY_keygen + + + + + + + + + + +

NAME

+ +

EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data, EVP_PKEY_gen_cb, EVP_PKEY_check, EVP_PKEY_public_check, EVP_PKEY_param_check - key and parameter generation and check functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+
+typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
+
+void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
+
+void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
+ +

DESCRIPTION

+ +

The EVP_PKEY_keygen_init() function initializes a public key algorithm context using key pkey for a key generation operation.

+ +

The EVP_PKEY_keygen() function performs a key generation operation, the generated key is written to ppkey.

+ +

The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar except parameters are generated.

+ +

The function EVP_PKEY_set_cb() sets the key or parameter generation callback to cb. The function EVP_PKEY_CTX_get_cb() returns the key or parameter generation callback.

+ +

The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated with the generation operation. If idx is -1 the total number of parameters available is returned. Any non negative value returns the value of that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for idx should only be called within the generation callback.

+ +

If the callback returns 0 then the key generation operation is aborted and an error occurs. This might occur during a time consuming operation where a user clicks on a "cancel" button.

+ +

The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set and retrieve an opaque pointer. This can be used to set some application defined value which can be retrieved in the callback: for example a handle which is used to update a "progress dialog".

+ +

EVP_PKEY_check() validates the key-pair given by ctx. This function first tries to use customized key check method in EVP_PKEY_METHOD if it's present; otherwise it calls a default one defined in EVP_PKEY_ASN1_METHOD.

+ +

EVP_PKEY_public_check() validates the public component of the key-pair given by ctx. This function first tries to use customized key check method in EVP_PKEY_METHOD if it's present; otherwise it calls a default one defined in EVP_PKEY_ASN1_METHOD.

+ +

EVP_PKEY_param_check() validates the algorithm parameters of the key-pair given by ctx. This function first tries to use customized key check method in EVP_PKEY_METHOD if it's present; otherwise it calls a default one defined in EVP_PKEY_ASN1_METHOD.

+ +

NOTES

+ +

After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation.

+ +

The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than once on the same context if several operations are performed using the same parameters.

+ +

The meaning of the parameters passed to the callback will depend on the algorithm and the specific implementation of the algorithm. Some might not give any useful information at all during key or parameter generation. Others might not even call the callback.

+ +

The operation performed by key or parameter generation depends on the algorithm used. In some cases (e.g. EC with a supplied named curve) the "generation" option merely sets the appropriate fields in an EVP_PKEY structure.

+ +

In OpenSSL an EVP_PKEY structure containing a private key also contains the public key components and parameters (if any). An OpenSSL private key is equivalent to what some libraries call a "key pair". A private key can be used in functions which require the use of a public key or parameters.

+ +

RETURN VALUES

+ +

EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() return 1 for success or others for failure. They return -2 if the operation is not supported for the specific algorithm.

+ +

EXAMPLES

+ +

Generate a 2048 bit RSA key:

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+EVP_PKEY_CTX *ctx;
+EVP_PKEY *pkey = NULL;
+
+ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_keygen_init(ctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
+    /* Error */
+
+/* Generate key */
+if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+    /* Error */
+ +

Generate a key from a set of parameters:

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+EVP_PKEY_CTX *ctx;
+ENGINE *eng;
+EVP_PKEY *pkey = NULL, *param;
+
+/* Assumed param, eng are set up already */
+ctx = EVP_PKEY_CTX_new(param, eng);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_keygen_init(ctx) <= 0)
+    /* Error */
+
+/* Generate key */
+if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+    /* Error */
+ +

Example of generation callback for OpenSSL public key implementations:

+ +
/* Application data is a BIO to output status to */
+
+EVP_PKEY_CTX_set_app_data(ctx, status_bio);
+
+static int genpkey_cb(EVP_PKEY_CTX *ctx)
+{
+    char c = '*';
+    BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+    int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    BIO_write(b, &c, 1);
+    (void)BIO_flush(b);
+    return 1;
+}
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3), EVP_PKEY_derive(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_meth_get_count.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_meth_get_count.html new file mode 100644 index 00000000..ac93fa56 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_meth_get_count.html @@ -0,0 +1,67 @@ + + + + +EVP_PKEY_meth_get_count + + + + + + + + + + +

NAME

+ +

EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info - enumerate public key methods

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+size_t EVP_PKEY_meth_get_count(void);
+const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx);
+void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
+                             const EVP_PKEY_METHOD *meth);
+ +

DESCRIPTION

+ +

EVP_PKEY_meth_count() returns a count of the number of public key methods available: it includes standard methods and any methods added by the application.

+ +

EVP_PKEY_meth_get0() returns the public key method idx. The value of idx must be between zero and EVP_PKEY_meth_get_count() - 1.

+ +

EVP_PKEY_meth_get0_info() returns the public key ID (a NID) and any flags associated with the public key method *meth.

+ +

RETURN VALUES

+ +

EVP_PKEY_meth_count() returns the number of available public key methods.

+ +

EVP_PKEY_meth_get0() return a public key method or NULL if idx is out of range.

+ +

EVP_PKEY_meth_get0_info() does not return a value.

+ +

SEE ALSO

+ +

EVP_PKEY_new(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_meth_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_meth_new.html new file mode 100644 index 00000000..5fd51558 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_meth_new.html @@ -0,0 +1,394 @@ + + + + +EVP_PKEY_meth_new + + + + + + + + + + +

NAME

+ +

EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, EVP_PKEY_meth_add0, EVP_PKEY_METHOD, EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, EVP_PKEY_meth_set_digestsign, EVP_PKEY_meth_set_digestverify, EVP_PKEY_meth_set_check, EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, EVP_PKEY_meth_set_digest_custom, EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, EVP_PKEY_meth_get_digestsign, EVP_PKEY_meth_get_digestverify, EVP_PKEY_meth_get_check, EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, EVP_PKEY_meth_get_digest_custom, EVP_PKEY_meth_remove - manipulating EVP_PKEY_METHOD structure

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
+
+EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags);
+void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
+void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
+const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
+int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
+int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth);
+
+void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
+                            int (*init) (EVP_PKEY_CTX *ctx));
+void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
+                            int (*copy) (EVP_PKEY_CTX *dst,
+                                         EVP_PKEY_CTX *src));
+void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
+                               void (*cleanup) (EVP_PKEY_CTX *ctx));
+void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
+                                int (*paramgen_init) (EVP_PKEY_CTX *ctx),
+                                int (*paramgen) (EVP_PKEY_CTX *ctx,
+                                                 EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
+                              int (*keygen_init) (EVP_PKEY_CTX *ctx),
+                              int (*keygen) (EVP_PKEY_CTX *ctx,
+                                             EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
+                            int (*sign_init) (EVP_PKEY_CTX *ctx),
+                            int (*sign) (EVP_PKEY_CTX *ctx,
+                                         unsigned char *sig, size_t *siglen,
+                                         const unsigned char *tbs,
+                                         size_t tbslen));
+void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
+                              int (*verify_init) (EVP_PKEY_CTX *ctx),
+                              int (*verify) (EVP_PKEY_CTX *ctx,
+                                             const unsigned char *sig,
+                                             size_t siglen,
+                                             const unsigned char *tbs,
+                                             size_t tbslen));
+void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
+                                      int (*verify_recover_init) (EVP_PKEY_CTX
+                                                                  *ctx),
+                                      int (*verify_recover) (EVP_PKEY_CTX
+                                                             *ctx,
+                                                             unsigned char
+                                                             *sig,
+                                                             size_t *siglen,
+                                                             const unsigned
+                                                             char *tbs,
+                                                             size_t tbslen));
+void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
+                               int (*signctx_init) (EVP_PKEY_CTX *ctx,
+                                                    EVP_MD_CTX *mctx),
+                               int (*signctx) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *sig,
+                                               size_t *siglen,
+                                               EVP_MD_CTX *mctx));
+void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
+                                 int (*verifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                        EVP_MD_CTX *mctx),
+                                 int (*verifyctx) (EVP_PKEY_CTX *ctx,
+                                                   const unsigned char *sig,
+                                                   int siglen,
+                                                   EVP_MD_CTX *mctx));
+void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*encrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*encryptfn) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen));
+void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*decrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*decrypt) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *out,
+                                               size_t *outlen,
+                                               const unsigned char *in,
+                                               size_t inlen));
+void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
+                              int (*derive_init) (EVP_PKEY_CTX *ctx),
+                              int (*derive) (EVP_PKEY_CTX *ctx,
+                                             unsigned char *key,
+                                             size_t *keylen));
+void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
+                            int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                         void *p2),
+                            int (*ctrl_str) (EVP_PKEY_CTX *ctx,
+                                             const char *type,
+                                             const char *value));
+void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth,
+                                  int (*digestsign) (EVP_MD_CTX *ctx,
+                                                     unsigned char *sig,
+                                                     size_t *siglen,
+                                                     const unsigned char *tbs,
+                                                     size_t tbslen));
+void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth,
+                                    int (*digestverify) (EVP_MD_CTX *ctx,
+                                                         const unsigned char *sig,
+                                                         size_t siglen,
+                                                         const unsigned char *tbs,
+                                                         size_t tbslen));
+void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
+                             int (*check) (EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+                                    int (*check) (EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+                                   int (*check) (EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                    int (*digest_custom) (EVP_PKEY_CTX *ctx,
+                                                          EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth,
+                            int (**pinit) (EVP_PKEY_CTX *ctx));
+void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth,
+                            int (**pcopy) (EVP_PKEY_CTX *dst,
+                                           EVP_PKEY_CTX *src));
+void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth,
+                               void (**pcleanup) (EVP_PKEY_CTX *ctx));
+void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth,
+                                int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
+                                int (**pparamgen) (EVP_PKEY_CTX *ctx,
+                                                   EVP_PKEY *pkey));
+void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth,
+                              int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
+                              int (**pkeygen) (EVP_PKEY_CTX *ctx,
+                                               EVP_PKEY *pkey));
+void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth,
+                            int (**psign_init) (EVP_PKEY_CTX *ctx),
+                            int (**psign) (EVP_PKEY_CTX *ctx,
+                                           unsigned char *sig, size_t *siglen,
+                                           const unsigned char *tbs,
+                                           size_t tbslen));
+void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth,
+                              int (**pverify_init) (EVP_PKEY_CTX *ctx),
+                              int (**pverify) (EVP_PKEY_CTX *ctx,
+                                               const unsigned char *sig,
+                                               size_t siglen,
+                                               const unsigned char *tbs,
+                                               size_t tbslen));
+void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth,
+                                      int (**pverify_recover_init) (EVP_PKEY_CTX
+                                                                    *ctx),
+                                      int (**pverify_recover) (EVP_PKEY_CTX
+                                                               *ctx,
+                                                               unsigned char
+                                                               *sig,
+                                                               size_t *siglen,
+                                                               const unsigned
+                                                               char *tbs,
+                                                               size_t tbslen));
+void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth,
+                               int (**psignctx_init) (EVP_PKEY_CTX *ctx,
+                                                      EVP_MD_CTX *mctx),
+                               int (**psignctx) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *sig,
+                                                 size_t *siglen,
+                                                 EVP_MD_CTX *mctx));
+void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth,
+                                 int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                          EVP_MD_CTX *mctx),
+                                 int (**pverifyctx) (EVP_PKEY_CTX *ctx,
+                                                     const unsigned char *sig,
+                                                     int siglen,
+                                                     EVP_MD_CTX *mctx));
+void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth,
+                               int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pencryptfn) (EVP_PKEY_CTX *ctx,
+                                                   unsigned char *out,
+                                                   size_t *outlen,
+                                                   const unsigned char *in,
+                                                   size_t inlen));
+void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth,
+                               int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pdecrypt) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen));
+void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth,
+                              int (**pderive_init) (EVP_PKEY_CTX *ctx),
+                              int (**pderive) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *key,
+                                               size_t *keylen));
+void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
+                            int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                           void *p2),
+                            int (**pctrl_str) (EVP_PKEY_CTX *ctx,
+                                               const char *type,
+                                               const char *value));
+void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth,
+                                  int (**digestsign) (EVP_MD_CTX *ctx,
+                                                      unsigned char *sig,
+                                                      size_t *siglen,
+                                                      const unsigned char *tbs,
+                                                      size_t tbslen));
+void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth,
+                                    int (**digestverify) (EVP_MD_CTX *ctx,
+                                                          const unsigned char *sig,
+                                                          size_t siglen,
+                                                          const unsigned char *tbs,
+                                                          size_t tbslen));
+void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
+                             int (**pcheck) (EVP_PKEY *pkey));
+void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
+                                    int (**pcheck) (EVP_PKEY *pkey));
+void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
+                                   int (**pcheck) (EVP_PKEY *pkey));
+void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                    int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
+                                                            EVP_MD_CTX *mctx));
+ +

DESCRIPTION

+ +

EVP_PKEY_METHOD is a structure which holds a set of methods for a specific public key cryptographic algorithm. Those methods are usually used to perform different jobs, such as generating a key, signing or verifying, encrypting or decrypting, etc.

+ +

There are two places where the EVP_PKEY_METHOD objects are stored: one is a built-in static array representing the standard methods for different algorithms, and the other one is a stack of user-defined application-specific methods, which can be manipulated by using EVP_PKEY_meth_add0(3).

+ +

The EVP_PKEY_METHOD objects are usually referenced by EVP_PKEY_CTX objects.

+ +

Methods

+ +

The methods are the underlying implementations of a particular public key algorithm present by the EVP_PKEY_CTX object.

+ +
int (*init) (EVP_PKEY_CTX *ctx);
+int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
+void (*cleanup) (EVP_PKEY_CTX *ctx);
+ +

The init() method is called to initialize algorithm-specific data when a new EVP_PKEY_CTX is created. As opposed to init(), the cleanup() method is called when an EVP_PKEY_CTX is freed. The copy() method is called when an EVP_PKEY_CTX is being duplicated. Refer to EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_new_id(3), EVP_PKEY_CTX_free(3) and EVP_PKEY_CTX_dup(3).

+ +
int (*paramgen_init) (EVP_PKEY_CTX *ctx);
+int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+ +

The paramgen_init() and paramgen() methods deal with key parameter generation. They are called by EVP_PKEY_paramgen_init(3) and EVP_PKEY_paramgen(3) to handle the parameter generation process.

+ +
int (*keygen_init) (EVP_PKEY_CTX *ctx);
+int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+ +

The keygen_init() and keygen() methods are used to generate the actual key for the specified algorithm. They are called by EVP_PKEY_keygen_init(3) and EVP_PKEY_keygen(3).

+ +
int (*sign_init) (EVP_PKEY_CTX *ctx);
+int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+             const unsigned char *tbs, size_t tbslen);
+ +

The sign_init() and sign() methods are used to generate the signature of a piece of data using a private key. They are called by EVP_PKEY_sign_init(3) and EVP_PKEY_sign(3).

+ +
int (*verify_init) (EVP_PKEY_CTX *ctx);
+int (*verify) (EVP_PKEY_CTX *ctx,
+               const unsigned char *sig, size_t siglen,
+               const unsigned char *tbs, size_t tbslen);
+ +

The verify_init() and verify() methods are used to verify whether a signature is valid. They are called by EVP_PKEY_verify_init(3) and EVP_PKEY_verify(3).

+ +
int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
+int (*verify_recover) (EVP_PKEY_CTX *ctx,
+                       unsigned char *rout, size_t *routlen,
+                       const unsigned char *sig, size_t siglen);
+ +

The verify_recover_init() and verify_recover() methods are used to verify a signature and then recover the digest from the signature (for instance, a signature that was generated by RSA signing algorithm). They are called by EVP_PKEY_verify_recover_init(3) and EVP_PKEY_verify_recover(3).

+ +
int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                EVP_MD_CTX *mctx);
+ +

The signctx_init() and signctx() methods are used to sign a digest present by a EVP_MD_CTX object. They are called by the EVP_DigestSign functions. See EVP_DigestSignInit(3) for details.

+ +
int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
+                  EVP_MD_CTX *mctx);
+ +

The verifyctx_init() and verifyctx() methods are used to verify a signature against the data in a EVP_MD_CTX object. They are called by the various EVP_DigestVerify functions. See EVP_DigestVerifyInit(3) for details.

+ +
int (*encrypt_init) (EVP_PKEY_CTX *ctx);
+int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                const unsigned char *in, size_t inlen);
+ +

The encrypt_init() and encrypt() methods are used to encrypt a piece of data. They are called by EVP_PKEY_encrypt_init(3) and EVP_PKEY_encrypt(3).

+ +
int (*decrypt_init) (EVP_PKEY_CTX *ctx);
+int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                const unsigned char *in, size_t inlen);
+ +

The decrypt_init() and decrypt() methods are used to decrypt a piece of data. They are called by EVP_PKEY_decrypt_init(3) and EVP_PKEY_decrypt(3).

+ +
int (*derive_init) (EVP_PKEY_CTX *ctx);
+int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+ +

The derive_init() and derive() methods are used to derive the shared secret from a public key algorithm (for instance, the DH algorithm). They are called by EVP_PKEY_derive_init(3) and EVP_PKEY_derive(3).

+ +
int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
+ +

The ctrl() and ctrl_str() methods are used to adjust algorithm-specific settings. See EVP_PKEY_CTX_ctrl(3) and related functions for details.

+ +
int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+                   const unsigned char *tbs, size_t tbslen);
+int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+                     size_t siglen, const unsigned char *tbs,
+                     size_t tbslen);
+ +

The digestsign() and digestverify() methods are used to generate or verify a signature in a one-shot mode. They could be called by EVP_DigestSign(3) and EVP_DigestVerify(3).

+ +
int (*check) (EVP_PKEY *pkey);
+int (*public_check) (EVP_PKEY *pkey);
+int (*param_check) (EVP_PKEY *pkey);
+ +

The check(), public_check() and param_check() methods are used to validate a key-pair, the public component and parameters respectively for a given pkey. They could be called by EVP_PKEY_check(3), EVP_PKEY_public_check(3) and EVP_PKEY_param_check(3) respectively.

+ +
int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+ +

The digest_custom() method is used to generate customized digest content before the real message is passed to functions like EVP_DigestSignUpdate(3) or EVP_DigestVerifyInit(3). This is usually required by some public key signature algorithms like SM2 which requires a hashed prefix to the message to be signed. The digest_custom() function will be called by EVP_DigestSignInit(3) and EVP_DigestVerifyInit(3).

+ +

Functions

+ +

EVP_PKEY_meth_new() creates and returns a new EVP_PKEY_METHOD object, and associates the given id and flags. The following flags are supported:

+ +
EVP_PKEY_FLAG_AUTOARGLEN
+EVP_PKEY_FLAG_SIGCTX_CUSTOM
+ +

If an EVP_PKEY_METHOD is set with the EVP_PKEY_FLAG_AUTOARGLEN flag, the maximum size of the output buffer will be automatically calculated or checked in corresponding EVP methods by the EVP framework. Thus the implementations of these methods don't need to care about handling the case of returning output buffer size by themselves. For details on the output buffer size, refer to EVP_PKEY_sign(3).

+ +

The EVP_PKEY_FLAG_SIGCTX_CUSTOM is used to indicate the signctx() method of an EVP_PKEY_METHOD is always called by the EVP framework while doing a digest signing operation by calling EVP_DigestSignFinal(3).

+ +

EVP_PKEY_meth_free() frees an existing EVP_PKEY_METHOD pointed by pmeth.

+ +

EVP_PKEY_meth_copy() copies an EVP_PKEY_METHOD object from src to dst.

+ +

EVP_PKEY_meth_find() finds an EVP_PKEY_METHOD object with the id. This function first searches through the user-defined method objects and then the built-in objects.

+ +

EVP_PKEY_meth_add0() adds pmeth to the user defined stack of methods.

+ +

EVP_PKEY_meth_remove() removes an EVP_PKEY_METHOD object added by EVP_PKEY_meth_add0().

+ +

The EVP_PKEY_meth_set functions set the corresponding fields of EVP_PKEY_METHOD structure with the arguments passed.

+ +

The EVP_PKEY_meth_get functions get the corresponding fields of EVP_PKEY_METHOD structure to the arguments provided.

+ +

RETURN VALUES

+ +

EVP_PKEY_meth_new() returns a pointer to a new EVP_PKEY_METHOD object or returns NULL on error.

+ +

EVP_PKEY_meth_free() and EVP_PKEY_meth_copy() do not return values.

+ +

EVP_PKEY_meth_find() returns a pointer to the found EVP_PKEY_METHOD object or returns NULL if not found.

+ +

EVP_PKEY_meth_add0() returns 1 if method is added successfully or 0 if an error occurred.

+ +

EVP_PKEY_meth_remove() returns 1 if method is removed successfully or 0 if an error occurred.

+ +

All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return values. For the 'get' functions, function pointers are returned by arguments.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_new.html new file mode 100644 index 00000000..6ded6b5e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_new.html @@ -0,0 +1,106 @@ + + + + +EVP_PKEY_new + + + + + + + + + + +

NAME

+ +

EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free, EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key, EVP_PKEY_new_CMAC_key, EVP_PKEY_new_mac_key, EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key - public/private key allocation and raw key handling functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_PKEY *EVP_PKEY_new(void);
+int EVP_PKEY_up_ref(EVP_PKEY *key);
+void EVP_PKEY_free(EVP_PKEY *key);
+
+EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
+                                       const unsigned char *key, size_t keylen);
+EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
+                                      const unsigned char *key, size_t keylen);
+EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
+                                size_t len, const EVP_CIPHER *cipher);
+EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key,
+                               int keylen);
+
+int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                 size_t *len);
+int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
+                                size_t *len);
+ +

DESCRIPTION

+ +

The EVP_PKEY_new() function allocates an empty EVP_PKEY structure which is used by OpenSSL to store public and private keys. The reference count is set to 1.

+ +

EVP_PKEY_up_ref() increments the reference count of key.

+ +

EVP_PKEY_free() decrements the reference count of key and, if the reference count is zero, frees it up. If key is NULL, nothing is done.

+ +

EVP_PKEY_new_raw_private_key() allocates a new EVP_PKEY. If e is non-NULL then the new EVP_PKEY structure is associated with the engine e. The type argument indicates what kind of key this is. The value should be a NID for a public key algorithm that supports raw private keys, i.e. one of EVP_PKEY_HMAC, EVP_PKEY_POLY1305, EVP_PKEY_SIPHASH, EVP_PKEY_X25519, EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448. key points to the raw private key data for this EVP_PKEY which should be of length keylen. The length should be appropriate for the type of the key. The public key data will be automatically derived from the given private key data (if appropriate for the algorithm type).

+ +

EVP_PKEY_new_raw_public_key() works in the same way as EVP_PKEY_new_raw_private_key() except that key points to the raw public key data. The EVP_PKEY structure will be initialised without any private key information. Algorithm types that support raw public keys are EVP_PKEY_X25519, EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448.

+ +

EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key() except it is only for the EVP_PKEY_CMAC algorithm type. In addition to the raw private key data, it also takes a cipher algorithm to be used during creation of a CMAC in the cipher argument.

+ +

EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key(). New applications should use EVP_PKEY_new_raw_private_key() instead.

+ +

EVP_PKEY_get_raw_private_key() fills the buffer provided by priv with raw private key data. The size of the priv buffer should be in *len on entry to the function, and on exit *len is updated with the number of bytes actually written. If the buffer priv is NULL then *len is populated with the number of bytes required to hold the key. The calling application is responsible for ensuring that the buffer is large enough to receive the private key data. This function only works for algorithms that support raw private keys. Currently this is: EVP_PKEY_HMAC, EVP_PKEY_POLY1305, EVP_PKEY_SIPHASH, EVP_PKEY_X25519, EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448.

+ +

EVP_PKEY_get_raw_public_key() fills the buffer provided by pub with raw public key data. The size of the pub buffer should be in *len on entry to the function, and on exit *len is updated with the number of bytes actually written. If the buffer pub is NULL then *len is populated with the number of bytes required to hold the key. The calling application is responsible for ensuring that the buffer is large enough to receive the public key data. This function only works for algorithms that support raw public keys. Currently this is: EVP_PKEY_X25519, EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448.

+ +

NOTES

+ +

The EVP_PKEY structure is used by various OpenSSL functions which require a general private key without reference to any particular algorithm.

+ +

The structure returned by EVP_PKEY_new() is empty. To add a private or public key to this empty structure use the appropriate functions described in EVP_PKEY_set1_RSA(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or EVP_PKEY_set1_EC_KEY.

+ +

RETURN VALUES

+ +

EVP_PKEY_new(), EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), EVP_PKEY_new_CMAC_key() and EVP_PKEY_new_mac_key() return either the newly allocated EVP_PKEY structure or NULL if an error occurred.

+ +

EVP_PKEY_up_ref(), EVP_PKEY_get_raw_private_key() and EVP_PKEY_get_raw_public_key() return 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

EVP_PKEY_set1_RSA(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or EVP_PKEY_set1_EC_KEY

+ +

HISTORY

+ +

The EVP_PKEY_new() and EVP_PKEY_free() functions exist in all versions of OpenSSL.

+ +

The EVP_PKEY_up_ref() function was added in OpenSSL 1.1.0.

+ +

The EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), EVP_PKEY_new_CMAC_key(), EVP_PKEY_new_raw_private_key() and EVP_PKEY_get_raw_public_key() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_print_private.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_print_private.html new file mode 100644 index 00000000..4ef35295 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_print_private.html @@ -0,0 +1,75 @@ + + + + +EVP_PKEY_print_private + + + + + + + + + + +

NAME

+ +

EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public key algorithm printing routines

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                           int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx);
+ +

DESCRIPTION

+ +

The functions EVP_PKEY_print_public(), EVP_PKEY_print_private() and EVP_PKEY_print_params() print out the public, private or parameter components of key pkey respectively. The key is sent to BIO out in human readable form. The parameter indent indicated how far the printout should be indented.

+ +

The pctx parameter allows the print output to be finely tuned by using ASN1 printing options. If pctx is set to NULL then default values will be used.

+ +

NOTES

+ +

Currently no public key algorithms include any options in the pctx parameter.

+ +

If the key does not include all the components indicated by the function then only those contained in the key will be printed. For example passing a public key to EVP_PKEY_print_private() will only print the public components.

+ +

RETURN VALUES

+ +

These functions all return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_keygen(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_set1_RSA.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_set1_RSA.html new file mode 100644 index 00000000..897f8578 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_set1_RSA.html @@ -0,0 +1,135 @@ + + + + +EVP_PKEY_set1_RSA + + + + + + + + + + +

NAME

+ +

EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
+
+RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
+const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
+const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
+DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
+DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
+EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
+
+int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
+int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
+int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
+int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
+int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
+int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
+
+int EVP_PKEY_id(const EVP_PKEY *pkey);
+int EVP_PKEY_base_id(const EVP_PKEY *pkey);
+int EVP_PKEY_type(int type);
+int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
+
+ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey);
+int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine);
+ +

DESCRIPTION

+ +

EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and EVP_PKEY_set1_EC_KEY() set the key referenced by pkey to key.

+ +

EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() return the referenced key in pkey or NULL if the key is not of the correct type.

+ +

EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() also return the referenced key in pkey or NULL if the key is not of the correct type but the reference count of the returned key is not incremented and so must not be freed up after use.

+ +

EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and EVP_PKEY_assign_SIPHASH() also set the referenced key to key however these use the supplied key internally and so key will be freed when the parent pkey is freed.

+ +

EVP_PKEY_base_id() returns the type of pkey. For example an RSA key will return EVP_PKEY_RSA.

+ +

EVP_PKEY_id() returns the actual OID associated with pkey. Historically keys using the same algorithm could use different OIDs. For example an RSA key could use the OIDs corresponding to the NIDs NID_rsaEncryption (equivalent to EVP_PKEY_RSA) or NID_rsa (equivalent to EVP_PKEY_RSA2). The use of alternative non-standard OIDs is now rare so EVP_PKEY_RSA2 et al are not often seen in practice.

+ +

EVP_PKEY_type() returns the underlying type of the NID type. For example EVP_PKEY_type(EVP_PKEY_RSA2) will return EVP_PKEY_RSA.

+ +

EVP_PKEY_get0_engine() returns a reference to the ENGINE handling pkey.

+ +

EVP_PKEY_set1_engine() sets the ENGINE handling pkey to engine. It must be called after the key algorithm and components are set up. If engine does not include an EVP_PKEY_METHOD for pkey an error occurs.

+ +

EVP_PKEY_set_alias_type() allows modifying a EVP_PKEY to use a different set of algorithms than the default. This is currently used to support SM2 keys, which use an identical encoding to ECDSA.

+ +

NOTES

+ +

In accordance with the OpenSSL naming convention the key obtained from or assigned to the pkey using the 1 functions must be freed as well as pkey.

+ +

EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and EVP_PKEY_assign_SIPHASH() are implemented as macros.

+ +

Most applications wishing to know a key type will simply call EVP_PKEY_base_id() and will not care about the actual type: which will be identical in almost all cases.

+ +

Previous versions of this document suggested using EVP_PKEY_type(pkey->type) to determine the type of a key. Since EVP_PKEY is now opaque this is no longer possible: the equivalent is EVP_PKEY_base_id(pkey).

+ +

EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM key as part of its routine to load a private key.

+ +

RETURN VALUES

+ +

EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.

+ +

EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() return the referenced key or NULL if an error occurred.

+ +

EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure.

+ +

EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key type or NID_undef (equivalently EVP_PKEY_NONE) on error.

+ +

EVP_PKEY_set1_engine() returns 1 for success and 0 for failure.

+ +

EVP_PKEY_set_alias_type() returns 1 for success and 0 for error.

+ +

EXAMPLES

+ +

After loading an ECC key, it is possible to convert it to using SM2 algorithms with EVP_PKEY_set_alias_type:

+ +
EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
+ +

SEE ALSO

+ +

EVP_PKEY_new(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_sign.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_sign.html new file mode 100644 index 00000000..eb7ef7a7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_sign.html @@ -0,0 +1,118 @@ + + + + +EVP_PKEY_sign + + + + + + + + + + +

NAME

+ +

EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                  unsigned char *sig, size_t *siglen,
+                  const unsigned char *tbs, size_t tbslen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_sign_init() function initializes a public key algorithm context using key pkey for a signing operation.

+ +

The EVP_PKEY_sign() function performs a public key signing operation using ctx. The data to be signed is specified using the tbs and tbslen parameters. If sig is NULL then the maximum size of the output buffer is written to the siglen parameter. If sig is not NULL then before the call the siglen parameter should contain the length of the sig buffer, if the call is successful the signature is written to sig and the amount of data written to siglen.

+ +

NOTES

+ +

EVP_PKEY_sign() does not hash the data to be signed, and therefore is normally used to sign digests. For signing arbitrary messages, see the EVP_DigestSignInit(3) and EVP_SignInit(3) signing interfaces instead.

+ +

After the call to EVP_PKEY_sign_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation (see EVP_PKEY_CTX_ctrl(3)).

+ +

The function EVP_PKEY_sign() can be called more than once on the same context if several operations are performed using the same parameters.

+ +

RETURN VALUES

+ +

EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

Sign data using RSA with PKCS#1 padding and SHA256 digest:

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+EVP_PKEY_CTX *ctx;
+/* md is a SHA-256 digest in this example. */
+unsigned char *md, *sig;
+size_t mdlen = 32, siglen;
+EVP_PKEY *signing_key;
+
+/*
+ * NB: assumes signing_key and md are set up before the next
+ * step. signing_key must be an RSA private key and md must
+ * point to the SHA-256 digest to be signed.
+ */
+ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_sign_init(ctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+    /* Error */
+
+/* Determine buffer length */
+if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
+    /* Error */
+
+sig = OPENSSL_malloc(siglen);
+
+if (!sig)
+    /* malloc failure */
+
+if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
+    /* Error */
+
+/* Signature is siglen bytes written to buffer sig */
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3), EVP_PKEY_derive(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_size.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_size.html new file mode 100644 index 00000000..e6eeb69d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_size.html @@ -0,0 +1,71 @@ + + + + +EVP_PKEY_size + + + + + + + + + + +

NAME

+ +

EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits - EVP_PKEY information functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_size(const EVP_PKEY *pkey);
+int EVP_PKEY_bits(const EVP_PKEY *pkey);
+int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
+ +

DESCRIPTION

+ +

EVP_PKEY_size() returns the maximum suitable size for the output buffers for almost all operations that can be done with pkey. The primary documented use is with EVP_SignFinal(3) and EVP_SealInit(3), but it isn't limited there. The returned size is also large enough for the output buffer of EVP_PKEY_sign(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_derive(3).

+ +

It must be stressed that, unless the documentation for the operation that's being performed says otherwise, the size returned by EVP_PKEY_size() is only preliminary and not exact, so the final contents of the target buffer may be smaller. It is therefore crucial to take note of the size given back by the function that performs the operation, such as EVP_PKEY_sign(3) (the siglen argument will receive that length), to avoid bugs.

+ +

EVP_PKEY_bits() returns the cryptographic length of the cryptosystem to which the key in pkey belongs, in bits. Note that the definition of cryptographic length is specific to the key cryptosystem.

+ +

EVP_PKEY_security_bits() returns the number of security bits of the given pkey, bits of security is defined in NIST SP800-57.

+ +

RETURN VALUES

+ +

EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits() return a positive number, or 0 if this size isn't available.

+ +

NOTES

+ +

Most functions that have an output buffer and are mentioned with EVP_PKEY_size() have a functionality where you can pass NULL for the buffer and still pass a pointer to an integer and get the exact size that this function call delivers in the context that it's called in. This allows those functions to be called twice, once to find out the exact buffer size, then allocate the buffer in between, and call that function again actually output the data. For those functions, it isn't strictly necessary to call EVP_PKEY_size() to find out the buffer size, but may be useful in cases where it's desirable to know the upper limit in advance.

+ +

It should also be especially noted that EVP_PKEY_size() shouldn't be used to get the output size for EVP_DigestSignFinal(), according to "NOTES" in EVP_DigestSignFinal(3).

+ +

SEE ALSO

+ +

EVP_SignFinal(3), EVP_SealInit(3), EVP_PKEY_sign(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_verify.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_verify.html new file mode 100644 index 00000000..318aa28d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_verify.html @@ -0,0 +1,110 @@ + + + + +EVP_PKEY_verify + + + + + + + + + + +

NAME

+ +

EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public key algorithm

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                    const unsigned char *sig, size_t siglen,
+                    const unsigned char *tbs, size_t tbslen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_verify_init() function initializes a public key algorithm context using key pkey for a signature verification operation.

+ +

The EVP_PKEY_verify() function performs a public key verification operation using ctx. The signature is specified using the sig and siglen parameters. The verified data (i.e. the data believed originally signed) is specified using the tbs and tbslen parameters.

+ +

NOTES

+ +

After the call to EVP_PKEY_verify_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation.

+ +

The function EVP_PKEY_verify() can be called more than once on the same context if several operations are performed using the same parameters.

+ +

RETURN VALUES

+ +

EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was successful and 0 if it failed. Unlike other functions the return value 0 from EVP_PKEY_verify() only indicates that the signature did not verify successfully (that is tbs did not match the original data or the signature was of invalid form) it is not an indication of a more serious error.

+ +

A negative value indicates an error other that signature verification failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

Verify signature using PKCS#1 and SHA256 digest:

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+EVP_PKEY_CTX *ctx;
+unsigned char *md, *sig;
+size_t mdlen, siglen;
+EVP_PKEY *verify_key;
+
+/*
+ * NB: assumes verify_key, sig, siglen md and mdlen are already set up
+ * and that verify_key is an RSA public key
+ */
+ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_verify_init(ctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+    /* Error */
+
+/* Perform operation */
+ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
+
+/*
+ * ret == 1 indicates success, 0 verify failure and < 0 for some
+ * other error.
+ */
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify_recover(3), EVP_PKEY_derive(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_verify_recover.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_verify_recover.html new file mode 100644 index 00000000..4accc148 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_PKEY_verify_recover.html @@ -0,0 +1,118 @@ + + + + +EVP_PKEY_verify_recover + + + + + + + + + + +

NAME

+ +

EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using a public key algorithm

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                            unsigned char *rout, size_t *routlen,
+                            const unsigned char *sig, size_t siglen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_verify_recover_init() function initializes a public key algorithm context using key pkey for a verify recover operation.

+ +

The EVP_PKEY_verify_recover() function recovers signed data using ctx. The signature is specified using the sig and siglen parameters. If rout is NULL then the maximum size of the output buffer is written to the routlen parameter. If rout is not NULL then before the call the routlen parameter should contain the length of the rout buffer, if the call is successful recovered data is written to rout and the amount of data written to routlen.

+ +

NOTES

+ +

Normally an application is only interested in whether a signature verification operation is successful in those cases the EVP_verify() function should be used.

+ +

Sometimes however it is useful to obtain the data originally signed using a signing operation. Only certain public key algorithms can recover a signature in this way (for example RSA in PKCS padding mode).

+ +

After the call to EVP_PKEY_verify_recover_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation.

+ +

The function EVP_PKEY_verify_recover() can be called more than once on the same context if several operations are performed using the same parameters.

+ +

RETURN VALUES

+ +

EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

Recover digest originally signed using PKCS#1 and SHA256 digest:

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+EVP_PKEY_CTX *ctx;
+unsigned char *rout, *sig;
+size_t routlen, siglen;
+EVP_PKEY *verify_key;
+
+/*
+ * NB: assumes verify_key, sig and siglen are already set up
+ * and that verify_key is an RSA public key
+ */
+ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_verify_recover_init(ctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+    /* Error */
+
+/* Determine buffer length */
+if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
+    /* Error */
+
+rout = OPENSSL_malloc(routlen);
+
+if (!rout)
+    /* malloc failure */
+
+if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
+    /* Error */
+
+/* Recovered data is routlen bytes written to buffer rout */
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_derive(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_SealInit.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_SealInit.html new file mode 100644 index 00000000..670bea7b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_SealInit.html @@ -0,0 +1,82 @@ + + + + +EVP_SealInit + + + + + + + + + + +

NAME

+ +

EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                 unsigned char **ek, int *ekl, unsigned char *iv,
+                 EVP_PKEY **pubk, int npubk);
+int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                   int *outl, unsigned char *in, int inl);
+int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+ +

DESCRIPTION

+ +

The EVP envelope routines are a high level interface to envelope encryption. They generate a random key and IV (if required) then "envelope" it by using public key encryption. Data can then be encrypted using this key.

+ +

EVP_SealInit() initializes a cipher context ctx for encryption with cipher type using a random secret key and IV. type is normally supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted using one or more public keys, this allows the same encrypted data to be decrypted using any of the corresponding private keys. ek is an array of buffers where the public key encrypted secret key will be written, each buffer must contain enough room for the corresponding encrypted key: that is ek[i] must have room for EVP_PKEY_size(pubk[i]) bytes. The actual size of each encrypted secret key is written to the array ekl. pubk is an array of npubk public keys.

+ +

The iv parameter is a buffer where the generated IV is written to. It must contain enough room for the corresponding cipher's IV, as determined by (for example) EVP_CIPHER_iv_length(type).

+ +

If the cipher does not require an IV then the iv parameter is ignored and can be NULL.

+ +

EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as documented on the EVP_EncryptInit(3) manual page.

+ +

RETURN VALUES

+ +

EVP_SealInit() returns 0 on error or npubk if successful.

+ +

EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for failure.

+ +

NOTES

+ +

Because a random secret key is generated the random number generator must be seeded when EVP_SealInit() is called. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

The public key must be RSA because it is the only OpenSSL public key algorithm that supports key transport.

+ +

Envelope encryption is the usual method of using public key encryption on large amounts of data, this is because public key encryption is slow but symmetric encryption is fast. So symmetric encryption is used for bulk encryption and the small random symmetric key used is transferred using public key encryption.

+ +

It is possible to call EVP_SealInit() twice in the same way as EVP_EncryptInit(). The first call should have npubk set to 0 and (after setting any cipher parameters) it should be called again with type set to NULL.

+ +

SEE ALSO

+ +

evp(7), RAND_bytes(3), EVP_EncryptInit(3), EVP_OpenInit(3), RAND(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_SignInit.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_SignInit.html new file mode 100644 index 00000000..6821f115 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_SignInit.html @@ -0,0 +1,92 @@ + + + + +EVP_SignInit + + + + + + + + + + +

NAME

+ +

EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal - EVP signing functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey);
+
+void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ +

DESCRIPTION

+ +

The EVP signature routines are a high level interface to digital signatures.

+ +

EVP_SignInit_ex() sets up signing context ctx to use digest type from ENGINE impl. ctx must be created with EVP_MD_CTX_new() before calling this function.

+ +

EVP_SignUpdate() hashes cnt bytes of data at d into the signature context ctx. This function can be called several times on the same ctx to include additional data.

+ +

EVP_SignFinal() signs the data in ctx using the private key pkey and places the signature in sig. sig must be at least EVP_PKEY_size(pkey) bytes in size. s is an OUT parameter, and not used as an IN parameter. The number of bytes of data written (i.e. the length of the signature) will be written to the integer at s, at most EVP_PKEY_size(pkey) bytes will be written.

+ +

EVP_SignInit() initializes a signing context ctx to use the default implementation of digest type.

+ +

RETURN VALUES

+ +

EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1 for success and 0 for failure.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

NOTES

+ +

The EVP interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible.

+ +

When signing with DSA private keys the random number generator must be seeded. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail. This requirement does not hold for RSA signatures.

+ +

The call to EVP_SignFinal() internally finalizes a copy of the digest context. This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called later to digest and sign additional data.

+ +

Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur.

+ +

BUGS

+ +

Older versions of this documentation wrongly stated that calls to EVP_SignUpdate() could not be made after calling EVP_SignFinal().

+ +

Since the private key is passed in the call to EVP_SignFinal() any error relating to the private key (for example an unsuitable key and digest combination) will not be indicated until after potentially large amounts of data have been passed through EVP_SignUpdate().

+ +

It is not possible to change the signing parameters using these function.

+ +

The previous two bugs are fixed in the newer EVP_SignDigest*() function.

+ +

SEE ALSO

+ +

EVP_PKEY_size(3), EVP_PKEY_bits(3), EVP_PKEY_security_bits(3), EVP_VerifyInit(3), EVP_DigestInit(3), evp(7), HMAC(3), MD2(3), MD5(3), MDC2(3), RIPEMD160(3), SHA1(3), dgst(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_VerifyInit.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_VerifyInit.html new file mode 100644 index 00000000..8a0d589f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_VerifyInit.html @@ -0,0 +1,93 @@ + + + + +EVP_VerifyInit + + + + + + + + + + +

NAME

+ +

EVP_VerifyInit_ex, EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen,
+                    EVP_PKEY *pkey);
+
+int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ +

DESCRIPTION

+ +

The EVP signature verification routines are a high level interface to digital signatures.

+ +

EVP_VerifyInit_ex() sets up verification context ctx to use digest type from ENGINE impl. ctx must be created by calling EVP_MD_CTX_new() before calling this function.

+ +

EVP_VerifyUpdate() hashes cnt bytes of data at d into the verification context ctx. This function can be called several times on the same ctx to include additional data.

+ +

EVP_VerifyFinal() verifies the data in ctx using the public key pkey and against the siglen bytes at sigbuf.

+ +

EVP_VerifyInit() initializes verification context ctx to use the default implementation of digest type.

+ +

RETURN VALUES

+ +

EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for failure.

+ +

EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some other error occurred.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

NOTES

+ +

The EVP interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible.

+ +

The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data.

+ +

Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur.

+ +

BUGS

+ +

Older versions of this documentation wrongly stated that calls to EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().

+ +

Since the public key is passed in the call to EVP_SignFinal() any error relating to the private key (for example an unsuitable key and digest combination) will not be indicated until after potentially large amounts of data have been passed through EVP_SignUpdate().

+ +

It is not possible to change the signing parameters using these function.

+ +

The previous two bugs are fixed in the newer EVP_DigestVerify*() function.

+ +

SEE ALSO

+ +

evp(7), EVP_SignInit(3), EVP_DigestInit(3), evp(7), HMAC(3), MD2(3), MD5(3), MDC2(3), RIPEMD160(3), SHA1(3), dgst(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_aes.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_aes.html new file mode 100644 index 00000000..c14b857c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_aes.html @@ -0,0 +1,108 @@ + + + + +EVP_aes + + + + + + + + + + +

NAME

+ +

EVP_aes_128_cbc, EVP_aes_192_cbc, EVP_aes_256_cbc, EVP_aes_128_cfb, EVP_aes_192_cfb, EVP_aes_256_cfb, EVP_aes_128_cfb1, EVP_aes_192_cfb1, EVP_aes_256_cfb1, EVP_aes_128_cfb8, EVP_aes_192_cfb8, EVP_aes_256_cfb8, EVP_aes_128_cfb128, EVP_aes_192_cfb128, EVP_aes_256_cfb128, EVP_aes_128_ctr, EVP_aes_192_ctr, EVP_aes_256_ctr, EVP_aes_128_ecb, EVP_aes_192_ecb, EVP_aes_256_ecb, EVP_aes_128_ofb, EVP_aes_192_ofb, EVP_aes_256_ofb, EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1, EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256, EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ocb, EVP_aes_192_ocb, EVP_aes_256_ocb, EVP_aes_128_wrap, EVP_aes_192_wrap, EVP_aes_256_wrap, EVP_aes_128_wrap_pad, EVP_aes_192_wrap_pad, EVP_aes_256_wrap_pad, EVP_aes_128_xts, EVP_aes_256_xts - EVP AES cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_ciphername(void)
+ +

EVP_ciphername is used a placeholder for any of the described cipher functions, such as EVP_aes_128_cbc.

+ +

DESCRIPTION

+ +

The AES encryption algorithm for EVP.

+ +
+ +
EVP_aes_128_cbc(), EVP_aes_192_cbc(), EVP_aes_256_cbc(), EVP_aes_128_cfb(), EVP_aes_192_cfb(), EVP_aes_256_cfb(), EVP_aes_128_cfb1(), EVP_aes_192_cfb1(), EVP_aes_256_cfb1(), EVP_aes_128_cfb8(), EVP_aes_192_cfb8(), EVP_aes_256_cfb8(), EVP_aes_128_cfb128(), EVP_aes_192_cfb128(), EVP_aes_256_cfb128(), EVP_aes_128_ctr(), EVP_aes_192_ctr(), EVP_aes_256_ctr(), EVP_aes_128_ecb(), EVP_aes_192_ecb(), EVP_aes_256_ecb(), EVP_aes_128_ofb(), EVP_aes_192_ofb(), EVP_aes_256_ofb()
+
+ +

AES for 128, 192 and 256 bit keys in the following modes: CBC, CFB with 128-bit shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB, and OFB.

+ +
+
EVP_aes_128_cbc_hmac_sha1(), EVP_aes_256_cbc_hmac_sha1()
+
+ +

Authenticated encryption with AES in CBC mode using SHA-1 as HMAC, with keys of 128 and 256 bits length respectively. The authentication tag is 160 bits long.

+ +

WARNING: this is not intended for usage outside of TLS and requires calling of some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD interface.

+ +
+
EVP_aes_128_cbc_hmac_sha256(), EVP_aes_256_cbc_hmac_sha256()
+
+ +

Authenticated encryption with AES in CBC mode using SHA256 (SHA-2, 256-bits) as HMAC, with keys of 128 and 256 bits length respectively. The authentication tag is 256 bits long.

+ +

WARNING: this is not intended for usage outside of TLS and requires calling of some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD interface.

+ +
+
EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm(), EVP_aes_128_gcm(), EVP_aes_192_gcm(), EVP_aes_256_gcm(), EVP_aes_128_ocb(), EVP_aes_192_ocb(), EVP_aes_256_ocb()
+
+ +

AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM), Galois Counter Mode (GCM) and OCB Mode respectively. These ciphers require additional control operations to function correctly, see the "AEAD Interface" in EVP_EncryptInit(3) section for details.

+ +
+
EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_256_wrap_pad()
+
+ +

AES key wrap with 128, 192 and 256 bit keys, as according to RFC 3394 section 2.2.1 ("wrap") and RFC 5649 section 4.1 ("wrap with padding") respectively.

+ +
+
EVP_aes_128_xts(), EVP_aes_256_xts()
+
+ +

AES XTS mode (XTS-AES) is standardized in IEEE Std. 1619-2007 and described in NIST SP 800-38E. The XTS (XEX-based tweaked-codebook mode with ciphertext stealing) mode was designed by Prof. Phillip Rogaway of University of California, Davis, intended for encrypting data on a storage device.

+ +

XTS-AES provides confidentiality but not authentication of data. It also requires a key of double-length for protection of a certain key size. In particular, XTS-AES-128 (EVP_aes_128_xts) takes input of a 256-bit key to achieve AES 128-bit security, and XTS-AES-256 (EVP_aes_256_xts) takes input of a 512-bit key to achieve AES 256-bit security.

+ +

The XTS implementation in OpenSSL does not support streaming. That is there must only be one EVP_EncryptUpdate(3) call per EVP_EncryptInit_ex(3) call (and similarly with the "Decrypt" functions).

+ +

The iv parameter to EVP_EncryptInit_ex(3) or EVP_DecryptInit_ex(3) is the XTS "tweak" value.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_aria.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_aria.html new file mode 100644 index 00000000..55948541 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_aria.html @@ -0,0 +1,74 @@ + + + + +EVP_aria + + + + + + + + + + +

NAME

+ +

EVP_aria_128_cbc, EVP_aria_192_cbc, EVP_aria_256_cbc, EVP_aria_128_cfb, EVP_aria_192_cfb, EVP_aria_256_cfb, EVP_aria_128_cfb1, EVP_aria_192_cfb1, EVP_aria_256_cfb1, EVP_aria_128_cfb8, EVP_aria_192_cfb8, EVP_aria_256_cfb8, EVP_aria_128_cfb128, EVP_aria_192_cfb128, EVP_aria_256_cfb128, EVP_aria_128_ctr, EVP_aria_192_ctr, EVP_aria_256_ctr, EVP_aria_128_ecb, EVP_aria_192_ecb, EVP_aria_256_ecb, EVP_aria_128_ofb, EVP_aria_192_ofb, EVP_aria_256_ofb, EVP_aria_128_ccm, EVP_aria_192_ccm, EVP_aria_256_ccm, EVP_aria_128_gcm, EVP_aria_192_gcm, EVP_aria_256_gcm, - EVP ARIA cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_ciphername(void)
+ +

EVP_ciphername is used a placeholder for any of the described cipher functions, such as EVP_aria_128_cbc.

+ +

DESCRIPTION

+ +

The ARIA encryption algorithm for EVP.

+ +
+ +
EVP_aria_128_cbc(), EVP_aria_192_cbc(), EVP_aria_256_cbc(), EVP_aria_128_cfb(), EVP_aria_192_cfb(), EVP_aria_256_cfb(), EVP_aria_128_cfb1(), EVP_aria_192_cfb1(), EVP_aria_256_cfb1(), EVP_aria_128_cfb8(), EVP_aria_192_cfb8(), EVP_aria_256_cfb8(), EVP_aria_128_cfb128(), EVP_aria_192_cfb128(), EVP_aria_256_cfb128(), EVP_aria_128_ctr(), EVP_aria_192_ctr(), EVP_aria_256_ctr(), EVP_aria_128_ecb(), EVP_aria_192_ecb(), EVP_aria_256_ecb(), EVP_aria_128_ofb(), EVP_aria_192_ofb(), EVP_aria_256_ofb()
+
+ +

ARIA for 128, 192 and 256 bit keys in the following modes: CBC, CFB with 128-bit shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB and OFB.

+ +
+
EVP_aria_128_ccm(), EVP_aria_192_ccm(), EVP_aria_256_ccm(), EVP_aria_128_gcm(), EVP_aria_192_gcm(), EVP_aria_256_gcm(),
+
+ +

ARIA for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM) and Galois Counter Mode (GCM). These ciphers require additional control operations to function correctly, see the "AEAD Interface" in EVP_EncryptInit(3) section for details.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_bf_cbc.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_bf_cbc.html new file mode 100644 index 00000000..4c6303ad --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_bf_cbc.html @@ -0,0 +1,72 @@ + + + + +EVP_bf_cbc + + + + + + + + + + +

NAME

+ +

EVP_bf_cbc, EVP_bf_cfb, EVP_bf_cfb64, EVP_bf_ecb, EVP_bf_ofb - EVP Blowfish cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_bf_cbc(void)
+const EVP_CIPHER *EVP_bf_cfb(void)
+const EVP_CIPHER *EVP_bf_cfb64(void)
+const EVP_CIPHER *EVP_bf_ecb(void)
+const EVP_CIPHER *EVP_bf_ofb(void)
+ +

DESCRIPTION

+ +

The Blowfish encryption algorithm for EVP.

+ +

This is a variable key length cipher.

+ +
+ +
EVP_bf_cbc(), EVP_bf_cfb(), EVP_bf_cfb64(), EVP_bf_ecb(), EVP_bf_ofb()
+
+ +

Blowfish encryption algorithm in CBC, CFB, ECB and OFB modes respectively.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_blake2b512.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_blake2b512.html new file mode 100644 index 00000000..39dee2b0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_blake2b512.html @@ -0,0 +1,83 @@ + + + + +EVP_blake2b512 + + + + + + + + + + +

NAME

+ +

EVP_blake2b512, EVP_blake2s256 - BLAKE2 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_blake2b512(void);
+const EVP_MD *EVP_blake2s256(void);
+ +

DESCRIPTION

+ +

BLAKE2 is an improved version of BLAKE, which was submitted to the NIST SHA-3 algorithm competition. The BLAKE2s and BLAKE2b algorithms are described in RFC 7693.

+ +
+ +
EVP_blake2s256()
+
+ +

The BLAKE2s algorithm that produces a 256-bit output from a given input.

+ +
+
EVP_blake2b512()
+
+ +

The BLAKE2b algorithm that produces a 512-bit output from a given input.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

RFC 7693.

+ +

NOTES

+ +

While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, this implementation outputs a digest of a fixed length (the maximum length supported), which is 512-bits for BLAKE2b and 256-bits for BLAKE2s.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_camellia.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_camellia.html new file mode 100644 index 00000000..c6eff3a1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_camellia.html @@ -0,0 +1,68 @@ + + + + +EVP_camellia + + + + + + + + + + +

NAME

+ +

EVP_camellia_128_cbc, EVP_camellia_192_cbc, EVP_camellia_256_cbc, EVP_camellia_128_cfb, EVP_camellia_192_cfb, EVP_camellia_256_cfb, EVP_camellia_128_cfb1, EVP_camellia_192_cfb1, EVP_camellia_256_cfb1, EVP_camellia_128_cfb8, EVP_camellia_192_cfb8, EVP_camellia_256_cfb8, EVP_camellia_128_cfb128, EVP_camellia_192_cfb128, EVP_camellia_256_cfb128, EVP_camellia_128_ctr, EVP_camellia_192_ctr, EVP_camellia_256_ctr, EVP_camellia_128_ecb, EVP_camellia_192_ecb, EVP_camellia_256_ecb, EVP_camellia_128_ofb, EVP_camellia_192_ofb, EVP_camellia_256_ofb - EVP Camellia cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_ciphername(void)
+ +

EVP_ciphername is used a placeholder for any of the described cipher functions, such as EVP_camellia_128_cbc.

+ +

DESCRIPTION

+ +

The Camellia encryption algorithm for EVP.

+ +
+ +
EVP_camellia_128_cbc(), EVP_camellia_192_cbc(), EVP_camellia_256_cbc(), EVP_camellia_128_cfb(), EVP_camellia_192_cfb(), EVP_camellia_256_cfb(), EVP_camellia_128_cfb1(), EVP_camellia_192_cfb1(), EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), EVP_camellia_128_cfb128(), EVP_camellia_192_cfb128(), EVP_camellia_256_cfb128(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), EVP_camellia_128_ecb(), EVP_camellia_192_ecb(), EVP_camellia_256_ecb(), EVP_camellia_128_ofb(), EVP_camellia_192_ofb(), EVP_camellia_256_ofb()
+
+ +

Camellia for 128, 192 and 256 bit keys in the following modes: CBC, CFB with 128-bit shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB and OFB.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_cast5_cbc.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_cast5_cbc.html new file mode 100644 index 00000000..a1c37dda --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_cast5_cbc.html @@ -0,0 +1,72 @@ + + + + +EVP_cast5_cbc + + + + + + + + + + +

NAME

+ +

EVP_cast5_cbc, EVP_cast5_cfb, EVP_cast5_cfb64, EVP_cast5_ecb, EVP_cast5_ofb - EVP CAST cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_cast5_cbc(void)
+const EVP_CIPHER *EVP_cast5_cfb(void)
+const EVP_CIPHER *EVP_cast5_cfb64(void)
+const EVP_CIPHER *EVP_cast5_ecb(void)
+const EVP_CIPHER *EVP_cast5_ofb(void)
+ +

DESCRIPTION

+ +

The CAST encryption algorithm for EVP.

+ +

This is a variable key length cipher.

+ +
+ +
EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_cfb64(), EVP_cast5_ofb()
+
+ +

CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_chacha20.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_chacha20.html new file mode 100644 index 00000000..51ae0af4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_chacha20.html @@ -0,0 +1,79 @@ + + + + +EVP_chacha20 + + + + + + + + + + +

NAME

+ +

EVP_chacha20, EVP_chacha20_poly1305 - EVP ChaCha20 stream cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_chacha20(void)
+const EVP_CIPHER *EVP_chacha20_poly1305(void)
+ +

DESCRIPTION

+ +

The ChaCha20 stream cipher for EVP.

+ +
+ +
EVP_chacha20()
+
+ +

The ChaCha20 stream cipher. The key length is 256 bits, the IV is 128 bits long. The first 32 bits consists of a counter in little-endian order followed by a 96 bit nonce. For example a nonce of:

+ +

000000000000000000000002

+ +

With an initial counter of 42 (2a in hex) would be expressed as:

+ +

2a000000000000000000000000000002

+ +
+
EVP_chacha20_poly1305()
+
+ +

Authenticated encryption with ChaCha20-Poly1305. Like EVP_chacha20(), the key is 256 bits and the IV is 96 bits. This supports additional authenticated data (AAD) and produces a 128-bit authentication tag. See the "AEAD Interface" in EVP_EncryptInit(3) section for more information.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_des.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_des.html new file mode 100644 index 00000000..d463a0db --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_des.html @@ -0,0 +1,86 @@ + + + + +EVP_des + + + + + + + + + + +

NAME

+ +

EVP_des_cbc, EVP_des_cfb, EVP_des_cfb1, EVP_des_cfb8, EVP_des_cfb64, EVP_des_ecb, EVP_des_ofb, EVP_des_ede, EVP_des_ede_cbc, EVP_des_ede_cfb, EVP_des_ede_cfb64, EVP_des_ede_ecb, EVP_des_ede_ofb, EVP_des_ede3, EVP_des_ede3_cbc, EVP_des_ede3_cfb, EVP_des_ede3_cfb1, EVP_des_ede3_cfb8, EVP_des_ede3_cfb64, EVP_des_ede3_ecb, EVP_des_ede3_ofb, EVP_des_ede3_wrap - EVP DES cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_ciphername(void)
+ +

EVP_ciphername is used a placeholder for any of the described cipher functions, such as EVP_des_cbc.

+ +

DESCRIPTION

+ +

The DES encryption algorithm for EVP.

+ +
+ +
EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), EVP_des_cfb64(), EVP_des_ofb()
+
+ +

DES in CBC, ECB, CFB with 64-bit shift, CFB with 1-bit shift, CFB with 8-bit shift and OFB modes.

+ +
+
EVP_des_ede(), EVP_des_ede_cbc(), EVP_des_ede_cfb(), EVP_des_ede_cfb64(), EVP_des_ede_ecb(), EVP_des_ede_ofb()
+
+ +

Two key triple DES in ECB, CBC, CFB with 64-bit shift and OFB modes.

+ +
+
EVP_des_ede3(), EVP_des_ede3_cbc(), EVP_des_ede3_cfb(), EVP_des_ede3_cfb1(), EVP_des_ede3_cfb8(), EVP_des_ede3_cfb64(), EVP_des_ede3_ecb(), EVP_des_ede3_ofb()
+
+ +

Three-key triple DES in ECB, CBC, CFB with 64-bit shift, CFB with 1-bit shift, CFB with 8-bit shift and OFB modes.

+ +
+
EVP_des_ede3_wrap()
+
+ +

Triple-DES key wrap according to RFC 3217 Section 3.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_desx_cbc.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_desx_cbc.html new file mode 100644 index 00000000..db5ba954 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_desx_cbc.html @@ -0,0 +1,68 @@ + + + + +EVP_desx_cbc + + + + + + + + + + +

NAME

+ +

EVP_desx_cbc - EVP DES-X cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_desx_cbc(void)
+ +

DESCRIPTION

+ +

The DES-X encryption algorithm for EVP.

+ +

All modes below use a key length of 128 bits and acts on blocks of 128-bits.

+ +
+ +
EVP_desx_cbc()
+
+ +

The DES-X algorithm in CBC mode.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_idea_cbc.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_idea_cbc.html new file mode 100644 index 00000000..85ba7cd9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_idea_cbc.html @@ -0,0 +1,70 @@ + + + + +EVP_idea_cbc + + + + + + + + + + +

NAME

+ +

EVP_idea_cbc, EVP_idea_cfb, EVP_idea_cfb64, EVP_idea_ecb, EVP_idea_ofb - EVP IDEA cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_idea_cbc(void)
+const EVP_CIPHER *EVP_idea_cfb(void)
+const EVP_CIPHER *EVP_idea_cfb64(void)
+const EVP_CIPHER *EVP_idea_ecb(void)
+const EVP_CIPHER *EVP_idea_ofb(void)
+ +

DESCRIPTION

+ +

The IDEA encryption algorithm for EVP.

+ +
+ +
EVP_idea_cbc(), EVP_idea_cfb(), EVP_idea_cfb64(), EVP_idea_ecb(), EVP_idea_ofb()
+
+ +

The IDEA encryption algorithm in CBC, CFB, ECB and OFB modes respectively.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_md2.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_md2.html new file mode 100644 index 00000000..9cf1d534 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_md2.html @@ -0,0 +1,71 @@ + + + + +EVP_md2 + + + + + + + + + + +

NAME

+ +

EVP_md2 - MD2 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_md2(void);
+ +

DESCRIPTION

+ +

MD2 is a cryptographic hash function standardized in RFC 1319 and designed by Ronald Rivest.

+ +
+ +
EVP_md2()
+
+ +

The MD2 algorithm which produces a 128-bit output from a given input.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

IETF RFC 1319.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_md4.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_md4.html new file mode 100644 index 00000000..cc4a6a3e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_md4.html @@ -0,0 +1,71 @@ + + + + +EVP_md4 + + + + + + + + + + +

NAME

+ +

EVP_md4 - MD4 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_md4(void);
+ +

DESCRIPTION

+ +

MD4 is a cryptographic hash function standardized in RFC 1320 and designed by Ronald Rivest, first published in 1990.

+ +
+ +
EVP_md4()
+
+ +

The MD4 algorithm which produces a 128-bit output from a given input.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

IETF RFC 1320.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_md5.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_md5.html new file mode 100644 index 00000000..edb4d8c4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_md5.html @@ -0,0 +1,82 @@ + + + + +EVP_md5 + + + + + + + + + + +

NAME

+ +

EVP_md5, EVP_md5_sha1 - MD5 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_md5(void);
+const EVP_MD *EVP_md5_sha1(void);
+ +

DESCRIPTION

+ +

MD5 is a cryptographic hash function standardized in RFC 1321 and designed by Ronald Rivest.

+ +

The CMU Software Engineering Institute considers MD5 unsuitable for further use since its security has been severely compromised.

+ +
+ +
EVP_md5()
+
+ +

The MD5 algorithm which produces a 128-bit output from a given input.

+ +
+
EVP_md5_sha1()
+
+ +

A hash algorithm of SSL v3 that combines MD5 with SHA-1 as described in RFC 6101.

+ +

WARNING: this algorithm is not intended for non-SSL usage.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

IETF RFC 1321.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_mdc2.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_mdc2.html new file mode 100644 index 00000000..8408d0b7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_mdc2.html @@ -0,0 +1,71 @@ + + + + +EVP_mdc2 + + + + + + + + + + +

NAME

+ +

EVP_mdc2 - MDC-2 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_mdc2(void);
+ +

DESCRIPTION

+ +

MDC-2 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic hash function based on a block cipher.

+ +
+ +
EVP_mdc2()
+
+ +

The MDC-2DES algorithm of using MDC-2 with the DES block cipher. It produces a 128-bit output from a given input.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

ISO/IEC 10118-2:2000 Hash-Function 2, with DES as the underlying block cipher.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_rc2_cbc.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_rc2_cbc.html new file mode 100644 index 00000000..a494ff73 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_rc2_cbc.html @@ -0,0 +1,80 @@ + + + + +EVP_rc2_cbc + + + + + + + + + + +

NAME

+ +

EVP_rc2_cbc, EVP_rc2_cfb, EVP_rc2_cfb64, EVP_rc2_ecb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc - EVP RC2 cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_rc2_cbc(void)
+const EVP_CIPHER *EVP_rc2_cfb(void)
+const EVP_CIPHER *EVP_rc2_cfb64(void)
+const EVP_CIPHER *EVP_rc2_ecb(void)
+const EVP_CIPHER *EVP_rc2_ofb(void)
+const EVP_CIPHER *EVP_rc2_40_cbc(void)
+const EVP_CIPHER *EVP_rc2_64_cbc(void)
+ +

DESCRIPTION

+ +

The RC2 encryption algorithm for EVP.

+ +
+ +
EVP_rc2_cbc(), EVP_rc2_cfb(), EVP_rc2_cfb64(), EVP_rc2_ecb(), EVP_rc2_ofb()
+
+ +

RC2 encryption algorithm in CBC, CFB, ECB and OFB modes respectively. This is a variable key length cipher with an additional parameter called "effective key bits" or "effective key length". By default both are set to 128 bits.

+ +
+
EVP_rc2_40_cbc(), EVP_rc2_64_cbc()
+
+ +

RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits.

+ +

WARNING: these functions are obsolete. Their usage should be replaced with the EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and EVP_CIPHER_CTX_ctrl() functions to set the key length and effective key length.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_rc4.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_rc4.html new file mode 100644 index 00000000..2f9a1b5f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_rc4.html @@ -0,0 +1,84 @@ + + + + +EVP_rc4 + + + + + + + + + + +

NAME

+ +

EVP_rc4, EVP_rc4_40, EVP_rc4_hmac_md5 - EVP RC4 stream cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_rc4(void)
+const EVP_CIPHER *EVP_rc4_40(void)
+const EVP_CIPHER *EVP_rc4_hmac_md5(void)
+ +

DESCRIPTION

+ +

The RC4 stream cipher for EVP.

+ +
+ +
EVP_rc4()
+
+ +

RC4 stream cipher. This is a variable key length cipher with a default key length of 128 bits.

+ +
+
EVP_rc4_40()
+
+ +

RC4 stream cipher with 40 bit key length.

+ +

WARNING: this function is obsolete. Its usage should be replaced with the EVP_rc4() and the EVP_CIPHER_CTX_set_key_length() functions.

+ +
+
EVP_rc4_hmac_md5()
+
+ +

Authenticated encryption with the RC4 stream cipher with MD5 as HMAC.

+ +

WARNING: this is not intended for usage outside of TLS and requires calling of some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD interface.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_rc5_32_12_16_cbc.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_rc5_32_12_16_cbc.html new file mode 100644 index 00000000..01ee65a7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_rc5_32_12_16_cbc.html @@ -0,0 +1,88 @@ + + + + +EVP_rc5_32_12_16_cbc + + + + + + + + + + +

NAME

+ +

EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_cfb64, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb - EVP RC5 cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void)
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void)
+const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void)
+const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void)
+ +

DESCRIPTION

+ +

The RC5 encryption algorithm for EVP.

+ +
+ +
EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_cfb64(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_ofb()
+
+ +

RC5 encryption algorithm in CBC, CFB, ECB and OFB modes respectively. This is a variable key length cipher with an additional "number of rounds" parameter. By default the key length is set to 128 bits and 12 rounds. Alternative key lengths can be set using EVP_CIPHER_CTX_set_key_length(3). The maximum key length is 2040 bits.

+ +

The following rc5 specific ctrls are supported (see EVP_CIPHER_CTX_ctrl(3)).

+ +
+ +
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)
+
+ +

Sets the number of rounds to rounds. This must be one of RC5_8_ROUNDS, RC5_12_ROUNDS or RC5_16_ROUNDS.

+ +
+
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds)
+
+ +

Stores the number of rounds currently configured in *rounds where *rounds is an int.

+ +
+
+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_ripemd160.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_ripemd160.html new file mode 100644 index 00000000..8e5b880a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_ripemd160.html @@ -0,0 +1,71 @@ + + + + +EVP_ripemd160 + + + + + + + + + + +

NAME

+ +

EVP_ripemd160 - RIPEMD160 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_ripemd160(void);
+ +

DESCRIPTION

+ +

RIPEMD-160 is a cryptographic hash function first published in 1996 belonging to the RIPEMD family (RACE Integrity Primitives Evaluation Message Digest).

+ +
+ +
EVP_ripemd160()
+
+ +

The RIPEMD-160 algorithm which produces a 160-bit output from a given input.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

ISO/IEC 10118-3:2016 Dedicated Hash-Function 1 (RIPEMD-160).

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_seed_cbc.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_seed_cbc.html new file mode 100644 index 00000000..bb87fa06 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_seed_cbc.html @@ -0,0 +1,72 @@ + + + + +EVP_seed_cbc + + + + + + + + + + +

NAME

+ +

EVP_seed_cbc, EVP_seed_cfb, EVP_seed_cfb128, EVP_seed_ecb, EVP_seed_ofb - EVP SEED cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_seed_cbc(void)
+const EVP_CIPHER *EVP_seed_cfb(void)
+const EVP_CIPHER *EVP_seed_cfb128(void)
+const EVP_CIPHER *EVP_seed_ecb(void)
+const EVP_CIPHER *EVP_seed_ofb(void)
+ +

DESCRIPTION

+ +

The SEED encryption algorithm for EVP.

+ +

All modes below use a key length of 128 bits and acts on blocks of 128-bits.

+ +
+ +
EVP_seed_cbc(), EVP_seed_cfb(), EVP_seed_cfb128(), EVP_seed_ecb(), EVP_seed_ofb()
+
+ +

The SEED encryption algorithm in CBC, CFB, ECB and OFB modes respectively.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_sha1.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_sha1.html new file mode 100644 index 00000000..1ec7299d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_sha1.html @@ -0,0 +1,71 @@ + + + + +EVP_sha1 + + + + + + + + + + +

NAME

+ +

EVP_sha1 - SHA-1 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_sha1(void);
+ +

DESCRIPTION

+ +

SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function standardized in NIST FIPS 180-4. The algorithm was designed by the United States National Security Agency and initially published in 1995.

+ +
+ +
EVP_sha1()
+
+ +

The SHA-1 algorithm which produces a 160-bit output from a given input.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

NIST FIPS 180-4.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_sha224.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_sha224.html new file mode 100644 index 00000000..81f3b433 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_sha224.html @@ -0,0 +1,78 @@ + + + + +EVP_sha224 + + + + + + + + + + +

NAME

+ +

EVP_sha224, EVP_sha256, EVP_sha512_224, EVP_sha512_256, EVP_sha384, EVP_sha512 - SHA-2 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_sha224(void);
+const EVP_MD *EVP_sha256(void);
+const EVP_MD *EVP_sha512_224(void);
+const EVP_MD *EVP_sha512_256(void);
+const EVP_MD *EVP_sha384(void);
+const EVP_MD *EVP_sha512(void);
+ +

DESCRIPTION

+ +

SHA-2 (Secure Hash Algorithm 2) is a family of cryptographic hash functions standardized in NIST FIPS 180-4, first published in 2001.

+ +
+ +
EVP_sha224(), EVP_sha256(), EVP_sha512_224, EVP_sha512_256, EVP_sha384(), EVP_sha512()
+
+ +

The SHA-2 SHA-224, SHA-256, SHA-512/224, SHA512/256, SHA-384 and SHA-512 algorithms, which generate 224, 256, 224, 256, 384 and 512 bits respectively of output from a given input.

+ +

The two algorithms: SHA-512/224 and SHA512/256 are truncated forms of the SHA-512 algorithm. They are distinct from SHA-224 and SHA-256 even though their outputs are of the same size.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

NIST FIPS 180-4.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_sha3_224.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_sha3_224.html new file mode 100644 index 00000000..72707088 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_sha3_224.html @@ -0,0 +1,85 @@ + + + + +EVP_sha3_224 + + + + + + + + + + +

NAME

+ +

EVP_sha3_224, EVP_sha3_256, EVP_sha3_384, EVP_sha3_512, EVP_shake128, EVP_shake256 - SHA-3 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_sha3_224(void);
+const EVP_MD *EVP_sha3_256(void);
+const EVP_MD *EVP_sha3_384(void);
+const EVP_MD *EVP_sha3_512(void);
+
+const EVP_MD *EVP_shake128(void);
+const EVP_MD *EVP_shake256(void);
+ +

DESCRIPTION

+ +

SHA-3 (Secure Hash Algorithm 3) is a family of cryptographic hash functions standardized in NIST FIPS 202, first published in 2015. It is based on the Keccak algorithm.

+ +
+ +
EVP_sha3_224(), EVP_sha3_256(), EVP_sha3_384(), EVP_sha3_512()
+
+ +

The SHA-3 SHA-3-224, SHA-3-256, SHA-3-384, and SHA-3-512 algorithms respectively. They produce 224, 256, 384 and 512 bits of output from a given input.

+ +
+
EVP_shake128(), EVP_shake256()
+
+ +

The SHAKE-128 and SHAKE-256 Extendable Output Functions (XOF) that can generate a variable hash length.

+ +

Specifically, EVP_shake128 provides an overall security of 128 bits, while EVP_shake256 provides that of 256 bits.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

NIST FIPS 202.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_sm3.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_sm3.html new file mode 100644 index 00000000..cca78651 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_sm3.html @@ -0,0 +1,71 @@ + + + + +EVP_sm3 + + + + + + + + + + +

NAME

+ +

EVP_sm3 - SM3 for EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_sm3(void);
+ +

DESCRIPTION

+ +

SM3 is a cryptographic hash function with a 256-bit output, defined in GB/T 32905-2016.

+ +
+ +
EVP_sm3()
+
+ +

The SM3 hash function.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

GB/T 32905-2016 and GM/T 0004-2012.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Copyright 2017 Ribose Inc. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_sm4_cbc.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_sm4_cbc.html new file mode 100644 index 00000000..8579a1aa --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_sm4_cbc.html @@ -0,0 +1,73 @@ + + + + +EVP_sm4_cbc + + + + + + + + + + +

NAME

+ +

EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, EVP_sm4_cfb128, EVP_sm4_ofb, EVP_sm4_ctr - EVP SM4 cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_sm4_cbc(void);
+const EVP_CIPHER *EVP_sm4_ecb(void);
+const EVP_CIPHER *EVP_sm4_cfb(void);
+const EVP_CIPHER *EVP_sm4_cfb128(void);
+const EVP_CIPHER *EVP_sm4_ofb(void);
+const EVP_CIPHER *EVP_sm4_ctr(void);
+ +

DESCRIPTION

+ +

The SM4 blockcipher (GB/T 32907-2016) for EVP.

+ +

All modes below use a key length of 128 bits and acts on blocks of 128 bits.

+ +
+ +
EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), EVP_sm4_cfb128(), EVP_sm4_ofb(), EVP_sm4_ctr()
+
+ +

The SM4 blockcipher with a 128-bit key in CBC, ECB, CFB, OFB and CTR modes respectively.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Copyright 2017 Ribose Inc. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_whirlpool.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_whirlpool.html new file mode 100644 index 00000000..528d3578 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/EVP_whirlpool.html @@ -0,0 +1,71 @@ + + + + +EVP_whirlpool + + + + + + + + + + +

NAME

+ +

EVP_whirlpool - WHIRLPOOL For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_whirlpool(void);
+ +

DESCRIPTION

+ +

WHIRLPOOL is a cryptographic hash function standardized in ISO/IEC 10118-3:2004 designed by Vincent Rijmen and Paulo S. L. M. Barreto.

+ +
+ +
EVP_whirlpool()
+
+ +

The WHIRLPOOL algorithm that produces a message digest of 512-bits from a given input.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

ISO/IEC 10118-3:2004.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/HMAC.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/HMAC.html new file mode 100644 index 00000000..528fd531 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/HMAC.html @@ -0,0 +1,137 @@ + + + + +HMAC + + + + + + + + + + +

NAME

+ +

HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags, HMAC_CTX_get_md, HMAC_size - HMAC message authentication code

+ +

SYNOPSIS

+ +
#include <openssl/hmac.h>
+
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
+                    int key_len, const unsigned char *d, int n,
+                    unsigned char *md, unsigned int *md_len);
+
+HMAC_CTX *HMAC_CTX_new(void);
+int HMAC_CTX_reset(HMAC_CTX *ctx);
+
+int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
+                 const EVP_MD *md, ENGINE *impl);
+int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+
+void HMAC_CTX_free(HMAC_CTX *ctx);
+
+int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
+const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
+
+size_t HMAC_size(const HMAC_CTX *e);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10100000L
+int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
+              const EVP_MD *md);
+#endif
+ +

DESCRIPTION

+ +

HMAC is a MAC (message authentication code), i.e. a keyed hash function used for message authentication, which is based on a hash function.

+ +

HMAC() computes the message authentication code of the n bytes at d using the hash function evp_md and the key key which is key_len bytes long.

+ +

It places the result in md (which must have space for the output of the hash function, which is no more than EVP_MAX_MD_SIZE bytes). If md is NULL, the digest is placed in a static array. The size of the output is placed in md_len, unless it is NULL. Note: passing a NULL value for md to use the static array is not thread safe.

+ +

evp_md is a message digest such as EVP_sha1(), EVP_ripemd160() etc. HMAC does not support variable output length digests such as EVP_shake128() and EVP_shake256().

+ +

HMAC_CTX_new() creates a new HMAC_CTX in heap memory.

+ +

HMAC_CTX_reset() zeroes an existing HMAC_CTX and associated resources, making it suitable for new computations as if it was newly created with HMAC_CTX_new().

+ +

HMAC_CTX_free() erases the key and other data from the HMAC_CTX, releases any associated resources and finally frees the HMAC_CTX itself.

+ +

The following functions may be used if the message is not completely stored in memory:

+ +

HMAC_Init_ex() initializes or reuses a HMAC_CTX structure to use the hash function evp_md and key key. If both are NULL, or if key is NULL and evp_md is the same as the previous call, then the existing key is reused. ctx must have been created with HMAC_CTX_new() before the first use of an HMAC_CTX in this function.

+ +

If HMAC_Init_ex() is called with key NULL and evp_md is not the same as the previous digest used by ctx then an error is returned because reuse of an existing key with a different digest is not supported.

+ +

HMAC_Init() initializes a HMAC_CTX structure to use the hash function evp_md and the key key which is key_len bytes long.

+ +

HMAC_Update() can be called repeatedly with chunks of the message to be authenticated (len bytes at data).

+ +

HMAC_Final() places the message authentication code in md, which must have space for the hash function output.

+ +

HMAC_CTX_copy() copies all of the internal state from sctx into dctx.

+ +

HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs. These flags have the same meaning as for EVP_MD_CTX_set_flags(3).

+ +

HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the supplied HMAC_CTX.

+ +

HMAC_size() returns the length in bytes of the underlying hash function output.

+ +

RETURN VALUES

+ +

HMAC() returns a pointer to the message authentication code or NULL if an error occurred.

+ +

HMAC_CTX_new() returns a pointer to a new HMAC_CTX on success or NULL if an error occurred.

+ +

HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and HMAC_CTX_copy() return 1 for success or 0 if an error occurred.

+ +

HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or NULL if no EVP_MD has been set.

+ +

HMAC_size() returns the length in bytes of the underlying hash function output or zero on error.

+ +

CONFORMING TO

+ +

RFC 2104

+ +

SEE ALSO

+ +

SHA1(3), evp(7)

+ +

HISTORY

+ +

HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0.

+ +

HMAC_CTX_cleanup() existed in OpenSSL before version 1.1.0.

+ +

HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL 1.1.0.

+ +

HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in OpenSSL before version 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/MD5.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/MD5.html new file mode 100644 index 00000000..2e9c4f51 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/MD5.html @@ -0,0 +1,104 @@ + + + + +MD5 + + + + + + + + + + +

NAME

+ +

MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions

+ +

SYNOPSIS

+ +
#include <openssl/md2.h>
+
+unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md);
+
+int MD2_Init(MD2_CTX *c);
+int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len);
+int MD2_Final(unsigned char *md, MD2_CTX *c);
+
+
+#include <openssl/md4.h>
+
+unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md);
+
+int MD4_Init(MD4_CTX *c);
+int MD4_Update(MD4_CTX *c, const void *data, unsigned long len);
+int MD4_Final(unsigned char *md, MD4_CTX *c);
+
+
+#include <openssl/md5.h>
+
+unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md);
+
+int MD5_Init(MD5_CTX *c);
+int MD5_Update(MD5_CTX *c, const void *data, unsigned long len);
+int MD5_Final(unsigned char *md, MD5_CTX *c);
+ +

DESCRIPTION

+ +

MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output.

+ +

MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest of the n bytes at d and place it in md (which must have space for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16 bytes of output). If md is NULL, the digest is placed in a static array.

+ +

The following functions may be used if the message is not completely stored in memory:

+ +

MD2_Init() initializes a MD2_CTX structure.

+ +

MD2_Update() can be called repeatedly with chunks of the message to be hashed (len bytes at data).

+ +

MD2_Final() places the message digest in md, which must have space for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the MD2_CTX.

+ +

MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() are analogous using an MD4_CTX and MD5_CTX structure.

+ +

Applications should use the higher level functions EVP_DigestInit(3) etc. instead of calling the hash functions directly.

+ +

NOTE

+ +

MD2, MD4, and MD5 are recommended only for compatibility with existing applications. In new applications, SHA-1 or RIPEMD-160 should be preferred.

+ +

RETURN VALUES

+ +

MD2(), MD4(), and MD5() return pointers to the hash value.

+ +

MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for success, 0 otherwise.

+ +

CONFORMING TO

+ +

RFC 1319, RFC 1320, RFC 1321

+ +

SEE ALSO

+ +

EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/MDC2_Init.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/MDC2_Init.html new file mode 100644 index 00000000..208f3274 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/MDC2_Init.html @@ -0,0 +1,81 @@ + + + + +MDC2_Init + + + + + + + + + + +

NAME

+ +

MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function

+ +

SYNOPSIS

+ +
#include <openssl/mdc2.h>
+
+unsigned char *MDC2(const unsigned char *d, unsigned long n,
+                    unsigned char *md);
+
+int MDC2_Init(MDC2_CTX *c);
+int MDC2_Update(MDC2_CTX *c, const unsigned char *data,
+                unsigned long len);
+int MDC2_Final(unsigned char *md, MDC2_CTX *c);
+ +

DESCRIPTION

+ +

MDC2 is a method to construct hash functions with 128 bit output from block ciphers. These functions are an implementation of MDC2 with DES.

+ +

MDC2() computes the MDC2 message digest of the n bytes at d and places it in md (which must have space for MDC2_DIGEST_LENGTH == 16 bytes of output). If md is NULL, the digest is placed in a static array.

+ +

The following functions may be used if the message is not completely stored in memory:

+ +

MDC2_Init() initializes a MDC2_CTX structure.

+ +

MDC2_Update() can be called repeatedly with chunks of the message to be hashed (len bytes at data).

+ +

MDC2_Final() places the message digest in md, which must have space for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the MDC2_CTX.

+ +

Applications should use the higher level functions EVP_DigestInit(3) etc. instead of calling the hash functions directly.

+ +

RETURN VALUES

+ +

MDC2() returns a pointer to the hash value.

+ +

MDC2_Init(), MDC2_Update() and MDC2_Final() return 1 for success, 0 otherwise.

+ +

CONFORMING TO

+ +

ISO/IEC 10118-2:2000 Hash-Function 2, with DES as the underlying block cipher.

+ +

SEE ALSO

+ +

EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OBJ_nid2obj.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OBJ_nid2obj.html new file mode 100644 index 00000000..3b60824d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OBJ_nid2obj.html @@ -0,0 +1,165 @@ + + + + +OBJ_nid2obj + + + + + + + + + + +

NAME

+ +

i2t_ASN1_OBJECT, OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup - ASN1 object utility functions

+ +

SYNOPSIS

+ +
#include <openssl/objects.h>
+
+ASN1_OBJECT *OBJ_nid2obj(int n);
+const char *OBJ_nid2ln(int n);
+const char *OBJ_nid2sn(int n);
+
+int OBJ_obj2nid(const ASN1_OBJECT *o);
+int OBJ_ln2nid(const char *ln);
+int OBJ_sn2nid(const char *sn);
+
+int OBJ_txt2nid(const char *s);
+
+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name);
+int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+
+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
+
+int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o);
+
+int OBJ_create(const char *oid, const char *sn, const char *ln);
+
+size_t OBJ_length(const ASN1_OBJECT *obj);
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10100000L
+void OBJ_cleanup(void)
+#endif
+ +

DESCRIPTION

+ +

The ASN1 object utility functions process ASN1_OBJECT structures which are a representation of the ASN1 OBJECT IDENTIFIER (OID) type. For convenience, OIDs are usually represented in source code as numeric identifiers, or NIDs. OpenSSL has an internal table of OIDs that are generated when the library is built, and their corresponding NIDs are available as defined constants. For the functions below, application code should treat all returned values -- OIDs, NIDs, or names -- as constants.

+ +

OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID n to an ASN1_OBJECT structure, its long name and its short name respectively, or NULL if an error occurred.

+ +

OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID for the object o, the long name <ln> or the short name <sn> respectively or NID_undef if an error occurred.

+ +

OBJ_txt2nid() returns NID corresponding to text string <s>. s can be a long name, a short name or the numerical representation of an object.

+ +

OBJ_txt2obj() converts the text string s into an ASN1_OBJECT structure. If no_name is 0 then long names and short names will be interpreted as well as numerical forms. If no_name is 1 only the numerical form is acceptable.

+ +

OBJ_obj2txt() converts the ASN1_OBJECT a into a textual representation. The representation is written as a null terminated string to buf at most buf_len bytes are written, truncating the result if necessary. The total amount of space required is returned. If no_name is 0 then if the object has a long or short name then that will be used, otherwise the numerical form will be used. If no_name is 1 then the numerical form will always be used.

+ +

i2t_ASN1_OBJECT() is the same as OBJ_obj2txt() with the no_name set to zero.

+ +

OBJ_cmp() compares a to b. If the two are identical 0 is returned.

+ +

OBJ_dup() returns a copy of o.

+ +

OBJ_create() adds a new object to the internal table. oid is the numerical form of the object, sn the short name and ln the long name. A new NID is returned for the created object in case of success and NID_undef in case of failure.

+ +

OBJ_length() returns the size of the content octets of obj.

+ +

OBJ_get0_data() returns a pointer to the content octets of obj. The returned pointer is an internal pointer which must not be freed.

+ +

OBJ_cleanup() releases any resources allocated by creating new objects.

+ +

NOTES

+ +

Objects in OpenSSL can have a short name, a long name and a numerical identifier (NID) associated with them. A standard set of objects is represented in an internal table. The appropriate values are defined in the header file objects.h.

+ +

For example the OID for commonName has the following definitions:

+ +
#define SN_commonName                   "CN"
+#define LN_commonName                   "commonName"
+#define NID_commonName                  13
+ +

New objects can be added by calling OBJ_create().

+ +

Table objects have certain advantages over other objects: for example their NIDs can be used in a C language switch statement. They are also static constant structures which are shared: that is there is only a single constant structure for each table object.

+ +

Objects which are not in the table have the NID value NID_undef.

+ +

Objects do not need to be in the internal tables to be processed, the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical form of an OID.

+ +

Some objects are used to represent algorithms which do not have a corresponding ASN.1 OBJECT IDENTIFIER encoding (for example no OID currently exists for a particular algorithm). As a result they cannot be encoded or decoded as part of ASN.1 structures. Applications can determine if there is a corresponding OBJECT IDENTIFIER by checking OBJ_length() is not zero.

+ +

These functions cannot return const because an ASN1_OBJECT can represent both an internal, constant, OID and a dynamically-created one. The latter cannot be constant because it needs to be freed after use.

+ +

RETURN VALUES

+ +

OBJ_nid2obj() returns an ASN1_OBJECT structure or NULL is an error occurred.

+ +

OBJ_nid2ln() and OBJ_nid2sn() returns a valid string or NULL on error.

+ +

OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return a NID or NID_undef on error.

+ +

EXAMPLES

+ +

Create an object for commonName:

+ +
ASN1_OBJECT *o = OBJ_nid2obj(NID_commonName);
+ +

Check if an object is commonName

+ +
if (OBJ_obj2nid(obj) == NID_commonName)
+    /* Do something */
+ +

Create a new NID and initialize an object from it:

+ +
int new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
+ASN1_OBJECT *obj = OBJ_nid2obj(new_nid);
+ +

Create a new object directly:

+ +
obj = OBJ_txt2obj("1.2.3.4", 1);
+ +

BUGS

+ +

OBJ_obj2txt() is awkward and messy to use: it doesn't follow the convention of other OpenSSL functions where the buffer can be set to NULL to determine the amount of data that should be written. Instead buf must point to a valid buffer and buf_len should be set to a positive value. A buffer length of 80 should be more than enough to handle any OID encountered in practice.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

HISTORY

+ +

OBJ_cleanup() was deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto(3) and should not be used.

+ +

COPYRIGHT

+ +

Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_REQUEST_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_REQUEST_new.html new file mode 100644 index 00000000..dffbb711 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_REQUEST_new.html @@ -0,0 +1,117 @@ + + + + +OCSP_REQUEST_new + + + + + + + + + + +

NAME

+ +

OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, OCSP_request_add1_cert, OCSP_request_onereq_count, OCSP_request_onereq_get0 - OCSP request functions

+ +

SYNOPSIS

+ +
#include <openssl/ocsp.h>
+
+OCSP_REQUEST *OCSP_REQUEST_new(void);
+void OCSP_REQUEST_free(OCSP_REQUEST *req);
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
+
+int OCSP_request_sign(OCSP_REQUEST *req,
+                      X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                      STACK_OF(X509) *certs, unsigned long flags);
+
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req);
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
+ +

DESCRIPTION

+ +

OCSP_REQUEST_new() allocates and returns an empty OCSP_REQUEST structure.

+ +

OCSP_REQUEST_free() frees up the request structure req.

+ +

OCSP_request_add0_id() adds certificate ID cid to req. It returns the OCSP_ONEREQ structure added so an application can add additional extensions to the request. The id parameter MUST NOT be freed up after the operation.

+ +

OCSP_request_sign() signs OCSP request req using certificate signer, private key key, digest dgst and additional certificates certs. If the flags option OCSP_NOCERTS is set then no certificates will be included in the request.

+ +

OCSP_request_add1_cert() adds certificate cert to request req. The application is responsible for freeing up cert after use.

+ +

OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ structures in req.

+ +

OCSP_request_onereq_get0() returns an internal pointer to the OCSP_ONEREQ contained in req of index i. The index value i runs from 0 to OCSP_request_onereq_count(req) - 1.

+ +

RETURN VALUES

+ +

OCSP_REQUEST_new() returns an empty OCSP_REQUEST structure or NULL if an error occurred.

+ +

OCSP_request_add0_id() returns the OCSP_ONEREQ structure containing cid or NULL if an error occurred.

+ +

OCSP_request_sign() and OCSP_request_add1_cert() return 1 for success and 0 for failure.

+ +

OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ structures in req.

+ +

OCSP_request_onereq_get0() returns a pointer to an OCSP_ONEREQ structure or NULL if the index value is out or range.

+ +

NOTES

+ +

An OCSP request structure contains one or more OCSP_ONEREQ structures corresponding to each certificate.

+ +

OCSP_request_onereq_count() and OCSP_request_onereq_get0() are mainly used by OCSP responders.

+ +

EXAMPLES

+ +

Create an OCSP_REQUEST structure for certificate cert with issuer issuer:

+ +
OCSP_REQUEST *req;
+OCSP_ID *cid;
+
+req = OCSP_REQUEST_new();
+if (req == NULL)
+   /* error */
+cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
+if (cid == NULL)
+   /* error */
+
+if (OCSP_REQUEST_add0_id(req, cid) == NULL)
+   /* error */
+
+/* Do something with req, e.g. query responder */
+
+OCSP_REQUEST_free(req);
+ +

SEE ALSO

+ +

crypto(7), OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_resp_find_status(3), OCSP_response_status(3), OCSP_sendreq_new(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_cert_to_id.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_cert_to_id.html new file mode 100644 index 00000000..e7d3fa00 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_cert_to_id.html @@ -0,0 +1,94 @@ + + + + +OCSP_cert_to_id + + + + + + + + + + +

NAME

+ +

OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, OCSP_id_cmp, OCSP_id_get0_info - OCSP certificate ID utility functions

+ +

SYNOPSIS

+ +
#include <openssl/ocsp.h>
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst,
+                             X509 *subject, X509 *issuer);
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+                              X509_NAME *issuerName,
+                              ASN1_BIT_STRING *issuerKey,
+                              ASN1_INTEGER *serialNumber);
+
+void OCSP_CERTID_free(OCSP_CERTID *id);
+
+int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
+int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
+
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+                      ASN1_OCTET_STRING **pikeyHash,
+                      ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+ +

DESCRIPTION

+ +

OCSP_cert_to_id() creates and returns a new OCSP_CERTID structure using message digest dgst for certificate subject with issuer issuer. If dgst is NULL then SHA1 is used.

+ +

OCSP_cert_id_new() creates and returns a new OCSP_CERTID using dgst and issuer name issuerName, issuer key hash issuerKey and serial number serialNumber.

+ +

OCSP_CERTID_free() frees up id.

+ +

OCSP_id_cmp() compares OCSP_CERTID a and b.

+ +

OCSP_id_issuer_cmp() compares only the issuer name of OCSP_CERTID a and b.

+ +

OCSP_id_get0_info() returns the issuer name hash, hash OID, issuer key hash and serial number contained in cid. If any of the values are not required the corresponding parameter can be set to NULL.

+ +

RETURN VALUES

+ +

OCSP_cert_to_id() and OCSP_cert_id_new() return either a pointer to a valid OCSP_CERTID structure or NULL if an error occurred.

+ +

OCSP_id_cmp() and OCSP_id_issuer_cmp() returns zero for a match and non-zero otherwise.

+ +

OCSP_CERTID_free() does not return a value.

+ +

OCSP_id_get0_info() returns 1 for success and 0 for failure.

+ +

NOTES

+ +

OCSP clients will typically only use OCSP_cert_to_id() or OCSP_cert_id_new(): the other functions are used by responder applications.

+ +

The values returned by OCSP_id_get0_info() are internal pointers and MUST NOT be freed up by an application: they will be freed when the corresponding OCSP_CERTID structure is freed.

+ +

SEE ALSO

+ +

crypto(7), OCSP_request_add1_nonce(3), OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_response_status(3), OCSP_sendreq_new(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_request_add1_nonce.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_request_add1_nonce.html new file mode 100644 index 00000000..1fb5c504 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_request_add1_nonce.html @@ -0,0 +1,82 @@ + + + + +OCSP_request_add1_nonce + + + + + + + + + + +

NAME

+ +

OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce - OCSP nonce functions

+ +

SYNOPSIS

+ +
#include <openssl/ocsp.h>
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp);
+ +

DESCRIPTION

+ +

OCSP_request_add1_nonce() adds a nonce of value val and length len to OCSP request req. If val is NULL a random nonce is used. If len is zero or negative a default length will be used (currently 16 bytes).

+ +

OCSP_basic_add1_nonce() is identical to OCSP_request_add1_nonce() except it adds a nonce to OCSP basic response resp.

+ +

OCSP_check_nonce() compares the nonce value in req and resp.

+ +

OCSP_copy_nonce() copies any nonce value present in req to resp.

+ +

RETURN VALUES

+ +

OCSP_request_add1_nonce() and OCSP_basic_add1_nonce() return 1 for success and 0 for failure.

+ +

OCSP_copy_nonce() returns 1 if a nonce was successfully copied, 2 if no nonce was present in req and 0 if an error occurred.

+ +

OCSP_check_nonce() returns the result of the nonce comparison between req and resp. The return value indicates the result of the comparison. If nonces are present and equal 1 is returned. If the nonces are absent 2 is returned. If a nonce is present in the response only 3 is returned. If nonces are present and unequal 0 is returned. If the nonce is present in the request only then -1 is returned.

+ +

NOTES

+ +

For most purposes the nonce value in a request is set to a random value so the val parameter in OCSP_request_add1_nonce() is usually NULL.

+ +

An OCSP nonce is typically added to an OCSP request to thwart replay attacks by checking the same nonce value appears in the response.

+ +

Some responders may include a nonce in all responses even if one is not supplied.

+ +

Some responders cache OCSP responses and do not sign each response for performance reasons. As a result they do not support nonces.

+ +

The return values of OCSP_check_nonce() can be checked to cover each case. A positive return value effectively indicates success: nonces are both present and match, both absent or present in the response only. A non-zero return additionally covers the case where the nonce is present in the request only: this will happen if the responder doesn't support nonces. A zero return value indicates present and mismatched nonces: this should be treated as an error condition.

+ +

SEE ALSO

+ +

crypto(7), OCSP_cert_to_id(3), OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_response_status(3), OCSP_sendreq_new(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_resp_find_status.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_resp_find_status.html new file mode 100644 index 00000000..cd47020d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_resp_find_status.html @@ -0,0 +1,140 @@ + + + + +OCSP_resp_find_status + + + + + + + + + + +

NAME

+ +

OCSP_resp_get0_certs, OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get1_id, OCSP_resp_get0_produced_at, OCSP_resp_get0_signature, OCSP_resp_get0_tbs_sigalg, OCSP_resp_get0_respdata, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity, OCSP_basic_verify - OCSP response utility functions

+ +

SYNOPSIS

+ +
#include <openssl/ocsp.h>
+
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+                          int *reason,
+                          ASN1_GENERALIZEDTIME **revtime,
+                          ASN1_GENERALIZEDTIME **thisupd,
+                          ASN1_GENERALIZEDTIME **nextupd);
+
+int OCSP_resp_count(OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+                            ASN1_GENERALIZEDTIME **revtime,
+                            ASN1_GENERALIZEDTIME **thisupd,
+                            ASN1_GENERALIZEDTIME **nextupd);
+
+const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(
+                            const OCSP_BASICRESP* single);
+
+const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs);
+const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs);
+const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs);
+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
+
+int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+                          STACK_OF(X509) *extra_certs);
+
+int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                      const ASN1_OCTET_STRING **pid,
+                      const X509_NAME **pname);
+int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
+                      ASN1_OCTET_STRING **pid,
+                      X509_NAME **pname);
+
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+                        ASN1_GENERALIZEDTIME *nextupd,
+                        long sec, long maxsec);
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+                     X509_STORE *st, unsigned long flags);
+ +

DESCRIPTION

+ +

OCSP_resp_find_status() searches bs for an OCSP response for id. If it is successful the fields of the response are returned in *status, *reason, *revtime, *thisupd and *nextupd. The *status value will be one of V_OCSP_CERTSTATUS_GOOD, V_OCSP_CERTSTATUS_REVOKED or V_OCSP_CERTSTATUS_UNKNOWN. The *reason and *revtime fields are only set if the status is V_OCSP_CERTSTATUS_REVOKED. If set the *reason field will be set to the revocation reason which will be one of OCSP_REVOKED_STATUS_NOSTATUS, OCSP_REVOKED_STATUS_UNSPECIFIED, OCSP_REVOKED_STATUS_KEYCOMPROMISE, OCSP_REVOKED_STATUS_CACOMPROMISE, OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, OCSP_REVOKED_STATUS_SUPERSEDED, OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, OCSP_REVOKED_STATUS_CERTIFICATEHOLD or OCSP_REVOKED_STATUS_REMOVEFROMCRL.

+ +

OCSP_resp_count() returns the number of OCSP_SINGLERESP structures in bs.

+ +

OCSP_resp_get0() returns the OCSP_SINGLERESP structure in bs corresponding to index idx. Where idx runs from 0 to OCSP_resp_count(bs) - 1.

+ +

OCSP_resp_find() searches bs for id and returns the index of the first matching entry after last or starting from the beginning if last is -1.

+ +

OCSP_single_get0_status() extracts the fields of single in *reason, *revtime, *thisupd and *nextupd.

+ +

OCSP_resp_get0_produced_at() extracts the producedAt field from the single response bs.

+ +

OCSP_resp_get0_signature() returns the signature from bs.

+ +

OCSP_resp_get0_tbs_sigalg() returns the signatureAlgorithm from bs.

+ +

OCSP_resp_get0_respdata() returns the tbsResponseData from bs.

+ +

OCSP_resp_get0_certs() returns any certificates included in bs.

+ +

OCSP_resp_get0_signer() attempts to retrieve the certificate that directly signed bs. The OCSP protocol does not require that this certificate is included in the certs field of the response, so additional certificates can be supplied in extra_certs if the certificates that may have signed the response are known via some out-of-band mechanism.

+ +

OCSP_resp_get0_id() gets the responder id of bs. If the responder ID is a name then <*pname> is set to the name and *pid is set to NULL. If the responder ID is by key ID then *pid is set to the key ID and *pname is set to NULL. OCSP_resp_get1_id() leaves ownership of *pid and *pname with the caller, who is responsible for freeing them. Both functions return 1 in case of success and 0 in case of failure. If OCSP_resp_get1_id() returns 0, no freeing of the results is necessary.

+ +

OCSP_check_validity() checks the validity of thisupd and nextupd values which will be typically obtained from OCSP_resp_find_status() or OCSP_single_get0_status(). If sec is non-zero it indicates how many seconds leeway should be allowed in the check. If maxsec is positive it indicates the maximum age of thisupd in seconds.

+ +

OCSP_basic_verify() checks that the basic response message bs is correctly signed and that the signer certificate can be validated. It takes st as the trusted store and certs as a set of untrusted intermediate certificates. The function first tries to find the signer certificate of the response in <certs>. It also searches the certificates the responder may have included in bs unless the flags contain OCSP_NOINTERN. It fails if the signer certificate cannot be found. Next, the function checks the signature of bs and fails on error unless the flags contain OCSP_NOSIGS. Then the function already returns success if the flags contain OCSP_NOVERIFY or if the signer certificate was found in certs and the flags contain OCSP_TRUSTOTHER. Otherwise the function continues by validating the signer certificate. To this end, all certificates in cert and in bs are considered as untrusted certificates for the construction of the validation path for the signer certificate unless the OCSP_NOCHAIN flag is set. After successful path validation the function returns success if the OCSP_NOCHECKS flag is set. Otherwise it verifies that the signer certificate meets the OCSP issuer criteria including potential delegation. If this does not succeed and the flags do not contain OCSP_NOEXPLICIT the function checks for explicit trust for OCSP signing in the root CA certificate.

+ +

RETURN VALUES

+ +

OCSP_resp_find_status() returns 1 if id is found in bs and 0 otherwise.

+ +

OCSP_resp_count() returns the total number of OCSP_SINGLERESP fields in bs.

+ +

OCSP_resp_get0() returns a pointer to an OCSP_SINGLERESP structure or NULL if idx is out of range.

+ +

OCSP_resp_find() returns the index of id in bs (which may be 0) or -1 if id was not found.

+ +

OCSP_single_get0_status() returns the status of single or -1 if an error occurred.

+ +

OCSP_resp_get0_signer() returns 1 if the signing certificate was located, or 0 on error.

+ +

OCSP_basic_verify() returns 1 on success, 0 on error, or -1 on fatal error such as malloc failure.

+ +

NOTES

+ +

Applications will typically call OCSP_resp_find_status() using the certificate ID of interest and then check its validity using OCSP_check_validity(). They can then take appropriate action based on the status of the certificate.

+ +

An OCSP response for a certificate contains thisUpdate and nextUpdate fields. Normally the current time should be between these two values. To account for clock skew the maxsec field can be set to non-zero in OCSP_check_validity(). Some responders do not set the nextUpdate field, this would otherwise mean an ancient response would be considered valid: the maxsec parameter to OCSP_check_validity() can be used to limit the permitted age of responses.

+ +

The values written to *revtime, *thisupd and *nextupd by OCSP_resp_find_status() and OCSP_single_get0_status() are internal pointers which MUST NOT be freed up by the calling application. Any or all of these parameters can be set to NULL if their value is not required.

+ +

SEE ALSO

+ +

crypto(7), OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_REQUEST_new(3), OCSP_response_status(3), OCSP_sendreq_new(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_response_status.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_response_status.html new file mode 100644 index 00000000..5f978866 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_response_status.html @@ -0,0 +1,107 @@ + + + + +OCSP_response_status + + + + + + + + + + +

NAME

+ +

OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, OCSP_RESPID_set_by_key, OCSP_RESPID_match, OCSP_basic_sign, OCSP_basic_sign_ctx - OCSP response functions

+ +

SYNOPSIS

+ +
#include <openssl/ocsp.h>
+
+int OCSP_response_status(OCSP_RESPONSE *resp);
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
+void OCSP_RESPONSE_free(OCSP_RESPONSE *resp);
+
+int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert);
+
+int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
+                    const EVP_MD *dgst, STACK_OF(X509) *certs,
+                    unsigned long flags);
+int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx,
+                        STACK_OF(X509) *certs, unsigned long flags);
+ +

DESCRIPTION

+ +

OCSP_response_status() returns the OCSP response status of resp. It returns one of the values: OCSP_RESPONSE_STATUS_SUCCESSFUL, OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, OCSP_RESPONSE_STATUS_INTERNALERROR, OCSP_RESPONSE_STATUS_TRYLATER OCSP_RESPONSE_STATUS_SIGREQUIRED, or OCSP_RESPONSE_STATUS_UNAUTHORIZED.

+ +

OCSP_response_get1_basic() decodes and returns the OCSP_BASICRESP structure contained in resp.

+ +

OCSP_response_create() creates and returns an OCSP_RESPONSE structure for status and optionally including basic response bs.

+ +

OCSP_RESPONSE_free() frees up OCSP response resp.

+ +

OCSP_RESPID_set_by_name() sets the name of the OCSP_RESPID to be the same as the subject name in the supplied X509 certificate cert for the OCSP responder.

+ +

OCSP_RESPID_set_by_key() sets the key of the OCSP_RESPID to be the same as the key in the supplied X509 certificate cert for the OCSP responder. The key is stored as a SHA1 hash.

+ +

Note that an OCSP_RESPID can only have one of the name, or the key set. Calling OCSP_RESPID_set_by_name() or OCSP_RESPID_set_by_key() will clear any existing setting.

+ +

OCSP_RESPID_match() tests whether the OCSP_RESPID given in respid matches with the X509 certificate cert.

+ +

OCSP_basic_sign() signs OCSP response brsp using certificate signer, private key key, digest dgst and additional certificates certs. If the flags option OCSP_NOCERTS is set then no certificates will be included in the response. If the flags option OCSP_RESPID_KEY is set then the responder is identified by key ID rather than by name. OCSP_basic_sign_ctx() also signs OCSP response brsp but uses the parameters contained in digest context ctx.

+ +

RETURN VALUES

+ +

OCSP_RESPONSE_status() returns a status value.

+ +

OCSP_response_get1_basic() returns an OCSP_BASICRESP structure pointer or NULL if an error occurred.

+ +

OCSP_response_create() returns an OCSP_RESPONSE structure pointer or NULL if an error occurred.

+ +

OCSP_RESPONSE_free() does not return a value.

+ +

OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key(), OCSP_basic_sign(), and OCSP_basic_sign_ctx() return 1 on success or 0 on failure.

+ +

OCSP_RESPID_match() returns 1 if the OCSP_RESPID and the X509 certificate match or 0 otherwise.

+ +

NOTES

+ +

OCSP_response_get1_basic() is only called if the status of a response is OCSP_RESPONSE_STATUS_SUCCESSFUL.

+ +

SEE ALSO

+ +

crypto(7) OCSP_cert_to_id(3) OCSP_request_add1_nonce(3) OCSP_REQUEST_new(3) OCSP_resp_find_status(3) OCSP_sendreq_new(3) OCSP_RESPID_new(3) OCSP_RESPID_free(3)

+ +

HISTORY

+ +

The OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key() and OCSP_RESPID_match() functions were added in OpenSSL 1.1.0a.

+ +

The OCSP_basic_sign_ctx() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_sendreq_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_sendreq_new.html new file mode 100644 index 00000000..2eba48a1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OCSP_sendreq_new.html @@ -0,0 +1,107 @@ + + + + +OCSP_sendreq_new + + + + + + + + + + +

NAME

+ +

OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions

+ +

SYNOPSIS

+ +
#include <openssl/ocsp.h>
+
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
+                               int maxline);
+
+int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
+
+void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
+
+void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);
+
+int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                             const char *name, const char *value);
+
+int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
+ +

DESCRIPTION

+ +

The function OCSP_sendreq_new() returns an OCSP_CTX structure using the responder io, the URL path path, the OCSP request req and with a response header maximum line length of maxline. If maxline is zero a default value of 4k is used. The OCSP request req may be set to NULL and provided later if required.

+ +

OCSP_sendreq_nbio() performs non-blocking I/O on the OCSP request context rctx. When the operation is complete it returns the response in *presp.

+ +

OCSP_REQ_CTX_free() frees up the OCSP context rctx.

+ +

OCSP_set_max_response_length() sets the maximum response length for rctx to len. If the response exceeds this length an error occurs. If not set a default value of 100k is used.

+ +

OCSP_REQ_CTX_add1_header() adds header name with value value to the context rctx. It can be called more than once to add multiple headers. It MUST be called before any calls to OCSP_sendreq_nbio(). The req parameter in the initial to OCSP_sendreq_new() call MUST be set to NULL if additional headers are set.

+ +

OCSP_REQ_CTX_set1_req() sets the OCSP request in rctx to req. This function should be called after any calls to OCSP_REQ_CTX_add1_header().

+ +

OCSP_sendreq_bio() performs an OCSP request using the responder io, the URL path path, and the OCSP request req with a response header maximum line length 4k. It waits indefinitely on a response.

+ +

RETURN VALUES

+ +

OCSP_sendreq_new() returns a valid OCSP_REQ_CTX structure or NULL if an error occurred.

+ +

OCSP_sendreq_nbio() returns 1 if the operation was completed successfully, -1 if the operation should be retried and 0 if an error occurred.

+ +

OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return 1 for success and 0 for failure.

+ +

OCSP_sendreq_bio() returns the OCSP_RESPONSE structure sent by the responder or NULL if an error occurred.

+ +

OCSP_REQ_CTX_free() and OCSP_set_max_response_length() do not return values.

+ +

NOTES

+ +

These functions only perform a minimal HTTP query to a responder. If an application wishes to support more advanced features it should use an alternative more complete HTTP library.

+ +

Currently only HTTP POST queries to responders are supported.

+ +

The arguments to OCSP_sendreq_new() correspond to the components of the URL. For example if the responder URL is http://ocsp.com/ocspreq the BIO io should be connected to host ocsp.com on port 80 and path should be set to "/ocspreq"

+ +

The headers added with OCSP_REQ_CTX_add1_header() are of the form "name: value" or just "name" if value is NULL. So to add a Host header for ocsp.com you would call:

+ +
OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com");
+ +

If OCSP_sendreq_nbio() indicates an operation should be retried the corresponding BIO can be examined to determine which operation (read or write) should be retried and appropriate action taken (for example a select() call on the underlying socket).

+ +

OCSP_sendreq_bio() does not support retries and so cannot handle non-blocking I/O efficiently. It is retained for compatibility and its use in new applications is not recommended.

+ +

SEE ALSO

+ +

crypto(7), OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_response_status(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_Applink.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_Applink.html new file mode 100644 index 00000000..6522064a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_Applink.html @@ -0,0 +1,49 @@ + + + + +OPENSSL_Applink + + + + + + + + + + +

NAME

+ +

OPENSSL_Applink - glue between OpenSSL BIO and Win32 compiler run-time

+ +

SYNOPSIS

+ +
__declspec(dllexport) void **OPENSSL_Applink();
+ +

DESCRIPTION

+ +

OPENSSL_Applink is application-side interface which provides a glue between OpenSSL BIO layer and Win32 compiler run-time environment. Even though it appears at application side, it's essentially OpenSSL private interface. For this reason application developers are not expected to implement it, but to compile provided module with compiler of their choice and link it into the target application. The referred module is available as applink.c, located alongside the public header files (only on the platforms where applicable).

+ +

RETURN VALUES

+ +

Not available.

+ +

COPYRIGHT

+ +

Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_LH_COMPFUNC.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_LH_COMPFUNC.html new file mode 100644 index 00000000..0afff468 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_LH_COMPFUNC.html @@ -0,0 +1,176 @@ + + + + +OPENSSL_LH_COMPFUNC + + + + + + + + + + +

NAME

+ +

LHASH, DECLARE_LHASH_OF, OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC, LHASH_DOALL_ARG_FN_TYPE, IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, lh_TYPE_new, lh_TYPE_free, lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error - dynamic hash table

+ +

SYNOPSIS

+ +
#include <openssl/lhash.h>
+
+DECLARE_LHASH_OF(TYPE);
+
+LHASH *lh_TYPE_new(OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC compare);
+void lh_TYPE_free(LHASH_OF(TYPE) *table);
+
+TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data);
+TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data);
+TYPE *lh_retrieve(LHASH_OF(TYPE) *table, TYPE *data);
+
+void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func);
+void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func,
+                       TYPE *arg);
+
+int lh_TYPE_error(LHASH_OF(TYPE) *table);
+
+typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *);
+typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *);
+typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *);
+typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *);
+ +

DESCRIPTION

+ +

This library implements type-checked dynamic hash tables. The hash table entries can be arbitrary structures. Usually they consist of key and value fields. In the description here, TYPE is used a placeholder for any of the OpenSSL datatypes, such as SSL_SESSION.

+ +

lh_TYPE_new() creates a new LHASH_OF(TYPE) structure to store arbitrary data entries, and specifies the 'hash' and 'compare' callbacks to be used in organising the table's entries. The hash callback takes a pointer to a table entry as its argument and returns an unsigned long hash value for its key field. The hash value is normally truncated to a power of 2, so make sure that your hash function returns well mixed low order bits. The compare callback takes two arguments (pointers to two hash table entries), and returns 0 if their keys are equal, non-zero otherwise.

+ +

If your hash table will contain items of some particular type and the hash and compare callbacks hash/compare these types, then the IMPLEMENT_LHASH_HASH_FN and IMPLEMENT_LHASH_COMP_FN macros can be used to create callback wrappers of the prototypes required by lh_TYPE_new() as shown in this example:

+ +
/*
+ * Implement the hash and compare functions; "stuff" can be any word.
+ */
+static unsigned long stuff_hash(const TYPE *a)
+{
+    ...
+}
+static int stuff_cmp(const TYPE *a, const TYPE *b)
+{
+    ...
+}
+
+/*
+ * Implement the wrapper functions.
+ */
+static IMPLEMENT_LHASH_HASH_FN(stuff, TYPE)
+static IMPLEMENT_LHASH_COMP_FN(stuff, TYPE)
+ +

If the type is going to be used in several places, the following macros can be used in a common header file to declare the function wrappers:

+ +
DECLARE_LHASH_HASH_FN(stuff, TYPE)
+DECLARE_LHASH_COMP_FN(stuff, TYPE)
+ +

Then a hash table of TYPE objects can be created using this:

+ +
LHASH_OF(TYPE) *htable;
+
+htable = lh_TYPE_new(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff));
+ +

lh_TYPE_free() frees the LHASH_OF(TYPE) structure table. Allocated hash table entries will not be freed; consider using lh_TYPE_doall() to deallocate any remaining entries in the hash table (see below).

+ +

lh_TYPE_insert() inserts the structure pointed to by data into table. If there already is an entry with the same key, the old value is replaced. Note that lh_TYPE_insert() stores pointers, the data are not copied.

+ +

lh_TYPE_delete() deletes an entry from table.

+ +

lh_TYPE_retrieve() looks up an entry in table. Normally, data is a structure with the key field(s) set; the function will return a pointer to a fully populated structure.

+ +

lh_TYPE_doall() will, for every entry in the hash table, call func with the data item as its parameter. For example:

+ +
/* Cleans up resources belonging to 'a' (this is implemented elsewhere) */
+void TYPE_cleanup_doall(TYPE *a);
+
+/* Implement a prototype-compatible wrapper for "TYPE_cleanup" */
+IMPLEMENT_LHASH_DOALL_FN(TYPE_cleanup, TYPE)
+
+/* Call "TYPE_cleanup" against all items in a hash table. */
+lh_TYPE_doall(hashtable, LHASH_DOALL_FN(TYPE_cleanup));
+
+/* Then the hash table itself can be deallocated */
+lh_TYPE_free(hashtable);
+ +

When doing this, be careful if you delete entries from the hash table in your callbacks: the table may decrease in size, moving the item that you are currently on down lower in the hash table - this could cause some entries to be skipped during the iteration. The second best solution to this problem is to set hash->down_load=0 before you start (which will stop the hash table ever decreasing in size). The best solution is probably to avoid deleting items from the hash table inside a "doall" callback!

+ +

lh_TYPE_doall_arg() is the same as lh_TYPE_doall() except that func will be called with arg as the second argument and func should be of type LHASH_DOALL_ARG_FN_TYPE (a callback prototype that is passed both the table entry and an extra argument). As with lh_doall(), you can instead choose to declare your callback with a prototype matching the types you are dealing with and use the declare/implement macros to create compatible wrappers that cast variables before calling your type-specific callbacks. An example of this is demonstrated here (printing all hash table entries to a BIO that is provided by the caller):

+ +
/* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */
+void TYPE_print_doall_arg(const TYPE *a, BIO *output_bio);
+
+/* Implement a prototype-compatible wrapper for "TYPE_print" */
+static IMPLEMENT_LHASH_DOALL_ARG_FN(TYPE, const TYPE, BIO)
+
+/* Print out the entire hashtable to a particular BIO */
+lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO,
+                  logging_bio);
+ +

lh_TYPE_error() can be used to determine if an error occurred in the last operation.

+ +

RETURN VALUES

+ +

lh_TYPE_new() returns NULL on error, otherwise a pointer to the new LHASH structure.

+ +

When a hash table entry is replaced, lh_TYPE_insert() returns the value being replaced. NULL is returned on normal operation and on error.

+ +

lh_TYPE_delete() returns the entry being deleted. NULL is returned if there is no such value in the hash table.

+ +

lh_TYPE_retrieve() returns the hash table entry if it has been found, NULL otherwise.

+ +

lh_TYPE_error() returns 1 if an error occurred in the last operation, 0 otherwise. It's meaningful only after non-retrieve operations.

+ +

lh_TYPE_free(), lh_TYPE_doall() and lh_TYPE_doall_arg() return no values.

+ +

NOTE

+ +

The LHASH code is not thread safe. All updating operations, as well as lh_TYPE_error call must be performed under a write lock. All retrieve operations should be performed under a read lock, unless accurate usage statistics are desired. In which case, a write lock should be used for retrieve operations as well. For output of the usage statistics, using the functions from OPENSSL_LH_stats(3), a read lock suffices.

+ +

The LHASH code regards table entries as constant data. As such, it internally represents lh_insert()'d items with a "const void *" pointer type. This is why callbacks such as those used by lh_doall() and lh_doall_arg() declare their prototypes with "const", even for the parameters that pass back the table items' data pointers - for consistency, user-provided data is "const" at all times as far as the LHASH code is concerned. However, as callers are themselves providing these pointers, they can choose whether they too should be treating all such parameters as constant.

+ +

As an example, a hash table may be maintained by code that, for reasons of encapsulation, has only "const" access to the data being indexed in the hash table (ie. it is returned as "const" from elsewhere in their code) - in this case the LHASH prototypes are appropriate as-is. Conversely, if the caller is responsible for the life-time of the data in question, then they may well wish to make modifications to table item passed back in the lh_doall() or lh_doall_arg() callbacks (see the "TYPE_cleanup" example above). If so, the caller can either cast the "const" away (if they're providing the raw callbacks themselves) or use the macros to declare/implement the wrapper functions without "const" types.

+ +

Callers that only have "const" access to data they're indexing in a table, yet declare callbacks without constant types (or cast the "const" away themselves), are therefore creating their own risks/bugs without being encouraged to do so by the API. On a related note, those auditing code should pay special attention to any instances of DECLARE/IMPLEMENT_LHASH_DOALL_[ARG_]_FN macros that provide types without any "const" qualifiers.

+ +

BUGS

+ +

lh_TYPE_insert() returns NULL both for success and error.

+ +

SEE ALSO

+ +

OPENSSL_LH_stats(3)

+ +

HISTORY

+ +

In OpenSSL 1.0.0, the lhash interface was revamped for better type checking.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_LH_stats.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_LH_stats.html new file mode 100644 index 00000000..6b088f44 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_LH_stats.html @@ -0,0 +1,75 @@ + + + + +OPENSSL_LH_stats + + + + + + + + + + +

NAME

+ +

OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio - LHASH statistics

+ +

SYNOPSIS

+ +
#include <openssl/lhash.h>
+
+void OPENSSL_LH_stats(LHASH *table, FILE *out);
+void OPENSSL_LH_node_stats(LHASH *table, FILE *out);
+void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out);
+
+void OPENSSL_LH_stats_bio(LHASH *table, BIO *out);
+void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out);
+void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out);
+ +

DESCRIPTION

+ +

The LHASH structure records statistics about most aspects of accessing the hash table.

+ +

OPENSSL_LH_stats() prints out statistics on the size of the hash table, how many entries are in it, and the number and result of calls to the routines in this library.

+ +

OPENSSL_LH_node_stats() prints the number of entries for each 'bucket' in the hash table.

+ +

OPENSSL_LH_node_usage_stats() prints out a short summary of the state of the hash table. It prints the 'load' and the 'actual load'. The load is the average number of data items per 'bucket' in the hash table. The 'actual load' is the average number of items per 'bucket', but only for buckets which contain entries. So the 'actual load' is the average number of searches that will need to find an item in the hash table, while the 'load' is the average number that will be done to record a miss.

+ +

OPENSSL_LH_stats_bio(), OPENSSL_LH_node_stats_bio() and OPENSSL_LH_node_usage_stats_bio() are the same as the above, except that the output goes to a BIO.

+ +

RETURN VALUES

+ +

These functions do not return values.

+ +

NOTE

+ +

These calls should be made under a read lock. Refer to "NOTE" in OPENSSL_LH_COMPFUNC(3) for more details about the locks required when using the LHASH data structure.

+ +

SEE ALSO

+ +

bio(7), OPENSSL_LH_COMPFUNC(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_VERSION_NUMBER.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_VERSION_NUMBER.html new file mode 100644 index 00000000..1e257b2d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_VERSION_NUMBER.html @@ -0,0 +1,132 @@ + + + + +OPENSSL_VERSION_NUMBER + + + + + + + + + + +

NAME

+ +

OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version, OpenSSL_version_num - get OpenSSL version number

+ +

SYNOPSIS

+ +
#include <openssl/opensslv.h>
+#define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
+#define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx"
+
+#include <openssl/crypto.h>
+
+unsigned long OpenSSL_version_num();
+const char *OpenSSL_version(int t);
+ +

DESCRIPTION

+ +

OPENSSL_VERSION_NUMBER is a numeric release version identifier:

+ +
MNNFFPPS: major minor fix patch status
+ +

The status nibble has one of the values 0 for development, 1 to e for betas 1 to 14, and f for release.

+ +

for example

+ +
0x000906000 == 0.9.6 dev
+0x000906023 == 0.9.6b beta 3
+0x00090605f == 0.9.6e release
+ +

Versions prior to 0.9.3 have identifiers < 0x0930. Versions between 0.9.3 and 0.9.5 had a version identifier with this interpretation:

+ +
MMNNFFRBB major minor fix final beta/patch
+ +

for example

+ +
0x000904100 == 0.9.4 release
+0x000905000 == 0.9.5 dev
+ +

Version 0.9.5a had an interim interpretation that is like the current one, except the patch level got the highest bit set, to keep continuity. The number was therefore 0x0090581f.

+ +

OPENSSL_VERSION_TEXT is the text variant of the version number and the release date. For example, "OpenSSL 1.0.1a 15 Oct 2015".

+ +

OpenSSL_version_num() returns the version number.

+ +

OpenSSL_version() returns different strings depending on t:

+ +
+ +
OPENSSL_VERSION
+
+ +

The text variant of the version number and the release date. For example, "OpenSSL 1.0.1a 15 Oct 2015".

+ +
+
OPENSSL_CFLAGS
+
+ +

The compiler flags set for the compilation process in the form "compiler: ..." if available or "compiler: information not available" otherwise.

+ +
+
OPENSSL_BUILT_ON
+
+ +

The date of the build process in the form "built on: ..." if available or "built on: date not available" otherwise.

+ +
+
OPENSSL_PLATFORM
+
+ +

The "Configure" target of the library build in the form "platform: ..." if available or "platform: information not available" otherwise.

+ +
+
OPENSSL_DIR
+
+ +

The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "..."" if available or "OPENSSLDIR: N/A" otherwise.

+ +
+
OPENSSL_ENGINES_DIR
+
+ +

The "ENGINESDIR" setting of the library build in the form "ENGINESDIR: "..."" if available or "ENGINESDIR: N/A" otherwise.

+ +
+
+ +

For an unknown t, the text "not available" is returned.

+ +

RETURN VALUES

+ +

OpenSSL_version_num() returns the version number.

+ +

OpenSSL_version() returns requested version strings.

+ +

SEE ALSO

+ +

crypto(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_config.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_config.html new file mode 100644 index 00000000..3a6b8ba2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_config.html @@ -0,0 +1,88 @@ + + + + +OPENSSL_config + + + + + + + + + + +

NAME

+ +

OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions

+ +

SYNOPSIS

+ +
#include <openssl/conf.h>
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void OPENSSL_config(const char *appname);
+void OPENSSL_no_config(void);
+#endif
+ +

DESCRIPTION

+ +

OPENSSL_config() configures OpenSSL using the standard openssl.cnf and reads from the application section appname. If appname is NULL then the default section, openssl_conf, will be used. Errors are silently ignored. Multiple calls have no effect.

+ +

OPENSSL_no_config() disables configuration. If called before OPENSSL_config() no configuration takes place.

+ +

If the application is built with OPENSSL_LOAD_CONF defined, then a call to OpenSSL_add_all_algorithms() will implicitly call OPENSSL_config() first.

+ +

NOTES

+ +

The OPENSSL_config() function is designed to be a very simple "call it and forget it" function. It is however much better than nothing. Applications which need finer control over their configuration functionality should use the configuration functions such as CONF_modules_load() directly. This function is deprecated and its use should be avoided. Applications should instead call CONF_modules_load() during initialization (that is before starting any threads).

+ +

There are several reasons why calling the OpenSSL configuration routines is advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). However very few applications currently support the control interface and so very few can load and use dynamic ENGINEs. Equally in future more sophisticated ENGINEs will require certain control operations to customize them. If an application calls OPENSSL_config() it doesn't need to know or care about ENGINE control operations because they can be performed by editing a configuration file.

+ +

ENVIRONMENT

+ +
+ +
OPENSSL_CONF
+
+ +

The path to the config file. Ignored in set-user-ID and set-group-ID programs.

+ +
+
+ +

RETURN VALUES

+ +

Neither OPENSSL_config() nor OPENSSL_no_config() return a value.

+ +

SEE ALSO

+ +

config(5), CONF_modules_load_file(3)

+ +

HISTORY

+ +

The OPENSSL_no_config() and OPENSSL_config() functions were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto().

+ +

COPYRIGHT

+ +

Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_fork_prepare.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_fork_prepare.html new file mode 100644 index 00000000..55058e48 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_fork_prepare.html @@ -0,0 +1,67 @@ + + + + +OPENSSL_fork_prepare + + + + + + + + + + +

NAME

+ +

OPENSSL_fork_prepare, OPENSSL_fork_parent, OPENSSL_fork_child - OpenSSL fork handlers

+ +

SYNOPSIS

+ +
#include <openssl/crypto.h>
+
+void OPENSSL_fork_prepare(void);
+void OPENSSL_fork_parent(void);
+void OPENSSL_fork_child(void);
+ +

DESCRIPTION

+ +

OpenSSL has state that should be reset when a process forks. For example, the entropy pool used to generate random numbers (and therefore encryption keys) should not be shared across multiple programs. The OPENSSL_fork_prepare(), OPENSSL_fork_parent(), and OPENSSL_fork_child() functions are used to reset this internal state.

+ +

Platforms without fork(2) will probably not need to use these functions. Platforms with fork(2) but without pthread_atfork(3) will probably need to call them manually, as described in the following paragraph. Platforms such as Linux that have both functions will normally not need to call these functions as the OpenSSL library will do so automatically.

+ +

OPENSSL_init_crypto(3) will register these functions with the appropriate handler, when the OPENSSL_INIT_ATFORK flag is used. For other applications, these functions can be called directly. They should be used according to the calling sequence described by the pthread_atfork(3) documentation, which is summarized here. OPENSSL_fork_prepare() should be called before a fork() is done. After the fork() returns, the parent process should call OPENSSL_fork_parent() and the child process should call OPENSSL_fork_child().

+ +

RETURN VALUES

+ +

OPENSSL_fork_prepare(), OPENSSL_fork_parent() and OPENSSL_fork_child() do not return values.

+ +

SEE ALSO

+ +

OPENSSL_init_crypto(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_ia32cap.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_ia32cap.html new file mode 100644 index 00000000..473cf8fe --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_ia32cap.html @@ -0,0 +1,206 @@ + + + + +OPENSSL_ia32cap + + + + + + + + + + +

NAME

+ +

OPENSSL_ia32cap - the x86[_64] processor capabilities vector

+ +

SYNOPSIS

+ +
env OPENSSL_ia32cap=... <application>
+ +

DESCRIPTION

+ +

OpenSSL supports a range of x86[_64] instruction set extensions. These extensions are denoted by individual bits in capability vector returned by processor in EDX:ECX register pair after executing CPUID instruction with EAX=1 input value (see Intel Application Note #241618). This vector is copied to memory upon toolkit initialization and used to choose between different code paths to provide optimal performance across wide range of processors. For the moment of this writing following bits are significant:

+ +
+ +
bit #4 denoting presence of Time-Stamp Counter.
+
+ +
+
bit #19 denoting availability of CLFLUSH instruction;
+
+ +
+
bit #20, reserved by Intel, is used to choose among RC4 code paths;
+
+ +
+
bit #23 denoting MMX support;
+
+ +
+
bit #24, FXSR bit, denoting availability of XMM registers;
+
+ +
+
bit #25 denoting SSE support;
+
+ +
+
bit #26 denoting SSE2 support;
+
+ +
+
bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;
+
+ +
+
bit #30, reserved by Intel, denotes specifically Intel CPUs;
+
+ +
+
bit #33 denoting availability of PCLMULQDQ instruction;
+
+ +
+
bit #41 denoting SSSE3, Supplemental SSE3, support;
+
+ +
+
bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);
+
+ +
+
bit #54 denoting availability of MOVBE instruction;
+
+ +
+
bit #57 denoting AES-NI instruction set extension;
+
+ +
+
bit #58, XSAVE bit, lack of which in combination with MOVBE is used to identify Atom Silvermont core;
+
+ +
+
bit #59, OSXSAVE bit, denoting availability of YMM registers;
+
+ +
+
bit #60 denoting AVX extension;
+
+ +
+
bit #62 denoting availability of RDRAND instruction;
+
+ +
+
+ +

For example, in 32-bit application context clearing bit #26 at run-time disables high-performance SSE2 code present in the crypto library, while clearing bit #24 disables SSE2 code operating on 128-bit XMM register bank. You might have to do the latter if target OpenSSL application is executed on SSE2 capable CPU, but under control of OS that does not enable XMM registers. Historically address of the capability vector copy was exposed to application through OPENSSL_ia32cap_loc(), but not anymore. Now the only way to affect the capability detection is to set OPENSSL_ia32cap environment variable prior target application start. To give a specific example, on Intel P4 processor 'env OPENSSL_ia32cap=0x16980010 apps/openssl', or better yet 'env OPENSSL_ia32cap=~0x1000000 apps/openssl' would achieve the desired effect. Alternatively you can reconfigure the toolkit with no-sse2 option and recompile.

+ +

Less intuitive is clearing bit #28, or ~0x10000000 in the "environment variable" terms. The truth is that it's not copied from CPUID output verbatim, but is adjusted to reflect whether or not the data cache is actually shared between logical cores. This in turn affects the decision on whether or not expensive countermeasures against cache-timing attacks are applied, most notably in AES assembler module.

+ +

The capability vector is further extended with EBX value returned by CPUID with EAX=7 and ECX=0 as input. Following bits are significant:

+ +
+ +
bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;
+
+ +
+
bit #64+5 denoting availability of AVX2 instructions;
+
+ +
+
bit #64+8 denoting availability of BMI2 instructions, e.g. MULX and RORX;
+
+ +
+
bit #64+16 denoting availability of AVX512F extension;
+
+ +
+
bit #64+18 denoting availability of RDSEED instruction;
+
+ +
+
bit #64+19 denoting availability of ADCX and ADOX instructions;
+
+ +
+
bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, a.k.a. AVX512IFMA extension;
+
+ +
+
bit #64+29 denoting availability of SHA extension;
+
+ +
+
bit #64+30 denoting availability of AVX512BW extension;
+
+ +
+
bit #64+31 denoting availability of AVX512VL extension;
+
+ +
+
bit #64+41 denoting availability of VAES extension;
+
+ +
+
bit #64+42 denoting availability of VPCLMULQDQ extension;
+
+ +
+
+ +

To control this extended capability word use ':' as delimiter when setting up OPENSSL_ia32cap environment variable. For example assigning ':~0x20' would disable AVX2 code paths, and ':0' - all post-AVX extensions.

+ +

It should be noted that whether or not some of the most "fancy" extension code paths are actually assembled depends on current assembler version. Base minimum of AES-NI/PCLMULQDQ, SSSE3 and SHA extension code paths are always assembled. Apart from that, minimum assembler version requirements are summarized in below table:

+ +
Extension   | GNU as | nasm   | llvm
+------------+--------+--------+--------
+AVX         | 2.19   | 2.09   | 3.0
+AVX2        | 2.22   | 2.10   | 3.1
+ADCX/ADOX   | 2.23   | 2.10   | 3.3
+AVX512      | 2.25   | 2.11.8 | see NOTES
+AVX512IFMA  | 2.26   | 2.11.8 | see NOTES
+VAES        | 2.30   | 2.13.3 |
+ +

NOTES

+ +

Even though AVX512 support was implemented in llvm 3.6, compilation of assembly modules apparently requires explicit -march flag. But then compiler generates processor-specific code, which in turn contradicts the mere idea of run-time switch execution facilitated by the variable in question. Till the limitation is lifted, it's possible to work around the problem by making build procedure use following script:

+ +
#!/bin/sh
+exec clang -no-integrated-as "$@"
+ +

instead of real clang. In which case it doesn't matter which clang version is used, as it is GNU assembler version that will be checked.

+ +

RETURN VALUES

+ +

Not available.

+ +

COPYRIGHT

+ +

Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_init_crypto.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_init_crypto.html new file mode 100644 index 00000000..96905d69 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_init_crypto.html @@ -0,0 +1,221 @@ + + + + +OPENSSL_init_crypto + + + + + + + + + + +

NAME

+ +

OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL initialisation and deinitialisation functions

+ +

SYNOPSIS

+ +
#include <openssl/crypto.h>
+
+void OPENSSL_cleanup(void);
+int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+int OPENSSL_atexit(void (*handler)(void));
+void OPENSSL_thread_stop(void);
+
+OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
+int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init,
+                                     const char* filename);
+int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init,
+                                       unsigned long flags);
+int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
+                                    const char* name);
+void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
+ +

DESCRIPTION

+ +

During normal operation OpenSSL (libcrypto) will allocate various resources at start up that must, subsequently, be freed on close down of the library. Additionally some resources are allocated on a per thread basis (if the application is multi-threaded), and these resources must be freed prior to the thread closing.

+ +

As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required.

+ +

However, there may be situations when explicit initialisation is desirable or needed, for example when some non-default initialisation is required. The function OPENSSL_init_crypto() can be used for this purpose for libcrypto (see also OPENSSL_init_ssl(3) for the libssl equivalent).

+ +

Numerous internal OpenSSL functions call OPENSSL_init_crypto(). Therefore, in order to perform non-default initialisation, OPENSSL_init_crypto() MUST be called by application code prior to any other OpenSSL function calls.

+ +

The opts parameter specifies which aspects of libcrypto should be initialised. Valid options are:

+ +
+ +
OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
+
+ +

Suppress automatic loading of the libcrypto error strings. This option is not a default option. Once selected subsequent calls to OPENSSL_init_crypto() with the option OPENSSL_INIT_LOAD_CRYPTO_STRINGS will be ignored.

+ +
+
OPENSSL_INIT_LOAD_CRYPTO_STRINGS
+
+ +

Automatic loading of the libcrypto error strings. With this option the library will automatically load the libcrypto error strings. This option is a default option. Once selected subsequent calls to OPENSSL_init_crypto() with the option OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS will be ignored.

+ +
+
OPENSSL_INIT_ADD_ALL_CIPHERS
+
+ +

With this option the library will automatically load and make available all libcrypto ciphers. This option is a default option. Once selected subsequent calls to OPENSSL_init_crypto() with the option OPENSSL_INIT_NO_ADD_ALL_CIPHERS will be ignored.

+ +
+
OPENSSL_INIT_ADD_ALL_DIGESTS
+
+ +

With this option the library will automatically load and make available all libcrypto digests. This option is a default option. Once selected subsequent calls to OPENSSL_init_crypto() with the option OPENSSL_INIT_NO_ADD_ALL_CIPHERS will be ignored.

+ +
+
OPENSSL_INIT_NO_ADD_ALL_CIPHERS
+
+ +

With this option the library will suppress automatic loading of libcrypto ciphers. This option is not a default option. Once selected subsequent calls to OPENSSL_init_crypto() with the option OPENSSL_INIT_ADD_ALL_CIPHERS will be ignored.

+ +
+
OPENSSL_INIT_NO_ADD_ALL_DIGESTS
+
+ +

With this option the library will suppress automatic loading of libcrypto digests. This option is not a default option. Once selected subsequent calls to OPENSSL_init_crypto() with the option OPENSSL_INIT_ADD_ALL_DIGESTS will be ignored.

+ +
+
OPENSSL_INIT_LOAD_CONFIG
+
+ +

With this option an OpenSSL configuration file will be automatically loaded and used by calling OPENSSL_config(). This is not a default option for libcrypto. As of OpenSSL 1.1.1 this is a default option for libssl (see OPENSSL_init_ssl(3) for further details about libssl initialisation). See the description of OPENSSL_INIT_new(), below.

+ +
+
OPENSSL_INIT_NO_LOAD_CONFIG
+
+ +

With this option the loading of OpenSSL configuration files will be suppressed. It is the equivalent of calling OPENSSL_no_config(). This is not a default option.

+ +
+
OPENSSL_INIT_ASYNC
+
+ +

With this option the library with automatically initialise the libcrypto async sub-library (see ASYNC_start_job(3)). This is a default option.

+ +
+
OPENSSL_INIT_ENGINE_RDRAND
+
+ +

With this option the library will automatically load and initialise the RDRAND engine (if available). This not a default option.

+ +
+
OPENSSL_INIT_ENGINE_DYNAMIC
+
+ +

With this option the library will automatically load and initialise the dynamic engine. This not a default option.

+ +
+
OPENSSL_INIT_ENGINE_OPENSSL
+
+ +

With this option the library will automatically load and initialise the openssl engine. This not a default option.

+ +
+
OPENSSL_INIT_ENGINE_CRYPTODEV
+
+ +

With this option the library will automatically load and initialise the cryptodev engine (if available). This not a default option.

+ +
+
OPENSSL_INIT_ENGINE_CAPI
+
+ +

With this option the library will automatically load and initialise the CAPI engine (if available). This not a default option.

+ +
+
OPENSSL_INIT_ENGINE_PADLOCK
+
+ +

With this option the library will automatically load and initialise the padlock engine (if available). This not a default option.

+ +
+
OPENSSL_INIT_ENGINE_AFALG
+
+ +

With this option the library will automatically load and initialise the AFALG engine. This not a default option.

+ +
+
OPENSSL_INIT_ENGINE_ALL_BUILTIN
+
+ +

With this option the library will automatically load and initialise all the built in engines listed above with the exception of the openssl and afalg engines. This not a default option.

+ +
+
OPENSSL_INIT_ATFORK
+
+ +

With this option the library will register its fork handlers. See OPENSSL_fork_prepare(3) for details.

+ +
+
OPENSSL_INIT_NO_ATEXIT
+
+ +

By default OpenSSL will attempt to clean itself up when the process exits via an "atexit" handler. Using this option suppresses that behaviour. This means that the application will have to clean up OpenSSL explicitly using OPENSSL_cleanup().

+ +
+
+ +

Multiple options may be combined together in a single call to OPENSSL_init_crypto(). For example:

+ +
OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
+                    | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
+ +

The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto and libssl). All resources allocated by OpenSSL are freed. Typically there should be no need to call this function directly as it is initiated automatically on application exit. This is done via the standard C library atexit() function. In the event that the application will close in a manner that will not call the registered atexit() handlers then the application should call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL are discouraged from calling this function and should instead, typically, rely on auto-deinitialisation. This is to avoid error conditions where both an application and a library it depends on both use OpenSSL, and the library deinitialises it before the application has finished using it.

+ +

Once OPENSSL_cleanup() has been called the library cannot be reinitialised. Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error will be added to the error stack. Note that because initialisation has failed OpenSSL error strings will not be available, only an error code. This code can be put through the openssl errstr command line application to produce a human readable error (see errstr(1)).

+ +

The OPENSSL_atexit() function enables the registration of a function to be called during OPENSSL_cleanup(). Stop handlers are called after deinitialisation of resources local to a thread, but before other process wide resources are freed. In the event that multiple stop handlers are registered, no guarantees are made about the order of execution.

+ +

The OPENSSL_thread_stop() function deallocates resources associated with the current thread. Typically this function will be called automatically by the library when the thread exits. This should only be called directly if resources should be freed at an earlier time, or under the circumstances described in the NOTES section below.

+ +

The OPENSSL_INIT_LOAD_CONFIG flag will load a configuration file, as with CONF_modules_load_file(3) with NULL filename and application name and the CONF_MFLAGS_IGNORE_MISSING_FILE, CONF_MFLAGS_IGNORE_RETURN_CODES and CONF_MFLAGS_DEFAULT_SECTION flags. The filename, application name, and flags can be customized by providing a non-null OPENSSL_INIT_SETTINGS object. The object can be allocated via OPENSSL_init_new(). The OPENSSL_INIT_set_config_filename() function can be used to specify a non-default filename, which is copied and need not refer to persistent storage. Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a non-default application name. Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. If the CONF_MFLAGS_IGNORE_RETURN_CODES flag is not included, any errors in the configuration file will cause an error return from OPENSSL_init_crypto or indirectly OPENSSL_init_ssl(3). The object can be released with OPENSSL_INIT_free() when done.

+ +

NOTES

+ +

Resources local to a thread are deallocated automatically when the thread exits (e.g. in a pthreads environment, when pthread_exit() is called). On Windows platforms this is done in response to a DLL_THREAD_DETACH message being sent to the libcrypto32.dll entry point. Some windows functions may cause threads to exit without sending this message (for example ExitProcess()). If the application uses such functions, then the application must free up OpenSSL resources directly via a call to OPENSSL_thread_stop() on each thread. Similarly this message will also not be sent if OpenSSL is linked statically, and therefore applications using static linking should also call OPENSSL_thread_stop() on each thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the threads are not destroyed until after FreeLibrary() is called then each thread should call OPENSSL_thread_stop() prior to the FreeLibrary() call.

+ +

On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is multi-threaded and if dlclose() is subsequently called prior to the threads being destroyed then OpenSSL will not be able to deallocate resources associated with those threads. The application should either call OPENSSL_thread_stop() on each thread prior to the dlclose() call, or alternatively the original dlopen() call should use the RTLD_NODELETE flag (where available on the platform).

+ +

RETURN VALUES

+ +

The functions OPENSSL_init_crypto, OPENSSL_atexit() and OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error.

+ +

SEE ALSO

+ +

OPENSSL_init_ssl(3)

+ +

HISTORY

+ +

The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(), OPENSSL_thread_stop(), OPENSSL_INIT_new(), OPENSSL_INIT_set_config_appname() and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_init_ssl.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_init_ssl.html new file mode 100644 index 00000000..464a3000 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_init_ssl.html @@ -0,0 +1,87 @@ + + + + +OPENSSL_init_ssl + + + + + + + + + + +

NAME

+ +

OPENSSL_init_ssl - OpenSSL (libssl and libcrypto) initialisation

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+ +

DESCRIPTION

+ +

During normal operation OpenSSL (libssl and libcrypto) will allocate various resources at start up that must, subsequently, be freed on close down of the library. Additionally some resources are allocated on a per thread basis (if the application is multi-threaded), and these resources must be freed prior to the thread closing.

+ +

As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required.

+ +

However, there may be situations when explicit initialisation is desirable or needed, for example when some non-default initialisation is required. The function OPENSSL_init_ssl() can be used for this purpose. Calling this function will explicitly initialise BOTH libcrypto and libssl. To explicitly initialise ONLY libcrypto see the OPENSSL_init_crypto(3) function.

+ +

Numerous internal OpenSSL functions call OPENSSL_init_ssl(). Therefore, in order to perform non-default initialisation, OPENSSL_init_ssl() MUST be called by application code prior to any other OpenSSL function calls.

+ +

The opts parameter specifies which aspects of libssl and libcrypto should be initialised. Valid options for libcrypto are described on the OPENSSL_init_crypto(3) page. In addition to any libcrypto specific option the following libssl options can also be used:

+ +
+ +
OPENSSL_INIT_NO_LOAD_SSL_STRINGS
+
+ +

Suppress automatic loading of the libssl error strings. This option is not a default option. Once selected subsequent calls to OPENSSL_init_ssl() with the option OPENSSL_INIT_LOAD_SSL_STRINGS will be ignored.

+ +
+
OPENSSL_INIT_LOAD_SSL_STRINGS
+
+ +

Automatic loading of the libssl error strings. This option is a default option. Once selected subsequent calls to OPENSSL_init_ssl() with the option OPENSSL_INIT_LOAD_SSL_STRINGS will be ignored.

+ +
+
+ +

OPENSSL_init_ssl() takes a settings parameter which can be used to set parameter values. See OPENSSL_init_crypto(3) for details.

+ +

RETURN VALUES

+ +

The function OPENSSL_init_ssl() returns 1 on success or 0 on error.

+ +

SEE ALSO

+ +

OPENSSL_init_crypto(3)

+ +

HISTORY

+ +

The OPENSSL_init_ssl() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_instrument_bus.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_instrument_bus.html new file mode 100644 index 00000000..d4e332a4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_instrument_bus.html @@ -0,0 +1,58 @@ + + + + +OPENSSL_instrument_bus + + + + + + + + + + +

NAME

+ +

OPENSSL_instrument_bus, OPENSSL_instrument_bus2 - instrument references to memory bus

+ +

SYNOPSIS

+ +
#ifdef OPENSSL_CPUID_OBJ
+size_t OPENSSL_instrument_bus(int *vector, size_t num);
+size_t OPENSSL_instrument_bus2(int *vector, size_t num, size_t max);
+#endif
+ +

DESCRIPTION

+ +

It was empirically found that timings of references to primary memory are subject to irregular, apparently non-deterministic variations. The subroutines in question instrument these references for purposes of gathering randomness for random number generator. In order to make it bus-bound a 'flush cache line' instruction is used between probes. In addition probes are added to vector elements in atomic or interlocked manner, which should contribute additional noise on multi-processor systems. This also means that vector[num] should be zeroed upon invocation (if you want to retrieve actual probe values).

+ +

OPENSSL_instrument_bus() performs num probes and records the number of oscillator cycles every probe took.

+ +

OPENSSL_instrument_bus2() on the other hand accumulates consecutive probes with the same value, i.e. in a way it records duration of periods when probe values appeared deterministic. The subroutine performs at most max probes in attempt to fill the vector[num], with max value of 0 meaning "as many as it takes."

+ +

RETURN VALUES

+ +

Return value of 0 indicates that CPU is not capable of performing the benchmark, either because oscillator counter or 'flush cache line' is not available on current platform. For reference, on x86 'flush cache line' was introduced with the SSE2 extensions.

+ +

Otherwise number of recorded values is returned.

+ +

COPYRIGHT

+ +

Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_load_builtin_modules.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_load_builtin_modules.html new file mode 100644 index 00000000..35b573ab --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_load_builtin_modules.html @@ -0,0 +1,71 @@ + + + + +OPENSSL_load_builtin_modules + + + + + + + + + + +

NAME

+ +

OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module - add standard configuration modules

+ +

SYNOPSIS

+ +
#include <openssl/conf.h>
+
+void OPENSSL_load_builtin_modules(void);
+void ASN1_add_oid_module(void);
+void ENGINE_add_conf_module(void);
+ +

DESCRIPTION

+ +

The function OPENSSL_load_builtin_modules() adds all the standard OpenSSL configuration modules to the internal list. They can then be used by the OpenSSL configuration code.

+ +

ASN1_add_oid_module() adds just the ASN1 OBJECT module.

+ +

ENGINE_add_conf_module() adds just the ENGINE configuration module.

+ +

NOTES

+ +

If the simple configuration function OPENSSL_config() is called then OPENSSL_load_builtin_modules() is called automatically.

+ +

Applications which use the configuration functions directly will need to call OPENSSL_load_builtin_modules() themselves before any other configuration code.

+ +

Applications should call OPENSSL_load_builtin_modules() to load all configuration modules instead of adding modules selectively: otherwise functionality may be missing from the application if an when new modules are added.

+ +

RETURN VALUES

+ +

None of the functions return a value.

+ +

SEE ALSO

+ +

config(5), OPENSSL_config(3)

+ +

COPYRIGHT

+ +

Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_malloc.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_malloc.html new file mode 100644 index 00000000..5c15c2f6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_malloc.html @@ -0,0 +1,164 @@ + + + + +OPENSSL_malloc + + + + + + + + + + +

NAME

+ +

OPENSSL_malloc_init, OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free, OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse, CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free, OPENSSL_strdup, OPENSSL_strndup, OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat, OPENSSL_hexstr2buf, OPENSSL_buf2hexstr, OPENSSL_hexchar2int, CRYPTO_strdup, CRYPTO_strndup, OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop, CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop, CRYPTO_clear_realloc, CRYPTO_clear_free, CRYPTO_get_mem_functions, CRYPTO_set_mem_functions, CRYPTO_get_alloc_counts, CRYPTO_set_mem_debug, CRYPTO_mem_ctrl, CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp, CRYPTO_mem_leaks_cb, OPENSSL_MALLOC_FAILURES, OPENSSL_MALLOC_FD - Memory allocation functions

+ +

SYNOPSIS

+ +
#include <openssl/crypto.h>
+
+int OPENSSL_malloc_init(void)
+
+void *OPENSSL_malloc(size_t num)
+void *OPENSSL_zalloc(size_t num)
+void *OPENSSL_realloc(void *addr, size_t num)
+void OPENSSL_free(void *addr)
+char *OPENSSL_strdup(const char *str)
+char *OPENSSL_strndup(const char *str, size_t s)
+size_t OPENSSL_strlcat(char *dst, const char *src, size_t size);
+size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size);
+void *OPENSSL_memdup(void *data, size_t s)
+void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num)
+void OPENSSL_clear_free(void *str, size_t num)
+void OPENSSL_cleanse(void *ptr, size_t len);
+
+unsigned char *OPENSSL_hexstr2buf(const char *str, long *len);
+char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len);
+int OPENSSL_hexchar2int(unsigned char c);
+
+void *CRYPTO_malloc(size_t num, const char *file, int line)
+void *CRYPTO_zalloc(size_t num, const char *file, int line)
+void *CRYPTO_realloc(void *p, size_t num, const char *file, int line)
+void CRYPTO_free(void *str, const char *, int)
+char *CRYPTO_strdup(const char *p, const char *file, int line)
+char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line)
+void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num,
+                           const char *file, int line)
+void CRYPTO_clear_free(void *str, size_t num, const char *, int)
+
+void CRYPTO_get_mem_functions(
+        void *(**m)(size_t, const char *, int),
+        void *(**r)(void *, size_t, const char *, int),
+        void (**f)(void *, const char *, int))
+int CRYPTO_set_mem_functions(
+        void *(*m)(size_t, const char *, int),
+        void *(*r)(void *, size_t, const char *, int),
+        void (*f)(void *, const char *, int))
+
+void CRYPTO_get_alloc_counts(int *m, int *r, int *f)
+
+int CRYPTO_set_mem_debug(int onoff)
+
+env OPENSSL_MALLOC_FAILURES=... <application>
+env OPENSSL_MALLOC_FD=... <application>
+
+int CRYPTO_mem_ctrl(int mode);
+
+int OPENSSL_mem_debug_push(const char *info)
+int OPENSSL_mem_debug_pop(void);
+
+int CRYPTO_mem_debug_push(const char *info, const char *file, int line);
+int CRYPTO_mem_debug_pop(void);
+
+int CRYPTO_mem_leaks(BIO *b);
+int CRYPTO_mem_leaks_fp(FILE *fp);
+int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u),
+                        void *u);
+ +

DESCRIPTION

+ +

OpenSSL memory allocation is handled by the OPENSSL_xxx API. These are generally macro's that add the standard C __FILE__ and __LINE__ parameters and call a lower-level CRYPTO_xxx API. Some functions do not add those parameters, but exist for consistency.

+ +

OPENSSL_malloc_init() does nothing and does not need to be called. It is included for compatibility with older versions of OpenSSL.

+ +

OPENSSL_malloc(), OPENSSL_realloc(), and OPENSSL_free() are like the C malloc(), realloc(), and free() functions. OPENSSL_zalloc() calls memset() to zero the memory before returning.

+ +

OPENSSL_clear_realloc() and OPENSSL_clear_free() should be used when the buffer at addr holds sensitive information. The old buffer is filled with zero's by calling OPENSSL_cleanse() before ultimately calling OPENSSL_free().

+ +

OPENSSL_cleanse() fills ptr of size len with a string of 0's. Use OPENSSL_cleanse() with care if the memory is a mapping of a file. If the storage controller uses write compression, then its possible that sensitive tail bytes will survive zeroization because the block of zeros will be compressed. If the storage controller uses wear leveling, then the old sensitive data will not be overwritten; rather, a block of 0's will be written at a new physical location.

+ +

OPENSSL_strdup(), OPENSSL_strndup() and OPENSSL_memdup() are like the equivalent C functions, except that memory is allocated by calling the OPENSSL_malloc() and should be released by calling OPENSSL_free().

+ +

OPENSSL_strlcpy(), OPENSSL_strlcat() and OPENSSL_strnlen() are equivalents of the common C library functions and are provided for portability.

+ +

OPENSSL_hexstr2buf() parses str as a hex string and returns a pointer to the parsed value. The memory is allocated by calling OPENSSL_malloc() and should be released by calling OPENSSL_free(). If len is not NULL, it is filled in with the output length. Colons between two-character hex "bytes" are ignored. An odd number of hex digits is an error.

+ +

OPENSSL_buf2hexstr() takes the specified buffer and length, and returns a hex string for value, or NULL on error. Buffer cannot be NULL; if len is 0 an empty string is returned.

+ +

OPENSSL_hexchar2int() converts a character to the hexadecimal equivalent, or returns -1 on error.

+ +

If no allocations have been done, it is possible to "swap out" the default implementations for OPENSSL_malloc(), OPENSSL_realloc and OPENSSL_free() and replace them with alternate versions (hooks). CRYPTO_get_mem_functions() function fills in the given arguments with the function pointers for the current implementations. With CRYPTO_set_mem_functions(), you can specify a different set of functions. If any of m, r, or f are NULL, then the function is not changed.

+ +

The default implementation can include some debugging capability (if enabled at build-time). This adds some overhead by keeping a list of all memory allocations, and removes items from the list when they are free'd. This is most useful for identifying memory leaks. CRYPTO_set_mem_debug() turns this tracking on and off. In order to have any effect, is must be called before any of the allocation functions (e.g., CRYPTO_malloc()) are called, and is therefore normally one of the first lines of main() in an application. CRYPTO_mem_ctrl() provides fine-grained control of memory leak tracking. To enable tracking call CRYPTO_mem_ctrl() with a mode argument of the CRYPTO_MEM_CHECK_ON. To disable tracking call CRYPTO_mem_ctrl() with a mode argument of the CRYPTO_MEM_CHECK_OFF.

+ +

While checking memory, it can be useful to store additional context about what is being done. For example, identifying the field names when parsing a complicated data structure. OPENSSL_mem_debug_push() (which calls CRYPTO_mem_debug_push()) attaches an identifying string to the allocation stack. This must be a global or other static string; it is not copied. OPENSSL_mem_debug_pop() removes identifying state from the stack.

+ +

At the end of the program, calling CRYPTO_mem_leaks() or CRYPTO_mem_leaks_fp() will report all "leaked" memory, writing it to the specified BIO b or FILE fp. These functions return 1 if there are no leaks, 0 if there are leaks and -1 if an error occurred.

+ +

CRYPTO_mem_leaks_cb() does the same as CRYPTO_mem_leaks(), but instead of writing to a given BIO, the callback function is called for each output string with the string, length, and userdata u as the callback parameters.

+ +

If the library is built with the crypto-mdebug option, then one function, CRYPTO_get_alloc_counts(), and two additional environment variables, OPENSSL_MALLOC_FAILURES and OPENSSL_MALLOC_FD, are available.

+ +

The function CRYPTO_get_alloc_counts() fills in the number of times each of CRYPTO_malloc(), CRYPTO_realloc(), and CRYPTO_free() have been called, into the values pointed to by mcount, rcount, and fcount, respectively. If a pointer is NULL, then the corresponding count is not stored.

+ +

The variable OPENSSL_MALLOC_FAILURES controls how often allocations should fail. It is a set of fields separated by semicolons, which each field is a count (defaulting to zero) and an optional atsign and percentage (defaulting to 100). If the count is zero, then it lasts forever. For example, 100;@25 or 100@0;0@25 means the first 100 allocations pass, then all other allocations (until the program exits or crashes) have a 25% chance of failing.

+ +

If the variable OPENSSL_MALLOC_FD is parsed as a positive integer, then it is taken as an open file descriptor, and a record of all allocations is written to that descriptor. If an allocation will fail, and the platform supports it, then a backtrace will be written to the descriptor. This can be useful because a malloc may fail but not be checked, and problems will only occur later. The following example in classic shell syntax shows how to use this (will not work on all platforms):

+ +
OPENSSL_MALLOC_FAILURES='200;@10'
+export OPENSSL_MALLOC_FAILURES
+OPENSSL_MALLOC_FD=3
+export OPENSSL_MALLOC_FD
+...app invocation... 3>/tmp/log$$
+ +

RETURN VALUES

+ +

OPENSSL_malloc_init(), OPENSSL_free(), OPENSSL_clear_free() CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_get_mem_functions() return no value.

+ +

CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return 1 if there are no leaks, 0 if there are leaks and -1 if an error occurred.

+ +

OPENSSL_malloc(), OPENSSL_zalloc(), OPENSSL_realloc(), OPENSSL_clear_realloc(), CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_realloc(), CRYPTO_clear_realloc(), OPENSSL_buf2hexstr(), OPENSSL_hexstr2buf(), OPENSSL_strdup(), and OPENSSL_strndup() return a pointer to allocated memory or NULL on error.

+ +

CRYPTO_set_mem_functions() and CRYPTO_set_mem_debug() return 1 on success or 0 on failure (almost always because allocations have already happened).

+ +

CRYPTO_mem_ctrl() returns -1 if an error occurred, otherwise the previous value of the mode.

+ +

OPENSSL_mem_debug_push() and OPENSSL_mem_debug_pop() return 1 on success or 0 on failure.

+ +

NOTES

+ +

While it's permitted to swap out only a few and not all the functions with CRYPTO_set_mem_functions(), it's recommended to swap them all out at once. This applies specially if OpenSSL was built with the configuration option crypto-mdebug enabled. In case, swapping out only, say, the malloc() implementation is outright dangerous.

+ +

COPYRIGHT

+ +

Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_secure_malloc.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_secure_malloc.html new file mode 100644 index 00000000..fa09e139 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OPENSSL_secure_malloc.html @@ -0,0 +1,114 @@ + + + + +OPENSSL_secure_malloc + + + + + + + + + + +

NAME

+ +

CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, CRYPTO_secure_free, OPENSSL_secure_clear_free, CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, CRYPTO_secure_allocated, CRYPTO_secure_used - secure heap storage

+ +

SYNOPSIS

+ +
#include <openssl/crypto.h>
+
+int CRYPTO_secure_malloc_init(size_t size, int minsize);
+
+int CRYPTO_secure_malloc_initialized();
+
+int CRYPTO_secure_malloc_done();
+
+void *OPENSSL_secure_malloc(size_t num);
+void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
+
+void *OPENSSL_secure_zalloc(size_t num);
+void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
+
+void OPENSSL_secure_free(void* ptr);
+void CRYPTO_secure_free(void *ptr, const char *, int);
+
+void OPENSSL_secure_clear_free(void* ptr, size_t num);
+void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int);
+
+size_t OPENSSL_secure_actual_size(const void *ptr);
+
+int CRYPTO_secure_allocated(const void *ptr);
+size_t CRYPTO_secure_used();
+ +

DESCRIPTION

+ +

In order to help protect applications (particularly long-running servers) from pointer overruns or underruns that could return arbitrary data from the program's dynamic memory area, where keys and other sensitive information might be stored, OpenSSL supports the concept of a "secure heap." The level and type of security guarantees depend on the operating system. It is a good idea to review the code and see if it addresses your threat model and concerns.

+ +

If a secure heap is used, then private key BIGNUM values are stored there. This protects long-term storage of private keys, but will not necessarily put all intermediate values and computations there.

+ +

CRYPTO_secure_malloc_init() creates the secure heap, with the specified size in bytes. The minsize parameter is the minimum size to allocate from the heap. Both size and minsize must be a power of two.

+ +

CRYPTO_secure_malloc_initialized() indicates whether or not the secure heap as been initialized and is available.

+ +

CRYPTO_secure_malloc_done() releases the heap and makes the memory unavailable to the process if all secure memory has been freed. It can take noticeably long to complete.

+ +

OPENSSL_secure_malloc() allocates num bytes from the heap. If CRYPTO_secure_malloc_init() is not called, this is equivalent to calling OPENSSL_malloc(). It is a macro that expands to CRYPTO_secure_malloc() and adds the __FILE__ and __LINE__ parameters.

+ +

OPENSSL_secure_zalloc() and CRYPTO_secure_zalloc() are like OPENSSL_secure_malloc() and CRYPTO_secure_malloc(), respectively, except that they call memset() to zero the memory before returning.

+ +

OPENSSL_secure_free() releases the memory at ptr back to the heap. It must be called with a value previously obtained from OPENSSL_secure_malloc(). If CRYPTO_secure_malloc_init() is not called, this is equivalent to calling OPENSSL_free(). It exists for consistency with OPENSSL_secure_malloc() , and is a macro that expands to CRYPTO_secure_free() and adds the __FILE__ and __LINE__ parameters..

+ +

OPENSSL_secure_clear_free() is similar to OPENSSL_secure_free() except that it has an additional num parameter which is used to clear the memory if it was not allocated from the secure heap. If CRYPTO_secure_malloc_init() is not called, this is equivalent to calling OPENSSL_clear_free().

+ +

OPENSSL_secure_actual_size() tells the actual size allocated to the pointer; implementations may allocate more space than initially requested, in order to "round up" and reduce secure heap fragmentation.

+ +

OPENSSL_secure_allocated() tells if a pointer is allocated in the secure heap.

+ +

CRYPTO_secure_used() returns the number of bytes allocated in the secure heap.

+ +

RETURN VALUES

+ +

CRYPTO_secure_malloc_init() returns 0 on failure, 1 if successful, and 2 if successful but the heap could not be protected by memory mapping.

+ +

CRYPTO_secure_malloc_initialized() returns 1 if the secure heap is available (that is, if CRYPTO_secure_malloc_init() has been called, but CRYPTO_secure_malloc_done() has not been called or failed) or 0 if not.

+ +

OPENSSL_secure_malloc() and OPENSSL_secure_zalloc() return a pointer into the secure heap of the requested size, or NULL if memory could not be allocated.

+ +

CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 if not.

+ +

CRYPTO_secure_malloc_done() returns 1 if the secure memory area is released, or 0 if not.

+ +

OPENSSL_secure_free() and OPENSSL_secure_clear_free() return no values.

+ +

SEE ALSO

+ +

OPENSSL_malloc(3), BN_new(3)

+ +

HISTORY

+ +

The OPENSSL_secure_clear_free() function was added in OpenSSL 1.1.0g.

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OSSL_STORE_INFO.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OSSL_STORE_INFO.html new file mode 100644 index 00000000..ca1d9d8a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OSSL_STORE_INFO.html @@ -0,0 +1,163 @@ + + + + +OSSL_STORE_INFO + + + + + + + + + + +

NAME

+ +

OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, OSSL_STORE_INFO_get0_NAME_description, OSSL_STORE_INFO_get0_PARAMS, OSSL_STORE_INFO_get0_PKEY, OSSL_STORE_INFO_get0_CERT, OSSL_STORE_INFO_get0_CRL, OSSL_STORE_INFO_get1_NAME, OSSL_STORE_INFO_get1_NAME_description, OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PKEY, OSSL_STORE_INFO_get1_CERT, OSSL_STORE_INFO_get1_CRL, OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free, OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description, OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL - Functions to manipulate OSSL_STORE_INFO objects

+ +

SYNOPSIS

+ +
#include <openssl/store.h>
+
+typedef struct ossl_store_info_st OSSL_STORE_INFO;
+
+int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *store_info);
+const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *store_info);
+char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *store_info);
+const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO
+                                                  *store_info);
+char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *store_info);
+EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *store_info);
+EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *store_info);
+EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *store_info);
+EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *store_info);
+X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *store_info);
+X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *store_info);
+X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *store_info);
+X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *store_info);
+
+const char *OSSL_STORE_INFO_type_string(int type);
+
+void OSSL_STORE_INFO_free(OSSL_STORE_INFO *store_info);
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name);
+int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(DSA *dsa_params);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl);
+ +

DESCRIPTION

+ +

These functions are primarily useful for applications to retrieve supported objects from OSSL_STORE_INFO objects and for scheme specific loaders to create OSSL_STORE_INFO holders.

+ +

Types

+ +

OSSL_STORE_INFO is an opaque type that's just an intermediary holder for the objects that have been retrieved by OSSL_STORE_load() and similar functions. Supported OpenSSL type object can be extracted using one of STORE_INFO_get0_TYPE(). The life time of this extracted object is as long as the life time of the OSSL_STORE_INFO it was extracted from, so care should be taken not to free the latter too early. As an alternative, STORE_INFO_get1_TYPE() extracts a duplicate (or the same object with its reference count increased), which can be used after the containing OSSL_STORE_INFO has been freed. The object returned by STORE_INFO_get1_TYPE() must be freed separately by the caller. See "SUPPORTED OBJECTS" for more information on the types that are supported.

+ +

Functions

+ +

OSSL_STORE_INFO_get_type() takes a OSSL_STORE_INFO and returns the STORE type number for the object inside. STORE_INFO_get_type_string() takes a STORE type number and returns a short string describing it.

+ +

OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all take a OSSL_STORE_INFO and return the held object of the appropriate OpenSSL type provided that's what's held.

+ +

OSSL_STORE_INFO_get1_NAME(), OSSL_STORE_INFO_get1_NAME_description(), OSSL_STORE_INFO_get1_PARAMS(), OSSL_STORE_INFO_get1_PKEY(), OSSL_STORE_INFO_get1_CERT() and OSSL_STORE_INFO_get1_CRL() all take a OSSL_STORE_INFO and return a duplicate of the held object of the appropriate OpenSSL type provided that's what's held.

+ +

OSSL_STORE_INFO_free() frees a OSSL_STORE_INFO and its contained type.

+ +

OSSL_STORE_INFO_new_NAME() , OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() create a OSSL_STORE_INFO object to hold the given input object. Additionally, for OSSL_STORE_INFO_NAME` objects, OSSL_STORE_INFO_set0_NAME_description() can be used to add an extra description. This description is meant to be human readable and should be used for information printout.

+ +

SUPPORTED OBJECTS

+ +

Currently supported object types are:

+ +
+ +
OSSL_STORE_INFO_NAME
+
+ +

A name is exactly that, a name. It's like a name in a directory, but formatted as a complete URI. For example, the path in URI file:/foo/bar/ could include a file named cookie.pem, and in that case, the returned OSSL_STORE_INFO_NAME object would have the URI file:/foo/bar/cookie.pem, which can be used by the application to get the objects in that file. This can be applied to all schemes that can somehow support a listing of object URIs.

+ +

For file: URIs that are used without the explicit scheme, the returned name will be the path of each object, so if /foo/bar was given and that path has the file cookie.pem, the name /foo/bar/cookie.pem will be returned.

+ +

The returned URI is considered canonical and must be unique and permanent for the storage where the object (or collection of objects) resides. Each loader is responsible for ensuring that it only returns canonical URIs. However, it's possible that certain schemes allow an object (or collection thereof) to be reached with alternative URIs; just because one URI is canonical doesn't mean that other variants can't be used.

+ +

At the discretion of the loader that was used to get these names, an extra description may be attached as well.

+ +
+
OSSL_STORE_INFO_PARAMS
+
+ +

Key parameters.

+ +
+
OSSL_STORE_INFO_PKEY
+
+ +

A private/public key of some sort.

+ +
+
OSSL_STORE_INFO_CERT
+
+ +

An X.509 certificate.

+ +
+
OSSL_STORE_INFO_CRL
+
+ +

A X.509 certificate revocation list.

+ +
+
+ +

RETURN VALUES

+ +

OSSL_STORE_INFO_get_type() returns the STORE type number of the given OSSL_STORE_INFO. There is no error value.

+ +

OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all return a pointer to the OpenSSL object on success, NULL otherwise.

+ +

OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all return a pointer to a duplicate of the OpenSSL object on success, NULL otherwise.

+ +

OSSL_STORE_INFO_type_string() returns a string on success, or NULL on failure.

+ +

OSSL_STORE_INFO_new_NAME(), OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() return a OSSL_STORE_INFO pointer on success, or NULL on failure.

+ +

OSSL_STORE_INFO_set0_NAME_description() returns 1 on success, or 0 on failure.

+ +

SEE ALSO

+ +

ossl_store(7), OSSL_STORE_open(3), OSSL_STORE_register_loader(3)

+ +

HISTORY

+ +

OSSL_STORE_INFO(), OSSL_STORE_INFO_get_type(), OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), OSSL_STORE_INFO_get0_CRL(), OSSL_STORE_INFO_type_string(), OSSL_STORE_INFO_free(), OSSL_STORE_INFO_new_NAME(), OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OSSL_STORE_LOADER.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OSSL_STORE_LOADER.html new file mode 100644 index 00000000..ad4904c7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OSSL_STORE_LOADER.html @@ -0,0 +1,219 @@ + + + + +OSSL_STORE_LOADER + + + + + + + + + + +

NAME

+ +

OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme, OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_ctrl, OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find, OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof, OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close, OSSL_STORE_LOADER_free, OSSL_STORE_register_loader, OSSL_STORE_unregister_loader, OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, OSSL_STORE_expect_fn, OSSL_STORE_find_fn, OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, OSSL_STORE_close_fn - Types and functions to manipulate, register and unregister STORE loaders for different URI schemes

+ +

SYNOPSIS

+ +
#include <openssl/store.h>
+
+typedef struct ossl_store_loader_st OSSL_STORE_LOADER;
+
+OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme);
+const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER
+                                            *store_loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER
+                                          *store_loader);
+
+/* struct ossl_store_loader_ctx_st is defined differently by each loader */
+typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX;
+
+typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const char *uri,
+                                                     const UI_METHOD *ui_method,
+                                                     void *ui_data);
+int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader,
+                               OSSL_STORE_open_fn store_open_function);
+typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd,
+                                  va_list args);
+int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *store_loader,
+                               OSSL_STORE_ctrl_fn store_ctrl_function);
+typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected);
+int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
+                                 OSSL_STORE_expect_fn expect_function);
+typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx,
+                                  OSSL_STORE_SEARCH *criteria);
+int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_find_fn find_function);
+typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx,
+                                               UI_METHOD *ui_method,
+                                               void *ui_data);
+int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *store_loader,
+                               OSSL_STORE_load_fn store_load_function);
+typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx);
+int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *store_loader,
+                              OSSL_STORE_eof_fn store_eof_function);
+typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx);
+int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *store_loader,
+                                OSSL_STORE_error_fn store_error_function);
+typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx);
+int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *store_loader,
+                                OSSL_STORE_close_fn store_close_function);
+void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *store_loader);
+
+int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
+OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme);
+ +

DESCRIPTION

+ +

These functions help applications and engines to create loaders for schemes they support.

+ +

Types

+ +

OSSL_STORE_LOADER is the type to hold a loader. It contains a scheme and the functions needed to implement OSSL_STORE_open(), OSSL_STORE_load(), OSSL_STORE_eof(), OSSL_STORE_error() and OSSL_STORE_close() for this scheme.

+ +

OSSL_STORE_LOADER_CTX is a type template, to be defined by each loader using struct ossl_store_loader_ctx_st { ... }.

+ +

OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, OSSL_STORE_expect_fn, OSSL_STORE_find_fn, OSSL_STORE_load_fn, OSSL_STORE_eof_fn, and OSSL_STORE_close_fn are the function pointer types used within a STORE loader. The functions pointed at define the functionality of the given loader.

+ +
+ +
OSSL_STORE_open_fn
+
+ +

This function takes a URI and is expected to interpret it in the best manner possible according to the scheme the loader implements, it also takes a UI_METHOD and associated data, to be used any time something needs to be prompted for. Furthermore, this function is expected to initialize what needs to be initialized, to create a private data store (OSSL_STORE_LOADER_CTX, see above), and to return it. If something goes wrong, this function is expected to return NULL.

+ +
+
OSSL_STORE_ctrl_fn
+
+ +

This function takes a OSSL_STORE_LOADER_CTX pointer, a command number cmd and a va_list args and is used to manipulate loader specific parameters.

+ +

Loader specific command numbers must begin at OSSL_STORE_C_CUSTOM_START. Any number below that is reserved for future globally known command numbers.

+ +

This function is expected to return 1 on success, 0 on error.

+ +
+
OSSL_STORE_expect_fn
+
+ +

This function takes a OSSL_STORE_LOADER_CTX pointer and a OSSL_STORE_INFO identity expected, and is used to tell the loader what object type is expected. expected may be zero to signify that no specific object type is expected.

+ +

This function is expected to return 1 on success, 0 on error.

+ +
+
OSSL_STORE_find_fn
+
+ +

This function takes a OSSL_STORE_LOADER_CTX pointer and a OSSL_STORE_SEARCH search criterion, and is used to tell the loader what to search for.

+ +

When called with the loader context being NULL, this function is expected to return 1 if the loader supports the criterion, otherwise 0.

+ +

When called with the loader context being something other than NULL, this function is expected to return 1 on success, 0 on error.

+ +
+
OSSL_STORE_load_fn
+
+ +

This function takes a OSSL_STORE_LOADER_CTX pointer and a UI_METHOD with associated data. It's expected to load the next available data, mold it into a data structure that can be wrapped in a OSSL_STORE_INFO using one of the OSSL_STORE_INFO(3) functions. If no more data is available or an error occurs, this function is expected to return NULL. The OSSL_STORE_eof_fn and OSSL_STORE_error_fn functions must indicate if it was in fact the end of data or if an error occurred.

+ +

Note that this function retrieves one data item only.

+ +
+
OSSL_STORE_eof_fn
+
+ +

This function takes a OSSL_STORE_LOADER_CTX pointer and is expected to return 1 to indicate that the end of available data has been reached. It is otherwise expected to return 0.

+ +
+
OSSL_STORE_error_fn
+
+ +

This function takes a OSSL_STORE_LOADER_CTX pointer and is expected to return 1 to indicate that an error occurred in a previous call to the OSSL_STORE_load_fn function. It is otherwise expected to return 0.

+ +
+
OSSL_STORE_close_fn
+
+ +

This function takes a OSSL_STORE_LOADER_CTX pointer and is expected to close or shut down what needs to be closed, and finally free the contents of the OSSL_STORE_LOADER_CTX pointer. It returns 1 on success and 0 on error.

+ +
+
+ +

Functions

+ +

OSSL_STORE_LOADER_new() creates a new OSSL_STORE_LOADER. It takes an ENGINE e and a string scheme. scheme must always be set. Both e and scheme are used as is and must therefore be alive as long as the created loader is.

+ +

OSSL_STORE_LOADER_get0_engine() returns the engine of the store_loader. OSSL_STORE_LOADER_get0_scheme() returns the scheme of the store_loader.

+ +

OSSL_STORE_LOADER_set_open() sets the opener function for the store_loader.

+ +

OSSL_STORE_LOADER_set_ctrl() sets the control function for the store_loader.

+ +

OSSL_STORE_LOADER_set_expect() sets the expect function for the store_loader.

+ +

OSSL_STORE_LOADER_set_load() sets the loader function for the store_loader.

+ +

OSSL_STORE_LOADER_set_eof() sets the end of file checker function for the store_loader.

+ +

OSSL_STORE_LOADER_set_close() sets the closing function for the store_loader.

+ +

OSSL_STORE_LOADER_free() frees the given store_loader.

+ +

OSSL_STORE_register_loader() register the given store_loader and thereby makes it available for use with OSSL_STORE_open(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close().

+ +

OSSL_STORE_unregister_loader() unregister the store loader for the given scheme.

+ +

NOTES

+ +

The file: scheme has built in support.

+ +

RETURN VALUES

+ +

The functions with the types OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, OSSL_STORE_expect_fn, OSSL_STORE_load_fn, OSSL_STORE_eof_fn and OSSL_STORE_close_fn have the same return values as OSSL_STORE_open(), OSSL_STORE_ctrl(), OSSL_STORE_expect(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close(), respectively.

+ +

OSSL_STORE_LOADER_new() returns a pointer to a OSSL_STORE_LOADER on success, or NULL on failure.

+ +

OSSL_STORE_LOADER_set_open(), OSSL_STORE_LOADER_set_ctrl(), OSSL_STORE_LOADER_set_load(), OSSL_STORE_LOADER_set_eof() and OSSL_STORE_LOADER_set_close() return 1 on success, or 0 on failure.

+ +

OSSL_STORE_register_loader() returns 1 on success, or 0 on failure.

+ +

OSSL_STORE_unregister_loader() returns the unregistered loader on success, or NULL on failure.

+ +

SEE ALSO

+ +

ossl_store(7), OSSL_STORE_open(3)

+ +

HISTORY

+ +

OSSL_STORE_LOADER(), OSSL_STORE_LOADER_CTX(), OSSL_STORE_LOADER_new(), OSSL_STORE_LOADER_set0_scheme(), OSSL_STORE_LOADER_set_open(), OSSL_STORE_LOADER_set_ctrl(), OSSL_STORE_LOADER_set_load(), OSSL_STORE_LOADER_set_eof(), OSSL_STORE_LOADER_set_close(), OSSL_STORE_LOADER_free(), OSSL_STORE_register_loader(), OSSL_STORE_unregister_loader(), OSSL_STORE_open_fn(), OSSL_STORE_ctrl_fn(), OSSL_STORE_load_fn(), OSSL_STORE_eof_fn() and OSSL_STORE_close_fn() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OSSL_STORE_SEARCH.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OSSL_STORE_SEARCH.html new file mode 100644 index 00000000..078d308c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OSSL_STORE_SEARCH.html @@ -0,0 +1,151 @@ + + + + +OSSL_STORE_SEARCH + + + + + + + + + + +

NAME

+ +

OSSL_STORE_SEARCH, OSSL_STORE_SEARCH_by_name, OSSL_STORE_SEARCH_by_issuer_serial, OSSL_STORE_SEARCH_by_key_fingerprint, OSSL_STORE_SEARCH_by_alias, OSSL_STORE_SEARCH_free, OSSL_STORE_SEARCH_get_type, OSSL_STORE_SEARCH_get0_name, OSSL_STORE_SEARCH_get0_serial, OSSL_STORE_SEARCH_get0_bytes, OSSL_STORE_SEARCH_get0_string, OSSL_STORE_SEARCH_get0_digest - Type and functions to create OSSL_STORE search criteria

+ +

SYNOPSIS

+ +
#include <openssl/store.h>
+
+typedef struct ossl_store_search_st OSSL_STORE_SEARCH;
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
+                                                      const ASN1_INTEGER
+                                                      *serial);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
+                                                        const unsigned char
+                                                        *bytes, int len);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias);
+
+void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search);
+
+int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion);
+X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion);
+const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
+                                                  *criterion);
+const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
+                                                  *criterion, size_t *length);
+const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion);
+const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH
+                                            *criterion);
+ +

DESCRIPTION

+ +

These functions are used to specify search criteria to help search for specific objects through other names than just the URI that's given to OSSL_STORE_open(). For example, this can be useful for an application that has received a URI and then wants to add on search criteria in a uniform and supported manner.

+ +

Types

+ +

OSSL_STORE_SEARCH is an opaque type that holds the constructed search criterion, and that can be given to an OSSL_STORE context with OSSL_STORE_find().

+ +

The calling application owns the allocation of an OSSL_STORE_SEARCH at all times, and should therefore be careful not to deallocate it before OSSL_STORE_close() has been called for the OSSL_STORE context it was given to.

+ +

Application Functions

+ +

OSSL_STORE_SEARCH_by_name(), OSSL_STORE_SEARCH_by_issuer_serial(), OSSL_STORE_SEARCH_by_key_fingerprint(), and OSSL_STORE_SEARCH_by_alias() are used to create an OSSL_STORE_SEARCH from a subject name, an issuer name and serial number pair, a key fingerprint, and an alias (for example a friendly name). The parameters that are provided are not copied, only referred to in a criterion, so they must have at least the same life time as the created OSSL_STORE_SEARCH.

+ +

OSSL_STORE_SEARCH_free() is used to free the OSSL_STORE_SEARCH.

+ +

Loader Functions

+ +

OSSL_STORE_SEARCH_get_type() returns the criterion type for the given OSSL_STORE_SEARCH.

+ +

OSSL_STORE_SEARCH_get0_name(), OSSL_STORE_SEARCH_get0_serial(), OSSL_STORE_SEARCH_get0_bytes(), OSSL_STORE_SEARCH_get0_string(), and OSSL_STORE_SEARCH_get0_digest() are used to retrieve different data from a OSSL_STORE_SEARCH, as available for each type. For more information, see "SUPPORTED CRITERION TYPES" below.

+ +

SUPPORTED CRITERION TYPES

+ +

Currently supported criterion types are:

+ +
+ +
OSSL_STORE_SEARCH_BY_NAME
+
+ +

This criterion supports a search by exact match of subject name. The subject name itself is a X509_NAME pointer. A criterion of this type is created with OSSL_STORE_SEARCH_by_name(), and the actual subject name is retrieved with OSSL_STORE_SEARCH_get0_name().

+ +
+
OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
+
+ +

This criterion supports a search by exact match of both issuer name and serial number. The issuer name itself is a X509_NAME pointer, and the serial number is a ASN1_INTEGER pointer. A criterion of this type is created with OSSL_STORE_SEARCH_by_issuer_serial() and the actual issuer name and serial number are retrieved with OSSL_STORE_SEARCH_get0_name() and OSSL_STORE_SEARCH_get0_serial().

+ +
+
OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
+
+ +

This criterion supports a search by exact match of key fingerprint. The key fingerprint in itself is a string of bytes and its length, as well as the algorithm that was used to compute the fingerprint. The digest may be left unspecified (NULL), and in that case, the loader has to decide on a default digest and compare fingerprints accordingly. A criterion of this type is created with OSSL_STORE_SEARCH_by_key_fingerprint() and the actual fingerprint and its length can be retrieved with OSSL_STORE_SEARCH_get0_bytes(). The digest can be retrieved with OSSL_STORE_SEARCH_get0_digest().

+ +
+
OSSL_STORE_SEARCH_BY_ALIAS
+
+ +

This criterion supports a search by match of an alias of some kind. The alias in itself is a simple C string. A criterion of this type is created with OSSL_STORE_SEARCH_by_alias() and the actual alias is retrieved with OSSL_STORE_SEARCH_get0_string().

+ +
+
+ +

RETURN VALUES

+ +

OSSL_STORE_SEARCH_by_name(), OSSL_STORE_SEARCH_by_issuer_serial(), OSSL_STORE_SEARCH_by_key_fingerprint(), and OSSL_STORE_SEARCH_by_alias() return a OSSL_STORE_SEARCH pointer on success, or NULL on failure.

+ +

OSSL_STORE_SEARCH_get_type() returns the criterion type of the given OSSL_STORE_SEARCH. There is no error value.

+ +

OSSL_STORE_SEARCH_get0_name() returns a X509_NAME pointer on success, or NULL when the given OSSL_STORE_SEARCH was of a different type.

+ +

OSSL_STORE_SEARCH_get0_serial() returns a ASN1_INTEGER pointer on success, or NULL when the given OSSL_STORE_SEARCH was of a different type.

+ +

OSSL_STORE_SEARCH_get0_bytes() returns a const unsigned char pointer and sets *length to the strings length on success, or NULL when the given OSSL_STORE_SEARCH was of a different type.

+ +

OSSL_STORE_SEARCH_get0_string() returns a const char pointer on success, or NULL when the given OSSL_STORE_SEARCH was of a different type.

+ +

OSSL_STORE_SEARCH_get0_digest() returns a const EVP_MD pointer. NULL is a valid value and means that the store loader default will be used when applicable.

+ +

SEE ALSO

+ +

ossl_store(7), OSSL_STORE_supports_search(3), OSSL_STORE_find(3)

+ +

HISTORY

+ +

OSSL_STORE_SEARCH, OSSL_STORE_SEARCH_by_name(), OSSL_STORE_SEARCH_by_issuer_serial(), OSSL_STORE_SEARCH_by_key_fingerprint(), OSSL_STORE_SEARCH_by_alias(), OSSL_STORE_SEARCH_free(), OSSL_STORE_SEARCH_get_type(), OSSL_STORE_SEARCH_get0_name(), OSSL_STORE_SEARCH_get0_serial(), OSSL_STORE_SEARCH_get0_bytes(), and OSSL_STORE_SEARCH_get0_string() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OSSL_STORE_expect.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OSSL_STORE_expect.html new file mode 100644 index 00000000..e217af49 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OSSL_STORE_expect.html @@ -0,0 +1,82 @@ + + + + +OSSL_STORE_expect + + + + + + + + + + +

NAME

+ +

OSSL_STORE_expect, OSSL_STORE_supports_search, OSSL_STORE_find - Specify what object type is expected

+ +

SYNOPSIS

+ +
#include <openssl/store.h>
+
+int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type);
+
+int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int criterion_type);
+
+int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search);
+ +

DESCRIPTION

+ +

OSSL_STORE_expect() helps applications filter what OSSL_STORE_load() returns by specifying a OSSL_STORE_INFO type. For example, if file:/foo/bar/store.pem contains several different objects and only the certificates are interesting, the application can simply say that it expects the type OSSL_STORE_INFO_CERT. All known object types (see "SUPPORTED OBJECTS" in OSSL_STORE_INFO(3)) except for OSSL_STORE_INFO_NAME are supported.

+ +

OSSL_STORE_find() helps applications specify a criterion for a more fine grained search of objects.

+ +

OSSL_STORE_supports_search() checks if the loader of the given OSSL_STORE context supports the given search type. See "SUPPORTED CRITERION TYPES" in OSSL_STORE_SEARCH for information on the supported search criterion types.

+ +

OSSL_STORE_expect() and OSSL_STORE_find must be called before the first OSSL_STORE_load() of a given session, or they will fail.

+ +

NOTES

+ +

If a more elaborate filter is required by the application, a better choice would be to use a post-processing function. See OSSL_STORE_open(3) for more information.

+ +

However, some loaders may take advantage of the knowledge of an expected type to make object retrieval more efficient, so if a single type is expected, this method is usually preferable.

+ +

RETURN VALUES

+ +

OSSL_STORE_expect() returns 1 on success, or 0 on failure.

+ +

OSSL_STORE_supports_search() returns 1 if the criterion is supported, or 0 otherwise.

+ +

OSSL_STORE_find() returns 1 on success, or 0 on failure.

+ +

SEE ALSO

+ +

ossl_store(7), OSSL_STORE_INFO(3), OSSL_STORE_SEARCH(3), OSSL_STORE_load(3)

+ +

HISTORY

+ +

OSSL_STORE_expect(), OSSL_STORE_supports_search() and OSSL_STORE_find() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OSSL_STORE_open.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OSSL_STORE_open.html new file mode 100644 index 00000000..e6b96df3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OSSL_STORE_open.html @@ -0,0 +1,133 @@ + + + + +OSSL_STORE_open + + + + + + + + + + +

NAME

+ +

OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, OSSL_STORE_error, OSSL_STORE_close - Types and functions to read objects from a URI

+ +

SYNOPSIS

+ +
#include <openssl/store.h>
+
+typedef struct ossl_store_ctx_st OSSL_STORE_CTX;
+
+typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *,
+                                                            void *);
+
+OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
+                                void *ui_data,
+                                OSSL_STORE_post_process_info_fn post_process,
+                                void *post_process_data);
+int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */);
+OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
+int OSSL_STORE_eof(OSSL_STORE_CTX *ctx);
+int OSSL_STORE_error(OSSL_STORE_CTX *ctx);
+int OSSL_STORE_close(OSSL_STORE_CTX *ctx);
+ +

DESCRIPTION

+ +

These functions help the application to fetch supported objects (see "SUPPORTED OBJECTS" in OSSL_STORE_INFO(3) for information on which those are) from a given URI (see "SUPPORTED SCHEMES" for more information on the supported URI schemes). The general method to do so is to "open" the URI using OSSL_STORE_open(), read each available and supported object using OSSL_STORE_load() as long as OSSL_STORE_eof() hasn't been reached, and finish it off with OSSL_STORE_close().

+ +

The retrieved information is stored in a OSSL_STORE_INFO, which is further described in OSSL_STORE_INFO(3).

+ +

Types

+ +

OSSL_STORE_CTX is a context variable that holds all the internal information for OSSL_STORE_open(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() to work together.

+ +

Functions

+ +

OSSL_STORE_open() takes a uri or path uri, password UI method ui_method with associated data ui_data, and post processing callback post_process with associated data post_process_data, opens a channel to the data located at that URI and returns a OSSL_STORE_CTX with all necessary internal information. The given ui_method and ui_data_data will be reused by all functions that use OSSL_STORE_CTX when interaction is needed. The given post_process and post_process_data will be reused by OSSL_STORE_load() to manipulate or drop the value to be returned. The post_process function drops values by returning NULL, which will cause OSSL_STORE_load() to start its process over with loading the next object, until post_process returns something other than NULL, or the end of data is reached as indicated by OSSL_STORE_eof().

+ +

OSSL_STORE_ctrl() takes a OSSL_STORE_CTX, and command number cmd and more arguments not specified here. The available loader specific command numbers and arguments they each take depends on the loader that's used and is documented together with that loader.

+ +

There are also global controls available:

+ +
+ +
OSSL_STORE_C_USE_SECMEM
+
+ +

Controls if the loader should attempt to use secure memory for any allocated OSSL_STORE_INFO and its contents. This control expects one argument, a pointer to an int that is expected to have the value 1 (yes) or 0 (no). Any other value is an error.

+ +
+
+ +

OSSL_STORE_load() takes a OSSL_STORE_CTX, tries to load the next available object and return it wrapped with OSSL_STORE_INFO.

+ +

OSSL_STORE_eof() takes a OSSL_STORE_CTX and checks if we've reached the end of data.

+ +

OSSL_STORE_error() takes a OSSL_STORE_CTX and checks if an error occurred in the last OSSL_STORE_load() call. Note that it may still be meaningful to try and load more objects, unless OSSL_STORE_eof() shows that the end of data has been reached.

+ +

OSSL_STORE_close() takes a OSSL_STORE_CTX, closes the channel that was opened by OSSL_STORE_open() and frees all other information that was stored in the OSSL_STORE_CTX, as well as the OSSL_STORE_CTX itself.

+ +

SUPPORTED SCHEMES

+ +

The basic supported scheme is file:. Any other scheme can be added dynamically, using OSSL_STORE_register_loader().

+ +

NOTES

+ +

A string without a scheme prefix (that is, a non-URI string) is implicitly interpreted as using the file: scheme.

+ +

There are some tools that can be used together with OSSL_STORE_open() to determine if any failure is caused by an unparsable URI, or if it's a different error (such as memory allocation failures); if the URI was parsable but the scheme unregistered, the top error will have the reason OSSL_STORE_R_UNREGISTERED_SCHEME.

+ +

These functions make no direct assumption regarding the pass phrase received from the password callback. The loaders may make assumptions, however. For example, the file: scheme loader inherits the assumptions made by OpenSSL functionality that handles the different file types; this is mostly relevant for PKCS#12 objects. See passphrase-encoding(7) for further information.

+ +

RETURN VALUES

+ +

OSSL_STORE_open() returns a pointer to a OSSL_STORE_CTX on success, or NULL on failure.

+ +

OSSL_STORE_load() returns a pointer to a OSSL_STORE_INFO on success, or NULL on error or when end of data is reached. Use OSSL_STORE_error() and OSSL_STORE_eof() to determine the meaning of a returned NULL.

+ +

OSSL_STORE_eof() returns 1 if the end of data has been reached, otherwise 0.

+ +

OSSL_STORE_error() returns 1 if an error occurred in an OSSL_STORE_load() call, otherwise 0.

+ +

OSSL_STORE_ctrl() and OSSL_STORE_close() returns 1 on success, or 0 on failure.

+ +

SEE ALSO

+ +

ossl_store(7), OSSL_STORE_INFO(3), OSSL_STORE_register_loader(3), passphrase-encoding(7)

+ +

HISTORY

+ +

OSSL_STORE_CTX(), OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(), OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OpenSSL_add_all_algorithms.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OpenSSL_add_all_algorithms.html new file mode 100644 index 00000000..44496b20 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/OpenSSL_add_all_algorithms.html @@ -0,0 +1,77 @@ + + + + +OpenSSL_add_all_algorithms + + + + + + + + + + +

NAME

+ +

OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup - add algorithms to internal table

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+ +

Deprecated:

+ +
 # if OPENSSL_API_COMPAT < 0x10100000L
+ void OpenSSL_add_all_algorithms(void);
+ void OpenSSL_add_all_ciphers(void);
+ void OpenSSL_add_all_digests(void);
+
+ void EVP_cleanup(void)
+# endif
+ +

DESCRIPTION

+ +

OpenSSL keeps an internal table of digest algorithms and ciphers. It uses this table to lookup ciphers via functions such as EVP_get_cipher_byname().

+ +

OpenSSL_add_all_digests() adds all digest algorithms to the table.

+ +

OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and ciphers).

+ +

OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including password based encryption algorithms.

+ +

In versions prior to 1.1.0 EVP_cleanup() removed all ciphers and digests from the table. It no longer has any effect in OpenSSL 1.1.0.

+ +

RETURN VALUES

+ +

None of the functions return a value.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3), EVP_EncryptInit(3)

+ +

HISTORY

+ +

The OpenSSL_add_all_algorithms(), OpenSSL_add_all_ciphers(), OpenSSL_add_all_digests(), and EVP_cleanup(), functions were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto() and should not be used.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_bytes_read_bio.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_bytes_read_bio.html new file mode 100644 index 00000000..08027082 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_bytes_read_bio.html @@ -0,0 +1,81 @@ + + + + +PEM_bytes_read_bio + + + + + + + + + + +

NAME

+ +

PEM_bytes_read_bio, PEM_bytes_read_bio_secmem - read a PEM-encoded data structure from a BIO

+ +

SYNOPSIS

+ +
#include <openssl/pem.h>
+
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+                       const char *name, BIO *bp, pem_password_cb *cb,
+                       void *u);
+int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
+                              const char *name, BIO *bp, pem_password_cb *cb,
+                              void *u);
+ +

DESCRIPTION

+ +

PEM_bytes_read_bio() reads PEM-formatted (IETF RFC 1421 and IETF RFC 7468) data from the BIO bp for the data type given in name (RSA PRIVATE KEY, CERTIFICATE, etc.). If multiple PEM-encoded data structures are present in the same stream, PEM_bytes_read_bio() will skip non-matching data types and continue reading. Non-PEM data present in the stream may cause an error.

+ +

The PEM header may indicate that the following data is encrypted; if so, the data will be decrypted, waiting on user input to supply a passphrase if needed. The password callback cb and rock u are used to obtain the decryption passphrase, if applicable.

+ +

Some data types have compatibility aliases, such as a file containing X509 CERTIFICATE matching a request for the deprecated type CERTIFICATE. The actual type indicated by the file is returned in *pnm if pnm is non-NULL. The caller must free the storage pointed to by *pnm.

+ +

The returned data is the DER-encoded form of the requested type, in *pdata with length *plen. The caller must free the storage pointed to by *pdata.

+ +

PEM_bytes_read_bio_secmem() is similar to PEM_bytes_read_bio(), but uses memory from the secure heap for its temporary buffers and the storage returned in *pdata and *pnm. Accordingly, the caller must use OPENSSL_secure_free() to free that storage.

+ +

NOTES

+ +

PEM_bytes_read_bio_secmem() only enforces that the secure heap is used for storage allocated within the PEM processing stack. The BIO stack from which input is read may also use temporary buffers, which are not necessarily allocated from the secure heap. In cases where it is desirable to ensure that the contents of the PEM file only appears in memory from the secure heap, care is needed in generating the BIO passed as bp. In particular, the use of BIO_s_file() indicates the use of the operating system stdio functionality, which includes buffering as a feature; BIO_s_fd() is likely to be more appropriate in such cases.

+ +

These functions make no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence.

+ +

RETURN VALUES

+ +

PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

PEM_read_bio_ex(3), passphrase-encoding(7)

+ +

HISTORY

+ +

PEM_bytes_read_bio_secmem() was introduced in OpenSSL 1.1.1

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_read.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_read.html new file mode 100644 index 00000000..2f59013a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_read.html @@ -0,0 +1,98 @@ + + + + +PEM_read + + + + + + + + + + +

NAME

+ +

PEM_write, PEM_write_bio, PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO - PEM encoding routines

+ +

SYNOPSIS

+ +
#include <openssl/pem.h>
+
+int PEM_write(FILE *fp, const char *name, const char *header,
+              const unsigned char *data, long len)
+int PEM_write_bio(BIO *bp, const char *name, const char *header,
+                  const unsigned char *data, long len)
+
+int PEM_read(FILE *fp, char **name, char **header,
+             unsigned char **data, long *len);
+int PEM_read_bio(BIO *bp, char **name, char **header,
+                 unsigned char **data, long *len);
+
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo);
+int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len,
+                  pem_password_cb *cb, void *u);
+ +

DESCRIPTION

+ +

These functions read and write PEM-encoded objects, using the PEM type name, any additional header information, and the raw data of length len.

+ +

PEM is the term used for binary content encoding first defined in IETF RFC 1421. The content is a series of base64-encoded lines, surrounded by begin/end markers each on their own line. For example:

+ +
-----BEGIN PRIVATE KEY-----
+MIICdg....
+... bhTQ==
+-----END PRIVATE KEY-----
+ +

Optional header line(s) may appear after the begin line, and their existence depends on the type of object being written or read.

+ +

PEM_write() writes to the file fp, while PEM_write_bio() writes to the BIO bp. The name is the name to use in the marker, the header is the header value or NULL, and data and len specify the data and its length.

+ +

The final data buffer is typically an ASN.1 object which can be decoded with the d2i function appropriate to the type name; see d2i_X509(3) for examples.

+ +

PEM_read() reads from the file fp, while PEM_read_bio() reads from the BIO bp. Both skip any non-PEM data that precedes the start of the next PEM object. When an object is successfully retrieved, the type name from the "----BEGIN <type>-----" is returned via the name argument, any encapsulation headers are returned in header and the base64-decoded content and its length are returned via data and len respectively. The name, header and data pointers are allocated via OPENSSL_malloc() and should be freed by the caller via OPENSSL_free() when no longer needed.

+ +

PEM_get_EVP_CIPHER_INFO() can be used to determine the data returned by PEM_read() or PEM_read_bio() is encrypted and to retrieve the associated cipher and IV. The caller passes a pointer to structure of type EVP_CIPHER_INFO via the cinfo argument and the header returned via PEM_read() or PEM_read_bio(). If the call is successful 1 is returned and the cipher and IV are stored at the address pointed to by cinfo. When the header is malformed, or not supported or when the cipher is unknown or some internal error happens 0 is returned. This function is deprecated, see NOTES below.

+ +

PEM_do_header() can then be used to decrypt the data if the header indicates encryption. The cinfo argument is a pointer to the structure initialized by the previous call to PEM_get_EVP_CIPHER_INFO(). The data and len arguments are those returned by the previous call to PEM_read() or PEM_read_bio(). The cb and u arguments make it possible to override the default password prompt function as described in PEM_read_PrivateKey(3). On successful completion the data is decrypted in place, and len is updated to indicate the plaintext length. This function is deprecated, see NOTES below.

+ +

If the data is a priori known to not be encrypted, then neither PEM_do_header() nor PEM_get_EVP_CIPHER_INFO() need be called.

+ +

RETURN VALUES

+ +

PEM_read() and PEM_read_bio() return 1 on success and 0 on failure, the latter includes the case when no more PEM objects remain in the input file. To distinguish end of file from more serious errors the caller must peek at the error stack and check for PEM_R_NO_START_LINE, which indicates that no more PEM objects were found. See ERR_peek_last_error(3), ERR_GET_REASON(3).

+ +

PEM_get_EVP_CIPHER_INFO() and PEM_do_header() return 1 on success, and 0 on failure. The data is likely meaningless if these functions fail.

+ +

NOTES

+ +

The PEM_get_EVP_CIPHER_INFO() and PEM_do_header() functions are deprecated. This is because the underlying PEM encryption format is obsolete, and should be avoided. It uses an encryption format with an OpenSSL-specific key-derivation function, which employs MD5 with an iteration count of 1! Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 v2.0 PBE. See PEM_write_PrivateKey(3) and d2i_PKCS8PrivateKey_bio(3).

+ +

PEM_do_header() makes no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence.

+ +

SEE ALSO

+ +

ERR_peek_last_error(3), ERR_GET_LIB(3), d2i_PKCS8PrivateKey_bio(3), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_read_CMS.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_read_CMS.html new file mode 100644 index 00000000..c850692f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_read_CMS.html @@ -0,0 +1,78 @@ + + + + +PEM_read_CMS + + + + + + + + + + +

NAME

+ +

DECLARE_PEM_rw, PEM_read_CMS, PEM_read_bio_CMS, PEM_write_CMS, PEM_write_bio_CMS, PEM_write_DHxparams, PEM_write_bio_DHxparams, PEM_read_ECPKParameters, PEM_read_bio_ECPKParameters, PEM_write_ECPKParameters, PEM_write_bio_ECPKParameters, PEM_read_ECPrivateKey, PEM_write_ECPrivateKey, PEM_write_bio_ECPrivateKey, PEM_read_EC_PUBKEY, PEM_read_bio_EC_PUBKEY, PEM_write_EC_PUBKEY, PEM_write_bio_EC_PUBKEY, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_PKCS8, PEM_read_bio_PKCS8, PEM_write_PKCS8, PEM_write_bio_PKCS8, PEM_write_PKCS8_PRIV_KEY_INFO, PEM_read_bio_PKCS8_PRIV_KEY_INFO, PEM_read_PKCS8_PRIV_KEY_INFO, PEM_write_bio_PKCS8_PRIV_KEY_INFO, PEM_read_SSL_SESSION, PEM_read_bio_SSL_SESSION, PEM_write_SSL_SESSION, PEM_write_bio_SSL_SESSION - PEM object encoding routines

+ +

SYNOPSIS

+ +
#include <openssl/pem.h>
+
+DECLARE_PEM_rw(name, TYPE)
+
+TYPE *PEM_read_TYPE(FILE *fp, TYPE **a, pem_password_cb *cb, void *u);
+TYPE *PEM_read_bio_TYPE(BIO *bp, TYPE **a, pem_password_cb *cb, void *u);
+int PEM_write_TYPE(FILE *fp, const TYPE *a);
+int PEM_write_bio_TYPE(BIO *bp, const TYPE *a);
+ +

DESCRIPTION

+ +

In the description below, TYPE is used as a placeholder for any of the OpenSSL datatypes, such as X509. The macro DECLARE_PEM_rw expands to the set of declarations shown in the next four lines of the synopsis.

+ +

These routines convert between local instances of ASN1 datatypes and the PEM encoding. For more information on the templates, see ASN1_ITEM(3). For more information on the lower-level routines used by the functions here, see PEM_read(3).

+ +

PEM_read_TYPE() reads a PEM-encoded object of TYPE from the file fp and returns it. The cb and u parameters are as described in pem_password_cb(3).

+ +

PEM_read_bio_TYPE() is similar to PEM_read_TYPE() but reads from the BIO bp.

+ +

PEM_write_TYPE() writes the PEM encoding of the object a to the file fp.

+ +

PEM_write_bio_TYPE() similarly writes to the BIO bp.

+ +

NOTES

+ +

These functions make no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence.

+ +

RETURN VALUES

+ +

PEM_read_TYPE() and PEM_read_bio_TYPE() return a pointer to an allocated object, which should be released by calling TYPE_free(), or NULL on error.

+ +

PEM_write_TYPE() and PEM_write_bio_TYPE() return the number of bytes written or zero on error.

+ +

SEE ALSO

+ +

PEM_read(3), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_read_bio_PrivateKey.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_read_bio_PrivateKey.html new file mode 100644 index 00000000..dd68d34b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_read_bio_PrivateKey.html @@ -0,0 +1,381 @@ + + + + +PEM_read_bio_PrivateKey + + + + + + + + + + +

NAME

+ +

pem_password_cb, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines

+ +

SYNOPSIS

+ +
#include <openssl/pem.h>
+
+typedef int pem_password_cb(char *buf, int size, int rwflag, void *u);
+
+EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
+                                  pem_password_cb *cb, void *u);
+EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
+                              pem_password_cb *cb, void *u);
+int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                             unsigned char *kstr, int klen,
+                             pem_password_cb *cb, void *u);
+int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+                                         const EVP_CIPHER *enc,
+                                         unsigned char *kstr, int klen,
+                                         pem_password_cb *cb, void *u);
+int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                         unsigned char *kstr, int klen,
+                         pem_password_cb *cb, void *u);
+
+int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                              char *kstr, int klen,
+                              pem_password_cb *cb, void *u);
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+                                      char *kstr, int klen,
+                                      pem_password_cb *cb, void *u);
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+
+EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
+                              pem_password_cb *cb, void *u);
+EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
+                          pem_password_cb *cb, void *u);
+int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
+int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
+
+RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
+                                pem_password_cb *cb, void *u);
+RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
+                            pem_password_cb *cb, void *u);
+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                unsigned char *kstr, int klen,
+                                pem_password_cb *cb, void *u);
+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                            unsigned char *kstr, int klen,
+                            pem_password_cb *cb, void *u);
+
+RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
+                               pem_password_cb *cb, void *u);
+RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
+                           pem_password_cb *cb, void *u);
+int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
+int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
+
+RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
+                             pem_password_cb *cb, void *u);
+RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
+                         pem_password_cb *cb, void *u);
+int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
+int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
+
+DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
+                                pem_password_cb *cb, void *u);
+DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
+                            pem_password_cb *cb, void *u);
+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+                                unsigned char *kstr, int klen,
+                                pem_password_cb *cb, void *u);
+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+                            unsigned char *kstr, int klen,
+                            pem_password_cb *cb, void *u);
+
+DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
+                             pem_password_cb *cb, void *u);
+DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
+                         pem_password_cb *cb, void *u);
+int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
+int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
+
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
+int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x);
+
+DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
+DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
+int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
+int PEM_write_DSAparams(FILE *fp, DSA *x);
+
+DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
+DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
+int PEM_write_bio_DHparams(BIO *bp, DH *x);
+int PEM_write_DHparams(FILE *fp, DH *x);
+
+X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+int PEM_write_bio_X509(BIO *bp, X509 *x);
+int PEM_write_X509(FILE *fp, X509 *x);
+
+X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
+int PEM_write_X509_AUX(FILE *fp, X509 *x);
+
+X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
+                                pem_password_cb *cb, void *u);
+X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
+                            pem_password_cb *cb, void *u);
+int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
+int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
+int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
+int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
+
+X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
+                                pem_password_cb *cb, void *u);
+X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
+                            pem_password_cb *cb, void *u);
+int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
+int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
+
+PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
+PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
+int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
+int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
+ +

DESCRIPTION

+ +

The PEM functions read or write structures in PEM format. In this sense PEM format is simply base64 encoded data surrounded by header lines.

+ +

For more details about the meaning of arguments see the PEM FUNCTION ARGUMENTS section.

+ +

Each operation has four functions associated with it. For brevity the term "TYPE functions" will be used below to collectively refer to the PEM_read_bio_TYPE(), PEM_read_TYPE(), PEM_write_bio_TYPE(), and PEM_write_TYPE() functions.

+ +

The PrivateKey functions read or write a private key in PEM format using an EVP_PKEY structure. The write routines use PKCS#8 private key format and are equivalent to PEM_write_bio_PKCS8PrivateKey().The read functions transparently handle traditional and PKCS#8 format encrypted and unencrypted keys.

+ +

PEM_write_bio_PrivateKey_traditional() writes out a private key in the "traditional" format with a simple private key marker and should only be used for compatibility with legacy programs.

+ +

PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a private key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption algorithms. The cipher argument specifies the encryption algorithm to use: unlike some other PEM routines the encryption is applied at the PKCS#8 level and not in the PEM headers. If cipher is NULL then no encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.

+ +

PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid() also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm to use is specified in the nid parameter and should be the NID of the corresponding OBJECT IDENTIFIER (see NOTES section).

+ +

The PUBKEY functions process a public key using an EVP_PKEY structure. The public key is encoded as a SubjectPublicKeyInfo structure.

+ +

The RSAPrivateKey functions process an RSA private key using an RSA structure. The write routines uses traditional format. The read routines handles the same formats as the PrivateKey functions but an error occurs if the private key is not RSA.

+ +

The RSAPublicKey functions process an RSA public key using an RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey structure.

+ +

The RSA_PUBKEY functions also process an RSA public key using an RSA structure. However the public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public key is not RSA.

+ +

The DSAPrivateKey functions process a DSA private key using a DSA structure. The write routines uses traditional format. The read routines handles the same formats as the PrivateKey functions but an error occurs if the private key is not DSA.

+ +

The DSA_PUBKEY functions process a DSA public key using a DSA structure. The public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public key is not DSA.

+ +

The Parameters functions read or write key parameters in PEM format using an EVP_PKEY structure. The encoding depends on the type of key; for DSA key parameters, it will be a Dss-Parms structure as defined in RFC2459, and for DH key parameters, it will be a PKCS#3 DHparameter structure. These functions only exist for the BIO type.

+ +

The DSAparams functions process DSA parameters using a DSA structure. The parameters are encoded using a Dss-Parms structure as defined in RFC2459.

+ +

The DHparams functions process DH parameters using a DH structure. The parameters are encoded using a PKCS#3 DHparameter structure.

+ +

The X509 functions process an X509 certificate using an X509 structure. They will also process a trusted X509 certificate but any trust settings are discarded.

+ +

The X509_AUX functions process a trusted X509 certificate using an X509 structure.

+ +

The X509_REQ and X509_REQ_NEW functions process a PKCS#10 certificate request using an X509_REQ structure. The X509_REQ write functions use CERTIFICATE REQUEST in the header whereas the X509_REQ_NEW functions use NEW CERTIFICATE REQUEST (as required by some CAs). The X509_REQ read functions will handle either form so there are no X509_REQ_NEW read functions.

+ +

The X509_CRL functions process an X509 CRL using an X509_CRL structure.

+ +

The PKCS7 functions process a PKCS#7 ContentInfo using a PKCS7 structure.

+ +

PEM FUNCTION ARGUMENTS

+ +

The PEM functions have many common arguments.

+ +

The bp BIO parameter (if present) specifies the BIO to read from or write to.

+ +

The fp FILE parameter (if present) specifies the FILE pointer to read from or write to.

+ +

The PEM read functions all take an argument TYPE **x and return a TYPE * pointer. Where TYPE is whatever structure the function uses. If x is NULL then the parameter is ignored. If x is not NULL but *x is NULL then the structure returned will be written to *x. If neither x nor *x is NULL then an attempt is made to reuse the structure at *x (but see BUGS and EXAMPLES sections). Irrespective of the value of x a pointer to the structure is always returned (or NULL if an error occurred).

+ +

The PEM functions which write private keys take an enc parameter which specifies the encryption algorithm to use, encryption is done at the PEM level. If this parameter is set to NULL then the private key is written in unencrypted form.

+ +

The cb argument is the callback to use when querying for the pass phrase used for encrypted PEM structures (normally only private keys).

+ +

For the PEM write routines if the kstr parameter is not NULL then klen bytes at kstr are used as the passphrase and cb is ignored.

+ +

If the cb parameters is set to NULL and the u parameter is not NULL then the u parameter is interpreted as a null terminated string to use as the passphrase. If both cb and u are NULL then the default callback routine is used which will typically prompt for the passphrase on the current terminal with echoing turned off.

+ +

The default passphrase callback is sometimes inappropriate (for example in a GUI application) so an alternative can be supplied. The callback routine has the following form:

+ +
int cb(char *buf, int size, int rwflag, void *u);
+ +

buf is the buffer to write the passphrase to. size is the maximum length of the passphrase (i.e. the size of buf). rwflag is a flag which is set to 0 when reading and 1 when writing. A typical routine will ask the user to verify the passphrase (for example by prompting for it twice) if rwflag is 1. The u parameter has the same value as the u parameter passed to the PEM routine. It allows arbitrary data to be passed to the callback by the application (for example a window handle in a GUI application). The callback must return the number of characters in the passphrase or -1 if an error occurred.

+ +

NOTES

+ +

The old PrivateKey write routines are retained for compatibility. New applications should write private keys using the PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines because they are more secure (they use an iteration count of 2048 whereas the traditional routines use a count of 1) unless compatibility with older versions of OpenSSL is important.

+ +

The PrivateKey read routines can be used in all applications because they handle all formats transparently.

+ +

A frequent cause of problems is attempting to use the PEM routines like this:

+ +
X509 *x;
+
+PEM_read_bio_X509(bp, &x, 0, NULL);
+ +

this is a bug because an attempt will be made to reuse the data at x which is an uninitialised pointer.

+ +

These functions make no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence.

+ +

PEM ENCRYPTION FORMAT

+ +

These old PrivateKey routines use a non standard technique for encryption.

+ +

The private key (or other data) takes the following form:

+ +
-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
+
+...base64 encoded data...
+-----END RSA PRIVATE KEY-----
+ +

The line beginning with Proc-Type contains the version and the protection on the encapsulated data. The line beginning DEK-Info contains two comma separated values: the encryption algorithm name as used by EVP_get_cipherbyname() and an initialization vector used by the cipher encoded as a set of hexadecimal digits. After those two lines is the base64-encoded encrypted data.

+ +

The encryption key is derived using EVP_BytesToKey(). The cipher's initialization vector is passed to EVP_BytesToKey() as the salt parameter. Internally, PKCS5_SALT_LEN bytes of the salt are used (regardless of the size of the initialization vector). The user's password is passed to EVP_BytesToKey() using the data and datal parameters. Finally, the library uses an iteration count of 1 for EVP_BytesToKey().

+ +

The key derived by EVP_BytesToKey() along with the original initialization vector is then used to decrypt the encrypted data. The iv produced by EVP_BytesToKey() is not utilized or needed, and NULL should be passed to the function.

+ +

The pseudo code to derive the key would look similar to:

+ +
EVP_CIPHER* cipher = EVP_des_ede3_cbc();
+EVP_MD* md = EVP_md5();
+
+unsigned int nkey = EVP_CIPHER_key_length(cipher);
+unsigned int niv = EVP_CIPHER_iv_length(cipher);
+unsigned char key[nkey];
+unsigned char iv[niv];
+
+memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv);
+rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/);
+if (rc != nkey)
+    /* Error */
+
+/* On success, use key and iv to initialize the cipher */
+ +

BUGS

+ +

The PEM read routines in some versions of OpenSSL will not correctly reuse an existing structure. Therefore the following:

+ +
PEM_read_bio_X509(bp, &x, 0, NULL);
+ +

where x already contains a valid certificate, may not work, whereas:

+ +
X509_free(x);
+x = PEM_read_bio_X509(bp, NULL, 0, NULL);
+ +

is guaranteed to work.

+ +

RETURN VALUES

+ +

The read routines return either a pointer to the structure read or NULL if an error occurred.

+ +

The write routines return 1 for success or 0 for failure.

+ +

EXAMPLES

+ +

Although the PEM routines take several arguments in almost all applications most of them are set to 0 or NULL.

+ +

Read a certificate in PEM format from a BIO:

+ +
X509 *x;
+
+x = PEM_read_bio_X509(bp, NULL, 0, NULL);
+if (x == NULL)
+    /* Error */
+ +

Alternative method:

+ +
X509 *x = NULL;
+
+if (!PEM_read_bio_X509(bp, &x, 0, NULL))
+    /* Error */
+ +

Write a certificate to a BIO:

+ +
if (!PEM_write_bio_X509(bp, x))
+    /* Error */
+ +

Write a private key (using traditional format) to a BIO using triple DES encryption, the pass phrase is prompted for:

+ +
if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
+    /* Error */
+ +

Write a private key (using PKCS#8 format) to a BIO using triple DES encryption, using the pass phrase "hello":

+ +
if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
+                                   NULL, 0, 0, "hello"))
+    /* Error */
+ +

Read a private key from a BIO using a pass phrase callback:

+ +
key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
+if (key == NULL)
+    /* Error */
+ +

Skeleton pass phrase callback:

+ +
int pass_cb(char *buf, int size, int rwflag, void *u)
+{
+
+    /* We'd probably do something else if 'rwflag' is 1 */
+    printf("Enter pass phrase for \"%s\"\n", (char *)u);
+
+    /* get pass phrase, length 'len' into 'tmp' */
+    char *tmp = "hello";
+    if (tmp == NULL) /* An error occurred */
+        return -1;
+
+    size_t len = strlen(tmp);
+
+    if (len > size)
+        len = size;
+    memcpy(buf, tmp, len);
+    return len;
+}
+ +

SEE ALSO

+ +

EVP_EncryptInit(3), EVP_BytesToKey(3), passphrase-encoding(7)

+ +

HISTORY

+ +

The old Netscape certificate sequences were no longer documented in OpenSSL 1.1.0; applications should use the PKCS7 standard instead as they will be formally deprecated in a future releases.

+ +

COPYRIGHT

+ +

Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_read_bio_ex.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_read_bio_ex.html new file mode 100644 index 00000000..0a48ad99 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_read_bio_ex.html @@ -0,0 +1,80 @@ + + + + +PEM_read_bio_ex + + + + + + + + + + +

NAME

+ +

PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, PEM_FLAG_ONLY_B64 - read PEM format files with custom processing

+ +

SYNOPSIS

+ +
#include <openssl/pem.h>
+
+#define PEM_FLAG_SECURE             0x1
+#define PEM_FLAG_EAY_COMPATIBLE     0x2
+#define PEM_FLAG_ONLY_B64           0x4
+int PEM_read_bio_ex(BIO *in, char **name, char **header,
+                    unsigned char **data, long *len, unsigned int flags);
+ +

DESCRIPTION

+ +

PEM_read_bio_ex() reads in PEM formatted data from an input BIO, outputting the name of the type of contained data, the header information regarding the possibly encrypted data, and the binary data payload (after base64 decoding). It should generally only be used to implement PEM_read_bio_-family functions for specific data types or other usage, but is exposed to allow greater flexibility over how processing is performed, if needed.

+ +

If PEM_FLAG_SECURE is set, the intermediate buffers used to read in lines of input are allocated from the secure heap.

+ +

If PEM_FLAG_EAY_COMPATIBLE is set, a simple algorithm is used to remove whitespace and control characters from the end of each line, so as to be compatible with the historical behavior of PEM_read_bio().

+ +

If PEM_FLAG_ONLY_B64 is set, all characters are required to be valid base64 characters (or newlines); non-base64 characters are treated as end of input.

+ +

If neither PEM_FLAG_EAY_COMPATIBLE or PEM_FLAG_ONLY_B64 is set, control characters are ignored.

+ +

If both PEM_FLAG_EAY_COMPATIBLE and PEM_FLAG_ONLY_B64 are set, an error is returned; these options are not compatible with each other.

+ +

NOTES

+ +

The caller must release the storage allocated for *name, *header, and *data. If PEM_FLAG_SECURE was set, use OPENSSL_secure_free(); otherwise, OPENSSL_free() is used.

+ +

RETURN VALUES

+ +

PEM_read_bio_ex() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

PEM_bytes_read_bio(3)

+ +

HISTORY

+ +

The PEM_read_bio_ex() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_write_bio_CMS_stream.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_write_bio_CMS_stream.html new file mode 100644 index 00000000..37ff67df --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_write_bio_CMS_stream.html @@ -0,0 +1,68 @@ + + + + +PEM_write_bio_CMS_stream + + + + + + + + + + +

NAME

+ +

PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+ +

DESCRIPTION

+ +

PEM_write_bio_CMS_stream() outputs a CMS_ContentInfo structure in PEM format.

+ +

It is otherwise identical to the function SMIME_write_CMS().

+ +

NOTES

+ +

This function is effectively a version of the PEM_write_bio_CMS() supporting streaming.

+ +

RETURN VALUES

+ +

PEM_write_bio_CMS_stream() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_verify(3), CMS_encrypt(3) CMS_decrypt(3), PEM_write(3), SMIME_write_CMS(3), i2d_CMS_bio_stream(3)

+ +

HISTORY

+ +

The PEM_write_bio_CMS_stream() function was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_write_bio_PKCS7_stream.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_write_bio_PKCS7_stream.html new file mode 100644 index 00000000..f99bcf93 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PEM_write_bio_PKCS7_stream.html @@ -0,0 +1,68 @@ + + + + +PEM_write_bio_PKCS7_stream + + + + + + + + + + +

NAME

+ +

PEM_write_bio_PKCS7_stream - output PKCS7 structure in PEM format

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
+ +

DESCRIPTION

+ +

PEM_write_bio_PKCS7_stream() outputs a PKCS7 structure in PEM format.

+ +

It is otherwise identical to the function SMIME_write_PKCS7().

+ +

NOTES

+ +

This function is effectively a version of the PEM_write_bio_PKCS7() supporting streaming.

+ +

RETURN VALUES

+ +

PEM_write_bio_PKCS7_stream() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_sign(3), PKCS7_verify(3), PKCS7_encrypt(3) PKCS7_decrypt(3), SMIME_write_PKCS7(3), i2d_PKCS7_bio_stream(3)

+ +

HISTORY

+ +

The PEM_write_bio_PKCS7_stream() function was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS12_create.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS12_create.html new file mode 100644 index 00000000..05762365 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS12_create.html @@ -0,0 +1,83 @@ + + + + +PKCS12_create + + + + + + + + + + +

NAME

+ +

PKCS12_create - create a PKCS#12 structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs12.h>
+
+PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
+                      X509 *cert, STACK_OF(X509) *ca,
+                      int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
+ +

DESCRIPTION

+ +

PKCS12_create() creates a PKCS#12 structure.

+ +

pass is the passphrase to use. name is the friendlyName to use for the supplied certificate and key. pkey is the private key to include in the structure and cert its corresponding certificates. ca, if not NULL is an optional set of certificates to also include in the structure.

+ +

nid_key and nid_cert are the encryption algorithms that should be used for the key and certificate respectively. The modes GCM, CCM, XTS, and OCB are unsupported. iter is the encryption algorithm iteration count to use and mac_iter is the MAC iteration count to use. keytype is the type of key.

+ +

NOTES

+ +

The parameters nid_key, nid_cert, iter, mac_iter and keytype can all be set to zero and sensible defaults will be used.

+ +

These defaults are: 40 bit RC2 encryption for certificates, triple DES encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER (currently 2048) and a MAC iteration count of 1.

+ +

The default MAC iteration count is 1 in order to retain compatibility with old software which did not interpret MAC iteration counts. If such compatibility is not required then mac_iter should be set to PKCS12_DEFAULT_ITER.

+ +

keytype adds a flag to the store private key. This is a non standard extension that is only currently interpreted by MSIE. If set to zero the flag is omitted, if set to KEY_SIG the key can be used for signing only, if set to KEY_EX it can be used for signing and encryption. This option was useful for old export grade software which could use signing only keys of arbitrary size but had restrictions on the permissible sizes of keys which could be used for encryption.

+ +

If a certificate contains an alias or keyid then this will be used for the corresponding friendlyName or localKeyID in the PKCS12 structure.

+ +

Either pkey, cert or both can be NULL to indicate that no key or certificate is required. In previous versions both had to be present or a fatal error is returned.

+ +

nid_key or nid_cert can be set to -1 indicating that no encryption should be used.

+ +

mac_iter can be set to -1 and the MAC will then be omitted entirely.

+ +

PKCS12_create() makes assumptions regarding the encoding of the given pass phrase. See passphrase-encoding(7) for more information.

+ +

RETURN VALUES

+ +

PKCS12_create() returns a valid PKCS12 structure or NULL if an error occurred.

+ +

SEE ALSO

+ +

d2i_PKCS12(3), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS12_newpass.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS12_newpass.html new file mode 100644 index 00000000..bf5b6054 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS12_newpass.html @@ -0,0 +1,125 @@ + + + + +PKCS12_newpass + + + + + + + + + + +

NAME

+ +

PKCS12_newpass - change the password of a PKCS12 structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs12.h>
+
+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
+ +

DESCRIPTION

+ +

PKCS12_newpass() changes the password of a PKCS12 structure.

+ +

p12 is a pointer to a PKCS12 structure. oldpass is the existing password and newpass is the new password.

+ +

NOTES

+ +

Each of oldpass and newpass is independently interpreted as a string in the UTF-8 encoding. If it is not valid UTF-8, it is assumed to be ISO8859-1 instead.

+ +

In particular, this means that passwords in the locale character set (or code page on Windows) must potentially be converted to UTF-8 before use. This may include passwords from local text files, or input from the terminal or command line. Refer to the documentation of UI_OpenSSL(3), for example.

+ +

RETURN VALUES

+ +

PKCS12_newpass() returns 1 on success or 0 on failure. Applications can retrieve the most recent error from PKCS12_newpass() with ERR_get_error().

+ +

EXAMPLES

+ +

This example loads a PKCS#12 file, changes its password and writes out the result to a new file.

+ +
#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+int main(int argc, char **argv)
+{
+    FILE *fp;
+    PKCS12 *p12;
+
+    if (argc != 5) {
+        fprintf(stderr, "Usage: pkread p12file password newpass opfile\n");
+        return 1;
+    }
+    if ((fp = fopen(argv[1], "rb")) == NULL) {
+        fprintf(stderr, "Error opening file %s\n", argv[1]);
+        return 1;
+    }
+    p12 = d2i_PKCS12_fp(fp, NULL);
+    fclose(fp);
+    if (p12 == NULL) {
+        fprintf(stderr, "Error reading PKCS#12 file\n");
+        ERR_print_errors_fp(stderr);
+        return 1;
+    }
+    if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) {
+        fprintf(stderr, "Error changing password\n");
+        ERR_print_errors_fp(stderr);
+        PKCS12_free(p12);
+        return 1;
+    }
+    if ((fp = fopen(argv[4], "wb")) == NULL) {
+        fprintf(stderr, "Error opening file %s\n", argv[4]);
+        PKCS12_free(p12);
+        return 1;
+    }
+    i2d_PKCS12_fp(fp, p12);
+    PKCS12_free(p12);
+    fclose(fp);
+    return 0;
+}
+ +

NOTES

+ +

If the PKCS#12 structure does not have a password, then you must use the empty string "" for oldpass. Using NULL for oldpass will result in a PKCS12_newpass() failure.

+ +

If the wrong password is used for oldpass then the function will fail, with a MAC verification error. In rare cases the PKCS12 structure does not contain a MAC: in this case it will usually fail with a decryption padding error.

+ +

BUGS

+ +

The password format is a NULL terminated ASCII string which is converted to Unicode form internally. As a result some passwords cannot be supplied to this function.

+ +

SEE ALSO

+ +

PKCS12_create(3), ERR_get_error(3), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS12_parse.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS12_parse.html new file mode 100644 index 00000000..d9394d3e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS12_parse.html @@ -0,0 +1,81 @@ + + + + +PKCS12_parse + + + + + + + + + + +

NAME

+ +

PKCS12_parse - parse a PKCS#12 structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs12.h>
+
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+                 STACK_OF(X509) **ca);
+ +

DESCRIPTION

+ +

PKCS12_parse() parses a PKCS12 structure.

+ +

p12 is the PKCS12 structure to parse. pass is the passphrase to use. If successful the private key will be written to *pkey, the corresponding certificate to *cert and any additional certificates to *ca.

+ +

NOTES

+ +

The parameters pkey and cert cannot be NULL. ca can be <NULL> in which case additional certificates will be discarded. *ca can also be a valid STACK in which case additional certificates are appended to *ca. If *ca is NULL a new STACK will be allocated.

+ +

The friendlyName and localKeyID attributes (if present) on each certificate will be stored in the alias and keyid attributes of the X509 structure.

+ +

The parameter pass is interpreted as a string in the UTF-8 encoding. If it is not valid UTF-8, then it is assumed to be ISO8859-1 instead.

+ +

In particular, this means that passwords in the locale character set (or code page on Windows) must potentially be converted to UTF-8 before use. This may include passwords from local text files, or input from the terminal or command line. Refer to the documentation of UI_OpenSSL(3), for example.

+ +

RETURN VALUES

+ +

PKCS12_parse() returns 1 for success and zero if an error occurred.

+ +

The error can be obtained from ERR_get_error(3)

+ +

BUGS

+ +

Only a single private key and corresponding certificate is returned by this function. More complex PKCS#12 files with multiple private keys will only return the first match.

+ +

Only friendlyName and localKeyID attributes are currently stored in certificates. Other attributes are discarded.

+ +

Attributes currently cannot be stored in the private key EVP_PKEY structure.

+ +

SEE ALSO

+ +

d2i_PKCS12(3), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS5_PBKDF2_HMAC.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS5_PBKDF2_HMAC.html new file mode 100644 index 00000000..fccc784c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS5_PBKDF2_HMAC.html @@ -0,0 +1,82 @@ + + + + +PKCS5_PBKDF2_HMAC + + + + + + + + + + +

NAME

+ +

PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 - password based derivation routines with salt and iteration count

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+                      const unsigned char *salt, int saltlen, int iter,
+                      const EVP_MD *digest,
+                      int keylen, unsigned char *out);
+
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+                           const unsigned char *salt, int saltlen, int iter,
+                           int keylen, unsigned char *out);
+ +

DESCRIPTION

+ +

PKCS5_PBKDF2_HMAC() derives a key from a password using a salt and iteration count as specified in RFC 2898.

+ +

pass is the password used in the derivation of length passlen. pass is an optional parameter and can be NULL. If passlen is -1, then the function will calculate the length of pass using strlen().

+ +

salt is the salt used in the derivation of length saltlen. If the salt is NULL, then saltlen must be 0. The function will not attempt to calculate the length of the salt because it is not assumed to be NULL terminated.

+ +

iter is the iteration count and its value should be greater than or equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any iter less than 1 is treated as a single iteration.

+ +

digest is the message digest function used in the derivation. Values include any of the EVP_* message digests. PKCS5_PBKDF2_HMAC_SHA1() calls PKCS5_PBKDF2_HMAC() with EVP_sha1().

+ +

The derived key will be written to out. The size of the out buffer is specified via keylen.

+ +

NOTES

+ +

A typical application of this function is to derive keying material for an encryption algorithm from a password in the pass, a salt in salt, and an iteration count.

+ +

Increasing the iter parameter slows down the algorithm which makes it harder for an attacker to perform a brute force attack using a large number of candidate passwords.

+ +

These functions make no assumption regarding the given password. It will simply be treated as a byte sequence.

+ +

RETURN VALUES

+ +

PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on error.

+ +

SEE ALSO

+ +

evp(7), RAND_bytes(3), EVP_BytesToKey(3), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS7_decrypt.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS7_decrypt.html new file mode 100644 index 00000000..e429fe7c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS7_decrypt.html @@ -0,0 +1,72 @@ + + + + +PKCS7_decrypt + + + + + + + + + + +

NAME

+ +

PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+ +

DESCRIPTION

+ +

PKCS7_decrypt() extracts and decrypts the content from a PKCS#7 envelopedData structure. pkey is the private key of the recipient, cert is the recipients certificate, data is a BIO to write the content to and flags is an optional set of flags.

+ +

NOTES

+ +

Although the recipients certificate is not needed to decrypt the data it is needed to locate the appropriate (of possible several) recipients in the PKCS#7 structure.

+ +

The following flags can be passed in the flags parameter.

+ +

If the PKCS7_TEXT flag is set MIME headers for type text/plain are deleted from the content. If the content is not of type text/plain then an error is returned.

+ +

RETURN VALUES

+ +

PKCS7_decrypt() returns either 1 for success or 0 for failure. The error can be obtained from ERR_get_error(3)

+ +

BUGS

+ +

PKCS7_decrypt() must be passed the correct recipient key and certificate. It would be better if it could look up the correct key and certificate from a database.

+ +

The lack of single pass processing and need to hold all data in memory as mentioned in PKCS7_sign() also applies to PKCS7_verify().

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_encrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS7_encrypt.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS7_encrypt.html new file mode 100644 index 00000000..c1bacd03 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS7_encrypt.html @@ -0,0 +1,90 @@ + + + + +PKCS7_encrypt + + + + + + + + + + +

NAME

+ +

PKCS7_encrypt - create a PKCS#7 envelopedData structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+                     int flags);
+ +

DESCRIPTION

+ +

PKCS7_encrypt() creates and returns a PKCS#7 envelopedData structure. certs is a list of recipient certificates. in is the content to be encrypted. cipher is the symmetric cipher to use. flags is an optional set of flags.

+ +

NOTES

+ +

Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates supplied to this function must all contain RSA public keys, though they do not have to be signed using the RSA algorithm.

+ +

EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because most clients will support it.

+ +

Some old "export grade" clients may only support weak encryption using 40 or 64 bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively.

+ +

The algorithm passed in the cipher parameter must support ASN1 encoding of its parameters.

+ +

Many browsers implement a "sign and encrypt" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory BIO and passing it to PKCS7_encrypt().

+ +

The following flags can be passed in the flags parameter.

+ +

If the PKCS7_TEXT flag is set MIME headers for type text/plain are prepended to the data.

+ +

Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) if PKCS7_BINARY is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. If PKCS7_BINARY is set then PKCS7_TEXT is ignored.

+ +

If the PKCS7_STREAM flag is set a partial PKCS7 structure is output suitable for streaming I/O: no data is read from the BIO in.

+ +

NOTES

+ +

If the flag PKCS7_STREAM is set the returned PKCS7 structure is not complete and outputting its contents via a function that does not properly finalize the PKCS7 structure will give unpredictable results.

+ +

Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(), PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization can be performed by obtaining the streaming ASN1 BIO directly using BIO_new_PKCS7().

+ +

RETURN VALUES

+ +

PKCS7_encrypt() returns either a PKCS7 structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_decrypt(3)

+ +

HISTORY

+ +

The PKCS7_STREAM flag was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS7_sign.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS7_sign.html new file mode 100644 index 00000000..7d443339 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS7_sign.html @@ -0,0 +1,109 @@ + + + + +PKCS7_sign + + + + + + + + + + +

NAME

+ +

PKCS7_sign - create a PKCS#7 signedData structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                  BIO *data, int flags);
+ +

DESCRIPTION

+ +

PKCS7_sign() creates and returns a PKCS#7 signedData structure. signcert is the certificate to sign with, pkey is the corresponding private key. certs is an optional additional set of certificates to include in the PKCS#7 structure (for example any intermediate CAs in the chain).

+ +

The data to be signed is read from BIO data.

+ +

flags is an optional set of flags.

+ +

NOTES

+ +

Any of the following flags (ored together) can be passed in the flags parameter.

+ +

Many S/MIME clients expect the signed content to include valid MIME headers. If the PKCS7_TEXT flag is set MIME headers for type text/plain are prepended to the data.

+ +

If PKCS7_NOCERTS is set the signer's certificate will not be included in the PKCS7 structure, the signer's certificate must still be supplied in the signcert parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message.

+ +

The data being signed is included in the PKCS7 structure, unless PKCS7_DETACHED is set in which case it is omitted. This is used for PKCS7 detached signatures which are used in S/MIME plaintext signed messages for example.

+ +

Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) if PKCS7_BINARY is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it.

+ +

The signedData structure includes several PKCS#7 authenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of ciphers in an SMIMECapabilities attribute. If PKCS7_NOATTR is set then no authenticatedAttributes will be used. If PKCS7_NOSMIMECAP is set then just the SMIMECapabilities are omitted.

+ +

If present the SMIMECapabilities attribute indicates support for the following algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is disabled then it will not be included.

+ +

If the flags PKCS7_STREAM is set then the returned PKCS7 structure is just initialized ready to perform the signing operation. The signing is however not performed and the data to be signed is not read from the data parameter. Signing is deferred until after the data has been written. In this way data can be signed in a single pass.

+ +

If the PKCS7_PARTIAL flag is set a partial PKCS7 structure is output to which additional signers and capabilities can be added before finalization.

+ +

NOTES

+ +

If the flag PKCS7_STREAM is set the returned PKCS7 structure is not complete and outputting its contents via a function that does not properly finalize the PKCS7 structure will give unpredictable results.

+ +

Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(), PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization can be performed by obtaining the streaming ASN1 BIO directly using BIO_new_PKCS7().

+ +

If a signer is specified it will use the default digest for the signing algorithm. This is SHA1 for both RSA and DSA keys.

+ +

The certs, signcert and pkey parameters can all be NULL if the PKCS7_PARTIAL flag is set. One or more signers can be added using the function PKCS7_sign_add_signer(). PKCS7_final() must also be called to finalize the structure if streaming is not enabled. Alternative signing digests can also be specified using this method.

+ +

If signcert and pkey are NULL then a certificates only PKCS#7 structure is output.

+ +

In versions of OpenSSL before 1.0.0 the signcert and pkey parameters must NOT be NULL.

+ +

BUGS

+ +

Some advanced attributes such as counter signatures are not supported.

+ +

RETURN VALUES

+ +

PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_verify(3)

+ +

HISTORY

+ +

The PKCS7_PARTIAL flag, and the ability for certs, signcert, and pkey parameters to be NULL were added in OpenSSL 1.0.0.

+ +

The PKCS7_STREAM flag was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS7_sign_add_signer.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS7_sign_add_signer.html new file mode 100644 index 00000000..af1bec17 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS7_sign_add_signer.html @@ -0,0 +1,87 @@ + + + + +PKCS7_sign_add_signer + + + + + + + + + + +

NAME

+ +

PKCS7_sign_add_signer - add a signer PKCS7 signed data structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
+                                         EVP_PKEY *pkey, const EVP_MD *md, int flags);
+ +

DESCRIPTION

+ +

PKCS7_sign_add_signer() adds a signer with certificate signcert and private key pkey using message digest md to a PKCS7 signed data structure p7.

+ +

The PKCS7 structure should be obtained from an initial call to PKCS7_sign() with the flag PKCS7_PARTIAL set or in the case or re-signing a valid PKCS7 signed data structure.

+ +

If the md parameter is NULL then the default digest for the public key algorithm will be used.

+ +

Unless the PKCS7_REUSE_DIGEST flag is set the returned PKCS7 structure is not complete and must be finalized either by streaming (if applicable) or a call to PKCS7_final().

+ +

NOTES

+ +

The main purpose of this function is to provide finer control over a PKCS#7 signed data structure where the simpler PKCS7_sign() function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed.

+ +

Any of the following flags (ored together) can be passed in the flags parameter.

+ +

If PKCS7_REUSE_DIGEST is set then an attempt is made to copy the content digest value from the PKCS7 structure: to add a signer to an existing structure. An error occurs if a matching digest value cannot be found to copy. The returned PKCS7 structure will be valid and finalized when this flag is set.

+ +

If PKCS7_PARTIAL is set in addition to PKCS7_REUSE_DIGEST then the PKCS7_SIGNER_INO structure will not be finalized so additional attributes can be added. In this case an explicit call to PKCS7_SIGNER_INFO_sign() is needed to finalize it.

+ +

If PKCS7_NOCERTS is set the signer's certificate will not be included in the PKCS7 structure, the signer's certificate must still be supplied in the signcert parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message.

+ +

The signedData structure includes several PKCS#7 authenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of ciphers in an SMIMECapabilities attribute. If PKCS7_NOATTR is set then no authenticatedAttributes will be used. If PKCS7_NOSMIMECAP is set then just the SMIMECapabilities are omitted.

+ +

If present the SMIMECapabilities attribute indicates support for the following algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is disabled then it will not be included.

+ +

PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO structure just added, this can be used to set additional attributes before it is finalized.

+ +

RETURN VALUES

+ +

PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO structure just added or NULL if an error occurs.

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_sign(3), PKCS7_final(3),

+ +

HISTORY

+ +

The PPKCS7_sign_add_signer() function was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS7_verify.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS7_verify.html new file mode 100644 index 00000000..140846c3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/PKCS7_verify.html @@ -0,0 +1,110 @@ + + + + +PKCS7_verify + + + + + + + + + + +

NAME

+ +

PKCS7_verify, PKCS7_get0_signers - verify a PKCS#7 signedData structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+                 BIO *indata, BIO *out, int flags);
+
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+ +

DESCRIPTION

+ +

PKCS7_verify() verifies a PKCS#7 signedData structure. p7 is the PKCS7 structure to verify. certs is a set of certificates in which to search for the signer's certificate. store is a trusted certificate store (used for chain verification). indata is the signed data if the content is not present in p7 (that is it is detached). The content is written to out if it is not NULL.

+ +

flags is an optional set of flags, which can be used to modify the verify operation.

+ +

PKCS7_get0_signers() retrieves the signer's certificates from p7, it does not check their validity or whether any signatures are valid. The certs and flags parameters have the same meanings as in PKCS7_verify().

+ +

VERIFY PROCESS

+ +

Normally the verify process proceeds as follows.

+ +

Initially some sanity checks are performed on p7. The type of p7 must be signedData. There must be at least one signature on the data and if the content is detached indata cannot be NULL. If the content is not detached and indata is not NULL, then the structure has both embedded and external content. To treat this as an error, use the flag PKCS7_NO_DUAL_CONTENT. The default behavior allows this, for compatibility with older versions of OpenSSL.

+ +

An attempt is made to locate all the signer's certificates, first looking in the certs parameter (if it is not NULL) and then looking in any certificates contained in the p7 structure itself. If any signer's certificates cannot be located the operation fails.

+ +

Each signer's certificate is chain verified using the smimesign purpose and the supplied trusted certificate store. Any internal certificates in the message are used as untrusted CAs. If any chain verify fails an error code is returned.

+ +

Finally the signed content is read (and written to out is it is not NULL) and the signature's checked.

+ +

If all signature's verify correctly then the function is successful.

+ +

Any of the following flags (ored together) can be passed in the flags parameter to change the default verify behaviour. Only the flag PKCS7_NOINTERN is meaningful to PKCS7_get0_signers().

+ +

If PKCS7_NOINTERN is set the certificates in the message itself are not searched when locating the signer's certificate. This means that all the signers certificates must be in the certs parameter.

+ +

If the PKCS7_TEXT flag is set MIME headers for type text/plain are deleted from the content. If the content is not of type text/plain then an error is returned.

+ +

If PKCS7_NOVERIFY is set the signer's certificates are not chain verified.

+ +

If PKCS7_NOCHAIN is set then the certificates contained in the message are not used as untrusted CAs. This means that the whole verify chain (apart from the signer's certificate) must be contained in the trusted store.

+ +

If PKCS7_NOSIGS is set then the signatures on the data are not checked.

+ +

NOTES

+ +

One application of PKCS7_NOINTERN is to only accept messages signed by a small number of certificates. The acceptable certificates would be passed in the certs parameter. In this case if the signer is not one of the certificates supplied in certs then the verify will fail because the signer cannot be found.

+ +

Care should be taken when modifying the default verify behaviour, for example setting PKCS7_NOVERIFY|PKCS7_NOSIGS will totally disable all verification and any signed message will be considered valid. This combination is however useful if one merely wishes to write the content to out and its validity is not considered important.

+ +

Chain verification should arguably be performed using the signing time rather than the current time. However since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp).

+ +

RETURN VALUES

+ +

PKCS7_verify() returns one for a successful verification and zero if an error occurs.

+ +

PKCS7_get0_signers() returns all signers or NULL if an error occurred.

+ +

The error can be obtained from ERR_get_error(3)

+ +

BUGS

+ +

The trusted certificate store is not searched for the signers certificate, this is primarily due to the inadequacies of the current X509_STORE functionality.

+ +

The lack of single pass processing and need to hold all data in memory as mentioned in PKCS7_sign() also applies to PKCS7_verify().

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_sign(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_generate.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_generate.html new file mode 100644 index 00000000..35f151c2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_generate.html @@ -0,0 +1,80 @@ + + + + +RAND_DRBG_generate + + + + + + + + + + +

NAME

+ +

RAND_DRBG_generate, RAND_DRBG_bytes - generate random bytes using the given drbg instance

+ +

SYNOPSIS

+ +
#include <openssl/rand_drbg.h>
+
+int RAND_DRBG_generate(RAND_DRBG *drbg,
+                       unsigned char *out, size_t outlen,
+                       int prediction_resistance,
+                       const unsigned char *adin, size_t adinlen);
+
+int RAND_DRBG_bytes(RAND_DRBG *drbg,
+                    unsigned char *out, size_t outlen);
+ +

DESCRIPTION

+ +

RAND_DRBG_generate() generates outlen random bytes using the given DRBG instance drbg and stores them in the buffer at out.

+ +

Before generating the output, the DRBG instance checks whether the maximum number of generate requests (reseed interval) or the maximum timespan (reseed time interval) since its last seeding have been reached. If this is the case, the DRBG reseeds automatically. Additionally, an immediate reseeding can be requested by setting the prediction_resistance flag to 1. See NOTES section for more details.

+ +

The caller can optionally provide additional data to be used for reseeding by passing a pointer adin to a buffer of length adinlen. This additional data is mixed into the internal state of the random generator but does not contribute to the entropy count. The additional data can be omitted by setting adin to NULL and adinlen to 0;

+ +

RAND_DRBG_bytes() generates outlen random bytes using the given DRBG instance drbg and stores them in the buffer at out. This function is a wrapper around the RAND_DRBG_generate() call, which collects some additional data from low entropy sources (e.g., a high resolution timer) and calls RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen).

+ +

RETURN VALUES

+ +

RAND_DRBG_generate() and RAND_DRBG_bytes() return 1 on success, and 0 on failure.

+ +

NOTES

+ +

The reseed interval and reseed time interval of the drbg are set to reasonable default values, which in general do not have to be adjusted. If necessary, they can be changed using RAND_DRBG_set_reseed_interval(3) and RAND_DRBG_set_reseed_time_interval(3), respectively.

+ +

A request for prediction resistance can only be satisfied by pulling fresh entropy from one of the approved entropy sources listed in section 5.5.2 of [NIST SP 800-90C]. Since the default DRBG implementation does not have access to such an approved entropy source, a request for prediction resistance will always fail. In other words, prediction resistance is currently not supported yet by the DRBG.

+ +

SEE ALSO

+ +

RAND_bytes(3), RAND_DRBG_set_reseed_interval(3), RAND_DRBG_set_reseed_time_interval(3), RAND_DRBG(7)

+ +

HISTORY

+ +

The RAND_DRBG functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_get0_master.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_get0_master.html new file mode 100644 index 00000000..8e5b68e9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_get0_master.html @@ -0,0 +1,80 @@ + + + + +RAND_DRBG_get0_master + + + + + + + + + + +

NAME

+ +

RAND_DRBG_get0_master, RAND_DRBG_get0_public, RAND_DRBG_get0_private - get access to the global RAND_DRBG instances

+ +

SYNOPSIS

+ +
#include <openssl/rand_drbg.h>
+
+RAND_DRBG *RAND_DRBG_get0_master(void);
+RAND_DRBG *RAND_DRBG_get0_public(void);
+RAND_DRBG *RAND_DRBG_get0_private(void);
+ +

DESCRIPTION

+ +

The default RAND API implementation (RAND_OpenSSL()) utilizes three shared DRBG instances which are accessed via the RAND API:

+ +

The <public> and <private> DRBG are thread-local instances, which are used by RAND_bytes() and RAND_priv_bytes(), respectively. The <master> DRBG is a global instance, which is not intended to be used directly, but is used internally to reseed the other two instances.

+ +

These functions here provide access to the shared DRBG instances.

+ +

RETURN VALUES

+ +

RAND_DRBG_get0_master() returns a pointer to the <master> DRBG instance.

+ +

RAND_DRBG_get0_public() returns a pointer to the <public> DRBG instance.

+ +

RAND_DRBG_get0_private() returns a pointer to the <private> DRBG instance.

+ +

NOTES

+ +

It is not thread-safe to access the <master> DRBG instance. The <public> and <private> DRBG instance can be accessed safely, because they are thread-local. Note however, that changes to these two instances apply only to the current thread.

+ +

For that reason it is recommended not to change the settings of these three instances directly. Instead, an application should change the default settings for new DRBG instances at initialization time, before creating additional threads.

+ +

During initialization, it is possible to change the reseed interval and reseed time interval. It is also possible to exchange the reseeding callbacks entirely.

+ +

SEE ALSO

+ +

RAND_DRBG_set_callbacks(3), RAND_DRBG_set_reseed_defaults(3), RAND_DRBG_set_reseed_interval(3), RAND_DRBG_set_reseed_time_interval(3), RAND_DRBG_set_callbacks(3), RAND_DRBG_generate(3), RAND_DRBG(7)

+ +

HISTORY

+ +

The RAND_DRBG functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_new.html new file mode 100644 index 00000000..950459c3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_new.html @@ -0,0 +1,105 @@ + + + + +RAND_DRBG_new + + + + + + + + + + +

NAME

+ +

RAND_DRBG_new, RAND_DRBG_secure_new, RAND_DRBG_set, RAND_DRBG_set_defaults, RAND_DRBG_instantiate, RAND_DRBG_uninstantiate, RAND_DRBG_free - initialize and cleanup a RAND_DRBG instance

+ +

SYNOPSIS

+ +
#include <openssl/rand_drbg.h>
+
+
+RAND_DRBG *RAND_DRBG_new(int type,
+                         unsigned int flags,
+                         RAND_DRBG *parent);
+
+RAND_DRBG *RAND_DRBG_secure_new(int type,
+                                unsigned int flags,
+                                RAND_DRBG *parent);
+
+int RAND_DRBG_set(RAND_DRBG *drbg,
+                  int type, unsigned int flags);
+
+int RAND_DRBG_set_defaults(int type, unsigned int flags);
+
+int RAND_DRBG_instantiate(RAND_DRBG *drbg,
+                          const unsigned char *pers, size_t perslen);
+
+int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
+
+void RAND_DRBG_free(RAND_DRBG *drbg);
+ +

DESCRIPTION

+ +

RAND_DRBG_new() and RAND_DRBG_secure_new() create a new DRBG instance of the given type, allocated from the heap resp. the secure heap (using OPENSSL_zalloc() resp. OPENSSL_secure_zalloc()).

+ +

RAND_DRBG_set() initializes the drbg with the given type and flags.

+ +

RAND_DRBG_set_defaults() sets the default type and flags for new DRBG instances.

+ +

Currently, all DRBG types are based on AES-CTR, so type can be one of the following values: NID_aes_128_ctr, NID_aes_192_ctr, NID_aes_256_ctr. Before the DRBG can be used to generate random bits, it is necessary to set its type and to instantiate it.

+ +

The optional flags argument specifies a set of bit flags which can be joined using the | operator. Currently, the only flag is RAND_DRBG_FLAG_CTR_NO_DF, which disables the use of a the derivation function ctr_df. For an explanation, see [NIST SP 800-90A Rev. 1].

+ +

If a parent instance is specified then this will be used instead of the default entropy source for reseeding the drbg. It is said that the drbg is chained to its parent. For more information, see the NOTES section.

+ +

RAND_DRBG_instantiate() seeds the drbg instance using random input from trusted entropy sources. Optionally, a personalization string pers of length perslen can be specified. To omit the personalization string, set pers=NULL and perslen=0;

+ +

RAND_DRBG_uninstantiate() clears the internal state of the drbg and puts it back in the uninstantiated state.

+ +

RETURN VALUES

+ +

RAND_DRBG_new() and RAND_DRBG_secure_new() return a pointer to a DRBG instance allocated on the heap, resp. secure heap.

+ +

RAND_DRBG_set(), RAND_DRBG_instantiate(), and RAND_DRBG_uninstantiate() return 1 on success, and 0 on failure.

+ +

RAND_DRBG_free() does not return a value.

+ +

NOTES

+ +

The DRBG design supports chaining, which means that a DRBG instance can use another parent DRBG instance instead of the default entropy source to obtain fresh random input for reseeding, provided that parent DRBG instance was properly instantiated, either from a trusted entropy source, or from yet another parent DRBG instance. For a detailed description of the reseeding process, see RAND_DRBG(7).

+ +

The default DRBG type and flags are applied only during creation of a DRBG instance. To ensure that they are applied to the global and thread-local DRBG instances (<master>, resp. <public> and <private>), it is necessary to call RAND_DRBG_set_defaults() before creating any thread and before calling any cryptographic routines that obtain random data directly or indirectly.

+ +

SEE ALSO

+ +

OPENSSL_zalloc(3), OPENSSL_secure_zalloc(3), RAND_DRBG_generate(3), RAND_DRBG(7)

+ +

HISTORY

+ +

The RAND_DRBG functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_reseed.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_reseed.html new file mode 100644 index 00000000..90c1015b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_reseed.html @@ -0,0 +1,91 @@ + + + + +RAND_DRBG_reseed + + + + + + + + + + +

NAME

+ +

RAND_DRBG_reseed, RAND_DRBG_set_reseed_interval, RAND_DRBG_set_reseed_time_interval, RAND_DRBG_set_reseed_defaults - reseed a RAND_DRBG instance

+ +

SYNOPSIS

+ +
#include <openssl/rand_drbg.h>
+
+int RAND_DRBG_reseed(RAND_DRBG *drbg,
+                     const unsigned char *adin, size_t adinlen,
+                     int prediction_resistance);
+
+int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg,
+                                  unsigned int interval);
+
+int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg,
+                                       time_t interval);
+
+int RAND_DRBG_set_reseed_defaults(
+                                  unsigned int master_reseed_interval,
+                                  unsigned int slave_reseed_interval,
+                                  time_t master_reseed_time_interval,
+                                  time_t slave_reseed_time_interval
+                                  );
+ +

DESCRIPTION

+ +

RAND_DRBG_reseed() reseeds the given drbg, obtaining entropy input from its entropy source and mixing in the specified additional data provided in the buffer adin of length adinlen. The additional data can be omitted by setting adin to NULL and adinlen to 0. An immediate reseeding from a live entropy source can be requested by setting the prediction_resistance flag to 1. This feature is not implemented yet, so reseeding with prediction resistance requested will always fail.

+ +

RAND_DRBG_set_reseed_interval() sets the reseed interval of the drbg, which is the maximum allowed number of generate requests between consecutive reseedings. If interval > 0, then the drbg will reseed automatically whenever the number of generate requests since its last seeding exceeds the given reseed interval. If interval == 0, then this feature is disabled.

+ +

RAND_DRBG_set_reseed_time_interval() sets the reseed time interval of the drbg, which is the maximum allowed number of seconds between consecutive reseedings. If interval > 0, then the drbg will reseed automatically whenever the elapsed time since its last reseeding exceeds the given reseed time interval. If interval == 0, then this feature is disabled.

+ +

RAND_DRBG_set_reseed_defaults() sets the default values for the reseed interval (master_reseed_interval and slave_reseed_interval) and the reseed time interval (master_reseed_time_interval and slave_reseed_tme_interval) of DRBG instances. The default values are set independently for master DRBG instances (which don't have a parent) and slave DRBG instances (which are chained to a parent DRBG).

+ +

RETURN VALUES

+ +

RAND_DRBG_reseed(), RAND_DRBG_set_reseed_interval(), and RAND_DRBG_set_reseed_time_interval(), return 1 on success, 0 on failure.

+ +

NOTES

+ +

The default OpenSSL random generator is already set up for automatic reseeding, so in general it is not necessary to reseed it explicitly, or to modify its reseeding thresholds.

+ +

Normally, the entropy input for seeding a DRBG is either obtained from a trusted os entropy source or from a parent DRBG instance, which was seeded (directly or indirectly) from a trusted os entropy source. In exceptional cases it is possible to replace the reseeding mechanism entirely by providing application defined callbacks using RAND_DRBG_set_callbacks().

+ +

The reseeding default values are applied only during creation of a DRBG instance. To ensure that they are applied to the global and thread-local DRBG instances (<master>, resp. <public> and <private>), it is necessary to call RAND_DRBG_set_reseed_defaults() before creating any thread and before calling any cryptographic routines that obtain random data directly or indirectly.

+ +

SEE ALSO

+ +

RAND_DRBG_generate(3), RAND_DRBG_bytes(3), RAND_DRBG_set_callbacks(3). RAND_DRBG(7)

+ +

HISTORY

+ +

The RAND_DRBG functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_set_callbacks.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_set_callbacks.html new file mode 100644 index 00000000..4d162b17 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_set_callbacks.html @@ -0,0 +1,120 @@ + + + + +RAND_DRBG_set_callbacks + + + + + + + + + + +

NAME

+ +

RAND_DRBG_set_callbacks, RAND_DRBG_get_entropy_fn, RAND_DRBG_cleanup_entropy_fn, RAND_DRBG_get_nonce_fn, RAND_DRBG_cleanup_nonce_fn - set callbacks for reseeding

+ +

SYNOPSIS

+ +
#include <openssl/rand_drbg.h>
+
+
+int RAND_DRBG_set_callbacks(RAND_DRBG *drbg,
+                            RAND_DRBG_get_entropy_fn get_entropy,
+                            RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
+                            RAND_DRBG_get_nonce_fn get_nonce,
+                            RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
+ +

Callback Functions

+ +
typedef size_t (*RAND_DRBG_get_entropy_fn)(
+                      RAND_DRBG *drbg,
+                      unsigned char **pout,
+                      int entropy,
+                      size_t min_len, size_t max_len,
+                      int prediction_resistance);
+
+typedef void (*RAND_DRBG_cleanup_entropy_fn)(
+                    RAND_DRBG *drbg,
+                    unsigned char *out, size_t outlen);
+
+typedef size_t (*RAND_DRBG_get_nonce_fn)(
+                      RAND_DRBG *drbg,
+                      unsigned char **pout,
+                      int entropy,
+                      size_t min_len, size_t max_len);
+
+typedef void (*RAND_DRBG_cleanup_nonce_fn)(
+                    RAND_DRBG *drbg,
+                    unsigned char *out, size_t outlen);
+ +

DESCRIPTION

+ +

RAND_DRBG_set_callbacks() sets the callbacks for obtaining fresh entropy and the nonce when reseeding the given drbg. The callback functions are implemented and provided by the caller. Their parameter lists need to match the function prototypes above.

+ +

Setting the callbacks is allowed only if the DRBG has not been initialized yet. Otherwise, the operation will fail. To change the settings for one of the three shared DRBGs it is necessary to call RAND_DRBG_uninstantiate() first.

+ +

The get_entropy() callback is called by the drbg when it requests fresh random input. It is expected that the callback allocates and fills a random buffer of size min_len <= size <= max_len (in bytes) which contains at least entropy bits of randomness. The prediction_resistance flag indicates whether the reseeding was triggered by a prediction resistance request.

+ +

The buffer's address is to be returned in *pout and the number of collected randomness bytes as return value.

+ +

If the callback fails to acquire at least entropy bits of randomness, it must indicate an error by returning a buffer length of 0.

+ +

If prediction_resistance was requested and the random source of the DRBG does not satisfy the conditions requested by [NIST SP 800-90C], then it must also indicate an error by returning a buffer length of 0. See NOTES section for more details.

+ +

The cleanup_entropy() callback is called from the drbg to to clear and free the buffer allocated previously by get_entropy(). The values out and outlen are the random buffer's address and length, as returned by the get_entropy() callback.

+ +

The get_nonce() and cleanup_nonce() callbacks are used to obtain a nonce and free it again. A nonce is only required for instantiation (not for reseeding) and only in the case where the DRBG uses a derivation function. The callbacks are analogous to get_entropy() and cleanup_entropy(), except for the missing prediction_resistance flag.

+ +

If the derivation function is disabled, then no nonce is used for instantiation, and the get_nonce() and cleanup_nonce() callbacks can be omitted by setting them to NULL.

+ +

RETURN VALUES

+ +

RAND_DRBG_set_callbacks() return 1 on success, and 0 on failure

+ +

NOTES

+ +

It is important that cleanup_entropy() and cleanup_nonce() clear the buffer contents safely before freeing it, in order not to leave sensitive information about the DRBG's state in memory.

+ +

A request for prediction resistance can only be satisfied by pulling fresh entropy from one of the approved entropy sources listed in section 5.5.2 of [NIST SP 800-90C]. Since the default implementation of the get_entropy callback does not have access to such an approved entropy source, a request for prediction resistance will always fail. In other words, prediction resistance is currently not supported yet by the DRBG.

+ +

The derivation function is disabled during initialization by calling the RAND_DRBG_set() function with the RAND_DRBG_FLAG_CTR_NO_DF flag. For more information on the derivation function and when it can be omitted, see [NIST SP 800-90A Rev. 1]. Roughly speaking it can be omitted if the random source has "full entropy", i.e., contains 8 bits of entropy per byte.

+ +

Even if a nonce is required, the get_nonce() and cleanup_nonce() callbacks can be omitted by setting them to NULL. In this case the DRBG will automatically request an extra amount of entropy (using the get_entropy() and cleanup_entropy() callbacks) which it will utilize for the nonce, following the recommendations of [NIST SP 800-90A Rev. 1], section 8.6.7.

+ +

SEE ALSO

+ +

RAND_DRBG_new(3), RAND_DRBG_reseed(3), RAND_DRBG(7)

+ +

HISTORY

+ +

The RAND_DRBG functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_set_ex_data.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_set_ex_data.html new file mode 100644 index 00000000..04f2c26d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_DRBG_set_ex_data.html @@ -0,0 +1,74 @@ + + + + +RAND_DRBG_set_ex_data + + + + + + + + + + +

NAME

+ +

RAND_DRBG_set_ex_data, RAND_DRBG_get_ex_data, RAND_DRBG_get_ex_new_index - store and retrieve extra data from the DRBG instance

+ +

SYNOPSIS

+ +
#include <openssl/rand_drbg.h>
+
+int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *data);
+
+void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx);
+
+int RAND_DRBG_get_ex_new_index(long argl, void *argp,
+                               CRYPTO_EX_new *new_func,
+                               CRYPTO_EX_dup *dup_func,
+                               CRYPTO_EX_free *free_func);
+ +

DESCRIPTION

+ +

RAND_DRBG_set_ex_data() enables an application to store arbitrary application specific data data in a RAND_DRBG instance drbg. The index idx should be a value previously returned from a call to RAND_DRBG_get_ex_new_index().

+ +

RAND_DRBG_get_ex_data() retrieves application specific data previously stored in an RAND_DRBG instance drbg. The idx value should be the same as that used when originally storing the data.

+ +

For more detailed information see CRYPTO_get_ex_data(3) and CRYPTO_set_ex_data(3) which implement these functions and CRYPTO_get_ex_new_index(3) for generating a unique index.

+ +

RETURN VALUES

+ +

RAND_DRBG_set_ex_data() returns 1 for success or 0 for failure.

+ +

RAND_DRBG_get_ex_data() returns the previously stored value or NULL on failure. NULL may also be a valid value.

+ +

NOTES

+ +

RAND_DRBG_get_ex_new_index(...) is implemented as a macro and equivalent to CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG,...).

+ +

SEE ALSO

+ +

CRYPTO_get_ex_data(3), CRYPTO_set_ex_data(3), CRYPTO_get_ex_new_index(3), RAND_DRBG(7)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_add.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_add.html new file mode 100644 index 00000000..ec1ce24b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_add.html @@ -0,0 +1,92 @@ + + + + +RAND_add + + + + + + + + + + +

NAME

+ +

RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, RAND_keep_random_devices_open - add randomness to the PRNG or get its status

+ +

SYNOPSIS

+ +
#include <openssl/rand.h>
+
+int RAND_status(void);
+int RAND_poll();
+
+void RAND_add(const void *buf, int num, double randomness);
+void RAND_seed(const void *buf, int num);
+
+void RAND_keep_random_devices_open(int keep);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10100000L
+int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
+void RAND_screen(void);
+#endif
+ +

DESCRIPTION

+ +

These functions can be used to seed the random generator and to check its seeded state. In general, manual (re-)seeding of the default OpenSSL random generator (RAND_OpenSSL(3)) is not necessary (but allowed), since it does (re-)seed itself automatically using trusted system entropy sources. This holds unless the default RAND_METHOD has been replaced or OpenSSL was built with automatic reseeding disabled, see RAND(7) for more details.

+ +

RAND_status() indicates whether or not the random generator has been sufficiently seeded. If not, functions such as RAND_bytes(3) will fail.

+ +

RAND_poll() uses the system's capabilities to seed the random generator using random input obtained from polling various trusted entropy sources. The default choice of the entropy source can be modified at build time, see RAND(7) for more details.

+ +

RAND_add() mixes the num bytes at buf into the internal state of the random generator. This function will not normally be needed, as mentioned above. The randomness argument is an estimate of how much randomness is contained in buf, in bytes, and should be a number between zero and num. Details about sources of randomness and how to estimate their randomness can be found in the literature; for example [NIST SP 800-90B]. The content of buf cannot be recovered from subsequent random generator output. Applications that intend to save and restore random state in an external file should consider using RAND_load_file(3) instead.

+ +

RAND_seed() is equivalent to RAND_add() with randomness set to num.

+ +

RAND_keep_random_devices_open() is used to control file descriptor usage by the random seed sources. Some seed sources maintain open file descriptors by default, which allows such sources to operate in a chroot(2) jail without the associated device nodes being available. When the keep argument is zero, this call disables the retention of file descriptors. Conversely, a non-zero argument enables the retention of file descriptors. This function is usually called during initialization and it takes effect immediately.

+ +

RAND_event() and RAND_screen() are equivalent to RAND_poll() and exist for compatibility reasons only. See HISTORY section below.

+ +

RETURN VALUES

+ +

RAND_status() returns 1 if the random generator has been seeded with enough data, 0 otherwise.

+ +

RAND_poll() returns 1 if it generated seed data, 0 otherwise.

+ +

RAND_event() returns RAND_status().

+ +

The other functions do not return values.

+ +

SEE ALSO

+ +

RAND_bytes(3), RAND_egd(3), RAND_load_file(3), RAND(7)

+ +

HISTORY

+ +

RAND_event() and RAND_screen() were deprecated in OpenSSL 1.1.0 and should not be used.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_bytes.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_bytes.html new file mode 100644 index 00000000..537a7015 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_bytes.html @@ -0,0 +1,87 @@ + + + + +RAND_bytes + + + + + + + + + + +

NAME

+ +

RAND_bytes, RAND_priv_bytes, RAND_pseudo_bytes - generate random data

+ +

SYNOPSIS

+ +
#include <openssl/rand.h>
+
+int RAND_bytes(unsigned char *buf, int num);
+int RAND_priv_bytes(unsigned char *buf, int num);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10100000L
+int RAND_pseudo_bytes(unsigned char *buf, int num);
+#endif
+ +

DESCRIPTION

+ +

RAND_bytes() generates num random bytes using a cryptographically secure pseudo random generator (CSPRNG) and stores them in buf.

+ +

RAND_priv_bytes() has the same semantics as RAND_bytes(). It is intended to be used for generating values that should remain private. If using the default RAND_METHOD, this function uses a separate "private" PRNG instance so that a compromise of the "public" PRNG instance will not affect the secrecy of these private values, as described in RAND(7) and RAND_DRBG(7).

+ +

NOTES

+ +

By default, the OpenSSL CSPRNG supports a security level of 256 bits, provided it was able to seed itself from a trusted entropy source. On all major platforms supported by OpenSSL (including the Unix-like platforms and Windows), OpenSSL is configured to automatically seed the CSPRNG on first use using the operating systems's random generator.

+ +

If the entropy source fails or is not available, the CSPRNG will enter an error state and refuse to generate random bytes. For that reason, it is important to always check the error return value of RAND_bytes() and RAND_priv_bytes() and not take randomness for granted.

+ +

On other platforms, there might not be a trusted entropy source available or OpenSSL might have been explicitly configured to use different entropy sources. If you are in doubt about the quality of the entropy source, don't hesitate to ask your operating system vendor or post a question on GitHub or the openssl-users mailing list.

+ +

RETURN VALUES

+ +

RAND_bytes() and RAND_priv_bytes() return 1 on success, -1 if not supported by the current RAND method, or 0 on other failure. The error code can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

RAND_add(3), RAND_bytes(3), RAND_priv_bytes(3), ERR_get_error(3), RAND(7), RAND_DRBG(7)

+ +

HISTORY

+ +
    + +
  • RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead.

    + +
  • +
  • The RAND_priv_bytes() function was added in OpenSSL 1.1.1.

    + +
  • +
+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_cleanup.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_cleanup.html new file mode 100644 index 00000000..8528cd60 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_cleanup.html @@ -0,0 +1,63 @@ + + + + +RAND_cleanup + + + + + + + + + + +

NAME

+ +

RAND_cleanup - erase the PRNG state

+ +

SYNOPSIS

+ +
#include <openssl/rand.h>
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void RAND_cleanup(void)
+#endif
+ +

DESCRIPTION

+ +

Prior to OpenSSL 1.1.0, RAND_cleanup() released all resources used by the PRNG. As of version 1.1.0, it does nothing and should not be called, since no explicit initialisation or de-initialisation is necessary. See OPENSSL_init_crypto(3).

+ +

RETURN VALUES

+ +

RAND_cleanup() returns no value.

+ +

SEE ALSO

+ +

RAND(7)

+ +

HISTORY

+ +

RAND_cleanup() was deprecated in OpenSSL 1.1.0; do not use it. See OPENSSL_init_crypto(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_egd.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_egd.html new file mode 100644 index 00000000..8a3ef6d3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_egd.html @@ -0,0 +1,67 @@ + + + + +RAND_egd + + + + + + + + + + +

NAME

+ +

RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes - query entropy gathering daemon

+ +

SYNOPSIS

+ +
#include <openssl/rand.h>
+
+int RAND_egd_bytes(const char *path, int num);
+int RAND_egd(const char *path);
+
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int num);
+ +

DESCRIPTION

+ +

On older platforms without a good source of randomness such as /dev/urandom, it is possible to query an Entropy Gathering Daemon (EGD) over a local socket to obtain randomness and seed the OpenSSL RNG. The protocol used is defined by the EGDs available at http://egd.sourceforge.net/ or http://prngd.sourceforge.net.

+ +

RAND_egd_bytes() requests num bytes of randomness from an EGD at the specified socket path, and passes the data it receives into RAND_add(). RAND_egd() is equivalent to RAND_egd_bytes() with num set to 255.

+ +

RAND_query_egd_bytes() requests num bytes of randomness from an EGD at the specified socket path, where num must be less than 256. If buf is NULL, it is equivalent to RAND_egd_bytes(). If buf is not NULL, then the data is copied to the buffer and RAND_add() is not called.

+ +

OpenSSL can be configured at build time to try to use the EGD for seeding automatically.

+ +

RETURN VALUES

+ +

RAND_egd() and RAND_egd_bytes() return the number of bytes read from the daemon on success, or -1 if the connection failed or the daemon did not return enough data to fully seed the PRNG.

+ +

RAND_query_egd_bytes() returns the number of bytes read from the daemon on success, or -1 if the connection failed.

+ +

SEE ALSO

+ +

RAND_add(3), RAND_bytes(3), RAND(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_load_file.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_load_file.html new file mode 100644 index 00000000..8e48e5ff --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_load_file.html @@ -0,0 +1,94 @@ + + + + +RAND_load_file + + + + + + + + + + +

NAME

+ +

RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file

+ +

SYNOPSIS

+ +
#include <openssl/rand.h>
+
+int RAND_load_file(const char *filename, long max_bytes);
+
+int RAND_write_file(const char *filename);
+
+const char *RAND_file_name(char *buf, size_t num);
+ +

DESCRIPTION

+ +

RAND_load_file() reads a number of bytes from file filename and adds them to the PRNG. If max_bytes is non-negative, up to max_bytes are read; if max_bytes is -1, the complete file is read. Do not load the same file multiple times unless its contents have been updated by RAND_write_file() between reads. Also, note that filename should be adequately protected so that an attacker cannot replace or examine the contents. If filename is not a regular file, then user is considered to be responsible for any side effects, e.g. non-anticipated blocking or capture of controlling terminal.

+ +

RAND_write_file() writes a number of random bytes (currently 128) to file filename which can be used to initialize the PRNG by calling RAND_load_file() in a later session.

+ +

RAND_file_name() generates a default path for the random seed file. buf points to a buffer of size num in which to store the filename.

+ +

On all systems, if the environment variable RANDFILE is set, its value will be used as the seed file name. Otherwise, the file is called .rnd, found in platform dependent locations:

+ +
+ +
On Windows (in order of preference)
+
+ +
%HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\
+ +
+
On VMS
+
+ +
SYS$LOGIN:
+ +
+
On all other systems
+
+ +
$HOME
+ +
+
+ +

If $HOME (on non-Windows and non-VMS system) is not set either, or num is too small for the path name, an error occurs.

+ +

RETURN VALUES

+ +

RAND_load_file() returns the number of bytes read or -1 on error.

+ +

RAND_write_file() returns the number of bytes written, or -1 if the bytes written were generated without appropriate seeding.

+ +

RAND_file_name() returns a pointer to buf on success, and NULL on error.

+ +

SEE ALSO

+ +

RAND_add(3), RAND_bytes(3), RAND(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_set_rand_method.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_set_rand_method.html new file mode 100644 index 00000000..c1a4a7a1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RAND_set_rand_method.html @@ -0,0 +1,82 @@ + + + + +RAND_set_rand_method + + + + + + + + + + +

NAME

+ +

RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL - select RAND method

+ +

SYNOPSIS

+ +
#include <openssl/rand.h>
+
+RAND_METHOD *RAND_OpenSSL(void);
+
+int RAND_set_rand_method(const RAND_METHOD *meth);
+
+const RAND_METHOD *RAND_get_rand_method(void);
+ +

DESCRIPTION

+ +

A RAND_METHOD specifies the functions that OpenSSL uses for random number generation.

+ +

RAND_OpenSSL() returns the default RAND_METHOD implementation by OpenSSL. This implementation ensures that the PRNG state is unique for each thread.

+ +

If an ENGINE is loaded that provides the RAND API, however, it will be used instead of the method returned by RAND_OpenSSL().

+ +

RAND_set_rand_method() makes meth the method for PRNG use. If an ENGINE was providing the method, it will be released first.

+ +

RAND_get_rand_method() returns a pointer to the current RAND_METHOD.

+ +

THE RAND_METHOD STRUCTURE

+ +
typedef struct rand_meth_st {
+    int (*seed)(const void *buf, int num);
+    int (*bytes)(unsigned char *buf, int num);
+    void (*cleanup)(void);
+    int (*add)(const void *buf, int num, double entropy);
+    int (*pseudorand)(unsigned char *buf, int num);
+    int (*status)(void);
+} RAND_METHOD;
+ +

The fields point to functions that are used by, in order, RAND_seed(), RAND_bytes(), internal RAND cleanup, RAND_add(), RAND_pseudo_rand() and RAND_status(). Each pointer may be NULL if the function is not implemented.

+ +

RETURN VALUES

+ +

RAND_set_rand_method() returns 1 on success and 0 on failure. RAND_get_rand_method() and RAND_OpenSSL() return pointers to the respective methods.

+ +

SEE ALSO

+ +

RAND_bytes(3), ENGINE_by_id(3), RAND(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RC4_set_key.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RC4_set_key.html new file mode 100644 index 00000000..1cd3445a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RC4_set_key.html @@ -0,0 +1,76 @@ + + + + +RC4_set_key + + + + + + + + + + +

NAME

+ +

RC4_set_key, RC4 - RC4 encryption

+ +

SYNOPSIS

+ +
#include <openssl/rc4.h>
+
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+
+void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+         unsigned char *outdata);
+ +

DESCRIPTION

+ +

This library implements the Alleged RC4 cipher, which is described for example in Applied Cryptography. It is believed to be compatible with RC4[TM], a proprietary cipher of RSA Security Inc.

+ +

RC4 is a stream cipher with variable key length. Typically, 128 bit (16 byte) keys are used for strong encryption, but shorter insecure key sizes have been widely used due to export restrictions.

+ +

RC4 consists of a key setup phase and the actual encryption or decryption phase.

+ +

RC4_set_key() sets up the RC4_KEY key using the len bytes long key at data.

+ +

RC4() encrypts or decrypts the len bytes of data at indata using key and places the result at outdata. Repeated RC4() calls with the same key yield a continuous key stream.

+ +

Since RC4 is a stream cipher (the input is XORed with a pseudo-random key stream to produce the output), decryption uses the same function calls as encryption.

+ +

RETURN VALUES

+ +

RC4_set_key() and RC4() do not return values.

+ +

NOTE

+ +

Applications should use the higher level functions EVP_EncryptInit(3) etc. instead of calling these functions directly.

+ +

It is difficult to securely use stream ciphers. For example, do not perform multiple encryptions using the same key stream.

+ +

SEE ALSO

+ +

EVP_EncryptInit(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RIPEMD160_Init.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RIPEMD160_Init.html new file mode 100644 index 00000000..4b500ea6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RIPEMD160_Init.html @@ -0,0 +1,83 @@ + + + + +RIPEMD160_Init + + + + + + + + + + +

NAME

+ +

RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final - RIPEMD-160 hash function

+ +

SYNOPSIS

+ +
#include <openssl/ripemd.h>
+
+unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+                         unsigned char *md);
+
+int RIPEMD160_Init(RIPEMD160_CTX *c);
+int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len);
+int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+ +

DESCRIPTION

+ +

RIPEMD-160 is a cryptographic hash function with a 160 bit output.

+ +

RIPEMD160() computes the RIPEMD-160 message digest of the n bytes at d and places it in md (which must have space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output). If md is NULL, the digest is placed in a static array.

+ +

The following functions may be used if the message is not completely stored in memory:

+ +

RIPEMD160_Init() initializes a RIPEMD160_CTX structure.

+ +

RIPEMD160_Update() can be called repeatedly with chunks of the message to be hashed (len bytes at data).

+ +

RIPEMD160_Final() places the message digest in md, which must have space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output, and erases the RIPEMD160_CTX.

+ +

RETURN VALUES

+ +

RIPEMD160() returns a pointer to the hash value.

+ +

RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() return 1 for success, 0 otherwise.

+ +

NOTE

+ +

Applications should use the higher level functions EVP_DigestInit(3) etc. instead of calling these functions directly.

+ +

CONFORMING TO

+ +

ISO/IEC 10118-3:2016 Dedicated Hash-Function 1 (RIPEMD-160).

+ +

SEE ALSO

+ +

EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_blinding_on.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_blinding_on.html new file mode 100644 index 00000000..31616b51 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_blinding_on.html @@ -0,0 +1,59 @@ + + + + +RSA_blinding_on + + + + + + + + + + +

NAME

+ +

RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+
+void RSA_blinding_off(RSA *rsa);
+ +

DESCRIPTION

+ +

RSA is vulnerable to timing attacks. In a setup where attackers can measure the time of RSA decryption or signature operations, blinding must be used to protect the RSA operation from that attack.

+ +

RSA_blinding_on() turns blinding on for key rsa and generates a random blinding factor. ctx is NULL or a pre-allocated and initialized BN_CTX.

+ +

RSA_blinding_off() turns blinding off and frees the memory used for the blinding factor.

+ +

RETURN VALUES

+ +

RSA_blinding_on() returns 1 on success, and 0 if an error occurred.

+ +

RSA_blinding_off() returns no value.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_check_key.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_check_key.html new file mode 100644 index 00000000..44b10932 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_check_key.html @@ -0,0 +1,81 @@ + + + + +RSA_check_key + + + + + + + + + + +

NAME

+ +

RSA_check_key_ex, RSA_check_key - validate private RSA keys

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb);
+
+int RSA_check_key(RSA *rsa);
+ +

DESCRIPTION

+ +

RSA_check_key_ex() function validates RSA keys. It checks that p and q are in fact prime, and that n = p*q.

+ +

It does not work on RSA public keys that have only the modulus and public exponent elements populated. It also checks that d*e = 1 mod (p-1*q-1), and that dmp1, dmq1 and iqmp are set correctly or are NULL. It performs integrity checks on all the RSA key material, so the RSA key structure must contain all the private key data too. Therefore, it cannot be used with any arbitrary RSA key object, even if it is otherwise fit for regular RSA operation.

+ +

The cb parameter is a callback that will be invoked in the same manner as BN_is_prime_ex(3).

+ +

RSA_check_key() is equivalent to RSA_check_key_ex() with a NULL cb.

+ +

RETURN VALUES

+ +

RSA_check_key_ex() and RSA_check_key() return 1 if rsa is a valid RSA key, and 0 otherwise. They return -1 if an error occurs while checking the key.

+ +

If the key is invalid or an error occurred, the reason code can be obtained using ERR_get_error(3).

+ +

NOTES

+ +

Unlike most other RSA functions, this function does not work transparently with any underlying ENGINE implementation because it uses the key data in the RSA structure directly. An ENGINE implementation can override the way key data is stored and handled, and can even provide support for HSM keys - in which case the RSA structure may contain no key data at all! If the ENGINE in question is only being used for acceleration or analysis purposes, then in all likelihood the RSA key data is complete and untouched, but this can't be assumed in the general case.

+ +

BUGS

+ +

A method of verifying the RSA key using opaque RSA API functions might need to be considered. Right now RSA_check_key() simply uses the RSA structure elements directly, bypassing the RSA_METHOD table altogether (and completely violating encapsulation and object-orientation in the process). The best fix will probably be to introduce a "check_key()" handler to the RSA_METHOD function table so that alternative implementations can also provide their own verifiers.

+ +

SEE ALSO

+ +

BN_is_prime_ex(3), ERR_get_error(3)

+ +

HISTORY

+ +

RSA_check_key_ex() appeared after OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_generate_key.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_generate_key.html new file mode 100644 index 00000000..86542050 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_generate_key.html @@ -0,0 +1,105 @@ + + + + +RSA_generate_key + + + + + + + + + + +

NAME

+ +

RSA_generate_key_ex, RSA_generate_key, RSA_generate_multi_prime_key - generate RSA key pair

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x00908000L
+RSA *RSA_generate_key(int bits, unsigned long e,
+                      void (*callback)(int, int, void *), void *cb_arg);
+#endif
+ +

DESCRIPTION

+ +

RSA_generate_key_ex() generates a 2-prime RSA key pair and stores it in the RSA structure provided in rsa. The pseudo-random number generator must be seeded prior to calling RSA_generate_key_ex().

+ +

RSA_generate_multi_prime_key() generates a multi-prime RSA key pair and stores it in the RSA structure provided in rsa. The number of primes is given by the primes parameter. The random number generator must be seeded when calling RSA_generate_multi_prime_key(). If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

The modulus size will be of length bits, the number of primes to form the modulus will be primes, and the public exponent will be e. Key sizes with num < 1024 should be considered insecure. The exponent is an odd number, typically 3, 17 or 65537.

+ +

In order to maintain adequate security level, the maximum number of permitted primes depends on modulus bit length:

+ +
<1024 | >=1024 | >=4096 | >=8192
+------+--------+--------+-------
+  2   |   3    |   4    |   5
+ +

A callback function may be used to provide feedback about the progress of the key generation. If cb is not NULL, it will be called as follows using the BN_GENCB_call() function described on the BN_generate_prime(3) page.

+ +

RSA_generate_key() is similar to RSA_generate_key_ex() but expects an old-style callback function; see BN_generate_prime(3) for information on the old-style callback.

+ +
    + +
  • While a random prime number is generated, it is called as described in BN_generate_prime(3).

    + +
  • +
  • When the n-th randomly generated prime is rejected as not suitable for the key, BN_GENCB_call(cb, 2, n) is called.

    + +
  • +
  • When a random p has been found with p-1 relatively prime to e, it is called as BN_GENCB_call(cb, 3, 0).

    + +
  • +
+ +

The process is then repeated for prime q and other primes (if any) with BN_GENCB_call(cb, 3, i) where i indicates the i-th prime.

+ +

RETURN VALUES

+ +

RSA_generate_multi_prime_key() returns 1 on success or 0 on error. RSA_generate_key_ex() returns 1 on success or 0 on error. The error codes can be obtained by ERR_get_error(3).

+ +

RSA_generate_key() returns a pointer to the RSA structure or NULL if the key generation fails.

+ +

BUGS

+ +

BN_GENCB_call(cb, 2, x) is used with two different meanings.

+ +

SEE ALSO

+ +

ERR_get_error(3), RAND_bytes(3), BN_generate_prime(3), RAND(7)

+ +

HISTORY

+ +

RSA_generate_key() was deprecated in OpenSSL 0.9.8; use RSA_generate_key_ex() instead.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_get0_key.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_get0_key.html new file mode 100644 index 00000000..a019eb14 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_get0_key.html @@ -0,0 +1,136 @@ + + + + +RSA_get0_key + + + + + + + + + + +

NAME

+ +

RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_get0_pss_params, RSA_clear_flags, RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, RSA_set0_multi_prime_params, RSA_get_version - Routines for getting and setting data in an RSA object

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+void RSA_get0_key(const RSA *r,
+                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
+void RSA_get0_crt_params(const RSA *r,
+                         const BIGNUM **dmp1, const BIGNUM **dmq1,
+                         const BIGNUM **iqmp);
+const BIGNUM *RSA_get0_n(const RSA *d);
+const BIGNUM *RSA_get0_e(const RSA *d);
+const BIGNUM *RSA_get0_d(const RSA *d);
+const BIGNUM *RSA_get0_p(const RSA *d);
+const BIGNUM *RSA_get0_q(const RSA *d);
+const BIGNUM *RSA_get0_dmp1(const RSA *r);
+const BIGNUM *RSA_get0_dmq1(const RSA *r);
+const BIGNUM *RSA_get0_iqmp(const RSA *r);
+const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r);
+void RSA_clear_flags(RSA *r, int flags);
+int RSA_test_flags(const RSA *r, int flags);
+void RSA_set_flags(RSA *r, int flags);
+ENGINE *RSA_get0_engine(RSA *r);
+int RSA_get_multi_prime_extra_count(const RSA *r);
+int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]);
+int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
+                                    const BIGNUM *coeffs[]);
+int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
+                               BIGNUM *coeffs[], int pnum);
+int RSA_get_version(RSA *r);
+ +

DESCRIPTION

+ +

An RSA object contains the components for the public and private key, n, e, d, p, q, dmp1, dmq1 and iqmp. n is the modulus common to both public and private key, e is the public exponent and d is the private exponent. p, q, dmp1, dmq1 and iqmp are the factors for the second representation of a private key (see PKCS#1 section 3 Key Types), where p and q are the first and second factor of n and dmp1, dmq1 and iqmp are the exponents and coefficient for CRT calculations.

+ +

For multi-prime RSA (defined in RFC 8017), there are also one or more 'triplet' in an RSA object. A triplet contains three members, r, d and t. r is the additional prime besides p and q. d and t are the exponent and coefficient for CRT calculations.

+ +

The n, e and d parameters can be obtained by calling RSA_get0_key(). If they have not been set yet, then *n, *e and *d will be set to NULL. Otherwise, they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed by the caller.

+ +

The n, e and d parameter values can be set by calling RSA_set0_key() and passing the new values for n, e and d as parameters to the function. The values n and e must be non-NULL the first time this function is called on a given RSA object. The value d may be NULL. On subsequent calls any of these values may be NULL which means the corresponding RSA field is left untouched. Calling this function transfers the memory management of the values to the RSA object, and therefore the values that have been passed in should not be freed by the caller after this function has been called.

+ +

In a similar fashion, the p and q parameters can be obtained and set with RSA_get0_factors() and RSA_set0_factors(), and the dmp1, dmq1 and iqmp parameters can be obtained and set with RSA_get0_crt_params() and RSA_set0_crt_params().

+ +

For RSA_get0_key(), RSA_get0_factors(), and RSA_get0_crt_params(), NULL value BIGNUM ** output parameters are permitted. The functions ignore NULL parameters but return values for other, non-NULL, parameters.

+ +

For multi-prime RSA, RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_params() can be used to obtain other primes and related CRT parameters. The return values are stored in an array of BIGNUM *. RSA_set0_multi_prime_params() sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient) into an RSA object.

+ +

Any of the values n, e, d, p, q, dmp1, dmq1, and iqmp can also be retrieved separately by the corresponding function RSA_get0_n(), RSA_get0_e(), RSA_get0_d(), RSA_get0_p(), RSA_get0_q(), RSA_get0_dmp1(), RSA_get0_dmq1(), and RSA_get0_iqmp(), respectively.

+ +

RSA_get0_pss_params() is used to retrieve the RSA-PSS parameters.

+ +

RSA_set_flags() sets the flags in the flags parameter on the RSA object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. RSA_test_flags() tests to see whether the flags passed in the flags parameter are currently set in the RSA object. Multiple flags can be tested in one go. All flags that are currently set are returned, or zero if none of the flags are set. RSA_clear_flags() clears the specified flags within the RSA object.

+ +

RSA_get0_engine() returns a handle to the ENGINE that has been set for this RSA object, or NULL if no such ENGINE has been set.

+ +

RSA_get_version() returns the version of an RSA object r.

+ +

NOTES

+ +

Values retrieved with RSA_get0_key() are owned by the RSA object used in the call and may therefore not be passed to RSA_set0_key(). If needed, duplicate the received value using BN_dup() and pass the duplicate. The same applies to RSA_get0_factors() and RSA_set0_factors() as well as RSA_get0_crt_params() and RSA_set0_crt_params().

+ +

The caller should obtain the size by calling RSA_get_multi_prime_extra_count() in advance and allocate sufficient buffer to store the return values before calling RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_params().

+ +

RSA_set0_multi_prime_params() always clears the original multi-prime triplets in RSA object r and assign the new set of triplets into it.

+ +

RETURN VALUES

+ +

RSA_set0_key(), RSA_set0_factors(), RSA_set0_crt_params() and RSA_set0_multi_prime_params() return 1 on success or 0 on failure.

+ +

RSA_get0_n(), RSA_get0_e(), RSA_get0_d(), RSA_get0_p(), RSA_get0_q(), RSA_get0_dmp1(), RSA_get0_dmq1(), and RSA_get0_iqmp() return the respective value.

+ +

RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_crt_params() return 1 on success or 0 on failure.

+ +

RSA_get_multi_prime_extra_count() returns two less than the number of primes in use, which is 0 for traditional RSA and the number of extra primes for multi-prime RSA.

+ +

RSA_get_version() returns RSA_ASN1_VERSION_MULTI for multi-prime RSA and RSA_ASN1_VERSION_DEFAULT for normal two-prime RSA, as defined in RFC 8017.

+ +

RSA_test_flags() returns the current state of the flags in the RSA object.

+ +

RSA_get0_engine() returns the ENGINE set for the RSA object or NULL if no ENGINE has been set.

+ +

SEE ALSO

+ +

RSA_new(3), RSA_size(3)

+ +

HISTORY

+ +

The RSA_get0_pss_params() function was added in OpenSSL 1.1.1e.

+ +

The RSA_get_multi_prime_extra_count(), RSA_get0_multi_prime_factors(), RSA_get0_multi_prime_crt_params(), RSA_set0_multi_prime_params(), and RSA_get_version() functions were added in OpenSSL 1.1.1.

+ +

Other functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_meth_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_meth_new.html new file mode 100644 index 00000000..4c144099 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_meth_new.html @@ -0,0 +1,202 @@ + + + + +RSA_meth_new + + + + + + + + + + +

NAME

+ +

RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, RSA_meth_get_pub_enc, RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen - Routines to build up RSA methods

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+RSA_METHOD *RSA_meth_new(const char *name, int flags);
+void RSA_meth_free(RSA_METHOD *meth);
+
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
+
+const char *RSA_meth_get0_name(const RSA_METHOD *meth);
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
+
+int RSA_meth_get_flags(const RSA_METHOD *meth);
+int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
+
+void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
+int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
+
+int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from,
+                                                    unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
+                         int (*pub_enc)(int flen, const unsigned char *from,
+                                        unsigned char *to, RSA *rsa,
+                                        int padding));
+
+int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
+                         int (*pub_dec)(int flen, const unsigned char *from,
+                                        unsigned char *to, RSA *rsa,
+                                        int padding));
+
+int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from,
+                                                     unsigned char *to, RSA *rsa,
+                                                     int padding);
+int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
+                          int (*priv_enc)(int flen, const unsigned char *from,
+                                          unsigned char *to, RSA *rsa, int padding));
+
+int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from,
+                                                     unsigned char *to, RSA *rsa,
+                                                     int padding);
+int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
+                          int (*priv_dec)(int flen, const unsigned char *from,
+                                          unsigned char *to, RSA *rsa, int padding));
+
+/* Can be null */
+int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i,
+                                                    RSA *rsa, BN_CTX *ctx);
+int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
+                         int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+                                        BN_CTX *ctx));
+
+/* Can be null */
+int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, const BIGNUM *a,
+                                                       const BIGNUM *p, const BIGNUM *m,
+                                                       BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
+                            int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a,
+                                              const BIGNUM *p, const BIGNUM *m,
+                                              BN_CTX *ctx, BN_MONT_CTX *m_ctx));
+
+/* called at new */
+int (*RSA_meth_get_init(const RSA_METHOD *meth) (RSA *rsa);
+int RSA_meth_set_init(RSA_METHOD *rsa, int (*init (RSA *rsa));
+
+/* called at free */
+int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
+int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish)(RSA *rsa));
+
+int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, const unsigned char *m,
+                                                 unsigned int m_length,
+                                                 unsigned char *sigret,
+                                                 unsigned int *siglen, const RSA *rsa);
+int RSA_meth_set_sign(RSA_METHOD *rsa,
+                      int (*sign)(int type, const unsigned char *m,
+                                  unsigned int m_length, unsigned char *sigret,
+                                  unsigned int *siglen, const RSA *rsa));
+
+int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, const unsigned char *m,
+                                                   unsigned int m_length,
+                                                   const unsigned char *sigbuf,
+                                                   unsigned int siglen, const RSA *rsa);
+int RSA_meth_set_verify(RSA_METHOD *rsa,
+                        int (*verify)(int dtype, const unsigned char *m,
+                                      unsigned int m_length,
+                                      const unsigned char *sigbuf,
+                                      unsigned int siglen, const RSA *rsa));
+
+int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e,
+                                                   BN_GENCB *cb);
+int RSA_meth_set_keygen(RSA_METHOD *rsa,
+                        int (*keygen)(RSA *rsa, int bits, BIGNUM *e,
+                                      BN_GENCB *cb));
+
+int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits,
+                                                               int primes, BIGNUM *e,
+                                                               BN_GENCB *cb);
+
+int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
+                                    int (*keygen) (RSA *rsa, int bits,
+                                                   int primes, BIGNUM *e,
+                                                   BN_GENCB *cb));
+ +

DESCRIPTION

+ +

The RSA_METHOD type is a structure used for the provision of custom RSA implementations. It provides a set of functions used by OpenSSL for the implementation of the various RSA capabilities. See the rsa page for more information.

+ +

RSA_meth_new() creates a new RSA_METHOD structure. It should be given a unique name and a set of flags. The name should be a NULL terminated string, which will be duplicated and stored in the RSA_METHOD object. It is the callers responsibility to free the original string. The flags will be used during the construction of a new RSA object based on this RSA_METHOD. Any new RSA object will have those flags set by default.

+ +

RSA_meth_dup() creates a duplicate copy of the RSA_METHOD object passed as a parameter. This might be useful for creating a new RSA_METHOD based on an existing one, but with some differences.

+ +

RSA_meth_free() destroys an RSA_METHOD structure and frees up any memory associated with it.

+ +

RSA_meth_get0_name() will return a pointer to the name of this RSA_METHOD. This is a pointer to the internal name string and so should not be freed by the caller. RSA_meth_set1_name() sets the name of the RSA_METHOD to name. The string is duplicated and the copy is stored in the RSA_METHOD structure, so the caller remains responsible for freeing the memory associated with the name.

+ +

RSA_meth_get_flags() returns the current value of the flags associated with this RSA_METHOD. RSA_meth_set_flags() provides the ability to set these flags.

+ +

The functions RSA_meth_get0_app_data() and RSA_meth_set0_app_data() provide the ability to associate implementation specific data with the RSA_METHOD. It is the application's responsibility to free this data before the RSA_METHOD is freed via a call to RSA_meth_free().

+ +

RSA_meth_get_sign() and RSA_meth_set_sign() get and set the function used for creating an RSA signature respectively. This function will be called in response to the application calling RSA_sign(). The parameters for the function have the same meaning as for RSA_sign().

+ +

RSA_meth_get_verify() and RSA_meth_set_verify() get and set the function used for verifying an RSA signature respectively. This function will be called in response to the application calling RSA_verify(). The parameters for the function have the same meaning as for RSA_verify().

+ +

RSA_meth_get_mod_exp() and RSA_meth_set_mod_exp() get and set the function used for CRT computations.

+ +

RSA_meth_get_bn_mod_exp() and RSA_meth_set_bn_mod_exp() get and set the function used for CRT computations, specifically the following value:

+ +
r = a ^ p mod m
+ +

Both the mod_exp() and bn_mod_exp() functions are called by the default OpenSSL method during encryption, decryption, signing and verification.

+ +

RSA_meth_get_init() and RSA_meth_set_init() get and set the function used for creating a new RSA instance respectively. This function will be called in response to the application calling RSA_new() (if the current default RSA_METHOD is this one) or RSA_new_method(). The RSA_new() and RSA_new_method() functions will allocate the memory for the new RSA object, and a pointer to this newly allocated structure will be passed as a parameter to the function. This function may be NULL.

+ +

RSA_meth_get_finish() and RSA_meth_set_finish() get and set the function used for destroying an instance of an RSA object respectively. This function will be called in response to the application calling RSA_free(). A pointer to the RSA to be destroyed is passed as a parameter. The destroy function should be used for RSA implementation specific clean up. The memory for the RSA itself should not be freed by this function. This function may be NULL.

+ +

RSA_meth_get_keygen() and RSA_meth_set_keygen() get and set the function used for generating a new RSA key pair respectively. This function will be called in response to the application calling RSA_generate_key_ex(). The parameter for the function has the same meaning as for RSA_generate_key_ex().

+ +

RSA_meth_get_multi_prime_keygen() and RSA_meth_set_multi_prime_keygen() get and set the function used for generating a new multi-prime RSA key pair respectively. This function will be called in response to the application calling RSA_generate_multi_prime_key(). The parameter for the function has the same meaning as for RSA_generate_multi_prime_key().

+ +

RSA_meth_get_pub_enc(), RSA_meth_set_pub_enc(), RSA_meth_get_pub_dec(), RSA_meth_set_pub_dec(), RSA_meth_get_priv_enc(), RSA_meth_set_priv_enc(), RSA_meth_get_priv_dec(), RSA_meth_set_priv_dec() get and set the functions used for public and private key encryption and decryption. These functions will be called in response to the application calling RSA_public_encrypt(), RSA_private_decrypt(), RSA_private_encrypt() and RSA_public_decrypt() and take the same parameters as those.

+ +

RETURN VALUES

+ +

RSA_meth_new() and RSA_meth_dup() return the newly allocated RSA_METHOD object or NULL on failure.

+ +

RSA_meth_get0_name() and RSA_meth_get_flags() return the name and flags associated with the RSA_METHOD respectively.

+ +

All other RSA_meth_get_*() functions return the appropriate function pointer that has been set in the RSA_METHOD, or NULL if no such pointer has yet been set.

+ +

RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on success or 0 on failure.

+ +

SEE ALSO

+ +

RSA_new(3), RSA_generate_key_ex(3), RSA_sign(3), RSA_set_method(3), RSA_size(3), RSA_get0_key(3), RSA_generate_multi_prime_key(3)

+ +

HISTORY

+ +

RSA_meth_get_multi_prime_keygen() and RSA_meth_set_multi_prime_keygen() were added in OpenSSL 1.1.1.

+ +

Other functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_new.html new file mode 100644 index 00000000..82eefc8a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_new.html @@ -0,0 +1,62 @@ + + + + +RSA_new + + + + + + + + + + +

NAME

+ +

RSA_new, RSA_free - allocate and free RSA objects

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+RSA *RSA_new(void);
+
+void RSA_free(RSA *rsa);
+ +

DESCRIPTION

+ +

RSA_new() allocates and initializes an RSA structure. It is equivalent to calling RSA_new_method(NULL).

+ +

RSA_free() frees the RSA structure and its components. The key is erased before the memory is returned to the system. If rsa is NULL nothing is done.

+ +

RETURN VALUES

+ +

If the allocation fails, RSA_new() returns NULL and sets an error code that can be obtained by ERR_get_error(3). Otherwise it returns a pointer to the newly allocated structure.

+ +

RSA_free() returns no value.

+ +

SEE ALSO

+ +

ERR_get_error(3), RSA_generate_key(3), RSA_new_method(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_padding_add_PKCS1_type_1.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_padding_add_PKCS1_type_1.html new file mode 100644 index 00000000..961981b9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_padding_add_PKCS1_type_1.html @@ -0,0 +1,149 @@ + + + + +RSA_padding_add_PKCS1_type_1 + + + + + + + + + + +

NAME

+ +

RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption padding

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl);
+
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+                                   const unsigned char *f, int fl, int rsa_len);
+
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl);
+
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+                                   const unsigned char *f, int fl, int rsa_len);
+
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+                               const unsigned char *f, int fl,
+                               const unsigned char *p, int pl);
+
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl, int rsa_len,
+                                 const unsigned char *p, int pl);
+
+int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                    const unsigned char *f, int fl,
+                                    const unsigned char *p, int pl,
+                                    const EVP_MD *md, const EVP_MD *mgf1md);
+
+int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                      const unsigned char *f, int fl, int rsa_len,
+                                      const unsigned char *p, int pl,
+                                      const EVP_MD *md, const EVP_MD *mgf1md);
+
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl);
+
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+                             const unsigned char *f, int fl, int rsa_len);
+
+int RSA_padding_add_none(unsigned char *to, int tlen,
+                         const unsigned char *f, int fl);
+
+int RSA_padding_check_none(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl, int rsa_len);
+ +

DESCRIPTION

+ +

The RSA_padding_xxx_xxx() functions are called from the RSA encrypt, decrypt, sign and verify functions. Normally they should not be called from application programs.

+ +

However, they can also be called directly to implement padding for other asymmetric ciphers. RSA_padding_add_PKCS1_OAEP() and RSA_padding_check_PKCS1_OAEP() may be used in an application combined with RSA_NO_PADDING in order to implement OAEP with an encoding parameter.

+ +

RSA_padding_add_xxx() encodes fl bytes from f so as to fit into tlen bytes and stores the result at to. An error occurs if fl does not meet the size requirements of the encoding method.

+ +

The following encoding methods are implemented:

+ +
+ +
PKCS1_type_1
+
+ +

PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); used for signatures

+ +
+
PKCS1_type_2
+
+ +

PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2)

+ +
+
PKCS1_OAEP
+
+ +

PKCS #1 v2.0 EME-OAEP

+ +
+
SSLv23
+
+ +

PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification

+ +
+
none
+
+ +

simply copy the data

+ +
+
+ +

The random number generator must be seeded prior to calling RSA_padding_add_xxx(). If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

RSA_padding_check_xxx() verifies that the fl bytes at f contain a valid encoding for a rsa_len byte RSA key in the respective encoding method and stores the recovered data of at most tlen bytes (for RSA_NO_PADDING: of size tlen) at to.

+ +

For RSA_padding_xxx_OAEP(), p points to the encoding parameter of length pl. p may be NULL if pl is 0.

+ +

For RSA_padding_xxx_OAEP_mgf1(), md points to the md hash, if md is NULL that means md=sha1, and mgf1md points to the mgf1 hash, if mgf1md is NULL that means mgf1md=md.

+ +

RETURN VALUES

+ +

The RSA_padding_add_xxx() functions return 1 on success, 0 on error. The RSA_padding_check_xxx() functions return the length of the recovered data, -1 on error. Error codes can be obtained by calling ERR_get_error(3).

+ +

WARNINGS

+ +

The result of RSA_padding_check_PKCS1_type_2() is a very sensitive information which can potentially be used to mount a Bleichenbacher padding oracle attack. This is an inherent weakness in the PKCS #1 v1.5 padding design. Prefer PKCS1_OAEP padding. If that is not possible, the result of RSA_padding_check_PKCS1_type_2() should be checked in constant time if it matches the expected length of the plaintext and additionally some application specific consistency checks on the plaintext need to be performed in constant time. If the plaintext is rejected it must be kept secret which of the checks caused the application to reject the message. Do not remove the zero-padding from the decrypted raw RSA data which was computed by RSA_private_decrypt() with RSA_NO_PADDING, as this would create a small timing side channel which could be used to mount a Bleichenbacher attack against any padding mode including PKCS1_OAEP.

+ +

SEE ALSO

+ +

RSA_public_encrypt(3), RSA_private_decrypt(3), RSA_sign(3), RSA_verify(3), RAND(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_print.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_print.html new file mode 100644 index 00000000..26bf0ce6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_print.html @@ -0,0 +1,71 @@ + + + + +RSA_print + + + + + + + + + + +

NAME

+ +

RSA_print, RSA_print_fp, DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic parameters

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_print(BIO *bp, RSA *x, int offset);
+int RSA_print_fp(FILE *fp, RSA *x, int offset);
+
+#include <openssl/dsa.h>
+
+int DSAparams_print(BIO *bp, DSA *x);
+int DSAparams_print_fp(FILE *fp, DSA *x);
+int DSA_print(BIO *bp, DSA *x, int offset);
+int DSA_print_fp(FILE *fp, DSA *x, int offset);
+
+#include <openssl/dh.h>
+
+int DHparams_print(BIO *bp, DH *x);
+int DHparams_print_fp(FILE *fp, DH *x);
+ +

DESCRIPTION

+ +

A human-readable hexadecimal output of the components of the RSA key, DSA parameters or key or DH parameters is printed to bp or fp.

+ +

The output lines are indented by offset spaces.

+ +

RETURN VALUES

+ +

These functions return 1 on success, 0 on error.

+ +

SEE ALSO

+ +

BN_bn2bin(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_private_encrypt.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_private_encrypt.html new file mode 100644 index 00000000..f8ffeb19 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_private_encrypt.html @@ -0,0 +1,84 @@ + + + + +RSA_private_encrypt + + + + + + + + + + +

NAME

+ +

RSA_private_encrypt, RSA_public_decrypt - low level signature operations

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_private_encrypt(int flen, unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+
+int RSA_public_decrypt(int flen, unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+ +

DESCRIPTION

+ +

These functions handle RSA signatures at a low level.

+ +

RSA_private_encrypt() signs the flen bytes at from (usually a message digest with an algorithm identifier) using the private key rsa and stores the signature in to. to must point to RSA_size(rsa) bytes of memory.

+ +

padding denotes one of the following modes:

+ +
+ +
RSA_PKCS1_PADDING
+
+ +

PKCS #1 v1.5 padding. This function does not handle the algorithmIdentifier specified in PKCS #1. When generating or verifying PKCS #1 signatures, RSA_sign(3) and RSA_verify(3) should be used.

+ +
+
RSA_NO_PADDING
+
+ +

Raw RSA signature. This mode should only be used to implement cryptographically sound padding modes in the application code. Signing user data directly with RSA is insecure.

+ +
+
+ +

RSA_public_decrypt() recovers the message digest from the flen bytes long signature at from using the signer's public key rsa. to must point to a memory section large enough to hold the message digest (which is smaller than RSA_size(rsa) - 11). padding is the padding mode that was used to sign the data.

+ +

RETURN VALUES

+ +

RSA_private_encrypt() returns the size of the signature (i.e., RSA_size(rsa)). RSA_public_decrypt() returns the size of the recovered message digest.

+ +

On error, -1 is returned; the error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), RSA_sign(3), RSA_verify(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_public_encrypt.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_public_encrypt.html new file mode 100644 index 00000000..25524612 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_public_encrypt.html @@ -0,0 +1,106 @@ + + + + +RSA_public_encrypt + + + + + + + + + + +

NAME

+ +

RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_public_encrypt(int flen, const unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+
+int RSA_private_decrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+ +

DESCRIPTION

+ +

RSA_public_encrypt() encrypts the flen bytes at from (usually a session key) using the public key rsa and stores the ciphertext in to. to must point to RSA_size(rsa) bytes of memory.

+ +

padding denotes one of the following modes:

+ +
+ +
RSA_PKCS1_PADDING
+
+ +

PKCS #1 v1.5 padding. This currently is the most widely used mode. However, it is highly recommended to use RSA_PKCS1_OAEP_PADDING in new applications. SEE WARNING BELOW.

+ +
+
RSA_PKCS1_OAEP_PADDING
+
+ +

EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty encoding parameter. This mode is recommended for all new applications.

+ +
+
RSA_SSLV23_PADDING
+
+ +

PKCS #1 v1.5 padding with an SSL-specific modification that denotes that the server is SSL3 capable.

+ +
+
RSA_NO_PADDING
+
+ +

Raw RSA encryption. This mode should only be used to implement cryptographically sound padding modes in the application code. Encrypting user data directly with RSA is insecure.

+ +
+
+ +

flen must not be more than RSA_size(rsa) - 11 for the PKCS #1 v1.5 based padding modes, not more than RSA_size(rsa) - 42 for RSA_PKCS1_OAEP_PADDING and exactly RSA_size(rsa) for RSA_NO_PADDING. When a padding mode other than RSA_NO_PADDING is in use, then RSA_public_encrypt() will include some random bytes into the ciphertext and therefore the ciphertext will be different each time, even if the plaintext and the public key are exactly identical. The returned ciphertext in to will always be zero padded to exactly RSA_size(rsa) bytes. to and from may overlap.

+ +

RSA_private_decrypt() decrypts the flen bytes at from using the private key rsa and stores the plaintext in to. flen should be equal to RSA_size(rsa) but may be smaller, when leading zero bytes are in the ciphertext. Those are not important and may be removed, but RSA_public_encrypt() does not do that. to must point to a memory section large enough to hold the maximal possible decrypted data (which is equal to RSA_size(rsa) for RSA_NO_PADDING, RSA_size(rsa) - 11 for the PKCS #1 v1.5 based padding modes and RSA_size(rsa) - 42 for RSA_PKCS1_OAEP_PADDING). padding is the padding mode that was used to encrypt the data. to and from may overlap.

+ +

RETURN VALUES

+ +

RSA_public_encrypt() returns the size of the encrypted data (i.e., RSA_size(rsa)). RSA_private_decrypt() returns the size of the recovered plaintext. A return value of 0 is not an error and means only that the plaintext was empty.

+ +

On error, -1 is returned; the error codes can be obtained by ERR_get_error(3).

+ +

WARNINGS

+ +

Decryption failures in the RSA_PKCS1_PADDING mode leak information which can potentially be used to mount a Bleichenbacher padding oracle attack. This is an inherent weakness in the PKCS #1 v1.5 padding design. Prefer RSA_PKCS1_OAEP_PADDING.

+ +

CONFORMING TO

+ +

SSL, PKCS #1 v2.0

+ +

SEE ALSO

+ +

ERR_get_error(3), RAND_bytes(3), RSA_size(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_set_method.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_set_method.html new file mode 100644 index 00000000..b45f26bc --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_set_method.html @@ -0,0 +1,161 @@ + + + + +RSA_set_method + + + + + + + + + + +

NAME

+ +

RSA_set_default_method, RSA_get_default_method, RSA_set_method, RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, RSA_new_method - select RSA method

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+void RSA_set_default_method(const RSA_METHOD *meth);
+
+RSA_METHOD *RSA_get_default_method(void);
+
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+
+RSA_METHOD *RSA_get_method(const RSA *rsa);
+
+RSA_METHOD *RSA_PKCS1_OpenSSL(void);
+
+int RSA_flags(const RSA *rsa);
+
+RSA *RSA_new_method(ENGINE *engine);
+ +

DESCRIPTION

+ +

An RSA_METHOD specifies the functions that OpenSSL uses for RSA operations. By modifying the method, alternative implementations such as hardware accelerators may be used. IMPORTANT: See the NOTES section for important information about how these RSA API functions are affected by the use of ENGINE API calls.

+ +

Initially, the default RSA_METHOD is the OpenSSL internal implementation, as returned by RSA_PKCS1_OpenSSL().

+ +

RSA_set_default_method() makes meth the default method for all RSA structures created later. NB: This is true only whilst no ENGINE has been set as a default for RSA, so this function is no longer recommended. This function is not thread-safe and should not be called at the same time as other OpenSSL functions.

+ +

RSA_get_default_method() returns a pointer to the current default RSA_METHOD. However, the meaningfulness of this result is dependent on whether the ENGINE API is being used, so this function is no longer recommended.

+ +

RSA_set_method() selects meth to perform all operations using the key rsa. This will replace the RSA_METHOD used by the RSA key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have RSA keys that only work with certain RSA_METHOD implementations (eg. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the RSA_METHOD for the key can have unexpected results.

+ +

RSA_get_method() returns a pointer to the RSA_METHOD being used by rsa. This method may or may not be supplied by an ENGINE implementation, but if it is, the return value can only be guaranteed to be valid as long as the RSA key itself is valid and does not have its implementation changed by RSA_set_method().

+ +

RSA_flags() returns the flags that are set for rsa's current RSA_METHOD. See the BUGS section.

+ +

RSA_new_method() allocates and initializes an RSA structure so that engine will be used for the RSA operations. If engine is NULL, the default ENGINE for RSA operations is used, and if no default ENGINE is set, the RSA_METHOD controlled by RSA_set_default_method() is used.

+ +

RSA_flags() returns the flags that are set for rsa's current method.

+ +

RSA_new_method() allocates and initializes an RSA structure so that method will be used for the RSA operations. If method is NULL, the default method is used.

+ +

THE RSA_METHOD STRUCTURE

+ +
typedef struct rsa_meth_st
+{
+    /* name of the implementation */
+    const char *name;
+
+    /* encrypt */
+    int (*rsa_pub_enc)(int flen, unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+
+    /* verify arbitrary data */
+    int (*rsa_pub_dec)(int flen, unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+
+    /* sign arbitrary data */
+    int (*rsa_priv_enc)(int flen, unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+
+    /* decrypt */
+    int (*rsa_priv_dec)(int flen, unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+
+    /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some implementations) */
+    int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+
+    /* compute r = a ^ p mod m (May be NULL for some implementations) */
+    int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+    /* called at RSA_new */
+    int (*init)(RSA *rsa);
+
+    /* called at RSA_free */
+    int (*finish)(RSA *rsa);
+
+    /*
+     * RSA_FLAG_EXT_PKEY        - rsa_mod_exp is called for private key
+     *                            operations, even if p,q,dmp1,dmq1,iqmp
+     *                            are NULL
+     * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
+     */
+    int flags;
+
+    char *app_data; /* ?? */
+
+    int (*rsa_sign)(int type,
+                    const unsigned char *m, unsigned int m_length,
+                    unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+    int (*rsa_verify)(int dtype,
+                      const unsigned char *m, unsigned int m_length,
+                      const unsigned char *sigbuf, unsigned int siglen,
+                      const RSA *rsa);
+    /* keygen. If NULL builtin RSA key generation will be used */
+    int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+
+} RSA_METHOD;
+ +

RETURN VALUES

+ +

RSA_PKCS1_OpenSSL(), RSA_PKCS1_null_method(), RSA_get_default_method() and RSA_get_method() return pointers to the respective RSA_METHODs.

+ +

RSA_set_default_method() returns no value.

+ +

RSA_set_method() returns a pointer to the old RSA_METHOD implementation that was replaced. However, this return value should probably be ignored because if it was supplied by an ENGINE, the pointer could be invalidated at any time if the ENGINE is unloaded (in fact it could be unloaded as a result of the RSA_set_method() function releasing its handle to the ENGINE). For this reason, the return type may be replaced with a void declaration in a future release.

+ +

RSA_new_method() returns NULL and sets an error code that can be obtained by ERR_get_error(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure.

+ +

BUGS

+ +

The behaviour of RSA_flags() is a mis-feature that is left as-is for now to avoid creating compatibility problems. RSA functionality, such as the encryption functions, are controlled by the flags value in the RSA key itself, not by the flags value in the RSA_METHOD attached to the RSA key (which is what this function returns). If the flags element of an RSA key is changed, the changes will be honoured by RSA functionality but will not be reflected in the return value of the RSA_flags() function - in effect RSA_flags() behaves more like an RSA_default_flags() function (which does not currently exist).

+ +

SEE ALSO

+ +

RSA_new(3)

+ +

HISTORY

+ +

The RSA_null_method(), which was a partial attempt to avoid patent issues, was replaced to always return NULL in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_sign.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_sign.html new file mode 100644 index 00000000..bc6d974c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_sign.html @@ -0,0 +1,71 @@ + + + + +RSA_sign + + + + + + + + + + +

NAME

+ +

RSA_sign, RSA_verify - RSA signatures

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+             unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+
+int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
+               unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+ +

DESCRIPTION

+ +

RSA_sign() signs the message digest m of size m_len using the private key rsa using RSASSA-PKCS1-v1_5 as specified in RFC 3447. It stores the signature in sigret and the signature size in siglen. sigret must point to RSA_size(rsa) bytes of memory. Note that PKCS #1 adds meta-data, placing limits on the size of the key that can be used. See RSA_private_encrypt(3) for lower-level operations.

+ +

type denotes the message digest algorithm that was used to generate m. If type is NID_md5_sha1, an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding and no algorithm identifier) is created.

+ +

RSA_verify() verifies that the signature sigbuf of size siglen matches a given message digest m of size m_len. type denotes the message digest algorithm that was used to generate the signature. rsa is the signer's public key.

+ +

RETURN VALUES

+ +

RSA_sign() returns 1 on success. RSA_verify() returns 1 on successful verification.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

CONFORMING TO

+ +

SSL, PKCS #1 v2.0

+ +

SEE ALSO

+ +

ERR_get_error(3), RSA_private_encrypt(3), RSA_public_decrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_sign_ASN1_OCTET_STRING.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_sign_ASN1_OCTET_STRING.html new file mode 100644 index 00000000..43e53e8a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_sign_ASN1_OCTET_STRING.html @@ -0,0 +1,75 @@ + + + + +RSA_sign_ASN1_OCTET_STRING + + + + + + + + + + +

NAME

+ +

RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+                               unsigned int m_len, unsigned char *sigret,
+                               unsigned int *siglen, RSA *rsa);
+
+int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+                                 unsigned int m_len, unsigned char *sigbuf,
+                                 unsigned int siglen, RSA *rsa);
+ +

DESCRIPTION

+ +

RSA_sign_ASN1_OCTET_STRING() signs the octet string m of size m_len using the private key rsa represented in DER using PKCS #1 padding. It stores the signature in sigret and the signature size in siglen. sigret must point to RSA_size(rsa) bytes of memory.

+ +

dummy is ignored.

+ +

The random number generator must be seeded when calling RSA_sign_ASN1_OCTET_STRING(). If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

RSA_verify_ASN1_OCTET_STRING() verifies that the signature sigbuf of size siglen is the DER representation of a given octet string m of size m_len. dummy is ignored. rsa is the signer's public key.

+ +

RETURN VALUES

+ +

RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise. RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0 otherwise.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

BUGS

+ +

These functions serve no recognizable purpose.

+ +

SEE ALSO

+ +

ERR_get_error(3), RAND_bytes(3), RSA_sign(3), RSA_verify(3), RAND(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_size.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_size.html new file mode 100644 index 00000000..03067d92 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/RSA_size.html @@ -0,0 +1,75 @@ + + + + +RSA_size + + + + + + + + + + +

NAME

+ +

RSA_size, RSA_bits, RSA_security_bits - get RSA modulus size or security bits

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_size(const RSA *rsa);
+
+int RSA_bits(const RSA *rsa);
+
+int RSA_security_bits(const RSA *rsa)
+ +

DESCRIPTION

+ +

RSA_size() returns the RSA modulus size in bytes. It can be used to determine how much memory must be allocated for an RSA encrypted value.

+ +

RSA_bits() returns the number of significant bits.

+ +

rsa and rsa->n must not be NULL.

+ +

RSA_security_bits() returns the number of security bits of the given rsa key. See BN_security_bits(3).

+ +

RETURN VALUES

+ +

RSA_size() returns the size of modulus in bytes.

+ +

DSA_bits() returns the number of bits in the key.

+ +

RSA_security_bits() returns the number of security bits.

+ +

SEE ALSO

+ +

BN_num_bits(3)

+ +

HISTORY

+ +

The RSA_bits() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SCT_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SCT_new.html new file mode 100644 index 00000000..6be46be9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SCT_new.html @@ -0,0 +1,199 @@ + + + + +SCT_new + + + + + + + + + + +

NAME

+ +

SCT_new, SCT_new_from_base64, SCT_free, SCT_LIST_free, SCT_get_version, SCT_set_version, SCT_get_log_entry_type, SCT_set_log_entry_type, SCT_get0_log_id, SCT_set0_log_id, SCT_set1_log_id, SCT_get_timestamp, SCT_set_timestamp, SCT_get_signature_nid, SCT_set_signature_nid, SCT_get0_signature, SCT_set0_signature, SCT_set1_signature, SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions, SCT_get_source, SCT_set_source - A Certificate Transparency Signed Certificate Timestamp

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+typedef enum {
+    CT_LOG_ENTRY_TYPE_NOT_SET = -1,
+    CT_LOG_ENTRY_TYPE_X509 = 0,
+    CT_LOG_ENTRY_TYPE_PRECERT = 1
+} ct_log_entry_type_t;
+
+typedef enum {
+    SCT_VERSION_NOT_SET = -1,
+    SCT_VERSION_V1 = 0
+} sct_version_t;
+
+typedef enum {
+    SCT_SOURCE_UNKNOWN,
+    SCT_SOURCE_TLS_EXTENSION,
+    SCT_SOURCE_X509V3_EXTENSION,
+    SCT_SOURCE_OCSP_STAPLED_RESPONSE
+} sct_source_t;
+
+SCT *SCT_new(void);
+SCT *SCT_new_from_base64(unsigned char version,
+                         const char *logid_base64,
+                         ct_log_entry_type_t entry_type,
+                         uint64_t timestamp,
+                         const char *extensions_base64,
+                         const char *signature_base64);
+
+void SCT_free(SCT *sct);
+void SCT_LIST_free(STACK_OF(SCT) *a);
+
+sct_version_t SCT_get_version(const SCT *sct);
+int SCT_set_version(SCT *sct, sct_version_t version);
+
+ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct);
+int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type);
+
+size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id);
+int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len);
+int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len);
+
+uint64_t SCT_get_timestamp(const SCT *sct);
+void SCT_set_timestamp(SCT *sct, uint64_t timestamp);
+
+int SCT_get_signature_nid(const SCT *sct);
+int SCT_set_signature_nid(SCT *sct, int nid);
+
+size_t SCT_get0_signature(const SCT *sct, unsigned char **sig);
+void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len);
+int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len);
+
+size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext);
+void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len);
+int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len);
+
+sct_source_t SCT_get_source(const SCT *sct);
+int SCT_set_source(SCT *sct, sct_source_t source);
+ +

DESCRIPTION

+ +

Signed Certificate Timestamps (SCTs) are defined by RFC 6962, Section 3.2. They constitute a promise by a Certificate Transparency (CT) log to publicly record a certificate. By cryptographically verifying that a log did indeed issue an SCT, some confidence can be gained that the certificate is publicly known.

+ +

An internal representation of an SCT can be created in one of two ways. The first option is to create a blank SCT, using SCT_new(), and then populate it using:

+ +
    + +
  • SCT_set_version() to set the SCT version.

    + +

    Only SCT_VERSION_V1 is currently supported.

    + +
  • +
  • SCT_set_log_entry_type() to set the type of certificate the SCT was issued for:

    + +

    CT_LOG_ENTRY_TYPE_X509 for a normal certificate. CT_LOG_ENTRY_TYPE_PRECERT for a pre-certificate.

    + +
  • +
  • SCT_set0_log_id() or SCT_set1_log_id() to set the LogID of the CT log that the SCT came from.

    + +

    The former takes ownership, whereas the latter makes a copy. See RFC 6962, Section 3.2 for the definition of LogID.

    + +
  • +
  • SCT_set_timestamp() to set the time the SCT was issued (epoch time in milliseconds).

    + +
  • +
  • SCT_set_signature_nid() to set the NID of the signature.

    + +
  • +
  • SCT_set0_signature() or SCT_set1_signature() to set the raw signature value.

    + +

    The former takes ownership, whereas the latter makes a copy.

    + +
  • +
  • SCT_set0_extensions() or SCT_set1_extensions to provide SCT extensions.

    + +

    The former takes ownership, whereas the latter makes a copy.

    + +
  • +
+ +

Alternatively, the SCT can be pre-populated from the following data using SCT_new_from_base64():

+ +
    + +
  • The SCT version (only SCT_VERSION_V1 is currently supported).

    + +
  • +
  • The LogID (see RFC 6962, Section 3.2), base64 encoded.

    + +
  • +
  • The type of certificate the SCT was issued for: CT_LOG_ENTRY_TYPE_X509 for a normal certificate. CT_LOG_ENTRY_TYPE_PRECERT for a pre-certificate.

    + +
  • +
  • The time that the SCT was issued (epoch time in milliseconds).

    + +
  • +
  • The SCT extensions, base64 encoded.

    + +
  • +
  • The SCT signature, base64 encoded.

    + +
  • +
+ +

SCT_set_source() can be used to record where the SCT was found (TLS extension, X.509 certificate extension or OCSP response). This is not required for verifying the SCT.

+ +

NOTES

+ +

Some of the setters return int, instead of void. These will all return 1 on success, 0 on failure. They will not make changes on failure.

+ +

All of the setters will reset the validation status of the SCT to SCT_VALIDATION_STATUS_NOT_SET (see SCT_validate(3)).

+ +

SCT_set_source() will call SCT_set_log_entry_type() if the type of certificate the SCT was issued for can be inferred from where the SCT was found. For example, an SCT found in an X.509 extension must have been issued for a pre- certificate.

+ +

SCT_set_source() will not refuse unknown values.

+ +

RETURN VALUES

+ +

SCT_set_version() returns 1 if the specified version is supported, 0 otherwise.

+ +

SCT_set_log_entry_type() returns 1 if the specified log entry type is supported, 0 otherwise.

+ +

SCT_set0_log_id() and SCT_set1_log_id return 1 if the specified LogID is a valid SHA-256 hash, 0 otherwise. Additionally, SCT_set1_log_id returns 0 if malloc fails.

+ +

SCT_set_signature_nid returns 1 if the specified NID is supported, 0 otherwise.

+ +

SCT_set1_extensions and SCT_set1_signature return 1 if the supplied buffer is copied successfully, 0 otherwise (i.e. if malloc fails).

+ +

SCT_set_source returns 1 on success, 0 otherwise.

+ +

SEE ALSO

+ +

ct(7), SCT_validate(3), OBJ_nid2obj(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SCT_print.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SCT_print.html new file mode 100644 index 00000000..a3723c56 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SCT_print.html @@ -0,0 +1,68 @@ + + + + +SCT_print + + + + + + + + + + +

NAME

+ +

SCT_print, SCT_LIST_print, SCT_validation_status_string - Prints Signed Certificate Timestamps in a human-readable way

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs);
+void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
+                    const char *separator, const CTLOG_STORE *logs);
+const char *SCT_validation_status_string(const SCT *sct);
+ +

DESCRIPTION

+ +

SCT_print() prints a single Signed Certificate Timestamp (SCT) to a bio in a human-readable format. SCT_LIST_print() prints an entire list of SCTs in a similar way. A separator can be specified to delimit each SCT in the output.

+ +

The output can be indented by a specified number of spaces. If a CTLOG_STORE is provided, it will be used to print the description of the CT log that issued each SCT (if that log is in the CTLOG_STORE). Alternatively, NULL can be passed as the CTLOG_STORE parameter to disable this feature.

+ +

SCT_validation_status_string() will return the validation status of an SCT as a human-readable string. Call SCT_validate() or SCT_LIST_validate() beforehand in order to set the validation status of an SCT first.

+ +

RETURN VALUES

+ +

SCT_validation_status_string() returns a null-terminated string representing the validation status of an SCT object.

+ +

SEE ALSO

+ +

ct(7), bio(7), CTLOG_STORE_new(3), SCT_validate(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SCT_validate.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SCT_validate.html new file mode 100644 index 00000000..676a384d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SCT_validate.html @@ -0,0 +1,108 @@ + + + + +SCT_validate + + + + + + + + + + +

NAME

+ +

SCT_validate, SCT_LIST_validate, SCT_get_validation_status - checks Signed Certificate Timestamps (SCTs) are valid

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+typedef enum {
+    SCT_VALIDATION_STATUS_NOT_SET,
+    SCT_VALIDATION_STATUS_UNKNOWN_LOG,
+    SCT_VALIDATION_STATUS_VALID,
+    SCT_VALIDATION_STATUS_INVALID,
+    SCT_VALIDATION_STATUS_UNVERIFIED,
+    SCT_VALIDATION_STATUS_UNKNOWN_VERSION
+} sct_validation_status_t;
+
+int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
+int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx);
+sct_validation_status_t SCT_get_validation_status(const SCT *sct);
+ +

DESCRIPTION

+ +

SCT_validate() will check that an SCT is valid and verify its signature. SCT_LIST_validate() performs the same checks on an entire stack of SCTs. The result of the validation checks can be obtained by passing the SCT to SCT_get_validation_status().

+ +

A CT_POLICY_EVAL_CTX must be provided that specifies:

+ +
    + +
  • The certificate the SCT was issued for.

    + +

    Failure to provide the certificate will result in the validation status being SCT_VALIDATION_STATUS_UNVERIFIED.

    + +
  • +
  • The issuer of that certificate.

    + +

    This is only required if the SCT was issued for a pre-certificate (see RFC 6962). If it is required but not provided, the validation status will be SCT_VALIDATION_STATUS_UNVERIFIED.

    + +
  • +
  • A CTLOG_STORE that contains the CT log that issued this SCT.

    + +

    If the SCT was issued by a log that is not in this CTLOG_STORE, the validation status will be SCT_VALIDATION_STATUS_UNKNOWN_LOG.

    + +
  • +
+ +

If the SCT is of an unsupported version (only v1 is currently supported), the validation status will be SCT_VALIDATION_STATUS_UNKNOWN_VERSION.

+ +

If the SCT's signature is incorrect, its timestamp is in the future (relative to the time in CT_POLICY_EVAL_CTX), or if it is otherwise invalid, the validation status will be SCT_VALIDATION_STATUS_INVALID.

+ +

If all checks pass, the validation status will be SCT_VALIDATION_STATUS_VALID.

+ +

NOTES

+ +

A return value of 0 from SCT_LIST_validate() should not be interpreted as a failure. At a minimum, only one valid SCT may provide sufficient confidence that a certificate has been publicly logged.

+ +

RETURN VALUES

+ +

SCT_validate() returns a negative integer if an internal error occurs, 0 if the SCT fails validation, or 1 if the SCT passes validation.

+ +

SCT_LIST_validate() returns a negative integer if an internal error occurs, 0 if any of SCTs fails validation, or 1 if they all pass validation.

+ +

SCT_get_validation_status() returns the validation status of the SCT. If SCT_validate() or SCT_LIST_validate() have not been passed that SCT, the returned value will be SCT_VALIDATION_STATUS_NOT_SET.

+ +

SEE ALSO

+ +

ct(7)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SHA256_Init.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SHA256_Init.html new file mode 100644 index 00000000..b16a0a5c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SHA256_Init.html @@ -0,0 +1,107 @@ + + + + +SHA256_Init + + + + + + + + + + +

NAME

+ +

SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, SHA512_Final - Secure Hash Algorithm

+ +

SYNOPSIS

+ +
#include <openssl/sha.h>
+
+int SHA1_Init(SHA_CTX *c);
+int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+int SHA1_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA1(const unsigned char *d, size_t n,
+                    unsigned char *md);
+
+int SHA224_Init(SHA256_CTX *c);
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA224(const unsigned char *d, size_t n,
+                      unsigned char *md);
+
+int SHA256_Init(SHA256_CTX *c);
+int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA256(const unsigned char *d, size_t n,
+                      unsigned char *md);
+
+int SHA384_Init(SHA512_CTX *c);
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA384(const unsigned char *d, size_t n,
+                      unsigned char *md);
+
+int SHA512_Init(SHA512_CTX *c);
+int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA512(const unsigned char *d, size_t n,
+                      unsigned char *md);
+ +

DESCRIPTION

+ +

Applications should use the higher level functions EVP_DigestInit(3) etc. instead of calling the hash functions directly.

+ +

SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output.

+ +

SHA1() computes the SHA-1 message digest of the n bytes at d and places it in md (which must have space for SHA_DIGEST_LENGTH == 20 bytes of output). If md is NULL, the digest is placed in a static array. Note: setting md to NULL is not thread safe.

+ +

The following functions may be used if the message is not completely stored in memory:

+ +

SHA1_Init() initializes a SHA_CTX structure.

+ +

SHA1_Update() can be called repeatedly with chunks of the message to be hashed (len bytes at data).

+ +

SHA1_Final() places the message digest in md, which must have space for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the SHA_CTX.

+ +

The SHA224, SHA256, SHA384 and SHA512 families of functions operate in the same way as for the SHA1 functions. Note that SHA224 and SHA256 use a SHA256_CTX object instead of SHA_CTX. SHA384 and SHA512 use SHA512_CTX. The buffer md must have space for the output from the SHA variant being used (defined by SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH and SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if md is NULL.

+ +

The predecessor of SHA-1, SHA, is also implemented, but it should be used only when backward compatibility is required.

+ +

RETURN VALUES

+ +

SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash value.

+ +

SHA1_Init(), SHA1_Update() and SHA1_Final() and equivalent SHA224, SHA256, SHA384 and SHA512 functions return 1 for success, 0 otherwise.

+ +

CONFORMING TO

+ +

US Federal Information Processing Standard FIPS PUB 180-4 (Secure Hash Standard), ANSI X9.30

+ +

SEE ALSO

+ +

EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SMIME_read_CMS.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SMIME_read_CMS.html new file mode 100644 index 00000000..997086c2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SMIME_read_CMS.html @@ -0,0 +1,85 @@ + + + + +SMIME_read_CMS + + + + + + + + + + +

NAME

+ +

SMIME_read_CMS - parse S/MIME message

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont);
+ +

DESCRIPTION

+ +

SMIME_read_CMS() parses a message in S/MIME format.

+ +

in is a BIO to read the message from.

+ +

If cleartext signing is used then the content is saved in a memory bio which is written to *bcont, otherwise *bcont is set to NULL.

+ +

The parsed CMS_ContentInfo structure is returned or NULL if an error occurred.

+ +

NOTES

+ +

If *bcont is not NULL then the message is clear text signed. *bcont can then be passed to CMS_verify() with the CMS_DETACHED flag set.

+ +

Otherwise the type of the returned structure can be determined using CMS_get0_type().

+ +

To support future functionality if bcont is not NULL *bcont should be initialized to NULL. For example:

+ +
BIO *cont = NULL;
+CMS_ContentInfo *cms;
+
+cms = SMIME_read_CMS(in, &cont);
+ +

BUGS

+ +

The MIME parser used by SMIME_read_CMS() is somewhat primitive. While it will handle most S/MIME messages more complex compound formats may not work.

+ +

The parser assumes that the CMS_ContentInfo structure is always base64 encoded and will not handle the case where it is in binary format or uses quoted printable format.

+ +

The use of a memory BIO to hold the signed content limits the size of message which can be processed due to memory restraints: a streaming single pass option should be available.

+ +

RETURN VALUES

+ +

SMIME_read_CMS() returns a valid CMS_ContentInfo structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_type(3), SMIME_read_CMS(3), CMS_sign(3), CMS_verify(3), CMS_encrypt(3), CMS_decrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SMIME_read_PKCS7.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SMIME_read_PKCS7.html new file mode 100644 index 00000000..fc97995a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SMIME_read_PKCS7.html @@ -0,0 +1,85 @@ + + + + +SMIME_read_PKCS7 + + + + + + + + + + +

NAME

+ +

SMIME_read_PKCS7 - parse S/MIME message

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
+ +

DESCRIPTION

+ +

SMIME_read_PKCS7() parses a message in S/MIME format.

+ +

in is a BIO to read the message from.

+ +

If cleartext signing is used then the content is saved in a memory bio which is written to *bcont, otherwise *bcont is set to NULL.

+ +

The parsed PKCS#7 structure is returned or NULL if an error occurred.

+ +

NOTES

+ +

If *bcont is not NULL then the message is clear text signed. *bcont can then be passed to PKCS7_verify() with the PKCS7_DETACHED flag set.

+ +

Otherwise the type of the returned structure can be determined using PKCS7_type_is_enveloped(), etc.

+ +

To support future functionality if bcont is not NULL *bcont should be initialized to NULL. For example:

+ +
BIO *cont = NULL;
+PKCS7 *p7;
+
+p7 = SMIME_read_PKCS7(in, &cont);
+ +

BUGS

+ +

The MIME parser used by SMIME_read_PKCS7() is somewhat primitive. While it will handle most S/MIME messages more complex compound formats may not work.

+ +

The parser assumes that the PKCS7 structure is always base64 encoded and will not handle the case where it is in binary format or uses quoted printable format.

+ +

The use of a memory BIO to hold the signed content limits the size of message which can be processed due to memory restraints: a streaming single pass option should be available.

+ +

RETURN VALUES

+ +

SMIME_read_PKCS7() returns a valid PKCS7 structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), SMIME_read_PKCS7(3), PKCS7_sign(3), PKCS7_verify(3), PKCS7_encrypt(3) PKCS7_decrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SMIME_write_CMS.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SMIME_write_CMS.html new file mode 100644 index 00000000..706c840f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SMIME_write_CMS.html @@ -0,0 +1,78 @@ + + + + +SMIME_write_CMS + + + + + + + + + + +

NAME

+ +

SMIME_write_CMS - convert CMS structure to S/MIME format

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+ +

DESCRIPTION

+ +

SMIME_write_CMS() adds the appropriate MIME headers to a CMS structure to produce an S/MIME message.

+ +

out is the BIO to write the data to. cms is the appropriate CMS_ContentInfo structure. If streaming is enabled then the content must be supplied in the data argument. flags is an optional set of flags.

+ +

NOTES

+ +

The following flags can be passed in the flags parameter.

+ +

If CMS_DETACHED is set then cleartext signing will be used, this option only makes sense for SignedData where CMS_DETACHED is also set when CMS_sign() is called.

+ +

If the CMS_TEXT flag is set MIME headers for type text/plain are added to the content, this only makes sense if CMS_DETACHED is also set.

+ +

If the CMS_STREAM flag is set streaming is performed. This flag should only be set if CMS_STREAM was also set in the previous call to a CMS_ContentInfo creation function.

+ +

If cleartext signing is being used and CMS_STREAM not set then the data must be read twice: once to compute the signature in CMS_sign() and once to output the S/MIME message.

+ +

If streaming is performed the content is output in BER format using indefinite length constructed encoding except in the case of signed data with detached content where the content is absent and DER format is used.

+ +

BUGS

+ +

SMIME_write_CMS() always base64 encodes CMS structures, there should be an option to disable this.

+ +

RETURN VALUES

+ +

SMIME_write_CMS() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_verify(3), CMS_encrypt(3) CMS_decrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SMIME_write_PKCS7.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SMIME_write_PKCS7.html new file mode 100644 index 00000000..a0a7999e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SMIME_write_PKCS7.html @@ -0,0 +1,78 @@ + + + + +SMIME_write_PKCS7 + + + + + + + + + + +

NAME

+ +

SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
+ +

DESCRIPTION

+ +

SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7 structure to produce an S/MIME message.

+ +

out is the BIO to write the data to. p7 is the appropriate PKCS7 structure. If streaming is enabled then the content must be supplied in the data argument. flags is an optional set of flags.

+ +

NOTES

+ +

The following flags can be passed in the flags parameter.

+ +

If PKCS7_DETACHED is set then cleartext signing will be used, this option only makes sense for signedData where PKCS7_DETACHED is also set when PKCS7_sign() is also called.

+ +

If the PKCS7_TEXT flag is set MIME headers for type text/plain are added to the content, this only makes sense if PKCS7_DETACHED is also set.

+ +

If the PKCS7_STREAM flag is set streaming is performed. This flag should only be set if PKCS7_STREAM was also set in the previous call to PKCS7_sign() or PKCS7_encrypt().

+ +

If cleartext signing is being used and PKCS7_STREAM not set then the data must be read twice: once to compute the signature in PKCS7_sign() and once to output the S/MIME message.

+ +

If streaming is performed the content is output in BER format using indefinite length constructed encoding except in the case of signed data with detached content where the content is absent and DER format is used.

+ +

BUGS

+ +

SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there should be an option to disable this.

+ +

RETURN VALUES

+ +

SMIME_write_PKCS7() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_sign(3), PKCS7_verify(3), PKCS7_encrypt(3) PKCS7_decrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CIPHER_get_name.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CIPHER_get_name.html new file mode 100644 index 00000000..850ae6ba --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CIPHER_get_name.html @@ -0,0 +1,181 @@ + + + + +SSL_CIPHER_get_name + + + + + + + + + + +

NAME

+ +

SSL_CIPHER_get_name, SSL_CIPHER_standard_name, OPENSSL_cipher_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description, SSL_CIPHER_get_cipher_nid, SSL_CIPHER_get_digest_nid, SSL_CIPHER_get_handshake_digest, SSL_CIPHER_get_kx_nid, SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead, SSL_CIPHER_find, SSL_CIPHER_get_id, SSL_CIPHER_get_protocol_id - get SSL_CIPHER properties

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
+const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher);
+const char *OPENSSL_cipher_name(const char *stdname);
+int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
+char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
+char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
+int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
+const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c);
+int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
+const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
+uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
+uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
+ +

DESCRIPTION

+ +

SSL_CIPHER_get_name() returns a pointer to the name of cipher. If the cipher is NULL, it returns "(NONE)".

+ +

SSL_CIPHER_standard_name() returns a pointer to the standard RFC name of cipher. If the cipher is NULL, it returns "(NONE)". If the cipher has no standard name, it returns NULL. If cipher was defined in both SSLv3 and TLS, it returns the TLS name.

+ +

OPENSSL_cipher_name() returns a pointer to the OpenSSL name of stdname. If the stdname is NULL, or stdname has no corresponding OpenSSL name, it returns "(NONE)". Where both exist, stdname should be the TLS name rather than the SSLv3 name.

+ +

SSL_CIPHER_get_bits() returns the number of secret bits used for cipher. If cipher is NULL, 0 is returned.

+ +

SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol version that first defined the cipher. It returns "(NONE)" if cipher is NULL.

+ +

SSL_CIPHER_get_cipher_nid() returns the cipher NID corresponding to c. If there is no cipher (e.g. for cipher suites with no encryption) then NID_undef is returned.

+ +

SSL_CIPHER_get_digest_nid() returns the digest NID corresponding to the MAC used by c during record encryption/decryption. If there is no digest (e.g. for AEAD cipher suites) then NID_undef is returned.

+ +

SSL_CIPHER_get_handshake_digest() returns an EVP_MD for the digest used during the SSL/TLS handshake when using the SSL_CIPHER c. Note that this may be different to the digest used to calculate the MAC for encrypted records.

+ +

SSL_CIPHER_get_kx_nid() returns the key exchange NID corresponding to the method used by c. If there is no key exchange, then NID_undef is returned. If any appropriate key exchange algorithm can be used (as in the case of TLS 1.3 cipher suites) NID_kx_any is returned. Examples (not comprehensive):

+ +
NID_kx_rsa
+NID_kx_ecdhe
+NID_kx_dhe
+NID_kx_psk
+ +

SSL_CIPHER_get_auth_nid() returns the authentication NID corresponding to the method used by c. If there is no authentication, then NID_undef is returned. If any appropriate authentication algorithm can be used (as in the case of TLS 1.3 cipher suites) NID_auth_any is returned. Examples (not comprehensive):

+ +
NID_auth_rsa
+NID_auth_ecdsa
+NID_auth_psk
+ +

SSL_CIPHER_is_aead() returns 1 if the cipher c is AEAD (e.g. GCM or ChaCha20/Poly1305), and 0 if it is not AEAD.

+ +

SSL_CIPHER_find() returns a SSL_CIPHER structure which has the cipher ID stored in ptr. The ptr parameter is a two element array of char, which stores the two-byte TLS cipher ID (as allocated by IANA) in network byte order. This parameter is usually retrieved from a TLS packet by using functions like SSL_client_hello_get0_ciphers(3). SSL_CIPHER_find() returns NULL if an error occurs or the indicated cipher is not found.

+ +

SSL_CIPHER_get_id() returns the OpenSSL-specific ID of the given cipher c. That ID is not the same as the IANA-specific ID.

+ +

SSL_CIPHER_get_protocol_id() returns the two-byte ID used in the TLS protocol of the given cipher c.

+ +

SSL_CIPHER_description() returns a textual description of the cipher used into the buffer buf of length len provided. If buf is provided, it must be at least 128 bytes, otherwise a buffer will be allocated using OPENSSL_malloc(). If the provided buffer is too small, or the allocation fails, NULL is returned.

+ +

The string returned by SSL_CIPHER_description() consists of several fields separated by whitespace:

+ +
+ +
<ciphername>
+
+ +

Textual representation of the cipher name.

+ +
+
<protocol version>
+
+ +

The minimum protocol version that the ciphersuite supports, such as TLSv1.2. Note that this is not always the same as the protocol version in which the ciphersuite was first defined because some ciphersuites are backwards compatible with earlier protocol versions.

+ +
+
Kx=<key exchange>
+
+ +

Key exchange method such as RSA, ECDHE, etc.

+ +
+
Au=<authentication>
+
+ +

Authentication method such as RSA, None, etc.. None is the representation of anonymous ciphers.

+ +
+
Enc=<symmetric encryption method>
+
+ +

Encryption method, with number of secret bits, such as AESGCM(128).

+ +
+
Mac=<message authentication code>
+
+ +

Message digest, such as SHA256.

+ +
+
+ +

Some examples for the output of SSL_CIPHER_description():

+ +
ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
+RSA-PSK-AES256-CBC-SHA384 TLSv1.0 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA384
+ +

RETURN VALUES

+ +

SSL_CIPHER_get_name(), SSL_CIPHER_standard_name(), OPENSSL_cipher_name(), SSL_CIPHER_get_version() and SSL_CIPHER_description() return the corresponding value in a null-terminated string for a specific cipher or "(NONE)" if the cipher is not found.

+ +

SSL_CIPHER_get_bits() returns a positive integer representing the number of secret bits or 0 if an error occurred.

+ +

SSL_CIPHER_get_cipher_nid(), SSL_CIPHER_get_digest_nid(), SSL_CIPHER_get_kx_nid() and SSL_CIPHER_get_auth_nid() return the NID value or NID_undef if an error occurred.

+ +

SSL_CIPHER_get_handshake_digest() returns a valid EVP_MD structure or NULL if an error occurred.

+ +

SSL_CIPHER_is_aead() returns 1 if the cipher is AEAD or 0 otherwise.

+ +

SSL_CIPHER_find() returns a valid SSL_CIPHER structure or NULL if an error occurred.

+ +

SSL_CIPHER_get_id() returns a 4-byte integer representing the OpenSSL-specific ID.

+ +

SSL_CIPHER_get_protocol_id() returns a 2-byte integer representing the TLS protocol-specific ID.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_current_cipher(3), SSL_get_ciphers(3), ciphers(1)

+ +

HISTORY

+ +

The SSL_CIPHER_get_version() function was updated to always return the correct protocol string in OpenSSL 1.1.0.

+ +

The SSL_CIPHER_description() function was changed to return NULL on error, rather than a fixed string, in OpenSSL 1.1.0.

+ +

The SSL_CIPHER_get_handshake_digest() function was added in OpenSSL 1.1.1.

+ +

The SSL_CIPHER_standard_name() function was globally available in OpenSSL 1.1.1. Before OpenSSL 1.1.1, tracing (enable-ssl-trace argument to Configure) was required to enable this function.

+ +

The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_COMP_add_compression_method.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_COMP_add_compression_method.html new file mode 100644 index 00000000..3253f753 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_COMP_add_compression_method.html @@ -0,0 +1,111 @@ + + + + +SSL_COMP_add_compression_method + + + + + + + + + + +

NAME

+ +

SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods - handle SSL/TLS integrated compression methods

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+const char *SSL_COMP_get0_name(const SSL_COMP *comp);
+int SSL_COMP_get_id(const SSL_COMP *comp);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10100000L
+void SSL_COMP_free_compression_methods(void)
+#endif
+ +

DESCRIPTION

+ +

SSL_COMP_add_compression_method() adds the compression method cm with the identifier id to the list of available compression methods. This list is globally maintained for all SSL operations within this application. It cannot be set for specific SSL_CTX or SSL objects.

+ +

SSL_COMP_get_compression_methods() returns a stack of all of the available compression methods or NULL on error.

+ +

SSL_COMP_get0_name() returns the name of the compression method comp.

+ +

SSL_COMP_get_id() returns the id of the compression method comp.

+ +

SSL_COMP_free_compression_methods() releases any resources acquired to maintain the internal table of compression methods.

+ +

NOTES

+ +

The TLS standard (or SSLv3) allows the integration of compression methods into the communication. The TLS RFC does however not specify compression methods or their corresponding identifiers, so there is currently no compatible way to integrate compression with unknown peers. It is therefore currently not recommended to integrate compression into applications. Applications for non-public use may agree on certain compression methods. Using different compression methods with the same identifier will lead to connection failure.

+ +

An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) will unconditionally send the list of all compression methods enabled with SSL_COMP_add_compression_method() to the server during the handshake. Unlike the mechanisms to set a cipher list, there is no method available to restrict the list of compression method on a per connection basis.

+ +

An OpenSSL server will match the identifiers listed by a client against its own compression methods and will unconditionally activate compression when a matching identifier is found. There is no way to restrict the list of compression methods supported on a per connection basis.

+ +

If enabled during compilation, the OpenSSL library will have the COMP_zlib() compression method available.

+ +

RETURN VALUES

+ +

SSL_COMP_add_compression_method() may return the following values:

+ +
+ +
0
+
+ +

The operation succeeded.

+ +
+
1
+
+ +

The operation failed. Check the error queue to find out the reason.

+ +
+
+ +

SSL_COMP_get_compression_methods() returns the stack of compressions methods or NULL on error.

+ +

SSL_COMP_get0_name() returns the name of the compression method or NULL on error.

+ +

SSL_COMP_get_id() returns the name of the compression method or -1 on error.

+ +

SEE ALSO

+ +

ssl(7)

+ +

HISTORY

+ +

The SSL_COMP_free_compression_methods() function was deprecated in OpenSSL 1.1.0. The SSL_COMP_get0_name() and SSL_comp_get_id() functions were added in OpenSSL 1.1.0d.

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_CTX_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_CTX_new.html new file mode 100644 index 00000000..c3371bc6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_CTX_new.html @@ -0,0 +1,66 @@ + + + + +SSL_CONF_CTX_new + + + + + + + + + + +

NAME

+ +

SSL_CONF_CTX_new, SSL_CONF_CTX_free - SSL configuration allocation functions

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL_CONF_CTX *SSL_CONF_CTX_new(void);
+void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
+ +

DESCRIPTION

+ +

The function SSL_CONF_CTX_new() allocates and initialises an SSL_CONF_CTX structure for use with the SSL_CONF functions.

+ +

The function SSL_CONF_CTX_free() frees up the context cctx. If cctx is NULL nothing is done.

+ +

RETURN VALUES

+ +

SSL_CONF_CTX_new() returns either the newly allocated SSL_CONF_CTX structure or NULL if an error occurs.

+ +

SSL_CONF_CTX_free() does not return a value.

+ +

SEE ALSO

+ +

SSL_CONF_CTX_set_flags(3), SSL_CONF_CTX_set_ssl_ctx(3), SSL_CONF_CTX_set1_prefix(3), SSL_CONF_cmd(3), SSL_CONF_cmd_argv(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_CTX_set1_prefix.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_CTX_set1_prefix.html new file mode 100644 index 00000000..b49e0dcf --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_CTX_set1_prefix.html @@ -0,0 +1,70 @@ + + + + +SSL_CONF_CTX_set1_prefix + + + + + + + + + + +

NAME

+ +

SSL_CONF_CTX_set1_prefix - Set configuration context command prefix

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix);
+ +

DESCRIPTION

+ +

The function SSL_CONF_CTX_set1_prefix() sets the command prefix of cctx to prefix. If prefix is NULL it is restored to the default value.

+ +

NOTES

+ +

Command prefixes alter the commands recognised by subsequent SSL_CONF_cmd() calls. For example for files, if the prefix "SSL" is set then command names such as "SSLProtocol", "SSLOptions" etc. are recognised instead of "Protocol" and "Options". Similarly for command lines if the prefix is "--ssl-" then "--ssl-no_tls1_2" is recognised instead of "-no_tls1_2".

+ +

If the SSL_CONF_FLAG_CMDLINE flag is set then prefix checks are case sensitive and "-" is the default. In the unlikely even an application explicitly wants to set no prefix it must be explicitly set to "".

+ +

If the SSL_CONF_FLAG_FILE flag is set then prefix checks are case insensitive and no prefix is the default.

+ +

RETURN VALUES

+ +

SSL_CONF_CTX_set1_prefix() returns 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

SSL_CONF_CTX_new(3), SSL_CONF_CTX_set_flags(3), SSL_CONF_CTX_set_ssl_ctx(3), SSL_CONF_cmd(3), SSL_CONF_cmd_argv(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_CTX_set_flags.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_CTX_set_flags.html new file mode 100644 index 00000000..280bf767 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_CTX_set_flags.html @@ -0,0 +1,105 @@ + + + + +SSL_CONF_CTX_set_flags + + + + + + + + + + +

NAME

+ +

SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags - Set or clear SSL configuration context flags

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+ +

DESCRIPTION

+ +

The function SSL_CONF_CTX_set_flags() sets flags in the context cctx.

+ +

The function SSL_CONF_CTX_clear_flags() clears flags in the context cctx.

+ +

NOTES

+ +

The flags set affect how subsequent calls to SSL_CONF_cmd() or SSL_CONF_argv() behave.

+ +

Currently the following flags values are recognised:

+ +
+ +
SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE
+
+ +

recognise options intended for command line or configuration file use. At least one of these flags must be set.

+ +
+
SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER
+
+ +

recognise options intended for use in SSL/TLS clients or servers. One or both of these flags must be set.

+ +
+
SSL_CONF_FLAG_CERTIFICATE
+
+ +

recognise certificate and private key options.

+ +
+
SSL_CONF_FLAG_REQUIRE_PRIVATE
+
+ +

If this option is set then if a private key is not specified for a certificate it will attempt to load a private key from the certificate file when SSL_CONF_CTX_finish() is called. If a key cannot be loaded from the certificate file an error occurs.

+ +
+
SSL_CONF_FLAG_SHOW_ERRORS
+
+ +

indicate errors relating to unrecognised options or missing arguments in the error queue. If this option isn't set such errors are only reflected in the return values of SSL_CONF_set_cmd() or SSL_CONF_set_argv()

+ +
+
+ +

RETURN VALUES

+ +

SSL_CONF_CTX_set_flags() and SSL_CONF_CTX_clear_flags() returns the new flags value after setting or clearing flags.

+ +

SEE ALSO

+ +

SSL_CONF_CTX_new(3), SSL_CONF_CTX_set_ssl_ctx(3), SSL_CONF_CTX_set1_prefix(3), SSL_CONF_cmd(3), SSL_CONF_cmd_argv(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_CTX_set_ssl_ctx.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_CTX_set_ssl_ctx.html new file mode 100644 index 00000000..031cda52 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_CTX_set_ssl_ctx.html @@ -0,0 +1,69 @@ + + + + +SSL_CONF_CTX_set_ssl_ctx + + + + + + + + + + +

NAME

+ +

SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);
+void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_CONF_CTX_set_ssl_ctx() sets the context associated with cctx to the SSL_CTX structure ctx. Any previous SSL or SSL_CTX associated with cctx is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to ctx.

+ +

SSL_CONF_CTX_set_ssl() sets the context associated with cctx to the SSL structure ssl. Any previous SSL or SSL_CTX associated with cctx is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to ssl.

+ +

NOTES

+ +

The context need not be set or it can be set to NULL in which case only syntax checking of commands is performed, where possible.

+ +

RETURN VALUES

+ +

SSL_CONF_CTX_set_ssl_ctx() and SSL_CTX_set_ssl() do not return a value.

+ +

SEE ALSO

+ +

SSL_CONF_CTX_new(3), SSL_CONF_CTX_set_flags(3), SSL_CONF_CTX_set1_prefix(3), SSL_CONF_cmd(3), SSL_CONF_cmd_argv(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_cmd.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_cmd.html new file mode 100644 index 00000000..9934b55d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_cmd.html @@ -0,0 +1,556 @@ + + + + +SSL_CONF_cmd + + + + + + + + + + +

NAME

+ +

SSL_CONF_cmd_value_type, SSL_CONF_cmd - send configuration command

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
+int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
+ +

DESCRIPTION

+ +

The function SSL_CONF_cmd() performs configuration operation cmd with optional parameter value on ctx. Its purpose is to simplify application configuration of SSL_CTX or SSL structures by providing a common framework for command line options or configuration files.

+ +

SSL_CONF_cmd_value_type() returns the type of value that cmd refers to.

+ +

SUPPORTED COMMAND LINE COMMANDS

+ +

Currently supported cmd names for command lines (i.e. when the flag SSL_CONF_CMDLINE is set) are listed below. Note: all cmd names are case sensitive. Unless otherwise stated commands can be used by both clients and servers and the value parameter is not used. The default prefix for command line commands is - and that is reflected below.

+ +
+ +
-sigalgs
+
+ +

This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. For clients this value is used directly for the supported signature algorithms extension. For servers it is used to determine which signature algorithms to support.

+ +

The value argument should be a colon separated list of signature algorithms in order of decreasing preference of the form algorithm+hash or signature_scheme. algorithm is one of RSA, DSA or ECDSA and hash is a supported algorithm OID short name such as SHA1, SHA224, SHA256, SHA384 of SHA512. Note: algorithm and hash names are case sensitive. signature_scheme is one of the signature schemes defined in TLSv1.3, specified using the IETF name, e.g., ecdsa_secp256r1_sha256, ed25519, or rsa_pss_pss_sha256.

+ +

If this option is not set then all signature algorithms supported by the OpenSSL library are permissible.

+ +

Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by using RSA as the algorithm or by using one of the rsa_pkcs1_* identifiers) are ignored in TLSv1.3 and will not be negotiated.

+ +
+
-client_sigalgs
+
+ +

This sets the supported signature algorithms associated with client authentication for TLSv1.2 and TLSv1.3. For servers the value is used in the signature_algorithms field of a CertificateRequest message. For clients it is used to determine which signature algorithm to use with the client certificate. If a server does not request a certificate this option has no effect.

+ +

The syntax of value is identical to -sigalgs. If not set then the value set for -sigalgs will be used instead.

+ +
+
-groups
+
+ +

This sets the supported groups. For clients, the groups are sent using the supported groups extension. For servers, it is used to determine which group to use. This setting affects groups used for signatures (in TLSv1.2 and earlier) and key exchange. The first group listed will also be used for the key_share sent by a client in a TLSv1.3 ClientHello.

+ +

The value argument is a colon separated list of groups. The group can be either the NIST name (e.g. P-256), some other commonly used name where applicable (e.g. X25519) or an OpenSSL OID name (e.g prime256v1). Group names are case sensitive. The list should be in order of preference with the most preferred group first.

+ +
+
-curves
+
+ +

This is a synonym for the "-groups" command.

+ +
+
-named_curve
+
+ +

This sets the temporary curve used for ephemeral ECDH modes. Only used by servers

+ +

The value argument is a curve name or the special value auto which picks an appropriate curve based on client and server preferences. The curve can be either the NIST name (e.g. P-256) or an OpenSSL OID name (e.g prime256v1). Curve names are case sensitive.

+ +
+
-cipher
+
+ +

Sets the TLSv1.2 and below ciphersuite list to value. This list will be combined with any configured TLSv1.3 ciphersuites. Note: syntax checking of value is currently not performed unless a SSL or SSL_CTX structure is associated with cctx.

+ +
+
-ciphersuites
+
+ +

Sets the available ciphersuites for TLSv1.3 to value. This is a simple colon (":") separated list of TLSv1.3 ciphersuite names in order of preference. This list will be combined any configured TLSv1.2 and below ciphersuites. See ciphers(1) for more information.

+ +
+
-cert
+
+ +

Attempts to use the file value as the certificate for the appropriate context. It currently uses SSL_CTX_use_certificate_chain_file() if an SSL_CTX structure is set or SSL_use_certificate_file() with filetype PEM if an SSL structure is set. This option is only supported if certificate operations are permitted.

+ +
+
-key
+
+ +

Attempts to use the file value as the private key for the appropriate context. This option is only supported if certificate operations are permitted. Note: if no -key option is set then a private key is not loaded unless the flag SSL_CONF_FLAG_REQUIRE_PRIVATE is set.

+ +
+
-dhparam
+
+ +

Attempts to use the file value as the set of temporary DH parameters for the appropriate context. This option is only supported if certificate operations are permitted.

+ +
+
-record_padding
+
+ +

Attempts to pad TLSv1.3 records so that they are a multiple of value in length on send. A value of 0 or 1 turns off padding. Otherwise, the value must be >1 or <=16384.

+ +
+
-no_renegotiation
+
+ +

Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting SSL_OP_NO_RENEGOTIATION.

+ +
+
-min_protocol, -max_protocol
+
+ +

Sets the minimum and maximum supported protocol. Currently supported protocol values are SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 for TLS and DTLSv1, DTLSv1.2 for DTLS, and None for no limit. If either bound is not specified then only the other bound applies, if specified. To restrict the supported protocol versions use these commands rather than the deprecated alternative commands below.

+ +
+
-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3
+
+ +

Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by setting the corresponding options SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2 and SSL_OP_NO_TLSv1_3 respectively. These options are deprecated, instead use -min_protocol and -max_protocol.

+ +
+
-bugs
+
+ +

Various bug workarounds are set, same as setting SSL_OP_ALL.

+ +
+
-comp
+
+ +

Enables support for SSL/TLS compression, same as clearing SSL_OP_NO_COMPRESSION. This command was introduced in OpenSSL 1.1.0. As of OpenSSL 1.1.0, compression is off by default.

+ +
+
-no_comp
+
+ +

Disables support for SSL/TLS compression, same as setting SSL_OP_NO_COMPRESSION. As of OpenSSL 1.1.0, compression is off by default.

+ +
+
-no_ticket
+
+ +

Disables support for session tickets, same as setting SSL_OP_NO_TICKET.

+ +
+
-serverpref
+
+ +

Use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to SSL_OP_CIPHER_SERVER_PREFERENCE. Only used by servers.

+ +
+
-prioritize_chacha
+
+ +

Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of its preference list. This usually indicates a client without AES hardware acceleration (e.g. mobile) is in use. Equivalent to SSL_OP_PRIORITIZE_CHACHA. Only used by servers. Requires -serverpref.

+ +
+
-no_resumption_on_reneg
+
+ +

set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.

+ +
+
-legacyrenegotiation
+
+ +

permits the use of unsafe legacy renegotiation. Equivalent to setting SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.

+ +
+
-legacy_server_connect, -no_legacy_server_connect
+
+ +

permits or prohibits the use of unsafe legacy renegotiation for OpenSSL clients only. Equivalent to setting or clearing SSL_OP_LEGACY_SERVER_CONNECT. Set by default.

+ +
+
-allow_no_dhe_kex
+
+ +

In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session.

+ +
+
-strict
+
+ +

enables strict mode protocol handling. Equivalent to setting SSL_CERT_FLAG_TLS_STRICT.

+ +
+
-anti_replay, -no_anti_replay
+
+ +

Switches replay protection, on or off respectively. With replay protection on, OpenSSL will automatically detect if a session ticket has been used more than once, TLSv1.3 has been negotiated, and early data is enabled on the server. A full handshake is forced if a session ticket is used a second or subsequent time. Anti-Replay is on by default unless overridden by a configuration file and is only used by servers. Anti-replay measures are required for compliance with the TLSv1.3 specification. Some applications may be able to mitigate the replay risks in other ways and in such cases the built-in OpenSSL functionality is not required. Switching off anti-replay is equivalent to SSL_OP_NO_ANTI_REPLAY.

+ +
+
+ +

SUPPORTED CONFIGURATION FILE COMMANDS

+ +

Currently supported cmd names for configuration files (i.e. when the flag SSL_CONF_FLAG_FILE is set) are listed below. All configuration file cmd names are case insensitive so signaturealgorithms is recognised as well as SignatureAlgorithms. Unless otherwise stated the value names are also case insensitive.

+ +

Note: the command prefix (if set) alters the recognised cmd values.

+ +
+ +
CipherString
+
+ +

Sets the ciphersuite list for TLSv1.2 and below to value. This list will be combined with any configured TLSv1.3 ciphersuites. Note: syntax checking of value is currently not performed unless an SSL or SSL_CTX structure is associated with cctx.

+ +
+
Ciphersuites
+
+ +

Sets the available ciphersuites for TLSv1.3 to value. This is a simple colon (":") separated list of TLSv1.3 ciphersuite names in order of preference. This list will be combined any configured TLSv1.2 and below ciphersuites. See ciphers(1) for more information.

+ +
+
Certificate
+
+ +

Attempts to use the file value as the certificate for the appropriate context. It currently uses SSL_CTX_use_certificate_chain_file() if an SSL_CTX structure is set or SSL_use_certificate_file() with filetype PEM if an SSL structure is set. This option is only supported if certificate operations are permitted.

+ +
+
PrivateKey
+
+ +

Attempts to use the file value as the private key for the appropriate context. This option is only supported if certificate operations are permitted. Note: if no PrivateKey option is set then a private key is not loaded unless the SSL_CONF_FLAG_REQUIRE_PRIVATE is set.

+ +
+
ChainCAFile, ChainCAPath, VerifyCAFile, VerifyCAPath
+
+ +

These options indicate a file or directory used for building certificate chains or verifying certificate chains. These options are only supported if certificate operations are permitted.

+ +
+
RequestCAFile
+
+ +

This option indicates a file containing a set of certificates in PEM form. The subject names of the certificates are sent to the peer in the certificate_authorities extension for TLS 1.3 (in ClientHello or CertificateRequest) or in a certificate request for previous versions or TLS.

+ +
+
ServerInfoFile
+
+ +

Attempts to use the file value in the "serverinfo" extension using the function SSL_CTX_use_serverinfo_file.

+ +
+
DHParameters
+
+ +

Attempts to use the file value as the set of temporary DH parameters for the appropriate context. This option is only supported if certificate operations are permitted.

+ +
+
RecordPadding
+
+ +

Attempts to pad TLSv1.3 records so that they are a multiple of value in length on send. A value of 0 or 1 turns off padding. Otherwise, the value must be >1 or <=16384.

+ +
+
SignatureAlgorithms
+
+ +

This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. For clients this value is used directly for the supported signature algorithms extension. For servers it is used to determine which signature algorithms to support.

+ +

The value argument should be a colon separated list of signature algorithms in order of decreasing preference of the form algorithm+hash or signature_scheme. algorithm is one of RSA, DSA or ECDSA and hash is a supported algorithm OID short name such as SHA1, SHA224, SHA256, SHA384 of SHA512. Note: algorithm and hash names are case sensitive. signature_scheme is one of the signature schemes defined in TLSv1.3, specified using the IETF name, e.g., ecdsa_secp256r1_sha256, ed25519, or rsa_pss_pss_sha256.

+ +

If this option is not set then all signature algorithms supported by the OpenSSL library are permissible.

+ +

Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by using RSA as the algorithm or by using one of the rsa_pkcs1_* identifiers) are ignored in TLSv1.3 and will not be negotiated.

+ +
+
ClientSignatureAlgorithms
+
+ +

This sets the supported signature algorithms associated with client authentication for TLSv1.2 and TLSv1.3. For servers the value is used in the signature_algorithms field of a CertificateRequest message. For clients it is used to determine which signature algorithm to use with the client certificate. If a server does not request a certificate this option has no effect.

+ +

The syntax of value is identical to SignatureAlgorithms. If not set then the value set for SignatureAlgorithms will be used instead.

+ +
+
Groups
+
+ +

This sets the supported groups. For clients, the groups are sent using the supported groups extension. For servers, it is used to determine which group to use. This setting affects groups used for signatures (in TLSv1.2 and earlier) and key exchange. The first group listed will also be used for the key_share sent by a client in a TLSv1.3 ClientHello.

+ +

The value argument is a colon separated list of groups. The group can be either the NIST name (e.g. P-256), some other commonly used name where applicable (e.g. X25519) or an OpenSSL OID name (e.g prime256v1). Group names are case sensitive. The list should be in order of preference with the most preferred group first.

+ +
+
Curves
+
+ +

This is a synonym for the "Groups" command.

+ +
+
MinProtocol
+
+ +

This sets the minimum supported SSL, TLS or DTLS version.

+ +

Currently supported protocol values are SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, DTLSv1 and DTLSv1.2. The value None will disable the limit.

+ +
+
MaxProtocol
+
+ +

This sets the maximum supported SSL, TLS or DTLS version.

+ +

Currently supported protocol values are SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, DTLSv1 and DTLSv1.2. The value None will disable the limit.

+ +
+
Protocol
+
+ +

This can be used to enable or disable certain versions of the SSL, TLS or DTLS protocol.

+ +

The value argument is a comma separated list of supported protocols to enable or disable. If a protocol is preceded by - that version is disabled.

+ +

All protocol versions are enabled by default. You need to disable at least one protocol version for this setting have any effect. Only enabling some protocol versions does not disable the other protocol versions.

+ +

Currently supported protocol values are SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, DTLSv1 and DTLSv1.2. The special value ALL refers to all supported versions.

+ +

This can't enable protocols that are disabled using MinProtocol or MaxProtocol, but can disable protocols that are still allowed by them.

+ +

The Protocol command is fragile and deprecated; do not use it. Use MinProtocol and MaxProtocol instead. If you do use Protocol, make sure that the resulting range of enabled protocols has no "holes", e.g. if TLS 1.0 and TLS 1.2 are both enabled, make sure to also leave TLS 1.1 enabled.

+ +
+
Options
+
+ +

The value argument is a comma separated list of various flags to set. If a flag string is preceded - it is disabled. See the SSL_CTX_set_options(3) function for more details of individual options.

+ +

Each option is listed below. Where an operation is enabled by default the -flag syntax is needed to disable it.

+ +

SessionTicket: session ticket support, enabled by default. Inverse of SSL_OP_NO_TICKET: that is -SessionTicket is the same as setting SSL_OP_NO_TICKET.

+ +

Compression: SSL/TLS compression support, enabled by default. Inverse of SSL_OP_NO_COMPRESSION.

+ +

EmptyFragments: use empty fragments as a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers. It is set by default. Inverse of SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.

+ +

Bugs: enable various bug workarounds. Same as SSL_OP_ALL.

+ +

DHSingle: enable single use DH keys, set by default. Inverse of SSL_OP_DH_SINGLE. Only used by servers.

+ +

ECDHSingle: enable single use ECDH keys, set by default. Inverse of SSL_OP_ECDH_SINGLE. Only used by servers.

+ +

ServerPreference: use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to SSL_OP_CIPHER_SERVER_PREFERENCE. Only used by servers.

+ +

PrioritizeChaCha: prioritizes ChaCha ciphers when the client has a ChaCha20 cipher at the top of its preference list. This usually indicates a mobile client is in use. Equivalent to SSL_OP_PRIORITIZE_CHACHA. Only used by servers.

+ +

NoResumptionOnRenegotiation: set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.

+ +

NoRenegotiation: disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting SSL_OP_NO_RENEGOTIATION.

+ +

UnsafeLegacyRenegotiation: permits the use of unsafe legacy renegotiation. Equivalent to SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.

+ +

UnsafeLegacyServerConnect: permits the use of unsafe legacy renegotiation for OpenSSL clients only. Equivalent to SSL_OP_LEGACY_SERVER_CONNECT. Set by default.

+ +

EncryptThenMac: use encrypt-then-mac extension, enabled by default. Inverse of SSL_OP_NO_ENCRYPT_THEN_MAC: that is, -EncryptThenMac is the same as setting SSL_OP_NO_ENCRYPT_THEN_MAC.

+ +

AllowNoDHEKEX: In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session. Equivalent to SSL_OP_ALLOW_NO_DHE_KEX.

+ +

MiddleboxCompat: If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that do not understand TLSv1.3 will not drop the connection. This option is set by default. A future version of OpenSSL may not set this by default. Equivalent to SSL_OP_ENABLE_MIDDLEBOX_COMPAT.

+ +

AntiReplay: If set then OpenSSL will automatically detect if a session ticket has been used more than once, TLSv1.3 has been negotiated, and early data is enabled on the server. A full handshake is forced if a session ticket is used a second or subsequent time. This option is set by default and is only used by servers. Anti-replay measures are required to comply with the TLSv1.3 specification. Some applications may be able to mitigate the replay risks in other ways and in such cases the built-in OpenSSL functionality is not required. Disabling anti-replay is equivalent to setting SSL_OP_NO_ANTI_REPLAY.

+ +
+
VerifyMode
+
+ +

The value argument is a comma separated list of flags to set.

+ +

Peer enables peer verification: for clients only.

+ +

Request requests but does not require a certificate from the client. Servers only.

+ +

Require requests and requires a certificate from the client: an error occurs if the client does not present a certificate. Servers only.

+ +

Once requests a certificate from a client only on the initial connection: not when renegotiating. Servers only.

+ +

RequestPostHandshake configures the connection to support requests but does not require a certificate from the client post-handshake. A certificate will not be requested during the initial handshake. The server application must provide a mechanism to request a certificate post-handshake. Servers only. TLSv1.3 only.

+ +

RequiresPostHandshake configures the connection to support requests and requires a certificate from the client post-handshake: an error occurs if the client does not present a certificate. A certificate will not be requested during the initial handshake. The server application must provide a mechanism to request a certificate post-handshake. Servers only. TLSv1.3 only.

+ +
+
ClientCAFile, ClientCAPath
+
+ +

A file or directory of certificates in PEM format whose names are used as the set of acceptable names for client CAs. Servers only. This option is only supported if certificate operations are permitted.

+ +
+
+ +

SUPPORTED COMMAND TYPES

+ +

The function SSL_CONF_cmd_value_type() currently returns one of the following types:

+ +
+ +
SSL_CONF_TYPE_UNKNOWN
+
+ +

The cmd string is unrecognised, this return value can be use to flag syntax errors.

+ +
+
SSL_CONF_TYPE_STRING
+
+ +

The value is a string without any specific structure.

+ +
+
SSL_CONF_TYPE_FILE
+
+ +

The value is a file name.

+ +
+
SSL_CONF_TYPE_DIR
+
+ +

The value is a directory name.

+ +
+
SSL_CONF_TYPE_NONE
+
+ +

The value string is not used e.g. a command line option which doesn't take an argument.

+ +
+
+ +

NOTES

+ +

The order of operations is significant. This can be used to set either defaults or values which cannot be overridden. For example if an application calls:

+ +
SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
+SSL_CONF_cmd(ctx, userparam, uservalue);
+ +

it will disable SSLv3 support by default but the user can override it. If however the call sequence is:

+ +
SSL_CONF_cmd(ctx, userparam, uservalue);
+SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
+ +

SSLv3 is always disabled and attempt to override this by the user are ignored.

+ +

By checking the return code of SSL_CONF_cmd() it is possible to query if a given cmd is recognised, this is useful if SSL_CONF_cmd() values are mixed with additional application specific operations.

+ +

For example an application might call SSL_CONF_cmd() and if it returns -2 (unrecognised command) continue with processing of application specific commands.

+ +

Applications can also use SSL_CONF_cmd() to process command lines though the utility function SSL_CONF_cmd_argv() is normally used instead. One way to do this is to set the prefix to an appropriate value using SSL_CONF_CTX_set1_prefix(), pass the current argument to cmd and the following argument to value (which may be NULL).

+ +

In this case if the return value is positive then it is used to skip that number of arguments as they have been processed by SSL_CONF_cmd(). If -2 is returned then cmd is not recognised and application specific arguments can be checked instead. If -3 is returned a required argument is missing and an error is indicated. If 0 is returned some other error occurred and this can be reported back to the user.

+ +

The function SSL_CONF_cmd_value_type() can be used by applications to check for the existence of a command or to perform additional syntax checking or translation of the command value. For example if the return value is SSL_CONF_TYPE_FILE an application could translate a relative pathname to an absolute pathname.

+ +

RETURN VALUES

+ +

SSL_CONF_cmd() returns 1 if the value of cmd is recognised and value is NOT used and 2 if both cmd and value are used. In other words it returns the number of arguments processed. This is useful when processing command lines.

+ +

A return value of -2 means cmd is not recognised.

+ +

A return value of -3 means cmd is recognised and the command requires a value but value is NULL.

+ +

A return code of 0 indicates that both cmd and value are valid but an error occurred attempting to perform the operation: for example due to an error in the syntax of value in this case the error queue may provide additional information.

+ +

EXAMPLES

+ +

Set supported signature algorithms:

+ +
SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256");
+ +

There are various ways to select the supported protocols.

+ +

This set the minimum protocol version to TLSv1, and so disables SSLv3. This is the recommended way to disable protocols.

+ +
SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1");
+ +

The following also disables SSLv3:

+ +
SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
+ +

The following will first enable all protocols, and then disable SSLv3. If no protocol versions were disabled before this has the same effect as "-SSLv3", but if some versions were disables this will re-enable them before disabling SSLv3.

+ +
SSL_CONF_cmd(ctx, "Protocol", "ALL,-SSLv3");
+ +

Only enable TLSv1.2:

+ +
SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1.2");
+SSL_CONF_cmd(ctx, "MaxProtocol", "TLSv1.2");
+ +

This also only enables TLSv1.2:

+ +
SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2");
+ +

Disable TLS session tickets:

+ +
SSL_CONF_cmd(ctx, "Options", "-SessionTicket");
+ +

Enable compression:

+ +
SSL_CONF_cmd(ctx, "Options", "Compression");
+ +

Set supported curves to P-256, P-384:

+ +
SSL_CONF_cmd(ctx, "Curves", "P-256:P-384");
+ +

SEE ALSO

+ +

SSL_CONF_CTX_new(3), SSL_CONF_CTX_set_flags(3), SSL_CONF_CTX_set1_prefix(3), SSL_CONF_CTX_set_ssl_ctx(3), SSL_CONF_cmd_argv(3), SSL_CTX_set_options(3)

+ +

HISTORY

+ +

The SSL_CONF_cmd() function was added in OpenSSL 1.0.2.

+ +

The SSL_OP_NO_SSL2 option doesn't have effect since 1.1.0, but the macro is retained for backwards compatibility.

+ +

The SSL_CONF_TYPE_NONE was added in OpenSSL 1.1.0. In earlier versions of OpenSSL passing a command which didn't take an argument would return SSL_CONF_TYPE_UNKNOWN.

+ +

MinProtocol and MaxProtocol where added in OpenSSL 1.1.0.

+ +

AllowNoDHEKEX and PrioritizeChaCha were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2012-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_cmd_argv.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_cmd_argv.html new file mode 100644 index 00000000..213d482b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CONF_cmd_argv.html @@ -0,0 +1,65 @@ + + + + +SSL_CONF_cmd_argv + + + + + + + + + + +

NAME

+ +

SSL_CONF_cmd_argv - SSL configuration command line processing

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
+ +

DESCRIPTION

+ +

The function SSL_CONF_cmd_argv() processes at most two command line arguments from pargv and pargc. The values of pargv and pargc are updated to reflect the number of command options processed. The pargc argument can be set to NULL if it is not used.

+ +

RETURN VALUES

+ +

SSL_CONF_cmd_argv() returns the number of command arguments processed: 0, 1, 2 or a negative error code.

+ +

If -2 is returned then an argument for a command is missing.

+ +

If -1 is returned the command is recognised but couldn't be processed due to an error: for example a syntax error in the argument.

+ +

SEE ALSO

+ +

SSL_CONF_CTX_new(3), SSL_CONF_CTX_set_flags(3), SSL_CONF_CTX_set1_prefix(3), SSL_CONF_CTX_set_ssl_ctx(3), SSL_CONF_cmd(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_add1_chain_cert.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_add1_chain_cert.html new file mode 100644 index 00000000..3c17541d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_add1_chain_cert.html @@ -0,0 +1,122 @@ + + + + +SSL_CTX_add1_chain_cert + + + + + + + + + + +

NAME

+ +

SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, SSL_build_cert_chain, SSL_CTX_select_current_cert, SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert - extra chain certificate processing

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk);
+int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk);
+int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509);
+int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509);
+int SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
+int SSL_CTX_clear_chain_certs(SSL_CTX *ctx);
+
+int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *sk);
+int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *sk);
+int SSL_add0_chain_cert(SSL *ssl, X509 *x509);
+int SSL_add1_chain_cert(SSL *ssl, X509 *x509);
+int SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **sk);
+int SSL_clear_chain_certs(SSL *ssl);
+
+int SSL_CTX_build_cert_chain(SSL_CTX *ctx, flags);
+int SSL_build_cert_chain(SSL *ssl, flags);
+
+int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509);
+int SSL_select_current_cert(SSL *ssl, X509 *x509);
+int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op);
+int SSL_set_current_cert(SSL *ssl, long op);
+ +

DESCRIPTION

+ +

SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain associated with the current certificate of ctx to sk.

+ +

SSL_CTX_add0_chain_cert() and SSL_CTX_add1_chain_cert() append the single certificate x509 to the chain associated with the current certificate of ctx.

+ +

SSL_CTX_get0_chain_certs() retrieves the chain associated with the current certificate of ctx.

+ +

SSL_CTX_clear_chain_certs() clears any existing chain associated with the current certificate of ctx. (This is implemented by calling SSL_CTX_set0_chain() with sk set to NULL).

+ +

SSL_CTX_build_cert_chain() builds the certificate chain for ctx normally this uses the chain store or the verify store if the chain store is not set. If the function is successful the built chain will replace any existing chain. The flags parameter can be set to SSL_BUILD_CHAIN_FLAG_UNTRUSTED to use existing chain certificates as untrusted CAs, SSL_BUILD_CHAIN_FLAG_NO_ROOT to omit the root CA from the built chain, SSL_BUILD_CHAIN_FLAG_CHECK to use all existing chain certificates only to build the chain (effectively sanity checking and rearranging them if necessary), the flag SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR ignores any errors during verification: if flag SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR is also set verification errors are cleared from the error queue.

+ +

Each of these functions operates on the current end entity (i.e. server or client) certificate. This is the last certificate loaded or selected on the corresponding ctx structure.

+ +

SSL_CTX_select_current_cert() selects x509 as the current end entity certificate, but only if x509 has already been loaded into ctx using a function such as SSL_CTX_use_certificate().

+ +

SSL_set0_chain(), SSL_set1_chain(), SSL_add0_chain_cert(), SSL_add1_chain_cert(), SSL_get0_chain_certs(), SSL_clear_chain_certs(), SSL_build_cert_chain(), SSL_select_current_cert() and SSL_set_current_cert() are similar except they apply to SSL structure ssl.

+ +

SSL_CTX_set_current_cert() changes the current certificate to a value based on the op argument. Currently op can be SSL_CERT_SET_FIRST to use the first valid certificate or SSL_CERT_SET_NEXT to set the next valid certificate after the current certificate. These two operations can be used to iterate over all certificates in an SSL_CTX structure.

+ +

SSL_set_current_cert() also supports the option SSL_CERT_SET_SERVER. If ssl is a server and has sent a certificate to a connected client this option sets that certificate to the current certificate and returns 1. If the negotiated cipher suite is anonymous (and thus no certificate will be sent) 2 is returned and the current certificate is unchanged. If ssl is not a server or a certificate has not been sent 0 is returned and the current certificate is unchanged.

+ +

All these functions are implemented as macros. Those containing a 1 increment the reference count of the supplied certificate or chain so it must be freed at some point after the operation. Those containing a 0 do not increment reference counts and the supplied certificate or chain MUST NOT be freed after the operation.

+ +

NOTES

+ +

The chains associate with an SSL_CTX structure are copied to any SSL structures when SSL_new() is called. SSL structures will not be affected by any chains subsequently changed in the parent SSL_CTX.

+ +

One chain can be set for each key type supported by a server. So, for example, an RSA and a DSA certificate can (and often will) have different chains.

+ +

The functions SSL_CTX_build_cert_chain() and SSL_build_cert_chain() can be used to check application configuration and to ensure any necessary subordinate CAs are sent in the correct order. Misconfigured applications sending incorrect certificate chains often cause problems with peers.

+ +

For example an application can add any set of certificates using SSL_CTX_use_certificate_chain_file() then call SSL_CTX_build_cert_chain() with the option SSL_BUILD_CHAIN_FLAG_CHECK to check and reorder them.

+ +

Applications can issue non fatal warnings when checking chains by setting the flag SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS and checking the return value.

+ +

Calling SSL_CTX_build_cert_chain() or SSL_build_cert_chain() is more efficient than the automatic chain building as it is only performed once. Automatic chain building is performed on each new session.

+ +

If any certificates are added using these functions no certificates added using SSL_CTX_add_extra_chain_cert() will be used.

+ +

RETURN VALUES

+ +

SSL_set_current_cert() with SSL_CERT_SET_SERVER return 1 for success, 2 if no server certificate is used because the cipher suites is anonymous and 0 for failure.

+ +

SSL_CTX_build_cert_chain() and SSL_build_cert_chain() return 1 for success and 0 for failure. If the flag SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR and a verification error occurs then 2 is returned.

+ +

All other functions return 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

SSL_CTX_add_extra_chain_cert(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_add_extra_chain_cert.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_add_extra_chain_cert.html new file mode 100644 index 00000000..a9443a1b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_add_extra_chain_cert.html @@ -0,0 +1,75 @@ + + + + +SSL_CTX_add_extra_chain_cert + + + + + + + + + + +

NAME

+ +

SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear extra chain certificates

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
+long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_add_extra_chain_cert() adds the certificate x509 to the extra chain certificates associated with ctx. Several certificates can be added one after another.

+ +

SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates associated with ctx.

+ +

These functions are implemented as macros.

+ +

NOTES

+ +

When sending a certificate chain, extra chain certificates are sent in order following the end entity certificate.

+ +

If no chain is specified, the library will try to complete the chain from the available CA certificates in the trusted CA storage, see SSL_CTX_load_verify_locations(3).

+ +

The x509 certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the SSL_CTX is destroyed. An application should not free the x509 object.

+ +

RESTRICTIONS

+ +

Only one set of extra chain certificates can be specified per SSL_CTX structure. Different chains for different certificates (for example if both RSA and DSA certificates are specified by the same server) or different SSL structures with the same parent SSL_CTX cannot be specified using this function. For more flexibility functions such as SSL_add1_chain_cert() should be used instead.

+ +

RETURN VALUES

+ +

SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return 1 on success and 0 for failure. Check out the error stack to find out the reason for failure.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_use_certificate(3), SSL_CTX_set_client_cert_cb(3), SSL_CTX_load_verify_locations(3) SSL_CTX_set0_chain(3) SSL_CTX_set1_chain(3) SSL_CTX_add0_chain_cert(3) SSL_CTX_add1_chain_cert(3) SSL_set0_chain(3) SSL_set1_chain(3) SSL_add0_chain_cert(3) SSL_add1_chain_cert(3) SSL_CTX_build_cert_chain(3) SSL_build_cert_chain(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_add_session.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_add_session.html new file mode 100644 index 00000000..08140fee --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_add_session.html @@ -0,0 +1,83 @@ + + + + +SSL_CTX_add_session + + + + + + + + + + +

NAME

+ +

SSL_CTX_add_session, SSL_CTX_remove_session - manipulate session cache

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);
+
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
+ +

DESCRIPTION

+ +

SSL_CTX_add_session() adds the session c to the context ctx. The reference count for session c is incremented by 1. If a session with the same session id already exists, the old session is removed by calling SSL_SESSION_free(3).

+ +

SSL_CTX_remove_session() removes the session c from the context ctx and marks it as non-resumable. SSL_SESSION_free(3) is called once for c.

+ +

NOTES

+ +

When adding a new session to the internal session cache, it is examined whether a session with the same session id already exists. In this case it is assumed that both sessions are identical. If the same session is stored in a different SSL_SESSION object, The old session is removed and replaced by the new session. If the session is actually identical (the SSL_SESSION object is identical), SSL_CTX_add_session() is a no-op, and the return value is 0.

+ +

If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE flag then the internal cache will not be populated automatically by new sessions negotiated by the SSL/TLS implementation, even though the internal cache will be searched automatically for session-resume requests (the latter can be suppressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the application can use SSL_CTX_add_session() directly to have full control over the sessions that can be resumed if desired.

+ +

RETURN VALUES

+ +

The following values are returned by all functions:

+ +
+ +
0
+
+ +

The operation failed. In case of the add operation, it was tried to add the same (identical) session twice. In case of the remove operation, the session was not found in the cache.

+ +
+
1
+
+ +

The operation succeeded.

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_session_cache_mode(3), SSL_SESSION_free(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_config.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_config.html new file mode 100644 index 00000000..de3dfed2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_config.html @@ -0,0 +1,105 @@ + + + + +SSL_CTX_config + + + + + + + + + + +

NAME

+ +

SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_config(SSL_CTX *ctx, const char *name);
+int SSL_config(SSL *s, const char *name);
+ +

DESCRIPTION

+ +

The functions SSL_CTX_config() and SSL_config() configure an SSL_CTX or SSL structure using the configuration name.

+ +

NOTES

+ +

By calling SSL_CTX_config() or SSL_config() an application can perform many complex tasks based on the contents of the configuration file: greatly simplifying application configuration code. A degree of future proofing can also be achieved: an application can support configuration features in newer versions of OpenSSL automatically.

+ +

A configuration file must have been previously loaded, for example using CONF_modules_load_file(). See config(5) for details of the configuration file syntax.

+ +

RETURN VALUES

+ +

SSL_CTX_config() and SSL_config() return 1 for success or 0 if an error occurred.

+ +

EXAMPLES

+ +

If the file "config.cnf" contains the following:

+ +
testapp = test_sect
+
+[test_sect]
+# list of configuration modules
+
+ssl_conf = ssl_sect
+
+[ssl_sect]
+server = server_section
+
+[server_section]
+RSA.Certificate = server-rsa.pem
+ECDSA.Certificate = server-ecdsa.pem
+Ciphers = ALL:!RC4
+ +

An application could call:

+ +
if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) {
+    fprintf(stderr, "Error processing config file\n");
+    goto err;
+}
+
+ctx = SSL_CTX_new(TLS_server_method());
+
+if (SSL_CTX_config(ctx, "server") == 0) {
+    fprintf(stderr, "Error configuring server.\n");
+    goto err;
+}
+ +

In this example two certificates and the cipher list are configured without the need for any additional application code.

+ +

SEE ALSO

+ +

config(5), SSL_CONF_cmd(3), CONF_modules_load_file(3)

+ +

HISTORY

+ +

The SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_ctrl.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_ctrl.html new file mode 100644 index 00000000..d9aeb1b7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_ctrl.html @@ -0,0 +1,60 @@ + + + + +SSL_CTX_ctrl + + + + + + + + + + +

NAME

+ +

SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl - internal handling functions for SSL_CTX and SSL objects

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)());
+
+long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+long SSL_callback_ctrl(SSL *, int cmd, void (*fp)());
+ +

DESCRIPTION

+ +

The SSL_*_ctrl() family of functions is used to manipulate settings of the SSL_CTX and SSL objects. Depending on the command cmd the arguments larg, parg, or fp are evaluated. These functions should never be called directly. All functionalities needed are made available via other functions or macros.

+ +

RETURN VALUES

+ +

The return values of the SSL*_ctrl() functions depend on the command supplied via the cmd parameter.

+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_dane_enable.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_dane_enable.html new file mode 100644 index 00000000..42f4684d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_dane_enable.html @@ -0,0 +1,252 @@ + + + + +SSL_CTX_dane_enable + + + + + + + + + + +

NAME

+ +

SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa, SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, SSL_dane_set_flags, SSL_dane_clear_flags - enable DANE TLS authentication of the remote TLS server in the local TLS client

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_dane_enable(SSL_CTX *ctx);
+int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
+                           uint8_t mtype, uint8_t ord);
+int SSL_dane_enable(SSL *s, const char *basedomain);
+int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+                      uint8_t mtype, unsigned const char *data, size_t dlen);
+int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
+int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+                       uint8_t *mtype, unsigned const char **data,
+                       size_t *dlen);
+unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
+unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
+unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
+unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
+ +

DESCRIPTION

+ +

These functions implement support for DANE TLSA (RFC6698 and RFC7671) peer authentication.

+ +

SSL_CTX_dane_enable() must be called first to initialize the shared state required for DANE support. Individual connections associated with the context can then enable per-connection DANE support as appropriate. DANE authentication is implemented in the X509_verify_cert(3) function, and applications that override X509_verify_cert(3) via SSL_CTX_set_cert_verify_callback(3) are responsible to authenticate the peer chain in whatever manner they see fit.

+ +

SSL_CTX_dane_mtype_set() may then be called zero or more times to adjust the supported digest algorithms. This must be done before any SSL handles are created for the context.

+ +

The mtype argument specifies a DANE TLSA matching type and the md argument specifies the associated digest algorithm handle. The ord argument specifies a strength ordinal. Algorithms with a larger strength ordinal are considered more secure. Strength ordinals are used to implement RFC7671 digest algorithm agility. Specifying a NULL digest algorithm for a matching type disables support for that matching type. Matching type Full(0) cannot be modified or disabled.

+ +

By default, matching type SHA2-256(1) (see RFC7218 for definitions of the DANE TLSA parameter acronyms) is mapped to EVP_sha256() with a strength ordinal of 1 and matching type SHA2-512(2) is mapped to EVP_sha512() with a strength ordinal of 2.

+ +

SSL_dane_enable() must be called before the SSL handshake is initiated with SSL_connect(3) if (and only if) you want to enable DANE for that connection. (The connection must be associated with a DANE-enabled SSL context). The basedomain argument specifies the RFC7671 TLSA base domain, which will be the primary peer reference identifier for certificate name checks. Additional server names can be specified via SSL_add1_host(3). The basedomain is used as the default SNI hint if none has yet been specified via SSL_set_tlsext_host_name(3).

+ +

SSL_dane_tlsa_add() may then be called one or more times, to load each of the TLSA records that apply to the remote TLS peer. (This too must be done prior to the beginning of the SSL handshake). The arguments specify the fields of the TLSA record. The data field is provided in binary (wire RDATA) form, not the hexadecimal ASCII presentation form, with an explicit length passed via dlen. The library takes a copy of the data buffer contents and the caller may free the original data buffer when convenient. A return value of 0 indicates that "unusable" TLSA records (with invalid or unsupported parameters) were provided. A negative return value indicates an internal error in processing the record.

+ +

The caller is expected to check the return value of each SSL_dane_tlsa_add() call and take appropriate action if none are usable or an internal error is encountered in processing some records.

+ +

If no TLSA records are added successfully, DANE authentication is not enabled, and authentication will be based on any configured traditional trust-anchors; authentication success in this case does not mean that the peer was DANE-authenticated.

+ +

SSL_get0_dane_authority() can be used to get more detailed information about the matched DANE trust-anchor after successful connection completion. The return value is negative if DANE verification failed (or was not enabled), 0 if an EE TLSA record directly matched the leaf certificate, or a positive number indicating the depth at which a TA record matched an issuer certificate. The complete verified chain can be retrieved via SSL_get0_verified_chain(3). The return value is an index into this verified chain, rather than the list of certificates sent by the peer as returned by SSL_get_peer_cert_chain(3).

+ +

If the mcert argument is not NULL and a TLSA record matched a chain certificate, a pointer to the matching certificate is returned via mcert. The returned address is a short-term internal reference to the certificate and must not be freed by the application. Applications that want to retain access to the certificate can call X509_up_ref(3) to obtain a long-term reference which must then be freed via X509_free(3) once no longer needed.

+ +

If no TLSA records directly matched any elements of the certificate chain, but a DANE-TA(2) SPKI(1) Full(0) record provided the public key that signed an element of the chain, then that key is returned via mspki argument (if not NULL). In this case the return value is the depth of the top-most element of the validated certificate chain. As with mcert this is a short-term internal reference, and EVP_PKEY_up_ref(3) and EVP_PKEY_free(3) can be used to acquire and release long-term references respectively.

+ +

SSL_get0_dane_tlsa() can be used to retrieve the fields of the TLSA record that matched the peer certificate chain. The return value indicates the match depth or failure to match just as with SSL_get0_dane_authority(). When the return value is non-negative, the storage pointed to by the usage, selector, mtype and data parameters is updated to the corresponding TLSA record fields. The data field is in binary wire form, and is therefore not NUL-terminated, its length is returned via the dlen parameter. If any of these parameters is NULL, the corresponding field is not returned. The data parameter is set to a short-term internal-copy of the associated data field and must not be freed by the application. Applications that need long-term access to this field need to copy the content.

+ +

SSL_CTX_dane_set_flags() and SSL_dane_set_flags() can be used to enable optional DANE verification features. SSL_CTX_dane_clear_flags() and SSL_dane_clear_flags() can be used to disable the same features. The flags argument is a bitmask of the features to enable or disable. The flags set for an SSL_CTX context are copied to each SSL handle associated with that context at the time the handle is created. Subsequent changes in the context's flags have no effect on the flags set for the handle.

+ +

At present, the only available option is DANE_FLAG_NO_DANE_EE_NAMECHECKS which can be used to disable server name checks when authenticating via DANE-EE(3) TLSA records. For some applications, primarily web browsers, it is not safe to disable name checks due to "unknown key share" attacks, in which a malicious server can convince a client that a connection to a victim server is instead a secure connection to the malicious server. The malicious server may then be able to violate cross-origin scripting restrictions. Thus, despite the text of RFC7671, name checks are by default enabled for DANE-EE(3) TLSA records, and can be disabled in applications where it is safe to do so. In particular, SMTP and XMPP clients should set this option as SRV and MX records already make it possible for a remote domain to redirect client connections to any server of its choice, and in any case SMTP and XMPP clients do not execute scripts downloaded from remote servers.

+ +

RETURN VALUES

+ +

The functions SSL_CTX_dane_enable(), SSL_CTX_dane_mtype_set(), SSL_dane_enable() and SSL_dane_tlsa_add() return a positive value on success. Negative return values indicate resource problems (out of memory, etc.) in the SSL library, while a return value of 0 indicates incorrect usage or invalid input, such as an unsupported TLSA record certificate usage, selector or matching type. Invalid input also includes malformed data, either a digest length that does not match the digest algorithm, or a Full(0) (binary ASN.1 DER form) certificate or a public key that fails to parse.

+ +

The functions SSL_get0_dane_authority() and SSL_get0_dane_tlsa() return a negative value when DANE authentication failed or was not enabled, a non-negative value indicates the chain depth at which the TLSA record matched a chain certificate, or the depth of the top-most certificate, when the TLSA record is a full public key that is its signer.

+ +

The functions SSL_CTX_dane_set_flags(), SSL_CTX_dane_clear_flags(), SSL_dane_set_flags() and SSL_dane_clear_flags() return the flags in effect before they were called.

+ +

EXAMPLES

+ +

Suppose "smtp.example.com" is the MX host of the domain "example.com", and has DNSSEC-validated TLSA records. The calls below will perform DANE authentication and arrange to match either the MX hostname or the destination domain name in the SMTP server certificate. Wildcards are supported, but must match the entire label. The actual name matched in the certificate (which might be a wildcard) is retrieved, and must be copied by the application if it is to be retained beyond the lifetime of the SSL connection.

+ +
SSL_CTX *ctx;
+SSL *ssl;
+int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL;
+int num_usable = 0;
+const char *nexthop_domain = "example.com";
+const char *dane_tlsa_domain = "smtp.example.com";
+uint8_t usage, selector, mtype;
+
+if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
+    /* error */
+if (SSL_CTX_dane_enable(ctx) <= 0)
+    /* error */
+if ((ssl = SSL_new(ctx)) == NULL)
+    /* error */
+if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0)
+    /* error */
+
+/*
+ * For many applications it is safe to skip DANE-EE(3) namechecks.  Do not
+ * disable the checks unless "unknown key share" attacks pose no risk for
+ * your application.
+ */
+SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
+
+if (!SSL_add1_host(ssl, nexthop_domain))
+    /* error */
+SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+
+for (... each TLSA record ...) {
+    unsigned char *data;
+    size_t len;
+    int ret;
+
+    /* set usage, selector, mtype, data, len */
+
+    /*
+     * Opportunistic DANE TLS clients support only DANE-TA(2) or DANE-EE(3).
+     * They treat all other certificate usages, and in particular PKIX-TA(0)
+     * and PKIX-EE(1), as unusable.
+     */
+    switch (usage) {
+    default:
+    case 0:     /* PKIX-TA(0) */
+    case 1:     /* PKIX-EE(1) */
+        continue;
+    case 2:     /* DANE-TA(2) */
+    case 3:     /* DANE-EE(3) */
+        break;
+    }
+
+    ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len);
+    /* free data as appropriate */
+
+    if (ret < 0)
+        /* handle SSL library internal error */
+    else if (ret == 0)
+        /* handle unusable TLSA record */
+    else
+        ++num_usable;
+}
+
+/*
+ * At this point, the verification mode is still the default SSL_VERIFY_NONE.
+ * Opportunistic DANE clients use unauthenticated TLS when all TLSA records
+ * are unusable, so continue the handshake even if authentication fails.
+ */
+if (num_usable == 0) {
+    /* Log all records unusable? */
+
+    /* Optionally set verify_cb to a suitable non-NULL callback. */
+    SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb);
+} else {
+    /* At least one usable record.  We expect to verify the peer */
+
+    /* Optionally set verify_cb to a suitable non-NULL callback. */
+
+    /*
+     * Below we elect to fail the handshake when peer verification fails.
+     * Alternatively, use the permissive SSL_VERIFY_NONE verification mode,
+     * complete the handshake, check the verification status, and if not
+     * verified disconnect gracefully at the application layer, especially if
+     * application protocol supports informing the server that authentication
+     * failed.
+     */
+    SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb);
+}
+
+/*
+ * Load any saved session for resumption, making sure that the previous
+ * session applied the same security and authentication requirements that
+ * would be expected of a fresh connection.
+ */
+
+/* Perform SSL_connect() handshake and handle errors here */
+
+if (SSL_session_reused(ssl)) {
+    if (SSL_get_verify_result(ssl) == X509_V_OK) {
+        /*
+         * Resumed session was originally verified, this connection is
+         * authenticated.
+         */
+    } else {
+        /*
+         * Resumed session was not originally verified, this connection is not
+         * authenticated.
+         */
+    }
+} else if (SSL_get_verify_result(ssl) == X509_V_OK) {
+    const char *peername = SSL_get0_peername(ssl);
+    EVP_PKEY *mspki = NULL;
+
+    int depth = SSL_get0_dane_authority(ssl, NULL, &mspki);
+    if (depth >= 0) {
+        (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL);
+        printf("DANE TLSA %d %d %d %s at depth %d\n", usage, selector, mtype,
+               (mspki != NULL) ? "TA public key verified certificate" :
+               depth ? "matched TA certificate" : "matched EE certificate",
+               depth);
+    }
+    if (peername != NULL) {
+        /* Name checks were in scope and matched the peername */
+        printf("Verified peername: %s\n", peername);
+    }
+} else {
+    /*
+     * Not authenticated, presumably all TLSA rrs unusable, but possibly a
+     * callback suppressed connection termination despite the presence of
+     * usable TLSA RRs none of which matched.  Do whatever is appropriate for
+     * fresh unauthenticated connections.
+     */
+}
+ +

NOTES

+ +

It is expected that the majority of clients employing DANE TLS will be doing "opportunistic DANE TLS" in the sense of RFC7672 and RFC7435. That is, they will use DANE authentication when DNSSEC-validated TLSA records are published for a given peer, and otherwise will use unauthenticated TLS or even cleartext.

+ +

Such applications should generally treat any TLSA records published by the peer with usages PKIX-TA(0) and PKIX-EE(1) as "unusable", and should not include them among the TLSA records used to authenticate peer connections. In addition, some TLSA records with supported usages may be "unusable" as a result of invalid or unsupported parameters.

+ +

When a peer has TLSA records, but none are "usable", an opportunistic application must avoid cleartext, but cannot authenticate the peer, and so should generally proceed with an unauthenticated connection. Opportunistic applications need to note the return value of each call to SSL_dane_tlsa_add(), and if all return 0 (due to invalid or unsupported parameters) disable peer authentication by calling SSL_set_verify(3) with mode equal to SSL_VERIFY_NONE.

+ +

SEE ALSO

+ +

SSL_new(3), SSL_add1_host(3), SSL_set_hostflags(3), SSL_set_tlsext_host_name(3), SSL_set_verify(3), SSL_CTX_set_cert_verify_callback(3), SSL_get0_verified_chain(3), SSL_get_peer_cert_chain(3), SSL_get_verify_result(3), SSL_connect(3), SSL_get0_peername(3), X509_verify_cert(3), X509_up_ref(3), X509_free(3), EVP_get_digestbyname(3), EVP_PKEY_up_ref(3), EVP_PKEY_free(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_flush_sessions.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_flush_sessions.html new file mode 100644 index 00000000..1973598d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_flush_sessions.html @@ -0,0 +1,65 @@ + + + + +SSL_CTX_flush_sessions + + + + + + + + + + +

NAME

+ +

SSL_CTX_flush_sessions - remove expired sessions

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
+ +

DESCRIPTION

+ +

SSL_CTX_flush_sessions() causes a run through the session cache of ctx to remove sessions expired at time tm.

+ +

NOTES

+ +

If enabled, the internal session cache will collect all sessions established up to the specified maximum number (see SSL_CTX_sess_set_cache_size()). As sessions will not be reused ones they are expired, they should be removed from the cache to save resources. This can either be done automatically whenever 255 new sessions were established (see SSL_CTX_set_session_cache_mode(3)) or manually by calling SSL_CTX_flush_sessions().

+ +

The parameter tm specifies the time which should be used for the expiration test, in most cases the actual time given by time(0) will be used.

+ +

SSL_CTX_flush_sessions() will only check sessions stored in the internal cache. When a session is found and removed, the remove_session_cb is however called to synchronize with the external cache (see SSL_CTX_sess_set_get_cb(3)).

+ +

RETURN VALUES

+ +

SSL_CTX_flush_sessions() does not return a value.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_session_cache_mode(3), SSL_CTX_set_timeout(3), SSL_CTX_sess_set_get_cb(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_free.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_free.html new file mode 100644 index 00000000..b1844a21 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_free.html @@ -0,0 +1,65 @@ + + + + +SSL_CTX_free + + + + + + + + + + +

NAME

+ +

SSL_CTX_free - free an allocated SSL_CTX object

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_free(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_free() decrements the reference count of ctx, and removes the SSL_CTX object pointed to by ctx and frees up the allocated memory if the reference count has reached 0.

+ +

It also calls the free()ing procedures for indirectly affected items, if applicable: the session cache, the list of ciphers, the list of Client CAs, the certificates and keys.

+ +

If ctx is NULL nothing is done.

+ +

WARNINGS

+ +

If a session-remove callback is set (SSL_CTX_sess_set_remove_cb()), this callback will be called for each session being freed from ctx's session cache. This implies, that all corresponding sessions from an external session cache are removed as well. If this is not desired, the user should explicitly unset the callback by calling SSL_CTX_sess_set_remove_cb(ctx, NULL) prior to calling SSL_CTX_free().

+ +

RETURN VALUES

+ +

SSL_CTX_free() does not provide diagnostic information.

+ +

SEE ALSO

+ +

SSL_CTX_new(3), ssl(7), SSL_CTX_sess_set_get_cb(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_get0_param.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_get0_param.html new file mode 100644 index 00000000..f87495e2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_get0_param.html @@ -0,0 +1,81 @@ + + + + +SSL_CTX_get0_param + + + + + + + + + + +

NAME

+ +

SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param - get and set verification parameters

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
+int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
+ +

DESCRIPTION

+ +

SSL_CTX_get0_param() and SSL_get0_param() retrieve an internal pointer to the verification parameters for ctx or ssl respectively. The returned pointer must not be freed by the calling application.

+ +

SSL_CTX_set1_param() and SSL_set1_param() set the verification parameters to vpm for ctx or ssl.

+ +

NOTES

+ +

Typically parameters are retrieved from an SSL_CTX or SSL structure using SSL_CTX_get0_param() or SSL_get0_param() and an application modifies them to suit its needs: for example to add a hostname check.

+ +

RETURN VALUES

+ +

SSL_CTX_get0_param() and SSL_get0_param() return a pointer to an X509_VERIFY_PARAM structure.

+ +

SSL_CTX_set1_param() and SSL_set1_param() return 1 for success and 0 for failure.

+ +

EXAMPLES

+ +

Check hostname matches "www.foo.com" in peer certificate:

+ +
X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl);
+X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0);
+ +

SEE ALSO

+ +

X509_VERIFY_PARAM_set_flags(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_get_verify_mode.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_get_verify_mode.html new file mode 100644 index 00000000..44bc3b05 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_get_verify_mode.html @@ -0,0 +1,71 @@ + + + + +SSL_CTX_get_verify_mode + + + + + + + + + + +

NAME

+ +

SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback - get currently set verification parameters

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
+int SSL_get_verify_mode(const SSL *ssl);
+int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
+int SSL_get_verify_depth(const SSL *ssl);
+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
+int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *);
+ +

DESCRIPTION

+ +

SSL_CTX_get_verify_mode() returns the verification mode currently set in ctx.

+ +

SSL_get_verify_mode() returns the verification mode currently set in ssl.

+ +

SSL_CTX_get_verify_depth() returns the verification depth limit currently set in ctx. If no limit has been explicitly set, -1 is returned and the default value will be used.

+ +

SSL_get_verify_depth() returns the verification depth limit currently set in ssl. If no limit has been explicitly set, -1 is returned and the default value will be used.

+ +

SSL_CTX_get_verify_callback() returns a function pointer to the verification callback currently set in ctx. If no callback was explicitly set, the NULL pointer is returned and the default callback will be used.

+ +

SSL_get_verify_callback() returns a function pointer to the verification callback currently set in ssl. If no callback was explicitly set, the NULL pointer is returned and the default callback will be used.

+ +

RETURN VALUES

+ +

See DESCRIPTION

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_verify(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_has_client_custom_ext.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_has_client_custom_ext.html new file mode 100644 index 00000000..4ee01e99 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_has_client_custom_ext.html @@ -0,0 +1,56 @@ + + + + +SSL_CTX_has_client_custom_ext + + + + + + + + + + +

NAME

+ +

SSL_CTX_has_client_custom_ext - check whether a handler exists for a particular client extension type

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type);
+ +

DESCRIPTION

+ +

SSL_CTX_has_client_custom_ext() checks whether a handler has been set for a client extension of type ext_type using SSL_CTX_add_client_custom_ext().

+ +

RETURN VALUES

+ +

Returns 1 if a handler has been set, 0 otherwise.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_add_client_custom_ext(3)

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_load_verify_locations.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_load_verify_locations.html new file mode 100644 index 00000000..369a444e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_load_verify_locations.html @@ -0,0 +1,131 @@ + + + + +SSL_CTX_load_verify_locations + + + + + + + + + + +

NAME

+ +

SSL_CTX_load_verify_locations, SSL_CTX_set_default_verify_paths, SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file - set default locations for trusted CA certificates

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                  const char *CApath);
+
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+
+int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
+
+int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_load_verify_locations() specifies the locations for ctx, at which CA certificates for verification purposes are located. The certificates available via CAfile and CApath are trusted.

+ +

SSL_CTX_set_default_verify_paths() specifies that the default locations from which CA certificates are loaded should be used. There is one default directory and one default file. The default CA certificates directory is called "certs" in the default OpenSSL directory. Alternatively the SSL_CERT_DIR environment variable can be defined to override this location. The default CA certificates file is called "cert.pem" in the default OpenSSL directory. Alternatively the SSL_CERT_FILE environment variable can be defined to override this location.

+ +

SSL_CTX_set_default_verify_dir() is similar to SSL_CTX_set_default_verify_paths() except that just the default directory is used.

+ +

SSL_CTX_set_default_verify_file() is similar to SSL_CTX_set_default_verify_paths() except that just the default file is used.

+ +

NOTES

+ +

If CAfile is not NULL, it points to a file of CA certificates in PEM format. The file can contain several CA certificates identified by

+ +
-----BEGIN CERTIFICATE-----
+... (CA certificate in base64 encoding) ...
+-----END CERTIFICATE-----
+ +

sequences. Before, between, and after the certificates text is allowed which can be used e.g. for descriptions of the certificates.

+ +

The CAfile is processed on execution of the SSL_CTX_load_verify_locations() function.

+ +

If CApath is not NULL, it points to a directory containing CA certificates in PEM format. The files each contain one CA certificate. The files are looked up by the CA subject name hash value, which must hence be available. If more than one CA certificate with the same name hash value exist, the extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in the ordering of the extension number, regardless of other properties of the certificates. Use the c_rehash utility to create the necessary links.

+ +

The certificates in CApath are only looked up when required, e.g. when building the certificate chain or when actually performing the verification of a peer certificate.

+ +

When looking up CA certificates, the OpenSSL library will first search the certificates in CAfile, then those in CApath. Certificate matching is done based on the subject name, the key identifier (if present), and the serial number as taken from the certificate to be verified. If these data do not match, the next certificate will be tried. If a first certificate matching the parameters is found, the verification process will be performed; no other certificates for the same parameters will be searched in case of failure.

+ +

In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list is not influenced by the contents of CAfile or CApath and must explicitly be set using the SSL_CTX_set_client_CA_list(3) family of functions.

+ +

When building its own certificate chain, an OpenSSL client/server will try to fill in missing certificates from CAfile/CApath, if the certificate chain was not explicitly specified (see SSL_CTX_add_extra_chain_cert(3), SSL_CTX_use_certificate(3).

+ +

WARNINGS

+ +

If several CA certificates matching the name, key identifier, and serial number condition are available, only the first one will be examined. This may lead to unexpected results if the same CA certificate is available with different expiration dates. If a "certificate expired" verification error occurs, no other certificate will be searched. Make sure to not have expired certificates mixed with valid ones.

+ +

RETURN VALUES

+ +

For SSL_CTX_load_verify_locations the following return values can occur:

+ +
+ +
0
+
+ +

The operation failed because CAfile and CApath are NULL or the processing at one of the locations specified failed. Check the error stack to find out the reason.

+ +
+
1
+
+ +

The operation succeeded.

+ +
+
+ +

SSL_CTX_set_default_verify_paths(), SSL_CTX_set_default_verify_dir() and SSL_CTX_set_default_verify_file() all return 1 on success or 0 on failure. A missing default location is still treated as a success.

+ +

EXAMPLES

+ +

Generate a CA certificate file with descriptive text from the CA certificates ca1.pem ca2.pem ca3.pem:

+ +
#!/bin/sh
+rm CAfile.pem
+for i in ca1.pem ca2.pem ca3.pem ; do
+    openssl x509 -in $i -text >> CAfile.pem
+done
+ +

Prepare the directory /some/where/certs containing several CA certificates for use as CApath:

+ +
cd /some/where/certs
+c_rehash .
+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_client_CA_list(3), SSL_get_client_CA_list(3), SSL_CTX_use_certificate(3), SSL_CTX_add_extra_chain_cert(3), SSL_CTX_set_cert_store(3), SSL_CTX_set_client_CA_list(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_new.html new file mode 100644 index 00000000..b8fba1be --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_new.html @@ -0,0 +1,205 @@ + + + + +SSL_CTX_new + + + + + + + + + + +

NAME

+ +

TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method - create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled functions

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
+int SSL_CTX_up_ref(SSL_CTX *ctx);
+
+const SSL_METHOD *TLS_method(void);
+const SSL_METHOD *TLS_server_method(void);
+const SSL_METHOD *TLS_client_method(void);
+
+const SSL_METHOD *SSLv23_method(void);
+const SSL_METHOD *SSLv23_server_method(void);
+const SSL_METHOD *SSLv23_client_method(void);
+
+#ifndef OPENSSL_NO_SSL3_METHOD
+const SSL_METHOD *SSLv3_method(void);
+const SSL_METHOD *SSLv3_server_method(void);
+const SSL_METHOD *SSLv3_client_method(void);
+#endif
+
+#ifndef OPENSSL_NO_TLS1_METHOD
+const SSL_METHOD *TLSv1_method(void);
+const SSL_METHOD *TLSv1_server_method(void);
+const SSL_METHOD *TLSv1_client_method(void);
+#endif
+
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+const SSL_METHOD *TLSv1_1_method(void);
+const SSL_METHOD *TLSv1_1_server_method(void);
+const SSL_METHOD *TLSv1_1_client_method(void);
+#endif
+
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+const SSL_METHOD *TLSv1_2_method(void);
+const SSL_METHOD *TLSv1_2_server_method(void);
+const SSL_METHOD *TLSv1_2_client_method(void);
+#endif
+
+const SSL_METHOD *DTLS_method(void);
+const SSL_METHOD *DTLS_server_method(void);
+const SSL_METHOD *DTLS_client_method(void);
+
+#ifndef OPENSSL_NO_DTLS1_METHOD
+const SSL_METHOD *DTLSv1_method(void);
+const SSL_METHOD *DTLSv1_server_method(void);
+const SSL_METHOD *DTLSv1_client_method(void);
+#endif
+
+#ifndef OPENSSL_NO_DTLS1_2_METHOD
+const SSL_METHOD *DTLSv1_2_method(void);
+const SSL_METHOD *DTLSv1_2_server_method(void);
+const SSL_METHOD *DTLSv1_2_client_method(void);
+#endif
+ +

DESCRIPTION

+ +

SSL_CTX_new() creates a new SSL_CTX object as framework to establish TLS/SSL or DTLS enabled connections. An SSL_CTX object is reference counted. Creating an SSL_CTX object for the first time increments the reference count. Freeing it (using SSL_CTX_free) decrements it. When the reference count drops to zero, any memory or resources allocated to the SSL_CTX object are freed. SSL_CTX_up_ref() increments the reference count for an existing SSL_CTX structure.

+ +

NOTES

+ +

The SSL_CTX object uses method as connection method. The methods exist in a generic type (for client and server use), a server only type, and a client only type. method can be of the following types:

+ +
+ +
TLS_method(), TLS_server_method(), TLS_client_method()
+
+ +

These are the general-purpose version-flexible SSL/TLS methods. The actual protocol version used will be negotiated to the highest version mutually supported by the client and the server. The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. Applications should use these methods, and avoid the version-specific methods described below, which are deprecated.

+ +
+
SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()
+
+ +

These functions do not exist anymore, they have been renamed to TLS_method(), TLS_server_method() and TLS_client_method() respectively. Currently, the old function calls are renamed to the corresponding new ones by preprocessor macros, to ensure that existing code which uses the old function names still compiles. However, using the old function names is deprecated and new code should call the new functions instead.

+ +
+
TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()
+
+ +

A TLS/SSL connection established with these methods will only understand the TLSv1.2 protocol. These methods are deprecated.

+ +
+
TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()
+
+ +

A TLS/SSL connection established with these methods will only understand the TLSv1.1 protocol. These methods are deprecated.

+ +
+
TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()
+
+ +

A TLS/SSL connection established with these methods will only understand the TLSv1 protocol. These methods are deprecated.

+ +
+
SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()
+
+ +

A TLS/SSL connection established with these methods will only understand the SSLv3 protocol. The SSLv3 protocol is deprecated and should not be used.

+ +
+
DTLS_method(), DTLS_server_method(), DTLS_client_method()
+
+ +

These are the version-flexible DTLS methods. Currently supported protocols are DTLS 1.0 and DTLS 1.2.

+ +
+
DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()
+
+ +

These are the version-specific methods for DTLSv1.2. These methods are deprecated.

+ +
+
DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()
+
+ +

These are the version-specific methods for DTLSv1. These methods are deprecated.

+ +
+
+ +

SSL_CTX_new() initializes the list of ciphers, the session cache setting, the callbacks, the keys and certificates and the options to their default values.

+ +

TLS_method(), TLS_server_method(), TLS_client_method(), DTLS_method(), DTLS_server_method() and DTLS_client_method() are the version-flexible methods. All other methods only support one specific protocol version. Use the version-flexible methods instead of the version specific methods.

+ +

If you want to limit the supported protocols for the version flexible methods you can use SSL_CTX_set_min_proto_version(3), SSL_set_min_proto_version(3), SSL_CTX_set_max_proto_version(3) and SSL_set_max_proto_version(3) functions. Using these functions it is possible to choose e.g. TLS_server_method() and be able to negotiate with all possible clients, but to only allow newer protocols like TLS 1.0, TLS 1.1, TLS 1.2 or TLS 1.3.

+ +

The list of protocols available can also be limited using the SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_3, SSL_OP_NO_TLSv1_2 and SSL_OP_NO_TLSv1_3 options of the SSL_CTX_set_options(3) or SSL_set_options(3) functions, but this approach is not recommended. Clients should avoid creating "holes" in the set of protocols they support. When disabling a protocol, make sure that you also disable either all previous or all subsequent protocol versions. In clients, when a protocol version is disabled without disabling all previous protocol versions, the effect is to also disable all subsequent protocol versions.

+ +

The SSLv3 protocol is deprecated and should generally not be used. Applications should typically use SSL_CTX_set_min_proto_version(3) to set the minimum protocol to at least TLS1_VERSION.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
NULL
+
+ +

The creation of a new SSL_CTX object failed. Check the error stack to find out the reason.

+ +
+
Pointer to an SSL_CTX object
+
+ +

The return value points to an allocated SSL_CTX object.

+ +

SSL_CTX_up_ref() returns 1 for success and 0 for failure.

+ +
+
+ +

SEE ALSO

+ +

SSL_CTX_set_options(3), SSL_CTX_free(3), SSL_accept(3), SSL_CTX_set_min_proto_version(3), ssl(7), SSL_set_connect_state(3)

+ +

HISTORY

+ +

Support for SSLv2 and the corresponding SSLv2_method(), SSLv2_server_method() and SSLv2_client_method() functions where removed in OpenSSL 1.1.0.

+ +

SSLv23_method(), SSLv23_server_method() and SSLv23_client_method() were deprecated and the preferred TLS_method(), TLS_server_method() and TLS_client_method() functions were added in OpenSSL 1.1.0.

+ +

All version-specific methods were deprecated in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_sess_number.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_sess_number.html new file mode 100644 index 00000000..a40f8b64 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_sess_number.html @@ -0,0 +1,89 @@ + + + + +SSL_CTX_sess_number + + + + + + + + + + +

NAME

+ +

SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full - obtain session cache statistics

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_sess_number(SSL_CTX *ctx);
+long SSL_CTX_sess_connect(SSL_CTX *ctx);
+long SSL_CTX_sess_connect_good(SSL_CTX *ctx);
+long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);
+long SSL_CTX_sess_accept(SSL_CTX *ctx);
+long SSL_CTX_sess_accept_good(SSL_CTX *ctx);
+long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);
+long SSL_CTX_sess_hits(SSL_CTX *ctx);
+long SSL_CTX_sess_cb_hits(SSL_CTX *ctx);
+long SSL_CTX_sess_misses(SSL_CTX *ctx);
+long SSL_CTX_sess_timeouts(SSL_CTX *ctx);
+long SSL_CTX_sess_cache_full(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_sess_number() returns the current number of sessions in the internal session cache.

+ +

SSL_CTX_sess_connect() returns the number of started SSL/TLS handshakes in client mode.

+ +

SSL_CTX_sess_connect_good() returns the number of successfully established SSL/TLS sessions in client mode.

+ +

SSL_CTX_sess_connect_renegotiate() returns the number of started renegotiations in client mode.

+ +

SSL_CTX_sess_accept() returns the number of started SSL/TLS handshakes in server mode.

+ +

SSL_CTX_sess_accept_good() returns the number of successfully established SSL/TLS sessions in server mode.

+ +

SSL_CTX_sess_accept_renegotiate() returns the number of started renegotiations in server mode.

+ +

SSL_CTX_sess_hits() returns the number of successfully reused sessions. In client mode a session set with SSL_set_session(3) successfully reused is counted as a hit. In server mode a session successfully retrieved from internal or external cache is counted as a hit.

+ +

SSL_CTX_sess_cb_hits() returns the number of successfully retrieved sessions from the external session cache in server mode.

+ +

SSL_CTX_sess_misses() returns the number of sessions proposed by clients that were not found in the internal session cache in server mode.

+ +

SSL_CTX_sess_timeouts() returns the number of sessions proposed by clients and either found in the internal or external session cache in server mode, but that were invalid due to timeout. These sessions are not included in the SSL_CTX_sess_hits() count.

+ +

SSL_CTX_sess_cache_full() returns the number of sessions that were removed because the maximum session cache size was exceeded.

+ +

RETURN VALUES

+ +

The functions return the values indicated in the DESCRIPTION section.

+ +

SEE ALSO

+ +

ssl(7), SSL_set_session(3), SSL_CTX_set_session_cache_mode(3) SSL_CTX_sess_set_cache_size(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_sess_set_cache_size.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_sess_set_cache_size.html new file mode 100644 index 00000000..a10dc722 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_sess_set_cache_size.html @@ -0,0 +1,70 @@ + + + + +SSL_CTX_sess_set_cache_size + + + + + + + + + + +

NAME

+ +

SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size - manipulate session cache size

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t);
+long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_sess_set_cache_size() sets the size of the internal session cache of context ctx to t. This value is a hint and not an absolute; see the notes below.

+ +

SSL_CTX_sess_get_cache_size() returns the currently valid session cache size.

+ +

NOTES

+ +

The internal session cache size is SSL_SESSION_CACHE_MAX_SIZE_DEFAULT, currently 1024*20, so that up to 20000 sessions can be held. This size can be modified using the SSL_CTX_sess_set_cache_size() call. A special case is the size 0, which is used for unlimited size.

+ +

If adding the session makes the cache exceed its size, then unused sessions are dropped from the end of the cache. Cache space may also be reclaimed by calling SSL_CTX_flush_sessions(3) to remove expired sessions.

+ +

If the size of the session cache is reduced and more sessions are already in the session cache, old session will be removed at the next time a session shall be added. This removal is not synchronized with the expiration of sessions.

+ +

RETURN VALUES

+ +

SSL_CTX_sess_set_cache_size() returns the previously valid size.

+ +

SSL_CTX_sess_get_cache_size() returns the currently valid size.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_session_cache_mode(3), SSL_CTX_sess_number(3), SSL_CTX_flush_sessions(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_sess_set_get_cb.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_sess_set_get_cb.html new file mode 100644 index 00000000..82e583f7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_sess_set_get_cb.html @@ -0,0 +1,93 @@ + + + + +SSL_CTX_sess_set_get_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb - provide callback functions for server side external session caching

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+                             int (*new_session_cb)(SSL *, SSL_SESSION *));
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+                                void (*remove_session_cb)(SSL_CTX *ctx,
+                                                          SSL_SESSION *));
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+                             SSL_SESSION (*get_session_cb)(SSL *,
+                                                           const unsigned char *,
+                                                           int, int *));
+
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+                                             SSL_SESSION *sess);
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
+                                                 SSL_SESSION *sess);
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+                                                      const unsigned char *data,
+                                                      int len, int *copy);
+ +

DESCRIPTION

+ +

SSL_CTX_sess_set_new_cb() sets the callback function that is called whenever a new session was negotiated.

+ +

SSL_CTX_sess_set_remove_cb() sets the callback function that is called whenever a session is removed by the SSL engine. For example, this can occur because a session is considered faulty or has become obsolete because of exceeding the timeout value.

+ +

SSL_CTX_sess_set_get_cb() sets the callback function that is called whenever a TLS client proposed to resume a session but the session could not be found in the internal session cache (see SSL_CTX_set_session_cache_mode(3)). (TLS server only.)

+ +

SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and SSL_CTX_sess_get_get_cb() retrieve the function pointers set by the corresponding set callback functions. If a callback function has not been set, the NULL pointer is returned.

+ +

NOTES

+ +

In order to allow external session caching, synchronization with the internal session cache is realized via callback functions. Inside these callback functions, session can be saved to disk or put into a database using the d2i_SSL_SESSION(3) interface.

+ +

The new_session_cb() is called whenever a new session has been negotiated and session caching is enabled (see SSL_CTX_set_session_cache_mode(3)). The new_session_cb() is passed the ssl connection and the nascent ssl session sess. Since sessions are reference-counted objects, the reference count on the session is incremented before the callback, on behalf of the application. If the callback returns 0, the session will be immediately removed from the internal cache and the reference count released. If the callback returns 1, the application retains the reference (for an entry in the application-maintained "external session cache"), and is responsible for calling SSL_SESSION_free() when the session reference is no longer in use.

+ +

Note that in TLSv1.3, sessions are established after the main handshake has completed. The server decides when to send the client the session information and this may occur some time after the end of the handshake (or not at all). This means that applications should expect the new_session_cb() function to be invoked during the handshake (for <= TLSv1.2) or after the handshake (for TLSv1.3). It is also possible in TLSv1.3 for multiple sessions to be established with a single connection. In these case the new_session_cb() function will be invoked multiple times.

+ +

In TLSv1.3 it is recommended that each SSL_SESSION object is only used for resumption once. One way of enforcing that is for applications to call SSL_CTX_remove_session(3) after a session has been used.

+ +

The remove_session_cb() is called whenever the SSL engine removes a session from the internal cache. This can happen when the session is removed because it is expired or when a connection was not shutdown cleanly. It also happens for all sessions in the internal session cache when SSL_CTX_free(3) is called. The remove_session_cb() is passed the ctx and the ssl session sess. It does not provide any feedback.

+ +

The get_session_cb() is only called on SSL/TLS servers, and is given the session id proposed by the client. The get_session_cb() is always called, even when session caching was disabled. The get_session_cb() is passed the ssl connection and the session id of length length at the memory location data. By setting the parameter copy to 1, the callback can require the SSL engine to increment the reference count of the SSL_SESSION object; setting copy to 0 causes the reference count to remain unchanged. If the get_session_cb() does not write to copy, the reference count is incremented and the session must be explicitly freed with SSL_SESSION_free(3).

+ +

RETURN VALUES

+ +

SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb() and SSL_CTX_sess_get_get_cb() return different callback function pointers respectively.

+ +

SEE ALSO

+ +

ssl(7), d2i_SSL_SESSION(3), SSL_CTX_set_session_cache_mode(3), SSL_CTX_flush_sessions(3), SSL_SESSION_free(3), SSL_CTX_free(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_sessions.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_sessions.html new file mode 100644 index 00000000..b2990840 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_sessions.html @@ -0,0 +1,61 @@ + + + + +SSL_CTX_sessions + + + + + + + + + + +

NAME

+ +

SSL_CTX_sessions - access internal session cache

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_sessions() returns a pointer to the lhash databases containing the internal session cache for ctx.

+ +

NOTES

+ +

The sessions in the internal session cache are kept in an LHASH(3) type database. It is possible to directly access this database e.g. for searching. In parallel, the sessions form a linked list which is maintained separately from the LHASH(3) operations, so that the database must not be modified directly but by using the SSL_CTX_add_session(3) family of functions.

+ +

RETURN VALUES

+ +

SSL_CTX_sessions() returns a pointer to the lhash of SSL_SESSION.

+ +

SEE ALSO

+ +

ssl(7), LHASH(3), SSL_CTX_add_session(3), SSL_CTX_set_session_cache_mode(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set0_CA_list.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set0_CA_list.html new file mode 100644 index 00000000..76ca3839 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set0_CA_list.html @@ -0,0 +1,130 @@ + + + + +SSL_CTX_set0_CA_list + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_get_client_CA_list, SSL_CTX_get_client_CA_list, SSL_CTX_add_client_CA, SSL_add_client_CA, SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list, SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list, SSL_get0_peer_CA_list - get or set CA list

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
+int SSL_add_client_CA(SSL *ssl, X509 *cacert);
+
+void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
+void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx);
+const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s);
+int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x);
+int SSL_add1_to_CA_list(SSL *ssl, const X509 *x);
+
+const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s);
+ +

DESCRIPTION

+ +

The functions described here set and manage the list of CA names that are sent between two communicating peers.

+ +

For TLS versions 1.2 and earlier the list of CA names is only sent from the server to the client when requesting a client certificate. So any list of CA names set is never sent from client to server and the list of CA names retrieved by SSL_get0_peer_CA_list() is always NULL.

+ +

For TLS 1.3 the list of CA names is sent using the certificate_authorities extension and may be sent by a client (in the ClientHello message) or by a server (when requesting a certificate).

+ +

In most cases it is not necessary to set CA names on the client side. The list of CA names that are acceptable to the client will be sent in plaintext to the server. This has privacy implications and may also have performance implications if the list is large. This optional capability was introduced as part of TLSv1.3 and therefore setting CA names on the client side will have no impact if that protocol version has been disabled. Most servers do not need this and so this should be avoided unless required.

+ +

The "client CA list" functions below only have an effect when called on the server side.

+ +

SSL_CTX_set_client_CA_list() sets the list of CAs sent to the client when requesting a client certificate for ctx. Ownership of list is transferred to ctx and it should not be freed by the caller.

+ +

SSL_set_client_CA_list() sets the list of CAs sent to the client when requesting a client certificate for the chosen ssl, overriding the setting valid for ssl's SSL_CTX object. Ownership of list is transferred to s and it should not be freed by the caller.

+ +

SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for ctx using SSL_CTX_set_client_CA_list(). The returned list should not be freed by the caller.

+ +

SSL_get_client_CA_list() returns the list of client CAs explicitly set for ssl using SSL_set_client_CA_list() or ssl's SSL_CTX object with SSL_CTX_set_client_CA_list(), when in server mode. In client mode, SSL_get_client_CA_list returns the list of client CAs sent from the server, if any. The returned list should not be freed by the caller.

+ +

SSL_CTX_add_client_CA() adds the CA name extracted from cacert to the list of CAs sent to the client when requesting a client certificate for ctx.

+ +

SSL_add_client_CA() adds the CA name extracted from cacert to the list of CAs sent to the client when requesting a client certificate for the chosen ssl, overriding the setting valid for ssl's SSL_CTX object.

+ +

SSL_get0_peer_CA_list() retrieves the list of CA names (if any) the peer has sent. This can be called on either the server or the client side. The returned list should not be freed by the caller.

+ +

The "generic CA list" functions below are very similar to the "client CA list" functions except that they have an effect on both the server and client sides. The lists of CA names managed are separate - so you cannot (for example) set CA names using the "client CA list" functions and then get them using the "generic CA list" functions. Where a mix of the two types of functions has been used on the server side then the "client CA list" functions take precedence. Typically, on the server side, the "client CA list " functions should be used in preference. As noted above in most cases it is not necessary to set CA names on the client side.

+ +

SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to name_list. Ownership of name_list is transferred to ctx and it should not be freed by the caller.

+ +

SSL_set0_CA_list() sets the list of CAs to be sent to the peer to name_list overriding any list set in the parent SSL_CTX of s. Ownership of name_list is transferred to s and it should not be freed by the caller.

+ +

SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for ctx. The returned list should not be freed by the caller.

+ +

SSL_get0_CA_list() retrieves any previously set list of CAs set for s or if none are set the list from the parent SSL_CTX is retrieved. The returned list should not be freed by the caller.

+ +

SSL_CTX_add1_to_CA_list() appends the CA subject name extracted from x to the list of CAs sent to peer for ctx.

+ +

SSL_add1_to_CA_list() appends the CA subject name extracted from x to the list of CAs sent to the peer for s, overriding the setting in the parent SSL_CTX.

+ +

NOTES

+ +

When a TLS/SSL server requests a client certificate (see SSL_CTX_set_verify(3)), it sends a list of CAs, for which it will accept certificates, to the client.

+ +

This list must explicitly be set using SSL_CTX_set_client_CA_list() or SSL_CTX_set0_CA_list() for ctx and SSL_set_client_CA_list() or SSL_set0_CA_list() for the specific ssl. The list specified overrides the previous setting. The CAs listed do not become trusted (list only contains the names, not the complete certificates); use SSL_CTX_load_verify_locations(3) to additionally load them for verification.

+ +

If the list of acceptable CAs is compiled in a file, the SSL_load_client_CA_file(3) function can be used to help to import the necessary data.

+ +

SSL_CTX_add_client_CA(), SSL_CTX_add1_to_CA_list(), SSL_add_client_CA() and SSL_add1_to_CA_list() can be used to add additional items the list of CAs. If no list was specified before using SSL_CTX_set_client_CA_list(), SSL_CTX_set0_CA_list(), SSL_set_client_CA_list() or SSL_set0_CA_list(), a new CA list for ctx or ssl (as appropriate) is opened.

+ +

RETURN VALUES

+ +

SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(), SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(), SSL_CTX_set0_CA_list() and SSL_set0_CA_list() do not return a value.

+ +

SSL_CTX_get_client_CA_list(), SSL_get_client_CA_list(), SSL_CTX_get0_CA_list() and SSL_get0_CA_list() return a stack of CA names or NULL is no CA names are set.

+ +

SSL_CTX_add_client_CA(),SSL_add_client_CA(), SSL_CTX_add1_to_CA_list() and SSL_add1_to_CA_list() return 1 for success and 0 for failure.

+ +

SSL_get0_peer_CA_list() returns a stack of CA names sent by the peer or NULL or an empty stack if no list was sent.

+ +

EXAMPLES

+ +

Scan all certificates in CAfile and list them as acceptable CAs:

+ +
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
+ +

SEE ALSO

+ +

ssl(7), SSL_load_client_CA_file(3), SSL_CTX_load_verify_locations(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set1_curves.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set1_curves.html new file mode 100644 index 00000000..4d026098 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set1_curves.html @@ -0,0 +1,102 @@ + + + + +SSL_CTX_set1_curves + + + + + + + + + + +

NAME

+ +

SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve - EC supported curve functions

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen);
+int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list);
+
+int SSL_set1_groups(SSL *ssl, int *glist, int glistlen);
+int SSL_set1_groups_list(SSL *ssl, char *list);
+
+int SSL_get1_groups(SSL *ssl, int *groups);
+int SSL_get_shared_group(SSL *s, int n);
+
+int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen);
+int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list);
+
+int SSL_set1_curves(SSL *ssl, int *clist, int clistlen);
+int SSL_set1_curves_list(SSL *ssl, char *list);
+
+int SSL_get1_curves(SSL *ssl, int *curves);
+int SSL_get_shared_curve(SSL *s, int n);
+ +

DESCRIPTION

+ +

For all of the functions below that set the supported groups there must be at least one group in the list.

+ +

SSL_CTX_set1_groups() sets the supported groups for ctx to glistlen groups in the array glist. The array consist of all NIDs of groups in preference order. For a TLS client the groups are used directly in the supported groups extension. For a TLS server the groups are used to determine the set of shared groups.

+ +

SSL_CTX_set1_groups_list() sets the supported groups for ctx to string list. The string is a colon separated list of group NIDs or names, for example "P-521:P-384:P-256".

+ +

SSL_set1_groups() and SSL_set1_groups_list() are similar except they set supported groups for the SSL structure ssl.

+ +

SSL_get1_groups() returns the set of supported groups sent by a client in the supported groups extension. It returns the total number of supported groups. The groups parameter can be NULL to simply return the number of groups for memory allocation purposes. The groups array is in the form of a set of group NIDs in preference order. It can return zero if the client did not send a supported groups extension.

+ +

SSL_get_shared_group() returns shared group n for a server-side SSL ssl. If n is -1 then the total number of shared groups is returned, which may be zero. Other than for diagnostic purposes, most applications will only be interested in the first shared group so n is normally set to zero. If the value n is out of range, NID_undef is returned.

+ +

All these functions are implemented as macros.

+ +

The curve functions are synonyms for the equivalently named group functions and are identical in every respect. They exist because, prior to TLS1.3, there was only the concept of supported curves. In TLS1.3 this was renamed to supported groups, and extended to include Diffie Hellman groups. The group functions should be used in preference.

+ +

NOTES

+ +

If an application wishes to make use of several of these functions for configuration purposes either on a command line or in a file it should consider using the SSL_CONF interface instead of manually parsing options.

+ +

RETURN VALUES

+ +

SSL_CTX_set1_groups(), SSL_CTX_set1_groups_list(), SSL_set1_groups() and SSL_set1_groups_list(), return 1 for success and 0 for failure.

+ +

SSL_get1_groups() returns the number of groups, which may be zero.

+ +

SSL_get_shared_group() returns the NID of shared group n or NID_undef if there is no shared group n; or the total number of shared groups if n is -1.

+ +

When called on a client ssl, SSL_get_shared_group() has no meaning and returns -1.

+ +

SEE ALSO

+ +

SSL_CTX_add_extra_chain_cert(3)

+ +

HISTORY

+ +

The curve functions were added in OpenSSL 1.0.2. The equivalent group functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set1_sigalgs.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set1_sigalgs.html new file mode 100644 index 00000000..7efae4fe --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set1_sigalgs.html @@ -0,0 +1,106 @@ + + + + +SSL_CTX_set1_sigalgs + + + + + + + + + + +

NAME

+ +

SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs, SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list, SSL_set1_client_sigalgs_list - set supported signature algorithms

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set1_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen);
+long SSL_set1_sigalgs(SSL *ssl, const int *slist, long slistlen);
+long SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str);
+long SSL_set1_sigalgs_list(SSL *ssl, const char *str);
+
+long SSL_CTX_set1_client_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen);
+long SSL_set1_client_sigalgs(SSL *ssl, const int *slist, long slistlen);
+long SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str);
+long SSL_set1_client_sigalgs_list(SSL *ssl, const char *str);
+ +

DESCRIPTION

+ +

SSL_CTX_set1_sigalgs() and SSL_set1_sigalgs() set the supported signature algorithms for ctx or ssl. The array slist of length slistlen must consist of pairs of NIDs corresponding to digest and public key algorithms.

+ +

SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list() set the supported signature algorithms for ctx or ssl. The str parameter must be a null terminated string consisting of a colon separated list of elements, where each element is either a combination of a public key algorithm and a digest separated by +, or a TLS 1.3-style named SignatureScheme such as rsa_pss_pss_sha256.

+ +

SSL_CTX_set1_client_sigalgs(), SSL_set1_client_sigalgs(), SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() set signature algorithms related to client authentication, otherwise they are identical to SSL_CTX_set1_sigalgs(), SSL_set1_sigalgs(), SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list().

+ +

All these functions are implemented as macros. The signature algorithm parameter (integer array or string) is not freed: the application should free it, if necessary.

+ +

NOTES

+ +

If an application wishes to allow the setting of signature algorithms as one of many user configurable options it should consider using the more flexible SSL_CONF API instead.

+ +

The signature algorithms set by a client are used directly in the supported signature algorithm in the client hello message.

+ +

The supported signature algorithms set by a server are not sent to the client but are used to determine the set of shared signature algorithms and (if server preferences are set with SSL_OP_CIPHER_SERVER_PREFERENCE) their order.

+ +

The client authentication signature algorithms set by a server are sent in a certificate request message if client authentication is enabled, otherwise they are unused.

+ +

Similarly client authentication signature algorithms set by a client are used to determined the set of client authentication shared signature algorithms.

+ +

Signature algorithms will neither be advertised nor used if the security level prohibits them (for example SHA1 if the security level is 4 or more).

+ +

Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and NID_sha512 digest NIDs are supported and the public key algorithm NIDs EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_DSA and EVP_PKEY_EC.

+ +

The short or long name values for digests can be used in a string (for example "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512") and the public key algorithm strings "RSA", "RSA-PSS", "DSA" or "ECDSA".

+ +

The TLS 1.3 signature scheme names (such as "rsa_pss_pss_sha256") can also be used with the _list forms of the API.

+ +

The use of MD5 as a digest is strongly discouraged due to security weaknesses.

+ +

RETURN VALUES

+ +

All these functions return 1 for success and 0 for failure.

+ +

EXAMPLES

+ +

Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA using an array:

+ +
const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA};
+
+SSL_CTX_set1_sigalgs(ctx, slist, 4);
+ +

Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA using a string:

+ +
SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256");
+ +

SEE ALSO

+ +

ssl(7), SSL_get_shared_sigalgs(3), SSL_CONF_CTX_new(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set1_verify_cert_store.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set1_verify_cert_store.html new file mode 100644 index 00000000..8d08b842 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set1_verify_cert_store.html @@ -0,0 +1,90 @@ + + + + +SSL_CTX_set1_verify_cert_store + + + + + + + + + + +

NAME

+ +

SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate verification or chain store

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);
+int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);
+int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
+int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
+
+int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st);
+int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st);
+int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st);
+int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st);
+ +

DESCRIPTION

+ +

SSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store() set the certificate store used for certificate verification to st.

+ +

SSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store() set the certificate store used for certificate chain building to st.

+ +

SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar except they apply to SSL structure ssl.

+ +

All these functions are implemented as macros. Those containing a 1 increment the reference count of the supplied store so it must be freed at some point after the operation. Those containing a 0 do not increment reference counts and the supplied store MUST NOT be freed after the operation.

+ +

NOTES

+ +

The stores pointers associated with an SSL_CTX structure are copied to any SSL structures when SSL_new() is called. As a result SSL structures will not be affected if the parent SSL_CTX store pointer is set to a new value.

+ +

The verification store is used to verify the certificate chain sent by the peer: that is an SSL/TLS client will use the verification store to verify the server's certificate chain and a SSL/TLS server will use it to verify any client certificate chain.

+ +

The chain store is used to build the certificate chain.

+ +

If the mode SSL_MODE_NO_AUTO_CHAIN is set or a certificate chain is configured already (for example using the functions such as SSL_CTX_add1_chain_cert(3) or SSL_CTX_add_extra_chain_cert(3)) then automatic chain building is disabled.

+ +

If the mode SSL_MODE_NO_AUTO_CHAIN is set then automatic chain building is disabled.

+ +

If the chain or the verification store is not set then the store associated with the parent SSL_CTX is used instead to retain compatibility with previous versions of OpenSSL.

+ +

RETURN VALUES

+ +

All these functions return 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

SSL_CTX_add_extra_chain_cert(3) SSL_CTX_set0_chain(3) SSL_CTX_set1_chain(3) SSL_CTX_add0_chain_cert(3) SSL_CTX_add1_chain_cert(3) SSL_set0_chain(3) SSL_set1_chain(3) SSL_add0_chain_cert(3) SSL_add1_chain_cert(3) SSL_CTX_build_cert_chain(3) SSL_build_cert_chain(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_alpn_select_cb.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_alpn_select_cb.html new file mode 100644 index 00000000..7315d486 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_alpn_select_cb.html @@ -0,0 +1,167 @@ + + + + +SSL_CTX_set_alpn_select_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb, SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated - handle application layer protocol negotiation (ALPN)

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+                            unsigned int protos_len);
+int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+                        unsigned int protos_len);
+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+                                int (*cb) (SSL *ssl,
+                                           const unsigned char **out,
+                                           unsigned char *outlen,
+                                           const unsigned char *in,
+                                           unsigned int inlen,
+                                           void *arg), void *arg);
+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+                            unsigned int *len);
+
+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx,
+                                           int (*cb)(SSL *ssl,
+                                                     const unsigned char **out,
+                                                     unsigned int *outlen,
+                                                     void *arg),
+                                           void *arg);
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
+                              int (*cb)(SSL *s,
+                                        unsigned char **out,
+                                        unsigned char *outlen,
+                                        const unsigned char *in,
+                                        unsigned int inlen,
+                                        void *arg),
+                              void *arg);
+int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+                          const unsigned char *server,
+                          unsigned int server_len,
+                          const unsigned char *client,
+                          unsigned int client_len)
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+                            unsigned *len);
+ +

DESCRIPTION

+ +

SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to set the list of protocols available to be negotiated. The protos must be in protocol-list format, described below. The length of protos is specified in protos_len.

+ +

SSL_CTX_set_alpn_select_cb() sets the application callback cb used by a server to select which protocol to use for the incoming connection. When cb is NULL, ALPN is not used. The arg value is a pointer which is passed to the application callback.

+ +

cb is the application defined callback. The in, inlen parameters are a vector in protocol-list format. The value of the out, outlen vector should be set to the value of a single protocol selected from the in, inlen vector. The out buffer may point directly into in, or to a buffer that outlives the handshake. The arg parameter is the pointer set via SSL_CTX_set_alpn_select_cb().

+ +

SSL_select_next_proto() is a helper function used to select protocols. It implements the standard protocol selection. It is expected that this function is called from the application callback cb. The protocol data in server, server_len and client, client_len must be in the protocol-list format described below. The first item in the server, server_len list that matches an item in the client, client_len list is selected, and returned in out, outlen. The out value will point into either server or client, so it should be copied immediately. If no match is found, the first item in client, client_len is returned in out, outlen. This function can also be used in the NPN callback.

+ +

SSL_CTX_set_next_proto_select_cb() sets a callback cb that is called when a client needs to select a protocol from the server's provided list, and a user-defined pointer argument arg which will be passed to this callback. For the callback itself, out must be set to point to the selected protocol (which may be within in). The length of the protocol name must be written into outlen. The server's advertised protocols are provided in in and inlen. The callback can assume that in is syntactically valid. The client must select a protocol. It is fatal to the connection if this callback returns a value other than SSL_TLSEXT_ERR_OK. The arg parameter is the pointer set via SSL_CTX_set_next_proto_select_cb().

+ +

SSL_CTX_set_next_protos_advertised_cb() sets a callback cb that is called when a TLS server needs a list of supported protocols for Next Protocol Negotiation. The returned list must be in protocol-list format, described below. The list is returned by setting out to point to it and outlen to its length. This memory will not be modified, but the SSL does keep a reference to it. The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no such extension will be included in the ServerHello.

+ +

SSL_get0_alpn_selected() returns a pointer to the selected protocol in data with length len. It is not NUL-terminated. data is set to NULL and len is set to 0 if no protocol has been selected. data must not be freed.

+ +

SSL_get0_next_proto_negotiated() sets data and len to point to the client's requested protocol for this connection. If the client did not request any protocol or NPN is not enabled, then data is set to NULL and len to 0. Note that the client can request any protocol it chooses. The value returned from this function need not be a member of the list of supported protocols provided by the callback.

+ +

NOTES

+ +

The protocol-lists must be in wire-format, which is defined as a vector of non-empty, 8-bit length-prefixed, byte strings. The length-prefix byte is not included in the length. Each string is limited to 255 bytes. A byte-string length of 0 is invalid. A truncated byte-string is invalid. The length of the vector is not in the vector itself, but in a separate variable.

+ +

Example:

+ +
unsigned char vector[] = {
+    6, 's', 'p', 'd', 'y', '/', '1',
+    8, 'h', 't', 't', 'p', '/', '1', '.', '1'
+};
+unsigned int length = sizeof(vector);
+ +

The ALPN callback is executed after the servername callback; as that servername callback may update the SSL_CTX, and subsequently, the ALPN callback.

+ +

If there is no ALPN proposed in the ClientHello, the ALPN callback is not invoked.

+ +

RETURN VALUES

+ +

SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() return 0 on success, and non-0 on failure. WARNING: these functions reverse the return value convention.

+ +

SSL_select_next_proto() returns one of the following:

+ +
+ +
OPENSSL_NPN_NEGOTIATED
+
+ +

A match was found and is returned in out, outlen.

+ +
+
OPENSSL_NPN_NO_OVERLAP
+
+ +

No match was found. The first item in client, client_len is returned in out, outlen.

+ +
+
+ +

The ALPN select callback cb, must return one of the following:

+ +
+ +
SSL_TLSEXT_ERR_OK
+
+ +

ALPN protocol selected.

+ +
+
SSL_TLSEXT_ERR_ALERT_FATAL
+
+ +

There was no overlap between the client's supplied list and the server configuration.

+ +
+
SSL_TLSEXT_ERR_NOACK
+
+ +

ALPN protocol not selected, e.g., because no ALPN protocols are configured for this connection.

+ +
+
+ +

The callback set using SSL_CTX_set_next_proto_select_cb() should return SSL_TLSEXT_ERR_OK if successful. Any other value is fatal to the connection.

+ +

The callback set using SSL_CTX_set_next_protos_advertised_cb() should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no such extension will be included in the ServerHello.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_tlsext_servername_callback(3), SSL_CTX_set_tlsext_servername_arg(3)

+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_cert_cb.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_cert_cb.html new file mode 100644 index 00000000..f249a6ed --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_cert_cb.html @@ -0,0 +1,77 @@ + + + + +SSL_CTX_set_cert_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_cert_cb, SSL_set_cert_cb - handle certificate callback function

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg),
+                         void *arg);
+void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg);
+
+int (*cert_cb)(SSL *ssl, void *arg);
+ +

DESCRIPTION

+ +

SSL_CTX_set_cert_cb() and SSL_set_cert_cb() sets the cert_cb() callback, arg value is pointer which is passed to the application callback.

+ +

When cert_cb() is NULL, no callback function is used.

+ +

cert_cb() is the application defined callback. It is called before a certificate will be used by a client or server. The callback can then inspect the passed ssl structure and set or clear any appropriate certificates. If the callback is successful it MUST return 1 even if no certificates have been set. A zero is returned on error which will abort the handshake with a fatal internal error alert. A negative return value will suspend the handshake and the handshake function will return immediately. SSL_get_error(3) will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of cert_cb(). It is the job of the cert_cb() to store information about the state of the last call, if required to continue.

+ +

NOTES

+ +

An application will typically call SSL_use_certificate() and SSL_use_PrivateKey() to set the end entity certificate and private key. It can add intermediate and optionally the root CA certificates using SSL_add1_chain_cert().

+ +

It might also call SSL_certs_clear() to delete any certificates associated with the SSL object.

+ +

The certificate callback functionality supersedes the (largely broken) functionality provided by the old client certificate callback interface. It is always called even is a certificate is already set so the callback can modify or delete the existing certificate.

+ +

A more advanced callback might examine the handshake parameters and set whatever chain is appropriate. For example a legacy client supporting only TLSv1.0 might receive a certificate chain signed using SHA1 whereas a TLSv1.2 or later client which advertises support for SHA256 could receive a chain using SHA256.

+ +

Normal server sanity checks are performed on any certificates set by the callback. So if an EC chain is set for a curve the client does not support it will not be used.

+ +

RETURN VALUES

+ +

SSL_CTX_set_cert_cb() and SSL_set_cert_cb() do not return values.

+ +

SEE ALSO

+ +

ssl(7), SSL_use_certificate(3), SSL_add1_chain_cert(3), SSL_get_client_CA_list(3), SSL_clear(3), SSL_free(3)

+ +

COPYRIGHT

+ +

Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_cert_store.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_cert_store.html new file mode 100644 index 00000000..53acd914 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_cert_store.html @@ -0,0 +1,84 @@ + + + + +SSL_CTX_set_cert_store + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
+void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store);
+X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_set_cert_store() sets/replaces the certificate verification storage of ctx to/with store. If another X509_STORE object is currently set in ctx, it will be X509_STORE_free()ed.

+ +

SSL_CTX_set1_cert_store() sets/replaces the certificate verification storage of ctx to/with store. The store's reference count is incremented. If another X509_STORE object is currently set in ctx, it will be X509_STORE_free()ed.

+ +

SSL_CTX_get_cert_store() returns a pointer to the current certificate verification storage.

+ +

NOTES

+ +

In order to verify the certificates presented by the peer, trusted CA certificates must be accessed. These CA certificates are made available via lookup methods, handled inside the X509_STORE. From the X509_STORE the X509_STORE_CTX used when verifying certificates is created.

+ +

Typically the trusted certificate store is handled indirectly via using SSL_CTX_load_verify_locations(3). Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions it is possible to manipulate the X509_STORE object beyond the SSL_CTX_load_verify_locations(3) call.

+ +

Currently no detailed documentation on how to use the X509_STORE object is available. Not all members of the X509_STORE are used when the verification takes place. So will e.g. the verify_callback() be overridden with the verify_callback() set via the SSL_CTX_set_verify(3) family of functions. This document must therefore be updated when documentation about the X509_STORE object and its handling becomes available.

+ +

SSL_CTX_set_cert_store() does not increment the store's reference count, so it should not be used to assign an X509_STORE that is owned by another SSL_CTX.

+ +

To share X509_STOREs between two SSL_CTXs, use SSL_CTX_get_cert_store() to get the X509_STORE from the first SSL_CTX, and then use SSL_CTX_set1_cert_store() to assign to the second SSL_CTX and increment the reference count of the X509_STORE.

+ +

RESTRICTIONS

+ +

The X509_STORE structure used by an SSL_CTX is used for verifying peer certificates and building certificate chains, it is also shared by every child SSL structure. Applications wanting finer control can use functions such as SSL_CTX_set1_verify_cert_store() instead.

+ +

RETURN VALUES

+ +

SSL_CTX_set_cert_store() does not return diagnostic output.

+ +

SSL_CTX_set1_cert_store() does not return diagnostic output.

+ +

SSL_CTX_get_cert_store() returns the current setting.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_load_verify_locations(3), SSL_CTX_set_verify(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_cert_verify_callback.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_cert_verify_callback.html new file mode 100644 index 00000000..c6c8b4b6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_cert_verify_callback.html @@ -0,0 +1,81 @@ + + + + +SSL_CTX_set_cert_verify_callback + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+                                      int (*callback)(X509_STORE_CTX *, void *),
+                                      void *arg);
+ +

DESCRIPTION

+ +

SSL_CTX_set_cert_verify_callback() sets the verification callback function for ctx. SSL objects that are created from ctx inherit the setting valid at the time when SSL_new(3) is called.

+ +

NOTES

+ +

Whenever a certificate is verified during a SSL/TLS handshake, a verification function is called. If the application does not explicitly specify a verification callback function, the built-in verification function is used. If a verification callback callback is specified via SSL_CTX_set_cert_verify_callback(), the supplied callback function is called instead. By setting callback to NULL, the default behaviour is restored.

+ +

When the verification must be performed, callback will be called with the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The argument arg is specified by the application when setting callback.

+ +

callback should return 1 to indicate verification success and 0 to indicate verification failure. If SSL_VERIFY_PEER is set and callback returns 0, the handshake will fail. As the verification procedure may allow the connection to continue in the case of failure (by always returning 1) the verification result must be set in any case using the error member of x509_store_ctx so that the calling application will be informed about the detailed result of the verification procedure!

+ +

Within x509_store_ctx, callback has access to the verify_callback function set using SSL_CTX_set_verify(3).

+ +

RETURN VALUES

+ +

SSL_CTX_set_cert_verify_callback() does not return a value.

+ +

WARNINGS

+ +

Do not mix the verification callback described in this function with the verify_callback function called during the verification process. The latter is set using the SSL_CTX_set_verify(3) family of functions.

+ +

Providing a complete verification procedure including certificate purpose settings etc is a complex task. The built-in procedure is quite powerful and in most cases it should be sufficient to modify its behaviour using the verify_callback function.

+ +

BUGS

+ +

SSL_CTX_set_cert_verify_callback() does not provide diagnostic information.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_verify(3), SSL_get_verify_result(3), SSL_CTX_load_verify_locations(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_cipher_list.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_cipher_list.html new file mode 100644 index 00000000..8e93cdb7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_cipher_list.html @@ -0,0 +1,109 @@ + + + + +SSL_CTX_set_cipher_list + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_cipher_list, SSL_set_cipher_list, SSL_CTX_set_ciphersuites, SSL_set_ciphersuites - choose list of available SSL_CIPHERs

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
+int SSL_set_cipher_list(SSL *ssl, const char *str);
+
+int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str);
+int SSL_set_ciphersuites(SSL *s, const char *str);
+ +

DESCRIPTION

+ +

SSL_CTX_set_cipher_list() sets the list of available ciphers (TLSv1.2 and below) for ctx using the control string str. The format of the string is described in ciphers(1). The list of ciphers is inherited by all ssl objects created from ctx. This function does not impact TLSv1.3 ciphersuites. Use SSL_CTX_set_ciphersuites() to configure those.

+ +

SSL_set_cipher_list() sets the list of ciphers (TLSv1.2 and below) only for ssl.

+ +

SSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3 ciphersuites for ctx. This is a simple colon (":") separated list of TLSv1.3 ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are:

+ +
+ +
TLS_AES_128_GCM_SHA256
+
+ +
+
TLS_AES_256_GCM_SHA384
+
+ +
+
TLS_CHACHA20_POLY1305_SHA256
+
+ +
+
TLS_AES_128_CCM_SHA256
+
+ +
+
TLS_AES_128_CCM_8_SHA256
+
+ +
+
+ +

An empty list is permissible. The default value for the this setting is:

+ +

"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"

+ +

SSL_set_ciphersuites() is the same as SSL_CTX_set_ciphersuites() except it configures the ciphersuites for ssl.

+ +

NOTES

+ +

The control string str for SSL_CTX_set_cipher_list() and SSL_set_cipher_list() should be universally usable and not depend on details of the library configuration (ciphers compiled in). Thus no syntax checking takes place. Items that are not recognized, because the corresponding ciphers are not compiled in or because they are mistyped, are simply ignored. Failure is only flagged if no ciphers could be collected at all.

+ +

It should be noted, that inclusion of a cipher to be used into the list is a necessary condition. On the client side, the inclusion into the list is also sufficient unless the security level excludes it. On the server side, additional restrictions apply. All ciphers have additional requirements. ADH ciphers don't need a certificate, but DH-parameters must have been set. All other ciphers need a corresponding certificate and key.

+ +

A RSA cipher can only be chosen, when a RSA certificate is available. RSA ciphers using DHE need a certificate and key and additional DH-parameters (see SSL_CTX_set_tmp_dh_callback(3)).

+ +

A DSA cipher can only be chosen, when a DSA certificate is available. DSA ciphers always use DH key exchange and therefore need DH-parameters (see SSL_CTX_set_tmp_dh_callback(3)).

+ +

When these conditions are not met for any cipher in the list (e.g. a client only supports export RSA ciphers with an asymmetric key length of 512 bits and the server is not configured to use temporary RSA keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated and the handshake will fail.

+ +

RETURN VALUES

+ +

SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher could be selected and 0 on complete failure.

+ +

SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() return 1 if the requested ciphersuite list was configured, and 0 otherwise.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_ciphers(3), SSL_CTX_use_certificate(3), SSL_CTX_set_tmp_dh_callback(3), ciphers(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_client_cert_cb.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_client_cert_cb.html new file mode 100644 index 00000000..5a7546c6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_client_cert_cb.html @@ -0,0 +1,83 @@ + + + + +SSL_CTX_set_client_cert_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+                                int (*client_cert_cb)(SSL *ssl, X509 **x509,
+                                                      EVP_PKEY **pkey));
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
+                                                EVP_PKEY **pkey);
+int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+ +

DESCRIPTION

+ +

SSL_CTX_set_client_cert_cb() sets the client_cert_cb() callback, that is called when a client certificate is requested by a server and no certificate was yet set for the SSL object.

+ +

When client_cert_cb() is NULL, no callback function is used.

+ +

SSL_CTX_get_client_cert_cb() returns a pointer to the currently set callback function.

+ +

client_cert_cb() is the application defined callback. If it wants to set a certificate, a certificate/private key combination must be set using the x509 and pkey arguments and "1" must be returned. The certificate will be installed into ssl, see the NOTES and BUGS sections. If no certificate should be set, "0" has to be returned and no certificate will be sent. A negative return value will suspend the handshake and the handshake function will return immediately. SSL_get_error(3) will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of client_cert_cb(). It is the job of the client_cert_cb() to store information about the state of the last call, if required to continue.

+ +

NOTES

+ +

During a handshake (or renegotiation) a server may request a certificate from the client. A client certificate must only be sent, when the server did send the request.

+ +

When a certificate was set using the SSL_CTX_use_certificate(3) family of functions, it will be sent to the server. The TLS standard requires that only a certificate is sent, if it matches the list of acceptable CAs sent by the server. This constraint is violated by the default behavior of the OpenSSL library. Using the callback function it is possible to implement a proper selection routine or to allow a user interaction to choose the certificate to be sent.

+ +

If a callback function is defined and no certificate was yet defined for the SSL object, the callback function will be called. If the callback function returns a certificate, the OpenSSL library will try to load the private key and certificate data into the SSL object using the SSL_use_certificate() and SSL_use_private_key() functions. Thus it will permanently install the certificate and key for this SSL object. It will not be reset by calling SSL_clear(3). If the callback returns no certificate, the OpenSSL library will not send a certificate.

+ +

RETURN VALUES

+ +

SSL_CTX_get_client_cert_cb() returns function pointer of client_cert_cb() or NULL if the callback is not set.

+ +

BUGS

+ +

The client_cert_cb() cannot return a complete certificate chain, it can only return one client certificate. If the chain only has a length of 2, the root CA certificate may be omitted according to the TLS standard and thus a standard conforming answer can be sent to the server. For a longer chain, the client must send the complete chain (with the option to leave out the root CA certificate). This can only be accomplished by either adding the intermediate CA certificates into the trusted certificate store for the SSL_CTX object (resulting in having to add CA certificates that otherwise maybe would not be trusted), or by adding the chain certificates using the SSL_CTX_add_extra_chain_cert(3) function, which is only available for the SSL_CTX object as a whole and that therefore probably can only apply for one client certificate, making the concept of the callback function (to allow the choice from several certificates) questionable.

+ +

Once the SSL object has been used in conjunction with the callback function, the certificate will be set for the SSL object and will not be cleared even when SSL_clear(3) is being called. It is therefore mandatory to destroy the SSL object using SSL_free(3) and create a new one to return to the previous state.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_use_certificate(3), SSL_CTX_add_extra_chain_cert(3), SSL_get_client_CA_list(3), SSL_clear(3), SSL_free(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_client_hello_cb.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_client_hello_cb.html new file mode 100644 index 00000000..09467e5c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_client_hello_cb.html @@ -0,0 +1,97 @@ + + + + +SSL_CTX_set_client_hello_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext - callback functions for early server-side ClientHello processing

+ +

SYNOPSIS

+ +
typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg);
+void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn *f,
+                                 void *arg);
+int SSL_client_hello_isv2(SSL *s);
+unsigned int SSL_client_hello_get0_legacy_version(SSL *s);
+size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_compression_methods(SSL *s,
+                                                 const unsigned char **out);
+int SSL_client_hello_get1_extensions_present(SSL *s, int **out,
+                                             size_t *outlen);
+int SSL_client_hello_get0_ext(SSL *s, int type, const unsigned char **out,
+                              size_t *outlen);
+ +

DESCRIPTION

+ +

SSL_CTX_set_client_hello_cb() sets the callback function, which is automatically called during the early stages of ClientHello processing on the server. The argument supplied when setting the callback is passed back to the callback at runtime. A callback that returns failure (0) will cause the connection to terminate, and callbacks returning failure should indicate what alert value is to be sent in the al parameter. A callback may also return a negative value to suspend the handshake, and the handshake function will return immediately. SSL_get_error(3) will return SSL_ERROR_WANT_CLIENT_HELLO_CB to indicate that the handshake was suspended. It is the job of the ClientHello callback to store information about the state of the last call if needed to continue. On the next call into the handshake function, the ClientHello callback will be called again, and, if it returns success, normal handshake processing will continue from that point.

+ +

SSL_client_hello_isv2() indicates whether the ClientHello was carried in a SSLv2 record and is in the SSLv2 format. The SSLv2 format has substantial differences from the normal SSLv3 format, including using three bytes per cipher suite, and not allowing extensions. Additionally, the SSLv2 format 'challenge' field is exposed via SSL_client_hello_get0_random(), padded to SSL3_RANDOM_SIZE bytes with zeros if needed. For SSLv2 format ClientHellos, SSL_client_hello_get0_compression_methods() returns a dummy list that only includes the null compression method, since the SSLv2 format does not include a mechanism by which to negotiate compression.

+ +

SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), SSL_client_hello_get0_ciphers(), and SSL_client_hello_get0_compression_methods() provide access to the corresponding ClientHello fields, returning the field length and optionally setting an out pointer to the octets of that field.

+ +

Similarly, SSL_client_hello_get0_ext() provides access to individual extensions from the ClientHello on a per-extension basis. For the provided wire protocol extension type value, the extension value and length are returned in the output parameters (if present).

+ +

SSL_client_hello_get1_extensions_present() can be used prior to SSL_client_hello_get0_ext(), to determine which extensions are present in the ClientHello before querying for them. The out and outlen parameters are both required, and on success the caller must release the storage allocated for *out using OPENSSL_free(). The contents of *out is an array of integers holding the numerical value of the TLS extension types in the order they appear in the ClientHello. *outlen contains the number of elements in the array. In situations when the ClientHello has no extensions, the function will return success with *out set to NULL and *outlen set to 0.

+ +

NOTES

+ +

The ClientHello callback provides a vast window of possibilities for application code to affect the TLS handshake. A primary use of the callback is to allow the server to examine the server name indication extension provided by the client in order to select an appropriate certificate to present, and make other configuration adjustments relevant to that server name and its configuration. Such configuration changes can include swapping out the associated SSL_CTX pointer, modifying the server's list of permitted TLS versions, changing the server's cipher list in response to the client's cipher list, etc.

+ +

It is also recommended that applications utilize a ClientHello callback and not use a servername callback, in order to avoid unexpected behavior that occurs due to the relative order of processing between things like session resumption and the historical servername callback.

+ +

The SSL_client_hello_* family of functions may only be called from code executing within a ClientHello callback.

+ +

RETURN VALUES

+ +

The application's supplied ClientHello callback returns SSL_CLIENT_HELLO_SUCCESS on success, SSL_CLIENT_HELLO_ERROR on failure, and SSL_CLIENT_HELLO_RETRY to suspend processing.

+ +

SSL_client_hello_isv2() returns 1 for SSLv2-format ClientHellos and 0 otherwise.

+ +

SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), SSL_client_hello_get0_ciphers(), and SSL_client_hello_get0_compression_methods() return the length of the corresponding ClientHello fields. If zero is returned, the output pointer should not be assumed to be valid.

+ +

SSL_client_hello_get0_ext() returns 1 if the extension of type 'type' is present, and 0 otherwise.

+ +

SSL_client_hello_get1_extensions_present() returns 1 on success and 0 on failure.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_tlsext_servername_callback(3), SSL_bytes_to_cipher_list

+ +

HISTORY

+ +

The SSL ClientHello callback, SSL_client_hello_isv2(), SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), SSL_client_hello_get0_ciphers(), SSL_client_hello_get0_compression_methods(), SSL_client_hello_get0_ext(), and SSL_client_hello_get1_extensions_present() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_ct_validation_callback.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_ct_validation_callback.html new file mode 100644 index 00000000..9f97e740 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_ct_validation_callback.html @@ -0,0 +1,101 @@ + + + + +SSL_CTX_set_ct_validation_callback + + + + + + + + + + +

NAME

+ +

ssl_ct_validation_cb, SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_disable_ct, SSL_set_ct_validation_callback, SSL_CTX_set_ct_validation_callback, SSL_ct_is_enabled, SSL_CTX_ct_is_enabled - control Certificate Transparency policy

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx,
+                                   const STACK_OF(SCT) *scts, void *arg);
+
+int SSL_enable_ct(SSL *s, int validation_mode);
+int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode);
+int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
+                                   void *arg);
+int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
+                                       ssl_ct_validation_cb callback,
+                                       void *arg);
+void SSL_disable_ct(SSL *s);
+void SSL_CTX_disable_ct(SSL_CTX *ctx);
+int SSL_ct_is_enabled(const SSL *s);
+int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_enable_ct() and SSL_CTX_enable_ct() enable the processing of signed certificate timestamps (SCTs) either for a given SSL connection or for all connections that share the given SSL context, respectively. This is accomplished by setting a built-in CT validation callback. The behaviour of the callback is determined by the validation_mode argument, which can be either of SSL_CT_VALIDATION_PERMISSIVE or SSL_CT_VALIDATION_STRICT as described below.

+ +

If validation_mode is equal to SSL_CT_VALIDATION_STRICT, then in a full TLS handshake with the verification mode set to SSL_VERIFY_PEER, if the peer presents no valid SCTs the handshake will be aborted. If the verification mode is SSL_VERIFY_NONE, the handshake will continue despite lack of valid SCTs. However, in that case if the verification status before the built-in callback was X509_V_OK it will be set to X509_V_ERR_NO_VALID_SCTS after the callback. Applications can call SSL_get_verify_result(3) to check the status at handshake completion, even after session resumption since the verification status is part of the saved session state. See SSL_set_verify(3), <SSL_get_verify_result(3)>, SSL_session_reused(3).

+ +

If validation_mode is equal to SSL_CT_VALIDATION_PERMISSIVE, then the handshake continues, and the verification status is not modified, regardless of the validation status of any SCTs. The application can still inspect the validation status of the SCTs at handshake completion. Note that with session resumption there will not be any SCTs presented during the handshake. Therefore, in applications that delay SCT policy enforcement until after handshake completion, such delayed SCT checks should only be performed when the session is not resumed.

+ +

SSL_set_ct_validation_callback() and SSL_CTX_set_ct_validation_callback() register a custom callback that may implement a different policy than either of the above. This callback can examine the peer's SCTs and determine whether they are sufficient to allow the connection to continue. The TLS handshake is aborted if the verification mode is not SSL_VERIFY_NONE and the callback returns a non-positive result.

+ +

An arbitrary callback context argument, arg, can be passed in when setting the callback. This will be passed to the callback whenever it is invoked. Ownership of this context remains with the caller.

+ +

If no callback is set, SCTs will not be requested and Certificate Transparency validation will not occur.

+ +

No callback will be invoked when the peer presents no certificate, e.g. by employing an anonymous (aNULL) cipher suite. In that case the handshake continues as it would had no callback been requested. Callbacks are also not invoked when the peer certificate chain is invalid or validated via DANE-TA(2) or DANE-EE(3) TLSA records which use a private X.509 PKI, or no X.509 PKI at all, respectively. Clients that require SCTs are expected to not have enabled any aNULL ciphers nor to have specified server verification via DANE-TA(2) or DANE-EE(3) TLSA records.

+ +

SSL_disable_ct() and SSL_CTX_disable_ct() turn off CT processing, whether enabled via the built-in or the custom callbacks, by setting a NULL callback. These may be implemented as macros.

+ +

SSL_ct_is_enabled() and SSL_CTX_ct_is_enabled() return 1 if CT processing is enabled via either SSL_enable_ct() or a non-null custom callback, and 0 otherwise.

+ +

NOTES

+ +

When SCT processing is enabled, OCSP stapling will be enabled. This is because one possible source of SCTs is the OCSP response from a server.

+ +

The time returned by SSL_SESSION_get_time() will be used to evaluate whether any presented SCTs have timestamps that are in the future (and therefore invalid).

+ +

RESTRICTIONS

+ +

Certificate Transparency validation cannot be enabled and so a callback cannot be set if a custom client extension handler has been registered to handle SCT extensions (TLSEXT_TYPE_signed_certificate_timestamp).

+ +

RETURN VALUES

+ +

SSL_enable_ct(), SSL_CTX_enable_ct(), SSL_CTX_set_ct_validation_callback() and SSL_set_ct_validation_callback() return 1 if the callback is successfully set. They return 0 if an error occurs, e.g. a custom client extension handler has been setup to handle SCTs.

+ +

SSL_disable_ct() and SSL_CTX_disable_ct() do not return a result.

+ +

SSL_CTX_ct_is_enabled() and SSL_ct_is_enabled() return a 1 if a non-null CT validation callback is set, or 0 if no callback (or equivalently a NULL callback) is set.

+ +

SEE ALSO

+ +

ssl(7), <SSL_get_verify_result(3)>, SSL_session_reused(3), SSL_set_verify(3), SSL_CTX_set_verify(3), SSL_SESSION_get_time(3)

+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_ctlog_list_file.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_ctlog_list_file.html new file mode 100644 index 00000000..49375335 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_ctlog_list_file.html @@ -0,0 +1,66 @@ + + + + +SSL_CTX_set_ctlog_list_file + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file - load a Certificate Transparency log list from a file

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx);
+int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
+ +

DESCRIPTION

+ +

SSL_CTX_set_default_ctlog_list_file() loads a list of Certificate Transparency (CT) logs from the default file location, "ct_log_list.cnf", found in the directory where OpenSSL is installed.

+ +

SSL_CTX_set_ctlog_list_file() loads a list of CT logs from a specific path. See CTLOG_STORE_new(3) for the file format.

+ +

NOTES

+ +

These functions will not clear the existing CT log list - it will be appended to. To replace the existing list, use SSL_CTX_set0_ctlog_store first.

+ +

If an error occurs whilst parsing a particular log entry in the file, that log entry will be skipped.

+ +

RETURN VALUES

+ +

SSL_CTX_set_default_ctlog_list_file() and SSL_CTX_set_ctlog_list_file() return 1 if the log list is successfully loaded, and 0 if an error occurs. In the case of an error, the log list may have been partially loaded.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_ct_validation_callback(3), CTLOG_STORE_new(3)

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_default_passwd_cb.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_default_passwd_cb.html new file mode 100644 index 00000000..492f4565 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_default_passwd_cb.html @@ -0,0 +1,100 @@ + + + + +SSL_CTX_set_default_passwd_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata, SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata, SSL_get_default_passwd_cb, SSL_get_default_passwd_cb_userdata - set or get passwd callback for encrypted PEM file handling

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
+void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
+
+void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);
+void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);
+pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
+void *SSL_get_default_passwd_cb_userdata(SSL *s);
+ +

DESCRIPTION

+ +

SSL_CTX_set_default_passwd_cb() sets the default password callback called when loading/storing a PEM certificate with encryption.

+ +

SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to userdata, u, which will be provided to the password callback on invocation.

+ +

SSL_CTX_get_default_passwd_cb() returns a function pointer to the password callback currently set in ctx. If no callback was explicitly set, the NULL pointer is returned.

+ +

SSL_CTX_get_default_passwd_cb_userdata() returns a pointer to the userdata currently set in ctx. If no userdata was explicitly set, the NULL pointer is returned.

+ +

SSL_set_default_passwd_cb(), SSL_set_default_passwd_cb_userdata(), SSL_get_default_passwd_cb() and SSL_get_default_passwd_cb_userdata() perform the same function as their SSL_CTX counterparts, but using an SSL object.

+ +

The password callback, which must be provided by the application, hands back the password to be used during decryption. On invocation a pointer to userdata is provided. The function must store the password into the provided buffer buf which is of size size. The actual length of the password must be returned to the calling function. rwflag indicates whether the callback is used for reading/decryption (rwflag=0) or writing/encryption (rwflag=1). For more details, see pem_password_cb(3).

+ +

NOTES

+ +

When loading or storing private keys, a password might be supplied to protect the private key. The way this password can be supplied may depend on the application. If only one private key is handled, it can be practical to have the callback handle the password dialog interactively. If several keys have to be handled, it can be practical to ask for the password once, then keep it in memory and use it several times. In the last case, the password could be stored into the userdata storage and the callback only returns the password already stored.

+ +

When asking for the password interactively, the callback can use rwflag to check, whether an item shall be encrypted (rwflag=1). In this case the password dialog may ask for the same password twice for comparison in order to catch typos, that would make decryption impossible.

+ +

Other items in PEM formatting (certificates) can also be encrypted, it is however not usual, as certificate information is considered public.

+ +

RETURN VALUES

+ +

These functions do not provide diagnostic information.

+ +

EXAMPLES

+ +

The following example returns the password provided as userdata to the calling function. The password is considered to be a '\0' terminated string. If the password does not fit into the buffer, the password is truncated.

+ +
int my_cb(char *buf, int size, int rwflag, void *u)
+{
+    strncpy(buf, (char *)u, size);
+    buf[size - 1] = '\0';
+    return strlen(buf);
+}
+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_use_certificate(3)

+ +

HISTORY

+ +

SSL_CTX_get_default_passwd_cb(), SSL_CTX_get_default_passwd_cb_userdata(), SSL_set_default_passwd_cb() and SSL_set_default_passwd_cb_userdata() were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_ex_data.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_ex_data.html new file mode 100644 index 00000000..1a7eeb81 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_ex_data.html @@ -0,0 +1,64 @@ + + + + +SSL_CTX_set_ex_data + + + + + + + + + + +

NAME

+ +

SSL_CTX_get_ex_data, SSL_CTX_set_ex_data, SSL_get_ex_data, SSL_set_ex_data - Store and retrieve extra data from the SSL_CTX, SSL or SSL_SESSION

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx);
+
+int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg);
+
+void *SSL_get_ex_data(const SSL *s, int idx);
+
+int SSL_set_ex_data(SSL *s, int idx, void *arg);
+ +

DESCRIPTION

+ +

SSL*_set_ex_data() functions can be used to store arbitrary user data into the SSL_CTX, or SSL object. The user must supply a unique index which they can subsequently use to retrieve the data using SSL*_get_ex_data().

+ +

For more detailed information see CRYPTO_get_ex_data(3) and CRYPTO_set_ex_data(3) which implement these functions and CRYPTO_get_ex_new_index(3) for generating a unique index.

+ +

RETURN VALUES

+ +

The SSL*_set_ex_data() functions return 1 if the item is successfully stored and 0 if it is not. The SSL*_get_ex_data() functions return the ex_data pointer if successful, otherwise NULL.

+ +

SEE ALSO

+ +

CRYPTO_get_ex_data(3), CRYPTO_set_ex_data(3), CRYPTO_get_ex_new_index(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_generate_session_id.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_generate_session_id.html new file mode 100644 index 00000000..c005b7a8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_generate_session_id.html @@ -0,0 +1,116 @@ + + + + +SSL_CTX_set_generate_session_id + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id, GEN_SESSION_CB - manipulate generation of SSL session IDs (server only)

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef int (*GEN_SESSION_CB)(SSL *ssl, unsigned char *id,
+                              unsigned int *id_len);
+
+int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
+int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb);
+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+                                unsigned int id_len);
+ +

DESCRIPTION

+ +

SSL_CTX_set_generate_session_id() sets the callback function for generating new session ids for SSL/TLS sessions for ctx to be cb.

+ +

SSL_set_generate_session_id() sets the callback function for generating new session ids for SSL/TLS sessions for ssl to be cb.

+ +

SSL_has_matching_session_id() checks, whether a session with id id (of length id_len) is already contained in the internal session cache of the parent context of ssl.

+ +

NOTES

+ +

When a new session is established between client and server, the server generates a session id. The session id is an arbitrary sequence of bytes. The length of the session id is between 1 and 32 bytes. The session id is not security critical but must be unique for the server. Additionally, the session id is transmitted in the clear when reusing the session so it must not contain sensitive information.

+ +

Without a callback being set, an OpenSSL server will generate a unique session id from pseudo random numbers of the maximum possible length. Using the callback function, the session id can be changed to contain additional information like e.g. a host id in order to improve load balancing or external caching techniques.

+ +

The callback function receives a pointer to the memory location to put id into and a pointer to the maximum allowed length id_len. The buffer at location id is only guaranteed to have the size id_len. The callback is only allowed to generate a shorter id and reduce id_len; the callback must never increase id_len or write to the location id exceeding the given limit.

+ +

The location id is filled with 0x00 before the callback is called, so the callback may only fill part of the possible length and leave id_len untouched while maintaining reproducibility.

+ +

Since the sessions must be distinguished, session ids must be unique. Without the callback a random number is used, so that the probability of generating the same session id is extremely small (2^256 for SSLv3/TLSv1). In order to assure the uniqueness of the generated session id, the callback must call SSL_has_matching_session_id() and generate another id if a conflict occurs. If an id conflict is not resolved, the handshake will fail. If the application codes e.g. a unique host id, a unique process number, and a unique sequence number into the session id, uniqueness could easily be achieved without randomness added (it should however be taken care that no confidential information is leaked this way). If the application can not guarantee uniqueness, it is recommended to use the maximum id_len and fill in the bytes not used to code special information with random data to avoid collisions.

+ +

SSL_has_matching_session_id() will only query the internal session cache, not the external one. Since the session id is generated before the handshake is completed, it is not immediately added to the cache. If another thread is using the same internal session cache, a race condition can occur in that another thread generates the same session id. Collisions can also occur when using an external session cache, since the external cache is not tested with SSL_has_matching_session_id() and the same race condition applies.

+ +

The callback must return 0 if it cannot generate a session id for whatever reason and return 1 on success.

+ +

RETURN VALUES

+ +

SSL_CTX_set_generate_session_id() and SSL_set_generate_session_id() always return 1.

+ +

SSL_has_matching_session_id() returns 1 if another session with the same id is already in the cache.

+ +

EXAMPLES

+ +

The callback function listed will generate a session id with the server id given, and will fill the rest with pseudo random bytes:

+ +
const char session_id_prefix = "www-18";
+
+#define MAX_SESSION_ID_ATTEMPTS 10
+static int generate_session_id(SSL *ssl, unsigned char *id,
+                               unsigned int *id_len)
+{
+    unsigned int count = 0;
+
+    do {
+        RAND_pseudo_bytes(id, *id_len);
+        /*
+         * Prefix the session_id with the required prefix. NB: If our
+         * prefix is too long, clip it - but there will be worse effects
+         * anyway, eg. the server could only possibly create 1 session
+         * ID (ie. the prefix!) so all future session negotiations will
+         * fail due to conflicts.
+         */
+        memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ?
+                                      strlen(session_id_prefix) : *id_len);
+    } while (SSL_has_matching_session_id(ssl, id, *id_len)
+              && ++count < MAX_SESSION_ID_ATTEMPTS);
+    if (count >= MAX_SESSION_ID_ATTEMPTS)
+        return 0;
+    return 1;
+}
+ +

SEE ALSO

+ +

ssl(7), SSL_get_version(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_info_callback.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_info_callback.html new file mode 100644 index 00000000..a8b1acd0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_info_callback.html @@ -0,0 +1,186 @@ + + + + +SSL_CTX_set_info_callback + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback - handle information callback for SSL connections

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
+void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();
+
+void SSL_set_info_callback(SSL *ssl, void (*callback)());
+void (*SSL_get_info_callback(const SSL *ssl))();
+ +

DESCRIPTION

+ +

SSL_CTX_set_info_callback() sets the callback function, that can be used to obtain state information for SSL objects created from ctx during connection setup and use. The setting for ctx is overridden from the setting for a specific SSL object, if specified. When callback is NULL, no callback function is used.

+ +

SSL_set_info_callback() sets the callback function, that can be used to obtain state information for ssl during connection setup and use. When callback is NULL, the callback setting currently valid for ctx is used.

+ +

SSL_CTX_get_info_callback() returns a pointer to the currently set information callback function for ctx.

+ +

SSL_get_info_callback() returns a pointer to the currently set information callback function for ssl.

+ +

NOTES

+ +

When setting up a connection and during use, it is possible to obtain state information from the SSL/TLS engine. When set, an information callback function is called whenever a significant event occurs such as: the state changes, an alert appears, or an error occurs.

+ +

The callback function is called as callback(SSL *ssl, int where, int ret). The where argument specifies information about where (in which context) the callback function was called. If ret is 0, an error condition occurred. If an alert is handled, SSL_CB_ALERT is set and ret specifies the alert information.

+ +

where is a bitmask made up of the following bits:

+ +
+ +
SSL_CB_LOOP
+
+ +

Callback has been called to indicate state change or some other significant state machine event. This may mean that the callback gets invoked more than once per state in some situations.

+ +
+
SSL_CB_EXIT
+
+ +

Callback has been called to indicate exit of a handshake function. This will happen after the end of a handshake, but may happen at other times too such as on error or when IO might otherwise block and non-blocking is being used.

+ +
+
SSL_CB_READ
+
+ +

Callback has been called during read operation.

+ +
+
SSL_CB_WRITE
+
+ +

Callback has been called during write operation.

+ +
+
SSL_CB_ALERT
+
+ +

Callback has been called due to an alert being sent or received.

+ +
+
SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
+
+ +
+
SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
+
+ +
+
SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
+
+ +
+
SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
+
+ +
+
SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
+
+ +
+
SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
+
+ +
+
SSL_CB_HANDSHAKE_START
+
+ +

Callback has been called because a new handshake is started. It also occurs when resuming a handshake following a pause to handle early data.

+ +
+
SSL_CB_HANDSHAKE_DONE
+
+ +

Callback has been called because a handshake is finished. It also occurs if the handshake is paused to allow the exchange of early data.

+ +
+
+ +

The current state information can be obtained using the SSL_state_string(3) family of functions.

+ +

The ret information can be evaluated using the SSL_alert_type_string(3) family of functions.

+ +

RETURN VALUES

+ +

SSL_set_info_callback() does not provide diagnostic information.

+ +

SSL_get_info_callback() returns the current setting.

+ +

EXAMPLES

+ +

The following example callback function prints state strings, information about alerts being handled and error messages to the bio_err BIO.

+ +
void apps_ssl_info_callback(SSL *s, int where, int ret)
+{
+    const char *str;
+    int w = where & ~SSL_ST_MASK;
+
+    if (w & SSL_ST_CONNECT)
+        str = "SSL_connect";
+    else if (w & SSL_ST_ACCEPT)
+        str = "SSL_accept";
+    else
+        str = "undefined";
+
+    if (where & SSL_CB_LOOP) {
+        BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
+    } else if (where & SSL_CB_ALERT) {
+        str = (where & SSL_CB_READ) ? "read" : "write";
+        BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str,
+                   SSL_alert_type_string_long(ret),
+                   SSL_alert_desc_string_long(ret));
+    } else if (where & SSL_CB_EXIT) {
+        if (ret == 0) {
+            BIO_printf(bio_err, "%s:failed in %s\n",
+                       str, SSL_state_string_long(s));
+        } else if (ret < 0) {
+            BIO_printf(bio_err, "%s:error in %s\n",
+                       str, SSL_state_string_long(s));
+        }
+    }
+}
+ +

SEE ALSO

+ +

ssl(7), SSL_state_string(3), SSL_alert_type_string(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_keylog_callback.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_keylog_callback.html new file mode 100644 index 00000000..53964bed --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_keylog_callback.html @@ -0,0 +1,63 @@ + + + + +SSL_CTX_set_keylog_callback + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, SSL_CTX_keylog_cb_func - logging TLS key material

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
+
+void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
+SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_set_keylog_callback() sets the TLS key logging callback. This callback is called whenever TLS key material is generated or received, in order to allow applications to store this keying material for debugging purposes.

+ +

SSL_CTX_get_keylog_callback() retrieves the previously set TLS key logging callback. If no callback has been set, this will return NULL. When there is no key logging callback, or if SSL_CTX_set_keylog_callback is called with NULL as the value of cb, no logging of key material will be done.

+ +

The key logging callback is called with two items: the ssl object associated with the connection, and line, a string containing the key material in the format used by NSS for its SSLKEYLOGFILE debugging output. To recreate that file, the key logging callback should log line, followed by a newline. line will always be a NULL-terminated string.

+ +

RETURN VALUES

+ +

SSL_CTX_get_keylog_callback() returns a pointer to SSL_CTX_keylog_cb_func or NULL if the callback is not set.

+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_max_cert_list.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_max_cert_list.html new file mode 100644 index 00000000..4e2530ff --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_max_cert_list.html @@ -0,0 +1,81 @@ + + + + +SSL_CTX_set_max_cert_list + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list - manipulate allowed size for the peer's certificate chain

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size);
+long SSL_CTX_get_max_cert_list(SSL_CTX *ctx);
+
+long SSL_set_max_cert_list(SSL *ssl, long size);
+long SSL_get_max_cert_list(SSL *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_set_max_cert_list() sets the maximum size allowed for the peer's certificate chain for all SSL objects created from ctx to be <size> bytes. The SSL objects inherit the setting valid for ctx at the time SSL_new(3) is being called.

+ +

SSL_CTX_get_max_cert_list() returns the currently set maximum size for ctx.

+ +

SSL_set_max_cert_list() sets the maximum size allowed for the peer's certificate chain for ssl to be <size> bytes. This setting stays valid until a new value is set.

+ +

SSL_get_max_cert_list() returns the currently set maximum size for ssl.

+ +

NOTES

+ +

During the handshake process, the peer may send a certificate chain. The TLS/SSL standard does not give any maximum size of the certificate chain. The OpenSSL library handles incoming data by a dynamically allocated buffer. In order to prevent this buffer from growing without bounds due to data received from a faulty or malicious peer, a maximum size for the certificate chain is set.

+ +

The default value for the maximum certificate chain size is 100kB (30kB on the 16bit DOS platform). This should be sufficient for usual certificate chains (OpenSSL's default maximum chain length is 10, see SSL_CTX_set_verify(3), and certificates without special extensions have a typical size of 1-2kB).

+ +

For special applications it can be necessary to extend the maximum certificate chain size allowed to be sent by the peer, see e.g. the work on "Internet X.509 Public Key Infrastructure Proxy Certificate Profile" and "TLS Delegation Protocol" at http://www.ietf.org/ and http://www.globus.org/ .

+ +

Under normal conditions it should never be necessary to set a value smaller than the default, as the buffer is handled dynamically and only uses the memory actually required by the data sent by the peer.

+ +

If the maximum certificate chain size allowed is exceeded, the handshake will fail with a SSL_R_EXCESSIVE_MESSAGE_SIZE error.

+ +

RETURN VALUES

+ +

SSL_CTX_set_max_cert_list() and SSL_set_max_cert_list() return the previously set value.

+ +

SSL_CTX_get_max_cert_list() and SSL_get_max_cert_list() return the currently set value.

+ +

SEE ALSO

+ +

ssl(7), SSL_new(3), SSL_CTX_set_verify(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_min_proto_version.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_min_proto_version.html new file mode 100644 index 00000000..0c9c8846 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_min_proto_version.html @@ -0,0 +1,80 @@ + + + + +SSL_CTX_set_min_proto_version + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, SSL_set_min_proto_version, SSL_set_max_proto_version, SSL_get_min_proto_version, SSL_get_max_proto_version - Get and set minimum and maximum supported protocol version

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
+int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
+int SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
+int SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
+
+int SSL_set_min_proto_version(SSL *ssl, int version);
+int SSL_set_max_proto_version(SSL *ssl, int version);
+int SSL_get_min_proto_version(SSL *ssl);
+int SSL_get_max_proto_version(SSL *ssl);
+ +

DESCRIPTION

+ +

The functions get or set the minimum and maximum supported protocol versions for the ctx or ssl. This works in combination with the options set via SSL_CTX_set_options(3) that also make it possible to disable specific protocol versions. Use these functions instead of disabling specific protocol versions.

+ +

Setting the minimum or maximum version to 0, will enable protocol versions down to the lowest version, or up to the highest version supported by the library, respectively.

+ +

Getters return 0 in case ctx or ssl have been configured to automatically use the lowest or highest version supported by the library.

+ +

Currently supported versions are SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION, TLS1_2_VERSION, TLS1_3_VERSION for TLS and DTLS1_VERSION, DTLS1_2_VERSION for DTLS.

+ +

RETURN VALUES

+ +

These setter functions return 1 on success and 0 on failure. The getter functions return the configured version or 0 for auto-configuration of lowest or highest protocol, respectively.

+ +

NOTES

+ +

All these functions are implemented using macros.

+ +

SEE ALSO

+ +

SSL_CTX_set_options(3), SSL_CONF_cmd(3)

+ +

HISTORY

+ +

The setter functions were added in OpenSSL 1.1.0. The getter functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_mode.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_mode.html new file mode 100644 index 00000000..9fd3a569 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_mode.html @@ -0,0 +1,136 @@ + + + + +SSL_CTX_set_mode + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
+long SSL_CTX_clear_mode(SSL_CTX *ctx, long mode);
+long SSL_set_mode(SSL *ssl, long mode);
+long SSL_clear_mode(SSL *ssl, long mode);
+
+long SSL_CTX_get_mode(SSL_CTX *ctx);
+long SSL_get_mode(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_CTX_set_mode() adds the mode set via bitmask in mode to ctx. Options already set before are not cleared. SSL_CTX_clear_mode() removes the mode set via bitmask in mode from ctx.

+ +

SSL_set_mode() adds the mode set via bitmask in mode to ssl. Options already set before are not cleared. SSL_clear_mode() removes the mode set via bitmask in mode from ssl.

+ +

SSL_CTX_get_mode() returns the mode set for ctx.

+ +

SSL_get_mode() returns the mode set for ssl.

+ +

NOTES

+ +

The following mode changes are available:

+ +
+ +
SSL_MODE_ENABLE_PARTIAL_WRITE
+
+ +

Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success when just a single record has been written). This works in a similar way for SSL_write(). When not set (the default), SSL_write_ex() or SSL_write() will only report success once the complete chunk was written. Once SSL_write_ex() or SSL_write() returns successful, r bytes have been written and the next call to SSL_write_ex() or SSL_write() must only send the n-r bytes left, imitating the behaviour of write().

+ +
+
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
+
+ +

Make it possible to retry SSL_write_ex() or SSL_write() with changed buffer location (the buffer contents must stay the same). This is not the default to avoid the misconception that non-blocking SSL_write() behaves like non-blocking write().

+ +
+
SSL_MODE_AUTO_RETRY
+
+ +

During normal operations, non-application data records might need to be sent or received that the application is not aware of. If a non-application data record was processed, SSL_read_ex(3) and SSL_read(3) can return with a failure and indicate the need to retry with SSL_ERROR_WANT_READ. If such a non-application data record was processed, the flag SSL_MODE_AUTO_RETRY causes it to try to process the next record instead of returning.

+ +

In a non-blocking environment applications must be prepared to handle incomplete read/write operations. Setting SSL_MODE_AUTO_RETRY for a non-blocking BIO will process non-application data records until either no more data is available or an application data record has been processed.

+ +

In a blocking environment, applications are not always prepared to deal with the functions returning intermediate reports such as retry requests, and setting the SSL_MODE_AUTO_RETRY flag will cause the functions to only return after successfully processing an application data record or a failure.

+ +

Turning off SSL_MODE_AUTO_RETRY can be useful with blocking BIOs in case they are used in combination with something like select() or poll(). Otherwise the call to SSL_read() or SSL_read_ex() might hang when a non-application record was sent and no application data was sent.

+ +
+
SSL_MODE_RELEASE_BUFFERS
+
+ +

When we no longer need a read buffer or a write buffer for a given SSL, then release the memory we were using to hold it. Using this flag can save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections.

+ +
+
SSL_MODE_SEND_FALLBACK_SCSV
+
+ +

Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications that reconnect with a downgraded protocol version; see draft-ietf-tls-downgrade-scsv-00 for details.

+ +

DO NOT ENABLE THIS if your application attempts a normal handshake. Only use this in explicit fallback retries, following the guidance in draft-ietf-tls-downgrade-scsv-00.

+ +
+
SSL_MODE_ASYNC
+
+ +

Enable asynchronous processing. TLS I/O operations may indicate a retry with SSL_ERROR_WANT_ASYNC with this mode set if an asynchronous capable engine is used to perform cryptographic operations. See SSL_get_error(3).

+ +
+
SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG
+
+ +

Older versions of OpenSSL had a bug in the computation of the label length used for computing the endpoint-pair shared secret. The bug was that the terminating zero was included in the length of the label. Setting this option enables this behaviour to allow interoperability with such broken implementations. Please note that setting this option breaks interoperability with correct implementations. This option only applies to DTLS over SCTP.

+ +
+
+ +

All modes are off by default except for SSL_MODE_AUTO_RETRY which is on by default since 1.1.1.

+ +

RETURN VALUES

+ +

SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask after adding mode.

+ +

SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask.

+ +

SEE ALSO

+ +

ssl(7), SSL_read_ex(3), SSL_read(3), SSL_write_ex(3) or SSL_write(3), SSL_get_error(3)

+ +

HISTORY

+ +

SSL_MODE_ASYNC was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_msg_callback.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_msg_callback.html new file mode 100644 index 00000000..e5ea154d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_msg_callback.html @@ -0,0 +1,142 @@ + + + + +SSL_CTX_set_msg_callback + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_set_msg_callback_arg - install callback for observing protocol messages

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+                              void (*cb)(int write_p, int version,
+                                         int content_type, const void *buf,
+                                         size_t len, SSL *ssl, void *arg));
+void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+
+void SSL_set_msg_callback(SSL *ssl,
+                          void (*cb)(int write_p, int version,
+                                     int content_type, const void *buf,
+                                     size_t len, SSL *ssl, void *arg));
+void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
+ +

DESCRIPTION

+ +

SSL_CTX_set_msg_callback() or SSL_set_msg_callback() can be used to define a message callback function cb for observing all SSL/TLS protocol messages (such as handshake messages) that are received or sent, as well as other events that occur during processing. SSL_CTX_set_msg_callback_arg() and SSL_set_msg_callback_arg() can be used to set argument arg to the callback function, which is available for arbitrary application use.

+ +

SSL_CTX_set_msg_callback() and SSL_CTX_set_msg_callback_arg() specify default settings that will be copied to new SSL objects by SSL_new(3). SSL_set_msg_callback() and SSL_set_msg_callback_arg() modify the actual settings of an SSL object. Using a NULL pointer for cb disables the message callback.

+ +

When cb is called by the SSL/TLS library the function arguments have the following meaning:

+ +
+ +
write_p
+
+ +

This flag is 0 when a protocol message has been received and 1 when a protocol message has been sent.

+ +
+
version
+
+ +

The protocol version according to which the protocol message is interpreted by the library such as TLS1_3_VERSION, TLS1_2_VERSION etc. This is set to 0 for the SSL3_RT_HEADER pseudo content type (see NOTES below).

+ +
+
content_type
+
+ +

This is one of the content type values defined in the protocol specification (SSL3_RT_CHANGE_CIPHER_SPEC, SSL3_RT_ALERT, SSL3_RT_HANDSHAKE; but never SSL3_RT_APPLICATION_DATA because the callback will only be called for protocol messages). Alternatively it may be a "pseudo" content type. These pseudo content types are used to signal some other event in the processing of data (see NOTES below).

+ +
+
buf, len
+
+ +

buf points to a buffer containing the protocol message or other data (in the case of pseudo content types), which consists of len bytes. The buffer is no longer valid after the callback function has returned.

+ +
+
ssl
+
+ +

The SSL object that received or sent the message.

+ +
+
arg
+
+ +

The user-defined argument optionally defined by SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg().

+ +
+
+ +

NOTES

+ +

Protocol messages are passed to the callback function after decryption and fragment collection where applicable. (Thus record boundaries are not visible.)

+ +

If processing a received protocol message results in an error, the callback function may not be called. For example, the callback function will never see messages that are considered too large to be processed.

+ +

Due to automatic protocol version negotiation, version is not necessarily the protocol version used by the sender of the message: If a TLS 1.0 ClientHello message is received by an SSL 3.0-only server, version will be SSL3_VERSION.

+ +

Pseudo content type values may be sent at various points during the processing of data. The following pseudo content types are currently defined:

+ +
+ +
SSL3_RT_HEADER
+
+ +

Used when a record is sent or received. The buf contains the record header bytes only.

+ +
+
SSL3_RT_INNER_CONTENT_TYPE
+
+ +

Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3 records the content type in the record header is always SSL3_RT_APPLICATION_DATA. The real content type for the record is contained in an "inner" content type. buf contains the encoded "inner" content type byte.

+ +
+
+ +

RETURN VALUES

+ +

SSL_CTX_set_msg_callback(), SSL_CTX_set_msg_callback_arg(), SSL_set_msg_callback() and SSL_set_msg_callback_arg() do not return values.

+ +

SEE ALSO

+ +

ssl(7), SSL_new(3)

+ +

HISTORY

+ +

The pseudo content type SSL3_RT_INNER_CONTENT_TYPE was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_num_tickets.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_num_tickets.html new file mode 100644 index 00000000..f469f92b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_num_tickets.html @@ -0,0 +1,67 @@ + + + + +SSL_CTX_set_num_tickets + + + + + + + + + + +

NAME

+ +

SSL_set_num_tickets, SSL_get_num_tickets, SSL_CTX_set_num_tickets, SSL_CTX_get_num_tickets - control the number of TLSv1.3 session tickets that are issued

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_set_num_tickets(SSL *s, size_t num_tickets);
+size_t SSL_get_num_tickets(SSL *s);
+int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
+size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_set_num_tickets() and SSL_set_num_tickets() can be called for a server application and set the number of TLSv1.3 session tickets that will be sent to the client after a full handshake. Set the desired value (which could be 0) in the num_tickets argument. Typically these functions should be called before the start of the handshake.

+ +

The default number of tickets is 2; the default number of tickets sent following a resumption handshake is 1 but this cannot be changed using these functions. The number of tickets following a resumption handshake can be reduced to 0 using custom session ticket callbacks (see SSL_CTX_set_session_ticket_cb(3)).

+ +

Tickets are also issued on receipt of a post-handshake certificate from the client following a request by the server using SSL_verify_client_post_handshake(3). These new tickets will be associated with the updated client identity (i.e. including their certificate and verification status). The number of tickets issued will normally be the same as was used for the initial handshake. If the initial handshake was a full handshake then SSL_set_num_tickets() can be called again prior to calling SSL_verify_client_post_handshake() to update the number of tickets that will be sent.

+ +

SSL_CTX_get_num_tickets() and SSL_get_num_tickets() return the number of tickets set by a previous call to SSL_CTX_set_num_tickets() or SSL_set_num_tickets(), or 2 if no such call has been made.

+ +

RETURN VALUES

+ +

SSL_CTX_set_num_tickets() and SSL_set_num_tickets() return 1 on success or 0 on failure.

+ +

SSL_CTX_get_num_tickets() and SSL_get_num_tickets() return the number of tickets that have been previously set.

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_options.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_options.html new file mode 100644 index 00000000..cd6ea3b7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_options.html @@ -0,0 +1,350 @@ + + + + +SSL_CTX_set_options + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support - manipulate SSL options

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set_options(SSL_CTX *ctx, long options);
+long SSL_set_options(SSL *ssl, long options);
+
+long SSL_CTX_clear_options(SSL_CTX *ctx, long options);
+long SSL_clear_options(SSL *ssl, long options);
+
+long SSL_CTX_get_options(SSL_CTX *ctx);
+long SSL_get_options(SSL *ssl);
+
+long SSL_get_secure_renegotiation_support(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_CTX_set_options() adds the options set via bitmask in options to ctx. Options already set before are not cleared!

+ +

SSL_set_options() adds the options set via bitmask in options to ssl. Options already set before are not cleared!

+ +

SSL_CTX_clear_options() clears the options set via bitmask in options to ctx.

+ +

SSL_clear_options() clears the options set via bitmask in options to ssl.

+ +

SSL_CTX_get_options() returns the options set for ctx.

+ +

SSL_get_options() returns the options set for ssl.

+ +

SSL_get_secure_renegotiation_support() indicates whether the peer supports secure renegotiation. Note, this is implemented via a macro.

+ +

NOTES

+ +

The behaviour of the SSL library can be changed by setting several options. The options are coded as bitmasks and can be combined by a bitwise or operation (|).

+ +

SSL_CTX_set_options() and SSL_set_options() affect the (external) protocol behaviour of the SSL library. The (internal) behaviour of the API can be changed by using the similar SSL_CTX_set_mode(3) and SSL_set_mode() functions.

+ +

During a handshake, the option settings of the SSL object are used. When a new SSL object is created from a context using SSL_new(), the current option setting is copied. Changes to ctx do not affect already created SSL objects. SSL_clear() does not affect the settings.

+ +

The following bug workaround options are available:

+ +
+ +
SSL_OP_SAFARI_ECDHE_ECDSA_BUG
+
+ +

Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.

+ +
+
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+
+ +

Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers, which cannot be handled by some broken SSL implementations. This option has no effect for connections using other ciphers.

+ +
+
SSL_OP_TLSEXT_PADDING
+
+ +

Adds a padding extension to ensure the ClientHello size is never between 256 and 511 bytes in length. This is needed as a workaround for some implementations.

+ +
+
SSL_OP_ALL
+
+ +

All of the above bug workarounds plus SSL_OP_LEGACY_SERVER_CONNECT as mentioned below.

+ +
+
+ +

It is usually safe to use SSL_OP_ALL to enable the bug workaround options if compatibility with somewhat broken implementations is desired.

+ +

The following modifying options are available:

+ +
+ +
SSL_OP_TLS_ROLLBACK_BUG
+
+ +

Disable version rollback attack detection.

+ +

During the client key exchange, the client must send the same information about acceptable SSL/TLS protocol levels as during the first hello. Some clients violate this rule by adapting to the server's answer. (Example: the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server only understands up to SSLv3. In this case the client must still use the same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect to the server's answer and violate the version rollback protection.)

+ +
+
SSL_OP_CIPHER_SERVER_PREFERENCE
+
+ +

When choosing a cipher, use the server's preferences instead of the client preferences. When not set, the SSL server will always follow the clients preferences. When set, the SSL/TLS server will choose following its own preferences.

+ +
+
SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2
+
+ +

These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS, respectively. As of OpenSSL 1.1.0, these options are deprecated, use SSL_CTX_set_min_proto_version(3) and SSL_CTX_set_max_proto_version(3) instead.

+ +
+
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+
+ +

When performing renegotiation as a server, always start a new session (i.e., session resumption requests are only accepted in the initial handshake). This option is not needed for clients.

+ +
+
SSL_OP_NO_COMPRESSION
+
+ +

Do not use compression even if it is supported.

+ +
+
SSL_OP_NO_QUERY_MTU
+
+ +

Do not query the MTU. Only affects DTLS connections.

+ +
+ +
+ +

Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. Only affects DTLS connections.

+ +
+
SSL_OP_NO_TICKET
+
+ +

SSL/TLS supports two mechanisms for resuming sessions: session ids and stateless session tickets.

+ +

When using session ids a copy of the session information is cached on the server and a unique id is sent to the client. When the client wishes to resume it provides the unique id so that the server can retrieve the session information from its cache.

+ +

When using stateless session tickets the server uses a session ticket encryption key to encrypt the session information. This encrypted data is sent to the client as a "ticket". When the client wishes to resume it sends the encrypted data back to the server. The server uses its key to decrypt the data and resume the session. In this way the server can operate statelessly - no session information needs to be cached locally.

+ +

The TLSv1.3 protocol only supports tickets and does not directly support session ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful and stateless. Stateless tickets work the same way as in TLSv1.2 and below. Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. The session information is cached on the server and the session id is wrapped up in a ticket and sent back to the client. When the client wishes to resume, it presents a ticket in the same way as for stateless tickets. The server can then extract the session id from the ticket and retrieve the session information from its cache.

+ +

By default OpenSSL will use stateless tickets. The SSL_OP_NO_TICKET option will cause stateless tickets to not be issued. In TLSv1.2 and below this means no ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be sent. This is a server-side option only.

+ +

In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from being sent by calling SSL_CTX_set_num_tickets(3) or SSL_set_num_tickets(3).

+ +
+
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+
+ +

Allow legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See the SECURE RENEGOTIATION section for more details.

+ +
+
SSL_OP_LEGACY_SERVER_CONNECT
+
+ +

Allow legacy insecure renegotiation between OpenSSL and unpatched servers only: this option is currently set by default. See the SECURE RENEGOTIATION section for more details.

+ +
+
SSL_OP_NO_ENCRYPT_THEN_MAC
+
+ +

Normally clients and servers will transparently attempt to negotiate the RFC7366 Encrypt-then-MAC option on TLS and DTLS connection.

+ +

If this option is set, Encrypt-then-MAC is disabled. Clients will not propose, and servers will not accept the extension.

+ +
+
SSL_OP_NO_RENEGOTIATION
+
+ +

Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest messages, and ignore renegotiation requests via ClientHello.

+ +
+
SSL_OP_ALLOW_NO_DHE_KEX
+
+ +

In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session.

+ +
+
SSL_OP_PRIORITIZE_CHACHA
+
+ +

When SSL_OP_CIPHER_SERVER_PREFERENCE is set, temporarily reprioritize ChaCha20-Poly1305 ciphers to the top of the server cipher list if a ChaCha20-Poly1305 cipher is at the top of the client cipher list. This helps those clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher is anywhere in the server cipher list; but still allows other clients to use AES and other ciphers. Requires SSL_OP_CIPHER_SERVER_PREFERENCE.

+ +
+
SSL_OP_ENABLE_MIDDLEBOX_COMPAT
+
+ +

If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that do not understand TLSv1.3 will not drop the connection. Regardless of whether this option is set or not CCS messages received from the peer will always be ignored in TLSv1.3. This option is set by default. To switch it off use SSL_clear_options(). A future version of OpenSSL may not set this by default.

+ +
+
SSL_OP_NO_ANTI_REPLAY
+
+ +

By default, when a server is configured for early data (i.e., max_early_data > 0), OpenSSL will switch on replay protection. See SSL_read_early_data(3) for a description of the replay protection feature. Anti-replay measures are required to comply with the TLSv1.3 specification. Some applications may be able to mitigate the replay risks in other ways and in such cases the built in OpenSSL functionality is not required. Those applications can turn this feature off by setting this option. This is a server-side opton only. It is ignored by clients.

+ +
+
+ +

The following options no longer have any effect but their identifiers are retained for compatibility purposes:

+ +
+ +
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+
+ +
+
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+
+ +
+
SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+
+ +
+
SSL_OP_TLS_D5_BUG
+
+ +
+
SSL_OP_TLS_BLOCK_PADDING_BUG
+
+ +
+
SSL_OP_MSIE_SSLV2_RSA_PADDING
+
+ +
+
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+
+ +
+
SSL_OP_MICROSOFT_SESS_ID_BUG
+
+ +
+
SSL_OP_NETSCAPE_CHALLENGE_BUG
+
+ +
+
SSL_OP_PKCS1_CHECK_1
+
+ +
+
SSL_OP_PKCS1_CHECK_2
+
+ +
+
SSL_OP_SINGLE_DH_USE
+
+ +
+
SSL_OP_SINGLE_ECDH_USE
+
+ +
+
SSL_OP_EPHEMERAL_RSA
+
+ +
+
+ +

SECURE RENEGOTIATION

+ +

OpenSSL always attempts to use secure renegotiation as described in RFC5746. This counters the prefix attack described in CVE-2009-3555 and elsewhere.

+ +

This attack has far reaching consequences which application writers should be aware of. In the description below an implementation supporting secure renegotiation is referred to as patched. A server not supporting secure renegotiation is referred to as unpatched.

+ +

The following sections describe the operations permitted by OpenSSL's secure renegotiation implementation.

+ +

Patched client and server

+ +

Connections and renegotiation are always permitted by OpenSSL implementations.

+ +

Unpatched client and patched OpenSSL server

+ +

The initial connection succeeds but client renegotiation is denied by the server with a no_renegotiation warning alert if TLS v1.0 is used or a fatal handshake_failure alert in SSL v3.0.

+ +

If the patched OpenSSL server attempts to renegotiate a fatal handshake_failure alert is sent. This is because the server code may be unaware of the unpatched nature of the client.

+ +

If the option SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is set then renegotiation always succeeds.

+ +

Patched OpenSSL client and unpatched server.

+ +

If the option SSL_OP_LEGACY_SERVER_CONNECT or SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is set then initial connections and renegotiation between patched OpenSSL clients and unpatched servers succeeds. If neither option is set then initial connections to unpatched servers will fail.

+ +

The option SSL_OP_LEGACY_SERVER_CONNECT is currently set by default even though it has security implications: otherwise it would be impossible to connect to unpatched servers (i.e. all of them initially) and this is clearly not acceptable. Renegotiation is permitted because this does not add any additional security issues: during an attack clients do not see any renegotiations anyway.

+ +

As more servers become patched the option SSL_OP_LEGACY_SERVER_CONNECT will not be set by default in a future version of OpenSSL.

+ +

OpenSSL client applications wishing to ensure they can connect to unpatched servers should always set SSL_OP_LEGACY_SERVER_CONNECT

+ +

OpenSSL client applications that want to ensure they can not connect to unpatched servers (and thus avoid any security issues) should always clear SSL_OP_LEGACY_SERVER_CONNECT using SSL_CTX_clear_options() or SSL_clear_options().

+ +

The difference between the SSL_OP_LEGACY_SERVER_CONNECT and SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION options is that SSL_OP_LEGACY_SERVER_CONNECT enables initial connections and secure renegotiation between OpenSSL clients and unpatched servers only, while SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION allows initial connections and renegotiation between OpenSSL and unpatched clients or servers.

+ +

RETURN VALUES

+ +

SSL_CTX_set_options() and SSL_set_options() return the new options bitmask after adding options.

+ +

SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask after clearing options.

+ +

SSL_CTX_get_options() and SSL_get_options() return the current bitmask.

+ +

SSL_get_secure_renegotiation_support() returns 1 is the peer supports secure renegotiation and 0 if it does not.

+ +

SEE ALSO

+ +

ssl(7), SSL_new(3), SSL_clear(3), SSL_CTX_set_tmp_dh_callback(3), SSL_CTX_set_min_proto_version(3), dhparam(1)

+ +

HISTORY

+ +

The attempt to always try to use secure renegotiation was added in OpenSSL 0.9.8m.

+ +

The SSL_OP_PRIORITIZE_CHACHA and SSL_OP_NO_RENEGOTIATION options were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_psk_client_callback.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_psk_client_callback.html new file mode 100644 index 00000000..ecc81231 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_psk_client_callback.html @@ -0,0 +1,143 @@ + + + + +SSL_CTX_set_psk_client_callback + + + + + + + + + + +

NAME

+ +

SSL_psk_client_cb_func, SSL_psk_use_session_cb_func, SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback, SSL_CTX_set_psk_use_session_callback, SSL_set_psk_use_session_callback - set PSK client callback

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md,
+                                           const unsigned char **id,
+                                           size_t *idlen,
+                                           SSL_SESSION **sess);
+
+
+void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
+                                          SSL_psk_use_session_cb_func cb);
+void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
+
+
+typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl,
+                                               const char *hint,
+                                               char *identity,
+                                               unsigned int max_identity_len,
+                                               unsigned char *psk,
+                                               unsigned int max_psk_len);
+
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb);
+void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb);
+ +

DESCRIPTION

+ +

A client application wishing to use TLSv1.3 PSKs should use either SSL_CTX_set_psk_use_session_callback() or SSL_set_psk_use_session_callback() as appropriate. These functions cannot be used for TLSv1.2 and below PSKs.

+ +

The callback function is given a pointer to the SSL connection in ssl.

+ +

The first time the callback is called for a connection the md parameter is NULL. In some circumstances the callback will be called a second time. In that case the server will have specified a ciphersuite to use already and the PSK must be compatible with the digest for that ciphersuite. The digest will be given in md. The PSK returned by the callback is allowed to be different between the first and second time it is called.

+ +

On successful completion the callback must store a pointer to an identifier for the PSK in *id. The identifier length in bytes should be stored in *idlen. The memory pointed to by *id remains owned by the application and should be freed by it as required at any point after the handshake is complete.

+ +

Additionally the callback should store a pointer to an SSL_SESSION object in *sess. This is used as the basis for the PSK, and should, at a minimum, have the following fields set:

+ +
+ +
The master key
+
+ +

This can be set via a call to SSL_SESSION_set1_master_key(3).

+ +
+
A ciphersuite
+
+ +

Only the handshake digest associated with the ciphersuite is relevant for the PSK (the server may go on to negotiate any ciphersuite which is compatible with the digest). The application can use any TLSv1.3 ciphersuite. If md is not NULL the handshake digest for the ciphersuite should be the same. The ciphersuite can be set via a call to <SSL_SESSION_set_cipher(3)>. The handshake digest of an SSL_CIPHER object can be checked using <SSL_CIPHER_get_handshake_digest(3)>.

+ +
+
The protocol version
+
+ +

This can be set via a call to SSL_SESSION_set_protocol_version(3) and should be TLS1_3_VERSION.

+ +
+
+ +

Additionally the maximum early data value should be set via a call to SSL_SESSION_set_max_early_data(3) if the PSK will be used for sending early data.

+ +

Alternatively an SSL_SESSION created from a previous non-PSK handshake may also be used as the basis for a PSK.

+ +

Ownership of the SSL_SESSION object is passed to the OpenSSL library and so it should not be freed by the application.

+ +

It is also possible for the callback to succeed but not supply a PSK. In this case no PSK will be sent to the server but the handshake will continue. To do this the callback should return successfully and ensure that *sess is NULL. The contents of *id and *idlen will be ignored.

+ +

A client application wishing to use PSK ciphersuites for TLSv1.2 and below must provide a different callback function. This function will be called when the client is sending the ClientKeyExchange message to the server.

+ +

The purpose of the callback function is to select the PSK identity and the pre-shared key to use during the connection setup phase.

+ +

The callback is set using functions SSL_CTX_set_psk_client_callback() or SSL_set_psk_client_callback(). The callback function is given the connection in parameter ssl, a NULL-terminated PSK identity hint sent by the server in parameter hint, a buffer identity of length max_identity_len bytes where the resulting NUL-terminated identity is to be stored, and a buffer psk of length max_psk_len bytes where the resulting pre-shared key is to be stored.

+ +

The callback for use in TLSv1.2 will also work in TLSv1.3 although it is recommended to use SSL_CTX_set_psk_use_session_callback() or SSL_set_psk_use_session_callback() for this purpose instead. If TLSv1.3 has been negotiated then OpenSSL will first check to see if a callback has been set via SSL_CTX_set_psk_use_session_callback() or SSL_set_psk_use_session_callback() and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via SSL_CTX_set_psk_client_callback() or SSL_set_psk_client_callback() and use that. In this case the hint value will always be NULL and the handshake digest will default to SHA-256 for any returned PSK.

+ +

NOTES

+ +

Note that parameter hint given to the callback may be NULL.

+ +

A connection established via a TLSv1.3 PSK will appear as if session resumption has occurred so that SSL_session_reused(3) will return true.

+ +

There are no known security issues with sharing the same PSK between TLSv1.2 (or below) and TLSv1.3. However the RFC has this note of caution:

+ +

"While there is no known way in which the same PSK might produce related output in both versions, only limited analysis has been done. Implementations can ensure safety from cross-protocol related output by not reusing PSKs between TLS 1.3 and TLS 1.2."

+ +

RETURN VALUES

+ +

Return values from the SSL_psk_client_cb_func callback are interpreted as follows:

+ +

On success (callback found a PSK identity and a pre-shared key to use) the length (> 0) of psk in bytes is returned.

+ +

Otherwise or on errors the callback should return 0. In this case the connection setup fails.

+ +

The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on failure. In the event of failure the connection setup fails.

+ +

SEE ALSO

+ +

SSL_CTX_set_psk_find_session_callback(3), SSL_set_psk_find_session_callback(3)

+ +

HISTORY

+ +

SSL_CTX_set_psk_use_session_callback() and SSL_set_psk_use_session_callback() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_quiet_shutdown.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_quiet_shutdown.html new file mode 100644 index 00000000..8e7e9103 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_quiet_shutdown.html @@ -0,0 +1,77 @@ + + + + +SSL_CTX_set_quiet_shutdown + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown - manipulate shutdown behaviour

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
+
+void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+int SSL_get_quiet_shutdown(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_CTX_set_quiet_shutdown() sets the "quiet shutdown" flag for ctx to be mode. SSL objects created from ctx inherit the mode valid at the time SSL_new(3) is called. mode may be 0 or 1.

+ +

SSL_CTX_get_quiet_shutdown() returns the "quiet shutdown" setting of ctx.

+ +

SSL_set_quiet_shutdown() sets the "quiet shutdown" flag for ssl to be mode. The setting stays valid until ssl is removed with SSL_free(3) or SSL_set_quiet_shutdown() is called again. It is not changed when SSL_clear(3) is called. mode may be 0 or 1.

+ +

SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of ssl.

+ +

NOTES

+ +

Normally when a SSL connection is finished, the parties must send out close_notify alert messages using SSL_shutdown(3) for a clean shutdown.

+ +

When setting the "quiet shutdown" flag to 1, SSL_shutdown(3) will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. (SSL_shutdown(3) then behaves like SSL_set_shutdown(3) called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) The session is thus considered to be shutdown, but no close_notify alert is sent to the peer. This behaviour violates the TLS standard.

+ +

The default is normal shutdown behaviour as described by the TLS standard.

+ +

RETURN VALUES

+ +

SSL_CTX_set_quiet_shutdown() and SSL_set_quiet_shutdown() do not return diagnostic information.

+ +

SSL_CTX_get_quiet_shutdown() and SSL_get_quiet_shutdown return the current setting.

+ +

SEE ALSO

+ +

ssl(7), SSL_shutdown(3), SSL_set_shutdown(3), SSL_new(3), SSL_clear(3), SSL_free(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_read_ahead.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_read_ahead.html new file mode 100644 index 00000000..9f7ba2da --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_read_ahead.html @@ -0,0 +1,72 @@ + + + + +SSL_CTX_set_read_ahead + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead, SSL_CTX_get_default_read_ahead - manage whether to read as many input bytes as possible

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_set_read_ahead(SSL *s, int yes);
+int SSL_get_read_ahead(const SSL *s);
+
+SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes);
+long SSL_CTX_get_read_ahead(SSL_CTX *ctx);
+long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as many input bytes as possible (for non-blocking reads) or not. For example if x bytes are currently required by OpenSSL, but y bytes are available from the underlying BIO (where y > x), then OpenSSL will read all y bytes into its buffer (providing that the buffer is large enough) if reading ahead is on, or x bytes otherwise. Setting the parameter yes to 0 turns reading ahead is off, other values turn it on. SSL_CTX_set_default_read_ahead() is identical to SSL_CTX_set_read_ahead().

+ +

SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading ahead has been set or not. SSL_CTX_get_default_read_ahead() is identical to SSL_CTX_get_read_ahead().

+ +

NOTES

+ +

These functions have no impact when used with DTLS. The return values for SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS. Setting read_ahead can impact the behaviour of the SSL_pending() function (see SSL_pending(3)).

+ +

Since SSL_read() can return SSL_ERROR_WANT_READ for non-application data records, and SSL_has_pending() can't tell the difference between processed and unprocessed data, it's recommended that if read ahead is turned on that SSL_MODE_AUTO_RETRY is not turned off using SSL_CTX_clear_mode(). That will prevent getting SSL_ERROR_WANT_READ when there is still a complete record available that hasn't been processed.

+ +

If the application wants to continue to use the underlying transport (e.g. TCP connection) after the SSL connection is finished using SSL_shutdown() reading ahead should be turned off. Otherwise the SSL structure might read data that it shouldn't.

+ +

RETURN VALUES

+ +

SSL_get_read_ahead() and SSL_CTX_get_read_ahead() return 0 if reading ahead is off, and non zero otherwise.

+ +

SEE ALSO

+ +

ssl(7), SSL_pending(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_record_padding_callback.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_record_padding_callback.html new file mode 100644 index 00000000..b61277b2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_record_padding_callback.html @@ -0,0 +1,94 @@ + + + + +SSL_CTX_set_record_padding_callback + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_record_padding_callback, SSL_set_record_padding_callback, SSL_CTX_set_record_padding_callback_arg, SSL_set_record_padding_callback_arg, SSL_CTX_get_record_padding_callback_arg, SSL_get_record_padding_callback_arg, SSL_CTX_set_block_padding, SSL_set_block_padding - install callback to specify TLS 1.3 record padding

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg));
+void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg));
+
+void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
+void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx);
+
+void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
+void *SSL_get_record_padding_callback_arg(const SSL *ssl);
+
+int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
+int SSL_set_block_padding(SSL *ssl, size_t block_size);
+ +

DESCRIPTION

+ +

SSL_CTX_set_record_padding_callback() or SSL_set_record_padding_callback() can be used to assign a callback function cb to specify the padding for TLS 1.3 records. The value set in ctx is copied to a new SSL by SSL_new().

+ +

SSL_CTX_set_record_padding_callback_arg() and SSL_set_record_padding_callback_arg() assign a value arg that is passed to the callback when it is invoked. The value set in ctx is copied to a new SSL by SSL_new().

+ +

SSL_CTX_get_record_padding_callback_arg() and SSL_get_record_padding_callback_arg() retrieve the arg value that is passed to the callback.

+ +

SSL_CTX_set_block_padding() and SSL_set_block_padding() pads the record to a multiple of the block_size. A block_size of 0 or 1 disables block padding. The limit of block_size is SSL3_RT_MAX_PLAIN_LENGTH.

+ +

The callback is invoked for every record before encryption. The type parameter is the TLS record type that is being processed; may be one of SSL3_RT_APPLICATION_DATA, SSL3_RT_HANDSHAKE, or SSL3_RT_ALERT. The len parameter is the current plaintext length of the record before encryption. The arg parameter is the value set via SSL_CTX_set_record_padding_callback_arg() or SSL_set_record_padding_callback_arg().

+ +

RETURN VALUES

+ +

The SSL_CTX_get_record_padding_callback_arg() and SSL_get_record_padding_callback_arg() functions return the arg value assigned in the corresponding set functions.

+ +

The SSL_CTX_set_block_padding() and SSL_set_block_padding() functions return 1 on success or 0 if block_size is too large.

+ +

The cb returns the number of padding bytes to add to the record. A return of 0 indicates no padding will be added. A return value that causes the record to exceed the maximum record size (SSL3_RT_MAX_PLAIN_LENGTH) will pad out to the maximum record size.

+ +

NOTES

+ +

The default behavior is to add no padding to the record.

+ +

A user-supplied padding callback function will override the behavior set by SSL_set_block_padding() or SSL_CTX_set_block_padding(). Setting the user-supplied callback to NULL will restore the configured block padding behavior.

+ +

These functions only apply to TLS 1.3 records being written.

+ +

Padding bytes are not added in constant-time.

+ +

SEE ALSO

+ +

ssl(7), SSL_new(3)

+ +

HISTORY

+ +

The record padding API was added for TLS 1.3 support in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_security_level.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_security_level.html new file mode 100644 index 00000000..18e730d4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_security_level.html @@ -0,0 +1,167 @@ + + + + +SSL_CTX_set_security_level + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, SSL_get_security_level, SSL_CTX_set_security_callback, SSL_set_security_callback, SSL_CTX_get_security_callback, SSL_get_security_callback, SSL_CTX_set0_security_ex_data, SSL_set0_security_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data - SSL/TLS security framework

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
+void SSL_set_security_level(SSL *s, int level);
+
+int SSL_CTX_get_security_level(const SSL_CTX *ctx);
+int SSL_get_security_level(const SSL *s);
+
+void SSL_CTX_set_security_callback(SSL_CTX *ctx,
+                                   int (*cb)(SSL *s, SSL_CTX *ctx, int op,
+                                             int bits, int nid,
+                                             void *other, void *ex));
+
+void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op,
+                                                 int bits, int nid,
+                                                 void *other, void *ex));
+
+int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op,
+                                                         int bits, int nid, void *other,
+                                                         void *ex);
+int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op,
+                                               int bits, int nid, void *other,
+                                               void *ex);
+
+void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
+void SSL_set0_security_ex_data(SSL *s, void *ex);
+
+void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
+void *SSL_get0_security_ex_data(const SSL *s);
+ +

DESCRIPTION

+ +

The functions SSL_CTX_set_security_level() and SSL_set_security_level() set the security level to level. If not set the library default security level is used.

+ +

The functions SSL_CTX_get_security_level() and SSL_get_security_level() retrieve the current security level.

+ +

SSL_CTX_set_security_callback(), SSL_set_security_callback(), SSL_CTX_get_security_callback() and SSL_get_security_callback() get or set the security callback associated with ctx or s. If not set a default security callback is used. The meaning of the parameters and the behaviour of the default callbacks is described below.

+ +

SSL_CTX_set0_security_ex_data(), SSL_set0_security_ex_data(), SSL_CTX_get0_security_ex_data() and SSL_get0_security_ex_data() set the extra data pointer passed to the ex parameter of the callback. This value is passed to the callback verbatim and can be set to any convenient application specific value.

+ +

DEFAULT CALLBACK BEHAVIOUR

+ +

If an application doesn't set its own security callback the default callback is used. It is intended to provide sane defaults. The meaning of each level is described below.

+ +
+ +
Level 0
+
+ +

Everything is permitted. This retains compatibility with previous versions of OpenSSL.

+ +
+
Level 1
+
+ +

The security level corresponds to a minimum of 80 bits of security. Any parameters offering below 80 bits of security are excluded. As a result RSA, DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits are prohibited. All export cipher suites are prohibited since they all offer less than 80 bits of security. SSL version 2 is prohibited. Any cipher suite using MD5 for the MAC is also prohibited.

+ +
+
Level 2
+
+ +

Security level set to 112 bits of security. As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. In addition to the level 1 exclusions any cipher suite using RC4 is also prohibited. SSL version 3 is also not allowed. Compression is disabled.

+ +
+
Level 3
+
+ +

Security level set to 128 bits of security. As a result RSA, DSA and DH keys shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited. In addition to the level 2 exclusions cipher suites not offering forward secrecy are prohibited. TLS versions below 1.1 are not permitted. Session tickets are disabled.

+ +
+
Level 4
+
+ +

Security level set to 192 bits of security. As a result RSA, DSA and DH keys shorter than 7680 bits and ECC keys shorter than 384 bits are prohibited. Cipher suites using SHA1 for the MAC are prohibited. TLS versions below 1.2 are not permitted.

+ +
+
Level 5
+
+ +

Security level set to 256 bits of security. As a result RSA, DSA and DH keys shorter than 15360 bits and ECC keys shorter than 512 bits are prohibited.

+ +
+
+ +

APPLICATION DEFINED SECURITY CALLBACKS

+ +

Documentation to be provided.

+ +

NOTES

+ +

WARNING at this time setting the security level higher than 1 for general internet use is likely to cause considerable interoperability issues and is not recommended. This is because the SHA1 algorithm is very widely used in certificates and will be rejected at levels higher than 1 because it only offers 80 bits of security.

+ +

The default security level can be configured when OpenSSL is compiled by setting -DOPENSSL_TLS_SECURITY_LEVEL=level. If not set then 1 is used.

+ +

The security framework disables or reject parameters inconsistent with the set security level. In the past this was difficult as applications had to set a number of distinct parameters (supported ciphers, supported curves supported signature algorithms) to achieve this end and some cases (DH parameter size for example) could not be checked at all.

+ +

By setting an appropriate security level much of this complexity can be avoided.

+ +

The bits of security limits affect all relevant parameters including cipher suite encryption algorithms, supported ECC curves, supported signature algorithms, DH parameter sizes, certificate key sizes and signature algorithms. This limit applies no matter what other custom settings an application has set: so if the cipher suite is set to ALL then only cipher suites consistent with the security level are permissible.

+ +

See SP800-57 for how the security limits are related to individual algorithms.

+ +

Some security levels require large key sizes for non-ECC public key algorithms which can severely degrade performance. For example 256 bits of security requires the use of RSA keys of at least 15360 bits in size.

+ +

Some restrictions can be gracefully handled: for example cipher suites offering insufficient security are not sent by the client and will not be selected by the server. Other restrictions such as the peer certificate key size or the DH parameter size will abort the handshake with a fatal alert.

+ +

Attempts to set certificates or parameters with insufficient security are also blocked. For example trying to set a certificate using a 512 bit RSA key using SSL_CTX_use_certificate() at level 1. Applications which do not check the return values for errors will misbehave: for example it might appear that a certificate is not set at all because it had been rejected.

+ +

RETURN VALUES

+ +

SSL_CTX_set_security_level() and SSL_set_security_level() do not return values.

+ +

SSL_CTX_get_security_level() and SSL_get_security_level() return a integer that represents the security level with SSL_CTX or SSL, respectively.

+ +

SSL_CTX_set_security_callback() and SSL_set_security_callback() do not return values.

+ +

SSL_CTX_get_security_callback() and SSL_get_security_callback() return the pointer to the security callback or NULL if the callback is not set.

+ +

SSL_CTX_get0_security_ex_data() and SSL_get0_security_ex_data() return the extra data pointer or NULL if the ex data is not set.

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_session_cache_mode.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_session_cache_mode.html new file mode 100644 index 00000000..75d89689 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_session_cache_mode.html @@ -0,0 +1,128 @@ + + + + +SSL_CTX_set_session_cache_mode + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode - enable/disable session caching

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode);
+long SSL_CTX_get_session_cache_mode(SSL_CTX ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_set_session_cache_mode() enables/disables session caching by setting the operational mode for ctx to <mode>.

+ +

SSL_CTX_get_session_cache_mode() returns the currently used cache mode.

+ +

NOTES

+ +

The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse. The sessions can be held in memory for each ctx, if more than one SSL_CTX object is being maintained, the sessions are unique for each SSL_CTX object.

+ +

In order to reuse a session, a client must send the session's id to the server. It can only send exactly one id. The server then either agrees to reuse the session or it starts a full handshake (to create a new session).

+ +

A server will look up the session in its internal session storage. If the session is not found in internal storage or lookups for the internal storage have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try the external storage if available.

+ +

Since a client may try to reuse a session intended for use in a different context, the session id context must be set by the server (see SSL_CTX_set_session_id_context(3)).

+ +

The following session cache modes and modifiers are available:

+ +
+ +
SSL_SESS_CACHE_OFF
+
+ +

No session caching for client or server takes place.

+ +
+
SSL_SESS_CACHE_CLIENT
+
+ +

Client sessions are added to the session cache. As there is no reliable way for the OpenSSL library to know whether a session should be reused or which session to choose (due to the abstract BIO layer the SSL engine does not have details about the connection), the application must select the session to be reused by using the SSL_set_session(3) function. This option is not activated by default.

+ +
+
SSL_SESS_CACHE_SERVER
+
+ +

Server sessions are added to the session cache. When a client proposes a session to be reused, the server looks for the corresponding session in (first) the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set), then (second) in the external cache if available. If the session is found, the server will try to reuse the session. This is the default.

+ +
+
SSL_SESS_CACHE_BOTH
+
+ +

Enable both SSL_SESS_CACHE_CLIENT and SSL_SESS_CACHE_SERVER at the same time.

+ +
+
SSL_SESS_CACHE_NO_AUTO_CLEAR
+
+ +

Normally the session cache is checked for expired sessions every 255 connections using the SSL_CTX_flush_sessions(3) function. Since this may lead to a delay which cannot be controlled, the automatic flushing may be disabled and SSL_CTX_flush_sessions(3) can be called explicitly by the application.

+ +
+
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+
+ +

By setting this flag, session-resume operations in an SSL/TLS server will not automatically look up sessions in the internal cache, even if sessions are automatically stored there. If external session caching callbacks are in use, this flag guarantees that all lookups are directed to the external cache. As automatic lookup only applies for SSL/TLS servers, the flag has no effect on clients.

+ +
+
SSL_SESS_CACHE_NO_INTERNAL_STORE
+
+ +

Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER, sessions negotiated in an SSL/TLS handshake may be cached for possible reuse. Normally a new session is added to the internal cache as well as any external session caching (callback) that is configured for the SSL_CTX. This flag will prevent sessions being stored in the internal cache (though the application can add them manually using SSL_CTX_add_session(3)). Note: in any SSL/TLS servers where external caching is configured, any successful session lookups in the external cache (ie. for session-resume requests) would normally be copied into the local cache before processing continues - this flag prevents these additions to the internal cache as well.

+ +
+
SSL_SESS_CACHE_NO_INTERNAL
+
+ +

Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.

+ +
+
+ +

The default mode is SSL_SESS_CACHE_SERVER.

+ +

RETURN VALUES

+ +

SSL_CTX_set_session_cache_mode() returns the previously set cache mode.

+ +

SSL_CTX_get_session_cache_mode() returns the currently set cache mode.

+ +

SEE ALSO

+ +

ssl(7), SSL_set_session(3), SSL_session_reused(3), SSL_CTX_add_session(3), SSL_CTX_sess_number(3), SSL_CTX_sess_set_cache_size(3), SSL_CTX_sess_set_get_cb(3), SSL_CTX_set_session_id_context(3), SSL_CTX_set_timeout(3), SSL_CTX_flush_sessions(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_session_id_context.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_session_id_context.html new file mode 100644 index 00000000..ca281b2c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_session_id_context.html @@ -0,0 +1,95 @@ + + + + +SSL_CTX_set_session_id_context + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_session_id_context, SSL_set_session_id_context - set context within which session can be reused (server side only)

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                   unsigned int sid_ctx_len);
+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+                               unsigned int sid_ctx_len);
+ +

DESCRIPTION

+ +

SSL_CTX_set_session_id_context() sets the context sid_ctx of length sid_ctx_len within which a session can be reused for the ctx object.

+ +

SSL_set_session_id_context() sets the context sid_ctx of length sid_ctx_len within which a session can be reused for the ssl object.

+ +

NOTES

+ +

Sessions are generated within a certain context. When exporting/importing sessions with i2d_SSL_SESSION/d2i_SSL_SESSION it would be possible, to re-import a session generated from another context (e.g. another application), which might lead to malfunctions. Therefore each application must set its own session id context sid_ctx which is used to distinguish the contexts and is stored in exported sessions. The sid_ctx can be any kind of binary data with a given length, it is therefore possible to use e.g. the name of the application and/or the hostname and/or service name ...

+ +

The session id context becomes part of the session. The session id context is set by the SSL/TLS server. The SSL_CTX_set_session_id_context() and SSL_set_session_id_context() functions are therefore only useful on the server side.

+ +

OpenSSL clients will check the session id context returned by the server when reusing a session.

+ +

The maximum length of the sid_ctx is limited to SSL_MAX_SID_CTX_LENGTH.

+ +

WARNINGS

+ +

If the session id context is not set on an SSL/TLS server and client certificates are used, stored sessions will not be reused but a fatal error will be flagged and the handshake will fail.

+ +

If a server returns a different session id context to an OpenSSL client when reusing a session, an error will be flagged and the handshake will fail. OpenSSL servers will always return the correct session id context, as an OpenSSL server checks the session id context itself before reusing a session as described above.

+ +

RETURN VALUES

+ +

SSL_CTX_set_session_id_context() and SSL_set_session_id_context() return the following values:

+ +
+ +
0
+
+ +

The length sid_ctx_len of the session id context sid_ctx exceeded the maximum allowed length of SSL_MAX_SID_CTX_LENGTH. The error is logged to the error stack.

+ +
+
1
+
+ +

The operation succeeded.

+ +
+
+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_session_ticket_cb.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_session_ticket_cb.html new file mode 100644 index 00000000..d2ba22ca --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_session_ticket_cb.html @@ -0,0 +1,169 @@ + + + + +SSL_CTX_set_session_ticket_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_session_ticket_cb, SSL_SESSION_get0_ticket_appdata, SSL_SESSION_set1_ticket_appdata, SSL_CTX_generate_session_ticket_fn, SSL_CTX_decrypt_session_ticket_fn - manage session ticket application data

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg);
+typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss,
+                                                               const unsigned char *keyname,
+                                                               size_t keyname_len,
+                                                               SSL_TICKET_STATUS status,
+                                                               void *arg);
+int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
+                                  SSL_CTX_generate_session_ticket_fn gen_cb,
+                                  SSL_CTX_decrypt_session_ticket_fn dec_cb,
+                                  void *arg);
+int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len);
+int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len);
+ +

DESCRIPTION

+ +

SSL_CTX_set_set_session_ticket_cb() sets the application callbacks gen_cb and dec_cb that are used by a server to set and get application data stored with a session, and placed into a session ticket. Either callback function may be set to NULL. The value of arg is passed to the callbacks.

+ +

gen_cb is the application defined callback invoked when a session ticket is about to be created. The application can call SSL_SESSION_set1_ticket_appdata() at this time to add application data to the session ticket. The value of arg is the same as that given to SSL_CTX_set_session_ticket_cb(). The gen_cb callback is defined as type SSL_CTX_generate_session_ticket_fn.

+ +

dec_cb is the application defined callback invoked after session ticket decryption has been attempted and any session ticket application data is available. If ticket decryption was successful then the ss argument contains the session data. The keyname and keyname_len arguments identify the key used to decrypt the session ticket. The status argument is the result of the ticket decryption. See the NOTES section below for further details. The value of arg is the same as that given to SSL_CTX_set_session_ticket_cb(). The dec_cb callback is defined as type SSL_CTX_decrypt_session_ticket_fn.

+ +

SSL_SESSION_set1_ticket_appdata() sets the application data specified by data and len into ss which is then placed into any generated session tickets. It can be called at any time before a session ticket is created to update the data placed into the session ticket. However, given that sessions and tickets are created by the handshake, the gen_cb is provided to notify the application that a session ticket is about to be generated.

+ +

SSL_SESSION_get0_ticket_appdata() assigns data to the session ticket application data and assigns len to the length of the session ticket application data from ss. The application data can be set via SSL_SESSION_set1_ticket_appdata() or by a session ticket. NULL will be assigned to data and 0 will be assigned to len if there is no session ticket application data. SSL_SESSION_get0_ticket_appdata() can be called any time after a session has been created. The dec_cb is provided to notify the application that a session ticket has just been decrypted.

+ +

NOTES

+ +

When the dec_cb callback is invoked, the SSL_SESSION ss has not yet been assigned to the SSL s. The status indicates the result of the ticket decryption. The callback must check the status value before performing any action, as it is called even if ticket decryption fails.

+ +

The keyname and keyname_len arguments to dec_cb may be used to identify the key that was used to encrypt the session ticket.

+ +

The status argument can be any of these values:

+ +
+ +
SSL_TICKET_EMPTY
+
+ +

Empty ticket present. No ticket data will be used and a new ticket should be sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not valid for a client to send an empty ticket.

+ +
+
SSL_TICKET_NO_DECRYPT
+
+ +

The ticket couldn't be decrypted. No ticket data will be used and a new ticket should be sent to the client.

+ +
+
SSL_TICKET_SUCCESS
+
+ +

A ticket was successfully decrypted, any session ticket application data should be available. A new ticket should not be sent to the client.

+ +
+
SSL_TICKET_SUCCESS_RENEW
+
+ +

Same as SSL_TICKET_SUCCESS, but a new ticket should be sent to the client.

+ +
+
+ +

The return value can be any of these values:

+ +
+ +
SSL_TICKET_RETURN_ABORT
+
+ +

The handshake should be aborted, either because of an error or because of some policy. Note that in TLSv1.3 a client may send more than one ticket in a single handshake. Therefore just because one ticket is unacceptable it does not mean that all of them are. For this reason this option should be used with caution.

+ +
+
SSL_TICKET_RETURN_IGNORE
+
+ +

Do not use a ticket (if one was available). Do not send a renewed ticket to the client.

+ +
+
SSL_TICKET_RETURN_IGNORE_RENEW
+
+ +

Do not use a ticket (if one was available). Send a renewed ticket to the client.

+ +

If the callback does not wish to change the default ticket behaviour then it should return this value if status is SSL_TICKET_EMPTY or SSL_TICKET_NO_DECRYPT.

+ +
+
SSL_TICKET_RETURN_USE
+
+ +

Use the ticket. Do not send a renewed ticket to the client. It is an error for the callback to return this value if status has a value other than SSL_TICKET_SUCCESS or SSL_TICKET_SUCCESS_RENEW.

+ +

If the callback does not wish to change the default ticket behaviour then it should return this value if status is SSL_TICKET_SUCCESS.

+ +
+
SSL_TICKET_RETURN_USE_RENEW
+
+ +

Use the ticket. Send a renewed ticket to the client. It is an error for the callback to return this value if status has a value other than SSL_TICKET_SUCCESS or SSL_TICKET_SUCCESS_RENEW.

+ +

If the callback does not wish to change the default ticket behaviour then it should return this value if status is SSL_TICKET_SUCCESS_RENEW.

+ +
+
+ +

If status has the value SSL_TICKET_EMPTY or SSL_TICKET_NO_DECRYPT then no session data will be available and the callback must not use the ss argument. If status has the value SSL_TICKET_SUCCESS or SSL_TICKET_SUCCESS_RENEW then the application can call SSL_SESSION_get0_ticket_appdata() using the session provided in the ss argument to retrieve the application data.

+ +

When the gen_cb callback is invoked, the SSL_get_session() function can be used to retrieve the SSL_SESSION for SSL_SESSION_set1_ticket_appdata().

+ +

By default, in TLSv1.2 and below, a new session ticket is not issued on a successful resumption and therefore gen_cb will not be called. In TLSv1.3 the default behaviour is to always issue a new ticket on resumption. In both cases this behaviour can be changed if a ticket key callback is in use (see SSL_CTX_set_tlsext_ticket_key_cb(3)).

+ +

RETURN VALUES

+ +

The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata() and SSL_SESSION_get0_ticket_appdata() functions return 1 on success and 0 on failure.

+ +

The gen_cb callback must return 1 to continue the connection. A return of 0 will terminate the connection with an INTERNAL_ERROR alert.

+ +

The dec_cb callback must return a value as described in NOTES above.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_session(3)

+ +

HISTORY

+ +

The SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() and SSL_SESSION_get_ticket_appdata() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_split_send_fragment.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_split_send_fragment.html new file mode 100644 index 00000000..dd5e75db --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_split_send_fragment.html @@ -0,0 +1,150 @@ + + + + +SSL_CTX_set_split_send_fragment + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len, SSL_CTX_set_tlsext_max_fragment_length, SSL_set_tlsext_max_fragment_length, SSL_SESSION_get_max_fragment_length - Control fragment size settings and pipelining operations

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, long);
+long SSL_set_max_send_fragment(SSL *ssl, long m);
+
+long SSL_CTX_set_max_pipelines(SSL_CTX *ctx, long m);
+long SSL_set_max_pipelines(SSL_CTX *ssl, long m);
+
+long SSL_CTX_set_split_send_fragment(SSL_CTX *ctx, long m);
+long SSL_set_split_send_fragment(SSL *ssl, long m);
+
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
+void SSL_set_default_read_buffer_len(SSL *s, size_t len);
+
+int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
+int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
+uint8_t SSL_SESSION_get_max_fragment_length(SSL_SESSION *session);
+ +

DESCRIPTION

+ +

Some engines are able to process multiple simultaneous crypto operations. This capability could be utilised to parallelise the processing of a single connection. For example a single write can be split into multiple records and each one encrypted independently and in parallel. Note: this will only work in TLS1.1+. There is no support in SSLv3, TLSv1.0 or DTLS (any version). This capability is known as "pipelining" within OpenSSL.

+ +

In order to benefit from the pipelining capability. You need to have an engine that provides ciphers that support this. The OpenSSL "dasync" engine provides AES128-SHA based ciphers that have this capability. However these are for development and test purposes only.

+ +

SSL_CTX_set_max_send_fragment() and SSL_set_max_send_fragment() set the max_send_fragment parameter for SSL_CTX and SSL objects respectively. This value restricts the amount of plaintext bytes that will be sent in any one SSL/TLS record. By default its value is SSL3_RT_MAX_PLAIN_LENGTH (16384). These functions will only accept a value in the range 512 - SSL3_RT_MAX_PLAIN_LENGTH.

+ +

SSL_CTX_set_max_pipelines() and SSL_set_max_pipelines() set the maximum number of pipelines that will be used at any one time. This value applies to both "read" pipelining and "write" pipelining. By default only one pipeline will be used (i.e. normal non-parallel operation). The number of pipelines set must be in the range 1 - SSL_MAX_PIPELINES (32). Setting this to a value > 1 will also automatically turn on "read_ahead" (see SSL_CTX_set_read_ahead(3)). This is explained further below. OpenSSL will only every use more than one pipeline if a cipher suite is negotiated that uses a pipeline capable cipher provided by an engine.

+ +

Pipelining operates slightly differently for reading encrypted data compared to writing encrypted data. SSL_CTX_set_split_send_fragment() and SSL_set_split_send_fragment() define how data is split up into pipelines when writing encrypted data. The number of pipelines used will be determined by the amount of data provided to the SSL_write_ex() or SSL_write() call divided by split_send_fragment.

+ +

For example if split_send_fragment is set to 2000 and max_pipelines is 4 then:

+ +

SSL_write/SSL_write_ex called with 0-2000 bytes == 1 pipeline used

+ +

SSL_write/SSL_write_ex called with 2001-4000 bytes == 2 pipelines used

+ +

SSL_write/SSL_write_ex called with 4001-6000 bytes == 3 pipelines used

+ +

SSL_write/SSL_write_ex called with 6001+ bytes == 4 pipelines used

+ +

split_send_fragment must always be less than or equal to max_send_fragment. By default it is set to be equal to max_send_fragment. This will mean that the same number of records will always be created as would have been created in the non-parallel case, although the data will be apportioned differently. In the parallel case data will be spread equally between the pipelines.

+ +

Read pipelining is controlled in a slightly different way than with write pipelining. While reading we are constrained by the number of records that the peer (and the network) can provide to us in one go. The more records we can get in one go the more opportunity we have to parallelise the processing. As noted above when setting max_pipelines to a value greater than one, read_ahead is automatically set. The read_ahead parameter causes OpenSSL to attempt to read as much data into the read buffer as the network can provide and will fit into the buffer. Without this set data is read into the read buffer one record at a time. The more data that can be read, the more opportunity there is for parallelising the processing at the cost of increased memory overhead per connection. Setting read_ahead can impact the behaviour of the SSL_pending() function (see SSL_pending(3)).

+ +

The SSL_CTX_set_default_read_buffer_len() and SSL_set_default_read_buffer_len() functions control the size of the read buffer that will be used. The len parameter sets the size of the buffer. The value will only be used if it is greater than the default that would have been used anyway. The normal default value depends on a number of factors but it will be at least SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD (16704) bytes.

+ +

SSL_CTX_set_tlsext_max_fragment_length() sets the default maximum fragment length negotiation mode via value mode to ctx. This setting affects only SSL instances created after this function is called. It affects the client-side as only its side may initiate this extension use.

+ +

SSL_set_tlsext_max_fragment_length() sets the maximum fragment length negotiation mode via value mode to ssl. This setting will be used during a handshake when extensions are exchanged between client and server. So it only affects SSL sessions created after this function is called. It affects the client-side as only its side may initiate this extension use.

+ +

SSL_SESSION_get_max_fragment_length() gets the maximum fragment length negotiated in session.

+ +

RETURN VALUES

+ +

All non-void functions return 1 on success and 0 on failure.

+ +

NOTES

+ +

The Maximum Fragment Length extension support is optional on the server side. If the server does not support this extension then SSL_SESSION_get_max_fragment_length() will return: TLSEXT_max_fragment_length_DISABLED.

+ +

The following modes are available:

+ +
+ +
TLSEXT_max_fragment_length_DISABLED
+
+ +

Disables Maximum Fragment Length Negotiation (default).

+ +
+
TLSEXT_max_fragment_length_512
+
+ +

Sets Maximum Fragment Length to 512 bytes.

+ +
+
TLSEXT_max_fragment_length_1024
+
+ +

Sets Maximum Fragment Length to 1024.

+ +
+
TLSEXT_max_fragment_length_2048
+
+ +

Sets Maximum Fragment Length to 2048.

+ +
+
TLSEXT_max_fragment_length_4096
+
+ +

Sets Maximum Fragment Length to 4096.

+ +
+
+ +

With the exception of SSL_CTX_set_default_read_buffer_len() SSL_set_default_read_buffer_len(), SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() and SSL_SESSION_get_max_fragment_length() all these functions are implemented using macros.

+ +

SEE ALSO

+ +

SSL_CTX_set_read_ahead(3), SSL_pending(3)

+ +

HISTORY

+ +

The SSL_CTX_set_max_pipelines(), SSL_set_max_pipelines(), SSL_CTX_set_split_send_fragment(), SSL_set_split_send_fragment(), SSL_CTX_set_default_read_buffer_len() and SSL_set_default_read_buffer_len() functions were added in OpenSSL 1.1.0.

+ +

The SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() and SSL_SESSION_get_max_fragment_length() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_ssl_version.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_ssl_version.html new file mode 100644 index 00000000..d44ecd5e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_ssl_version.html @@ -0,0 +1,85 @@ + + + + +SSL_CTX_set_ssl_version + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method - choose a new TLS/SSL method

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method);
+int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
+const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_CTX_set_ssl_version() sets a new default TLS/SSL method for SSL objects newly created from this ctx. SSL objects already created with SSL_new(3) are not affected, except when SSL_clear(3) is being called.

+ +

SSL_set_ssl_method() sets a new TLS/SSL method for a particular ssl object. It may be reset, when SSL_clear() is called.

+ +

SSL_get_ssl_method() returns a function pointer to the TLS/SSL method set in ssl.

+ +

NOTES

+ +

The available method choices are described in SSL_CTX_new(3).

+ +

When SSL_clear(3) is called and no session is connected to an SSL object, the method of the SSL object is reset to the method currently set in the corresponding SSL_CTX object.

+ +

RETURN VALUES

+ +

The following return values can occur for SSL_CTX_set_ssl_version() and SSL_set_ssl_method():

+ +
+ +
0
+
+ +

The new choice failed, check the error stack to find out the reason.

+ +
+
1
+
+ +

The operation succeeded.

+ +
+
+ +

SEE ALSO

+ +

SSL_CTX_new(3), SSL_new(3), SSL_clear(3), ssl(7), SSL_set_connect_state(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html new file mode 100644 index 00000000..e22d5c52 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html @@ -0,0 +1,89 @@ + + + + +SSL_CTX_set_stateless_cookie_generate_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_stateless_cookie_generate_cb, SSL_CTX_set_stateless_cookie_verify_cb, SSL_CTX_set_cookie_generate_cb, SSL_CTX_set_cookie_verify_cb - Callback functions for stateless TLS1.3 cookies

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_stateless_cookie_generate_cb(
+    SSL_CTX *ctx,
+    int (*gen_stateless_cookie_cb) (SSL *ssl,
+                                    unsigned char *cookie,
+                                    size_t *cookie_len));
+void SSL_CTX_set_stateless_cookie_verify_cb(
+    SSL_CTX *ctx,
+    int (*verify_stateless_cookie_cb) (SSL *ssl,
+                                       const unsigned char *cookie,
+                                       size_t cookie_len));
+
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+                                    int (*app_gen_cookie_cb) (SSL *ssl,
+                                                              unsigned char
+                                                              *cookie,
+                                                              unsigned int
+                                                              *cookie_len));
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+                                  int (*app_verify_cookie_cb) (SSL *ssl,
+                                                               const unsigned
+                                                               char *cookie,
+                                                               unsigned int
+                                                               cookie_len));
+ +

DESCRIPTION

+ +

SSL_CTX_set_stateless_cookie_generate_cb() sets the callback used by SSL_stateless(3) to generate the application-controlled portion of the cookie provided to clients in the HelloRetryRequest transmitted as a response to a ClientHello with a missing or invalid cookie. gen_stateless_cookie_cb() must write at most SSL_COOKIE_LENGTH bytes into cookie, and must write the number of bytes written to cookie_len. If a cookie cannot be generated, a zero return value can be used to abort the handshake.

+ +

SSL_CTX_set_stateless_cookie_verify_cb() sets the callback used by SSL_stateless(3) to determine whether the application-controlled portion of a ClientHello cookie is valid. The cookie data is pointed to by cookie and is of length cookie_len. A nonzero return value from verify_stateless_cookie_cb() communicates that the cookie is valid. The integrity of the entire cookie, including the application-controlled portion, is automatically verified by HMAC before verify_stateless_cookie_cb() is called.

+ +

SSL_CTX_set_cookie_generate_cb() sets the callback used by DTLSv1_listen(3) to generate the cookie provided to clients in the HelloVerifyRequest transmitted as a response to a ClientHello with a missing or invalid cookie. app_gen_cookie_cb() must write at most DTLS1_COOKIE_LENGTH bytes into cookie, and must write the number of bytes written to cookie_len. If a cookie cannot be generated, a zero return value can be used to abort the handshake.

+ +

SSL_CTX_set_cookie_verify_cb() sets the callback used by DTLSv1_listen(3) to determine whether the cookie in a ClientHello is valid. The cookie data is pointed to by cookie and is of length cookie_len. A nonzero return value from app_verify_cookie_cb() communicates that the cookie is valid. The integrity of the cookie is not verified by OpenSSL. This is an application responsibility.

+ +

RETURN VALUES

+ +

Neither function returns a value.

+ +

SEE ALSO

+ +

SSL_stateless(3), DTLSv1_listen(3)

+ +

HISTORY

+ +

SSL_CTX_set_stateless_cookie_generate_cb() and SSL_CTX_set_stateless_cookie_verify_cb() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_timeout.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_timeout.html new file mode 100644 index 00000000..632f3b2a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_timeout.html @@ -0,0 +1,74 @@ + + + + +SSL_CTX_set_timeout + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for session caching

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+long SSL_CTX_get_timeout(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_set_timeout() sets the timeout for newly created sessions for ctx to t. The timeout value t must be given in seconds.

+ +

SSL_CTX_get_timeout() returns the currently set timeout value for ctx.

+ +

NOTES

+ +

Whenever a new session is created, it is assigned a maximum lifetime. This lifetime is specified by storing the creation time of the session and the timeout value valid at this time. If the actual time is later than creation time plus timeout, the session is not reused.

+ +

Due to this realization, all sessions behave according to the timeout value valid at the time of the session negotiation. Changes of the timeout value do not affect already established sessions.

+ +

The expiration time of a single session can be modified using the SSL_SESSION_get_time(3) family of functions.

+ +

Expired sessions are removed from the internal session cache, whenever SSL_CTX_flush_sessions(3) is called, either directly by the application or automatically (see SSL_CTX_set_session_cache_mode(3))

+ +

The default value for session timeout is decided on a per protocol basis, see SSL_get_default_timeout(3). All currently supported protocols have the same default timeout value of 300 seconds.

+ +

RETURN VALUES

+ +

SSL_CTX_set_timeout() returns the previously set timeout value.

+ +

SSL_CTX_get_timeout() returns the currently set timeout value.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_session_cache_mode(3), SSL_SESSION_get_time(3), SSL_CTX_flush_sessions(3), SSL_get_default_timeout(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_servername_callback.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_servername_callback.html new file mode 100644 index 00000000..55c9673a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_servername_callback.html @@ -0,0 +1,167 @@ + + + + +SSL_CTX_set_tlsext_servername_callback + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, SSL_get_servername_type, SSL_get_servername, SSL_set_tlsext_host_name - handle server name indication (SNI)

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx,
+                                  int (*cb)(SSL *s, int *al, void *arg));
+long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);
+
+const char *SSL_get_servername(const SSL *s, const int type);
+int SSL_get_servername_type(const SSL *s);
+
+int SSL_set_tlsext_host_name(const SSL *s, const char *name);
+ +

DESCRIPTION

+ +

The functionality provided by the servername callback is mostly superseded by the ClientHello callback, which can be set using SSL_CTX_set_client_hello_cb(). However, even where the ClientHello callback is used, the servername callback is still necessary in order to acknowledge the servername requested by the client.

+ +

SSL_CTX_set_tlsext_servername_callback() sets the application callback cb used by a server to perform any actions or configuration required based on the servername extension received in the incoming connection. When cb is NULL, SNI is not used.

+ +

The servername callback should return one of the following values:

+ +
+ +
SSL_TLSEXT_ERR_OK
+
+ +

This is used to indicate that the servername requested by the client has been accepted. Typically a server will call SSL_set_SSL_CTX() in the callback to set up a different configuration for the selected servername in this case.

+ +
+
SSL_TLSEXT_ERR_ALERT_FATAL
+
+ +

In this case the servername requested by the client is not accepted and the handshake will be aborted. The value of the alert to be used should be stored in the location pointed to by the al parameter to the callback. By default this value is initialised to SSL_AD_UNRECOGNIZED_NAME.

+ +
+
SSL_TLSEXT_ERR_ALERT_WARNING
+
+ +

If this value is returned then the servername is not accepted by the server. However the handshake will continue and send a warning alert instead. The value of the alert should be stored in the location pointed to by the al parameter as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support warning alerts, so if TLSv1.3 has been negotiated then this return value is treated the same way as SSL_TLSEXT_ERR_NOACK.

+ +
+
SSL_TLSEXT_ERR_NOACK
+
+ +

This return value indicates that the servername is not accepted by the server. No alerts are sent and the server will not acknowledge the requested servername.

+ +
+
+ +

SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be passed into the callback (via the arg parameter) for this SSL_CTX.

+ +

The behaviour of SSL_get_servername() depends on a number of different factors. In particular note that in TLSv1.3 the servername is negotiated in every handshake. In TLSv1.2 the servername is only negotiated on initial handshakes and not on resumption handshakes.

+ +
+ +
On the client, before the handshake
+
+ +

If a servername has been set via a call to SSL_set_tlsext_host_name() then it will return that servername.

+ +

If one has not been set, but a TLSv1.2 resumption is being attempted and the session from the original handshake had a servername accepted by the server then it will return that servername.

+ +

Otherwise it returns NULL.

+ +
+
On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred
+
+ +

If the session from the orignal handshake had a servername accepted by the server then it will return that servername.

+ +

Otherwise it returns the servername set via SSL_set_tlsext_host_name() or NULL if it was not called.

+ +
+
On the client, during or after the handshake and a TLSv1.2 (or below) resumption did not occur
+
+ +

It will return the servername set via SSL_set_tlsext_host_name() or NULL if it was not called.

+ +
+
On the server, before the handshake
+
+ +

The function will always return NULL before the handshake

+ +
+
On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred
+
+ +

If a servername was accepted by the server in the original handshake then it will return that servername, or NULL otherwise.

+ +
+
On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur
+
+ +

The function will return the servername requested by the client in this handshake or NULL if none was requested.

+ +
+
+ +

Note that the ClientHello callback occurs before a servername extension from the client is processed. The servername, certificate and ALPN callbacks occur after a servername extension from the client is processed.

+ +

SSL_get_servername_type() returns the servername type or -1 if no servername is present. Currently the only supported type (defined in RFC3546) is TLSEXT_NAMETYPE_host_name.

+ +

SSL_set_tlsext_host_name() sets the server name indication ClientHello extension to contain the value name. The type of server name indication extension is set to TLSEXT_NAMETYPE_host_name (defined in RFC3546).

+ +

NOTES

+ +

Several callbacks are executed during ClientHello processing, including the ClientHello, ALPN, and servername callbacks. The ClientHello callback is executed first, then the servername callback, followed by the ALPN callback.

+ +

The SSL_set_tlsext_host_name() function should only be called on SSL objects that will act as clients; otherwise the configured name will be ignored.

+ +

RETURN VALUES

+ +

SSL_CTX_set_tlsext_servername_callback() and SSL_CTX_set_tlsext_servername_arg() both always return 1 indicating success. SSL_set_tlsext_host_name() returns 1 on success, 0 in case of error.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_alpn_select_cb(3), SSL_get0_alpn_selected(3), SSL_CTX_set_client_hello_cb(3)

+ +

HISTORY

+ +

SSL_get_servername() historically provided some unexpected results in certain corner cases. This has been fixed from OpenSSL 1.1.1e.

+ +

Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2 handshake, the server accepted it, and then the client successfully resumed but set a different explict servername in the second handshake then when called by the client it returned the servername from the second handshake. This has now been changed to return the servername requested in the original handshake.

+ +

Also prior to 1.1.1e, if the client sent a servername in the first handshake but the server did not accept it, and then a second handshake occured where TLSv1.2 resumption was successful then when called by the server it returned the servername requested in the original handshake. This has now been changed to NULL.

+ +

COPYRIGHT

+ +

Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_status_cb.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_status_cb.html new file mode 100644 index 00000000..e8b8127a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_status_cb.html @@ -0,0 +1,87 @@ + + + + +SSL_CTX_set_tlsext_status_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_tlsext_status_cb, SSL_CTX_get_tlsext_status_cb, SSL_CTX_set_tlsext_status_arg, SSL_CTX_get_tlsext_status_arg, SSL_CTX_set_tlsext_status_type, SSL_CTX_get_tlsext_status_type, SSL_set_tlsext_status_type, SSL_get_tlsext_status_type, SSL_get_tlsext_status_ocsp_resp, SSL_set_tlsext_status_ocsp_resp - OCSP Certificate Status Request functions

+ +

SYNOPSIS

+ +
#include <openssl/tls1.h>
+
+long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *));
+long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *));
+
+long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
+long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg);
+
+long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type);
+long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx);
+
+long SSL_set_tlsext_status_type(SSL *s, int type);
+long SSL_get_tlsext_status_type(SSL *s);
+
+long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp);
+long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len);
+ +

DESCRIPTION

+ +

A client application may request that a server send back an OCSP status response (also known as OCSP stapling). To do so the client should call the SSL_CTX_set_tlsext_status_type() function prior to the creation of any SSL objects. Alternatively an application can call the SSL_set_tlsext_status_type() function on an individual SSL object prior to the start of the handshake. Currently the only supported type is TLSEXT_STATUSTYPE_ocsp. This value should be passed in the type argument. Calling SSL_CTX_get_tlsext_status_type() will return the type TLSEXT_STATUSTYPE_ocsp previously set via SSL_CTX_set_tlsext_status_type() or -1 if not set.

+ +

The client should additionally provide a callback function to decide what to do with the returned OCSP response by calling SSL_CTX_set_tlsext_status_cb(). The callback function should determine whether the returned OCSP response is acceptable or not. The callback will be passed as an argument the value previously set via a call to SSL_CTX_set_tlsext_status_arg(). Note that the callback will not be called in the event of a handshake where session resumption occurs (because there are no Certificates exchanged in such a handshake). The callback previously set via SSL_CTX_set_tlsext_status_cb() can be retrieved by calling SSL_CTX_get_tlsext_status_cb(), and the argument by calling SSL_CTX_get_tlsext_status_arg().

+ +

On the client side SSL_get_tlsext_status_type() can be used to determine whether the client has previously called SSL_set_tlsext_status_type(). It will return TLSEXT_STATUSTYPE_ocsp if it has been called or -1 otherwise. On the server side SSL_get_tlsext_status_type() can be used to determine whether the client requested OCSP stapling. If the client requested it then this function will return TLSEXT_STATUSTYPE_ocsp, or -1 otherwise.

+ +

The response returned by the server can be obtained via a call to SSL_get_tlsext_status_ocsp_resp(). The value *resp will be updated to point to the OCSP response data and the return value will be the length of that data. Typically a callback would obtain an OCSP_RESPONSE object from this data via a call to the d2i_OCSP_RESPONSE() function. If the server has not provided any response data then *resp will be NULL and the return value from SSL_get_tlsext_status_ocsp_resp() will be -1.

+ +

A server application must also call the SSL_CTX_set_tlsext_status_cb() function if it wants to be able to provide clients with OCSP Certificate Status responses. Typically the server callback would obtain the server certificate that is being sent back to the client via a call to SSL_get_certificate(); obtain the OCSP response to be sent back; and then set that response data by calling SSL_set_tlsext_status_ocsp_resp(). A pointer to the response data should be provided in the resp argument, and the length of that data should be in the len argument.

+ +

RETURN VALUES

+ +

The callback when used on the client side should return a negative value on error; 0 if the response is not acceptable (in which case the handshake will fail) or a positive value if it is acceptable.

+ +

The callback when used on the server side should return with either SSL_TLSEXT_ERR_OK (meaning that the OCSP response that has been set should be returned), SSL_TLSEXT_ERR_NOACK (meaning that an OCSP response should not be returned) or SSL_TLSEXT_ERR_ALERT_FATAL (meaning that a fatal error has occurred).

+ +

SSL_CTX_set_tlsext_status_cb(), SSL_CTX_set_tlsext_status_arg(), SSL_CTX_set_tlsext_status_type(), SSL_set_tlsext_status_type() and SSL_set_tlsext_status_ocsp_resp() return 0 on error or 1 on success.

+ +

SSL_CTX_get_tlsext_status_type() returns the value previously set by SSL_CTX_set_tlsext_status_type(), or -1 if not set.

+ +

SSL_get_tlsext_status_ocsp_resp() returns the length of the OCSP response data or -1 if there is no OCSP response data.

+ +

SSL_get_tlsext_status_type() returns TLSEXT_STATUSTYPE_ocsp on the client side if SSL_set_tlsext_status_type() was previously called, or on the server side if the client requested OCSP stapling. Otherwise -1 is returned.

+ +

HISTORY

+ +

The SSL_get_tlsext_status_type(), SSL_CTX_get_tlsext_status_type() and SSL_CTX_set_tlsext_status_type() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html new file mode 100644 index 00000000..6116bf59 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html @@ -0,0 +1,175 @@ + + + + +SSL_CTX_set_tlsext_ticket_key_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_tlsext_ticket_key_cb - set a callback for session ticket processing

+ +

SYNOPSIS

+ +
#include <openssl/tls1.h>
+
+long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx,
+    int (*cb)(SSL *s, unsigned char key_name[16],
+              unsigned char iv[EVP_MAX_IV_LENGTH],
+              EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc));
+ +

DESCRIPTION

+ +

SSL_CTX_set_tlsext_ticket_key_cb() sets a callback function cb for handling session tickets for the ssl context sslctx. Session tickets, defined in RFC5077 provide an enhanced session resumption capability where the server implementation is not required to maintain per session state. It only applies to TLS and there is no SSLv3 implementation.

+ +

The callback function cb will be called for every client instigated TLS session when session ticket extension is presented in the TLS hello message. It is the responsibility of this function to create or retrieve the cryptographic parameters and to maintain their state.

+ +

The OpenSSL library uses your callback function to help implement a common TLS ticket construction state according to RFC5077 Section 4 such that per session state is unnecessary and a small set of cryptographic variables needs to be maintained by the callback function implementation.

+ +

In order to reuse a session, a TLS client must send the a session ticket extension to the server. The client can only send exactly one session ticket. The server, through the callback function, either agrees to reuse the session ticket information or it starts a full TLS handshake to create a new session ticket.

+ +

Before the callback function is started ctx and hctx have been initialised with EVP_CIPHER_CTX_reset(3) and HMAC_CTX_reset(3) respectively.

+ +

For new sessions tickets, when the client doesn't present a session ticket, or an attempted retrieval of the ticket failed, or a renew option was indicated, the callback function will be called with enc equal to 1. The OpenSSL library expects that the function will set an arbitrary name, initialize iv, and set the cipher context ctx and the hash context hctx.

+ +

The name is 16 characters long and is used as a key identifier.

+ +

The iv length is the length of the IV of the corresponding cipher. The maximum IV length is EVP_MAX_IV_LENGTH bytes defined in evp.h.

+ +

The initialization vector iv should be a random value. The cipher context ctx should use the initialisation vector iv. The cipher context can be set using EVP_EncryptInit_ex(3). The hmac context can be set using HMAC_Init_ex(3).

+ +

When the client presents a session ticket, the callback function with be called with enc set to 0 indicating that the cb function should retrieve a set of parameters. In this case name and iv have already been parsed out of the session ticket. The OpenSSL library expects that the name will be used to retrieve a cryptographic parameters and that the cryptographic context ctx will be set with the retrieved parameters and the initialization vector iv. using a function like EVP_DecryptInit_ex(3). The hctx needs to be set using HMAC_Init_ex(3).

+ +

If the name is still valid but a renewal of the ticket is required the callback function should return 2. The library will call the callback again with an argument of enc equal to 1 to set the new ticket.

+ +

The return value of the cb function is used by OpenSSL to determine what further processing will occur. The following return values have meaning:

+ +
+ +
2
+
+ +

This indicates that the ctx and hctx have been set and the session can continue on those parameters. Additionally it indicates that the session ticket is in a renewal period and should be replaced. The OpenSSL library will call cb again with an enc argument of 1 to set the new ticket (see RFC5077 3.3 paragraph 2).

+ +
+
1
+
+ +

This indicates that the ctx and hctx have been set and the session can continue on those parameters.

+ +
+
0
+
+ +

This indicates that it was not possible to set/retrieve a session ticket and the SSL/TLS session will continue by negotiating a set of cryptographic parameters or using the alternate SSL/TLS resumption mechanism, session ids.

+ +

If called with enc equal to 0 the library will call the cb again to get a new set of parameters.

+ +
+
less than 0
+
+ +

This indicates an error.

+ +
+
+ +

NOTES

+ +

Session resumption shortcuts the TLS so that the client certificate negotiation don't occur. It makes up for this by storing client certificate an all other negotiated state information encrypted within the ticket. In a resumed session the applications will have all this state information available exactly as if a full negotiation had occurred.

+ +

If an attacker can obtain the key used to encrypt a session ticket, they can obtain the master secret for any ticket using that key and decrypt any traffic using that session: even if the cipher suite supports forward secrecy. As a result applications may wish to use multiple keys and avoid using long term keys stored in files.

+ +

Applications can use longer keys to maintain a consistent level of security. For example if a cipher suite uses 256 bit ciphers but only a 128 bit ticket key the overall security is only 128 bits because breaking the ticket key will enable an attacker to obtain the session keys.

+ +

RETURN VALUES

+ +

returns 0 to indicate the callback function was set.

+ +

EXAMPLES

+ +

Reference Implementation:

+ +
SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb);
+...
+
+static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16],
+                                    unsigned char *iv, EVP_CIPHER_CTX *ctx,
+                                    HMAC_CTX *hctx, int enc)
+{
+    if (enc) { /* create new session */
+        if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0)
+            return -1; /* insufficient random */
+
+        key = currentkey(); /* something that you need to implement */
+        if (key == NULL) {
+            /* current key doesn't exist or isn't valid */
+            key = createkey(); /*
+                                * Something that you need to implement.
+                                * createkey needs to initialise a name,
+                                * an aes_key, a hmac_key and optionally
+                                * an expire time.
+                                */
+            if (key == NULL) /* key couldn't be created */
+                return 0;
+        }
+        memcpy(key_name, key->name, 16);
+
+        EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
+        HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
+
+        return 1;
+
+    } else { /* retrieve session */
+        key = findkey(name);
+
+        if (key == NULL || key->expire < now())
+            return 0;
+
+        HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
+        EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
+
+        if (key->expire < now() - RENEW_TIME) {
+            /*
+             * return 2 - This session will get a new ticket even though the
+             * current one is still valid.
+             */
+            return 2;
+        }
+        return 1;
+    }
+}
+ +

SEE ALSO

+ +

ssl(7), SSL_set_session(3), SSL_session_reused(3), SSL_CTX_add_session(3), SSL_CTX_sess_number(3), SSL_CTX_sess_set_get_cb(3), SSL_CTX_set_session_id_context(3),

+ +

COPYRIGHT

+ +

Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_use_srtp.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_use_srtp.html new file mode 100644 index 00000000..e4db222c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_use_srtp.html @@ -0,0 +1,106 @@ + + + + +SSL_CTX_set_tlsext_use_srtp + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_tlsext_use_srtp, SSL_set_tlsext_use_srtp, SSL_get_srtp_profiles, SSL_get_selected_srtp_profile - Configure and query SRTP support

+ +

SYNOPSIS

+ +
#include <openssl/srtp.h>
+
+int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
+int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles);
+
+STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
+SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
+ +

DESCRIPTION

+ +

SRTP is the Secure Real-Time Transport Protocol. OpenSSL implements support for the "use_srtp" DTLS extension defined in RFC5764. This provides a mechanism for establishing SRTP keying material, algorithms and parameters using DTLS. This capability may be used as part of an implementation that conforms to RFC5763. OpenSSL does not implement SRTP itself or RFC5763. Note that OpenSSL does not support the use of SRTP Master Key Identifiers (MKIs). Also note that this extension is only supported in DTLS. Any SRTP configuration will be ignored if a TLS connection is attempted.

+ +

An OpenSSL client wishing to send the "use_srtp" extension should call SSL_CTX_set_tlsext_use_srtp() to set its use for all SSL objects subsequently created from an SSL_CTX. Alternatively a client may call SSL_set_tlsext_use_srtp() to set its use for an individual SSL object. The profiles parameters should point to a NUL-terminated, colon delimited list of SRTP protection profile names.

+ +

The currently supported protection profile names are:

+ +
+ +
SRTP_AES128_CM_SHA1_80
+
+ +

This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC5764.

+ +
+
SRTP_AES128_CM_SHA1_32
+
+ +

This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC5764.

+ +
+
SRTP_AEAD_AES_128_GCM
+
+ +

This corresponds to the profile of the same name defined in RFC7714.

+ +
+
SRTP_AEAD_AES_256_GCM
+
+ +

This corresponds to the profile of the same name defined in RFC7714.

+ +
+
+ +

Supplying an unrecognised protection profile name will result in an error.

+ +

An OpenSSL server wishing to support the "use_srtp" extension should also call SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() to indicate the protection profiles that it is willing to negotiate.

+ +

The currently configured list of protection profiles for either a client or a server can be obtained by calling SSL_get_srtp_profiles(). This returns a stack of SRTP_PROTECTION_PROFILE objects. The memory pointed to in the return value of this function should not be freed by the caller.

+ +

After a handshake has been completed the negotiated SRTP protection profile (if any) can be obtained (on the client or the server) by calling SSL_get_selected_srtp_profile(). This function will return NULL if no SRTP protection profile was negotiated. The memory returned from this function should not be freed by the caller.

+ +

If an SRTP protection profile has been successfully negotiated then the SRTP keying material (on both the client and server) should be obtained via a call to SSL_export_keying_material(3). This call should provide a label value of "EXTRACTOR-dtls_srtp" and a NULL context value (use_context is 0). The total length of keying material obtained should be equal to two times the sum of the master key length and the salt length as defined for the protection profile in use. This provides the client write master key, the server write master key, the client write master salt and the server write master salt in that order.

+ +

RETURN VALUES

+ +

SSL_CTX_set_tlsext_use_srtp() and SSL_set_tlsext_use_srtp() return 0 on success or 1 on error.

+ +

SSL_get_srtp_profiles() returns a stack of SRTP_PROTECTION_PROFILE objects on success or NULL on error or if no protection profiles have been configured.

+ +

SSL_get_selected_srtp_profile() returns a pointer to an SRTP_PROTECTION_PROFILE object if one has been negotiated or NULL otherwise.

+ +

SEE ALSO

+ +

SSL_export_keying_material(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_tmp_dh_callback.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_tmp_dh_callback.html new file mode 100644 index 00000000..1cdbef51 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_tmp_dh_callback.html @@ -0,0 +1,119 @@ + + + + +SSL_CTX_set_tmp_dh_callback + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral key exchange

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+                                 DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
+                                                        int keylength));
+long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
+
+void SSL_set_tmp_dh_callback(SSL *ctx,
+                             DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
+                                                    int keylength));
+long SSL_set_tmp_dh(SSL *ssl, DH *dh)
+ +

DESCRIPTION

+ +

SSL_CTX_set_tmp_dh_callback() sets the callback function for ctx to be used when a DH parameters are required to tmp_dh_callback. The callback is inherited by all ssl objects created from ctx.

+ +

SSL_CTX_set_tmp_dh() sets DH parameters to be used to be dh. The key is inherited by all ssl objects created from ctx.

+ +

SSL_set_tmp_dh_callback() sets the callback only for ssl.

+ +

SSL_set_tmp_dh() sets the parameters only for ssl.

+ +

These functions apply to SSL/TLS servers only.

+ +

NOTES

+ +

When using a cipher with RSA authentication, an ephemeral DH key exchange can take place. Ciphers with DSA keys always use ephemeral DH keys as well. In these cases, the session data are negotiated using the ephemeral/temporary DH key and the key supplied and certified by the certificate chain is only used for signing. Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.

+ +

Using ephemeral DH key exchange yields forward secrecy, as the connection can only be decrypted, when the DH key is known. By generating a temporary DH key inside the server application that is lost when the application is left, it becomes impossible for an attacker to decrypt past sessions, even if he gets hold of the normal (certified) key, as this key was only used for signing.

+ +

In order to perform a DH key exchange the server must use a DH group (DH parameters) and generate a DH key. The server will always generate a new DH key during the negotiation.

+ +

As generating DH parameters is extremely time consuming, an application should not generate the parameters on the fly but supply the parameters. DH parameters can be reused, as the actual key is newly generated during the negotiation. The risk in reusing DH parameters is that an attacker may specialize on a very often used DH group. Applications should therefore generate their own DH parameters during the installation process using the openssl dhparam(1) application. This application guarantees that "strong" primes are used.

+ +

Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current version of the OpenSSL distribution contain the 'SKIP' DH parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the -C option of the dhparam(1) application. Generation of custom DH parameters during installation should still be preferred to stop an attacker from specializing on a commonly used group. File dh1024.pem contains old parameters that must not be used by applications.

+ +

An application may either directly specify the DH parameters or can supply the DH parameters via a callback function.

+ +

Previous versions of the callback used is_export and keylength parameters to control parameter generation for export and non-export cipher suites. Modern servers that do not support export cipher suites are advised to either use SSL_CTX_set_tmp_dh() or alternatively, use the callback but ignore keylength and is_export and simply supply at least 2048-bit parameters in the callback.

+ +

RETURN VALUES

+ +

SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return diagnostic output.

+ +

SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0 on failure. Check the error queue to find out the reason of failure.

+ +

EXAMPLES

+ +

Setup DH parameters with a key length of 2048 bits. (Error handling partly left out.)

+ +

Command-line parameter generation:

+ +
$ openssl dhparam -out dh_param_2048.pem 2048
+ +

Code for setting up parameters during server initialization:

+ +
SSL_CTX ctx = SSL_CTX_new();
+
+DH *dh_2048 = NULL;
+FILE *paramfile = fopen("dh_param_2048.pem", "r");
+
+if (paramfile) {
+    dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+    fclose(paramfile);
+} else {
+    /* Error. */
+}
+if (dh_2048 == NULL)
+    /* Error. */
+if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1)
+    /* Error. */
+...
+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_cipher_list(3), SSL_CTX_set_options(3), ciphers(1), dhparam(1)

+ +

COPYRIGHT

+ +

Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_verify.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_verify.html new file mode 100644 index 00000000..1f41ec04 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_set_verify.html @@ -0,0 +1,264 @@ + + + + +SSL_CTX_set_verify + + + + + + + + + + +

NAME

+ +

SSL_get_ex_data_X509_STORE_CTX_idx, SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth, SSL_verify_cb, SSL_verify_client_post_handshake, SSL_set_post_handshake_auth, SSL_CTX_set_post_handshake_auth - set peer certificate verification parameters

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
+
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback);
+void SSL_set_verify(SSL *ssl, int mode, SSL_verify_cb verify_callback);
+SSL_get_ex_data_X509_STORE_CTX_idx(void);
+
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
+void SSL_set_verify_depth(SSL *ssl, int depth);
+
+int SSL_verify_client_post_handshake(SSL *ssl);
+void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val);
+void SSL_set_post_handshake_auth(SSL *ssl, int val);
+ +

DESCRIPTION

+ +

SSL_CTX_set_verify() sets the verification flags for ctx to be mode and specifies the verify_callback function to be used. If no callback function shall be specified, the NULL pointer can be used for verify_callback.

+ +

SSL_set_verify() sets the verification flags for ssl to be mode and specifies the verify_callback function to be used. If no callback function shall be specified, the NULL pointer can be used for verify_callback. In this case last verify_callback set specifically for this ssl remains. If no special callback was set before, the default callback for the underlying ctx is used, that was valid at the time ssl was created with SSL_new(3). Within the callback function, SSL_get_ex_data_X509_STORE_CTX_idx can be called to get the data index of the current SSL object that is doing the verification.

+ +

SSL_CTX_set_verify_depth() sets the maximum depth for the certificate chain verification that shall be allowed for ctx.

+ +

SSL_set_verify_depth() sets the maximum depth for the certificate chain verification that shall be allowed for ssl.

+ +

SSL_CTX_set_post_handshake_auth() and SSL_set_post_handshake_auth() enable the Post-Handshake Authentication extension to be added to the ClientHello such that post-handshake authentication can be requested by the server. If val is 0 then the extension is not sent, otherwise it is. By default the extension is not sent. A certificate callback will need to be set via SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization.

+ +

SSL_verify_client_post_handshake() causes a CertificateRequest message to be sent by a server on the given ssl connection. The SSL_VERIFY_PEER flag must be set; the SSL_VERIFY_POST_HANDSHAKE flag is optional.

+ +

NOTES

+ +

The verification of certificates can be controlled by a set of logically or'ed mode flags:

+ +
+ +
SSL_VERIFY_NONE
+
+ +

Server mode: the server will not send a client certificate request to the client, so the client will not send a certificate.

+ +

Client mode: if not using an anonymous cipher (by default disabled), the server will send a certificate which will be checked. The result of the certificate verification process can be checked after the TLS/SSL handshake using the SSL_get_verify_result(3) function. The handshake will be continued regardless of the verification result.

+ +
+
SSL_VERIFY_PEER
+
+ +

Server mode: the server sends a client certificate request to the client. The certificate returned (if any) is checked. If the verification process fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. The behaviour can be controlled by the additional SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSL_VERIFY_CLIENT_ONCE and SSL_VERIFY_POST_HANDSHAKE flags.

+ +

Client mode: the server certificate is verified. If the verification process fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. If no server certificate is sent, because an anonymous cipher is used, SSL_VERIFY_PEER is ignored.

+ +
+
SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+
+ +

Server mode: if the client did not return a certificate, the TLS/SSL handshake is immediately terminated with a "handshake failure" alert. This flag must be used together with SSL_VERIFY_PEER.

+ +

Client mode: ignored (see BUGS)

+ +
+
SSL_VERIFY_CLIENT_ONCE
+
+ +

Server mode: only request a client certificate once during the connection. Do not ask for a client certificate again during renegotiation or post-authentication if a certificate was requested during the initial handshake. This flag must be used together with SSL_VERIFY_PEER.

+ +

Client mode: ignored (see BUGS)

+ +
+
SSL_VERIFY_POST_HANDSHAKE
+
+ +

Server mode: the server will not send a client certificate request during the initial handshake, but will send the request via SSL_verify_client_post_handshake(). This allows the SSL_CTX or SSL to be configured for post-handshake peer verification before the handshake occurs. This flag must be used together with SSL_VERIFY_PEER. TLSv1.3 only; no effect on pre-TLSv1.3 connections.

+ +

Client mode: ignored (see BUGS)

+ +
+
+ +

If the mode is SSL_VERIFY_NONE none of the other flags may be set.

+ +

The actual verification procedure is performed either using the built-in verification procedure or using another application provided verification function set with SSL_CTX_set_cert_verify_callback(3). The following descriptions apply in the case of the built-in procedure. An application provided procedure also has access to the verify depth information and the verify_callback() function, but the way this information is used may be different.

+ +

SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set a limit on the number of certificates between the end-entity and trust-anchor certificates. Neither the end-entity nor the trust-anchor certificates count against depth. If the certificate chain needed to reach a trusted issuer is longer than depth+2, X509_V_ERR_CERT_CHAIN_TOO_LONG will be issued. The depth count is "level 0:peer certificate", "level 1: CA certificate", "level 2: higher level CA certificate", and so on. Setting the maximum depth to 2 allows the levels 0, 1, 2 and 3 (0 being the end-entity and 3 the trust-anchor). The default depth limit is 100, allowing for the peer certificate, at most 100 intermediate CA certificates and a final trust anchor certificate.

+ +

The verify_callback function is used to control the behaviour when the SSL_VERIFY_PEER flag is set. It must be supplied by the application and receives two arguments: preverify_ok indicates, whether the verification of the certificate in question was passed (preverify_ok=1) or not (preverify_ok=0). x509_ctx is a pointer to the complete context used for the certificate chain verification.

+ +

The certificate chain is checked starting with the deepest nesting level (the root CA certificate) and worked upward to the peer's certificate. At each level signatures and issuer attributes are checked. Whenever a verification error is found, the error number is stored in x509_ctx and verify_callback is called with preverify_ok=0. By applying X509_CTX_store_* functions verify_callback can locate the certificate in question and perform additional steps (see EXAMPLES). If no error is found for a certificate, verify_callback is called with preverify_ok=1 before advancing to the next level.

+ +

The return value of verify_callback controls the strategy of the further verification process. If verify_callback returns 0, the verification process is immediately stopped with "verification failed" state. If SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and the TLS/SSL handshake is terminated. If verify_callback returns 1, the verification process is continued. If verify_callback always returns 1, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. The calling process can however retrieve the error code of the last verification error using SSL_get_verify_result(3) or by maintaining its own error storage managed by verify_callback.

+ +

If no verify_callback is specified, the default callback will be used. Its return value is identical to preverify_ok, so that any verification failure will lead to a termination of the TLS/SSL handshake with an alert message, if SSL_VERIFY_PEER is set.

+ +

After calling SSL_set_post_handshake_auth(), the client will need to add a certificate or certificate callback to its configuration before it can successfully authenticate. This must be called before SSL_connect().

+ +

SSL_verify_client_post_handshake() requires that verify flags have been previously set, and that a client sent the post-handshake authentication extension. When the client returns a certificate the verify callback will be invoked. A write operation must take place for the Certificate Request to be sent to the client, this can be done with SSL_do_handshake() or SSL_write_ex(). Only one certificate request may be outstanding at any time.

+ +

When post-handshake authentication occurs, a refreshed NewSessionTicket message is sent to the client.

+ +

BUGS

+ +

In client mode, it is not checked whether the SSL_VERIFY_PEER flag is set, but whether any flags other than SSL_VERIFY_NONE are set. This can lead to unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as required.

+ +

RETURN VALUES

+ +

The SSL*_set_verify*() functions do not provide diagnostic information.

+ +

The SSL_verify_client_post_handshake() function returns 1 if the request succeeded, and 0 if the request failed. The error stack can be examined to determine the failure reason.

+ +

EXAMPLES

+ +

The following code sequence realizes an example verify_callback function that will always continue the TLS/SSL handshake regardless of verification failure, if wished. The callback realizes a verification depth limit with more informational output.

+ +

All verification errors are printed; information about the certificate chain is printed on request. The example is realized for a server that does allow but not require client certificates.

+ +

The example makes use of the ex_data technique to store application data into/retrieve application data from the SSL structure (see CRYPTO_get_ex_new_index(3), SSL_get_ex_data_X509_STORE_CTX_idx(3)).

+ +
...
+typedef struct {
+  int verbose_mode;
+  int verify_depth;
+  int always_continue;
+} mydata_t;
+int mydata_index;
+
+...
+static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
+{
+    char    buf[256];
+    X509   *err_cert;
+    int     err, depth;
+    SSL    *ssl;
+    mydata_t *mydata;
+
+    err_cert = X509_STORE_CTX_get_current_cert(ctx);
+    err = X509_STORE_CTX_get_error(ctx);
+    depth = X509_STORE_CTX_get_error_depth(ctx);
+
+    /*
+     * Retrieve the pointer to the SSL of the connection currently treated
+     * and the application specific data stored into the SSL object.
+     */
+    ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+    mydata = SSL_get_ex_data(ssl, mydata_index);
+
+    X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
+
+    /*
+     * Catch a too long certificate chain. The depth limit set using
+     * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
+     * that whenever the "depth>verify_depth" condition is met, we
+     * have violated the limit and want to log this error condition.
+     * We must do it here, because the CHAIN_TOO_LONG error would not
+     * be found explicitly; only errors introduced by cutting off the
+     * additional certificates would be logged.
+     */
+    if (depth > mydata->verify_depth) {
+        preverify_ok = 0;
+        err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+        X509_STORE_CTX_set_error(ctx, err);
+    }
+    if (!preverify_ok) {
+        printf("verify error:num=%d:%s:depth=%d:%s\n", err,
+               X509_verify_cert_error_string(err), depth, buf);
+    } else if (mydata->verbose_mode) {
+        printf("depth=%d:%s\n", depth, buf);
+    }
+
+    /*
+     * At this point, err contains the last verification error. We can use
+     * it for something special
+     */
+    if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
+        X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256);
+        printf("issuer= %s\n", buf);
+    }
+
+    if (mydata->always_continue)
+        return 1;
+    else
+        return preverify_ok;
+}
+...
+
+mydata_t mydata;
+
+...
+mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
+
+...
+SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
+                   verify_callback);
+
+/*
+ * Let the verify_callback catch the verify_depth error so that we get
+ * an appropriate error in the logfile.
+ */
+SSL_CTX_set_verify_depth(verify_depth + 1);
+
+/*
+ * Set up the SSL specific data into "mydata" and store it into th SSL
+ * structure.
+ */
+mydata.verify_depth = verify_depth; ...
+SSL_set_ex_data(ssl, mydata_index, &mydata);
+
+...
+SSL_accept(ssl);       /* check of success left out for clarity */
+if (peer = SSL_get_peer_certificate(ssl)) {
+    if (SSL_get_verify_result(ssl) == X509_V_OK) {
+        /* The client sent a certificate which verified OK */
+    }
+}
+ +

SEE ALSO

+ +

ssl(7), SSL_new(3), SSL_CTX_get_verify_mode(3), SSL_get_verify_result(3), SSL_CTX_load_verify_locations(3), SSL_get_peer_certificate(3), SSL_CTX_set_cert_verify_callback(3), SSL_get_ex_data_X509_STORE_CTX_idx(3), SSL_CTX_set_client_cert_cb(3), CRYPTO_get_ex_new_index(3)

+ +

HISTORY

+ +

The SSL_VERIFY_POST_HANDSHAKE option, and the SSL_verify_client_post_handshake() and SSL_set_post_handshake_auth() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_use_certificate.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_use_certificate.html new file mode 100644 index 00000000..3bc55103 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_use_certificate.html @@ -0,0 +1,121 @@ + + + + +SSL_CTX_use_certificate + + + + + + + + + + +

NAME

+ +

SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, SSL_CTX_use_cert_and_key, SSL_use_cert_and_key - load certificate and key data

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+int SSL_use_certificate(SSL *ssl, X509 *x);
+int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
+int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
+
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d,
+                                long len);
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len);
+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+
+int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+int SSL_check_private_key(const SSL *ssl);
+
+int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);
+int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);
+ +

DESCRIPTION

+ +

These functions load the certificates and private keys into the SSL_CTX or SSL object, respectively.

+ +

The SSL_CTX_* class of functions loads the certificates and keys into the SSL_CTX object ctx. The information is passed to SSL objects ssl created from ctx with SSL_new(3) by copying, so that changes applied to ctx do not propagate to already existing SSL objects.

+ +

The SSL_* class of functions only loads certificates and keys into a specific SSL object. The specific information is kept, when SSL_clear(3) is called for this SSL object.

+ +

SSL_CTX_use_certificate() loads the certificate x into ctx, SSL_use_certificate() loads x into ssl. The rest of the certificates needed to form the complete certificate chain can be specified using the SSL_CTX_add_extra_chain_cert(3) function.

+ +

SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from the memory location d (with length len) into ctx, SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into ssl.

+ +

SSL_CTX_use_certificate_file() loads the first certificate stored in file into ctx. The formatting type of the certificate must be specified from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. SSL_use_certificate_file() loads the certificate from file into ssl. See the NOTES section on why SSL_CTX_use_certificate_chain_file() should be preferred.

+ +

SSL_CTX_use_certificate_chain_file() loads a certificate chain from file into ctx. The certificates must be in PEM format and must be sorted starting with the subject's certificate (actual client or server certificate), followed by intermediate CA certificates if applicable, and ending at the highest level (root) CA. SSL_use_certificate_chain_file() is similar except it loads the certificate chain into ssl.

+ +

SSL_CTX_use_PrivateKey() adds pkey as private key to ctx. SSL_CTX_use_RSAPrivateKey() adds the private key rsa of type RSA to ctx. SSL_use_PrivateKey() adds pkey as private key to ssl; SSL_use_RSAPrivateKey() adds rsa as private key of type RSA to ssl. If a certificate has already been set and the private does not belong to the certificate an error is returned. To change a certificate, private key pair the new certificate needs to be set with SSL_use_certificate() or SSL_CTX_use_certificate() before setting the private key with SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey().

+ +

SSL_CTX_use_cert_and_key() and SSL_use_cert_and_key() assign the X.509 certificate x, private key key, and certificate chain onto the corresponding ssl or ctx. The pkey argument must be the private key of the X.509 certificate x. If the override argument is 0, then x, pkey and chain are set only if all were not previously set. If override is non-0, then the certificate, private key and chain certs are always set. If pkey is NULL, then the public key of x is used as the private key. This is intended to be used with hardware (via the ENGINE interface) that stores the private key securely, such that it cannot be accessed by OpenSSL. The reference count of the public key is incremented (twice if there is no private key); it is not copied nor duplicated. This allows all private key validations checks to succeed without an actual private key being assigned via SSL_CTX_use_PrivateKey(), etc.

+ +

SSL_CTX_use_PrivateKey_ASN1() adds the private key of type pk stored at memory location d (length len) to ctx. SSL_CTX_use_RSAPrivateKey_ASN1() adds the private key of type RSA stored at memory location d (length len) to ctx. SSL_use_PrivateKey_ASN1() and SSL_use_RSAPrivateKey_ASN1() add the private key to ssl.

+ +

SSL_CTX_use_PrivateKey_file() adds the first private key found in file to ctx. The formatting type of the private key must be specified from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. SSL_CTX_use_RSAPrivateKey_file() adds the first private RSA key found in file to ctx. SSL_use_PrivateKey_file() adds the first private key found in file to ssl; SSL_use_RSAPrivateKey_file() adds the first private RSA key found to ssl.

+ +

SSL_CTX_check_private_key() checks the consistency of a private key with the corresponding certificate loaded into ctx. If more than one key/certificate pair (RSA/DSA) is installed, the last item installed will be checked. If e.g. the last item was a RSA certificate or key, the RSA key/certificate pair will be checked. SSL_check_private_key() performs the same check for ssl. If no key/certificate was explicitly added for this ssl, the last item added into ctx will be checked.

+ +

NOTES

+ +

The internal certificate store of OpenSSL can hold several private key/certificate pairs at a time. The certificate used depends on the cipher selected, see also SSL_CTX_set_cipher_list(3).

+ +

When reading certificates and private keys from file, files of type SSL_FILETYPE_ASN1 (also known as DER, binary encoding) can only contain one certificate or private key, consequently SSL_CTX_use_certificate_chain_file() is only applicable to PEM formatting. Files of type SSL_FILETYPE_PEM can contain more than one item.

+ +

SSL_CTX_use_certificate_chain_file() adds the first certificate found in the file to the certificate store. The other certificates are added to the store of chain certificates using SSL_CTX_add1_chain_cert(3). Note: versions of OpenSSL before 1.0.2 only had a single certificate chain store for all certificate types, OpenSSL 1.0.2 and later have a separate chain store for each type. SSL_CTX_use_certificate_chain_file() should be used instead of the SSL_CTX_use_certificate_file() function in order to allow the use of complete certificate chains even when no trusted CA storage is used or when the CA issuing the certificate shall not be added to the trusted CA storage.

+ +

If additional certificates are needed to complete the chain during the TLS negotiation, CA certificates are additionally looked up in the locations of trusted CA certificates, see SSL_CTX_load_verify_locations(3).

+ +

The private keys loaded from file can be encrypted. In order to successfully load encrypted keys, a function returning the passphrase must have been supplied, see SSL_CTX_set_default_passwd_cb(3). (Certificate files might be encrypted as well from the technical point of view, it however does not make sense as the data in the certificate is considered public anyway.)

+ +

All of the functions to set a new certificate will replace any existing certificate of the same type that has already been set. Similarly all of the functions to set a new private key will replace any private key that has already been set. Applications should call SSL_CTX_check_private_key(3) or SSL_check_private_key(3) as appropriate after loading a new certificate and private key to confirm that the certificate and key match.

+ +

RETURN VALUES

+ +

On success, the functions return 1. Otherwise check out the error stack to find out the reason.

+ +

SEE ALSO

+ +

ssl(7), SSL_new(3), SSL_clear(3), SSL_CTX_load_verify_locations(3), SSL_CTX_set_default_passwd_cb(3), SSL_CTX_set_cipher_list(3), SSL_CTX_set_client_CA_list(3), SSL_CTX_set_client_cert_cb(3), SSL_CTX_add_extra_chain_cert(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_use_psk_identity_hint.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_use_psk_identity_hint.html new file mode 100644 index 00000000..01507c96 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_use_psk_identity_hint.html @@ -0,0 +1,126 @@ + + + + +SSL_CTX_use_psk_identity_hint + + + + + + + + + + +

NAME

+ +

SSL_psk_server_cb_func, SSL_psk_find_session_cb_func, SSL_CTX_use_psk_identity_hint, SSL_use_psk_identity_hint, SSL_CTX_set_psk_server_callback, SSL_set_psk_server_callback, SSL_CTX_set_psk_find_session_callback, SSL_set_psk_find_session_callback - set PSK identity hint to use

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl,
+                                            const unsigned char *identity,
+                                            size_t identity_len,
+                                            SSL_SESSION **sess);
+
+
+void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
+                                           SSL_psk_find_session_cb_func cb);
+void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb);
+
+typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl,
+                                               const char *identity,
+                                               unsigned char *psk,
+                                               unsigned int max_psk_len);
+
+int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);
+int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
+
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
+void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);
+ +

DESCRIPTION

+ +

A server application wishing to use TLSv1.3 PSKs should set a callback using either SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback() as appropriate.

+ +

The callback function is given a pointer to the SSL connection in ssl and an identity in identity of length identity_len. The callback function should identify an SSL_SESSION object that provides the PSK details and store it in *sess. The SSL_SESSION object should, as a minimum, set the master key, the ciphersuite and the protocol version. See SSL_CTX_set_psk_use_session_callback(3) for details.

+ +

It is also possible for the callback to succeed but not supply a PSK. In this case no PSK will be used but the handshake will continue. To do this the callback should return successfully and ensure that *sess is NULL.

+ +

Identity hints are not relevant for TLSv1.3. A server application wishing to use PSK ciphersuites for TLSv1.2 and below may call SSL_CTX_use_psk_identity_hint() to set the given NUL-terminated PSK identity hint hint for SSL context object ctx. SSL_use_psk_identity_hint() sets the given NUL-terminated PSK identity hint hint for the SSL connection object ssl. If hint is NULL the current hint from ctx or ssl is deleted.

+ +

In the case where PSK identity hint is NULL, the server does not send the ServerKeyExchange message to the client.

+ +

A server application wishing to use PSKs for TLSv1.2 and below must provide a callback function which is called when the server receives the ClientKeyExchange message from the client. The purpose of the callback function is to validate the received PSK identity and to fetch the pre-shared key used during the connection setup phase. The callback is set using the functions SSL_CTX_set_psk_server_callback() or SSL_set_psk_server_callback(). The callback function is given the connection in parameter ssl, NUL-terminated PSK identity sent by the client in parameter identity, and a buffer psk of length max_psk_len bytes where the pre-shared key is to be stored.

+ +

The callback for use in TLSv1.2 will also work in TLSv1.3 although it is recommended to use SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback() for this purpose instead. If TLSv1.3 has been negotiated then OpenSSL will first check to see if a callback has been set via SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback() and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via SSL_CTX_set_psk_server_callback() or SSL_set_psk_server_callback() and use that. In this case the handshake digest will default to SHA-256 for any returned PSK.

+ +

NOTES

+ +

A connection established via a TLSv1.3 PSK will appear as if session resumption has occurred so that SSL_session_reused(3) will return true.

+ +

RETURN VALUES

+ +

SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return 1 on success, 0 otherwise.

+ +

Return values from the TLSv1.2 and below server callback are interpreted as follows:

+ +
+ +
0
+
+ +

PSK identity was not found. An "unknown_psk_identity" alert message will be sent and the connection setup fails.

+ +
+
>0
+
+ +

PSK identity was found and the server callback has provided the PSK successfully in parameter psk. Return value is the length of psk in bytes. It is an error to return a value greater than max_psk_len.

+ +

If the PSK identity was not found but the callback instructs the protocol to continue anyway, the callback must provide some random data to psk and return the length of the random data, so the connection will fail with decryption_error before it will be finished completely.

+ +
+
+ +

The SSL_psk_find_session_cb_func callback should return 1 on success or 0 on failure. In the event of failure the connection setup fails.

+ +

NOTES

+ +

There are no known security issues with sharing the same PSK between TLSv1.2 (or below) and TLSv1.3. However the RFC has this note of caution:

+ +

"While there is no known way in which the same PSK might produce related output in both versions, only limited analysis has been done. Implementations can ensure safety from cross-protocol related output by not reusing PSKs between TLS 1.3 and TLS 1.2."

+ +

SEE ALSO

+ +

SSL_CTX_set_psk_use_session_callback(3), SSL_set_psk_use_session_callback(3)

+ +

HISTORY

+ +

SSL_CTX_set_psk_find_session_callback() and SSL_set_psk_find_session_callback() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_use_serverinfo.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_use_serverinfo.html new file mode 100644 index 00000000..77b2532a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_CTX_use_serverinfo.html @@ -0,0 +1,73 @@ + + + + +SSL_CTX_use_serverinfo + + + + + + + + + + +

NAME

+ +

SSL_CTX_use_serverinfo_ex, SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file - use serverinfo extension

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
+                              const unsigned char *serverinfo,
+                              size_t serverinfo_length);
+
+int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+                           size_t serverinfo_length);
+
+int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
+ +

DESCRIPTION

+ +

These functions load "serverinfo" TLS extensions into the SSL_CTX. A "serverinfo" extension is returned in response to an empty ClientHello Extension.

+ +

SSL_CTX_use_serverinfo_ex() loads one or more serverinfo extensions from a byte array into ctx. The version parameter specifies the format of the byte array provided in *serverinfo which is of length serverinfo_length.

+ +

If version is SSL_SERVERINFOV2 then the extensions in the array must consist of a 4-byte context, a 2-byte Extension Type, a 2-byte length, and then length bytes of extension_data. The context and type values have the same meaning as for SSL_CTX_add_custom_ext(3). If serverinfo is being loaded for extensions to be added to a Certificate message, then the extension will only be added for the first certificate in the message (which is always the end-entity certificate).

+ +

If version is SSL_SERVERINFOV1 then the extensions in the array must consist of a 2-byte Extension Type, a 2-byte length, and then length bytes of extension_data. The type value has the same meaning as for SSL_CTX_add_custom_ext(3). The following default context value will be used in this case:

+ +
SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO
+| SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION
+ +

SSL_CTX_use_serverinfo() does the same thing as SSL_CTX_use_serverinfo_ex() except that there is no version parameter so a default version of SSL_SERVERINFOV1 is used instead.

+ +

SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from file into ctx. The extensions must be in PEM format. Each extension must be in a format as described above for SSL_CTX_use_serverinfo_ex(). Each PEM extension name must begin with the phrase "BEGIN SERVERINFOV2 FOR " for SSL_SERVERINFOV2 data or "BEGIN SERVERINFO FOR " for SSL_SERVERINFOV1 data.

+ +

If more than one certificate (RSA/DSA) is installed using SSL_CTX_use_certificate(), the serverinfo extension will be loaded into the last certificate installed. If e.g. the last item was a RSA certificate, the loaded serverinfo extension data will be loaded for that certificate. To use the serverinfo extension for multiple certificates, SSL_CTX_use_serverinfo() needs to be called multiple times, once after each time a certificate is loaded via a call to SSL_CTX_use_certificate().

+ +

RETURN VALUES

+ +

On success, the functions return 1. On failure, the functions return 0. Check out the error stack to find out the reason.

+ +

COPYRIGHT

+ +

Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_free.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_free.html new file mode 100644 index 00000000..4ea50ff1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_free.html @@ -0,0 +1,79 @@ + + + + +SSL_SESSION_free + + + + + + + + + + +

NAME

+ +

SSL_SESSION_new, SSL_SESSION_dup, SSL_SESSION_up_ref, SSL_SESSION_free - create, free and manage SSL_SESSION structures

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL_SESSION *SSL_SESSION_new(void);
+SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src);
+int SSL_SESSION_up_ref(SSL_SESSION *ses);
+void SSL_SESSION_free(SSL_SESSION *session);
+ +

DESCRIPTION

+ +

SSL_SESSION_new() creates a new SSL_SESSION structure and returns a pointer to it.

+ +

SSL_SESSION_dup() copies the contents of the SSL_SESSION structure in src and returns a pointer to it.

+ +

SSL_SESSION_up_ref() increments the reference count on the given SSL_SESSION structure.

+ +

SSL_SESSION_free() decrements the reference count of session and removes the SSL_SESSION structure pointed to by session and frees up the allocated memory, if the reference count has reached 0. If session is NULL nothing is done.

+ +

NOTES

+ +

SSL_SESSION objects are allocated, when a TLS/SSL handshake operation is successfully completed. Depending on the settings, see SSL_CTX_set_session_cache_mode(3), the SSL_SESSION objects are internally referenced by the SSL_CTX and linked into its session cache. SSL objects may be using the SSL_SESSION object; as a session may be reused, several SSL objects may be using one SSL_SESSION object at the same time. It is therefore crucial to keep the reference count (usage information) correct and not delete a SSL_SESSION object that is still used, as this may lead to program failures due to dangling pointers. These failures may also appear delayed, e.g. when an SSL_SESSION object was completely freed as the reference count incorrectly became 0, but it is still referenced in the internal session cache and the cache list is processed during a SSL_CTX_flush_sessions(3) operation.

+ +

SSL_SESSION_free() must only be called for SSL_SESSION objects, for which the reference count was explicitly incremented (e.g. by calling SSL_get1_session(), see SSL_get_session(3)) or when the SSL_SESSION object was generated outside a TLS handshake operation, e.g. by using d2i_SSL_SESSION(3). It must not be called on other SSL_SESSION objects, as this would cause incorrect reference counts and therefore program failures.

+ +

RETURN VALUES

+ +

SSL_SESSION_new returns a pointer to the newly allocated SSL_SESSION structure or NULL on error.

+ +

SSL_SESSION_up_ref returns 1 on success or 0 on error.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_session(3), SSL_CTX_set_session_cache_mode(3), SSL_CTX_flush_sessions(3), d2i_SSL_SESSION(3)

+ +

HISTORY

+ +

The SSL_SESSION_dup() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get0_cipher.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get0_cipher.html new file mode 100644 index 00000000..5690e44e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get0_cipher.html @@ -0,0 +1,68 @@ + + + + +SSL_SESSION_get0_cipher + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get0_cipher, SSL_SESSION_set_cipher - set and retrieve the SSL cipher associated with a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
+int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher);
+ +

DESCRIPTION

+ +

SSL_SESSION_get0_cipher() retrieves the cipher that was used by the connection when the session was created, or NULL if it cannot be determined.

+ +

The value returned is a pointer to an object maintained within s and should not be released.

+ +

SSL_SESSION_set_cipher() can be used to set the ciphersuite associated with the SSL_SESSION s to cipher. For example, this could be used to set up a session based PSK (see SSL_CTX_set_psk_use_session_callback(3)).

+ +

RETURN VALUES

+ +

SSL_SESSION_get0_cipher() returns the SSL_CIPHER associated with the SSL_SESSION or NULL if it cannot be determined.

+ +

SSL_SESSION_set_cipher() returns 1 on success or 0 on failure.

+ +

SEE ALSO

+ +

ssl(7), d2i_SSL_SESSION(3), SSL_SESSION_get_time(3), SSL_SESSION_get0_hostname(3), SSL_SESSION_free(3), SSL_CTX_set_psk_use_session_callback(3)

+ +

HISTORY

+ +

The SSL_SESSION_get0_cipher() function was added in OpenSSL 1.1.0. The SSL_SESSION_set_cipher() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get0_hostname.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get0_hostname.html new file mode 100644 index 00000000..179754c7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get0_hostname.html @@ -0,0 +1,80 @@ + + + + +SSL_SESSION_get0_hostname + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get0_hostname, SSL_SESSION_set1_hostname, SSL_SESSION_get0_alpn_selected, SSL_SESSION_set1_alpn_selected - get and set SNI and ALPN data associated with a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
+int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);
+
+void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                    const unsigned char **alpn,
+                                    size_t *len);
+int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
+                                   size_t len);
+ +

DESCRIPTION

+ +

SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the client when the session was created if it was accepted by the server and TLSv1.2 or below was negotiated. Otherwise NULL is returned. Note that in TLSv1.3 the SNI hostname is negotiated with each handshake including resumption handshakes and is therefore never associated with the session.

+ +

The value returned is a pointer to memory maintained within s and should not be free'd.

+ +

SSL_SESSION_set1_hostname() sets the SNI value for the hostname to a copy of the string provided in hostname.

+ +

SSL_SESSION_get0_alpn_selected() retrieves the selected ALPN protocol for this session and its associated length in bytes. The returned value of *alpn is a pointer to memory maintained within s and should not be free'd.

+ +

SSL_SESSION_set1_alpn_selected() sets the ALPN protocol for this session to the value in alpn which should be of length len bytes. A copy of the input value is made, and the caller retains ownership of the memory pointed to by alpn.

+ +

RETURN VALUES

+ +

SSL_SESSION_get0_hostname() returns either a string or NULL based on if there is the SNI value sent by client.

+ +

SSL_SESSION_set1_hostname() returns 1 on success or 0 on error.

+ +

SSL_SESSION_set1_alpn_selected() returns 1 on success or 0 on error.

+ +

SEE ALSO

+ +

ssl(7), d2i_SSL_SESSION(3), SSL_SESSION_get_time(3), SSL_SESSION_free(3)

+ +

HISTORY

+ +

The SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and SSL_SESSION_set1_alpn_selected() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get0_id_context.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get0_id_context.html new file mode 100644 index 00000000..04c937b4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get0_id_context.html @@ -0,0 +1,70 @@ + + + + +SSL_SESSION_get0_id_context + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get0_id_context, SSL_SESSION_set1_id_context - get and set the SSL ID context associated with a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+                                                 unsigned int *len)
+int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+                               unsigned int sid_ctx_len);
+ +

DESCRIPTION

+ +

See SSL_CTX_set_session_id_context(3) for further details on session ID contexts.

+ +

SSL_SESSION_get0_id_context() returns the ID context associated with the SSL/TLS session s. The length of the ID context is written to *len if len is not NULL.

+ +

The value returned is a pointer to an object maintained within s and should not be released.

+ +

SSL_SESSION_set1_id_context() takes a copy of the provided ID context given in sid_ctx and associates it with the session s. The length of the ID context is given by sid_ctx_len which must not exceed SSL_MAX_SID_CTX_LENGTH bytes.

+ +

RETURN VALUES

+ +

SSL_SESSION_set1_id_context() returns 1 on success or 0 on error.

+ +

SEE ALSO

+ +

ssl(7), SSL_set_session_id_context(3)

+ +

HISTORY

+ +

The SSL_SESSION_get0_id_context() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get0_peer.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get0_peer.html new file mode 100644 index 00000000..b05aa4f9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get0_peer.html @@ -0,0 +1,56 @@ + + + + +SSL_SESSION_get0_peer + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get0_peer - get details about peer's certificate for a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
+ +

DESCRIPTION

+ +

SSL_SESSION_get0_peer() returns the peer certificate associated with the session s or NULL if no peer certificate is available. The caller should not free the returned value (unless X509_up_ref(3) has also been called).

+ +

RETURN VALUES

+ +

SSL_SESSION_get0_peer() returns a pointer to the peer certificate or NULL if no peer certificate is available.

+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get_compress_id.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get_compress_id.html new file mode 100644 index 00000000..91af12b6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get_compress_id.html @@ -0,0 +1,56 @@ + + + + +SSL_SESSION_get_compress_id + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get_compress_id - get details about the compression associated with a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
+ +

DESCRIPTION

+ +

If compression has been negotiated for an ssl session then SSL_SESSION_get_compress_id() will return the id for the compression method or 0 otherwise. The only built-in supported compression method is zlib which has an id of 1.

+ +

RETURN VALUES

+ +

SSL_SESSION_get_compress_id() returns the id of the compression method or 0 if none.

+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get_ex_data.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get_ex_data.html new file mode 100644 index 00000000..c7b8caf5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get_ex_data.html @@ -0,0 +1,61 @@ + + + + +SSL_SESSION_get_ex_data + + + + + + + + + + +

NAME

+ +

SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data - get and set application specific data on a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx);
+ +

DESCRIPTION

+ +

SSL_SESSION_set_ex_data() enables an application to store arbitrary application specific data data in an SSL_SESSION structure ss. The index idx should be a value previously returned from a call to CRYPTO_get_ex_new_index(3).

+ +

SSL_SESSION_get_ex_data() retrieves application specific data previously stored in an SSL_SESSION structure s. The idx value should be the same as that used when originally storing the data.

+ +

RETURN VALUES

+ +

SSL_SESSION_set_ex_data() returns 1 for success or 0 for failure.

+ +

SSL_SESSION_get_ex_data() returns the previously stored value or NULL on failure. NULL may also be a valid value.

+ +

SEE ALSO

+ +

ssl(7), CRYPTO_get_ex_new_index(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get_protocol_version.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get_protocol_version.html new file mode 100644 index 00000000..765ee4ad --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get_protocol_version.html @@ -0,0 +1,68 @@ + + + + +SSL_SESSION_get_protocol_version + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get_protocol_version, SSL_SESSION_set_protocol_version - get and set the session protocol version

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
+int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version);
+ +

DESCRIPTION

+ +

SSL_SESSION_get_protocol_version() returns the protocol version number used by session s.

+ +

SSL_SESSION_set_protocol_version() sets the protocol version associated with the SSL_SESSION object s to the value version. This value should be a version constant such as TLS1_3_VERSION etc. For example, this could be used to set up a session based PSK (see SSL_CTX_set_psk_use_session_callback(3)).

+ +

RETURN VALUES

+ +

SSL_SESSION_get_protocol_version() returns a number indicating the protocol version used for the session; this number matches the constants e.g. TLS1_VERSION, TLS1_2_VERSION or TLS1_3_VERSION.

+ +

Note that the SSL_SESSION_get_protocol_version() function does not perform a null check on the provided session s pointer.

+ +

SSL_SESSION_set_protocol_version() returns 1 on success or 0 on failure.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_psk_use_session_callback(3)

+ +

HISTORY

+ +

The SSL_SESSION_get_protocol_version() function was added in OpenSSL 1.1.0. The SSL_SESSION_set_protocol_version() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get_time.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get_time.html new file mode 100644 index 00000000..d803e550 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_get_time.html @@ -0,0 +1,81 @@ + + + + +SSL_SESSION_get_time + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_set_timeout, SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout - retrieve and manipulate session time and timeout settings

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_SESSION_get_time(const SSL_SESSION *s);
+long SSL_SESSION_set_time(SSL_SESSION *s, long tm);
+long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm);
+
+long SSL_get_time(const SSL_SESSION *s);
+long SSL_set_time(SSL_SESSION *s, long tm);
+long SSL_get_timeout(const SSL_SESSION *s);
+long SSL_set_timeout(SSL_SESSION *s, long tm);
+ +

DESCRIPTION

+ +

SSL_SESSION_get_time() returns the time at which the session s was established. The time is given in seconds since the Epoch and therefore compatible to the time delivered by the time() call.

+ +

SSL_SESSION_set_time() replaces the creation time of the session s with the chosen value tm.

+ +

SSL_SESSION_get_timeout() returns the timeout value set for session s in seconds.

+ +

SSL_SESSION_set_timeout() sets the timeout value for session s in seconds to tm.

+ +

The SSL_get_time(), SSL_set_time(), SSL_get_timeout(), and SSL_set_timeout() functions are synonyms for the SSL_SESSION_*() counterparts.

+ +

NOTES

+ +

Sessions are expired by examining the creation time and the timeout value. Both are set at creation time of the session to the actual time and the default timeout value at creation, respectively, as set by SSL_CTX_set_timeout(3). Using these functions it is possible to extend or shorten the lifetime of the session.

+ +

RETURN VALUES

+ +

SSL_SESSION_get_time() and SSL_SESSION_get_timeout() return the currently valid values.

+ +

SSL_SESSION_set_time() and SSL_SESSION_set_timeout() return 1 on success.

+ +

If any of the function is passed the NULL pointer for the session s, 0 is returned.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_timeout(3), SSL_get_default_timeout(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_has_ticket.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_has_ticket.html new file mode 100644 index 00000000..6eb48d8a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_has_ticket.html @@ -0,0 +1,70 @@ + + + + +SSL_SESSION_has_ticket + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get0_ticket, SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint - get details about the ticket associated with a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_SESSION_has_ticket(const SSL_SESSION *s);
+unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
+                             size_t *len);
+ +

DESCRIPTION

+ +

SSL_SESSION_has_ticket() returns 1 if there is a Session Ticket associated with this session, and 0 otherwise.

+ +

SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds associated with the session ticket.

+ +

SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a session. The length of the ticket is written to *len. If tick is non NULL then a pointer to the ticket is written to *tick. The pointer is only valid while the connection is in use. The session (and hence the ticket pointer) may also become invalid as a result of a call to SSL_CTX_flush_sessions().

+ +

RETURN VALUES

+ +

SSL_SESSION_has_ticket() returns 1 if session ticket exists or 0 otherwise.

+ +

SSL_SESSION_get_ticket_lifetime_hint() returns the number of seconds.

+ +

SEE ALSO

+ +

ssl(7), d2i_SSL_SESSION(3), SSL_SESSION_get_time(3), SSL_SESSION_free(3)

+ +

HISTORY

+ +

The SSL_SESSION_has_ticket(), SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_get0_ticket() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_is_resumable.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_is_resumable.html new file mode 100644 index 00000000..09309bc5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_is_resumable.html @@ -0,0 +1,61 @@ + + + + +SSL_SESSION_is_resumable + + + + + + + + + + +

NAME

+ +

SSL_SESSION_is_resumable - determine whether an SSL_SESSION object can be used for resumption

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_SESSION_is_resumable(const SSL_SESSION *s);
+ +

DESCRIPTION

+ +

SSL_SESSION_is_resumable() determines whether an SSL_SESSION object can be used to resume a session or not. Returns 1 if it can or 0 if not. Note that attempting to resume with a non-resumable session will result in a full handshake.

+ +

RETURN VALUES

+ +

SSL_SESSION_is_resumable() returns 1 if the session is resumable or 0 otherwise.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_session(3), SSL_CTX_sess_set_new_cb(3)

+ +

HISTORY

+ +

The SSL_SESSION_is_resumable() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_print.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_print.html new file mode 100644 index 00000000..21a438d7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_print.html @@ -0,0 +1,62 @@ + + + + +SSL_SESSION_print + + + + + + + + + + +

NAME

+ +

SSL_SESSION_print, SSL_SESSION_print_fp, SSL_SESSION_print_keylog - printf information about a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
+int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
+int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
+ +

DESCRIPTION

+ +

SSL_SESSION_print() prints summary information about the session provided in ses to the BIO fp.

+ +

SSL_SESSION_print_fp() does the same as SSL_SESSION_print() except it prints it to the FILE fp.

+ +

SSL_SESSION_print_keylog() prints session information to the provided BIO <bp> in NSS keylog format.

+ +

RETURN VALUES

+ +

SSL_SESSION_print(), SSL_SESSION_print_fp() and SSL_SESSION_print_keylog return 1 on success or 0 on error.

+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_set1_id.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_set1_id.html new file mode 100644 index 00000000..1ec260b3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_SESSION_set1_id.html @@ -0,0 +1,66 @@ + + + + +SSL_SESSION_set1_id + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get_id, SSL_SESSION_set1_id - get and set the SSL session ID

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+                                        unsigned int *len)
+int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+                        unsigned int sid_len);
+ +

DESCRIPTION

+ +

SSL_SESSION_get_id() returns a pointer to the internal session id value for the session s. The length of the id in bytes is stored in *len. The length may be 0. The caller should not free the returned pointer directly.

+ +

SSL_SESSION_set1_id() sets the session ID for the ssl SSL/TLS session to sid of length sid_len.

+ +

RETURN VALUES

+ +

SSL_SESSION_get_id() returns a pointer to the session id value. SSL_SESSION_set1_id() returns 1 for success and 0 for failure, for example if the supplied session ID length exceeds SSL_MAX_SSL_SESSION_ID_LENGTH.

+ +

SEE ALSO

+ +

ssl(7)

+ +

HISTORY

+ +

The SSL_SESSION_set1_id() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_accept.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_accept.html new file mode 100644 index 00000000..856b86b2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_accept.html @@ -0,0 +1,87 @@ + + + + +SSL_accept + + + + + + + + + + +

NAME

+ +

SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_accept(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake. The communication channel must already have been set and assigned to the ssl by setting an underlying BIO.

+ +

NOTES

+ +

The behaviour of SSL_accept() depends on the underlying BIO.

+ +

If the underlying BIO is blocking, SSL_accept() will only return once the handshake has been finished or an error occurred.

+ +

If the underlying BIO is non-blocking, SSL_accept() will also return when the underlying BIO could not satisfy the needs of SSL_accept() to continue the handshake, indicating the problem by the return value -1. In this case a call to SSL_get_error() with the return value of SSL_accept() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_accept(). The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value ret to find out the reason.

+ +
+
1
+
+ +

The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established.

+ +
+
<0
+
+ +

The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation for non-blocking BIOs. Call SSL_get_error() with the return value ret to find out the reason.

+ +
+
+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_connect(3), SSL_shutdown(3), ssl(7), bio(7), SSL_set_connect_state(3), SSL_do_handshake(3), SSL_CTX_new(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_alert_type_string.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_alert_type_string.html new file mode 100644 index 00000000..a03f3d25 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_alert_type_string.html @@ -0,0 +1,255 @@ + + + + +SSL_alert_type_string + + + + + + + + + + +

NAME

+ +

SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long - get textual description of alert information

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const char *SSL_alert_type_string(int value);
+const char *SSL_alert_type_string_long(int value);
+
+const char *SSL_alert_desc_string(int value);
+const char *SSL_alert_desc_string_long(int value);
+ +

DESCRIPTION

+ +

SSL_alert_type_string() returns a one letter string indicating the type of the alert specified by value.

+ +

SSL_alert_type_string_long() returns a string indicating the type of the alert specified by value.

+ +

SSL_alert_desc_string() returns a two letter string as a short form describing the reason of the alert specified by value.

+ +

SSL_alert_desc_string_long() returns a string describing the reason of the alert specified by value.

+ +

NOTES

+ +

When one side of an SSL/TLS communication wants to inform the peer about a special situation, it sends an alert. The alert is sent as a special message and does not influence the normal data stream (unless its contents results in the communication being canceled).

+ +

A warning alert is sent, when a non-fatal error condition occurs. The "close notify" alert is sent as a warning alert. Other examples for non-fatal errors are certificate errors ("certificate expired", "unsupported certificate"), for which a warning alert may be sent. (The sending party may however decide to send a fatal error.) The receiving side may cancel the connection on reception of a warning alert on it discretion.

+ +

Several alert messages must be sent as fatal alert messages as specified by the TLS RFC. A fatal alert always leads to a connection abort.

+ +

RETURN VALUES

+ +

The following strings can occur for SSL_alert_type_string() or SSL_alert_type_string_long():

+ +
+ +
"W"/"warning"
+
+ +
+
"F"/"fatal"
+
+ +
+
"U"/"unknown"
+
+ +

This indicates that no support is available for this alert type. Probably value does not contain a correct alert message.

+ +
+
+ +

The following strings can occur for SSL_alert_desc_string() or SSL_alert_desc_string_long():

+ +
+ +
"CN"/"close notify"
+
+ +

The connection shall be closed. This is a warning alert.

+ +
+
"UM"/"unexpected message"
+
+ +

An inappropriate message was received. This alert is always fatal and should never be observed in communication between proper implementations.

+ +
+
"BM"/"bad record mac"
+
+ +

This alert is returned if a record is received with an incorrect MAC. This message is always fatal.

+ +
+
"DF"/"decompression failure"
+
+ +

The decompression function received improper input (e.g. data that would expand to excessive length). This message is always fatal.

+ +
+
"HF"/"handshake failure"
+
+ +

Reception of a handshake_failure alert message indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available. This is a fatal error.

+ +
+
"NC"/"no certificate"
+
+ +

A client, that was asked to send a certificate, does not send a certificate (SSLv3 only).

+ +
+
"BC"/"bad certificate"
+
+ +

A certificate was corrupt, contained signatures that did not verify correctly, etc

+ +
+
"UC"/"unsupported certificate"
+
+ +

A certificate was of an unsupported type.

+ +
+
"CR"/"certificate revoked"
+
+ +

A certificate was revoked by its signer.

+ +
+
"CE"/"certificate expired"
+
+ +

A certificate has expired or is not currently valid.

+ +
+
"CU"/"certificate unknown"
+
+ +

Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable.

+ +
+
"IP"/"illegal parameter"
+
+ +

A field in the handshake was out of range or inconsistent with other fields. This is always fatal.

+ +
+
"DC"/"decryption failed"
+
+ +

A TLSCiphertext decrypted in an invalid way: either it wasn't an even multiple of the block length or its padding values, when checked, weren't correct. This message is always fatal.

+ +
+
"RO"/"record overflow"
+
+ +

A TLSCiphertext record was received which had a length more than 2^14+2048 bytes, or a record decrypted to a TLSCompressed record with more than 2^14+1024 bytes. This message is always fatal.

+ +
+
"CA"/"unknown CA"
+
+ +

A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn't be matched with a known, trusted CA. This message is always fatal.

+ +
+
"AD"/"access denied"
+
+ +

A valid certificate was received, but when access control was applied, the sender decided not to proceed with negotiation. This message is always fatal.

+ +
+
"DE"/"decode error"
+
+ +

A message could not be decoded because some field was out of the specified range or the length of the message was incorrect. This message is always fatal.

+ +
+
"CY"/"decrypt error"
+
+ +

A handshake cryptographic operation failed, including being unable to correctly verify a signature, decrypt a key exchange, or validate a finished message.

+ +
+
"ER"/"export restriction"
+
+ +

A negotiation not in compliance with export restrictions was detected; for example, attempting to transfer a 1024 bit ephemeral RSA key for the RSA_EXPORT handshake method. This message is always fatal.

+ +
+
"PV"/"protocol version"
+
+ +

The protocol version the client has attempted to negotiate is recognized, but not supported. (For example, old protocol versions might be avoided for security reasons). This message is always fatal.

+ +
+
"IS"/"insufficient security"
+
+ +

Returned instead of handshake_failure when a negotiation has failed specifically because the server requires ciphers more secure than those supported by the client. This message is always fatal.

+ +
+
"IE"/"internal error"
+
+ +

An internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue (such as a memory allocation failure). This message is always fatal.

+ +
+
"US"/"user canceled"
+
+ +

This handshake is being canceled for some reason unrelated to a protocol failure. If the user cancels an operation after the handshake is complete, just closing the connection by sending a close_notify is more appropriate. This alert should be followed by a close_notify. This message is generally a warning.

+ +
+
"NR"/"no renegotiation"
+
+ +

Sent by the client in response to a hello request or by the server in response to a client hello after initial handshaking. Either of these would normally lead to renegotiation; when that is not appropriate, the recipient should respond with this alert; at that point, the original requester can decide whether to proceed with the connection. One case where this would be appropriate would be where a server has spawned a process to satisfy a request; the process might receive security parameters (key length, authentication, etc.) at startup and it might be difficult to communicate changes to these parameters after that point. This message is always a warning.

+ +
+
"UP"/"unknown PSK identity"
+
+ +

Sent by the server to indicate that it does not recognize a PSK identity or an SRP identity.

+ +
+
"UK"/"unknown"
+
+ +

This indicates that no description is available for this alert type. Probably value does not contain a correct alert message.

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_info_callback(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_alloc_buffers.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_alloc_buffers.html new file mode 100644 index 00000000..85fa8a58 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_alloc_buffers.html @@ -0,0 +1,77 @@ + + + + +SSL_alloc_buffers + + + + + + + + + + +

NAME

+ +

SSL_free_buffers, SSL_alloc_buffers - manage SSL structure buffers

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_free_buffers(SSL *ssl);
+int SSL_alloc_buffers(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_free_buffers() frees the read and write buffers of the given ssl. SSL_alloc_buffers() allocates the read and write buffers of the given ssl.

+ +

The SSL_MODE_RELEASE_BUFFERS mode releases read or write buffers whenever the buffers have been drained. These functions allow applications to manually control when buffers are freed and allocated.

+ +

After freeing the buffers, the buffers are automatically reallocated upon a new read or write. The SSL_alloc_buffers() does not need to be called, but can be used to make sure the buffers are pre-allocated. This can be used to avoid allocation during data processing or with CRYPTO_set_mem_functions() to control where and how buffers are allocated.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0 (Failure)
+
+ +

The SSL_free_buffers() function returns 0 when there is pending data to be read or written. The SSL_alloc_buffers() function returns 0 when there is an allocation failure.

+ +
+
1 (Success)
+
+ +

The SSL_free_buffers() function returns 1 if the buffers have been freed. This value is also returned if the buffers had been freed before calling SSL_free_buffers(). The SSL_alloc_buffers() function returns 1 if the buffers have been allocated. This value is also returned if the buffers had been allocated before calling SSL_alloc_buffers().

+ +
+
+ +

SEE ALSO

+ +

SSL_free(3), SSL_clear(3), SSL_new(3), SSL_CTX_set_mode(3), CRYPTO_set_mem_functions

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_check_chain.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_check_chain.html new file mode 100644 index 00000000..46e56cb3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_check_chain.html @@ -0,0 +1,89 @@ + + + + +SSL_check_chain + + + + + + + + + + +

NAME

+ +

SSL_check_chain - check certificate chain suitability

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
+ +

DESCRIPTION

+ +

SSL_check_chain() checks whether certificate x, private key pk and certificate chain chain is suitable for use with the current session s.

+ +

RETURN VALUES

+ +

SSL_check_chain() returns a bitmap of flags indicating the validity of the chain.

+ +

CERT_PKEY_VALID: the chain can be used with the current session. If this flag is not set then the certificate will never be used even if the application tries to set it because it is inconsistent with the peer preferences.

+ +

CERT_PKEY_SIGN: the EE key can be used for signing.

+ +

CERT_PKEY_EE_SIGNATURE: the signature algorithm of the EE certificate is acceptable.

+ +

CERT_PKEY_CA_SIGNATURE: the signature algorithms of all CA certificates are acceptable.

+ +

CERT_PKEY_EE_PARAM: the parameters of the end entity certificate are acceptable (e.g. it is a supported curve).

+ +

CERT_PKEY_CA_PARAM: the parameters of all CA certificates are acceptable.

+ +

CERT_PKEY_EXPLICIT_SIGN: the end entity certificate algorithm can be used explicitly for signing (i.e. it is mentioned in the signature algorithms extension).

+ +

CERT_PKEY_ISSUER_NAME: the issuer name is acceptable. This is only meaningful for client authentication.

+ +

CERT_PKEY_CERT_TYPE: the certificate type is acceptable. Only meaningful for client authentication.

+ +

CERT_PKEY_SUITEB: chain is suitable for Suite B use.

+ +

NOTES

+ +

SSL_check_chain() must be called in servers after a client hello message or in clients after a certificate request message. It will typically be called in the certificate callback.

+ +

An application wishing to support multiple certificate chains may call this function on each chain in turn: starting with the one it considers the most secure. It could then use the chain of the first set which returns suitable flags.

+ +

As a minimum the flag CERT_PKEY_VALID must be set for a chain to be usable. An application supporting multiple chains with different CA signature algorithms may also wish to check CERT_PKEY_CA_SIGNATURE too. If no chain is suitable a server should fall back to the most secure chain which sets CERT_PKEY_VALID.

+ +

The validity of a chain is determined by checking if it matches a supported signature algorithm, supported curves and in the case of client authentication certificate types and issuer names.

+ +

Since the supported signature algorithms extension is only used in TLS 1.2, TLS 1.3 and DTLS 1.2 the results for earlier versions of TLS and DTLS may not be very useful. Applications may wish to specify a different "legacy" chain for earlier versions of TLS or DTLS.

+ +

SEE ALSO

+ +

SSL_CTX_set_cert_cb(3), ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_clear.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_clear.html new file mode 100644 index 00000000..5409dbfa --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_clear.html @@ -0,0 +1,81 @@ + + + + +SSL_clear + + + + + + + + + + +

NAME

+ +

SSL_clear - reset SSL object to allow another connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_clear(SSL *ssl);
+ +

DESCRIPTION

+ +

Reset ssl to allow another connection. All settings (method, ciphers, BIOs) are kept.

+ +

NOTES

+ +

SSL_clear is used to prepare an SSL object for a new connection. While all settings are kept, a side effect is the handling of the current SSL session. If a session is still open, it is considered bad and will be removed from the session cache, as required by RFC2246. A session is considered open, if SSL_shutdown(3) was not called for the connection or at least SSL_set_shutdown(3) was used to set the SSL_SENT_SHUTDOWN state.

+ +

If a session was closed cleanly, the session object will be kept and all settings corresponding. This explicitly means, that e.g. the special method used during the session will be kept for the next handshake. So if the session was a TLSv1 session, a SSL client object will use a TLSv1 client method for the next handshake and a SSL server object will use a TLSv1 server method, even if TLS_*_methods were chosen on startup. This will might lead to connection failures (see SSL_new(3)) for a description of the method's properties.

+ +

WARNINGS

+ +

SSL_clear() resets the SSL object to allow for another connection. The reset operation however keeps several settings of the last sessions (some of these settings were made automatically during the last handshake). It only makes sense for a new connection with the exact same peer that shares these settings, and may fail if that peer changes its settings between connections. Use the sequence SSL_get_session(3); SSL_new(3); SSL_set_session(3); SSL_free(3) instead to avoid such failures (or simply SSL_free(3); SSL_new(3) if session reuse is not desired).

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

The SSL_clear() operation could not be performed. Check the error stack to find out the reason.

+ +
+
1
+
+ +

The SSL_clear() operation was successful.

+ +
+
+ +

SSL_new(3), SSL_free(3), SSL_shutdown(3), SSL_set_shutdown(3), SSL_CTX_set_options(3), ssl(7), SSL_CTX_set_client_cert_cb(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_connect.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_connect.html new file mode 100644 index 00000000..ba58ceb3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_connect.html @@ -0,0 +1,91 @@ + + + + +SSL_connect + + + + + + + + + + +

NAME

+ +

SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_connect(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_connect() initiates the TLS/SSL handshake with a server. The communication channel must already have been set and assigned to the ssl by setting an underlying BIO.

+ +

NOTES

+ +

The behaviour of SSL_connect() depends on the underlying BIO.

+ +

If the underlying BIO is blocking, SSL_connect() will only return once the handshake has been finished or an error occurred.

+ +

If the underlying BIO is non-blocking, SSL_connect() will also return when the underlying BIO could not satisfy the needs of SSL_connect() to continue the handshake, indicating the problem by the return value -1. In this case a call to SSL_get_error() with the return value of SSL_connect() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_connect(). The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue.

+ +

Many systems implement Nagle's algorithm by default which means that it will buffer outgoing TCP data if a TCP packet has already been sent for which no corresponding ACK has been received yet from the peer. This can have performance impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below) resumption handshake, because the last peer to communicate in the handshake is the client. If the client is also the first to send application data (as is typical for many protocols) then this data could be buffered until an ACK has been received for the final handshake message.

+ +

The TCP_NODELAY socket option is often available to disable Nagle's algorithm. If an application opts to disable Nagle's algorithm consideration should be given to turning it back on again later if appropriate. The helper function BIO_set_tcp_ndelay() can be used to turn on or off the TCP_NODELAY option.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value ret to find out the reason.

+ +
+
1
+
+ +

The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established.

+ +
+
<0
+
+ +

The TLS/SSL handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation for non-blocking BIOs. Call SSL_get_error() with the return value ret to find out the reason.

+ +
+
+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_accept(3), SSL_shutdown(3), ssl(7), bio(7), SSL_set_connect_state(3), SSL_do_handshake(3), SSL_CTX_new(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_do_handshake.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_do_handshake.html new file mode 100644 index 00000000..2cd11a5b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_do_handshake.html @@ -0,0 +1,87 @@ + + + + +SSL_do_handshake + + + + + + + + + + +

NAME

+ +

SSL_do_handshake - perform a TLS/SSL handshake

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_do_handshake(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the connection is in client mode, the handshake will be started. The handshake routines may have to be explicitly set in advance using either SSL_set_connect_state(3) or SSL_set_accept_state(3).

+ +

NOTES

+ +

The behaviour of SSL_do_handshake() depends on the underlying BIO.

+ +

If the underlying BIO is blocking, SSL_do_handshake() will only return once the handshake has been finished or an error occurred.

+ +

If the underlying BIO is non-blocking, SSL_do_handshake() will also return when the underlying BIO could not satisfy the needs of SSL_do_handshake() to continue the handshake. In this case a call to SSL_get_error() with the return value of SSL_do_handshake() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_do_handshake(). The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value ret to find out the reason.

+ +
+
1
+
+ +

The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established.

+ +
+
<0
+
+ +

The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation for non-blocking BIOs. Call SSL_get_error() with the return value ret to find out the reason.

+ +
+
+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_connect(3), SSL_accept(3), ssl(7), bio(7), SSL_set_connect_state(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_export_keying_material.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_export_keying_material.html new file mode 100644 index 00000000..f269d1d2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_export_keying_material.html @@ -0,0 +1,78 @@ + + + + +SSL_export_keying_material + + + + + + + + + + +

NAME

+ +

SSL_export_keying_material, SSL_export_keying_material_early - obtain keying material for application use

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                               const char *label, size_t llen,
+                               const unsigned char *context,
+                               size_t contextlen, int use_context);
+
+int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
+                                     const char *label, size_t llen,
+                                     const unsigned char *context,
+                                     size_t contextlen);
+ +

DESCRIPTION

+ +

During the creation of a TLS or DTLS connection shared keying material is established between the two endpoints. The functions SSL_export_keying_material() and SSL_export_keying_material_early() enable an application to use some of this keying material for its own purposes in accordance with RFC5705 (for TLSv1.2 and below) or RFC8446 (for TLSv1.3).

+ +

SSL_export_keying_material() derives keying material using the exporter_master_secret established in the handshake.

+ +

SSL_export_keying_material_early() is only usable with TLSv1.3, and derives keying material using the early_exporter_master_secret (as defined in the TLS 1.3 RFC). For the client, the early_exporter_master_secret is only available when the client attempts to send 0-RTT data. For the server, it is only available when the server accepts 0-RTT data.

+ +

An application may need to securely establish the context within which this keying material will be used. For example this may include identifiers for the application session, application algorithms or parameters, or the lifetime of the context. The context value is left to the application but must be the same on both sides of the communication.

+ +

For a given SSL connection s, olen bytes of data will be written to out. The application specific context should be supplied in the location pointed to by context and should be contextlen bytes long. Provision of a context is optional. If the context should be omitted entirely then use_context should be set to 0. Otherwise it should be any other value. If use_context is 0 then the values of context and contextlen are ignored. Note that in TLSv1.2 and below a zero length context is treated differently from no context at all, and will result in different keying material being returned. In TLSv1.3 a zero length context is that same as no context at all and will result in the same keying material being returned.

+ +

An application specific label should be provided in the location pointed to by label and should be llen bytes long. Typically this will be a value from the IANA Exporter Label Registry (https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels). Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard to be used without registration. TLSv1.3 imposes a maximum label length of 249 bytes.

+ +

Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and above. Attempting to use it in SSLv3 will result in an error.

+ +

RETURN VALUES

+ +

SSL_export_keying_material() returns 0 or -1 on failure or 1 on success.

+ +

SSL_export_keying_material_early() returns 0 on failure or 1 on success.

+ +

HISTORY

+ +

The SSL_export_keying_material_early() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_extension_supported.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_extension_supported.html new file mode 100644 index 00000000..aa592a55 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_extension_supported.html @@ -0,0 +1,261 @@ + + + + +SSL_extension_supported + + + + + + + + + + +

NAME

+ +

SSL_extension_supported, SSL_CTX_add_custom_ext, SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext, custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb - custom TLS extension handling

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef int (*SSL_custom_ext_add_cb_ex) (SSL *s, unsigned int ext_type,
+                                         unsigned int context,
+                                         const unsigned char **out,
+                                         size_t *outlen, X509 *x,
+                                         size_t chainidx, int *al,
+                                         void *add_arg);
+
+typedef void (*SSL_custom_ext_free_cb_ex) (SSL *s, unsigned int ext_type,
+                                           unsigned int context,
+                                           const unsigned char *out,
+                                           void *add_arg);
+
+typedef int (*SSL_custom_ext_parse_cb_ex) (SSL *s, unsigned int ext_type,
+                                           unsigned int context,
+                                           const unsigned char *in,
+                                           size_t inlen, X509 *x,
+                                           size_t chainidx, int *al,
+                                           void *parse_arg);
+
+int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                           unsigned int context,
+                           SSL_custom_ext_add_cb_ex add_cb,
+                           SSL_custom_ext_free_cb_ex free_cb,
+                           void *add_arg,
+                           SSL_custom_ext_parse_cb_ex parse_cb,
+                           void *parse_arg);
+
+typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type,
+                                 const unsigned char **out,
+                                 size_t *outlen, int *al,
+                                 void *add_arg);
+
+typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type,
+                                   const unsigned char *out,
+                                   void *add_arg);
+
+typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type,
+                                   const unsigned char *in,
+                                   size_t inlen, int *al,
+                                   void *parse_arg);
+
+int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  custom_ext_add_cb add_cb,
+                                  custom_ext_free_cb free_cb, void *add_arg,
+                                  custom_ext_parse_cb parse_cb,
+                                  void *parse_arg);
+
+int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  custom_ext_add_cb add_cb,
+                                  custom_ext_free_cb free_cb, void *add_arg,
+                                  custom_ext_parse_cb parse_cb,
+                                  void *parse_arg);
+
+int SSL_extension_supported(unsigned int ext_type);
+ +

DESCRIPTION

+ +

SSL_CTX_add_custom_ext() adds a custom extension for a TLS/DTLS client or server for all supported protocol versions with extension type ext_type and callbacks add_cb, free_cb and parse_cb (see the "EXTENSION CALLBACKS" section below). The context value determines which messages and under what conditions the extension will be added/parsed (see the "EXTENSION CONTEXTS" section below).

+ +

SSL_CTX_add_client_custom_ext() adds a custom extension for a TLS/DTLS client with extension type ext_type and callbacks add_cb, free_cb and parse_cb. This function is similar to SSL_CTX_add_custom_ext() except it only applies to clients, uses the older style of callbacks, and implicitly sets the context value to:

+ +
SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO
+| SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION
+ +

SSL_CTX_add_server_custom_ext() adds a custom extension for a TLS/DTLS server with extension type ext_type and callbacks add_cb, free_cb and parse_cb. This function is similar to SSL_CTX_add_custom_ext() except it only applies to servers, uses the older style of callbacks, and implicitly sets the context value to the same as for SSL_CTX_add_client_custom_ext() above.

+ +

The ext_type parameter corresponds to the extension_type field of RFC5246 et al. It is not a NID. In all cases the extension type must not be handled by OpenSSL internally or an error occurs.

+ +

SSL_extension_supported() returns 1 if the extension ext_type is handled internally by OpenSSL and 0 otherwise.

+ +

EXTENSION CALLBACKS

+ +

The callback add_cb is called to send custom extension data to be included in various TLS messages. The ext_type parameter is set to the extension type which will be added and add_arg to the value set when the extension handler was added. When using the new style callbacks the context parameter will indicate which message is currently being constructed e.g. for the ClientHello it will be set to SSL_EXT_CLIENT_HELLO.

+ +

If the application wishes to include the extension ext_type it should set *out to the extension data, set *outlen to the length of the extension data and return 1.

+ +

If the add_cb does not wish to include the extension it must return 0.

+ +

If add_cb returns -1 a fatal handshake error occurs using the TLS alert value specified in *al.

+ +

When constructing the ClientHello, if add_cb is set to NULL a zero length extension is added for ext_type. For all other messages if add_cb is set to NULL then no extension is added.

+ +

When constructing a Certificate message the callback will be called for each certificate in the message. The x parameter will indicate the current certificate and the chainidx parameter will indicate the position of the certificate in the message. The first certificate is always the end entity certificate and has a chainidx value of 0. The certificates are in the order that they were received in the Certificate message.

+ +

For all messages except the ServerHello and EncryptedExtensions every registered add_cb is always called to see if the application wishes to add an extension (as long as all requirements of the specified context are met).

+ +

For the ServerHello and EncryptedExtension messages every registered add_cb is called once if and only if the requirements of the specified context are met and the corresponding extension was received in the ClientHello. That is, if no corresponding extension was received in the ClientHello then add_cb will not be called.

+ +

If an extension is added (that is add_cb returns 1) free_cb is called (if it is set) with the value of out set by the add callback. It can be used to free up any dynamic extension data set by add_cb. Since out is constant (to permit use of constant data in add_cb) applications may need to cast away const to free the data.

+ +

The callback parse_cb receives data for TLS extensions. The callback is only called if the extension is present and relevant for the context (see "EXTENSION CONTEXTS" below).

+ +

The extension data consists of inlen bytes in the buffer in for the extension ext_type.

+ +

If the message being parsed is a TLSv1.3 compatible Certificate message then parse_cb will be called for each certificate contained within the message. The x parameter will indicate the current certificate and the chainidx parameter will indicate the position of the certificate in the message. The first certificate is always the end entity certificate and has a chainidx value of 0.

+ +

If the parse_cb considers the extension data acceptable it must return 1. If it returns 0 or a negative value a fatal handshake error occurs using the TLS alert value specified in *al.

+ +

The buffer in is a temporary internal buffer which will not be valid after the callback returns.

+ +

EXTENSION CONTEXTS

+ +

An extension context defines which messages and under which conditions an extension should be added or expected. The context is built up by performing a bitwise OR of multiple pre-defined values together. The valid context values are:

+ +
+ +
SSL_EXT_TLS_ONLY
+
+ +

The extension is only allowed in TLS

+ +
+
SSL_EXT_DTLS_ONLY
+
+ +

The extension is only allowed in DTLS

+ +
+
SSL_EXT_TLS_IMPLEMENTATION_ONLY
+
+ +

The extension is allowed in DTLS, but there is only a TLS implementation available (so it is ignored in DTLS).

+ +
+
SSL_EXT_SSL3_ALLOWED
+
+ +

Extensions are not typically defined for SSLv3. Setting this value will allow the extension in SSLv3. Applications will not typically need to use this.

+ +
+
SSL_EXT_TLS1_2_AND_BELOW_ONLY
+
+ +

The extension is only defined for TLSv1.2/DTLSv1.2 and below. Servers will ignore this extension if it is present in the ClientHello and TLSv1.3 is negotiated.

+ +
+
SSL_EXT_TLS1_3_ONLY
+
+ +

The extension is only defined for TLS1.3 and above. Servers will ignore this extension if it is present in the ClientHello and TLSv1.2 or below is negotiated.

+ +
+
SSL_EXT_IGNORE_ON_RESUMPTION
+
+ +

The extension will be ignored during parsing if a previous session is being successfully resumed.

+ +
+
SSL_EXT_CLIENT_HELLO
+
+ +

The extension may be present in the ClientHello message.

+ +
+
SSL_EXT_TLS1_2_SERVER_HELLO
+
+ +

The extension may be present in a TLSv1.2 or below compatible ServerHello message.

+ +
+
SSL_EXT_TLS1_3_SERVER_HELLO
+
+ +

The extension may be present in a TLSv1.3 compatible ServerHello message.

+ +
+
SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+
+ +

The extension may be present in an EncryptedExtensions message.

+ +
+
SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
+
+ +

The extension may be present in a HelloRetryRequest message.

+ +
+
SSL_EXT_TLS1_3_CERTIFICATE
+
+ +

The extension may be present in a TLSv1.3 compatible Certificate message.

+ +
+
SSL_EXT_TLS1_3_NEW_SESSION_TICKET
+
+ +

The extension may be present in a TLSv1.3 compatible NewSessionTicket message.

+ +
+
SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
+
+ +

The extension may be present in a TLSv1.3 compatible CertificateRequest message.

+ +
+
+ +

The context must include at least one message value (otherwise the extension will never be used).

+ +

NOTES

+ +

The add_arg and parse_arg parameters can be set to arbitrary values which will be passed to the corresponding callbacks. They can, for example, be used to store the extension data received in a convenient structure or pass the extension data to be added or freed when adding extensions.

+ +

If the same custom extension type is received multiple times a fatal decode_error alert is sent and the handshake aborts. If a custom extension is received in a ServerHello/EncryptedExtensions message which was not sent in the ClientHello a fatal unsupported_extension alert is sent and the handshake is aborted. The ServerHello/EncryptedExtensions add_cb callback is only called if the corresponding extension was received in the ClientHello. This is compliant with the TLS specifications. This behaviour ensures that each callback is called at most once and that an application can never send unsolicited extensions.

+ +

RETURN VALUES

+ +

SSL_CTX_add_custom_ext(), SSL_CTX_add_client_custom_ext() and SSL_CTX_add_server_custom_ext() return 1 for success and 0 for failure. A failure can occur if an attempt is made to add the same ext_type more than once, if an attempt is made to use an extension type handled internally by OpenSSL or if an internal error occurs (for example a memory allocation failure).

+ +

SSL_extension_supported() returns 1 if the extension ext_type is handled internally by OpenSSL and 0 otherwise.

+ +

HISTORY

+ +

The SSL_CTX_add_custom_ext() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_free.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_free.html new file mode 100644 index 00000000..6f1ce82a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_free.html @@ -0,0 +1,60 @@ + + + + +SSL_free + + + + + + + + + + +

NAME

+ +

SSL_free - free an allocated SSL structure

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_free(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_free() decrements the reference count of ssl, and removes the SSL structure pointed to by ssl and frees up the allocated memory if the reference count has reached 0. If ssl is NULL nothing is done.

+ +

NOTES

+ +

SSL_free() also calls the free()ing procedures for indirectly affected items, if applicable: the buffering BIO, the read and write BIOs, cipher lists specially created for this ssl, the SSL_SESSION. Do not explicitly free these indirectly freed up items before or after calling SSL_free(), as trying to free things twice may lead to program failure.

+ +

The ssl session has reference counts from two users: the SSL object, for which the reference count is removed by SSL_free() and the internal session cache. If the session is considered bad, because SSL_shutdown(3) was not called for the connection and SSL_set_shutdown(3) was not used to set the SSL_SENT_SHUTDOWN state, the session will also be removed from the session cache as required by RFC2246.

+ +

RETURN VALUES

+ +

SSL_free() does not provide diagnostic information.

+ +

SSL_new(3), SSL_clear(3), SSL_shutdown(3), SSL_set_shutdown(3), ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get0_peer_scts.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get0_peer_scts.html new file mode 100644 index 00000000..79b3c2f7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get0_peer_scts.html @@ -0,0 +1,61 @@ + + + + +SSL_get0_peer_scts + + + + + + + + + + +

NAME

+ +

SSL_get0_peer_scts - get SCTs received

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);
+ +

DESCRIPTION

+ +

SSL_get0_peer_scts() returns the signed certificate timestamps (SCTs) that have been received. If this is the first time that this function has been called for a given SSL instance, it will examine the TLS extensions, OCSP response and the peer's certificate for SCTs. Future calls will return the same SCTs.

+ +

RESTRICTIONS

+ +

If no Certificate Transparency validation callback has been set (using SSL_CTX_set_ct_validation_callback or SSL_set_ct_validation_callback), this function is not guaranteed to return all of the SCTs that the peer is capable of sending.

+ +

RETURN VALUES

+ +

SSL_get0_peer_scts() returns a list of SCTs found, or NULL if an error occurs.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_ct_validation_callback(3)

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_SSL_CTX.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_SSL_CTX.html new file mode 100644 index 00000000..b5248a68 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_SSL_CTX.html @@ -0,0 +1,56 @@ + + + + +SSL_get_SSL_CTX + + + + + + + + + + +

NAME

+ +

SSL_get_SSL_CTX - get the SSL_CTX from which an SSL is created

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_SSL_CTX() returns a pointer to the SSL_CTX object, from which ssl was created with SSL_new(3).

+ +

RETURN VALUES

+ +

The pointer to the SSL_CTX object is returned.

+ +

SEE ALSO

+ +

ssl(7), SSL_new(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_all_async_fds.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_all_async_fds.html new file mode 100644 index 00000000..45d50898 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_all_async_fds.html @@ -0,0 +1,76 @@ + + + + +SSL_get_all_async_fds + + + + + + + + + + +

NAME

+ +

SSL_waiting_for_async, SSL_get_all_async_fds, SSL_get_changed_async_fds - manage asynchronous operations

+ +

SYNOPSIS

+ +
#include <openssl/async.h>
+#include <openssl/ssl.h>
+
+int SSL_waiting_for_async(SSL *s);
+int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fd, size_t *numfds);
+int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
+                              OSSL_ASYNC_FD *delfd, size_t *numdelfds);
+ +

DESCRIPTION

+ +

SSL_waiting_for_async() determines whether an SSL connection is currently waiting for asynchronous operations to complete (see the SSL_MODE_ASYNC mode in SSL_CTX_set_mode(3)).

+ +

SSL_get_all_async_fds() returns a list of file descriptor which can be used in a call to select() or poll() to determine whether the current asynchronous operation has completed or not. A completed operation will result in data appearing as "read ready" on the file descriptor (no actual data should be read from the file descriptor). This function should only be called if the SSL object is currently waiting for asynchronous work to complete (i.e. SSL_ERROR_WANT_ASYNC has been received - see SSL_get_error(3)). Typically the list will only contain one file descriptor. However if multiple asynchronous capable engines are in use then more than one is possible. The number of file descriptors returned is stored in *numfds and the file descriptors themselves are in *fds. The fds parameter may be NULL in which case no file descriptors are returned but *numfds is still populated. It is the callers responsibility to ensure sufficient memory is allocated at *fds so typically this function is called twice (once with a NULL fds parameter and once without).

+ +

SSL_get_changed_async_fds() returns a list of the asynchronous file descriptors that have been added and a list that have been deleted since the last SSL_ERROR_WANT_ASYNC was received (or since the SSL object was created if no SSL_ERROR_WANT_ASYNC has been received). Similar to SSL_get_all_async_fds() it is the callers responsibility to ensure that *addfd and *delfd have sufficient memory allocated, although they may be NULL. The number of added fds and the number of deleted fds are stored in *numaddfds and *numdelfds respectively.

+ +

RETURN VALUES

+ +

SSL_waiting_for_async() will return 1 if the current SSL operation is waiting for an async operation to complete and 0 otherwise.

+ +

SSL_get_all_async_fds() and SSL_get_changed_async_fds() return 1 on success or 0 on error.

+ +

NOTES

+ +

On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore it is defined as an application developer's responsibility to include windows.h prior to async.h.

+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_CTX_set_mode(3)

+ +

HISTORY

+ +

The SSL_waiting_for_async(), SSL_get_all_async_fds() and SSL_get_changed_async_fds() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_ciphers.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_ciphers.html new file mode 100644 index 00000000..2339ce7e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_ciphers.html @@ -0,0 +1,89 @@ + + + + +SSL_get_ciphers + + + + + + + + + + +

NAME

+ +

SSL_get1_supported_ciphers, SSL_get_client_ciphers, SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_bytes_to_cipher_list, SSL_get_cipher_list, SSL_get_shared_ciphers - get list of available SSL_CIPHERs

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
+STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
+STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
+STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl);
+int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
+                             int isv2format, STACK_OF(SSL_CIPHER) **sk,
+                             STACK_OF(SSL_CIPHER) **scsvs);
+const char *SSL_get_cipher_list(const SSL *ssl, int priority);
+char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
+ +

DESCRIPTION

+ +

SSL_get_ciphers() returns the stack of available SSL_CIPHERs for ssl, sorted by preference. If ssl is NULL or no ciphers are available, NULL is returned.

+ +

SSL_CTX_get_ciphers() returns the stack of available SSL_CIPHERs for ctx.

+ +

SSL_get1_supported_ciphers() returns the stack of enabled SSL_CIPHERs for ssl as would be sent in a ClientHello (that is, sorted by preference). The list depends on settings like the cipher list, the supported protocol versions, the security level, and the enabled signature algorithms. SRP and PSK ciphers are only enabled if the appropriate callbacks or settings have been applied. The list of ciphers that would be sent in a ClientHello can differ from the list of ciphers that would be acceptable when acting as a server. For example, additional ciphers may be usable by a server if there is a gap in the list of supported protocols, and some ciphers may not be usable by a server if there is not a suitable certificate configured. If ssl is NULL or no ciphers are available, NULL is returned.

+ +

SSL_get_client_ciphers() returns the stack of available SSL_CIPHERs matching the list received from the client on ssl. If ssl is NULL, no ciphers are available, or ssl is not operating in server mode, NULL is returned.

+ +

SSL_bytes_to_cipher_list() treats the supplied len octets in bytes as a wire-protocol cipher suite specification (in the three-octet-per-cipher SSLv2 wire format if isv2format is nonzero; otherwise the two-octet SSLv3/TLS wire format), and parses the cipher suites supported by the library into the returned stacks of SSL_CIPHER objects sk and Signalling Cipher-Suite Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success and 0 on failure.

+ +

SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER listed for ssl with priority. If ssl is NULL, no ciphers are available, or there are less ciphers than priority available, NULL is returned.

+ +

SSL_get_shared_ciphers() creates a colon separated and NUL terminated list of SSL_CIPHER names that are available in both the client and the server. buf is the buffer that should be populated with the list of names and size is the size of that buffer. A pointer to buf is returned on success or NULL on error. If the supplied buffer is not large enough to contain the complete list of names then a truncated list of names will be returned. Note that just because a ciphersuite is available (i.e. it is configured in the cipher list) and shared by both the client and the server it does not mean that it is enabled (see the description of SSL_get1_supported_ciphers() above). This function will return available shared ciphersuites whether or not they are enabled. This is a server side function only and must only be called after the completion of the initial handshake.

+ +

NOTES

+ +

The details of the ciphers obtained by SSL_get_ciphers(), SSL_CTX_get_ciphers() SSL_get1_supported_ciphers() and SSL_get_client_ciphers() can be obtained using the SSL_CIPHER_get_name(3) family of functions.

+ +

Call SSL_get_cipher_list() with priority starting from 0 to obtain the sorted list of available ciphers, until NULL is returned.

+ +

Note: SSL_get_ciphers(), SSL_CTX_get_ciphers() and SSL_get_client_ciphers() return a pointer to an internal cipher stack, which will be freed later on when the SSL or SSL_SESSION object is freed. Therefore, the calling code MUST NOT free the return value itself.

+ +

The stack returned by SSL_get1_supported_ciphers() should be freed using sk_SSL_CIPHER_free().

+ +

The stacks returned by SSL_bytes_to_cipher_list() should be freed using sk_SSL_CIPHER_free().

+ +

RETURN VALUES

+ +

See DESCRIPTION

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_cipher_list(3), SSL_CIPHER_get_name(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_client_random.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_client_random.html new file mode 100644 index 00000000..f1240106 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_client_random.html @@ -0,0 +1,84 @@ + + + + +SSL_get_client_random + + + + + + + + + + +

NAME

+ +

SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key, SSL_SESSION_set1_master_key - get internal TLS/SSL random values and get/set master key

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen);
+size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen);
+size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+                                  unsigned char *out, size_t outlen);
+int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
+                                size_t len);
+ +

DESCRIPTION

+ +

SSL_get_client_random() extracts the random value sent from the client to the server during the initial SSL/TLS handshake. It copies as many bytes as it can of this value into the buffer provided in out, which must have at least outlen bytes available. It returns the total number of bytes that were actually copied. If outlen is zero, SSL_get_client_random() copies nothing, and returns the total size of the client_random value.

+ +

SSL_get_server_random() behaves the same, but extracts the random value sent from the server to the client during the initial SSL/TLS handshake.

+ +

SSL_SESSION_get_master_key() behaves the same, but extracts the master secret used to guarantee the security of the SSL/TLS session. This one can be dangerous if misused; see NOTES below.

+ +

SSL_SESSION_set1_master_key() sets the master key value associated with the SSL_SESSION sess. For example, this could be used to set up a session based PSK (see SSL_CTX_set_psk_use_session_callback(3)). The master key of length len should be provided at in. The supplied master key is copied by the function, so the caller is responsible for freeing and cleaning any memory associated with in. The caller must ensure that the length of the key is suitable for the ciphersuite associated with the SSL_SESSION.

+ +

NOTES

+ +

You probably shouldn't use these functions.

+ +

These functions expose internal values from the TLS handshake, for use in low-level protocols. You probably should not use them, unless you are implementing something that needs access to the internal protocol details.

+ +

Despite the names of SSL_get_client_random() and SSL_get_server_random(), they ARE NOT random number generators. Instead, they return the mostly-random values that were already generated and used in the TLS protocol. Using them in place of RAND_bytes() would be grossly foolish.

+ +

The security of your TLS session depends on keeping the master key secret: do not expose it, or any information about it, to anybody. If you need to calculate another secret value that depends on the master secret, you should probably use SSL_export_keying_material() instead, and forget that you ever saw these functions.

+ +

In current versions of the TLS protocols, the length of client_random (and also server_random) is always SSL3_RANDOM_SIZE bytes. Support for other outlen arguments to the SSL_get_*_random() functions is provided in case of the unlikely event that a future version or variant of TLS uses some other length there.

+ +

Finally, though the "client_random" and "server_random" values are called "random", many TLS implementations will generate four bytes of those values based on their view of the current time.

+ +

RETURN VALUES

+ +

SSL_SESSION_set1_master_key() returns 1 on success or 0 on failure.

+ +

For the other functions, if outlen is greater than 0 then these functions return the number of bytes actually copied, which will be less than or equal to outlen. If outlen is 0 then these functions return the maximum number of bytes they would copy -- that is, the length of the underlying field.

+ +

SEE ALSO

+ +

ssl(7), RAND_bytes(3), SSL_export_keying_material(3), SSL_CTX_set_psk_use_session_callback(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_current_cipher.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_current_cipher.html new file mode 100644 index 00000000..68b82824 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_current_cipher.html @@ -0,0 +1,73 @@ + + + + +SSL_get_current_cipher + + + + + + + + + + +

NAME

+ +

SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, SSL_get_pending_cipher - get SSL_CIPHER of a connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
+SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl);
+
+const char *SSL_get_cipher_name(const SSL *s);
+const char *SSL_get_cipher(const SSL *s);
+int SSL_get_cipher_bits(const SSL *s, int *np);
+const char *SSL_get_cipher_version(const SSL *s);
+ +

DESCRIPTION

+ +

SSL_get_current_cipher() returns a pointer to an SSL_CIPHER object containing the description of the actually used cipher of a connection established with the ssl object. See SSL_CIPHER_get_name(3) for more details.

+ +

SSL_get_cipher_name() obtains the name of the currently used cipher. SSL_get_cipher() is identical to SSL_get_cipher_name(). SSL_get_cipher_bits() is a macro to obtain the number of secret/algorithm bits used and SSL_get_cipher_version() returns the protocol name.

+ +

SSL_get_pending_cipher() returns a pointer to an SSL_CIPHER object containing the description of the cipher (if any) that has been negotiated for future use on the connection established with the ssl object, but is not yet in use. This may be the case during handshake processing, when control flow can be returned to the application via any of several callback methods. The internal sequencing of handshake processing and callback invocation is not guaranteed to be stable from release to release, and at present only the callback set by SSL_CTX_set_alpn_select_cb() is guaranteed to have a non-NULL return value. Other callbacks may be added to this list over time.

+ +

RETURN VALUES

+ +

SSL_get_current_cipher() returns the cipher actually used, or NULL if no session has been established.

+ +

SSL_get_pending_cipher() returns the cipher to be used at the next change of cipher suite, or NULL if no such cipher is known.

+ +

NOTES

+ +

SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, and SSL_get_cipher_name are implemented as macros.

+ +

SEE ALSO

+ +

ssl(7), SSL_CIPHER_get_name(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_default_timeout.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_default_timeout.html new file mode 100644 index 00000000..7992f3a1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_default_timeout.html @@ -0,0 +1,63 @@ + + + + +SSL_get_default_timeout + + + + + + + + + + +

NAME

+ +

SSL_get_default_timeout - get default session timeout value

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_get_default_timeout(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_default_timeout() returns the default timeout value assigned to SSL_SESSION objects negotiated for the protocol valid for ssl.

+ +

NOTES

+ +

Whenever a new session is negotiated, it is assigned a timeout value, after which it will not be accepted for session reuse. If the timeout value was not explicitly set using SSL_CTX_set_timeout(3), the hardcoded default timeout for the protocol will be used.

+ +

SSL_get_default_timeout() return this hardcoded value, which is 300 seconds for all currently supported protocols.

+ +

RETURN VALUES

+ +

See description.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_session_cache_mode(3), SSL_SESSION_get_time(3), SSL_CTX_flush_sessions(3), SSL_get_default_timeout(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_error.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_error.html new file mode 100644 index 00000000..20adf416 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_error.html @@ -0,0 +1,150 @@ + + + + +SSL_get_error + + + + + + + + + + +

NAME

+ +

SSL_get_error - obtain result code for TLS/SSL I/O operation

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_get_error(const SSL *ssl, int ret);
+ +

DESCRIPTION

+ +

SSL_get_error() returns a result code (suitable for the C "switch" statement) for a preceding call to SSL_connect(), SSL_accept(), SSL_do_handshake(), SSL_read_ex(), SSL_read(), SSL_peek_ex(), SSL_peek(), SSL_shutdown(), SSL_write_ex() or SSL_write() on ssl. The value returned by that TLS/SSL I/O function must be passed to SSL_get_error() in parameter ret.

+ +

In addition to ssl and ret, SSL_get_error() inspects the current thread's OpenSSL error queue. Thus, SSL_get_error() must be used in the same thread that performed the TLS/SSL I/O operation, and no other OpenSSL function calls should appear in between. The current thread's error queue must be empty before the TLS/SSL I/O operation is attempted, or SSL_get_error() will not work reliably.

+ +

RETURN VALUES

+ +

The following return values can currently occur:

+ +
+ +
SSL_ERROR_NONE
+
+ +

The TLS/SSL I/O operation completed. This result code is returned if and only if ret > 0.

+ +
+
SSL_ERROR_ZERO_RETURN
+
+ +

The TLS/SSL peer has closed the connection for writing by sending the close_notify alert. No more data can be read. Note that SSL_ERROR_ZERO_RETURN does not necessarily indicate that the underlying transport has been closed.

+ +
+
SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
+
+ +

The operation did not complete and can be retried later.

+ +

SSL_ERROR_WANT_READ is returned when the last operation was a read operation from a non-blocking BIO. It means that not enough data was available at this time to complete the operation. If at a later time the underlying BIO has data available for reading the same function can be called again.

+ +

SSL_read() and SSL_read_ex() can also set SSL_ERROR_WANT_READ when there is still unprocessed data available at either the SSL or the BIO layer, even for a blocking BIO. See SSL_read(3) for more information.

+ +

SSL_ERROR_WANT_WRITE is returned when the last operation was a write to a non-blocking BIO and it was unable to sent all data to the BIO. When the BIO is writeable again, the same function can be called again.

+ +

Note that the retry may again lead to an SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition. There is no fixed upper limit for the number of iterations that may be necessary until progress becomes visible at application protocol level.

+ +

It is safe to call SSL_read() or SSL_read_ex() when more data is available even when the call that set this error was an SSL_write() or SSL_write_ex(). However if the call was an SSL_write() or SSL_write_ex(), it should be called again to continue sending the application data.

+ +

For socket BIOs (e.g. when SSL_set_fd() was used), select() or poll() on the underlying socket can be used to find out when the TLS/SSL I/O function should be retried.

+ +

Caveat: Any TLS/SSL I/O function can lead to either of SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE. In particular, SSL_read_ex(), SSL_read(), SSL_peek_ex(), or SSL_peek() may want to write data and SSL_write() or SSL_write_ex() may want to read data. This is mainly because TLS/SSL handshakes may occur at any time during the protocol (initiated by either the client or the server); SSL_read_ex(), SSL_read(), SSL_peek_ex(), SSL_peek(), SSL_write_ex(), and SSL_write() will handle any pending handshakes.

+ +
+
SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT
+
+ +

The operation did not complete; the same TLS/SSL I/O function should be called again later. The underlying BIO was not connected yet to the peer and the call would block in connect()/accept(). The SSL function should be called again when the connection is established. These messages can only appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively. In order to find out, when the connection has been successfully established, on many platforms select() or poll() for writing on the socket file descriptor can be used.

+ +
+
SSL_ERROR_WANT_X509_LOOKUP
+
+ +

The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again. The TLS/SSL I/O function should be called again later. Details depend on the application.

+ +
+
SSL_ERROR_WANT_ASYNC
+
+ +

The operation did not complete because an asynchronous engine is still processing data. This will only occur if the mode has been set to SSL_MODE_ASYNC using SSL_CTX_set_mode(3) or SSL_set_mode(3) and an asynchronous capable engine is being used. An application can determine whether the engine has completed its processing using select() or poll() on the asynchronous wait file descriptor. This file descriptor is available by calling SSL_get_all_async_fds(3) or SSL_get_changed_async_fds(3). The TLS/SSL I/O function should be called again later. The function must be called from the same thread that the original call was made from.

+ +
+
SSL_ERROR_WANT_ASYNC_JOB
+
+ +

The asynchronous job could not be started because there were no async jobs available in the pool (see ASYNC_init_thread(3)). This will only occur if the mode has been set to SSL_MODE_ASYNC using SSL_CTX_set_mode(3) or SSL_set_mode(3) and a maximum limit has been set on the async job pool through a call to ASYNC_init_thread(3). The application should retry the operation after a currently executing asynchronous operation for the current thread has completed.

+ +
+
SSL_ERROR_WANT_CLIENT_HELLO_CB
+
+ +

The operation did not complete because an application callback set by SSL_CTX_set_client_hello_cb() has asked to be called again. The TLS/SSL I/O function should be called again later. Details depend on the application.

+ +
+
SSL_ERROR_SYSCALL
+
+ +

Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may contain more information on the error. For socket I/O on Unix systems, consult errno for details. If this error occurs then no further I/O operations should be performed on the connection and SSL_shutdown() must not be called.

+ +

This value can also be returned for other errors, check the error queue for details.

+ +
+
SSL_ERROR_SSL
+
+ +

A non-recoverable, fatal error in the SSL library occurred, usually a protocol error. The OpenSSL error queue contains more information on the error. If this error occurs then no further I/O operations should be performed on the connection and SSL_shutdown() must not be called.

+ +
+
+ +

BUGS

+ +

The SSL_ERROR_SYSCALL with errno value of 0 indicates unexpected EOF from the peer. This will be properly reported as SSL_ERROR_SSL with reason code SSL_R_UNEXPECTED_EOF_WHILE_READING in the OpenSSL 3.0 release because it is truly a TLS protocol error to terminate the connection without a SSL_shutdown().

+ +

The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications which choose to ignore this protocol error depend on the existing way of reporting the error.

+ +

SEE ALSO

+ +

ssl(7)

+ +

HISTORY

+ +

The SSL_ERROR_WANT_ASYNC error code was added in OpenSSL 1.1.0. The SSL_ERROR_WANT_CLIENT_HELLO_CB error code was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_extms_support.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_extms_support.html new file mode 100644 index 00000000..9b87f203 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_extms_support.html @@ -0,0 +1,58 @@ + + + + +SSL_get_extms_support + + + + + + + + + + +

NAME

+ +

SSL_get_extms_support - extended master secret support

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_get_extms_support(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_extms_support() indicates whether the current session used extended master secret.

+ +

This function is implemented as a macro.

+ +

RETURN VALUES

+ +

SSL_get_extms_support() returns 1 if the current session used extended master secret, 0 if it did not and -1 if a handshake is currently in progress i.e. it is not possible to determine if extended master secret was used.

+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_fd.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_fd.html new file mode 100644 index 00000000..6f35cc0b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_fd.html @@ -0,0 +1,74 @@ + + + + +SSL_get_fd + + + + + + + + + + +

NAME

+ +

SSL_get_fd, SSL_get_rfd, SSL_get_wfd - get file descriptor linked to an SSL object

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_get_fd(const SSL *ssl);
+int SSL_get_rfd(const SSL *ssl);
+int SSL_get_wfd(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_fd() returns the file descriptor which is linked to ssl. SSL_get_rfd() and SSL_get_wfd() return the file descriptors for the read or the write channel, which can be different. If the read and the write channel are different, SSL_get_fd() will return the file descriptor of the read channel.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
-1
+
+ +

The operation failed, because the underlying BIO is not of the correct type (suitable for file descriptors).

+ +
+
>=0
+
+ +

The file descriptor linked to ssl.

+ +
+
+ +

SEE ALSO

+ +

SSL_set_fd(3), ssl(7) , bio(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_peer_cert_chain.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_peer_cert_chain.html new file mode 100644 index 00000000..85c6b1e7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_peer_cert_chain.html @@ -0,0 +1,84 @@ + + + + +SSL_get_peer_cert_chain + + + + + + + + + + +

NAME

+ +

SSL_get_peer_cert_chain, SSL_get0_verified_chain - get the X509 certificate chain of the peer

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
+STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_peer_cert_chain() returns a pointer to STACK_OF(X509) certificates forming the certificate chain sent by the peer. If called on the client side, the stack also contains the peer's certificate; if called on the server side, the peer's certificate must be obtained separately using SSL_get_peer_certificate(3). If the peer did not present a certificate, NULL is returned.

+ +

NB: SSL_get_peer_cert_chain() returns the peer chain as sent by the peer: it only consists of certificates the peer has sent (in the order the peer has sent them) it is not a verified chain.

+ +

SSL_get0_verified_chain() returns the verified certificate chain of the peer including the peer's end entity certificate. It must be called after a session has been successfully established. If peer verification was not successful (as indicated by SSL_get_verify_result() not returning X509_V_OK) the chain may be incomplete or invalid.

+ +

NOTES

+ +

If the session is resumed peers do not send certificates so a NULL pointer is returned by these functions. Applications can call SSL_session_reused() to determine whether a session is resumed.

+ +

The reference count of each certificate in the returned STACK_OF(X509) object is not incremented and the returned stack may be invalidated by renegotiation. If applications wish to use any certificates in the returned chain indefinitely they must increase the reference counts using X509_up_ref() or obtain a copy of the whole chain with X509_chain_up_ref().

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
NULL
+
+ +

No certificate was presented by the peer or no connection was established or the certificate chain is no longer available when a session is reused.

+ +
+
Pointer to a STACK_OF(X509)
+
+ +

The return value points to the certificate chain presented by the peer.

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_get_peer_certificate(3), X509_up_ref(3), X509_chain_up_ref(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_peer_certificate.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_peer_certificate.html new file mode 100644 index 00000000..66a533dc --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_peer_certificate.html @@ -0,0 +1,81 @@ + + + + +SSL_get_peer_certificate + + + + + + + + + + +

NAME

+ +

SSL_get_peer_certificate - get the X509 certificate of the peer

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+X509 *SSL_get_peer_certificate(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_peer_certificate() returns a pointer to the X509 certificate the peer presented. If the peer did not present a certificate, NULL is returned.

+ +

NOTES

+ +

Due to the protocol definition, a TLS/SSL server will always send a certificate, if present. A client will only send a certificate when explicitly requested to do so by the server (see SSL_CTX_set_verify(3)). If an anonymous cipher is used, no certificates are sent.

+ +

That a certificate is returned does not indicate information about the verification state, use SSL_get_verify_result(3) to check the verification state.

+ +

The reference count of the X509 object is incremented by one, so that it will not be destroyed when the session containing the peer certificate is freed. The X509 object must be explicitly freed using X509_free().

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
NULL
+
+ +

No certificate was presented by the peer or no connection was established.

+ +
+
Pointer to an X509 certificate
+
+ +

The return value points to the certificate presented by the peer.

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_get_verify_result(3), SSL_CTX_set_verify(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_peer_signature_nid.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_peer_signature_nid.html new file mode 100644 index 00000000..d902e54f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_peer_signature_nid.html @@ -0,0 +1,63 @@ + + + + +SSL_get_peer_signature_nid + + + + + + + + + + +

NAME

+ +

SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, SSL_get_signature_nid, SSL_get_signature_type_nid - get TLS message signing types

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid);
+int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid);
+int SSL_get_signature_nid(SSL *ssl, int *psig_nid);
+int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid);
+ +

DESCRIPTION

+ +

SSL_get_peer_signature_nid() sets *psig_nid to the NID of the digest used by the peer to sign TLS messages. It is implemented as a macro.

+ +

SSL_get_peer_signature_type_nid() sets *psigtype_nid to the signature type used by the peer to sign TLS messages. Currently the signature type is the NID of the public key type used for signing except for PSS signing where it is EVP_PKEY_RSA_PSS. To differentiate between rsa_pss_rsae_* and rsa_pss_pss_* signatures, it's necessary to check the type of public key in the peer's certificate.

+ +

SSL_get_signature_nid() and SSL_get_signature_type_nid() return the equivalent information for the local end of the connection.

+ +

RETURN VALUES

+ +

These functions return 1 for success and 0 for failure. There are several possible reasons for failure: the cipher suite has no signature (e.g. it uses RSA key exchange or is anonymous), the TLS version is below 1.2 or the functions were called too early, e.g. before the peer signed a message.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_peer_certificate(3),

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_peer_tmp_key.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_peer_tmp_key.html new file mode 100644 index 00000000..0e6bdcce --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_peer_tmp_key.html @@ -0,0 +1,67 @@ + + + + +SSL_get_peer_tmp_key + + + + + + + + + + +

NAME

+ +

SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key - get information about temporary keys used during a handshake

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key);
+long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key);
+long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key);
+ +

DESCRIPTION

+ +

SSL_get_peer_tmp_key() returns the temporary key provided by the peer and used during key exchange. For example, if ECDHE is in use, then this represents the peer's public ECDHE key. On success a pointer to the key is stored in *key. It is the caller's responsibility to free this key after use using EVP_PKEY_free(3).

+ +

SSL_get_server_tmp_key() is a backwards compatibility alias for SSL_get_peer_tmp_key(). Under that name it worked just on the client side of the connection, its behaviour on the server end is release-dependent.

+ +

SSL_get_tmp_key() returns the equivalent information for the local end of the connection.

+ +

RETURN VALUES

+ +

All these functions return 1 on success and 0 otherwise.

+ +

NOTES

+ +

This function is implemented as a macro.

+ +

SEE ALSO

+ +

ssl(7), EVP_PKEY_free(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_psk_identity.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_psk_identity.html new file mode 100644 index 00000000..11536ec3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_psk_identity.html @@ -0,0 +1,54 @@ + + + + +SSL_get_psk_identity + + + + + + + + + + +

NAME

+ +

SSL_get_psk_identity, SSL_get_psk_identity_hint - get PSK client identity and hint

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const char *SSL_get_psk_identity_hint(const SSL *ssl);
+const char *SSL_get_psk_identity(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_psk_identity_hint() is used to retrieve the PSK identity hint used during the connection setup related to SSL object ssl. Similarly, SSL_get_psk_identity() is used to retrieve the PSK identity used during the connection setup.

+ +

RETURN VALUES

+ +

If non-NULL, SSL_get_psk_identity_hint() returns the PSK identity hint and SSL_get_psk_identity() returns the PSK identity. Both are NULL-terminated. SSL_get_psk_identity_hint() may return NULL if no PSK identity hint was used during the connection setup.

+ +

Note that the return value is valid only during the lifetime of the SSL object ssl.

+ +

COPYRIGHT

+ +

Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_rbio.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_rbio.html new file mode 100644 index 00000000..94874234 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_rbio.html @@ -0,0 +1,73 @@ + + + + +SSL_get_rbio + + + + + + + + + + +

NAME

+ +

SSL_get_rbio, SSL_get_wbio - get BIO linked to an SSL object

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+BIO *SSL_get_rbio(SSL *ssl);
+BIO *SSL_get_wbio(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_rbio() and SSL_get_wbio() return pointers to the BIOs for the read or the write channel, which can be different. The reference count of the BIO is not incremented.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
NULL
+
+ +

No BIO was connected to the SSL object

+ +
+
Any other pointer
+
+ +

The BIO linked to ssl.

+ +
+
+ +

SEE ALSO

+ +

SSL_set_bio(3), ssl(7) , bio(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_session.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_session.html new file mode 100644 index 00000000..11f71929 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_session.html @@ -0,0 +1,97 @@ + + + + +SSL_get_session + + + + + + + + + + +

NAME

+ +

SSL_get_session, SSL_get0_session, SSL_get1_session - retrieve TLS/SSL session data

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL_SESSION *SSL_get_session(const SSL *ssl);
+SSL_SESSION *SSL_get0_session(const SSL *ssl);
+SSL_SESSION *SSL_get1_session(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_session() returns a pointer to the SSL_SESSION actually used in ssl. The reference count of the SSL_SESSION is not incremented, so that the pointer can become invalid by other operations.

+ +

SSL_get0_session() is the same as SSL_get_session().

+ +

SSL_get1_session() is the same as SSL_get_session(), but the reference count of the SSL_SESSION is incremented by one.

+ +

NOTES

+ +

The ssl session contains all information required to re-establish the connection without a full handshake for SSL versions up to and including TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the main handshake has occurred. The server will send the session information to the client at a time of its choosing, which may be some while after the initial connection is established (or never). Calling these functions on the client side in TLSv1.3 before the session has been established will still return an SSL_SESSION object but that object cannot be used for resuming the session. See SSL_SESSION_is_resumable(3) for information on how to determine whether an SSL_SESSION object can be used for resumption or not.

+ +

Additionally, in TLSv1.3, a server can send multiple messages that establish a session for a single connection. In that case the above functions will only return information on the last session that was received.

+ +

The preferred way for applications to obtain a resumable SSL_SESSION object is to use a new session callback as described in SSL_CTX_sess_set_new_cb(3). The new session callback is only invoked when a session is actually established, so this avoids the problem described above where an application obtains an SSL_SESSION object that cannot be used for resumption in TLSv1.3. It also enables applications to obtain information about all sessions sent by the server.

+ +

A session will be automatically removed from the session cache and marked as non-resumable if the connection is not closed down cleanly, e.g. if a fatal error occurs on the connection or SSL_shutdown(3) is not called prior to SSL_free(3).

+ +

In TLSv1.3 it is recommended that each SSL_SESSION object is only used for resumption once.

+ +

SSL_get0_session() returns a pointer to the actual session. As the reference counter is not incremented, the pointer is only valid while the connection is in use. If SSL_clear(3) or SSL_free(3) is called, the session may be removed completely (if considered bad), and the pointer obtained will become invalid. Even if the session is valid, it can be removed at any time due to timeout during SSL_CTX_flush_sessions(3).

+ +

If the data is to be kept, SSL_get1_session() will increment the reference count, so that the session will not be implicitly removed by other operations but stays in memory. In order to remove the session SSL_SESSION_free(3) must be explicitly called once to decrement the reference count again.

+ +

SSL_SESSION objects keep internal link information about the session cache list, when being inserted into one SSL_CTX object's session cache. One SSL_SESSION object, regardless of its reference count, must therefore only be used with one SSL_CTX object (and the SSL objects created from this SSL_CTX object).

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
NULL
+
+ +

There is no session available in ssl.

+ +
+
Pointer to an SSL_SESSION
+
+ +

The return value points to the data of an SSL session.

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_free(3), SSL_clear(3), SSL_SESSION_free(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_shared_sigalgs.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_shared_sigalgs.html new file mode 100644 index 00000000..74b0ff11 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_shared_sigalgs.html @@ -0,0 +1,83 @@ + + + + +SSL_get_shared_sigalgs + + + + + + + + + + +

NAME

+ +

SSL_get_shared_sigalgs, SSL_get_sigalgs - get supported signature algorithms

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_get_shared_sigalgs(SSL *s, int idx,
+                           int *psign, int *phash, int *psignhash,
+                           unsigned char *rsig, unsigned char *rhash);
+
+int SSL_get_sigalgs(SSL *s, int idx,
+                    int *psign, int *phash, int *psignhash,
+                    unsigned char *rsig, unsigned char *rhash);
+ +

DESCRIPTION

+ +

SSL_get_shared_sigalgs() returns information about the shared signature algorithms supported by peer s. The parameter idx indicates the index of the shared signature algorithm to return starting from zero. The signature algorithm NID is written to *psign, the hash NID to *phash and the sign and hash NID to *psignhash. The raw signature and hash values are written to *rsig and *rhash.

+ +

SSL_get_sigalgs() is similar to SSL_get_shared_sigalgs() except it returns information about all signature algorithms supported by s in the order they were sent by the peer.

+ +

RETURN VALUES

+ +

SSL_get_shared_sigalgs() and SSL_get_sigalgs() return the number of signature algorithms or 0 if the idx parameter is out of range.

+ +

NOTES

+ +

These functions are typically called for debugging purposes (to report the peer's preferences) or where an application wants finer control over certificate selection. Most applications will rely on internal handling and will not need to call them.

+ +

If an application is only interested in the highest preference shared signature algorithm it can just set idx to zero.

+ +

Any or all of the parameters psign, phash, psignhash, rsig or rhash can be set to NULL if the value is not required. By setting them all to NULL and setting idx to zero the total number of signature algorithms can be determined: which can be zero.

+ +

These functions must be called after the peer has sent a list of supported signature algorithms: after a client hello (for servers) or a certificate request (for clients). They can (for example) be called in the certificate callback.

+ +

Only TLS 1.2, TLS 1.3 and DTLS 1.2 currently support signature algorithms. If these functions are called on an earlier version of TLS or DTLS zero is returned.

+ +

The shared signature algorithms returned by SSL_get_shared_sigalgs() are ordered according to configuration and peer preferences.

+ +

The raw values correspond to the on the wire form as defined by RFC5246 et al. The NIDs are OpenSSL equivalents. For example if the peer sent sha256(4) and rsa(1) then *rhash would be 4, *rsign 1, *phash NID_sha256, *psig NID_rsaEncryption and *psighash NID_sha256WithRSAEncryption.

+ +

If a signature algorithm is not recognised the corresponding NIDs will be set to NID_undef. This may be because the value is not supported, is not an appropriate combination (for example MD5 and DSA) or the signature algorithm does not use a hash (for example Ed25519).

+ +

SEE ALSO

+ +

SSL_CTX_set_cert_cb(3), ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_verify_result.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_verify_result.html new file mode 100644 index 00000000..ef91b1e1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_verify_result.html @@ -0,0 +1,84 @@ + + + + +SSL_get_verify_result + + + + + + + + + + +

NAME

+ +

SSL_get_verify_result - get result of peer certificate verification

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_get_verify_result(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_verify_result() returns the result of the verification of the X509 certificate presented by the peer, if any.

+ +

NOTES

+ +

SSL_get_verify_result() can only return one error code while the verification of a certificate can fail because of many reasons at the same time. Only the last verification error that occurred during the processing is available from SSL_get_verify_result().

+ +

The verification result is part of the established session and is restored when a session is reused.

+ +

BUGS

+ +

If no peer certificate was presented, the returned result code is X509_V_OK. This is because no verification error occurred, it does however not indicate success. SSL_get_verify_result() is only useful in connection with SSL_get_peer_certificate(3).

+ +

RETURN VALUES

+ +

The following return values can currently occur:

+ +
+ +
X509_V_OK
+
+ +

The verification succeeded or no peer certificate was presented.

+ +
+
Any other value
+
+ +

Documented in verify(1).

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_set_verify_result(3), SSL_get_peer_certificate(3), verify(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_version.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_version.html new file mode 100644 index 00000000..98f55b6a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_get_version.html @@ -0,0 +1,145 @@ + + + + +SSL_get_version + + + + + + + + + + +

NAME

+ +

SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version - get the protocol information of a connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_client_version(const SSL *s);
+
+const char *SSL_get_version(const SSL *ssl);
+
+int SSL_is_dtls(const SSL *ssl);
+
+int SSL_version(const SSL *s);
+ +

DESCRIPTION

+ +

SSL_client_version() returns the numeric protocol version advertised by the client in the legacy_version field of the ClientHello when initiating the connection. Note that, for TLS, this value will never indicate a version greater than TLSv1.2 even if TLSv1.3 is subsequently negotiated. SSL_get_version() returns the name of the protocol used for the connection. SSL_version() returns the numeric protocol version used for the connection. They should only be called after the initial handshake has been completed. Prior to that the results returned from these functions may be unreliable.

+ +

SSL_is_dtls() returns one if the connection is using DTLS, zero if not.

+ +

RETURN VALUES

+ +

SSL_get_version() returns one of the following strings:

+ +
+ +
SSLv3
+
+ +

The connection uses the SSLv3 protocol.

+ +
+
TLSv1
+
+ +

The connection uses the TLSv1.0 protocol.

+ +
+
TLSv1.1
+
+ +

The connection uses the TLSv1.1 protocol.

+ +
+
TLSv1.2
+
+ +

The connection uses the TLSv1.2 protocol.

+ +
+
TLSv1.3
+
+ +

The connection uses the TLSv1.3 protocol.

+ +
+
unknown
+
+ +

This indicates an unknown protocol version.

+ +
+
+ +

SSL_version() and SSL_client_version() return an integer which could include any of the following:

+ +
+ +
SSL3_VERSION
+
+ +

The connection uses the SSLv3 protocol.

+ +
+
TLS1_VERSION
+
+ +

The connection uses the TLSv1.0 protocol.

+ +
+
TLS1_1_VERSION
+
+ +

The connection uses the TLSv1.1 protocol.

+ +
+
TLS1_2_VERSION
+
+ +

The connection uses the TLSv1.2 protocol.

+ +
+
TLS1_3_VERSION
+
+ +

The connection uses the TLSv1.3 protocol (never returned for SSL_client_version()).

+ +
+
+ +

SEE ALSO

+ +

ssl(7)

+ +

HISTORY

+ +

The SSL_is_dtls() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_in_init.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_in_init.html new file mode 100644 index 00000000..63fbe249 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_in_init.html @@ -0,0 +1,117 @@ + + + + +SSL_in_init + + + + + + + + + + +

NAME

+ +

SSL_in_before, SSL_in_init, SSL_is_init_finished, SSL_in_connect_init, SSL_in_accept_init, SSL_get_state - retrieve information about the handshake state machine

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_in_init(const SSL *s);
+int SSL_in_before(const SSL *s);
+int SSL_is_init_finished(const SSL *s);
+
+int SSL_in_connect_init(SSL *s);
+int SSL_in_accept_init(SSL *s);
+
+OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_in_init() returns 1 if the SSL/TLS state machine is currently processing or awaiting handshake messages, or 0 otherwise.

+ +

SSL_in_before() returns 1 if no SSL/TLS handshake has yet been initiated, or 0 otherwise.

+ +

SSL_is_init_finished() returns 1 if the SSL/TLS connection is in a state where fully protected application data can be transferred or 0 otherwise.

+ +

Note that in some circumstances (such as when early data is being transferred) SSL_in_init(), SSL_in_before() and SSL_is_init_finished() can all return 0.

+ +

SSL_in_connect_init() returns 1 if s is acting as a client and SSL_in_init() would return 1, or 0 otherwise.

+ +

SSL_in_accept_init() returns 1 if s is acting as a server and SSL_in_init() would return 1, or 0 otherwise.

+ +

SSL_in_connect_init() and SSL_in_accept_init() are implemented as macros.

+ +

SSL_get_state() returns a value indicating the current state of the handshake state machine. OSSL_HANDSHAKE_STATE is an enumerated type where each value indicates a discrete state machine state. Note that future versions of OpenSSL may define more states so applications should expect to receive unrecognised state values. The naming format is made up of a number of elements as follows:

+ +

protocol_ST_role_message

+ +

protocol is one of TLS or DTLS. DTLS is used where a state is specific to the DTLS protocol. Otherwise TLS is used.

+ +

role is one of CR, CW, SR or SW to indicate "client reading", "client writing", "server reading" or "server writing" respectively.

+ +

message is the name of a handshake message that is being or has been sent, or is being or has been processed.

+ +

Additionally there are some special states that do not conform to the above format. These are:

+ +
+ +
TLS_ST_BEFORE
+
+ +

No handshake messages have yet been been sent or received.

+ +
+
TLS_ST_OK
+
+ +

Handshake message sending/processing has completed.

+ +
+
TLS_ST_EARLY_DATA
+
+ +

Early data is being processed

+ +
+
TLS_ST_PENDING_EARLY_DATA_END
+
+ +

Awaiting the end of early data processing

+ +
+
+ +

RETURN VALUES

+ +

SSL_in_init(), SSL_in_before(), SSL_is_init_finished(), SSL_in_connect_init() and SSL_in_accept_init() return values as indicated above.

+ +

SSL_get_state() returns the current handshake state.

+ +

SEE ALSO

+ +

ssl(7), SSL_read_early_data(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_key_update.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_key_update.html new file mode 100644 index 00000000..cb6cab6e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_key_update.html @@ -0,0 +1,86 @@ + + + + +SSL_key_update + + + + + + + + + + +

NAME

+ +

SSL_key_update, SSL_get_key_update_type, SSL_renegotiate, SSL_renegotiate_abbreviated, SSL_renegotiate_pending - initiate and obtain information about updating connection keys

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_key_update(SSL *s, int updatetype);
+int SSL_get_key_update_type(const SSL *s);
+
+int SSL_renegotiate(SSL *s);
+int SSL_renegotiate_abbreviated(SSL *s);
+int SSL_renegotiate_pending(const SSL *s);
+ +

DESCRIPTION

+ +

SSL_key_update() schedules an update of the keys for the current TLS connection. If the updatetype parameter is set to SSL_KEY_UPDATE_NOT_REQUESTED then the sending keys for this connection will be updated and the peer will be informed of the change. If the updatetype parameter is set to SSL_KEY_UPDATE_REQUESTED then the sending keys for this connection will be updated and the peer will be informed of the change along with a request for the peer to additionally update its sending keys. It is an error if updatetype is set to SSL_KEY_UPDATE_NONE.

+ +

SSL_key_update() must only be called after the initial handshake has been completed and TLSv1.3 has been negotiated. The key update will not take place until the next time an IO operation such as SSL_read_ex() or SSL_write_ex() takes place on the connection. Alternatively SSL_do_handshake() can be called to force the update to take place immediately.

+ +

SSL_get_key_update_type() can be used to determine whether a key update operation has been scheduled but not yet performed. The type of the pending key update operation will be returned if there is one, or SSL_KEY_UPDATE_NONE otherwise.

+ +

SSL_renegotiate() and SSL_renegotiate_abbreviated() should only be called for connections that have negotiated TLSv1.2 or less. Calling them on any other connection will result in an error.

+ +

When called from the client side, SSL_renegotiate() schedules a completely new handshake over an existing SSL/TLS connection. The next time an IO operation such as SSL_read_ex() or SSL_write_ex() takes place on the connection a check will be performed to confirm that it is a suitable time to start a renegotiation. If so, then it will be initiated immediately. OpenSSL will not attempt to resume any session associated with the connection in the new handshake.

+ +

When called from the client side, SSL_renegotiate_abbreviated() works in the same was as SSL_renegotiate() except that OpenSSL will attempt to resume the session associated with the current connection in the new handshake.

+ +

When called from the server side, SSL_renegotiate() and SSL_renegotiate_abbreviated() behave identically. They both schedule a request for a new handshake to be sent to the client. The next time an IO operation is performed then the same checks as on the client side are performed and then, if appropriate, the request is sent. The client may or may not respond with a new handshake and it may or may not attempt to resume an existing session. If a new handshake is started then this will be handled transparently by calling any OpenSSL IO function.

+ +

If an OpenSSL client receives a renegotiation request from a server then again this will be handled transparently through calling any OpenSSL IO function. For a TLS connection the client will attempt to resume the current session in the new handshake. For historical reasons, DTLS clients will not attempt to resume the session in the new handshake.

+ +

The SSL_renegotiate_pending() function returns 1 if a renegotiation or renegotiation request has been scheduled but not yet acted on, or 0 otherwise.

+ +

RETURN VALUES

+ +

SSL_key_update(), SSL_renegotiate() and SSL_renegotiate_abbreviated() return 1 on success or 0 on error.

+ +

SSL_get_key_update_type() returns the update type of the pending key update operation or SSL_KEY_UPDATE_NONE if there is none.

+ +

SSL_renegotiate_pending() returns 1 if a renegotiation or renegotiation request has been scheduled but not yet acted on, or 0 otherwise.

+ +

SEE ALSO

+ +

ssl(7), SSL_read_ex(3), SSL_write_ex(3), SSL_do_handshake(3)

+ +

HISTORY

+ +

The SSL_key_update() and SSL_get_key_update_type() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_library_init.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_library_init.html new file mode 100644 index 00000000..e3828037 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_library_init.html @@ -0,0 +1,75 @@ + + + + +SSL_library_init + + + + + + + + + + +

NAME

+ +

SSL_library_init, OpenSSL_add_ssl_algorithms - initialize SSL library by registering algorithms

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_library_init(void);
+
+int OpenSSL_add_ssl_algorithms(void);
+ +

DESCRIPTION

+ +

SSL_library_init() registers the available SSL/TLS ciphers and digests.

+ +

OpenSSL_add_ssl_algorithms() is a synonym for SSL_library_init() and is implemented as a macro.

+ +

NOTES

+ +

SSL_library_init() must be called before any other action takes place. SSL_library_init() is not reentrant.

+ +

WARNINGS

+ +

SSL_library_init() adds ciphers and digests used directly and indirectly by SSL/TLS.

+ +

RETURN VALUES

+ +

SSL_library_init() always returns "1", so it is safe to discard the return value.

+ +

SEE ALSO

+ +

ssl(7), RAND_add(3)

+ +

HISTORY

+ +

The SSL_library_init() and OpenSSL_add_ssl_algorithms() functions were deprecated in OpenSSL 1.1.0 by OPENSSL_init_ssl().

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_load_client_CA_file.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_load_client_CA_file.html new file mode 100644 index 00000000..084b903c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_load_client_CA_file.html @@ -0,0 +1,102 @@ + + + + +SSL_load_client_CA_file + + + + + + + + + + +

NAME

+ +

SSL_load_client_CA_file, SSL_add_file_cert_subjects_to_stack, SSL_add_dir_cert_subjects_to_stack - load certificate names

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+
+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                        const char *file)
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                       const char *dir)
+ +

DESCRIPTION

+ +

SSL_load_client_CA_file() reads certificates from file and returns a STACK_OF(X509_NAME) with the subject names found.

+ +

SSL_add_file_cert_subjects_to_stack() reads certificates from file, and adds their subject name to the already existing stack.

+ +

SSL_add_dir_cert_subjects_to_stack() reads certificates from every file in the directory dir, and adds their subject name to the already existing stack.

+ +

NOTES

+ +

SSL_load_client_CA_file() reads a file of PEM formatted certificates and extracts the X509_NAMES of the certificates found. While the name suggests the specific usage as support function for SSL_CTX_set_client_CA_list(3), it is not limited to CA certificates.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
NULL
+
+ +

The operation failed, check out the error stack for the reason.

+ +
+
Pointer to STACK_OF(X509_NAME)
+
+ +

Pointer to the subject names of the successfully read certificates.

+ +
+
+ +

EXAMPLES

+ +

Load names of CAs from file and use it as a client CA list:

+ +
SSL_CTX *ctx;
+STACK_OF(X509_NAME) *cert_names;
+
+...
+cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
+if (cert_names != NULL)
+    SSL_CTX_set_client_CA_list(ctx, cert_names);
+else
+    /* error */
+...
+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_client_CA_list(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_new.html new file mode 100644 index 00000000..8c4a2dce --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_new.html @@ -0,0 +1,80 @@ + + + + +SSL_new + + + + + + + + + + +

NAME

+ +

SSL_dup, SSL_new, SSL_up_ref - create an SSL structure for a connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL *SSL_dup(SSL *s);
+SSL *SSL_new(SSL_CTX *ctx);
+int SSL_up_ref(SSL *s);
+ +

DESCRIPTION

+ +

SSL_new() creates a new SSL structure which is needed to hold the data for a TLS/SSL connection. The new structure inherits the settings of the underlying context ctx: connection method, options, verification settings, timeout settings. An SSL structure is reference counted. Creating an SSL structure for the first time increments the reference count. Freeing it (using SSL_free) decrements it. When the reference count drops to zero, any memory or resources allocated to the SSL structure are freed.

+ +

SSL_up_ref() increments the reference count for an existing SSL structure.

+ +

SSL_dup() duplicates an existing SSL structure into a new allocated one. All settings are inherited from the original SSL structure. Dynamic data (i.e. existing connection details) are not copied, the new SSL is set into an initial accept (server) or connect (client) state.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
NULL
+
+ +

The creation of a new SSL structure failed. Check the error stack to find out the reason.

+ +
+
Pointer to an SSL structure
+
+ +

The return value points to an allocated SSL structure.

+ +

SSL_up_ref() returns 1 for success and 0 for failure.

+ +
+
+ +

SEE ALSO

+ +

SSL_free(3), SSL_clear(3), SSL_CTX_set_options(3), SSL_get_SSL_CTX(3), ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_pending.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_pending.html new file mode 100644 index 00000000..ed0a2335 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_pending.html @@ -0,0 +1,68 @@ + + + + +SSL_pending + + + + + + + + + + +

NAME

+ +

SSL_pending, SSL_has_pending - check for readable bytes buffered in an SSL object

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_pending(const SSL *ssl);
+int SSL_has_pending(const SSL *s);
+ +

DESCRIPTION

+ +

Data is received in whole blocks known as records from the peer. A whole record is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is read by the application via a call to SSL_read_ex(3) or SSL_read(3).

+ +

SSL_pending() returns the number of bytes which have been processed, buffered and are available inside ssl for immediate read.

+ +

If the SSL object's read_ahead flag is set (see SSL_CTX_set_read_ahead(3)), additional protocol bytes (beyond the current record) may have been read containing more TLS/SSL records. This also applies to DTLS and pipelining (see SSL_CTX_set_split_send_fragment(3)). These additional bytes will be buffered by OpenSSL but will remain unprocessed until they are needed. As these bytes are still in an unprocessed state SSL_pending() will ignore them. Therefore it is possible for no more bytes to be readable from the underlying BIO (because OpenSSL has already read them) and for SSL_pending() to return 0, even though readable application data bytes are available (because the data is in unprocessed buffered records).

+ +

SSL_has_pending() returns 1 if s has buffered data (whether processed or unprocessed) and 0 otherwise. Note that it is possible for SSL_has_pending() to return 1, and then a subsequent call to SSL_read_ex() or SSL_read() to return no data because the unprocessed buffered data when processed yielded no application data (for example this can happen during renegotiation). It is also possible in this scenario for SSL_has_pending() to continue to return 1 even after an SSL_read_ex() or SSL_read() call because the buffered and unprocessed data is not yet processable (e.g. because OpenSSL has only received a partial record so far).

+ +

RETURN VALUES

+ +

SSL_pending() returns the number of buffered and processed application data bytes that are pending and are available for immediate read. SSL_has_pending() returns 1 if there is buffered record data in the SSL object and 0 otherwise.

+ +

SEE ALSO

+ +

SSL_read_ex(3), SSL_read(3), SSL_CTX_set_read_ahead(3), SSL_CTX_set_split_send_fragment(3), ssl(7)

+ +

HISTORY

+ +

The SSL_has_pending() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_read.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_read.html new file mode 100644 index 00000000..9e10f776 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_read.html @@ -0,0 +1,106 @@ + + + + +SSL_read + + + + + + + + + + +

NAME

+ +

SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek - read bytes from a TLS/SSL connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+int SSL_read(SSL *ssl, void *buf, int num);
+
+int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+int SSL_peek(SSL *ssl, void *buf, int num);
+ +

DESCRIPTION

+ +

SSL_read_ex() and SSL_read() try to read num bytes from the specified ssl into the buffer buf. On success SSL_read_ex() will store the number of bytes actually read in *readbytes.

+ +

SSL_peek_ex() and SSL_peek() are identical to SSL_read_ex() and SSL_read() respectively except no bytes are actually removed from the underlying BIO during the read, so that a subsequent call to SSL_read_ex() or SSL_read() will yield at least the same bytes.

+ +

NOTES

+ +

In the paragraphs below a "read function" is defined as one of SSL_read_ex(), SSL_read(), SSL_peek_ex() or SSL_peek().

+ +

If necessary, a read function will negotiate a TLS/SSL session, if not already explicitly performed by SSL_connect(3) or SSL_accept(3). If the peer requests a re-negotiation, it will be performed transparently during the read function operation. The behaviour of the read functions depends on the underlying BIO.

+ +

For the transparent negotiation to succeed, the ssl must have been initialized to client or server mode. This is being done by calling SSL_set_connect_state(3) or SSL_set_accept_state() before the first invocation of a read function.

+ +

The read functions work based on the SSL/TLS records. The data are received in records (with a maximum record size of 16kB). Only when a record has been completely received, can it be processed (decryption and check of integrity). Therefore data that was not retrieved at the last read call can still be buffered inside the SSL layer and will be retrieved on the next read call. If num is higher than the number of bytes buffered then the read functions will return with the bytes buffered. If no more bytes are in the buffer, the read functions will trigger the processing of the next record. Only when the record has been received and processed completely will the read functions return reporting success. At most the contents of one record will be returned. As the size of an SSL/TLS record may exceed the maximum packet size of the underlying transport (e.g. TCP), it may be necessary to read several packets from the transport layer before the record is complete and the read call can succeed.

+ +

If SSL_MODE_AUTO_RETRY has been switched off and a non-application data record has been processed, the read function can return and set the error to SSL_ERROR_WANT_READ. In this case there might still be unprocessed data available in the BIO. If read ahead was set using SSL_CTX_set_read_ahead(3), there might also still be unprocessed data available in the SSL. This behaviour can be controlled using the SSL_CTX_set_mode(3) call.

+ +

If the underlying BIO is blocking, a read function will only return once the read operation has been finished or an error occurred, except when a non-application data record has been processed and SSL_MODE_AUTO_RETRY is not set. Note that if SSL_MODE_AUTO_RETRY is set and only non-application data is available the call will hang.

+ +

If the underlying BIO is non-blocking, a read function will also return when the underlying BIO could not satisfy the needs of the function to continue the operation. In this case a call to SSL_get_error(3) with the return value of the read function will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. As at any time it's possible that non-application data needs to be sent, a read function can also cause write operations. The calling process then must repeat the call after taking appropriate action to satisfy the needs of the read function. The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue.

+ +

SSL_pending(3) can be used to find out whether there are buffered bytes available for immediate retrieval. In this case the read function can be called without blocking or actually receiving new data from the underlying socket.

+ +

RETURN VALUES

+ +

SSL_read_ex() and SSL_peek_ex() will return 1 for success or 0 for failure. Success means that 1 or more application data bytes have been read from the SSL connection. Failure means that no bytes could be read from the SSL connection. Failures can be retryable (e.g. we are waiting for more bytes to be delivered by the network) or non-retryable (e.g. a fatal network error). In the event of a failure call SSL_get_error(3) to find out the reason which indicates whether the call is retryable or not.

+ +

For SSL_read() and SSL_peek() the following return values can occur:

+ +
+ +
> 0
+
+ +

The read operation was successful. The return value is the number of bytes actually read from the TLS/SSL connection.

+ +
+
<= 0
+
+ +

The read operation was not successful, because either the connection was closed, an error occurred or action must be taken by the calling process. Call SSL_get_error(3) with the return value ret to find out the reason.

+ +

Old documentation indicated a difference between 0 and -1, and that -1 was retryable. You should instead call SSL_get_error() to find out if it's retryable.

+ +
+
+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_write_ex(3), SSL_CTX_set_mode(3), SSL_CTX_new(3), SSL_connect(3), SSL_accept(3) SSL_set_connect_state(3), SSL_pending(3), SSL_shutdown(3), SSL_set_shutdown(3), ssl(7), bio(7)

+ +

HISTORY

+ +

The SSL_read_ex() and SSL_peek_ex() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_read_early_data.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_read_early_data.html new file mode 100644 index 00000000..a95d72ef --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_read_early_data.html @@ -0,0 +1,184 @@ + + + + +SSL_read_early_data + + + + + + + + + + +

NAME

+ +

SSL_set_max_early_data, SSL_CTX_set_max_early_data, SSL_get_max_early_data, SSL_CTX_get_max_early_data, SSL_set_recv_max_early_data, SSL_CTX_set_recv_max_early_data, SSL_get_recv_max_early_data, SSL_CTX_get_recv_max_early_data, SSL_SESSION_get_max_early_data, SSL_SESSION_set_max_early_data, SSL_write_early_data, SSL_read_early_data, SSL_get_early_data_status, SSL_allow_early_data_cb_fn, SSL_CTX_set_allow_early_data_cb, SSL_set_allow_early_data_cb - functions for sending and receiving early data

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data);
+uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);
+int SSL_set_max_early_data(SSL *s, uint32_t max_early_data);
+uint32_t SSL_get_max_early_data(const SSL *s);
+
+int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data);
+uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx);
+int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data);
+uint32_t SSL_get_recv_max_early_data(const SSL *s);
+
+uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s);
+int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data);
+
+int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written);
+
+int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes);
+
+int SSL_get_early_data_status(const SSL *s);
+
+
+typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg);
+
+void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
+                                     SSL_allow_early_data_cb_fn cb,
+                                     void *arg);
+void SSL_set_allow_early_data_cb(SSL *s,
+                                 SSL_allow_early_data_cb_fn cb,
+                                 void *arg);
+ +

DESCRIPTION

+ +

These functions are used to send and receive early data where TLSv1.3 has been negotiated. Early data can be sent by the client immediately after its initial ClientHello without having to wait for the server to complete the handshake. Early data can only be sent if a session has previously been established with the server, and the server is known to support it. Additionally these functions can be used to send data from the server to the client when the client has not yet completed the authentication stage of the handshake.

+ +

Early data has weaker security properties than other data sent over an SSL/TLS connection. In particular the data does not have forward secrecy. There are also additional considerations around replay attacks (see "REPLAY PROTECTION" below). For these reasons extreme care should be exercised when using early data. For specific details, consult the TLS 1.3 specification.

+ +

When a server receives early data it may opt to immediately respond by sending application data back to the client. Data sent by the server at this stage is done before the full handshake has been completed. Specifically the client's authentication messages have not yet been received, i.e. the client is unauthenticated at this point and care should be taken when using this capability.

+ +

A server or client can determine whether the full handshake has been completed or not by calling SSL_is_init_finished(3).

+ +

On the client side, the function SSL_SESSION_get_max_early_data() can be used to determine if a session established with a server can be used to send early data. If the session cannot be used then this function will return 0. Otherwise it will return the maximum number of early data bytes that can be sent.

+ +

The function SSL_SESSION_set_max_early_data() sets the maximum number of early data bytes that can be sent for a session. This would typically be used when creating a PSK session file (see SSL_CTX_set_psk_use_session_callback(3)). If using a ticket based PSK then this is set automatically to the value provided by the server.

+ +

A client uses the function SSL_write_early_data() to send early data. This function is similar to the SSL_write_ex(3) function, but with the following differences. See SSL_write_ex(3) for information on how to write bytes to the underlying connection, and how to handle any errors that may arise. This page describes the differences between SSL_write_early_data() and SSL_write_ex(3).

+ +

When called by a client, SSL_write_early_data() must be the first IO function called on a new connection, i.e. it must occur before any calls to SSL_write_ex(3), SSL_read_ex(3), SSL_connect(3), SSL_do_handshake(3) or other similar functions. It may be called multiple times to stream data to the server, but the total number of bytes written must not exceed the value returned from SSL_SESSION_get_max_early_data(). Once the initial SSL_write_early_data() call has completed successfully the client may interleave calls to SSL_read_ex(3) and SSL_read(3) with calls to SSL_write_early_data() as required.

+ +

If SSL_write_early_data() fails you should call SSL_get_error(3) to determine the correct course of action, as for SSL_write_ex(3).

+ +

When the client no longer wishes to send any more early data then it should complete the handshake by calling a function such as SSL_connect(3) or SSL_do_handshake(3). Alternatively you can call a standard write function such as SSL_write_ex(3), which will transparently complete the connection and write the requested data.

+ +

A server may choose to ignore early data that has been sent to it. Once the connection has been completed you can determine whether the server accepted or rejected the early data by calling SSL_get_early_data_status(). This will return SSL_EARLY_DATA_ACCEPTED if the data was accepted, SSL_EARLY_DATA_REJECTED if it was rejected or SSL_EARLY_DATA_NOT_SENT if no early data was sent. This function may be called by either the client or the server.

+ +

A server uses the SSL_read_early_data() function to receive early data on a connection for which early data has been enabled using SSL_CTX_set_max_early_data() or SSL_set_max_early_data(). As for SSL_write_early_data(), this must be the first IO function called on a connection, i.e. it must occur before any calls to SSL_write_ex(3), SSL_read_ex(3), SSL_accept(3), SSL_do_handshake(3), or other similar functions.

+ +

SSL_read_early_data() is similar to SSL_read_ex(3) with the following differences. Refer to SSL_read_ex(3) for full details.

+ +

SSL_read_early_data() may return 3 possible values:

+ +
+ +
SSL_READ_EARLY_DATA_ERROR
+
+ +

This indicates an IO or some other error occurred. This should be treated in the same way as a 0 return value from SSL_read_ex(3).

+ +
+
SSL_READ_EARLY_DATA_SUCCESS
+
+ +

This indicates that early data was successfully read. This should be treated in the same way as a 1 return value from SSL_read_ex(3). You should continue to call SSL_read_early_data() to read more data.

+ +
+
SSL_READ_EARLY_DATA_FINISH
+
+ +

This indicates that no more early data can be read. It may be returned on the first call to SSL_read_early_data() if the client has not sent any early data, or if the early data was rejected.

+ +
+
+ +

Once the initial SSL_read_early_data() call has completed successfully (i.e. it has returned SSL_READ_EARLY_DATA_SUCCESS or SSL_READ_EARLY_DATA_FINISH) then the server may choose to write data immediately to the unauthenticated client using SSL_write_early_data(). If SSL_read_early_data() returned SSL_READ_EARLY_DATA_FINISH then in some situations (e.g. if the client only supports TLSv1.2) the handshake may have already been completed and calls to SSL_write_early_data() are not allowed. Call SSL_is_init_finished(3) to determine whether the handshake has completed or not. If the handshake is still in progress then the server may interleave calls to SSL_write_early_data() with calls to SSL_read_early_data() as required.

+ +

Servers must not call SSL_read_ex(3), SSL_read(3), SSL_write_ex(3) or SSL_write(3) until SSL_read_early_data() has returned with SSL_READ_EARLY_DATA_FINISH. Once it has done so the connection to the client still needs to be completed. Complete the connection by calling a function such as SSL_accept(3) or SSL_do_handshake(3). Alternatively you can call a standard read function such as SSL_read_ex(3), which will transparently complete the connection and read the requested data. Note that it is an error to attempt to complete the connection before SSL_read_early_data() has returned SSL_READ_EARLY_DATA_FINISH.

+ +

Only servers may call SSL_read_early_data().

+ +

Calls to SSL_read_early_data() may, in certain circumstances, complete the connection immediately without further need to call a function such as SSL_accept(3). This can happen if the client is using a protocol version less than TLSv1.3. Applications can test for this by calling SSL_is_init_finished(3). Alternatively, applications may choose to call SSL_accept(3) anyway. Such a call will successfully return immediately with no further action taken.

+ +

When a session is created between a server and a client the server will specify the maximum amount of any early data that it will accept on any future connection attempt. By default the server does not accept early data; a server may indicate support for early data by calling SSL_CTX_set_max_early_data() or SSL_set_max_early_data() to set it for the whole SSL_CTX or an individual SSL object respectively. The max_early_data parameter specifies the maximum amount of early data in bytes that is permitted to be sent on a single connection. Similarly the SSL_CTX_get_max_early_data() and SSL_get_max_early_data() functions can be used to obtain the current maximum early data settings for the SSL_CTX and SSL objects respectively. Generally a server application will either use both of SSL_read_early_data() and SSL_CTX_set_max_early_data() (or SSL_set_max_early_data()), or neither of them, since there is no practical benefit from using only one of them. If the maximum early data setting for a server is non-zero then replay protection is automatically enabled (see "REPLAY PROTECTION" below).

+ +

If the server rejects the early data sent by a client then it will skip over the data that is sent. The maximum amount of received early data that is skipped is controlled by the recv_max_early_data setting. If a client sends more than this then the connection will abort. This value can be set by calling SSL_CTX_set_recv_max_early_data() or SSL_set_recv_max_early_data(). The current value for this setting can be obtained by calling SSL_CTX_get_recv_max_early_data() or SSL_get_recv_max_early_data(). The default value for this setting is 16,384 bytes.

+ +

The recv_max_early_data value also has an impact on early data that is accepted. The amount of data that is accepted will always be the lower of the max_early_data for the session and the recv_max_early_data setting for the server. If a client sends more data than this then the connection will abort.

+ +

The configured value for max_early_data on a server may change over time as required. However clients may have tickets containing the previously configured max_early_data value. The recv_max_early_data should always be equal to or higher than any recently configured max_early_data value in order to avoid aborted connections. The recv_max_early_data should never be set to less than the current configured max_early_data value.

+ +

Some server applications may wish to have more control over whether early data is accepted or not, for example to mitigate replay risks (see "REPLAY PROTECTION" below) or to decline early_data when the server is heavily loaded. The functions SSL_CTX_set_allow_early_data_cb() and SSL_set_allow_early_data_cb() set a callback which is called at a point in the handshake immediately before a decision is made to accept or reject early data. The callback is provided with a pointer to the user data argument that was provided when the callback was first set. Returning 1 from the callback will allow early data and returning 0 will reject it. Note that the OpenSSL library may reject early data for other reasons in which case this callback will not get called. Notably, the built-in replay protection feature will still be used even if a callback is present unless it has been explicitly disabled using the SSL_OP_NO_ANTI_REPLAY option. See "REPLAY PROTECTION" below.

+ +

NOTES

+ +

The whole purpose of early data is to enable a client to start sending data to the server before a full round trip of network traffic has occurred. Application developers should ensure they consider optimisation of the underlying TCP socket to obtain a performant solution. For example Nagle's algorithm is commonly used by operating systems in an attempt to avoid lots of small TCP packets. In many scenarios this is beneficial for performance, but it does not work well with the early data solution as implemented in OpenSSL. In Nagle's algorithm the OS will buffer outgoing TCP data if a TCP packet has already been sent which we have not yet received an ACK for from the peer. The buffered data will only be transmitted if enough data to fill an entire TCP packet is accumulated, or if the ACK is received from the peer. The initial ClientHello will be sent in the first TCP packet along with any data from the first call to SSL_write_early_data(). If the amount of data written will exceed the size of a single TCP packet, or if there are more calls to SSL_write_early_data() then that additional data will be sent in subsequent TCP packets which will be buffered by the OS and not sent until an ACK is received for the first packet containing the ClientHello. This means the early data is not actually sent until a complete round trip with the server has occurred which defeats the objective of early data.

+ +

In many operating systems the TCP_NODELAY socket option is available to disable Nagle's algorithm. If an application opts to disable Nagle's algorithm consideration should be given to turning it back on again after the handshake is complete if appropriate.

+ +

In rare circumstances, it may be possible for a client to have a session that reports a max early data value greater than 0, but where the server does not support this. For example, this can occur if a server has had its configuration changed to accept a lower max early data value such as by calling SSL_CTX_set_recv_max_early_data(). Another example is if a server used to support TLSv1.3 but was later downgraded to TLSv1.2. Sending early data to such a server will cause the connection to abort. Clients that encounter an aborted connection while sending early data may want to retry the connection without sending early data as this does not happen automatically. A client will have to establish a new transport layer connection to the server and attempt the SSL/TLS connection again but without sending early data. Note that it is inadvisable to retry with a lower maximum protocol version.

+ +

REPLAY PROTECTION

+ +

When early data is in use the TLS protocol provides no security guarantees that the same early data was not replayed across multiple connections. As a mitigation for this issue OpenSSL automatically enables replay protection if the server is configured with a non-zero max early data value. With replay protection enabled sessions are forced to be single use only. If a client attempts to reuse a session ticket more than once, then the second and subsequent attempts will fall back to a full handshake (and any early data that was submitted will be ignored). Note that single use tickets are enforced even if a client does not send any early data.

+ +

The replay protection mechanism relies on the internal OpenSSL server session cache (see SSL_CTX_set_session_cache_mode(3)). When replay protection is being used the server will operate as if the SSL_OP_NO_TICKET option had been selected (see SSL_CTX_set_options(3)). Sessions will be added to the cache whenever a session ticket is issued. When a client attempts to resume the session, OpenSSL will check for its presence in the internal cache. If it exists then the resumption is allowed and the session is removed from the cache. If it does not exist then the resumption is not allowed and a full handshake will occur.

+ +

Note that some applications may maintain an external cache of sessions (see SSL_CTX_sess_set_new_cb(3) and similar functions). It is the application's responsibility to ensure that any sessions in the external cache are also populated in the internal cache and that once removed from the internal cache they are similarly removed from the external cache. Failing to do this could result in an application becoming vulnerable to replay attacks. Note that OpenSSL will lock the internal cache while a session is removed but that lock is not held when the remove session callback (see SSL_CTX_sess_set_remove_cb(3)) is called. This could result in a small amount of time where the session has been removed from the internal cache but is still available in the external cache. Applications should be designed with this in mind in order to minimise the possibility of replay attacks.

+ +

The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) (e.g. see SSL_CTX_set_psk_find_session_callback(3)). Therefore extreme caution should be applied when combining external PSKs with early data.

+ +

Some applications may mitigate the replay risks in other ways. For those applications it is possible to turn off the built-in replay protection feature using the SSL_OP_NO_ANTI_REPLAY option. See SSL_CTX_set_options(3) for details. Applications can also set a callback to make decisions about accepting early data or not. See SSL_CTX_set_allow_early_data_cb() above for details.

+ +

RETURN VALUES

+ +

SSL_write_early_data() returns 1 for success or 0 for failure. In the event of a failure call SSL_get_error(3) to determine the correct course of action.

+ +

SSL_read_early_data() returns SSL_READ_EARLY_DATA_ERROR for failure, SSL_READ_EARLY_DATA_SUCCESS for success with more data to read and SSL_READ_EARLY_DATA_FINISH for success with no more to data be read. In the event of a failure call SSL_get_error(3) to determine the correct course of action.

+ +

SSL_get_max_early_data(), SSL_CTX_get_max_early_data() and SSL_SESSION_get_max_early_data() return the maximum number of early data bytes that may be sent.

+ +

SSL_set_max_early_data(), SSL_CTX_set_max_early_data() and SSL_SESSION_set_max_early_data() return 1 for success or 0 for failure.

+ +

SSL_get_early_data_status() returns SSL_EARLY_DATA_ACCEPTED if early data was accepted by the server, SSL_EARLY_DATA_REJECTED if early data was rejected by the server, or SSL_EARLY_DATA_NOT_SENT if no early data was sent.

+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_write_ex(3), SSL_read_ex(3), SSL_connect(3), SSL_accept(3), SSL_do_handshake(3), SSL_CTX_set_psk_use_session_callback(3), ssl(7)

+ +

HISTORY

+ +

All of the functions described above were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_rstate_string.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_rstate_string.html new file mode 100644 index 00000000..74ed3ec0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_rstate_string.html @@ -0,0 +1,94 @@ + + + + +SSL_rstate_string + + + + + + + + + + +

NAME

+ +

SSL_rstate_string, SSL_rstate_string_long - get textual description of state of an SSL object during read operation

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const char *SSL_rstate_string(SSL *ssl);
+const char *SSL_rstate_string_long(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_rstate_string() returns a 2 letter string indicating the current read state of the SSL object ssl.

+ +

SSL_rstate_string_long() returns a string indicating the current read state of the SSL object ssl.

+ +

NOTES

+ +

When performing a read operation, the SSL/TLS engine must parse the record, consisting of header and body. When working in a blocking environment, SSL_rstate_string[_long]() should always return "RD"/"read done".

+ +

This function should only seldom be needed in applications.

+ +

RETURN VALUES

+ +

SSL_rstate_string() and SSL_rstate_string_long() can return the following values:

+ +
+ +
"RH"/"read header"
+
+ +

The header of the record is being evaluated.

+ +
+
"RB"/"read body"
+
+ +

The body of the record is being evaluated.

+ +
+
"RD"/"read done"
+
+ +

The record has been completely processed.

+ +
+
"unknown"/"unknown"
+
+ +

The read state is unknown. This should never happen.

+ +
+
+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_session_reused.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_session_reused.html new file mode 100644 index 00000000..7bc845e1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_session_reused.html @@ -0,0 +1,77 @@ + + + + +SSL_session_reused + + + + + + + + + + +

NAME

+ +

SSL_session_reused - query whether a reused session was negotiated during handshake

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_session_reused(const SSL *ssl);
+ +

DESCRIPTION

+ +

Query, whether a reused session was negotiated during the handshake.

+ +

NOTES

+ +

During the negotiation, a client can propose to reuse a session. The server then looks up the session in its cache. If both client and server agree on the session, it will be reused and a flag is being set that can be queried by the application.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

A new session was negotiated.

+ +
+
1
+
+ +

A session was reused.

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_set_session(3), SSL_CTX_set_session_cache_mode(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set1_host.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set1_host.html new file mode 100644 index 00000000..61a0a507 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set1_host.html @@ -0,0 +1,96 @@ + + + + +SSL_set1_host + + + + + + + + + + +

NAME

+ +

SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername - SSL server verification parameters

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_set1_host(SSL *s, const char *hostname);
+int SSL_add1_host(SSL *s, const char *hostname);
+void SSL_set_hostflags(SSL *s, unsigned int flags);
+const char *SSL_get0_peername(SSL *s);
+ +

DESCRIPTION

+ +

These functions configure server hostname checks in the SSL client.

+ +

SSL_set1_host() sets the expected DNS hostname to name clearing any previously specified host name or names. If name is NULL, or the empty string the list of hostnames is cleared, and name checks are not performed on the peer certificate. When a non-empty name is specified, certificate verification automatically checks the peer hostname via X509_check_host(3) with flags as specified via SSL_set_hostflags(). Clients that enable DANE TLSA authentication via SSL_dane_enable(3) should leave it to that function to set the primary reference identifier of the peer, and should not call SSL_set1_host().

+ +

SSL_add1_host() adds name as an additional reference identifier that can match the peer's certificate. Any previous names set via SSL_set1_host() or SSL_add1_host() are retained, no change is made if name is NULL or empty. When multiple names are configured, the peer is considered verified when any name matches. This function is required for DANE TLSA in the presence of service name indirection via CNAME, MX or SRV records as specified in RFC7671, RFC7672 or RFC7673.

+ +

SSL_set_hostflags() sets the flags that will be passed to X509_check_host(3) when name checks are applicable, by default the flags value is 0. See X509_check_host(3) for the list of available flags and their meaning.

+ +

SSL_get0_peername() returns the DNS hostname or subject CommonName from the peer certificate that matched one of the reference identifiers. When wildcard matching is not disabled, the name matched in the peer certificate may be a wildcard name. When one of the reference identifiers configured via SSL_set1_host() or SSL_add1_host() starts with ".", which indicates a parent domain prefix rather than a fixed name, the matched peer name may be a sub-domain of the reference identifier. The returned string is allocated by the library and is no longer valid once the associated ssl handle is cleared or freed, or a renegotiation takes place. Applications must not free the return value.

+ +

SSL clients are advised to use these functions in preference to explicitly calling X509_check_host(3). Hostname checks may be out of scope with the RFC7671 DANE-EE(3) certificate usage, and the internal check will be suppressed as appropriate when DANE is enabled.

+ +

RETURN VALUES

+ +

SSL_set1_host() and SSL_add1_host() return 1 for success and 0 for failure.

+ +

SSL_get0_peername() returns NULL if peername verification is not applicable (as with RFC7671 DANE-EE(3)), or no trusted peername was matched. Otherwise, it returns the matched peername. To determine whether verification succeeded call SSL_get_verify_result(3).

+ +

EXAMPLES

+ +

Suppose "smtp.example.com" is the MX host of the domain "example.com". The calls below will arrange to match either the MX hostname or the destination domain name in the SMTP server certificate. Wildcards are supported, but must match the entire label. The actual name matched in the certificate (which might be a wildcard) is retrieved, and must be copied by the application if it is to be retained beyond the lifetime of the SSL connection.

+ +
SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+if (!SSL_set1_host(ssl, "smtp.example.com"))
+    /* error */
+if (!SSL_add1_host(ssl, "example.com"))
+    /* error */
+
+/* XXX: Perform SSL_connect() handshake and handle errors here */
+
+if (SSL_get_verify_result(ssl) == X509_V_OK) {
+    const char *peername = SSL_get0_peername(ssl);
+
+    if (peername != NULL)
+        /* Name checks were in scope and matched the peername */
+}
+ +

SEE ALSO

+ +

X509_check_host(3), SSL_get_verify_result(3). SSL_dane_enable(3).

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_bio.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_bio.html new file mode 100644 index 00000000..ec174a6b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_bio.html @@ -0,0 +1,94 @@ + + + + +SSL_set_bio + + + + + + + + + + +

NAME

+ +

SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio - connect the SSL object with a BIO

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
+void SSL_set0_rbio(SSL *s, BIO *rbio);
+void SSL_set0_wbio(SSL *s, BIO *wbio);
+ +

DESCRIPTION

+ +

SSL_set0_rbio() connects the BIO rbio for the read operations of the ssl object. The SSL engine inherits the behaviour of rbio. If the BIO is non-blocking then the ssl object will also have non-blocking behaviour. This function transfers ownership of rbio to ssl. It will be automatically freed using BIO_free_all(3) when the ssl is freed. On calling this function, any existing rbio that was previously set will also be freed via a call to BIO_free_all(3) (this includes the case where the rbio is set to the same value as previously).

+ +

SSL_set0_wbio() works in the same as SSL_set0_rbio() except that it connects the BIO wbio for the write operations of the ssl object. Note that if the rbio and wbio are the same then SSL_set0_rbio() and SSL_set0_wbio() each take ownership of one reference. Therefore it may be necessary to increment the number of references available using BIO_up_ref(3) before calling the set0 functions.

+ +

SSL_set_bio() is similar to SSL_set0_rbio() and SSL_set0_wbio() except that it connects both the rbio and the wbio at the same time, and transfers the ownership of rbio and wbio to ssl according to the following set of rules:

+ +
    + +
  • If neither the rbio or wbio have changed from their previous values then nothing is done.

    + +
  • +
  • If the rbio and wbio parameters are different and both are different to their previously set values then one reference is consumed for the rbio and one reference is consumed for the wbio.

    + +
  • +
  • If the rbio and wbio parameters are the same and the rbio is not the same as the previously set value then one reference is consumed.

    + +
  • +
  • If the rbio and wbio parameters are the same and the rbio is the same as the previously set value, then no additional references are consumed.

    + +
  • +
  • If the rbio and wbio parameters are different and the rbio is the same as the previously set value then one reference is consumed for the wbio and no references are consumed for the rbio.

    + +
  • +
  • If the rbio and wbio parameters are different and the wbio is the same as the previously set value and the old rbio and wbio values were the same as each other then one reference is consumed for the rbio and no references are consumed for the wbio.

    + +
  • +
  • If the rbio and wbio parameters are different and the wbio is the same as the previously set value and the old rbio and wbio values were different to each other then one reference is consumed for the rbio and one reference is consumed for the wbio.

    + +
  • +
+ +

Because of this complexity, this function should be avoided; use SSL_set0_rbio() and SSL_set0_wbio() instead.

+ +

RETURN VALUES

+ +

SSL_set_bio(), SSL_set0_rbio() and SSL_set0_wbio() cannot fail.

+ +

SEE ALSO

+ +

SSL_get_rbio(3), SSL_connect(3), SSL_accept(3), SSL_shutdown(3), ssl(7), bio(7)

+ +

HISTORY

+ +

SSL_set0_rbio() and SSL_set0_wbio() were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_connect_state.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_connect_state.html new file mode 100644 index 00000000..5ff6261f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_connect_state.html @@ -0,0 +1,77 @@ + + + + +SSL_set_connect_state + + + + + + + + + + +

NAME

+ +

SSL_set_connect_state, SSL_set_accept_state, SSL_is_server - functions for manipulating and examining the client or server mode of an SSL object

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_set_connect_state(SSL *ssl);
+
+void SSL_set_accept_state(SSL *ssl);
+
+int SSL_is_server(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_set_connect_state() sets ssl to work in client mode.

+ +

SSL_set_accept_state() sets ssl to work in server mode.

+ +

SSL_is_server() checks if ssl is working in server mode.

+ +

NOTES

+ +

When the SSL_CTX object was created with SSL_CTX_new(3), it was either assigned a dedicated client method, a dedicated server method, or a generic method, that can be used for both client and server connections. (The method might have been changed with SSL_CTX_set_ssl_version(3) or SSL_set_ssl_method(3).)

+ +

When beginning a new handshake, the SSL engine must know whether it must call the connect (client) or accept (server) routines. Even though it may be clear from the method chosen, whether client or server mode was requested, the handshake routines must be explicitly set.

+ +

When using the SSL_connect(3) or SSL_accept(3) routines, the correct handshake routines are automatically set. When performing a transparent negotiation using SSL_write_ex(3), SSL_write(3), SSL_read_ex(3), or SSL_read(3), the handshake routines must be explicitly set in advance using either SSL_set_connect_state() or SSL_set_accept_state().

+ +

If SSL_is_server() is called before SSL_set_connect_state() or SSL_set_accept_state() is called (either automatically or explicitly), the result depends on what method was used when SSL_CTX was created with SSL_CTX_new(3). If a generic method or a dedicated server method was passed to SSL_CTX_new(3), SSL_is_server() returns 1; otherwise, it returns 0.

+ +

RETURN VALUES

+ +

SSL_set_connect_state() and SSL_set_accept_state() do not return diagnostic information.

+ +

SSL_is_server() returns 1 if ssl is working in server mode or 0 for client mode.

+ +

SEE ALSO

+ +

ssl(7), SSL_new(3), SSL_CTX_new(3), SSL_connect(3), SSL_accept(3), SSL_write_ex(3), SSL_write(3), SSL_read_ex(3), SSL_read(3), SSL_do_handshake(3), SSL_CTX_set_ssl_version(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_fd.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_fd.html new file mode 100644 index 00000000..bc1056fe --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_fd.html @@ -0,0 +1,80 @@ + + + + +SSL_set_fd + + + + + + + + + + +

NAME

+ +

SSL_set_fd, SSL_set_rfd, SSL_set_wfd - connect the SSL object with a file descriptor

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_set_fd(SSL *ssl, int fd);
+int SSL_set_rfd(SSL *ssl, int fd);
+int SSL_set_wfd(SSL *ssl, int fd);
+ +

DESCRIPTION

+ +

SSL_set_fd() sets the file descriptor fd as the input/output facility for the TLS/SSL (encrypted) side of ssl. fd will typically be the socket file descriptor of a network connection.

+ +

When performing the operation, a socket BIO is automatically created to interface between the ssl and fd. The BIO and hence the SSL engine inherit the behaviour of fd. If fd is non-blocking, the ssl will also have non-blocking behaviour.

+ +

If there was already a BIO connected to ssl, BIO_free() will be called (for both the reading and writing side, if different).

+ +

SSL_set_rfd() and SSL_set_wfd() perform the respective action, but only for the read channel or the write channel, which can be set independently.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

The operation failed. Check the error stack to find out why.

+ +
+
1
+
+ +

The operation succeeded.

+ +
+
+ +

SEE ALSO

+ +

SSL_get_fd(3), SSL_set_bio(3), SSL_connect(3), SSL_accept(3), SSL_shutdown(3), ssl(7) , bio(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_session.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_session.html new file mode 100644 index 00000000..e8826fef --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_session.html @@ -0,0 +1,79 @@ + + + + +SSL_set_session + + + + + + + + + + +

NAME

+ +

SSL_set_session - set a TLS/SSL session to be used during TLS/SSL connect

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_set_session(SSL *ssl, SSL_SESSION *session);
+ +

DESCRIPTION

+ +

SSL_set_session() sets session to be used when the TLS/SSL connection is to be established. SSL_set_session() is only useful for TLS/SSL clients. When the session is set, the reference count of session is incremented by 1. If the session is not reused, the reference count is decremented again during SSL_connect(). Whether the session was reused can be queried with the SSL_session_reused(3) call.

+ +

If there is already a session set inside ssl (because it was set with SSL_set_session() before or because the same ssl was already used for a connection), SSL_SESSION_free() will be called for that session. If that old session is still open, it is considered bad and will be removed from the session cache (if used). A session is considered open, if SSL_shutdown(3) was not called for the connection (or at least SSL_set_shutdown(3) was used to set the SSL_SENT_SHUTDOWN state).

+ +

NOTES

+ +

SSL_SESSION objects keep internal link information about the session cache list, when being inserted into one SSL_CTX object's session cache. One SSL_SESSION object, regardless of its reference count, must therefore only be used with one SSL_CTX object (and the SSL objects created from this SSL_CTX object).

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

The operation failed; check the error stack to find out the reason.

+ +
+
1
+
+ +

The operation succeeded.

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_SESSION_free(3), SSL_get_session(3), SSL_session_reused(3), SSL_CTX_set_session_cache_mode(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_shutdown.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_shutdown.html new file mode 100644 index 00000000..1d660eb9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_shutdown.html @@ -0,0 +1,95 @@ + + + + +SSL_set_shutdown + + + + + + + + + + +

NAME

+ +

SSL_set_shutdown, SSL_get_shutdown - manipulate shutdown state of an SSL connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_set_shutdown(SSL *ssl, int mode);
+
+int SSL_get_shutdown(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_set_shutdown() sets the shutdown state of ssl to mode.

+ +

SSL_get_shutdown() returns the shutdown mode of ssl.

+ +

NOTES

+ +

The shutdown state of an ssl connection is a bitmask of:

+ +
+ +
0
+
+ +

No shutdown setting, yet.

+ +
+
SSL_SENT_SHUTDOWN
+
+ +

A close_notify shutdown alert was sent to the peer, the connection is being considered closed and the session is closed and correct.

+ +
+
SSL_RECEIVED_SHUTDOWN
+
+ +

A shutdown alert was received form the peer, either a normal close_notify or a fatal error.

+ +
+
+ +

SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN can be set at the same time.

+ +

The shutdown state of the connection is used to determine the state of the ssl session. If the session is still open, when SSL_clear(3) or SSL_free(3) is called, it is considered bad and removed according to RFC2246. The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN (according to the TLS RFC, it is acceptable to only send the close_notify alert but to not wait for the peer's answer, when the underlying connection is closed). SSL_set_shutdown() can be used to set this state without sending a close alert to the peer (see SSL_shutdown(3)).

+ +

If a close_notify was received, SSL_RECEIVED_SHUTDOWN will be set, for setting SSL_SENT_SHUTDOWN the application must however still call SSL_shutdown(3) or SSL_set_shutdown() itself.

+ +

RETURN VALUES

+ +

SSL_set_shutdown() does not return diagnostic information.

+ +

SSL_get_shutdown() returns the current setting.

+ +

SEE ALSO

+ +

ssl(7), SSL_shutdown(3), SSL_CTX_set_quiet_shutdown(3), SSL_clear(3), SSL_free(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_verify_result.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_verify_result.html new file mode 100644 index 00000000..7f47d6c4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_set_verify_result.html @@ -0,0 +1,63 @@ + + + + +SSL_set_verify_result + + + + + + + + + + +

NAME

+ +

SSL_set_verify_result - override result of peer certificate verification

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_set_verify_result(SSL *ssl, long verify_result);
+ +

DESCRIPTION

+ +

SSL_set_verify_result() sets verify_result of the object ssl to be the result of the verification of the X509 certificate presented by the peer, if any.

+ +

NOTES

+ +

SSL_set_verify_result() overrides the verification result. It only changes the verification result of the ssl object. It does not become part of the established session, so if the session is to be reused later, the original value will reappear.

+ +

The valid codes for verify_result are documented in verify(1).

+ +

RETURN VALUES

+ +

SSL_set_verify_result() does not provide a return value.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_verify_result(3), SSL_get_peer_certificate(3), verify(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_shutdown.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_shutdown.html new file mode 100644 index 00000000..5b75df45 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_shutdown.html @@ -0,0 +1,129 @@ + + + + +SSL_shutdown + + + + + + + + + + +

NAME

+ +

SSL_shutdown - shut down a TLS/SSL connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_shutdown(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_shutdown() shuts down an active TLS/SSL connection. It sends the close_notify shutdown alert to the peer.

+ +

NOTES

+ +

SSL_shutdown() tries to send the close_notify shutdown alert to the peer. Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse.

+ +

Note that SSL_shutdown() must not be called if a previous fatal error has occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL or SSL_ERROR_SSL.

+ +

The shutdown procedure consists of two steps: sending of the close_notify shutdown alert, and reception of the peer's close_notify shutdown alert. The order of those two steps depends on the application.

+ +

It is acceptable for an application to only send its shutdown alert and then close the underlying connection without waiting for the peer's response. This way resources can be saved, as the process can already terminate or serve another connection. This should only be done when it is known that the other side will not send more data, otherwise there is a risk of a truncation attack.

+ +

When a client only writes and never reads from the connection, and the server has sent a session ticket to establish a session, the client might not be able to resume the session because it did not received and process the session ticket from the server. In case the application wants to be able to resume the session, it is recommended to do a complete shutdown procedure (bidirectional close_notify alerts).

+ +

When the underlying connection shall be used for more communications, the complete shutdown procedure must be performed, so that the peers stay synchronized.

+ +

SSL_shutdown() only closes the write direction. It is not possible to call SSL_write() after calling SSL_shutdown(). The read direction is closed by the peer.

+ +

First to close the connection

+ +

When the application is the first party to send the close_notify alert, SSL_shutdown() will only send the alert and then set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in the cache). If successful, SSL_shutdown() will return 0.

+ +

If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first successful call to SSL_shutdown() is sufficient.

+ +

In order to complete the bidirectional shutdown handshake, the peer needs to send back a close_notify alert. The SSL_RECEIVED_SHUTDOWN flag will be set after receiving and processing it.

+ +

The peer is still allowed to send data after receiving the close_notify event. When it is done sending data, it will send the close_notify alert. SSL_read() should be called until all data is received. SSL_read() will indicate the end of the peer data by returning <= 0 and SSL_get_error() returning SSL_ERROR_ZERO_RETURN.

+ +

Peer closes the connection

+ +

If the peer already sent the close_notify alert and it was already processed implicitly inside another function (SSL_read(3)), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_read() will return <= 0 in that case, and SSL_get_error() will return SSL_ERROR_ZERO_RETURN. SSL_shutdown() will send the close_notify alert, set the SSL_SENT_SHUTDOWN flag. If successful, SSL_shutdown() will return 1.

+ +

Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown(3) call.

+ +

NOTES

+ +

The behaviour of SSL_shutdown() additionally depends on the underlying BIO. If the underlying BIO is blocking, SSL_shutdown() will only return once the handshake step has been finished or an error occurred.

+ +

If the underlying BIO is non-blocking, SSL_shutdown() will also return when the underlying BIO could not satisfy the needs of SSL_shutdown() to continue the handshake. In this case a call to SSL_get_error() with the return value of SSL_shutdown() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_shutdown(). The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue.

+ +

After SSL_shutdown() returned 0, it is possible to call SSL_shutdown() again to wait for the peer's close_notify alert. SSL_shutdown() will return 1 in that case. However, it is recommended to wait for it using SSL_read() instead.

+ +

SSL_shutdown() can be modified to only set the connection to "shutdown" state but not actually send the close_notify alert messages, see SSL_CTX_set_quiet_shutdown(3). When "quiet shutdown" is enabled, SSL_shutdown() will always succeed and return 1.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

The shutdown is not yet finished: the close_notify was sent but the peer did not send it back yet. Call SSL_read() to do a bidirectional shutdown. The output of SSL_get_error(3) may be misleading, as an erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.

+ +
+
1
+
+ +

The shutdown was successfully completed. The close_notify alert was sent and the peer's close_notify alert was received.

+ +
+
<0
+
+ +

The shutdown was not successful. Call SSL_get_error(3) with the return value ret to find out the reason. It can occur if an action is needed to continue the operation for non-blocking BIOs.

+ +

It can also occur when not all data was read using SSL_read().

+ +
+
+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_connect(3), SSL_accept(3), SSL_set_shutdown(3), SSL_CTX_set_quiet_shutdown(3), SSL_clear(3), SSL_free(3), ssl(7), bio(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_state_string.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_state_string.html new file mode 100644 index 00000000..97f7552d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_state_string.html @@ -0,0 +1,68 @@ + + + + +SSL_state_string + + + + + + + + + + +

NAME

+ +

SSL_state_string, SSL_state_string_long - get textual description of state of an SSL object

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const char *SSL_state_string(const SSL *ssl);
+const char *SSL_state_string_long(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_state_string() returns a 6 letter string indicating the current state of the SSL object ssl.

+ +

SSL_state_string_long() returns a string indicating the current state of the SSL object ssl.

+ +

NOTES

+ +

During its use, an SSL objects passes several states. The state is internally maintained. Querying the state information is not very informative before or when a connection has been established. It however can be of significant interest during the handshake.

+ +

When using non-blocking sockets, the function call performing the handshake may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition, so that SSL_state_string[_long]() may be called.

+ +

For both blocking or non-blocking sockets, the details state information can be used within the info_callback function set with the SSL_set_info_callback() call.

+ +

RETURN VALUES

+ +

Detailed description of possible states to be included later.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_info_callback(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_want.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_want.html new file mode 100644 index 00000000..2414cb00 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_want.html @@ -0,0 +1,125 @@ + + + + +SSL_want + + + + + + + + + + +

NAME

+ +

SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, SSL_want_async, SSL_want_async_job, SSL_want_client_hello_cb - obtain state information TLS/SSL I/O operation

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_want(const SSL *ssl);
+int SSL_want_nothing(const SSL *ssl);
+int SSL_want_read(const SSL *ssl);
+int SSL_want_write(const SSL *ssl);
+int SSL_want_x509_lookup(const SSL *ssl);
+int SSL_want_async(const SSL *ssl);
+int SSL_want_async_job(const SSL *ssl);
+int SSL_want_client_hello_cb(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_want() returns state information for the SSL object ssl.

+ +

The other SSL_want_*() calls are shortcuts for the possible states returned by SSL_want().

+ +

NOTES

+ +

SSL_want() examines the internal state information of the SSL object. Its return values are similar to that of SSL_get_error(3). Unlike SSL_get_error(3), which also evaluates the error queue, the results are obtained by examining an internal state flag only. The information must therefore only be used for normal operation under non-blocking I/O. Error conditions are not handled and must be treated using SSL_get_error(3).

+ +

The result returned by SSL_want() should always be consistent with the result of SSL_get_error(3).

+ +

RETURN VALUES

+ +

The following return values can currently occur for SSL_want():

+ +
+ +
SSL_NOTHING
+
+ +

There is no data to be written or to be read.

+ +
+
SSL_WRITING
+
+ +

There are data in the SSL buffer that must be written to the underlying BIO layer in order to complete the actual SSL_*() operation. A call to SSL_get_error(3) should return SSL_ERROR_WANT_WRITE.

+ +
+
SSL_READING
+
+ +

More data must be read from the underlying BIO layer in order to complete the actual SSL_*() operation. A call to SSL_get_error(3) should return SSL_ERROR_WANT_READ.

+ +
+
SSL_X509_LOOKUP
+
+ +

The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again. A call to SSL_get_error(3) should return SSL_ERROR_WANT_X509_LOOKUP.

+ +
+
SSL_ASYNC_PAUSED
+
+ +

An asynchronous operation partially completed and was then paused. See SSL_get_all_async_fds(3). A call to SSL_get_error(3) should return SSL_ERROR_WANT_ASYNC.

+ +
+
SSL_ASYNC_NO_JOBS
+
+ +

The asynchronous job could not be started because there were no async jobs available in the pool (see ASYNC_init_thread(3)). A call to SSL_get_error(3) should return SSL_ERROR_WANT_ASYNC_JOB.

+ +
+
SSL_CLIENT_HELLO_CB
+
+ +

The operation did not complete because an application callback set by SSL_CTX_set_client_hello_cb() has asked to be called again. A call to SSL_get_error(3) should return SSL_ERROR_WANT_CLIENT_HELLO_CB.

+ +
+
+ +

SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup(), SSL_want_async(), SSL_want_async_job(), and SSL_want_client_hello_cb() return 1, when the corresponding condition is true or 0 otherwise.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_error(3)

+ +

HISTORY

+ +

The SSL_want_client_hello_cb() function and the SSL_CLIENT_HELLO_CB return value were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_write.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_write.html new file mode 100644 index 00000000..0b9646f0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/SSL_write.html @@ -0,0 +1,104 @@ + + + + +SSL_write + + + + + + + + + + +

NAME

+ +

SSL_write_ex, SSL_write - write bytes to a TLS/SSL connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written);
+int SSL_write(SSL *ssl, const void *buf, int num);
+ +

DESCRIPTION

+ +

SSL_write_ex() and SSL_write() write num bytes from the buffer buf into the specified ssl connection. On success SSL_write_ex() will store the number of bytes written in *written.

+ +

NOTES

+ +

In the paragraphs below a "write function" is defined as one of either SSL_write_ex(), or SSL_write().

+ +

If necessary, a write function will negotiate a TLS/SSL session, if not already explicitly performed by SSL_connect(3) or SSL_accept(3). If the peer requests a re-negotiation, it will be performed transparently during the write function operation. The behaviour of the write functions depends on the underlying BIO.

+ +

For the transparent negotiation to succeed, the ssl must have been initialized to client or server mode. This is being done by calling SSL_set_connect_state(3) or SSL_set_accept_state() before the first call to a write function.

+ +

If the underlying BIO is blocking, the write functions will only return, once the write operation has been finished or an error occurred.

+ +

If the underlying BIO is non-blocking the write functions will also return when the underlying BIO could not satisfy the needs of the function to continue the operation. In this case a call to SSL_get_error(3) with the return value of the write function will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. As at any time a re-negotiation is possible, a call to a write function can also cause read operations! The calling process then must repeat the call after taking appropriate action to satisfy the needs of the write function. The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue.

+ +

The write functions will only return with success when the complete contents of buf of length num has been written. This default behaviour can be changed with the SSL_MODE_ENABLE_PARTIAL_WRITE option of SSL_CTX_set_mode(3). When this flag is set the write functions will also return with success when a partial write has been successfully completed. In this case the write function operation is considered completed. The bytes are sent and a new write call with a new buffer (with the already sent bytes removed) must be started. A partial write is performed with the size of a message block, which is 16kB.

+ +

WARNINGS

+ +

When a write function call has to be repeated because SSL_get_error(3) returned SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, it must be repeated with the same arguments. The data that was passed might have been partially processed. When SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER was set using SSL_CTX_set_mode(3) the pointer can be different, but the data and length should still be the same.

+ +

You should not call SSL_write() with num=0, it will return an error. SSL_write_ex() can be called with num=0, but will not send application data to the peer.

+ +

RETURN VALUES

+ +

SSL_write_ex() will return 1 for success or 0 for failure. Success means that all requested application data bytes have been written to the SSL connection or, if SSL_MODE_ENABLE_PARTIAL_WRITE is in use, at least 1 application data byte has been written to the SSL connection. Failure means that not all the requested bytes have been written yet (if SSL_MODE_ENABLE_PARTIAL_WRITE is not in use) or no bytes could be written to the SSL connection (if SSL_MODE_ENABLE_PARTIAL_WRITE is in use). Failures can be retryable (e.g. the network write buffer has temporarily filled up) or non-retryable (e.g. a fatal network error). In the event of a failure call SSL_get_error(3) to find out the reason which indicates whether the call is retryable or not.

+ +

For SSL_write() the following return values can occur:

+ +
+ +
> 0
+
+ +

The write operation was successful, the return value is the number of bytes actually written to the TLS/SSL connection.

+ +
+
<= 0
+
+ +

The write operation was not successful, because either the connection was closed, an error occurred or action must be taken by the calling process. Call SSL_get_error() with the return value ret to find out the reason.

+ +

Old documentation indicated a difference between 0 and -1, and that -1 was retryable. You should instead call SSL_get_error() to find out if it's retryable.

+ +
+
+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_read_ex(3), SSL_read(3) SSL_CTX_set_mode(3), SSL_CTX_new(3), SSL_connect(3), SSL_accept(3) SSL_set_connect_state(3), ssl(7), bio(7)

+ +

HISTORY

+ +

The SSL_write_ex() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/UI_STRING.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/UI_STRING.html new file mode 100644 index 00000000..fd261591 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/UI_STRING.html @@ -0,0 +1,113 @@ + + + + +UI_STRING + + + + + + + + + + +

NAME

+ +

UI_STRING, UI_string_types, UI_get_string_type, UI_get_input_flags, UI_get0_output_string, UI_get0_action_string, UI_get0_result_string, UI_get_result_string_length, UI_get0_test_string, UI_get_result_minsize, UI_get_result_maxsize, UI_set_result, UI_set_result_ex - User interface string parsing

+ +

SYNOPSIS

+ +
#include <openssl/ui.h>
+
+typedef struct ui_string_st UI_STRING;
+
+enum UI_string_types {
+    UIT_NONE = 0,
+    UIT_PROMPT,                 /* Prompt for a string */
+    UIT_VERIFY,                 /* Prompt for a string and verify */
+    UIT_BOOLEAN,                /* Prompt for a yes/no response */
+    UIT_INFO,                   /* Send info to the user */
+    UIT_ERROR                   /* Send an error message to the user */
+};
+
+enum UI_string_types UI_get_string_type(UI_STRING *uis);
+int UI_get_input_flags(UI_STRING *uis);
+const char *UI_get0_output_string(UI_STRING *uis);
+const char *UI_get0_action_string(UI_STRING *uis);
+const char *UI_get0_result_string(UI_STRING *uis);
+int UI_get_result_string_length(UI_STRING *uis);
+const char *UI_get0_test_string(UI_STRING *uis);
+int UI_get_result_minsize(UI_STRING *uis);
+int UI_get_result_maxsize(UI_STRING *uis);
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
+int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len);
+ +

DESCRIPTION

+ +

The UI_STRING gets created internally and added to a UI whenever one of the functions UI_add_input_string(), UI_dup_input_string(), UI_add_verify_string(), UI_dup_verify_string(), UI_add_input_boolean(), UI_dup_input_boolean(), UI_add_info_string(), UI_dup_info_string(), UI_add_error_string() or UI_dup_error_string() is called. For a UI_METHOD user, there's no need to know more. For a UI_METHOD creator, it is of interest to fetch text from these UI_STRING objects as well as adding results to some of them.

+ +

UI_get_string_type() is used to retrieve the type of the given UI_STRING.

+ +

UI_get_input_flags() is used to retrieve the flags associated with the given UI_STRING.

+ +

UI_get0_output_string() is used to retrieve the actual string to output (prompt, info, error, ...).

+ +

UI_get0_action_string() is used to retrieve the action description associated with a UIT_BOOLEAN type UI_STRING. For all other UI_STRING types, NULL is returned. See UI_add_input_boolean(3).

+ +

UI_get0_result_string() and UI_get_result_string_length() are used to retrieve the result of a prompt and its length. This is only useful for UIT_PROMPT and UIT_VERIFY type strings. For all other UI_STRING types, UI_get0_result_string() returns NULL and UI_get_result_string_length() returns -1.

+ +

UI_get0_test_string() is used to retrieve the string to compare the prompt result with. This is only useful for UIT_VERIFY type strings. For all other UI_STRING types, NULL is returned.

+ +

UI_get_result_minsize() and UI_get_result_maxsize() are used to retrieve the minimum and maximum required size of the result. This is only useful for UIT_PROMPT and UIT_VERIFY type strings. For all other UI_STRING types, -1 is returned.

+ +

UI_set_result_ex() is used to set the result value of a prompt and its length. For UIT_PROMPT and UIT_VERIFY type UI strings, this sets the result retrievable with UI_get0_result_string() by copying the contents of result if its length fits the minimum and maximum size requirements. For UIT_BOOLEAN type UI strings, this sets the first character of the result retrievable with UI_get0_result_string() to the first ok_char given with UI_add_input_boolean() or UI_dup_input_boolean() if the result matched any of them, or the first of the cancel_chars if the result matched any of them, otherwise it's set to the NUL char \0. See UI_add_input_boolean(3) for more information on ok_chars and cancel_chars.

+ +

UI_set_result() does the same thing as UI_set_result_ex(), but calculates its length internally. It expects the string to be terminated with a NUL byte, and is therefore only useful with normal C strings.

+ +

RETURN VALUES

+ +

UI_get_string_type() returns the UI string type.

+ +

UI_get_input_flags() returns the UI string flags.

+ +

UI_get0_output_string() returns the UI string output string.

+ +

UI_get0_action_string() returns the UI string action description string for UIT_BOOLEAN type UI strings, NULL for any other type.

+ +

UI_get0_result_string() returns the UI string result buffer for UIT_PROMPT and UIT_VERIFY type UI strings, NULL for any other type.

+ +

UI_get_result_string_length() returns the UI string result buffer's content length for UIT_PROMPT and UIT_VERIFY type UI strings, -1 for any other type.

+ +

UI_get0_test_string() returns the UI string action description string for UIT_VERIFY type UI strings, NULL for any other type.

+ +

UI_get_result_minsize() returns the minimum allowed result size for the UI string for UIT_PROMPT and UIT_VERIFY type strings, -1 for any other type.

+ +

UI_get_result_maxsize() returns the minimum allowed result size for the UI string for UIT_PROMPT and UIT_VERIFY type strings, -1 for any other type.

+ +

UI_set_result() returns 0 on success or when the UI string is of any type other than UIT_PROMPT, UIT_VERIFY or UIT_BOOLEAN, -1 on error.

+ +

SEE ALSO

+ +

UI(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/UI_UTIL_read_pw.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/UI_UTIL_read_pw.html new file mode 100644 index 00000000..08a54847 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/UI_UTIL_read_pw.html @@ -0,0 +1,73 @@ + + + + +UI_UTIL_read_pw + + + + + + + + + + +

NAME

+ +

UI_UTIL_read_pw_string, UI_UTIL_read_pw, UI_UTIL_wrap_read_pem_callback - user interface utilities

+ +

SYNOPSIS

+ +
#include <openssl/ui.h>
+
+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
+                           int verify);
+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+                    int verify);
+UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag);
+ +

DESCRIPTION

+ +

UI_UTIL_read_pw_string() asks for a passphrase, using prompt as a prompt, and stores it in buf. The maximum allowed size is given with length, including the terminating NUL byte. If verify is non-zero, the password will be verified as well.

+ +

UI_UTIL_read_pw() does the same as UI_UTIL_read_pw_string(), the difference is that you can give it an external buffer buff for the verification passphrase.

+ +

UI_UTIL_wrap_read_pem_callback() can be used to create a temporary UI_METHOD that wraps a given PEM password callback cb. rwflag is used to specify if this method will be used for passphrase entry without (0) or with (1) verification. When not used any more, the returned method should be freed with UI_destroy_method().

+ +

NOTES

+ +

UI_UTIL_read_pw_string() and UI_UTIL_read_pw() use default UI_METHOD. See UI_get_default_method(3) and friends for more information.

+ +

The result from the UI_METHOD created by UI_UTIL_wrap_read_pem_callback() will generate password strings in the encoding that the given password callback generates. The default password prompting functions (apart from UI_UTIL_read_pw_string() and UI_UTIL_read_pw(), there is PEM_def_callback(), EVP_read_pw_string() and EVP_read_pw_string_min()) all use the default UI_METHOD.

+ +

RETURN VALUES

+ +

UI_UTIL_read_pw_string() and UI_UTIL_read_pw() return 0 on success or a negative value on error.

+ +

UI_UTIL_wrap_read_pem_callback() returns a valid UI_METHOD structure or NULL if an error occurred.

+ +

SEE ALSO

+ +

UI_get_default_method(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/UI_create_method.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/UI_create_method.html new file mode 100644 index 00000000..3fa4e33c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/UI_create_method.html @@ -0,0 +1,178 @@ + + + + +UI_create_method + + + + + + + + + + +

NAME

+ +

UI_METHOD, UI_create_method, UI_destroy_method, UI_method_set_opener, UI_method_set_writer, UI_method_set_flusher, UI_method_set_reader, UI_method_set_closer, UI_method_set_data_duplicator, UI_method_set_prompt_constructor, UI_method_set_ex_data, UI_method_get_opener, UI_method_get_writer, UI_method_get_flusher, UI_method_get_reader, UI_method_get_closer, UI_method_get_data_duplicator, UI_method_get_data_destructor, UI_method_get_prompt_constructor, UI_method_get_ex_data - user interface method creation and destruction

+ +

SYNOPSIS

+ +
#include <openssl/ui.h>
+
+typedef struct ui_method_st UI_METHOD;
+
+UI_METHOD *UI_create_method(const char *name);
+void UI_destroy_method(UI_METHOD *ui_method);
+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui));
+int UI_method_set_writer(UI_METHOD *method,
+                         int (*writer) (UI *ui, UI_STRING *uis));
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui));
+int UI_method_set_reader(UI_METHOD *method,
+                         int (*reader) (UI *ui, UI_STRING *uis));
+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui));
+int UI_method_set_data_duplicator(UI_METHOD *method,
+                                  void *(*duplicator) (UI *ui, void *ui_data),
+                                  void (*destructor)(UI *ui, void *ui_data));
+int UI_method_set_prompt_constructor(UI_METHOD *method,
+                                     char *(*prompt_constructor) (UI *ui,
+                                                                  const char
+                                                                  *object_desc,
+                                                                  const char
+                                                                  *object_name));
+int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data);
+int (*UI_method_get_opener(const UI_METHOD *method)) (UI *);
+int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *);
+int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_closer(const UI_METHOD *method)) (UI *);
+char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))
+    (UI *, const char *, const char *);
+void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *);
+void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *);
+const void *UI_method_get_ex_data(const UI_METHOD *method, int idx);
+ +

DESCRIPTION

+ +

A method contains a few functions that implement the low level of the User Interface. These functions are:

+ +
+ +
an opener
+
+ +

This function takes a reference to a UI and starts a session, for example by opening a channel to a tty, or by creating a dialog box.

+ +
+
a writer
+
+ +

This function takes a reference to a UI and a UI String, and writes the string where appropriate, maybe to the tty, maybe added as a field label in a dialog box. Note that this gets fed all strings associated with a UI, one after the other, so care must be taken which ones it actually uses.

+ +
+
a flusher
+
+ +

This function takes a reference to a UI, and flushes everything that has been output so far. For example, if the method builds up a dialog box, this can be used to actually display it and accepting input ended with a pressed button.

+ +
+
a reader
+
+ +

This function takes a reference to a UI and a UI string and reads off the given prompt, maybe from the tty, maybe from a field in a dialog box. Note that this gets fed all strings associated with a UI, one after the other, so care must be taken which ones it actually uses.

+ +
+
a closer
+
+ +

This function takes a reference to a UI, and closes the session, maybe by closing the channel to the tty, maybe by destroying a dialog box.

+ +
+
+ +

All of these functions are expected to return 0 on error, 1 on success, or -1 on out-off-band events, for example if some prompting has been cancelled (by pressing Ctrl-C, for example). Only the flusher or the reader are expected to return -1. If returned by another of the functions, it's treated as if 0 was returned.

+ +

Regarding the writer and the reader, don't assume the former should only write and don't assume the latter should only read. This depends on the needs of the method.

+ +

For example, a typical tty reader wouldn't write the prompts in the write, but would rather do so in the reader, because of the sequential nature of prompting on a tty. This is how the UI_OpenSSL() method does it.

+ +

In contrast, a method that builds up a dialog box would add all prompt text in the writer, have all input read in the flusher and store the results in some temporary buffer, and finally have the reader just fetch those results.

+ +

The central function that uses these method functions is UI_process(), and it does it in five steps:

+ +
    + +
  1. Open the session using the opener function if that one's defined. If an error occurs, jump to 5.

    + +
  2. +
  3. For every UI String associated with the UI, call the writer function if that one's defined. If an error occurs, jump to 5.

    + +
  4. +
  5. Flush everything using the flusher function if that one's defined. If an error occurs, jump to 5.

    + +
  6. +
  7. For every UI String associated with the UI, call the reader function if that one's defined. If an error occurs, jump to 5.

    + +
  8. +
  9. Close the session using the closer function if that one's defined.

    + +
  10. +
+ +

UI_create_method() creates a new UI method with a given name.

+ +

UI_destroy_method() destroys the given UI method ui_method.

+ +

UI_method_set_opener(), UI_method_set_writer(), UI_method_set_flusher(), UI_method_set_reader() and UI_method_set_closer() set the five main method function to the given function pointer.

+ +

UI_method_set_data_duplicator() sets the user data duplicator and destructor. See UI_dup_user_data(3).

+ +

UI_method_set_prompt_constructor() sets the prompt constructor. See UI_construct_prompt(3).

+ +

UI_method_set_ex_data() sets application specific data with a given EX_DATA index. See CRYPTO_get_ex_new_index(3) for general information on how to get that index.

+ +

UI_method_get_opener(), UI_method_get_writer(), UI_method_get_flusher(), UI_method_get_reader(), UI_method_get_closer(), UI_method_get_data_duplicator(), UI_method_get_data_destructor() and UI_method_get_prompt_constructor() return the different method functions.

+ +

UI_method_get_ex_data() returns the application data previously stored with UI_method_set_ex_data().

+ +

RETURN VALUES

+ +

UI_create_method() returns a UI_METHOD pointer on success, NULL on error.

+ +

UI_method_set_opener(), UI_method_set_writer(), UI_method_set_flusher(), UI_method_set_reader(), UI_method_set_closer(), UI_method_set_data_duplicator() and UI_method_set_prompt_constructor() return 0 on success, -1 if the given method is NULL.

+ +

UI_method_set_ex_data() returns 1 on success and 0 on error (because CRYPTO_set_ex_data() does so).

+ +

UI_method_get_opener(), UI_method_get_writer(), UI_method_get_flusher(), UI_method_get_reader(), UI_method_get_closer(), UI_method_get_data_duplicator(), UI_method_get_data_destructor() and UI_method_get_prompt_constructor() return the requested function pointer if it's set in the method, otherwise NULL.

+ +

UI_method_get_ex_data() returns a pointer to the application specific data associated with the method.

+ +

SEE ALSO

+ +

UI(3), CRYPTO_get_ex_data(3), UI_STRING(3)

+ +

HISTORY

+ +

The UI_method_set_data_duplicator(), UI_method_get_data_duplicator() and UI_method_get_data_destructor() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/UI_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/UI_new.html new file mode 100644 index 00000000..11594b5d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/UI_new.html @@ -0,0 +1,178 @@ + + + + +UI_new + + + + + + + + + + +

NAME

+ +

UI, UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, UI_add_error_string, UI_dup_error_string, UI_construct_prompt, UI_add_user_data, UI_dup_user_data, UI_get0_user_data, UI_get0_result, UI_get_result_length, UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_set_method, UI_OpenSSL, UI_null - user interface

+ +

SYNOPSIS

+ +
#include <openssl/ui.h>
+
+typedef struct ui_st UI;
+
+UI *UI_new(void);
+UI *UI_new_method(const UI_METHOD *method);
+void UI_free(UI *ui);
+
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize);
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize);
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf);
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf);
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf);
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf);
+int UI_add_info_string(UI *ui, const char *text);
+int UI_dup_info_string(UI *ui, const char *text);
+int UI_add_error_string(UI *ui, const char *text);
+int UI_dup_error_string(UI *ui, const char *text);
+
+char *UI_construct_prompt(UI *ui_method,
+       const char *object_desc, const char *object_name);
+
+void *UI_add_user_data(UI *ui, void *user_data);
+int UI_dup_user_data(UI *ui, void *user_data);
+void *UI_get0_user_data(UI *ui);
+
+const char *UI_get0_result(UI *ui, int i);
+int UI_get_result_length(UI *ui, int i);
+
+int UI_process(UI *ui);
+
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
+
+void UI_set_default_method(const UI_METHOD *meth);
+const UI_METHOD *UI_get_default_method(void);
+const UI_METHOD *UI_get_method(UI *ui);
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
+
+UI_METHOD *UI_OpenSSL(void);
+const UI_METHOD *UI_null(void);
+ +

DESCRIPTION

+ +

UI stands for User Interface, and is general purpose set of routines to prompt the user for text-based information. Through user-written methods (see UI_create_method(3)), prompting can be done in any way imaginable, be it plain text prompting, through dialog boxes or from a cell phone.

+ +

All the functions work through a context of the type UI. This context contains all the information needed to prompt correctly as well as a reference to a UI_METHOD, which is an ordered vector of functions that carry out the actual prompting.

+ +

The first thing to do is to create a UI with UI_new() or UI_new_method(), then add information to it with the UI_add or UI_dup functions. Also, user-defined random data can be passed down to the underlying method through calls to UI_add_user_data() or UI_dup_user_data(). The default UI method doesn't care about these data, but other methods might. Finally, use UI_process() to actually perform the prompting and UI_get0_result() and UI_get_result_length() to find the result to the prompt and its length.

+ +

A UI can contain more than one prompt, which are performed in the given sequence. Each prompt gets an index number which is returned by the UI_add and UI_dup functions, and has to be used to get the corresponding result with UI_get0_result() and UI_get_result_length().

+ +

UI_process() can be called more than once on the same UI, thereby allowing a UI to have a long lifetime, but can just as well have a short lifetime.

+ +

The functions are as follows:

+ +

UI_new() creates a new UI using the default UI method. When done with this UI, it should be freed using UI_free().

+ +

UI_new_method() creates a new UI using the given UI method. When done with this UI, it should be freed using UI_free().

+ +

UI_OpenSSL() returns the built-in UI method (note: not necessarily the default one, since the default can be changed. See further on). This method is the most machine/OS dependent part of OpenSSL and normally generates the most problems when porting.

+ +

UI_null() returns a UI method that does nothing. Its use is to avoid getting internal defaults for passed UI_METHOD pointers.

+ +

UI_free() removes a UI from memory, along with all other pieces of memory that's connected to it, like duplicated input strings, results and others. If ui is NULL nothing is done.

+ +

UI_add_input_string() and UI_add_verify_string() add a prompt to the UI, as well as flags and a result buffer and the desired minimum and maximum sizes of the result, not counting the final NUL character. The given information is used to prompt for information, for example a password, and to verify a password (i.e. having the user enter it twice and check that the same string was entered twice). UI_add_verify_string() takes and extra argument that should be a pointer to the result buffer of the input string that it's supposed to verify, or verification will fail.

+ +

UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered in a boolean way, with a single character for yes and a different character for no. A set of characters that can be used to cancel the prompt is given as well. The prompt itself is divided in two, one part being the descriptive text (given through the prompt argument) and one describing the possible answers (given through the action_desc argument).

+ +

UI_add_info_string() and UI_add_error_string() add strings that are shown at the same time as the prompt for extra information or to show an error string. The difference between the two is only conceptual. With the builtin method, there's no technical difference between them. Other methods may make a difference between them, however.

+ +

The flags currently supported are UI_INPUT_FLAG_ECHO, which is relevant for UI_add_input_string() and will have the users response be echoed (when prompting for a password, this flag should obviously not be used, and UI_INPUT_FLAG_DEFAULT_PWD, which means that a default password of some sort will be used (completely depending on the application and the UI method).

+ +

UI_dup_input_string(), UI_dup_verify_string(), UI_dup_input_boolean(), UI_dup_info_string() and UI_dup_error_string() are basically the same as their UI_add counterparts, except that they make their own copies of all strings.

+ +

UI_construct_prompt() is a helper function that can be used to create a prompt from two pieces of information: an description and a name. The default constructor (if there is none provided by the method used) creates a string "Enter description for name:". With the description "pass phrase" and the file name "foo.key", that becomes "Enter pass phrase for foo.key:". Other methods may create whatever string and may include encodings that will be processed by the other method functions.

+ +

UI_add_user_data() adds a user data pointer for the method to use at any time. The builtin UI method doesn't care about this info. Note that several calls to this function doesn't add data, it replaces the previous blob with the one given as argument.

+ +

UI_dup_user_data() duplicates the user data and works as an alternative to UI_add_user_data() when the user data needs to be preserved for a longer duration, perhaps even the lifetime of the application. The UI object takes ownership of this duplicate and will free it whenever it gets replaced or the UI is destroyed. UI_dup_user_data() returns 0 on success, or -1 on memory allocation failure or if the method doesn't have a duplicator function.

+ +

UI_get0_user_data() retrieves the data that has last been given to the UI with UI_add_user_data() or UI_dup_user_data.

+ +

UI_get0_result() returns a pointer to the result buffer associated with the information indexed by i.

+ +

UI_get_result_length() returns the length of the result buffer associated with the information indexed by i.

+ +

UI_process() goes through the information given so far, does all the printing and prompting and returns the final status, which is -2 on out-of-band events (Interrupt, Cancel, ...), -1 on error and 0 on success.

+ +

UI_ctrl() adds extra control for the application author. For now, it understands two commands: UI_CTRL_PRINT_ERRORS, which makes UI_process() print the OpenSSL error stack as part of processing the UI, and UI_CTRL_IS_REDOABLE, which returns a flag saying if the used UI can be used again or not.

+ +

UI_set_default_method() changes the default UI method to the one given. This function is not thread-safe and should not be called at the same time as other OpenSSL functions.

+ +

UI_get_default_method() returns a pointer to the current default UI method.

+ +

UI_get_method() returns the UI method associated with a given UI.

+ +

UI_set_method() changes the UI method associated with a given UI.

+ +

NOTES

+ +

The resulting strings that the built in method UI_OpenSSL() generate are assumed to be encoded according to the current locale or (for Windows) code page. For applications having different demands, these strings need to be converted appropriately by the caller. For Windows, if the OPENSSL_WIN32_UTF8 environment variable is set, the built-in method UI_OpenSSL() will produce UTF-8 encoded strings instead.

+ +

RETURN VALUES

+ +

UI_new() and UI_new_method() return a valid UI structure or NULL if an error occurred.

+ +

UI_add_input_string(), UI_dup_input_string(), UI_add_verify_string(), UI_dup_verify_string(), UI_add_input_boolean(), UI_dup_input_boolean(), UI_add_info_string(), UI_dup_info_string(), UI_add_error_string() and UI_dup_error_string() return a positive number on success or a value which is less than or equal to 0 otherwise.

+ +

UI_construct_prompt() returns a string or NULL if an error occurred.

+ +

UI_dup_user_data() returns 0 on success or -1 on error.

+ +

UI_get0_result() returns a string or NULL on error.

+ +

UI_get_result_length() returns a positive integer or 0 on success; otherwise it returns -1 on error.

+ +

UI_process() returns 0 on success or a negative value on error.

+ +

UI_ctrl() returns a mask on success or -1 on error.

+ +

UI_get_default_method(), UI_get_method(), UI_OpenSSL(), UI_null() and UI_set_method() return either a valid UI_METHOD structure or NULL respectively.

+ +

HISTORY

+ +

The UI_dup_user_data() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509V3_get_d2i.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509V3_get_d2i.html new file mode 100644 index 00000000..356629b7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509V3_get_d2i.html @@ -0,0 +1,214 @@ + + + + +X509V3_get_d2i + + + + + + + + + + +

NAME

+ +

X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d - X509 extension decode and encode functions

+ +

SYNOPSIS

+ +
#include <openssl/x509v3.h>
+
+void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+                     int *idx);
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+                    int crit, unsigned long flags);
+
+void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext);
+
+void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                      unsigned long flags);
+
+void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx);
+int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit,
+                          unsigned long flags);
+
+void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx);
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit,
+                              unsigned long flags);
+
+const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
+const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r);
+ +

DESCRIPTION

+ +

X509V3_get_ext_d2i() looks for an extension with OID nid in the extensions x and, if found, decodes it. If idx is NULL then only one occurrence of an extension is permissible otherwise the first extension after index *idx is returned and *idx updated to the location of the extension. If crit is not NULL then *crit is set to a status value: -2 if the extension occurs multiple times (this is only returned if idx is NULL), -1 if the extension could not be found, 0 if the extension is found and is not critical and 1 if critical. A pointer to an extension specific structure or NULL is returned.

+ +

X509V3_add1_i2d() adds extension value to STACK *x (allocating a new STACK if necessary) using OID nid and criticality crit according to flags.

+ +

X509V3_EXT_d2i() attempts to decode the ASN.1 data contained in extension ext and returns a pointer to an extension specific structure or NULL if the extension could not be decoded (invalid syntax or not supported).

+ +

X509V3_EXT_i2d() encodes the extension specific structure ext with OID ext_nid and criticality crit.

+ +

X509_get_ext_d2i() and X509_add1_ext_i2d() operate on the extensions of certificate x, they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d().

+ +

X509_CRL_get_ext_d2i() and X509_CRL_add1_ext_i2d() operate on the extensions of CRL crl, they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d().

+ +

X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the extensions of X509_REVOKED structure r (i.e for CRL entry extensions), they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d().

+ +

X509_get0_extensions(), X509_CRL_get0_extensions() and X509_REVOKED_get0_extensions() return a stack of all the extensions of a certificate a CRL or a CRL entry respectively.

+ +

NOTES

+ +

In almost all cases an extension can occur at most once and multiple occurrences is an error. Therefore the idx parameter is usually NULL.

+ +

The flags parameter may be one of the following values.

+ +

X509V3_ADD_DEFAULT appends a new extension only if the extension does not already exist. An error is returned if the extension does already exist.

+ +

X509V3_ADD_APPEND appends a new extension, ignoring whether the extension already exists.

+ +

X509V3_ADD_REPLACE replaces an extension if it exists otherwise appends a new extension.

+ +

X509V3_ADD_REPLACE_EXISTING replaces an existing extension if it exists otherwise returns an error.

+ +

X509V3_ADD_KEEP_EXISTING appends a new extension only if the extension does not already exist. An error is not returned if the extension does already exist.

+ +

X509V3_ADD_DELETE extension nid is deleted: no new extension is added.

+ +

If X509V3_ADD_SILENT is ored with flags: any error returned will not be added to the error queue.

+ +

The function X509V3_get_d2i() will return NULL if the extension is not found, occurs multiple times or cannot be decoded. It is possible to determine the precise reason by checking the value of *crit.

+ +

SUPPORTED EXTENSIONS

+ +

The following sections contain a list of all supported extensions including their name and NID.

+ +

PKIX Certificate Extensions

+ +

The following certificate extensions are defined in PKIX standards such as RFC5280.

+ +
Basic Constraints                  NID_basic_constraints
+Key Usage                          NID_key_usage
+Extended Key Usage                 NID_ext_key_usage
+
+Subject Key Identifier             NID_subject_key_identifier
+Authority Key Identifier           NID_authority_key_identifier
+
+Private Key Usage Period           NID_private_key_usage_period
+
+Subject Alternative Name           NID_subject_alt_name
+Issuer Alternative Name            NID_issuer_alt_name
+
+Authority Information Access       NID_info_access
+Subject Information Access         NID_sinfo_access
+
+Name Constraints                   NID_name_constraints
+
+Certificate Policies               NID_certificate_policies
+Policy Mappings                    NID_policy_mappings
+Policy Constraints                 NID_policy_constraints
+Inhibit Any Policy                 NID_inhibit_any_policy
+
+TLS Feature                        NID_tlsfeature
+ +

Netscape Certificate Extensions

+ +

The following are (largely obsolete) Netscape certificate extensions.

+ +
Netscape Cert Type                 NID_netscape_cert_type
+Netscape Base Url                  NID_netscape_base_url
+Netscape Revocation Url            NID_netscape_revocation_url
+Netscape CA Revocation Url         NID_netscape_ca_revocation_url
+Netscape Renewal Url               NID_netscape_renewal_url
+Netscape CA Policy Url             NID_netscape_ca_policy_url
+Netscape SSL Server Name           NID_netscape_ssl_server_name
+Netscape Comment                   NID_netscape_comment
+ +

Miscellaneous Certificate Extensions

+ +
Strong Extranet ID                 NID_sxnet
+Proxy Certificate Information      NID_proxyCertInfo
+ +

PKIX CRL Extensions

+ +

The following are CRL extensions from PKIX standards such as RFC5280.

+ +
CRL Number                         NID_crl_number
+CRL Distribution Points            NID_crl_distribution_points
+Delta CRL Indicator                NID_delta_crl
+Freshest CRL                       NID_freshest_crl
+Invalidity Date                    NID_invalidity_date
+Issuing Distribution Point         NID_issuing_distribution_point
+ +

The following are CRL entry extensions from PKIX standards such as RFC5280.

+ +
CRL Reason Code                    NID_crl_reason
+Certificate Issuer                 NID_certificate_issuer
+ +

OCSP Extensions

+ +
OCSP Nonce                         NID_id_pkix_OCSP_Nonce
+OCSP CRL ID                        NID_id_pkix_OCSP_CrlID
+Acceptable OCSP Responses          NID_id_pkix_OCSP_acceptableResponses
+OCSP No Check                      NID_id_pkix_OCSP_noCheck
+OCSP Archive Cutoff                NID_id_pkix_OCSP_archiveCutoff
+OCSP Service Locator               NID_id_pkix_OCSP_serviceLocator
+Hold Instruction Code              NID_hold_instruction_code
+ +

Certificate Transparency Extensions

+ +

The following extensions are used by certificate transparency, RFC6962

+ +
CT Precertificate SCTs             NID_ct_precert_scts
+CT Certificate SCTs                NID_ct_cert_scts
+ +

RETURN VALUES

+ +

X509V3_EXT_d2i() and *X509V3_get_d2i() return a pointer to an extension specific structure of NULL if an error occurs.

+ +

X509V3_EXT_i2d() returns a pointer to an X509_EXTENSION structure or NULL if an error occurs.

+ +

X509V3_add1_i2d() returns 1 if the operation is successful and 0 if it fails due to a non-fatal error (extension not found, already exists, cannot be encoded) or -1 due to a fatal error such as a memory allocation failure.

+ +

X509_get0_extensions(), X509_CRL_get0_extensions() and X509_REVOKED_get0_extensions() return a stack of extensions. They return NULL if no extensions are present.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509_verify_cert(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_ALGOR_dup.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_ALGOR_dup.html new file mode 100644 index 00000000..62f5c9f1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_ALGOR_dup.html @@ -0,0 +1,70 @@ + + + + +X509_ALGOR_dup + + + + + + + + + + +

NAME

+ +

X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg);
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
+void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
+                     const void **ppval, const X509_ALGOR *alg);
+void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
+ +

DESCRIPTION

+ +

X509_ALGOR_dup() returns a copy of alg.

+ +

X509_ALGOR_set0() sets the algorithm OID of alg to aobj and the associated parameter type to ptype with value pval. If ptype is V_ASN1_UNDEF the parameter is omitted, otherwise ptype and pval have the same meaning as the type and value parameters to ASN1_TYPE_set(). All the supplied parameters are used internally so must NOT be freed after this call.

+ +

X509_ALGOR_get0() is the inverse of X509_ALGOR_set0(): it returns the algorithm OID in *paobj and the associated parameter in *pptype and *ppval from the AlgorithmIdentifier alg.

+ +

X509_ALGOR_set_md() sets the AlgorithmIdentifier alg to appropriate values for the message digest md.

+ +

X509_ALGOR_cmp() compares a and b and returns 0 if they have identical encodings and non-zero otherwise.

+ +

RETURN VALUES

+ +

X509_ALGOR_dup() returns a valid X509_ALGOR structure or NULL if an error occurred.

+ +

X509_ALGOR_set0() returns 1 on success or 0 on error.

+ +

X509_ALGOR_get0() and X509_ALGOR_set_md() return no values.

+ +

X509_ALGOR_cmp() returns 0 if the two parameters have identical encodings and non-zero otherwise.

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_CRL_get0_by_serial.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_CRL_get0_by_serial.html new file mode 100644 index 00000000..4baeb79e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_CRL_get0_by_serial.html @@ -0,0 +1,99 @@ + + + + +X509_CRL_get0_by_serial + + + + + + + + + + +

NAME

+ +

X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate, X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, X509_CRL_add0_revoked, X509_CRL_sort - CRL revoked entry utility functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_CRL_get0_by_serial(X509_CRL *crl,
+                            X509_REVOKED **ret, ASN1_INTEGER *serial);
+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
+
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
+
+const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *r);
+const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *r);
+
+int X509_REVOKED_set_serialNumber(X509_REVOKED *r, ASN1_INTEGER *serial);
+int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+
+int X509_CRL_sort(X509_CRL *crl);
+ +

DESCRIPTION

+ +

X509_CRL_get0_by_serial() attempts to find a revoked entry in crl for serial number serial. If it is successful it sets *ret to the internal pointer of the matching entry, as a result *ret must not be freed up after the call.

+ +

X509_CRL_get0_by_cert() is similar to X509_get0_by_serial() except it looks for a revoked entry using the serial number of certificate x.

+ +

X509_CRL_get_REVOKED() returns an internal pointer to a stack of all revoked entries for crl.

+ +

X509_REVOKED_get0_serialNumber() returns an internal pointer to the serial number of r.

+ +

X509_REVOKED_get0_revocationDate() returns an internal pointer to the revocation date of r.

+ +

X509_REVOKED_set_serialNumber() sets the serial number of r to serial. The supplied serial pointer is not used internally so it should be freed up after use.

+ +

X509_REVOKED_set_revocationDate() sets the revocation date of r to tm. The supplied tm pointer is not used internally so it should be freed up after use.

+ +

X509_CRL_add0_revoked() appends revoked entry rev to CRL crl. The pointer rev is used internally so it must not be freed up after the call: it is freed when the parent CRL is freed.

+ +

X509_CRL_sort() sorts the revoked entries of crl into ascending serial number order.

+ +

NOTES

+ +

Applications can determine the number of revoked entries returned by X509_CRL_get_revoked() using sk_X509_REVOKED_num() and examine each one in turn using sk_X509_REVOKED_value().

+ +

RETURN VALUES

+ +

X509_CRL_get0_by_serial() and X509_CRL_get0_by_cert() return 0 for failure, 1 on success except if the revoked entry has the reason removeFromCRL (8), in which case 2 is returned.

+ +

X509_REVOKED_set_serialNumber(), X509_REVOKED_set_revocationDate(), X509_CRL_add0_revoked() and X509_CRL_sort() return 1 for success and 0 for failure.

+ +

X509_REVOKED_get0_serialNumber() returns an ASN1_INTEGER pointer.

+ +

X509_REVOKED_get0_revocationDate() returns an ASN1_TIME value.

+ +

X509_CRL_get_REVOKED() returns a STACK of revoked entries.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_EXTENSION_set_object.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_EXTENSION_set_object.html new file mode 100644 index 00000000..9e48143d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_EXTENSION_set_object.html @@ -0,0 +1,96 @@ + + + + +X509_EXTENSION_set_object + + + + + + + + + + +

NAME

+ +

X509_EXTENSION_set_object, X509_EXTENSION_set_critical, X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID, X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object, X509_EXTENSION_get_critical, X509_EXTENSION_get_data - extension utility functions

+ +

SYNOPSIS

+ +
int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);
+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
+
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
+                                             int nid, int crit,
+                                             ASN1_OCTET_STRING *data);
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+                                             const ASN1_OBJECT *obj, int crit,
+                                             ASN1_OCTET_STRING *data);
+
+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
+int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
+ +

DESCRIPTION

+ +

X509_EXTENSION_set_object() sets the extension type of ex to obj. The obj pointer is duplicated internally so obj should be freed up after use.

+ +

X509_EXTENSION_set_critical() sets the criticality of ex to crit. If crit is zero the extension in non-critical otherwise it is critical.

+ +

X509_EXTENSION_set_data() sets the data in extension ex to data. The data pointer is duplicated internally.

+ +

X509_EXTENSION_create_by_NID() creates an extension of type nid, criticality crit using data data. The created extension is returned and written to *ex reusing or allocating a new extension if necessary so *ex should either be NULL or a valid X509_EXTENSION structure it must not be an uninitialised pointer.

+ +

X509_EXTENSION_create_by_OBJ() is identical to X509_EXTENSION_create_by_NID() except it creates and extension using obj instead of a NID.

+ +

X509_EXTENSION_get_object() returns the extension type of ex as an ASN1_OBJECT pointer. The returned pointer is an internal value which must not be freed up.

+ +

X509_EXTENSION_get_critical() returns the criticality of extension ex it returns 1 for critical and 0 for non-critical.

+ +

X509_EXTENSION_get_data() returns the data of extension ex. The returned pointer is an internal value which must not be freed up.

+ +

NOTES

+ +

These functions manipulate the contents of an extension directly. Most applications will want to parse or encode and add an extension: they should use the extension encode and decode functions instead such as X509_add1_ext_i2d() and X509_get_ext_d2i().

+ +

The data associated with an extension is the extension encoding in an ASN1_OCTET_STRING structure.

+ +

RETURN VALUES

+ +

X509_EXTENSION_set_object() X509_EXTENSION_set_critical() and X509_EXTENSION_set_data() return 1 for success and 0 for failure.

+ +

X509_EXTENSION_create_by_NID() and X509_EXTENSION_create_by_OBJ() return an X509_EXTENSION pointer or NULL if an error occurs.

+ +

X509_EXTENSION_get_object() returns an ASN1_OBJECT pointer.

+ +

X509_EXTENSION_get_critical() returns 0 for non-critical and 1 for critical.

+ +

X509_EXTENSION_get_data() returns an ASN1_OCTET_STRING pointer.

+ +

SEE ALSO

+ +

X509V3_get_d2i(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_LOOKUP.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_LOOKUP.html new file mode 100644 index 00000000..b36bfc85 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_LOOKUP.html @@ -0,0 +1,177 @@ + + + + +X509_LOOKUP + + + + + + + + + + +

NAME

+ +

X509_LOOKUP, X509_LOOKUP_TYPE, X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init, X509_LOOKUP_shutdown, X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, X509_LOOKUP_ctrl, X509_LOOKUP_load_file, X509_LOOKUP_add_dir, X509_LOOKUP_get_store, X509_LOOKUP_by_subject, X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint, X509_LOOKUP_by_alias - OpenSSL certificate lookup mechanisms

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+typedef x509_lookup_st X509_LOOKUP;
+
+typedef enum X509_LOOKUP_TYPE;
+
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
+int X509_LOOKUP_init(X509_LOOKUP *ctx);
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
+void X509_LOOKUP_free(X509_LOOKUP *ctx);
+
+int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data);
+void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
+
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+                     long argl, char **ret);
+int X509_LOOKUP_load_file(X509_LOOKUP *ctx, char *name, long type);
+int X509_LOOKUP_add_dir(X509_LOOKUP *ctx, char *name, long type);
+
+X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
+
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                           X509_NAME *name, X509_OBJECT *ret);
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                 X509_NAME *name, ASN1_INTEGER *serial,
+                                 X509_OBJECT *ret);
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const unsigned char *bytes, int len,
+                               X509_OBJECT *ret);
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                         const char *str, int len, X509_OBJECT *ret);
+ +

DESCRIPTION

+ +

The X509_LOOKUP structure holds the information needed to look up certificates and CRLs according to an associated X509_LOOKUP_METHOD(3). Multiple X509_LOOKUP instances can be added to an X509_STORE(3) to enable lookup in that store.

+ +

X509_LOOKUP_new() creates a new X509_LOOKUP using the given lookup method. It can also be created by calling X509_STORE_add_lookup(3), which will associate an X509_STORE with the lookup mechanism.

+ +

X509_LOOKUP_init() initializes the internal state and resources as needed by the given X509_LOOKUP to do its work.

+ +

X509_LOOKUP_shutdown() tears down the internal state and resources of the given X509_LOOKUP.

+ +

X509_LOOKUP_free() destructs the given X509_LOOKUP.

+ +

X509_LOOKUP_set_method_data() associates a pointer to application data to the given X509_LOOKUP.

+ +

X509_LOOKUP_get_method_data() retrieves a pointer to application data from the given X509_LOOKUP.

+ +

X509_LOOKUP_ctrl() is used to set or get additional data to or from an X509_LOOKUP structure or its associated X509_LOOKUP_METHOD(3). The arguments of the control command are passed via argc and argl, its return value via *ret. The meaning of the arguments depends on the cmd number of the control command. In general, this function is not called directly, but wrapped by a macro call, see below. The control cmds known to OpenSSL are discussed in more depth in "Control Commands".

+ +

X509_LOOKUP_load_file() passes a filename to be loaded immediately into the associated X509_STORE. type indicates what type of object is expected. This can only be used with a lookup using the implementation X509_LOOKUP_file(3).

+ +

X509_LOOKUP_add_dir() passes a directory specification from which certificates and CRLs are loaded on demand into the associated X509_STORE. type indicates what type of object is expected. This can only be used with a lookup using the implementation X509_LOOKUP_hash_dir(3).

+ +

X509_LOOKUP_load_file(), X509_LOOKUP_add_dir(), X509_LOOKUP_add_store(), and X509_LOOKUP_load_store() are implemented as macros that use X509_LOOKUP_ctrl().

+ +

X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(), X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() look up certificates and CRLs in the X509_STORE(3) associated with the X509_LOOKUP using different criteria, where the looked up object is stored in ret. Some of the underlying X509_LOOKUP_METHODs will also cache objects matching the criteria in the associated X509_STORE, which makes it possible to handle cases where the criteria have more than one hit.

+ +

File Types

+ +

X509_LOOKUP_load_file() and X509_LOOKUP_add_dir() take a type, which can be one of the following:

+ +
+ +
X509_FILETYPE_PEM
+
+ +

The file or files that are loaded are expected to be in PEM format.

+ +
+
X509_FILETYPE_ASN1
+
+ +

The file or files that are loaded are expected to be in raw DER format.

+ +
+
X509_FILETYPE_DEFAULT
+
+ +

The default certificate file or directory is used. In this case, name is ignored.

+ +
+
+ +

Control Commands

+ +

The X509_LOOKUP_METHODs built into OpenSSL recognise the following X509_LOOKUP_ctrl() cmds:

+ +
+ +
X509_L_FILE_LOAD
+
+ +

This is the command that X509_LOOKUP_load_file() uses. The filename is passed in argc, and the type in argl.

+ +
+
X509_L_ADD_DIR
+
+ +

This is the command that X509_LOOKUP_add_dir() uses. The directory specification is passed in argc, and the type in argl.

+ +
+
X509_L_ADD_STORE
+
+ +

This is the command that X509_LOOKUP_add_store() uses. The URI is passed in argc.

+ +
+
X509_L_LOAD_STORE
+
+ +

This is the command that X509_LOOKUP_load_store() uses. The URI is passed in argc.

+ +
+
+ +

RETURN VALUES

+ +

X509_LOOKUP_new() returns an X509_LOOKUP pointer when successful, or NULL on error.

+ +

X509_LOOKUP_init() and X509_LOOKUP_shutdown() return 1 on success, or 0 on error.

+ +

X509_LOOKUP_ctrl() returns -1 if the X509_LOOKUP doesn't have an associated X509_LOOKUP_METHOD, or 1 if the doesn't have a control function. Otherwise, it returns what the control function in the X509_LOOKUP_METHOD returns, which is usually 1 on success and 0 in error.

+ +

X509_LOOKUP_get_store() returns an X509_STORE pointer if there is one, otherwise NULL.

+ +

X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(), X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() all return 0 if there is no X509_LOOKUP_METHOD or that method doesn't implement the corresponding function. Otherwise, it returns what the corresponding function in the X509_LOOKUP_METHOD returns, which is usually 1 on success and 0 in error.

+ +

SEE ALSO

+ +

X509_LOOKUP_METHOD(3), X509_STORE(3)

+ +

COPYRIGHT

+ +

Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_LOOKUP_hash_dir.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_LOOKUP_hash_dir.html new file mode 100644 index 00000000..f5f09924 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_LOOKUP_hash_dir.html @@ -0,0 +1,106 @@ + + + + +X509_LOOKUP_hash_dir + + + + + + + + + + +

NAME

+ +

X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_load_cert_file, X509_load_crl_file, X509_load_cert_crl_file - Default OpenSSL certificate lookup methods

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+ +

DESCRIPTION

+ +

X509_LOOKUP_hash_dir and X509_LOOKUP_file are two certificate lookup methods to use with X509_STORE, provided by OpenSSL library.

+ +

Users of the library typically do not need to create instances of these methods manually, they would be created automatically by X509_STORE_load_locations(3) or SSL_CTX_load_verify_locations(3) functions.

+ +

Internally loading of certificates and CRLs is implemented via functions X509_load_cert_crl_file, X509_load_cert_file and X509_load_crl_file. These functions support parameter type, which can be one of constants FILETYPE_PEM, FILETYPE_ASN1 and FILETYPE_DEFAULT. They load certificates and/or CRLs from specified file into memory cache of X509_STORE objects which given ctx parameter is associated with.

+ +

Functions X509_load_cert_file and X509_load_crl_file can load both PEM and DER formats depending of type value. Because DER format cannot contain more than one certificate or CRL object (while PEM can contain several concatenated PEM objects) X509_load_cert_crl_file with FILETYPE_ASN1 is equivalent to X509_load_cert_file.

+ +

Constant FILETYPE_DEFAULT with NULL filename causes these functions to load default certificate store file (see X509_STORE_set_default_paths(3).

+ +

Functions return number of objects loaded from file or 0 in case of error.

+ +

Both methods support adding several certificate locations into one X509_STORE.

+ +

This page documents certificate store formats used by these methods and caching policy.

+ +

File Method

+ +

The X509_LOOKUP_file method loads all the certificates or CRLs present in a file into memory at the time the file is added as a lookup source.

+ +

File format is ASCII text which contains concatenated PEM certificates and CRLs.

+ +

This method should be used by applications which work with a small set of CAs.

+ +

Hashed Directory Method

+ +

X509_LOOKUP_hash_dir is a more advanced method, which loads certificates and CRLs on demand, and caches them in memory once they are loaded. As of OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so that newer CRLs are as soon as they appear in the directory.

+ +

The directory should contain one certificate or CRL per file in PEM format, with a file name of the form hash.N for a certificate, or hash.rN for a CRL. The hash is the value returned by the X509_NAME_hash(3) function applied to the subject name for certificates or issuer name for CRLs. The hash can also be obtained via the -hash option of the x509(1) or crl(1) commands.

+ +

The .N or .rN suffix is a sequence number that starts at zero, and is incremented consecutively for each certificate or CRL with the same hash value. Gaps in the sequence numbers are not supported, it is assumed that there are no more objects with the same hash beyond the first missing number in the sequence.

+ +

Sequence numbers make it possible for the directory to contain multiple certificates with same subject name hash value. For example, it is possible to have in the store several certificates with same subject or several CRLs with same issuer (and, for example, different validity period).

+ +

When checking for new CRLs once one CRL for given hash value is loaded, hash_dir lookup method checks only for certificates with sequence number greater than that of the already cached CRL.

+ +

Note that the hash algorithm used for subject name hashing changed in OpenSSL 1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL 0.9.8 to 1.0.0.

+ +

OpenSSL includes a rehash(1) utility which creates symlinks with correct hashed names for all files with .pem suffix in a given directory.

+ +

RETURN VALUES

+ +

X509_LOOKUP_hash_dir() and X509_LOOKUP_file() always return a valid X509_LOOKUP_METHOD structure.

+ +

X509_load_cert_file(), X509_load_crl_file() and X509_load_cert_crl_file() return the number of loaded objects or 0 on error.

+ +

SEE ALSO

+ +

PEM_read_PrivateKey(3), X509_STORE_load_locations(3), X509_store_add_lookup(3), SSL_CTX_load_verify_locations(3), X509_LOOKUP_meth_new(3),

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_LOOKUP_meth_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_LOOKUP_meth_new.html new file mode 100644 index 00000000..99b3a24d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_LOOKUP_meth_new.html @@ -0,0 +1,158 @@ + + + + +X509_LOOKUP_meth_new + + + + + + + + + + +

NAME

+ +

X509_LOOKUP_METHOD, X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, X509_LOOKUP_meth_get_shutdown, X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, X509_LOOKUP_meth_get_get_by_subject, X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, X509_LOOKUP_meth_get_get_by_issuer_serial, X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, X509_LOOKUP_meth_get_get_by_fingerprint, X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, X509_LOOKUP_meth_get_get_by_alias, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL - Routines to build up X509_LOOKUP methods

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+typedef x509_lookup_method_st X509_LOOKUP_METHOD;
+
+X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name);
+void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method,
+                                  int (*new_item) (X509_LOOKUP *ctx));
+int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method,
+                              void (*free) (X509_LOOKUP *ctx));
+void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method,
+                              int (*init) (X509_LOOKUP *ctx));
+int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method,
+                                  int (*shutdown) (X509_LOOKUP *ctx));
+int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc,
+                                   long argl, char **ret);
+int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_ctrl_fn ctrl_fn);
+X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method);
+
+typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx,
+                                             X509_LOOKUP_TYPE type,
+                                             X509_NAME *name,
+                                             X509_OBJECT *ret);
+int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_subject_fn fn);
+X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject(
+    const X509_LOOKUP_METHOD *method);
+
+typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx,
+                                                   X509_LOOKUP_TYPE type,
+                                                   X509_NAME *name,
+                                                   ASN1_INTEGER *serial,
+                                                   X509_OBJECT *ret);
+int X509_LOOKUP_meth_set_get_by_issuer_serial(
+    X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn);
+X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial(
+    const X509_LOOKUP_METHOD *method);
+
+typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx,
+                                                 X509_LOOKUP_TYPE type,
+                                                 const unsigned char* bytes,
+                                                 int len,
+                                                 X509_OBJECT *ret);
+int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_fingerprint_fn fn);
+X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint(
+    const X509_LOOKUP_METHOD *method);
+
+typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx,
+                                           X509_LOOKUP_TYPE type,
+                                           const char *str,
+                                           int len,
+                                           X509_OBJECT *ret);
+int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_alias_fn fn);
+X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
+    const X509_LOOKUP_METHOD *method);
+
+int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
+int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
+ +

DESCRIPTION

+ +

The X509_LOOKUP_METHOD type is a structure used for the implementation of new X509_LOOKUP types. It provides a set of functions used by OpenSSL for the implementation of various X509 and X509_CRL lookup capabilities. One instance of an X509_LOOKUP_METHOD can be associated to many instantiations of an X509_LOOKUP structure.

+ +

X509_LOOKUP_meth_new() creates a new X509_LOOKUP_METHOD structure. It should be given a human-readable string containing a brief description of the lookup method.

+ +

X509_LOOKUP_meth_free() destroys a X509_LOOKUP_METHOD structure.

+ +

X509_LOOKUP_get_new_item() and X509_LOOKUP_set_new_item() get and set the function that is called when an X509_LOOKUP object is created with X509_LOOKUP_new(). If an X509_LOOKUP_METHOD requires any per-X509_LOOKUP specific data, the supplied new_item function should allocate this data and invoke X509_LOOKUP_set_method_data(3).

+ +

X509_LOOKUP_get_free() and X509_LOOKUP_set_free() get and set the function that is used to free any method data that was allocated and set from within new_item function.

+ +

X509_LOOKUP_meth_get_init() and X509_LOOKUP_meth_set_init() get and set the function that is used to initialize the method data that was set with X509_LOOKUP_set_method_data(3) as part of the new_item routine.

+ +

X509_LOOKUP_meth_get_shutdown() and X509_LOOKUP_meth_set_shutdown() get and set the function that is used to shut down the method data whose state was previously initialized in the init function.

+ +

X509_LOOKUP_meth_get_ctrl() and X509_LOOKUP_meth_set_ctrl() get and set a function to be used to handle arbitrary control commands issued by X509_LOOKUP_ctrl(). The control function is given the X509_LOOKUP ctx, along with the arguments passed by X509_LOOKUP_ctrl. cmd is an arbitrary integer that defines some operation. argc is a pointer to an array of characters. argl is an integer. ret, if set, points to a location where any return data should be written to. How argc and argl are used depends entirely on the control function.

+ +

X509_LOOKUP_set_get_by_subject(), X509_LOOKUP_set_get_by_issuer_serial(), X509_LOOKUP_set_get_by_fingerprint(), X509_LOOKUP_set_get_by_alias() set the functions used to retrieve an X509 or X509_CRL object by the object's subject, issuer, fingerprint, and alias respectively. These functions are given the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters related to the lookup, and an X509_OBJECT that will receive the requested object.

+ +

Implementations must add objects they find to the X509_STORE object using X509_STORE_add_cert() or X509_STORE_add_crl(). This increments its reference count. However, the X509_STORE_CTX_get_by_subject() function also increases the reference count which leads to one too many references being held. Therefore applications should additionally call X509_free() or X509_CRL_free() to decrement the reference count again.

+ +

Implementations should also use either X509_OBJECT_set1_X509() or X509_OBJECT_set1_X509_CRL() to set the result. Note that this also increments the result's reference count.

+ +

Any method data that was created as a result of the new_item function set by X509_LOOKUP_meth_set_new_item() can be accessed with X509_LOOKUP_get_method_data(3). The X509_STORE object that owns the X509_LOOKUP may be accessed with X509_LOOKUP_get_store(3). Successful lookups should return 1, and unsuccessful lookups should return 0.

+ +

X509_LOOKUP_get_get_by_subject(), X509_LOOKUP_get_get_by_issuer_serial(), X509_LOOKUP_get_get_by_fingerprint(), X509_LOOKUP_get_get_by_alias() retrieve the function set by the corresponding setter.

+ +

RETURN VALUES

+ +

The X509_LOOKUP_meth_set functions return 1 on success or 0 on error.

+ +

The X509_LOOKUP_meth_get functions return the corresponding function pointers.

+ +

SEE ALSO

+ +

X509_STORE_new(3), SSL_CTX_set_cert_store(3)

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0i.

+ +

COPYRIGHT

+ +

Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_NAME_ENTRY_get_object.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_NAME_ENTRY_get_object.html new file mode 100644 index 00000000..b305f83b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_NAME_ENTRY_get_object.html @@ -0,0 +1,94 @@ + + + + +X509_NAME_ENTRY_get_object + + + + + + + + + + +

NAME

+ +

X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
+ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
+
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+                             const unsigned char *bytes, int len);
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field,
+                                               int type, const unsigned char *bytes,
+                                               int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+                                               int type, const unsigned char *bytes,
+                                               int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+                                               const ASN1_OBJECT *obj, int type,
+                                               const unsigned char *bytes, int len);
+ +

DESCRIPTION

+ +

X509_NAME_ENTRY_get_object() retrieves the field name of ne in and ASN1_OBJECT structure.

+ +

X509_NAME_ENTRY_get_data() retrieves the field value of ne in and ASN1_STRING structure.

+ +

X509_NAME_ENTRY_set_object() sets the field name of ne to obj.

+ +

X509_NAME_ENTRY_set_data() sets the field value of ne to string type type and value determined by bytes and len.

+ +

X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_create_by_OBJ() create and return an X509_NAME_ENTRY structure.

+ +

NOTES

+ +

X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be used to examine an X509_NAME_ENTRY function as returned by X509_NAME_get_entry() for example.

+ +

X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(), X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data() are seldom used in practice because X509_NAME_ENTRY structures are almost always part of X509_NAME structures and the corresponding X509_NAME functions are typically used to create and add new entries in a single operation.

+ +

The arguments of these functions support similar options to the similarly named ones of the corresponding X509_NAME functions such as X509_NAME_add_entry_by_txt(). So for example type can be set to MBSTRING_ASC but in the case of X509_set_data() the field name must be set first so the relevant field information can be looked up internally.

+ +

RETURN VALUES

+ +

X509_NAME_ENTRY_get_object() returns a valid ASN1_OBJECT structure if it is set or NULL if an error occurred.

+ +

X509_NAME_ENTRY_get_data() returns a valid ASN1_STRING structure if it is set or NULL if an error occurred.

+ +

X509_NAME_ENTRY_set_object() and X509_NAME_ENTRY_set_data() return 1 on success or 0 on error.

+ +

X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_create_by_OBJ() return a valid X509_NAME_ENTRY on success or NULL if an error occurred.

+ +

SEE ALSO

+ +

ERR_get_error(3), d2i_X509_NAME(3), OBJ_nid2obj(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_NAME_add_entry_by_txt.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_NAME_add_entry_by_txt.html new file mode 100644 index 00000000..b6d53e89 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_NAME_add_entry_by_txt.html @@ -0,0 +1,119 @@ + + + + +X509_NAME_add_entry_by_txt + + + + + + + + + + +

NAME

+ +

X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+                               const unsigned char *bytes, int len, int loc, int set);
+
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
+                               const unsigned char *bytes, int len, int loc, int set);
+
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+                               const unsigned char *bytes, int len, int loc, int set);
+
+int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, int set);
+
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+ +

DESCRIPTION

+ +

X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ() and X509_NAME_add_entry_by_NID() add a field whose name is defined by a string field, an object obj or a NID nid respectively. The field value to be added is in bytes of length len. If len is -1 then the field length is calculated internally using strlen(bytes).

+ +

The type of field is determined by type which can either be a definition of the type of bytes (such as MBSTRING_ASC) or a standard ASN1 type (such as V_ASN1_IA5STRING). The new entry is added to a position determined by loc and set.

+ +

X509_NAME_add_entry() adds a copy of X509_NAME_ENTRY structure ne to name. The new entry is added to a position determined by loc and set. Since a copy of ne is added ne must be freed up after the call.

+ +

X509_NAME_delete_entry() deletes an entry from name at position loc. The deleted entry is returned and must be freed up.

+ +

NOTES

+ +

The use of string types such as MBSTRING_ASC or MBSTRING_UTF8 is strongly recommended for the type parameter. This allows the internal code to correctly determine the type of the field and to apply length checks according to the relevant standards. This is done using ASN1_STRING_set_by_NID().

+ +

If instead an ASN1 type is used no checks are performed and the supplied data in bytes is used directly.

+ +

In X509_NAME_add_entry_by_txt() the field string represents the field name using OBJ_txt2obj(field, 0).

+ +

The loc and set parameters determine where a new entry should be added. For almost all applications loc can be set to -1 and set to 0. This adds a new entry to the end of name as a single valued RelativeDistinguishedName (RDN).

+ +

loc actually determines the index where the new entry is inserted: if it is -1 it is appended.

+ +

set determines how the new type is added. If it is zero a new RDN is created.

+ +

If set is -1 or 1 it is added to the previous or next RDN structure respectively. This will then be a multivalued RDN: since multivalues RDNs are very seldom used set is almost always set to zero.

+ +

RETURN VALUES

+ +

X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ(), X509_NAME_add_entry_by_NID() and X509_NAME_add_entry() return 1 for success of 0 if an error occurred.

+ +

X509_NAME_delete_entry() returns either the deleted X509_NAME_ENTRY structure of NULL if an error occurred.

+ +

EXAMPLES

+ +

Create an X509_NAME structure:

+ +

"C=UK, O=Disorganized Organization, CN=Joe Bloggs"

+ +
X509_NAME *nm;
+
+nm = X509_NAME_new();
+if (nm == NULL)
+    /* Some error */
+if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC,
+                                "UK", -1, -1, 0))
+    /* Error */
+if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC,
+                                "Disorganized Organization", -1, -1, 0))
+    /* Error */
+if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC,
+                                "Joe Bloggs", -1, -1, 0))
+    /* Error */
+ +

BUGS

+ +

type can still be set to V_ASN1_APP_CHOOSE to use a different algorithm to determine field types. Since this form does not understand multicharacter types, performs no length checks and can result in invalid field types its use is strongly discouraged.

+ +

SEE ALSO

+ +

ERR_get_error(3), d2i_X509_NAME(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_NAME_get0_der.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_NAME_get0_der.html new file mode 100644 index 00000000..0d2d29bb --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_NAME_get0_der.html @@ -0,0 +1,57 @@ + + + + +X509_NAME_get0_der + + + + + + + + + + +

NAME

+ +

X509_NAME_get0_der - get X509_NAME DER encoding

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
+                       size_t *pderlen)
+ +

DESCRIPTION

+ +

The function X509_NAME_get0_der() returns an internal pointer to the encoding of an X509_NAME structure in *pder and consisting of *pderlen bytes. It is useful for applications that wish to examine the encoding of an X509_NAME structure without copying it.

+ +

RETURN VALUES

+ +

The function X509_NAME_get0_der() returns 1 for success and 0 if an error occurred.

+ +

SEE ALSO

+ +

d2i_X509(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_NAME_get_index_by_NID.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_NAME_get_index_by_NID.html new file mode 100644 index 00000000..93170e31 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_NAME_get_index_by_NID.html @@ -0,0 +1,112 @@ + + + + +X509_NAME_get_index_by_NID + + + + + + + + + + +

NAME

+ +

X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ - X509_NAME lookup and enumeration functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos);
+
+int X509_NAME_entry_count(const X509_NAME *name);
+X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
+
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len);
+ +

DESCRIPTION

+ +

These functions allow an X509_NAME structure to be examined. The X509_NAME structure is the same as the Name type defined in RFC2459 (and elsewhere) and used for example in certificate subject and issuer names.

+ +

X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve the next index matching nid or obj after lastpos. lastpos should initially be set to -1. If there are no more entries -1 is returned. If nid is invalid (doesn't correspond to a valid OID) then -2 is returned.

+ +

X509_NAME_entry_count() returns the total number of entries in name.

+ +

X509_NAME_get_entry() retrieves the X509_NAME_ENTRY from name corresponding to index loc. Acceptable values for loc run from 0 to (X509_NAME_entry_count(name) - 1). The value returned is an internal pointer which must not be freed.

+ +

X509_NAME_get_text_by_NID(), X509_NAME_get_text_by_OBJ() retrieve the "text" from the first entry in name which matches nid or obj, if no such entry exists -1 is returned. At most len bytes will be written and the text written to buf will be null terminated. The length of the output string written is returned excluding the terminating null. If buf is <NULL> then the amount of space needed in buf (excluding the final null) is returned.

+ +

NOTES

+ +

X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() should be considered deprecated because they have various limitations which make them of minimal use in practice. They can only find the first matching entry and will copy the contents of the field verbatim: this can be highly confusing if the target is a multicharacter string type like a BMPString or a UTF8String.

+ +

For a more general solution X509_NAME_get_index_by_NID() or X509_NAME_get_index_by_OBJ() should be used followed by X509_NAME_get_entry() on any matching indices and then the various X509_NAME_ENTRY utility functions on the result.

+ +

The list of all relevant NID_* and OBJ_* codes can be found in the source code header files <openssl/obj_mac.h> and/or <openssl/objects.h>.

+ +

Applications which could pass invalid NIDs to X509_NAME_get_index_by_NID() should check for the return value of -2. Alternatively the NID validity can be determined first by checking OBJ_nid2obj(nid) is not NULL.

+ +

RETURN VALUES

+ +

X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() return the index of the next matching entry or -1 if not found. X509_NAME_get_index_by_NID() can also return -2 if the supplied NID is invalid.

+ +

X509_NAME_entry_count() returns the total number of entries.

+ +

X509_NAME_get_entry() returns an X509_NAME pointer to the requested entry or NULL if the index is invalid.

+ +

EXAMPLES

+ +

Process all entries:

+ +
int i;
+X509_NAME_ENTRY *e;
+
+for (i = 0; i < X509_NAME_entry_count(nm); i++) {
+    e = X509_NAME_get_entry(nm, i);
+    /* Do something with e */
+}
+ +

Process all commonName entries:

+ +
int lastpos = -1;
+X509_NAME_ENTRY *e;
+
+for (;;) {
+    lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
+    if (lastpos == -1)
+        break;
+    e = X509_NAME_get_entry(nm, lastpos);
+    /* Do something with e */
+}
+ +

SEE ALSO

+ +

ERR_get_error(3), d2i_X509_NAME(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_NAME_print_ex.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_NAME_print_ex.html new file mode 100644 index 00000000..d3d48115 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_NAME_print_ex.html @@ -0,0 +1,106 @@ + + + + +X509_NAME_print_ex + + + + + + + + + + +

NAME

+ +

X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, X509_NAME_oneline - X509_NAME printing routines

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags);
+int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags);
+char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
+int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
+ +

DESCRIPTION

+ +

X509_NAME_print_ex() prints a human readable version of nm to BIO out. Each line (for multiline formats) is indented by indent spaces. The output format can be extensively customised by use of the flags parameter.

+ +

X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output is written to FILE pointer fp.

+ +

X509_NAME_oneline() prints an ASCII version of a to buf. If buf is NULL then a buffer is dynamically allocated and returned, and size is ignored. Otherwise, at most size bytes will be written, including the ending '\0', and buf is returned.

+ +

X509_NAME_print() prints out name to bp indenting each line by obase characters. Multiple lines are used if the output (including indent) exceeds 80 characters.

+ +

NOTES

+ +

The functions X509_NAME_oneline() and X509_NAME_print() produce a non standard output form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications and they could be deprecated in a future release.

+ +

Although there are a large number of possible flags for most purposes XN_FLAG_ONELINE, XN_FLAG_MULTILINE or XN_FLAG_RFC2253 will suffice. As noted on the ASN1_STRING_print_ex(3) manual page for UTF8 terminals the ASN1_STRFLGS_ESC_MSB should be unset: so for example XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB would be used.

+ +

The complete set of the flags supported by X509_NAME_print_ex() is listed below.

+ +

Several options can be ored together.

+ +

The options XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_SPLUS_SPC and XN_FLAG_SEP_MULTILINE determine the field separators to use. Two distinct separators are used between distinct RelativeDistinguishedName components and separate values in the same RDN for a multi-valued RDN. Multi-valued RDNs are currently very rare so the second separator will hardly ever be used.

+ +

XN_FLAG_SEP_COMMA_PLUS uses comma and plus as separators. XN_FLAG_SEP_CPLUS_SPC uses comma and plus with spaces: this is more readable that plain comma and plus. XN_FLAG_SEP_SPLUS_SPC uses spaced semicolon and plus. XN_FLAG_SEP_MULTILINE uses spaced newline and plus respectively.

+ +

If XN_FLAG_DN_REV is set the whole DN is printed in reversed order.

+ +

The fields XN_FLAG_FN_SN, XN_FLAG_FN_LN, XN_FLAG_FN_OID, XN_FLAG_FN_NONE determine how a field name is displayed. It will use the short name (e.g. CN) the long name (e.g. commonName) always use OID numerical form (normally OIDs are only used if the field name is not recognised) and no field name respectively.

+ +

If XN_FLAG_SPC_EQ is set then spaces will be placed around the '=' character separating field names and values.

+ +

If XN_FLAG_DUMP_UNKNOWN_FIELDS is set then the encoding of unknown fields is printed instead of the values.

+ +

If XN_FLAG_FN_ALIGN is set then field names are padded to 20 characters: this is only of use for multiline format.

+ +

Additionally all the options supported by ASN1_STRING_print_ex() can be used to control how each field value is displayed.

+ +

In addition a number options can be set for commonly used formats.

+ +

XN_FLAG_RFC2253 sets options which produce an output compatible with RFC2253 it is equivalent to: ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS

+ +

XN_FLAG_ONELINE is a more readable one line format which is the same as: ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN

+ +

XN_FLAG_MULTILINE is a multiline format which is the same as: ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN

+ +

XN_FLAG_COMPAT uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally.

+ +

RETURN VALUES

+ +

X509_NAME_oneline() returns a valid string on success or NULL on error.

+ +

X509_NAME_print() returns 1 on success or 0 on error.

+ +

X509_NAME_print_ex() and X509_NAME_print_ex_fp() return 1 on success or 0 on error if the XN_FLAG_COMPAT is set, which is the same as X509_NAME_print(). Otherwise, it returns -1 on error or other values on success.

+ +

SEE ALSO

+ +

ASN1_STRING_print_ex(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_PUBKEY_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_PUBKEY_new.html new file mode 100644 index 00000000..171dea2d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_PUBKEY_new.html @@ -0,0 +1,110 @@ + + + + +X509_PUBKEY_new + + + + + + + + + + +

NAME

+ +

X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+X509_PUBKEY *X509_PUBKEY_new(void);
+void X509_PUBKEY_free(X509_PUBKEY *a);
+
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
+
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
+
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
+
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
+
+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                           int ptype, void *pval,
+                           unsigned char *penc, int penclen);
+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                           const unsigned char **pk, int *ppklen,
+                           X509_ALGOR **pa, X509_PUBKEY *pub);
+ +

DESCRIPTION

+ +

The X509_PUBKEY structure represents the ASN.1 SubjectPublicKeyInfo structure defined in RFC5280 and used in certificates and certificate requests.

+ +

X509_PUBKEY_new() allocates and initializes an X509_PUBKEY structure.

+ +

X509_PUBKEY_free() frees up X509_PUBKEY structure a. If a is NULL nothing is done.

+ +

X509_PUBKEY_set() sets the public key in *x to the public key contained in the EVP_PKEY structure pkey. If *x is not NULL any existing public key structure will be freed.

+ +

X509_PUBKEY_get0() returns the public key contained in key. The returned value is an internal pointer which MUST NOT be freed after use.

+ +

X509_PUBKEY_get() is similar to X509_PUBKEY_get0() except the reference count on the returned key is incremented so it MUST be freed using EVP_PKEY_free() after use.

+ +

d2i_PUBKEY() and i2d_PUBKEY() decode and encode an EVP_PKEY structure using SubjectPublicKeyInfo format. They otherwise follow the conventions of other ASN.1 functions such as d2i_X509().

+ +

d2i_PUBKEY_bio(), d2i_PUBKEY_fp(), i2d_PUBKEY_bio() and i2d_PUBKEY_fp() are similar to d2i_PUBKEY() and i2d_PUBKEY() except they decode or encode using a BIO or FILE pointer.

+ +

X509_PUBKEY_set0_param() sets the public key parameters of pub. The OID associated with the algorithm is set to aobj. The type of the algorithm parameters is set to type using the structure pval. The encoding of the public key itself is set to the penclen bytes contained in buffer penc. On success ownership of all the supplied parameters is passed to pub so they must not be freed after the call.

+ +

X509_PUBKEY_get0_param() retrieves the public key parameters from pub, *ppkalg is set to the associated OID and the encoding consists of *ppklen bytes at *pk, *pa is set to the associated AlgorithmIdentifier for the public key. If the value of any of these parameters is not required it can be set to NULL. All of the retrieved pointers are internal and must not be freed after the call.

+ +

NOTES

+ +

The X509_PUBKEY functions can be used to encode and decode public keys in a standard format.

+ +

In many cases applications will not call the X509_PUBKEY functions directly: they will instead call wrapper functions such as X509_get0_pubkey().

+ +

RETURN VALUES

+ +

If the allocation fails, X509_PUBKEY_new() returns NULL and sets an error code that can be obtained by ERR_get_error(3).

+ +

Otherwise it returns a pointer to the newly allocated structure.

+ +

X509_PUBKEY_free() does not return a value.

+ +

X509_PUBKEY_get0() and X509_PUBKEY_get() return a pointer to an EVP_PKEY structure or NULL if an error occurs.

+ +

X509_PUBKEY_set(), X509_PUBKEY_set0_param() and X509_PUBKEY_get0_param() return 1 for success and 0 if an error occurred.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_get_pubkey(3),

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_SIG_get0.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_SIG_get0.html new file mode 100644 index 00000000..887a2ba5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_SIG_get0.html @@ -0,0 +1,59 @@ + + + + +X509_SIG_get0 + + + + + + + + + + +

NAME

+ +

X509_SIG_get0, X509_SIG_getm - DigestInfo functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
+                   const ASN1_OCTET_STRING **pdigest);
+void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+                   ASN1_OCTET_STRING **pdigest,
+ +

DESCRIPTION

+ +

X509_SIG_get0() returns pointers to the algorithm identifier and digest value in sig. X509_SIG_getm() is identical to X509_SIG_get0() except the pointers returned are not constant and can be modified: for example to initialise them.

+ +

RETURN VALUES

+ +

X509_SIG_get0() and X509_SIG_getm() return no values.

+ +

SEE ALSO

+ +

d2i_X509(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_CTX_get_error.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_CTX_get_error.html new file mode 100644 index 00000000..98ec5ca0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_CTX_get_error.html @@ -0,0 +1,374 @@ + + + + +X509_STORE_CTX_get_error + + + + + + + + + + +

NAME

+ +

X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set certificate verification status information

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int   X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+void  X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
+int   X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+void  X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+void  X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
+
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
+
+const char *X509_verify_cert_error_string(long n);
+ +

DESCRIPTION

+ +

These functions are typically called after X509_verify_cert() has indicated an error or in a verification callback to determine the nature of an error.

+ +

X509_STORE_CTX_get_error() returns the error code of ctx, see the ERROR CODES section for a full description of all error codes.

+ +

X509_STORE_CTX_set_error() sets the error code of ctx to s. For example it might be used in a verification callback to set an error based on additional checks.

+ +

X509_STORE_CTX_get_error_depth() returns the depth of the error. This is a non-negative integer representing where in the certificate chain the error occurred. If it is zero it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on.

+ +

X509_STORE_CTX_set_error_depth() sets the error depth. This can be used in combination with X509_STORE_CTX_set_error() to set the depth at which an error condition was detected.

+ +

X509_STORE_CTX_get_current_cert() returns the certificate in ctx which caused the error or NULL if no certificate is relevant.

+ +

X509_STORE_CTX_set_current_cert() sets the certificate x in ctx which caused the error. This value is not intended to remain valid for very long, and remains owned by the caller. It may be examined by a verification callback invoked to handle each error encountered during chain verification and is no longer required after such a callback. If a callback wishes the save the certificate for use after it returns, it needs to increment its reference count via X509_up_ref(3). Once such a saved certificate is no longer needed it can be freed with X509_free(3).

+ +

X509_STORE_CTX_get0_cert() retrieves an internal pointer to the certificate being verified by the ctx.

+ +

X509_STORE_CTX_get1_chain() returns a complete validate chain if a previous call to X509_verify_cert() is successful. If the call to X509_verify_cert() is not successful the returned chain may be incomplete or invalid. The returned chain persists after the ctx structure is freed, when it is no longer needed it should be free up using:

+ +
sk_X509_pop_free(chain, X509_free);
+ +

X509_verify_cert_error_string() returns a human readable error string for verification error n.

+ +

RETURN VALUES

+ +

X509_STORE_CTX_get_error() returns X509_V_OK or an error code.

+ +

X509_STORE_CTX_get_error_depth() returns a non-negative error depth.

+ +

X509_STORE_CTX_get_current_cert() returns the certificate which caused the error or NULL if no certificate is relevant to the error.

+ +

X509_verify_cert_error_string() returns a human readable error string for verification error n.

+ +

ERROR CODES

+ +

A list of error codes and messages is shown below. Some of the error codes are defined but currently never returned: these are described as "unused".

+ +
+ +
X509_V_OK: ok
+
+ +

the operation was successful.

+ +
+
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate
+
+ +

the issuer certificate of a locally looked up certificate could not be found. This normally means the list of trusted certificates is not complete.

+ +
+
X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL
+
+ +

the CRL of a certificate could not be found.

+ +
+
X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature
+
+ +

the certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for RSA keys.

+ +
+
X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature
+
+ +

the CRL signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused.

+ +
+
X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key
+
+ +

the public key in the certificate SubjectPublicKeyInfo could not be read.

+ +
+
X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure
+
+ +

the signature of the certificate is invalid.

+ +
+
X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure
+
+ +

the signature of the certificate is invalid.

+ +
+
X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid
+
+ +

the certificate is not yet valid: the notBefore date is after the current time.

+ +
+
X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired
+
+ +

the certificate has expired: that is the notAfter date is before the current time.

+ +
+
X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid
+
+ +

the CRL is not yet valid.

+ +
+
X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired
+
+ +

the CRL has expired.

+ +
+
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field
+
+ +

the certificate notBefore field contains an invalid time.

+ +
+
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field
+
+ +

the certificate notAfter field contains an invalid time.

+ +
+
X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field
+
+ +

the CRL lastUpdate field contains an invalid time.

+ +
+
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field
+
+ +

the CRL nextUpdate field contains an invalid time.

+ +
+
X509_V_ERR_OUT_OF_MEM: out of memory
+
+ +

an error occurred trying to allocate memory. This should never happen.

+ +
+
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate
+
+ +

the passed certificate is self signed and the same certificate cannot be found in the list of trusted certificates.

+ +
+
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain
+
+ +

the certificate chain could be built up using the untrusted certificates but the root could not be found locally.

+ +
+
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
+
+ +

the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found.

+ +
+
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate
+
+ +

no signatures could be verified because the chain contains only one certificate and it is not self signed.

+ +
+
X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long
+
+ +

the certificate chain length is greater than the supplied maximum depth. Unused.

+ +
+
X509_V_ERR_CERT_REVOKED: certificate revoked
+
+ +

the certificate has been revoked.

+ +
+
X509_V_ERR_INVALID_CA: invalid CA certificate
+
+ +

a CA certificate is invalid. Either it is not a CA or its extensions are not consistent with the supplied purpose.

+ +
+
X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded
+
+ +

the basicConstraints path-length parameter has been exceeded.

+ +
+
X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose
+
+ +

the supplied certificate cannot be used for the specified purpose.

+ +
+
X509_V_ERR_CERT_UNTRUSTED: certificate not trusted
+
+ +

the root CA is not marked as trusted for the specified purpose.

+ +
+
X509_V_ERR_CERT_REJECTED: certificate rejected
+
+ +

the root CA is marked to reject the specified purpose.

+ +
+
X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch
+
+ +

the current candidate issuer certificate was rejected because its subject name did not match the issuer name of the current certificate. This is only set if issuer check debugging is enabled it is used for status notification and is not in itself an error.

+ +
+
X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch
+
+ +

the current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate. This is only set if issuer check debugging is enabled it is used for status notification and is not in itself an error.

+ +
+
X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch
+
+ +

the current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. This is only set if issuer check debugging is enabled it is used for status notification and is not in itself an error.

+ +
+
X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing
+
+ +

the current candidate issuer certificate was rejected because its keyUsage extension does not permit certificate signing. This is only set if issuer check debugging is enabled it is used for status notification and is not in itself an error.

+ +
+
X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension
+
+ +

A certificate extension had an invalid value (for example an incorrect encoding) or some value inconsistent with other extensions.

+ +
+
X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension
+
+ +

A certificate policies extension had an invalid value (for example an incorrect encoding) or some value inconsistent with other extensions. This error only occurs if policy processing is enabled.

+ +
+
X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy
+
+ +

The verification flags were set to require and explicit policy but none was present.

+ +
+
X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope
+
+ +

The only CRLs that could be found did not match the scope of the certificate.

+ +
+
X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature
+
+ +

Some feature of a certificate extension is not supported. Unused.

+ +
+
X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation
+
+ +

A name constraint violation occurred in the permitted subtrees.

+ +
+
X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation
+
+ +

A name constraint violation occurred in the excluded subtrees.

+ +
+
X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported
+
+ +

A certificate name constraints extension included a minimum or maximum field: this is not supported.

+ +
+
X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type
+
+ +

An unsupported name constraint type was encountered. OpenSSL currently only supports directory name, DNS name, email and URI types.

+ +
+
X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax
+
+ +

The format of the name constraint is not recognised: for example an email address format of a form not mentioned in RFC3280. This could be caused by a garbage extension or some new feature not currently supported.

+ +
+
X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error
+
+ +

An error occurred when attempting to verify the CRL path. This error can only happen if extended CRL checking is enabled.

+ +
+
X509_V_ERR_APPLICATION_VERIFICATION: application verification failure
+
+ +

an application specific error. This will never be returned unless explicitly set by an application.

+ +
+
+ +

NOTES

+ +

The above functions should be used instead of directly referencing the fields in the X509_VERIFY_CTX structure.

+ +

In versions of OpenSSL before 1.0 the current certificate returned by X509_STORE_CTX_get_current_cert() was never NULL. Applications should check the return value before printing out any debugging information relating to the current certificate.

+ +

If an unrecognised error code is passed to X509_verify_cert_error_string() the numerical value of the unknown code is returned in a static buffer. This is not thread safe but will never happen unless an invalid code is passed.

+ +

SEE ALSO

+ +

X509_verify_cert(3), X509_up_ref(3), X509_free(3).

+ +

COPYRIGHT

+ +

Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_CTX_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_CTX_new.html new file mode 100644 index 00000000..cc1d19c4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_CTX_new.html @@ -0,0 +1,141 @@ + + + + +X509_STORE_CTX_new + + + + + + + + + + +

NAME

+ +

X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, X509_STORE_CTX_get_num_untrusted, X509_STORE_CTX_set_default, X509_STORE_CTX_set_verify, X509_STORE_CTX_verify_fn - X509_STORE_CTX initialisation

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+X509_STORE_CTX *X509_STORE_CTX_new(void);
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
+
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+                        X509 *x509, STACK_OF(X509) *chain);
+
+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x);
+STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain);
+void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
+
+X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
+int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
+
+STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+
+int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx);
+
+typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
+void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify);
+ +

DESCRIPTION

+ +

These functions initialise an X509_STORE_CTX structure for subsequent use by X509_verify_cert().

+ +

X509_STORE_CTX_new() returns a newly initialised X509_STORE_CTX structure.

+ +

X509_STORE_CTX_cleanup() internally cleans up an X509_STORE_CTX structure. The context can then be reused with an new call to X509_STORE_CTX_init().

+ +

X509_STORE_CTX_free() completely frees up ctx. After this call ctx is no longer valid. If ctx is NULL nothing is done.

+ +

X509_STORE_CTX_init() sets up ctx for a subsequent verification operation. It must be called before each call to X509_verify_cert(), i.e. a ctx is only good for one call to X509_verify_cert(); if you want to verify a second certificate with the same ctx then you must call X509_STORE_CTX_cleanup() and then X509_STORE_CTX_init() again before the second call to X509_verify_cert(). The trusted certificate store is set to store, the end entity certificate to be verified is set to x509 and a set of additional certificates (which will be untrusted but may be used to build the chain) in chain. Any or all of the store, x509 and chain parameters can be NULL.

+ +

X509_STORE_CTX_set0_trusted_stack() sets the set of trusted certificates of ctx to sk. This is an alternative way of specifying trusted certificates instead of using an X509_STORE.

+ +

X509_STORE_CTX_set_cert() sets the certificate to be verified in ctx to x.

+ +

X509_STORE_CTX_set0_verified_chain() sets the validated chain used by ctx to be chain. Ownership of the chain is transferred to ctx and should not be free'd by the caller. X509_STORE_CTX_get0_chain() returns a the internal pointer used by the ctx that contains the validated chain.

+ +

X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate verification to sk. These CRLs will only be used if CRL verification is enabled in the associated X509_VERIFY_PARAM structure. This might be used where additional "useful" CRLs are supplied as part of a protocol, for example in a PKCS#7 structure.

+ +

X509_STORE_CTX_get0_param() retrieves an internal pointer to the verification parameters associated with ctx.

+ +

X509_STORE_CTX_get0_untrusted() retrieves an internal pointer to the stack of untrusted certificates associated with ctx.

+ +

X509_STORE_CTX_set0_untrusted() sets the internal point to the stack of untrusted certificates associated with ctx to sk.

+ +

X509_STORE_CTX_set0_param() sets the internal verification parameter pointer to param. After this call param should not be used.

+ +

X509_STORE_CTX_set_default() looks up and sets the default verification method to name. This uses the function X509_VERIFY_PARAM_lookup() to find an appropriate set of parameters from name.

+ +

X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates that were used in building the chain following a call to X509_verify_cert().

+ +

X509_STORE_CTX_set_verify() provides the capability for overriding the default verify function. This function is responsible for verifying chain signatures and expiration times.

+ +

A verify function is defined as an X509_STORE_CTX_verify type which has the following signature:

+ +
int (*verify)(X509_STORE_CTX *);
+ +

This function should receive the current X509_STORE_CTX as a parameter and return 1 on success or 0 on failure.

+ +

NOTES

+ +

The certificates and CRLs in a store are used internally and should not be freed up until after the associated X509_STORE_CTX is freed.

+ +

BUGS

+ +

The certificates and CRLs in a context are used internally and should not be freed up until after the associated X509_STORE_CTX is freed. Copies should be made or reference counts increased instead.

+ +

RETURN VALUES

+ +

X509_STORE_CTX_new() returns an newly allocates context or NULL is an error occurred.

+ +

X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred.

+ +

X509_STORE_CTX_get0_param() returns a pointer to an X509_VERIFY_PARAM structure or NULL if an error occurred.

+ +

X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(), X509_STORE_CTX_set0_trusted_stack(), X509_STORE_CTX_set_cert(), X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return values.

+ +

X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.

+ +

X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates used.

+ +

SEE ALSO

+ +

X509_verify_cert(3) X509_VERIFY_PARAM_set_flags(3)

+ +

HISTORY

+ +

The X509_STORE_CTX_set0_crls() function was added in OpenSSL 1.0.0. The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_CTX_set_verify_cb.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_CTX_set_verify_cb.html new file mode 100644 index 00000000..b0179448 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_CTX_set_verify_cb.html @@ -0,0 +1,184 @@ + + + + +X509_STORE_CTX_set_verify_cb + + + + + + + + + + +

NAME

+ +

X509_STORE_CTX_get_cleanup, X509_STORE_CTX_get_lookup_crls, X509_STORE_CTX_get_lookup_certs, X509_STORE_CTX_get_check_policy, X509_STORE_CTX_get_cert_crl, X509_STORE_CTX_get_check_crl, X509_STORE_CTX_get_get_crl, X509_STORE_CTX_get_check_revocation, X509_STORE_CTX_get_check_issued, X509_STORE_CTX_get_get_issuer, X509_STORE_CTX_get_verify_cb, X509_STORE_CTX_set_verify_cb, X509_STORE_CTX_verify_cb - get and set verification callback

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+
+X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
+
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                  X509_STORE_CTX_verify_cb verify_cb);
+
+X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx);
+X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx);
+X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx);
+X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
+ +

DESCRIPTION

+ +

X509_STORE_CTX_set_verify_cb() sets the verification callback of ctx to verify_cb overwriting any existing callback.

+ +

The verification callback can be used to customise the operation of certificate verification, either by overriding error conditions or logging errors for debugging purposes.

+ +

However a verification callback is not essential and the default operation is often sufficient.

+ +

The ok parameter to the callback indicates the value the callback should return to retain the default behaviour. If it is zero then an error condition is indicated. If it is 1 then no error occurred. If the flag X509_V_FLAG_NOTIFY_POLICY is set then ok is set to 2 to indicate the policy checking is complete.

+ +

The ctx parameter to the callback is the X509_STORE_CTX structure that is performing the verification operation. A callback can examine this structure and receive additional information about the error, for example by calling X509_STORE_CTX_get_current_cert(). Additional application data can be passed to the callback via the ex_data mechanism.

+ +

X509_STORE_CTX_get_verify_cb() returns the value of the current callback for the specific ctx.

+ +

X509_STORE_CTX_get_get_issuer(), X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(), X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(), X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(), X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls() and X509_STORE_CTX_get_cleanup() return the function pointers cached from the corresponding X509_STORE, please see X509_STORE_set_verify(3) for more information.

+ +

WARNINGS

+ +

In general a verification callback should NOT unconditionally return 1 in all circumstances because this will allow verification to succeed no matter what the error. This effectively removes all security from the application because any certificate (including untrusted generated ones) will be accepted.

+ +

NOTES

+ +

The verification callback can be set and inherited from the parent structure performing the operation. In some cases (such as S/MIME verification) the X509_STORE_CTX structure is created and destroyed internally and the only way to set a custom verification callback is by inheriting it from the associated X509_STORE.

+ +

RETURN VALUES

+ +

X509_STORE_CTX_set_verify_cb() does not return a value.

+ +

EXAMPLES

+ +

Default callback operation:

+ +
int verify_callback(int ok, X509_STORE_CTX *ctx) {
+    return ok;
+}
+ +

Simple example, suppose a certificate in the chain is expired and we wish to continue after this error:

+ +
int verify_callback(int ok, X509_STORE_CTX *ctx) {
+    /* Tolerate certificate expiration */
+    if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
+        return 1;
+    /* Otherwise don't override */
+    return ok;
+}
+ +

More complex example, we don't wish to continue after any certificate has expired just one specific case:

+ +
int verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+    int err = X509_STORE_CTX_get_error(ctx);
+    X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
+
+    if (err == X509_V_ERR_CERT_HAS_EXPIRED) {
+        if (check_is_acceptable_expired_cert(err_cert)
+            return 1;
+    }
+    return ok;
+}
+ +

Full featured logging callback. In this case the bio_err is assumed to be a global logging BIO, an alternative would to store a BIO in ctx using ex_data.

+ +
int verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+    X509 *err_cert;
+    int err, depth;
+
+    err_cert = X509_STORE_CTX_get_current_cert(ctx);
+    err = X509_STORE_CTX_get_error(ctx);
+    depth = X509_STORE_CTX_get_error_depth(ctx);
+
+    BIO_printf(bio_err, "depth=%d ", depth);
+    if (err_cert) {
+        X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
+                           0, XN_FLAG_ONELINE);
+        BIO_puts(bio_err, "\n");
+    }
+    else
+        BIO_puts(bio_err, "<no cert>\n");
+    if (!ok)
+        BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
+                   X509_verify_cert_error_string(err));
+    switch (err) {
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+        BIO_puts(bio_err, "issuer= ");
+        X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+                           0, XN_FLAG_ONELINE);
+        BIO_puts(bio_err, "\n");
+        break;
+    case X509_V_ERR_CERT_NOT_YET_VALID:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        BIO_printf(bio_err, "notBefore=");
+        ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
+        BIO_printf(bio_err, "\n");
+        break;
+    case X509_V_ERR_CERT_HAS_EXPIRED:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        BIO_printf(bio_err, "notAfter=");
+        ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
+        BIO_printf(bio_err, "\n");
+        break;
+    case X509_V_ERR_NO_EXPLICIT_POLICY:
+        policies_print(bio_err, ctx);
+        break;
+    }
+    if (err == X509_V_OK && ok == 2)
+        /* print out policies */
+
+    BIO_printf(bio_err, "verify return:%d\n", ok);
+    return(ok);
+}
+ +

SEE ALSO

+ +

X509_STORE_CTX_get_error(3) X509_STORE_set_verify_cb_func(3) X509_STORE_CTX_get_ex_new_index(3)

+ +

HISTORY

+ +

The X509_STORE_CTX_get_get_issuer(), X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(), X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(), X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(), X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls() and X509_STORE_CTX_get_cleanup() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_add_cert.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_add_cert.html new file mode 100644 index 00000000..8e224d64 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_add_cert.html @@ -0,0 +1,86 @@ + + + + +X509_STORE_add_cert + + + + + + + + + + +

NAME

+ +

X509_STORE, X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, X509_STORE_add_lookup, X509_STORE_load_locations, X509_STORE_set_default_paths - X509_STORE manipulation

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+typedef x509_store_st X509_STORE;
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_set_depth(X509_STORE *store, int depth);
+int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
+int X509_STORE_set_trust(X509_STORE *ctx, int trust);
+
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store,
+                                   X509_LOOKUP_METHOD *meth);
+
+int X509_STORE_load_locations(X509_STORE *ctx,
+                              const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *ctx);
+ +

DESCRIPTION

+ +

The X509_STORE structure is intended to be a consolidated mechanism for holding information about X.509 certificates and CRLs, and constructing and validating chains of certificates terminating in trusted roots. It admits multiple lookup mechanisms and efficient scaling performance with large numbers of certificates, and a great deal of flexibility in how validation and policy checks are performed.

+ +

X509_STORE_new(3) creates an empty X509_STORE structure, which contains no information about trusted certificates or where such certificates are located on disk, and is generally not usable. Normally, trusted certificates will be added to the X509_STORE to prepare it for use, via mechanisms such as X509_STORE_add_lookup() and X509_LOOKUP_file(), or PEM_read_bio_X509_AUX() and X509_STORE_add_cert(). CRLs can also be added, and many behaviors configured as desired.

+ +

Once the X509_STORE is suitably configured, X509_STORE_CTX_new() is used to instantiate a single-use X509_STORE_CTX for each chain-building and verification operation. That process includes providing the end-entity certificate to be verified and an additional set of untrusted certificates that may be used in chain-building. As such, it is expected that the certificates included in the X509_STORE are certificates that represent trusted entities such as root certificate authorities (CAs). OpenSSL represents these trusted certificates internally as X509 objects with an associated X509_CERT_AUX, as are produced by PEM_read_bio_X509_AUX() and similar routines that refer to X509_AUX. The public interfaces that operate on such trusted certificates still operate on pointers to X509 objects, though.

+ +

X509_STORE_add_cert() and X509_STORE_add_crl() add the respective object to the X509_STORE's local storage. Untrusted objects should not be added in this way. The added object's reference count is incremented by one, hence the caller retains ownership of the object and needs to free it when it is no longer needed.

+ +

X509_STORE_set_depth(), X509_STORE_set_flags(), X509_STORE_set_purpose(), X509_STORE_set_trust(), and X509_STORE_set1_param() set the default values for the corresponding values used in certificate chain validation. Their behavior is documented in the corresponding X509_VERIFY_PARAM manual pages, e.g., X509_VERIFY_PARAM_set_depth(3).

+ +

X509_STORE_add_lookup() finds or creates a X509_LOOKUP(3) with the X509_LOOKUP_METHOD(3) meth and adds it to the X509_STORE store. This also associates the X509_STORE with the lookup, so X509_LOOKUP functions can look up objects in that store.

+ +

X509_STORE_load_locations() loads trusted certificate(s) into an X509_STORE from a given file and/or directory path. It is permitted to specify just a file, just a directory, or both paths. The certificates in the directory must be in hashed form, as documented in X509_LOOKUP_hash_dir(3).

+ +

X509_STORE_set_default_paths() is somewhat misnamed, in that it does not set what default paths should be used for loading certificates. Instead, it loads certificates into the X509_STORE from the hardcoded default paths.

+ +

RETURN VALUES

+ +

X509_STORE_add_cert(), X509_STORE_add_crl(), X509_STORE_set_depth(), X509_STORE_set_flags(), X509_STORE_set_purpose(), X509_STORE_set_trust(), X509_STORE_load_locations(), and X509_STORE_set_default_paths() return 1 on success or 0 on failure.

+ +

X509_STORE_add_lookup() returns the found or created X509_LOOKUP(3), or NULL on error.

+ +

SEE ALSO

+ +

X509_LOOKUP_hash_dir(3). X509_VERIFY_PARAM_set_depth(3). X509_STORE_new(3), X509_STORE_get0_param(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_get0_param.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_get0_param.html new file mode 100644 index 00000000..274a5b03 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_get0_param.html @@ -0,0 +1,71 @@ + + + + +X509_STORE_get0_param + + + + + + + + + + +

NAME

+ +

X509_STORE_get0_param, X509_STORE_set1_param, X509_STORE_get0_objects - X509_STORE setter and getter functions

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
+int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx);
+ +

DESCRIPTION

+ +

X509_STORE_set1_param() sets the verification parameters to pm for ctx.

+ +

X509_STORE_get0_param() retrieves an internal pointer to the verification parameters for ctx. The returned pointer must not be freed by the calling application

+ +

X509_STORE_get0_objects() retrieve an internal pointer to the store's X509 object cache. The cache contains X509 and X509_CRL objects. The returned pointer must not be freed by the calling application.

+ +

RETURN VALUES

+ +

X509_STORE_get0_param() returns a pointer to an X509_VERIFY_PARAM structure.

+ +

X509_STORE_set1_param() returns 1 for success and 0 for failure.

+ +

X509_STORE_get0_objects() returns a pointer to a stack of X509_OBJECT.

+ +

SEE ALSO

+ +

X509_STORE_new(3)

+ +

HISTORY

+ +

X509_STORE_get0_param and X509_STORE_get0_objects were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_new.html new file mode 100644 index 00000000..3c219a1f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_new.html @@ -0,0 +1,75 @@ + + + + +X509_STORE_new + + + + + + + + + + +

NAME

+ +

X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, X509_STORE_unlock - X509_STORE allocation, freeing and locking functions

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+X509_STORE *X509_STORE_new(void);
+void X509_STORE_free(X509_STORE *v);
+int X509_STORE_lock(X509_STORE *v);
+int X509_STORE_unlock(X509_STORE *v);
+int X509_STORE_up_ref(X509_STORE *v);
+ +

DESCRIPTION

+ +

The X509_STORE_new() function returns a new X509_STORE.

+ +

X509_STORE_up_ref() increments the reference count associated with the X509_STORE object.

+ +

X509_STORE_lock() locks the store from modification by other threads, X509_STORE_unlock() unlocks it.

+ +

X509_STORE_free() frees up a single X509_STORE object.

+ +

RETURN VALUES

+ +

X509_STORE_new() returns a newly created X509_STORE or NULL if the call fails.

+ +

X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() return 1 for success and 0 for failure.

+ +

X509_STORE_free() does not return values.

+ +

SEE ALSO

+ +

X509_STORE_set_verify_cb_func(3) X509_STORE_get0_param(3)

+ +

HISTORY

+ +

The X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_set_verify_cb_func.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_set_verify_cb_func.html new file mode 100644 index 00000000..bfab73c9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_STORE_set_verify_cb_func.html @@ -0,0 +1,169 @@ + + + + +X509_STORE_set_verify_cb_func + + + + + + + + + + +

NAME

+ +

X509_STORE_set_lookup_crls_cb, X509_STORE_set_verify_func, X509_STORE_get_cleanup, X509_STORE_set_cleanup, X509_STORE_get_lookup_crls, X509_STORE_set_lookup_crls, X509_STORE_get_lookup_certs, X509_STORE_set_lookup_certs, X509_STORE_get_check_policy, X509_STORE_set_check_policy, X509_STORE_get_cert_crl, X509_STORE_set_cert_crl, X509_STORE_get_check_crl, X509_STORE_set_check_crl, X509_STORE_get_get_crl, X509_STORE_set_get_crl, X509_STORE_get_check_revocation, X509_STORE_set_check_revocation, X509_STORE_get_check_issued, X509_STORE_set_check_issued, X509_STORE_get_get_issuer, X509_STORE_set_get_issuer, X509_STORE_CTX_get_verify, X509_STORE_set_verify, X509_STORE_get_verify_cb, X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb, X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn, X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn - set verification callback

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
+                                            X509_STORE_CTX *ctx, X509 *x);
+typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
+                                              X509 *x, X509 *issuer);
+typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
+typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
+                                         X509_CRL **crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
+typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
+                                          X509_CRL *crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
+typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
+                                                          X509_NAME *nm);
+typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
+                                                             X509_NAME *nm);
+typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                              X509_STORE_CTX_verify_cb verify_cb);
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_get_issuer(X509_STORE *ctx,
+                               X509_STORE_CTX_get_issuer_fn get_issuer);
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_check_issued(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_issued_fn check_issued);
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_check_revocation(X509_STORE *ctx,
+                                     X509_STORE_CTX_check_revocation_fn check_revocation);
+X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_get_crl(X509_STORE *ctx,
+                            X509_STORE_CTX_get_crl_fn get_crl);
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_check_crl(X509_STORE *ctx,
+                              X509_STORE_CTX_check_crl_fn check_crl);
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_cert_crl(X509_STORE *ctx,
+                             X509_STORE_CTX_cert_crl_fn cert_crl);
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_check_policy(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_policy_fn check_policy);
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+                                 X509_STORE_CTX_lookup_certs_fn lookup_certs);
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+                                X509_STORE_CTX_lookup_crls_fn lookup_crls);
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_cleanup(X509_STORE *ctx,
+                            X509_STORE_CTX_cleanup_fn cleanup);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx);
+
+/* Aliases */
+void X509_STORE_set_verify_cb_func(X509_STORE *st,
+                                   X509_STORE_CTX_verify_cb verify_cb);
+void X509_STORE_set_verify_func(X509_STORE *ctx,
+                                X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
+                                   X509_STORE_CTX_lookup_crls_fn lookup_crls);
+ +

DESCRIPTION

+ +

X509_STORE_set_verify_cb() sets the verification callback of ctx to verify_cb overwriting the previous callback. The callback assigned with this function becomes a default for the one that can be assigned directly to the corresponding X509_STORE_CTX, please see X509_STORE_CTX_set_verify_cb(3) for further information.

+ +

X509_STORE_set_verify() sets the final chain verification function for ctx to verify. Its purpose is to go through the chain of certificates and check that all signatures are valid and that the current time is within the limits of each certificate's first and last validity time. The final chain verification functions must return 0 on failure and 1 on success. If no chain verification function is provided, the internal default function will be used instead.

+ +

X509_STORE_set_get_issuer() sets the function to get the issuer certificate that verifies the given certificate x. When found, the issuer certificate must be assigned to *issuer. This function must return 0 on failure and 1 on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_check_issued() sets the function to check that a given certificate x is issued with the issuer certificate issuer. This function must return 0 on failure (among others if x hasn't been issued with issuer) and 1 on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_check_revocation() sets the revocation checking function. Its purpose is to look through the final chain and check the revocation status for each certificate. It must return 0 on failure and 1 on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_get_crl() sets the function to get the crl for a given certificate x. When found, the crl must be assigned to *crl. This function must return 0 on failure and 1 on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_check_crl() sets the function to check the validity of the given crl. This function must return 0 on failure and 1 on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_cert_crl() sets the function to check the revocation status of the given certificate x against the given crl. This function must return 0 on failure and 1 on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_check_policy() sets the function to check the policies of all the certificates in the final chain.. This function must return 0 on failure and 1 on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the functions to look up all the certs or all the CRLs that match the given name nm. These functions return NULL on failure and a pointer to a stack of certificates (X509) or to a stack of CRLs (X509_CRL) on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_cleanup() sets the final cleanup function, which is called when the context (X509_STORE_CTX) is being torn down. This function doesn't return any value. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_get_verify_cb(), X509_STORE_CTX_get_verify(), X509_STORE_get_get_issuer(), X509_STORE_get_check_issued(), X509_STORE_get_check_revocation(), X509_STORE_get_get_crl(), X509_STORE_get_check_crl(), X509_STORE_set_verify(), X509_STORE_set_get_issuer(), X509_STORE_get_cert_crl(), X509_STORE_get_check_policy(), X509_STORE_get_lookup_certs(), X509_STORE_get_lookup_crls() and X509_STORE_get_cleanup() all return the function pointer assigned with X509_STORE_set_check_issued(), X509_STORE_set_check_revocation(), X509_STORE_set_get_crl(), X509_STORE_set_check_crl(), X509_STORE_set_cert_crl(), X509_STORE_set_check_policy(), X509_STORE_set_lookup_certs(), X509_STORE_set_lookup_crls() and X509_STORE_set_cleanup(), or NULL if no assignment has been made.

+ +

X509_STORE_set_verify_cb_func(), X509_STORE_set_verify_func() and X509_STORE_set_lookup_crls_cb() are aliases for X509_STORE_set_verify_cb(), X509_STORE_set_verify() and X509_STORE_set_lookup_crls, available as macros for backward compatibility.

+ +

NOTES

+ +

All the callbacks from a X509_STORE are inherited by the corresponding X509_STORE_CTX structure when it is initialized. See X509_STORE_CTX_set_verify_cb(3) for further details.

+ +

BUGS

+ +

The macro version of this function was the only one available before OpenSSL 1.0.0.

+ +

RETURN VALUES

+ +

The X509_STORE_set_*() functions do not return a value.

+ +

The X509_STORE_get_*() functions return a pointer of the appropriate function type.

+ +

SEE ALSO

+ +

X509_STORE_CTX_set_verify_cb(3), X509_STORE_CTX_get0_chain(3), X509_STORE_CTX_verify_cb(3), X509_STORE_CTX_verify_fn(3), CMS_verify(3)

+ +

HISTORY

+ +

The X509_STORE_set_verify_cb() function was added in OpenSSL 1.0.0.

+ +

The functions X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(), X509_STORE_set_verify(), X509_STORE_CTX_get_verify(), X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(), X509_STORE_set_check_issued(), X509_STORE_get_check_issued(), X509_STORE_set_check_revocation(), X509_STORE_get_check_revocation(), X509_STORE_set_get_crl(), X509_STORE_get_get_crl(), X509_STORE_set_check_crl(), X509_STORE_get_check_crl(), X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(), X509_STORE_set_check_policy(), X509_STORE_get_check_policy(), X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(), X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(), X509_STORE_set_cleanup() and X509_STORE_get_cleanup() were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_VERIFY_PARAM_set_flags.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_VERIFY_PARAM_set_flags.html new file mode 100644 index 00000000..7a465270 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_VERIFY_PARAM_set_flags.html @@ -0,0 +1,231 @@ + + + + +X509_VERIFY_PARAM_set_flags + + + + + + + + + + +

NAME

+ +

X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_get_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc - X509 verification parameters

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
+                                unsigned long flags);
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                  unsigned long flags);
+unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param,
+                                    uint32_t flags);
+uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
+
+void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                  ASN1_OBJECT *policy);
+int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
+                                    STACK_OF(ASN1_OBJECT) *policies);
+
+void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
+
+void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param,
+                                      int auth_level);
+int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen);
+int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen);
+void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+                                     unsigned int flags);
+unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param);
+char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
+                                 const char *email, size_t emaillen);
+int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
+                              const unsigned char *ip, size_t iplen);
+int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
+ +

DESCRIPTION

+ +

These functions manipulate the X509_VERIFY_PARAM structure associated with a certificate verification operation.

+ +

The X509_VERIFY_PARAM_set_flags() function sets the flags in param by oring it with flags. See the VERIFICATION FLAGS section for a complete description of values the flags parameter can take.

+ +

X509_VERIFY_PARAM_get_flags() returns the flags in param.

+ +

X509_VERIFY_PARAM_get_inh_flags() returns the inheritance flags in param which specifies how verification flags are copied from one structure to another. X509_VERIFY_PARAM_set_inh_flags() sets the inheritance flags. See the INHERITANCE FLAGS section for a description of these bits.

+ +

X509_VERIFY_PARAM_clear_flags() clears the flags flags in param.

+ +

X509_VERIFY_PARAM_set_purpose() sets the verification purpose in param to purpose. This determines the acceptable purpose of the certificate chain, for example SSL client or SSL server.

+ +

X509_VERIFY_PARAM_set_trust() sets the trust setting in param to trust.

+ +

X509_VERIFY_PARAM_set_time() sets the verification time in param to t. Normally the current time is used.

+ +

X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled by default) and adds policy to the acceptable policy set.

+ +

X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled by default) and sets the acceptable policy set to policies. Any existing policy set is cleared. The policies parameter can be NULL to clear an existing policy set.

+ +

X509_VERIFY_PARAM_set_depth() sets the maximum verification depth to depth. That is the maximum number of intermediate CA certificates that can appear in a chain. A maximal depth chain contains 2 more certificates than the limit, since neither the end-entity certificate nor the trust-anchor count against this limit. Thus a depth limit of 0 only allows the end-entity certificate to be signed directly by the trust-anchor, while with a depth limit of 1 there can be one intermediate CA certificate between the trust-anchor and the end-entity certificate.

+ +

X509_VERIFY_PARAM_set_auth_level() sets the authentication security level to auth_level. The authentication security level determines the acceptable signature and public key strength when verifying certificate chains. For a certificate chain to validate, the public keys of all the certificates must meet the specified security level. The signature algorithm security level is not enforced for the chain's trust anchor certificate, which is either directly trusted or validated by means other than its signature. See SSL_CTX_set_security_level(3) for the definitions of the available levels. The default security level is -1, or "not set". At security level 0 or lower all algorithms are acceptable. Security level 1 requires at least 80-bit-equivalent security and is broadly interoperable, though it will, for example, reject MD5 signatures or RSA keys shorter than 1024 bits.

+ +

X509_VERIFY_PARAM_set1_host() sets the expected DNS hostname to name clearing any previously specified host name or names. If name is NULL, or empty the list of hostnames is cleared, and name checks are not performed on the peer certificate. If name is NUL-terminated, namelen may be zero, otherwise namelen must be set to the length of name.

+ +

When a hostname is specified, certificate verification automatically invokes X509_check_host(3) with flags equal to the flags argument given to X509_VERIFY_PARAM_set_hostflags() (default zero). Applications are strongly advised to use this interface in preference to explicitly calling X509_check_host(3), hostname checks may be out of scope with the DANE-EE(3) certificate usage, and the internal check will be suppressed as appropriate when DANE verification is enabled.

+ +

When the subject CommonName will not be ignored, whether as a result of the X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT host flag, or because no DNS subject alternative names are present in the certificate, any DNS name constraints in issuer certificates apply to the subject CommonName as well as the subject alternative name extension.

+ +

When the subject CommonName will be ignored, whether as a result of the X509_CHECK_FLAG_NEVER_CHECK_SUBJECT host flag, or because some DNS subject alternative names are present in the certificate, DNS name constraints in issuer certificates will not be applied to the subject DN. As described in X509_check_host(3) the X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag takes precedence over the X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT flag.

+ +

X509_VERIFY_PARAM_get_hostflags() returns any host flags previously set via a call to X509_VERIFY_PARAM_set_hostflags().

+ +

X509_VERIFY_PARAM_add1_host() adds name as an additional reference identifier that can match the peer's certificate. Any previous names set via X509_VERIFY_PARAM_set1_host() or X509_VERIFY_PARAM_add1_host() are retained, no change is made if name is NULL or empty. When multiple names are configured, the peer is considered verified when any name matches.

+ +

X509_VERIFY_PARAM_get0_peername() returns the DNS hostname or subject CommonName from the peer certificate that matched one of the reference identifiers. When wildcard matching is not disabled, or when a reference identifier specifies a parent domain (starts with ".") rather than a hostname, the peer name may be a wildcard name or a sub-domain of the reference identifier respectively. The return string is allocated by the library and is no longer valid once the associated param argument is freed. Applications must not free the return value.

+ +

X509_VERIFY_PARAM_set1_email() sets the expected RFC822 email address to email. If email is NUL-terminated, emaillen may be zero, otherwise emaillen must be set to the length of email. When an email address is specified, certificate verification automatically invokes X509_check_email(3).

+ +

X509_VERIFY_PARAM_set1_ip() sets the expected IP address to ip. The ip argument is in binary format, in network byte-order and iplen must be set to 4 for IPv4 and 16 for IPv6. When an IP address is specified, certificate verification automatically invokes X509_check_ip(3).

+ +

X509_VERIFY_PARAM_set1_ip_asc() sets the expected IP address to ipasc. The ipasc argument is a NUL-terminal ASCII string: dotted decimal quad for IPv4 and colon-separated hexadecimal for IPv6. The condensed "::" notation is supported for IPv6 addresses.

+ +

RETURN VALUES

+ +

X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(), X509_VERIFY_PARAM_set_inh_flags(), X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(), X509_VERIFY_PARAM_add0_policy() X509_VERIFY_PARAM_set1_policies(), X509_VERIFY_PARAM_set1_host(), X509_VERIFY_PARAM_add1_host(), X509_VERIFY_PARAM_set1_email(), X509_VERIFY_PARAM_set1_ip() and X509_VERIFY_PARAM_set1_ip_asc() return 1 for success and 0 for failure.

+ +

X509_VERIFY_PARAM_get_flags() returns the current verification flags.

+ +

X509_VERIFY_PARAM_get_hostflags() returns any current host flags.

+ +

X509_VERIFY_PARAM_get_inh_flags() returns the current inheritance flags.

+ +

X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return values.

+ +

X509_VERIFY_PARAM_get_depth() returns the current verification depth.

+ +

X509_VERIFY_PARAM_get_auth_level() returns the current authentication security level.

+ +

VERIFICATION FLAGS

+ +

The verification flags consists of zero or more of the following flags ored together.

+ +

X509_V_FLAG_CRL_CHECK enables CRL checking for the certificate chain leaf certificate. An error occurs if a suitable CRL cannot be found.

+ +

X509_V_FLAG_CRL_CHECK_ALL enables CRL checking for the entire certificate chain.

+ +

X509_V_FLAG_IGNORE_CRITICAL disabled critical extension checking. By default any unhandled critical extensions in certificates or (if checked) CRLs results in a fatal error. If this flag is set unhandled critical extensions are ignored. WARNING setting this option for anything other than debugging purposes can be a security risk. Finer control over which extensions are supported can be performed in the verification callback.

+ +

The X509_V_FLAG_X509_STRICT flag disables workarounds for some broken certificates and makes the verification strictly apply X509 rules.

+ +

X509_V_FLAG_ALLOW_PROXY_CERTS enables proxy certificate verification.

+ +

X509_V_FLAG_POLICY_CHECK enables certificate policy checking, by default no policy checking is performed. Additional information is sent to the verification callback relating to policy checking.

+ +

X509_V_FLAG_EXPLICIT_POLICY, X509_V_FLAG_INHIBIT_ANY and X509_V_FLAG_INHIBIT_MAP set the require explicit policy, inhibit any policy and inhibit policy mapping flags respectively as defined in RFC3280. Policy checking is automatically enabled if any of these flags are set.

+ +

If X509_V_FLAG_NOTIFY_POLICY is set and the policy checking is successful a special status code is set to the verification callback. This permits it to examine the valid policy tree and perform additional checks or simply log it for debugging purposes.

+ +

By default some additional features such as indirect CRLs and CRLs signed by different keys are disabled. If X509_V_FLAG_EXTENDED_CRL_SUPPORT is set they are enabled.

+ +

If X509_V_FLAG_USE_DELTAS is set delta CRLs (if present) are used to determine certificate status. If not set deltas are ignored.

+ +

X509_V_FLAG_CHECK_SS_SIGNATURE enables checking of the root CA self signed certificate signature. By default this check is disabled because it doesn't add any additional security but in some cases applications might want to check the signature anyway. A side effect of not checking the root CA signature is that disabled or unsupported message digests on the root CA are not treated as fatal errors.

+ +

When X509_V_FLAG_TRUSTED_FIRST is set, construction of the certificate chain in X509_verify_cert(3) will search the trust store for issuer certificates before searching the provided untrusted certificates. Local issuer certificates are often more likely to satisfy local security requirements and lead to a locally trusted root. This is especially important when some certificates in the trust store have explicit trust settings (see "TRUST SETTINGS" in x509(1)). As of OpenSSL 1.1.0 this option is on by default.

+ +

The X509_V_FLAG_NO_ALT_CHAINS flag suppresses checking for alternative chains. By default, unless X509_V_FLAG_TRUSTED_FIRST is set, when building a certificate chain, if the first certificate chain found is not trusted, then OpenSSL will attempt to replace untrusted certificates supplied by the peer with certificates from the trust store to see if an alternative chain can be found that is trusted. As of OpenSSL 1.1.0, with X509_V_FLAG_TRUSTED_FIRST always set, this option has no effect.

+ +

The X509_V_FLAG_PARTIAL_CHAIN flag causes intermediate certificates in the trust store to be treated as trust-anchors, in the same way as the self-signed root CA certificates. This makes it possible to trust certificates issued by an intermediate CA without having to trust its ancestor root CA. With OpenSSL 1.1.0 and later and <X509_V_FLAG_PARTIAL_CHAIN> set, chain construction stops as soon as the first certificate from the trust store is added to the chain, whether that certificate is a self-signed "root" certificate or a not self-signed intermediate certificate. Thus, when an intermediate certificate is found in the trust store, the verified chain passed to callbacks may be shorter than it otherwise would be without the X509_V_FLAG_PARTIAL_CHAIN flag.

+ +

The X509_V_FLAG_NO_CHECK_TIME flag suppresses checking the validity period of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time() is used to specify a verification time, the check is not suppressed.

+ +

INHERITANCE FLAGS

+ +

These flags specify how parameters are "inherited" from one structure to another.

+ +

If X509_VP_FLAG_ONCE is set then the current setting is zeroed after the next call.

+ +

If X509_VP_FLAG_LOCKED is set then no values are copied. This overrides all of the following flags.

+ +

If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied to the destination. Effectively the values in "to" become default values which will be used only if nothing new is set in "from". This is the default.

+ +

If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether they are set or not. Flags is still Ored though.

+ +

If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead of ORed.

+ +

NOTES

+ +

The above functions should be used to manipulate verification parameters instead of functions which work in specific structures such as X509_STORE_CTX_set_flags() which are likely to be deprecated in a future release.

+ +

BUGS

+ +

Delta CRL checking is currently primitive. Only a single delta can be used and (partly due to limitations of X509_STORE) constructed CRLs are not maintained.

+ +

If CRLs checking is enable CRLs are expected to be available in the corresponding X509_STORE structure. No attempt is made to download CRLs from the CRL distribution points extension.

+ +

EXAMPLES

+ +

Enable CRL checking when performing certificate verification during SSL connections associated with an SSL_CTX structure ctx:

+ +
X509_VERIFY_PARAM *param;
+
+param = X509_VERIFY_PARAM_new();
+X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+SSL_CTX_set1_param(ctx, param);
+X509_VERIFY_PARAM_free(param);
+ +

SEE ALSO

+ +

X509_verify_cert(3), X509_check_host(3), X509_check_email(3), X509_check_ip(3), x509(1)

+ +

HISTORY

+ +

The X509_V_FLAG_NO_ALT_CHAINS flag was added in OpenSSL 1.1.0. The flag X509_V_FLAG_CB_ISSUER_CHECK was deprecated in OpenSSL 1.1.0 and has no effect.

+ +

The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.

+ +

COPYRIGHT

+ +

Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_check_ca.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_check_ca.html new file mode 100644 index 00000000..a80f9b83 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_check_ca.html @@ -0,0 +1,58 @@ + + + + +X509_check_ca + + + + + + + + + + +

NAME

+ +

X509_check_ca - check if given certificate is CA certificate

+ +

SYNOPSIS

+ +
#include <openssl/x509v3.h>
+
+int X509_check_ca(X509 *cert);
+ +

DESCRIPTION

+ +

This function checks if given certificate is CA certificate (can be used to sign other certificates).

+ +

RETURN VALUES

+ +

Function return 0, if it is not CA certificate, 1 if it is proper X509v3 CA certificate with basicConstraints extension CA:TRUE, 3, if it is self-signed X509 v1 certificate, 4, if it is certificate with keyUsage extension with bit keyCertSign set, but without basicConstraints, and 5 if it has outdated Netscape Certificate Type extension telling that it is CA certificate.

+ +

Actually, any non-zero value means that this certificate could have been used to sign other certificates.

+ +

SEE ALSO

+ +

X509_verify_cert(3), X509_check_issued(3), X509_check_purpose(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_check_host.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_check_host.html new file mode 100644 index 00000000..c5bbc1d5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_check_host.html @@ -0,0 +1,128 @@ + + + + +X509_check_host + + + + + + + + + + +

NAME

+ +

X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 certificate matching

+ +

SYNOPSIS

+ +
#include <openssl/x509v3.h>
+
+int X509_check_host(X509 *, const char *name, size_t namelen,
+                    unsigned int flags, char **peername);
+int X509_check_email(X509 *, const char *address, size_t addresslen,
+                     unsigned int flags);
+int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen,
+                  unsigned int flags);
+int X509_check_ip_asc(X509 *, const char *address, unsigned int flags);
+ +

DESCRIPTION

+ +

The certificate matching functions are used to check whether a certificate matches a given host name, email address, or IP address. The validity of the certificate and its trust level has to be checked by other means.

+ +

X509_check_host() checks if the certificate Subject Alternative Name (SAN) or Subject CommonName (CN) matches the specified host name, which must be encoded in the preferred name syntax described in section 3.5 of RFC 1034. By default, wildcards are supported and they match only in the left-most label; but they may match part of that label with an explicit prefix or suffix. For example, by default, the host name "www.example.com" would match a certificate with a SAN or CN value of "*.example.com", "w*.example.com" or "*w.example.com".

+ +

Per section 6.4.2 of RFC 6125, name values representing international domain names must be given in A-label form. The namelen argument must be the number of characters in the name string or zero in which case the length is calculated with strlen(name). When name starts with a dot (e.g ".example.com"), it will be matched by a certificate valid for any sub-domain of name, (see also X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS below).

+ +

When the certificate is matched, and peername is not NULL, a pointer to a copy of the matching SAN or CN from the peer certificate is stored at the address passed in peername. The application is responsible for freeing the peername via OPENSSL_free() when it is no longer needed.

+ +

X509_check_email() checks if the certificate matches the specified email address. Only the mailbox syntax of RFC 822 is supported, comments are not allowed, and no attempt is made to normalize quoted characters. The addresslen argument must be the number of characters in the address string or zero in which case the length is calculated with strlen(address).

+ +

X509_check_ip() checks if the certificate matches a specified IPv4 or IPv6 address. The address array is in binary format, in network byte order. The length is either 4 (IPv4) or 16 (IPv6). Only explicitly marked addresses in the certificates are considered; IP addresses stored in DNS names and Common Names are ignored.

+ +

X509_check_ip_asc() is similar, except that the NUL-terminated string address is first converted to the internal representation.

+ +

The flags argument is usually 0. It can be the bitwise OR of the flags:

+ +
+ +
X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
+
+ +
+
X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
+
+ +
+
X509_CHECK_FLAG_NO_WILDCARDS,
+
+ +
+
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS,
+
+ +
+
X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS.
+
+ +
+
X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS.
+
+ +
+
+ +

The X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT flag causes the function to consider the subject DN even if the certificate contains at least one subject alternative name of the right type (DNS name or email address as appropriate); the default is to ignore the subject DN when at least one corresponding subject alternative names is present.

+ +

The X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag causes the function to never consider the subject DN even if the certificate contains no subject alternative names of the right type (DNS name or email address as appropriate); the default is to use the subject DN when no corresponding subject alternative names are present. If both X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT and X509_CHECK_FLAG_NEVER_CHECK_SUBJECT are specified, the latter takes precedence and the subject DN is not checked for matching names.

+ +

If set, X509_CHECK_FLAG_NO_WILDCARDS disables wildcard expansion; this only applies to X509_check_host.

+ +

If set, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS suppresses support for "*" as wildcard pattern in labels that have a prefix or suffix, such as: "www*" or "*www"; this only applies to X509_check_host.

+ +

If set, X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS allows a "*" that constitutes the complete label of a DNS name (e.g. "*.example.com") to match more than one label in name; this flag only applies to X509_check_host.

+ +

If set, X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS restricts name values which start with ".", that would otherwise match any sub-domain in the peer certificate, to only match direct child sub-domains. Thus, for instance, with this flag set a name of ".example.com" would match a peer certificate with a DNS name of "www.example.com", but would not match a peer certificate with a DNS name of "www.sub.example.com"; this flag only applies to X509_check_host.

+ +

RETURN VALUES

+ +

The functions return 1 for a successful match, 0 for a failed match and -1 for an internal error: typically a memory allocation failure or an ASN.1 decoding error.

+ +

All functions can also return -2 if the input is malformed. For example, X509_check_host() returns -2 if the provided name contains embedded NULs.

+ +

NOTES

+ +

Applications are encouraged to use X509_VERIFY_PARAM_set1_host() rather than explicitly calling X509_check_host(3). Host name checks may be out of scope with the DANE-EE(3) certificate usage, and the internal checks will be suppressed as appropriate when DANE support is enabled.

+ +

SEE ALSO

+ +

SSL_get_verify_result(3), X509_VERIFY_PARAM_set1_host(3), X509_VERIFY_PARAM_add1_host(3), X509_VERIFY_PARAM_set1_email(3), X509_VERIFY_PARAM_set1_ip(3), X509_VERIFY_PARAM_set1_ipasc(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_check_issued.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_check_issued.html new file mode 100644 index 00000000..ba83e80a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_check_issued.html @@ -0,0 +1,56 @@ + + + + +X509_check_issued + + + + + + + + + + +

NAME

+ +

X509_check_issued - checks if certificate is issued by another certificate

+ +

SYNOPSIS

+ +
#include <openssl/x509v3.h>
+
+int X509_check_issued(X509 *issuer, X509 *subject);
+ +

DESCRIPTION

+ +

This function checks if certificate subject was issued using CA certificate issuer. This function takes into account not only matching of issuer field of subject with subject field of issuer, but also compares authorityKeyIdentifier extension of subject with subjectKeyIdentifier of issuer if authorityKeyIdentifier present in the subject certificate and checks keyUsage field of issuer.

+ +

RETURN VALUES

+ +

Function return X509_V_OK if certificate subject is issued by issuer or some X509_V_ERR* constant to indicate an error.

+ +

SEE ALSO

+ +

X509_verify_cert(3), X509_check_ca(3), verify(1)

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_check_private_key.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_check_private_key.html new file mode 100644 index 00000000..95140d65 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_check_private_key.html @@ -0,0 +1,67 @@ + + + + +X509_check_private_key + + + + + + + + + + +

NAME

+ +

X509_check_private_key, X509_REQ_check_private_key - check the consistency of a private key with the public key in an X509 certificate or certificate request

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_check_private_key(X509 *x, EVP_PKEY *k);
+
+int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k);
+ +

DESCRIPTION

+ +

X509_check_private_key() function checks the consistency of private key k with the public key in x.

+ +

X509_REQ_check_private_key() is equivalent to X509_check_private_key() except that x represents a certificate request of structure X509_REQ.

+ +

RETURN VALUES

+ +

X509_check_private_key() and X509_REQ_check_private_key() return 1 if the keys match each other, and 0 if not.

+ +

If the key is invalid or an error occurred, the reason code can be obtained using ERR_get_error(3).

+ +

BUGS

+ +

The check_private_key functions don't check if k itself is indeed a private key or not. It merely compares the public materials (e.g. exponent and modulus of an RSA key) and/or key parameters (e.g. EC params of an EC key) of a key pair. So if you pass a public key to these functions in k, it will return success.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_check_purpose.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_check_purpose.html new file mode 100644 index 00000000..9d7c7a13 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_check_purpose.html @@ -0,0 +1,111 @@ + + + + +X509_check_purpose + + + + + + + + + + +

NAME

+ +

X509_check_purpose - Check the purpose of a certificate

+ +

SYNOPSIS

+ +
#include <openssl/x509v3.h>
+
+int X509_check_purpose(X509 *x, int id, int ca)
+ +

DESCRIPTION

+ +

This function checks if certificate x was created with the purpose represented by id. If ca is nonzero, then certificate x is checked to determine if it's a possible CA with various levels of certainty possibly returned.

+ +

Below are the potential ID's that can be checked:

+ +
# define X509_PURPOSE_SSL_CLIENT        1
+# define X509_PURPOSE_SSL_SERVER        2
+# define X509_PURPOSE_NS_SSL_SERVER     3
+# define X509_PURPOSE_SMIME_SIGN        4
+# define X509_PURPOSE_SMIME_ENCRYPT     5
+# define X509_PURPOSE_CRL_SIGN          6
+# define X509_PURPOSE_ANY               7
+# define X509_PURPOSE_OCSP_HELPER       8
+# define X509_PURPOSE_TIMESTAMP_SIGN    9
+ +

RETURN VALUES

+ +

For non-CA checks

+ +
+ +
-1 an error condition has occured
+
+ +
+
1 if the certificate was created to perform the purpose represented by id
+
+ +
+
0 if the certificate was not created to perform the purpose represented by id
+
+ +
+
+ +

For CA checks the below integers could be returned with the following meanings:

+ +
+ +
-1 an error condition has occured
+
+ +
+
0 not a CA or does not have the purpose represented by id
+
+ +
+
1 is a CA.
+
+ +
+
2 Only possible in old versions of openSSL when basicConstraints are absent. New versions will not return this value. May be a CA
+
+ +
+
3 basicConstraints absent but self signed V1.
+
+ +
+
4 basicConstraints absent but keyUsage present and keyCertSign asserted.
+
+ +
+
5 legacy Netscape specific CA Flags present
+
+ +
+
+ +

COPYRIGHT

+ +

Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_cmp.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_cmp.html new file mode 100644 index 00000000..5309374f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_cmp.html @@ -0,0 +1,81 @@ + + + + +X509_cmp + + + + + + + + + + +

NAME

+ +

X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp, X509_CRL_match - compare X509 certificates and related values

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_cmp(const X509 *a, const X509 *b);
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
+int X509_issuer_name_cmp(const X509 *a, const X509 *b);
+int X509_subject_name_cmp(const X509 *a, const X509 *b);
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
+ +

DESCRIPTION

+ +

This set of functions are used to compare X509 objects, including X509 certificates, X509 CRL objects and various values in an X509 certificate.

+ +

The X509_cmp() function compares two X509 objects indicated by parameters a and b. The comparison is based on the memcmp result of the hash values of two X509 objects and the canonical (DER) encoding values.

+ +

The X509_NAME_cmp() function compares two X509_NAME objects indicated by parameters a and b. The comparison is based on the memcmp result of the canonical (DER) encoding values of the two objects. i2d_X509_NAME(3) has a more detailed description of the DER encoding of the X509_NAME structure.

+ +

The X509_issuer_and_serial_cmp() function compares the serial number and issuer values in the given X509 objects a and b.

+ +

The X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() functions are effectively wrappers of the X509_NAME_cmp() function. These functions compare issuer names and subject names of the objects, or issuers of X509_CRL objects, respectively.

+ +

The X509_CRL_match() function compares two X509_CRL objects. Unlike the X509_CRL_cmp() function, this function compares the whole CRL content instead of just the issuer name.

+ +

RETURN VALUES

+ +

Like common memory comparison functions, the X509 comparison functions return an integer less than, equal to, or greater than zero if object a is found to be less than, to match, or be greater than object b, respectively.

+ +

X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() may return -2 to indicate an error.

+ +

NOTES

+ +

These functions in fact utilize the underlying memcmp of the C library to do the comparison job. Data to be compared varies from DER encoding data, hash value or ASN1_STRING. The sign of the comparison can be used to order the objects but it does not have a special meaning in some cases.

+ +

X509_NAME_cmp() and wrappers utilize the value -2 to indicate errors in some circumstances, which could cause confusion for the applications.

+ +

SEE ALSO

+ +

i2d_X509_NAME(3), i2d_X509(3)

+ +

COPYRIGHT

+ +

Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_cmp_time.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_cmp_time.html new file mode 100644 index 00000000..7942eac8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_cmp_time.html @@ -0,0 +1,68 @@ + + + + +X509_cmp_time + + + + + + + + + + +

NAME

+ +

X509_cmp_time, X509_cmp_current_time, X509_time_adj, X509_time_adj_ex - X509 time functions

+ +

SYNOPSIS

+ +
int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm);
+int X509_cmp_current_time(const ASN1_TIME *asn1_time);
+ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm);
+ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long
+                            offset_sec, time_t *in_tm);
+ +

DESCRIPTION

+ +

X509_cmp_time() compares the ASN1_TIME in asn1_time with the time in <cmp_time>. X509_cmp_current_time() compares the ASN1_TIME in asn1_time with the current time, expressed as time_t. asn1_time must satisfy the ASN1_TIME format mandated by RFC 5280, i.e., its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ.

+ +

X509_time_adj_ex() sets the ASN1_TIME structure asn1_time to the time offset_day and offset_sec after in_tm.

+ +

X509_time_adj() sets the ASN1_TIME structure asn1_time to the time offset_sec after in_tm. This method can only handle second offsets up to the capacity of long, so the newer X509_time_adj_ex() API should be preferred.

+ +

In both methods, if asn1_time is NULL, a new ASN1_TIME structure is allocated and returned.

+ +

In all methods, if in_tm is NULL, the current time, expressed as time_t, is used.

+ +

BUGS

+ +

Unlike many standard comparison functions, X509_cmp_time() and X509_cmp_current_time() return 0 on error.

+ +

RETURN VALUES

+ +

X509_cmp_time() and X509_cmp_current_time() return -1 if asn1_time is earlier than, or equal to, cmp_time (resp. current time), and 1 otherwise. These methods return 0 on error.

+ +

X509_time_adj() and X509_time_adj_ex() return a pointer to the updated ASN1_TIME structure, and NULL on error.

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_digest.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_digest.html new file mode 100644 index 00000000..8db63963 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_digest.html @@ -0,0 +1,77 @@ + + + + +X509_digest + + + + + + + + + + +

NAME

+ +

X509_digest, X509_CRL_digest, X509_pubkey_digest, X509_NAME_digest, X509_REQ_digest, PKCS7_ISSUER_AND_SERIAL_digest - get digest of various objects

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+                unsigned int *len);
+
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
+                    unsigned int *len);
+
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+                       unsigned char *md, unsigned int *len);
+
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len);
+
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+                     unsigned char *md, unsigned int *len);
+
+#include <openssl/pkcs7.h>
+
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+                                   const EVP_MD *type, unsigned char *md,
+                                   unsigned int *len);
+ +

DESCRIPTION

+ +

X509_pubkey_digest() returns a digest of the DER representation of the public key in the specified X509 data object. All other functions described here return a digest of the DER representation of their entire data objects.

+ +

The type parameter specifies the digest to be used, such as EVP_sha1(). The md is a pointer to the buffer where the digest will be copied and is assumed to be large enough; the constant EVP_MAX_MD_SIZE is suggested. The len parameter, if not NULL, points to a place where the digest size will be stored.

+ +

RETURN VALUES

+ +

All functions described here return 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

EVP_sha1(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_dup.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_dup.html new file mode 100644 index 00000000..1e36efc0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_dup.html @@ -0,0 +1,76 @@ + + + + +X509_dup + + + + + + + + + + +

NAME

+ +

DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS, ASN1_ITEM, ACCESS_DESCRIPTION_free, ACCESS_DESCRIPTION_new, ADMISSIONS_free, ADMISSIONS_new, ADMISSION_SYNTAX_free, ADMISSION_SYNTAX_new, ASIdOrRange_free, ASIdOrRange_new, ASIdentifierChoice_free, ASIdentifierChoice_new, ASIdentifiers_free, ASIdentifiers_new, ASRange_free, ASRange_new, AUTHORITY_INFO_ACCESS_free, AUTHORITY_INFO_ACCESS_new, AUTHORITY_KEYID_free, AUTHORITY_KEYID_new, BASIC_CONSTRAINTS_free, BASIC_CONSTRAINTS_new, CERTIFICATEPOLICIES_free, CERTIFICATEPOLICIES_new, CMS_ContentInfo_free, CMS_ContentInfo_new, CMS_ContentInfo_print_ctx, CMS_ReceiptRequest_free, CMS_ReceiptRequest_new, CRL_DIST_POINTS_free, CRL_DIST_POINTS_new, DIRECTORYSTRING_free, DIRECTORYSTRING_new, DISPLAYTEXT_free, DISPLAYTEXT_new, DIST_POINT_NAME_free, DIST_POINT_NAME_new, DIST_POINT_free, DIST_POINT_new, DSAparams_dup, ECPARAMETERS_free, ECPARAMETERS_new, ECPKPARAMETERS_free, ECPKPARAMETERS_new, EDIPARTYNAME_free, EDIPARTYNAME_new, ESS_CERT_ID_dup, ESS_CERT_ID_free, ESS_CERT_ID_new, ESS_ISSUER_SERIAL_dup, ESS_ISSUER_SERIAL_free, ESS_ISSUER_SERIAL_new, ESS_SIGNING_CERT_dup, ESS_SIGNING_CERT_free, ESS_SIGNING_CERT_new, EXTENDED_KEY_USAGE_free, EXTENDED_KEY_USAGE_new, GENERAL_NAMES_free, GENERAL_NAMES_new, GENERAL_NAME_dup, GENERAL_NAME_free, GENERAL_NAME_new, GENERAL_SUBTREE_free, GENERAL_SUBTREE_new, IPAddressChoice_free, IPAddressChoice_new, IPAddressFamily_free, IPAddressFamily_new, IPAddressOrRange_free, IPAddressOrRange_new, IPAddressRange_free, IPAddressRange_new, ISSUING_DIST_POINT_free, ISSUING_DIST_POINT_new, NAME_CONSTRAINTS_free, NAME_CONSTRAINTS_new, NAMING_AUTHORITY_free, NAMING_AUTHORITY_new, NETSCAPE_CERT_SEQUENCE_free, NETSCAPE_CERT_SEQUENCE_new, NETSCAPE_SPKAC_free, NETSCAPE_SPKAC_new, NETSCAPE_SPKI_free, NETSCAPE_SPKI_new, NOTICEREF_free, NOTICEREF_new, OCSP_BASICRESP_free, OCSP_BASICRESP_new, OCSP_CERTID_dup, OCSP_CERTID_new, OCSP_CERTSTATUS_free, OCSP_CERTSTATUS_new, OCSP_CRLID_free, OCSP_CRLID_new, OCSP_ONEREQ_free, OCSP_ONEREQ_new, OCSP_REQINFO_free, OCSP_REQINFO_new, OCSP_RESPBYTES_free, OCSP_RESPBYTES_new, OCSP_RESPDATA_free, OCSP_RESPDATA_new, OCSP_RESPID_free, OCSP_RESPID_new, OCSP_RESPONSE_new, OCSP_REVOKEDINFO_free, OCSP_REVOKEDINFO_new, OCSP_SERVICELOC_free, OCSP_SERVICELOC_new, OCSP_SIGNATURE_free, OCSP_SIGNATURE_new, OCSP_SINGLERESP_free, OCSP_SINGLERESP_new, OTHERNAME_free, OTHERNAME_new, PBE2PARAM_free, PBE2PARAM_new, PBEPARAM_free, PBEPARAM_new, PBKDF2PARAM_free, PBKDF2PARAM_new, PKCS12_BAGS_free, PKCS12_BAGS_new, PKCS12_MAC_DATA_free, PKCS12_MAC_DATA_new, PKCS12_SAFEBAG_free, PKCS12_SAFEBAG_new, PKCS12_free, PKCS12_new, PKCS7_DIGEST_free, PKCS7_DIGEST_new, PKCS7_ENCRYPT_free, PKCS7_ENCRYPT_new, PKCS7_ENC_CONTENT_free, PKCS7_ENC_CONTENT_new, PKCS7_ENVELOPE_free, PKCS7_ENVELOPE_new, PKCS7_ISSUER_AND_SERIAL_free, PKCS7_ISSUER_AND_SERIAL_new, PKCS7_RECIP_INFO_free, PKCS7_RECIP_INFO_new, PKCS7_SIGNED_free, PKCS7_SIGNED_new, PKCS7_SIGNER_INFO_free, PKCS7_SIGNER_INFO_new, PKCS7_SIGN_ENVELOPE_free, PKCS7_SIGN_ENVELOPE_new, PKCS7_dup, PKCS7_free, PKCS7_new, PKCS7_print_ctx, PKCS8_PRIV_KEY_INFO_free, PKCS8_PRIV_KEY_INFO_new, PKEY_USAGE_PERIOD_free, PKEY_USAGE_PERIOD_new, POLICYINFO_free, POLICYINFO_new, POLICYQUALINFO_free, POLICYQUALINFO_new, POLICY_CONSTRAINTS_free, POLICY_CONSTRAINTS_new, POLICY_MAPPING_free, POLICY_MAPPING_new, PROFESSION_INFO_free, PROFESSION_INFO_new, PROFESSION_INFOS_free, PROFESSION_INFOS_new, PROXY_CERT_INFO_EXTENSION_free, PROXY_CERT_INFO_EXTENSION_new, PROXY_POLICY_free, PROXY_POLICY_new, RSAPrivateKey_dup, RSAPublicKey_dup, RSA_OAEP_PARAMS_free, RSA_OAEP_PARAMS_new, RSA_PSS_PARAMS_free, RSA_PSS_PARAMS_new, SCRYPT_PARAMS_free, SCRYPT_PARAMS_new, SXNETID_free, SXNETID_new, SXNET_free, SXNET_new, TLS_FEATURE_free, TLS_FEATURE_new, TS_ACCURACY_dup, TS_ACCURACY_free, TS_ACCURACY_new, TS_MSG_IMPRINT_dup, TS_MSG_IMPRINT_free, TS_MSG_IMPRINT_new, TS_REQ_dup, TS_REQ_free, TS_REQ_new, TS_RESP_dup, TS_RESP_free, TS_RESP_new, TS_STATUS_INFO_dup, TS_STATUS_INFO_free, TS_STATUS_INFO_new, TS_TST_INFO_dup, TS_TST_INFO_free, TS_TST_INFO_new, USERNOTICE_free, USERNOTICE_new, X509_ALGOR_free, X509_ALGOR_new, X509_ATTRIBUTE_dup, X509_ATTRIBUTE_free, X509_ATTRIBUTE_new, X509_CERT_AUX_free, X509_CERT_AUX_new, X509_CINF_free, X509_CINF_new, X509_CRL_INFO_free, X509_CRL_INFO_new, X509_CRL_dup, X509_CRL_free, X509_CRL_new, X509_EXTENSION_dup, X509_EXTENSION_free, X509_EXTENSION_new, X509_NAME_ENTRY_dup, X509_NAME_ENTRY_free, X509_NAME_ENTRY_new, X509_NAME_dup, X509_NAME_free, X509_NAME_new, X509_REQ_INFO_free, X509_REQ_INFO_new, X509_REQ_dup, X509_REQ_free, X509_REQ_new, X509_REVOKED_dup, X509_REVOKED_free, X509_REVOKED_new, X509_SIG_free, X509_SIG_new, X509_VAL_free, X509_VAL_new, X509_dup, - ASN1 object utilities

+ +

SYNOPSIS

+ +
#include <openssl/asn1t.h>
+
+DECLARE_ASN1_FUNCTIONS(type)
+IMPLEMENT_ASN1_FUNCTIONS(stname)
+
+typedef struct ASN1_ITEM_st ASN1_ITEM;
+
+extern const ASN1_ITEM TYPE_it;
+TYPE *TYPE_new(void);
+TYPE *TYPE_dup(TYPE *a);
+void TYPE_free(TYPE *a);
+int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx);
+ +

DESCRIPTION

+ +

In the description below, TYPE is used as a placeholder for any of the OpenSSL datatypes, such as X509.

+ +

The OpenSSL ASN1 parsing library templates are like a data-driven bytecode interpreter. Every ASN1 object as a global variable, TYPE_it, that describes the item such as its fields. (On systems which cannot export variables from shared libraries, the global is instead a function which returns a pointer to a static variable.

+ +

The macro DECLARE_ASN1_FUNCTIONS() is typically used in header files to generate the function declarations.

+ +

The macro IMPLEMENT_ASN1_FUNCTIONS() is used once in a source file to generate the function bodies.

+ +

TYPE_new() allocates an empty object of the indicated type. The object returned must be released by calling TYPE_free().

+ +

TYPE_dup() copies an existing object.

+ +

TYPE_free() releases the object and all pointers and sub-objects within it.

+ +

TYPE_print_ctx() prints the object a on the specified BIO out. Each line will be prefixed with indent spaces. The pctx specifies the printing context and is for internal use; use NULL to get the default behavior. If a print function is user-defined, then pass in any pctx down to any nested calls.

+ +

RETURN VALUES

+ +

TYPE_new() and TYPE_dup() return a pointer to the object or NULL on failure.

+ +

TYPE_print_ctx() returns 1 on success or zero on failure.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get0_notBefore.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get0_notBefore.html new file mode 100644 index 00000000..3ba34ba8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get0_notBefore.html @@ -0,0 +1,88 @@ + + + + +X509_get0_notBefore + + + + + + + + + + +

NAME

+ +

X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter, X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, X509_CRL_set1_nextUpdate - get or set certificate or CRL dates

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+const ASN1_TIME *X509_get0_notBefore(const X509 *x);
+const ASN1_TIME *X509_get0_notAfter(const X509 *x);
+
+ASN1_TIME *X509_getm_notBefore(const X509 *x);
+ASN1_TIME *X509_getm_notAfter(const X509 *x);
+
+int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
+int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
+
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
+
+int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
+ +

DESCRIPTION

+ +

X509_get0_notBefore() and X509_get0_notAfter() return the notBefore and notAfter fields of certificate x respectively. The value returned is an internal pointer which must not be freed up after the call.

+ +

X509_getm_notBefore() and X509_getm_notAfter() are similar to X509_get0_notBefore() and X509_get0_notAfter() except they return non-constant mutable references to the associated date field of the certificate.

+ +

X509_set1_notBefore() and X509_set1_notAfter() set the notBefore and notAfter fields of x to tm. Ownership of the passed parameter tm is not transferred by these functions so it must be freed up after the call.

+ +

X509_CRL_get0_lastUpdate() and X509_CRL_get0_nextUpdate() return the lastUpdate and nextUpdate fields of crl. The value returned is an internal pointer which must not be freed up after the call. If the nextUpdate field is absent from crl then NULL is returned.

+ +

X509_CRL_set1_lastUpdate() and X509_CRL_set1_nextUpdate() set the lastUpdate and nextUpdate fields of crl to tm. Ownership of the passed parameter tm is not transferred by these functions so it must be freed up after the call.

+ +

RETURN VALUES

+ +

X509_get0_notBefore(), X509_get0_notAfter() and X509_CRL_get0_lastUpdate() return a pointer to an ASN1_TIME structure.

+ +

X509_CRL_get0_lastUpdate() return a pointer to an ASN1_TIME structure or NULL if the lastUpdate field is absent.

+ +

X509_set1_notBefore(), X509_set1_notAfter(), X509_CRL_set1_lastUpdate() and X509_CRL_set1_nextUpdate() return 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

HISTORY

+ +

These functions are available in all versions of OpenSSL.

+ +

X509_get_notBefore() and X509_get_notAfter() were deprecated in OpenSSL 1.1.0

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get0_signature.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get0_signature.html new file mode 100644 index 00000000..23da8c9b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get0_signature.html @@ -0,0 +1,106 @@ + + + + +X509_get0_signature + + + + + + + + + + +

NAME

+ +

X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set - signature information

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+void X509_get0_signature(const ASN1_BIT_STRING **psig,
+                         const X509_ALGOR **palg,
+                         const X509 *x);
+int X509_get_signature_nid(const X509 *x);
+const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
+
+void X509_REQ_get0_signature(const X509_REQ *crl,
+                             const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg);
+int X509_REQ_get_signature_nid(const X509_REQ *crl);
+
+void X509_CRL_get0_signature(const X509_CRL *crl,
+                             const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg);
+int X509_CRL_get_signature_nid(const X509_CRL *crl);
+
+int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+                            uint32_t *flags);
+
+int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+                     int *secbits, uint32_t *flags);
+void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+                       int secbits, uint32_t flags);
+ +

DESCRIPTION

+ +

X509_get0_signature() sets *psig to the signature of x and *palg to the signature algorithm of x. The values returned are internal pointers which MUST NOT be freed up after the call.

+ +

X509_get0_tbs_sigalg() returns the signature algorithm in the signed portion of x.

+ +

X509_get_signature_nid() returns the NID corresponding to the signature algorithm of x.

+ +

X509_REQ_get0_signature(), X509_REQ_get_signature_nid() X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the same function for certificate requests and CRLs.

+ +

X509_get_signature_info() retrieves information about the signature of certificate x. The NID of the signing digest is written to *mdnid, the public key algorithm to *pknid, the effective security bits to *secbits and flag details to *flags. Any of the parameters can be set to NULL if the information is not required.

+ +

X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information about a signature in an X509_SIG_INFO structure. They are only used by implementations of algorithms which need to set custom signature information: most applications will never need to call them.

+ +

NOTES

+ +

These functions provide lower level access to signatures in certificates where an application wishes to analyse or generate a signature in a form where X509_sign() et al is not appropriate (for example a non standard or unsupported format).

+ +

The security bits returned by X509_get_signature_info() refers to information available from the certificate signature (such as the signing digest). In some cases the actual security of the signature is less because the signing key is less secure: for example a certificate signed using SHA-512 and a 1024 bit RSA key.

+ +

RETURN VALUES

+ +

X509_get_signature_nid(), X509_REQ_get_signature_nid() and X509_CRL_get_signature_nid() return a NID.

+ +

X509_get0_signature(), X509_REQ_get0_signature() and X509_CRL_get0_signature() do not return values.

+ +

X509_get_signature_info() returns 1 if the signature information returned is valid or 0 if the information is not available (e.g. unknown algorithms or malformed parameters).

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

HISTORY

+ +

The X509_get0_signature() and X509_get_signature_nid() functions were added in OpenSSL 1.0.2.

+ +

The X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get0_uids.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get0_uids.html new file mode 100644 index 00000000..9b909932 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get0_uids.html @@ -0,0 +1,62 @@ + + + + +X509_get0_uids + + + + + + + + + + +

NAME

+ +

X509_get0_uids - get certificate unique identifiers

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+                    const ASN1_BIT_STRING **psuid);
+ +

DESCRIPTION

+ +

X509_get0_uids() sets *piuid and *psuid to the issuer and subject unique identifiers of certificate x or NULL if the fields are not present.

+ +

NOTES

+ +

The issuer and subject unique identifier fields are very rarely encountered in practice outside test cases.

+ +

RETURN VALUES

+ +

X509_get0_uids() does not return a value.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get_extension_flags.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get_extension_flags.html new file mode 100644 index 00000000..517df845 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get_extension_flags.html @@ -0,0 +1,184 @@ + + + + +X509_get_extension_flags + + + + + + + + + + +

NAME

+ +

X509_get0_subject_key_id, X509_get0_authority_key_id, X509_get0_authority_issuer, X509_get0_authority_serial, X509_get_pathlen, X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage, X509_set_proxy_flag, X509_set_proxy_pathlen, X509_get_proxy_pathlen - retrieve certificate extension data

+ +

SYNOPSIS

+ +
#include <openssl/x509v3.h>
+
+long X509_get_pathlen(X509 *x);
+uint32_t X509_get_extension_flags(X509 *x);
+uint32_t X509_get_key_usage(X509 *x);
+uint32_t X509_get_extended_key_usage(X509 *x);
+const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
+const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
+const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x);
+const ASN1_INTEGER *X509_get0_authority_serial(X509 *x);
+void X509_set_proxy_flag(X509 *x);
+void X509_set_proxy_pathlen(int l);
+long X509_get_proxy_pathlen(X509 *x);
+ +

DESCRIPTION

+ +

These functions retrieve information related to commonly used certificate extensions.

+ +

X509_get_pathlen() retrieves the path length extension from a certificate. This extension is used to limit the length of a cert chain that may be issued from that CA.

+ +

X509_get_extension_flags() retrieves general information about a certificate, it will return one or more of the following flags ored together.

+ +
+ +
EXFLAG_V1
+
+ +

The certificate is an obsolete version 1 certificate.

+ +
+
EXFLAG_BCONS
+
+ +

The certificate contains a basic constraints extension.

+ +
+
EXFLAG_CA
+
+ +

The certificate contains basic constraints and asserts the CA flag.

+ +
+
EXFLAG_PROXY
+
+ +

The certificate is a valid proxy certificate.

+ +
+
EXFLAG_SI
+
+ +

The certificate is self issued (that is subject and issuer names match).

+ +
+
EXFLAG_SS
+
+ +

The subject and issuer names match and extension values imply it is self signed.

+ +
+
EXFLAG_FRESHEST
+
+ +

The freshest CRL extension is present in the certificate.

+ +
+
EXFLAG_CRITICAL
+
+ +

The certificate contains an unhandled critical extension.

+ +
+
EXFLAG_INVALID
+
+ +

Some certificate extension values are invalid or inconsistent. The certificate should be rejected. This bit may also be raised after an out-of-memory error while processing the X509 object, so it may not be related to the processed ASN1 object itself.

+ +
+
EXFLAG_INVALID_POLICY
+
+ +

The NID_certificate_policies certificate extension is invalid or inconsistent. The certificate should be rejected. This bit may also be raised after an out-of-memory error while processing the X509 object, so it may not be related to the processed ASN1 object itself.

+ +
+
EXFLAG_KUSAGE
+
+ +

The certificate contains a key usage extension. The value can be retrieved using X509_get_key_usage().

+ +
+
EXFLAG_XKUSAGE
+
+ +

The certificate contains an extended key usage extension. The value can be retrieved using X509_get_extended_key_usage().

+ +
+
+ +

X509_get_key_usage() returns the value of the key usage extension. If key usage is present will return zero or more of the flags: KU_DIGITAL_SIGNATURE, KU_NON_REPUDIATION, KU_KEY_ENCIPHERMENT, KU_DATA_ENCIPHERMENT, KU_KEY_AGREEMENT, KU_KEY_CERT_SIGN, KU_CRL_SIGN, KU_ENCIPHER_ONLY or KU_DECIPHER_ONLY corresponding to individual key usage bits. If key usage is absent then UINT32_MAX is returned.

+ +

X509_get_extended_key_usage() returns the value of the extended key usage extension. If extended key usage is present it will return zero or more of the flags: XKU_SSL_SERVER, XKU_SSL_CLIENT, XKU_SMIME, XKU_CODE_SIGN XKU_OCSP_SIGN, XKU_TIMESTAMP, XKU_DVCS or XKU_ANYEKU. These correspond to the OIDs id-kp-serverAuth, id-kp-clientAuth, id-kp-emailProtection, id-kp-codeSigning, id-kp-OCSPSigning, id-kp-timeStamping, id-kp-dvcs and anyExtendedKeyUsage respectively. Additionally XKU_SGC is set if either Netscape or Microsoft SGC OIDs are present.

+ +

X509_get0_subject_key_id() returns an internal pointer to the subject key identifier of x as an ASN1_OCTET_STRING or NULL if the extension is not present or cannot be parsed.

+ +

X509_get0_authority_key_id() returns an internal pointer to the authority key identifier of x as an ASN1_OCTET_STRING or NULL if the extension is not present or cannot be parsed.

+ +

X509_get0_authority_issuer() returns an internal pointer to the authority certificate issuer of x as a stack of GENERAL_NAME structures or NULL if the extension is not present or cannot be parsed.

+ +

X509_get0_authority_serial() returns an internal pointer to the authority certificate serial number of x as an ASN1_INTEGER or NULL if the extension is not present or cannot be parsed.

+ +

X509_set_proxy_flag() marks the certificate with the EXFLAG_PROXY flag. This is for the users who need to mark non-RFC3820 proxy certificates as such, as OpenSSL only detects RFC3820 compliant ones.

+ +

X509_set_proxy_pathlen() sets the proxy certificate path length for the given certificate x. This is for the users who need to mark non-RFC3820 proxy certificates as such, as OpenSSL only detects RFC3820 compliant ones.

+ +

X509_get_proxy_pathlen() returns the proxy certificate path length for the given certificate x if it is a proxy certificate.

+ +

NOTES

+ +

The value of the flags correspond to extension values which are cached in the X509 structure. If the flags returned do not provide sufficient information an application should examine extension values directly for example using X509_get_ext_d2i().

+ +

If the key usage or extended key usage extension is absent then typically usage is unrestricted. For this reason X509_get_key_usage() and X509_get_extended_key_usage() return UINT32_MAX when the corresponding extension is absent. Applications can additionally check the return value of X509_get_extension_flags() and take appropriate action is an extension is absent.

+ +

If X509_get0_subject_key_id() returns NULL then the extension may be absent or malformed. Applications can determine the precise reason using X509_get_ext_d2i().

+ +

RETURN VALUES

+ +

X509_get_pathlen() returns the path length value, or -1 if the extension is not present.

+ +

X509_get_extension_flags(), X509_get_key_usage() and X509_get_extended_key_usage() return sets of flags corresponding to the certificate extension values.

+ +

X509_get0_subject_key_id() returns the subject key identifier as a pointer to an ASN1_OCTET_STRING structure or NULL if the extension is absent or an error occurred during parsing.

+ +

X509_get_proxy_pathlen() returns the path length value if the given certificate is a proxy one and has a path length set, and -1 otherwise.

+ +

SEE ALSO

+ +

X509_check_purpose(3)

+ +

HISTORY

+ +

X509_get_pathlen(), X509_set_proxy_flag(), X509_set_proxy_pathlen() and X509_get_proxy_pathlen() were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get_pubkey.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get_pubkey.html new file mode 100644 index 00000000..52f2ffed --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get_pubkey.html @@ -0,0 +1,77 @@ + + + + +X509_get_pubkey + + + + + + + + + + +

NAME

+ +

X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, X509_REQ_get_X509_PUBKEY - get or set certificate or certificate request public key

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+EVP_PKEY *X509_get_pubkey(X509 *x);
+EVP_PKEY *X509_get0_pubkey(const X509 *x);
+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+X509_PUBKEY *X509_get_X509_PUBKEY(X509 *x);
+
+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
+X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *x);
+ +

DESCRIPTION

+ +

X509_get_pubkey() attempts to decode the public key for certificate x. If successful it returns the public key as an EVP_PKEY pointer with its reference count incremented: this means the returned key must be freed up after use. X509_get0_pubkey() is similar except it does not increment the reference count of the returned EVP_PKEY so it must not be freed up after use.

+ +

X509_get_X509_PUBKEY() returns an internal pointer to the X509_PUBKEY structure which encodes the certificate of x. The returned value must not be freed up after use.

+ +

X509_set_pubkey() attempts to set the public key for certificate x to pkey. The key pkey should be freed up after use.

+ +

X509_REQ_get_pubkey(), X509_REQ_get0_pubkey(), X509_REQ_set_pubkey() and X509_REQ_get_X509_PUBKEY() are similar but operate on certificate request req.

+ +

NOTES

+ +

The first time a public key is decoded the EVP_PKEY structure is cached in the certificate or certificate request itself. Subsequent calls return the cached structure with its reference count incremented to improve performance.

+ +

RETURN VALUES

+ +

X509_get_pubkey(), X509_get0_pubkey(), X509_get_X509_PUBKEY(), X509_REQ_get_pubkey() and X509_REQ_get_X509_PUBKEY() return a public key or NULL if an error occurred.

+ +

X509_set_pubkey() and X509_REQ_set_pubkey() return 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get_serialNumber.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get_serialNumber.html new file mode 100644 index 00000000..3f139675 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get_serialNumber.html @@ -0,0 +1,69 @@ + + + + +X509_get_serialNumber + + + + + + + + + + +

NAME

+ +

X509_get_serialNumber, X509_get0_serialNumber, X509_set_serialNumber - get or set certificate serial number

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
+ +

DESCRIPTION

+ +

X509_get_serialNumber() returns the serial number of certificate x as an ASN1_INTEGER structure which can be examined or initialised. The value returned is an internal pointer which MUST NOT be freed up after the call.

+ +

X509_get0_serialNumber() is the same as X509_get_serialNumber() except it accepts a const parameter and returns a const result.

+ +

X509_set_serialNumber() sets the serial number of certificate x to serial. A copy of the serial number is used internally so serial should be freed up after use.

+ +

RETURN VALUES

+ +

X509_get_serialNumber() and X509_get0_serialNumber() return an ASN1_INTEGER structure.

+ +

X509_set_serialNumber() returns 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

HISTORY

+ +

The X509_get_serialNumber() and X509_set_serialNumber() functions are available in all versions of OpenSSL. The X509_get0_serialNumber() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get_subject_name.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get_subject_name.html new file mode 100644 index 00000000..a619eae4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get_subject_name.html @@ -0,0 +1,81 @@ + + + + +X509_get_subject_name + + + + + + + + + + +

NAME

+ +

X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name, X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name, X509_CRL_get_issuer, X509_CRL_set_issuer_name - get and set issuer or subject names

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+X509_NAME *X509_get_subject_name(const X509 *x);
+int X509_set_subject_name(X509 *x, X509_NAME *name);
+
+X509_NAME *X509_get_issuer_name(const X509 *x);
+int X509_set_issuer_name(X509 *x, X509_NAME *name);
+
+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
+int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
+
+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+ +

DESCRIPTION

+ +

X509_get_subject_name() returns the subject name of certificate x. The returned value is an internal pointer which MUST NOT be freed.

+ +

X509_set_subject_name() sets the issuer name of certificate x to name. The name parameter is copied internally and should be freed up when it is no longer needed.

+ +

X509_get_issuer_name() and X509_set_issuer_name() are identical to X509_get_subject_name() and X509_set_subject_name() except the get and set the issuer name of x.

+ +

Similarly X509_REQ_get_subject_name(), X509_REQ_set_subject_name(), X509_CRL_get_issuer() and X509_CRL_set_issuer_name() get or set the subject or issuer names of certificate requests of CRLs respectively.

+ +

RETURN VALUES

+ +

X509_get_subject_name(), X509_get_issuer_name(), X509_REQ_get_subject_name() and X509_CRL_get_issuer() return an X509_NAME pointer.

+ +

X509_set_subject_name(), X509_set_issuer_name(), X509_REQ_set_subject_name() and X509_CRL_set_issuer_name() return 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), d2i_X509(3) X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

HISTORY

+ +

X509_REQ_get_subject_name() is a function in OpenSSL 1.1.0 and a macro in earlier versions.

+ +

X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was previously added in OpenSSL 1.0.0 as a macro.

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get_version.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get_version.html new file mode 100644 index 00000000..1114bc0d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_get_version.html @@ -0,0 +1,79 @@ + + + + +X509_get_version + + + + + + + + + + +

NAME

+ +

X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, X509_CRL_get_version, X509_CRL_set_version - get or set certificate, certificate request or CRL version

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+long X509_get_version(const X509 *x);
+int X509_set_version(X509 *x, long version);
+
+long X509_REQ_get_version(const X509_REQ *req);
+int X509_REQ_set_version(X509_REQ *x, long version);
+
+long X509_CRL_get_version(const X509_CRL *crl);
+int X509_CRL_set_version(X509_CRL *x, long version);
+ +

DESCRIPTION

+ +

X509_get_version() returns the numerical value of the version field of certificate x. Note: this is defined by standards (X.509 et al) to be one less than the certificate version. So a version 3 certificate will return 2 and a version 1 certificate will return 0.

+ +

X509_set_version() sets the numerical value of the version field of certificate x to version.

+ +

Similarly X509_REQ_get_version(), X509_REQ_set_version(), X509_CRL_get_version() and X509_CRL_set_version() get and set the version number of certificate requests and CRLs.

+ +

NOTES

+ +

The version field of certificates, certificate requests and CRLs has a DEFAULT value of v1(0) meaning the field should be omitted for version 1. This is handled transparently by these functions.

+ +

RETURN VALUES

+ +

X509_get_version(), X509_REQ_get_version() and X509_CRL_get_version() return the numerical value of the version field.

+ +

X509_set_version(), X509_REQ_set_version() and X509_CRL_set_version() return 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

HISTORY

+ +

X509_get_version(), X509_REQ_get_version() and X509_CRL_get_version() are functions in OpenSSL 1.1.0, in previous versions they were macros.

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_new.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_new.html new file mode 100644 index 00000000..11e343ec --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_new.html @@ -0,0 +1,78 @@ + + + + +X509_new + + + + + + + + + + +

NAME

+ +

X509_chain_up_ref, X509_new, X509_free, X509_up_ref - X509 certificate ASN1 allocation functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+X509 *X509_new(void);
+void X509_free(X509 *a);
+int X509_up_ref(X509 *a);
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x);
+ +

DESCRIPTION

+ +

The X509 ASN1 allocation routines, allocate and free an X509 structure, which represents an X509 certificate.

+ +

X509_new() allocates and initializes a X509 structure with reference count 1.

+ +

X509_free() decrements the reference count of X509 structure a and frees it up if the reference count is zero. If a is NULL nothing is done.

+ +

X509_up_ref() increments the reference count of a.

+ +

X509_chain_up_ref() increases the reference count of all certificates in chain x and returns a copy of the stack.

+ +

NOTES

+ +

The function X509_up_ref() if useful if a certificate structure is being used by several different operations each of which will free it up after use: this avoids the need to duplicate the entire certificate structure.

+ +

The function X509_chain_up_ref() doesn't just up the reference count of each certificate it also returns a copy of the stack, using sk_X509_dup(), but it serves a similar purpose: the returned chain persists after the original has been freed.

+ +

RETURN VALUES

+ +

If the allocation fails, X509_new() returns NULL and sets an error code that can be obtained by ERR_get_error(3). Otherwise it returns a pointer to the newly allocated structure.

+ +

X509_up_ref() returns 1 for success and 0 for failure.

+ +

X509_chain_up_ref() returns a copy of the stack or NULL if an error occurred.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_sign.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_sign.html new file mode 100644 index 00000000..cd5353b6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_sign.html @@ -0,0 +1,86 @@ + + + + +X509_sign + + + + + + + + + + +

NAME

+ +

X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx, X509_REQ_verify, X509_CRL_sign, X509_CRL_sign_ctx, X509_CRL_verify - sign or verify certificate, certificate request or CRL signature

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
+int X509_verify(X509 *a, EVP_PKEY *r);
+
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
+
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
+int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
+ +

DESCRIPTION

+ +

X509_sign() signs certificate x using private key pkey and message digest md and sets the signature in x. X509_sign_ctx() also signs certificate x but uses the parameters contained in digest context ctx.

+ +

X509_verify() verifies the signature of certificate x using public key pkey. Only the signature is checked: no other checks (such as certificate chain validity) are performed.

+ +

X509_REQ_sign(), X509_REQ_sign_ctx(), X509_REQ_verify(), X509_CRL_sign(), X509_CRL_sign_ctx() and X509_CRL_verify() sign and verify certificate requests and CRLs respectively.

+ +

NOTES

+ +

X509_sign_ctx() is used where the default parameters for the corresponding public key and digest are not suitable. It can be used to sign keys using RSA-PSS for example.

+ +

For efficiency reasons and to work around ASN.1 encoding issues the encoding of the signed portion of a certificate, certificate request and CRL is cached internally. If the signed portion of the structure is modified the encoding is not always updated meaning a stale version is sometimes used. This is not normally a problem because modifying the signed portion will invalidate the signature and signing will always update the encoding.

+ +

RETURN VALUES

+ +

X509_sign(), X509_sign_ctx(), X509_REQ_sign(), X509_REQ_sign_ctx(), X509_CRL_sign() and X509_CRL_sign_ctx() return the size of the signature in bytes for success and zero for failure.

+ +

X509_verify(), X509_REQ_verify() and X509_CRL_verify() return 1 if the signature is valid and 0 if the signature check fails. If the signature could not be checked at all because it was invalid or some other error occurred then -1 is returned.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

HISTORY

+ +

The X509_sign(), X509_REQ_sign() and X509_CRL_sign() functions are available in all versions of OpenSSL.

+ +

The X509_sign_ctx(), X509_REQ_sign_ctx() and X509_CRL_sign_ctx() functions were added OpenSSL 1.0.1.

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_verify_cert.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_verify_cert.html new file mode 100644 index 00000000..8c993049 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509_verify_cert.html @@ -0,0 +1,70 @@ + + + + +X509_verify_cert + + + + + + + + + + +

NAME

+ +

X509_verify_cert - discover and verify X509 certificate chain

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_verify_cert(X509_STORE_CTX *ctx);
+ +

DESCRIPTION

+ +

The X509_verify_cert() function attempts to discover and validate a certificate chain based on parameters in ctx. A complete description of the process is contained in the verify(1) manual page.

+ +

RETURN VALUES

+ +

If a complete chain can be built and validated this function returns 1, otherwise it return zero, in exceptional circumstances it can also return a negative code.

+ +

If the function fails additional error information can be obtained by examining ctx using, for example X509_STORE_CTX_get_error().

+ +

NOTES

+ +

Applications rarely call this function directly but it is used by OpenSSL internally for certificate validation, in both the S/MIME and SSL/TLS code.

+ +

A negative return value from X509_verify_cert() can occur if it is invoked incorrectly, such as with no certificate set in ctx, or when it is called twice in succession without reinitialising ctx for the second call. A negative return value can also happen due to internal resource problems or if a retry operation is requested during internal lookups (which never happens with standard lookup methods). Applications must check for <= 0 return value on error.

+ +

BUGS

+ +

This function uses the header x509.h as opposed to most chain verification functions which use x509_vfy.h.

+ +

SEE ALSO

+ +

X509_STORE_CTX_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509v3_get_ext_by_NID.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509v3_get_ext_by_NID.html new file mode 100644 index 00000000..67599aba --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/X509v3_get_ext_by_NID.html @@ -0,0 +1,123 @@ + + + + +X509v3_get_ext_by_NID + + + + + + + + + + +

NAME

+ +

X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext, X509v3_add_ext, X509_get_ext_count, X509_get_ext, X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical, X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext, X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical, X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count, X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ, X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext, X509_REVOKED_add_ext - extension stack utility functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
+
+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
+                          int nid, int lastpos);
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
+                          const ASN1_OBJECT *obj, int lastpos);
+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
+                               int crit, int lastpos);
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+                                         X509_EXTENSION *ex, int loc);
+
+int X509_get_ext_count(const X509 *x);
+X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
+int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
+int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos);
+int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+
+int X509_CRL_get_ext_count(const X509_CRL *x);
+X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
+int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
+int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos);
+int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+
+int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
+X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
+int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
+int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
+                                int lastpos);
+int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos);
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
+ +

DESCRIPTION

+ +

X509v3_get_ext_count() retrieves the number of extensions in x.

+ +

X509v3_get_ext() retrieves extension loc from x. The index loc can take any value from 0 to X509_get_ext_count(x) - 1. The returned extension is an internal pointer which must not be freed up by the application.

+ +

X509v3_get_ext_by_NID() and X509v3_get_ext_by_OBJ() look for an extension with nid or obj from extension stack x. The search starts from the extension after lastpos or from the beginning if <lastpos> is -1. If the extension is found its index is returned otherwise -1 is returned.

+ +

X509v3_get_ext_by_critical() is similar to X509v3_get_ext_by_NID() except it looks for an extension of criticality crit. A zero value for crit looks for a non-critical extension a non-zero value looks for a critical extension.

+ +

X509v3_delete_ext() deletes the extension with index loc from x. The deleted extension is returned and must be freed by the caller. If loc is in invalid index value NULL is returned.

+ +

X509v3_add_ext() adds extension ex to stack *x at position loc. If loc is -1 the new extension is added to the end. If *x is NULL a new stack will be allocated. The passed extension ex is duplicated internally so it must be freed after use.

+ +

X509_get_ext_count(), X509_get_ext(), X509_get_ext_by_NID(), X509_get_ext_by_OBJ(), X509_get_ext_by_critical(), X509_delete_ext() and X509_add_ext() operate on the extensions of certificate x they are otherwise identical to the X509v3 functions.

+ +

X509_CRL_get_ext_count(), X509_CRL_get_ext(), X509_CRL_get_ext_by_NID(), X509_CRL_get_ext_by_OBJ(), X509_CRL_get_ext_by_critical(), X509_CRL_delete_ext() and X509_CRL_add_ext() operate on the extensions of CRL x they are otherwise identical to the X509v3 functions.

+ +

X509_REVOKED_get_ext_count(), X509_REVOKED_get_ext(), X509_REVOKED_get_ext_by_NID(), X509_REVOKED_get_ext_by_OBJ(), X509_REVOKED_get_ext_by_critical(), X509_REVOKED_delete_ext() and X509_REVOKED_add_ext() operate on the extensions of CRL entry x they are otherwise identical to the X509v3 functions.

+ +

NOTES

+ +

These functions are used to examine stacks of extensions directly. Many applications will want to parse or encode and add an extension: they should use the extension encode and decode functions instead such as X509_add1_ext_i2d() and X509_get_ext_d2i().

+ +

Extension indices start from zero, so a zero index return value is not an error. These search functions start from the extension after the lastpos parameter so it should initially be set to -1, if it is set to zero the initial extension will not be checked.

+ +

RETURN VALUES

+ +

X509v3_get_ext_count() returns the extension count.

+ +

X509v3_get_ext(), X509v3_delete_ext() and X509_delete_ext() return an X509_EXTENSION pointer or NULL if an error occurs.

+ +

X509v3_get_ext_by_NID() X509v3_get_ext_by_OBJ() and X509v3_get_ext_by_critical() return the an extension index or -1 if an error occurs.

+ +

X509v3_add_ext() returns a stack of extensions or NULL on error.

+ +

X509_add_ext() returns 1 on success and 0 on error.

+ +

SEE ALSO

+ +

X509V3_get_d2i(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/d2i_DHparams.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/d2i_DHparams.html new file mode 100644 index 00000000..f221f44a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/d2i_DHparams.html @@ -0,0 +1,61 @@ + + + + +d2i_DHparams + + + + + + + + + + +

NAME

+ +

d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+DH *d2i_DHparams(DH **a, unsigned char **pp, long length);
+int i2d_DHparams(DH *a, unsigned char **pp);
+ +

DESCRIPTION

+ +

These functions decode and encode PKCS#3 DH parameters using the DHparameter structure described in PKCS#3.

+ +

Otherwise these behave in a similar way to d2i_X509() and i2d_X509() described in the d2i_X509(3) manual page.

+ +

RETURN VALUES

+ +

d2i_DHparams() returns a valid DH structure or NULL if an error occurred.

+ +

i2d_DHparams() returns the length of encoded data on success or a value which is less than or equal to 0 on error.

+ +

SEE ALSO

+ +

d2i_X509(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/d2i_PKCS8PrivateKey_bio.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/d2i_PKCS8PrivateKey_bio.html new file mode 100644 index 00000000..4de6d1b1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/d2i_PKCS8PrivateKey_bio.html @@ -0,0 +1,86 @@ + + + + +d2i_PKCS8PrivateKey_bio + + + + + + + + + + +

NAME

+ +

d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private key functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                            char *kstr, int klen,
+                            pem_password_cb *cb, void *u);
+
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                           char *kstr, int klen,
+                           pem_password_cb *cb, void *u);
+
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+                                char *kstr, int klen,
+                                pem_password_cb *cb, void *u);
+
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+                               char *kstr, int klen,
+                               pem_password_cb *cb, void *u);
+ +

DESCRIPTION

+ +

The PKCS#8 functions encode and decode private keys in PKCS#8 format using both PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms.

+ +

Other than the use of DER as opposed to PEM these functions are identical to the corresponding PEM function as described in PEM_read_PrivateKey(3).

+ +

NOTES

+ +

These functions are currently the only way to store encrypted private keys using DER format.

+ +

Currently all the functions use BIOs or FILE pointers, there are no functions which work directly on memory: this can be readily worked around by converting the buffers to memory BIOs, see BIO_s_mem(3) for details.

+ +

These functions make no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence.

+ +

RETURN VALUES

+ +

d2i_PKCS8PrivateKey_bio() and d2i_PKCS8PrivateKey_fp() return a valid EVP_PKEY structure or NULL if an error occurred.

+ +

i2d_PKCS8PrivateKey_bio(), i2d_PKCS8PrivateKey_fp(), i2d_PKCS8PrivateKey_nid_bio() and i2d_PKCS8PrivateKey_nid_fp() return 1 on success or 0 on error.

+ +

SEE ALSO

+ +

PEM_read_PrivateKey(3), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/d2i_PrivateKey.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/d2i_PrivateKey.html new file mode 100644 index 00000000..5ff925bb --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/d2i_PrivateKey.html @@ -0,0 +1,83 @@ + + + + +d2i_PrivateKey + + + + + + + + + + +

NAME

+ +

d2i_PrivateKey, d2i_PublicKey, d2i_AutoPrivateKey, i2d_PrivateKey, i2d_PublicKey, d2i_PrivateKey_bio, d2i_PrivateKey_fp - decode and encode functions for reading and saving EVP_PKEY structures

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                         long length);
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                        long length);
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+                             long length);
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
+
+EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
+EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
+ +

DESCRIPTION

+ +

d2i_PrivateKey() decodes a private key using algorithm type. It attempts to use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The type parameter should be a public key algorithm constant such as EVP_PKEY_RSA. An error occurs if the decoded key does not match type. d2i_PublicKey() does the same for public keys.

+ +

d2i_AutoPrivateKey() is similar to d2i_PrivateKey() except it attempts to automatically detect the private key format.

+ +

i2d_PrivateKey() encodes key. It uses a key specific format or, if none is defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format. i2d_PublicKey() does the same for public keys.

+ +

These functions are similar to the d2i_X509() functions; see d2i_X509(3).

+ +

NOTES

+ +

All these functions use DER format and unencrypted keys. Applications wishing to encrypt or decrypt private keys should use other functions such as d2i_PKCS8PrivateKey() instead.

+ +

If the *a is not NULL when calling d2i_PrivateKey() or d2i_AutoPrivateKey() (i.e. an existing structure is being reused) and the key format is PKCS#8 then *a will be freed and replaced on a successful call.

+ +

To decode a key with type EVP_PKEY_EC, d2i_PublicKey() requires *a to be a non-NULL EVP_PKEY structure assigned an EC_KEY structure referencing the proper EC_GROUP.

+ +

RETURN VALUES

+ +

The d2i_PrivateKey(), d2i_AutoPrivateKey(), d2i_PrivateKey_bio(), d2i_PrivateKey_fp(), and d2i_PublicKey() functions return a valid EVP_KEY structure or NULL if an error occurs. The error code can be obtained by calling ERR_get_error(3).

+ +

i2d_PrivateKey() and i2d_PublicKey() return the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by calling ERR_get_error(3).

+ +

SEE ALSO

+ +

crypto(7), d2i_PKCS8PrivateKey_bio(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/d2i_SSL_SESSION.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/d2i_SSL_SESSION.html new file mode 100644 index 00000000..8b2c7c1f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/d2i_SSL_SESSION.html @@ -0,0 +1,62 @@ + + + + +d2i_SSL_SESSION + + + + + + + + + + +

NAME

+ +

d2i_SSL_SESSION, i2d_SSL_SESSION - convert SSL_SESSION object from/to ASN1 representation

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+                             long length);
+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
+ +

DESCRIPTION

+ +

These functions decode and encode an SSL_SESSION object. For encoding details see d2i_X509(3).

+ +

SSL_SESSION objects keep internal link information about the session cache list, when being inserted into one SSL_CTX object's session cache. One SSL_SESSION object, regardless of its reference count, must therefore only be used with one SSL_CTX object (and the SSL objects created from this SSL_CTX object).

+ +

RETURN VALUES

+ +

d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION object. In case of failure the NULL-pointer is returned and the error message can be retrieved from the error stack.

+ +

i2d_SSL_SESSION() returns the size of the ASN1 representation in bytes. When the session is not valid, 0 is returned and no operation is performed.

+ +

SEE ALSO

+ +

ssl(7), SSL_SESSION_free(3), SSL_CTX_sess_set_get_cb(3), d2i_X509(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/d2i_X509.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/d2i_X509.html new file mode 100644 index 00000000..33454690 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/d2i_X509.html @@ -0,0 +1,239 @@ + + + + +d2i_X509 + + + + + + + + + + +

NAME

+ +

d2i_ACCESS_DESCRIPTION, d2i_ADMISSIONS, d2i_ADMISSION_SYNTAX, d2i_ASIdOrRange, d2i_ASIdentifierChoice, d2i_ASIdentifiers, d2i_ASN1_BIT_STRING, d2i_ASN1_BMPSTRING, d2i_ASN1_ENUMERATED, d2i_ASN1_GENERALIZEDTIME, d2i_ASN1_GENERALSTRING, d2i_ASN1_IA5STRING, d2i_ASN1_INTEGER, d2i_ASN1_NULL, d2i_ASN1_OBJECT, d2i_ASN1_OCTET_STRING, d2i_ASN1_PRINTABLE, d2i_ASN1_PRINTABLESTRING, d2i_ASN1_SEQUENCE_ANY, d2i_ASN1_SET_ANY, d2i_ASN1_T61STRING, d2i_ASN1_TIME, d2i_ASN1_TYPE, d2i_ASN1_UINTEGER, d2i_ASN1_UNIVERSALSTRING, d2i_ASN1_UTCTIME, d2i_ASN1_UTF8STRING, d2i_ASN1_VISIBLESTRING, d2i_ASRange, d2i_AUTHORITY_INFO_ACCESS, d2i_AUTHORITY_KEYID, d2i_BASIC_CONSTRAINTS, d2i_CERTIFICATEPOLICIES, d2i_CMS_ContentInfo, d2i_CMS_ReceiptRequest, d2i_CMS_bio, d2i_CRL_DIST_POINTS, d2i_DHxparams, d2i_DIRECTORYSTRING, d2i_DISPLAYTEXT, d2i_DIST_POINT, d2i_DIST_POINT_NAME, d2i_DSAPrivateKey, d2i_DSAPrivateKey_bio, d2i_DSAPrivateKey_fp, d2i_DSAPublicKey, d2i_DSA_PUBKEY, d2i_DSA_PUBKEY_bio, d2i_DSA_PUBKEY_fp, d2i_DSA_SIG, d2i_DSAparams, d2i_ECDSA_SIG, d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio, d2i_ECPrivateKey_fp, d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp, d2i_EDIPARTYNAME, d2i_ESS_CERT_ID, d2i_ESS_ISSUER_SERIAL, d2i_ESS_SIGNING_CERT, d2i_EXTENDED_KEY_USAGE, d2i_GENERAL_NAME, d2i_GENERAL_NAMES, d2i_IPAddressChoice, d2i_IPAddressFamily, d2i_IPAddressOrRange, d2i_IPAddressRange, d2i_ISSUING_DIST_POINT, d2i_NAMING_AUTHORITY, d2i_NETSCAPE_CERT_SEQUENCE, d2i_NETSCAPE_SPKAC, d2i_NETSCAPE_SPKI, d2i_NOTICEREF, d2i_OCSP_BASICRESP, d2i_OCSP_CERTID, d2i_OCSP_CERTSTATUS, d2i_OCSP_CRLID, d2i_OCSP_ONEREQ, d2i_OCSP_REQINFO, d2i_OCSP_REQUEST, d2i_OCSP_RESPBYTES, d2i_OCSP_RESPDATA, d2i_OCSP_RESPID, d2i_OCSP_RESPONSE, d2i_OCSP_REVOKEDINFO, d2i_OCSP_SERVICELOC, d2i_OCSP_SIGNATURE, d2i_OCSP_SINGLERESP, d2i_OTHERNAME, d2i_PBE2PARAM, d2i_PBEPARAM, d2i_PBKDF2PARAM, d2i_PKCS12, d2i_PKCS12_BAGS, d2i_PKCS12_MAC_DATA, d2i_PKCS12_SAFEBAG, d2i_PKCS12_bio, d2i_PKCS12_fp, d2i_PKCS7, d2i_PKCS7_DIGEST, d2i_PKCS7_ENCRYPT, d2i_PKCS7_ENC_CONTENT, d2i_PKCS7_ENVELOPE, d2i_PKCS7_ISSUER_AND_SERIAL, d2i_PKCS7_RECIP_INFO, d2i_PKCS7_SIGNED, d2i_PKCS7_SIGNER_INFO, d2i_PKCS7_SIGN_ENVELOPE, d2i_PKCS7_bio, d2i_PKCS7_fp, d2i_PKCS8_PRIV_KEY_INFO, d2i_PKCS8_PRIV_KEY_INFO_bio, d2i_PKCS8_PRIV_KEY_INFO_fp, d2i_PKCS8_bio, d2i_PKCS8_fp, d2i_PKEY_USAGE_PERIOD, d2i_POLICYINFO, d2i_POLICYQUALINFO, d2i_PROFESSION_INFO, d2i_PROXY_CERT_INFO_EXTENSION, d2i_PROXY_POLICY, d2i_RSAPrivateKey, d2i_RSAPrivateKey_bio, d2i_RSAPrivateKey_fp, d2i_RSAPublicKey, d2i_RSAPublicKey_bio, d2i_RSAPublicKey_fp, d2i_RSA_OAEP_PARAMS, d2i_RSA_PSS_PARAMS, d2i_RSA_PUBKEY, d2i_RSA_PUBKEY_bio, d2i_RSA_PUBKEY_fp, d2i_SCRYPT_PARAMS, d2i_SCT_LIST, d2i_SXNET, d2i_SXNETID, d2i_TS_ACCURACY, d2i_TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT_bio, d2i_TS_MSG_IMPRINT_fp, d2i_TS_REQ, d2i_TS_REQ_bio, d2i_TS_REQ_fp, d2i_TS_RESP, d2i_TS_RESP_bio, d2i_TS_RESP_fp, d2i_TS_STATUS_INFO, d2i_TS_TST_INFO, d2i_TS_TST_INFO_bio, d2i_TS_TST_INFO_fp, d2i_USERNOTICE, d2i_X509, d2i_X509_ALGOR, d2i_X509_ALGORS, d2i_X509_ATTRIBUTE, d2i_X509_CERT_AUX, d2i_X509_CINF, d2i_X509_CRL, d2i_X509_CRL_INFO, d2i_X509_CRL_bio, d2i_X509_CRL_fp, d2i_X509_EXTENSION, d2i_X509_EXTENSIONS, d2i_X509_NAME, d2i_X509_NAME_ENTRY, d2i_X509_PUBKEY, d2i_X509_REQ, d2i_X509_REQ_INFO, d2i_X509_REQ_bio, d2i_X509_REQ_fp, d2i_X509_REVOKED, d2i_X509_SIG, d2i_X509_VAL, i2d_ACCESS_DESCRIPTION, i2d_ADMISSIONS, i2d_ADMISSION_SYNTAX, i2d_ASIdOrRange, i2d_ASIdentifierChoice, i2d_ASIdentifiers, i2d_ASN1_BIT_STRING, i2d_ASN1_BMPSTRING, i2d_ASN1_ENUMERATED, i2d_ASN1_GENERALIZEDTIME, i2d_ASN1_GENERALSTRING, i2d_ASN1_IA5STRING, i2d_ASN1_INTEGER, i2d_ASN1_NULL, i2d_ASN1_OBJECT, i2d_ASN1_OCTET_STRING, i2d_ASN1_PRINTABLE, i2d_ASN1_PRINTABLESTRING, i2d_ASN1_SEQUENCE_ANY, i2d_ASN1_SET_ANY, i2d_ASN1_T61STRING, i2d_ASN1_TIME, i2d_ASN1_TYPE, i2d_ASN1_UNIVERSALSTRING, i2d_ASN1_UTCTIME, i2d_ASN1_UTF8STRING, i2d_ASN1_VISIBLESTRING, i2d_ASN1_bio_stream, i2d_ASRange, i2d_AUTHORITY_INFO_ACCESS, i2d_AUTHORITY_KEYID, i2d_BASIC_CONSTRAINTS, i2d_CERTIFICATEPOLICIES, i2d_CMS_ContentInfo, i2d_CMS_ReceiptRequest, i2d_CMS_bio, i2d_CRL_DIST_POINTS, i2d_DHxparams, i2d_DIRECTORYSTRING, i2d_DISPLAYTEXT, i2d_DIST_POINT, i2d_DIST_POINT_NAME, i2d_DSAPrivateKey, i2d_DSAPrivateKey_bio, i2d_DSAPrivateKey_fp, i2d_DSAPublicKey, i2d_DSA_PUBKEY, i2d_DSA_PUBKEY_bio, i2d_DSA_PUBKEY_fp, i2d_DSA_SIG, i2d_DSAparams, i2d_ECDSA_SIG, i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio, i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio, i2d_EC_PUBKEY_fp, i2d_EDIPARTYNAME, i2d_ESS_CERT_ID, i2d_ESS_ISSUER_SERIAL, i2d_ESS_SIGNING_CERT, i2d_EXTENDED_KEY_USAGE, i2d_GENERAL_NAME, i2d_GENERAL_NAMES, i2d_IPAddressChoice, i2d_IPAddressFamily, i2d_IPAddressOrRange, i2d_IPAddressRange, i2d_ISSUING_DIST_POINT, i2d_NAMING_AUTHORITY, i2d_NETSCAPE_CERT_SEQUENCE, i2d_NETSCAPE_SPKAC, i2d_NETSCAPE_SPKI, i2d_NOTICEREF, i2d_OCSP_BASICRESP, i2d_OCSP_CERTID, i2d_OCSP_CERTSTATUS, i2d_OCSP_CRLID, i2d_OCSP_ONEREQ, i2d_OCSP_REQINFO, i2d_OCSP_REQUEST, i2d_OCSP_RESPBYTES, i2d_OCSP_RESPDATA, i2d_OCSP_RESPID, i2d_OCSP_RESPONSE, i2d_OCSP_REVOKEDINFO, i2d_OCSP_SERVICELOC, i2d_OCSP_SIGNATURE, i2d_OCSP_SINGLERESP, i2d_OTHERNAME, i2d_PBE2PARAM, i2d_PBEPARAM, i2d_PBKDF2PARAM, i2d_PKCS12, i2d_PKCS12_BAGS, i2d_PKCS12_MAC_DATA, i2d_PKCS12_SAFEBAG, i2d_PKCS12_bio, i2d_PKCS12_fp, i2d_PKCS7, i2d_PKCS7_DIGEST, i2d_PKCS7_ENCRYPT, i2d_PKCS7_ENC_CONTENT, i2d_PKCS7_ENVELOPE, i2d_PKCS7_ISSUER_AND_SERIAL, i2d_PKCS7_NDEF, i2d_PKCS7_RECIP_INFO, i2d_PKCS7_SIGNED, i2d_PKCS7_SIGNER_INFO, i2d_PKCS7_SIGN_ENVELOPE, i2d_PKCS7_bio, i2d_PKCS7_fp, i2d_PKCS8PrivateKeyInfo_bio, i2d_PKCS8PrivateKeyInfo_fp, i2d_PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO_bio, i2d_PKCS8_PRIV_KEY_INFO_fp, i2d_PKCS8_bio, i2d_PKCS8_fp, i2d_PKEY_USAGE_PERIOD, i2d_POLICYINFO, i2d_POLICYQUALINFO, i2d_PROFESSION_INFO, i2d_PROXY_CERT_INFO_EXTENSION, i2d_PROXY_POLICY, i2d_RSAPrivateKey, i2d_RSAPrivateKey_bio, i2d_RSAPrivateKey_fp, i2d_RSAPublicKey, i2d_RSAPublicKey_bio, i2d_RSAPublicKey_fp, i2d_RSA_OAEP_PARAMS, i2d_RSA_PSS_PARAMS, i2d_RSA_PUBKEY, i2d_RSA_PUBKEY_bio, i2d_RSA_PUBKEY_fp, i2d_SCRYPT_PARAMS, i2d_SCT_LIST, i2d_SXNET, i2d_SXNETID, i2d_TS_ACCURACY, i2d_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT_bio, i2d_TS_MSG_IMPRINT_fp, i2d_TS_REQ, i2d_TS_REQ_bio, i2d_TS_REQ_fp, i2d_TS_RESP, i2d_TS_RESP_bio, i2d_TS_RESP_fp, i2d_TS_STATUS_INFO, i2d_TS_TST_INFO, i2d_TS_TST_INFO_bio, i2d_TS_TST_INFO_fp, i2d_USERNOTICE, i2d_X509, i2d_X509_ALGOR, i2d_X509_ALGORS, i2d_X509_ATTRIBUTE, i2d_X509_CERT_AUX, i2d_X509_CINF, i2d_X509_CRL, i2d_X509_CRL_INFO, i2d_X509_CRL_bio, i2d_X509_CRL_fp, i2d_X509_EXTENSION, i2d_X509_EXTENSIONS, i2d_X509_NAME, i2d_X509_NAME_ENTRY, i2d_X509_PUBKEY, i2d_X509_REQ, i2d_X509_REQ_INFO, i2d_X509_REQ_bio, i2d_X509_REQ_fp, i2d_X509_REVOKED, i2d_X509_SIG, i2d_X509_VAL, - convert objects from/to ASN.1/DER representation

+ +

SYNOPSIS

+ +
TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length);
+TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a);
+TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a);
+
+int i2d_TYPE(TYPE *a, unsigned char **ppout);
+int i2d_TYPE_fp(FILE *fp, TYPE *a);
+int i2d_TYPE_bio(BIO *bp, TYPE *a);
+ +

DESCRIPTION

+ +

In the description here, TYPE is used a placeholder for any of the OpenSSL datatypes, such as X509_CRL. The function parameters ppin and ppout are generally either both named pp in the headers, or in and out.

+ +

These functions convert OpenSSL objects to and from their ASN.1/DER encoding. Unlike the C structures which can have pointers to sub-objects within, the DER is a serialized encoding, suitable for sending over the network, writing to a file, and so on.

+ +

d2i_TYPE() attempts to decode len bytes at *ppin. If successful a pointer to the TYPE structure is returned and *ppin is incremented to the byte following the parsed data. If a is not NULL then a pointer to the returned structure is also written to *a. If an error occurred then NULL is returned.

+ +

On a successful return, if *a is not NULL then it is assumed that *a contains a valid TYPE structure and an attempt is made to reuse it. This "reuse" capability is present for historical compatibility but its use is strongly discouraged (see BUGS below, and the discussion in the RETURN VALUES section).

+ +

d2i_TYPE_bio() is similar to d2i_TYPE() except it attempts to parse data from BIO bp.

+ +

d2i_TYPE_fp() is similar to d2i_TYPE() except it attempts to parse data from FILE pointer fp.

+ +

i2d_TYPE() encodes the structure pointed to by a into DER format. If ppout is not NULL, it writes the DER encoded data to the buffer at *ppout, and increments it to point after the data just written. If the return value is negative an error occurred, otherwise it returns the length of the encoded data.

+ +

If *ppout is NULL memory will be allocated for a buffer and the encoded data written to it. In this case *ppout is not incremented and it points to the start of the data just written.

+ +

i2d_TYPE_bio() is similar to i2d_TYPE() except it writes the encoding of the structure a to BIO bp and it returns 1 for success and 0 for failure.

+ +

i2d_TYPE_fp() is similar to i2d_TYPE() except it writes the encoding of the structure a to BIO bp and it returns 1 for success and 0 for failure.

+ +

These routines do not encrypt private keys and therefore offer no security; use PEM_write_PrivateKey(3) or similar for writing to files.

+ +

NOTES

+ +

The letters i and d in i2d_TYPE stand for "internal" (that is, an internal C structure) and "DER" respectively. So i2d_TYPE converts from internal to DER.

+ +

The functions can also understand BER forms.

+ +

The actual TYPE structure passed to i2d_TYPE() must be a valid populated TYPE structure -- it cannot simply be fed with an empty structure such as that returned by TYPE_new().

+ +

The encoded data is in binary form and may contain embedded zeroes. Therefore any FILE pointers or BIOs should be opened in binary mode. Functions such as strlen() will not return the correct length of the encoded structure.

+ +

The ways that *ppin and *ppout are incremented after the operation can trap the unwary. See the WARNINGS section for some common errors. The reason for this-auto increment behaviour is to reflect a typical usage of ASN1 functions: after one structure is encoded or decoded another will be processed after it.

+ +

The following points about the data types might be useful:

+ +
+ +
ASN1_OBJECT
+
+ +

Represents an ASN1 OBJECT IDENTIFIER.

+ +
+
DHparams
+
+ +

Represents a PKCS#3 DH parameters structure.

+ +
+
DHxparams
+
+ +

Represents an ANSI X9.42 DH parameters structure.

+ +
+
DSA_PUBKEY
+
+ +

Represents a DSA public key using a SubjectPublicKeyInfo structure.

+ +
+
DSAPublicKey, DSAPrivateKey
+
+ +

Use a non-standard OpenSSL format and should be avoided; use DSA_PUBKEY, PEM_write_PrivateKey(3), or similar instead.

+ +
+
ECDSA_SIG
+
+ +

Represents an ECDSA signature.

+ +
+
RSAPublicKey
+
+ +

Represents a PKCS#1 RSA public key structure.

+ +
+
X509_ALGOR
+
+ +

Represents an AlgorithmIdentifier structure as used in IETF RFC 6960 and elsewhere.

+ +
+
X509_Name
+
+ +

Represents a Name type as used for subject and issuer names in IETF RFC 6960 and elsewhere.

+ +
+
X509_REQ
+
+ +

Represents a PKCS#10 certificate request.

+ +
+
X509_SIG
+
+ +

Represents the DigestInfo structure defined in PKCS#1 and PKCS#7.

+ +
+
+ +

RETURN VALUES

+ +

d2i_TYPE(), d2i_TYPE_bio() and d2i_TYPE_fp() return a valid TYPE structure or NULL if an error occurs. If the "reuse" capability has been used with a valid structure being passed in via a, then the object is freed in the event of error and *a is set to NULL.

+ +

i2d_TYPE() returns the number of bytes successfully encoded or a negative value if an error occurs.

+ +

i2d_TYPE_bio() and i2d_TYPE_fp() return 1 for success and 0 if an error occurs.

+ +

EXAMPLES

+ +

Allocate and encode the DER encoding of an X509 structure:

+ +
int len;
+unsigned char *buf;
+
+buf = NULL;
+len = i2d_X509(x, &buf);
+if (len < 0)
+    /* error */
+ +

Attempt to decode a buffer:

+ +
X509 *x;
+unsigned char *buf, *p;
+int len;
+
+/* Set up buf and len to point to the input buffer. */
+p = buf;
+x = d2i_X509(NULL, &p, len);
+if (x == NULL)
+    /* error */
+ +

Alternative technique:

+ +
X509 *x;
+unsigned char *buf, *p;
+int len;
+
+/* Set up buf and len to point to the input buffer. */
+p = buf;
+x = NULL;
+
+if (d2i_X509(&x, &p, len) == NULL)
+    /* error */
+ +

WARNINGS

+ +

Using a temporary variable is mandatory. A common mistake is to attempt to use a buffer directly as follows:

+ +
int len;
+unsigned char *buf;
+
+len = i2d_X509(x, NULL);
+buf = OPENSSL_malloc(len);
+...
+i2d_X509(x, &buf);
+...
+OPENSSL_free(buf);
+ +

This code will result in buf apparently containing garbage because it was incremented after the call to point after the data just written. Also buf will no longer contain the pointer allocated by OPENSSL_malloc() and the subsequent call to OPENSSL_free() is likely to crash.

+ +

Another trap to avoid is misuse of the a argument to d2i_TYPE():

+ +
X509 *x;
+
+if (d2i_X509(&x, &p, len) == NULL)
+    /* error */
+ +

This will probably crash somewhere in d2i_X509(). The reason for this is that the variable x is uninitialized and an attempt will be made to interpret its (invalid) value as an X509 structure, typically causing a segmentation violation. If x is set to NULL first then this will not happen.

+ +

BUGS

+ +

In some versions of OpenSSL the "reuse" behaviour of d2i_TYPE() when *a is valid is broken and some parts of the reused structure may persist if they are not present in the new one. Additionally, in versions of OpenSSL prior to 1.1.0, when the "reuse" behaviour is used and an error occurs the behaviour is inconsistent. Some functions behaved as described here, while some did not free *a on error and did not set *a to NULL.

+ +

As a result of the above issues the "reuse" behaviour is strongly discouraged.

+ +

i2d_TYPE() will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error then the encoded structure may contain invalid data or omit the fields entirely and will not be parsed by d2i_TYPE(). This may be fixed in future so code should not assume that i2d_TYPE() will always succeed.

+ +

Any function which encodes a structure (i2d_TYPE(), i2d_TYPE() or i2d_TYPE()) may return a stale encoding if the structure has been modified after deserialization or previous serialization. This is because some objects cache the encoding for efficiency reasons.

+ +

COPYRIGHT

+ +

Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/i2d_CMS_bio_stream.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/i2d_CMS_bio_stream.html new file mode 100644 index 00000000..7d909ee1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/i2d_CMS_bio_stream.html @@ -0,0 +1,73 @@ + + + + +i2d_CMS_bio_stream + + + + + + + + + + +

NAME

+ +

i2d_CMS_bio_stream - output CMS_ContentInfo structure in BER format

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+ +

DESCRIPTION

+ +

i2d_CMS_bio_stream() outputs a CMS_ContentInfo structure in BER format.

+ +

It is otherwise identical to the function SMIME_write_CMS().

+ +

NOTES

+ +

This function is effectively a version of the i2d_CMS_bio() supporting streaming.

+ +

BUGS

+ +

The prefix "i2d" is arguably wrong because the function outputs BER format.

+ +

RETURN VALUES

+ +

i2d_CMS_bio_stream() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_verify(3), CMS_encrypt(3) CMS_decrypt(3), SMIME_write_CMS(3), PEM_write_bio_CMS_stream(3)

+ +

HISTORY

+ +

The i2d_CMS_bio_stream() function was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/i2d_PKCS7_bio_stream.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/i2d_PKCS7_bio_stream.html new file mode 100644 index 00000000..9fd05884 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/i2d_PKCS7_bio_stream.html @@ -0,0 +1,73 @@ + + + + +i2d_PKCS7_bio_stream + + + + + + + + + + +

NAME

+ +

i2d_PKCS7_bio_stream - output PKCS7 structure in BER format

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
+ +

DESCRIPTION

+ +

i2d_PKCS7_bio_stream() outputs a PKCS7 structure in BER format.

+ +

It is otherwise identical to the function SMIME_write_PKCS7().

+ +

NOTES

+ +

This function is effectively a version of the d2i_PKCS7_bio() supporting streaming.

+ +

BUGS

+ +

The prefix "i2d" is arguably wrong because the function outputs BER format.

+ +

RETURN VALUES

+ +

i2d_PKCS7_bio_stream() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_sign(3), PKCS7_verify(3), PKCS7_encrypt(3) PKCS7_decrypt(3), SMIME_write_PKCS7(3), PEM_write_bio_PKCS7_stream(3)

+ +

HISTORY

+ +

The i2d_PKCS7_bio_stream() function was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/i2d_re_X509_tbs.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/i2d_re_X509_tbs.html new file mode 100644 index 00000000..67e9a3f0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/i2d_re_X509_tbs.html @@ -0,0 +1,74 @@ + + + + +i2d_re_X509_tbs + + + + + + + + + + +

NAME

+ +

d2i_X509_AUX, i2d_X509_AUX, i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs - X509 encode and decode functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len);
+int i2d_X509_AUX(X509 *x, unsigned char **out);
+int i2d_re_X509_tbs(X509 *x, unsigned char **out);
+int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp);
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
+ +

DESCRIPTION

+ +

The X509 encode and decode routines encode and parse an X509 structure, which represents an X509 certificate.

+ +

d2i_X509_AUX() is similar to d2i_X509(3) but the input is expected to consist of an X509 certificate followed by auxiliary trust information. This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects. This function should not be called on untrusted input.

+ +

i2d_X509_AUX() is similar to i2d_X509(3), but the encoded output contains both the certificate and any auxiliary trust information. This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects. Note that this is a non-standard OpenSSL-specific data format.

+ +

i2d_re_X509_tbs() is similar to i2d_X509(3) except it encodes only the TBSCertificate portion of the certificate. i2d_re_X509_CRL_tbs() and i2d_re_X509_REQ_tbs() are analogous for CRL and certificate request, respectively. The "re" in i2d_re_X509_tbs stands for "re-encode", and ensures that a fresh encoding is generated in case the object has been modified after creation (see the BUGS section).

+ +

The encoding of the TBSCertificate portion of a certificate is cached in the X509 structure internally to improve encoding performance and to ensure certificate signatures are verified correctly in some certificates with broken (non-DER) encodings.

+ +

If, after modification, the X509 object is re-signed with X509_sign(), the encoding is automatically renewed. Otherwise, the encoding of the TBSCertificate portion of the X509 can be manually renewed by calling i2d_re_X509_tbs().

+ +

RETURN VALUES

+ +

d2i_X509_AUX() returns a valid X509 structure or NULL if an error occurred.

+ +

i2d_X509_AUX() returns the length of encoded data or -1 on error.

+ +

i2d_re_X509_tbs(), i2d_re_X509_CRL_tbs() and i2d_re_X509_REQ_tbs() return the length of encoded data or 0 on error.

+ +

SEE ALSO

+ +

ERR_get_error(3) X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/o2i_SCT_LIST.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/o2i_SCT_LIST.html new file mode 100644 index 00000000..4636eb47 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man3/o2i_SCT_LIST.html @@ -0,0 +1,65 @@ + + + + +o2i_SCT_LIST + + + + + + + + + + +

NAME

+ +

o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT - decode and encode Signed Certificate Timestamp lists in TLS wire format

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            size_t len);
+int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
+int i2o_SCT(const SCT *sct, unsigned char **out);
+ +

DESCRIPTION

+ +

The SCT_LIST and SCT functions are very similar to the i2d and d2i family of functions, except that they convert to and from TLS wire format, as described in RFC 6962. See d2i_SCT_LIST for more information about how the parameters are treated and the return values.

+ +

RETURN VALUES

+ +

All of the functions have return values consistent with those stated for d2i_SCT_LIST and i2d_SCT_LIST.

+ +

SEE ALSO

+ +

ct(7), d2i_SCT_LIST(3), i2d_SCT_LIST(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man5/config.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man5/config.html new file mode 100644 index 00000000..54bca59e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man5/config.html @@ -0,0 +1,362 @@ + + + + +config + + + + + + + + + + +

NAME

+ +

config - OpenSSL CONF library configuration files

+ +

DESCRIPTION

+ +

The OpenSSL CONF library can be used to read configuration files. It is used for the OpenSSL master configuration file openssl.cnf and in a few other places like SPKAC files and certificate extension files for the x509 utility. OpenSSL applications can also use the CONF library for their own purposes.

+ +

A configuration file is divided into a number of sections. Each section starts with a line [ section_name ] and ends when a new section is started or end of file is reached. A section name can consist of alphanumeric characters and underscores.

+ +

The first section of a configuration file is special and is referred to as the default section. This section is usually unnamed and spans from the start of file until the first named section. When a name is being looked up it is first looked up in a named section (if any) and then the default section.

+ +

The environment is mapped onto a section called ENV.

+ +

Comments can be included by preceding them with the # character

+ +

Other files can be included using the .include directive followed by a path. If the path points to a directory all files with names ending with .cnf or .conf are included from the directory. Recursive inclusion of directories from files in such directory is not supported. That means the files in the included directory can also contain .include directives but only inclusion of regular files is supported there. The inclusion of directories is not supported on systems without POSIX IO support.

+ +

It is strongly recommended to use absolute paths with the .include directive. Relative paths are evaluated based on the application current working directory so unless the configuration file containing the .include directive is application specific the inclusion will not work as expected.

+ +

There can be optional = character and whitespace characters between .include directive and the path which can be useful in cases the configuration file needs to be loaded by old OpenSSL versions which do not support the .include syntax. They would bail out with error if the = character is not present but with it they just ignore the include.

+ +

Each section in a configuration file consists of a number of name and value pairs of the form name=value

+ +

The name string can contain any alphanumeric characters as well as a few punctuation symbols such as . , ; and _.

+ +

The value string consists of the string following the = character until end of line with any leading and trailing white space removed.

+ +

The value string undergoes variable expansion. This can be done by including the form $var or ${var}: this will substitute the value of the named variable in the current section. It is also possible to substitute a value from another section using the syntax $section::name or ${section::name}. By using the form $ENV::name environment variables can be substituted. It is also possible to assign values to environment variables by using the name ENV::name, this will work if the program looks up environment variables using the CONF library instead of calling getenv() directly. The value string must not exceed 64k in length after variable expansion. Otherwise an error will occur.

+ +

It is possible to escape certain characters by using any kind of quote or the \ character. By making the last character of a line a \ a value string can be spread across multiple lines. In addition the sequences \n, \r, \b and \t are recognized.

+ +

All expansion and escape rules as described above that apply to value also apply to the path of the .include directive.

+ +

OPENSSL LIBRARY CONFIGURATION

+ +

Applications can automatically configure certain aspects of OpenSSL using the master OpenSSL configuration file, or optionally an alternative configuration file. The openssl utility includes this functionality: any sub command uses the master OpenSSL configuration file unless an option is used in the sub command to use an alternative configuration file.

+ +

To enable library configuration the default section needs to contain an appropriate line which points to the main configuration section. The default name is openssl_conf which is used by the openssl utility. Other applications may use an alternative name such as myapplication_conf. All library configuration lines appear in the default section at the start of the configuration file.

+ +

The configuration section should consist of a set of name value pairs which contain specific module configuration information. The name represents the name of the configuration module. The meaning of the value is module specific: it may, for example, represent a further configuration section containing configuration module specific information. E.g.:

+ +
# This must be in the default section
+openssl_conf = openssl_init
+
+[openssl_init]
+
+oid_section = new_oids
+engines = engine_section
+
+[new_oids]
+
+... new oids here ...
+
+[engine_section]
+
+... engine stuff here ...
+ +

The features of each configuration module are described below.

+ +

ASN1 Object Configuration Module

+ +

This module has the name oid_section. The value of this variable points to a section containing name value pairs of OIDs: the name is the OID short and long name, the value is the numerical form of the OID. Although some of the openssl utility sub commands already have their own ASN1 OBJECT section functionality not all do. By using the ASN1 OBJECT configuration module all the openssl utility sub commands can see the new objects as well as any compliant applications. For example:

+ +
[new_oids]
+
+some_new_oid = 1.2.3.4
+some_other_oid = 1.2.3.5
+ +

It is also possible to set the value to the long name followed by a comma and the numerical OID form. For example:

+ +
shortName = some object long name, 1.2.3.4
+ +

Engine Configuration Module

+ +

This ENGINE configuration module has the name engines. The value of this variable points to a section containing further ENGINE configuration information.

+ +

The section pointed to by engines is a table of engine names (though see engine_id below) and further sections containing configuration information specific to each ENGINE.

+ +

Each ENGINE specific section is used to set default algorithms, load dynamic, perform initialization and send ctrls. The actual operation performed depends on the command name which is the name of the name value pair. The currently supported commands are listed below.

+ +

For example:

+ +
[engine_section]
+
+# Configure ENGINE named "foo"
+foo = foo_section
+# Configure ENGINE named "bar"
+bar = bar_section
+
+[foo_section]
+... foo ENGINE specific commands ...
+
+[bar_section]
+... "bar" ENGINE specific commands ...
+ +

The command engine_id is used to give the ENGINE name. If used this command must be first. For example:

+ +
[engine_section]
+# This would normally handle an ENGINE named "foo"
+foo = foo_section
+
+[foo_section]
+# Override default name and use "myfoo" instead.
+engine_id = myfoo
+ +

The command dynamic_path loads and adds an ENGINE from the given path. It is equivalent to sending the ctrls SO_PATH with the path argument followed by LIST_ADD with value 2 and LOAD to the dynamic ENGINE. If this is not the required behaviour then alternative ctrls can be sent directly to the dynamic ENGINE using ctrl commands.

+ +

The command init determines whether to initialize the ENGINE. If the value is 0 the ENGINE will not be initialized, if 1 and attempt it made to initialized the ENGINE immediately. If the init command is not present then an attempt will be made to initialize the ENGINE after all commands in its section have been processed.

+ +

The command default_algorithms sets the default algorithms an ENGINE will supply using the functions ENGINE_set_default_string().

+ +

If the name matches none of the above command names it is assumed to be a ctrl command which is sent to the ENGINE. The value of the command is the argument to the ctrl command. If the value is the string EMPTY then no value is sent to the command.

+ +

For example:

+ +
[engine_section]
+
+# Configure ENGINE named "foo"
+foo = foo_section
+
+[foo_section]
+# Load engine from DSO
+dynamic_path = /some/path/fooengine.so
+# A foo specific ctrl.
+some_ctrl = some_value
+# Another ctrl that doesn't take a value.
+other_ctrl = EMPTY
+# Supply all default algorithms
+default_algorithms = ALL
+ +

EVP Configuration Module

+ +

This modules has the name alg_section which points to a section containing algorithm commands.

+ +

Currently the only algorithm command supported is fips_mode whose value can only be the boolean string off. If fips_mode is set to on, an error occurs as this library version is not FIPS capable.

+ +

SSL Configuration Module

+ +

This module has the name ssl_conf which points to a section containing SSL configurations.

+ +

Each line in the SSL configuration section contains the name of the configuration and the section containing it.

+ +

Each configuration section consists of command value pairs for SSL_CONF. Each pair will be passed to a SSL_CTX or SSL structure if it calls SSL_CTX_config() or SSL_config() with the appropriate configuration name.

+ +

Note: any characters before an initial dot in the configuration section are ignored so the same command can be used multiple times.

+ +

For example:

+ +
ssl_conf = ssl_sect
+
+[ssl_sect]
+
+server = server_section
+
+[server_section]
+
+RSA.Certificate = server-rsa.pem
+ECDSA.Certificate = server-ecdsa.pem
+Ciphers = ALL:!RC4
+ +

The system default configuration with name system_default if present will be applied during any creation of the SSL_CTX structure.

+ +

Example of a configuration with the system default:

+ +
ssl_conf = ssl_sect
+
+[ssl_sect]
+
+system_default = system_default_sect
+
+[system_default_sect]
+
+MinProtocol = TLSv1.2
+ +

NOTES

+ +

If a configuration file attempts to expand a variable that doesn't exist then an error is flagged and the file will not load. This can happen if an attempt is made to expand an environment variable that doesn't exist. For example in a previous version of OpenSSL the default OpenSSL master configuration file used the value of HOME which may not be defined on non Unix systems and would cause an error.

+ +

This can be worked around by including a default section to provide a default value: then if the environment lookup fails the default value will be used instead. For this to work properly the default value must be defined earlier in the configuration file than the expansion. See the EXAMPLES section for an example of how to do this.

+ +

If the same variable exists in the same section then all but the last value will be silently ignored. In certain circumstances such as with DNs the same field may occur multiple times. This is usually worked around by ignoring any characters before an initial . e.g.

+ +
1.OU="My first OU"
+2.OU="My Second OU"
+ +

EXAMPLES

+ +

Here is a sample configuration file using some of the features mentioned above.

+ +
# This is the default section.
+
+HOME=/temp
+RANDFILE= ${ENV::HOME}/.rnd
+configdir=$ENV::HOME/config
+
+[ section_one ]
+
+# We are now in section one.
+
+# Quotes permit leading and trailing whitespace
+any = " any variable name "
+
+other = A string that can \
+cover several lines \
+by including \\ characters
+
+message = Hello World\n
+
+[ section_two ]
+
+greeting = $section_one::message
+ +

This next example shows how to expand environment variables safely.

+ +

Suppose you want a variable called tmpfile to refer to a temporary filename. The directory it is placed in can determined by the TEMP or TMP environment variables but they may not be set to any value at all. If you just include the environment variable names and the variable doesn't exist then this will cause an error when an attempt is made to load the configuration file. By making use of the default section both values can be looked up with TEMP taking priority and /tmp used if neither is defined:

+ +
TMP=/tmp
+# The above value is used if TMP isn't in the environment
+TEMP=$ENV::TMP
+# The above value is used if TEMP isn't in the environment
+tmpfile=${ENV::TEMP}/tmp.filename
+ +

Simple OpenSSL library configuration example to enter FIPS mode:

+ +
# Default appname: should match "appname" parameter (if any)
+# supplied to CONF_modules_load_file et al.
+openssl_conf = openssl_conf_section
+
+[openssl_conf_section]
+# Configuration module list
+alg_section = evp_sect
+
+[evp_sect]
+# Set to "yes" to enter FIPS mode if supported
+fips_mode = yes
+ +

Note: in the above example you will get an error in non FIPS capable versions of OpenSSL.

+ +

Simple OpenSSL library configuration to make TLS 1.3 the system-default minimum TLS version:

+ +
# Toplevel section for openssl (including libssl)
+openssl_conf = default_conf_section
+
+[default_conf_section]
+# We only specify configuration for the "ssl module"
+ssl_conf = ssl_section
+
+[ssl_section]
+system_default = system_default_section
+
+[system_default_section]
+MinProtocol = TLSv1.3
+ +

More complex OpenSSL library configuration. Add OID and don't enter FIPS mode:

+ +
# Default appname: should match "appname" parameter (if any)
+# supplied to CONF_modules_load_file et al.
+openssl_conf = openssl_conf_section
+
+[openssl_conf_section]
+# Configuration module list
+alg_section = evp_sect
+oid_section = new_oids
+
+[evp_sect]
+# This will have no effect as FIPS mode is off by default.
+# Set to "yes" to enter FIPS mode, if supported
+fips_mode = no
+
+[new_oids]
+# New OID, just short name
+newoid1 = 1.2.3.4.1
+# New OID shortname and long name
+newoid2 = New OID 2 long name, 1.2.3.4.2
+ +

The above examples can be used with any application supporting library configuration if "openssl_conf" is modified to match the appropriate "appname".

+ +

For example if the second sample file above is saved to "example.cnf" then the command line:

+ +
OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1
+ +

will output:

+ +
0:d=0  hl=2 l=   4 prim: OBJECT            :newoid1
+ +

showing that the OID "newoid1" has been added as "1.2.3.4.1".

+ +

ENVIRONMENT

+ +
+ +
OPENSSL_CONF
+
+ +

The path to the config file. Ignored in set-user-ID and set-group-ID programs.

+ +
+
OPENSSL_ENGINES
+
+ +

The path to the engines directory. Ignored in set-user-ID and set-group-ID programs.

+ +
+
+ +

BUGS

+ +

Currently there is no way to include characters using the octal \nnn form. Strings are all null terminated so nulls cannot form part of the value.

+ +

The escaping isn't quite right: if you want to use sequences like \n you can't use any quote escaping on the same line.

+ +

Files are loaded in a single pass. This means that an variable expansion will only work if the variables referenced are defined earlier in the file.

+ +

SEE ALSO

+ +

x509(1), req(1), ca(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man5/x509v3_config.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man5/x509v3_config.html new file mode 100644 index 00000000..3a96990b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man5/x509v3_config.html @@ -0,0 +1,464 @@ + + + + +x509v3_config + + + + + + + + + + +

NAME

+ +

x509v3_config - X509 V3 certificate extension configuration format

+ +

DESCRIPTION

+ +

Several of the OpenSSL utilities can add extensions to a certificate or certificate request based on the contents of a configuration file.

+ +

Typically the application will contain an option to point to an extension section. Each line of the extension section takes the form:

+ +
extension_name=[critical,] extension_options
+ +

If critical is present then the extension will be critical.

+ +

The format of extension_options depends on the value of extension_name.

+ +

There are four main types of extension: string extensions, multi-valued extensions, raw and arbitrary extensions.

+ +

String extensions simply have a string which contains either the value itself or how it is obtained.

+ +

For example:

+ +
nsComment="This is a Comment"
+ +

Multi-valued extensions have a short form and a long form. The short form is a list of names and values:

+ +
basicConstraints=critical,CA:true,pathlen:1
+ +

The long form allows the values to be placed in a separate section:

+ +
basicConstraints=critical,@bs_section
+
+[bs_section]
+
+CA=true
+pathlen=1
+ +

Both forms are equivalent.

+ +

The syntax of raw extensions is governed by the extension code: it can for example contain data in multiple sections. The correct syntax to use is defined by the extension code itself: check out the certificate policies extension for an example.

+ +

If an extension type is unsupported then the arbitrary extension syntax must be used, see the ARBITRARY EXTENSIONS section for more details.

+ +

STANDARD EXTENSIONS

+ +

The following sections describe each supported extension in detail.

+ +

Basic Constraints.

+ +

This is a multi valued extension which indicates whether a certificate is a CA certificate. The first (mandatory) name is CA followed by TRUE or FALSE. If CA is TRUE then an optional pathlen name followed by an non-negative value can be included.

+ +

For example:

+ +
basicConstraints=CA:TRUE
+
+basicConstraints=CA:FALSE
+
+basicConstraints=critical,CA:TRUE, pathlen:0
+ +

A CA certificate must include the basicConstraints value with the CA field set to TRUE. An end user certificate must either set CA to FALSE or exclude the extension entirely. Some software may require the inclusion of basicConstraints with CA set to FALSE for end entity certificates.

+ +

The pathlen parameter indicates the maximum number of CAs that can appear below this one in a chain. So if you have a CA with a pathlen of zero it can only be used to sign end user certificates and not further CAs.

+ +

Key Usage.

+ +

Key usage is a multi valued extension consisting of a list of names of the permitted key usages.

+ +

The supported names are: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly and decipherOnly.

+ +

Examples:

+ +
keyUsage=digitalSignature, nonRepudiation
+
+keyUsage=critical, keyCertSign
+ +

Extended Key Usage.

+ +

This extensions consists of a list of usages indicating purposes for which the certificate public key can be used for,

+ +

These can either be object short names or the dotted numerical form of OIDs. While any OID can be used only certain values make sense. In particular the following PKIX, NS and MS values are meaningful:

+ +
Value                  Meaning
+-----                  -------
+serverAuth             SSL/TLS Web Server Authentication.
+clientAuth             SSL/TLS Web Client Authentication.
+codeSigning            Code signing.
+emailProtection        E-mail Protection (S/MIME).
+timeStamping           Trusted Timestamping
+OCSPSigning            OCSP Signing
+ipsecIKE               ipsec Internet Key Exchange
+msCodeInd              Microsoft Individual Code Signing (authenticode)
+msCodeCom              Microsoft Commercial Code Signing (authenticode)
+msCTLSign              Microsoft Trust List Signing
+msEFS                  Microsoft Encrypted File System
+ +

Examples:

+ +
extendedKeyUsage=critical,codeSigning,1.2.3.4
+extendedKeyUsage=serverAuth,clientAuth
+ +

Subject Key Identifier.

+ +

This is really a string extension and can take two possible values. Either the word hash which will automatically follow the guidelines in RFC3280 or a hex string giving the extension value to include. The use of the hex string is strongly discouraged.

+ +

Example:

+ +
subjectKeyIdentifier=hash
+ +

Authority Key Identifier.

+ +

The authority key identifier extension permits two options. keyid and issuer: both can take the optional value "always".

+ +

If the keyid option is present an attempt is made to copy the subject key identifier from the parent certificate. If the value "always" is present then an error is returned if the option fails.

+ +

The issuer option copies the issuer and serial number from the issuer certificate. This will only be done if the keyid option fails or is not included unless the "always" flag will always include the value.

+ +

Example:

+ +
authorityKeyIdentifier=keyid,issuer
+ +

Subject Alternative Name.

+ +

The subject alternative name extension allows various literal values to be included in the configuration file. These include email (an email address) URI a uniform resource indicator, DNS (a DNS domain name), RID (a registered ID: OBJECT IDENTIFIER), IP (an IP address), dirName (a distinguished name) and otherName.

+ +

The email option include a special 'copy' value. This will automatically include any email addresses contained in the certificate subject name in the extension.

+ +

The IP address used in the IP options can be in either IPv4 or IPv6 format.

+ +

The value of dirName should point to a section containing the distinguished name to use as a set of name value pairs. Multi values AVAs can be formed by prefacing the name with a + character.

+ +

otherName can include arbitrary data associated with an OID: the value should be the OID followed by a semicolon and the content in standard ASN1_generate_nconf(3) format.

+ +

Examples:

+ +
subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
+subjectAltName=IP:192.168.7.1
+subjectAltName=IP:13::17
+subjectAltName=email:my@other.address,RID:1.2.3.4
+subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
+
+subjectAltName=dirName:dir_sect
+
+[dir_sect]
+C=UK
+O=My Organization
+OU=My Unit
+CN=My Name
+ +

Issuer Alternative Name.

+ +

The issuer alternative name option supports all the literal options of subject alternative name. It does not support the email:copy option because that would not make sense. It does support an additional issuer:copy option that will copy all the subject alternative name values from the issuer certificate (if possible).

+ +

Example:

+ +
issuerAltName = issuer:copy
+ +

Authority Info Access.

+ +

The authority information access extension gives details about how to access certain information relating to the CA. Its syntax is accessOID;location where location has the same syntax as subject alternative name (except that email:copy is not supported). accessOID can be any valid OID but only certain values are meaningful, for example OCSP and caIssuers.

+ +

Example:

+ +
authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
+authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
+ +

CRL distribution points

+ +

This is a multi-valued extension whose options can be either in name:value pair using the same form as subject alternative name or a single value representing a section name containing all the distribution point fields.

+ +

For a name:value pair a new DistributionPoint with the fullName field set to the given value both the cRLissuer and reasons fields are omitted in this case.

+ +

In the single option case the section indicated contains values for each field. In this section:

+ +

If the name is "fullname" the value field should contain the full name of the distribution point in the same format as subject alternative name.

+ +

If the name is "relativename" then the value field should contain a section name whose contents represent a DN fragment to be placed in this field.

+ +

The name "CRLIssuer" if present should contain a value for this field in subject alternative name format.

+ +

If the name is "reasons" the value field should consist of a comma separated field containing the reasons. Valid reasons are: "keyCompromise", "CACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "privilegeWithdrawn" and "AACompromise".

+ +

Simple examples:

+ +
crlDistributionPoints=URI:http://myhost.com/myca.crl
+crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl
+ +

Full distribution point example:

+ +
crlDistributionPoints=crldp1_section
+
+[crldp1_section]
+
+fullname=URI:http://myhost.com/myca.crl
+CRLissuer=dirName:issuer_sect
+reasons=keyCompromise, CACompromise
+
+[issuer_sect]
+C=UK
+O=Organisation
+CN=Some Name
+ +

Issuing Distribution Point

+ +

This extension should only appear in CRLs. It is a multi valued extension whose syntax is similar to the "section" pointed to by the CRL distribution points extension with a few differences.

+ +

The names "reasons" and "CRLissuer" are not recognized.

+ +

The name "onlysomereasons" is accepted which sets this field. The value is in the same format as the CRL distribution point "reasons" field.

+ +

The names "onlyuser", "onlyCA", "onlyAA" and "indirectCRL" are also accepted the values should be a boolean value (TRUE or FALSE) to indicate the value of the corresponding field.

+ +

Example:

+ +
issuingDistributionPoint=critical, @idp_section
+
+[idp_section]
+
+fullname=URI:http://myhost.com/myca.crl
+indirectCRL=TRUE
+onlysomereasons=keyCompromise, CACompromise
+
+[issuer_sect]
+C=UK
+O=Organisation
+CN=Some Name
+ +

Certificate Policies.

+ +

This is a raw extension. All the fields of this extension can be set by using the appropriate syntax.

+ +

If you follow the PKIX recommendations and just using one OID then you just include the value of that OID. Multiple OIDs can be set separated by commas, for example:

+ +
certificatePolicies= 1.2.4.5, 1.1.3.4
+ +

If you wish to include qualifiers then the policy OID and qualifiers need to be specified in a separate section: this is done by using the @section syntax instead of a literal OID value.

+ +

The section referred to must include the policy OID using the name policyIdentifier, cPSuri qualifiers can be included using the syntax:

+ +
CPS.nnn=value
+ +

userNotice qualifiers can be set using the syntax:

+ +
userNotice.nnn=@notice
+ +

The value of the userNotice qualifier is specified in the relevant section. This section can include explicitText, organization and noticeNumbers options. explicitText and organization are text strings, noticeNumbers is a comma separated list of numbers. The organization and noticeNumbers options (if included) must BOTH be present. If you use the userNotice option with IE5 then you need the 'ia5org' option at the top level to modify the encoding: otherwise it will not be interpreted properly.

+ +

Example:

+ +
certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
+
+[polsect]
+
+policyIdentifier = 1.3.5.8
+CPS.1="http://my.host.name/"
+CPS.2="http://my.your.name/"
+userNotice.1=@notice
+
+[notice]
+
+explicitText="Explicit Text Here"
+organization="Organisation Name"
+noticeNumbers=1,2,3,4
+ +

The ia5org option changes the type of the organization field. In RFC2459 it can only be of type DisplayText. In RFC3280 IA5String is also permissible. Some software (for example some versions of MSIE) may require ia5org.

+ +

ASN1 type of explicitText can be specified by prepending UTF8, BMP or VISIBLE prefix followed by colon. For example:

+ +
[notice]
+explicitText="UTF8:Explicit Text Here"
+ +

Policy Constraints

+ +

This is a multi-valued extension which consisting of the names requireExplicitPolicy or inhibitPolicyMapping and a non negative integer value. At least one component must be present.

+ +

Example:

+ +
policyConstraints = requireExplicitPolicy:3
+ +

Inhibit Any Policy

+ +

This is a string extension whose value must be a non negative integer.

+ +

Example:

+ +
inhibitAnyPolicy = 2
+ +

Name Constraints

+ +

The name constraints extension is a multi-valued extension. The name should begin with the word permitted or excluded followed by a ;. The rest of the name and the value follows the syntax of subjectAltName except email:copy is not supported and the IP form should consist of an IP addresses and subnet mask separated by a /.

+ +

Examples:

+ +
nameConstraints=permitted;IP:192.168.0.0/255.255.0.0
+
+nameConstraints=permitted;email:.somedomain.com
+
+nameConstraints=excluded;email:.com
+ +

OCSP No Check

+ +

The OCSP No Check extension is a string extension but its value is ignored.

+ +

Example:

+ +
noCheck = ignored
+ +

TLS Feature (aka Must Staple)

+ +

This is a multi-valued extension consisting of a list of TLS extension identifiers. Each identifier may be a number (0..65535) or a supported name. When a TLS client sends a listed extension, the TLS server is expected to include that extension in its reply.

+ +

The supported names are: status_request and status_request_v2.

+ +

Example:

+ +
tlsfeature = status_request
+ +

DEPRECATED EXTENSIONS

+ +

The following extensions are non standard, Netscape specific and largely obsolete. Their use in new applications is discouraged.

+ +

Netscape String extensions.

+ +

Netscape Comment (nsComment) is a string extension containing a comment which will be displayed when the certificate is viewed in some browsers.

+ +

Example:

+ +
nsComment = "Some Random Comment"
+ +

Other supported extensions in this category are: nsBaseUrl, nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl and nsSslServerName.

+ +

Netscape Certificate Type

+ +

This is a multi-valued extensions which consists of a list of flags to be included. It was used to indicate the purposes for which a certificate could be used. The basicConstraints, keyUsage and extended key usage extensions are now used instead.

+ +

Acceptable values for nsCertType are: client, server, email, objsign, reserved, sslCA, emailCA, objCA.

+ +

ARBITRARY EXTENSIONS

+ +

If an extension is not supported by the OpenSSL code then it must be encoded using the arbitrary extension format. It is also possible to use the arbitrary format for supported extensions. Extreme care should be taken to ensure that the data is formatted correctly for the given extension type.

+ +

There are two ways to encode arbitrary extensions.

+ +

The first way is to use the word ASN1 followed by the extension content using the same syntax as ASN1_generate_nconf(3). For example:

+ +
1.2.3.4=critical,ASN1:UTF8String:Some random data
+
+1.2.3.4=ASN1:SEQUENCE:seq_sect
+
+[seq_sect]
+
+field1 = UTF8:field1
+field2 = UTF8:field2
+ +

It is also possible to use the word DER to include the raw encoded data in any extension.

+ +
1.2.3.4=critical,DER:01:02:03:04
+1.2.3.4=DER:01020304
+ +

The value following DER is a hex dump of the DER encoding of the extension Any extension can be placed in this form to override the default behaviour. For example:

+ +
basicConstraints=critical,DER:00:01:02:03
+ +

WARNINGS

+ +

There is no guarantee that a specific implementation will process a given extension. It may therefore be sometimes possible to use certificates for purposes prohibited by their extensions because a specific application does not recognize or honour the values of the relevant extensions.

+ +

The DER and ASN1 options should be used with caution. It is possible to create totally invalid extensions if they are not used carefully.

+ +

NOTES

+ +

If an extension is multi-value and a field value must contain a comma the long form must be used otherwise the comma would be misinterpreted as a field separator. For example:

+ +
subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
+ +

will produce an error but the equivalent form:

+ +
subjectAltName=@subject_alt_section
+
+[subject_alt_section]
+subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
+ +

is valid.

+ +

Due to the behaviour of the OpenSSL conf library the same field name can only occur once in a section. This means that:

+ +
subjectAltName=@alt_section
+
+[alt_section]
+
+email=steve@here
+email=steve@there
+ +

will only recognize the last value. This can be worked around by using the form:

+ +
[alt_section]
+
+email.1=steve@here
+email.2=steve@there
+ +

SEE ALSO

+ +

req(1), ca(1), x509(1), ASN1_generate_nconf(3)

+ +

COPYRIGHT

+ +

Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/Ed25519.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/Ed25519.html new file mode 100644 index 00000000..0e250b02 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/Ed25519.html @@ -0,0 +1,84 @@ + + + + +Ed25519 + + + + + + + + + + +

NAME

+ +

Ed25519, Ed448 - EVP_PKEY Ed25519 and Ed448 support

+ +

DESCRIPTION

+ +

The Ed25519 and Ed448 EVP_PKEY implementation supports key generation, one-shot digest sign and digest verify using PureEdDSA and Ed25519 or Ed448 (see RFC8032). It has associated private and public key formats compatible with RFC 8410.

+ +

No additional parameters can be set during key generation, one-shot signing or verification. In particular, because PureEdDSA is used, a digest must NOT be specified when signing or verifying.

+ +

NOTES

+ +

The PureEdDSA algorithm does not support the streaming mechanism of other signature algorithms using, for example, EVP_DigestUpdate(). The message to sign or verify must be passed using the one-shot EVP_DigestSign() and EVP_DigestVerify() functions.

+ +

When calling EVP_DigestSignInit() or EVP_DigestVerifyInit(), the digest type parameter MUST be set to NULL.

+ +

Applications wishing to sign certificates (or other structures such as CRLs or certificate requests) using Ed25519 or Ed448 can either use X509_sign() or X509_sign_ctx() in the usual way.

+ +

A context for the Ed25519 algorithm can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
+ +

For the Ed448 algorithm a context can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED448, NULL);
+ +

Ed25519 or Ed448 private keys can be set directly using EVP_PKEY_new_raw_private_key(3) or loaded from a PKCS#8 private key file using PEM_read_bio_PrivateKey(3) (or similar function). Completely new keys can also be generated (see the example below). Setting a private key also sets the associated public key.

+ +

Ed25519 or Ed448 public keys can be set directly using EVP_PKEY_new_raw_public_key(3) or loaded from a SubjectPublicKeyInfo structure in a PEM file using PEM_read_bio_PUBKEY(3) (or similar function).

+ +

Ed25519 and Ed448 can be tested within speed(1) application since version 1.1.1. Valid algorithm names are ed25519, ed448 and eddsa. If eddsa is specified, then both Ed25519 and Ed448 are benchmarked.

+ +

EXAMPLES

+ +

This example generates an ED25519 private key and writes it to standard output in PEM format:

+ +
#include <openssl/evp.h>
+#include <openssl/pem.h>
+...
+EVP_PKEY *pkey = NULL;
+EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
+EVP_PKEY_keygen_init(pctx);
+EVP_PKEY_keygen(pctx, &pkey);
+EVP_PKEY_CTX_free(pctx);
+PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_keygen(3), EVP_DigestSignInit(3), EVP_DigestVerifyInit(3),

+ +

COPYRIGHT

+ +

Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/RAND.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/RAND.html new file mode 100644 index 00000000..ab3d565c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/RAND.html @@ -0,0 +1,64 @@ + + + + +RAND + + + + + + + + + + +

NAME

+ +

RAND - the OpenSSL random generator

+ +

DESCRIPTION

+ +

Random numbers are a vital part of cryptography, they are needed to provide unpredictability for tasks like key generation, creating salts, and many more. Software-based generators must be seeded with external randomness before they can be used as a cryptographically-secure pseudo-random number generator (CSPRNG). The availability of common hardware with special instructions and modern operating systems, which may use items such as interrupt jitter and network packet timings, can be reasonable sources of seeding material.

+ +

OpenSSL comes with a default implementation of the RAND API which is based on the deterministic random bit generator (DRBG) model as described in [NIST SP 800-90A Rev. 1]. The default random generator will initialize automatically on first use and will be fully functional without having to be initialized ('seeded') explicitly. It seeds and reseeds itself automatically using trusted random sources provided by the operating system.

+ +

As a normal application developer, you do not have to worry about any details, just use RAND_bytes(3) to obtain random data. Having said that, there is one important rule to obey: Always check the error return value of RAND_bytes(3) and do not take randomness for granted. Although (re-)seeding is automatic, it can fail because no trusted random source is available or the trusted source(s) temporarily fail to provide sufficient random seed material. In this case the CSPRNG enters an error state and ceases to provide output, until it is able to recover from the error by reseeding itself. For more details on reseeding and error recovery, see RAND_DRBG(7).

+ +

For values that should remain secret, you can use RAND_priv_bytes(3) instead. This method does not provide 'better' randomness, it uses the same type of CSPRNG. The intention behind using a dedicated CSPRNG exclusively for private values is that none of its output should be visible to an attacker (e.g., used as salt value), in order to reveal as little information as possible about its internal state, and that a compromise of the "public" CSPRNG instance will not affect the secrecy of these private values.

+ +

In the rare case where the default implementation does not satisfy your special requirements, there are two options:

+ +
    + +
  • Replace the default RAND method by your own RAND method using RAND_set_rand_method(3).

    + +
  • +
  • Modify the default settings of the OpenSSL RAND method by modifying the security parameters of the underlying DRBG, which is described in detail in RAND_DRBG(7).

    + +
  • +
+ +

Changing the default random generator or its default parameters should be necessary only in exceptional cases and is not recommended, unless you have a profound knowledge of cryptographic principles and understand the implications of your changes.

+ +

SEE ALSO

+ +

RAND_add(3), RAND_bytes(3), RAND_priv_bytes(3), RAND_get_rand_method(3), RAND_set_rand_method(3), RAND_OpenSSL(3), RAND_DRBG(7)

+ +

COPYRIGHT

+ +

Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/RAND_DRBG.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/RAND_DRBG.html new file mode 100644 index 00000000..3913eeda --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/RAND_DRBG.html @@ -0,0 +1,224 @@ + + + + +RAND_DRBG + + + + + + + + + + +

NAME

+ +

RAND_DRBG - the deterministic random bit generator

+ +

SYNOPSIS

+ +
#include <openssl/rand_drbg.h>
+ +

DESCRIPTION

+ +

The default OpenSSL RAND method is based on the RAND_DRBG class, which implements a deterministic random bit generator (DRBG). A DRBG is a certain type of cryptographically-secure pseudo-random number generator (CSPRNG), which is described in [NIST SP 800-90A Rev. 1].

+ +

While the RAND API is the 'frontend' which is intended to be used by application developers for obtaining random bytes, the RAND_DRBG API serves as the 'backend', connecting the former with the operating systems's entropy sources and providing access to the DRBG's configuration parameters.

+ +

Disclaimer

+ +

Unless you have very specific requirements for your random generator, it is in general not necessary to utilize the RAND_DRBG API directly. The usual way to obtain random bytes is to use RAND_bytes(3) or RAND_priv_bytes(3), see also RAND(7).

+ +

Typical Use Cases

+ +

Typical examples for such special use cases are the following:

+ +
    + +
  • You want to use your own private DRBG instances. Multiple DRBG instances which are accessed only by a single thread provide additional security (because their internal states are independent) and better scalability in multithreaded applications (because they don't need to be locked).

    + +
  • +
  • You need to integrate a previously unsupported entropy source.

    + +
  • +
  • You need to change the default settings of the standard OpenSSL RAND implementation to meet specific requirements.

    + +
  • +
+ +

CHAINING

+ +

A DRBG instance can be used as the entropy source of another DRBG instance, provided it has itself access to a valid entropy source. The DRBG instance which acts as entropy source is called the parent DRBG, the other instance the child DRBG.

+ +

This is called chaining. A chained DRBG instance is created by passing a pointer to the parent DRBG as argument to the RAND_DRBG_new() call. It is possible to create chains of more than two DRBG in a row.

+ +

THE THREE SHARED DRBG INSTANCES

+ +

Currently, there are three shared DRBG instances, the <master>, <public>, and <private> DRBG. While the <master> DRBG is a single global instance, the <public> and <private> DRBG are created per thread and accessed through thread-local storage.

+ +

By default, the functions RAND_bytes(3) and RAND_priv_bytes(3) use the thread-local <public> and <private> DRBG instance, respectively.

+ +

The <master> DRBG instance

+ +

The <master> DRBG is not used directly by the application, only for reseeding the two other two DRBG instances. It reseeds itself by obtaining randomness either from os entropy sources or by consuming randomness which was added previously by RAND_add(3).

+ +

The <public> DRBG instance

+ +

This instance is used per default by RAND_bytes(3).

+ +

The <private> DRBG instance

+ +

This instance is used per default by RAND_priv_bytes(3)

+ +

LOCKING

+ +

The <master> DRBG is intended to be accessed concurrently for reseeding by its child DRBG instances. The necessary locking is done internally. It is not thread-safe to access the <master> DRBG directly via the RAND_DRBG interface. The <public> and <private> DRBG are thread-local, i.e. there is an instance of each per thread. So they can safely be accessed without locking via the RAND_DRBG interface.

+ +

Pointers to these DRBG instances can be obtained using RAND_DRBG_get0_master(), RAND_DRBG_get0_public(), and RAND_DRBG_get0_private(), respectively. Note that it is not allowed to store a pointer to one of the thread-local DRBG instances in a variable or other memory location where it will be accessed and used by multiple threads.

+ +

All other DRBG instances created by an application don't support locking, because they are intended to be used by a single thread. Instead of accessing a single DRBG instance concurrently from different threads, it is recommended to instantiate a separate DRBG instance per thread. Using the <master> DRBG as entropy source for multiple DRBG instances on different threads is thread-safe, because the DRBG instance will lock the <master> DRBG automatically for obtaining random input.

+ +

THE OVERALL PICTURE

+ +

The following picture gives an overview over how the DRBG instances work together and are being used.

+ +
           +--------------------+
+           | os entropy sources |
+           +--------------------+
+                    |
+                    v           +-----------------------------+
+  RAND_add() ==> <master>     <-| shared DRBG (with locking)  |
+                  /   \         +-----------------------------+
+                 /     \              +---------------------------+
+          <public>     <private>   <- | per-thread DRBG instances |
+             |             |          +---------------------------+
+             v             v
+           RAND_bytes()   RAND_priv_bytes()
+                |               ^
+                |               |
++------------------+      +------------------------------------+
+| general purpose  |      | used for secrets like session keys |
+| random generator |      | and private keys for certificates  |
++------------------+      +------------------------------------+
+ +

The usual way to obtain random bytes is to call RAND_bytes(...) or RAND_priv_bytes(...). These calls are roughly equivalent to calling RAND_DRBG_bytes(<public>, ...) and RAND_DRBG_bytes(<private>, ...), respectively. The method RAND_DRBG_bytes(3) is a convenience method wrapping the RAND_DRBG_generate(3) function, which serves the actual request for random data.

+ +

RESEEDING

+ +

A DRBG instance seeds itself automatically, pulling random input from its entropy source. The entropy source can be either a trusted operating system entropy source, or another DRBG with access to such a source.

+ +

Automatic reseeding occurs after a predefined number of generate requests. The selection of the trusted entropy sources is configured at build time using the --with-rand-seed option. The following sections explain the reseeding process in more detail.

+ +

Automatic Reseeding

+ +

Before satisfying a generate request (RAND_DRBG_generate(3)), the DRBG reseeds itself automatically, if one of the following conditions holds:

+ +

- the DRBG was not instantiated (=seeded) yet or has been uninstantiated.

+ +

- the number of generate requests since the last reseeding exceeds a certain threshold, the so called reseed_interval. This behaviour can be disabled by setting the reseed_interval to 0.

+ +

- the time elapsed since the last reseeding exceeds a certain time interval, the so called reseed_time_interval. This can be disabled by setting the reseed_time_interval to 0.

+ +

- the DRBG is in an error state.

+ +

Note: An error state is entered if the entropy source fails while the DRBG is seeding or reseeding. The last case ensures that the DRBG automatically recovers from the error as soon as the entropy source is available again.

+ +

Manual Reseeding

+ +

In addition to automatic reseeding, the caller can request an immediate reseeding of the DRBG with fresh entropy by setting the prediction resistance parameter to 1 when calling RAND_DRBG_generate(3).

+ +

The document [NIST SP 800-90C] describes prediction resistance requests in detail and imposes strict conditions on the entropy sources that are approved for providing prediction resistance. Since the default DRBG implementation does not have access to such an approved entropy source, a request for prediction resistance will currently always fail. In other words, prediction resistance is currently not supported yet by the DRBG.

+ +

For the three shared DRBGs (and only for these) there is another way to reseed them manually: If RAND_add(3) is called with a positive randomness argument (or RAND_seed(3)), then this will immediately reseed the <master> DRBG. The <public> and <private> DRBG will detect this on their next generate call and reseed, pulling randomness from <master>.

+ +

The last feature has been added to support the common practice used with previous OpenSSL versions to call RAND_add() before calling RAND_bytes().

+ +

Entropy Input vs. Additional Data

+ +

The DRBG distinguishes two different types of random input: entropy, which comes from a trusted source, and additional input', which can optionally be added by the user and is considered untrusted. It is possible to add additional input not only during reseeding, but also for every generate request. This is in fact done automatically by RAND_DRBG_bytes(3).

+ +

Configuring the Random Seed Source

+ +

In most cases OpenSSL will automatically choose a suitable seed source for automatically seeding and reseeding its <master> DRBG. In some cases however, it will be necessary to explicitly specify a seed source during configuration, using the --with-rand-seed option. For more information, see the INSTALL instructions. There are also operating systems where no seed source is available and automatic reseeding is disabled by default.

+ +

The following two sections describe the reseeding process of the master DRBG, depending on whether automatic reseeding is available or not.

+ +

Reseeding the master DRBG with automatic seeding enabled

+ +

Calling RAND_poll() or RAND_add() is not necessary, because the DRBG pulls the necessary entropy from its source automatically. However, both calls are permitted, and do reseed the RNG.

+ +

RAND_add() can be used to add both kinds of random input, depending on the value of the randomness argument:

+ +
+ +
randomness == 0:
+
+ +

The random bytes are mixed as additional input into the current state of the DRBG. Mixing in additional input is not considered a full reseeding, hence the reseed counter is not reset.

+ +
+
randomness > 0:
+
+ +

The random bytes are used as entropy input for a full reseeding (resp. reinstantiation) if the DRBG is instantiated (resp. uninstantiated or in an error state). The number of random bits required for reseeding is determined by the security strength of the DRBG. Currently it defaults to 256 bits (32 bytes). It is possible to provide less randomness than required. In this case the missing randomness will be obtained by pulling random input from the trusted entropy sources.

+ +
+
+ +

Reseeding the master DRBG with automatic seeding disabled

+ +

Calling RAND_poll() will always fail.

+ +

RAND_add() needs to be called for initial seeding and periodic reseeding. At least 48 bytes (384 bits) of randomness have to be provided, otherwise the (re-)seeding of the DRBG will fail. This corresponds to one and a half times the security strength of the DRBG. The extra half is used for the nonce during instantiation.

+ +

More precisely, the number of bytes needed for seeding depend on the security strength of the DRBG, which is set to 256 by default.

+ +

SEE ALSO

+ +

RAND_DRBG_bytes(3), RAND_DRBG_generate(3), RAND_DRBG_reseed(3), RAND_DRBG_get0_master(3), RAND_DRBG_get0_public(3), RAND_DRBG_get0_private(3), RAND_DRBG_set_reseed_interval(3), RAND_DRBG_set_reseed_time_interval(3), RAND_DRBG_set_reseed_defaults(3), RAND(7),

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/RSA-PSS.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/RSA-PSS.html new file mode 100644 index 00000000..965066d0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/RSA-PSS.html @@ -0,0 +1,73 @@ + + + + +RSA-PSS + + + + + + + + + + +

NAME

+ +

RSA-PSS - EVP_PKEY RSA-PSS algorithm support

+ +

DESCRIPTION

+ +

The RSA-PSS EVP_PKEY implementation is a restricted version of the RSA algorithm which only supports signing, verification and key generation using PSS padding modes with optional parameter restrictions.

+ +

It has associated private key and public key formats.

+ +

This algorithm shares several control operations with the RSA algorithm but with some restrictions described below.

+ +

Signing and Verification

+ +

Signing and verification is similar to the RSA algorithm except the padding mode is always PSS. If the key in use has parameter restrictions then the corresponding signature parameters are set to the restrictions: for example, if the key can only be used with digest SHA256, MGF1 SHA256 and minimum salt length 32 then the digest, MGF1 digest and salt length will be set to SHA256, SHA256 and 32 respectively.

+ +

Key Generation

+ +

By default no parameter restrictions are placed on the generated key.

+ +

NOTES

+ +

The public key format is documented in RFC4055.

+ +

The PKCS#8 private key format used for RSA-PSS keys is similar to the RSA format except it uses the id-RSASSA-PSS OID and the parameters field, if present, restricts the key parameters in the same way as the public key.

+ +

CONFORMING TO

+ +

RFC 4055

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_set_rsa_pss_keygen_md(3), EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(3), EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(3), EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/SM2.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/SM2.html new file mode 100644 index 00000000..1e379807 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/SM2.html @@ -0,0 +1,84 @@ + + + + +SM2 + + + + + + + + + + +

NAME

+ +

SM2 - Chinese SM2 signature and encryption algorithm support

+ +

DESCRIPTION

+ +

The SM2 algorithm was first defined by the Chinese national standard GM/T 0003-2012 and was later standardized by ISO as ISO/IEC 14888. SM2 is actually an elliptic curve based algorithm. The current implementation in OpenSSL supports both signature and encryption schemes via the EVP interface.

+ +

When doing the SM2 signature algorithm, it requires a distinguishing identifier to form the message prefix which is hashed before the real message is hashed.

+ +

NOTES

+ +

SM2 signatures can be generated by using the 'DigestSign' series of APIs, for instance, EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal(). Ditto for the verification process by calling the 'DigestVerify' series of APIs.

+ +

There are several special steps that need to be done before computing an SM2 signature.

+ +

The EVP_PKEY structure will default to using ECDSA for signatures when it is created. It should be set to EVP_PKEY_SM2 by calling:

+ +
EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
+ +

Then an ID should be set by calling:

+ +
EVP_PKEY_CTX_set1_id(pctx, id, id_len);
+ +

When calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, a pre-allocated EVP_PKEY_CTX should be assigned to the EVP_MD_CTX. This is done by calling:

+ +
EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
+ +

And normally there is no need to pass a pctx parameter to EVP_DigestSignInit() or EVP_DigestVerifyInit() in such a scenario.

+ +

EXAMPLES

+ +

This example demonstrates the calling sequence for using an EVP_PKEY to verify a message with the SM2 signature algorithm and the SM3 hash algorithm:

+ +
#include <openssl/evp.h>
+
+/* obtain an EVP_PKEY using whatever methods... */
+EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
+mctx = EVP_MD_CTX_new();
+pctx = EVP_PKEY_CTX_new(pkey, NULL);
+EVP_PKEY_CTX_set1_id(pctx, id, id_len);
+EVP_MD_CTX_set_pkey_ctx(mctx, pctx);;
+EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey);
+EVP_DigestVerifyUpdate(mctx, msg, msg_len);
+EVP_DigestVerifyFinal(mctx, sig, sig_len)
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_set_alias_type(3), EVP_DigestSignInit(3), EVP_DigestVerifyInit(3), EVP_PKEY_CTX_set1_id(3), EVP_MD_CTX_set_pkey_ctx(3)

+ +

COPYRIGHT

+ +

Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/X25519.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/X25519.html new file mode 100644 index 00000000..8429f416 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/X25519.html @@ -0,0 +1,80 @@ + + + + +X25519 + + + + + + + + + + +

NAME

+ +

X25519, X448 - EVP_PKEY X25519 and X448 support

+ +

DESCRIPTION

+ +

The X25519 and X448 EVP_PKEY implementation supports key generation and key derivation using X25519 and X448. It has associated private and public key formats compatible with RFC 8410.

+ +

No additional parameters can be set during key generation.

+ +

The peer public key must be set using EVP_PKEY_derive_set_peer() when performing key derivation.

+ +

NOTES

+ +

A context for the X25519 algorithm can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL);
+ +

For the X448 algorithm a context can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL);
+ +

X25519 or X448 private keys can be set directly using EVP_PKEY_new_raw_private_key(3) or loaded from a PKCS#8 private key file using PEM_read_bio_PrivateKey(3) (or similar function). Completely new keys can also be generated (see the example below). Setting a private key also sets the associated public key.

+ +

X25519 or X448 public keys can be set directly using EVP_PKEY_new_raw_public_key(3) or loaded from a SubjectPublicKeyInfo structure in a PEM file using PEM_read_bio_PUBKEY(3) (or similar function).

+ +

EXAMPLES

+ +

This example generates an X25519 private key and writes it to standard output in PEM format:

+ +
#include <openssl/evp.h>
+#include <openssl/pem.h>
+...
+EVP_PKEY *pkey = NULL;
+EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL);
+EVP_PKEY_keygen_init(pctx);
+EVP_PKEY_keygen(pctx, &pkey);
+EVP_PKEY_CTX_free(pctx);
+PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
+ +

The key derivation example in EVP_PKEY_derive(3) can be used with X25519 and X448.

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_keygen(3), EVP_PKEY_derive(3), EVP_PKEY_derive_set_peer(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/bio.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/bio.html new file mode 100644 index 00000000..b62f6e6c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/bio.html @@ -0,0 +1,72 @@ + + + + +bio + + + + + + + + + + +

NAME

+ +

bio - Basic I/O abstraction

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+ +

DESCRIPTION

+ +

A BIO is an I/O abstraction, it hides many of the underlying I/O details from an application. If an application uses a BIO for its I/O it can transparently handle SSL connections, unencrypted network connections and file I/O.

+ +

There are two type of BIO, a source/sink BIO and a filter BIO.

+ +

As its name implies a source/sink BIO is a source and/or sink of data, examples include a socket BIO and a file BIO.

+ +

A filter BIO takes data from one BIO and passes it through to another, or the application. The data may be left unmodified (for example a message digest BIO) or translated (for example an encryption BIO). The effect of a filter BIO may change according to the I/O operation it is performing: for example an encryption BIO will encrypt data if it is being written to and decrypt data if it is being read from.

+ +

BIOs can be joined together to form a chain (a single BIO is a chain with one component). A chain normally consist of one source/sink BIO and one or more filter BIOs. Data read from or written to the first BIO then traverses the chain to the end (normally a source/sink BIO).

+ +

Some BIOs (such as memory BIOs) can be used immediately after calling BIO_new(). Others (such as file BIOs) need some additional initialization, and frequently a utility function exists to create and initialize such BIOs.

+ +

If BIO_free() is called on a BIO chain it will only free one BIO resulting in a memory leak.

+ +

Calling BIO_free_all() on a single BIO has the same effect as calling BIO_free() on it other than the discarded return value.

+ +

Normally the type argument is supplied by a function which returns a pointer to a BIO_METHOD. There is a naming convention for such functions: a source/sink BIO is normally called BIO_s_*() and a filter BIO BIO_f_*();

+ +

EXAMPLES

+ +

Create a memory BIO:

+ +
BIO *mem = BIO_new(BIO_s_mem());
+ +

SEE ALSO

+ +

BIO_ctrl(3), BIO_f_base64(3), BIO_f_buffer(3), BIO_f_cipher(3), BIO_f_md(3), BIO_f_null(3), BIO_f_ssl(3), BIO_find_type(3), BIO_new(3), BIO_new_bio_pair(3), BIO_push(3), BIO_read_ex(3), BIO_s_accept(3), BIO_s_bio(3), BIO_s_connect(3), BIO_s_fd(3), BIO_s_file(3), BIO_s_mem(3), BIO_s_null(3), BIO_s_socket(3), BIO_set_callback(3), BIO_should_retry(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/crypto.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/crypto.html new file mode 100644 index 00000000..6d7368f8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/crypto.html @@ -0,0 +1,70 @@ + + + + +crypto + + + + + + + + + + +

NAME

+ +

crypto - OpenSSL cryptographic library

+ +

SYNOPSIS

+ +

See the individual manual pages for details.

+ +

DESCRIPTION

+ +

The OpenSSL crypto library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of SSL, TLS and S/MIME, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards.

+ +

libcrypto consists of a number of sub-libraries that implement the individual algorithms.

+ +

The functionality includes symmetric encryption, public key cryptography and key agreement, certificate handling, cryptographic hash functions, cryptographic pseudo-random number generator, and various utilities.

+ +

NOTES

+ +

Some of the newer functions follow a naming convention using the numbers 0 and 1. For example the functions:

+ +
int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj);
+ +

The 0 version uses the supplied structure pointer directly in the parent and it will be freed up when the parent is freed. In the above example crl would be freed but rev would not.

+ +

The 1 function uses a copy of the supplied structure pointer (or in some cases increases its link count) in the parent and so both (x and obj above) should be freed up.

+ +

RETURN VALUES

+ +

See the individual manual pages for details.

+ +

SEE ALSO

+ +

openssl(1), ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/ct.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/ct.html new file mode 100644 index 00000000..2f0c5cd7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/ct.html @@ -0,0 +1,58 @@ + + + + +ct + + + + + + + + + + +

NAME

+ +

ct - Certificate Transparency

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+ +

DESCRIPTION

+ +

This library implements Certificate Transparency (CT) verification for TLS clients, as defined in RFC 6962. This verification can provide some confidence that a certificate has been publicly logged in a set of CT logs.

+ +

By default, these checks are disabled. They can be enabled using SSL_CTX_enable_ct(3) or SSL_enable_ct(3).

+ +

This library can also be used to parse and examine CT data structures, such as Signed Certificate Timestamps (SCTs), or to read a list of CT logs. There are functions for: - decoding and encoding SCTs in DER and TLS wire format. - printing SCTs. - verifying the authenticity of SCTs. - loading a CT log list from a CONF file.

+ +

SEE ALSO

+ +

d2i_SCT_LIST(3), CTLOG_STORE_new(3), CTLOG_STORE_get0_log_by_id(3), SCT_new(3), SCT_print(3), SCT_validate(3), SCT_validate(3), CT_POLICY_EVAL_CTX_new(3), SSL_CTX_set_ct_validation_callback(3)

+ +

HISTORY

+ +

The ct library was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/des_modes.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/des_modes.html new file mode 100644 index 00000000..5a9f6463 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/des_modes.html @@ -0,0 +1,214 @@ + + + + +des_modes + + + + + + + + + + +

NAME

+ +

des_modes - the variants of DES and other crypto algorithms of OpenSSL

+ +

DESCRIPTION

+ +

Several crypto algorithms for OpenSSL can be used in a number of modes. Those are used for using block ciphers in a way similar to stream ciphers, among other things.

+ +

OVERVIEW

+ +

Electronic Codebook Mode (ECB)

+ +

Normally, this is found as the function algorithm_ecb_encrypt().

+ +
    + +
  • 64 bits are enciphered at a time.

    + +
  • +
  • The order of the blocks can be rearranged without detection.

    + +
  • +
  • The same plaintext block always produces the same ciphertext block (for the same key) making it vulnerable to a 'dictionary attack'.

    + +
  • +
  • An error will only affect one ciphertext block.

    + +
  • +
+ +

Cipher Block Chaining Mode (CBC)

+ +

Normally, this is found as the function algorithm_cbc_encrypt(). Be aware that des_cbc_encrypt() is not really DES CBC (it does not update the IV); use des_ncbc_encrypt() instead.

+ +
    + +
  • a multiple of 64 bits are enciphered at a time.

    + +
  • +
  • The CBC mode produces the same ciphertext whenever the same plaintext is encrypted using the same key and starting variable.

    + +
  • +
  • The chaining operation makes the ciphertext blocks dependent on the current and all preceding plaintext blocks and therefore blocks can not be rearranged.

    + +
  • +
  • The use of different starting variables prevents the same plaintext enciphering to the same ciphertext.

    + +
  • +
  • An error will affect the current and the following ciphertext blocks.

    + +
  • +
+ +

Cipher Feedback Mode (CFB)

+ +

Normally, this is found as the function algorithm_cfb_encrypt().

+ +
    + +
  • a number of bits (j) <= 64 are enciphered at a time.

    + +
  • +
  • The CFB mode produces the same ciphertext whenever the same plaintext is encrypted using the same key and starting variable.

    + +
  • +
  • The chaining operation makes the ciphertext variables dependent on the current and all preceding variables and therefore j-bit variables are chained together and can not be rearranged.

    + +
  • +
  • The use of different starting variables prevents the same plaintext enciphering to the same ciphertext.

    + +
  • +
  • The strength of the CFB mode depends on the size of k (maximal if j == k). In my implementation this is always the case.

    + +
  • +
  • Selection of a small value for j will require more cycles through the encipherment algorithm per unit of plaintext and thus cause greater processing overheads.

    + +
  • +
  • Only multiples of j bits can be enciphered.

    + +
  • +
  • An error will affect the current and the following ciphertext variables.

    + +
  • +
+ +

Output Feedback Mode (OFB)

+ +

Normally, this is found as the function algorithm_ofb_encrypt().

+ +
    + +
  • a number of bits (j) <= 64 are enciphered at a time.

    + +
  • +
  • The OFB mode produces the same ciphertext whenever the same plaintext enciphered using the same key and starting variable. More over, in the OFB mode the same key stream is produced when the same key and start variable are used. Consequently, for security reasons a specific start variable should be used only once for a given key.

    + +
  • +
  • The absence of chaining makes the OFB more vulnerable to specific attacks.

    + +
  • +
  • The use of different start variables values prevents the same plaintext enciphering to the same ciphertext, by producing different key streams.

    + +
  • +
  • Selection of a small value for j will require more cycles through the encipherment algorithm per unit of plaintext and thus cause greater processing overheads.

    + +
  • +
  • Only multiples of j bits can be enciphered.

    + +
  • +
  • OFB mode of operation does not extend ciphertext errors in the resultant plaintext output. Every bit error in the ciphertext causes only one bit to be in error in the deciphered plaintext.

    + +
  • +
  • OFB mode is not self-synchronizing. If the two operation of encipherment and decipherment get out of synchronism, the system needs to be re-initialized.

    + +
  • +
  • Each re-initialization should use a value of the start variable different from the start variable values used before with the same key. The reason for this is that an identical bit stream would be produced each time from the same parameters. This would be susceptible to a 'known plaintext' attack.

    + +
  • +
+ +

Triple ECB Mode

+ +

Normally, this is found as the function algorithm_ecb3_encrypt().

+ +
    + +
  • Encrypt with key1, decrypt with key2 and encrypt with key3 again.

    + +
  • +
  • As for ECB encryption but increases the key length to 168 bits. There are theoretic attacks that can be used that make the effective key length 112 bits, but this attack also requires 2^56 blocks of memory, not very likely, even for the NSA.

    + +
  • +
  • If both keys are the same it is equivalent to encrypting once with just one key.

    + +
  • +
  • If the first and last key are the same, the key length is 112 bits. There are attacks that could reduce the effective key strength to only slightly more than 56 bits, but these require a lot of memory.

    + +
  • +
  • If all 3 keys are the same, this is effectively the same as normal ecb mode.

    + +
  • +
+ +

Triple CBC Mode

+ +

Normally, this is found as the function algorithm_ede3_cbc_encrypt().

+ +
    + +
  • Encrypt with key1, decrypt with key2 and then encrypt with key3.

    + +
  • +
  • As for CBC encryption but increases the key length to 168 bits with the same restrictions as for triple ecb mode.

    + +
  • +
+ +

NOTES

+ +

This text was been written in large parts by Eric Young in his original documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed it to:

+ +
AS 2805.5.2
+Australian Standard
+Electronic funds transfer - Requirements for interfaces,
+Part 5.2: Modes of operation for an n-bit block cipher algorithm
+Appendix A
+ +

SEE ALSO

+ +

BF_encrypt(3), DES_crypt(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/evp.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/evp.html new file mode 100644 index 00000000..845874ce --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/evp.html @@ -0,0 +1,83 @@ + + + + +evp + + + + + + + + + + +

NAME

+ +

evp - high-level cryptographic functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+ +

DESCRIPTION

+ +

The EVP library provides a high-level interface to cryptographic functions.

+ +

The EVP_SealXXX and EVP_OpenXXX functions provide public key encryption and decryption to implement digital "envelopes".

+ +

The EVP_DigestSignXXX and EVP_DigestVerifyXXX functions implement digital signatures and Message Authentication Codes (MACs). Also see the older EVP_SignXXX and EVP_VerifyXXX functions.

+ +

Symmetric encryption is available with the EVP_EncryptXXX functions. The EVP_DigestXXX functions provide message digests.

+ +

The EVP_PKEYXXX functions provide a high level interface to asymmetric algorithms. To create a new EVP_PKEY see EVP_PKEY_new(3). EVP_PKEYs can be associated with a private key of a particular algorithm by using the functions described on the EVP_PKEY_set1_RSA(3) page, or new keys can be generated using EVP_PKEY_keygen(3). EVP_PKEYs can be compared using EVP_PKEY_cmp(3), or printed using EVP_PKEY_print_private(3).

+ +

The EVP_PKEY functions support the full range of asymmetric algorithm operations:

+ +
+ +
For key agreement see EVP_PKEY_derive(3)
+
+ +
+
For signing and verifying see EVP_PKEY_sign(3), EVP_PKEY_verify(3) and EVP_PKEY_verify_recover(3). However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the EVP_DigestSignInit(3) functions for this purpose.
+
+ +
+
For encryption and decryption see EVP_PKEY_encrypt(3) and EVP_PKEY_decrypt(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a "digital envelope" using the EVP_SealInit(3) and EVP_OpenInit(3) functions.
+
+ +
+
+ +

The EVP_BytesToKey(3) function provides some limited support for password based encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible implementation. However, new applications should not typically use this (preferring, for example, PBKDF2 from PCKS#5).

+ +

The EVP_EncodeXXX and EVP_DecodeXXX functions implement base 64 encoding and decoding.

+ +

All the symmetric algorithms (ciphers), digests and asymmetric algorithms (public key algorithms) can be replaced by ENGINE modules providing alternative implementations. If ENGINE implementations of ciphers or digests are registered as defaults, then the various EVP functions will automatically use those implementations automatically in preference to built in software implementations. For more information, consult the engine(3) man page.

+ +

Although low level algorithm specific functions exist for many algorithms their use is discouraged. They cannot be used with an ENGINE and ENGINE versions of new algorithms cannot be accessed using the low level functions. Also makes code harder to adapt to new algorithms and some options are not cleanly supported at the low level and some operations are more efficient using the high level interface.

+ +

SEE ALSO

+ +

EVP_DigestInit(3), EVP_EncryptInit(3), EVP_OpenInit(3), EVP_SealInit(3), EVP_DigestSignInit(3), EVP_SignInit(3), EVP_VerifyInit(3), EVP_EncodeInit(3), EVP_PKEY_new(3), EVP_PKEY_set1_RSA(3), EVP_PKEY_keygen(3), EVP_PKEY_print_private(3), EVP_PKEY_decrypt(3), EVP_PKEY_encrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3), EVP_PKEY_derive(3), EVP_BytesToKey(3), ENGINE_by_id(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/ossl_store-file.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/ossl_store-file.html new file mode 100644 index 00000000..90cec832 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/ossl_store-file.html @@ -0,0 +1,60 @@ + + + + +ossl_store-file + + + + + + + + + + +

NAME

+ +

ossl_store-file - The store 'file' scheme loader

+ +

SYNOPSIS

+ +

#include <openssl/store.h>

+ +

DESCRIPTION

+ +

Support for the 'file' scheme is built into libcrypto. Since files come in all kinds of formats and content types, the 'file' scheme has its own layer of functionality called "file handlers", which are used to try to decode diverse types of file contents.

+ +

In case a file is formatted as PEM, each called file handler receives the PEM name (everything following any '-----BEGIN ') as well as possible PEM headers, together with the decoded PEM body. Since PEM formatted files can contain more than one object, the file handlers are called upon for each such object.

+ +

If the file isn't determined to be formatted as PEM, the content is loaded in raw form in its entirety and passed to the available file handlers as is, with no PEM name or headers.

+ +

Each file handler is expected to handle PEM and non-PEM content as appropriate. Some may refuse non-PEM content for the sake of determinism (for example, there are keys out in the wild that are represented as an ASN.1 OCTET STRING. In raw form, it's not easily possible to distinguish those from any other data coming as an ASN.1 OCTET STRING, so such keys would naturally be accepted as PEM files only).

+ +

NOTES

+ +

When needed, the 'file' scheme loader will require a pass phrase by using the UI_METHOD that was passed via OSSL_STORE_open(). This pass phrase is expected to be UTF-8 encoded, anything else will give an undefined result. The files made accessible through this loader are expected to be standard compliant with regards to pass phrase encoding. Files that aren't should be re-generated with a correctly encoded pass phrase. See passphrase-encoding(7) for more information.

+ +

SEE ALSO

+ +

ossl_store(7), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/ossl_store.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/ossl_store.html new file mode 100644 index 00000000..92bdfb2e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/ossl_store.html @@ -0,0 +1,105 @@ + + + + +ossl_store + + + + + + + + + + +

NAME

+ +

ossl_store - Store retrieval functions

+ +

SYNOPSIS

+ +

#include <openssl/store.h>

+ +

DESCRIPTION

+ +

General

+ +

A STORE is a layer of functionality to retrieve a number of supported objects from a repository of any kind, addressable as a file name or as a URI.

+ +

The functionality supports the pattern "open a channel to the repository", "loop and retrieve one object at a time", and "finish up by closing the channel".

+ +

The retrieved objects are returned as a wrapper type OSSL_STORE_INFO, from which an OpenSSL type can be retrieved.

+ +

URI schemes and loaders

+ +

Support for a URI scheme is called a STORE "loader", and can be added dynamically from the calling application or from a loadable engine.

+ +

Support for the 'file' scheme is built into libcrypto. See ossl_store-file(7) for more information.

+ +

UI_METHOD and pass phrases

+ +

The OSS_STORE API does nothing to enforce any specific format or encoding on the pass phrase that the UI_METHOD provides. However, the pass phrase is expected to be UTF-8 encoded. The result of any other encoding is undefined.

+ +

EXAMPLES

+ +

A generic call

+ +
OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem");
+
+/*
+ * OSSL_STORE_eof() simulates file semantics for any repository to signal
+ * that no more data can be expected
+ */
+while (!OSSL_STORE_eof(ctx)) {
+    OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
+
+    /*
+     * Do whatever is necessary with the OSSL_STORE_INFO,
+     * here just one example
+     */
+    switch (OSSL_STORE_INFO_get_type(info)) {
+    case OSSL_STORE_INFO_X509:
+        /* Print the X.509 certificate text */
+        X509_print_fp(stdout, OSSL_STORE_INFO_get0_CERT(info));
+        /* Print the X.509 certificate PEM output */
+        PEM_write_X509(stdout, OSSL_STORE_INFO_get0_CERT(info));
+        break;
+    }
+}
+
+OSSL_STORE_close(ctx);
+ +

SEE ALSO

+ +

OSSL_STORE_INFO(3), OSSL_STORE_LOADER(3), OSSL_STORE_open(3), OSSL_STORE_expect(3), OSSL_STORE_SEARCH(3)

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/passphrase-encoding.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/passphrase-encoding.html new file mode 100644 index 00000000..ecb16660 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/passphrase-encoding.html @@ -0,0 +1,124 @@ + + + + +passphrase-encoding + + + + + + + + + + +

NAME

+ +

passphrase-encoding - How diverse parts of OpenSSL treat pass phrases character encoding

+ +

DESCRIPTION

+ +

In a modern world with all sorts of character encodings, the treatment of pass phrases has become increasingly complex. This manual page attempts to give an overview over how this problem is currently addressed in different parts of the OpenSSL library.

+ +

The general case

+ +

The OpenSSL library doesn't treat pass phrases in any special way as a general rule, and trusts the application or user to choose a suitable character set and stick to that throughout the lifetime of affected objects. This means that for an object that was encrypted using a pass phrase encoded in ISO-8859-1, that object needs to be decrypted using a pass phrase encoded in ISO-8859-1. Using the wrong encoding is expected to cause a decryption failure.

+ +

PKCS#12

+ +

PKCS#12 is a bit different regarding pass phrase encoding. The standard stipulates that the pass phrase shall be encoded as an ASN.1 BMPString, which consists of the code points of the basic multilingual plane, encoded in big endian (UCS-2 BE).

+ +

OpenSSL tries to adapt to this requirements in one of the following manners:

+ +
    + +
  1. Treats the received pass phrase as UTF-8 encoded and tries to re-encode it to UTF-16 (which is the same as UCS-2 for characters U+0000 to U+D7FF and U+E000 to U+FFFF, but becomes an expansion for any other character), or failing that, proceeds with step 2.

    + +
  2. +
  3. Assumes that the pass phrase is encoded in ASCII or ISO-8859-1 and opportunistically prepends each byte with a zero byte to obtain the UCS-2 encoding of the characters, which it stores as a BMPString.

    + +

    Note that since there is no check of your locale, this may produce UCS-2 / UTF-16 characters that do not correspond to the original pass phrase characters for other character sets, such as any ISO-8859-X encoding other than ISO-8859-1 (or for Windows, CP 1252 with exception for the extra "graphical" characters in the 0x80-0x9F range).

    + +
  4. +
+ +

OpenSSL versions older than 1.1.0 do variant 2 only, and that is the reason why OpenSSL still does this, to be able to read files produced with older versions.

+ +

It should be noted that this approach isn't entirely fault free.

+ +

A pass phrase encoded in ISO-8859-2 could very well have a sequence such as 0xC3 0xAF (which is the two characters "LATIN CAPITAL LETTER A WITH BREVE" and "LATIN CAPITAL LETTER Z WITH DOT ABOVE" in ISO-8859-2 encoding), but would be misinterpreted as the perfectly valid UTF-8 encoded code point U+00EF (LATIN SMALL LETTER I WITH DIAERESIS) if the pass phrase doesn't contain anything that would be invalid UTF-8. A pass phrase that contains this kind of byte sequence will give a different outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0.

+ +
0x00 0xC3 0x00 0xAF                    # OpenSSL older than 1.1.0
+0x00 0xEF                              # OpenSSL 1.1.0 and newer
+ +

On the same accord, anything encoded in UTF-8 that was given to OpenSSL older than 1.1.0 was misinterpreted as ISO-8859-1 sequences.

+ +

OSSL_STORE

+ +

ossl_store(7) acts as a general interface to access all kinds of objects, potentially protected with a pass phrase, a PIN or something else. This API stipulates that pass phrases should be UTF-8 encoded, and that any other pass phrase encoding may give undefined results. This API relies on the application to ensure UTF-8 encoding, and doesn't check that this is the case, so what it gets, it will also pass to the underlying loader.

+ +

RECOMMENDATIONS

+ +

This section assumes that you know what pass phrase was used for encryption, but that it may have been encoded in a different character encoding than the one used by your current input method. For example, the pass phrase may have been used at a time when your default encoding was ISO-8859-1 (i.e. "naïve" resulting in the byte sequence 0x6E 0x61 0xEF 0x76 0x65), and you're now in an environment where your default encoding is UTF-8 (i.e. "naïve" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76 0x65). Whenever it's mentioned that you should use a certain character encoding, it should be understood that you either change the input method to use the mentioned encoding when you type in your pass phrase, or use some suitable tool to convert your pass phrase from your default encoding to the target encoding.

+ +

Also note that the sub-sections below discuss human readable pass phrases. This is particularly relevant for PKCS#12 objects, where human readable pass phrases are assumed. For other objects, it's as legitimate to use any byte sequence (such as a sequence of bytes from `/dev/urandom` that's been saved away), which makes any character encoding discussion irrelevant; in such cases, simply use the same byte sequence as it is.

+ +

Creating new objects

+ +

For creating new pass phrase protected objects, make sure the pass phrase is encoded using UTF-8. This is default on most modern Unixes, but may involve an effort on other platforms. Specifically for Windows, setting the environment variable OPENSSL_WIN32_UTF8 will have anything entered on [Windows] console prompt converted to UTF-8 (command line and separately prompted pass phrases alike).

+ +

Opening existing objects

+ +

For opening pass phrase protected objects where you know what character encoding was used for the encryption pass phrase, make sure to use the same encoding again.

+ +

For opening pass phrase protected objects where the character encoding that was used is unknown, or where the producing application is unknown, try one of the following:

+ +
    + +
  1. Try the pass phrase that you have as it is in the character encoding of your environment. It's possible that its byte sequence is exactly right.

    + +
  2. +
  3. Convert the pass phrase to UTF-8 and try with the result. Specifically with PKCS#12, this should open up any object that was created according to the specification.

    + +
  4. +
  5. Do a naïve (i.e. purely mathematical) ISO-8859-1 to UTF-8 conversion and try with the result. This differs from the previous attempt because ISO-8859-1 maps directly to U+0000 to U+00FF, which other non-UTF-8 character sets do not.

    + +

    This also takes care of the case when a UTF-8 encoded string was used with OpenSSL older than 1.1.0. (for example, ï, which is 0xC3 0xAF when encoded in UTF-8, would become 0xC3 0x83 0xC2 0xAF when re-encoded in the naïve manner. The conversion to BMPString would then yield 0x00 0xC3 0x00 0xA4 0x00 0x00, the erroneous/non-compliant encoding used by OpenSSL older than 1.1.0)

    + +
  6. +
+ +

SEE ALSO

+ +

evp(7), ossl_store(7), EVP_BytesToKey(3), EVP_DecryptInit(3), PEM_do_header(3), PKCS12_parse(3), PKCS12_newpass(3), d2i_PKCS8PrivateKey_bio(3)

+ +

COPYRIGHT

+ +

Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/proxy-certificates.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/proxy-certificates.html new file mode 100644 index 00000000..fdb0601f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/proxy-certificates.html @@ -0,0 +1,345 @@ + + + + +proxy-certificates + + + + + + + + + + +

NAME

+ +

proxy-certificates - Proxy certificates in OpenSSL

+ +

DESCRIPTION

+ +

Proxy certificates are defined in RFC 3820. They are used to extend rights to some other entity (a computer process, typically, or sometimes to the user itself). This allows the entity to perform operations on behalf of the owner of the EE (End Entity) certificate.

+ +

The requirements for a valid proxy certificate are:

+ +
    + +
  • They are issued by an End Entity, either a normal EE certificate, or another proxy certificate.

    + +
  • +
  • They must not have the subjectAltName or issuerAltName extensions.

    + +
  • +
  • They must have the proxyCertInfo extension.

    + +
  • +
  • They must have the subject of their issuer, with one commonName added.

    + +
  • +
+ +

Enabling proxy certificate verification

+ +

OpenSSL expects applications that want to use proxy certificates to be specially aware of them, and make that explicit. This is done by setting an X509 verification flag:

+ +
X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
+ +

or

+ +
X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_ALLOW_PROXY_CERTS);
+ +

See "NOTES" for a discussion on this requirement.

+ +

Creating proxy certificates

+ +

Creating proxy certificates can be done using the openssl-x509(1) command, with some extra extensions:

+ +
[ v3_proxy ]
+# A proxy certificate MUST NEVER be a CA certificate.
+basicConstraints=CA:FALSE
+
+# Usual authority key ID
+authorityKeyIdentifier=keyid,issuer:always
+
+# The extension which marks this certificate as a proxy
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
+ +

It's also possible to specify the proxy extension in a separate section:

+ +
proxyCertInfo=critical,@proxy_ext
+
+[ proxy_ext ]
+language=id-ppl-anyLanguage
+pathlen=0
+policy=text:BC
+ +

The policy value has a specific syntax, syntag:string, where the syntag determines what will be done with the string. The following syntags are recognised:

+ +
+ +
text
+
+ +

indicates that the string is a byte sequence, without any encoding:

+ +
policy=text:räksmörgås
+ +
+
hex
+
+ +

indicates the string is encoded hexadecimal encoded binary data, with colons between each byte (every second hex digit):

+ +
policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73
+ +
+
file
+
+ +

indicates that the text of the policy should be taken from a file. The string is then a filename. This is useful for policies that are large (more than a few lines, e.g. XML documents).

+ +
+
+ +

NOTE: The proxy policy value is what determines the rights granted to the process during the proxy certificate. It's up to the application to interpret and combine these policies.

+ +

With a proxy extension, creating a proxy certificate is a matter of two commands:

+ +
openssl req -new -config proxy.cnf \
+    -out proxy.req -keyout proxy.key \
+    -subj "/DC=org/DC=openssl/DC=users/CN=proxy 1"
+
+openssl x509 -req -CAcreateserial -in proxy.req -out proxy.crt \
+    -CA user.crt -CAkey user.key -days 7 \
+    -extfile proxy.cnf -extensions v3_proxy1
+ +

You can also create a proxy certificate using another proxy certificate as issuer (note: using a different configuration section for the proxy extensions):

+ +
openssl req -new -config proxy.cnf \
+    -out proxy2.req -keyout proxy2.key \
+    -subj "/DC=org/DC=openssl/DC=users/CN=proxy 1/CN=proxy 2"
+
+openssl x509 -req -CAcreateserial -in proxy2.req -out proxy2.crt \
+    -CA proxy.crt -CAkey proxy.key -days 7 \
+    -extfile proxy.cnf -extensions v3_proxy2
+ +

Using proxy certs in applications

+ +

To interpret proxy policies, the application would normally start with some default rights (perhaps none at all), then compute the resulting rights by checking the rights against the chain of proxy certificates, user certificate and CA certificates.

+ +

The complicated part is figuring out how to pass data between your application and the certificate validation procedure.

+ +

The following ingredients are needed for such processing:

+ +
    + +
  • a callback function that will be called for every certificate being validated. The callback is called several times for each certificate, so you must be careful to do the proxy policy interpretation at the right time. You also need to fill in the defaults when the EE certificate is checked.

    + +
  • +
  • a data structure that is shared between your application code and the callback.

    + +
  • +
  • a wrapper function that sets it all up.

    + +
  • +
  • an ex_data index function that creates an index into the generic ex_data store that is attached to an X509 validation context.

    + +
  • +
+ +

The following skeleton code can be used as a starting point:

+ +
#include <string.h>
+#include <netdb.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#define total_rights 25
+
+/*
+ * In this example, I will use a view of granted rights as a bit
+ * array, one bit for each possible right.
+ */
+typedef struct your_rights {
+    unsigned char rights[(total_rights + 7) / 8];
+} YOUR_RIGHTS;
+
+/*
+ * The following procedure will create an index for the ex_data
+ * store in the X509 validation context the first time it's
+ * called.  Subsequent calls will return the same index.
+ */
+static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx)
+{
+    static volatile int idx = -1;
+
+    if (idx < 0) {
+        X509_STORE_lock(X509_STORE_CTX_get0_store(ctx));
+        if (idx < 0) {
+            idx = X509_STORE_CTX_get_ex_new_index(0,
+                                                  "for verify callback",
+                                                  NULL,NULL,NULL);
+        }
+        X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx));
+    }
+    return idx;
+}
+
+/* Callback to be given to the X509 validation procedure.  */
+static int verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+    if (ok == 1) {
+        /*
+         * It's REALLY important you keep the proxy policy check
+         * within this section.  It's important to know that when
+         * ok is 1, the certificates are checked from top to
+         * bottom.  You get the CA root first, followed by the
+         * possible chain of intermediate CAs, followed by the EE
+         * certificate, followed by the possible proxy
+         * certificates. 
+         */
+        X509 *xs = X509_STORE_CTX_get_current_cert(ctx);
+
+        if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
+            YOUR_RIGHTS *rights =
+                (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
+                    get_proxy_auth_ex_data_idx(ctx));
+            PROXY_CERT_INFO_EXTENSION *pci =
+                X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL);
+
+            switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
+            case NID_Independent:
+                /*
+                 * Do whatever you need to grant explicit rights
+                 * to this particular proxy certificate, usually
+                 * by pulling them from some database.  If there
+                 * are none to be found, clear all rights (making
+                 * this and any subsequent proxy certificate void
+                 * of any rights). 
+                 */
+                memset(rights->rights, 0, sizeof(rights->rights));
+                break;
+            case NID_id_ppl_inheritAll:
+                /*
+                 * This is basically a NOP, we simply let the
+                 * current rights stand as they are.
+                 */
+                break;
+            default:
+                /*
+                 * This is usually the most complex section of
+                 * code.  You really do whatever you want as long
+                 * as you follow RFC 3820.  In the example we use
+                 * here, the simplest thing to do is to build
+                 * another, temporary bit array and fill it with
+                 * the rights granted by the current proxy
+                 * certificate, then use it as a mask on the
+                 * accumulated rights bit array, and voilà, you
+                 * now have a new accumulated rights bit array.
+                 */
+                {
+                    int i;
+                    YOUR_RIGHTS tmp_rights;
+                    memset(tmp_rights.rights, 0,
+                           sizeof(tmp_rights.rights));
+
+                    /*
+                     * process_rights() is supposed to be a
+                     * procedure that takes a string and its
+                     * length, interprets it and sets the bits
+                     * in the YOUR_RIGHTS pointed at by the
+                     * third argument.
+                     */
+                    process_rights((char *) pci->proxyPolicy->policy->data,
+                                   pci->proxyPolicy->policy->length,
+                                   &tmp_rights);
+
+                    for(i = 0; i < total_rights / 8; i++)
+                        rights->rights[i] &= tmp_rights.rights[i];
+                }
+                break;
+            }
+            PROXY_CERT_INFO_EXTENSION_free(pci);
+        } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) {
+            /* We have an EE certificate, let's use it to set default! */
+            YOUR_RIGHTS *rights =
+                (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
+                    get_proxy_auth_ex_data_idx(ctx));
+
+            /*
+             * The following procedure finds out what rights the
+             * owner of the current certificate has, and sets them
+             * in the YOUR_RIGHTS structure pointed at by the
+             * second argument.
+             */
+            set_default_rights(xs, rights);
+        }
+    }
+    return ok;
+}
+
+static int my_X509_verify_cert(X509_STORE_CTX *ctx,
+                               YOUR_RIGHTS *needed_rights)
+{
+    int ok;
+    int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) =
+        X509_STORE_CTX_get_verify_cb(ctx);
+    YOUR_RIGHTS rights;
+
+    X509_STORE_CTX_set_verify_cb(ctx, verify_callback);
+    X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx),
+                               &rights);
+    X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
+    ok = X509_verify_cert(ctx);
+
+    if (ok == 1) {
+        ok = check_needed_rights(rights, needed_rights);
+    }
+
+    X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb);
+
+    return ok;
+}
+ +

If you use SSL or TLS, you can easily set up a callback to have the certificates checked properly, using the code above:

+ +
SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert,
+                                 &needed_rights);
+ +

NOTES

+ +

To this date, it seems that proxy certificates have only been used in environments that are aware of them, and no one seems to have investigated how they can be used or misused outside of such an environment.

+ +

For that reason, OpenSSL requires that applications aware of proxy certificates must also make that explicit.

+ +

subjectAltName and issuerAltName are forbidden in proxy certificates, and this is enforced in OpenSSL. The subject must be the same as the issuer, with one commonName added on.

+ +

SEE ALSO

+ +

X509_STORE_CTX_set_flags(3), X509_STORE_CTX_set_verify_cb(3), X509_VERIFY_PARAM_set_flags(3), SSL_CTX_set_cert_verify_callback(3), openssl-req(1), openssl-x509(1), RFC 3820

+ +

COPYRIGHT

+ +

Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/scrypt.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/scrypt.html new file mode 100644 index 00000000..32045c3a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/scrypt.html @@ -0,0 +1,112 @@ + + + + +scrypt + + + + + + + + + + +

NAME

+ +

scrypt - EVP_PKEY scrypt KDF support

+ +

DESCRIPTION

+ +

The EVP_PKEY_SCRYPT algorithm implements the scrypt password based key derivation function, as described in RFC 7914. It is memory-hard in the sense that it deliberately requires a significant amount of RAM for efficient computation. The intention of this is to render brute forcing of passwords on systems that lack large amounts of main memory (such as GPUs or ASICs) computationally infeasible.

+ +

scrypt provides three work factors that can be customized: N, r and p. N, which has to be a positive power of two, is the general work factor and scales CPU time in an approximately linear fashion. r is the block size of the internally used hash function and p is the parallelization factor. Both r and p need to be greater than zero. The amount of RAM that scrypt requires for its computation is roughly (128 * N * r * p) bytes.

+ +

In the original paper of Colin Percival ("Stronger Key Derivation via Sequential Memory-Hard Functions", 2009), the suggested values that give a computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N = 2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for this computation is roughly 1 GiB. On a more recent CPU (Intel i7-5930K at 3.5 GHz), this computation takes about 3 seconds. When N, r or p are not specified, they default to 1048576, 8, and 1, respectively. The default amount of RAM that may be used by scrypt defaults to 1025 MiB.

+ +

NOTES

+ +

A context for scrypt can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL);
+ +

The output length of an scrypt key derivation is specified via the length parameter to the EVP_PKEY_derive(3) function.

+ +

EXAMPLES

+ +

This example derives a 64-byte long test vector using scrypt using the password "password", salt "NaCl" and N = 1024, r = 8, p = 16.

+ +
EVP_PKEY_CTX *pctx;
+unsigned char out[64];
+
+size_t outlen = sizeof(out);
+pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL);
+
+if (EVP_PKEY_derive_init(pctx) <= 0) {
+    error("EVP_PKEY_derive_init");
+}
+if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) {
+    error("EVP_PKEY_CTX_set1_pbe_pass");
+}
+if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, "NaCl", 4) <= 0) {
+    error("EVP_PKEY_CTX_set1_scrypt_salt");
+}
+if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) {
+    error("EVP_PKEY_CTX_set_scrypt_N");
+}
+if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) {
+    error("EVP_PKEY_CTX_set_scrypt_r");
+}
+if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) {
+    error("EVP_PKEY_CTX_set_scrypt_p");
+}
+if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
+    error("EVP_PKEY_derive");
+}
+
+{
+    const unsigned char expected[sizeof(out)] = {
+        0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
+        0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
+        0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
+        0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
+        0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
+        0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
+        0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
+        0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
+    };
+
+    assert(!memcmp(out, expected, sizeof(out)));
+}
+
+EVP_PKEY_CTX_free(pctx);
+ +

CONFORMING TO

+ +

RFC 7914

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_set1_scrypt_salt(3), EVP_PKEY_CTX_set_scrypt_N(3), EVP_PKEY_CTX_set_scrypt_r(3), EVP_PKEY_CTX_set_scrypt_p(3), EVP_PKEY_CTX_set_scrypt_maxmem_bytes(3), EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/ssl.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/ssl.html new file mode 100644 index 00000000..5dfbfcdf --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/ssl.html @@ -0,0 +1,1248 @@ + + + + +ssl + + + + + + + + + + +

NAME

+ +

ssl - OpenSSL SSL/TLS library

+ +

SYNOPSIS

+ +

See the individual manual pages for details.

+ +

DESCRIPTION

+ +

The OpenSSL ssl library implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It provides a rich API which is documented here.

+ +

An SSL_CTX object is created as a framework to establish TLS/SSL enabled connections (see SSL_CTX_new(3)). Various options regarding certificates, algorithms etc. can be set in this object.

+ +

When a network connection has been created, it can be assigned to an SSL object. After the SSL object has been created using SSL_new(3), SSL_set_fd(3) or SSL_set_bio(3) can be used to associate the network connection with the object.

+ +

When the TLS/SSL handshake is performed using SSL_accept(3) or SSL_connect(3) respectively. SSL_read_ex(3), SSL_read(3), SSL_write_ex(3) and SSL_write(3) are used to read and write data on the TLS/SSL connection. SSL_shutdown(3) can be used to shut down the TLS/SSL connection.

+ +

DATA STRUCTURES

+ +

Currently the OpenSSL ssl library functions deals with the following data structures:

+ +
+ +
SSL_METHOD (SSL Method)
+
+ +

This is a dispatch structure describing the internal ssl library methods/functions which implement the various protocol versions (SSLv3 TLSv1, ...). It's needed to create an SSL_CTX.

+ +
+
SSL_CIPHER (SSL Cipher)
+
+ +

This structure holds the algorithm information for a particular cipher which are a core part of the SSL/TLS protocol. The available ciphers are configured on a SSL_CTX basis and the actual ones used are then part of the SSL_SESSION.

+ +
+
SSL_CTX (SSL Context)
+
+ +

This is the global context structure which is created by a server or client once per program life-time and which holds mainly default values for the SSL structures which are later created for the connections.

+ +
+
SSL_SESSION (SSL Session)
+
+ +

This is a structure containing the current TLS/SSL session details for a connection: SSL_CIPHERs, client and server certificates, keys, etc.

+ +
+
SSL (SSL Connection)
+
+ +

This is the main SSL/TLS structure which is created by a server or client per established connection. This actually is the core structure in the SSL API. At run-time the application usually deals with this structure which has links to mostly all other structures.

+ +
+
+ +

HEADER FILES

+ +

Currently the OpenSSL ssl library provides the following C header files containing the prototypes for the data structures and functions:

+ +
+ +
ssl.h
+
+ +

This is the common header file for the SSL/TLS API. Include it into your program to make the API of the ssl library available. It internally includes both more private SSL headers and headers from the crypto library. Whenever you need hard-core details on the internals of the SSL API, look inside this header file.

+ +
+
ssl2.h
+
+ +

Unused. Present for backwards compatibility only.

+ +
+
ssl3.h
+
+ +

This is the sub header file dealing with the SSLv3 protocol only. Usually you don't have to include it explicitly because it's already included by ssl.h.

+ +
+
tls1.h
+
+ +

This is the sub header file dealing with the TLSv1 protocol only. Usually you don't have to include it explicitly because it's already included by ssl.h.

+ +
+
+ +

API FUNCTIONS

+ +

Currently the OpenSSL ssl library exports 214 API functions. They are documented in the following:

+ +

Dealing with Protocol Methods

+ +

Here we document the various API functions which deal with the SSL/TLS protocol methods defined in SSL_METHOD structures.

+ +
+ +
const SSL_METHOD *TLS_method(void);
+
+ +

Constructor for the version-flexible SSL_METHOD structure for clients, servers or both. See SSL_CTX_new(3) for details.

+ +
+
const SSL_METHOD *TLS_client_method(void);
+
+ +

Constructor for the version-flexible SSL_METHOD structure for clients. Must be used to support the TLSv1.3 protocol.

+ +
+
const SSL_METHOD *TLS_server_method(void);
+
+ +

Constructor for the version-flexible SSL_METHOD structure for servers. Must be used to support the TLSv1.3 protocol.

+ +
+
const SSL_METHOD *TLSv1_2_method(void);
+
+ +

Constructor for the TLSv1.2 SSL_METHOD structure for clients, servers or both.

+ +
+
const SSL_METHOD *TLSv1_2_client_method(void);
+
+ +

Constructor for the TLSv1.2 SSL_METHOD structure for clients.

+ +
+
const SSL_METHOD *TLSv1_2_server_method(void);
+
+ +

Constructor for the TLSv1.2 SSL_METHOD structure for servers.

+ +
+
const SSL_METHOD *TLSv1_1_method(void);
+
+ +

Constructor for the TLSv1.1 SSL_METHOD structure for clients, servers or both.

+ +
+
const SSL_METHOD *TLSv1_1_client_method(void);
+
+ +

Constructor for the TLSv1.1 SSL_METHOD structure for clients.

+ +
+
const SSL_METHOD *TLSv1_1_server_method(void);
+
+ +

Constructor for the TLSv1.1 SSL_METHOD structure for servers.

+ +
+
const SSL_METHOD *TLSv1_method(void);
+
+ +

Constructor for the TLSv1 SSL_METHOD structure for clients, servers or both.

+ +
+
const SSL_METHOD *TLSv1_client_method(void);
+
+ +

Constructor for the TLSv1 SSL_METHOD structure for clients.

+ +
+
const SSL_METHOD *TLSv1_server_method(void);
+
+ +

Constructor for the TLSv1 SSL_METHOD structure for servers.

+ +
+
const SSL_METHOD *SSLv3_method(void);
+
+ +

Constructor for the SSLv3 SSL_METHOD structure for clients, servers or both.

+ +
+
const SSL_METHOD *SSLv3_client_method(void);
+
+ +

Constructor for the SSLv3 SSL_METHOD structure for clients.

+ +
+
const SSL_METHOD *SSLv3_server_method(void);
+
+ +

Constructor for the SSLv3 SSL_METHOD structure for servers.

+ +
+
+ +

Dealing with Ciphers

+ +

Here we document the various API functions which deal with the SSL/TLS ciphers defined in SSL_CIPHER structures.

+ +
+ +
char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len);
+
+ +

Write a string to buf (with a maximum size of len) containing a human readable description of cipher. Returns buf.

+ +
+
int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);
+
+ +

Determine the number of bits in cipher. Because of export crippled ciphers there are two bits: The bits the algorithm supports in general (stored to alg_bits) and the bits which are actually used (the return value).

+ +
+
const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);
+
+ +

Return the internal name of cipher as a string. These are the various strings defined by the SSL3_TXT_xxx and TLS1_TXT_xxx definitions in the header files.

+ +
+
const char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);
+
+ +

Returns a string like "SSLv3" or "TLSv1.2" which indicates the SSL/TLS protocol version to which cipher belongs (i.e. where it was defined in the specification the first time).

+ +
+
+ +

Dealing with Protocol Contexts

+ +

Here we document the various API functions which deal with the SSL/TLS protocol context defined in the SSL_CTX structure.

+ +
+ +
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
+
+ +
+
long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
+
+ +
+
int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);
+
+ +
+
int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+
+ +
+
long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);
+
+ +
+
void SSL_CTX_flush_sessions(SSL_CTX *s, long t);
+
+ +
+
void SSL_CTX_free(SSL_CTX *a);
+
+ +
+
char *SSL_CTX_get_app_data(SSL_CTX *ctx);
+
+ +
+
X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);
+
+ +
+
STACK *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
+
+ +
+
STACK *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
+
+ +
+
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+ +
+
void SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);
+
+ +
+
char *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx);
+
+ +
+
int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+ +
+
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
+
+ +
+
int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
+
+ +
+
void SSL_CTX_get_read_ahead(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_get_session_cache_mode(SSL_CTX *ctx);
+
+ +
+
long SSL_CTX_get_timeout(const SSL_CTX *ctx);
+
+ +
+
int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
+
+ +
+
int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath);
+
+ +
+
SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
+
+ +
+
int SSL_CTX_up_ref(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
+
+ +
+
int SSL_CTX_sess_accept(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_accept_good(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_cache_full(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_cb_hits(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_connect(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_connect_good(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);
+
+ +
+
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);
+
+ +
+
int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);
+
+ +
+
void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);
+
+ +
+
int SSL_CTX_sess_hits(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_misses(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_number(SSL_CTX *ctx);
+
+ +
+
void SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, t);
+
+ +
+
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
+
+ +
+
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));
+
+ +
+
void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));
+
+ +
+
int SSL_CTX_sess_timeouts(SSL_CTX *ctx);
+
+ +
+
LHASH *SSL_CTX_sessions(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);
+
+ +
+
void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs);
+
+ +
+
void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *cs);
+
+ +
+
void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg)
+
+ +
+
int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str);
+
+ +
+
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);
+
+ +
+
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+
+ +
+
int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, ssl_ct_validation_cb callback, void *arg);
+
+ +
+
void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void))
+
+ +
+
void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);
+
+ +
+
int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+
+ +

Use the default paths to locate trusted CA certificates. There is one default directory path and one default file path. Both are set via this call.

+ +
+
int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
+
+ +

Use the default directory path to locate trusted CA certificates.

+ +
+
int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
+
+ +

Use the file path to locate trusted CA certificates.

+ +
+
int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);
+
+ +
+
void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
+
+ +
+
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+
+ +
+
void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+
+ +
+
unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);
+
+ +
+
unsigned long SSL_CTX_get_options(SSL_CTX *ctx);
+
+ +
+
unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
+
+ +
+
void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+
+ +
+
void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int m);
+
+ +
+
void SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);
+
+ +
+
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
+
+ +
+
void SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+
+ +
+
long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh);
+
+ +
+
long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void));
+
+ +
+
void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))
+
+ +
+
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+
+ +
+
int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, long len);
+
+ +
+
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+
+ +
+
int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+
+ +
+
int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
+
+ +
+
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+
+ +
+
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+
+ +
+
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
+
+ +
+
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+
+ +
+
int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);
+
+ +
+
X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
+
+ +
+
EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
+
+ +
+
void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
+
+ +
+
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);
+
+ +
+
void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
+
+ +
+
+ +

Dealing with Sessions

+ +

Here we document the various API functions which deal with the SSL/TLS sessions defined in the SSL_SESSION structures.

+ +
+ +
int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b);
+
+ +
+
void SSL_SESSION_free(SSL_SESSION *ss);
+
+ +
+
char *SSL_SESSION_get_app_data(SSL_SESSION *s);
+
+ +
+
char *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx);
+
+ +
+
int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+ +
+
long SSL_SESSION_get_time(const SSL_SESSION *s);
+
+ +
+
long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+
+ +
+
unsigned long SSL_SESSION_hash(const SSL_SESSION *a);
+
+ +
+
SSL_SESSION *SSL_SESSION_new(void);
+
+ +
+
int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x);
+
+ +
+
int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x);
+
+ +
+
int SSL_SESSION_set_app_data(SSL_SESSION *s, char *a);
+
+ +
+
int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg);
+
+ +
+
long SSL_SESSION_set_time(SSL_SESSION *s, long t);
+
+ +
+
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
+
+ +
+
+ +

Dealing with Connections

+ +

Here we document the various API functions which deal with the SSL/TLS connection defined in the SSL structure.

+ +
+ +
int SSL_accept(SSL *ssl);
+
+ +
+
int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir);
+
+ +
+
int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char *file);
+
+ +
+
int SSL_add_client_CA(SSL *ssl, X509 *x);
+
+ +
+
char *SSL_alert_desc_string(int value);
+
+ +
+
char *SSL_alert_desc_string_long(int value);
+
+ +
+
char *SSL_alert_type_string(int value);
+
+ +
+
char *SSL_alert_type_string_long(int value);
+
+ +
+
int SSL_check_private_key(const SSL *ssl);
+
+ +
+
void SSL_clear(SSL *ssl);
+
+ +
+
long SSL_clear_num_renegotiations(SSL *ssl);
+
+ +
+
int SSL_connect(SSL *ssl);
+
+ +
+
int SSL_copy_session_id(SSL *t, const SSL *f);
+
+ +

Sets the session details for t to be the same as in f. Returns 1 on success or 0 on failure.

+ +
+
long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);
+
+ +
+
int SSL_do_handshake(SSL *ssl);
+
+ +
+
SSL *SSL_dup(SSL *ssl);
+
+ +

SSL_dup() allows applications to configure an SSL handle for use in multiple SSL connections, and then duplicate it prior to initiating each connection with the duplicated handle. Use of SSL_dup() avoids the need to repeat the configuration of the handles for each connection.

+ +

For SSL_dup() to work, the connection MUST be in its initial state and MUST NOT have not yet have started the SSL handshake. For connections that are not in their initial state SSL_dup() just increments an internal reference count and returns the same handle. It may be possible to use SSL_clear(3) to recycle an SSL handle that is not in its initial state for re-use, but this is best avoided. Instead, save and restore the session, if desired, and construct a fresh handle for each connection.

+ +
+
STACK *SSL_dup_CA_list(STACK *sk);
+
+ +
+
void SSL_free(SSL *ssl);
+
+ +
+
SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+
+ +
+
char *SSL_get_app_data(SSL *ssl);
+
+ +
+
X509 *SSL_get_certificate(const SSL *ssl);
+
+ +
+
const char *SSL_get_cipher(const SSL *ssl);
+
+ +
+
int SSL_is_dtls(const SSL *ssl);
+
+ +
+
int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits);
+
+ +
+
char *SSL_get_cipher_list(const SSL *ssl, int n);
+
+ +
+
char *SSL_get_cipher_name(const SSL *ssl);
+
+ +
+
char *SSL_get_cipher_version(const SSL *ssl);
+
+ +
+
STACK *SSL_get_ciphers(const SSL *ssl);
+
+ +
+
STACK *SSL_get_client_CA_list(const SSL *ssl);
+
+ +
+
SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);
+
+ +
+
long SSL_get_default_timeout(const SSL *ssl);
+
+ +
+
int SSL_get_error(const SSL *ssl, int i);
+
+ +
+
char *SSL_get_ex_data(const SSL *ssl, int idx);
+
+ +
+
int SSL_get_ex_data_X509_STORE_CTX_idx(void);
+
+ +
+
int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+ +
+
int SSL_get_fd(const SSL *ssl);
+
+ +
+
void (*SSL_get_info_callback(const SSL *ssl);)()
+
+ +
+
int SSL_get_key_update_type(SSL *s);
+
+ +
+
STACK *SSL_get_peer_cert_chain(const SSL *ssl);
+
+ +
+
X509 *SSL_get_peer_certificate(const SSL *ssl);
+
+ +
+
const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);
+
+ +
+
EVP_PKEY *SSL_get_privatekey(const SSL *ssl);
+
+ +
+
int SSL_get_quiet_shutdown(const SSL *ssl);
+
+ +
+
BIO *SSL_get_rbio(const SSL *ssl);
+
+ +
+
int SSL_get_read_ahead(const SSL *ssl);
+
+ +
+
SSL_SESSION *SSL_get_session(const SSL *ssl);
+
+ +
+
char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int size);
+
+ +
+
int SSL_get_shutdown(const SSL *ssl);
+
+ +
+
const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
+
+ +
+
int SSL_get_state(const SSL *ssl);
+
+ +
+
long SSL_get_time(const SSL *ssl);
+
+ +
+
long SSL_get_timeout(const SSL *ssl);
+
+ +
+
int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *)
+
+ +
+
int SSL_get_verify_mode(const SSL *ssl);
+
+ +
+
long SSL_get_verify_result(const SSL *ssl);
+
+ +
+
char *SSL_get_version(const SSL *ssl);
+
+ +
+
BIO *SSL_get_wbio(const SSL *ssl);
+
+ +
+
int SSL_in_accept_init(SSL *ssl);
+
+ +
+
int SSL_in_before(SSL *ssl);
+
+ +
+
int SSL_in_connect_init(SSL *ssl);
+
+ +
+
int SSL_in_init(SSL *ssl);
+
+ +
+
int SSL_is_init_finished(SSL *ssl);
+
+ +
+
int SSL_key_update(SSL *s, int updatetype);
+
+ +
+
STACK *SSL_load_client_CA_file(const char *file);
+
+ +
+
SSL *SSL_new(SSL_CTX *ctx);
+
+ +
+
int SSL_up_ref(SSL *s);
+
+ +
+
long SSL_num_renegotiations(SSL *ssl);
+
+ +
+
int SSL_peek(SSL *ssl, void *buf, int num);
+
+ +
+
int SSL_pending(const SSL *ssl);
+
+ +
+
int SSL_read(SSL *ssl, void *buf, int num);
+
+ +
+
int SSL_renegotiate(SSL *ssl);
+
+ +
+
char *SSL_rstate_string(SSL *ssl);
+
+ +
+
char *SSL_rstate_string_long(SSL *ssl);
+
+ +
+
long SSL_session_reused(SSL *ssl);
+
+ +
+
void SSL_set_accept_state(SSL *ssl);
+
+ +
+
void SSL_set_app_data(SSL *ssl, char *arg);
+
+ +
+
void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
+
+ +
+
int SSL_set_cipher_list(SSL *ssl, char *str);
+
+ +
+
void SSL_set_client_CA_list(SSL *ssl, STACK *list);
+
+ +
+
void SSL_set_connect_state(SSL *ssl);
+
+ +
+
int SSL_set_ct_validation_callback(SSL *ssl, ssl_ct_validation_cb callback, void *arg);
+
+ +
+
int SSL_set_ex_data(SSL *ssl, int idx, char *arg);
+
+ +
+
int SSL_set_fd(SSL *ssl, int fd);
+
+ +
+
void SSL_set_info_callback(SSL *ssl, void (*cb);(void))
+
+ +
+
void SSL_set_msg_callback(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+
+ +
+
void SSL_set_msg_callback_arg(SSL *ctx, void *arg);
+
+ +
+
unsigned long SSL_clear_options(SSL *ssl, unsigned long op);
+
+ +
+
unsigned long SSL_get_options(SSL *ssl);
+
+ +
+
unsigned long SSL_set_options(SSL *ssl, unsigned long op);
+
+ +
+
void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+
+ +
+
void SSL_set_read_ahead(SSL *ssl, int yes);
+
+ +
+
int SSL_set_rfd(SSL *ssl, int fd);
+
+ +
+
int SSL_set_session(SSL *ssl, SSL_SESSION *session);
+
+ +
+
void SSL_set_shutdown(SSL *ssl, int mode);
+
+ +
+
int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *meth);
+
+ +
+
void SSL_set_time(SSL *ssl, long t);
+
+ +
+
void SSL_set_timeout(SSL *ssl, long t);
+
+ +
+
void SSL_set_verify(SSL *ssl, int mode, int (*callback);(void))
+
+ +
+
void SSL_set_verify_result(SSL *ssl, long arg);
+
+ +
+
int SSL_set_wfd(SSL *ssl, int fd);
+
+ +
+
int SSL_shutdown(SSL *ssl);
+
+ +
+
OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
+
+ +

Returns the current handshake state.

+ +
+
char *SSL_state_string(const SSL *ssl);
+
+ +
+
char *SSL_state_string_long(const SSL *ssl);
+
+ +
+
long SSL_total_renegotiations(SSL *ssl);
+
+ +
+
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+
+ +
+
int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len);
+
+ +
+
int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+
+ +
+
int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+
+ +
+
int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+
+ +
+
int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+
+ +
+
int SSL_use_certificate(SSL *ssl, X509 *x);
+
+ +
+
int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);
+
+ +
+
int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+
+ +
+
int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);
+
+ +
+
int SSL_version(const SSL *ssl);
+
+ +
+
int SSL_want(const SSL *ssl);
+
+ +
+
int SSL_want_nothing(const SSL *ssl);
+
+ +
+
int SSL_want_read(const SSL *ssl);
+
+ +
+
int SSL_want_write(const SSL *ssl);
+
+ +
+
int SSL_want_x509_lookup(const SSL *ssl);
+
+ +
+
int SSL_write(SSL *ssl, const void *buf, int num);
+
+ +
+
void SSL_set_psk_client_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
+
+ +
+
int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
+
+ +
+
void SSL_set_psk_server_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
+
+ +
+
const char *SSL_get_psk_identity_hint(SSL *ssl);
+
+ +
+
const char *SSL_get_psk_identity(SSL *ssl);
+
+ +
+
+ +

RETURN VALUES

+ +

See the individual manual pages for details.

+ +

SEE ALSO

+ +

openssl(1), crypto(7), CRYPTO_get_ex_new_index(3), SSL_accept(3), SSL_clear(3), SSL_connect(3), SSL_CIPHER_get_name(3), SSL_COMP_add_compression_method(3), SSL_CTX_add_extra_chain_cert(3), SSL_CTX_add_session(3), SSL_CTX_ctrl(3), SSL_CTX_flush_sessions(3), SSL_CTX_get_verify_mode(3), SSL_CTX_load_verify_locations(3) SSL_CTX_new(3), SSL_CTX_sess_number(3), SSL_CTX_sess_set_cache_size(3), SSL_CTX_sess_set_get_cb(3), SSL_CTX_sessions(3), SSL_CTX_set_cert_store(3), SSL_CTX_set_cert_verify_callback(3), SSL_CTX_set_cipher_list(3), SSL_CTX_set_client_CA_list(3), SSL_CTX_set_client_cert_cb(3), SSL_CTX_set_default_passwd_cb(3), SSL_CTX_set_generate_session_id(3), SSL_CTX_set_info_callback(3), SSL_CTX_set_max_cert_list(3), SSL_CTX_set_mode(3), SSL_CTX_set_msg_callback(3), SSL_CTX_set_options(3), SSL_CTX_set_quiet_shutdown(3), SSL_CTX_set_read_ahead(3), SSL_CTX_set_security_level(3), SSL_CTX_set_session_cache_mode(3), SSL_CTX_set_session_id_context(3), SSL_CTX_set_ssl_version(3), SSL_CTX_set_timeout(3), SSL_CTX_set_tmp_dh_callback(3), SSL_CTX_set_verify(3), SSL_CTX_use_certificate(3), SSL_alert_type_string(3), SSL_do_handshake(3), SSL_enable_ct(3), SSL_get_SSL_CTX(3), SSL_get_ciphers(3), SSL_get_client_CA_list(3), SSL_get_default_timeout(3), SSL_get_error(3), SSL_get_ex_data_X509_STORE_CTX_idx(3), SSL_get_fd(3), SSL_get_peer_cert_chain(3), SSL_get_rbio(3), SSL_get_session(3), SSL_get_verify_result(3), SSL_get_version(3), SSL_load_client_CA_file(3), SSL_new(3), SSL_pending(3), SSL_read_ex(3), SSL_read(3), SSL_rstate_string(3), SSL_session_reused(3), SSL_set_bio(3), SSL_set_connect_state(3), SSL_set_fd(3), SSL_set_session(3), SSL_set_shutdown(3), SSL_shutdown(3), SSL_state_string(3), SSL_want(3), SSL_write_ex(3), SSL_write(3), SSL_SESSION_free(3), SSL_SESSION_get_time(3), d2i_SSL_SESSION(3), SSL_CTX_set_psk_client_callback(3), SSL_CTX_use_psk_identity_hint(3), SSL_get_psk_identity(3), DTLSv1_listen(3)

+ +

HISTORY

+ +

SSLv2_client_method, SSLv2_server_method and SSLv2_method were removed in OpenSSL 1.1.0.

+ +

The return type of SSL_copy_session_id was changed from void to int in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/x509.html b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/x509.html new file mode 100644 index 00000000..42546b1e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/doc/openssl/html/man7/x509.html @@ -0,0 +1,67 @@ + + + + +x509 + + + + + + + + + + +

NAME

+ +

x509 - X.509 certificate handling

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+ +

DESCRIPTION

+ +

An X.509 certificate is a structured grouping of information about an individual, a device, or anything one can imagine. A X.509 CRL (certificate revocation list) is a tool to help determine if a certificate is still valid. The exact definition of those can be found in the X.509 document from ITU-T, or in RFC3280 from PKIX. In OpenSSL, the type X509 is used to express such a certificate, and the type X509_CRL is used to express a CRL.

+ +

A related structure is a certificate request, defined in PKCS#10 from RSA Security, Inc, also reflected in RFC2896. In OpenSSL, the type X509_REQ is used to express such a certificate request.

+ +

To handle some complex parts of a certificate, there are the types X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express a certificate attributes), X509_EXTENSION (to express a certificate extension) and a few more.

+ +

Finally, there's the supertype X509_INFO, which can contain a CRL, a certificate and a corresponding private key.

+ +

X509_XXX, d2i_X509_XXX, and i2d_X509_XXX functions handle X.509 certificates, with some exceptions, shown below.

+ +

X509_CRL_XXX, d2i_X509_CRL_XXX, and i2d_X509_CRL_XXX functions handle X.509 CRLs.

+ +

X509_REQ_XXX, d2i_X509_REQ_XXX, and i2d_X509_REQ_XXX functions handle PKCS#10 certificate requests.

+ +

X509_NAME_XXX functions handle certificate names.

+ +

X509_ATTRIBUTE_XXX functions handle certificate attributes.

+ +

X509_EXTENSION_XXX functions handle certificate extensions.

+ +

SEE ALSO

+ +

X509_NAME_ENTRY_get_object(3), X509_NAME_add_entry_by_txt(3), X509_NAME_add_entry_by_NID(3), X509_NAME_print_ex(3), X509_NAME_new(3), d2i_X509(3), d2i_X509_ALGOR(3), d2i_X509_CRL(3), d2i_X509_NAME(3), d2i_X509_REQ(3), d2i_X509_SIG(3), X509v3(3), crypto(7)

+ +

COPYRIGHT

+ +

Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/CA.pl.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/CA.pl.1 new file mode 100644 index 00000000..5806ee2a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/CA.pl.1 @@ -0,0 +1,341 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CA.PL 1" +.TH CA.PL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CA.pl \- friendlier interface for OpenSSL certificate programs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fB\s-1CA\s0.pl\fR +\&\fB\-?\fR | +\&\fB\-h\fR | +\&\fB\-help\fR +.PP +\&\fB\s-1CA\s0.pl\fR +\&\fB\-newcert\fR | +\&\fB\-newreq\fR | +\&\fB\-newreq\-nodes\fR | +\&\fB\-xsign\fR | +\&\fB\-sign\fR | +\&\fB\-signCA\fR | +\&\fB\-signcert\fR | +\&\fB\-crl\fR | +\&\fB\-newca\fR +[\fB\-extra\-cmd\fR extra\-params] +.PP +\&\fB\s-1CA\s0.pl\fR \fB\-pkcs12\fR [\fB\-extra\-pkcs12\fR extra\-params] [\fBcertname\fR] +.PP +\&\fB\s-1CA\s0.pl\fR \fB\-verify\fR [\fB\-extra\-verify\fR extra\-params] \fBcertfile\fR... +.PP +\&\fB\s-1CA\s0.pl\fR \fB\-revoke\fR [\fB\-extra\-ca\fR extra\-params] \fBcertfile\fR [\fBreason\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1CA\s0.pl\fR script is a perl script that supplies the relevant command line +arguments to the \fBopenssl\fR command for some common certificate operations. +It is intended to simplify the process of certificate creation and management +by the use of some simple options. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB?\fR, \fB\-h\fR, \fB\-help\fR" 4 +.IX Item "?, -h, -help" +Prints a usage message. +.IP "\fB\-newcert\fR" 4 +.IX Item "-newcert" +Creates a new self signed certificate. The private key is written to the file +\&\*(L"newkey.pem\*(R" and the request written to the file \*(L"newreq.pem\*(R". +This argument invokes \fBopenssl req\fR command. +.IP "\fB\-newreq\fR" 4 +.IX Item "-newreq" +Creates a new certificate request. The private key is written to the file +\&\*(L"newkey.pem\*(R" and the request written to the file \*(L"newreq.pem\*(R". +Executes \fBopenssl req\fR command below the hood. +.IP "\fB\-newreq\-nodes\fR" 4 +.IX Item "-newreq-nodes" +Is like \fB\-newreq\fR except that the private key will not be encrypted. +Uses \fBopenssl req\fR command. +.IP "\fB\-newca\fR" 4 +.IX Item "-newca" +Creates a new \s-1CA\s0 hierarchy for use with the \fBca\fR program (or the \fB\-signcert\fR +and \fB\-xsign\fR options). The user is prompted to enter the filename of the \s-1CA\s0 +certificates (which should also contain the private key) or by hitting \s-1ENTER\s0 +details of the \s-1CA\s0 will be prompted for. The relevant files and directories +are created in a directory called \*(L"demoCA\*(R" in the current directory. +\&\fBopenssl req\fR and \fBopenssl ca\fR commands are get invoked. +.IP "\fB\-pkcs12\fR" 4 +.IX Item "-pkcs12" +Create a PKCS#12 file containing the user certificate, private key and \s-1CA\s0 +certificate. It expects the user certificate and private key to be in the +file \*(L"newcert.pem\*(R" and the \s-1CA\s0 certificate to be in the file demoCA/cacert.pem, +it creates a file \*(L"newcert.p12\*(R". This command can thus be called after the +\&\fB\-sign\fR option. The PKCS#12 file can be imported directly into a browser. +If there is an additional argument on the command line it will be used as the +\&\*(L"friendly name\*(R" for the certificate (which is typically displayed in the browser +list box), otherwise the name \*(L"My Certificate\*(R" is used. +Delegates work to \fBopenssl pkcs12\fR command. +.IP "\fB\-sign\fR, \fB\-signcert\fR, \fB\-xsign\fR" 4 +.IX Item "-sign, -signcert, -xsign" +Calls the \fBca\fR program to sign a certificate request. It expects the request +to be in the file \*(L"newreq.pem\*(R". The new certificate is written to the file +\&\*(L"newcert.pem\*(R" except in the case of the \fB\-xsign\fR option when it is written +to standard output. Leverages \fBopenssl ca\fR command. +.IP "\fB\-signCA\fR" 4 +.IX Item "-signCA" +This option is the same as the \fB\-signreq\fR option except it uses the +configuration file section \fBv3_ca\fR and so makes the signed request a +valid \s-1CA\s0 certificate. This is useful when creating intermediate \s-1CA\s0 from +a root \s-1CA.\s0 Extra params are passed on to \fBopenssl ca\fR command. +.IP "\fB\-signcert\fR" 4 +.IX Item "-signcert" +This option is the same as \fB\-sign\fR except it expects a self signed certificate +to be present in the file \*(L"newreq.pem\*(R". +Extra params are passed on to \fBopenssl x509\fR and \fBopenssl ca\fR commands. +.IP "\fB\-crl\fR" 4 +.IX Item "-crl" +Generate a \s-1CRL.\s0 Executes \fBopenssl ca\fR command. +.IP "\fB\-revoke certfile [reason]\fR" 4 +.IX Item "-revoke certfile [reason]" +Revoke the certificate contained in the specified \fBcertfile\fR. An optional +reason may be specified, and must be one of: \fBunspecified\fR, +\&\fBkeyCompromise\fR, \fBCACompromise\fR, \fBaffiliationChanged\fR, \fBsuperseded\fR, +\&\fBcessationOfOperation\fR, \fBcertificateHold\fR, or \fBremoveFromCRL\fR. +Leverages \fBopenssl ca\fR command. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verifies certificates against the \s-1CA\s0 certificate for \*(L"demoCA\*(R". If no +certificates are specified on the command line it tries to verify the file +\&\*(L"newcert.pem\*(R". Invokes \fBopenssl verify\fR command. +.IP "\fB\-extra\-req\fR | \fB\-extra\-ca\fR | \fB\-extra\-pkcs12\fR | \fB\-extra\-x509\fR | \fB\-extra\-verify\fR " 4 +.IX Item "-extra-req | -extra-ca | -extra-pkcs12 | -extra-x509 | -extra-verify " +The purpose of these parameters is to allow optional parameters to be supplied +to \fBopenssl\fR that this command executes. The \fB\-extra\-cmd\fR are specific to the +option being used and the \fBopenssl\fR command getting invoked. For example +when this command invokes \fBopenssl req\fR extra parameters can be passed on +with the \fB\-extra\-req\fR parameter. The +\&\fBopenssl\fR commands being invoked per option are documented below. +Users should consult \fBopenssl\fR command documentation for more information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a \s-1CA\s0 hierarchy: +.PP +.Vb 1 +\& CA.pl \-newca +.Ve +.PP +Complete certificate creation example: create a \s-1CA,\s0 create a request, sign +the request and finally create a PKCS#12 file containing it. +.PP +.Vb 4 +\& CA.pl \-newca +\& CA.pl \-newreq +\& CA.pl \-signreq +\& CA.pl \-pkcs12 "My Test Certificate" +.Ve +.SH "DSA CERTIFICATES" +.IX Header "DSA CERTIFICATES" +Although the \fB\s-1CA\s0.pl\fR creates \s-1RSA\s0 CAs and requests it is still possible to +use it with \s-1DSA\s0 certificates and requests using the \fBreq\fR\|(1) command +directly. The following example shows the steps that would typically be taken. +.PP +Create some \s-1DSA\s0 parameters: +.PP +.Vb 1 +\& openssl dsaparam \-out dsap.pem 1024 +.Ve +.PP +Create a \s-1DSA CA\s0 certificate and private key: +.PP +.Vb 1 +\& openssl req \-x509 \-newkey dsa:dsap.pem \-keyout cacert.pem \-out cacert.pem +.Ve +.PP +Create the \s-1CA\s0 directories and files: +.PP +.Vb 1 +\& CA.pl \-newca +.Ve +.PP +enter cacert.pem when prompted for the \s-1CA\s0 file name. +.PP +Create a \s-1DSA\s0 certificate request and private key (a different set of parameters +can optionally be created first): +.PP +.Vb 1 +\& openssl req \-out newreq.pem \-newkey dsa:dsap.pem +.Ve +.PP +Sign the request: +.PP +.Vb 1 +\& CA.pl \-signreq +.Ve +.SH "NOTES" +.IX Header "NOTES" +Most of the filenames mentioned can be modified by editing the \fB\s-1CA\s0.pl\fR script. +.PP +If the demoCA directory already exists then the \fB\-newca\fR command will not +overwrite it and will do nothing. This can happen if a previous call using +the \fB\-newca\fR option terminated abnormally. To get the correct behaviour +delete the demoCA directory if it already exists. +.PP +Under some environments it may not be possible to run the \fB\s-1CA\s0.pl\fR script +directly (for example Win32) and the default configuration file location may +be wrong. In this case the command: +.PP +.Vb 1 +\& perl \-S CA.pl +.Ve +.PP +can be used and the \fB\s-1OPENSSL_CONF\s0\fR environment variable changed to point to +the correct path of the configuration file. +.PP +The script is intended as a simple front end for the \fBopenssl\fR program for use +by a beginner. Its behaviour isn't always what is wanted. For more control over the +behaviour of the certificate commands call the \fBopenssl\fR command directly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBreq\fR\|(1), \fBpkcs12\fR\|(1), +\&\fBconfig\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/asn1parse.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/asn1parse.1 new file mode 100644 index 00000000..2508fc3b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/asn1parse.1 @@ -0,0 +1,339 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1PARSE 1" +.TH ASN1PARSE 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-asn1parse, asn1parse \- ASN.1 parsing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBasn1parse\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-noout\fR] +[\fB\-offset number\fR] +[\fB\-length number\fR] +[\fB\-i\fR] +[\fB\-oid filename\fR] +[\fB\-dump\fR] +[\fB\-dlimit num\fR] +[\fB\-strparse offset\fR] +[\fB\-genstr string\fR] +[\fB\-genconf file\fR] +[\fB\-strictpem\fR] +[\fB\-item name\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN.1\s0 +structures. It can also be used to extract data from \s-1ASN.1\s0 formatted data. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fBDER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +The input format. \fB\s-1DER\s0\fR is binary format and \fB\s-1PEM\s0\fR (the default) is base64 +encoded. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +The input file, default is standard input. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Output file to place the \s-1DER\s0 encoded data into. If this +option is not present then no data will be output. This is most useful when +combined with the \fB\-strparse\fR option. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the parsed version of the input file. +.IP "\fB\-offset number\fR" 4 +.IX Item "-offset number" +Starting offset to begin parsing, default is start of file. +.IP "\fB\-length number\fR" 4 +.IX Item "-length number" +Number of bytes to parse, default is until end of file. +.IP "\fB\-i\fR" 4 +.IX Item "-i" +Indents the output according to the \*(L"depth\*(R" of the structures. +.IP "\fB\-oid filename\fR" 4 +.IX Item "-oid filename" +A file containing additional \s-1OBJECT\s0 IDENTIFIERs (OIDs). The format of this +file is described in the \s-1NOTES\s0 section below. +.IP "\fB\-dump\fR" 4 +.IX Item "-dump" +Dump unknown data in hex format. +.IP "\fB\-dlimit num\fR" 4 +.IX Item "-dlimit num" +Like \fB\-dump\fR, but only the first \fBnum\fR bytes are output. +.IP "\fB\-strparse offset\fR" 4 +.IX Item "-strparse offset" +Parse the contents octets of the \s-1ASN.1\s0 object starting at \fBoffset\fR. This +option can be used multiple times to \*(L"drill down\*(R" into a nested structure. +.IP "\fB\-genstr string\fR, \fB\-genconf file\fR" 4 +.IX Item "-genstr string, -genconf file" +Generate encoded data based on \fBstring\fR, \fBfile\fR or both using +\&\fBASN1_generate_nconf\fR\|(3) format. If \fBfile\fR only is +present then the string is obtained from the default section using the name +\&\fBasn1\fR. The encoded data is passed through the \s-1ASN1\s0 parser and printed out as +though it came from a file, the contents can thus be examined and written to a +file using the \fBout\fR option. +.IP "\fB\-strictpem\fR" 4 +.IX Item "-strictpem" +If this option is used then \fB\-inform\fR will be ignored. Without this option any +data in a \s-1PEM\s0 format input file will be treated as being base64 encoded and +processed whether it has the normal \s-1PEM BEGIN\s0 and \s-1END\s0 markers or not. This +option will ignore any data prior to the start of the \s-1BEGIN\s0 marker, or after an +\&\s-1END\s0 marker in a \s-1PEM\s0 file. +.IP "\fB\-item name\fR" 4 +.IX Item "-item name" +Attempt to decode and print the data as \fB\s-1ASN1_ITEM\s0 name\fR. This can be used to +print out the fields of any supported \s-1ASN.1\s0 structure if the type is known. +.SS "Output" +.IX Subsection "Output" +The output will typically contain lines like this: +.PP +.Vb 1 +\& 0:d=0 hl=4 l= 681 cons: SEQUENCE +.Ve +.PP +\&..... +.PP +.Vb 10 +\& 229:d=3 hl=3 l= 141 prim: BIT STRING +\& 373:d=2 hl=3 l= 162 cons: cont [ 3 ] +\& 376:d=3 hl=3 l= 159 cons: SEQUENCE +\& 379:d=4 hl=2 l= 29 cons: SEQUENCE +\& 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier +\& 386:d=5 hl=2 l= 22 prim: OCTET STRING +\& 410:d=4 hl=2 l= 112 cons: SEQUENCE +\& 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier +\& 417:d=5 hl=2 l= 105 prim: OCTET STRING +\& 524:d=4 hl=2 l= 12 cons: SEQUENCE +.Ve +.PP +\&..... +.PP +This example is part of a self-signed certificate. Each line starts with the +offset in decimal. \fBd=XX\fR specifies the current depth. The depth is increased +within the scope of any \s-1SET\s0 or \s-1SEQUENCE.\s0 \fBhl=XX\fR gives the header length +(tag and length octets) of the current type. \fBl=XX\fR gives the length of +the contents octets. +.PP +The \fB\-i\fR option can be used to make the output more readable. +.PP +Some knowledge of the \s-1ASN.1\s0 structure is needed to interpret the output. +.PP +In this example the \s-1BIT STRING\s0 at offset 229 is the certificate public key. +The contents octets of this will contain the public key information. This can +be examined using the option \fB\-strparse 229\fR to yield: +.PP +.Vb 3 +\& 0:d=0 hl=3 l= 137 cons: SEQUENCE +\& 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 +\& 135:d=1 hl=2 l= 3 prim: INTEGER :010001 +.Ve +.SH "NOTES" +.IX Header "NOTES" +If an \s-1OID\s0 is not part of OpenSSL's internal table it will be represented in +numerical form (for example 1.2.3.4). The file passed to the \fB\-oid\fR option +allows additional OIDs to be included. Each line consists of three columns, +the first column is the \s-1OID\s0 in numerical format and should be followed by white +space. The second column is the \*(L"short name\*(R" which is a single word followed +by white space. The final column is the rest of the line and is the +\&\*(L"long name\*(R". \fBasn1parse\fR displays the long name. Example: +.PP +\&\f(CW\*(C`1.2.3.4 shortName A long name\*(C'\fR +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Parse a file: +.PP +.Vb 1 +\& openssl asn1parse \-in file.pem +.Ve +.PP +Parse a \s-1DER\s0 file: +.PP +.Vb 1 +\& openssl asn1parse \-inform DER \-in file.der +.Ve +.PP +Generate a simple UTF8String: +.PP +.Vb 1 +\& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq +.Ve +.PP +Generate and write out a UTF8String, don't print parsed output: +.PP +.Vb 1 +\& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq \-noout \-out utf8.der +.Ve +.PP +Generate using a config file: +.PP +.Vb 1 +\& openssl asn1parse \-genconf asn1.cnf \-noout \-out asn1.der +.Ve +.PP +Example config file: +.PP +.Vb 1 +\& asn1=SEQUENCE:seq_sect +\& +\& [seq_sect] +\& +\& field1=BOOL:TRUE +\& field2=EXP:0, UTF8:some random string +.Ve +.SH "BUGS" +.IX Header "BUGS" +There should be options to change the format of output lines. The output of some +\&\s-1ASN.1\s0 types is not well handled (if at all). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBASN1_generate_nconf\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ca.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ca.1 new file mode 100644 index 00000000..0c6c0520 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ca.1 @@ -0,0 +1,823 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CA 1" +.TH CA 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ca, ca \- sample minimal CA application +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBca\fR +[\fB\-help\fR] +[\fB\-verbose\fR] +[\fB\-config filename\fR] +[\fB\-name section\fR] +[\fB\-gencrl\fR] +[\fB\-revoke file\fR] +[\fB\-valid file\fR] +[\fB\-status serial\fR] +[\fB\-updatedb\fR] +[\fB\-crl_reason reason\fR] +[\fB\-crl_hold instruction\fR] +[\fB\-crl_compromise time\fR] +[\fB\-crl_CA_compromise time\fR] +[\fB\-crldays days\fR] +[\fB\-crlhours hours\fR] +[\fB\-crlexts section\fR] +[\fB\-startdate date\fR] +[\fB\-enddate date\fR] +[\fB\-days arg\fR] +[\fB\-md arg\fR] +[\fB\-policy arg\fR] +[\fB\-keyfile arg\fR] +[\fB\-keyform PEM|DER\fR] +[\fB\-key arg\fR] +[\fB\-passin arg\fR] +[\fB\-cert file\fR] +[\fB\-selfsign\fR] +[\fB\-in file\fR] +[\fB\-out file\fR] +[\fB\-notext\fR] +[\fB\-outdir dir\fR] +[\fB\-infiles\fR] +[\fB\-spkac file\fR] +[\fB\-ss_cert file\fR] +[\fB\-preserveDN\fR] +[\fB\-noemailDN\fR] +[\fB\-batch\fR] +[\fB\-msie_hack\fR] +[\fB\-extensions section\fR] +[\fB\-extfile section\fR] +[\fB\-engine id\fR] +[\fB\-subj arg\fR] +[\fB\-utf8\fR] +[\fB\-sigopt nm:v\fR] +[\fB\-create_serial\fR] +[\fB\-rand_serial\fR] +[\fB\-multivalue\-rdn\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBca\fR command is a minimal \s-1CA\s0 application. It can be used +to sign certificate requests in a variety of forms and generate +CRLs it also maintains a text database of issued certificates +and their status. +.PP +The options descriptions will be divided into each purpose. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +This prints extra details about the operations being performed. +.IP "\fB\-config filename\fR" 4 +.IX Item "-config filename" +Specifies the configuration file to use. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). +.IP "\fB\-name section\fR" 4 +.IX Item "-name section" +Specifies the configuration file section to use (overrides +\&\fBdefault_ca\fR in the \fBca\fR section). +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +An input filename containing a single certificate request to be +signed by the \s-1CA.\s0 +.IP "\fB\-ss_cert filename\fR" 4 +.IX Item "-ss_cert filename" +A single self-signed certificate to be signed by the \s-1CA.\s0 +.IP "\fB\-spkac filename\fR" 4 +.IX Item "-spkac filename" +A file containing a single Netscape signed public key and challenge +and additional field values to be signed by the \s-1CA.\s0 See the \fB\s-1SPKAC FORMAT\s0\fR +section for information on the required input and output format. +.IP "\fB\-infiles\fR" 4 +.IX Item "-infiles" +If present this should be the last option, all subsequent arguments +are taken as the names of files containing certificate requests. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +The output file to output certificates to. The default is standard +output. The certificate details will also be printed out to this +file in \s-1PEM\s0 format (except that \fB\-spkac\fR outputs \s-1DER\s0 format). +.IP "\fB\-outdir directory\fR" 4 +.IX Item "-outdir directory" +The directory to output certificates to. The certificate will be +written to a filename consisting of the serial number in hex with +\&\*(L".pem\*(R" appended. +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +The \s-1CA\s0 certificate file. +.IP "\fB\-keyfile filename\fR" 4 +.IX Item "-keyfile filename" +The private key to sign requests with. +.IP "\fB\-keyform PEM|DER\fR" 4 +.IX Item "-keyform PEM|DER" +The format of the data in the private key file. +The default is \s-1PEM.\s0 +.IP "\fB\-sigopt nm:v\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-key password\fR" 4 +.IX Item "-key password" +The password used to encrypt the private key. Since on some +systems the command line arguments are visible (e.g. Unix with +the 'ps' utility) this option should be used with caution. +.IP "\fB\-selfsign\fR" 4 +.IX Item "-selfsign" +Indicates the issued certificates are to be signed with the key +the certificate requests were signed with (given with \fB\-keyfile\fR). +Certificate requests signed with a different key are ignored. If +\&\fB\-spkac\fR, \fB\-ss_cert\fR or \fB\-gencrl\fR are given, \fB\-selfsign\fR is +ignored. +.Sp +A consequence of using \fB\-selfsign\fR is that the self-signed +certificate appears among the entries in the certificate database +(see the configuration option \fBdatabase\fR), and uses the same +serial number counter as all other certificates sign with the +self-signed certificate. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-notext\fR" 4 +.IX Item "-notext" +Don't output the text form of a certificate to the output file. +.IP "\fB\-startdate date\fR" 4 +.IX Item "-startdate date" +This allows the start date to be explicitly set. The format of the +date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure), or +\&\s-1YYYYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 GeneralizedTime structure). In +both formats, seconds \s-1SS\s0 and timezone Z must be present. +.IP "\fB\-enddate date\fR" 4 +.IX Item "-enddate date" +This allows the expiry date to be explicitly set. The format of the +date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure), or +\&\s-1YYYYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 GeneralizedTime structure). In +both formats, seconds \s-1SS\s0 and timezone Z must be present. +.IP "\fB\-days arg\fR" 4 +.IX Item "-days arg" +The number of days to certify the certificate for. +.IP "\fB\-md alg\fR" 4 +.IX Item "-md alg" +The message digest to use. +Any digest supported by the OpenSSL \fBdgst\fR command can be used. For signing +algorithms that do not support a digest (i.e. Ed25519 and Ed448) any message +digest that is set is ignored. This option also applies to CRLs. +.IP "\fB\-policy arg\fR" 4 +.IX Item "-policy arg" +This option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in +the configuration file which decides which fields should be mandatory +or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY FORMAT\s0\fR section +for more information. +.IP "\fB\-msie_hack\fR" 4 +.IX Item "-msie_hack" +This is a deprecated option to make \fBca\fR work with very old versions of +the \s-1IE\s0 certificate enrollment control \*(L"certenr3\*(R". It used UniversalStrings +for almost everything. Since the old control has various security bugs +its use is strongly discouraged. +.IP "\fB\-preserveDN\fR" 4 +.IX Item "-preserveDN" +Normally the \s-1DN\s0 order of a certificate is the same as the order of the +fields in the relevant policy section. When this option is set the order +is the same as the request. This is largely for compatibility with the +older \s-1IE\s0 enrollment control which would only accept certificates if their +DNs match the order of the request. This is not needed for Xenroll. +.IP "\fB\-noemailDN\fR" 4 +.IX Item "-noemailDN" +The \s-1DN\s0 of a certificate can contain the \s-1EMAIL\s0 field if present in the +request \s-1DN,\s0 however it is good policy just having the e\-mail set into +the altName extension of the certificate. When this option is set the +\&\s-1EMAIL\s0 field is removed from the certificate' subject and set only in +the, eventually present, extensions. The \fBemail_in_dn\fR keyword can be +used in the configuration file to enable this behaviour. +.IP "\fB\-batch\fR" 4 +.IX Item "-batch" +This sets the batch mode. In this mode no questions will be asked +and all certificates will be certified automatically. +.IP "\fB\-extensions section\fR" 4 +.IX Item "-extensions section" +The section of the configuration file containing certificate extensions +to be added when a certificate is issued (defaults to \fBx509_extensions\fR +unless the \fB\-extfile\fR option is used). If no extension section is +present then, a V1 certificate is created. If the extension section +is present (even if it is empty), then a V3 certificate is created. See the +\&\fBx509v3_config\fR\|(5) manual page for details of the +extension section format. +.IP "\fB\-extfile file\fR" 4 +.IX Item "-extfile file" +An additional configuration file to read certificate extensions from +(using the default section unless the \fB\-extensions\fR option is also +used). +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBca\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-subj arg\fR" 4 +.IX Item "-subj arg" +Supersedes subject name given in the request. +The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR. +Keyword characters may be escaped by \e (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the resulting certificate. +.IP "\fB\-utf8\fR" 4 +.IX Item "-utf8" +This option causes field values to be interpreted as \s-1UTF8\s0 strings, by +default they are interpreted as \s-1ASCII.\s0 This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid \s-1UTF8\s0 strings. +.IP "\fB\-create_serial\fR" 4 +.IX Item "-create_serial" +If reading serial from the text file as specified in the configuration +fails, specifying this option creates a new random serial to be used as next +serial number. +To get random serial numbers, use the \fB\-rand_serial\fR flag instead; this +should only be used for simple error-recovery. +.IP "\fB\-rand_serial\fR" 4 +.IX Item "-rand_serial" +Generate a large random number to use as the serial number. +This overrides any option or configuration to use a serial number file. +.IP "\fB\-multivalue\-rdn\fR" 4 +.IX Item "-multivalue-rdn" +This option causes the \-subj argument to be interpreted with full +support for multivalued RDNs. Example: +.Sp +\&\fI/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe\fR +.Sp +If \-multi\-rdn is not used then the \s-1UID\s0 value is \fI123456+CN=John Doe\fR. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.SH "CRL OPTIONS" +.IX Header "CRL OPTIONS" +.IP "\fB\-gencrl\fR" 4 +.IX Item "-gencrl" +This option generates a \s-1CRL\s0 based on information in the index file. +.IP "\fB\-crldays num\fR" 4 +.IX Item "-crldays num" +The number of days before the next \s-1CRL\s0 is due. That is the days from +now to place in the \s-1CRL\s0 nextUpdate field. +.IP "\fB\-crlhours num\fR" 4 +.IX Item "-crlhours num" +The number of hours before the next \s-1CRL\s0 is due. +.IP "\fB\-revoke filename\fR" 4 +.IX Item "-revoke filename" +A filename containing a certificate to revoke. +.IP "\fB\-valid filename\fR" 4 +.IX Item "-valid filename" +A filename containing a certificate to add a Valid certificate entry. +.IP "\fB\-status serial\fR" 4 +.IX Item "-status serial" +Displays the revocation status of the certificate with the specified +serial number and exits. +.IP "\fB\-updatedb\fR" 4 +.IX Item "-updatedb" +Updates the database index to purge expired certificates. +.IP "\fB\-crl_reason reason\fR" 4 +.IX Item "-crl_reason reason" +Revocation reason, where \fBreason\fR is one of: \fBunspecified\fR, \fBkeyCompromise\fR, +\&\fBCACompromise\fR, \fBaffiliationChanged\fR, \fBsuperseded\fR, \fBcessationOfOperation\fR, +\&\fBcertificateHold\fR or \fBremoveFromCRL\fR. The matching of \fBreason\fR is case +insensitive. Setting any revocation reason will make the \s-1CRL\s0 v2. +.Sp +In practice \fBremoveFromCRL\fR is not particularly useful because it is only used +in delta CRLs which are not currently implemented. +.IP "\fB\-crl_hold instruction\fR" 4 +.IX Item "-crl_hold instruction" +This sets the \s-1CRL\s0 revocation reason code to \fBcertificateHold\fR and the hold +instruction to \fBinstruction\fR which must be an \s-1OID.\s0 Although any \s-1OID\s0 can be +used only \fBholdInstructionNone\fR (the use of which is discouraged by \s-1RFC2459\s0) +\&\fBholdInstructionCallIssuer\fR or \fBholdInstructionReject\fR will normally be used. +.IP "\fB\-crl_compromise time\fR" 4 +.IX Item "-crl_compromise time" +This sets the revocation reason to \fBkeyCompromise\fR and the compromise time to +\&\fBtime\fR. \fBtime\fR should be in GeneralizedTime format that is \fB\s-1YYYYMMDDHHMMSSZ\s0\fR. +.IP "\fB\-crl_CA_compromise time\fR" 4 +.IX Item "-crl_CA_compromise time" +This is the same as \fBcrl_compromise\fR except the revocation reason is set to +\&\fBCACompromise\fR. +.IP "\fB\-crlexts section\fR" 4 +.IX Item "-crlexts section" +The section of the configuration file containing \s-1CRL\s0 extensions to +include. If no \s-1CRL\s0 extension section is present then a V1 \s-1CRL\s0 is +created, if the \s-1CRL\s0 extension section is present (even if it is +empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are +\&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions. It should be noted +that some software (for example Netscape) can't handle V2 CRLs. See +\&\fBx509v3_config\fR\|(5) manual page for details of the +extension section format. +.SH "CONFIGURATION FILE OPTIONS" +.IX Header "CONFIGURATION FILE OPTIONS" +The section of the configuration file containing options for \fBca\fR +is found as follows: If the \fB\-name\fR command line option is used, +then it names the section to be used. Otherwise the section to +be used must be named in the \fBdefault_ca\fR option of the \fBca\fR section +of the configuration file (or in the default section of the +configuration file). Besides \fBdefault_ca\fR, the following options are +read directly from the \fBca\fR section: + \s-1RANDFILE\s0 + preserve + msie_hack +With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may +change in future releases. +.PP +Many of the configuration file options are identical to command line +options. Where the option is present in the configuration file +and the command line the command line value is used. Where an +option is described as mandatory then it must be present in +the configuration file or the command line equivalent (if +any) used. +.IP "\fBoid_file\fR" 4 +.IX Item "oid_file" +This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. +.IP "\fBoid_section\fR" 4 +.IX Item "oid_section" +This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by \fB=\fR and the numerical form. The short +and long names are the same when this option is used. +.IP "\fBnew_certs_dir\fR" 4 +.IX Item "new_certs_dir" +The same as the \fB\-outdir\fR command line option. It specifies +the directory where new certificates will be placed. Mandatory. +.IP "\fBcertificate\fR" 4 +.IX Item "certificate" +The same as \fB\-cert\fR. It gives the file containing the \s-1CA\s0 +certificate. Mandatory. +.IP "\fBprivate_key\fR" 4 +.IX Item "private_key" +Same as the \fB\-keyfile\fR option. The file containing the +\&\s-1CA\s0 private key. Mandatory. +.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. +.IP "\fBdefault_days\fR" 4 +.IX Item "default_days" +The same as the \fB\-days\fR option. The number of days to certify +a certificate for. +.IP "\fBdefault_startdate\fR" 4 +.IX Item "default_startdate" +The same as the \fB\-startdate\fR option. The start date to certify +a certificate for. If not set the current time is used. +.IP "\fBdefault_enddate\fR" 4 +.IX Item "default_enddate" +The same as the \fB\-enddate\fR option. Either this option or +\&\fBdefault_days\fR (or the command line equivalents) must be +present. +.IP "\fBdefault_crl_hours default_crl_days\fR" 4 +.IX Item "default_crl_hours default_crl_days" +The same as the \fB\-crlhours\fR and the \fB\-crldays\fR options. These +will only be used if neither command line option is present. At +least one of these must be present to generate a \s-1CRL.\s0 +.IP "\fBdefault_md\fR" 4 +.IX Item "default_md" +The same as the \fB\-md\fR option. Mandatory except where the signing algorithm does +not require a digest (i.e. Ed25519 and Ed448). +.IP "\fBdatabase\fR" 4 +.IX Item "database" +The text database file to use. Mandatory. This file must be present +though initially it will be empty. +.IP "\fBunique_subject\fR" 4 +.IX Item "unique_subject" +If the value \fByes\fR is given, the valid certificate entries in the +database must have unique subjects. if the value \fBno\fR is given, +several valid certificate entries may have the exact same subject. +The default value is \fByes\fR, to be compatible with older (pre 0.9.8) +versions of OpenSSL. However, to make \s-1CA\s0 certificate roll-over easier, +it's recommended to use the value \fBno\fR, especially if combined with +the \fB\-selfsign\fR command line option. +.Sp +Note that it is valid in some circumstances for certificates to be created +without any subject. In the case where there are multiple certificates without +subjects this does not count as a duplicate. +.IP "\fBserial\fR" 4 +.IX Item "serial" +A text file containing the next serial number to use in hex. Mandatory. +This file must be present and contain a valid serial number. +.IP "\fBcrlnumber\fR" 4 +.IX Item "crlnumber" +A text file containing the next \s-1CRL\s0 number to use in hex. The crl number +will be inserted in the CRLs only if this file exists. If this file is +present, it must contain a valid \s-1CRL\s0 number. +.IP "\fBx509_extensions\fR" 4 +.IX Item "x509_extensions" +The same as \fB\-extensions\fR. +.IP "\fBcrl_extensions\fR" 4 +.IX Item "crl_extensions" +The same as \fB\-crlexts\fR. +.IP "\fBpreserve\fR" 4 +.IX Item "preserve" +The same as \fB\-preserveDN\fR +.IP "\fBemail_in_dn\fR" 4 +.IX Item "email_in_dn" +The same as \fB\-noemailDN\fR. If you want the \s-1EMAIL\s0 field to be removed +from the \s-1DN\s0 of the certificate simply set this to 'no'. If not present +the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN.\s0 +.IP "\fBmsie_hack\fR" 4 +.IX Item "msie_hack" +The same as \fB\-msie_hack\fR +.IP "\fBpolicy\fR" 4 +.IX Item "policy" +The same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY FORMAT\s0\fR section +for more information. +.IP "\fBname_opt\fR, \fBcert_opt\fR" 4 +.IX Item "name_opt, cert_opt" +These options allow the format used to display the certificate details +when asking the user to confirm signing. All the options supported by +the \fBx509\fR utilities \fB\-nameopt\fR and \fB\-certopt\fR switches can be used +here, except the \fBno_signame\fR and \fBno_sigdump\fR are permanently set +and cannot be disabled (this is because the certificate signature cannot +be displayed because the certificate has not been signed at this point). +.Sp +For convenience the values \fBca_default\fR are accepted by both to produce +a reasonable output. +.Sp +If neither option is present the format used in earlier versions of +OpenSSL is used. Use of the old format is \fBstrongly\fR discouraged because +it only displays fields mentioned in the \fBpolicy\fR section, mishandles +multicharacter string types and does not display extensions. +.IP "\fBcopy_extensions\fR" 4 +.IX Item "copy_extensions" +Determines how extensions in certificate requests should be handled. +If set to \fBnone\fR or this option is not present then extensions are +ignored and not copied to the certificate. If set to \fBcopy\fR then any +extensions present in the request that are not already present are copied +to the certificate. If set to \fBcopyall\fR then all extensions in the +request are copied to the certificate: if the extension is already present +in the certificate it is deleted first. See the \fB\s-1WARNINGS\s0\fR section before +using this option. +.Sp +The main use of this option is to allow a certificate request to supply +values for certain extensions such as subjectAltName. +.SH "POLICY FORMAT" +.IX Header "POLICY FORMAT" +The policy section consists of a set of variables corresponding to +certificate \s-1DN\s0 fields. If the value is \*(L"match\*(R" then the field value +must match the same field in the \s-1CA\s0 certificate. If the value is +\&\*(L"supplied\*(R" then it must be present. If the value is \*(L"optional\*(R" then +it may be present. Any fields not mentioned in the policy section +are silently deleted, unless the \fB\-preserveDN\fR option is set but +this can be regarded more of a quirk than intended behaviour. +.SH "SPKAC FORMAT" +.IX Header "SPKAC FORMAT" +The input to the \fB\-spkac\fR command line option is a Netscape +signed public key and challenge. This will usually come from +the \fB\s-1KEYGEN\s0\fR tag in an \s-1HTML\s0 form to create a new private key. +It is however possible to create SPKACs using the \fBspkac\fR utility. +.PP +The file should contain the variable \s-1SPKAC\s0 set to the value of +the \s-1SPKAC\s0 and also the required \s-1DN\s0 components as name value pairs. +If you need to include the same component twice then it can be +preceded by a number and a '.'. +.PP +When processing \s-1SPKAC\s0 format, the output is \s-1DER\s0 if the \fB\-out\fR +flag is used, but \s-1PEM\s0 format if sending to stdout or the \fB\-outdir\fR +flag is used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Note: these examples assume that the \fBca\fR directory structure is +already set up and the relevant files already exist. This usually +involves creating a \s-1CA\s0 certificate and private key with \fBreq\fR, a +serial number file and an empty index file and placing them in +the relevant directories. +.PP +To use the sample configuration file below the directories demoCA, +demoCA/private and demoCA/newcerts would be created. The \s-1CA\s0 +certificate would be copied to demoCA/cacert.pem and its private +key to demoCA/private/cakey.pem. A file demoCA/serial would be +created containing for example \*(L"01\*(R" and the empty index file +demoCA/index.txt. +.PP +Sign a certificate request: +.PP +.Vb 1 +\& openssl ca \-in req.pem \-out newcert.pem +.Ve +.PP +Sign a certificate request, using \s-1CA\s0 extensions: +.PP +.Vb 1 +\& openssl ca \-in req.pem \-extensions v3_ca \-out newcert.pem +.Ve +.PP +Generate a \s-1CRL\s0 +.PP +.Vb 1 +\& openssl ca \-gencrl \-out crl.pem +.Ve +.PP +Sign several requests: +.PP +.Vb 1 +\& openssl ca \-infiles req1.pem req2.pem req3.pem +.Ve +.PP +Certify a Netscape \s-1SPKAC:\s0 +.PP +.Vb 1 +\& openssl ca \-spkac spkac.txt +.Ve +.PP +A sample \s-1SPKAC\s0 file (the \s-1SPKAC\s0 line has been truncated for clarity): +.PP +.Vb 5 +\& SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5 +\& CN=Steve Test +\& emailAddress=steve@openssl.org +\& 0.OU=OpenSSL Group +\& 1.OU=Another Group +.Ve +.PP +A sample configuration file with the relevant sections for \fBca\fR: +.PP +.Vb 2 +\& [ ca ] +\& default_ca = CA_default # The default ca section +\& +\& [ CA_default ] +\& +\& dir = ./demoCA # top dir +\& database = $dir/index.txt # index file. +\& new_certs_dir = $dir/newcerts # new certs dir +\& +\& certificate = $dir/cacert.pem # The CA cert +\& serial = $dir/serial # serial no file +\& #rand_serial = yes # for random serial#\*(Aqs +\& private_key = $dir/private/cakey.pem# CA private key +\& RANDFILE = $dir/private/.rand # random number file +\& +\& default_days = 365 # how long to certify for +\& default_crl_days= 30 # how long before next CRL +\& default_md = md5 # md to use +\& +\& policy = policy_any # default policy +\& email_in_dn = no # Don\*(Aqt add the email into cert DN +\& +\& name_opt = ca_default # Subject name display option +\& cert_opt = ca_default # Certificate display option +\& copy_extensions = none # Don\*(Aqt copy extensions from request +\& +\& [ policy_any ] +\& countryName = supplied +\& stateOrProvinceName = optional +\& organizationName = optional +\& organizationalUnitName = optional +\& commonName = supplied +\& emailAddress = optional +.Ve +.SH "FILES" +.IX Header "FILES" +Note: the location of all files can change either by compile time options, +configuration file entries, environment variables or command line options. +The values below reflect the default values. +.PP +.Vb 10 +\& /usr/local/ssl/lib/openssl.cnf \- master configuration file +\& ./demoCA \- main CA directory +\& ./demoCA/cacert.pem \- CA certificate +\& ./demoCA/private/cakey.pem \- CA private key +\& ./demoCA/serial \- CA serial number file +\& ./demoCA/serial.old \- CA serial number backup file +\& ./demoCA/index.txt \- CA text database file +\& ./demoCA/index.txt.old \- CA text database backup file +\& ./demoCA/certs \- certificate output file +\& ./demoCA/.rnd \- CA random seed information +.Ve +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +The text database index file is a critical part of the process and +if corrupted it can be difficult to fix. It is theoretically possible +to rebuild the index file from all the issued certificates and a current +\&\s-1CRL:\s0 however there is no option to do this. +.PP +V2 \s-1CRL\s0 features like delta CRLs are not currently supported. +.PP +Although several requests can be input and handled at once it is only +possible to include one \s-1SPKAC\s0 or self-signed certificate. +.SH "BUGS" +.IX Header "BUGS" +The use of an in-memory text database can cause problems when large +numbers of certificates are present because, as the name implies +the database has to be kept in memory. +.PP +The \fBca\fR command really needs rewriting or the required functionality +exposed at either a command or interface level so a more friendly utility +(perl script or \s-1GUI\s0) can handle things properly. The script +\&\fB\s-1CA\s0.pl\fR helps a little but not very much. +.PP +Any fields in a request that are not present in a policy are silently +deleted. This does not happen if the \fB\-preserveDN\fR option is used. To +enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN,\s0 as suggested by +RFCs, regardless the contents of the request' subject the \fB\-noemailDN\fR +option can be used. The behaviour should be more friendly and +configurable. +.PP +Canceling some commands by refusing to certify a certificate can +create an empty file. +.SH "WARNINGS" +.IX Header "WARNINGS" +The \fBca\fR command is quirky and at times downright unfriendly. +.PP +The \fBca\fR utility was originally meant as an example of how to do things +in a \s-1CA.\s0 It was not supposed to be used as a full blown \s-1CA\s0 itself: +nevertheless some people are using it for this purpose. +.PP +The \fBca\fR command is effectively a single user command: no locking is +done on the various files and attempts to run more than one \fBca\fR command +on the same database can have unpredictable results. +.PP +The \fBcopy_extensions\fR option should be used with caution. If care is +not taken then it can be a security risk. For example if a certificate +request contains a basicConstraints extension with \s-1CA:TRUE\s0 and the +\&\fBcopy_extensions\fR value is set to \fBcopyall\fR and the user does not spot +this when the certificate is displayed then this will hand the requester +a valid \s-1CA\s0 certificate. +.PP +This situation can be avoided by setting \fBcopy_extensions\fR to \fBcopy\fR +and including basicConstraints with \s-1CA:FALSE\s0 in the configuration file. +Then if the request contains a basicConstraints extension it will be +ignored. +.PP +It is advisable to also include values for other extensions such +as \fBkeyUsage\fR to prevent a request supplying its own values. +.PP +Additional restrictions can be placed on the \s-1CA\s0 certificate itself. +For example if the \s-1CA\s0 certificate has: +.PP +.Vb 1 +\& basicConstraints = CA:TRUE, pathlen:0 +.Ve +.PP +then even if a certificate is issued with \s-1CA:TRUE\s0 it will not be valid. +.SH "HISTORY" +.IX Header "HISTORY" +Since OpenSSL 1.1.1, the program follows \s-1RFC5280.\s0 Specifically, +certificate validity period (specified by any of \fB\-startdate\fR, +\&\fB\-enddate\fR and \fB\-days\fR) will be encoded as UTCTime if the dates are +earlier than year 2049 (included), and as GeneralizedTime if the dates +are in year 2050 or later. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBreq\fR\|(1), \fBspkac\fR\|(1), \fBx509\fR\|(1), \s-1\fBCA\s0.pl\fR\|(1), +\&\fBconfig\fR\|(5), \fBx509v3_config\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ciphers.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ciphers.1 new file mode 100644 index 00000000..9eb5bb0a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ciphers.1 @@ -0,0 +1,868 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CIPHERS 1" +.TH CIPHERS 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ciphers, ciphers \- SSL cipher display and cipher list tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBciphers\fR +[\fB\-help\fR] +[\fB\-s\fR] +[\fB\-v\fR] +[\fB\-V\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-tls1_1\fR] +[\fB\-tls1_2\fR] +[\fB\-tls1_3\fR] +[\fB\-s\fR] +[\fB\-psk\fR] +[\fB\-srp\fR] +[\fB\-stdname\fR] +[\fB\-convert name\fR] +[\fB\-ciphersuites val\fR] +[\fBcipherlist\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBciphers\fR command converts textual OpenSSL cipher lists into ordered +\&\s-1SSL\s0 cipher preference lists. It can be used as a test tool to determine +the appropriate cipherlist. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print a usage message. +.IP "\fB\-s\fR" 4 +.IX Item "-s" +Only list supported ciphers: those consistent with the security level, and +minimum and maximum protocol version. This is closer to the actual cipher list +an application will support. +.Sp +\&\s-1PSK\s0 and \s-1SRP\s0 ciphers are not enabled by default: they require \fB\-psk\fR or \fB\-srp\fR +to enable them. +.Sp +It also does not change the default list of supported signature algorithms. +.Sp +On a server the list of supported ciphers might also exclude other ciphers +depending on the configured certificates and presence of \s-1DH\s0 parameters. +.Sp +If this option is not used then all ciphers that match the cipherlist will be +listed. +.IP "\fB\-psk\fR" 4 +.IX Item "-psk" +When combined with \fB\-s\fR includes cipher suites which require \s-1PSK.\s0 +.IP "\fB\-srp\fR" 4 +.IX Item "-srp" +When combined with \fB\-s\fR includes cipher suites which require \s-1SRP.\s0 +.IP "\fB\-v\fR" 4 +.IX Item "-v" +Verbose output: For each cipher suite, list details as provided by +\&\fBSSL_CIPHER_description\fR\|(3). +.IP "\fB\-V\fR" 4 +.IX Item "-V" +Like \fB\-v\fR, but include the official cipher suite values in hex. +.IP "\fB\-tls1_3\fR, \fB\-tls1_2\fR, \fB\-tls1_1\fR, \fB\-tls1\fR, \fB\-ssl3\fR" 4 +.IX Item "-tls1_3, -tls1_2, -tls1_1, -tls1, -ssl3" +In combination with the \fB\-s\fR option, list the ciphers which could be used if +the specified protocol were negotiated. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. +.IP "\fB\-stdname\fR" 4 +.IX Item "-stdname" +Precede each cipher suite by its standard name. +.IP "\fB\-convert name\fR" 4 +.IX Item "-convert name" +Convert a standard cipher \fBname\fR to its OpenSSL name. +.IP "\fB\-ciphersuites val\fR" 4 +.IX Item "-ciphersuites val" +Sets the list of TLSv1.3 ciphersuites. This list will be combined with any +TLSv1.2 and below ciphersuites that have been configured. The format for this +list is a simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. By +default this value is: +.Sp +.Vb 1 +\& TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +.Ve +.IP "\fBcipherlist\fR" 4 +.IX Item "cipherlist" +A cipher list of TLSv1.2 and below ciphersuites to convert to a cipher +preference list. This list will be combined with any TLSv1.3 ciphersuites that +have been configured. If it is not included then the default cipher list will be +used. The format is described below. +.SH "CIPHER LIST FORMAT" +.IX Header "CIPHER LIST FORMAT" +The cipher list consists of one or more \fIcipher strings\fR separated by colons. +Commas or spaces are also acceptable separators but colons are normally used. +.PP +The actual cipher string can take several different forms. +.PP +It can consist of a single cipher suite such as \fB\s-1RC4\-SHA\s0\fR. +.PP +It can represent a list of cipher suites containing a certain algorithm, or +cipher suites of a certain type. For example \fB\s-1SHA1\s0\fR represents all ciphers +suites using the digest algorithm \s-1SHA1\s0 and \fBSSLv3\fR represents all \s-1SSL\s0 v3 +algorithms. +.PP +Lists of cipher suites can be combined in a single cipher string using the +\&\fB+\fR character. This is used as a logical \fBand\fR operation. For example +\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0 +algorithms. +.PP +Each cipher string can be optionally preceded by the characters \fB!\fR, +\&\fB\-\fR or \fB+\fR. +.PP +If \fB!\fR is used then the ciphers are permanently deleted from the list. +The ciphers deleted can never reappear in the list even if they are +explicitly stated. +.PP +If \fB\-\fR is used then the ciphers are deleted from the list, but some or +all of the ciphers can be added again by later options. +.PP +If \fB+\fR is used then the ciphers are moved to the end of the list. This +option doesn't add any new ciphers it just moves matching existing ones. +.PP +If none of these characters is present then the string is just interpreted +as a list of ciphers to be appended to the current preference list. If the +list includes any ciphers already present they will be ignored: that is they +will not moved to the end of the list. +.PP +The cipher string \fB\f(CB@STRENGTH\fB\fR can be used at any point to sort the current +cipher list in order of encryption algorithm key length. +.PP +The cipher string \fB\f(CB@SECLEVEL\fB=n\fR can be used at any point to set the security +level to \fBn\fR, which should be a number between zero and five, inclusive. +See SSL_CTX_set_security_level for a description of what each level means. +.PP +The cipher list can be prefixed with the \fB\s-1DEFAULT\s0\fR keyword, which enables +the default cipher list as defined below. Unlike cipher strings, +this prefix may not be combined with other strings using \fB+\fR character. +For example, \fB\s-1DEFAULT+DES\s0\fR is not valid. +.PP +The content of the default list is determined at compile time and normally +corresponds to \fB\s-1ALL:\s0!COMPLEMENTOFDEFAULT:!eNULL\fR. +.SH "CIPHER STRINGS" +.IX Header "CIPHER STRINGS" +The following is a list of all permitted cipher strings and their meanings. +.IP "\fB\s-1COMPLEMENTOFDEFAULT\s0\fR" 4 +.IX Item "COMPLEMENTOFDEFAULT" +The ciphers included in \fB\s-1ALL\s0\fR, but not enabled by default. Currently +this includes all \s-1RC4\s0 and anonymous ciphers. Note that this rule does +not cover \fBeNULL\fR, which is not included by \fB\s-1ALL\s0\fR (use \fB\s-1COMPLEMENTOFALL\s0\fR if +necessary). Note that \s-1RC4\s0 based cipher suites are not built into OpenSSL by +default (see the enable-weak-ssl-ciphers option to Configure). +.IP "\fB\s-1ALL\s0\fR" 4 +.IX Item "ALL" +All cipher suites except the \fBeNULL\fR ciphers (which must be explicitly enabled +if needed). +As of OpenSSL 1.0.0, the \fB\s-1ALL\s0\fR cipher suites are sensibly ordered by default. +.IP "\fB\s-1COMPLEMENTOFALL\s0\fR" 4 +.IX Item "COMPLEMENTOFALL" +The cipher suites not enabled by \fB\s-1ALL\s0\fR, currently \fBeNULL\fR. +.IP "\fB\s-1HIGH\s0\fR" 4 +.IX Item "HIGH" +\&\*(L"High\*(R" encryption cipher suites. This currently means those with key lengths +larger than 128 bits, and some cipher suites with 128\-bit keys. +.IP "\fB\s-1MEDIUM\s0\fR" 4 +.IX Item "MEDIUM" +\&\*(L"Medium\*(R" encryption cipher suites, currently some of those using 128 bit +encryption. +.IP "\fB\s-1LOW\s0\fR" 4 +.IX Item "LOW" +\&\*(L"Low\*(R" encryption cipher suites, currently those using 64 or 56 bit +encryption algorithms but excluding export cipher suites. All these +cipher suites have been removed as of OpenSSL 1.1.0. +.IP "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4 +.IX Item "eNULL, NULL" +The \*(L"\s-1NULL\*(R"\s0 ciphers that is those offering no encryption. Because these offer no +encryption at all and are a security risk they are not enabled via either the +\&\fB\s-1DEFAULT\s0\fR or \fB\s-1ALL\s0\fR cipher strings. +Be careful when building cipherlists out of lower-level primitives such as +\&\fBkRSA\fR or \fBaECDSA\fR as these do overlap with the \fBeNULL\fR ciphers. When in +doubt, include \fB!eNULL\fR in your cipherlist. +.IP "\fBaNULL\fR" 4 +.IX Item "aNULL" +The cipher suites offering no authentication. This is currently the anonymous +\&\s-1DH\s0 algorithms and anonymous \s-1ECDH\s0 algorithms. These cipher suites are vulnerable +to \*(L"man in the middle\*(R" attacks and so their use is discouraged. +These are excluded from the \fB\s-1DEFAULT\s0\fR ciphers, but included in the \fB\s-1ALL\s0\fR +ciphers. +Be careful when building cipherlists out of lower-level primitives such as +\&\fBkDHE\fR or \fB\s-1AES\s0\fR as these do overlap with the \fBaNULL\fR ciphers. +When in doubt, include \fB!aNULL\fR in your cipherlist. +.IP "\fBkRSA\fR, \fBaRSA\fR, \fB\s-1RSA\s0\fR" 4 +.IX Item "kRSA, aRSA, RSA" +Cipher suites using \s-1RSA\s0 key exchange or authentication. \fB\s-1RSA\s0\fR is an alias for +\&\fBkRSA\fR. +.IP "\fBkDHr\fR, \fBkDHd\fR, \fBkDH\fR" 4 +.IX Item "kDHr, kDHd, kDH" +Cipher suites using static \s-1DH\s0 key agreement and \s-1DH\s0 certificates signed by CAs +with \s-1RSA\s0 and \s-1DSS\s0 keys or either respectively. +All these cipher suites have been removed in OpenSSL 1.1.0. +.IP "\fBkDHE\fR, \fBkEDH\fR, \fB\s-1DH\s0\fR" 4 +.IX Item "kDHE, kEDH, DH" +Cipher suites using ephemeral \s-1DH\s0 key agreement, including anonymous cipher +suites. +.IP "\fB\s-1DHE\s0\fR, \fB\s-1EDH\s0\fR" 4 +.IX Item "DHE, EDH" +Cipher suites using authenticated ephemeral \s-1DH\s0 key agreement. +.IP "\fB\s-1ADH\s0\fR" 4 +.IX Item "ADH" +Anonymous \s-1DH\s0 cipher suites, note that this does not include anonymous Elliptic +Curve \s-1DH\s0 (\s-1ECDH\s0) cipher suites. +.IP "\fBkEECDH\fR, \fBkECDHE\fR, \fB\s-1ECDH\s0\fR" 4 +.IX Item "kEECDH, kECDHE, ECDH" +Cipher suites using ephemeral \s-1ECDH\s0 key agreement, including anonymous +cipher suites. +.IP "\fB\s-1ECDHE\s0\fR, \fB\s-1EECDH\s0\fR" 4 +.IX Item "ECDHE, EECDH" +Cipher suites using authenticated ephemeral \s-1ECDH\s0 key agreement. +.IP "\fB\s-1AECDH\s0\fR" 4 +.IX Item "AECDH" +Anonymous Elliptic Curve Diffie-Hellman cipher suites. +.IP "\fBaDSS\fR, \fB\s-1DSS\s0\fR" 4 +.IX Item "aDSS, DSS" +Cipher suites using \s-1DSS\s0 authentication, i.e. the certificates carry \s-1DSS\s0 keys. +.IP "\fBaDH\fR" 4 +.IX Item "aDH" +Cipher suites effectively using \s-1DH\s0 authentication, i.e. the certificates carry +\&\s-1DH\s0 keys. +All these cipher suites have been removed in OpenSSL 1.1.0. +.IP "\fBaECDSA\fR, \fB\s-1ECDSA\s0\fR" 4 +.IX Item "aECDSA, ECDSA" +Cipher suites using \s-1ECDSA\s0 authentication, i.e. the certificates carry \s-1ECDSA\s0 +keys. +.IP "\fBTLSv1.2\fR, \fBTLSv1.0\fR, \fBSSLv3\fR" 4 +.IX Item "TLSv1.2, TLSv1.0, SSLv3" +Lists cipher suites which are only supported in at least \s-1TLS\s0 v1.2, \s-1TLS\s0 v1.0 or +\&\s-1SSL\s0 v3.0 respectively. +Note: there are no cipher suites specific to \s-1TLS\s0 v1.1. +Since this is only the minimum version, if, for example, TLSv1.0 is negotiated +then both TLSv1.0 and SSLv3.0 cipher suites are available. +.Sp +Note: these cipher strings \fBdo not\fR change the negotiated version of \s-1SSL\s0 or +\&\s-1TLS,\s0 they only affect the list of available cipher suites. +.IP "\fB\s-1AES128\s0\fR, \fB\s-1AES256\s0\fR, \fB\s-1AES\s0\fR" 4 +.IX Item "AES128, AES256, AES" +cipher suites using 128 bit \s-1AES, 256\s0 bit \s-1AES\s0 or either 128 or 256 bit \s-1AES.\s0 +.IP "\fB\s-1AESGCM\s0\fR" 4 +.IX Item "AESGCM" +\&\s-1AES\s0 in Galois Counter Mode (\s-1GCM\s0): these cipher suites are only supported +in \s-1TLS\s0 v1.2. +.IP "\fB\s-1AESCCM\s0\fR, \fB\s-1AESCCM8\s0\fR" 4 +.IX Item "AESCCM, AESCCM8" +\&\s-1AES\s0 in Cipher Block Chaining \- Message Authentication Mode (\s-1CCM\s0): these +cipher suites are only supported in \s-1TLS\s0 v1.2. \fB\s-1AESCCM\s0\fR references \s-1CCM\s0 +cipher suites using both 16 and 8 octet Integrity Check Value (\s-1ICV\s0) +while \fB\s-1AESCCM8\s0\fR only references 8 octet \s-1ICV.\s0 +.IP "\fB\s-1ARIA128\s0\fR, \fB\s-1ARIA256\s0\fR, \fB\s-1ARIA\s0\fR" 4 +.IX Item "ARIA128, ARIA256, ARIA" +Cipher suites using 128 bit \s-1ARIA, 256\s0 bit \s-1ARIA\s0 or either 128 or 256 bit +\&\s-1ARIA.\s0 +.IP "\fB\s-1CAMELLIA128\s0\fR, \fB\s-1CAMELLIA256\s0\fR, \fB\s-1CAMELLIA\s0\fR" 4 +.IX Item "CAMELLIA128, CAMELLIA256, CAMELLIA" +Cipher suites using 128 bit \s-1CAMELLIA, 256\s0 bit \s-1CAMELLIA\s0 or either 128 or 256 bit +\&\s-1CAMELLIA.\s0 +.IP "\fB\s-1CHACHA20\s0\fR" 4 +.IX Item "CHACHA20" +Cipher suites using ChaCha20. +.IP "\fB3DES\fR" 4 +.IX Item "3DES" +Cipher suites using triple \s-1DES.\s0 +.IP "\fB\s-1DES\s0\fR" 4 +.IX Item "DES" +Cipher suites using \s-1DES\s0 (not triple \s-1DES\s0). +All these cipher suites have been removed in OpenSSL 1.1.0. +.IP "\fB\s-1RC4\s0\fR" 4 +.IX Item "RC4" +Cipher suites using \s-1RC4.\s0 +.IP "\fB\s-1RC2\s0\fR" 4 +.IX Item "RC2" +Cipher suites using \s-1RC2.\s0 +.IP "\fB\s-1IDEA\s0\fR" 4 +.IX Item "IDEA" +Cipher suites using \s-1IDEA.\s0 +.IP "\fB\s-1SEED\s0\fR" 4 +.IX Item "SEED" +Cipher suites using \s-1SEED.\s0 +.IP "\fB\s-1MD5\s0\fR" 4 +.IX Item "MD5" +Cipher suites using \s-1MD5.\s0 +.IP "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4 +.IX Item "SHA1, SHA" +Cipher suites using \s-1SHA1.\s0 +.IP "\fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR" 4 +.IX Item "SHA256, SHA384" +Cipher suites using \s-1SHA256\s0 or \s-1SHA384.\s0 +.IP "\fBaGOST\fR" 4 +.IX Item "aGOST" +Cipher suites using \s-1GOST R 34.10\s0 (either 2001 or 94) for authentication +(needs an engine supporting \s-1GOST\s0 algorithms). +.IP "\fBaGOST01\fR" 4 +.IX Item "aGOST01" +Cipher suites using \s-1GOST R 34.10\-2001\s0 authentication. +.IP "\fBkGOST\fR" 4 +.IX Item "kGOST" +Cipher suites, using \s-1VKO 34.10\s0 key exchange, specified in the \s-1RFC 4357.\s0 +.IP "\fB\s-1GOST94\s0\fR" 4 +.IX Item "GOST94" +Cipher suites, using \s-1HMAC\s0 based on \s-1GOST R 34.11\-94.\s0 +.IP "\fB\s-1GOST89MAC\s0\fR" 4 +.IX Item "GOST89MAC" +Cipher suites using \s-1GOST 28147\-89 MAC\s0 \fBinstead of\fR \s-1HMAC.\s0 +.IP "\fB\s-1PSK\s0\fR" 4 +.IX Item "PSK" +All cipher suites using pre-shared keys (\s-1PSK\s0). +.IP "\fBkPSK\fR, \fBkECDHEPSK\fR, \fBkDHEPSK\fR, \fBkRSAPSK\fR" 4 +.IX Item "kPSK, kECDHEPSK, kDHEPSK, kRSAPSK" +Cipher suites using \s-1PSK\s0 key exchange, \s-1ECDHE_PSK, DHE_PSK\s0 or \s-1RSA_PSK.\s0 +.IP "\fBaPSK\fR" 4 +.IX Item "aPSK" +Cipher suites using \s-1PSK\s0 authentication (currently all \s-1PSK\s0 modes apart from +\&\s-1RSA_PSK\s0). +.IP "\fB\s-1SUITEB128\s0\fR, \fB\s-1SUITEB128ONLY\s0\fR, \fB\s-1SUITEB192\s0\fR" 4 +.IX Item "SUITEB128, SUITEB128ONLY, SUITEB192" +Enables suite B mode of operation using 128 (permitting 192 bit mode by peer) +128 bit (not permitting 192 bit by peer) or 192 bit level of security +respectively. +If used these cipherstrings should appear first in the cipher +list and anything after them is ignored. +Setting Suite B mode has additional consequences required to comply with +\&\s-1RFC6460.\s0 +In particular the supported signature algorithms is reduced to support only +\&\s-1ECDSA\s0 and \s-1SHA256\s0 or \s-1SHA384,\s0 only the elliptic curves P\-256 and P\-384 can be +used and only the two suite B compliant cipher suites +(\s-1ECDHE\-ECDSA\-AES128\-GCM\-SHA256\s0 and \s-1ECDHE\-ECDSA\-AES256\-GCM\-SHA384\s0) are +permissible. +.SH "CIPHER SUITE NAMES" +.IX Header "CIPHER SUITE NAMES" +The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the +relevant specification and their OpenSSL equivalents. It should be noted, +that several cipher suite names do not include the authentication used, +e.g. \s-1DES\-CBC3\-SHA.\s0 In these cases, \s-1RSA\s0 authentication is used. +.SS "\s-1SSL\s0 v3.0 cipher suites" +.IX Subsection "SSL v3.0 cipher suites" +.Vb 6 +\& SSL_RSA_WITH_NULL_MD5 NULL\-MD5 +\& SSL_RSA_WITH_NULL_SHA NULL\-SHA +\& SSL_RSA_WITH_RC4_128_MD5 RC4\-MD5 +\& SSL_RSA_WITH_RC4_128_SHA RC4\-SHA +\& SSL_RSA_WITH_IDEA_CBC_SHA IDEA\-CBC\-SHA +\& SSL_RSA_WITH_3DES_EDE_CBC_SHA DES\-CBC3\-SHA +\& +\& SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH\-DSS\-DES\-CBC3\-SHA +\& SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH\-RSA\-DES\-CBC3\-SHA +\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE\-DSS\-DES\-CBC3\-SHA +\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE\-RSA\-DES\-CBC3\-SHA +\& +\& SSL_DH_anon_WITH_RC4_128_MD5 ADH\-RC4\-MD5 +\& SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA +\& +\& SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. +\& SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. +\& SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. +.Ve +.SS "\s-1TLS\s0 v1.0 cipher suites" +.IX Subsection "TLS v1.0 cipher suites" +.Vb 6 +\& TLS_RSA_WITH_NULL_MD5 NULL\-MD5 +\& TLS_RSA_WITH_NULL_SHA NULL\-SHA +\& TLS_RSA_WITH_RC4_128_MD5 RC4\-MD5 +\& TLS_RSA_WITH_RC4_128_SHA RC4\-SHA +\& TLS_RSA_WITH_IDEA_CBC_SHA IDEA\-CBC\-SHA +\& TLS_RSA_WITH_3DES_EDE_CBC_SHA DES\-CBC3\-SHA +\& +\& TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. +\& TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. +\& TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE\-DSS\-DES\-CBC3\-SHA +\& TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE\-RSA\-DES\-CBC3\-SHA +\& +\& TLS_DH_anon_WITH_RC4_128_MD5 ADH\-RC4\-MD5 +\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA +.Ve +.SS "\s-1AES\s0 cipher suites from \s-1RFC3268,\s0 extending \s-1TLS\s0 v1.0" +.IX Subsection "AES cipher suites from RFC3268, extending TLS v1.0" +.Vb 2 +\& TLS_RSA_WITH_AES_128_CBC_SHA AES128\-SHA +\& TLS_RSA_WITH_AES_256_CBC_SHA AES256\-SHA +\& +\& TLS_DH_DSS_WITH_AES_128_CBC_SHA DH\-DSS\-AES128\-SHA +\& TLS_DH_DSS_WITH_AES_256_CBC_SHA DH\-DSS\-AES256\-SHA +\& TLS_DH_RSA_WITH_AES_128_CBC_SHA DH\-RSA\-AES128\-SHA +\& TLS_DH_RSA_WITH_AES_256_CBC_SHA DH\-RSA\-AES256\-SHA +\& +\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE\-DSS\-AES128\-SHA +\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE\-DSS\-AES256\-SHA +\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE\-RSA\-AES128\-SHA +\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE\-RSA\-AES256\-SHA +\& +\& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH\-AES128\-SHA +\& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH\-AES256\-SHA +.Ve +.SS "Camellia cipher suites from \s-1RFC4132,\s0 extending \s-1TLS\s0 v1.0" +.IX Subsection "Camellia cipher suites from RFC4132, extending TLS v1.0" +.Vb 2 +\& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128\-SHA +\& TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256\-SHA +\& +\& TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA DH\-DSS\-CAMELLIA128\-SHA +\& TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA DH\-DSS\-CAMELLIA256\-SHA +\& TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA DH\-RSA\-CAMELLIA128\-SHA +\& TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA DH\-RSA\-CAMELLIA256\-SHA +\& +\& TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE\-DSS\-CAMELLIA128\-SHA +\& TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE\-DSS\-CAMELLIA256\-SHA +\& TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE\-RSA\-CAMELLIA128\-SHA +\& TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE\-RSA\-CAMELLIA256\-SHA +\& +\& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH\-CAMELLIA128\-SHA +\& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH\-CAMELLIA256\-SHA +.Ve +.SS "\s-1SEED\s0 cipher suites from \s-1RFC4162,\s0 extending \s-1TLS\s0 v1.0" +.IX Subsection "SEED cipher suites from RFC4162, extending TLS v1.0" +.Vb 1 +\& TLS_RSA_WITH_SEED_CBC_SHA SEED\-SHA +\& +\& TLS_DH_DSS_WITH_SEED_CBC_SHA DH\-DSS\-SEED\-SHA +\& TLS_DH_RSA_WITH_SEED_CBC_SHA DH\-RSA\-SEED\-SHA +\& +\& TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE\-DSS\-SEED\-SHA +\& TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE\-RSA\-SEED\-SHA +\& +\& TLS_DH_anon_WITH_SEED_CBC_SHA ADH\-SEED\-SHA +.Ve +.SS "\s-1GOST\s0 cipher suites from draft-chudov-cryptopro-cptls, extending \s-1TLS\s0 v1.0" +.IX Subsection "GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0" +Note: these ciphers require an engine which including \s-1GOST\s0 cryptographic +algorithms, such as the \fBccgost\fR engine, included in the OpenSSL distribution. +.PP +.Vb 4 +\& TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94\-GOST89\-GOST89 +\& TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001\-GOST89\-GOST89 +\& TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94\-NULL\-GOST94 +\& TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001\-NULL\-GOST94 +.Ve +.SS "Additional Export 1024 and other cipher suites" +.IX Subsection "Additional Export 1024 and other cipher suites" +Note: these ciphers can also be used in \s-1SSL\s0 v3. +.PP +.Vb 1 +\& TLS_DHE_DSS_WITH_RC4_128_SHA DHE\-DSS\-RC4\-SHA +.Ve +.SS "Elliptic curve cipher suites." +.IX Subsection "Elliptic curve cipher suites." +.Vb 5 +\& TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE\-RSA\-NULL\-SHA +\& TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE\-RSA\-RC4\-SHA +\& TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE\-RSA\-DES\-CBC3\-SHA +\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE\-RSA\-AES128\-SHA +\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE\-RSA\-AES256\-SHA +\& +\& TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE\-ECDSA\-NULL\-SHA +\& TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE\-ECDSA\-RC4\-SHA +\& TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE\-ECDSA\-DES\-CBC3\-SHA +\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE\-ECDSA\-AES128\-SHA +\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE\-ECDSA\-AES256\-SHA +\& +\& TLS_ECDH_anon_WITH_NULL_SHA AECDH\-NULL\-SHA +\& TLS_ECDH_anon_WITH_RC4_128_SHA AECDH\-RC4\-SHA +\& TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH\-DES\-CBC3\-SHA +\& TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH\-AES128\-SHA +\& TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH\-AES256\-SHA +.Ve +.SS "\s-1TLS\s0 v1.2 cipher suites" +.IX Subsection "TLS v1.2 cipher suites" +.Vb 1 +\& TLS_RSA_WITH_NULL_SHA256 NULL\-SHA256 +\& +\& TLS_RSA_WITH_AES_128_CBC_SHA256 AES128\-SHA256 +\& TLS_RSA_WITH_AES_256_CBC_SHA256 AES256\-SHA256 +\& TLS_RSA_WITH_AES_128_GCM_SHA256 AES128\-GCM\-SHA256 +\& TLS_RSA_WITH_AES_256_GCM_SHA384 AES256\-GCM\-SHA384 +\& +\& TLS_DH_RSA_WITH_AES_128_CBC_SHA256 DH\-RSA\-AES128\-SHA256 +\& TLS_DH_RSA_WITH_AES_256_CBC_SHA256 DH\-RSA\-AES256\-SHA256 +\& TLS_DH_RSA_WITH_AES_128_GCM_SHA256 DH\-RSA\-AES128\-GCM\-SHA256 +\& TLS_DH_RSA_WITH_AES_256_GCM_SHA384 DH\-RSA\-AES256\-GCM\-SHA384 +\& +\& TLS_DH_DSS_WITH_AES_128_CBC_SHA256 DH\-DSS\-AES128\-SHA256 +\& TLS_DH_DSS_WITH_AES_256_CBC_SHA256 DH\-DSS\-AES256\-SHA256 +\& TLS_DH_DSS_WITH_AES_128_GCM_SHA256 DH\-DSS\-AES128\-GCM\-SHA256 +\& TLS_DH_DSS_WITH_AES_256_GCM_SHA384 DH\-DSS\-AES256\-GCM\-SHA384 +\& +\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE\-RSA\-AES128\-SHA256 +\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE\-RSA\-AES256\-SHA256 +\& TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE\-RSA\-AES128\-GCM\-SHA256 +\& TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE\-RSA\-AES256\-GCM\-SHA384 +\& +\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE\-DSS\-AES128\-SHA256 +\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE\-DSS\-AES256\-SHA256 +\& TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE\-DSS\-AES128\-GCM\-SHA256 +\& TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE\-DSS\-AES256\-GCM\-SHA384 +\& +\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE\-RSA\-AES128\-SHA256 +\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE\-RSA\-AES256\-SHA384 +\& TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE\-RSA\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE\-RSA\-AES256\-GCM\-SHA384 +\& +\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE\-ECDSA\-AES128\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE\-ECDSA\-AES256\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE\-ECDSA\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE\-ECDSA\-AES256\-GCM\-SHA384 +\& +\& TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH\-AES128\-SHA256 +\& TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH\-AES256\-SHA256 +\& TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH\-AES128\-GCM\-SHA256 +\& TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH\-AES256\-GCM\-SHA384 +\& +\& RSA_WITH_AES_128_CCM AES128\-CCM +\& RSA_WITH_AES_256_CCM AES256\-CCM +\& DHE_RSA_WITH_AES_128_CCM DHE\-RSA\-AES128\-CCM +\& DHE_RSA_WITH_AES_256_CCM DHE\-RSA\-AES256\-CCM +\& RSA_WITH_AES_128_CCM_8 AES128\-CCM8 +\& RSA_WITH_AES_256_CCM_8 AES256\-CCM8 +\& DHE_RSA_WITH_AES_128_CCM_8 DHE\-RSA\-AES128\-CCM8 +\& DHE_RSA_WITH_AES_256_CCM_8 DHE\-RSA\-AES256\-CCM8 +\& ECDHE_ECDSA_WITH_AES_128_CCM ECDHE\-ECDSA\-AES128\-CCM +\& ECDHE_ECDSA_WITH_AES_256_CCM ECDHE\-ECDSA\-AES256\-CCM +\& ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE\-ECDSA\-AES128\-CCM8 +\& ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE\-ECDSA\-AES256\-CCM8 +.Ve +.SS "\s-1ARIA\s0 cipher suites from \s-1RFC6209,\s0 extending \s-1TLS\s0 v1.2" +.IX Subsection "ARIA cipher suites from RFC6209, extending TLS v1.2" +Note: the \s-1CBC\s0 modes mentioned in this \s-1RFC\s0 are not supported. +.PP +.Vb 10 +\& TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128\-GCM\-SHA256 +\& TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256\-GCM\-SHA384 +\& TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE\-RSA\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE\-RSA\-ARIA256\-GCM\-SHA384 +\& TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE\-DSS\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE\-DSS\-ARIA256\-GCM\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE\-ECDSA\-ARIA128\-GCM\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE\-ECDSA\-ARIA256\-GCM\-SHA384 +\& TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE\-ARIA128\-GCM\-SHA256 +\& TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE\-ARIA256\-GCM\-SHA384 +\& TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK\-ARIA128\-GCM\-SHA256 +\& TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK\-ARIA256\-GCM\-SHA384 +\& TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE\-PSK\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE\-PSK\-ARIA256\-GCM\-SHA384 +\& TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA\-PSK\-ARIA128\-GCM\-SHA256 +\& TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA\-PSK\-ARIA256\-GCM\-SHA384 +.Ve +.SS "Camellia HMAC-Based cipher suites from \s-1RFC6367,\s0 extending \s-1TLS\s0 v1.2" +.IX Subsection "Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2" +.Vb 4 +\& TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-ECDSA\-CAMELLIA128\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-ECDSA\-CAMELLIA256\-SHA384 +\& TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-RSA\-CAMELLIA128\-SHA256 +\& TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-RSA\-CAMELLIA256\-SHA384 +.Ve +.SS "Pre-shared keying (\s-1PSK\s0) cipher suites" +.IX Subsection "Pre-shared keying (PSK) cipher suites" +.Vb 3 +\& PSK_WITH_NULL_SHA PSK\-NULL\-SHA +\& DHE_PSK_WITH_NULL_SHA DHE\-PSK\-NULL\-SHA +\& RSA_PSK_WITH_NULL_SHA RSA\-PSK\-NULL\-SHA +\& +\& PSK_WITH_RC4_128_SHA PSK\-RC4\-SHA +\& PSK_WITH_3DES_EDE_CBC_SHA PSK\-3DES\-EDE\-CBC\-SHA +\& PSK_WITH_AES_128_CBC_SHA PSK\-AES128\-CBC\-SHA +\& PSK_WITH_AES_256_CBC_SHA PSK\-AES256\-CBC\-SHA +\& +\& DHE_PSK_WITH_RC4_128_SHA DHE\-PSK\-RC4\-SHA +\& DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE\-PSK\-3DES\-EDE\-CBC\-SHA +\& DHE_PSK_WITH_AES_128_CBC_SHA DHE\-PSK\-AES128\-CBC\-SHA +\& DHE_PSK_WITH_AES_256_CBC_SHA DHE\-PSK\-AES256\-CBC\-SHA +\& +\& RSA_PSK_WITH_RC4_128_SHA RSA\-PSK\-RC4\-SHA +\& RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA\-PSK\-3DES\-EDE\-CBC\-SHA +\& RSA_PSK_WITH_AES_128_CBC_SHA RSA\-PSK\-AES128\-CBC\-SHA +\& RSA_PSK_WITH_AES_256_CBC_SHA RSA\-PSK\-AES256\-CBC\-SHA +\& +\& PSK_WITH_AES_128_GCM_SHA256 PSK\-AES128\-GCM\-SHA256 +\& PSK_WITH_AES_256_GCM_SHA384 PSK\-AES256\-GCM\-SHA384 +\& DHE_PSK_WITH_AES_128_GCM_SHA256 DHE\-PSK\-AES128\-GCM\-SHA256 +\& DHE_PSK_WITH_AES_256_GCM_SHA384 DHE\-PSK\-AES256\-GCM\-SHA384 +\& RSA_PSK_WITH_AES_128_GCM_SHA256 RSA\-PSK\-AES128\-GCM\-SHA256 +\& RSA_PSK_WITH_AES_256_GCM_SHA384 RSA\-PSK\-AES256\-GCM\-SHA384 +\& +\& PSK_WITH_AES_128_CBC_SHA256 PSK\-AES128\-CBC\-SHA256 +\& PSK_WITH_AES_256_CBC_SHA384 PSK\-AES256\-CBC\-SHA384 +\& PSK_WITH_NULL_SHA256 PSK\-NULL\-SHA256 +\& PSK_WITH_NULL_SHA384 PSK\-NULL\-SHA384 +\& DHE_PSK_WITH_AES_128_CBC_SHA256 DHE\-PSK\-AES128\-CBC\-SHA256 +\& DHE_PSK_WITH_AES_256_CBC_SHA384 DHE\-PSK\-AES256\-CBC\-SHA384 +\& DHE_PSK_WITH_NULL_SHA256 DHE\-PSK\-NULL\-SHA256 +\& DHE_PSK_WITH_NULL_SHA384 DHE\-PSK\-NULL\-SHA384 +\& RSA_PSK_WITH_AES_128_CBC_SHA256 RSA\-PSK\-AES128\-CBC\-SHA256 +\& RSA_PSK_WITH_AES_256_CBC_SHA384 RSA\-PSK\-AES256\-CBC\-SHA384 +\& RSA_PSK_WITH_NULL_SHA256 RSA\-PSK\-NULL\-SHA256 +\& RSA_PSK_WITH_NULL_SHA384 RSA\-PSK\-NULL\-SHA384 +\& PSK_WITH_AES_128_GCM_SHA256 PSK\-AES128\-GCM\-SHA256 +\& PSK_WITH_AES_256_GCM_SHA384 PSK\-AES256\-GCM\-SHA384 +\& +\& ECDHE_PSK_WITH_RC4_128_SHA ECDHE\-PSK\-RC4\-SHA +\& ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE\-PSK\-3DES\-EDE\-CBC\-SHA +\& ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE\-PSK\-AES128\-CBC\-SHA +\& ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE\-PSK\-AES256\-CBC\-SHA +\& ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE\-PSK\-AES128\-CBC\-SHA256 +\& ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE\-PSK\-AES256\-CBC\-SHA384 +\& ECDHE_PSK_WITH_NULL_SHA ECDHE\-PSK\-NULL\-SHA +\& ECDHE_PSK_WITH_NULL_SHA256 ECDHE\-PSK\-NULL\-SHA256 +\& ECDHE_PSK_WITH_NULL_SHA384 ECDHE\-PSK\-NULL\-SHA384 +\& +\& PSK_WITH_CAMELLIA_128_CBC_SHA256 PSK\-CAMELLIA128\-SHA256 +\& PSK_WITH_CAMELLIA_256_CBC_SHA384 PSK\-CAMELLIA256\-SHA384 +\& +\& DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 DHE\-PSK\-CAMELLIA128\-SHA256 +\& DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 DHE\-PSK\-CAMELLIA256\-SHA384 +\& +\& RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 RSA\-PSK\-CAMELLIA128\-SHA256 +\& RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 RSA\-PSK\-CAMELLIA256\-SHA384 +\& +\& ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-PSK\-CAMELLIA128\-SHA256 +\& ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-PSK\-CAMELLIA256\-SHA384 +\& +\& PSK_WITH_AES_128_CCM PSK\-AES128\-CCM +\& PSK_WITH_AES_256_CCM PSK\-AES256\-CCM +\& DHE_PSK_WITH_AES_128_CCM DHE\-PSK\-AES128\-CCM +\& DHE_PSK_WITH_AES_256_CCM DHE\-PSK\-AES256\-CCM +\& PSK_WITH_AES_128_CCM_8 PSK\-AES128\-CCM8 +\& PSK_WITH_AES_256_CCM_8 PSK\-AES256\-CCM8 +\& DHE_PSK_WITH_AES_128_CCM_8 DHE\-PSK\-AES128\-CCM8 +\& DHE_PSK_WITH_AES_256_CCM_8 DHE\-PSK\-AES256\-CCM8 +.Ve +.SS "ChaCha20\-Poly1305 cipher suites, extending \s-1TLS\s0 v1.2" +.IX Subsection "ChaCha20-Poly1305 cipher suites, extending TLS v1.2" +.Vb 7 +\& TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-RSA\-CHACHA20\-POLY1305 +\& TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-ECDSA\-CHACHA20\-POLY1305 +\& TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE\-RSA\-CHACHA20\-POLY1305 +\& TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK\-CHACHA20\-POLY1305 +\& TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-PSK\-CHACHA20\-POLY1305 +\& TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE\-PSK\-CHACHA20\-POLY1305 +\& TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA\-PSK\-CHACHA20\-POLY1305 +.Ve +.SS "\s-1TLS\s0 v1.3 cipher suites" +.IX Subsection "TLS v1.3 cipher suites" +.Vb 5 +\& TLS_AES_128_GCM_SHA256 TLS_AES_128_GCM_SHA256 +\& TLS_AES_256_GCM_SHA384 TLS_AES_256_GCM_SHA384 +\& TLS_CHACHA20_POLY1305_SHA256 TLS_CHACHA20_POLY1305_SHA256 +\& TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_SHA256 +\& TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_8_SHA256 +.Ve +.SS "Older names used by OpenSSL" +.IX Subsection "Older names used by OpenSSL" +The following names are accepted by older releases: +.PP +.Vb 2 +\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH\-RSA\-DES\-CBC3\-SHA (DHE\-RSA\-DES\-CBC3\-SHA) +\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH\-DSS\-DES\-CBC3\-SHA (DHE\-DSS\-DES\-CBC3\-SHA) +.Ve +.SH "NOTES" +.IX Header "NOTES" +Some compiled versions of OpenSSL may not include all the ciphers +listed here because some ciphers were excluded at compile time. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Verbose listing of all OpenSSL ciphers including \s-1NULL\s0 ciphers: +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqALL:eNULL\*(Aq +.Ve +.PP +Include all ciphers except \s-1NULL\s0 and anonymous \s-1DH\s0 then sort by +strength: +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqALL:!ADH:@STRENGTH\*(Aq +.Ve +.PP +Include all ciphers except ones with no encryption (eNULL) or no +authentication (aNULL): +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqALL:!aNULL\*(Aq +.Ve +.PP +Include only 3DES ciphers and then place \s-1RSA\s0 ciphers last: +.PP +.Vb 1 +\& openssl ciphers \-v \*(Aq3DES:+RSA\*(Aq +.Ve +.PP +Include all \s-1RC4\s0 ciphers but leave out those without authentication: +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqRC4:!COMPLEMENTOFDEFAULT\*(Aq +.Ve +.PP +Include all ciphers with \s-1RSA\s0 authentication but leave out ciphers without +encryption. +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqRSA:!COMPLEMENTOFALL\*(Aq +.Ve +.PP +Set security level to 2 and display all ciphers consistent with level 2: +.PP +.Vb 1 +\& openssl ciphers \-s \-v \*(AqALL:@SECLEVEL=2\*(Aq +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBs_client\fR\|(1), \fBs_server\fR\|(1), \fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-V\fR option for the \fBciphers\fR command was added in OpenSSL 1.0.0. +.PP +The \fB\-stdname\fR is only available if OpenSSL is built with tracing enabled +(\fBenable-ssl-trace\fR argument to Configure) before OpenSSL 1.1.1. +.PP +The \fB\-convert\fR option was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/cms.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/cms.1 new file mode 100644 index 00000000..4623925f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/cms.1 @@ -0,0 +1,820 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS 1" +.TH CMS 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-cms, cms \- CMS utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBcms\fR +[\fB\-help\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-sign\fR] +[\fB\-verify\fR] +[\fB\-cmsout\fR] +[\fB\-resign\fR] +[\fB\-data_create\fR] +[\fB\-data_out\fR] +[\fB\-digest_create\fR] +[\fB\-digest_verify\fR] +[\fB\-compress\fR] +[\fB\-uncompress\fR] +[\fB\-EncryptedData_encrypt\fR] +[\fB\-sign_receipt\fR] +[\fB\-verify_receipt receipt\fR] +[\fB\-in filename\fR] +[\fB\-inform SMIME|PEM|DER\fR] +[\fB\-rctform SMIME|PEM|DER\fR] +[\fB\-out filename\fR] +[\fB\-outform SMIME|PEM|DER\fR] +[\fB\-stream \-indef \-noindef\fR] +[\fB\-noindef\fR] +[\fB\-content filename\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-print\fR] +[\fB\-CAfile file\fR] +[\fB\-CApath dir\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-attime timestamp\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-no_check_time\fR] +[\fB\-partial_chain\fR] +[\fB\-policy arg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose purpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level num\fR] +[\fB\-verify_depth num\fR] +[\fB\-verify_email email\fR] +[\fB\-verify_hostname hostname\fR] +[\fB\-verify_ip ip\fR] +[\fB\-verify_name name\fR] +[\fB\-x509_strict\fR] +[\fB\-md digest\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-nointern\fR] +[\fB\-noverify\fR] +[\fB\-nocerts\fR] +[\fB\-noattr\fR] +[\fB\-nosmimecap\fR] +[\fB\-binary\fR] +[\fB\-crlfeol\fR] +[\fB\-asciicrlf\fR] +[\fB\-nodetach\fR] +[\fB\-certfile file\fR] +[\fB\-certsout file\fR] +[\fB\-signer file\fR] +[\fB\-recip file\fR] +[\fB\-keyid\fR] +[\fB\-receipt_request_all\fR] +[\fB\-receipt_request_first\fR] +[\fB\-receipt_request_from emailaddress\fR] +[\fB\-receipt_request_to emailaddress\fR] +[\fB\-receipt_request_print\fR] +[\fB\-secretkey key\fR] +[\fB\-secretkeyid id\fR] +[\fB\-econtent_type type\fR] +[\fB\-inkey file\fR] +[\fB\-keyopt name:parameter\fR] +[\fB\-passin arg\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fBcert.pem...\fR] +[\fB\-to addr\fR] +[\fB\-from addr\fR] +[\fB\-subject subj\fR] +[cert.pem]... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBcms\fR command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign and +verify, compress and uncompress S/MIME messages. +.SH "OPTIONS" +.IX Header "OPTIONS" +There are fourteen operation options that set the type of operation to be +performed. The meaning of the other options varies according to the operation +type. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt mail for the given recipient certificates. Input file is the message +to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format. The +actual \s-1CMS\s0 type is EnvelopedData. +.Sp +Note that no revocation check is done for the recipient cert, so if that +key has been compromised, others may be able to decrypt the text. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt mail using the supplied certificate and private key. Expects an +encrypted mail message in \s-1MIME\s0 format for the input file. The decrypted mail +is written to the output file. +.IP "\fB\-debug_decrypt\fR" 4 +.IX Item "-debug_decrypt" +This option sets the \fB\s-1CMS_DEBUG_DECRYPT\s0\fR flag. This option should be used +with caution: see the notes section below. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign mail using the supplied certificate and private key. Input file is +the message to be signed. The signed message in \s-1MIME\s0 format is written +to the output file. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify signed mail. Expects a signed mail message on input and outputs +the signed data. Both clear text and opaque signing is supported. +.IP "\fB\-cmsout\fR" 4 +.IX Item "-cmsout" +Takes an input message and writes out a \s-1PEM\s0 encoded \s-1CMS\s0 structure. +.IP "\fB\-resign\fR" 4 +.IX Item "-resign" +Resign a message: take an existing message and one or more new signers. +.IP "\fB\-data_create\fR" 4 +.IX Item "-data_create" +Create a \s-1CMS\s0 \fBData\fR type. +.IP "\fB\-data_out\fR" 4 +.IX Item "-data_out" +\&\fBData\fR type and output the content. +.IP "\fB\-digest_create\fR" 4 +.IX Item "-digest_create" +Create a \s-1CMS\s0 \fBDigestedData\fR type. +.IP "\fB\-digest_verify\fR" 4 +.IX Item "-digest_verify" +Verify a \s-1CMS\s0 \fBDigestedData\fR type and output the content. +.IP "\fB\-compress\fR" 4 +.IX Item "-compress" +Create a \s-1CMS\s0 \fBCompressedData\fR type. OpenSSL must be compiled with \fBzlib\fR +support for this option to work, otherwise it will output an error. +.IP "\fB\-uncompress\fR" 4 +.IX Item "-uncompress" +Uncompress a \s-1CMS\s0 \fBCompressedData\fR type and output the content. OpenSSL must be +compiled with \fBzlib\fR support for this option to work, otherwise it will +output an error. +.IP "\fB\-EncryptedData_encrypt\fR" 4 +.IX Item "-EncryptedData_encrypt" +Encrypt content using supplied symmetric key and algorithm using a \s-1CMS\s0 +\&\fBEncryptedData\fR type and output the content. +.IP "\fB\-sign_receipt\fR" 4 +.IX Item "-sign_receipt" +Generate and output a signed receipt for the supplied message. The input +message \fBmust\fR contain a signed receipt request. Functionality is otherwise +similar to the \fB\-sign\fR operation. +.IP "\fB\-verify_receipt receipt\fR" 4 +.IX Item "-verify_receipt receipt" +Verify a signed receipt in filename \fBreceipt\fR. The input message \fBmust\fR +contain the original receipt request. Functionality is otherwise similar +to the \fB\-verify\fR operation. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +The input message to be encrypted or signed or the message to be decrypted +or verified. +.IP "\fB\-inform SMIME|PEM|DER\fR" 4 +.IX Item "-inform SMIME|PEM|DER" +This specifies the input format for the \s-1CMS\s0 structure. The default +is \fB\s-1SMIME\s0\fR which reads an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR +format change this to expect \s-1PEM\s0 and \s-1DER\s0 format \s-1CMS\s0 structures +instead. This currently only affects the input format of the \s-1CMS\s0 +structure, if no \s-1CMS\s0 structure is being input (for example with +\&\fB\-encrypt\fR or \fB\-sign\fR) this option has no effect. +.IP "\fB\-rctform SMIME|PEM|DER\fR" 4 +.IX Item "-rctform SMIME|PEM|DER" +Specify the format for a signed receipt for use with the \fB\-receipt_verify\fR +operation. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +The message text that has been decrypted or verified or the output \s-1MIME\s0 +format message that has been signed or verified. +.IP "\fB\-outform SMIME|PEM|DER\fR" 4 +.IX Item "-outform SMIME|PEM|DER" +This specifies the output format for the \s-1CMS\s0 structure. The default +is \fB\s-1SMIME\s0\fR which writes an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR +format change this to write \s-1PEM\s0 and \s-1DER\s0 format \s-1CMS\s0 structures +instead. This currently only affects the output format of the \s-1CMS\s0 +structure, if no \s-1CMS\s0 structure is being output (for example with +\&\fB\-verify\fR or \fB\-decrypt\fR) this option has no effect. +.IP "\fB\-stream \-indef \-noindef\fR" 4 +.IX Item "-stream -indef -noindef" +The \fB\-stream\fR and \fB\-indef\fR options are equivalent and enable streaming I/O +for encoding operations. This permits single pass processing of data without +the need to hold the entire contents in memory, potentially supporting very +large files. Streaming is automatically set for S/MIME signing with detached +data if the output format is \fB\s-1SMIME\s0\fR it is currently off by default for all +other operations. +.IP "\fB\-noindef\fR" 4 +.IX Item "-noindef" +Disable streaming I/O where it would produce and indefinite length constructed +encoding. This option currently has no effect. In future streaming will be +enabled by default on all relevant operations and this option will disable it. +.IP "\fB\-content filename\fR" 4 +.IX Item "-content filename" +This specifies a file containing the detached content, this is only +useful with the \fB\-verify\fR command. This is only usable if the \s-1CMS\s0 +structure is using the detached signature form where the content is +not included. This option will override any content if the input format +is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied +message if encrypting or signing. If decrypting or verifying it strips +off text headers: if the decrypted or verified message is not of \s-1MIME\s0 +type text/plain then an error occurs. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +For the \fB\-cmsout\fR operation do not output the parsed \s-1CMS\s0 structure. This +is useful when combined with the \fB\-print\fR option or if the syntax of the \s-1CMS\s0 +structure is being checked. +.IP "\fB\-print\fR" 4 +.IX Item "-print" +For the \fB\-cmsout\fR operation print out all fields of the \s-1CMS\s0 structure. This +is mainly useful for testing purposes. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +A file containing trusted \s-1CA\s0 certificates, only used with \fB\-verify\fR. +.IP "\fB\-CApath dir\fR" 4 +.IX Item "-CApath dir" +A directory containing trusted \s-1CA\s0 certificates, only used with +\&\fB\-verify\fR. This directory must be a standard certificate directory: that +is a hash of each subject name (using \fBx509 \-hash\fR) should be linked +to each certificate. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location +.IP "\fB\-md digest\fR" 4 +.IX Item "-md digest" +Digest algorithm to use when signing or resigning. If not present then the +default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +The encryption algorithm to use. For example triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR +or 256 bit \s-1AES\s0 \- \fB\-aes256\fR. Any standard algorithm name (as used by the +\&\fBEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for +example \fB\-aes\-128\-cbc\fR. See \fBenc\fR\|(1) for a list of ciphers +supported by your version of OpenSSL. +.Sp +If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR and +\&\fB\-EncryptedData_create\fR commands. +.IP "\fB\-nointern\fR" 4 +.IX Item "-nointern" +When verifying a message normally certificates (if any) included in +the message are searched for the signing certificate. With this option +only the certificates specified in the \fB\-certfile\fR option are used. +The supplied certificates can still be used as untrusted CAs however. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Do not verify the signers certificate of a signed message. +.IP "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +When signing a message the signer's certificate is normally included +with this option it is excluded. This will reduce the size of the +signed message but the verifier must have a copy of the signers certificate +available locally (passed using the \fB\-certfile\fR option for example). +.IP "\fB\-noattr\fR" 4 +.IX Item "-noattr" +Normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. With this +option they are not included. +.IP "\fB\-nosmimecap\fR" 4 +.IX Item "-nosmimecap" +Exclude the list of supported algorithms from signed attributes, other options +such as signing time and content type are still included. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Normally the input message is converted to \*(L"canonical\*(R" format which is +effectively using \s-1CR\s0 and \s-1LF\s0 as end of line: as required by the S/MIME +specification. When this option is present no translation occurs. This +is useful when handling binary data which may not be in \s-1MIME\s0 format. +.IP "\fB\-crlfeol\fR" 4 +.IX Item "-crlfeol" +Normally the output file uses a single \fB\s-1LF\s0\fR as end of line. When this +option is present \fB\s-1CRLF\s0\fR is used instead. +.IP "\fB\-asciicrlf\fR" 4 +.IX Item "-asciicrlf" +When signing use \s-1ASCII CRLF\s0 format canonicalisation. This strips trailing +whitespace from all lines, deletes trailing blank lines at \s-1EOF\s0 and sets +the encapsulated content type. This option is normally used with detached +content and an output signature format of \s-1DER.\s0 This option is not normally +needed when verifying as it is enabled automatically if the encapsulated +content format is detected. +.IP "\fB\-nodetach\fR" 4 +.IX Item "-nodetach" +When signing a message use opaque signing: this form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. Without this option cleartext signing with +the \s-1MIME\s0 type multipart/signed is used. +.IP "\fB\-certfile file\fR" 4 +.IX Item "-certfile file" +Allows additional certificates to be specified. When signing these will +be included with the message. When verifying these will be searched for +the signers certificates. The certificates should be in \s-1PEM\s0 format. +.IP "\fB\-certsout file\fR" 4 +.IX Item "-certsout file" +Any certificates contained in the message are written to \fBfile\fR. +.IP "\fB\-signer file\fR" 4 +.IX Item "-signer file" +A signing certificate when signing or resigning a message, this option can be +used multiple times if more than one signer is required. If a message is being +verified then the signers certificates will be written to this file if the +verification was successful. +.IP "\fB\-recip file\fR" 4 +.IX Item "-recip file" +When decrypting a message this specifies the recipients certificate. The +certificate must match one of the recipients of the message or an error +occurs. +.Sp +When encrypting a message this option may be used multiple times to specify +each recipient. This form \fBmust\fR be used if customised parameters are +required (for example to specify RSA-OAEP). +.Sp +Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this +option. +.IP "\fB\-keyid\fR" 4 +.IX Item "-keyid" +Use subject key identifier to identify certificates instead of issuer name and +serial number. The supplied certificate \fBmust\fR include a subject key +identifier extension. Supported by \fB\-sign\fR and \fB\-encrypt\fR options. +.IP "\fB\-receipt_request_all\fR, \fB\-receipt_request_first\fR" 4 +.IX Item "-receipt_request_all, -receipt_request_first" +For \fB\-sign\fR option include a signed receipt request. Indicate requests should +be provided by all recipient or first tier recipients (those mailed directly +and not from a mailing list). Ignored it \fB\-receipt_request_from\fR is included. +.IP "\fB\-receipt_request_from emailaddress\fR" 4 +.IX Item "-receipt_request_from emailaddress" +For \fB\-sign\fR option include a signed receipt request. Add an explicit email +address where receipts should be supplied. +.IP "\fB\-receipt_request_to emailaddress\fR" 4 +.IX Item "-receipt_request_to emailaddress" +Add an explicit email address where signed receipts should be sent to. This +option \fBmust\fR but supplied if a signed receipt it requested. +.IP "\fB\-receipt_request_print\fR" 4 +.IX Item "-receipt_request_print" +For the \fB\-verify\fR operation print out the contents of any signed receipt +requests. +.IP "\fB\-secretkey key\fR" 4 +.IX Item "-secretkey key" +Specify symmetric key to use. The key must be supplied in hex format and be +consistent with the algorithm used. Supported by the \fB\-EncryptedData_encrypt\fR +\&\fB\-EncryptedData_decrypt\fR, \fB\-encrypt\fR and \fB\-decrypt\fR options. When used +with \fB\-encrypt\fR or \fB\-decrypt\fR the supplied key is used to wrap or unwrap the +content encryption key using an \s-1AES\s0 key in the \fBKEKRecipientInfo\fR type. +.IP "\fB\-secretkeyid id\fR" 4 +.IX Item "-secretkeyid id" +The key identifier for the supplied symmetric key for \fBKEKRecipientInfo\fR type. +This option \fBmust\fR be present if the \fB\-secretkey\fR option is used with +\&\fB\-encrypt\fR. With \fB\-decrypt\fR operations the \fBid\fR is used to locate the +relevant key if it is not supplied then an attempt is used to decrypt any +\&\fBKEKRecipientInfo\fR structures. +.IP "\fB\-econtent_type type\fR" 4 +.IX Item "-econtent_type type" +Set the encapsulated content type to \fBtype\fR if not supplied the \fBData\fR type +is used. The \fBtype\fR argument can be any valid \s-1OID\s0 name in either text or +numerical format. +.IP "\fB\-inkey file\fR" 4 +.IX Item "-inkey file" +The private key to use when signing or decrypting. This must match the +corresponding certificate. If this option is not specified then the +private key must be included in the certificate file specified with +the \fB\-recip\fR or \fB\-signer\fR file. When signing this option can be used +multiple times to specify successive keys. +.IP "\fB\-keyopt name:opt\fR" 4 +.IX Item "-keyopt name:opt" +For signing and encryption this option can be used multiple times to +set customised parameters for the preceding key or certificate. It can +currently be used to set RSA-PSS for signing, RSA-OAEP for encryption +or to modify default parameters for \s-1ECDH.\s0 +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The private key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fBcert.pem...\fR" 4 +.IX Item "cert.pem..." +One or more certificates of message recipients: used when encrypting +a message. +.IP "\fB\-to, \-from, \-subject\fR" 4 +.IX Item "-to, -from, -subject" +The relevant mail headers. These are included outside the signed +portion of a message so they may be included manually. If signing +then many S/MIME mail clients check the signers certificate's email +address matches that specified in the From: address. +.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4 +.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict" +Set various certificate chain validation options. See the +\&\fBverify\fR\|(1) manual page for details. +.SH "NOTES" +.IX Header "NOTES" +The \s-1MIME\s0 message must be sent without any blank lines between the +headers and the output. Some mail programs will automatically add +a blank line. Piping the mail directly to sendmail is one way to +achieve the correct format. +.PP +The supplied message to be signed or encrypted must include the +necessary \s-1MIME\s0 headers or many S/MIME clients won't display it +properly (if at all). You can use the \fB\-text\fR option to automatically +add plain text headers. +.PP +A \*(L"signed and encrypted\*(R" message is one where a signed message is +then encrypted. This can be produced by encrypting an already signed +message: see the examples section. +.PP +This version of the program only allows one signer per message but it +will verify multiple signers on received messages. Some S/MIME clients +choke if a message contains multiple signers. It is possible to sign +messages \*(L"in parallel\*(R" by signing an already signed message. +.PP +The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME +clients. Strictly speaking these process \s-1CMS\s0 enveloped data: \s-1CMS\s0 +encrypted data is used for other purposes. +.PP +The \fB\-resign\fR option uses an existing message digest when adding a new +signer. This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail. +.PP +The \fB\-stream\fR and \fB\-indef\fR options enable streaming I/O support. +As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding +and no longer \s-1DER.\s0 Streaming is supported for the \fB\-encrypt\fR operation and the +\&\fB\-sign\fR operation if the content is not detached. +.PP +Streaming is always used for the \fB\-sign\fR operation with detached data but +since the content is no longer part of the \s-1CMS\s0 structure the encoding +remains \s-1DER.\s0 +.PP +If the \fB\-decrypt\fR option is used without a recipient certificate then an +attempt is made to locate the recipient by trying each potential recipient +in turn using the supplied private key. To thwart the \s-1MMA\s0 attack +(Bleichenbacher's attack on \s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are +tried whether they succeed or not and if no recipients match the message +is \*(L"decrypted\*(R" using a random key which will typically output garbage. +The \fB\-debug_decrypt\fR option can be used to disable the \s-1MMA\s0 attack protection +and return an error if no recipient can be found: this option should be used +with caution. For a fuller description see \fBCMS_decrypt\fR\|(3)). +.SH "EXIT CODES" +.IX Header "EXIT CODES" +.IP "0" 4 +The operation was completely successfully. +.IP "1" 4 +.IX Item "1" +An error occurred parsing the command options. +.IP "2" 4 +.IX Item "2" +One of the input files could not be read. +.IP "3" 4 +.IX Item "3" +An error occurred creating the \s-1CMS\s0 file or when reading the \s-1MIME\s0 +message. +.IP "4" 4 +.IX Item "4" +An error occurred decrypting or verifying the message. +.IP "5" 4 +.IX Item "5" +The message was verified correctly but an error occurred writing out +the signers certificates. +.SH "COMPATIBILITY WITH PKCS#7 format." +.IX Header "COMPATIBILITY WITH PKCS#7 format." +The \fBsmime\fR utility can only process the older \fBPKCS#7\fR format. The \fBcms\fR +utility supports Cryptographic Message Syntax format. Use of some features +will result in messages which cannot be processed by applications which only +support the older format. These are detailed below. +.PP +The use of the \fB\-keyid\fR option with \fB\-sign\fR or \fB\-encrypt\fR. +.PP +The \fB\-outform \s-1PEM\s0\fR option uses different headers. +.PP +The \fB\-compress\fR option. +.PP +The \fB\-secretkey\fR option when used with \fB\-encrypt\fR. +.PP +The use of \s-1PSS\s0 with \fB\-sign\fR. +.PP +The use of \s-1OAEP\s0 or non-RSA keys with \fB\-encrypt\fR. +.PP +Additionally the \fB\-EncryptedData_create\fR and \fB\-data_create\fR type cannot +be processed by the older \fBsmime\fR command. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a cleartext signed message: +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem +.Ve +.PP +Create an opaque signed message +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \-nodetach \e +\& \-signer mycert.pem +.Ve +.PP +Create a signed message, include some additional certificates and +read the private key from another file: +.PP +.Vb 2 +\& openssl cms \-sign \-in in.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-inkey mykey.pem \-certfile mycerts.pem +.Ve +.PP +Create a signed message with two signers, use key identifier: +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-signer othercert.pem \-keyid +.Ve +.PP +Send a signed message under Unix directly to sendmail, including headers: +.PP +.Vb 3 +\& openssl cms \-sign \-in in.txt \-text \-signer mycert.pem \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed message" | sendmail someone@somewhere +.Ve +.PP +Verify a message and extract the signer's certificate if successful: +.PP +.Vb 1 +\& openssl cms \-verify \-in mail.msg \-signer user.pem \-out signedtext.txt +.Ve +.PP +Send encrypted mail using triple \s-1DES:\s0 +.PP +.Vb 3 +\& openssl cms \-encrypt \-in in.txt \-from steve@openssl.org \e +\& \-to someone@somewhere \-subject "Encrypted message" \e +\& \-des3 user.pem \-out mail.msg +.Ve +.PP +Sign and encrypt mail: +.PP +.Vb 4 +\& openssl cms \-sign \-in ml.txt \-signer my.pem \-text \e +\& | openssl cms \-encrypt \-out mail.msg \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed and Encrypted message" \-des3 user.pem +.Ve +.PP +Note: the encryption command does not include the \fB\-text\fR option because the +message being encrypted already has \s-1MIME\s0 headers. +.PP +Decrypt mail: +.PP +.Vb 1 +\& openssl cms \-decrypt \-in mail.msg \-recip mycert.pem \-inkey key.pem +.Ve +.PP +The output from Netscape form signing is a PKCS#7 structure with the +detached signature format. You can use this program to verify the +signature by line wrapping the base64 encoded structure and surrounding +it with: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PKCS7\-\-\-\-\- +\& \-\-\-\-\-END PKCS7\-\-\-\-\- +.Ve +.PP +and using the command, +.PP +.Vb 1 +\& openssl cms \-verify \-inform PEM \-in signature.pem \-content content.txt +.Ve +.PP +alternatively you can base64 decode the signature and use +.PP +.Vb 1 +\& openssl cms \-verify \-inform DER \-in signature.der \-content content.txt +.Ve +.PP +Create an encrypted message using 128 bit Camellia: +.PP +.Vb 1 +\& openssl cms \-encrypt \-in plain.txt \-camellia128 \-out mail.msg cert.pem +.Ve +.PP +Add a signer to an existing message: +.PP +.Vb 1 +\& openssl cms \-resign \-in mail.msg \-signer newsign.pem \-out mail2.msg +.Ve +.PP +Sign mail using RSA-PSS: +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-keyopt rsa_padding_mode:pss +.Ve +.PP +Create encrypted mail using RSA-OAEP: +.PP +.Vb 2 +\& openssl cms \-encrypt \-in plain.txt \-out mail.msg \e +\& \-recip cert.pem \-keyopt rsa_padding_mode:oaep +.Ve +.PP +Use \s-1SHA256 KDF\s0 with an \s-1ECDH\s0 certificate: +.PP +.Vb 2 +\& openssl cms \-encrypt \-in plain.txt \-out mail.msg \e +\& \-recip ecdhcert.pem \-keyopt ecdh_kdf_md:sha256 +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've +thrown at it but it may choke on others. +.PP +The code currently will only write out the signer's certificate to a file: if +the signer has a separate encryption certificate this must be manually +extracted. There should be some heuristic that determines the correct +encryption certificate. +.PP +Ideally a database should be maintained of a certificates for each email +address. +.PP +The code doesn't currently take note of the permitted symmetric encryption +algorithms as supplied in the SMIMECapabilities signed attribute. this means the +user has to manually include the correct encryption algorithm. It should store +the list of permitted ciphers in a database and only use those. +.PP +No revocation checking is done on the signer's certificate. +.SH "HISTORY" +.IX Header "HISTORY" +The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first +added in OpenSSL 1.0.0. +.PP +The \fBkeyopt\fR option was added in OpenSSL 1.0.2. +.PP +Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2. +.PP +The use of non-RSA keys with \fB\-encrypt\fR and \fB\-decrypt\fR +was added in OpenSSL 1.0.2. +.PP +The \-no_alt_chains option was added in OpenSSL 1.0.2b. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/crl.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/crl.1 new file mode 100644 index 00000000..ec15114a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/crl.1 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRL 1" +.TH CRL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-crl, crl \- CRL utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBcrl\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-text\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-nameopt option\fR] +[\fB\-noout\fR] +[\fB\-hash\fR] +[\fB\-issuer\fR] +[\fB\-lastupdate\fR] +[\fB\-nextupdate\fR] +[\fB\-CAfile file\fR] +[\fB\-CApath dir\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBcrl\fR command processes \s-1CRL\s0 files in \s-1DER\s0 or \s-1PEM\s0 format. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1CRL\s0 +structure. \fB\s-1PEM\s0\fR (the default) is a base64 encoded version of +the \s-1DER\s0 form with header and footer lines. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read from or standard input if this +option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Print out the \s-1CRL\s0 in text form. +.IP "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +Option which determines how the subject or issuer names are displayed. See +the description of \fB\-nameopt\fR in \fBx509\fR\|(1). +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the encoded version of the \s-1CRL.\s0 +.IP "\fB\-hash\fR" 4 +.IX Item "-hash" +Output a hash of the issuer name. This can be use to lookup CRLs in +a directory by issuer name. +.IP "\fB\-hash_old\fR" 4 +.IX Item "-hash_old" +Outputs the \*(L"hash\*(R" of the \s-1CRL\s0 issuer name using the older algorithm +as used by OpenSSL before version 1.0.0. +.IP "\fB\-issuer\fR" 4 +.IX Item "-issuer" +Output the issuer name. +.IP "\fB\-lastupdate\fR" 4 +.IX Item "-lastupdate" +Output the lastUpdate field. +.IP "\fB\-nextupdate\fR" 4 +.IX Item "-nextupdate" +Output the nextUpdate field. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +Verify the signature on a \s-1CRL\s0 by looking up the issuing certificate in +\&\fBfile\fR. +.IP "\fB\-CApath dir\fR" 4 +.IX Item "-CApath dir" +Verify the signature on a \s-1CRL\s0 by looking up the issuing certificate in +\&\fBdir\fR. This directory must be a standard certificate directory: that +is a hash of each subject name (using \fBx509 \-hash\fR) should be linked +to each certificate. +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM CRL\s0 format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN X509 CRL\-\-\-\-\- +\& \-\-\-\-\-END X509 CRL\-\-\-\-\- +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Convert a \s-1CRL\s0 file from \s-1PEM\s0 to \s-1DER:\s0 +.PP +.Vb 1 +\& openssl crl \-in crl.pem \-outform DER \-out crl.der +.Ve +.PP +Output the text form of a \s-1DER\s0 encoded certificate: +.PP +.Vb 1 +\& openssl crl \-in crl.der \-inform DER \-text \-noout +.Ve +.SH "BUGS" +.IX Header "BUGS" +Ideally it should be possible to create a \s-1CRL\s0 using appropriate options +and files too. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrl2pkcs7\fR\|(1), \fBca\fR\|(1), \fBx509\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/crl2pkcs7.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/crl2pkcs7.1 new file mode 100644 index 00000000..67214af2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/crl2pkcs7.1 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRL2PKCS7 1" +.TH CRL2PKCS7 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-crl2pkcs7, crl2pkcs7 \- Create a PKCS#7 structure from a CRL and certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBcrl2pkcs7\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-certfile filename\fR] +[\fB\-nocrl\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBcrl2pkcs7\fR command takes an optional \s-1CRL\s0 and one or more +certificates and converts them into a PKCS#7 degenerate \*(L"certificates +only\*(R" structure. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the \s-1CRL\s0 input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1CRL\s0 +structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of +the \s-1DER\s0 form with header and footer lines. The default format is \s-1PEM.\s0 +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the PKCS#7 structure output format. \fB\s-1DER\s0\fR format is \s-1DER\s0 +encoded PKCS#7 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of +the \s-1DER\s0 form with header and footer lines. The default format is \s-1PEM.\s0 +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a \s-1CRL\s0 from or standard input if this +option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write the PKCS#7 structure to or standard +output by default. +.IP "\fB\-certfile filename\fR" 4 +.IX Item "-certfile filename" +Specifies a filename containing one or more certificates in \fB\s-1PEM\s0\fR format. +All certificates in the file will be added to the PKCS#7 structure. This +option can be used more than once to read certificates form multiple +files. +.IP "\fB\-nocrl\fR" 4 +.IX Item "-nocrl" +Normally a \s-1CRL\s0 is included in the output file. With this option no \s-1CRL\s0 is +included in the output file and a \s-1CRL\s0 is not read from the input file. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a PKCS#7 structure from a certificate and \s-1CRL:\s0 +.PP +.Vb 1 +\& openssl crl2pkcs7 \-in crl.pem \-certfile cert.pem \-out p7.pem +.Ve +.PP +Creates a PKCS#7 structure in \s-1DER\s0 format with no \s-1CRL\s0 from several +different certificates: +.PP +.Vb 2 +\& openssl crl2pkcs7 \-nocrl \-certfile newcert.pem +\& \-certfile demoCA/cacert.pem \-outform DER \-out p7.der +.Ve +.SH "NOTES" +.IX Header "NOTES" +The output file is a PKCS#7 signed data structure containing no signers and +just certificates and an optional \s-1CRL.\s0 +.PP +This utility can be used to send certificates and CAs to Netscape as part of +the certificate enrollment process. This involves sending the \s-1DER\s0 encoded output +as \s-1MIME\s0 type application/x\-x509\-user\-cert. +.PP +The \fB\s-1PEM\s0\fR encoded form with the header and footer lines removed can be used to +install user certificates and CAs in \s-1MSIE\s0 using the Xenroll control. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBpkcs7\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/dgst.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/dgst.1 new file mode 100644 index 00000000..5899e161 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/dgst.1 @@ -0,0 +1,347 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DGST 1" +.TH DGST 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dgst, dgst \- perform digest operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl dgst\fR +[\fB\-\f(BIdigest\fB\fR] +[\fB\-help\fR] +[\fB\-c\fR] +[\fB\-d\fR] +[\fB\-list\fR] +[\fB\-hex\fR] +[\fB\-binary\fR] +[\fB\-r\fR] +[\fB\-out filename\fR] +[\fB\-sign filename\fR] +[\fB\-keyform arg\fR] +[\fB\-passin arg\fR] +[\fB\-verify filename\fR] +[\fB\-prverify filename\fR] +[\fB\-signature filename\fR] +[\fB\-sigopt nm:v\fR] +[\fB\-hmac key\fR] +[\fB\-fips\-fingerprint\fR] +[\fB\-rand file...\fR] +[\fB\-engine id\fR] +[\fB\-engine_impl\fR] +[\fBfile...\fR] +.PP +\&\fBopenssl\fR \fIdigest\fR [\fB...\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The digest functions output the message digest of a supplied file or files +in hexadecimal. The digest functions also generate and verify digital +signatures using message digests. +.PP +The generic name, \fBdgst\fR, may be used with an option specifying the +algorithm to be used. +The default digest is \fIsha256\fR. +A supported \fIdigest\fR name may also be used as the command name. +To see the list of supported algorithms, use the \fIlist \-\-digest\-commands\fR +command. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +Specifies name of a supported digest to be used. To see the list of +supported digests, use the command \fIlist \-\-digest\-commands\fR. +.IP "\fB\-c\fR" 4 +.IX Item "-c" +Print out the digest in two digit groups separated by colons, only relevant if +\&\fBhex\fR format output is used. +.IP "\fB\-d\fR" 4 +.IX Item "-d" +Print out \s-1BIO\s0 debugging information. +.IP "\fB\-list\fR" 4 +.IX Item "-list" +Prints out a list of supported message digests. +.IP "\fB\-hex\fR" 4 +.IX Item "-hex" +Digest is to be output as a hex dump. This is the default case for a \*(L"normal\*(R" +digest as opposed to a digital signature. See \s-1NOTES\s0 below for digital +signatures using \fB\-hex\fR. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Output the digest or signature in binary form. +.IP "\fB\-r\fR" 4 +.IX Item "-r" +Output the digest in the \*(L"coreutils\*(R" format, including newlines. +Used by programs like \fBsha1sum\fR. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Filename to output to, or standard output by default. +.IP "\fB\-sign filename\fR" 4 +.IX Item "-sign filename" +Digitally sign the digest using the private key in \*(L"filename\*(R". Note this option +does not support Ed25519 or Ed448 private keys. Use the \fBpkeyutl\fR command +instead for this. +.IP "\fB\-keyform arg\fR" 4 +.IX Item "-keyform arg" +Specifies the key format to sign digest with. The \s-1DER, PEM, P12,\s0 +and \s-1ENGINE\s0 formats are supported. +.IP "\fB\-sigopt nm:v\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The private key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-verify filename\fR" 4 +.IX Item "-verify filename" +Verify the signature using the public key in \*(L"filename\*(R". +The output is either \*(L"Verification \s-1OK\*(R"\s0 or \*(L"Verification Failure\*(R". +.IP "\fB\-prverify filename\fR" 4 +.IX Item "-prverify filename" +Verify the signature using the private key in \*(L"filename\*(R". +.IP "\fB\-signature filename\fR" 4 +.IX Item "-signature filename" +The actual signature to verify. +.IP "\fB\-hmac key\fR" 4 +.IX Item "-hmac key" +Create a hashed \s-1MAC\s0 using \*(L"key\*(R". +.IP "\fB\-mac alg\fR" 4 +.IX Item "-mac alg" +Create \s-1MAC\s0 (keyed Message Authentication Code). The most popular \s-1MAC\s0 +algorithm is \s-1HMAC\s0 (hash-based \s-1MAC\s0), but there are other \s-1MAC\s0 algorithms +which are not based on hash, for instance \fBgost-mac\fR algorithm, +supported by \fBccgost\fR engine. \s-1MAC\s0 keys and other options should be set +via \fB\-macopt\fR parameter. +.IP "\fB\-macopt nm:v\fR" 4 +.IX Item "-macopt nm:v" +Passes options to \s-1MAC\s0 algorithm, specified by \fB\-mac\fR key. +Following options are supported by both by \fB\s-1HMAC\s0\fR and \fBgost-mac\fR: +.RS 4 +.IP "\fBkey:string\fR" 4 +.IX Item "key:string" +Specifies \s-1MAC\s0 key as alphanumeric string (use if key contain printable +characters only). String length must conform to any restrictions of +the \s-1MAC\s0 algorithm for example exactly 32 chars for gost-mac. +.IP "\fBhexkey:string\fR" 4 +.IX Item "hexkey:string" +Specifies \s-1MAC\s0 key in hexadecimal form (two hex digits per byte). +Key length must conform to any restrictions of the \s-1MAC\s0 algorithm +for example exactly 32 chars for gost-mac. +.RE +.RS 4 +.RE +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-fips\-fingerprint\fR" 4 +.IX Item "-fips-fingerprint" +Compute \s-1HMAC\s0 using a specific key for certain OpenSSL-FIPS operations. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Use engine \fBid\fR for operations (including private key storage). +This engine is not used as source for digest algorithms, unless it is +also specified in the configuration file or \fB\-engine_impl\fR is also +specified. +.IP "\fB\-engine_impl\fR" 4 +.IX Item "-engine_impl" +When used with the \fB\-engine\fR option, it specifies to also use +engine \fBid\fR for digest operations. +.IP "\fBfile...\fR" 4 +.IX Item "file..." +File or files to digest. If no files are specified then standard input is +used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To create a hex-encoded message digest of a file: + openssl dgst \-md5 \-hex file.txt +.PP +To sign a file using \s-1SHA\-256\s0 with binary file output: + openssl dgst \-sha256 \-sign privatekey.pem \-out signature.sign file.txt +.PP +To verify a signature: + openssl dgst \-sha256 \-verify publickey.pem \e + \-signature signature.sign \e + file.txt +.SH "NOTES" +.IX Header "NOTES" +The digest mechanisms that are available will depend on the options +used when building OpenSSL. +The \fBlist digest-commands\fR command can be used to list them. +.PP +New or agile applications should use probably use \s-1SHA\-256.\s0 Other digests, +particularly \s-1SHA\-1\s0 and \s-1MD5,\s0 are still widely used for interoperating +with existing formats and protocols. +.PP +When signing a file, \fBdgst\fR will automatically determine the algorithm +(\s-1RSA, ECC,\s0 etc) to use for signing based on the private key's \s-1ASN.1\s0 info. +When verifying signatures, it only handles the \s-1RSA, DSA,\s0 or \s-1ECDSA\s0 signature +itself, not the related data to identify the signer and algorithm used in +formats such as x.509, \s-1CMS,\s0 and S/MIME. +.PP +A source of random numbers is required for certain signing algorithms, in +particular \s-1ECDSA\s0 and \s-1DSA.\s0 +.PP +The signing and verify options should only be used if a single file is +being signed or verified. +.PP +Hex signatures cannot be verified using \fBopenssl\fR. Instead, use \*(L"xxd \-r\*(R" +or similar program to transform the hex signature into a binary signature +prior to verification. +.SH "HISTORY" +.IX Header "HISTORY" +The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0. +The FIPS-related options were removed in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/dhparam.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/dhparam.1 new file mode 100644 index 00000000..8c7053bd --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/dhparam.1 @@ -0,0 +1,276 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DHPARAM 1" +.TH DHPARAM 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dhparam, dhparam \- DH parameter manipulation and generation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl dhparam\fR +[\fB\-help\fR] +[\fB\-inform DER|PEM\fR] +[\fB\-outform DER|PEM\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-dsaparam\fR] +[\fB\-check\fR] +[\fB\-noout\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-2\fR] +[\fB\-5\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-engine id\fR] +[\fInumbits\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to manipulate \s-1DH\s0 parameter files. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded +form compatible with the PKCS#3 DHparameter structure. The \s-1PEM\s0 form is the +default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with +additional header and footer lines. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should \fBnot\fR be the same +as the input filename. +.IP "\fB\-dsaparam\fR" 4 +.IX Item "-dsaparam" +If this option is used, \s-1DSA\s0 rather than \s-1DH\s0 parameters are read or created; +they are converted to \s-1DH\s0 format. Otherwise, \*(L"strong\*(R" primes (such +that (p\-1)/2 is also prime) will be used for \s-1DH\s0 parameter generation. +.Sp +\&\s-1DH\s0 parameter generation with the \fB\-dsaparam\fR option is much faster, +and the recommended exponent length is shorter, which makes \s-1DH\s0 key +exchange more efficient. Beware that with such DSA-style \s-1DH\s0 +parameters, a fresh \s-1DH\s0 key should be created for each use to +avoid small-subgroup attacks that may be possible otherwise. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +Performs numerous checks to see if the supplied parameters are valid and +displays a warning if not. +.IP "\fB\-2\fR, \fB\-5\fR" 4 +.IX Item "-2, -5" +The generator to use, either 2 or 5. If present then the +input file is ignored and parameters are generated instead. If not +present but \fBnumbits\fR is present, parameters are generated with the +default generator 2. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fInumbits\fR" 4 +.IX Item "numbits" +This option specifies that a parameter set should be generated of size +\&\fInumbits\fR. It must be the last option. If this option is present then +the input file is ignored and parameters are generated instead. If +this option is not present but a generator (\fB\-2\fR or \fB\-5\fR) is +present, parameters are generated with a default length of 2048 bits. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits the output of the encoded version of the parameters. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option prints out the \s-1DH\s0 parameters in human readable form. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This option converts the parameters into C code. The parameters can then +be loaded by calling the \fBget_dhNNNN()\fR function. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBdhparam\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "WARNINGS" +.IX Header "WARNINGS" +The program \fBdhparam\fR combines the functionality of the programs \fBdh\fR and +\&\fBgendh\fR in previous versions of OpenSSL. The \fBdh\fR and \fBgendh\fR +programs are retained for now but may have different purposes in future +versions of OpenSSL. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1PEM\s0 format \s-1DH\s0 parameters use the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN DH PARAMETERS\-\-\-\-\- +\& \-\-\-\-\-END DH PARAMETERS\-\-\-\-\- +.Ve +.PP +OpenSSL currently only supports the older PKCS#3 \s-1DH,\s0 not the newer X9.42 +\&\s-1DH.\s0 +.PP +This program manipulates \s-1DH\s0 parameters not keys. +.SH "BUGS" +.IX Header "BUGS" +There should be a way to generate and manipulate \s-1DH\s0 keys. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBdsaparam\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/dsa.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/dsa.1 new file mode 100644 index 00000000..abb85c6b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/dsa.1 @@ -0,0 +1,306 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA 1" +.TH DSA 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dsa, dsa \- DSA key processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBdsa\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-modulus\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBdsa\fR command processes \s-1DSA\s0 keys. They can be converted between various +forms and their components printed out. \fBNote\fR This command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the \fBpkcs8\fR +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses +an \s-1ASN1 DER\s0 encoded form of an \s-1ASN.1 SEQUENCE\s0 consisting of the values of +version (currently zero), p, q, g, the public and private key components +respectively as \s-1ASN.1\s0 INTEGERs. When used with a public key it uses a +SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA.\s0 +.Sp +The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 +encoded with additional header and footer lines. In the case of a private key +PKCS#8 format is also accepted. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +The output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that using the \fBdsa\fR utility to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with \s-1PEM\s0 format output files. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the public, private key components and parameters. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the key. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the public key component of the key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default, a private key is read from the input file. With this option a +public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default, a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBdsa\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 private key format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN DSA PRIVATE KEY\-\-\-\-\- +\& \-\-\-\-\-END DSA PRIVATE KEY\-\-\-\-\- +.Ve +.PP +The \s-1PEM\s0 public key format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\- +\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\- +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To remove the pass phrase on a \s-1DSA\s0 private key: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-out keyout.pem +.Ve +.PP +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-text \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-pubout \-out pubkey.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBdsaparam\fR\|(1), \fBgendsa\fR\|(1), \fBrsa\fR\|(1), +\&\fBgenrsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/dsaparam.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/dsaparam.1 new file mode 100644 index 00000000..ac6dd7b8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/dsaparam.1 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSAPARAM 1" +.TH DSAPARAM 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dsaparam, dsaparam \- DSA parameter manipulation and generation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl dsaparam\fR +[\fB\-help\fR] +[\fB\-inform DER|PEM\fR] +[\fB\-outform DER|PEM\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-noout\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-genkey\fR] +[\fB\-engine id\fR] +[\fBnumbits\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to manipulate or generate \s-1DSA\s0 parameter files. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded +form compatible with \s-1RFC2459\s0 (\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting +of p, q and g respectively. The \s-1PEM\s0 form is the default format: it consists +of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. If the \fBnumbits\fR parameter is included then +this option will be ignored. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should \fBnot\fR be the same +as the input filename. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits the output of the encoded version of the parameters. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option prints out the \s-1DSA\s0 parameters in human readable form. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This option converts the parameters into C code. The parameters can then +be loaded by calling the \fBget_dsaXXX()\fR function. +.IP "\fB\-genkey\fR" 4 +.IX Item "-genkey" +This option will generate a \s-1DSA\s0 either using the specified or generated +parameters. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fBnumbits\fR" 4 +.IX Item "numbits" +This option specifies that a parameter set should be generated of size +\&\fBnumbits\fR. It must be the last option. If this option is included then +the input file (if any) is ignored. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBdsaparam\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1PEM\s0 format \s-1DSA\s0 parameters use the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN DSA PARAMETERS\-\-\-\-\- +\& \-\-\-\-\-END DSA PARAMETERS\-\-\-\-\- +.Ve +.PP +\&\s-1DSA\s0 parameter generation is a slow process and as a result the same set of +\&\s-1DSA\s0 parameters is often used to generate several distinct keys. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBgendsa\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBrsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ec.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ec.1 new file mode 100644 index 00000000..84cfa7c2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ec.1 @@ -0,0 +1,326 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC 1" +.TH EC 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ec, ec \- EC key processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBec\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-param_out\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-conv_form arg\fR] +[\fB\-param_enc arg\fR] +[\fB\-no_public\fR] +[\fB\-check\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBec\fR command processes \s-1EC\s0 keys. They can be converted between various +forms and their components printed out. \fBNote\fR OpenSSL uses the +private key format specified in '\s-1SEC 1:\s0 Elliptic Curve Cryptography' +(http://www.secg.org/). To convert an OpenSSL \s-1EC\s0 private key into the +PKCS#8 private key format use the \fBpkcs8\fR command. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses +an \s-1ASN.1 DER\s0 encoded \s-1SEC1\s0 private key. When used with a public key it +uses the SubjectPublicKeyInfo structure as specified in \s-1RFC 3280.\s0 +The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 +encoded with additional header and footer lines. In the case of a private key +PKCS#8 format is also accepted. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +The output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-des|\-des3|\-idea\fR" 4 +.IX Item "-des|-des3|-idea" +These options encrypt the private key with the \s-1DES,\s0 triple \s-1DES, IDEA\s0 or +any other cipher supported by OpenSSL before outputting it. A pass phrase is +prompted for. +If none of these options is specified the key is written in plain text. This +means that using the \fBec\fR utility to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with \s-1PEM\s0 format output files. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the public, private key components and parameters. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default, a private key is read from the input file. With this option a +public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key. +.IP "\fB\-conv_form\fR" 4 +.IX Item "-conv_form" +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: \fBcompressed\fR (the default +value), \fBuncompressed\fR and \fBhybrid\fR. For more information regarding +the point conversion forms please read the X9.62 standard. +\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time. +.IP "\fB\-param_enc arg\fR" 4 +.IX Item "-param_enc arg" +This specifies how the elliptic curve parameters are encoded. +Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are +specified by an \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are +explicitly given (see \s-1RFC 3279\s0 for the definition of the +\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. +\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in \s-1RFC 3279,\s0 +is currently not implemented in OpenSSL. +.IP "\fB\-no_public\fR" 4 +.IX Item "-no_public" +This option omits the public key components from the private key output. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the consistency of an \s-1EC\s0 private or public key. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBec\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 private key format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN EC PRIVATE KEY\-\-\-\-\- +\& \-\-\-\-\-END EC PRIVATE KEY\-\-\-\-\- +.Ve +.PP +The \s-1PEM\s0 public key format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\- +\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\- +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl ec \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-text \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-pubout \-out pubkey.pem +.Ve +.PP +To change the parameters encoding to \fBexplicit\fR: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-param_enc explicit \-out keyout.pem +.Ve +.PP +To change the point conversion form to \fBcompressed\fR: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-conv_form compressed \-out keyout.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBecparam\fR\|(1), \fBdsa\fR\|(1), \fBrsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ecparam.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ecparam.1 new file mode 100644 index 00000000..16376947 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ecparam.1 @@ -0,0 +1,312 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ECPARAM 1" +.TH ECPARAM 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ecparam, ecparam \- EC parameter manipulation and generation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl ecparam\fR +[\fB\-help\fR] +[\fB\-inform DER|PEM\fR] +[\fB\-outform DER|PEM\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-noout\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-check\fR] +[\fB\-name arg\fR] +[\fB\-list_curves\fR] +[\fB\-conv_form arg\fR] +[\fB\-param_enc arg\fR] +[\fB\-no_seed\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-genkey\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to manipulate or generate \s-1EC\s0 parameter files. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN.1 DER\s0 encoded +form compatible with \s-1RFC 3279\s0 EcpkParameters. The \s-1PEM\s0 form is the default +format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional +header and footer lines. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should \fBnot\fR be the same +as the input filename. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits the output of the encoded version of the parameters. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option prints out the \s-1EC\s0 parameters in human readable form. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This option converts the \s-1EC\s0 parameters into C code. The parameters can then +be loaded by calling the \fBget_ec_group_XXX()\fR function. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +Validate the elliptic curve parameters. +.IP "\fB\-name arg\fR" 4 +.IX Item "-name arg" +Use the \s-1EC\s0 parameters with the specified 'short' name. Use \fB\-list_curves\fR +to get a list of all currently implemented \s-1EC\s0 parameters. +.IP "\fB\-list_curves\fR" 4 +.IX Item "-list_curves" +If this options is specified \fBecparam\fR will print out a list of all +currently implemented \s-1EC\s0 parameters names and exit. +.IP "\fB\-conv_form\fR" 4 +.IX Item "-conv_form" +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: \fBcompressed\fR, \fBuncompressed\fR (the +default value) and \fBhybrid\fR. For more information regarding +the point conversion forms please read the X9.62 standard. +\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time. +.IP "\fB\-param_enc arg\fR" 4 +.IX Item "-param_enc arg" +This specifies how the elliptic curve parameters are encoded. +Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are +specified by an \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are +explicitly given (see \s-1RFC 3279\s0 for the definition of the +\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. +\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in \s-1RFC 3279,\s0 +is currently not implemented in OpenSSL. +.IP "\fB\-no_seed\fR" 4 +.IX Item "-no_seed" +This option inhibits that the 'seed' for the parameter generation +is included in the ECParameters structure (see \s-1RFC 3279\s0). +.IP "\fB\-genkey\fR" 4 +.IX Item "-genkey" +This option will generate an \s-1EC\s0 private key using the specified parameters. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBecparam\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1PEM\s0 format \s-1EC\s0 parameters use the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN EC PARAMETERS\-\-\-\-\- +\& \-\-\-\-\-END EC PARAMETERS\-\-\-\-\- +.Ve +.PP +OpenSSL is currently not able to generate new groups and therefore +\&\fBecparam\fR can only create \s-1EC\s0 parameters from known (named) curves. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To create \s-1EC\s0 parameters with the group 'prime192v1': +.PP +.Vb 1 +\& openssl ecparam \-out ec_param.pem \-name prime192v1 +.Ve +.PP +To create \s-1EC\s0 parameters with explicit parameters: +.PP +.Vb 1 +\& openssl ecparam \-out ec_param.pem \-name prime192v1 \-param_enc explicit +.Ve +.PP +To validate given \s-1EC\s0 parameters: +.PP +.Vb 1 +\& openssl ecparam \-in ec_param.pem \-check +.Ve +.PP +To create \s-1EC\s0 parameters and a private key: +.PP +.Vb 1 +\& openssl ecparam \-out ec_key.pem \-name prime192v1 \-genkey +.Ve +.PP +To change the point encoding to 'compressed': +.PP +.Vb 1 +\& openssl ecparam \-in ec_in.pem \-out ec_out.pem \-conv_form compressed +.Ve +.PP +To print out the \s-1EC\s0 parameters to standard output: +.PP +.Vb 1 +\& openssl ecparam \-in ec_param.pem \-noout \-text +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBec\fR\|(1), \fBdsaparam\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/enc.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/enc.1 new file mode 100644 index 00000000..84c53541 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/enc.1 @@ -0,0 +1,543 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ENC 1" +.TH ENC 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-enc, enc \- symmetric cipher routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl enc \-\f(BIcipher\fB\fR +[\fB\-help\fR] +[\fB\-list\fR] +[\fB\-ciphers\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-pass arg\fR] +[\fB\-e\fR] +[\fB\-d\fR] +[\fB\-a\fR] +[\fB\-base64\fR] +[\fB\-A\fR] +[\fB\-k password\fR] +[\fB\-kfile filename\fR] +[\fB\-K key\fR] +[\fB\-iv \s-1IV\s0\fR] +[\fB\-S salt\fR] +[\fB\-salt\fR] +[\fB\-nosalt\fR] +[\fB\-z\fR] +[\fB\-md digest\fR] +[\fB\-iter count\fR] +[\fB\-pbkdf2\fR] +[\fB\-p\fR] +[\fB\-P\fR] +[\fB\-bufsize number\fR] +[\fB\-nopad\fR] +[\fB\-debug\fR] +[\fB\-none\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-engine id\fR] +.PP +\&\fBopenssl\fR \fI[cipher]\fR [\fB...\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The symmetric cipher commands allow data to be encrypted or decrypted +using various block and stream ciphers using keys based on passwords +or explicitly provided. Base64 encoding or decoding can also be performed +either by itself or in addition to the encryption or decryption. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-list\fR" 4 +.IX Item "-list" +List all supported ciphers. +.IP "\fB\-ciphers\fR" 4 +.IX Item "-ciphers" +Alias of \-list to display all supported ciphers. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +The input filename, standard input by default. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +The output filename, standard output by default. +.IP "\fB\-pass arg\fR" 4 +.IX Item "-pass arg" +The password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-e\fR" 4 +.IX Item "-e" +Encrypt the input data: this is the default. +.IP "\fB\-d\fR" 4 +.IX Item "-d" +Decrypt the input data. +.IP "\fB\-a\fR" 4 +.IX Item "-a" +Base64 process the data. This means that if encryption is taking place +the data is base64 encoded after encryption. If decryption is set then +the input data is base64 decoded before being decrypted. +.IP "\fB\-base64\fR" 4 +.IX Item "-base64" +Same as \fB\-a\fR +.IP "\fB\-A\fR" 4 +.IX Item "-A" +If the \fB\-a\fR option is set then base64 process the data on one line. +.IP "\fB\-k password\fR" 4 +.IX Item "-k password" +The password to derive the key from. This is for compatibility with previous +versions of OpenSSL. Superseded by the \fB\-pass\fR argument. +.IP "\fB\-kfile filename\fR" 4 +.IX Item "-kfile filename" +Read the password to derive the key from the first line of \fBfilename\fR. +This is for compatibility with previous versions of OpenSSL. Superseded by +the \fB\-pass\fR argument. +.IP "\fB\-md digest\fR" 4 +.IX Item "-md digest" +Use the specified digest to create the key from the passphrase. +The default algorithm is sha\-256. +.IP "\fB\-iter count\fR" 4 +.IX Item "-iter count" +Use a given number of iterations on the password in deriving the encryption key. +High values increase the time required to brute-force the resulting file. +This option enables the use of \s-1PBKDF2\s0 algorithm to derive the key. +.IP "\fB\-pbkdf2\fR" 4 +.IX Item "-pbkdf2" +Use \s-1PBKDF2\s0 algorithm with default iteration count unless otherwise specified. +.IP "\fB\-nosalt\fR" 4 +.IX Item "-nosalt" +Don't use a salt in the key derivation routines. This option \fB\s-1SHOULD NOT\s0\fR be +used except for test purposes or compatibility with ancient versions of +OpenSSL. +.IP "\fB\-salt\fR" 4 +.IX Item "-salt" +Use salt (randomly generated or provide with \fB\-S\fR option) when +encrypting, this is the default. +.IP "\fB\-S salt\fR" 4 +.IX Item "-S salt" +The actual salt to use: this must be represented as a string of hex digits. +.IP "\fB\-K key\fR" 4 +.IX Item "-K key" +The actual key to use: this must be represented as a string comprised only +of hex digits. If only the key is specified, the \s-1IV\s0 must additionally specified +using the \fB\-iv\fR option. When both a key and a password are specified, the +key given with the \fB\-K\fR option will be used and the \s-1IV\s0 generated from the +password will be taken. It does not make much sense to specify both key +and password. +.IP "\fB\-iv \s-1IV\s0\fR" 4 +.IX Item "-iv IV" +The actual \s-1IV\s0 to use: this must be represented as a string comprised only +of hex digits. When only the key is specified using the \fB\-K\fR option, the +\&\s-1IV\s0 must explicitly be defined. When a password is being specified using +one of the other options, the \s-1IV\s0 is generated from this password. +.IP "\fB\-p\fR" 4 +.IX Item "-p" +Print out the key and \s-1IV\s0 used. +.IP "\fB\-P\fR" 4 +.IX Item "-P" +Print out the key and \s-1IV\s0 used then immediately exit: don't do any encryption +or decryption. +.IP "\fB\-bufsize number\fR" 4 +.IX Item "-bufsize number" +Set the buffer size for I/O. +.IP "\fB\-nopad\fR" 4 +.IX Item "-nopad" +Disable standard block padding. +.IP "\fB\-debug\fR" 4 +.IX Item "-debug" +Debug the BIOs used for I/O. +.IP "\fB\-z\fR" 4 +.IX Item "-z" +Compress or decompress clear text using zlib before encryption or after +decryption. This option exists only if OpenSSL with compiled with zlib +or zlib-dynamic option. +.IP "\fB\-none\fR" 4 +.IX Item "-none" +Use \s-1NULL\s0 cipher (no encryption or decryption of input). +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.SH "NOTES" +.IX Header "NOTES" +The program can be called either as \fBopenssl cipher\fR or +\&\fBopenssl enc \-cipher\fR. The first form doesn't work with +engine-provided ciphers, because this form is processed before the +configuration file is read and any ENGINEs loaded. +Use the \fBlist\fR command to get a list of supported ciphers. +.PP +Engines which provide entirely new encryption algorithms (such as the ccgost +engine which provides gost89 algorithm) should be configured in the +configuration file. Engines specified on the command line using \-engine +options can only be used for hardware-assisted implementations of +ciphers which are supported by the OpenSSL core or another engine specified +in the configuration file. +.PP +When the enc command lists supported ciphers, ciphers provided by engines, +specified in the configuration files are listed too. +.PP +A password will be prompted for to derive the key and \s-1IV\s0 if necessary. +.PP +The \fB\-salt\fR option should \fB\s-1ALWAYS\s0\fR be used if the key is being derived +from a password unless you want compatibility with previous versions of +OpenSSL. +.PP +Without the \fB\-salt\fR option it is possible to perform efficient dictionary +attacks on the password and to attack stream cipher encrypted data. The reason +for this is that without the salt the same password always generates the same +encryption key. When the salt is being used the first eight bytes of the +encrypted data are reserved for the salt: it is generated at random when +encrypting a file and read from the encrypted file when it is decrypted. +.PP +Some of the ciphers do not have large keys and others have security +implications if not used correctly. A beginner is advised to just use +a strong block cipher, such as \s-1AES,\s0 in \s-1CBC\s0 mode. +.PP +All the block ciphers normally use PKCS#5 padding, also known as standard +block padding. This allows a rudimentary integrity or password check to +be performed. However since the chance of random data passing the test +is better than 1 in 256 it isn't a very good test. +.PP +If padding is disabled then the input data must be a multiple of the cipher +block length. +.PP +All \s-1RC2\s0 ciphers have the same key and effective key length. +.PP +Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. +.SH "SUPPORTED CIPHERS" +.IX Header "SUPPORTED CIPHERS" +Note that some of these ciphers can be disabled at compile time +and some are available only if an appropriate engine is configured +in the configuration file. The output of the \fBenc\fR command run with +the \fB\-ciphers\fR option (that is \fBopenssl enc \-ciphers\fR) produces a +list of ciphers, supported by your version of OpenSSL, including +ones provided by configured engines. +.PP +The \fBenc\fR program does not support authenticated encryption modes +like \s-1CCM\s0 and \s-1GCM,\s0 and will not support such modes in the future. +The \fBenc\fR interface by necessity must begin streaming output (e.g., +to standard output when \fB\-out\fR is not used) before the authentication +tag could be validated, leading to the usage of \fBenc\fR in pipelines +that begin processing untrusted data and are not capable of rolling +back upon authentication failure. The \s-1AEAD\s0 modes currently in common +use also suffer from catastrophic failure of confidentiality and/or +integrity upon reuse of key/iv/nonce, and since \fBenc\fR places the +entire burden of key/iv/nonce management upon the user, the risk of +exposing \s-1AEAD\s0 modes is too great to allow. These key/iv/nonce +management issues also affect other modes currently exposed in \fBenc\fR, +but the failure modes are less extreme in these cases, and the +functionality cannot be removed with a stable release branch. +For bulk encryption of data, whether using authenticated encryption +modes or other modes, \fBcms\fR\|(1) is recommended, as it provides a +standard data format and performs the needed key/iv/nonce management. +.PP +.Vb 1 +\& base64 Base 64 +\& +\& bf\-cbc Blowfish in CBC mode +\& bf Alias for bf\-cbc +\& blowfish Alias for bf\-cbc +\& bf\-cfb Blowfish in CFB mode +\& bf\-ecb Blowfish in ECB mode +\& bf\-ofb Blowfish in OFB mode +\& +\& cast\-cbc CAST in CBC mode +\& cast Alias for cast\-cbc +\& cast5\-cbc CAST5 in CBC mode +\& cast5\-cfb CAST5 in CFB mode +\& cast5\-ecb CAST5 in ECB mode +\& cast5\-ofb CAST5 in OFB mode +\& +\& chacha20 ChaCha20 algorithm +\& +\& des\-cbc DES in CBC mode +\& des Alias for des\-cbc +\& des\-cfb DES in CFB mode +\& des\-ofb DES in OFB mode +\& des\-ecb DES in ECB mode +\& +\& des\-ede\-cbc Two key triple DES EDE in CBC mode +\& des\-ede Two key triple DES EDE in ECB mode +\& des\-ede\-cfb Two key triple DES EDE in CFB mode +\& des\-ede\-ofb Two key triple DES EDE in OFB mode +\& +\& des\-ede3\-cbc Three key triple DES EDE in CBC mode +\& des\-ede3 Three key triple DES EDE in ECB mode +\& des3 Alias for des\-ede3\-cbc +\& des\-ede3\-cfb Three key triple DES EDE CFB mode +\& des\-ede3\-ofb Three key triple DES EDE in OFB mode +\& +\& desx DESX algorithm. +\& +\& gost89 GOST 28147\-89 in CFB mode (provided by ccgost engine) +\& gost89\-cnt \`GOST 28147\-89 in CNT mode (provided by ccgost engine) +\& +\& idea\-cbc IDEA algorithm in CBC mode +\& idea same as idea\-cbc +\& idea\-cfb IDEA in CFB mode +\& idea\-ecb IDEA in ECB mode +\& idea\-ofb IDEA in OFB mode +\& +\& rc2\-cbc 128 bit RC2 in CBC mode +\& rc2 Alias for rc2\-cbc +\& rc2\-cfb 128 bit RC2 in CFB mode +\& rc2\-ecb 128 bit RC2 in ECB mode +\& rc2\-ofb 128 bit RC2 in OFB mode +\& rc2\-64\-cbc 64 bit RC2 in CBC mode +\& rc2\-40\-cbc 40 bit RC2 in CBC mode +\& +\& rc4 128 bit RC4 +\& rc4\-64 64 bit RC4 +\& rc4\-40 40 bit RC4 +\& +\& rc5\-cbc RC5 cipher in CBC mode +\& rc5 Alias for rc5\-cbc +\& rc5\-cfb RC5 cipher in CFB mode +\& rc5\-ecb RC5 cipher in ECB mode +\& rc5\-ofb RC5 cipher in OFB mode +\& +\& seed\-cbc SEED cipher in CBC mode +\& seed Alias for seed\-cbc +\& seed\-cfb SEED cipher in CFB mode +\& seed\-ecb SEED cipher in ECB mode +\& seed\-ofb SEED cipher in OFB mode +\& +\& sm4\-cbc SM4 cipher in CBC mode +\& sm4 Alias for sm4\-cbc +\& sm4\-cfb SM4 cipher in CFB mode +\& sm4\-ctr SM4 cipher in CTR mode +\& sm4\-ecb SM4 cipher in ECB mode +\& sm4\-ofb SM4 cipher in OFB mode +\& +\& aes\-[128|192|256]\-cbc 128/192/256 bit AES in CBC mode +\& aes[128|192|256] Alias for aes\-[128|192|256]\-cbc +\& aes\-[128|192|256]\-cfb 128/192/256 bit AES in 128 bit CFB mode +\& aes\-[128|192|256]\-cfb1 128/192/256 bit AES in 1 bit CFB mode +\& aes\-[128|192|256]\-cfb8 128/192/256 bit AES in 8 bit CFB mode +\& aes\-[128|192|256]\-ctr 128/192/256 bit AES in CTR mode +\& aes\-[128|192|256]\-ecb 128/192/256 bit AES in ECB mode +\& aes\-[128|192|256]\-ofb 128/192/256 bit AES in OFB mode +\& +\& aria\-[128|192|256]\-cbc 128/192/256 bit ARIA in CBC mode +\& aria[128|192|256] Alias for aria\-[128|192|256]\-cbc +\& aria\-[128|192|256]\-cfb 128/192/256 bit ARIA in 128 bit CFB mode +\& aria\-[128|192|256]\-cfb1 128/192/256 bit ARIA in 1 bit CFB mode +\& aria\-[128|192|256]\-cfb8 128/192/256 bit ARIA in 8 bit CFB mode +\& aria\-[128|192|256]\-ctr 128/192/256 bit ARIA in CTR mode +\& aria\-[128|192|256]\-ecb 128/192/256 bit ARIA in ECB mode +\& aria\-[128|192|256]\-ofb 128/192/256 bit ARIA in OFB mode +\& +\& camellia\-[128|192|256]\-cbc 128/192/256 bit Camellia in CBC mode +\& camellia[128|192|256] Alias for camellia\-[128|192|256]\-cbc +\& camellia\-[128|192|256]\-cfb 128/192/256 bit Camellia in 128 bit CFB mode +\& camellia\-[128|192|256]\-cfb1 128/192/256 bit Camellia in 1 bit CFB mode +\& camellia\-[128|192|256]\-cfb8 128/192/256 bit Camellia in 8 bit CFB mode +\& camellia\-[128|192|256]\-ctr 128/192/256 bit Camellia in CTR mode +\& camellia\-[128|192|256]\-ecb 128/192/256 bit Camellia in ECB mode +\& camellia\-[128|192|256]\-ofb 128/192/256 bit Camellia in OFB mode +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Just base64 encode a binary file: +.PP +.Vb 1 +\& openssl base64 \-in file.bin \-out file.b64 +.Ve +.PP +Decode the same file +.PP +.Vb 1 +\& openssl base64 \-d \-in file.b64 \-out file.bin +.Ve +.PP +Encrypt a file using \s-1AES\-128\s0 using a prompted password +and \s-1PBKDF2\s0 key derivation: +.PP +.Vb 1 +\& openssl enc \-aes128 \-pbkdf2 \-in file.txt \-out file.aes128 +.Ve +.PP +Decrypt a file using a supplied password: +.PP +.Vb 2 +\& openssl enc \-aes128 \-pbkdf2 \-d \-in file.aes128 \-out file.txt \e +\& \-pass pass: +.Ve +.PP +Encrypt a file then base64 encode it (so it can be sent via mail for example) +using \s-1AES\-256\s0 in \s-1CTR\s0 mode and \s-1PBKDF2\s0 key derivation: +.PP +.Vb 1 +\& openssl enc \-aes\-256\-ctr \-pbkdf2 \-a \-in file.txt \-out file.aes256 +.Ve +.PP +Base64 decode a file then decrypt it using a password supplied in a file: +.PP +.Vb 2 +\& openssl enc \-aes\-256\-ctr \-pbkdf2 \-d \-a \-in file.aes256 \-out file.txt \e +\& \-pass file: +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \fB\-A\fR option when used with large files doesn't work properly. +.PP +The \fBenc\fR program only supports a fixed number of algorithms with +certain parameters. So if, for example, you want to use \s-1RC2\s0 with a +76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program. +.SH "HISTORY" +.IX Header "HISTORY" +The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0. +.PP +The \fB\-list\fR option was added in OpenSSL 1.1.1e. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/engine.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/engine.1 new file mode 100644 index 00000000..7bbabdaf --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/engine.1 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ENGINE 1" +.TH ENGINE 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-engine, engine \- load and query engines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl engine\fR +[ \fIengine...\fR ] +[\fB\-v\fR] +[\fB\-vv\fR] +[\fB\-vvv\fR] +[\fB\-vvv\fR] +[\fB\-vvv\fR] +[\fB\-c\fR] +[\fB\-t\fR] +[\fB\-tt\fR] +[\fB\-pre\fR \fIcommand\fR] +[\fB\-post\fR \fIcommand\fR] +[ \fIengine...\fR ] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBengine\fR command is used to query the status and capabilities +of the specified \fBengine\fR's. +Engines may be specified before and after all other command-line flags. +Only those specified are queried. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-v\fR \fB\-vv\fR \fB\-vvv\fR \fB\-vvvv\fR" 4 +.IX Item "-v -vv -vvv -vvvv" +Provides information about each specified engine. The first flag lists +all the possible run-time control commands; the second adds a +description of each command; the third adds the input flags, and the +final option adds the internal input flags. +.IP "\fB\-c\fR" 4 +.IX Item "-c" +Lists the capabilities of each engine. +.IP "\fB\-t\fR" 4 +.IX Item "-t" +Tests if each specified engine is available, and displays the answer. +.IP "\fB\-tt\fR" 4 +.IX Item "-tt" +Displays an error trace for any unavailable engine. +.IP "\fB\-pre\fR \fIcommand\fR" 4 +.IX Item "-pre command" +.PD 0 +.IP "\fB\-post\fR \fIcommand\fR" 4 +.IX Item "-post command" +.PD +Command-line configuration of engines. +The \fB\-pre\fR command is given to the engine before it is loaded and +the \fB\-post\fR command is given after the engine is loaded. +The \fIcommand\fR is of the form \fIcmd:val\fR where \fIcmd\fR is the command, +and \fIval\fR is the value for the command. +See the example below. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To list all the commands available to a dynamic engine: +.PP +.Vb 10 +\& $ openssl engine \-t \-tt \-vvvv dynamic +\& (dynamic) Dynamic engine loading support +\& [ unavailable ] +\& SO_PATH: Specifies the path to the new ENGINE shared library +\& (input flags): STRING +\& NO_VCHECK: Specifies to continue even if version checking fails (boolean) +\& (input flags): NUMERIC +\& ID: Specifies an ENGINE id name for loading +\& (input flags): STRING +\& LIST_ADD: Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory) +\& (input flags): NUMERIC +\& DIR_LOAD: Specifies whether to load from \*(AqDIR_ADD\*(Aq directories (0=no,1=yes,2=mandatory) +\& (input flags): NUMERIC +\& DIR_ADD: Adds a directory from which ENGINEs can be loaded +\& (input flags): STRING +\& LOAD: Load up the ENGINE specified by other settings +\& (input flags): NO_INPUT +.Ve +.PP +To list the capabilities of the \fIrsax\fR engine: +.PP +.Vb 4 +\& $ openssl engine \-c +\& (rsax) RSAX engine support +\& [RSA] +\& (dynamic) Dynamic engine loading support +.Ve +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IX Item "OPENSSL_ENGINES" +The path to the engines directory. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/errstr.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/errstr.1 new file mode 100644 index 00000000..d677ab0b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/errstr.1 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERRSTR 1" +.TH ERRSTR 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-errstr, errstr \- lookup error codes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl errstr error_code\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Sometimes an application will not load error message and only +numerical forms will be available. The \fBerrstr\fR utility can be used to +display the meaning of the hex code. The hex code is the hex digits after the +second colon. +.SH "OPTIONS" +.IX Header "OPTIONS" +None. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The error code: +.PP +.Vb 1 +\& 27594:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107: +.Ve +.PP +can be displayed with: +.PP +.Vb 1 +\& openssl errstr 2006D080 +.Ve +.PP +to produce the error message: +.PP +.Vb 1 +\& error:2006D080:BIO routines:BIO_new_file:no such file +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/gendsa.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/gendsa.1 new file mode 100644 index 00000000..8a2bdee5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/gendsa.1 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "GENDSA 1" +.TH GENDSA 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-gendsa, gendsa \- generate a DSA private key from a set of parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBgendsa\fR +[\fB\-help\fR] +[\fB\-out filename\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-engine id\fR] +[\fBparamfile\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBgendsa\fR command generates a \s-1DSA\s0 private key from a \s-1DSA\s0 parameter file +(which will be typically generated by the \fBopenssl dsaparam\fR command). +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Output the key to the specified file. If this argument is not specified then +standard output is used. +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified no encryption is used. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBgendsa\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fBparamfile\fR" 4 +.IX Item "paramfile" +This option specifies the \s-1DSA\s0 parameter file to use. The parameters in this +file determine the size of the private key. \s-1DSA\s0 parameters can be generated +and examined using the \fBopenssl dsaparam\fR command. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1DSA\s0 key generation is little more than random number generation so it is +much quicker that \s-1RSA\s0 key generation for example. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBdsaparam\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBrsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/genpkey.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/genpkey.1 new file mode 100644 index 00000000..3d43f587 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/genpkey.1 @@ -0,0 +1,434 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "GENPKEY 1" +.TH GENPKEY 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-genpkey, genpkey \- generate a private key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBgenpkey\fR +[\fB\-help\fR] +[\fB\-out filename\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-pass arg\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-engine id\fR] +[\fB\-paramfile file\fR] +[\fB\-algorithm alg\fR] +[\fB\-pkeyopt opt:value\fR] +[\fB\-genparam\fR] +[\fB\-text\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBgenpkey\fR command generates a private key. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Output the key to the specified file. If this argument is not specified then +standard output is used. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format \s-1DER\s0 or \s-1PEM.\s0 The default format is \s-1PEM.\s0 +.IP "\fB\-pass arg\fR" 4 +.IX Item "-pass arg" +The output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +This option encrypts the private key with the supplied cipher. Any algorithm +name accepted by \fBEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBgenpkey\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. If used this option should precede all other +options. +.IP "\fB\-algorithm alg\fR" 4 +.IX Item "-algorithm alg" +Public key algorithm to use such as \s-1RSA, DSA\s0 or \s-1DH.\s0 If used this option must +precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR +are mutually exclusive. Engines may add algorithms in addition to the standard +built-in ones. +.Sp +Valid built-in algorithm names for private key generation are \s-1RSA,\s0 RSA-PSS, \s-1EC, +X25519, X448, ED25519\s0 and \s-1ED448.\s0 +.Sp +Valid built-in algorithm names for parameter generation (see the \fB\-genparam\fR +option) are \s-1DH, DSA\s0 and \s-1EC.\s0 +.Sp +Note that the algorithm name X9.42 \s-1DH\s0 may be used as a synonym for the \s-1DH\s0 +algorithm. These are identical and do not indicate the type of parameters that +will be generated. Use the \fBdh_paramgen_type\fR option to indicate whether PKCS#3 +or X9.42 \s-1DH\s0 parameters are required. See \*(L"\s-1DH\s0 Parameter Generation Options\*(R" +below for more details. +.IP "\fB\-pkeyopt opt:value\fR" 4 +.IX Item "-pkeyopt opt:value" +Set the public key algorithm option \fBopt\fR to \fBvalue\fR. The precise set of +options supported depends on the public key algorithm used and its +implementation. See \*(L"\s-1KEY GENERATION OPTIONS\*(R"\s0 and +\&\*(L"\s-1PARAMETER GENERATION OPTIONS\*(R"\s0 below for more details. +.IP "\fB\-genparam\fR" 4 +.IX Item "-genparam" +Generate a set of parameters instead of a private key. If used this option must +precede any \fB\-algorithm\fR, \fB\-paramfile\fR or \fB\-pkeyopt\fR options. +.IP "\fB\-paramfile filename\fR" 4 +.IX Item "-paramfile filename" +Some public key algorithms generate a private key based on a set of parameters. +They can be supplied using this option. If this option is used the public key +algorithm used is determined by the parameters. If used this option must +precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR +are mutually exclusive. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Print an (unencrypted) text representation of private and public keys and +parameters along with the \s-1PEM\s0 or \s-1DER\s0 structure. +.SH "KEY GENERATION OPTIONS" +.IX Header "KEY GENERATION OPTIONS" +The options supported by each algorithm and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below. There are no key generation options defined for the X25519, X448, \s-1ED25519\s0 +or \s-1ED448\s0 algorithms. +.SS "\s-1RSA\s0 Key Generation Options" +.IX Subsection "RSA Key Generation Options" +.IP "\fBrsa_keygen_bits:numbits\fR" 4 +.IX Item "rsa_keygen_bits:numbits" +The number of bits in the generated key. If not specified 2048 is used. +.IP "\fBrsa_keygen_primes:numprimes\fR" 4 +.IX Item "rsa_keygen_primes:numprimes" +The number of primes in the generated key. If not specified 2 is used. +.IP "\fBrsa_keygen_pubexp:value\fR" 4 +.IX Item "rsa_keygen_pubexp:value" +The \s-1RSA\s0 public exponent value. This can be a large decimal or +hexadecimal value if preceded by \fB0x\fR. Default value is 65537. +.SS "RSA-PSS Key Generation Options" +.IX Subsection "RSA-PSS Key Generation Options" +Note: by default an \fBRSA-PSS\fR key has no parameter restrictions. +.IP "\fBrsa_keygen_bits:numbits\fR, \fBrsa_keygen_primes:numprimes\fR, \fBrsa_keygen_pubexp:value\fR" 4 +.IX Item "rsa_keygen_bits:numbits, rsa_keygen_primes:numprimes, rsa_keygen_pubexp:value" +These options have the same meaning as the \fB\s-1RSA\s0\fR algorithm. +.IP "\fBrsa_pss_keygen_md:digest\fR" 4 +.IX Item "rsa_pss_keygen_md:digest" +If set the key is restricted and can only use \fBdigest\fR for signing. +.IP "\fBrsa_pss_keygen_mgf1_md:digest\fR" 4 +.IX Item "rsa_pss_keygen_mgf1_md:digest" +If set the key is restricted and can only use \fBdigest\fR as it's \s-1MGF1\s0 +parameter. +.IP "\fBrsa_pss_keygen_saltlen:len\fR" 4 +.IX Item "rsa_pss_keygen_saltlen:len" +If set the key is restricted and \fBlen\fR specifies the minimum salt length. +.SS "\s-1EC\s0 Key Generation Options" +.IX Subsection "EC Key Generation Options" +The \s-1EC\s0 key generation options can also be used for parameter generation. +.IP "\fBec_paramgen_curve:curve\fR" 4 +.IX Item "ec_paramgen_curve:curve" +The \s-1EC\s0 curve to use. OpenSSL supports \s-1NIST\s0 curve names such as \*(L"P\-256\*(R". +.IP "\fBec_param_enc:encoding\fR" 4 +.IX Item "ec_param_enc:encoding" +The encoding to use for parameters. The \*(L"encoding\*(R" parameter must be either +\&\*(L"named_curve\*(R" or \*(L"explicit\*(R". The default value is \*(L"named_curve\*(R". +.SH "PARAMETER GENERATION OPTIONS" +.IX Header "PARAMETER GENERATION OPTIONS" +The options supported by each algorithm and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below. +.SS "\s-1DSA\s0 Parameter Generation Options" +.IX Subsection "DSA Parameter Generation Options" +.IP "\fBdsa_paramgen_bits:numbits\fR" 4 +.IX Item "dsa_paramgen_bits:numbits" +The number of bits in the generated prime. If not specified 2048 is used. +.IP "\fBdsa_paramgen_q_bits:numbits\fR" 4 +.IX Item "dsa_paramgen_q_bits:numbits" +The number of bits in the q parameter. Must be one of 160, 224 or 256. If not +specified 224 is used. +.IP "\fBdsa_paramgen_md:digest\fR" 4 +.IX Item "dsa_paramgen_md:digest" +The digest to use during parameter generation. Must be one of \fBsha1\fR, \fBsha224\fR +or \fBsha256\fR. If set, then the number of bits in \fBq\fR will match the output size +of the specified digest and the \fBdsa_paramgen_q_bits\fR parameter will be +ignored. If not set, then a digest will be used that gives an output matching +the number of bits in \fBq\fR, i.e. \fBsha1\fR if q length is 160, \fBsha224\fR if it 224 +or \fBsha256\fR if it is 256. +.SS "\s-1DH\s0 Parameter Generation Options" +.IX Subsection "DH Parameter Generation Options" +.IP "\fBdh_paramgen_prime_len:numbits\fR" 4 +.IX Item "dh_paramgen_prime_len:numbits" +The number of bits in the prime parameter \fBp\fR. The default is 2048. +.IP "\fBdh_paramgen_subprime_len:numbits\fR" 4 +.IX Item "dh_paramgen_subprime_len:numbits" +The number of bits in the sub prime parameter \fBq\fR. The default is 256 if the +prime is at least 2048 bits long or 160 otherwise. Only relevant if used in +conjunction with the \fBdh_paramgen_type\fR option to generate X9.42 \s-1DH\s0 parameters. +.IP "\fBdh_paramgen_generator:value\fR" 4 +.IX Item "dh_paramgen_generator:value" +The value to use for the generator \fBg\fR. The default is 2. +.IP "\fBdh_paramgen_type:value\fR" 4 +.IX Item "dh_paramgen_type:value" +The type of \s-1DH\s0 parameters to generate. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH.\s0 +The default is 0. +.IP "\fBdh_rfc5114:num\fR" 4 +.IX Item "dh_rfc5114:num" +If this option is set, then the appropriate \s-1RFC5114\s0 parameters are used +instead of generating new parameters. The value \fBnum\fR can take the +values 1, 2 or 3 corresponding to \s-1RFC5114 DH\s0 parameters consisting of +1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup +and 2048 bit group with 256 bit subgroup as mentioned in \s-1RFC5114\s0 sections +2.1, 2.2 and 2.3 respectively. If present this overrides all other \s-1DH\s0 parameter +options. +.SS "\s-1EC\s0 Parameter Generation Options" +.IX Subsection "EC Parameter Generation Options" +The \s-1EC\s0 parameter generation options are the same as for key generation. See +\&\*(L"\s-1EC\s0 Key Generation Options\*(R" above. +.SH "NOTES" +.IX Header "NOTES" +The use of the genpkey program is encouraged over the algorithm specific +utilities because additional algorithm options and \s-1ENGINE\s0 provided algorithms +can be used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate an \s-1RSA\s0 private key using default parameters: +.PP +.Vb 1 +\& openssl genpkey \-algorithm RSA \-out key.pem +.Ve +.PP +Encrypt output private key using 128 bit \s-1AES\s0 and the passphrase \*(L"hello\*(R": +.PP +.Vb 1 +\& openssl genpkey \-algorithm RSA \-out key.pem \-aes\-128\-cbc \-pass pass:hello +.Ve +.PP +Generate a 2048 bit \s-1RSA\s0 key using 3 as the public exponent: +.PP +.Vb 2 +\& openssl genpkey \-algorithm RSA \-out key.pem \e +\& \-pkeyopt rsa_keygen_bits:2048 \-pkeyopt rsa_keygen_pubexp:3 +.Ve +.PP +Generate 2048 bit \s-1DSA\s0 parameters: +.PP +.Vb 2 +\& openssl genpkey \-genparam \-algorithm DSA \-out dsap.pem \e +\& \-pkeyopt dsa_paramgen_bits:2048 +.Ve +.PP +Generate \s-1DSA\s0 key from parameters: +.PP +.Vb 1 +\& openssl genpkey \-paramfile dsap.pem \-out dsakey.pem +.Ve +.PP +Generate 2048 bit \s-1DH\s0 parameters: +.PP +.Vb 2 +\& openssl genpkey \-genparam \-algorithm DH \-out dhp.pem \e +\& \-pkeyopt dh_paramgen_prime_len:2048 +.Ve +.PP +Generate 2048 bit X9.42 \s-1DH\s0 parameters: +.PP +.Vb 3 +\& openssl genpkey \-genparam \-algorithm DH \-out dhpx.pem \e +\& \-pkeyopt dh_paramgen_prime_len:2048 \e +\& \-pkeyopt dh_paramgen_type:1 +.Ve +.PP +Output \s-1RFC5114 2048\s0 bit \s-1DH\s0 parameters with 224 bit subgroup: +.PP +.Vb 1 +\& openssl genpkey \-genparam \-algorithm DH \-out dhp.pem \-pkeyopt dh_rfc5114:2 +.Ve +.PP +Generate \s-1DH\s0 key from parameters: +.PP +.Vb 1 +\& openssl genpkey \-paramfile dhp.pem \-out dhkey.pem +.Ve +.PP +Generate \s-1EC\s0 parameters: +.PP +.Vb 3 +\& openssl genpkey \-genparam \-algorithm EC \-out ecp.pem \e +\& \-pkeyopt ec_paramgen_curve:secp384r1 \e +\& \-pkeyopt ec_param_enc:named_curve +.Ve +.PP +Generate \s-1EC\s0 key from parameters: +.PP +.Vb 1 +\& openssl genpkey \-paramfile ecp.pem \-out eckey.pem +.Ve +.PP +Generate \s-1EC\s0 key directly: +.PP +.Vb 3 +\& openssl genpkey \-algorithm EC \-out eckey.pem \e +\& \-pkeyopt ec_paramgen_curve:P\-384 \e +\& \-pkeyopt ec_param_enc:named_curve +.Ve +.PP +Generate an X25519 private key: +.PP +.Vb 1 +\& openssl genpkey \-algorithm X25519 \-out xkey.pem +.Ve +.PP +Generate an \s-1ED448\s0 private key: +.PP +.Vb 1 +\& openssl genpkey \-algorithm ED448 \-out xkey.pem +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +The ability to use \s-1NIST\s0 curve names, and to generate an \s-1EC\s0 key directly, +were added in OpenSSL 1.0.2. +The ability to generate X25519 keys was added in OpenSSL 1.1.0. +The ability to generate X448, \s-1ED25519\s0 and \s-1ED448\s0 keys was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/genrsa.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/genrsa.1 new file mode 100644 index 00000000..1dc02227 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/genrsa.1 @@ -0,0 +1,243 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "GENRSA 1" +.TH GENRSA 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-genrsa, genrsa \- generate an RSA private key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBgenrsa\fR +[\fB\-help\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-f4\fR] +[\fB\-3\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-engine id\fR] +[\fB\-primes num\fR] +[\fBnumbits\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBgenrsa\fR command generates an \s-1RSA\s0 private key. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Output the key to the specified file. If this argument is not specified then +standard output is used. +.IP "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +The output file password source. For more information about the format +of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with specified +cipher before outputting it. If none of these options is +specified no encryption is used. If encryption is used a pass phrase is prompted +for if it is not supplied via the \fB\-passout\fR argument. +.IP "\fB\-F4|\-3\fR" 4 +.IX Item "-F4|-3" +The public exponent to use, either 65537 or 3. The default is 65537. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBgenrsa\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-primes num\fR" 4 +.IX Item "-primes num" +Specify the number of primes to use while generating the \s-1RSA\s0 key. The \fBnum\fR +parameter must be a positive integer that is greater than 1 and less than 16. +If \fBnum\fR is greater than 2, then the generated key is called a 'multi\-prime' +\&\s-1RSA\s0 key, which is defined in \s-1RFC 8017.\s0 +.IP "\fBnumbits\fR" 4 +.IX Item "numbits" +The size of the private key to generate in bits. This must be the last option +specified. The default is 2048 and values less than 512 are not allowed. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1RSA\s0 private key generation essentially involves the generation of two or more +prime numbers. When generating a private key various symbols will be output to +indicate the progress of the generation. A \fB.\fR represents each number which +has passed an initial sieve test, \fB+\fR means a number has passed a single +round of the Miller-Rabin primality test, \fB*\fR means the current prime starts +a regenerating progress due to some failed tests. A newline means that the number +has passed all the prime tests (the actual number depends on the key size). +.PP +Because key generation is a random process the time taken to generate a key +may vary somewhat. But in general, more primes lead to less generation time +of a key. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBgendsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/list.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/list.1 new file mode 100644 index 00000000..72b628e7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/list.1 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "LIST 1" +.TH LIST 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-list, list \- list algorithms and features +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl list\fR +[\fB\-help\fR] +[\fB\-1\fR] +[\fB\-commands\fR] +[\fB\-digest\-commands\fR] +[\fB\-digest\-algorithms\fR] +[\fB\-cipher\-commands\fR] +[\fB\-cipher\-algorithms\fR] +[\fB\-public\-key\-algorithms\fR] +[\fB\-public\-key\-methods\fR] +[\fB\-disabled\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to generate list of algorithms or disabled +features. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Display a usage message. +.IP "\fB\-1\fR" 4 +.IX Item "-1" +List the commands, digest-commands, or cipher-commands in a single column. +If used, this option must be given first. +.IP "\fB\-commands\fR" 4 +.IX Item "-commands" +Display a list of standard commands. +.IP "\fB\-digest\-commands\fR" 4 +.IX Item "-digest-commands" +Display a list of message digest commands, which are typically used +as input to the \fBdgst\fR\|(1) or \fBspeed\fR\|(1) commands. +.IP "\fB\-digest\-algorithms\fR" 4 +.IX Item "-digest-algorithms" +Display a list of message digest algorithms. +If a line is of the form + foo => bar +then \fBfoo\fR is an alias for the official algorithm name, \fBbar\fR. +.IP "\fB\-cipher\-commands\fR" 4 +.IX Item "-cipher-commands" +Display a list of cipher commands, which are typically used as input +to the \fBdgst\fR\|(1) or \fBspeed\fR\|(1) commands. +.IP "\fB\-cipher\-algorithms\fR" 4 +.IX Item "-cipher-algorithms" +Display a list of cipher algorithms. +If a line is of the form + foo => bar +then \fBfoo\fR is an alias for the official algorithm name, \fBbar\fR. +.IP "\fB\-public\-key\-algorithms\fR" 4 +.IX Item "-public-key-algorithms" +Display a list of public key algorithms, with each algorithm as +a block of multiple lines, all but the first are indented. +.IP "\fB\-public\-key\-methods\fR" 4 +.IX Item "-public-key-methods" +Display a list of public key method OIDs: this also includes public key methods +without an associated \s-1ASN.1\s0 method, for example, \s-1KDF\s0 algorithms. +.IP "\fB\-disabled\fR" 4 +.IX Item "-disabled" +Display a list of disabled features, those that were compiled out +of the installation. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/nseq.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/nseq.1 new file mode 100644 index 00000000..e6d4634c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/nseq.1 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "NSEQ 1" +.TH NSEQ 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-nseq, nseq \- create or examine a Netscape certificate sequence +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBnseq\fR +[\fB\-help\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-toseq\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBnseq\fR command takes a file containing a Netscape certificate +sequence and prints out the certificates contained in it or takes a +file of certificates and converts it into a Netscape certificate +sequence. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read or standard input if this +option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Specifies the output filename or standard output by default. +.IP "\fB\-toseq\fR" 4 +.IX Item "-toseq" +Normally a Netscape certificate sequence will be input and the output +is the certificates contained in it. With the \fB\-toseq\fR option the +situation is reversed: a Netscape certificate sequence is created from +a file of certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Output the certificates in a Netscape certificate sequence +.PP +.Vb 1 +\& openssl nseq \-in nseq.pem \-out certs.pem +.Ve +.PP +Create a Netscape certificate sequence +.PP +.Vb 1 +\& openssl nseq \-in certs.pem \-toseq \-out nseq.pem +.Ve +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1PEM\s0\fR encoded form uses the same headers and footers as a certificate: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.Ve +.PP +A Netscape certificate sequence is a Netscape specific format that can be sent +to browsers as an alternative to the standard PKCS#7 format when several +certificates are sent to the browser: for example during certificate enrollment. +It is used by Netscape certificate server for example. +.SH "BUGS" +.IX Header "BUGS" +This program needs a few more options: like allowing \s-1DER\s0 or \s-1PEM\s0 input and +output files and allowing multiple certificate files to be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ocsp.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ocsp.1 new file mode 100644 index 00000000..a306fb43 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ocsp.1 @@ -0,0 +1,584 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP 1" +.TH OCSP 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ocsp, ocsp \- Online Certificate Status Protocol utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBocsp\fR +[\fB\-help\fR] +[\fB\-out file\fR] +[\fB\-issuer file\fR] +[\fB\-cert file\fR] +[\fB\-serial n\fR] +[\fB\-signer file\fR] +[\fB\-signkey file\fR] +[\fB\-sign_other file\fR] +[\fB\-no_certs\fR] +[\fB\-req_text\fR] +[\fB\-resp_text\fR] +[\fB\-text\fR] +[\fB\-reqout file\fR] +[\fB\-respout file\fR] +[\fB\-reqin file\fR] +[\fB\-respin file\fR] +[\fB\-nonce\fR] +[\fB\-no_nonce\fR] +[\fB\-url \s-1URL\s0\fR] +[\fB\-host host:port\fR] +[\fB\-multi process-count\fR] +[\fB\-header\fR] +[\fB\-path\fR] +[\fB\-CApath dir\fR] +[\fB\-CAfile file\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-attime timestamp\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-no_check_time\fR] +[\fB\-partial_chain\fR] +[\fB\-policy arg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose purpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level num\fR] +[\fB\-verify_depth num\fR] +[\fB\-verify_email email\fR] +[\fB\-verify_hostname hostname\fR] +[\fB\-verify_ip ip\fR] +[\fB\-verify_name name\fR] +[\fB\-x509_strict\fR] +[\fB\-VAfile file\fR] +[\fB\-validity_period n\fR] +[\fB\-status_age n\fR] +[\fB\-noverify\fR] +[\fB\-verify_other file\fR] +[\fB\-trust_other\fR] +[\fB\-no_intern\fR] +[\fB\-no_signature_verify\fR] +[\fB\-no_cert_verify\fR] +[\fB\-no_chain\fR] +[\fB\-no_cert_checks\fR] +[\fB\-no_explicit\fR] +[\fB\-port num\fR] +[\fB\-ignore_err\fR] +[\fB\-index file\fR] +[\fB\-CA file\fR] +[\fB\-rsigner file\fR] +[\fB\-rkey file\fR] +[\fB\-rother file\fR] +[\fB\-rsigopt nm:v\fR] +[\fB\-resp_no_certs\fR] +[\fB\-nmin n\fR] +[\fB\-ndays n\fR] +[\fB\-resp_key_id\fR] +[\fB\-nrequest n\fR] +[\fB\-\f(BIdigest\fB\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Online Certificate Status Protocol (\s-1OCSP\s0) enables applications to +determine the (revocation) state of an identified certificate (\s-1RFC 2560\s0). +.PP +The \fBocsp\fR command performs many common \s-1OCSP\s0 tasks. It can be used +to print out requests and responses, create requests and send queries +to an \s-1OCSP\s0 responder and behave like a mini \s-1OCSP\s0 server itself. +.SH "OPTIONS" +.IX Header "OPTIONS" +This command operates as either a client or a server. +The options are described below, divided into those two modes. +.SS "\s-1OCSP\s0 Client Options" +.IX Subsection "OCSP Client Options" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +specify output filename, default is standard output. +.IP "\fB\-issuer filename\fR" 4 +.IX Item "-issuer filename" +This specifies the current issuer certificate. This option can be used +multiple times. The certificate specified in \fBfilename\fR must be in +\&\s-1PEM\s0 format. This option \fB\s-1MUST\s0\fR come before any \fB\-cert\fR options. +.IP "\fB\-cert filename\fR" 4 +.IX Item "-cert filename" +Add the certificate \fBfilename\fR to the request. The issuer certificate +is taken from the previous \fBissuer\fR option, or an error occurs if no +issuer certificate is specified. +.IP "\fB\-serial num\fR" 4 +.IX Item "-serial num" +Same as the \fBcert\fR option except the certificate with serial number +\&\fBnum\fR is added to the request. The serial number is interpreted as a +decimal integer unless preceded by \fB0x\fR. Negative integers can also +be specified by preceding the value by a \fB\-\fR sign. +.IP "\fB\-signer filename\fR, \fB\-signkey filename\fR" 4 +.IX Item "-signer filename, -signkey filename" +Sign the \s-1OCSP\s0 request using the certificate specified in the \fBsigner\fR +option and the private key specified by the \fBsignkey\fR option. If +the \fBsignkey\fR option is not present then the private key is read +from the same file as the certificate. If neither option is specified then +the \s-1OCSP\s0 request is not signed. +.IP "\fB\-sign_other filename\fR" 4 +.IX Item "-sign_other filename" +Additional certificates to include in the signed request. +.IP "\fB\-nonce\fR, \fB\-no_nonce\fR" 4 +.IX Item "-nonce, -no_nonce" +Add an \s-1OCSP\s0 nonce extension to a request or disable \s-1OCSP\s0 nonce addition. +Normally if an \s-1OCSP\s0 request is input using the \fBreqin\fR option no +nonce is added: using the \fBnonce\fR option will force addition of a nonce. +If an \s-1OCSP\s0 request is being created (using \fBcert\fR and \fBserial\fR options) +a nonce is automatically added specifying \fBno_nonce\fR overrides this. +.IP "\fB\-req_text\fR, \fB\-resp_text\fR, \fB\-text\fR" 4 +.IX Item "-req_text, -resp_text, -text" +Print out the text form of the \s-1OCSP\s0 request, response or both respectively. +.IP "\fB\-reqout file\fR, \fB\-respout file\fR" 4 +.IX Item "-reqout file, -respout file" +Write out the \s-1DER\s0 encoded certificate request or response to \fBfile\fR. +.IP "\fB\-reqin file\fR, \fB\-respin file\fR" 4 +.IX Item "-reqin file, -respin file" +Read \s-1OCSP\s0 request or response file from \fBfile\fR. These option are ignored +if \s-1OCSP\s0 request or response creation is implied by other options (for example +with \fBserial\fR, \fBcert\fR and \fBhost\fR options). +.IP "\fB\-url responder_url\fR" 4 +.IX Item "-url responder_url" +Specify the responder \s-1URL.\s0 Both \s-1HTTP\s0 and \s-1HTTPS\s0 (\s-1SSL/TLS\s0) URLs can be specified. +.IP "\fB\-host hostname:port\fR, \fB\-path pathname\fR" 4 +.IX Item "-host hostname:port, -path pathname" +If the \fBhost\fR option is present then the \s-1OCSP\s0 request is sent to the host +\&\fBhostname\fR on port \fBport\fR. \fBpath\fR specifies the \s-1HTTP\s0 path name to use +or \*(L"/\*(R" by default. This is equivalent to specifying \fB\-url\fR with scheme +http:// and the given hostname, port, and pathname. +.IP "\fB\-header name=value\fR" 4 +.IX Item "-header name=value" +Adds the header \fBname\fR with the specified \fBvalue\fR to the \s-1OCSP\s0 request +that is sent to the responder. +This may be repeated. +.IP "\fB\-timeout seconds\fR" 4 +.IX Item "-timeout seconds" +Connection timeout to the \s-1OCSP\s0 responder in seconds. +On \s-1POSIX\s0 systems, when running as an \s-1OCSP\s0 responder, this option also limits +the time that the responder is willing to wait for the client request. +This time is measured from the time the responder accepts the connection until +the complete request is received. +.IP "\fB\-multi process-count\fR" 4 +.IX Item "-multi process-count" +Run the specified number of \s-1OCSP\s0 responder child processes, with the parent +process respawning child processes as needed. +Child processes will detect changes in the \s-1CA\s0 index file and automatically +reload it. +When running as a responder \fB\-timeout\fR option is recommended to limit the time +each child is willing to wait for the client's \s-1OCSP\s0 response. +This option is available on \s-1POSIX\s0 systems (that support the \fBfork()\fR and other +required unix system-calls). +.IP "\fB\-CAfile file\fR, \fB\-CApath pathname\fR" 4 +.IX Item "-CAfile file, -CApath pathname" +File or pathname containing trusted \s-1CA\s0 certificates. These are used to verify +the signature on the \s-1OCSP\s0 response. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location +.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4 +.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict" +Set different certificate verification options. +See \fBverify\fR\|(1) manual page for details. +.IP "\fB\-verify_other file\fR" 4 +.IX Item "-verify_other file" +File containing additional certificates to search when attempting to locate +the \s-1OCSP\s0 response signing certificate. Some responders omit the actual signer's +certificate from the response: this option can be used to supply the necessary +certificate in such cases. +.IP "\fB\-trust_other\fR" 4 +.IX Item "-trust_other" +The certificates specified by the \fB\-verify_other\fR option should be explicitly +trusted and no additional checks will be performed on them. This is useful +when the complete responder certificate chain is not available or trusting a +root \s-1CA\s0 is not appropriate. +.IP "\fB\-VAfile file\fR" 4 +.IX Item "-VAfile file" +File containing explicitly trusted responder certificates. Equivalent to the +\&\fB\-verify_other\fR and \fB\-trust_other\fR options. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Don't attempt to verify the \s-1OCSP\s0 response signature or the nonce +values. This option will normally only be used for debugging since it +disables all verification of the responders certificate. +.IP "\fB\-no_intern\fR" 4 +.IX Item "-no_intern" +Ignore certificates contained in the \s-1OCSP\s0 response when searching for the +signers certificate. With this option the signers certificate must be specified +with either the \fB\-verify_other\fR or \fB\-VAfile\fR options. +.IP "\fB\-no_signature_verify\fR" 4 +.IX Item "-no_signature_verify" +Don't check the signature on the \s-1OCSP\s0 response. Since this option +tolerates invalid signatures on \s-1OCSP\s0 responses it will normally only be +used for testing purposes. +.IP "\fB\-no_cert_verify\fR" 4 +.IX Item "-no_cert_verify" +Don't verify the \s-1OCSP\s0 response signers certificate at all. Since this +option allows the \s-1OCSP\s0 response to be signed by any certificate it should +only be used for testing purposes. +.IP "\fB\-no_chain\fR" 4 +.IX Item "-no_chain" +Do not use certificates in the response as additional untrusted \s-1CA\s0 +certificates. +.IP "\fB\-no_explicit\fR" 4 +.IX Item "-no_explicit" +Do not explicitly trust the root \s-1CA\s0 if it is set to be trusted for \s-1OCSP\s0 signing. +.IP "\fB\-no_cert_checks\fR" 4 +.IX Item "-no_cert_checks" +Don't perform any additional checks on the \s-1OCSP\s0 response signers certificate. +That is do not make any checks to see if the signers certificate is authorised +to provide the necessary status information: as a result this option should +only be used for testing purposes. +.IP "\fB\-validity_period nsec\fR, \fB\-status_age age\fR" 4 +.IX Item "-validity_period nsec, -status_age age" +These options specify the range of times, in seconds, which will be tolerated +in an \s-1OCSP\s0 response. Each certificate status response includes a \fBnotBefore\fR +time and an optional \fBnotAfter\fR time. The current time should fall between +these two values, but the interval between the two times may be only a few +seconds. In practice the \s-1OCSP\s0 responder and clients clocks may not be precisely +synchronised and so such a check may fail. To avoid this the +\&\fB\-validity_period\fR option can be used to specify an acceptable error range in +seconds, the default value is 5 minutes. +.Sp +If the \fBnotAfter\fR time is omitted from a response then this means that new +status information is immediately available. In this case the age of the +\&\fBnotBefore\fR field is checked to see it is not older than \fBage\fR seconds old. +By default this additional check is not performed. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +This option sets digest algorithm to use for certificate identification in the +\&\s-1OCSP\s0 request. Any digest supported by the OpenSSL \fBdgst\fR command can be used. +The default is \s-1SHA\-1.\s0 This option may be used multiple times to specify the +digest used by subsequent certificate identifiers. +.SS "\s-1OCSP\s0 Server Options" +.IX Subsection "OCSP Server Options" +.IP "\fB\-index indexfile\fR" 4 +.IX Item "-index indexfile" +The \fBindexfile\fR parameter is the name of a text index file in \fBca\fR +format containing certificate revocation information. +.Sp +If the \fBindex\fR option is specified the \fBocsp\fR utility is in responder +mode, otherwise it is in client mode. The request(s) the responder +processes can be either specified on the command line (using \fBissuer\fR +and \fBserial\fR options), supplied in a file (using the \fBreqin\fR option) +or via external \s-1OCSP\s0 clients (if \fBport\fR or \fBurl\fR is specified). +.Sp +If the \fBindex\fR option is present then the \fB\s-1CA\s0\fR and \fBrsigner\fR options +must also be present. +.IP "\fB\-CA file\fR" 4 +.IX Item "-CA file" +\&\s-1CA\s0 certificate corresponding to the revocation information in \fBindexfile\fR. +.IP "\fB\-rsigner file\fR" 4 +.IX Item "-rsigner file" +The certificate to sign \s-1OCSP\s0 responses with. +.IP "\fB\-rother file\fR" 4 +.IX Item "-rother file" +Additional certificates to include in the \s-1OCSP\s0 response. +.IP "\fB\-resp_no_certs\fR" 4 +.IX Item "-resp_no_certs" +Don't include any certificates in the \s-1OCSP\s0 response. +.IP "\fB\-resp_key_id\fR" 4 +.IX Item "-resp_key_id" +Identify the signer certificate using the key \s-1ID,\s0 default is to use the +subject name. +.IP "\fB\-rkey file\fR" 4 +.IX Item "-rkey file" +The private key to sign \s-1OCSP\s0 responses with: if not present the file +specified in the \fBrsigner\fR option is used. +.IP "\fB\-rsigopt nm:v\fR" 4 +.IX Item "-rsigopt nm:v" +Pass options to the signature algorithm when signing \s-1OCSP\s0 responses. +Names and values of these options are algorithm-specific. +.IP "\fB\-port portnum\fR" 4 +.IX Item "-port portnum" +Port to listen for \s-1OCSP\s0 requests on. The port may also be specified +using the \fBurl\fR option. +.IP "\fB\-ignore_err\fR" 4 +.IX Item "-ignore_err" +Ignore malformed requests or responses: When acting as an \s-1OCSP\s0 client, retry if +a malformed response is received. When acting as an \s-1OCSP\s0 responder, continue +running instead of terminating upon receiving a malformed request. +.IP "\fB\-nrequest number\fR" 4 +.IX Item "-nrequest number" +The \s-1OCSP\s0 server will exit after receiving \fBnumber\fR requests, default unlimited. +.IP "\fB\-nmin minutes\fR, \fB\-ndays days\fR" 4 +.IX Item "-nmin minutes, -ndays days" +Number of minutes or days when fresh revocation information is available: +used in the \fBnextUpdate\fR field. If neither option is present then the +\&\fBnextUpdate\fR field is omitted meaning fresh revocation information is +immediately available. +.SH "OCSP Response verification." +.IX Header "OCSP Response verification." +\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560.\s0 +.PP +Initially the \s-1OCSP\s0 responder certificate is located and the signature on +the \s-1OCSP\s0 request checked using the responder certificate's public key. +.PP +Then a normal certificate verify is performed on the \s-1OCSP\s0 responder certificate +building up a certificate chain in the process. The locations of the trusted +certificates used to build the chain can be specified by the \fBCAfile\fR +and \fBCApath\fR options or they will be looked for in the standard OpenSSL +certificates directory. +.PP +If the initial verify fails then the \s-1OCSP\s0 verify process halts with an +error. +.PP +Otherwise the issuing \s-1CA\s0 certificate in the request is compared to the \s-1OCSP\s0 +responder certificate: if there is a match then the \s-1OCSP\s0 verify succeeds. +.PP +Otherwise the \s-1OCSP\s0 responder certificate's \s-1CA\s0 is checked against the issuing +\&\s-1CA\s0 certificate in the request. If there is a match and the OCSPSigning +extended key usage is present in the \s-1OCSP\s0 responder certificate then the +\&\s-1OCSP\s0 verify succeeds. +.PP +Otherwise, if \fB\-no_explicit\fR is \fBnot\fR set the root \s-1CA\s0 of the \s-1OCSP\s0 responders +\&\s-1CA\s0 is checked to see if it is trusted for \s-1OCSP\s0 signing. If it is the \s-1OCSP\s0 +verify succeeds. +.PP +If none of these checks is successful then the \s-1OCSP\s0 verify fails. +.PP +What this effectively means if that if the \s-1OCSP\s0 responder certificate is +authorised directly by the \s-1CA\s0 it is issuing revocation information about +(and it is correctly configured) then verification will succeed. +.PP +If the \s-1OCSP\s0 responder is a \*(L"global responder\*(R" which can give details about +multiple CAs and has its own separate certificate chain then its root +\&\s-1CA\s0 can be trusted for \s-1OCSP\s0 signing. For example: +.PP +.Vb 1 +\& openssl x509 \-in ocspCA.pem \-addtrust OCSPSigning \-out trustedCA.pem +.Ve +.PP +Alternatively the responder certificate itself can be explicitly trusted +with the \fB\-VAfile\fR option. +.SH "NOTES" +.IX Header "NOTES" +As noted, most of the verify options are for testing or debugging purposes. +Normally only the \fB\-CApath\fR, \fB\-CAfile\fR and (if the responder is a 'global +\&\s-1VA\s0') \fB\-VAfile\fR options need to be used. +.PP +The \s-1OCSP\s0 server is only useful for test and demonstration purposes: it is +not really usable as a full \s-1OCSP\s0 responder. It contains only a very +simple \s-1HTTP\s0 request handling and can only handle the \s-1POST\s0 form of \s-1OCSP\s0 +queries. It also handles requests serially meaning it cannot respond to +new requests until it has processed the current one. The text index file +format of revocation is also inefficient for large quantities of revocation +data. +.PP +It is possible to run the \fBocsp\fR application in responder mode via a \s-1CGI\s0 +script using the \fBreqin\fR and \fBrespout\fR options. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \s-1OCSP\s0 request and write it to a file: +.PP +.Vb 1 +\& openssl ocsp \-issuer issuer.pem \-cert c1.pem \-cert c2.pem \-reqout req.der +.Ve +.PP +Send a query to an \s-1OCSP\s0 responder with \s-1URL\s0 http://ocsp.myhost.com/ save the +response to a file, print it out in text form, and verify the response: +.PP +.Vb 2 +\& openssl ocsp \-issuer issuer.pem \-cert c1.pem \-cert c2.pem \e +\& \-url http://ocsp.myhost.com/ \-resp_text \-respout resp.der +.Ve +.PP +Read in an \s-1OCSP\s0 response and print out text form: +.PP +.Vb 1 +\& openssl ocsp \-respin resp.der \-text \-noverify +.Ve +.PP +\&\s-1OCSP\s0 server on port 8888 using a standard \fBca\fR configuration, and a separate +responder certificate. All requests and responses are printed to a file. +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-port 8888 \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-text \-out log.txt +.Ve +.PP +As above but exit after processing one request: +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-port 8888 \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-nrequest 1 +.Ve +.PP +Query status information using an internally generated request: +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-issuer demoCA/cacert.pem \-serial 1 +.Ve +.PP +Query status information using request read from a file, and write the response +to a second file. +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-reqin req.der \-respout resp.der +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +The \-no_alt_chains option was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/openssl.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/openssl.1 new file mode 100644 index 00000000..14d4c770 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/openssl.1 @@ -0,0 +1,583 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL 1" +.TH OPENSSL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl \- OpenSSL command line tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR +\&\fIcommand\fR +[ \fIcommand_opts\fR ] +[ \fIcommand_args\fR ] +.PP +\&\fBopenssl\fR \fBlist\fR [ \fBstandard-commands\fR | \fBdigest-commands\fR | \fBcipher-commands\fR | \fBcipher-algorithms\fR | \fBdigest-algorithms\fR | \fBpublic-key-algorithms\fR] +.PP +\&\fBopenssl\fR \fBno\-\fR\fI\s-1XXX\s0\fR [ \fIarbitrary options\fR ] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (\s-1SSL\s0 +v2/v3) and Transport Layer Security (\s-1TLS\s0 v1) network protocols and related +cryptography standards required by them. +.PP +The \fBopenssl\fR program is a command line tool for using the various +cryptography functions of OpenSSL's \fBcrypto\fR library from the shell. +It can be used for +.PP +.Vb 8 +\& o Creation and management of private keys, public keys and parameters +\& o Public key cryptographic operations +\& o Creation of X.509 certificates, CSRs and CRLs +\& o Calculation of Message Digests +\& o Encryption and Decryption with Ciphers +\& o SSL/TLS Client and Server Tests +\& o Handling of S/MIME signed or encrypted mail +\& o Time Stamp requests, generation and verification +.Ve +.SH "COMMAND SUMMARY" +.IX Header "COMMAND SUMMARY" +The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in the +\&\s-1SYNOPSIS\s0 above), each of which often has a wealth of options and arguments +(\fIcommand_opts\fR and \fIcommand_args\fR in the \s-1SYNOPSIS\s0). +.PP +Detailed documentation and use cases for most standard subcommands are available +(e.g., \fBx509\fR\|(1) or \fBopenssl\-x509\fR\|(1)). +.PP +Many commands use an external configuration file for some or all of their +arguments and have a \fB\-config\fR option to specify that file. +The environment variable \fB\s-1OPENSSL_CONF\s0\fR can be used to specify +the location of the file. +If the environment variable is not specified, then the file is named +\&\fBopenssl.cnf\fR in the default certificate storage area, whose value +depends on the configuration flags specified when the OpenSSL +was built. +.PP +The list parameters \fBstandard-commands\fR, \fBdigest-commands\fR, +and \fBcipher-commands\fR output a list (one entry per line) of the names +of all standard commands, message digest commands, or cipher commands, +respectively, that are available in the present \fBopenssl\fR utility. +.PP +The list parameters \fBcipher-algorithms\fR and +\&\fBdigest-algorithms\fR list all cipher and message digest names, one entry per line. Aliases are listed as: +.PP +.Vb 1 +\& from => to +.Ve +.PP +The list parameter \fBpublic-key-algorithms\fR lists all supported public +key algorithms. +.PP +The command \fBno\-\fR\fI\s-1XXX\s0\fR tests whether a command of the +specified name is available. If no command named \fI\s-1XXX\s0\fR exists, it +returns 0 (success) and prints \fBno\-\fR\fI\s-1XXX\s0\fR; otherwise it returns 1 +and prints \fI\s-1XXX\s0\fR. In both cases, the output goes to \fBstdout\fR and +nothing is printed to \fBstderr\fR. Additional command line arguments +are always ignored. Since for each cipher there is a command of the +same name, this provides an easy way for shell scripts to test for the +availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fI\s-1XXX\s0\fR is +not able to detect pseudo-commands such as \fBquit\fR, +\&\fBlist\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.) +.SS "Standard Commands" +.IX Subsection "Standard Commands" +.IP "\fBasn1parse\fR" 4 +.IX Item "asn1parse" +Parse an \s-1ASN.1\s0 sequence. +.IP "\fBca\fR" 4 +.IX Item "ca" +Certificate Authority (\s-1CA\s0) Management. +.IP "\fBciphers\fR" 4 +.IX Item "ciphers" +Cipher Suite Description Determination. +.IP "\fBcms\fR" 4 +.IX Item "cms" +\&\s-1CMS\s0 (Cryptographic Message Syntax) utility. +.IP "\fBcrl\fR" 4 +.IX Item "crl" +Certificate Revocation List (\s-1CRL\s0) Management. +.IP "\fBcrl2pkcs7\fR" 4 +.IX Item "crl2pkcs7" +\&\s-1CRL\s0 to PKCS#7 Conversion. +.IP "\fBdgst\fR" 4 +.IX Item "dgst" +Message Digest Calculation. +.IP "\fBdh\fR" 4 +.IX Item "dh" +Diffie-Hellman Parameter Management. +Obsoleted by \fBdhparam\fR\|(1). +.IP "\fBdhparam\fR" 4 +.IX Item "dhparam" +Generation and Management of Diffie-Hellman Parameters. Superseded by +\&\fBgenpkey\fR\|(1) and \fBpkeyparam\fR\|(1). +.IP "\fBdsa\fR" 4 +.IX Item "dsa" +\&\s-1DSA\s0 Data Management. +.IP "\fBdsaparam\fR" 4 +.IX Item "dsaparam" +\&\s-1DSA\s0 Parameter Generation and Management. Superseded by +\&\fBgenpkey\fR\|(1) and \fBpkeyparam\fR\|(1). +.IP "\fBec\fR" 4 +.IX Item "ec" +\&\s-1EC\s0 (Elliptic curve) key processing. +.IP "\fBecparam\fR" 4 +.IX Item "ecparam" +\&\s-1EC\s0 parameter manipulation and generation. +.IP "\fBenc\fR" 4 +.IX Item "enc" +Encoding with Ciphers. +.IP "\fBengine\fR" 4 +.IX Item "engine" +Engine (loadable module) information and manipulation. +.IP "\fBerrstr\fR" 4 +.IX Item "errstr" +Error Number to Error String Conversion. +.IP "\fBgendh\fR" 4 +.IX Item "gendh" +Generation of Diffie-Hellman Parameters. +Obsoleted by \fBdhparam\fR\|(1). +.IP "\fBgendsa\fR" 4 +.IX Item "gendsa" +Generation of \s-1DSA\s0 Private Key from Parameters. Superseded by +\&\fBgenpkey\fR\|(1) and \fBpkey\fR\|(1). +.IP "\fBgenpkey\fR" 4 +.IX Item "genpkey" +Generation of Private Key or Parameters. +.IP "\fBgenrsa\fR" 4 +.IX Item "genrsa" +Generation of \s-1RSA\s0 Private Key. Superseded by \fBgenpkey\fR\|(1). +.IP "\fBnseq\fR" 4 +.IX Item "nseq" +Create or examine a Netscape certificate sequence. +.IP "\fBocsp\fR" 4 +.IX Item "ocsp" +Online Certificate Status Protocol utility. +.IP "\fBpasswd\fR" 4 +.IX Item "passwd" +Generation of hashed passwords. +.IP "\fBpkcs12\fR" 4 +.IX Item "pkcs12" +PKCS#12 Data Management. +.IP "\fBpkcs7\fR" 4 +.IX Item "pkcs7" +PKCS#7 Data Management. +.IP "\fBpkcs8\fR" 4 +.IX Item "pkcs8" +PKCS#8 format private key conversion tool. +.IP "\fBpkey\fR" 4 +.IX Item "pkey" +Public and private key management. +.IP "\fBpkeyparam\fR" 4 +.IX Item "pkeyparam" +Public key algorithm parameter management. +.IP "\fBpkeyutl\fR" 4 +.IX Item "pkeyutl" +Public key algorithm cryptographic operation utility. +.IP "\fBprime\fR" 4 +.IX Item "prime" +Compute prime numbers. +.IP "\fBrand\fR" 4 +.IX Item "rand" +Generate pseudo-random bytes. +.IP "\fBrehash\fR" 4 +.IX Item "rehash" +Create symbolic links to certificate and \s-1CRL\s0 files named by the hash values. +.IP "\fBreq\fR" 4 +.IX Item "req" +PKCS#10 X.509 Certificate Signing Request (\s-1CSR\s0) Management. +.IP "\fBrsa\fR" 4 +.IX Item "rsa" +\&\s-1RSA\s0 key management. +.IP "\fBrsautl\fR" 4 +.IX Item "rsautl" +\&\s-1RSA\s0 utility for signing, verification, encryption, and decryption. Superseded +by \fBpkeyutl\fR\|(1). +.IP "\fBs_client\fR" 4 +.IX Item "s_client" +This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent +connection to a remote server speaking \s-1SSL/TLS.\s0 It's intended for testing +purposes only and provides only rudimentary interface functionality but +internally uses mostly all functionality of the OpenSSL \fBssl\fR library. +.IP "\fBs_server\fR" 4 +.IX Item "s_server" +This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote +clients speaking \s-1SSL/TLS.\s0 It's intended for testing purposes only and provides +only rudimentary interface functionality but internally uses mostly all +functionality of the OpenSSL \fBssl\fR library. It provides both an own command +line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response +facility to emulate an SSL/TLS\-aware webserver. +.IP "\fBs_time\fR" 4 +.IX Item "s_time" +\&\s-1SSL\s0 Connection Timer. +.IP "\fBsess_id\fR" 4 +.IX Item "sess_id" +\&\s-1SSL\s0 Session Data Management. +.IP "\fBsmime\fR" 4 +.IX Item "smime" +S/MIME mail processing. +.IP "\fBspeed\fR" 4 +.IX Item "speed" +Algorithm Speed Measurement. +.IP "\fBspkac\fR" 4 +.IX Item "spkac" +\&\s-1SPKAC\s0 printing and generating utility. +.IP "\fBsrp\fR" 4 +.IX Item "srp" +Maintain \s-1SRP\s0 password file. +.IP "\fBstoreutl\fR" 4 +.IX Item "storeutl" +Utility to list and display certificates, keys, CRLs, etc. +.IP "\fBts\fR" 4 +.IX Item "ts" +Time Stamping Authority tool (client/server). +.IP "\fBverify\fR" 4 +.IX Item "verify" +X.509 Certificate Verification. +.IP "\fBversion\fR" 4 +.IX Item "version" +OpenSSL Version Information. +.IP "\fBx509\fR" 4 +.IX Item "x509" +X.509 Certificate Data Management. +.SS "Message Digest Commands" +.IX Subsection "Message Digest Commands" +.IP "\fBblake2b512\fR" 4 +.IX Item "blake2b512" +BLAKE2b\-512 Digest +.IP "\fBblake2s256\fR" 4 +.IX Item "blake2s256" +BLAKE2s\-256 Digest +.IP "\fBmd2\fR" 4 +.IX Item "md2" +\&\s-1MD2\s0 Digest +.IP "\fBmd4\fR" 4 +.IX Item "md4" +\&\s-1MD4\s0 Digest +.IP "\fBmd5\fR" 4 +.IX Item "md5" +\&\s-1MD5\s0 Digest +.IP "\fBmdc2\fR" 4 +.IX Item "mdc2" +\&\s-1MDC2\s0 Digest +.IP "\fBrmd160\fR" 4 +.IX Item "rmd160" +\&\s-1RMD\-160\s0 Digest +.IP "\fBsha1\fR" 4 +.IX Item "sha1" +\&\s-1SHA\-1\s0 Digest +.IP "\fBsha224\fR" 4 +.IX Item "sha224" +\&\s-1SHA\-2 224\s0 Digest +.IP "\fBsha256\fR" 4 +.IX Item "sha256" +\&\s-1SHA\-2 256\s0 Digest +.IP "\fBsha384\fR" 4 +.IX Item "sha384" +\&\s-1SHA\-2 384\s0 Digest +.IP "\fBsha512\fR" 4 +.IX Item "sha512" +\&\s-1SHA\-2 512\s0 Digest +.IP "\fBsha3\-224\fR" 4 +.IX Item "sha3-224" +\&\s-1SHA\-3 224\s0 Digest +.IP "\fBsha3\-256\fR" 4 +.IX Item "sha3-256" +\&\s-1SHA\-3 256\s0 Digest +.IP "\fBsha3\-384\fR" 4 +.IX Item "sha3-384" +\&\s-1SHA\-3 384\s0 Digest +.IP "\fBsha3\-512\fR" 4 +.IX Item "sha3-512" +\&\s-1SHA\-3 512\s0 Digest +.IP "\fBshake128\fR" 4 +.IX Item "shake128" +\&\s-1SHA\-3 SHAKE128\s0 Digest +.IP "\fBshake256\fR" 4 +.IX Item "shake256" +\&\s-1SHA\-3 SHAKE256\s0 Digest +.IP "\fBsm3\fR" 4 +.IX Item "sm3" +\&\s-1SM3\s0 Digest +.SS "Encoding and Cipher Commands" +.IX Subsection "Encoding and Cipher Commands" +The following aliases provide convenient access to the most used encodings +and ciphers. +.PP +Depending on how OpenSSL was configured and built, not all ciphers listed +here may be present. See \fBenc\fR\|(1) for more information and command usage. +.IP "\fBaes128\fR, \fBaes\-128\-cbc\fR, \fBaes\-128\-cfb\fR, \fBaes\-128\-ctr\fR, \fBaes\-128\-ecb\fR, \fBaes\-128\-ofb\fR" 4 +.IX Item "aes128, aes-128-cbc, aes-128-cfb, aes-128-ctr, aes-128-ecb, aes-128-ofb" +\&\s-1AES\-128\s0 Cipher +.IP "\fBaes192\fR, \fBaes\-192\-cbc\fR, \fBaes\-192\-cfb\fR, \fBaes\-192\-ctr\fR, \fBaes\-192\-ecb\fR, \fBaes\-192\-ofb\fR" 4 +.IX Item "aes192, aes-192-cbc, aes-192-cfb, aes-192-ctr, aes-192-ecb, aes-192-ofb" +\&\s-1AES\-192\s0 Cipher +.IP "\fBaes256\fR, \fBaes\-256\-cbc\fR, \fBaes\-256\-cfb\fR, \fBaes\-256\-ctr\fR, \fBaes\-256\-ecb\fR, \fBaes\-256\-ofb\fR" 4 +.IX Item "aes256, aes-256-cbc, aes-256-cfb, aes-256-ctr, aes-256-ecb, aes-256-ofb" +\&\s-1AES\-256\s0 Cipher +.IP "\fBaria128\fR, \fBaria\-128\-cbc\fR, \fBaria\-128\-cfb\fR, \fBaria\-128\-ctr\fR, \fBaria\-128\-ecb\fR, \fBaria\-128\-ofb\fR" 4 +.IX Item "aria128, aria-128-cbc, aria-128-cfb, aria-128-ctr, aria-128-ecb, aria-128-ofb" +Aria\-128 Cipher +.IP "\fBaria192\fR, \fBaria\-192\-cbc\fR, \fBaria\-192\-cfb\fR, \fBaria\-192\-ctr\fR, \fBaria\-192\-ecb\fR, \fBaria\-192\-ofb\fR" 4 +.IX Item "aria192, aria-192-cbc, aria-192-cfb, aria-192-ctr, aria-192-ecb, aria-192-ofb" +Aria\-192 Cipher +.IP "\fBaria256\fR, \fBaria\-256\-cbc\fR, \fBaria\-256\-cfb\fR, \fBaria\-256\-ctr\fR, \fBaria\-256\-ecb\fR, \fBaria\-256\-ofb\fR" 4 +.IX Item "aria256, aria-256-cbc, aria-256-cfb, aria-256-ctr, aria-256-ecb, aria-256-ofb" +Aria\-256 Cipher +.IP "\fBbase64\fR" 4 +.IX Item "base64" +Base64 Encoding +.IP "\fBbf\fR, \fBbf-cbc\fR, \fBbf-cfb\fR, \fBbf-ecb\fR, \fBbf-ofb\fR" 4 +.IX Item "bf, bf-cbc, bf-cfb, bf-ecb, bf-ofb" +Blowfish Cipher +.IP "\fBcamellia128\fR, \fBcamellia\-128\-cbc\fR, \fBcamellia\-128\-cfb\fR, \fBcamellia\-128\-ctr\fR, \fBcamellia\-128\-ecb\fR, \fBcamellia\-128\-ofb\fR" 4 +.IX Item "camellia128, camellia-128-cbc, camellia-128-cfb, camellia-128-ctr, camellia-128-ecb, camellia-128-ofb" +Camellia\-128 Cipher +.IP "\fBcamellia192\fR, \fBcamellia\-192\-cbc\fR, \fBcamellia\-192\-cfb\fR, \fBcamellia\-192\-ctr\fR, \fBcamellia\-192\-ecb\fR, \fBcamellia\-192\-ofb\fR" 4 +.IX Item "camellia192, camellia-192-cbc, camellia-192-cfb, camellia-192-ctr, camellia-192-ecb, camellia-192-ofb" +Camellia\-192 Cipher +.IP "\fBcamellia256\fR, \fBcamellia\-256\-cbc\fR, \fBcamellia\-256\-cfb\fR, \fBcamellia\-256\-ctr\fR, \fBcamellia\-256\-ecb\fR, \fBcamellia\-256\-ofb\fR" 4 +.IX Item "camellia256, camellia-256-cbc, camellia-256-cfb, camellia-256-ctr, camellia-256-ecb, camellia-256-ofb" +Camellia\-256 Cipher +.IP "\fBcast\fR, \fBcast-cbc\fR" 4 +.IX Item "cast, cast-cbc" +\&\s-1CAST\s0 Cipher +.IP "\fBcast5\-cbc\fR, \fBcast5\-cfb\fR, \fBcast5\-ecb\fR, \fBcast5\-ofb\fR" 4 +.IX Item "cast5-cbc, cast5-cfb, cast5-ecb, cast5-ofb" +\&\s-1CAST5\s0 Cipher +.IP "\fBchacha20\fR" 4 +.IX Item "chacha20" +Chacha20 Cipher +.IP "\fBdes\fR, \fBdes-cbc\fR, \fBdes-cfb\fR, \fBdes-ecb\fR, \fBdes-ede\fR, \fBdes-ede-cbc\fR, \fBdes-ede-cfb\fR, \fBdes-ede-ofb\fR, \fBdes-ofb\fR" 4 +.IX Item "des, des-cbc, des-cfb, des-ecb, des-ede, des-ede-cbc, des-ede-cfb, des-ede-ofb, des-ofb" +\&\s-1DES\s0 Cipher +.IP "\fBdes3\fR, \fBdesx\fR, \fBdes\-ede3\fR, \fBdes\-ede3\-cbc\fR, \fBdes\-ede3\-cfb\fR, \fBdes\-ede3\-ofb\fR" 4 +.IX Item "des3, desx, des-ede3, des-ede3-cbc, des-ede3-cfb, des-ede3-ofb" +Triple-DES Cipher +.IP "\fBidea\fR, \fBidea-cbc\fR, \fBidea-cfb\fR, \fBidea-ecb\fR, \fBidea-ofb\fR" 4 +.IX Item "idea, idea-cbc, idea-cfb, idea-ecb, idea-ofb" +\&\s-1IDEA\s0 Cipher +.IP "\fBrc2\fR, \fBrc2\-cbc\fR, \fBrc2\-cfb\fR, \fBrc2\-ecb\fR, \fBrc2\-ofb\fR" 4 +.IX Item "rc2, rc2-cbc, rc2-cfb, rc2-ecb, rc2-ofb" +\&\s-1RC2\s0 Cipher +.IP "\fBrc4\fR" 4 +.IX Item "rc4" +\&\s-1RC4\s0 Cipher +.IP "\fBrc5\fR, \fBrc5\-cbc\fR, \fBrc5\-cfb\fR, \fBrc5\-ecb\fR, \fBrc5\-ofb\fR" 4 +.IX Item "rc5, rc5-cbc, rc5-cfb, rc5-ecb, rc5-ofb" +\&\s-1RC5\s0 Cipher +.IP "\fBseed\fR, \fBseed-cbc\fR, \fBseed-cfb\fR, \fBseed-ecb\fR, \fBseed-ofb\fR" 4 +.IX Item "seed, seed-cbc, seed-cfb, seed-ecb, seed-ofb" +\&\s-1SEED\s0 Cipher +.IP "\fBsm4\fR, \fBsm4\-cbc\fR, \fBsm4\-cfb\fR, \fBsm4\-ctr\fR, \fBsm4\-ecb\fR, \fBsm4\-ofb\fR" 4 +.IX Item "sm4, sm4-cbc, sm4-cfb, sm4-ctr, sm4-ecb, sm4-ofb" +\&\s-1SM4\s0 Cipher +.SH "OPTIONS" +.IX Header "OPTIONS" +Details of which options are available depend on the specific command. +This section describes some common options with common behavior. +.SS "Common Options" +.IX Subsection "Common Options" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Provides a terse summary of all options. +.SS "Pass Phrase Options" +.IX Subsection "Pass Phrase Options" +Several commands accept password arguments, typically using \fB\-passin\fR +and \fB\-passout\fR for input and output passwords respectively. These allow +the password to be obtained from a variety of sources. Both of these +options take a single argument whose format is described below. If no +password argument is given and a password is required then the user is +prompted to enter one: this will typically be read from the current +terminal with echoing turned off. +.PP +Note that character encoding may be relevant, please see +\&\fBpassphrase\-encoding\fR\|(7). +.IP "\fBpass:password\fR" 4 +.IX Item "pass:password" +The actual password is \fBpassword\fR. Since the password is visible +to utilities (like 'ps' under Unix) this form should only be used +where security is not important. +.IP "\fBenv:var\fR" 4 +.IX Item "env:var" +Obtain the password from the environment variable \fBvar\fR. Since +the environment of other processes is visible on certain platforms +(e.g. ps under certain Unix OSes) this option should be used with caution. +.IP "\fBfile:pathname\fR" 4 +.IX Item "file:pathname" +The first line of \fBpathname\fR is the password. If the same \fBpathname\fR +argument is supplied to \fB\-passin\fR and \fB\-passout\fR arguments then the first +line will be used for the input password and the next line for the output +password. \fBpathname\fR need not refer to a regular file: it could for example +refer to a device or named pipe. +.IP "\fBfd:number\fR" 4 +.IX Item "fd:number" +Read the password from the file descriptor \fBnumber\fR. This can be used to +send the data via a pipe for example. +.IP "\fBstdin\fR" 4 +.IX Item "stdin" +Read the password from standard input. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBasn1parse\fR\|(1), \fBca\fR\|(1), \fBciphers\fR\|(1), \fBcms\fR\|(1), \fBconfig\fR\|(5), +\&\fBcrl\fR\|(1), \fBcrl2pkcs7\fR\|(1), \fBdgst\fR\|(1), +\&\fBdhparam\fR\|(1), \fBdsa\fR\|(1), \fBdsaparam\fR\|(1), +\&\fBec\fR\|(1), \fBecparam\fR\|(1), +\&\fBenc\fR\|(1), \fBengine\fR\|(1), \fBerrstr\fR\|(1), \fBgendsa\fR\|(1), \fBgenpkey\fR\|(1), +\&\fBgenrsa\fR\|(1), \fBnseq\fR\|(1), \fBocsp\fR\|(1), +\&\fBpasswd\fR\|(1), +\&\fBpkcs12\fR\|(1), \fBpkcs7\fR\|(1), \fBpkcs8\fR\|(1), +\&\fBpkey\fR\|(1), \fBpkeyparam\fR\|(1), \fBpkeyutl\fR\|(1), \fBprime\fR\|(1), +\&\fBrand\fR\|(1), \fBrehash\fR\|(1), \fBreq\fR\|(1), \fBrsa\fR\|(1), +\&\fBrsautl\fR\|(1), \fBs_client\fR\|(1), +\&\fBs_server\fR\|(1), \fBs_time\fR\|(1), \fBsess_id\fR\|(1), +\&\fBsmime\fR\|(1), \fBspeed\fR\|(1), \fBspkac\fR\|(1), \fBsrp\fR\|(1), \fBstoreutl\fR\|(1), +\&\fBts\fR\|(1), +\&\fBverify\fR\|(1), \fBversion\fR\|(1), \fBx509\fR\|(1), +\&\fBcrypto\fR\|(7), \fBssl\fR\|(7), \fBx509v3_config\fR\|(5) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBlist\-\fR\fI\s-1XXX\s0\fR\fB\-algorithms\fR pseudo-commands were added in OpenSSL 1.0.0; +For notes on the availability of other commands, see their individual +manual pages. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/passwd.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/passwd.1 new file mode 100644 index 00000000..e1166f95 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/passwd.1 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PASSWD 1" +.TH PASSWD 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-passwd, passwd \- compute password hashes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl passwd\fR +[\fB\-help\fR] +[\fB\-crypt\fR] +[\fB\-1\fR] +[\fB\-apr1\fR] +[\fB\-aixmd5\fR] +[\fB\-5\fR] +[\fB\-6\fR] +[\fB\-salt\fR \fIstring\fR] +[\fB\-in\fR \fIfile\fR] +[\fB\-stdin\fR] +[\fB\-noverify\fR] +[\fB\-quiet\fR] +[\fB\-table\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +{\fIpassword\fR} +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpasswd\fR command computes the hash of a password typed at +run-time or the hash of each password in a list. The password list is +taken from the named file for option \fB\-in file\fR, from stdin for +option \fB\-stdin\fR, or from the command line, or from the terminal otherwise. +The Unix standard algorithm \fBcrypt\fR and the MD5\-based \s-1BSD\s0 password +algorithm \fB1\fR, its Apache variant \fBapr1\fR, and its \s-1AIX\s0 variant are available. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-crypt\fR" 4 +.IX Item "-crypt" +Use the \fBcrypt\fR algorithm (default). +.IP "\fB\-1\fR" 4 +.IX Item "-1" +Use the \s-1MD5\s0 based \s-1BSD\s0 password algorithm \fB1\fR. +.IP "\fB\-apr1\fR" 4 +.IX Item "-apr1" +Use the \fBapr1\fR algorithm (Apache variant of the \s-1BSD\s0 algorithm). +.IP "\fB\-aixmd5\fR" 4 +.IX Item "-aixmd5" +Use the \fB\s-1AIX MD5\s0\fR algorithm (\s-1AIX\s0 variant of the \s-1BSD\s0 algorithm). +.IP "\fB\-5\fR" 4 +.IX Item "-5" +.PD 0 +.IP "\fB\-6\fR" 4 +.IX Item "-6" +.PD +Use the \fB\s-1SHA256\s0\fR / \fB\s-1SHA512\s0\fR based algorithms defined by Ulrich Drepper. +See . +.IP "\fB\-salt\fR \fIstring\fR" 4 +.IX Item "-salt string" +Use the specified salt. +When reading a password from the terminal, this implies \fB\-noverify\fR. +.IP "\fB\-in\fR \fIfile\fR" 4 +.IX Item "-in file" +Read passwords from \fIfile\fR. +.IP "\fB\-stdin\fR" 4 +.IX Item "-stdin" +Read passwords from \fBstdin\fR. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Don't verify when reading a password from the terminal. +.IP "\fB\-quiet\fR" 4 +.IX Item "-quiet" +Don't output warnings when passwords given at the command line are truncated. +.IP "\fB\-table\fR" 4 +.IX Item "-table" +In the output list, prepend the cleartext password and a \s-1TAB\s0 character +to each password hash. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.Vb 2 +\& % openssl passwd \-crypt \-salt xx password +\& xxj31ZMTZzkVA +\& +\& % openssl passwd \-1 \-salt xxxxxxxx password +\& $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a. +\& +\& % openssl passwd \-apr1 \-salt xxxxxxxx password +\& $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0 +\& +\& % openssl passwd \-aixmd5 \-salt xxxxxxxx password +\& xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/ +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkcs12.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkcs12.1 new file mode 100644 index 00000000..2309874a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkcs12.1 @@ -0,0 +1,479 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12 1" +.TH PKCS12 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkcs12, pkcs12 \- PKCS#12 file utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs12\fR +[\fB\-help\fR] +[\fB\-export\fR] +[\fB\-chain\fR] +[\fB\-inkey file_or_id\fR] +[\fB\-certfile filename\fR] +[\fB\-name name\fR] +[\fB\-caname name\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-noout\fR] +[\fB\-nomacver\fR] +[\fB\-nocerts\fR] +[\fB\-clcerts\fR] +[\fB\-cacerts\fR] +[\fB\-nokeys\fR] +[\fB\-info\fR] +[\fB\-des | \-des3 | \-idea | \-aes128 | \-aes192 | \-aes256 | \-aria128 | \-aria192 | \-aria256 | \-camellia128 | \-camellia192 | \-camellia256 | \-nodes\fR] +[\fB\-noiter\fR] +[\fB\-maciter | \-nomaciter | \-nomac\fR] +[\fB\-twopass\fR] +[\fB\-descert\fR] +[\fB\-certpbe cipher\fR] +[\fB\-keypbe cipher\fR] +[\fB\-macalg digest\fR] +[\fB\-keyex\fR] +[\fB\-keysig\fR] +[\fB\-password arg\fR] +[\fB\-passin arg\fR] +[\fB\-passout arg\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-CAfile file\fR] +[\fB\-CApath dir\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-CSP name\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkcs12\fR command allows PKCS#12 files (sometimes referred to as +\&\s-1PFX\s0 files) to be created and parsed. PKCS#12 files are used by several +programs including Netscape, \s-1MSIE\s0 and \s-1MS\s0 Outlook. +.SH "OPTIONS" +.IX Header "OPTIONS" +There are a lot of options the meaning of some depends of whether a PKCS#12 file +is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 +file can be created by using the \fB\-export\fR option (see below). +.SH "PARSING OPTIONS" +.IX Header "PARSING OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies filename of the PKCS#12 file to be parsed. Standard input is used +by default. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +The filename to write certificates and private keys to, standard output by +default. They are all written in \s-1PEM\s0 format. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The PKCS#12 file (i.e. input file) password source. For more information about +the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in +\&\fBopenssl\fR\|(1). +.IP "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +Pass phrase source to encrypt any outputted private keys with. For more +information about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section +in \fBopenssl\fR\|(1). +.IP "\fB\-password arg\fR" 4 +.IX Item "-password arg" +With \-export, \-password is equivalent to \-passout. +Otherwise, \-password is equivalent to \-passin. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits output of the keys and certificates to the output file +version of the PKCS#12 file. +.IP "\fB\-clcerts\fR" 4 +.IX Item "-clcerts" +Only output client certificates (not \s-1CA\s0 certificates). +.IP "\fB\-cacerts\fR" 4 +.IX Item "-cacerts" +Only output \s-1CA\s0 certificates (not client certificates). +.IP "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +No certificates at all will be output. +.IP "\fB\-nokeys\fR" 4 +.IX Item "-nokeys" +No private keys will be output. +.IP "\fB\-info\fR" 4 +.IX Item "-info" +Output additional information about the PKCS#12 file structure, algorithms +used and iteration counts. +.IP "\fB\-des\fR" 4 +.IX Item "-des" +Use \s-1DES\s0 to encrypt private keys before outputting. +.IP "\fB\-des3\fR" 4 +.IX Item "-des3" +Use triple \s-1DES\s0 to encrypt private keys before outputting, this is the default. +.IP "\fB\-idea\fR" 4 +.IX Item "-idea" +Use \s-1IDEA\s0 to encrypt private keys before outputting. +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR" 4 +.IX Item "-aes128, -aes192, -aes256" +Use \s-1AES\s0 to encrypt private keys before outputting. +.IP "\fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR" 4 +.IX Item "-aria128, -aria192, -aria256" +Use \s-1ARIA\s0 to encrypt private keys before outputting. +.IP "\fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR" 4 +.IX Item "-camellia128, -camellia192, -camellia256" +Use Camellia to encrypt private keys before outputting. +.IP "\fB\-nodes\fR" 4 +.IX Item "-nodes" +Don't encrypt the private keys at all. +.IP "\fB\-nomacver\fR" 4 +.IX Item "-nomacver" +Don't attempt to verify the integrity \s-1MAC\s0 before reading the file. +.IP "\fB\-twopass\fR" 4 +.IX Item "-twopass" +Prompt for separate integrity and encryption passwords: most software +always assumes these are the same so this option will render such +PKCS#12 files unreadable. Cannot be used in combination with the options +\&\-password, \-passin (if importing) or \-passout (if exporting). +.SH "FILE CREATION OPTIONS" +.IX Header "FILE CREATION OPTIONS" +.IP "\fB\-export\fR" 4 +.IX Item "-export" +This option specifies that a PKCS#12 file will be created rather than +parsed. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies filename to write the PKCS#12 file to. Standard output is used +by default. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +The filename to read certificates and private keys from, standard input by +default. They must all be in \s-1PEM\s0 format. The order doesn't matter but one +private key and its corresponding certificate should be present. If additional +certificates are present they will also be included in the PKCS#12 file. +.IP "\fB\-inkey file_or_id\fR" 4 +.IX Item "-inkey file_or_id" +File to read private key from. If not present then a private key must be present +in the input file. +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier. +.IP "\fB\-name friendlyname\fR" 4 +.IX Item "-name friendlyname" +This specifies the \*(L"friendly name\*(R" for the certificate and private key. This +name is typically displayed in list boxes by software importing the file. +.IP "\fB\-certfile filename\fR" 4 +.IX Item "-certfile filename" +A filename to read additional certificates from. +.IP "\fB\-caname friendlyname\fR" 4 +.IX Item "-caname friendlyname" +This specifies the \*(L"friendly name\*(R" for other certificates. This option may be +used multiple times to specify names for all certificates in the order they +appear. Netscape ignores friendly names on other certificates whereas \s-1MSIE\s0 +displays them. +.IP "\fB\-pass arg\fR, \fB\-passout arg\fR" 4 +.IX Item "-pass arg, -passout arg" +The PKCS#12 file (i.e. output file) password source. For more information about +the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in +\&\fBopenssl\fR\|(1). +.IP "\fB\-passin password\fR" 4 +.IX Item "-passin password" +Pass phrase source to decrypt any input private keys with. For more information +about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in +\&\fBopenssl\fR\|(1). +.IP "\fB\-chain\fR" 4 +.IX Item "-chain" +If this option is present then an attempt is made to include the entire +certificate chain of the user certificate. The standard \s-1CA\s0 store is used +for this search. If the search fails it is considered a fatal error. +.IP "\fB\-descert\fR" 4 +.IX Item "-descert" +Encrypt the certificate using triple \s-1DES,\s0 this may render the PKCS#12 +file unreadable by some \*(L"export grade\*(R" software. By default the private +key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2\s0 +unless \s-1RC2\s0 is disabled in which case triple \s-1DES\s0 is used. +.IP "\fB\-keypbe alg\fR, \fB\-certpbe alg\fR" 4 +.IX Item "-keypbe alg, -certpbe alg" +These options allow the algorithm used to encrypt the private key and +certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 \s-1PBE\s0 algorithm name +can be used (see \fB\s-1NOTES\s0\fR section for more information). If a cipher name +(as output by the \fBlist-cipher-algorithms\fR command is specified then it +is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only +use PKCS#12 algorithms. +.IP "\fB\-keyex|\-keysig\fR" 4 +.IX Item "-keyex|-keysig" +Specifies that the private key is to be used for key exchange or just signing. +This option is only interpreted by \s-1MSIE\s0 and similar \s-1MS\s0 software. Normally +\&\*(L"export grade\*(R" software will only allow 512 bit \s-1RSA\s0 keys to be used for +encryption purposes but arbitrary length keys for signing. The \fB\-keysig\fR +option marks the key for signing only. Signing only keys can be used for +S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client +authentication, however due to a bug only \s-1MSIE 5.0\s0 and later support +the use of signing only keys for \s-1SSL\s0 client authentication. +.IP "\fB\-macalg digest\fR" 4 +.IX Item "-macalg digest" +Specify the \s-1MAC\s0 digest algorithm. If not included them \s-1SHA1\s0 will be used. +.IP "\fB\-nomaciter\fR, \fB\-noiter\fR" 4 +.IX Item "-nomaciter, -noiter" +These options affect the iteration counts on the \s-1MAC\s0 and key algorithms. +Unless you wish to produce files compatible with \s-1MSIE 4.0\s0 you should leave +these options alone. +.Sp +To discourage attacks by using large dictionaries of common passwords the +algorithm that derives keys from passwords can have an iteration count applied +to it: this causes a certain part of the algorithm to be repeated and slows it +down. The \s-1MAC\s0 is used to check the file integrity but since it will normally +have the same password as the keys and certificates it could also be attacked. +By default both \s-1MAC\s0 and encryption iteration counts are set to 2048, using +these options the \s-1MAC\s0 and encryption iteration counts can be set to 1, since +this reduces the file security you should not use these options unless you +really have to. Most software supports both \s-1MAC\s0 and key iteration counts. +\&\s-1MSIE 4.0\s0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR +option. +.IP "\fB\-maciter\fR" 4 +.IX Item "-maciter" +This option is included for compatibility with previous versions, it used +to be needed to use \s-1MAC\s0 iterations counts but they are now used by default. +.IP "\fB\-nomac\fR" 4 +.IX Item "-nomac" +Don't attempt to provide the \s-1MAC\s0 integrity. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +\&\s-1CA\s0 storage as a file. +.IP "\fB\-CApath dir\fR" 4 +.IX Item "-CApath dir" +\&\s-1CA\s0 storage as a directory. This directory must be a standard certificate +directory: that is a hash of each subject name (using \fBx509 \-hash\fR) should be +linked to each certificate. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location. +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location. +.IP "\fB\-CSP name\fR" 4 +.IX Item "-CSP name" +Write \fBname\fR as a Microsoft \s-1CSP\s0 name. +.SH "NOTES" +.IX Header "NOTES" +Although there are a large number of options most of them are very rarely +used. For PKCS#12 file parsing only \fB\-in\fR and \fB\-out\fR need to be used +for PKCS#12 file creation \fB\-export\fR and \fB\-name\fR are also used. +.PP +If none of the \fB\-clcerts\fR, \fB\-cacerts\fR or \fB\-nocerts\fR options are present +then all certificates will be output in the order they appear in the input +PKCS#12 files. There is no guarantee that the first certificate present is +the one corresponding to the private key. Certain software which requires +a private key and certificate and assumes the first certificate in the +file is the one corresponding to the private key: this may not always +be the case. Using the \fB\-clcerts\fR option will solve this problem by only +outputting the certificate corresponding to the private key. If the \s-1CA\s0 +certificates are required then they can be output to a separate file using +the \fB\-nokeys \-cacerts\fR options to just output \s-1CA\s0 certificates. +.PP +The \fB\-keypbe\fR and \fB\-certpbe\fR algorithms allow the precise encryption +algorithms for private keys and certificates to be specified. Normally +the defaults are fine but occasionally software can't handle triple \s-1DES\s0 +encrypted private keys, then the option \fB\-keypbe \s-1PBE\-SHA1\-RC2\-40\s0\fR can +be used to reduce the private key encryption to 40 bit \s-1RC2. A\s0 complete +description of all algorithms is contained in the \fBpkcs8\fR manual page. +.PP +Prior 1.1 release passwords containing non-ASCII characters were encoded +in non-compliant manner, which limited interoperability, in first hand +with Windows. But switching to standard-compliant password encoding +poses problem accessing old data protected with broken encoding. For +this reason even legacy encodings is attempted when reading the +data. If you use PKCS#12 files in production application you are advised +to convert the data, because implemented heuristic approach is not +MT-safe, its sole goal is to facilitate the data upgrade with this +utility. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Parse a PKCS#12 file and output it to a file: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-out file.pem +.Ve +.PP +Output only client certificates to a file: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-clcerts \-out file.pem +.Ve +.PP +Don't encrypt the private key: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-out file.pem \-nodes +.Ve +.PP +Print some info about a PKCS#12 file: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-info \-noout +.Ve +.PP +Create a PKCS#12 file: +.PP +.Vb 1 +\& openssl pkcs12 \-export \-in file.pem \-out file.p12 \-name "My Certificate" +.Ve +.PP +Include some extra certificates: +.PP +.Vb 2 +\& openssl pkcs12 \-export \-in file.pem \-out file.p12 \-name "My Certificate" \e +\& \-certfile othercerts.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBpkcs8\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkcs7.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkcs7.1 new file mode 100644 index 00000000..7e776577 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkcs7.1 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7 1" +.TH PKCS7 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkcs7, pkcs7 \- PKCS#7 utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs7\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-print_certs\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkcs7\fR command processes PKCS#7 files in \s-1DER\s0 or \s-1PEM\s0 format. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded PKCS#7 +v1.5 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of +the \s-1DER\s0 form with header and footer lines. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read from or standard input if this +option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-print_certs\fR" 4 +.IX Item "-print_certs" +Prints out any certificates or CRLs contained in the file. They are +preceded by their subject and issuer names in one line format. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out certificates details in full rather than just subject and +issuer names. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the encoded version of the PKCS#7 structure (or certificates +is \fB\-print_certs\fR is set). +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBpkcs7\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Convert a PKCS#7 file from \s-1PEM\s0 to \s-1DER:\s0 +.PP +.Vb 1 +\& openssl pkcs7 \-in file.pem \-outform DER \-out file.der +.Ve +.PP +Output all certificates in a file: +.PP +.Vb 1 +\& openssl pkcs7 \-in file.pem \-print_certs \-out certs.pem +.Ve +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 PKCS#7 format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PKCS7\-\-\-\-\- +\& \-\-\-\-\-END PKCS7\-\-\-\-\- +.Ve +.PP +For compatibility with some CAs it will also accept: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.Ve +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +There is no option to print out all the fields of a PKCS#7 file. +.PP +This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in \s-1RFC2315\s0 they +cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrl2pkcs7\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkcs8.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkcs8.1 new file mode 100644 index 00000000..3ee650c4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkcs8.1 @@ -0,0 +1,434 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS8 1" +.TH PKCS8 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkcs8, pkcs8 \- PKCS#8 format private key conversion tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs8\fR +[\fB\-help\fR] +[\fB\-topk8\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-iter count\fR] +[\fB\-noiter\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-nocrypt\fR] +[\fB\-traditional\fR] +[\fB\-v2 alg\fR] +[\fB\-v2prf alg\fR] +[\fB\-v1 alg\fR] +[\fB\-engine id\fR] +[\fB\-scrypt\fR] +[\fB\-scrypt_N N\fR] +[\fB\-scrypt_r r\fR] +[\fB\-scrypt_p p\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkcs8\fR command processes private keys in PKCS#8 format. It can handle +both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo +format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-topk8\fR" 4 +.IX Item "-topk8" +Normally a PKCS#8 private key is expected on input and a private key will be +written to the output file. With the \fB\-topk8\fR option the situation is +reversed: it reads a private key and writes a PKCS#8 format key. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format: see \*(L"\s-1KEY FORMATS\*(R"\s0 for more details. The default +format is \s-1PEM.\s0 +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format: see \*(L"\s-1KEY FORMATS\*(R"\s0 for more details. The default +format is \s-1PEM.\s0 +.IP "\fB\-traditional\fR" 4 +.IX Item "-traditional" +When this option is present and \fB\-topk8\fR is not a traditional format private +key is written. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output by +default. If any encryption options are set then a pass phrase will be +prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +The output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-iter count\fR" 4 +.IX Item "-iter count" +When creating new PKCS#8 containers, use a given number of iterations on +the password in deriving the encryption key for the PKCS#8 output. +High values increase the time required to brute-force a PKCS#8 container. +.IP "\fB\-nocrypt\fR" 4 +.IX Item "-nocrypt" +PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo +structures using an appropriate password based encryption algorithm. With +this option an unencrypted PrivateKeyInfo structure is expected or output. +This option does not encrypt private keys at all and should only be used +when absolutely necessary. Certain software such as some versions of Java +code signing software used unencrypted private keys. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-v2 alg\fR" 4 +.IX Item "-v2 alg" +This option sets the PKCS#5 v2.0 algorithm. +.Sp +The \fBalg\fR argument is the encryption algorithm to use, valid values include +\&\fBaes128\fR, \fBaes256\fR and \fBdes3\fR. If this option isn't specified then \fBaes256\fR +is used. +.IP "\fB\-v2prf alg\fR" 4 +.IX Item "-v2prf alg" +This option sets the \s-1PRF\s0 algorithm to use with PKCS#5 v2.0. A typical value +value would be \fBhmacWithSHA256\fR. If this option isn't set then the default +for the cipher is used or \fBhmacWithSHA256\fR if there is no default. +.Sp +Some implementations may not support custom \s-1PRF\s0 algorithms and may require +the \fBhmacWithSHA1\fR option to work. +.IP "\fB\-v1 alg\fR" 4 +.IX Item "-v1 alg" +This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some +older implementations may not support PKCS#5 v2.0 and may require this option. +If not specified PKCS#5 v2.0 form is used. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBpkcs8\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-scrypt\fR" 4 +.IX Item "-scrypt" +Uses the \fBscrypt\fR algorithm for private key encryption using default +parameters: currently N=16384, r=8 and p=1 and \s-1AES\s0 in \s-1CBC\s0 mode with a 256 bit +key. These parameters can be modified using the \fB\-scrypt_N\fR, \fB\-scrypt_r\fR, +\&\fB\-scrypt_p\fR and \fB\-v2\fR options. +.IP "\fB\-scrypt_N N\fR \fB\-scrypt_r r\fR \fB\-scrypt_p p\fR" 4 +.IX Item "-scrypt_N N -scrypt_r r -scrypt_p p" +Sets the scrypt \fBN\fR, \fBr\fR or \fBp\fR parameters. +.SH "KEY FORMATS" +.IX Header "KEY FORMATS" +Various different formats are used by the pkcs8 utility. These are detailed +below. +.PP +If a key is being converted from PKCS#8 form (i.e. the \fB\-topk8\fR option is +not used) then the input file must be in PKCS#8 format. An encrypted +key is expected unless \fB\-nocrypt\fR is included. +.PP +If \fB\-topk8\fR is not used and \fB\s-1PEM\s0\fR mode is set the output file will be an +unencrypted private key in PKCS#8 format. If the \fB\-traditional\fR option is +used then a traditional format private key is written instead. +.PP +If \fB\-topk8\fR is not used and \fB\s-1DER\s0\fR mode is set the output file will be an +unencrypted private key in traditional \s-1DER\s0 format. +.PP +If \fB\-topk8\fR is used then any supported private key can be used for the input +file in a format specified by \fB\-inform\fR. The output file will be encrypted +PKCS#8 format using the specified encryption parameters unless \fB\-nocrypt\fR +is included. +.SH "NOTES" +.IX Header "NOTES" +By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit +\&\s-1AES\s0 with \s-1HMAC\s0 and \s-1SHA256\s0 is used. +.PP +Some older implementations do not support PKCS#5 v2.0 format and require +the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak +encryption algorithms such as 56 bit \s-1DES.\s0 +.PP +The encrypted form of a \s-1PEM\s0 encode PKCS#8 files uses the following +headers and footers: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN ENCRYPTED PRIVATE KEY\-\-\-\-\- +\& \-\-\-\-\-END ENCRYPTED PRIVATE KEY\-\-\-\-\- +.Ve +.PP +The unencrypted form uses: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- +\& \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- +.Ve +.PP +Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration +counts are more secure that those encrypted using the traditional +SSLeay compatible formats. So if additional security is considered +important the keys should be converted. +.PP +It is possible to write out \s-1DER\s0 encoded encrypted private keys in +PKCS#8 format because the encryption details are included at an \s-1ASN1\s0 +level whereas the traditional format includes them at a \s-1PEM\s0 level. +.SH "PKCS#5 v1.5 and PKCS#12 algorithms." +.IX Header "PKCS#5 v1.5 and PKCS#12 algorithms." +Various algorithms can be used with the \fB\-v1\fR command line option, +including PKCS#5 v1.5 and PKCS#12. These are described in more detail +below. +.IP "\fB\s-1PBE\-MD2\-DES PBE\-MD5\-DES\s0\fR" 4 +.IX Item "PBE-MD2-DES PBE-MD5-DES" +These algorithms were included in the original PKCS#5 v1.5 specification. +They only offer 56 bits of protection since they both use \s-1DES.\s0 +.IP "\fB\s-1PBE\-SHA1\-RC2\-64\s0\fR, \fB\s-1PBE\-MD2\-RC2\-64\s0\fR, \fB\s-1PBE\-MD5\-RC2\-64\s0\fR, \fB\s-1PBE\-SHA1\-DES\s0\fR" 4 +.IX Item "PBE-SHA1-RC2-64, PBE-MD2-RC2-64, PBE-MD5-RC2-64, PBE-SHA1-DES" +These algorithms are not mentioned in the original PKCS#5 v1.5 specification +but they use the same key derivation algorithm and are supported by some +software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or +56 bit \s-1DES.\s0 +.IP "\fB\s-1PBE\-SHA1\-RC4\-128\s0\fR, \fB\s-1PBE\-SHA1\-RC4\-40\s0\fR, \fB\s-1PBE\-SHA1\-3DES\s0\fR, \fB\s-1PBE\-SHA1\-2DES\s0\fR, \fB\s-1PBE\-SHA1\-RC2\-128\s0\fR, \fB\s-1PBE\-SHA1\-RC2\-40\s0\fR" 4 +.IX Item "PBE-SHA1-RC4-128, PBE-SHA1-RC4-40, PBE-SHA1-3DES, PBE-SHA1-2DES, PBE-SHA1-RC2-128, PBE-SHA1-RC2-40" +These algorithms use the PKCS#12 password based encryption algorithm and +allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Convert a private key to PKCS#8 format using default parameters (\s-1AES\s0 with +256 bit key and \fBhmacWithSHA256\fR): +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#8 unencrypted format: +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-nocrypt \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#5 v2.0 format using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v2 des3 \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#5 v2.0 format using \s-1AES\s0 with 256 bits in \s-1CBC\s0 +mode and \fBhmacWithSHA512\fR \s-1PRF:\s0 +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v2 aes\-256\-cbc \-v2prf hmacWithSHA512 \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm +(\s-1DES\s0): +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v1 PBE\-MD5\-DES \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm +(3DES): +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem \-v1 PBE\-SHA1\-3DES +.Ve +.PP +Read a \s-1DER\s0 unencrypted PKCS#8 format private key: +.PP +.Vb 1 +\& openssl pkcs8 \-inform DER \-nocrypt \-in key.der \-out key.pem +.Ve +.PP +Convert a private key from any PKCS#8 encrypted format to traditional format: +.PP +.Vb 1 +\& openssl pkcs8 \-in pk8.pem \-traditional \-out key.pem +.Ve +.PP +Convert a private key to PKCS#8 format, encrypting with \s-1AES\-256\s0 and with +one million iterations of the password: +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v2 aes\-256\-cbc \-iter 1000000 \-out pk8.pem +.Ve +.SH "STANDARDS" +.IX Header "STANDARDS" +Test vectors from this PKCS#5 v2.0 implementation were posted to the +pkcs-tng mailing list using triple \s-1DES, DES\s0 and \s-1RC2\s0 with high iteration +counts, several people confirmed that they could decrypt the private +keys produced and Therefore it can be assumed that the PKCS#5 v2.0 +implementation is reasonably accurate at least as far as these +algorithms are concerned. +.PP +The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented: +it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0 +PKCS#8 private key format complies with this standard. +.SH "BUGS" +.IX Header "BUGS" +There should be an option that prints out the encryption algorithm +in use and other details such as the iteration count. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBdsa\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-iter\fR option was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkey.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkey.1 new file mode 100644 index 00000000..2bec6341 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkey.1 @@ -0,0 +1,288 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKEY 1" +.TH PKEY 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkey, pkey \- public or private key processing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkey\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-traditional\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-text\fR] +[\fB\-text_pub\fR] +[\fB\-noout\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-engine id\fR] +[\fB\-check\fR] +[\fB\-pubcheck\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkey\fR command processes public or private keys. They can be converted +between various forms and their components printed out. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format \s-1DER\s0 or \s-1PEM.\s0 The default format is \s-1PEM.\s0 +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-passout password\fR" 4 +.IX Item "-passout password" +The output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-traditional\fR" 4 +.IX Item "-traditional" +Normally a private key is written using standard format: this is PKCS#8 form +with the appropriate encryption algorithm (if any). If the \fB\-traditional\fR +option is specified then the older \*(L"traditional\*(R" format is used instead. +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +These options encrypt the private key with the supplied cipher. Any algorithm +name accepted by \fBEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the various public or private key components in +plain text in addition to the encoded version. +.IP "\fB\-text_pub\fR" 4 +.IX Item "-text_pub" +Print out only public key components even if a private key is being processed. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Do not output the encoded version of the key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default a private key is read from the input file: with this +option a public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBpkey\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the consistency of a key pair for both public and private +components. +.IP "\fB\-pubcheck\fR" 4 +.IX Item "-pubcheck" +This option checks the correctness of either a public key or the public component +of a key pair. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To remove the pass phrase on an \s-1RSA\s0 private key: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-out keyout.pem +.Ve +.PP +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-text \-noout +.Ve +.PP +To print out the public components of a private key to standard output: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-text_pub \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-pubout \-out pubkey.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBgenpkey\fR\|(1), \fBrsa\fR\|(1), \fBpkcs8\fR\|(1), +\&\fBdsa\fR\|(1), \fBgenrsa\fR\|(1), \fBgendsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkeyparam.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkeyparam.1 new file mode 100644 index 00000000..b7c07bbd --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkeyparam.1 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKEYPARAM 1" +.TH PKEYPARAM 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkeyparam, pkeyparam \- public key algorithm parameter processing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkeyparam\fR +[\fB\-help\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-engine id\fR] +[\fB\-check\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkeyparam\fR command processes public key algorithm parameters. +They can be checked for correctness and their components printed out. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write parameters to or standard output if +this option is not specified. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the parameters in plain text in addition to the encoded version. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Do not output the encoded version of the parameters. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBpkeyparam\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the correctness of parameters. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Print out text version of parameters: +.PP +.Vb 1 +\& openssl pkeyparam \-in param.pem \-text +.Ve +.SH "NOTES" +.IX Header "NOTES" +There are no \fB\-inform\fR or \fB\-outform\fR options for this command because only +\&\s-1PEM\s0 format is supported because the key type is determined by the \s-1PEM\s0 headers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBgenpkey\fR\|(1), \fBrsa\fR\|(1), \fBpkcs8\fR\|(1), +\&\fBdsa\fR\|(1), \fBgenrsa\fR\|(1), \fBgendsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkeyutl.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkeyutl.1 new file mode 100644 index 00000000..da2873b9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/pkeyutl.1 @@ -0,0 +1,428 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKEYUTL 1" +.TH PKEYUTL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkeyutl, pkeyutl \- public key algorithm utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkeyutl\fR +[\fB\-help\fR] +[\fB\-in file\fR] +[\fB\-out file\fR] +[\fB\-sigfile file\fR] +[\fB\-inkey file\fR] +[\fB\-keyform PEM|DER|ENGINE\fR] +[\fB\-passin arg\fR] +[\fB\-peerkey file\fR] +[\fB\-peerform PEM|DER|ENGINE\fR] +[\fB\-pubin\fR] +[\fB\-certin\fR] +[\fB\-rev\fR] +[\fB\-sign\fR] +[\fB\-verify\fR] +[\fB\-verifyrecover\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-derive\fR] +[\fB\-kdf algorithm\fR] +[\fB\-kdflen length\fR] +[\fB\-pkeyopt opt:value\fR] +[\fB\-hexdump\fR] +[\fB\-asn1parse\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-engine id\fR] +[\fB\-engine_impl\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkeyutl\fR command can be used to perform low level public key operations +using any supported algorithm. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read data from or standard input +if this option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-sigfile file\fR" 4 +.IX Item "-sigfile file" +Signature file, required for \fBverify\fR operations only +.IP "\fB\-inkey file\fR" 4 +.IX Item "-inkey file" +The input key file, by default it should be a private key. +.IP "\fB\-keyform PEM|DER|ENGINE\fR" 4 +.IX Item "-keyform PEM|DER|ENGINE" +The key format \s-1PEM, DER\s0 or \s-1ENGINE.\s0 Default is \s-1PEM.\s0 +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The input key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-peerkey file\fR" 4 +.IX Item "-peerkey file" +The peer key file, used by key derivation (agreement) operations. +.IP "\fB\-peerform PEM|DER|ENGINE\fR" 4 +.IX Item "-peerform PEM|DER|ENGINE" +The peer key format \s-1PEM, DER\s0 or \s-1ENGINE.\s0 Default is \s-1PEM.\s0 +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +The input file is a public key. +.IP "\fB\-certin\fR" 4 +.IX Item "-certin" +The input is a certificate containing a public key. +.IP "\fB\-rev\fR" 4 +.IX Item "-rev" +Reverse the order of the input buffer. This is useful for some libraries +(such as CryptoAPI) which represent the buffer in little endian format. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign the input data (which must be a hash) and output the signed result. This +requires a private key. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify the input data (which must be a hash) against the signature file and +indicate if the verification succeeded or failed. +.IP "\fB\-verifyrecover\fR" 4 +.IX Item "-verifyrecover" +Verify the input data (which must be a hash) and output the recovered data. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt the input data using a public key. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt the input data using a private key. +.IP "\fB\-derive\fR" 4 +.IX Item "-derive" +Derive a shared secret using the peer key. +.IP "\fB\-kdf algorithm\fR" 4 +.IX Item "-kdf algorithm" +Use key derivation function \fBalgorithm\fR. The supported algorithms are +at present \fB\s-1TLS1\-PRF\s0\fR and \fB\s-1HKDF\s0\fR. +Note: additional parameters and the \s-1KDF\s0 output length will normally have to be +set for this to work. +See \fBEVP_PKEY_CTX_set_hkdf_md\fR\|(3) and \fBEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3) +for the supported string parameters of each algorithm. +.IP "\fB\-kdflen length\fR" 4 +.IX Item "-kdflen length" +Set the output length for \s-1KDF.\s0 +.IP "\fB\-pkeyopt opt:value\fR" 4 +.IX Item "-pkeyopt opt:value" +Public key options specified as opt:value. See \s-1NOTES\s0 below for more details. +.IP "\fB\-hexdump\fR" 4 +.IX Item "-hexdump" +hex dump the output data. +.IP "\fB\-asn1parse\fR" 4 +.IX Item "-asn1parse" +Parse the \s-1ASN.1\s0 output data, this is useful when combined with the +\&\fB\-verifyrecover\fR option when an \s-1ASN1\s0 structure is signed. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBpkeyutl\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-engine_impl\fR" 4 +.IX Item "-engine_impl" +When used with the \fB\-engine\fR option, it specifies to also use +engine \fBid\fR for crypto operations. +.SH "NOTES" +.IX Header "NOTES" +The operations and options supported vary according to the key algorithm +and its implementation. The OpenSSL operations and options are indicated below. +.PP +Unless otherwise mentioned all algorithms support the \fBdigest:alg\fR option +which specifies the digest in use for sign, verify and verifyrecover operations. +The value \fBalg\fR should represent a digest name as used in the +\&\fBEVP_get_digestbyname()\fR function for example \fBsha1\fR. This value is not used to +hash the input data. It is used (by some algorithms) for sanity-checking the +lengths of data passed in to the \fBpkeyutl\fR and for creating the structures that +make up the signature (e.g. \fBDigestInfo\fR in \s-1RSASSA\s0 PKCS#1 v1.5 signatures). +.PP +This utility does not hash the input data but rather it will use the data +directly as input to the signature algorithm. Depending on the key type, +signature type, and mode of padding, the maximum acceptable lengths of input +data differ. The signed data can't be longer than the key modulus with \s-1RSA.\s0 In +case of \s-1ECDSA\s0 and \s-1DSA\s0 the data shouldn't be longer than the field +size, otherwise it will be silently truncated to the field size. In any event +the input size must not be larger than the largest supported digest size. +.PP +In other words, if the value of digest is \fBsha1\fR the input should be the 20 +bytes long binary encoding of the \s-1SHA\-1\s0 hash function output. +.PP +The Ed25519 and Ed448 signature algorithms are not supported by this utility. +They accept non-hashed input, but this utility can only be used to sign hashed +input. +.SH "RSA ALGORITHM" +.IX Header "RSA ALGORITHM" +The \s-1RSA\s0 algorithm generally supports the encrypt, decrypt, sign, +verify and verifyrecover operations. However, some padding modes +support only a subset of these operations. The following additional +\&\fBpkeyopt\fR values are supported: +.IP "\fBrsa_padding_mode:mode\fR" 4 +.IX Item "rsa_padding_mode:mode" +This sets the \s-1RSA\s0 padding mode. Acceptable values for \fBmode\fR are \fBpkcs1\fR for +PKCS#1 padding, \fBsslv23\fR for SSLv23 padding, \fBnone\fR for no padding, \fBoaep\fR +for \fB\s-1OAEP\s0\fR mode, \fBx931\fR for X9.31 mode and \fBpss\fR for \s-1PSS.\s0 +.Sp +In PKCS#1 padding if the message digest is not set then the supplied data is +signed or verified directly instead of using a \fBDigestInfo\fR structure. If a +digest is set then the a \fBDigestInfo\fR structure is used and its the length +must correspond to the digest type. +.Sp +For \fBoaep\fR mode only encryption and decryption is supported. +.Sp +For \fBx931\fR if the digest type is set it is used to format the block data +otherwise the first byte is used to specify the X9.31 digest \s-1ID.\s0 Sign, +verify and verifyrecover are can be performed in this mode. +.Sp +For \fBpss\fR mode only sign and verify are supported and the digest type must be +specified. +.IP "\fBrsa_pss_saltlen:len\fR" 4 +.IX Item "rsa_pss_saltlen:len" +For \fBpss\fR mode only this option specifies the salt length. Three special +values are supported: \*(L"digest\*(R" sets the salt length to the digest length, +\&\*(L"max\*(R" sets the salt length to the maximum permissible value. When verifying +\&\*(L"auto\*(R" causes the salt length to be automatically determined based on the +\&\fB\s-1PSS\s0\fR block structure. +.IP "\fBrsa_mgf1_md:digest\fR" 4 +.IX Item "rsa_mgf1_md:digest" +For \s-1PSS\s0 and \s-1OAEP\s0 padding sets the \s-1MGF1\s0 digest. If the \s-1MGF1\s0 digest is not +explicitly set in \s-1PSS\s0 mode then the signing digest is used. +.SH "RSA-PSS ALGORITHM" +.IX Header "RSA-PSS ALGORITHM" +The RSA-PSS algorithm is a restricted version of the \s-1RSA\s0 algorithm which only +supports the sign and verify operations with \s-1PSS\s0 padding. The following +additional \fBpkeyopt\fR values are supported: +.IP "\fBrsa_padding_mode:mode\fR, \fBrsa_pss_saltlen:len\fR, \fBrsa_mgf1_md:digest\fR" 4 +.IX Item "rsa_padding_mode:mode, rsa_pss_saltlen:len, rsa_mgf1_md:digest" +These have the same meaning as the \fB\s-1RSA\s0\fR algorithm with some additional +restrictions. The padding mode can only be set to \fBpss\fR which is the +default value. +.Sp +If the key has parameter restrictions than the digest, \s-1MGF1\s0 +digest and salt length are set to the values specified in the parameters. +The digest and \s-1MG\s0 cannot be changed and the salt length cannot be set to a +value less than the minimum restriction. +.SH "DSA ALGORITHM" +.IX Header "DSA ALGORITHM" +The \s-1DSA\s0 algorithm supports signing and verification operations only. Currently +there are no additional \fB\-pkeyopt\fR options other than \fBdigest\fR. The \s-1SHA1\s0 +digest is assumed by default. +.SH "DH ALGORITHM" +.IX Header "DH ALGORITHM" +The \s-1DH\s0 algorithm only supports the derivation operation and no additional +\&\fB\-pkeyopt\fR options. +.SH "EC ALGORITHM" +.IX Header "EC ALGORITHM" +The \s-1EC\s0 algorithm supports sign, verify and derive operations. The sign and +verify operations use \s-1ECDSA\s0 and derive uses \s-1ECDH. SHA1\s0 is assumed by default for +the \fB\-pkeyopt\fR \fBdigest\fR option. +.SH "X25519 and X448 ALGORITHMS" +.IX Header "X25519 and X448 ALGORITHMS" +The X25519 and X448 algorithms support key derivation only. Currently there are +no additional options. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Sign some data using a private key: +.PP +.Vb 1 +\& openssl pkeyutl \-sign \-in file \-inkey key.pem \-out sig +.Ve +.PP +Recover the signed data (e.g. if an \s-1RSA\s0 key is used): +.PP +.Vb 1 +\& openssl pkeyutl \-verifyrecover \-in sig \-inkey key.pem +.Ve +.PP +Verify the signature (e.g. a \s-1DSA\s0 key): +.PP +.Vb 1 +\& openssl pkeyutl \-verify \-in file \-sigfile sig \-inkey key.pem +.Ve +.PP +Sign data using a message digest value (this is currently only valid for \s-1RSA\s0): +.PP +.Vb 1 +\& openssl pkeyutl \-sign \-in file \-inkey key.pem \-out sig \-pkeyopt digest:sha256 +.Ve +.PP +Derive a shared secret value: +.PP +.Vb 1 +\& openssl pkeyutl \-derive \-inkey key.pem \-peerkey pubkey.pem \-out secret +.Ve +.PP +Hexdump 48 bytes of \s-1TLS1 PRF\s0 using digest \fB\s-1SHA256\s0\fR and shared secret and +seed consisting of the single byte 0xFF: +.PP +.Vb 2 +\& openssl pkeyutl \-kdf TLS1\-PRF \-kdflen 48 \-pkeyopt md:SHA256 \e +\& \-pkeyopt hexsecret:ff \-pkeyopt hexseed:ff \-hexdump +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBgenpkey\fR\|(1), \fBpkey\fR\|(1), \fBrsautl\fR\|(1) +\&\fBdgst\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBEVP_PKEY_CTX_set_hkdf_md\fR\|(3), \fBEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/prime.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/prime.1 new file mode 100644 index 00000000..3e98744c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/prime.1 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PRIME 1" +.TH PRIME 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-prime, prime \- compute prime numbers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl prime\fR +[\fB\-help\fR] +[\fB\-hex\fR] +[\fB\-generate\fR] +[\fB\-bits\fR] +[\fB\-safe\fR] +[\fB\-checks\fR] +[\fInumber...\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBprime\fR command checks if the specified numbers are prime. +.PP +If no numbers are given on the command line, the \fB\-generate\fR flag should +be used to generate primes according to the requirements specified by the +rest of the flags. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "[\fB\-help\fR]" 4 +.IX Item "[-help]" +Display an option summary. +.IP "[\fB\-hex\fR]" 4 +.IX Item "[-hex]" +Generate hex output. +.IP "[\fB\-generate\fR]" 4 +.IX Item "[-generate]" +Generate a prime number. +.IP "[\fB\-bits num\fR]" 4 +.IX Item "[-bits num]" +Generate a prime with \fBnum\fR bits. +.IP "[\fB\-safe\fR]" 4 +.IX Item "[-safe]" +When used with \fB\-generate\fR, generates a \*(L"safe\*(R" prime. If the number +generated is \fBn\fR, then check that \fB(n\-1)/2\fR is also prime. +.IP "[\fB\-checks num\fR]" 4 +.IX Item "[-checks num]" +Perform the checks \fBnum\fR times to see that the generated number +is prime. The default is 20. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/rand.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/rand.1 new file mode 100644 index 00000000..d6509206 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/rand.1 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND 1" +.TH RAND 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-rand, rand \- generate pseudo\-random bytes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl rand\fR +[\fB\-help\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-base64\fR] +[\fB\-hex\fR] +\&\fInum\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command generates \fInum\fR random bytes using a cryptographically +secure pseudo random number generator (\s-1CSPRNG\s0). +.PP +The random bytes are generated using the \fBRAND_bytes\fR\|(3) function, +which provides a security level of 256 bits, provided it managed to +seed itself successfully from a trusted operating system entropy source. +Otherwise, the command will fail with a nonzero error code. +For more details, see \fBRAND_bytes\fR\|(3), \s-1\fBRAND\s0\fR\|(7), and \s-1\fBRAND_DRBG\s0\fR\|(7). +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out file\fR" 4 +.IX Item "-out file" +Write to \fIfile\fR instead of standard output. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +Explicitly specifying a seed file is in general not necessary, see the +\&\*(L"\s-1NOTES\*(R"\s0 section for more information. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-base64\fR" 4 +.IX Item "-base64" +Perform base64 encoding on the output. +.IP "\fB\-hex\fR" 4 +.IX Item "-hex" +Show the output as a hex string. +.SH "NOTES" +.IX Header "NOTES" +Prior to OpenSSL 1.1.1, it was common for applications to store information +about the state of the random-number generator in a file that was loaded +at startup and rewritten upon exit. On modern operating systems, this is +generally no longer necessary as OpenSSL will seed itself from a trusted +entropy source provided by the operating system. The \fB\-rand\fR and +\&\fB\-writerand\fR flags are still supported for special platforms or +circumstances that might require them. +.PP +It is generally an error to use the same seed file more than once and +every use of \fB\-rand\fR should be paired with \fB\-writerand\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/rehash.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/rehash.1 new file mode 100644 index 00000000..c2fcab28 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/rehash.1 @@ -0,0 +1,259 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "REHASH 1" +.TH REHASH 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-c_rehash, openssl\-rehash, c_rehash, rehash \- Create symbolic links to files named by the hash values +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR +\&\fBrehash\fR +\&\fB[\-h]\fR +\&\fB[\-help]\fR +\&\fB[\-old]\fR +\&\fB[\-n]\fR +\&\fB[\-v]\fR +[ \fIdirectory\fR...] +.PP +\&\fBc_rehash\fR +\&\fIflags...\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +On some platforms, the OpenSSL \fBrehash\fR command is available as +an external script called \fBc_rehash\fR. They are functionally equivalent, +except for minor differences noted below. +.PP +\&\fBrehash\fR scans directories and calculates a hash value of each +\&\f(CW\*(C`.pem\*(C'\fR, \f(CW\*(C`.crt\*(C'\fR, \f(CW\*(C`.cer\*(C'\fR, or \f(CW\*(C`.crl\*(C'\fR +file in the specified directory list and creates symbolic links +for each file, where the name of the link is the hash value. +(If the platform does not support symbolic links, a copy is made.) +This utility is useful as many programs that use OpenSSL require +directories to be set up like this in order to find certificates. +.PP +If any directories are named on the command line, then those are +processed in turn. If not, then the \fB\s-1SSL_CERT_DIR\s0\fR environment variable +is consulted; this should be a colon-separated list of directories, +like the Unix \fB\s-1PATH\s0\fR variable. +If that is not set then the default directory (installation-specific +but often \fB/usr/local/ssl/certs\fR) is processed. +.PP +In order for a directory to be processed, the user must have write +permissions on that directory, otherwise an error will be generated. +.PP +The links created are of the form \f(CW\*(C`HHHHHHHH.D\*(C'\fR, where each \fBH\fR +is a hexadecimal character and \fBD\fR is a single decimal digit. +When processing a directory, \fBrehash\fR will first remove all links +that have a name in that syntax, even if they are being used for some +other purpose. +To skip the removal step, use the \fB\-n\fR flag. +Hashes for \s-1CRL\s0's look similar except the letter \fBr\fR appears after +the period, like this: \f(CW\*(C`HHHHHHHH.rD\*(C'\fR. +.PP +Multiple objects may have the same hash; they will be indicated by +incrementing the \fBD\fR value. Duplicates are found by comparing the +full \s-1SHA\-1\s0 fingerprint. A warning will be displayed if a duplicate +is found. +.PP +A warning will also be displayed if there are files that +cannot be parsed as either a certificate or a \s-1CRL\s0 or if +more than one such object appears in the file. +.SS "Script Configuration" +.IX Subsection "Script Configuration" +The \fBc_rehash\fR script +uses the \fBopenssl\fR program to compute the hashes and +fingerprints. If not found in the user's \fB\s-1PATH\s0\fR, then set the +\&\fB\s-1OPENSSL\s0\fR environment variable to the full pathname. +Any program can be used, it will be invoked as follows for either +a certificate or \s-1CRL:\s0 +.PP +.Vb 2 +\& $OPENSSL x509 \-hash \-fingerprint \-noout \-in FILENAME +\& $OPENSSL crl \-hash \-fingerprint \-noout \-in FILENAME +.Ve +.PP +where \fB\s-1FILENAME\s0\fR is the filename. It must output the hash of the +file on the first line, and the fingerprint on the second, +optionally prefixed with some text and an equals sign. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR \fB\-h\fR" 4 +.IX Item "-help -h" +Display a brief usage message. +.IP "\fB\-old\fR" 4 +.IX Item "-old" +Use old-style hashing (\s-1MD5,\s0 as opposed to \s-1SHA\-1\s0) for generating +links to be used for releases before 1.0.0. +Note that current versions will not use the old style. +.IP "\fB\-n\fR" 4 +.IX Item "-n" +Do not remove existing links. +This is needed when keeping new and old-style links in the same directory. +.IP "\fB\-compat\fR" 4 +.IX Item "-compat" +Generate links for both old-style (\s-1MD5\s0) and new-style (\s-1SHA1\s0) hashing. +This allows releases before 1.0.0 to use these links along-side newer +releases. +.IP "\fB\-v\fR" 4 +.IX Item "-v" +Print messages about old links removed and new links created. +By default, \fBrehash\fR only lists each directory as it is processed. +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL\s0\fR" 4 +.IX Item "OPENSSL" +The path to an executable to use to generate hashes and +fingerprints (see above). +.IP "\fB\s-1SSL_CERT_DIR\s0\fR" 4 +.IX Item "SSL_CERT_DIR" +Colon separated list of directories to operate on. +Ignored if directories are listed on the command line. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\fR\|(1), +\&\fBcrl\fR\|(1). +\&\fBx509\fR\|(1). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/req.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/req.1 new file mode 100644 index 00000000..ac8f2387 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/req.1 @@ -0,0 +1,797 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "REQ 1" +.TH REQ 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-req, req \- PKCS#10 certificate request and certificate generating utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBreq\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-text\fR] +[\fB\-pubkey\fR] +[\fB\-noout\fR] +[\fB\-verify\fR] +[\fB\-modulus\fR] +[\fB\-new\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-newkey rsa:bits\fR] +[\fB\-newkey alg:file\fR] +[\fB\-nodes\fR] +[\fB\-key filename\fR] +[\fB\-keyform PEM|DER\fR] +[\fB\-keyout filename\fR] +[\fB\-keygen_engine id\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-config filename\fR] +[\fB\-multivalue\-rdn\fR] +[\fB\-x509\fR] +[\fB\-days n\fR] +[\fB\-set_serial n\fR] +[\fB\-newhdr\fR] +[\fB\-addext ext\fR] +[\fB\-extensions section\fR] +[\fB\-reqexts section\fR] +[\fB\-precert\fR] +[\fB\-utf8\fR] +[\fB\-nameopt\fR] +[\fB\-reqopt\fR] +[\fB\-subject\fR] +[\fB\-subj arg\fR] +[\fB\-sigopt nm:v\fR] +[\fB\-batch\fR] +[\fB\-verbose\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBreq\fR command primarily creates and processes certificate requests +in PKCS#10 format. It can additionally create self signed certificates +for use as root CAs for example. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded +form compatible with the PKCS#10. The \fB\s-1PEM\s0\fR form is the default format: it +consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and +footer lines. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a request from or standard input +if this option is not specified. A request is only read if the creation +options (\fB\-new\fR and \fB\-newkey\fR) are not specified. +.IP "\fB\-sigopt nm:v\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write to or standard output by +default. +.IP "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +The output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the certificate request in text form. +.IP "\fB\-subject\fR" 4 +.IX Item "-subject" +Prints out the request subject (or certificate subject if \fB\-x509\fR is +specified) +.IP "\fB\-pubkey\fR" 4 +.IX Item "-pubkey" +Outputs the public key. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the request. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the modulus of the public key +contained in the request. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verifies the signature on the request. +.IP "\fB\-new\fR" 4 +.IX Item "-new" +This option generates a new certificate request. It will prompt +the user for the relevant field values. The actual fields +prompted for and their maximum and minimum sizes are specified +in the configuration file and any requested extensions. +.Sp +If the \fB\-key\fR option is not used it will generate a new \s-1RSA\s0 private +key using information specified in the configuration file. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-newkey arg\fR" 4 +.IX Item "-newkey arg" +This option creates a new certificate request and a new private +key. The argument takes one of several forms. \fBrsa:nbits\fR, where +\&\fBnbits\fR is the number of bits, generates an \s-1RSA\s0 key \fBnbits\fR +in size. If \fBnbits\fR is omitted, i.e. \fB\-newkey rsa\fR specified, +the default key size, specified in the configuration file is used. +.Sp +All other algorithms support the \fB\-newkey alg:file\fR form, where file may be +an algorithm parameter file, created by the \fBgenpkey \-genparam\fR command +or and X.509 certificate for a key with appropriate algorithm. +.Sp +\&\fBparam:file\fR generates a key using the parameter file or certificate \fBfile\fR, +the algorithm is determined by the parameters. \fBalgname:file\fR use algorithm +\&\fBalgname\fR and parameter file \fBfile\fR: the two algorithms must match or an +error occurs. \fBalgname\fR just uses algorithm \fBalgname\fR, and parameters, +if necessary should be specified via \fB\-pkeyopt\fR parameter. +.Sp +\&\fBdsa:filename\fR generates a \s-1DSA\s0 key using the parameters +in the file \fBfilename\fR. \fBec:filename\fR generates \s-1EC\s0 key (usable both with +\&\s-1ECDSA\s0 or \s-1ECDH\s0 algorithms), \fBgost2001:filename\fR generates \s-1GOST R +34.10\-2001\s0 key (requires \fBccgost\fR engine configured in the configuration +file). If just \fBgost2001\fR is specified a parameter set should be +specified by \fB\-pkeyopt paramset:X\fR +.IP "\fB\-pkeyopt opt:value\fR" 4 +.IX Item "-pkeyopt opt:value" +Set the public key algorithm option \fBopt\fR to \fBvalue\fR. The precise set of +options supported depends on the public key algorithm used and its +implementation. See \fB\s-1KEY GENERATION OPTIONS\s0\fR in the \fBgenpkey\fR manual page +for more details. +.IP "\fB\-key filename\fR" 4 +.IX Item "-key filename" +This specifies the file to read the private key from. It also +accepts PKCS#8 format private keys for \s-1PEM\s0 format files. +.IP "\fB\-keyform PEM|DER\fR" 4 +.IX Item "-keyform PEM|DER" +The format of the private key file specified in the \fB\-key\fR +argument. \s-1PEM\s0 is the default. +.IP "\fB\-keyout filename\fR" 4 +.IX Item "-keyout filename" +This gives the filename to write the newly created private key to. +If this option is not specified then the filename present in the +configuration file is used. +.IP "\fB\-nodes\fR" 4 +.IX Item "-nodes" +If this option is specified then if a private key is created it +will not be encrypted. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +This specifies the message digest to sign the request. +Any digest supported by the OpenSSL \fBdgst\fR command can be used. +This overrides the digest algorithm specified in +the configuration file. +.Sp +Some public key algorithms may override this choice. For instance, \s-1DSA\s0 +signatures always use \s-1SHA1, GOST R 34.10\s0 signatures always use +\&\s-1GOST R 34.11\-94\s0 (\fB\-md_gost94\fR), Ed25519 and Ed448 never use any digest. +.IP "\fB\-config filename\fR" 4 +.IX Item "-config filename" +This allows an alternative configuration file to be specified. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). +.IP "\fB\-subj arg\fR" 4 +.IX Item "-subj arg" +Sets subject name for new request or supersedes the subject name +when processing a request. +The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR. +Keyword characters may be escaped by \e (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the request. +.IP "\fB\-multivalue\-rdn\fR" 4 +.IX Item "-multivalue-rdn" +This option causes the \-subj argument to be interpreted with full +support for multivalued RDNs. Example: +.Sp +\&\fI/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe\fR +.Sp +If \-multi\-rdn is not used then the \s-1UID\s0 value is \fI123456+CN=John Doe\fR. +.IP "\fB\-x509\fR" 4 +.IX Item "-x509" +This option outputs a self signed certificate instead of a certificate +request. This is typically used to generate a test certificate or +a self signed root \s-1CA.\s0 The extensions added to the certificate +(if any) are specified in the configuration file. Unless specified +using the \fBset_serial\fR option, a large random number will be used for +the serial number. +.Sp +If existing request is specified with the \fB\-in\fR option, it is converted +to the self signed certificate otherwise new request is created. +.IP "\fB\-days n\fR" 4 +.IX Item "-days n" +When the \fB\-x509\fR option is being used this specifies the number of +days to certify the certificate for, otherwise it is ignored. \fBn\fR should +be a positive integer. The default is 30 days. +.IP "\fB\-set_serial n\fR" 4 +.IX Item "-set_serial n" +Serial number to use when outputting a self signed certificate. This +may be specified as a decimal value or a hex value if preceded by \fB0x\fR. +.IP "\fB\-addext ext\fR" 4 +.IX Item "-addext ext" +Add a specific extension to the certificate (if the \fB\-x509\fR option is +present) or certificate request. The argument must have the form of +a key=value pair as it would appear in a config file. +.Sp +This option can be given multiple times. +.IP "\fB\-extensions section\fR" 4 +.IX Item "-extensions section" +.PD 0 +.IP "\fB\-reqexts section\fR" 4 +.IX Item "-reqexts section" +.PD +These options specify alternative sections to include certificate +extensions (if the \fB\-x509\fR option is present) or certificate +request extensions. This allows several different sections to +be used in the same configuration file to specify requests for +a variety of purposes. +.IP "\fB\-precert\fR" 4 +.IX Item "-precert" +A poison extension will be added to the certificate, making it a +\&\*(L"pre-certificate\*(R" (see \s-1RFC6962\s0). This can be submitted to Certificate +Transparency logs in order to obtain signed certificate timestamps (SCTs). +These SCTs can then be embedded into the pre-certificate as an extension, before +removing the poison and signing the certificate. +.Sp +This implies the \fB\-new\fR flag. +.IP "\fB\-utf8\fR" 4 +.IX Item "-utf8" +This option causes field values to be interpreted as \s-1UTF8\s0 strings, by +default they are interpreted as \s-1ASCII.\s0 This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid \s-1UTF8\s0 strings. +.IP "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +Option which determines how the subject or issuer names are displayed. The +\&\fBoption\fR argument can be a single option or multiple options separated by +commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to +set multiple options. See the \fBx509\fR\|(1) manual page for details. +.IP "\fB\-reqopt\fR" 4 +.IX Item "-reqopt" +Customise the output format used with \fB\-text\fR. The \fBoption\fR argument can be +a single option or multiple options separated by commas. +.Sp +See discussion of the \fB\-certopt\fR parameter in the \fBx509\fR\|(1) +command. +.IP "\fB\-newhdr\fR" 4 +.IX Item "-newhdr" +Adds the word \fB\s-1NEW\s0\fR to the \s-1PEM\s0 file header and footer lines on the outputted +request. Some software (Netscape certificate server) and some CAs need this. +.IP "\fB\-batch\fR" 4 +.IX Item "-batch" +Non-interactive mode. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra details about the operations being performed. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBreq\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-keygen_engine id\fR" 4 +.IX Item "-keygen_engine id" +Specifies an engine (by its unique \fBid\fR string) which would be used +for key generation operations. +.SH "CONFIGURATION FILE FORMAT" +.IX Header "CONFIGURATION FILE FORMAT" +The configuration options are specified in the \fBreq\fR section of +the configuration file. As with all configuration files if no +value is specified in the specific section (i.e. \fBreq\fR) then +the initial unnamed or \fBdefault\fR section is searched too. +.PP +The options available are described in detail below. +.IP "\fBinput_password output_password\fR" 4 +.IX Item "input_password output_password" +The passwords for the input private key file (if present) and +the output private key file (if one will be created). The +command line options \fBpassin\fR and \fBpassout\fR override the +configuration file values. +.IP "\fBdefault_bits\fR" 4 +.IX Item "default_bits" +Specifies the default key size in bits. +.Sp +This option is used in conjunction with the \fB\-new\fR option to generate +a new key. It can be overridden by specifying an explicit key size in +the \fB\-newkey\fR option. The smallest accepted key size is 512 bits. If +no key size is specified then 2048 bits is used. +.IP "\fBdefault_keyfile\fR" 4 +.IX Item "default_keyfile" +This is the default filename to write a private key to. If not +specified the key is written to standard output. This can be +overridden by the \fB\-keyout\fR option. +.IP "\fBoid_file\fR" 4 +.IX Item "oid_file" +This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. +.IP "\fBoid_section\fR" 4 +.IX Item "oid_section" +This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by \fB=\fR and the numerical form. The short +and long names are the same when this option is used. +.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. +It is used for private key generation. +.IP "\fBencrypt_key\fR" 4 +.IX Item "encrypt_key" +If this is set to \fBno\fR then if a private key is generated it is +\&\fBnot\fR encrypted. This is equivalent to the \fB\-nodes\fR command line +option. For compatibility \fBencrypt_rsa_key\fR is an equivalent option. +.IP "\fBdefault_md\fR" 4 +.IX Item "default_md" +This option specifies the digest algorithm to use. Any digest supported by the +OpenSSL \fBdgst\fR command can be used. This option can be overridden on the +command line. Certain signing algorithms (i.e. Ed25519 and Ed448) will ignore +any digest that has been set. +.IP "\fBstring_mask\fR" 4 +.IX Item "string_mask" +This option masks out the use of certain string types in certain +fields. Most users will not need to change this option. +.Sp +It can be set to several values \fBdefault\fR which is also the default +option uses PrintableStrings, T61Strings and BMPStrings if the +\&\fBpkix\fR value is used then only PrintableStrings and BMPStrings will +be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459.\s0 If the +\&\fButf8only\fR option is used then only UTF8Strings will be used: this +is the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0 after 2003. Finally the \fBnombstr\fR +option just uses PrintableStrings and T61Strings: certain software has +problems with BMPStrings and UTF8Strings: in particular Netscape. +.IP "\fBreq_extensions\fR" 4 +.IX Item "req_extensions" +This specifies the configuration file section containing a list of +extensions to add to the certificate request. It can be overridden +by the \fB\-reqexts\fR command line switch. See the +\&\fBx509v3_config\fR\|(5) manual page for details of the +extension section format. +.IP "\fBx509_extensions\fR" 4 +.IX Item "x509_extensions" +This specifies the configuration file section containing a list of +extensions to add to certificate generated when the \fB\-x509\fR switch +is used. It can be overridden by the \fB\-extensions\fR command line switch. +.IP "\fBprompt\fR" 4 +.IX Item "prompt" +If set to the value \fBno\fR this disables prompting of certificate fields +and just takes values from the config file directly. It also changes the +expected format of the \fBdistinguished_name\fR and \fBattributes\fR sections. +.IP "\fButf8\fR" 4 +.IX Item "utf8" +If set to the value \fByes\fR then field values to be interpreted as \s-1UTF8\s0 +strings, by default they are interpreted as \s-1ASCII.\s0 This means that +the field values, whether prompted from a terminal or obtained from a +configuration file, must be valid \s-1UTF8\s0 strings. +.IP "\fBattributes\fR" 4 +.IX Item "attributes" +This specifies the section containing any request attributes: its format +is the same as \fBdistinguished_name\fR. Typically these may contain the +challengePassword or unstructuredName types. They are currently ignored +by OpenSSL's request signing utilities but some CAs might want them. +.IP "\fBdistinguished_name\fR" 4 +.IX Item "distinguished_name" +This specifies the section containing the distinguished name fields to +prompt for when generating a certificate or certificate request. The format +is described in the next section. +.SH "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT" +.IX Header "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT" +There are two separate formats for the distinguished name and attribute +sections. If the \fBprompt\fR option is set to \fBno\fR then these sections +just consist of field names and values: for example, +.PP +.Vb 3 +\& CN=My Name +\& OU=My Organization +\& emailAddress=someone@somewhere.org +.Ve +.PP +This allows external programs (e.g. \s-1GUI\s0 based) to generate a template file +with all the field names and values and just pass it to \fBreq\fR. An example +of this kind of configuration file is contained in the \fB\s-1EXAMPLES\s0\fR section. +.PP +Alternatively if the \fBprompt\fR option is absent or not set to \fBno\fR then the +file contains field prompting information. It consists of lines of the form: +.PP +.Vb 4 +\& fieldName="prompt" +\& fieldName_default="default field value" +\& fieldName_min= 2 +\& fieldName_max= 4 +.Ve +.PP +\&\*(L"fieldName\*(R" is the field name being used, for example commonName (or \s-1CN\s0). +The \*(L"prompt\*(R" string is used to ask the user to enter the relevant +details. If the user enters nothing then the default value is used if no +default value is present then the field is omitted. A field can +still be omitted if a default value is present if the user just +enters the '.' character. +.PP +The number of characters entered must be between the fieldName_min and +fieldName_max limits: there may be additional restrictions based +on the field being used (for example countryName can only ever be +two characters long and must fit in a PrintableString). +.PP +Some fields (such as organizationName) can be used more than once +in a \s-1DN.\s0 This presents a problem because configuration files will +not recognize the same name occurring twice. To avoid this problem +if the fieldName contains some characters followed by a full stop +they will be ignored. So for example a second organizationName can +be input by calling it \*(L"1.organizationName\*(R". +.PP +The actual permitted field names are any object identifier short or +long names. These are compiled into OpenSSL and include the usual +values such as commonName, countryName, localityName, organizationName, +organizationalUnitName, stateOrProvinceName. Additionally emailAddress +is included as well as name, surname, givenName, initials, and dnQualifier. +.PP +Additional object identifiers can be defined with the \fBoid_file\fR or +\&\fBoid_section\fR options in the configuration file. Any additional fields +will be treated as though they were a DirectoryString. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Examine and verify certificate request: +.PP +.Vb 1 +\& openssl req \-in req.pem \-text \-verify \-noout +.Ve +.PP +Create a private key and then generate a certificate request from it: +.PP +.Vb 2 +\& openssl genrsa \-out key.pem 2048 +\& openssl req \-new \-key key.pem \-out req.pem +.Ve +.PP +The same but just using req: +.PP +.Vb 1 +\& openssl req \-newkey rsa:2048 \-keyout key.pem \-out req.pem +.Ve +.PP +Generate a self signed root certificate: +.PP +.Vb 1 +\& openssl req \-x509 \-newkey rsa:2048 \-keyout key.pem \-out req.pem +.Ve +.PP +Example of a file pointed to by the \fBoid_file\fR option: +.PP +.Vb 2 +\& 1.2.3.4 shortName A longer Name +\& 1.2.3.6 otherName Other longer Name +.Ve +.PP +Example of a section pointed to by \fBoid_section\fR making use of variable +expansion: +.PP +.Vb 2 +\& testoid1=1.2.3.5 +\& testoid2=${testoid1}.6 +.Ve +.PP +Sample configuration file prompting for field values: +.PP +.Vb 6 +\& [ req ] +\& default_bits = 2048 +\& default_keyfile = privkey.pem +\& distinguished_name = req_distinguished_name +\& attributes = req_attributes +\& req_extensions = v3_ca +\& +\& dirstring_type = nobmp +\& +\& [ req_distinguished_name ] +\& countryName = Country Name (2 letter code) +\& countryName_default = AU +\& countryName_min = 2 +\& countryName_max = 2 +\& +\& localityName = Locality Name (eg, city) +\& +\& organizationalUnitName = Organizational Unit Name (eg, section) +\& +\& commonName = Common Name (eg, YOUR name) +\& commonName_max = 64 +\& +\& emailAddress = Email Address +\& emailAddress_max = 40 +\& +\& [ req_attributes ] +\& challengePassword = A challenge password +\& challengePassword_min = 4 +\& challengePassword_max = 20 +\& +\& [ v3_ca ] +\& +\& subjectKeyIdentifier=hash +\& authorityKeyIdentifier=keyid:always,issuer:always +\& basicConstraints = critical, CA:true +.Ve +.PP +Sample configuration containing all field values: +.PP +.Vb 1 +\& RANDFILE = $ENV::HOME/.rnd +\& +\& [ req ] +\& default_bits = 2048 +\& default_keyfile = keyfile.pem +\& distinguished_name = req_distinguished_name +\& attributes = req_attributes +\& prompt = no +\& output_password = mypass +\& +\& [ req_distinguished_name ] +\& C = GB +\& ST = Test State or Province +\& L = Test Locality +\& O = Organization Name +\& OU = Organizational Unit Name +\& CN = Common Name +\& emailAddress = test@email.address +\& +\& [ req_attributes ] +\& challengePassword = A challenge password +.Ve +.PP +Example of giving the most common attributes (subject and extensions) +on the command line: +.PP +.Vb 4 +\& openssl req \-new \-subj "/C=GB/CN=foo" \e +\& \-addext "subjectAltName = DNS:foo.co.uk" \e +\& \-addext "certificatePolicies = 1.2.3.4" \e +\& \-newkey rsa:2048 \-keyout key.pem \-out req.pem +.Ve +.SH "NOTES" +.IX Header "NOTES" +The header and footer lines in the \fB\s-1PEM\s0\fR format are normally: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN CERTIFICATE REQUEST\-\-\-\-\- +\& \-\-\-\-\-END CERTIFICATE REQUEST\-\-\-\-\- +.Ve +.PP +some software (some versions of Netscape certificate server) instead needs: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN NEW CERTIFICATE REQUEST\-\-\-\-\- +\& \-\-\-\-\-END NEW CERTIFICATE REQUEST\-\-\-\-\- +.Ve +.PP +which is produced with the \fB\-newhdr\fR option but is otherwise compatible. +Either form is accepted transparently on input. +.PP +The certificate requests generated by \fBXenroll\fR with \s-1MSIE\s0 have extensions +added. It includes the \fBkeyUsage\fR extension which determines the type of +key (signature only or general purpose) and any additional OIDs entered +by the script in an extendedKeyUsage extension. +.SH "DIAGNOSTICS" +.IX Header "DIAGNOSTICS" +The following messages are frequently asked about: +.PP +.Vb 2 +\& Using configuration from /some/path/openssl.cnf +\& Unable to load config info +.Ve +.PP +This is followed some time later by... +.PP +.Vb 2 +\& unable to find \*(Aqdistinguished_name\*(Aq in config +\& problems making Certificate Request +.Ve +.PP +The first error message is the clue: it can't find the configuration +file! Certain operations (like examining a certificate request) don't +need a configuration file so its use isn't enforced. Generation of +certificates or requests however does need a configuration file. This +could be regarded as a bug. +.PP +Another puzzling message is this: +.PP +.Vb 2 +\& Attributes: +\& a0:00 +.Ve +.PP +this is displayed when no attributes are present and the request includes +the correct empty \fB\s-1SET OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0 +0x00). If you just see: +.PP +.Vb 1 +\& Attributes: +.Ve +.PP +then the \fB\s-1SET OF\s0\fR is missing and the encoding is technically invalid (but +it is tolerated). See the description of the command line option \fB\-asn1\-kludge\fR +for more information. +.SH "BUGS" +.IX Header "BUGS" +OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively +treats them as \s-1ISO\-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour. +This can cause problems if you need characters that aren't available in +PrintableStrings and you don't want to or can't use BMPStrings. +.PP +As a consequence of the T61String handling the only correct way to represent +accented characters in OpenSSL is to use a BMPString: unfortunately Netscape +currently chokes on these. If you have to use accented characters with Netscape +and \s-1MSIE\s0 then you currently need to use the invalid T61String form. +.PP +The current prompting is not very friendly. It doesn't allow you to confirm what +you've just entered. Other things like extensions in certificate requests are +statically defined in the configuration file. Some of these: like an email +address in subjectAltName should be input by the user. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1), \fBconfig\fR\|(5), +\&\fBx509v3_config\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/rsa.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/rsa.1 new file mode 100644 index 00000000..48d3d829 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/rsa.1 @@ -0,0 +1,330 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA 1" +.TH RSA 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-rsa, rsa \- RSA key processing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBrsa\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-modulus\fR] +[\fB\-check\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-RSAPublicKey_in\fR] +[\fB\-RSAPublicKey_out\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBrsa\fR command processes \s-1RSA\s0 keys. They can be converted between various +forms and their components printed out. \fBNote\fR this command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the \fBpkcs8\fR +utility. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded +form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format. +The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 +encoded with additional header and footer lines. On input PKCS#8 format private +keys are also accepted. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-passout password\fR" 4 +.IX Item "-passout password" +The output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that using the \fBrsa\fR utility to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with \s-1PEM\s0 format output files. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the various public or private key components in +plain text in addition to the encoded version. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the key. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the modulus of the key. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the consistency of an \s-1RSA\s0 private key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default a private key is read from the input file: with this +option a public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key. +.IP "\fB\-RSAPublicKey_in\fR, \fB\-RSAPublicKey_out\fR" 4 +.IX Item "-RSAPublicKey_in, -RSAPublicKey_out" +Like \fB\-pubin\fR and \fB\-pubout\fR except \fBRSAPublicKey\fR format is used instead. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBrsa\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 private key format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\- +\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- +.Ve +.PP +The \s-1PEM\s0 public key format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\- +\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\- +.Ve +.PP +The \s-1PEM\s0 \fBRSAPublicKey\fR format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN RSA PUBLIC KEY\-\-\-\-\- +\& \-\-\-\-\-END RSA PUBLIC KEY\-\-\-\-\- +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To remove the pass phrase on an \s-1RSA\s0 private key: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-out keyout.pem +.Ve +.PP +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-text \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-pubout \-out pubkey.pem +.Ve +.PP +Output the public part of a private key in \fBRSAPublicKey\fR format: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-RSAPublicKey_out \-out pubkey.pem +.Ve +.SH "BUGS" +.IX Header "BUGS" +There should be an option that automatically handles .key files, +without having to manually edit them. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBpkcs8\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/rsautl.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/rsautl.1 new file mode 100644 index 00000000..74d26faa --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/rsautl.1 @@ -0,0 +1,345 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSAUTL 1" +.TH RSAUTL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-rsautl, rsautl \- RSA utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBrsautl\fR +[\fB\-help\fR] +[\fB\-in file\fR] +[\fB\-out file\fR] +[\fB\-inkey file\fR] +[\fB\-keyform PEM|DER|ENGINE\fR] +[\fB\-pubin\fR] +[\fB\-certin\fR] +[\fB\-sign\fR] +[\fB\-verify\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-pkcs\fR] +[\fB\-ssl\fR] +[\fB\-raw\fR] +[\fB\-hexdump\fR] +[\fB\-asn1parse\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBrsautl\fR command can be used to sign, verify, encrypt and decrypt +data using the \s-1RSA\s0 algorithm. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read data from or standard input +if this option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-inkey file\fR" 4 +.IX Item "-inkey file" +The input key file, by default it should be an \s-1RSA\s0 private key. +.IP "\fB\-keyform PEM|DER|ENGINE\fR" 4 +.IX Item "-keyform PEM|DER|ENGINE" +The key format \s-1PEM, DER\s0 or \s-1ENGINE.\s0 +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +The input file is an \s-1RSA\s0 public key. +.IP "\fB\-certin\fR" 4 +.IX Item "-certin" +The input is a certificate containing an \s-1RSA\s0 public key. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign the input data and output the signed result. This requires +an \s-1RSA\s0 private key. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify the input data and output the recovered data. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt the input data using an \s-1RSA\s0 public key. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt the input data using an \s-1RSA\s0 private key. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-pkcs, \-oaep, \-ssl, \-raw\fR" 4 +.IX Item "-pkcs, -oaep, -ssl, -raw" +The padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP,\s0 +special padding used in \s-1SSL\s0 v2 backwards compatible handshakes, +or no padding, respectively. +For signatures, only \fB\-pkcs\fR and \fB\-raw\fR can be used. +.IP "\fB\-hexdump\fR" 4 +.IX Item "-hexdump" +Hex dump the output data. +.IP "\fB\-asn1parse\fR" 4 +.IX Item "-asn1parse" +Parse the \s-1ASN.1\s0 output data, this is useful when combined with the +\&\fB\-verify\fR option. +.SH "NOTES" +.IX Header "NOTES" +\&\fBrsautl\fR because it uses the \s-1RSA\s0 algorithm directly can only be +used to sign or verify small pieces of data. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Sign some data using a private key: +.PP +.Vb 1 +\& openssl rsautl \-sign \-in file \-inkey key.pem \-out sig +.Ve +.PP +Recover the signed data +.PP +.Vb 1 +\& openssl rsautl \-verify \-in sig \-inkey key.pem +.Ve +.PP +Examine the raw signed data: +.PP +.Vb 1 +\& openssl rsautl \-verify \-in sig \-inkey key.pem \-raw \-hexdump +\& +\& 0000 \- 00 01 ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0010 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0020 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0030 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0040 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0050 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0060 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0070 \- ff ff ff ff 00 68 65 6c\-6c 6f 20 77 6f 72 6c 64 .....hello world +.Ve +.PP +The PKCS#1 block formatting is evident from this. If this was done using +encrypt and decrypt the block would have been of type 2 (the second byte) +and random padding data visible instead of the 0xff bytes. +.PP +It is possible to analyse the signature of certificates using this +utility in conjunction with \fBasn1parse\fR. Consider the self signed +example in certs/pca\-cert.pem . Running \fBasn1parse\fR as follows yields: +.PP +.Vb 1 +\& openssl asn1parse \-in pca\-cert.pem +\& +\& 0:d=0 hl=4 l= 742 cons: SEQUENCE +\& 4:d=1 hl=4 l= 591 cons: SEQUENCE +\& 8:d=2 hl=2 l= 3 cons: cont [ 0 ] +\& 10:d=3 hl=2 l= 1 prim: INTEGER :02 +\& 13:d=2 hl=2 l= 1 prim: INTEGER :00 +\& 16:d=2 hl=2 l= 13 cons: SEQUENCE +\& 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption +\& 29:d=3 hl=2 l= 0 prim: NULL +\& 31:d=2 hl=2 l= 92 cons: SEQUENCE +\& 33:d=3 hl=2 l= 11 cons: SET +\& 35:d=4 hl=2 l= 9 cons: SEQUENCE +\& 37:d=5 hl=2 l= 3 prim: OBJECT :countryName +\& 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU +\& .... +\& 599:d=1 hl=2 l= 13 cons: SEQUENCE +\& 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption +\& 612:d=2 hl=2 l= 0 prim: NULL +\& 614:d=1 hl=3 l= 129 prim: BIT STRING +.Ve +.PP +The final \s-1BIT STRING\s0 contains the actual signature. It can be extracted with: +.PP +.Vb 1 +\& openssl asn1parse \-in pca\-cert.pem \-out sig \-noout \-strparse 614 +.Ve +.PP +The certificate public key can be extracted with: +.PP +.Vb 1 +\& openssl x509 \-in test/testx509.pem \-pubkey \-noout >pubkey.pem +.Ve +.PP +The signature can be analysed with: +.PP +.Vb 1 +\& openssl rsautl \-in sig \-verify \-asn1parse \-inkey pubkey.pem \-pubin +\& +\& 0:d=0 hl=2 l= 32 cons: SEQUENCE +\& 2:d=1 hl=2 l= 12 cons: SEQUENCE +\& 4:d=2 hl=2 l= 8 prim: OBJECT :md5 +\& 14:d=2 hl=2 l= 0 prim: NULL +\& 16:d=1 hl=2 l= 16 prim: OCTET STRING +\& 0000 \- f3 46 9e aa 1a 4a 73 c9\-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. +.Ve +.PP +This is the parsed version of an \s-1ASN1\s0 DigestInfo structure. It can be seen that +the digest used was md5. The actual part of the certificate that was signed can +be extracted with: +.PP +.Vb 1 +\& openssl asn1parse \-in pca\-cert.pem \-out tbs \-noout \-strparse 4 +.Ve +.PP +and its digest computed with: +.PP +.Vb 2 +\& openssl md5 \-c tbs +\& MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 +.Ve +.PP +which it can be seen agrees with the recovered value above. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBdgst\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/s_client.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/s_client.1 new file mode 100644 index 00000000..3ffc7913 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/s_client.1 @@ -0,0 +1,863 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "S_CLIENT 1" +.TH S_CLIENT 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-s_client, s_client \- SSL/TLS client program +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBs_client\fR +[\fB\-help\fR] +[\fB\-connect host:port\fR] +[\fB\-bind host:port\fR] +[\fB\-proxy host:port\fR] +[\fB\-unix path\fR] +[\fB\-4\fR] +[\fB\-6\fR] +[\fB\-servername name\fR] +[\fB\-noservername\fR] +[\fB\-verify depth\fR] +[\fB\-verify_return_error\fR] +[\fB\-cert filename\fR] +[\fB\-certform DER|PEM\fR] +[\fB\-key filename\fR] +[\fB\-keyform DER|PEM\fR] +[\fB\-cert_chain filename\fR] +[\fB\-build_chain\fR] +[\fB\-xkey\fR] +[\fB\-xcert\fR] +[\fB\-xchain\fR] +[\fB\-xchain_build\fR] +[\fB\-xcertform PEM|DER\fR] +[\fB\-xkeyform PEM|DER\fR] +[\fB\-pass arg\fR] +[\fB\-CApath directory\fR] +[\fB\-CAfile filename\fR] +[\fB\-chainCApath directory\fR] +[\fB\-chainCAfile filename\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-requestCAfile filename\fR] +[\fB\-dane_tlsa_domain domain\fR] +[\fB\-dane_tlsa_rrdata rrdata\fR] +[\fB\-dane_ee_no_namechecks\fR] +[\fB\-attime timestamp\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-no_check_time\fR] +[\fB\-partial_chain\fR] +[\fB\-policy arg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose purpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level num\fR] +[\fB\-nameopt option\fR] +[\fB\-verify_depth num\fR] +[\fB\-verify_email email\fR] +[\fB\-verify_hostname hostname\fR] +[\fB\-verify_ip ip\fR] +[\fB\-verify_name name\fR] +[\fB\-build_chain\fR] +[\fB\-x509_strict\fR] +[\fB\-reconnect\fR] +[\fB\-showcerts\fR] +[\fB\-debug\fR] +[\fB\-msg\fR] +[\fB\-nbio_test\fR] +[\fB\-state\fR] +[\fB\-nbio\fR] +[\fB\-crlf\fR] +[\fB\-ign_eof\fR] +[\fB\-no_ign_eof\fR] +[\fB\-psk_identity identity\fR] +[\fB\-psk key\fR] +[\fB\-psk_session file\fR] +[\fB\-quiet\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-tls1_1\fR] +[\fB\-tls1_2\fR] +[\fB\-tls1_3\fR] +[\fB\-no_ssl3\fR] +[\fB\-no_tls1\fR] +[\fB\-no_tls1_1\fR] +[\fB\-no_tls1_2\fR] +[\fB\-no_tls1_3\fR] +[\fB\-dtls\fR] +[\fB\-dtls1\fR] +[\fB\-dtls1_2\fR] +[\fB\-sctp\fR] +[\fB\-sctp_label_bug\fR] +[\fB\-fallback_scsv\fR] +[\fB\-async\fR] +[\fB\-max_send_frag\fR] +[\fB\-split_send_frag\fR] +[\fB\-max_pipelines\fR] +[\fB\-read_buf\fR] +[\fB\-bugs\fR] +[\fB\-comp\fR] +[\fB\-no_comp\fR] +[\fB\-allow_no_dhe_kex\fR] +[\fB\-sigalgs sigalglist\fR] +[\fB\-curves curvelist\fR] +[\fB\-cipher cipherlist\fR] +[\fB\-ciphersuites val\fR] +[\fB\-serverpref\fR] +[\fB\-starttls protocol\fR] +[\fB\-xmpphost hostname\fR] +[\fB\-name hostname\fR] +[\fB\-engine id\fR] +[\fB\-tlsextdebug\fR] +[\fB\-no_ticket\fR] +[\fB\-sess_out filename\fR] +[\fB\-sess_in filename\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-serverinfo types\fR] +[\fB\-status\fR] +[\fB\-alpn protocols\fR] +[\fB\-nextprotoneg protocols\fR] +[\fB\-ct\fR] +[\fB\-noct\fR] +[\fB\-ctlogfile\fR] +[\fB\-keylogfile file\fR] +[\fB\-early_data file\fR] +[\fB\-enable_pha\fR] +[\fBtarget\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects +to a remote host using \s-1SSL/TLS.\s0 It is a \fIvery\fR useful diagnostic tool for +\&\s-1SSL\s0 servers. +.SH "OPTIONS" +.IX Header "OPTIONS" +In addition to the options below the \fBs_client\fR utility also supports the +common and client only options documented +in the \*(L"Supported Command Line Commands\*(R" section of the \fBSSL_CONF_cmd\fR\|(3) +manual page. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-connect host:port\fR" 4 +.IX Item "-connect host:port" +This specifies the host and optional port to connect to. It is possible to +select the host and port using the optional target positional argument instead. +If neither this nor the target positional argument are specified then an attempt +is made to connect to the local host on port 4433. +.IP "\fB\-bind host:port\fR]" 4 +.IX Item "-bind host:port]" +This specifies the host address and or port to bind as the source for the +connection. For Unix-domain sockets the port is ignored and the host is +used as the source socket address. +.IP "\fB\-proxy host:port\fR" 4 +.IX Item "-proxy host:port" +When used with the \fB\-connect\fR flag, the program uses the host and port +specified with this flag and issues an \s-1HTTP CONNECT\s0 command to connect +to the desired server. +.IP "\fB\-unix path\fR" 4 +.IX Item "-unix path" +Connect over the specified Unix-domain socket. +.IP "\fB\-4\fR" 4 +.IX Item "-4" +Use IPv4 only. +.IP "\fB\-6\fR" 4 +.IX Item "-6" +Use IPv6 only. +.IP "\fB\-servername name\fR" 4 +.IX Item "-servername name" +Set the \s-1TLS SNI\s0 (Server Name Indication) extension in the ClientHello message to +the given value. +If \fB\-servername\fR is not provided, the \s-1TLS SNI\s0 extension will be populated with +the name given to \fB\-connect\fR if it follows a \s-1DNS\s0 name format. If \fB\-connect\fR is +not provided either, the \s-1SNI\s0 is set to \*(L"localhost\*(R". +This is the default since OpenSSL 1.1.1. +.Sp +Even though \s-1SNI\s0 should normally be a \s-1DNS\s0 name and not an \s-1IP\s0 address, if +\&\fB\-servername\fR is provided then that name will be sent, regardless of whether +it is a \s-1DNS\s0 name or not. +.Sp +This option cannot be used in conjunction with \fB\-noservername\fR. +.IP "\fB\-noservername\fR" 4 +.IX Item "-noservername" +Suppresses sending of the \s-1SNI\s0 (Server Name Indication) extension in the +ClientHello message. Cannot be used in conjunction with the \fB\-servername\fR or +<\-dane_tlsa_domain> options. +.IP "\fB\-cert certname\fR" 4 +.IX Item "-cert certname" +The certificate to use, if one is requested by the server. The default is +not to use a certificate. +.IP "\fB\-certform format\fR" 4 +.IX Item "-certform format" +The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. +.IP "\fB\-key keyfile\fR" 4 +.IX Item "-key keyfile" +The private key to use. If not specified then the certificate file will +be used. +.IP "\fB\-keyform format\fR" 4 +.IX Item "-keyform format" +The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. +.IP "\fB\-cert_chain\fR" 4 +.IX Item "-cert_chain" +A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +\&\fB\-cert\fR option. +.IP "\fB\-build_chain\fR" 4 +.IX Item "-build_chain" +Specify whether the application should build the certificate chain to be +provided to the server. +.IP "\fB\-xkey infile\fR, \fB\-xcert infile\fR, \fB\-xchain\fR" 4 +.IX Item "-xkey infile, -xcert infile, -xchain" +Specify an extra certificate, private key and certificate chain. These behave +in the same manner as the \fB\-cert\fR, \fB\-key\fR and \fB\-cert_chain\fR options. When +specified, the callback returning the first valid chain will be in use by the +client. +.IP "\fB\-xchain_build\fR" 4 +.IX Item "-xchain_build" +Specify whether the application should build the certificate chain to be +provided to the server for the extra certificates provided via \fB\-xkey infile\fR, +\&\fB\-xcert infile\fR, \fB\-xchain\fR options. +.IP "\fB\-xcertform PEM|DER\fR, \fB\-xkeyform PEM|DER\fR" 4 +.IX Item "-xcertform PEM|DER, -xkeyform PEM|DER" +Extra certificate and private key format respectively. +.IP "\fB\-pass arg\fR" 4 +.IX Item "-pass arg" +the private key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-verify depth\fR" 4 +.IX Item "-verify depth" +The verify depth to use. This specifies the maximum length of the +server certificate chain and turns on server certificate verification. +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. As a side effect the connection +will never fail due to a server certificate verify failure. +.IP "\fB\-verify_return_error\fR" 4 +.IX Item "-verify_return_error" +Return verification errors instead of continuing. This will typically +abort the handshake with a fatal error. +.IP "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +Option which determines how the subject or issuer names are displayed. The +\&\fBoption\fR argument can be a single option or multiple options separated by +commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to +set multiple options. See the \fBx509\fR\|(1) manual page for details. +.IP "\fB\-CApath directory\fR" 4 +.IX Item "-CApath directory" +The directory to use for server certificate verification. This directory +must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. These are +also used when building the client certificate chain. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +A file containing trusted certificates to use during server authentication +and to use when attempting to build the client certificate chain. +.IP "\fB\-chainCApath directory\fR" 4 +.IX Item "-chainCApath directory" +The directory to use for building the chain provided to the server. This +directory must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. +.IP "\fB\-chainCAfile file\fR" 4 +.IX Item "-chainCAfile file" +A file containing trusted certificates to use when attempting to build the +client certificate chain. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location +.IP "\fB\-requestCAfile file\fR" 4 +.IX Item "-requestCAfile file" +A file containing a list of certificates whose subject names will be sent +to the server in the \fBcertificate_authorities\fR extension. Only supported +for \s-1TLS 1.3\s0 +.IP "\fB\-dane_tlsa_domain domain\fR" 4 +.IX Item "-dane_tlsa_domain domain" +Enable \s-1RFC6698/RFC7671 DANE TLSA\s0 authentication and specify the +\&\s-1TLSA\s0 base domain which becomes the default \s-1SNI\s0 hint and the primary +reference identifier for hostname checks. This must be used in +combination with at least one instance of the \fB\-dane_tlsa_rrdata\fR +option below. +.Sp +When \s-1DANE\s0 authentication succeeds, the diagnostic output will include +the lowest (closest to 0) depth at which a \s-1TLSA\s0 record authenticated +a chain certificate. When that \s-1TLSA\s0 record is a \*(L"2 1 0\*(R" trust +anchor public key that signed (rather than matched) the top-most +certificate of the chain, the result is reported as \*(L"\s-1TA\s0 public key +verified\*(R". Otherwise, either the \s-1TLSA\s0 record \*(L"matched \s-1TA\s0 certificate\*(R" +at a positive depth or else \*(L"matched \s-1EE\s0 certificate\*(R" at depth 0. +.IP "\fB\-dane_tlsa_rrdata rrdata\fR" 4 +.IX Item "-dane_tlsa_rrdata rrdata" +Use one or more times to specify the \s-1RRDATA\s0 fields of the \s-1DANE TLSA\s0 +RRset associated with the target service. The \fBrrdata\fR value is +specified in \*(L"presentation form\*(R", that is four whitespace separated +fields that specify the usage, selector, matching type and associated +data, with the last of these encoded in hexadecimal. Optional +whitespace is ignored in the associated data field. For example: +.Sp +.Vb 12 +\& $ openssl s_client \-brief \-starttls smtp \e +\& \-connect smtp.example.com:25 \e +\& \-dane_tlsa_domain smtp.example.com \e +\& \-dane_tlsa_rrdata "2 1 1 +\& B111DD8A1C2091A89BD4FD60C57F0716CCE50FEEFF8137CDBEE0326E 02CF362B" \e +\& \-dane_tlsa_rrdata "2 1 1 +\& 60B87575447DCBA2A36B7D11AC09FB24A9DB406FEE12D2CC90180517 616E8A18" +\& ... +\& Verification: OK +\& Verified peername: smtp.example.com +\& DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1 +\& ... +.Ve +.IP "\fB\-dane_ee_no_namechecks\fR" 4 +.IX Item "-dane_ee_no_namechecks" +This disables server name checks when authenticating via \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 +records. +For some applications, primarily web browsers, it is not safe to disable name +checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can +convince a client that a connection to a victim server is instead a secure +connection to the malicious server. +The malicious server may then be able to violate cross-origin scripting +restrictions. +Thus, despite the text of \s-1RFC7671,\s0 name checks are by default enabled for +\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe +to do so. +In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0 +records already make it possible for a remote domain to redirect client +connections to any server of its choice, and in any case \s-1SMTP\s0 and \s-1XMPP\s0 clients +do not execute scripts downloaded from remote servers. +.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4 +.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict" +Set various certificate chain validation options. See the +\&\fBverify\fR\|(1) manual page for details. +.IP "\fB\-reconnect\fR" 4 +.IX Item "-reconnect" +Reconnects to the same server 5 times using the same session \s-1ID,\s0 this can +be used as a test that session caching is working. +.IP "\fB\-showcerts\fR" 4 +.IX Item "-showcerts" +Displays the server certificate list as sent by the server: it only consists of +certificates the server has sent (in the order the server has sent them). It is +\&\fBnot\fR a verified chain. +.IP "\fB\-prexit\fR" 4 +.IX Item "-prexit" +Print session information when the program exits. This will always attempt +to print out information even if the connection fails. Normally information +will only be printed out once if the connection succeeds. This option is useful +because the cipher in use may be renegotiated or the connection may fail +because a client certificate is required or is requested only after an +attempt is made to access a certain \s-1URL.\s0 Note: the output produced by this +option is not always accurate because a connection might never have been +established. +.IP "\fB\-state\fR" 4 +.IX Item "-state" +Prints out the \s-1SSL\s0 session states. +.IP "\fB\-debug\fR" 4 +.IX Item "-debug" +Print extensive debugging information including a hex dump of all traffic. +.IP "\fB\-msg\fR" 4 +.IX Item "-msg" +Show all protocol messages with hex dump. +.IP "\fB\-trace\fR" 4 +.IX Item "-trace" +Show verbose trace output of protocol messages. OpenSSL needs to be compiled +with \fBenable-ssl-trace\fR for this option to work. +.IP "\fB\-msgfile\fR" 4 +.IX Item "-msgfile" +File to send output of \fB\-msg\fR or \fB\-trace\fR to, default standard output. +.IP "\fB\-nbio_test\fR" 4 +.IX Item "-nbio_test" +Tests non-blocking I/O +.IP "\fB\-nbio\fR" 4 +.IX Item "-nbio" +Turns on non-blocking I/O +.IP "\fB\-crlf\fR" 4 +.IX Item "-crlf" +This option translated a line feed from the terminal into \s-1CR+LF\s0 as required +by some servers. +.IP "\fB\-ign_eof\fR" 4 +.IX Item "-ign_eof" +Inhibit shutting down the connection when end of file is reached in the +input. +.IP "\fB\-quiet\fR" 4 +.IX Item "-quiet" +Inhibit printing of session and certificate information. This implicitly +turns on \fB\-ign_eof\fR as well. +.IP "\fB\-no_ign_eof\fR" 4 +.IX Item "-no_ign_eof" +Shut down the connection when end of file is reached in the input. +Can be used to override the implicit \fB\-ign_eof\fR after \fB\-quiet\fR. +.IP "\fB\-psk_identity identity\fR" 4 +.IX Item "-psk_identity identity" +Use the \s-1PSK\s0 identity \fBidentity\fR when using a \s-1PSK\s0 cipher suite. +The default value is \*(L"Client_identity\*(R" (without the quotes). +.IP "\fB\-psk key\fR" 4 +.IX Item "-psk key" +Use the \s-1PSK\s0 key \fBkey\fR when using a \s-1PSK\s0 cipher suite. The key is +given as a hexadecimal number without leading 0x, for example \-psk +1a2b3c4d. +This option must be provided in order to use a \s-1PSK\s0 cipher. +.IP "\fB\-psk_session file\fR" 4 +.IX Item "-psk_session file" +Use the pem encoded \s-1SSL_SESSION\s0 data stored in \fBfile\fR as the basis of a \s-1PSK.\s0 +Note that this will only work if TLSv1.3 is negotiated. +.IP "\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 +.IX Item "-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" +These options require or disable the use of the specified \s-1SSL\s0 or \s-1TLS\s0 protocols. +By default \fBs_client\fR will negotiate the highest mutually supported protocol +version. +When a specific \s-1TLS\s0 version is required, only that version will be offered to +and accepted from the server. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. +.IP "\fB\-dtls\fR, \fB\-dtls1\fR, \fB\-dtls1_2\fR" 4 +.IX Item "-dtls, -dtls1, -dtls1_2" +These options make \fBs_client\fR use \s-1DTLS\s0 protocols instead of \s-1TLS.\s0 +With \fB\-dtls\fR, \fBs_client\fR will negotiate any supported \s-1DTLS\s0 protocol version, +whilst \fB\-dtls1\fR and \fB\-dtls1_2\fR will only support \s-1DTLS1.0\s0 and \s-1DTLS1.2\s0 +respectively. +.IP "\fB\-sctp\fR" 4 +.IX Item "-sctp" +Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS.\s0 Must be used in +conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-sctp_label_bug\fR" 4 +.IX Item "-sctp_label_bug" +Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for \s-1DTLS/SCTP.\s0 This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-fallback_scsv\fR" 4 +.IX Item "-fallback_scsv" +Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. +.IP "\fB\-async\fR" 4 +.IX Item "-async" +Switch on asynchronous mode. Cryptographic operations will be performed +asynchronously. This will only have an effect if an asynchronous capable engine +is also used via the \fB\-engine\fR option. For test purposes the dummy async engine +(dasync) can be used (if available). +.IP "\fB\-max_send_frag int\fR" 4 +.IX Item "-max_send_frag int" +The maximum size of data fragment to send. +See \fBSSL_CTX_set_max_send_fragment\fR\|(3) for further information. +.IP "\fB\-split_send_frag int\fR" 4 +.IX Item "-split_send_frag int" +The size used to split data for encrypt pipelines. If more data is written in +one go than this value then it will be split into multiple pipelines, up to the +maximum number of pipelines defined by max_pipelines. This only has an effect if +a suitable cipher suite has been negotiated, an engine that supports pipelining +has been loaded, and max_pipelines is greater than 1. See +\&\fBSSL_CTX_set_split_send_fragment\fR\|(3) for further information. +.IP "\fB\-max_pipelines int\fR" 4 +.IX Item "-max_pipelines int" +The maximum number of encrypt/decrypt pipelines to be used. This will only have +an effect if an engine has been loaded that supports pipelining (e.g. the dasync +engine) and a suitable cipher suite has been negotiated. The default value is 1. +See \fBSSL_CTX_set_max_pipelines\fR\|(3) for further information. +.IP "\fB\-read_buf int\fR" 4 +.IX Item "-read_buf int" +The default read buffer size to be used for connections. This will only have an +effect if the buffer size is larger than the size that would otherwise be used +and pipelining is in use (see \fBSSL_CTX_set_default_read_buffer_len\fR\|(3) for +further information). +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +There are several known bugs in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +option enables various workarounds. +.IP "\fB\-comp\fR" 4 +.IX Item "-comp" +Enables support for \s-1SSL/TLS\s0 compression. +This option was introduced in OpenSSL 1.1.0. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-no_comp\fR" 4 +.IX Item "-no_comp" +Disables support for \s-1SSL/TLS\s0 compression. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-brief\fR" 4 +.IX Item "-brief" +Only provide a brief summary of connection parameters instead of the +normal verbose output. +.IP "\fB\-sigalgs sigalglist\fR" 4 +.IX Item "-sigalgs sigalglist" +Specifies the list of signature algorithms that are sent by the client. +The server selects one entry in the list based on its preferences. +For example strings, see \fBSSL_CTX_set1_sigalgs\fR\|(3) +.IP "\fB\-curves curvelist\fR" 4 +.IX Item "-curves curvelist" +Specifies the list of supported curves to be sent by the client. The curve is +ultimately selected by the server. For a list of all curves, use: +.Sp +.Vb 1 +\& $ openssl ecparam \-list_curves +.Ve +.IP "\fB\-cipher cipherlist\fR" 4 +.IX Item "-cipher cipherlist" +This allows the TLSv1.2 and below cipher list sent by the client to be modified. +This list will be combined with any TLSv1.3 ciphersuites that have been +configured. Although the server determines which ciphersuite is used it should +take the first supported cipher in the list sent by the client. See the +\&\fBciphers\fR command for more information. +.IP "\fB\-ciphersuites val\fR" 4 +.IX Item "-ciphersuites val" +This allows the TLSv1.3 ciphersuites sent by the client to be modified. This +list will be combined with any TLSv1.2 and below ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See the +\&\fBciphers\fR command for more information. The format for this list is a simple +colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. +.IP "\fB\-starttls protocol\fR" 4 +.IX Item "-starttls protocol" +Send the protocol-specific message(s) to switch to \s-1TLS\s0 for communication. +\&\fBprotocol\fR is a keyword for the intended protocol. Currently, the only +supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", \*(L"ftp\*(R", \*(L"xmpp\*(R", \*(L"xmpp-server\*(R", +\&\*(L"irc\*(R", \*(L"postgres\*(R", \*(L"mysql\*(R", \*(L"lmtp\*(R", \*(L"nntp\*(R", \*(L"sieve\*(R" and \*(L"ldap\*(R". +.IP "\fB\-xmpphost hostname\fR" 4 +.IX Item "-xmpphost hostname" +This option, when used with \*(L"\-starttls xmpp\*(R" or \*(L"\-starttls xmpp-server\*(R", +specifies the host for the \*(L"to\*(R" attribute of the stream element. +If this option is not specified, then the host specified with \*(L"\-connect\*(R" +will be used. +.Sp +This option is an alias of the \fB\-name\fR option for \*(L"xmpp\*(R" and \*(L"xmpp-server\*(R". +.IP "\fB\-name hostname\fR" 4 +.IX Item "-name hostname" +This option is used to specify hostname information for various protocols +used with \fB\-starttls\fR option. Currently only \*(L"xmpp\*(R", \*(L"xmpp-server\*(R", +\&\*(L"smtp\*(R" and \*(L"lmtp\*(R" can utilize this \fB\-name\fR option. +.Sp +If this option is used with \*(L"\-starttls xmpp\*(R" or \*(L"\-starttls xmpp-server\*(R", +if specifies the host for the \*(L"to\*(R" attribute of the stream element. If this +option is not specified, then the host specified with \*(L"\-connect\*(R" will be used. +.Sp +If this option is used with \*(L"\-starttls lmtp\*(R" or \*(L"\-starttls smtp\*(R", it specifies +the name to use in the \*(L"\s-1LMTP LHLO\*(R"\s0 or \*(L"\s-1SMTP EHLO\*(R"\s0 message, respectively. If +this option is not specified, then \*(L"mail.example.com\*(R" will be used. +.IP "\fB\-tlsextdebug\fR" 4 +.IX Item "-tlsextdebug" +Print out a hex dump of any \s-1TLS\s0 extensions received from the server. +.IP "\fB\-no_ticket\fR" 4 +.IX Item "-no_ticket" +Disable RFC4507bis session ticket support. +.IP "\fB\-sess_out filename\fR" 4 +.IX Item "-sess_out filename" +Output \s-1SSL\s0 session to \fBfilename\fR. +.IP "\fB\-sess_in sess.pem\fR" 4 +.IX Item "-sess_in sess.pem" +Load \s-1SSL\s0 session from \fBfilename\fR. The client will attempt to resume a +connection from this session. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBs_client\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-serverinfo types\fR" 4 +.IX Item "-serverinfo types" +A list of comma-separated \s-1TLS\s0 Extension Types (numbers between 0 and +65535). Each type will be sent as an empty ClientHello \s-1TLS\s0 Extension. +The server's response (if any) will be encoded and displayed as a \s-1PEM\s0 +file. +.IP "\fB\-status\fR" 4 +.IX Item "-status" +Sends a certificate status request to the server (\s-1OCSP\s0 stapling). The server +response (if any) is printed out. +.IP "\fB\-alpn protocols\fR, \fB\-nextprotoneg protocols\fR" 4 +.IX Item "-alpn protocols, -nextprotoneg protocols" +These flags enable the Enable the Application-Layer Protocol Negotiation +or Next Protocol Negotiation (\s-1NPN\s0) extension, respectively. \s-1ALPN\s0 is the +\&\s-1IETF\s0 standard and replaces \s-1NPN.\s0 +The \fBprotocols\fR list is a comma-separated list of protocol names that +the client should advertise support for. The list should contain the most +desirable protocols first. Protocol names are printable \s-1ASCII\s0 strings, +for example \*(L"http/1.1\*(R" or \*(L"spdy/3\*(R". +An empty list of protocols is treated specially and will cause the +client to advertise support for the \s-1TLS\s0 extension but disconnect just +after receiving ServerHello with a list of server supported protocols. +The flag \fB\-nextprotoneg\fR cannot be specified if \fB\-tls1_3\fR is used. +.IP "\fB\-ct\fR, \fB\-noct\fR" 4 +.IX Item "-ct, -noct" +Use one of these two options to control whether Certificate Transparency (\s-1CT\s0) +is enabled (\fB\-ct\fR) or disabled (\fB\-noct\fR). +If \s-1CT\s0 is enabled, signed certificate timestamps (SCTs) will be requested from +the server and reported at handshake completion. +.Sp +Enabling \s-1CT\s0 also enables \s-1OCSP\s0 stapling, as this is one possible delivery method +for SCTs. +.IP "\fB\-ctlogfile\fR" 4 +.IX Item "-ctlogfile" +A file containing a list of known Certificate Transparency logs. See +\&\fBSSL_CTX_set_ctlog_list_file\fR\|(3) for the expected file format. +.IP "\fB\-keylogfile file\fR" 4 +.IX Item "-keylogfile file" +Appends \s-1TLS\s0 secrets to the specified keylog file such that external programs +(like Wireshark) can decrypt \s-1TLS\s0 connections. +.IP "\fB\-early_data file\fR" 4 +.IX Item "-early_data file" +Reads the contents of the specified file and attempts to send it as early data +to the server. This will only work with resumed sessions that support early +data and when the server accepts the early data. +.IP "\fB\-enable_pha\fR" 4 +.IX Item "-enable_pha" +For TLSv1.3 only, send the Post-Handshake Authentication extension. This will +happen whether or not a certificate has been provided via \fB\-cert\fR. +.IP "\fB[target]\fR" 4 +.IX Item "[target]" +Rather than providing \fB\-connect\fR, the target hostname and optional port may +be provided as a single positional argument after all options. If neither this +nor \fB\-connect\fR are provided, falls back to attempting to connect to localhost +on port 4433. +.SH "CONNECTED COMMANDS" +.IX Header "CONNECTED COMMANDS" +If a connection is established with an \s-1SSL\s0 server then any data received +from the server is displayed and any key presses will be sent to the +server. If end of file is reached then the connection will be closed down. When +used interactively (which means neither \fB\-quiet\fR nor \fB\-ign_eof\fR have been +given), then certain commands are also recognized which perform special +operations. These commands are a letter which must appear at the start of a +line. They are listed below. +.IP "\fBQ\fR" 4 +.IX Item "Q" +End the current \s-1SSL\s0 connection and exit. +.IP "\fBR\fR" 4 +.IX Item "R" +Renegotiate the \s-1SSL\s0 session (TLSv1.2 and below only). +.IP "\fBB\fR" 4 +.IX Item "B" +Send a heartbeat message to the server (\s-1DTLS\s0 only) +.IP "\fBk\fR" 4 +.IX Item "k" +Send a key update message to the server (TLSv1.3 only) +.IP "\fBK\fR" 4 +.IX Item "K" +Send a key update message to the server and request one back (TLSv1.3 only) +.SH "NOTES" +.IX Header "NOTES" +\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL HTTP\s0 +server the command: +.PP +.Vb 1 +\& openssl s_client \-connect servername:443 +.Ve +.PP +would typically be used (https uses port 443). If the connection succeeds +then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET /\*(R"\s0 to retrieve a web page. +.PP +If the handshake fails then there are several possible causes, if it is +nothing obvious like no client certificate then the \fB\-bugs\fR, +\&\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR options can be tried +in case it is a buggy server. In particular you should play with these +options \fBbefore\fR submitting a bug report to an OpenSSL mailing list. +.PP +A frequent problem when attempting to get client certificates working +is that a web client complains it has no certificates or gives an empty +list to choose from. This is normally because the server is not sending +the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it +requests a certificate. By using \fBs_client\fR the \s-1CA\s0 list can be viewed +and checked. However some servers only request client authentication +after a specific \s-1URL\s0 is requested. To obtain the list in this case it +is necessary to use the \fB\-prexit\fR option and send an \s-1HTTP\s0 request +for an appropriate page. +.PP +If a certificate is specified on the command line using the \fB\-cert\fR +option it will not be used unless the server specifically requests +a client certificate. Therefor merely including a client certificate +on the command line is no guarantee that the certificate works. +.PP +If there are problems verifying a server certificate then the +\&\fB\-showcerts\fR option can be used to show all the certificates sent by the +server. +.PP +The \fBs_client\fR utility is a test tool and is designed to continue the +handshake after any certificate verification errors. As a result it will +accept any certificate chain (trusted or not) sent by the peer. None test +applications should \fBnot\fR do this as it makes them vulnerable to a \s-1MITM\s0 +attack. This behaviour can be changed by with the \fB\-verify_return_error\fR +option: any verify errors are then returned aborting the handshake. +.PP +The \fB\-bind\fR option may be useful if the server or a firewall requires +connections to come from some particular address and or port. +.SH "BUGS" +.IX Header "BUGS" +Because this program has a lot of options and also because some of the +techniques used are rather old, the C source of \fBs_client\fR is rather hard to +read and not a model of how things should be done. +A typical \s-1SSL\s0 client program would be much simpler. +.PP +The \fB\-prexit\fR option is a bit of a hack. We should really report +information whenever a session is renegotiated. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_cmd\fR\|(3), \fBsess_id\fR\|(1), \fBs_server\fR\|(1), \fBciphers\fR\|(1), +\&\fBSSL_CTX_set_max_send_fragment\fR\|(3), \fBSSL_CTX_set_split_send_fragment\fR\|(3), +\&\fBSSL_CTX_set_max_pipelines\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-no_alt_chains\fR option was added in OpenSSL 1.1.0. +The \fB\-name\fR option was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/s_server.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/s_server.1 new file mode 100644 index 00000000..8528a53e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/s_server.1 @@ -0,0 +1,868 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "S_SERVER 1" +.TH S_SERVER 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-s_server, s_server \- SSL/TLS server program +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBs_server\fR +[\fB\-help\fR] +[\fB\-port +int\fR] +[\fB\-accept val\fR] +[\fB\-unix val\fR] +[\fB\-4\fR] +[\fB\-6\fR] +[\fB\-unlink\fR] +[\fB\-context val\fR] +[\fB\-verify int\fR] +[\fB\-Verify int\fR] +[\fB\-cert infile\fR] +[\fB\-nameopt val\fR] +[\fB\-naccept +int\fR] +[\fB\-serverinfo val\fR] +[\fB\-certform PEM|DER\fR] +[\fB\-key infile\fR] +[\fB\-keyform format\fR] +[\fB\-pass val\fR] +[\fB\-dcert infile\fR] +[\fB\-dcertform PEM|DER\fR] +[\fB\-dkey infile\fR] +[\fB\-dkeyform PEM|DER\fR] +[\fB\-dpass val\fR] +[\fB\-nbio_test\fR] +[\fB\-crlf\fR] +[\fB\-debug\fR] +[\fB\-msg\fR] +[\fB\-msgfile outfile\fR] +[\fB\-state\fR] +[\fB\-CAfile infile\fR] +[\fB\-CApath dir\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-nocert\fR] +[\fB\-quiet\fR] +[\fB\-no_resume_ephemeral\fR] +[\fB\-www\fR] +[\fB\-WWW\fR] +[\fB\-servername\fR] +[\fB\-servername_fatal\fR] +[\fB\-cert2 infile\fR] +[\fB\-key2 infile\fR] +[\fB\-tlsextdebug\fR] +[\fB\-HTTP\fR] +[\fB\-id_prefix val\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-keymatexport val\fR] +[\fB\-keymatexportlen +int\fR] +[\fB\-CRL infile\fR] +[\fB\-crl_download\fR] +[\fB\-cert_chain infile\fR] +[\fB\-dcert_chain infile\fR] +[\fB\-chainCApath dir\fR] +[\fB\-verifyCApath dir\fR] +[\fB\-no_cache\fR] +[\fB\-ext_cache\fR] +[\fB\-CRLform PEM|DER\fR] +[\fB\-verify_return_error\fR] +[\fB\-verify_quiet\fR] +[\fB\-build_chain\fR] +[\fB\-chainCAfile infile\fR] +[\fB\-verifyCAfile infile\fR] +[\fB\-ign_eof\fR] +[\fB\-no_ign_eof\fR] +[\fB\-status\fR] +[\fB\-status_verbose\fR] +[\fB\-status_timeout int\fR] +[\fB\-status_url val\fR] +[\fB\-status_file infile\fR] +[\fB\-trace\fR] +[\fB\-security_debug\fR] +[\fB\-security_debug_verbose\fR] +[\fB\-brief\fR] +[\fB\-rev\fR] +[\fB\-async\fR] +[\fB\-ssl_config val\fR] +[\fB\-max_send_frag +int\fR] +[\fB\-split_send_frag +int\fR] +[\fB\-max_pipelines +int\fR] +[\fB\-read_buf +int\fR] +[\fB\-no_ssl3\fR] +[\fB\-no_tls1\fR] +[\fB\-no_tls1_1\fR] +[\fB\-no_tls1_2\fR] +[\fB\-no_tls1_3\fR] +[\fB\-bugs\fR] +[\fB\-no_comp\fR] +[\fB\-comp\fR] +[\fB\-no_ticket\fR] +[\fB\-num_tickets\fR] +[\fB\-serverpref\fR] +[\fB\-legacy_renegotiation\fR] +[\fB\-no_renegotiation\fR] +[\fB\-legacy_server_connect\fR] +[\fB\-no_resumption_on_reneg\fR] +[\fB\-no_legacy_server_connect\fR] +[\fB\-allow_no_dhe_kex\fR] +[\fB\-prioritize_chacha\fR] +[\fB\-strict\fR] +[\fB\-sigalgs val\fR] +[\fB\-client_sigalgs val\fR] +[\fB\-groups val\fR] +[\fB\-curves val\fR] +[\fB\-named_curve val\fR] +[\fB\-cipher val\fR] +[\fB\-ciphersuites val\fR] +[\fB\-dhparam infile\fR] +[\fB\-record_padding val\fR] +[\fB\-debug_broken_protocol\fR] +[\fB\-policy val\fR] +[\fB\-purpose val\fR] +[\fB\-verify_name val\fR] +[\fB\-verify_depth int\fR] +[\fB\-auth_level int\fR] +[\fB\-attime intmax\fR] +[\fB\-verify_hostname val\fR] +[\fB\-verify_email val\fR] +[\fB\-verify_ip\fR] +[\fB\-ignore_critical\fR] +[\fB\-issuer_checks\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-policy_check\fR] +[\fB\-explicit_policy\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-x509_strict\fR] +[\fB\-extended_crl\fR] +[\fB\-use_deltas\fR] +[\fB\-policy_print\fR] +[\fB\-check_ss_sig\fR] +[\fB\-trusted_first\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_192\fR] +[\fB\-partial_chain\fR] +[\fB\-no_alt_chains\fR] +[\fB\-no_check_time\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-xkey\fR] +[\fB\-xcert\fR] +[\fB\-xchain\fR] +[\fB\-xchain_build\fR] +[\fB\-xcertform PEM|DER\fR] +[\fB\-xkeyform PEM|DER\fR] +[\fB\-nbio\fR] +[\fB\-psk_identity val\fR] +[\fB\-psk_hint val\fR] +[\fB\-psk val\fR] +[\fB\-psk_session file\fR] +[\fB\-srpvfile infile\fR] +[\fB\-srpuserseed val\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-tls1_1\fR] +[\fB\-tls1_2\fR] +[\fB\-tls1_3\fR] +[\fB\-dtls\fR] +[\fB\-timeout\fR] +[\fB\-mtu +int\fR] +[\fB\-listen\fR] +[\fB\-dtls1\fR] +[\fB\-dtls1_2\fR] +[\fB\-sctp\fR] +[\fB\-sctp_label_bug\fR] +[\fB\-no_dhe\fR] +[\fB\-nextprotoneg val\fR] +[\fB\-use_srtp val\fR] +[\fB\-alpn val\fR] +[\fB\-engine val\fR] +[\fB\-keylogfile outfile\fR] +[\fB\-max_early_data int\fR] +[\fB\-early_data\fR] +[\fB\-anti_replay\fR] +[\fB\-no_anti_replay\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens +for connections on a given port using \s-1SSL/TLS.\s0 +.SH "OPTIONS" +.IX Header "OPTIONS" +In addition to the options below the \fBs_server\fR utility also supports the +common and server only options documented +in the \*(L"Supported Command Line Commands\*(R" section of the \fBSSL_CONF_cmd\fR\|(3) +manual page. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-port +int\fR" 4 +.IX Item "-port +int" +The \s-1TCP\s0 port to listen on for connections. If not specified 4433 is used. +.IP "\fB\-accept val\fR" 4 +.IX Item "-accept val" +The optional \s-1TCP\s0 host and port to listen on for connections. If not specified, *:4433 is used. +.IP "\fB\-unix val\fR" 4 +.IX Item "-unix val" +Unix domain socket to accept on. +.IP "\fB\-4\fR" 4 +.IX Item "-4" +Use IPv4 only. +.IP "\fB\-6\fR" 4 +.IX Item "-6" +Use IPv6 only. +.IP "\fB\-unlink\fR" 4 +.IX Item "-unlink" +For \-unix, unlink any existing socket first. +.IP "\fB\-context val\fR" 4 +.IX Item "-context val" +Sets the \s-1SSL\s0 context id. It can be given any string value. If this option +is not present a default value will be used. +.IP "\fB\-verify int\fR, \fB\-Verify int\fR" 4 +.IX Item "-verify int, -Verify int" +The verify depth to use. This specifies the maximum length of the +client certificate chain and makes the server request a certificate from +the client. With the \fB\-verify\fR option a certificate is requested but the +client does not have to send one, with the \fB\-Verify\fR option the client +must supply a certificate or an error occurs. +.Sp +If the cipher suite cannot request a client certificate (for example an +anonymous cipher suite or \s-1PSK\s0) this option has no effect. +.IP "\fB\-cert infile\fR" 4 +.IX Item "-cert infile" +The certificate to use, most servers cipher suites require the use of a +certificate and some require a certificate with a certain public key type: +for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0 +(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used. +.IP "\fB\-cert_chain\fR" 4 +.IX Item "-cert_chain" +A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +\&\fB\-cert\fR option. +.IP "\fB\-build_chain\fR" 4 +.IX Item "-build_chain" +Specify whether the application should build the certificate chain to be +provided to the client. +.IP "\fB\-nameopt val\fR" 4 +.IX Item "-nameopt val" +Option which determines how the subject or issuer names are displayed. The +\&\fBval\fR argument can be a single option or multiple options separated by +commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to +set multiple options. See the \fBx509\fR\|(1) manual page for details. +.IP "\fB\-naccept +int\fR" 4 +.IX Item "-naccept +int" +The server will exit after receiving the specified number of connections, +default unlimited. +.IP "\fB\-serverinfo val\fR" 4 +.IX Item "-serverinfo val" +A file containing one or more blocks of \s-1PEM\s0 data. Each \s-1PEM\s0 block +must encode a \s-1TLS\s0 ServerHello extension (2 bytes type, 2 bytes length, +followed by \*(L"length\*(R" bytes of extension data). If the client sends +an empty \s-1TLS\s0 ClientHello extension matching the type, the corresponding +ServerHello extension will be returned. +.IP "\fB\-certform PEM|DER\fR" 4 +.IX Item "-certform PEM|DER" +The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. +.IP "\fB\-key infile\fR" 4 +.IX Item "-key infile" +The private key to use. If not specified then the certificate file will +be used. +.IP "\fB\-keyform format\fR" 4 +.IX Item "-keyform format" +The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. +.IP "\fB\-pass val\fR" 4 +.IX Item "-pass val" +The private key password source. For more information about the format of \fBval\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-dcert infile\fR, \fB\-dkey infile\fR" 4 +.IX Item "-dcert infile, -dkey infile" +Specify an additional certificate and private key, these behave in the +same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no default +if they are not specified (no additional certificate and key is used). As +noted above some cipher suites require a certificate containing a key of +a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key +and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys +a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites +by using an appropriate certificate. +.IP "\fB\-dcert_chain\fR" 4 +.IX Item "-dcert_chain" +A file containing trusted certificates to use when attempting to build the +server certificate chain when a certificate specified via the \fB\-dcert\fR option +is in use. +.IP "\fB\-dcertform PEM|DER\fR, \fB\-dkeyform PEM|DER\fR, \fB\-dpass val\fR" 4 +.IX Item "-dcertform PEM|DER, -dkeyform PEM|DER, -dpass val" +Additional certificate and private key format and passphrase respectively. +.IP "\fB\-xkey infile\fR, \fB\-xcert infile\fR, \fB\-xchain\fR" 4 +.IX Item "-xkey infile, -xcert infile, -xchain" +Specify an extra certificate, private key and certificate chain. These behave +in the same manner as the \fB\-cert\fR, \fB\-key\fR and \fB\-cert_chain\fR options. When +specified, the callback returning the first valid chain will be in use by +the server. +.IP "\fB\-xchain_build\fR" 4 +.IX Item "-xchain_build" +Specify whether the application should build the certificate chain to be +provided to the client for the extra certificates provided via \fB\-xkey infile\fR, +\&\fB\-xcert infile\fR, \fB\-xchain\fR options. +.IP "\fB\-xcertform PEM|DER\fR, \fB\-xkeyform PEM|DER\fR" 4 +.IX Item "-xcertform PEM|DER, -xkeyform PEM|DER" +Extra certificate and private key format respectively. +.IP "\fB\-nbio_test\fR" 4 +.IX Item "-nbio_test" +Tests non blocking I/O. +.IP "\fB\-crlf\fR" 4 +.IX Item "-crlf" +This option translated a line feed from the terminal into \s-1CR+LF.\s0 +.IP "\fB\-debug\fR" 4 +.IX Item "-debug" +Print extensive debugging information including a hex dump of all traffic. +.IP "\fB\-msg\fR" 4 +.IX Item "-msg" +Show all protocol messages with hex dump. +.IP "\fB\-msgfile outfile\fR" 4 +.IX Item "-msgfile outfile" +File to send output of \fB\-msg\fR or \fB\-trace\fR to, default standard output. +.IP "\fB\-state\fR" 4 +.IX Item "-state" +Prints the \s-1SSL\s0 session states. +.IP "\fB\-CAfile infile\fR" 4 +.IX Item "-CAfile infile" +A file containing trusted certificates to use during client authentication +and to use when attempting to build the server certificate chain. The list +is also used in the list of acceptable client CAs passed to the client when +a certificate is requested. +.IP "\fB\-CApath dir\fR" 4 +.IX Item "-CApath dir" +The directory to use for client certificate verification. This directory +must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. These are +also used when building the server certificate chain. +.IP "\fB\-chainCApath dir\fR" 4 +.IX Item "-chainCApath dir" +The directory to use for building the chain provided to the client. This +directory must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. +.IP "\fB\-chainCAfile file\fR" 4 +.IX Item "-chainCAfile file" +A file containing trusted certificates to use when attempting to build the +server certificate chain. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location. +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location. +.IP "\fB\-nocert\fR" 4 +.IX Item "-nocert" +If this option is set then no certificate is used. This restricts the +cipher suites available to the anonymous ones (currently just anonymous +\&\s-1DH\s0). +.IP "\fB\-quiet\fR" 4 +.IX Item "-quiet" +Inhibit printing of session and certificate information. +.IP "\fB\-www\fR" 4 +.IX Item "-www" +Sends a status message back to the client when it connects. This includes +information about the ciphers used and various session parameters. +The output is in \s-1HTML\s0 format so this option will normally be used with a +web browser. Cannot be used in conjunction with \fB\-early_data\fR. +.IP "\fB\-WWW\fR" 4 +.IX Item "-WWW" +Emulates a simple web server. Pages will be resolved relative to the +current directory, for example if the \s-1URL\s0 https://myhost/page.html is +requested the file ./page.html will be loaded. Cannot be used in conjunction +with \fB\-early_data\fR. +.IP "\fB\-tlsextdebug\fR" 4 +.IX Item "-tlsextdebug" +Print a hex dump of any \s-1TLS\s0 extensions received from the server. +.IP "\fB\-HTTP\fR" 4 +.IX Item "-HTTP" +Emulates a simple web server. Pages will be resolved relative to the +current directory, for example if the \s-1URL\s0 https://myhost/page.html is +requested the file ./page.html will be loaded. The files loaded are +assumed to contain a complete and correct \s-1HTTP\s0 response (lines that +are part of the \s-1HTTP\s0 response line and headers must end with \s-1CRLF\s0). Cannot be +used in conjunction with \fB\-early_data\fR. +.IP "\fB\-id_prefix val\fR" 4 +.IX Item "-id_prefix val" +Generate \s-1SSL/TLS\s0 session IDs prefixed by \fBval\fR. This is mostly useful +for testing any \s-1SSL/TLS\s0 code (eg. proxies) that wish to deal with multiple +servers, when each of which might be generating a unique range of session +IDs (eg. with a certain prefix). +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-verify_return_error\fR" 4 +.IX Item "-verify_return_error" +Verification errors normally just print a message but allow the +connection to continue, for debugging purposes. +If this option is used, then verification errors close the connection. +.IP "\fB\-status\fR" 4 +.IX Item "-status" +Enables certificate status request support (aka \s-1OCSP\s0 stapling). +.IP "\fB\-status_verbose\fR" 4 +.IX Item "-status_verbose" +Enables certificate status request support (aka \s-1OCSP\s0 stapling) and gives +a verbose printout of the \s-1OCSP\s0 response. +.IP "\fB\-status_timeout int\fR" 4 +.IX Item "-status_timeout int" +Sets the timeout for \s-1OCSP\s0 response to \fBint\fR seconds. +.IP "\fB\-status_url val\fR" 4 +.IX Item "-status_url val" +Sets a fallback responder \s-1URL\s0 to use if no responder \s-1URL\s0 is present in the +server certificate. Without this option an error is returned if the server +certificate does not contain a responder address. +.IP "\fB\-status_file infile\fR" 4 +.IX Item "-status_file infile" +Overrides any \s-1OCSP\s0 responder URLs from the certificate and always provides the +\&\s-1OCSP\s0 Response stored in the file. The file must be in \s-1DER\s0 format. +.IP "\fB\-trace\fR" 4 +.IX Item "-trace" +Show verbose trace output of protocol messages. OpenSSL needs to be compiled +with \fBenable-ssl-trace\fR for this option to work. +.IP "\fB\-brief\fR" 4 +.IX Item "-brief" +Provide a brief summary of connection parameters instead of the normal verbose +output. +.IP "\fB\-rev\fR" 4 +.IX Item "-rev" +Simple test server which just reverses the text received from the client +and sends it back to the server. Also sets \fB\-brief\fR. Cannot be used in +conjunction with \fB\-early_data\fR. +.IP "\fB\-async\fR" 4 +.IX Item "-async" +Switch on asynchronous mode. Cryptographic operations will be performed +asynchronously. This will only have an effect if an asynchronous capable engine +is also used via the \fB\-engine\fR option. For test purposes the dummy async engine +(dasync) can be used (if available). +.IP "\fB\-max_send_frag +int\fR" 4 +.IX Item "-max_send_frag +int" +The maximum size of data fragment to send. +See \fBSSL_CTX_set_max_send_fragment\fR\|(3) for further information. +.IP "\fB\-split_send_frag +int\fR" 4 +.IX Item "-split_send_frag +int" +The size used to split data for encrypt pipelines. If more data is written in +one go than this value then it will be split into multiple pipelines, up to the +maximum number of pipelines defined by max_pipelines. This only has an effect if +a suitable cipher suite has been negotiated, an engine that supports pipelining +has been loaded, and max_pipelines is greater than 1. See +\&\fBSSL_CTX_set_split_send_fragment\fR\|(3) for further information. +.IP "\fB\-max_pipelines +int\fR" 4 +.IX Item "-max_pipelines +int" +The maximum number of encrypt/decrypt pipelines to be used. This will only have +an effect if an engine has been loaded that supports pipelining (e.g. the dasync +engine) and a suitable cipher suite has been negotiated. The default value is 1. +See \fBSSL_CTX_set_max_pipelines\fR\|(3) for further information. +.IP "\fB\-read_buf +int\fR" 4 +.IX Item "-read_buf +int" +The default read buffer size to be used for connections. This will only have an +effect if the buffer size is larger than the size that would otherwise be used +and pipelining is in use (see \fBSSL_CTX_set_default_read_buffer_len\fR\|(3) for +further information). +.IP "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 +.IX Item "-ssl2, -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl2, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" +These options require or disable the use of the specified \s-1SSL\s0 or \s-1TLS\s0 protocols. +By default \fBs_server\fR will negotiate the highest mutually supported protocol +version. +When a specific \s-1TLS\s0 version is required, only that version will be accepted +from the client. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +There are several known bugs in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +option enables various workarounds. +.IP "\fB\-no_comp\fR" 4 +.IX Item "-no_comp" +Disable negotiation of \s-1TLS\s0 compression. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-comp\fR" 4 +.IX Item "-comp" +Enable negotiation of \s-1TLS\s0 compression. +This option was introduced in OpenSSL 1.1.0. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-no_ticket\fR" 4 +.IX Item "-no_ticket" +Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3 +is negotiated. See \fB\-num_tickets\fR. +.IP "\fB\-num_tickets\fR" 4 +.IX Item "-num_tickets" +Control the number of tickets that will be sent to the client after a full +handshake in TLSv1.3. The default number of tickets is 2. This option does not +affect the number of tickets sent after a resumption handshake. +.IP "\fB\-serverpref\fR" 4 +.IX Item "-serverpref" +Use the server's cipher preferences, rather than the client's preferences. +.IP "\fB\-prioritize_chacha\fR" 4 +.IX Item "-prioritize_chacha" +Prioritize ChaCha ciphers when preferred by clients. Requires \fB\-serverpref\fR. +.IP "\fB\-no_resumption_on_reneg\fR" 4 +.IX Item "-no_resumption_on_reneg" +Set the \fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR option. +.IP "\fB\-client_sigalgs val\fR" 4 +.IX Item "-client_sigalgs val" +Signature algorithms to support for client certificate authentication +(colon-separated list). +.IP "\fB\-named_curve val\fR" 4 +.IX Item "-named_curve val" +Specifies the elliptic curve to use. \s-1NOTE:\s0 this is single curve, not a list. +For a list of all possible curves, use: +.Sp +.Vb 1 +\& $ openssl ecparam \-list_curves +.Ve +.IP "\fB\-cipher val\fR" 4 +.IX Item "-cipher val" +This allows the list of TLSv1.2 and below ciphersuites used by the server to be +modified. This list is combined with any TLSv1.3 ciphersuites that have been +configured. When the client sends a list of supported ciphers the first client +cipher also included in the server list is used. Because the client specifies +the preference order, the order of the server cipherlist is irrelevant. See +the \fBciphers\fR command for more information. +.IP "\fB\-ciphersuites val\fR" 4 +.IX Item "-ciphersuites val" +This allows the list of TLSv1.3 ciphersuites used by the server to be modified. +This list is combined with any TLSv1.2 and below ciphersuites that have been +configured. When the client sends a list of supported ciphers the first client +cipher also included in the server list is used. Because the client specifies +the preference order, the order of the server cipherlist is irrelevant. See +the \fBciphers\fR command for more information. The format for this list is a +simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. +.IP "\fB\-dhparam infile\fR" 4 +.IX Item "-dhparam infile" +The \s-1DH\s0 parameter file to use. The ephemeral \s-1DH\s0 cipher suites generate keys +using a set of \s-1DH\s0 parameters. If not specified then an attempt is made to +load the parameters from the server certificate file. +If this fails then a static set of parameters hard coded into the \fBs_server\fR +program will be used. +.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4 +.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict" +Set different peer certificate verification options. +See the \fBverify\fR\|(1) manual page for details. +.IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4 +.IX Item "-crl_check, -crl_check_all" +Check the peer certificate has not been revoked by its \s-1CA.\s0 +The \s-1CRL\s0(s) are appended to the certificate file. With the \fB\-crl_check_all\fR +option all CRLs of all CAs in the chain are checked. +.IP "\fB\-nbio\fR" 4 +.IX Item "-nbio" +Turns on non blocking I/O. +.IP "\fB\-psk_identity val\fR" 4 +.IX Item "-psk_identity val" +Expect the client to send \s-1PSK\s0 identity \fBval\fR when using a \s-1PSK\s0 +cipher suite, and warn if they do not. By default, the expected \s-1PSK\s0 +identity is the string \*(L"Client_identity\*(R". +.IP "\fB\-psk_hint val\fR" 4 +.IX Item "-psk_hint val" +Use the \s-1PSK\s0 identity hint \fBval\fR when using a \s-1PSK\s0 cipher suite. +.IP "\fB\-psk val\fR" 4 +.IX Item "-psk val" +Use the \s-1PSK\s0 key \fBval\fR when using a \s-1PSK\s0 cipher suite. The key is +given as a hexadecimal number without leading 0x, for example \-psk +1a2b3c4d. +This option must be provided in order to use a \s-1PSK\s0 cipher. +.IP "\fB\-psk_session file\fR" 4 +.IX Item "-psk_session file" +Use the pem encoded \s-1SSL_SESSION\s0 data stored in \fBfile\fR as the basis of a \s-1PSK.\s0 +Note that this will only work if TLSv1.3 is negotiated. +.IP "\fB\-listen\fR" 4 +.IX Item "-listen" +This option can only be used in conjunction with one of the \s-1DTLS\s0 options above. +With this option \fBs_server\fR will listen on a \s-1UDP\s0 port for incoming connections. +Any ClientHellos that arrive will be checked to see if they have a cookie in +them or not. +Any without a cookie will be responded to with a HelloVerifyRequest. +If a ClientHello with a cookie is received then \fBs_server\fR will connect to +that peer and complete the handshake. +.IP "\fB\-dtls\fR, \fB\-dtls1\fR, \fB\-dtls1_2\fR" 4 +.IX Item "-dtls, -dtls1, -dtls1_2" +These options make \fBs_server\fR use \s-1DTLS\s0 protocols instead of \s-1TLS.\s0 +With \fB\-dtls\fR, \fBs_server\fR will negotiate any supported \s-1DTLS\s0 protocol version, +whilst \fB\-dtls1\fR and \fB\-dtls1_2\fR will only support DTLSv1.0 and DTLSv1.2 +respectively. +.IP "\fB\-sctp\fR" 4 +.IX Item "-sctp" +Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS.\s0 Must be used in +conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-sctp_label_bug\fR" 4 +.IX Item "-sctp_label_bug" +Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for \s-1DTLS/SCTP.\s0 This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-no_dhe\fR" 4 +.IX Item "-no_dhe" +If this option is set then no \s-1DH\s0 parameters will be loaded effectively +disabling the ephemeral \s-1DH\s0 cipher suites. +.IP "\fB\-alpn val\fR, \fB\-nextprotoneg val\fR" 4 +.IX Item "-alpn val, -nextprotoneg val" +These flags enable the Enable the Application-Layer Protocol Negotiation +or Next Protocol Negotiation (\s-1NPN\s0) extension, respectively. \s-1ALPN\s0 is the +\&\s-1IETF\s0 standard and replaces \s-1NPN.\s0 +The \fBval\fR list is a comma-separated list of supported protocol +names. The list should contain the most desirable protocols first. +Protocol names are printable \s-1ASCII\s0 strings, for example \*(L"http/1.1\*(R" or +\&\*(L"spdy/3\*(R". +The flag \fB\-nextprotoneg\fR cannot be specified if \fB\-tls1_3\fR is used. +.IP "\fB\-engine val\fR" 4 +.IX Item "-engine val" +Specifying an engine (by its unique id string in \fBval\fR) will cause \fBs_server\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-keylogfile outfile\fR" 4 +.IX Item "-keylogfile outfile" +Appends \s-1TLS\s0 secrets to the specified keylog file such that external programs +(like Wireshark) can decrypt \s-1TLS\s0 connections. +.IP "\fB\-max_early_data int\fR" 4 +.IX Item "-max_early_data int" +Change the default maximum early data bytes that are specified for new sessions +and any incoming early data (when used in conjunction with the \fB\-early_data\fR +flag). The default value is approximately 16k. The argument must be an integer +greater than or equal to 0. +.IP "\fB\-early_data\fR" 4 +.IX Item "-early_data" +Accept early data where possible. Cannot be used in conjunction with \fB\-www\fR, +\&\fB\-WWW\fR, \fB\-HTTP\fR or \fB\-rev\fR. +.IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4 +.IX Item "-anti_replay, -no_anti_replay" +Switches replay protection on or off, respectively. Replay protection is on by +default unless overridden by a configuration file. When it is on, OpenSSL will +automatically detect if a session ticket has been used more than once, TLSv1.3 +has been negotiated, and early data is enabled on the server. A full handshake +is forced if a session ticket is used a second or subsequent time. Any early +data that was sent will be rejected. +.SH "CONNECTED COMMANDS" +.IX Header "CONNECTED COMMANDS" +If a connection request is established with an \s-1SSL\s0 client and neither the +\&\fB\-www\fR nor the \fB\-WWW\fR option has been used then normally any data received +from the client is displayed and any key presses will be sent to the client. +.PP +Certain commands are also recognized which perform special operations. These +commands are a letter which must appear at the start of a line. They are listed +below. +.IP "\fBq\fR" 4 +.IX Item "q" +End the current \s-1SSL\s0 connection but still accept new connections. +.IP "\fBQ\fR" 4 +.IX Item "Q" +End the current \s-1SSL\s0 connection and exit. +.IP "\fBr\fR" 4 +.IX Item "r" +Renegotiate the \s-1SSL\s0 session (TLSv1.2 and below only). +.IP "\fBR\fR" 4 +.IX Item "R" +Renegotiate the \s-1SSL\s0 session and request a client certificate (TLSv1.2 and below +only). +.IP "\fBP\fR" 4 +.IX Item "P" +Send some plain text down the underlying \s-1TCP\s0 connection: this should +cause the client to disconnect due to a protocol violation. +.IP "\fBS\fR" 4 +.IX Item "S" +Print out some session cache status information. +.IP "\fBB\fR" 4 +.IX Item "B" +Send a heartbeat message to the client (\s-1DTLS\s0 only) +.IP "\fBk\fR" 4 +.IX Item "k" +Send a key update message to the client (TLSv1.3 only) +.IP "\fBK\fR" 4 +.IX Item "K" +Send a key update message to the client and request one back (TLSv1.3 only) +.IP "\fBc\fR" 4 +.IX Item "c" +Send a certificate request to the client (TLSv1.3 only) +.SH "NOTES" +.IX Header "NOTES" +\&\fBs_server\fR can be used to debug \s-1SSL\s0 clients. To accept connections from +a web browser the command: +.PP +.Vb 1 +\& openssl s_server \-accept 443 \-www +.Ve +.PP +can be used for example. +.PP +Although specifying an empty list of CAs when requesting a client certificate +is strictly speaking a protocol violation, some \s-1SSL\s0 clients interpret this to +mean any \s-1CA\s0 is acceptable. This is useful for debugging purposes. +.PP +The session parameters can printed out using the \fBsess_id\fR program. +.SH "BUGS" +.IX Header "BUGS" +Because this program has a lot of options and also because some of the +techniques used are rather old, the C source of \fBs_server\fR is rather hard to +read and not a model of how things should be done. +A typical \s-1SSL\s0 server program would be much simpler. +.PP +The output of common ciphers is wrong: it just gives the list of ciphers that +OpenSSL recognizes and the client supports. +.PP +There should be a way for the \fBs_server\fR program to print out details of any +unknown cipher suites a client says it supports. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_cmd\fR\|(3), \fBsess_id\fR\|(1), \fBs_client\fR\|(1), \fBciphers\fR\|(1) +\&\fBSSL_CTX_set_max_send_fragment\fR\|(3), +\&\fBSSL_CTX_set_split_send_fragment\fR\|(3), +\&\fBSSL_CTX_set_max_pipelines\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \-no_alt_chains option was added in OpenSSL 1.1.0. +.PP +The +\&\-allow\-no\-dhe\-kex and \-prioritize_chacha options were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/s_time.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/s_time.1 new file mode 100644 index 00000000..0cdc5fa3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/s_time.1 @@ -0,0 +1,320 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "S_TIME 1" +.TH S_TIME 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-s_time, s_time \- SSL/TLS performance timing program +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBs_time\fR +[\fB\-help\fR] +[\fB\-connect host:port\fR] +[\fB\-www page\fR] +[\fB\-cert filename\fR] +[\fB\-key filename\fR] +[\fB\-CApath directory\fR] +[\fB\-CAfile filename\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-reuse\fR] +[\fB\-new\fR] +[\fB\-verify depth\fR] +[\fB\-nameopt option\fR] +[\fB\-time seconds\fR] +[\fB\-ssl3\fR] +[\fB\-bugs\fR] +[\fB\-cipher cipherlist\fR] +[\fB\-ciphersuites val\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBs_time\fR command implements a generic \s-1SSL/TLS\s0 client which connects to a +remote host using \s-1SSL/TLS.\s0 It can request a page from the server and includes +the time to transfer the payload data in its timing measurements. It measures +the number of connections within a given timeframe, the amount of data +transferred (if any), and calculates the average time spent for one connection. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-connect host:port\fR" 4 +.IX Item "-connect host:port" +This specifies the host and optional port to connect to. +.IP "\fB\-www page\fR" 4 +.IX Item "-www page" +This specifies the page to \s-1GET\s0 from the server. A value of '/' gets the +index.htm[l] page. If this parameter is not specified, then \fBs_time\fR will only +perform the handshake to establish \s-1SSL\s0 connections but not transfer any +payload data. +.IP "\fB\-cert certname\fR" 4 +.IX Item "-cert certname" +The certificate to use, if one is requested by the server. The default is +not to use a certificate. The file is in \s-1PEM\s0 format. +.IP "\fB\-key keyfile\fR" 4 +.IX Item "-key keyfile" +The private key to use. If not specified then the certificate file will +be used. The file is in \s-1PEM\s0 format. +.IP "\fB\-verify depth\fR" 4 +.IX Item "-verify depth" +The verify depth to use. This specifies the maximum length of the +server certificate chain and turns on server certificate verification. +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. As a side effect the connection +will never fail due to a server certificate verify failure. +.IP "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +Option which determines how the subject or issuer names are displayed. The +\&\fBoption\fR argument can be a single option or multiple options separated by +commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to +set multiple options. See the \fBx509\fR\|(1) manual page for details. +.IP "\fB\-CApath directory\fR" 4 +.IX Item "-CApath directory" +The directory to use for server certificate verification. This directory +must be in \*(L"hash format\*(R", see \fBverify\fR for more information. These are +also used when building the client certificate chain. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +A file containing trusted certificates to use during server authentication +and to use when attempting to build the client certificate chain. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location +.IP "\fB\-new\fR" 4 +.IX Item "-new" +Performs the timing test using a new session \s-1ID\s0 for each connection. +If neither \fB\-new\fR nor \fB\-reuse\fR are specified, they are both on by default +and executed in sequence. +.IP "\fB\-reuse\fR" 4 +.IX Item "-reuse" +Performs the timing test using the same session \s-1ID\s0; this can be used as a test +that session caching is working. If neither \fB\-new\fR nor \fB\-reuse\fR are +specified, they are both on by default and executed in sequence. +.IP "\fB\-ssl3\fR" 4 +.IX Item "-ssl3" +This option disables the use of \s-1SSL\s0 version 3. By default +the initial handshake uses a method which should be compatible with all +servers and permit them to use \s-1SSL\s0 v3 or \s-1TLS\s0 as appropriate. +.Sp +The timing program is not as rich in options to turn protocols on and off as +the \fBs_client\fR\|(1) program and may not connect to all servers. +Unfortunately there are a lot of ancient and broken servers in use which +cannot handle this technique and will fail to connect. Some servers only +work if \s-1TLS\s0 is turned off with the \fB\-ssl3\fR option. +.Sp +Note that this option may not be available, depending on how +OpenSSL was built. +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +There are several known bugs in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +option enables various workarounds. +.IP "\fB\-cipher cipherlist\fR" 4 +.IX Item "-cipher cipherlist" +This allows the TLSv1.2 and below cipher list sent by the client to be modified. +This list will be combined with any TLSv1.3 ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +\&\fBciphers\fR\|(1) for more information. +.IP "\fB\-ciphersuites val\fR" 4 +.IX Item "-ciphersuites val" +This allows the TLSv1.3 ciphersuites sent by the client to be modified. This +list will be combined with any TLSv1.2 and below ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +\&\fBciphers\fR\|(1) for more information. The format for this list is a simple +colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. +.IP "\fB\-time length\fR" 4 +.IX Item "-time length" +Specifies how long (in seconds) \fBs_time\fR should establish connections and +optionally transfer payload data from a server. Server and client performance +and the link speed determine how many connections \fBs_time\fR can establish. +.SH "NOTES" +.IX Header "NOTES" +\&\fBs_time\fR can be used to measure the performance of an \s-1SSL\s0 connection. +To connect to an \s-1SSL HTTP\s0 server and get the default page the command +.PP +.Vb 1 +\& openssl s_time \-connect servername:443 \-www / \-CApath yourdir \-CAfile yourfile.pem \-cipher commoncipher [\-ssl3] +.Ve +.PP +would typically be used (https uses port 443). 'commoncipher' is a cipher to +which both client and server can agree, see the \fBciphers\fR\|(1) command +for details. +.PP +If the handshake fails then there are several possible causes, if it is +nothing obvious like no client certificate then the \fB\-bugs\fR and +\&\fB\-ssl3\fR options can be tried +in case it is a buggy server. In particular you should play with these +options \fBbefore\fR submitting a bug report to an OpenSSL mailing list. +.PP +A frequent problem when attempting to get client certificates working +is that a web client complains it has no certificates or gives an empty +list to choose from. This is normally because the server is not sending +the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it +requests a certificate. By using \fBs_client\fR\|(1) the \s-1CA\s0 list can be +viewed and checked. However some servers only request client authentication +after a specific \s-1URL\s0 is requested. To obtain the list in this case it +is necessary to use the \fB\-prexit\fR option of \fBs_client\fR\|(1) and +send an \s-1HTTP\s0 request for an appropriate page. +.PP +If a certificate is specified on the command line using the \fB\-cert\fR +option it will not be used unless the server specifically requests +a client certificate. Therefor merely including a client certificate +on the command line is no guarantee that the certificate works. +.SH "BUGS" +.IX Header "BUGS" +Because this program does not have all the options of the +\&\fBs_client\fR\|(1) program to turn protocols on and off, you may not be +able to measure the performance of all protocols with all servers. +.PP +The \fB\-verify\fR option should really exit if the server verification +fails. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBs_client\fR\|(1), \fBs_server\fR\|(1), \fBciphers\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/sess_id.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/sess_id.1 new file mode 100644 index 00000000..3df11f66 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/sess_id.1 @@ -0,0 +1,272 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SESS_ID 1" +.TH SESS_ID 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-sess_id, sess_id \- SSL/TLS session handling utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBsess_id\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER|NSS\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-context \s-1ID\s0\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBsess_id\fR process the encoded version of the \s-1SSL\s0 session structure +and optionally prints out \s-1SSL\s0 session details (for example the \s-1SSL\s0 session +master key) in human readable format. Since this is a diagnostic tool that +needs some knowledge of the \s-1SSL\s0 protocol to use properly, most users will +not need to use it. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded +format containing session details. The precise format can vary from one version +to the next. The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR +format base64 encoded with additional header and footer lines. +.IP "\fB\-outform DER|PEM|NSS\fR" 4 +.IX Item "-outform DER|PEM|NSS" +This specifies the output format. The \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR options have the same meaning +and default as the \fB\-inform\fR option. The \fB\s-1NSS\s0\fR option outputs the session id and +the master key in \s-1NSS\s0 keylog format. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read session information from or standard +input by default. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write session information to or standard +output if this option is not specified. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the various public or private key components in +plain text in addition to the encoded version. +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +If a certificate is present in the session it will be output using this option, +if the \fB\-text\fR option is also present then it will be printed out in text form. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the session. +.IP "\fB\-context \s-1ID\s0\fR" 4 +.IX Item "-context ID" +This option can set the session id so the output session information uses the +supplied \s-1ID.\s0 The \s-1ID\s0 can be any string of characters. This option won't normally +be used. +.SH "OUTPUT" +.IX Header "OUTPUT" +Typical output: +.PP +.Vb 10 +\& SSL\-Session: +\& Protocol : TLSv1 +\& Cipher : 0016 +\& Session\-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED +\& Session\-ID\-ctx: 01000000 +\& Master\-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD +\& Key\-Arg : None +\& Start Time: 948459261 +\& Timeout : 300 (sec) +\& Verify return code 0 (ok) +.Ve +.PP +These are described below in more detail. +.IP "\fBProtocol\fR" 4 +.IX Item "Protocol" +This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3. +.IP "\fBCipher\fR" 4 +.IX Item "Cipher" +The cipher used this is the actual raw \s-1SSL\s0 or \s-1TLS\s0 cipher code, see the \s-1SSL\s0 +or \s-1TLS\s0 specifications for more information. +.IP "\fBSession-ID\fR" 4 +.IX Item "Session-ID" +The \s-1SSL\s0 session \s-1ID\s0 in hex format. +.IP "\fBSession-ID-ctx\fR" 4 +.IX Item "Session-ID-ctx" +The session \s-1ID\s0 context in hex format. +.IP "\fBMaster-Key\fR" 4 +.IX Item "Master-Key" +This is the \s-1SSL\s0 session master key. +.IP "\fBStart Time\fR" 4 +.IX Item "Start Time" +This is the session start time represented as an integer in standard +Unix format. +.IP "\fBTimeout\fR" 4 +.IX Item "Timeout" +The timeout in seconds. +.IP "\fBVerify return code\fR" 4 +.IX Item "Verify return code" +This is the return code when an \s-1SSL\s0 client certificate is verified. +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 encoded session format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN SSL SESSION PARAMETERS\-\-\-\-\- +\& \-\-\-\-\-END SSL SESSION PARAMETERS\-\-\-\-\- +.Ve +.PP +Since the \s-1SSL\s0 session output contains the master key it is +possible to read the contents of an encrypted session using this +information. Therefore appropriate security precautions should be taken if +the information is being output by a \*(L"real\*(R" application. This is however +strongly discouraged and should only be used for debugging purposes. +.SH "BUGS" +.IX Header "BUGS" +The cipher and start time should be printed out in human readable form. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBciphers\fR\|(1), \fBs_server\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/smime.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/smime.1 new file mode 100644 index 00000000..d61174c9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/smime.1 @@ -0,0 +1,617 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME 1" +.TH SMIME 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-smime, smime \- S/MIME utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBsmime\fR +[\fB\-help\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-sign\fR] +[\fB\-resign\fR] +[\fB\-verify\fR] +[\fB\-pk7out\fR] +[\fB\-binary\fR] +[\fB\-crlfeol\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-in file\fR] +[\fB\-CAfile file\fR] +[\fB\-CApath dir\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-attime timestamp\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy arg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose purpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level num\fR] +[\fB\-verify_depth num\fR] +[\fB\-verify_email email\fR] +[\fB\-verify_hostname hostname\fR] +[\fB\-verify_ip ip\fR] +[\fB\-verify_name name\fR] +[\fB\-x509_strict\fR] +[\fB\-certfile file\fR] +[\fB\-signer file\fR] +[\fB\-recip file\fR] +[\fB\-inform SMIME|PEM|DER\fR] +[\fB\-passin arg\fR] +[\fB\-inkey file_or_id\fR] +[\fB\-out file\fR] +[\fB\-outform SMIME|PEM|DER\fR] +[\fB\-content file\fR] +[\fB\-to addr\fR] +[\fB\-from ad\fR] +[\fB\-subject s\fR] +[\fB\-text\fR] +[\fB\-indef\fR] +[\fB\-noindef\fR] +[\fB\-stream\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-md digest\fR] +[cert.pem]... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBsmime\fR command handles S/MIME mail. It can encrypt, decrypt, sign and +verify S/MIME messages. +.SH "OPTIONS" +.IX Header "OPTIONS" +There are six operation options that set the type of operation to be performed. +The meaning of the other options varies according to the operation type. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt mail for the given recipient certificates. Input file is the message +to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format. +.Sp +Note that no revocation check is done for the recipient cert, so if that +key has been compromised, others may be able to decrypt the text. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt mail using the supplied certificate and private key. Expects an +encrypted mail message in \s-1MIME\s0 format for the input file. The decrypted mail +is written to the output file. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign mail using the supplied certificate and private key. Input file is +the message to be signed. The signed message in \s-1MIME\s0 format is written +to the output file. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify signed mail. Expects a signed mail message on input and outputs +the signed data. Both clear text and opaque signing is supported. +.IP "\fB\-pk7out\fR" 4 +.IX Item "-pk7out" +Takes an input message and writes out a \s-1PEM\s0 encoded PKCS#7 structure. +.IP "\fB\-resign\fR" 4 +.IX Item "-resign" +Resign a message: take an existing message and one or more new signers. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +The input message to be encrypted or signed or the \s-1MIME\s0 message to +be decrypted or verified. +.IP "\fB\-inform SMIME|PEM|DER\fR" 4 +.IX Item "-inform SMIME|PEM|DER" +This specifies the input format for the PKCS#7 structure. The default +is \fB\s-1SMIME\s0\fR which reads an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR +format change this to expect \s-1PEM\s0 and \s-1DER\s0 format PKCS#7 structures +instead. This currently only affects the input format of the PKCS#7 +structure, if no PKCS#7 structure is being input (for example with +\&\fB\-encrypt\fR or \fB\-sign\fR) this option has no effect. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +The message text that has been decrypted or verified or the output \s-1MIME\s0 +format message that has been signed or verified. +.IP "\fB\-outform SMIME|PEM|DER\fR" 4 +.IX Item "-outform SMIME|PEM|DER" +This specifies the output format for the PKCS#7 structure. The default +is \fB\s-1SMIME\s0\fR which write an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR +format change this to write \s-1PEM\s0 and \s-1DER\s0 format PKCS#7 structures +instead. This currently only affects the output format of the PKCS#7 +structure, if no PKCS#7 structure is being output (for example with +\&\fB\-verify\fR or \fB\-decrypt\fR) this option has no effect. +.IP "\fB\-stream \-indef \-noindef\fR" 4 +.IX Item "-stream -indef -noindef" +The \fB\-stream\fR and \fB\-indef\fR options are equivalent and enable streaming I/O +for encoding operations. This permits single pass processing of data without +the need to hold the entire contents in memory, potentially supporting very +large files. Streaming is automatically set for S/MIME signing with detached +data if the output format is \fB\s-1SMIME\s0\fR it is currently off by default for all +other operations. +.IP "\fB\-noindef\fR" 4 +.IX Item "-noindef" +Disable streaming I/O where it would produce and indefinite length constructed +encoding. This option currently has no effect. In future streaming will be +enabled by default on all relevant operations and this option will disable it. +.IP "\fB\-content filename\fR" 4 +.IX Item "-content filename" +This specifies a file containing the detached content, this is only +useful with the \fB\-verify\fR command. This is only usable if the PKCS#7 +structure is using the detached signature form where the content is +not included. This option will override any content if the input format +is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied +message if encrypting or signing. If decrypting or verifying it strips +off text headers: if the decrypted or verified message is not of \s-1MIME\s0 +type text/plain then an error occurs. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +A file containing trusted \s-1CA\s0 certificates, only used with \fB\-verify\fR. +.IP "\fB\-CApath dir\fR" 4 +.IX Item "-CApath dir" +A directory containing trusted \s-1CA\s0 certificates, only used with +\&\fB\-verify\fR. This directory must be a standard certificate directory: that +is a hash of each subject name (using \fBx509 \-hash\fR) should be linked +to each certificate. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location. +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location. +.IP "\fB\-md digest\fR" 4 +.IX Item "-md digest" +Digest algorithm to use when signing or resigning. If not present then the +default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +The encryption algorithm to use. For example \s-1DES\s0 (56 bits) \- \fB\-des\fR, +triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR, +\&\fBEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for +example \fB\-aes\-128\-cbc\fR. See \fBenc\fR for list of ciphers +supported by your version of OpenSSL. +.Sp +If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR. +.IP "\fB\-nointern\fR" 4 +.IX Item "-nointern" +When verifying a message normally certificates (if any) included in +the message are searched for the signing certificate. With this option +only the certificates specified in the \fB\-certfile\fR option are used. +The supplied certificates can still be used as untrusted CAs however. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Do not verify the signers certificate of a signed message. +.IP "\fB\-nochain\fR" 4 +.IX Item "-nochain" +Do not do chain verification of signers certificates: that is don't +use the certificates in the signed message as untrusted CAs. +.IP "\fB\-nosigs\fR" 4 +.IX Item "-nosigs" +Don't try to verify the signatures on the message. +.IP "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +When signing a message the signer's certificate is normally included +with this option it is excluded. This will reduce the size of the +signed message but the verifier must have a copy of the signers certificate +available locally (passed using the \fB\-certfile\fR option for example). +.IP "\fB\-noattr\fR" 4 +.IX Item "-noattr" +Normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. With this +option they are not included. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Normally the input message is converted to \*(L"canonical\*(R" format which is +effectively using \s-1CR\s0 and \s-1LF\s0 as end of line: as required by the S/MIME +specification. When this option is present no translation occurs. This +is useful when handling binary data which may not be in \s-1MIME\s0 format. +.IP "\fB\-crlfeol\fR" 4 +.IX Item "-crlfeol" +Normally the output file uses a single \fB\s-1LF\s0\fR as end of line. When this +option is present \fB\s-1CRLF\s0\fR is used instead. +.IP "\fB\-nodetach\fR" 4 +.IX Item "-nodetach" +When signing a message use opaque signing: this form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. Without this option cleartext signing with +the \s-1MIME\s0 type multipart/signed is used. +.IP "\fB\-certfile file\fR" 4 +.IX Item "-certfile file" +Allows additional certificates to be specified. When signing these will +be included with the message. When verifying these will be searched for +the signers certificates. The certificates should be in \s-1PEM\s0 format. +.IP "\fB\-signer file\fR" 4 +.IX Item "-signer file" +A signing certificate when signing or resigning a message, this option can be +used multiple times if more than one signer is required. If a message is being +verified then the signers certificates will be written to this file if the +verification was successful. +.IP "\fB\-recip file\fR" 4 +.IX Item "-recip file" +The recipients certificate when decrypting a message. This certificate +must match one of the recipients of the message or an error occurs. +.IP "\fB\-inkey file_or_id\fR" 4 +.IX Item "-inkey file_or_id" +The private key to use when signing or decrypting. This must match the +corresponding certificate. If this option is not specified then the +private key must be included in the certificate file specified with +the \fB\-recip\fR or \fB\-signer\fR file. When signing this option can be used +multiple times to specify successive keys. +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The private key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fBcert.pem...\fR" 4 +.IX Item "cert.pem..." +One or more certificates of message recipients: used when encrypting +a message. +.IP "\fB\-to, \-from, \-subject\fR" 4 +.IX Item "-to, -from, -subject" +The relevant mail headers. These are included outside the signed +portion of a message so they may be included manually. If signing +then many S/MIME mail clients check the signers certificate's email +address matches that specified in the From: address. +.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4 +.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict" +Set various options of certificate chain verification. See +\&\fBverify\fR\|(1) manual page for details. +.SH "NOTES" +.IX Header "NOTES" +The \s-1MIME\s0 message must be sent without any blank lines between the +headers and the output. Some mail programs will automatically add +a blank line. Piping the mail directly to sendmail is one way to +achieve the correct format. +.PP +The supplied message to be signed or encrypted must include the +necessary \s-1MIME\s0 headers or many S/MIME clients won't display it +properly (if at all). You can use the \fB\-text\fR option to automatically +add plain text headers. +.PP +A \*(L"signed and encrypted\*(R" message is one where a signed message is +then encrypted. This can be produced by encrypting an already signed +message: see the examples section. +.PP +This version of the program only allows one signer per message but it +will verify multiple signers on received messages. Some S/MIME clients +choke if a message contains multiple signers. It is possible to sign +messages \*(L"in parallel\*(R" by signing an already signed message. +.PP +The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME +clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 +encrypted data is used for other purposes. +.PP +The \fB\-resign\fR option uses an existing message digest when adding a new +signer. This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail. +.PP +The \fB\-stream\fR and \fB\-indef\fR options enable streaming I/O support. +As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding +and no longer \s-1DER.\s0 Streaming is supported for the \fB\-encrypt\fR operation and the +\&\fB\-sign\fR operation if the content is not detached. +.PP +Streaming is always used for the \fB\-sign\fR operation with detached data but +since the content is no longer part of the PKCS#7 structure the encoding +remains \s-1DER.\s0 +.SH "EXIT CODES" +.IX Header "EXIT CODES" +.IP "0" 4 +The operation was completely successfully. +.IP "1" 4 +.IX Item "1" +An error occurred parsing the command options. +.IP "2" 4 +.IX Item "2" +One of the input files could not be read. +.IP "3" 4 +.IX Item "3" +An error occurred creating the PKCS#7 file or when reading the \s-1MIME\s0 +message. +.IP "4" 4 +.IX Item "4" +An error occurred decrypting or verifying the message. +.IP "5" 4 +.IX Item "5" +The message was verified correctly but an error occurred writing out +the signers certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a cleartext signed message: +.PP +.Vb 2 +\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem +.Ve +.PP +Create an opaque signed message: +.PP +.Vb 2 +\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \-nodetach \e +\& \-signer mycert.pem +.Ve +.PP +Create a signed message, include some additional certificates and +read the private key from another file: +.PP +.Vb 2 +\& openssl smime \-sign \-in in.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-inkey mykey.pem \-certfile mycerts.pem +.Ve +.PP +Create a signed message with two signers: +.PP +.Vb 2 +\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-signer othercert.pem +.Ve +.PP +Send a signed message under Unix directly to sendmail, including headers: +.PP +.Vb 3 +\& openssl smime \-sign \-in in.txt \-text \-signer mycert.pem \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed message" | sendmail someone@somewhere +.Ve +.PP +Verify a message and extract the signer's certificate if successful: +.PP +.Vb 1 +\& openssl smime \-verify \-in mail.msg \-signer user.pem \-out signedtext.txt +.Ve +.PP +Send encrypted mail using triple \s-1DES:\s0 +.PP +.Vb 3 +\& openssl smime \-encrypt \-in in.txt \-from steve@openssl.org \e +\& \-to someone@somewhere \-subject "Encrypted message" \e +\& \-des3 user.pem \-out mail.msg +.Ve +.PP +Sign and encrypt mail: +.PP +.Vb 4 +\& openssl smime \-sign \-in ml.txt \-signer my.pem \-text \e +\& | openssl smime \-encrypt \-out mail.msg \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed and Encrypted message" \-des3 user.pem +.Ve +.PP +Note: the encryption command does not include the \fB\-text\fR option because the +message being encrypted already has \s-1MIME\s0 headers. +.PP +Decrypt mail: +.PP +.Vb 1 +\& openssl smime \-decrypt \-in mail.msg \-recip mycert.pem \-inkey key.pem +.Ve +.PP +The output from Netscape form signing is a PKCS#7 structure with the +detached signature format. You can use this program to verify the +signature by line wrapping the base64 encoded structure and surrounding +it with: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PKCS7\-\-\-\-\- +\& \-\-\-\-\-END PKCS7\-\-\-\-\- +.Ve +.PP +and using the command: +.PP +.Vb 1 +\& openssl smime \-verify \-inform PEM \-in signature.pem \-content content.txt +.Ve +.PP +Alternatively you can base64 decode the signature and use: +.PP +.Vb 1 +\& openssl smime \-verify \-inform DER \-in signature.der \-content content.txt +.Ve +.PP +Create an encrypted message using 128 bit Camellia: +.PP +.Vb 1 +\& openssl smime \-encrypt \-in plain.txt \-camellia128 \-out mail.msg cert.pem +.Ve +.PP +Add a signer to an existing message: +.PP +.Vb 1 +\& openssl smime \-resign \-in mail.msg \-signer newsign.pem \-out mail2.msg +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've +thrown at it but it may choke on others. +.PP +The code currently will only write out the signer's certificate to a file: if +the signer has a separate encryption certificate this must be manually +extracted. There should be some heuristic that determines the correct +encryption certificate. +.PP +Ideally a database should be maintained of a certificates for each email +address. +.PP +The code doesn't currently take note of the permitted symmetric encryption +algorithms as supplied in the SMIMECapabilities signed attribute. This means the +user has to manually include the correct encryption algorithm. It should store +the list of permitted ciphers in a database and only use those. +.PP +No revocation checking is done on the signer's certificate. +.PP +The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 +structures may cause parsing errors. +.SH "HISTORY" +.IX Header "HISTORY" +The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first +added in OpenSSL 1.0.0 +.PP +The \-no_alt_chains option was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/speed.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/speed.1 new file mode 100644 index 00000000..8b6998ff --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/speed.1 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SPEED 1" +.TH SPEED 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-speed, speed \- test library performance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl speed\fR +[\fB\-help\fR] +[\fB\-engine id\fR] +[\fB\-elapsed\fR] +[\fB\-evp algo\fR] +[\fB\-decrypt\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-primes num\fR] +[\fB\-seconds num\fR] +[\fB\-bytes num\fR] +[\fBalgorithm...\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to test the performance of cryptographic algorithms. +To see the list of supported algorithms, use the \fIlist \-\-digest\-commands\fR +or \fIlist \-\-cipher\-commands\fR command. The global \s-1CSPRNG\s0 is denoted by +the \fIrand\fR algorithm name. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBspeed\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-elapsed\fR" 4 +.IX Item "-elapsed" +When calculating operations\- or bytes-per-second, use wall-clock time +instead of \s-1CPU\s0 user time as divisor. It can be useful when testing speed +of hardware engines. +.IP "\fB\-evp algo\fR" 4 +.IX Item "-evp algo" +Use the specified cipher or message digest algorithm via the \s-1EVP\s0 interface. +If \fBalgo\fR is an \s-1AEAD\s0 cipher, then you can pass <\-aead> to benchmark a +TLS-like sequence. And if \fBalgo\fR is a multi-buffer capable cipher, e.g. +aes\-128\-cbc\-hmac\-sha1, then \fB\-mb\fR will time multi-buffer operation. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Time the decryption instead of encryption. Affects only the \s-1EVP\s0 testing. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-primes num\fR" 4 +.IX Item "-primes num" +Generate a \fBnum\fR\-prime \s-1RSA\s0 key and use it to run the benchmarks. This option +is only effective if \s-1RSA\s0 algorithm is specified to test. +.IP "\fB\-seconds num\fR" 4 +.IX Item "-seconds num" +Run benchmarks for \fBnum\fR seconds. +.IP "\fB\-bytes num\fR" 4 +.IX Item "-bytes num" +Run benchmarks on \fBnum\fR\-byte buffers. Affects ciphers, digests and the \s-1CSPRNG.\s0 +.IP "\fB[zero or more test algorithms]\fR" 4 +.IX Item "[zero or more test algorithms]" +If any options are given, \fBspeed\fR tests those algorithms, otherwise a +pre-compiled grand selection is tested. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/spkac.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/spkac.1 new file mode 100644 index 00000000..f5691003 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/spkac.1 @@ -0,0 +1,274 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SPKAC 1" +.TH SPKAC 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-spkac, spkac \- SPKAC printing and generating utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBspkac\fR +[\fB\-help\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-key keyfile\fR] +[\fB\-keyform PEM|DER|ENGINE\fR] +[\fB\-passin arg\fR] +[\fB\-challenge string\fR] +[\fB\-pubkey\fR] +[\fB\-spkac spkacname\fR] +[\fB\-spksect section\fR] +[\fB\-noout\fR] +[\fB\-verify\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBspkac\fR command processes Netscape signed public key and challenge +(\s-1SPKAC\s0) files. It can print out their contents, verify the signature and +produce its own SPKACs from a supplied private key. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read from or standard input if this +option is not specified. Ignored if the \fB\-key\fR option is used. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-key keyfile\fR" 4 +.IX Item "-key keyfile" +Create an \s-1SPKAC\s0 file using the private key in \fBkeyfile\fR. The +\&\fB\-in\fR, \fB\-noout\fR, \fB\-spksect\fR and \fB\-verify\fR options are ignored if +present. +.IP "\fB\-keyform PEM|DER|ENGINE\fR" 4 +.IX Item "-keyform PEM|DER|ENGINE" +Whether the key format is \s-1PEM, DER,\s0 or an engine-backed key. +The default is \s-1PEM.\s0 +.IP "\fB\-passin password\fR" 4 +.IX Item "-passin password" +The input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-challenge string\fR" 4 +.IX Item "-challenge string" +Specifies the challenge string if an \s-1SPKAC\s0 is being created. +.IP "\fB\-spkac spkacname\fR" 4 +.IX Item "-spkac spkacname" +Allows an alternative name form the variable containing the +\&\s-1SPKAC.\s0 The default is \*(L"\s-1SPKAC\*(R".\s0 This option affects both +generated and input \s-1SPKAC\s0 files. +.IP "\fB\-spksect section\fR" 4 +.IX Item "-spksect section" +Allows an alternative name form the section containing the +\&\s-1SPKAC.\s0 The default is the default section. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the text version of the \s-1SPKAC\s0 (not used if an +\&\s-1SPKAC\s0 is being created). +.IP "\fB\-pubkey\fR" 4 +.IX Item "-pubkey" +Output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is +being created). +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verifies the digital signature on the supplied \s-1SPKAC.\s0 +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBspkac\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Print out the contents of an \s-1SPKAC:\s0 +.PP +.Vb 1 +\& openssl spkac \-in spkac.cnf +.Ve +.PP +Verify the signature of an \s-1SPKAC:\s0 +.PP +.Vb 1 +\& openssl spkac \-in spkac.cnf \-noout \-verify +.Ve +.PP +Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R": +.PP +.Vb 1 +\& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf +.Ve +.PP +Example of an \s-1SPKAC,\s0 (long lines split up for clarity): +.PP +.Vb 6 +\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\e +\& 1cCoq2Wa3Ixs47uI7FPVwHVIPDx5yso105Y6zpozam135a\e +\& 8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03uPFoQIDAQAB\e +\& FgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJ\e +\& h1bEIYuc2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnD\e +\& dq+NQ3F+X4deMx9AaEglZtULwV4= +.Ve +.SH "NOTES" +.IX Header "NOTES" +A created \s-1SPKAC\s0 with suitable \s-1DN\s0 components appended can be fed into +the \fBca\fR utility. +.PP +SPKACs are typically generated by Netscape when a form is submitted +containing the \fB\s-1KEYGEN\s0\fR tag as part of the certificate enrollment +process. +.PP +The challenge string permits a primitive form of proof of possession +of private key. By checking the \s-1SPKAC\s0 signature and a random challenge +string some guarantee is given that the user knows the private key +corresponding to the public key being certified. This is important in +some applications. Without this it is possible for a previous \s-1SPKAC\s0 +to be used in a \*(L"replay attack\*(R". +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBca\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/srp.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/srp.1 new file mode 100644 index 00000000..7ad993d1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/srp.1 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SRP 1" +.TH SRP 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-srp, srp \- maintain SRP password file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl srp\fR +[\fB\-help\fR] +[\fB\-verbose\fR] +[\fB\-add\fR] +[\fB\-modify\fR] +[\fB\-delete\fR] +[\fB\-list\fR] +[\fB\-name section\fR] +[\fB\-config file\fR] +[\fB\-srpvfile file\fR] +[\fB\-gn identifier\fR] +[\fB\-userinfo text...\fR] +[\fB\-passin arg\fR] +[\fB\-passout arg\fR] +[\fIuser...\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBsrp\fR command is user to maintain an \s-1SRP\s0 (secure remote password) +file. +At most one of the \fB\-add\fR, \fB\-modify\fR, \fB\-delete\fR, and \fB\-list\fR options +can be specified. +These options take zero or more usernames as parameters and perform the +appropriate operation on the \s-1SRP\s0 file. +For \fB\-list\fR, if no \fBuser\fR is given then all users are displayed. +.PP +The configuration file to use, and the section within the file, can be +specified with the \fB\-config\fR and \fB\-name\fR flags, respectively. +If the config file is not specified, the \fB\-srpvfile\fR can be used to +just specify the file to operate on. +.PP +The \fB\-userinfo\fR option specifies additional information to add when +adding or modifying a user. +.PP +The \fB\-gn\fR flag specifies the \fBg\fR and \fBN\fR values, using one of +the strengths defined in \s-1IETF RFC 5054.\s0 +.PP +The \fB\-passin\fR and \fB\-passout\fR arguments are parsed as described in +the \fBopenssl\fR\|(1) command. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "[\fB\-help\fR]" 4 +.IX Item "[-help]" +Display an option summary. +.IP "[\fB\-verbose\fR]" 4 +.IX Item "[-verbose]" +Generate verbose output while processing. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/storeutl.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/storeutl.1 new file mode 100644 index 00000000..a15a3fc6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/storeutl.1 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "STOREUTL 1" +.TH STOREUTL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-storeutl, storeutl \- STORE utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBstoreutl\fR +[\fB\-help\fR] +[\fB\-out file\fR] +[\fB\-noout\fR] +[\fB\-passin arg\fR] +[\fB\-text arg\fR] +[\fB\-engine id\fR] +[\fB\-r\fR] +[\fB\-certs\fR] +[\fB\-keys\fR] +[\fB\-crls\fR] +[\fB\-subject arg\fR] +[\fB\-issuer arg\fR] +[\fB\-serial arg\fR] +[\fB\-alias arg\fR] +[\fB\-fingerprint arg\fR] +[\fB\-\f(BIdigest\fB\fR] +\&\fBuri\fR ... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBstoreutl\fR command can be used to display the contents (after decryption +as the case may be) fetched from the given URIs. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +specifies the output filename to write to or standard output by +default. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +this option prevents output of the \s-1PEM\s0 data. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +the key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the objects in text form, similarly to the \fB\-text\fR output from +\&\fBopenssl x509\fR, \fBopenssl pkey\fR, etc. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +specifying an engine (by its unique \fBid\fR string) will cause \fBstoreutl\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. +The engine will then be set as the default for all available algorithms. +.IP "\fB\-r\fR" 4 +.IX Item "-r" +Fetch objects recursively when possible. +.IP "\fB\-certs\fR" 4 +.IX Item "-certs" +.PD 0 +.IP "\fB\-keys\fR" 4 +.IX Item "-keys" +.IP "\fB\-crls\fR" 4 +.IX Item "-crls" +.PD +Only select the certificates, keys or CRLs from the given \s-1URI.\s0 +However, if this \s-1URI\s0 would return a set of names (URIs), those are always +returned. +.IP "\fB\-subject arg\fR" 4 +.IX Item "-subject arg" +Search for an object having the subject name \fBarg\fR. +The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR. +Keyword characters may be escaped by \e (backslash), and whitespace is retained. +Empty values are permitted but are ignored for the search. That is, +a search with an empty value will have the same effect as not specifying +the type at all. +.IP "\fB\-issuer arg\fR" 4 +.IX Item "-issuer arg" +.PD 0 +.IP "\fB\-serial arg\fR" 4 +.IX Item "-serial arg" +.PD +Search for an object having the given issuer name and serial number. +These two options \fImust\fR be used together. +The issuer arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR, +characters may be escaped by \e (backslash), no spaces are skipped. +The serial arg may be specified as a decimal value or a hex value if preceded +by \fB0x\fR. +.IP "\fB\-alias arg\fR" 4 +.IX Item "-alias arg" +Search for an object having the given alias. +.IP "\fB\-fingerprint arg\fR" 4 +.IX Item "-fingerprint arg" +Search for an object having the given fingerprint. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +The digest that was used to compute the fingerprint given with \fB\-fingerprint\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBopenssl\fR \fBstoreutl\fR app was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ts.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ts.1 new file mode 100644 index 00000000..e7d59eb3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/ts.1 @@ -0,0 +1,727 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "TS 1" +.TH TS 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ts, ts \- Time Stamping Authority tool (client/server) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBts\fR +\&\fB\-query\fR +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-config\fR configfile] +[\fB\-data\fR file_to_hash] +[\fB\-digest\fR digest_bytes] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-tspolicy\fR object_id] +[\fB\-no_nonce\fR] +[\fB\-cert\fR] +[\fB\-in\fR request.tsq] +[\fB\-out\fR request.tsq] +[\fB\-text\fR] +.PP +\&\fBopenssl\fR \fBts\fR +\&\fB\-reply\fR +[\fB\-config\fR configfile] +[\fB\-section\fR tsa_section] +[\fB\-queryfile\fR request.tsq] +[\fB\-passin\fR password_src] +[\fB\-signer\fR tsa_cert.pem] +[\fB\-inkey\fR file_or_id] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-chain\fR certs_file.pem] +[\fB\-tspolicy\fR object_id] +[\fB\-in\fR response.tsr] +[\fB\-token_in\fR] +[\fB\-out\fR response.tsr] +[\fB\-token_out\fR] +[\fB\-text\fR] +[\fB\-engine\fR id] +.PP +\&\fBopenssl\fR \fBts\fR +\&\fB\-verify\fR +[\fB\-data\fR file_to_hash] +[\fB\-digest\fR digest_bytes] +[\fB\-queryfile\fR request.tsq] +[\fB\-in\fR response.tsr] +[\fB\-token_in\fR] +[\fB\-CApath\fR trusted_cert_path] +[\fB\-CAfile\fR trusted_certs.pem] +[\fB\-untrusted\fR cert_file.pem] +[\fIverify options\fR] +.PP +\&\fIverify options:\fR +[\-attime timestamp] +[\-check_ss_sig] +[\-crl_check] +[\-crl_check_all] +[\-explicit_policy] +[\-extended_crl] +[\-ignore_critical] +[\-inhibit_any] +[\-inhibit_map] +[\-issuer_checks] +[\-no_alt_chains] +[\-no_check_time] +[\-partial_chain] +[\-policy arg] +[\-policy_check] +[\-policy_print] +[\-purpose purpose] +[\-suiteB_128] +[\-suiteB_128_only] +[\-suiteB_192] +[\-trusted_first] +[\-use_deltas] +[\-auth_level num] +[\-verify_depth num] +[\-verify_email email] +[\-verify_hostname hostname] +[\-verify_ip ip] +[\-verify_name name] +[\-x509_strict] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBts\fR command is a basic Time Stamping Authority (\s-1TSA\s0) client and server +application as specified in \s-1RFC 3161\s0 (Time-Stamp Protocol, \s-1TSP\s0). A +\&\s-1TSA\s0 can be part of a \s-1PKI\s0 deployment and its role is to provide long +term proof of the existence of a certain datum before a particular +time. Here is a brief description of the protocol: +.IP "1." 4 +The \s-1TSA\s0 client computes a one-way hash value for a data file and sends +the hash to the \s-1TSA.\s0 +.IP "2." 4 +The \s-1TSA\s0 attaches the current date and time to the received hash value, +signs them and sends the time stamp token back to the client. By +creating this token the \s-1TSA\s0 certifies the existence of the original +data file at the time of response generation. +.IP "3." 4 +The \s-1TSA\s0 client receives the time stamp token and verifies the +signature on it. It also checks if the token contains the same hash +value that it had sent to the \s-1TSA.\s0 +.PP +There is one \s-1DER\s0 encoded protocol data unit defined for transporting a time +stamp request to the \s-1TSA\s0 and one for sending the time stamp response +back to the client. The \fBts\fR command has three main functions: +creating a time stamp request based on a data file, +creating a time stamp response based on a request, verifying if a +response corresponds to a particular request or a data file. +.PP +There is no support for sending the requests/responses automatically +over \s-1HTTP\s0 or \s-1TCP\s0 yet as suggested in \s-1RFC 3161.\s0 The users must send the +requests either by ftp or e\-mail. +.SH "OPTIONS" +.IX Header "OPTIONS" +.SS "Time Stamp Request generation" +.IX Subsection "Time Stamp Request generation" +The \fB\-query\fR switch can be used for creating and printing a time stamp +request with the following options: +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-config\fR configfile" 4 +.IX Item "-config configfile" +The configuration file to use. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). +.IP "\fB\-data\fR file_to_hash" 4 +.IX Item "-data file_to_hash" +The data file for which the time stamp request needs to be +created. stdin is the default if neither the \fB\-data\fR nor the \fB\-digest\fR +parameter is specified. (Optional) +.IP "\fB\-digest\fR digest_bytes" 4 +.IX Item "-digest digest_bytes" +It is possible to specify the message imprint explicitly without the data +file. The imprint must be specified in a hexadecimal format, two characters +per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or +1AF601...). The number of bytes must match the message digest algorithm +in use. (Optional) +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +The message digest to apply to the data file. +Any digest supported by the OpenSSL \fBdgst\fR command can be used. +The default is \s-1SHA\-1.\s0 (Optional) +.IP "\fB\-tspolicy\fR object_id" 4 +.IX Item "-tspolicy object_id" +The policy that the client expects the \s-1TSA\s0 to use for creating the +time stamp token. Either the dotted \s-1OID\s0 notation or \s-1OID\s0 names defined +in the config file can be used. If no policy is requested the \s-1TSA\s0 will +use its own default policy. (Optional) +.IP "\fB\-no_nonce\fR" 4 +.IX Item "-no_nonce" +No nonce is specified in the request if this option is +given. Otherwise a 64 bit long pseudo-random none is +included in the request. It is recommended to use nonce to +protect against replay-attacks. (Optional) +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +The \s-1TSA\s0 is expected to include its signing certificate in the +response. (Optional) +.IP "\fB\-in\fR request.tsq" 4 +.IX Item "-in request.tsq" +This option specifies a previously created time stamp request in \s-1DER\s0 +format that will be printed into the output file. Useful when you need +to examine the content of a request in human-readable +format. (Optional) +.IP "\fB\-out\fR request.tsq" 4 +.IX Item "-out request.tsq" +Name of the output file to which the request will be written. Default +is stdout. (Optional) +.IP "\fB\-text\fR" 4 +.IX Item "-text" +If this option is specified the output is human-readable text format +instead of \s-1DER.\s0 (Optional) +.SS "Time Stamp Response generation" +.IX Subsection "Time Stamp Response generation" +A time stamp response (TimeStampResp) consists of a response status +and the time stamp token itself (ContentInfo), if the token generation was +successful. The \fB\-reply\fR command is for creating a time stamp +response or time stamp token based on a request and printing the +response/token in human-readable format. If \fB\-token_out\fR is not +specified the output is always a time stamp response (TimeStampResp), +otherwise it is a time stamp token (ContentInfo). +.IP "\fB\-config\fR configfile" 4 +.IX Item "-config configfile" +The configuration file to use. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). +See \fB\s-1CONFIGURATION FILE OPTIONS\s0\fR for configurable variables. +.IP "\fB\-section\fR tsa_section" 4 +.IX Item "-section tsa_section" +The name of the config file section containing the settings for the +response generation. If not specified the default \s-1TSA\s0 section is +used, see \fB\s-1CONFIGURATION FILE OPTIONS\s0\fR for details. (Optional) +.IP "\fB\-queryfile\fR request.tsq" 4 +.IX Item "-queryfile request.tsq" +The name of the file containing a \s-1DER\s0 encoded time stamp request. (Optional) +.IP "\fB\-passin\fR password_src" 4 +.IX Item "-passin password_src" +Specifies the password source for the private key of the \s-1TSA.\s0 See +\&\fB\s-1PASS PHRASE ARGUMENTS\s0\fR in \fBopenssl\fR\|(1). (Optional) +.IP "\fB\-signer\fR tsa_cert.pem" 4 +.IX Item "-signer tsa_cert.pem" +The signer certificate of the \s-1TSA\s0 in \s-1PEM\s0 format. The \s-1TSA\s0 signing +certificate must have exactly one extended key usage assigned to it: +timeStamping. The extended key usage must also be critical, otherwise +the certificate is going to be refused. Overrides the \fBsigner_cert\fR +variable of the config file. (Optional) +.IP "\fB\-inkey\fR file_or_id" 4 +.IX Item "-inkey file_or_id" +The signer private key of the \s-1TSA\s0 in \s-1PEM\s0 format. Overrides the +\&\fBsigner_key\fR config file option. (Optional) +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +Signing digest to use. Overrides the \fBsigner_digest\fR config file +option. (Mandatory unless specified in the config file) +.IP "\fB\-chain\fR certs_file.pem" 4 +.IX Item "-chain certs_file.pem" +The collection of certificates in \s-1PEM\s0 format that will all +be included in the response in addition to the signer certificate if +the \fB\-cert\fR option was used for the request. This file is supposed to +contain the certificate chain for the signer certificate from its +issuer upwards. The \fB\-reply\fR command does not build a certificate +chain automatically. (Optional) +.IP "\fB\-tspolicy\fR object_id" 4 +.IX Item "-tspolicy object_id" +The default policy to use for the response unless the client +explicitly requires a particular \s-1TSA\s0 policy. The \s-1OID\s0 can be specified +either in dotted notation or with its name. Overrides the +\&\fBdefault_policy\fR config file option. (Optional) +.IP "\fB\-in\fR response.tsr" 4 +.IX Item "-in response.tsr" +Specifies a previously created time stamp response or time stamp token +(if \fB\-token_in\fR is also specified) in \s-1DER\s0 format that will be written +to the output file. This option does not require a request, it is +useful e.g. when you need to examine the content of a response or +token or you want to extract the time stamp token from a response. If +the input is a token and the output is a time stamp response a default +\&'granted' status info is added to the token. (Optional) +.IP "\fB\-token_in\fR" 4 +.IX Item "-token_in" +This flag can be used together with the \fB\-in\fR option and indicates +that the input is a \s-1DER\s0 encoded time stamp token (ContentInfo) instead +of a time stamp response (TimeStampResp). (Optional) +.IP "\fB\-out\fR response.tsr" 4 +.IX Item "-out response.tsr" +The response is written to this file. The format and content of the +file depends on other options (see \fB\-text\fR, \fB\-token_out\fR). The default is +stdout. (Optional) +.IP "\fB\-token_out\fR" 4 +.IX Item "-token_out" +The output is a time stamp token (ContentInfo) instead of time stamp +response (TimeStampResp). (Optional) +.IP "\fB\-text\fR" 4 +.IX Item "-text" +If this option is specified the output is human-readable text format +instead of \s-1DER.\s0 (Optional) +.IP "\fB\-engine\fR id" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBts\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. Default is builtin. (Optional) +.SS "Time Stamp Response verification" +.IX Subsection "Time Stamp Response verification" +The \fB\-verify\fR command is for verifying if a time stamp response or time +stamp token is valid and matches a particular time stamp request or +data file. The \fB\-verify\fR command does not use the configuration file. +.IP "\fB\-data\fR file_to_hash" 4 +.IX Item "-data file_to_hash" +The response or token must be verified against file_to_hash. The file +is hashed with the message digest algorithm specified in the token. +The \fB\-digest\fR and \fB\-queryfile\fR options must not be specified with this one. +(Optional) +.IP "\fB\-digest\fR digest_bytes" 4 +.IX Item "-digest digest_bytes" +The response or token must be verified against the message digest specified +with this option. The number of bytes must match the message digest algorithm +specified in the token. The \fB\-data\fR and \fB\-queryfile\fR options must not be +specified with this one. (Optional) +.IP "\fB\-queryfile\fR request.tsq" 4 +.IX Item "-queryfile request.tsq" +The original time stamp request in \s-1DER\s0 format. The \fB\-data\fR and \fB\-digest\fR +options must not be specified with this one. (Optional) +.IP "\fB\-in\fR response.tsr" 4 +.IX Item "-in response.tsr" +The time stamp response that needs to be verified in \s-1DER\s0 format. (Mandatory) +.IP "\fB\-token_in\fR" 4 +.IX Item "-token_in" +This flag can be used together with the \fB\-in\fR option and indicates +that the input is a \s-1DER\s0 encoded time stamp token (ContentInfo) instead +of a time stamp response (TimeStampResp). (Optional) +.IP "\fB\-CApath\fR trusted_cert_path" 4 +.IX Item "-CApath trusted_cert_path" +The name of the directory containing the trusted \s-1CA\s0 certificates of the +client. See the similar option of \fBverify\fR\|(1) for additional +details. Either this option or \fB\-CAfile\fR must be specified. (Optional) +.IP "\fB\-CAfile\fR trusted_certs.pem" 4 +.IX Item "-CAfile trusted_certs.pem" +The name of the file containing a set of trusted self-signed \s-1CA\s0 +certificates in \s-1PEM\s0 format. See the similar option of +\&\fBverify\fR\|(1) for additional details. Either this option +or \fB\-CApath\fR must be specified. +(Optional) +.IP "\fB\-untrusted\fR cert_file.pem" 4 +.IX Item "-untrusted cert_file.pem" +Set of additional untrusted certificates in \s-1PEM\s0 format which may be +needed when building the certificate chain for the \s-1TSA\s0's signing +certificate. This file must contain the \s-1TSA\s0 signing certificate and +all intermediate \s-1CA\s0 certificates unless the response includes them. +(Optional) +.IP "\fIverify options\fR" 4 +.IX Item "verify options" +The options \fB\-attime timestamp\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, +\&\fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, +\&\fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-issuer_checks\fR, \fB\-no_alt_chains\fR, +\&\fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, +\&\fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, +\&\fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, +\&\fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, +\&\fB\-verify_name\fR, and \fB\-x509_strict\fR can be used to control timestamp +verification. See \fBverify\fR\|(1). +.SH "CONFIGURATION FILE OPTIONS" +.IX Header "CONFIGURATION FILE OPTIONS" +The \fB\-query\fR and \fB\-reply\fR commands make use of a configuration file. +See \fBconfig\fR\|(5) +for a general description of the syntax of the config file. The +\&\fB\-query\fR command uses only the symbolic \s-1OID\s0 names section +and it can work without it. However, the \fB\-reply\fR command needs the +config file for its operation. +.PP +When there is a command line switch equivalent of a variable the +switch always overrides the settings in the config file. +.IP "\fBtsa\fR section, \fBdefault_tsa\fR" 4 +.IX Item "tsa section, default_tsa" +This is the main section and it specifies the name of another section +that contains all the options for the \fB\-reply\fR command. This default +section can be overridden with the \fB\-section\fR command line switch. (Optional) +.IP "\fBoid_file\fR" 4 +.IX Item "oid_file" +See \fBca\fR\|(1) for description. (Optional) +.IP "\fBoid_section\fR" 4 +.IX Item "oid_section" +See \fBca\fR\|(1) for description. (Optional) +.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +See \fBca\fR\|(1) for description. (Optional) +.IP "\fBserial\fR" 4 +.IX Item "serial" +The name of the file containing the hexadecimal serial number of the +last time stamp response created. This number is incremented by 1 for +each response. If the file does not exist at the time of response +generation a new file is created with serial number 1. (Mandatory) +.IP "\fBcrypto_device\fR" 4 +.IX Item "crypto_device" +Specifies the OpenSSL engine that will be set as the default for +all available algorithms. The default value is builtin, you can specify +any other engines supported by OpenSSL (e.g. use chil for the NCipher \s-1HSM\s0). +(Optional) +.IP "\fBsigner_cert\fR" 4 +.IX Item "signer_cert" +\&\s-1TSA\s0 signing certificate in \s-1PEM\s0 format. The same as the \fB\-signer\fR +command line option. (Optional) +.IP "\fBcerts\fR" 4 +.IX Item "certs" +A file containing a set of \s-1PEM\s0 encoded certificates that need to be +included in the response. The same as the \fB\-chain\fR command line +option. (Optional) +.IP "\fBsigner_key\fR" 4 +.IX Item "signer_key" +The private key of the \s-1TSA\s0 in \s-1PEM\s0 format. The same as the \fB\-inkey\fR +command line option. (Optional) +.IP "\fBsigner_digest\fR" 4 +.IX Item "signer_digest" +Signing digest to use. The same as the +\&\fB\-\f(BIdigest\fB\fR command line option. (Mandatory unless specified on the command +line) +.IP "\fBdefault_policy\fR" 4 +.IX Item "default_policy" +The default policy to use when the request does not mandate any +policy. The same as the \fB\-tspolicy\fR command line option. (Optional) +.IP "\fBother_policies\fR" 4 +.IX Item "other_policies" +Comma separated list of policies that are also acceptable by the \s-1TSA\s0 +and used only if the request explicitly specifies one of them. (Optional) +.IP "\fBdigests\fR" 4 +.IX Item "digests" +The list of message digest algorithms that the \s-1TSA\s0 accepts. At least +one algorithm must be specified. (Mandatory) +.IP "\fBaccuracy\fR" 4 +.IX Item "accuracy" +The accuracy of the time source of the \s-1TSA\s0 in seconds, milliseconds +and microseconds. E.g. secs:1, millisecs:500, microsecs:100. If any of +the components is missing zero is assumed for that field. (Optional) +.IP "\fBclock_precision_digits\fR" 4 +.IX Item "clock_precision_digits" +Specifies the maximum number of digits, which represent the fraction of +seconds, that need to be included in the time field. The trailing zeroes +must be removed from the time, so there might actually be fewer digits, +or no fraction of seconds at all. Supported only on \s-1UNIX\s0 platforms. +The maximum value is 6, default is 0. +(Optional) +.IP "\fBordering\fR" 4 +.IX Item "ordering" +If this option is yes the responses generated by this \s-1TSA\s0 can always +be ordered, even if the time difference between two responses is less +than the sum of their accuracies. Default is no. (Optional) +.IP "\fBtsa_name\fR" 4 +.IX Item "tsa_name" +Set this option to yes if the subject name of the \s-1TSA\s0 must be included in +the \s-1TSA\s0 name field of the response. Default is no. (Optional) +.IP "\fBess_cert_id_chain\fR" 4 +.IX Item "ess_cert_id_chain" +The SignedData objects created by the \s-1TSA\s0 always contain the +certificate identifier of the signing certificate in a signed +attribute (see \s-1RFC 2634,\s0 Enhanced Security Services). If this option +is set to yes and either the \fBcerts\fR variable or the \fB\-chain\fR option +is specified then the certificate identifiers of the chain will also +be included in the SigningCertificate signed attribute. If this +variable is set to no, only the signing certificate identifier is +included. Default is no. (Optional) +.IP "\fBess_cert_id_alg\fR" 4 +.IX Item "ess_cert_id_alg" +This option specifies the hash function to be used to calculate the \s-1TSA\s0's +public key certificate identifier. Default is sha1. (Optional) +.SH "EXAMPLES" +.IX Header "EXAMPLES" +All the examples below presume that \fB\s-1OPENSSL_CONF\s0\fR is set to a proper +configuration file, e.g. the example configuration file +openssl/apps/openssl.cnf will do. +.SS "Time Stamp Request" +.IX Subsection "Time Stamp Request" +To create a time stamp request for design1.txt with \s-1SHA\-1\s0 +without nonce and policy and no certificate is required in the response: +.PP +.Vb 2 +\& openssl ts \-query \-data design1.txt \-no_nonce \e +\& \-out design1.tsq +.Ve +.PP +To create a similar time stamp request with specifying the message imprint +explicitly: +.PP +.Vb 2 +\& openssl ts \-query \-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e +\& \-no_nonce \-out design1.tsq +.Ve +.PP +To print the content of the previous request in human readable format: +.PP +.Vb 1 +\& openssl ts \-query \-in design1.tsq \-text +.Ve +.PP +To create a time stamp request which includes the \s-1MD\-5\s0 digest +of design2.txt, requests the signer certificate and nonce, +specifies a policy id (assuming the tsa_policy1 name is defined in the +\&\s-1OID\s0 section of the config file): +.PP +.Vb 2 +\& openssl ts \-query \-data design2.txt \-md5 \e +\& \-tspolicy tsa_policy1 \-cert \-out design2.tsq +.Ve +.SS "Time Stamp Response" +.IX Subsection "Time Stamp Response" +Before generating a response a signing certificate must be created for +the \s-1TSA\s0 that contains the \fBtimeStamping\fR critical extended key usage extension +without any other key usage extensions. You can add this line to the +user certificate section of the config file to generate a proper certificate; +.PP +.Vb 1 +\& extendedKeyUsage = critical,timeStamping +.Ve +.PP +See \fBreq\fR\|(1), \fBca\fR\|(1), and \fBx509\fR\|(1) for instructions. The examples +below assume that cacert.pem contains the certificate of the \s-1CA,\s0 +tsacert.pem is the signing certificate issued by cacert.pem and +tsakey.pem is the private key of the \s-1TSA.\s0 +.PP +To create a time stamp response for a request: +.PP +.Vb 2 +\& openssl ts \-reply \-queryfile design1.tsq \-inkey tsakey.pem \e +\& \-signer tsacert.pem \-out design1.tsr +.Ve +.PP +If you want to use the settings in the config file you could just write: +.PP +.Vb 1 +\& openssl ts \-reply \-queryfile design1.tsq \-out design1.tsr +.Ve +.PP +To print a time stamp reply to stdout in human readable format: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1.tsr \-text +.Ve +.PP +To create a time stamp token instead of time stamp response: +.PP +.Vb 1 +\& openssl ts \-reply \-queryfile design1.tsq \-out design1_token.der \-token_out +.Ve +.PP +To print a time stamp token to stdout in human readable format: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1_token.der \-token_in \-text \-token_out +.Ve +.PP +To extract the time stamp token from a response: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1.tsr \-out design1_token.der \-token_out +.Ve +.PP +To add 'granted' status info to a time stamp token thereby creating a +valid response: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1_token.der \-token_in \-out design1.tsr +.Ve +.SS "Time Stamp Verification" +.IX Subsection "Time Stamp Verification" +To verify a time stamp reply against a request: +.PP +.Vb 2 +\& openssl ts \-verify \-queryfile design1.tsq \-in design1.tsr \e +\& \-CAfile cacert.pem \-untrusted tsacert.pem +.Ve +.PP +To verify a time stamp reply that includes the certificate chain: +.PP +.Vb 2 +\& openssl ts \-verify \-queryfile design2.tsq \-in design2.tsr \e +\& \-CAfile cacert.pem +.Ve +.PP +To verify a time stamp token against the original data file: + openssl ts \-verify \-data design2.txt \-in design2.tsr \e + \-CAfile cacert.pem +.PP +To verify a time stamp token against a message imprint: + openssl ts \-verify \-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e + \-in design2.tsr \-CAfile cacert.pem +.PP +You could also look at the 'test' directory for more examples. +.SH "BUGS" +.IX Header "BUGS" +.IP "\(bu" 2 +No support for time stamps over \s-1SMTP,\s0 though it is quite easy +to implement an automatic e\-mail based \s-1TSA\s0 with \fBprocmail\fR\|(1) +and \fBperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of +a separate apache module. \s-1HTTP\s0 client support is provided by +\&\fBtsget\fR\|(1). Pure \s-1TCP/IP\s0 protocol is not supported. +.IP "\(bu" 2 +The file containing the last serial number of the \s-1TSA\s0 is not +locked when being read or written. This is a problem if more than one +instance of \fBopenssl\fR\|(1) is trying to create a time stamp +response at the same time. This is not an issue when using the apache +server module, it does proper locking. +.IP "\(bu" 2 +Look for the \s-1FIXME\s0 word in the source files. +.IP "\(bu" 2 +The source code should really be reviewed by somebody else, too. +.IP "\(bu" 2 +More testing is needed, I have done only some basic tests (see +test/testtsa). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBtsget\fR\|(1), \fBopenssl\fR\|(1), \fBreq\fR\|(1), +\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBconfig\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/tsget.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/tsget.1 new file mode 100644 index 00000000..4129953d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/tsget.1 @@ -0,0 +1,325 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "TSGET 1" +.TH TSGET 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-tsget, tsget \- Time Stamping HTTP/HTTPS client +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBtsget\fR +\&\fB\-h\fR server_url +[\fB\-e\fR extension] +[\fB\-o\fR output] +[\fB\-v\fR] +[\fB\-d\fR] +[\fB\-k\fR private_key.pem] +[\fB\-p\fR key_password] +[\fB\-c\fR client_cert.pem] +[\fB\-C\fR CA_certs.pem] +[\fB\-P\fR CA_path] +[\fB\-r\fR file:file...] +[\fB\-g\fR EGD_socket] +[request]... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBtsget\fR command can be used for sending a time stamp request, as +specified in \fB\s-1RFC 3161\s0\fR, to a time stamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing +the time stamp response in a file. This tool cannot be used for creating the +requests and verifying responses, you can use the OpenSSL \fB\fBts\fB\|(1)\fR command to +do that. \fBtsget\fR can send several requests to the server without closing +the \s-1TCP\s0 connection if more than one requests are specified on the command +line. +.PP +The tool sends the following \s-1HTTP\s0 request for each time stamp request: +.PP +.Vb 7 +\& POST url HTTP/1.1 +\& User\-Agent: OpenTSA tsget.pl/ +\& Host: : +\& Pragma: no\-cache +\& Content\-Type: application/timestamp\-query +\& Accept: application/timestamp\-reply +\& Content\-Length: length of body +\& +\& ...binary request specified by the user... +.Ve +.PP +\&\fBtsget\fR expects a response of type application/timestamp\-reply, which is +written to a file without any interpretation. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-h\fR server_url" 4 +.IX Item "-h server_url" +The \s-1URL\s0 of the \s-1HTTP/HTTPS\s0 server listening for time stamp requests. +.IP "\fB\-e\fR extension" 4 +.IX Item "-e extension" +If the \fB\-o\fR option is not given this argument specifies the extension of the +output files. The base name of the output file will be the same as those of +the input files. Default extension is '.tsr'. (Optional) +.IP "\fB\-o\fR output" 4 +.IX Item "-o output" +This option can be specified only when just one request is sent to the +server. The time stamp response will be written to the given output file. '\-' +means standard output. In case of multiple time stamp requests or the absence +of this argument the names of the output files will be derived from the names +of the input files and the default or specified extension argument. (Optional) +.IP "\fB\-v\fR" 4 +.IX Item "-v" +The name of the currently processed request is printed on standard +error. (Optional) +.IP "\fB\-d\fR" 4 +.IX Item "-d" +Switches on verbose mode for the underlying \fBcurl\fR library. You can see +detailed debug messages for the connection. (Optional) +.IP "\fB\-k\fR private_key.pem" 4 +.IX Item "-k private_key.pem" +(\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS\s0 + must contain the private key of the user. The private key +file can optionally be protected by a passphrase. The \fB\-c\fR option must also +be specified. (Optional) +.IP "\fB\-p\fR key_password" 4 +.IX Item "-p key_password" +(\s-1HTTPS\s0) Specifies the passphrase for the private key specified by the \fB\-k\fR +argument. If this option is omitted and the key is passphrase protected \fBtsget\fR +will ask for it. (Optional) +.IP "\fB\-c\fR client_cert.pem" 4 +.IX Item "-c client_cert.pem" +(\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS\s0 + must contain the X.509 certificate of the user. The \fB\-k\fR +option must also be specified. If this option is not specified no +certificate-based client authentication will take place. (Optional) +.IP "\fB\-C\fR CA_certs.pem" 4 +.IX Item "-C CA_certs.pem" +(\s-1HTTPS\s0) The trusted \s-1CA\s0 certificate store. The certificate chain of the peer's +certificate must include one of the \s-1CA\s0 certificates specified in this file. +Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS.\s0 (Optional) +.IP "\fB\-P\fR CA_path" 4 +.IX Item "-P CA_path" +(\s-1HTTPS\s0) The path containing the trusted \s-1CA\s0 certificates to verify the peer's +certificate. The directory must be prepared with the \fBc_rehash\fR +OpenSSL utility. Either option \fB\-C\fR or option \fB\-P\fR must be given in case of +\&\s-1HTTPS.\s0 (Optional) +.IP "\fB\-rand\fR file:file..." 4 +.IX Item "-rand file:file..." +The files containing random data for seeding the random number +generator. Multiple files can be specified, the separator is \fB;\fR for +MS-Windows, \fB,\fR for \s-1VMS\s0 and \fB:\fR for all other platforms. (Optional) +.IP "\fB\-g\fR EGD_socket" 4 +.IX Item "-g EGD_socket" +The name of an \s-1EGD\s0 socket to get random data from. (Optional) +.IP "[request]..." 4 +.IX Item "[request]..." +List of files containing \fB\s-1RFC 3161\s0\fR DER-encoded time stamp requests. If no +requests are specified only one request will be sent to the server and it will be +read from the standard input. (Optional) +.SH "ENVIRONMENT VARIABLES" +.IX Header "ENVIRONMENT VARIABLES" +The \fB\s-1TSGET\s0\fR environment variable can optionally contain default +arguments. The content of this variable is added to the list of command line +arguments. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The examples below presume that \fBfile1.tsq\fR and \fBfile2.tsq\fR contain valid +time stamp requests, tsa.opentsa.org listens at port 8080 for \s-1HTTP\s0 requests +and at port 8443 for \s-1HTTPS\s0 requests, the \s-1TSA\s0 service is available at the /tsa +absolute path. +.PP +Get a time stamp response for file1.tsq over \s-1HTTP,\s0 output is written to +file1.tsr: +.PP +.Vb 1 +\& tsget \-h http://tsa.opentsa.org:8080/tsa file1.tsq +.Ve +.PP +Get a time stamp response for file1.tsq and file2.tsq over \s-1HTTP\s0 showing +progress, output is written to file1.reply and file2.reply respectively: +.PP +.Vb 2 +\& tsget \-h http://tsa.opentsa.org:8080/tsa \-v \-e .reply \e +\& file1.tsq file2.tsq +.Ve +.PP +Create a time stamp request, write it to file3.tsq, send it to the server and +write the response to file3.tsr: +.PP +.Vb 3 +\& openssl ts \-query \-data file3.txt \-cert | tee file3.tsq \e +\& | tsget \-h http://tsa.opentsa.org:8080/tsa \e +\& \-o file3.tsr +.Ve +.PP +Get a time stamp response for file1.tsq over \s-1HTTPS\s0 without client +authentication: +.PP +.Vb 2 +\& tsget \-h https://tsa.opentsa.org:8443/tsa \e +\& \-C cacerts.pem file1.tsq +.Ve +.PP +Get a time stamp response for file1.tsq over \s-1HTTPS\s0 with certificate-based +client authentication (it will ask for the passphrase if client_key.pem is +protected): +.PP +.Vb 2 +\& tsget \-h https://tsa.opentsa.org:8443/tsa \-C cacerts.pem \e +\& \-k client_key.pem \-c client_cert.pem file1.tsq +.Ve +.PP +You can shorten the previous command line if you make use of the \fB\s-1TSGET\s0\fR +environment variable. The following commands do the same as the previous +example: +.PP +.Vb 4 +\& TSGET=\*(Aq\-h https://tsa.opentsa.org:8443/tsa \-C cacerts.pem \e +\& \-k client_key.pem \-c client_cert.pem\*(Aq +\& export TSGET +\& tsget file1.tsq +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\fR\|(1), \fBts\fR\|(1), \fBcurl\fR\|(1), +\&\fB\s-1RFC 3161\s0\fR +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/verify.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/verify.1 new file mode 100644 index 00000000..65b07720 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/verify.1 @@ -0,0 +1,780 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "VERIFY 1" +.TH VERIFY 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-verify, verify \- Utility to verify certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBverify\fR +[\fB\-help\fR] +[\fB\-CAfile file\fR] +[\fB\-CApath directory\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime timestamp\fR] +[\fB\-check_ss_sig\fR] +[\fB\-CRLfile file\fR] +[\fB\-crl_download\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-engine id\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-nameopt option\fR] +[\fB\-no_check_time\fR] +[\fB\-partial_chain\fR] +[\fB\-policy arg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose purpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-untrusted file\fR] +[\fB\-trusted file\fR] +[\fB\-use_deltas\fR] +[\fB\-verbose\fR] +[\fB\-auth_level level\fR] +[\fB\-verify_depth num\fR] +[\fB\-verify_email email\fR] +[\fB\-verify_hostname hostname\fR] +[\fB\-verify_ip ip\fR] +[\fB\-verify_name name\fR] +[\fB\-x509_strict\fR] +[\fB\-show_chain\fR] +[\fB\-\fR] +[certificates] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBverify\fR command verifies certificate chains. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +A \fBfile\fR of trusted certificates. +The file should contain one or more certificates in \s-1PEM\s0 format. +.IP "\fB\-CApath directory\fR" 4 +.IX Item "-CApath directory" +A directory of trusted certificates. The certificates should have names +of the form: hash.0 or have symbolic links to them of this +form (\*(L"hash\*(R" is the hashed certificate subject name: see the \fB\-hash\fR option +of the \fBx509\fR utility). Under Unix the \fBc_rehash\fR script will automatically +create symbolic links to a directory of certificates. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location. +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location. +.IP "\fB\-allow_proxy_certs\fR" 4 +.IX Item "-allow_proxy_certs" +Allow the verification of proxy certificates. +.IP "\fB\-attime timestamp\fR" 4 +.IX Item "-attime timestamp" +Perform validation checks using time specified by \fBtimestamp\fR and not +current system time. \fBtimestamp\fR is the number of seconds since +01.01.1970 (\s-1UNIX\s0 time). +.IP "\fB\-check_ss_sig\fR" 4 +.IX Item "-check_ss_sig" +Verify the signature on the self-signed root \s-1CA.\s0 This is disabled by default +because it doesn't add any security. +.IP "\fB\-CRLfile file\fR" 4 +.IX Item "-CRLfile file" +The \fBfile\fR should contain one or more CRLs in \s-1PEM\s0 format. +This option can be specified more than once to include CRLs from multiple +\&\fBfiles\fR. +.IP "\fB\-crl_download\fR" 4 +.IX Item "-crl_download" +Attempt to download \s-1CRL\s0 information for this certificate. +.IP "\fB\-crl_check\fR" 4 +.IX Item "-crl_check" +Checks end entity certificate validity by attempting to look up a valid \s-1CRL.\s0 +If a valid \s-1CRL\s0 cannot be found an error occurs. +.IP "\fB\-crl_check_all\fR" 4 +.IX Item "-crl_check_all" +Checks the validity of \fBall\fR certificates in the chain by attempting +to look up valid CRLs. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine \fBid\fR will cause \fBverify\fR\|(1) to attempt to load the +specified engine. +The engine will then be set as the default for all its supported algorithms. +If you want to load certificates or CRLs that require engine support via any of +the \fB\-trusted\fR, \fB\-untrusted\fR or \fB\-CRLfile\fR options, the \fB\-engine\fR option +must be specified before those options. +.IP "\fB\-explicit_policy\fR" 4 +.IX Item "-explicit_policy" +Set policy variable require-explicit-policy (see \s-1RFC5280\s0). +.IP "\fB\-extended_crl\fR" 4 +.IX Item "-extended_crl" +Enable extended \s-1CRL\s0 features such as indirect CRLs and alternate \s-1CRL\s0 +signing keys. +.IP "\fB\-ignore_critical\fR" 4 +.IX Item "-ignore_critical" +Normally if an unhandled critical extension is present which is not +supported by OpenSSL the certificate is rejected (as required by \s-1RFC5280\s0). +If this option is set critical extensions are ignored. +.IP "\fB\-inhibit_any\fR" 4 +.IX Item "-inhibit_any" +Set policy variable inhibit-any-policy (see \s-1RFC5280\s0). +.IP "\fB\-inhibit_map\fR" 4 +.IX Item "-inhibit_map" +Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0). +.IP "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +Option which determines how the subject or issuer names are displayed. The +\&\fBoption\fR argument can be a single option or multiple options separated by +commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to +set multiple options. See the \fBx509\fR\|(1) manual page for details. +.IP "\fB\-no_check_time\fR" 4 +.IX Item "-no_check_time" +This option suppresses checking the validity period of certificates and CRLs +against the current time. If option \fB\-attime timestamp\fR is used to specify +a verification time, the check is not suppressed. +.IP "\fB\-partial_chain\fR" 4 +.IX Item "-partial_chain" +Allow verification to succeed even if a \fIcomplete\fR chain cannot be built to a +self-signed trust-anchor, provided it is possible to construct a chain to a +trusted certificate that might not be self-signed. +.IP "\fB\-policy arg\fR" 4 +.IX Item "-policy arg" +Enable policy processing and add \fBarg\fR to the user-initial-policy-set (see +\&\s-1RFC5280\s0). The policy \fBarg\fR can be an object name an \s-1OID\s0 in numeric form. +This argument can appear more than once. +.IP "\fB\-policy_check\fR" 4 +.IX Item "-policy_check" +Enables certificate policy processing. +.IP "\fB\-policy_print\fR" 4 +.IX Item "-policy_print" +Print out diagnostics related to policy processing. +.IP "\fB\-purpose purpose\fR" 4 +.IX Item "-purpose purpose" +The intended use for the certificate. If this option is not specified, +\&\fBverify\fR will not consider certificate purpose during chain verification. +Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, \fBnssslserver\fR, +\&\fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY OPERATION\s0\fR section for more +information. +.IP "\fB\-suiteB_128_only\fR, \fB\-suiteB_128\fR, \fB\-suiteB_192\fR" 4 +.IX Item "-suiteB_128_only, -suiteB_128, -suiteB_192" +Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or +192 bit, or only 192 bit Level of Security respectively. +See \s-1RFC6460\s0 for details. In particular the supported signature algorithms are +reduced to support only \s-1ECDSA\s0 and \s-1SHA256\s0 or \s-1SHA384\s0 and only the elliptic curves +P\-256 and P\-384. +.IP "\fB\-trusted_first\fR" 4 +.IX Item "-trusted_first" +When constructing the certificate chain, use the trusted certificates specified +via \fB\-CAfile\fR, \fB\-CApath\fR or \fB\-trusted\fR before any certificates specified via +\&\fB\-untrusted\fR. +This can be useful in environments with Bridge or Cross-Certified CAs. +As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. +.IP "\fB\-no_alt_chains\fR" 4 +.IX Item "-no_alt_chains" +By default, unless \fB\-trusted_first\fR is specified, when building a certificate +chain, if the first certificate chain found is not trusted, then OpenSSL will +attempt to replace untrusted issuer certificates with certificates from the +trust store to see if an alternative chain can be found that is trusted. +As of OpenSSL 1.1.0, with \fB\-trusted_first\fR always on, this option has no +effect. +.IP "\fB\-untrusted file\fR" 4 +.IX Item "-untrusted file" +A \fBfile\fR of additional untrusted certificates (intermediate issuer CAs) used +to construct a certificate chain from the subject certificate to a trust-anchor. +The \fBfile\fR should contain one or more certificates in \s-1PEM\s0 format. +This option can be specified more than once to include untrusted certificates +from multiple \fBfiles\fR. +.IP "\fB\-trusted file\fR" 4 +.IX Item "-trusted file" +A \fBfile\fR of trusted certificates, which must be self-signed, unless the +\&\fB\-partial_chain\fR option is specified. +The \fBfile\fR contains one or more certificates in \s-1PEM\s0 format. +With this option, no additional (e.g., default) certificate lists are +consulted. +That is, the only trust-anchors are those listed in \fBfile\fR. +This option can be specified more than once to include trusted certificates +from multiple \fBfiles\fR. +This option implies the \fB\-no\-CAfile\fR and \fB\-no\-CApath\fR options. +This option cannot be used in combination with either of the \fB\-CAfile\fR or +\&\fB\-CApath\fR options. +.IP "\fB\-use_deltas\fR" 4 +.IX Item "-use_deltas" +Enable support for delta CRLs. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra information about the operations being performed. +.IP "\fB\-auth_level level\fR" 4 +.IX Item "-auth_level level" +Set the certificate chain authentication security level to \fBlevel\fR. +The authentication security level determines the acceptable signature and +public key strength when verifying certificate chains. +For a certificate chain to validate, the public keys of all the certificates +must meet the specified security \fBlevel\fR. +The signature algorithm security level is enforced for all the certificates in +the chain except for the chain's \fItrust anchor\fR, which is either directly +trusted or validated by means other than its signature. +See \fBSSL_CTX_set_security_level\fR\|(3) for the definitions of the available +levels. +The default security level is \-1, or \*(L"not set\*(R". +At security level 0 or lower all algorithms are acceptable. +Security level 1 requires at least 80\-bit\-equivalent security and is broadly +interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 keys +shorter than 1024 bits. +.IP "\fB\-verify_depth num\fR" 4 +.IX Item "-verify_depth num" +Limit the certificate chain to \fBnum\fR intermediate \s-1CA\s0 certificates. +A maximal depth chain can have up to \fBnum+2\fR certificates, since neither the +end-entity certificate nor the trust-anchor certificate count against the +\&\fB\-verify_depth\fR limit. +.IP "\fB\-verify_email email\fR" 4 +.IX Item "-verify_email email" +Verify if the \fBemail\fR matches the email address in Subject Alternative Name or +the email in the subject Distinguished Name. +.IP "\fB\-verify_hostname hostname\fR" 4 +.IX Item "-verify_hostname hostname" +Verify if the \fBhostname\fR matches \s-1DNS\s0 name in Subject Alternative Name or +Common Name in the subject certificate. +.IP "\fB\-verify_ip ip\fR" 4 +.IX Item "-verify_ip ip" +Verify if the \fBip\fR matches the \s-1IP\s0 address in Subject Alternative Name of +the subject certificate. +.IP "\fB\-verify_name name\fR" 4 +.IX Item "-verify_name name" +Use default verification policies like trust model and required certificate +policies identified by \fBname\fR. +The trust model determines which auxiliary trust or reject OIDs are applicable +to verifying the given certificate chain. +See the \fB\-addtrust\fR and \fB\-addreject\fR options of the \fBx509\fR\|(1) command-line +utility. +Supported policy names include: \fBdefault\fR, \fBpkcs7\fR, \fBsmime_sign\fR, +\&\fBssl_client\fR, \fBssl_server\fR. +These mimics the combinations of purpose and trust settings used in \s-1SSL, CMS\s0 +and S/MIME. +As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not +specified, so the \fB\-verify_name\fR options are functionally equivalent to the +corresponding \fB\-purpose\fR settings. +.IP "\fB\-x509_strict\fR" 4 +.IX Item "-x509_strict" +For strict X.509 compliance, disable non-compliant workarounds for broken +certificates. +.IP "\fB\-show_chain\fR" 4 +.IX Item "-show_chain" +Display information about the certificate chain that has been built (if +successful). Certificates in the chain that came from the untrusted list will be +flagged as \*(L"untrusted\*(R". +.IP "\fB\-\fR" 4 +.IX Item "-" +Indicates the last option. All arguments following this are assumed to be +certificate files. This is useful if the first certificate filename begins +with a \fB\-\fR. +.IP "\fBcertificates\fR" 4 +.IX Item "certificates" +One or more certificates to verify. If no certificates are given, \fBverify\fR +will attempt to read a certificate from standard input. Certificates must be +in \s-1PEM\s0 format. +.SH "VERIFY OPERATION" +.IX Header "VERIFY OPERATION" +The \fBverify\fR program uses the same functions as the internal \s-1SSL\s0 and S/MIME +verification, therefore this description applies to these verify operations +too. +.PP +There is one crucial difference between the verify operations performed +by the \fBverify\fR program: wherever possible an attempt is made to continue +after an error whereas normally the verify operation would halt on the +first error. This allows all the problems with a certificate chain to be +determined. +.PP +The verify operation consists of a number of separate steps. +.PP +Firstly a certificate chain is built up starting from the supplied certificate +and ending in the root \s-1CA.\s0 +It is an error if the whole chain cannot be built up. +The chain is built up by looking up the issuers certificate of the current +certificate. +If a certificate is found which is its own issuer it is assumed to be the root +\&\s-1CA.\s0 +.PP +The process of 'looking up the issuers certificate' itself involves a number of +steps. +After all certificates whose subject name matches the issuer name of the current +certificate are subject to further tests. +The relevant authority key identifier components of the current certificate (if +present) must match the subject key identifier (if present) and issuer and +serial number of the candidate issuer, in addition the keyUsage extension of +the candidate issuer (if present) must permit certificate signing. +.PP +The lookup first looks in the list of untrusted certificates and if no match +is found the remaining lookups are from the trusted certificates. The root \s-1CA\s0 +is always looked up in the trusted certificate list: if the certificate to +verify is a root certificate then an exact match must be found in the trusted +list. +.PP +The second operation is to check every untrusted certificate's extensions for +consistency with the supplied purpose. If the \fB\-purpose\fR option is not included +then no checks are done. The supplied or \*(L"leaf\*(R" certificate must have extensions +compatible with the supplied purpose and all other certificates must also be valid +\&\s-1CA\s0 certificates. The precise extensions required are described in more detail in +the \fB\s-1CERTIFICATE EXTENSIONS\s0\fR section of the \fBx509\fR utility. +.PP +The third operation is to check the trust settings on the root \s-1CA.\s0 The root \s-1CA\s0 +should be trusted for the supplied purpose. +For compatibility with previous versions of OpenSSL, a certificate with no +trust settings is considered to be valid for all purposes. +.PP +The final operation is to check the validity of the certificate chain. The validity +period is checked against the current system time and the notBefore and notAfter +dates in the certificate. The certificate signatures are also checked at this +point. +.PP +If all operations complete successfully then certificate is considered valid. If +any operation fails then the certificate is not valid. +.SH "DIAGNOSTICS" +.IX Header "DIAGNOSTICS" +When a verify operation fails the output messages can be somewhat cryptic. The +general form of the error message is: +.PP +.Vb 2 +\& server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) +\& error 24 at 1 depth lookup:invalid CA certificate +.Ve +.PP +The first line contains the name of the certificate being verified followed by +the subject name of the certificate. The second line contains the error number +and the depth. The depth is number of the certificate being verified when a +problem was detected starting with zero for the certificate being verified itself +then 1 for the \s-1CA\s0 that signed the certificate and so on. Finally a text version +of the error number is presented. +.PP +A partial list of the error codes and messages is shown below, this also +includes the name of the error code as defined in the header file x509_vfy.h +Some of the error codes are defined but never returned: these are described +as \*(L"unused\*(R". +.IP "\fBX509_V_OK\fR" 4 +.IX Item "X509_V_OK" +The operation was successful. +.IP "\fBX509_V_ERR_UNSPECIFIED\fR" 4 +.IX Item "X509_V_ERR_UNSPECIFIED" +Unspecified error; should not happen. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT" +The issuer certificate of a looked up certificate could not be found. This +normally means the list of trusted certificates is not complete. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL" +The \s-1CRL\s0 of a certificate could not be found. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE" +The certificate signature could not be decrypted. This means that the +actual signature value could not be determined rather than it not matching +the expected value, this is only meaningful for \s-1RSA\s0 keys. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE" +The \s-1CRL\s0 signature could not be decrypted: this means that the actual +signature value could not be determined rather than it not matching the +expected value. Unused. +.IP "\fBX509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY" +The public key in the certificate SubjectPublicKeyInfo could not be read. +.IP "\fBX509_V_ERR_CERT_SIGNATURE_FAILURE\fR" 4 +.IX Item "X509_V_ERR_CERT_SIGNATURE_FAILURE" +The signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CRL_SIGNATURE_FAILURE\fR" 4 +.IX Item "X509_V_ERR_CRL_SIGNATURE_FAILURE" +The signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CERT_NOT_YET_VALID\fR" 4 +.IX Item "X509_V_ERR_CERT_NOT_YET_VALID" +The certificate is not yet valid: the notBefore date is after the +current time. +.IP "\fBX509_V_ERR_CERT_HAS_EXPIRED\fR" 4 +.IX Item "X509_V_ERR_CERT_HAS_EXPIRED" +The certificate has expired: that is the notAfter date is before the +current time. +.IP "\fBX509_V_ERR_CRL_NOT_YET_VALID\fR" 4 +.IX Item "X509_V_ERR_CRL_NOT_YET_VALID" +The \s-1CRL\s0 is not yet valid. +.IP "\fBX509_V_ERR_CRL_HAS_EXPIRED\fR" 4 +.IX Item "X509_V_ERR_CRL_HAS_EXPIRED" +The \s-1CRL\s0 has expired. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD" +The certificate notBefore field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD" +The certificate notAfter field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD" +The \s-1CRL\s0 lastUpdate field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD" +The \s-1CRL\s0 nextUpdate field contains an invalid time. +.IP "\fBX509_V_ERR_OUT_OF_MEM\fR" 4 +.IX Item "X509_V_ERR_OUT_OF_MEM" +An error occurred trying to allocate memory. This should never happen. +.IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT\fR" 4 +.IX Item "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT" +The passed certificate is self-signed and the same certificate cannot +be found in the list of trusted certificates. +.IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN\fR" 4 +.IX Item "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN" +The certificate chain could be built up using the untrusted certificates +but the root could not be found locally. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY" +The issuer certificate could not be found: this occurs if the issuer +certificate of an untrusted certificate cannot be found. +.IP "\fBX509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE" +No signatures could be verified because the chain contains only one +certificate and it is not self signed. +.IP "\fBX509_V_ERR_CERT_CHAIN_TOO_LONG\fR" 4 +.IX Item "X509_V_ERR_CERT_CHAIN_TOO_LONG" +The certificate chain length is greater than the supplied maximum +depth. Unused. +.IP "\fBX509_V_ERR_CERT_REVOKED\fR" 4 +.IX Item "X509_V_ERR_CERT_REVOKED" +The certificate has been revoked. +.IP "\fBX509_V_ERR_INVALID_CA\fR" 4 +.IX Item "X509_V_ERR_INVALID_CA" +A \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions +are not consistent with the supplied purpose. +.IP "\fBX509_V_ERR_PATH_LENGTH_EXCEEDED\fR" 4 +.IX Item "X509_V_ERR_PATH_LENGTH_EXCEEDED" +The basicConstraints pathlength parameter has been exceeded. +.IP "\fBX509_V_ERR_INVALID_PURPOSE\fR" 4 +.IX Item "X509_V_ERR_INVALID_PURPOSE" +The supplied certificate cannot be used for the specified purpose. +.IP "\fBX509_V_ERR_CERT_UNTRUSTED\fR" 4 +.IX Item "X509_V_ERR_CERT_UNTRUSTED" +The root \s-1CA\s0 is not marked as trusted for the specified purpose. +.IP "\fBX509_V_ERR_CERT_REJECTED\fR" 4 +.IX Item "X509_V_ERR_CERT_REJECTED" +The root \s-1CA\s0 is marked to reject the specified purpose. +.IP "\fBX509_V_ERR_SUBJECT_ISSUER_MISMATCH\fR" 4 +.IX Item "X509_V_ERR_SUBJECT_ISSUER_MISMATCH" +Not used as of OpenSSL 1.1.0 as a result of the deprecation of the +\&\fB\-issuer_checks\fR option. +.IP "\fBX509_V_ERR_AKID_SKID_MISMATCH\fR" 4 +.IX Item "X509_V_ERR_AKID_SKID_MISMATCH" +Not used as of OpenSSL 1.1.0 as a result of the deprecation of the +\&\fB\-issuer_checks\fR option. +.IP "\fBX509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH\fR" 4 +.IX Item "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH" +Not used as of OpenSSL 1.1.0 as a result of the deprecation of the +\&\fB\-issuer_checks\fR option. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_CERTSIGN\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_CERTSIGN" +Not used as of OpenSSL 1.1.0 as a result of the deprecation of the +\&\fB\-issuer_checks\fR option. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL_ISSUER\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER" +Unable to get \s-1CRL\s0 issuer certificate. +.IP "\fBX509_V_ERR_UNHANDLED_CRITICAL_EXTENSION\fR" 4 +.IX Item "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION" +Unhandled critical extension. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_CRL_SIGN\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN" +Key usage does not include \s-1CRL\s0 signing. +.IP "\fBX509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION\fR" 4 +.IX Item "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION" +Unhandled critical \s-1CRL\s0 extension. +.IP "\fBX509_V_ERR_INVALID_NON_CA\fR" 4 +.IX Item "X509_V_ERR_INVALID_NON_CA" +Invalid non-CA certificate has \s-1CA\s0 markings. +.IP "\fBX509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED\fR" 4 +.IX Item "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED" +Proxy path length constraint exceeded. +.IP "\fBX509_V_ERR_PROXY_SUBJECT_INVALID\fR" 4 +.IX Item "X509_V_ERR_PROXY_SUBJECT_INVALID" +Proxy certificate subject is invalid. It \s-1MUST\s0 be the same as the issuer +with a single \s-1CN\s0 component added. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE" +Key usage does not include digital signature. +.IP "\fBX509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED\fR" 4 +.IX Item "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED" +Proxy certificates not allowed, please use \fB\-allow_proxy_certs\fR. +.IP "\fBX509_V_ERR_INVALID_EXTENSION\fR" 4 +.IX Item "X509_V_ERR_INVALID_EXTENSION" +Invalid or inconsistent certificate extension. +.IP "\fBX509_V_ERR_INVALID_POLICY_EXTENSION\fR" 4 +.IX Item "X509_V_ERR_INVALID_POLICY_EXTENSION" +Invalid or inconsistent certificate policy extension. +.IP "\fBX509_V_ERR_NO_EXPLICIT_POLICY\fR" 4 +.IX Item "X509_V_ERR_NO_EXPLICIT_POLICY" +No explicit policy. +.IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE\fR" 4 +.IX Item "X509_V_ERR_DIFFERENT_CRL_SCOPE" +Different \s-1CRL\s0 scope. +.IP "\fBX509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE" +Unsupported extension feature. +.IP "\fBX509_V_ERR_UNNESTED_RESOURCE\fR" 4 +.IX Item "X509_V_ERR_UNNESTED_RESOURCE" +\&\s-1RFC 3779\s0 resource not subset of parent's resources. +.IP "\fBX509_V_ERR_PERMITTED_VIOLATION\fR" 4 +.IX Item "X509_V_ERR_PERMITTED_VIOLATION" +Permitted subtree violation. +.IP "\fBX509_V_ERR_EXCLUDED_VIOLATION\fR" 4 +.IX Item "X509_V_ERR_EXCLUDED_VIOLATION" +Excluded subtree violation. +.IP "\fBX509_V_ERR_SUBTREE_MINMAX\fR" 4 +.IX Item "X509_V_ERR_SUBTREE_MINMAX" +Name constraints minimum and maximum not supported. +.IP "\fBX509_V_ERR_APPLICATION_VERIFICATION\fR" 4 +.IX Item "X509_V_ERR_APPLICATION_VERIFICATION" +Application verification failure. Unused. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE" +Unsupported name constraint type. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX" +Unsupported or invalid name constraint syntax. +.IP "\fBX509_V_ERR_UNSUPPORTED_NAME_SYNTAX\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX" +Unsupported or invalid name syntax. +.IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR\fR" 4 +.IX Item "X509_V_ERR_CRL_PATH_VALIDATION_ERROR" +\&\s-1CRL\s0 path validation error. +.IP "\fBX509_V_ERR_PATH_LOOP\fR" 4 +.IX Item "X509_V_ERR_PATH_LOOP" +Path loop. +.IP "\fBX509_V_ERR_SUITE_B_INVALID_VERSION\fR" 4 +.IX Item "X509_V_ERR_SUITE_B_INVALID_VERSION" +Suite B: certificate version invalid. +.IP "\fBX509_V_ERR_SUITE_B_INVALID_ALGORITHM\fR" 4 +.IX Item "X509_V_ERR_SUITE_B_INVALID_ALGORITHM" +Suite B: invalid public key algorithm. +.IP "\fBX509_V_ERR_SUITE_B_INVALID_CURVE\fR" 4 +.IX Item "X509_V_ERR_SUITE_B_INVALID_CURVE" +Suite B: invalid \s-1ECC\s0 curve. +.IP "\fBX509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM\fR" 4 +.IX Item "X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM" +Suite B: invalid signature algorithm. +.IP "\fBX509_V_ERR_SUITE_B_LOS_NOT_ALLOWED\fR" 4 +.IX Item "X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED" +Suite B: curve not allowed for this \s-1LOS.\s0 +.IP "\fBX509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256\fR" 4 +.IX Item "X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256" +Suite B: cannot sign P\-384 with P\-256. +.IP "\fBX509_V_ERR_HOSTNAME_MISMATCH\fR" 4 +.IX Item "X509_V_ERR_HOSTNAME_MISMATCH" +Hostname mismatch. +.IP "\fBX509_V_ERR_EMAIL_MISMATCH\fR" 4 +.IX Item "X509_V_ERR_EMAIL_MISMATCH" +Email address mismatch. +.IP "\fBX509_V_ERR_IP_ADDRESS_MISMATCH\fR" 4 +.IX Item "X509_V_ERR_IP_ADDRESS_MISMATCH" +\&\s-1IP\s0 address mismatch. +.IP "\fBX509_V_ERR_DANE_NO_MATCH\fR" 4 +.IX Item "X509_V_ERR_DANE_NO_MATCH" +\&\s-1DANE TLSA\s0 authentication is enabled, but no \s-1TLSA\s0 records matched the +certificate chain. +This error is only possible in \fBs_client\fR\|(1). +.IP "\fBX509_V_ERR_EE_KEY_TOO_SMALL\fR" 4 +.IX Item "X509_V_ERR_EE_KEY_TOO_SMALL" +\&\s-1EE\s0 certificate key too weak. +.IP "\fBX509_ERR_CA_KEY_TOO_SMALL\fR" 4 +.IX Item "X509_ERR_CA_KEY_TOO_SMALL" +\&\s-1CA\s0 certificate key too weak. +.IP "\fBX509_ERR_CA_MD_TOO_WEAK\fR" 4 +.IX Item "X509_ERR_CA_MD_TOO_WEAK" +\&\s-1CA\s0 signature digest algorithm too weak. +.IP "\fBX509_V_ERR_INVALID_CALL\fR" 4 +.IX Item "X509_V_ERR_INVALID_CALL" +nvalid certificate verification context. +.IP "\fBX509_V_ERR_STORE_LOOKUP\fR" 4 +.IX Item "X509_V_ERR_STORE_LOOKUP" +Issuer certificate lookup error. +.IP "\fBX509_V_ERR_NO_VALID_SCTS\fR" 4 +.IX Item "X509_V_ERR_NO_VALID_SCTS" +Certificate Transparency required, but no valid SCTs found. +.IP "\fBX509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION\fR" 4 +.IX Item "X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION" +Proxy subject name violation. +.IP "\fBX509_V_ERR_OCSP_VERIFY_NEEDED\fR" 4 +.IX Item "X509_V_ERR_OCSP_VERIFY_NEEDED" +Returned by the verify callback to indicate an \s-1OCSP\s0 verification is needed. +.IP "\fBX509_V_ERR_OCSP_VERIFY_FAILED\fR" 4 +.IX Item "X509_V_ERR_OCSP_VERIFY_FAILED" +Returned by the verify callback to indicate \s-1OCSP\s0 verification failed. +.IP "\fBX509_V_ERR_OCSP_CERT_UNKNOWN\fR" 4 +.IX Item "X509_V_ERR_OCSP_CERT_UNKNOWN" +Returned by the verify callback to indicate that the certificate is not recognized +by the \s-1OCSP\s0 responder. +.SH "BUGS" +.IX Header "BUGS" +Although the issuer checks are a considerable improvement over the old +technique they still suffer from limitations in the underlying X509_LOOKUP +\&\s-1API.\s0 One consequence of this is that trusted certificates with matching +subject name must either appear in a file (as specified by the \fB\-CAfile\fR +option) or a directory (as specified by \fB\-CApath\fR). If they occur in +both then only the certificates in the file will be recognised. +.PP +Previous versions of OpenSSL assume certificates with matching subject +name are identical and mishandled them. +.PP +Previous versions of this documentation swapped the meaning of the +\&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT\fR and +\&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY\fR error codes. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBx509\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-show_chain\fR option was added in OpenSSL 1.1.0. +.PP +The \fB\-issuer_checks\fR option is deprecated as of OpenSSL 1.1.0 and +is silently ignored. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/version.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/version.1 new file mode 100644 index 00000000..909783b5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/version.1 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "VERSION 1" +.TH VERSION 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-version, version \- print OpenSSL version information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl version\fR +[\fB\-help\fR] +[\fB\-a\fR] +[\fB\-v\fR] +[\fB\-b\fR] +[\fB\-o\fR] +[\fB\-f\fR] +[\fB\-p\fR] +[\fB\-d\fR] +[\fB\-e\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to print out version information about OpenSSL. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-a\fR" 4 +.IX Item "-a" +All information, this is the same as setting all the other flags. +.IP "\fB\-v\fR" 4 +.IX Item "-v" +The current OpenSSL version. +.IP "\fB\-b\fR" 4 +.IX Item "-b" +The date the current version of OpenSSL was built. +.IP "\fB\-o\fR" 4 +.IX Item "-o" +Option information: various options set when the library was built. +.IP "\fB\-f\fR" 4 +.IX Item "-f" +Compilation flags. +.IP "\fB\-p\fR" 4 +.IX Item "-p" +Platform setting. +.IP "\fB\-d\fR" 4 +.IX Item "-d" +\&\s-1OPENSSLDIR\s0 setting. +.IP "\fB\-e\fR" 4 +.IX Item "-e" +\&\s-1ENGINESDIR\s0 setting. +.SH "NOTES" +.IX Header "NOTES" +The output of \fBopenssl version \-a\fR would typically be used when sending +in a bug report. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/x509.1 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/x509.1 new file mode 100644 index 00000000..a493207e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man1/x509.1 @@ -0,0 +1,955 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509 1" +.TH X509 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-x509, x509 \- Certificate display and signing utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBx509\fR +[\fB\-help\fR] +[\fB\-inform DER|PEM\fR] +[\fB\-outform DER|PEM\fR] +[\fB\-keyform DER|PEM|ENGINE\fR] +[\fB\-CAform DER|PEM\fR] +[\fB\-CAkeyform DER|PEM\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-serial\fR] +[\fB\-hash\fR] +[\fB\-subject_hash\fR] +[\fB\-issuer_hash\fR] +[\fB\-ocspid\fR] +[\fB\-subject\fR] +[\fB\-issuer\fR] +[\fB\-nameopt option\fR] +[\fB\-email\fR] +[\fB\-ocsp_uri\fR] +[\fB\-startdate\fR] +[\fB\-enddate\fR] +[\fB\-purpose\fR] +[\fB\-dates\fR] +[\fB\-checkend num\fR] +[\fB\-modulus\fR] +[\fB\-pubkey\fR] +[\fB\-fingerprint\fR] +[\fB\-alias\fR] +[\fB\-noout\fR] +[\fB\-trustout\fR] +[\fB\-clrtrust\fR] +[\fB\-clrreject\fR] +[\fB\-addtrust arg\fR] +[\fB\-addreject arg\fR] +[\fB\-setalias arg\fR] +[\fB\-days arg\fR] +[\fB\-set_serial n\fR] +[\fB\-signkey arg\fR] +[\fB\-passin arg\fR] +[\fB\-x509toreq\fR] +[\fB\-req\fR] +[\fB\-CA filename\fR] +[\fB\-CAkey filename\fR] +[\fB\-CAcreateserial\fR] +[\fB\-CAserial filename\fR] +[\fB\-force_pubkey key\fR] +[\fB\-text\fR] +[\fB\-ext extensions\fR] +[\fB\-certopt option\fR] +[\fB\-C\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-clrext\fR] +[\fB\-extfile filename\fR] +[\fB\-extensions section\fR] +[\fB\-sigopt nm:v\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-engine id\fR] +[\fB\-preserve_dates\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBx509\fR command is a multi purpose certificate utility. It can be +used to display certificate information, convert certificates to +various forms, sign certificate requests like a \*(L"mini \s-1CA\*(R"\s0 or edit +certificate trust settings. +.PP +Since there are a large number of options they will split up into +various sections. +.SH "OPTIONS" +.IX Header "OPTIONS" +.SS "Input, Output, and General Purpose Options" +.IX Subsection "Input, Output, and General Purpose Options" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format normally the command will expect an X509 +certificate but this can change if other options such as \fB\-req\fR are +present. The \s-1DER\s0 format is the \s-1DER\s0 encoding of the certificate and \s-1PEM\s0 +is the base64 encoding of the \s-1DER\s0 encoding with header and footer lines +added. The default format is \s-1PEM.\s0 +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a certificate from or standard input +if this option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write to or standard output by +default. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +The digest to use. +This affects any signing or display option that uses a message +digest, such as the \fB\-fingerprint\fR, \fB\-signkey\fR and \fB\-CA\fR options. +Any digest supported by the OpenSSL \fBdgst\fR command can be used. +If not specified then \s-1SHA1\s0 is used with \fB\-fingerprint\fR or +the default digest for the signing algorithm is used, typically \s-1SHA256.\s0 +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBx509\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-preserve_dates\fR" 4 +.IX Item "-preserve_dates" +When signing a certificate, preserve the \*(L"notBefore\*(R" and \*(L"notAfter\*(R" dates instead +of adjusting them to current time and duration. Cannot be used with the \fB\-days\fR option. +.SS "Display Options" +.IX Subsection "Display Options" +Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options +but are described in the \fB\s-1TRUST SETTINGS\s0\fR section. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the certificate in text form. Full details are output including the +public key, signature algorithms, issuer and subject names, serial number +any extensions present and any trust settings. +.IP "\fB\-ext extensions\fR" 4 +.IX Item "-ext extensions" +Prints out the certificate extensions in text form. Extensions are specified +with a comma separated string, e.g., \*(L"subjectAltName,subjectKeyIdentifier\*(R". +See the \fBx509v3_config\fR\|(5) manual page for the extension names. +.IP "\fB\-certopt option\fR" 4 +.IX Item "-certopt option" +Customise the output format used with \fB\-text\fR. The \fBoption\fR argument +can be a single option or multiple options separated by commas. The +\&\fB\-certopt\fR switch may be also be used more than once to set multiple +options. See the \fB\s-1TEXT OPTIONS\s0\fR section for more information. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the certificate. +.IP "\fB\-pubkey\fR" 4 +.IX Item "-pubkey" +Outputs the certificate's SubjectPublicKeyInfo block in \s-1PEM\s0 format. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the modulus of the public key +contained in the certificate. +.IP "\fB\-serial\fR" 4 +.IX Item "-serial" +Outputs the certificate serial number. +.IP "\fB\-subject_hash\fR" 4 +.IX Item "-subject_hash" +Outputs the \*(L"hash\*(R" of the certificate subject name. This is used in OpenSSL to +form an index to allow certificates in a directory to be looked up by subject +name. +.IP "\fB\-issuer_hash\fR" 4 +.IX Item "-issuer_hash" +Outputs the \*(L"hash\*(R" of the certificate issuer name. +.IP "\fB\-ocspid\fR" 4 +.IX Item "-ocspid" +Outputs the \s-1OCSP\s0 hash values for the subject name and public key. +.IP "\fB\-hash\fR" 4 +.IX Item "-hash" +Synonym for \*(L"\-subject_hash\*(R" for backward compatibility reasons. +.IP "\fB\-subject_hash_old\fR" 4 +.IX Item "-subject_hash_old" +Outputs the \*(L"hash\*(R" of the certificate subject name using the older algorithm +as used by OpenSSL before version 1.0.0. +.IP "\fB\-issuer_hash_old\fR" 4 +.IX Item "-issuer_hash_old" +Outputs the \*(L"hash\*(R" of the certificate issuer name using the older algorithm +as used by OpenSSL before version 1.0.0. +.IP "\fB\-subject\fR" 4 +.IX Item "-subject" +Outputs the subject name. +.IP "\fB\-issuer\fR" 4 +.IX Item "-issuer" +Outputs the issuer name. +.IP "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +Option which determines how the subject or issuer names are displayed. The +\&\fBoption\fR argument can be a single option or multiple options separated by +commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to +set multiple options. See the \fB\s-1NAME OPTIONS\s0\fR section for more information. +.IP "\fB\-email\fR" 4 +.IX Item "-email" +Outputs the email address(es) if any. +.IP "\fB\-ocsp_uri\fR" 4 +.IX Item "-ocsp_uri" +Outputs the \s-1OCSP\s0 responder address(es) if any. +.IP "\fB\-startdate\fR" 4 +.IX Item "-startdate" +Prints out the start date of the certificate, that is the notBefore date. +.IP "\fB\-enddate\fR" 4 +.IX Item "-enddate" +Prints out the expiry date of the certificate, that is the notAfter date. +.IP "\fB\-dates\fR" 4 +.IX Item "-dates" +Prints out the start and expiry dates of a certificate. +.IP "\fB\-checkend arg\fR" 4 +.IX Item "-checkend arg" +Checks if the certificate expires within the next \fBarg\fR seconds and exits +non-zero if yes it will expire or zero if not. +.IP "\fB\-fingerprint\fR" 4 +.IX Item "-fingerprint" +Calculates and outputs the digest of the \s-1DER\s0 encoded version of the entire +certificate (see digest options). +This is commonly called a \*(L"fingerprint\*(R". Because of the nature of message +digests, the fingerprint of a certificate is unique to that certificate and +two certificates with the same fingerprint can be considered to be the same. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This outputs the certificate in the form of a C source file. +.SS "Trust Settings" +.IX Subsection "Trust Settings" +A \fBtrusted certificate\fR is an ordinary certificate which has several +additional pieces of information attached to it such as the permitted +and prohibited uses of the certificate and an \*(L"alias\*(R". +.PP +Normally when a certificate is being verified at least one certificate +must be \*(L"trusted\*(R". By default a trusted certificate must be stored +locally and must be a root \s-1CA:\s0 any certificate chain ending in this \s-1CA\s0 +is then usable for any purpose. +.PP +Trust settings currently are only used with a root \s-1CA.\s0 They allow a finer +control over the purposes the root \s-1CA\s0 can be used for. For example a \s-1CA\s0 +may be trusted for \s-1SSL\s0 client but not \s-1SSL\s0 server use. +.PP +See the description of the \fBverify\fR utility for more information on the +meaning of trust settings. +.PP +Future versions of OpenSSL will recognize trust settings on any +certificate: not just root CAs. +.IP "\fB\-trustout\fR" 4 +.IX Item "-trustout" +This causes \fBx509\fR to output a \fBtrusted\fR certificate. An ordinary +or trusted certificate can be input but by default an ordinary +certificate is output and any trust settings are discarded. With the +\&\fB\-trustout\fR option a trusted certificate is output. A trusted +certificate is automatically output if any trust settings are modified. +.IP "\fB\-setalias arg\fR" 4 +.IX Item "-setalias arg" +Sets the alias of the certificate. This will allow the certificate +to be referred to using a nickname for example \*(L"Steve's Certificate\*(R". +.IP "\fB\-alias\fR" 4 +.IX Item "-alias" +Outputs the certificate alias, if any. +.IP "\fB\-clrtrust\fR" 4 +.IX Item "-clrtrust" +Clears all the permitted or trusted uses of the certificate. +.IP "\fB\-clrreject\fR" 4 +.IX Item "-clrreject" +Clears all the prohibited or rejected uses of the certificate. +.IP "\fB\-addtrust arg\fR" 4 +.IX Item "-addtrust arg" +Adds a trusted certificate use. +Any object name can be used here but currently only \fBclientAuth\fR (\s-1SSL\s0 client +use), \fBserverAuth\fR (\s-1SSL\s0 server use), \fBemailProtection\fR (S/MIME email) and +\&\fBanyExtendedKeyUsage\fR are used. +As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or +enables all purposes when trusted. +Other OpenSSL applications may define additional uses. +.IP "\fB\-addreject arg\fR" 4 +.IX Item "-addreject arg" +Adds a prohibited use. It accepts the same values as the \fB\-addtrust\fR +option. +.IP "\fB\-purpose\fR" 4 +.IX Item "-purpose" +This option performs tests on the certificate extensions and outputs +the results. For a more complete description see the \fB\s-1CERTIFICATE +EXTENSIONS\s0\fR section. +.SS "Signing Options" +.IX Subsection "Signing Options" +The \fBx509\fR utility can be used to sign certificates and requests: it +can thus behave like a \*(L"mini \s-1CA\*(R".\s0 +.IP "\fB\-signkey arg\fR" 4 +.IX Item "-signkey arg" +This option causes the input file to be self signed using the supplied +private key or engine. The private key's format is specified with the +\&\fB\-keyform\fR option. +.Sp +If the input file is a certificate it sets the issuer name to the +subject name (i.e. makes it self signed) changes the public key to the +supplied value and changes the start and end dates. The start date is +set to the current time and the end date is set to a value determined +by the \fB\-days\fR option. Any certificate extensions are retained unless +the \fB\-clrext\fR option is supplied; this includes, for example, any existing +key identifier extensions. +.Sp +If the input is a certificate request then a self signed certificate +is created using the supplied private key using the subject name in +the request. +.IP "\fB\-sigopt nm:v\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-clrext\fR" 4 +.IX Item "-clrext" +Delete any extensions from a certificate. This option is used when a +certificate is being created from another certificate (for example with +the \fB\-signkey\fR or the \fB\-CA\fR options). Normally all extensions are +retained. +.IP "\fB\-keyform PEM|DER|ENGINE\fR" 4 +.IX Item "-keyform PEM|DER|ENGINE" +Specifies the format (\s-1DER\s0 or \s-1PEM\s0) of the private key file used in the +\&\fB\-signkey\fR option. +.IP "\fB\-days arg\fR" 4 +.IX Item "-days arg" +Specifies the number of days to make a certificate valid for. The default +is 30 days. Cannot be used with the \fB\-preserve_dates\fR option. +.IP "\fB\-x509toreq\fR" 4 +.IX Item "-x509toreq" +Converts a certificate into a certificate request. The \fB\-signkey\fR option +is used to pass the required private key. +.IP "\fB\-req\fR" 4 +.IX Item "-req" +By default a certificate is expected on input. With this option a +certificate request is expected instead. +.IP "\fB\-set_serial n\fR" 4 +.IX Item "-set_serial n" +Specifies the serial number to use. This option can be used with either +the \fB\-signkey\fR or \fB\-CA\fR options. If used in conjunction with the \fB\-CA\fR +option the serial number file (as specified by the \fB\-CAserial\fR or +\&\fB\-CAcreateserial\fR options) is not used. +.Sp +The serial number can be decimal or hex (if preceded by \fB0x\fR). +.IP "\fB\-CA filename\fR" 4 +.IX Item "-CA filename" +Specifies the \s-1CA\s0 certificate to be used for signing. When this option is +present \fBx509\fR behaves like a \*(L"mini \s-1CA\*(R".\s0 The input file is signed by this +\&\s-1CA\s0 using this option: that is its issuer name is set to the subject name +of the \s-1CA\s0 and it is digitally signed using the CAs private key. +.Sp +This option is normally combined with the \fB\-req\fR option. Without the +\&\fB\-req\fR option the input is a certificate which must be self signed. +.IP "\fB\-CAkey filename\fR" 4 +.IX Item "-CAkey filename" +Sets the \s-1CA\s0 private key to sign a certificate with. If this option is +not specified then it is assumed that the \s-1CA\s0 private key is present in +the \s-1CA\s0 certificate file. +.IP "\fB\-CAserial filename\fR" 4 +.IX Item "-CAserial filename" +Sets the \s-1CA\s0 serial number file to use. +.Sp +When the \fB\-CA\fR option is used to sign a certificate it uses a serial +number specified in a file. This file consists of one line containing +an even number of hex digits with the serial number to use. After each +use the serial number is incremented and written out to the file again. +.Sp +The default filename consists of the \s-1CA\s0 certificate file base name with +\&\*(L".srl\*(R" appended. For example if the \s-1CA\s0 certificate file is called +\&\*(L"mycacert.pem\*(R" it expects to find a serial number file called \*(L"mycacert.srl\*(R". +.IP "\fB\-CAcreateserial\fR" 4 +.IX Item "-CAcreateserial" +With this option the \s-1CA\s0 serial number file is created if it does not exist: +it will contain the serial number \*(L"02\*(R" and the certificate being signed will +have the 1 as its serial number. If the \fB\-CA\fR option is specified +and the serial number file does not exist a random number is generated; +this is the recommended practice. +.IP "\fB\-extfile filename\fR" 4 +.IX Item "-extfile filename" +File containing certificate extensions to use. If not specified then +no extensions are added to the certificate. +.IP "\fB\-extensions section\fR" 4 +.IX Item "-extensions section" +The section to add certificate extensions from. If this option is not +specified then the extensions should either be contained in the unnamed +(default) section or the default section should contain a variable called +\&\*(L"extensions\*(R" which contains the section to use. See the +\&\fBx509v3_config\fR\|(5) manual page for details of the +extension section format. +.IP "\fB\-force_pubkey key\fR" 4 +.IX Item "-force_pubkey key" +When a certificate is created set its public key to \fBkey\fR instead of the +key in the certificate or certificate request. This option is useful for +creating certificates where the algorithm can't normally sign requests, for +example \s-1DH.\s0 +.Sp +The format or \fBkey\fR can be specified using the \fB\-keyform\fR option. +.SS "Name Options" +.IX Subsection "Name Options" +The \fBnameopt\fR command line switch determines how the subject and issuer +names are displayed. If no \fBnameopt\fR switch is present the default \*(L"oneline\*(R" +format is used which is compatible with previous versions of OpenSSL. +Each option is described in detail below, all options can be preceded by +a \fB\-\fR to turn the option off. Only the first four will normally be used. +.IP "\fBcompat\fR" 4 +.IX Item "compat" +Use the old format. +.IP "\fB\s-1RFC2253\s0\fR" 4 +.IX Item "RFC2253" +Displays names compatible with \s-1RFC2253\s0 equivalent to \fBesc_2253\fR, \fBesc_ctrl\fR, +\&\fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR, \fBdump_unknown\fR, \fBdump_der\fR, +\&\fBsep_comma_plus\fR, \fBdn_rev\fR and \fBsname\fR. +.IP "\fBoneline\fR" 4 +.IX Item "oneline" +A oneline format which is more readable than \s-1RFC2253.\s0 It is equivalent to +specifying the \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR, +\&\fBdump_der\fR, \fBuse_quote\fR, \fBsep_comma_plus_space\fR, \fBspace_eq\fR and \fBsname\fR +options. This is the \fIdefault\fR of no name options are given explicitly. +.IP "\fBmultiline\fR" 4 +.IX Item "multiline" +A multiline format. It is equivalent \fBesc_ctrl\fR, \fBesc_msb\fR, \fBsep_multiline\fR, +\&\fBspace_eq\fR, \fBlname\fR and \fBalign\fR. +.IP "\fBesc_2253\fR" 4 +.IX Item "esc_2253" +Escape the \*(L"special\*(R" characters required by \s-1RFC2253\s0 in a field. That is +\&\fB,+"<>;\fR. Additionally \fB#\fR is escaped at the beginning of a string +and a space character at the beginning or end of a string. +.IP "\fBesc_2254\fR" 4 +.IX Item "esc_2254" +Escape the \*(L"special\*(R" characters required by \s-1RFC2254\s0 in a field. That is +the \fB\s-1NUL\s0\fR character as well as and \fB()*\fR. +.IP "\fBesc_ctrl\fR" 4 +.IX Item "esc_ctrl" +Escape control characters. That is those with \s-1ASCII\s0 values less than +0x20 (space) and the delete (0x7f) character. They are escaped using the +\&\s-1RFC2253\s0 \eXX notation (where \s-1XX\s0 are two hex digits representing the +character value). +.IP "\fBesc_msb\fR" 4 +.IX Item "esc_msb" +Escape characters with the \s-1MSB\s0 set, that is with \s-1ASCII\s0 values larger than +127. +.IP "\fBuse_quote\fR" 4 +.IX Item "use_quote" +Escapes some characters by surrounding the whole string with \fB"\fR characters, +without the option all escaping is done with the \fB\e\fR character. +.IP "\fButf8\fR" 4 +.IX Item "utf8" +Convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253.\s0 If +you are lucky enough to have a \s-1UTF8\s0 compatible terminal then the use +of this option (and \fBnot\fR setting \fBesc_msb\fR) may result in the correct +display of multibyte (international) characters. Is this option is not +present then multibyte characters larger than 0xff will be represented +using the format \eUXXXX for 16 bits and \eWXXXXXXXX for 32 bits. +Also if this option is off any UTF8Strings will be converted to their +character form first. +.IP "\fBignore_type\fR" 4 +.IX Item "ignore_type" +This option does not attempt to interpret multibyte characters in any +way. That is their content octets are merely dumped as though one octet +represents each character. This is useful for diagnostic purposes but +will result in rather odd looking output. +.IP "\fBshow_type\fR" 4 +.IX Item "show_type" +Show the type of the \s-1ASN1\s0 character string. The type precedes the +field contents. For example \*(L"\s-1BMPSTRING:\s0 Hello World\*(R". +.IP "\fBdump_der\fR" 4 +.IX Item "dump_der" +When this option is set any fields that need to be hexdumped will +be dumped using the \s-1DER\s0 encoding of the field. Otherwise just the +content octets will be displayed. Both options use the \s-1RFC2253\s0 +\&\fB#XXXX...\fR format. +.IP "\fBdump_nostr\fR" 4 +.IX Item "dump_nostr" +Dump non character string types (for example \s-1OCTET STRING\s0) if this +option is not set then non character string types will be displayed +as though each content octet represents a single character. +.IP "\fBdump_all\fR" 4 +.IX Item "dump_all" +Dump all fields. This option when used with \fBdump_der\fR allows the +\&\s-1DER\s0 encoding of the structure to be unambiguously determined. +.IP "\fBdump_unknown\fR" 4 +.IX Item "dump_unknown" +Dump any field whose \s-1OID\s0 is not recognised by OpenSSL. +.IP "\fBsep_comma_plus\fR, \fBsep_comma_plus_space\fR, \fBsep_semi_plus_space\fR, \fBsep_multiline\fR" 4 +.IX Item "sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space, sep_multiline" +These options determine the field separators. The first character is +between RDNs and the second between multiple AVAs (multiple AVAs are +very rare and their use is discouraged). The options ending in +\&\*(L"space\*(R" additionally place a space after the separator to make it +more readable. The \fBsep_multiline\fR uses a linefeed character for +the \s-1RDN\s0 separator and a spaced \fB+\fR for the \s-1AVA\s0 separator. It also +indents the fields by four characters. If no field separator is specified +then \fBsep_comma_plus_space\fR is used by default. +.IP "\fBdn_rev\fR" 4 +.IX Item "dn_rev" +Reverse the fields of the \s-1DN.\s0 This is required by \s-1RFC2253.\s0 As a side +effect this also reverses the order of multiple AVAs but this is +permissible. +.IP "\fBnofname\fR, \fBsname\fR, \fBlname\fR, \fBoid\fR" 4 +.IX Item "nofname, sname, lname, oid" +These options alter how the field name is displayed. \fBnofname\fR does +not display the field at all. \fBsname\fR uses the \*(L"short name\*(R" form +(\s-1CN\s0 for commonName for example). \fBlname\fR uses the long form. +\&\fBoid\fR represents the \s-1OID\s0 in numerical form and is useful for +diagnostic purpose. +.IP "\fBalign\fR" 4 +.IX Item "align" +Align field values for a more readable output. Only usable with +\&\fBsep_multiline\fR. +.IP "\fBspace_eq\fR" 4 +.IX Item "space_eq" +Places spaces round the \fB=\fR character which follows the field +name. +.SS "Text Options" +.IX Subsection "Text Options" +As well as customising the name output format, it is also possible to +customise the actual fields printed using the \fBcertopt\fR options when +the \fBtext\fR option is present. The default behaviour is to print all fields. +.IP "\fBcompatible\fR" 4 +.IX Item "compatible" +Use the old format. This is equivalent to specifying no output options at all. +.IP "\fBno_header\fR" 4 +.IX Item "no_header" +Don't print header information: that is the lines saying \*(L"Certificate\*(R" +and \*(L"Data\*(R". +.IP "\fBno_version\fR" 4 +.IX Item "no_version" +Don't print out the version number. +.IP "\fBno_serial\fR" 4 +.IX Item "no_serial" +Don't print out the serial number. +.IP "\fBno_signame\fR" 4 +.IX Item "no_signame" +Don't print out the signature algorithm used. +.IP "\fBno_validity\fR" 4 +.IX Item "no_validity" +Don't print the validity, that is the \fBnotBefore\fR and \fBnotAfter\fR fields. +.IP "\fBno_subject\fR" 4 +.IX Item "no_subject" +Don't print out the subject name. +.IP "\fBno_issuer\fR" 4 +.IX Item "no_issuer" +Don't print out the issuer name. +.IP "\fBno_pubkey\fR" 4 +.IX Item "no_pubkey" +Don't print out the public key. +.IP "\fBno_sigdump\fR" 4 +.IX Item "no_sigdump" +Don't give a hexadecimal dump of the certificate signature. +.IP "\fBno_aux\fR" 4 +.IX Item "no_aux" +Don't print out certificate trust information. +.IP "\fBno_extensions\fR" 4 +.IX Item "no_extensions" +Don't print out any X509V3 extensions. +.IP "\fBext_default\fR" 4 +.IX Item "ext_default" +Retain default extension behaviour: attempt to print out unsupported +certificate extensions. +.IP "\fBext_error\fR" 4 +.IX Item "ext_error" +Print an error message for unsupported certificate extensions. +.IP "\fBext_parse\fR" 4 +.IX Item "ext_parse" +\&\s-1ASN1\s0 parse unsupported extensions. +.IP "\fBext_dump\fR" 4 +.IX Item "ext_dump" +Hex dump unsupported extensions. +.IP "\fBca_default\fR" 4 +.IX Item "ca_default" +The value used by the \fBca\fR utility, equivalent to \fBno_issuer\fR, \fBno_pubkey\fR, +\&\fBno_header\fR, and \fBno_version\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Note: in these examples the '\e' means the example should be all on one +line. +.PP +Display the contents of a certificate: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-text +.Ve +.PP +Display the \*(L"Subject Alternative Name\*(R" extension of a certificate: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-ext subjectAltName +.Ve +.PP +Display more extensions of a certificate: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-ext subjectAltName,nsCertType +.Ve +.PP +Display the certificate serial number: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-serial +.Ve +.PP +Display the certificate subject name: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-subject +.Ve +.PP +Display the certificate subject name in \s-1RFC2253\s0 form: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-subject \-nameopt RFC2253 +.Ve +.PP +Display the certificate subject name in oneline form on a terminal +supporting \s-1UTF8:\s0 +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-subject \-nameopt oneline,\-esc_msb +.Ve +.PP +Display the certificate \s-1SHA1\s0 fingerprint: +.PP +.Vb 1 +\& openssl x509 \-sha1 \-in cert.pem \-noout \-fingerprint +.Ve +.PP +Convert a certificate from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-inform PEM \-out cert.der \-outform DER +.Ve +.PP +Convert a certificate to a certificate request: +.PP +.Vb 1 +\& openssl x509 \-x509toreq \-in cert.pem \-out req.pem \-signkey key.pem +.Ve +.PP +Convert a certificate request into a self signed certificate using +extensions for a \s-1CA:\s0 +.PP +.Vb 2 +\& openssl x509 \-req \-in careq.pem \-extfile openssl.cnf \-extensions v3_ca \e +\& \-signkey key.pem \-out cacert.pem +.Ve +.PP +Sign a certificate request using the \s-1CA\s0 certificate above and add user +certificate extensions: +.PP +.Vb 2 +\& openssl x509 \-req \-in req.pem \-extfile openssl.cnf \-extensions v3_usr \e +\& \-CA cacert.pem \-CAkey key.pem \-CAcreateserial +.Ve +.PP +Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to +\&\*(L"Steve's Class 1 \s-1CA\*(R"\s0 +.PP +.Vb 2 +\& openssl x509 \-in cert.pem \-addtrust clientAuth \e +\& \-setalias "Steve\*(Aqs Class 1 CA" \-out trust.pem +.Ve +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.Ve +.PP +it will also handle files containing: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN X509 CERTIFICATE\-\-\-\-\- +\& \-\-\-\-\-END X509 CERTIFICATE\-\-\-\-\- +.Ve +.PP +Trusted certificates have the lines +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN TRUSTED CERTIFICATE\-\-\-\-\- +\& \-\-\-\-\-END TRUSTED CERTIFICATE\-\-\-\-\- +.Ve +.PP +The conversion to \s-1UTF8\s0 format used with the name options assumes that +T61Strings use the \s-1ISO8859\-1\s0 character set. This is wrong but Netscape +and \s-1MSIE\s0 do this as do many certificates. So although this is incorrect +it is more likely to display the majority of certificates correctly. +.PP +The \fB\-email\fR option searches the subject name and the subject alternative +name extension. Only unique email addresses will be printed out: it will +not print the same address more than once. +.SH "CERTIFICATE EXTENSIONS" +.IX Header "CERTIFICATE EXTENSIONS" +The \fB\-purpose\fR option checks the certificate extensions and determines +what the certificate can be used for. The actual checks done are rather +complex and include various hacks and workarounds to handle broken +certificates and software. +.PP +The same code is used when verifying untrusted certificates in chains +so this section is useful if a chain is rejected by the verify code. +.PP +The basicConstraints extension \s-1CA\s0 flag is used to determine whether the +certificate can be used as a \s-1CA.\s0 If the \s-1CA\s0 flag is true then it is a \s-1CA,\s0 +if the \s-1CA\s0 flag is false then it is not a \s-1CA.\s0 \fBAll\fR CAs should have the +\&\s-1CA\s0 flag set to true. +.PP +If the basicConstraints extension is absent then the certificate is +considered to be a \*(L"possible \s-1CA\*(R"\s0 other extensions are checked according +to the intended use of the certificate. A warning is given in this case +because the certificate should really not be regarded as a \s-1CA:\s0 however +it is allowed to be a \s-1CA\s0 to work around some broken software. +.PP +If the certificate is a V1 certificate (and thus has no extensions) and +it is self signed it is also assumed to be a \s-1CA\s0 but a warning is again +given: this is to work around the problem of Verisign roots which are V1 +self signed certificates. +.PP +If the keyUsage extension is present then additional restraints are +made on the uses of the certificate. A \s-1CA\s0 certificate \fBmust\fR have the +keyCertSign bit set if the keyUsage extension is present. +.PP +The extended key usage extension places additional restrictions on the +certificate uses. If this extension is present (whether critical or not) +the key can only be used for the purposes specified. +.PP +A complete description of each test is given below. The comments about +basicConstraints and keyUsage and V1 certificates above apply to \fBall\fR +\&\s-1CA\s0 certificates. +.IP "\fB\s-1SSL\s0 Client\fR" 4 +.IX Item "SSL Client" +The extended key usage extension must be absent or include the \*(L"web client +authentication\*(R" \s-1OID.\s0 keyUsage must be absent or it must have the +digitalSignature bit set. Netscape certificate type must be absent or it must +have the \s-1SSL\s0 client bit set. +.IP "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4 +.IX Item "SSL Client CA" +The extended key usage extension must be absent or include the \*(L"web client +authentication\*(R" \s-1OID.\s0 Netscape certificate type must be absent or it must have +the \s-1SSL CA\s0 bit set: this is used as a work around if the basicConstraints +extension is absent. +.IP "\fB\s-1SSL\s0 Server\fR" 4 +.IX Item "SSL Server" +The extended key usage extension must be absent or include the \*(L"web server +authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. keyUsage must be absent or it +must have the digitalSignature, the keyEncipherment set or both bits set. +Netscape certificate type must be absent or have the \s-1SSL\s0 server bit set. +.IP "\fB\s-1SSL\s0 Server \s-1CA\s0\fR" 4 +.IX Item "SSL Server CA" +The extended key usage extension must be absent or include the \*(L"web server +authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. Netscape certificate type must +be absent or the \s-1SSL CA\s0 bit must be set: this is used as a work around if the +basicConstraints extension is absent. +.IP "\fBNetscape \s-1SSL\s0 Server\fR" 4 +.IX Item "Netscape SSL Server" +For Netscape \s-1SSL\s0 clients to connect to an \s-1SSL\s0 server it must have the +keyEncipherment bit set if the keyUsage extension is present. This isn't +always valid because some cipher suites use the key for digital signing. +Otherwise it is the same as a normal \s-1SSL\s0 server. +.IP "\fBCommon S/MIME Client Tests\fR" 4 +.IX Item "Common S/MIME Client Tests" +The extended key usage extension must be absent or include the \*(L"email +protection\*(R" \s-1OID.\s0 Netscape certificate type must be absent or should have the +S/MIME bit set. If the S/MIME bit is not set in Netscape certificate type +then the \s-1SSL\s0 client bit is tolerated as an alternative but a warning is shown: +this is because some Verisign certificates don't set the S/MIME bit. +.IP "\fBS/MIME Signing\fR" 4 +.IX Item "S/MIME Signing" +In addition to the common S/MIME client tests the digitalSignature bit or +the nonRepudiation bit must be set if the keyUsage extension is present. +.IP "\fBS/MIME Encryption\fR" 4 +.IX Item "S/MIME Encryption" +In addition to the common S/MIME tests the keyEncipherment bit must be set +if the keyUsage extension is present. +.IP "\fBS/MIME \s-1CA\s0\fR" 4 +.IX Item "S/MIME CA" +The extended key usage extension must be absent or include the \*(L"email +protection\*(R" \s-1OID.\s0 Netscape certificate type must be absent or must have the +S/MIME \s-1CA\s0 bit set: this is used as a work around if the basicConstraints +extension is absent. +.IP "\fB\s-1CRL\s0 Signing\fR" 4 +.IX Item "CRL Signing" +The keyUsage extension must be absent or it must have the \s-1CRL\s0 signing bit +set. +.IP "\fB\s-1CRL\s0 Signing \s-1CA\s0\fR" 4 +.IX Item "CRL Signing CA" +The normal \s-1CA\s0 tests apply. Except in this case the basicConstraints extension +must be present. +.SH "BUGS" +.IX Header "BUGS" +Extensions in certificates are not transferred to certificate requests and +vice versa. +.PP +It is possible to produce invalid certificates or requests by specifying the +wrong private key or using inconsistent options in some cases: these should +be checked. +.PP +There should be options to explicitly set such things as start and end +dates rather than an offset from the current time. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBreq\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1), \fBverify\fR\|(1), +\&\fBx509v3_config\fR\|(5) +.SH "HISTORY" +.IX Header "HISTORY" +The hash algorithm used in the \fB\-subject_hash\fR and \fB\-issuer_hash\fR options +before OpenSSL 1.0.0 was based on the deprecated \s-1MD5\s0 algorithm and the encoding +of the distinguished name. In OpenSSL 1.0.0 and later it is based on a +canonical version of the \s-1DN\s0 using \s-1SHA1.\s0 This means that any directories using +the old form must have their links rebuilt using \fBc_rehash\fR or similar. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ADMISSIONS.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ADMISSIONS.3 new file mode 100644 index 00000000..7024dc09 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ADMISSIONS.3 @@ -0,0 +1,280 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ADMISSIONS 3" +.TH ADMISSIONS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ADMISSIONS, ADMISSIONS_get0_admissionAuthority, ADMISSIONS_get0_namingAuthority, ADMISSIONS_get0_professionInfos, ADMISSIONS_set0_admissionAuthority, ADMISSIONS_set0_namingAuthority, ADMISSIONS_set0_professionInfos, ADMISSION_SYNTAX, ADMISSION_SYNTAX_get0_admissionAuthority, ADMISSION_SYNTAX_get0_contentsOfAdmissions, ADMISSION_SYNTAX_set0_admissionAuthority, ADMISSION_SYNTAX_set0_contentsOfAdmissions, NAMING_AUTHORITY, NAMING_AUTHORITY_get0_authorityId, NAMING_AUTHORITY_get0_authorityURL, NAMING_AUTHORITY_get0_authorityText, NAMING_AUTHORITY_set0_authorityId, NAMING_AUTHORITY_set0_authorityURL, NAMING_AUTHORITY_set0_authorityText, PROFESSION_INFO, PROFESSION_INFOS, PROFESSION_INFO_get0_addProfessionInfo, PROFESSION_INFO_get0_namingAuthority, PROFESSION_INFO_get0_professionItems, PROFESSION_INFO_get0_professionOIDs, PROFESSION_INFO_get0_registrationNumber, PROFESSION_INFO_set0_addProfessionInfo, PROFESSION_INFO_set0_namingAuthority, PROFESSION_INFO_set0_professionItems, PROFESSION_INFO_set0_professionOIDs, PROFESSION_INFO_set0_registrationNumber \&\- Accessors and settors for ADMISSION_SYNTAX +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 5 +\& typedef struct NamingAuthority_st NAMING_AUTHORITY; +\& typedef struct ProfessionInfo_st PROFESSION_INFO; +\& typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; +\& typedef struct Admissions_st ADMISSIONS; +\& typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; +\& +\& const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( +\& const NAMING_AUTHORITY *n); +\& void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, +\& ASN1_OBJECT* namingAuthorityId); +\& const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( +\& const NAMING_AUTHORITY *n); +\& void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, +\& ASN1_IA5STRING* namingAuthorityUrl); +\& const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( +\& const NAMING_AUTHORITY *n); +\& void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, +\& ASN1_STRING* namingAuthorityText); +\& +\& const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( +\& const ADMISSION_SYNTAX *as); +\& void ADMISSION_SYNTAX_set0_admissionAuthority( +\& ADMISSION_SYNTAX *as, GENERAL_NAME *aa); +\& const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( +\& const ADMISSION_SYNTAX *as); +\& void ADMISSION_SYNTAX_set0_contentsOfAdmissions( +\& ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); +\& +\& const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); +\& void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); +\& const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); +\& void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); +\& const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); +\& void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); +\& +\& const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_addProfessionInfo( +\& PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); +\& const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_namingAuthority( +\& PROFESSION_INFO *pi, NAMING_AUTHORITY *na); +\& const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_professionItems( +\& PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); +\& const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_professionOIDs( +\& PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); +\& const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_registrationNumber( +\& PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1PROFESSION_INFOS\s0\fR, \fB\s-1ADMISSION_SYNTAX\s0\fR, \fB\s-1ADMISSIONS\s0\fR, and +\&\fB\s-1PROFESSION_INFO\s0\fR types are opaque structures representing the +analogous types defined in the Common \s-1PKI\s0 Specification published +by . +Knowledge of those structures and their semantics is assumed. +.PP +The conventional routines to convert between \s-1DER\s0 and the local format +are described in \fBd2i_X509\fR\|(3). +The conventional routines to allocate and free the types are defined +in \fBX509_dup\fR\|(3). +.PP +The \fB\s-1PROFESSION_INFOS\s0\fR type is a stack of \fB\s-1PROFESSION_INFO\s0\fR; see +\&\s-1\fBDEFINE_STACK_OF\s0\fR\|(3) for details. +.PP +The \fB\s-1NAMING_AUTHORITY\s0\fR type has an authority \s-1ID\s0 and \s-1URL,\s0 and text fields. +The \fBNAMING_AUTHORITY_get0_authorityId()\fR, +\&\fBNAMING_AUTHORITY_get0_get0_authorityURL()\fR, and +\&\fBNAMING_AUTHORITY_get0_get0_authorityText()\fR, functions return pointers +to those values within the object. +The \fBNAMING_AUTHORITY_set0_authorityId()\fR, +\&\fBNAMING_AUTHORITY_set0_get0_authorityURL()\fR, and +\&\fBNAMING_AUTHORITY_set0_get0_authorityText()\fR, +functions free any existing value and set the pointer to the specified value. +.PP +The \fB\s-1ADMISSION_SYNTAX\s0\fR type has an authority name and a stack of +\&\fB\s-1ADMISSION\s0\fR objects. +The \fBADMISSION_SYNTAX_get0_admissionAuthority()\fR +and \fBADMISSION_SYNTAX_get0_contentsOfAdmissions()\fR functions return pointers +to those values within the object. +The +\&\fBADMISSION_SYNTAX_set0_admissionAuthority()\fR and +\&\fBADMISSION_SYNTAX_set0_contentsOfAdmissions()\fR +functions free any existing value and set the pointer to the specified value. +.PP +The \fB\s-1ADMISSION\s0\fR type has an authority name, authority object, and a +stack of \fB\s-1PROFESSION_INFO\s0\fR items. +The \fBADMISSIONS_get0_admissionAuthority()\fR, \fBADMISSIONS_get0_namingAuthority()\fR, +and \fBADMISSIONS_get0_professionInfos()\fR +functions return pointers to those values within the object. +The +\&\fBADMISSIONS_set0_admissionAuthority()\fR, +\&\fBADMISSIONS_set0_namingAuthority()\fR, and +\&\fBADMISSIONS_set0_professionInfos()\fR +functions free any existing value and set the pointer to the specified value. +.PP +The \fB\s-1PROFESSION_INFO\s0\fR type has a name authority, stacks of +profession Items and OIDs, a registration number, and additional +profession info. +The functions \fBPROFESSION_INFO_get0_addProfessionInfo()\fR, +\&\fBPROFESSION_INFO_get0_namingAuthority()\fR, \fBPROFESSION_INFO_get0_professionItems()\fR, +\&\fBPROFESSION_INFO_get0_professionOIDs()\fR, and +\&\fBPROFESSION_INFO_get0_registrationNumber()\fR +functions return pointers to those values within the object. +The +\&\fBPROFESSION_INFO_set0_addProfessionInfo()\fR, +\&\fBPROFESSION_INFO_set0_namingAuthority()\fR, +\&\fBPROFESSION_INFO_set0_professionItems()\fR, +\&\fBPROFESSION_INFO_set0_professionOIDs()\fR, and +\&\fBPROFESSION_INFO_set0_registrationNumber()\fR +functions free any existing value and set the pointer to the specified value. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Described above. +Note that all of the \fIget0\fR functions return a pointer to the internal data +structure and must not be freed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_dup\fR\|(3), +\&\fBd2i_X509\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_INTEGER_get_int64.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_INTEGER_get_int64.3 new file mode 100644 index 00000000..2aa52a5d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_INTEGER_get_int64.3 @@ -0,0 +1,260 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_INTEGER_GET_INT64 3" +.TH ASN1_INTEGER_GET_INT64 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN \&\- ASN.1 INTEGER and ENUMERATED utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +\& long ASN1_INTEGER_get(const ASN1_INTEGER *a); +\& +\& int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +\& int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v); +\& +\& int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +\& int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); +\& +\& ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +\& BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); +\& +\& int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); +\& long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +\& +\& int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); +\& int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +\& +\& ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); +\& BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions convert to and from \fB\s-1ASN1_INTEGER\s0\fR and \fB\s-1ASN1_ENUMERATED\s0\fR +structures. +.PP +\&\fBASN1_INTEGER_get_int64()\fR converts an \fB\s-1ASN1_INTEGER\s0\fR into an \fBint64_t\fR type +If successful it returns 1 and sets \fB*pr\fR to the value of \fBa\fR. If it fails +(due to invalid type or the value being too big to fit into an \fBint64_t\fR type) +it returns 0. +.PP +\&\fBASN1_INTEGER_get_uint64()\fR is similar to \fBASN1_INTEGER_get_int64_t()\fR except it +converts to a \fBuint64_t\fR type and an error is returned if the passed integer +is negative. +.PP +\&\fBASN1_INTEGER_get()\fR also returns the value of \fBa\fR but it returns 0 if \fBa\fR is +\&\s-1NULL\s0 and \-1 on error (which is ambiguous because \-1 is a legitimate value for +an \fB\s-1ASN1_INTEGER\s0\fR). New applications should use \fBASN1_INTEGER_get_int64()\fR +instead. +.PP +\&\fBASN1_INTEGER_set_int64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the +\&\fBint64_t\fR value \fBr\fR. +.PP +\&\fBASN1_INTEGER_set_uint64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the +\&\fBuint64_t\fR value \fBr\fR. +.PP +\&\fBASN1_INTEGER_set()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the \fBlong\fR value +\&\fBv\fR. +.PP +\&\fBBN_to_ASN1_INTEGER()\fR converts \fB\s-1BIGNUM\s0\fR \fBbn\fR to an \fB\s-1ASN1_INTEGER\s0\fR. If \fBai\fR +is \s-1NULL\s0 a new \fB\s-1ASN1_INTEGER\s0\fR structure is returned. If \fBai\fR is not \s-1NULL\s0 then +the existing structure will be used instead. +.PP +\&\fBASN1_INTEGER_to_BN()\fR converts \s-1ASN1_INTEGER\s0 \fBai\fR into a \fB\s-1BIGNUM\s0\fR. If \fBbn\fR is +\&\s-1NULL\s0 a new \fB\s-1BIGNUM\s0\fR structure is returned. If \fBbn\fR is not \s-1NULL\s0 then the +existing structure will be used instead. +.PP +\&\fBASN1_ENUMERATED_get_int64()\fR, \fBASN1_ENUMERATED_set_int64()\fR, +\&\fBASN1_ENUMERATED_set()\fR, \fBBN_to_ASN1_ENUMERATED()\fR and \fBASN1_ENUMERATED_to_BN()\fR +behave in an identical way to their \s-1ASN1_INTEGER\s0 counterparts except they +operate on an \fB\s-1ASN1_ENUMERATED\s0\fR value. +.PP +\&\fBASN1_ENUMERATED_get()\fR returns the value of \fBa\fR in a similar way to +\&\fBASN1_INTEGER_get()\fR but it returns \fB0xffffffffL\fR if the value of \fBa\fR will not +fit in a long type. New applications should use \fBASN1_ENUMERATED_get_int64()\fR +instead. +.SH "NOTES" +.IX Header "NOTES" +In general an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1ASN1_ENUMERATED\s0\fR type can contain an +integer of almost arbitrary size and so cannot always be represented by a C +\&\fBint64_t\fR type. However in many cases (for example version numbers) they +represent small integers which can be more easily manipulated if converted to +an appropriate C integer type. +.SH "BUGS" +.IX Header "BUGS" +The ambiguous return values of \fBASN1_INTEGER_get()\fR and \fBASN1_ENUMERATED_get()\fR +mean these functions should be avoided if possible. They are retained for +compatibility. Normally the ambiguous return values are not legitimate +values for the fields they represent. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_INTEGER_set_int64()\fR, \fBASN1_INTEGER_set()\fR, \fBASN1_ENUMERATED_set_int64()\fR and +\&\fBASN1_ENUMERATED_set()\fR return 1 for success and 0 for failure. They will only +fail if a memory allocation error occurs. +.PP +\&\fBASN1_INTEGER_get_int64()\fR and \fBASN1_ENUMERATED_get_int64()\fR return 1 for success +and 0 for failure. They will fail if the passed type is incorrect (this will +only happen if there is a programming error) or if the value exceeds the range +of an \fBint64_t\fR type. +.PP +\&\fBBN_to_ASN1_INTEGER()\fR and \fBBN_to_ASN1_ENUMERATED()\fR return an \fB\s-1ASN1_INTEGER\s0\fR or +\&\fB\s-1ASN1_ENUMERATED\s0\fR structure respectively or \s-1NULL\s0 if an error occurs. They will +only fail due to a memory allocation error. +.PP +\&\fBASN1_INTEGER_to_BN()\fR and \fBASN1_ENUMERATED_to_BN()\fR return a \fB\s-1BIGNUM\s0\fR structure +of \s-1NULL\s0 if an error occurs. They can fail if the passed type is incorrect +(due to programming error) or due to a memory allocation failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBASN1_INTEGER_set_int64()\fR, \fBASN1_INTEGER_get_int64()\fR, +\&\fBASN1_ENUMERATED_set_int64()\fR and \fBASN1_ENUMERATED_get_int64()\fR +were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_ITEM_lookup.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_ITEM_lookup.3 new file mode 100644 index 00000000..26d5d713 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_ITEM_lookup.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_ITEM_LOOKUP 3" +.TH ASN1_ITEM_LOOKUP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_ITEM_lookup, ASN1_ITEM_get \- lookup ASN.1 structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); +\& const ASN1_ITEM *ASN1_ITEM_get(size_t i); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBASN1_ITEM_lookup()\fR returns the \fB\s-1ASN1_ITEM\s0 name\fR. +.PP +\&\fBASN1_ITEM_get()\fR returns the \fB\s-1ASN1_ITEM\s0\fR with index \fBi\fR. This function +returns \fB\s-1NULL\s0\fR if the index \fBi\fR is out of range. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_ITEM_lookup()\fR and \fBASN1_ITEM_get()\fR return a valid \fB\s-1ASN1_ITEM\s0\fR structure +or \fB\s-1NULL\s0\fR if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_OBJECT_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_OBJECT_new.3 new file mode 100644 index 00000000..bb047dcd --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_OBJECT_new.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_OBJECT_NEW 3" +.TH ASN1_OBJECT_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_OBJECT_new, ASN1_OBJECT_free \- object allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OBJECT *ASN1_OBJECT_new(void); +\& void ASN1_OBJECT_free(ASN1_OBJECT *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an +\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 +.PP +\&\fBASN1_OBJECT_new()\fR allocates and initializes an \s-1ASN1_OBJECT\s0 structure. +.PP +\&\fBASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR. +If \fBa\fR is \s-1NULL,\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +Although \fBASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it +is almost never used in applications. The \s-1ASN1\s0 object utility functions +such as \fBOBJ_nid2obj()\fR are used instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fBASN1_OBJECT_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBd2i_ASN1_OBJECT\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_STRING_TABLE_add.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_STRING_TABLE_add.3 new file mode 100644 index 00000000..0cc94413 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_STRING_TABLE_add.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_TABLE_ADD 3" +.TH ASN1_STRING_TABLE_ADD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, ASN1_STRING_TABLE_cleanup \- ASN1_STRING_TABLE manipulation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct asn1_string_table_st ASN1_STRING_TABLE; +\& +\& int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, +\& unsigned long mask, unsigned long flags); +\& ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid); +\& void ASN1_STRING_TABLE_cleanup(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1ASN1_STRING_TABLE\s0\fR is a table which holds string information +(basically minimum size, maximum size, type and etc) for a \s-1NID\s0 object. +.SS "Functions" +.IX Subsection "Functions" +\&\fBASN1_STRING_TABLE_add()\fR adds a new \fB\s-1ASN1_STRING_TABLE\s0\fR item into the +local \s-1ASN1\s0 string table based on the \fBnid\fR along with other parameters. +.PP +If the item is already in the table, fields of \fB\s-1ASN1_STRING_TABLE\s0\fR are +updated (depending on the values of those parameters, e.g., \fBminsize\fR +and \fBmaxsize\fR >= 0, \fBmask\fR and \fBflags\fR != 0). If the \fBnid\fR is standard, +a copy of the standard \fB\s-1ASN1_STRING_TABLE\s0\fR is created and updated with +other parameters. +.PP +\&\fBASN1_STRING_TABLE_get()\fR searches for an \fB\s-1ASN1_STRING_TABLE\s0\fR item based +on \fBnid\fR. It will search the local table first, then the standard one. +.PP +\&\fBASN1_STRING_TABLE_cleanup()\fR frees all \fB\s-1ASN1_STRING_TABLE\s0\fR items added +by \fBASN1_STRING_TABLE_add()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_STRING_TABLE_add()\fR returns 1 on success, 0 if an error occurred. +.PP +\&\fBASN1_STRING_TABLE_get()\fR returns a valid \fB\s-1ASN1_STRING_TABLE\s0\fR structure +or \fB\s-1NULL\s0\fR if nothing is found. +.PP +\&\fBASN1_STRING_TABLE_cleanup()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_STRING_length.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_STRING_length.3 new file mode 100644 index 00000000..8144eae1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_STRING_length.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_LENGTH 3" +.TH ASN1_STRING_LENGTH 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data, ASN1_STRING_to_UTF8 \- ASN1_STRING utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_STRING_length(ASN1_STRING *x); +\& const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x); +\& unsigned char * ASN1_STRING_data(ASN1_STRING *x); +\& +\& ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); +\& +\& int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); +\& +\& int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +\& +\& int ASN1_STRING_type(const ASN1_STRING *x); +\& +\& int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated. +.PP +\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR. +.PP +\&\fBASN1_STRING_get0_data()\fR returns an internal pointer to the data of \fBx\fR. +Since this is an internal pointer it should \fBnot\fR be freed or +modified in any way. +.PP +\&\fBASN1_STRING_data()\fR is similar to \fBASN1_STRING_get0_data()\fR except the +returned value is not constant. This function is deprecated: +applications should use \fBASN1_STRING_get0_data()\fR instead. +.PP +\&\fBASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR. +.PP +\&\fBASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two +are identical. The string types and content are compared. +.PP +\&\fBASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer +\&\fBdata\fR or length \fBlen\fR. The supplied data is copied. If \fBlen\fR +is \-1 then the length is determined by strlen(data). +.PP +\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants +such as \fBV_ASN1_OCTET_STRING\fR. +.PP +\&\fBASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the +converted data is allocated in a buffer in \fB*out\fR. The length of +\&\fBout\fR is returned or a negative error code. The buffer \fB*out\fR +should be freed using \fBOPENSSL_free()\fR. +.SH "NOTES" +.IX Header "NOTES" +Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR +structure. Other types such as \fB\s-1ASN1_OCTET_STRING\s0\fR are simply typedef'ed +to \fB\s-1ASN1_STRING\s0\fR and the functions call the \fB\s-1ASN1_STRING\s0\fR equivalents. +\&\fB\s-1ASN1_STRING\s0\fR is also used for some \fB\s-1CHOICE\s0\fR types which consist +entirely of primitive string types such as \fBDirectoryString\fR and +\&\fBTime\fR. +.PP +These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGER\s0\fR +or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR +utility functions should be used instead. +.PP +In general it cannot be assumed that the data returned by \fBASN1_STRING_data()\fR +is null terminated or does not contain embedded nulls. The actual format +of the data will depend on the actual string type itself: for example +for an IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per +character in big endian format, and for an UTF8String it will be in \s-1UTF8\s0 format. +.PP +Similar care should be take to ensure the data is in the correct format +when calling \fBASN1_STRING_set()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR. +.PP +\&\fBASN1_STRING_get0_data()\fR and \fBASN1_STRING_data()\fR return an internal pointer to +the data of \fBx\fR. +.PP +\&\fBASN1_STRING_dup()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if an +error occurred. +.PP +\&\fBASN1_STRING_cmp()\fR returns an integer greater than, equal to, or less than 0, +according to whether \fBa\fR is greater than, equal to, or less than \fBb\fR. +.PP +\&\fBASN1_STRING_set()\fR returns 1 on success or 0 on error. +.PP +\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR. +.PP +\&\fBASN1_STRING_to_UTF8()\fR returns the number of bytes in output string \fBout\fR or a +negative value if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_STRING_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_STRING_new.3 new file mode 100644 index 00000000..67f58a9d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_STRING_new.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_NEW 3" +.TH ASN1_STRING_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- ASN1_STRING allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_STRING * ASN1_STRING_new(void); +\& ASN1_STRING * ASN1_STRING_type_new(int type); +\& void ASN1_STRING_free(ASN1_STRING *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type +is undefined. +.PP +\&\fBASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of +type \fBtype\fR. +.PP +\&\fBASN1_STRING_free()\fR frees up \fBa\fR. +If \fBa\fR is \s-1NULL\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example +\&\fBASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_STRING_new()\fR and \fBASN1_STRING_type_new()\fR return a valid +\&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBASN1_STRING_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_STRING_print_ex.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_STRING_print_ex.3 new file mode 100644 index 00000000..d02ee537 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_STRING_print_ex.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_PRINT_EX 3" +.TH ASN1_STRING_PRINT_EX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print \&\- ASN1_STRING output routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print(BIO *out, const ASN1_STRING *str); +\& +\& const char *ASN1_tag2str(int tag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to +represent all the \s-1ASN1\s0 string types. +.PP +\&\fBASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by +the options \fBflags\fR. \fBASN1_STRING_print_ex_fp()\fR is identical except it outputs +to \fBfp\fR instead. +.PP +\&\fBASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to +\&\fBASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0) +with '.'. +.PP +\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fBASN1_STRING_print()\fR is a deprecated function which should be avoided; use +\&\fBASN1_STRING_print_ex()\fR instead. +.PP +Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is +suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253 &\s0 ~ASN1_STRFLGS_ESC_MSB\fR. +.PP +The complete set of supported options for \fBflags\fR is listed below. +.PP +Various characters can be escaped. If \fB\s-1ASN1_STRFLGS_ESC_2253\s0\fR is set the characters +determined by \s-1RFC2253\s0 are escaped. If \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0\fR is set control +characters are escaped. If \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR is set characters with the +\&\s-1MSB\s0 set are escaped: this option should \fBnot\fR be used if the terminal correctly +interprets \s-1UTF8\s0 sequences. +.PP +Escaping takes several forms. +.PP +If the character being escaped is a 16 bit character then the form \*(L"\eUXXXX\*(R" is used +using exactly four characters for the hex representation. If it is 32 bits then +\&\*(L"\eWXXXXXXXX\*(R" is used using eight characters of its hex representation. These forms +will only be used if \s-1UTF8\s0 conversion is not set (see below). +.PP +Printable characters are normally escaped using the backslash '\e' character. If +\&\fB\s-1ASN1_STRFLGS_ESC_QUOTE\s0\fR is set then the whole string is instead surrounded by +double quote characters: this is arguably more readable than the backslash +notation. Other characters use the \*(L"\eXX\*(R" using exactly two characters of the hex +representation. +.PP +If \fB\s-1ASN1_STRFLGS_UTF8_CONVERT\s0\fR is set then characters are converted to \s-1UTF8\s0 +format first. If the terminal supports the display of \s-1UTF8\s0 sequences then this +option will correctly display multi byte characters. +.PP +If \fB\s-1ASN1_STRFLGS_IGNORE_TYPE\s0\fR is set then the string type is not interpreted at +all: everything is assumed to be one byte per character. This is primarily for +debugging purposes and can result in confusing output in multi character strings. +.PP +If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out +before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fBASN1_tag2str()\fR. +.PP +The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just +outputs the value of the string using the form #XXXX using hex format for each +octet. +.PP +If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped. +.PP +Normally non character string types (such as \s-1OCTET STRING\s0) are assumed to be +one byte per character, if \fB\s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0\fR is set then they will +be dumped instead. +.PP +When a type is dumped normally just the content octets are printed, if +\&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped +instead (including tag and length octets). +.PP +\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253.\s0 It is +equivalent to: + \s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | + \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_STRING_print_ex()\fR and \fBASN1_STRING_print_ex_fp()\fR return the number of +characters written or \-1 if an error occurred. +.PP +\&\fBASN1_STRING_print()\fR returns 1 on success or 0 on error. +.PP +\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBASN1_tag2str\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_TIME_set.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_TIME_set.3 new file mode 100644 index 00000000..ef59456f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_TIME_set.3 @@ -0,0 +1,380 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_TIME_SET 3" +.TH ASN1_TIME_SET 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, ASN1_TIME_adj, ASN1_UTCTIME_adj, ASN1_GENERALIZEDTIME_adj, ASN1_TIME_check, ASN1_UTCTIME_check, ASN1_GENERALIZEDTIME_check, ASN1_TIME_set_string, ASN1_UTCTIME_set_string, ASN1_GENERALIZEDTIME_set_string, ASN1_TIME_set_string_X509, ASN1_TIME_normalize, ASN1_TIME_to_tm, ASN1_TIME_print, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, ASN1_TIME_diff, ASN1_TIME_cmp_time_t, ASN1_UTCTIME_cmp_time_t, ASN1_TIME_compare, ASN1_TIME_to_generalizedtime \- ASN.1 Time functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +\& ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +\& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, +\& time_t t); +\& +\& ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, +\& long offset_sec); +\& ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, +\& int offset_day, long offset_sec); +\& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, +\& time_t t, int offset_day, +\& long offset_sec); +\& +\& int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +\& int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); +\& int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +\& int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, +\& const char *str); +\& +\& int ASN1_TIME_normalize(ASN1_TIME *s); +\& +\& int ASN1_TIME_check(const ASN1_TIME *t); +\& int ASN1_UTCTIME_check(const ASN1_UTCTIME *t); +\& int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *t); +\& +\& int ASN1_TIME_print(BIO *b, const ASN1_TIME *s); +\& int ASN1_UTCTIME_print(BIO *b, const ASN1_UTCTIME *s); +\& int ASN1_GENERALIZEDTIME_print(BIO *b, const ASN1_GENERALIZEDTIME *s); +\& +\& int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +\& int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, +\& const ASN1_TIME *to); +\& +\& int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); +\& int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); +\& +\& int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); +\& +\& ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, +\& ASN1_GENERALIZEDTIME **out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR and \fBASN1_GENERALIZEDTIME_set()\fR +functions set the structure \fBs\fR to the time represented by the time_t +value \fBt\fR. If \fBs\fR is \s-1NULL\s0 a new time structure is allocated and returned. +.PP +The \fBASN1_TIME_adj()\fR, \fBASN1_UTCTIME_adj()\fR and \fBASN1_GENERALIZEDTIME_adj()\fR +functions set the time structure \fBs\fR to the time represented +by the time \fBoffset_day\fR and \fBoffset_sec\fR after the time_t value \fBt\fR. +The values of \fBoffset_day\fR or \fBoffset_sec\fR can be negative to set a +time before \fBt\fR. The \fBoffset_sec\fR value can also exceed the number of +seconds in a day. If \fBs\fR is \s-1NULL\s0 a new structure is allocated +and returned. +.PP +The \fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR and +\&\fBASN1_GENERALIZEDTIME_set_string()\fR functions set the time structure \fBs\fR +to the time represented by string \fBstr\fR which must be in appropriate \s-1ASN.1\s0 +time format (for example \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0). If \fBs\fR is \s-1NULL\s0 +this function performs a format check on \fBstr\fR only. The string \fBstr\fR +is copied into \fBs\fR. +.PP +\&\fBASN1_TIME_set_string_X509()\fR sets \s-1ASN1_TIME\s0 structure \fBs\fR to the time +represented by string \fBstr\fR which must be in appropriate time format +that \s-1RFC 5280\s0 requires, which means it only allows \s-1YYMMDDHHMMSSZ\s0 and +\&\s-1YYYYMMDDHHMMSSZ\s0 (leap second is rejected), all other \s-1ASN.1\s0 time format +are not allowed. If \fBs\fR is \s-1NULL\s0 this function performs a format check +on \fBstr\fR only. +.PP +The \fBASN1_TIME_normalize()\fR function converts an \s-1ASN1_GENERALIZEDTIME\s0 or +\&\s-1ASN1_UTCTIME\s0 into a time value that can be used in a certificate. It +should be used after the \fBASN1_TIME_set_string()\fR functions and before +\&\fBASN1_TIME_print()\fR functions to get consistent (i.e. \s-1GMT\s0) results. +.PP +The \fBASN1_TIME_check()\fR, \fBASN1_UTCTIME_check()\fR and \fBASN1_GENERALIZEDTIME_check()\fR +functions check the syntax of the time structure \fBs\fR. +.PP +The \fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR +functions print the time structure \fBs\fR to \s-1BIO\s0 \fBb\fR in human readable +format. It will be of the format \s-1MMM DD HH:MM:SS YYYY\s0 [\s-1GMT\s0], for example +\&\*(L"Feb 3 00:55:52 2015 \s-1GMT\*(R"\s0 it does not include a newline. If the time +structure has invalid format it prints out \*(L"Bad time value\*(R" and returns +an error. The output for generalized time may include a fractional part +following the second. +.PP +\&\fBASN1_TIME_to_tm()\fR converts the time \fBs\fR to the standard \fBtm\fR structure. +If \fBs\fR is \s-1NULL,\s0 then the current time is converted. The output time is \s-1GMT.\s0 +The \fBtm_sec\fR, \fBtm_min\fR, \fBtm_hour\fR, \fBtm_mday\fR, \fBtm_wday\fR, \fBtm_yday\fR, +\&\fBtm_mon\fR and \fBtm_year\fR fields of \fBtm\fR structure are set to proper values, +whereas all other fields are set to 0. If \fBtm\fR is \s-1NULL\s0 this function performs +a format check on \fBs\fR only. If \fBs\fR is in Generalized format with fractional +seconds, e.g. \s-1YYYYMMDDHHMMSS.SSSZ,\s0 the fractional seconds will be lost while +converting \fBs\fR to \fBtm\fR structure. +.PP +\&\fBASN1_TIME_diff()\fR sets \fB*pday\fR and \fB*psec\fR to the time difference between +\&\fBfrom\fR and \fBto\fR. If \fBto\fR represents a time later than \fBfrom\fR then +one or both (depending on the time difference) of \fB*pday\fR and \fB*psec\fR +will be positive. If \fBto\fR represents a time earlier than \fBfrom\fR then +one or both of \fB*pday\fR and \fB*psec\fR will be negative. If \fBto\fR and \fBfrom\fR +represent the same time then \fB*pday\fR and \fB*psec\fR will both be zero. +If both \fB*pday\fR and \fB*psec\fR are non-zero they will always have the same +sign. The value of \fB*psec\fR will always be less than the number of seconds +in a day. If \fBfrom\fR or \fBto\fR is \s-1NULL\s0 the current time is used. +.PP +The \fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR functions compare +the two times represented by the time structure \fBs\fR and the time_t \fBt\fR. +.PP +The \fBASN1_TIME_compare()\fR function compares the two times represented by the +time structures \fBa\fR and \fBb\fR. +.PP +The \fBASN1_TIME_to_generalizedtime()\fR function converts an \s-1ASN1_TIME\s0 to an +\&\s-1ASN1_GENERALIZEDTIME,\s0 regardless of year. If either \fBout\fR or +\&\fB*out\fR are \s-1NULL,\s0 then a new object is allocated and must be freed after use. +.SH "NOTES" +.IX Header "NOTES" +The \s-1ASN1_TIME\s0 structure corresponds to the \s-1ASN.1\s0 structure \fBTime\fR +defined in \s-1RFC5280\s0 et al. The time setting functions obey the rules outlined +in \s-1RFC5280:\s0 if the date can be represented by UTCTime it is used, else +GeneralizedTime is used. +.PP +The \s-1ASN1_TIME, ASN1_UTCTIME\s0 and \s-1ASN1_GENERALIZEDTIME\s0 structures are represented +as an \s-1ASN1_STRING\s0 internally and can be freed up using \fBASN1_STRING_free()\fR. +.PP +The \s-1ASN1_TIME\s0 structure can represent years from 0000 to 9999 but no attempt +is made to correct ancient calendar changes (for example from Julian to +Gregorian calendars). +.PP +\&\s-1ASN1_UTCTIME\s0 is limited to a year range of 1950 through 2049. +.PP +Some applications add offset times directly to a time_t value and pass the +results to \fBASN1_TIME_set()\fR (or equivalent). This can cause problems as the +time_t value can overflow on some systems resulting in unexpected results. +New applications should use \fBASN1_TIME_adj()\fR instead and pass the offset value +in the \fBoffset_sec\fR and \fBoffset_day\fR parameters instead of directly +manipulating a time_t value. +.PP +\&\fBASN1_TIME_adj()\fR may change the type from \s-1ASN1_GENERALIZEDTIME\s0 to \s-1ASN1_UTCTIME,\s0 +or vice versa, based on the resulting year. The \fBASN1_GENERALIZEDTIME_adj()\fR and +\&\fBASN1_UTCTIME_adj()\fR functions will not modify the type of the return structure. +.PP +It is recommended that functions starting with \s-1ASN1_TIME\s0 be used instead of +those starting with \s-1ASN1_UTCTIME\s0 or \s-1ASN1_GENERALIZEDTIME.\s0 The functions +starting with \s-1ASN1_UTCTIME\s0 and \s-1ASN1_GENERALIZEDTIME\s0 act only on that specific +time format. The functions starting with \s-1ASN1_TIME\s0 will operate on either +format. +.SH "BUGS" +.IX Header "BUGS" +\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR +do not print out the time zone: it either prints out \*(L"\s-1GMT\*(R"\s0 or nothing. But all +certificates complying with \s-1RFC5280\s0 et al use \s-1GMT\s0 anyway. +.PP +Use the \fBASN1_TIME_normalize()\fR function to normalize the time value before +printing to get \s-1GMT\s0 results. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR, \fBASN1_GENERALIZEDTIME_set()\fR, \fBASN1_TIME_adj()\fR, +ASN1_UTCTIME_adj and ASN1_GENERALIZEDTIME_set return a pointer to a time structure +or \s-1NULL\s0 if an error occurred. +.PP +\&\fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR, \fBASN1_GENERALIZEDTIME_set_string()\fR +\&\fBASN1_TIME_set_string_X509()\fR return 1 if the time value is successfully set and 0 otherwise. +.PP +\&\fBASN1_TIME_normalize()\fR returns 1 on success, and 0 on error. +.PP +\&\fBASN1_TIME_check()\fR, ASN1_UTCTIME_check and \fBASN1_GENERALIZEDTIME_check()\fR return 1 +if the structure is syntactically correct and 0 otherwise. +.PP +\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR return 1 +if the time is successfully printed out and 0 if an error occurred (I/O error or +invalid time format). +.PP +\&\fBASN1_TIME_to_tm()\fR returns 1 if the time is successfully parsed and 0 if an +error occurred (invalid time format). +.PP +\&\fBASN1_TIME_diff()\fR returns 1 for success and 0 for failure. It can fail if the +passed-in time structure has invalid syntax, for example. +.PP +\&\fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR return \-1 if \fBs\fR is +before \fBt\fR, 0 if \fBs\fR equals \fBt\fR, or 1 if \fBs\fR is after \fBt\fR. \-2 is returned +on error. +.PP +\&\fBASN1_TIME_compare()\fR returns \-1 if \fBa\fR is before \fBb\fR, 0 if \fBa\fR equals \fBb\fR, or 1 if \fBa\fR is after \fBb\fR. \-2 is returned on error. +.PP +\&\fBASN1_TIME_to_generalizedtime()\fR returns a pointer to +the appropriate time structure on success or \s-1NULL\s0 if an error occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set a time structure to one hour after the current time and print it out: +.PP +.Vb 2 +\& #include +\& #include +\& +\& ASN1_TIME *tm; +\& time_t t; +\& BIO *b; +\& +\& t = time(NULL); +\& tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60); +\& b = BIO_new_fp(stdout, BIO_NOCLOSE); +\& ASN1_TIME_print(b, tm); +\& ASN1_STRING_free(tm); +\& BIO_free(b); +.Ve +.PP +Determine if one time is later or sooner than the current time: +.PP +.Vb 1 +\& int day, sec; +\& +\& if (!ASN1_TIME_diff(&day, &sec, NULL, to)) +\& /* Invalid time format */ +\& +\& if (day > 0 || sec > 0) +\& printf("Later\en"); +\& else if (day < 0 || sec < 0) +\& printf("Sooner\en"); +\& else +\& printf("Same\en"); +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +The \fBASN1_TIME_to_tm()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_set_string_X509()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_normalize()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_cmp_time_t()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_compare()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_TYPE_get.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_TYPE_get.3 new file mode 100644 index 00000000..7e4d4f53 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_TYPE_get.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_TYPE_GET 3" +.TH ASN1_TYPE_GET 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_sequence, ASN1_TYPE_pack_sequence \- ASN1_TYPE utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_TYPE_get(const ASN1_TYPE *a); +\& void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +\& int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +\& int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); +\& +\& void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); +\& ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, +\& ASN1_TYPE **t); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \s-1ASN1_TYPE\s0 structure to be manipulated. The +\&\s-1ASN1_TYPE\s0 structure can contain any \s-1ASN.1\s0 type or constructed type +such as a \s-1SEQUENCE:\s0 it is effectively equivalent to the \s-1ASN.1 ANY\s0 type. +.PP +\&\fBASN1_TYPE_get()\fR returns the type of \fBa\fR. +.PP +\&\fBASN1_TYPE_set()\fR sets the value of \fBa\fR to \fBtype\fR and \fBvalue\fR. This +function uses the pointer \fBvalue\fR internally so it must \fBnot\fR be freed +up after the call. +.PP +\&\fBASN1_TYPE_set1()\fR sets the value of \fBa\fR to \fBtype\fR a copy of \fBvalue\fR. +.PP +\&\fBASN1_TYPE_cmp()\fR compares \s-1ASN.1\s0 types \fBa\fR and \fBb\fR and returns 0 if +they are identical and non-zero otherwise. +.PP +\&\fBASN1_TYPE_unpack_sequence()\fR attempts to parse the \s-1SEQUENCE\s0 present in +\&\fBt\fR using the \s-1ASN.1\s0 structure \fBit\fR. If successful it returns a pointer +to the \s-1ASN.1\s0 structure corresponding to \fBit\fR which must be freed by the +caller. If it fails it return \s-1NULL.\s0 +.PP +\&\fBASN1_TYPE_pack_sequence()\fR attempts to encode the \s-1ASN.1\s0 structure \fBs\fR +corresponding to \fBit\fR into an \s-1ASN1_TYPE.\s0 If successful the encoded +\&\s-1ASN1_TYPE\s0 is returned. If \fBt\fR and \fB*t\fR are not \s-1NULL\s0 the encoded type +is written to \fBt\fR overwriting any existing data. If \fBt\fR is not \s-1NULL\s0 +but \fB*t\fR is \s-1NULL\s0 the returned \s-1ASN1_TYPE\s0 is written to \fB*t\fR. +.SH "NOTES" +.IX Header "NOTES" +The type and meaning of the \fBvalue\fR parameter for \fBASN1_TYPE_set()\fR and +\&\fBASN1_TYPE_set1()\fR is determined by the \fBtype\fR parameter. +If \fBtype\fR is V_ASN1_NULL \fBvalue\fR is ignored. If \fBtype\fR is V_ASN1_BOOLEAN +then the boolean is set to \s-1TRUE\s0 if \fBvalue\fR is not \s-1NULL.\s0 If \fBtype\fR is +V_ASN1_OBJECT then value is an \s-1ASN1_OBJECT\s0 structure. Otherwise \fBtype\fR +is and \s-1ASN1_STRING\s0 structure. If \fBtype\fR corresponds to a primitive type +(or a string type) then the contents of the \s-1ASN1_STRING\s0 contain the content +octets of the type. If \fBtype\fR corresponds to a constructed type or +a tagged type (V_ASN1_SEQUENCE, V_ASN1_SET or V_ASN1_OTHER) then the +\&\s-1ASN1_STRING\s0 contains the entire \s-1ASN.1\s0 encoding verbatim (including tag and +length octets). +.PP +\&\fBASN1_TYPE_cmp()\fR may not return zero if two types are equivalent but have +different encodings. For example the single content octet of the boolean \s-1TRUE\s0 +value under \s-1BER\s0 can have any non-zero encoding but \fBASN1_TYPE_cmp()\fR will +only return zero if the values are the same. +.PP +If either or both of the parameters passed to \fBASN1_TYPE_cmp()\fR is \s-1NULL\s0 the +return value is non-zero. Technically if both parameters are \s-1NULL\s0 the two +types could be absent \s-1OPTIONAL\s0 fields and so should match, however passing +\&\s-1NULL\s0 values could also indicate a programming error (for example an +unparsable type which returns \s-1NULL\s0) for types which do \fBnot\fR match. So +applications should handle the case of two absent values separately. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_TYPE_get()\fR returns the type of the \s-1ASN1_TYPE\s0 argument. +.PP +\&\fBASN1_TYPE_set()\fR does not return a value. +.PP +\&\fBASN1_TYPE_set1()\fR returns 1 for success and 0 for failure. +.PP +\&\fBASN1_TYPE_cmp()\fR returns 0 if the types are identical and non-zero otherwise. +.PP +\&\fBASN1_TYPE_unpack_sequence()\fR returns a pointer to an \s-1ASN.1\s0 structure or +\&\s-1NULL\s0 on failure. +.PP +\&\fBASN1_TYPE_pack_sequence()\fR return an \s-1ASN1_TYPE\s0 structure if it succeeds or +\&\s-1NULL\s0 on failure. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_generate_nconf.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_generate_nconf.3 new file mode 100644 index 00000000..6151bdf1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASN1_generate_nconf.3 @@ -0,0 +1,381 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_GENERATE_NCONF 3" +.TH ASN1_GENERATE_NCONF 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_generate_nconf, ASN1_generate_v3 \- ASN1 generation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +\& ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions generate the \s-1ASN1\s0 encoding of a string +in an \fB\s-1ASN1_TYPE\s0\fR structure. +.PP +\&\fBstr\fR contains the string to encode \fBnconf\fR or \fBcnf\fR contains +the optional configuration information where additional strings +will be read from. \fBnconf\fR will typically come from a config +file whereas \fBcnf\fR is obtained from an \fBX509V3_CTX\fR structure +which will typically be used by X509 v3 certificate extension +functions. \fBcnf\fR or \fBnconf\fR can be set to \fB\s-1NULL\s0\fR if no additional +configuration will be used. +.SH "GENERATION STRING FORMAT" +.IX Header "GENERATION STRING FORMAT" +The actual data encoded is determined by the string \fBstr\fR and +the configuration information. The general format of the string +is: +.IP "\fB[modifier,]type[:value]\fR" 4 +.IX Item "[modifier,]type[:value]" +.PP +That is zero or more comma separated modifiers followed by a type +followed by an optional colon and a value. The formats of \fBtype\fR, +\&\fBvalue\fR and \fBmodifier\fR are explained below. +.SS "Supported Types" +.IX Subsection "Supported Types" +The supported types are listed below. Unless otherwise specified +only the \fB\s-1ASCII\s0\fR format is permissible. +.IP "\fB\s-1BOOLEAN\s0\fR, \fB\s-1BOOL\s0\fR" 4 +.IX Item "BOOLEAN, BOOL" +This encodes a boolean type. The \fBvalue\fR string is mandatory and +should be \fB\s-1TRUE\s0\fR or \fB\s-1FALSE\s0\fR. Additionally \fB\s-1TRUE\s0\fR, \fBtrue\fR, \fBY\fR, +\&\fBy\fR, \fB\s-1YES\s0\fR, \fByes\fR, \fB\s-1FALSE\s0\fR, \fBfalse\fR, \fBN\fR, \fBn\fR, \fB\s-1NO\s0\fR and \fBno\fR +are acceptable. +.IP "\fB\s-1NULL\s0\fR" 4 +.IX Item "NULL" +Encode the \fB\s-1NULL\s0\fR type, the \fBvalue\fR string must not be present. +.IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 4 +.IX Item "INTEGER, INT" +Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents +the value of the integer, it can be prefaced by a minus sign and +is normally interpreted as a decimal value unless the prefix \fB0x\fR +is included. +.IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 4 +.IX Item "ENUMERATED, ENUM" +Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to +\&\fB\s-1INTEGER\s0\fR. +.IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 4 +.IX Item "OBJECT, OID" +Encodes an \s-1ASN1\s0 \fB\s-1OBJECT IDENTIFIER\s0\fR, the \fBvalue\fR string can be +a short name, a long name or numerical format. +.IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 4 +.IX Item "UTCTIME, UTC" +Encodes an \s-1ASN1\s0 \fBUTCTime\fR structure, the value should be in +the format \fB\s-1YYMMDDHHMMSSZ\s0\fR. +.IP "\fB\s-1GENERALIZEDTIME\s0\fR, \fB\s-1GENTIME\s0\fR" 4 +.IX Item "GENERALIZEDTIME, GENTIME" +Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in +the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR. +.IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 4 +.IX Item "OCTETSTRING, OCT" +Encodes an \s-1ASN1\s0 \fB\s-1OCTET STRING\s0\fR. \fBvalue\fR represents the contents +of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be +used to specify the format of \fBvalue\fR. +.IP "\fB\s-1BITSTRING\s0\fR, \fB\s-1BITSTR\s0\fR" 4 +.IX Item "BITSTRING, BITSTR" +Encodes an \s-1ASN1\s0 \fB\s-1BIT STRING\s0\fR. \fBvalue\fR represents the contents +of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR +can be used to specify the format of \fBvalue\fR. +.Sp +If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused +bits is set to zero. +.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR, \fB\s-1NUMERICSTRING\s0\fR, \fB\s-1NUMERIC\s0\fR" 4 +.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC" +These encode the corresponding string types. \fBvalue\fR represents the +contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR. +.IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 4 +.IX Item "SEQUENCE, SEQ, SET" +Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR +should be a section name which will contain the contents. The +field names in the section are ignored and the values are in the +generated string format. If \fBvalue\fR is absent then an empty \s-1SEQUENCE\s0 +will be encoded. +.SS "Modifiers" +.IX Subsection "Modifiers" +Modifiers affect the following structure, they can be used to +add \s-1EXPLICIT\s0 or \s-1IMPLICIT\s0 tagging, add wrappers or to change +the string format of the final type and value. The supported +formats are documented below. +.IP "\fB\s-1EXPLICIT\s0\fR, \fB\s-1EXP\s0\fR" 4 +.IX Item "EXPLICIT, EXP" +Add an explicit tag to the following structure. This string +should be followed by a colon and the tag value to use as a +decimal value. +.Sp +By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL, +APPLICATION, PRIVATE\s0 or \s-1CONTEXT SPECIFIC\s0 tagging can be used, +the default is \s-1CONTEXT SPECIFIC.\s0 +.IP "\fB\s-1IMPLICIT\s0\fR, \fB\s-1IMP\s0\fR" 4 +.IX Item "IMPLICIT, IMP" +This is the same as \fB\s-1EXPLICIT\s0\fR except \s-1IMPLICIT\s0 tagging is used +instead. +.IP "\fB\s-1OCTWRAP\s0\fR, \fB\s-1SEQWRAP\s0\fR, \fB\s-1SETWRAP\s0\fR, \fB\s-1BITWRAP\s0\fR" 4 +.IX Item "OCTWRAP, SEQWRAP, SETWRAP, BITWRAP" +The following structure is surrounded by an \s-1OCTET STRING,\s0 a \s-1SEQUENCE,\s0 +a \s-1SET\s0 or a \s-1BIT STRING\s0 respectively. For a \s-1BIT STRING\s0 the number of unused +bits is set to zero. +.IP "\fB\s-1FORMAT\s0\fR" 4 +.IX Item "FORMAT" +This specifies the format of the ultimate value. It should be followed +by a colon and one of the strings \fB\s-1ASCII\s0\fR, \fB\s-1UTF8\s0\fR, \fB\s-1HEX\s0\fR or \fB\s-1BITLIST\s0\fR. +.Sp +If no format specifier is included then \fB\s-1ASCII\s0\fR is used. If \fB\s-1UTF8\s0\fR is +specified then the value string must be a valid \fB\s-1UTF8\s0\fR string. For \fB\s-1HEX\s0\fR the +output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT +STRING\s0) is a comma separated list of the indices of the set bits, all other +bits are zero. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_generate_nconf()\fR and \fBASN1_generate_v3()\fR return the encoded +data as an \fB\s-1ASN1_TYPE\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +The error codes that can be obtained by \fBERR_get_error\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +A simple IA5String: +.PP +.Vb 1 +\& IA5STRING:Hello World +.Ve +.PP +An IA5String explicitly tagged: +.PP +.Vb 1 +\& EXPLICIT:0,IA5STRING:Hello World +.Ve +.PP +An IA5String explicitly tagged using \s-1APPLICATION\s0 tagging: +.PP +.Vb 1 +\& EXPLICIT:0A,IA5STRING:Hello World +.Ve +.PP +A \s-1BITSTRING\s0 with bits 1 and 5 set and all others zero: +.PP +.Vb 1 +\& FORMAT:BITLIST,BITSTRING:1,5 +.Ve +.PP +A more complex example using a config file to produce a +\&\s-1SEQUENCE\s0 consisting of a \s-1BOOL\s0 an \s-1OID\s0 and a UTF8String: +.PP +.Vb 1 +\& asn1 = SEQUENCE:seq_section +\& +\& [seq_section] +\& +\& field1 = BOOLEAN:TRUE +\& field2 = OID:commonName +\& field3 = UTF8:Third field +.Ve +.PP +This example produces an RSAPrivateKey structure, this is the +key contained in the file client.pem in all OpenSSL distributions +(note: the field names such as 'coeff' are ignored and are present just +for clarity): +.PP +.Vb 3 +\& asn1=SEQUENCE:private_key +\& [private_key] +\& version=INTEGER:0 +\& +\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e +\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 +\& +\& e=INTEGER:0x010001 +\& +\& d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\e +\& F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D +\& +\& p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\e +\& D4BD57 +\& +\& q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\e +\& 46EC4F +\& +\& exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\e +\& 9C0A39B9 +\& +\& exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\e +\& E7B2458F +\& +\& coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\e +\& 628657053A +.Ve +.PP +This example is the corresponding public key in a SubjectPublicKeyInfo +structure: +.PP +.Vb 2 +\& # Start with a SEQUENCE +\& asn1=SEQUENCE:pubkeyinfo +\& +\& # pubkeyinfo contains an algorithm identifier and the public key wrapped +\& # in a BIT STRING +\& [pubkeyinfo] +\& algorithm=SEQUENCE:rsa_alg +\& pubkey=BITWRAP,SEQUENCE:rsapubkey +\& +\& # algorithm ID for RSA is just an OID and a NULL +\& [rsa_alg] +\& algorithm=OID:rsaEncryption +\& parameter=NULL +\& +\& # Actual public key: modulus and exponent +\& [rsapubkey] +\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e +\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 +\& +\& e=INTEGER:0x010001 +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASYNC_WAIT_CTX_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASYNC_WAIT_CTX_new.3 new file mode 100644 index 00000000..dde3e6af --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASYNC_WAIT_CTX_new.3 @@ -0,0 +1,270 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASYNC_WAIT_CTX_NEW 3" +.TH ASYNC_WAIT_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd \- functions to manage waiting for asynchronous jobs to complete +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); +\& void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); +\& int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, +\& OSSL_ASYNC_FD fd, +\& void *custom_data, +\& void (*cleanup)(ASYNC_WAIT_CTX *, const void *, +\& OSSL_ASYNC_FD, void *)); +\& int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, +\& OSSL_ASYNC_FD *fd, void **custom_data); +\& int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, +\& size_t *numfds); +\& int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, +\& size_t *numaddfds, OSSL_ASYNC_FD *delfd, +\& size_t *numdelfds); +\& int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +For an overview of how asynchronous operations are implemented in OpenSSL see +\&\fBASYNC_start_job\fR\|(3). An \s-1ASYNC_WAIT_CTX\s0 object represents an asynchronous +\&\*(L"session\*(R", i.e. a related set of crypto operations. For example in \s-1SSL\s0 terms +this would have a one-to-one correspondence with an \s-1SSL\s0 connection. +.PP +Application code must create an \s-1ASYNC_WAIT_CTX\s0 using the \fBASYNC_WAIT_CTX_new()\fR +function prior to calling \fBASYNC_start_job()\fR (see \fBASYNC_start_job\fR\|(3)). When +the job is started it is associated with the \s-1ASYNC_WAIT_CTX\s0 for the duration of +that job. An \s-1ASYNC_WAIT_CTX\s0 should only be used for one \s-1ASYNC_JOB\s0 at any one +time, but can be reused after an \s-1ASYNC_JOB\s0 has finished for a subsequent +\&\s-1ASYNC_JOB.\s0 When the session is complete (e.g. the \s-1SSL\s0 connection is closed), +application code cleans up with \fBASYNC_WAIT_CTX_free()\fR. +.PP +ASYNC_WAIT_CTXs can have \*(L"wait\*(R" file descriptors associated with them. Calling +\&\fBASYNC_WAIT_CTX_get_all_fds()\fR and passing in a pointer to an \s-1ASYNC_WAIT_CTX\s0 in +the \fBctx\fR parameter will return the wait file descriptors associated with that +job in \fB*fd\fR. The number of file descriptors returned will be stored in +\&\fB*numfds\fR. It is the caller's responsibility to ensure that sufficient memory +has been allocated in \fB*fd\fR to receive all the file descriptors. Calling +\&\fBASYNC_WAIT_CTX_get_all_fds()\fR with a \s-1NULL\s0 \fBfd\fR value will return no file +descriptors but will still populate \fB*numfds\fR. Therefore application code is +typically expected to call this function twice: once to get the number of fds, +and then again when sufficient memory has been allocated. If only one +asynchronous engine is being used then normally this call will only ever return +one fd. If multiple asynchronous engines are being used then more could be +returned. +.PP +The function \fBASYNC_WAIT_CTX_get_changed_fds()\fR can be used to detect if any fds +have changed since the last call time \fBASYNC_start_job()\fR returned an \s-1ASYNC_PAUSE\s0 +result (or since the \s-1ASYNC_WAIT_CTX\s0 was created if no \s-1ASYNC_PAUSE\s0 result has +been received). The \fBnumaddfds\fR and \fBnumdelfds\fR parameters will be populated +with the number of fds added or deleted respectively. \fB*addfd\fR and \fB*delfd\fR +will be populated with the list of added and deleted fds respectively. Similarly +to \fBASYNC_WAIT_CTX_get_all_fds()\fR either of these can be \s-1NULL,\s0 but if they are not +\&\s-1NULL\s0 then the caller is responsible for ensuring sufficient memory is allocated. +.PP +Implementors of async aware code (e.g. engines) are encouraged to return a +stable fd for the lifetime of the \s-1ASYNC_WAIT_CTX\s0 in order to reduce the \*(L"churn\*(R" +of regularly changing fds \- although no guarantees of this are provided to +applications. +.PP +Applications can wait for the file descriptor to be ready for \*(L"read\*(R" using a +system function call such as select or poll (being ready for \*(L"read\*(R" indicates +that the job should be resumed). If no file descriptor is made available then an +application will have to periodically \*(L"poll\*(R" the job by attempting to restart it +to see if it is ready to continue. +.PP +Async aware code (e.g. engines) can get the current \s-1ASYNC_WAIT_CTX\s0 from the job +via \fBASYNC_get_wait_ctx\fR\|(3) and provide a file descriptor to use for waiting +on by calling \fBASYNC_WAIT_CTX_set_wait_fd()\fR. Typically this would be done by an +engine immediately prior to calling \fBASYNC_pause_job()\fR and not by end user code. +An existing association with a file descriptor can be obtained using +\&\fBASYNC_WAIT_CTX_get_fd()\fR and cleared using \fBASYNC_WAIT_CTX_clear_fd()\fR. Both of +these functions requires a \fBkey\fR value which is unique to the async aware +code. This could be any unique value but a good candidate might be the +\&\fB\s-1ENGINE\s0 *\fR for the engine. The \fBcustom_data\fR parameter can be any value, and +will be returned in a subsequent call to \fBASYNC_WAIT_CTX_get_fd()\fR. The +\&\fBASYNC_WAIT_CTX_set_wait_fd()\fR function also expects a pointer to a \*(L"cleanup\*(R" +routine. This can be \s-1NULL\s0 but if provided will automatically get called when +the \s-1ASYNC_WAIT_CTX\s0 is freed, and gives the engine the opportunity to close the +fd or any other resources. Note: The \*(L"cleanup\*(R" routine does not get called if +the fd is cleared directly via a call to \fBASYNC_WAIT_CTX_clear_fd()\fR. +.PP +An example of typical usage might be an async capable engine. User code would +initiate cryptographic operations. The engine would initiate those operations +asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd()\fR followed by +\&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then +perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other +similar function on the wait file descriptor. The engine can signal to the user +code that the job should be resumed by making the wait file descriptor +\&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait +file descriptor. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASYNC_WAIT_CTX_new()\fR returns a pointer to the newly allocated \s-1ASYNC_WAIT_CTX\s0 or +\&\s-1NULL\s0 on error. +.PP +ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, +ASYNC_WAIT_CTX_get_changed_fds and ASYNC_WAIT_CTX_clear_fd all return 1 on +success or 0 on error. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBASYNC_start_job\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBASYNC_WAIT_CTX_new()\fR, \fBASYNC_WAIT_CTX_free()\fR, \fBASYNC_WAIT_CTX_set_wait_fd()\fR, +\&\fBASYNC_WAIT_CTX_get_fd()\fR, \fBASYNC_WAIT_CTX_get_all_fds()\fR, +\&\fBASYNC_WAIT_CTX_get_changed_fds()\fR and \fBASYNC_WAIT_CTX_clear_fd()\fR +were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASYNC_start_job.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASYNC_start_job.3 new file mode 100644 index 00000000..3fc57943 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ASYNC_start_job.3 @@ -0,0 +1,453 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASYNC_START_JOB 3" +.TH ASYNC_START_JOB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASYNC_get_wait_ctx, ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable \&\- asynchronous job management functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASYNC_init_thread(size_t max_size, size_t init_size); +\& void ASYNC_cleanup_thread(void); +\& +\& int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, +\& int (*func)(void *), void *args, size_t size); +\& int ASYNC_pause_job(void); +\& +\& ASYNC_JOB *ASYNC_get_current_job(void); +\& ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); +\& void ASYNC_block_pause(void); +\& void ASYNC_unblock_pause(void); +\& +\& int ASYNC_is_capable(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL implements asynchronous capabilities through an \s-1ASYNC_JOB.\s0 This +represents code that can be started and executes until some event occurs. At +that point the code can be paused and control returns to user code until some +subsequent event indicates that the job can be resumed. +.PP +The creation of an \s-1ASYNC_JOB\s0 is a relatively expensive operation. Therefore, for +efficiency reasons, jobs can be created up front and reused many times. They are +held in a pool until they are needed, at which point they are removed from the +pool, used, and then returned to the pool when the job completes. If the user +application is multi-threaded, then \fBASYNC_init_thread()\fR may be called for each +thread that will initiate asynchronous jobs. Before +user code exits per-thread resources need to be cleaned up. This will normally +occur automatically (see \fBOPENSSL_init_crypto\fR\|(3)) but may be explicitly +initiated by using \fBASYNC_cleanup_thread()\fR. No asynchronous jobs must be +outstanding for the thread when \fBASYNC_cleanup_thread()\fR is called. Failing to +ensure this will result in memory leaks. +.PP +The \fBmax_size\fR argument limits the number of ASYNC_JOBs that will be held in +the pool. If \fBmax_size\fR is set to 0 then no upper limit is set. When an +\&\s-1ASYNC_JOB\s0 is needed but there are none available in the pool already then one +will be automatically created, as long as the total of ASYNC_JOBs managed by the +pool does not exceed \fBmax_size\fR. When the pool is first initialised +\&\fBinit_size\fR ASYNC_JOBs will be created immediately. If \fBASYNC_init_thread()\fR is +not called before the pool is first used then it will be called automatically +with a \fBmax_size\fR of 0 (no upper limit) and an \fBinit_size\fR of 0 (no ASYNC_JOBs +created up front). +.PP +An asynchronous job is started by calling the \fBASYNC_start_job()\fR function. +Initially \fB*job\fR should be \s-1NULL.\s0 \fBctx\fR should point to an \s-1ASYNC_WAIT_CTX\s0 +object created through the \fBASYNC_WAIT_CTX_new\fR\|(3) function. \fBret\fR should +point to a location where the return value of the asynchronous function should +be stored on completion of the job. \fBfunc\fR represents the function that should +be started asynchronously. The data pointed to by \fBargs\fR and of size \fBsize\fR +will be copied and then passed as an argument to \fBfunc\fR when the job starts. +ASYNC_start_job will return one of the following values: +.IP "\fB\s-1ASYNC_ERR\s0\fR" 4 +.IX Item "ASYNC_ERR" +An error occurred trying to start the job. Check the OpenSSL error queue (e.g. +see \fBERR_print_errors\fR\|(3)) for more details. +.IP "\fB\s-1ASYNC_NO_JOBS\s0\fR" 4 +.IX Item "ASYNC_NO_JOBS" +There are no jobs currently available in the pool. This call can be retried +again at a later time. +.IP "\fB\s-1ASYNC_PAUSE\s0\fR" 4 +.IX Item "ASYNC_PAUSE" +The job was successfully started but was \*(L"paused\*(R" before it completed (see +\&\fBASYNC_pause_job()\fR below). A handle to the job is placed in \fB*job\fR. Other work +can be performed (if desired) and the job restarted at a later time. To restart +a job call \fBASYNC_start_job()\fR again passing the job handle in \fB*job\fR. The +\&\fBfunc\fR, \fBargs\fR and \fBsize\fR parameters will be ignored when restarting a job. +When restarting a job \fBASYNC_start_job()\fR \fBmust\fR be called from the same thread +that the job was originally started from. +.IP "\fB\s-1ASYNC_FINISH\s0\fR" 4 +.IX Item "ASYNC_FINISH" +The job completed. \fB*job\fR will be \s-1NULL\s0 and the return value from \fBfunc\fR will +be placed in \fB*ret\fR. +.PP +At any one time there can be a maximum of one job actively running per thread +(you can have many that are paused). \fBASYNC_get_current_job()\fR can be used to get +a pointer to the currently executing \s-1ASYNC_JOB.\s0 If no job is currently executing +then this will return \s-1NULL.\s0 +.PP +If executing within the context of a job (i.e. having been called directly or +indirectly by the function \*(L"func\*(R" passed as an argument to \fBASYNC_start_job()\fR) +then \fBASYNC_pause_job()\fR will immediately return control to the calling +application with \s-1ASYNC_PAUSE\s0 returned from the \fBASYNC_start_job()\fR call. A +subsequent call to ASYNC_start_job passing in the relevant \s-1ASYNC_JOB\s0 in the +\&\fB*job\fR parameter will resume execution from the \fBASYNC_pause_job()\fR call. If +\&\fBASYNC_pause_job()\fR is called whilst not within the context of a job then no +action is taken and \fBASYNC_pause_job()\fR returns immediately. +.PP +\&\fBASYNC_get_wait_ctx()\fR can be used to get a pointer to the \s-1ASYNC_WAIT_CTX\s0 +for the \fBjob\fR. ASYNC_WAIT_CTXs can have a \*(L"wait\*(R" file descriptor associated +with them. Applications can wait for the file descriptor to be ready for \*(L"read\*(R" +using a system function call such as select or poll (being ready for \*(L"read\*(R" +indicates that the job should be resumed). If no file descriptor is made +available then an application will have to periodically \*(L"poll\*(R" the job by +attempting to restart it to see if it is ready to continue. +.PP +An example of typical usage might be an async capable engine. User code would +initiate cryptographic operations. The engine would initiate those operations +asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd\fR\|(3) followed by +\&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then +perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other +similar function on the wait file descriptor. The engine can signal to the user +code that the job should be resumed by making the wait file descriptor +\&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait +file descriptor. +.PP +The \fBASYNC_block_pause()\fR function will prevent the currently active job from +pausing. The block will remain in place until a subsequent call to +\&\fBASYNC_unblock_pause()\fR. These functions can be nested, e.g. if you call +\&\fBASYNC_block_pause()\fR twice then you must call \fBASYNC_unblock_pause()\fR twice in +order to re-enable pausing. If these functions are called while there is no +currently active job then they have no effect. This functionality can be useful +to avoid deadlock scenarios. For example during the execution of an \s-1ASYNC_JOB\s0 an +application acquires a lock. It then calls some cryptographic function which +invokes \fBASYNC_pause_job()\fR. This returns control back to the code that created +the \s-1ASYNC_JOB.\s0 If that code then attempts to acquire the same lock before +resuming the original job then a deadlock can occur. By calling +\&\fBASYNC_block_pause()\fR immediately after acquiring the lock and +\&\fBASYNC_unblock_pause()\fR immediately before releasing it then this situation cannot +occur. +.PP +Some platforms cannot support async operations. The \fBASYNC_is_capable()\fR function +can be used to detect whether the current platform is async capable or not. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +ASYNC_init_thread returns 1 on success or 0 otherwise. +.PP +ASYNC_start_job returns one of \s-1ASYNC_ERR, ASYNC_NO_JOBS, ASYNC_PAUSE\s0 or +\&\s-1ASYNC_FINISH\s0 as described above. +.PP +ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when +not within the context of an \s-1ASYNC_JOB\s0 then this is counted as success so 1 is +returned. +.PP +ASYNC_get_current_job returns a pointer to the currently executing \s-1ASYNC_JOB\s0 or +\&\s-1NULL\s0 if not within the context of a job. +.PP +\&\fBASYNC_get_wait_ctx()\fR returns a pointer to the \s-1ASYNC_WAIT_CTX\s0 for the job. +.PP +\&\fBASYNC_is_capable()\fR returns 1 if the current platform is async capable or 0 +otherwise. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example demonstrates how to use most of the core async APIs: +.PP +.Vb 7 +\& #ifdef _WIN32 +\& # include +\& #endif +\& #include +\& #include +\& #include +\& #include +\& +\& int unique = 0; +\& +\& void cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD r, void *vw) +\& { +\& OSSL_ASYNC_FD *w = (OSSL_ASYNC_FD *)vw; +\& +\& close(r); +\& close(*w); +\& OPENSSL_free(w); +\& } +\& +\& int jobfunc(void *arg) +\& { +\& ASYNC_JOB *currjob; +\& unsigned char *msg; +\& int pipefds[2] = {0, 0}; +\& OSSL_ASYNC_FD *wptr; +\& char buf = \*(AqX\*(Aq; +\& +\& currjob = ASYNC_get_current_job(); +\& if (currjob != NULL) { +\& printf("Executing within a job\en"); +\& } else { +\& printf("Not executing within a job \- should not happen\en"); +\& return 0; +\& } +\& +\& msg = (unsigned char *)arg; +\& printf("Passed in message is: %s\en", msg); +\& +\& if (pipe(pipefds) != 0) { +\& printf("Failed to create pipe\en"); +\& return 0; +\& } +\& wptr = OPENSSL_malloc(sizeof(OSSL_ASYNC_FD)); +\& if (wptr == NULL) { +\& printf("Failed to malloc\en"); +\& return 0; +\& } +\& *wptr = pipefds[1]; +\& ASYNC_WAIT_CTX_set_wait_fd(ASYNC_get_wait_ctx(currjob), &unique, +\& pipefds[0], wptr, cleanup); +\& +\& /* +\& * Normally some external event would cause this to happen at some +\& * later point \- but we do it here for demo purposes, i.e. +\& * immediately signalling that the job is ready to be woken up after +\& * we return to main via ASYNC_pause_job(). +\& */ +\& write(pipefds[1], &buf, 1); +\& +\& /* Return control back to main */ +\& ASYNC_pause_job(); +\& +\& /* Clear the wake signal */ +\& read(pipefds[0], &buf, 1); +\& +\& printf ("Resumed the job after a pause\en"); +\& +\& return 1; +\& } +\& +\& int main(void) +\& { +\& ASYNC_JOB *job = NULL; +\& ASYNC_WAIT_CTX *ctx = NULL; +\& int ret; +\& OSSL_ASYNC_FD waitfd; +\& fd_set waitfdset; +\& size_t numfds; +\& unsigned char msg[13] = "Hello world!"; +\& +\& printf("Starting...\en"); +\& +\& ctx = ASYNC_WAIT_CTX_new(); +\& if (ctx == NULL) { +\& printf("Failed to create ASYNC_WAIT_CTX\en"); +\& abort(); +\& } +\& +\& for (;;) { +\& switch (ASYNC_start_job(&job, ctx, &ret, jobfunc, msg, sizeof(msg))) { +\& case ASYNC_ERR: +\& case ASYNC_NO_JOBS: +\& printf("An error occurred\en"); +\& goto end; +\& case ASYNC_PAUSE: +\& printf("Job was paused\en"); +\& break; +\& case ASYNC_FINISH: +\& printf("Job finished with return value %d\en", ret); +\& goto end; +\& } +\& +\& /* Wait for the job to be woken */ +\& printf("Waiting for the job to be woken up\en"); +\& +\& if (!ASYNC_WAIT_CTX_get_all_fds(ctx, NULL, &numfds) +\& || numfds > 1) { +\& printf("Unexpected number of fds\en"); +\& abort(); +\& } +\& ASYNC_WAIT_CTX_get_all_fds(ctx, &waitfd, &numfds); +\& FD_ZERO(&waitfdset); +\& FD_SET(waitfd, &waitfdset); +\& select(waitfd + 1, &waitfdset, NULL, NULL, NULL); +\& } +\& +\& end: +\& ASYNC_WAIT_CTX_free(ctx); +\& printf("Finishing\en"); +\& +\& return 0; +\& } +.Ve +.PP +The expected output from executing the above example program is: +.PP +.Vb 8 +\& Starting... +\& Executing within a job +\& Passed in message is: Hello world! +\& Job was paused +\& Waiting for the job to be woken up +\& Resumed the job after a pause +\& Job finished with return value 1 +\& Finishing +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBERR_print_errors\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +ASYNC_init_thread, ASYNC_cleanup_thread, +ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, \fBASYNC_get_wait_ctx()\fR, +\&\fBASYNC_block_pause()\fR, \fBASYNC_unblock_pause()\fR and \fBASYNC_is_capable()\fR were first +added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BF_encrypt.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BF_encrypt.3 new file mode 100644 index 00000000..19fbc380 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BF_encrypt.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BF_ENCRYPT 3" +.TH BF_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options \- Blowfish encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BF_set_key(BF_KEY *key, int len, const unsigned char *data); +\& +\& void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, +\& BF_KEY *key, int enc); +\& void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, +\& unsigned char *ivec, int enc); +\& void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, +\& unsigned char *ivec, int *num, int enc); +\& void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, +\& unsigned char *ivec, int *num); +\& const char *BF_options(void); +\& +\& void BF_encrypt(BF_LONG *data, const BF_KEY *key); +\& void BF_decrypt(BF_LONG *data, const BF_KEY *key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements the Blowfish cipher, which was invented and described +by Counterpane (see http://www.counterpane.com/blowfish.html ). +.PP +Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. +It uses a variable size key, but typically, 128 bit (16 byte) keys are +considered good for strong encryption. Blowfish can be used in the same +modes as \s-1DES\s0 (see \fBdes_modes\fR\|(7)). Blowfish is currently one +of the faster block ciphers. It is quite a bit faster than \s-1DES,\s0 and much +faster than \s-1IDEA\s0 or \s-1RC2.\s0 +.PP +Blowfish consists of a key setup phase and the actual encryption or decryption +phase. +.PP +\&\fBBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key +at \fBdata\fR. +.PP +\&\fBBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function. +It encrypts or decrypts the first 64 bits of \fBin\fR using the key \fBkey\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) +or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. The vector pointed at by +\&\fBin\fR and \fBout\fR must be 64 bits in length, no less. If they are larger, +everything after the first 64 bits is ignored. +.PP +The mode functions \fBBF_cbc_encrypt()\fR, \fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR +all operate on variable length data. They all take an initialization vector +\&\fBivec\fR which needs to be passed along into the next call of the same function +for the same message. \fBivec\fR may be initialized with anything, but the +recipient needs to know what it was initialized with, or it won't be able +to decrypt. Some programs and protocols simplify this, like \s-1SSH,\s0 where +\&\fBivec\fR is simply initialized to zero. +\&\fBBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while +\&\fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR are used to encrypt an variable +number of bytes (the amount does not have to be an exact multiple of 8). The +purpose of the latter two is to simulate stream ciphers, and therefore, they +need the parameter \fBnum\fR, which is a pointer to an integer where the current +offset in \fBivec\fR is stored between calls. This integer must be initialized +to zero when \fBivec\fR is initialized. +.PP +\&\fBBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish. It +encrypts or decrypts the 64 bits chunks of \fBin\fR using the key \fBschedule\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\s-1BF_ENCRYPT\s0) or +decryption (\s-1BF_DECRYPT\s0) shall be performed. \fBivec\fR must point at an 8 byte +long initialization vector. +.PP +\&\fBBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback. +It encrypts or decrypts the bytes in \fBin\fR using the key \fBschedule\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) +or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. \fBivec\fR must point at an +8 byte long initialization vector. \fBnum\fR must point at an integer which must +be initially zero. +.PP +\&\fBBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback. +It uses the same parameters as \fBBF_cfb64_encrypt()\fR, which must be initialized +the same way. +.PP +\&\fBBF_encrypt()\fR and \fBBF_decrypt()\fR are the lowest level functions for Blowfish +encryption. They encrypt/decrypt the first 64 bits of the vector pointed by +\&\fBdata\fR, using the key \fBkey\fR. These functions should not be used unless you +implement 'modes' of Blowfish. The alternative is to use \fBBF_ecb_encrypt()\fR. +If you still want to use these functions, you should be aware that they take +each 32\-bit chunk in host-byte order, which is little-endian on little-endian +platforms and big-endian on big-endian ones. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions presented here return any value. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these +functions directly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBdes_modes\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_ADDR.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_ADDR.3 new file mode 100644 index 00000000..900b8066 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_ADDR.3 @@ -0,0 +1,253 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_ADDR 3" +.TH BIO_ADDR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_ADDR, BIO_ADDR_new, BIO_ADDR_clear, BIO_ADDR_free, BIO_ADDR_rawmake, BIO_ADDR_family, BIO_ADDR_rawaddress, BIO_ADDR_rawport, BIO_ADDR_hostname_string, BIO_ADDR_service_string, BIO_ADDR_path_string \- BIO_ADDR routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& typedef union bio_addr_st BIO_ADDR; +\& +\& BIO_ADDR *BIO_ADDR_new(void); +\& void BIO_ADDR_free(BIO_ADDR *); +\& void BIO_ADDR_clear(BIO_ADDR *ap); +\& int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, +\& const void *where, size_t wherelen, unsigned short port); +\& int BIO_ADDR_family(const BIO_ADDR *ap); +\& int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); +\& unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); +\& char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); +\& char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); +\& char *BIO_ADDR_path_string(const BIO_ADDR *ap); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1BIO_ADDR\s0\fR type is a wrapper around all types of socket +addresses that OpenSSL deals with, currently transparently +supporting \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX\s0 according to what's +available on the platform at hand. +.PP +\&\fBBIO_ADDR_new()\fR creates a new unfilled \fB\s-1BIO_ADDR\s0\fR, to be used +with routines that will fill it with information, such as +\&\fBBIO_accept_ex()\fR. +.PP +\&\fBBIO_ADDR_free()\fR frees a \fB\s-1BIO_ADDR\s0\fR created with \fBBIO_ADDR_new()\fR. +.PP +\&\fBBIO_ADDR_clear()\fR clears any data held within the provided \fB\s-1BIO_ADDR\s0\fR and sets +it back to an uninitialised state. +.PP +\&\fBBIO_ADDR_rawmake()\fR takes a protocol \fBfamily\fR, an byte array of +size \fBwherelen\fR with an address in network byte order pointed at +by \fBwhere\fR and a port number in network byte order in \fBport\fR (except +for the \fB\s-1AF_UNIX\s0\fR protocol family, where \fBport\fR is meaningless and +therefore ignored) and populates the given \fB\s-1BIO_ADDR\s0\fR with them. +In case this creates a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBwherelen\fR is expected +to be the length of the path string (not including the terminating +\&\s-1NUL,\s0 such as the result of a call to \fBstrlen()\fR). +\&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR. +.PP +\&\fBBIO_ADDR_family()\fR returns the protocol family of the given +\&\fB\s-1BIO_ADDR\s0\fR. The possible non-error results are one of the +constants \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0 It will also return \s-1AF_UNSPEC\s0 if the +\&\s-1BIO_ADDR\s0 has not been initialised. +.PP +\&\fBBIO_ADDR_rawaddress()\fR will write the raw address of the given +\&\fB\s-1BIO_ADDR\s0\fR in the area pointed at by \fBp\fR if \fBp\fR is non-NULL, +and will set \fB*l\fR to be the amount of bytes the raw address +takes up if \fBl\fR is non-NULL. +A technique to only find out the size of the address is a call +with \fBp\fR set to \fB\s-1NULL\s0\fR. The raw address will be in network byte +order, most significant byte first. +In case this is a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBl\fR gets the length of the +path string (not including the terminating \s-1NUL,\s0 such as the result of +a call to \fBstrlen()\fR). +\&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR. +.PP +\&\fBBIO_ADDR_rawport()\fR returns the raw port of the given \fB\s-1BIO_ADDR\s0\fR. +The raw port will be in network byte order. +.PP +\&\fBBIO_ADDR_hostname_string()\fR returns a character string with the +hostname of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR is 1, the string +will contain the numerical form of the address. This only works for +\&\fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0 The +returned string has been allocated on the heap and must be freed +with \fBOPENSSL_free()\fR. +.PP +\&\fBBIO_ADDR_service_string()\fR returns a character string with the +service name of the port of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR +is 1, the string will contain the port number. This only works +for \fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0 The +returned string has been allocated on the heap and must be freed +with \fBOPENSSL_free()\fR. +.PP +\&\fBBIO_ADDR_path_string()\fR returns a character string with the path +of the given \fB\s-1BIO_ADDR\s0\fR. This only works for \fB\s-1BIO_ADDR\s0\fR of the +protocol family \s-1AF_UNIX.\s0 The returned string has been allocated +on the heap and must be freed with \fBOPENSSL_free()\fR. +.SH "RAW ADDRESSES" +.IX Header "RAW ADDRESSES" +Both \fBBIO_ADDR_rawmake()\fR and \fBBIO_ADDR_rawaddress()\fR take a pointer to a +network byte order address of a specific site. Internally, those are +treated as a pointer to \fBstruct in_addr\fR (for \fB\s-1AF_INET\s0\fR), \fBstruct +in6_addr\fR (for \fB\s-1AF_INET6\s0\fR) or \fBchar *\fR (for \fB\s-1AF_UNIX\s0\fR), all +depending on the protocol family the address is for. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The string producing functions \fBBIO_ADDR_hostname_string()\fR, +\&\fBBIO_ADDR_service_string()\fR and \fBBIO_ADDR_path_string()\fR will +return \fB\s-1NULL\s0\fR on error and leave an error indication on the +OpenSSL error stack. +.PP +All other functions described here return 0 or \fB\s-1NULL\s0\fR when the +information they should return isn't available. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_connect\fR\|(3), \fBBIO_s_connect\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_ADDRINFO.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_ADDRINFO.3 new file mode 100644 index 00000000..f787744d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_ADDRINFO.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_ADDRINFO 3" +.TH BIO_ADDRINFO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_lookup_type, BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free, BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol, BIO_ADDRINFO_address, BIO_lookup_ex, BIO_lookup \&\- BIO_ADDRINFO type and routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& typedef union bio_addrinfo_st BIO_ADDRINFO; +\& +\& enum BIO_lookup_type { +\& BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER +\& }; +\& +\& int BIO_lookup_ex(const char *host, const char *service, int lookup_type, +\& int family, int socktype, int protocol, BIO_ADDRINFO **res); +\& int BIO_lookup(const char *node, const char *service, +\& enum BIO_lookup_type lookup_type, +\& int family, int socktype, BIO_ADDRINFO **res); +\& +\& const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); +\& int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); +\& int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); +\& int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); +\& const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); +\& void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1BIO_ADDRINFO\s0\fR type is a wrapper for address information +types provided on your platform. +.PP +\&\fB\s-1BIO_ADDRINFO\s0\fR normally forms a chain of several that can be +picked at one by one. +.PP +\&\fBBIO_lookup_ex()\fR looks up a specified \fBhost\fR and \fBservice\fR, and +uses \fBlookup_type\fR to determine what the default address should +be if \fBhost\fR is \fB\s-1NULL\s0\fR. \fBfamily\fR, \fBsocktype\fR and \fBprotocol\fR are used to +determine what protocol family, socket type and protocol should be used for +the lookup. \fBfamily\fR can be any of \s-1AF_INET, AF_INET6, AF_UNIX\s0 and +\&\s-1AF_UNSPEC.\s0 \fBsocktype\fR can be \s-1SOCK_STREAM, SOCK_DGRAM\s0 or 0. Specifying 0 +indicates that any type can be used. \fBprotocol\fR specifies a protocol such as +\&\s-1IPPROTO_TCP, IPPROTO_UDP\s0 or \s-1IPPORTO_SCTP.\s0 If set to 0 than any protocol can be +used. \fBres\fR points at a pointer to hold the start of a \fB\s-1BIO_ADDRINFO\s0\fR +chain. +.PP +For the family \fB\s-1AF_UNIX\s0\fR, \fBBIO_lookup_ex()\fR will ignore the \fBservice\fR +parameter and expects the \fBnode\fR parameter to hold the path to the +socket file. +.PP +\&\fBBIO_lookup()\fR does the same as \fBBIO_lookup_ex()\fR but does not provide the ability +to select based on the protocol (any protocol may be returned). +.PP +\&\fBBIO_ADDRINFO_family()\fR returns the family of the given +\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants +\&\s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0 +.PP +\&\fBBIO_ADDRINFO_socktype()\fR returns the socket type of the given +\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants +\&\s-1SOCK_STREAM\s0 and \s-1SOCK_DGRAM.\s0 +.PP +\&\fBBIO_ADDRINFO_protocol()\fR returns the protocol id of the given +\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants +\&\s-1IPPROTO_TCP\s0 and \s-1IPPROTO_UDP.\s0 +.PP +\&\fBBIO_ADDRINFO_address()\fR returns the underlying \fB\s-1BIO_ADDR\s0\fR +of the given \fB\s-1BIO_ADDRINFO\s0\fR. +.PP +\&\fBBIO_ADDRINFO_next()\fR returns the next \fB\s-1BIO_ADDRINFO\s0\fR in the chain +from the given one. +.PP +\&\fBBIO_ADDRINFO_free()\fR frees the chain of \fB\s-1BIO_ADDRINFO\s0\fR starting +with the given one. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_lookup_ex()\fR and \fBBIO_lookup()\fR return 1 on success and 0 when an error +occurred, and will leave an error indication on the OpenSSL error stack in that +case. +.PP +All other functions described here return 0 or \fB\s-1NULL\s0\fR when the +information they should return isn't available. +.SH "NOTES" +.IX Header "NOTES" +The \fBBIO_lookup_ex()\fR implementation uses the platform provided \fBgetaddrinfo()\fR +function. On Linux it is known that specifying 0 for the protocol will not +return any \s-1SCTP\s0 based addresses when calling \fBgetaddrinfo()\fR. Therefore if an \s-1SCTP\s0 +address is required then the \fBprotocol\fR parameter to \fBBIO_lookup_ex()\fR should be +explicitly set to \s-1IPPROTO_SCTP.\s0 The same may be true on other platforms. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBIO_lookup_ex()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_connect.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_connect.3 new file mode 100644 index 00000000..860f6da6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_connect.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_CONNECT 3" +.TH BIO_CONNECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket \- BIO socket communication setup routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_socket(int domain, int socktype, int protocol, int options); +\& int BIO_bind(int sock, const BIO_ADDR *addr, int options); +\& int BIO_connect(int sock, const BIO_ADDR *addr, int options); +\& int BIO_listen(int sock, const BIO_ADDR *addr, int options); +\& int BIO_accept_ex(int accept_sock, BIO_ADDR *peer, int options); +\& int BIO_closesocket(int sock); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_socket()\fR creates a socket in the domain \fBdomain\fR, of type +\&\fBsocktype\fR and \fBprotocol\fR. Socket \fBoptions\fR are currently unused, +but is present for future use. +.PP +\&\fBBIO_bind()\fR binds the source address and service to a socket and +may be useful before calling \fBBIO_connect()\fR. The options may include +\&\fB\s-1BIO_SOCK_REUSEADDR\s0\fR, which is described in \*(L"\s-1FLAGS\*(R"\s0 below. +.PP +\&\fBBIO_connect()\fR connects \fBsock\fR to the address and service given by +\&\fBaddr\fR. Connection \fBoptions\fR may be zero or any combination of +\&\fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR and \fB\s-1BIO_SOCK_NODELAY\s0\fR. +The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. +.PP +\&\fBBIO_listen()\fR has \fBsock\fR start listening on the address and service +given by \fBaddr\fR. Connection \fBoptions\fR may be zero or any +combination of \fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, +\&\fB\s-1BIO_SOCK_NODELAY\s0\fR, \fB\s-1BIO_SOCK_REUSEADDR\s0\fR and \fB\s-1BIO_SOCK_V6_ONLY\s0\fR. +The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. +.PP +\&\fBBIO_accept_ex()\fR waits for an incoming connections on the given +socket \fBaccept_sock\fR. When it gets a connection, the address and +port of the peer gets stored in \fBpeer\fR if that one is non-NULL. +Accept \fBoptions\fR may be zero or \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, and is applied +on the accepted socket. The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. +.PP +\&\fBBIO_closesocket()\fR closes \fBsock\fR. +.SH "FLAGS" +.IX Header "FLAGS" +.IP "\s-1BIO_SOCK_KEEPALIVE\s0" 4 +.IX Item "BIO_SOCK_KEEPALIVE" +Enables regular sending of keep-alive messages. +.IP "\s-1BIO_SOCK_NONBLOCK\s0" 4 +.IX Item "BIO_SOCK_NONBLOCK" +Sets the socket to non-blocking mode. +.IP "\s-1BIO_SOCK_NODELAY\s0" 4 +.IX Item "BIO_SOCK_NODELAY" +Corresponds to \fB\s-1TCP_NODELAY\s0\fR, and disables the Nagle algorithm. With +this set, any data will be sent as soon as possible instead of being +buffered until there's enough for the socket to send out in one go. +.IP "\s-1BIO_SOCK_REUSEADDR\s0" 4 +.IX Item "BIO_SOCK_REUSEADDR" +Try to reuse the address and port combination for a recently closed +port. +.IP "\s-1BIO_SOCK_V6_ONLY\s0" 4 +.IX Item "BIO_SOCK_V6_ONLY" +When creating an IPv6 socket, make it only listen for IPv6 addresses +and not IPv4 addresses mapped to IPv6. +.PP +These flags are bit flags, so they are to be combined with the +\&\f(CW\*(C`|\*(C'\fR operator, for example: +.PP +.Vb 1 +\& BIO_connect(sock, addr, BIO_SOCK_KEEPALIVE | BIO_SOCK_NONBLOCK); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_socket()\fR returns the socket number on success or \fB\s-1INVALID_SOCKET\s0\fR +(\-1) on error. When an error has occurred, the OpenSSL error stack +will hold the error data and errno has the system error. +.PP +\&\fBBIO_bind()\fR, \fBBIO_connect()\fR and \fBBIO_listen()\fR return 1 on success or 0 on error. +When an error has occurred, the OpenSSL error stack will hold the error +data and errno has the system error. +.PP +\&\fBBIO_accept_ex()\fR returns the accepted socket on success or +\&\fB\s-1INVALID_SOCKET\s0\fR (\-1) on error. When an error has occurred, the +OpenSSL error stack will hold the error data and errno has the system +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBBIO_ADDR\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBIO_gethostname()\fR, \fBBIO_get_port()\fR, \fBBIO_get_host_ip()\fR, +\&\fBBIO_get_accept_socket()\fR and \fBBIO_accept()\fR were deprecated in OpenSSL 1.1.0. +Use the functions described above instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_ctrl.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_ctrl.3 new file mode 100644 index 00000000..5a641f8d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_ctrl.3 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_CTRL 3" +.TH BIO_CTRL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb \&\- BIO control operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int BIO_info_cb(BIO *b, int state, int res); +\& +\& long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +\& long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb); +\& char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +\& long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +\& +\& int BIO_reset(BIO *b); +\& int BIO_seek(BIO *b, int ofs); +\& int BIO_tell(BIO *b); +\& int BIO_flush(BIO *b); +\& int BIO_eof(BIO *b); +\& int BIO_set_close(BIO *b, long flag); +\& int BIO_get_close(BIO *b); +\& int BIO_pending(BIO *b); +\& int BIO_wpending(BIO *b); +\& size_t BIO_ctrl_pending(BIO *b); +\& size_t BIO_ctrl_wpending(BIO *b); +\& +\& int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp); +\& int BIO_set_info_callback(BIO *b, BIO_info_cb *cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_ctrl()\fR, \fBBIO_callback_ctrl()\fR, \fBBIO_ptr_ctrl()\fR and \fBBIO_int_ctrl()\fR +are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types. +These functions are not normally called directly, various macros +are used instead. The standard macros are described below, macros +specific to a particular type of \s-1BIO\s0 are described in the specific +BIOs manual page as well as any special features of the standard +calls. +.PP +\&\fBBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case +of file related BIOs for example it rewinds the file pointer to the +start of the file. +.PP +\&\fBBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and +\&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file. +.PP +\&\fBBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0 +.PP +\&\fBBIO_flush()\fR normally writes out any internally buffered data, in some +cases it is used to signal \s-1EOF\s0 and that no more data will be written. +.PP +\&\fBBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of +\&\*(L"\s-1EOF\*(R"\s0 varies according to the \s-1BIO\s0 type. +.PP +\&\fBBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can +take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 Typically \s-1BIO_CLOSE\s0 is used +in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should +be closed when the \s-1BIO\s0 is freed. +.PP +\&\fBBIO_get_close()\fR returns the BIOs close flag. +.PP +\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR +return the number of pending characters in the BIOs read and write buffers. +Not all BIOs support these calls. \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR +return a size_t type and are functions, \fBBIO_pending()\fR and \fBBIO_wpending()\fR are +macros which call \fBBIO_ctrl()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File +BIOs are an exception, they return 0 for success and \-1 for failure. +.PP +\&\fBBIO_seek()\fR and \fBBIO_tell()\fR both return the current file position on success +and \-1 for failure, except file BIOs which for \fBBIO_seek()\fR always return 0 +for success and \-1 for failure. +.PP +\&\fBBIO_flush()\fR returns 1 for success and 0 or \-1 for failure. +.PP +\&\fBBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise. +.PP +\&\fBBIO_set_close()\fR always returns 1. +.PP +\&\fBBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 +.PP +\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR +return the amount of pending data. +.SH "NOTES" +.IX Header "NOTES" +\&\fBBIO_flush()\fR, because it can write data may return 0 or \-1 indicating +that the call should be retried later in a similar manner to \fBBIO_write_ex()\fR. +The \fBBIO_should_retry()\fR call should be used and appropriate action taken +is the call fails. +.PP +The return values of \fBBIO_pending()\fR and \fBBIO_wpending()\fR may not reliably +determine the amount of pending data in all cases. For example in the +case of a file \s-1BIO\s0 some data may be available in the \s-1FILE\s0 structures +internal buffers but it is not possible to determine this in a +portably way. For other types of \s-1BIO\s0 they may not be supported. +.PP +Filter BIOs if they do not internally handle a particular \fBBIO_ctrl()\fR +operation usually pass the operation to the next \s-1BIO\s0 in the chain. +This often means there is no need to locate the required \s-1BIO\s0 for +a particular operation, it can be called on a chain and it will +be automatically passed to the relevant \s-1BIO.\s0 However this can cause +unexpected results: for example no current filter BIOs implement +\&\fBBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 +or file descriptor \s-1BIO.\s0 +.PP +Source/sink BIOs return an 0 if they do not recognize the \fBBIO_ctrl()\fR +operation. +.SH "BUGS" +.IX Header "BUGS" +Some of the return values are ambiguous and care should be taken. In +particular a return value of 0 can be returned if an operation is not +supported, if an error occurred, if \s-1EOF\s0 has not been reached and in +the case of \fBBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_base64.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_base64.3 new file mode 100644 index 00000000..c08d55d1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_base64.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_BASE64 3" +.TH BIO_F_BASE64 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_base64 \- base64 BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_base64(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that base64 encodes any data written through it and decodes +any data read through it. +.PP +Base64 BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. +.PP +\&\fBBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is +used to signal that no more data is to be encoded: this is used +to flush the final block through the \s-1BIO.\s0 +.PP +The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fBBIO_set_flags()\fR +to encode the data all on one line or expect the data to be all +on one line. +.SH "NOTES" +.IX Header "NOTES" +Because of the format of base64 encoding the end of the encoded +block cannot always be reliably determined. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Base64 encode the string \*(L"Hello World\en\*(R" and write the result +to standard output: +.PP +.Vb 2 +\& BIO *bio, *b64; +\& char message[] = "Hello World \en"; +\& +\& b64 = BIO_new(BIO_f_base64()); +\& bio = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_push(b64, bio); +\& BIO_write(b64, message, strlen(message)); +\& BIO_flush(b64); +\& +\& BIO_free_all(b64); +.Ve +.PP +Read Base64 encoded data from standard input and write the decoded +data to standard output: +.PP +.Vb 3 +\& BIO *bio, *b64, *bio_out; +\& char inbuf[512]; +\& int inlen; +\& +\& b64 = BIO_new(BIO_f_base64()); +\& bio = BIO_new_fp(stdin, BIO_NOCLOSE); +\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_push(b64, bio); +\& while ((inlen = BIO_read(b64, inbuf, 512)) > 0) +\& BIO_write(bio_out, inbuf, inlen); +\& +\& BIO_flush(bio_out); +\& BIO_free_all(b64); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The ambiguity of \s-1EOF\s0 in base64 encoded data can cause additional +data following the base64 encoded block to be misinterpreted. +.PP +There should be some way of specifying a test that the \s-1BIO\s0 can perform +to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_buffer.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_buffer.3 new file mode 100644 index 00000000..696ccb70 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_buffer.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_BUFFER 3" +.TH BIO_F_BUFFER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_get_buffer_num_lines, BIO_set_read_buffer_size, BIO_set_write_buffer_size, BIO_set_buffer_size, BIO_set_buffer_read_data, BIO_f_buffer \&\- buffering BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_f_buffer(void); +\& +\& long BIO_get_buffer_num_lines(BIO *b); +\& long BIO_set_read_buffer_size(BIO *b, long size); +\& long BIO_set_write_buffer_size(BIO *b, long size); +\& long BIO_set_buffer_size(BIO *b, long size); +\& long BIO_set_buffer_read_data(BIO *b, void *buf, long num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +.PP +Data written to a buffering \s-1BIO\s0 is buffered and periodically written +to the next \s-1BIO\s0 in the chain. Data read from a buffering \s-1BIO\s0 comes from +an internal buffer which is filled from the next \s-1BIO\s0 in the chain. +Both \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported. +.PP +Calling \fBBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data. +.PP +\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered. +.PP +\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR +set the read, write or both read and write buffer sizes to \fBsize\fR. The initial +buffer size is \s-1DEFAULT_BUFFER_SIZE,\s0 currently 4096. Any attempt to reduce the +buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared +when the buffer is resized. +.PP +\&\fBBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR +bytes of \fBbuf\fR. If \fBnum\fR is larger than the current buffer size the buffer +is expanded. +.SH "NOTES" +.IX Header "NOTES" +These functions, other than \fBBIO_f_buffer()\fR, are implemented as macros. +.PP +Buffering BIOs implement \fBBIO_read_ex()\fR and \fBBIO_gets()\fR by using +\&\fBBIO_read_ex()\fR operations on the next \s-1BIO\s0 in the chain and storing the +result in an internal buffer, from which bytes are given back to the +caller as appropriate for the call; a \fBBIO_gets()\fR is guaranteed to give +the caller a whole line, and \fBBIO_read_ex()\fR is guaranteed to give the +caller the number of bytes it asks for, unless there's an error or end +of communication is reached in the next \s-1BIO.\s0 By prepending a +buffering \s-1BIO\s0 to a chain it is therefore possible to provide +\&\fBBIO_gets()\fR or exact size \fBBIO_read_ex()\fR functionality if the following +BIOs do not support it. +.PP +Do not add more than one \fBBIO_f_buffer()\fR to a \s-1BIO\s0 chain. The result of +doing so will force a full read of the size of the internal buffer of +the top \fBBIO_f_buffer()\fR, which is 4 KiB at a minimum. +.PP +Data is only written to the next \s-1BIO\s0 in the chain when the write buffer fills +or when \fBBIO_flush()\fR is called. It is therefore important to call \fBBIO_flush()\fR +whenever any pending data should be written such as when removing a buffering +\&\s-1BIO\s0 using \fBBIO_pop()\fR. \fBBIO_flush()\fR may need to be retried if the ultimate +source/sink \s-1BIO\s0 is non blocking. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +.PP +\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0). +.PP +\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR +return 1 if the buffer was successfully resized or 0 for failure. +.PP +\&\fBBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if +there was an error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBbio\fR\|(7), +\&\fBBIO_reset\fR\|(3), +\&\fBBIO_flush\fR\|(3), +\&\fBBIO_pop\fR\|(3), +\&\fBBIO_ctrl\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_cipher.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_cipher.3 new file mode 100644 index 00000000..adebf229 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_cipher.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_CIPHER 3" +.TH BIO_F_CIPHER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_cipher(void); +\& void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher, +\& unsigned char *key, unsigned char *iv, int enc); +\& int BIO_get_cipher_status(BIO *b) +\& int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that encrypts any data written through it, and decrypts any data +read from it. It is a \s-1BIO\s0 wrapper for the cipher routines +\&\fBEVP_CipherInit()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal()\fR. +.PP +Cipher BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. +.PP +\&\fBBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is +used to signal that no more data is to be encrypted: this is used +to flush and possibly pad the final block through the \s-1BIO.\s0 +.PP +\&\fBBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR +and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for +decryption. +.PP +When reading from an encryption \s-1BIO\s0 the final block is automatically +decrypted and checked when \s-1EOF\s0 is detected. \fBBIO_get_cipher_status()\fR +is a \fBBIO_ctrl()\fR macro which can be called to determine whether the +decryption operation was successful. +.PP +\&\fBBIO_get_cipher_ctx()\fR is a \fBBIO_ctrl()\fR macro which retrieves the internal +\&\s-1BIO\s0 cipher context. The retrieved context can be used in conjunction +with the standard cipher routines to set it up. This is useful when +\&\fBBIO_set_cipher()\fR is not flexible enough for the applications needs. +.SH "NOTES" +.IX Header "NOTES" +When encrypting \fBBIO_flush()\fR \fBmust\fR be called to flush the final block +through the \s-1BIO.\s0 If it is not then the final block will fail a subsequent +decrypt. +.PP +When decrypting an error on the final block is signaled by a zero +return value from the read operation. A successful decrypt followed +by \s-1EOF\s0 will also return zero for the final read. \fBBIO_get_cipher_status()\fR +should be called to determine if the decrypt was successful. +.PP +As always, if \fBBIO_gets()\fR or \fBBIO_puts()\fR support is needed then it can +be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. +.PP +\&\fBBIO_set_cipher()\fR does not return a value. +.PP +\&\fBBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0 +for failure. +.PP +\&\fBBIO_get_cipher_ctx()\fR currently always returns 1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_md.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_md.3 new file mode 100644 index 00000000..c9cb4f11 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_md.3 @@ -0,0 +1,295 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_MD 3" +.TH BIO_F_MD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_md(void); +\& int BIO_set_md(BIO *b, EVP_MD *md); +\& int BIO_get_md(BIO *b, EVP_MD **mdp); +\& int BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that digests any data passed through it, it is a \s-1BIO\s0 wrapper +for the digest routines \fBEVP_DigestInit()\fR, \fBEVP_DigestUpdate()\fR +and \fBEVP_DigestFinal()\fR. +.PP +Any data written or read through a digest \s-1BIO\s0 using \fBBIO_read_ex()\fR and +\&\fBBIO_write_ex()\fR is digested. +.PP +\&\fBBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the +digest calculation and returns the digest value. \fBBIO_puts()\fR is +not supported. +.PP +\&\fBBIO_reset()\fR reinitialises a digest \s-1BIO.\s0 +.PP +\&\fBBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this +must be called to initialize a digest \s-1BIO\s0 before any data is +passed through it. It is a \fBBIO_ctrl()\fR macro. +.PP +\&\fBBIO_get_md()\fR places the a pointer to the digest BIOs digest method +in \fBmdp\fR, it is a \fBBIO_ctrl()\fR macro. +.PP +\&\fBBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR. +.SH "NOTES" +.IX Header "NOTES" +The context returned by \fBBIO_get_md_ctx()\fR can be used in calls +to \fBEVP_DigestFinal()\fR and also the signature routines \fBEVP_SignFinal()\fR +and \fBEVP_VerifyFinal()\fR. +.PP +The context returned by \fBBIO_get_md_ctx()\fR is an internal context +structure. Changes made to this context will affect the digest +\&\s-1BIO\s0 itself and the context pointer will become invalid when the digest +\&\s-1BIO\s0 is freed. +.PP +After the digest has been retrieved from a digest \s-1BIO\s0 it must be +reinitialized by calling \fBBIO_reset()\fR, or \fBBIO_set_md()\fR before any more +data is passed through it. +.PP +If an application needs to call \fBBIO_gets()\fR or \fBBIO_puts()\fR through +a chain containing digest BIOs then this can be done by prepending +a buffering \s-1BIO.\s0 +.PP +Calling \fBBIO_get_md_ctx()\fR will return the context and initialize the \s-1BIO\s0 +state. This allows applications to initialize the context externally +if the standard calls such as \fBBIO_set_md()\fR are not sufficiently flexible. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_md()\fR returns the digest \s-1BIO\s0 method. +.PP +\&\fBBIO_set_md()\fR, \fBBIO_get_md()\fR and \fBBIO_md_ctx()\fR return 1 for success and +0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example creates a \s-1BIO\s0 chain containing an \s-1SHA1\s0 and \s-1MD5\s0 +digest \s-1BIO\s0 and passes the string \*(L"Hello World\*(R" through it. Error +checking has been omitted for clarity. +.PP +.Vb 2 +\& BIO *bio, *mdtmp; +\& char message[] = "Hello World"; +\& +\& bio = BIO_new(BIO_s_null()); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_sha1()); +\& /* +\& * For BIO_push() we want to append the sink BIO and keep a note of +\& * the start of the chain. +\& */ +\& bio = BIO_push(mdtmp, bio); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_md5()); +\& bio = BIO_push(mdtmp, bio); +\& /* Note: mdtmp can now be discarded */ +\& BIO_write(bio, message, strlen(message)); +.Ve +.PP +The next example digests data by reading through a chain instead: +.PP +.Vb 3 +\& BIO *bio, *mdtmp; +\& char buf[1024]; +\& int rdlen; +\& +\& bio = BIO_new_file(file, "rb"); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_sha1()); +\& bio = BIO_push(mdtmp, bio); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_md5()); +\& bio = BIO_push(mdtmp, bio); +\& do { +\& rdlen = BIO_read(bio, buf, sizeof(buf)); +\& /* Might want to do something with the data here */ +\& } while (rdlen > 0); +.Ve +.PP +This next example retrieves the message digests from a \s-1BIO\s0 chain and +outputs them. This could be used with the examples above. +.PP +.Vb 4 +\& BIO *mdtmp; +\& unsigned char mdbuf[EVP_MAX_MD_SIZE]; +\& int mdlen; +\& int i; +\& +\& mdtmp = bio; /* Assume bio has previously been set up */ +\& do { +\& EVP_MD *md; +\& +\& mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD); +\& if (!mdtmp) +\& break; +\& BIO_get_md(mdtmp, &md); +\& printf("%s digest", OBJ_nid2sn(EVP_MD_type(md))); +\& mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE); +\& for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]); +\& printf("\en"); +\& mdtmp = BIO_next(mdtmp); +\& } while (mdtmp); +\& +\& BIO_free_all(bio); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The lack of support for \fBBIO_puts()\fR and the non standard behaviour of +\&\fBBIO_gets()\fR could be regarded as anomalous. It could be argued that \fBBIO_gets()\fR +and \fBBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest +the data passed through and that digests should be retrieved using a +separate \fBBIO_ctrl()\fR call. +.SH "HISTORY" +.IX Header "HISTORY" +Before OpenSSL 1.0.0., the call to \fBBIO_get_md_ctx()\fR would only work if the +\&\s-1BIO\s0 was initialized first. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_null.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_null.3 new file mode 100644 index 00000000..177aef4a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_null.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_NULL 3" +.TH BIO_F_NULL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_null \- null filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_f_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0 +that does nothing. +.PP +All requests to a null filter \s-1BIO\s0 are passed through to the next \s-1BIO\s0 in +the chain: this means that a \s-1BIO\s0 chain containing a null filter \s-1BIO\s0 +behaves just as though the \s-1BIO\s0 was not there. +.SH "NOTES" +.IX Header "NOTES" +As may be apparent a null filter \s-1BIO\s0 is not particularly useful. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_ssl.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_ssl.3 new file mode 100644 index 00000000..797b762b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_f_ssl.3 @@ -0,0 +1,435 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_SSL 3" +.TH BIO_F_SSL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_do_handshake, BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, BIO_ssl_shutdown \- SSL BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_ssl(void); +\& +\& long BIO_set_ssl(BIO *b, SSL *ssl, long c); +\& long BIO_get_ssl(BIO *b, SSL **sslp); +\& long BIO_set_ssl_mode(BIO *b, long client); +\& long BIO_set_ssl_renegotiate_bytes(BIO *b, long num); +\& long BIO_set_ssl_renegotiate_timeout(BIO *b, long seconds); +\& long BIO_get_num_renegotiates(BIO *b); +\& +\& BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +\& BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +\& BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +\& int BIO_ssl_copy_session_id(BIO *to, BIO *from); +\& void BIO_ssl_shutdown(BIO *bio); +\& +\& long BIO_do_handshake(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which +is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to +\&\s-1SSL I/O.\s0 +.PP +I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol with +the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established +then an attempt is made to establish one on the first I/O call. +.PP +If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fBBIO_push()\fR it is automatically +used as the \s-1SSL\s0 BIOs read and write BIOs. +.PP +Calling \fBBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection +by calling \fBSSL_shutdown()\fR. \fBBIO_reset()\fR is then sent to the next \s-1BIO\s0 in +the chain: this will typically disconnect the underlying transport. +The \s-1SSL BIO\s0 is then reset to the initial accept or connect state. +.PP +If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal +\&\s-1SSL\s0 structure is also freed using \fBSSL_free()\fR. +.PP +\&\fBBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using +the close flag \fBc\fR. +.PP +\&\fBBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be +manipulated using the standard \s-1SSL\s0 library functions. +.PP +\&\fBBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR +is 1 client mode is set. If \fBclient\fR is 0 server mode is set. +.PP +\&\fBBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count +to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write) +the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at +least 512 bytes. +.PP +\&\fBBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to +\&\fBseconds\fR. When the renegotiate timeout elapses the session is +automatically renegotiated. +.PP +\&\fBBIO_get_num_renegotiates()\fR returns the total number of session +renegotiations due to I/O or timeout. +.PP +\&\fBBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using +client mode if \fBclient\fR is non zero. +.PP +\&\fBBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an +\&\s-1SSL BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO.\s0 +.PP +\&\fBBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting +of a buffering \s-1BIO,\s0 an \s-1SSL BIO\s0 (using \fBctx\fR) and a connect +\&\s-1BIO.\s0 +.PP +\&\fBBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between +\&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the +\&\s-1SSL\s0 BIOs in each chain and calling \fBSSL_copy_session_id()\fR on +the internal \s-1SSL\s0 pointer. +.PP +\&\fBBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 +chain \fBbio\fR. It does this by locating the \s-1SSL BIO\s0 in the +chain and calling \fBSSL_shutdown()\fR on its internal \s-1SSL\s0 +pointer. +.PP +\&\fBBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the +supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs +to determine if the call should be retried. If an \s-1SSL\s0 connection has +already been established this call has no effect. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport +is non blocking they can still request a retry in exceptional +circumstances. Specifically this will happen if a session +renegotiation takes place during a \fBBIO_read_ex()\fR operation, one +case where this happens is when step up occurs. +.PP +The \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be +set to disable this behaviour. That is when this flag is set +an \s-1SSL BIO\s0 using a blocking transport will never request a +retry. +.PP +Since unknown \fBBIO_ctrl()\fR operations are sent through filter +BIOs the servers name and port can be set using \fBBIO_set_host()\fR +on the \s-1BIO\s0 returned by \fBBIO_new_ssl_connect()\fR without having +to locate the connect \s-1BIO\s0 first. +.PP +Applications do not have to call \fBBIO_do_handshake()\fR but may wish +to do so to separate the handshake process from other I/O +processing. +.PP +\&\fBBIO_set_ssl()\fR, \fBBIO_get_ssl()\fR, \fBBIO_set_ssl_mode()\fR, +\&\fBBIO_set_ssl_renegotiate_bytes()\fR, \fBBIO_set_ssl_renegotiate_timeout()\fR, +\&\fBBIO_get_num_renegotiates()\fR, and \fBBIO_do_handshake()\fR are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_ssl()\fR returns the \s-1SSL\s0 \fB\s-1BIO_METHOD\s0\fR structure. +.PP +\&\fBBIO_set_ssl()\fR, \fBBIO_get_ssl()\fR, \fBBIO_set_ssl_mode()\fR, \fBBIO_set_ssl_renegotiate_bytes()\fR, +\&\fBBIO_set_ssl_renegotiate_timeout()\fR and \fBBIO_get_num_renegotiates()\fR return 1 on +success or a value which is less than or equal to 0 if an error occurred. +.PP +\&\fBBIO_new_ssl()\fR, \fBBIO_new_ssl_connect()\fR and \fBBIO_new_buffer_ssl_connect()\fR return +a valid \fB\s-1BIO\s0\fR structure on success or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBBIO_ssl_copy_session_id()\fR returns 1 on success or 0 on error. +.PP +\&\fBBIO_do_handshake()\fR returns 1 if the connection was established successfully. +A zero or negative value is returned if the connection could not be established. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This \s-1SSL/TLS\s0 client example attempts to retrieve a page from an +\&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the +unencrypted example in \fBBIO_s_connect\fR\|(3). +.PP +.Vb 5 +\& BIO *sbio, *out; +\& int len; +\& char tmpbuf[1024]; +\& SSL_CTX *ctx; +\& SSL *ssl; +\& +\& /* XXX Seed the PRNG if needed. */ +\& +\& ctx = SSL_CTX_new(TLS_client_method()); +\& +\& /* XXX Set verify paths and mode here. */ +\& +\& sbio = BIO_new_ssl_connect(ctx); +\& BIO_get_ssl(sbio, &ssl); +\& if (ssl == NULL) { +\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* Don\*(Aqt want any retries */ +\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); +\& +\& /* XXX We might want to do other things with ssl here */ +\& +\& /* An empty host part means the loopback address */ +\& BIO_set_conn_hostname(sbio, ":https"); +\& +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& if (BIO_do_connect(sbio) <= 0) { +\& fprintf(stderr, "Error connecting to server\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& if (BIO_do_handshake(sbio) <= 0) { +\& fprintf(stderr, "Error establishing SSL connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* XXX Could examine ssl here to get connection info */ +\& +\& BIO_puts(sbio, "GET / HTTP/1.0\en\en"); +\& for (;;) { +\& len = BIO_read(sbio, tmpbuf, 1024); +\& if (len <= 0) +\& break; +\& BIO_write(out, tmpbuf, len); +\& } +\& BIO_free_all(sbio); +\& BIO_free(out); +.Ve +.PP +Here is a simple server example. It makes use of a buffering +\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL BIO\s0 using BIO_gets. +It creates a pseudo web page containing the actual request from +a client and also echoes the request to standard output. +.PP +.Vb 5 +\& BIO *sbio, *bbio, *acpt, *out; +\& int len; +\& char tmpbuf[1024]; +\& SSL_CTX *ctx; +\& SSL *ssl; +\& +\& /* XXX Seed the PRNG if needed. */ +\& +\& ctx = SSL_CTX_new(TLS_server_method()); +\& if (!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM) +\& || !SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM) +\& || !SSL_CTX_check_private_key(ctx)) { +\& fprintf(stderr, "Error setting up SSL_CTX\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* XXX Other things like set verify locations, EDH temp callbacks. */ +\& +\& /* New SSL BIO setup as server */ +\& sbio = BIO_new_ssl(ctx, 0); +\& BIO_get_ssl(sbio, &ssl); +\& if (ssl == NULL) { +\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); +\& bbio = BIO_new(BIO_f_buffer()); +\& sbio = BIO_push(bbio, sbio); +\& acpt = BIO_new_accept("4433"); +\& +\& /* +\& * By doing this when a new connection is established +\& * we automatically have sbio inserted into it. The +\& * BIO chain is now \*(Aqswallowed\*(Aq by the accept BIO and +\& * will be freed when the accept BIO is freed. +\& */ +\& BIO_set_accept_bios(acpt, sbio); +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& +\& /* Setup accept BIO */ +\& if (BIO_do_accept(acpt) <= 0) { +\& fprintf(stderr, "Error setting up accept BIO\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* We only want one connection so remove and free accept BIO */ +\& sbio = BIO_pop(acpt); +\& BIO_free_all(acpt); +\& +\& if (BIO_do_handshake(sbio) <= 0) { +\& fprintf(stderr, "Error in SSL handshake\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent\-type: text/plain\er\en\er\en"); +\& BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en"); +\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); +\& +\& for (;;) { +\& len = BIO_gets(sbio, tmpbuf, 1024); +\& if (len <= 0) +\& break; +\& BIO_write(sbio, tmpbuf, len); +\& BIO_write(out, tmpbuf, len); +\& /* Look for blank line signifying end of headers*/ +\& if (tmpbuf[0] == \*(Aq\er\*(Aq || tmpbuf[0] == \*(Aq\en\*(Aq) +\& break; +\& } +\& +\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); +\& BIO_puts(sbio, "\er\en"); +\& BIO_flush(sbio); +\& BIO_free_all(sbio); +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +In OpenSSL before 1.0.0 the \fBBIO_pop()\fR call was handled incorrectly, +the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of +decremented) and dissociated with the \s-1SSL BIO\s0 even if the \s-1SSL BIO\s0 was not +explicitly being popped (e.g. a pop higher up the chain). Applications which +included workarounds for this bug (e.g. freeing BIOs more than once) should +be modified to handle this fix or they may free up an already freed \s-1BIO.\s0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_find_type.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_find_type.3 new file mode 100644 index 00000000..2ec0d108 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_find_type.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_FIND_TYPE 3" +.TH BIO_FIND_TYPE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_find_type, BIO_next, BIO_method_type \- BIO chain traversal +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *BIO_find_type(BIO *b, int bio_type); +\& BIO *BIO_next(BIO *b); +\& int BIO_method_type(const BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting +at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \fB\s-1BIO_TYPE_MEM\s0\fR) then a search +is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as +\&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is +searched for. \fBBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is +found. +.PP +The following general types are defined: +\&\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR, \fB\s-1BIO_TYPE_FILTER\s0\fR, and \fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR. +.PP +For a list of the specific types, see the \fBopenssl/bio.h\fR header file. +.PP +\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs +in a chain or used in conjunction with \fBBIO_find_type()\fR to find all BIOs of a +certain type. +.PP +\&\fBBIO_method_type()\fR returns the type of a \s-1BIO.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match. +.PP +\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. +.PP +\&\fBBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Traverse a chain looking for digest BIOs: +.PP +.Vb 1 +\& BIO *btmp; +\& +\& btmp = in_bio; /* in_bio is chain to search through */ +\& do { +\& btmp = BIO_find_type(btmp, BIO_TYPE_MD); +\& if (btmp == NULL) +\& break; /* Not found */ +\& /* btmp is a digest BIO, do something with it ...*/ +\& ... +\& +\& btmp = BIO_next(btmp); +\& } while (btmp); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_get_data.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_get_data.3 new file mode 100644 index 00000000..949d5223 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_get_data.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_GET_DATA 3" +.TH BIO_GET_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, BIO_get_shutdown \- functions for managing BIO state information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BIO_set_data(BIO *a, void *ptr); +\& void *BIO_get_data(BIO *a); +\& void BIO_set_init(BIO *a, int init); +\& int BIO_get_init(BIO *a); +\& void BIO_set_shutdown(BIO *a, int shut); +\& int BIO_get_shutdown(BIO *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are mainly useful when implementing a custom \s-1BIO.\s0 +.PP +The \fBBIO_set_data()\fR function associates the custom data pointed to by \fBptr\fR with +the \s-1BIO.\s0 This data can subsequently be retrieved via a call to \fBBIO_get_data()\fR. +This can be used by custom BIOs for storing implementation specific information. +.PP +The \fBBIO_set_init()\fR function sets the value of the \s-1BIO\s0's \*(L"init\*(R" flag to indicate +whether initialisation has been completed for this \s-1BIO\s0 or not. A non-zero value +indicates that initialisation is complete, whilst zero indicates that it is not. +Often initialisation will complete during initial construction of the \s-1BIO.\s0 For +some BIOs however, initialisation may not complete until after additional steps +have occurred (for example through calling custom ctrls). The \fBBIO_get_init()\fR +function returns the value of the \*(L"init\*(R" flag. +.PP +The \fBBIO_set_shutdown()\fR and \fBBIO_get_shutdown()\fR functions set and get the state of +this \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. If set then the underlying resource +is also closed when the \s-1BIO\s0 is freed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_get_data()\fR returns a pointer to the implementation specific custom data +associated with this \s-1BIO,\s0 or \s-1NULL\s0 if none has been set. +.PP +\&\fBBIO_get_init()\fR returns the state of the \s-1BIO\s0's init flag. +.PP +\&\fBBIO_get_shutdown()\fR returns the stat of the \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bio, BIO_meth_new +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_get_ex_new_index.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_get_ex_new_index.3 new file mode 100644 index 00000000..532d0414 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_get_ex_new_index.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_GET_EX_NEW_INDEX 3" +.TH BIO_GET_EX_NEW_INDEX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data, UI_get_ex_new_index, UI_set_ex_data, UI_get_ex_data, X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data, X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data, X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data, DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data, EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data, RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \&\- application\-specific data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int TYPE_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +\& +\& int TYPE_set_ex_data(TYPE *d, int idx, void *arg); +\& +\& void *TYPE_get_ex_data(TYPE *d, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description here, \fI\s-1TYPE\s0\fR is used a placeholder +for any of the OpenSSL datatypes listed in +\&\fBCRYPTO_get_ex_new_index\fR\|(3). +.PP +These functions handle application-specific data for OpenSSL data +structures. +.PP +\&\fBTYPE_get_ex_new_index()\fR is a macro that calls \fBCRYPTO_get_ex_new_index()\fR +with the correct \fBindex\fR value. +.PP +\&\fBTYPE_set_ex_data()\fR is a function that calls \fBCRYPTO_set_ex_data()\fR with +an offset into the opaque exdata part of the \s-1TYPE\s0 object. +.PP +\&\fBTYPE_get_ex_data()\fR is a function that calls \fBCRYPTO_get_ex_data()\fR with +an offset into the opaque exdata part of the \s-1TYPE\s0 object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBTYPE_get_ex_new_index()\fR returns a new index on success or \-1 on error. +.PP +\&\fBTYPE_set_ex_data()\fR returns 1 on success or 0 on error. +.PP +\&\fBTYPE_get_ex_data()\fR returns the application data or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBCRYPTO_get_ex_new_index\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_meth_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_meth_new.3 new file mode 100644 index 00000000..afef7268 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_meth_new.3 @@ -0,0 +1,288 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_METH_NEW 3" +.TH BIO_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_get_new_index, BIO_meth_new, BIO_meth_free, BIO_meth_get_read_ex, BIO_meth_set_read_ex, BIO_meth_get_write_ex, BIO_meth_set_write_ex, BIO_meth_get_write, BIO_meth_set_write, BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, BIO_meth_set_puts, BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, BIO_meth_set_ctrl, BIO_meth_get_create, BIO_meth_set_create, BIO_meth_get_destroy, BIO_meth_set_destroy, BIO_meth_get_callback_ctrl, BIO_meth_set_callback_ctrl \- Routines to build up BIO methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_get_new_index(void); +\& +\& BIO_METHOD *BIO_meth_new(int type, const char *name); +\& +\& void BIO_meth_free(BIO_METHOD *biom); +\& +\& int (*BIO_meth_get_write_ex(const BIO_METHOD *biom))(BIO *, const char *, size_t, +\& size_t *); +\& int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int); +\& int BIO_meth_set_write_ex(BIO_METHOD *biom, +\& int (*bwrite)(BIO *, const char *, size_t, size_t *)); +\& int BIO_meth_set_write(BIO_METHOD *biom, +\& int (*write)(BIO *, const char *, int)); +\& +\& int (*BIO_meth_get_read_ex(const BIO_METHOD *biom))(BIO *, char *, size_t, size_t *); +\& int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int); +\& int BIO_meth_set_read_ex(BIO_METHOD *biom, +\& int (*bread)(BIO *, char *, size_t, size_t *)); +\& int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int)); +\& +\& int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *); +\& int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *)); +\& +\& int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int); +\& int BIO_meth_set_gets(BIO_METHOD *biom, +\& int (*gets)(BIO *, char *, int)); +\& +\& long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *); +\& int BIO_meth_set_ctrl(BIO_METHOD *biom, +\& long (*ctrl)(BIO *, int, long, void *)); +\& +\& int (*BIO_meth_get_create(const BIO_METHOD *bion))(BIO *); +\& int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *)); +\& +\& int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *); +\& int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *)); +\& +\& long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *); +\& int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, +\& long (*callback_ctrl)(BIO *, int, BIO_info_cb *)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1BIO_METHOD\s0\fR type is a structure used for the implementation of new \s-1BIO\s0 +types. It provides a set of functions used by OpenSSL for the implementation +of the various \s-1BIO\s0 capabilities. See the bio page for more information. +.PP +\&\fBBIO_meth_new()\fR creates a new \fB\s-1BIO_METHOD\s0\fR structure. It should be given a +unique integer \fBtype\fR and a string that represents its \fBname\fR. +Use \fBBIO_get_new_index()\fR to get the value for \fBtype\fR. +.PP +The set of +standard OpenSSL provided \s-1BIO\s0 types is provided in \fBbio.h\fR. Some examples +include \fB\s-1BIO_TYPE_BUFFER\s0\fR and \fB\s-1BIO_TYPE_CIPHER\s0\fR. Filter BIOs should have a +type which have the \*(L"filter\*(R" bit set (\fB\s-1BIO_TYPE_FILTER\s0\fR). Source/sink BIOs +should have the \*(L"source/sink\*(R" bit set (\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR). File descriptor +based BIOs (e.g. socket, fd, connect, accept etc) should additionally have the +\&\*(L"descriptor\*(R" bit set (\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR). See the BIO_find_type page for +more information. +.PP +\&\fBBIO_meth_free()\fR destroys a \fB\s-1BIO_METHOD\s0\fR structure and frees up any memory +associated with it. +.PP +\&\fBBIO_meth_get_write_ex()\fR and \fBBIO_meth_set_write_ex()\fR get and set the function +used for writing arbitrary length data to the \s-1BIO\s0 respectively. This function +will be called in response to the application calling \fBBIO_write_ex()\fR or +\&\fBBIO_write()\fR. The parameters for the function have the same meaning as for +\&\fBBIO_write_ex()\fR. Older code may call \fBBIO_meth_get_write()\fR and +\&\fBBIO_meth_set_write()\fR instead. Applications should not call both +\&\fBBIO_meth_set_write_ex()\fR and \fBBIO_meth_set_write()\fR or call \fBBIO_meth_get_write()\fR +when the function was set with \fBBIO_meth_set_write_ex()\fR. +.PP +\&\fBBIO_meth_get_read_ex()\fR and \fBBIO_meth_set_read_ex()\fR get and set the function used +for reading arbitrary length data from the \s-1BIO\s0 respectively. This function will +be called in response to the application calling \fBBIO_read_ex()\fR or \fBBIO_read()\fR. +The parameters for the function have the same meaning as for \fBBIO_read_ex()\fR. +Older code may call \fBBIO_meth_get_read()\fR and \fBBIO_meth_set_read()\fR instead. +Applications should not call both \fBBIO_meth_set_read_ex()\fR and \fBBIO_meth_set_read()\fR +or call \fBBIO_meth_get_read()\fR when the function was set with +\&\fBBIO_meth_set_read_ex()\fR. +.PP +\&\fBBIO_meth_get_puts()\fR and \fBBIO_meth_set_puts()\fR get and set the function used for +writing a \s-1NULL\s0 terminated string to the \s-1BIO\s0 respectively. This function will be +called in response to the application calling \fBBIO_puts()\fR. The parameters for +the function have the same meaning as for \fBBIO_puts()\fR. +.PP +\&\fBBIO_meth_get_gets()\fR and \fBBIO_meth_set_gets()\fR get and set the function typically +used for reading a line of data from the \s-1BIO\s0 respectively (see the \fBBIO_gets\fR\|(3) +page for more information). This function will be called in response to the +application calling \fBBIO_gets()\fR. The parameters for the function have the same +meaning as for \fBBIO_gets()\fR. +.PP +\&\fBBIO_meth_get_ctrl()\fR and \fBBIO_meth_set_ctrl()\fR get and set the function used for +processing ctrl messages in the \s-1BIO\s0 respectively. See the BIO_ctrl page for +more information. This function will be called in response to the application +calling \fBBIO_ctrl()\fR. The parameters for the function have the same meaning as for +\&\fBBIO_ctrl()\fR. +.PP +\&\fBBIO_meth_get_create()\fR and \fBBIO_meth_set_create()\fR get and set the function used +for creating a new instance of the \s-1BIO\s0 respectively. This function will be +called in response to the application calling \fBBIO_new()\fR and passing +in a pointer to the current \s-1BIO_METHOD.\s0 The \fBBIO_new()\fR function will allocate the +memory for the new \s-1BIO,\s0 and a pointer to this newly allocated structure will +be passed as a parameter to the function. +.PP +\&\fBBIO_meth_get_destroy()\fR and \fBBIO_meth_set_destroy()\fR get and set the function used +for destroying an instance of a \s-1BIO\s0 respectively. This function will be +called in response to the application calling \fBBIO_free()\fR. A pointer to the \s-1BIO\s0 +to be destroyed is passed as a parameter. The destroy function should be used +for \s-1BIO\s0 specific clean up. The memory for the \s-1BIO\s0 itself should not be freed by +this function. +.PP +\&\fBBIO_meth_get_callback_ctrl()\fR and \fBBIO_meth_set_callback_ctrl()\fR get and set the +function used for processing callback ctrl messages in the \s-1BIO\s0 respectively. See +the \fBBIO_callback_ctrl\fR\|(3) page for more information. This function will be called +in response to the application calling \fBBIO_callback_ctrl()\fR. The parameters for +the function have the same meaning as for \fBBIO_callback_ctrl()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_get_new_index()\fR returns the new \s-1BIO\s0 type value or \-1 if an error occurred. +.PP +BIO_meth_new(int type, const char *name) returns a valid \fB\s-1BIO_METHOD\s0\fR or \s-1NULL\s0 +if an error occurred. +.PP +The \fBBIO_meth_set\fR functions return 1 on success or 0 on error. +.PP +The \fBBIO_meth_get\fR functions return the corresponding function pointers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bio, BIO_find_type, BIO_ctrl, BIO_read_ex, BIO_new +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_new.3 new file mode 100644 index 00000000..a2f9290d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_new.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_NEW 3" +.TH BIO_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all \&\- BIO allocation and freeing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO * BIO_new(const BIO_METHOD *type); +\& int BIO_up_ref(BIO *a); +\& int BIO_free(BIO *a); +\& void BIO_vfree(BIO *a); +\& void BIO_free_all(BIO *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR. +.PP +\&\fBBIO_up_ref()\fR increments the reference count associated with the \s-1BIO\s0 object. +.PP +\&\fBBIO_free()\fR frees up a single \s-1BIO,\s0 \fBBIO_vfree()\fR also frees up a single \s-1BIO\s0 +but it does not return a value. +If \fBa\fR is \s-1NULL\s0 nothing is done. +Calling \fBBIO_free()\fR may also have some effect +on the underlying I/O structure, for example it may close the file being +referred to under certain circumstances. For more details see the individual +\&\s-1BIO_METHOD\s0 descriptions. +.PP +\&\fBBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error +occurs freeing up an individual \s-1BIO\s0 in the chain. +If \fBa\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails. +.PP +\&\fBBIO_up_ref()\fR and \fBBIO_free()\fR return 1 for success and 0 for failure. +.PP +\&\fBBIO_free_all()\fR and \fBBIO_vfree()\fR do not return values. +.SH "NOTES" +.IX Header "NOTES" +If \fBBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting +in a memory leak. +.PP +Calling \fBBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling \fBBIO_free()\fR +on it other than the discarded return value. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBIO_set()\fR was removed in OpenSSL 1.1.0 as \s-1BIO\s0 type is now opaque. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a memory \s-1BIO:\s0 +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_new_CMS.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_new_CMS.3 new file mode 100644 index 00000000..8a468cfd --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_new_CMS.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_NEW_CMS 3" +.TH BIO_NEW_CMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_new_CMS \- CMS streaming filter BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output +of the filter is written to \fBout\fR. Any data written to the chain is +automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appropriate type. +.SH "NOTES" +.IX Header "NOTES" +The chain returned by this function behaves like a standard filter \s-1BIO.\s0 It +supports non blocking I/O. Content is processed and streamed on the fly and not +all held in memory at once: so it is possible to encode very large structures. +After all content has been written through the chain \fBBIO_flush()\fR must be called +to finalise the structure. +.PP +The \fB\s-1CMS_STREAM\s0\fR flag must be included in the corresponding \fBflags\fR +parameter of the \fBcms\fR creation function. +.PP +If an application wishes to write additional data to \fBout\fR BIOs should be +removed from the chain using \fBBIO_pop()\fR and freed with \fBBIO_free()\fR until \fBout\fR +is reached. If no additional data needs to be written \fBBIO_free_all()\fR can be +called to free up the whole chain. +.PP +Any content written through the filter is used verbatim: no canonical +translation is performed. +.PP +It is possible to chain multiple BIOs to, for example, create a triple wrapped +signed, enveloped, signed structure. In this case it is the applications +responsibility to set the inner content type of any outer CMS_ContentInfo +structures. +.PP +Large numbers of small writes through the chain should be avoided as this will +produce an output consisting of lots of \s-1OCTET STRING\s0 structures. Prepending +a \fBBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this. +.SH "BUGS" +.IX Header "BUGS" +There is currently no corresponding inverse \s-1BIO:\s0 i.e. one which can decode +a \s-1CMS\s0 structure on the fly. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBIO_new_CMS()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_parse_hostserv.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_parse_hostserv.3 new file mode 100644 index 00000000..f344b875 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_parse_hostserv.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_PARSE_HOSTSERV 3" +.TH BIO_PARSE_HOSTSERV 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_hostserv_priorities, BIO_parse_hostserv \&\- utility routines to parse a standard host and service string +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& enum BIO_hostserv_priorities { +\& BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV +\& }; +\& int BIO_parse_hostserv(const char *hostserv, char **host, char **service, +\& enum BIO_hostserv_priorities hostserv_prio); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_parse_hostserv()\fR will parse the information given in \fBhostserv\fR, +create strings with the host name and service name and give those +back via \fBhost\fR and \fBservice\fR. Those will need to be freed after +they are used. \fBhostserv_prio\fR helps determine if \fBhostserv\fR shall +be interpreted primarily as a host name or a service name in ambiguous +cases. +.PP +The syntax the \fBBIO_parse_hostserv()\fR recognises is: +.PP +.Vb 7 +\& host + \*(Aq:\*(Aq + service +\& host + \*(Aq:\*(Aq + \*(Aq*\*(Aq +\& host + \*(Aq:\*(Aq +\& \*(Aq:\*(Aq + service +\& \*(Aq*\*(Aq + \*(Aq:\*(Aq + service +\& host +\& service +.Ve +.PP +The host part can be a name or an \s-1IP\s0 address. If it's a IPv6 +address, it \s-1MUST\s0 be enclosed in brackets, such as '[::1]'. +.PP +The service part can be a service name or its port number. +.PP +The returned values will depend on the given \fBhostserv\fR string +and \fBhostserv_prio\fR, as follows: +.PP +.Vb 5 +\& host + \*(Aq:\*(Aq + service => *host = "host", *service = "service" +\& host + \*(Aq:\*(Aq + \*(Aq*\*(Aq => *host = "host", *service = NULL +\& host + \*(Aq:\*(Aq => *host = "host", *service = NULL +\& \*(Aq:\*(Aq + service => *host = NULL, *service = "service" +\& \*(Aq*\*(Aq + \*(Aq:\*(Aq + service => *host = NULL, *service = "service" +\& +\& in case no \*(Aq:\*(Aq is present in the string, the result depends on +\& hostserv_prio, as follows: +\& +\& when hostserv_prio == BIO_PARSE_PRIO_HOST +\& host => *host = "host", *service untouched +\& +\& when hostserv_prio == BIO_PARSE_PRIO_SERV +\& service => *host untouched, *service = "service" +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_parse_hostserv()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBBIO_ADDRINFO\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_printf.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_printf.3 new file mode 100644 index 00000000..3d981a14 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_printf.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_PRINTF 3" +.TH BIO_PRINTF 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf \&\- formatted output to a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_printf(BIO *bio, const char *format, ...) +\& int BIO_vprintf(BIO *bio, const char *format, va_list args) +\& +\& int BIO_snprintf(char *buf, size_t n, const char *format, ...) +\& int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_printf()\fR is similar to the standard C \fBprintf()\fR function, except that +the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard +output. All common format specifiers are supported. +.PP +\&\fBBIO_vprintf()\fR is similar to the \fBvprintf()\fR function found on many platforms, +the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard +output. All common format specifiers are supported. The argument +list \fBargs\fR is a stdarg argument list. +.PP +\&\fBBIO_snprintf()\fR is for platforms that do not have the common \fBsnprintf()\fR +function. It is like \fBsprintf()\fR except that the size parameter, \fBn\fR, +specifies the size of the output buffer. +.PP +\&\fBBIO_vsnprintf()\fR is to \fBBIO_snprintf()\fR as \fBBIO_vprintf()\fR is to \fBBIO_printf()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions return the number of bytes written, or \-1 on error. +For \fBBIO_snprintf()\fR and \fBBIO_vsnprintf()\fR this includes when the output +buffer is too small. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_push.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_push.3 new file mode 100644 index 00000000..e1386735 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_push.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_PUSH 3" +.TH BIO_PUSH 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_push, BIO_pop, BIO_set_next \- add and remove BIOs from a chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *BIO_push(BIO *b, BIO *append); +\& BIO *BIO_pop(BIO *b); +\& void BIO_set_next(BIO *b, BIO *next); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns +\&\fBb\fR. +.PP +\&\fBBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0 +in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 The removed \s-1BIO\s0 then +becomes a single \s-1BIO\s0 with no association with the original chain, +it can thus be freed or attached to a different chain. +.PP +\&\fBBIO_set_next()\fR replaces the existing next \s-1BIO\s0 in a chain with the \s-1BIO\s0 pointed to +by \fBnext\fR. The new chain may include some of the same BIOs from the old chain +or it may be completely different. +.SH "NOTES" +.IX Header "NOTES" +The names of these functions are perhaps a little misleading. \fBBIO_push()\fR +joins two \s-1BIO\s0 chains whereas \fBBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain, +the deleted \s-1BIO\s0 does not need to be at the end of a chain. +.PP +The process of calling \fBBIO_push()\fR and \fBBIO_pop()\fR on a \s-1BIO\s0 may have additional +consequences (a control call is made to the affected BIOs) any effects will +be noted in the descriptions of individual BIOs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_push()\fR returns the end of the chain, \fBb\fR. +.PP +\&\fBBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next +\&\s-1BIO.\s0 +.SH "EXAMPLES" +.IX Header "EXAMPLES" +For these examples suppose \fBmd1\fR and \fBmd2\fR are digest BIOs, \fBb64\fR is +a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO.\s0 +.PP +If the call: +.PP +.Vb 1 +\& BIO_push(b64, f); +.Ve +.PP +is made then the new chain will be \fBb64\-f\fR. After making the calls +.PP +.Vb 2 +\& BIO_push(md2, b64); +\& BIO_push(md1, md2); +.Ve +.PP +the new chain is \fBmd1\-md2\-b64\-f\fR. Data written to \fBmd1\fR will be digested +by \fBmd1\fR and \fBmd2\fR, \fBbase64\fR encoded and written to \fBf\fR. +.PP +It should be noted that reading causes data to pass in the reverse +direction, that is data is read from \fBf\fR, base64 \fBdecoded\fR and digested +by \fBmd1\fR and \fBmd2\fR. If the call: +.PP +.Vb 1 +\& BIO_pop(md2); +.Ve +.PP +The call will return \fBb64\fR and the new chain will be \fBmd1\-b64\-f\fR data can +be written to \fBmd1\fR as before. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bio +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBIO_set_next()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_read.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_read.3 new file mode 100644 index 00000000..1dad2173 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_read.3 @@ -0,0 +1,226 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_READ 3" +.TH BIO_READ 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts \&\- BIO I/O functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +\& int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +\& +\& int BIO_read(BIO *b, void *data, int dlen); +\& int BIO_gets(BIO *b, char *buf, int size); +\& int BIO_write(BIO *b, const void *data, int dlen); +\& int BIO_puts(BIO *b, const char *buf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_read_ex()\fR attempts to read \fBdlen\fR bytes from \s-1BIO\s0 \fBb\fR and places the data +in \fBdata\fR. If any bytes were successfully read then the number of bytes read is +stored in \fB*readbytes\fR. +.PP +\&\fBBIO_write_ex()\fR attempts to write \fBdlen\fR bytes from \fBdata\fR to \s-1BIO\s0 \fBb\fR. If +successful then the number of bytes written is stored in \fB*written\fR. +.PP +\&\fBBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places +the data in \fBbuf\fR. +.PP +\&\fBBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data +in \fBbuf\fR. Usually this operation will attempt to read a line of data +from the \s-1BIO\s0 of maximum length \fBsize\-1\fR. There are exceptions to this, +however; for example, \fBBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and +return the digest and other BIOs may not support \fBBIO_gets()\fR at all. +The returned string is always NUL-terminated and the '\en' is preserved +if present in the input data. +.PP +\&\fBBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +.PP +\&\fBBIO_puts()\fR attempts to write a NUL-terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR return 1 if data was successfully read or +written, and 0 otherwise. +.PP +All other functions return either the amount of data successfully read or +written (if the return value is positive) or that no data was successfully +read or written if the result is 0 or \-1. If the return value is \-2 then +the operation is not implemented in the specific \s-1BIO\s0 type. The trailing +\&\s-1NUL\s0 is not included in the length returned by \fBBIO_gets()\fR. +.SH "NOTES" +.IX Header "NOTES" +A 0 or \-1 return is not necessarily an indication of an error. In +particular when the source/sink is non-blocking or of a certain type +it may merely be an indication that no data is currently available and that +the application should retry the operation later. +.PP +One technique sometimes used with blocking sockets is to use a system call +(such as \fBselect()\fR, \fBpoll()\fR or equivalent) to determine when data is available +and then call \fBread()\fR to read the data. The equivalent with BIOs (that is call +\&\fBselect()\fR on the underlying I/O structure and then call \fBBIO_read()\fR to +read the data) should \fBnot\fR be used because a single call to \fBBIO_read()\fR +can cause several reads (and writes in the case of \s-1SSL\s0 BIOs) on the underlying +I/O structure and may block as a result. Instead \fBselect()\fR (or equivalent) +should be combined with non blocking I/O so successive reads will request +a retry instead of blocking. +.PP +See \fBBIO_should_retry\fR\|(3) for details of how to +determine the cause of a retry and other I/O issues. +.PP +If the \fBBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to +work around this by adding a buffering \s-1BIO\s0 \fBBIO_f_buffer\fR\|(3) +to the chain. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_should_retry\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBIO_gets()\fR on 1.1.0 and older when called on \fBBIO_fd()\fR based \s-1BIO\s0 does not +keep the '\en' at the end of the line in the buffer. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_accept.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_accept.3 new file mode 100644 index 00000000..b65d29f4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_accept.3 @@ -0,0 +1,365 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_ACCEPT 3" +.TH BIO_S_ACCEPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, BIO_get_peer_name, BIO_get_peer_port, BIO_get_accept_ip_family, BIO_set_accept_ip_family, BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept \- accept BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_accept(void); +\& +\& long BIO_set_accept_name(BIO *b, char *name); +\& char *BIO_get_accept_name(BIO *b); +\& +\& long BIO_set_accept_port(BIO *b, char *port); +\& char *BIO_get_accept_port(BIO *b); +\& +\& BIO *BIO_new_accept(char *host_port); +\& +\& long BIO_set_nbio_accept(BIO *b, int n); +\& long BIO_set_accept_bios(BIO *b, char *bio); +\& +\& char *BIO_get_peer_name(BIO *b); +\& char *BIO_get_peer_port(BIO *b); +\& long BIO_get_accept_ip_family(BIO *b); +\& long BIO_set_accept_ip_family(BIO *b, long family); +\& +\& long BIO_set_bind_mode(BIO *b, long mode); +\& long BIO_get_bind_mode(BIO *b); +\& +\& int BIO_do_accept(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper +round the platform's \s-1TCP/IP\s0 socket accept routines. +.PP +Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data +transferred using only \s-1BIO\s0 routines. In this way any platform +specific operations are hidden by the \s-1BIO\s0 abstraction. +.PP +Read and write operations on an accept \s-1BIO\s0 will perform I/O +on the underlying connection. If no connection is established +and the port (see below) is set up properly then the \s-1BIO\s0 +waits for an incoming connection. +.PP +Accept BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. +.PP +If the close flag is set on an accept \s-1BIO\s0 then any active +connection on that chain is shutdown and the socket closed when +the \s-1BIO\s0 is freed. +.PP +Calling \fBBIO_reset()\fR on an accept \s-1BIO\s0 will close any active +connection and reset the \s-1BIO\s0 into a state where it awaits another +incoming connection. +.PP +\&\fBBIO_get_fd()\fR and \fBBIO_set_fd()\fR can be called to retrieve or set +the accept socket. See \fBBIO_s_fd\fR\|(3) +.PP +\&\fBBIO_set_accept_name()\fR uses the string \fBname\fR to set the accept +name. The name is represented as a string of the form \*(L"host:port\*(R", +where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port. +The host can be \*(L"*\*(R" or empty which is interpreted as meaning +any interface. If the host is an IPv6 address, it has to be +enclosed in brackets, for example \*(L"[::1]:https\*(R". \*(L"port\*(R" has the +same syntax as the port specified in \fBBIO_set_conn_port()\fR for +connect BIOs, that is it can be a numerical port string or a +string to lookup using \fBgetservbyname()\fR and a string table. +.PP +\&\fBBIO_set_accept_port()\fR uses the string \fBport\fR to set the accept +port. \*(L"port\*(R" has the same syntax as the port specified in +\&\fBBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical +port string or a string to lookup using \fBgetservbyname()\fR and a string +table. +.PP +\&\fBBIO_new_accept()\fR combines \fBBIO_new()\fR and \fBBIO_set_accept_name()\fR into +a single call: that is it creates a new accept \s-1BIO\s0 with port +\&\fBhost_port\fR. +.PP +\&\fBBIO_set_nbio_accept()\fR sets the accept socket to blocking mode +(the default) if \fBn\fR is 0 or non blocking mode if \fBn\fR is 1. +.PP +\&\fBBIO_set_accept_bios()\fR can be used to set a chain of BIOs which +will be duplicated and prepended to the chain when an incoming +connection is received. This is useful if, for example, a +buffering or \s-1SSL BIO\s0 is required for each connection. The +chain of BIOs must not be freed after this call, they will +be automatically freed when the accept \s-1BIO\s0 is freed. +.PP +\&\fBBIO_set_bind_mode()\fR and \fBBIO_get_bind_mode()\fR set and retrieve +the current bind mode. If \fB\s-1BIO_BIND_NORMAL\s0\fR (the default) is set +then another socket cannot be bound to the same port. If +\&\fB\s-1BIO_BIND_REUSEADDR\s0\fR is set then other sockets can bind to the +same port. If \fB\s-1BIO_BIND_REUSEADDR_IF_UNUSED\s0\fR is set then and +attempt is first made to use \s-1BIO_BIN_NORMAL,\s0 if this fails +and the port is not in use then a second attempt is made +using \fB\s-1BIO_BIND_REUSEADDR\s0\fR. +.PP +\&\fBBIO_do_accept()\fR serves two functions. When it is first +called, after the accept \s-1BIO\s0 has been setup, it will attempt +to create the accept socket and bind an address to it. Second +and subsequent calls to \fBBIO_do_accept()\fR will await an incoming +connection, or request a retry in non blocking mode. +.SH "NOTES" +.IX Header "NOTES" +When an accept \s-1BIO\s0 is at the end of a chain it will await an +incoming connection before processing I/O calls. When an accept +\&\s-1BIO\s0 is not at then end of a chain it passes I/O calls to the next +\&\s-1BIO\s0 in the chain. +.PP +When a connection is established a new socket \s-1BIO\s0 is created for +the connection and appended to the chain. That is the chain is now +accept\->socket. This effectively means that attempting I/O on +an initial accept socket will await an incoming connection then +perform I/O on it. +.PP +If any additional BIOs have been set using \fBBIO_set_accept_bios()\fR +then they are placed between the socket and the accept \s-1BIO,\s0 +that is the chain will be accept\->otherbios\->socket. +.PP +If a server wishes to process multiple connections (as is normally +the case) then the accept \s-1BIO\s0 must be made available for further +incoming connections. This can be done by waiting for a connection and +then calling: +.PP +.Vb 1 +\& connection = BIO_pop(accept); +.Ve +.PP +After this call \fBconnection\fR will contain a \s-1BIO\s0 for the recently +established connection and \fBaccept\fR will now be a single \s-1BIO\s0 +again which can be used to await further incoming connections. +If no further connections will be accepted the \fBaccept\fR can +be freed using \fBBIO_free()\fR. +.PP +If only a single connection will be processed it is possible to +perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable +however because the accept \s-1BIO\s0 will still accept additional incoming +connections. This can be resolved by using \fBBIO_pop()\fR (see above) +and freeing up the accept \s-1BIO\s0 after the initial connection. +.PP +If the underlying accept socket is non-blocking and \fBBIO_do_accept()\fR is +called to await an incoming connection it is possible for +\&\fBBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens +then it is an indication that an accept attempt would block: the application +should take appropriate action to wait until the underlying socket has +accepted a connection and retry the call. +.PP +\&\fBBIO_set_accept_name()\fR, \fBBIO_get_accept_name()\fR, \fBBIO_set_accept_port()\fR, +\&\fBBIO_get_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, \fBBIO_set_accept_bios()\fR, +\&\fBBIO_get_peer_name()\fR, \fBBIO_get_peer_port()\fR, +\&\fBBIO_get_accept_ip_family()\fR, \fBBIO_set_accept_ip_family()\fR, +\&\fBBIO_set_bind_mode()\fR, \fBBIO_get_bind_mode()\fR and \fBBIO_do_accept()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_do_accept()\fR, +\&\fBBIO_set_accept_name()\fR, \fBBIO_set_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, +\&\fBBIO_set_accept_bios()\fR, \fBBIO_set_accept_ip_family()\fR, and \fBBIO_set_bind_mode()\fR +return 1 for success and 0 or \-1 for failure. +.PP +\&\fBBIO_get_accept_name()\fR returns the accept name or \s-1NULL\s0 on error. +\&\fBBIO_get_peer_name()\fR returns the peer name or \s-1NULL\s0 on error. +.PP +\&\fBBIO_get_accept_port()\fR returns the accept port as a string or \s-1NULL\s0 on error. +\&\fBBIO_get_peer_port()\fR returns the peer port as a string or \s-1NULL\s0 on error. +\&\fBBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family or \-1 on error. +.PP +\&\fBBIO_get_bind_mode()\fR returns the set of \fB\s-1BIO_BIND\s0\fR flags, or \-1 on failure. +.PP +\&\fBBIO_new_accept()\fR returns a \s-1BIO\s0 or \s-1NULL\s0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example accepts two connections on port 4444, sends messages +down each and finally closes both down. +.PP +.Vb 1 +\& BIO *abio, *cbio, *cbio2; +\& +\& /* First call to BIO_accept() sets up accept BIO */ +\& abio = BIO_new_accept("4444"); +\& if (BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error setting up accept\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* Wait for incoming connection */ +\& if (BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error accepting connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& fprintf(stderr, "Connection 1 established\en"); +\& +\& /* Retrieve BIO for connection */ +\& cbio = BIO_pop(abio); +\& BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\en"); +\& fprintf(stderr, "Sent out data on connection 1\en"); +\& +\& /* Wait for another connection */ +\& if (BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error accepting connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& fprintf(stderr, "Connection 2 established\en"); +\& +\& /* Close accept BIO to refuse further connections */ +\& cbio2 = BIO_pop(abio); +\& BIO_free(abio); +\& BIO_puts(cbio2, "Connection 2: Sending out Data on second\en"); +\& fprintf(stderr, "Sent out data on connection 2\en"); +\& +\& BIO_puts(cbio, "Connection 1: Second connection established\en"); +\& +\& /* Close the two established connections */ +\& BIO_free(cbio); +\& BIO_free(cbio2); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_bio.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_bio.3 new file mode 100644 index 00000000..1ef52461 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_bio.3 @@ -0,0 +1,329 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_BIO 3" +.TH BIO_S_BIO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request, BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request \- BIO pair BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_bio(void); +\& +\& int BIO_make_bio_pair(BIO *b1, BIO *b2); +\& int BIO_destroy_bio_pair(BIO *b); +\& int BIO_shutdown_wr(BIO *b); +\& +\& int BIO_set_write_buf_size(BIO *b, long size); +\& size_t BIO_get_write_buf_size(BIO *b, long size); +\& +\& int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); +\& +\& int BIO_get_write_guarantee(BIO *b); +\& size_t BIO_ctrl_get_write_guarantee(BIO *b); +\& int BIO_get_read_request(BIO *b); +\& size_t BIO_ctrl_get_read_request(BIO *b); +\& int BIO_ctrl_reset_read_request(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink +BIOs where data written to either half of the pair is buffered and can be read from +the other half. Both halves must usually by handled by the same application thread +since no locking is done on the internal data structures. +.PP +Since \s-1BIO\s0 chains typically end in a source/sink \s-1BIO\s0 it is possible to make this +one half of a \s-1BIO\s0 pair and have all the data processed by the chain under application +control. +.PP +One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL I/O\s0 under application control, this +can be used when the application wishes to use a non standard transport for +\&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate. +.PP +Calls to \fBBIO_read_ex()\fR will read data from the buffer or request a retry if no +data is available. +.PP +Calls to \fBBIO_write_ex()\fR will place data in the buffer or request a retry if the +buffer is full. +.PP +The standard calls \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR can be used to +determine the amount of pending data in the read or write buffer. +.PP +\&\fBBIO_reset()\fR clears any data in the write buffer. +.PP +\&\fBBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair. +.PP +\&\fBBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing +up any half of the pair will automatically destroy the association. +.PP +\&\fBBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further +writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other +half of the pair will return any pending data or \s-1EOF\s0 when all pending data has +been read. +.PP +\&\fBBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR. +If the size is not initialized a default value is used. This is currently +17K, sufficient for a maximum size \s-1TLS\s0 record. +.PP +\&\fBBIO_get_write_buf_size()\fR returns the size of the write buffer. +.PP +\&\fBBIO_new_bio_pair()\fR combines the calls to \fBBIO_new()\fR, \fBBIO_make_bio_pair()\fR and +\&\fBBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR +with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is +zero then the default size is used. \fBBIO_new_bio_pair()\fR does not check whether +\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO,\s0 the values are overwritten, +\&\fBBIO_free()\fR is not called. +.PP +\&\fBBIO_get_write_guarantee()\fR and \fBBIO_ctrl_get_write_guarantee()\fR return the maximum +length of data that can be currently written to the \s-1BIO.\s0 Writes larger than this +value will return a value from \fBBIO_write_ex()\fR less than the amount requested or +if the buffer is full request a retry. \fBBIO_ctrl_get_write_guarantee()\fR is a +function whereas \fBBIO_get_write_guarantee()\fR is a macro. +.PP +\&\fBBIO_get_read_request()\fR and \fBBIO_ctrl_get_read_request()\fR return the +amount of data requested, or the buffer size if it is less, if the +last read attempt at the other half of the \s-1BIO\s0 pair failed due to an +empty buffer. This can be used to determine how much data should be +written to the \s-1BIO\s0 so the next read will succeed: this is most useful +in \s-1TLS/SSL\s0 applications where the amount of data read is usually +meaningful rather than just a buffer size. After a successful read +this call will return zero. It also will return zero once new data +has been written satisfying the read request or part of it. +Note that \fBBIO_get_read_request()\fR never returns an amount larger +than that returned by \fBBIO_get_write_guarantee()\fR. +.PP +\&\fBBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by +\&\fBBIO_get_read_request()\fR to zero. +.SH "NOTES" +.IX Header "NOTES" +Both halves of a \s-1BIO\s0 pair should be freed. That is even if one half is implicit +freed due to a \fBBIO_free_all()\fR or \fBSSL_free()\fR call the other half needs to be freed. +.PP +When used in bidirectional applications (such as \s-1TLS/SSL\s0) care should be taken to +flush any data in the write buffer. This can be done by calling \fBBIO_pending()\fR +on the other half of the pair and, if any data is pending, reading it and sending +it to the underlying transport. This must be done before any normal processing +(such as calling \fBselect()\fR ) due to a request and \fBBIO_should_read()\fR being true. +.PP +To see why this is important consider a case where a request is sent using +\&\fBBIO_write_ex()\fR and a response read with \fBBIO_read_ex()\fR, this can occur during an +\&\s-1TLS/SSL\s0 handshake for example. \fBBIO_write_ex()\fR will succeed and place data in the +write buffer. \fBBIO_read_ex()\fR will initially fail and \fBBIO_should_read()\fR will be +true. If the application then waits for data to be available on the underlying +transport before flushing the write buffer it will never succeed because the +request was never sent! +.PP +\&\fBBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been +shutdown. +.PP +\&\fBBIO_make_bio_pair()\fR, \fBBIO_destroy_bio_pair()\fR, \fBBIO_shutdown_wr()\fR, +\&\fBBIO_set_write_buf_size()\fR, \fBBIO_get_write_buf_size()\fR, +\&\fBBIO_get_write_guarantee()\fR, and \fBBIO_get_read_request()\fR are implemented +as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in +\&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the +locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information. +.PP +[\s-1XXXXX:\s0 More return values need to be added here] +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The \s-1BIO\s0 pair can be used to have full control over the network access of an +application. The application can call \fBselect()\fR on the socket as required +without having to go through the SSL-interface. +.PP +.Vb 1 +\& BIO *internal_bio, *network_bio; +\& +\& ... +\& BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0); +\& SSL_set_bio(ssl, internal_bio, internal_bio); +\& SSL_operations(); /* e.g SSL_read and SSL_write */ +\& ... +\& +\& application | TLS\-engine +\& | | +\& +\-\-\-\-\-\-\-\-\-\-> SSL_operations() +\& | /\e || +\& | || \e/ +\& | BIO\-pair (internal_bio) +\& | BIO\-pair (network_bio) +\& | || /\e +\& | \e/ || +\& +\-\-\-\-\-\-\-\-\-\-\-< BIO_operations() +\& | | +\& | | +\& socket +\& +\& ... +\& SSL_free(ssl); /* implicitly frees internal_bio */ +\& BIO_free(network_bio); +\& ... +.Ve +.PP +As the \s-1BIO\s0 pair will only buffer the data and never directly access the +connection, it behaves non-blocking and will return as soon as the write +buffer is full or the read buffer is drained. Then the application has to +flush the write buffer and/or fill the read buffer. +.PP +Use the \fBBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 +and must be transferred to the network. Use \fBBIO_ctrl_get_read_request()\fR to +find out, how many bytes must be written into the buffer before the +\&\fBSSL_operation()\fR can successfully be continued. +.SH "WARNINGS" +.IX Header "WARNINGS" +As the data is buffered, \fBSSL_operation()\fR may return with an \s-1ERROR_SSL_WANT_READ\s0 +condition, but there is still data in the write buffer. An application must +not rely on the error value of \fBSSL_operation()\fR but must assure that the +write buffer is always flushed first. Otherwise a deadlock may occur as +the peer might be waiting for the data before being able to continue. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBBIO_should_retry\fR\|(3), \fBBIO_read_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_connect.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_connect.3 new file mode 100644 index 00000000..3130dfbd --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_connect.3 @@ -0,0 +1,338 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_CONNECT 3" +.TH BIO_S_CONNECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_set_conn_address, BIO_get_conn_address, BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port, BIO_set_conn_ip_family, BIO_get_conn_ip_family, BIO_get_conn_hostname, BIO_get_conn_port, BIO_set_nbio, BIO_do_connect \- connect BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD * BIO_s_connect(void); +\& +\& BIO *BIO_new_connect(char *name); +\& +\& long BIO_set_conn_hostname(BIO *b, char *name); +\& long BIO_set_conn_port(BIO *b, char *port); +\& long BIO_set_conn_address(BIO *b, BIO_ADDR *addr); +\& long BIO_set_conn_ip_family(BIO *b, long family); +\& const char *BIO_get_conn_hostname(BIO *b); +\& const char *BIO_get_conn_port(BIO *b); +\& const BIO_ADDR *BIO_get_conn_address(BIO *b); +\& const long BIO_get_conn_ip_family(BIO *b); +\& +\& long BIO_set_nbio(BIO *b, long n); +\& +\& int BIO_do_connect(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper +round the platform's \s-1TCP/IP\s0 socket connection routines. +.PP +Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data +transferred using only \s-1BIO\s0 routines. In this way any platform +specific operations are hidden by the \s-1BIO\s0 abstraction. +.PP +Read and write operations on a connect \s-1BIO\s0 will perform I/O +on the underlying connection. If no connection is established +and the port and hostname (see below) is set up properly then +a connection is established first. +.PP +Connect BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. +.PP +If the close flag is set on a connect \s-1BIO\s0 then any active +connection is shutdown and the socket closed when the \s-1BIO\s0 +is freed. +.PP +Calling \fBBIO_reset()\fR on a connect \s-1BIO\s0 will close any active +connection and reset the \s-1BIO\s0 into a state where it can connect +to the same host again. +.PP +\&\fBBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0 +it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of +type (int *). +.PP +\&\fBBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. +The hostname can be an \s-1IP\s0 address; if the address is an IPv6 one, it +must be enclosed with brackets. The hostname can also include the +port in the form hostname:port. +.PP +\&\fBBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the +numerical form or a string such as \*(L"http\*(R". A string will be looked +up first using \fBgetservbyname()\fR on the host platform but if that +fails a standard table of port names will be used. This internal +list is http, telnet, socks, https, ssl, ftp, and gopher. +.PP +\&\fBBIO_set_conn_address()\fR sets the address and port information using +a \s-1\fBBIO_ADDR\s0\fR\|(3ssl). +.PP +\&\fBBIO_set_conn_ip_family()\fR sets the \s-1IP\s0 family. +.PP +\&\fBBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or +\&\s-1NULL\s0 if the \s-1BIO\s0 is initialized but no hostname is set. +This return value is an internal pointer which should not be modified. +.PP +\&\fBBIO_get_conn_port()\fR returns the port as a string. +This return value is an internal pointer which should not be modified. +.PP +\&\fBBIO_get_conn_address()\fR returns the address information as a \s-1BIO_ADDR.\s0 +This return value is an internal pointer which should not be modified. +.PP +\&\fBBIO_get_conn_ip_family()\fR returns the \s-1IP\s0 family of the connect \s-1BIO.\s0 +.PP +\&\fBBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is +zero then blocking I/O is set. If \fBn\fR is 1 then non blocking I/O +is set. Blocking I/O is the default. The call to \fBBIO_set_nbio()\fR +should be made before the connection is established because +non blocking I/O is set during the connect process. +.PP +\&\fBBIO_new_connect()\fR combines \fBBIO_new()\fR and \fBBIO_set_conn_hostname()\fR into +a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR. +.PP +\&\fBBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs +to determine if the call should be retried. +.SH "NOTES" +.IX Header "NOTES" +If blocking I/O is set then a non positive return value from any +I/O call is caused by an error condition, although a zero return +will normally mean that the connection was closed. +.PP +If the port name is supplied as part of the host name then this will +override any value set with \fBBIO_set_conn_port()\fR. This may be undesirable +if the application does not wish to allow connection to arbitrary +ports. This can be avoided by checking for the presence of the ':' +character in the passed hostname and either indicating an error or +truncating the string at that point. +.PP +The values returned by \fBBIO_get_conn_hostname()\fR, \fBBIO_get_conn_address()\fR, +and \fBBIO_get_conn_port()\fR are updated when a connection attempt is made. +Before any connection attempt the values returned are those set by the +application itself. +.PP +Applications do not have to call \fBBIO_do_connect()\fR but may wish to do +so to separate the connection process from other I/O processing. +.PP +If non blocking I/O is set then retries will be requested as appropriate. +.PP +It addition to \fBBIO_should_read()\fR and \fBBIO_should_write()\fR it is also +possible for \fBBIO_should_io_special()\fR to be true during the initial +connection process with the reason \s-1BIO_RR_CONNECT.\s0 If this is returned +then this is an indication that a connection attempt would block, +the application should then take appropriate action to wait until +the underlying socket has connected and retry the call. +.PP +\&\fBBIO_set_conn_hostname()\fR, \fBBIO_set_conn_port()\fR, \fBBIO_get_conn_hostname()\fR, +\&\fBBIO_set_conn_address()\fR, \fBBIO_get_conn_port()\fR, \fBBIO_get_conn_address()\fR, +\&\fBBIO_set_conn_ip_family()\fR, \fBBIO_get_conn_ip_family()\fR, +\&\fBBIO_set_nbio()\fR, and \fBBIO_do_connect()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. +.PP +\&\fBBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not +been initialized. +.PP +\&\fBBIO_set_conn_address()\fR, \fBBIO_set_conn_port()\fR, and \fBBIO_set_conn_ip_family()\fR +always return 1. +.PP +\&\fBBIO_set_conn_hostname()\fR returns 1 on success and 0 on failure. +.PP +\&\fBBIO_get_conn_address()\fR returns the address information or \s-1NULL\s0 if none +was set. +.PP +\&\fBBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 if +none was set. +.PP +\&\fBBIO_get_conn_ip_family()\fR returns the address family or \-1 if none was set. +.PP +\&\fBBIO_get_conn_port()\fR returns a string representing the connected +port or \s-1NULL\s0 if not set. +.PP +\&\fBBIO_set_nbio()\fR always returns 1. +.PP +\&\fBBIO_do_connect()\fR returns 1 if the connection was successfully +established and 0 or \-1 if the connection failed. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This is example connects to a webserver on the local host and attempts +to retrieve a page and copy the result to standard output. +.PP +.Vb 3 +\& BIO *cbio, *out; +\& int len; +\& char tmpbuf[1024]; +\& +\& cbio = BIO_new_connect("localhost:http"); +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& if (BIO_do_connect(cbio) <= 0) { +\& fprintf(stderr, "Error connecting to server\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& BIO_puts(cbio, "GET / HTTP/1.0\en\en"); +\& for (;;) { +\& len = BIO_read(cbio, tmpbuf, 1024); +\& if (len <= 0) +\& break; +\& BIO_write(out, tmpbuf, len); +\& } +\& BIO_free(cbio); +\& BIO_free(out); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBBIO_ADDR\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBIO_set_conn_int_port()\fR, \fBBIO_get_conn_int_port()\fR, \fBBIO_set_conn_ip()\fR, and \fBBIO_get_conn_ip()\fR +were removed in OpenSSL 1.1.0. +Use \fBBIO_set_conn_address()\fR and \fBBIO_get_conn_address()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_fd.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_fd.3 new file mode 100644 index 00000000..54811459 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_fd.3 @@ -0,0 +1,230 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_FD 3" +.TH BIO_S_FD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_fd(void); +\& +\& int BIO_set_fd(BIO *b, int fd, int c); +\& int BIO_get_fd(BIO *b, int *c); +\& +\& BIO *BIO_new_fd(int fd, int close_flag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper +round the platforms file descriptor routines such as \fBread()\fR and \fBwrite()\fR. +.PP +\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying descriptor. +\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. +.PP +If the close flag is set then \fBclose()\fR is called on the underlying +file descriptor when the \s-1BIO\s0 is freed. +.PP +\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file +such as by using \fBlseek(fd, 0, 0)\fR. +.PP +\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +such as by using \fBlseek(fd, ofs, 0)\fR. +.PP +\&\fBBIO_tell()\fR returns the current file position such as by calling +\&\fBlseek(fd, 0, 1)\fR. +.PP +\&\fBBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close +flag to \fBc\fR. +.PP +\&\fBBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also +returns the file descriptor. +.PP +\&\fBBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR depends on the behavior of the +platforms \fBread()\fR and \fBwrite()\fR calls on the descriptor. If the underlying +file descriptor is in a non blocking mode then the \s-1BIO\s0 will behave in the +manner described in the \fBBIO_read_ex\fR\|(3) and \fBBIO_should_retry\fR\|(3) +manual pages. +.PP +File descriptor BIOs should not be used for socket I/O. Use socket BIOs +instead. +.PP +\&\fBBIO_set_fd()\fR and \fBBIO_get_fd()\fR are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. +.PP +\&\fBBIO_set_fd()\fR always returns 1. +.PP +\&\fBBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not +been initialized. +.PP +\&\fBBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This is a file descriptor \s-1BIO\s0 version of \*(L"Hello World\*(R": +.PP +.Vb 1 +\& BIO *out; +\& +\& out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE); +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3), +\&\fBBIO_reset\fR\|(3), \fBBIO_read_ex\fR\|(3), +\&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3), +\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), +\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_file.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_file.3 new file mode 100644 index 00000000..e6f478f9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_file.3 @@ -0,0 +1,303 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_FILE 3" +.TH BIO_S_FILE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, BIO_read_filename, BIO_write_filename, BIO_append_filename, BIO_rw_filename \- FILE bio +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_file(void); +\& BIO *BIO_new_file(const char *filename, const char *mode); +\& BIO *BIO_new_fp(FILE *stream, int flags); +\& +\& BIO_set_fp(BIO *b, FILE *fp, int flags); +\& BIO_get_fp(BIO *b, FILE **fpp); +\& +\& int BIO_read_filename(BIO *b, char *name) +\& int BIO_write_filename(BIO *b, char *name) +\& int BIO_append_filename(BIO *b, char *name) +\& int BIO_rw_filename(BIO *b, char *name) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it +is a wrapper round the stdio \s-1FILE\s0 structure and it is a +source/sink \s-1BIO.\s0 +.PP +Calls to \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read and write data to the +underlying stream. \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported on file BIOs. +.PP +\&\fBBIO_flush()\fR on a file \s-1BIO\s0 calls the \fBfflush()\fR function on the wrapped +stream. +.PP +\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file +using fseek(stream, 0, 0). +.PP +\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +using fseek(stream, ofs, 0). +.PP +\&\fBBIO_eof()\fR calls \fBfeof()\fR. +.PP +Setting the \s-1BIO_CLOSE\s0 flag calls \fBfclose()\fR on the stream when the \s-1BIO\s0 +is freed. +.PP +\&\fBBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning +of \fBmode\fR is the same as the stdio function \fBfopen()\fR. The \s-1BIO_CLOSE\s0 +flag is set on the returned \s-1BIO.\s0 +.PP +\&\fBBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be: +\&\s-1BIO_CLOSE, BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying +stream to text mode, default is binary: this only has any effect under +Win32). +.PP +\&\fBBIO_set_fp()\fR sets the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same +meaning as in \fBBIO_new_fp()\fR, it is a macro. +.PP +\&\fBBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro. +.PP +\&\fBBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes +from the start of file. +.PP +\&\fBBIO_tell()\fR returns the value of the position pointer. +.PP +\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and +\&\fBBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for +reading, writing, append or read write respectively. +.SH "NOTES" +.IX Header "NOTES" +When wrapping stdout, stdin or stderr the underlying stream should not +normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set. +.PP +Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks +in stdio behaviour will be mirrored by the corresponding \s-1BIO.\s0 +.PP +On Windows BIO_new_files reserves for the filename argument to be +\&\s-1UTF\-8\s0 encoded. In other words if you have to make it work in multi\- +lingual environment, encode file names in \s-1UTF\-8.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_file()\fR returns the file \s-1BIO\s0 method. +.PP +\&\fBBIO_new_file()\fR and \fBBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error +occurred. +.PP +\&\fBBIO_set_fp()\fR and \fBBIO_get_fp()\fR return 1 for success or 0 for failure +(although the current implementation never return 0). +.PP +\&\fBBIO_seek()\fR returns the same value as the underlying \fBfseek()\fR function: +0 for success or \-1 for failure. +.PP +\&\fBBIO_tell()\fR returns the current file position. +.PP +\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and +\&\fBBIO_rw_filename()\fR return 1 for success or 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +File \s-1BIO\s0 \*(L"hello world\*(R": +.PP +.Vb 1 +\& BIO *bio_out; +\& +\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_printf(bio_out, "Hello World\en"); +.Ve +.PP +Alternative technique: +.PP +.Vb 1 +\& BIO *bio_out; +\& +\& bio_out = BIO_new(BIO_s_file()); +\& if (bio_out == NULL) +\& /* Error */ +\& if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) +\& /* Error */ +\& BIO_printf(bio_out, "Hello World\en"); +.Ve +.PP +Write to a file: +.PP +.Vb 1 +\& BIO *out; +\& +\& out = BIO_new_file("filename.txt", "w"); +\& if (!out) +\& /* Error */ +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.PP +Alternative technique: +.PP +.Vb 1 +\& BIO *out; +\& +\& out = BIO_new(BIO_s_file()); +\& if (out == NULL) +\& /* Error */ +\& if (!BIO_write_filename(out, "filename.txt")) +\& /* Error */ +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fBBIO_reset()\fR and \fBBIO_seek()\fR are implemented using \fBfseek()\fR on the underlying +stream. The return value for \fBfseek()\fR is 0 for success or \-1 if an error +occurred this differs from other types of \s-1BIO\s0 which will typically return +1 for success and a non positive value if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3), +\&\fBBIO_reset\fR\|(3), \fBBIO_flush\fR\|(3), +\&\fBBIO_read_ex\fR\|(3), +\&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3), +\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), +\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_mem.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_mem.3 new file mode 100644 index 00000000..9c220924 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_mem.3 @@ -0,0 +1,297 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_MEM 3" +.TH BIO_S_MEM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_secmem, BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, BIO_get_mem_ptr, BIO_new_mem_buf \- memory BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_mem(void); +\& const BIO_METHOD *BIO_s_secmem(void); +\& +\& BIO_set_mem_eof_return(BIO *b, int v) +\& long BIO_get_mem_data(BIO *b, char **pp) +\& BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c) +\& BIO_get_mem_ptr(BIO *b, BUF_MEM **pp) +\& +\& BIO *BIO_new_mem_buf(const void *buf, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_mem()\fR returns the memory \s-1BIO\s0 method function. +.PP +A memory \s-1BIO\s0 is a source/sink \s-1BIO\s0 which uses memory for its I/O. Data +written to a memory \s-1BIO\s0 is stored in a \s-1BUF_MEM\s0 structure which is extended +as appropriate to accommodate the stored data. +.PP +\&\fBBIO_s_secmem()\fR is like \fBBIO_s_mem()\fR except that the secure heap is used +for buffer storage. +.PP +Any data written to a memory \s-1BIO\s0 can be recalled by reading from it. +Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from +the \s-1BIO.\s0 +.PP +Memory BIOs support \fBBIO_gets()\fR and \fBBIO_puts()\fR. +.PP +If the \s-1BIO_CLOSE\s0 flag is set when a memory \s-1BIO\s0 is freed then the underlying +\&\s-1BUF_MEM\s0 structure is also freed. +.PP +Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it if the +flag \s-1BIO_FLAGS_NONCLEAR_RST\s0 is not set, otherwise it just restores the read +pointer to the state it was just after the last write was performed and the +data can be read again. On a read only \s-1BIO\s0 it similarly restores the \s-1BIO\s0 to +its original state and the read only data can be read again. +.PP +\&\fBBIO_eof()\fR is true if no data is in the \s-1BIO.\s0 +.PP +\&\fBBIO_ctrl_pending()\fR returns the number of bytes currently stored. +.PP +\&\fBBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is +empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is +it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non +zero then it will return \fBv\fR when it is empty and it will set the read retry +flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal +positive return value \fBv\fR should be set to a negative value, typically \-1. +.PP +\&\fBBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data +and returns the total amount of data available. It is implemented as a macro. +.PP +\&\fBBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the +close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 +It is a macro. +.PP +\&\fBBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is +a macro. +.PP +\&\fBBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR, +if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be nul terminated and its +length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and +as a result cannot be written to. This is useful when some data needs to be +made available from a static area of memory in the form of a \s-1BIO.\s0 The +supplied data is read directly from the supplied buffer: it is \fBnot\fR copied +first, so the supplied area of memory must be unchanged until the \s-1BIO\s0 is freed. +.SH "NOTES" +.IX Header "NOTES" +Writes to memory BIOs will always succeed if memory is available: that is +their size can grow indefinitely. +.PP +Every write after partial read (not all data in the memory buffer was read) +to a read write memory \s-1BIO\s0 will have to move the unread data with an internal +copy operation, if a \s-1BIO\s0 contains a lot of data and it is read in small +chunks intertwined with writes the operation can be very slow. Adding +a buffering \s-1BIO\s0 to the chain can speed up the process. +.PP +Calling \fBBIO_set_mem_buf()\fR on a \s-1BIO\s0 created with \fBBIO_new_secmem()\fR will +give undefined results, including perhaps a program crash. +.PP +Switching the memory \s-1BIO\s0 from read write to read only is not supported and +can give undefined results including a program crash. There are two notable +exceptions to the rule. The first one is to assign a static memory buffer +immediately after \s-1BIO\s0 creation and set the \s-1BIO\s0 as read only. +.PP +The other supported sequence is to start with read write \s-1BIO\s0 then temporarily +switch it to read only and call \fBBIO_reset()\fR on the read only \s-1BIO\s0 immediately +before switching it back to read write. Before the \s-1BIO\s0 is freed it must be +switched back to the read write mode. +.PP +Calling \fBBIO_get_mem_ptr()\fR on read only \s-1BIO\s0 will return a \s-1BUF_MEM\s0 that +contains only the remaining data to be read. If the close status of the +\&\s-1BIO\s0 is set to \s-1BIO_NOCLOSE,\s0 before freeing the \s-1BUF_MEM\s0 the data pointer +in it must be set to \s-1NULL\s0 as the data pointer does not point to an +allocated memory. +.PP +Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 with \s-1BIO_FLAGS_NONCLEAR_RST\s0 +flag set can have unexpected outcome when the reads and writes to the +\&\s-1BIO\s0 are intertwined. As documented above the \s-1BIO\s0 will be reset to the +state after the last completed write operation. The effects of reads +preceding that write operation cannot be undone. +.PP +Calling \fBBIO_get_mem_ptr()\fR prior to a \fBBIO_reset()\fR call with +\&\s-1BIO_FLAGS_NONCLEAR_RST\s0 set has the same effect as a write operation. +.SH "BUGS" +.IX Header "BUGS" +There should be an option to set the maximum size of a memory \s-1BIO.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_mem()\fR and \fBBIO_s_secmem()\fR return a valid memory \fB\s-1BIO_METHOD\s0\fR structure. +.PP +\&\fBBIO_set_mem_eof_return()\fR, \fBBIO_set_mem_buf()\fR and \fBBIO_get_mem_ptr()\fR +return 1 on success or a value which is less than or equal to 0 if an error occurred. +.PP +\&\fBBIO_get_mem_data()\fR returns the total number of bytes available on success, +0 if b is \s-1NULL,\s0 or a negative value in case of other errors. +.PP +\&\fBBIO_new_mem_buf()\fR returns a valid \fB\s-1BIO\s0\fR structure on success or \s-1NULL\s0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a memory \s-1BIO\s0 and write some data to it: +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +\& +\& BIO_puts(mem, "Hello World\en"); +.Ve +.PP +Create a read only memory \s-1BIO:\s0 +.PP +.Vb 2 +\& char data[] = "Hello World"; +\& BIO *mem = BIO_new_mem_buf(data, \-1); +.Ve +.PP +Extract the \s-1BUF_MEM\s0 structure from a memory \s-1BIO\s0 and then free up the \s-1BIO:\s0 +.PP +.Vb 1 +\& BUF_MEM *bptr; +\& +\& BIO_get_mem_ptr(mem, &bptr); +\& BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */ +\& BIO_free(mem); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_null.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_null.3 new file mode 100644 index 00000000..4f8becc9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_null.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_NULL 3" +.TH BIO_S_NULL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_null \- null data sink +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to +the null sink is discarded, reads return \s-1EOF.\s0 +.SH "NOTES" +.IX Header "NOTES" +A null sink \s-1BIO\s0 behaves in a similar manner to the Unix /dev/null +device. +.PP +A null bio can be placed on the end of a chain to discard any data +passed through it. +.PP +A null sink is useful if, for example, an application wishes to digest some +data by writing through a digest bio but not send the digested data anywhere. +Since a \s-1BIO\s0 chain must normally include a source/sink \s-1BIO\s0 this can be achieved +by adding a null sink \s-1BIO\s0 to the end of the chain +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_socket.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_socket.3 new file mode 100644 index 00000000..5e29cfac --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_s_socket.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_SOCKET 3" +.TH BIO_S_SOCKET 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_socket, BIO_new_socket \- socket BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_socket(void); +\& +\& BIO *BIO_new_socket(int sock, int close_flag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper +round the platform's socket routines. +.PP +\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying socket. +\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. +.PP +If the close flag is set then the socket is shut down and closed +when the \s-1BIO\s0 is freed. +.PP +\&\fBBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. +.SH "NOTES" +.IX Header "NOTES" +Socket BIOs also support any relevant functionality of file descriptor +BIOs. +.PP +The reason for having separate file descriptor and socket BIOs is that on some +platforms sockets are not file descriptors and use distinct I/O routines, +Windows is one such platform. Any code mixing the two will not work on +all platforms. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. +.PP +\&\fBBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +occurred. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_set_callback.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_set_callback.3 new file mode 100644 index 00000000..6f14d176 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_set_callback.3 @@ -0,0 +1,392 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_SET_CALLBACK 3" +.TH BIO_SET_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback, BIO_callback_fn_ex, BIO_callback_fn \&\- BIO callback functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, +\& size_t len, int argi, +\& long argl, int ret, size_t *processed); +\& typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, +\& long argl, long ret); +\& +\& void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); +\& BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +\& +\& void BIO_set_callback(BIO *b, BIO_callback_fn cb); +\& BIO_callback_fn BIO_get_callback(BIO *b); +\& void BIO_set_callback_arg(BIO *b, char *arg); +\& char *BIO_get_callback_arg(const BIO *b); +\& +\& long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, +\& long argl, long ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_set_callback_ex()\fR and \fBBIO_get_callback_ex()\fR set and retrieve the \s-1BIO\s0 +callback. The callback is called during most high level \s-1BIO\s0 operations. It can +be used for debugging purposes to trace operations on a \s-1BIO\s0 or to modify its +operation. +.PP +\&\fBBIO_set_callback()\fR and \fBBIO_get_callback()\fR set and retrieve the old format \s-1BIO\s0 +callback. New code should not use these functions, but they are retained for +backwards compatibility. Any callback set via \fBBIO_set_callback_ex()\fR will get +called in preference to any set by \fBBIO_set_callback()\fR. +.PP +\&\fBBIO_set_callback_arg()\fR and \fBBIO_get_callback_arg()\fR are macros which can be +used to set and retrieve an argument for use in the callback. +.PP +\&\fBBIO_debug_callback()\fR is a standard debugging callback which prints +out information relating to each \s-1BIO\s0 operation. If the callback +argument is set it is interpreted as a \s-1BIO\s0 to send the information +to, otherwise stderr is used. +.PP +\&\fBBIO_callback_fn_ex()\fR is the type of the callback function and \fBBIO_callback_fn()\fR +is the type of the old format callback function. The meaning of each argument +is described below: +.IP "\fBb\fR" 4 +.IX Item "b" +The \s-1BIO\s0 the callback is attached to is passed in \fBb\fR. +.IP "\fBoper\fR" 4 +.IX Item "oper" +\&\fBoper\fR is set to the operation being performed. For some operations +the callback is called twice, once before and once after the actual +operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN.\s0 +.IP "\fBlen\fR" 4 +.IX Item "len" +The length of the data requested to be read or written. This is only useful if +\&\fBoper\fR is \s-1BIO_CB_READ, BIO_CB_WRITE\s0 or \s-1BIO_CB_GETS.\s0 +.IP "\fBargp\fR \fBargi\fR \fBargl\fR" 4 +.IX Item "argp argi argl" +The meaning of the arguments \fBargp\fR, \fBargi\fR and \fBargl\fR depends on +the value of \fBoper\fR, that is the operation being performed. +.IP "\fBprocessed\fR" 4 +.IX Item "processed" +\&\fBprocessed\fR is a pointer to a location which will be updated with the amount of +data that was actually read or written. Only used for \s-1BIO_CB_READ, BIO_CB_WRITE, +BIO_CB_GETS\s0 and \s-1BIO_CB_PUTS.\s0 +.IP "\fBret\fR" 4 +.IX Item "ret" +\&\fBret\fR is the return value that would be returned to the +application if no callback were present. The actual value returned +is the return value of the callback itself. In the case of callbacks +called before the actual \s-1BIO\s0 operation 1 is placed in \fBret\fR, if +the return value is not positive it will be immediately returned to +the application and the \s-1BIO\s0 operation will not be performed. +.PP +The callback should normally simply return \fBret\fR when it has +finished processing, unless it specifically wishes to modify the +value returned to the application. +.SH "CALLBACK OPERATIONS" +.IX Header "CALLBACK OPERATIONS" +In the notes below, \fBcallback\fR defers to the actual callback +function that is called. +.IP "\fBBIO_free(b)\fR" 4 +.IX Item "BIO_free(b)" +.Vb 1 +\& callback_ex(b, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L) +.Ve +.Sp +is called before the free operation. +.IP "\fBBIO_read_ex(b, data, dlen, readbytes)\fR" 4 +.IX Item "BIO_read_ex(b, data, dlen, readbytes)" +.Vb 1 +\& callback_ex(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_READ, data, dlen, 0L, 1L) +.Ve +.Sp +is called before the read and +.Sp +.Vb 2 +\& callback_ex(b, BIO_CB_READ | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, +\& &readbytes) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_READ|BIO_CB_RETURN, data, dlen, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_write(b, data, dlen, written)\fR" 4 +.IX Item "BIO_write(b, data, dlen, written)" +.Vb 1 +\& callback_ex(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_WRITE, datat, dlen, 0L, 1L) +.Ve +.Sp +is called before the write and +.Sp +.Vb 2 +\& callback_ex(b, BIO_CB_WRITE | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, +\& &written) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_WRITE|BIO_CB_RETURN, data, dlen, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_gets(b, buf, size)\fR" 4 +.IX Item "BIO_gets(b, buf, size)" +.Vb 1 +\& callback_ex(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_GETS, buf, size, 0L, 1L) +.Ve +.Sp +is called before the operation and +.Sp +.Vb 2 +\& callback_ex(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, 0, 0L, retvalue, +\& &readbytes) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_GETS|BIO_CB_RETURN, buf, size, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_puts(b, buf)\fR" 4 +.IX Item "BIO_puts(b, buf)" +.Vb 1 +\& callback_ex(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL); +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_PUTS, buf, 0, 0L, 1L) +.Ve +.Sp +is called before the operation and +.Sp +.Vb 1 +\& callback_ex(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, 0L, retvalue, &written) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_PUTS|BIO_CB_RETURN, buf, 0, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_ctrl(\s-1BIO\s0 *b, int cmd, long larg, void *parg)\fR" 4 +.IX Item "BIO_ctrl(BIO *b, int cmd, long larg, void *parg)" +.Vb 1 +\& callback_ex(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L) +.Ve +.Sp +is called before the call and +.Sp +.Vb 1 +\& callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, larg, ret, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret) +.Ve +.Sp +after. +.Sp +Note: \fBcmd\fR == \fB\s-1BIO_CTRL_SET_CALLBACK\s0\fR is special, because \fBparg\fR is not the +argument of type \fBBIO_info_cb\fR itself. In this case \fBparg\fR is a pointer to +the actual call parameter, see \fBBIO_callback_ctrl\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_get_callback_ex()\fR and \fBBIO_get_callback()\fR return the callback function +previously set by a call to \fBBIO_set_callback_ex()\fR and \fBBIO_set_callback()\fR +respectively. +.PP +\&\fBBIO_get_callback_arg()\fR returns a \fBchar\fR pointer to the value previously set +via a call to \fBBIO_set_callback_arg()\fR. +.PP +\&\fBBIO_debug_callback()\fR returns 1 or \fBret\fR if it's called after specific \s-1BIO\s0 +operations. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The \fBBIO_debug_callback()\fR function is a good example, its source is +in crypto/bio/bio_cb.c +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_should_retry.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_should_retry.3 new file mode 100644 index 00000000..3b773e3e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BIO_should_retry.3 @@ -0,0 +1,273 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_SHOULD_RETRY 3" +.TH BIO_SHOULD_RETRY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_should_read, BIO_should_write, BIO_should_io_special, BIO_retry_type, BIO_should_retry, BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason \- BIO retry functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_should_read(BIO *b); +\& int BIO_should_write(BIO *b); +\& int BIO_should_io_special(iBIO *b); +\& int BIO_retry_type(BIO *b); +\& int BIO_should_retry(BIO *b); +\& +\& BIO *BIO_get_retry_BIO(BIO *bio, int *reason); +\& int BIO_get_retry_reason(BIO *bio); +\& void BIO_set_retry_reason(BIO *bio, int reason); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions determine why a \s-1BIO\s0 is not able to read or write data. +They will typically be called after a failed \fBBIO_read_ex()\fR or \fBBIO_write_ex()\fR +call. +.PP +\&\fBBIO_should_retry()\fR is true if the call that produced this condition +should then be retried at a later time. +.PP +If \fBBIO_should_retry()\fR is false then the cause is an error condition. +.PP +\&\fBBIO_should_read()\fR is true if the cause of the condition is that the \s-1BIO\s0 +has insufficient data to return. Check for readability and/or retry the +last operation. +.PP +\&\fBBIO_should_write()\fR is true if the cause of the condition is that the \s-1BIO\s0 +has pending data to write. Check for writability and/or retry the +last operation. +.PP +\&\fBBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a +reason other than reading or writing is the cause of the condition. +.PP +\&\fBBIO_retry_type()\fR returns a mask of the cause of a retry condition +consisting of the values \fB\s-1BIO_FLAGS_READ\s0\fR, \fB\s-1BIO_FLAGS_WRITE\s0\fR, +\&\fB\s-1BIO_FLAGS_IO_SPECIAL\s0\fR though current \s-1BIO\s0 types will only set one of +these. +.PP +\&\fBBIO_get_retry_BIO()\fR determines the precise reason for the special +condition, it returns the \s-1BIO\s0 that caused this condition and if +\&\fBreason\fR is not \s-1NULL\s0 it contains the reason code. The meaning of +the reason code and the action that should be taken depends on +the type of \s-1BIO\s0 that resulted in this condition. +.PP +\&\fBBIO_get_retry_reason()\fR returns the reason for a special condition if +passed the relevant \s-1BIO,\s0 for example as returned by \fBBIO_get_retry_BIO()\fR. +.PP +\&\fBBIO_set_retry_reason()\fR sets the retry reason for a special condition for a given +\&\s-1BIO.\s0 This would usually only be called by \s-1BIO\s0 implementations. +.SH "NOTES" +.IX Header "NOTES" +\&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, +\&\fBBIO_retry_type()\fR, and \fBBIO_should_retry()\fR, are implemented as macros. +.PP +If \fBBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R" +depends on the \s-1BIO\s0 type that caused it and the return code of the \s-1BIO\s0 +operation. For example if a call to \fBBIO_read_ex()\fR on a socket \s-1BIO\s0 returns +0 and \fBBIO_should_retry()\fR is false then the cause will be that the +connection closed. A similar condition on a file \s-1BIO\s0 will mean that it +has reached \s-1EOF.\s0 Some \s-1BIO\s0 types may place additional information on +the error queue. For more details see the individual \s-1BIO\s0 type manual +pages. +.PP +If the underlying I/O structure is in a blocking mode almost all current +\&\s-1BIO\s0 types will not request a retry, because the underlying I/O +calls will not. If the application knows that the \s-1BIO\s0 type will never +signal a retry then it need not call \fBBIO_should_retry()\fR after a failed +\&\s-1BIO I/O\s0 call. This is typically done with file BIOs. +.PP +\&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a +retry even if the underlying I/O structure is blocking, if a handshake +occurs during a call to \fBBIO_read()\fR. An application can retry the failed +call immediately or avoid this situation by setting \s-1SSL_MODE_AUTO_RETRY\s0 +on the underlying \s-1SSL\s0 structure. +.PP +While an application may retry a failed non blocking call immediately +this is likely to be very inefficient because the call will fail +repeatedly until data can be processed or is available. An application +will normally wait until the necessary condition is satisfied. How +this is done depends on the underlying I/O structure. +.PP +For example if the cause is ultimately a socket and \fBBIO_should_read()\fR +is true then a call to \fBselect()\fR may be made to wait until data is +available and then retry the \s-1BIO\s0 operation. By combining the retry +conditions of several non blocking BIOs in a single \fBselect()\fR call +it is possible to service several BIOs in a single thread, though +the performance may be poor if \s-1SSL\s0 BIOs are present because long delays +can occur during the initial handshake process. +.PP +It is possible for a \s-1BIO\s0 to block indefinitely if the underlying I/O +structure cannot process or return any data. This depends on the behaviour of +the platforms I/O functions. This is often not desirable: one solution +is to use non blocking I/O and use a timeout on the \fBselect()\fR (or +equivalent) call. +.SH "BUGS" +.IX Header "BUGS" +The OpenSSL \s-1ASN1\s0 functions cannot gracefully deal with non blocking I/O: +that is they cannot retry after a partial read or write. This is usually +worked around by only passing the relevant data to \s-1ASN1\s0 functions when +the entire structure can be read or written. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, and +\&\fBBIO_should_retry()\fR return either 1 or 0 based on the actual conditions +of the \fB\s-1BIO\s0\fR. +.PP +\&\fBBIO_retry_type()\fR returns a flag combination presenting the cause of a retry +condition or false if there is no retry condition. +.PP +\&\fBBIO_get_retry_BIO()\fR returns a valid \fB\s-1BIO\s0\fR structure. +.PP +\&\fBBIO_get_retry_reason()\fR returns the reason for a special condition. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bio +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBIO_get_retry_reason()\fR and \fBBIO_set_retry_reason()\fR functions were added in +OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_BLINDING_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_BLINDING_new.3 new file mode 100644 index 00000000..01b756d3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_BLINDING_new.3 @@ -0,0 +1,254 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_BLINDING_NEW 3" +.TH BN_BLINDING_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread, BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags, BN_BLINDING_set_flags, BN_BLINDING_create_param \- blinding related BIGNUM functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, +\& BIGNUM *mod); +\& void BN_BLINDING_free(BN_BLINDING *b); +\& int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, +\& BN_CTX *ctx); +\& int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, +\& BN_CTX *ctx); +\& int BN_BLINDING_is_current_thread(BN_BLINDING *b); +\& void BN_BLINDING_set_current_thread(BN_BLINDING *b); +\& int BN_BLINDING_lock(BN_BLINDING *b); +\& int BN_BLINDING_unlock(BN_BLINDING *b); +\& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +\& void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +\& BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, +\& const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, +\& int (*bn_mod_exp)(BIGNUM *r, +\& const BIGNUM *a, +\& const BIGNUM *p, +\& const BIGNUM *m, +\& BN_CTX *ctx, +\& BN_MONT_CTX *m_ctx), +\& BN_MONT_CTX *m_ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies +the \fBA\fR and \fBAi\fR values into the newly created \fB\s-1BN_BLINDING\s0\fR object. +.PP +\&\fBBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure. +If \fBb\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring +the \fBA\fR and \fBAi\fR or, after specific number of uses and if the +necessary parameters are set, by re-creating the blinding parameters. +.PP +\&\fBBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR. +If \fBr\fR is not \s-1NULL\s0 a copy the inverse blinding factor \fBAi\fR will be +returned in \fBr\fR (this is useful if a \fB\s-1RSA\s0\fR object is shared among +several threads). \fBBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the +inverse blinding factor \fBAi\fR. If \fBr\fR is not \s-1NULL\s0 it will be used as +the inverse blinding. +.PP +\&\fBBN_BLINDING_convert()\fR and \fBBN_BLINDING_invert()\fR are wrapper +functions for \fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR +with \fBr\fR set to \s-1NULL.\s0 +.PP +\&\fBBN_BLINDING_is_current_thread()\fR returns whether the \fB\s-1BN_BLINDING\s0\fR +structure is owned by the current thread. This is to help users +provide proper locking if needed for multi-threaded use. +.PP +\&\fBBN_BLINDING_set_current_thread()\fR sets the current thread as the +owner of the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fBBN_BLINDING_lock()\fR locks the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fBBN_BLINDING_unlock()\fR unlocks the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fBBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently +there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and +\&\fB\s-1BN_BLINDING_NO_RECREATE\s0\fR. \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR inhibits the +automatic update of the \fB\s-1BN_BLINDING\s0\fR parameters after each use +and \fB\s-1BN_BLINDING_NO_RECREATE\s0\fR inhibits the automatic re-creation +of the \fB\s-1BN_BLINDING\s0\fR parameters after a fixed number of uses (currently +32). In newly allocated \fB\s-1BN_BLINDING\s0\fR objects no flags are set. +\&\fBBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags. +.PP +\&\fBBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters +using the exponent \fBe\fR and the modulus \fBm\fR. \fBbn_mod_exp\fR and +\&\fBm_ctx\fR can be used to pass special functions for exponentiation +(normally \fBBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure +or \s-1NULL\s0 in case of an error. +.PP +\&\fBBN_BLINDING_update()\fR, \fBBN_BLINDING_convert()\fR, \fBBN_BLINDING_invert()\fR, +\&\fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR return 1 on +success and 0 if an error occurred. +.PP +\&\fBBN_BLINDING_is_current_thread()\fR returns 1 if the current thread owns +the \fB\s-1BN_BLINDING\s0\fR object, 0 otherwise. +.PP +\&\fBBN_BLINDING_set_current_thread()\fR doesn't return anything. +.PP +\&\fBBN_BLINDING_lock()\fR, \fBBN_BLINDING_unlock()\fR return 1 if the operation +succeeded or 0 on error. +.PP +\&\fBBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags +(a \fBunsigned long\fR value). +.PP +\&\fBBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR +parameters or \s-1NULL\s0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBN_BLINDING_thread_id()\fR was first introduced in OpenSSL 1.0.0, and it +deprecates \fBBN_BLINDING_set_thread_id()\fR and \fBBN_BLINDING_get_thread_id()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2005\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_CTX_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_CTX_new.3 new file mode 100644 index 00000000..08b045fd --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_CTX_new.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_CTX_NEW 3" +.TH BN_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_CTX_new, BN_CTX_secure_new, BN_CTX_free \- allocate and free BN_CTX structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_CTX *BN_CTX_new(void); +\& +\& BN_CTX *BN_CTX_secure_new(void); +\& +\& void BN_CTX_free(BN_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1BN_CTX\s0\fR is a structure that holds \fB\s-1BIGNUM\s0\fR temporary variables used by +library functions. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fRs +is rather expensive when used in conjunction with repeated subroutine +calls, the \fB\s-1BN_CTX\s0\fR structure is used. +.PP +\&\fBBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure. +\&\fBBN_CTX_secure_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure +but uses the secure heap (see \fBCRYPTO_secure_malloc\fR\|(3)) to hold the +\&\fB\s-1BIGNUM\s0\fRs. +.PP +\&\fBBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR and the structure itself. +Since \fBBN_CTX_start()\fR is required in order to obtain \fB\s-1BIGNUM\s0\fRs from the +\&\fB\s-1BN_CTX\s0\fR, in most cases \fBBN_CTX_end()\fR must be called before the \fB\s-1BN_CTX\s0\fR may +be freed by \fBBN_CTX_free()\fR. If \fBc\fR is \s-1NULL,\s0 nothing is done. +.PP +A given \fB\s-1BN_CTX\s0\fR must only be used by a single thread of execution. No +locking is performed, and the internal pool allocator will not properly handle +multiple threads of execution. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_CTX_new()\fR and \fBBN_CTX_secure_new()\fR return a pointer to the \fB\s-1BN_CTX\s0\fR. +If the allocation fails, +they return \fB\s-1NULL\s0\fR and sets an error code that can be obtained by +\&\fBERR_get_error\fR\|(3). +.PP +\&\fBBN_CTX_free()\fR has no return values. +.SH "REMOVED FUNCTIONALITY" +.IX Header "REMOVED FUNCTIONALITY" +.Vb 1 +\& void BN_CTX_init(BN_CTX *c); +.Ve +.PP +\&\fBBN_CTX_init()\fR is no longer available as of OpenSSL 1.1.0. Applications should +replace use of BN_CTX_init with BN_CTX_new instead: +.PP +.Vb 6 +\& BN_CTX *ctx; +\& ctx = BN_CTX_new(); +\& if (!ctx) +\& /* error */ +\& ... +\& BN_CTX_free(ctx); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), +\&\fBBN_CTX_start\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBN_CTX_init()\fR was removed in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_CTX_start.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_CTX_start.3 new file mode 100644 index 00000000..3a74b470 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_CTX_start.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_CTX_START 3" +.TH BN_CTX_START 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary BIGNUM variables +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BN_CTX_start(BN_CTX *ctx); +\& +\& BIGNUM *BN_CTX_get(BN_CTX *ctx); +\& +\& void BN_CTX_end(BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to obtain temporary \fB\s-1BIGNUM\s0\fR variables from +a \fB\s-1BN_CTX\s0\fR (which can been created by using \fBBN_CTX_new\fR\|(3)) +in order to save the overhead of repeatedly creating and +freeing \fB\s-1BIGNUM\s0\fRs in functions that are called from inside a loop. +.PP +A function must call \fBBN_CTX_start()\fR first. Then, \fBBN_CTX_get()\fR may be +called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fBBN_CTX_get()\fR +calls must be made before calling any other functions that use the +\&\fBctx\fR as an argument. +.PP +Finally, \fBBN_CTX_end()\fR must be called before returning from the function. +If \fBctx\fR is \s-1NULL,\s0 nothing is done. +When \fBBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from +\&\fBBN_CTX_get()\fR become invalid. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_CTX_start()\fR and \fBBN_CTX_end()\fR return no values. +.PP +\&\fBBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error. +Once \fBBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR +as well, so it is sufficient to check the return value of the last +\&\fBBN_CTX_get()\fR call. In case of an error, an error code is set, which +can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_add.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_add.3 new file mode 100644 index 00000000..640e2080 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_add.3 @@ -0,0 +1,259 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_ADD 3" +.TH BN_ADD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +\& +\& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +\& +\& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& +\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); +\& +\& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, +\& BN_CTX *ctx); +\& +\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& +\& int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& +\& int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& +\& int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); +\& +\& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +.PP +\&\fBBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +.PP +\&\fBBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +For multiplication by powers of 2, use \fBBN_lshift\fR\|(3). +.PP +\&\fBBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR +(\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR. +This function is faster than BN_mul(r,a,a). +.PP +\&\fBBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the +remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may +be \fB\s-1NULL\s0\fR, in which case the respective value is not returned. +The result is rounded towards zero; thus if \fIa\fR is negative, the +remainder will be zero or negative. +For division by powers of 2, use \fBBN_rshift\fR\|(3). +.PP +\&\fBBN_mod()\fR corresponds to \fBBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. +.PP +\&\fBBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative +remainder in \fIr\fR. +.PP +\&\fBBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative +result in \fIr\fR. +.PP +\&\fBBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the +non-negative result in \fIr\fR. +.PP +\&\fBBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative +remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be +the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for +repeated computations using the same modulus, see +\&\fBBN_mod_mul_montgomery\fR\|(3) and +\&\fBBN_mod_mul_reciprocal\fR\|(3). +.PP +\&\fBBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the +result in \fIr\fR. +.PP +\&\fBBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR +(\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of +\&\fBBN_mul()\fR. +.PP +\&\fBBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p % +m\*(C'\fR). This function uses less time and space than \fBBN_exp()\fR. Do not call this +function when \fBm\fR is even and any of the parameters have the +\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set. +.PP +\&\fBBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and +places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or +\&\fIb\fR. +.PP +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +temporary variables; see \fBBN_CTX_new\fR\|(3). +.PP +Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from +the arguments. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For all functions, 1 is returned for success, 0 on error. The return +value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(C'\fR). +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_CTX_new\fR\|(3), +\&\fBBN_add_word\fR\|(3), \fBBN_set_bit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_add_word.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_add_word.3 new file mode 100644 index 00000000..9f4ba410 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_add_word.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_ADD_WORD 3" +.TH BN_ADD_WORD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic functions on BIGNUMs with integers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_add_word(BIGNUM *a, BN_ULONG w); +\& +\& int BN_sub_word(BIGNUM *a, BN_ULONG w); +\& +\& int BN_mul_word(BIGNUM *a, BN_ULONG w); +\& +\& BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +\& +\& BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions perform arithmetic operations on BIGNUMs with unsigned +integers. They are much more efficient than the normal \s-1BIGNUM\s0 +arithmetic operations. +.PP +\&\fBBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR). +.PP +\&\fBBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR). +.PP +\&\fBBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR). +.PP +\&\fBBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder. +.PP +\&\fBBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR). +.PP +For \fBBN_div_word()\fR and \fBBN_mod_word()\fR, \fBw\fR must not be 0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_add_word()\fR, \fBBN_sub_word()\fR and \fBBN_mul_word()\fR return 1 for success, 0 +on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). +.PP +\&\fBBN_mod_word()\fR and \fBBN_div_word()\fR return \fBa\fR%\fBw\fR on success and +\&\fB(\s-1BN_ULONG\s0)\-1\fR if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_bn2bin.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_bn2bin.3 new file mode 100644 index 00000000..17f55b92 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_bn2bin.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_BN2BIN 3" +.TH BN_BN2BIN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_bn2binpad, BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn \- format conversions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_bn2bin(const BIGNUM *a, unsigned char *to); +\& int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +\& BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +\& +\& int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +\& BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +\& +\& char *BN_bn2hex(const BIGNUM *a); +\& char *BN_bn2dec(const BIGNUM *a); +\& int BN_hex2bn(BIGNUM **a, const char *str); +\& int BN_dec2bn(BIGNUM **a, const char *str); +\& +\& int BN_print(BIO *fp, const BIGNUM *a); +\& int BN_print_fp(FILE *fp, const BIGNUM *a); +\& +\& int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +\& BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form +and stores it at \fBto\fR. \fBto\fR must point to BN_num_bytes(\fBa\fR) bytes of +memory. +.PP +\&\fBBN_bn2binpad()\fR also converts the absolute value of \fBa\fR into big-endian form +and stores it at \fBto\fR. \fBtolen\fR indicates the length of the output buffer +\&\fBto\fR. The result is padded with zeroes if necessary. If \fBtolen\fR is less than +BN_num_bytes(\fBa\fR) an error is returned. +.PP +\&\fBBN_bin2bn()\fR converts the positive integer in big-endian form of length +\&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is +\&\s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. +.PP +\&\fBBN_bn2lebinpad()\fR and \fBBN_lebin2bn()\fR are identical to \fBBN_bn2binpad()\fR and +\&\fBBN_bin2bn()\fR except the buffer is in little-endian format. +.PP +\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return printable strings containing the +hexadecimal and decimal encoding of \fBa\fR respectively. For negative +numbers, the string is prefaced with a leading '\-'. The string must be +freed later using \fBOPENSSL_free()\fR. +.PP +\&\fBBN_hex2bn()\fR takes as many characters as possible from the string \fBstr\fR, +including the leading character '\-' which means negative, to form a valid +hexadecimal number representation and converts them to a \fB\s-1BIGNUM\s0\fR and +stores it in **\fBa\fR. If *\fBa\fR is \s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. If +\&\fBa\fR is \s-1NULL,\s0 it only computes the length of valid representation. +A \*(L"negative zero\*(R" is converted to zero. +\&\fBBN_dec2bn()\fR is the same using the decimal system. +.PP +\&\fBBN_print()\fR and \fBBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR, +with a leading '\-' for negative numbers, to the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR +\&\fBfp\fR. +.PP +\&\fBBN_bn2mpi()\fR and \fBBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format +that consists of the number's length in bytes represented as a 4\-byte +big-endian number, and the number itself in big-endian format, where +the most significant bit signals a negative number (the representation +of numbers with the \s-1MSB\s0 set is prefixed with null byte). +.PP +\&\fBBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR +must be large enough to hold the result. The size can be determined by +calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0). +.PP +\&\fBBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to +a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR +if \fBret\fR is \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. +\&\fBBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error. +.PP +\&\fBBN_bn2binpad()\fR returns the number of bytes written or \-1 if the supplied +buffer is too small. +.PP +\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0 +on error. \fBBN_hex2bn()\fR and \fBBN_dec2bn()\fR return the number of characters +used in parsing, or 0 on error, in which +case no new \fB\s-1BIGNUM\s0\fR will be created. +.PP +\&\fBBN_print_fp()\fR and \fBBN_print()\fR return 1 on success, 0 on write errors. +.PP +\&\fBBN_bn2mpi()\fR returns the length of the representation. \fBBN_mpi2bn()\fR +returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_zero\fR\|(3), +\&\fBASN1_INTEGER_to_BN\fR\|(3), +\&\fBBN_num_bytes\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_cmp.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_cmp.3 new file mode 100644 index 00000000..0d949da2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_cmp.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_CMP 3" +.TH BN_CMP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- BIGNUM comparison and test functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_cmp(BIGNUM *a, BIGNUM *b); +\& int BN_ucmp(BIGNUM *a, BIGNUM *b); +\& +\& int BN_is_zero(BIGNUM *a); +\& int BN_is_one(BIGNUM *a); +\& int BN_is_word(BIGNUM *a, BN_ULONG w); +\& int BN_is_odd(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fBBN_ucmp()\fR compares their +absolute values. +.PP +\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR and \fBBN_is_word()\fR test if \fBa\fR equals 0, 1, +or \fBw\fR respectively. \fBBN_is_odd()\fR tests if a is odd. +.PP +\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR, \fBBN_is_word()\fR and \fBBN_is_odd()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if +\&\fBa\fR > \fBb\fR. \fBBN_ucmp()\fR is the same using the absolute values +of \fBa\fR and \fBb\fR. +.PP +\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR \fBBN_is_word()\fR and \fBBN_is_odd()\fR return 1 if +the condition is true, 0 otherwise. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_copy.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_copy.3 new file mode 100644 index 00000000..009cd642 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_copy.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_COPY 3" +.TH BN_COPY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_copy, BN_dup, BN_with_flags \- copy BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from); +\& +\& BIGNUM *BN_dup(const BIGNUM *from); +\& +\& void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fBBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR +containing the value \fBfrom\fR. +.PP +BN_with_flags creates a \fBtemporary\fR shallow copy of \fBb\fR in \fBdest\fR. It places +significant restrictions on the copied data. Applications that do no adhere to +these restrictions may encounter unexpected side effects or crashes. For that +reason use of this function is discouraged. Any flags provided in \fBflags\fR will +be set in \fBdest\fR in addition to any flags already set in \fBb\fR. For example this +might commonly be used to create a temporary copy of a \s-1BIGNUM\s0 with the +\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set for constant time operations. The temporary copy in +\&\fBdest\fR will share some internal state with \fBb\fR. For this reason the following +restrictions apply to the use of \fBdest\fR: +.IP "\(bu" 2 +\&\fBdest\fR should be a newly allocated \s-1BIGNUM\s0 obtained via a call to \fBBN_new()\fR. It +should not have been used for other purposes or initialised in any way. +.IP "\(bu" 2 +\&\fBdest\fR must only be used in \*(L"read-only\*(R" operations, i.e. typically those +functions where the relevant parameter is declared \*(L"const\*(R". +.IP "\(bu" 2 +\&\fBdest\fR must be used and freed before any further subsequent use of \fBb\fR +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fBBN_dup()\fR returns +the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained +by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_generate_prime.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_generate_prime.3 new file mode 100644 index 00000000..1f481ae8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_generate_prime.3 @@ -0,0 +1,341 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_GENERATE_PRIME 3" +.TH BN_GENERATE_PRIME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, +\& const BIGNUM *rem, BN_GENCB *cb); +\& +\& int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +\& +\& int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, +\& int do_trial_division, BN_GENCB *cb); +\& +\& int BN_GENCB_call(BN_GENCB *cb, int a, int b); +\& +\& BN_GENCB *BN_GENCB_new(void); +\& +\& void BN_GENCB_free(BN_GENCB *cb); +\& +\& void BN_GENCB_set_old(BN_GENCB *gencb, +\& void (*callback)(int, int, void *), void *cb_arg); +\& +\& void BN_GENCB_set(BN_GENCB *gencb, +\& int (*callback)(int, int, BN_GENCB *), void *cb_arg); +\& +\& void *BN_GENCB_get_arg(BN_GENCB *cb); +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& #if OPENSSL_API_COMPAT < 0x00908000L +\& BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add, +\& BIGNUM *rem, void (*callback)(int, int, void *), +\& void *cb_arg); +\& +\& int BN_is_prime(const BIGNUM *a, int checks, +\& void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg); +\& +\& int BN_is_prime_fasttest(const BIGNUM *a, int checks, +\& void (*callback)(int, int, void *), BN_CTX *ctx, +\& void *cb_arg, int do_trial_division); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_generate_prime_ex()\fR generates a pseudo-random prime number of +at least bit length \fBbits\fR. The returned number is probably prime +with a negligible error. If \fBadd\fR is \fB\s-1NULL\s0\fR the returned prime +number will have exact bit length \fBbits\fR with the top most two +bits set. +.PP +If \fBret\fR is not \fB\s-1NULL\s0\fR, it will be used to store the number. +.PP +If \fBcb\fR is not \fB\s-1NULL\s0\fR, it is used as follows: +.IP "\(bu" 2 +\&\fBBN_GENCB_call(cb, 0, i)\fR is called after generating the i\-th +potential prime number. +.IP "\(bu" 2 +While the number is being tested for primality, +\&\fBBN_GENCB_call(cb, 1, j)\fR is called as described below. +.IP "\(bu" 2 +When a prime has been found, \fBBN_GENCB_call(cb, 2, i)\fR is called. +.IP "\(bu" 2 +The callers of \fBBN_generate_prime_ex()\fR may call \fBBN_GENCB_call(cb, i, j)\fR with +other values as described in their respective man pages; see \*(L"\s-1SEE ALSO\*(R"\s0. +.PP +The prime may have to fulfill additional requirements for use in +Diffie-Hellman key exchange: +.PP +If \fBadd\fR is not \fB\s-1NULL\s0\fR, the prime will fulfill the condition p % \fBadd\fR +== \fBrem\fR (p % \fBadd\fR == 1 if \fBrem\fR == \fB\s-1NULL\s0\fR) in order to suit a given +generator. +.PP +If \fBsafe\fR is true, it will be a safe prime (i.e. a prime p so +that (p\-1)/2 is also prime). If \fBsafe\fR is true, and \fBrem\fR == \fB\s-1NULL\s0\fR +the condition will be p % \fBadd\fR == 3. +It is recommended that \fBadd\fR is a multiple of 4. +.PP +The random generator must be seeded prior to calling \fBBN_generate_prime_ex()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +\&\fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR test if the number \fBp\fR is +prime. The following tests are performed until one of them shows that +\&\fBp\fR is composite; if \fBp\fR passes all these tests, it is considered +prime. +.PP +\&\fBBN_is_prime_fasttest_ex()\fR, when called with \fBdo_trial_division == 1\fR, +first attempts trial division by a number of small primes; +if no divisors are found by this test and \fBcb\fR is not \fB\s-1NULL\s0\fR, +\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. +If \fBdo_trial_division == 0\fR, this test is skipped. +.PP +Both \fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR perform a Miller-Rabin +probabilistic primality test with \fBnchecks\fR iterations. If +\&\fBnchecks == BN_prime_checks\fR, a number of iterations is used that +yields a false positive rate of at most 2^\-64 for random input. +The error rate depends on the size of the prime and goes down for bigger primes. +The rate is 2^\-80 starting at 308 bits, 2^\-112 at 852 bits, 2^\-128 at 1080 bits, +2^\-192 at 3747 bits and 2^\-256 at 6394 bits. +.PP +When the source of the prime is not random or not trusted, the number +of checks needs to be much higher to reach the same level of assurance: +It should equal half of the targeted security level in bits (rounded up to the +next integer if necessary). +For instance, to reach the 128 bit security level, \fBnchecks\fR should be set to +64. +.PP +If \fBcb\fR is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, j)\fR is called +after the j\-th iteration (j = 0, 1, ...). \fBctx\fR is a +pre-allocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and +freeing the structure in a loop), or \fB\s-1NULL\s0\fR. +.PP +\&\fBBN_GENCB_call()\fR calls the callback function held in the \fB\s-1BN_GENCB\s0\fR structure +and passes the ints \fBa\fR and \fBb\fR as arguments. There are two types of +\&\fB\s-1BN_GENCB\s0\fR structure that are supported: \*(L"new\*(R" style and \*(L"old\*(R" style. New +programs should prefer the \*(L"new\*(R" style, whilst the \*(L"old\*(R" style is provided +for backwards compatibility purposes. +.PP +A \fB\s-1BN_GENCB\s0\fR structure should be created through a call to \fBBN_GENCB_new()\fR, +and freed through a call to \fBBN_GENCB_free()\fR. +.PP +For \*(L"new\*(R" style callbacks a \s-1BN_GENCB\s0 structure should be initialised with a +call to \fBBN_GENCB_set()\fR, where \fBgencb\fR is a \fB\s-1BN_GENCB\s0 *\fR, \fBcallback\fR is of +type \fBint (*callback)(int, int, \s-1BN_GENCB\s0 *)\fR and \fBcb_arg\fR is a \fBvoid *\fR. +\&\*(L"Old\*(R" style callbacks are the same except they are initialised with a call +to \fBBN_GENCB_set_old()\fR and \fBcallback\fR is of type +\&\fBvoid (*callback)(int, int, void *)\fR. +.PP +A callback is invoked through a call to \fBBN_GENCB_call\fR. This will check +the type of the callback and will invoke \fBcallback(a, b, gencb)\fR for new +style callbacks or \fBcallback(a, b, cb_arg)\fR for old style. +.PP +It is possible to obtain the argument associated with a \s-1BN_GENCB\s0 structure +(set via a call to BN_GENCB_set or BN_GENCB_set_old) using BN_GENCB_get_arg. +.PP +\&\fBBN_generate_prime()\fR (deprecated) works in the same way as +\&\fBBN_generate_prime_ex()\fR but expects an old-style callback function +directly in the \fBcallback\fR parameter, and an argument to pass to it in +the \fBcb_arg\fR. \fBBN_is_prime()\fR and \fBBN_is_prime_fasttest()\fR +can similarly be compared to \fBBN_is_prime_ex()\fR and +\&\fBBN_is_prime_fasttest_ex()\fR, respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_generate_prime_ex()\fR return 1 on success or 0 on error. +.PP +\&\fBBN_is_prime_ex()\fR, \fBBN_is_prime_fasttest_ex()\fR, \fBBN_is_prime()\fR and +\&\fBBN_is_prime_fasttest()\fR return 0 if the number is composite, 1 if it is +prime with an error probability of less than 0.25^\fBnchecks\fR, and +\&\-1 on error. +.PP +\&\fBBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise. +.PP +BN_GENCB_new returns a pointer to a \s-1BN_GENCB\s0 structure on success, or \fB\s-1NULL\s0\fR +otherwise. +.PP +BN_GENCB_get_arg returns the argument previously associated with a \s-1BN_GENCB\s0 +structure. +.PP +Callback functions should return 1 on success or 0 on error. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "REMOVED FUNCTIONALITY" +.IX Header "REMOVED FUNCTIONALITY" +As of OpenSSL 1.1.0 it is no longer possible to create a \s-1BN_GENCB\s0 structure +directly, as in: +.PP +.Vb 1 +\& BN_GENCB callback; +.Ve +.PP +Instead applications should create a \s-1BN_GENCB\s0 structure using BN_GENCB_new: +.PP +.Vb 6 +\& BN_GENCB *callback; +\& callback = BN_GENCB_new(); +\& if (!callback) +\& /* error */ +\& ... +\& BN_GENCB_free(callback); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_generate_parameters\fR\|(3), \fBDSA_generate_parameters\fR\|(3), +\&\fBRSA_generate_key\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBN_GENCB_new()\fR, \fBBN_GENCB_free()\fR, +and \fBBN_GENCB_get_arg()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_mod_inverse.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_mod_inverse.3 new file mode 100644 index 00000000..0ab1f7eb --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_mod_inverse.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_INVERSE 3" +.TH BN_MOD_INVERSE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_inverse \- compute inverse modulo n +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n, +\& BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR +places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL,\s0 +a new \fB\s-1BIGNUM\s0\fR is created. +.PP +\&\fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary +variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and +\&\s-1NULL\s0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_mod_mul_montgomery.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_mod_mul_montgomery.3 new file mode 100644 index 00000000..d8fd3b1a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_mod_mul_montgomery.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_MUL_MONTGOMERY 3" +.TH BN_MOD_MUL_MONTGOMERY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, BN_from_montgomery, BN_to_montgomery \- Montgomery multiplication +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_MONT_CTX *BN_MONT_CTX_new(void); +\& void BN_MONT_CTX_free(BN_MONT_CTX *mont); +\& +\& int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx); +\& BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +\& +\& int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, +\& BN_MONT_CTX *mont, BN_CTX *ctx); +\& +\& int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, +\& BN_CTX *ctx); +\& +\& int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, +\& BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions implement Montgomery multiplication. They are used +automatically when \fBBN_mod_exp\fR\|(3) is called with suitable input, +but they may be useful when several operations are to be performed +using the same modulus. +.PP +\&\fBBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. +.PP +\&\fBBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR +by precomputing its inverse and a value R. +.PP +\&\fBBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR. +.PP +\&\fBBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if +it was created by \fBBN_MONT_CTX_new()\fR, also the structure itself. +If \fBmont\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places +the result in \fIr\fR. +.PP +\&\fBBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1. +.PP +\&\fBBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. +Note that \fIa\fR must be non-negative and smaller than the modulus. +.PP +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +temporary variables. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0 +on error. +.PP +\&\fBBN_MONT_CTX_free()\fR has no return value. +.PP +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +The inputs must be reduced modulo \fBm\fR, otherwise the result will be +outside the expected range. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), +\&\fBBN_CTX_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBN_MONT_CTX_init()\fR was removed in OpenSSL 1.1.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_mod_mul_reciprocal.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_mod_mul_reciprocal.3 new file mode 100644 index 00000000..7a9d3be8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_mod_mul_reciprocal.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_MUL_RECIPROCAL 3" +.TH BN_MOD_MUL_RECIPROCAL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_free, BN_RECP_CTX_set \- modular multiplication using reciprocal +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_RECP_CTX *BN_RECP_CTX_new(void); +\& void BN_RECP_CTX_free(BN_RECP_CTX *recp); +\& +\& int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp, +\& BN_CTX *ctx); +\& +\& int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b, +\& BN_RECP_CTX *recp, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_mod_mul_reciprocal()\fR can be used to perform an efficient +\&\fBBN_mod_mul\fR\|(3) operation when the operation will be performed +repeatedly with the same modulus. It computes \fBr\fR=(\fBa\fR*\fBb\fR)%\fBm\fR +using \fBrecp\fR=1/\fBm\fR, which is set as described below. \fBctx\fR is a +previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. +.PP +\&\fBBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure. +.PP +\&\fBBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it +was created by \fBBN_RECP_CTX_new()\fR, also the structure itself. +If \fBrecp\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing +1/\fBm\fR and shifting it left by BN_num_bits(\fBm\fR)+1 to make it an +integer. The result and the number of bits it was shifted left will +later be stored in \fBrecp\fR. +.PP +\&\fBBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient +in \fBdv\fR and the remainder in \fBrem\fR. +.PP +The \fB\s-1BN_RECP_CTX\s0\fR structure cannot be shared between threads. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0 +on error. +.PP +\&\fBBN_RECP_CTX_free()\fR has no return value. +.PP +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), +\&\fBBN_CTX_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBN_RECP_CTX_init()\fR was removed in OpenSSL 1.1.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_new.3 new file mode 100644 index 00000000..2a59e453 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_new.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_NEW 3" +.TH BN_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIGNUM *BN_new(void); +\& +\& BIGNUM *BN_secure_new(void); +\& +\& void BN_clear(BIGNUM *a); +\& +\& void BN_free(BIGNUM *a); +\& +\& void BN_clear_free(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. +\&\fBBN_secure_new()\fR does the same except that the secure heap +\&\fBOPENSSL_secure_malloc\fR\|(3) is used to store the value. +.PP +\&\fBBN_clear()\fR is used to destroy sensitive data such as keys when they +are no longer needed. It erases the memory used by \fBa\fR and sets it +to the value 0. +If \fBa\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created +by \fBBN_new()\fR, also the structure itself. \fBBN_clear_free()\fR additionally +overwrites the data before the memory is returned to the system. +If \fBa\fR is \s-1NULL,\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_new()\fR and \fBBN_secure_new()\fR +return a pointer to the \fB\s-1BIGNUM\s0\fR initialised to the value 0. +If the allocation fails, +they return \fB\s-1NULL\s0\fR and set an error code that can be obtained +by \fBERR_get_error\fR\|(3). +.PP +\&\fBBN_clear()\fR, \fBBN_free()\fR and \fBBN_clear_free()\fR have no return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBOPENSSL_secure_malloc\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBN_init()\fR was removed in OpenSSL 1.1.0; use \fBBN_new()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_num_bytes.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_num_bytes.3 new file mode 100644 index 00000000..a3002753 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_num_bytes.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_NUM_BYTES 3" +.TH BN_NUM_BYTES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_num_bits, BN_num_bytes, BN_num_bits_word \- get BIGNUM size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_num_bytes(const BIGNUM *a); +\& +\& int BN_num_bits(const BIGNUM *a); +\& +\& int BN_num_bits_word(BN_ULONG w); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes. +.PP +\&\fBBN_num_bits_word()\fR returns the number of significant bits in a word. +If we take 0x00000432 as an example, it returns 11, not 16, not 32. +Basically, except for a zero, it returns \fIfloor(log2(w))+1\fR. +.PP +\&\fBBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR, +following the same principle as \fBBN_num_bits_word()\fR. +.PP +\&\fBBN_num_bytes()\fR is a macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The size. +.SH "NOTES" +.IX Header "NOTES" +Some have tried using \fBBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys, +\&\s-1DH\s0 keys and \s-1DSA\s0 keys, and found that they don't always come up with +the number of bits they expected (something like 512, 1024, 2048, +\&...). This is because generating a number with some specific number +of bits doesn't always set the highest bits, thereby making the number +of \fIsignificant\fR bits a little lower. If you want to know the \*(L"key +size\*(R" of such a key, either use functions like \fBRSA_size()\fR, \fBDH_size()\fR +and \fBDSA_size()\fR, or use \fBBN_num_bytes()\fR and multiply with 8 (although +there's no real guarantee that will match the \*(L"key size\*(R", just a lot +more probability). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_size\fR\|(3), \fBDSA_size\fR\|(3), +\&\fBRSA_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_rand.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_rand.3 new file mode 100644 index 00000000..a022b1f9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_rand.3 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_RAND 3" +.TH BN_RAND 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_rand, BN_priv_rand, BN_pseudo_rand, BN_rand_range, BN_priv_rand_range, BN_pseudo_rand_range \&\- generate pseudo\-random number +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& +\& int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& +\& int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& +\& int BN_rand_range(BIGNUM *rnd, BIGNUM *range); +\& +\& int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range); +\& +\& int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_rand()\fR generates a cryptographically strong pseudo-random number of +\&\fBbits\fR in length and stores it in \fBrnd\fR. +If \fBbits\fR is less than zero, or too small to +accommodate the requirements specified by the \fBtop\fR and \fBbottom\fR +parameters, an error is returned. +The \fBtop\fR parameters specifies +requirements on the most significant bit of the generated number. +If it is \fB\s-1BN_RAND_TOP_ANY\s0\fR, there is no constraint. +If it is \fB\s-1BN_RAND_TOP_ONE\s0\fR, the top bit must be one. +If it is \fB\s-1BN_RAND_TOP_TWO\s0\fR, the two most significant bits of +the number will be set to 1, so that the product of two such random +numbers will always have 2*\fBbits\fR length. +If \fBbottom\fR is \fB\s-1BN_RAND_BOTTOM_ODD\s0\fR, the number will be odd; if it +is \fB\s-1BN_RAND_BOTTOM_ANY\s0\fR it can be odd or even. +If \fBbits\fR is 1 then \fBtop\fR cannot also be \fB\s-1BN_RAND_FLG_TOPTWO\s0\fR. +.PP +\&\fBBN_rand_range()\fR generates a cryptographically strong pseudo-random +number \fBrnd\fR in the range 0 <= \fBrnd\fR < \fBrange\fR. +.PP +\&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR have the same semantics as +\&\fBBN_rand()\fR and \fBBN_rand_range()\fR respectively. They are intended to be +used for generating values that should remain private, and mirror the +same difference between \fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +Always check the error return value of these functions and do not take +randomness for granted: an error occurs if the \s-1CSPRNG\s0 has not been +seeded with enough randomness to ensure an unpredictable byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return 1 on success, 0 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_priv_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +.IP "\(bu" 2 +Starting with OpenSSL release 1.1.0, \fBBN_pseudo_rand()\fR has been identical +to \fBBN_rand()\fR and \fBBN_pseudo_rand_range()\fR has been identical to +\&\fBBN_rand_range()\fR. +The \*(L"pseudo\*(R" functions should not be used and may be deprecated in +a future release. +.IP "\(bu" 2 +The +\&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_security_bits.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_security_bits.3 new file mode 100644 index 00000000..b767c21f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_security_bits.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_SECURITY_BITS 3" +.TH BN_SECURITY_BITS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_security_bits \- returns bits of security based on given numbers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_security_bits(int L, int N); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_security_bits()\fR returns the number of bits of security provided by a +specific algorithm and a particular key size. The bits of security is +defined in \s-1NIST SP800\-57.\s0 Currently, \fBBN_security_bits()\fR support two types +of asymmetric algorithms: the \s-1FFC\s0 (Finite Field Cryptography) and \s-1IFC\s0 +(Integer Factorization Cryptography). For \s-1FFC,\s0 e.g., \s-1DSA\s0 and \s-1DH,\s0 both +parameters \fBL\fR and \fBN\fR are used to decide the bits of security, where +\&\fBL\fR is the size of the public key and \fBN\fR is the size of the private +key. For \s-1IFC,\s0 e.g., \s-1RSA,\s0 only \fBL\fR is used and it's commonly considered +to be the key size (modulus). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Number of security bits. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1ECC\s0 (Elliptic Curve Cryptography) is not covered by the \fBBN_security_bits()\fR +function. The symmetric algorithms are not covered neither. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_security_bits\fR\|(3), \fBDSA_security_bits\fR\|(3), \fBRSA_security_bits\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBN_security_bits()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_set_bit.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_set_bit.3 new file mode 100644 index 00000000..3ed23ffa --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_set_bit.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_SET_BIT 3" +.TH BN_SET_BIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, BN_lshift1, BN_rshift, BN_rshift1 \- bit operations on BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_set_bit(BIGNUM *a, int n); +\& int BN_clear_bit(BIGNUM *a, int n); +\& +\& int BN_is_bit_set(const BIGNUM *a, int n); +\& +\& int BN_mask_bits(BIGNUM *a, int n); +\& +\& int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +\& int BN_lshift1(BIGNUM *r, BIGNUM *a); +\& +\& int BN_rshift(BIGNUM *r, BIGNUM *a, int n); +\& int BN_rshift1(BIGNUM *r, BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<>n)\*(C'\fR). An error occurs if \fBa\fR already is +shorter than \fBn\fR bits. +.PP +\&\fBBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_lshift1()\fR shifts +\&\fBa\fR left by one and places the result in \fBr\fR (\f(CW\*(C`r=2*a\*(C'\fR). +.PP +\&\fBBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_rshift1()\fR shifts +\&\fBa\fR right by one and places the result in \fBr\fR (\f(CW\*(C`r=a/2\*(C'\fR). +.PP +For the shift functions, \fBr\fR and \fBa\fR may be the same variable. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise. +.PP +All other functions return 1 for success, 0 on error. The error codes +can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_num_bytes\fR\|(3), \fBBN_add\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_swap.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_swap.3 new file mode 100644 index 00000000..0b1fcd5c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_swap.3 @@ -0,0 +1,163 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_SWAP 3" +.TH BN_SWAP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_swap \- exchange BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BN_swap(BIGNUM *a, BIGNUM *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_swap()\fR does not return a value. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_zero.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_zero.3 new file mode 100644 index 00000000..bf442191 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BN_zero.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_ZERO 3" +.TH BN_ZERO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- BIGNUM assignment operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BN_zero(BIGNUM *a); +\& int BN_one(BIGNUM *a); +\& +\& const BIGNUM *BN_value_one(void); +\& +\& int BN_set_word(BIGNUM *a, BN_ULONG w); +\& unsigned BN_ULONG BN_get_word(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1BN_ULONG\s0\fR is a macro that will be an unsigned integral type optimized +for the most efficient implementation on the local platform. +.PP +\&\fBBN_zero()\fR, \fBBN_one()\fR and \fBBN_set_word()\fR set \fBa\fR to the values 0, 1 and +\&\fBw\fR respectively. \fBBN_zero()\fR and \fBBN_one()\fR are macros. +.PP +\&\fBBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant +is useful for use in comparisons and assignment. +.PP +\&\fBBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot +be represented as a single integer. +.PP +\&\fBBN_one()\fR and \fBBN_set_word()\fR return 1 on success, 0 otherwise. +\&\fBBN_value_one()\fR returns the constant. +\&\fBBN_zero()\fR never fails and returns no value. +.SH "BUGS" +.IX Header "BUGS" +If a \fB\s-1BIGNUM\s0\fR is equal to the value of all-bits-set, it will collide +with the error condition returned by \fBBN_get_word()\fR which uses that +as an error value. +.PP +\&\fB\s-1BN_ULONG\s0\fR should probably be a typedef. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_bn2bin\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +In OpenSSL 0.9.8, \fBBN_zero()\fR was changed to not return a value; previous +versions returned an int. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BUF_MEM_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BUF_MEM_new.3 new file mode 100644 index 00000000..9cf92773 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/BUF_MEM_new.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BUF_MEM_NEW 3" +.TH BUF_MEM_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, BUF_MEM_grow_clean, BUF_reverse \&\- simple character array structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BUF_MEM *BUF_MEM_new(void); +\& +\& BUF_MEM *BUF_MEM_new_ex(unsigned long flags); +\& +\& void BUF_MEM_free(BUF_MEM *a); +\& +\& int BUF_MEM_grow(BUF_MEM *str, int len); +\& size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +\& +\& void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The buffer library handles simple character arrays. Buffers are used for +various purposes in the library, most notably memory BIOs. +.PP +\&\fBBUF_MEM_new()\fR allocates a new buffer of zero size. +.PP +\&\fBBUF_MEM_new_ex()\fR allocates a buffer with the specified flags. +The flag \fB\s-1BUF_MEM_FLAG_SECURE\s0\fR specifies that the \fBdata\fR pointer +should be allocated on the secure heap; see \fBCRYPTO_secure_malloc\fR\|(3). +.PP +\&\fBBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed +before freeing up in case the buffer contains sensitive data. +.PP +\&\fBBUF_MEM_grow()\fR changes the size of an already existing buffer to +\&\fBlen\fR. Any data already in the buffer is preserved if it increases in +size. +.PP +\&\fBBUF_MEM_grow_clean()\fR is similar to \fBBUF_MEM_grow()\fR but it sets any free'd +or additionally-allocated memory to zero. +.PP +\&\fBBUF_reverse()\fR reverses \fBsize\fR bytes at \fBin\fR into \fBout\fR. If \fBin\fR +is \s-1NULL,\s0 the array is reversed in-place. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error. +.PP +\&\fBBUF_MEM_free()\fR has no return value. +.PP +\&\fBBUF_MEM_grow()\fR and \fBBUF_MEM_grow_clean()\fR return +zero on error or the new size (i.e., \fBlen\fR). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBbio\fR\|(7), +\&\fBCRYPTO_secure_malloc\fR\|(3). +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBUF_MEM_new_ex()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_add0_cert.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_add0_cert.3 new file mode 100644 index 00000000..e0b7505f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_add0_cert.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ADD0_CERT 3" +.TH CMS_ADD0_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls \&\- CMS certificate and CRL utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +\& int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +\& STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); +\& +\& int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +\& int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +\& STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_add0_cert()\fR and \fBCMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR. +must be of type signed data or enveloped data. +.PP +\&\fBCMS_get1_certs()\fR returns all certificates in \fBcms\fR. +.PP +\&\fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fBCMS_get1_crls()\fR +returns any CRLs in \fBcms\fR. +.SH "NOTES" +.IX Header "NOTES" +The CMS_ContentInfo structure \fBcms\fR must be of type signed data or enveloped +data or an error will be returned. +.PP +For signed data certificates and CRLs are added to the \fBcertificates\fR and +\&\fBcrls\fR fields of SignedData structure. For enveloped data they are added to +\&\fBOriginatorInfo\fR. +.PP +As the \fB0\fR implies \fBCMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it +must not be freed up after the call as opposed to \fBCMS_add1_cert()\fR where \fBcert\fR +must be freed up. +.PP +The same certificate or \s-1CRL\s0 must not be added to the same cms structure more +than once. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_add0_cert()\fR, \fBCMS_add1_cert()\fR and \fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR return +1 for success and 0 for failure. +.PP +\&\fBCMS_get1_certs()\fR and \fBCMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs +or \s-1NULL\s0 if there are none or an error occurs. The only error which will occur +in practice is if the \fBcms\fR type is invalid. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_add1_recipient_cert.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_add1_recipient_cert.3 new file mode 100644 index 00000000..909c19b7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_add1_recipient_cert.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ADD1_RECIPIENT_CERT 3" +.TH CMS_ADD1_RECIPIENT_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_add1_recipient_cert, CMS_add0_recipient_key \- add recipients to a CMS enveloped data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, +\& X509 *recip, unsigned int flags); +\& +\& CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, +\& unsigned char *key, size_t keylen, +\& unsigned char *id, size_t idlen, +\& ASN1_GENERALIZEDTIME *date, +\& ASN1_OBJECT *otherTypeId, +\& ASN1_TYPE *otherType); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped +data structure \fBcms\fR as a KeyTransRecipientInfo structure. +.PP +\&\fBCMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using +wrapping algorithm \fBnid\fR, identifier \fBid\fR of length \fBidlen\fR and optional +values \fBdate\fR, \fBotherTypeId\fR and \fBotherType\fR to CMS_ContentInfo enveloped +data structure \fBcms\fR as a KEKRecipientInfo structure. +.PP +The CMS_ContentInfo structure should be obtained from an initial call to +\&\fBCMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of this function is to provide finer control over a \s-1CMS\s0 +enveloped data structure where the simpler \fBCMS_encrypt()\fR function defaults are +not appropriate. For example if one or more KEKRecipientInfo structures +need to be added. New attributes can also be added using the returned +CMS_RecipientInfo structure and the \s-1CMS\s0 attribute utility functions. +.PP +OpenSSL will by default identify recipient certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension. +.PP +Currently only \s-1AES\s0 based key wrapping algorithms are supported for \fBnid\fR, +specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. +If \fBnid\fR is set to \fBNID_undef\fR then an \s-1AES\s0 wrap algorithm will be used +consistent with \fBkeylen\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_add1_recipient_cert()\fR and \fBCMS_add0_recipient_key()\fR return an internal +pointer to the CMS_RecipientInfo structure just added or \s-1NULL\s0 if an error +occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3), +\&\fBCMS_final\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_add1_signer.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_add1_signer.3 new file mode 100644 index 00000000..0969ff62 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_add1_signer.3 @@ -0,0 +1,238 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ADD1_SIGNER 3" +.TH CMS_ADD1_SIGNER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert, +\& EVP_PKEY *pkey, const EVP_MD *md, +\& unsigned int flags); +\& +\& int CMS_SignerInfo_sign(CMS_SignerInfo *si); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private +key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData +structure \fBcms\fR. +.PP +The CMS_ContentInfo structure should be obtained from an initial call to +\&\fBCMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a +valid CMS_ContentInfo SignedData structure. +.PP +If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public +key algorithm will be used. +.PP +Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo +structure is not complete and must be finalized either by streaming (if +applicable) or a call to \fBCMS_final()\fR. +.PP +The \fBCMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo +structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags +are both set. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of \fBCMS_add1_signer()\fR is to provide finer control +over a \s-1CMS\s0 signed data structure where the simpler \fBCMS_sign()\fR function defaults +are not appropriate. For example if multiple signers or non default digest +algorithms are needed. New attributes can also be added using the returned +CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the +\&\s-1CMS\s0 signed receipt request functions. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +If \fB\s-1CMS_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content +digest value from the CMS_ContentInfo structure: to add a signer to an existing +structure. An error occurs if a matching digest value cannot be found to copy. +The returned CMS_ContentInfo structure will be valid and finalized when this +flag is set. +.PP +If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the +CMS_SignerInfo structure will not be finalized so additional attributes +can be added. In this case an explicit call to \fBCMS_SignerInfo_sign()\fR is +needed to finalize it. +.PP +If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the \fBsigncert\fR parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. +.PP +The SignedData structure includes several \s-1CMS\s0 signedAttributes including the +signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an +SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes +will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +OpenSSL will by default identify signing certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit \s-1AES,\s0 Gost R3411\-94, Gost 28147\-89, 192 +bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 +If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is +not loaded. +.PP +\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +structure just added, this can be used to set additional attributes +before it is finalized. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +structure just added or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_final\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_compress.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_compress.3 new file mode 100644 index 00000000..b3097108 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_compress.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_COMPRESS 3" +.TH CMS_COMPRESS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_compress \- create a CMS CompressedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR +is the compression algorithm to use or \fBNID_undef\fR to use the default +algorithm (zlib compression). \fBin\fR is the content to be compressed. +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +The only currently supported compression algorithm is zlib using the \s-1NID\s0 +NID_zlib_compression. +.PP +If zlib support is not compiled into OpenSSL then \fBCMS_compress()\fR will return +an error. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then +\&\fB\s-1CMS_TEXT\s0\fR is ignored. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.PP +The compressed data is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in +practice and is not supported by \fBSMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, +\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fBBIO_new_CMS()\fR. +.PP +Additional compression parameters such as the zlib compression level cannot +currently be set. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_uncompress\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1CMS_STREAM\s0\fR flag was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_decrypt.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_decrypt.3 new file mode 100644 index 00000000..d0c8c8f3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_decrypt.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_DECRYPT 3" +.TH CMS_DECRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_decrypt \- decrypt content from a CMS envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, +\& BIO *dcont, BIO *out, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData +structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the +recipient's certificate, \fBout\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.PP +The \fBdcont\fR parameter is used in the rare case where the encrypted content +is detached. It will normally be set to \s-1NULL.\s0 +.SH "NOTES" +.IX Header "NOTES" +Although the recipients certificate is not needed to decrypt the data it is +needed to locate the appropriate (of possible several) recipients in the \s-1CMS\s0 +structure. +.PP +If \fBcert\fR is set to \s-1NULL\s0 all possible recipients are tried. This case however +is problematic. To thwart the \s-1MMA\s0 attack (Bleichenbacher's attack on +\&\s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are tried whether they succeed or +not. If no recipient succeeds then a random symmetric key is used to decrypt +the content: this will typically output garbage and may (but is not guaranteed +to) ultimately return a padding error only. If \fBCMS_decrypt()\fR just returned an +error when all recipient encrypted keys failed to decrypt an attacker could +use this in a timing attack. If the special flag \fB\s-1CMS_DEBUG_DECRYPT\s0\fR is set +then the above behaviour is modified and an error \fBis\fR returned if no +recipient encrypted key can be decrypted \fBwithout\fR generating a random +content encryption key. Applications should use this flag with +\&\fBextreme caution\fR especially in automated gateways as it can leave them +open to attack. +.PP +It is possible to determine the correct recipient key by other means (for +example looking them up in a database) and setting them in the \s-1CMS\s0 structure +in advance using the \s-1CMS\s0 utility functions such as \fBCMS_set1_pkey()\fR. In this +case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL.\s0 +.PP +To process KEKRecipientInfo types \fBCMS_set1_key()\fR or \fBCMS_RecipientInfo_set0_key()\fR +and \fBCMS_RecipientInfo_decrypt()\fR should be called before \fBCMS_decrypt()\fR and +\&\fBcert\fR and \fBpkey\fR set to \s-1NULL.\s0 +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The lack of single pass processing and the need to hold all data in memory as +mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decrypt()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_encrypt.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_encrypt.3 new file mode 100644 index 00000000..ed9ef4d1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_encrypt.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ENCRYPT 3" +.TH CMS_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_encrypt \- create a CMS envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, +\& const EVP_CIPHER *cipher, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR +is a list of recipient certificates. \fBin\fR is the content to be encrypted. +\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this +function. +.PP +\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +because most clients will support it. +.PP +The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of +its parameters. +.PP +Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to +\&\fBCMS_encrypt()\fR. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then +\&\fB\s-1CMS_TEXT\s0\fR is ignored. +.PP +OpenSSL will by default identify recipient certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.PP +If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned to which additional recipients and attributes can be added before +finalization. +.PP +The data being encrypted is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in +practice and is not supported by \fBSMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, +\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fBBIO_new_CMS()\fR. +.PP +The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info +structure. KEKRecipientInfo is also supported using the flag \fB\s-1CMS_PARTIAL\s0\fR +and \fBCMS_add0_recipient_key()\fR. +.PP +The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients +added later using \fBCMS_add1_recipient_cert()\fR or \fBCMS_add0_recipient_key()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_final.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_final.3 new file mode 100644 index 00000000..61d65fc8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_final.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_FINAL 3" +.TH CMS_FINAL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_final \- finalise a CMS_ContentInfo structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_final()\fR finalises the structure \fBcms\fR. Its purpose is to perform any +operations necessary on \fBcms\fR (digest computation for example) and set the +appropriate fields. The parameter \fBdata\fR contains the content to be +processed. The \fBdcont\fR parameter contains a \s-1BIO\s0 to write content to after +processing: this is only used with detached data and will usually be set to +\&\s-1NULL.\s0 +.SH "NOTES" +.IX Header "NOTES" +This function will normally be called when the \fB\s-1CMS_PARTIAL\s0\fR flag is used. It +should only be used when streaming is not performed because the streaming +I/O functions perform finalisation operations internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_final()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_get0_RecipientInfos.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_get0_RecipientInfos.3 new file mode 100644 index 00000000..07bf5d24 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_get0_RecipientInfos.3 @@ -0,0 +1,265 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET0_RECIPIENTINFOS 3" +.TH CMS_GET0_RECIPIENTINFOS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt \&\- CMS envelopedData RecipientInfo routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +\& int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +\& +\& int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, +\& ASN1_OCTET_STRING **keyid, +\& X509_NAME **issuer, +\& ASN1_INTEGER **sno); +\& int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +\& int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +\& +\& int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, +\& ASN1_OCTET_STRING **pid, +\& ASN1_GENERALIZEDTIME **pdate, +\& ASN1_OBJECT **potherid, +\& ASN1_TYPE **pothertype); +\& int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, +\& const unsigned char *id, size_t idlen); +\& int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, +\& unsigned char *key, size_t keylen); +\& +\& int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +\& int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBCMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo +structures associated with a \s-1CMS\s0 EnvelopedData structure. +.PP +\&\fBCMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR. +It will currently return \s-1CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, +CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS,\s0 or \s-1CMS_RECIPINFO_OTHER.\s0 +.PP +\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient +identifier associated with a specific CMS_RecipientInfo structure \fBri\fR, which +must be of type \s-1CMS_RECIPINFO_TRANS.\s0 Either the keyidentifier will be set in +\&\fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR. +.PP +\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the +CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS.\s0 +It returns zero if the comparison is successful and non zero if not. +.PP +\&\fBCMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with +the CMS_RecipientInfo structure \fBri\fR, which must be of type +\&\s-1CMS_RECIPINFO_TRANS.\s0 +.PP +\&\fBCMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the +CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK.\s0 Any +of the remaining parameters can be \s-1NULL\s0 if the application is not interested in +the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written +to the corresponding parameter. The keyEncryptionAlgorithm field is written to +\&\fBpalg\fR, the \fBkeyIdentifier\fR field is written to \fBpid\fR, the \fBdate\fR field if +present is written to \fBpdate\fR, if the \fBother\fR field is present the components +\&\fBkeyAttrId\fR and \fBkeyAttr\fR are written to parameters \fBpotherid\fR and +\&\fBpothertype\fR. +.PP +\&\fBCMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR +parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR, +which must be of type \s-1CMS_RECIPINFO_KEK.\s0 It returns zero if the comparison is +successful and non zero if not. +.PP +\&\fBCMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length +\&\fBkeylen\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type +\&\s-1CMS_RECIPINFO_KEK.\s0 +.PP +\&\fBCMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure +\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure +first. +.PP +\&\fBCMS_RecipientInfo_encrypt()\fR attempts to encrypt CMS_RecipientInfo structure +\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure +first and the content encryption key must be available: for example by a +previous call to \fBCMS_RecipientInfo_decrypt()\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of these functions is to enable an application to lookup +recipient keys using any appropriate technique when the simpler method +of \fBCMS_decrypt()\fR is not appropriate. +.PP +In typical usage and application will retrieve all CMS_RecipientInfo structures +using \fBCMS_get0_RecipientInfos()\fR and check the type of each using +\&\fBCMS_RecipientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure +can be ignored or its key identifier data retrieved using an appropriate +function. Then if the corresponding secret or private key can be obtained by +any appropriate means it can then associated with the structure and +\&\fBCMS_RecipientInfo_decrypt()\fR called. If successful \fBCMS_decrypt()\fR can be called +with a \s-1NULL\s0 key to decrypt the enveloped content. +.PP +The \fBCMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an +existing enveloped data structure. Typically an application will first decrypt +an appropriate CMS_RecipientInfo structure to make the content encrypt key +available, it will then add a new recipient using a function such as +\&\fBCMS_add1_recipient_cert()\fR and finally encrypt the content encryption key +using \fBCMS_RecipientInfo_encrypt()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if +an error occurs. +.PP +\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR, \fBCMS_RecipientInfo_set0_pkey()\fR, +\&\fBCMS_RecipientInfo_kekri_get0_id()\fR, \fBCMS_RecipientInfo_set0_key()\fR and +\&\fBCMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs. +\&\fBCMS_RecipientInfo_encrypt()\fR return 1 for success or 0 if an error occurs. +.PP +\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR and \fBCMS_RecipientInfo_kekri_cmp()\fR return 0 +for a successful comparison and non zero otherwise. +.PP +Any error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_get0_SignerInfos.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_get0_SignerInfos.3 new file mode 100644 index 00000000..c57544f3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_get0_SignerInfos.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET0_SIGNERINFOS 3" +.TH CMS_GET0_SIGNERINFOS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_SignerInfo_set1_signer_cert, CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp \&\- CMS signedData signer functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); +\& +\& int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, +\& X509_NAME **issuer, ASN1_INTEGER **sno); +\& ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +\& int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +\& void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBCMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures +associated with a \s-1CMS\s0 signedData structure. +.PP +\&\fBCMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier +associated with a specific CMS_SignerInfo structure \fBsi\fR. Either the +keyidentifier will be set in \fBkeyid\fR or \fBboth\fR issuer name and serial number +in \fBissuer\fR and \fBsno\fR. +.PP +\&\fBCMS_SignerInfo_get0_signature()\fR retrieves the signature associated with +\&\fBsi\fR in a pointer to an \s-1ASN1_OCTET_STRING\s0 structure. This pointer returned +corresponds to the internal signature value if \fBsi\fR so it may be read or +modified. +.PP +\&\fBCMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer +identifier \fBsi\fR. It returns zero if the comparison is successful and non zero +if not. +.PP +\&\fBCMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to +\&\fBsigner\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of these functions is to enable an application to lookup +signers certificates using any appropriate technique when the simpler method +of \fBCMS_verify()\fR is not appropriate. +.PP +In typical usage and application will retrieve all CMS_SignerInfo structures +using \fBCMS_get0_SignerInfo()\fR and retrieve the identifier information using +\&\s-1CMS.\s0 It will then obtain the signer certificate by some unspecified means +(or return and error if it cannot be found) and set it using +\&\fBCMS_SignerInfo_set1_signer_cert()\fR. +.PP +Once all signer certificates have been set \fBCMS_verify()\fR can be used. +.PP +Although \fBCMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if +there are no signers this is not a problem in practice because the only +error which can occur is if the \fBcms\fR structure is not of type signedData +due to application error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there +are no signers or an error occurs. +.PP +\&\fBCMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure. +.PP +\&\fBCMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non +zero otherwise. +.PP +\&\fBCMS_SignerInfo_set1_signer_cert()\fR does not return a value. +.PP +Any error can be obtained from \fBERR_get_error\fR\|(3) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_get0_type.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_get0_type.3 new file mode 100644 index 00000000..ff3079d2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_get0_type.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET0_TYPE 3" +.TH CMS_GET0_TYPE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content \- get and set CMS content types and content +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); +\& int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +\& const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); +\& ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as +an \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the +CMS_ContentInfo structure based on this value. +.PP +\&\fBCMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo +structure. It should be called with \s-1CMS\s0 functions (such as CMS_sign, CMS_encrypt) +with the \fB\s-1CMS_PARTIAL\s0\fR +flag and \fBbefore\fR the structure is finalised, otherwise the results are +undefined. +.PP +\&\s-1ASN1_OBJECT\s0 *\fBCMS_get0_eContentType()\fR returns a pointer to the embedded +content type. +.PP +\&\fBCMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer +containing the embedded content. +.SH "NOTES" +.IX Header "NOTES" +As the \fB0\fR implies \fBCMS_get0_type()\fR, \fBCMS_get0_eContentType()\fR and +\&\fBCMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up. +\&\fBCMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up +after use. +.PP +The \fB\s-1ASN1_OBJECT\s0\fR values returned can be converted to an integer \fB\s-1NID\s0\fR value +using \fBOBJ_obj2nid()\fR. For the currently supported content types the following +values are returned: +.PP +.Vb 6 +\& NID_pkcs7_data +\& NID_pkcs7_signed +\& NID_pkcs7_digest +\& NID_id_smime_ct_compressedData: +\& NID_pkcs7_encrypted +\& NID_pkcs7_enveloped +.Ve +.PP +The return value of \fBCMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR +content pointer. That means that for example: +.PP +.Vb 1 +\& ASN1_OCTET_STRING **pconf = CMS_get0_content(cms); +.Ve +.PP +\&\fB*pconf\fR could be \s-1NULL\s0 if there is no embedded content. Applications can +access, modify or create the embedded content in a \fBCMS_ContentInfo\fR structure +using this function. Applications usually will not need to modify the +embedded content as it is normally set by higher level functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_get0_type()\fR and \fBCMS_get0_eContentType()\fR return an \s-1ASN1_OBJECT\s0 structure. +.PP +\&\fBCMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred. The +error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_get1_ReceiptRequest.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_get1_ReceiptRequest.3 new file mode 100644 index 00000000..614de9df --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_get1_ReceiptRequest.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET1_RECEIPTREQUEST 3" +.TH CMS_GET1_RECEIPTREQUEST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values \- CMS signed receipt request functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, +\& int allorfirst, +\& STACK_OF(GENERAL_NAMES) *receiptList, +\& STACK_OF(GENERAL_NAMES) *receiptsTo); +\& int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +\& int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +\& void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, +\& int *pallorfirst, +\& STACK_OF(GENERAL_NAMES) **plist, +\& STACK_OF(GENERAL_NAMES) **prto); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The +\&\fBsignedContentIdentifier\fR field is set using \fBid\fR and \fBidlen\fR, or it is set +to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL.\s0 If \fBreceiptList\fR is \s-1NULL\s0 +the allOrFirstTier option in \fBreceiptsFrom\fR is used and set to the value of +the \fBallorfirst\fR parameter. If \fBreceiptList\fR is not \s-1NULL\s0 the \fBreceiptList\fR +option in \fBreceiptsFrom\fR is used. The \fBreceiptsTo\fR parameter specifies the +\&\fBreceiptsTo\fR field value. +.PP +The \fBCMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR +to SignerInfo structure \fBsi\fR. +.PP +int \fBCMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if +any is found it is decoded and written to \fBprr\fR. +.PP +\&\fBCMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request. +The signedContentIdentifier is copied to \fBpcid\fR. If the \fBallOrFirstTier\fR +option of \fBreceiptsFrom\fR is used its value is copied to \fBpallorfirst\fR +otherwise the \fBreceiptList\fR field is copied to \fBplist\fR. The \fBreceiptsTo\fR +parameter is copied to \fBprto\fR. +.SH "NOTES" +.IX Header "NOTES" +For more details of the meaning of the fields see \s-1RFC2634.\s0 +.PP +The contents of a signed receipt should only be considered meaningful if the +corresponding CMS_ContentInfo structure can be successfully verified using +\&\fBCMS_verify()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or +\&\s-1NULL\s0 if an error occurred. +.PP +\&\fBCMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fBCMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and +decoded. It returns 0 if a signed receipt request is not present and \-1 if +it is present but malformed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_sign_receipt\fR\|(3), \fBCMS_verify\fR\|(3) +\&\fBCMS_verify_receipt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_sign.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_sign.3 new file mode 100644 index 00000000..70af1898 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_sign.3 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_SIGN 3" +.TH CMS_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_sign \- create a CMS SignedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& BIO *data, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is +the certificate to sign with, \fBpkey\fR is the corresponding private key. +\&\fBcerts\fR is an optional additional set of certificates to include in the \s-1CMS\s0 +structure (for example any intermediate CAs in the chain). Any or all of +these parameters can be \fB\s-1NULL\s0\fR, see \fB\s-1NOTES\s0\fR below. +.PP +The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If +the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. +.PP +If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the \fBsigncert\fR parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. +.PP +The data being signed is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is used for +CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed +messages for example. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. +.PP +The SignedData structure includes several \s-1CMS\s0 signedAttributes including the +signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an +SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes +will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit \s-1AES,\s0 Gost R3411\-94, Gost 28147\-89, 192 +bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 +If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is +not loaded. +.PP +OpenSSL will by default identify signing certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. +.PP +If the flags \fB\s-1CMS_STREAM\s0\fR is set then the returned \fBCMS_ContentInfo\fR +structure is just initialized ready to perform the signing operation. The +signing is however \fBnot\fR performed and the data to be signed is not read from +the \fBdata\fR parameter. Signing is deferred until after the data has been +written. In this way data can be signed in a single pass. +.PP +If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +output to which additional signers and capabilities can be added before +finalization. +.PP +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, +\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fBBIO_new_CMS()\fR. +.PP +If a signer is specified it will use the default digest for the signing +algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. +.PP +If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only \s-1CMS\s0 structure is +output. +.PP +The function \fBCMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be +suitable for many purposes. For finer control of the output format the +\&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fB\s-1NULL\s0\fR and the +\&\fB\s-1CMS_PARTIAL\s0\fR flag set. Then one or more signers can be added using the +function \fBCMS_sign_add1_signer()\fR, non default digests can be used and custom +attributes added. \fBCMS_final()\fR must then be called to finalize the +structure if streaming is not enabled. +.SH "BUGS" +.IX Header "BUGS" +Some attributes such as counter signatures are not supported. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1CMS_STREAM\s0\fR flag is only supported for detached data in OpenSSL 0.9.8, +it is supported for embedded data in OpenSSL 1.0.0 and later. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_sign_receipt.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_sign_receipt.3 new file mode 100644 index 00000000..4b68eb8e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_sign_receipt.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_SIGN_RECEIPT 3" +.TH CMS_SIGN_RECEIPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_sign_receipt \- create a CMS signed receipt +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, +\& EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is +the \fBCMS_SignerInfo\fR structure containing the signed receipt request. +\&\fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding +private key. \fBcerts\fR is an optional additional set of certificates to include +in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +This functions behaves in a similar way to \fBCMS_sign()\fR except the flag values +\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_NOATTR\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR +are not supported since they do not make sense in the context of signed +receipts. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if +an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_verify_receipt\fR\|(3), +\&\fBCMS_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_uncompress.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_uncompress.3 new file mode 100644 index 00000000..d6e86c15 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_uncompress.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_UNCOMPRESS 3" +.TH CMS_UNCOMPRESS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_uncompress \- uncompress a CMS CompressedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0 +CompressedData structure \fBcms\fR. \fBdata\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.PP +The \fBdcont\fR parameter is used in the rare case where the compressed content +is detached. It will normally be set to \s-1NULL.\s0 +.SH "NOTES" +.IX Header "NOTES" +The only currently supported compression algorithm is zlib: if the structure +indicates the use of any other algorithm an error is returned. +.PP +If zlib support is not compiled into OpenSSL then \fBCMS_uncompress()\fR will always +return an error. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can +be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The lack of single pass processing and the need to hold all data in memory as +mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decompress()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_compress\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_verify.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_verify.3 new file mode 100644 index 00000000..c1cdbe42 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_verify.3 @@ -0,0 +1,261 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_VERIFY 3" +.TH CMS_VERIFY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_verify, CMS_get0_signers \- verify a CMS SignedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store, +\& BIO *indata, BIO *out, unsigned int flags); +\& +\& STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo +structure to verify. \fBcerts\fR is a set of certificates in which to search for +the signing certificate(s). \fBstore\fR is a trusted certificate store used for +chain verification. \fBindata\fR is the detached content if the content is not +present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL.\s0 +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.PP +\&\fBCMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must +be called after a successful \fBCMS_verify()\fR operation. +.SH "VERIFY PROCESS" +.IX Header "VERIFY PROCESS" +Normally the verify process proceeds as follows. +.PP +Initially some sanity checks are performed on \fBcms\fR. The type of \fBcms\fR must +be SignedData. There must be at least one signature on the data and if +the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. +.PP +An attempt is made to locate all the signing certificate(s), first looking in +the \fBcerts\fR parameter (if it is not \s-1NULL\s0) and then looking in any +certificates contained in the \fBcms\fR structure itself. If any signing +certificate cannot be located the operation fails. +.PP +Each signing certificate is chain verified using the \fBsmimesign\fR purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If \s-1CRL\s0 checking is enabled in \fBstore\fR any internal +CRLs are used in addition to attempting to look them up in \fBstore\fR. If any +chain verify fails an error code is returned. +.PP +Finally the signed content is read (and written to \fBout\fR if it is not \s-1NULL\s0) +and the signature's checked. +.PP +If all signature's verify correctly then the function is successful. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter to change the default verify behaviour. +.PP +If \fB\s-1CMS_NOINTERN\s0\fR is set the certificates in the message itself are not +searched when locating the signing certificate(s). This means that all the +signing certificates must be in the \fBcerts\fR parameter. +.PP +If \fB\s-1CMS_NOCRL\s0\fR is set and \s-1CRL\s0 checking is enabled in \fBstore\fR then any +CRLs in the message itself are ignored. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.PP +If \fB\s-1CMS_NO_SIGNER_CERT_VERIFY\s0\fR is set the signing certificates are not +verified. +.PP +If \fB\s-1CMS_NO_ATTR_VERIFY\s0\fR is set the signed attributes signature is not +verified. +.PP +If \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR is set then the content digest is not checked. +.SH "NOTES" +.IX Header "NOTES" +One application of \fB\s-1CMS_NOINTERN\s0\fR is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the \fBcerts\fR parameter. In this case if the signer is not one of the +certificates supplied in \fBcerts\fR then the verify will fail because the +signer cannot be found. +.PP +In some cases the standard techniques for looking up and validating +certificates are not appropriate: for example an application may wish to +lookup certificates in a database or perform customised verification. This +can be achieved by setting and verifying the signers certificates manually +using the signed data utility functions. +.PP +Care should be taken when modifying the default verify behaviour, for example +setting \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR will totally disable all content verification +and any modified content will be considered valid. This combination is however +useful if one merely wishes to write the content to \fBout\fR and its validity +is not considered important. +.PP +Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_verify()\fR returns 1 for a successful verification and zero if an error +occurred. +.PP +\&\fBCMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. +.PP +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The trusted certificate store is not searched for the signing certificate, +this is primarily due to the inadequacies of the current \fBX509_STORE\fR +functionality. +.PP +The lack of single pass processing means that the signed content must all +be held in memory if it is not detached. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_verify_receipt.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_verify_receipt.3 new file mode 100644 index 00000000..b2a48605 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CMS_verify_receipt.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_VERIFY_RECEIPT 3" +.TH CMS_VERIFY_RECEIPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_verify_receipt \- verify a CMS signed receipt +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, +\& STACK_OF(X509) *certs, X509_STORE *store, +\& unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed +receipt to verify. \fBocms\fR is the original SignedData structure containing the +receipt request. \fBcerts\fR is a set of certificates in which to search for the +signing certificate. \fBstore\fR is a trusted certificate store (used for chain +verification). +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.SH "NOTES" +.IX Header "NOTES" +This functions behaves in a similar way to \fBCMS_verify()\fR except the flag values +\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not +supported since they do not make sense in the context of signed receipts. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_verify_receipt()\fR returns 1 for a successful verification and zero if an +error occurred. +.PP +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_sign_receipt\fR\|(3), +\&\fBCMS_verify\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CONF_modules_free.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CONF_modules_free.3 new file mode 100644 index 00000000..4bad492e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CONF_modules_free.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CONF_MODULES_FREE 3" +.TH CONF_MODULES_FREE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CONF_modules_free, CONF_modules_finish, CONF_modules_unload \- OpenSSL configuration cleanup functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void CONF_modules_finish(void); +\& void CONF_modules_unload(int all); +.Ve +.PP +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void CONF_modules_free(void) +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCONF_modules_free()\fR closes down and frees up all memory allocated by all +configuration modules. Normally, in versions of OpenSSL prior to 1.1.0, +applications called +\&\fBCONF_modules_free()\fR at exit to tidy up any configuration performed. +.PP +\&\fBCONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler +to free up any configuration that module may have performed. +.PP +\&\fBCONF_modules_unload()\fR finishes and unloads configuration modules. If +\&\fBall\fR is set to \fB0\fR only modules loaded from DSOs will be unloads. If +\&\fBall\fR is \fB1\fR all modules, including builtin modules will be unloaded. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3), +\&\fBCONF_modules_load_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBCONF_modules_free()\fR was deprecated in OpenSSL 1.1.0; do not use it. +For more information see \fBOPENSSL_init_crypto\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CONF_modules_load_file.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CONF_modules_load_file.3 new file mode 100644 index 00000000..e25a82df --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CONF_modules_load_file.3 @@ -0,0 +1,282 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CONF_MODULES_LOAD_FILE 3" +.TH CONF_MODULES_LOAD_FILE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CONF_modules_load_file, CONF_modules_load \- OpenSSL configuration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CONF_modules_load_file(const char *filename, const char *appname, +\& unsigned long flags); +\& int CONF_modules_load(const CONF *cnf, const char *appname, +\& unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBCONF_modules_load_file()\fR configures OpenSSL using file +\&\fBfilename\fR and application name \fBappname\fR. If \fBfilename\fR is \s-1NULL\s0 +the standard OpenSSL configuration file is used. If \fBappname\fR is +\&\s-1NULL\s0 the standard OpenSSL application name \fBopenssl_conf\fR is used. +The behaviour can be customized using \fBflags\fR. +.PP +\&\fBCONF_modules_load()\fR is identical to \fBCONF_modules_load_file()\fR except it +reads configuration information from \fBcnf\fR. +.SH "NOTES" +.IX Header "NOTES" +The following \fBflags\fR are currently recognized: +.PP +If \fB\s-1CONF_MFLAGS_IGNORE_ERRORS\s0\fR is set errors returned by individual +configuration modules are ignored. If not set the first module error is +considered fatal and no further modules are loaded. +.PP +Normally any modules errors will add error information to the error queue. If +\&\fB\s-1CONF_MFLAGS_SILENT\s0\fR is set no error information is added. +.PP +If \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR is set the function unconditionally +returns success. +This is used by default in \fBOPENSSL_init_crypto\fR\|(3) to ignore any errors in +the default system-wide configuration file, as having all OpenSSL applications +fail to start when there are potentially minor issues in the file is too risky. +Applications calling \fBCONF_modules_load_file\fR explicitly should not generally +set this flag. +.PP +If \fB\s-1CONF_MFLAGS_NO_DSO\s0\fR is set configuration module loading from DSOs is +disabled. +.PP +\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fBCONF_load_modules_file()\fR +ignore missing configuration files. Normally a missing configuration file +return an error. +.PP +\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR if set and \fBappname\fR is not \s-1NULL\s0 will use the +default section pointed to by \fBopenssl_conf\fR if \fBappname\fR does not exist. +.PP +By using \fBCONF_modules_load_file()\fR with appropriate flags an application can +customise application configuration to best suit its needs. In some cases the +use of a configuration file is optional and its absence is not an error: in +this case \fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR would be set. +.PP +Errors during configuration may also be handled differently by different +applications. For example in some cases an error may simply print out a warning +message and the application continue. In other cases an application might +consider a configuration file error as fatal and exit immediately. +.PP +Applications can use the \fBCONF_modules_load()\fR function if they wish to load a +configuration file themselves and have finer control over how errors are +treated. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 for success and a zero or negative value for +failure. If module errors are not ignored the return code will reflect the +return value of the failing module (this will always be zero or negative). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Load a configuration file and print out any errors and exit (missing file +considered fatal): +.PP +.Vb 5 +\& if (CONF_modules_load_file(NULL, NULL, 0) <= 0) { +\& fprintf(stderr, "FATAL: error loading configuration file\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +.Ve +.PP +Load default configuration file using the section indicated by \*(L"myapp\*(R", +tolerate missing files, but exit on other errors: +.PP +.Vb 6 +\& if (CONF_modules_load_file(NULL, "myapp", +\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { +\& fprintf(stderr, "FATAL: error loading configuration file\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +.Ve +.PP +Load custom configuration file and section, only print warnings on error, +missing configuration file ignored: +.PP +.Vb 5 +\& if (CONF_modules_load_file("/something/app.cnf", "myapp", +\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { +\& fprintf(stderr, "WARNING: error loading configuration file\en"); +\& ERR_print_errors_fp(stderr); +\& } +.Ve +.PP +Load and parse configuration file manually, custom error handling: +.PP +.Vb 3 +\& FILE *fp; +\& CONF *cnf = NULL; +\& long eline; +\& +\& fp = fopen("/somepath/app.cnf", "r"); +\& if (fp == NULL) { +\& fprintf(stderr, "Error opening configuration file\en"); +\& /* Other missing configuration file behaviour */ +\& } else { +\& cnf = NCONF_new(NULL); +\& if (NCONF_load_fp(cnf, fp, &eline) == 0) { +\& fprintf(stderr, "Error on line %ld of configuration file\en", eline); +\& ERR_print_errors_fp(stderr); +\& /* Other malformed configuration file behaviour */ +\& } else if (CONF_modules_load(cnf, "appname", 0) <= 0) { +\& fprintf(stderr, "Error configuring application\en"); +\& ERR_print_errors_fp(stderr); +\& /* Other configuration error behaviour */ +\& } +\& fclose(fp); +\& NCONF_free(cnf); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CRYPTO_THREAD_run_once.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CRYPTO_THREAD_run_once.3 new file mode 100644 index 00000000..fff4237c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CRYPTO_THREAD_run_once.3 @@ -0,0 +1,283 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO_THREAD_RUN_ONCE 3" +.TH CRYPTO_THREAD_RUN_ONCE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_THREAD_run_once, CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock, CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add \- OpenSSL thread support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT; +\& int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); +\& +\& CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); +\& int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); +\& int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); +\& int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); +\& void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); +\& +\& int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL can be safely used in multi-threaded applications provided that +support for the underlying \s-1OS\s0 threading \s-1API\s0 is built-in. Currently, OpenSSL +supports the pthread and Windows APIs. OpenSSL can also be built without +any multi-threading support, for example on platforms that don't provide +any threading support or that provide a threading \s-1API\s0 that is not yet +supported by OpenSSL. +.PP +The following multi-threading function are provided: +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_run_once()\fR can be used to perform one-time initialization. +The \fBonce\fR argument must be a pointer to a static object of type +\&\fB\s-1CRYPTO_ONCE\s0\fR that was statically initialized to the value +\&\fB\s-1CRYPTO_ONCE_STATIC_INIT\s0\fR. +The \fBinit\fR argument is a pointer to a function that performs the desired +exactly once initialization. +In particular, this can be used to allocate locks in a thread-safe manner, +which can then be used with the locking functions below. +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_lock_new()\fR allocates, initializes and returns a new read/write +lock. +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_read_lock()\fR locks the provided \fBlock\fR for reading. +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_write_lock()\fR locks the provided \fBlock\fR for writing. +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_unlock()\fR unlocks the previously locked \fBlock\fR. +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_lock_free()\fR frees the provided \fBlock\fR. +.IP "\(bu" 2 +\&\fBCRYPTO_atomic_add()\fR atomically adds \fBamount\fR to \fBval\fR and returns the +result of the operation in \fBret\fR. \fBlock\fR will be locked, unless atomic +operations are supported on the specific platform. Because of this, if a +variable is modified by \fBCRYPTO_atomic_add()\fR then \fBCRYPTO_atomic_add()\fR must +be the only way that the variable is modified. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCRYPTO_THREAD_run_once()\fR returns 1 on success, or 0 on error. +.PP +\&\fBCRYPTO_THREAD_lock_new()\fR returns the allocated lock, or \s-1NULL\s0 on error. +.PP +\&\fBCRYPTO_THREAD_lock_free()\fR returns no value. +.PP +The other functions return 1 on success, or 0 on error. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the CRYPTO_THREAD_* types and functions in the +openssl/crypto.h header are dependent on some of the types customarily +made available by including windows.h. The application developer is +likely to require control over when the latter is included, commonly as +one of the first included headers. Therefore it is defined as an +application developer's responsibility to include windows.h prior to +crypto.h where use of CRYPTO_THREAD_* types and functions is required. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example safely initializes and uses a lock. +.PP +.Vb 4 +\& #ifdef _WIN32 +\& # include +\& #endif +\& #include +\& +\& static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT; +\& static CRYPTO_RWLOCK *lock; +\& +\& static void myinit(void) +\& { +\& lock = CRYPTO_THREAD_lock_new(); +\& } +\& +\& static int mylock(void) +\& { +\& if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL) +\& return 0; +\& return CRYPTO_THREAD_write_lock(lock); +\& } +\& +\& static int myunlock(void) +\& { +\& return CRYPTO_THREAD_unlock(lock); +\& } +\& +\& int serialized(void) +\& { +\& int ret = 0; +\& +\& if (mylock()) { +\& /* Your code here, do not return without releasing the lock! */ +\& ret = ... ; +\& } +\& myunlock(); +\& return ret; +\& } +.Ve +.PP +Finalization of locks is an advanced topic, not covered in this example. +This can only be done at process exit or when a dynamically loaded library is +no longer in use and is unloaded. +The simplest solution is to just \*(L"leak\*(R" the lock in applications and not +repeatedly load/unload shared libraries that allocate locks. +.SH "NOTES" +.IX Header "NOTES" +You can find out if OpenSSL was configured with thread support: +.PP +.Vb 6 +\& #include +\& #if defined(OPENSSL_THREADS) +\& /* thread support enabled */ +\& #else +\& /* no thread support */ +\& #endif +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CRYPTO_get_ex_new_index.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CRYPTO_get_ex_new_index.3 new file mode 100644 index 00000000..3ca05a17 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CRYPTO_get_ex_new_index.3 @@ -0,0 +1,298 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO_GET_EX_NEW_INDEX 3" +.TH CRYPTO_GET_EX_NEW_INDEX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup, CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, CRYPTO_set_ex_data, CRYPTO_get_ex_data, CRYPTO_free_ex_data, CRYPTO_new_ex_data \&\- functions supporting application\-specific data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CRYPTO_get_ex_new_index(int class_index, +\& long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +\& +\& typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, +\& void *from_d, int idx, long argl, void *argp); +\& +\& int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) +\& +\& int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg); +\& +\& void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx); +\& +\& void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *r); +\& +\& int CRYPTO_free_ex_index(int class_index, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several OpenSSL structures can have application-specific data attached to them, +known as \*(L"exdata.\*(R" +The specific structures are: +.PP +.Vb 10 +\& APP +\& BIO +\& DH +\& DRBG +\& DSA +\& EC_KEY +\& ENGINE +\& RSA +\& SSL +\& SSL_CTX +\& SSL_SESSION +\& UI +\& UI_METHOD +\& X509 +\& X509_STORE +\& X509_STORE_CTX +.Ve +.PP +Each is identified by an \fBCRYPTO_EX_INDEX_xxx\fR define in the \fBcrypto.h\fR +header file. In addition, \fB\s-1CRYPTO_EX_INDEX_APP\s0\fR is reserved for +applications to use this facility for their own structures. +.PP +The \s-1API\s0 described here is used by OpenSSL to manipulate exdata for specific +structures. Since the application data can be anything at all it is passed +and retrieved as a \fBvoid *\fR type. +.PP +The \fB\s-1CRYPTO_EX_DATA\s0\fR type is opaque. To initialize the exdata part of +a structure, call \fBCRYPTO_new_ex_data()\fR. This is only necessary for +\&\fB\s-1CRYPTO_EX_INDEX_APP\s0\fR objects. +.PP +Exdata types are identified by an \fBindex\fR, an integer guaranteed to be +unique within structures for the lifetime of the program. Applications +using exdata typically call \fBCRYPTO_get_ex_new_index\fR at startup, and +store the result in a global variable, or write a wrapper function to +provide lazy evaluation. The \fBclass_index\fR should be one of the +\&\fBCRYPTO_EX_INDEX_xxx\fR values. The \fBargl\fR and \fBargp\fR parameters are saved +to be passed to the callbacks but are otherwise not used. In order to +transparently manipulate exdata, three callbacks must be provided. The +semantics of those callbacks are described below. +.PP +When copying or releasing objects with exdata, the callback functions +are called in increasing order of their \fBindex\fR value. +.PP +If a dynamic library can be unloaded, it should call \fBCRYPTO_free_ex_index()\fR +when this is done. +This will replace the callbacks with no-ops +so that applications don't crash. Any existing exdata will be leaked. +.PP +To set or get the exdata on an object, the appropriate type-specific +routine must be used. This is because the containing structure is opaque +and the \fB\s-1CRYPTO_EX_DATA\s0\fR field is not accessible. In both \s-1API\s0's, the +\&\fBidx\fR parameter should be an already-created index value. +.PP +When setting exdata, the pointer specified with a particular index is saved, +and returned on a subsequent \*(L"get\*(R" call. If the application is going to +release the data, it must make sure to set a \fB\s-1NULL\s0\fR value at the index, +to avoid likely double-free crashes. +.PP +The function \fBCRYPTO_free_ex_data\fR is used to free all exdata attached +to a structure. The appropriate type-specific routine must be used. +The \fBclass_index\fR identifies the structure type, the \fBobj\fR is +a pointer to the actual structure, and \fBr\fR is a pointer to the +structure's exdata field. +.SS "Callback Functions" +.IX Subsection "Callback Functions" +This section describes how the callback functions are used. Applications +that are defining their own exdata using \fB\s-1CYPRTO_EX_INDEX_APP\s0\fR must +call them as described here. +.PP +When a structure is initially allocated (such as \fBRSA_new()\fR) then the +\&\fBnew_func()\fR is called for every defined index. There is no requirement +that the entire parent, or containing, structure has been set up. +The \fBnew_func()\fR is typically used only to allocate memory to store the +exdata, and perhaps an \*(L"initialized\*(R" flag within that memory. +The exdata value should be set by calling \fBCRYPTO_set_ex_data()\fR. +.PP +When a structure is free'd (such as \fBSSL_CTX_free()\fR) then the +\&\fBfree_func()\fR is called for every defined index. Again, the state of the +parent structure is not guaranteed. The \fBfree_func()\fR may be called with a +\&\s-1NULL\s0 pointer. +.PP +Both \fBnew_func()\fR and \fBfree_func()\fR take the same parameters. +The \fBparent\fR is the pointer to the structure that contains the exdata. +The \fBptr\fR is the current exdata item; for \fBnew_func()\fR this will typically +be \s-1NULL.\s0 The \fBr\fR parameter is a pointer to the exdata field of the object. +The \fBidx\fR is the index and is the value returned when the callbacks were +initially registered via \fBCRYPTO_get_ex_new_index()\fR and can be used if +the same callback handles different types of exdata. +.PP +\&\fBdup_func()\fR is called when a structure is being copied. This is only done +for \fB\s-1SSL\s0\fR, \fB\s-1SSL_SESSION\s0\fR, \fB\s-1EC_KEY\s0\fR objects and \fB\s-1BIO\s0\fR chains via +\&\fBBIO_dup_chain()\fR. The \fBto\fR and \fBfrom\fR parameters +are pointers to the destination and source \fB\s-1CRYPTO_EX_DATA\s0\fR structures, +respectively. The \fBfrom_d\fR parameter needs to be cast to a \fBvoid **pptr\fR +as the \s-1API\s0 has currently the wrong signature; that will be changed in a +future version. The \fB*pptr\fR is a pointer to the source exdata. +When the \fBdup_func()\fR returns, the value in \fB*pptr\fR is copied to the +destination ex_data. If the pointer contained in \fB*pptr\fR is not modified +by the \fBdup_func()\fR, then both \fBto\fR and \fBfrom\fR will point to the same data. +The \fBidx\fR, \fBargl\fR and \fBargp\fR parameters are as described for the other +two callbacks. If the \fBdup_func()\fR returns \fB0\fR the whole \fBCRYPTO_dup_ex_data()\fR +will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCRYPTO_get_ex_new_index()\fR returns a new index or \-1 on failure. +.PP +\&\fBCRYPTO_free_ex_index()\fR and +\&\fBCRYPTO_set_ex_data()\fR return 1 on success or 0 on failure. +.PP +\&\fBCRYPTO_get_ex_data()\fR returns the application data or \s-1NULL\s0 on failure; +note that \s-1NULL\s0 may be a valid value. +.PP +\&\fBdup_func()\fR should return 0 for failure and 1 for success. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CRYPTO_memcmp.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CRYPTO_memcmp.3 new file mode 100644 index 00000000..cb3fc228 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CRYPTO_memcmp.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO_MEMCMP 3" +.TH CRYPTO_MEMCMP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_memcmp \- Constant time memory comparison +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CRYPTO_memcmp(const void *a, const void *b, size_t len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The CRYPTO_memcmp function compares the \fBlen\fR bytes pointed to by \fBa\fR and \fBb\fR +for equality. +It takes an amount of time dependent on \fBlen\fR, but independent of the +contents of the memory regions pointed to by \fBa\fR and \fBb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCRYPTO_memcmp()\fR returns 0 if the memory regions are equal and non-zero +otherwise. +.SH "NOTES" +.IX Header "NOTES" +Unlike \fBmemcmp\fR\|(2), this function cannot be used to order the two memory regions +as the return value when they differ is undefined, other than being non-zero. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CTLOG_STORE_get0_log_by_id.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CTLOG_STORE_get0_log_by_id.3 new file mode 100644 index 00000000..e1415ea4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CTLOG_STORE_get0_log_by_id.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CTLOG_STORE_GET0_LOG_BY_ID 3" +.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CTLOG_STORE_get0_log_by_id \- Get a Certificate Transparency log from a CTLOG_STORE +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, +\& const uint8_t *log_id, +\& size_t log_id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A Signed Certificate Timestamp (\s-1SCT\s0) identifies the Certificate Transparency +(\s-1CT\s0) log that issued it using the log's LogID (see \s-1RFC 6962,\s0 Section 3.2). +Therefore, it is useful to be able to look up more information about a log +(e.g. its public key) using this LogID. +.PP +\&\fBCTLOG_STORE_get0_log_by_id()\fR provides a way to do this. It will find a \s-1CTLOG\s0 +in a \s-1CTLOG_STORE\s0 that has a given LogID. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCTLOG_STORE_get0_log_by_id\fR returns a \s-1CTLOG\s0 with the given LogID, if it +exists in the given \s-1CTLOG_STORE,\s0 otherwise it returns \s-1NULL.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7), +\&\fBCTLOG_STORE_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBCTLOG_STORE_get0_log_by_id()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CTLOG_STORE_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CTLOG_STORE_new.3 new file mode 100644 index 00000000..6b3067e7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CTLOG_STORE_new.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CTLOG_STORE_NEW 3" +.TH CTLOG_STORE_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CTLOG_STORE_new, CTLOG_STORE_free, CTLOG_STORE_load_default_file, CTLOG_STORE_load_file \- Create and populate a Certificate Transparency log list +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CTLOG_STORE *CTLOG_STORE_new(void); +\& void CTLOG_STORE_free(CTLOG_STORE *store); +\& +\& int CTLOG_STORE_load_default_file(CTLOG_STORE *store); +\& int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1CTLOG_STORE\s0 is a container for a list of CTLOGs (Certificate Transparency +logs). The list can be loaded from one or more files and then searched by LogID +(see \s-1RFC 6962,\s0 Section 3.2, for the definition of a LogID). +.PP +\&\fBCTLOG_STORE_new()\fR creates an empty list of \s-1CT\s0 logs. This is then populated +by \fBCTLOG_STORE_load_default_file()\fR or \fBCTLOG_STORE_load_file()\fR. +\&\fBCTLOG_STORE_load_default_file()\fR loads from the default file, which is named +\&\*(L"ct_log_list.cnf\*(R" in \s-1OPENSSLDIR\s0 (see the output of version). This can be +overridden using an environment variable named \*(L"\s-1CTLOG_FILE\*(R".\s0 +\&\fBCTLOG_STORE_load_file()\fR loads from a caller-specified file path instead. +Both of these functions append any loaded \s-1CT\s0 logs to the \s-1CTLOG_STORE.\s0 +.PP +The expected format of the file is: +.PP +.Vb 1 +\& enabled_logs=foo,bar +\& +\& [foo] +\& description = Log 1 +\& key = +\& +\& [bar] +\& description = Log 2 +\& key = +.Ve +.PP +Once a \s-1CTLOG_STORE\s0 is no longer required, it should be passed to +\&\fBCTLOG_STORE_free()\fR. This will delete all of the CTLOGs stored within, along +with the \s-1CTLOG_STORE\s0 itself. +.SH "NOTES" +.IX Header "NOTES" +If there are any invalid \s-1CT\s0 logs in a file, they are skipped and the remaining +valid logs will still be added to the \s-1CTLOG_STORE. A CT\s0 log will be considered +invalid if it is missing a \*(L"key\*(R" or \*(L"description\*(R" field. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Both \fBCTLOG_STORE_load_default_file\fR and \fBCTLOG_STORE_load_file\fR return 1 if +all \s-1CT\s0 logs in the file are successfully parsed and loaded, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7), +\&\fBCTLOG_STORE_get0_log_by_id\fR\|(3), +\&\fBSSL_CTX_set_ctlog_list_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CTLOG_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CTLOG_new.3 new file mode 100644 index 00000000..90dd3e49 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CTLOG_new.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CTLOG_NEW 3" +.TH CTLOG_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CTLOG_new, CTLOG_new_from_base64, CTLOG_free, CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key \- encapsulates information about a Certificate Transparency log +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); +\& int CTLOG_new_from_base64(CTLOG ** ct_log, +\& const char *pkey_base64, const char *name); +\& void CTLOG_free(CTLOG *log); +\& const char *CTLOG_get0_name(const CTLOG *log); +\& void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, +\& size_t *log_id_len); +\& EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCTLOG_new()\fR returns a new \s-1CTLOG\s0 that represents the Certificate Transparency +(\s-1CT\s0) log with the given public key. A name must also be provided that can be +used to help users identify this log. Ownership of the public key is +transferred. +.PP +\&\fBCTLOG_new_from_base64()\fR also creates a new \s-1CTLOG,\s0 but takes the public key in +base64\-encoded \s-1DER\s0 form and sets the ct_log pointer to point to the new \s-1CTLOG.\s0 +The base64 will be decoded and the public key parsed. +.PP +Regardless of whether \fBCTLOG_new()\fR or \fBCTLOG_new_from_base64()\fR is used, it is the +caller's responsibility to pass the \s-1CTLOG\s0 to \fBCTLOG_free()\fR once it is no longer +needed. This will delete it and, if created by \fBCTLOG_new()\fR, the \s-1EVP_PKEY\s0 that +was passed to it. +.PP +\&\fBCTLOG_get0_name()\fR returns the name of the log, as provided when the \s-1CTLOG\s0 was +created. Ownership of the string remains with the \s-1CTLOG.\s0 +.PP +\&\fBCTLOG_get0_log_id()\fR sets *log_id to point to a string containing that log's +LogID (see \s-1RFC 6962\s0). It sets *log_id_len to the length of that LogID. For a +v1 \s-1CT\s0 log, the LogID will be a \s-1SHA\-256\s0 hash (i.e. 32 bytes long). Ownership of +the string remains with the \s-1CTLOG.\s0 +.PP +\&\fBCTLOG_get0_public_key()\fR returns the public key of the \s-1CT\s0 log. Ownership of the +\&\s-1EVP_PKEY\s0 remains with the \s-1CTLOG.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCTLOG_new()\fR will return \s-1NULL\s0 if an error occurs. +.PP +\&\fBCTLOG_new_from_base64()\fR will return 1 on success, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CT_POLICY_EVAL_CTX_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CT_POLICY_EVAL_CTX_new.3 new file mode 100644 index 00000000..0dc57ec3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/CT_POLICY_EVAL_CTX_new.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CT_POLICY_EVAL_CTX_NEW 3" +.TH CT_POLICY_EVAL_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free, CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert, CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer, CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE, CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time \- Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); +\& void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); +\& X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); +\& int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); +\& X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); +\& int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); +\& const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); +\& void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, +\& CTLOG_STORE *log_store); +\& uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); +\& void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1CT_POLICY_EVAL_CTX\s0\fR is used by functions that evaluate whether Signed +Certificate Timestamps (SCTs) fulfil a Certificate Transparency (\s-1CT\s0) policy. +This policy may be, for example, that at least one valid \s-1SCT\s0 is available. To +determine this, an \s-1SCT\s0's timestamp and signature must be verified. +This requires: +.IP "\(bu" 2 +the public key of the log that issued the \s-1SCT\s0 +.IP "\(bu" 2 +the certificate that the \s-1SCT\s0 was issued for +.IP "\(bu" 2 +the issuer certificate (if the \s-1SCT\s0 was issued for a pre-certificate) +.IP "\(bu" 2 +the current time +.PP +The above requirements are met using the setters described below. +.PP +\&\fBCT_POLICY_EVAL_CTX_new()\fR creates an empty policy evaluation context. This +should then be populated using: +.IP "\(bu" 2 +\&\fBCT_POLICY_EVAL_CTX_set1_cert()\fR to provide the certificate the SCTs were issued for +.Sp +Increments the reference count of the certificate. +.IP "\(bu" 2 +\&\fBCT_POLICY_EVAL_CTX_set1_issuer()\fR to provide the issuer certificate +.Sp +Increments the reference count of the certificate. +.IP "\(bu" 2 +\&\fBCT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE()\fR to provide a list of logs that are trusted as sources of SCTs +.Sp +Holds a pointer to the \s-1CTLOG_STORE,\s0 so the \s-1CTLOG_STORE\s0 must outlive the +\&\s-1CT_POLICY_EVAL_CTX.\s0 +.IP "\(bu" 2 +\&\fBCT_POLICY_EVAL_CTX_set_time()\fR to set the time SCTs should be compared with to determine if they are valid +.Sp +The \s-1SCT\s0 timestamp will be compared to this time to check whether the \s-1SCT\s0 was +issued in the future. \s-1RFC6962\s0 states that \*(L"\s-1TLS\s0 clients \s-1MUST\s0 reject SCTs whose +timestamp is in the future\*(R". By default, this will be set to 5 minutes in the +future (e.g. (\fBtime()\fR + 300) * 1000), to allow for clock drift. +.Sp +The time should be in milliseconds since the Unix epoch. +.PP +Each setter has a matching getter for accessing the current value. +.PP +When no longer required, the \fB\s-1CT_POLICY_EVAL_CTX\s0\fR should be passed to +\&\fBCT_POLICY_EVAL_CTX_free()\fR to delete it. +.SH "NOTES" +.IX Header "NOTES" +The issuer certificate only needs to be provided if at least one of the SCTs +was issued for a pre-certificate. This will be the case for SCTs embedded in a +certificate (i.e. those in an X.509 extension), but may not be the case for SCTs +found in the \s-1TLS SCT\s0 extension or \s-1OCSP\s0 response. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCT_POLICY_EVAL_CTX_new()\fR will return \s-1NULL\s0 if malloc fails. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DEFINE_STACK_OF.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DEFINE_STACK_OF.3 new file mode 100644 index 00000000..cee5b495 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DEFINE_STACK_OF.3 @@ -0,0 +1,404 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DEFINE_STACK_OF 3" +.TH DEFINE_STACK_OF 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, DEFINE_SPECIAL_STACK_OF_CONST, sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, sk_TYPE_reserve, sk_TYPE_free, sk_TYPE_zero, sk_TYPE_delete, sk_TYPE_delete_ptr, sk_TYPE_push, sk_TYPE_unshift, sk_TYPE_pop, sk_TYPE_shift, sk_TYPE_pop_free, sk_TYPE_insert, sk_TYPE_set, sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort, sk_TYPE_is_sorted, sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func, sk_TYPE_new_reserve \&\- stack container +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(TYPE) +\& DEFINE_STACK_OF(TYPE) +\& DEFINE_STACK_OF_CONST(TYPE) +\& DEFINE_SPECIAL_STACK_OF(FUNCTYPE, TYPE) +\& DEFINE_SPECIAL_STACK_OF_CONST(FUNCTYPE, TYPE) +\& +\& typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b); +\& typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a); +\& typedef void (*sk_TYPE_freefunc)(TYPE *a); +\& +\& int sk_TYPE_num(const STACK_OF(TYPE) *sk); +\& TYPE *sk_TYPE_value(const STACK_OF(TYPE) *sk, int idx); +\& STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare); +\& STACK_OF(TYPE) *sk_TYPE_new_null(void); +\& int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n); +\& void sk_TYPE_free(const STACK_OF(TYPE) *sk); +\& void sk_TYPE_zero(const STACK_OF(TYPE) *sk); +\& TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i); +\& TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr); +\& int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr); +\& int sk_TYPE_unshift(STACK_OF(TYPE) *sk, const TYPE *ptr); +\& TYPE *sk_TYPE_pop(STACK_OF(TYPE) *sk); +\& TYPE *sk_TYPE_shift(STACK_OF(TYPE) *sk); +\& void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc); +\& int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx); +\& TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, const TYPE *ptr); +\& int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr); +\& int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr); +\& void sk_TYPE_sort(const STACK_OF(TYPE) *sk); +\& int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk); +\& STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk); +\& STACK_OF(TYPE) *sk_TYPE_deep_copy(const STACK_OF(TYPE) *sk, +\& sk_TYPE_copyfunc copyfunc, +\& sk_TYPE_freefunc freefunc); +\& sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk, +\& sk_TYPE_compfunc compare)); +\& STACK_OF(TYPE) *sk_TYPE_new_reserve(sk_TYPE_compfunc compare, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Applications can create and use their own stacks by placing any of the macros +described below in a header file. These macros define typesafe inline +functions that wrap around the utility \fBOPENSSL_sk_\fR \s-1API.\s0 +In the description here, \fI\s-1TYPE\s0\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. +.PP +\&\s-1\fBSTACK_OF\s0()\fR returns the name for a stack of the specified \fB\s-1TYPE\s0\fR. +\&\s-1\fBDEFINE_STACK_OF\s0()\fR creates set of functions for a stack of \fB\s-1TYPE\s0\fR. This +will mean that type \fB\s-1TYPE\s0\fR is stored in each stack, the type is referenced by +\&\s-1STACK_OF\s0(\s-1TYPE\s0) and each function name begins with \fIsk_TYPE_\fR. For example: +.PP +.Vb 1 +\& TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\s-1\fBDEFINE_STACK_OF_CONST\s0()\fR is identical to \s-1\fBDEFINE_STACK_OF\s0()\fR except +each element is constant. For example: +.PP +.Vb 1 +\& const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR defines a stack of \fB\s-1TYPE\s0\fR but +each function uses \fB\s-1FUNCNAME\s0\fR in the function name. For example: +.PP +.Vb 1 +\& TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\s-1\fBDEFINE_SPECIAL_STACK_OF_CONST\s0()\fR is similar except that each element is +constant: +.PP +.Vb 1 +\& const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\fBsk_TYPE_num()\fR returns the number of elements in \fBsk\fR or \-1 if \fBsk\fR is +\&\fB\s-1NULL\s0\fR. +.PP +\&\fBsk_TYPE_value()\fR returns element \fBidx\fR in \fBsk\fR, where \fBidx\fR starts at +zero. If \fBidx\fR is out of range then \fB\s-1NULL\s0\fR is returned. +.PP +\&\fBsk_TYPE_new()\fR allocates a new empty stack using comparison function \fBcompare\fR. +If \fBcompare\fR is \fB\s-1NULL\s0\fR then no comparison function is used. This function is +equivalent to sk_TYPE_new_reserve(compare, 0). +.PP +\&\fBsk_TYPE_new_null()\fR allocates a new empty stack with no comparison function. This +function is equivalent to sk_TYPE_new_reserve(\s-1NULL, 0\s0). +.PP +\&\fBsk_TYPE_reserve()\fR allocates additional memory in the \fBsk\fR structure +such that the next \fBn\fR calls to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR +or \fBsk_TYPE_unshift()\fR will not fail or cause memory to be allocated +or reallocated. If \fBn\fR is zero, any excess space allocated in the +\&\fBsk\fR structure is freed. On error \fBsk\fR is unchanged. +.PP +\&\fBsk_TYPE_new_reserve()\fR allocates a new stack. The new stack will have additional +memory allocated to hold \fBn\fR elements if \fBn\fR is positive. The next \fBn\fR calls +to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR or \fBsk_TYPE_unshift()\fR will not fail or cause +memory to be allocated or reallocated. If \fBn\fR is zero or less than zero, no +memory is allocated. \fBsk_TYPE_new_reserve()\fR also sets the comparison function +\&\fBcompare\fR to the newly created stack. If \fBcompare\fR is \fB\s-1NULL\s0\fR then no +comparison function is used. +.PP +\&\fBsk_TYPE_set_cmp_func()\fR sets the comparison function of \fBsk\fR to \fBcompare\fR. +The previous comparison function is returned or \fB\s-1NULL\s0\fR if there was +no previous comparison function. +.PP +\&\fBsk_TYPE_free()\fR frees up the \fBsk\fR structure. It does \fBnot\fR free up any +elements of \fBsk\fR. After this call \fBsk\fR is no longer valid. +.PP +\&\fBsk_TYPE_zero()\fR sets the number of elements in \fBsk\fR to zero. It does not free +\&\fBsk\fR so after this call \fBsk\fR is still valid. +.PP +\&\fBsk_TYPE_pop_free()\fR frees up all elements of \fBsk\fR and \fBsk\fR itself. The +free function \fBfreefunc()\fR is called on each element to free it. +.PP +\&\fBsk_TYPE_delete()\fR deletes element \fBi\fR from \fBsk\fR. It returns the deleted +element or \fB\s-1NULL\s0\fR if \fBi\fR is out of range. +.PP +\&\fBsk_TYPE_delete_ptr()\fR deletes element matching \fBptr\fR from \fBsk\fR. It returns +the deleted element or \fB\s-1NULL\s0\fR if no element matching \fBptr\fR was found. +.PP +\&\fBsk_TYPE_insert()\fR inserts \fBptr\fR into \fBsk\fR at position \fBidx\fR. Any existing +elements at or after \fBidx\fR are moved downwards. If \fBidx\fR is out of range +the new element is appended to \fBsk\fR. \fBsk_TYPE_insert()\fR either returns the +number of elements in \fBsk\fR after the new element is inserted or zero if +an error (such as memory allocation failure) occurred. +.PP +\&\fBsk_TYPE_push()\fR appends \fBptr\fR to \fBsk\fR it is equivalent to: +.PP +.Vb 1 +\& sk_TYPE_insert(sk, ptr, \-1); +.Ve +.PP +\&\fBsk_TYPE_unshift()\fR inserts \fBptr\fR at the start of \fBsk\fR it is equivalent to: +.PP +.Vb 1 +\& sk_TYPE_insert(sk, ptr, 0); +.Ve +.PP +\&\fBsk_TYPE_pop()\fR returns and removes the last element from \fBsk\fR. +.PP +\&\fBsk_TYPE_shift()\fR returns and removes the first element from \fBsk\fR. +.PP +\&\fBsk_TYPE_set()\fR sets element \fBidx\fR of \fBsk\fR to \fBptr\fR replacing the current +element. The new element value is returned or \fB\s-1NULL\s0\fR if an error occurred: +this will only happen if \fBsk\fR is \fB\s-1NULL\s0\fR or \fBidx\fR is out of range. +.PP +\&\fBsk_TYPE_find()\fR searches \fBsk\fR for the element \fBptr\fR. In the case +where no comparison function has been specified, the function performs +a linear search for a pointer equal to \fBptr\fR. The index of the first +matching element is returned or \fB\-1\fR if there is no match. In the case +where a comparison function has been specified, \fBsk\fR is sorted then +\&\fBsk_TYPE_find()\fR returns the index of a matching element or \fB\-1\fR if there +is no match. Note that, in this case, the matching element returned is +not guaranteed to be the first; the comparison function will usually +compare the values pointed to rather than the pointers themselves and +the order of elements in \fBsk\fR could change. +.PP +\&\fBsk_TYPE_find_ex()\fR operates like \fBsk_TYPE_find()\fR except when a comparison +function has been specified and no matching element is found. Instead +of returning \fB\-1\fR, \fBsk_TYPE_find_ex()\fR returns the index of the element +either before or after the location where \fBptr\fR would be if it were +present in \fBsk\fR. +.PP +\&\fBsk_TYPE_sort()\fR sorts \fBsk\fR using the supplied comparison function. +.PP +\&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if \fBsk\fR is sorted and \fB0\fR otherwise. +.PP +\&\fBsk_TYPE_dup()\fR returns a copy of \fBsk\fR. Note the pointers in the copy +are identical to the original. +.PP +\&\fBsk_TYPE_deep_copy()\fR returns a new stack where each element has been copied. +Copying is performed by the supplied \fBcopyfunc()\fR and freeing by \fBfreefunc()\fR. The +function \fBfreefunc()\fR is only called if an error occurs. +.SH "NOTES" +.IX Header "NOTES" +Care should be taken when accessing stacks in multi-threaded environments. +Any operation which increases the size of a stack such as \fBsk_TYPE_insert()\fR or +\&\fBsk_push()\fR can \*(L"grow\*(R" the size of an internal array and cause race conditions +if the same stack is accessed in a different thread. Operations such as +\&\fBsk_find()\fR and \fBsk_sort()\fR can also reorder the stack. +.PP +Any comparison function supplied should use a metric suitable +for use in a binary search operation. That is it should return zero, a +positive or negative value if \fBa\fR is equal to, greater than +or less than \fBb\fR respectively. +.PP +Care should be taken when checking the return values of the functions +\&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR. They return an index to the +matching element. In particular \fB0\fR indicates a matching first element. +A failed search is indicated by a \fB\-1\fR return value. +.PP +\&\s-1\fBSTACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF_CONST\s0()\fR, and +\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR are implemented as macros. +.PP +The underlying utility \fBOPENSSL_sk_\fR \s-1API\s0 should not be used directly. +It defines these functions: \fBOPENSSL_sk_deep_copy()\fR, +\&\fBOPENSSL_sk_delete()\fR, \fBOPENSSL_sk_delete_ptr()\fR, \fBOPENSSL_sk_dup()\fR, +\&\fBOPENSSL_sk_find()\fR, \fBOPENSSL_sk_find_ex()\fR, \fBOPENSSL_sk_free()\fR, +\&\fBOPENSSL_sk_insert()\fR, \fBOPENSSL_sk_is_sorted()\fR, \fBOPENSSL_sk_new()\fR, +\&\fBOPENSSL_sk_new_null()\fR, \fBOPENSSL_sk_num()\fR, \fBOPENSSL_sk_pop()\fR, +\&\fBOPENSSL_sk_pop_free()\fR, \fBOPENSSL_sk_push()\fR, \fBOPENSSL_sk_reserve()\fR, +\&\fBOPENSSL_sk_set()\fR, \fBOPENSSL_sk_set_cmp_func()\fR, \fBOPENSSL_sk_shift()\fR, +\&\fBOPENSSL_sk_sort()\fR, \fBOPENSSL_sk_unshift()\fR, \fBOPENSSL_sk_value()\fR, +\&\fBOPENSSL_sk_zero()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBsk_TYPE_num()\fR returns the number of elements in the stack or \fB\-1\fR if the +passed stack is \fB\s-1NULL\s0\fR. +.PP +\&\fBsk_TYPE_value()\fR returns a pointer to a stack element or \fB\s-1NULL\s0\fR if the +index is out of range. +.PP +\&\fBsk_TYPE_new()\fR, \fBsk_TYPE_new_null()\fR and \fBsk_TYPE_new_reserve()\fR return an empty +stack or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBsk_TYPE_reserve()\fR returns \fB1\fR on successful allocation of the required memory +or \fB0\fR on error. +.PP +\&\fBsk_TYPE_set_cmp_func()\fR returns the old comparison function or \fB\s-1NULL\s0\fR if +there was no old comparison function. +.PP +\&\fBsk_TYPE_free()\fR, \fBsk_TYPE_zero()\fR, \fBsk_TYPE_pop_free()\fR and \fBsk_TYPE_sort()\fR do +not return values. +.PP +\&\fBsk_TYPE_pop()\fR, \fBsk_TYPE_shift()\fR, \fBsk_TYPE_delete()\fR and \fBsk_TYPE_delete_ptr()\fR +return a pointer to the deleted element or \fB\s-1NULL\s0\fR on error. +.PP +\&\fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR and \fBsk_TYPE_unshift()\fR return the total +number of elements in the stack and 0 if an error occurred. +.PP +\&\fBsk_TYPE_set()\fR returns a pointer to the replacement element or \fB\s-1NULL\s0\fR on +error. +.PP +\&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR return an index to the found element +or \fB\-1\fR on error. +.PP +\&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if the stack is sorted and \fB0\fR if it is +not. +.PP +\&\fBsk_TYPE_dup()\fR and \fBsk_TYPE_deep_copy()\fR return a pointer to the copy of the +stack. +.SH "HISTORY" +.IX Header "HISTORY" +Before OpenSSL 1.1.0, this was implemented via macros and not inline functions +and was not a public \s-1API.\s0 +.PP +\&\fBsk_TYPE_reserve()\fR and \fBsk_TYPE_new_reserve()\fR were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DES_random_key.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DES_random_key.3 new file mode 100644 index 00000000..debdb963 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DES_random_key.3 @@ -0,0 +1,444 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DES_RANDOM_KEY 3" +.TH DES_RANDOM_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, DES_fcrypt, DES_crypt \- DES encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DES_random_key(DES_cblock *ret); +\& +\& int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); +\& void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); +\& +\& void DES_set_odd_parity(DES_cblock *key); +\& int DES_is_weak_key(const_DES_cblock *key); +\& +\& void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks, int enc); +\& void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, int enc); +\& void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, +\& DES_key_schedule *ks3, int enc); +\& +\& void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int enc); +\& void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec, int enc); +\& void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec); +\& void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int enc); +\& void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int *num, int enc); +\& void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int *num); +\& +\& void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& const_DES_cblock *inw, const_DES_cblock *outw, int enc); +\& +\& void DES_ede2_cbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int enc); +\& void DES_ede2_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, +\& int *num, int enc); +\& void DES_ede2_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int *num); +\& +\& void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int enc); +\& void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int *num, int enc); +\& void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int *num); +\& +\& DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, +\& long length, DES_key_schedule *schedule, +\& const_DES_cblock *ivec); +\& DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], +\& long length, int out_count, DES_cblock *seed); +\& void DES_string_to_key(const char *str, DES_cblock *key); +\& void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); +\& +\& char *DES_fcrypt(const char *buf, const char *salt, char *ret); +\& char *DES_crypt(const char *buf, const char *salt); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library contains a fast implementation of the \s-1DES\s0 encryption +algorithm. +.PP +There are two phases to the use of \s-1DES\s0 encryption. The first is the +generation of a \fIDES_key_schedule\fR from a key, the second is the +actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type +consists of 8 bytes with odd parity. The least significant bit in +each byte is the parity bit. The key schedule is an expanded form of +the key; it is used to speed the encryption process. +.PP +\&\fBDES_random_key()\fR generates a random key. The random generator must be +seeded when calling this function. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +If the function fails, 0 is returned. +.PP +Before a \s-1DES\s0 key can be used, it must be converted into the +architecture dependent \fIDES_key_schedule\fR via the +\&\fBDES_set_key_checked()\fR or \fBDES_set_key_unchecked()\fR function. +.PP +\&\fBDES_set_key_checked()\fR will check that the key passed is of odd parity +and is not a weak or semi-weak key. If the parity is wrong, then \-1 +is returned. If the key is a weak key, then \-2 is returned. If an +error is returned, the key schedule is not generated. +.PP +\&\fBDES_set_key()\fR works like +\&\fBDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero, +otherwise like \fBDES_set_key_unchecked()\fR. These functions are available +for compatibility; it is recommended to use a function that does not +depend on a global variable. +.PP +\&\fBDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. +.PP +\&\fBDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it +is ok. +.PP +The following routines mostly operate on an input and output stream of +\&\fIDES_cblock\fRs. +.PP +\&\fBDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or +decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR +(\s-1ECB\s0) mode. It always transforms the input data, pointed to by +\&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument. +If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR +(cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the +key_schedule specified by the \fIschedule\fR argument, previously set via +\&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now +ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input +and output may overlap. \fBDES_ecb_encrypt()\fR does not return a value. +.PP +\&\fBDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using +three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting +the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and +then encrypting with \fIks3\fR. This routine greatly reduces the chances +of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR, +\&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption +using \s-1ECB\s0 mode and \fIks1\fR as the key. +.PP +The macro \fBDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES +encryption by using \fIks1\fR for the final encryption. +.PP +\&\fBDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR +(\s-1CBC\s0) mode of \s-1DES.\s0 If the \fIencrypt\fR argument is non-zero, the +routine cipher-block-chain encrypts the cleartext data pointed to by +the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR +argument, using the key schedule provided by the \fIschedule\fR argument, +and initialization vector provided by the \fIivec\fR argument. If the +\&\fIlength\fR argument is not an integral multiple of eight bytes, the +last block is copied to a temporary area and zero filled. The output +is always an integral multiple of eight bytes. +.PP +\&\fBDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES.\s0 It uses \fIinw\fR and +\&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret +(unlike the iv) and are as such, part of the key. So the key is sort +of 24 bytes. This is much better than \s-1CBC DES.\s0 +.PP +\&\fBDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with +three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is +\&\f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0 +.PP +The \fBDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by +reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. +This form of Triple-DES is used by the \s-1RSAREF\s0 library. +.PP +\&\fBDES_pcbc_encrypt()\fR encrypts/decrypts using the propagating cipher block +chaining mode used by Kerberos v4. Its parameters are the same as +\&\fBDES_ncbc_encrypt()\fR. +.PP +\&\fBDES_cfb_encrypt()\fR encrypts/decrypts using cipher feedback mode. This +method takes an array of characters as input and outputs an array of +characters. It does not require any padding to 8 character groups. +Note: the \fIivec\fR variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only +suggested for use when sending a small number of characters. +.PP +\&\fBDES_cfb64_encrypt()\fR +implements \s-1CFB\s0 mode of \s-1DES\s0 with 64\-bit feedback. Why is this +useful you ask? Because this routine will allow you to encrypt an +arbitrary number of bytes, without 8 byte padding. Each call to this +routine will encrypt the input bytes to output and then update ivec +and num. num contains 'how far' we are though ivec. If this does +not make much sense, read more about \s-1CFB\s0 mode of \s-1DES.\s0 +.PP +\&\fBDES_ede3_cfb64_encrypt()\fR and \fBDES_ede2_cfb64_encrypt()\fR is the same as +\&\fBDES_cfb64_encrypt()\fR except that Triple-DES is used. +.PP +\&\fBDES_ofb_encrypt()\fR encrypts using output feedback mode. This method +takes an array of characters as input and outputs an array of +characters. It does not require any padding to 8 character groups. +Note: the \fIivec\fR variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only +suggested for use when sending a small number of characters. +.PP +\&\fBDES_ofb64_encrypt()\fR is the same as \fBDES_cfb64_encrypt()\fR using Output +Feed Back mode. +.PP +\&\fBDES_ede3_ofb64_encrypt()\fR and \fBDES_ede2_ofb64_encrypt()\fR is the same as +\&\fBDES_ofb64_encrypt()\fR, using Triple-DES. +.PP +The following functions are included in the \s-1DES\s0 library for +compatibility with the \s-1MIT\s0 Kerberos library. +.PP +\&\fBDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream +(via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned +and the complete 8 bytes are placed in \fIoutput\fR. This function is +used by Kerberos v4. Other applications should use +\&\fBEVP_DigestInit\fR\|(3) etc. instead. +.PP +\&\fBDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte +checksum from the input bytes. The algorithm can be iterated over the +input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is +non-NULL, the 8 bytes generated by each pass are written into +\&\fIoutput\fR. +.PP +The following are DES-based transformations: +.PP +\&\fBDES_fcrypt()\fR is a fast version of the Unix \fBcrypt\fR\|(3) function. This +version takes only a small amount of space relative to other fast +\&\fBcrypt()\fR implementations. This is different to the normal \fBcrypt()\fR in +that the third parameter is the buffer that the return value is +written into. It needs to be at least 14 bytes long. This function +is thread safe, unlike the normal \fBcrypt()\fR. +.PP +\&\fBDES_crypt()\fR is a faster replacement for the normal system \fBcrypt()\fR. +This function calls \fBDES_fcrypt()\fR with a static array passed as the +third parameter. This mostly emulates the normal non-thread-safe semantics +of \fBcrypt\fR\|(3). +The \fBsalt\fR must be two \s-1ASCII\s0 characters. +.PP +The values returned by \fBDES_fcrypt()\fR and \fBDES_crypt()\fR are terminated by \s-1NUL\s0 +character. +.PP +\&\fBDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from +buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default) +using \fIsched\fR for the key and \fIiv\fR as a starting vector. The actual +data send down \fIfd\fR consists of 4 bytes (in network byte order) +containing the length of the following encrypted data. The encrypted +data then follows, padded with random data out to a multiple of 8 +bytes. +.SH "BUGS" +.IX Header "BUGS" +\&\fBDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fBDES_ncbc_encrypt()\fR +instead. +.PP +\&\fBDES_cfb_encrypt()\fR and \fBDES_ofb_encrypt()\fR operates on input of 8 bits. +What this means is that if you set numbits to 12, and length to 2, the +first 12 bits will come from the 1st input byte and the low half of +the second input byte. The second 12 bits will have the low 8 bits +taken from the 3rd input byte and the top 4 bits taken from the 4th +input byte. The same holds for output. This function has been +implemented this way because most people will be using a multiple of 8 +and because once you get into pulling bytes input bytes apart things +get ugly! +.PP +\&\fBDES_string_to_key()\fR is available for backward compatibility with the +\&\s-1MIT\s0 library. New applications should use a cryptographic hash function. +The same applies for \fBDES_string_to_2key()\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fBdes\fR library was written to be source code compatible with +the \s-1MIT\s0 Kerberos library. +.PP +Applications should use the higher level functions +\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these +functions directly. +.PP +Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is +not suitable for most applications; see \fBdes_modes\fR\|(7). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDES_set_key()\fR, \fBDES_key_sched()\fR, \fBDES_set_key_checked()\fR and \fBDES_is_weak_key()\fR +return 0 on success or negative values on error. +.PP +\&\fBDES_cbc_cksum()\fR and \fBDES_quad_cksum()\fR return 4\-byte integer representing the +last 4 bytes of the checksum of the input. +.PP +\&\fBDES_fcrypt()\fR returns a pointer to the caller-provided buffer and \fBDES_crypt()\fR \- +to a static buffer on success; otherwise they return \s-1NULL.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBdes_modes\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The requirement that the \fBsalt\fR parameter to \fBDES_crypt()\fR and \fBDES_fcrypt()\fR +be two \s-1ASCII\s0 characters was first enforced in +OpenSSL 1.1.0. Previous versions tried to use the letter uppercase \fBA\fR +if both character were not present, and could crash when given non-ASCII +on some platforms. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_generate_key.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_generate_key.3 new file mode 100644 index 00000000..637d4a87 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_generate_key.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GENERATE_KEY 3" +.TH DH_GENERATE_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_generate_key, DH_compute_key \- perform Diffie\-Hellman key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DH_generate_key(DH *dh); +\& +\& int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_generate_key()\fR performs the first step of a Diffie-Hellman key +exchange by generating private and public \s-1DH\s0 values. By calling +\&\fBDH_compute_key()\fR, these are combined with the other party's public +value to compute the shared key. +.PP +\&\fBDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters +\&\fBdh\->p\fR and \fBdh\->g\fR. It generates a random private \s-1DH\s0 value +unless \fBdh\->priv_key\fR is already set, and computes the +corresponding public value \fBdh\->pub_key\fR, which can then be +published. +.PP +\&\fBDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value +in \fBdh\fR and the other party's public value in \fBpub_key\fR and stores +it in \fBkey\fR. \fBkey\fR must point to \fBDH_size(dh)\fR bytes of memory. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_generate_key()\fR returns 1 on success, 0 otherwise. +.PP +\&\fBDH_compute_key()\fR returns the size of the shared secret on success, \-1 +on error. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBDH_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_generate_parameters.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_generate_parameters.3 new file mode 100644 index 00000000..3de6f6de --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_generate_parameters.3 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GENERATE_PARAMETERS 3" +.TH DH_GENERATE_PARAMETERS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_generate_parameters_ex, DH_generate_parameters, DH_check, DH_check_params, DH_check_ex, DH_check_params_ex, DH_check_pub_key_ex \&\- generate and check Diffie\-Hellman parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb); +\& +\& int DH_check(DH *dh, int *codes); +\& int DH_check_params(DH *dh, int *codes); +\& +\& int DH_check_ex(const DH *dh); +\& int DH_check_params_ex(const DH *dh); +\& int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& #if OPENSSL_API_COMPAT < 0x00908000L +\& DH *DH_generate_parameters(int prime_len, int generator, +\& void (*callback)(int, int, void *), void *cb_arg); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can +be shared among a group of users, and stores them in the provided \fB\s-1DH\s0\fR +structure. The pseudo-random number generator must be +seeded before calling it. +The parameters generated by \fBDH_generate_parameters_ex()\fR should not be used in +signature schemes. +.PP +\&\fBprime_len\fR is the length in bits of the safe prime to be generated. +\&\fBgenerator\fR is a small number > 1, typically 2 or 5. +.PP +A callback function may be used to provide feedback about the progress +of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be +called as described in \fBBN_generate_prime\fR\|(3) while a random prime +number is generated, and when a prime has been found, \fBBN_GENCB_call(cb, 3, 0)\fR +is called. See \fBBN_generate_prime_ex\fR\|(3) for information on +the \fBBN_GENCB_call()\fR function. +.PP +\&\fBDH_generate_parameters()\fR is similar to \fBDH_generate_prime_ex()\fR but +expects an old-style callback function; see +\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. +.PP +\&\fBDH_check_params()\fR confirms that the \fBp\fR and \fBg\fR are likely enough to +be valid. +This is a lightweight check, if a more thorough check is needed, use +\&\fBDH_check()\fR. +The value of \fB*codes\fR is updated with any problems found. +If \fB*codes\fR is zero then no problems were found, otherwise the +following bits may be set: +.IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 +.IX Item "DH_CHECK_P_NOT_PRIME" +The parameter \fBp\fR has been determined to not being an odd prime. +Note that the lack of this bit doesn't guarantee that \fBp\fR is a +prime. +.IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 +.IX Item "DH_NOT_SUITABLE_GENERATOR" +The generator \fBg\fR is not suitable. +Note that the lack of this bit doesn't guarantee that \fBg\fR is +suitable, unless \fBp\fR is known to be a strong prime. +.PP +\&\fBDH_check()\fR confirms that the Diffie-Hellman parameters \fBdh\fR are valid. The +value of \fB*codes\fR is updated with any problems found. If \fB*codes\fR is zero then +no problems were found, otherwise the following bits may be set: +.IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 +.IX Item "DH_CHECK_P_NOT_PRIME" +The parameter \fBp\fR is not prime. +.IP "\s-1DH_CHECK_P_NOT_SAFE_PRIME\s0" 4 +.IX Item "DH_CHECK_P_NOT_SAFE_PRIME" +The parameter \fBp\fR is not a safe prime and no \fBq\fR value is present. +.IP "\s-1DH_UNABLE_TO_CHECK_GENERATOR\s0" 4 +.IX Item "DH_UNABLE_TO_CHECK_GENERATOR" +The generator \fBg\fR cannot be checked for suitability. +.IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 +.IX Item "DH_NOT_SUITABLE_GENERATOR" +The generator \fBg\fR is not suitable. +.IP "\s-1DH_CHECK_Q_NOT_PRIME\s0" 4 +.IX Item "DH_CHECK_Q_NOT_PRIME" +The parameter \fBq\fR is not prime. +.IP "\s-1DH_CHECK_INVALID_Q_VALUE\s0" 4 +.IX Item "DH_CHECK_INVALID_Q_VALUE" +The parameter \fBq\fR is invalid. +.IP "\s-1DH_CHECK_INVALID_J_VALUE\s0" 4 +.IX Item "DH_CHECK_INVALID_J_VALUE" +The parameter \fBj\fR is invalid. +.PP +\&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR are similar to +\&\fBDH_check()\fR and \fBDH_check_params()\fR respectively, but the error reasons are added +to the thread's error queue instead of provided as return values from the +function. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_generate_parameters_ex()\fR, \fBDH_check()\fR and \fBDH_check_params()\fR return 1 +if the check could be performed, 0 otherwise. +.PP +\&\fBDH_generate_parameters()\fR returns a pointer to the \s-1DH\s0 structure or \s-1NULL\s0 if +the parameter generation fails. +.PP +\&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR return 1 if the +check is successful, 0 for failed. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDH_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBDH_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use +\&\fBDH_generate_parameters_ex()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_get0_pqg.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_get0_pqg.3 new file mode 100644 index 00000000..0a226aef --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_get0_pqg.3 @@ -0,0 +1,254 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GET0_PQG 3" +.TH DH_GET0_PQG 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, DH_get0_p, DH_get0_q, DH_get0_g, DH_get0_priv_key, DH_get0_pub_key, DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, DH_get_length, DH_set_length \- Routines for getting and setting data in a DH object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DH_get0_pqg(const DH *dh, +\& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +\& int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +\& void DH_get0_key(const DH *dh, +\& const BIGNUM **pub_key, const BIGNUM **priv_key); +\& int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +\& const BIGNUM *DH_get0_p(const DH *dh); +\& const BIGNUM *DH_get0_q(const DH *dh); +\& const BIGNUM *DH_get0_g(const DH *dh); +\& const BIGNUM *DH_get0_priv_key(const DH *dh); +\& const BIGNUM *DH_get0_pub_key(const DH *dh); +\& void DH_clear_flags(DH *dh, int flags); +\& int DH_test_flags(const DH *dh, int flags); +\& void DH_set_flags(DH *dh, int flags); +\& ENGINE *DH_get0_engine(DH *d); +\& long DH_get_length(const DH *dh); +\& int DH_set_length(DH *dh, long length); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1DH\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. Note that the \fBq\fR +parameter is optional. It also contains a public key (\fBpub_key\fR) and +(optionally) a private key (\fBpriv_key\fR). +.PP +The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDH_get0_pqg()\fR. +If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set +to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These +point directly to the internal representations of the values and therefore +should not be freed directly. +Any of the out parameters \fBp\fR, \fBq\fR, and \fBg\fR can be \s-1NULL,\s0 in which case no +value will be returned for that parameter. +.PP +The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDH_set0_pqg()\fR and passing +the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling +this function transfers the memory management of the values to the \s-1DH\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. The \fBq\fR parameter may be \s-1NULL.\s0 +.PP +To get the public and private key values use the \fBDH_get0_key()\fR function. A +pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the +private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not +been set yet, although if the private key has been set then the public key must +be. The values point to the internal representation of the public key and +private key values. This memory should not be freed directly. +Any of the out parameters \fBpub_key\fR and \fBpriv_key\fR can be \s-1NULL,\s0 in which case +no value will be returned for that parameter. +.PP +The public and private key values can be set using \fBDH_set0_key()\fR. Either +parameter may be \s-1NULL,\s0 which means the corresponding \s-1DH\s0 field is left +untouched. As with \fBDH_set0_pqg()\fR this function transfers the memory management +of the key values to the \s-1DH\s0 object, and therefore they should not be freed +directly after this function has been called. +.PP +Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be +retrieved separately by the corresponding function \fBDH_get0_p()\fR, \fBDH_get0_q()\fR, +\&\fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR, respectively. +.PP +\&\fBDH_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DH\s0 object. +Multiple flags can be passed in one go (bitwise ORed together). Any flags that +are already set are left set. \fBDH_test_flags()\fR tests to see whether the flags +passed in the \fBflags\fR parameter are currently set in the \s-1DH\s0 object. Multiple +flags can be tested in one go. All flags that are currently set are returned, or +zero if none of the flags are set. \fBDH_clear_flags()\fR clears the specified flags +within the \s-1DH\s0 object. +.PP +\&\fBDH_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DH\s0 +object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. +.PP +The \fBDH_get_length()\fR and \fBDH_set_length()\fR functions get and set the optional +length parameter associated with this \s-1DH\s0 object. If the length is non-zero then +it is used, otherwise it is ignored. The \fBlength\fR parameter indicates the +length of the secret exponent (private key) in bits. +.SH "NOTES" +.IX Header "NOTES" +Values retrieved with \fBDH_get0_key()\fR are owned by the \s-1DH\s0 object used +in the call and may therefore \fInot\fR be passed to \fBDH_set0_key()\fR. If +needed, duplicate the received value using \fBBN_dup()\fR and pass the +duplicate. The same applies to \fBDH_get0_pqg()\fR and \fBDH_set0_pqg()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_set0_pqg()\fR and \fBDH_set0_key()\fR return 1 on success or 0 on failure. +.PP +\&\fBDH_get0_p()\fR, \fBDH_get0_q()\fR, \fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR +return the respective value, or \s-1NULL\s0 if it is unset. +.PP +\&\fBDH_test_flags()\fR returns the current state of the flags in the \s-1DH\s0 object. +.PP +\&\fBDH_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DH\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 +has been set. +.PP +\&\fBDH_get_length()\fR returns the length of the secret exponent (private key) in bits, +or zero if no such length has been explicitly set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3), +\&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_get_1024_160.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_get_1024_160.3 new file mode 100644 index 00000000..03513428 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_get_1024_160.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GET_1024_160 3" +.TH DH_GET_1024_160 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_get_1024_160, DH_get_2048_224, DH_get_2048_256, BN_get0_nist_prime_192, BN_get0_nist_prime_224, BN_get0_nist_prime_256, BN_get0_nist_prime_384, BN_get0_nist_prime_521, BN_get_rfc2409_prime_768, BN_get_rfc2409_prime_1024, BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192 \&\- Create standardized public primes or DH pairs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& #include +\& DH *DH_get_1024_160(void) +\& DH *DH_get_2048_224(void) +\& DH *DH_get_2048_256(void) +\& +\& const BIGNUM *BN_get0_nist_prime_192(void) +\& const BIGNUM *BN_get0_nist_prime_224(void) +\& const BIGNUM *BN_get0_nist_prime_256(void) +\& const BIGNUM *BN_get0_nist_prime_384(void) +\& const BIGNUM *BN_get0_nist_prime_521(void) +\& +\& BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) +\& BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_get_1024_160()\fR, \fBDH_get_2048_224()\fR, and \fBDH_get_2048_256()\fR each return +a \s-1DH\s0 object for the \s-1IETF RFC 5114\s0 value. +.PP +\&\fBBN_get0_nist_prime_192()\fR, \fBBN_get0_nist_prime_224()\fR, \fBBN_get0_nist_prime_256()\fR, +\&\fBBN_get0_nist_prime_384()\fR, and \fBBN_get0_nist_prime_521()\fR functions return +a \s-1BIGNUM\s0 for the specific \s-1NIST\s0 prime curve (e.g., P\-256). +.PP +\&\fBBN_get_rfc2409_prime_768()\fR, \fBBN_get_rfc2409_prime_1024()\fR, +\&\fBBN_get_rfc3526_prime_1536()\fR, \fBBN_get_rfc3526_prime_2048()\fR, +\&\fBBN_get_rfc3526_prime_3072()\fR, \fBBN_get_rfc3526_prime_4096()\fR, +\&\fBBN_get_rfc3526_prime_6144()\fR, and \fBBN_get_rfc3526_prime_8192()\fR functions +return a \s-1BIGNUM\s0 for the specified size from \s-1IETF RFC 2409.\s0 If \fBbn\fR +is not \s-1NULL,\s0 the \s-1BIGNUM\s0 will be set into that location as well. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Defined above. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_meth_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_meth_new.3 new file mode 100644 index 00000000..15172015 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_meth_new.3 @@ -0,0 +1,294 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_METH_NEW 3" +.TH DH_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data, DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key, DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp, DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish, DH_meth_get_generate_params, DH_meth_set_generate_params \- Routines to build up DH methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH_METHOD *DH_meth_new(const char *name, int flags); +\& +\& void DH_meth_free(DH_METHOD *dhm); +\& +\& DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); +\& +\& const char *DH_meth_get0_name(const DH_METHOD *dhm); +\& int DH_meth_set1_name(DH_METHOD *dhm, const char *name); +\& +\& int DH_meth_get_flags(const DH_METHOD *dhm); +\& int DH_meth_set_flags(DH_METHOD *dhm, int flags); +\& +\& void *DH_meth_get0_app_data(const DH_METHOD *dhm); +\& int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); +\& +\& int (*DH_meth_get_generate_key(const DH_METHOD *dhm))(DH *); +\& int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key)(DH *)); +\& +\& int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) +\& (unsigned char *key, const BIGNUM *pub_key, DH *dh); +\& int DH_meth_set_compute_key(DH_METHOD *dhm, +\& int (*compute_key)(unsigned char *key, const BIGNUM *pub_key, DH *dh)); +\& +\& int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) +\& (const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +\& int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, +\& int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *m_ctx)); +\& +\& int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); +\& int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); +\& +\& int (*DH_meth_get_finish(const DH_METHOD *dhm))(DH *); +\& int DH_meth_set_finish(DH_METHOD *dhm, int (*finish)(DH *)); +\& +\& int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) +\& (DH *, int, int, BN_GENCB *); +\& int DH_meth_set_generate_params(DH_METHOD *dhm, +\& int (*generate_params)(DH *, int, int, BN_GENCB *)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1DH_METHOD\s0\fR type is a structure used for the provision of custom \s-1DH\s0 +implementations. It provides a set of functions used by OpenSSL for the +implementation of the various \s-1DH\s0 capabilities. +.PP +\&\fBDH_meth_new()\fR creates a new \fB\s-1DH_METHOD\s0\fR structure. It should be given a +unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated +string, which will be duplicated and stored in the \fB\s-1DH_METHOD\s0\fR object. It is +the callers responsibility to free the original string. The flags will be used +during the construction of a new \fB\s-1DH\s0\fR object based on this \fB\s-1DH_METHOD\s0\fR. Any +new \fB\s-1DH\s0\fR object will have those flags set by default. +.PP +\&\fBDH_meth_dup()\fR creates a duplicate copy of the \fB\s-1DH_METHOD\s0\fR object passed as a +parameter. This might be useful for creating a new \fB\s-1DH_METHOD\s0\fR based on an +existing one, but with some differences. +.PP +\&\fBDH_meth_free()\fR destroys a \fB\s-1DH_METHOD\s0\fR structure and frees up any memory +associated with it. +.PP +\&\fBDH_meth_get0_name()\fR will return a pointer to the name of this \s-1DH_METHOD.\s0 This +is a pointer to the internal name string and so should not be freed by the +caller. \fBDH_meth_set1_name()\fR sets the name of the \s-1DH_METHOD\s0 to \fBname\fR. The +string is duplicated and the copy is stored in the \s-1DH_METHOD\s0 structure, so the +caller remains responsible for freeing the memory associated with the name. +.PP +\&\fBDH_meth_get_flags()\fR returns the current value of the flags associated with this +\&\s-1DH_METHOD.\s0 \fBDH_meth_set_flags()\fR provides the ability to set these flags. +.PP +The functions \fBDH_meth_get0_app_data()\fR and \fBDH_meth_set0_app_data()\fR provide the +ability to associate implementation specific data with the \s-1DH_METHOD.\s0 It is +the application's responsibility to free this data before the \s-1DH_METHOD\s0 is +freed via a call to \fBDH_meth_free()\fR. +.PP +\&\fBDH_meth_get_generate_key()\fR and \fBDH_meth_set_generate_key()\fR get and set the +function used for generating a new \s-1DH\s0 key pair respectively. This function will +be called in response to the application calling \fBDH_generate_key()\fR. The +parameter for the function has the same meaning as for \fBDH_generate_key()\fR. +.PP +\&\fBDH_meth_get_compute_key()\fR and \fBDH_meth_set_compute_key()\fR get and set the +function used for computing a new \s-1DH\s0 shared secret respectively. This function +will be called in response to the application calling \fBDH_compute_key()\fR. The +parameters for the function have the same meaning as for \fBDH_compute_key()\fR. +.PP +\&\fBDH_meth_get_bn_mod_exp()\fR and \fBDH_meth_set_bn_mod_exp()\fR get and set the function +used for computing the following value: +.PP +.Vb 1 +\& r = a ^ p mod m +.Ve +.PP +This function will be called by the default OpenSSL function for +\&\fBDH_generate_key()\fR. The result is stored in the \fBr\fR parameter. This function +may be \s-1NULL\s0 unless using the default generate key function, in which case it +must be present. +.PP +\&\fBDH_meth_get_init()\fR and \fBDH_meth_set_init()\fR get and set the function used +for creating a new \s-1DH\s0 instance respectively. This function will be +called in response to the application calling \fBDH_new()\fR (if the current default +\&\s-1DH_METHOD\s0 is this one) or \fBDH_new_method()\fR. The \fBDH_new()\fR and \fBDH_new_method()\fR +functions will allocate the memory for the new \s-1DH\s0 object, and a pointer to this +newly allocated structure will be passed as a parameter to the function. This +function may be \s-1NULL.\s0 +.PP +\&\fBDH_meth_get_finish()\fR and \fBDH_meth_set_finish()\fR get and set the function used +for destroying an instance of a \s-1DH\s0 object respectively. This function will be +called in response to the application calling \fBDH_free()\fR. A pointer to the \s-1DH\s0 +to be destroyed is passed as a parameter. The destroy function should be used +for \s-1DH\s0 implementation specific clean up. The memory for the \s-1DH\s0 itself should +not be freed by this function. This function may be \s-1NULL.\s0 +.PP +\&\fBDH_meth_get_generate_params()\fR and \fBDH_meth_set_generate_params()\fR get and set the +function used for generating \s-1DH\s0 parameters respectively. This function will be +called in response to the application calling \fBDH_generate_parameters_ex()\fR (or +\&\fBDH_generate_parameters()\fR). The parameters for the function have the same +meaning as for \fBDH_generate_parameters_ex()\fR. This function may be \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_meth_new()\fR and \fBDH_meth_dup()\fR return the newly allocated \s-1DH_METHOD\s0 object +or \s-1NULL\s0 on failure. +.PP +\&\fBDH_meth_get0_name()\fR and \fBDH_meth_get_flags()\fR return the name and flags +associated with the \s-1DH_METHOD\s0 respectively. +.PP +All other DH_meth_get_*() functions return the appropriate function pointer +that has been set in the \s-1DH_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been +set. +.PP +\&\fBDH_meth_set1_name()\fR and all DH_meth_set_*() functions return 1 on success or +0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3), +\&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_get0_pqg\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_new.3 new file mode 100644 index 00000000..f765fc81 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_new.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_NEW 3" +.TH DH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_new, DH_free \- allocate and free DH objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH* DH_new(void); +\& +\& void DH_free(DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure. +.PP +\&\fBDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are +erased before the memory is returned to the system. +If \fBdh\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns +a pointer to the newly allocated structure. +.PP +\&\fBDH_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBDH_generate_parameters\fR\|(3), +\&\fBDH_generate_key\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_new_by_nid.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_new_by_nid.3 new file mode 100644 index 00000000..c993ebe4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_new_by_nid.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_NEW_BY_NID 3" +.TH DH_NEW_BY_NID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_new_by_nid, DH_get_nid \- get or find DH named parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& #include +\& DH *DH_new_by_nid(int nid); +\& int *DH_get_nid(const DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_new_by_nid()\fR creates and returns a \s-1DH\s0 structure containing named parameters +\&\fBnid\fR. Currently \fBnid\fR must be \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, +\&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR or \fBNID_ffdhe8192\fR. +.PP +\&\fBDH_get_nid()\fR determines if the parameters contained in \fBdh\fR match +any named set. It returns the \s-1NID\s0 corresponding to the matching parameters or +\&\fBNID_undef\fR if there is no match. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_new_by_nid()\fR returns a set of \s-1DH\s0 parameters or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBDH_get_nid()\fR returns the \s-1NID\s0 of the matching set of parameters or +\&\fBNID_undef\fR if there is no match. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_set_method.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_set_method.3 new file mode 100644 index 00000000..f9f0c1f0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_set_method.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_SET_METHOD 3" +.TH DH_SET_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_set_default_method, DH_get_default_method, DH_set_method, DH_new_method, DH_OpenSSL \- select DH method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DH_set_default_method(const DH_METHOD *meth); +\& +\& const DH_METHOD *DH_get_default_method(void); +\& +\& int DH_set_method(DH *dh, const DH_METHOD *meth); +\& +\& DH *DH_new_method(ENGINE *engine); +\& +\& const DH_METHOD *DH_OpenSSL(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DH API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +.PP +Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as +returned by \fBDH_OpenSSL()\fR. +.PP +\&\fBDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 +structures created later. +\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set +as a default for \s-1DH,\s0 so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fBDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0 +However, the meaningfulness of this result is dependent on whether the \s-1ENGINE +API\s0 is being used, so this function is no longer recommended. +.PP +\&\fBDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. +This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method +was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the +change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 +implementations (eg. from an \s-1ENGINE\s0 module that supports embedded +hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 +for the key can have unexpected results. +.PP +\&\fBDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will +be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1DH\s0 +operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by +\&\fBDH_set_default_method()\fR is used. +.PP +A new \s-1DH_METHOD\s0 object may be constructed using \fBDH_meth_new()\fR (see +\&\fBDH_meth_new\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_OpenSSL()\fR and \fBDH_get_default_method()\fR return pointers to the respective +\&\fB\s-1DH_METHOD\s0\fRs. +.PP +\&\fBDH_set_default_method()\fR returns no value. +.PP +\&\fBDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). +.PP +\&\fBDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by +\&\fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it +returns a pointer to the newly allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_size.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_size.3 new file mode 100644 index 00000000..ecdc0b9a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DH_size.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_SIZE 3" +.TH DH_SIZE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_size, DH_bits, DH_security_bits \- get Diffie\-Hellman prime size and security bits +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DH_size(const DH *dh); +\& +\& int DH_bits(const DH *dh); +\& +\& int DH_security_bits(const DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_size()\fR returns the Diffie-Hellman prime size in bytes. It can be used +to determine how much memory must be allocated for the shared secret +computed by \fBDH_compute_key\fR\|(3). +.PP +\&\fBDH_bits()\fR returns the number of significant bits. +.PP +\&\fBdh\fR and \fBdh\->p\fR must not be \fB\s-1NULL\s0\fR. +.PP +\&\fBDH_security_bits()\fR returns the number of security bits of the given \fBdh\fR +key. See \fBBN_security_bits\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_size()\fR returns the prime size of Diffie-Hellman in bytes. +.PP +\&\fBDH_bits()\fR returns the number of bits in the key. +.PP +\&\fBDH_security_bits()\fR returns the number of security bits. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBDH_generate_key\fR\|(3), +\&\fBBN_num_bits\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBDH_bits()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_SIG_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_SIG_new.3 new file mode 100644 index 00000000..023b20af --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_SIG_new.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SIG_NEW 3" +.TH DSA_SIG_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_SIG_get0, DSA_SIG_set0, DSA_SIG_new, DSA_SIG_free \- allocate and free DSA signature objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA_SIG *DSA_SIG_new(void); +\& void DSA_SIG_free(DSA_SIG *a); +\& void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +\& int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_SIG_new()\fR allocates an empty \fB\s-1DSA_SIG\s0\fR structure. +.PP +\&\fBDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The +values are erased before the memory is returned to the system. +.PP +\&\fBDSA_SIG_get0()\fR returns internal pointers to the \fBr\fR and \fBs\fR values contained +in \fBsig\fR. +.PP +The \fBr\fR and \fBs\fR values can be set by calling \fBDSA_SIG_set0()\fR and passing the +new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this +function transfers the memory management of the values to the \s-1DSA_SIG\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an +error code that can be obtained by +\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer +to the newly allocated structure. +.PP +\&\fBDSA_SIG_free()\fR returns no value. +.PP +\&\fBDSA_SIG_set0()\fR returns 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBDSA_do_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_do_sign.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_do_sign.3 new file mode 100644 index 00000000..b0e978c3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_do_sign.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_DO_SIGN 3" +.TH DSA_DO_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_do_sign, DSA_do_verify \- raw DSA signature operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +\& +\& int DSA_do_verify(const unsigned char *dgst, int dgst_len, +\& DSA_SIG *sig, DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message +digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a +newly allocated \fB\s-1DSA_SIG\s0\fR structure. +.PP +\&\fBDSA_sign_setup\fR\|(3) may be used to precompute part +of the signing operation in case signature generation is +time-critical. +.PP +\&\fBDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given +message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer's public +key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fBDSA_do_verify()\fR +returns 1 for a valid signature, 0 for an incorrect signature and \-1 +on error. The error codes can be obtained by +\&\fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_SIG_new\fR\|(3), +\&\fBDSA_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_dup_DH.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_dup_DH.3 new file mode 100644 index 00000000..862a5977 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_dup_DH.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_DUP_DH 3" +.TH DSA_DUP_DH 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_dup_DH \- create a DH structure out of DSA structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH *DSA_dup_DH(const DSA *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q +is lost during that conversion, but the resulting \s-1DH\s0 parameters +contain its length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The +error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "NOTE" +.IX Header "NOTE" +Be careful to avoid small subgroup attacks when using this. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_generate_key.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_generate_key.3 new file mode 100644 index 00000000..7b62ff98 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_generate_key.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_GENERATE_KEY 3" +.TH DSA_GENERATE_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_generate_key \- generate DSA key pair +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_generate_key(DSA *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates +a new key pair and stores it in \fBa\->pub_key\fR and \fBa\->priv_key\fR. +.PP +The random generator must be seeded prior to calling \fBDSA_generate_key()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_generate_key()\fR returns 1 on success, 0 otherwise. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_generate_parameters_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_generate_parameters.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_generate_parameters.3 new file mode 100644 index 00000000..62466b66 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_generate_parameters.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_GENERATE_PARAMETERS 3" +.TH DSA_GENERATE_PARAMETERS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_generate_parameters_ex, DSA_generate_parameters \- generate DSA parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_generate_parameters_ex(DSA *dsa, int bits, +\& const unsigned char *seed, int seed_len, +\& int *counter_ret, unsigned long *h_ret, +\& BN_GENCB *cb); +.Ve +.PP +Deprecated: +.PP +.Vb 5 +\& #if OPENSSL_API_COMPAT < 0x00908000L +\& DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, +\& int *counter_ret, unsigned long *h_ret, +\& void (*callback)(int, int, void *), void *cb_arg); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_generate_parameters_ex()\fR generates primes p and q and a generator g +for use in the \s-1DSA\s0 and stores the result in \fBdsa\fR. +.PP +\&\fBbits\fR is the length of the prime p to be generated. +For lengths under 2048 bits, the length of q is 160 bits; for lengths +greater than or equal to 2048 bits, the length of q is set to 256 bits. +.PP +If \fBseed\fR is \s-1NULL,\s0 the primes will be generated at random. +If \fBseed_len\fR is less than the length of q, an error is returned. +.PP +\&\fBDSA_generate_parameters_ex()\fR places the iteration count in +*\fBcounter_ret\fR and a counter used for finding a generator in +*\fBh_ret\fR, unless these are \fB\s-1NULL\s0\fR. +.PP +A callback function may be used to provide feedback about the progress +of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be +called as shown below. For information on the \s-1BN_GENCB\s0 structure and the +BN_GENCB_call function discussed below, refer to +\&\fBBN_generate_prime\fR\|(3). +.PP +\&\fBDSA_generate_prime()\fR is similar to \fBDSA_generate_prime_ex()\fR but +expects an old-style callback function; see +\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. +.IP "\(bu" 2 +When a candidate for q is generated, \fBBN_GENCB_call(cb, 0, m++)\fR is called +(m is 0 for the first candidate). +.IP "\(bu" 2 +When a candidate for q has passed a test by trial division, +\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. +While a candidate for q is tested by Miller-Rabin primality tests, +\&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop +(once for each witness that confirms that the candidate may be prime); +i is the loop counter (starting at 0). +.IP "\(bu" 2 +When a prime q has been found, \fBBN_GENCB_call(cb, 2, 0)\fR and +\&\fBBN_GENCB_call(cb, 3, 0)\fR are called. +.IP "\(bu" 2 +Before a candidate for p (other than the first) is generated and tested, +\&\fBBN_GENCB_call(cb, 0, counter)\fR is called. +.IP "\(bu" 2 +When a candidate for p has passed the test by trial division, +\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. +While it is tested by the Miller-Rabin primality test, +\&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop +(once for each witness that confirms that the candidate may be prime). +i is the loop counter (starting at 0). +.IP "\(bu" 2 +When p has been found, \fBBN_GENCB_call(cb, 2, 1)\fR is called. +.IP "\(bu" 2 +When the generator has been found, \fBBN_GENCB_call(cb, 3, 1)\fR is called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.PP +\&\fBDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure or +\&\fB\s-1NULL\s0\fR if the parameter generation fails. +.SH "BUGS" +.IX Header "BUGS" +Seed lengths greater than 20 are not supported. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_free\fR\|(3), \fBBN_generate_prime\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBDSA_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use +\&\fBDSA_generate_parameters_ex()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_get0_pqg.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_get0_pqg.3 new file mode 100644 index 00000000..033b873e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_get0_pqg.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_GET0_PQG 3" +.TH DSA_GET0_PQG 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, DSA_get0_g, DSA_get0_pub_key, DSA_get0_priv_key, DSA_clear_flags, DSA_test_flags, DSA_set_flags, DSA_get0_engine \- Routines for getting and setting data in a DSA object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DSA_get0_pqg(const DSA *d, +\& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +\& int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +\& void DSA_get0_key(const DSA *d, +\& const BIGNUM **pub_key, const BIGNUM **priv_key); +\& int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +\& const BIGNUM *DSA_get0_p(const DSA *d); +\& const BIGNUM *DSA_get0_q(const DSA *d); +\& const BIGNUM *DSA_get0_g(const DSA *d); +\& const BIGNUM *DSA_get0_pub_key(const DSA *d); +\& const BIGNUM *DSA_get0_priv_key(const DSA *d); +\& void DSA_clear_flags(DSA *d, int flags); +\& int DSA_test_flags(const DSA *d, int flags); +\& void DSA_set_flags(DSA *d, int flags); +\& ENGINE *DSA_get0_engine(DSA *d); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1DSA\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. It also contains a +public key (\fBpub_key\fR) and (optionally) a private key (\fBpriv_key\fR). +.PP +The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDSA_get0_pqg()\fR. +If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set +to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These +point directly to the internal representations of the values and therefore +should not be freed directly. +.PP +The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDSA_set0_pqg()\fR and passing +the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling +this function transfers the memory management of the values to the \s-1DSA\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. +.PP +To get the public and private key values use the \fBDSA_get0_key()\fR function. A +pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the +private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not +been set yet, although if the private key has been set then the public key must +be. The values point to the internal representation of the public key and +private key values. This memory should not be freed directly. +.PP +The public and private key values can be set using \fBDSA_set0_key()\fR. The public +key must be non-NULL the first time this function is called on a given \s-1DSA\s0 +object. The private key may be \s-1NULL.\s0 On subsequent calls, either may be \s-1NULL,\s0 +which means the corresponding \s-1DSA\s0 field is left untouched. As for \fBDSA_set0_pqg()\fR +this function transfers the memory management of the key values to the \s-1DSA\s0 +object, and therefore they should not be freed directly after this function has +been called. +.PP +Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be +retrieved separately by the corresponding function \fBDSA_get0_p()\fR, \fBDSA_get0_q()\fR, +\&\fBDSA_get0_g()\fR, \fBDSA_get0_priv_key()\fR, and \fBDSA_get0_pub_key()\fR, respectively. +.PP +\&\fBDSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DSA\s0 object. +Multiple flags can be passed in one go (bitwise ORed together). Any flags that +are already set are left set. \fBDSA_test_flags()\fR tests to see whether the flags +passed in the \fBflags\fR parameter are currently set in the \s-1DSA\s0 object. Multiple +flags can be tested in one go. All flags that are currently set are returned, or +zero if none of the flags are set. \fBDSA_clear_flags()\fR clears the specified flags +within the \s-1DSA\s0 object. +.PP +\&\fBDSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DSA\s0 +object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. +.SH "NOTES" +.IX Header "NOTES" +Values retrieved with \fBDSA_get0_key()\fR are owned by the \s-1DSA\s0 object used +in the call and may therefore \fInot\fR be passed to \fBDSA_set0_key()\fR. If +needed, duplicate the received value using \fBBN_dup()\fR and pass the +duplicate. The same applies to \fBDSA_get0_pqg()\fR and \fBDSA_set0_pqg()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_set0_pqg()\fR and \fBDSA_set0_key()\fR return 1 on success or 0 on failure. +.PP +\&\fBDSA_test_flags()\fR returns the current state of the flags in the \s-1DSA\s0 object. +.PP +\&\fBDSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DSA\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 +has been set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3), +\&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3), +\&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_meth_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_meth_new.3 new file mode 100644 index 00000000..aca06aeb --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_meth_new.3 @@ -0,0 +1,342 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_METH_NEW 3" +.TH DSA_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign, DSA_meth_set_sign, DSA_meth_get_sign_setup, DSA_meth_set_sign_setup, DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen, DSA_meth_set_keygen \- Routines to build up DSA methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA_METHOD *DSA_meth_new(const char *name, int flags); +\& +\& void DSA_meth_free(DSA_METHOD *dsam); +\& +\& DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth); +\& +\& const char *DSA_meth_get0_name(const DSA_METHOD *dsam); +\& int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); +\& +\& int DSA_meth_get_flags(const DSA_METHOD *dsam); +\& int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); +\& +\& void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); +\& int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); +\& +\& DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))(const unsigned char *, +\& int, DSA *); +\& int DSA_meth_set_sign(DSA_METHOD *dsam, DSA_SIG *(*sign)(const unsigned char *, +\& int, DSA *)); +\& +\& int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))(DSA *, BN_CTX *,$ +\& BIGNUM **, BIGNUM **); +\& int DSA_meth_set_sign_setup(DSA_METHOD *dsam, int (*sign_setup)(DSA *, BN_CTX *, +\& BIGNUM **, BIGNUM **)); +\& +\& int (*DSA_meth_get_verify(const DSA_METHOD *dsam))(const unsigned char *, +\& int, DSA_SIG *, DSA *); +\& int DSA_meth_set_verify(DSA_METHOD *dsam, int (*verify)(const unsigned char *, +\& int, DSA_SIG *, DSA *)); +\& +\& int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *rr, BIGNUM *a1, +\& BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, +\& BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *in_mont); +\& int DSA_meth_set_mod_exp(DSA_METHOD *dsam, int (*mod_exp)(DSA *dsa, BIGNUM *rr, +\& BIGNUM *a1, BIGNUM *p1, +\& BIGNUM *a2, BIGNUM *p2, +\& BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *mont)); +\& +\& int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *r, BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *mont); +\& int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, int (*bn_mod_exp)(DSA *dsa, +\& BIGNUM *r, +\& BIGNUM *a, +\& const BIGNUM *p, +\& const BIGNUM *m, +\& BN_CTX *ctx, +\& BN_MONT_CTX *mont)); +\& +\& int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); +\& int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); +\& +\& int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *); +\& int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish)(DSA *)); +\& +\& int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))(DSA *, int, +\& const unsigned char *, +\& int, int *, unsigned long *, +\& BN_GENCB *); +\& int DSA_meth_set_paramgen(DSA_METHOD *dsam, +\& int (*paramgen)(DSA *, int, const unsigned char *, +\& int, int *, unsigned long *, BN_GENCB *)); +\& +\& int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *); +\& int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen)(DSA *)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1DSA_METHOD\s0\fR type is a structure used for the provision of custom \s-1DSA\s0 +implementations. It provides a set of functions used by OpenSSL for the +implementation of the various \s-1DSA\s0 capabilities. See the dsa page for more +information. +.PP +\&\fBDSA_meth_new()\fR creates a new \fB\s-1DSA_METHOD\s0\fR structure. It should be given a +unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated +string, which will be duplicated and stored in the \fB\s-1DSA_METHOD\s0\fR object. It is +the callers responsibility to free the original string. The flags will be used +during the construction of a new \fB\s-1DSA\s0\fR object based on this \fB\s-1DSA_METHOD\s0\fR. Any +new \fB\s-1DSA\s0\fR object will have those flags set by default. +.PP +\&\fBDSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1DSA_METHOD\s0\fR object passed as a +parameter. This might be useful for creating a new \fB\s-1DSA_METHOD\s0\fR based on an +existing one, but with some differences. +.PP +\&\fBDSA_meth_free()\fR destroys a \fB\s-1DSA_METHOD\s0\fR structure and frees up any memory +associated with it. +.PP +\&\fBDSA_meth_get0_name()\fR will return a pointer to the name of this \s-1DSA_METHOD.\s0 This +is a pointer to the internal name string and so should not be freed by the +caller. \fBDSA_meth_set1_name()\fR sets the name of the \s-1DSA_METHOD\s0 to \fBname\fR. The +string is duplicated and the copy is stored in the \s-1DSA_METHOD\s0 structure, so the +caller remains responsible for freeing the memory associated with the name. +.PP +\&\fBDSA_meth_get_flags()\fR returns the current value of the flags associated with this +\&\s-1DSA_METHOD.\s0 \fBDSA_meth_set_flags()\fR provides the ability to set these flags. +.PP +The functions \fBDSA_meth_get0_app_data()\fR and \fBDSA_meth_set0_app_data()\fR provide the +ability to associate implementation specific data with the \s-1DSA_METHOD.\s0 It is +the application's responsibility to free this data before the \s-1DSA_METHOD\s0 is +freed via a call to \fBDSA_meth_free()\fR. +.PP +\&\fBDSA_meth_get_sign()\fR and \fBDSA_meth_set_sign()\fR get and set the function used for +creating a \s-1DSA\s0 signature respectively. This function will be +called in response to the application calling \fBDSA_do_sign()\fR (or \fBDSA_sign()\fR). The +parameters for the function have the same meaning as for \fBDSA_do_sign()\fR. +.PP +\&\fBDSA_meth_get_sign_setup()\fR and \fBDSA_meth_set_sign_setup()\fR get and set the function +used for precalculating the \s-1DSA\s0 signature values \fBk^\-1\fR and \fBr\fR. This function +will be called in response to the application calling \fBDSA_sign_setup()\fR. The +parameters for the function have the same meaning as for \fBDSA_sign_setup()\fR. +.PP +\&\fBDSA_meth_get_verify()\fR and \fBDSA_meth_set_verify()\fR get and set the function used +for verifying a \s-1DSA\s0 signature respectively. This function will be called in +response to the application calling \fBDSA_do_verify()\fR (or \fBDSA_verify()\fR). The +parameters for the function have the same meaning as for \fBDSA_do_verify()\fR. +.PP +\&\fBDSA_meth_get_mod_exp()\fR and \fBDSA_meth_set_mod_exp()\fR get and set the function used +for computing the following value: +.PP +.Vb 1 +\& rr = a1^p1 * a2^p2 mod m +.Ve +.PP +This function will be called by the default OpenSSL method during verification +of a \s-1DSA\s0 signature. The result is stored in the \fBrr\fR parameter. This function +may be \s-1NULL.\s0 +.PP +\&\fBDSA_meth_get_bn_mod_exp()\fR and \fBDSA_meth_set_bn_mod_exp()\fR get and set the function +used for computing the following value: +.PP +.Vb 1 +\& r = a ^ p mod m +.Ve +.PP +This function will be called by the default OpenSSL function for +\&\fBDSA_sign_setup()\fR. The result is stored in the \fBr\fR parameter. This function +may be \s-1NULL.\s0 +.PP +\&\fBDSA_meth_get_init()\fR and \fBDSA_meth_set_init()\fR get and set the function used +for creating a new \s-1DSA\s0 instance respectively. This function will be +called in response to the application calling \fBDSA_new()\fR (if the current default +\&\s-1DSA_METHOD\s0 is this one) or \fBDSA_new_method()\fR. The \fBDSA_new()\fR and \fBDSA_new_method()\fR +functions will allocate the memory for the new \s-1DSA\s0 object, and a pointer to this +newly allocated structure will be passed as a parameter to the function. This +function may be \s-1NULL.\s0 +.PP +\&\fBDSA_meth_get_finish()\fR and \fBDSA_meth_set_finish()\fR get and set the function used +for destroying an instance of a \s-1DSA\s0 object respectively. This function will be +called in response to the application calling \fBDSA_free()\fR. A pointer to the \s-1DSA\s0 +to be destroyed is passed as a parameter. The destroy function should be used +for \s-1DSA\s0 implementation specific clean up. The memory for the \s-1DSA\s0 itself should +not be freed by this function. This function may be \s-1NULL.\s0 +.PP +\&\fBDSA_meth_get_paramgen()\fR and \fBDSA_meth_set_paramgen()\fR get and set the function +used for generating \s-1DSA\s0 parameters respectively. This function will be called in +response to the application calling \fBDSA_generate_parameters_ex()\fR (or +\&\fBDSA_generate_parameters()\fR). The parameters for the function have the same +meaning as for \fBDSA_generate_parameters_ex()\fR. +.PP +\&\fBDSA_meth_get_keygen()\fR and \fBDSA_meth_set_keygen()\fR get and set the function +used for generating a new \s-1DSA\s0 key pair respectively. This function will be +called in response to the application calling \fBDSA_generate_key()\fR. The parameter +for the function has the same meaning as for \fBDSA_generate_key()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_meth_new()\fR and \fBDSA_meth_dup()\fR return the newly allocated \s-1DSA_METHOD\s0 object +or \s-1NULL\s0 on failure. +.PP +\&\fBDSA_meth_get0_name()\fR and \fBDSA_meth_get_flags()\fR return the name and flags +associated with the \s-1DSA_METHOD\s0 respectively. +.PP +All other DSA_meth_get_*() functions return the appropriate function pointer +that has been set in the \s-1DSA_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been +set. +.PP +\&\fBDSA_meth_set1_name()\fR and all DSA_meth_set_*() functions return 1 on success or +0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3), +\&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3), +\&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_get0_pqg\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_new.3 new file mode 100644 index 00000000..6043d3b1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_new.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_NEW 3" +.TH DSA_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_new, DSA_free \- allocate and free DSA objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA* DSA_new(void); +\& +\& void DSA_free(DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to +calling DSA_new_method(\s-1NULL\s0). +.PP +\&\fBDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are +erased before the memory is returned to the system. +If \fBdsa\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by +\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer +to the newly allocated structure. +.PP +\&\fBDSA_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBDSA_generate_parameters\fR\|(3), +\&\fBDSA_generate_key\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_set_method.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_set_method.3 new file mode 100644 index 00000000..3aa3b047 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_set_method.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SET_METHOD 3" +.TH DSA_SET_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_set_default_method, DSA_get_default_method, DSA_set_method, DSA_new_method, DSA_OpenSSL \- select DSA method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DSA_set_default_method(const DSA_METHOD *meth); +\& +\& const DSA_METHOD *DSA_get_default_method(void); +\& +\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth); +\& +\& DSA *DSA_new_method(ENGINE *engine); +\& +\& DSA_METHOD *DSA_OpenSSL(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0 +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DSA API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +.PP +Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fBDSA_OpenSSL()\fR. +.PP +\&\fBDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 +structures created later. +\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1DSA,\s0 so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fBDSA_get_default_method()\fR returns a pointer to the current default +\&\s-1DSA_METHOD.\s0 However, the meaningfulness of this result is dependent on +whether the \s-1ENGINE API\s0 is being used, so this function is no longer +recommended. +.PP +\&\fBDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the +previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1DSA\s0 keys that only +work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected +results. See DSA_meth_new for information on constructing custom \s-1DSA_METHOD\s0 +objects; +.PP +\&\fBDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR +will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default engine +for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0 +controlled by \fBDSA_set_default_method()\fR is used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_OpenSSL()\fR and \fBDSA_get_default_method()\fR return pointers to the respective +\&\fB\s-1DSA_METHOD\s0\fRs. +.PP +\&\fBDSA_set_default_method()\fR returns no value. +.PP +\&\fBDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). +.PP +\&\fBDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be +obtained by \fBERR_get_error\fR\|(3) if the allocation +fails. Otherwise it returns a pointer to the newly allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_sign.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_sign.3 new file mode 100644 index 00000000..2d6df2d4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_sign.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SIGN 3" +.TH DSA_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_sign(int type, const unsigned char *dgst, int len, +\& unsigned char *sigret, unsigned int *siglen, DSA *dsa); +\& +\& int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, BIGNUM **rp); +\& +\& int DSA_verify(int type, const unsigned char *dgst, int len, +\& unsigned char *sigbuf, int siglen, DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message +digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0 +encoding at \fBsigret\fR. The length of the signature is places in +*\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory. +.PP +\&\fBDSA_sign_setup()\fR is defined only for backward binary compatibility and +should not be used. +Since OpenSSL 1.1.0 the \s-1DSA\s0 type is opaque and the output of +\&\fBDSA_sign_setup()\fR cannot be used anyway: calling this function will only +cause overhead, and does not affect the actual signature +(pre\-)computation. +.PP +\&\fBDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +matches a given message digest \fBdgst\fR of size \fBlen\fR. +\&\fBdsa\fR is the signer's public key. +.PP +The \fBtype\fR parameter is ignored. +.PP +The random generator must be seeded when \fBDSA_sign()\fR (or \fBDSA_sign_setup()\fR) +is called. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_sign()\fR and \fBDSA_sign_setup()\fR return 1 on success, 0 on error. +\&\fBDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect +signature and \-1 on error. The error codes can be obtained by +\&\fBERR_get_error\fR\|(3). +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186\s0 (Digital Signature +Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_do_sign\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_size.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_size.3 new file mode 100644 index 00000000..f678c6c5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DSA_size.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SIZE 3" +.TH DSA_SIZE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_size, DSA_bits, DSA_security_bits \- get DSA signature size, key bits or security bits +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_size(const DSA *dsa); +\& int DSA_bits(const DSA *dsa); +\& int DSA_security_bits(const DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_size()\fR returns the maximum size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature +for key \fBdsa\fR in bytes. It can be used to determine how much memory must +be allocated for a \s-1DSA\s0 signature. +.PP +\&\fBdsa\->q\fR must not be \fB\s-1NULL\s0\fR. +.PP +\&\fBDSA_bits()\fR returns the number of bits in key \fBdsa\fR: this is the number +of bits in the \fBp\fR parameter. +.PP +\&\fBDSA_security_bits()\fR returns the number of security bits of the given \fBdsa\fR +key. See \fBBN_security_bits\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_size()\fR returns the signature size in bytes. +.PP +\&\fBDSA_bits()\fR returns the number of bits in the key. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBDSA_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DTLS_get_data_mtu.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DTLS_get_data_mtu.3 new file mode 100644 index 00000000..c26592e0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DTLS_get_data_mtu.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DTLS_GET_DATA_MTU 3" +.TH DTLS_GET_DATA_MTU 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DTLS_get_data_mtu \- Get maximum data payload size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& size_t DTLS_get_data_mtu(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function obtains the maximum data payload size for the established +\&\s-1DTLS\s0 connection \fBssl\fR, based on the \s-1DTLS\s0 record \s-1MTU\s0 and the overhead +of the \s-1DTLS\s0 record header, encryption and authentication currently in use. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns the maximum data payload size on success, or 0 on failure. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBDTLS_get_data_mtu()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DTLS_set_timer_cb.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DTLS_set_timer_cb.3 new file mode 100644 index 00000000..bc03d54d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DTLS_set_timer_cb.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DTLS_SET_TIMER_CB 3" +.TH DTLS_SET_TIMER_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DTLS_timer_cb, DTLS_set_timer_cb \&\- Set callback for controlling DTLS timer duration +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); +\& +\& void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function sets an optional callback function for controlling the +timeout interval on the \s-1DTLS\s0 protocol. The callback function will be +called by \s-1DTLS\s0 for every new \s-1DTLS\s0 packet that is sent. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns void. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBDTLS_set_timer_cb()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DTLSv1_listen.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DTLSv1_listen.3 new file mode 100644 index 00000000..00e9bb2f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/DTLSv1_listen.3 @@ -0,0 +1,264 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DTLSV1_LISTEN 3" +.TH DTLSV1_LISTEN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_stateless, DTLSv1_listen \&\- Statelessly listen for incoming connections +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_stateless(SSL *s); +\& int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_stateless()\fR statelessly listens for new incoming TLSv1.3 connections. +\&\fBDTLSv1_listen()\fR statelessly listens for new incoming \s-1DTLS\s0 connections. If a +ClientHello is received that does not contain a cookie, then they respond with a +request for a new ClientHello that does contain a cookie. If a ClientHello is +received with a cookie that is verified then the function returns in order to +enable the handshake to be completed (for example by using \fBSSL_accept()\fR). +.SH "NOTES" +.IX Header "NOTES" +Some transport protocols (such as \s-1UDP\s0) can be susceptible to amplification +attacks. Unlike \s-1TCP\s0 there is no initial connection setup in \s-1UDP\s0 that +validates that the client can actually receive messages on its advertised source +address. An attacker could forge its source \s-1IP\s0 address and then send handshake +initiation messages to the server. The server would then send its response to +the forged source \s-1IP.\s0 If the response messages are larger than the original +message then the amplification attack has succeeded. +.PP +If \s-1DTLS\s0 is used over \s-1UDP\s0 (or any datagram based protocol that does not validate +the source \s-1IP\s0) then it is susceptible to this type of attack. TLSv1.3 is +designed to operate over a stream-based transport protocol (such as \s-1TCP\s0). +If \s-1TCP\s0 is being used then there is no need to use \fBSSL_stateless()\fR. However some +stream-based transport protocols (e.g. \s-1QUIC\s0) may not validate the source +address. In this case a TLSv1.3 application would be susceptible to this attack. +.PP +As a countermeasure to this issue TLSv1.3 and \s-1DTLS\s0 include a stateless cookie +mechanism. The idea is that when a client attempts to connect to a server it +sends a ClientHello message. The server responds with a HelloRetryRequest (in +TLSv1.3) or a HelloVerifyRequest (in \s-1DTLS\s0) which contains a unique cookie. The +client then resends the ClientHello, but this time includes the cookie in the +message thus proving that the client is capable of receiving messages sent to +that address. All of this can be done by the server without allocating any +state, and thus without consuming expensive resources. +.PP +OpenSSL implements this capability via the \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR +functions. The \fBssl\fR parameter should be a newly allocated \s-1SSL\s0 object with its +read and write BIOs set, in the same way as might be done for a call to +\&\fBSSL_accept()\fR. Typically, for \s-1DTLS,\s0 the read \s-1BIO\s0 will be in an \*(L"unconnected\*(R" +state and thus capable of receiving messages from any peer. +.PP +When a ClientHello is received that contains a cookie that has been verified, +then these functions will return with the \fBssl\fR parameter updated into a state +where the handshake can be continued by a call to (for example) \fBSSL_accept()\fR. +Additionally, for \fBDTLSv1_listen()\fR, the \fB\s-1BIO_ADDR\s0\fR pointed to by \fBpeer\fR will be +filled in with details of the peer that sent the ClientHello. If the underlying +\&\s-1BIO\s0 is unable to obtain the \fB\s-1BIO_ADDR\s0\fR of the peer (for example because the \s-1BIO\s0 +does not support this), then \fB*peer\fR will be cleared and the family set to +\&\s-1AF_UNSPEC.\s0 Typically user code is expected to \*(L"connect\*(R" the underlying socket to +the peer and continue the handshake in a connected state. +.PP +Prior to calling \fBDTLSv1_listen()\fR user code must ensure that cookie generation +and verification callbacks have been set up using +\&\fBSSL_CTX_set_cookie_generate_cb\fR\|(3) and \fBSSL_CTX_set_cookie_verify_cb\fR\|(3) +respectively. For \fBSSL_stateless()\fR, \fBSSL_CTX_set_stateless_cookie_generate_cb\fR\|(3) +and \fBSSL_CTX_set_stateless_cookie_verify_cb\fR\|(3) must be used instead. +.PP +Since \fBDTLSv1_listen()\fR operates entirely statelessly whilst processing incoming +ClientHellos it is unable to process fragmented messages (since this would +require the allocation of state). An implication of this is that \fBDTLSv1_listen()\fR +\&\fBonly\fR supports ClientHellos that fit inside a single datagram. +.PP +For \fBSSL_stateless()\fR if an entire ClientHello message cannot be read without the +\&\*(L"read\*(R" \s-1BIO\s0 becoming empty then the \fBSSL_stateless()\fR call will fail. It is the +application's responsibility to ensure that data read from the \*(L"read\*(R" \s-1BIO\s0 during +a single \fBSSL_stateless()\fR call is all from the same peer. +.PP +\&\fBSSL_stateless()\fR will fail (with a 0 return value) if some \s-1TLS\s0 version less than +TLSv1.3 is used. +.PP +Both \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR will clear the error queue when they +start. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For \fBSSL_stateless()\fR a return value of 1 indicates success and the \fBssl\fR object +will be set up ready to continue the handshake. A return value of 0 or \-1 +indicates failure. If the value is 0 then a HelloRetryRequest was sent. A value +of \-1 indicates any other error. User code may retry the \fBSSL_stateless()\fR call. +.PP +For \fBDTLSv1_listen()\fR a return value of >= 1 indicates success. The \fBssl\fR object +will be set up ready to continue the handshake. the \fBpeer\fR value will also be +filled in. +.PP +A return value of 0 indicates a non-fatal error. This could (for +example) be because of non-blocking \s-1IO,\s0 or some invalid message having been +received from a peer. Errors may be placed on the OpenSSL error queue with +further information if appropriate. Typically user code is expected to retry the +call to \fBDTLSv1_listen()\fR in the event of a non-fatal error. +.PP +A return value of <0 indicates a fatal error. This could (for example) be +because of a failure to allocate sufficient memory for the operation. +.PP +For \fBDTLSv1_listen()\fR, prior to OpenSSL 1.1.0, fatal and non-fatal errors both +produce return codes <= 0 (in typical implementations user code treats all +errors as non-fatal), whilst return codes >0 indicate success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_cookie_generate_cb\fR\|(3), \fBSSL_CTX_set_cookie_verify_cb\fR\|(3), +\&\fBSSL_CTX_set_stateless_cookie_generate_cb\fR\|(3), +\&\fBSSL_CTX_set_stateless_cookie_verify_cb\fR\|(3), \fBSSL_get_error\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_stateless()\fR function was added in OpenSSL 1.1.1. +.PP +The \fBDTLSv1_listen()\fR return codes were clarified in OpenSSL 1.1.0. +The type of \*(L"peer\*(R" also changed in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ECDSA_SIG_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ECDSA_SIG_new.3 new file mode 100644 index 00000000..04e1bba2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ECDSA_SIG_new.3 @@ -0,0 +1,347 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ECDSA_SIG_NEW 3" +.TH ECDSA_SIG_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, ECDSA_do_sign_ex \- low level elliptic curve digital signature algorithm (ECDSA) functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ECDSA_SIG *ECDSA_SIG_new(void); +\& void ECDSA_SIG_free(ECDSA_SIG *sig); +\& void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +\& const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); +\& const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); +\& int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); +\& int ECDSA_size(const EC_KEY *eckey); +\& +\& int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, +\& unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); +\& ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, +\& EC_KEY *eckey); +\& +\& int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, +\& const unsigned char *sig, int siglen, EC_KEY *eckey); +\& int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, +\& const ECDSA_SIG *sig, EC_KEY* eckey); +\& +\& ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, +\& const BIGNUM *kinv, const BIGNUM *rp, +\& EC_KEY *eckey); +\& int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); +\& int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, +\& unsigned char *sig, unsigned int *siglen, +\& const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Note: these functions provide a low level interface to \s-1ECDSA.\s0 Most +applications should use the higher level \fB\s-1EVP\s0\fR interface such as +\&\fBEVP_DigestSignInit\fR\|(3) or \fBEVP_DigestVerifyInit\fR\|(3) instead. +.PP +\&\fB\s-1ECDSA_SIG\s0\fR is an opaque structure consisting of two BIGNUMs for the +\&\fBr\fR and \fBs\fR value of an \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS 186\-2\s0). +.PP +\&\fBECDSA_SIG_new()\fR allocates an empty \fB\s-1ECDSA_SIG\s0\fR structure. Note: before +OpenSSL 1.1.0 the: the \fBr\fR and \fBs\fR components were initialised. +.PP +\&\fBECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR. +.PP +\&\fBECDSA_SIG_get0()\fR returns internal pointers the \fBr\fR and \fBs\fR values contained +in \fBsig\fR and stores them in \fB*pr\fR and \fB*ps\fR, respectively. +The pointer \fBpr\fR or \fBps\fR can be \s-1NULL,\s0 in which case the corresponding value +is not returned. +.PP +The values \fBr\fR, \fBs\fR can also be retrieved separately by the corresponding +function \fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR, respectively. +.PP +The \fBr\fR and \fBs\fR values can be set by calling \fBECDSA_SIG_set0()\fR and passing the +new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this +function transfers the memory management of the values to the \s-1ECDSA_SIG\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. +.PP +See \fBi2d_ECDSA_SIG\fR\|(3) and \fBd2i_ECDSA_SIG\fR\|(3) for information about encoding +and decoding \s-1ECDSA\s0 signatures to/from \s-1DER.\s0 +.PP +\&\fBECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded \s-1ECDSA\s0 signature +created with the private \s-1EC\s0 key \fBeckey\fR. +.PP +\&\fBECDSA_sign()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value +\&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR. The \s-1DER\s0 encoded signatures is +stored in \fBsig\fR and its length is returned in \fBsig_len\fR. Note: \fBsig\fR must +point to ECDSA_size(eckey) bytes of memory. The parameter \fBtype\fR is currently +ignored. \fBECDSA_sign()\fR is wrapper function for \fBECDSA_sign_ex()\fR with \fBkinv\fR +and \fBrp\fR set to \s-1NULL.\s0 +.PP +\&\fBECDSA_do_sign()\fR is similar to \fBECDSA_sign()\fR except the signature is returned +as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). \fBECDSA_do_sign()\fR +is a wrapper function for \fBECDSA_do_sign_ex()\fR with \fBkinv\fR and \fBrp\fR set to +\&\s-1NULL.\s0 +.PP +\&\fBECDSA_verify()\fR verifies that the signature in \fBsig\fR of size \fBsiglen\fR is a +valid \s-1ECDSA\s0 signature of the hash value \fBdgst\fR of size \fBdgstlen\fR using the +public key \fBeckey\fR. The parameter \fBtype\fR is ignored. +.PP +\&\fBECDSA_do_verify()\fR is similar to \fBECDSA_verify()\fR except the signature is +presented in the form of a pointer to an \fB\s-1ECDSA_SIG\s0\fR structure. +.PP +The remaining functions utilise the internal \fBkinv\fR and \fBr\fR values used +during signature computation. Most applications will never need to call these +and some external \s-1ECDSA ENGINE\s0 implementations may not support them at all if +either \fBkinv\fR or \fBr\fR is not \fB\s-1NULL\s0\fR. +.PP +\&\fBECDSA_sign_setup()\fR may be used to precompute parts of the signing operation. +\&\fBeckey\fR is the private \s-1EC\s0 key and \fBctx\fR is a pointer to \fB\s-1BN_CTX\s0\fR structure +(or \s-1NULL\s0). The precomputed values or returned in \fBkinv\fR and \fBrp\fR and can be +used in a later call to \fBECDSA_sign_ex()\fR or \fBECDSA_do_sign_ex()\fR. +.PP +\&\fBECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value +\&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional pre-computed values +\&\fBkinv\fR and \fBrp\fR. The \s-1DER\s0 encoded signature is stored in \fBsig\fR and its +length is returned in \fBsig_len\fR. Note: \fBsig\fR must point to ECDSA_size(eckey) +bytes of memory. The parameter \fBtype\fR is ignored. +.PP +\&\fBECDSA_do_sign_ex()\fR is similar to \fBECDSA_sign_ex()\fR except the signature is +returned as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails. +.PP +\&\fBECDSA_SIG_set0()\fR returns 1 on success or 0 on failure. +.PP +\&\fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR return the corresponding value, +or \s-1NULL\s0 if it is unset. +.PP +\&\fBECDSA_size()\fR returns the maximum length signature or 0 on error. +.PP +\&\fBECDSA_sign()\fR, \fBECDSA_sign_ex()\fR and \fBECDSA_sign_setup()\fR return 1 if successful +or 0 on error. +.PP +\&\fBECDSA_do_sign()\fR and \fBECDSA_do_sign_ex()\fR return a pointer to an allocated +\&\fB\s-1ECDSA_SIG\s0\fR structure or \s-1NULL\s0 on error. +.PP +\&\fBECDSA_verify()\fR and \fBECDSA_do_verify()\fR return 1 for a valid +signature, 0 for an invalid signature and \-1 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Creating an \s-1ECDSA\s0 signature of a given \s-1SHA\-256\s0 hash value using the +named curve prime256v1 (aka P\-256). +.PP +First step: create an \s-1EC_KEY\s0 object (note: this part is \fBnot\fR \s-1ECDSA\s0 +specific) +.PP +.Vb 3 +\& int ret; +\& ECDSA_SIG *sig; +\& EC_KEY *eckey; +\& +\& eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +\& if (eckey == NULL) +\& /* error */ +\& if (EC_KEY_generate_key(eckey) == 0) +\& /* error */ +.Ve +.PP +Second step: compute the \s-1ECDSA\s0 signature of a \s-1SHA\-256\s0 hash value +using \fBECDSA_do_sign()\fR: +.PP +.Vb 3 +\& sig = ECDSA_do_sign(digest, 32, eckey); +\& if (sig == NULL) +\& /* error */ +.Ve +.PP +or using \fBECDSA_sign()\fR: +.PP +.Vb 2 +\& unsigned char *buffer, *pp; +\& int buf_len; +\& +\& buf_len = ECDSA_size(eckey); +\& buffer = OPENSSL_malloc(buf_len); +\& pp = buffer; +\& if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) +\& /* error */ +.Ve +.PP +Third step: verify the created \s-1ECDSA\s0 signature using \fBECDSA_do_verify()\fR: +.PP +.Vb 1 +\& ret = ECDSA_do_verify(digest, 32, sig, eckey); +.Ve +.PP +or using \fBECDSA_verify()\fR: +.PP +.Vb 1 +\& ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey); +.Ve +.PP +and finally evaluate the return value: +.PP +.Vb 6 +\& if (ret == 1) +\& /* signature ok */ +\& else if (ret == 0) +\& /* incorrect signature */ +\& else +\& /* error */ +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ANSI X9.62, US\s0 Federal Information Processing Standard \s-1FIPS 186\-2\s0 +(Digital Signature Standard, \s-1DSS\s0) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEC_KEY_new\fR\|(3), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestVerifyInit\fR\|(3), +\&\fBi2d_ECDSA_SIG\fR\|(3), +\&\fBd2i_ECDSA_SIG\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ECPKParameters_print.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ECPKParameters_print.3 new file mode 100644 index 00000000..de918ece --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ECPKParameters_print.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ECPKPARAMETERS_PRINT 3" +.TH ECPKPARAMETERS_PRINT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ECPKParameters_print, ECPKParameters_print_fp \- Functions for decoding and encoding ASN1 representations of elliptic curve entities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +\& int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The ECPKParameters represent the public parameters for an +\&\fB\s-1EC_GROUP\s0\fR structure, which represents a curve. +.PP +The \fBECPKParameters_print()\fR and \fBECPKParameters_print_fp()\fR functions print +a human-readable output of the public parameters of the \s-1EC_GROUP\s0 to \fBbp\fR +or \fBfp\fR. The output lines are indented by \fBoff\fR spaces. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBECPKParameters_print()\fR and \fBECPKParameters_print_fp()\fR +return 1 for success and 0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_GFp_simple_method.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_GFp_simple_method.3 new file mode 100644 index 00000000..a3f36dc3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_GFp_simple_method.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_GFP_SIMPLE_METHOD 3" +.TH EC_GFP_SIMPLE_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type \- Functions for obtaining EC_METHOD objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EC_METHOD *EC_GFp_simple_method(void); +\& const EC_METHOD *EC_GFp_mont_method(void); +\& const EC_METHOD *EC_GFp_nist_method(void); +\& const EC_METHOD *EC_GFp_nistp224_method(void); +\& const EC_METHOD *EC_GFp_nistp256_method(void); +\& const EC_METHOD *EC_GFp_nistp521_method(void); +\& +\& const EC_METHOD *EC_GF2m_simple_method(void); +\& +\& int EC_METHOD_get_field_type(const EC_METHOD *meth); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Elliptic Curve library provides a number of different implementations through a single common interface. +When constructing a curve using EC_GROUP_new (see \fBEC_GROUP_new\fR\|(3)) an +implementation method must be provided. The functions described here all return a const pointer to an +\&\fB\s-1EC_METHOD\s0\fR structure that can be passed to \s-1EC_GROUP_NEW.\s0 It is important that the correct implementation +type for the form of curve selected is used. +.PP +For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method. +.PP +For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All +other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the +use of montgomery multiplication (see \fBBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method +offers an implementation optimised for use with \s-1NIST\s0 recommended curves (\s-1NIST\s0 curves are available through +EC_GROUP_new_by_curve_name as described in \fBEC_GROUP_new\fR\|(3)). +.PP +The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit +optimised implementations for the \s-1NIST P224, P256\s0 and P521 curves respectively. Note, however, that these +implementations are not available on all platforms. +.PP +EC_METHOD_get_field_type identifies what type of field the \s-1EC_METHOD\s0 structure supports, which will be either +F2^m or Fp. If the field type is Fp then the value \fBNID_X9_62_prime_field\fR is returned. If the field type is +F2^m then the value \fBNID_X9_62_characteristic_two_field\fR is returned. These values are defined in the +obj_mac.h header file. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an \s-1EC_METHOD\s0 structure. +.PP +EC_METHOD_get_field_type returns an integer that identifies the type of field the \s-1EC_METHOD\s0 structure supports. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBd2i_ECPKParameters\fR\|(3), +\&\fBBN_mod_mul_montgomery\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_GROUP_copy.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_GROUP_copy.3 new file mode 100644 index 00000000..f41a962d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_GROUP_copy.3 @@ -0,0 +1,345 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_GROUP_COPY 3" +.TH EC_GROUP_COPY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis \&\- Functions for manipulating EC_GROUP objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); +\& EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); +\& +\& const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); +\& +\& int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, +\& const BIGNUM *order, const BIGNUM *cofactor); +\& const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); +\& +\& int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); +\& const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); +\& int EC_GROUP_order_bits(const EC_GROUP *group); +\& int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); +\& const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); +\& +\& void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); +\& int EC_GROUP_get_curve_name(const EC_GROUP *group); +\& +\& void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +\& int EC_GROUP_get_asn1_flag(const EC_GROUP *group); +\& +\& void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); +\& point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group); +\& +\& unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +\& size_t EC_GROUP_get_seed_len(const EC_GROUP *); +\& size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); +\& +\& int EC_GROUP_get_degree(const EC_GROUP *group); +\& +\& int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); +\& +\& int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); +\& +\& int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); +\& +\& int EC_GROUP_get_basis_type(const EC_GROUP *); +\& int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +\& int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, +\& unsigned int *k2, unsigned int *k3); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEC_GROUP_copy()\fR copies the curve \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR must use the same \s-1EC_METHOD.\s0 +.PP +\&\fBEC_GROUP_dup()\fR creates a new \s-1EC_GROUP\s0 object and copies the content from \fBsrc\fR to the newly created +\&\s-1EC_GROUP\s0 object. +.PP +\&\fBEC_GROUP_method_of()\fR obtains the \s-1EC_METHOD\s0 of \fBgroup\fR. +.PP +\&\fBEC_GROUP_set_generator()\fR sets curve parameters that must be agreed by all participants using the curve. These +parameters include the \fBgenerator\fR, the \fBorder\fR and the \fBcofactor\fR. The \fBgenerator\fR is a well defined point on the +curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and +n\-1 where n is the \fBorder\fR. The \fBorder\fR multiplied by the \fBcofactor\fR gives the number of points on the curve. +.PP +\&\fBEC_GROUP_get0_generator()\fR returns the generator for the identified \fBgroup\fR. +.PP +\&\fBEC_GROUP_get_order()\fR retrieves the order of \fBgroup\fR and copies its value into +\&\fBorder\fR. It fails in case \fBgroup\fR is not fully initialized (i.e., its order +is not set or set to zero). +.PP +\&\fBEC_GROUP_get_cofactor()\fR retrieves the cofactor of \fBgroup\fR and copies its value +into \fBcofactor\fR. It fails in case \fBgroup\fR is not fully initialized or if the +cofactor is not set (or set to zero). +.PP +The functions \fBEC_GROUP_set_curve_name()\fR and \fBEC_GROUP_get_curve_name()\fR, set and get the \s-1NID\s0 for the curve respectively +(see \fBEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name +will return NID_undef. +.PP +The asn1_flag value is used to determine whether the curve encoding uses +explicit parameters or a named curve using an \s-1ASN1 OID:\s0 many applications only +support the latter form. If asn1_flag is \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR then the +named curve form is used and the parameters must have a corresponding +named curve \s-1NID\s0 set. If asn1_flags is \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR the +parameters are explicitly encoded. The functions \fBEC_GROUP_get_asn1_flag()\fR and +\&\fBEC_GROUP_set_asn1_flag()\fR get and set the status of the asn1_flag for the curve. +Note: \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR was added in OpenSSL 1.1.0, for +previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL +1.1.0 the default form was to use explicit parameters (meaning that +applications would have to explicitly set the named curve form) in OpenSSL +1.1.0 and later the named curve form is the default. +.PP +The point_conversion_form for a curve controls how \s-1EC_POINT\s0 data is encoded as \s-1ASN1\s0 as defined in X9.62 (\s-1ECDSA\s0). +point_conversion_form_t is an enum defined as follows: +.PP +.Vb 10 +\& typedef enum { +\& /** the point is encoded as z||x, where the octet z specifies +\& * which solution of the quadratic equation y is */ +\& POINT_CONVERSION_COMPRESSED = 2, +\& /** the point is encoded as z||x||y, where z is the octet 0x04 */ +\& POINT_CONVERSION_UNCOMPRESSED = 4, +\& /** the point is encoded as z||x||y, where the octet z specifies +\& * which solution of the quadratic equation y is */ +\& POINT_CONVERSION_HYBRID = 6 +\& } point_conversion_form_t; +.Ve +.PP +For \s-1POINT_CONVERSION_UNCOMPRESSED\s0 the point is encoded as an octet signifying the \s-1UNCOMPRESSED\s0 form has been used followed by +the octets for x, followed by the octets for y. +.PP +For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For +\&\s-1POINT_CONVERSION_COMPRESSED\s0 the point is encoded as an octet signifying that the \s-1COMPRESSED\s0 form has been used \s-1AND\s0 which of +the two possible solutions for y has been used, followed by the octets for x. +.PP +For \s-1POINT_CONVERSION_HYBRID\s0 the point is encoded as an octet signifying the \s-1HYBRID\s0 form has been used \s-1AND\s0 which of the two +possible solutions for y has been used, followed by the octets for x, followed by the octets for y. +.PP +The functions \fBEC_GROUP_set_point_conversion_form()\fR and \fBEC_GROUP_get_point_conversion_form()\fR, set and get the point_conversion_form +for the curve respectively. +.PP +\&\s-1ANSI X9.62\s0 (\s-1ECDSA\s0 standard) defines a method of generating the curve parameter b from a random number. This provides advantages +in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it. +If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL \s-1EC\s0 library +does not use this seed value but does enable you to inspect it using \fBEC_GROUP_get0_seed()\fR. This returns a pointer to a memory block +containing the seed that was used. The length of the memory block can be obtained using \fBEC_GROUP_get_seed_len()\fR. A number of the +built-in curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using +\&\fBEC_GROUP_set_seed()\fR and passing a pointer to a memory block, along with the length of the seed. Again, the \s-1EC\s0 library will not use +this seed value, although it will be preserved in any \s-1ASN1\s0 based communications. +.PP +\&\fBEC_GROUP_get_degree()\fR gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be +the value m. +.PP +The function \fBEC_GROUP_check_discriminant()\fR calculates the discriminant for the curve and verifies that it is valid. +For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is +simply b. In either case for the curve to be valid the discriminant must be non zero. +.PP +The function \fBEC_GROUP_check()\fR performs a number of checks on a curve to verify that it is valid. Checks performed include +verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has +the correct order. +.PP +\&\fBEC_GROUP_cmp()\fR compares \fBa\fR and \fBb\fR to determine whether they represent the same curve or not. +.PP +The functions \fBEC_GROUP_get_basis_type()\fR, \fBEC_GROUP_get_trinomial_basis()\fR and \fBEC_GROUP_get_pentanomial_basis()\fR should only be called for curves +defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial +function f(x). This function is either a trinomial of the form: +.PP +f(x) = x^m + x^k + 1 with m > k >= 1 +.PP +or a pentanomial of the form: +.PP +f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1 +.PP +The function \fBEC_GROUP_get_basis_type()\fR returns a \s-1NID\s0 identifying whether a trinomial or pentanomial is in use for the field. The +function \fBEC_GROUP_get_trinomial_basis()\fR must only be called where f(x) is of the trinomial form, and returns the value of \fBk\fR. Similarly +the function \fBEC_GROUP_get_pentanomial_basis()\fR must only be called where f(x) is of the pentanomial form, and returns the values of \fBk1\fR, +\&\fBk2\fR and \fBk3\fR respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following functions return 1 on success or 0 on error: \fBEC_GROUP_copy()\fR, \fBEC_GROUP_set_generator()\fR, \fBEC_GROUP_check()\fR, +\&\fBEC_GROUP_check_discriminant()\fR, \fBEC_GROUP_get_trinomial_basis()\fR and \fBEC_GROUP_get_pentanomial_basis()\fR. +.PP +\&\fBEC_GROUP_dup()\fR returns a pointer to the duplicated curve, or \s-1NULL\s0 on error. +.PP +\&\fBEC_GROUP_method_of()\fR returns the \s-1EC_METHOD\s0 implementation in use for the given curve or \s-1NULL\s0 on error. +.PP +\&\fBEC_GROUP_get0_generator()\fR returns the generator for the given curve or \s-1NULL\s0 on error. +.PP +\&\fBEC_GROUP_get_order()\fR returns 0 if the order is not set (or set to zero) for +\&\fBgroup\fR or if copying into \fBorder\fR fails, 1 otherwise. +.PP +\&\fBEC_GROUP_get_cofactor()\fR returns 0 if the cofactor is not set (or is set to zero) for \fBgroup\fR or if copying into \fBcofactor\fR fails, 1 otherwise. +.PP +\&\fBEC_GROUP_get_curve_name()\fR returns the curve name (\s-1NID\s0) for \fBgroup\fR or will return NID_undef if no curve name is associated. +.PP +\&\fBEC_GROUP_get_asn1_flag()\fR returns the \s-1ASN1\s0 flag for the specified \fBgroup\fR . +.PP +\&\fBEC_GROUP_get_point_conversion_form()\fR returns the point_conversion_form for \fBgroup\fR. +.PP +\&\fBEC_GROUP_get_degree()\fR returns the degree for \fBgroup\fR or 0 if the operation is not supported by the underlying group implementation. +.PP +\&\fBEC_GROUP_get0_order()\fR returns an internal pointer to the group order. +\&\fBEC_GROUP_order_bits()\fR returns the number of bits in the group order. +\&\fBEC_GROUP_get0_cofactor()\fR returns an internal pointer to the group cofactor. +.PP +\&\fBEC_GROUP_get0_seed()\fR returns a pointer to the seed that was used to generate the parameter b, or \s-1NULL\s0 if the seed is not +specified. \fBEC_GROUP_get_seed_len()\fR returns the length of the seed or 0 if the seed is not specified. +.PP +\&\fBEC_GROUP_set_seed()\fR returns the length of the seed that has been set. If the supplied seed is \s-1NULL,\s0 or the supplied seed length is +0, the return value will be 1. On error 0 is returned. +.PP +\&\fBEC_GROUP_cmp()\fR returns 0 if the curves are equal, 1 if they are not equal, or \-1 on error. +.PP +\&\fBEC_GROUP_get_basis_type()\fR returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in ) for a +trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_GROUP_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_GROUP_new.3 new file mode 100644 index 00000000..3373ace3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_GROUP_new.3 @@ -0,0 +1,279 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_GROUP_NEW 3" +.TH EC_GROUP_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters, EC_GROUP_new, EC_GROUP_new_from_ecparameters, EC_GROUP_new_from_ecpkparameters, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp, EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve, EC_GROUP_get_curve, EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m, EC_get_builtin_curves \- Functions for creating and destroying EC_GROUP objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); +\& EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) +\& EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) +\& void EC_GROUP_free(EC_GROUP *group); +\& void EC_GROUP_clear_free(EC_GROUP *group); +\& +\& EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, +\& const BIGNUM *b, BN_CTX *ctx); +\& EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, +\& const BIGNUM *b, BN_CTX *ctx); +\& EC_GROUP *EC_GROUP_new_by_curve_name(int nid); +\& +\& int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, +\& const BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, +\& BN_CTX *ctx); +\& int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, +\& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, +\& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, +\& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, +\& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& +\& ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params) +\& ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params) +\& +\& size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Within the library there are two forms of elliptic curve that are of interest. +The first form is those defined over the prime field Fp. The elements of Fp are +the integers 0 to p\-1, where p is a prime number. This gives us a revised +elliptic curve equation as follows: +.PP +y^2 mod p = x^3 +ax + b mod p +.PP +The second form is those defined over a binary field F2^m where the elements of +the field are integers of length at most m bits. For this form the elliptic +curve equation is modified to: +.PP +y^2 + xy = x^3 + ax^2 + b (where b != 0) +.PP +Operations in a binary field are performed relative to an \fBirreducible +polynomial\fR. All such curves with OpenSSL use a trinomial or a pentanomial for +this parameter. +.PP +A new curve can be constructed by calling \fBEC_GROUP_new()\fR, using the +implementation provided by \fBmeth\fR (see \fBEC_GFp_simple_method\fR\|(3)). It is then +necessary to call \fBEC_GROUP_set_curve()\fR to set the curve parameters. +\&\fBEC_GROUP_new_from_ecparameters()\fR will create a group from the specified +\&\fBparams\fR and \fBEC_GROUP_new_from_ecpkparameters()\fR will create a group from the +specific \s-1PK\s0 \fBparams\fR. +.PP +\&\fBEC_GROUP_set_curve()\fR sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR. For a curve +over Fp \fBp\fR is the prime for the field. For a curve over F2^m \fBp\fR represents +the irreducible polynomial \- each bit represents a term in the polynomial. +Therefore there will either be three or five bits set dependent on whether the +polynomial is a trinomial or a pentanomial. +In either case, \fBa\fR and \fBb\fR represents the coefficients a and b from the +relevant equation introduced above. +.PP +\&\fBEC_group_get_curve()\fR obtains the previously set curve parameters. +.PP +\&\fBEC_GROUP_set_curve_GFp()\fR and \fBEC_GROUP_set_curve_GF2m()\fR are synonyms for +\&\fBEC_GROUP_set_curve()\fR. They are defined for backwards compatibility only and +should not be used. +.PP +\&\fBEC_GROUP_get_curve_GFp()\fR and \fBEC_GROUP_get_curve_GF2m()\fR are synonyms for +\&\fBEC_GROUP_get_curve()\fR. They are defined for backwards compatibility only and +should not be used. +.PP +The functions \fBEC_GROUP_new_curve_GFp()\fR and \fBEC_GROUP_new_curve_GF2m()\fR are +shortcuts for calling \fBEC_GROUP_new()\fR and then the \fBEC_GROUP_set_curve()\fR function. +An appropriate default implementation method will be used. +.PP +Whilst the library can be used to create any curve using the functions described +above, there are also a number of predefined curves that are available. In order +to obtain a list of all of the predefined curves, call the function +\&\fBEC_get_builtin_curves()\fR. The parameter \fBr\fR should be an array of +EC_builtin_curve structures of size \fBnitems\fR. The function will populate the +\&\fBr\fR array with information about the builtin curves. If \fBnitems\fR is less than +the total number of curves available, then the first \fBnitems\fR curves will be +returned. Otherwise the total number of curves will be provided. The return +value is the total number of curves available (whether that number has been +populated in \fBr\fR or not). Passing a \s-1NULL\s0 \fBr\fR, or setting \fBnitems\fR to 0 will +do nothing other than return the total number of curves available. +The EC_builtin_curve structure is defined as follows: +.PP +.Vb 4 +\& typedef struct { +\& int nid; +\& const char *comment; +\& } EC_builtin_curve; +.Ve +.PP +Each EC_builtin_curve item has a unique integer id (\fBnid\fR), and a human +readable comment string describing the curve. +.PP +In order to construct a builtin curve use the function +\&\fBEC_GROUP_new_by_curve_name()\fR and provide the \fBnid\fR of the curve to +be constructed. +.PP +\&\fBEC_GROUP_free()\fR frees the memory associated with the \s-1EC_GROUP.\s0 +If \fBgroup\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBEC_GROUP_clear_free()\fR destroys any sensitive data held within the \s-1EC_GROUP\s0 and +then frees its memory. If \fBgroup\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All EC_GROUP_new* functions return a pointer to the newly constructed group, or +\&\s-1NULL\s0 on error. +.PP +\&\fBEC_get_builtin_curves()\fR returns the number of builtin curves that are available. +.PP +\&\fBEC_GROUP_set_curve_GFp()\fR, \fBEC_GROUP_get_curve_GFp()\fR, \fBEC_GROUP_set_curve_GF2m()\fR, +\&\fBEC_GROUP_get_curve_GF2m()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_KEY_get_enc_flags.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_KEY_get_enc_flags.3 new file mode 100644 index 00000000..8c62fdd2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_KEY_get_enc_flags.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_KEY_GET_ENC_FLAGS 3" +.TH EC_KEY_GET_ENC_FLAGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_KEY_get_enc_flags, EC_KEY_set_enc_flags \&\- Get and set flags for encoding EC_KEY structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int EC_KEY_get_enc_flags(const EC_KEY *key); +\& void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The format of the external representation of the public key written by +\&\fBi2d_ECPrivateKey()\fR (such as whether it is stored in a compressed form or not) is +described by the point_conversion_form. See \fBEC_GROUP_copy\fR\|(3) +for a description of point_conversion_form. +.PP +When reading a private key encoded without an associated public key (e.g. if +\&\s-1EC_PKEY_NO_PUBKEY\s0 has been used \- see below), then \fBd2i_ECPrivateKey()\fR generates +the missing public key automatically. Private keys encoded without parameters +(e.g. if \s-1EC_PKEY_NO_PARAMETERS\s0 has been used \- see below) cannot be loaded using +\&\fBd2i_ECPrivateKey()\fR. +.PP +The functions \fBEC_KEY_get_enc_flags()\fR and \fBEC_KEY_set_enc_flags()\fR get and set the +value of the encoding flags for the \fBkey\fR. There are two encoding flags +currently defined \- \s-1EC_PKEY_NO_PARAMETERS\s0 and \s-1EC_PKEY_NO_PUBKEY.\s0 These flags +define the behaviour of how the \fBkey\fR is converted into \s-1ASN1\s0 in a call to +\&\fBi2d_ECPrivateKey()\fR. If \s-1EC_PKEY_NO_PARAMETERS\s0 is set then the public parameters for +the curve are not encoded along with the private key. If \s-1EC_PKEY_NO_PUBKEY\s0 is +set then the public key is not encoded along with the private key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEC_KEY_get_enc_flags()\fR returns the value of the current encoding flags for the +\&\s-1EC_KEY.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), +\&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), +\&\fBEC_POINT_add\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), +\&\fBd2i_ECPKParameters\fR\|(3), +\&\fBd2i_ECPrivateKey\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_KEY_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_KEY_new.3 new file mode 100644 index 00000000..91d4d8e8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_KEY_new.3 @@ -0,0 +1,309 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_KEY_NEW 3" +.TH EC_KEY_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_conv_form, EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, EC_KEY_priv2buf \- Functions for creating, destroying and manipulating EC_KEY objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EC_KEY *EC_KEY_new(void); +\& int EC_KEY_get_flags(const EC_KEY *key); +\& void EC_KEY_set_flags(EC_KEY *key, int flags); +\& void EC_KEY_clear_flags(EC_KEY *key, int flags); +\& EC_KEY *EC_KEY_new_by_curve_name(int nid); +\& void EC_KEY_free(EC_KEY *key); +\& EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); +\& EC_KEY *EC_KEY_dup(const EC_KEY *src); +\& int EC_KEY_up_ref(EC_KEY *key); +\& ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); +\& const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); +\& int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); +\& const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); +\& int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); +\& const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); +\& int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); +\& point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +\& void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); +\& void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); +\& int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); +\& int EC_KEY_generate_key(EC_KEY *key); +\& int EC_KEY_check_key(const EC_KEY *key); +\& int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); +\& const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +\& int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +\& +\& int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len, BN_CTX *ctx); +\& size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form, +\& unsigned char **pbuf, BN_CTX *ctx); +\& +\& int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len); +\& size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len); +\& +\& size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \s-1EC_KEY\s0 represents a public key and, optionally, the associated private +key. A new \s-1EC_KEY\s0 with no associated curve can be constructed by calling +\&\fBEC_KEY_new()\fR. The reference count for the newly created \s-1EC_KEY\s0 is initially +set to 1. A curve can be associated with the \s-1EC_KEY\s0 by calling +\&\fBEC_KEY_set_group()\fR. +.PP +Alternatively a new \s-1EC_KEY\s0 can be constructed by calling +\&\fBEC_KEY_new_by_curve_name()\fR and supplying the nid of the associated curve. See +\&\fBEC_GROUP_new\fR\|(3) for a description of curve names. This function simply +wraps calls to \fBEC_KEY_new()\fR and \fBEC_GROUP_new_by_curve_name()\fR. +.PP +Calling \fBEC_KEY_free()\fR decrements the reference count for the \s-1EC_KEY\s0 object, +and if it has dropped to zero then frees the memory associated with it. If +\&\fBkey\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fBsrc\fR into \fBdest\fR. +.PP +\&\fBEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fBec_key\fR into it. +.PP +\&\fBEC_KEY_up_ref()\fR increments the reference count associated with the \s-1EC_KEY\s0 +object. +.PP +\&\fBEC_KEY_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for +this \s-1EC_KEY\s0 object. +.PP +\&\fBEC_KEY_generate_key()\fR generates a new public and private key for the supplied +\&\fBeckey\fR object. \fBeckey\fR must have an \s-1EC_GROUP\s0 object associated with it +before calling this function. The private key is a random integer (0 < priv_key +< order, where \fIorder\fR is the order of the \s-1EC_GROUP\s0 object). The public key is +an \s-1EC_POINT\s0 on the curve calculated by multiplying the generator for the +curve by the private key. +.PP +\&\fBEC_KEY_check_key()\fR performs various sanity checks on the \s-1EC_KEY\s0 object to +confirm that it is valid. +.PP +\&\fBEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fBkey\fR based +on its affine co-ordinates; i.e., it constructs an \s-1EC_POINT\s0 object based on +the supplied \fBx\fR and \fBy\fR values and sets the public key to be this +\&\s-1EC_POINT.\s0 It also performs certain sanity checks on the key to confirm +that it is valid. +.PP +The functions \fBEC_KEY_get0_group()\fR, \fBEC_KEY_set_group()\fR, +\&\fBEC_KEY_get0_private_key()\fR, \fBEC_KEY_set_private_key()\fR, \fBEC_KEY_get0_public_key()\fR, +and \fBEC_KEY_set_public_key()\fR get and set the \s-1EC_GROUP\s0 object, the private key, +and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively. +.PP +The functions \fBEC_KEY_get_conv_form()\fR and \fBEC_KEY_set_conv_form()\fR get and set the +point_conversion_form for the \fBkey\fR. For a description of +point_conversion_forms please see \fBEC_POINT_new\fR\|(3). +.PP +\&\fBEC_KEY_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0 +object. Any flags that are already set are left set. The flags currently +defined are \s-1EC_FLAG_NON_FIPS_ALLOW\s0 and \s-1EC_FLAG_FIPS_CHECKED.\s0 In +addition there is the flag \s-1EC_FLAG_COFACTOR_ECDH\s0 which is specific to \s-1ECDH.\s0 +\&\fBEC_KEY_get_flags()\fR returns the current flags that are set for this \s-1EC_KEY.\s0 +\&\fBEC_KEY_clear_flags()\fR clears the flags indicated by the \fBflags\fR parameter; all +other flags are left in their existing state. +.PP +\&\fBEC_KEY_set_asn1_flag()\fR sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object +(if set). Refer to \fBEC_GROUP_copy\fR\|(3) for further information on the +asn1_flag. +.PP +\&\fBEC_KEY_precompute_mult()\fR stores multiples of the underlying \s-1EC_GROUP\s0 generator +for faster point multiplication. See also \fBEC_POINT_add\fR\|(3). +.PP +\&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_key2buf()\fR are identical to the functions +\&\fBEC_POINT_oct2point()\fR and \fBEC_KEY_point2buf()\fR except they use the public key +\&\s-1EC_POINT\s0 in \fBeckey\fR. +.PP +\&\fBEC_KEY_oct2priv()\fR and \fBEC_KEY_priv2oct()\fR convert between the private key +component of \fBeckey\fR and octet form. The octet form consists of the content +octets of the \fBprivateKey\fR \s-1OCTET STRING\s0 in an \fBECPrivateKey\fR \s-1ASN.1\s0 structure. +.PP +The function \fBEC_KEY_priv2oct()\fR must be supplied with a buffer long enough to +store the octet form. The return value provides the number of octets stored. +Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but +will just return the required buffer length. +.PP +The function \fBEC_KEY_priv2buf()\fR allocates a buffer of suitable length and writes +an \s-1EC_KEY\s0 to it in octet format. The allocated buffer is written to \fB*pbuf\fR +and its length is returned. The caller must free up the allocated buffer with a +call to \fBOPENSSL_free()\fR. Since the allocated buffer value is written to \fB*pbuf\fR +the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. +.PP +\&\fBEC_KEY_priv2buf()\fR converts an \s-1EC_KEY\s0 private key into an allocated buffer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEC_KEY_new()\fR, \fBEC_KEY_new_by_curve_name()\fR and \fBEC_KEY_dup()\fR return a pointer to +the newly created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error. +.PP +\&\fBEC_KEY_get_flags()\fR returns the flags associated with the \s-1EC_KEY\s0 object as an +integer. +.PP +\&\fBEC_KEY_copy()\fR returns a pointer to the destination key, or \s-1NULL\s0 on error. +.PP +\&\fBEC_KEY_get0_engine()\fR returns a pointer to an \s-1ENGINE,\s0 or \s-1NULL\s0 if it wasn't set. +.PP +\&\fBEC_KEY_up_ref()\fR, \fBEC_KEY_set_group()\fR, \fBEC_KEY_set_private_key()\fR, +\&\fBEC_KEY_set_public_key()\fR, \fBEC_KEY_precompute_mult()\fR, \fBEC_KEY_generate_key()\fR, +\&\fBEC_KEY_check_key()\fR, \fBEC_KEY_set_public_key_affine_coordinates()\fR, +\&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_oct2priv()\fR return 1 on success or 0 on error. +.PP +\&\fBEC_KEY_get0_group()\fR returns the \s-1EC_GROUP\s0 associated with the \s-1EC_KEY.\s0 +.PP +\&\fBEC_KEY_get0_private_key()\fR returns the private key associated with the \s-1EC_KEY.\s0 +.PP +\&\fBEC_KEY_get_conv_form()\fR return the point_conversion_form for the \s-1EC_KEY.\s0 +.PP +\&\fBEC_KEY_key2buf()\fR, \fBEC_KEY_priv2oct()\fR and \fBEC_KEY_priv2buf()\fR return the length +of the buffer or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), +\&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), +\&\fBEC_POINT_add\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), +\&\fBd2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_POINT_add.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_POINT_add.3 new file mode 100644 index 00000000..763a1095 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_POINT_add.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_POINT_ADD 3" +.TH EC_POINT_ADD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult \- Functions for performing mathematical operations and tests on EC_POINT objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, +\& const EC_POINT *b, BN_CTX *ctx); +\& int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); +\& int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); +\& int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); +\& int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); +\& int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); +\& int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +\& int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, +\& EC_POINT *points[], BN_CTX *ctx); +\& int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, +\& const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); +\& int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, +\& const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); +\& int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +\& int EC_GROUP_have_precompute_mult(const EC_GROUP *group); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +EC_POINT_add adds the two points \fBa\fR and \fBb\fR and places the result in \fBr\fR. Similarly EC_POINT_dbl doubles the point \fBa\fR and places the +result in \fBr\fR. In both cases it is valid for \fBr\fR to be one of \fBa\fR or \fBb\fR. +.PP +EC_POINT_invert calculates the inverse of the supplied point \fBa\fR. The result is placed back in \fBa\fR. +.PP +The function EC_POINT_is_at_infinity tests whether the supplied point is at infinity or not. +.PP +EC_POINT_is_on_curve tests whether the supplied point is on the curve or not. +.PP +EC_POINT_cmp compares the two supplied points and tests whether or not they are equal. +.PP +The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the \s-1EC_POINT\s0(s) into the affine +co-ordinate system. In the case of EC_POINTs_make_affine the value \fBnum\fR provides the number of points in the array \fBpoints\fR to be +forced. +.PP +EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * \fBn\fR + \fBq\fR * \fBm\fR and stores the result in \fBr\fR. +The value \fBn\fR may be \s-1NULL\s0 in which case the result is just \fBq\fR * \fBm\fR (variable point multiplication). Alternatively, both \fBq\fR and \fBm\fR may be \s-1NULL,\s0 and \fBn\fR non-NULL, in which case the result is just generator * \fBn\fR (fixed point multiplication). +When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm\fR) is in the range [0, ec_group_order). +.PP +EC_POINTs_mul calculates the value generator * \fBn\fR + \fBq[0]\fR * \fBm[0]\fR + ... + \fBq[num\-1]\fR * \fBm[num\-1]\fR. As for EC_POINT_mul the value \fBn\fR may be \s-1NULL\s0 or \fBnum\fR may be zero. +When performing a fixed point multiplication (\fBn\fR is non-NULL and \fBnum\fR is 0) or a variable point multiplication (\fBn\fR is \s-1NULL\s0 and \fBnum\fR is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm[0]\fR) is in the range [0, ec_group_order). +.PP +The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst +EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fBEC_GROUP_copy\fR\|(3) for information +about the generator. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine, +EC_POINTs_make_affine, EC_POINTs_make_affine, EC_POINT_mul, EC_POINTs_mul and EC_GROUP_precompute_mult. +.PP +EC_POINT_is_at_infinity returns 1 if the point is at infinity, or 0 otherwise. +.PP +EC_POINT_is_on_curve returns 1 if the point is on the curve, 0 if not, or \-1 on error. +.PP +EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or \-1 on error. +.PP +EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_POINT_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_POINT_new.3 new file mode 100644 index 00000000..238a372a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EC_POINT_new.3 @@ -0,0 +1,359 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_POINT_NEW 3" +.TH EC_POINT_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of, EC_POINT_set_to_infinity, EC_POINT_get_Jprojective_coordinates_GFp, EC_POINT_set_affine_coordinates, EC_POINT_get_affine_coordinates, EC_POINT_set_compressed_coordinates, EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m, EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex, EC_POINT_hex2point \&\- Functions for creating, destroying and manipulating EC_POINT objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EC_POINT *EC_POINT_new(const EC_GROUP *group); +\& void EC_POINT_free(EC_POINT *point); +\& void EC_POINT_clear_free(EC_POINT *point); +\& int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); +\& EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); +\& const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); +\& int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); +\& int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& const BIGNUM *z, BN_CTX *ctx); +\& int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BIGNUM *z, +\& BN_CTX *ctx); +\& int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& BN_CTX *ctx); +\& int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +\& int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, int y_bit, +\& BN_CTX *ctx); +\& int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& BN_CTX *ctx); +\& int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +\& int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, int y_bit, +\& BN_CTX *ctx); +\& int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& BN_CTX *ctx); +\& int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +\& int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, int y_bit, +\& BN_CTX *ctx); +\& size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, +\& unsigned char *buf, size_t len, BN_CTX *ctx); +\& size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, +\& point_conversion_form_t form, +\& unsigned char **pbuf, BN_CTX *ctx); +\& int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, +\& const unsigned char *buf, size_t len, BN_CTX *ctx); +\& BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, BIGNUM *bn, +\& BN_CTX *ctx); +\& EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn, +\& EC_POINT *p, BN_CTX *ctx); +\& char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, BN_CTX *ctx); +\& EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex, +\& EC_POINT *p, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \fB\s-1EC_POINT\s0\fR structure represents a point on a curve. A new point is +constructed by calling the function \fBEC_POINT_new()\fR and providing the +\&\fBgroup\fR object that the point relates to. +.PP +\&\fBEC_POINT_free()\fR frees the memory associated with the \fB\s-1EC_POINT\s0\fR. +if \fBpoint\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBEC_POINT_clear_free()\fR destroys any sensitive data held within the \s-1EC_POINT\s0 and +then frees its memory. If \fBpoint\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBEC_POINT_copy()\fR copies the point \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR +must use the same \fB\s-1EC_METHOD\s0\fR. +.PP +\&\fBEC_POINT_dup()\fR creates a new \fB\s-1EC_POINT\s0\fR object and copies the content from +\&\fBsrc\fR to the newly created \fB\s-1EC_POINT\s0\fR object. +.PP +\&\fBEC_POINT_method_of()\fR obtains the \fB\s-1EC_METHOD\s0\fR associated with \fBpoint\fR. +.PP +A valid point on a curve is the special point at infinity. A point is set to +be at infinity by calling \fBEC_POINT_set_to_infinity()\fR. +.PP +The affine co-ordinates for a point describe a point in terms of its x and y +position. The function \fBEC_POINT_set_affine_coordinates()\fR sets the \fBx\fR and \fBy\fR +co-ordinates for the point \fBp\fR defined over the curve given in \fBgroup\fR. The +function \fBEC_POINT_get_affine_coordinates()\fR sets \fBx\fR and \fBy\fR, either of which +may be \s-1NULL,\s0 to the corresponding coordinates of \fBp\fR. +.PP +The functions \fBEC_POINT_set_affine_coordinates_GFp()\fR and +\&\fBEC_POINT_set_affine_coordinates_GF2m()\fR are synonyms for +\&\fBEC_POINT_set_affine_coordinates()\fR. They are defined for backwards compatibility +only and should not be used. +.PP +The functions \fBEC_POINT_get_affine_coordinates_GFp()\fR and +\&\fBEC_POINT_get_affine_coordinates_GF2m()\fR are synonyms for +\&\fBEC_POINT_get_affine_coordinates()\fR. They are defined for backwards compatibility +only and should not be used. +.PP +As well as the affine co-ordinates, a point can alternatively be described in +terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian +projective co-ordinates are expressed as three values x, y and z. Working in +this co-ordinate system provides more efficient point multiplication +operations. A mapping exists between Jacobian projective co-ordinates and +affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written +as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian +projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped +to (x, y, 1). To set or get the projective co-ordinates use +\&\fBEC_POINT_set_Jprojective_coordinates_GFp()\fR and +\&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR respectively. +.PP +Points can also be described in terms of their compressed co-ordinates. For a +point (x, y), for any given value for x such that the point is on the curve +there will only ever be two possible values for y. Therefore a point can be set +using the \fBEC_POINT_set_compressed_coordinates()\fR function where \fBx\fR is the x +co-ordinate and \fBy_bit\fR is a value 0 or 1 to identify which of the two +possible values for y should be used. +.PP +The functions \fBEC_POINT_set_compressed_coordinates_GFp()\fR and +\&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR are synonyms for +\&\fBEC_POINT_set_compressed_coordinates()\fR. They are defined for backwards +compatibility only and should not be used. +.PP +In addition \fB\s-1EC_POINT\s0\fR can be converted to and from various external +representations. The octet form is the binary encoding of the \fBECPoint\fR +structure (as defined in \s-1RFC5480\s0 and used in certificates and \s-1TLS\s0 records): +only the content octets are present, the \fB\s-1OCTET STRING\s0\fR tag and length are +not included. \fB\s-1BIGNUM\s0\fR form is the octet form interpreted as a big endian +integer converted to a \fB\s-1BIGNUM\s0\fR structure. Hexadecimal form is the octet +form converted to a \s-1NULL\s0 terminated character string where each character +is one of the printable values 0\-9 or A\-F (or a\-f). +.PP +The functions \fBEC_POINT_point2oct()\fR, \fBEC_POINT_oct2point()\fR, \fBEC_POINT_point2bn()\fR, +\&\fBEC_POINT_bn2point()\fR, \fBEC_POINT_point2hex()\fR and \fBEC_POINT_hex2point()\fR convert from +and to EC_POINTs for the formats: octet, \s-1BIGNUM\s0 and hexadecimal respectively. +.PP +The function \fBEC_POINT_point2oct()\fR encodes the given curve point \fBp\fR as an +octet string into the buffer \fBbuf\fR of size \fBlen\fR, using the specified +conversion form \fBform\fR. +The encoding conforms with Sec. 2.3.3 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic Curve +Cryptography\*(R") standard. +Similarly the function \fBEC_POINT_oct2point()\fR decodes a curve point into \fBp\fR from +the octet string contained in the given buffer \fBbuf\fR of size \fBlen\fR, conforming +to Sec. 2.3.4 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic Curve Cryptography\*(R") standard. +.PP +The functions \fBEC_POINT_point2hex()\fR and \fBEC_POINT_point2bn()\fR convert a point \fBp\fR, +respectively, to the hexadecimal or \s-1BIGNUM\s0 representation of the same +encoding of the function \fBEC_POINT_point2oct()\fR. +Vice versa, similarly to the function \fBEC_POINT_oct2point()\fR, the functions +\&\fBEC_POINT_hex2point()\fR and \fBEC_POINT_point2bn()\fR decode the hexadecimal or +\&\s-1BIGNUM\s0 representation into the \s-1EC_POINT\s0 \fBp\fR. +.PP +Notice that, according to the standard, the octet string encoding of the point +at infinity for a given curve is fixed to a single octet of value zero and that, +vice versa, a single octet of size zero is decoded as the point at infinity. +.PP +The function \fBEC_POINT_point2oct()\fR must be supplied with a buffer long enough to +store the octet form. The return value provides the number of octets stored. +Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but +will still return the required buffer length. +.PP +The function \fBEC_POINT_point2buf()\fR allocates a buffer of suitable length and +writes an \s-1EC_POINT\s0 to it in octet format. The allocated buffer is written to +\&\fB*pbuf\fR and its length is returned. The caller must free up the allocated +buffer with a call to \fBOPENSSL_free()\fR. Since the allocated buffer value is +written to \fB*pbuf\fR the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. +.PP +The function \fBEC_POINT_point2hex()\fR will allocate sufficient memory to store the +hexadecimal string. It is the caller's responsibility to free this memory with +a subsequent call to \fBOPENSSL_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEC_POINT_new()\fR and \fBEC_POINT_dup()\fR return the newly allocated \s-1EC_POINT\s0 or \s-1NULL\s0 +on error. +.PP +The following functions return 1 on success or 0 on error: \fBEC_POINT_copy()\fR, +\&\fBEC_POINT_set_to_infinity()\fR, \fBEC_POINT_set_Jprojective_coordinates_GFp()\fR, +\&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR, +\&\fBEC_POINT_set_affine_coordinates_GFp()\fR, \fBEC_POINT_get_affine_coordinates_GFp()\fR, +\&\fBEC_POINT_set_compressed_coordinates_GFp()\fR, +\&\fBEC_POINT_set_affine_coordinates_GF2m()\fR, \fBEC_POINT_get_affine_coordinates_GF2m()\fR, +\&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR and \fBEC_POINT_oct2point()\fR. +.PP +EC_POINT_method_of returns the \s-1EC_METHOD\s0 associated with the supplied \s-1EC_POINT.\s0 +.PP +\&\fBEC_POINT_point2oct()\fR and \fBEC_POINT_point2buf()\fR return the length of the required +buffer or 0 on error. +.PP +\&\fBEC_POINT_point2bn()\fR returns the pointer to the \s-1BIGNUM\s0 supplied, or \s-1NULL\s0 on +error. +.PP +\&\fBEC_POINT_bn2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on +error. +.PP +\&\fBEC_POINT_point2hex()\fR returns a pointer to the hex string, or \s-1NULL\s0 on error. +.PP +\&\fBEC_POINT_hex2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ENGINE_add.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ENGINE_add.3 new file mode 100644 index 00000000..369d8e25 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ENGINE_add.3 @@ -0,0 +1,767 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ENGINE_ADD 3" +.TH ENGINE_ADD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ENGINE_get_DH, ENGINE_get_DSA, ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH, ENGINE_get_default_DSA, ENGINE_get_default_RAND, ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first, ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new, ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests, ENGINE_get_destroy_function, ENGINE_get_finish_function, ENGINE_get_init_function, ENGINE_get_load_privkey_function, ENGINE_get_load_pubkey_function, ENGINE_load_private_key, ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id, ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher, ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable, ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string, ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init, ENGINE_register_DH, ENGINE_register_DSA, ENGINE_register_RAND, ENGINE_register_RSA, ENGINE_register_all_complete, ENGINE_register_ciphers, ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove, ENGINE_set_DH, ENGINE_set_DSA, ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers, ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default, ENGINE_set_default_DH, ENGINE_set_default_DSA, ENGINE_set_default_RAND, ENGINE_set_default_RSA, ENGINE_set_default_ciphers, ENGINE_set_default_digests, ENGINE_set_default_string, ENGINE_set_destroy_function, ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags, ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function, ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref, ENGINE_get_table_flags, ENGINE_cleanup, ENGINE_load_builtin_engines, ENGINE_register_all_DH, ENGINE_register_all_DSA, ENGINE_register_all_RAND, ENGINE_register_all_RSA, ENGINE_register_all_ciphers, ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH, ENGINE_unregister_DSA, ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers, ENGINE_unregister_digests \&\- ENGINE cryptographic module support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ENGINE *ENGINE_get_first(void); +\& ENGINE *ENGINE_get_last(void); +\& ENGINE *ENGINE_get_next(ENGINE *e); +\& ENGINE *ENGINE_get_prev(ENGINE *e); +\& +\& int ENGINE_add(ENGINE *e); +\& int ENGINE_remove(ENGINE *e); +\& +\& ENGINE *ENGINE_by_id(const char *id); +\& +\& int ENGINE_init(ENGINE *e); +\& int ENGINE_finish(ENGINE *e); +\& +\& void ENGINE_load_builtin_engines(void); +\& +\& ENGINE *ENGINE_get_default_RSA(void); +\& ENGINE *ENGINE_get_default_DSA(void); +\& ENGINE *ENGINE_get_default_DH(void); +\& ENGINE *ENGINE_get_default_RAND(void); +\& ENGINE *ENGINE_get_cipher_engine(int nid); +\& ENGINE *ENGINE_get_digest_engine(int nid); +\& +\& int ENGINE_set_default_RSA(ENGINE *e); +\& int ENGINE_set_default_DSA(ENGINE *e); +\& int ENGINE_set_default_DH(ENGINE *e); +\& int ENGINE_set_default_RAND(ENGINE *e); +\& int ENGINE_set_default_ciphers(ENGINE *e); +\& int ENGINE_set_default_digests(ENGINE *e); +\& int ENGINE_set_default_string(ENGINE *e, const char *list); +\& +\& int ENGINE_set_default(ENGINE *e, unsigned int flags); +\& +\& unsigned int ENGINE_get_table_flags(void); +\& void ENGINE_set_table_flags(unsigned int flags); +\& +\& int ENGINE_register_RSA(ENGINE *e); +\& void ENGINE_unregister_RSA(ENGINE *e); +\& void ENGINE_register_all_RSA(void); +\& int ENGINE_register_DSA(ENGINE *e); +\& void ENGINE_unregister_DSA(ENGINE *e); +\& void ENGINE_register_all_DSA(void); +\& int ENGINE_register_DH(ENGINE *e); +\& void ENGINE_unregister_DH(ENGINE *e); +\& void ENGINE_register_all_DH(void); +\& int ENGINE_register_RAND(ENGINE *e); +\& void ENGINE_unregister_RAND(ENGINE *e); +\& void ENGINE_register_all_RAND(void); +\& int ENGINE_register_ciphers(ENGINE *e); +\& void ENGINE_unregister_ciphers(ENGINE *e); +\& void ENGINE_register_all_ciphers(void); +\& int ENGINE_register_digests(ENGINE *e); +\& void ENGINE_unregister_digests(ENGINE *e); +\& void ENGINE_register_all_digests(void); +\& int ENGINE_register_complete(ENGINE *e); +\& int ENGINE_register_all_complete(void); +\& +\& int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); +\& int ENGINE_cmd_is_executable(ENGINE *e, int cmd); +\& int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, +\& long i, void *p, void (*f)(void), int cmd_optional); +\& int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, +\& int cmd_optional); +\& +\& ENGINE *ENGINE_new(void); +\& int ENGINE_free(ENGINE *e); +\& int ENGINE_up_ref(ENGINE *e); +\& +\& int ENGINE_set_id(ENGINE *e, const char *id); +\& int ENGINE_set_name(ENGINE *e, const char *name); +\& int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +\& int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +\& int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +\& int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +\& int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +\& int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +\& int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +\& int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +\& int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); +\& int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +\& int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +\& int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +\& int ENGINE_set_flags(ENGINE *e, int flags); +\& int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +\& +\& const char *ENGINE_get_id(const ENGINE *e); +\& const char *ENGINE_get_name(const ENGINE *e); +\& const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +\& const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +\& const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +\& const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +\& ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +\& ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +\& ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +\& const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +\& const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +\& int ENGINE_get_flags(const ENGINE *e); +\& const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +\& +\& EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +\& EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +.Ve +.PP +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void ENGINE_cleanup(void) +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions create, manipulate, and use cryptographic modules in the +form of \fB\s-1ENGINE\s0\fR objects. These objects act as containers for +implementations of cryptographic algorithms, and support a +reference-counted mechanism to allow them to be dynamically loaded in and +out of the running application. +.PP +The cryptographic functionality that can be provided by an \fB\s-1ENGINE\s0\fR +implementation includes the following abstractions; +.PP +.Vb 6 +\& RSA_METHOD \- for providing alternative RSA implementations +\& DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD, +\& \- similarly for other OpenSSL APIs +\& EVP_CIPHER \- potentially multiple cipher algorithms (indexed by \*(Aqnid\*(Aq) +\& EVP_DIGEST \- potentially multiple hash algorithms (indexed by \*(Aqnid\*(Aq) +\& key\-loading \- loading public and/or private EVP_PKEY keys +.Ve +.SS "Reference counting and handles" +.IX Subsection "Reference counting and handles" +Due to the modular nature of the \s-1ENGINE API,\s0 pointers to ENGINEs need to be +treated as handles \- ie. not only as pointers, but also as references to +the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when +making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and +released) independently. +.PP +\&\s-1ENGINE\s0 objects have two levels of reference-counting to match the way in +which the objects are used. At the most basic level, each \s-1ENGINE\s0 pointer is +inherently a \fBstructural\fR reference \- a structural reference is required +to use the pointer value at all, as this kind of reference is a guarantee +that the structure can not be deallocated until the reference is released. +.PP +However, a structural reference provides no guarantee that the \s-1ENGINE\s0 is +initialised and able to use any of its cryptographic +implementations. Indeed it's quite possible that most ENGINEs will not +initialise at all in typical environments, as ENGINEs are typically used to +support specialised hardware. To use an \s-1ENGINE\s0's functionality, you need a +\&\fBfunctional\fR reference. This kind of reference can be considered a +specialised form of structural reference, because each functional reference +implicitly contains a structural reference as well \- however to avoid +difficult-to-find programming bugs, it is recommended to treat the two +kinds of reference independently. If you have a functional reference to an +\&\s-1ENGINE,\s0 you have a guarantee that the \s-1ENGINE\s0 has been initialised and +is ready to perform cryptographic operations, and will remain initialised +until after you have released your reference. +.PP +\&\fIStructural references\fR +.PP +This basic type of reference is used for instantiating new ENGINEs, +iterating across OpenSSL's internal linked-list of loaded +ENGINEs, reading information about an \s-1ENGINE,\s0 etc. Essentially a structural +reference is sufficient if you only need to query or manipulate the data of +an \s-1ENGINE\s0 implementation rather than use its functionality. +.PP +The \fBENGINE_new()\fR function returns a structural reference to a new (empty) +\&\s-1ENGINE\s0 object. There are other \s-1ENGINE API\s0 functions that return structural +references such as; \fBENGINE_by_id()\fR, \fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, +\&\fBENGINE_get_next()\fR, \fBENGINE_get_prev()\fR. All structural references should be +released by a corresponding to call to the \fBENGINE_free()\fR function \- the +\&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when +the last structural reference is released. +.PP +It should also be noted that many \s-1ENGINE API\s0 function calls that accept a +structural reference will internally obtain another reference \- typically +this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after +the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to +OpenSSL's internal list is \fBENGINE_add()\fR \- if this function returns success, +then OpenSSL will have stored a new structural reference internally so the +caller is still responsible for freeing their own reference with +\&\fBENGINE_free()\fR when they are finished with it. In a similar way, some +functions will automatically release the structural reference passed to it +if part of the function's job is to do so. Eg. the \fBENGINE_get_next()\fR and +\&\fBENGINE_get_prev()\fR functions are used for iterating across the internal +\&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or +previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the +list, but in either case the structural reference passed to the function is +released on behalf of the caller. +.PP +To clarify a particular function's handling of references, one should +always consult that function's documentation \*(L"man\*(R" page, or failing that +the openssl/engine.h header file includes some hints. +.PP +\&\fIFunctional references\fR +.PP +As mentioned, functional references exist when the cryptographic +functionality of an \s-1ENGINE\s0 is required to be available. A functional +reference can be obtained in one of two ways; from an existing structural +reference to the required \s-1ENGINE,\s0 or by asking OpenSSL for the default +operational \s-1ENGINE\s0 for a given cryptographic purpose. +.PP +To obtain a functional reference from an existing structural reference, +call the \fBENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not +already operational and couldn't be successfully initialised (eg. lack of +system drivers, no special hardware attached, etc), otherwise it will +return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will +have allocated a new \fBfunctional\fR reference to the \s-1ENGINE.\s0 All functional +references are released by calling \fBENGINE_finish()\fR (which removes the +implicit structural reference as well). +.PP +The second way to get a functional reference is by asking OpenSSL for a +default implementation for a given task, eg. by \fBENGINE_get_default_RSA()\fR, +\&\fBENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next +section, though they are not usually required by application programmers as +they are used automatically when creating and using the relevant +algorithm-specific types in OpenSSL, such as \s-1RSA, DSA, EVP_CIPHER_CTX,\s0 etc. +.SS "Default implementations" +.IX Subsection "Default implementations" +For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table +of state to control which implementations are available for a given +abstraction and which should be used by default. These implementations are +registered in the tables and indexed by an 'nid' value, because +abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct +algorithms and modes, and ENGINEs can support arbitrarily many of them. +In the case of other abstractions like \s-1RSA, DSA,\s0 etc, there is only one +\&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid' +index. +.PP +When a default \s-1ENGINE\s0 is requested for a given abstraction/algorithm/mode, (eg. +when calling RSA_new_method(\s-1NULL\s0)), a \*(L"get_default\*(R" call will be made to the +\&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a +functional reference to an initialised \s-1ENGINE\s0 whose implementation should be +used. If no \s-1ENGINE\s0 should (or can) be used, it will return \s-1NULL\s0 and the caller +will operate with a \s-1NULL ENGINE\s0 handle \- this usually equates to using the +conventional software implementation. In the latter case, OpenSSL will from +then on behave the way it used to before the \s-1ENGINE API\s0 existed. +.PP +Each state table has a flag to note whether it has processed this +\&\*(L"get_default\*(R" query since the table was last modified, because to process +this question it must iterate across all the registered ENGINEs in the +table trying to initialise each of them in turn, in case one of them is +operational. If it returns a functional reference to an \s-1ENGINE,\s0 it will +also cache another reference to speed up processing future queries (without +needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0 +response if no \s-1ENGINE\s0 was available so that future queries won't repeat the +same iteration unless the state table changes. This behaviour can also be +changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using +\&\fBENGINE_set_table_flags()\fR), no attempted initialisations will take place, +instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the +\&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. +\&\fBENGINE_set_default_RSA()\fR does the same job as \fBENGINE_register_RSA()\fR except +that it also sets the state table's cached response for the \*(L"get_default\*(R" +query. In the case of abstractions like \s-1EVP_CIPHER,\s0 where implementations are +indexed by 'nid', these flags and cached-responses are distinct for each 'nid' +value. +.SS "Application requirements" +.IX Subsection "Application requirements" +This section will explain the basic things an application programmer should +support to make the most useful elements of the \s-1ENGINE\s0 functionality +available to the user. The first thing to consider is whether the +programmer wishes to make alternative \s-1ENGINE\s0 modules available to the +application and user. OpenSSL maintains an internal linked list of +\&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is +empty and in fact if an application does not call any \s-1ENGINE API\s0 calls and +it uses static linking against openssl, then the resulting application +binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first +consideration is whether any/all available \s-1ENGINE\s0 implementations should be +made visible to OpenSSL \- this is controlled by calling the various \*(L"load\*(R" +functions. +.PP +The fact that ENGINEs are made visible to OpenSSL (and thus are linked into +the program and loaded into memory at run-time) does not mean they are +\&\*(L"registered\*(R" or called into use by OpenSSL automatically \- that behaviour +is something for the application to control. Some applications +will want to allow the user to specify exactly which \s-1ENGINE\s0 they want used +if any is to be used at all. Others may prefer to load all support and have +OpenSSL automatically use at run-time any \s-1ENGINE\s0 that is able to +successfully initialise \- ie. to assume that this corresponds to +acceleration hardware attached to the machine or some such thing. There are +probably numerous other ways in which applications may prefer to handle +things, so we will simply illustrate the consequences as they apply to a +couple of simple cases and leave developers to consider these and the +source code to openssl's builtin utilities as guides. +.PP +If no \s-1ENGINE API\s0 functions are called within an application, then OpenSSL +will not allocate any internal resources. Prior to OpenSSL 1.1.0, however, +if any ENGINEs are loaded, even if not registered or used, it was necessary to +call \fBENGINE_cleanup()\fR before the program exits. +.PP +\&\fIUsing a specific \s-1ENGINE\s0 implementation\fR +.PP +Here we'll assume an application has been configured by its user or admin +to want to use the \*(L"\s-1ACME\*(R" ENGINE\s0 if it is available in the version of +OpenSSL the application was compiled with. If it is available, it should be +used by default for all \s-1RSA, DSA,\s0 and symmetric cipher operations, otherwise +OpenSSL should use its builtin software as per usual. The following code +illustrates how to approach this; +.PP +.Vb 10 +\& ENGINE *e; +\& const char *engine_id = "ACME"; +\& ENGINE_load_builtin_engines(); +\& e = ENGINE_by_id(engine_id); +\& if (!e) +\& /* the engine isn\*(Aqt available */ +\& return; +\& if (!ENGINE_init(e)) { +\& /* the engine couldn\*(Aqt initialise, release \*(Aqe\*(Aq */ +\& ENGINE_free(e); +\& return; +\& } +\& if (!ENGINE_set_default_RSA(e)) +\& /* +\& * This should only happen when \*(Aqe\*(Aq can\*(Aqt initialise, but the previous +\& * statement suggests it did. +\& */ +\& abort(); +\& ENGINE_set_default_DSA(e); +\& ENGINE_set_default_ciphers(e); +\& /* Release the functional reference from ENGINE_init() */ +\& ENGINE_finish(e); +\& /* Release the structural reference from ENGINE_by_id() */ +\& ENGINE_free(e); +.Ve +.PP +\&\fIAutomatically using builtin \s-1ENGINE\s0 implementations\fR +.PP +Here we'll assume we want to load and register all \s-1ENGINE\s0 implementations +bundled with OpenSSL, such that for any cryptographic algorithm required by +OpenSSL \- if there is an \s-1ENGINE\s0 that implements it and can be initialised, +it should be used. The following code illustrates how this can work; +.PP +.Vb 4 +\& /* Load all bundled ENGINEs into memory and make them visible */ +\& ENGINE_load_builtin_engines(); +\& /* Register all of them for every algorithm they collectively implement */ +\& ENGINE_register_all_complete(); +.Ve +.PP +That's all that's required. Eg. the next time OpenSSL tries to set up an +\&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to +\&\fBENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the +default for \s-1RSA\s0 use from then on. +.SS "Advanced configuration support" +.IX Subsection "Advanced configuration support" +There is a mechanism supported by the \s-1ENGINE\s0 framework that allows each +\&\s-1ENGINE\s0 implementation to define an arbitrary set of configuration +\&\*(L"commands\*(R" and expose them to OpenSSL and any applications based on +OpenSSL. This mechanism is entirely based on the use of name-value pairs +and assumes \s-1ASCII\s0 input (no unicode or \s-1UTF\s0 for now!), so it is ideal if +applications want to provide a transparent way for users to provide +arbitrary configuration \*(L"directives\*(R" directly to such ENGINEs. It is also +possible for the application to dynamically interrogate the loaded \s-1ENGINE\s0 +implementations for the names, descriptions, and input flags of their +available \*(L"control commands\*(R", providing a more flexible configuration +scheme. However, if the user is expected to know which \s-1ENGINE\s0 device he/she +is using (in the case of specialised hardware, this goes without saying) +then applications may not need to concern themselves with discovering the +supported control commands and simply prefer to pass settings into ENGINEs +exactly as they are provided by the user. +.PP +Before illustrating how control commands work, it is worth mentioning what +they are typically used for. Broadly speaking there are two uses for +control commands; the first is to provide the necessary details to the +implementation (which may know nothing at all specific to the host system) +so that it can be initialised for use. This could include the path to any +driver or config files it needs to load, required network addresses, +smart-card identifiers, passwords to initialise protected devices, +logging information, etc etc. This class of commands typically needs to be +passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before +calling \fBENGINE_init()\fR. The other class of commands consist of settings or +operations that tweak certain behaviour or cause certain operations to take +place, and these commands may work either before or after \fBENGINE_init()\fR, or +in some cases both. \s-1ENGINE\s0 implementations should provide indications of +this in the descriptions attached to builtin control commands and/or in +external product documentation. +.PP +\&\fIIssuing control commands to an \s-1ENGINE\s0\fR +.PP +Let's illustrate by example; a function for which the caller supplies the +name of the \s-1ENGINE\s0 it wishes to use, a table of string-pairs for use before +initialisation, and another table for use after initialisation. Note that +the string-pairs used for control commands consist of a command \*(L"name\*(R" +followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some +cases but the name can not. This function should initialise the \s-1ENGINE\s0 +(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards) +and set it as the default for everything except \s-1RAND\s0 and then return a +boolean success or failure. +.PP +.Vb 10 +\& int generic_load_engine_fn(const char *engine_id, +\& const char **pre_cmds, int pre_num, +\& const char **post_cmds, int post_num) +\& { +\& ENGINE *e = ENGINE_by_id(engine_id); +\& if (!e) return 0; +\& while (pre_num\-\-) { +\& if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id, +\& pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)"); +\& ENGINE_free(e); +\& return 0; +\& } +\& pre_cmds += 2; +\& } +\& if (!ENGINE_init(e)) { +\& fprintf(stderr, "Failed initialisation\en"); +\& ENGINE_free(e); +\& return 0; +\& } +\& /* +\& * ENGINE_init() returned a functional reference, so free the structural +\& * reference from ENGINE_by_id(). +\& */ +\& ENGINE_free(e); +\& while (post_num\-\-) { +\& if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id, +\& post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)"); +\& ENGINE_finish(e); +\& return 0; +\& } +\& post_cmds += 2; +\& } +\& ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND); +\& /* Success */ +\& return 1; +\& } +.Ve +.PP +Note that \fBENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can +relax the semantics of the function \- if set non-zero it will only return +failure if the \s-1ENGINE\s0 supported the given command name but failed while +executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply +return success without doing anything. In this case we assume the user is +only supplying commands specific to the given \s-1ENGINE\s0 so we set this to +\&\s-1FALSE.\s0 +.PP +\&\fIDiscovering supported control commands\fR +.PP +It is possible to discover at run-time the names, numerical-ids, descriptions +and input parameters of the control commands supported by an \s-1ENGINE\s0 using a +structural reference. Note that some control commands are defined by OpenSSL +itself and it will intercept and handle these control commands on behalf of the +\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fBctrl()\fR handler is not used for the control command. +openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control commands +implemented by ENGINEs should be numbered from. Any command value lower than +this symbol is considered a \*(L"generic\*(R" command is handled directly by the +OpenSSL core routines. +.PP +It is using these \*(L"core\*(R" control commands that one can discover the control +commands implemented by a given \s-1ENGINE,\s0 specifically the commands: +.PP +.Vb 9 +\& ENGINE_HAS_CTRL_FUNCTION +\& ENGINE_CTRL_GET_FIRST_CMD_TYPE +\& ENGINE_CTRL_GET_NEXT_CMD_TYPE +\& ENGINE_CTRL_GET_CMD_FROM_NAME +\& ENGINE_CTRL_GET_NAME_LEN_FROM_CMD +\& ENGINE_CTRL_GET_NAME_FROM_CMD +\& ENGINE_CTRL_GET_DESC_LEN_FROM_CMD +\& ENGINE_CTRL_GET_DESC_FROM_CMD +\& ENGINE_CTRL_GET_CMD_FLAGS +.Ve +.PP +Whilst these commands are automatically processed by the OpenSSL framework code, +they use various properties exposed by each \s-1ENGINE\s0 to process these +queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect how this behaves; +it can supply a \fBctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in +the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions. +If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will +simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fBctrl()\fR +handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to +reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the +OpenSSL framework code will work with the following rules: +.PP +.Vb 9 +\& if no ctrl() handler supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero), +\& all other commands fail. +\& if a ctrl() handler was supplied but no array of control commands; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands fail. +\& if a ctrl() handler and array of control commands was supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands proceed processing ... +.Ve +.PP +If the \s-1ENGINE\s0's array of control commands is empty then all other commands will +fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of +the first command supported by the \s-1ENGINE, ENGINE_GET_NEXT_CMD_TYPE\s0 takes the +identifier of a command supported by the \s-1ENGINE\s0 and returns the next command +identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string +name for a command and returns the corresponding identifier or fails if no such +command name exists, and the remaining commands take a command identifier and +return properties of the corresponding commands. All except +\&\s-1ENGINE_CTRL_GET_FLAGS\s0 return the string length of a command name or description, +or populate a supplied character buffer with a copy of the command name or +description. \s-1ENGINE_CTRL_GET_FLAGS\s0 returns a bitwise-OR'd mask of the following +possible values: +.PP +.Vb 4 +\& ENGINE_CMD_FLAG_NUMERIC +\& ENGINE_CMD_FLAG_STRING +\& ENGINE_CMD_FLAG_NO_INPUT +\& ENGINE_CMD_FLAG_INTERNAL +.Ve +.PP +If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely +informational to the caller \- this flag will prevent the command being usable +for any higher-level \s-1ENGINE\s0 functions such as \fBENGINE_ctrl_cmd_string()\fR. +\&\*(L"\s-1INTERNAL\*(R"\s0 commands are not intended to be exposed to text-based configuration +by applications, administrations, users, etc. These can support arbitrary +operations via \fBENGINE_ctrl()\fR, including passing to and/or from the control +commands data of any arbitrary type. These commands are supported in the +discovery mechanisms simply to allow applications to determine if an \s-1ENGINE\s0 +supports certain specific commands it might want to use (eg. application \*(L"foo\*(R" +might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\*(R"\s0 \- +and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific +extension). +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IX Item "OPENSSL_ENGINES" +The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, \fBENGINE_get_next()\fR and \fBENGINE_get_prev()\fR +return a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBENGINE_add()\fR and \fBENGINE_remove()\fR return 1 on success or 0 on error. +.PP +\&\fBENGINE_by_id()\fR returns a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBENGINE_init()\fR and \fBENGINE_finish()\fR return 1 on success or 0 on error. +.PP +All \fBENGINE_get_default_TYPE()\fR functions, \fBENGINE_get_cipher_engine()\fR and +\&\fBENGINE_get_digest_engine()\fR return a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 +if an error occurred. +.PP +All \fBENGINE_set_default_TYPE()\fR functions return 1 on success or 0 on error. +.PP +\&\fBENGINE_set_default()\fR returns 1 on success or 0 on error. +.PP +\&\fBENGINE_get_table_flags()\fR returns an unsigned integer value representing the +global table flags which are used to control the registration behaviour of +\&\fB\s-1ENGINE\s0\fR implementations. +.PP +All \fBENGINE_register_TYPE()\fR functions return 1 on success or 0 on error. +.PP +\&\fBENGINE_register_complete()\fR and \fBENGINE_register_all_complete()\fR return 1 on success +or 0 on error. +.PP +\&\fBENGINE_ctrl()\fR returns a positive value on success or others on error. +.PP +\&\fBENGINE_cmd_is_executable()\fR returns 1 if \fBcmd\fR is executable or 0 otherwise. +.PP +\&\fBENGINE_ctrl_cmd()\fR and \fBENGINE_ctrl_cmd_string()\fR return 1 on success or 0 on error. +.PP +\&\fBENGINE_new()\fR returns a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 if an error +occurred. +.PP +\&\fBENGINE_free()\fR returns 1 on success or 0 on error. +.PP +\&\fBENGINE_up_ref()\fR returns 1 on success or 0 on error. +.PP +\&\fBENGINE_set_id()\fR and \fBENGINE_set_name()\fR return 1 on success or 0 on error. +.PP +All other \fBENGINE_set_*\fR functions return 1 on success or 0 on error. +.PP +\&\fBENGINE_get_id()\fR and \fBENGINE_get_name()\fR return a string representing the identifier +and the name of the \s-1ENGINE\s0 \fBe\fR respectively. +.PP +\&\fBENGINE_get_RSA()\fR, \fBENGINE_get_DSA()\fR, \fBENGINE_get_DH()\fR and \fBENGINE_get_RAND()\fR +return corresponding method structures for each algorithms. +.PP +\&\fBENGINE_get_destroy_function()\fR, \fBENGINE_get_init_function()\fR, +\&\fBENGINE_get_finish_function()\fR, \fBENGINE_get_ctrl_function()\fR, +\&\fBENGINE_get_load_privkey_function()\fR, \fBENGINE_get_load_pubkey_function()\fR, +\&\fBENGINE_get_ciphers()\fR and \fBENGINE_get_digests()\fR return corresponding function +pointers of the callbacks. +.PP +\&\fBENGINE_get_cipher()\fR returns a valid \fB\s-1EVP_CIPHER\s0\fR structure on success or \s-1NULL\s0 +if an error occurred. +.PP +\&\fBENGINE_get_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure on success or \s-1NULL\s0 if an +error occurred. +.PP +\&\fBENGINE_get_flags()\fR returns an integer representing the \s-1ENGINE\s0 flags which are +used to control various behaviours of an \s-1ENGINE.\s0 +.PP +\&\fBENGINE_get_cmd_defns()\fR returns an \fB\s-1ENGINE_CMD_DEFN\s0\fR structure or \s-1NULL\s0 if it's +not set. +.PP +\&\fBENGINE_load_private_key()\fR and \fBENGINE_load_public_key()\fR return a valid \fB\s-1EVP_PKEY\s0\fR +structure on success or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_init_crypto\fR\|(3), \fBRSA_new_method\fR\|(3), \fBDSA_new\fR\|(3), \fBDH_new\fR\|(3), +\&\fBRAND_bytes\fR\|(3), \fBconfig\fR\|(5) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBENGINE_cleanup()\fR was deprecated in OpenSSL 1.1.0 by the automatic cleanup +done by \fBOPENSSL_cleanup()\fR +and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_GET_LIB.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_GET_LIB.3 new file mode 100644 index 00000000..326a6965 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_GET_LIB.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_GET_LIB 3" +.TH ERR_GET_LIB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR \&\- get information from error codes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ERR_GET_LIB(unsigned long e); +\& +\& int ERR_GET_FUNC(unsigned long e); +\& +\& int ERR_GET_REASON(unsigned long e); +\& +\& int ERR_FATAL_ERROR(unsigned long e); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The error code returned by \fBERR_get_error()\fR consists of a library +number, function code and reason code. \s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR +and \s-1\fBERR_GET_REASON\s0()\fR can be used to extract these. +.PP +\&\s-1\fBERR_FATAL_ERROR\s0()\fR indicates whether a given error code is a fatal error. +.PP +The library number and function code describe where the error +occurred, the reason code is the information about what went wrong. +.PP +Each sub-library of OpenSSL has a unique library number; function and +reason codes are unique within each sub-library. Note that different +libraries may use the same value to signal different functions and +reasons. +.PP +\&\fB\s-1ERR_R_...\s0\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally +unique. However, when checking for sub-library specific reason codes, +be sure to also compare the library number. +.PP +\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR, \s-1\fBERR_GET_REASON\s0()\fR, and \s-1\fBERR_FATAL_ERROR\s0()\fR + are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The library number, function code, reason code, and whether the error +is fatal, respectively. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR are available in +all versions of OpenSSL. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_clear_error.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_clear_error.3 new file mode 100644 index 00000000..9e5cec6a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_clear_error.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_CLEAR_ERROR 3" +.TH ERR_CLEAR_ERROR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_clear_error \- clear the error queue +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_clear_error(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_clear_error()\fR empties the current thread's error queue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_clear_error()\fR has no return value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_error_string.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_error_string.3 new file mode 100644 index 00000000..7b2b946e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_error_string.3 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_ERROR_STRING 3" +.TH ERR_ERROR_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_error_string, ERR_error_string_n, ERR_lib_error_string, ERR_func_error_string, ERR_reason_error_string \- obtain human\-readable error message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& char *ERR_error_string(unsigned long e, char *buf); +\& void ERR_error_string_n(unsigned long e, char *buf, size_t len); +\& +\& const char *ERR_lib_error_string(unsigned long e); +\& const char *ERR_func_error_string(unsigned long e); +\& const char *ERR_reason_error_string(unsigned long e); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_error_string()\fR generates a human-readable string representing the +error code \fIe\fR, and places it at \fIbuf\fR. \fIbuf\fR must be at least 256 +bytes long. If \fIbuf\fR is \fB\s-1NULL\s0\fR, the error string is placed in a +static buffer. +Note that this function is not thread-safe and does no checks on the size +of the buffer; use \fBERR_error_string_n()\fR instead. +.PP +\&\fBERR_error_string_n()\fR is a variant of \fBERR_error_string()\fR that writes +at most \fIlen\fR characters (including the terminating 0) +and truncates the string if necessary. +For \fBERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR. +.PP +The string will have the following format: +.PP +.Vb 1 +\& error:[error code]:[library name]:[function name]:[reason string] +.Ve +.PP +\&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR, +\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text. +.PP +\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and +\&\fBERR_reason_error_string()\fR return the library name, function +name and reason string respectively. +.PP +If there is no text string registered for the given error code, +the error string will contain the numeric code. +.PP +\&\fBERR_print_errors\fR\|(3) can be used to print +all error codes currently in the queue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_error_string()\fR returns a pointer to a static buffer containing the +string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise. +.PP +\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and +\&\fBERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if +none is registered for the error code. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBERR_print_errors\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_get_error.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_get_error.3 new file mode 100644 index 00000000..010fdc02 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_get_error.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_GET_ERROR 3" +.TH ERR_GET_ERROR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data \- obtain error code and data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned long ERR_get_error(void); +\& unsigned long ERR_peek_error(void); +\& unsigned long ERR_peek_last_error(void); +\& +\& unsigned long ERR_get_error_line(const char **file, int *line); +\& unsigned long ERR_peek_error_line(const char **file, int *line); +\& unsigned long ERR_peek_last_error_line(const char **file, int *line); +\& +\& unsigned long ERR_get_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +\& unsigned long ERR_peek_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +\& unsigned long ERR_peek_last_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_get_error()\fR returns the earliest error code from the thread's error +queue and removes the entry. This function can be called repeatedly +until there are no more error codes to return. +.PP +\&\fBERR_peek_error()\fR returns the earliest error code from the thread's +error queue without modifying it. +.PP +\&\fBERR_peek_last_error()\fR returns the latest error code from the thread's +error queue without modifying it. +.PP +See \s-1\fBERR_GET_LIB\s0\fR\|(3) for obtaining information about +location and reason of the error, and +\&\fBERR_error_string\fR\|(3) for human-readable error +messages. +.PP +\&\fBERR_get_error_line()\fR, \fBERR_peek_error_line()\fR and +\&\fBERR_peek_last_error_line()\fR are the same as the above, but they +additionally store the file name and line number where +the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. +.PP +\&\fBERR_get_error_line_data()\fR, \fBERR_peek_error_line_data()\fR and +\&\fBERR_peek_last_error_line_data()\fR store additional data and flags +associated with the error code in *\fBdata\fR +and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string +if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true. +.PP +An application \fB\s-1MUST NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers +returned by these functions) with \fBOPENSSL_free()\fR as freeing is handled +automatically by the error library. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The error code, or 0 if there is no error in the queue. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_error_string\fR\|(3), +\&\s-1\fBERR_GET_LIB\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_load_crypto_strings.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_load_crypto_strings.3 new file mode 100644 index 00000000..9dc2e3b9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_load_crypto_strings.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_LOAD_CRYPTO_STRINGS 3" +.TH ERR_LOAD_CRYPTO_STRINGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \- load and free error strings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +Deprecated: +.PP +.Vb 1 +\& #include +\& +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void ERR_load_crypto_strings(void); +\& void ERR_free_strings(void); +\& #endif +\& +\& #include +\& +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void SSL_load_error_strings(void); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_load_crypto_strings()\fR registers the error strings for all +\&\fBlibcrypto\fR functions. \fBSSL_load_error_strings()\fR does the same, +but also registers the \fBlibssl\fR error strings. +.PP +In versions prior to OpenSSL 1.1.0, +\&\fBERR_free_strings()\fR releases any resources created by the above functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR and +\&\fBERR_free_strings()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_error_string\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR, and +\&\fBERR_free_strings()\fR functions were deprecated in OpenSSL 1.1.0 by +\&\fBOPENSSL_init_crypto()\fR and \fBOPENSSL_init_ssl()\fR and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_load_strings.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_load_strings.3 new file mode 100644 index 00000000..6235ee38 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_load_strings.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_LOAD_STRINGS 3" +.TH ERR_LOAD_STRINGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load arbitrary error strings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_load_strings(int lib, ERR_STRING_DATA str[]); +\& +\& int ERR_get_next_error_library(void); +\& +\& unsigned long ERR_PACK(int lib, int func, int reason); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_load_strings()\fR registers error strings for library number \fBlib\fR. +.PP +\&\fBstr\fR is an array of error string data: +.PP +.Vb 5 +\& typedef struct ERR_string_data_st +\& { +\& unsigned long error; +\& char *string; +\& } ERR_STRING_DATA; +.Ve +.PP +The error code is generated from the library number and a function and +reason code: \fBerror\fR = \s-1ERR_PACK\s0(\fBlib\fR, \fBfunc\fR, \fBreason\fR). +\&\s-1\fBERR_PACK\s0()\fR is a macro. +.PP +The last entry in the array is {0,0}. +.PP +\&\fBERR_get_next_error_library()\fR can be used to assign library numbers +to user libraries at runtime. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_load_strings()\fR returns no value. \s-1\fBERR_PACK\s0()\fR return the error code. +\&\fBERR_get_next_error_library()\fR returns zero on failure, otherwise a new +library number. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_load_strings\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_print_errors.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_print_errors.3 new file mode 100644 index 00000000..8cc56c93 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_print_errors.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_PRINT_ERRORS 3" +.TH ERR_PRINT_ERRORS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb \&\- print error messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_print_errors(BIO *bp); +\& void ERR_print_errors_fp(FILE *fp); +\& void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_print_errors()\fR is a convenience function that prints the error +strings for all errors that OpenSSL has recorded to \fBbp\fR, thus +emptying the error queue. +.PP +\&\fBERR_print_errors_fp()\fR is the same, except that the output goes to a +\&\fB\s-1FILE\s0\fR. +.PP +\&\fBERR_print_errors_cb()\fR is the same, except that the callback function, +\&\fBcb\fR, is called for each error line with the string, length, and userdata +\&\fBu\fR as the callback parameters. +.PP +The error strings will have the following format: +.PP +.Vb 1 +\& [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message] +.Ve +.PP +\&\fIerror code\fR is an 8 digit hexadecimal number. \fIlibrary name\fR, +\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text, as is \fIoptional +text message\fR if one was set for the respective error code. +.PP +If there is no text string registered for the given error code, +the error string will contain the numeric code. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_print_errors()\fR and \fBERR_print_errors_fp()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_error_string\fR\|(3), +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_put_error.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_put_error.3 new file mode 100644 index 00000000..a2973c18 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_put_error.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_PUT_ERROR 3" +.TH ERR_PUT_ERROR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_put_error, ERR_add_error_data, ERR_add_error_vdata \- record an error +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_put_error(int lib, int func, int reason, const char *file, int line); +\& +\& void ERR_add_error_data(int num, ...); +\& void ERR_add_error_vdata(int num, va_list arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_put_error()\fR adds an error code to the thread's error queue. It +signals that the error of reason code \fBreason\fR occurred in function +\&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR. +This function is usually called by a macro. +.PP +\&\fBERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string +arguments with the error code added last. +\&\fBERR_add_error_vdata()\fR is similar except the argument is a \fBva_list\fR. +.PP +\&\fBERR_load_strings\fR\|(3) can be used to register +error strings so that the application can a generate human-readable +error messages for the error code. +.SS "Reporting errors" +.IX Subsection "Reporting errors" +Each sub-library has a specific macro \fBXXXerr()\fR that is used to report +errors. Its first argument is a function code \fB\s-1XXX_F_...\s0\fR, the second +argument is a reason code \fB\s-1XXX_R_...\s0\fR. Function codes are derived +from the function names; reason codes consist of textual error +descriptions. For example, the function \fBssl3_read_bytes()\fR reports a +\&\*(L"handshake failure\*(R" as follows: +.PP +.Vb 1 +\& SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); +.Ve +.PP +Function and reason codes should consist of upper case characters, +numbers and underscores only. The error file generation script translates +function codes into function names by looking in the header files +for an appropriate function name, if none is found it just uses +the capitalized form such as \*(L"\s-1SSL3_READ_BYTES\*(R"\s0 in the above example. +.PP +The trailing section of a reason code (after the \*(L"_R_\*(R") is translated +into lower case and underscores changed to spaces. +.PP +Although a library will normally report errors using its own specific +XXXerr macro, another library's macro can be used. This is normally +only done when a library wants to include \s-1ASN1\s0 code which must use +the \fBASN1err()\fR macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_put_error()\fR and \fBERR_add_error_data()\fR return +no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_load_strings\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_remove_state.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_remove_state.3 new file mode 100644 index 00000000..21a7e031 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_remove_state.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_REMOVE_STATE 3" +.TH ERR_REMOVE_STATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_remove_thread_state, ERR_remove_state \- DEPRECATED +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10000000L +\& void ERR_remove_state(unsigned long tid); +\& #endif +\& +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void ERR_remove_thread_state(void *tid); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_remove_state()\fR frees the error queue associated with the specified +thread, identified by \fBtid\fR. +\&\fBERR_remove_thread_state()\fR does the same thing, except the identifier is +an opaque pointer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_remove_state()\fR and \fBERR_remove_thread_state()\fR return no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +L\fBOPENSSL_init_crypto\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBERR_remove_state()\fR was deprecated in OpenSSL 1.0.0 and +\&\fBERR_remove_thread_state()\fR was deprecated in OpenSSL 1.1.0; these functions +and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_set_mark.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_set_mark.3 new file mode 100644 index 00000000..65ab4cab --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/ERR_set_mark.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_SET_MARK 3" +.TH ERR_SET_MARK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_set_mark, ERR_pop_to_mark \- set marks and pop errors until mark +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ERR_set_mark(void); +\& +\& int ERR_pop_to_mark(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_set_mark()\fR sets a mark on the current topmost error record if there +is one. +.PP +\&\fBERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found. +The mark is then removed. If there is no mark, the whole stack is removed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1. +.PP +\&\fBERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which +implies that the stack became empty, otherwise 1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_BytesToKey.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_BytesToKey.3 new file mode 100644 index 00000000..f5fefedd --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_BytesToKey.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_BYTESTOKEY 3" +.TH EVP_BYTESTOKEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_BytesToKey \- password based encryption routine +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, +\& const unsigned char *salt, +\& const unsigned char *data, int datal, int count, +\& unsigned char *key, unsigned char *iv); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is +the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. +The \fBsalt\fR parameter is used as a salt in the derivation: it should point to +an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing +\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the +iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR +and \fBiv\fR respectively. +.SH "NOTES" +.IX Header "NOTES" +A typical application of this function is to derive keying material for an +encryption algorithm from a password in the \fBdata\fR parameter. +.PP +Increasing the \fBcount\fR parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords. +.PP +If the total key and \s-1IV\s0 length is less than the digest length and +\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 +otherwise a non standard extension is used to derive the extra data. +.PP +Newer applications should use a more modern algorithm such as \s-1PBKDF2\s0 as +defined in PKCS#5v2.1 and provided by \s-1PKCS5_PBKDF2_HMAC.\s0 +.SH "KEY DERIVATION ALGORITHM" +.IX Header "KEY DERIVATION ALGORITHM" +The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until +enough data is available for the key and \s-1IV.\s0 D_i is defined as: +.PP +.Vb 1 +\& D_i = HASH^count(D_(i\-1) || data || salt) +.Ve +.PP +where || denotes concatenation, D_0 is empty, \s-1HASH\s0 is the digest +algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data) +is \s-1HASH\s0(\s-1HASH\s0(data)) and so on. +.PP +The initial bytes are used for the key and the subsequent bytes for +the \s-1IV.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If \fBdata\fR is \s-1NULL,\s0 then \fBEVP_BytesToKey()\fR returns the number of bytes +needed to store the derived key. +Otherwise, \fBEVP_BytesToKey()\fR returns the size of the derived key in bytes, +or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 new file mode 100644 index 00000000..1333ef4b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CIPHER_CTX_GET_CIPHER_DATA 3" +.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data \- Routines to inspect and modify EVP_CIPHER_CTX objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +\& void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the cipher +data relevant to \s-1EVP_CIPHER_CTX.\s0 The contents of this data is specific to the +particular implementation of the cipher. For example this data can be used by +engines to store engine specific information. The data is automatically +allocated and freed by OpenSSL, so applications and engines should not normally +free this directly (but see below). +.PP +The \fBEVP_CIPHER_CTX_set_cipher_data()\fR function allows an application or engine to +replace the cipher data with new data. A pointer to any existing cipher data is +returned from this function. If the old data is no longer required then it +should be freed through a call to \fBOPENSSL_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the current +cipher data for the \s-1EVP_CIPHER_CTX.\s0 +.PP +The \fBEVP_CIPHER_CTX_set_cipher_data()\fR function returns a pointer to the old +cipher data for the \s-1EVP_CIPHER_CTX.\s0 +.SH "HISTORY" +.IX Header "HISTORY" +The \fBEVP_CIPHER_CTX_get_cipher_data()\fR and \fBEVP_CIPHER_CTX_set_cipher_data()\fR +functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_CIPHER_meth_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_CIPHER_meth_new.3 new file mode 100644 index 00000000..28c75d85 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_CIPHER_meth_new.3 @@ -0,0 +1,343 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CIPHER_METH_NEW 3" +.TH EVP_CIPHER_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags, EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init, EVP_CIPHER_meth_set_do_cipher, EVP_CIPHER_meth_set_cleanup, EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params, EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init, EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup, EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, EVP_CIPHER_meth_get_ctrl \- Routines to build up EVP_CIPHER methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +\& EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +\& void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); +\& +\& int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +\& int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +\& int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +\& int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, +\& int (*init)(EVP_CIPHER_CTX *ctx, +\& const unsigned char *key, +\& const unsigned char *iv, +\& int enc)); +\& int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, +\& int (*do_cipher)(EVP_CIPHER_CTX *ctx, +\& unsigned char *out, +\& const unsigned char *in, +\& size_t inl)); +\& int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, +\& int (*cleanup)(EVP_CIPHER_CTX *)); +\& int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, +\& int (*set_asn1_parameters)(EVP_CIPHER_CTX *, +\& ASN1_TYPE *)); +\& int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, +\& int (*get_asn1_parameters)(EVP_CIPHER_CTX *, +\& ASN1_TYPE *)); +\& int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, +\& int (*ctrl)(EVP_CIPHER_CTX *, int type, +\& int arg, void *ptr)); +\& +\& int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, +\& const unsigned char *key, +\& const unsigned char *iv, +\& int enc); +\& int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, +\& unsigned char *out, +\& const unsigned char *in, +\& size_t inl); +\& int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +\& int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +\& ASN1_TYPE *); +\& int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +\& ASN1_TYPE *); +\& int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +\& int type, int arg, +\& void *ptr); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1EVP_CIPHER\s0\fR type is a structure for symmetric cipher method +implementation. +.PP +\&\fBEVP_CIPHER_meth_new()\fR creates a new \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fBEVP_CIPHER_meth_dup()\fR creates a copy of \fBcipher\fR. +.PP +\&\fBEVP_CIPHER_meth_free()\fR destroys a \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fBEVP_CIPHER_meth_set_iv_length()\fR sets the length of the \s-1IV.\s0 +This is only needed when the implemented cipher mode requires it. +.PP +\&\fBEVP_CIPHER_meth_set_flags()\fR sets the flags to describe optional +behaviours in the particular \fBcipher\fR. +With the exception of cipher modes, of which only one may be present, +several flags can be or'd together. +The available flags are: +.IP "\s-1EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE\s0" 4 +.IX Item "EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE" +The cipher mode. +.IP "\s-1EVP_CIPH_VARIABLE_LENGTH\s0" 4 +.IX Item "EVP_CIPH_VARIABLE_LENGTH" +This cipher is of variable length. +.IP "\s-1EVP_CIPH_CUSTOM_IV\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_IV" +Storing and initialising the \s-1IV\s0 is left entirely to the +implementation. +.IP "\s-1EVP_CIPH_ALWAYS_CALL_INIT\s0" 4 +.IX Item "EVP_CIPH_ALWAYS_CALL_INIT" +Set this if the implementation's \fBinit()\fR function should be called even +if \fBkey\fR is \fB\s-1NULL\s0\fR. +.IP "\s-1EVP_CIPH_CTRL_INIT\s0" 4 +.IX Item "EVP_CIPH_CTRL_INIT" +Set this to have the implementation's \fBctrl()\fR function called with +command code \fB\s-1EVP_CTRL_INIT\s0\fR early in its setup. +.IP "\s-1EVP_CIPH_CUSTOM_KEY_LENGTH\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_KEY_LENGTH" +Checking and setting the key length after creating the \fB\s-1EVP_CIPHER\s0\fR +is left to the implementation. +Whenever someone uses \fBEVP_CIPHER_CTX_set_key_length()\fR on a +\&\fB\s-1EVP_CIPHER\s0\fR with this flag set, the implementation's \fBctrl()\fR function +will be called with the control code \fB\s-1EVP_CTRL_SET_KEY_LENGTH\s0\fR and +the key length in \fBarg\fR. +.IP "\s-1EVP_CIPH_NO_PADDING\s0" 4 +.IX Item "EVP_CIPH_NO_PADDING" +Don't use standard block padding. +.IP "\s-1EVP_CIPH_RAND_KEY\s0" 4 +.IX Item "EVP_CIPH_RAND_KEY" +Making a key with random content is left to the implementation. +This is done by calling the implementation's \fBctrl()\fR function with the +control code \fB\s-1EVP_CTRL_RAND_KEY\s0\fR and the pointer to the key memory +storage in \fBptr\fR. +.IP "\s-1EVP_CIPH_CUSTOM_COPY\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_COPY" +Set this to have the implementation's \fBctrl()\fR function called with +command code \fB\s-1EVP_CTRL_COPY\s0\fR at the end of \fBEVP_CIPHER_CTX_copy()\fR. +The intended use is for further things to deal with after the +implementation specific data block has been copied. +The destination \fB\s-1EVP_CIPHER_CTX\s0\fR is passed to the control with the +\&\fBptr\fR parameter. +The implementation specific data block is reached with +\&\fBEVP_CIPHER_CTX_get_cipher_data()\fR. +.IP "\s-1EVP_CIPH_FLAG_DEFAULT_ASN1\s0" 4 +.IX Item "EVP_CIPH_FLAG_DEFAULT_ASN1" +Use the default \s-1EVP\s0 routines to pass \s-1IV\s0 to and from \s-1ASN.1.\s0 +.IP "\s-1EVP_CIPH_FLAG_LENGTH_BITS\s0" 4 +.IX Item "EVP_CIPH_FLAG_LENGTH_BITS" +Signals that the length of the input buffer for encryption / +decryption is to be understood as the number of bits instead of +bytes for this implementation. +This is only useful for \s-1CFB1\s0 ciphers. +.IP "\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0" 4 +.IX Item "EVP_CIPH_FLAG_CUSTOM_CIPHER" +This indicates that the implementation takes care of everything, +including padding, buffering and finalization. +The \s-1EVP\s0 routines will simply give them control and do nothing more. +.IP "\s-1EVP_CIPH_FLAG_AEAD_CIPHER\s0" 4 +.IX Item "EVP_CIPH_FLAG_AEAD_CIPHER" +This indicates that this is an \s-1AEAD\s0 cipher implementation. +.IP "\s-1EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK\s0" 4 +.IX Item "EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK" +Allow interleaving of crypto blocks, a particular optimization only applicable +to certain \s-1TLS\s0 ciphers. +.PP +\&\fBEVP_CIPHER_meth_set_impl_ctx_size()\fR sets the size of the \s-1EVP_CIPHER\s0's +implementation context so that it can be automatically allocated. +.PP +\&\fBEVP_CIPHER_meth_set_init()\fR sets the cipher init function for +\&\fBcipher\fR. +The cipher init function is called by \fBEVP_CipherInit()\fR, +\&\fBEVP_CipherInit_ex()\fR, \fBEVP_EncryptInit()\fR, \fBEVP_EncryptInit_ex()\fR, +\&\fBEVP_DecryptInit()\fR, \fBEVP_DecryptInit_ex()\fR. +.PP +\&\fBEVP_CIPHER_meth_set_do_cipher()\fR sets the cipher function for +\&\fBcipher\fR. +The cipher function is called by \fBEVP_CipherUpdate()\fR, +\&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR, \fBEVP_CipherFinal()\fR, +\&\fBEVP_EncryptFinal()\fR, \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal()\fR and +\&\fBEVP_DecryptFinal_ex()\fR. +.PP +\&\fBEVP_CIPHER_meth_set_cleanup()\fR sets the function for \fBcipher\fR to do +extra cleanup before the method's private data structure is cleaned +out and freed. +Note that the cleanup function is passed a \fB\s-1EVP_CIPHER_CTX\s0 *\fR, the +private data structure is then available with +\&\fBEVP_CIPHER_CTX_get_cipher_data()\fR. +This cleanup function is called by \fBEVP_CIPHER_CTX_reset()\fR and +\&\fBEVP_CIPHER_CTX_free()\fR. +.PP +\&\fBEVP_CIPHER_meth_set_set_asn1_params()\fR sets the function for \fBcipher\fR +to set the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher. +This function is called by \fBEVP_CIPHER_param_to_asn1()\fR. +\&\fBEVP_CIPHER_meth_set_get_asn1_params()\fR sets the function for \fBcipher\fR +that sets the cipher parameters based on an \s-1ASN.1\s0 AlgorithmIdentifier +\&\*(L"parameter\*(R". +Both these functions are needed when there is a need for custom data +(more or other than the cipher \s-1IV\s0). +They are called by \fBEVP_CIPHER_param_to_asn1()\fR and +\&\fBEVP_CIPHER_asn1_to_param()\fR respectively if defined. +.PP +\&\fBEVP_CIPHER_meth_set_ctrl()\fR sets the control function for \fBcipher\fR. +.PP +\&\fBEVP_CIPHER_meth_get_init()\fR, \fBEVP_CIPHER_meth_get_do_cipher()\fR, +\&\fBEVP_CIPHER_meth_get_cleanup()\fR, \fBEVP_CIPHER_meth_get_set_asn1_params()\fR, +\&\fBEVP_CIPHER_meth_get_get_asn1_params()\fR and \fBEVP_CIPHER_meth_get_ctrl()\fR +are all used to retrieve the method data given with the +EVP_CIPHER_meth_set_*() functions above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_CIPHER_meth_new()\fR and \fBEVP_CIPHER_meth_dup()\fR return a pointer to a +newly created \fB\s-1EVP_CIPHER\s0\fR, or \s-1NULL\s0 on failure. +All EVP_CIPHER_meth_set_*() functions return 1. +All EVP_CIPHER_meth_get_*() functions return pointers to their +respective \fBcipher\fR function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +EVP_EncryptInit +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_DigestInit.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_DigestInit.3 new file mode 100644 index 00000000..d7b5c311 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_DigestInit.3 @@ -0,0 +1,497 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DIGESTINIT 3" +.TH EVP_DIGESTINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, EVP_md_null, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx \- EVP digest routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_MD_CTX *EVP_MD_CTX_new(void); +\& int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2); +\& void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +\& void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +\& int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); +\& +\& int EVP_Digest(const void *data, size_t count, unsigned char *md, +\& unsigned int *size, const EVP_MD *type, ENGINE *impl); +\& int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +\& int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +\& int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len); +\& +\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +\& +\& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +\& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +\& +\& int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in); +\& +\& int EVP_MD_type(const EVP_MD *md); +\& int EVP_MD_pkey_type(const EVP_MD *md); +\& int EVP_MD_size(const EVP_MD *md); +\& int EVP_MD_block_size(const EVP_MD *md); +\& unsigned long EVP_MD_flags(const EVP_MD *md); +\& +\& const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_size(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_type(const EVP_MD_CTX *ctx); +\& void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); +\& int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, +\& const void *data, size_t count); +\& void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, +\& int (*update)(EVP_MD_CTX *ctx, +\& const void *data, size_t count)); +\& +\& const EVP_MD *EVP_md_null(void); +\& +\& const EVP_MD *EVP_get_digestbyname(const char *name); +\& const EVP_MD *EVP_get_digestbynid(int type); +\& const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o); +\& +\& EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 digest routines are a high level interface to message digests, +and should be used instead of the cipher-specific functions. +.IP "\fBEVP_MD_CTX_new()\fR" 4 +.IX Item "EVP_MD_CTX_new()" +Allocates and returns a digest context. +.IP "\fBEVP_MD_CTX_reset()\fR" 4 +.IX Item "EVP_MD_CTX_reset()" +Resets the digest context \fBctx\fR. This can be used to reuse an already +existing context. +.IP "\fBEVP_MD_CTX_free()\fR" 4 +.IX Item "EVP_MD_CTX_free()" +Cleans up digest context \fBctx\fR and frees up the space allocated to it. +.IP "\fBEVP_MD_CTX_ctrl()\fR" 4 +.IX Item "EVP_MD_CTX_ctrl()" +Performs digest-specific control actions on context \fBctx\fR. The control command +is indicated in \fBcmd\fR and any additional arguments in \fBp1\fR and \fBp2\fR. +\&\fBEVP_MD_CTX_ctrl()\fR must be called after \fBEVP_DigestInit_ex()\fR. Other restrictions +may apply depending on the control type and digest implementation. +See \*(L"\s-1CONTROLS\*(R"\s0 below for more information. +.IP "\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR, \fBEVP_MD_CTX_test_flags()\fR" 4 +.IX Item "EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()" +Sets, clears and tests \fBctx\fR flags. See \*(L"\s-1FLAGS\*(R"\s0 below for more information. +.IP "\fBEVP_Digest()\fR" 4 +.IX Item "EVP_Digest()" +A wrapper around the Digest Init_ex, Update and Final_ex functions. +Hashes \fBcount\fR bytes of data at \fBdata\fR using a digest \fBtype\fR from \s-1ENGINE\s0 +\&\fBimpl\fR. The digest value is placed in \fBmd\fR and its length is written at \fBsize\fR +if the pointer is not \s-1NULL.\s0 At most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. +If \fBimpl\fR is \s-1NULL\s0 the default implementation of digest \fBtype\fR is used. +.IP "\fBEVP_DigestInit_ex()\fR" 4 +.IX Item "EVP_DigestInit_ex()" +Sets up digest context \fBctx\fR to use a digest \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. +\&\fBtype\fR will typically be supplied by a function such as \fBEVP_sha1()\fR. If +\&\fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used. +.IP "\fBEVP_DigestUpdate()\fR" 4 +.IX Item "EVP_DigestUpdate()" +Hashes \fBcnt\fR bytes of data at \fBd\fR into the digest context \fBctx\fR. This +function can be called several times on the same \fBctx\fR to hash additional +data. +.IP "\fBEVP_DigestFinal_ex()\fR" 4 +.IX Item "EVP_DigestFinal_ex()" +Retrieves the digest value from \fBctx\fR and places it in \fBmd\fR. If the \fBs\fR +parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the +length of the digest) will be written to the integer at \fBs\fR, at most +\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. After calling \fBEVP_DigestFinal_ex()\fR +no additional calls to \fBEVP_DigestUpdate()\fR can be made, but +\&\fBEVP_DigestInit_ex()\fR can be called to initialize a new digest operation. +.IP "\fBEVP_DigestFinalXOF()\fR" 4 +.IX Item "EVP_DigestFinalXOF()" +Interfaces to extendable-output functions, XOFs, such as \s-1SHAKE128\s0 and \s-1SHAKE256.\s0 +It retrieves the digest value from \fBctx\fR and places it in \fBlen\fR\-sized md. +After calling this function no additional calls to \fBEVP_DigestUpdate()\fR can be +made, but \fBEVP_DigestInit_ex()\fR can be called to initialize a new operation. +.IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 +.IX Item "EVP_MD_CTX_copy_ex()" +Can be used to copy the message digest state from \fBin\fR to \fBout\fR. This is +useful if large amounts of data are to be hashed which only differ in the last +few bytes. +.IP "\fBEVP_DigestInit()\fR" 4 +.IX Item "EVP_DigestInit()" +Behaves in the same way as \fBEVP_DigestInit_ex()\fR except it always uses the +default digest implementation and calls \fBEVP_MD_CTX_reset()\fR. +.IP "\fBEVP_DigestFinal()\fR" 4 +.IX Item "EVP_DigestFinal()" +Similar to \fBEVP_DigestFinal_ex()\fR except the digest context \fBctx\fR is +automatically cleaned up. +.IP "\fBEVP_MD_CTX_copy()\fR" 4 +.IX Item "EVP_MD_CTX_copy()" +Similar to \fBEVP_MD_CTX_copy_ex()\fR except the destination \fBout\fR does not have to +be initialized. +.IP "\fBEVP_MD_size()\fR, \fBEVP_MD_CTX_size()\fR" 4 +.IX Item "EVP_MD_size(), EVP_MD_CTX_size()" +Return the size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an +\&\fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the hash. +.IP "\fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4 +.IX Item "EVP_MD_block_size(), EVP_MD_CTX_block_size()" +Return the block size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an +\&\fB\s-1EVP_MD_CTX\s0\fR structure. +.IP "\fBEVP_MD_type()\fR, \fBEVP_MD_CTX_type()\fR" 4 +.IX Item "EVP_MD_type(), EVP_MD_CTX_type()" +Return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0 representing the given message digest +when passed an \fB\s-1EVP_MD\s0\fR structure. For example, \f(CW\*(C`EVP_MD_type(EVP_sha1())\*(C'\fR +returns \fBNID_sha1\fR. This function is normally used when setting \s-1ASN1\s0 OIDs. +.IP "\fBEVP_MD_CTX_md_data()\fR" 4 +.IX Item "EVP_MD_CTX_md_data()" +Return the digest method private data for the passed \fB\s-1EVP_MD_CTX\s0\fR. +The space is allocated by OpenSSL and has the size originally set with +\&\fBEVP_MD_meth_set_app_datasize()\fR. +.IP "\fBEVP_MD_CTX_md()\fR" 4 +.IX Item "EVP_MD_CTX_md()" +Returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed \fB\s-1EVP_MD_CTX\s0\fR. +.IP "\fBEVP_MD_CTX_set_update_fn()\fR" 4 +.IX Item "EVP_MD_CTX_set_update_fn()" +Sets the update function for \fBctx\fR to \fBupdate\fR. +This is the function that is called by EVP_DigestUpdate. If not set, the +update function from the \fB\s-1EVP_MD\s0\fR type specified at initialization is used. +.IP "\fBEVP_MD_CTX_update_fn()\fR" 4 +.IX Item "EVP_MD_CTX_update_fn()" +Returns the update function for \fBctx\fR. +.IP "\fBEVP_MD_flags()\fR" 4 +.IX Item "EVP_MD_flags()" +Returns the \fBmd\fR flags. Note that these are different from the \fB\s-1EVP_MD_CTX\s0\fR +ones. See \fBEVP_MD_meth_set_flags\fR\|(3) for more information. +.IP "\fBEVP_MD_pkey_type()\fR" 4 +.IX Item "EVP_MD_pkey_type()" +Returns the \s-1NID\s0 of the public key signing algorithm associated with this +digest. For example \fBEVP_sha1()\fR is associated with \s-1RSA\s0 so this will return +\&\fBNID_sha1WithRSAEncryption\fR. Since digests and signature algorithms are no +longer linked this function is only retained for compatibility reasons. +.IP "\fBEVP_md_null()\fR" 4 +.IX Item "EVP_md_null()" +A \*(L"null\*(R" message digest that does nothing: i.e. the hash it returns is of zero +length. +.IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4 +.IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" +Returns an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \fB\s-1NID\s0\fR or an +\&\fB\s-1ASN1_OBJECT\s0\fR structure respectively. +.IP "\fBEVP_MD_CTX_pkey_ctx()\fR" 4 +.IX Item "EVP_MD_CTX_pkey_ctx()" +Returns the \fB\s-1EVP_PKEY_CTX\s0\fR assigned to \fBctx\fR. The returned pointer should not +be freed by the caller. +.IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 +.IX Item "EVP_MD_CTX_set_pkey_ctx()" +Assigns an \fB\s-1EVP_PKEY_CTX\s0\fR to \fB\s-1EVP_MD_CTX\s0\fR. This is usually used to provide +a customized \fB\s-1EVP_PKEY_CTX\s0\fR to \fBEVP_DigestSignInit\fR\|(3) or +\&\fBEVP_DigestVerifyInit\fR\|(3). The \fBpctx\fR passed to this function should be freed +by the caller. A \s-1NULL\s0 \fBpctx\fR pointer is also allowed to clear the \fB\s-1EVP_PKEY_CTX\s0\fR +assigned to \fBctx\fR. In such case, freeing the cleared \fB\s-1EVP_PKEY_CTX\s0\fR or not +depends on how the \fB\s-1EVP_PKEY_CTX\s0\fR is created. +.SH "CONTROLS" +.IX Header "CONTROLS" +\&\fBEVP_MD_CTX_ctrl()\fR can be used to send the following standard controls: +.IP "\s-1EVP_MD_CTRL_MICALG\s0" 4 +.IX Item "EVP_MD_CTRL_MICALG" +Gets the digest Message Integrity Check algorithm string. This is used when +creating S/MIME multipart/signed messages, as specified in \s-1RFC 3851.\s0 +The string value is written to \fBp2\fR. +.IP "\s-1EVP_MD_CTRL_XOF_LEN\s0" 4 +.IX Item "EVP_MD_CTRL_XOF_LEN" +This control sets the digest length for extendable output functions to \fBp1\fR. +Sending this control directly should not be necessary, the use of +\&\f(CW\*(C`EVP_DigestFinalXOF()\*(C'\fR is preferred. +Currently used by \s-1SHAKE.\s0 +.SH "FLAGS" +.IX Header "FLAGS" +\&\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR and \fBEVP_MD_CTX_test_flags()\fR +can be used the manipulate and test these \fB\s-1EVP_MD_CTX\s0\fR flags: +.IP "\s-1EVP_MD_CTX_FLAG_ONESHOT\s0" 4 +.IX Item "EVP_MD_CTX_FLAG_ONESHOT" +This flag instructs the digest to optimize for one update only, if possible. +.IP "\s-1EVP_MD_CTX_FLAG_NO_INIT\s0" 4 +.IX Item "EVP_MD_CTX_FLAG_NO_INIT" +This flag instructs \fBEVP_DigestInit()\fR and similar not to initialise the +implementation specific data. +.IP "\s-1EVP_MD_CTX_FLAG_FINALISE\s0" 4 +.IX Item "EVP_MD_CTX_FLAG_FINALISE" +Some functions such as EVP_DigestSign only finalise copies of internal +contexts so additional data can be included after the finalisation call. +This is inefficient if this functionality is not required, and can be +disabled with this flag. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +.IP "\fBEVP_DigestInit_ex()\fR, \fBEVP_DigestUpdate()\fR, \fBEVP_DigestFinal_ex()\fR" 4 +.IX Item "EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex()" +Returns 1 for +success and 0 for failure. +.IP "\fBEVP_MD_CTX_ctrl()\fR" 4 +.IX Item "EVP_MD_CTX_ctrl()" +Returns 1 if successful or 0 for failure. +.IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 +.IX Item "EVP_MD_CTX_copy_ex()" +Returns 1 if successful or 0 for failure. +.IP "\fBEVP_MD_type()\fR, \fBEVP_MD_pkey_type()\fR" 4 +.IX Item "EVP_MD_type(), EVP_MD_pkey_type()" +Returns the \s-1NID\s0 of the corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none +exists. +.IP "\fBEVP_MD_size()\fR, \fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4 +.IX Item "EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size()" +Returns the digest or block size in bytes. +.IP "\fBEVP_md_null()\fR" 4 +.IX Item "EVP_md_null()" +Returns a pointer to the \fB\s-1EVP_MD\s0\fR structure of the \*(L"null\*(R" message digest. +.IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4 +.IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" +Returns either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs. +.IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 +.IX Item "EVP_MD_CTX_set_pkey_ctx()" +This function has no return value. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to message digests should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the digest used and much more flexible. +.PP +New applications should use the \s-1SHA\-2\s0 (such as \fBEVP_sha256\fR\|(3)) or the \s-1SHA\-3\s0 +digest algorithms (such as \fBEVP_sha3_512\fR\|(3)). The other digest algorithms +are still in common use. +.PP +For most applications the \fBimpl\fR parameter to \fBEVP_DigestInit_ex()\fR will be +set to \s-1NULL\s0 to use the default digest implementation. +.PP +The functions \fBEVP_DigestInit()\fR, \fBEVP_DigestFinal()\fR and \fBEVP_MD_CTX_copy()\fR are +obsolete but are retained to maintain compatibility with existing code. New +applications should use \fBEVP_DigestInit_ex()\fR, \fBEVP_DigestFinal_ex()\fR and +\&\fBEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context +instead of initializing and cleaning it up on each call and allow non default +implementations of digests to be specified. +.PP +If digest contexts are not cleaned up after use, +memory leaks will occur. +.PP +\&\fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR, \fBEVP_MD_CTX_type()\fR, +\&\fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR are defined as +macros. +.PP +\&\fBEVP_MD_CTX_ctrl()\fR sends commands to message digests for additional configuration +or control. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the +digest name passed on the command line. +.PP +.Vb 3 +\& #include +\& #include +\& #include +\& +\& int main(int argc, char *argv[]) +\& { +\& EVP_MD_CTX *mdctx; +\& const EVP_MD *md; +\& char mess1[] = "Test Message\en"; +\& char mess2[] = "Hello World\en"; +\& unsigned char md_value[EVP_MAX_MD_SIZE]; +\& unsigned int md_len, i; +\& +\& if (argv[1] == NULL) { +\& printf("Usage: mdtest digestname\en"); +\& exit(1); +\& } +\& +\& md = EVP_get_digestbyname(argv[1]); +\& if (md == NULL) { +\& printf("Unknown message digest %s\en", argv[1]); +\& exit(1); +\& } +\& +\& mdctx = EVP_MD_CTX_new(); +\& EVP_DigestInit_ex(mdctx, md, NULL); +\& EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); +\& EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); +\& EVP_DigestFinal_ex(mdctx, md_value, &md_len); +\& EVP_MD_CTX_free(mdctx); +\& +\& printf("Digest is: "); +\& for (i = 0; i < md_len; i++) +\& printf("%02x", md_value[i]); +\& printf("\en"); +\& +\& exit(0); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_MD_meth_new\fR\|(3), +\&\fBdgst\fR\|(1), +\&\fBevp\fR\|(7) +.PP +The full list of digest algorithms are provided below. +.PP +\&\fBEVP_blake2b512\fR\|(3), +\&\fBEVP_md2\fR\|(3), +\&\fBEVP_md4\fR\|(3), +\&\fBEVP_md5\fR\|(3), +\&\fBEVP_mdc2\fR\|(3), +\&\fBEVP_ripemd160\fR\|(3), +\&\fBEVP_sha1\fR\|(3), +\&\fBEVP_sha224\fR\|(3), +\&\fBEVP_sha3_224\fR\|(3), +\&\fBEVP_sm3\fR\|(3), +\&\fBEVP_whirlpool\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBEVP_MD_CTX_create()\fR and \fBEVP_MD_CTX_destroy()\fR functions were renamed to +\&\fBEVP_MD_CTX_new()\fR and \fBEVP_MD_CTX_free()\fR in OpenSSL 1.1.0, respectively. +.PP +The link between digests and signing algorithms was fixed in OpenSSL 1.0 and +later, so now \fBEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA.\s0 +.PP +The \fBEVP_dss1()\fR function was removed in OpenSSL 1.1.0. +.PP +The \fBEVP_MD_CTX_set_pkey_ctx()\fR function was added in 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_DigestSignInit.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_DigestSignInit.3 new file mode 100644 index 00000000..55c3aab1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_DigestSignInit.3 @@ -0,0 +1,283 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DIGESTSIGNINIT 3" +.TH EVP_DIGESTSIGNINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal, EVP_DigestSign \- EVP signing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +\& int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +\& int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); +\& +\& int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, +\& size_t *siglen, const unsigned char *tbs, +\& size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital signatures. +.PP +\&\fBEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from +\&\s-1ENGINE\s0 \fBe\fR and private key \fBpkey\fR. \fBctx\fR must be created with +\&\fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the +\&\s-1EVP_PKEY_CTX\s0 of the signing operation will be written to \fB*pctx\fR: this can +be used to set alternative signing options. Note that any existing value in +\&\fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed +directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before +being passed to \fBEVP_DigestSignInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created +inside \fBEVP_DigestSignInit()\fR and it will be freed automatically when the +\&\s-1EVP_MD_CTX\s0 is freed). +.PP +The digest \fBtype\fR may be \s-1NULL\s0 if the signing algorithm supports it. +.PP +No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestSignInit()\fR if the passed \fBctx\fR +has already been assigned one via \fBEVP_MD_CTX_set_pkey_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7). +.PP +Only \s-1EVP_PKEY\s0 types that support signing can be used with these functions. This +includes \s-1MAC\s0 algorithms where the \s-1MAC\s0 generation is considered as a form of +\&\*(L"signing\*(R". Built-in \s-1EVP_PKEY\s0 types supported by these functions are \s-1CMAC,\s0 +Poly1305, \s-1DSA, ECDSA, HMAC, RSA,\s0 SipHash, Ed25519 and Ed448. +.PP +Not all digests can be used for all key types. The following combinations apply. +.IP "\s-1DSA\s0" 4 +.IX Item "DSA" +Supports \s-1SHA1, SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 +.IP "\s-1ECDSA\s0" 4 +.IX Item "ECDSA" +Supports \s-1SHA1, SHA224, SHA256, SHA384, SHA512\s0 and \s-1SM3\s0 +.IP "\s-1RSA\s0 with no padding" 4 +.IX Item "RSA with no padding" +Supports no digests (the digest \fBtype\fR must be \s-1NULL\s0) +.IP "\s-1RSA\s0 with X931 padding" 4 +.IX Item "RSA with X931 padding" +Supports \s-1SHA1, SHA256, SHA384\s0 and \s-1SHA512\s0 +.IP "All other \s-1RSA\s0 padding types" 4 +.IX Item "All other RSA padding types" +Support \s-1SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, +SHA3\-224, SHA3\-256, SHA3\-384, SHA3\-512\s0 +.IP "Ed25519 and Ed448" 4 +.IX Item "Ed25519 and Ed448" +Support no digests (the digest \fBtype\fR must be \s-1NULL\s0) +.IP "\s-1HMAC\s0" 4 +.IX Item "HMAC" +Supports any digest +.IP "\s-1CMAC,\s0 Poly1305 and SipHash" 4 +.IX Item "CMAC, Poly1305 and SipHash" +Will ignore any digest provided. +.PP +If RSA-PSS is used and restrictions apply then the digest must match. +.PP +\&\fBEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +signature context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. This function is currently implemented +using a macro. +.PP +\&\fBEVP_DigestSignFinal()\fR signs the data in \fBctx\fR and places the signature in \fBsig\fR. +If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to +the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then before the call the +\&\fBsiglen\fR parameter should contain the length of the \fBsig\fR buffer. If the +call is successful the signature is written to \fBsig\fR and the amount of data +written to \fBsiglen\fR. +.PP +\&\fBEVP_DigestSign()\fR signs \fBtbslen\fR bytes of data at \fBtbs\fR and places the +signature in \fBsig\fR and its length in \fBsiglen\fR in a similar way to +\&\fBEVP_DigestSignFinal()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR, \fBEVP_DigestSignFinal()\fR and +\&\fBEVP_DigestSign()\fR return 1 for success and 0 for failure. +.PP +The error codes can be obtained from \fBERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +\&\fBEVP_DigestSign()\fR is a one shot operation which signs a single block of data +in one function. For algorithms that support streaming it is equivalent to +calling \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR. For algorithms which +do not support streaming (e.g. PureEdDSA) it is the only way to sign data. +.PP +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR +needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and +the use of clone digest is now discouraged. +.PP +For some key types and parameters the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +The call to \fBEVP_DigestSignFinal()\fR internally finalizes a copy of the digest +context. This means that calls to \fBEVP_DigestSignUpdate()\fR and +\&\fBEVP_DigestSignFinal()\fR can be called later to digest and sign additional data. +.PP +Since only a copy of the digest context is ever finalized, the context must +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak +will occur. +.PP +The use of \fBEVP_PKEY_size()\fR with these functions is discouraged because some +signature operations may have a signature length which depends on the +parameters set. As a result \fBEVP_PKEY_size()\fR would have to return a value +which indicates the maximum possible signature for any set of parameters. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestVerifyInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR +were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_DigestVerifyInit.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_DigestVerifyInit.3 new file mode 100644 index 00000000..4ba9b171 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_DigestVerifyInit.3 @@ -0,0 +1,243 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DIGESTVERIFYINIT 3" +.TH EVP_DIGESTVERIFYINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_DigestVerify \- EVP signature verification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +\& int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +\& int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, +\& size_t siglen); +\& int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, +\& size_t siglen, const unsigned char *tbs, size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital signatures. +.PP +\&\fBEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBe\fR and public key \fBpkey\fR. \fBctx\fR must be created +with \fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the +\&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this +can be used to set alternative verification options. Note that any existing +value in \fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed +directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before +being passed to \fBEVP_DigestVerifyInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created +inside \fBEVP_DigestVerifyInit()\fR and it will be freed automatically when the +\&\s-1EVP_MD_CTX\s0 is freed). +.PP +No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestSignInit()\fR if the passed \fBctx\fR +has already been assigned one via \fBEVP_MD_CTX_set_pkey_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7). +.PP +\&\fBEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +verification context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. This function is currently implemented +using a macro. +.PP +\&\fBEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in +\&\fBsig\fR of length \fBsiglen\fR. +.PP +\&\fBEVP_DigestVerify()\fR verifies \fBtbslen\fR bytes at \fBtbs\fR against the signature +in \fBsig\fR of length \fBsiglen\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_DigestVerifyInit()\fR and \fBEVP_DigestVerifyUpdate()\fR return 1 for success and 0 +for failure. +.PP +\&\fBEVP_DigestVerifyFinal()\fR and \fBEVP_DigestVerify()\fR return 1 for success; any other +value indicates failure. A return value of zero indicates that the signature +did not verify successfully (that is, \fBtbs\fR did not match the original data or +the signature had an invalid form), while other values indicate a more serious +error (and sometimes also indicate an invalid signature form). +.PP +The error codes can be obtained from \fBERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +\&\fBEVP_DigestVerify()\fR is a one shot operation which verifies a single block of +data in one function. For algorithms that support streaming it is equivalent +to calling \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR. For +algorithms which do not support streaming (e.g. PureEdDSA) it is the only way +to verify data. +.PP +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR +needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and +the use of clone digest is now discouraged. +.PP +For some key types and parameters the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +The call to \fBEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest +context. This means that \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can +be called later to digest and verify additional data. +.PP +Since only a copy of the digest context is ever finalized, the context must +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak +will occur. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEVP_DigestVerifyInit()\fR, \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR +were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_EncodeInit.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_EncodeInit.3 new file mode 100644 index 00000000..e989c398 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_EncodeInit.3 @@ -0,0 +1,290 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ENCODEINIT 3" +.TH EVP_ENCODEINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy, EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock \- EVP base 64 encode/decode routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +\& void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +\& int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx); +\& int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); +\& void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +\& int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, +\& const unsigned char *in, int inl); +\& void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +\& int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); +\& +\& void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +\& int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, +\& const unsigned char *in, int inl); +\& int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +\& int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 encode routines provide a high level interface to base 64 encoding and +decoding. Base 64 encoding converts binary data into a printable form that uses +the characters A\-Z, a\-z, 0\-9, \*(L"+\*(R" and \*(L"/\*(R" to represent the data. For every 3 +bytes of binary data provided 4 bytes of base 64 encoded data will be produced +plus some occasional newlines (see below). If the input data length is not a +multiple of 3 then the output data will be padded at the end using the \*(L"=\*(R" +character. +.PP +\&\fBEVP_ENCODE_CTX_new()\fR allocates, initializes and returns a context to be used for +the encode/decode functions. +.PP +\&\fBEVP_ENCODE_CTX_free()\fR cleans up an encode/decode context \fBctx\fR and frees up the +space allocated to it. +.PP +Encoding of binary data is performed in blocks of 48 input bytes (or less for +the final block). For each 48 byte input block encoded 64 bytes of base 64 data +is output plus an additional newline character (i.e. 65 bytes in total). The +final block (which may be less than 48 bytes) will output 4 bytes for every 3 +bytes of input. If the data length is not divisible by 3 then a full 4 bytes is +still output for the final 1 or 2 bytes of input. Similarly a newline character +will also be output. +.PP +\&\fBEVP_EncodeInit()\fR initialises \fBctx\fR for the start of a new encoding operation. +.PP +\&\fBEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by +\&\fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes output +is stored in \fB*outl\fR. It is the caller's responsibility to ensure that the +buffer at \fBout\fR is sufficiently large to accommodate the output data. Only full +blocks of data (48 bytes) will be immediately processed and output by this +function. Any remainder is held in the \fBctx\fR object and will be processed by a +subsequent call to \fBEVP_EncodeUpdate()\fR or \fBEVP_EncodeFinal()\fR. To calculate the +required size of the output buffer add together the value of \fBinl\fR with the +amount of unprocessed data held in \fBctx\fR and divide the result by 48 (ignore +any remainder). This gives the number of blocks of data that will be processed. +Ensure the output buffer contains 65 bytes of storage for each block, plus an +additional byte for a \s-1NUL\s0 terminator. \fBEVP_EncodeUpdate()\fR may be called +repeatedly to process large amounts of input data. In the event of an error +\&\fBEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0 and return 0. On success 1 will be +returned. +.PP +\&\fBEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will +process any partial block of data remaining in the \fBctx\fR object. The output +data will be stored in \fBout\fR and the length of the data written will be stored +in \fB*outl\fR. It is the caller's responsibility to ensure that \fBout\fR is +sufficiently large to accommodate the output data which will never be more than +65 bytes plus an additional \s-1NUL\s0 terminator (i.e. 66 bytes in total). +.PP +\&\fBEVP_ENCODE_CTX_copy()\fR can be used to copy a context \fBsctx\fR to a context +\&\fBdctx\fR. \fBdctx\fR must be initialized before calling this function. +.PP +\&\fBEVP_ENCODE_CTX_num()\fR will return the number of as yet unprocessed bytes still to +be encoded or decoded that are pending in the \fBctx\fR object. +.PP +\&\fBEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length +\&\fBdlen\fR and stores it in \fBt\fR. For every 3 bytes of input provided 4 bytes of +output data will be produced. If \fBdlen\fR is not divisible by 3 then the block is +encoded as a final block of data and the output is padded such that it is always +divisible by 4. Additionally a \s-1NUL\s0 terminator character will be added. For +example if 16 bytes of input data is provided then 24 bytes of encoded data is +created plus 1 byte for a \s-1NUL\s0 terminator (i.e. 25 bytes in total). The length of +the data generated \fIwithout\fR the \s-1NUL\s0 terminator is returned from the function. +.PP +\&\fBEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation. +.PP +\&\fBEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed +to by \fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes +output is stored in \fB*outl\fR. It is the caller's responsibility to ensure that +the buffer at \fBout\fR is sufficiently large to accommodate the output data. This +function will attempt to decode as much data as possible in 4 byte chunks. Any +whitespace, newline or carriage return characters are ignored. Any partial chunk +of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in +the \fBctx\fR object and processed by a subsequent call to \fBEVP_DecodeUpdate()\fR. If +any illegal base 64 characters are encountered or if the base 64 padding +character \*(L"=\*(R" is encountered in the middle of the data then the function returns +\&\-1 to indicate an error. A return value of 0 or 1 indicates successful +processing of the data. A return value of 0 additionally indicates that the last +input data characters processed included the base 64 padding character \*(L"=\*(R" and +therefore no more non-padding character data is expected to be processed. For +every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and +line feeds), 3 bytes of binary output data will be produced (or less at the end +of the data where the padding character \*(L"=\*(R" has been used). +.PP +\&\fBEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there +is any unprocessed data still in \fBctx\fR then the input data must not have been +a multiple of 4 and therefore an error has occurred. The function will return \-1 +in this case. Otherwise the function returns 1 on success. +.PP +\&\fBEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data +contained in \fBf\fR and store the result in \fBt\fR. Any leading whitespace will be +trimmed as will any trailing whitespace, newlines, carriage returns or \s-1EOF\s0 +characters. After such trimming the length of the data in \fBf\fR must be divisible +by 4. For every 4 input bytes exactly 3 output bytes will be produced. The +output will be padded with 0 bits if necessary to ensure that the output is +always 3 bytes for every 4 input bytes. This function will return the length of +the data decoded or \-1 on error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_ENCODE_CTX_new()\fR returns a pointer to the newly allocated \s-1EVP_ENCODE_CTX\s0 +object or \s-1NULL\s0 on error. +.PP +\&\fBEVP_ENCODE_CTX_num()\fR returns the number of bytes pending encoding or decoding in +\&\fBctx\fR. +.PP +\&\fBEVP_EncodeUpdate()\fR returns 0 on error or 1 on success. +.PP +\&\fBEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0 +terminator. +.PP +\&\fBEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned +then no more non-padding base 64 characters are expected. +.PP +\&\fBEVP_DecodeFinal()\fR returns \-1 on error or 1 on success. +.PP +\&\fBEVP_DecodeBlock()\fR returns the length of the data decoded or \-1 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_EncryptInit.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_EncryptInit.3 new file mode 100644 index 00000000..83753d88 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_EncryptInit.3 @@ -0,0 +1,720 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ENCRYPTINIT 3" +.TH EVP_ENCRYPTINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl, EVP_EncryptInit, EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, EVP_CIPHER_CTX_set_padding, EVP_enc_null \&\- EVP cipher routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +\& int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); +\& void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); +\& +\& int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, const unsigned char *key, const unsigned char *iv); +\& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, const unsigned char *in, int inl); +\& int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +\& +\& int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, const unsigned char *key, const unsigned char *iv); +\& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, const unsigned char *in, int inl); +\& int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); +\& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, const unsigned char *in, int inl); +\& int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv); +\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +\& +\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv); +\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv, int enc); +\& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); +\& int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +\& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +\& int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); +\& +\& const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +\& const EVP_CIPHER *EVP_get_cipherbynid(int nid); +\& const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); +\& +\& int EVP_CIPHER_nid(const EVP_CIPHER *e); +\& int EVP_CIPHER_block_size(const EVP_CIPHER *e); +\& int EVP_CIPHER_key_length(const EVP_CIPHER *e); +\& int EVP_CIPHER_iv_length(const EVP_CIPHER *e); +\& unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e); +\& unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e); +\& int EVP_CIPHER_type(const EVP_CIPHER *ctx); +\& +\& const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +\& void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +\& void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data); +\& int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx); +\& +\& int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +\& int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 cipher routines are a high level interface to certain +symmetric ciphers. +.PP +\&\fBEVP_CIPHER_CTX_new()\fR creates a cipher context. +.PP +\&\fBEVP_CIPHER_CTX_free()\fR clears all information from a cipher context +and free up any allocated memory associate with it, including \fBctx\fR +itself. This function should be called after all operations using a +cipher are complete so sensitive information does not remain in +memory. +.PP +\&\fBEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption +with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created +before calling this function. \fBtype\fR is normally supplied +by a function such as \fBEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the +default implementation is used. \fBkey\fR is the symmetric key to use +and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes +used for the key and \s-1IV\s0 depends on the cipher. It is possible to set +all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply +the remaining parameters in subsequent calls, all of which have \fBtype\fR +set to \s-1NULL.\s0 This is done when the default cipher parameters are not +appropriate. +.PP +\&\fBEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and +writes the encrypted version to \fBout\fR. This function can be called +multiple times to encrypt successive blocks of data. The amount +of data written depends on the block alignment of the encrypted data: +as a result the amount of data written may be anything from zero bytes +to (inl + cipher_block_size \- 1) so \fBout\fR should contain sufficient +room. The actual number of bytes written is placed in \fBoutl\fR. It also +checks if \fBin\fR and \fBout\fR are partially overlapping, and if they are +0 is returned to indicate failure. +.PP +If padding is enabled (the default) then \fBEVP_EncryptFinal_ex()\fR encrypts +the \*(L"final\*(R" data, that is any data that remains in a partial block. +It uses standard block padding (aka \s-1PKCS\s0 padding) as described in +the \s-1NOTES\s0 section, below. The encrypted +final data is written to \fBout\fR which should have sufficient space for +one cipher block. The number of bytes written is placed in \fBoutl\fR. After +this function is called the encryption operation is finished and no further +calls to \fBEVP_EncryptUpdate()\fR should be made. +.PP +If padding is disabled then \fBEVP_EncryptFinal_ex()\fR will not encrypt any more +data and it will return an error if any data remains in a partial block: +that is if the total data length is not a multiple of the block size. +.PP +\&\fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal_ex()\fR are the +corresponding decryption operations. \fBEVP_DecryptFinal()\fR will return an +error code if padding is enabled and the final block is not correctly +formatted. The parameters and restrictions are identical to the encryption +operations except that if padding is enabled the decrypted data buffer \fBout\fR +passed to \fBEVP_DecryptUpdate()\fR should have sufficient room for +(\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in +which case \fBinl\fR bytes is sufficient. +.PP +\&\fBEVP_CipherInit_ex()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal_ex()\fR are +functions that can be used for decryption or encryption. The operation +performed depends on the value of the \fBenc\fR parameter. It should be set +to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged +(the actual value of 'enc' being supplied in a previous call). +.PP +\&\fBEVP_CIPHER_CTX_reset()\fR clears all information from a cipher context +and free up any allocated memory associate with it, except the \fBctx\fR +itself. This function should be called anytime \fBctx\fR is to be reused +for another \fBEVP_CipherInit()\fR / \fBEVP_CipherUpdate()\fR / \fBEVP_CipherFinal()\fR +series of calls. +.PP +\&\fBEVP_EncryptInit()\fR, \fBEVP_DecryptInit()\fR and \fBEVP_CipherInit()\fR behave in a +similar way to \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR and +\&\fBEVP_CipherInit_ex()\fR except they always use the default cipher implementation. +.PP +\&\fBEVP_EncryptFinal()\fR, \fBEVP_DecryptFinal()\fR and \fBEVP_CipherFinal()\fR are +identical to \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal_ex()\fR and +\&\fBEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up +the \fBctx\fR, but this is no longer done and \fBEVP_CIPHER_CTX_clean()\fR +must be called to free any context resources. +.PP +\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR +return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an +\&\s-1ASN1_OBJECT\s0 structure. +.PP +\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when +passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0 +value is an internal value which may not have a corresponding \s-1OBJECT +IDENTIFIER.\s0 +.PP +\&\fBEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. This +function should be called after the context is set up for encryption +or decryption with \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR or +\&\fBEVP_CipherInit_ex()\fR. By default encryption operations are padded using +standard block padding and the padding is checked and removed when +decrypting. If the \fBpad\fR parameter is zero then no padding is +performed, the total amount of data encrypted or decrypted must then +be a multiple of the block size or an error will occur. +.PP +\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key +length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR +structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length +for all ciphers. Note: although \fBEVP_CIPHER_key_length()\fR is fixed for a +given cipher, the value of \fBEVP_CIPHER_CTX_key_length()\fR may be different +for variable key length ciphers. +.PP +\&\fBEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx. +If the cipher is a fixed length cipher then attempting to set the key +length to any value other than the fixed value is an error. +.PP +\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR. +It will return zero if the cipher does not use an \s-1IV.\s0 The constant +\&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers. +.PP +\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block +size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR +structure. The constant \fB\s-1EVP_MAX_BLOCK_LENGTH\s0\fR is also the maximum block +length for all ciphers. +.PP +\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the type of the passed +cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT +IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and +128 bit \s-1RC2\s0 have the same \s-1NID.\s0 If the cipher does not have an object +identifier or does not have \s-1ASN1\s0 support this function will return +\&\fBNID_undef\fR. +.PP +\&\fBEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed +an \fB\s-1EVP_CIPHER_CTX\s0\fR structure. +.PP +\&\fBEVP_CIPHER_mode()\fR and \fBEVP_CIPHER_CTX_mode()\fR return the block cipher mode: +\&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, +EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, +EVP_CIPH_WRAP_MODE\s0 or \s-1EVP_CIPH_OCB_MODE.\s0 If the cipher is a stream cipher then +\&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned. +.PP +\&\fBEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based +on the passed cipher. This will typically include any parameters and an +\&\s-1IV.\s0 The cipher \s-1IV\s0 (if any) must be set when this call is made. This call +should be made before the cipher is actually \*(L"used\*(R" (before any +\&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR calls for example). This function +may fail if the cipher does not have any \s-1ASN1\s0 support. +.PP +\&\fBEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0 +AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher +In the case of \s-1RC2,\s0 for example, it will set the \s-1IV\s0 and effective key length. +This function should be called after the base cipher type is set but before +the key is set. For example \fBEVP_CipherInit()\fR will be called with the \s-1IV\s0 and +key set to \s-1NULL,\s0 \fBEVP_CIPHER_asn1_to_param()\fR will be called and finally +\&\fBEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is +possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support +or the parameters cannot be set (for example the \s-1RC2\s0 effective key length +is not supported. +.PP +\&\fBEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined +and set. +.PP +\&\fBEVP_CIPHER_CTX_rand_key()\fR generates a random key of the appropriate length +based on the cipher context. The \s-1EVP_CIPHER\s0 can provide its own random key +generation routine to support keys of a specific form. \fBKey\fR must point to a +buffer at least as big as the value returned by \fBEVP_CIPHER_CTX_key_length()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_CIPHER_CTX_new()\fR returns a pointer to a newly created +\&\fB\s-1EVP_CIPHER_CTX\s0\fR for success and \fB\s-1NULL\s0\fR for failure. +.PP +\&\fBEVP_EncryptInit_ex()\fR, \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal_ex()\fR +return 1 for success and 0 for failure. +.PP +\&\fBEVP_DecryptInit_ex()\fR and \fBEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. +\&\fBEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. +.PP +\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherUpdate()\fR return 1 for success and 0 for failure. +\&\fBEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. +.PP +\&\fBEVP_CIPHER_CTX_reset()\fR returns 1 for success and 0 for failure. +.PP +\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR +return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error. +.PP +\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0 +.PP +\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block +size. +.PP +\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key +length. +.PP +\&\fBEVP_CIPHER_CTX_set_padding()\fR always returns 1. +.PP +\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +length or zero if the cipher does not use an \s-1IV.\s0 +.PP +\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's +\&\s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT IDENTIFIER.\s0 +.PP +\&\fBEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fBEVP_CIPHER_param_to_asn1()\fR and \fBEVP_CIPHER_asn1_to_param()\fR return greater +than zero for success and zero or a negative number on failure. +.PP +\&\fBEVP_CIPHER_CTX_rand_key()\fR returns 1 for success. +.SH "CIPHER LISTING" +.IX Header "CIPHER LISTING" +All algorithms have a fixed key length unless otherwise stated. +.PP +Refer to \*(L"\s-1SEE ALSO\*(R"\s0 for the full list of ciphers available through the \s-1EVP\s0 +interface. +.IP "\fBEVP_enc_null()\fR" 4 +.IX Item "EVP_enc_null()" +Null cipher: does nothing. +.SH "AEAD Interface" +.IX Header "AEAD Interface" +The \s-1EVP\s0 interface for Authenticated Encryption with Associated Data (\s-1AEAD\s0) +modes are subtly altered and several additional \fIctrl\fR operations are supported +depending on the mode specified. +.PP +To specify additional authenticated data (\s-1AAD\s0), a call to \fBEVP_CipherUpdate()\fR, +\&\fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR should be made with the output +parameter \fBout\fR set to \fB\s-1NULL\s0\fR. +.PP +When decrypting, the return value of \fBEVP_DecryptFinal()\fR or \fBEVP_CipherFinal()\fR +indicates whether the operation was successful. If it does not indicate success, +the authentication operation has failed and any output data \fB\s-1MUST NOT\s0\fR be used +as it is corrupted. +.SS "\s-1GCM\s0 and \s-1OCB\s0 Modes" +.IX Subsection "GCM and OCB Modes" +The following \fIctrl\fRs are supported in \s-1GCM\s0 and \s-1OCB\s0 modes. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" +Sets the \s-1IV\s0 length. This call can only be made before specifying an \s-1IV.\s0 If +not called a default \s-1IV\s0 length is used. +.Sp +For \s-1GCM AES\s0 and \s-1OCB AES\s0 the default is 12 (i.e. 96 bits). For \s-1OCB\s0 mode the +maximum is 15. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" +Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. +This call can only be made when encrypting data and \fBafter\fR all data has been +processed (e.g. after an \fBEVP_EncryptFinal()\fR call). +.Sp +For \s-1OCB,\s0 \f(CW\*(C`taglen\*(C'\fR must either be 16 or the value previously set via +\&\fB\s-1EVP_CTRL_AEAD_SET_TAG\s0\fR. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" +Sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. +The tag length can only be set before specifying an \s-1IV.\s0 +\&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 inclusive. +.Sp +For \s-1GCM,\s0 this call is only valid when decrypting data. +.Sp +For \s-1OCB,\s0 this call is valid when decrypting data to set the expected tag, +and before encryption to set the desired tag length. +.Sp +In \s-1OCB\s0 mode, calling this before encryption with \f(CW\*(C`tag\*(C'\fR set to \f(CW\*(C`NULL\*(C'\fR sets the +tag length. If this is not called prior to encryption, a default tag length is +used. +.Sp +For \s-1OCB AES,\s0 the default tag length is 16 (i.e. 128 bits). It is also the +maximum tag length for \s-1OCB.\s0 +.SS "\s-1CCM\s0 Mode" +.IX Subsection "CCM Mode" +The \s-1EVP\s0 interface for \s-1CCM\s0 mode is similar to that of the \s-1GCM\s0 mode but with a +few additional requirements and different \fIctrl\fR values. +.PP +For \s-1CCM\s0 mode, the total plaintext or ciphertext length \fB\s-1MUST\s0\fR be passed to +\&\fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR with the output +and input parameters (\fBin\fR and \fBout\fR) set to \fB\s-1NULL\s0\fR and the length passed in +the \fBinl\fR parameter. +.PP +The following \fIctrl\fRs are supported in \s-1CCM\s0 mode. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" +This call is made to set the expected \fB\s-1CCM\s0\fR tag value when decrypting or +the length of the tag (with the \f(CW\*(C`tag\*(C'\fR parameter set to \s-1NULL\s0) when encrypting. +The tag length is often referred to as \fBM\fR. If not set a default value is +used (12 for \s-1AES\s0). When decrypting, the tag needs to be set before passing +in data to be decrypted, but as in \s-1GCM\s0 and \s-1OCB\s0 mode, it can be set after +passing additional authenticated data (see \*(L"\s-1AEAD\s0 Interface\*(R"). +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_CCM_SET_L,\s0 ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)" +Sets the \s-1CCM\s0 \fBL\fR value. If not set a default is used (8 for \s-1AES\s0). +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" +Sets the \s-1CCM\s0 nonce (\s-1IV\s0) length. This call can only be made before specifying an +nonce value. The nonce length is given by \fB15 \- L\fR so it is 7 by default for +\&\s-1AES.\s0 +.SS "ChaCha20\-Poly1305" +.IX Subsection "ChaCha20-Poly1305" +The following \fIctrl\fRs are supported for the ChaCha20\-Poly1305 \s-1AEAD\s0 algorithm. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" +Sets the nonce length. This call can only be made before specifying the nonce. +If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum +nonce length is 12 bytes (i.e. 96\-bits). If a nonce of less than 12 bytes is set +then the nonce is automatically padded with leading 0 bytes to make it 12 bytes +in length. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" +Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. +This call can only be made when encrypting data and \fBafter\fR all data has been +processed (e.g. after an \fBEVP_EncryptFinal()\fR call). +.Sp +\&\f(CW\*(C`taglen\*(C'\fR specified here must be 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR, i.e. 128\-bits) or +less. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" +Sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. +The tag length can only be set before specifying an \s-1IV.\s0 +\&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR) inclusive. +This call is only valid when decrypting data. +.SH "NOTES" +.IX Header "NOTES" +Where possible the \fB\s-1EVP\s0\fR interface to symmetric ciphers should be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the cipher used and much more flexible. Additionally, the +\&\fB\s-1EVP\s0\fR interface will ensure the use of platform specific cryptographic +acceleration such as AES-NI (the low level interfaces do not provide the +guarantee). +.PP +\&\s-1PKCS\s0 padding works by adding \fBn\fR padding bytes of value \fBn\fR to make the total +length of the encrypted data a multiple of the block size. Padding is always +added so if the data is already a multiple of the block size \fBn\fR will equal +the block size. For example if the block size is 8 and 11 bytes are to be +encrypted then 5 padding bytes of value 5 will be added. +.PP +When decrypting the final block is checked to see if it has the correct form. +.PP +Although the decryption operation can produce an error if padding is enabled, +it is not a strong test that the input data or key is correct. A random block +has better than 1 in 256 chance of being of the correct format and problems with +the input data earlier on will not produce a final decrypt error. +.PP +If padding is disabled then the decryption operation will always succeed if +the total amount of data decrypted is a multiple of the block size. +.PP +The functions \fBEVP_EncryptInit()\fR, \fBEVP_EncryptFinal()\fR, \fBEVP_DecryptInit()\fR, +\&\fBEVP_CipherInit()\fR and \fBEVP_CipherFinal()\fR are obsolete but are retained for +compatibility with existing code. New code should use \fBEVP_EncryptInit_ex()\fR, +\&\fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptFinal_ex()\fR, +\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherFinal_ex()\fR because they can reuse an +existing context without allocating and freeing it up on each call. +.PP +There are some differences between functions \fBEVP_CipherInit()\fR and +\&\fBEVP_CipherInit_ex()\fR, significant in some circumstances. \fBEVP_CipherInit()\fR fills +the passed context object with zeros. As a consequence, \fBEVP_CipherInit()\fR does +not allow step-by-step initialization of the ctx when the \fIkey\fR and \fIiv\fR are +passed in separate calls. It also means that the flags set for the \s-1CTX\s0 are +removed, and it is especially important for the +\&\fB\s-1EVP_CIPHER_CTX_FLAG_WRAP_ALLOW\s0\fR flag treated specially in +\&\fBEVP_CipherInit_ex()\fR. +.PP +\&\fBEVP_get_cipherbynid()\fR, and \fBEVP_get_cipherbyobj()\fR are implemented as macros. +.SH "BUGS" +.IX Header "BUGS" +\&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR and \fB\s-1EVP_MAX_IV_LENGTH\s0\fR only refer to the internal +ciphers with default key lengths. If custom ciphers exceed these values the +results are unpredictable. This is because it has become standard practice to +define a generic key as a fixed unsigned char array containing +\&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR bytes. +.PP +The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested +for certain common S/MIME ciphers (\s-1RC2, DES,\s0 triple \s-1DES\s0) in \s-1CBC\s0 mode. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Encrypt a string using \s-1IDEA:\s0 +.PP +.Vb 10 +\& int do_crypt(char *outfile) +\& { +\& unsigned char outbuf[1024]; +\& int outlen, tmplen; +\& /* +\& * Bogus key and IV: we\*(Aqd normally set these from +\& * another source. +\& */ +\& unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; +\& unsigned char iv[] = {1,2,3,4,5,6,7,8}; +\& char intext[] = "Some Crypto Text"; +\& EVP_CIPHER_CTX *ctx; +\& FILE *out; +\& +\& ctx = EVP_CIPHER_CTX_new(); +\& EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv); +\& +\& if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) { +\& /* Error */ +\& EVP_CIPHER_CTX_free(ctx); +\& return 0; +\& } +\& /* +\& * Buffer passed to EVP_EncryptFinal() must be after data just +\& * encrypted to avoid overwriting it. +\& */ +\& if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { +\& /* Error */ +\& EVP_CIPHER_CTX_free(ctx); +\& return 0; +\& } +\& outlen += tmplen; +\& EVP_CIPHER_CTX_free(ctx); +\& /* +\& * Need binary mode for fopen because encrypted data is +\& * binary data. Also cannot use strlen() on it because +\& * it won\*(Aqt be NUL terminated and may contain embedded +\& * NULs. +\& */ +\& out = fopen(outfile, "wb"); +\& if (out == NULL) { +\& /* Error */ +\& return 0; +\& } +\& fwrite(outbuf, 1, outlen, out); +\& fclose(out); +\& return 1; +\& } +.Ve +.PP +The ciphertext from the above example can be decrypted using the \fBopenssl\fR +utility with the command line (shown on two lines for clarity): +.PP +.Vb 2 +\& openssl idea \-d \e +\& \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 . diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_MD_meth_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_MD_meth_new.3 new file mode 100644 index 00000000..baea6040 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_MD_meth_new.3 @@ -0,0 +1,301 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD_METH_NEW 3" +.TH EVP_MD_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MD_meth_dup, EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize, EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update, EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup, EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, EVP_MD_meth_get_ctrl \&\- Routines to build up EVP_MD methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +\& void EVP_MD_meth_free(EVP_MD *md); +\& EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +\& +\& int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +\& int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +\& int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +\& int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +\& int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +\& int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, +\& const void *data, +\& size_t count)); +\& int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, +\& unsigned char *md)); +\& int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, +\& const EVP_MD_CTX *from)); +\& int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +\& int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, +\& int p1, void *p2)); +\& +\& int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +\& int EVP_MD_meth_get_result_size(const EVP_MD *md); +\& int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +\& unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +\& int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +\& int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, +\& const void *data, +\& size_t count); +\& int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, +\& unsigned char *md); +\& int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, +\& const EVP_MD_CTX *from); +\& int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +\& int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, +\& int p1, void *p2); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1EVP_MD\s0\fR type is a structure for digest method implementation. +It can also have associated public/private key signing and verifying +routines. +.PP +\&\fBEVP_MD_meth_new()\fR creates a new \fB\s-1EVP_MD\s0\fR structure. +.PP +\&\fBEVP_MD_meth_dup()\fR creates a copy of \fBmd\fR. +.PP +\&\fBEVP_MD_meth_free()\fR destroys a \fB\s-1EVP_MD\s0\fR structure. +.PP +\&\fBEVP_MD_meth_set_input_blocksize()\fR sets the internal input block size +for the method \fBmd\fR to \fBblocksize\fR bytes. +.PP +\&\fBEVP_MD_meth_set_result_size()\fR sets the size of the result that the +digest method in \fBmd\fR is expected to produce to \fBresultsize\fR bytes. +.PP +The digest method may have its own private data, which OpenSSL will +allocate for it. \fBEVP_MD_meth_set_app_datasize()\fR should be used to +set the size for it to \fBdatasize\fR. +.PP +\&\fBEVP_MD_meth_set_flags()\fR sets the flags to describe optional +behaviours in the particular \fBmd\fR. Several flags can be or'd +together. The available flags are: +.IP "\s-1EVP_MD_FLAG_ONESHOT\s0" 4 +.IX Item "EVP_MD_FLAG_ONESHOT" +This digest method can only handle one block of input. +.IP "\s-1EVP_MD_FLAG_XOF\s0" 4 +.IX Item "EVP_MD_FLAG_XOF" +This digest method is an extensible-output function (\s-1XOF\s0) and supports +the \fB\s-1EVP_MD_CTRL_XOF_LEN\s0\fR control. +.IP "\s-1EVP_MD_FLAG_DIGALGID_NULL\s0" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_NULL" +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter set to \s-1NULL\s0 by default. Use this for PKCS#1. \fINote: if +combined with \s-1EVP_MD_FLAG_DIGALGID_ABSENT,\s0 the latter will override.\fR +.IP "\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_ABSENT" +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter be left absent by default. \fINote: if combined with +\&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR +.IP "\s-1EVP_MD_FLAG_DIGALGID_CUSTOM\s0" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_CUSTOM" +Custom DigestAlgorithmIdentifier handling via ctrl, with +\&\fB\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0\fR as default. \fINote: if combined with +\&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR +Currently unused. +.IP "\s-1EVP_MD_FLAG_FIPS\s0" 4 +.IX Item "EVP_MD_FLAG_FIPS" +This digest method is suitable for use in \s-1FIPS\s0 mode. +Currently unused. +.PP +\&\fBEVP_MD_meth_set_init()\fR sets the digest init function for \fBmd\fR. +The digest init function is called by \fBEVP_Digest()\fR, \fBEVP_DigestInit()\fR, +\&\fBEVP_DigestInit_ex()\fR, EVP_SignInit, \fBEVP_SignInit_ex()\fR, \fBEVP_VerifyInit()\fR +and \fBEVP_VerifyInit_ex()\fR. +.PP +\&\fBEVP_MD_meth_set_update()\fR sets the digest update function for \fBmd\fR. +The digest update function is called by \fBEVP_Digest()\fR, \fBEVP_DigestUpdate()\fR and +\&\fBEVP_SignUpdate()\fR. +.PP +\&\fBEVP_MD_meth_set_final()\fR sets the digest final function for \fBmd\fR. +The digest final function is called by \fBEVP_Digest()\fR, \fBEVP_DigestFinal()\fR, +\&\fBEVP_DigestFinal_ex()\fR, \fBEVP_SignFinal()\fR and \fBEVP_VerifyFinal()\fR. +.PP +\&\fBEVP_MD_meth_set_copy()\fR sets the function for \fBmd\fR to do extra +computations after the method's private data structure has been copied +from one \fB\s-1EVP_MD_CTX\s0\fR to another. If all that's needed is to copy +the data, there is no need for this copy function. +Note that the copy function is passed two \fB\s-1EVP_MD_CTX\s0 *\fR, the private +data structure is then available with \fBEVP_MD_CTX_md_data()\fR. +This copy function is called by \fBEVP_MD_CTX_copy()\fR and +\&\fBEVP_MD_CTX_copy_ex()\fR. +.PP +\&\fBEVP_MD_meth_set_cleanup()\fR sets the function for \fBmd\fR to do extra +cleanup before the method's private data structure is cleaned out and +freed. +Note that the cleanup function is passed a \fB\s-1EVP_MD_CTX\s0 *\fR, the +private data structure is then available with \fBEVP_MD_CTX_md_data()\fR. +This cleanup function is called by \fBEVP_MD_CTX_reset()\fR and +\&\fBEVP_MD_CTX_free()\fR. +.PP +\&\fBEVP_MD_meth_set_ctrl()\fR sets the control function for \fBmd\fR. +See \fBEVP_MD_CTX_ctrl\fR\|(3) for the available controls. +.PP +\&\fBEVP_MD_meth_get_input_blocksize()\fR, \fBEVP_MD_meth_get_result_size()\fR, +\&\fBEVP_MD_meth_get_app_datasize()\fR, \fBEVP_MD_meth_get_flags()\fR, +\&\fBEVP_MD_meth_get_init()\fR, \fBEVP_MD_meth_get_update()\fR, +\&\fBEVP_MD_meth_get_final()\fR, \fBEVP_MD_meth_get_copy()\fR, +\&\fBEVP_MD_meth_get_cleanup()\fR and \fBEVP_MD_meth_get_ctrl()\fR are all used +to retrieve the method data given with the EVP_MD_meth_set_*() +functions above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_MD_meth_new()\fR and \fBEVP_MD_meth_dup()\fR return a pointer to a newly +created \fB\s-1EVP_MD\s0\fR, or \s-1NULL\s0 on failure. +All EVP_MD_meth_set_*() functions return 1. +\&\fBEVP_MD_get_input_blocksize()\fR, \fBEVP_MD_meth_get_result_size()\fR, +\&\fBEVP_MD_meth_get_app_datasize()\fR and \fBEVP_MD_meth_get_flags()\fR return the +indicated sizes or flags. +All other EVP_CIPHER_meth_get_*() functions return pointers to their +respective \fBmd\fR function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3), \fBEVP_SignInit\fR\|(3), \fBEVP_VerifyInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1EVP_MD\s0\fR structure was openly available in OpenSSL before version +1.1. The functions described here were added in OpenSSL 1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_OpenInit.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_OpenInit.3 new file mode 100644 index 00000000..4a3117aa --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_OpenInit.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_OPENINIT 3" +.TH EVP_OPENINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- EVP envelope decryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek, +\& int ekl, unsigned char *iv, EVP_PKEY *priv); +\& int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, unsigned char *in, int inl); +\& int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 envelope routines are a high level interface to envelope +decryption. They decrypt a public key encrypted symmetric key and +then decrypt data using it. +.PP +\&\fBEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption +with cipher \fBtype\fR. It decrypts the encrypted symmetric key of length +\&\fBekl\fR bytes passed in the \fBek\fR parameter using the private key \fBpriv\fR. +The \s-1IV\s0 is supplied in the \fBiv\fR parameter. +.PP +\&\fBEVP_OpenUpdate()\fR and \fBEVP_OpenFinal()\fR have exactly the same properties +as the \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal()\fR routines, as +documented on the \fBEVP_EncryptInit\fR\|(3) manual +page. +.SH "NOTES" +.IX Header "NOTES" +It is possible to call \fBEVP_OpenInit()\fR twice in the same way as +\&\fBEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 +and (after setting any cipher parameters) it should be called again +with \fBtype\fR set to \s-1NULL.\s0 +.PP +If the cipher passed in the \fBtype\fR parameter is a variable length +cipher then the key length will be set to the value of the recovered +key length. If the cipher is a fixed length cipher then the recovered +key length must match the fixed cipher length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the +recovered secret key size) if successful. +.PP +\&\fBEVP_OpenUpdate()\fR returns 1 for success or 0 for failure. +.PP +\&\fBEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_SealInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_ASN1_METHOD.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_ASN1_METHOD.3 new file mode 100644 index 00000000..e5a29c54 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_ASN1_METHOD.3 @@ -0,0 +1,553 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ASN1_METHOD 3" +.TH EVP_PKEY_ASN1_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_ASN1_METHOD, EVP_PKEY_asn1_new, EVP_PKEY_asn1_copy, EVP_PKEY_asn1_free, EVP_PKEY_asn1_add0, EVP_PKEY_asn1_add_alias, EVP_PKEY_asn1_set_public, EVP_PKEY_asn1_set_private, EVP_PKEY_asn1_set_param, EVP_PKEY_asn1_set_free, EVP_PKEY_asn1_set_ctrl, EVP_PKEY_asn1_set_item, EVP_PKEY_asn1_set_siginf, EVP_PKEY_asn1_set_check, EVP_PKEY_asn1_set_public_check, EVP_PKEY_asn1_set_param_check, EVP_PKEY_asn1_set_security_bits, EVP_PKEY_asn1_set_set_priv_key, EVP_PKEY_asn1_set_set_pub_key, EVP_PKEY_asn1_set_get_priv_key, EVP_PKEY_asn1_set_get_pub_key, EVP_PKEY_get0_asn1 \&\- manipulating and registering EVP_PKEY_ASN1_METHOD structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; +\& +\& EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, +\& const char *pem_str, +\& const char *info); +\& void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, +\& const EVP_PKEY_ASN1_METHOD *src); +\& void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +\& int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +\& int EVP_PKEY_asn1_add_alias(int to, int from); +\& +\& void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pub_decode) (EVP_PKEY *pk, +\& X509_PUBKEY *pub), +\& int (*pub_encode) (X509_PUBKEY *pub, +\& const EVP_PKEY *pk), +\& int (*pub_cmp) (const EVP_PKEY *a, +\& const EVP_PKEY *b), +\& int (*pub_print) (BIO *out, +\& const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx), +\& int (*pkey_size) (const EVP_PKEY *pk), +\& int (*pkey_bits) (const EVP_PKEY *pk)); +\& void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*priv_decode) (EVP_PKEY *pk, +\& const PKCS8_PRIV_KEY_INFO +\& *p8inf), +\& int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, +\& const EVP_PKEY *pk), +\& int (*priv_print) (BIO *out, +\& const EVP_PKEY *pkey, +\& int indent, +\& ASN1_PCTX *pctx)); +\& void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*param_decode) (EVP_PKEY *pkey, +\& const unsigned char **pder, +\& int derlen), +\& int (*param_encode) (const EVP_PKEY *pkey, +\& unsigned char **pder), +\& int (*param_missing) (const EVP_PKEY *pk), +\& int (*param_copy) (EVP_PKEY *to, +\& const EVP_PKEY *from), +\& int (*param_cmp) (const EVP_PKEY *a, +\& const EVP_PKEY *b), +\& int (*param_print) (BIO *out, +\& const EVP_PKEY *pkey, +\& int indent, +\& ASN1_PCTX *pctx)); +\& +\& void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, +\& void (*pkey_free) (EVP_PKEY *pkey)); +\& void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, +\& long arg1, void *arg2)); +\& void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*item_verify) (EVP_MD_CTX *ctx, +\& const ASN1_ITEM *it, +\& void *asn, +\& X509_ALGOR *a, +\& ASN1_BIT_STRING *sig, +\& EVP_PKEY *pkey), +\& int (*item_sign) (EVP_MD_CTX *ctx, +\& const ASN1_ITEM *it, +\& void *asn, +\& X509_ALGOR *alg1, +\& X509_ALGOR *alg2, +\& ASN1_BIT_STRING *sig)); +\& +\& void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*siginf_set) (X509_SIG_INFO *siginf, +\& const X509_ALGOR *alg, +\& const ASN1_STRING *sig)); +\& +\& void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_check) (const EVP_PKEY *pk)); +\& +\& void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_pub_check) (const EVP_PKEY *pk)); +\& +\& void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_param_check) (const EVP_PKEY *pk)); +\& +\& void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_security_bits) (const EVP_PKEY +\& *pk)); +\& +\& void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*set_priv_key) (EVP_PKEY *pk, +\& const unsigned char +\& *priv, +\& size_t len)); +\& +\& void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*set_pub_key) (EVP_PKEY *pk, +\& const unsigned char *pub, +\& size_t len)); +\& +\& void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*get_priv_key) (const EVP_PKEY *pk, +\& unsigned char *priv, +\& size_t *len)); +\& +\& void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*get_pub_key) (const EVP_PKEY *pk, +\& unsigned char *pub, +\& size_t *len)); +\& +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR is a structure which holds a set of \s-1ASN.1\s0 +conversion, printing and information methods for a specific public key +algorithm. +.PP +There are two places where the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are +stored: one is a built-in array representing the standard methods for +different algorithms, and the other one is a stack of user-defined +application-specific methods, which can be manipulated by using +\&\fBEVP_PKEY_asn1_add0\fR\|(3). +.SS "Methods" +.IX Subsection "Methods" +The methods are the underlying implementations of a particular public +key algorithm present by the \fB\s-1EVP_PKEY\s0\fR object. +.PP +.Vb 5 +\& int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); +\& int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); +\& int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); +\& int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, +\& ASN1_PCTX *pctx); +.Ve +.PP +The \fBpub_decode()\fR and \fBpub_encode()\fR methods are called to decode / +encode \fBX509_PUBKEY\fR \s-1ASN.1\s0 parameters to / from \fBpk\fR. +They \s-1MUST\s0 return 0 on error, 1 on success. +They're called by \fBX509_PUBKEY_get0\fR\|(3) and \fBX509_PUBKEY_set\fR\|(3). +.PP +The \fBpub_cmp()\fR method is called when two public keys are to be +compared. +It \s-1MUST\s0 return 1 when the keys are equal, 0 otherwise. +It's called by \fBEVP_PKEY_cmp\fR\|(3). +.PP +The \fBpub_print()\fR method is called to print a public key in humanly +readable text to \fBout\fR, indented \fBindent\fR spaces. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fBEVP_PKEY_print_public\fR\|(3). +.PP +.Vb 4 +\& int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); +\& int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); +\& int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, +\& ASN1_PCTX *pctx); +.Ve +.PP +The \fBpriv_decode()\fR and \fBpriv_encode()\fR methods are called to decode / +encode \fB\s-1PKCS8_PRIV_KEY_INFO\s0\fR form private key to / from \fBpk\fR. +They \s-1MUST\s0 return 0 on error, 1 on success. +They're called by \s-1\fBEVP_PKCS82PKEY\s0\fR\|(3) and \s-1\fBEVP_PKEY2PKCS8\s0\fR\|(3). +.PP +The \fBpriv_print()\fR method is called to print a private key in humanly +readable text to \fBout\fR, indented \fBindent\fR spaces. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fBEVP_PKEY_print_private\fR\|(3). +.PP +.Vb 3 +\& int (*pkey_size) (const EVP_PKEY *pk); +\& int (*pkey_bits) (const EVP_PKEY *pk); +\& int (*pkey_security_bits) (const EVP_PKEY *pk); +.Ve +.PP +The \fBpkey_size()\fR method returns the key size in bytes. +It's called by \fBEVP_PKEY_size\fR\|(3). +.PP +The \fBpkey_bits()\fR method returns the key size in bits. +It's called by \fBEVP_PKEY_bits\fR\|(3). +.PP +.Vb 8 +\& int (*param_decode) (EVP_PKEY *pkey, +\& const unsigned char **pder, int derlen); +\& int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); +\& int (*param_missing) (const EVP_PKEY *pk); +\& int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); +\& int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); +\& int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, +\& ASN1_PCTX *pctx); +.Ve +.PP +The \fBparam_decode()\fR and \fBparam_encode()\fR methods are called to decode / +encode \s-1DER\s0 formatted parameters to / from \fBpk\fR. +They \s-1MUST\s0 return 0 on error, 1 on success. +They're called by \fBPEM_read_bio_Parameters\fR\|(3) and the \fBfile:\fR +\&\s-1\fBOSSL_STORE_LOADER\s0\fR\|(3). +.PP +The \fBparam_missing()\fR method returns 0 if a key parameter is missing, +otherwise 1. +It's called by \fBEVP_PKEY_missing_parameters\fR\|(3). +.PP +The \fBparam_copy()\fR method copies key parameters from \fBfrom\fR to \fBto\fR. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fBEVP_PKEY_copy_parameters\fR\|(3). +.PP +The \fBparam_cmp()\fR method compares the parameters of keys \fBa\fR and \fBb\fR. +It \s-1MUST\s0 return 1 when the keys are equal, 0 when not equal, or a +negative number on error. +It's called by \fBEVP_PKEY_cmp_parameters\fR\|(3). +.PP +The \fBparam_print()\fR method prints the private key parameters in humanly +readable text to \fBout\fR, indented \fBindent\fR spaces. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fBEVP_PKEY_print_params\fR\|(3). +.PP +.Vb 3 +\& int (*sig_print) (BIO *out, +\& const X509_ALGOR *sigalg, const ASN1_STRING *sig, +\& int indent, ASN1_PCTX *pctx); +.Ve +.PP +The \fBsig_print()\fR method prints a signature in humanly readable text to +\&\fBout\fR, indented \fBindent\fR spaces. +\&\fBsigalg\fR contains the exact signature algorithm. +If the signature in \fBsig\fR doesn't correspond to what this method +expects, \fBX509_signature_dump()\fR must be used as a last resort. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fBX509_signature_print\fR\|(3). +.PP +.Vb 1 +\& void (*pkey_free) (EVP_PKEY *pkey); +.Ve +.PP +The \fBpkey_free()\fR method helps freeing the internals of \fBpkey\fR. +It's called by \fBEVP_PKEY_free\fR\|(3), \fBEVP_PKEY_set_type\fR\|(3), +\&\fBEVP_PKEY_set_type_str\fR\|(3), and \fBEVP_PKEY_assign\fR\|(3). +.PP +.Vb 1 +\& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); +.Ve +.PP +The \fBpkey_ctrl()\fR method adds extra algorithm specific control. +It's called by \fBEVP_PKEY_get_default_digest_nid\fR\|(3), +\&\fBEVP_PKEY_set1_tls_encodedpoint\fR\|(3), +\&\fBEVP_PKEY_get1_tls_encodedpoint\fR\|(3), \fBPKCS7_SIGNER_INFO_set\fR\|(3), +\&\fBPKCS7_RECIP_INFO_set\fR\|(3), ... +.PP +.Vb 3 +\& int (*old_priv_decode) (EVP_PKEY *pkey, +\& const unsigned char **pder, int derlen); +\& int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); +.Ve +.PP +The \fBold_priv_decode()\fR and \fBold_priv_encode()\fR methods decode / encode +they private key \fBpkey\fR from / to a \s-1DER\s0 formatted array. +These are exclusively used to help decoding / encoding older (pre +PKCS#8) \s-1PEM\s0 formatted encrypted private keys. +\&\fBold_priv_decode()\fR \s-1MUST\s0 return 0 on error, 1 on success. +\&\fBold_priv_encode()\fR \s-1MUST\s0 the return same kind of values as +\&\fBi2d_PrivateKey()\fR. +They're called by \fBd2i_PrivateKey\fR\|(3) and \fBi2d_PrivateKey\fR\|(3). +.PP +.Vb 5 +\& int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, +\& X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); +\& int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, +\& X509_ALGOR *alg1, X509_ALGOR *alg2, +\& ASN1_BIT_STRING *sig); +.Ve +.PP +The \fBitem_sign()\fR and \fBitem_verify()\fR methods make it possible to have +algorithm specific signatures and verification of them. +.PP +\&\fBitem_sign()\fR \s-1MUST\s0 return one of: +.IP "<=0" 4 +.IX Item "<=0" +error +.IP "1" 4 +.IX Item "1" +\&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the +signature length back. +.IP "2" 4 +.IX Item "2" +\&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production. +.IP "3" 4 +.IX Item "3" +\&\fBitem_sign()\fR set the algorithm identifier \fBalgor1\fR and \fBalgor2\fR, +OpenSSL internals should just sign using those algorithms. +.PP +\&\fBitem_verify()\fR \s-1MUST\s0 return one of: +.IP "<=0" 4 +.IX Item "<=0" +error +.IP "1" 4 +.IX Item "1" +\&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the +signature length back. +.IP "2" 4 +.IX Item "2" +\&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production. +.PP +\&\fBitem_verify()\fR and \fBitem_sign()\fR are called by \fBASN1_item_verify\fR\|(3) and +\&\fBASN1_item_sign\fR\|(3), and by extension, \fBX509_verify\fR\|(3), +\&\fBX509_REQ_verify\fR\|(3), \fBX509_sign\fR\|(3), \fBX509_REQ_sign\fR\|(3), ... +.PP +.Vb 2 +\& int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, +\& const ASN1_STRING *sig); +.Ve +.PP +The \fBsiginf_set()\fR method is used to set custom \fBX509_SIG_INFO\fR +parameters. +It \s-1MUST\s0 return 0 on error, or 1 on success. +It's called as part of \fBX509_check_purpose\fR\|(3), \fBX509_check_ca\fR\|(3) +and \fBX509_check_issued\fR\|(3). +.PP +.Vb 3 +\& int (*pkey_check) (const EVP_PKEY *pk); +\& int (*pkey_public_check) (const EVP_PKEY *pk); +\& int (*pkey_param_check) (const EVP_PKEY *pk); +.Ve +.PP +The \fBpkey_check()\fR, \fBpkey_public_check()\fR and \fBpkey_param_check()\fR methods are used +to check the validity of \fBpk\fR for key-pair, public component and parameters, +respectively. +They \s-1MUST\s0 return 0 for an invalid key, or 1 for a valid key. +They are called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and +\&\fBEVP_PKEY_param_check\fR\|(3) respectively. +.PP +.Vb 2 +\& int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); +\& int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); +.Ve +.PP +The \fBset_priv_key()\fR and \fBset_pub_key()\fR methods are used to set the raw private and +public key data for an \s-1EVP_PKEY.\s0 They \s-1MUST\s0 return 0 on error, or 1 on success. +They are called by \fBEVP_PKEY_new_raw_private_key\fR\|(3), and +\&\fBEVP_PKEY_new_raw_public_key\fR\|(3) respectively. +.SS "Functions" +.IX Subsection "Functions" +\&\fBEVP_PKEY_asn1_new()\fR creates and returns a new \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR +object, and associates the given \fBid\fR, \fBflags\fR, \fBpem_str\fR and +\&\fBinfo\fR. +\&\fBid\fR is a \s-1NID,\s0 \fBpem_str\fR is the \s-1PEM\s0 type string, \fBinfo\fR is a +descriptive string. +The following \fBflags\fR are supported: +.PP +.Vb 1 +\& ASN1_PKEY_SIGPARAM_NULL +.Ve +.PP +If \fB\s-1ASN1_PKEY_SIGPARAM_NULL\s0\fR is set, then the signature algorithm +parameters are given the type \fBV_ASN1_NULL\fR by default, otherwise +they will be given the type \fBV_ASN1_UNDEF\fR (i.e. the parameter is +omitted). +See \fBX509_ALGOR_set0\fR\|(3) for more information. +.PP +\&\fBEVP_PKEY_asn1_copy()\fR copies an \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object from +\&\fBsrc\fR to \fBdst\fR. +This function is not thread safe, it's recommended to only use this +when initializing the application. +.PP +\&\fBEVP_PKEY_asn1_free()\fR frees an existing \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR pointed +by \fBameth\fR. +.PP +\&\fBEVP_PKEY_asn1_add0()\fR adds \fBameth\fR to the user defined stack of +methods unless another \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is +already there. +This function is not thread safe, it's recommended to only use this +when initializing the application. +.PP +\&\fBEVP_PKEY_asn1_add_alias()\fR creates an alias with the \s-1NID\s0 \fBto\fR for the +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 \fBfrom\fR unless another +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is already added. +This function is not thread safe, it's recommended to only use this +when initializing the application. +.PP +\&\fBEVP_PKEY_asn1_set_public()\fR, \fBEVP_PKEY_asn1_set_private()\fR, +\&\fBEVP_PKEY_asn1_set_param()\fR, \fBEVP_PKEY_asn1_set_free()\fR, +\&\fBEVP_PKEY_asn1_set_ctrl()\fR, \fBEVP_PKEY_asn1_set_item()\fR, +\&\fBEVP_PKEY_asn1_set_siginf()\fR, \fBEVP_PKEY_asn1_set_check()\fR, +\&\fBEVP_PKEY_asn1_set_public_check()\fR, \fBEVP_PKEY_asn1_set_param_check()\fR, +\&\fBEVP_PKEY_asn1_set_security_bits()\fR, \fBEVP_PKEY_asn1_set_set_priv_key()\fR, +\&\fBEVP_PKEY_asn1_set_set_pub_key()\fR, \fBEVP_PKEY_asn1_set_get_priv_key()\fR and +\&\fBEVP_PKEY_asn1_set_get_pub_key()\fR set the diverse methods of the given +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object. +.PP +\&\fBEVP_PKEY_get0_asn1()\fR finds the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR associated +with the key \fBpkey\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_asn1_new()\fR returns \s-1NULL\s0 on error, or a pointer to an +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. +.PP +\&\fBEVP_PKEY_asn1_add0()\fR and \fBEVP_PKEY_asn1_add_alias()\fR return 0 on error, +or 1 on success. +.PP +\&\fBEVP_PKEY_get0_asn1()\fR returns \s-1NULL\s0 on error, or a pointer to a constant +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_ctrl.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_ctrl.3 new file mode 100644 index 00000000..9667e7b7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_ctrl.3 @@ -0,0 +1,538 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_CTRL 3" +.TH EVP_PKEY_CTX_CTRL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX_md, EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_get_signature_md, EVP_PKEY_CTX_set_mac_key, EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_CTX_get_rsa_padding, EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_get_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits, EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_rsa_keygen_primes, EVP_PKEY_CTX_set_rsa_mgf1_md, EVP_PKEY_CTX_get_rsa_mgf1_md, EVP_PKEY_CTX_set_rsa_oaep_md, EVP_PKEY_CTX_get_rsa_oaep_md, EVP_PKEY_CTX_set0_rsa_oaep_label, EVP_PKEY_CTX_get0_rsa_oaep_label, EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dsa_paramgen_q_bits, EVP_PKEY_CTX_set_dsa_paramgen_md, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_subprime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, EVP_PKEY_CTX_set_dh_paramgen_type, EVP_PKEY_CTX_set_dh_rfc5114, EVP_PKEY_CTX_set_dhx_rfc5114, EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid, EVP_PKEY_CTX_set_dh_kdf_type, EVP_PKEY_CTX_get_dh_kdf_type, EVP_PKEY_CTX_set0_dh_kdf_oid, EVP_PKEY_CTX_get0_dh_kdf_oid, EVP_PKEY_CTX_set_dh_kdf_md, EVP_PKEY_CTX_get_dh_kdf_md, EVP_PKEY_CTX_set_dh_kdf_outlen, EVP_PKEY_CTX_get_dh_kdf_outlen, EVP_PKEY_CTX_set0_dh_kdf_ukm, EVP_PKEY_CTX_get0_dh_kdf_ukm, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc, EVP_PKEY_CTX_set_ecdh_cofactor_mode, EVP_PKEY_CTX_get_ecdh_cofactor_mode, EVP_PKEY_CTX_set_ecdh_kdf_type, EVP_PKEY_CTX_get_ecdh_kdf_type, EVP_PKEY_CTX_set_ecdh_kdf_md, EVP_PKEY_CTX_get_ecdh_kdf_md, EVP_PKEY_CTX_set_ecdh_kdf_outlen, EVP_PKEY_CTX_get_ecdh_kdf_outlen, EVP_PKEY_CTX_set0_ecdh_kdf_ukm, EVP_PKEY_CTX_get0_ecdh_kdf_ukm, EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len \&\- algorithm specific control operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, +\& int cmd, int p1, void *p2); +\& int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, +\& int cmd, uint64_t value); +\& int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, +\& const char *value); +\& +\& int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); +\& +\& int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd); +\& +\& int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, unsigned char *key, int len); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); +\& int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad); +\& int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits); +\& int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); +\& int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); +\& int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len); +\& int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); +\& int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits); +\& int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); +\& int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type); +\& int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); +\& int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid); +\& int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); +\& int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); +\& int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +\& int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid); +\& int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid); +\& int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); +\& int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); +\& int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc); +\& int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode); +\& int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +\& int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); +\& int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); +\& +\& int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len); +\& int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id); +\& int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context +\&\fBctx\fR. The key type used must match \fBkeytype\fR if it is not \-1. The parameter +\&\fBoptype\fR is a mask indicating which operations the control can be applied to. +The control command is indicated in \fBcmd\fR and any additional arguments in +\&\fBp1\fR and \fBp2\fR. +.PP +For \fBcmd\fR = \fB\s-1EVP_PKEY_CTRL_SET_MAC_KEY\s0\fR, \fBp1\fR is the length of the \s-1MAC\s0 key, +and \fBp2\fR is \s-1MAC\s0 key. This is used by Poly1305, SipHash, \s-1HMAC\s0 and \s-1CMAC.\s0 +.PP +Applications will not normally call \fBEVP_PKEY_CTX_ctrl()\fR directly but will +instead call one of the algorithm specific macros below. +.PP +The function \fBEVP_PKEY_CTX_ctrl_uint64()\fR is a wrapper that directly passes a +uint64 value as \fBp2\fR to \fBEVP_PKEY_CTX_ctrl()\fR. +.PP +The function \fBEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm +specific control operation to a context \fBctx\fR in string form. This is +intended to be used for options specified on the command line or in text +files. The commands supported are documented in the openssl utility +command line pages for the option \fB\-pkeyopt\fR which is supported by the +\&\fBpkeyutl\fR, \fBgenpkey\fR and \fBreq\fR commands. +.PP +The function \fBEVP_PKEY_CTX_md()\fR sends a message digest control operation +to the context \fBctx\fR. The message digest is specified by its name \fBmd\fR. +.PP +All the remaining \*(L"functions\*(R" are implemented as macros. +.PP +The \fBEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used +in a signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. +.PP +The \fBEVP_PKEY_CTX_get_signature_md()\fR macro gets the message digest type used in a +signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. +.PP +Key generation typically involves setting up parameters to be used and +generating the private and public key data. Some algorithm implementations +allow private key data to be set explicitly using the \fBEVP_PKEY_CTX_set_mac_key()\fR +macro. In this case key generation is simply the process of setting up the +parameters for the key and then setting the raw key data to the value explicitly +provided by that macro. Normally applications would call +\&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or similar functions instead of this macro. +.PP +The \fBEVP_PKEY_CTX_set_mac_key()\fR macro can be used with any of the algorithms +supported by the \fBEVP_PKEY_new_raw_private_key\fR\|(3) function. +.SS "\s-1RSA\s0 parameters" +.IX Subsection "RSA parameters" +The \fBEVP_PKEY_CTX_set_rsa_padding()\fR macro sets the \s-1RSA\s0 padding mode for \fBctx\fR. +The \fBpad\fR parameter can take the value \fB\s-1RSA_PKCS1_PADDING\s0\fR for PKCS#1 +padding, \fB\s-1RSA_SSLV23_PADDING\s0\fR for SSLv23 padding, \fB\s-1RSA_NO_PADDING\s0\fR for +no padding, \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR for \s-1OAEP\s0 padding (encrypt and +decrypt only), \fB\s-1RSA_X931_PADDING\s0\fR for X9.31 padding (signature operations +only) and \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR (sign and verify only). +.PP +Two \s-1RSA\s0 padding modes behave differently if \fBEVP_PKEY_CTX_set_signature_md()\fR +is used. If this macro is called for PKCS#1 padding the plaintext buffer is +an actual digest value and is encapsulated in a DigestInfo structure according +to PKCS#1 when signing and this structure is expected (and stripped off) when +verifying. If this control is not used with \s-1RSA\s0 and PKCS#1 padding then the +supplied data is used directly and not encapsulated. In the case of X9.31 +padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and removed +if this control is called. If it is not called then the first byte of the plaintext +buffer is expected to be the algorithm identifier byte. +.PP +The \fBEVP_PKEY_CTX_get_rsa_padding()\fR macro gets the \s-1RSA\s0 padding mode for \fBctx\fR. +.PP +The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to +\&\fBlen\fR. As its name implies it is only supported for \s-1PSS\s0 padding. Three special +values are supported: \fB\s-1RSA_PSS_SALTLEN_DIGEST\s0\fR sets the salt length to the +digest length, \fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR sets the salt length to the maximum +permissible value. When verifying \fB\s-1RSA_PSS_SALTLEN_AUTO\s0\fR causes the salt length +to be automatically determined based on the \fB\s-1PSS\s0\fR block structure. If this +macro is not called maximum salt length is used when signing and auto detection +when verifying is used by default. +.PP +The \fBEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR macro gets the \s-1RSA PSS\s0 salt length +for \fBctx\fR. The padding mode must have been set to \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for +\&\s-1RSA\s0 key generation to \fBbits\fR. If not specified 1024 bits is used. +.PP +The \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value +for \s-1RSA\s0 key generation to \fBpubexp\fR. Currently it should be an odd integer. The +\&\fBpubexp\fR pointer is used internally by this function so it should not be +modified or freed after the call. If not specified 65537 is used. +.PP +The \fBEVP_PKEY_CTX_set_rsa_keygen_primes()\fR macro sets the number of primes for +\&\s-1RSA\s0 key generation to \fBprimes\fR. If not specified 2 is used. +.PP +The \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macro sets the \s-1MGF1\s0 digest for \s-1RSA\s0 padding +schemes to \fBmd\fR. If not explicitly set the signing digest is used. The +padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR +or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_get_rsa_mgf1_md()\fR macro gets the \s-1MGF1\s0 digest for \fBctx\fR. +If not explicitly set the signing digest is used. The padding mode must have +been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_set_rsa_oaep_md()\fR macro sets the message digest type used +in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to +\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_get_rsa_oaep_md()\fR macro gets the message digest type used +in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to +\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_set0_rsa_oaep_label()\fR macro sets the \s-1RSA OAEP\s0 label to +\&\fBlabel\fR and its length to \fBlen\fR. If \fBlabel\fR is \s-1NULL\s0 or \fBlen\fR is 0, +the label is cleared. The library takes ownership of the label so the +caller should not free the original memory pointed to by \fBlabel\fR. +The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_get0_rsa_oaep_label()\fR macro gets the \s-1RSA OAEP\s0 label to +\&\fBlabel\fR. The return value is the label length. The padding mode +must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "\s-1DSA\s0 parameters" +.IX Subsection "DSA parameters" +The \fBEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR macro sets the number of bits used +for \s-1DSA\s0 parameter generation to \fBnbits\fR. If not specified, 1024 is used. +.PP +The \fBEVP_PKEY_CTX_set_dsa_paramgen_q_bits()\fR macro sets the number of bits in the +subprime parameter \fBq\fR for \s-1DSA\s0 parameter generation to \fBqbits\fR. If not +specified, 160 is used. If a digest function is specified below, this parameter +is ignored and instead, the number of bits in \fBq\fR matches the size of the +digest. +.PP +The \fBEVP_PKEY_CTX_set_dsa_paramgen_md()\fR macro sets the digest function used for +\&\s-1DSA\s0 parameter generation to \fBmd\fR. If not specified, one of \s-1SHA\-1, SHA\-224,\s0 or +\&\s-1SHA\-256\s0 is selected to match the bit length of \fBq\fR above. +.SS "\s-1DH\s0 parameters" +.IX Subsection "DH parameters" +The \fBEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR macro sets the length of the \s-1DH\s0 +prime parameter \fBp\fR for \s-1DH\s0 parameter generation. If this macro is not called +then 1024 is used. Only accepts lengths greater than or equal to 256. +.PP +The \fBEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR macro sets the length of the \s-1DH\s0 +optional subprime parameter \fBq\fR for \s-1DH\s0 parameter generation. The default is +256 if the prime is at least 2048 bits long or 160 otherwise. The \s-1DH\s0 +paramgen type must have been set to x9.42. +.PP +The \fBEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR +for \s-1DH\s0 parameter generation. If not specified 2 is used. +.PP +The \fBEVP_PKEY_CTX_set_dh_paramgen_type()\fR macro sets the key type for \s-1DH\s0 +parameter generation. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH.\s0 +The default is 0. +.PP +The \fBEVP_PKEY_CTX_set_dh_pad()\fR macro sets the \s-1DH\s0 padding mode. If \fBpad\fR is +1 the shared secret is padded with zeroes up to the size of the \s-1DH\s0 prime \fBp\fR. +If \fBpad\fR is zero (the default) then no padding is performed. +.PP +\&\fBEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to +\&\fBnid\fR as defined in \s-1RFC7919.\s0 The \fBnid\fR parameter must be \fBNID_ffdhe2048\fR, +\&\fBNID_ffdhe3072\fR, \fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, \fBNID_ffdhe8192\fR +or \fBNID_undef\fR to clear the stored value. This macro can be called during +parameter or key generation. +The nid parameter and the rfc5114 parameter are mutually exclusive. +.PP +The \fBEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fBEVP_PKEY_CTX_set_dhx_rfc5114()\fR macros are +synonymous. They set the \s-1DH\s0 parameters to the values defined in \s-1RFC5114.\s0 The +\&\fBrfc5114\fR parameter must be 1, 2 or 3 corresponding to \s-1RFC5114\s0 sections +2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called +during parameter generation. The \fBctx\fR must have a key type of +\&\fB\s-1EVP_PKEY_DHX\s0\fR. +The rfc5114 parameter and the nid parameter are mutually exclusive. +.SS "\s-1DH\s0 key derivation function parameters" +.IX Subsection "DH key derivation function parameters" +Note that all of the following functions require that the \fBctx\fR parameter has +a private key type of \fB\s-1EVP_PKEY_DHX\s0\fR. When using key derivation, the output of +\&\fBEVP_PKEY_derive()\fR is the output of the \s-1KDF\s0 instead of the \s-1DH\s0 shared secret. +The \s-1KDF\s0 output is typically used as a Key Encryption Key (\s-1KEK\s0) that in turn +encrypts a Content Encryption Key (\s-1CEK\s0). +.PP +The \fBEVP_PKEY_CTX_set_dh_kdf_type()\fR macro sets the key derivation function type +to \fBkdf\fR for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR which uses the key derivation specified in \s-1RFC2631\s0 +(based on the keying algorithm described in X9.42). When using key derivation, +the \fBkdf_oid\fR, \fBkdf_md\fR and \fBkdf_outlen\fR parameters must also be specified. +.PP +The \fBEVP_PKEY_CTX_get_dh_kdf_type()\fR macro gets the key derivation function type +for \fBctx\fR used for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR. +.PP +The \fBEVP_PKEY_CTX_set0_dh_kdf_oid()\fR macro sets the key derivation function +object identifier to \fBoid\fR for \s-1DH\s0 key derivation. This \s-1OID\s0 should identify +the algorithm to be used with the Content Encryption Key. +The library takes ownership of the object identifier so the caller should not +free the original memory pointed to by \fBoid\fR. +.PP +The \fBEVP_PKEY_CTX_get0_dh_kdf_oid()\fR macro gets the key derivation function oid +for \fBctx\fR used for \s-1DH\s0 key derivation. The resulting pointer is owned by the +library and should not be freed by the caller. +.PP +The \fBEVP_PKEY_CTX_set_dh_kdf_md()\fR macro sets the key derivation function +message digest to \fBmd\fR for \s-1DH\s0 key derivation. Note that \s-1RFC2631\s0 specifies +that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. +.PP +The \fBEVP_PKEY_CTX_get_dh_kdf_md()\fR macro gets the key derivation function +message digest for \fBctx\fR used for \s-1DH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_set_dh_kdf_outlen()\fR macro sets the key derivation function +output length to \fBlen\fR for \s-1DH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_get_dh_kdf_outlen()\fR macro gets the key derivation function +output length for \fBctx\fR used for \s-1DH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR macro sets the user key material to +\&\fBukm\fR and its length to \fBlen\fR for \s-1DH\s0 key derivation. This parameter is optional +and corresponds to the partyAInfo field in \s-1RFC2631\s0 terms. The specification +requires that it is 512 bits long but this is not enforced by OpenSSL. +The library takes ownership of the user key material so the caller should not +free the original memory pointed to by \fBukm\fR. +.PP +The \fBEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "\s-1EC\s0 parameters" +.IX Subsection "EC parameters" +The \fBEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter +generation to \fBnid\fR. For \s-1EC\s0 parameter generation this macro must be called +or an error occurs because there is no default curve. +This function can also be called to set the curve explicitly when +generating an \s-1EC\s0 key. +.PP +The \fBEVP_PKEY_CTX_set_ec_param_enc()\fR macro sets the \s-1EC\s0 parameter encoding to +\&\fBparam_enc\fR when generating \s-1EC\s0 parameters or an \s-1EC\s0 key. The encoding can be +\&\fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR for explicit parameters (the default in versions +of OpenSSL before 1.1.0) or \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR to use named curve form. +For maximum compatibility the named curve form should be used. Note: the +\&\fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR value was added in OpenSSL 1.1.0; previous +versions should use 0 instead. +.SS "\s-1ECDH\s0 parameters" +.IX Subsection "ECDH parameters" +The \fBEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR macro sets the cofactor mode to +\&\fBcofactor_mode\fR for \s-1ECDH\s0 key derivation. Possible values are 1 to enable +cofactor key derivation, 0 to disable it and \-1 to clear the stored cofactor +mode and fallback to the private key cofactor mode. +.PP +The \fBEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR macro returns the cofactor mode for +\&\fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are 1 when cofactor key +derivation is enabled and 0 otherwise. +.SS "\s-1ECDH\s0 key derivation function parameters" +.IX Subsection "ECDH key derivation function parameters" +The \fBEVP_PKEY_CTX_set_ecdh_kdf_type()\fR macro sets the key derivation function type +to \fBkdf\fR for \s-1ECDH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR which uses the key derivation specified in X9.63. +When using key derivation, the \fBkdf_md\fR and \fBkdf_outlen\fR parameters must +also be specified. +.PP +The \fBEVP_PKEY_CTX_get_ecdh_kdf_type()\fR macro returns the key derivation function +type for \fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are +\&\fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR. +.PP +The \fBEVP_PKEY_CTX_set_ecdh_kdf_md()\fR macro sets the key derivation function +message digest to \fBmd\fR for \s-1ECDH\s0 key derivation. Note that X9.63 specifies +that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. +.PP +The \fBEVP_PKEY_CTX_get_ecdh_kdf_md()\fR macro gets the key derivation function +message digest for \fBctx\fR used for \s-1ECDH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR macro sets the key derivation function +output length to \fBlen\fR for \s-1ECDH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR macro gets the key derivation function +output length for \fBctx\fR used for \s-1ECDH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR macro sets the user key material to \fBukm\fR +for \s-1ECDH\s0 key derivation. This parameter is optional and corresponds to the +shared info in X9.63 terms. The library takes ownership of the user key material +so the caller should not free the original memory pointed to by \fBukm\fR. +.PP +The \fBEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "Other parameters" +.IX Subsection "Other parameters" +The \fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR +macros are used to manipulate the special identifier field for specific signature +algorithms such as \s-1SM2.\s0 The \fBEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fBid\fR with +the length \fBid_len\fR to the library. The library takes a copy of the id so that +the caller can safely free the original memory pointed to by \fBid\fR. The +\&\fBEVP_PKEY_CTX_get1_id_len()\fR macro returns the length of the \s-1ID\s0 set via a previous +call to \fBEVP_PKEY_CTX_set1_id()\fR. The length is usually used to allocate adequate +memory for further calls to \fBEVP_PKEY_CTX_get1_id()\fR. The \fBEVP_PKEY_CTX_get1_id()\fR +macro returns the previously set \s-1ID\s0 value to caller in \fBid\fR. The caller should +allocate adequate memory space for the \fBid\fR before calling \fBEVP_PKEY_CTX_get1_id()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_CTX_ctrl()\fR and its macros return a positive value for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR +macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_new.3 new file mode 100644 index 00000000..7e25d761 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_new.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_NEW 3" +.TH EVP_PKEY_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free \- public key algorithm context functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +\& void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using +the algorithm specified in \fBpkey\fR and \s-1ENGINE\s0 \fBe\fR. +.PP +The \fBEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context +using the algorithm specified by \fBid\fR and \s-1ENGINE\s0 \fBe\fR. It is normally used +when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, for example +during parameter generation of key generation for some algorithms. +.PP +\&\fBEVP_PKEY_CTX_dup()\fR duplicates the context \fBctx\fR. +.PP +\&\fBEVP_PKEY_CTX_free()\fR frees up the context \fBctx\fR. +If \fBctx\fR is \s-1NULL,\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP_PKEY_CTX\s0\fR structure is an opaque public key algorithm context used +by the OpenSSL high level public key \s-1API.\s0 Contexts \fB\s-1MUST NOT\s0\fR be shared between +threads: that is it is not permissible to use the same context simultaneously +in two threads. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_CTX_new()\fR, \fBEVP_PKEY_CTX_new_id()\fR, \fBEVP_PKEY_CTX_dup()\fR returns either +the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure of \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBEVP_PKEY_CTX_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 new file mode 100644 index 00000000..fe5cd1c7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET1_PBE_PASS 3" +.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set1_pbe_pass \&\- generic KDF support functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *pctx, unsigned char *pass, +\& int passlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are generic support functions for all \s-1KDF\s0 algorithms. +.PP +\&\fBEVP_PKEY_CTX_set1_pbe_pass()\fR sets the password to the \fBpasslen\fR first +bytes from \fBpass\fR. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +There is also support for string based control operations via +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). +The \fBpassword\fR can be directly specified using the \fBtype\fR parameter +\&\*(L"pass\*(R" or given in hex encoding using the \*(L"hexpass\*(R" parameter. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 new file mode 100644 index 00000000..6542c750 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 @@ -0,0 +1,288 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_HKDF_MD 3" +.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, EVP_PKEY_CTX_hkdf_mode \- HMAC\-based Extract\-and\-Expand key derivation algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode); +\& +\& int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); +\& +\& int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, +\& int saltlen); +\& +\& int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key, +\& int keylen); +\& +\& int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info, +\& int infolen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_PKEY_HKDF\s0 algorithm implements the \s-1HKDF\s0 key derivation function. +\&\s-1HKDF\s0 follows the \*(L"extract-then-expand\*(R" paradigm, where the \s-1KDF\s0 logically +consists of two modules. The first stage takes the input keying material +and \*(L"extracts\*(R" from it a fixed-length pseudorandom key K. The second stage +\&\*(L"expands\*(R" the key K into several additional pseudorandom keys (the output +of the \s-1KDF\s0). +.PP +\&\fBEVP_PKEY_CTX_hkdf_mode()\fR sets the mode for the \s-1HKDF\s0 operation. There are three +modes that are currently defined: +.IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND\s0" 4 +.IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND" +This is the default mode. Calling \fBEVP_PKEY_derive\fR\|(3) on an \s-1EVP_PKEY_CTX\s0 set +up for \s-1HKDF\s0 will perform an extract followed by an expand operation in one go. +The derived key returned will be the result after the expand operation. The +intermediate fixed-length pseudorandom key K is not returned. +.Sp +In this mode the digest, key, salt and info values must be set before a key is +derived or an error occurs. +.IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\s0" 4 +.IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY" +In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the extract +operation. The value returned will be the intermediate fixed-length pseudorandom +key K. +.Sp +The digest, key and salt values must be set before a key is derived or an +error occurs. +.IP "\s-1EVP_PKEY_HKDEF_MODE_EXPAND_ONLY\s0" 4 +.IX Item "EVP_PKEY_HKDEF_MODE_EXPAND_ONLY" +In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the expand +operation. The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation. +.Sp +The digest, key and info values must be set before a key is derived or an +error occurs. +.PP +\&\fBEVP_PKEY_CTX_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF.\s0 +.PP +\&\fBEVP_PKEY_CTX_set1_hkdf_salt()\fR sets the salt to \fBsaltlen\fR bytes of the +buffer \fBsalt\fR. Any existing value is replaced. +.PP +\&\fBEVP_PKEY_CTX_set1_hkdf_key()\fR sets the key to \fBkeylen\fR bytes of the buffer +\&\fBkey\fR. Any existing value is replaced. +.PP +\&\fBEVP_PKEY_CTX_add1_hkdf_info()\fR sets the info value to \fBinfolen\fR bytes of the +buffer \fBinfo\fR. If a value is already set, it is appended to the existing +value. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +\&\s-1HKDF\s0 also supports string based control operations via +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). +The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest +algorithm to use. +The \fBtype\fR parameter \*(L"mode\*(R" uses the values \*(L"\s-1EXTRACT_AND_EXPAND\*(R", +\&\*(L"EXTRACT_ONLY\*(R"\s0 and \*(L"\s-1EXPAND_ONLY\*(R"\s0 to determine the mode to use. +The \fBtype\fR parameters \*(L"salt\*(R", \*(L"key\*(R" and \*(L"info\*(R" use the supplied \fBvalue\fR +parameter as a \fBseed\fR, \fBkey\fR or \fBinfo\fR value. +The names \*(L"hexsalt\*(R", \*(L"hexkey\*(R" and \*(L"hexinfo\*(R" are similar except they take a hex +string which is converted to binary. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented as macros. +.PP +A context for \s-1HKDF\s0 can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); +.Ve +.PP +The total length of the info buffer cannot exceed 1024 bytes in length: this +should be more than enough for any normal use of \s-1HKDF.\s0 +.PP +The output length of an \s-1HKDF\s0 expand operation is specified via the length +parameter to the \fBEVP_PKEY_derive\fR\|(3) function. +Since the \s-1HKDF\s0 output length is variable, passing a \fB\s-1NULL\s0\fR buffer as a means +to obtain the requisite length is not meaningful with \s-1HKDF\s0 in any mode that +performs an expand operation. Instead, the caller must allocate a buffer of the +desired length, and pass that buffer to \fBEVP_PKEY_derive\fR\|(3) along with (a +pointer initialized to) the desired length. Passing a \fB\s-1NULL\s0\fR buffer to obtain +the length is allowed when using \s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY.\s0 +.PP +Optimised versions of \s-1HKDF\s0 can be implemented in an \s-1ENGINE.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R", +salt value \*(L"salt\*(R" and info value \*(L"label\*(R": +.PP +.Vb 4 +\& EVP_PKEY_CTX *pctx; +\& unsigned char out[10]; +\& size_t outlen = sizeof(out); +\& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); +\& +\& if (EVP_PKEY_derive_init(pctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) +\& /* Error */ +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 5869\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 new file mode 100644 index 00000000..19461385 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 @@ -0,0 +1,222 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3" +.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_rsa_pss_keygen_md, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen \&\- EVP_PKEY RSA\-PSS algorithm support functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx, +\& const EVP_MD *md); +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx, +\& const EVP_MD *md); +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx, +\& int saltlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These are the functions that implement \s-1\fBRSA\-PSS\s0\fR\|(7). +.SS "Signing and Verification" +.IX Subsection "Signing and Verification" +The macro \fBEVP_PKEY_CTX_set_rsa_padding()\fR is supported but an error is +returned if an attempt is made to set the padding mode to anything other +than \fB\s-1PSS\s0\fR. It is otherwise similar to the \fB\s-1RSA\s0\fR version. +.PP +The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro is used to set the salt length. +If the key has usage restrictions then an error is returned if an attempt is +made to set the salt length below the minimum value. It is otherwise similar +to the \fB\s-1RSA\s0\fR operation except detection of the salt length (using +\&\s-1RSA_PSS_SALTLEN_AUTO\s0) is not supported for verification if the key has +usage restrictions. +.PP +The \fBEVP_PKEY_CTX_set_signature_md()\fR and \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macros +are used to set the digest and \s-1MGF1\s0 algorithms respectively. If the key has +usage restrictions then an error is returned if an attempt is made to set the +digest to anything other than the restricted value. Otherwise these are +similar to the \fB\s-1RSA\s0\fR versions. +.SS "Key Generation" +.IX Subsection "Key Generation" +As with \s-1RSA\s0 key generation the \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR +and \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macros are supported for RSA-PSS: +they have exactly the same meaning as for the \s-1RSA\s0 algorithm. +.PP +Optional parameter restrictions can be specified when generating a \s-1PSS\s0 key. +If any restrictions are set (using the macros described below) then \fBall\fR +parameters are restricted. For example, setting a minimum salt length also +restricts the digest and \s-1MGF1\s0 algorithms. If any restrictions are in place +then they are reflected in the corresponding parameters of the public key +when (for example) a certificate request is signed. +.PP +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md()\fR restricts the digest algorithm the +generated key can use to \fBmd\fR. +.PP +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md()\fR restricts the \s-1MGF1\s0 algorithm the +generated key can use to \fBmd\fR. +.PP +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen()\fR restricts the minimum salt length +to \fBsaltlen\fR. +.SH "NOTES" +.IX Header "NOTES" +A context for the \fBRSA-PSS\fR algorithm can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBRSA\-PSS\s0\fR\|(7), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 new file mode 100644 index 00000000..60716e99 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_SCRYPT_N 3" +.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set1_scrypt_salt, EVP_PKEY_CTX_set_scrypt_N, EVP_PKEY_CTX_set_scrypt_r, EVP_PKEY_CTX_set_scrypt_p, EVP_PKEY_CTX_set_scrypt_maxmem_bytes \&\- EVP_PKEY scrypt KDF support functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, +\& int saltlen); +\& +\& int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *pctx, uint64_t N); +\& +\& int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *pctx, uint64_t r); +\& +\& int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *pctx, uint64_t p); +\& +\& int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx, +\& uint64_t maxmem); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to set up the necessary data to use the +scrypt \s-1KDF.\s0 +For more information on scrypt, see \fBscrypt\fR\|(7). +.PP +\&\fBEVP_PKEY_CTX_set1_scrypt_salt()\fR sets the \fBsaltlen\fR bytes long salt +value. +.PP +\&\fBEVP_PKEY_CTX_set_scrypt_N()\fR, \fBEVP_PKEY_CTX_set_scrypt_r()\fR and +\&\fBEVP_PKEY_CTX_set_scrypt_p()\fR configure the work factors N, r and p. +.PP +\&\fBEVP_PKEY_CTX_set_scrypt_maxmem_bytes()\fR sets how much \s-1RAM\s0 key +derivation may maximally use, given in bytes. +If \s-1RAM\s0 is exceeded because the load factors are chosen too high, the +key derivation will fail. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +scrypt also supports string based control operations via +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). +Similarly, the \fBsalt\fR can either be specified using the \fBtype\fR +parameter \*(L"salt\*(R" or in hex encoding by using the \*(L"hexsalt\*(R" parameter. +The work factors \fBN\fR, \fBr\fR and \fBp\fR as well as \fBmaxmem_bytes\fR can be +set by using the parameters \*(L"N\*(R", \*(L"r\*(R", \*(L"p\*(R" and \*(L"maxmem_bytes\*(R", +respectively. +.SH "NOTES" +.IX Header "NOTES" +The scrypt \s-1KDF\s0 also uses \fBEVP_PKEY_CTX_set1_pbe_pass()\fR as well as +the value from the string controls \*(L"pass\*(R" and \*(L"hexpass\*(R". +See \fBEVP_PKEY_CTX_set1_pbe_pass\fR\|(3). +.PP +All the functions described here are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for +failure. +In particular a return value of \-2 indicates the operation is not +supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBscrypt\fR\|(7), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 new file mode 100644 index 00000000..fab8f310 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_TLS1_PRF_MD 3" +.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_tls1_prf_md, EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed \- TLS PRF key derivation algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx, +\& unsigned char *sec, int seclen); +\& int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, +\& unsigned char *seed, int seedlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1EVP_PKEY_TLS1_PRF\s0\fR algorithm implements the \s-1PRF\s0 key derivation function for +\&\s-1TLS.\s0 It has no associated private key and only implements key derivation +using \fBEVP_PKEY_derive\fR\|(3). +.PP +\&\fBEVP_PKEY_set_tls1_prf_md()\fR sets the message digest associated with the +\&\s-1TLS PRF.\s0 \fBEVP_md5_sha1()\fR is treated as a special case which uses the \s-1PRF\s0 +algorithm using both \fB\s-1MD5\s0\fR and \fB\s-1SHA1\s0\fR as used in \s-1TLS 1.0\s0 and 1.1. +.PP +\&\fBEVP_PKEY_CTX_set_tls1_prf_secret()\fR sets the secret value of the \s-1TLS PRF\s0 +to \fBseclen\fR bytes of the buffer \fBsec\fR. Any existing secret value is replaced +and any seed is reset. +.PP +\&\fBEVP_PKEY_CTX_add1_tls1_prf_seed()\fR sets the seed to \fBseedlen\fR bytes of \fBseed\fR. +If a seed is already set it is appended to the existing value. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +The \s-1TLS PRF\s0 also supports string based control operations using +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). +The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest +algorithm to use. +The \fBtype\fR parameters \*(L"secret\*(R" and \*(L"seed\*(R" use the supplied \fBvalue\fR parameter +as a secret or seed value. +The names \*(L"hexsecret\*(R" and \*(L"hexseed\*(R" are similar except they take a hex string +which is converted to binary. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented as macros. +.PP +A context for the \s-1TLS PRF\s0 can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); +.Ve +.PP +The digest, secret value and seed must be set before a key is derived or an +error occurs. +.PP +The total length of all seeds cannot exceed 1024 bytes in length: this should +be more than enough for any normal use of the \s-1TLS PRF.\s0 +.PP +The output length of the \s-1PRF\s0 is specified by the length parameter in the +\&\fBEVP_PKEY_derive()\fR function. Since the output length is variable, setting +the buffer to \fB\s-1NULL\s0\fR is not meaningful for the \s-1TLS PRF.\s0 +.PP +Optimised versions of the \s-1TLS PRF\s0 can be implemented in an \s-1ENGINE.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R" +and seed value \*(L"seed\*(R": +.PP +.Vb 3 +\& EVP_PKEY_CTX *pctx; +\& unsigned char out[10]; +\& size_t outlen = sizeof(out); +\& +\& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); +\& if (EVP_PKEY_derive_init(pctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) +\& /* Error */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_asn1_get_count.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_asn1_get_count.3 new file mode 100644 index 00000000..d10444c4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_asn1_get_count.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ASN1_GET_COUNT 3" +.TH EVP_PKEY_ASN1_GET_COUNT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_asn1_find, EVP_PKEY_asn1_find_str, EVP_PKEY_asn1_get_count, EVP_PKEY_asn1_get0, EVP_PKEY_asn1_get0_info \&\- enumerate public key ASN.1 methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_asn1_get_count(void); +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, +\& const char *str, int len); +\& int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, +\& int *ppkey_flags, const char **pinfo, +\& const char **ppem_str, +\& const EVP_PKEY_ASN1_METHOD *ameth); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_asn1_count()\fR returns a count of the number of public key +\&\s-1ASN.1\s0 methods available: it includes standard methods and any methods +added by the application. +.PP +\&\fBEVP_PKEY_asn1_get0()\fR returns the public key \s-1ASN.1\s0 method \fBidx\fR. +The value of \fBidx\fR must be between zero and \fBEVP_PKEY_asn1_get_count()\fR +\&\- 1. +.PP +\&\fBEVP_PKEY_asn1_find()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 +\&\fBtype\fR. +If \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will look up an engine implementing a +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 \fBtype\fR and return that instead, +and also set \fB*pe\fR to point at the engine that implements it. +.PP +\&\fBEVP_PKEY_asn1_find_str()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1PEM\s0 +type string \fBstr\fR. +Just like \fBEVP_PKEY_asn1_find()\fR, if \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will +look up an engine implementing a \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 +\&\fBtype\fR and return that instead, and also set \fB*pe\fR to point at the +engine that implements it. +.PP +\&\fBEVP_PKEY_asn1_get0_info()\fR returns the public key \s-1ID,\s0 base public key +\&\s-1ID\s0 (both NIDs), any flags, the method description and \s-1PEM\s0 type string +associated with the public key \s-1ASN.1\s0 method \fB*ameth\fR. +.PP +\&\fBEVP_PKEY_asn1_count()\fR, \fBEVP_PKEY_asn1_get0()\fR, \fBEVP_PKEY_asn1_find()\fR and +\&\fBEVP_PKEY_asn1_find_str()\fR are not thread safe, but as long as all +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are added before the application gets +threaded, using them is safe. See \fBEVP_PKEY_asn1_add0\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_asn1_count()\fR returns the number of available public key methods. +.PP +\&\fBEVP_PKEY_asn1_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is +out of range. +.PP +\&\fBEVP_PKEY_asn1_get0_info()\fR returns 0 on failure, 1 on success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_asn1_new\fR\|(3), \fBEVP_PKEY_asn1_add0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_cmp.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_cmp.3 new file mode 100644 index 00000000..05a5601c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_cmp.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CMP 3" +.TH EVP_PKEY_CMP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp \- public key parameter and comparison functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +\& int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +\& +\& int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); +\& int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key +parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm +doesn't use parameters. +.PP +The function \fBEVP_PKEY_copy_parameters()\fR copies the parameters from key +\&\fBfrom\fR to key \fBto\fR. An error is returned if the parameters are missing in +\&\fBfrom\fR or present in both \fBfrom\fR and \fBto\fR and mismatch. If the parameters +in \fBfrom\fR and \fBto\fR are both present and match this function has no effect. +.PP +The function \fBEVP_PKEY_cmp_parameters()\fR compares the parameters of keys +\&\fBa\fR and \fBb\fR. +.PP +The function \fBEVP_PKEY_cmp()\fR compares the public key components and parameters +(if present) of keys \fBa\fR and \fBb\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of the functions \fBEVP_PKEY_missing_parameters()\fR and +\&\fBEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the +parameters are sometimes omitted from a public key if they are inherited from +the \s-1CA\s0 that signed it. +.PP +Since OpenSSL private keys contain public key components too the function +\&\fBEVP_PKEY_cmp()\fR can also be used to determine if a private key matches +a public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key +parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm +doesn't use parameters. +.PP +These functions \fBEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for +failure. +.PP +The function \fBEVP_PKEY_cmp_parameters()\fR and \fBEVP_PKEY_cmp()\fR return 1 if the +keys match, 0 if they don't match, \-1 if the key types are different and +\&\-2 if the operation is not supported. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_decrypt.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_decrypt.3 new file mode 100644 index 00000000..4c0e322e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_decrypt.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_DECRYPT 3" +.TH EVP_PKEY_DECRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_decrypt_init, EVP_PKEY_decrypt \- decrypt using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, +\& unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a decryption operation. +.PP +The \fBEVP_PKEY_decrypt()\fR function performs a public key decryption operation +using \fBctx\fR. The data to be decrypted is specified using the \fBin\fR and +\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBoutlen\fR parameter should contain the length of the +\&\fBout\fR buffer, if the call is successful the decrypted data is written to +\&\fBout\fR and the amount of data written to \fBoutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_decrypt_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fBEVP_PKEY_decrypt()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_decrypt_init()\fR and \fBEVP_PKEY_decrypt()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys): +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& unsigned char *out, *in; +\& size_t outlen, inlen; +\& EVP_PKEY *key; +\& +\& /* +\& * NB: assumes key, eng, in, inlen are already set up +\& * and that key is an RSA private key +\& */ +\& ctx = EVP_PKEY_CTX_new(key, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_decrypt_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& out = OPENSSL_malloc(outlen); +\& +\& if (!out) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& /* Decrypted data is outlen bytes written to buffer out */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_derive.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_derive.3 new file mode 100644 index 00000000..334b4f5f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_derive.3 @@ -0,0 +1,234 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_DERIVE 3" +.TH EVP_PKEY_DERIVE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive \- derive public key algorithm shared secret +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +\& int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_derive_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for shared secret derivation. +.PP +The \fBEVP_PKEY_derive_set_peer()\fR function sets the peer key: this will normally +be a public key. +.PP +The \fBEVP_PKEY_derive()\fR derives a shared secret using \fBctx\fR. +If \fBkey\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to +the \fBkeylen\fR parameter. If \fBkey\fR is not \fB\s-1NULL\s0\fR then before the call the +\&\fBkeylen\fR parameter should contain the length of the \fBkey\fR buffer, if the call +is successful the shared secret is written to \fBkey\fR and the amount of data +written to \fBkeylen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_derive_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fBEVP_PKEY_derive()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_derive_init()\fR and \fBEVP_PKEY_derive()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys): +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& unsigned char *skey; +\& size_t skeylen; +\& EVP_PKEY *pkey, *peerkey; +\& /* NB: assumes pkey, eng, peerkey have been already set up */ +\& +\& ctx = EVP_PKEY_CTX_new(pkey, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_derive_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) +\& /* Error */ +\& +\& skey = OPENSSL_malloc(skeylen); +\& +\& if (!skey) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) +\& /* Error */ +\& +\& /* Shared secret is skey bytes written to buffer skey */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_encrypt.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_encrypt.3 new file mode 100644 index 00000000..3989dd05 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_encrypt.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ENCRYPT 3" +.TH EVP_PKEY_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, +\& unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for an encryption operation. +.PP +The \fBEVP_PKEY_encrypt()\fR function performs a public key encryption operation +using \fBctx\fR. The data to be encrypted is specified using the \fBin\fR and +\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBoutlen\fR parameter should contain the length of the +\&\fBout\fR buffer, if the call is successful the encrypted data is written to +\&\fBout\fR and the amount of data written to \fBoutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_encrypt_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fBEVP_PKEY_encrypt()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_encrypt_init()\fR and \fBEVP_PKEY_encrypt()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fBPEM_read_PUBKEY\fR\|(3) or +\&\fBd2i_X509\fR\|(3) for means to load a public key. You may also simply +set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementation: +.PP +.Vb 3 +\& #include +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& unsigned char *out, *in; +\& size_t outlen, inlen; +\& EVP_PKEY *key; +\& +\& /* +\& * NB: assumes eng, key, in, inlen are already set up, +\& * and that key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(key, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_encrypt_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& out = OPENSSL_malloc(outlen); +\& +\& if (!out) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& /* Encrypted data is outlen bytes written to buffer out */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBENGINE_by_id\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_get_default_digest_nid.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_get_default_digest_nid.3 new file mode 100644 index 00000000..192fdfc4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_get_default_digest_nid.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_GET_DEFAULT_DIGEST_NID 3" +.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_get_default_digest_nid \- get default signature digest +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_get_default_digest_nid()\fR function sets \fBpnid\fR to the default +message digest \s-1NID\s0 for the public key signature operations associated with key +\&\fBpkey\fR. Note that some signature algorithms (i.e. Ed25519 and Ed448) do not use +a digest during signing. In this case \fBpnid\fR will be set to NID_undef. +.SH "NOTES" +.IX Header "NOTES" +For all current standard OpenSSL public key algorithms \s-1SHA1\s0 is returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBEVP_PKEY_get_default_digest_nid()\fR function returns 1 if the message digest +is advisory (that is other digests can be used) and 2 if it is mandatory (other +digests can not be used). It returns 0 or a negative value for failure. In +particular a return value of \-2 indicates the operation is not supported by the +public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +This function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_keygen.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_keygen.3 new file mode 100644 index 00000000..bfc30e78 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_keygen.3 @@ -0,0 +1,335 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_KEYGEN 3" +.TH EVP_PKEY_KEYGEN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data, EVP_PKEY_gen_cb, EVP_PKEY_check, EVP_PKEY_public_check, EVP_PKEY_param_check \&\- key and parameter generation and check functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +\& int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +\& +\& typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); +\& +\& void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +\& EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); +\& +\& int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); +\& +\& void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +\& void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); +\& +\& int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_keygen_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a key generation operation. +.PP +The \fBEVP_PKEY_keygen()\fR function performs a key generation operation, the +generated key is written to \fBppkey\fR. +.PP +The functions \fBEVP_PKEY_paramgen_init()\fR and \fBEVP_PKEY_paramgen()\fR are similar +except parameters are generated. +.PP +The function \fBEVP_PKEY_set_cb()\fR sets the key or parameter generation callback +to \fBcb\fR. The function \fBEVP_PKEY_CTX_get_cb()\fR returns the key or parameter +generation callback. +.PP +The function \fBEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated +with the generation operation. If \fBidx\fR is \-1 the total number of +parameters available is returned. Any non negative value returns the value of +that parameter. \fBEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for +\&\fBidx\fR should only be called within the generation callback. +.PP +If the callback returns 0 then the key generation operation is aborted and an +error occurs. This might occur during a time consuming operation where +a user clicks on a \*(L"cancel\*(R" button. +.PP +The functions \fBEVP_PKEY_CTX_set_app_data()\fR and \fBEVP_PKEY_CTX_get_app_data()\fR set +and retrieve an opaque pointer. This can be used to set some application +defined value which can be retrieved in the callback: for example a handle +which is used to update a \*(L"progress dialog\*(R". +.PP +\&\fBEVP_PKEY_check()\fR validates the key-pair given by \fBctx\fR. This function first tries +to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR if it's present; otherwise +it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. +.PP +\&\fBEVP_PKEY_public_check()\fR validates the public component of the key-pair given by \fBctx\fR. +This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR +if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. +.PP +\&\fBEVP_PKEY_param_check()\fR validates the algorithm parameters of the key-pair given by \fBctx\fR. +This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR +if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_keygen_init()\fR or \fBEVP_PKEY_paramgen_init()\fR algorithm +specific control operations can be performed to set any appropriate parameters +for the operation. +.PP +The functions \fBEVP_PKEY_keygen()\fR and \fBEVP_PKEY_paramgen()\fR can be called more than +once on the same context if several operations are performed using the same +parameters. +.PP +The meaning of the parameters passed to the callback will depend on the +algorithm and the specific implementation of the algorithm. Some might not +give any useful information at all during key or parameter generation. Others +might not even call the callback. +.PP +The operation performed by key or parameter generation depends on the algorithm +used. In some cases (e.g. \s-1EC\s0 with a supplied named curve) the \*(L"generation\*(R" +option merely sets the appropriate fields in an \s-1EVP_PKEY\s0 structure. +.PP +In OpenSSL an \s-1EVP_PKEY\s0 structure containing a private key also contains the +public key components and parameters (if any). An OpenSSL private key is +equivalent to what some libraries call a \*(L"key pair\*(R". A private key can be used +in functions which require the use of a public key or parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_keygen_init()\fR, \fBEVP_PKEY_paramgen_init()\fR, \fBEVP_PKEY_keygen()\fR and +\&\fBEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.PP +\&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR return 1 +for success or others for failure. They return \-2 if the operation is not supported +for the specific algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate a 2048 bit \s-1RSA\s0 key: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& EVP_PKEY *pkey = NULL; +\& +\& ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_keygen_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) +\& /* Error */ +\& +\& /* Generate key */ +\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) +\& /* Error */ +.Ve +.PP +Generate a key from a set of parameters: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& EVP_PKEY *pkey = NULL, *param; +\& +\& /* Assumed param, eng are set up already */ +\& ctx = EVP_PKEY_CTX_new(param, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_keygen_init(ctx) <= 0) +\& /* Error */ +\& +\& /* Generate key */ +\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) +\& /* Error */ +.Ve +.PP +Example of generation callback for OpenSSL public key implementations: +.PP +.Vb 1 +\& /* Application data is a BIO to output status to */ +\& +\& EVP_PKEY_CTX_set_app_data(ctx, status_bio); +\& +\& static int genpkey_cb(EVP_PKEY_CTX *ctx) +\& { +\& char c = \*(Aq*\*(Aq; +\& BIO *b = EVP_PKEY_CTX_get_app_data(ctx); +\& int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); +\& +\& if (p == 0) +\& c = \*(Aq.\*(Aq; +\& if (p == 1) +\& c = \*(Aq+\*(Aq; +\& if (p == 2) +\& c = \*(Aq*\*(Aq; +\& if (p == 3) +\& c = \*(Aq\en\*(Aq; +\& BIO_write(b, &c, 1); +\& (void)BIO_flush(b); +\& return 1; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.PP +\&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR were added +in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_meth_get_count.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_meth_get_count.3 new file mode 100644 index 00000000..d814b2e6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_meth_get_count.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_METH_GET_COUNT 3" +.TH EVP_PKEY_METH_GET_COUNT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info \- enumerate public key methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& size_t EVP_PKEY_meth_get_count(void); +\& const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); +\& void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, +\& const EVP_PKEY_METHOD *meth); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_meth_count()\fR returns a count of the number of public key methods +available: it includes standard methods and any methods added by the +application. +.PP +\&\fBEVP_PKEY_meth_get0()\fR returns the public key method \fBidx\fR. The value of \fBidx\fR +must be between zero and \fBEVP_PKEY_meth_get_count()\fR \- 1. +.PP +\&\fBEVP_PKEY_meth_get0_info()\fR returns the public key \s-1ID\s0 (a \s-1NID\s0) and any flags +associated with the public key method \fB*meth\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_meth_count()\fR returns the number of available public key methods. +.PP +\&\fBEVP_PKEY_meth_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is +out of range. +.PP +\&\fBEVP_PKEY_meth_get0_info()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_meth_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_meth_new.3 new file mode 100644 index 00000000..fd9daff1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_meth_new.3 @@ -0,0 +1,594 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_METH_NEW 3" +.TH EVP_PKEY_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, EVP_PKEY_meth_add0, EVP_PKEY_METHOD, EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, EVP_PKEY_meth_set_digestsign, EVP_PKEY_meth_set_digestverify, EVP_PKEY_meth_set_check, EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, EVP_PKEY_meth_set_digest_custom, EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, EVP_PKEY_meth_get_digestsign, EVP_PKEY_meth_get_digestverify, EVP_PKEY_meth_get_check, EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, EVP_PKEY_meth_get_digest_custom, EVP_PKEY_meth_remove \&\- manipulating EVP_PKEY_METHOD structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +\& +\& EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); +\& void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +\& void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +\& const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +\& int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); +\& int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); +\& +\& void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, +\& int (*init) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, +\& int (*copy) (EVP_PKEY_CTX *dst, +\& EVP_PKEY_CTX *src)); +\& void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, +\& void (*cleanup) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, +\& int (*paramgen_init) (EVP_PKEY_CTX *ctx), +\& int (*paramgen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, +\& int (*keygen_init) (EVP_PKEY_CTX *ctx), +\& int (*keygen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, +\& int (*sign_init) (EVP_PKEY_CTX *ctx), +\& int (*sign) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, +\& int (*verify_init) (EVP_PKEY_CTX *ctx), +\& int (*verify) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, +\& int (*verify_recover_init) (EVP_PKEY_CTX +\& *ctx), +\& int (*verify_recover) (EVP_PKEY_CTX +\& *ctx, +\& unsigned char +\& *sig, +\& size_t *siglen, +\& const unsigned +\& char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, +\& int (*signctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (*signctx) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, +\& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (*verifyctx) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& int siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, +\& int (*encrypt_init) (EVP_PKEY_CTX *ctx), +\& int (*encryptfn) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, +\& int (*decrypt_init) (EVP_PKEY_CTX *ctx), +\& int (*decrypt) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, +\& int (*derive_init) (EVP_PKEY_CTX *ctx), +\& int (*derive) (EVP_PKEY_CTX *ctx, +\& unsigned char *key, +\& size_t *keylen)); +\& void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, +\& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, +\& void *p2), +\& int (*ctrl_str) (EVP_PKEY_CTX *ctx, +\& const char *type, +\& const char *value)); +\& void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, +\& int (*digestsign) (EVP_MD_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, +\& int (*digestverify) (EVP_MD_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, +\& int (*check) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, +\& int (*check) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, +\& int (*check) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, +\& int (*digest_custom) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx)); +\& +\& void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, +\& int (**pinit) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, +\& int (**pcopy) (EVP_PKEY_CTX *dst, +\& EVP_PKEY_CTX *src)); +\& void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, +\& void (**pcleanup) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, +\& int (**pparamgen_init) (EVP_PKEY_CTX *ctx), +\& int (**pparamgen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, +\& int (**pkeygen_init) (EVP_PKEY_CTX *ctx), +\& int (**pkeygen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, +\& int (**psign_init) (EVP_PKEY_CTX *ctx), +\& int (**psign) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, +\& int (**pverify_init) (EVP_PKEY_CTX *ctx), +\& int (**pverify) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, +\& int (**pverify_recover_init) (EVP_PKEY_CTX +\& *ctx), +\& int (**pverify_recover) (EVP_PKEY_CTX +\& *ctx, +\& unsigned char +\& *sig, +\& size_t *siglen, +\& const unsigned +\& char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, +\& int (**psignctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (**psignctx) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, +\& int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (**pverifyctx) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& int siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, +\& int (**pencrypt_init) (EVP_PKEY_CTX *ctx), +\& int (**pencryptfn) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, +\& int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), +\& int (**pdecrypt) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, +\& int (**pderive_init) (EVP_PKEY_CTX *ctx), +\& int (**pderive) (EVP_PKEY_CTX *ctx, +\& unsigned char *key, +\& size_t *keylen)); +\& void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, +\& int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, +\& void *p2), +\& int (**pctrl_str) (EVP_PKEY_CTX *ctx, +\& const char *type, +\& const char *value)); +\& void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, +\& int (**digestsign) (EVP_MD_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, +\& int (**digestverify) (EVP_MD_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, +\& int (**pcheck) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, +\& int (**pcheck) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, +\& int (**pcheck) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, +\& int (**pdigest_custom) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1EVP_PKEY_METHOD\s0\fR is a structure which holds a set of methods for a +specific public key cryptographic algorithm. Those methods are usually +used to perform different jobs, such as generating a key, signing or +verifying, encrypting or decrypting, etc. +.PP +There are two places where the \fB\s-1EVP_PKEY_METHOD\s0\fR objects are stored: one +is a built-in static array representing the standard methods for different +algorithms, and the other one is a stack of user-defined application-specific +methods, which can be manipulated by using \fBEVP_PKEY_meth_add0\fR\|(3). +.PP +The \fB\s-1EVP_PKEY_METHOD\s0\fR objects are usually referenced by \fB\s-1EVP_PKEY_CTX\s0\fR +objects. +.SS "Methods" +.IX Subsection "Methods" +The methods are the underlying implementations of a particular public key +algorithm present by the \fB\s-1EVP_PKEY_CTX\s0\fR object. +.PP +.Vb 3 +\& int (*init) (EVP_PKEY_CTX *ctx); +\& int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); +\& void (*cleanup) (EVP_PKEY_CTX *ctx); +.Ve +.PP +The \fBinit()\fR method is called to initialize algorithm-specific data when a new +\&\fB\s-1EVP_PKEY_CTX\s0\fR is created. As opposed to \fBinit()\fR, the \fBcleanup()\fR method is called +when an \fB\s-1EVP_PKEY_CTX\s0\fR is freed. The \fBcopy()\fR method is called when an \fB\s-1EVP_PKEY_CTX\s0\fR +is being duplicated. Refer to \fBEVP_PKEY_CTX_new\fR\|(3), \fBEVP_PKEY_CTX_new_id\fR\|(3), +\&\fBEVP_PKEY_CTX_free\fR\|(3) and \fBEVP_PKEY_CTX_dup\fR\|(3). +.PP +.Vb 2 +\& int (*paramgen_init) (EVP_PKEY_CTX *ctx); +\& int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); +.Ve +.PP +The \fBparamgen_init()\fR and \fBparamgen()\fR methods deal with key parameter generation. +They are called by \fBEVP_PKEY_paramgen_init\fR\|(3) and \fBEVP_PKEY_paramgen\fR\|(3) to +handle the parameter generation process. +.PP +.Vb 2 +\& int (*keygen_init) (EVP_PKEY_CTX *ctx); +\& int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); +.Ve +.PP +The \fBkeygen_init()\fR and \fBkeygen()\fR methods are used to generate the actual key for +the specified algorithm. They are called by \fBEVP_PKEY_keygen_init\fR\|(3) and +\&\fBEVP_PKEY_keygen\fR\|(3). +.PP +.Vb 3 +\& int (*sign_init) (EVP_PKEY_CTX *ctx); +\& int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.PP +The \fBsign_init()\fR and \fBsign()\fR methods are used to generate the signature of a +piece of data using a private key. They are called by \fBEVP_PKEY_sign_init\fR\|(3) +and \fBEVP_PKEY_sign\fR\|(3). +.PP +.Vb 4 +\& int (*verify_init) (EVP_PKEY_CTX *ctx); +\& int (*verify) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, size_t siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.PP +The \fBverify_init()\fR and \fBverify()\fR methods are used to verify whether a signature is +valid. They are called by \fBEVP_PKEY_verify_init\fR\|(3) and \fBEVP_PKEY_verify\fR\|(3). +.PP +.Vb 4 +\& int (*verify_recover_init) (EVP_PKEY_CTX *ctx); +\& int (*verify_recover) (EVP_PKEY_CTX *ctx, +\& unsigned char *rout, size_t *routlen, +\& const unsigned char *sig, size_t siglen); +.Ve +.PP +The \fBverify_recover_init()\fR and \fBverify_recover()\fR methods are used to verify a +signature and then recover the digest from the signature (for instance, a +signature that was generated by \s-1RSA\s0 signing algorithm). They are called by +\&\fBEVP_PKEY_verify_recover_init\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). +.PP +.Vb 3 +\& int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +\& int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, +\& EVP_MD_CTX *mctx); +.Ve +.PP +The \fBsignctx_init()\fR and \fBsignctx()\fR methods are used to sign a digest present by +a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the EVP_DigestSign functions. See +\&\fBEVP_DigestSignInit\fR\|(3) for details. +.PP +.Vb 3 +\& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +\& int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, +\& EVP_MD_CTX *mctx); +.Ve +.PP +The \fBverifyctx_init()\fR and \fBverifyctx()\fR methods are used to verify a signature +against the data in a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the various +EVP_DigestVerify functions. See \fBEVP_DigestVerifyInit\fR\|(3) for details. +.PP +.Vb 3 +\& int (*encrypt_init) (EVP_PKEY_CTX *ctx); +\& int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.PP +The \fBencrypt_init()\fR and \fBencrypt()\fR methods are used to encrypt a piece of data. +They are called by \fBEVP_PKEY_encrypt_init\fR\|(3) and \fBEVP_PKEY_encrypt\fR\|(3). +.PP +.Vb 3 +\& int (*decrypt_init) (EVP_PKEY_CTX *ctx); +\& int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.PP +The \fBdecrypt_init()\fR and \fBdecrypt()\fR methods are used to decrypt a piece of data. +They are called by \fBEVP_PKEY_decrypt_init\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3). +.PP +.Vb 2 +\& int (*derive_init) (EVP_PKEY_CTX *ctx); +\& int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); +.Ve +.PP +The \fBderive_init()\fR and \fBderive()\fR methods are used to derive the shared secret +from a public key algorithm (for instance, the \s-1DH\s0 algorithm). They are called by +\&\fBEVP_PKEY_derive_init\fR\|(3) and \fBEVP_PKEY_derive\fR\|(3). +.PP +.Vb 2 +\& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); +\& int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); +.Ve +.PP +The \fBctrl()\fR and \fBctrl_str()\fR methods are used to adjust algorithm-specific +settings. See \fBEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for details. +.PP +.Vb 5 +\& int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); +\& int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, +\& size_t siglen, const unsigned char *tbs, +\& size_t tbslen); +.Ve +.PP +The \fBdigestsign()\fR and \fBdigestverify()\fR methods are used to generate or verify +a signature in a one-shot mode. They could be called by \fBEVP_DigestSign\fR\|(3) +and \fBEVP_DigestVerify\fR\|(3). +.PP +.Vb 3 +\& int (*check) (EVP_PKEY *pkey); +\& int (*public_check) (EVP_PKEY *pkey); +\& int (*param_check) (EVP_PKEY *pkey); +.Ve +.PP +The \fBcheck()\fR, \fBpublic_check()\fR and \fBparam_check()\fR methods are used to validate a +key-pair, the public component and parameters respectively for a given \fBpkey\fR. +They could be called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and +\&\fBEVP_PKEY_param_check\fR\|(3) respectively. +.PP +.Vb 1 +\& int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +.Ve +.PP +The \fBdigest_custom()\fR method is used to generate customized digest content before +the real message is passed to functions like \fBEVP_DigestSignUpdate\fR\|(3) or +\&\fBEVP_DigestVerifyInit\fR\|(3). This is usually required by some public key +signature algorithms like \s-1SM2\s0 which requires a hashed prefix to the message to +be signed. The \fBdigest_custom()\fR function will be called by \fBEVP_DigestSignInit\fR\|(3) +and \fBEVP_DigestVerifyInit\fR\|(3). +.SS "Functions" +.IX Subsection "Functions" +\&\fBEVP_PKEY_meth_new()\fR creates and returns a new \fB\s-1EVP_PKEY_METHOD\s0\fR object, +and associates the given \fBid\fR and \fBflags\fR. The following flags are +supported: +.PP +.Vb 2 +\& EVP_PKEY_FLAG_AUTOARGLEN +\& EVP_PKEY_FLAG_SIGCTX_CUSTOM +.Ve +.PP +If an \fB\s-1EVP_PKEY_METHOD\s0\fR is set with the \fB\s-1EVP_PKEY_FLAG_AUTOARGLEN\s0\fR flag, the +maximum size of the output buffer will be automatically calculated or checked +in corresponding \s-1EVP\s0 methods by the \s-1EVP\s0 framework. Thus the implementations of +these methods don't need to care about handling the case of returning output +buffer size by themselves. For details on the output buffer size, refer to +\&\fBEVP_PKEY_sign\fR\|(3). +.PP +The \fB\s-1EVP_PKEY_FLAG_SIGCTX_CUSTOM\s0\fR is used to indicate the \fBsignctx()\fR method +of an \fB\s-1EVP_PKEY_METHOD\s0\fR is always called by the \s-1EVP\s0 framework while doing a +digest signing operation by calling \fBEVP_DigestSignFinal\fR\|(3). +.PP +\&\fBEVP_PKEY_meth_free()\fR frees an existing \fB\s-1EVP_PKEY_METHOD\s0\fR pointed by +\&\fBpmeth\fR. +.PP +\&\fBEVP_PKEY_meth_copy()\fR copies an \fB\s-1EVP_PKEY_METHOD\s0\fR object from \fBsrc\fR +to \fBdst\fR. +.PP +\&\fBEVP_PKEY_meth_find()\fR finds an \fB\s-1EVP_PKEY_METHOD\s0\fR object with the \fBid\fR. +This function first searches through the user-defined method objects and +then the built-in objects. +.PP +\&\fBEVP_PKEY_meth_add0()\fR adds \fBpmeth\fR to the user defined stack of methods. +.PP +\&\fBEVP_PKEY_meth_remove()\fR removes an \fB\s-1EVP_PKEY_METHOD\s0\fR object added by +\&\fBEVP_PKEY_meth_add0()\fR. +.PP +The EVP_PKEY_meth_set functions set the corresponding fields of +\&\fB\s-1EVP_PKEY_METHOD\s0\fR structure with the arguments passed. +.PP +The EVP_PKEY_meth_get functions get the corresponding fields of +\&\fB\s-1EVP_PKEY_METHOD\s0\fR structure to the arguments provided. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_meth_new()\fR returns a pointer to a new \fB\s-1EVP_PKEY_METHOD\s0\fR +object or returns \s-1NULL\s0 on error. +.PP +\&\fBEVP_PKEY_meth_free()\fR and \fBEVP_PKEY_meth_copy()\fR do not return values. +.PP +\&\fBEVP_PKEY_meth_find()\fR returns a pointer to the found \fB\s-1EVP_PKEY_METHOD\s0\fR +object or returns \s-1NULL\s0 if not found. +.PP +\&\fBEVP_PKEY_meth_add0()\fR returns 1 if method is added successfully or 0 +if an error occurred. +.PP +\&\fBEVP_PKEY_meth_remove()\fR returns 1 if method is removed successfully or +0 if an error occurred. +.PP +All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return +values. For the 'get' functions, function pointers are returned by +arguments. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_new.3 new file mode 100644 index 00000000..3f76152f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_new.3 @@ -0,0 +1,260 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_NEW 3" +.TH EVP_PKEY_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free, EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key, EVP_PKEY_new_CMAC_key, EVP_PKEY_new_mac_key, EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key \&\- public/private key allocation and raw key handling functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *EVP_PKEY_new(void); +\& int EVP_PKEY_up_ref(EVP_PKEY *key); +\& void EVP_PKEY_free(EVP_PKEY *key); +\& +\& EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, +\& const unsigned char *key, size_t keylen); +\& EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, +\& const unsigned char *key, size_t keylen); +\& EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, +\& size_t len, const EVP_CIPHER *cipher); +\& EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, +\& int keylen); +\& +\& int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, +\& size_t *len); +\& int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, +\& size_t *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR structure which is +used by OpenSSL to store public and private keys. The reference count is set to +\&\fB1\fR. +.PP +\&\fBEVP_PKEY_up_ref()\fR increments the reference count of \fBkey\fR. +.PP +\&\fBEVP_PKEY_free()\fR decrements the reference count of \fBkey\fR and, if the reference +count is zero, frees it up. If \fBkey\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBEVP_PKEY_new_raw_private_key()\fR allocates a new \fB\s-1EVP_PKEY\s0\fR. If \fBe\fR is non-NULL +then the new \fB\s-1EVP_PKEY\s0\fR structure is associated with the engine \fBe\fR. The +\&\fBtype\fR argument indicates what kind of key this is. The value should be a \s-1NID\s0 +for a public key algorithm that supports raw private keys, i.e. one of +\&\fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR, +\&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. \fBkey\fR points to the +raw private key data for this \fB\s-1EVP_PKEY\s0\fR which should be of length \fBkeylen\fR. +The length should be appropriate for the type of the key. The public key data +will be automatically derived from the given private key data (if appropriate +for the algorithm type). +.PP +\&\fBEVP_PKEY_new_raw_public_key()\fR works in the same way as +\&\fBEVP_PKEY_new_raw_private_key()\fR except that \fBkey\fR points to the raw public key +data. The \fB\s-1EVP_PKEY\s0\fR structure will be initialised without any private key +information. Algorithm types that support raw public keys are +\&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +.PP +\&\fBEVP_PKEY_new_CMAC_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR +except it is only for the \fB\s-1EVP_PKEY_CMAC\s0\fR algorithm type. In addition to the +raw private key data, it also takes a cipher algorithm to be used during +creation of a \s-1CMAC\s0 in the \fBcipher\fR argument. +.PP +\&\fBEVP_PKEY_new_mac_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR. +New applications should use \fBEVP_PKEY_new_raw_private_key()\fR instead. +.PP +\&\fBEVP_PKEY_get_raw_private_key()\fR fills the buffer provided by \fBpriv\fR with raw +private key data. The size of the \fBpriv\fR buffer should be in \fB*len\fR on entry +to the function, and on exit \fB*len\fR is updated with the number of bytes +actually written. If the buffer \fBpriv\fR is \s-1NULL\s0 then \fB*len\fR is populated with +the number of bytes required to hold the key. The calling application is +responsible for ensuring that the buffer is large enough to receive the private +key data. This function only works for algorithms that support raw private keys. +Currently this is: \fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, +\&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +.PP +\&\fBEVP_PKEY_get_raw_public_key()\fR fills the buffer provided by \fBpub\fR with raw +public key data. The size of the \fBpub\fR buffer should be in \fB*len\fR on entry +to the function, and on exit \fB*len\fR is updated with the number of bytes +actually written. If the buffer \fBpub\fR is \s-1NULL\s0 then \fB*len\fR is populated with +the number of bytes required to hold the key. The calling application is +responsible for ensuring that the buffer is large enough to receive the public +key data. This function only works for algorithms that support raw public keys. +Currently this is: \fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or +\&\fB\s-1EVP_PKEY_ED448\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions which require a +general private key without reference to any particular algorithm. +.PP +The structure returned by \fBEVP_PKEY_new()\fR is empty. To add a private or public +key to this empty structure use the appropriate functions described in +\&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or +EVP_PKEY_set1_EC_KEY. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_new()\fR, \fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR, +\&\fBEVP_PKEY_new_CMAC_key()\fR and \fBEVP_PKEY_new_mac_key()\fR return either the newly +allocated \fB\s-1EVP_PKEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBEVP_PKEY_up_ref()\fR, \fBEVP_PKEY_get_raw_private_key()\fR and +\&\fBEVP_PKEY_get_raw_public_key()\fR return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or +EVP_PKEY_set1_EC_KEY +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fBEVP_PKEY_new()\fR and \fBEVP_PKEY_free()\fR functions exist in all versions of OpenSSL. +.PP +The \fBEVP_PKEY_up_ref()\fR function was added in OpenSSL 1.1.0. +.PP +The +\&\fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR, +\&\fBEVP_PKEY_new_CMAC_key()\fR, \fBEVP_PKEY_new_raw_private_key()\fR and +\&\fBEVP_PKEY_get_raw_public_key()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_print_private.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_print_private.3 new file mode 100644 index 00000000..a7c08745 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_print_private.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_PRINT_PRIVATE 3" +.TH EVP_PKEY_PRINT_PRIVATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public key algorithm printing routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +\& int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +\& int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions \fBEVP_PKEY_print_public()\fR, \fBEVP_PKEY_print_private()\fR and +\&\fBEVP_PKEY_print_params()\fR print out the public, private or parameter components +of key \fBpkey\fR respectively. The key is sent to \s-1BIO\s0 \fBout\fR in human readable +form. The parameter \fBindent\fR indicated how far the printout should be indented. +.PP +The \fBpctx\fR parameter allows the print output to be finely tuned by using +\&\s-1ASN1\s0 printing options. If \fBpctx\fR is set to \s-1NULL\s0 then default values will +be used. +.SH "NOTES" +.IX Header "NOTES" +Currently no public key algorithms include any options in the \fBpctx\fR parameter. +.PP +If the key does not include all the components indicated by the function then +only those contained in the key will be printed. For example passing a public +key to \fBEVP_PKEY_print_private()\fR will only print the public components. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions all return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_set1_RSA.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_set1_RSA.3 new file mode 100644 index 00000000..48e151ef --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_set1_RSA.3 @@ -0,0 +1,282 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SET1_RSA 3" +.TH EVP_PKEY_SET1_RSA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine, EVP_PKEY_get0_engine \- EVP_PKEY assignment functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key); +\& int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key); +\& int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key); +\& int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); +\& +\& RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +\& DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +\& DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +\& EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +\& +\& const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); +\& const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); +\& const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); +\& RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); +\& DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); +\& DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey); +\& EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); +\& +\& int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key); +\& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); +\& int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key); +\& int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); +\& int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); +\& int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); +\& +\& int EVP_PKEY_id(const EVP_PKEY *pkey); +\& int EVP_PKEY_base_id(const EVP_PKEY *pkey); +\& int EVP_PKEY_type(int type); +\& int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); +\& +\& ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); +\& int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and +\&\fBEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR. +.PP +\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and +\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or +\&\fB\s-1NULL\s0\fR if the key is not of the correct type. +.PP +\&\fBEVP_PKEY_get0_hmac()\fR, \fBEVP_PKEY_get0_poly1305()\fR, \fBEVP_PKEY_get0_siphash()\fR, +\&\fBEVP_PKEY_get0_RSA()\fR, \fBEVP_PKEY_get0_DSA()\fR, \fBEVP_PKEY_get0_DH()\fR +and \fBEVP_PKEY_get0_EC_KEY()\fR also return the referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR +if the key is not of the correct type but the reference count of the +returned key is \fBnot\fR incremented and so must not be freed up after use. +.PP +\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, +\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR and +\&\fBEVP_PKEY_assign_SIPHASH()\fR also set the referenced key to \fBkey\fR +however these use the supplied \fBkey\fR internally and so \fBkey\fR +will be freed when the parent \fBpkey\fR is freed. +.PP +\&\fBEVP_PKEY_base_id()\fR returns the type of \fBpkey\fR. For example +an \s-1RSA\s0 key will return \fB\s-1EVP_PKEY_RSA\s0\fR. +.PP +\&\fBEVP_PKEY_id()\fR returns the actual \s-1OID\s0 associated with \fBpkey\fR. Historically keys +using the same algorithm could use different OIDs. For example an \s-1RSA\s0 key could +use the OIDs corresponding to the NIDs \fBNID_rsaEncryption\fR (equivalent to +\&\fB\s-1EVP_PKEY_RSA\s0\fR) or \fBNID_rsa\fR (equivalent to \fB\s-1EVP_PKEY_RSA2\s0\fR). The use of +alternative non-standard OIDs is now rare so \fB\s-1EVP_PKEY_RSA2\s0\fR et al are not +often seen in practice. +.PP +\&\fBEVP_PKEY_type()\fR returns the underlying type of the \s-1NID\s0 \fBtype\fR. For example +EVP_PKEY_type(\s-1EVP_PKEY_RSA2\s0) will return \fB\s-1EVP_PKEY_RSA\s0\fR. +.PP +\&\fBEVP_PKEY_get0_engine()\fR returns a reference to the \s-1ENGINE\s0 handling \fBpkey\fR. +.PP +\&\fBEVP_PKEY_set1_engine()\fR sets the \s-1ENGINE\s0 handling \fBpkey\fR to \fBengine\fR. It +must be called after the key algorithm and components are set up. +If \fBengine\fR does not include an \fB\s-1EVP_PKEY_METHOD\s0\fR for \fBpkey\fR an +error occurs. +.PP +\&\fBEVP_PKEY_set_alias_type()\fR allows modifying a \s-1EVP_PKEY\s0 to use a +different set of algorithms than the default. This is currently used +to support \s-1SM2\s0 keys, which use an identical encoding to \s-1ECDSA.\s0 +.SH "NOTES" +.IX Header "NOTES" +In accordance with the OpenSSL naming convention the key obtained +from or assigned to the \fBpkey\fR using the \fB1\fR functions must be +freed as well as \fBpkey\fR. +.PP +\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, +\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR +and \fBEVP_PKEY_assign_SIPHASH()\fR are implemented as macros. +.PP +Most applications wishing to know a key type will simply call +\&\fBEVP_PKEY_base_id()\fR and will not care about the actual type: +which will be identical in almost all cases. +.PP +Previous versions of this document suggested using EVP_PKEY_type(pkey\->type) +to determine the type of a key. Since \fB\s-1EVP_PKEY\s0\fR is now opaque this +is no longer possible: the equivalent is EVP_PKEY_base_id(pkey). +.PP +\&\fBEVP_PKEY_set1_engine()\fR is typically used by an \s-1ENGINE\s0 returning an \s-1HSM\s0 +key as part of its routine to load a private key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and +\&\fBEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. +.PP +\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and +\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, +\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR +and \fBEVP_PKEY_assign_SIPHASH()\fR return 1 for success and 0 for failure. +.PP +\&\fBEVP_PKEY_base_id()\fR, \fBEVP_PKEY_id()\fR and \fBEVP_PKEY_type()\fR return a key +type or \fBNID_undef\fR (equivalently \fB\s-1EVP_PKEY_NONE\s0\fR) on error. +.PP +\&\fBEVP_PKEY_set1_engine()\fR returns 1 for success and 0 for failure. +.PP +\&\fBEVP_PKEY_set_alias_type()\fR returns 1 for success and 0 for error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +After loading an \s-1ECC\s0 key, it is possible to convert it to using \s-1SM2\s0 +algorithms with EVP_PKEY_set_alias_type: +.PP +.Vb 1 +\& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_sign.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_sign.3 new file mode 100644 index 00000000..3b2733c9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_sign.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SIGN 3" +.TH EVP_PKEY_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_sign_init, EVP_PKEY_sign \- sign using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_sign_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a signing operation. +.PP +The \fBEVP_PKEY_sign()\fR function performs a public key signing operation +using \fBctx\fR. The data to be signed is specified using the \fBtbs\fR and +\&\fBtbslen\fR parameters. If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBsiglen\fR parameter should contain the length of the +\&\fBsig\fR buffer, if the call is successful the signature is written to +\&\fBsig\fR and the amount of data written to \fBsiglen\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fBEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is +normally used to sign digests. For signing arbitrary messages, see the +\&\fBEVP_DigestSignInit\fR\|(3) and +\&\fBEVP_SignInit\fR\|(3) signing interfaces instead. +.PP +After the call to \fBEVP_PKEY_sign_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation (see \fBEVP_PKEY_CTX_ctrl\fR\|(3)). +.PP +The function \fBEVP_PKEY_sign()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_sign_init()\fR and \fBEVP_PKEY_sign()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& /* md is a SHA\-256 digest in this example. */ +\& unsigned char *md, *sig; +\& size_t mdlen = 32, siglen; +\& EVP_PKEY *signing_key; +\& +\& /* +\& * NB: assumes signing_key and md are set up before the next +\& * step. signing_key must be an RSA private key and md must +\& * point to the SHA\-256 digest to be signed. +\& */ +\& ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_sign_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) +\& /* Error */ +\& +\& sig = OPENSSL_malloc(siglen); +\& +\& if (!sig) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) +\& /* Error */ +\& +\& /* Signature is siglen bytes written to buffer sig */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_size.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_size.3 new file mode 100644 index 00000000..06a8243f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_size.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SIZE 3" +.TH EVP_PKEY_SIZE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits \&\- EVP_PKEY information functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_size(const EVP_PKEY *pkey); +\& int EVP_PKEY_bits(const EVP_PKEY *pkey); +\& int EVP_PKEY_security_bits(const EVP_PKEY *pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_size()\fR returns the maximum suitable size for the output +buffers for almost all operations that can be done with \fIpkey\fR. +The primary documented use is with \fBEVP_SignFinal\fR\|(3) and +\&\fBEVP_SealInit\fR\|(3), but it isn't limited there. The returned size is +also large enough for the output buffer of \fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), \fBEVP_PKEY_decrypt\fR\|(3), \fBEVP_PKEY_derive\fR\|(3). +.PP +It must be stressed that, unless the documentation for the operation +that's being performed says otherwise, the size returned by +\&\fBEVP_PKEY_size()\fR is only preliminary and not exact, so the final +contents of the target buffer may be smaller. It is therefore crucial +to take note of the size given back by the function that performs the +operation, such as \fBEVP_PKEY_sign\fR\|(3) (the \fIsiglen\fR argument will +receive that length), to avoid bugs. +.PP +\&\fBEVP_PKEY_bits()\fR returns the cryptographic length of the cryptosystem +to which the key in \fIpkey\fR belongs, in bits. Note that the definition +of cryptographic length is specific to the key cryptosystem. +.PP +\&\fBEVP_PKEY_security_bits()\fR returns the number of security bits of the given +\&\fIpkey\fR, bits of security is defined in \s-1NIST SP800\-57.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_size()\fR, \fBEVP_PKEY_bits()\fR and \fBEVP_PKEY_security_bits()\fR return a +positive number, or 0 if this size isn't available. +.SH "NOTES" +.IX Header "NOTES" +Most functions that have an output buffer and are mentioned with +\&\fBEVP_PKEY_size()\fR have a functionality where you can pass \s-1NULL\s0 for the +buffer and still pass a pointer to an integer and get the exact size +that this function call delivers in the context that it's called in. +This allows those functions to be called twice, once to find out the +exact buffer size, then allocate the buffer in between, and call that +function again actually output the data. For those functions, it +isn't strictly necessary to call \fBEVP_PKEY_size()\fR to find out the +buffer size, but may be useful in cases where it's desirable to know +the upper limit in advance. +.PP +It should also be especially noted that \fBEVP_PKEY_size()\fR shouldn't be +used to get the output size for \fBEVP_DigestSignFinal()\fR, according to +\&\*(L"\s-1NOTES\*(R"\s0 in \fBEVP_DigestSignFinal\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_SignFinal\fR\|(3), +\&\fBEVP_SealInit\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_verify.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_verify.3 new file mode 100644 index 00000000..ecbb5fc2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_verify.3 @@ -0,0 +1,234 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_VERIFY 3" +.TH EVP_PKEY_VERIFY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_verify_init, EVP_PKEY_verify \- signature verification using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, size_t siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_verify_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a signature verification operation. +.PP +The \fBEVP_PKEY_verify()\fR function performs a public key verification operation +using \fBctx\fR. The signature is specified using the \fBsig\fR and +\&\fBsiglen\fR parameters. The verified data (i.e. the data believed originally +signed) is specified using the \fBtbs\fR and \fBtbslen\fR parameters. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_verify_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fBEVP_PKEY_verify()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_verify_init()\fR and \fBEVP_PKEY_verify()\fR return 1 if the verification was +successful and 0 if it failed. Unlike other functions the return value 0 from +\&\fBEVP_PKEY_verify()\fR only indicates that the signature did not verify +successfully (that is tbs did not match the original data or the signature was +of invalid form) it is not an indication of a more serious error. +.PP +A negative value indicates an error other that signature verification failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Verify signature using PKCS#1 and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *md, *sig; +\& size_t mdlen, siglen; +\& EVP_PKEY *verify_key; +\& +\& /* +\& * NB: assumes verify_key, sig, siglen md and mdlen are already set up +\& * and that verify_key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_verify_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Perform operation */ +\& ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); +\& +\& /* +\& * ret == 1 indicates success, 0 verify failure and < 0 for some +\& * other error. +\& */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_verify_recover.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_verify_recover.3 new file mode 100644 index 00000000..44d05a5b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_PKEY_verify_recover.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_VERIFY_RECOVER 3" +.TH EVP_PKEY_VERIFY_RECOVER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover \- recover signature using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, +\& unsigned char *rout, size_t *routlen, +\& const unsigned char *sig, size_t siglen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_verify_recover_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a verify recover operation. +.PP +The \fBEVP_PKEY_verify_recover()\fR function recovers signed data +using \fBctx\fR. The signature is specified using the \fBsig\fR and +\&\fBsiglen\fR parameters. If \fBrout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBroutlen\fR parameter. If \fBrout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBroutlen\fR parameter should contain the length of the +\&\fBrout\fR buffer, if the call is successful recovered data is written to +\&\fBrout\fR and the amount of data written to \fBroutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +Normally an application is only interested in whether a signature verification +operation is successful in those cases the \fBEVP_verify()\fR function should be +used. +.PP +Sometimes however it is useful to obtain the data originally signed using a +signing operation. Only certain public key algorithms can recover a signature +in this way (for example \s-1RSA\s0 in \s-1PKCS\s0 padding mode). +.PP +After the call to \fBEVP_PKEY_verify_recover_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fBEVP_PKEY_verify_recover()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_verify_recover_init()\fR and \fBEVP_PKEY_verify_recover()\fR return 1 for success +and 0 or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Recover digest originally signed using PKCS#1 and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *rout, *sig; +\& size_t routlen, siglen; +\& EVP_PKEY *verify_key; +\& +\& /* +\& * NB: assumes verify_key, sig and siglen are already set up +\& * and that verify_key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_verify_recover_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0) +\& /* Error */ +\& +\& rout = OPENSSL_malloc(routlen); +\& +\& if (!rout) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0) +\& /* Error */ +\& +\& /* Recovered data is routlen bytes written to buffer rout */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_SealInit.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_SealInit.3 new file mode 100644 index 00000000..cb48d5e3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_SealInit.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SEALINIT 3" +.TH EVP_SEALINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char **ek, int *ekl, unsigned char *iv, +\& EVP_PKEY **pubk, int npubk); +\& int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, unsigned char *in, int inl); +\& int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 envelope routines are a high level interface to envelope +encryption. They generate a random key and \s-1IV\s0 (if required) then +\&\*(L"envelope\*(R" it by using public key encryption. Data can then be +encrypted using this key. +.PP +\&\fBEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption +with cipher \fBtype\fR using a random secret key and \s-1IV.\s0 \fBtype\fR is normally +supplied by a function such as \fBEVP_aes_256_cbc()\fR. The secret key is encrypted +using one or more public keys, this allows the same encrypted data to be +decrypted using any of the corresponding private keys. \fBek\fR is an array of +buffers where the public key encrypted secret key will be written, each buffer +must contain enough room for the corresponding encrypted key: that is +\&\fBek[i]\fR must have room for \fBEVP_PKEY_size(pubk[i])\fR bytes. The actual +size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is +an array of \fBnpubk\fR public keys. +.PP +The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must +contain enough room for the corresponding cipher's \s-1IV,\s0 as determined by (for +example) EVP_CIPHER_iv_length(type). +.PP +If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored +and can be \fB\s-1NULL\s0\fR. +.PP +\&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR have exactly the same properties +as the \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal()\fR routines, as +documented on the \fBEVP_EncryptInit\fR\|(3) manual +page. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful. +.PP +\&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR return 1 for success and 0 for +failure. +.SH "NOTES" +.IX Header "NOTES" +Because a random secret key is generated the random number generator +must be seeded when \fBEVP_SealInit()\fR is called. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +The public key must be \s-1RSA\s0 because it is the only OpenSSL public key +algorithm that supports key transport. +.PP +Envelope encryption is the usual method of using public key encryption +on large amounts of data, this is because public key encryption is slow +but symmetric encryption is fast. So symmetric encryption is used for +bulk encryption and the small random symmetric key used is transferred +using public key encryption. +.PP +It is possible to call \fBEVP_SealInit()\fR twice in the same way as +\&\fBEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0 +and (after setting any cipher parameters) it should be called again +with \fBtype\fR set to \s-1NULL.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_OpenInit\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_SignInit.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_SignInit.3 new file mode 100644 index 00000000..5ec46b7f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_SignInit.3 @@ -0,0 +1,228 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SIGNINIT 3" +.TH EVP_SIGNINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal \&\- EVP signing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey); +\& +\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital +signatures. +.PP +\&\fBEVP_SignInit_ex()\fR sets up signing context \fIctx\fR to use digest +\&\fItype\fR from \fB\s-1ENGINE\s0\fR \fIimpl\fR. \fIctx\fR must be created with +\&\fBEVP_MD_CTX_new()\fR before calling this function. +.PP +\&\fBEVP_SignUpdate()\fR hashes \fIcnt\fR bytes of data at \fId\fR into the +signature context \fIctx\fR. This function can be called several times on the +same \fIctx\fR to include additional data. +.PP +\&\fBEVP_SignFinal()\fR signs the data in \fIctx\fR using the private key \fIpkey\fR and +places the signature in \fIsig\fR. \fIsig\fR must be at least \f(CW\*(C`EVP_PKEY_size(pkey)\*(C'\fR +bytes in size. \fIs\fR is an \s-1OUT\s0 parameter, and not used as an \s-1IN\s0 parameter. +The number of bytes of data written (i.e. the length of the signature) +will be written to the integer at \fIs\fR, at most \f(CW\*(C`EVP_PKEY_size(pkey)\*(C'\fR bytes +will be written. +.PP +\&\fBEVP_SignInit()\fR initializes a signing context \fIctx\fR to use the default +implementation of digest \fItype\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_SignInit_ex()\fR, \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR return 1 +for success and 0 for failure. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +When signing with \s-1DSA\s0 private keys the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +This requirement does not hold for \s-1RSA\s0 signatures. +.PP +The call to \fBEVP_SignFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR can be called +later to digest and sign additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak +will occur. +.SH "BUGS" +.IX Header "BUGS" +Older versions of this documentation wrongly stated that calls to +\&\fBEVP_SignUpdate()\fR could not be made after calling \fBEVP_SignFinal()\fR. +.PP +Since the private key is passed in the call to \fBEVP_SignFinal()\fR any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through \fBEVP_SignUpdate()\fR. +.PP +It is not possible to change the signing parameters using these function. +.PP +The previous two bugs are fixed in the newer EVP_SignDigest*() function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_size\fR\|(3), \fBEVP_PKEY_bits\fR\|(3), \fBEVP_PKEY_security_bits\fR\|(3), +\&\fBEVP_VerifyInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_VerifyInit.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_VerifyInit.3 new file mode 100644 index 00000000..e270d75b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_VerifyInit.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_VERIFYINIT 3" +.TH EVP_VERIFYINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_VerifyInit_ex, EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \&\- EVP signature verification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, +\& EVP_PKEY *pkey); +\& +\& int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature verification routines are a high level interface to digital +signatures. +.PP +\&\fBEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created by calling +\&\fBEVP_MD_CTX_new()\fR before calling this function. +.PP +\&\fBEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +verification context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. +.PP +\&\fBEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR +and against the \fBsiglen\fR bytes at \fBsigbuf\fR. +.PP +\&\fBEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default +implementation of digest \fBtype\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_VerifyInit_ex()\fR and \fBEVP_VerifyUpdate()\fR return 1 for success and 0 for +failure. +.PP +\&\fBEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some +other error occurred. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +The call to \fBEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can be called +later to digest and verify additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak +will occur. +.SH "BUGS" +.IX Header "BUGS" +Older versions of this documentation wrongly stated that calls to +\&\fBEVP_VerifyUpdate()\fR could not be made after calling \fBEVP_VerifyFinal()\fR. +.PP +Since the public key is passed in the call to \fBEVP_SignFinal()\fR any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through \fBEVP_SignUpdate()\fR. +.PP +It is not possible to change the signing parameters using these function. +.PP +The previous two bugs are fixed in the newer EVP_DigestVerify*() function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_SignInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_aes.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_aes.3 new file mode 100644 index 00000000..ca024fcd --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_aes.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_AES 3" +.TH EVP_AES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_aes_128_cbc, EVP_aes_192_cbc, EVP_aes_256_cbc, EVP_aes_128_cfb, EVP_aes_192_cfb, EVP_aes_256_cfb, EVP_aes_128_cfb1, EVP_aes_192_cfb1, EVP_aes_256_cfb1, EVP_aes_128_cfb8, EVP_aes_192_cfb8, EVP_aes_256_cfb8, EVP_aes_128_cfb128, EVP_aes_192_cfb128, EVP_aes_256_cfb128, EVP_aes_128_ctr, EVP_aes_192_ctr, EVP_aes_256_ctr, EVP_aes_128_ecb, EVP_aes_192_ecb, EVP_aes_256_ecb, EVP_aes_128_ofb, EVP_aes_192_ofb, EVP_aes_256_ofb, EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1, EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256, EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ocb, EVP_aes_192_ocb, EVP_aes_256_ocb, EVP_aes_128_wrap, EVP_aes_192_wrap, EVP_aes_256_wrap, EVP_aes_128_wrap_pad, EVP_aes_192_wrap_pad, EVP_aes_256_wrap_pad, EVP_aes_128_xts, EVP_aes_256_xts \&\- EVP AES cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_aes_128_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1AES\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_aes_128_cbc()\fR, \fBEVP_aes_192_cbc()\fR, \fBEVP_aes_256_cbc()\fR, \fBEVP_aes_128_cfb()\fR, \fBEVP_aes_192_cfb()\fR, \fBEVP_aes_256_cfb()\fR, \fBEVP_aes_128_cfb1()\fR, \fBEVP_aes_192_cfb1()\fR, \fBEVP_aes_256_cfb1()\fR, \fBEVP_aes_128_cfb8()\fR, \fBEVP_aes_192_cfb8()\fR, \fBEVP_aes_256_cfb8()\fR, \fBEVP_aes_128_cfb128()\fR, \fBEVP_aes_192_cfb128()\fR, \fBEVP_aes_256_cfb128()\fR, \fBEVP_aes_128_ctr()\fR, \fBEVP_aes_192_ctr()\fR, \fBEVP_aes_256_ctr()\fR, \fBEVP_aes_128_ecb()\fR, \fBEVP_aes_192_ecb()\fR, \fBEVP_aes_256_ecb()\fR, \fBEVP_aes_128_ofb()\fR, \fBEVP_aes_192_ofb()\fR, \fBEVP_aes_256_ofb()\fR" 4 +.IX Item "EVP_aes_128_cbc(), EVP_aes_192_cbc(), EVP_aes_256_cbc(), EVP_aes_128_cfb(), EVP_aes_192_cfb(), EVP_aes_256_cfb(), EVP_aes_128_cfb1(), EVP_aes_192_cfb1(), EVP_aes_256_cfb1(), EVP_aes_128_cfb8(), EVP_aes_192_cfb8(), EVP_aes_256_cfb8(), EVP_aes_128_cfb128(), EVP_aes_192_cfb128(), EVP_aes_256_cfb128(), EVP_aes_128_ctr(), EVP_aes_192_ctr(), EVP_aes_256_ctr(), EVP_aes_128_ecb(), EVP_aes_192_ecb(), EVP_aes_256_ecb(), EVP_aes_128_ofb(), EVP_aes_192_ofb(), EVP_aes_256_ofb()" +\&\s-1AES\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit +shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB,\s0 and \s-1OFB.\s0 +.IP "\fBEVP_aes_128_cbc_hmac_sha1()\fR, \fBEVP_aes_256_cbc_hmac_sha1()\fR" 4 +.IX Item "EVP_aes_128_cbc_hmac_sha1(), EVP_aes_256_cbc_hmac_sha1()" +Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA\-1\s0 as \s-1HMAC,\s0 with keys of +128 and 256 bits length respectively. The authentication tag is 160 bits long. +.Sp +\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 +interface. +.IP "\fBEVP_aes_128_cbc_hmac_sha256()\fR, \fBEVP_aes_256_cbc_hmac_sha256()\fR" 4 +.IX Item "EVP_aes_128_cbc_hmac_sha256(), EVP_aes_256_cbc_hmac_sha256()" +Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA256\s0 (\s-1SHA\-2,\s0 256\-bits) as +\&\s-1HMAC,\s0 with keys of 128 and 256 bits length respectively. The authentication tag +is 256 bits long. +.Sp +\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 +interface. +.IP "\fBEVP_aes_128_ccm()\fR, \fBEVP_aes_192_ccm()\fR, \fBEVP_aes_256_ccm()\fR, \fBEVP_aes_128_gcm()\fR, \fBEVP_aes_192_gcm()\fR, \fBEVP_aes_256_gcm()\fR, \fBEVP_aes_128_ocb()\fR, \fBEVP_aes_192_ocb()\fR, \fBEVP_aes_256_ocb()\fR" 4 +.IX Item "EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm(), EVP_aes_128_gcm(), EVP_aes_192_gcm(), EVP_aes_256_gcm(), EVP_aes_128_ocb(), EVP_aes_192_ocb(), EVP_aes_256_ocb()" +\&\s-1AES\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0), Galois Counter Mode +(\s-1GCM\s0) and \s-1OCB\s0 Mode respectively. These ciphers require additional control +operations to function correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) +section for details. +.IP "\fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_128_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_192_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_256_wrap_pad()\fR" 4 +.IX Item "EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_256_wrap_pad()" +\&\s-1AES\s0 key wrap with 128, 192 and 256 bit keys, as according to \s-1RFC 3394\s0 section +2.2.1 (\*(L"wrap\*(R") and \s-1RFC 5649\s0 section 4.1 (\*(L"wrap with padding\*(R") respectively. +.IP "\fBEVP_aes_128_xts()\fR, \fBEVP_aes_256_xts()\fR" 4 +.IX Item "EVP_aes_128_xts(), EVP_aes_256_xts()" +\&\s-1AES XTS\s0 mode (XTS-AES) is standardized in \s-1IEEE\s0 Std. 1619\-2007 and described in \s-1NIST +SP 800\-38E.\s0 The \s-1XTS\s0 (XEX-based tweaked-codebook mode with ciphertext stealing) +mode was designed by Prof. Phillip Rogaway of University of California, Davis, +intended for encrypting data on a storage device. +.Sp +XTS-AES provides confidentiality but not authentication of data. It also +requires a key of double-length for protection of a certain key size. +In particular, \s-1XTS\-AES\-128\s0 (\fBEVP_aes_128_xts\fR) takes input of a 256\-bit key to +achieve \s-1AES\s0 128\-bit security, and \s-1XTS\-AES\-256\s0 (\fBEVP_aes_256_xts\fR) takes input +of a 512\-bit key to achieve \s-1AES\s0 256\-bit security. +.Sp +The \s-1XTS\s0 implementation in OpenSSL does not support streaming. That is there must +only be one \fBEVP_EncryptUpdate\fR\|(3) call per \fBEVP_EncryptInit_ex\fR\|(3) call (and +similarly with the \*(L"Decrypt\*(R" functions). +.Sp +The \fIiv\fR parameter to \fBEVP_EncryptInit_ex\fR\|(3) or \fBEVP_DecryptInit_ex\fR\|(3) is +the \s-1XTS\s0 \*(L"tweak\*(R" value. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_aria.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_aria.3 new file mode 100644 index 00000000..a75afbcf --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_aria.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ARIA 3" +.TH EVP_ARIA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_aria_128_cbc, EVP_aria_192_cbc, EVP_aria_256_cbc, EVP_aria_128_cfb, EVP_aria_192_cfb, EVP_aria_256_cfb, EVP_aria_128_cfb1, EVP_aria_192_cfb1, EVP_aria_256_cfb1, EVP_aria_128_cfb8, EVP_aria_192_cfb8, EVP_aria_256_cfb8, EVP_aria_128_cfb128, EVP_aria_192_cfb128, EVP_aria_256_cfb128, EVP_aria_128_ctr, EVP_aria_192_ctr, EVP_aria_256_ctr, EVP_aria_128_ecb, EVP_aria_192_ecb, EVP_aria_256_ecb, EVP_aria_128_ofb, EVP_aria_192_ofb, EVP_aria_256_ofb, EVP_aria_128_ccm, EVP_aria_192_ccm, EVP_aria_256_ccm, EVP_aria_128_gcm, EVP_aria_192_gcm, EVP_aria_256_gcm, \&\- EVP ARIA cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_aria_128_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ARIA\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_aria_128_cbc()\fR, \fBEVP_aria_192_cbc()\fR, \fBEVP_aria_256_cbc()\fR, \fBEVP_aria_128_cfb()\fR, \fBEVP_aria_192_cfb()\fR, \fBEVP_aria_256_cfb()\fR, \fBEVP_aria_128_cfb1()\fR, \fBEVP_aria_192_cfb1()\fR, \fBEVP_aria_256_cfb1()\fR, \fBEVP_aria_128_cfb8()\fR, \fBEVP_aria_192_cfb8()\fR, \fBEVP_aria_256_cfb8()\fR, \fBEVP_aria_128_cfb128()\fR, \fBEVP_aria_192_cfb128()\fR, \fBEVP_aria_256_cfb128()\fR, \fBEVP_aria_128_ctr()\fR, \fBEVP_aria_192_ctr()\fR, \fBEVP_aria_256_ctr()\fR, \fBEVP_aria_128_ecb()\fR, \fBEVP_aria_192_ecb()\fR, \fBEVP_aria_256_ecb()\fR, \fBEVP_aria_128_ofb()\fR, \fBEVP_aria_192_ofb()\fR, \fBEVP_aria_256_ofb()\fR" 4 +.IX Item "EVP_aria_128_cbc(), EVP_aria_192_cbc(), EVP_aria_256_cbc(), EVP_aria_128_cfb(), EVP_aria_192_cfb(), EVP_aria_256_cfb(), EVP_aria_128_cfb1(), EVP_aria_192_cfb1(), EVP_aria_256_cfb1(), EVP_aria_128_cfb8(), EVP_aria_192_cfb8(), EVP_aria_256_cfb8(), EVP_aria_128_cfb128(), EVP_aria_192_cfb128(), EVP_aria_256_cfb128(), EVP_aria_128_ctr(), EVP_aria_192_ctr(), EVP_aria_256_ctr(), EVP_aria_128_ecb(), EVP_aria_192_ecb(), EVP_aria_256_ecb(), EVP_aria_128_ofb(), EVP_aria_192_ofb(), EVP_aria_256_ofb()" +\&\s-1ARIA\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with +128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 +.IP "\fBEVP_aria_128_ccm()\fR, \fBEVP_aria_192_ccm()\fR, \fBEVP_aria_256_ccm()\fR, \fBEVP_aria_128_gcm()\fR, \fBEVP_aria_192_gcm()\fR, \fBEVP_aria_256_gcm()\fR," 4 +.IX Item "EVP_aria_128_ccm(), EVP_aria_192_ccm(), EVP_aria_256_ccm(), EVP_aria_128_gcm(), EVP_aria_192_gcm(), EVP_aria_256_gcm()," +\&\s-1ARIA\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0) and Galois Counter +Mode (\s-1GCM\s0). These ciphers require additional control operations to function +correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_bf_cbc.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_bf_cbc.3 new file mode 100644 index 00000000..40c2ae1f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_bf_cbc.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_BF_CBC 3" +.TH EVP_BF_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_bf_cbc, EVP_bf_cfb, EVP_bf_cfb64, EVP_bf_ecb, EVP_bf_ofb \&\- EVP Blowfish cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_bf_cbc(void) +\& const EVP_CIPHER *EVP_bf_cfb(void) +\& const EVP_CIPHER *EVP_bf_cfb64(void) +\& const EVP_CIPHER *EVP_bf_ecb(void) +\& const EVP_CIPHER *EVP_bf_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Blowfish encryption algorithm for \s-1EVP.\s0 +.PP +This is a variable key length cipher. +.IP "\fBEVP_bf_cbc()\fR, \fBEVP_bf_cfb()\fR, \fBEVP_bf_cfb64()\fR, \fBEVP_bf_ecb()\fR, \fBEVP_bf_ofb()\fR" 4 +.IX Item "EVP_bf_cbc(), EVP_bf_cfb(), EVP_bf_cfb64(), EVP_bf_ecb(), EVP_bf_ofb()" +Blowfish encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_blake2b512.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_blake2b512.3 new file mode 100644 index 00000000..a46b8902 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_blake2b512.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_BLAKE2B512 3" +.TH EVP_BLAKE2B512 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_blake2b512, EVP_blake2s256 \&\- BLAKE2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_blake2b512(void); +\& const EVP_MD *EVP_blake2s256(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1BLAKE2\s0 is an improved version of \s-1BLAKE,\s0 which was submitted to the \s-1NIST SHA\-3\s0 +algorithm competition. The BLAKE2s and BLAKE2b algorithms are described in +\&\s-1RFC 7693.\s0 +.IP "\fBEVP_blake2s256()\fR" 4 +.IX Item "EVP_blake2s256()" +The BLAKE2s algorithm that produces a 256\-bit output from a given input. +.IP "\fBEVP_blake2b512()\fR" 4 +.IX Item "EVP_blake2b512()" +The BLAKE2b algorithm that produces a 512\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 7693.\s0 +.SH "NOTES" +.IX Header "NOTES" +While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, +this implementation outputs a digest of a fixed length (the maximum length +supported), which is 512\-bits for BLAKE2b and 256\-bits for BLAKE2s. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_camellia.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_camellia.3 new file mode 100644 index 00000000..4eefb923 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_camellia.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CAMELLIA 3" +.TH EVP_CAMELLIA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_camellia_128_cbc, EVP_camellia_192_cbc, EVP_camellia_256_cbc, EVP_camellia_128_cfb, EVP_camellia_192_cfb, EVP_camellia_256_cfb, EVP_camellia_128_cfb1, EVP_camellia_192_cfb1, EVP_camellia_256_cfb1, EVP_camellia_128_cfb8, EVP_camellia_192_cfb8, EVP_camellia_256_cfb8, EVP_camellia_128_cfb128, EVP_camellia_192_cfb128, EVP_camellia_256_cfb128, EVP_camellia_128_ctr, EVP_camellia_192_ctr, EVP_camellia_256_ctr, EVP_camellia_128_ecb, EVP_camellia_192_ecb, EVP_camellia_256_ecb, EVP_camellia_128_ofb, EVP_camellia_192_ofb, EVP_camellia_256_ofb \&\- EVP Camellia cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_camellia_128_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Camellia encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_camellia_128_cbc()\fR, \fBEVP_camellia_192_cbc()\fR, \fBEVP_camellia_256_cbc()\fR, \fBEVP_camellia_128_cfb()\fR, \fBEVP_camellia_192_cfb()\fR, \fBEVP_camellia_256_cfb()\fR, \fBEVP_camellia_128_cfb1()\fR, \fBEVP_camellia_192_cfb1()\fR, \fBEVP_camellia_256_cfb1()\fR, \fBEVP_camellia_128_cfb8()\fR, \fBEVP_camellia_192_cfb8()\fR, \fBEVP_camellia_256_cfb8()\fR, \fBEVP_camellia_128_cfb128()\fR, \fBEVP_camellia_192_cfb128()\fR, \fBEVP_camellia_256_cfb128()\fR, \fBEVP_camellia_128_ctr()\fR, \fBEVP_camellia_192_ctr()\fR, \fBEVP_camellia_256_ctr()\fR, \fBEVP_camellia_128_ecb()\fR, \fBEVP_camellia_192_ecb()\fR, \fBEVP_camellia_256_ecb()\fR, \fBEVP_camellia_128_ofb()\fR, \fBEVP_camellia_192_ofb()\fR, \fBEVP_camellia_256_ofb()\fR" 4 +.IX Item "EVP_camellia_128_cbc(), EVP_camellia_192_cbc(), EVP_camellia_256_cbc(), EVP_camellia_128_cfb(), EVP_camellia_192_cfb(), EVP_camellia_256_cfb(), EVP_camellia_128_cfb1(), EVP_camellia_192_cfb1(), EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), EVP_camellia_128_cfb128(), EVP_camellia_192_cfb128(), EVP_camellia_256_cfb128(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), EVP_camellia_128_ecb(), EVP_camellia_192_ecb(), EVP_camellia_256_ecb(), EVP_camellia_128_ofb(), EVP_camellia_192_ofb(), EVP_camellia_256_ofb()" +Camellia for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with +128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_cast5_cbc.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_cast5_cbc.3 new file mode 100644 index 00000000..05e420aa --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_cast5_cbc.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CAST5_CBC 3" +.TH EVP_CAST5_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_cast5_cbc, EVP_cast5_cfb, EVP_cast5_cfb64, EVP_cast5_ecb, EVP_cast5_ofb \&\- EVP CAST cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_cast5_cbc(void) +\& const EVP_CIPHER *EVP_cast5_cfb(void) +\& const EVP_CIPHER *EVP_cast5_cfb64(void) +\& const EVP_CIPHER *EVP_cast5_ecb(void) +\& const EVP_CIPHER *EVP_cast5_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1CAST\s0 encryption algorithm for \s-1EVP.\s0 +.PP +This is a variable key length cipher. +.IP "\fBEVP_cast5_cbc()\fR, \fBEVP_cast5_ecb()\fR, \fBEVP_cast5_cfb()\fR, \fBEVP_cast5_cfb64()\fR, \fBEVP_cast5_ofb()\fR" 4 +.IX Item "EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_cfb64(), EVP_cast5_ofb()" +\&\s-1CAST\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_chacha20.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_chacha20.3 new file mode 100644 index 00000000..305cd63d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_chacha20.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CHACHA20 3" +.TH EVP_CHACHA20 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_chacha20, EVP_chacha20_poly1305 \&\- EVP ChaCha20 stream cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_chacha20(void) +\& const EVP_CIPHER *EVP_chacha20_poly1305(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The ChaCha20 stream cipher for \s-1EVP.\s0 +.IP "\fBEVP_chacha20()\fR" 4 +.IX Item "EVP_chacha20()" +The ChaCha20 stream cipher. The key length is 256 bits, the \s-1IV\s0 is 128 bits long. +The first 32 bits consists of a counter in little-endian order followed by a 96 +bit nonce. For example a nonce of: +.Sp +000000000000000000000002 +.Sp +With an initial counter of 42 (2a in hex) would be expressed as: +.Sp +2a000000000000000000000000000002 +.IP "\fBEVP_chacha20_poly1305()\fR" 4 +.IX Item "EVP_chacha20_poly1305()" +Authenticated encryption with ChaCha20\-Poly1305. Like \fBEVP_chacha20()\fR, the key +is 256 bits and the \s-1IV\s0 is 96 bits. This supports additional authenticated data +(\s-1AAD\s0) and produces a 128\-bit authentication tag. See the +\&\*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for more information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_des.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_des.3 new file mode 100644 index 00000000..ece46dd0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_des.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DES 3" +.TH EVP_DES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_des_cbc, EVP_des_cfb, EVP_des_cfb1, EVP_des_cfb8, EVP_des_cfb64, EVP_des_ecb, EVP_des_ofb, EVP_des_ede, EVP_des_ede_cbc, EVP_des_ede_cfb, EVP_des_ede_cfb64, EVP_des_ede_ecb, EVP_des_ede_ofb, EVP_des_ede3, EVP_des_ede3_cbc, EVP_des_ede3_cfb, EVP_des_ede3_cfb1, EVP_des_ede3_cfb8, EVP_des_ede3_cfb64, EVP_des_ede3_ecb, EVP_des_ede3_ofb, EVP_des_ede3_wrap \&\- EVP DES cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_des_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1DES\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_des_cbc()\fR, \fBEVP_des_ecb()\fR, \fBEVP_des_cfb()\fR, \fBEVP_des_cfb1()\fR, \fBEVP_des_cfb8()\fR, \fBEVP_des_cfb64()\fR, \fBEVP_des_ofb()\fR" 4 +.IX Item "EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), EVP_des_cfb64(), EVP_des_ofb()" +\&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit +shift and \s-1OFB\s0 modes. +.IP "\fBEVP_des_ede()\fR, \fBEVP_des_ede_cbc()\fR, \fBEVP_des_ede_cfb()\fR, \fBEVP_des_ede_cfb64()\fR, \fBEVP_des_ede_ecb()\fR, \fBEVP_des_ede_ofb()\fR" 4 +.IX Item "EVP_des_ede(), EVP_des_ede_cbc(), EVP_des_ede_cfb(), EVP_des_ede_cfb64(), EVP_des_ede_ecb(), EVP_des_ede_ofb()" +Two key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift and \s-1OFB\s0 modes. +.IP "\fBEVP_des_ede3()\fR, \fBEVP_des_ede3_cbc()\fR, \fBEVP_des_ede3_cfb()\fR, \fBEVP_des_ede3_cfb1()\fR, \fBEVP_des_ede3_cfb8()\fR, \fBEVP_des_ede3_cfb64()\fR, \fBEVP_des_ede3_ecb()\fR, \fBEVP_des_ede3_ofb()\fR" 4 +.IX Item "EVP_des_ede3(), EVP_des_ede3_cbc(), EVP_des_ede3_cfb(), EVP_des_ede3_cfb1(), EVP_des_ede3_cfb8(), EVP_des_ede3_cfb64(), EVP_des_ede3_ecb(), EVP_des_ede3_ofb()" +Three-key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, +\&\s-1CFB\s0 with 8\-bit shift and \s-1OFB\s0 modes. +.IP "\fBEVP_des_ede3_wrap()\fR" 4 +.IX Item "EVP_des_ede3_wrap()" +Triple-DES key wrap according to \s-1RFC 3217\s0 Section 3. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_desx_cbc.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_desx_cbc.3 new file mode 100644 index 00000000..1b14f62f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_desx_cbc.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DESX_CBC 3" +.TH EVP_DESX_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_desx_cbc \&\- EVP DES\-X cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_desx_cbc(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The DES-X encryption algorithm for \s-1EVP.\s0 +.PP +All modes below use a key length of 128 bits and acts on blocks of 128\-bits. +.IP "\fBEVP_desx_cbc()\fR" 4 +.IX Item "EVP_desx_cbc()" +The DES-X algorithm in \s-1CBC\s0 mode. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_idea_cbc.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_idea_cbc.3 new file mode 100644 index 00000000..570fe2cf --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_idea_cbc.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_IDEA_CBC 3" +.TH EVP_IDEA_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_idea_cbc, EVP_idea_cfb, EVP_idea_cfb64, EVP_idea_ecb, EVP_idea_ofb \&\- EVP IDEA cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_idea_cbc(void) +\& const EVP_CIPHER *EVP_idea_cfb(void) +\& const EVP_CIPHER *EVP_idea_cfb64(void) +\& const EVP_CIPHER *EVP_idea_ecb(void) +\& const EVP_CIPHER *EVP_idea_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1IDEA\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_idea_cbc()\fR, \fBEVP_idea_cfb()\fR, \fBEVP_idea_cfb64()\fR, \fBEVP_idea_ecb()\fR, \fBEVP_idea_ofb()\fR" 4 +.IX Item "EVP_idea_cbc(), EVP_idea_cfb(), EVP_idea_cfb64(), EVP_idea_ecb(), EVP_idea_ofb()" +The \s-1IDEA\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_md2.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_md2.3 new file mode 100644 index 00000000..549fd02c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_md2.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD2 3" +.TH EVP_MD2 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_md2 \&\- MD2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_md2(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD2\s0 is a cryptographic hash function standardized in \s-1RFC 1319\s0 and designed by +Ronald Rivest. +.IP "\fBEVP_md2()\fR" 4 +.IX Item "EVP_md2()" +The \s-1MD2\s0 algorithm which produces a 128\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 1319.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_md4.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_md4.3 new file mode 100644 index 00000000..1456dbc6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_md4.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD4 3" +.TH EVP_MD4 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_md4 \&\- MD4 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_md4(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD4\s0 is a cryptographic hash function standardized in \s-1RFC 1320\s0 and designed by +Ronald Rivest, first published in 1990. +.IP "\fBEVP_md4()\fR" 4 +.IX Item "EVP_md4()" +The \s-1MD4\s0 algorithm which produces a 128\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 1320.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_md5.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_md5.3 new file mode 100644 index 00000000..81a54988 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_md5.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD5 3" +.TH EVP_MD5 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_md5, EVP_md5_sha1 \&\- MD5 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_md5(void); +\& const EVP_MD *EVP_md5_sha1(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD5\s0 is a cryptographic hash function standardized in \s-1RFC 1321\s0 and designed by +Ronald Rivest. +.PP +The \s-1CMU\s0 Software Engineering Institute considers \s-1MD5\s0 unsuitable for further +use since its security has been severely compromised. +.IP "\fBEVP_md5()\fR" 4 +.IX Item "EVP_md5()" +The \s-1MD5\s0 algorithm which produces a 128\-bit output from a given input. +.IP "\fBEVP_md5_sha1()\fR" 4 +.IX Item "EVP_md5_sha1()" +A hash algorithm of \s-1SSL\s0 v3 that combines \s-1MD5\s0 with \s-1SHA\-1\s0 as described in \s-1RFC +6101.\s0 +.Sp +\&\s-1WARNING:\s0 this algorithm is not intended for non-SSL usage. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 1321.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_mdc2.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_mdc2.3 new file mode 100644 index 00000000..c6152723 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_mdc2.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MDC2 3" +.TH EVP_MDC2 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_mdc2 \&\- MDC\-2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_mdc2(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MDC\-2\s0 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic +hash function based on a block cipher. +.IP "\fBEVP_mdc2()\fR" 4 +.IX Item "EVP_mdc2()" +The \s-1MDC\-2DES\s0 algorithm of using \s-1MDC\-2\s0 with the \s-1DES\s0 block cipher. It produces a +128\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_rc2_cbc.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_rc2_cbc.3 new file mode 100644 index 00000000..1a355df8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_rc2_cbc.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RC2_CBC 3" +.TH EVP_RC2_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_rc2_cbc, EVP_rc2_cfb, EVP_rc2_cfb64, EVP_rc2_ecb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc \&\- EVP RC2 cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_rc2_cbc(void) +\& const EVP_CIPHER *EVP_rc2_cfb(void) +\& const EVP_CIPHER *EVP_rc2_cfb64(void) +\& const EVP_CIPHER *EVP_rc2_ecb(void) +\& const EVP_CIPHER *EVP_rc2_ofb(void) +\& const EVP_CIPHER *EVP_rc2_40_cbc(void) +\& const EVP_CIPHER *EVP_rc2_64_cbc(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1RC2\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_rc2_cbc()\fR, \fBEVP_rc2_cfb()\fR, \fBEVP_rc2_cfb64()\fR, \fBEVP_rc2_ecb()\fR, \fBEVP_rc2_ofb()\fR" 4 +.IX Item "EVP_rc2_cbc(), EVP_rc2_cfb(), EVP_rc2_cfb64(), EVP_rc2_ecb(), EVP_rc2_ofb()" +\&\s-1RC2\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a +variable key length cipher with an additional parameter called \*(L"effective key +bits\*(R" or \*(L"effective key length\*(R". By default both are set to 128 bits. +.IP "\fBEVP_rc2_40_cbc()\fR, \fBEVP_rc2_64_cbc()\fR" 4 +.IX Item "EVP_rc2_40_cbc(), EVP_rc2_64_cbc()" +\&\s-1RC2\s0 algorithm in \s-1CBC\s0 mode with a default key length and effective key length of +40 and 64 bits. +.Sp +\&\s-1WARNING:\s0 these functions are obsolete. Their usage should be replaced with the +\&\fBEVP_rc2_cbc()\fR, \fBEVP_CIPHER_CTX_set_key_length()\fR and \fBEVP_CIPHER_CTX_ctrl()\fR +functions to set the key length and effective key length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_rc4.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_rc4.3 new file mode 100644 index 00000000..5cb98510 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_rc4.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RC4 3" +.TH EVP_RC4 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_rc4, EVP_rc4_40, EVP_rc4_hmac_md5 \&\- EVP RC4 stream cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_rc4(void) +\& const EVP_CIPHER *EVP_rc4_40(void) +\& const EVP_CIPHER *EVP_rc4_hmac_md5(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1RC4\s0 stream cipher for \s-1EVP.\s0 +.IP "\fBEVP_rc4()\fR" 4 +.IX Item "EVP_rc4()" +\&\s-1RC4\s0 stream cipher. This is a variable key length cipher with a default key +length of 128 bits. +.IP "\fBEVP_rc4_40()\fR" 4 +.IX Item "EVP_rc4_40()" +\&\s-1RC4\s0 stream cipher with 40 bit key length. +.Sp +\&\s-1WARNING:\s0 this function is obsolete. Its usage should be replaced with the +\&\fBEVP_rc4()\fR and the \fBEVP_CIPHER_CTX_set_key_length()\fR functions. +.IP "\fBEVP_rc4_hmac_md5()\fR" 4 +.IX Item "EVP_rc4_hmac_md5()" +Authenticated encryption with the \s-1RC4\s0 stream cipher with \s-1MD5\s0 as \s-1HMAC.\s0 +.Sp +\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 +interface. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_rc5_32_12_16_cbc.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_rc5_32_12_16_cbc.3 new file mode 100644 index 00000000..45cc8af1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_rc5_32_12_16_cbc.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RC5_32_12_16_CBC 3" +.TH EVP_RC5_32_12_16_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_cfb64, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb \&\- EVP RC5 cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1RC5\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_rc5_32_12_16_cbc()\fR, \fBEVP_rc5_32_12_16_cfb()\fR, \fBEVP_rc5_32_12_16_cfb64()\fR, \fBEVP_rc5_32_12_16_ecb()\fR, \fBEVP_rc5_32_12_16_ofb()\fR" 4 +.IX Item "EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_cfb64(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_ofb()" +\&\s-1RC5\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a +variable key length cipher with an additional \*(L"number of rounds\*(R" parameter. By +default the key length is set to 128 bits and 12 rounds. Alternative key lengths +can be set using \fBEVP_CIPHER_CTX_set_key_length\fR\|(3). The maximum key length is +2040 bits. +.Sp +The following rc5 specific \fIctrl\fRs are supported (see +\&\fBEVP_CIPHER_CTX_ctrl\fR\|(3)). +.RS 4 +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_SET_RC5_ROUNDS,\s0 rounds, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)" +Sets the number of rounds to \fBrounds\fR. This must be one of \s-1RC5_8_ROUNDS, +RC5_12_ROUNDS\s0 or \s-1RC5_16_ROUNDS.\s0 +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_GET_RC5_ROUNDS, 0,\s0 &rounds)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds)" +Stores the number of rounds currently configured in \fB*rounds\fR where \fB*rounds\fR +is an int. +.RE +.RS 4 +.RE +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_ripemd160.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_ripemd160.3 new file mode 100644 index 00000000..4582df97 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_ripemd160.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RIPEMD160 3" +.TH EVP_RIPEMD160 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_ripemd160 \&\- RIPEMD160 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_ripemd160(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1RIPEMD\-160\s0 is a cryptographic hash function first published in 1996 belonging +to the \s-1RIPEMD\s0 family (\s-1RACE\s0 Integrity Primitives Evaluation Message Digest). +.IP "\fBEVP_ripemd160()\fR" 4 +.IX Item "EVP_ripemd160()" +The \s-1RIPEMD\-160\s0 algorithm which produces a 160\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_seed_cbc.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_seed_cbc.3 new file mode 100644 index 00000000..5f70a6dc --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_seed_cbc.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SEED_CBC 3" +.TH EVP_SEED_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_seed_cbc, EVP_seed_cfb, EVP_seed_cfb128, EVP_seed_ecb, EVP_seed_ofb \&\- EVP SEED cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_seed_cbc(void) +\& const EVP_CIPHER *EVP_seed_cfb(void) +\& const EVP_CIPHER *EVP_seed_cfb128(void) +\& const EVP_CIPHER *EVP_seed_ecb(void) +\& const EVP_CIPHER *EVP_seed_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SEED\s0 encryption algorithm for \s-1EVP.\s0 +.PP +All modes below use a key length of 128 bits and acts on blocks of 128\-bits. +.IP "\fBEVP_seed_cbc()\fR, \fBEVP_seed_cfb()\fR, \fBEVP_seed_cfb128()\fR, \fBEVP_seed_ecb()\fR, \fBEVP_seed_ofb()\fR" 4 +.IX Item "EVP_seed_cbc(), EVP_seed_cfb(), EVP_seed_cfb128(), EVP_seed_ecb(), EVP_seed_ofb()" +The \s-1SEED\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_sha1.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_sha1.3 new file mode 100644 index 00000000..56f3a047 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_sha1.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SHA1 3" +.TH EVP_SHA1 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sha1 \&\- SHA\-1 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sha1(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA\-1\s0 (Secure Hash Algorithm 1) is a cryptographic hash function standardized +in \s-1NIST FIPS 180\-4.\s0 The algorithm was designed by the United States National +Security Agency and initially published in 1995. +.IP "\fBEVP_sha1()\fR" 4 +.IX Item "EVP_sha1()" +The \s-1SHA\-1\s0 algorithm which produces a 160\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST FIPS 180\-4.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_sha224.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_sha224.3 new file mode 100644 index 00000000..dc53e606 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_sha224.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SHA224 3" +.TH EVP_SHA224 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sha224, EVP_sha256, EVP_sha512_224, EVP_sha512_256, EVP_sha384, EVP_sha512 \&\- SHA\-2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sha224(void); +\& const EVP_MD *EVP_sha256(void); +\& const EVP_MD *EVP_sha512_224(void); +\& const EVP_MD *EVP_sha512_256(void); +\& const EVP_MD *EVP_sha384(void); +\& const EVP_MD *EVP_sha512(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA\-2\s0 (Secure Hash Algorithm 2) is a family of cryptographic hash functions +standardized in \s-1NIST FIPS 180\-4,\s0 first published in 2001. +.IP "\fBEVP_sha224()\fR, \fBEVP_sha256()\fR, EVP_sha512_224, EVP_sha512_256, \fBEVP_sha384()\fR, \fBEVP_sha512()\fR" 4 +.IX Item "EVP_sha224(), EVP_sha256(), EVP_sha512_224, EVP_sha512_256, EVP_sha384(), EVP_sha512()" +The \s-1SHA\-2 SHA\-224, SHA\-256, SHA\-512/224, SHA512/256, SHA\-384\s0 and \s-1SHA\-512\s0 +algorithms, which generate 224, 256, 224, 256, 384 and 512 bits +respectively of output from a given input. +.Sp +The two algorithms: \s-1SHA\-512/224\s0 and \s-1SHA512/256\s0 are truncated forms of the +\&\s-1SHA\-512\s0 algorithm. They are distinct from \s-1SHA\-224\s0 and \s-1SHA\-256\s0 even though +their outputs are of the same size. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST FIPS 180\-4.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_sha3_224.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_sha3_224.3 new file mode 100644 index 00000000..8e89e334 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_sha3_224.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SHA3_224 3" +.TH EVP_SHA3_224 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sha3_224, EVP_sha3_256, EVP_sha3_384, EVP_sha3_512, EVP_shake128, EVP_shake256 \&\- SHA\-3 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sha3_224(void); +\& const EVP_MD *EVP_sha3_256(void); +\& const EVP_MD *EVP_sha3_384(void); +\& const EVP_MD *EVP_sha3_512(void); +\& +\& const EVP_MD *EVP_shake128(void); +\& const EVP_MD *EVP_shake256(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA\-3\s0 (Secure Hash Algorithm 3) is a family of cryptographic hash functions +standardized in \s-1NIST FIPS 202,\s0 first published in 2015. It is based on the +Keccak algorithm. +.IP "\fBEVP_sha3_224()\fR, \fBEVP_sha3_256()\fR, \fBEVP_sha3_384()\fR, \fBEVP_sha3_512()\fR" 4 +.IX Item "EVP_sha3_224(), EVP_sha3_256(), EVP_sha3_384(), EVP_sha3_512()" +The \s-1SHA\-3 SHA\-3\-224, SHA\-3\-256, SHA\-3\-384,\s0 and \s-1SHA\-3\-512\s0 algorithms +respectively. They produce 224, 256, 384 and 512 bits of output from a given +input. +.IP "\fBEVP_shake128()\fR, \fBEVP_shake256()\fR" 4 +.IX Item "EVP_shake128(), EVP_shake256()" +The \s-1SHAKE\-128\s0 and \s-1SHAKE\-256\s0 Extendable Output Functions (\s-1XOF\s0) that can generate +a variable hash length. +.Sp +Specifically, \fBEVP_shake128\fR provides an overall security of 128 bits, while +\&\fBEVP_shake256\fR provides that of 256 bits. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST FIPS 202.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_sm3.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_sm3.3 new file mode 100644 index 00000000..697478e4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_sm3.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SM3 3" +.TH EVP_SM3 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sm3 \&\- SM3 for EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sm3(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SM3\s0 is a cryptographic hash function with a 256\-bit output, defined in \s-1GB/T +32905\-2016.\s0 +.IP "\fBEVP_sm3()\fR" 4 +.IX Item "EVP_sm3()" +The \s-1SM3\s0 hash function. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1GB/T 32905\-2016\s0 and \s-1GM/T 0004\-2012.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_sm4_cbc.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_sm4_cbc.3 new file mode 100644 index 00000000..2fd1645f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_sm4_cbc.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SM4_CBC 3" +.TH EVP_SM4_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, EVP_sm4_cfb128, EVP_sm4_ofb, EVP_sm4_ctr \&\- EVP SM4 cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_sm4_cbc(void); +\& const EVP_CIPHER *EVP_sm4_ecb(void); +\& const EVP_CIPHER *EVP_sm4_cfb(void); +\& const EVP_CIPHER *EVP_sm4_cfb128(void); +\& const EVP_CIPHER *EVP_sm4_ofb(void); +\& const EVP_CIPHER *EVP_sm4_ctr(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SM4\s0 blockcipher (\s-1GB/T 32907\-2016\s0) for \s-1EVP.\s0 +.PP +All modes below use a key length of 128 bits and acts on blocks of 128 bits. +.IP "\fBEVP_sm4_cbc()\fR, \fBEVP_sm4_ecb()\fR, \fBEVP_sm4_cfb()\fR, \fBEVP_sm4_cfb128()\fR, \fBEVP_sm4_ofb()\fR, \fBEVP_sm4_ctr()\fR" 4 +.IX Item "EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), EVP_sm4_cfb128(), EVP_sm4_ofb(), EVP_sm4_ctr()" +The \s-1SM4\s0 blockcipher with a 128\-bit key in \s-1CBC, ECB, CFB, OFB\s0 and \s-1CTR\s0 modes +respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_whirlpool.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_whirlpool.3 new file mode 100644 index 00000000..219f91a4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/EVP_whirlpool.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_WHIRLPOOL 3" +.TH EVP_WHIRLPOOL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_whirlpool \&\- WHIRLPOOL For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_whirlpool(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1WHIRLPOOL\s0 is a cryptographic hash function standardized in \s-1ISO/IEC 10118\-3:2004\s0 +designed by Vincent Rijmen and Paulo S. L. M. Barreto. +.IP "\fBEVP_whirlpool()\fR" 4 +.IX Item "EVP_whirlpool()" +The \s-1WHIRLPOOL\s0 algorithm that produces a message digest of 512\-bits from a given +input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC 10118\-3:2004.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/HMAC.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/HMAC.3 new file mode 100644 index 00000000..06596730 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/HMAC.3 @@ -0,0 +1,279 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "HMAC 3" +.TH HMAC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags, HMAC_CTX_get_md, HMAC_size \&\- HMAC message authentication code +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned char *HMAC(const EVP_MD *evp_md, const void *key, +\& int key_len, const unsigned char *d, int n, +\& unsigned char *md, unsigned int *md_len); +\& +\& HMAC_CTX *HMAC_CTX_new(void); +\& int HMAC_CTX_reset(HMAC_CTX *ctx); +\& +\& int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, +\& const EVP_MD *md, ENGINE *impl); +\& int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); +\& int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); +\& +\& void HMAC_CTX_free(HMAC_CTX *ctx); +\& +\& int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); +\& void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); +\& const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); +\& +\& size_t HMAC_size(const HMAC_CTX *e); +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, +\& const EVP_MD *md); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash +function used for message authentication, which is based on a hash +function. +.PP +\&\s-1\fBHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at +\&\fBd\fR using the hash function \fBevp_md\fR and the key \fBkey\fR which is +\&\fBkey_len\fR bytes long. +.PP +It places the result in \fBmd\fR (which must have space for the output of +the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes). +If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. The size of +the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. Note: passing a \s-1NULL\s0 +value for \fBmd\fR to use the static array is not thread safe. +.PP +\&\fBevp_md\fR is a message digest such as \fBEVP_sha1()\fR, \fBEVP_ripemd160()\fR etc. \s-1HMAC\s0 does +not support variable output length digests such as \fBEVP_shake128()\fR and +\&\fBEVP_shake256()\fR. +.PP +\&\fBHMAC_CTX_new()\fR creates a new \s-1HMAC_CTX\s0 in heap memory. +.PP +\&\fBHMAC_CTX_reset()\fR zeroes an existing \fB\s-1HMAC_CTX\s0\fR and associated +resources, making it suitable for new computations as if it was newly +created with \fBHMAC_CTX_new()\fR. +.PP +\&\fBHMAC_CTX_free()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR, +releases any associated resources and finally frees the \fB\s-1HMAC_CTX\s0\fR +itself. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fBHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +function \fBevp_md\fR and key \fBkey\fR. If both are \s-1NULL,\s0 or if \fBkey\fR is \s-1NULL\s0 +and \fBevp_md\fR is the same as the previous call, then the +existing key is +reused. \fBctx\fR must have been created with \fBHMAC_CTX_new()\fR before the first use +of an \fB\s-1HMAC_CTX\s0\fR in this function. +.PP +If \fBHMAC_Init_ex()\fR is called with \fBkey\fR \s-1NULL\s0 and \fBevp_md\fR is not the +same as the previous digest used by \fBctx\fR then an error is returned +because reuse of an existing key with a different digest is not supported. +.PP +\&\fBHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes +long. +.PP +\&\fBHMAC_Update()\fR can be called repeatedly with chunks of the message to +be authenticated (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fBHMAC_Final()\fR places the message authentication code in \fBmd\fR, which +must have space for the hash function output. +.PP +\&\fBHMAC_CTX_copy()\fR copies all of the internal state from \fBsctx\fR into \fBdctx\fR. +.PP +\&\fBHMAC_CTX_set_flags()\fR applies the specified flags to the internal EVP_MD_CTXs. +These flags have the same meaning as for \fBEVP_MD_CTX_set_flags\fR\|(3). +.PP +\&\fBHMAC_CTX_get_md()\fR returns the \s-1EVP_MD\s0 that has previously been set for the +supplied \s-1HMAC_CTX.\s0 +.PP +\&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if +an error occurred. +.PP +\&\fBHMAC_CTX_new()\fR returns a pointer to a new \fB\s-1HMAC_CTX\s0\fR on success or +\&\fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBHMAC_CTX_reset()\fR, \fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR, \fBHMAC_Final()\fR and +\&\fBHMAC_CTX_copy()\fR return 1 for success or 0 if an error occurred. +.PP +\&\fBHMAC_CTX_get_md()\fR return the \s-1EVP_MD\s0 previously set for the supplied \s-1HMAC_CTX\s0 or +\&\s-1NULL\s0 if no \s-1EVP_MD\s0 has been set. +.PP +\&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output +or zero on error. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 2104\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBSHA1\s0\fR\|(3), \fBevp\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBHMAC_CTX_init()\fR was replaced with \fBHMAC_CTX_reset()\fR in OpenSSL 1.1.0. +.PP +\&\fBHMAC_CTX_cleanup()\fR existed in OpenSSL before version 1.1.0. +.PP +\&\fBHMAC_CTX_new()\fR, \fBHMAC_CTX_free()\fR and \fBHMAC_CTX_get_md()\fR are new in OpenSSL 1.1.0. +.PP +\&\fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR and \fBHMAC_Final()\fR did not return values in +OpenSSL before version 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/MD5.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/MD5.3 new file mode 100644 index 00000000..e6768f8f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/MD5.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "MD5 3" +.TH MD5 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, MD4, and MD5 hash functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md); +\& +\& int MD2_Init(MD2_CTX *c); +\& int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); +\& int MD2_Final(unsigned char *md, MD2_CTX *c); +\& +\& +\& #include +\& +\& unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); +\& +\& int MD4_Init(MD4_CTX *c); +\& int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); +\& int MD4_Final(unsigned char *md, MD4_CTX *c); +\& +\& +\& #include +\& +\& unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); +\& +\& int MD5_Init(MD5_CTX *c); +\& int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); +\& int MD5_Final(unsigned char *md, MD5_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. +.PP +\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest +of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space +for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16 +bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static +array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fBMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure. +.PP +\&\fBMD2_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fBMD2_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1MD2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MD2_CTX\s0\fR. +.PP +\&\fBMD4_Init()\fR, \fBMD4_Update()\fR, \fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and +\&\fBMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure. +.PP +Applications should use the higher level functions +\&\fBEVP_DigestInit\fR\|(3) +etc. instead of calling the hash functions directly. +.SH "NOTE" +.IX Header "NOTE" +\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are recommended only for compatibility with existing +applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be +preferred. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR return pointers to the hash value. +.PP +\&\fBMD2_Init()\fR, \fBMD2_Update()\fR, \fBMD2_Final()\fR, \fBMD4_Init()\fR, \fBMD4_Update()\fR, +\&\fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and \fBMD5_Final()\fR return 1 for +success, 0 otherwise. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 1319, RFC 1320, RFC 1321\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/MDC2_Init.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/MDC2_Init.3 new file mode 100644 index 00000000..3cb010f0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/MDC2_Init.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "MDC2_INIT 3" +.TH MDC2_INIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned char *MDC2(const unsigned char *d, unsigned long n, +\& unsigned char *md); +\& +\& int MDC2_Init(MDC2_CTX *c); +\& int MDC2_Update(MDC2_CTX *c, const unsigned char *data, +\& unsigned long len); +\& int MDC2_Final(unsigned char *md, MDC2_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MDC2\s0 is a method to construct hash functions with 128 bit output from +block ciphers. These functions are an implementation of \s-1MDC2\s0 with +\&\s-1DES.\s0 +.PP +\&\s-1\fBMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest +is placed in a static array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fBMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure. +.PP +\&\fBMDC2_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fBMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MDC2_CTX\s0\fR. +.PP +Applications should use the higher level functions +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the +hash functions directly. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBMDC2\s0()\fR returns a pointer to the hash value. +.PP +\&\fBMDC2_Init()\fR, \fBMDC2_Update()\fR and \fBMDC2_Final()\fR return 1 for success, 0 otherwise. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OBJ_nid2obj.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OBJ_nid2obj.3 new file mode 100644 index 00000000..82749e85 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OBJ_nid2obj.3 @@ -0,0 +1,327 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OBJ_NID2OBJ 3" +.TH OBJ_NID2OBJ 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2t_ASN1_OBJECT, OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup \&\- ASN1 object utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OBJECT *OBJ_nid2obj(int n); +\& const char *OBJ_nid2ln(int n); +\& const char *OBJ_nid2sn(int n); +\& +\& int OBJ_obj2nid(const ASN1_OBJECT *o); +\& int OBJ_ln2nid(const char *ln); +\& int OBJ_sn2nid(const char *sn); +\& +\& int OBJ_txt2nid(const char *s); +\& +\& ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); +\& int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +\& +\& int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); +\& +\& int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +\& ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o); +\& +\& int OBJ_create(const char *oid, const char *sn, const char *ln); +\& +\& size_t OBJ_length(const ASN1_OBJECT *obj); +\& const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); +.Ve +.PP +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void OBJ_cleanup(void) +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are +a representation of the \s-1ASN1 OBJECT IDENTIFIER\s0 (\s-1OID\s0) type. +For convenience, OIDs are usually represented in source code as numeric +identifiers, or \fB\s-1NID\s0\fRs. OpenSSL has an internal table of OIDs that +are generated when the library is built, and their corresponding NIDs +are available as defined constants. For the functions below, application +code should treat all returned values \*(-- OIDs, NIDs, or names \*(-- as +constants. +.PP +\&\fBOBJ_nid2obj()\fR, \fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to +an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, +or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 +for the object \fBo\fR, the long name or the short name respectively +or NID_undef if an error occurred. +.PP +\&\fBOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string . \fBs\fR can be +a long name, a short name or the numerical representation of an object. +.PP +\&\fBOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure. +If \fBno_name\fR is 0 then long names and short names will be interpreted +as well as numerical forms. If \fBno_name\fR is 1 only the numerical form +is acceptable. +.PP +\&\fBOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation. +The representation is written as a null terminated string to \fBbuf\fR +at most \fBbuf_len\fR bytes are written, truncating the result if necessary. +The total amount of space required is returned. If \fBno_name\fR is 0 then +if the object has a long or short name then that will be used, otherwise +the numerical form will be used. If \fBno_name\fR is 1 then the numerical +form will always be used. +.PP +\&\fBi2t_ASN1_OBJECT()\fR is the same as \fBOBJ_obj2txt()\fR with the \fBno_name\fR set to zero. +.PP +\&\fBOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned. +.PP +\&\fBOBJ_dup()\fR returns a copy of \fBo\fR. +.PP +\&\fBOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the +numerical form of the object, \fBsn\fR the short name and \fBln\fR the +long name. A new \s-1NID\s0 is returned for the created object in case of +success and NID_undef in case of failure. +.PP +\&\fBOBJ_length()\fR returns the size of the content octets of \fBobj\fR. +.PP +\&\fBOBJ_get0_data()\fR returns a pointer to the content octets of \fBobj\fR. +The returned pointer is an internal pointer which \fBmust not\fR be freed. +.PP +\&\fBOBJ_cleanup()\fR releases any resources allocated by creating new objects. +.SH "NOTES" +.IX Header "NOTES" +Objects in OpenSSL can have a short name, a long name and a numerical +identifier (\s-1NID\s0) associated with them. A standard set of objects is +represented in an internal table. The appropriate values are defined +in the header file \fBobjects.h\fR. +.PP +For example the \s-1OID\s0 for commonName has the following definitions: +.PP +.Vb 3 +\& #define SN_commonName "CN" +\& #define LN_commonName "commonName" +\& #define NID_commonName 13 +.Ve +.PP +New objects can be added by calling \fBOBJ_create()\fR. +.PP +Table objects have certain advantages over other objects: for example +their NIDs can be used in a C language switch statement. They are +also static constant structures which are shared: that is there +is only a single constant structure for each table object. +.PP +Objects which are not in the table have the \s-1NID\s0 value NID_undef. +.PP +Objects do not need to be in the internal tables to be processed, +the functions \fBOBJ_txt2obj()\fR and \fBOBJ_obj2txt()\fR can process the numerical +form of an \s-1OID.\s0 +.PP +Some objects are used to represent algorithms which do not have a +corresponding \s-1ASN.1 OBJECT IDENTIFIER\s0 encoding (for example no \s-1OID\s0 currently +exists for a particular algorithm). As a result they \fBcannot\fR be encoded or +decoded as part of \s-1ASN.1\s0 structures. Applications can determine if there +is a corresponding \s-1OBJECT IDENTIFIER\s0 by checking \fBOBJ_length()\fR is not zero. +.PP +These functions cannot return \fBconst\fR because an \fB\s-1ASN1_OBJECT\s0\fR can +represent both an internal, constant, \s-1OID\s0 and a dynamically-created one. +The latter cannot be constant because it needs to be freed after use. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an +error occurred. +.PP +\&\fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR +on error. +.PP +\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR and \fBOBJ_txt2nid()\fR return +a \s-1NID\s0 or \fBNID_undef\fR on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an object for \fBcommonName\fR: +.PP +.Vb 1 +\& ASN1_OBJECT *o = OBJ_nid2obj(NID_commonName); +.Ve +.PP +Check if an object is \fBcommonName\fR +.PP +.Vb 2 +\& if (OBJ_obj2nid(obj) == NID_commonName) +\& /* Do something */ +.Ve +.PP +Create a new \s-1NID\s0 and initialize an object from it: +.PP +.Vb 2 +\& int new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); +\& ASN1_OBJECT *obj = OBJ_nid2obj(new_nid); +.Ve +.PP +Create a new object directly: +.PP +.Vb 1 +\& obj = OBJ_txt2obj("1.2.3.4", 1); +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fBOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the +convention of other OpenSSL functions where the buffer can be set +to \fB\s-1NULL\s0\fR to determine the amount of data that should be written. +Instead \fBbuf\fR must point to a valid buffer and \fBbuf_len\fR should +be set to a positive value. A buffer length of 80 should be more +than enough to handle any \s-1OID\s0 encountered in practice. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBOBJ_cleanup()\fR was deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto\fR\|(3) +and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_REQUEST_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_REQUEST_new.3 new file mode 100644 index 00000000..bc543976 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_REQUEST_new.3 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_REQUEST_NEW 3" +.TH OCSP_REQUEST_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, OCSP_request_add1_cert, OCSP_request_onereq_count, OCSP_request_onereq_get0 \- OCSP request functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OCSP_REQUEST *OCSP_REQUEST_new(void); +\& void OCSP_REQUEST_free(OCSP_REQUEST *req); +\& +\& OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); +\& +\& int OCSP_request_sign(OCSP_REQUEST *req, +\& X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, +\& STACK_OF(X509) *certs, unsigned long flags); +\& +\& int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); +\& +\& int OCSP_request_onereq_count(OCSP_REQUEST *req); +\& OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOCSP_REQUEST_new()\fR allocates and returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure. +.PP +\&\fBOCSP_REQUEST_free()\fR frees up the request structure \fBreq\fR. +.PP +\&\fBOCSP_request_add0_id()\fR adds certificate \s-1ID\s0 \fBcid\fR to \fBreq\fR. It returns +the \fB\s-1OCSP_ONEREQ\s0\fR structure added so an application can add additional +extensions to the request. The \fBid\fR parameter \fB\s-1MUST NOT\s0\fR be freed up after +the operation. +.PP +\&\fBOCSP_request_sign()\fR signs \s-1OCSP\s0 request \fBreq\fR using certificate +\&\fBsigner\fR, private key \fBkey\fR, digest \fBdgst\fR and additional certificates +\&\fBcerts\fR. If the \fBflags\fR option \fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates +will be included in the request. +.PP +\&\fBOCSP_request_add1_cert()\fR adds certificate \fBcert\fR to request \fBreq\fR. The +application is responsible for freeing up \fBcert\fR after use. +.PP +\&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR +structures in \fBreq\fR. +.PP +\&\fBOCSP_request_onereq_get0()\fR returns an internal pointer to the \fB\s-1OCSP_ONEREQ\s0\fR +contained in \fBreq\fR of index \fBi\fR. The index value \fBi\fR runs from 0 to +OCSP_request_onereq_count(req) \- 1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_REQUEST_new()\fR returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fBOCSP_request_add0_id()\fR returns the \fB\s-1OCSP_ONEREQ\s0\fR structure containing \fBcid\fR +or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBOCSP_request_sign()\fR and \fBOCSP_request_add1_cert()\fR return 1 for success and 0 +for failure. +.PP +\&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR +structures in \fBreq\fR. +.PP +\&\fBOCSP_request_onereq_get0()\fR returns a pointer to an \fB\s-1OCSP_ONEREQ\s0\fR structure +or \fB\s-1NULL\s0\fR if the index value is out or range. +.SH "NOTES" +.IX Header "NOTES" +An \s-1OCSP\s0 request structure contains one or more \fB\s-1OCSP_ONEREQ\s0\fR structures +corresponding to each certificate. +.PP +\&\fBOCSP_request_onereq_count()\fR and \fBOCSP_request_onereq_get0()\fR are mainly used by +\&\s-1OCSP\s0 responders. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \fB\s-1OCSP_REQUEST\s0\fR structure for certificate \fBcert\fR with issuer +\&\fBissuer\fR: +.PP +.Vb 2 +\& OCSP_REQUEST *req; +\& OCSP_ID *cid; +\& +\& req = OCSP_REQUEST_new(); +\& if (req == NULL) +\& /* error */ +\& cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); +\& if (cid == NULL) +\& /* error */ +\& +\& if (OCSP_REQUEST_add0_id(req, cid) == NULL) +\& /* error */ +\& +\& /* Do something with req, e.g. query responder */ +\& +\& OCSP_REQUEST_free(req); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_cert_to_id.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_cert_to_id.3 new file mode 100644 index 00000000..589f14eb --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_cert_to_id.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_CERT_TO_ID 3" +.TH OCSP_CERT_TO_ID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, OCSP_id_cmp, OCSP_id_get0_info \- OCSP certificate ID utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, +\& X509 *subject, X509 *issuer); +\& +\& OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, +\& X509_NAME *issuerName, +\& ASN1_BIT_STRING *issuerKey, +\& ASN1_INTEGER *serialNumber); +\& +\& void OCSP_CERTID_free(OCSP_CERTID *id); +\& +\& int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +\& int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +\& +\& int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, +\& ASN1_OCTET_STRING **pikeyHash, +\& ASN1_INTEGER **pserial, OCSP_CERTID *cid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOCSP_cert_to_id()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR structure using +message digest \fBdgst\fR for certificate \fBsubject\fR with issuer \fBissuer\fR. If +\&\fBdgst\fR is \fB\s-1NULL\s0\fR then \s-1SHA1\s0 is used. +.PP +\&\fBOCSP_cert_id_new()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR using \fBdgst\fR and +issuer name \fBissuerName\fR, issuer key hash \fBissuerKey\fR and serial number +\&\fBserialNumber\fR. +.PP +\&\fBOCSP_CERTID_free()\fR frees up \fBid\fR. +.PP +\&\fBOCSP_id_cmp()\fR compares \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. +.PP +\&\fBOCSP_id_issuer_cmp()\fR compares only the issuer name of \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. +.PP +\&\fBOCSP_id_get0_info()\fR returns the issuer name hash, hash \s-1OID,\s0 issuer key hash and +serial number contained in \fBcid\fR. If any of the values are not required the +corresponding parameter can be set to \fB\s-1NULL\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_cert_to_id()\fR and \fBOCSP_cert_id_new()\fR return either a pointer to a valid +\&\fB\s-1OCSP_CERTID\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBOCSP_id_cmp()\fR and \fBOCSP_id_issuer_cmp()\fR returns zero for a match and non-zero +otherwise. +.PP +\&\fBOCSP_CERTID_free()\fR does not return a value. +.PP +\&\fBOCSP_id_get0_info()\fR returns 1 for success and 0 for failure. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1OCSP\s0 clients will typically only use \fBOCSP_cert_to_id()\fR or \fBOCSP_cert_id_new()\fR: +the other functions are used by responder applications. +.PP +The values returned by \fBOCSP_id_get0_info()\fR are internal pointers and \fB\s-1MUST +NOT\s0\fR be freed up by an application: they will be freed when the corresponding +\&\fB\s-1OCSP_CERTID\s0\fR structure is freed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_request_add1_nonce.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_request_add1_nonce.3 new file mode 100644 index 00000000..274d9338 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_request_add1_nonce.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_REQUEST_ADD1_NONCE 3" +.TH OCSP_REQUEST_ADD1_NONCE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce \- OCSP nonce functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +\& int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +\& int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); +\& int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOCSP_request_add1_nonce()\fR adds a nonce of value \fBval\fR and length \fBlen\fR to +\&\s-1OCSP\s0 request \fBreq\fR. If \fBval\fR is \fB\s-1NULL\s0\fR a random nonce is used. If \fBlen\fR +is zero or negative a default length will be used (currently 16 bytes). +.PP +\&\fBOCSP_basic_add1_nonce()\fR is identical to \fBOCSP_request_add1_nonce()\fR except +it adds a nonce to \s-1OCSP\s0 basic response \fBresp\fR. +.PP +\&\fBOCSP_check_nonce()\fR compares the nonce value in \fBreq\fR and \fBresp\fR. +.PP +\&\fBOCSP_copy_nonce()\fR copies any nonce value present in \fBreq\fR to \fBresp\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_request_add1_nonce()\fR and \fBOCSP_basic_add1_nonce()\fR return 1 for success +and 0 for failure. +.PP +\&\fBOCSP_copy_nonce()\fR returns 1 if a nonce was successfully copied, 2 if no nonce +was present in \fBreq\fR and 0 if an error occurred. +.PP +\&\fBOCSP_check_nonce()\fR returns the result of the nonce comparison between \fBreq\fR +and \fBresp\fR. The return value indicates the result of the comparison. If +nonces are present and equal 1 is returned. If the nonces are absent 2 is +returned. If a nonce is present in the response only 3 is returned. If nonces +are present and unequal 0 is returned. If the nonce is present in the request +only then \-1 is returned. +.SH "NOTES" +.IX Header "NOTES" +For most purposes the nonce value in a request is set to a random value so +the \fBval\fR parameter in \fBOCSP_request_add1_nonce()\fR is usually \s-1NULL.\s0 +.PP +An \s-1OCSP\s0 nonce is typically added to an \s-1OCSP\s0 request to thwart replay attacks +by checking the same nonce value appears in the response. +.PP +Some responders may include a nonce in all responses even if one is not +supplied. +.PP +Some responders cache \s-1OCSP\s0 responses and do not sign each response for +performance reasons. As a result they do not support nonces. +.PP +The return values of \fBOCSP_check_nonce()\fR can be checked to cover each case. A +positive return value effectively indicates success: nonces are both present +and match, both absent or present in the response only. A non-zero return +additionally covers the case where the nonce is present in the request only: +this will happen if the responder doesn't support nonces. A zero return value +indicates present and mismatched nonces: this should be treated as an error +condition. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_resp_find_status.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_resp_find_status.3 new file mode 100644 index 00000000..9e19d1f0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_resp_find_status.3 @@ -0,0 +1,319 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_RESP_FIND_STATUS 3" +.TH OCSP_RESP_FIND_STATUS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_resp_get0_certs, OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get1_id, OCSP_resp_get0_produced_at, OCSP_resp_get0_signature, OCSP_resp_get0_tbs_sigalg, OCSP_resp_get0_respdata, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity, OCSP_basic_verify \&\- OCSP response utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, +\& int *reason, +\& ASN1_GENERALIZEDTIME **revtime, +\& ASN1_GENERALIZEDTIME **thisupd, +\& ASN1_GENERALIZEDTIME **nextupd); +\& +\& int OCSP_resp_count(OCSP_BASICRESP *bs); +\& OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +\& int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +\& int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, +\& ASN1_GENERALIZEDTIME **revtime, +\& ASN1_GENERALIZEDTIME **thisupd, +\& ASN1_GENERALIZEDTIME **nextupd); +\& +\& const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( +\& const OCSP_BASICRESP* single); +\& +\& const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +\& const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +\& const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +\& const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +\& +\& int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, +\& STACK_OF(X509) *extra_certs); +\& +\& int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, +\& const ASN1_OCTET_STRING **pid, +\& const X509_NAME **pname); +\& int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, +\& ASN1_OCTET_STRING **pid, +\& X509_NAME **pname); +\& +\& int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, +\& ASN1_GENERALIZEDTIME *nextupd, +\& long sec, long maxsec); +\& +\& int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, +\& X509_STORE *st, unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOCSP_resp_find_status()\fR searches \fBbs\fR for an \s-1OCSP\s0 response for \fBid\fR. If it is +successful the fields of the response are returned in \fB*status\fR, \fB*reason\fR, +\&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. The \fB*status\fR value will be one of +\&\fBV_OCSP_CERTSTATUS_GOOD\fR, \fBV_OCSP_CERTSTATUS_REVOKED\fR or +\&\fBV_OCSP_CERTSTATUS_UNKNOWN\fR. The \fB*reason\fR and \fB*revtime\fR fields are only +set if the status is \fBV_OCSP_CERTSTATUS_REVOKED\fR. If set the \fB*reason\fR field +will be set to the revocation reason which will be one of +\&\fB\s-1OCSP_REVOKED_STATUS_NOSTATUS\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_UNSPECIFIED\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_KEYCOMPROMISE\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_CACOMPROMISE\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_AFFILIATIONCHANGED\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_SUPERSEDED\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_CESSATIONOFOPERATION\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_CERTIFICATEHOLD\s0\fR or \fB\s-1OCSP_REVOKED_STATUS_REMOVEFROMCRL\s0\fR. +.PP +\&\fBOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fBbs\fR. +.PP +\&\fBOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fBbs\fR +corresponding to index \fBidx\fR. Where \fBidx\fR runs from 0 to +OCSP_resp_count(bs) \- 1. +.PP +\&\fBOCSP_resp_find()\fR searches \fBbs\fR for \fBid\fR and returns the index of the first +matching entry after \fBlast\fR or starting from the beginning if \fBlast\fR is \-1. +.PP +\&\fBOCSP_single_get0_status()\fR extracts the fields of \fBsingle\fR in \fB*reason\fR, +\&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. +.PP +\&\fBOCSP_resp_get0_produced_at()\fR extracts the \fBproducedAt\fR field from the +single response \fBbs\fR. +.PP +\&\fBOCSP_resp_get0_signature()\fR returns the signature from \fBbs\fR. +.PP +\&\fBOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR from \fBbs\fR. +.PP +\&\fBOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR from \fBbs\fR. +.PP +\&\fBOCSP_resp_get0_certs()\fR returns any certificates included in \fBbs\fR. +.PP +\&\fBOCSP_resp_get0_signer()\fR attempts to retrieve the certificate that directly +signed \fBbs\fR. The \s-1OCSP\s0 protocol does not require that this certificate +is included in the \fBcerts\fR field of the response, so additional certificates +can be supplied in \fBextra_certs\fR if the certificates that may have +signed the response are known via some out-of-band mechanism. +.PP +\&\fBOCSP_resp_get0_id()\fR gets the responder id of \fBbs\fR. If the responder \s-1ID\s0 is +a name then <*pname> is set to the name and \fB*pid\fR is set to \s-1NULL.\s0 If the +responder \s-1ID\s0 is by key \s-1ID\s0 then \fB*pid\fR is set to the key \s-1ID\s0 and \fB*pname\fR +is set to \s-1NULL.\s0 \fBOCSP_resp_get1_id()\fR leaves ownership of \fB*pid\fR and \fB*pname\fR +with the caller, who is responsible for freeing them. Both functions return 1 +in case of success and 0 in case of failure. If \fBOCSP_resp_get1_id()\fR returns 0, +no freeing of the results is necessary. +.PP +\&\fBOCSP_check_validity()\fR checks the validity of \fBthisupd\fR and \fBnextupd\fR values +which will be typically obtained from \fBOCSP_resp_find_status()\fR or +\&\fBOCSP_single_get0_status()\fR. If \fBsec\fR is non-zero it indicates how many seconds +leeway should be allowed in the check. If \fBmaxsec\fR is positive it indicates +the maximum age of \fBthisupd\fR in seconds. +.PP +\&\fBOCSP_basic_verify()\fR checks that the basic response message \fBbs\fR is correctly +signed and that the signer certificate can be validated. It takes \fBst\fR as +the trusted store and \fBcerts\fR as a set of untrusted intermediate certificates. +The function first tries to find the signer certificate of the response +in . It also searches the certificates the responder may have included +in \fBbs\fR unless the \fBflags\fR contain \fB\s-1OCSP_NOINTERN\s0\fR. +It fails if the signer certificate cannot be found. +Next, the function checks the signature of \fBbs\fR and fails on error +unless the \fBflags\fR contain \fB\s-1OCSP_NOSIGS\s0\fR. Then the function already returns +success if the \fBflags\fR contain \fB\s-1OCSP_NOVERIFY\s0\fR or if the signer certificate +was found in \fBcerts\fR and the \fBflags\fR contain \fB\s-1OCSP_TRUSTOTHER\s0\fR. +Otherwise the function continues by validating the signer certificate. +To this end, all certificates in \fBcert\fR and in \fBbs\fR are considered as +untrusted certificates for the construction of the validation path for the +signer certificate unless the \fB\s-1OCSP_NOCHAIN\s0\fR flag is set. After successful path +validation the function returns success if the \fB\s-1OCSP_NOCHECKS\s0\fR flag is set. +Otherwise it verifies that the signer certificate meets the \s-1OCSP\s0 issuer +criteria including potential delegation. If this does not succeed and the +\&\fBflags\fR do not contain \fB\s-1OCSP_NOEXPLICIT\s0\fR the function checks for explicit +trust for \s-1OCSP\s0 signing in the root \s-1CA\s0 certificate. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_resp_find_status()\fR returns 1 if \fBid\fR is found in \fBbs\fR and 0 otherwise. +.PP +\&\fBOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in +\&\fBbs\fR. +.PP +\&\fBOCSP_resp_get0()\fR returns a pointer to an \fB\s-1OCSP_SINGLERESP\s0\fR structure or +\&\fB\s-1NULL\s0\fR if \fBidx\fR is out of range. +.PP +\&\fBOCSP_resp_find()\fR returns the index of \fBid\fR in \fBbs\fR (which may be 0) or \-1 if +\&\fBid\fR was not found. +.PP +\&\fBOCSP_single_get0_status()\fR returns the status of \fBsingle\fR or \-1 if an error +occurred. +.PP +\&\fBOCSP_resp_get0_signer()\fR returns 1 if the signing certificate was located, +or 0 on error. +.PP +\&\fBOCSP_basic_verify()\fR returns 1 on success, 0 on error, or \-1 on fatal error such +as malloc failure. +.SH "NOTES" +.IX Header "NOTES" +Applications will typically call \fBOCSP_resp_find_status()\fR using the certificate +\&\s-1ID\s0 of interest and then check its validity using \fBOCSP_check_validity()\fR. They +can then take appropriate action based on the status of the certificate. +.PP +An \s-1OCSP\s0 response for a certificate contains \fBthisUpdate\fR and \fBnextUpdate\fR +fields. Normally the current time should be between these two values. To +account for clock skew the \fBmaxsec\fR field can be set to non-zero in +\&\fBOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this +would otherwise mean an ancient response would be considered valid: the +\&\fBmaxsec\fR parameter to \fBOCSP_check_validity()\fR can be used to limit the permitted +age of responses. +.PP +The values written to \fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR by +\&\fBOCSP_resp_find_status()\fR and \fBOCSP_single_get0_status()\fR are internal pointers +which \fB\s-1MUST NOT\s0\fR be freed up by the calling application. Any or all of these +parameters can be set to \s-1NULL\s0 if their value is not required. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_response_status.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_response_status.3 new file mode 100644 index 00000000..63908154 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_response_status.3 @@ -0,0 +1,244 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_RESPONSE_STATUS 3" +.TH OCSP_RESPONSE_STATUS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, OCSP_RESPID_set_by_key, OCSP_RESPID_match, OCSP_basic_sign, OCSP_basic_sign_ctx \- OCSP response functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OCSP_response_status(OCSP_RESPONSE *resp); +\& OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); +\& OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +\& void OCSP_RESPONSE_free(OCSP_RESPONSE *resp); +\& +\& int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); +\& int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); +\& int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); +\& +\& int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, +\& const EVP_MD *dgst, STACK_OF(X509) *certs, +\& unsigned long flags); +\& int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx, +\& STACK_OF(X509) *certs, unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOCSP_response_status()\fR returns the \s-1OCSP\s0 response status of \fBresp\fR. It returns +one of the values: \fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR, +\&\fB\s-1OCSP_RESPONSE_STATUS_MALFORMEDREQUEST\s0\fR, +\&\fB\s-1OCSP_RESPONSE_STATUS_INTERNALERROR\s0\fR, \fB\s-1OCSP_RESPONSE_STATUS_TRYLATER\s0\fR +\&\fB\s-1OCSP_RESPONSE_STATUS_SIGREQUIRED\s0\fR, or \fB\s-1OCSP_RESPONSE_STATUS_UNAUTHORIZED\s0\fR. +.PP +\&\fBOCSP_response_get1_basic()\fR decodes and returns the \fB\s-1OCSP_BASICRESP\s0\fR structure +contained in \fBresp\fR. +.PP +\&\fBOCSP_response_create()\fR creates and returns an \fB\s-1OCSP_RESPONSE\s0\fR structure for +\&\fBstatus\fR and optionally including basic response \fBbs\fR. +.PP +\&\fBOCSP_RESPONSE_free()\fR frees up \s-1OCSP\s0 response \fBresp\fR. +.PP +\&\fBOCSP_RESPID_set_by_name()\fR sets the name of the \s-1OCSP_RESPID\s0 to be the same as the +subject name in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. +.PP +\&\fBOCSP_RESPID_set_by_key()\fR sets the key of the \s-1OCSP_RESPID\s0 to be the same as the +key in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. The key is +stored as a \s-1SHA1\s0 hash. +.PP +Note that an \s-1OCSP_RESPID\s0 can only have one of the name, or the key set. Calling +\&\fBOCSP_RESPID_set_by_name()\fR or \fBOCSP_RESPID_set_by_key()\fR will clear any existing +setting. +.PP +\&\fBOCSP_RESPID_match()\fR tests whether the \s-1OCSP_RESPID\s0 given in \fBrespid\fR matches +with the X509 certificate \fBcert\fR. +.PP +\&\fBOCSP_basic_sign()\fR signs \s-1OCSP\s0 response \fBbrsp\fR using certificate \fBsigner\fR, private key +\&\fBkey\fR, digest \fBdgst\fR and additional certificates \fBcerts\fR. If the \fBflags\fR option +\&\fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates will be included in the response. If the +\&\fBflags\fR option \fB\s-1OCSP_RESPID_KEY\s0\fR is set then the responder is identified by key \s-1ID\s0 +rather than by name. \fBOCSP_basic_sign_ctx()\fR also signs \s-1OCSP\s0 response \fBbrsp\fR but +uses the parameters contained in digest context \fBctx\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_RESPONSE_status()\fR returns a status value. +.PP +\&\fBOCSP_response_get1_basic()\fR returns an \fB\s-1OCSP_BASICRESP\s0\fR structure pointer or +\&\fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBOCSP_response_create()\fR returns an \fB\s-1OCSP_RESPONSE\s0\fR structure pointer or \fB\s-1NULL\s0\fR +if an error occurred. +.PP +\&\fBOCSP_RESPONSE_free()\fR does not return a value. +.PP +\&\fBOCSP_RESPID_set_by_name()\fR, \fBOCSP_RESPID_set_by_key()\fR, \fBOCSP_basic_sign()\fR, and +\&\fBOCSP_basic_sign_ctx()\fR return 1 on success or 0 +on failure. +.PP +\&\fBOCSP_RESPID_match()\fR returns 1 if the \s-1OCSP_RESPID\s0 and the X509 certificate match +or 0 otherwise. +.SH "NOTES" +.IX Header "NOTES" +\&\fBOCSP_response_get1_basic()\fR is only called if the status of a response is +\&\fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7) +\&\fBOCSP_cert_to_id\fR\|(3) +\&\fBOCSP_request_add1_nonce\fR\|(3) +\&\fBOCSP_REQUEST_new\fR\|(3) +\&\fBOCSP_resp_find_status\fR\|(3) +\&\fBOCSP_sendreq_new\fR\|(3) +\&\fBOCSP_RESPID_new\fR\|(3) +\&\fBOCSP_RESPID_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOCSP_RESPID_set_by_name()\fR, \fBOCSP_RESPID_set_by_key()\fR and \fBOCSP_RESPID_match()\fR +functions were added in OpenSSL 1.1.0a. +.PP +The \fBOCSP_basic_sign_ctx()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_sendreq_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_sendreq_new.3 new file mode 100644 index 00000000..0ea775a5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OCSP_sendreq_new.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_SENDREQ_NEW 3" +.TH OCSP_SENDREQ_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio \- OCSP responder query functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, +\& int maxline); +\& +\& int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +\& +\& void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +\& +\& void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); +\& +\& int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, +\& const char *name, const char *value); +\& +\& int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); +\& +\& OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBOCSP_sendreq_new()\fR returns an \fB\s-1OCSP_CTX\s0\fR structure using the +responder \fBio\fR, the \s-1URL\s0 path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a +response header maximum line length of \fBmaxline\fR. If \fBmaxline\fR is zero a +default value of 4k is used. The \s-1OCSP\s0 request \fBreq\fR may be set to \fB\s-1NULL\s0\fR +and provided later if required. +.PP +\&\fBOCSP_sendreq_nbio()\fR performs non-blocking I/O on the \s-1OCSP\s0 request context +\&\fBrctx\fR. When the operation is complete it returns the response in \fB*presp\fR. +.PP +\&\fBOCSP_REQ_CTX_free()\fR frees up the \s-1OCSP\s0 context \fBrctx\fR. +.PP +\&\fBOCSP_set_max_response_length()\fR sets the maximum response length for \fBrctx\fR +to \fBlen\fR. If the response exceeds this length an error occurs. If not +set a default value of 100k is used. +.PP +\&\fBOCSP_REQ_CTX_add1_header()\fR adds header \fBname\fR with value \fBvalue\fR to the +context \fBrctx\fR. It can be called more than once to add multiple headers. +It \fB\s-1MUST\s0\fR be called before any calls to \fBOCSP_sendreq_nbio()\fR. The \fBreq\fR +parameter in the initial to \fBOCSP_sendreq_new()\fR call \s-1MUST\s0 be set to \fB\s-1NULL\s0\fR if +additional headers are set. +.PP +\&\fBOCSP_REQ_CTX_set1_req()\fR sets the \s-1OCSP\s0 request in \fBrctx\fR to \fBreq\fR. This +function should be called after any calls to \fBOCSP_REQ_CTX_add1_header()\fR. +.PP +\&\fBOCSP_sendreq_bio()\fR performs an \s-1OCSP\s0 request using the responder \fBio\fR, the \s-1URL\s0 +path \fBpath\fR, and the \s-1OCSP\s0 request \fBreq\fR with a response header maximum line +length 4k. It waits indefinitely on a response. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_sendreq_new()\fR returns a valid \fB\s-1OCSP_REQ_CTX\s0\fR structure or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fBOCSP_sendreq_nbio()\fR returns \fB1\fR if the operation was completed successfully, +\&\fB\-1\fR if the operation should be retried and \fB0\fR if an error occurred. +.PP +\&\fBOCSP_REQ_CTX_add1_header()\fR and \fBOCSP_REQ_CTX_set1_req()\fR return \fB1\fR for success +and \fB0\fR for failure. +.PP +\&\fBOCSP_sendreq_bio()\fR returns the \fB\s-1OCSP_RESPONSE\s0\fR structure sent by the +responder or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBOCSP_REQ_CTX_free()\fR and \fBOCSP_set_max_response_length()\fR do not return values. +.SH "NOTES" +.IX Header "NOTES" +These functions only perform a minimal \s-1HTTP\s0 query to a responder. If an +application wishes to support more advanced features it should use an +alternative more complete \s-1HTTP\s0 library. +.PP +Currently only \s-1HTTP POST\s0 queries to responders are supported. +.PP +The arguments to \fBOCSP_sendreq_new()\fR correspond to the components of the \s-1URL.\s0 +For example if the responder \s-1URL\s0 is \fBhttp://ocsp.com/ocspreq\fR the \s-1BIO\s0 +\&\fBio\fR should be connected to host \fBocsp.com\fR on port 80 and \fBpath\fR +should be set to \fB\*(L"/ocspreq\*(R"\fR +.PP +The headers added with \fBOCSP_REQ_CTX_add1_header()\fR are of the form +"\fBname\fR: \fBvalue\fR\*(L" or just \*(R"\fBname\fR" if \fBvalue\fR is \fB\s-1NULL\s0\fR. So to add +a Host header for \fBocsp.com\fR you would call: +.PP +.Vb 1 +\& OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com"); +.Ve +.PP +If \fBOCSP_sendreq_nbio()\fR indicates an operation should be retried the +corresponding \s-1BIO\s0 can be examined to determine which operation (read or +write) should be retried and appropriate action taken (for example a \fBselect()\fR +call on the underlying socket). +.PP +\&\fBOCSP_sendreq_bio()\fR does not support retries and so cannot handle non-blocking +I/O efficiently. It is retained for compatibility and its use in new +applications is not recommended. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_Applink.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_Applink.3 new file mode 100644 index 00000000..a9d6378d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_Applink.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_APPLINK 3" +.TH OPENSSL_APPLINK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_Applink \- glue between OpenSSL BIO and Win32 compiler run\-time +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& _\|_declspec(dllexport) void **OPENSSL_Applink(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OPENSSL_Applink is application-side interface which provides a glue +between OpenSSL \s-1BIO\s0 layer and Win32 compiler run-time environment. +Even though it appears at application side, it's essentially OpenSSL +private interface. For this reason application developers are not +expected to implement it, but to compile provided module with +compiler of their choice and link it into the target application. +The referred module is available as \fIapplink.c\fR, located alongside +the public header files (only on the platforms where applicable). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Not available. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_LH_COMPFUNC.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_LH_COMPFUNC.3 new file mode 100644 index 00000000..048ece95 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_LH_COMPFUNC.3 @@ -0,0 +1,369 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_LH_COMPFUNC 3" +.TH OPENSSL_LH_COMPFUNC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +LHASH, DECLARE_LHASH_OF, OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC, LHASH_DOALL_ARG_FN_TYPE, IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, lh_TYPE_new, lh_TYPE_free, lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error \- dynamic hash table +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DECLARE_LHASH_OF(TYPE); +\& +\& LHASH *lh_TYPE_new(OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC compare); +\& void lh_TYPE_free(LHASH_OF(TYPE) *table); +\& +\& TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data); +\& TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data); +\& TYPE *lh_retrieve(LHASH_OF(TYPE) *table, TYPE *data); +\& +\& void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func); +\& void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func, +\& TYPE *arg); +\& +\& int lh_TYPE_error(LHASH_OF(TYPE) *table); +\& +\& typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *); +\& typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *); +\& typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *); +\& typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements type-checked dynamic hash tables. The hash +table entries can be arbitrary structures. Usually they consist of key +and value fields. In the description here, \fI\s-1TYPE\s0\fR is used a placeholder +for any of the OpenSSL datatypes, such as \fI\s-1SSL_SESSION\s0\fR. +.PP +\&\fBlh_TYPE_new()\fR creates a new \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure to store +arbitrary data entries, and specifies the 'hash' and 'compare' +callbacks to be used in organising the table's entries. The \fBhash\fR +callback takes a pointer to a table entry as its argument and returns +an unsigned long hash value for its key field. The hash value is +normally truncated to a power of 2, so make sure that your hash +function returns well mixed low order bits. The \fBcompare\fR callback +takes two arguments (pointers to two hash table entries), and returns +0 if their keys are equal, non-zero otherwise. +.PP +If your hash table +will contain items of some particular type and the \fBhash\fR and +\&\fBcompare\fR callbacks hash/compare these types, then the +\&\fB\s-1IMPLEMENT_LHASH_HASH_FN\s0\fR and \fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be +used to create callback wrappers of the prototypes required by +\&\fBlh_TYPE_new()\fR as shown in this example: +.PP +.Vb 11 +\& /* +\& * Implement the hash and compare functions; "stuff" can be any word. +\& */ +\& static unsigned long stuff_hash(const TYPE *a) +\& { +\& ... +\& } +\& static int stuff_cmp(const TYPE *a, const TYPE *b) +\& { +\& ... +\& } +\& +\& /* +\& * Implement the wrapper functions. +\& */ +\& static IMPLEMENT_LHASH_HASH_FN(stuff, TYPE) +\& static IMPLEMENT_LHASH_COMP_FN(stuff, TYPE) +.Ve +.PP +If the type is going to be used in several places, the following macros +can be used in a common header file to declare the function wrappers: +.PP +.Vb 2 +\& DECLARE_LHASH_HASH_FN(stuff, TYPE) +\& DECLARE_LHASH_COMP_FN(stuff, TYPE) +.Ve +.PP +Then a hash table of \s-1TYPE\s0 objects can be created using this: +.PP +.Vb 1 +\& LHASH_OF(TYPE) *htable; +\& +\& htable = lh_TYPE_new(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff)); +.Ve +.PP +\&\fBlh_TYPE_free()\fR frees the \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure +\&\fBtable\fR. Allocated hash table entries will not be freed; consider +using \fBlh_TYPE_doall()\fR to deallocate any remaining entries in the +hash table (see below). +.PP +\&\fBlh_TYPE_insert()\fR inserts the structure pointed to by \fBdata\fR into +\&\fBtable\fR. If there already is an entry with the same key, the old +value is replaced. Note that \fBlh_TYPE_insert()\fR stores pointers, the +data are not copied. +.PP +\&\fBlh_TYPE_delete()\fR deletes an entry from \fBtable\fR. +.PP +\&\fBlh_TYPE_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR +is a structure with the key field(s) set; the function will return a +pointer to a fully populated structure. +.PP +\&\fBlh_TYPE_doall()\fR will, for every entry in the hash table, call +\&\fBfunc\fR with the data item as its parameter. +For example: +.PP +.Vb 2 +\& /* Cleans up resources belonging to \*(Aqa\*(Aq (this is implemented elsewhere) */ +\& void TYPE_cleanup_doall(TYPE *a); +\& +\& /* Implement a prototype\-compatible wrapper for "TYPE_cleanup" */ +\& IMPLEMENT_LHASH_DOALL_FN(TYPE_cleanup, TYPE) +\& +\& /* Call "TYPE_cleanup" against all items in a hash table. */ +\& lh_TYPE_doall(hashtable, LHASH_DOALL_FN(TYPE_cleanup)); +\& +\& /* Then the hash table itself can be deallocated */ +\& lh_TYPE_free(hashtable); +.Ve +.PP +When doing this, be careful if you delete entries from the hash table +in your callbacks: the table may decrease in size, moving the item +that you are currently on down lower in the hash table \- this could +cause some entries to be skipped during the iteration. The second +best solution to this problem is to set hash\->down_load=0 before +you start (which will stop the hash table ever decreasing in size). +The best solution is probably to avoid deleting items from the hash +table inside a \*(L"doall\*(R" callback! +.PP +\&\fBlh_TYPE_doall_arg()\fR is the same as \fBlh_TYPE_doall()\fR except that +\&\fBfunc\fR will be called with \fBarg\fR as the second argument and \fBfunc\fR +should be of type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype +that is passed both the table entry and an extra argument). As with +\&\fBlh_doall()\fR, you can instead choose to declare your callback with a +prototype matching the types you are dealing with and use the +declare/implement macros to create compatible wrappers that cast +variables before calling your type-specific callbacks. An example of +this is demonstrated here (printing all hash table entries to a \s-1BIO\s0 +that is provided by the caller): +.PP +.Vb 2 +\& /* Prints item \*(Aqa\*(Aq to \*(Aqoutput_bio\*(Aq (this is implemented elsewhere) */ +\& void TYPE_print_doall_arg(const TYPE *a, BIO *output_bio); +\& +\& /* Implement a prototype\-compatible wrapper for "TYPE_print" */ +\& static IMPLEMENT_LHASH_DOALL_ARG_FN(TYPE, const TYPE, BIO) +\& +\& /* Print out the entire hashtable to a particular BIO */ +\& lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO, +\& logging_bio); +.Ve +.PP +\&\fBlh_TYPE_error()\fR can be used to determine if an error occurred in the last +operation. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBlh_TYPE_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new +\&\fB\s-1LHASH\s0\fR structure. +.PP +When a hash table entry is replaced, \fBlh_TYPE_insert()\fR returns the value +being replaced. \fB\s-1NULL\s0\fR is returned on normal operation and on error. +.PP +\&\fBlh_TYPE_delete()\fR returns the entry being deleted. \fB\s-1NULL\s0\fR is returned if +there is no such value in the hash table. +.PP +\&\fBlh_TYPE_retrieve()\fR returns the hash table entry if it has been found, +\&\fB\s-1NULL\s0\fR otherwise. +.PP +\&\fBlh_TYPE_error()\fR returns 1 if an error occurred in the last operation, 0 +otherwise. It's meaningful only after non-retrieve operations. +.PP +\&\fBlh_TYPE_free()\fR, \fBlh_TYPE_doall()\fR and \fBlh_TYPE_doall_arg()\fR return no values. +.SH "NOTE" +.IX Header "NOTE" +The \s-1LHASH\s0 code is not thread safe. All updating operations, as well as +lh_TYPE_error call must be performed under a write lock. All retrieve +operations should be performed under a read lock, \fIunless\fR accurate +usage statistics are desired. In which case, a write lock should be used +for retrieve operations as well. For output of the usage statistics, +using the functions from \fBOPENSSL_LH_stats\fR\|(3), a read lock suffices. +.PP +The \s-1LHASH\s0 code regards table entries as constant data. As such, it +internally represents \fBlh_insert()\fR'd items with a \*(L"const void *\*(R" +pointer type. This is why callbacks such as those used by \fBlh_doall()\fR +and \fBlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the +parameters that pass back the table items' data pointers \- for +consistency, user-provided data is \*(L"const\*(R" at all times as far as the +\&\s-1LHASH\s0 code is concerned. However, as callers are themselves providing +these pointers, they can choose whether they too should be treating +all such parameters as constant. +.PP +As an example, a hash table may be maintained by code that, for +reasons of encapsulation, has only \*(L"const\*(R" access to the data being +indexed in the hash table (ie. it is returned as \*(L"const\*(R" from +elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are +appropriate as-is. Conversely, if the caller is responsible for the +life-time of the data in question, then they may well wish to make +modifications to table item passed back in the \fBlh_doall()\fR or +\&\fBlh_doall_arg()\fR callbacks (see the \*(L"TYPE_cleanup\*(R" example above). If +so, the caller can either cast the \*(L"const\*(R" away (if they're providing +the raw callbacks themselves) or use the macros to declare/implement +the wrapper functions without \*(L"const\*(R" types. +.PP +Callers that only have \*(L"const\*(R" access to data they're indexing in a +table, yet declare callbacks without constant types (or cast the +\&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs +without being encouraged to do so by the \s-1API.\s0 On a related note, +those auditing code should pay special attention to any instances of +DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types +without any \*(L"const\*(R" qualifiers. +.SH "BUGS" +.IX Header "BUGS" +\&\fBlh_TYPE_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_LH_stats\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +In OpenSSL 1.0.0, the lhash interface was revamped for better +type checking. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_LH_stats.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_LH_stats.3 new file mode 100644 index 00000000..8d54597b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_LH_stats.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_LH_STATS 3" +.TH OPENSSL_LH_STATS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio \- LHASH statistics +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_LH_stats(LHASH *table, FILE *out); +\& void OPENSSL_LH_node_stats(LHASH *table, FILE *out); +\& void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out); +\& +\& void OPENSSL_LH_stats_bio(LHASH *table, BIO *out); +\& void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out); +\& void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1LHASH\s0\fR structure records statistics about most aspects of +accessing the hash table. +.PP +\&\fBOPENSSL_LH_stats()\fR prints out statistics on the size of the hash table, how +many entries are in it, and the number and result of calls to the +routines in this library. +.PP +\&\fBOPENSSL_LH_node_stats()\fR prints the number of entries for each 'bucket' in the +hash table. +.PP +\&\fBOPENSSL_LH_node_usage_stats()\fR prints out a short summary of the state of the +hash table. It prints the 'load' and the 'actual load'. The load is +the average number of data items per 'bucket' in the hash table. The +\&'actual load' is the average number of items per 'bucket', but only +for buckets which contain entries. So the 'actual load' is the +average number of searches that will need to find an item in the hash +table, while the 'load' is the average number that will be done to +record a miss. +.PP +\&\fBOPENSSL_LH_stats_bio()\fR, \fBOPENSSL_LH_node_stats_bio()\fR and \fBOPENSSL_LH_node_usage_stats_bio()\fR +are the same as the above, except that the output goes to a \fB\s-1BIO\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions do not return values. +.SH "NOTE" +.IX Header "NOTE" +These calls should be made under a read lock. Refer to +\&\*(L"\s-1NOTE\*(R"\s0 in \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) for more details about the locks required +when using the \s-1LHASH\s0 data structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBbio\fR\|(7), \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_VERSION_NUMBER.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_VERSION_NUMBER.3 new file mode 100644 index 00000000..c94c2459 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_VERSION_NUMBER.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_VERSION_NUMBER 3" +.TH OPENSSL_VERSION_NUMBER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version, OpenSSL_version_num \- get OpenSSL version number +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& #include +\& #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL +\& #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx" +\& +\& #include +\& +\& unsigned long OpenSSL_version_num(); +\& const char *OpenSSL_version(int t); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1OPENSSL_VERSION_NUMBER\s0 is a numeric release version identifier: +.PP +.Vb 1 +\& MNNFFPPS: major minor fix patch status +.Ve +.PP +The status nibble has one of the values 0 for development, 1 to e for betas +1 to 14, and f for release. +.PP +for example +.PP +.Vb 3 +\& 0x000906000 == 0.9.6 dev +\& 0x000906023 == 0.9.6b beta 3 +\& 0x00090605f == 0.9.6e release +.Ve +.PP +Versions prior to 0.9.3 have identifiers < 0x0930. +Versions between 0.9.3 and 0.9.5 had a version identifier with this +interpretation: +.PP +.Vb 1 +\& MMNNFFRBB major minor fix final beta/patch +.Ve +.PP +for example +.PP +.Vb 2 +\& 0x000904100 == 0.9.4 release +\& 0x000905000 == 0.9.5 dev +.Ve +.PP +Version 0.9.5a had an interim interpretation that is like the current one, +except the patch level got the highest bit set, to keep continuity. The +number was therefore 0x0090581f. +.PP +\&\s-1OPENSSL_VERSION_TEXT\s0 is the text variant of the version number and the +release date. For example, +\&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R". +.PP +\&\fBOpenSSL_version_num()\fR returns the version number. +.PP +\&\fBOpenSSL_version()\fR returns different strings depending on \fBt\fR: +.IP "\s-1OPENSSL_VERSION\s0" 4 +.IX Item "OPENSSL_VERSION" +The text variant of the version number and the release date. For example, +\&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R". +.IP "\s-1OPENSSL_CFLAGS\s0" 4 +.IX Item "OPENSSL_CFLAGS" +The compiler flags set for the compilation process in the form +\&\*(L"compiler: ...\*(R" if available or \*(L"compiler: information not available\*(R" +otherwise. +.IP "\s-1OPENSSL_BUILT_ON\s0" 4 +.IX Item "OPENSSL_BUILT_ON" +The date of the build process in the form \*(L"built on: ...\*(R" if available +or \*(L"built on: date not available\*(R" otherwise. +.IP "\s-1OPENSSL_PLATFORM\s0" 4 +.IX Item "OPENSSL_PLATFORM" +The \*(L"Configure\*(R" target of the library build in the form \*(L"platform: ...\*(R" +if available or \*(L"platform: information not available\*(R" otherwise. +.IP "\s-1OPENSSL_DIR\s0" 4 +.IX Item "OPENSSL_DIR" +The \*(L"\s-1OPENSSLDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1OPENSSLDIR: \*(R"..."\*(L"\s0 +if available or \*(R"\s-1OPENSSLDIR: N/A"\s0 otherwise. +.IP "\s-1OPENSSL_ENGINES_DIR\s0" 4 +.IX Item "OPENSSL_ENGINES_DIR" +The \*(L"\s-1ENGINESDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1ENGINESDIR: \*(R"..."\*(L"\s0 +if available or \*(R"\s-1ENGINESDIR: N/A"\s0 otherwise. +.PP +For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOpenSSL_version_num()\fR returns the version number. +.PP +\&\fBOpenSSL_version()\fR returns requested version strings. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_config.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_config.3 new file mode 100644 index 00000000..8ffee227 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_config.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_CONFIG 3" +.TH OPENSSL_CONFIG 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_config, OPENSSL_no_config \- simple OpenSSL configuration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void OPENSSL_config(const char *appname); +\& void OPENSSL_no_config(void); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR and +reads from the application section \fBappname\fR. If \fBappname\fR is \s-1NULL\s0 then +the default section, \fBopenssl_conf\fR, will be used. +Errors are silently ignored. +Multiple calls have no effect. +.PP +\&\fBOPENSSL_no_config()\fR disables configuration. If called before \fBOPENSSL_config()\fR +no configuration takes place. +.PP +If the application is built with \fB\s-1OPENSSL_LOAD_CONF\s0\fR defined, then a +call to \fBOpenSSL_add_all_algorithms()\fR will implicitly call \fBOPENSSL_config()\fR +first. +.SH "NOTES" +.IX Header "NOTES" +The \fBOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and +forget it\*(R" function. +It is however \fBmuch\fR better than nothing. Applications which need finer +control over their configuration functionality should use the configuration +functions such as \fBCONF_modules_load()\fR directly. This function is deprecated +and its use should be avoided. +Applications should instead call \fBCONF_modules_load()\fR during +initialization (that is before starting any threads). +.PP +There are several reasons why calling the OpenSSL configuration routines is +advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). +However very few applications currently support the control interface and so +very few can load and use dynamic ENGINEs. Equally in future more sophisticated +ENGINEs will require certain control operations to customize them. If an +application calls \fBOPENSSL_config()\fR it doesn't need to know or care about +\&\s-1ENGINE\s0 control operations because they can be performed by editing a +configuration file. +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_CONF\s0\fR" 4 +.IX Item "OPENSSL_CONF" +The path to the config file. +Ignored in set-user-ID and set-group-ID programs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Neither \fBOPENSSL_config()\fR nor \fBOPENSSL_no_config()\fR return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5), +\&\fBCONF_modules_load_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOPENSSL_no_config()\fR and \fBOPENSSL_config()\fR functions were +deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_fork_prepare.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_fork_prepare.3 new file mode 100644 index 00000000..d5d3e7a6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_fork_prepare.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_FORK_PREPARE 3" +.TH OPENSSL_FORK_PREPARE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_fork_prepare, OPENSSL_fork_parent, OPENSSL_fork_child \&\- OpenSSL fork handlers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_fork_prepare(void); +\& void OPENSSL_fork_parent(void); +\& void OPENSSL_fork_child(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL has state that should be reset when a process forks. For example, +the entropy pool used to generate random numbers (and therefore encryption +keys) should not be shared across multiple programs. +The \fBOPENSSL_fork_prepare()\fR, \fBOPENSSL_fork_parent()\fR, and \fBOPENSSL_fork_child()\fR +functions are used to reset this internal state. +.PP +Platforms without \fBfork\fR\|(2) will probably not need to use these functions. +Platforms with \fBfork\fR\|(2) but without \fBpthread_atfork\fR\|(3) will probably need +to call them manually, as described in the following paragraph. Platforms +such as Linux that have both functions will normally not need to call these +functions as the OpenSSL library will do so automatically. +.PP +\&\fBOPENSSL_init_crypto\fR\|(3) will register these functions with the appropriate +handler, when the \fB\s-1OPENSSL_INIT_ATFORK\s0\fR flag is used. For other +applications, these functions can be called directly. They should be used +according to the calling sequence described by the \fBpthread_atfork\fR\|(3) +documentation, which is summarized here. \fBOPENSSL_fork_prepare()\fR should +be called before a \fBfork()\fR is done. After the \fBfork()\fR returns, the parent +process should call \fBOPENSSL_fork_parent()\fR and the child process should +call \fBOPENSSL_fork_child()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOPENSSL_fork_prepare()\fR, \fBOPENSSL_fork_parent()\fR and \fBOPENSSL_fork_child()\fR do not +return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_init_crypto\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_ia32cap.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_ia32cap.3 new file mode 100644 index 00000000..663eee7f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_ia32cap.3 @@ -0,0 +1,295 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_IA32CAP 3" +.TH OPENSSL_IA32CAP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_ia32cap \- the x86[_64] processor capabilities vector +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& env OPENSSL_ia32cap=... +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL supports a range of x86[_64] instruction set extensions. These +extensions are denoted by individual bits in capability vector returned +by processor in \s-1EDX:ECX\s0 register pair after executing \s-1CPUID\s0 instruction +with EAX=1 input value (see Intel Application Note #241618). This vector +is copied to memory upon toolkit initialization and used to choose +between different code paths to provide optimal performance across wide +range of processors. For the moment of this writing following bits are +significant: +.IP "bit #4 denoting presence of Time-Stamp Counter." 4 +.IX Item "bit #4 denoting presence of Time-Stamp Counter." +.PD 0 +.IP "bit #19 denoting availability of \s-1CLFLUSH\s0 instruction;" 4 +.IX Item "bit #19 denoting availability of CLFLUSH instruction;" +.IP "bit #20, reserved by Intel, is used to choose among \s-1RC4\s0 code paths;" 4 +.IX Item "bit #20, reserved by Intel, is used to choose among RC4 code paths;" +.IP "bit #23 denoting \s-1MMX\s0 support;" 4 +.IX Item "bit #23 denoting MMX support;" +.IP "bit #24, \s-1FXSR\s0 bit, denoting availability of \s-1XMM\s0 registers;" 4 +.IX Item "bit #24, FXSR bit, denoting availability of XMM registers;" +.IP "bit #25 denoting \s-1SSE\s0 support;" 4 +.IX Item "bit #25 denoting SSE support;" +.IP "bit #26 denoting \s-1SSE2\s0 support;" 4 +.IX Item "bit #26 denoting SSE2 support;" +.IP "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" 4 +.IX Item "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" +.IP "bit #30, reserved by Intel, denotes specifically Intel CPUs;" 4 +.IX Item "bit #30, reserved by Intel, denotes specifically Intel CPUs;" +.IP "bit #33 denoting availability of \s-1PCLMULQDQ\s0 instruction;" 4 +.IX Item "bit #33 denoting availability of PCLMULQDQ instruction;" +.IP "bit #41 denoting \s-1SSSE3,\s0 Supplemental \s-1SSE3,\s0 support;" 4 +.IX Item "bit #41 denoting SSSE3, Supplemental SSE3, support;" +.IP "bit #43 denoting \s-1AMD XOP\s0 support (forced to zero on non-AMD CPUs);" 4 +.IX Item "bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);" +.IP "bit #54 denoting availability of \s-1MOVBE\s0 instruction;" 4 +.IX Item "bit #54 denoting availability of MOVBE instruction;" +.IP "bit #57 denoting AES-NI instruction set extension;" 4 +.IX Item "bit #57 denoting AES-NI instruction set extension;" +.IP "bit #58, \s-1XSAVE\s0 bit, lack of which in combination with \s-1MOVBE\s0 is used to identify Atom Silvermont core;" 4 +.IX Item "bit #58, XSAVE bit, lack of which in combination with MOVBE is used to identify Atom Silvermont core;" +.IP "bit #59, \s-1OSXSAVE\s0 bit, denoting availability of \s-1YMM\s0 registers;" 4 +.IX Item "bit #59, OSXSAVE bit, denoting availability of YMM registers;" +.IP "bit #60 denoting \s-1AVX\s0 extension;" 4 +.IX Item "bit #60 denoting AVX extension;" +.IP "bit #62 denoting availability of \s-1RDRAND\s0 instruction;" 4 +.IX Item "bit #62 denoting availability of RDRAND instruction;" +.PD +.PP +For example, in 32\-bit application context clearing bit #26 at run-time +disables high-performance \s-1SSE2\s0 code present in the crypto library, while +clearing bit #24 disables \s-1SSE2\s0 code operating on 128\-bit \s-1XMM\s0 register +bank. You might have to do the latter if target OpenSSL application is +executed on \s-1SSE2\s0 capable \s-1CPU,\s0 but under control of \s-1OS\s0 that does not +enable \s-1XMM\s0 registers. Historically address of the capability vector copy +was exposed to application through \fBOPENSSL_ia32cap_loc()\fR, but not +anymore. Now the only way to affect the capability detection is to set +OPENSSL_ia32cap environment variable prior target application start. To +give a specific example, on Intel P4 processor 'env +OPENSSL_ia32cap=0x16980010 apps/openssl', or better yet 'env +OPENSSL_ia32cap=~0x1000000 apps/openssl' would achieve the desired +effect. Alternatively you can reconfigure the toolkit with no\-sse2 +option and recompile. +.PP +Less intuitive is clearing bit #28, or ~0x10000000 in the \*(L"environment +variable\*(R" terms. The truth is that it's not copied from \s-1CPUID\s0 output +verbatim, but is adjusted to reflect whether or not the data cache is +actually shared between logical cores. This in turn affects the decision +on whether or not expensive countermeasures against cache-timing attacks +are applied, most notably in \s-1AES\s0 assembler module. +.PP +The capability vector is further extended with \s-1EBX\s0 value returned by +\&\s-1CPUID\s0 with EAX=7 and ECX=0 as input. Following bits are significant: +.IP "bit #64+3 denoting availability of \s-1BMI1\s0 instructions, e.g. \s-1ANDN\s0;" 4 +.IX Item "bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;" +.PD 0 +.IP "bit #64+5 denoting availability of \s-1AVX2\s0 instructions;" 4 +.IX Item "bit #64+5 denoting availability of AVX2 instructions;" +.IP "bit #64+8 denoting availability of \s-1BMI2\s0 instructions, e.g. \s-1MULX\s0 and \s-1RORX\s0;" 4 +.IX Item "bit #64+8 denoting availability of BMI2 instructions, e.g. MULX and RORX;" +.IP "bit #64+16 denoting availability of \s-1AVX512F\s0 extension;" 4 +.IX Item "bit #64+16 denoting availability of AVX512F extension;" +.IP "bit #64+18 denoting availability of \s-1RDSEED\s0 instruction;" 4 +.IX Item "bit #64+18 denoting availability of RDSEED instruction;" +.IP "bit #64+19 denoting availability of \s-1ADCX\s0 and \s-1ADOX\s0 instructions;" 4 +.IX Item "bit #64+19 denoting availability of ADCX and ADOX instructions;" +.IP "bit #64+21 denoting availability of VPMADD52[\s-1LH\s0]UQ instructions, a.k.a. \s-1AVX512IFMA\s0 extension;" 4 +.IX Item "bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, a.k.a. AVX512IFMA extension;" +.IP "bit #64+29 denoting availability of \s-1SHA\s0 extension;" 4 +.IX Item "bit #64+29 denoting availability of SHA extension;" +.IP "bit #64+30 denoting availability of \s-1AVX512BW\s0 extension;" 4 +.IX Item "bit #64+30 denoting availability of AVX512BW extension;" +.IP "bit #64+31 denoting availability of \s-1AVX512VL\s0 extension;" 4 +.IX Item "bit #64+31 denoting availability of AVX512VL extension;" +.IP "bit #64+41 denoting availability of \s-1VAES\s0 extension;" 4 +.IX Item "bit #64+41 denoting availability of VAES extension;" +.IP "bit #64+42 denoting availability of \s-1VPCLMULQDQ\s0 extension;" 4 +.IX Item "bit #64+42 denoting availability of VPCLMULQDQ extension;" +.PD +.PP +To control this extended capability word use ':' as delimiter when +setting up OPENSSL_ia32cap environment variable. For example assigning +\&':~0x20' would disable \s-1AVX2\s0 code paths, and ':0' \- all post-AVX +extensions. +.PP +It should be noted that whether or not some of the most \*(L"fancy\*(R" +extension code paths are actually assembled depends on current assembler +version. Base minimum of \s-1AES\-NI/PCLMULQDQ, SSSE3\s0 and \s-1SHA\s0 extension code +paths are always assembled. Apart from that, minimum assembler version +requirements are summarized in below table: +.PP +.Vb 8 +\& Extension | GNU as | nasm | llvm +\& \-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\- +\& AVX | 2.19 | 2.09 | 3.0 +\& AVX2 | 2.22 | 2.10 | 3.1 +\& ADCX/ADOX | 2.23 | 2.10 | 3.3 +\& AVX512 | 2.25 | 2.11.8 | see NOTES +\& AVX512IFMA | 2.26 | 2.11.8 | see NOTES +\& VAES | 2.30 | 2.13.3 | +.Ve +.SH "NOTES" +.IX Header "NOTES" +Even though \s-1AVX512\s0 support was implemented in llvm 3.6, compilation of +assembly modules apparently requires explicit \-march flag. But then +compiler generates processor-specific code, which in turn contradicts +the mere idea of run-time switch execution facilitated by the variable +in question. Till the limitation is lifted, it's possible to work around +the problem by making build procedure use following script: +.PP +.Vb 2 +\& #!/bin/sh +\& exec clang \-no\-integrated\-as "$@" +.Ve +.PP +instead of real clang. In which case it doesn't matter which clang +version is used, as it is \s-1GNU\s0 assembler version that will be checked. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Not available. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_init_crypto.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_init_crypto.3 new file mode 100644 index 00000000..534d12ad --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_init_crypto.3 @@ -0,0 +1,379 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INIT_CRYPTO 3" +.TH OPENSSL_INIT_CRYPTO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, OPENSSL_thread_stop \- OpenSSL initialisation and deinitialisation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_cleanup(void); +\& int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +\& int OPENSSL_atexit(void (*handler)(void)); +\& void OPENSSL_thread_stop(void); +\& +\& OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +\& int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, +\& const char* filename); +\& int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, +\& unsigned long flags); +\& int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init, +\& const char* name); +\& void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During normal operation OpenSSL (libcrypto) will allocate various resources at +start up that must, subsequently, be freed on close down of the library. +Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing. +.PP +As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required. +.PP +However, there may be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function \fBOPENSSL_init_crypto()\fR can be used for this purpose for +libcrypto (see also \fBOPENSSL_init_ssl\fR\|(3) for the libssl +equivalent). +.PP +Numerous internal OpenSSL functions call \fBOPENSSL_init_crypto()\fR. +Therefore, in order to perform non-default initialisation, +\&\fBOPENSSL_init_crypto()\fR \s-1MUST\s0 be called by application code prior to +any other OpenSSL function calls. +.PP +The \fBopts\fR parameter specifies which aspects of libcrypto should be +initialised. Valid options are: +.IP "\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS" +Suppress automatic loading of the libcrypto error strings. This option is +not a default option. Once selected subsequent calls to +\&\fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_CRYPTO_STRINGS" +Automatic loading of the libcrypto error strings. With this option the +library will automatically load the libcrypto error strings. +This option is a default option. Once selected subsequent calls to +\&\fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0" 4 +.IX Item "OPENSSL_INIT_ADD_ALL_CIPHERS" +With this option the library will automatically load and make available all +libcrypto ciphers. This option is a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0" 4 +.IX Item "OPENSSL_INIT_ADD_ALL_DIGESTS" +With this option the library will automatically load and make available all +libcrypto digests. This option is a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0" 4 +.IX Item "OPENSSL_INIT_NO_ADD_ALL_CIPHERS" +With this option the library will suppress automatic loading of libcrypto +ciphers. This option is not a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_DIGESTS\s0" 4 +.IX Item "OPENSSL_INIT_NO_ADD_ALL_DIGESTS" +With this option the library will suppress automatic loading of libcrypto +digests. This option is not a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_CONFIG\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_CONFIG" +With this option an OpenSSL configuration file will be automatically loaded and +used by calling \fBOPENSSL_config()\fR. This is not a default option for libcrypto. +As of OpenSSL 1.1.1 this is a default option for libssl (see +\&\fBOPENSSL_init_ssl\fR\|(3) for further details about libssl initialisation). See the +description of \fBOPENSSL_INIT_new()\fR, below. +.IP "\s-1OPENSSL_INIT_NO_LOAD_CONFIG\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_CONFIG" +With this option the loading of OpenSSL configuration files will be suppressed. +It is the equivalent of calling \fBOPENSSL_no_config()\fR. This is not a default +option. +.IP "\s-1OPENSSL_INIT_ASYNC\s0" 4 +.IX Item "OPENSSL_INIT_ASYNC" +With this option the library with automatically initialise the libcrypto async +sub-library (see \fBASYNC_start_job\fR\|(3)). This is a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_RDRAND\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_RDRAND" +With this option the library will automatically load and initialise the +\&\s-1RDRAND\s0 engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_DYNAMIC\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_DYNAMIC" +With this option the library will automatically load and initialise the +dynamic engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_OPENSSL\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_OPENSSL" +With this option the library will automatically load and initialise the +openssl engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_CRYPTODEV\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_CRYPTODEV" +With this option the library will automatically load and initialise the +cryptodev engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_CAPI\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_CAPI" +With this option the library will automatically load and initialise the +\&\s-1CAPI\s0 engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_PADLOCK\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_PADLOCK" +With this option the library will automatically load and initialise the +padlock engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_AFALG\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_AFALG" +With this option the library will automatically load and initialise the +\&\s-1AFALG\s0 engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_ALL_BUILTIN\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_ALL_BUILTIN" +With this option the library will automatically load and initialise all the +built in engines listed above with the exception of the openssl and afalg +engines. This not a default option. +.IP "\s-1OPENSSL_INIT_ATFORK\s0" 4 +.IX Item "OPENSSL_INIT_ATFORK" +With this option the library will register its fork handlers. +See \fBOPENSSL_fork_prepare\fR\|(3) for details. +.IP "\s-1OPENSSL_INIT_NO_ATEXIT\s0" 4 +.IX Item "OPENSSL_INIT_NO_ATEXIT" +By default OpenSSL will attempt to clean itself up when the process exits via an +\&\*(L"atexit\*(R" handler. Using this option suppresses that behaviour. This means that +the application will have to clean up OpenSSL explicitly using +\&\fBOPENSSL_cleanup()\fR. +.PP +Multiple options may be combined together in a single call to +\&\fBOPENSSL_init_crypto()\fR. For example: +.PP +.Vb 2 +\& OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS +\& | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL); +.Ve +.PP +The \fBOPENSSL_cleanup()\fR function deinitialises OpenSSL (both libcrypto +and libssl). All resources allocated by OpenSSL are freed. Typically there +should be no need to call this function directly as it is initiated +automatically on application exit. This is done via the standard C library +\&\fBatexit()\fR function. In the event that the application will close in a manner +that will not call the registered \fBatexit()\fR handlers then the application should +call \fBOPENSSL_cleanup()\fR directly. Developers of libraries using OpenSSL +are discouraged from calling this function and should instead, typically, rely +on auto-deinitialisation. This is to avoid error conditions where both an +application and a library it depends on both use OpenSSL, and the library +deinitialises it before the application has finished using it. +.PP +Once \fBOPENSSL_cleanup()\fR has been called the library cannot be reinitialised. +Attempts to call \fBOPENSSL_init_crypto()\fR will fail and an \s-1ERR_R_INIT_FAIL\s0 error +will be added to the error stack. Note that because initialisation has failed +OpenSSL error strings will not be available, only an error code. This code can +be put through the openssl errstr command line application to produce a human +readable error (see \fBerrstr\fR\|(1)). +.PP +The \fBOPENSSL_atexit()\fR function enables the registration of a +function to be called during \fBOPENSSL_cleanup()\fR. Stop handlers are +called after deinitialisation of resources local to a thread, but before other +process wide resources are freed. In the event that multiple stop handlers are +registered, no guarantees are made about the order of execution. +.PP +The \fBOPENSSL_thread_stop()\fR function deallocates resources associated +with the current thread. Typically this function will be called automatically by +the library when the thread exits. This should only be called directly if +resources should be freed at an earlier time, or under the circumstances +described in the \s-1NOTES\s0 section below. +.PP +The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a configuration file, as with +\&\fBCONF_modules_load_file\fR\|(3) with \s-1NULL\s0 filename and application name and the +\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR, \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR and +\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR flags. +The filename, application name, and flags can be customized by providing a +non-null \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR object. +The object can be allocated via \fB\fBOPENSSL_init_new()\fB\fR. +The \fB\fBOPENSSL_INIT_set_config_filename()\fB\fR function can be used to specify a +non-default filename, which is copied and need not refer to persistent storage. +Similarly, \fBOPENSSL_INIT_set_config_appname()\fR can be used to specify a +non-default application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +If the \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR flag is not included, any errors in +the configuration file will cause an error return from \fBOPENSSL_init_crypto\fR +or indirectly \fBOPENSSL_init_ssl\fR\|(3). +The object can be released with \fBOPENSSL_INIT_free()\fR when done. +.SH "NOTES" +.IX Header "NOTES" +Resources local to a thread are deallocated automatically when the thread exits +(e.g. in a pthreads environment, when \fBpthread_exit()\fR is called). On Windows +platforms this is done in response to a \s-1DLL_THREAD_DETACH\s0 message being sent to +the libcrypto32.dll entry point. Some windows functions may cause threads to exit +without sending this message (for example \fBExitProcess()\fR). If the application +uses such functions, then the application must free up OpenSSL resources +directly via a call to \fBOPENSSL_thread_stop()\fR on each thread. Similarly this +message will also not be sent if OpenSSL is linked statically, and therefore +applications using static linking should also call \fBOPENSSL_thread_stop()\fR on each +thread. Additionally if OpenSSL is loaded dynamically via \fBLoadLibrary()\fR and the +threads are not destroyed until after \fBFreeLibrary()\fR is called then each thread +should call \fBOPENSSL_thread_stop()\fR prior to the \fBFreeLibrary()\fR call. +.PP +On Linux/Unix where OpenSSL has been loaded via \fBdlopen()\fR and the application is +multi-threaded and if \fBdlclose()\fR is subsequently called prior to the threads +being destroyed then OpenSSL will not be able to deallocate resources associated +with those threads. The application should either call \fBOPENSSL_thread_stop()\fR on +each thread prior to the \fBdlclose()\fR call, or alternatively the original \fBdlopen()\fR +call should use the \s-1RTLD_NODELETE\s0 flag (where available on the platform). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions OPENSSL_init_crypto, \fBOPENSSL_atexit()\fR and +\&\fBOPENSSL_INIT_set_config_appname()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_init_ssl\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOPENSSL_init_crypto()\fR, \fBOPENSSL_cleanup()\fR, \fBOPENSSL_atexit()\fR, +\&\fBOPENSSL_thread_stop()\fR, \fBOPENSSL_INIT_new()\fR, \fBOPENSSL_INIT_set_config_appname()\fR +and \fBOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_init_ssl.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_init_ssl.3 new file mode 100644 index 00000000..8933c157 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_init_ssl.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INIT_SSL 3" +.TH OPENSSL_INIT_SSL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_init_ssl \- OpenSSL (libssl and libcrypto) initialisation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During normal operation OpenSSL (libssl and libcrypto) will allocate various +resources at start up that must, subsequently, be freed on close down of the +library. Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing. +.PP +As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required. +.PP +However, there may be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function \fBOPENSSL_init_ssl()\fR can be used for this purpose. Calling +this function will explicitly initialise \s-1BOTH\s0 libcrypto and libssl. To +explicitly initialise \s-1ONLY\s0 libcrypto see the +\&\fBOPENSSL_init_crypto\fR\|(3) function. +.PP +Numerous internal OpenSSL functions call \fBOPENSSL_init_ssl()\fR. +Therefore, in order to perform non-default initialisation, +\&\fBOPENSSL_init_ssl()\fR \s-1MUST\s0 be called by application code prior to +any other OpenSSL function calls. +.PP +The \fBopts\fR parameter specifies which aspects of libssl and libcrypto should be +initialised. Valid options for libcrypto are described on the +\&\fBOPENSSL_init_crypto\fR\|(3) page. In addition to any libcrypto +specific option the following libssl options can also be used: +.IP "\s-1OPENSSL_INIT_NO_LOAD_SSL_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_SSL_STRINGS" +Suppress automatic loading of the libssl error strings. This option is +not a default option. Once selected subsequent calls to +\&\fBOPENSSL_init_ssl()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_SSL_STRINGS" +Automatic loading of the libssl error strings. This option is a +default option. Once selected subsequent calls to +\&\fBOPENSSL_init_ssl()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. +.PP +\&\fBOPENSSL_init_ssl()\fR takes a \fBsettings\fR parameter which can be used to +set parameter values. See \fBOPENSSL_init_crypto\fR\|(3) for details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The function \fBOPENSSL_init_ssl()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_init_crypto\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOPENSSL_init_ssl()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_instrument_bus.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_instrument_bus.3 new file mode 100644 index 00000000..482178f2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_instrument_bus.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INSTRUMENT_BUS 3" +.TH OPENSSL_INSTRUMENT_BUS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_instrument_bus, OPENSSL_instrument_bus2 \- instrument references to memory bus +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& #ifdef OPENSSL_CPUID_OBJ +\& size_t OPENSSL_instrument_bus(int *vector, size_t num); +\& size_t OPENSSL_instrument_bus2(int *vector, size_t num, size_t max); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +It was empirically found that timings of references to primary memory +are subject to irregular, apparently non-deterministic variations. The +subroutines in question instrument these references for purposes of +gathering randomness for random number generator. In order to make it +bus-bound a 'flush cache line' instruction is used between probes. In +addition probes are added to \fBvector\fR elements in atomic or +interlocked manner, which should contribute additional noise on +multi-processor systems. This also means that \fBvector[num]\fR should be +zeroed upon invocation (if you want to retrieve actual probe values). +.PP +\&\fBOPENSSL_instrument_bus()\fR performs \fBnum\fR probes and records the number of +oscillator cycles every probe took. +.PP +\&\fBOPENSSL_instrument_bus2()\fR on the other hand \fBaccumulates\fR consecutive +probes with the same value, i.e. in a way it records duration of +periods when probe values appeared deterministic. The subroutine +performs at most \fBmax\fR probes in attempt to fill the \fBvector[num]\fR, +with \fBmax\fR value of 0 meaning \*(L"as many as it takes.\*(R" +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Return value of 0 indicates that \s-1CPU\s0 is not capable of performing the +benchmark, either because oscillator counter or 'flush cache line' is +not available on current platform. For reference, on x86 'flush cache +line' was introduced with the \s-1SSE2\s0 extensions. +.PP +Otherwise number of recorded values is returned. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2011\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_load_builtin_modules.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_load_builtin_modules.3 new file mode 100644 index 00000000..4ee9b4ff --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_load_builtin_modules.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_LOAD_BUILTIN_MODULES 3" +.TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module \- add standard configuration modules +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_load_builtin_modules(void); +\& void ASN1_add_oid_module(void); +\& void ENGINE_add_conf_module(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL +configuration modules to the internal list. They can then be used by the +OpenSSL configuration code. +.PP +\&\fBASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module. +.PP +\&\fBENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module. +.SH "NOTES" +.IX Header "NOTES" +If the simple configuration function \fBOPENSSL_config()\fR is called then +\&\fBOPENSSL_load_builtin_modules()\fR is called automatically. +.PP +Applications which use the configuration functions directly will need to +call \fBOPENSSL_load_builtin_modules()\fR themselves \fIbefore\fR any other +configuration code. +.PP +Applications should call \fBOPENSSL_load_builtin_modules()\fR to load all +configuration modules instead of adding modules selectively: otherwise +functionality may be missing from the application if an when new +modules are added. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_malloc.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_malloc.3 new file mode 100644 index 00000000..aad0a031 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_malloc.3 @@ -0,0 +1,371 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_MALLOC 3" +.TH OPENSSL_MALLOC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_malloc_init, OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free, OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse, CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free, OPENSSL_strdup, OPENSSL_strndup, OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat, OPENSSL_hexstr2buf, OPENSSL_buf2hexstr, OPENSSL_hexchar2int, CRYPTO_strdup, CRYPTO_strndup, OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop, CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop, CRYPTO_clear_realloc, CRYPTO_clear_free, CRYPTO_get_mem_functions, CRYPTO_set_mem_functions, CRYPTO_get_alloc_counts, CRYPTO_set_mem_debug, CRYPTO_mem_ctrl, CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp, CRYPTO_mem_leaks_cb, OPENSSL_MALLOC_FAILURES, OPENSSL_MALLOC_FD \&\- Memory allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OPENSSL_malloc_init(void) +\& +\& void *OPENSSL_malloc(size_t num) +\& void *OPENSSL_zalloc(size_t num) +\& void *OPENSSL_realloc(void *addr, size_t num) +\& void OPENSSL_free(void *addr) +\& char *OPENSSL_strdup(const char *str) +\& char *OPENSSL_strndup(const char *str, size_t s) +\& size_t OPENSSL_strlcat(char *dst, const char *src, size_t size); +\& size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size); +\& void *OPENSSL_memdup(void *data, size_t s) +\& void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num) +\& void OPENSSL_clear_free(void *str, size_t num) +\& void OPENSSL_cleanse(void *ptr, size_t len); +\& +\& unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); +\& char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len); +\& int OPENSSL_hexchar2int(unsigned char c); +\& +\& void *CRYPTO_malloc(size_t num, const char *file, int line) +\& void *CRYPTO_zalloc(size_t num, const char *file, int line) +\& void *CRYPTO_realloc(void *p, size_t num, const char *file, int line) +\& void CRYPTO_free(void *str, const char *, int) +\& char *CRYPTO_strdup(const char *p, const char *file, int line) +\& char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line) +\& void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num, +\& const char *file, int line) +\& void CRYPTO_clear_free(void *str, size_t num, const char *, int) +\& +\& void CRYPTO_get_mem_functions( +\& void *(**m)(size_t, const char *, int), +\& void *(**r)(void *, size_t, const char *, int), +\& void (**f)(void *, const char *, int)) +\& int CRYPTO_set_mem_functions( +\& void *(*m)(size_t, const char *, int), +\& void *(*r)(void *, size_t, const char *, int), +\& void (*f)(void *, const char *, int)) +\& +\& void CRYPTO_get_alloc_counts(int *m, int *r, int *f) +\& +\& int CRYPTO_set_mem_debug(int onoff) +\& +\& env OPENSSL_MALLOC_FAILURES=... +\& env OPENSSL_MALLOC_FD=... +\& +\& int CRYPTO_mem_ctrl(int mode); +\& +\& int OPENSSL_mem_debug_push(const char *info) +\& int OPENSSL_mem_debug_pop(void); +\& +\& int CRYPTO_mem_debug_push(const char *info, const char *file, int line); +\& int CRYPTO_mem_debug_pop(void); +\& +\& int CRYPTO_mem_leaks(BIO *b); +\& int CRYPTO_mem_leaks_fp(FILE *fp); +\& int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), +\& void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL memory allocation is handled by the \fBOPENSSL_xxx\fR \s-1API.\s0 These are +generally macro's that add the standard C \fB_\|_FILE_\|_\fR and \fB_\|_LINE_\|_\fR +parameters and call a lower-level \fBCRYPTO_xxx\fR \s-1API.\s0 +Some functions do not add those parameters, but exist for consistency. +.PP +\&\fBOPENSSL_malloc_init()\fR does nothing and does not need to be called. It is +included for compatibility with older versions of OpenSSL. +.PP +\&\fBOPENSSL_malloc()\fR, \fBOPENSSL_realloc()\fR, and \fBOPENSSL_free()\fR are like the +C \fBmalloc()\fR, \fBrealloc()\fR, and \fBfree()\fR functions. +\&\fBOPENSSL_zalloc()\fR calls \fBmemset()\fR to zero the memory before returning. +.PP +\&\fBOPENSSL_clear_realloc()\fR and \fBOPENSSL_clear_free()\fR should be used +when the buffer at \fBaddr\fR holds sensitive information. +The old buffer is filled with zero's by calling \fBOPENSSL_cleanse()\fR +before ultimately calling \fBOPENSSL_free()\fR. +.PP +\&\fBOPENSSL_cleanse()\fR fills \fBptr\fR of size \fBlen\fR with a string of 0's. +Use \fBOPENSSL_cleanse()\fR with care if the memory is a mapping of a file. +If the storage controller uses write compression, then its possible +that sensitive tail bytes will survive zeroization because the block of +zeros will be compressed. If the storage controller uses wear leveling, +then the old sensitive data will not be overwritten; rather, a block of +0's will be written at a new physical location. +.PP +\&\fBOPENSSL_strdup()\fR, \fBOPENSSL_strndup()\fR and \fBOPENSSL_memdup()\fR are like the +equivalent C functions, except that memory is allocated by calling the +\&\fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR. +.PP +\&\fBOPENSSL_strlcpy()\fR, +\&\fBOPENSSL_strlcat()\fR and \fBOPENSSL_strnlen()\fR are equivalents of the common C +library functions and are provided for portability. +.PP +\&\fBOPENSSL_hexstr2buf()\fR parses \fBstr\fR as a hex string and returns a +pointer to the parsed value. The memory is allocated by calling +\&\fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR. +If \fBlen\fR is not \s-1NULL,\s0 it is filled in with the output length. +Colons between two-character hex \*(L"bytes\*(R" are ignored. +An odd number of hex digits is an error. +.PP +\&\fBOPENSSL_buf2hexstr()\fR takes the specified buffer and length, and returns +a hex string for value, or \s-1NULL\s0 on error. +\&\fBBuffer\fR cannot be \s-1NULL\s0; if \fBlen\fR is 0 an empty string is returned. +.PP +\&\fBOPENSSL_hexchar2int()\fR converts a character to the hexadecimal equivalent, +or returns \-1 on error. +.PP +If no allocations have been done, it is possible to \*(L"swap out\*(R" the default +implementations for \fBOPENSSL_malloc()\fR, OPENSSL_realloc and \fBOPENSSL_free()\fR +and replace them with alternate versions (hooks). +\&\fBCRYPTO_get_mem_functions()\fR function fills in the given arguments with the +function pointers for the current implementations. +With \fBCRYPTO_set_mem_functions()\fR, you can specify a different set of functions. +If any of \fBm\fR, \fBr\fR, or \fBf\fR are \s-1NULL,\s0 then the function is not changed. +.PP +The default implementation can include some debugging capability (if enabled +at build-time). +This adds some overhead by keeping a list of all memory allocations, and +removes items from the list when they are free'd. +This is most useful for identifying memory leaks. +\&\fBCRYPTO_set_mem_debug()\fR turns this tracking on and off. In order to have +any effect, is must be called before any of the allocation functions +(e.g., \fBCRYPTO_malloc()\fR) are called, and is therefore normally one of the +first lines of \fBmain()\fR in an application. +\&\fBCRYPTO_mem_ctrl()\fR provides fine-grained control of memory leak tracking. +To enable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of +the \fB\s-1CRYPTO_MEM_CHECK_ON\s0\fR. +To disable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of +the \fB\s-1CRYPTO_MEM_CHECK_OFF\s0\fR. +.PP +While checking memory, it can be useful to store additional context +about what is being done. +For example, identifying the field names when parsing a complicated +data structure. +\&\fBOPENSSL_mem_debug_push()\fR (which calls \fBCRYPTO_mem_debug_push()\fR) +attaches an identifying string to the allocation stack. +This must be a global or other static string; it is not copied. +\&\fBOPENSSL_mem_debug_pop()\fR removes identifying state from the stack. +.PP +At the end of the program, calling \fBCRYPTO_mem_leaks()\fR or +\&\fBCRYPTO_mem_leaks_fp()\fR will report all \*(L"leaked\*(R" memory, writing it +to the specified \s-1BIO\s0 \fBb\fR or \s-1FILE\s0 \fBfp\fR. These functions return 1 if +there are no leaks, 0 if there are leaks and \-1 if an error occurred. +.PP +\&\fBCRYPTO_mem_leaks_cb()\fR does the same as \fBCRYPTO_mem_leaks()\fR, but instead +of writing to a given \s-1BIO,\s0 the callback function is called for each +output string with the string, length, and userdata \fBu\fR as the callback +parameters. +.PP +If the library is built with the \f(CW\*(C`crypto\-mdebug\*(C'\fR option, then one +function, \fBCRYPTO_get_alloc_counts()\fR, and two additional environment +variables, \fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR and \fB\s-1OPENSSL_MALLOC_FD\s0\fR, +are available. +.PP +The function \fBCRYPTO_get_alloc_counts()\fR fills in the number of times +each of \fBCRYPTO_malloc()\fR, \fBCRYPTO_realloc()\fR, and \fBCRYPTO_free()\fR have been +called, into the values pointed to by \fBmcount\fR, \fBrcount\fR, and \fBfcount\fR, +respectively. If a pointer is \s-1NULL,\s0 then the corresponding count is not stored. +.PP +The variable +\&\fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR controls how often allocations should fail. +It is a set of fields separated by semicolons, which each field is a count +(defaulting to zero) and an optional atsign and percentage (defaulting +to 100). If the count is zero, then it lasts forever. For example, +\&\f(CW\*(C`100;@25\*(C'\fR or \f(CW\*(C`100@0;0@25\*(C'\fR means the first 100 allocations pass, then all +other allocations (until the program exits or crashes) have a 25% chance of +failing. +.PP +If the variable \fB\s-1OPENSSL_MALLOC_FD\s0\fR is parsed as a positive integer, then +it is taken as an open file descriptor, and a record of all allocations is +written to that descriptor. If an allocation will fail, and the platform +supports it, then a backtrace will be written to the descriptor. This can +be useful because a malloc may fail but not be checked, and problems will +only occur later. The following example in classic shell syntax shows how +to use this (will not work on all platforms): +.PP +.Vb 5 +\& OPENSSL_MALLOC_FAILURES=\*(Aq200;@10\*(Aq +\& export OPENSSL_MALLOC_FAILURES +\& OPENSSL_MALLOC_FD=3 +\& export OPENSSL_MALLOC_FD +\& ...app invocation... 3>/tmp/log$$ +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOPENSSL_malloc_init()\fR, \fBOPENSSL_free()\fR, \fBOPENSSL_clear_free()\fR +\&\fBCRYPTO_free()\fR, \fBCRYPTO_clear_free()\fR and \fBCRYPTO_get_mem_functions()\fR +return no value. +.PP +\&\fBCRYPTO_mem_leaks()\fR, \fBCRYPTO_mem_leaks_fp()\fR and \fBCRYPTO_mem_leaks_cb()\fR return 1 if +there are no leaks, 0 if there are leaks and \-1 if an error occurred. +.PP +\&\fBOPENSSL_malloc()\fR, \fBOPENSSL_zalloc()\fR, \fBOPENSSL_realloc()\fR, +\&\fBOPENSSL_clear_realloc()\fR, +\&\fBCRYPTO_malloc()\fR, \fBCRYPTO_zalloc()\fR, \fBCRYPTO_realloc()\fR, +\&\fBCRYPTO_clear_realloc()\fR, +\&\fBOPENSSL_buf2hexstr()\fR, \fBOPENSSL_hexstr2buf()\fR, +\&\fBOPENSSL_strdup()\fR, and \fBOPENSSL_strndup()\fR +return a pointer to allocated memory or \s-1NULL\s0 on error. +.PP +\&\fBCRYPTO_set_mem_functions()\fR and \fBCRYPTO_set_mem_debug()\fR +return 1 on success or 0 on failure (almost +always because allocations have already happened). +.PP +\&\fBCRYPTO_mem_ctrl()\fR returns \-1 if an error occurred, otherwise the +previous value of the mode. +.PP +\&\fBOPENSSL_mem_debug_push()\fR and \fBOPENSSL_mem_debug_pop()\fR +return 1 on success or 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +While it's permitted to swap out only a few and not all the functions +with \fBCRYPTO_set_mem_functions()\fR, it's recommended to swap them all out +at once. \fIThis applies specially if OpenSSL was built with the +configuration option\fR \f(CW\*(C`crypto\-mdebug\*(C'\fR \fIenabled. In case, swapping out +only, say, the \f(BImalloc()\fI implementation is outright dangerous.\fR +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_secure_malloc.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_secure_malloc.3 new file mode 100644 index 00000000..cc1ecb47 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OPENSSL_secure_malloc.3 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_SECURE_MALLOC 3" +.TH OPENSSL_SECURE_MALLOC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, CRYPTO_secure_free, OPENSSL_secure_clear_free, CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, CRYPTO_secure_allocated, CRYPTO_secure_used \- secure heap storage +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CRYPTO_secure_malloc_init(size_t size, int minsize); +\& +\& int CRYPTO_secure_malloc_initialized(); +\& +\& int CRYPTO_secure_malloc_done(); +\& +\& void *OPENSSL_secure_malloc(size_t num); +\& void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +\& +\& void *OPENSSL_secure_zalloc(size_t num); +\& void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +\& +\& void OPENSSL_secure_free(void* ptr); +\& void CRYPTO_secure_free(void *ptr, const char *, int); +\& +\& void OPENSSL_secure_clear_free(void* ptr, size_t num); +\& void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int); +\& +\& size_t OPENSSL_secure_actual_size(const void *ptr); +\& +\& int CRYPTO_secure_allocated(const void *ptr); +\& size_t CRYPTO_secure_used(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In order to help protect applications (particularly long-running servers) +from pointer overruns or underruns that could return arbitrary data from +the program's dynamic memory area, where keys and other sensitive +information might be stored, OpenSSL supports the concept of a \*(L"secure heap.\*(R" +The level and type of security guarantees depend on the operating system. +It is a good idea to review the code and see if it addresses your +threat model and concerns. +.PP +If a secure heap is used, then private key \fB\s-1BIGNUM\s0\fR values are stored there. +This protects long-term storage of private keys, but will not necessarily +put all intermediate values and computations there. +.PP +\&\fBCRYPTO_secure_malloc_init()\fR creates the secure heap, with the specified +\&\f(CW\*(C`size\*(C'\fR in bytes. The \f(CW\*(C`minsize\*(C'\fR parameter is the minimum size to +allocate from the heap. Both \f(CW\*(C`size\*(C'\fR and \f(CW\*(C`minsize\*(C'\fR must be a power +of two. +.PP +\&\fBCRYPTO_secure_malloc_initialized()\fR indicates whether or not the secure +heap as been initialized and is available. +.PP +\&\fBCRYPTO_secure_malloc_done()\fR releases the heap and makes the memory unavailable +to the process if all secure memory has been freed. +It can take noticeably long to complete. +.PP +\&\fBOPENSSL_secure_malloc()\fR allocates \f(CW\*(C`num\*(C'\fR bytes from the heap. +If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fBOPENSSL_malloc()\fR. +It is a macro that expands to +\&\fBCRYPTO_secure_malloc()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters. +.PP +\&\fBOPENSSL_secure_zalloc()\fR and \fBCRYPTO_secure_zalloc()\fR are like +\&\fBOPENSSL_secure_malloc()\fR and \fBCRYPTO_secure_malloc()\fR, respectively, +except that they call \fBmemset()\fR to zero the memory before returning. +.PP +\&\fBOPENSSL_secure_free()\fR releases the memory at \f(CW\*(C`ptr\*(C'\fR back to the heap. +It must be called with a value previously obtained from +\&\fBOPENSSL_secure_malloc()\fR. +If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fBOPENSSL_free()\fR. +It exists for consistency with \fBOPENSSL_secure_malloc()\fR , and +is a macro that expands to \fBCRYPTO_secure_free()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR +and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters.. +.PP +\&\fBOPENSSL_secure_clear_free()\fR is similar to \fBOPENSSL_secure_free()\fR except +that it has an additional \f(CW\*(C`num\*(C'\fR parameter which is used to clear +the memory if it was not allocated from the secure heap. +If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fBOPENSSL_clear_free()\fR. +.PP +\&\fBOPENSSL_secure_actual_size()\fR tells the actual size allocated to the +pointer; implementations may allocate more space than initially +requested, in order to \*(L"round up\*(R" and reduce secure heap fragmentation. +.PP +\&\fBOPENSSL_secure_allocated()\fR tells if a pointer is allocated in the secure heap. +.PP +\&\fBCRYPTO_secure_used()\fR returns the number of bytes allocated in the +secure heap. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCRYPTO_secure_malloc_init()\fR returns 0 on failure, 1 if successful, +and 2 if successful but the heap could not be protected by memory +mapping. +.PP +\&\fBCRYPTO_secure_malloc_initialized()\fR returns 1 if the secure heap is +available (that is, if \fBCRYPTO_secure_malloc_init()\fR has been called, +but \fBCRYPTO_secure_malloc_done()\fR has not been called or failed) or 0 if not. +.PP +\&\fBOPENSSL_secure_malloc()\fR and \fBOPENSSL_secure_zalloc()\fR return a pointer into +the secure heap of the requested size, or \f(CW\*(C`NULL\*(C'\fR if memory could not be +allocated. +.PP +\&\fBCRYPTO_secure_allocated()\fR returns 1 if the pointer is in the secure heap, or 0 if not. +.PP +\&\fBCRYPTO_secure_malloc_done()\fR returns 1 if the secure memory area is released, or 0 if not. +.PP +\&\fBOPENSSL_secure_free()\fR and \fBOPENSSL_secure_clear_free()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_malloc\fR\|(3), +\&\fBBN_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOPENSSL_secure_clear_free()\fR function was added in OpenSSL 1.1.0g. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OSSL_STORE_INFO.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OSSL_STORE_INFO.3 new file mode 100644 index 00000000..e196b728 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OSSL_STORE_INFO.3 @@ -0,0 +1,314 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_INFO 3" +.TH OSSL_STORE_INFO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, OSSL_STORE_INFO_get0_NAME_description, OSSL_STORE_INFO_get0_PARAMS, OSSL_STORE_INFO_get0_PKEY, OSSL_STORE_INFO_get0_CERT, OSSL_STORE_INFO_get0_CRL, OSSL_STORE_INFO_get1_NAME, OSSL_STORE_INFO_get1_NAME_description, OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PKEY, OSSL_STORE_INFO_get1_CERT, OSSL_STORE_INFO_get1_CRL, OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free, OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description, OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL \- Functions to manipulate OSSL_STORE_INFO objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_info_st OSSL_STORE_INFO; +\& +\& int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *store_info); +\& const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *store_info); +\& char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *store_info); +\& const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO +\& *store_info); +\& char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *store_info); +\& X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *store_info); +\& X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *store_info); +\& X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *store_info); +\& X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *store_info); +\& +\& const char *OSSL_STORE_INFO_type_string(int type); +\& +\& void OSSL_STORE_INFO_free(OSSL_STORE_INFO *store_info); +\& +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); +\& int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(DSA *dsa_params); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are primarily useful for applications to retrieve +supported objects from \fB\s-1OSSL_STORE_INFO\s0\fR objects and for scheme specific +loaders to create \fB\s-1OSSL_STORE_INFO\s0\fR holders. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_INFO\s0\fR is an opaque type that's just an intermediary holder for +the objects that have been retrieved by \fBOSSL_STORE_load()\fR and similar +functions. +Supported OpenSSL type object can be extracted using one of +\&\fBSTORE_INFO_get0_TYPE()\fR. +The life time of this extracted object is as long as the life time of +the \fB\s-1OSSL_STORE_INFO\s0\fR it was extracted from, so care should be taken not +to free the latter too early. +As an alternative, \fBSTORE_INFO_get1_TYPE()\fR extracts a duplicate (or the +same object with its reference count increased), which can be used +after the containing \fB\s-1OSSL_STORE_INFO\s0\fR has been freed. +The object returned by \fBSTORE_INFO_get1_TYPE()\fR must be freed separately +by the caller. +See \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 for more information on the types that are +supported. +.SS "Functions" +.IX Subsection "Functions" +\&\fBOSSL_STORE_INFO_get_type()\fR takes a \fB\s-1OSSL_STORE_INFO\s0\fR and returns the \s-1STORE\s0 +type number for the object inside. +\&\fBSTORE_INFO_get_type_string()\fR takes a \s-1STORE\s0 type number and returns a +short string describing it. +.PP +\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all take a +\&\fB\s-1OSSL_STORE_INFO\s0\fR and return the held object of the appropriate OpenSSL +type provided that's what's held. +.PP +\&\fBOSSL_STORE_INFO_get1_NAME()\fR, \fBOSSL_STORE_INFO_get1_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get1_PARAMS()\fR, \fBOSSL_STORE_INFO_get1_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get1_CERT()\fR and \fBOSSL_STORE_INFO_get1_CRL()\fR all take a +\&\fB\s-1OSSL_STORE_INFO\s0\fR and return a duplicate of the held object of the +appropriate OpenSSL type provided that's what's held. +.PP +\&\fBOSSL_STORE_INFO_free()\fR frees a \fB\s-1OSSL_STORE_INFO\s0\fR and its contained type. +.PP +\&\fBOSSL_STORE_INFO_new_NAME()\fR , \fBOSSL_STORE_INFO_new_PARAMS()\fR, +\&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and +\&\fBOSSL_STORE_INFO_new_CRL()\fR create a \fB\s-1OSSL_STORE_INFO\s0\fR +object to hold the given input object. +Additionally, for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR` objects, +\&\fBOSSL_STORE_INFO_set0_NAME_description()\fR can be used to add an extra +description. +This description is meant to be human readable and should be used for +information printout. +.SH "SUPPORTED OBJECTS" +.IX Header "SUPPORTED OBJECTS" +Currently supported object types are: +.IP "\s-1OSSL_STORE_INFO_NAME\s0" 4 +.IX Item "OSSL_STORE_INFO_NAME" +A name is exactly that, a name. +It's like a name in a directory, but formatted as a complete \s-1URI.\s0 +For example, the path in \s-1URI\s0 \f(CW\*(C`file:/foo/bar/\*(C'\fR could include a file +named \f(CW\*(C`cookie.pem\*(C'\fR, and in that case, the returned \fB\s-1OSSL_STORE_INFO_NAME\s0\fR +object would have the \s-1URI\s0 \f(CW\*(C`file:/foo/bar/cookie.pem\*(C'\fR, which can be +used by the application to get the objects in that file. +This can be applied to all schemes that can somehow support a listing +of object URIs. +.Sp +For \f(CW\*(C`file:\*(C'\fR URIs that are used without the explicit scheme, the +returned name will be the path of each object, so if \f(CW\*(C`/foo/bar\*(C'\fR was +given and that path has the file \f(CW\*(C`cookie.pem\*(C'\fR, the name +\&\f(CW\*(C`/foo/bar/cookie.pem\*(C'\fR will be returned. +.Sp +The returned \s-1URI\s0 is considered canonical and must be unique and permanent +for the storage where the object (or collection of objects) resides. +Each loader is responsible for ensuring that it only returns canonical +URIs. +However, it's possible that certain schemes allow an object (or collection +thereof) to be reached with alternative URIs; just because one \s-1URI\s0 is +canonical doesn't mean that other variants can't be used. +.Sp +At the discretion of the loader that was used to get these names, an +extra description may be attached as well. +.IP "\s-1OSSL_STORE_INFO_PARAMS\s0" 4 +.IX Item "OSSL_STORE_INFO_PARAMS" +Key parameters. +.IP "\s-1OSSL_STORE_INFO_PKEY\s0" 4 +.IX Item "OSSL_STORE_INFO_PKEY" +A private/public key of some sort. +.IP "\s-1OSSL_STORE_INFO_CERT\s0" 4 +.IX Item "OSSL_STORE_INFO_CERT" +An X.509 certificate. +.IP "\s-1OSSL_STORE_INFO_CRL\s0" 4 +.IX Item "OSSL_STORE_INFO_CRL" +A X.509 certificate revocation list. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_STORE_INFO_get_type()\fR returns the \s-1STORE\s0 type number of the given +\&\fB\s-1OSSL_STORE_INFO\s0\fR. +There is no error value. +.PP +\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return +a pointer to the OpenSSL object on success, \s-1NULL\s0 otherwise. +.PP +\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return +a pointer to a duplicate of the OpenSSL object on success, \s-1NULL\s0 otherwise. +.PP +\&\fBOSSL_STORE_INFO_type_string()\fR returns a string on success, or \fB\s-1NULL\s0\fR on +failure. +.PP +\&\fBOSSL_STORE_INFO_new_NAME()\fR, \fBOSSL_STORE_INFO_new_PARAMS()\fR, +\&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and +\&\fBOSSL_STORE_INFO_new_CRL()\fR return a \fB\s-1OSSL_STORE_INFO\s0\fR +pointer on success, or \fB\s-1NULL\s0\fR on failure. +.PP +\&\fBOSSL_STORE_INFO_set0_NAME_description()\fR returns 1 on success, or 0 on +failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fBOSSL_STORE_INFO\s0()\fR, \fBOSSL_STORE_INFO_get_type()\fR, \fBOSSL_STORE_INFO_get0_NAME()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR, \fBOSSL_STORE_INFO_get0_CRL()\fR, +\&\fBOSSL_STORE_INFO_type_string()\fR, \fBOSSL_STORE_INFO_free()\fR, \fBOSSL_STORE_INFO_new_NAME()\fR, +\&\fBOSSL_STORE_INFO_new_PARAMS()\fR, \fBOSSL_STORE_INFO_new_PKEY()\fR, +\&\fBOSSL_STORE_INFO_new_CERT()\fR and \fBOSSL_STORE_INFO_new_CRL()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OSSL_STORE_LOADER.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OSSL_STORE_LOADER.3 new file mode 100644 index 00000000..41f7d6e2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OSSL_STORE_LOADER.3 @@ -0,0 +1,362 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_LOADER 3" +.TH OSSL_STORE_LOADER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme, OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_ctrl, OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find, OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof, OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close, OSSL_STORE_LOADER_free, OSSL_STORE_register_loader, OSSL_STORE_unregister_loader, OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, OSSL_STORE_expect_fn, OSSL_STORE_find_fn, OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, OSSL_STORE_close_fn \- Types and functions to manipulate, register and unregister STORE loaders for different URI schemes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_loader_st OSSL_STORE_LOADER; +\& +\& OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); +\& const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER +\& *store_loader); +\& const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER +\& *store_loader); +\& +\& /* struct ossl_store_loader_ctx_st is defined differently by each loader */ +\& typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; +\& +\& typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const char *uri, +\& const UI_METHOD *ui_method, +\& void *ui_data); +\& int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_open_fn store_open_function); +\& typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, +\& va_list args); +\& int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_ctrl_fn store_ctrl_function); +\& typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); +\& int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, +\& OSSL_STORE_expect_fn expect_function); +\& typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, +\& OSSL_STORE_SEARCH *criteria); +\& int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, +\& OSSL_STORE_find_fn find_function); +\& typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, +\& UI_METHOD *ui_method, +\& void *ui_data); +\& int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_load_fn store_load_function); +\& typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); +\& int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_eof_fn store_eof_function); +\& typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); +\& int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_error_fn store_error_function); +\& typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); +\& int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_close_fn store_close_function); +\& void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *store_loader); +\& +\& int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); +\& OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions help applications and engines to create loaders for +schemes they support. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_LOADER\s0\fR is the type to hold a loader. +It contains a scheme and the functions needed to implement +\&\fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR, \fBOSSL_STORE_error()\fR and +\&\fBOSSL_STORE_close()\fR for this scheme. +.PP +\&\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR is a type template, to be defined by each loader +using \fBstruct ossl_store_loader_ctx_st { ... }\fR. +.PP +\&\fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, \fBOSSL_STORE_expect_fn\fR, +\&\fBOSSL_STORE_find_fn\fR, \fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR, +and \fBOSSL_STORE_close_fn\fR +are the function pointer types used within a \s-1STORE\s0 loader. +The functions pointed at define the functionality of the given loader. +.IP "\fBOSSL_STORE_open_fn\fR" 4 +.IX Item "OSSL_STORE_open_fn" +This function takes a \s-1URI\s0 and is expected to interpret it in the best +manner possible according to the scheme the loader implements, it also +takes a \fB\s-1UI_METHOD\s0\fR and associated data, to be used any time +something needs to be prompted for. +Furthermore, this function is expected to initialize what needs to be +initialized, to create a private data store (\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR, see +above), and to return it. +If something goes wrong, this function is expected to return \s-1NULL.\s0 +.IP "\fBOSSL_STORE_ctrl_fn\fR" 4 +.IX Item "OSSL_STORE_ctrl_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer, a command number +\&\fBcmd\fR and a \fBva_list\fR \fBargs\fR and is used to manipulate loader +specific parameters. +.Sp +Loader specific command numbers must begin at \fB\s-1OSSL_STORE_C_CUSTOM_START\s0\fR. +Any number below that is reserved for future globally known command +numbers. +.Sp +This function is expected to return 1 on success, 0 on error. +.IP "\fBOSSL_STORE_expect_fn\fR" 4 +.IX Item "OSSL_STORE_expect_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1OSSL_STORE_INFO\s0\fR +identity \fBexpected\fR, and is used to tell the loader what object type is +expected. +\&\fBexpected\fR may be zero to signify that no specific object type is expected. +.Sp +This function is expected to return 1 on success, 0 on error. +.IP "\fBOSSL_STORE_find_fn\fR" 4 +.IX Item "OSSL_STORE_find_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR search criterion, and is used to tell the loader what +to search for. +.Sp +When called with the loader context being \fB\s-1NULL\s0\fR, this function is expected +to return 1 if the loader supports the criterion, otherwise 0. +.Sp +When called with the loader context being something other than \fB\s-1NULL\s0\fR, this +function is expected to return 1 on success, 0 on error. +.IP "\fBOSSL_STORE_load_fn\fR" 4 +.IX Item "OSSL_STORE_load_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1UI_METHOD\s0\fR +with associated data. +It's expected to load the next available data, mold it into a data +structure that can be wrapped in a \fB\s-1OSSL_STORE_INFO\s0\fR using one of the +\&\s-1\fBOSSL_STORE_INFO\s0\fR\|(3) functions. +If no more data is available or an error occurs, this function is +expected to return \s-1NULL.\s0 +The \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_error_fn\fR functions must indicate if +it was in fact the end of data or if an error occurred. +.Sp +Note that this function retrieves \fIone\fR data item only. +.IP "\fBOSSL_STORE_eof_fn\fR" 4 +.IX Item "OSSL_STORE_eof_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +return 1 to indicate that the end of available data has been reached. +It is otherwise expected to return 0. +.IP "\fBOSSL_STORE_error_fn\fR" 4 +.IX Item "OSSL_STORE_error_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +return 1 to indicate that an error occurred in a previous call to the +\&\fBOSSL_STORE_load_fn\fR function. +It is otherwise expected to return 0. +.IP "\fBOSSL_STORE_close_fn\fR" 4 +.IX Item "OSSL_STORE_close_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +close or shut down what needs to be closed, and finally free the +contents of the \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer. +It returns 1 on success and 0 on error. +.SS "Functions" +.IX Subsection "Functions" +\&\fBOSSL_STORE_LOADER_new()\fR creates a new \fB\s-1OSSL_STORE_LOADER\s0\fR. +It takes an \fB\s-1ENGINE\s0\fR \fBe\fR and a string \fBscheme\fR. +\&\fBscheme\fR must \fIalways\fR be set. +Both \fBe\fR and \fBscheme\fR are used as is and must therefore be alive as +long as the created loader is. +.PP +\&\fBOSSL_STORE_LOADER_get0_engine()\fR returns the engine of the \fBstore_loader\fR. +\&\fBOSSL_STORE_LOADER_get0_scheme()\fR returns the scheme of the \fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_open()\fR sets the opener function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_ctrl()\fR sets the control function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_expect()\fR sets the expect function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_load()\fR sets the loader function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_eof()\fR sets the end of file checker function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_close()\fR sets the closing function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_free()\fR frees the given \fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_register_loader()\fR register the given \fBstore_loader\fR and thereby +makes it available for use with \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, +\&\fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR. +.PP +\&\fBOSSL_STORE_unregister_loader()\fR unregister the store loader for the given +\&\fBscheme\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fBfile:\fR scheme has built in support. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions with the types \fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, +\&\fBOSSL_STORE_expect_fn\fR, +\&\fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_close_fn\fR have the +same return values as \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_expect()\fR, +\&\fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR, respectively. +.PP +\&\fBOSSL_STORE_LOADER_new()\fR returns a pointer to a \fB\s-1OSSL_STORE_LOADER\s0\fR on success, +or \fB\s-1NULL\s0\fR on failure. +.PP +\&\fBOSSL_STORE_LOADER_set_open()\fR, \fBOSSL_STORE_LOADER_set_ctrl()\fR, +\&\fBOSSL_STORE_LOADER_set_load()\fR, \fBOSSL_STORE_LOADER_set_eof()\fR and +\&\fBOSSL_STORE_LOADER_set_close()\fR return 1 on success, or 0 on failure. +.PP +\&\fBOSSL_STORE_register_loader()\fR returns 1 on success, or 0 on failure. +.PP +\&\fBOSSL_STORE_unregister_loader()\fR returns the unregistered loader on success, +or \fB\s-1NULL\s0\fR on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fBOSSL_STORE_LOADER\s0()\fR, \s-1\fBOSSL_STORE_LOADER_CTX\s0()\fR, \fBOSSL_STORE_LOADER_new()\fR, +\&\fBOSSL_STORE_LOADER_set0_scheme()\fR, \fBOSSL_STORE_LOADER_set_open()\fR, +\&\fBOSSL_STORE_LOADER_set_ctrl()\fR, \fBOSSL_STORE_LOADER_set_load()\fR, +\&\fBOSSL_STORE_LOADER_set_eof()\fR, \fBOSSL_STORE_LOADER_set_close()\fR, +\&\fBOSSL_STORE_LOADER_free()\fR, \fBOSSL_STORE_register_loader()\fR, +\&\fBOSSL_STORE_unregister_loader()\fR, \fBOSSL_STORE_open_fn()\fR, \fBOSSL_STORE_ctrl_fn()\fR, +\&\fBOSSL_STORE_load_fn()\fR, \fBOSSL_STORE_eof_fn()\fR and \fBOSSL_STORE_close_fn()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OSSL_STORE_SEARCH.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OSSL_STORE_SEARCH.3 new file mode 100644 index 00000000..6fe50199 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OSSL_STORE_SEARCH.3 @@ -0,0 +1,300 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_SEARCH 3" +.TH OSSL_STORE_SEARCH 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_SEARCH, OSSL_STORE_SEARCH_by_name, OSSL_STORE_SEARCH_by_issuer_serial, OSSL_STORE_SEARCH_by_key_fingerprint, OSSL_STORE_SEARCH_by_alias, OSSL_STORE_SEARCH_free, OSSL_STORE_SEARCH_get_type, OSSL_STORE_SEARCH_get0_name, OSSL_STORE_SEARCH_get0_serial, OSSL_STORE_SEARCH_get0_bytes, OSSL_STORE_SEARCH_get0_string, OSSL_STORE_SEARCH_get0_digest \&\- Type and functions to create OSSL_STORE search criteria +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_search_st OSSL_STORE_SEARCH; +\& +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, +\& const ASN1_INTEGER +\& *serial); +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, +\& const unsigned char +\& *bytes, int len); +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); +\& +\& void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); +\& +\& int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); +\& X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion); +\& const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH +\& *criterion); +\& const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH +\& *criterion, size_t *length); +\& const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); +\& const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH +\& *criterion); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to specify search criteria to help search for specific +objects through other names than just the \s-1URI\s0 that's given to \fBOSSL_STORE_open()\fR. +For example, this can be useful for an application that has received a \s-1URI\s0 +and then wants to add on search criteria in a uniform and supported manner. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR is an opaque type that holds the constructed search +criterion, and that can be given to an \s-1OSSL_STORE\s0 context with +\&\fBOSSL_STORE_find()\fR. +.PP +The calling application owns the allocation of an \fB\s-1OSSL_STORE_SEARCH\s0\fR at all +times, and should therefore be careful not to deallocate it before +\&\fBOSSL_STORE_close()\fR has been called for the \s-1OSSL_STORE\s0 context it was given +to. +.SS "Application Functions" +.IX Subsection "Application Functions" +\&\fBOSSL_STORE_SEARCH_by_name()\fR, +\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +and \fBOSSL_STORE_SEARCH_by_alias()\fR +are used to create an \fB\s-1OSSL_STORE_SEARCH\s0\fR from a subject name, an issuer name +and serial number pair, a key fingerprint, and an alias (for example a friendly +name). +The parameters that are provided are not copied, only referred to in a +criterion, so they must have at least the same life time as the created +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +.PP +\&\fBOSSL_STORE_SEARCH_free()\fR is used to free the \fB\s-1OSSL_STORE_SEARCH\s0\fR. +.SS "Loader Functions" +.IX Subsection "Loader Functions" +\&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type for the given +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +.PP +\&\fBOSSL_STORE_SEARCH_get0_name()\fR, \fBOSSL_STORE_SEARCH_get0_serial()\fR, +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR, \fBOSSL_STORE_SEARCH_get0_string()\fR, +and \fBOSSL_STORE_SEARCH_get0_digest()\fR +are used to retrieve different data from a \fB\s-1OSSL_STORE_SEARCH\s0\fR, as +available for each type. +For more information, see \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 below. +.SH "SUPPORTED CRITERION TYPES" +.IX Header "SUPPORTED CRITERION TYPES" +Currently supported criterion types are: +.IP "\s-1OSSL_STORE_SEARCH_BY_NAME\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_NAME" +This criterion supports a search by exact match of subject name. +The subject name itself is a \fBX509_NAME\fR pointer. +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_name()\fR, +and the actual subject name is retrieved with \fBOSSL_STORE_SEARCH_get0_name()\fR. +.IP "\s-1OSSL_STORE_SEARCH_BY_ISSUER_SERIAL\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_ISSUER_SERIAL" +This criterion supports a search by exact match of both issuer name and serial +number. +The issuer name itself is a \fBX509_NAME\fR pointer, and the serial number is +a \fB\s-1ASN1_INTEGER\s0\fR pointer. +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_issuer_serial()\fR +and the actual issuer name and serial number are retrieved with +\&\fBOSSL_STORE_SEARCH_get0_name()\fR and \fBOSSL_STORE_SEARCH_get0_serial()\fR. +.IP "\s-1OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT" +This criterion supports a search by exact match of key fingerprint. +The key fingerprint in itself is a string of bytes and its length, as +well as the algorithm that was used to compute the fingerprint. +The digest may be left unspecified (\s-1NULL\s0), and in that case, the +loader has to decide on a default digest and compare fingerprints +accordingly. +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR +and the actual fingerprint and its length can be retrieved with +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR. +The digest can be retrieved with \fBOSSL_STORE_SEARCH_get0_digest()\fR. +.IP "\s-1OSSL_STORE_SEARCH_BY_ALIAS\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_ALIAS" +This criterion supports a search by match of an alias of some kind. +The alias in itself is a simple C string. +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_alias()\fR +and the actual alias is retrieved with \fBOSSL_STORE_SEARCH_get0_string()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_STORE_SEARCH_by_name()\fR, +\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +and \fBOSSL_STORE_SEARCH_by_alias()\fR +return a \fB\s-1OSSL_STORE_SEARCH\s0\fR pointer on success, or \fB\s-1NULL\s0\fR on failure. +.PP +\&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type of the given +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +There is no error value. +.PP +\&\fBOSSL_STORE_SEARCH_get0_name()\fR returns a \fBX509_NAME\fR pointer on success, +or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fBOSSL_STORE_SEARCH_get0_serial()\fR returns a \fB\s-1ASN1_INTEGER\s0\fR pointer on success, +or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR returns a \fBconst unsigned char\fR pointer and +sets \fB*length\fR to the strings length on success, or \fB\s-1NULL\s0\fR when the given +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fBOSSL_STORE_SEARCH_get0_string()\fR returns a \fBconst char\fR pointer on success, +or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fBOSSL_STORE_SEARCH_get0_digest()\fR returns a \fBconst \s-1EVP_MD\s0\fR pointer. +\&\fB\s-1NULL\s0\fR is a valid value and means that the store loader default will +be used when applicable. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_supports_search\fR\|(3), \fBOSSL_STORE_find\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR, +\&\fBOSSL_STORE_SEARCH_by_name()\fR, +\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +\&\fBOSSL_STORE_SEARCH_by_alias()\fR, +\&\fBOSSL_STORE_SEARCH_free()\fR, +\&\fBOSSL_STORE_SEARCH_get_type()\fR, +\&\fBOSSL_STORE_SEARCH_get0_name()\fR, +\&\fBOSSL_STORE_SEARCH_get0_serial()\fR, +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR, +and \fBOSSL_STORE_SEARCH_get0_string()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OSSL_STORE_expect.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OSSL_STORE_expect.3 new file mode 100644 index 00000000..730d152e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OSSL_STORE_expect.3 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_EXPECT 3" +.TH OSSL_STORE_EXPECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_expect, OSSL_STORE_supports_search, OSSL_STORE_find \&\- Specify what object type is expected +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); +\& +\& int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int criterion_type); +\& +\& int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_STORE_expect()\fR helps applications filter what \fBOSSL_STORE_load()\fR returns +by specifying a \fB\s-1OSSL_STORE_INFO\s0\fR type. +For example, if \f(CW\*(C`file:/foo/bar/store.pem\*(C'\fR contains several different objects +and only the certificates are interesting, the application can simply say +that it expects the type \fB\s-1OSSL_STORE_INFO_CERT\s0\fR. +All known object types (see \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3)) +except for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR are supported. +.PP +\&\fBOSSL_STORE_find()\fR helps applications specify a criterion for a more fine +grained search of objects. +.PP +\&\fBOSSL_STORE_supports_search()\fR checks if the loader of the given \s-1OSSL_STORE\s0 +context supports the given search type. +See \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 in \s-1OSSL_STORE_SEARCH\s0 for information on the +supported search criterion types. +.PP +\&\fBOSSL_STORE_expect()\fR and OSSL_STORE_find \fImust\fR be called before the first +\&\fBOSSL_STORE_load()\fR of a given session, or they will fail. +.SH "NOTES" +.IX Header "NOTES" +If a more elaborate filter is required by the application, a better choice +would be to use a post-processing function. +See \fBOSSL_STORE_open\fR\|(3) for more information. +.PP +However, some loaders may take advantage of the knowledge of an expected type +to make object retrieval more efficient, so if a single type is expected, this +method is usually preferable. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_STORE_expect()\fR returns 1 on success, or 0 on failure. +.PP +\&\fBOSSL_STORE_supports_search()\fR returns 1 if the criterion is supported, or 0 +otherwise. +.PP +\&\fBOSSL_STORE_find()\fR returns 1 on success, or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3), +\&\fBOSSL_STORE_load\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBOSSL_STORE_expect()\fR, \fBOSSL_STORE_supports_search()\fR and \fBOSSL_STORE_find()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OSSL_STORE_open.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OSSL_STORE_open.3 new file mode 100644 index 00000000..121ba5dc --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OSSL_STORE_open.3 @@ -0,0 +1,281 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_OPEN 3" +.TH OSSL_STORE_OPEN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, OSSL_STORE_error, OSSL_STORE_close \- Types and functions to read objects from a URI +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_ctx_st OSSL_STORE_CTX; +\& +\& typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, +\& void *); +\& +\& OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, +\& void *ui_data, +\& OSSL_STORE_post_process_info_fn post_process, +\& void *post_process_data); +\& int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); +\& OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); +\& int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); +\& int OSSL_STORE_error(OSSL_STORE_CTX *ctx); +\& int OSSL_STORE_close(OSSL_STORE_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions help the application to fetch supported objects (see +\&\*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3) for information on which those are) +from a given \s-1URI\s0 (see \*(L"\s-1SUPPORTED SCHEMES\*(R"\s0 for more information on +the supported \s-1URI\s0 schemes). +The general method to do so is to \*(L"open\*(R" the \s-1URI\s0 using \fBOSSL_STORE_open()\fR, +read each available and supported object using \fBOSSL_STORE_load()\fR as long as +\&\fBOSSL_STORE_eof()\fR hasn't been reached, and finish it off with \fBOSSL_STORE_close()\fR. +.PP +The retrieved information is stored in a \fB\s-1OSSL_STORE_INFO\s0\fR, which is further +described in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3). +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_CTX\s0\fR is a context variable that holds all the internal +information for \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and +\&\fBOSSL_STORE_close()\fR to work together. +.SS "Functions" +.IX Subsection "Functions" +\&\fBOSSL_STORE_open()\fR takes a uri or path \fBuri\fR, password \s-1UI\s0 method +\&\fBui_method\fR with associated data \fBui_data\fR, and post processing +callback \fBpost_process\fR with associated data \fBpost_process_data\fR, +opens a channel to the data located at that \s-1URI\s0 and returns a +\&\fB\s-1OSSL_STORE_CTX\s0\fR with all necessary internal information. +The given \fBui_method\fR and \fBui_data_data\fR will be reused by all +functions that use \fB\s-1OSSL_STORE_CTX\s0\fR when interaction is needed. +The given \fBpost_process\fR and \fBpost_process_data\fR will be reused by +\&\fBOSSL_STORE_load()\fR to manipulate or drop the value to be returned. +The \fBpost_process\fR function drops values by returning \fB\s-1NULL\s0\fR, which +will cause \fBOSSL_STORE_load()\fR to start its process over with loading +the next object, until \fBpost_process\fR returns something other than +\&\fB\s-1NULL\s0\fR, or the end of data is reached as indicated by \fBOSSL_STORE_eof()\fR. +.PP +\&\fBOSSL_STORE_ctrl()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, and command number \fBcmd\fR and +more arguments not specified here. +The available loader specific command numbers and arguments they each +take depends on the loader that's used and is documented together with +that loader. +.PP +There are also global controls available: +.IP "\fB\s-1OSSL_STORE_C_USE_SECMEM\s0\fR" 4 +.IX Item "OSSL_STORE_C_USE_SECMEM" +Controls if the loader should attempt to use secure memory for any +allocated \fB\s-1OSSL_STORE_INFO\s0\fR and its contents. +This control expects one argument, a pointer to an \fBint\fR that is expected to +have the value 1 (yes) or 0 (no). +Any other value is an error. +.PP +\&\fBOSSL_STORE_load()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, tries to load the next available +object and return it wrapped with \fB\s-1OSSL_STORE_INFO\s0\fR. +.PP +\&\fBOSSL_STORE_eof()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if we've reached the end +of data. +.PP +\&\fBOSSL_STORE_error()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if an error occurred in +the last \fBOSSL_STORE_load()\fR call. +Note that it may still be meaningful to try and load more objects, unless +\&\fBOSSL_STORE_eof()\fR shows that the end of data has been reached. +.PP +\&\fBOSSL_STORE_close()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, closes the channel that was opened +by \fBOSSL_STORE_open()\fR and frees all other information that was stored in the +\&\fB\s-1OSSL_STORE_CTX\s0\fR, as well as the \fB\s-1OSSL_STORE_CTX\s0\fR itself. +.SH "SUPPORTED SCHEMES" +.IX Header "SUPPORTED SCHEMES" +The basic supported scheme is \fBfile:\fR. +Any other scheme can be added dynamically, using +\&\fBOSSL_STORE_register_loader()\fR. +.SH "NOTES" +.IX Header "NOTES" +A string without a scheme prefix (that is, a non-URI string) is +implicitly interpreted as using the \fIfile:\fR scheme. +.PP +There are some tools that can be used together with +\&\fBOSSL_STORE_open()\fR to determine if any failure is caused by an unparsable +\&\s-1URI,\s0 or if it's a different error (such as memory allocation +failures); if the \s-1URI\s0 was parsable but the scheme unregistered, the +top error will have the reason \f(CW\*(C`OSSL_STORE_R_UNREGISTERED_SCHEME\*(C'\fR. +.PP +These functions make no direct assumption regarding the pass phrase received +from the password callback. +The loaders may make assumptions, however. +For example, the \fBfile:\fR scheme loader inherits the assumptions made by +OpenSSL functionality that handles the different file types; this is mostly +relevant for PKCS#12 objects. +See \fBpassphrase\-encoding\fR\|(7) for further information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_STORE_open()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or +\&\fB\s-1NULL\s0\fR on failure. +.PP +\&\fBOSSL_STORE_load()\fR returns a pointer to a \fB\s-1OSSL_STORE_INFO\s0\fR on success, or +\&\fB\s-1NULL\s0\fR on error or when end of data is reached. +Use \fBOSSL_STORE_error()\fR and \fBOSSL_STORE_eof()\fR to determine the meaning of a +returned \fB\s-1NULL\s0\fR. +.PP +\&\fBOSSL_STORE_eof()\fR returns 1 if the end of data has been reached, otherwise +0. +.PP +\&\fBOSSL_STORE_error()\fR returns 1 if an error occurred in an \fBOSSL_STORE_load()\fR call, +otherwise 0. +.PP +\&\fBOSSL_STORE_ctrl()\fR and \fBOSSL_STORE_close()\fR returns 1 on success, or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fBOSSL_STORE_CTX\s0()\fR, \fBOSSL_STORE_post_process_info_fn()\fR, \fBOSSL_STORE_open()\fR, +\&\fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OpenSSL_add_all_algorithms.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OpenSSL_add_all_algorithms.3 new file mode 100644 index 00000000..e8c7a65b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/OpenSSL_add_all_algorithms.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_ADD_ALL_ALGORITHMS 3" +.TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup \- add algorithms to internal table +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& # if OPENSSL_API_COMPAT < 0x10100000L +\& void OpenSSL_add_all_algorithms(void); +\& void OpenSSL_add_all_ciphers(void); +\& void OpenSSL_add_all_digests(void); +\& +\& void EVP_cleanup(void) +\&# endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL keeps an internal table of digest algorithms and ciphers. It uses +this table to lookup ciphers via functions such as \fBEVP_get_cipher_byname()\fR. +.PP +\&\fBOpenSSL_add_all_digests()\fR adds all digest algorithms to the table. +.PP +\&\fBOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and +ciphers). +.PP +\&\fBOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including +password based encryption algorithms. +.PP +In versions prior to 1.1.0 \fBEVP_cleanup()\fR removed all ciphers and digests from +the table. It no longer has any effect in OpenSSL 1.1.0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), \fBEVP_DigestInit\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOpenSSL_add_all_algorithms()\fR, \fBOpenSSL_add_all_ciphers()\fR, +\&\fBOpenSSL_add_all_digests()\fR, and \fBEVP_cleanup()\fR, functions +were deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR and should +not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_bytes_read_bio.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_bytes_read_bio.3 new file mode 100644 index 00000000..593c2c80 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_bytes_read_bio.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_BYTES_READ_BIO 3" +.TH PEM_BYTES_READ_BIO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_bytes_read_bio, PEM_bytes_read_bio_secmem \- read a PEM\-encoded data structure from a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, +\& const char *name, BIO *bp, pem_password_cb *cb, +\& void *u); +\& int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, +\& const char *name, BIO *bp, pem_password_cb *cb, +\& void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPEM_bytes_read_bio()\fR reads PEM-formatted (\s-1IETF RFC 1421\s0 and \s-1IETF RFC 7468\s0) +data from the \s-1BIO\s0 +\&\fIbp\fR for the data type given in \fIname\fR (\s-1RSA PRIVATE KEY, CERTIFICATE,\s0 +etc.). If multiple PEM-encoded data structures are present in the same +stream, \fBPEM_bytes_read_bio()\fR will skip non-matching data types and +continue reading. Non-PEM data present in the stream may cause an +error. +.PP +The \s-1PEM\s0 header may indicate that the following data is encrypted; if so, +the data will be decrypted, waiting on user input to supply a passphrase +if needed. The password callback \fIcb\fR and rock \fIu\fR are used to obtain +the decryption passphrase, if applicable. +.PP +Some data types have compatibility aliases, such as a file containing +X509 \s-1CERTIFICATE\s0 matching a request for the deprecated type \s-1CERTIFICATE.\s0 +The actual type indicated by the file is returned in \fI*pnm\fR if \fIpnm\fR is +non-NULL. The caller must free the storage pointed to by \fI*pnm\fR. +.PP +The returned data is the DER-encoded form of the requested type, in +\&\fI*pdata\fR with length \fI*plen\fR. The caller must free the storage pointed +to by \fI*pdata\fR. +.PP +\&\fBPEM_bytes_read_bio_secmem()\fR is similar to \fBPEM_bytes_read_bio()\fR, but uses +memory from the secure heap for its temporary buffers and the storage +returned in \fI*pdata\fR and \fI*pnm\fR. Accordingly, the caller must use +\&\fBOPENSSL_secure_free()\fR to free that storage. +.SH "NOTES" +.IX Header "NOTES" +\&\fBPEM_bytes_read_bio_secmem()\fR only enforces that the secure heap is used for +storage allocated within the \s-1PEM\s0 processing stack. The \s-1BIO\s0 stack from +which input is read may also use temporary buffers, which are not necessarily +allocated from the secure heap. In cases where it is desirable to ensure +that the contents of the \s-1PEM\s0 file only appears in memory from the secure heap, +care is needed in generating the \s-1BIO\s0 passed as \fIbp\fR. In particular, the +use of \fBBIO_s_file()\fR indicates the use of the operating system stdio +functionality, which includes buffering as a feature; \fBBIO_s_fd()\fR is likely +to be more appropriate in such cases. +.PP +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_bytes_read_bio()\fR and \fBPEM_bytes_read_bio_secmem()\fR return 1 for success or +0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPEM_read_bio_ex\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBPEM_bytes_read_bio_secmem()\fR was introduced in OpenSSL 1.1.1 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_read.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_read.3 new file mode 100644 index 00000000..864f6f9a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_read.3 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ 3" +.TH PEM_READ 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_write, PEM_write_bio, PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO \&\- PEM encoding routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_write(FILE *fp, const char *name, const char *header, +\& const unsigned char *data, long len) +\& int PEM_write_bio(BIO *bp, const char *name, const char *header, +\& const unsigned char *data, long len) +\& +\& int PEM_read(FILE *fp, char **name, char **header, +\& unsigned char **data, long *len); +\& int PEM_read_bio(BIO *bp, char **name, char **header, +\& unsigned char **data, long *len); +\& +\& int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo); +\& int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len, +\& pem_password_cb *cb, void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions read and write PEM-encoded objects, using the \s-1PEM\s0 +type \fBname\fR, any additional \fBheader\fR information, and the raw +\&\fBdata\fR of length \fBlen\fR. +.PP +\&\s-1PEM\s0 is the term used for binary content encoding first defined in \s-1IETF +RFC 1421.\s0 The content is a series of base64\-encoded lines, surrounded +by begin/end markers each on their own line. For example: +.PP +.Vb 4 +\& \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- +\& MIICdg.... +\& ... bhTQ== +\& \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- +.Ve +.PP +Optional header line(s) may appear after the begin line, and their +existence depends on the type of object being written or read. +.PP +\&\fBPEM_write()\fR writes to the file \fBfp\fR, while \fBPEM_write_bio()\fR writes to +the \s-1BIO\s0 \fBbp\fR. The \fBname\fR is the name to use in the marker, the +\&\fBheader\fR is the header value or \s-1NULL,\s0 and \fBdata\fR and \fBlen\fR specify +the data and its length. +.PP +The final \fBdata\fR buffer is typically an \s-1ASN.1\s0 object which can be decoded with +the \fBd2i\fR function appropriate to the type \fBname\fR; see \fBd2i_X509\fR\|(3) +for examples. +.PP +\&\fBPEM_read()\fR reads from the file \fBfp\fR, while \fBPEM_read_bio()\fR reads +from the \s-1BIO\s0 \fBbp\fR. +Both skip any non-PEM data that precedes the start of the next \s-1PEM\s0 object. +When an object is successfully retrieved, the type name from the \*(L"\-\-\-\-BEGIN +\-\-\-\-\-\*(R" is returned via the \fBname\fR argument, any encapsulation headers +are returned in \fBheader\fR and the base64\-decoded content and its length are +returned via \fBdata\fR and \fBlen\fR respectively. +The \fBname\fR, \fBheader\fR and \fBdata\fR pointers are allocated via \fBOPENSSL_malloc()\fR +and should be freed by the caller via \fBOPENSSL_free()\fR when no longer needed. +.PP +\&\fBPEM_get_EVP_CIPHER_INFO()\fR can be used to determine the \fBdata\fR returned by +\&\fBPEM_read()\fR or \fBPEM_read_bio()\fR is encrypted and to retrieve the associated cipher +and \s-1IV.\s0 +The caller passes a pointer to structure of type \fB\s-1EVP_CIPHER_INFO\s0\fR via the +\&\fBcinfo\fR argument and the \fBheader\fR returned via \fBPEM_read()\fR or \fBPEM_read_bio()\fR. +If the call is successful 1 is returned and the cipher and \s-1IV\s0 are stored at the +address pointed to by \fBcinfo\fR. +When the header is malformed, or not supported or when the cipher is unknown +or some internal error happens 0 is returned. +This function is deprecated, see \fB\s-1NOTES\s0\fR below. +.PP +\&\fBPEM_do_header()\fR can then be used to decrypt the data if the header +indicates encryption. +The \fBcinfo\fR argument is a pointer to the structure initialized by the previous +call to \fBPEM_get_EVP_CIPHER_INFO()\fR. +The \fBdata\fR and \fBlen\fR arguments are those returned by the previous call to +\&\fBPEM_read()\fR or \fBPEM_read_bio()\fR. +The \fBcb\fR and \fBu\fR arguments make it possible to override the default password +prompt function as described in \fBPEM_read_PrivateKey\fR\|(3). +On successful completion the \fBdata\fR is decrypted in place, and \fBlen\fR is +updated to indicate the plaintext length. +This function is deprecated, see \fB\s-1NOTES\s0\fR below. +.PP +If the data is a priori known to not be encrypted, then neither \fBPEM_do_header()\fR +nor \fBPEM_get_EVP_CIPHER_INFO()\fR need be called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_read()\fR and \fBPEM_read_bio()\fR return 1 on success and 0 on failure, the latter +includes the case when no more \s-1PEM\s0 objects remain in the input file. +To distinguish end of file from more serious errors the caller must peek at the +error stack and check for \fB\s-1PEM_R_NO_START_LINE\s0\fR, which indicates that no more +\&\s-1PEM\s0 objects were found. See \fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_REASON\s0\fR\|(3). +.PP +\&\fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR return 1 on success, and 0 on +failure. +The \fBdata\fR is likely meaningless if these functions fail. +.SH "NOTES" +.IX Header "NOTES" +The \fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR functions are deprecated. +This is because the underlying \s-1PEM\s0 encryption format is obsolete, and should +be avoided. +It uses an encryption format with an OpenSSL-specific key-derivation function, +which employs \s-1MD5\s0 with an iteration count of 1! +Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 +v2.0 \s-1PBE.\s0 +See \fBPEM_write_PrivateKey\fR\|(3) and \fBd2i_PKCS8PrivateKey_bio\fR\|(3). +.PP +\&\fBPEM_do_header()\fR makes no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_LIB\s0\fR\|(3), +\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_read_CMS.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_read_CMS.3 new file mode 100644 index 00000000..1bfc8c2e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_read_CMS.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ_CMS 3" +.TH PEM_READ_CMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DECLARE_PEM_rw, PEM_read_CMS, PEM_read_bio_CMS, PEM_write_CMS, PEM_write_bio_CMS, PEM_write_DHxparams, PEM_write_bio_DHxparams, PEM_read_ECPKParameters, PEM_read_bio_ECPKParameters, PEM_write_ECPKParameters, PEM_write_bio_ECPKParameters, PEM_read_ECPrivateKey, PEM_write_ECPrivateKey, PEM_write_bio_ECPrivateKey, PEM_read_EC_PUBKEY, PEM_read_bio_EC_PUBKEY, PEM_write_EC_PUBKEY, PEM_write_bio_EC_PUBKEY, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_PKCS8, PEM_read_bio_PKCS8, PEM_write_PKCS8, PEM_write_bio_PKCS8, PEM_write_PKCS8_PRIV_KEY_INFO, PEM_read_bio_PKCS8_PRIV_KEY_INFO, PEM_read_PKCS8_PRIV_KEY_INFO, PEM_write_bio_PKCS8_PRIV_KEY_INFO, PEM_read_SSL_SESSION, PEM_read_bio_SSL_SESSION, PEM_write_SSL_SESSION, PEM_write_bio_SSL_SESSION \&\- PEM object encoding routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DECLARE_PEM_rw(name, TYPE) +\& +\& TYPE *PEM_read_TYPE(FILE *fp, TYPE **a, pem_password_cb *cb, void *u); +\& TYPE *PEM_read_bio_TYPE(BIO *bp, TYPE **a, pem_password_cb *cb, void *u); +\& int PEM_write_TYPE(FILE *fp, const TYPE *a); +\& int PEM_write_bio_TYPE(BIO *bp, const TYPE *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description below, \fI\s-1TYPE\s0\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. +The macro \fBDECLARE_PEM_rw\fR expands to the set of declarations shown in +the next four lines of the synopsis. +.PP +These routines convert between local instances of \s-1ASN1\s0 datatypes and +the \s-1PEM\s0 encoding. For more information on the templates, see +\&\s-1\fBASN1_ITEM\s0\fR\|(3). For more information on the lower-level routines used +by the functions here, see \fBPEM_read\fR\|(3). +.PP +\&\fBPEM_read_TYPE()\fR reads a PEM-encoded object of \fI\s-1TYPE\s0\fR from the file \fBfp\fR +and returns it. The \fBcb\fR and \fBu\fR parameters are as described in +\&\fBpem_password_cb\fR\|(3). +.PP +\&\fBPEM_read_bio_TYPE()\fR is similar to \fBPEM_read_TYPE()\fR but reads from the \s-1BIO\s0 \fBbp\fR. +.PP +\&\fBPEM_write_TYPE()\fR writes the \s-1PEM\s0 encoding of the object \fBa\fR to the file \fBfp\fR. +.PP +\&\fBPEM_write_bio_TYPE()\fR similarly writes to the \s-1BIO\s0 \fBbp\fR. +.SH "NOTES" +.IX Header "NOTES" +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_read_TYPE()\fR and \fBPEM_read_bio_TYPE()\fR return a pointer to an allocated +object, which should be released by calling \fBTYPE_free()\fR, or \s-1NULL\s0 on error. +.PP +\&\fBPEM_write_TYPE()\fR and \fBPEM_write_bio_TYPE()\fR return the number of bytes written +or zero on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPEM_read\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_read_bio_PrivateKey.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_read_bio_PrivateKey.3 new file mode 100644 index 00000000..8917f4be --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_read_bio_PrivateKey.3 @@ -0,0 +1,622 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ_BIO_PRIVATEKEY 3" +.TH PEM_READ_BIO_PRIVATEKEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +pem_password_cb, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7 \- PEM routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int pem_password_cb(char *buf, int size, int rwflag, void *u); +\& +\& EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, +\& const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x); +\& int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x); +\& +\& RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +\& RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +\& RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x); +\& int PEM_write_RSAPublicKey(FILE *fp, RSA *x); +\& +\& RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +\& RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x); +\& int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x); +\& +\& DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +\& DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +\& DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x); +\& int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x); +\& +\& EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +\& int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x); +\& +\& DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u); +\& DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_DSAparams(BIO *bp, DSA *x); +\& int PEM_write_DSAparams(FILE *fp, DSA *x); +\& +\& DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u); +\& DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_DHparams(BIO *bp, DH *x); +\& int PEM_write_DHparams(FILE *fp, DH *x); +\& +\& X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +\& X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509(BIO *bp, X509 *x); +\& int PEM_write_X509(FILE *fp, X509 *x); +\& +\& X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +\& X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_AUX(BIO *bp, X509 *x); +\& int PEM_write_X509_AUX(FILE *fp, X509 *x); +\& +\& X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +\& X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x); +\& int PEM_write_X509_REQ(FILE *fp, X509_REQ *x); +\& int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x); +\& int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x); +\& +\& X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x); +\& int PEM_write_X509_CRL(FILE *fp, X509_CRL *x); +\& +\& PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u); +\& PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x); +\& int PEM_write_PKCS7(FILE *fp, PKCS7 *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1PEM\s0 functions read or write structures in \s-1PEM\s0 format. In +this sense \s-1PEM\s0 format is simply base64 encoded data surrounded +by header lines. +.PP +For more details about the meaning of arguments see the +\&\fB\s-1PEM FUNCTION ARGUMENTS\s0\fR section. +.PP +Each operation has four functions associated with it. For +brevity the term "\fB\s-1TYPE\s0\fR functions" will be used below to collectively +refer to the \fBPEM_read_bio_TYPE()\fR, \fBPEM_read_TYPE()\fR, +\&\fBPEM_write_bio_TYPE()\fR, and \fBPEM_write_TYPE()\fR functions. +.PP +The \fBPrivateKey\fR functions read or write a private key in \s-1PEM\s0 format using an +\&\s-1EVP_PKEY\s0 structure. The write routines use PKCS#8 private key format and are +equivalent to \fBPEM_write_bio_PKCS8PrivateKey()\fR.The read functions transparently +handle traditional and PKCS#8 format encrypted and unencrypted keys. +.PP +\&\fBPEM_write_bio_PrivateKey_traditional()\fR writes out a private key in the +\&\*(L"traditional\*(R" format with a simple private key marker and should only +be used for compatibility with legacy programs. +.PP +\&\fBPEM_write_bio_PKCS8PrivateKey()\fR and \fBPEM_write_PKCS8PrivateKey()\fR write a private +key in an \s-1EVP_PKEY\s0 structure in PKCS#8 EncryptedPrivateKeyInfo format using +PKCS#5 v2.0 password based encryption algorithms. The \fBcipher\fR argument +specifies the encryption algorithm to use: unlike some other \s-1PEM\s0 routines the +encryption is applied at the PKCS#8 level and not in the \s-1PEM\s0 headers. If +\&\fBcipher\fR is \s-1NULL\s0 then no encryption is used and a PKCS#8 PrivateKeyInfo +structure is used instead. +.PP +\&\fBPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fBPEM_write_PKCS8PrivateKey_nid()\fR +also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however +it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm +to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the +corresponding \s-1OBJECT IDENTIFIER\s0 (see \s-1NOTES\s0 section). +.PP +The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0 +structure. The public key is encoded as a SubjectPublicKeyInfo +structure. +.PP +The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an +\&\s-1RSA\s0 structure. The write routines uses traditional format. The read +routines handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1RSA.\s0 +.PP +The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an +\&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey +structure. +.PP +The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using +an \s-1RSA\s0 structure. However the public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1RSA.\s0 +.PP +The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a +\&\s-1DSA\s0 structure. The write routines uses traditional format. The read +routines handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1DSA.\s0 +.PP +The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using +a \s-1DSA\s0 structure. The public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1DSA.\s0 +.PP +The \fBParameters\fR functions read or write key parameters in \s-1PEM\s0 format using +an \s-1EVP_PKEY\s0 structure. The encoding depends on the type of key; for \s-1DSA\s0 key +parameters, it will be a Dss-Parms structure as defined in \s-1RFC2459,\s0 and for \s-1DH\s0 +key parameters, it will be a PKCS#3 DHparameter structure. \fIThese functions +only exist for the \f(BI\s-1BIO\s0\fI type\fR. +.PP +The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0 +structure. The parameters are encoded using a Dss-Parms structure +as defined in \s-1RFC2459.\s0 +.PP +The \fBDHparams\fR functions process \s-1DH\s0 parameters using a \s-1DH\s0 +structure. The parameters are encoded using a PKCS#3 DHparameter +structure. +.PP +The \fBX509\fR functions process an X509 certificate using an X509 +structure. They will also process a trusted X509 certificate but +any trust settings are discarded. +.PP +The \fBX509_AUX\fR functions process a trusted X509 certificate using +an X509 structure. +.PP +The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10 +certificate request using an X509_REQ structure. The \fBX509_REQ\fR +write functions use \fB\s-1CERTIFICATE REQUEST\s0\fR in the header whereas +the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW CERTIFICATE REQUEST\s0\fR +(as required by some CAs). The \fBX509_REQ\fR read functions will +handle either form so there are no \fBX509_REQ_NEW\fR read functions. +.PP +The \fBX509_CRL\fR functions process an X509 \s-1CRL\s0 using an X509_CRL +structure. +.PP +The \fB\s-1PKCS7\s0\fR functions process a PKCS#7 ContentInfo using a \s-1PKCS7\s0 +structure. +.SH "PEM FUNCTION ARGUMENTS" +.IX Header "PEM FUNCTION ARGUMENTS" +The \s-1PEM\s0 functions have many common arguments. +.PP +The \fBbp\fR \s-1BIO\s0 parameter (if present) specifies the \s-1BIO\s0 to read from +or write to. +.PP +The \fBfp\fR \s-1FILE\s0 parameter (if present) specifies the \s-1FILE\s0 pointer to +read from or write to. +.PP +The \s-1PEM\s0 read functions all take an argument \fB\s-1TYPE\s0 **x\fR and return +a \fB\s-1TYPE\s0 *\fR pointer. Where \fB\s-1TYPE\s0\fR is whatever structure the function +uses. If \fBx\fR is \s-1NULL\s0 then the parameter is ignored. If \fBx\fR is not +\&\s-1NULL\s0 but \fB*x\fR is \s-1NULL\s0 then the structure returned will be written +to \fB*x\fR. If neither \fBx\fR nor \fB*x\fR is \s-1NULL\s0 then an attempt is made +to reuse the structure at \fB*x\fR (but see \s-1BUGS\s0 and \s-1EXAMPLES\s0 sections). +Irrespective of the value of \fBx\fR a pointer to the structure is always +returned (or \s-1NULL\s0 if an error occurred). +.PP +The \s-1PEM\s0 functions which write private keys take an \fBenc\fR parameter +which specifies the encryption algorithm to use, encryption is done +at the \s-1PEM\s0 level. If this parameter is set to \s-1NULL\s0 then the private +key is written in unencrypted form. +.PP +The \fBcb\fR argument is the callback to use when querying for the pass +phrase used for encrypted \s-1PEM\s0 structures (normally only private keys). +.PP +For the \s-1PEM\s0 write routines if the \fBkstr\fR parameter is not \s-1NULL\s0 then +\&\fBklen\fR bytes at \fBkstr\fR are used as the passphrase and \fBcb\fR is +ignored. +.PP +If the \fBcb\fR parameters is set to \s-1NULL\s0 and the \fBu\fR parameter is not +\&\s-1NULL\s0 then the \fBu\fR parameter is interpreted as a null terminated string +to use as the passphrase. If both \fBcb\fR and \fBu\fR are \s-1NULL\s0 then the +default callback routine is used which will typically prompt for the +passphrase on the current terminal with echoing turned off. +.PP +The default passphrase callback is sometimes inappropriate (for example +in a \s-1GUI\s0 application) so an alternative can be supplied. The callback +routine has the following form: +.PP +.Vb 1 +\& int cb(char *buf, int size, int rwflag, void *u); +.Ve +.PP +\&\fBbuf\fR is the buffer to write the passphrase to. \fBsize\fR is the maximum +length of the passphrase (i.e. the size of buf). \fBrwflag\fR is a flag +which is set to 0 when reading and 1 when writing. A typical routine +will ask the user to verify the passphrase (for example by prompting +for it twice) if \fBrwflag\fR is 1. The \fBu\fR parameter has the same +value as the \fBu\fR parameter passed to the \s-1PEM\s0 routine. It allows +arbitrary data to be passed to the callback by the application +(for example a window handle in a \s-1GUI\s0 application). The callback +\&\fBmust\fR return the number of characters in the passphrase or \-1 if +an error occurred. +.SH "NOTES" +.IX Header "NOTES" +The old \fBPrivateKey\fR write routines are retained for compatibility. +New applications should write private keys using the +\&\fBPEM_write_bio_PKCS8PrivateKey()\fR or \fBPEM_write_PKCS8PrivateKey()\fR routines +because they are more secure (they use an iteration count of 2048 whereas +the traditional routines use a count of 1) unless compatibility with older +versions of OpenSSL is important. +.PP +The \fBPrivateKey\fR read routines can be used in all applications because +they handle all formats transparently. +.PP +A frequent cause of problems is attempting to use the \s-1PEM\s0 routines like +this: +.PP +.Vb 1 +\& X509 *x; +\& +\& PEM_read_bio_X509(bp, &x, 0, NULL); +.Ve +.PP +this is a bug because an attempt will be made to reuse the data at \fBx\fR +which is an uninitialised pointer. +.PP +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "PEM ENCRYPTION FORMAT" +.IX Header "PEM ENCRYPTION FORMAT" +These old \fBPrivateKey\fR routines use a non standard technique for encryption. +.PP +The private key (or other data) takes the following form: +.PP +.Vb 3 +\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\- +\& Proc\-Type: 4,ENCRYPTED +\& DEK\-Info: DES\-EDE3\-CBC,3F17F5316E2BAC89 +\& +\& ...base64 encoded data... +\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- +.Ve +.PP +The line beginning with \fIProc-Type\fR contains the version and the +protection on the encapsulated data. The line beginning \fIDEK-Info\fR +contains two comma separated values: the encryption algorithm name as +used by \fBEVP_get_cipherbyname()\fR and an initialization vector used by the +cipher encoded as a set of hexadecimal digits. After those two lines is +the base64\-encoded encrypted data. +.PP +The encryption key is derived using \fBEVP_BytesToKey()\fR. The cipher's +initialization vector is passed to \fBEVP_BytesToKey()\fR as the \fBsalt\fR +parameter. Internally, \fB\s-1PKCS5_SALT_LEN\s0\fR bytes of the salt are used +(regardless of the size of the initialization vector). The user's +password is passed to \fBEVP_BytesToKey()\fR using the \fBdata\fR and \fBdatal\fR +parameters. Finally, the library uses an iteration count of 1 for +\&\fBEVP_BytesToKey()\fR. +.PP +The \fBkey\fR derived by \fBEVP_BytesToKey()\fR along with the original initialization +vector is then used to decrypt the encrypted data. The \fBiv\fR produced by +\&\fBEVP_BytesToKey()\fR is not utilized or needed, and \s-1NULL\s0 should be passed to +the function. +.PP +The pseudo code to derive the key would look similar to: +.PP +.Vb 2 +\& EVP_CIPHER* cipher = EVP_des_ede3_cbc(); +\& EVP_MD* md = EVP_md5(); +\& +\& unsigned int nkey = EVP_CIPHER_key_length(cipher); +\& unsigned int niv = EVP_CIPHER_iv_length(cipher); +\& unsigned char key[nkey]; +\& unsigned char iv[niv]; +\& +\& memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv); +\& rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/); +\& if (rc != nkey) +\& /* Error */ +\& +\& /* On success, use key and iv to initialize the cipher */ +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse +an existing structure. Therefore the following: +.PP +.Vb 1 +\& PEM_read_bio_X509(bp, &x, 0, NULL); +.Ve +.PP +where \fBx\fR already contains a valid certificate, may not work, whereas: +.PP +.Vb 2 +\& X509_free(x); +\& x = PEM_read_bio_X509(bp, NULL, 0, NULL); +.Ve +.PP +is guaranteed to work. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The read routines return either a pointer to the structure read or \s-1NULL\s0 +if an error occurred. +.PP +The write routines return 1 for success or 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Although the \s-1PEM\s0 routines take several arguments in almost all applications +most of them are set to 0 or \s-1NULL.\s0 +.PP +Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0 +.PP +.Vb 1 +\& X509 *x; +\& +\& x = PEM_read_bio_X509(bp, NULL, 0, NULL); +\& if (x == NULL) +\& /* Error */ +.Ve +.PP +Alternative method: +.PP +.Vb 1 +\& X509 *x = NULL; +\& +\& if (!PEM_read_bio_X509(bp, &x, 0, NULL)) +\& /* Error */ +.Ve +.PP +Write a certificate to a \s-1BIO:\s0 +.PP +.Vb 2 +\& if (!PEM_write_bio_X509(bp, x)) +\& /* Error */ +.Ve +.PP +Write a private key (using traditional format) to a \s-1BIO\s0 using +triple \s-1DES\s0 encryption, the pass phrase is prompted for: +.PP +.Vb 2 +\& if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) +\& /* Error */ +.Ve +.PP +Write a private key (using PKCS#8 format) to a \s-1BIO\s0 using triple +\&\s-1DES\s0 encryption, using the pass phrase \*(L"hello\*(R": +.PP +.Vb 3 +\& if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), +\& NULL, 0, 0, "hello")) +\& /* Error */ +.Ve +.PP +Read a private key from a \s-1BIO\s0 using a pass phrase callback: +.PP +.Vb 3 +\& key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); +\& if (key == NULL) +\& /* Error */ +.Ve +.PP +Skeleton pass phrase callback: +.PP +.Vb 2 +\& int pass_cb(char *buf, int size, int rwflag, void *u) +\& { +\& +\& /* We\*(Aqd probably do something else if \*(Aqrwflag\*(Aq is 1 */ +\& printf("Enter pass phrase for \e"%s\e"\en", (char *)u); +\& +\& /* get pass phrase, length \*(Aqlen\*(Aq into \*(Aqtmp\*(Aq */ +\& char *tmp = "hello"; +\& if (tmp == NULL) /* An error occurred */ +\& return \-1; +\& +\& size_t len = strlen(tmp); +\& +\& if (len > size) +\& len = size; +\& memcpy(buf, tmp, len); +\& return len; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_EncryptInit\fR\|(3), \fBEVP_BytesToKey\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The old Netscape certificate sequences were no longer documented +in OpenSSL 1.1.0; applications should use the \s-1PKCS7\s0 standard instead +as they will be formally deprecated in a future releases. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_read_bio_ex.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_read_bio_ex.3 new file mode 100644 index 00000000..759bf7d7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_read_bio_ex.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ_BIO_EX 3" +.TH PEM_READ_BIO_EX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, PEM_FLAG_ONLY_B64 \- read PEM format files with custom processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #define PEM_FLAG_SECURE 0x1 +\& #define PEM_FLAG_EAY_COMPATIBLE 0x2 +\& #define PEM_FLAG_ONLY_B64 0x4 +\& int PEM_read_bio_ex(BIO *in, char **name, char **header, +\& unsigned char **data, long *len, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPEM_read_bio_ex()\fR reads in \s-1PEM\s0 formatted data from an input \s-1BIO,\s0 outputting +the name of the type of contained data, the header information regarding +the possibly encrypted data, and the binary data payload (after base64 decoding). +It should generally only be used to implement PEM_read_bio_\-family functions +for specific data types or other usage, but is exposed to allow greater flexibility +over how processing is performed, if needed. +.PP +If \s-1PEM_FLAG_SECURE\s0 is set, the intermediate buffers used to read in lines of +input are allocated from the secure heap. +.PP +If \s-1PEM_FLAG_EAY_COMPATIBLE\s0 is set, a simple algorithm is used to remove whitespace +and control characters from the end of each line, so as to be compatible with +the historical behavior of \fBPEM_read_bio()\fR. +.PP +If \s-1PEM_FLAG_ONLY_B64\s0 is set, all characters are required to be valid base64 +characters (or newlines); non\-base64 characters are treated as end of input. +.PP +If neither \s-1PEM_FLAG_EAY_COMPATIBLE\s0 or \s-1PEM_FLAG_ONLY_B64\s0 is set, control characters +are ignored. +.PP +If both \s-1PEM_FLAG_EAY_COMPATIBLE\s0 and \s-1PEM_FLAG_ONLY_B64\s0 are set, an error is returned; +these options are not compatible with each other. +.SH "NOTES" +.IX Header "NOTES" +The caller must release the storage allocated for *name, *header, and *data. +If \s-1PEM_FLAG_SECURE\s0 was set, use \fBOPENSSL_secure_free()\fR; otherwise, +\&\fBOPENSSL_free()\fR is used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_read_bio_ex()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPEM_bytes_read_bio\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBPEM_read_bio_ex()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_write_bio_CMS_stream.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_write_bio_CMS_stream.3 new file mode 100644 index 00000000..43f9bb24 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_write_bio_CMS_stream.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_WRITE_BIO_CMS_STREAM 3" +.TH PEM_WRITE_BIO_CMS_STREAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_write_bio_CMS_stream \- output CMS_ContentInfo structure in PEM format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format. +.PP +It is otherwise identical to the function \fBSMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fBPEM_write_bio_CMS()\fR supporting +streaming. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3), +\&\fBPEM_write\fR\|(3), +\&\fBSMIME_write_CMS\fR\|(3), +\&\fBi2d_CMS_bio_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBPEM_write_bio_CMS_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_write_bio_PKCS7_stream.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_write_bio_PKCS7_stream.3 new file mode 100644 index 00000000..d09ac382 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PEM_write_bio_PKCS7_stream.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_WRITE_BIO_PKCS7_STREAM 3" +.TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_write_bio_PKCS7_stream \- output PKCS7 structure in PEM format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format. +.PP +It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fBPEM_write_bio_PKCS7()\fR supporting +streaming. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3), +\&\fBSMIME_write_PKCS7\fR\|(3), +\&\fBi2d_PKCS7_bio_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBPEM_write_bio_PKCS7_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS12_create.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS12_create.3 new file mode 100644 index 00000000..0c1d700b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS12_create.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_CREATE 3" +.TH PKCS12_CREATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_create \- create a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, +\& X509 *cert, STACK_OF(X509) *ca, +\& int nid_key, int nid_cert, int iter, int mac_iter, int keytype); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_create()\fR creates a PKCS#12 structure. +.PP +\&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for +the supplied certificate and key. \fBpkey\fR is the private key to include in +the structure and \fBcert\fR its corresponding certificates. \fBca\fR, if not \fB\s-1NULL\s0\fR +is an optional set of certificates to also include in the structure. +.PP +\&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used +for the key and certificate respectively. The modes +\&\s-1GCM, CCM, XTS,\s0 and \s-1OCB\s0 are unsupported. \fBiter\fR is the encryption algorithm +iteration count to use and \fBmac_iter\fR is the \s-1MAC\s0 iteration count to use. +\&\fBkeytype\fR is the type of key. +.SH "NOTES" +.IX Header "NOTES" +The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR +can all be set to zero and sensible defaults will be used. +.PP +These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0 +encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0 +(currently 2048) and a \s-1MAC\s0 iteration count of 1. +.PP +The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with +old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility +is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER.\s0 +.PP +\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension +that is only currently interpreted by \s-1MSIE.\s0 If set to zero the flag is omitted, +if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR +it can be used for signing and encryption. This option was useful for old +export grade software which could use signing only keys of arbitrary size but +had restrictions on the permissible sizes of keys which could be used for +encryption. +.PP +If a certificate contains an \fBalias\fR or \fBkeyid\fR then this will be +used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the +\&\s-1PKCS12\s0 structure. +.PP +Either \fBpkey\fR, \fBcert\fR or both can be \fB\s-1NULL\s0\fR to indicate that no key or +certificate is required. In previous versions both had to be present or +a fatal error is returned. +.PP +\&\fBnid_key\fR or \fBnid_cert\fR can be set to \-1 indicating that no encryption +should be used. +.PP +\&\fBmac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely. +.PP +\&\fBPKCS12_create()\fR makes assumptions regarding the encoding of the given pass +phrase. +See \fBpassphrase\-encoding\fR\|(7) for more information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS12_create()\fR returns a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_PKCS12\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS12_newpass.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS12_newpass.3 new file mode 100644 index 00000000..2206b422 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS12_newpass.3 @@ -0,0 +1,246 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_NEWPASS 3" +.TH PKCS12_NEWPASS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_newpass \- change the password of a PKCS12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_newpass()\fR changes the password of a \s-1PKCS12\s0 structure. +.PP +\&\fBp12\fR is a pointer to a \s-1PKCS12\s0 structure. \fBoldpass\fR is the existing password +and \fBnewpass\fR is the new password. +.SH "NOTES" +.IX Header "NOTES" +Each of \fBoldpass\fR and \fBnewpass\fR is independently interpreted as a string in +the \s-1UTF\-8\s0 encoding. If it is not valid \s-1UTF\-8,\s0 it is assumed to be \s-1ISO8859\-1\s0 +instead. +.PP +In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +\&\fBUI_OpenSSL\fR\|(3), for example. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS12_newpass()\fR returns 1 on success or 0 on failure. Applications can +retrieve the most recent error from \fBPKCS12_newpass()\fR with \fBERR_get_error()\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example loads a PKCS#12 file, changes its password and writes out +the result to a new file. +.PP +.Vb 5 +\& #include +\& #include +\& #include +\& #include +\& #include +\& +\& int main(int argc, char **argv) +\& { +\& FILE *fp; +\& PKCS12 *p12; +\& +\& if (argc != 5) { +\& fprintf(stderr, "Usage: pkread p12file password newpass opfile\en"); +\& return 1; +\& } +\& if ((fp = fopen(argv[1], "rb")) == NULL) { +\& fprintf(stderr, "Error opening file %s\en", argv[1]); +\& return 1; +\& } +\& p12 = d2i_PKCS12_fp(fp, NULL); +\& fclose(fp); +\& if (p12 == NULL) { +\& fprintf(stderr, "Error reading PKCS#12 file\en"); +\& ERR_print_errors_fp(stderr); +\& return 1; +\& } +\& if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) { +\& fprintf(stderr, "Error changing password\en"); +\& ERR_print_errors_fp(stderr); +\& PKCS12_free(p12); +\& return 1; +\& } +\& if ((fp = fopen(argv[4], "wb")) == NULL) { +\& fprintf(stderr, "Error opening file %s\en", argv[4]); +\& PKCS12_free(p12); +\& return 1; +\& } +\& i2d_PKCS12_fp(fp, p12); +\& PKCS12_free(p12); +\& fclose(fp); +\& return 0; +\& } +.Ve +.SH "NOTES" +.IX Header "NOTES" +If the PKCS#12 structure does not have a password, then you must use the empty +string "" for \fBoldpass\fR. Using \s-1NULL\s0 for \fBoldpass\fR will result in a +\&\fBPKCS12_newpass()\fR failure. +.PP +If the wrong password is used for \fBoldpass\fR then the function will fail, +with a \s-1MAC\s0 verification error. In rare cases the \s-1PKCS12\s0 structure does not +contain a \s-1MAC:\s0 in this case it will usually fail with a decryption padding +error. +.SH "BUGS" +.IX Header "BUGS" +The password format is a \s-1NULL\s0 terminated \s-1ASCII\s0 string which is converted to +Unicode form internally. As a result some passwords cannot be supplied to +this function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_create\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS12_parse.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS12_parse.3 new file mode 100644 index 00000000..2d8e8ae8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS12_parse.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_PARSE 3" +.TH PKCS12_PARSE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_parse \- parse a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, +\& STACK_OF(X509) **ca); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure. +.PP +\&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use. +If successful the private key will be written to \fB*pkey\fR, the corresponding +certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR. +.SH "NOTES" +.IX Header "NOTES" +The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0> in +which case additional certificates will be discarded. \fB*ca\fR can also be a +valid \s-1STACK\s0 in which case additional certificates are appended to \fB*ca\fR. If +\&\fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated. +.PP +The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each +certificate will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the +\&\fBX509\fR structure. +.PP +The parameter \fBpass\fR is interpreted as a string in the \s-1UTF\-8\s0 encoding. If it +is not valid \s-1UTF\-8,\s0 then it is assumed to be \s-1ISO8859\-1\s0 instead. +.PP +In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +\&\fBUI_OpenSSL\fR\|(3), for example. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS12_parse()\fR returns 1 for success and zero if an error occurred. +.PP +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +Only a single private key and corresponding certificate is returned by this +function. More complex PKCS#12 files with multiple private keys will only +return the first match. +.PP +Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in +certificates. Other attributes are discarded. +.PP +Attributes currently cannot be stored in the private key \fB\s-1EVP_PKEY\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_PKCS12\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS5_PBKDF2_HMAC.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS5_PBKDF2_HMAC.3 new file mode 100644 index 00000000..5c80f624 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS5_PBKDF2_HMAC.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS5_PBKDF2_HMAC 3" +.TH PKCS5_PBKDF2_HMAC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 \- password based derivation routines with salt and iteration count +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, +\& const unsigned char *salt, int saltlen, int iter, +\& const EVP_MD *digest, +\& int keylen, unsigned char *out); +\& +\& int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, +\& const unsigned char *salt, int saltlen, int iter, +\& int keylen, unsigned char *out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR derives a key from a password using a salt and iteration count +as specified in \s-1RFC 2898.\s0 +.PP +\&\fBpass\fR is the password used in the derivation of length \fBpasslen\fR. \fBpass\fR +is an optional parameter and can be \s-1NULL.\s0 If \fBpasslen\fR is \-1, then the +function will calculate the length of \fBpass\fR using \fBstrlen()\fR. +.PP +\&\fBsalt\fR is the salt used in the derivation of length \fBsaltlen\fR. If the +\&\fBsalt\fR is \s-1NULL,\s0 then \fBsaltlen\fR must be 0. The function will not +attempt to calculate the length of the \fBsalt\fR because it is not assumed to +be \s-1NULL\s0 terminated. +.PP +\&\fBiter\fR is the iteration count and its value should be greater than or +equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any +\&\fBiter\fR less than 1 is treated as a single iteration. +.PP +\&\fBdigest\fR is the message digest function used in the derivation. Values include +any of the EVP_* message digests. \s-1\fBPKCS5_PBKDF2_HMAC_SHA1\s0()\fR calls +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR with \fBEVP_sha1()\fR. +.PP +The derived key will be written to \fBout\fR. The size of the \fBout\fR buffer +is specified via \fBkeylen\fR. +.SH "NOTES" +.IX Header "NOTES" +A typical application of this function is to derive keying material for an +encryption algorithm from a password in the \fBpass\fR, a salt in \fBsalt\fR, +and an iteration count. +.PP +Increasing the \fBiter\fR parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords. +.PP +These functions make no assumption regarding the given password. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR and \s-1\fBPBKCS5_PBKDF2_HMAC_SHA1\s0()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\fBEVP_BytesToKey\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS7_decrypt.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS7_decrypt.3 new file mode 100644 index 00000000..365a0a62 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS7_decrypt.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_DECRYPT 3" +.TH PKCS7_DECRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData +structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the +recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Although the recipients certificate is not needed to decrypt the data it is needed +to locate the appropriate (of possible several) recipients in the PKCS#7 structure. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +\&\fBPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would +be better if it could look up the correct key and certificate from a database. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS7_encrypt.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS7_encrypt.3 new file mode 100644 index 00000000..dadf4b2c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS7_encrypt.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_ENCRYPT 3" +.TH PKCS7_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_encrypt \- create a PKCS#7 envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, +\& int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR +is a list of recipient certificates. \fBin\fR is the content to be encrypted. +\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient +certificates supplied to this function must all contain \s-1RSA\s0 public keys, though +they do not have to be signed using the \s-1RSA\s0 algorithm. +.PP +\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +because most clients will support it. +.PP +Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 +bit \s-1RC2.\s0 These can be used by passing \fBEVP_rc2_40_cbc()\fR and \fBEVP_rc2_64_cbc()\fR +respectively. +.PP +The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of +its parameters. +.PP +Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to +\&\fBPKCS7_encrypt()\fR. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then +\&\fB\s-1PKCS7_TEXT\s0\fR is ignored. +.PP +If the \fB\s-1PKCS7_STREAM\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output +suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.SH "NOTES" +.IX Header "NOTES" +If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR +complete and outputting its contents via a function that does not +properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable +results. +.PP +Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, +\&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fBBIO_new_PKCS7()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. +The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS7_sign.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS7_sign.3 new file mode 100644 index 00000000..a94d19b3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS7_sign.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_SIGN 3" +.TH PKCS7_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_sign \- create a PKCS#7 signedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is +the certificate to sign with, \fBpkey\fR is the corresponding private key. +\&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7 +structure (for example any intermediate CAs in the chain). +.PP +The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If +the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. +.PP +If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the +\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the +\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. +.PP +The data being signed is included in the \s-1PKCS7\s0 structure, unless +\&\fB\s-1PKCS7_DETACHED\s0\fR is set in which case it is omitted. This is used for \s-1PKCS7\s0 +detached signatures which are used in S/MIME plaintext signed messages for +example. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. +.PP +The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no +authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just +the SMIMECapabilities are omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of +these algorithms is disabled then it will not be included. +.PP +If the flags \fB\s-1PKCS7_STREAM\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure is +just initialized ready to perform the signing operation. The signing is however +\&\fBnot\fR performed and the data to be signed is not read from the \fBdata\fR +parameter. Signing is deferred until after the data has been written. In this +way data can be signed in a single pass. +.PP +If the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output to +which additional signers and capabilities can be added before finalization. +.SH "NOTES" +.IX Header "NOTES" +If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR +complete and outputting its contents via a function that does not properly +finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results. +.PP +Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, +\&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fBBIO_new_PKCS7()\fR. +.PP +If a signer is specified it will use the default digest for the signing +algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. +.PP +The \fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be +\&\fB\s-1NULL\s0\fR if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added +using the function \fBPKCS7_sign_add_signer()\fR. \fBPKCS7_final()\fR must also be +called to finalize the structure if streaming is not enabled. Alternative +signing digests can also be specified using this method. +.PP +If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only +PKCS#7 structure is output. +.PP +In versions of OpenSSL before 1.0.0 the \fBsigncert\fR and \fBpkey\fR parameters must +\&\fB\s-1NOT\s0\fR be \s-1NULL.\s0 +.SH "BUGS" +.IX Header "BUGS" +Some advanced attributes such as counter signatures are not supported. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1PKCS7_PARTIAL\s0\fR flag, and the ability for \fBcerts\fR, \fBsigncert\fR, +and \fBpkey\fR parameters to be \fB\s-1NULL\s0\fR were added in OpenSSL 1.0.0. +.PP +The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS7_sign_add_signer.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS7_sign_add_signer.3 new file mode 100644 index 00000000..ce45fd52 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS7_sign_add_signer.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_SIGN_ADD_SIGNER 3" +.TH PKCS7_SIGN_ADD_SIGNER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_sign_add_signer \- add a signer PKCS7 signed data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, +\& EVP_PKEY *pkey, const EVP_MD *md, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private +key \fBpkey\fR using message digest \fBmd\fR to a \s-1PKCS7\s0 signed data structure +\&\fBp7\fR. +.PP +The \s-1PKCS7\s0 structure should be obtained from an initial call to \fBPKCS7_sign()\fR +with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid \s-1PKCS7\s0 +signed data structure. +.PP +If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public +key algorithm will be used. +.PP +Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \s-1PKCS7\s0 structure +is not complete and must be finalized either by streaming (if applicable) or +a call to \fBPKCS7_final()\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of this function is to provide finer control over a PKCS#7 +signed data structure where the simpler \fBPKCS7_sign()\fR function defaults are +not appropriate. For example if multiple signers or non default digest +algorithms are needed. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +If \fB\s-1PKCS7_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content +digest value from the \s-1PKCS7\s0 structure: to add a signer to an existing structure. +An error occurs if a matching digest value cannot be found to copy. The +returned \s-1PKCS7\s0 structure will be valid and finalized when this flag is set. +.PP +If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the +\&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes +can be added. In this case an explicit call to \fBPKCS7_SIGNER_INFO_sign()\fR is +needed to finalize it. +.PP +If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the +\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the +\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. +.PP +The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no +authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just +the SMIMECapabilities are omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of +these algorithms is disabled then it will not be included. +.PP +\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +structure just added, this can be used to set additional attributes +before it is finalized. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +structure just added or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_final\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +The \fBPPKCS7_sign_add_signer()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS7_verify.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS7_verify.3 new file mode 100644 index 00000000..dc01ebc6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/PKCS7_verify.3 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_VERIFY 3" +.TH PKCS7_VERIFY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_verify, PKCS7_get0_signers \- verify a PKCS#7 signedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, +\& BIO *indata, BIO *out, int flags); +\& +\& STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 +structure to verify. \fBcerts\fR is a set of certificates in which to search for +the signer's certificate. \fBstore\fR is a trusted certificate store (used for +chain verification). \fBindata\fR is the signed data if the content is not +present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR +if it is not \s-1NULL.\s0 +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.PP +\&\fBPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does +\&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR +and \fBflags\fR parameters have the same meanings as in \fBPKCS7_verify()\fR. +.SH "VERIFY PROCESS" +.IX Header "VERIFY PROCESS" +Normally the verify process proceeds as follows. +.PP +Initially some sanity checks are performed on \fBp7\fR. The type of \fBp7\fR must +be signedData. There must be at least one signature on the data and if +the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. If the content is +not detached and \fBindata\fR is not \fB\s-1NULL\s0\fR, then the structure has both +embedded and external content. To treat this as an error, use the flag +\&\fB\s-1PKCS7_NO_DUAL_CONTENT\s0\fR. +The default behavior allows this, for compatibility with older +versions of OpenSSL. +.PP +An attempt is made to locate all the signer's certificates, first looking in +the \fBcerts\fR parameter (if it is not \fB\s-1NULL\s0\fR) and then looking in any certificates +contained in the \fBp7\fR structure itself. If any signer's certificates cannot be +located the operation fails. +.PP +Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If any chain verify fails an error code is returned. +.PP +Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) and +the signature's checked. +.PP +If all signature's verify correctly then the function is successful. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR parameter +to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is +meaningful to \fBPKCS7_get0_signers()\fR. +.PP +If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not +searched when locating the signer's certificate. This means that all the signers +certificates must be in the \fBcerts\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.PP +If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified. +.PP +If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are +not used as untrusted CAs. This means that the whole verify chain (apart from +the signer's certificate) must be contained in the trusted store. +.PP +If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked. +.SH "NOTES" +.IX Header "NOTES" +One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the \fBcerts\fR parameter. In this case if the signer is not one of the +certificates supplied in \fBcerts\fR then the verify will fail because the +signer cannot be found. +.PP +Care should be taken when modifying the default verify behaviour, for example +setting \fBPKCS7_NOVERIFY|PKCS7_NOSIGS\fR will totally disable all verification +and any signed message will be considered valid. This combination is however +useful if one merely wishes to write the content to \fBout\fR and its validity +is not considered important. +.PP +Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_verify()\fR returns one for a successful verification and zero +if an error occurs. +.PP +\&\fBPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. +.PP +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The trusted certificate store is not searched for the signers certificate, +this is primarily due to the inadequacies of the current \fBX509_STORE\fR +functionality. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_generate.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_generate.3 new file mode 100644 index 00000000..504d206b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_generate.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_GENERATE 3" +.TH RAND_DRBG_GENERATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_generate, RAND_DRBG_bytes \&\- generate random bytes using the given drbg instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_DRBG_generate(RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen, +\& int prediction_resistance, +\& const unsigned char *adin, size_t adinlen); +\& +\& int RAND_DRBG_bytes(RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_DRBG_generate()\fR generates \fBoutlen\fR random bytes using the given +\&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. +.PP +Before generating the output, the \s-1DRBG\s0 instance checks whether the maximum +number of generate requests (\fIreseed interval\fR) or the maximum timespan +(\fIreseed time interval\fR) since its last seeding have been reached. +If this is the case, the \s-1DRBG\s0 reseeds automatically. +Additionally, an immediate reseeding can be requested by setting the +\&\fBprediction_resistance\fR flag to 1. See \s-1NOTES\s0 section for more details. +.PP +The caller can optionally provide additional data to be used for reseeding +by passing a pointer \fBadin\fR to a buffer of length \fBadinlen\fR. +This additional data is mixed into the internal state of the random +generator but does not contribute to the entropy count. +The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and +\&\fBadinlen\fR to 0; +.PP +\&\fBRAND_DRBG_bytes()\fR generates \fBoutlen\fR random bytes using the given +\&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. +This function is a wrapper around the \fBRAND_DRBG_generate()\fR call, +which collects some additional data from low entropy sources +(e.g., a high resolution timer) and calls +RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_generate()\fR and \fBRAND_DRBG_bytes()\fR return 1 on success, +and 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The \fIreseed interval\fR and \fIreseed time interval\fR of the \fBdrbg\fR are set to +reasonable default values, which in general do not have to be adjusted. +If necessary, they can be changed using \fBRAND_DRBG_set_reseed_interval\fR\|(3) +and \fBRAND_DRBG_set_reseed_time_interval\fR\|(3), respectively. +.PP +A request for prediction resistance can only be satisfied by pulling fresh +entropy from one of the approved entropy sources listed in section 5.5.2 of +[\s-1NIST SP 800\-90C\s0]. +Since the default \s-1DRBG\s0 implementation does not have access to such an approved +entropy source, a request for prediction resistance will always fail. +In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_get0_master.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_get0_master.3 new file mode 100644 index 00000000..516e4ec1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_get0_master.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_GET0_MASTER 3" +.TH RAND_DRBG_GET0_MASTER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_get0_master, RAND_DRBG_get0_public, RAND_DRBG_get0_private \&\- get access to the global RAND_DRBG instances +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RAND_DRBG *RAND_DRBG_get0_master(void); +\& RAND_DRBG *RAND_DRBG_get0_public(void); +\& RAND_DRBG *RAND_DRBG_get0_private(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The default \s-1RAND API\s0 implementation (\fBRAND_OpenSSL()\fR) utilizes three +shared \s-1DRBG\s0 instances which are accessed via the \s-1RAND API:\s0 +.PP +The and \s-1DRBG\s0 are thread-local instances, which are used +by \fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR, respectively. +The \s-1DRBG\s0 is a global instance, which is not intended to be used +directly, but is used internally to reseed the other two instances. +.PP +These functions here provide access to the shared \s-1DRBG\s0 instances. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_get0_master()\fR returns a pointer to the \s-1DRBG\s0 instance. +.PP +\&\fBRAND_DRBG_get0_public()\fR returns a pointer to the \s-1DRBG\s0 instance. +.PP +\&\fBRAND_DRBG_get0_private()\fR returns a pointer to the \s-1DRBG\s0 instance. +.SH "NOTES" +.IX Header "NOTES" +It is not thread-safe to access the \s-1DRBG\s0 instance. +The and \s-1DRBG\s0 instance can be accessed safely, because +they are thread-local. Note however, that changes to these two instances +apply only to the current thread. +.PP +For that reason it is recommended not to change the settings of these +three instances directly. +Instead, an application should change the default settings for new \s-1DRBG\s0 instances +at initialization time, before creating additional threads. +.PP +During initialization, it is possible to change the reseed interval +and reseed time interval. +It is also possible to exchange the reseeding callbacks entirely. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_DRBG_set_callbacks\fR\|(3), +\&\fBRAND_DRBG_set_reseed_defaults\fR\|(3), +\&\fBRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\fBRAND_DRBG_set_callbacks\fR\|(3), +\&\fBRAND_DRBG_generate\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_new.3 new file mode 100644 index 00000000..7f06df32 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_new.3 @@ -0,0 +1,247 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_NEW 3" +.TH RAND_DRBG_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_new, RAND_DRBG_secure_new, RAND_DRBG_set, RAND_DRBG_set_defaults, RAND_DRBG_instantiate, RAND_DRBG_uninstantiate, RAND_DRBG_free \&\- initialize and cleanup a RAND_DRBG instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& +\& RAND_DRBG *RAND_DRBG_new(int type, +\& unsigned int flags, +\& RAND_DRBG *parent); +\& +\& RAND_DRBG *RAND_DRBG_secure_new(int type, +\& unsigned int flags, +\& RAND_DRBG *parent); +\& +\& int RAND_DRBG_set(RAND_DRBG *drbg, +\& int type, unsigned int flags); +\& +\& int RAND_DRBG_set_defaults(int type, unsigned int flags); +\& +\& int RAND_DRBG_instantiate(RAND_DRBG *drbg, +\& const unsigned char *pers, size_t perslen); +\& +\& int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); +\& +\& void RAND_DRBG_free(RAND_DRBG *drbg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR +create a new \s-1DRBG\s0 instance of the given \fBtype\fR, allocated from the heap resp. +the secure heap +(using \fBOPENSSL_zalloc()\fR resp. \fBOPENSSL_secure_zalloc()\fR). +.PP +\&\fBRAND_DRBG_set()\fR initializes the \fBdrbg\fR with the given \fBtype\fR and \fBflags\fR. +.PP +\&\fBRAND_DRBG_set_defaults()\fR sets the default \fBtype\fR and \fBflags\fR for new \s-1DRBG\s0 +instances. +.PP +Currently, all \s-1DRBG\s0 types are based on AES-CTR, so \fBtype\fR can be one of the +following values: NID_aes_128_ctr, NID_aes_192_ctr, NID_aes_256_ctr. +Before the \s-1DRBG\s0 can be used to generate random bits, it is necessary to set +its type and to instantiate it. +.PP +The optional \fBflags\fR argument specifies a set of bit flags which can be +joined using the | operator. Currently, the only flag is +\&\s-1RAND_DRBG_FLAG_CTR_NO_DF,\s0 which disables the use of a the derivation function +ctr_df. For an explanation, see [\s-1NIST SP 800\-90A\s0 Rev. 1]. +.PP +If a \fBparent\fR instance is specified then this will be used instead of +the default entropy source for reseeding the \fBdrbg\fR. It is said that the +\&\fBdrbg\fR is \fIchained\fR to its \fBparent\fR. +For more information, see the \s-1NOTES\s0 section. +.PP +\&\fBRAND_DRBG_instantiate()\fR +seeds the \fBdrbg\fR instance using random input from trusted entropy sources. +Optionally, a personalization string \fBpers\fR of length \fBperslen\fR can be +specified. +To omit the personalization string, set \fBpers\fR=NULL and \fBperslen\fR=0; +.PP +\&\fBRAND_DRBG_uninstantiate()\fR +clears the internal state of the \fBdrbg\fR and puts it back in the +uninstantiated state. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR return a pointer to a \s-1DRBG\s0 +instance allocated on the heap, resp. secure heap. +.PP +\&\fBRAND_DRBG_set()\fR, +\&\fBRAND_DRBG_instantiate()\fR, and +\&\fBRAND_DRBG_uninstantiate()\fR +return 1 on success, and 0 on failure. +.PP +\&\fBRAND_DRBG_free()\fR does not return a value. +.SH "NOTES" +.IX Header "NOTES" +The \s-1DRBG\s0 design supports \fIchaining\fR, which means that a \s-1DRBG\s0 instance can +use another \fBparent\fR \s-1DRBG\s0 instance instead of the default entropy source +to obtain fresh random input for reseeding, provided that \fBparent\fR \s-1DRBG\s0 +instance was properly instantiated, either from a trusted entropy source, +or from yet another parent \s-1DRBG\s0 instance. +For a detailed description of the reseeding process, see \s-1\fBRAND_DRBG\s0\fR\|(7). +.PP +The default \s-1DRBG\s0 type and flags are applied only during creation of a \s-1DRBG\s0 +instance. +To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances +(, resp. and ), it is necessary to call +\&\fBRAND_DRBG_set_defaults()\fR before creating any thread and before calling any +cryptographic routines that obtain random data directly or indirectly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_zalloc\fR\|(3), +\&\fBOPENSSL_secure_zalloc\fR\|(3), +\&\fBRAND_DRBG_generate\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_reseed.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_reseed.3 new file mode 100644 index 00000000..1c2fab7f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_reseed.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_RESEED 3" +.TH RAND_DRBG_RESEED 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_reseed, RAND_DRBG_set_reseed_interval, RAND_DRBG_set_reseed_time_interval, RAND_DRBG_set_reseed_defaults \&\- reseed a RAND_DRBG instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_DRBG_reseed(RAND_DRBG *drbg, +\& const unsigned char *adin, size_t adinlen, +\& int prediction_resistance); +\& +\& int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, +\& unsigned int interval); +\& +\& int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, +\& time_t interval); +\& +\& int RAND_DRBG_set_reseed_defaults( +\& unsigned int master_reseed_interval, +\& unsigned int slave_reseed_interval, +\& time_t master_reseed_time_interval, +\& time_t slave_reseed_time_interval +\& ); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_DRBG_reseed()\fR +reseeds the given \fBdrbg\fR, obtaining entropy input from its entropy source +and mixing in the specified additional data provided in the buffer \fBadin\fR +of length \fBadinlen\fR. +The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and \fBadinlen\fR +to 0. +An immediate reseeding from a live entropy source can be requested by setting +the \fBprediction_resistance\fR flag to 1. +This feature is not implemented yet, so reseeding with prediction resistance +requested will always fail. +.PP +\&\fBRAND_DRBG_set_reseed_interval()\fR +sets the reseed interval of the \fBdrbg\fR, which is the maximum allowed number +of generate requests between consecutive reseedings. +If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the +number of generate requests since its last seeding exceeds the given reseed +interval. +If \fBinterval\fR == 0, then this feature is disabled. +.PP +\&\fBRAND_DRBG_set_reseed_time_interval()\fR +sets the reseed time interval of the \fBdrbg\fR, which is the maximum allowed +number of seconds between consecutive reseedings. +If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the +elapsed time since its last reseeding exceeds the given reseed time interval. +If \fBinterval\fR == 0, then this feature is disabled. +.PP +\&\fBRAND_DRBG_set_reseed_defaults()\fR sets the default values for the reseed interval +(\fBmaster_reseed_interval\fR and \fBslave_reseed_interval\fR) +and the reseed time interval +(\fBmaster_reseed_time_interval\fR and \fBslave_reseed_tme_interval\fR) +of \s-1DRBG\s0 instances. +The default values are set independently for master \s-1DRBG\s0 instances (which don't +have a parent) and slave \s-1DRBG\s0 instances (which are chained to a parent \s-1DRBG\s0). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_reseed()\fR, +\&\fBRAND_DRBG_set_reseed_interval()\fR, and +\&\fBRAND_DRBG_set_reseed_time_interval()\fR, +return 1 on success, 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The default OpenSSL random generator is already set up for automatic reseeding, +so in general it is not necessary to reseed it explicitly, or to modify +its reseeding thresholds. +.PP +Normally, the entropy input for seeding a \s-1DRBG\s0 is either obtained from a +trusted os entropy source or from a parent \s-1DRBG\s0 instance, which was seeded +(directly or indirectly) from a trusted os entropy source. +In exceptional cases it is possible to replace the reseeding mechanism entirely +by providing application defined callbacks using \fBRAND_DRBG_set_callbacks()\fR. +.PP +The reseeding default values are applied only during creation of a \s-1DRBG\s0 instance. +To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances +(, resp. and ), it is necessary to call +\&\fBRAND_DRBG_set_reseed_defaults()\fR before creating any thread and before calling any + cryptographic routines that obtain random data directly or indirectly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_DRBG_generate\fR\|(3), +\&\fBRAND_DRBG_bytes\fR\|(3), +\&\fBRAND_DRBG_set_callbacks\fR\|(3). +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_set_callbacks.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_set_callbacks.3 new file mode 100644 index 00000000..ade4a681 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_set_callbacks.3 @@ -0,0 +1,268 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_SET_CALLBACKS 3" +.TH RAND_DRBG_SET_CALLBACKS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_set_callbacks, RAND_DRBG_get_entropy_fn, RAND_DRBG_cleanup_entropy_fn, RAND_DRBG_get_nonce_fn, RAND_DRBG_cleanup_nonce_fn \&\- set callbacks for reseeding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& +\& int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, +\& RAND_DRBG_get_entropy_fn get_entropy, +\& RAND_DRBG_cleanup_entropy_fn cleanup_entropy, +\& RAND_DRBG_get_nonce_fn get_nonce, +\& RAND_DRBG_cleanup_nonce_fn cleanup_nonce); +.Ve +.SS "Callback Functions" +.IX Subsection "Callback Functions" +.Vb 6 +\& typedef size_t (*RAND_DRBG_get_entropy_fn)( +\& RAND_DRBG *drbg, +\& unsigned char **pout, +\& int entropy, +\& size_t min_len, size_t max_len, +\& int prediction_resistance); +\& +\& typedef void (*RAND_DRBG_cleanup_entropy_fn)( +\& RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen); +\& +\& typedef size_t (*RAND_DRBG_get_nonce_fn)( +\& RAND_DRBG *drbg, +\& unsigned char **pout, +\& int entropy, +\& size_t min_len, size_t max_len); +\& +\& typedef void (*RAND_DRBG_cleanup_nonce_fn)( +\& RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_DRBG_set_callbacks()\fR sets the callbacks for obtaining fresh entropy and +the nonce when reseeding the given \fBdrbg\fR. +The callback functions are implemented and provided by the caller. +Their parameter lists need to match the function prototypes above. +.PP +Setting the callbacks is allowed only if the \s-1DRBG\s0 has not been initialized yet. +Otherwise, the operation will fail. +To change the settings for one of the three shared DRBGs it is necessary to call +\&\fBRAND_DRBG_uninstantiate()\fR first. +.PP +The \fBget_entropy\fR() callback is called by the \fBdrbg\fR when it requests fresh +random input. +It is expected that the callback allocates and fills a random buffer of size +\&\fBmin_len\fR <= size <= \fBmax_len\fR (in bytes) which contains at least \fBentropy\fR +bits of randomness. +The \fBprediction_resistance\fR flag indicates whether the reseeding was +triggered by a prediction resistance request. +.PP +The buffer's address is to be returned in *\fBpout\fR and the number of collected +randomness bytes as return value. +.PP +If the callback fails to acquire at least \fBentropy\fR bits of randomness, +it must indicate an error by returning a buffer length of 0. +.PP +If \fBprediction_resistance\fR was requested and the random source of the \s-1DRBG\s0 +does not satisfy the conditions requested by [\s-1NIST SP 800\-90C\s0], then +it must also indicate an error by returning a buffer length of 0. +See \s-1NOTES\s0 section for more details. +.PP +The \fBcleanup_entropy\fR() callback is called from the \fBdrbg\fR to to clear and +free the buffer allocated previously by \fBget_entropy()\fR. +The values \fBout\fR and \fBoutlen\fR are the random buffer's address and length, +as returned by the \fBget_entropy()\fR callback. +.PP +The \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks are used to obtain a nonce +and free it again. A nonce is only required for instantiation (not for reseeding) +and only in the case where the \s-1DRBG\s0 uses a derivation function. +The callbacks are analogous to \fBget_entropy()\fR and \fBcleanup_entropy()\fR, +except for the missing prediction_resistance flag. +.PP +If the derivation function is disabled, then no nonce is used for instantiation, +and the \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks can be omitted by +setting them to \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_set_callbacks()\fR return 1 on success, and 0 on failure +.SH "NOTES" +.IX Header "NOTES" +It is important that \fBcleanup_entropy\fR() and \fBcleanup_nonce\fR() clear the buffer +contents safely before freeing it, in order not to leave sensitive information +about the \s-1DRBG\s0's state in memory. +.PP +A request for prediction resistance can only be satisfied by pulling fresh +entropy from one of the approved entropy sources listed in section 5.5.2 of +[\s-1NIST SP 800\-90C\s0]. +Since the default implementation of the get_entropy callback does not have access +to such an approved entropy source, a request for prediction resistance will +always fail. +In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 +.PP +The derivation function is disabled during initialization by calling the +\&\fBRAND_DRBG_set()\fR function with the \s-1RAND_DRBG_FLAG_CTR_NO_DF\s0 flag. +For more information on the derivation function and when it can be omitted, +see [\s-1NIST SP 800\-90A\s0 Rev. 1]. Roughly speaking it can be omitted if the random +source has \*(L"full entropy\*(R", i.e., contains 8 bits of entropy per byte. +.PP +Even if a nonce is required, the \fBget_nonce\fR() and \fBcleanup_nonce\fR() +callbacks can be omitted by setting them to \s-1NULL.\s0 +In this case the \s-1DRBG\s0 will automatically request an extra amount of entropy +(using the \fBget_entropy\fR() and \fBcleanup_entropy\fR() callbacks) which it will +utilize for the nonce, following the recommendations of [\s-1NIST SP 800\-90A\s0 Rev. 1], +section 8.6.7. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_DRBG_new\fR\|(3), +\&\fBRAND_DRBG_reseed\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_set_ex_data.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_set_ex_data.3 new file mode 100644 index 00000000..5349bda3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_DRBG_set_ex_data.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_SET_EX_DATA 3" +.TH RAND_DRBG_SET_EX_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_set_ex_data, RAND_DRBG_get_ex_data, RAND_DRBG_get_ex_new_index \&\- store and retrieve extra data from the DRBG instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *data); +\& +\& void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx); +\& +\& int RAND_DRBG_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_DRBG_set_ex_data()\fR enables an application to store arbitrary application +specific data \fBdata\fR in a \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The index \fBidx\fR should +be a value previously returned from a call to \fBRAND_DRBG_get_ex_new_index()\fR. +.PP +\&\fBRAND_DRBG_get_ex_data()\fR retrieves application specific data previously stored +in an \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The \fBidx\fR value should be the same as that +used when originally storing the data. +.PP +For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and +\&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and +\&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_set_ex_data()\fR returns 1 for success or 0 for failure. +.PP +\&\fBRAND_DRBG_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on +failure. \s-1NULL\s0 may also be a valid value. +.SH "NOTES" +.IX Header "NOTES" +RAND_DRBG_get_ex_new_index(...) is implemented as a macro and equivalent to +CRYPTO_get_ex_new_index(\s-1CRYPTO_EX_INDEX_DRBG,...\s0). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBCRYPTO_get_ex_data\fR\|(3), +\&\fBCRYPTO_set_ex_data\fR\|(3), +\&\fBCRYPTO_get_ex_new_index\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_add.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_add.3 new file mode 100644 index 00000000..9aa0d697 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_add.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_ADD 3" +.TH RAND_ADD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, RAND_keep_random_devices_open \&\- add randomness to the PRNG or get its status +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_status(void); +\& int RAND_poll(); +\& +\& void RAND_add(const void *buf, int num, double randomness); +\& void RAND_seed(const void *buf, int num); +\& +\& void RAND_keep_random_devices_open(int keep); +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); +\& void RAND_screen(void); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions can be used to seed the random generator and to check its +seeded state. +In general, manual (re\-)seeding of the default OpenSSL random generator +(\fBRAND_OpenSSL\fR\|(3)) is not necessary (but allowed), since it does (re\-)seed +itself automatically using trusted system entropy sources. +This holds unless the default \s-1RAND_METHOD\s0 has been replaced or OpenSSL was +built with automatic reseeding disabled, see \s-1\fBRAND\s0\fR\|(7) for more details. +.PP +\&\fBRAND_status()\fR indicates whether or not the random generator has been sufficiently +seeded. If not, functions such as \fBRAND_bytes\fR\|(3) will fail. +.PP +\&\fBRAND_poll()\fR uses the system's capabilities to seed the random generator using +random input obtained from polling various trusted entropy sources. +The default choice of the entropy source can be modified at build time, +see \s-1\fBRAND\s0\fR\|(7) for more details. +.PP +\&\fBRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the internal state +of the random generator. +This function will not normally be needed, as mentioned above. +The \fBrandomness\fR argument is an estimate of how much randomness is +contained in +\&\fBbuf\fR, in bytes, and should be a number between zero and \fBnum\fR. +Details about sources of randomness and how to estimate their randomness +can be found in the literature; for example [\s-1NIST SP 800\-90B\s0]. +The content of \fBbuf\fR cannot be recovered from subsequent random generator output. +Applications that intend to save and restore random state in an external file +should consider using \fBRAND_load_file\fR\|(3) instead. +.PP +\&\fBRAND_seed()\fR is equivalent to \fBRAND_add()\fR with \fBrandomness\fR set to \fBnum\fR. +.PP +\&\fBRAND_keep_random_devices_open()\fR is used to control file descriptor +usage by the random seed sources. Some seed sources maintain open file +descriptors by default, which allows such sources to operate in a +\&\fBchroot\fR\|(2) jail without the associated device nodes being available. When +the \fBkeep\fR argument is zero, this call disables the retention of file +descriptors. Conversely, a non-zero argument enables the retention of +file descriptors. This function is usually called during initialization +and it takes effect immediately. +.PP +\&\fBRAND_event()\fR and \fBRAND_screen()\fR are equivalent to \fBRAND_poll()\fR and exist +for compatibility reasons only. See \s-1HISTORY\s0 section below. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_status()\fR returns 1 if the random generator has been seeded +with enough data, 0 otherwise. +.PP +\&\fBRAND_poll()\fR returns 1 if it generated seed data, 0 otherwise. +.PP +\&\fBRAND_event()\fR returns \fBRAND_status()\fR. +.PP +The other functions do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_egd\fR\|(3), +\&\fBRAND_load_file\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBRAND_event()\fR and \fBRAND_screen()\fR were deprecated in OpenSSL 1.1.0 and should +not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_bytes.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_bytes.3 new file mode 100644 index 00000000..78210930 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_bytes.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_BYTES 3" +.TH RAND_BYTES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_bytes, RAND_priv_bytes, RAND_pseudo_bytes \- generate random data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_bytes(unsigned char *buf, int num); +\& int RAND_priv_bytes(unsigned char *buf, int num); +.Ve +.PP +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& int RAND_pseudo_bytes(unsigned char *buf, int num); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_bytes()\fR generates \fBnum\fR random bytes using a cryptographically +secure pseudo random generator (\s-1CSPRNG\s0) and stores them in \fBbuf\fR. +.PP +\&\fBRAND_priv_bytes()\fR has the same semantics as \fBRAND_bytes()\fR. It is intended to +be used for generating values that should remain private. If using the +default \s-1RAND_METHOD,\s0 this function uses a separate \*(L"private\*(R" \s-1PRNG\s0 +instance so that a compromise of the \*(L"public\*(R" \s-1PRNG\s0 instance will not +affect the secrecy of these private values, as described in \s-1\fBRAND\s0\fR\|(7) +and \s-1\fBRAND_DRBG\s0\fR\|(7). +.SH "NOTES" +.IX Header "NOTES" +By default, the OpenSSL \s-1CSPRNG\s0 supports a security level of 256 bits, provided it +was able to seed itself from a trusted entropy source. +On all major platforms supported by OpenSSL (including the Unix-like platforms +and Windows), OpenSSL is configured to automatically seed the \s-1CSPRNG\s0 on first use +using the operating systems's random generator. +.PP +If the entropy source fails or is not available, the \s-1CSPRNG\s0 will enter an +error state and refuse to generate random bytes. For that reason, it is important +to always check the error return value of \fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR and +not take randomness for granted. +.PP +On other platforms, there might not be a trusted entropy source available +or OpenSSL might have been explicitly configured to use different entropy sources. +If you are in doubt about the quality of the entropy source, don't hesitate to ask +your operating system vendor or post a question on GitHub or the openssl-users +mailing list. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR +return 1 on success, \-1 if not supported by the current +\&\s-1RAND\s0 method, or 0 on other failure. The error code can be +obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_priv_bytes\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +.IP "\(bu" 2 +\&\fBRAND_pseudo_bytes()\fR was deprecated in OpenSSL 1.1.0; use \fBRAND_bytes()\fR instead. +.IP "\(bu" 2 +The \fBRAND_priv_bytes()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_cleanup.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_cleanup.3 new file mode 100644 index 00000000..d0a8370f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_cleanup.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_CLEANUP 3" +.TH RAND_CLEANUP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_cleanup \- erase the PRNG state +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void RAND_cleanup(void) +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Prior to OpenSSL 1.1.0, \fBRAND_cleanup()\fR released all resources used by +the \s-1PRNG.\s0 As of version 1.1.0, it does nothing and should not be called, +since no explicit initialisation or de-initialisation is necessary. See +\&\fBOPENSSL_init_crypto\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_cleanup()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBRAND_cleanup()\fR was deprecated in OpenSSL 1.1.0; do not use it. +See \fBOPENSSL_init_crypto\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_egd.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_egd.3 new file mode 100644 index 00000000..61b4ca48 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_egd.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_EGD 3" +.TH RAND_EGD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes \- query entropy gathering daemon +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_egd_bytes(const char *path, int num); +\& int RAND_egd(const char *path); +\& +\& int RAND_query_egd_bytes(const char *path, unsigned char *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +On older platforms without a good source of randomness such as \f(CW\*(C`/dev/urandom\*(C'\fR, +it is possible to query an Entropy Gathering Daemon (\s-1EGD\s0) over a local +socket to obtain randomness and seed the OpenSSL \s-1RNG.\s0 +The protocol used is defined by the EGDs available at + or . +.PP +\&\fBRAND_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at the +specified socket \fBpath\fR, and passes the data it receives into \fBRAND_add()\fR. +\&\fBRAND_egd()\fR is equivalent to \fBRAND_egd_bytes()\fR with \fBnum\fR set to 255. +.PP +\&\fBRAND_query_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at +the specified socket \fBpath\fR, where \fBnum\fR must be less than 256. +If \fBbuf\fR is \fB\s-1NULL\s0\fR, it is equivalent to \fBRAND_egd_bytes()\fR. +If \fBbuf\fR is not \fB\s-1NULL\s0\fR, then the data is copied to the buffer and +\&\fBRAND_add()\fR is not called. +.PP +OpenSSL can be configured at build time to try to use the \s-1EGD\s0 for seeding +automatically. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_egd()\fR and \fBRAND_egd_bytes()\fR return the number of bytes read from the +daemon on success, or \-1 if the connection failed or the daemon did not +return enough data to fully seed the \s-1PRNG.\s0 +.PP +\&\fBRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on +success, or \-1 if the connection failed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_load_file.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_load_file.3 new file mode 100644 index 00000000..14fc5450 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_load_file.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_LOAD_FILE 3" +.TH RAND_LOAD_FILE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_load_file(const char *filename, long max_bytes); +\& +\& int RAND_write_file(const char *filename); +\& +\& const char *RAND_file_name(char *buf, size_t num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and +adds them to the \s-1PRNG.\s0 If \fBmax_bytes\fR is non-negative, +up to \fBmax_bytes\fR are read; +if \fBmax_bytes\fR is \-1, the complete file is read. +Do not load the same file multiple times unless its contents have +been updated by \fBRAND_write_file()\fR between reads. +Also, note that \fBfilename\fR should be adequately protected so that an +attacker cannot replace or examine the contents. +If \fBfilename\fR is not a regular file, then user is considered to be +responsible for any side effects, e.g. non-anticipated blocking or +capture of controlling terminal. +.PP +\&\fBRAND_write_file()\fR writes a number of random bytes (currently 128) to +file \fBfilename\fR which can be used to initialize the \s-1PRNG\s0 by calling +\&\fBRAND_load_file()\fR in a later session. +.PP +\&\fBRAND_file_name()\fR generates a default path for the random seed +file. \fBbuf\fR points to a buffer of size \fBnum\fR in which to store the +filename. +.PP +On all systems, if the environment variable \fB\s-1RANDFILE\s0\fR is set, its +value will be used as the seed file name. +Otherwise, the file is called \f(CW\*(C`.rnd\*(C'\fR, found in platform dependent locations: +.IP "On Windows (in order of preference)" 4 +.IX Item "On Windows (in order of preference)" +.Vb 1 +\& %HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\e +.Ve +.IP "On \s-1VMS\s0" 4 +.IX Item "On VMS" +.Vb 1 +\& SYS$LOGIN: +.Ve +.IP "On all other systems" 4 +.IX Item "On all other systems" +.Vb 1 +\& $HOME +.Ve +.PP +If \f(CW$HOME\fR (on non-Windows and non-VMS system) is not set either, or +\&\fBnum\fR is too small for the path name, an error occurs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_load_file()\fR returns the number of bytes read or \-1 on error. +.PP +\&\fBRAND_write_file()\fR returns the number of bytes written, or \-1 if the +bytes written were generated without appropriate seeding. +.PP +\&\fBRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_set_rand_method.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_set_rand_method.3 new file mode 100644 index 00000000..a3aed58d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RAND_set_rand_method.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_SET_RAND_METHOD 3" +.TH RAND_SET_RAND_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL \- select RAND method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RAND_METHOD *RAND_OpenSSL(void); +\& +\& int RAND_set_rand_method(const RAND_METHOD *meth); +\& +\& const RAND_METHOD *RAND_get_rand_method(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number +generation. +.PP +\&\fBRAND_OpenSSL()\fR returns the default \fB\s-1RAND_METHOD\s0\fR implementation by OpenSSL. +This implementation ensures that the \s-1PRNG\s0 state is unique for each thread. +.PP +If an \fB\s-1ENGINE\s0\fR is loaded that provides the \s-1RAND API,\s0 however, it will +be used instead of the method returned by \fBRAND_OpenSSL()\fR. +.PP +\&\fBRAND_set_rand_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. If an +\&\s-1ENGINE\s0 was providing the method, it will be released first. +.PP +\&\fBRAND_get_rand_method()\fR returns a pointer to the current \fB\s-1RAND_METHOD\s0\fR. +.SH "THE RAND_METHOD STRUCTURE" +.IX Header "THE RAND_METHOD STRUCTURE" +.Vb 8 +\& typedef struct rand_meth_st { +\& int (*seed)(const void *buf, int num); +\& int (*bytes)(unsigned char *buf, int num); +\& void (*cleanup)(void); +\& int (*add)(const void *buf, int num, double entropy); +\& int (*pseudorand)(unsigned char *buf, int num); +\& int (*status)(void); +\& } RAND_METHOD; +.Ve +.PP +The fields point to functions that are used by, in order, +\&\fBRAND_seed()\fR, \fBRAND_bytes()\fR, internal \s-1RAND\s0 cleanup, \fBRAND_add()\fR, \fBRAND_pseudo_rand()\fR +and \fBRAND_status()\fR. +Each pointer may be \s-1NULL\s0 if the function is not implemented. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_set_rand_method()\fR returns 1 on success and 0 on failure. +\&\fBRAND_get_rand_method()\fR and \fBRAND_OpenSSL()\fR return pointers to the respective +methods. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_bytes\fR\|(3), +\&\fBENGINE_by_id\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RC4_set_key.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RC4_set_key.3 new file mode 100644 index 00000000..8a4c262c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RC4_set_key.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RC4_SET_KEY 3" +.TH RC4_SET_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RC4_set_key, RC4 \- RC4 encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +\& +\& void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, +\& unsigned char *outdata); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements the Alleged \s-1RC4\s0 cipher, which is described for +example in \fIApplied Cryptography\fR. It is believed to be compatible +with RC4[\s-1TM\s0], a proprietary cipher of \s-1RSA\s0 Security Inc. +.PP +\&\s-1RC4\s0 is a stream cipher with variable key length. Typically, 128 bit +(16 byte) keys are used for strong encryption, but shorter insecure +key sizes have been widely used due to export restrictions. +.PP +\&\s-1RC4\s0 consists of a key setup phase and the actual encryption or +decryption phase. +.PP +\&\fBRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long +key at \fBdata\fR. +.PP +\&\s-1\fBRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using +\&\fBkey\fR and places the result at \fBoutdata\fR. Repeated \s-1\fBRC4\s0()\fR calls with +the same \fBkey\fR yield a continuous key stream. +.PP +Since \s-1RC4\s0 is a stream cipher (the input is XORed with a pseudo-random +key stream to produce the output), decryption uses the same function +calls as encryption. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRC4_set_key()\fR and \s-1\fBRC4\s0()\fR do not return values. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these +functions directly. +.PP +It is difficult to securely use stream ciphers. For example, do not perform +multiple encryptions using the same key stream. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_EncryptInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RIPEMD160_Init.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RIPEMD160_Init.3 new file mode 100644 index 00000000..8805a6c1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RIPEMD160_Init.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RIPEMD160_INIT 3" +.TH RIPEMD160_INIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- RIPEMD\-160 hash function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, +\& unsigned char *md); +\& +\& int RIPEMD160_Init(RIPEMD160_CTX *c); +\& int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); +\& int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1RIPEMD\-160\s0 is a cryptographic hash function with a +160 bit output. +.PP +\&\s-1\fBRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest +is placed in a static array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fBRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure. +.PP +\&\fBRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fBRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have +space for \s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output, and erases +the \fB\s-1RIPEMD160_CTX\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBRIPEMD160\s0()\fR returns a pointer to the hash value. +.PP +\&\fBRIPEMD160_Init()\fR, \fBRIPEMD160_Update()\fR and \fBRIPEMD160_Final()\fR return 1 for +success, 0 otherwise. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling these +functions directly. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_blinding_on.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_blinding_on.3 new file mode 100644 index 00000000..1f9633a1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_blinding_on.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_BLINDING_ON 3" +.TH RSA_BLINDING_ON 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_blinding_on, RSA_blinding_off \- protect the RSA operation from timing attacks +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +\& +\& void RSA_blinding_off(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1RSA\s0 is vulnerable to timing attacks. In a setup where attackers can +measure the time of \s-1RSA\s0 decryption or signature operations, blinding +must be used to protect the \s-1RSA\s0 operation from that attack. +.PP +\&\fBRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a +random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a pre-allocated and +initialized \fB\s-1BN_CTX\s0\fR. +.PP +\&\fBRSA_blinding_off()\fR turns blinding off and frees the memory used for +the blinding factor. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred. +.PP +\&\fBRSA_blinding_off()\fR returns no value. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_check_key.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_check_key.3 new file mode 100644 index 00000000..9a48b418 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_check_key.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_CHECK_KEY 3" +.TH RSA_CHECK_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_check_key_ex, RSA_check_key \- validate private RSA keys +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb); +\& +\& int RSA_check_key(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_check_key_ex()\fR function validates \s-1RSA\s0 keys. +It checks that \fBp\fR and \fBq\fR are +in fact prime, and that \fBn = p*q\fR. +.PP +It does not work on \s-1RSA\s0 public keys that have only the modulus +and public exponent elements populated. +It also checks that \fBd*e = 1 mod (p\-1*q\-1)\fR, +and that \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR are set correctly or are \fB\s-1NULL\s0\fR. +It performs integrity checks on all +the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private +key data too. +Therefore, it cannot be used with any arbitrary \s-1RSA\s0 key object, +even if it is otherwise fit for regular \s-1RSA\s0 operation. +.PP +The \fBcb\fR parameter is a callback that will be invoked in the same +manner as \fBBN_is_prime_ex\fR\|(3). +.PP +\&\fBRSA_check_key()\fR is equivalent to \fBRSA_check_key_ex()\fR with a \s-1NULL\s0 \fBcb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_check_key_ex()\fR and \fBRSA_check_key()\fR +return 1 if \fBrsa\fR is a valid \s-1RSA\s0 key, and 0 otherwise. +They return \-1 if an error occurs while checking the key. +.PP +If the key is invalid or an error occurred, the reason code can be +obtained using \fBERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work +transparently with any underlying \s-1ENGINE\s0 implementation because it uses the +key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can +override the way key data is stored and handled, and can even provide +support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR +key data at all! If the \s-1ENGINE\s0 in question is only being used for +acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data +is complete and untouched, but this can't be assumed in the general case. +.SH "BUGS" +.IX Header "BUGS" +A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA API\s0 functions might need +to be considered. Right now \fBRSA_check_key()\fR simply uses the \s-1RSA\s0 structure +elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and +completely violating encapsulation and object-orientation in the process). +The best fix will probably be to introduce a \*(L"\fBcheck_key()\fR\*(R" handler to the +\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also +provide their own verifiers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_is_prime_ex\fR\|(3), +\&\fBERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBRSA_check_key_ex()\fR appeared after OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_generate_key.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_generate_key.3 new file mode 100644 index 00000000..49d633c3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_generate_key.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_GENERATE_KEY 3" +.TH RSA_GENERATE_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_generate_key_ex, RSA_generate_key, RSA_generate_multi_prime_key \- generate RSA key pair +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +\& int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& #if OPENSSL_API_COMPAT < 0x00908000L +\& RSA *RSA_generate_key(int bits, unsigned long e, +\& void (*callback)(int, int, void *), void *cb_arg); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_generate_key_ex()\fR generates a 2\-prime \s-1RSA\s0 key pair and stores it in the +\&\fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The pseudo-random number generator must +be seeded prior to calling \fBRSA_generate_key_ex()\fR. +.PP +\&\fBRSA_generate_multi_prime_key()\fR generates a multi-prime \s-1RSA\s0 key pair and stores +it in the \fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The number of primes is given by +the \fBprimes\fR parameter. The random number generator must be seeded when +calling \fBRSA_generate_multi_prime_key()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +The modulus size will be of length \fBbits\fR, the number of primes to form the +modulus will be \fBprimes\fR, and the public exponent will be \fBe\fR. Key sizes +with \fBnum\fR < 1024 should be considered insecure. The exponent is an odd +number, typically 3, 17 or 65537. +.PP +In order to maintain adequate security level, the maximum number of permitted +\&\fBprimes\fR depends on modulus bit length: +.PP +.Vb 3 +\& <1024 | >=1024 | >=4096 | >=8192 +\& \-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\- +\& 2 | 3 | 4 | 5 +.Ve +.PP +A callback function may be used to provide feedback about the +progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it +will be called as follows using the \fBBN_GENCB_call()\fR function +described on the \fBBN_generate_prime\fR\|(3) page. +.PP +\&\fBRSA_generate_key()\fR is similar to \fBRSA_generate_key_ex()\fR but +expects an old-style callback function; see +\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. +.IP "\(bu" 2 +While a random prime number is generated, it is called as +described in \fBBN_generate_prime\fR\|(3). +.IP "\(bu" 2 +When the n\-th randomly generated prime is rejected as not +suitable for the key, \fBBN_GENCB_call(cb, 2, n)\fR is called. +.IP "\(bu" 2 +When a random p has been found with p\-1 relatively prime to \fBe\fR, +it is called as \fBBN_GENCB_call(cb, 3, 0)\fR. +.PP +The process is then repeated for prime q and other primes (if any) +with \fBBN_GENCB_call(cb, 3, i)\fR where \fBi\fR indicates the i\-th prime. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_generate_multi_prime_key()\fR returns 1 on success or 0 on error. +\&\fBRSA_generate_key_ex()\fR returns 1 on success or 0 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.PP +\&\fBRSA_generate_key()\fR returns a pointer to the \s-1RSA\s0 structure or +\&\fB\s-1NULL\s0\fR if the key generation fails. +.SH "BUGS" +.IX Header "BUGS" +\&\fBBN_GENCB_call(cb, 2, x)\fR is used with two different meanings. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBBN_generate_prime\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBRSA_generate_key()\fR was deprecated in OpenSSL 0.9.8; use +\&\fBRSA_generate_key_ex()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_get0_key.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_get0_key.3 new file mode 100644 index 00000000..b4a7c49c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_get0_key.3 @@ -0,0 +1,303 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_GET0_KEY 3" +.TH RSA_GET0_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_get0_pss_params, RSA_clear_flags, RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, RSA_set0_multi_prime_params, RSA_get_version \&\- Routines for getting and setting data in an RSA object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +\& int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +\& int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +\& void RSA_get0_key(const RSA *r, +\& const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); +\& void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +\& void RSA_get0_crt_params(const RSA *r, +\& const BIGNUM **dmp1, const BIGNUM **dmq1, +\& const BIGNUM **iqmp); +\& const BIGNUM *RSA_get0_n(const RSA *d); +\& const BIGNUM *RSA_get0_e(const RSA *d); +\& const BIGNUM *RSA_get0_d(const RSA *d); +\& const BIGNUM *RSA_get0_p(const RSA *d); +\& const BIGNUM *RSA_get0_q(const RSA *d); +\& const BIGNUM *RSA_get0_dmp1(const RSA *r); +\& const BIGNUM *RSA_get0_dmq1(const RSA *r); +\& const BIGNUM *RSA_get0_iqmp(const RSA *r); +\& const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); +\& void RSA_clear_flags(RSA *r, int flags); +\& int RSA_test_flags(const RSA *r, int flags); +\& void RSA_set_flags(RSA *r, int flags); +\& ENGINE *RSA_get0_engine(RSA *r); +\& int RSA_get_multi_prime_extra_count(const RSA *r); +\& int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); +\& int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], +\& const BIGNUM *coeffs[]); +\& int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], +\& BIGNUM *coeffs[], int pnum); +\& int RSA_get_version(RSA *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \s-1RSA\s0 object contains the components for the public and private key, +\&\fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR. \fBn\fR is +the modulus common to both public and private key, \fBe\fR is the public +exponent and \fBd\fR is the private exponent. \fBp\fR, \fBq\fR, \fBdmp1\fR, +\&\fBdmq1\fR and \fBiqmp\fR are the factors for the second representation of a +private key (see PKCS#1 section 3 Key Types), where \fBp\fR and \fBq\fR are +the first and second factor of \fBn\fR and \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR +are the exponents and coefficient for \s-1CRT\s0 calculations. +.PP +For multi-prime \s-1RSA\s0 (defined in \s-1RFC 8017\s0), there are also one or more +\&'triplet' in an \s-1RSA\s0 object. A triplet contains three members, \fBr\fR, \fBd\fR +and \fBt\fR. \fBr\fR is the additional prime besides \fBp\fR and \fBq\fR. \fBd\fR and +\&\fBt\fR are the exponent and coefficient for \s-1CRT\s0 calculations. +.PP +The \fBn\fR, \fBe\fR and \fBd\fR parameters can be obtained by calling +\&\fBRSA_get0_key()\fR. If they have not been set yet, then \fB*n\fR, \fB*e\fR and +\&\fB*d\fR will be set to \s-1NULL.\s0 Otherwise, they are set to pointers to +their respective values. These point directly to the internal +representations of the values and therefore should not be freed +by the caller. +.PP +The \fBn\fR, \fBe\fR and \fBd\fR parameter values can be set by calling +\&\fBRSA_set0_key()\fR and passing the new values for \fBn\fR, \fBe\fR and \fBd\fR as +parameters to the function. The values \fBn\fR and \fBe\fR must be non-NULL +the first time this function is called on a given \s-1RSA\s0 object. The +value \fBd\fR may be \s-1NULL.\s0 On subsequent calls any of these values may be +\&\s-1NULL\s0 which means the corresponding \s-1RSA\s0 field is left untouched. +Calling this function transfers the memory management of the values to +the \s-1RSA\s0 object, and therefore the values that have been passed in +should not be freed by the caller after this function has been called. +.PP +In a similar fashion, the \fBp\fR and \fBq\fR parameters can be obtained and +set with \fBRSA_get0_factors()\fR and \fBRSA_set0_factors()\fR, and the \fBdmp1\fR, +\&\fBdmq1\fR and \fBiqmp\fR parameters can be obtained and set with +\&\fBRSA_get0_crt_params()\fR and \fBRSA_set0_crt_params()\fR. +.PP +For \fBRSA_get0_key()\fR, \fBRSA_get0_factors()\fR, and \fBRSA_get0_crt_params()\fR, +\&\s-1NULL\s0 value \s-1BIGNUM\s0 ** output parameters are permitted. The functions +ignore \s-1NULL\s0 parameters but return values for other, non-NULL, parameters. +.PP +For multi-prime \s-1RSA,\s0 \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR +can be used to obtain other primes and related \s-1CRT\s0 parameters. The +return values are stored in an array of \fB\s-1BIGNUM\s0 *\fR. \fBRSA_set0_multi_prime_params()\fR +sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient) +into an \s-1RSA\s0 object. +.PP +Any of the values \fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR, and \fBiqmp\fR can also be +retrieved separately by the corresponding function +\&\fBRSA_get0_n()\fR, \fBRSA_get0_e()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_p()\fR, \fBRSA_get0_q()\fR, +\&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR, respectively. +.PP +\&\fBRSA_get0_pss_params()\fR is used to retrieve the RSA-PSS parameters. +.PP +\&\fBRSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1RSA\s0 +object. Multiple flags can be passed in one go (bitwise ORed together). +Any flags that are already set are left set. \fBRSA_test_flags()\fR tests to +see whether the flags passed in the \fBflags\fR parameter are currently +set in the \s-1RSA\s0 object. Multiple flags can be tested in one go. All +flags that are currently set are returned, or zero if none of the +flags are set. \fBRSA_clear_flags()\fR clears the specified flags within the +\&\s-1RSA\s0 object. +.PP +\&\fBRSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for +this \s-1RSA\s0 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. +.PP +\&\fBRSA_get_version()\fR returns the version of an \s-1RSA\s0 object \fBr\fR. +.SH "NOTES" +.IX Header "NOTES" +Values retrieved with \fBRSA_get0_key()\fR are owned by the \s-1RSA\s0 object used +in the call and may therefore \fInot\fR be passed to \fBRSA_set0_key()\fR. If +needed, duplicate the received value using \fBBN_dup()\fR and pass the +duplicate. The same applies to \fBRSA_get0_factors()\fR and \fBRSA_set0_factors()\fR +as well as \fBRSA_get0_crt_params()\fR and \fBRSA_set0_crt_params()\fR. +.PP +The caller should obtain the size by calling \fBRSA_get_multi_prime_extra_count()\fR +in advance and allocate sufficient buffer to store the return values before +calling \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR. +.PP +\&\fBRSA_set0_multi_prime_params()\fR always clears the original multi-prime +triplets in \s-1RSA\s0 object \fBr\fR and assign the new set of triplets into it. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_set0_key()\fR, \fBRSA_set0_factors()\fR, \fBRSA_set0_crt_params()\fR and +\&\fBRSA_set0_multi_prime_params()\fR return 1 on success or 0 on failure. +.PP +\&\fBRSA_get0_n()\fR, \fBRSA_get0_e()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_p()\fR, \fBRSA_get0_q()\fR, +\&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR +return the respective value. +.PP +\&\fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_crt_params()\fR return +1 on success or 0 on failure. +.PP +\&\fBRSA_get_multi_prime_extra_count()\fR returns two less than the number of primes +in use, which is 0 for traditional \s-1RSA\s0 and the number of extra primes for +multi-prime \s-1RSA.\s0 +.PP +\&\fBRSA_get_version()\fR returns \fB\s-1RSA_ASN1_VERSION_MULTI\s0\fR for multi-prime \s-1RSA\s0 and +\&\fB\s-1RSA_ASN1_VERSION_DEFAULT\s0\fR for normal two-prime \s-1RSA,\s0 as defined in \s-1RFC 8017.\s0 +.PP +\&\fBRSA_test_flags()\fR returns the current state of the flags in the \s-1RSA\s0 object. +.PP +\&\fBRSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1RSA\s0 object or \s-1NULL\s0 if no +\&\s-1ENGINE\s0 has been set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRSA_new\fR\|(3), \fBRSA_size\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBRSA_get0_pss_params()\fR function was added in OpenSSL 1.1.1e. +.PP +The +\&\fBRSA_get_multi_prime_extra_count()\fR, \fBRSA_get0_multi_prime_factors()\fR, +\&\fBRSA_get0_multi_prime_crt_params()\fR, \fBRSA_set0_multi_prime_params()\fR, +and \fBRSA_get_version()\fR functions were added in OpenSSL 1.1.1. +.PP +Other functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_meth_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_meth_new.3 new file mode 100644 index 00000000..d851f675 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_meth_new.3 @@ -0,0 +1,382 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_METH_NEW 3" +.TH RSA_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, RSA_meth_get_pub_enc, RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen \&\- Routines to build up RSA methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RSA_METHOD *RSA_meth_new(const char *name, int flags); +\& void RSA_meth_free(RSA_METHOD *meth); +\& +\& RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +\& +\& const char *RSA_meth_get0_name(const RSA_METHOD *meth); +\& int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +\& +\& int RSA_meth_get_flags(const RSA_METHOD *meth); +\& int RSA_meth_set_flags(RSA_METHOD *meth, int flags); +\& +\& void *RSA_meth_get0_app_data(const RSA_METHOD *meth); +\& int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); +\& +\& int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& int RSA_meth_set_pub_enc(RSA_METHOD *rsa, +\& int (*pub_enc)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding)); +\& +\& int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) +\& (int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& int RSA_meth_set_pub_dec(RSA_METHOD *rsa, +\& int (*pub_dec)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding)); +\& +\& int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding); +\& int RSA_meth_set_priv_enc(RSA_METHOD *rsa, +\& int (*priv_enc)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding)); +\& +\& int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding); +\& int RSA_meth_set_priv_dec(RSA_METHOD *rsa, +\& int (*priv_dec)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding)); +\& +\& /* Can be null */ +\& int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i, +\& RSA *rsa, BN_CTX *ctx); +\& int RSA_meth_set_mod_exp(RSA_METHOD *rsa, +\& int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa, +\& BN_CTX *ctx)); +\& +\& /* Can be null */ +\& int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, const BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *m_ctx); +\& int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, +\& int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *m_ctx)); +\& +\& /* called at new */ +\& int (*RSA_meth_get_init(const RSA_METHOD *meth) (RSA *rsa); +\& int RSA_meth_set_init(RSA_METHOD *rsa, int (*init (RSA *rsa)); +\& +\& /* called at free */ +\& int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); +\& int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish)(RSA *rsa)); +\& +\& int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, const unsigned char *m, +\& unsigned int m_length, +\& unsigned char *sigret, +\& unsigned int *siglen, const RSA *rsa); +\& int RSA_meth_set_sign(RSA_METHOD *rsa, +\& int (*sign)(int type, const unsigned char *m, +\& unsigned int m_length, unsigned char *sigret, +\& unsigned int *siglen, const RSA *rsa)); +\& +\& int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, const unsigned char *m, +\& unsigned int m_length, +\& const unsigned char *sigbuf, +\& unsigned int siglen, const RSA *rsa); +\& int RSA_meth_set_verify(RSA_METHOD *rsa, +\& int (*verify)(int dtype, const unsigned char *m, +\& unsigned int m_length, +\& const unsigned char *sigbuf, +\& unsigned int siglen, const RSA *rsa)); +\& +\& int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e, +\& BN_GENCB *cb); +\& int RSA_meth_set_keygen(RSA_METHOD *rsa, +\& int (*keygen)(RSA *rsa, int bits, BIGNUM *e, +\& BN_GENCB *cb)); +\& +\& int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, +\& int primes, BIGNUM *e, +\& BN_GENCB *cb); +\& +\& int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, +\& int (*keygen) (RSA *rsa, int bits, +\& int primes, BIGNUM *e, +\& BN_GENCB *cb)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1RSA_METHOD\s0\fR type is a structure used for the provision of custom +\&\s-1RSA\s0 implementations. It provides a set of functions used by OpenSSL +for the implementation of the various \s-1RSA\s0 capabilities. See the rsa +page for more information. +.PP +\&\fBRSA_meth_new()\fR creates a new \fB\s-1RSA_METHOD\s0\fR structure. It should be +given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a +\&\s-1NULL\s0 terminated string, which will be duplicated and stored in the +\&\fB\s-1RSA_METHOD\s0\fR object. It is the callers responsibility to free the +original string. The flags will be used during the construction of a +new \fB\s-1RSA\s0\fR object based on this \fB\s-1RSA_METHOD\s0\fR. Any new \fB\s-1RSA\s0\fR object +will have those flags set by default. +.PP +\&\fBRSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1RSA_METHOD\s0\fR object +passed as a parameter. This might be useful for creating a new +\&\fB\s-1RSA_METHOD\s0\fR based on an existing one, but with some differences. +.PP +\&\fBRSA_meth_free()\fR destroys an \fB\s-1RSA_METHOD\s0\fR structure and frees up any +memory associated with it. +.PP +\&\fBRSA_meth_get0_name()\fR will return a pointer to the name of this +\&\s-1RSA_METHOD.\s0 This is a pointer to the internal name string and so +should not be freed by the caller. \fBRSA_meth_set1_name()\fR sets the name +of the \s-1RSA_METHOD\s0 to \fBname\fR. The string is duplicated and the copy is +stored in the \s-1RSA_METHOD\s0 structure, so the caller remains responsible +for freeing the memory associated with the name. +.PP +\&\fBRSA_meth_get_flags()\fR returns the current value of the flags associated +with this \s-1RSA_METHOD.\s0 \fBRSA_meth_set_flags()\fR provides the ability to set +these flags. +.PP +The functions \fBRSA_meth_get0_app_data()\fR and \fBRSA_meth_set0_app_data()\fR +provide the ability to associate implementation specific data with the +\&\s-1RSA_METHOD.\s0 It is the application's responsibility to free this data +before the \s-1RSA_METHOD\s0 is freed via a call to \fBRSA_meth_free()\fR. +.PP +\&\fBRSA_meth_get_sign()\fR and \fBRSA_meth_set_sign()\fR get and set the function +used for creating an \s-1RSA\s0 signature respectively. This function will be +called in response to the application calling \fBRSA_sign()\fR. The +parameters for the function have the same meaning as for \fBRSA_sign()\fR. +.PP +\&\fBRSA_meth_get_verify()\fR and \fBRSA_meth_set_verify()\fR get and set the +function used for verifying an \s-1RSA\s0 signature respectively. This +function will be called in response to the application calling +\&\fBRSA_verify()\fR. The parameters for the function have the same meaning as +for \fBRSA_verify()\fR. +.PP +\&\fBRSA_meth_get_mod_exp()\fR and \fBRSA_meth_set_mod_exp()\fR get and set the +function used for \s-1CRT\s0 computations. +.PP +\&\fBRSA_meth_get_bn_mod_exp()\fR and \fBRSA_meth_set_bn_mod_exp()\fR get and set +the function used for \s-1CRT\s0 computations, specifically the following +value: +.PP +.Vb 1 +\& r = a ^ p mod m +.Ve +.PP +Both the \fBmod_exp()\fR and \fBbn_mod_exp()\fR functions are called by the +default OpenSSL method during encryption, decryption, signing and +verification. +.PP +\&\fBRSA_meth_get_init()\fR and \fBRSA_meth_set_init()\fR get and set the function +used for creating a new \s-1RSA\s0 instance respectively. This function will +be called in response to the application calling \fBRSA_new()\fR (if the +current default \s-1RSA_METHOD\s0 is this one) or \fBRSA_new_method()\fR. The +\&\fBRSA_new()\fR and \fBRSA_new_method()\fR functions will allocate the memory for +the new \s-1RSA\s0 object, and a pointer to this newly allocated structure +will be passed as a parameter to the function. This function may be +\&\s-1NULL.\s0 +.PP +\&\fBRSA_meth_get_finish()\fR and \fBRSA_meth_set_finish()\fR get and set the +function used for destroying an instance of an \s-1RSA\s0 object respectively. +This function will be called in response to the application calling +\&\fBRSA_free()\fR. A pointer to the \s-1RSA\s0 to be destroyed is passed as a +parameter. The destroy function should be used for \s-1RSA\s0 implementation +specific clean up. The memory for the \s-1RSA\s0 itself should not be freed +by this function. This function may be \s-1NULL.\s0 +.PP +\&\fBRSA_meth_get_keygen()\fR and \fBRSA_meth_set_keygen()\fR get and set the +function used for generating a new \s-1RSA\s0 key pair respectively. This +function will be called in response to the application calling +\&\fBRSA_generate_key_ex()\fR. The parameter for the function has the same +meaning as for \fBRSA_generate_key_ex()\fR. +.PP +\&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR get +and set the function used for generating a new multi-prime \s-1RSA\s0 key pair +respectively. This function will be called in response to the application calling +\&\fBRSA_generate_multi_prime_key()\fR. The parameter for the function has the same +meaning as for \fBRSA_generate_multi_prime_key()\fR. +.PP +\&\fBRSA_meth_get_pub_enc()\fR, \fBRSA_meth_set_pub_enc()\fR, +\&\fBRSA_meth_get_pub_dec()\fR, \fBRSA_meth_set_pub_dec()\fR, +\&\fBRSA_meth_get_priv_enc()\fR, \fBRSA_meth_set_priv_enc()\fR, +\&\fBRSA_meth_get_priv_dec()\fR, \fBRSA_meth_set_priv_dec()\fR get and set the +functions used for public and private key encryption and decryption. +These functions will be called in response to the application calling +\&\fBRSA_public_encrypt()\fR, \fBRSA_private_decrypt()\fR, \fBRSA_private_encrypt()\fR and +\&\fBRSA_public_decrypt()\fR and take the same parameters as those. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_meth_new()\fR and \fBRSA_meth_dup()\fR return the newly allocated +\&\s-1RSA_METHOD\s0 object or \s-1NULL\s0 on failure. +.PP +\&\fBRSA_meth_get0_name()\fR and \fBRSA_meth_get_flags()\fR return the name and +flags associated with the \s-1RSA_METHOD\s0 respectively. +.PP +All other RSA_meth_get_*() functions return the appropriate function +pointer that has been set in the \s-1RSA_METHOD,\s0 or \s-1NULL\s0 if no such +pointer has yet been set. +.PP +RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on +success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRSA_new\fR\|(3), \fBRSA_generate_key_ex\fR\|(3), \fBRSA_sign\fR\|(3), +\&\fBRSA_set_method\fR\|(3), \fBRSA_size\fR\|(3), \fBRSA_get0_key\fR\|(3), +\&\fBRSA_generate_multi_prime_key\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR were +added in OpenSSL 1.1.1. +.PP +Other functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_new.3 new file mode 100644 index 00000000..f39ddfe7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_new.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_NEW 3" +.TH RSA_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_new, RSA_free \- allocate and free RSA objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RSA *RSA_new(void); +\& +\& void RSA_free(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to +calling RSA_new_method(\s-1NULL\s0). +.PP +\&\fBRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is +erased before the memory is returned to the system. +If \fBrsa\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns +a pointer to the newly allocated structure. +.PP +\&\fBRSA_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBRSA_generate_key\fR\|(3), +\&\fBRSA_new_method\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_padding_add_PKCS1_type_1.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_padding_add_PKCS1_type_1.3 new file mode 100644 index 00000000..c1c10b61 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_padding_add_PKCS1_type_1.3 @@ -0,0 +1,276 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PADDING_ADD_PKCS1_TYPE_1 3" +.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, RSA_padding_add_none, RSA_padding_check_none \- asymmetric encryption padding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +\& +\& int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +\& +\& int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, +\& const unsigned char *p, int pl); +\& +\& int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len, +\& const unsigned char *p, int pl); +\& +\& int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, +\& const unsigned char *p, int pl, +\& const EVP_MD *md, const EVP_MD *mgf1md); +\& +\& int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len, +\& const unsigned char *p, int pl, +\& const EVP_MD *md, const EVP_MD *mgf1md); +\& +\& int RSA_padding_add_SSLv23(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_SSLv23(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +\& +\& int RSA_padding_add_none(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_none(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt, +decrypt, sign and verify functions. Normally they should not be called +from application programs. +.PP +However, they can also be called directly to implement padding for other +asymmetric ciphers. \fBRSA_padding_add_PKCS1_OAEP()\fR and +\&\fBRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined +with \fB\s-1RSA_NO_PADDING\s0\fR in order to implement \s-1OAEP\s0 with an encoding +parameter. +.PP +\&\fBRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into +\&\fBtlen\fR bytes and stores the result at \fBto\fR. An error occurs if \fBfl\fR +does not meet the size requirements of the encoding method. +.PP +The following encoding methods are implemented: +.IP "PKCS1_type_1" 4 +.IX Item "PKCS1_type_1" +\&\s-1PKCS\s0 #1 v2.0 EMSA\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 1); used for signatures +.IP "PKCS1_type_2" 4 +.IX Item "PKCS1_type_2" +\&\s-1PKCS\s0 #1 v2.0 EME\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 2) +.IP "\s-1PKCS1_OAEP\s0" 4 +.IX Item "PKCS1_OAEP" +\&\s-1PKCS\s0 #1 v2.0 EME-OAEP +.IP "SSLv23" 4 +.IX Item "SSLv23" +\&\s-1PKCS\s0 #1 EME\-PKCS1\-v1_5 with SSL-specific modification +.IP "none" 4 +.IX Item "none" +simply copy the data +.PP +The random number generator must be seeded prior to calling +\&\fBRSA_padding_add_xxx()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +\&\fBRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain +a valid encoding for a \fBrsa_len\fR byte \s-1RSA\s0 key in the respective +encoding method and stores the recovered data of at most \fBtlen\fR bytes +(for \fB\s-1RSA_NO_PADDING\s0\fR: of size \fBtlen\fR) +at \fBto\fR. +.PP +For \fBRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter +of length \fBpl\fR. \fBp\fR may be \fB\s-1NULL\s0\fR if \fBpl\fR is 0. +.PP +For \fBRSA_padding_xxx_OAEP_mgf1()\fR, \fBmd\fR points to the md hash, +if \fBmd\fR is \fB\s-1NULL\s0\fR that means md=sha1, and \fBmgf1md\fR points to +the mgf1 hash, if \fBmgf1md\fR is \fB\s-1NULL\s0\fR that means mgf1md=md. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error. +The \fBRSA_padding_check_xxx()\fR functions return the length of the +recovered data, \-1 on error. Error codes can be obtained by calling +\&\fBERR_get_error\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +The result of \fBRSA_padding_check_PKCS1_type_2()\fR is a very sensitive +information which can potentially be used to mount a Bleichenbacher +padding oracle attack. This is an inherent weakness in the \s-1PKCS\s0 #1 +v1.5 padding design. Prefer \s-1PKCS1_OAEP\s0 padding. If that is not +possible, the result of \fBRSA_padding_check_PKCS1_type_2()\fR should be +checked in constant time if it matches the expected length of the +plaintext and additionally some application specific consistency +checks on the plaintext need to be performed in constant time. +If the plaintext is rejected it must be kept secret which of the +checks caused the application to reject the message. +Do not remove the zero-padding from the decrypted raw \s-1RSA\s0 data +which was computed by \fBRSA_private_decrypt()\fR with \fB\s-1RSA_NO_PADDING\s0\fR, +as this would create a small timing side channel which could be +used to mount a Bleichenbacher attack against any padding mode +including \s-1PKCS1_OAEP.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRSA_public_encrypt\fR\|(3), +\&\fBRSA_private_decrypt\fR\|(3), +\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_print.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_print.3 new file mode 100644 index 00000000..895ebe65 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_print.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PRINT 3" +.TH RSA_PRINT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_print, RSA_print_fp, DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, DHparams_print, DHparams_print_fp \- print cryptographic parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_print(BIO *bp, RSA *x, int offset); +\& int RSA_print_fp(FILE *fp, RSA *x, int offset); +\& +\& #include +\& +\& int DSAparams_print(BIO *bp, DSA *x); +\& int DSAparams_print_fp(FILE *fp, DSA *x); +\& int DSA_print(BIO *bp, DSA *x, int offset); +\& int DSA_print_fp(FILE *fp, DSA *x, int offset); +\& +\& #include +\& +\& int DHparams_print(BIO *bp, DH *x); +\& int DHparams_print_fp(FILE *fp, DH *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A human-readable hexadecimal output of the components of the \s-1RSA\s0 +key, \s-1DSA\s0 parameters or key or \s-1DH\s0 parameters is printed to \fBbp\fR or \fBfp\fR. +.PP +The output lines are indented by \fBoffset\fR spaces. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 on success, 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_bn2bin\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_private_encrypt.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_private_encrypt.3 new file mode 100644 index 00000000..2b1121c0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_private_encrypt.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PRIVATE_ENCRYPT 3" +.TH RSA_PRIVATE_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_private_encrypt, RSA_public_decrypt \- low level signature operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_private_encrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& int RSA_public_decrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions handle \s-1RSA\s0 signatures at a low level. +.PP +\&\fBRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a +message digest with an algorithm identifier) using the private key +\&\fBrsa\fR and stores the signature in \fBto\fR. \fBto\fR must point to +\&\fBRSA_size(rsa)\fR bytes of memory. +.PP +\&\fBpadding\fR denotes one of the following modes: +.IP "\s-1RSA_PKCS1_PADDING\s0" 4 +.IX Item "RSA_PKCS1_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding. This function does not handle the +\&\fBalgorithmIdentifier\fR specified in \s-1PKCS\s0 #1. When generating or +verifying \s-1PKCS\s0 #1 signatures, \fBRSA_sign\fR\|(3) and \fBRSA_verify\fR\|(3) should be +used. +.IP "\s-1RSA_NO_PADDING\s0" 4 +.IX Item "RSA_NO_PADDING" +Raw \s-1RSA\s0 signature. This mode should \fIonly\fR be used to implement +cryptographically sound padding modes in the application code. +Signing user data directly with \s-1RSA\s0 is insecure. +.PP +\&\fBRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR +bytes long signature at \fBfrom\fR using the signer's public key +\&\fBrsa\fR. \fBto\fR must point to a memory section large enough to hold the +message digest (which is smaller than \fBRSA_size(rsa) \- +11\fR). \fBpadding\fR is the padding mode that was used to sign the data. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_private_encrypt()\fR returns the size of the signature (i.e., +RSA_size(rsa)). \fBRSA_public_decrypt()\fR returns the size of the +recovered message digest. +.PP +On error, \-1 is returned; the error codes can be +obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_public_encrypt.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_public_encrypt.3 new file mode 100644 index 00000000..23adf064 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_public_encrypt.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PUBLIC_ENCRYPT 3" +.TH RSA_PUBLIC_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_public_encrypt(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& int RSA_private_decrypt(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a +session key) using the public key \fBrsa\fR and stores the ciphertext in +\&\fBto\fR. \fBto\fR must point to RSA_size(\fBrsa\fR) bytes of memory. +.PP +\&\fBpadding\fR denotes one of the following modes: +.IP "\s-1RSA_PKCS1_PADDING\s0" 4 +.IX Item "RSA_PKCS1_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding. This currently is the most widely used mode. +However, it is highly recommended to use \s-1RSA_PKCS1_OAEP_PADDING\s0 in +new applications. \s-1SEE WARNING BELOW.\s0 +.IP "\s-1RSA_PKCS1_OAEP_PADDING\s0" 4 +.IX Item "RSA_PKCS1_OAEP_PADDING" +EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1, MGF1\s0 and an empty +encoding parameter. This mode is recommended for all new applications. +.IP "\s-1RSA_SSLV23_PADDING\s0" 4 +.IX Item "RSA_SSLV23_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding with an SSL-specific modification that denotes +that the server is \s-1SSL3\s0 capable. +.IP "\s-1RSA_NO_PADDING\s0" 4 +.IX Item "RSA_NO_PADDING" +Raw \s-1RSA\s0 encryption. This mode should \fIonly\fR be used to implement +cryptographically sound padding modes in the application code. +Encrypting user data directly with \s-1RSA\s0 is insecure. +.PP +\&\fBflen\fR must not be more than RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 +based padding modes, not more than RSA_size(\fBrsa\fR) \- 42 for +\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING.\s0 +When a padding mode other than \s-1RSA_NO_PADDING\s0 is in use, then +\&\fBRSA_public_encrypt()\fR will include some random bytes into the ciphertext +and therefore the ciphertext will be different each time, even if the +plaintext and the public key are exactly identical. +The returned ciphertext in \fBto\fR will always be zero padded to exactly +RSA_size(\fBrsa\fR) bytes. +\&\fBto\fR and \fBfrom\fR may overlap. +.PP +\&\fBRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the +private key \fBrsa\fR and stores the plaintext in \fBto\fR. \fBflen\fR should +be equal to RSA_size(\fBrsa\fR) but may be smaller, when leading zero +bytes are in the ciphertext. Those are not important and may be removed, +but \fBRSA_public_encrypt()\fR does not do that. \fBto\fR must point +to a memory section large enough to hold the maximal possible decrypted +data (which is equal to RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING,\s0 +RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 based padding modes and +RSA_size(\fBrsa\fR) \- 42 for \s-1RSA_PKCS1_OAEP_PADDING\s0). +\&\fBpadding\fR is the padding mode that was used to encrypt the data. +\&\fBto\fR and \fBfrom\fR may overlap. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_public_encrypt()\fR returns the size of the encrypted data (i.e., +RSA_size(\fBrsa\fR)). \fBRSA_private_decrypt()\fR returns the size of the +recovered plaintext. A return value of 0 is not an error and +means only that the plaintext was empty. +.PP +On error, \-1 is returned; the error codes can be +obtained by \fBERR_get_error\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +Decryption failures in the \s-1RSA_PKCS1_PADDING\s0 mode leak information +which can potentially be used to mount a Bleichenbacher padding oracle +attack. This is an inherent weakness in the \s-1PKCS\s0 #1 v1.5 padding +design. Prefer \s-1RSA_PKCS1_OAEP_PADDING.\s0 +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SSL, PKCS\s0 #1 v2.0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBRSA_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_set_method.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_set_method.3 new file mode 100644 index 00000000..f38fd8d9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_set_method.3 @@ -0,0 +1,315 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SET_METHOD 3" +.TH RSA_SET_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_set_default_method, RSA_get_default_method, RSA_set_method, RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, RSA_new_method \- select RSA method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void RSA_set_default_method(const RSA_METHOD *meth); +\& +\& RSA_METHOD *RSA_get_default_method(void); +\& +\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); +\& +\& RSA_METHOD *RSA_get_method(const RSA *rsa); +\& +\& RSA_METHOD *RSA_PKCS1_OpenSSL(void); +\& +\& int RSA_flags(const RSA *rsa); +\& +\& RSA *RSA_new_method(ENGINE *engine); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0 +operations. By modifying the method, alternative implementations such as +hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1RSA API\s0 functions are affected by the +use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +.PP +Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fBRSA_PKCS1_OpenSSL()\fR. +.PP +\&\fBRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 +structures created later. +\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1RSA,\s0 so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fBRSA_get_default_method()\fR returns a pointer to the current default +\&\s-1RSA_METHOD.\s0 However, the meaningfulness of this result is dependent on +whether the \s-1ENGINE API\s0 is being used, so this function is no longer +recommended. +.PP +\&\fBRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the +previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1RSA\s0 keys that only +work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected +results. +.PP +\&\fBRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR. +This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if +it is, the return value can only be guaranteed to be valid as long as the +\&\s-1RSA\s0 key itself is valid and does not have its implementation changed by +\&\fBRSA_set_method()\fR. +.PP +\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current +\&\s-1RSA_METHOD.\s0 See the \s-1BUGS\s0 section. +.PP +\&\fBRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that +\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the +default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, +the \s-1RSA_METHOD\s0 controlled by \fBRSA_set_default_method()\fR is used. +.PP +\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. +.PP +\&\fBRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that +\&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, +the default method is used. +.SH "THE RSA_METHOD STRUCTURE" +.IX Header "THE RSA_METHOD STRUCTURE" +.Vb 4 +\& typedef struct rsa_meth_st +\& { +\& /* name of the implementation */ +\& const char *name; +\& +\& /* encrypt */ +\& int (*rsa_pub_enc)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* verify arbitrary data */ +\& int (*rsa_pub_dec)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* sign arbitrary data */ +\& int (*rsa_priv_enc)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* decrypt */ +\& int (*rsa_priv_dec)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* compute r0 = r0 ^ I mod rsa\->n (May be NULL for some implementations) */ +\& int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); +\& +\& /* compute r = a ^ p mod m (May be NULL for some implementations) */ +\& int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +\& +\& /* called at RSA_new */ +\& int (*init)(RSA *rsa); +\& +\& /* called at RSA_free */ +\& int (*finish)(RSA *rsa); +\& +\& /* +\& * RSA_FLAG_EXT_PKEY \- rsa_mod_exp is called for private key +\& * operations, even if p,q,dmp1,dmq1,iqmp +\& * are NULL +\& * RSA_METHOD_FLAG_NO_CHECK \- don\*(Aqt check pub/private match +\& */ +\& int flags; +\& +\& char *app_data; /* ?? */ +\& +\& int (*rsa_sign)(int type, +\& const unsigned char *m, unsigned int m_length, +\& unsigned char *sigret, unsigned int *siglen, const RSA *rsa); +\& int (*rsa_verify)(int dtype, +\& const unsigned char *m, unsigned int m_length, +\& const unsigned char *sigbuf, unsigned int siglen, +\& const RSA *rsa); +\& /* keygen. If NULL builtin RSA key generation will be used */ +\& int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +\& +\& } RSA_METHOD; +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_PKCS1_OpenSSL()\fR, \fBRSA_PKCS1_null_method()\fR, \fBRSA_get_default_method()\fR +and \fBRSA_get_method()\fR return pointers to the respective RSA_METHODs. +.PP +\&\fBRSA_set_default_method()\fR returns no value. +.PP +\&\fBRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation +that was replaced. However, this return value should probably be ignored +because if it was supplied by an \s-1ENGINE,\s0 the pointer could be invalidated +at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a +result of the \fBRSA_set_method()\fR function releasing its handle to the +\&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR +declaration in a future release. +.PP +\&\fBRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained +by \fBERR_get_error\fR\|(3) if the allocation fails. Otherwise +it returns a pointer to the newly allocated structure. +.SH "BUGS" +.IX Header "BUGS" +The behaviour of \fBRSA_flags()\fR is a mis-feature that is left as-is for now +to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the +encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key +itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key +(which is what this function returns). If the flags element of an \s-1RSA\s0 key +is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not +be reflected in the return value of the \fBRSA_flags()\fR function \- in effect +\&\fBRSA_flags()\fR behaves more like an \fBRSA_default_flags()\fR function (which does +not currently exist). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRSA_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBRSA_null_method()\fR, which was a partial attempt to avoid patent issues, +was replaced to always return \s-1NULL\s0 in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_sign.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_sign.3 new file mode 100644 index 00000000..5132f493 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_sign.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SIGN 3" +.TH RSA_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_sign, RSA_verify \- RSA signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_sign(int type, const unsigned char *m, unsigned int m_len, +\& unsigned char *sigret, unsigned int *siglen, RSA *rsa); +\& +\& int RSA_verify(int type, const unsigned char *m, unsigned int m_len, +\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the +private key \fBrsa\fR using RSASSA\-PKCS1\-v1_5 as specified in \s-1RFC 3447.\s0 It +stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. +\&\fBsigret\fR must point to RSA_size(\fBrsa\fR) bytes of memory. +Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the +key that can be used. +See \fBRSA_private_encrypt\fR\|(3) for lower-level +operations. +.PP +\&\fBtype\fR denotes the message digest algorithm that was used to generate +\&\fBm\fR. +If \fBtype\fR is \fBNID_md5_sha1\fR, +an \s-1SSL\s0 signature (\s-1MD5\s0 and \s-1SHA1\s0 message digests with \s-1PKCS\s0 #1 padding +and no algorithm identifier) is created. +.PP +\&\fBRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +matches a given message digest \fBm\fR of size \fBm_len\fR. \fBtype\fR denotes +the message digest algorithm that was used to generate the signature. +\&\fBrsa\fR is the signer's public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_sign()\fR returns 1 on success. +\&\fBRSA_verify()\fR returns 1 on successful verification. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SSL, PKCS\s0 #1 v2.0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBRSA_private_encrypt\fR\|(3), +\&\fBRSA_public_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_sign_ASN1_OCTET_STRING.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_sign_ASN1_OCTET_STRING.3 new file mode 100644 index 00000000..1637d9bf --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_sign_ASN1_OCTET_STRING.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SIGN_ASN1_OCTET_STRING 3" +.TH RSA_SIGN_ASN1_OCTET_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, +\& unsigned int m_len, unsigned char *sigret, +\& unsigned int *siglen, RSA *rsa); +\& +\& int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m, +\& unsigned int m_len, unsigned char *sigbuf, +\& unsigned int siglen, RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size +\&\fBm_len\fR using the private key \fBrsa\fR represented in \s-1DER\s0 using \s-1PKCS\s0 #1 +padding. It stores the signature in \fBsigret\fR and the signature size +in \fBsiglen\fR. \fBsigret\fR must point to \fBRSA_size(rsa)\fR bytes of +memory. +.PP +\&\fBdummy\fR is ignored. +.PP +The random number generator must be seeded when calling +\&\fBRSA_sign_ASN1_OCTET_STRING()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +\&\fBRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR +of size \fBsiglen\fR is the \s-1DER\s0 representation of a given octet string +\&\fBm\fR of size \fBm_len\fR. \fBdummy\fR is ignored. \fBrsa\fR is the signer's +public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise. +\&\fBRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0 +otherwise. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "BUGS" +.IX Header "BUGS" +These functions serve no recognizable purpose. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBRAND_bytes\fR\|(3), \fBRSA_sign\fR\|(3), +\&\fBRSA_verify\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_size.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_size.3 new file mode 100644 index 00000000..681b3a15 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/RSA_size.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SIZE 3" +.TH RSA_SIZE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_size, RSA_bits, RSA_security_bits \- get RSA modulus size or security bits +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_size(const RSA *rsa); +\& +\& int RSA_bits(const RSA *rsa); +\& +\& int RSA_security_bits(const RSA *rsa) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_size()\fR returns the \s-1RSA\s0 modulus size in bytes. It can be used to +determine how much memory must be allocated for an \s-1RSA\s0 encrypted +value. +.PP +\&\fBRSA_bits()\fR returns the number of significant bits. +.PP +\&\fBrsa\fR and \fBrsa\->n\fR must not be \fB\s-1NULL\s0\fR. +.PP +\&\fBRSA_security_bits()\fR returns the number of security bits of the given \fBrsa\fR +key. See \fBBN_security_bits\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_size()\fR returns the size of modulus in bytes. +.PP +\&\fBDSA_bits()\fR returns the number of bits in the key. +.PP +\&\fBRSA_security_bits()\fR returns the number of security bits. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_num_bits\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBRSA_bits()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SCT_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SCT_new.3 new file mode 100644 index 00000000..afbfcf04 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SCT_new.3 @@ -0,0 +1,306 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCT_NEW 3" +.TH SCT_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SCT_new, SCT_new_from_base64, SCT_free, SCT_LIST_free, SCT_get_version, SCT_set_version, SCT_get_log_entry_type, SCT_set_log_entry_type, SCT_get0_log_id, SCT_set0_log_id, SCT_set1_log_id, SCT_get_timestamp, SCT_set_timestamp, SCT_get_signature_nid, SCT_set_signature_nid, SCT_get0_signature, SCT_set0_signature, SCT_set1_signature, SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions, SCT_get_source, SCT_set_source \&\- A Certificate Transparency Signed Certificate Timestamp +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef enum { +\& CT_LOG_ENTRY_TYPE_NOT_SET = \-1, +\& CT_LOG_ENTRY_TYPE_X509 = 0, +\& CT_LOG_ENTRY_TYPE_PRECERT = 1 +\& } ct_log_entry_type_t; +\& +\& typedef enum { +\& SCT_VERSION_NOT_SET = \-1, +\& SCT_VERSION_V1 = 0 +\& } sct_version_t; +\& +\& typedef enum { +\& SCT_SOURCE_UNKNOWN, +\& SCT_SOURCE_TLS_EXTENSION, +\& SCT_SOURCE_X509V3_EXTENSION, +\& SCT_SOURCE_OCSP_STAPLED_RESPONSE +\& } sct_source_t; +\& +\& SCT *SCT_new(void); +\& SCT *SCT_new_from_base64(unsigned char version, +\& const char *logid_base64, +\& ct_log_entry_type_t entry_type, +\& uint64_t timestamp, +\& const char *extensions_base64, +\& const char *signature_base64); +\& +\& void SCT_free(SCT *sct); +\& void SCT_LIST_free(STACK_OF(SCT) *a); +\& +\& sct_version_t SCT_get_version(const SCT *sct); +\& int SCT_set_version(SCT *sct, sct_version_t version); +\& +\& ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); +\& int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); +\& +\& size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); +\& int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); +\& int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len); +\& +\& uint64_t SCT_get_timestamp(const SCT *sct); +\& void SCT_set_timestamp(SCT *sct, uint64_t timestamp); +\& +\& int SCT_get_signature_nid(const SCT *sct); +\& int SCT_set_signature_nid(SCT *sct, int nid); +\& +\& size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); +\& void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); +\& int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len); +\& +\& size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); +\& void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); +\& int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len); +\& +\& sct_source_t SCT_get_source(const SCT *sct); +\& int SCT_set_source(SCT *sct, sct_source_t source); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Signed Certificate Timestamps (SCTs) are defined by \s-1RFC 6962,\s0 Section 3.2. +They constitute a promise by a Certificate Transparency (\s-1CT\s0) log to publicly +record a certificate. By cryptographically verifying that a log did indeed issue +an \s-1SCT,\s0 some confidence can be gained that the certificate is publicly known. +.PP +An internal representation of an \s-1SCT\s0 can be created in one of two ways. +The first option is to create a blank \s-1SCT,\s0 using \fBSCT_new()\fR, and then populate +it using: +.IP "\(bu" 2 +\&\fBSCT_set_version()\fR to set the \s-1SCT\s0 version. +.Sp +Only \s-1SCT_VERSION_V1\s0 is currently supported. +.IP "\(bu" 2 +\&\fBSCT_set_log_entry_type()\fR to set the type of certificate the \s-1SCT\s0 was issued for: +.Sp +\&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. +\&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. +.IP "\(bu" 2 +\&\fBSCT_set0_log_id()\fR or \fBSCT_set1_log_id()\fR to set the LogID of the \s-1CT\s0 log that the \s-1SCT\s0 came from. +.Sp +The former takes ownership, whereas the latter makes a copy. +See \s-1RFC 6962,\s0 Section 3.2 for the definition of LogID. +.IP "\(bu" 2 +\&\fBSCT_set_timestamp()\fR to set the time the \s-1SCT\s0 was issued (epoch time in milliseconds). +.IP "\(bu" 2 +\&\fBSCT_set_signature_nid()\fR to set the \s-1NID\s0 of the signature. +.IP "\(bu" 2 +\&\fBSCT_set0_signature()\fR or \fBSCT_set1_signature()\fR to set the raw signature value. +.Sp +The former takes ownership, whereas the latter makes a copy. +.IP "\(bu" 2 +\&\fBSCT_set0_extensions()\fR or \fBSCT_set1_extensions\fR to provide \s-1SCT\s0 extensions. +.Sp +The former takes ownership, whereas the latter makes a copy. +.PP +Alternatively, the \s-1SCT\s0 can be pre-populated from the following data using +\&\fBSCT_new_from_base64()\fR: +.IP "\(bu" 2 +The \s-1SCT\s0 version (only \s-1SCT_VERSION_V1\s0 is currently supported). +.IP "\(bu" 2 +The LogID (see \s-1RFC 6962,\s0 Section 3.2), base64 encoded. +.IP "\(bu" 2 +The type of certificate the \s-1SCT\s0 was issued for: +\&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. +\&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. +.IP "\(bu" 2 +The time that the \s-1SCT\s0 was issued (epoch time in milliseconds). +.IP "\(bu" 2 +The \s-1SCT\s0 extensions, base64 encoded. +.IP "\(bu" 2 +The \s-1SCT\s0 signature, base64 encoded. +.PP +\&\fBSCT_set_source()\fR can be used to record where the \s-1SCT\s0 was found +(\s-1TLS\s0 extension, X.509 certificate extension or \s-1OCSP\s0 response). This is not +required for verifying the \s-1SCT.\s0 +.SH "NOTES" +.IX Header "NOTES" +Some of the setters return int, instead of void. These will all return 1 on +success, 0 on failure. They will not make changes on failure. +.PP +All of the setters will reset the validation status of the \s-1SCT\s0 to +\&\s-1SCT_VALIDATION_STATUS_NOT_SET\s0 (see \fBSCT_validate\fR\|(3)). +.PP +\&\fBSCT_set_source()\fR will call \fBSCT_set_log_entry_type()\fR if the type of +certificate the \s-1SCT\s0 was issued for can be inferred from where the \s-1SCT\s0 was found. +For example, an \s-1SCT\s0 found in an X.509 extension must have been issued for a pre\- +certificate. +.PP +\&\fBSCT_set_source()\fR will not refuse unknown values. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSCT_set_version()\fR returns 1 if the specified version is supported, 0 otherwise. +.PP +\&\fBSCT_set_log_entry_type()\fR returns 1 if the specified log entry type is supported, 0 otherwise. +.PP +\&\fBSCT_set0_log_id()\fR and \fBSCT_set1_log_id\fR return 1 if the specified LogID is a +valid \s-1SHA\-256\s0 hash, 0 otherwise. Additionally, \fBSCT_set1_log_id\fR returns 0 if +malloc fails. +.PP +\&\fBSCT_set_signature_nid\fR returns 1 if the specified \s-1NID\s0 is supported, 0 otherwise. +.PP +\&\fBSCT_set1_extensions\fR and \fBSCT_set1_signature\fR return 1 if the supplied buffer +is copied successfully, 0 otherwise (i.e. if malloc fails). +.PP +\&\fBSCT_set_source\fR returns 1 on success, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7), +\&\fBSCT_validate\fR\|(3), +\&\fBOBJ_nid2obj\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SCT_print.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SCT_print.3 new file mode 100644 index 00000000..5bae3be3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SCT_print.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCT_PRINT 3" +.TH SCT_PRINT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SCT_print, SCT_LIST_print, SCT_validation_status_string \- Prints Signed Certificate Timestamps in a human\-readable way +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); +\& void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, +\& const char *separator, const CTLOG_STORE *logs); +\& const char *SCT_validation_status_string(const SCT *sct); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSCT_print()\fR prints a single Signed Certificate Timestamp (\s-1SCT\s0) to a bio in +a human-readable format. \fBSCT_LIST_print()\fR prints an entire list of SCTs in a +similar way. A separator can be specified to delimit each \s-1SCT\s0 in the output. +.PP +The output can be indented by a specified number of spaces. If a \fB\s-1CTLOG_STORE\s0\fR +is provided, it will be used to print the description of the \s-1CT\s0 log that issued +each \s-1SCT\s0 (if that log is in the \s-1CTLOG_STORE\s0). Alternatively, \s-1NULL\s0 can be passed +as the \s-1CTLOG_STORE\s0 parameter to disable this feature. +.PP +\&\fBSCT_validation_status_string()\fR will return the validation status of an \s-1SCT\s0 as +a human-readable string. Call \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR +beforehand in order to set the validation status of an \s-1SCT\s0 first. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSCT_validation_status_string()\fR returns a null-terminated string representing +the validation status of an \fB\s-1SCT\s0\fR object. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7), +\&\fBbio\fR\|(7), +\&\fBCTLOG_STORE_new\fR\|(3), +\&\fBSCT_validate\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SCT_validate.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SCT_validate.3 new file mode 100644 index 00000000..444eee6b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SCT_validate.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCT_VALIDATE 3" +.TH SCT_VALIDATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SCT_validate, SCT_LIST_validate, SCT_get_validation_status \- checks Signed Certificate Timestamps (SCTs) are valid +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef enum { +\& SCT_VALIDATION_STATUS_NOT_SET, +\& SCT_VALIDATION_STATUS_UNKNOWN_LOG, +\& SCT_VALIDATION_STATUS_VALID, +\& SCT_VALIDATION_STATUS_INVALID, +\& SCT_VALIDATION_STATUS_UNVERIFIED, +\& SCT_VALIDATION_STATUS_UNKNOWN_VERSION +\& } sct_validation_status_t; +\& +\& int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); +\& int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx); +\& sct_validation_status_t SCT_get_validation_status(const SCT *sct); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSCT_validate()\fR will check that an \s-1SCT\s0 is valid and verify its signature. +\&\fBSCT_LIST_validate()\fR performs the same checks on an entire stack of SCTs. +The result of the validation checks can be obtained by passing the \s-1SCT\s0 to +\&\fBSCT_get_validation_status()\fR. +.PP +A \s-1CT_POLICY_EVAL_CTX\s0 must be provided that specifies: +.IP "\(bu" 2 +The certificate the \s-1SCT\s0 was issued for. +.Sp +Failure to provide the certificate will result in the validation status being +\&\s-1SCT_VALIDATION_STATUS_UNVERIFIED.\s0 +.IP "\(bu" 2 +The issuer of that certificate. +.Sp +This is only required if the \s-1SCT\s0 was issued for a pre-certificate +(see \s-1RFC 6962\s0). If it is required but not provided, the validation status will +be \s-1SCT_VALIDATION_STATUS_UNVERIFIED.\s0 +.IP "\(bu" 2 +A \s-1CTLOG_STORE\s0 that contains the \s-1CT\s0 log that issued this \s-1SCT.\s0 +.Sp +If the \s-1SCT\s0 was issued by a log that is not in this \s-1CTLOG_STORE,\s0 the validation +status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_LOG.\s0 +.PP +If the \s-1SCT\s0 is of an unsupported version (only v1 is currently supported), the +validation status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_VERSION.\s0 +.PP +If the \s-1SCT\s0's signature is incorrect, its timestamp is in the future (relative to +the time in \s-1CT_POLICY_EVAL_CTX\s0), or if it is otherwise invalid, the validation +status will be \s-1SCT_VALIDATION_STATUS_INVALID.\s0 +.PP +If all checks pass, the validation status will be \s-1SCT_VALIDATION_STATUS_VALID.\s0 +.SH "NOTES" +.IX Header "NOTES" +A return value of 0 from \fBSCT_LIST_validate()\fR should not be interpreted as a +failure. At a minimum, only one valid \s-1SCT\s0 may provide sufficient confidence +that a certificate has been publicly logged. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSCT_validate()\fR returns a negative integer if an internal error occurs, 0 if the +\&\s-1SCT\s0 fails validation, or 1 if the \s-1SCT\s0 passes validation. +.PP +\&\fBSCT_LIST_validate()\fR returns a negative integer if an internal error occurs, 0 +if any of SCTs fails validation, or 1 if they all pass validation. +.PP +\&\fBSCT_get_validation_status()\fR returns the validation status of the \s-1SCT.\s0 +If \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR have not been passed that \s-1SCT,\s0 the +returned value will be \s-1SCT_VALIDATION_STATUS_NOT_SET.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SHA256_Init.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SHA256_Init.3 new file mode 100644 index 00000000..7be13128 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SHA256_Init.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SHA256_INIT 3" +.TH SHA256_INIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, SHA512_Final \- Secure Hash Algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SHA1_Init(SHA_CTX *c); +\& int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +\& int SHA1_Final(unsigned char *md, SHA_CTX *c); +\& unsigned char *SHA1(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA224_Init(SHA256_CTX *c); +\& int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +\& int SHA224_Final(unsigned char *md, SHA256_CTX *c); +\& unsigned char *SHA224(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA256_Init(SHA256_CTX *c); +\& int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +\& int SHA256_Final(unsigned char *md, SHA256_CTX *c); +\& unsigned char *SHA256(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA384_Init(SHA512_CTX *c); +\& int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +\& int SHA384_Final(unsigned char *md, SHA512_CTX *c); +\& unsigned char *SHA384(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA512_Init(SHA512_CTX *c); +\& int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +\& int SHA512_Final(unsigned char *md, SHA512_CTX *c); +\& unsigned char *SHA512(const unsigned char *d, size_t n, +\& unsigned char *md); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Applications should use the higher level functions +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash +functions directly. +.PP +\&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a +160 bit output. +.PP +\&\s-1\fBSHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest +is placed in a static array. Note: setting \fBmd\fR to \s-1NULL\s0 is \fBnot thread safe\fR. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fBSHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure. +.PP +\&\fBSHA1_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fBSHA1_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1SHA_CTX\s0\fR. +.PP +The \s-1SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 families of functions operate in the +same way as for the \s-1SHA1\s0 functions. Note that \s-1SHA224\s0 and \s-1SHA256\s0 use a +\&\fB\s-1SHA256_CTX\s0\fR object instead of \fB\s-1SHA_CTX\s0\fR. \s-1SHA384\s0 and \s-1SHA512\s0 use \fB\s-1SHA512_CTX\s0\fR. +The buffer \fBmd\fR must have space for the output from the \s-1SHA\s0 variant being used +(defined by \s-1SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH\s0 and +\&\s-1SHA512_DIGEST_LENGTH\s0). Also note that, as for the \s-1\fBSHA1\s0()\fR function above, the +\&\s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR functions are not thread safe if +\&\fBmd\fR is \s-1NULL.\s0 +.PP +The predecessor of \s-1SHA\-1, SHA,\s0 is also implemented, but it should be +used only when backward compatibility is required. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBSHA1\s0()\fR, \s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR return a pointer to the hash +value. +.PP +\&\fBSHA1_Init()\fR, \fBSHA1_Update()\fR and \fBSHA1_Final()\fR and equivalent \s-1SHA224, SHA256, +SHA384\s0 and \s-1SHA512\s0 functions return 1 for success, 0 otherwise. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS PUB 180\-4\s0 (Secure Hash +Standard), +\&\s-1ANSI X9.30\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SMIME_read_CMS.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SMIME_read_CMS.3 new file mode 100644 index 00000000..da2c3b2e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SMIME_read_CMS.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_READ_CMS 3" +.TH SMIME_READ_CMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_read_CMS \- parse S/MIME message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSMIME_read_CMS()\fR parses a message in S/MIME format. +.PP +\&\fBin\fR is a \s-1BIO\s0 to read the message from. +.PP +If cleartext signing is used then the content is saved in a memory bio which is +written to \fB*bcont\fR, otherwise \fB*bcont\fR is set to \s-1NULL.\s0 +.PP +The parsed CMS_ContentInfo structure is returned or \s-1NULL\s0 if an +error occurred. +.SH "NOTES" +.IX Header "NOTES" +If \fB*bcont\fR is not \s-1NULL\s0 then the message is clear text signed. \fB*bcont\fR can +then be passed to \fBCMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set. +.PP +Otherwise the type of the returned structure can be determined +using \fBCMS_get0_type()\fR. +.PP +To support future functionality if \fBbcont\fR is not \s-1NULL\s0 \fB*bcont\fR should be +initialized to \s-1NULL.\s0 For example: +.PP +.Vb 2 +\& BIO *cont = NULL; +\& CMS_ContentInfo *cms; +\& +\& cms = SMIME_read_CMS(in, &cont); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser used by \fBSMIME_read_CMS()\fR is somewhat primitive. While it will +handle most S/MIME messages more complex compound formats may not work. +.PP +The parser assumes that the CMS_ContentInfo structure is always base64 encoded +and will not handle the case where it is in binary format or uses quoted +printable format. +.PP +The use of a memory \s-1BIO\s0 to hold the signed content limits the size of message +which can be processed due to memory restraints: a streaming single pass option +should be available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_type\fR\|(3), +\&\fBSMIME_read_CMS\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3), +\&\fBCMS_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SMIME_read_PKCS7.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SMIME_read_PKCS7.3 new file mode 100644 index 00000000..bc94d0a4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SMIME_read_PKCS7.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_READ_PKCS7 3" +.TH SMIME_READ_PKCS7 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_read_PKCS7 \- parse S/MIME message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSMIME_read_PKCS7()\fR parses a message in S/MIME format. +.PP +\&\fBin\fR is a \s-1BIO\s0 to read the message from. +.PP +If cleartext signing is used then the content is saved in +a memory bio which is written to \fB*bcont\fR, otherwise +\&\fB*bcont\fR is set to \fB\s-1NULL\s0\fR. +.PP +The parsed PKCS#7 structure is returned or \fB\s-1NULL\s0\fR if an +error occurred. +.SH "NOTES" +.IX Header "NOTES" +If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text +signed. \fB*bcont\fR can then be passed to \fBPKCS7_verify()\fR with +the \fB\s-1PKCS7_DETACHED\s0\fR flag set. +.PP +Otherwise the type of the returned structure can be determined +using \fBPKCS7_type_is_enveloped()\fR, etc. +.PP +To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR +\&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example: +.PP +.Vb 2 +\& BIO *cont = NULL; +\& PKCS7 *p7; +\& +\& p7 = SMIME_read_PKCS7(in, &cont); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser used by \fBSMIME_read_PKCS7()\fR is somewhat primitive. +While it will handle most S/MIME messages more complex compound +formats may not work. +.PP +The parser assumes that the \s-1PKCS7\s0 structure is always base64 +encoded and will not handle the case where it is in binary format +or uses quoted printable format. +.PP +The use of a memory \s-1BIO\s0 to hold the signed content limits the size +of message which can be processed due to memory restraints: a +streaming single pass option should be available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBSMIME_read_PKCS7\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SMIME_write_CMS.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SMIME_write_CMS.3 new file mode 100644 index 00000000..47ff5ac1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SMIME_write_CMS.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_WRITE_CMS 3" +.TH SMIME_WRITE_CMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_write_CMS \- convert CMS structure to S/MIME format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0 +structure to produce an S/MIME message. +.PP +\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBcms\fR is the appropriate +\&\fBCMS_ContentInfo\fR structure. If streaming is enabled then the content must be +supplied in the \fBdata\fR argument. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +The following flags can be passed in the \fBflags\fR parameter. +.PP +If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only +makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fBCMS_sign()\fR is +called. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to +the content, this only makes sense if \fB\s-1CMS_DETACHED\s0\fR is also set. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set streaming is performed. This flag should only +be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_ContentInfo +creation function. +.PP +If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must +be read twice: once to compute the signature in \fBCMS_sign()\fR and once to output +the S/MIME message. +.PP +If streaming is performed the content is output in \s-1BER\s0 format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and \s-1DER\s0 format is used. +.SH "BUGS" +.IX Header "BUGS" +\&\fBSMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an +option to disable this. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSMIME_write_CMS()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SMIME_write_PKCS7.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SMIME_write_PKCS7.3 new file mode 100644 index 00000000..fece0d90 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SMIME_write_PKCS7.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_WRITE_PKCS7 3" +.TH SMIME_WRITE_PKCS7 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 +structure to produce an S/MIME message. +.PP +\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate \fB\s-1PKCS7\s0\fR +structure. If streaming is enabled then the content must be supplied in the +\&\fBdata\fR argument. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +The following flags can be passed in the \fBflags\fR parameter. +.PP +If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used, +this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR +is also set when \fBPKCS7_sign()\fR is also called. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR +are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR +is also set. +.PP +If the \fB\s-1PKCS7_STREAM\s0\fR flag is set streaming is performed. This flag should +only be set if \fB\s-1PKCS7_STREAM\s0\fR was also set in the previous call to +\&\fBPKCS7_sign()\fR or \fBPKCS7_encrypt()\fR. +.PP +If cleartext signing is being used and \fB\s-1PKCS7_STREAM\s0\fR not set then +the data must be read twice: once to compute the signature in \fBPKCS7_sign()\fR +and once to output the S/MIME message. +.PP +If streaming is performed the content is output in \s-1BER\s0 format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and \s-1DER\s0 format is used. +.SH "BUGS" +.IX Header "BUGS" +\&\fBSMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there +should be an option to disable this. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CIPHER_get_name.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CIPHER_get_name.3 new file mode 100644 index 00000000..e97ed590 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CIPHER_get_name.3 @@ -0,0 +1,325 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CIPHER_GET_NAME 3" +.TH SSL_CIPHER_GET_NAME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CIPHER_get_name, SSL_CIPHER_standard_name, OPENSSL_cipher_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description, SSL_CIPHER_get_cipher_nid, SSL_CIPHER_get_digest_nid, SSL_CIPHER_get_handshake_digest, SSL_CIPHER_get_kx_nid, SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead, SSL_CIPHER_find, SSL_CIPHER_get_id, SSL_CIPHER_get_protocol_id \&\- get SSL_CIPHER properties +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); +\& const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher); +\& const char *OPENSSL_cipher_name(const char *stdname); +\& int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); +\& char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); +\& char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); +\& int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +\& int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); +\& const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); +\& int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +\& int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +\& int SSL_CIPHER_is_aead(const SSL_CIPHER *c); +\& const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +\& uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +\& uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the +\&\fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". +.PP +\&\fBSSL_CIPHER_standard_name()\fR returns a pointer to the standard \s-1RFC\s0 name of +\&\fBcipher\fR. If the \fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". If the \fBcipher\fR +has no standard name, it returns \fB\s-1NULL\s0\fR. If \fBcipher\fR was defined in both +SSLv3 and \s-1TLS,\s0 it returns the \s-1TLS\s0 name. +.PP +\&\fBOPENSSL_cipher_name()\fR returns a pointer to the OpenSSL name of \fBstdname\fR. +If the \fBstdname\fR is \s-1NULL,\s0 or \fBstdname\fR has no corresponding OpenSSL name, +it returns \*(L"(\s-1NONE\s0)\*(R". Where both exist, \fBstdname\fR should be the \s-1TLS\s0 name rather +than the SSLv3 name. +.PP +\&\fBSSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. +If \fBcipher\fR is \s-1NULL, 0\s0 is returned. +.PP +\&\fBSSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol +version that first defined the cipher. It returns \*(L"(\s-1NONE\s0)\*(R" if \fBcipher\fR is \s-1NULL.\s0 +.PP +\&\fBSSL_CIPHER_get_cipher_nid()\fR returns the cipher \s-1NID\s0 corresponding to \fBc\fR. +If there is no cipher (e.g. for cipher suites with no encryption) then +\&\fBNID_undef\fR is returned. +.PP +\&\fBSSL_CIPHER_get_digest_nid()\fR returns the digest \s-1NID\s0 corresponding to the \s-1MAC\s0 +used by \fBc\fR during record encryption/decryption. If there is no digest (e.g. +for \s-1AEAD\s0 cipher suites) then \fBNID_undef\fR is returned. +.PP +\&\fBSSL_CIPHER_get_handshake_digest()\fR returns an \s-1EVP_MD\s0 for the digest used during +the \s-1SSL/TLS\s0 handshake when using the \s-1SSL_CIPHER\s0 \fBc\fR. Note that this may be +different to the digest used to calculate the \s-1MAC\s0 for encrypted records. +.PP +\&\fBSSL_CIPHER_get_kx_nid()\fR returns the key exchange \s-1NID\s0 corresponding to the method +used by \fBc\fR. If there is no key exchange, then \fBNID_undef\fR is returned. +If any appropriate key exchange algorithm can be used (as in the case of \s-1TLS 1.3\s0 +cipher suites) \fBNID_kx_any\fR is returned. Examples (not comprehensive): +.PP +.Vb 4 +\& NID_kx_rsa +\& NID_kx_ecdhe +\& NID_kx_dhe +\& NID_kx_psk +.Ve +.PP +\&\fBSSL_CIPHER_get_auth_nid()\fR returns the authentication \s-1NID\s0 corresponding to the method +used by \fBc\fR. If there is no authentication, then \fBNID_undef\fR is returned. +If any appropriate authentication algorithm can be used (as in the case of +\&\s-1TLS 1.3\s0 cipher suites) \fBNID_auth_any\fR is returned. Examples (not comprehensive): +.PP +.Vb 3 +\& NID_auth_rsa +\& NID_auth_ecdsa +\& NID_auth_psk +.Ve +.PP +\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher \fBc\fR is \s-1AEAD\s0 (e.g. \s-1GCM\s0 or +ChaCha20/Poly1305), and 0 if it is not \s-1AEAD.\s0 +.PP +\&\fBSSL_CIPHER_find()\fR returns a \fB\s-1SSL_CIPHER\s0\fR structure which has the cipher \s-1ID\s0 stored +in \fBptr\fR. The \fBptr\fR parameter is a two element array of \fBchar\fR, which stores the +two-byte \s-1TLS\s0 cipher \s-1ID\s0 (as allocated by \s-1IANA\s0) in network byte order. This parameter +is usually retrieved from a \s-1TLS\s0 packet by using functions like +\&\fBSSL_client_hello_get0_ciphers\fR\|(3). \fBSSL_CIPHER_find()\fR returns \s-1NULL\s0 if an +error occurs or the indicated cipher is not found. +.PP +\&\fBSSL_CIPHER_get_id()\fR returns the OpenSSL-specific \s-1ID\s0 of the given cipher \fBc\fR. That \s-1ID\s0 is +not the same as the IANA-specific \s-1ID.\s0 +.PP +\&\fBSSL_CIPHER_get_protocol_id()\fR returns the two-byte \s-1ID\s0 used in the \s-1TLS\s0 protocol of the given +cipher \fBc\fR. +.PP +\&\fBSSL_CIPHER_description()\fR returns a textual description of the cipher used +into the buffer \fBbuf\fR of length \fBlen\fR provided. If \fBbuf\fR is provided, it +must be at least 128 bytes, otherwise a buffer will be allocated using +\&\fBOPENSSL_malloc()\fR. If the provided buffer is too small, or the allocation fails, +\&\fB\s-1NULL\s0\fR is returned. +.PP +The string returned by \fBSSL_CIPHER_description()\fR consists of several fields +separated by whitespace: +.IP "" 4 +.IX Item "" +Textual representation of the cipher name. +.IP "" 4 +.IX Item "" +The minimum protocol version that the ciphersuite supports, such as \fBTLSv1.2\fR. +Note that this is not always the same as the protocol version in which the +ciphersuite was first defined because some ciphersuites are backwards compatible +with earlier protocol versions. +.IP "Kx=" 4 +.IX Item "Kx=" +Key exchange method such as \fB\s-1RSA\s0\fR, \fB\s-1ECDHE\s0\fR, etc. +.IP "Au=" 4 +.IX Item "Au=" +Authentication method such as \fB\s-1RSA\s0\fR, \fBNone\fR, etc.. None is the +representation of anonymous ciphers. +.IP "Enc=" 4 +.IX Item "Enc=" +Encryption method, with number of secret bits, such as \fB\s-1AESGCM\s0(128)\fR. +.IP "Mac=" 4 +.IX Item "Mac=" +Message digest, such as \fB\s-1SHA256\s0\fR. +.PP +Some examples for the output of \fBSSL_CIPHER_description()\fR: +.PP +.Vb 2 +\& ECDHE\-RSA\-AES256\-GCM\-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD +\& RSA\-PSK\-AES256\-CBC\-SHA384 TLSv1.0 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CIPHER_get_name()\fR, \fBSSL_CIPHER_standard_name()\fR, \fBOPENSSL_cipher_name()\fR, +\&\fBSSL_CIPHER_get_version()\fR and \fBSSL_CIPHER_description()\fR return the corresponding +value in a null-terminated string for a specific cipher or \*(L"(\s-1NONE\s0)\*(R" +if the cipher is not found. +.PP +\&\fBSSL_CIPHER_get_bits()\fR returns a positive integer representing the number of +secret bits or 0 if an error occurred. +.PP +\&\fBSSL_CIPHER_get_cipher_nid()\fR, \fBSSL_CIPHER_get_digest_nid()\fR, +\&\fBSSL_CIPHER_get_kx_nid()\fR and \fBSSL_CIPHER_get_auth_nid()\fR return the \s-1NID\s0 value or +\&\fBNID_undef\fR if an error occurred. +.PP +\&\fBSSL_CIPHER_get_handshake_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 +if an error occurred. +.PP +\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher is \s-1AEAD\s0 or 0 otherwise. +.PP +\&\fBSSL_CIPHER_find()\fR returns a valid \fB\s-1SSL_CIPHER\s0\fR structure or \s-1NULL\s0 if an error +occurred. +.PP +\&\fBSSL_CIPHER_get_id()\fR returns a 4\-byte integer representing the OpenSSL-specific \s-1ID.\s0 +.PP +\&\fBSSL_CIPHER_get_protocol_id()\fR returns a 2\-byte integer representing the \s-1TLS\s0 +protocol-specific \s-1ID.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_current_cipher\fR\|(3), +\&\fBSSL_get_ciphers\fR\|(3), \fBciphers\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CIPHER_get_version()\fR function was updated to always return the +correct protocol string in OpenSSL 1.1.0. +.PP +The \fBSSL_CIPHER_description()\fR function was changed to return \fB\s-1NULL\s0\fR on error, +rather than a fixed string, in OpenSSL 1.1.0. +.PP +The \fBSSL_CIPHER_get_handshake_digest()\fR function was added in OpenSSL 1.1.1. +.PP +The \fBSSL_CIPHER_standard_name()\fR function was globally available in OpenSSL 1.1.1. + Before OpenSSL 1.1.1, tracing (\fBenable-ssl-trace\fR argument to Configure) was +required to enable this function. +.PP +The \fBOPENSSL_cipher_name()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_COMP_add_compression_method.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_COMP_add_compression_method.3 new file mode 100644 index 00000000..c7eb49f9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_COMP_add_compression_method.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_COMP_ADD_COMPRESSION_METHOD 3" +.TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods \&\- handle SSL/TLS integrated compression methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); +\& STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +\& const char *SSL_COMP_get0_name(const SSL_COMP *comp); +\& int SSL_COMP_get_id(const SSL_COMP *comp); +.Ve +.PP +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void SSL_COMP_free_compression_methods(void) +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with +the identifier \fBid\fR to the list of available compression methods. This +list is globally maintained for all \s-1SSL\s0 operations within this application. +It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects. +.PP +\&\fBSSL_COMP_get_compression_methods()\fR returns a stack of all of the available +compression methods or \s-1NULL\s0 on error. +.PP +\&\fBSSL_COMP_get0_name()\fR returns the name of the compression method \fBcomp\fR. +.PP +\&\fBSSL_COMP_get_id()\fR returns the id of the compression method \fBcomp\fR. +.PP +\&\fBSSL_COMP_free_compression_methods()\fR releases any resources acquired to +maintain the internal table of compression methods. +.SH "NOTES" +.IX Header "NOTES" +The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods +into the communication. The \s-1TLS RFC\s0 does however not specify compression +methods or their corresponding identifiers, so there is currently no compatible +way to integrate compression with unknown peers. It is therefore currently not +recommended to integrate compression into applications. Applications for +non-public use may agree on certain compression methods. Using different +compression methods with the same identifier will lead to connection failure. +.PP +An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) +will unconditionally send the list of all compression methods enabled with +\&\fBSSL_COMP_add_compression_method()\fR to the server during the handshake. +Unlike the mechanisms to set a cipher list, there is no method available to +restrict the list of compression method on a per connection basis. +.PP +An OpenSSL server will match the identifiers listed by a client against +its own compression methods and will unconditionally activate compression +when a matching identifier is found. There is no way to restrict the list +of compression methods supported on a per connection basis. +.PP +If enabled during compilation, the OpenSSL library will have the +\&\fBCOMP_zlib()\fR compression method available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_COMP_add_compression_method()\fR may return the following values: +.IP "0" 4 +The operation succeeded. +.IP "1" 4 +.IX Item "1" +The operation failed. Check the error queue to find out the reason. +.PP +\&\fBSSL_COMP_get_compression_methods()\fR returns the stack of compressions methods or +\&\s-1NULL\s0 on error. +.PP +\&\fBSSL_COMP_get0_name()\fR returns the name of the compression method or \s-1NULL\s0 on error. +.PP +\&\fBSSL_COMP_get_id()\fR returns the name of the compression method or \-1 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_COMP_free_compression_methods()\fR function was deprecated in OpenSSL 1.1.0. +The \fBSSL_COMP_get0_name()\fR and \fBSSL_comp_get_id()\fR functions were added in OpenSSL 1.1.0d. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_CTX_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_CTX_new.3 new file mode 100644 index 00000000..28a9ddf5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_CTX_new.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_NEW 3" +.TH SSL_CONF_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_new, SSL_CONF_CTX_free \- SSL configuration allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CONF_CTX *SSL_CONF_CTX_new(void); +\& void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBSSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR +structure for use with the \s-1SSL_CONF\s0 functions. +.PP +The function \fBSSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR. +If \fBcctx\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBSSL_CONF_CTX_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_CTX_set1_prefix.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_CTX_set1_prefix.3 new file mode 100644 index 00000000..350e5c0c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_CTX_set1_prefix.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_SET1_PREFIX 3" +.TH SSL_CONF_CTX_SET1_PREFIX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set1_prefix \- Set configuration context command prefix +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBSSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR +to \fBprefix\fR. If \fBprefix\fR is \fB\s-1NULL\s0\fR it is restored to the default value. +.SH "NOTES" +.IX Header "NOTES" +Command prefixes alter the commands recognised by subsequent \fBSSL_CONF_cmd()\fR +calls. For example for files, if the prefix \*(L"\s-1SSL\*(R"\s0 is set then command names +such as \*(L"SSLProtocol\*(R", \*(L"SSLOptions\*(R" etc. are recognised instead of \*(L"Protocol\*(R" +and \*(L"Options\*(R". Similarly for command lines if the prefix is \*(L"\-\-ssl\-\*(R" then +\&\*(L"\-\-ssl\-no_tls1_2\*(R" is recognised instead of \*(L"\-no_tls1_2\*(R". +.PP +If the \fB\s-1SSL_CONF_FLAG_CMDLINE\s0\fR flag is set then prefix checks are case +sensitive and \*(L"\-\*(R" is the default. In the unlikely even an application +explicitly wants to set no prefix it must be explicitly set to "". +.PP +If the \fB\s-1SSL_CONF_FLAG_FILE\s0\fR flag is set then prefix checks are case +insensitive and no prefix is the default. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_CTX_set_flags.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_CTX_set_flags.3 new file mode 100644 index 00000000..16d1b24a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_CTX_set_flags.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_SET_FLAGS 3" +.TH SSL_CONF_CTX_SET_FLAGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags \- Set or clear SSL configuration context flags +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +\& unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBSSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR. +.PP +The function \fBSSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR. +.SH "NOTES" +.IX Header "NOTES" +The flags set affect how subsequent calls to \fBSSL_CONF_cmd()\fR or +\&\fBSSL_CONF_argv()\fR behave. +.PP +Currently the following \fBflags\fR values are recognised: +.IP "\s-1SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE\s0" 4 +.IX Item "SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE" +recognise options intended for command line or configuration file use. At +least one of these flags must be set. +.IP "\s-1SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER\s0" 4 +.IX Item "SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER" +recognise options intended for use in \s-1SSL/TLS\s0 clients or servers. One or +both of these flags must be set. +.IP "\s-1SSL_CONF_FLAG_CERTIFICATE\s0" 4 +.IX Item "SSL_CONF_FLAG_CERTIFICATE" +recognise certificate and private key options. +.IP "\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0" 4 +.IX Item "SSL_CONF_FLAG_REQUIRE_PRIVATE" +If this option is set then if a private key is not specified for a certificate +it will attempt to load a private key from the certificate file when +\&\fBSSL_CONF_CTX_finish()\fR is called. If a key cannot be loaded from the certificate +file an error occurs. +.IP "\s-1SSL_CONF_FLAG_SHOW_ERRORS\s0" 4 +.IX Item "SSL_CONF_FLAG_SHOW_ERRORS" +indicate errors relating to unrecognised options or missing arguments in +the error queue. If this option isn't set such errors are only reflected +in the return values of \fBSSL_CONF_set_cmd()\fR or \fBSSL_CONF_set_argv()\fR +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_CTX_set_flags()\fR and \fBSSL_CONF_CTX_clear_flags()\fR returns the new flags +value after setting or clearing flags. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 new file mode 100644 index 00000000..5b8be317 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_SET_SSL_CTX 3" +.TH SSL_CONF_CTX_SET_SSL_CTX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl \- set context to configure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); +\& void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the +\&\fB\s-1SSL_CTX\s0\fR structure \fBctx\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with +\&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to +\&\fBctx\fR. +.PP +\&\fBSSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the +\&\fB\s-1SSL\s0\fR structure \fBssl\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with +\&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to +\&\fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The context need not be set or it can be set to \fB\s-1NULL\s0\fR in which case only +syntax checking of commands is performed, where possible. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_CTX_set_ssl_ctx()\fR and \fBSSL_CTX_set_ssl()\fR do not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_cmd.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_cmd.3 new file mode 100644 index 00000000..c19beba3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_cmd.3 @@ -0,0 +1,777 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CMD 3" +.TH SSL_CONF_CMD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_cmd_value_type, SSL_CONF_cmd \- send configuration command +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +\& int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBSSL_CONF_cmd()\fR performs configuration operation \fBcmd\fR with +optional parameter \fBvalue\fR on \fBctx\fR. Its purpose is to simplify application +configuration of \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structures by providing a common +framework for command line options or configuration files. +.PP +\&\fBSSL_CONF_cmd_value_type()\fR returns the type of value that \fBcmd\fR refers to. +.SH "SUPPORTED COMMAND LINE COMMANDS" +.IX Header "SUPPORTED COMMAND LINE COMMANDS" +Currently supported \fBcmd\fR names for command lines (i.e. when the +flag \fB\s-1SSL_CONF_CMDLINE\s0\fR is set) are listed below. Note: all \fBcmd\fR names +are case sensitive. Unless otherwise stated commands can be used by +both clients and servers and the \fBvalue\fR parameter is not used. The default +prefix for command line commands is \fB\-\fR and that is reflected below. +.IP "\fB\-sigalgs\fR" 4 +.IX Item "-sigalgs" +This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this +value is used directly for the supported signature algorithms extension. For +servers it is used to determine which signature algorithms to support. +.Sp +The \fBvalue\fR argument should be a colon separated list of signature algorithms +in order of decreasing preference of the form \fBalgorithm+hash\fR or +\&\fBsignature_scheme\fR. \fBalgorithm\fR +is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm +\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. +Note: algorithm and hash names are case sensitive. +\&\fBsignature_scheme\fR is one of the signature schemes defined in TLSv1.3, +specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, \fBed25519\fR, +or \fBrsa_pss_pss_sha256\fR. +.Sp +If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible. +.Sp +Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR +identifiers) are ignored in TLSv1.3 and will not be negotiated. +.IP "\fB\-client_sigalgs\fR" 4 +.IX Item "-client_sigalgs" +This sets the supported signature algorithms associated with client +authentication for TLSv1.2 and TLSv1.3. +For servers the value is used in the +\&\fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. +For clients it is +used to determine which signature algorithm to use with the client certificate. +If a server does not request a certificate this option has no effect. +.Sp +The syntax of \fBvalue\fR is identical to \fB\-sigalgs\fR. If not set then +the value set for \fB\-sigalgs\fR will be used instead. +.IP "\fB\-groups\fR" 4 +.IX Item "-groups" +This sets the supported groups. For clients, the groups are +sent using the supported groups extension. For servers, it is used +to determine which group to use. This setting affects groups used for +signatures (in TLSv1.2 and earlier) and key exchange. The first group listed +will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 +\&\fBClientHello\fR. +.Sp +The \fBvalue\fR argument is a colon separated list of groups. The group can be +either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where +applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g \fBprime256v1\fR). Group +names are case sensitive. The list should be in order of preference with the +most preferred group first. +.IP "\fB\-curves\fR" 4 +.IX Item "-curves" +This is a synonym for the \*(L"\-groups\*(R" command. +.IP "\fB\-named_curve\fR" 4 +.IX Item "-named_curve" +This sets the temporary curve used for ephemeral \s-1ECDH\s0 modes. Only used by +servers +.Sp +The \fBvalue\fR argument is a curve name or the special value \fBauto\fR which +picks an appropriate curve based on client and server preferences. The curve +can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name +(e.g \fBprime256v1\fR). Curve names are case sensitive. +.IP "\fB\-cipher\fR" 4 +.IX Item "-cipher" +Sets the TLSv1.2 and below ciphersuite list to \fBvalue\fR. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax checking +of \fBvalue\fR is currently not performed unless a \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR structure is +associated with \fBcctx\fR. +.IP "\fB\-ciphersuites\fR" 4 +.IX Item "-ciphersuites" +Sets the available ciphersuites for TLSv1.3 to value. This is a simple colon +(\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See \fBciphers\fR\|(1) for more information. +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +Attempts to use the file \fBvalue\fR as the certificate for the appropriate +context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR +structure is set. This option is only supported if certificate operations +are permitted. +.IP "\fB\-key\fR" 4 +.IX Item "-key" +Attempts to use the file \fBvalue\fR as the private key for the appropriate +context. This option is only supported if certificate operations +are permitted. Note: if no \fB\-key\fR option is set then a private key is +not loaded unless the flag \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. +.IP "\fB\-dhparam\fR" 4 +.IX Item "-dhparam" +Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for +the appropriate context. This option is only supported if certificate +operations are permitted. +.IP "\fB\-record_padding\fR" 4 +.IX Item "-record_padding" +Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in +length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the +\&\fBvalue\fR must be >1 or <=16384. +.IP "\fB\-no_renegotiation\fR" 4 +.IX Item "-no_renegotiation" +Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting +\&\fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. +.IP "\fB\-min_protocol\fR, \fB\-max_protocol\fR" 4 +.IX Item "-min_protocol, -max_protocol" +Sets the minimum and maximum supported protocol. +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, +\&\fBTLSv1.1\fR, \fBTLSv1.2\fR, \fBTLSv1.3\fR for \s-1TLS\s0 and \fBDTLSv1\fR, \fBDTLSv1.2\fR for \s-1DTLS,\s0 +and \fBNone\fR for no limit. +If either bound is not specified then only the other bound applies, +if specified. +To restrict the supported protocol versions use these commands rather +than the deprecated alternative commands below. +.IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 +.IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" +Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by +setting the corresponding options \fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, +\&\fBSSL_OP_NO_TLSv1_1\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR +respectively. These options are deprecated, instead use \fB\-min_protocol\fR and +\&\fB\-max_protocol\fR. +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +Various bug workarounds are set, same as setting \fB\s-1SSL_OP_ALL\s0\fR. +.IP "\fB\-comp\fR" 4 +.IX Item "-comp" +Enables support for \s-1SSL/TLS\s0 compression, same as clearing +\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +This command was introduced in OpenSSL 1.1.0. +As of OpenSSL 1.1.0, compression is off by default. +.IP "\fB\-no_comp\fR" 4 +.IX Item "-no_comp" +Disables support for \s-1SSL/TLS\s0 compression, same as setting +\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +As of OpenSSL 1.1.0, compression is off by default. +.IP "\fB\-no_ticket\fR" 4 +.IX Item "-no_ticket" +Disables support for session tickets, same as setting \fB\s-1SSL_OP_NO_TICKET\s0\fR. +.IP "\fB\-serverpref\fR" 4 +.IX Item "-serverpref" +Use server and not client preference order when determining which cipher suite, +signature algorithm or elliptic curve to use for an incoming connection. +Equivalent to \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. +.IP "\fB\-prioritize_chacha\fR" 4 +.IX Item "-prioritize_chacha" +Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of +its preference list. This usually indicates a client without \s-1AES\s0 hardware +acceleration (e.g. mobile) is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. +Only used by servers. Requires \fB\-serverpref\fR. +.IP "\fB\-no_resumption_on_reneg\fR" 4 +.IX Item "-no_resumption_on_reneg" +set \s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0 flag. Only used by servers. +.IP "\fB\-legacyrenegotiation\fR" 4 +.IX Item "-legacyrenegotiation" +permits the use of unsafe legacy renegotiation. Equivalent to setting +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. +.IP "\fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR" 4 +.IX Item "-legacy_server_connect, -no_legacy_server_connect" +permits or prohibits the use of unsafe legacy renegotiation for OpenSSL +clients only. Equivalent to setting or clearing \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. +Set by default. +.IP "\fB\-allow_no_dhe_kex\fR" 4 +.IX Item "-allow_no_dhe_kex" +In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. +.IP "\fB\-strict\fR" 4 +.IX Item "-strict" +enables strict mode protocol handling. Equivalent to setting +\&\fB\s-1SSL_CERT_FLAG_TLS_STRICT\s0\fR. +.IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4 +.IX Item "-anti_replay, -no_anti_replay" +Switches replay protection, on or off respectively. With replay protection on, +OpenSSL will automatically detect if a session ticket has been used more than +once, TLSv1.3 has been negotiated, and early data is enabled on the server. A +full handshake is forced if a session ticket is used a second or subsequent +time. Anti-Replay is on by default unless overridden by a configuration file and +is only used by servers. Anti-replay measures are required for compliance with +the TLSv1.3 specification. Some applications may be able to mitigate the replay +risks in other ways and in such cases the built-in OpenSSL functionality is not +required. Switching off anti-replay is equivalent to \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. +.SH "SUPPORTED CONFIGURATION FILE COMMANDS" +.IX Header "SUPPORTED CONFIGURATION FILE COMMANDS" +Currently supported \fBcmd\fR names for configuration files (i.e. when the +flag \fB\s-1SSL_CONF_FLAG_FILE\s0\fR is set) are listed below. All configuration file +\&\fBcmd\fR names are case insensitive so \fBsignaturealgorithms\fR is recognised +as well as \fBSignatureAlgorithms\fR. Unless otherwise stated the \fBvalue\fR names +are also case insensitive. +.PP +Note: the command prefix (if set) alters the recognised \fBcmd\fR values. +.IP "\fBCipherString\fR" 4 +.IX Item "CipherString" +Sets the ciphersuite list for TLSv1.2 and below to \fBvalue\fR. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax +checking of \fBvalue\fR is currently not performed unless an \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR +structure is associated with \fBcctx\fR. +.IP "\fBCiphersuites\fR" 4 +.IX Item "Ciphersuites" +Sets the available ciphersuites for TLSv1.3 to \fBvalue\fR. This is a simple colon +(\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See \fBciphers\fR\|(1) for more information. +.IP "\fBCertificate\fR" 4 +.IX Item "Certificate" +Attempts to use the file \fBvalue\fR as the certificate for the appropriate +context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR +structure is set. This option is only supported if certificate operations +are permitted. +.IP "\fBPrivateKey\fR" 4 +.IX Item "PrivateKey" +Attempts to use the file \fBvalue\fR as the private key for the appropriate +context. This option is only supported if certificate operations +are permitted. Note: if no \fBPrivateKey\fR option is set then a private key is +not loaded unless the \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. +.IP "\fBChainCAFile\fR, \fBChainCAPath\fR, \fBVerifyCAFile\fR, \fBVerifyCAPath\fR" 4 +.IX Item "ChainCAFile, ChainCAPath, VerifyCAFile, VerifyCAPath" +These options indicate a file or directory used for building certificate +chains or verifying certificate chains. These options are only supported +if certificate operations are permitted. +.IP "\fBRequestCAFile\fR" 4 +.IX Item "RequestCAFile" +This option indicates a file containing a set of certificates in \s-1PEM\s0 form. +The subject names of the certificates are sent to the peer in the +\&\fBcertificate_authorities\fR extension for \s-1TLS 1.3\s0 (in ClientHello or +CertificateRequest) or in a certificate request for previous versions or +\&\s-1TLS.\s0 +.IP "\fBServerInfoFile\fR" 4 +.IX Item "ServerInfoFile" +Attempts to use the file \fBvalue\fR in the \*(L"serverinfo\*(R" extension using the +function SSL_CTX_use_serverinfo_file. +.IP "\fBDHParameters\fR" 4 +.IX Item "DHParameters" +Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for +the appropriate context. This option is only supported if certificate +operations are permitted. +.IP "\fBRecordPadding\fR" 4 +.IX Item "RecordPadding" +Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in +length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the +\&\fBvalue\fR must be >1 or <=16384. +.IP "\fBSignatureAlgorithms\fR" 4 +.IX Item "SignatureAlgorithms" +This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this +value is used directly for the supported signature algorithms extension. For +servers it is used to determine which signature algorithms to support. +.Sp +The \fBvalue\fR argument should be a colon separated list of signature algorithms +in order of decreasing preference of the form \fBalgorithm+hash\fR or +\&\fBsignature_scheme\fR. \fBalgorithm\fR +is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm +\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. +Note: algorithm and hash names are case sensitive. +\&\fBsignature_scheme\fR is one of the signature schemes defined in TLSv1.3, +specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, \fBed25519\fR, +or \fBrsa_pss_pss_sha256\fR. +.Sp +If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible. +.Sp +Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR +identifiers) are ignored in TLSv1.3 and will not be negotiated. +.IP "\fBClientSignatureAlgorithms\fR" 4 +.IX Item "ClientSignatureAlgorithms" +This sets the supported signature algorithms associated with client +authentication for TLSv1.2 and TLSv1.3. +For servers the value is used in the +\&\fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. +For clients it is +used to determine which signature algorithm to use with the client certificate. +If a server does not request a certificate this option has no effect. +.Sp +The syntax of \fBvalue\fR is identical to \fBSignatureAlgorithms\fR. If not set then +the value set for \fBSignatureAlgorithms\fR will be used instead. +.IP "\fBGroups\fR" 4 +.IX Item "Groups" +This sets the supported groups. For clients, the groups are +sent using the supported groups extension. For servers, it is used +to determine which group to use. This setting affects groups used for +signatures (in TLSv1.2 and earlier) and key exchange. The first group listed +will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 +\&\fBClientHello\fR. +.Sp +The \fBvalue\fR argument is a colon separated list of groups. The group can be +either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where +applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g \fBprime256v1\fR). Group +names are case sensitive. The list should be in order of preference with the +most preferred group first. +.IP "\fBCurves\fR" 4 +.IX Item "Curves" +This is a synonym for the \*(L"Groups\*(R" command. +.IP "\fBMinProtocol\fR" 4 +.IX Item "MinProtocol" +This sets the minimum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. +.Sp +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. +The value \fBNone\fR will disable the limit. +.IP "\fBMaxProtocol\fR" 4 +.IX Item "MaxProtocol" +This sets the maximum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. +.Sp +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. +The value \fBNone\fR will disable the limit. +.IP "\fBProtocol\fR" 4 +.IX Item "Protocol" +This can be used to enable or disable certain versions of the \s-1SSL, +TLS\s0 or \s-1DTLS\s0 protocol. +.Sp +The \fBvalue\fR argument is a comma separated list of supported protocols +to enable or disable. +If a protocol is preceded by \fB\-\fR that version is disabled. +.Sp +All protocol versions are enabled by default. +You need to disable at least one protocol version for this setting have any +effect. +Only enabling some protocol versions does not disable the other protocol +versions. +.Sp +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. +The special value \fB\s-1ALL\s0\fR refers to all supported versions. +.Sp +This can't enable protocols that are disabled using \fBMinProtocol\fR +or \fBMaxProtocol\fR, but can disable protocols that are still allowed +by them. +.Sp +The \fBProtocol\fR command is fragile and deprecated; do not use it. +Use \fBMinProtocol\fR and \fBMaxProtocol\fR instead. +If you do use \fBProtocol\fR, make sure that the resulting range of enabled +protocols has no \*(L"holes\*(R", e.g. if \s-1TLS 1.0\s0 and \s-1TLS 1.2\s0 are both enabled, make +sure to also leave \s-1TLS 1.1\s0 enabled. +.IP "\fBOptions\fR" 4 +.IX Item "Options" +The \fBvalue\fR argument is a comma separated list of various flags to set. +If a flag string is preceded \fB\-\fR it is disabled. +See the \fBSSL_CTX_set_options\fR\|(3) function for more details of +individual options. +.Sp +Each option is listed below. Where an operation is enabled by default +the \fB\-flag\fR syntax is needed to disable it. +.Sp +\&\fBSessionTicket\fR: session ticket support, enabled by default. Inverse of +\&\fB\s-1SSL_OP_NO_TICKET\s0\fR: that is \fB\-SessionTicket\fR is the same as setting +\&\fB\s-1SSL_OP_NO_TICKET\s0\fR. +.Sp +\&\fBCompression\fR: \s-1SSL/TLS\s0 compression support, enabled by default. Inverse +of \fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +.Sp +\&\fBEmptyFragments\fR: use empty fragments as a countermeasure against a +\&\s-1SSL 3.0/TLS 1.0\s0 protocol vulnerability affecting \s-1CBC\s0 ciphers. It +is set by default. Inverse of \fB\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0\fR. +.Sp +\&\fBBugs\fR: enable various bug workarounds. Same as \fB\s-1SSL_OP_ALL\s0\fR. +.Sp +\&\fBDHSingle\fR: enable single use \s-1DH\s0 keys, set by default. Inverse of +\&\fB\s-1SSL_OP_DH_SINGLE\s0\fR. Only used by servers. +.Sp +\&\fBECDHSingle\fR: enable single use \s-1ECDH\s0 keys, set by default. Inverse of +\&\fB\s-1SSL_OP_ECDH_SINGLE\s0\fR. Only used by servers. +.Sp +\&\fBServerPreference\fR: use server and not client preference order when +determining which cipher suite, signature algorithm or elliptic curve +to use for an incoming connection. Equivalent to +\&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. +.Sp +\&\fBPrioritizeChaCha\fR: prioritizes ChaCha ciphers when the client has a +ChaCha20 cipher at the top of its preference list. This usually indicates +a mobile client is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. +Only used by servers. +.Sp +\&\fBNoResumptionOnRenegotiation\fR: set +\&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR flag. Only used by servers. +.Sp +\&\fBNoRenegotiation\fR: disables all attempts at renegotiation in TLSv1.2 and +earlier, same as setting \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. +.Sp +\&\fBUnsafeLegacyRenegotiation\fR: permits the use of unsafe legacy renegotiation. +Equivalent to \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. +.Sp +\&\fBUnsafeLegacyServerConnect\fR: permits the use of unsafe legacy renegotiation +for OpenSSL clients only. Equivalent to \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. +Set by default. +.Sp +\&\fBEncryptThenMac\fR: use encrypt-then-mac extension, enabled by +default. Inverse of \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR: that is, +\&\fB\-EncryptThenMac\fR is the same as setting \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR. +.Sp +\&\fBAllowNoDHEKEX\fR: In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on +resumption. This means that there will be no forward secrecy for the resumed +session. Equivalent to \fB\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0\fR. +.Sp +\&\fBMiddleboxCompat\fR: If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent +in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that +middleboxes that do not understand TLSv1.3 will not drop the connection. This +option is set by default. A future version of OpenSSL may not set this by +default. Equivalent to \fB\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0\fR. +.Sp +\&\fBAntiReplay\fR: If set then OpenSSL will automatically detect if a session ticket +has been used more than once, TLSv1.3 has been negotiated, and early data is +enabled on the server. A full handshake is forced if a session ticket is used a +second or subsequent time. This option is set by default and is only used by +servers. Anti-replay measures are required to comply with the TLSv1.3 +specification. Some applications may be able to mitigate the replay risks in +other ways and in such cases the built-in OpenSSL functionality is not required. +Disabling anti-replay is equivalent to setting \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. +.IP "\fBVerifyMode\fR" 4 +.IX Item "VerifyMode" +The \fBvalue\fR argument is a comma separated list of flags to set. +.Sp +\&\fBPeer\fR enables peer verification: for clients only. +.Sp +\&\fBRequest\fR requests but does not require a certificate from the client. +Servers only. +.Sp +\&\fBRequire\fR requests and requires a certificate from the client: an error +occurs if the client does not present a certificate. Servers only. +.Sp +\&\fBOnce\fR requests a certificate from a client only on the initial connection: +not when renegotiating. Servers only. +.Sp +\&\fBRequestPostHandshake\fR configures the connection to support requests but does +not require a certificate from the client post-handshake. A certificate will +not be requested during the initial handshake. The server application must +provide a mechanism to request a certificate post-handshake. Servers only. +TLSv1.3 only. +.Sp +\&\fBRequiresPostHandshake\fR configures the connection to support requests and +requires a certificate from the client post-handshake: an error occurs if the +client does not present a certificate. A certificate will not be requested +during the initial handshake. The server application must provide a mechanism +to request a certificate post-handshake. Servers only. TLSv1.3 only. +.IP "\fBClientCAFile\fR, \fBClientCAPath\fR" 4 +.IX Item "ClientCAFile, ClientCAPath" +A file or directory of certificates in \s-1PEM\s0 format whose names are used as the +set of acceptable names for client CAs. Servers only. This option is only +supported if certificate operations are permitted. +.SH "SUPPORTED COMMAND TYPES" +.IX Header "SUPPORTED COMMAND TYPES" +The function \fBSSL_CONF_cmd_value_type()\fR currently returns one of the following +types: +.IP "\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_UNKNOWN" +The \fBcmd\fR string is unrecognised, this return value can be use to flag +syntax errors. +.IP "\fB\s-1SSL_CONF_TYPE_STRING\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_STRING" +The value is a string without any specific structure. +.IP "\fB\s-1SSL_CONF_TYPE_FILE\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_FILE" +The value is a file name. +.IP "\fB\s-1SSL_CONF_TYPE_DIR\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_DIR" +The value is a directory name. +.IP "\fB\s-1SSL_CONF_TYPE_NONE\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_NONE" +The value string is not used e.g. a command line option which doesn't take an +argument. +.SH "NOTES" +.IX Header "NOTES" +The order of operations is significant. This can be used to set either defaults +or values which cannot be overridden. For example if an application calls: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); +\& SSL_CONF_cmd(ctx, userparam, uservalue); +.Ve +.PP +it will disable SSLv3 support by default but the user can override it. If +however the call sequence is: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, userparam, uservalue); +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); +.Ve +.PP +SSLv3 is \fBalways\fR disabled and attempt to override this by the user are +ignored. +.PP +By checking the return code of \fBSSL_CONF_cmd()\fR it is possible to query if a +given \fBcmd\fR is recognised, this is useful if \fBSSL_CONF_cmd()\fR values are +mixed with additional application specific operations. +.PP +For example an application might call \fBSSL_CONF_cmd()\fR and if it returns +\&\-2 (unrecognised command) continue with processing of application specific +commands. +.PP +Applications can also use \fBSSL_CONF_cmd()\fR to process command lines though the +utility function \fBSSL_CONF_cmd_argv()\fR is normally used instead. One way +to do this is to set the prefix to an appropriate value using +\&\fBSSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBcmd\fR and the +following argument to \fBvalue\fR (which may be \s-1NULL\s0). +.PP +In this case if the return value is positive then it is used to skip that +number of arguments as they have been processed by \fBSSL_CONF_cmd()\fR. If \-2 is +returned then \fBcmd\fR is not recognised and application specific arguments +can be checked instead. If \-3 is returned a required argument is missing +and an error is indicated. If 0 is returned some other error occurred and +this can be reported back to the user. +.PP +The function \fBSSL_CONF_cmd_value_type()\fR can be used by applications to +check for the existence of a command or to perform additional syntax +checking or translation of the command value. For example if the return +value is \fB\s-1SSL_CONF_TYPE_FILE\s0\fR an application could translate a relative +pathname to an absolute pathname. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_cmd()\fR returns 1 if the value of \fBcmd\fR is recognised and \fBvalue\fR is +\&\fB\s-1NOT\s0\fR used and 2 if both \fBcmd\fR and \fBvalue\fR are used. In other words it +returns the number of arguments processed. This is useful when processing +command lines. +.PP +A return value of \-2 means \fBcmd\fR is not recognised. +.PP +A return value of \-3 means \fBcmd\fR is recognised and the command requires a +value but \fBvalue\fR is \s-1NULL.\s0 +.PP +A return code of 0 indicates that both \fBcmd\fR and \fBvalue\fR are valid but an +error occurred attempting to perform the operation: for example due to an +error in the syntax of \fBvalue\fR in this case the error queue may provide +additional information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set supported signature algorithms: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256"); +.Ve +.PP +There are various ways to select the supported protocols. +.PP +This set the minimum protocol version to TLSv1, and so disables SSLv3. +This is the recommended way to disable protocols. +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1"); +.Ve +.PP +The following also disables SSLv3: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); +.Ve +.PP +The following will first enable all protocols, and then disable +SSLv3. +If no protocol versions were disabled before this has the same effect as +\&\*(L"\-SSLv3\*(R", but if some versions were disables this will re-enable them before +disabling SSLv3. +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "ALL,\-SSLv3"); +.Ve +.PP +Only enable TLSv1.2: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1.2"); +\& SSL_CONF_cmd(ctx, "MaxProtocol", "TLSv1.2"); +.Ve +.PP +This also only enables TLSv1.2: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "\-ALL,TLSv1.2"); +.Ve +.PP +Disable \s-1TLS\s0 session tickets: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Options", "\-SessionTicket"); +.Ve +.PP +Enable compression: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Options", "Compression"); +.Ve +.PP +Set supported curves to P\-256, P\-384: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Curves", "P\-256:P\-384"); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CONF_cmd()\fR function was added in OpenSSL 1.0.2. +.PP +The \fB\s-1SSL_OP_NO_SSL2\s0\fR option doesn't have effect since 1.1.0, but the macro +is retained for backwards compatibility. +.PP +The \fB\s-1SSL_CONF_TYPE_NONE\s0\fR was added in OpenSSL 1.1.0. In earlier versions of +OpenSSL passing a command which didn't take an argument would return +\&\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR. +.PP +\&\fBMinProtocol\fR and \fBMaxProtocol\fR where added in OpenSSL 1.1.0. +.PP +\&\fBAllowNoDHEKEX\fR and \fBPrioritizeChaCha\fR were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_cmd_argv.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_cmd_argv.3 new file mode 100644 index 00000000..0c585f73 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CONF_cmd_argv.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CMD_ARGV 3" +.TH SSL_CONF_CMD_ARGV 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_cmd_argv \- SSL configuration command line processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBSSL_CONF_cmd_argv()\fR processes at most two command line +arguments from \fBpargv\fR and \fBpargc\fR. The values of \fBpargv\fR and \fBpargc\fR +are updated to reflect the number of command options processed. The \fBpargc\fR +argument can be set to \fB\s-1NULL\s0\fR if it is not used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2 +or a negative error code. +.PP +If \-2 is returned then an argument for a command is missing. +.PP +If \-1 is returned the command is recognised but couldn't be processed due +to an error: for example a syntax error in the argument. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_add1_chain_cert.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_add1_chain_cert.3 new file mode 100644 index 00000000..0bb0119e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_add1_chain_cert.3 @@ -0,0 +1,282 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_ADD1_CHAIN_CERT 3" +.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, SSL_build_cert_chain, SSL_CTX_select_current_cert, SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert \- extra chain certificate processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); +\& int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); +\& int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk); +\& int SSL_CTX_clear_chain_certs(SSL_CTX *ctx); +\& +\& int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *sk); +\& int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *sk); +\& int SSL_add0_chain_cert(SSL *ssl, X509 *x509); +\& int SSL_add1_chain_cert(SSL *ssl, X509 *x509); +\& int SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **sk); +\& int SSL_clear_chain_certs(SSL *ssl); +\& +\& int SSL_CTX_build_cert_chain(SSL_CTX *ctx, flags); +\& int SSL_build_cert_chain(SSL *ssl, flags); +\& +\& int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_select_current_cert(SSL *ssl, X509 *x509); +\& int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op); +\& int SSL_set_current_cert(SSL *ssl, long op); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set0_chain()\fR and \fBSSL_CTX_set1_chain()\fR set the certificate chain +associated with the current certificate of \fBctx\fR to \fBsk\fR. +.PP +\&\fBSSL_CTX_add0_chain_cert()\fR and \fBSSL_CTX_add1_chain_cert()\fR append the single +certificate \fBx509\fR to the chain associated with the current certificate of +\&\fBctx\fR. +.PP +\&\fBSSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current +certificate of \fBctx\fR. +.PP +\&\fBSSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the +current certificate of \fBctx\fR. (This is implemented by calling +\&\fBSSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). +.PP +\&\fBSSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally +this uses the chain store or the verify store if the chain store is not set. +If the function is successful the built chain will replace any existing chain. +The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use +existing chain certificates as untrusted CAs, \fB\s-1SSL_BUILD_CHAIN_FLAG_NO_ROOT\s0\fR +to omit the root \s-1CA\s0 from the built chain, \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to +use all existing chain certificates only to build the chain (effectively +sanity checking and rearranging them if necessary), the flag +\&\fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR ignores any errors during verification: +if flag \fB\s-1SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR\s0\fR is also set verification errors +are cleared from the error queue. +.PP +Each of these functions operates on the \fIcurrent\fR end entity +(i.e. server or client) certificate. This is the last certificate loaded or +selected on the corresponding \fBctx\fR structure. +.PP +\&\fBSSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity +certificate, but only if \fBx509\fR has already been loaded into \fBctx\fR using a +function such as \fBSSL_CTX_use_certificate()\fR. +.PP +\&\fBSSL_set0_chain()\fR, \fBSSL_set1_chain()\fR, \fBSSL_add0_chain_cert()\fR, +\&\fBSSL_add1_chain_cert()\fR, \fBSSL_get0_chain_certs()\fR, \fBSSL_clear_chain_certs()\fR, +\&\fBSSL_build_cert_chain()\fR, \fBSSL_select_current_cert()\fR and \fBSSL_set_current_cert()\fR +are similar except they apply to \s-1SSL\s0 structure \fBssl\fR. +.PP +\&\fBSSL_CTX_set_current_cert()\fR changes the current certificate to a value based +on the \fBop\fR argument. Currently \fBop\fR can be \fB\s-1SSL_CERT_SET_FIRST\s0\fR to use +the first valid certificate or \fB\s-1SSL_CERT_SET_NEXT\s0\fR to set the next valid +certificate after the current certificate. These two operations can be +used to iterate over all certificates in an \fB\s-1SSL_CTX\s0\fR structure. +.PP +\&\fBSSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR. +If \fBssl\fR is a server and has sent a certificate to a connected client +this option sets that certificate to the current certificate and returns 1. +If the negotiated cipher suite is anonymous (and thus no certificate will +be sent) 2 is returned and the current certificate is unchanged. If \fBssl\fR +is not a server or a certificate has not been sent 0 is returned and +the current certificate is unchanged. +.PP +All these functions are implemented as macros. Those containing a \fB1\fR +increment the reference count of the supplied certificate or chain so it must +be freed at some point after the operation. Those containing a \fB0\fR do +not increment reference counts and the supplied certificate or chain +\&\fB\s-1MUST NOT\s0\fR be freed after the operation. +.SH "NOTES" +.IX Header "NOTES" +The chains associate with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 +structures when \fBSSL_new()\fR is called. \s-1SSL\s0 structures will not be affected +by any chains subsequently changed in the parent \s-1SSL_CTX.\s0 +.PP +One chain can be set for each key type supported by a server. So, for example, +an \s-1RSA\s0 and a \s-1DSA\s0 certificate can (and often will) have different chains. +.PP +The functions \fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR can +be used to check application configuration and to ensure any necessary +subordinate CAs are sent in the correct order. Misconfigured applications +sending incorrect certificate chains often cause problems with peers. +.PP +For example an application can add any set of certificates using +\&\fBSSL_CTX_use_certificate_chain_file()\fR then call \fBSSL_CTX_build_cert_chain()\fR +with the option \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to check and reorder them. +.PP +Applications can issue non fatal warnings when checking chains by setting +the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\s0\fR and checking the return +value. +.PP +Calling \fBSSL_CTX_build_cert_chain()\fR or \fBSSL_build_cert_chain()\fR is more +efficient than the automatic chain building as it is only performed once. +Automatic chain building is performed on each new session. +.PP +If any certificates are added using these functions no certificates added +using \fBSSL_CTX_add_extra_chain_cert()\fR will be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if +no server certificate is used because the cipher suites is anonymous and 0 +for failure. +.PP +\&\fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR return 1 for success +and 0 for failure. If the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR and +a verification error occurs then 2 is returned. +.PP +All other functions return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_add_extra_chain_cert.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_add_extra_chain_cert.3 new file mode 100644 index 00000000..5a755e88 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_add_extra_chain_cert.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_ADD_EXTRA_CHAIN_CERT 3" +.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs \- add or clear extra chain certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); +\& long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the extra chain +certificates associated with \fBctx\fR. Several certificates can be added one +after another. +.PP +\&\fBSSL_CTX_clear_extra_chain_certs()\fR clears all extra chain certificates +associated with \fBctx\fR. +.PP +These functions are implemented as macros. +.SH "NOTES" +.IX Header "NOTES" +When sending a certificate chain, extra chain certificates are sent in order +following the end entity certificate. +.PP +If no chain is specified, the library will try to complete the chain from the +available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see +\&\fBSSL_CTX_load_verify_locations\fR\|(3). +.PP +The \fBx509\fR certificate provided to \fBSSL_CTX_add_extra_chain_cert()\fR will be +freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application +\&\fBshould not\fR free the \fBx509\fR object. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0 +structure. Different chains for different certificates (for example if both +\&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0 +structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this +function. For more flexibility functions such as \fBSSL_add1_chain_cert()\fR should +be used instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_add_extra_chain_cert()\fR and \fBSSL_CTX_clear_extra_chain_certs()\fR return +1 on success and 0 for failure. Check out the error stack to find out the +reason for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +\&\fBSSL_CTX_set0_chain\fR\|(3) +\&\fBSSL_CTX_set1_chain\fR\|(3) +\&\fBSSL_CTX_add0_chain_cert\fR\|(3) +\&\fBSSL_CTX_add1_chain_cert\fR\|(3) +\&\fBSSL_set0_chain\fR\|(3) +\&\fBSSL_set1_chain\fR\|(3) +\&\fBSSL_add0_chain_cert\fR\|(3) +\&\fBSSL_add1_chain_cert\fR\|(3) +\&\fBSSL_CTX_build_cert_chain\fR\|(3) +\&\fBSSL_build_cert_chain\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_add_session.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_add_session.3 new file mode 100644 index 00000000..fc9a9d01 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_add_session.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_ADD_SESSION 3" +.TH SSL_CTX_ADD_SESSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_add_session, SSL_CTX_remove_session \- manipulate session cache +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c); +\& +\& int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The +reference count for session \fBc\fR is incremented by 1. If a session with +the same session id already exists, the old session is removed by calling +\&\fBSSL_SESSION_free\fR\|(3). +.PP +\&\fBSSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR and +marks it as non-resumable. \fBSSL_SESSION_free\fR\|(3) is called once for \fBc\fR. +.SH "NOTES" +.IX Header "NOTES" +When adding a new session to the internal session cache, it is examined +whether a session with the same session id already exists. In this case +it is assumed that both sessions are identical. If the same session is +stored in a different \s-1SSL_SESSION\s0 object, The old session is +removed and replaced by the new session. If the session is actually +identical (the \s-1SSL_SESSION\s0 object is identical), \fBSSL_CTX_add_session()\fR +is a no-op, and the return value is 0. +.PP +If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 +flag then the internal cache will not be populated automatically by new +sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal +cache will be searched automatically for session-resume requests (the +latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the +application can use \fBSSL_CTX_add_session()\fR directly to have full control +over the sessions that can be resumed if desired. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following values are returned by all functions: +.IP "0" 4 +The operation failed. In case of the add operation, it was tried to add +the same (identical) session twice. In case of the remove operation, the +session was not found in the cache. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_config.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_config.3 new file mode 100644 index 00000000..c893d218 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_config.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_CONFIG 3" +.TH SSL_CTX_CONFIG 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_config, SSL_config \- configure SSL_CTX or SSL structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_config(SSL_CTX *ctx, const char *name); +\& int SSL_config(SSL *s, const char *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions \fBSSL_CTX_config()\fR and \fBSSL_config()\fR configure an \fB\s-1SSL_CTX\s0\fR or +\&\fB\s-1SSL\s0\fR structure using the configuration \fBname\fR. +.SH "NOTES" +.IX Header "NOTES" +By calling \fBSSL_CTX_config()\fR or \fBSSL_config()\fR an application can perform many +complex tasks based on the contents of the configuration file: greatly +simplifying application configuration code. A degree of future proofing +can also be achieved: an application can support configuration features +in newer versions of OpenSSL automatically. +.PP +A configuration file must have been previously loaded, for example using +\&\fBCONF_modules_load_file()\fR. See \fBconfig\fR\|(5) for details of the configuration +file syntax. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_config()\fR and \fBSSL_config()\fR return 1 for success or 0 if an error +occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +If the file \*(L"config.cnf\*(R" contains the following: +.PP +.Vb 1 +\& testapp = test_sect +\& +\& [test_sect] +\& # list of configuration modules +\& +\& ssl_conf = ssl_sect +\& +\& [ssl_sect] +\& server = server_section +\& +\& [server_section] +\& RSA.Certificate = server\-rsa.pem +\& ECDSA.Certificate = server\-ecdsa.pem +\& Ciphers = ALL:!RC4 +.Ve +.PP +An application could call: +.PP +.Vb 4 +\& if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) { +\& fprintf(stderr, "Error processing config file\en"); +\& goto err; +\& } +\& +\& ctx = SSL_CTX_new(TLS_server_method()); +\& +\& if (SSL_CTX_config(ctx, "server") == 0) { +\& fprintf(stderr, "Error configuring server.\en"); +\& goto err; +\& } +.Ve +.PP +In this example two certificates and the cipher list are configured without +the need for any additional application code. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBCONF_modules_load_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CTX_config()\fR and \fBSSL_config()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_ctrl.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_ctrl.3 new file mode 100644 index 00000000..46a97405 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_ctrl.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_CTRL 3" +.TH SSL_CTX_CTRL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for SSL_CTX and SSL objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +\& long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); +\& +\& long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +\& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The SSL_*\fB_ctrl()\fR family of functions is used to manipulate settings of +the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects. Depending on the command \fBcmd\fR the arguments +\&\fBlarg\fR, \fBparg\fR, or \fBfp\fR are evaluated. These functions should never +be called directly. All functionalities needed are made available via +other functions or macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The return values of the SSL*\fB_ctrl()\fR functions depend on the command +supplied via the \fBcmd\fR parameter. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_dane_enable.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_dane_enable.3 new file mode 100644 index 00000000..04f6ef9d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_dane_enable.3 @@ -0,0 +1,508 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_DANE_ENABLE 3" +.TH SSL_CTX_DANE_ENABLE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa, SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, SSL_dane_set_flags, SSL_dane_clear_flags \&\- enable DANE TLS authentication of the remote TLS server in the local TLS client +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_dane_enable(SSL_CTX *ctx); +\& int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, +\& uint8_t mtype, uint8_t ord); +\& int SSL_dane_enable(SSL *s, const char *basedomain); +\& int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, +\& uint8_t mtype, unsigned const char *data, size_t dlen); +\& int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); +\& int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, +\& uint8_t *mtype, unsigned const char **data, +\& size_t *dlen); +\& unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); +\& unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); +\& unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); +\& unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions implement support for \s-1DANE TLSA\s0 (\s-1RFC6698\s0 and \s-1RFC7671\s0) +peer authentication. +.PP +\&\fBSSL_CTX_dane_enable()\fR must be called first to initialize the shared state +required for \s-1DANE\s0 support. +Individual connections associated with the context can then enable +per-connection \s-1DANE\s0 support as appropriate. +\&\s-1DANE\s0 authentication is implemented in the \fBX509_verify_cert\fR\|(3) function, and +applications that override \fBX509_verify_cert\fR\|(3) via +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3) are responsible to authenticate the peer +chain in whatever manner they see fit. +.PP +\&\fBSSL_CTX_dane_mtype_set()\fR may then be called zero or more times to adjust the +supported digest algorithms. +This must be done before any \s-1SSL\s0 handles are created for the context. +.PP +The \fBmtype\fR argument specifies a \s-1DANE TLSA\s0 matching type and the \fBmd\fR +argument specifies the associated digest algorithm handle. +The \fBord\fR argument specifies a strength ordinal. +Algorithms with a larger strength ordinal are considered more secure. +Strength ordinals are used to implement \s-1RFC7671\s0 digest algorithm agility. +Specifying a \fB\s-1NULL\s0\fR digest algorithm for a matching type disables +support for that matching type. +Matching type \fBFull\fR\|(0) cannot be modified or disabled. +.PP +By default, matching type \f(CW\*(C`SHA2\-256(1)\*(C'\fR (see \s-1RFC7218\s0 for definitions +of the \s-1DANE TLSA\s0 parameter acronyms) is mapped to \f(CW\*(C`EVP_sha256()\*(C'\fR +with a strength ordinal of \f(CW1\fR and matching type \f(CW\*(C`SHA2\-512(2)\*(C'\fR +is mapped to \f(CW\*(C`EVP_sha512()\*(C'\fR with a strength ordinal of \f(CW2\fR. +.PP +\&\fBSSL_dane_enable()\fR must be called before the \s-1SSL\s0 handshake is initiated with +\&\fBSSL_connect\fR\|(3) if (and only if) you want to enable \s-1DANE\s0 for that connection. +(The connection must be associated with a DANE-enabled \s-1SSL\s0 context). +The \fBbasedomain\fR argument specifies the \s-1RFC7671 TLSA\s0 base domain, +which will be the primary peer reference identifier for certificate +name checks. +Additional server names can be specified via \fBSSL_add1_host\fR\|(3). +The \fBbasedomain\fR is used as the default \s-1SNI\s0 hint if none has yet been +specified via \fBSSL_set_tlsext_host_name\fR\|(3). +.PP +\&\fBSSL_dane_tlsa_add()\fR may then be called one or more times, to load each of the +\&\s-1TLSA\s0 records that apply to the remote \s-1TLS\s0 peer. +(This too must be done prior to the beginning of the \s-1SSL\s0 handshake). +The arguments specify the fields of the \s-1TLSA\s0 record. +The \fBdata\fR field is provided in binary (wire \s-1RDATA\s0) form, not the hexadecimal +\&\s-1ASCII\s0 presentation form, with an explicit length passed via \fBdlen\fR. +The library takes a copy of the \fBdata\fR buffer contents and the caller may +free the original \fBdata\fR buffer when convenient. +A return value of 0 indicates that \*(L"unusable\*(R" \s-1TLSA\s0 records (with invalid or +unsupported parameters) were provided. +A negative return value indicates an internal error in processing the record. +.PP +The caller is expected to check the return value of each \fBSSL_dane_tlsa_add()\fR +call and take appropriate action if none are usable or an internal error +is encountered in processing some records. +.PP +If no \s-1TLSA\s0 records are added successfully, \s-1DANE\s0 authentication is not enabled, +and authentication will be based on any configured traditional trust-anchors; +authentication success in this case does not mean that the peer was +DANE-authenticated. +.PP +\&\fBSSL_get0_dane_authority()\fR can be used to get more detailed information about +the matched \s-1DANE\s0 trust-anchor after successful connection completion. +The return value is negative if \s-1DANE\s0 verification failed (or was not enabled), +0 if an \s-1EE TLSA\s0 record directly matched the leaf certificate, or a positive +number indicating the depth at which a \s-1TA\s0 record matched an issuer certificate. +The complete verified chain can be retrieved via \fBSSL_get0_verified_chain\fR\|(3). +The return value is an index into this verified chain, rather than the list of +certificates sent by the peer as returned by \fBSSL_get_peer_cert_chain\fR\|(3). +.PP +If the \fBmcert\fR argument is not \fB\s-1NULL\s0\fR and a \s-1TLSA\s0 record matched a chain +certificate, a pointer to the matching certificate is returned via \fBmcert\fR. +The returned address is a short-term internal reference to the certificate and +must not be freed by the application. +Applications that want to retain access to the certificate can call +\&\fBX509_up_ref\fR\|(3) to obtain a long-term reference which must then be freed via +\&\fBX509_free\fR\|(3) once no longer needed. +.PP +If no \s-1TLSA\s0 records directly matched any elements of the certificate chain, but +a \s-1\fBDANE\-TA\s0\fR\|(2) \s-1\fBSPKI\s0\fR\|(1) \fBFull\fR\|(0) record provided the public key that signed an +element of the chain, then that key is returned via \fBmspki\fR argument (if not +\&\s-1NULL\s0). +In this case the return value is the depth of the top-most element of the +validated certificate chain. +As with \fBmcert\fR this is a short-term internal reference, and +\&\fBEVP_PKEY_up_ref\fR\|(3) and \fBEVP_PKEY_free\fR\|(3) can be used to acquire and +release long-term references respectively. +.PP +\&\fBSSL_get0_dane_tlsa()\fR can be used to retrieve the fields of the \s-1TLSA\s0 record that +matched the peer certificate chain. +The return value indicates the match depth or failure to match just as with +\&\fBSSL_get0_dane_authority()\fR. +When the return value is non-negative, the storage pointed to by the \fBusage\fR, +\&\fBselector\fR, \fBmtype\fR and \fBdata\fR parameters is updated to the corresponding +\&\s-1TLSA\s0 record fields. +The \fBdata\fR field is in binary wire form, and is therefore not NUL-terminated, +its length is returned via the \fBdlen\fR parameter. +If any of these parameters is \s-1NULL,\s0 the corresponding field is not returned. +The \fBdata\fR parameter is set to a short-term internal-copy of the associated +data field and must not be freed by the application. +Applications that need long-term access to this field need to copy the content. +.PP +\&\fBSSL_CTX_dane_set_flags()\fR and \fBSSL_dane_set_flags()\fR can be used to enable +optional \s-1DANE\s0 verification features. +\&\fBSSL_CTX_dane_clear_flags()\fR and \fBSSL_dane_clear_flags()\fR can be used to disable +the same features. +The \fBflags\fR argument is a bitmask of the features to enable or disable. +The \fBflags\fR set for an \fB\s-1SSL_CTX\s0\fR context are copied to each \fB\s-1SSL\s0\fR handle +associated with that context at the time the handle is created. +Subsequent changes in the context's \fBflags\fR have no effect on the \fBflags\fR set +for the handle. +.PP +At present, the only available option is \fB\s-1DANE_FLAG_NO_DANE_EE_NAMECHECKS\s0\fR +which can be used to disable server name checks when authenticating via +\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records. +For some applications, primarily web browsers, it is not safe to disable name +checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can +convince a client that a connection to a victim server is instead a secure +connection to the malicious server. +The malicious server may then be able to violate cross-origin scripting +restrictions. +Thus, despite the text of \s-1RFC7671,\s0 name checks are by default enabled for +\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe +to do so. +In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0 +records already make it possible for a remote domain to redirect client +connections to any server of its choice, and in any case \s-1SMTP\s0 and \s-1XMPP\s0 clients +do not execute scripts downloaded from remote servers. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions \fBSSL_CTX_dane_enable()\fR, \fBSSL_CTX_dane_mtype_set()\fR, +\&\fBSSL_dane_enable()\fR and \fBSSL_dane_tlsa_add()\fR return a positive value on success. +Negative return values indicate resource problems (out of memory, etc.) in the +\&\s-1SSL\s0 library, while a return value of \fB0\fR indicates incorrect usage or invalid +input, such as an unsupported \s-1TLSA\s0 record certificate usage, selector or +matching type. +Invalid input also includes malformed data, either a digest length that does +not match the digest algorithm, or a \f(CWFull(0)\fR (binary \s-1ASN.1 DER\s0 form) +certificate or a public key that fails to parse. +.PP +The functions \fBSSL_get0_dane_authority()\fR and \fBSSL_get0_dane_tlsa()\fR return a +negative value when \s-1DANE\s0 authentication failed or was not enabled, a +non-negative value indicates the chain depth at which the \s-1TLSA\s0 record matched a +chain certificate, or the depth of the top-most certificate, when the \s-1TLSA\s0 +record is a full public key that is its signer. +.PP +The functions \fBSSL_CTX_dane_set_flags()\fR, \fBSSL_CTX_dane_clear_flags()\fR, +\&\fBSSL_dane_set_flags()\fR and \fBSSL_dane_clear_flags()\fR return the \fBflags\fR in effect +before they were called. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R", and has +DNSSEC-validated \s-1TLSA\s0 records. +The calls below will perform \s-1DANE\s0 authentication and arrange to match either +the \s-1MX\s0 hostname or the destination domain name in the \s-1SMTP\s0 server certificate. +Wildcards are supported, but must match the entire label. +The actual name matched in the certificate (which might be a wildcard) is +retrieved, and must be copied by the application if it is to be retained beyond +the lifetime of the \s-1SSL\s0 connection. +.PP +.Vb 7 +\& SSL_CTX *ctx; +\& SSL *ssl; +\& int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL; +\& int num_usable = 0; +\& const char *nexthop_domain = "example.com"; +\& const char *dane_tlsa_domain = "smtp.example.com"; +\& uint8_t usage, selector, mtype; +\& +\& if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) +\& /* error */ +\& if (SSL_CTX_dane_enable(ctx) <= 0) +\& /* error */ +\& if ((ssl = SSL_new(ctx)) == NULL) +\& /* error */ +\& if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0) +\& /* error */ +\& +\& /* +\& * For many applications it is safe to skip DANE\-EE(3) namechecks. Do not +\& * disable the checks unless "unknown key share" attacks pose no risk for +\& * your application. +\& */ +\& SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS); +\& +\& if (!SSL_add1_host(ssl, nexthop_domain)) +\& /* error */ +\& SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); +\& +\& for (... each TLSA record ...) { +\& unsigned char *data; +\& size_t len; +\& int ret; +\& +\& /* set usage, selector, mtype, data, len */ +\& +\& /* +\& * Opportunistic DANE TLS clients support only DANE\-TA(2) or DANE\-EE(3). +\& * They treat all other certificate usages, and in particular PKIX\-TA(0) +\& * and PKIX\-EE(1), as unusable. +\& */ +\& switch (usage) { +\& default: +\& case 0: /* PKIX\-TA(0) */ +\& case 1: /* PKIX\-EE(1) */ +\& continue; +\& case 2: /* DANE\-TA(2) */ +\& case 3: /* DANE\-EE(3) */ +\& break; +\& } +\& +\& ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len); +\& /* free data as appropriate */ +\& +\& if (ret < 0) +\& /* handle SSL library internal error */ +\& else if (ret == 0) +\& /* handle unusable TLSA record */ +\& else +\& ++num_usable; +\& } +\& +\& /* +\& * At this point, the verification mode is still the default SSL_VERIFY_NONE. +\& * Opportunistic DANE clients use unauthenticated TLS when all TLSA records +\& * are unusable, so continue the handshake even if authentication fails. +\& */ +\& if (num_usable == 0) { +\& /* Log all records unusable? */ +\& +\& /* Optionally set verify_cb to a suitable non\-NULL callback. */ +\& SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb); +\& } else { +\& /* At least one usable record. We expect to verify the peer */ +\& +\& /* Optionally set verify_cb to a suitable non\-NULL callback. */ +\& +\& /* +\& * Below we elect to fail the handshake when peer verification fails. +\& * Alternatively, use the permissive SSL_VERIFY_NONE verification mode, +\& * complete the handshake, check the verification status, and if not +\& * verified disconnect gracefully at the application layer, especially if +\& * application protocol supports informing the server that authentication +\& * failed. +\& */ +\& SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb); +\& } +\& +\& /* +\& * Load any saved session for resumption, making sure that the previous +\& * session applied the same security and authentication requirements that +\& * would be expected of a fresh connection. +\& */ +\& +\& /* Perform SSL_connect() handshake and handle errors here */ +\& +\& if (SSL_session_reused(ssl)) { +\& if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& /* +\& * Resumed session was originally verified, this connection is +\& * authenticated. +\& */ +\& } else { +\& /* +\& * Resumed session was not originally verified, this connection is not +\& * authenticated. +\& */ +\& } +\& } else if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& const char *peername = SSL_get0_peername(ssl); +\& EVP_PKEY *mspki = NULL; +\& +\& int depth = SSL_get0_dane_authority(ssl, NULL, &mspki); +\& if (depth >= 0) { +\& (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL); +\& printf("DANE TLSA %d %d %d %s at depth %d\en", usage, selector, mtype, +\& (mspki != NULL) ? "TA public key verified certificate" : +\& depth ? "matched TA certificate" : "matched EE certificate", +\& depth); +\& } +\& if (peername != NULL) { +\& /* Name checks were in scope and matched the peername */ +\& printf("Verified peername: %s\en", peername); +\& } +\& } else { +\& /* +\& * Not authenticated, presumably all TLSA rrs unusable, but possibly a +\& * callback suppressed connection termination despite the presence of +\& * usable TLSA RRs none of which matched. Do whatever is appropriate for +\& * fresh unauthenticated connections. +\& */ +\& } +.Ve +.SH "NOTES" +.IX Header "NOTES" +It is expected that the majority of clients employing \s-1DANE TLS\s0 will be doing +\&\*(L"opportunistic \s-1DANE TLS\*(R"\s0 in the sense of \s-1RFC7672\s0 and \s-1RFC7435.\s0 +That is, they will use \s-1DANE\s0 authentication when DNSSEC-validated \s-1TLSA\s0 records +are published for a given peer, and otherwise will use unauthenticated \s-1TLS\s0 or +even cleartext. +.PP +Such applications should generally treat any \s-1TLSA\s0 records published by the peer +with usages \s-1\fBPKIX\-TA\s0\fR\|(0) and \s-1\fBPKIX\-EE\s0\fR\|(1) as \*(L"unusable\*(R", and should not include +them among the \s-1TLSA\s0 records used to authenticate peer connections. +In addition, some \s-1TLSA\s0 records with supported usages may be \*(L"unusable\*(R" as a +result of invalid or unsupported parameters. +.PP +When a peer has \s-1TLSA\s0 records, but none are \*(L"usable\*(R", an opportunistic +application must avoid cleartext, but cannot authenticate the peer, +and so should generally proceed with an unauthenticated connection. +Opportunistic applications need to note the return value of each +call to \fBSSL_dane_tlsa_add()\fR, and if all return 0 (due to invalid +or unsupported parameters) disable peer authentication by calling +\&\fBSSL_set_verify\fR\|(3) with \fBmode\fR equal to \fB\s-1SSL_VERIFY_NONE\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_new\fR\|(3), +\&\fBSSL_add1_host\fR\|(3), +\&\fBSSL_set_hostflags\fR\|(3), +\&\fBSSL_set_tlsext_host_name\fR\|(3), +\&\fBSSL_set_verify\fR\|(3), +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBSSL_get0_verified_chain\fR\|(3), +\&\fBSSL_get_peer_cert_chain\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_connect\fR\|(3), +\&\fBSSL_get0_peername\fR\|(3), +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_up_ref\fR\|(3), +\&\fBX509_free\fR\|(3), +\&\fBEVP_get_digestbyname\fR\|(3), +\&\fBEVP_PKEY_up_ref\fR\|(3), +\&\fBEVP_PKEY_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_flush_sessions.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_flush_sessions.3 new file mode 100644 index 00000000..7695e0b0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_flush_sessions.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_FLUSH_SESSIONS 3" +.TH SSL_CTX_FLUSH_SESSIONS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_flush_sessions \- remove expired sessions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_flush_sessions()\fR causes a run through the session cache of +\&\fBctx\fR to remove sessions expired at time \fBtm\fR. +.SH "NOTES" +.IX Header "NOTES" +If enabled, the internal session cache will collect all sessions established +up to the specified maximum number (see \fBSSL_CTX_sess_set_cache_size()\fR). +As sessions will not be reused ones they are expired, they should be +removed from the cache to save resources. This can either be done +automatically whenever 255 new sessions were established (see +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)) +or manually by calling \fBSSL_CTX_flush_sessions()\fR. +.PP +The parameter \fBtm\fR specifies the time which should be used for the +expiration test, in most cases the actual time given by \fBtime\fR\|(0) +will be used. +.PP +\&\fBSSL_CTX_flush_sessions()\fR will only check sessions stored in the internal +cache. When a session is found and removed, the remove_session_cb is however +called to synchronize with the external cache (see +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_flush_sessions()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_free.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_free.3 new file mode 100644 index 00000000..1691d43f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_free.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_FREE 3" +.TH SSL_CTX_FREE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_free \- free an allocated SSL_CTX object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_free(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the +\&\s-1SSL_CTX\s0 object pointed to by \fBctx\fR and frees up the allocated memory if the reference count has reached 0. +.PP +It also calls the \fBfree()\fRing procedures for indirectly affected items, if +applicable: the session cache, the list of ciphers, the list of Client CAs, +the certificates and keys. +.PP +If \fBctx\fR is \s-1NULL\s0 nothing is done. +.SH "WARNINGS" +.IX Header "WARNINGS" +If a session-remove callback is set (\fBSSL_CTX_sess_set_remove_cb()\fR), this +callback will be called for each session being freed from \fBctx\fR's +session cache. This implies, that all corresponding sessions from an +external session cache are removed as well. If this is not desired, the user +should explicitly unset the callback by calling +SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fBSSL_CTX_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_free()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_new\fR\|(3), \fBssl\fR\|(7), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_get0_param.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_get0_param.3 new file mode 100644 index 00000000..b73bc6da --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_get0_param.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_GET0_PARAM 3" +.TH SSL_CTX_GET0_PARAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param \- get and set verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) +\& X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) +\& int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) +\& int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR retrieve an internal pointer to +the verification parameters for \fBctx\fR or \fBssl\fR respectively. The returned +pointer must not be freed by the calling application. +.PP +\&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR set the verification parameters +to \fBvpm\fR for \fBctx\fR or \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Typically parameters are retrieved from an \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure +using \fBSSL_CTX_get0_param()\fR or \fBSSL_get0_param()\fR and an application modifies +them to suit its needs: for example to add a hostname check. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR return a pointer to an +\&\fBX509_VERIFY_PARAM\fR structure. +.PP +\&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR return 1 for success and 0 +for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Check hostname matches \*(L"www.foo.com\*(R" in peer certificate: +.PP +.Vb 2 +\& X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); +\& X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_get_verify_mode.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_get_verify_mode.3 new file mode 100644 index 00000000..fe95a275 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_get_verify_mode.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_GET_VERIFY_MODE 3" +.TH SSL_CTX_GET_VERIFY_MODE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +\& int SSL_get_verify_mode(const SSL *ssl); +\& int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +\& int SSL_get_verify_depth(const SSL *ssl); +\& int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); +\& int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_get_verify_mode()\fR returns the verification mode currently set in +\&\fBctx\fR. +.PP +\&\fBSSL_get_verify_mode()\fR returns the verification mode currently set in +\&\fBssl\fR. +.PP +\&\fBSSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set +in \fBctx\fR. If no limit has been explicitly set, \-1 is returned and the +default value will be used. +.PP +\&\fBSSL_get_verify_depth()\fR returns the verification depth limit currently set +in \fBssl\fR. If no limit has been explicitly set, \-1 is returned and the +default value will be used. +.PP +\&\fBSSL_CTX_get_verify_callback()\fR returns a function pointer to the verification +callback currently set in \fBctx\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned and the default callback will be used. +.PP +\&\fBSSL_get_verify_callback()\fR returns a function pointer to the verification +callback currently set in \fBssl\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned and the default callback will be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_has_client_custom_ext.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_has_client_custom_ext.3 new file mode 100644 index 00000000..21e30307 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_has_client_custom_ext.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3" +.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_has_client_custom_ext \- check whether a handler exists for a particular client extension type +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_has_client_custom_ext()\fR checks whether a handler has been set for a +client extension of type \fBext_type\fR using \fBSSL_CTX_add_client_custom_ext()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns 1 if a handler has been set, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_add_client_custom_ext\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_load_verify_locations.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_load_verify_locations.3 new file mode 100644 index 00000000..6b1a2791 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_load_verify_locations.3 @@ -0,0 +1,287 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_LOAD_VERIFY_LOCATIONS 3" +.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_load_verify_locations, SSL_CTX_set_default_verify_paths, SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file \- set default locations for trusted CA certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, +\& const char *CApath); +\& +\& int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +\& +\& int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +\& +\& int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at +which \s-1CA\s0 certificates for verification purposes are located. The certificates +available via \fBCAfile\fR and \fBCApath\fR are trusted. +.PP +\&\fBSSL_CTX_set_default_verify_paths()\fR specifies that the default locations from +which \s-1CA\s0 certificates are loaded should be used. There is one default directory +and one default file. The default \s-1CA\s0 certificates directory is called \*(L"certs\*(R" in +the default OpenSSL directory. Alternatively the \s-1SSL_CERT_DIR\s0 environment +variable can be defined to override this location. The default \s-1CA\s0 certificates +file is called \*(L"cert.pem\*(R" in the default OpenSSL directory. Alternatively the +\&\s-1SSL_CERT_FILE\s0 environment variable can be defined to override this location. +.PP +\&\fBSSL_CTX_set_default_verify_dir()\fR is similar to +\&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default directory is +used. +.PP +\&\fBSSL_CTX_set_default_verify_file()\fR is similar to +\&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default file is +used. +.SH "NOTES" +.IX Header "NOTES" +If \fBCAfile\fR is not \s-1NULL,\s0 it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 +format. The file can contain several \s-1CA\s0 certificates identified by +.PP +.Vb 3 +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& ... (CA certificate in base64 encoding) ... +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.Ve +.PP +sequences. Before, between, and after the certificates text is allowed +which can be used e.g. for descriptions of the certificates. +.PP +The \fBCAfile\fR is processed on execution of the \fBSSL_CTX_load_verify_locations()\fR +function. +.PP +If \fBCApath\fR is not \s-1NULL,\s0 it points to a directory containing \s-1CA\s0 certificates +in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are +looked up by the \s-1CA\s0 subject name hash value, which must hence be available. +If more than one \s-1CA\s0 certificate with the same name hash value exist, the +extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search +is performed in the ordering of the extension number, regardless of other +properties of the certificates. +Use the \fBc_rehash\fR utility to create the necessary links. +.PP +The certificates in \fBCApath\fR are only looked up when required, e.g. when +building the certificate chain or when actually performing the verification +of a peer certificate. +.PP +When looking up \s-1CA\s0 certificates, the OpenSSL library will first search the +certificates in \fBCAfile\fR, then those in \fBCApath\fR. Certificate matching +is done based on the subject name, the key identifier (if present), and the +serial number as taken from the certificate to be verified. If these data +do not match, the next certificate will be tried. If a first certificate +matching the parameters is found, the verification process will be performed; +no other certificates for the same parameters will be searched in case of +failure. +.PP +In server mode, when requesting a client certificate, the server must send +the list of CAs of which it will accept client certificates. This list +is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must +explicitly be set using the +\&\fBSSL_CTX_set_client_CA_list\fR\|(3) +family of functions. +.PP +When building its own certificate chain, an OpenSSL client/server will +try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the +certificate chain was not explicitly specified (see +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +If several \s-1CA\s0 certificates matching the name, key identifier, and serial +number condition are available, only the first one will be examined. This +may lead to unexpected results if the same \s-1CA\s0 certificate is available +with different expiration dates. If a \*(L"certificate expired\*(R" verification +error occurs, no other certificate will be searched. Make sure to not +have expired certificates mixed with valid ones. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For SSL_CTX_load_verify_locations the following return values can occur: +.IP "0" 4 +The operation failed because \fBCAfile\fR and \fBCApath\fR are \s-1NULL\s0 or the +processing at one of the locations specified failed. Check the error +stack to find out the reason. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.PP +\&\fBSSL_CTX_set_default_verify_paths()\fR, \fBSSL_CTX_set_default_verify_dir()\fR and +\&\fBSSL_CTX_set_default_verify_file()\fR all return 1 on success or 0 on failure. A +missing default location is still treated as a success. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate a \s-1CA\s0 certificate file with descriptive text from the \s-1CA\s0 certificates +ca1.pem ca2.pem ca3.pem: +.PP +.Vb 5 +\& #!/bin/sh +\& rm CAfile.pem +\& for i in ca1.pem ca2.pem ca3.pem ; do +\& openssl x509 \-in $i \-text >> CAfile.pem +\& done +.Ve +.PP +Prepare the directory /some/where/certs containing several \s-1CA\s0 certificates +for use as \fBCApath\fR: +.PP +.Vb 2 +\& cd /some/where/certs +\& c_rehash . +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_CTX_set_cert_store\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_new.3 new file mode 100644 index 00000000..2013e685 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_new.3 @@ -0,0 +1,326 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_NEW 3" +.TH SSL_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method \&\- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); +\& int SSL_CTX_up_ref(SSL_CTX *ctx); +\& +\& const SSL_METHOD *TLS_method(void); +\& const SSL_METHOD *TLS_server_method(void); +\& const SSL_METHOD *TLS_client_method(void); +\& +\& const SSL_METHOD *SSLv23_method(void); +\& const SSL_METHOD *SSLv23_server_method(void); +\& const SSL_METHOD *SSLv23_client_method(void); +\& +\& #ifndef OPENSSL_NO_SSL3_METHOD +\& const SSL_METHOD *SSLv3_method(void); +\& const SSL_METHOD *SSLv3_server_method(void); +\& const SSL_METHOD *SSLv3_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_TLS1_METHOD +\& const SSL_METHOD *TLSv1_method(void); +\& const SSL_METHOD *TLSv1_server_method(void); +\& const SSL_METHOD *TLSv1_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_TLS1_1_METHOD +\& const SSL_METHOD *TLSv1_1_method(void); +\& const SSL_METHOD *TLSv1_1_server_method(void); +\& const SSL_METHOD *TLSv1_1_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_TLS1_2_METHOD +\& const SSL_METHOD *TLSv1_2_method(void); +\& const SSL_METHOD *TLSv1_2_server_method(void); +\& const SSL_METHOD *TLSv1_2_client_method(void); +\& #endif +\& +\& const SSL_METHOD *DTLS_method(void); +\& const SSL_METHOD *DTLS_server_method(void); +\& const SSL_METHOD *DTLS_client_method(void); +\& +\& #ifndef OPENSSL_NO_DTLS1_METHOD +\& const SSL_METHOD *DTLSv1_method(void); +\& const SSL_METHOD *DTLSv1_server_method(void); +\& const SSL_METHOD *DTLSv1_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_DTLS1_2_METHOD +\& const SSL_METHOD *DTLSv1_2_method(void); +\& const SSL_METHOD *DTLSv1_2_server_method(void); +\& const SSL_METHOD *DTLSv1_2_client_method(void); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to +establish \s-1TLS/SSL\s0 or \s-1DTLS\s0 enabled connections. An \fB\s-1SSL_CTX\s0\fR object is +reference counted. Creating an \fB\s-1SSL_CTX\s0\fR object for the first time increments +the reference count. Freeing it (using SSL_CTX_free) decrements it. When the +reference count drops to zero, any memory or resources allocated to the +\&\fB\s-1SSL_CTX\s0\fR object are freed. \fBSSL_CTX_up_ref()\fR increments the reference count for +an existing \fB\s-1SSL_CTX\s0\fR structure. +.SH "NOTES" +.IX Header "NOTES" +The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. +The methods exist in a generic type (for client and server use), a server only +type, and a client only type. +\&\fBmethod\fR can be of the following types: +.IP "\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR" 4 +.IX Item "TLS_method(), TLS_server_method(), TLS_client_method()" +These are the general-purpose \fIversion-flexible\fR \s-1SSL/TLS\s0 methods. +The actual protocol version used will be negotiated to the highest version +mutually supported by the client and the server. +The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. +Applications should use these methods, and avoid the version-specific +methods described below, which are deprecated. +.IP "\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR, \fBSSLv23_client_method()\fR" 4 +.IX Item "SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()" +These functions do not exist anymore, they have been renamed to +\&\fBTLS_method()\fR, \fBTLS_server_method()\fR and \fBTLS_client_method()\fR respectively. +Currently, the old function calls are renamed to the corresponding new +ones by preprocessor macros, to ensure that existing code which uses the +old function names still compiles. However, using the old function names +is deprecated and new code should call the new functions instead. +.IP "\fBTLSv1_2_method()\fR, \fBTLSv1_2_server_method()\fR, \fBTLSv1_2_client_method()\fR" 4 +.IX Item "TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1.2 protocol. These methods are deprecated. +.IP "\fBTLSv1_1_method()\fR, \fBTLSv1_1_server_method()\fR, \fBTLSv1_1_client_method()\fR" 4 +.IX Item "TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1.1 protocol. These methods are deprecated. +.IP "\fBTLSv1_method()\fR, \fBTLSv1_server_method()\fR, \fBTLSv1_client_method()\fR" 4 +.IX Item "TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1 protocol. These methods are deprecated. +.IP "\fBSSLv3_method()\fR, \fBSSLv3_server_method()\fR, \fBSSLv3_client_method()\fR" 4 +.IX Item "SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +SSLv3 protocol. +The SSLv3 protocol is deprecated and should not be used. +.IP "\fBDTLS_method()\fR, \fBDTLS_server_method()\fR, \fBDTLS_client_method()\fR" 4 +.IX Item "DTLS_method(), DTLS_server_method(), DTLS_client_method()" +These are the version-flexible \s-1DTLS\s0 methods. +Currently supported protocols are \s-1DTLS 1.0\s0 and \s-1DTLS 1.2.\s0 +.IP "\fBDTLSv1_2_method()\fR, \fBDTLSv1_2_server_method()\fR, \fBDTLSv1_2_client_method()\fR" 4 +.IX Item "DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()" +These are the version-specific methods for DTLSv1.2. +These methods are deprecated. +.IP "\fBDTLSv1_method()\fR, \fBDTLSv1_server_method()\fR, \fBDTLSv1_client_method()\fR" 4 +.IX Item "DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()" +These are the version-specific methods for DTLSv1. +These methods are deprecated. +.PP +\&\fBSSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the +callbacks, the keys and certificates and the options to their default values. +.PP +\&\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR, \fBDTLS_method()\fR, +\&\fBDTLS_server_method()\fR and \fBDTLS_client_method()\fR are the \fIversion-flexible\fR +methods. +All other methods only support one specific protocol version. +Use the \fIversion-flexible\fR methods instead of the version specific methods. +.PP +If you want to limit the supported protocols for the version flexible +methods you can use \fBSSL_CTX_set_min_proto_version\fR\|(3), +\&\fBSSL_set_min_proto_version\fR\|(3), \fBSSL_CTX_set_max_proto_version\fR\|(3) and +\&\fBSSL_set_max_proto_version\fR\|(3) functions. +Using these functions it is possible to choose e.g. \fBTLS_server_method()\fR +and be able to negotiate with all possible clients, but to only +allow newer protocols like \s-1TLS 1.0, TLS 1.1, TLS 1.2\s0 or \s-1TLS 1.3.\s0 +.PP +The list of protocols available can also be limited using the +\&\fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, \fBSSL_OP_NO_TLSv1_1\fR, +\&\fBSSL_OP_NO_TLSv1_3\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR +options of the +\&\fBSSL_CTX_set_options\fR\|(3) or \fBSSL_set_options\fR\|(3) functions, but this approach +is not recommended. Clients should avoid creating \*(L"holes\*(R" in the set of +protocols they support. When disabling a protocol, make sure that you also +disable either all previous or all subsequent protocol versions. +In clients, when a protocol version is disabled without disabling \fIall\fR +previous protocol versions, the effect is to also disable all subsequent +protocol versions. +.PP +The SSLv3 protocol is deprecated and should generally not be used. +Applications should typically use \fBSSL_CTX_set_min_proto_version\fR\|(3) to set +the minimum protocol to at least \fB\s-1TLS1_VERSION\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to find out +the reason. +.IP "Pointer to an \s-1SSL_CTX\s0 object" 4 +.IX Item "Pointer to an SSL_CTX object" +The return value points to an allocated \s-1SSL_CTX\s0 object. +.Sp +\&\fBSSL_CTX_up_ref()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_free\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_CTX_set_min_proto_version\fR\|(3), \fBssl\fR\|(7), \fBSSL_set_connect_state\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +Support for SSLv2 and the corresponding \fBSSLv2_method()\fR, +\&\fBSSLv2_server_method()\fR and \fBSSLv2_client_method()\fR functions where +removed in OpenSSL 1.1.0. +.PP +\&\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR and \fBSSLv23_client_method()\fR +were deprecated and the preferred \fBTLS_method()\fR, \fBTLS_server_method()\fR +and \fBTLS_client_method()\fR functions were added in OpenSSL 1.1.0. +.PP +All version-specific methods were deprecated in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_sess_number.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_sess_number.3 new file mode 100644 index 00000000..62f33a69 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_sess_number.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESS_NUMBER 3" +.TH SSL_CTX_SESS_NUMBER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_sess_number(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect_good(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept_good(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx); +\& long SSL_CTX_sess_hits(SSL_CTX *ctx); +\& long SSL_CTX_sess_cb_hits(SSL_CTX *ctx); +\& long SSL_CTX_sess_misses(SSL_CTX *ctx); +\& long SSL_CTX_sess_timeouts(SSL_CTX *ctx); +\& long SSL_CTX_sess_cache_full(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_sess_number()\fR returns the current number of sessions in the internal +session cache. +.PP +\&\fBSSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +client mode. +.PP +\&\fBSSL_CTX_sess_connect_good()\fR returns the number of successfully established +\&\s-1SSL/TLS\s0 sessions in client mode. +.PP +\&\fBSSL_CTX_sess_connect_renegotiate()\fR returns the number of started renegotiations +in client mode. +.PP +\&\fBSSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +server mode. +.PP +\&\fBSSL_CTX_sess_accept_good()\fR returns the number of successfully established +\&\s-1SSL/TLS\s0 sessions in server mode. +.PP +\&\fBSSL_CTX_sess_accept_renegotiate()\fR returns the number of started renegotiations +in server mode. +.PP +\&\fBSSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. +In client mode a session set with \fBSSL_set_session\fR\|(3) +successfully reused is counted as a hit. In server mode a session successfully +retrieved from internal or external cache is counted as a hit. +.PP +\&\fBSSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions +from the external session cache in server mode. +.PP +\&\fBSSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients +that were not found in the internal session cache in server mode. +.PP +\&\fBSSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients +and either found in the internal or external session cache in server mode, + but that were invalid due to timeout. These sessions are not included in +the \fBSSL_CTX_sess_hits()\fR count. +.PP +\&\fBSSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed +because the maximum session cache size was exceeded. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return the values indicated in the \s-1DESCRIPTION\s0 section. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) +\&\fBSSL_CTX_sess_set_cache_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_sess_set_cache_size.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_sess_set_cache_size.3 new file mode 100644 index 00000000..7b591bc9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_sess_set_cache_size.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESS_SET_CACHE_SIZE 3" +.TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t); +\& long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache +of context \fBctx\fR to \fBt\fR. +This value is a hint and not an absolute; see the notes below. +.PP +\&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. +.SH "NOTES" +.IX Header "NOTES" +The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,\s0 +currently 1024*20, so that up to 20000 sessions can be held. This size +can be modified using the \fBSSL_CTX_sess_set_cache_size()\fR call. A special +case is the size 0, which is used for unlimited size. +.PP +If adding the session makes the cache exceed its size, then unused +sessions are dropped from the end of the cache. +Cache space may also be reclaimed by calling +\&\fBSSL_CTX_flush_sessions\fR\|(3) to remove +expired sessions. +.PP +If the size of the session cache is reduced and more sessions are already +in the session cache, old session will be removed at the next time a +session shall be added. This removal is not synchronized with the +expiration of sessions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_sess_set_cache_size()\fR returns the previously valid size. +.PP +\&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid size. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_sess_set_get_cb.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_sess_set_get_cb.3 new file mode 100644 index 00000000..783e57f6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_sess_set_get_cb.3 @@ -0,0 +1,254 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESS_SET_GET_CB 3" +.TH SSL_CTX_SESS_SET_GET_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, +\& int (*new_session_cb)(SSL *, SSL_SESSION *)); +\& void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, +\& void (*remove_session_cb)(SSL_CTX *ctx, +\& SSL_SESSION *)); +\& void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, +\& SSL_SESSION (*get_session_cb)(SSL *, +\& const unsigned char *, +\& int, int *)); +\& +\& int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, +\& SSL_SESSION *sess); +\& void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, +\& SSL_SESSION *sess); +\& SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, +\& const unsigned char *data, +\& int len, int *copy); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_sess_set_new_cb()\fR sets the callback function that is +called whenever a new session was negotiated. +.PP +\&\fBSSL_CTX_sess_set_remove_cb()\fR sets the callback function that is +called whenever a session is removed by the \s-1SSL\s0 engine. For example, +this can occur because a session is considered faulty or has become obsolete +because of exceeding the timeout value. +.PP +\&\fBSSL_CTX_sess_set_get_cb()\fR sets the callback function that is called +whenever a \s-1TLS\s0 client proposed to resume a session but the session +could not be found in the internal session cache (see +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)). +(\s-1TLS\s0 server only.) +.PP +\&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR, and +\&\fBSSL_CTX_sess_get_get_cb()\fR retrieve the function pointers set by the +corresponding set callback functions. If a callback function has not been +set, the \s-1NULL\s0 pointer is returned. +.SH "NOTES" +.IX Header "NOTES" +In order to allow external session caching, synchronization with the internal +session cache is realized via callback functions. Inside these callback +functions, session can be saved to disk or put into a database using the +\&\fBd2i_SSL_SESSION\fR\|(3) interface. +.PP +The \fBnew_session_cb()\fR is called whenever a new session has been negotiated and +session caching is enabled (see \fBSSL_CTX_set_session_cache_mode\fR\|(3)). The +\&\fBnew_session_cb()\fR is passed the \fBssl\fR connection and the nascent +ssl session \fBsess\fR. +Since sessions are reference-counted objects, the reference count on the +session is incremented before the callback, on behalf of the application. If +the callback returns \fB0\fR, the session will be immediately removed from the +internal cache and the reference count released. If the callback returns \fB1\fR, +the application retains the reference (for an entry in the +application-maintained \*(L"external session cache\*(R"), and is responsible for +calling \fBSSL_SESSION_free()\fR when the session reference is no longer in use. +.PP +Note that in TLSv1.3, sessions are established after the main +handshake has completed. The server decides when to send the client the session +information and this may occur some time after the end of the handshake (or not +at all). This means that applications should expect the \fBnew_session_cb()\fR +function to be invoked during the handshake (for <= TLSv1.2) or after the +handshake (for TLSv1.3). It is also possible in TLSv1.3 for multiple sessions to +be established with a single connection. In these case the \fBnew_session_cb()\fR +function will be invoked multiple times. +.PP +In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for +resumption once. One way of enforcing that is for applications to call +\&\fBSSL_CTX_remove_session\fR\|(3) after a session has been used. +.PP +The \fBremove_session_cb()\fR is called whenever the \s-1SSL\s0 engine removes a session +from the internal cache. This can happen when the session is removed because +it is expired or when a connection was not shutdown cleanly. It also happens +for all sessions in the internal session cache when +\&\fBSSL_CTX_free\fR\|(3) is called. The \fBremove_session_cb()\fR is passed +the \fBctx\fR and the ssl session \fBsess\fR. It does not provide any feedback. +.PP +The \fBget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers, and is given +the session id +proposed by the client. The \fBget_session_cb()\fR is always called, even when +session caching was disabled. The \fBget_session_cb()\fR is passed the +\&\fBssl\fR connection and the session id of length \fBlength\fR at the memory location +\&\fBdata\fR. By setting the parameter \fBcopy\fR to \fB1\fR, the callback can require the +\&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object; +setting \fBcopy\fR to \fB0\fR causes the reference count to remain unchanged. +If the \fBget_session_cb()\fR does not write to \fBcopy\fR, the reference count +is incremented and the session must be explicitly freed with +\&\fBSSL_SESSION_free\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR and \fBSSL_CTX_sess_get_get_cb()\fR +return different callback function pointers respectively. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_CTX_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_sessions.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_sessions.3 new file mode 100644 index 00000000..ea1ef03e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_sessions.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESSIONS 3" +.TH SSL_CTX_SESSIONS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sessions \- access internal session cache +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the +internal session cache for \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +The sessions in the internal session cache are kept in an +\&\s-1\fBLHASH\s0\fR\|(3) type database. It is possible to directly +access this database e.g. for searching. In parallel, the sessions +form a linked list which is maintained separately from the +\&\s-1\fBLHASH\s0\fR\|(3) operations, so that the database must not be +modified directly but by using the +\&\fBSSL_CTX_add_session\fR\|(3) family of functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash of \fB\s-1SSL_SESSION\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \s-1\fBLHASH\s0\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set0_CA_list.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set0_CA_list.3 new file mode 100644 index 00000000..d1495065 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set0_CA_list.3 @@ -0,0 +1,307 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET0_CA_LIST 3" +.TH SSL_CTX_SET0_CA_LIST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_get_client_CA_list, SSL_CTX_get_client_CA_list, SSL_CTX_add_client_CA, SSL_add_client_CA, SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list, SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list, SSL_get0_peer_CA_list \&\- get or set CA list +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); +\& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); +\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); +\& int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); +\& int SSL_add_client_CA(SSL *ssl, X509 *cacert); +\& +\& void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +\& void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +\& const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); +\& const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); +\& int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); +\& int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); +\& +\& const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions described here set and manage the list of \s-1CA\s0 names that are sent +between two communicating peers. +.PP +For \s-1TLS\s0 versions 1.2 and earlier the list of \s-1CA\s0 names is only sent from the +server to the client when requesting a client certificate. So any list of \s-1CA\s0 +names set is never sent from client to server and the list of \s-1CA\s0 names retrieved +by \fBSSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR. +.PP +For \s-1TLS 1.3\s0 the list of \s-1CA\s0 names is sent using the \fBcertificate_authorities\fR +extension and may be sent by a client (in the ClientHello message) or by +a server (when requesting a certificate). +.PP +In most cases it is not necessary to set \s-1CA\s0 names on the client side. The list +of \s-1CA\s0 names that are acceptable to the client will be sent in plaintext to the +server. This has privacy implications and may also have performance implications +if the list is large. This optional capability was introduced as part of TLSv1.3 +and therefore setting \s-1CA\s0 names on the client side will have no impact if that +protocol version has been disabled. Most servers do not need this and so this +should be avoided unless required. +.PP +The \*(L"client \s-1CA\s0 list\*(R" functions below only have an effect when called on the +server side. +.PP +\&\fBSSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for \fBctx\fR. Ownership of \fBlist\fR is transferred +to \fBctx\fR and it should not be freed by the caller. +.PP +\&\fBSSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for the chosen \fBssl\fR, overriding the +setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. Ownership of \fBlist\fR is transferred +to \fBs\fR and it should not be freed by the caller. +.PP +\&\fBSSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for +\&\fBctx\fR using \fBSSL_CTX_set_client_CA_list()\fR. The returned list should not be freed +by the caller. +.PP +\&\fBSSL_get_client_CA_list()\fR returns the list of client CAs explicitly +set for \fBssl\fR using \fBSSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with +\&\fBSSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode, +SSL_get_client_CA_list returns the list of client CAs sent from the server, if +any. The returned list should not be freed by the caller. +.PP +\&\fBSSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +\&\fBctx\fR. +.PP +\&\fBSSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. +.PP +\&\fBSSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer +has sent. This can be called on either the server or the client side. The +returned list should not be freed by the caller. +.PP +The \*(L"generic \s-1CA\s0 list\*(R" functions below are very similar to the \*(L"client \s-1CA\s0 +list\*(R" functions except that they have an effect on both the server and client +sides. The lists of \s-1CA\s0 names managed are separate \- so you cannot (for example) +set \s-1CA\s0 names using the \*(L"client \s-1CA\s0 list\*(R" functions and then get them using the +\&\*(L"generic \s-1CA\s0 list\*(R" functions. Where a mix of the two types of functions has been +used on the server side then the \*(L"client \s-1CA\s0 list\*(R" functions take precedence. +Typically, on the server side, the \*(L"client \s-1CA\s0 list \*(R" functions should be used in +preference. As noted above in most cases it is not necessary to set \s-1CA\s0 names on +the client side. +.PP +\&\fBSSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to +\&\fBname_list\fR. Ownership of \fBname_list\fR is transferred to \fBctx\fR and +it should not be freed by the caller. +.PP +\&\fBSSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR +overriding any list set in the parent \fB\s-1SSL_CTX\s0\fR of \fBs\fR. Ownership of +\&\fBname_list\fR is transferred to \fBs\fR and it should not be freed by the caller. +.PP +\&\fBSSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for +\&\fBctx\fR. The returned list should not be freed by the caller. +.PP +\&\fBSSL_get0_CA_list()\fR retrieves any previously set list of CAs set for +\&\fBs\fR or if none are set the list from the parent \fB\s-1SSL_CTX\s0\fR is retrieved. The +returned list should not be freed by the caller. +.PP +\&\fBSSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +list of CAs sent to peer for \fBctx\fR. +.PP +\&\fBSSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +list of CAs sent to the peer for \fBs\fR, overriding the setting in the parent +\&\fB\s-1SSL_CTX\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +When a \s-1TLS/SSL\s0 server requests a client certificate (see +\&\fB\fBSSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept +certificates, to the client. +.PP +This list must explicitly be set using \fBSSL_CTX_set_client_CA_list()\fR or +\&\fBSSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fBSSL_set_client_CA_list()\fR or +\&\fBSSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified +overrides the previous setting. The CAs listed do not become trusted (\fBlist\fR +only contains the names, not the complete certificates); use +\&\fBSSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification. +.PP +If the list of acceptable CAs is compiled in a file, the +\&\fBSSL_load_client_CA_file\fR\|(3) function can be used to help to import the +necessary data. +.PP +\&\fBSSL_CTX_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR, \fBSSL_add_client_CA()\fR and +\&\fBSSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no +list was specified before using \fBSSL_CTX_set_client_CA_list()\fR, +\&\fBSSL_CTX_set0_CA_list()\fR, \fBSSL_set_client_CA_list()\fR or \fBSSL_set0_CA_list()\fR, a +new \s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, +\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, \fBSSL_CTX_set0_CA_list()\fR +and \fBSSL_set0_CA_list()\fR do not return a value. +.PP +\&\fBSSL_CTX_get_client_CA_list()\fR, \fBSSL_get_client_CA_list()\fR, \fBSSL_CTX_get0_CA_list()\fR +and \fBSSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are +set. +.PP +\&\fBSSL_CTX_add_client_CA()\fR,\fBSSL_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR and +\&\fBSSL_add1_to_CA_list()\fR return 1 for success and 0 for failure. +.PP +\&\fBSSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or +\&\fB\s-1NULL\s0\fR or an empty stack if no list was sent. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: +.PP +.Vb 1 +\& SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_load_client_CA_file\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set1_curves.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set1_curves.3 new file mode 100644 index 00000000..dff3f482 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set1_curves.3 @@ -0,0 +1,238 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET1_CURVES 3" +.TH SSL_CTX_SET1_CURVES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve \&\- EC supported curve functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen); +\& int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list); +\& +\& int SSL_set1_groups(SSL *ssl, int *glist, int glistlen); +\& int SSL_set1_groups_list(SSL *ssl, char *list); +\& +\& int SSL_get1_groups(SSL *ssl, int *groups); +\& int SSL_get_shared_group(SSL *s, int n); +\& +\& int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); +\& int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); +\& +\& int SSL_set1_curves(SSL *ssl, int *clist, int clistlen); +\& int SSL_set1_curves_list(SSL *ssl, char *list); +\& +\& int SSL_get1_curves(SSL *ssl, int *curves); +\& int SSL_get_shared_curve(SSL *s, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +For all of the functions below that set the supported groups there must be at +least one group in the list. +.PP +\&\fBSSL_CTX_set1_groups()\fR sets the supported groups for \fBctx\fR to \fBglistlen\fR +groups in the array \fBglist\fR. The array consist of all NIDs of groups in +preference order. For a \s-1TLS\s0 client the groups are used directly in the +supported groups extension. For a \s-1TLS\s0 server the groups are used to +determine the set of shared groups. +.PP +\&\fBSSL_CTX_set1_groups_list()\fR sets the supported groups for \fBctx\fR to +string \fBlist\fR. The string is a colon separated list of group NIDs or +names, for example \*(L"P\-521:P\-384:P\-256\*(R". +.PP +\&\fBSSL_set1_groups()\fR and \fBSSL_set1_groups_list()\fR are similar except they set +supported groups for the \s-1SSL\s0 structure \fBssl\fR. +.PP +\&\fBSSL_get1_groups()\fR returns the set of supported groups sent by a client +in the supported groups extension. It returns the total number of +supported groups. The \fBgroups\fR parameter can be \fB\s-1NULL\s0\fR to simply +return the number of groups for memory allocation purposes. The +\&\fBgroups\fR array is in the form of a set of group NIDs in preference +order. It can return zero if the client did not send a supported groups +extension. +.PP +\&\fBSSL_get_shared_group()\fR returns shared group \fBn\fR for a server-side +\&\s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared groups is +returned, which may be zero. Other than for diagnostic purposes, +most applications will only be interested in the first shared group +so \fBn\fR is normally set to zero. If the value \fBn\fR is out of range, +NID_undef is returned. +.PP +All these functions are implemented as macros. +.PP +The curve functions are synonyms for the equivalently named group functions and +are identical in every respect. They exist because, prior to \s-1TLS1.3,\s0 there was +only the concept of supported curves. In \s-1TLS1.3\s0 this was renamed to supported +groups, and extended to include Diffie Hellman groups. The group functions +should be used in preference. +.SH "NOTES" +.IX Header "NOTES" +If an application wishes to make use of several of these functions for +configuration purposes either on a command line or in a file it should +consider using the \s-1SSL_CONF\s0 interface instead of manually parsing options. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set1_groups()\fR, \fBSSL_CTX_set1_groups_list()\fR, \fBSSL_set1_groups()\fR and +\&\fBSSL_set1_groups_list()\fR, return 1 for success and 0 for failure. +.PP +\&\fBSSL_get1_groups()\fR returns the number of groups, which may be zero. +.PP +\&\fBSSL_get_shared_group()\fR returns the \s-1NID\s0 of shared group \fBn\fR or NID_undef if there +is no shared group \fBn\fR; or the total number of shared groups if \fBn\fR +is \-1. +.PP +When called on a client \fBssl\fR, \fBSSL_get_shared_group()\fR has no meaning and +returns \-1. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The curve functions were added in OpenSSL 1.0.2. The equivalent group +functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set1_sigalgs.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set1_sigalgs.3 new file mode 100644 index 00000000..55fd3d09 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set1_sigalgs.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET1_SIGALGS 3" +.TH SSL_CTX_SET1_SIGALGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs, SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list, SSL_set1_client_sigalgs_list \- set supported signature algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set1_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); +\& long SSL_set1_sigalgs(SSL *ssl, const int *slist, long slistlen); +\& long SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str); +\& long SSL_set1_sigalgs_list(SSL *ssl, const char *str); +\& +\& long SSL_CTX_set1_client_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); +\& long SSL_set1_client_sigalgs(SSL *ssl, const int *slist, long slistlen); +\& long SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str); +\& long SSL_set1_client_sigalgs_list(SSL *ssl, const char *str); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set1_sigalgs()\fR and \fBSSL_set1_sigalgs()\fR set the supported signature +algorithms for \fBctx\fR or \fBssl\fR. The array \fBslist\fR of length \fBslistlen\fR +must consist of pairs of NIDs corresponding to digest and public key +algorithms. +.PP +\&\fBSSL_CTX_set1_sigalgs_list()\fR and \fBSSL_set1_sigalgs_list()\fR set the supported +signature algorithms for \fBctx\fR or \fBssl\fR. The \fBstr\fR parameter +must be a null terminated string consisting of a colon separated list of +elements, where each element is either a combination of a public key +algorithm and a digest separated by \fB+\fR, or a \s-1TLS 1\s0.3\-style named +SignatureScheme such as rsa_pss_pss_sha256. +.PP +\&\fBSSL_CTX_set1_client_sigalgs()\fR, \fBSSL_set1_client_sigalgs()\fR, +\&\fBSSL_CTX_set1_client_sigalgs_list()\fR and \fBSSL_set1_client_sigalgs_list()\fR set +signature algorithms related to client authentication, otherwise they are +identical to \fBSSL_CTX_set1_sigalgs()\fR, \fBSSL_set1_sigalgs()\fR, +\&\fBSSL_CTX_set1_sigalgs_list()\fR and \fBSSL_set1_sigalgs_list()\fR. +.PP +All these functions are implemented as macros. The signature algorithm +parameter (integer array or string) is not freed: the application should +free it, if necessary. +.SH "NOTES" +.IX Header "NOTES" +If an application wishes to allow the setting of signature algorithms +as one of many user configurable options it should consider using the more +flexible \s-1SSL_CONF API\s0 instead. +.PP +The signature algorithms set by a client are used directly in the supported +signature algorithm in the client hello message. +.PP +The supported signature algorithms set by a server are not sent to the +client but are used to determine the set of shared signature algorithms +and (if server preferences are set with \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0) +their order. +.PP +The client authentication signature algorithms set by a server are sent +in a certificate request message if client authentication is enabled, +otherwise they are unused. +.PP +Similarly client authentication signature algorithms set by a client are +used to determined the set of client authentication shared signature +algorithms. +.PP +Signature algorithms will neither be advertised nor used if the security level +prohibits them (for example \s-1SHA1\s0 if the security level is 4 or more). +.PP +Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and +NID_sha512 digest NIDs are supported and the public key algorithm NIDs +\&\s-1EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_DSA\s0 and \s-1EVP_PKEY_EC.\s0 +.PP +The short or long name values for digests can be used in a string (for +example \*(L"\s-1MD5\*(R", \*(L"SHA1\*(R", \*(L"SHA224\*(R", \*(L"SHA256\*(R", \*(L"SHA384\*(R", \*(L"SHA512\*(R"\s0) and +the public key algorithm strings \*(L"\s-1RSA\*(R",\s0 \*(L"RSA-PSS\*(R", \*(L"\s-1DSA\*(R"\s0 or \*(L"\s-1ECDSA\*(R".\s0 +.PP +The \s-1TLS 1.3\s0 signature scheme names (such as \*(L"rsa_pss_pss_sha256\*(R") can also +be used with the \fB_list\fR forms of the \s-1API.\s0 +.PP +The use of \s-1MD5\s0 as a digest is strongly discouraged due to security weaknesses. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 +using an array: +.PP +.Vb 1 +\& const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA}; +\& +\& SSL_CTX_set1_sigalgs(ctx, slist, 4); +.Ve +.PP +Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 +using a string: +.PP +.Vb 1 +\& SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256"); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_shared_sigalgs\fR\|(3), +\&\fBSSL_CONF_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set1_verify_cert_store.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set1_verify_cert_store.3 new file mode 100644 index 00000000..1c513207 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set1_verify_cert_store.3 @@ -0,0 +1,226 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET1_VERIFY_CERT_STORE 3" +.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, SSL_set0_chain_cert_store, SSL_set1_chain_cert_store \- set certificate verification or chain store +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& +\& int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); +\& int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); +\& int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); +\& int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set0_verify_cert_store()\fR and \fBSSL_CTX_set1_verify_cert_store()\fR +set the certificate store used for certificate verification to \fBst\fR. +.PP +\&\fBSSL_CTX_set0_chain_cert_store()\fR and \fBSSL_CTX_set1_chain_cert_store()\fR +set the certificate store used for certificate chain building to \fBst\fR. +.PP +\&\fBSSL_set0_verify_cert_store()\fR, \fBSSL_set1_verify_cert_store()\fR, +\&\fBSSL_set0_chain_cert_store()\fR and \fBSSL_set1_chain_cert_store()\fR are similar +except they apply to \s-1SSL\s0 structure \fBssl\fR. +.PP +All these functions are implemented as macros. Those containing a \fB1\fR +increment the reference count of the supplied store so it must +be freed at some point after the operation. Those containing a \fB0\fR do +not increment reference counts and the supplied store \fB\s-1MUST NOT\s0\fR be freed +after the operation. +.SH "NOTES" +.IX Header "NOTES" +The stores pointers associated with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 +structures when \fBSSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be +affected if the parent \s-1SSL_CTX\s0 store pointer is set to a new value. +.PP +The verification store is used to verify the certificate chain sent by the +peer: that is an \s-1SSL/TLS\s0 client will use the verification store to verify +the server's certificate chain and a \s-1SSL/TLS\s0 server will use it to verify +any client certificate chain. +.PP +The chain store is used to build the certificate chain. +.PP +If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set or a certificate chain is +configured already (for example using the functions such as +\&\fBSSL_CTX_add1_chain_cert\fR\|(3) or +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)) then +automatic chain building is disabled. +.PP +If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set then automatic chain building +is disabled. +.PP +If the chain or the verification store is not set then the store associated +with the parent \s-1SSL_CTX\s0 is used instead to retain compatibility with previous +versions of OpenSSL. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBSSL_CTX_set0_chain\fR\|(3) +\&\fBSSL_CTX_set1_chain\fR\|(3) +\&\fBSSL_CTX_add0_chain_cert\fR\|(3) +\&\fBSSL_CTX_add1_chain_cert\fR\|(3) +\&\fBSSL_set0_chain\fR\|(3) +\&\fBSSL_set1_chain\fR\|(3) +\&\fBSSL_add0_chain_cert\fR\|(3) +\&\fBSSL_add1_chain_cert\fR\|(3) +\&\fBSSL_CTX_build_cert_chain\fR\|(3) +\&\fBSSL_build_cert_chain\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_alpn_select_cb.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_alpn_select_cb.3 new file mode 100644 index 00000000..895d73a3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_alpn_select_cb.3 @@ -0,0 +1,314 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_ALPN_SELECT_CB 3" +.TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb, SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated \&\- handle application layer protocol negotiation (ALPN) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, +\& unsigned int protos_len); +\& int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, +\& unsigned int protos_len); +\& void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, +\& int (*cb) (SSL *ssl, +\& const unsigned char **out, +\& unsigned char *outlen, +\& const unsigned char *in, +\& unsigned int inlen, +\& void *arg), void *arg); +\& void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, +\& unsigned int *len); +\& +\& void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, +\& int (*cb)(SSL *ssl, +\& const unsigned char **out, +\& unsigned int *outlen, +\& void *arg), +\& void *arg); +\& void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, +\& int (*cb)(SSL *s, +\& unsigned char **out, +\& unsigned char *outlen, +\& const unsigned char *in, +\& unsigned int inlen, +\& void *arg), +\& void *arg); +\& int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, +\& const unsigned char *server, +\& unsigned int server_len, +\& const unsigned char *client, +\& unsigned int client_len) +\& void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, +\& unsigned *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR are used by the client to +set the list of protocols available to be negotiated. The \fBprotos\fR must be in +protocol-list format, described below. The length of \fBprotos\fR is specified in +\&\fBprotos_len\fR. +.PP +\&\fBSSL_CTX_set_alpn_select_cb()\fR sets the application callback \fBcb\fR used by a +server to select which protocol to use for the incoming connection. When \fBcb\fR +is \s-1NULL, ALPN\s0 is not used. The \fBarg\fR value is a pointer which is passed to +the application callback. +.PP +\&\fBcb\fR is the application defined callback. The \fBin\fR, \fBinlen\fR parameters are a +vector in protocol-list format. The value of the \fBout\fR, \fBoutlen\fR vector +should be set to the value of a single protocol selected from the \fBin\fR, +\&\fBinlen\fR vector. The \fBout\fR buffer may point directly into \fBin\fR, or to a +buffer that outlives the handshake. The \fBarg\fR parameter is the pointer set via +\&\fBSSL_CTX_set_alpn_select_cb()\fR. +.PP +\&\fBSSL_select_next_proto()\fR is a helper function used to select protocols. It +implements the standard protocol selection. It is expected that this function +is called from the application callback \fBcb\fR. The protocol data in \fBserver\fR, +\&\fBserver_len\fR and \fBclient\fR, \fBclient_len\fR must be in the protocol-list format +described below. The first item in the \fBserver\fR, \fBserver_len\fR list that +matches an item in the \fBclient\fR, \fBclient_len\fR list is selected, and returned +in \fBout\fR, \fBoutlen\fR. The \fBout\fR value will point into either \fBserver\fR or +\&\fBclient\fR, so it should be copied immediately. If no match is found, the first +item in \fBclient\fR, \fBclient_len\fR is returned in \fBout\fR, \fBoutlen\fR. This +function can also be used in the \s-1NPN\s0 callback. +.PP +\&\fBSSL_CTX_set_next_proto_select_cb()\fR sets a callback \fBcb\fR that is called when a +client needs to select a protocol from the server's provided list, and a +user-defined pointer argument \fBarg\fR which will be passed to this callback. +For the callback itself, \fBout\fR +must be set to point to the selected protocol (which may be within \fBin\fR). +The length of the protocol name must be written into \fBoutlen\fR. The +server's advertised protocols are provided in \fBin\fR and \fBinlen\fR. The +callback can assume that \fBin\fR is syntactically valid. The client must +select a protocol. It is fatal to the connection if this callback returns +a value other than \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR. The \fBarg\fR parameter is the pointer +set via \fBSSL_CTX_set_next_proto_select_cb()\fR. +.PP +\&\fBSSL_CTX_set_next_protos_advertised_cb()\fR sets a callback \fBcb\fR that is called +when a \s-1TLS\s0 server needs a list of supported protocols for Next Protocol +Negotiation. The returned list must be in protocol-list format, described +below. The list is +returned by setting \fBout\fR to point to it and \fBoutlen\fR to its length. This +memory will not be modified, but the \fB\s-1SSL\s0\fR does keep a +reference to it. The callback should return \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it +wishes to advertise. Otherwise, no such extension will be included in the +ServerHello. +.PP +\&\fBSSL_get0_alpn_selected()\fR returns a pointer to the selected protocol in \fBdata\fR +with length \fBlen\fR. It is not NUL-terminated. \fBdata\fR is set to \s-1NULL\s0 and \fBlen\fR +is set to 0 if no protocol has been selected. \fBdata\fR must not be freed. +.PP +\&\fBSSL_get0_next_proto_negotiated()\fR sets \fBdata\fR and \fBlen\fR to point to the +client's requested protocol for this connection. If the client did not +request any protocol or \s-1NPN\s0 is not enabled, then \fBdata\fR is set to \s-1NULL\s0 and +\&\fBlen\fR to 0. Note that +the client can request any protocol it chooses. The value returned from +this function need not be a member of the list of supported protocols +provided by the callback. +.SH "NOTES" +.IX Header "NOTES" +The protocol-lists must be in wire-format, which is defined as a vector of +non-empty, 8\-bit length-prefixed, byte strings. The length-prefix byte is not +included in the length. Each string is limited to 255 bytes. A byte-string +length of 0 is invalid. A truncated byte-string is invalid. The length of the +vector is not in the vector itself, but in a separate variable. +.PP +Example: +.PP +.Vb 5 +\& unsigned char vector[] = { +\& 6, \*(Aqs\*(Aq, \*(Aqp\*(Aq, \*(Aqd\*(Aq, \*(Aqy\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq, +\& 8, \*(Aqh\*(Aq, \*(Aqt\*(Aq, \*(Aqt\*(Aq, \*(Aqp\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq, \*(Aq.\*(Aq, \*(Aq1\*(Aq +\& }; +\& unsigned int length = sizeof(vector); +.Ve +.PP +The \s-1ALPN\s0 callback is executed after the servername callback; as that servername +callback may update the \s-1SSL_CTX,\s0 and subsequently, the \s-1ALPN\s0 callback. +.PP +If there is no \s-1ALPN\s0 proposed in the ClientHello, the \s-1ALPN\s0 callback is not +invoked. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR return 0 on success, and +non\-0 on failure. \s-1WARNING:\s0 these functions reverse the return value convention. +.PP +\&\fBSSL_select_next_proto()\fR returns one of the following: +.IP "\s-1OPENSSL_NPN_NEGOTIATED\s0" 4 +.IX Item "OPENSSL_NPN_NEGOTIATED" +A match was found and is returned in \fBout\fR, \fBoutlen\fR. +.IP "\s-1OPENSSL_NPN_NO_OVERLAP\s0" 4 +.IX Item "OPENSSL_NPN_NO_OVERLAP" +No match was found. The first item in \fBclient\fR, \fBclient_len\fR is returned in +\&\fBout\fR, \fBoutlen\fR. +.PP +The \s-1ALPN\s0 select callback \fBcb\fR, must return one of the following: +.IP "\s-1SSL_TLSEXT_ERR_OK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_OK" +\&\s-1ALPN\s0 protocol selected. +.IP "\s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0" 4 +.IX Item "SSL_TLSEXT_ERR_ALERT_FATAL" +There was no overlap between the client's supplied list and the server +configuration. +.IP "\s-1SSL_TLSEXT_ERR_NOACK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_NOACK" +\&\s-1ALPN\s0 protocol not selected, e.g., because no \s-1ALPN\s0 protocols are configured for +this connection. +.PP +The callback set using \fBSSL_CTX_set_next_proto_select_cb()\fR should return +\&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if successful. Any other value is fatal to the connection. +.PP +The callback set using \fBSSL_CTX_set_next_protos_advertised_cb()\fR should return +\&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it wishes to advertise. Otherwise, no such extension +will be included in the ServerHello. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), +\&\fBSSL_CTX_set_tlsext_servername_arg\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_cert_cb.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_cert_cb.3 new file mode 100644 index 00000000..42583adb --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_cert_cb.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_CB 3" +.TH SSL_CTX_SET_CERT_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_cb, SSL_set_cert_cb \- handle certificate callback function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), +\& void *arg); +\& void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg); +\& +\& int (*cert_cb)(SSL *ssl, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR sets the \fBcert_cb()\fR callback, +\&\fBarg\fR value is pointer which is passed to the application callback. +.PP +When \fBcert_cb()\fR is \s-1NULL,\s0 no callback function is used. +.PP +\&\fBcert_cb()\fR is the application defined callback. It is called before a +certificate will be used by a client or server. The callback can then inspect +the passed \fBssl\fR structure and set or clear any appropriate certificates. If +the callback is successful it \fB\s-1MUST\s0\fR return 1 even if no certificates have +been set. A zero is returned on error which will abort the handshake with a +fatal internal error alert. A negative return value will suspend the handshake +and the handshake function will return immediately. +\&\fBSSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to +indicate, that the handshake was suspended. The next call to the handshake +function will again lead to the call of \fBcert_cb()\fR. It is the job of the +\&\fBcert_cb()\fR to store information about the state of the last call, +if required to continue. +.SH "NOTES" +.IX Header "NOTES" +An application will typically call \fBSSL_use_certificate()\fR and +\&\fBSSL_use_PrivateKey()\fR to set the end entity certificate and private key. +It can add intermediate and optionally the root \s-1CA\s0 certificates using +\&\fBSSL_add1_chain_cert()\fR. +.PP +It might also call \fBSSL_certs_clear()\fR to delete any certificates associated +with the \fB\s-1SSL\s0\fR object. +.PP +The certificate callback functionality supersedes the (largely broken) +functionality provided by the old client certificate callback interface. +It is \fBalways\fR called even is a certificate is already set so the callback +can modify or delete the existing certificate. +.PP +A more advanced callback might examine the handshake parameters and set +whatever chain is appropriate. For example a legacy client supporting only +TLSv1.0 might receive a certificate chain signed using \s-1SHA1\s0 whereas a +TLSv1.2 or later client which advertises support for \s-1SHA256\s0 could receive a +chain using \s-1SHA256.\s0 +.PP +Normal server sanity checks are performed on any certificates set +by the callback. So if an \s-1EC\s0 chain is set for a curve the client does not +support it will \fBnot\fR be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_use_certificate\fR\|(3), +\&\fBSSL_add1_chain_cert\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_cert_store.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_cert_store.3 new file mode 100644 index 00000000..41d9f44a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_cert_store.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_STORE 3" +.TH SSL_CTX_SET_CERT_STORE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); +\& void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store); +\& X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage +of \fBctx\fR to/with \fBstore\fR. If another X509_STORE object is currently +set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. +.PP +\&\fBSSL_CTX_set1_cert_store()\fR sets/replaces the certificate verification storage +of \fBctx\fR to/with \fBstore\fR. The \fBstore\fR's reference count is incremented. +If another X509_STORE object is currently set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. +.PP +\&\fBSSL_CTX_get_cert_store()\fR returns a pointer to the current certificate +verification storage. +.SH "NOTES" +.IX Header "NOTES" +In order to verify the certificates presented by the peer, trusted \s-1CA\s0 +certificates must be accessed. These \s-1CA\s0 certificates are made available +via lookup methods, handled inside the X509_STORE. From the X509_STORE +the X509_STORE_CTX used when verifying certificates is created. +.PP +Typically the trusted certificate store is handled indirectly via using +\&\fBSSL_CTX_load_verify_locations\fR\|(3). +Using the \fBSSL_CTX_set_cert_store()\fR and \fBSSL_CTX_get_cert_store()\fR functions +it is possible to manipulate the X509_STORE object beyond the +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +call. +.PP +Currently no detailed documentation on how to use the X509_STORE +object is available. Not all members of the X509_STORE are used when +the verification takes place. So will e.g. the \fBverify_callback()\fR be +overridden with the \fBverify_callback()\fR set via the +\&\fBSSL_CTX_set_verify\fR\|(3) family of functions. +This document must therefore be updated when documentation about the +X509_STORE object and its handling becomes available. +.PP +\&\fBSSL_CTX_set_cert_store()\fR does not increment the \fBstore\fR's reference +count, so it should not be used to assign an X509_STORE that is owned +by another \s-1SSL_CTX.\s0 +.PP +To share X509_STOREs between two SSL_CTXs, use \fBSSL_CTX_get_cert_store()\fR +to get the X509_STORE from the first \s-1SSL_CTX,\s0 and then use +\&\fBSSL_CTX_set1_cert_store()\fR to assign to the second \s-1SSL_CTX\s0 and +increment the reference count of the X509_STORE. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +The X509_STORE structure used by an \s-1SSL_CTX\s0 is used for verifying peer +certificates and building certificate chains, it is also shared by +every child \s-1SSL\s0 structure. Applications wanting finer control can use +functions such as \fBSSL_CTX_set1_verify_cert_store()\fR instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_cert_store()\fR does not return diagnostic output. +.PP +\&\fBSSL_CTX_set1_cert_store()\fR does not return diagnostic output. +.PP +\&\fBSSL_CTX_get_cert_store()\fR returns the current setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_cert_verify_callback.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_cert_verify_callback.3 new file mode 100644 index 00000000..77386a6a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_cert_verify_callback.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_VERIFY_CALLBACK 3" +.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, +\& int (*callback)(X509_STORE_CTX *, void *), +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for +\&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at +the time when \fBSSL_new\fR\|(3) is called. +.SH "NOTES" +.IX Header "NOTES" +Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification +function is called. If the application does not explicitly specify a +verification callback function, the built-in verification function is used. +If a verification callback \fIcallback\fR is specified via +\&\fBSSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called +instead. By setting \fIcallback\fR to \s-1NULL,\s0 the default behaviour is restored. +.PP +When the verification must be performed, \fIcallback\fR will be called with +the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The +argument \fIarg\fR is specified by the application when setting \fIcallback\fR. +.PP +\&\fIcallback\fR should return 1 to indicate verification success and 0 to +indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fIcallback\fR +returns 0, the handshake will fail. As the verification procedure may +allow the connection to continue in the case of failure (by always +returning 1) the verification result must be set in any case using the +\&\fBerror\fR member of \fIx509_store_ctx\fR so that the calling application +will be informed about the detailed result of the verification procedure! +.PP +Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR +function set using \fBSSL_CTX_set_verify\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_cert_verify_callback()\fR does not return a value. +.SH "WARNINGS" +.IX Header "WARNINGS" +Do not mix the verification callback described in this function with the +\&\fBverify_callback\fR function called during the verification process. The +latter is set using the \fBSSL_CTX_set_verify\fR\|(3) +family of functions. +.PP +Providing a complete verification procedure including certificate purpose +settings etc is a complex task. The built-in procedure is quite powerful +and in most cases it should be sufficient to modify its behaviour using +the \fBverify_callback\fR function. +.SH "BUGS" +.IX Header "BUGS" +\&\fBSSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_cipher_list.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_cipher_list.3 new file mode 100644 index 00000000..bb4965c5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_cipher_list.3 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CIPHER_LIST 3" +.TH SSL_CTX_SET_CIPHER_LIST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cipher_list, SSL_set_cipher_list, SSL_CTX_set_ciphersuites, SSL_set_ciphersuites \&\- choose list of available SSL_CIPHERs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); +\& int SSL_set_cipher_list(SSL *ssl, const char *str); +\& +\& int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +\& int SSL_set_ciphersuites(SSL *s, const char *str); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_cipher_list()\fR sets the list of available ciphers (TLSv1.2 and below) +for \fBctx\fR using the control string \fBstr\fR. The format of the string is described +in \fBciphers\fR\|(1). The list of ciphers is inherited by all +\&\fBssl\fR objects created from \fBctx\fR. This function does not impact TLSv1.3 +ciphersuites. Use \fBSSL_CTX_set_ciphersuites()\fR to configure those. +.PP +\&\fBSSL_set_cipher_list()\fR sets the list of ciphers (TLSv1.2 and below) only for +\&\fBssl\fR. +.PP +\&\fBSSL_CTX_set_ciphersuites()\fR is used to configure the available TLSv1.3 +ciphersuites for \fBctx\fR. This is a simple colon (\*(L":\*(R") separated list of TLSv1.3 +ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are: +.IP "\s-1TLS_AES_128_GCM_SHA256\s0" 4 +.IX Item "TLS_AES_128_GCM_SHA256" +.PD 0 +.IP "\s-1TLS_AES_256_GCM_SHA384\s0" 4 +.IX Item "TLS_AES_256_GCM_SHA384" +.IP "\s-1TLS_CHACHA20_POLY1305_SHA256\s0" 4 +.IX Item "TLS_CHACHA20_POLY1305_SHA256" +.IP "\s-1TLS_AES_128_CCM_SHA256\s0" 4 +.IX Item "TLS_AES_128_CCM_SHA256" +.IP "\s-1TLS_AES_128_CCM_8_SHA256\s0" 4 +.IX Item "TLS_AES_128_CCM_8_SHA256" +.PD +.PP +An empty list is permissible. The default value for the this setting is: +.PP +\&\*(L"\s-1TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256\*(R"\s0 +.PP +\&\fBSSL_set_ciphersuites()\fR is the same as \fBSSL_CTX_set_ciphersuites()\fR except it +configures the ciphersuites for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The control string \fBstr\fR for \fBSSL_CTX_set_cipher_list()\fR and +\&\fBSSL_set_cipher_list()\fR should be universally usable and not depend +on details of the library configuration (ciphers compiled in). Thus no +syntax checking takes place. Items that are not recognized, because the +corresponding ciphers are not compiled in or because they are mistyped, +are simply ignored. Failure is only flagged if no ciphers could be collected +at all. +.PP +It should be noted, that inclusion of a cipher to be used into the list is +a necessary condition. On the client side, the inclusion into the list is +also sufficient unless the security level excludes it. On the server side, +additional restrictions apply. All ciphers have additional requirements. +\&\s-1ADH\s0 ciphers don't need a certificate, but DH-parameters must have been set. +All other ciphers need a corresponding certificate and key. +.PP +A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is available. +\&\s-1RSA\s0 ciphers using \s-1DHE\s0 need a certificate and key and additional DH-parameters +(see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). +.PP +A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. +\&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters +(see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). +.PP +When these conditions are not met for any cipher in the list (e.g. a +client only supports export \s-1RSA\s0 ciphers with an asymmetric key length +of 512 bits and the server is not configured to use temporary \s-1RSA\s0 +keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated +and the handshake will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_cipher_list()\fR and \fBSSL_set_cipher_list()\fR return 1 if any cipher +could be selected and 0 on complete failure. +.PP +\&\fBSSL_CTX_set_ciphersuites()\fR and \fBSSL_set_ciphersuites()\fR return 1 if the requested +ciphersuite list was configured, and 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_ciphers\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBciphers\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_client_cert_cb.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_client_cert_cb.3 new file mode 100644 index 00000000..e565dc6d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_client_cert_cb.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CLIENT_CERT_CB 3" +.TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, +\& int (*client_cert_cb)(SSL *ssl, X509 **x509, +\& EVP_PKEY **pkey)); +\& int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, +\& EVP_PKEY **pkey); +\& int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_client_cert_cb()\fR sets the \fBclient_cert_cb()\fR callback, that is +called when a client certificate is requested by a server and no certificate +was yet set for the \s-1SSL\s0 object. +.PP +When \fBclient_cert_cb()\fR is \s-1NULL,\s0 no callback function is used. +.PP +\&\fBSSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback +function. +.PP +\&\fBclient_cert_cb()\fR is the application defined callback. If it wants to +set a certificate, a certificate/private key combination must be set +using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. The +certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. +If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate +will be sent. A negative return value will suspend the handshake and the +handshake function will return immediately. \fBSSL_get_error\fR\|(3) +will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was +suspended. The next call to the handshake function will again lead to the call +of \fBclient_cert_cb()\fR. It is the job of the \fBclient_cert_cb()\fR to store information +about the state of the last call, if required to continue. +.SH "NOTES" +.IX Header "NOTES" +During a handshake (or renegotiation) a server may request a certificate +from the client. A client certificate must only be sent, when the server +did send the request. +.PP +When a certificate was set using the +\&\fBSSL_CTX_use_certificate\fR\|(3) family of functions, +it will be sent to the server. The \s-1TLS\s0 standard requires that only a +certificate is sent, if it matches the list of acceptable CAs sent by the +server. This constraint is violated by the default behavior of the OpenSSL +library. Using the callback function it is possible to implement a proper +selection routine or to allow a user interaction to choose the certificate to +be sent. +.PP +If a callback function is defined and no certificate was yet defined for the +\&\s-1SSL\s0 object, the callback function will be called. +If the callback function returns a certificate, the OpenSSL library +will try to load the private key and certificate data into the \s-1SSL\s0 +object using the \fBSSL_use_certificate()\fR and \fBSSL_use_private_key()\fR functions. +Thus it will permanently install the certificate and key for this \s-1SSL\s0 +object. It will not be reset by calling \fBSSL_clear\fR\|(3). +If the callback returns no certificate, the OpenSSL library will not send +a certificate. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_get_client_cert_cb()\fR returns function pointer of \fBclient_cert_cb()\fR or +\&\s-1NULL\s0 if the callback is not set. +.SH "BUGS" +.IX Header "BUGS" +The \fBclient_cert_cb()\fR cannot return a complete certificate chain, it can +only return one client certificate. If the chain only has a length of 2, +the root \s-1CA\s0 certificate may be omitted according to the \s-1TLS\s0 standard and +thus a standard conforming answer can be sent to the server. For a +longer chain, the client must send the complete chain (with the option +to leave out the root \s-1CA\s0 certificate). This can only be accomplished by +either adding the intermediate \s-1CA\s0 certificates into the trusted +certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add +\&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding +the chain certificates using the +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that +therefore probably can only apply for one client certificate, making +the concept of the callback function (to allow the choice from several +certificates) questionable. +.PP +Once the \s-1SSL\s0 object has been used in conjunction with the callback function, +the certificate will be set for the \s-1SSL\s0 object and will not be cleared +even when \fBSSL_clear\fR\|(3) is being called. It is therefore +mandatory to destroy the \s-1SSL\s0 object using \fBSSL_free\fR\|(3) +and create a new one to return to the previous state. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_client_hello_cb.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_client_hello_cb.3 new file mode 100644 index 00000000..0ed9b053 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_client_hello_cb.3 @@ -0,0 +1,262 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CLIENT_HELLO_CB 3" +.TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext \- callback functions for early server\-side ClientHello processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 10 +\& typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg); +\& void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn *f, +\& void *arg); +\& int SSL_client_hello_isv2(SSL *s); +\& unsigned int SSL_client_hello_get0_legacy_version(SSL *s); +\& size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); +\& size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); +\& size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); +\& size_t SSL_client_hello_get0_compression_methods(SSL *s, +\& const unsigned char **out); +\& int SSL_client_hello_get1_extensions_present(SSL *s, int **out, +\& size_t *outlen); +\& int SSL_client_hello_get0_ext(SSL *s, int type, const unsigned char **out, +\& size_t *outlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_client_hello_cb()\fR sets the callback function, which is automatically +called during the early stages of ClientHello processing on the server. +The argument supplied when setting the callback is passed back to the +callback at runtime. A callback that returns failure (0) will cause the +connection to terminate, and callbacks returning failure should indicate +what alert value is to be sent in the \fBal\fR parameter. A callback may +also return a negative value to suspend the handshake, and the handshake +function will return immediately. \fBSSL_get_error\fR\|(3) will return +\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 to indicate that the handshake was suspended. +It is the job of the ClientHello callback to store information about the state +of the last call if needed to continue. On the next call into the handshake +function, the ClientHello callback will be called again, and, if it returns +success, normal handshake processing will continue from that point. +.PP +\&\fBSSL_client_hello_isv2()\fR indicates whether the ClientHello was carried in a +SSLv2 record and is in the SSLv2 format. The SSLv2 format has substantial +differences from the normal SSLv3 format, including using three bytes per +cipher suite, and not allowing extensions. Additionally, the SSLv2 format +\&'challenge' field is exposed via \fBSSL_client_hello_get0_random()\fR, padded to +\&\s-1SSL3_RANDOM_SIZE\s0 bytes with zeros if needed. For SSLv2 format ClientHellos, +\&\fBSSL_client_hello_get0_compression_methods()\fR returns a dummy list that only includes +the null compression method, since the SSLv2 format does not include a +mechanism by which to negotiate compression. +.PP +\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, +\&\fBSSL_client_hello_get0_ciphers()\fR, and +\&\fBSSL_client_hello_get0_compression_methods()\fR provide access to the corresponding +ClientHello fields, returning the field length and optionally setting an out +pointer to the octets of that field. +.PP +Similarly, \fBSSL_client_hello_get0_ext()\fR provides access to individual extensions +from the ClientHello on a per-extension basis. For the provided wire +protocol extension type value, the extension value and length are returned +in the output parameters (if present). +.PP +\&\fBSSL_client_hello_get1_extensions_present()\fR can be used prior to +\&\fBSSL_client_hello_get0_ext()\fR, to determine which extensions are present in the +ClientHello before querying for them. The \fBout\fR and \fBoutlen\fR parameters are +both required, and on success the caller must release the storage allocated for +\&\fB*out\fR using \fBOPENSSL_free()\fR. The contents of \fB*out\fR is an array of integers +holding the numerical value of the \s-1TLS\s0 extension types in the order they appear +in the ClientHello. \fB*outlen\fR contains the number of elements in the array. +In situations when the ClientHello has no extensions, the function will return +success with \fB*out\fR set to \s-1NULL\s0 and \fB*outlen\fR set to 0. +.SH "NOTES" +.IX Header "NOTES" +The ClientHello callback provides a vast window of possibilities for application +code to affect the \s-1TLS\s0 handshake. A primary use of the callback is to +allow the server to examine the server name indication extension provided +by the client in order to select an appropriate certificate to present, +and make other configuration adjustments relevant to that server name +and its configuration. Such configuration changes can include swapping out +the associated \s-1SSL_CTX\s0 pointer, modifying the server's list of permitted \s-1TLS\s0 +versions, changing the server's cipher list in response to the client's +cipher list, etc. +.PP +It is also recommended that applications utilize a ClientHello callback and +not use a servername callback, in order to avoid unexpected behavior that +occurs due to the relative order of processing between things like session +resumption and the historical servername callback. +.PP +The SSL_client_hello_* family of functions may only be called from code executing +within a ClientHello callback. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The application's supplied ClientHello callback returns +\&\s-1SSL_CLIENT_HELLO_SUCCESS\s0 on success, \s-1SSL_CLIENT_HELLO_ERROR\s0 on failure, and +\&\s-1SSL_CLIENT_HELLO_RETRY\s0 to suspend processing. +.PP +\&\fBSSL_client_hello_isv2()\fR returns 1 for SSLv2\-format ClientHellos and 0 otherwise. +.PP +\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, +\&\fBSSL_client_hello_get0_ciphers()\fR, and +\&\fBSSL_client_hello_get0_compression_methods()\fR return the length of the +corresponding ClientHello fields. If zero is returned, the output pointer +should not be assumed to be valid. +.PP +\&\fBSSL_client_hello_get0_ext()\fR returns 1 if the extension of type 'type' is present, and +0 otherwise. +.PP +\&\fBSSL_client_hello_get1_extensions_present()\fR returns 1 on success and 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), +SSL_bytes_to_cipher_list +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SSL\s0 ClientHello callback, \fBSSL_client_hello_isv2()\fR, +\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, +\&\fBSSL_client_hello_get0_ciphers()\fR, \fBSSL_client_hello_get0_compression_methods()\fR, +\&\fBSSL_client_hello_get0_ext()\fR, and \fBSSL_client_hello_get1_extensions_present()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_ct_validation_callback.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_ct_validation_callback.3 new file mode 100644 index 00000000..0a0e84e6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_ct_validation_callback.3 @@ -0,0 +1,271 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CT_VALIDATION_CALLBACK 3" +.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ssl_ct_validation_cb, SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_disable_ct, SSL_set_ct_validation_callback, SSL_CTX_set_ct_validation_callback, SSL_ct_is_enabled, SSL_CTX_ct_is_enabled \- control Certificate Transparency policy +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, +\& const STACK_OF(SCT) *scts, void *arg); +\& +\& int SSL_enable_ct(SSL *s, int validation_mode); +\& int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); +\& int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, +\& void *arg); +\& int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, +\& ssl_ct_validation_cb callback, +\& void *arg); +\& void SSL_disable_ct(SSL *s); +\& void SSL_CTX_disable_ct(SSL_CTX *ctx); +\& int SSL_ct_is_enabled(const SSL *s); +\& int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_enable_ct()\fR and \fBSSL_CTX_enable_ct()\fR enable the processing of signed +certificate timestamps (SCTs) either for a given \s-1SSL\s0 connection or for all +connections that share the given \s-1SSL\s0 context, respectively. +This is accomplished by setting a built-in \s-1CT\s0 validation callback. +The behaviour of the callback is determined by the \fBvalidation_mode\fR argument, +which can be either of \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR or +\&\fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR as described below. +.PP +If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR, then in a full +\&\s-1TLS\s0 handshake with the verification mode set to \fB\s-1SSL_VERIFY_PEER\s0\fR, if the peer +presents no valid SCTs the handshake will be aborted. +If the verification mode is \fB\s-1SSL_VERIFY_NONE\s0\fR, the handshake will continue +despite lack of valid SCTs. +However, in that case if the verification status before the built-in callback +was \fBX509_V_OK\fR it will be set to \fBX509_V_ERR_NO_VALID_SCTS\fR after the +callback. +Applications can call \fBSSL_get_verify_result\fR\|(3) to check the status at +handshake completion, even after session resumption since the verification +status is part of the saved session state. +See \fBSSL_set_verify\fR\|(3), <\fBSSL_get_verify_result\fR\|(3)>, \fBSSL_session_reused\fR\|(3). +.PP +If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR, then the +handshake continues, and the verification status is not modified, regardless of +the validation status of any SCTs. +The application can still inspect the validation status of the SCTs at +handshake completion. +Note that with session resumption there will not be any SCTs presented during +the handshake. +Therefore, in applications that delay \s-1SCT\s0 policy enforcement until after +handshake completion, such delayed \s-1SCT\s0 checks should only be performed when the +session is not resumed. +.PP +\&\fBSSL_set_ct_validation_callback()\fR and \fBSSL_CTX_set_ct_validation_callback()\fR +register a custom callback that may implement a different policy than either of +the above. +This callback can examine the peer's SCTs and determine whether they are +sufficient to allow the connection to continue. +The \s-1TLS\s0 handshake is aborted if the verification mode is not \fB\s-1SSL_VERIFY_NONE\s0\fR +and the callback returns a non-positive result. +.PP +An arbitrary callback context argument, \fBarg\fR, can be passed in when setting +the callback. +This will be passed to the callback whenever it is invoked. +Ownership of this context remains with the caller. +.PP +If no callback is set, SCTs will not be requested and Certificate Transparency +validation will not occur. +.PP +No callback will be invoked when the peer presents no certificate, e.g. by +employing an anonymous (aNULL) cipher suite. +In that case the handshake continues as it would had no callback been +requested. +Callbacks are also not invoked when the peer certificate chain is invalid or +validated via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records which use a private X.509 +\&\s-1PKI,\s0 or no X.509 \s-1PKI\s0 at all, respectively. +Clients that require SCTs are expected to not have enabled any aNULL ciphers +nor to have specified server verification via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 +records. +.PP +\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR turn off \s-1CT\s0 processing, whether +enabled via the built-in or the custom callbacks, by setting a \s-1NULL\s0 callback. +These may be implemented as macros. +.PP +\&\fBSSL_ct_is_enabled()\fR and \fBSSL_CTX_ct_is_enabled()\fR return 1 if \s-1CT\s0 processing is +enabled via either \fBSSL_enable_ct()\fR or a non-null custom callback, and 0 +otherwise. +.SH "NOTES" +.IX Header "NOTES" +When \s-1SCT\s0 processing is enabled, \s-1OCSP\s0 stapling will be enabled. This is because +one possible source of SCTs is the \s-1OCSP\s0 response from a server. +.PP +The time returned by \fBSSL_SESSION_get_time()\fR will be used to evaluate whether any +presented SCTs have timestamps that are in the future (and therefore invalid). +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +Certificate Transparency validation cannot be enabled and so a callback cannot +be set if a custom client extension handler has been registered to handle \s-1SCT\s0 +extensions (\fBTLSEXT_TYPE_signed_certificate_timestamp\fR). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_enable_ct()\fR, \fBSSL_CTX_enable_ct()\fR, \fBSSL_CTX_set_ct_validation_callback()\fR and +\&\fBSSL_set_ct_validation_callback()\fR return 1 if the \fBcallback\fR is successfully +set. +They return 0 if an error occurs, e.g. a custom client extension handler has +been setup to handle SCTs. +.PP +\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR do not return a result. +.PP +\&\fBSSL_CTX_ct_is_enabled()\fR and \fBSSL_ct_is_enabled()\fR return a 1 if a non-null \s-1CT\s0 +validation callback is set, or 0 if no callback (or equivalently a \s-1NULL\s0 +callback) is set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +<\fBSSL_get_verify_result\fR\|(3)>, +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_set_verify\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_ctlog_list_file.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_ctlog_list_file.3 new file mode 100644 index 00000000..1944734b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_ctlog_list_file.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CTLOG_LIST_FILE 3" +.TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file \- load a Certificate Transparency log list from a file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); +\& int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_default_ctlog_list_file()\fR loads a list of Certificate Transparency +(\s-1CT\s0) logs from the default file location, \*(L"ct_log_list.cnf\*(R", found in the +directory where OpenSSL is installed. +.PP +\&\fBSSL_CTX_set_ctlog_list_file()\fR loads a list of \s-1CT\s0 logs from a specific path. +See \fBCTLOG_STORE_new\fR\|(3) for the file format. +.SH "NOTES" +.IX Header "NOTES" +These functions will not clear the existing \s-1CT\s0 log list \- it will be appended +to. To replace the existing list, use SSL_CTX_set0_ctlog_store first. +.PP +If an error occurs whilst parsing a particular log entry in the file, that log +entry will be skipped. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_default_ctlog_list_file()\fR and \fBSSL_CTX_set_ctlog_list_file()\fR +return 1 if the log list is successfully loaded, and 0 if an error occurs. In +the case of an error, the log list may have been partially loaded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_ct_validation_callback\fR\|(3), +\&\fBCTLOG_STORE_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_default_passwd_cb.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_default_passwd_cb.3 new file mode 100644 index 00000000..647e80b1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_default_passwd_cb.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_DEFAULT_PASSWD_CB 3" +.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata, SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata, SSL_get_default_passwd_cb, SSL_get_default_passwd_cb_userdata \- set or get passwd callback for encrypted PEM file handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +\& void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +\& pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +\& void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +\& +\& void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +\& void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); +\& pem_password_cb *SSL_get_default_passwd_cb(SSL *s); +\& void *SSL_get_default_passwd_cb_userdata(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_default_passwd_cb()\fR sets the default password callback called +when loading/storing a \s-1PEM\s0 certificate with encryption. +.PP +\&\fBSSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to userdata, \fBu\fR, +which will be provided to the password callback on invocation. +.PP +\&\fBSSL_CTX_get_default_passwd_cb()\fR returns a function pointer to the password +callback currently set in \fBctx\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned. +.PP +\&\fBSSL_CTX_get_default_passwd_cb_userdata()\fR returns a pointer to the userdata +currently set in \fBctx\fR. If no userdata was explicitly set, the \s-1NULL\s0 pointer +is returned. +.PP +\&\fBSSL_set_default_passwd_cb()\fR, \fBSSL_set_default_passwd_cb_userdata()\fR, +\&\fBSSL_get_default_passwd_cb()\fR and \fBSSL_get_default_passwd_cb_userdata()\fR perform +the same function as their \s-1SSL_CTX\s0 counterparts, but using an \s-1SSL\s0 object. +.PP +The password callback, which must be provided by the application, hands back the +password to be used during decryption. +On invocation a pointer to userdata +is provided. The function must store the password into the provided buffer +\&\fBbuf\fR which is of size \fBsize\fR. The actual length of the password must +be returned to the calling function. \fBrwflag\fR indicates whether the +callback is used for reading/decryption (rwflag=0) or writing/encryption +(rwflag=1). +For more details, see \fBpem_password_cb\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +When loading or storing private keys, a password might be supplied to +protect the private key. The way this password can be supplied may depend +on the application. If only one private key is handled, it can be practical +to have the callback handle the password dialog interactively. If several +keys have to be handled, it can be practical to ask for the password once, +then keep it in memory and use it several times. In the last case, the +password could be stored into the userdata storage and the +callback only returns the password already stored. +.PP +When asking for the password interactively, the callback can use +\&\fBrwflag\fR to check, whether an item shall be encrypted (rwflag=1). +In this case the password dialog may ask for the same password twice +for comparison in order to catch typos, that would make decryption +impossible. +.PP +Other items in \s-1PEM\s0 formatting (certificates) can also be encrypted, it is +however not usual, as certificate information is considered public. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions do not provide diagnostic information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example returns the password provided as userdata to the +calling function. The password is considered to be a '\e0' terminated +string. If the password does not fit into the buffer, the password is +truncated. +.PP +.Vb 6 +\& int my_cb(char *buf, int size, int rwflag, void *u) +\& { +\& strncpy(buf, (char *)u, size); +\& buf[size \- 1] = \*(Aq\e0\*(Aq; +\& return strlen(buf); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_use_certificate\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_CTX_get_default_passwd_cb()\fR, \fBSSL_CTX_get_default_passwd_cb_userdata()\fR, +\&\fBSSL_set_default_passwd_cb()\fR and \fBSSL_set_default_passwd_cb_userdata()\fR were +added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_ex_data.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_ex_data.3 new file mode 100644 index 00000000..cc82b5b2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_ex_data.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_EX_DATA 3" +.TH SSL_CTX_SET_EX_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_get_ex_data, SSL_CTX_set_ex_data, SSL_get_ex_data, SSL_set_ex_data \&\- Store and retrieve extra data from the SSL_CTX, SSL or SSL_SESSION +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx); +\& +\& int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg); +\& +\& void *SSL_get_ex_data(const SSL *s, int idx); +\& +\& int SSL_set_ex_data(SSL *s, int idx, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +SSL*\fB_set_ex_data()\fR functions can be used to store arbitrary user data into the +\&\fB\s-1SSL_CTX\s0\fR, or \fB\s-1SSL\s0\fR object. The user must supply a unique index +which they can subsequently use to retrieve the data using SSL*\fB_get_ex_data()\fR. +.PP +For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and +\&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and +\&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The SSL*\fB_set_ex_data()\fR functions return 1 if the item is successfully stored +and 0 if it is not. +The SSL*\fB_get_ex_data()\fR functions return the ex_data pointer if successful, +otherwise \s-1NULL.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBCRYPTO_get_ex_data\fR\|(3), \fBCRYPTO_set_ex_data\fR\|(3), +\&\fBCRYPTO_get_ex_new_index\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_generate_session_id.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_generate_session_id.3 new file mode 100644 index 00000000..def1175e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_generate_session_id.3 @@ -0,0 +1,267 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_GENERATE_SESSION_ID 3" +.TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id, GEN_SESSION_CB \&\- manipulate generation of SSL session IDs (server only) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*GEN_SESSION_CB)(SSL *ssl, unsigned char *id, +\& unsigned int *id_len); +\& +\& int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +\& int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb); +\& int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, +\& unsigned int id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBctx\fR to be \fBcb\fR. +.PP +\&\fBSSL_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBssl\fR to be \fBcb\fR. +.PP +\&\fBSSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR +(of length \fBid_len\fR) is already contained in the internal session cache +of the parent context of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When a new session is established between client and server, the server +generates a session id. The session id is an arbitrary sequence of bytes. +The length of the session id is between 1 and 32 bytes. The session id is not +security critical but must be unique for the server. Additionally, the session id is +transmitted in the clear when reusing the session so it must not contain +sensitive information. +.PP +Without a callback being set, an OpenSSL server will generate a unique +session id from pseudo random numbers of the maximum possible length. +Using the callback function, the session id can be changed to contain +additional information like e.g. a host id in order to improve load balancing +or external caching techniques. +.PP +The callback function receives a pointer to the memory location to put +\&\fBid\fR into and a pointer to the maximum allowed length \fBid_len\fR. The +buffer at location \fBid\fR is only guaranteed to have the size \fBid_len\fR. +The callback is only allowed to generate a shorter id and reduce \fBid_len\fR; +the callback \fBmust never\fR increase \fBid_len\fR or write to the location +\&\fBid\fR exceeding the given limit. +.PP +The location \fBid\fR is filled with 0x00 before the callback is called, so the +callback may only fill part of the possible length and leave \fBid_len\fR +untouched while maintaining reproducibility. +.PP +Since the sessions must be distinguished, session ids must be unique. +Without the callback a random number is used, so that the probability +of generating the same session id is extremely small (2^256 for SSLv3/TLSv1). +In order to assure the uniqueness of the generated session id, the callback must call +\&\fBSSL_has_matching_session_id()\fR and generate another id if a conflict occurs. +If an id conflict is not resolved, the handshake will fail. +If the application codes e.g. a unique host id, a unique process number, and +a unique sequence number into the session id, uniqueness could easily be +achieved without randomness added (it should however be taken care that +no confidential information is leaked this way). If the application can not +guarantee uniqueness, it is recommended to use the maximum \fBid_len\fR and +fill in the bytes not used to code special information with random data +to avoid collisions. +.PP +\&\fBSSL_has_matching_session_id()\fR will only query the internal session cache, +not the external one. Since the session id is generated before the +handshake is completed, it is not immediately added to the cache. If +another thread is using the same internal session cache, a race condition +can occur in that another thread generates the same session id. +Collisions can also occur when using an external session cache, since +the external cache is not tested with \fBSSL_has_matching_session_id()\fR +and the same race condition applies. +.PP +The callback must return 0 if it cannot generate a session id for whatever +reason and return 1 on success. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_generate_session_id()\fR and \fBSSL_set_generate_session_id()\fR +always return 1. +.PP +\&\fBSSL_has_matching_session_id()\fR returns 1 if another session with the +same id is already in the cache. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The callback function listed will generate a session id with the +server id given, and will fill the rest with pseudo random bytes: +.PP +.Vb 1 +\& const char session_id_prefix = "www\-18"; +\& +\& #define MAX_SESSION_ID_ATTEMPTS 10 +\& static int generate_session_id(SSL *ssl, unsigned char *id, +\& unsigned int *id_len) +\& { +\& unsigned int count = 0; +\& +\& do { +\& RAND_pseudo_bytes(id, *id_len); +\& /* +\& * Prefix the session_id with the required prefix. NB: If our +\& * prefix is too long, clip it \- but there will be worse effects +\& * anyway, eg. the server could only possibly create 1 session +\& * ID (ie. the prefix!) so all future session negotiations will +\& * fail due to conflicts. +\& */ +\& memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ? +\& strlen(session_id_prefix) : *id_len); +\& } while (SSL_has_matching_session_id(ssl, id, *id_len) +\& && ++count < MAX_SESSION_ID_ATTEMPTS); +\& if (count >= MAX_SESSION_ID_ATTEMPTS) +\& return 0; +\& return 1; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_version\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_info_callback.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_info_callback.3 new file mode 100644 index 00000000..7077198e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_info_callback.3 @@ -0,0 +1,285 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_INFO_CALLBACK 3" +.TH SSL_CTX_SET_INFO_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \&\- handle information callback for SSL connections +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); +\& void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); +\& +\& void SSL_set_info_callback(SSL *ssl, void (*callback)()); +\& void (*SSL_get_info_callback(const SSL *ssl))(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection +setup and use. The setting for \fBctx\fR is overridden from the setting for +a specific \s-1SSL\s0 object, if specified. +When \fBcallback\fR is \s-1NULL,\s0 no callback function is used. +.PP +\&\fBSSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +obtain state information for \fBssl\fR during connection setup and use. +When \fBcallback\fR is \s-1NULL,\s0 the callback setting currently valid for +\&\fBctx\fR is used. +.PP +\&\fBSSL_CTX_get_info_callback()\fR returns a pointer to the currently set information +callback function for \fBctx\fR. +.PP +\&\fBSSL_get_info_callback()\fR returns a pointer to the currently set information +callback function for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When setting up a connection and during use, it is possible to obtain state +information from the \s-1SSL/TLS\s0 engine. When set, an information callback function +is called whenever a significant event occurs such as: the state changes, +an alert appears, or an error occurs. +.PP +The callback function is called as \fBcallback(\s-1SSL\s0 *ssl, int where, int ret)\fR. +The \fBwhere\fR argument specifies information about where (in which context) +the callback function was called. If \fBret\fR is 0, an error condition occurred. +If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the alert +information. +.PP +\&\fBwhere\fR is a bitmask made up of the following bits: +.IP "\s-1SSL_CB_LOOP\s0" 4 +.IX Item "SSL_CB_LOOP" +Callback has been called to indicate state change or some other significant +state machine event. This may mean that the callback gets invoked more than once +per state in some situations. +.IP "\s-1SSL_CB_EXIT\s0" 4 +.IX Item "SSL_CB_EXIT" +Callback has been called to indicate exit of a handshake function. This will +happen after the end of a handshake, but may happen at other times too such as +on error or when \s-1IO\s0 might otherwise block and non-blocking is being used. +.IP "\s-1SSL_CB_READ\s0" 4 +.IX Item "SSL_CB_READ" +Callback has been called during read operation. +.IP "\s-1SSL_CB_WRITE\s0" 4 +.IX Item "SSL_CB_WRITE" +Callback has been called during write operation. +.IP "\s-1SSL_CB_ALERT\s0" 4 +.IX Item "SSL_CB_ALERT" +Callback has been called due to an alert being sent or received. +.IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 +.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" +.PD 0 +.IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 +.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" +.IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" +.IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" +.IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" +.IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" +.IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4 +.IX Item "SSL_CB_HANDSHAKE_START" +.PD +Callback has been called because a new handshake is started. It also occurs when +resuming a handshake following a pause to handle early data. +.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0" 4 +.IX Item "SSL_CB_HANDSHAKE_DONE" +Callback has been called because a handshake is finished. It also occurs if the +handshake is paused to allow the exchange of early data. +.PP +The current state information can be obtained using the +\&\fBSSL_state_string\fR\|(3) family of functions. +.PP +The \fBret\fR information can be evaluated using the +\&\fBSSL_alert_type_string\fR\|(3) family of functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_info_callback()\fR does not provide diagnostic information. +.PP +\&\fBSSL_get_info_callback()\fR returns the current setting. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example callback function prints state strings, information +about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO.\s0 +.PP +.Vb 4 +\& void apps_ssl_info_callback(SSL *s, int where, int ret) +\& { +\& const char *str; +\& int w = where & ~SSL_ST_MASK; +\& +\& if (w & SSL_ST_CONNECT) +\& str = "SSL_connect"; +\& else if (w & SSL_ST_ACCEPT) +\& str = "SSL_accept"; +\& else +\& str = "undefined"; +\& +\& if (where & SSL_CB_LOOP) { +\& BIO_printf(bio_err, "%s:%s\en", str, SSL_state_string_long(s)); +\& } else if (where & SSL_CB_ALERT) { +\& str = (where & SSL_CB_READ) ? "read" : "write"; +\& BIO_printf(bio_err, "SSL3 alert %s:%s:%s\en", str, +\& SSL_alert_type_string_long(ret), +\& SSL_alert_desc_string_long(ret)); +\& } else if (where & SSL_CB_EXIT) { +\& if (ret == 0) { +\& BIO_printf(bio_err, "%s:failed in %s\en", +\& str, SSL_state_string_long(s)); +\& } else if (ret < 0) { +\& BIO_printf(bio_err, "%s:error in %s\en", +\& str, SSL_state_string_long(s)); +\& } +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_state_string\fR\|(3), +\&\fBSSL_alert_type_string\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_keylog_callback.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_keylog_callback.3 new file mode 100644 index 00000000..65e3c423 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_keylog_callback.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_KEYLOG_CALLBACK 3" +.TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, SSL_CTX_keylog_cb_func \- logging TLS key material +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); +\& +\& void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); +\& SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_keylog_callback()\fR sets the \s-1TLS\s0 key logging callback. This callback +is called whenever \s-1TLS\s0 key material is generated or received, in order to allow +applications to store this keying material for debugging purposes. +.PP +\&\fBSSL_CTX_get_keylog_callback()\fR retrieves the previously set \s-1TLS\s0 key logging +callback. If no callback has been set, this will return \s-1NULL.\s0 When there is no +key logging callback, or if SSL_CTX_set_keylog_callback is called with \s-1NULL\s0 as +the value of cb, no logging of key material will be done. +.PP +The key logging callback is called with two items: the \fBssl\fR object associated +with the connection, and \fBline\fR, a string containing the key material in the +format used by \s-1NSS\s0 for its \fB\s-1SSLKEYLOGFILE\s0\fR debugging output. To recreate that +file, the key logging callback should log \fBline\fR, followed by a newline. +\&\fBline\fR will always be a NULL-terminated string. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_get_keylog_callback()\fR returns a pointer to \fBSSL_CTX_keylog_cb_func\fR or +\&\s-1NULL\s0 if the callback is not set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_max_cert_list.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_max_cert_list.3 new file mode 100644 index 00000000..fa5251df --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_max_cert_list.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MAX_CERT_LIST 3" +.TH SSL_CTX_SET_MAX_CERT_LIST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list \- manipulate allowed size for the peer's certificate chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size); +\& long SSL_CTX_get_max_cert_list(SSL_CTX *ctx); +\& +\& long SSL_set_max_cert_list(SSL *ssl, long size); +\& long SSL_get_max_cert_list(SSL *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be bytes. +The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time +\&\fBSSL_new\fR\|(3) is being called. +.PP +\&\fBSSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. +.PP +\&\fBSSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for \fBssl\fR to be bytes. This setting stays valid +until a new value is set. +.PP +\&\fBSSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +During the handshake process, the peer may send a certificate chain. +The \s-1TLS/SSL\s0 standard does not give any maximum size of the certificate chain. +The OpenSSL library handles incoming data by a dynamically allocated buffer. +In order to prevent this buffer from growing without bounds due to data +received from a faulty or malicious peer, a maximum size for the certificate +chain is set. +.PP +The default value for the maximum certificate chain size is 100kB (30kB +on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate +chains (OpenSSL's default maximum chain length is 10, see +\&\fBSSL_CTX_set_verify\fR\|(3), and certificates +without special extensions have a typical size of 1\-2kB). +.PP +For special applications it can be necessary to extend the maximum certificate +chain size allowed to be sent by the peer, see e.g. the work on +\&\*(L"Internet X.509 Public Key Infrastructure Proxy Certificate Profile\*(R" +and \*(L"\s-1TLS\s0 Delegation Protocol\*(R" at http://www.ietf.org/ and +http://www.globus.org/ . +.PP +Under normal conditions it should never be necessary to set a value smaller +than the default, as the buffer is handled dynamically and only uses the +memory actually required by the data sent by the peer. +.PP +If the maximum certificate chain size allowed is exceeded, the handshake will +fail with a \s-1SSL_R_EXCESSIVE_MESSAGE_SIZE\s0 error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_max_cert_list()\fR and \fBSSL_set_max_cert_list()\fR return the previously +set value. +.PP +\&\fBSSL_CTX_get_max_cert_list()\fR and \fBSSL_get_max_cert_list()\fR return the currently +set value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_min_proto_version.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_min_proto_version.3 new file mode 100644 index 00000000..47a68acf --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_min_proto_version.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MIN_PROTO_VERSION 3" +.TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, SSL_set_min_proto_version, SSL_set_max_proto_version, SSL_get_min_proto_version, SSL_get_max_proto_version \- Get and set minimum and maximum supported protocol version +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version); +\& int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version); +\& int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); +\& int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); +\& +\& int SSL_set_min_proto_version(SSL *ssl, int version); +\& int SSL_set_max_proto_version(SSL *ssl, int version); +\& int SSL_get_min_proto_version(SSL *ssl); +\& int SSL_get_max_proto_version(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions get or set the minimum and maximum supported protocol versions +for the \fBctx\fR or \fBssl\fR. +This works in combination with the options set via +\&\fBSSL_CTX_set_options\fR\|(3) that also make it possible to disable +specific protocol versions. +Use these functions instead of disabling specific protocol versions. +.PP +Setting the minimum or maximum version to 0, will enable protocol +versions down to the lowest version, or up to the highest version +supported by the library, respectively. +.PP +Getters return 0 in case \fBctx\fR or \fBssl\fR have been configured to +automatically use the lowest or highest version supported by the library. +.PP +Currently supported versions are \fB\s-1SSL3_VERSION\s0\fR, \fB\s-1TLS1_VERSION\s0\fR, +\&\fB\s-1TLS1_1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR, \fB\s-1TLS1_3_VERSION\s0\fR for \s-1TLS\s0 and +\&\fB\s-1DTLS1_VERSION\s0\fR, \fB\s-1DTLS1_2_VERSION\s0\fR for \s-1DTLS.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These setter functions return 1 on success and 0 on failure. The getter +functions return the configured version or 0 for auto-configuration of +lowest or highest protocol, respectively. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented using macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CONF_cmd\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The setter functions were added in OpenSSL 1.1.0. The getter functions +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_mode.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_mode.3 new file mode 100644 index 00000000..734f718e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_mode.3 @@ -0,0 +1,266 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MODE 3" +.TH SSL_CTX_SET_MODE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate SSL engine mode +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); +\& long SSL_CTX_clear_mode(SSL_CTX *ctx, long mode); +\& long SSL_set_mode(SSL *ssl, long mode); +\& long SSL_clear_mode(SSL *ssl, long mode); +\& +\& long SSL_CTX_get_mode(SSL_CTX *ctx); +\& long SSL_get_mode(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBctx\fR. +Options already set before are not cleared. +\&\fBSSL_CTX_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBctx\fR. +.PP +\&\fBSSL_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBssl\fR. +Options already set before are not cleared. +\&\fBSSL_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBssl\fR. +.PP +\&\fBSSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. +.PP +\&\fBSSL_get_mode()\fR returns the mode set for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The following mode changes are available: +.IP "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4 +.IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE" +Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success +when just a single record has been written). This works in a similar way for +\&\fBSSL_write()\fR. When not set (the default), \fBSSL_write_ex()\fR or \fBSSL_write()\fR will only +report success once the complete chunk was written. Once \fBSSL_write_ex()\fR or +\&\fBSSL_write()\fR returns successful, \fBr\fR bytes have been written and the next call +to \fBSSL_write_ex()\fR or \fBSSL_write()\fR must only send the n\-r bytes left, imitating +the behaviour of \fBwrite()\fR. +.IP "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 +.IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" +Make it possible to retry \fBSSL_write_ex()\fR or \fBSSL_write()\fR with changed buffer +location (the buffer contents must stay the same). This is not the default to +avoid the misconception that non-blocking \fBSSL_write()\fR behaves like +non-blocking \fBwrite()\fR. +.IP "\s-1SSL_MODE_AUTO_RETRY\s0" 4 +.IX Item "SSL_MODE_AUTO_RETRY" +During normal operations, non-application data records might need to be sent or +received that the application is not aware of. +If a non-application data record was processed, +\&\fBSSL_read_ex\fR\|(3) and \fBSSL_read\fR\|(3) can return with a failure and indicate the +need to retry with \fB\s-1SSL_ERROR_WANT_READ\s0\fR. +If such a non-application data record was processed, the flag +\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR causes it to try to process the next record instead of +returning. +.Sp +In a non-blocking environment applications must be prepared to handle +incomplete read/write operations. +Setting \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR for a non-blocking \fB\s-1BIO\s0\fR will process +non-application data records until either no more data is available or +an application data record has been processed. +.Sp +In a blocking environment, applications are not always prepared to +deal with the functions returning intermediate reports such as retry +requests, and setting the \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR flag will cause the functions +to only return after successfully processing an application data record or a +failure. +.Sp +Turning off \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR can be useful with blocking \fB\s-1BIO\s0\fRs in case +they are used in combination with something like \fBselect()\fR or \fBpoll()\fR. +Otherwise the call to \fBSSL_read()\fR or \fBSSL_read_ex()\fR might hang when a +non-application record was sent and no application data was sent. +.IP "\s-1SSL_MODE_RELEASE_BUFFERS\s0" 4 +.IX Item "SSL_MODE_RELEASE_BUFFERS" +When we no longer need a read buffer or a write buffer for a given \s-1SSL,\s0 +then release the memory we were using to hold it. +Using this flag can +save around 34k per idle \s-1SSL\s0 connection. +This flag has no effect on \s-1SSL\s0 v2 connections, or on \s-1DTLS\s0 connections. +.IP "\s-1SSL_MODE_SEND_FALLBACK_SCSV\s0" 4 +.IX Item "SSL_MODE_SEND_FALLBACK_SCSV" +Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. +To be set only by applications that reconnect with a downgraded protocol +version; see draft\-ietf\-tls\-downgrade\-scsv\-00 for details. +.Sp +\&\s-1DO NOT ENABLE THIS\s0 if your application attempts a normal handshake. +Only use this in explicit fallback retries, following the guidance +in draft\-ietf\-tls\-downgrade\-scsv\-00. +.IP "\s-1SSL_MODE_ASYNC\s0" 4 +.IX Item "SSL_MODE_ASYNC" +Enable asynchronous processing. \s-1TLS I/O\s0 operations may indicate a retry with +\&\s-1SSL_ERROR_WANT_ASYNC\s0 with this mode set if an asynchronous capable engine is +used to perform cryptographic operations. See \fBSSL_get_error\fR\|(3). +.IP "\s-1SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG\s0" 4 +.IX Item "SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG" +Older versions of OpenSSL had a bug in the computation of the label length +used for computing the endpoint-pair shared secret. The bug was that the +terminating zero was included in the length of the label. Setting this option +enables this behaviour to allow interoperability with such broken +implementations. Please note that setting this option breaks interoperability +with correct implementations. This option only applies to \s-1DTLS\s0 over \s-1SCTP.\s0 +.PP +All modes are off by default except for \s-1SSL_MODE_AUTO_RETRY\s0 which is on by +default since 1.1.1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_mode()\fR and \fBSSL_set_mode()\fR return the new mode bitmask +after adding \fBmode\fR. +.PP +\&\fBSSL_CTX_get_mode()\fR and \fBSSL_get_mode()\fR return the current bitmask. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or +\&\fBSSL_write\fR\|(3), \fBSSL_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1SSL_MODE_ASYNC\s0 was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_msg_callback.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_msg_callback.3 new file mode 100644 index 00000000..5bc174a8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_msg_callback.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MSG_CALLBACK 3" +.TH SSL_CTX_SET_MSG_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_set_msg_callback_arg \&\- install callback for observing protocol messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_msg_callback(SSL_CTX *ctx, +\& void (*cb)(int write_p, int version, +\& int content_type, const void *buf, +\& size_t len, SSL *ssl, void *arg)); +\& void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); +\& +\& void SSL_set_msg_callback(SSL *ssl, +\& void (*cb)(int write_p, int version, +\& int content_type, const void *buf, +\& size_t len, SSL *ssl, void *arg)); +\& void SSL_set_msg_callback_arg(SSL *ssl, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_msg_callback()\fR or \fBSSL_set_msg_callback()\fR can be used to +define a message callback function \fIcb\fR for observing all \s-1SSL/TLS\s0 +protocol messages (such as handshake messages) that are received or +sent, as well as other events that occur during processing. +\&\fBSSL_CTX_set_msg_callback_arg()\fR and \fBSSL_set_msg_callback_arg()\fR +can be used to set argument \fIarg\fR to the callback function, which is +available for arbitrary application use. +.PP +\&\fBSSL_CTX_set_msg_callback()\fR and \fBSSL_CTX_set_msg_callback_arg()\fR specify +default settings that will be copied to new \fB\s-1SSL\s0\fR objects by +\&\fBSSL_new\fR\|(3). \fBSSL_set_msg_callback()\fR and +\&\fBSSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR +object. Using a \fB\s-1NULL\s0\fR pointer for \fIcb\fR disables the message callback. +.PP +When \fIcb\fR is called by the \s-1SSL/TLS\s0 library the function arguments have the +following meaning: +.IP "\fIwrite_p\fR" 4 +.IX Item "write_p" +This flag is \fB0\fR when a protocol message has been received and \fB1\fR +when a protocol message has been sent. +.IP "\fIversion\fR" 4 +.IX Item "version" +The protocol version according to which the protocol message is +interpreted by the library such as \fB\s-1TLS1_3_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR etc. +This is set to 0 for the \s-1SSL3_RT_HEADER\s0 pseudo content type (see \s-1NOTES\s0 below). +.IP "\fIcontent_type\fR" 4 +.IX Item "content_type" +This is one of the content type values defined in the protocol specification +(\fB\s-1SSL3_RT_CHANGE_CIPHER_SPEC\s0\fR, \fB\s-1SSL3_RT_ALERT\s0\fR, \fB\s-1SSL3_RT_HANDSHAKE\s0\fR; but never +\&\fB\s-1SSL3_RT_APPLICATION_DATA\s0\fR because the callback will only be called for protocol +messages). Alternatively it may be a \*(L"pseudo\*(R" content type. These pseudo +content types are used to signal some other event in the processing of data (see +\&\s-1NOTES\s0 below). +.IP "\fIbuf\fR, \fIlen\fR" 4 +.IX Item "buf, len" +\&\fIbuf\fR points to a buffer containing the protocol message or other data (in the +case of pseudo content types), which consists of \fIlen\fR bytes. The buffer is no +longer valid after the callback function has returned. +.IP "\fIssl\fR" 4 +.IX Item "ssl" +The \fB\s-1SSL\s0\fR object that received or sent the message. +.IP "\fIarg\fR" 4 +.IX Item "arg" +The user-defined argument optionally defined by +\&\fBSSL_CTX_set_msg_callback_arg()\fR or \fBSSL_set_msg_callback_arg()\fR. +.SH "NOTES" +.IX Header "NOTES" +Protocol messages are passed to the callback function after decryption +and fragment collection where applicable. (Thus record boundaries are +not visible.) +.PP +If processing a received protocol message results in an error, +the callback function may not be called. For example, the callback +function will never see messages that are considered too large to be +processed. +.PP +Due to automatic protocol version negotiation, \fIversion\fR is not +necessarily the protocol version used by the sender of the message: If +a \s-1TLS 1.0\s0 ClientHello message is received by an \s-1SSL 3\s0.0\-only server, +\&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. +.PP +Pseudo content type values may be sent at various points during the processing +of data. The following pseudo content types are currently defined: +.IP "\fB\s-1SSL3_RT_HEADER\s0\fR" 4 +.IX Item "SSL3_RT_HEADER" +Used when a record is sent or received. The \fBbuf\fR contains the record header +bytes only. +.IP "\fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR" 4 +.IX Item "SSL3_RT_INNER_CONTENT_TYPE" +Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3 +records the content type in the record header is always +\&\s-1SSL3_RT_APPLICATION_DATA.\s0 The real content type for the record is contained in +an \*(L"inner\*(R" content type. \fBbuf\fR contains the encoded \*(L"inner\*(R" content type byte. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_msg_callback()\fR, \fBSSL_CTX_set_msg_callback_arg()\fR, \fBSSL_set_msg_callback()\fR +and \fBSSL_set_msg_callback_arg()\fR do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The pseudo content type \fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_num_tickets.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_num_tickets.3 new file mode 100644 index 00000000..1b7ec7f4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_num_tickets.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_NUM_TICKETS 3" +.TH SSL_CTX_SET_NUM_TICKETS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_num_tickets, SSL_get_num_tickets, SSL_CTX_set_num_tickets, SSL_CTX_get_num_tickets \&\- control the number of TLSv1.3 session tickets that are issued +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set_num_tickets(SSL *s, size_t num_tickets); +\& size_t SSL_get_num_tickets(SSL *s); +\& int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +\& size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR can be called for a server +application and set the number of TLSv1.3 session tickets that will be sent to +the client after a full handshake. Set the desired value (which could be 0) in +the \fBnum_tickets\fR argument. Typically these functions should be called before +the start of the handshake. +.PP +The default number of tickets is 2; the default number of tickets sent following +a resumption handshake is 1 but this cannot be changed using these functions. +The number of tickets following a resumption handshake can be reduced to 0 using +custom session ticket callbacks (see \fBSSL_CTX_set_session_ticket_cb\fR\|(3)). +.PP +Tickets are also issued on receipt of a post-handshake certificate from the +client following a request by the server using +\&\fBSSL_verify_client_post_handshake\fR\|(3). These new tickets will be associated +with the updated client identity (i.e. including their certificate and +verification status). The number of tickets issued will normally be the same as +was used for the initial handshake. If the initial handshake was a full +handshake then \fBSSL_set_num_tickets()\fR can be called again prior to calling +\&\fBSSL_verify_client_post_handshake()\fR to update the number of tickets that will be +sent. +.PP +\&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of +tickets set by a previous call to \fBSSL_CTX_set_num_tickets()\fR or +\&\fBSSL_set_num_tickets()\fR, or 2 if no such call has been made. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR return 1 on success or 0 on +failure. +.PP +\&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of tickets +that have been previously set. +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_options.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_options.3 new file mode 100644 index 00000000..ed899f11 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_options.3 @@ -0,0 +1,471 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_OPTIONS 3" +.TH SSL_CTX_SET_OPTIONS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support \- manipulate SSL options +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_options(SSL_CTX *ctx, long options); +\& long SSL_set_options(SSL *ssl, long options); +\& +\& long SSL_CTX_clear_options(SSL_CTX *ctx, long options); +\& long SSL_clear_options(SSL *ssl, long options); +\& +\& long SSL_CTX_get_options(SSL_CTX *ctx); +\& long SSL_get_options(SSL *ssl); +\& +\& long SSL_get_secure_renegotiation_support(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR. +Options already set before are not cleared! +.PP +\&\fBSSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR. +Options already set before are not cleared! +.PP +\&\fBSSL_CTX_clear_options()\fR clears the options set via bitmask in \fBoptions\fR +to \fBctx\fR. +.PP +\&\fBSSL_clear_options()\fR clears the options set via bitmask in \fBoptions\fR to \fBssl\fR. +.PP +\&\fBSSL_CTX_get_options()\fR returns the options set for \fBctx\fR. +.PP +\&\fBSSL_get_options()\fR returns the options set for \fBssl\fR. +.PP +\&\fBSSL_get_secure_renegotiation_support()\fR indicates whether the peer supports +secure renegotiation. +Note, this is implemented via a macro. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of the \s-1SSL\s0 library can be changed by setting several options. +The options are coded as bitmasks and can be combined by a bitwise \fBor\fR +operation (|). +.PP +\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR affect the (external) +protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of +the \s-1API\s0 can be changed by using the similar +\&\fBSSL_CTX_set_mode\fR\|(3) and \fBSSL_set_mode()\fR functions. +.PP +During a handshake, the option settings of the \s-1SSL\s0 object are used. When +a new \s-1SSL\s0 object is created from a context using \fBSSL_new()\fR, the current +option setting is copied. Changes to \fBctx\fR do not affect already created +\&\s-1SSL\s0 objects. \fBSSL_clear()\fR does not affect the settings. +.PP +The following \fBbug workaround\fR options are available: +.IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4 +.IX Item "SSL_OP_SAFARI_ECDHE_ECDSA_BUG" +Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS X. +OS X 10.8..10.8.3\s0 has broken support for ECDHE-ECDSA ciphers. +.IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 +.IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" +Disables a countermeasure against a \s-1SSL 3.0/TLS 1.0\s0 protocol +vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some +broken \s-1SSL\s0 implementations. This option has no effect for connections +using other ciphers. +.IP "\s-1SSL_OP_TLSEXT_PADDING\s0" 4 +.IX Item "SSL_OP_TLSEXT_PADDING" +Adds a padding extension to ensure the ClientHello size is never between +256 and 511 bytes in length. This is needed as a workaround for some +implementations. +.IP "\s-1SSL_OP_ALL\s0" 4 +.IX Item "SSL_OP_ALL" +All of the above bug workarounds plus \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR as +mentioned below. +.PP +It is usually safe to use \fB\s-1SSL_OP_ALL\s0\fR to enable the bug workaround +options if compatibility with somewhat broken implementations is +desired. +.PP +The following \fBmodifying\fR options are available: +.IP "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 +.IX Item "SSL_OP_TLS_ROLLBACK_BUG" +Disable version rollback attack detection. +.Sp +During the client key exchange, the client must send the same information +about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some +clients violate this rule by adapting to the server's answer. (Example: +the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server +only understands up to SSLv3. In this case the client must still use the +same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect +to the server's answer and violate the version rollback protection.) +.IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 +.IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" +When choosing a cipher, use the server's preferences instead of the client +preferences. When not set, the \s-1SSL\s0 server will always follow the clients +preferences. When set, the \s-1SSL/TLS\s0 server will choose following its +own preferences. +.IP "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" 4 +.IX Item "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" +These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol +versions with \s-1TLS\s0 or the DTLSv1, DTLSv1.2 versions with \s-1DTLS,\s0 +respectively. +As of OpenSSL 1.1.0, these options are deprecated, use +\&\fBSSL_CTX_set_min_proto_version\fR\|(3) and +\&\fBSSL_CTX_set_max_proto_version\fR\|(3) instead. +.IP "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" +When performing renegotiation as a server, always start a new session +(i.e., session resumption requests are only accepted in the initial +handshake). This option is not needed for clients. +.IP "\s-1SSL_OP_NO_COMPRESSION\s0" 4 +.IX Item "SSL_OP_NO_COMPRESSION" +Do not use compression even if it is supported. +.IP "\s-1SSL_OP_NO_QUERY_MTU\s0" 4 +.IX Item "SSL_OP_NO_QUERY_MTU" +Do not query the \s-1MTU.\s0 Only affects \s-1DTLS\s0 connections. +.IP "\s-1SSL_OP_COOKIE_EXCHANGE\s0" 4 +.IX Item "SSL_OP_COOKIE_EXCHANGE" +Turn on Cookie Exchange as described in \s-1RFC4347\s0 Section 4.2.1. Only affects +\&\s-1DTLS\s0 connections. +.IP "\s-1SSL_OP_NO_TICKET\s0" 4 +.IX Item "SSL_OP_NO_TICKET" +\&\s-1SSL/TLS\s0 supports two mechanisms for resuming sessions: session ids and stateless +session tickets. +.Sp +When using session ids a copy of the session information is +cached on the server and a unique id is sent to the client. When the client +wishes to resume it provides the unique id so that the server can retrieve the +session information from its cache. +.Sp +When using stateless session tickets the server uses a session ticket encryption +key to encrypt the session information. This encrypted data is sent to the +client as a \*(L"ticket\*(R". When the client wishes to resume it sends the encrypted +data back to the server. The server uses its key to decrypt the data and resume +the session. In this way the server can operate statelessly \- no session +information needs to be cached locally. +.Sp +The TLSv1.3 protocol only supports tickets and does not directly support session +ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful +and stateless. Stateless tickets work the same way as in TLSv1.2 and below. +Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. +The session information is cached on the server and the session id is wrapped up +in a ticket and sent back to the client. When the client wishes to resume, it +presents a ticket in the same way as for stateless tickets. The server can then +extract the session id from the ticket and retrieve the session information from +its cache. +.Sp +By default OpenSSL will use stateless tickets. The \s-1SSL_OP_NO_TICKET\s0 option will +cause stateless tickets to not be issued. In TLSv1.2 and below this means no +ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be +sent. This is a server-side option only. +.Sp +In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from +being sent by calling \fBSSL_CTX_set_num_tickets\fR\|(3) or +\&\fBSSL_set_num_tickets\fR\|(3). +.IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" +Allow legacy insecure renegotiation between OpenSSL and unpatched clients or +servers. See the \fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. +.IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4 +.IX Item "SSL_OP_LEGACY_SERVER_CONNECT" +Allow legacy insecure renegotiation between OpenSSL and unpatched servers +\&\fBonly\fR: this option is currently set by default. See the +\&\fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. +.IP "\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0" 4 +.IX Item "SSL_OP_NO_ENCRYPT_THEN_MAC" +Normally clients and servers will transparently attempt to negotiate the +\&\s-1RFC7366\s0 Encrypt-then-MAC option on \s-1TLS\s0 and \s-1DTLS\s0 connection. +.Sp +If this option is set, Encrypt-then-MAC is disabled. Clients will not +propose, and servers will not accept the extension. +.IP "\s-1SSL_OP_NO_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_NO_RENEGOTIATION" +Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest +messages, and ignore renegotiation requests via ClientHello. +.IP "\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0" 4 +.IX Item "SSL_OP_ALLOW_NO_DHE_KEX" +In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. +.IP "\s-1SSL_OP_PRIORITIZE_CHACHA\s0" 4 +.IX Item "SSL_OP_PRIORITIZE_CHACHA" +When \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0 is set, temporarily reprioritize +ChaCha20\-Poly1305 ciphers to the top of the server cipher list if a +ChaCha20\-Poly1305 cipher is at the top of the client cipher list. This helps +those clients (e.g. mobile) use ChaCha20\-Poly1305 if that cipher is anywhere +in the server cipher list; but still allows other clients to use \s-1AES\s0 and other +ciphers. Requires \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. +.IP "\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0" 4 +.IX Item "SSL_OP_ENABLE_MIDDLEBOX_COMPAT" +If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent in TLSv1.3. This +has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that +do not understand TLSv1.3 will not drop the connection. Regardless of whether +this option is set or not \s-1CCS\s0 messages received from the peer will always be +ignored in TLSv1.3. This option is set by default. To switch it off use +\&\fBSSL_clear_options()\fR. A future version of OpenSSL may not set this by default. +.IP "\s-1SSL_OP_NO_ANTI_REPLAY\s0" 4 +.IX Item "SSL_OP_NO_ANTI_REPLAY" +By default, when a server is configured for early data (i.e., max_early_data > 0), +OpenSSL will switch on replay protection. See \fBSSL_read_early_data\fR\|(3) for a +description of the replay protection feature. Anti-replay measures are required +to comply with the TLSv1.3 specification. Some applications may be able to +mitigate the replay risks in other ways and in such cases the built in OpenSSL +functionality is not required. Those applications can turn this feature off by +setting this option. This is a server-side opton only. It is ignored by +clients. +.PP +The following options no longer have any effect but their identifiers are +retained for compatibility purposes: +.IP "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" +.PD 0 +.IP "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4 +.IX Item "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" +.IP "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 +.IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" +.IP "\s-1SSL_OP_TLS_D5_BUG\s0" 4 +.IX Item "SSL_OP_TLS_D5_BUG" +.IP "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 +.IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG" +.IP "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4 +.IX Item "SSL_OP_MSIE_SSLV2_RSA_PADDING" +.IP "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4 +.IX Item "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" +.IP "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 +.IX Item "SSL_OP_MICROSOFT_SESS_ID_BUG" +.IP "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_CHALLENGE_BUG" +.IP "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 +.IX Item "SSL_OP_PKCS1_CHECK_1" +.IP "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4 +.IX Item "SSL_OP_PKCS1_CHECK_2" +.IP "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 +.IX Item "SSL_OP_SINGLE_DH_USE" +.IP "\s-1SSL_OP_SINGLE_ECDH_USE\s0" 4 +.IX Item "SSL_OP_SINGLE_ECDH_USE" +.IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 +.IX Item "SSL_OP_EPHEMERAL_RSA" +.PD +.SH "SECURE RENEGOTIATION" +.IX Header "SECURE RENEGOTIATION" +OpenSSL always attempts to use secure renegotiation as +described in \s-1RFC5746.\s0 This counters the prefix attack described in +\&\s-1CVE\-2009\-3555\s0 and elsewhere. +.PP +This attack has far reaching consequences which application writers should be +aware of. In the description below an implementation supporting secure +renegotiation is referred to as \fIpatched\fR. A server not supporting secure +renegotiation is referred to as \fIunpatched\fR. +.PP +The following sections describe the operations permitted by OpenSSL's secure +renegotiation implementation. +.SS "Patched client and server" +.IX Subsection "Patched client and server" +Connections and renegotiation are always permitted by OpenSSL implementations. +.SS "Unpatched client and patched OpenSSL server" +.IX Subsection "Unpatched client and patched OpenSSL server" +The initial connection succeeds but client renegotiation is denied by the +server with a \fBno_renegotiation\fR warning alert if \s-1TLS\s0 v1.0 is used or a fatal +\&\fBhandshake_failure\fR alert in \s-1SSL\s0 v3.0. +.PP +If the patched OpenSSL server attempts to renegotiate a fatal +\&\fBhandshake_failure\fR alert is sent. This is because the server code may be +unaware of the unpatched nature of the client. +.PP +If the option \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then +renegotiation \fBalways\fR succeeds. +.SS "Patched OpenSSL client and unpatched server." +.IX Subsection "Patched OpenSSL client and unpatched server." +If the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR or +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then initial connections +and renegotiation between patched OpenSSL clients and unpatched servers +succeeds. If neither option is set then initial connections to unpatched +servers will fail. +.PP +The option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR is currently set by default even +though it has security implications: otherwise it would be impossible to +connect to unpatched servers (i.e. all of them initially) and this is clearly +not acceptable. Renegotiation is permitted because this does not add any +additional security issues: during an attack clients do not see any +renegotiations anyway. +.PP +As more servers become patched the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR will +\&\fBnot\fR be set by default in a future version of OpenSSL. +.PP +OpenSSL client applications wishing to ensure they can connect to unpatched +servers should always \fBset\fR \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR +.PP +OpenSSL client applications that want to ensure they can \fBnot\fR connect to +unpatched servers (and thus avoid any security issues) should always \fBclear\fR +\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fBSSL_CTX_clear_options()\fR or +\&\fBSSL_clear_options()\fR. +.PP +The difference between the \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR and +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR options is that +\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR enables initial connections and secure +renegotiation between OpenSSL clients and unpatched servers \fBonly\fR, while +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR allows initial connections +and renegotiation between OpenSSL and unpatched clients or servers. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR return the new options bitmask +after adding \fBoptions\fR. +.PP +\&\fBSSL_CTX_clear_options()\fR and \fBSSL_clear_options()\fR return the new options bitmask +after clearing \fBoptions\fR. +.PP +\&\fBSSL_CTX_get_options()\fR and \fBSSL_get_options()\fR return the current bitmask. +.PP +\&\fBSSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports +secure renegotiation and 0 if it does not. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBSSL_CTX_set_min_proto_version\fR\|(3), +\&\fBdhparam\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The attempt to always try to use secure renegotiation was added in +OpenSSL 0.9.8m. +.PP +The \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR and \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR options +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_psk_client_callback.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_psk_client_callback.3 new file mode 100644 index 00000000..a32c90d3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_psk_client_callback.3 @@ -0,0 +1,292 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_PSK_CLIENT_CALLBACK 3" +.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_psk_client_cb_func, SSL_psk_use_session_cb_func, SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback, SSL_CTX_set_psk_use_session_callback, SSL_set_psk_use_session_callback \&\- set PSK client callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, +\& const unsigned char **id, +\& size_t *idlen, +\& SSL_SESSION **sess); +\& +\& +\& void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, +\& SSL_psk_use_session_cb_func cb); +\& void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +\& +\& +\& typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, +\& const char *hint, +\& char *identity, +\& unsigned int max_identity_len, +\& unsigned char *psk, +\& unsigned int max_psk_len); +\& +\& void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); +\& void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A client application wishing to use TLSv1.3 PSKs should use either +\&\fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR as +appropriate. These functions cannot be used for TLSv1.2 and below PSKs. +.PP +The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR. +.PP +The first time the callback is called for a connection the \fBmd\fR parameter is +\&\s-1NULL.\s0 In some circumstances the callback will be called a second time. In that +case the server will have specified a ciphersuite to use already and the \s-1PSK\s0 +must be compatible with the digest for that ciphersuite. The digest will be +given in \fBmd\fR. The \s-1PSK\s0 returned by the callback is allowed to be different +between the first and second time it is called. +.PP +On successful completion the callback must store a pointer to an identifier for +the \s-1PSK\s0 in \fB*id\fR. The identifier length in bytes should be stored in \fB*idlen\fR. +The memory pointed to by \fB*id\fR remains owned by the application and should +be freed by it as required at any point after the handshake is complete. +.PP +Additionally the callback should store a pointer to an \s-1SSL_SESSION\s0 object in +\&\fB*sess\fR. This is used as the basis for the \s-1PSK,\s0 and should, at a minimum, have +the following fields set: +.IP "The master key" 4 +.IX Item "The master key" +This can be set via a call to \fBSSL_SESSION_set1_master_key\fR\|(3). +.IP "A ciphersuite" 4 +.IX Item "A ciphersuite" +Only the handshake digest associated with the ciphersuite is relevant for the +\&\s-1PSK\s0 (the server may go on to negotiate any ciphersuite which is compatible with +the digest). The application can use any TLSv1.3 ciphersuite. If \fBmd\fR is +not \s-1NULL\s0 the handshake digest for the ciphersuite should be the same. +The ciphersuite can be set via a call to <\fBSSL_SESSION_set_cipher\fR\|(3)>. The +handshake digest of an \s-1SSL_CIPHER\s0 object can be checked using +<\fBSSL_CIPHER_get_handshake_digest\fR\|(3)>. +.IP "The protocol version" 4 +.IX Item "The protocol version" +This can be set via a call to \fBSSL_SESSION_set_protocol_version\fR\|(3) and should +be \s-1TLS1_3_VERSION.\s0 +.PP +Additionally the maximum early data value should be set via a call to +\&\fBSSL_SESSION_set_max_early_data\fR\|(3) if the \s-1PSK\s0 will be used for sending early +data. +.PP +Alternatively an \s-1SSL_SESSION\s0 created from a previous non-PSK handshake may also +be used as the basis for a \s-1PSK.\s0 +.PP +Ownership of the \s-1SSL_SESSION\s0 object is passed to the OpenSSL library and so it +should not be freed by the application. +.PP +It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this +case no \s-1PSK\s0 will be sent to the server but the handshake will continue. To do +this the callback should return successfully and ensure that \fB*sess\fR is +\&\s-1NULL.\s0 The contents of \fB*id\fR and \fB*idlen\fR will be ignored. +.PP +A client application wishing to use \s-1PSK\s0 ciphersuites for TLSv1.2 and below must +provide a different callback function. This function will be called when the +client is sending the ClientKeyExchange message to the server. +.PP +The purpose of the callback function is to select the \s-1PSK\s0 identity and +the pre-shared key to use during the connection setup phase. +.PP +The callback is set using functions \fBSSL_CTX_set_psk_client_callback()\fR +or \fBSSL_set_psk_client_callback()\fR. The callback function is given the +connection in parameter \fBssl\fR, a \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 identity hint +sent by the server in parameter \fBhint\fR, a buffer \fBidentity\fR of +length \fBmax_identity_len\fR bytes where the resulting +\&\fB\s-1NUL\s0\fR\-terminated identity is to be stored, and a buffer \fBpsk\fR of +length \fBmax_psk_len\fR bytes where the resulting pre-shared key is to +be stored. +.PP +The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use \fBSSL_CTX_set_psk_use_session_callback()\fR +or \fBSSL_set_psk_use_session_callback()\fR for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via \fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via \fBSSL_CTX_set_psk_client_callback()\fR or +\&\fBSSL_set_psk_client_callback()\fR and use that. In this case the \fBhint\fR value will +always be \s-1NULL\s0 and the handshake digest will default to \s-1SHA\-256\s0 for any returned +\&\s-1PSK.\s0 +.SH "NOTES" +.IX Header "NOTES" +Note that parameter \fBhint\fR given to the callback may be \fB\s-1NULL\s0\fR. +.PP +A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption +has occurred so that \fBSSL_session_reused\fR\|(3) will return true. +.PP +There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or +below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution: +.PP +\&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +\&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Return values from the \fBSSL_psk_client_cb_func\fR callback are interpreted as +follows: +.PP +On success (callback found a \s-1PSK\s0 identity and a pre-shared key to use) +the length (> 0) of \fBpsk\fR in bytes is returned. +.PP +Otherwise or on errors the callback should return 0. In this case +the connection setup fails. +.PP +The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_psk_find_session_callback\fR\|(3), +\&\fBSSL_set_psk_find_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_CTX_set_psk_use_session_callback()\fR and \fBSSL_set_psk_use_session_callback()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_quiet_shutdown.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_quiet_shutdown.3 new file mode 100644 index 00000000..4421cb79 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_quiet_shutdown.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_QUIET_SHUTDOWN 3" +.TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +\& int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +\& +\& void SSL_set_quiet_shutdown(SSL *ssl, int mode); +\& int SSL_get_quiet_shutdown(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be +\&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time +\&\fBSSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1. +.PP +\&\fBSSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. +.PP +\&\fBSSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be +\&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with +\&\fBSSL_free\fR\|(3) or \fBSSL_set_quiet_shutdown()\fR is called again. +It is not changed when \fBSSL_clear\fR\|(3) is called. +\&\fBmode\fR may be 0 or 1. +.PP +\&\fBSSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Normally when a \s-1SSL\s0 connection is finished, the parties must send out +close_notify alert messages using \fBSSL_shutdown\fR\|(3) +for a clean shutdown. +.PP +When setting the \*(L"quiet shutdown\*(R" flag to 1, \fBSSL_shutdown\fR\|(3) +will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. +(\fBSSL_shutdown\fR\|(3) then behaves like +\&\fBSSL_set_shutdown\fR\|(3) called with +SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) +The session is thus considered to be shutdown, but no close_notify alert +is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. +.PP +The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_quiet_shutdown()\fR and \fBSSL_set_quiet_shutdown()\fR do not return +diagnostic information. +.PP +\&\fBSSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current +setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3), +\&\fBSSL_set_shutdown\fR\|(3), \fBSSL_new\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_read_ahead.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_read_ahead.3 new file mode 100644 index 00000000..50c19e47 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_read_ahead.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_READ_AHEAD 3" +.TH SSL_CTX_SET_READ_AHEAD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead, SSL_CTX_get_default_read_ahead \&\- manage whether to read as many input bytes as possible +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_read_ahead(SSL *s, int yes); +\& int SSL_get_read_ahead(const SSL *s); +\& +\& SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); +\& long SSL_CTX_get_read_ahead(SSL_CTX *ctx); +\& long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_read_ahead()\fR and \fBSSL_set_read_ahead()\fR set whether we should read as +many input bytes as possible (for non-blocking reads) or not. For example if +\&\fBx\fR bytes are currently required by OpenSSL, but \fBy\fR bytes are available from +the underlying \s-1BIO\s0 (where \fBy\fR > \fBx\fR), then OpenSSL will read all \fBy\fR bytes +into its buffer (providing that the buffer is large enough) if reading ahead is +on, or \fBx\fR bytes otherwise. +Setting the parameter \fByes\fR to 0 turns reading ahead is off, other values turn +it on. +\&\fBSSL_CTX_set_default_read_ahead()\fR is identical to \fBSSL_CTX_set_read_ahead()\fR. +.PP +\&\fBSSL_CTX_get_read_ahead()\fR and \fBSSL_get_read_ahead()\fR indicate whether reading +ahead has been set or not. +\&\fBSSL_CTX_get_default_read_ahead()\fR is identical to \fBSSL_CTX_get_read_ahead()\fR. +.SH "NOTES" +.IX Header "NOTES" +These functions have no impact when used with \s-1DTLS.\s0 The return values for +\&\fBSSL_CTX_get_read_head()\fR and \fBSSL_get_read_ahead()\fR are undefined for \s-1DTLS.\s0 Setting +\&\fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR function +(see \fBSSL_pending\fR\|(3)). +.PP +Since \fBSSL_read()\fR can return \fB\s-1SSL_ERROR_WANT_READ\s0\fR for non-application data +records, and \fBSSL_has_pending()\fR can't tell the difference between processed and +unprocessed data, it's recommended that if read ahead is turned on that +\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is not turned off using \fBSSL_CTX_clear_mode()\fR. +That will prevent getting \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is still a complete +record available that hasn't been processed. +.PP +If the application wants to continue to use the underlying transport (e.g. \s-1TCP\s0 +connection) after the \s-1SSL\s0 connection is finished using \fBSSL_shutdown()\fR reading +ahead should be turned off. +Otherwise the \s-1SSL\s0 structure might read data that it shouldn't. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get_read_ahead()\fR and \fBSSL_CTX_get_read_ahead()\fR return 0 if reading ahead is off, +and non zero otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_pending\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_record_padding_callback.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_record_padding_callback.3 new file mode 100644 index 00000000..e8276205 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_record_padding_callback.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_RECORD_PADDING_CALLBACK 3" +.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_record_padding_callback, SSL_set_record_padding_callback, SSL_CTX_set_record_padding_callback_arg, SSL_set_record_padding_callback_arg, SSL_CTX_get_record_padding_callback_arg, SSL_get_record_padding_callback_arg, SSL_CTX_set_block_padding, SSL_set_block_padding \- install callback to specify TLS 1.3 record padding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); +\& void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); +\& +\& void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); +\& void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); +\& +\& void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); +\& void *SSL_get_record_padding_callback_arg(const SSL *ssl); +\& +\& int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); +\& int SSL_set_block_padding(SSL *ssl, size_t block_size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_record_padding_callback()\fR or \fBSSL_set_record_padding_callback()\fR +can be used to assign a callback function \fIcb\fR to specify the padding +for \s-1TLS 1.3\s0 records. The value set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR. +.PP +\&\fBSSL_CTX_set_record_padding_callback_arg()\fR and \fBSSL_set_record_padding_callback_arg()\fR +assign a value \fBarg\fR that is passed to the callback when it is invoked. The value +set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR. +.PP +\&\fBSSL_CTX_get_record_padding_callback_arg()\fR and \fBSSL_get_record_padding_callback_arg()\fR +retrieve the \fBarg\fR value that is passed to the callback. +.PP +\&\fBSSL_CTX_set_block_padding()\fR and \fBSSL_set_block_padding()\fR pads the record to a multiple +of the \fBblock_size\fR. A \fBblock_size\fR of 0 or 1 disables block padding. The limit of +\&\fBblock_size\fR is \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0 +.PP +The callback is invoked for every record before encryption. +The \fBtype\fR parameter is the \s-1TLS\s0 record type that is being processed; may be +one of \s-1SSL3_RT_APPLICATION_DATA, SSL3_RT_HANDSHAKE,\s0 or \s-1SSL3_RT_ALERT.\s0 +The \fBlen\fR parameter is the current plaintext length of the record before encryption. +The \fBarg\fR parameter is the value set via \fBSSL_CTX_set_record_padding_callback_arg()\fR +or \fBSSL_set_record_padding_callback_arg()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBSSL_CTX_get_record_padding_callback_arg()\fR and \fBSSL_get_record_padding_callback_arg()\fR +functions return the \fBarg\fR value assigned in the corresponding set functions. +.PP +The \fBSSL_CTX_set_block_padding()\fR and \fBSSL_set_block_padding()\fR functions return 1 on success +or 0 if \fBblock_size\fR is too large. +.PP +The \fBcb\fR returns the number of padding bytes to add to the record. A return of 0 +indicates no padding will be added. A return value that causes the record to +exceed the maximum record size (\s-1SSL3_RT_MAX_PLAIN_LENGTH\s0) will pad out to the +maximum record size. +.SH "NOTES" +.IX Header "NOTES" +The default behavior is to add no padding to the record. +.PP +A user-supplied padding callback function will override the behavior set by +\&\fBSSL_set_block_padding()\fR or \fBSSL_CTX_set_block_padding()\fR. Setting the user-supplied +callback to \s-1NULL\s0 will restore the configured block padding behavior. +.PP +These functions only apply to \s-1TLS 1.3\s0 records being written. +.PP +Padding bytes are not added in constant-time. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The record padding \s-1API\s0 was added for \s-1TLS 1.3\s0 support in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_security_level.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_security_level.3 new file mode 100644 index 00000000..10224d96 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_security_level.3 @@ -0,0 +1,309 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SECURITY_LEVEL 3" +.TH SSL_CTX_SET_SECURITY_LEVEL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, SSL_get_security_level, SSL_CTX_set_security_callback, SSL_set_security_callback, SSL_CTX_get_security_callback, SSL_get_security_callback, SSL_CTX_set0_security_ex_data, SSL_set0_security_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data \- SSL/TLS security framework +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +\& void SSL_set_security_level(SSL *s, int level); +\& +\& int SSL_CTX_get_security_level(const SSL_CTX *ctx); +\& int SSL_get_security_level(const SSL *s); +\& +\& void SSL_CTX_set_security_callback(SSL_CTX *ctx, +\& int (*cb)(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, +\& void *other, void *ex)); +\& +\& void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, +\& void *other, void *ex)); +\& +\& int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, void *other, +\& void *ex); +\& int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, void *other, +\& void *ex); +\& +\& void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +\& void SSL_set0_security_ex_data(SSL *s, void *ex); +\& +\& void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); +\& void *SSL_get0_security_ex_data(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions \fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR set +the security level to \fBlevel\fR. If not set the library default security level +is used. +.PP +The functions \fBSSL_CTX_get_security_level()\fR and \fBSSL_get_security_level()\fR +retrieve the current security level. +.PP +\&\fBSSL_CTX_set_security_callback()\fR, \fBSSL_set_security_callback()\fR, +\&\fBSSL_CTX_get_security_callback()\fR and \fBSSL_get_security_callback()\fR get or set +the security callback associated with \fBctx\fR or \fBs\fR. If not set a default +security callback is used. The meaning of the parameters and the behaviour +of the default callbacks is described below. +.PP +\&\fBSSL_CTX_set0_security_ex_data()\fR, \fBSSL_set0_security_ex_data()\fR, +\&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR set the +extra data pointer passed to the \fBex\fR parameter of the callback. This +value is passed to the callback verbatim and can be set to any convenient +application specific value. +.SH "DEFAULT CALLBACK BEHAVIOUR" +.IX Header "DEFAULT CALLBACK BEHAVIOUR" +If an application doesn't set its own security callback the default +callback is used. It is intended to provide sane defaults. The meaning +of each level is described below. +.IP "\fBLevel 0\fR" 4 +.IX Item "Level 0" +Everything is permitted. This retains compatibility with previous versions of +OpenSSL. +.IP "\fBLevel 1\fR" 4 +.IX Item "Level 1" +The security level corresponds to a minimum of 80 bits of security. Any +parameters offering below 80 bits of security are excluded. As a result \s-1RSA, +DSA\s0 and \s-1DH\s0 keys shorter than 1024 bits and \s-1ECC\s0 keys shorter than 160 bits +are prohibited. All export cipher suites are prohibited since they all offer +less than 80 bits of security. \s-1SSL\s0 version 2 is prohibited. Any cipher suite +using \s-1MD5\s0 for the \s-1MAC\s0 is also prohibited. +.IP "\fBLevel 2\fR" 4 +.IX Item "Level 2" +Security level set to 112 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 2048 bits and \s-1ECC\s0 keys shorter than 224 bits are prohibited. +In addition to the level 1 exclusions any cipher suite using \s-1RC4\s0 is also +prohibited. \s-1SSL\s0 version 3 is also not allowed. Compression is disabled. +.IP "\fBLevel 3\fR" 4 +.IX Item "Level 3" +Security level set to 128 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 3072 bits and \s-1ECC\s0 keys shorter than 256 bits are prohibited. +In addition to the level 2 exclusions cipher suites not offering forward +secrecy are prohibited. \s-1TLS\s0 versions below 1.1 are not permitted. Session +tickets are disabled. +.IP "\fBLevel 4\fR" 4 +.IX Item "Level 4" +Security level set to 192 bits of security. As a result \s-1RSA, DSA\s0 and +\&\s-1DH\s0 keys shorter than 7680 bits and \s-1ECC\s0 keys shorter than 384 bits are +prohibited. Cipher suites using \s-1SHA1\s0 for the \s-1MAC\s0 are prohibited. \s-1TLS\s0 +versions below 1.2 are not permitted. +.IP "\fBLevel 5\fR" 4 +.IX Item "Level 5" +Security level set to 256 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 15360 bits and \s-1ECC\s0 keys shorter than 512 bits are prohibited. +.SH "APPLICATION DEFINED SECURITY CALLBACKS" +.IX Header "APPLICATION DEFINED SECURITY CALLBACKS" +\&\fIDocumentation to be provided.\fR +.SH "NOTES" +.IX Header "NOTES" +\&\fB\s-1WARNING\s0\fR at this time setting the security level higher than 1 for +general internet use is likely to cause \fBconsiderable\fR interoperability +issues and is not recommended. This is because the \fB\s-1SHA1\s0\fR algorithm +is very widely used in certificates and will be rejected at levels +higher than 1 because it only offers 80 bits of security. +.PP +The default security level can be configured when OpenSSL is compiled by +setting \fB\-DOPENSSL_TLS_SECURITY_LEVEL=level\fR. If not set then 1 is used. +.PP +The security framework disables or reject parameters inconsistent with the +set security level. In the past this was difficult as applications had to set +a number of distinct parameters (supported ciphers, supported curves supported +signature algorithms) to achieve this end and some cases (\s-1DH\s0 parameter size +for example) could not be checked at all. +.PP +By setting an appropriate security level much of this complexity can be +avoided. +.PP +The bits of security limits affect all relevant parameters including +cipher suite encryption algorithms, supported \s-1ECC\s0 curves, supported +signature algorithms, \s-1DH\s0 parameter sizes, certificate key sizes and +signature algorithms. This limit applies no matter what other custom +settings an application has set: so if the cipher suite is set to \fB\s-1ALL\s0\fR +then only cipher suites consistent with the security level are permissible. +.PP +See \s-1SP800\-57\s0 for how the security limits are related to individual +algorithms. +.PP +Some security levels require large key sizes for non-ECC public key +algorithms which can severely degrade performance. For example 256 bits +of security requires the use of \s-1RSA\s0 keys of at least 15360 bits in size. +.PP +Some restrictions can be gracefully handled: for example cipher suites +offering insufficient security are not sent by the client and will not +be selected by the server. Other restrictions such as the peer certificate +key size or the \s-1DH\s0 parameter size will abort the handshake with a fatal +alert. +.PP +Attempts to set certificates or parameters with insufficient security are +also blocked. For example trying to set a certificate using a 512 bit \s-1RSA\s0 +key using \fBSSL_CTX_use_certificate()\fR at level 1. Applications which do not +check the return values for errors will misbehave: for example it might +appear that a certificate is not set at all because it had been rejected. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR do not return values. +.PP +\&\fBSSL_CTX_get_security_level()\fR and \fBSSL_get_security_level()\fR return a integer that +represents the security level with \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR, respectively. +.PP +\&\fBSSL_CTX_set_security_callback()\fR and \fBSSL_set_security_callback()\fR do not return +values. +.PP +\&\fBSSL_CTX_get_security_callback()\fR and \fBSSL_get_security_callback()\fR return the pointer +to the security callback or \s-1NULL\s0 if the callback is not set. +.PP +\&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR return the extra +data pointer or \s-1NULL\s0 if the ex data is not set. +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_session_cache_mode.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_session_cache_mode.3 new file mode 100644 index 00000000..d5a42665 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_session_cache_mode.3 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_CACHE_MODE 3" +.TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode); +\& long SSL_CTX_get_session_cache_mode(SSL_CTX ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_session_cache_mode()\fR enables/disables session caching +by setting the operational mode for \fBctx\fR to . +.PP +\&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode. +.SH "NOTES" +.IX Header "NOTES" +The OpenSSL library can store/retrieve \s-1SSL/TLS\s0 sessions for later reuse. +The sessions can be held in memory for each \fBctx\fR, if more than one +\&\s-1SSL_CTX\s0 object is being maintained, the sessions are unique for each \s-1SSL_CTX\s0 +object. +.PP +In order to reuse a session, a client must send the session's id to the +server. It can only send exactly one id. The server then either +agrees to reuse the session or it starts a full handshake (to create a new +session). +.PP +A server will look up the session in its internal session storage. If the +session is not found in internal storage or lookups for the internal storage +have been deactivated (\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0), the server will try +the external storage if available. +.PP +Since a client may try to reuse a session intended for use in a different +context, the session id context must be set by the server (see +\&\fBSSL_CTX_set_session_id_context\fR\|(3)). +.PP +The following session cache modes and modifiers are available: +.IP "\s-1SSL_SESS_CACHE_OFF\s0" 4 +.IX Item "SSL_SESS_CACHE_OFF" +No session caching for client or server takes place. +.IP "\s-1SSL_SESS_CACHE_CLIENT\s0" 4 +.IX Item "SSL_SESS_CACHE_CLIENT" +Client sessions are added to the session cache. As there is no reliable way +for the OpenSSL library to know whether a session should be reused or which +session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not +have details about the connection), the application must select the session +to be reused by using the \fBSSL_set_session\fR\|(3) +function. This option is not activated by default. +.IP "\s-1SSL_SESS_CACHE_SERVER\s0" 4 +.IX Item "SSL_SESS_CACHE_SERVER" +Server sessions are added to the session cache. When a client proposes a +session to be reused, the server looks for the corresponding session in (first) +the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set), +then (second) in the external cache if available. If the session is found, the +server will try to reuse the session. This is the default. +.IP "\s-1SSL_SESS_CACHE_BOTH\s0" 4 +.IX Item "SSL_SESS_CACHE_BOTH" +Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time. +.IP "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR" +Normally the session cache is checked for expired sessions every +255 connections using the +\&\fBSSL_CTX_flush_sessions\fR\|(3) function. Since +this may lead to a delay which cannot be controlled, the automatic +flushing may be disabled and +\&\fBSSL_CTX_flush_sessions\fR\|(3) can be called +explicitly by the application. +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" +By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not +automatically look up sessions in the internal cache, even if sessions are +automatically stored there. If external session caching callbacks are in use, +this flag guarantees that all lookups are directed to the external cache. +As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on +clients. +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE" +Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER,\s0 +sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse. +Normally a new session is added to the internal cache as well as any external +session caching (callback) that is configured for the \s-1SSL_CTX.\s0 This flag will +prevent sessions being stored in the internal cache (though the application can +add them manually using \fBSSL_CTX_add_session\fR\|(3)). Note: +in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful +session lookups in the external cache (ie. for session-resume requests) would +normally be copied into the local cache before processing continues \- this flag +prevents these additions to the internal cache as well. +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL" +Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and +\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. +.PP +The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. +.PP +\&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_sess_set_cache_size\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBSSL_CTX_set_session_id_context\fR\|(3), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_session_id_context.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_session_id_context.3 new file mode 100644 index 00000000..79e5b307 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_session_id_context.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_ID_CONTEXT 3" +.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +\& int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object. +.PP +\&\fBSSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object. +.SH "NOTES" +.IX Header "NOTES" +Sessions are generated within a certain context. When exporting/importing +sessions with \fBi2d_SSL_SESSION\fR/\fBd2i_SSL_SESSION\fR it would be possible, +to re-import a session generated from another context (e.g. another +application), which might lead to malfunctions. Therefore each application +must set its own session id context \fBsid_ctx\fR which is used to distinguish +the contexts and is stored in exported sessions. The \fBsid_ctx\fR can be +any kind of binary data with a given length, it is therefore possible +to use e.g. the name of the application and/or the hostname and/or service +name ... +.PP +The session id context becomes part of the session. The session id context +is set by the \s-1SSL/TLS\s0 server. The \fBSSL_CTX_set_session_id_context()\fR and +\&\fBSSL_set_session_id_context()\fR functions are therefore only useful on the +server side. +.PP +OpenSSL clients will check the session id context returned by the server +when reusing a session. +.PP +The maximum length of the \fBsid_ctx\fR is limited to +\&\fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. +.SH "WARNINGS" +.IX Header "WARNINGS" +If the session id context is not set on an \s-1SSL/TLS\s0 server and client +certificates are used, stored sessions +will not be reused but a fatal error will be flagged and the handshake +will fail. +.PP +If a server returns a different session id context to an OpenSSL client +when reusing a session, an error will be flagged and the handshake will +fail. OpenSSL servers will always return the correct session id context, +as an OpenSSL server checks the session id context itself before reusing +a session as described above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_session_id_context()\fR and \fBSSL_set_session_id_context()\fR +return the following values: +.IP "0" 4 +The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded +the maximum allowed length of \fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. The error +is logged to the error stack. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_session_ticket_cb.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_session_ticket_cb.3 new file mode 100644 index 00000000..bc3f1e3b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_session_ticket_cb.3 @@ -0,0 +1,301 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_TICKET_CB 3" +.TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_session_ticket_cb, SSL_SESSION_get0_ticket_appdata, SSL_SESSION_set1_ticket_appdata, SSL_CTX_generate_session_ticket_fn, SSL_CTX_decrypt_session_ticket_fn \- manage session ticket application data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); +\& typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, +\& const unsigned char *keyname, +\& size_t keyname_len, +\& SSL_TICKET_STATUS status, +\& void *arg); +\& int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, +\& SSL_CTX_generate_session_ticket_fn gen_cb, +\& SSL_CTX_decrypt_session_ticket_fn dec_cb, +\& void *arg); +\& int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); +\& int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_set_session_ticket_cb()\fR sets the application callbacks \fBgen_cb\fR +and \fBdec_cb\fR that are used by a server to set and get application data stored +with a session, and placed into a session ticket. Either callback function may +be set to \s-1NULL.\s0 The value of \fBarg\fR is passed to the callbacks. +.PP +\&\fBgen_cb\fR is the application defined callback invoked when a session ticket is +about to be created. The application can call \fBSSL_SESSION_set1_ticket_appdata()\fR +at this time to add application data to the session ticket. The value of \fBarg\fR +is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The \fBgen_cb\fR +callback is defined as type \fBSSL_CTX_generate_session_ticket_fn\fR. +.PP +\&\fBdec_cb\fR is the application defined callback invoked after session ticket +decryption has been attempted and any session ticket application data is +available. If ticket decryption was successful then the \fBss\fR argument contains +the session data. The \fBkeyname\fR and \fBkeyname_len\fR arguments identify the key +used to decrypt the session ticket. The \fBstatus\fR argument is the result of the +ticket decryption. See the \s-1NOTES\s0 section below for further details. The value +of \fBarg\fR is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The +\&\fBdec_cb\fR callback is defined as type \fBSSL_CTX_decrypt_session_ticket_fn\fR. +.PP +\&\fBSSL_SESSION_set1_ticket_appdata()\fR sets the application data specified by +\&\fBdata\fR and \fBlen\fR into \fBss\fR which is then placed into any generated session +tickets. It can be called at any time before a session ticket is created to +update the data placed into the session ticket. However, given that sessions +and tickets are created by the handshake, the \fBgen_cb\fR is provided to notify +the application that a session ticket is about to be generated. +.PP +\&\fBSSL_SESSION_get0_ticket_appdata()\fR assigns \fBdata\fR to the session ticket +application data and assigns \fBlen\fR to the length of the session ticket +application data from \fBss\fR. The application data can be set via +\&\fBSSL_SESSION_set1_ticket_appdata()\fR or by a session ticket. \s-1NULL\s0 will be assigned +to \fBdata\fR and 0 will be assigned to \fBlen\fR if there is no session ticket +application data. \fBSSL_SESSION_get0_ticket_appdata()\fR can be called any time +after a session has been created. The \fBdec_cb\fR is provided to notify the +application that a session ticket has just been decrypted. +.SH "NOTES" +.IX Header "NOTES" +When the \fBdec_cb\fR callback is invoked, the \s-1SSL_SESSION\s0 \fBss\fR has not yet been +assigned to the \s-1SSL\s0 \fBs\fR. The \fBstatus\fR indicates the result of the ticket +decryption. The callback must check the \fBstatus\fR value before performing any +action, as it is called even if ticket decryption fails. +.PP +The \fBkeyname\fR and \fBkeyname_len\fR arguments to \fBdec_cb\fR may be used to identify +the key that was used to encrypt the session ticket. +.PP +The \fBstatus\fR argument can be any of these values: +.IP "\s-1SSL_TICKET_EMPTY\s0" 4 +.IX Item "SSL_TICKET_EMPTY" +Empty ticket present. No ticket data will be used and a new ticket should be +sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not +valid for a client to send an empty ticket. +.IP "\s-1SSL_TICKET_NO_DECRYPT\s0" 4 +.IX Item "SSL_TICKET_NO_DECRYPT" +The ticket couldn't be decrypted. No ticket data will be used and a new ticket +should be sent to the client. +.IP "\s-1SSL_TICKET_SUCCESS\s0" 4 +.IX Item "SSL_TICKET_SUCCESS" +A ticket was successfully decrypted, any session ticket application data should +be available. A new ticket should not be sent to the client. +.IP "\s-1SSL_TICKET_SUCCESS_RENEW\s0" 4 +.IX Item "SSL_TICKET_SUCCESS_RENEW" +Same as \fB\s-1SSL_TICKET_SUCCESS\s0\fR, but a new ticket should be sent to the client. +.PP +The return value can be any of these values: +.IP "\s-1SSL_TICKET_RETURN_ABORT\s0" 4 +.IX Item "SSL_TICKET_RETURN_ABORT" +The handshake should be aborted, either because of an error or because of some +policy. Note that in TLSv1.3 a client may send more than one ticket in a single +handshake. Therefore just because one ticket is unacceptable it does not mean +that all of them are. For this reason this option should be used with caution. +.IP "\s-1SSL_TICKET_RETURN_IGNORE\s0" 4 +.IX Item "SSL_TICKET_RETURN_IGNORE" +Do not use a ticket (if one was available). Do not send a renewed ticket to the +client. +.IP "\s-1SSL_TICKET_RETURN_IGNORE_RENEW\s0" 4 +.IX Item "SSL_TICKET_RETURN_IGNORE_RENEW" +Do not use a ticket (if one was available). Send a renewed ticket to the client. +.Sp +If the callback does not wish to change the default ticket behaviour then it +should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_EMPTY\s0\fR or +\&\fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR. +.IP "\s-1SSL_TICKET_RETURN_USE\s0" 4 +.IX Item "SSL_TICKET_RETURN_USE" +Use the ticket. Do not send a renewed ticket to the client. It is an error for +the callback to return this value if \fBstatus\fR has a value other than +\&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +.Sp +If the callback does not wish to change the default ticket behaviour then it +should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS\s0\fR. +.IP "\s-1SSL_TICKET_RETURN_USE_RENEW\s0" 4 +.IX Item "SSL_TICKET_RETURN_USE_RENEW" +Use the ticket. Send a renewed ticket to the client. It is an error for the +callback to return this value if \fBstatus\fR has a value other than +\&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +.Sp +If the callback does not wish to change the default ticket behaviour then it +should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +.PP +If \fBstatus\fR has the value \fB\s-1SSL_TICKET_EMPTY\s0\fR or \fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR then +no session data will be available and the callback must not use the \fBss\fR +argument. If \fBstatus\fR has the value \fB\s-1SSL_TICKET_SUCCESS\s0\fR or +\&\fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR then the application can call +\&\fBSSL_SESSION_get0_ticket_appdata()\fR using the session provided in the \fBss\fR +argument to retrieve the application data. +.PP +When the \fBgen_cb\fR callback is invoked, the \fBSSL_get_session()\fR function can be +used to retrieve the \s-1SSL_SESSION\s0 for \fBSSL_SESSION_set1_ticket_appdata()\fR. +.PP +By default, in TLSv1.2 and below, a new session ticket is not issued on a +successful resumption and therefore \fBgen_cb\fR will not be called. In TLSv1.3 the +default behaviour is to always issue a new ticket on resumption. In both cases +this behaviour can be changed if a ticket key callback is in use (see +\&\fBSSL_CTX_set_tlsext_ticket_key_cb\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSL_SESSION_set1_ticket_appdata()\fR and +\&\fBSSL_SESSION_get0_ticket_appdata()\fR functions return 1 on success and 0 on +failure. +.PP +The \fBgen_cb\fR callback must return 1 to continue the connection. A return of 0 +will terminate the connection with an \s-1INTERNAL_ERROR\s0 alert. +.PP +The \fBdec_cb\fR callback must return a value as described in \s-1NOTES\s0 above. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_get_session\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSSL_SESSION_set1_ticket_appdata()\fR +and \fBSSL_SESSION_get_ticket_appdata()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_split_send_fragment.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_split_send_fragment.3 new file mode 100644 index 00000000..ba85a7db --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_split_send_fragment.3 @@ -0,0 +1,303 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3" +.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len, SSL_CTX_set_tlsext_max_fragment_length, SSL_set_tlsext_max_fragment_length, SSL_SESSION_get_max_fragment_length \- Control fragment size settings and pipelining operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, long); +\& long SSL_set_max_send_fragment(SSL *ssl, long m); +\& +\& long SSL_CTX_set_max_pipelines(SSL_CTX *ctx, long m); +\& long SSL_set_max_pipelines(SSL_CTX *ssl, long m); +\& +\& long SSL_CTX_set_split_send_fragment(SSL_CTX *ctx, long m); +\& long SSL_set_split_send_fragment(SSL *ssl, long m); +\& +\& void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +\& void SSL_set_default_read_buffer_len(SSL *s, size_t len); +\& +\& int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); +\& int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); +\& uint8_t SSL_SESSION_get_max_fragment_length(SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Some engines are able to process multiple simultaneous crypto operations. This +capability could be utilised to parallelise the processing of a single +connection. For example a single write can be split into multiple records and +each one encrypted independently and in parallel. Note: this will only work in +\&\s-1TLS1.1+.\s0 There is no support in SSLv3, TLSv1.0 or \s-1DTLS\s0 (any version). This +capability is known as \*(L"pipelining\*(R" within OpenSSL. +.PP +In order to benefit from the pipelining capability. You need to have an engine +that provides ciphers that support this. The OpenSSL \*(L"dasync\*(R" engine provides +\&\s-1AES128\-SHA\s0 based ciphers that have this capability. However these are for +development and test purposes only. +.PP +\&\fBSSL_CTX_set_max_send_fragment()\fR and \fBSSL_set_max_send_fragment()\fR set the +\&\fBmax_send_fragment\fR parameter for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. This +value restricts the amount of plaintext bytes that will be sent in any one +\&\s-1SSL/TLS\s0 record. By default its value is \s-1SSL3_RT_MAX_PLAIN_LENGTH\s0 (16384). These +functions will only accept a value in the range 512 \- \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0 +.PP +\&\fBSSL_CTX_set_max_pipelines()\fR and \fBSSL_set_max_pipelines()\fR set the maximum number +of pipelines that will be used at any one time. This value applies to both +\&\*(L"read\*(R" pipelining and \*(L"write\*(R" pipelining. By default only one pipeline will be +used (i.e. normal non-parallel operation). The number of pipelines set must be +in the range 1 \- \s-1SSL_MAX_PIPELINES\s0 (32). Setting this to a value > 1 will also +automatically turn on \*(L"read_ahead\*(R" (see \fBSSL_CTX_set_read_ahead\fR\|(3)). This is +explained further below. OpenSSL will only every use more than one pipeline if +a cipher suite is negotiated that uses a pipeline capable cipher provided by an +engine. +.PP +Pipelining operates slightly differently for reading encrypted data compared to +writing encrypted data. \fBSSL_CTX_set_split_send_fragment()\fR and +\&\fBSSL_set_split_send_fragment()\fR define how data is split up into pipelines when +writing encrypted data. The number of pipelines used will be determined by the +amount of data provided to the \fBSSL_write_ex()\fR or \fBSSL_write()\fR call divided by +\&\fBsplit_send_fragment\fR. +.PP +For example if \fBsplit_send_fragment\fR is set to 2000 and \fBmax_pipelines\fR is 4 +then: +.PP +SSL_write/SSL_write_ex called with 0\-2000 bytes == 1 pipeline used +.PP +SSL_write/SSL_write_ex called with 2001\-4000 bytes == 2 pipelines used +.PP +SSL_write/SSL_write_ex called with 4001\-6000 bytes == 3 pipelines used +.PP +SSL_write/SSL_write_ex called with 6001+ bytes == 4 pipelines used +.PP +\&\fBsplit_send_fragment\fR must always be less than or equal to +\&\fBmax_send_fragment\fR. By default it is set to be equal to \fBmax_send_fragment\fR. +This will mean that the same number of records will always be created as would +have been created in the non-parallel case, although the data will be +apportioned differently. In the parallel case data will be spread equally +between the pipelines. +.PP +Read pipelining is controlled in a slightly different way than with write +pipelining. While reading we are constrained by the number of records that the +peer (and the network) can provide to us in one go. The more records we can get +in one go the more opportunity we have to parallelise the processing. As noted +above when setting \fBmax_pipelines\fR to a value greater than one, \fBread_ahead\fR +is automatically set. The \fBread_ahead\fR parameter causes OpenSSL to attempt to +read as much data into the read buffer as the network can provide and will fit +into the buffer. Without this set data is read into the read buffer one record +at a time. The more data that can be read, the more opportunity there is for +parallelising the processing at the cost of increased memory overhead per +connection. Setting \fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR +function (see \fBSSL_pending\fR\|(3)). +.PP +The \fBSSL_CTX_set_default_read_buffer_len()\fR and \fBSSL_set_default_read_buffer_len()\fR +functions control the size of the read buffer that will be used. The \fBlen\fR +parameter sets the size of the buffer. The value will only be used if it is +greater than the default that would have been used anyway. The normal default +value depends on a number of factors but it will be at least +\&\s-1SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD\s0 (16704) bytes. +.PP +\&\fBSSL_CTX_set_tlsext_max_fragment_length()\fR sets the default maximum fragment +length negotiation mode via value \fBmode\fR to \fBctx\fR. +This setting affects only \s-1SSL\s0 instances created after this function is called. +It affects the client-side as only its side may initiate this extension use. +.PP +\&\fBSSL_set_tlsext_max_fragment_length()\fR sets the maximum fragment length +negotiation mode via value \fBmode\fR to \fBssl\fR. +This setting will be used during a handshake when extensions are exchanged +between client and server. +So it only affects \s-1SSL\s0 sessions created after this function is called. +It affects the client-side as only its side may initiate this extension use. +.PP +\&\fBSSL_SESSION_get_max_fragment_length()\fR gets the maximum fragment length +negotiated in \fBsession\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All non-void functions return 1 on success and 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The Maximum Fragment Length extension support is optional on the server side. +If the server does not support this extension then +\&\fBSSL_SESSION_get_max_fragment_length()\fR will return: +TLSEXT_max_fragment_length_DISABLED. +.PP +The following modes are available: +.IP "TLSEXT_max_fragment_length_DISABLED" 4 +.IX Item "TLSEXT_max_fragment_length_DISABLED" +Disables Maximum Fragment Length Negotiation (default). +.IP "TLSEXT_max_fragment_length_512" 4 +.IX Item "TLSEXT_max_fragment_length_512" +Sets Maximum Fragment Length to 512 bytes. +.IP "TLSEXT_max_fragment_length_1024" 4 +.IX Item "TLSEXT_max_fragment_length_1024" +Sets Maximum Fragment Length to 1024. +.IP "TLSEXT_max_fragment_length_2048" 4 +.IX Item "TLSEXT_max_fragment_length_2048" +Sets Maximum Fragment Length to 2048. +.IP "TLSEXT_max_fragment_length_4096" 4 +.IX Item "TLSEXT_max_fragment_length_4096" +Sets Maximum Fragment Length to 4096. +.PP +With the exception of \fBSSL_CTX_set_default_read_buffer_len()\fR +\&\fBSSL_set_default_read_buffer_len()\fR, \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, +\&\fBSSL_set_tlsext_max_fragment_length()\fR and \fBSSL_SESSION_get_max_fragment_length()\fR +all these functions are implemented using macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_read_ahead\fR\|(3), \fBSSL_pending\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CTX_set_max_pipelines()\fR, \fBSSL_set_max_pipelines()\fR, +\&\fBSSL_CTX_set_split_send_fragment()\fR, \fBSSL_set_split_send_fragment()\fR, +\&\fBSSL_CTX_set_default_read_buffer_len()\fR and \fBSSL_set_default_read_buffer_len()\fR +functions were added in OpenSSL 1.1.0. +.PP +The \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, \fBSSL_set_tlsext_max_fragment_length()\fR +and \fBSSL_SESSION_get_max_fragment_length()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_ssl_version.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_ssl_version.3 new file mode 100644 index 00000000..39712589 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_ssl_version.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SSL_VERSION 3" +.TH SSL_CTX_SET_SSL_VERSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method \&\- choose a new TLS/SSL method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); +\& int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +\& const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects +newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with +\&\fBSSL_new\fR\|(3) are not affected, except when +\&\fBSSL_clear\fR\|(3) is being called. +.PP +\&\fBSSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR +object. It may be reset, when \fBSSL_clear()\fR is called. +.PP +\&\fBSSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method +set in \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The available \fBmethod\fR choices are described in +\&\fBSSL_CTX_new\fR\|(3). +.PP +When \fBSSL_clear\fR\|(3) is called and no session is connected to +an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently +set in the corresponding \s-1SSL_CTX\s0 object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur for \fBSSL_CTX_set_ssl_version()\fR +and \fBSSL_set_ssl_method()\fR: +.IP "0" 4 +The new choice failed, check the error stack to find out the reason. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_new\fR\|(3), \fBSSL_new\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBssl\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 new file mode 100644 index 00000000..46a3d973 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 @@ -0,0 +1,222 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3" +.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_stateless_cookie_generate_cb, SSL_CTX_set_stateless_cookie_verify_cb, SSL_CTX_set_cookie_generate_cb, SSL_CTX_set_cookie_verify_cb \&\- Callback functions for stateless TLS1.3 cookies +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_stateless_cookie_generate_cb( +\& SSL_CTX *ctx, +\& int (*gen_stateless_cookie_cb) (SSL *ssl, +\& unsigned char *cookie, +\& size_t *cookie_len)); +\& void SSL_CTX_set_stateless_cookie_verify_cb( +\& SSL_CTX *ctx, +\& int (*verify_stateless_cookie_cb) (SSL *ssl, +\& const unsigned char *cookie, +\& size_t cookie_len)); +\& +\& void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, +\& int (*app_gen_cookie_cb) (SSL *ssl, +\& unsigned char +\& *cookie, +\& unsigned int +\& *cookie_len)); +\& void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, +\& int (*app_verify_cookie_cb) (SSL *ssl, +\& const unsigned +\& char *cookie, +\& unsigned int +\& cookie_len)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_stateless_cookie_generate_cb()\fR sets the callback used by +\&\fBSSL_stateless\fR\|(3) to generate the application-controlled portion of the cookie +provided to clients in the HelloRetryRequest transmitted as a response to a +ClientHello with a missing or invalid cookie. \fBgen_stateless_cookie_cb()\fR must +write at most \s-1SSL_COOKIE_LENGTH\s0 bytes into \fBcookie\fR, and must write the number +of bytes written to \fBcookie_len\fR. If a cookie cannot be generated, a zero +return value can be used to abort the handshake. +.PP +\&\fBSSL_CTX_set_stateless_cookie_verify_cb()\fR sets the callback used by +\&\fBSSL_stateless\fR\|(3) to determine whether the application-controlled portion of a +ClientHello cookie is valid. The cookie data is pointed to by \fBcookie\fR and is of +length \fBcookie_len\fR. A nonzero return value from \fBverify_stateless_cookie_cb()\fR +communicates that the cookie is valid. The integrity of the entire cookie, +including the application-controlled portion, is automatically verified by \s-1HMAC\s0 +before \fBverify_stateless_cookie_cb()\fR is called. +.PP +\&\fBSSL_CTX_set_cookie_generate_cb()\fR sets the callback used by \fBDTLSv1_listen\fR\|(3) +to generate the cookie provided to clients in the HelloVerifyRequest transmitted +as a response to a ClientHello with a missing or invalid cookie. +\&\fBapp_gen_cookie_cb()\fR must write at most \s-1DTLS1_COOKIE_LENGTH\s0 bytes into +\&\fBcookie\fR, and must write the number of bytes written to \fBcookie_len\fR. If a +cookie cannot be generated, a zero return value can be used to abort the +handshake. +.PP +\&\fBSSL_CTX_set_cookie_verify_cb()\fR sets the callback used by \fBDTLSv1_listen\fR\|(3) to +determine whether the cookie in a ClientHello is valid. The cookie data is +pointed to by \fBcookie\fR and is of length \fBcookie_len\fR. A nonzero return value +from \fBapp_verify_cookie_cb()\fR communicates that the cookie is valid. The +integrity of the cookie is not verified by OpenSSL. This is an application +responsibility. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Neither function returns a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_stateless\fR\|(3), +\&\fBDTLSv1_listen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_CTX_set_stateless_cookie_generate_cb()\fR and +\&\fBSSL_CTX_set_stateless_cookie_verify_cb()\fR were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_timeout.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_timeout.3 new file mode 100644 index 00000000..0fc580c9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_timeout.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TIMEOUT 3" +.TH SSL_CTX_SET_TIMEOUT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +\& long SSL_CTX_get_timeout(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for +\&\fBctx\fR to \fBt\fR. The timeout value \fBt\fR must be given in seconds. +.PP +\&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +Whenever a new session is created, it is assigned a maximum lifetime. This +lifetime is specified by storing the creation time of the session and the +timeout value valid at this time. If the actual time is later than creation +time plus timeout, the session is not reused. +.PP +Due to this realization, all sessions behave according to the timeout value +valid at the time of the session negotiation. Changes of the timeout value +do not affect already established sessions. +.PP +The expiration time of a single session can be modified using the +\&\fBSSL_SESSION_get_time\fR\|(3) family of functions. +.PP +Expired sessions are removed from the internal session cache, whenever +\&\fBSSL_CTX_flush_sessions\fR\|(3) is called, either +directly by the application or automatically (see +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)) +.PP +The default value for session timeout is decided on a per protocol +basis, see \fBSSL_get_default_timeout\fR\|(3). +All currently supported protocols have the same default timeout value +of 300 seconds. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_timeout()\fR returns the previously set timeout value. +.PP +\&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_tlsext_servername_callback.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_tlsext_servername_callback.3 new file mode 100644 index 00000000..da10a437 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_tlsext_servername_callback.3 @@ -0,0 +1,285 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3" +.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, SSL_get_servername_type, SSL_get_servername, SSL_set_tlsext_host_name \- handle server name indication (SNI) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx, +\& int (*cb)(SSL *s, int *al, void *arg)); +\& long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); +\& +\& const char *SSL_get_servername(const SSL *s, const int type); +\& int SSL_get_servername_type(const SSL *s); +\& +\& int SSL_set_tlsext_host_name(const SSL *s, const char *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functionality provided by the servername callback is mostly superseded by +the ClientHello callback, which can be set using \fBSSL_CTX_set_client_hello_cb()\fR. +However, even where the ClientHello callback is used, the servername callback is +still necessary in order to acknowledge the servername requested by the client. +.PP +\&\fBSSL_CTX_set_tlsext_servername_callback()\fR sets the application callback \fBcb\fR +used by a server to perform any actions or configuration required based on +the servername extension received in the incoming connection. When \fBcb\fR +is \s-1NULL, SNI\s0 is not used. +.PP +The servername callback should return one of the following values: +.IP "\s-1SSL_TLSEXT_ERR_OK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_OK" +This is used to indicate that the servername requested by the client has been +accepted. Typically a server will call \fBSSL_set_SSL_CTX()\fR in the callback to set +up a different configuration for the selected servername in this case. +.IP "\s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0" 4 +.IX Item "SSL_TLSEXT_ERR_ALERT_FATAL" +In this case the servername requested by the client is not accepted and the +handshake will be aborted. The value of the alert to be used should be stored in +the location pointed to by the \fBal\fR parameter to the callback. By default this +value is initialised to \s-1SSL_AD_UNRECOGNIZED_NAME.\s0 +.IP "\s-1SSL_TLSEXT_ERR_ALERT_WARNING\s0" 4 +.IX Item "SSL_TLSEXT_ERR_ALERT_WARNING" +If this value is returned then the servername is not accepted by the server. +However the handshake will continue and send a warning alert instead. The value +of the alert should be stored in the location pointed to by the \fBal\fR parameter +as for \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 above. Note that TLSv1.3 does not support +warning alerts, so if TLSv1.3 has been negotiated then this return value is +treated the same way as \s-1SSL_TLSEXT_ERR_NOACK.\s0 +.IP "\s-1SSL_TLSEXT_ERR_NOACK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_NOACK" +This return value indicates that the servername is not accepted by the server. +No alerts are sent and the server will not acknowledge the requested servername. +.PP +\&\fBSSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be +passed into the callback (via the \fBarg\fR parameter) for this \fB\s-1SSL_CTX\s0\fR. +.PP +The behaviour of \fBSSL_get_servername()\fR depends on a number of different factors. +In particular note that in TLSv1.3 the servername is negotiated in every +handshake. In TLSv1.2 the servername is only negotiated on initial handshakes +and not on resumption handshakes. +.IP "On the client, before the handshake" 4 +.IX Item "On the client, before the handshake" +If a servername has been set via a call to \fBSSL_set_tlsext_host_name()\fR then it +will return that servername. +.Sp +If one has not been set, but a TLSv1.2 resumption is being attempted and the +session from the original handshake had a servername accepted by the server then +it will return that servername. +.Sp +Otherwise it returns \s-1NULL.\s0 +.IP "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred" 4 +.IX Item "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred" +If the session from the orignal handshake had a servername accepted by the +server then it will return that servername. +.Sp +Otherwise it returns the servername set via \fBSSL_set_tlsext_host_name()\fR or \s-1NULL\s0 +if it was not called. +.IP "On the client, during or after the handshake and a TLSv1.2 (or below) resumption did not occur" 4 +.IX Item "On the client, during or after the handshake and a TLSv1.2 (or below) resumption did not occur" +It will return the servername set via \fBSSL_set_tlsext_host_name()\fR or \s-1NULL\s0 if it +was not called. +.IP "On the server, before the handshake" 4 +.IX Item "On the server, before the handshake" +The function will always return \s-1NULL\s0 before the handshake +.IP "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred" 4 +.IX Item "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred" +If a servername was accepted by the server in the original handshake then it +will return that servername, or \s-1NULL\s0 otherwise. +.IP "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur" 4 +.IX Item "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur" +The function will return the servername requested by the client in this +handshake or \s-1NULL\s0 if none was requested. +.PP +Note that the ClientHello callback occurs before a servername extension from the +client is processed. The servername, certificate and \s-1ALPN\s0 callbacks occur after +a servername extension from the client is processed. +.PP +\&\fBSSL_get_servername_type()\fR returns the servername type or \-1 if no servername +is present. Currently the only supported type (defined in \s-1RFC3546\s0) is +\&\fBTLSEXT_NAMETYPE_host_name\fR. +.PP +\&\fBSSL_set_tlsext_host_name()\fR sets the server name indication ClientHello extension +to contain the value \fBname\fR. The type of server name indication extension is set +to \fBTLSEXT_NAMETYPE_host_name\fR (defined in \s-1RFC3546\s0). +.SH "NOTES" +.IX Header "NOTES" +Several callbacks are executed during ClientHello processing, including +the ClientHello, \s-1ALPN,\s0 and servername callbacks. The ClientHello callback is +executed first, then the servername callback, followed by the \s-1ALPN\s0 callback. +.PP +The \fBSSL_set_tlsext_host_name()\fR function should only be called on \s-1SSL\s0 objects +that will act as clients; otherwise the configured \fBname\fR will be ignored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_tlsext_servername_callback()\fR and +\&\fBSSL_CTX_set_tlsext_servername_arg()\fR both always return 1 indicating success. +\&\fBSSL_set_tlsext_host_name()\fR returns 1 on success, 0 in case of error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_alpn_select_cb\fR\|(3), +\&\fBSSL_get0_alpn_selected\fR\|(3), \fBSSL_CTX_set_client_hello_cb\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_get_servername()\fR historically provided some unexpected results in certain +corner cases. This has been fixed from OpenSSL 1.1.1e. +.PP +Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2 +handshake, the server accepted it, and then the client successfully resumed but +set a different explict servername in the second handshake then when called by +the client it returned the servername from the second handshake. This has now +been changed to return the servername requested in the original handshake. +.PP +Also prior to 1.1.1e, if the client sent a servername in the first handshake but +the server did not accept it, and then a second handshake occured where TLSv1.2 +resumption was successful then when called by the server it returned the +servername requested in the original handshake. This has now been changed to +\&\s-1NULL.\s0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_tlsext_status_cb.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_tlsext_status_cb.3 new file mode 100644 index 00000000..8b06e4e1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_tlsext_status_cb.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_STATUS_CB 3" +.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_status_cb, SSL_CTX_get_tlsext_status_cb, SSL_CTX_set_tlsext_status_arg, SSL_CTX_get_tlsext_status_arg, SSL_CTX_set_tlsext_status_type, SSL_CTX_get_tlsext_status_type, SSL_set_tlsext_status_type, SSL_get_tlsext_status_type, SSL_get_tlsext_status_ocsp_resp, SSL_set_tlsext_status_ocsp_resp \&\- OCSP Certificate Status Request functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *)); +\& long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *)); +\& +\& long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); +\& long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg); +\& +\& long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type); +\& long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx); +\& +\& long SSL_set_tlsext_status_type(SSL *s, int type); +\& long SSL_get_tlsext_status_type(SSL *s); +\& +\& long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp); +\& long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A client application may request that a server send back an \s-1OCSP\s0 status response +(also known as \s-1OCSP\s0 stapling). To do so the client should call the +\&\fBSSL_CTX_set_tlsext_status_type()\fR function prior to the creation of any \s-1SSL\s0 +objects. Alternatively an application can call the \fBSSL_set_tlsext_status_type()\fR +function on an individual \s-1SSL\s0 object prior to the start of the handshake. +Currently the only supported type is \fBTLSEXT_STATUSTYPE_ocsp\fR. This value +should be passed in the \fBtype\fR argument. Calling +\&\fBSSL_CTX_get_tlsext_status_type()\fR will return the type \fBTLSEXT_STATUSTYPE_ocsp\fR +previously set via \fBSSL_CTX_set_tlsext_status_type()\fR or \-1 if not set. +.PP +The client should additionally provide a callback function to decide what to do +with the returned \s-1OCSP\s0 response by calling \fBSSL_CTX_set_tlsext_status_cb()\fR. The +callback function should determine whether the returned \s-1OCSP\s0 response is +acceptable or not. The callback will be passed as an argument the value +previously set via a call to \fBSSL_CTX_set_tlsext_status_arg()\fR. Note that the +callback will not be called in the event of a handshake where session resumption +occurs (because there are no Certificates exchanged in such a handshake). +The callback previously set via \fBSSL_CTX_set_tlsext_status_cb()\fR can be retrieved +by calling \fBSSL_CTX_get_tlsext_status_cb()\fR, and the argument by calling +\&\fBSSL_CTX_get_tlsext_status_arg()\fR. +.PP +On the client side \fBSSL_get_tlsext_status_type()\fR can be used to determine whether +the client has previously called \fBSSL_set_tlsext_status_type()\fR. It will return +\&\fBTLSEXT_STATUSTYPE_ocsp\fR if it has been called or \-1 otherwise. On the server +side \fBSSL_get_tlsext_status_type()\fR can be used to determine whether the client +requested \s-1OCSP\s0 stapling. If the client requested it then this function will +return \fBTLSEXT_STATUSTYPE_ocsp\fR, or \-1 otherwise. +.PP +The response returned by the server can be obtained via a call to +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR. The value \fB*resp\fR will be updated to point +to the \s-1OCSP\s0 response data and the return value will be the length of that data. +Typically a callback would obtain an \s-1OCSP_RESPONSE\s0 object from this data via a +call to the \fBd2i_OCSP_RESPONSE()\fR function. If the server has not provided any +response data then \fB*resp\fR will be \s-1NULL\s0 and the return value from +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR will be \-1. +.PP +A server application must also call the \fBSSL_CTX_set_tlsext_status_cb()\fR function +if it wants to be able to provide clients with \s-1OCSP\s0 Certificate Status +responses. Typically the server callback would obtain the server certificate +that is being sent back to the client via a call to \fBSSL_get_certificate()\fR; +obtain the \s-1OCSP\s0 response to be sent back; and then set that response data by +calling \fBSSL_set_tlsext_status_ocsp_resp()\fR. A pointer to the response data should +be provided in the \fBresp\fR argument, and the length of that data should be in +the \fBlen\fR argument. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The callback when used on the client side should return a negative value on +error; 0 if the response is not acceptable (in which case the handshake will +fail) or a positive value if it is acceptable. +.PP +The callback when used on the server side should return with either +\&\s-1SSL_TLSEXT_ERR_OK\s0 (meaning that the \s-1OCSP\s0 response that has been set should be +returned), \s-1SSL_TLSEXT_ERR_NOACK\s0 (meaning that an \s-1OCSP\s0 response should not be +returned) or \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 (meaning that a fatal error has +occurred). +.PP +\&\fBSSL_CTX_set_tlsext_status_cb()\fR, \fBSSL_CTX_set_tlsext_status_arg()\fR, +\&\fBSSL_CTX_set_tlsext_status_type()\fR, \fBSSL_set_tlsext_status_type()\fR and +\&\fBSSL_set_tlsext_status_ocsp_resp()\fR return 0 on error or 1 on success. +.PP +\&\fBSSL_CTX_get_tlsext_status_type()\fR returns the value previously set by +\&\fBSSL_CTX_set_tlsext_status_type()\fR, or \-1 if not set. +.PP +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR returns the length of the \s-1OCSP\s0 response data +or \-1 if there is no \s-1OCSP\s0 response data. +.PP +\&\fBSSL_get_tlsext_status_type()\fR returns \fBTLSEXT_STATUSTYPE_ocsp\fR on the client +side if \fBSSL_set_tlsext_status_type()\fR was previously called, or on the server +side if the client requested \s-1OCSP\s0 stapling. Otherwise \-1 is returned. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_get_tlsext_status_type()\fR, \fBSSL_CTX_get_tlsext_status_type()\fR +and \fBSSL_CTX_set_tlsext_status_type()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 new file mode 100644 index 00000000..6b0f5f3f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -0,0 +1,323 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3" +.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_ticket_key_cb \- set a callback for session ticket processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx, +\& int (*cb)(SSL *s, unsigned char key_name[16], +\& unsigned char iv[EVP_MAX_IV_LENGTH], +\& EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback function \fIcb\fR for handling +session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in +\&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server +implementation is not required to maintain per session state. It only applies +to \s-1TLS\s0 and there is no SSLv3 implementation. +.PP +The callback function \fIcb\fR will be called for every client instigated \s-1TLS\s0 +session when session ticket extension is presented in the \s-1TLS\s0 hello +message. It is the responsibility of this function to create or retrieve the +cryptographic parameters and to maintain their state. +.PP +The OpenSSL library uses your callback function to help implement a common \s-1TLS\s0 +ticket construction state according to \s-1RFC5077\s0 Section 4 such that per session +state is unnecessary and a small set of cryptographic variables needs to be +maintained by the callback function implementation. +.PP +In order to reuse a session, a \s-1TLS\s0 client must send the a session ticket +extension to the server. The client can only send exactly one session ticket. +The server, through the callback function, either agrees to reuse the session +ticket information or it starts a full \s-1TLS\s0 handshake to create a new session +ticket. +.PP +Before the callback function is started \fIctx\fR and \fIhctx\fR have been +initialised with \fBEVP_CIPHER_CTX_reset\fR\|(3) and \fBHMAC_CTX_reset\fR\|(3) respectively. +.PP +For new sessions tickets, when the client doesn't present a session ticket, or +an attempted retrieval of the ticket failed, or a renew option was indicated, +the callback function will be called with \fIenc\fR equal to 1. The OpenSSL +library expects that the function will set an arbitrary \fIname\fR, initialize +\&\fIiv\fR, and set the cipher context \fIctx\fR and the hash context \fIhctx\fR. +.PP +The \fIname\fR is 16 characters long and is used as a key identifier. +.PP +The \fIiv\fR length is the length of the \s-1IV\s0 of the corresponding cipher. The +maximum \s-1IV\s0 length is \fB\s-1EVP_MAX_IV_LENGTH\s0\fR bytes defined in \fBevp.h\fR. +.PP +The initialization vector \fIiv\fR should be a random value. The cipher context +\&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be +set using \fBEVP_EncryptInit_ex\fR\|(3). The hmac context can be set using +\&\fBHMAC_Init_ex\fR\|(3). +.PP +When the client presents a session ticket, the callback function with be called +with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retrieve a set +of parameters. In this case \fIname\fR and \fIiv\fR have already been parsed out of +the session ticket. The OpenSSL library expects that the \fIname\fR will be used +to retrieve a cryptographic parameters and that the cryptographic context +\&\fIctx\fR will be set with the retrieved parameters and the initialization vector +\&\fIiv\fR. using a function like \fBEVP_DecryptInit_ex\fR\|(3). The \fIhctx\fR needs to be +set using \fBHMAC_Init_ex\fR\|(3). +.PP +If the \fIname\fR is still valid but a renewal of the ticket is required the +callback function should return 2. The library will call the callback again +with an argument of enc equal to 1 to set the new ticket. +.PP +The return value of the \fIcb\fR function is used by OpenSSL to determine what +further processing will occur. The following return values have meaning: +.IP "2" 4 +.IX Item "2" +This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can +continue on those parameters. Additionally it indicates that the session +ticket is in a renewal period and should be replaced. The OpenSSL library will +call \fIcb\fR again with an enc argument of 1 to set the new ticket (see \s-1RFC5077 +3.3\s0 paragraph 2). +.IP "1" 4 +.IX Item "1" +This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can +continue on those parameters. +.IP "0" 4 +This indicates that it was not possible to set/retrieve a session ticket and +the \s-1SSL/TLS\s0 session will continue by negotiating a set of cryptographic +parameters or using the alternate \s-1SSL/TLS\s0 resumption mechanism, session ids. +.Sp +If called with enc equal to 0 the library will call the \fIcb\fR again to get +a new set of parameters. +.IP "less than 0" 4 +.IX Item "less than 0" +This indicates an error. +.SH "NOTES" +.IX Header "NOTES" +Session resumption shortcuts the \s-1TLS\s0 so that the client certificate +negotiation don't occur. It makes up for this by storing client certificate +an all other negotiated state information encrypted within the ticket. In a +resumed session the applications will have all this state information available +exactly as if a full negotiation had occurred. +.PP +If an attacker can obtain the key used to encrypt a session ticket, they can +obtain the master secret for any ticket using that key and decrypt any traffic +using that session: even if the cipher suite supports forward secrecy. As +a result applications may wish to use multiple keys and avoid using long term +keys stored in files. +.PP +Applications can use longer keys to maintain a consistent level of security. +For example if a cipher suite uses 256 bit ciphers but only a 128 bit ticket key +the overall security is only 128 bits because breaking the ticket key will +enable an attacker to obtain the session keys. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +returns 0 to indicate the callback function was set. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Reference Implementation: +.PP +.Vb 2 +\& SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb); +\& ... +\& +\& static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], +\& unsigned char *iv, EVP_CIPHER_CTX *ctx, +\& HMAC_CTX *hctx, int enc) +\& { +\& if (enc) { /* create new session */ +\& if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) +\& return \-1; /* insufficient random */ +\& +\& key = currentkey(); /* something that you need to implement */ +\& if (key == NULL) { +\& /* current key doesn\*(Aqt exist or isn\*(Aqt valid */ +\& key = createkey(); /* +\& * Something that you need to implement. +\& * createkey needs to initialise a name, +\& * an aes_key, a hmac_key and optionally +\& * an expire time. +\& */ +\& if (key == NULL) /* key couldn\*(Aqt be created */ +\& return 0; +\& } +\& memcpy(key_name, key\->name, 16); +\& +\& EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); +\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); +\& +\& return 1; +\& +\& } else { /* retrieve session */ +\& key = findkey(name); +\& +\& if (key == NULL || key\->expire < now()) +\& return 0; +\& +\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); +\& EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); +\& +\& if (key\->expire < now() \- RENEW_TIME) { +\& /* +\& * return 2 \- This session will get a new ticket even though the +\& * current one is still valid. +\& */ +\& return 2; +\& } +\& return 1; +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBSSL_CTX_set_session_id_context\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_tlsext_use_srtp.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_tlsext_use_srtp.3 new file mode 100644 index 00000000..eb4ee508 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_tlsext_use_srtp.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_USE_SRTP 3" +.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_use_srtp, SSL_set_tlsext_use_srtp, SSL_get_srtp_profiles, SSL_get_selected_srtp_profile \&\- Configure and query SRTP support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +\& int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); +\& +\& STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +\& SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SRTP\s0 is the Secure Real-Time Transport Protocol. OpenSSL implements support for +the \*(L"use_srtp\*(R" \s-1DTLS\s0 extension defined in \s-1RFC5764.\s0 This provides a mechanism for +establishing \s-1SRTP\s0 keying material, algorithms and parameters using \s-1DTLS.\s0 This +capability may be used as part of an implementation that conforms to \s-1RFC5763.\s0 +OpenSSL does not implement \s-1SRTP\s0 itself or \s-1RFC5763.\s0 Note that OpenSSL does not +support the use of \s-1SRTP\s0 Master Key Identifiers (MKIs). Also note that this +extension is only supported in \s-1DTLS.\s0 Any \s-1SRTP\s0 configuration will be ignored if a +\&\s-1TLS\s0 connection is attempted. +.PP +An OpenSSL client wishing to send the \*(L"use_srtp\*(R" extension should call +\&\fBSSL_CTX_set_tlsext_use_srtp()\fR to set its use for all \s-1SSL\s0 objects subsequently +created from an \s-1SSL_CTX.\s0 Alternatively a client may call +\&\fBSSL_set_tlsext_use_srtp()\fR to set its use for an individual \s-1SSL\s0 object. The +\&\fBprofiles\fR parameters should point to a NUL-terminated, colon delimited list of +\&\s-1SRTP\s0 protection profile names. +.PP +The currently supported protection profile names are: +.IP "\s-1SRTP_AES128_CM_SHA1_80\s0" 4 +.IX Item "SRTP_AES128_CM_SHA1_80" +This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_80\s0 defined in \s-1RFC5764.\s0 +.IP "\s-1SRTP_AES128_CM_SHA1_32\s0" 4 +.IX Item "SRTP_AES128_CM_SHA1_32" +This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_32\s0 defined in \s-1RFC5764.\s0 +.IP "\s-1SRTP_AEAD_AES_128_GCM\s0" 4 +.IX Item "SRTP_AEAD_AES_128_GCM" +This corresponds to the profile of the same name defined in \s-1RFC7714.\s0 +.IP "\s-1SRTP_AEAD_AES_256_GCM\s0" 4 +.IX Item "SRTP_AEAD_AES_256_GCM" +This corresponds to the profile of the same name defined in \s-1RFC7714.\s0 +.PP +Supplying an unrecognised protection profile name will result in an error. +.PP +An OpenSSL server wishing to support the \*(L"use_srtp\*(R" extension should also call +\&\fBSSL_CTX_set_tlsext_use_srtp()\fR or \fBSSL_set_tlsext_use_srtp()\fR to indicate the +protection profiles that it is willing to negotiate. +.PP +The currently configured list of protection profiles for either a client or a +server can be obtained by calling \fBSSL_get_srtp_profiles()\fR. This returns a stack +of \s-1SRTP_PROTECTION_PROFILE\s0 objects. The memory pointed to in the return value of +this function should not be freed by the caller. +.PP +After a handshake has been completed the negotiated \s-1SRTP\s0 protection profile (if +any) can be obtained (on the client or the server) by calling +\&\fBSSL_get_selected_srtp_profile()\fR. This function will return \s-1NULL\s0 if no \s-1SRTP\s0 +protection profile was negotiated. The memory returned from this function should +not be freed by the caller. +.PP +If an \s-1SRTP\s0 protection profile has been successfully negotiated then the \s-1SRTP\s0 +keying material (on both the client and server) should be obtained via a call to +\&\fBSSL_export_keying_material\fR\|(3). This call should provide a label value of +\&\*(L"EXTRACTOR\-dtls_srtp\*(R" and a \s-1NULL\s0 context value (use_context is 0). The total +length of keying material obtained should be equal to two times the sum of the +master key length and the salt length as defined for the protection profile in +use. This provides the client write master key, the server write master key, the +client write master salt and the server write master salt in that order. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_tlsext_use_srtp()\fR and \fBSSL_set_tlsext_use_srtp()\fR return 0 on success +or 1 on error. +.PP +\&\fBSSL_get_srtp_profiles()\fR returns a stack of \s-1SRTP_PROTECTION_PROFILE\s0 objects on +success or \s-1NULL\s0 on error or if no protection profiles have been configured. +.PP +\&\fBSSL_get_selected_srtp_profile()\fR returns a pointer to an \s-1SRTP_PROTECTION_PROFILE\s0 +object if one has been negotiated or \s-1NULL\s0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_export_keying_material\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_tmp_dh_callback.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_tmp_dh_callback.3 new file mode 100644 index 00000000..7ae149d8 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_tmp_dh_callback.3 @@ -0,0 +1,269 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3" +.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle DH keys for ephemeral key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, +\& int keylength)); +\& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); +\& +\& void SSL_set_tmp_dh_callback(SSL *ctx, +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, +\& int keylength)); +\& long SSL_set_tmp_dh(SSL *ssl, DH *dh) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be +used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. +The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. +.PP +\&\fBSSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. +The key is inherited by all \fBssl\fR objects created from \fBctx\fR. +.PP +\&\fBSSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. +.PP +\&\fBSSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. +.PP +These functions apply to \s-1SSL/TLS\s0 servers only. +.SH "NOTES" +.IX Header "NOTES" +When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1DH\s0 key exchange +can take place. Ciphers with \s-1DSA\s0 keys always use ephemeral \s-1DH\s0 keys as well. +In these cases, the session data are negotiated using the +ephemeral/temporary \s-1DH\s0 key and the key supplied and certified +by the certificate chain is only used for signing. +Anonymous ciphers (without a permanent server key) also use ephemeral \s-1DH\s0 keys. +.PP +Using ephemeral \s-1DH\s0 key exchange yields forward secrecy, as the connection +can only be decrypted, when the \s-1DH\s0 key is known. By generating a temporary +\&\s-1DH\s0 key inside the server application that is lost when the application +is left, it becomes impossible for an attacker to decrypt past sessions, +even if he gets hold of the normal (certified) key, as this key was +only used for signing. +.PP +In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group +(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate +a new \s-1DH\s0 key during the negotiation. +.PP +As generating \s-1DH\s0 parameters is extremely time consuming, an application +should not generate the parameters on the fly but supply the parameters. +\&\s-1DH\s0 parameters can be reused, as the actual key is newly generated during +the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker +may specialize on a very often used \s-1DH\s0 group. Applications should therefore +generate their own \s-1DH\s0 parameters during the installation process using the +openssl \fBdhparam\fR\|(1) application. This application +guarantees that \*(L"strong\*(R" primes are used. +.PP +Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current +version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, +which use safe primes and were generated verifiably pseudo-randomly. +These files can be converted into C code using the \fB\-C\fR option of the +\&\fBdhparam\fR\|(1) application. Generation of custom \s-1DH\s0 +parameters during installation should still be preferred to stop an +attacker from specializing on a commonly used group. File dh1024.pem +contains old parameters that must not be used by applications. +.PP +An application may either directly specify the \s-1DH\s0 parameters or +can supply the \s-1DH\s0 parameters via a callback function. +.PP +Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR +parameters to control parameter generation for export and non-export +cipher suites. Modern servers that do not support export cipher suites +are advised to either use \fBSSL_CTX_set_tmp_dh()\fR or alternatively, use +the callback but ignore \fBkeylength\fR and \fBis_export\fR and simply +supply at least 2048\-bit parameters in the callback. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_tmp_dh_callback()\fR and \fBSSL_set_tmp_dh_callback()\fR do not return +diagnostic output. +.PP +\&\fBSSL_CTX_set_tmp_dh()\fR and \fBSSL_set_tmp_dh()\fR do return 1 on success and 0 +on failure. Check the error queue to find out the reason of failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Setup \s-1DH\s0 parameters with a key length of 2048 bits. (Error handling +partly left out.) +.PP +Command-line parameter generation: +.PP +.Vb 1 +\& $ openssl dhparam \-out dh_param_2048.pem 2048 +.Ve +.PP +Code for setting up parameters during server initialization: +.PP +.Vb 1 +\& SSL_CTX ctx = SSL_CTX_new(); +\& +\& DH *dh_2048 = NULL; +\& FILE *paramfile = fopen("dh_param_2048.pem", "r"); +\& +\& if (paramfile) { +\& dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); +\& fclose(paramfile); +\& } else { +\& /* Error. */ +\& } +\& if (dh_2048 == NULL) +\& /* Error. */ +\& if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) +\& /* Error. */ +\& ... +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBciphers\fR\|(1), \fBdhparam\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_verify.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_verify.3 new file mode 100644 index 00000000..f4445077 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_set_verify.3 @@ -0,0 +1,472 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_VERIFY 3" +.TH SSL_CTX_SET_VERIFY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_ex_data_X509_STORE_CTX_idx, SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth, SSL_verify_cb, SSL_verify_client_post_handshake, SSL_set_post_handshake_auth, SSL_CTX_set_post_handshake_auth \&\- set peer certificate verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); +\& +\& void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback); +\& void SSL_set_verify(SSL *ssl, int mode, SSL_verify_cb verify_callback); +\& SSL_get_ex_data_X509_STORE_CTX_idx(void); +\& +\& void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +\& void SSL_set_verify_depth(SSL *ssl, int depth); +\& +\& int SSL_verify_client_post_handshake(SSL *ssl); +\& void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +\& void SSL_set_post_handshake_auth(SSL *ssl, int val); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and +specifies the \fBverify_callback\fR function to be used. If no callback function +shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. +.PP +\&\fBSSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and +specifies the \fBverify_callback\fR function to be used. If no callback function +shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In +this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If +no special \fBcallback\fR was set before, the default callback for the underlying +\&\fBctx\fR is used, that was valid at the time \fBssl\fR was created with +\&\fBSSL_new\fR\|(3). Within the callback function, +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR can be called to get the data index +of the current \s-1SSL\s0 object that is doing the verification. +.PP +\&\fBSSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +verification that shall be allowed for \fBctx\fR. +.PP +\&\fBSSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +verification that shall be allowed for \fBssl\fR. +.PP +\&\fBSSL_CTX_set_post_handshake_auth()\fR and \fBSSL_set_post_handshake_auth()\fR enable the +Post-Handshake Authentication extension to be added to the ClientHello such that +post-handshake authentication can be requested by the server. If \fBval\fR is 0 +then the extension is not sent, otherwise it is. By default the extension is not +sent. A certificate callback will need to be set via +\&\fBSSL_CTX_set_client_cert_cb()\fR if no certificate is provided at initialization. +.PP +\&\fBSSL_verify_client_post_handshake()\fR causes a CertificateRequest message to be +sent by a server on the given \fBssl\fR connection. The \s-1SSL_VERIFY_PEER\s0 flag must +be set; the \s-1SSL_VERIFY_POST_HANDSHAKE\s0 flag is optional. +.SH "NOTES" +.IX Header "NOTES" +The verification of certificates can be controlled by a set of logically +or'ed \fBmode\fR flags: +.IP "\s-1SSL_VERIFY_NONE\s0" 4 +.IX Item "SSL_VERIFY_NONE" +\&\fBServer mode:\fR the server will not send a client certificate request to the +client, so the client will not send a certificate. +.Sp +\&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the +server will send a certificate which will be checked. The result of the +certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake +using the \fBSSL_get_verify_result\fR\|(3) function. +The handshake will be continued regardless of the verification result. +.IP "\s-1SSL_VERIFY_PEER\s0" 4 +.IX Item "SSL_VERIFY_PEER" +\&\fBServer mode:\fR the server sends a client certificate request to the client. +The certificate returned (if any) is checked. If the verification process +fails, the \s-1TLS/SSL\s0 handshake is +immediately terminated with an alert message containing the reason for +the verification failure. +The behaviour can be controlled by the additional +\&\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSL_VERIFY_CLIENT_ONCE\s0 and +\&\s-1SSL_VERIFY_POST_HANDSHAKE\s0 flags. +.Sp +\&\fBClient mode:\fR the server certificate is verified. If the verification process +fails, the \s-1TLS/SSL\s0 handshake is +immediately terminated with an alert message containing the reason for +the verification failure. If no server certificate is sent, because an +anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored. +.IP "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4 +.IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" +\&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0 +handshake is immediately terminated with a \*(L"handshake failure\*(R" alert. +This flag must be used together with \s-1SSL_VERIFY_PEER.\s0 +.Sp +\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +.IP "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 +.IX Item "SSL_VERIFY_CLIENT_ONCE" +\&\fBServer mode:\fR only request a client certificate once during the +connection. Do not ask for a client certificate again during +renegotiation or post-authentication if a certificate was requested +during the initial handshake. This flag must be used together with +\&\s-1SSL_VERIFY_PEER.\s0 +.Sp +\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +.IP "\s-1SSL_VERIFY_POST_HANDSHAKE\s0" 4 +.IX Item "SSL_VERIFY_POST_HANDSHAKE" +\&\fBServer mode:\fR the server will not send a client certificate request +during the initial handshake, but will send the request via +\&\fBSSL_verify_client_post_handshake()\fR. This allows the \s-1SSL_CTX\s0 or \s-1SSL\s0 +to be configured for post-handshake peer verification before the +handshake occurs. This flag must be used together with +\&\s-1SSL_VERIFY_PEER.\s0 TLSv1.3 only; no effect on pre\-TLSv1.3 connections. +.Sp +\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +.PP +If the \fBmode\fR is \s-1SSL_VERIFY_NONE\s0 none of the other flags may be set. +.PP +The actual verification procedure is performed either using the built-in +verification procedure or using another application provided verification +function set with +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3). +The following descriptions apply in the case of the built-in procedure. An +application provided procedure also has access to the verify depth information +and the \fBverify_callback()\fR function, but the way this information is used +may be different. +.PP +\&\fBSSL_CTX_set_verify_depth()\fR and \fBSSL_set_verify_depth()\fR set a limit on the +number of certificates between the end-entity and trust-anchor certificates. +Neither the +end-entity nor the trust-anchor certificates count against \fBdepth\fR. If the +certificate chain needed to reach a trusted issuer is longer than \fBdepth+2\fR, +X509_V_ERR_CERT_CHAIN_TOO_LONG will be issued. +The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R", +\&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum +depth to 2 allows the levels 0, 1, 2 and 3 (0 being the end-entity and 3 the +trust-anchor). +The default depth limit is 100, +allowing for the peer certificate, at most 100 intermediate \s-1CA\s0 certificates and +a final trust anchor certificate. +.PP +The \fBverify_callback\fR function is used to control the behaviour when the +\&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and +receives two arguments: \fBpreverify_ok\fR indicates, whether the verification of +the certificate in question was passed (preverify_ok=1) or not +(preverify_ok=0). \fBx509_ctx\fR is a pointer to the complete context used +for the certificate chain verification. +.PP +The certificate chain is checked starting with the deepest nesting level +(the root \s-1CA\s0 certificate) and worked upward to the peer's certificate. +At each level signatures and issuer attributes are checked. Whenever +a verification error is found, the error number is stored in \fBx509_ctx\fR +and \fBverify_callback\fR is called with \fBpreverify_ok\fR=0. By applying +X509_CTX_store_* functions \fBverify_callback\fR can locate the certificate +in question and perform additional steps (see \s-1EXAMPLES\s0). If no error is +found for a certificate, \fBverify_callback\fR is called with \fBpreverify_ok\fR=1 +before advancing to the next level. +.PP +The return value of \fBverify_callback\fR controls the strategy of the further +verification process. If \fBverify_callback\fR returns 0, the verification +process is immediately stopped with \*(L"verification failed\*(R" state. If +\&\s-1SSL_VERIFY_PEER\s0 is set, a verification failure alert is sent to the peer and +the \s-1TLS/SSL\s0 handshake is terminated. If \fBverify_callback\fR returns 1, +the verification process is continued. If \fBverify_callback\fR always returns +1, the \s-1TLS/SSL\s0 handshake will not be terminated with respect to verification +failures and the connection will be established. The calling process can +however retrieve the error code of the last verification error using +\&\fBSSL_get_verify_result\fR\|(3) or by maintaining its +own error storage managed by \fBverify_callback\fR. +.PP +If no \fBverify_callback\fR is specified, the default callback will be used. +Its return value is identical to \fBpreverify_ok\fR, so that any verification +failure will lead to a termination of the \s-1TLS/SSL\s0 handshake with an +alert message, if \s-1SSL_VERIFY_PEER\s0 is set. +.PP +After calling \fBSSL_set_post_handshake_auth()\fR, the client will need to add a +certificate or certificate callback to its configuration before it can +successfully authenticate. This must be called before \fBSSL_connect()\fR. +.PP +\&\fBSSL_verify_client_post_handshake()\fR requires that verify flags have been +previously set, and that a client sent the post-handshake authentication +extension. When the client returns a certificate the verify callback will be +invoked. A write operation must take place for the Certificate Request to be +sent to the client, this can be done with \fBSSL_do_handshake()\fR or \fBSSL_write_ex()\fR. +Only one certificate request may be outstanding at any time. +.PP +When post-handshake authentication occurs, a refreshed NewSessionTicket +message is sent to the client. +.SH "BUGS" +.IX Header "BUGS" +In client mode, it is not checked whether the \s-1SSL_VERIFY_PEER\s0 flag +is set, but whether any flags other than \s-1SSL_VERIFY_NONE\s0 are set. This can +lead to unexpected behaviour if \s-1SSL_VERIFY_PEER\s0 and other flags are not used as +required. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The SSL*_set_verify*() functions do not provide diagnostic information. +.PP +The \fBSSL_verify_client_post_handshake()\fR function returns 1 if the request +succeeded, and 0 if the request failed. The error stack can be examined +to determine the failure reason. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following code sequence realizes an example \fBverify_callback\fR function +that will always continue the \s-1TLS/SSL\s0 handshake regardless of verification +failure, if wished. The callback realizes a verification depth limit with +more informational output. +.PP +All verification errors are printed; information about the certificate chain +is printed on request. +The example is realized for a server that does allow but not require client +certificates. +.PP +The example makes use of the ex_data technique to store application data +into/retrieve application data from the \s-1SSL\s0 structure +(see \fBCRYPTO_get_ex_new_index\fR\|(3), +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)). +.PP +.Vb 7 +\& ... +\& typedef struct { +\& int verbose_mode; +\& int verify_depth; +\& int always_continue; +\& } mydata_t; +\& int mydata_index; +\& +\& ... +\& static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) +\& { +\& char buf[256]; +\& X509 *err_cert; +\& int err, depth; +\& SSL *ssl; +\& mydata_t *mydata; +\& +\& err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& err = X509_STORE_CTX_get_error(ctx); +\& depth = X509_STORE_CTX_get_error_depth(ctx); +\& +\& /* +\& * Retrieve the pointer to the SSL of the connection currently treated +\& * and the application specific data stored into the SSL object. +\& */ +\& ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); +\& mydata = SSL_get_ex_data(ssl, mydata_index); +\& +\& X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); +\& +\& /* +\& * Catch a too long certificate chain. The depth limit set using +\& * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so +\& * that whenever the "depth>verify_depth" condition is met, we +\& * have violated the limit and want to log this error condition. +\& * We must do it here, because the CHAIN_TOO_LONG error would not +\& * be found explicitly; only errors introduced by cutting off the +\& * additional certificates would be logged. +\& */ +\& if (depth > mydata\->verify_depth) { +\& preverify_ok = 0; +\& err = X509_V_ERR_CERT_CHAIN_TOO_LONG; +\& X509_STORE_CTX_set_error(ctx, err); +\& } +\& if (!preverify_ok) { +\& printf("verify error:num=%d:%s:depth=%d:%s\en", err, +\& X509_verify_cert_error_string(err), depth, buf); +\& } else if (mydata\->verbose_mode) { +\& printf("depth=%d:%s\en", depth, buf); +\& } +\& +\& /* +\& * At this point, err contains the last verification error. We can use +\& * it for something special +\& */ +\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) { +\& X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256); +\& printf("issuer= %s\en", buf); +\& } +\& +\& if (mydata\->always_continue) +\& return 1; +\& else +\& return preverify_ok; +\& } +\& ... +\& +\& mydata_t mydata; +\& +\& ... +\& mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); +\& +\& ... +\& SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, +\& verify_callback); +\& +\& /* +\& * Let the verify_callback catch the verify_depth error so that we get +\& * an appropriate error in the logfile. +\& */ +\& SSL_CTX_set_verify_depth(verify_depth + 1); +\& +\& /* +\& * Set up the SSL specific data into "mydata" and store it into th SSL +\& * structure. +\& */ +\& mydata.verify_depth = verify_depth; ... +\& SSL_set_ex_data(ssl, mydata_index, &mydata); +\& +\& ... +\& SSL_accept(ssl); /* check of success left out for clarity */ +\& if (peer = SSL_get_peer_certificate(ssl)) { +\& if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& /* The client sent a certificate which verified OK */ +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), +\&\fBSSL_CTX_get_verify_mode\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBSSL_get_peer_certificate\fR\|(3), +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBCRYPTO_get_ex_new_index\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SSL_VERIFY_POST_HANDSHAKE\s0 option, and the \fBSSL_verify_client_post_handshake()\fR +and \fBSSL_set_post_handshake_auth()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_use_certificate.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_use_certificate.3 new file mode 100644 index 00000000..3fbc6bd3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_use_certificate.3 @@ -0,0 +1,324 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_USE_CERTIFICATE 3" +.TH SSL_CTX_USE_CERTIFICATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, SSL_CTX_use_cert_and_key, SSL_use_cert_and_key \&\- load certificate and key data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +\& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); +\& int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_use_certificate(SSL *ssl, X509 *x); +\& int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); +\& int SSL_use_certificate_file(SSL *ssl, const char *file, int type); +\& +\& int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +\& int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +\& +\& int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +\& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, +\& long len); +\& int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +\& int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); +\& int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +\& int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len); +\& int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +\& int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +\& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); +\& int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +\& +\& int SSL_CTX_check_private_key(const SSL_CTX *ctx); +\& int SSL_check_private_key(const SSL *ssl); +\& +\& int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); +\& int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions load the certificates and private keys into the \s-1SSL_CTX\s0 +or \s-1SSL\s0 object, respectively. +.PP +The SSL_CTX_* class of functions loads the certificates and keys into the +\&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR +created from \fBctx\fR with \fBSSL_new\fR\|(3) by copying, so that +changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects. +.PP +The SSL_* class of functions only loads certificates and keys into a +specific \s-1SSL\s0 object. The specific information is kept, when +\&\fBSSL_clear\fR\|(3) is called for this \s-1SSL\s0 object. +.PP +\&\fBSSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, +\&\fBSSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the +certificates needed to form the complete certificate chain can be +specified using the +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +function. +.PP +\&\fBSSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from +the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR, +\&\fBSSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR. +.PP +\&\fBSSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR +into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified +from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 +\&\fBSSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. +See the \s-1NOTES\s0 section on why \fBSSL_CTX_use_certificate_chain_file()\fR +should be preferred. +.PP +\&\fBSSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from +\&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must +be sorted starting with the subject's certificate (actual client or server +certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and +ending at the highest level (root) \s-1CA.\s0 \fBSSL_use_certificate_chain_file()\fR is +similar except it loads the certificate chain into \fBssl\fR. +.PP +\&\fBSSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. +\&\fBSSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 +to \fBctx\fR. \fBSSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; +\&\fBSSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. +If a certificate has already been set and the private does not belong +to the certificate an error is returned. To change a certificate, private +key pair the new certificate needs to be set with \fBSSL_use_certificate()\fR +or \fBSSL_CTX_use_certificate()\fR before setting the private key with +\&\fBSSL_CTX_use_PrivateKey()\fR or \fBSSL_use_PrivateKey()\fR. +.PP +\&\fBSSL_CTX_use_cert_and_key()\fR and \fBSSL_use_cert_and_key()\fR assign the X.509 +certificate \fBx\fR, private key \fBkey\fR, and certificate \fBchain\fR onto the +corresponding \fBssl\fR or \fBctx\fR. The \fBpkey\fR argument must be the private +key of the X.509 certificate \fBx\fR. If the \fBoverride\fR argument is 0, then +\&\fBx\fR, \fBpkey\fR and \fBchain\fR are set only if all were not previously set. +If \fBoverride\fR is non\-0, then the certificate, private key and chain certs +are always set. If \fBpkey\fR is \s-1NULL,\s0 then the public key of \fBx\fR is used as +the private key. This is intended to be used with hardware (via the \s-1ENGINE\s0 +interface) that stores the private key securely, such that it cannot be +accessed by OpenSSL. The reference count of the public key is incremented +(twice if there is no private key); it is not copied nor duplicated. This +allows all private key validations checks to succeed without an actual +private key being assigned via \fBSSL_CTX_use_PrivateKey()\fR, etc. +.PP +\&\fBSSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR +stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. +\&\fBSSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0 +stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. +\&\fBSSL_use_PrivateKey_ASN1()\fR and \fBSSL_use_RSAPrivateKey_ASN1()\fR add the private +key to \fBssl\fR. +.PP +\&\fBSSL_CTX_use_PrivateKey_file()\fR adds the first private key found in +\&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the private key must be specified +from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 +\&\fBSSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in +\&\fBfile\fR to \fBctx\fR. \fBSSL_use_PrivateKey_file()\fR adds the first private key found +in \fBfile\fR to \fBssl\fR; \fBSSL_use_RSAPrivateKey_file()\fR adds the first private +\&\s-1RSA\s0 key found to \fBssl\fR. +.PP +\&\fBSSL_CTX_check_private_key()\fR checks the consistency of a private key with +the corresponding certificate loaded into \fBctx\fR. If more than one +key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will +be checked. If e.g. the last item was a \s-1RSA\s0 certificate or key, the \s-1RSA\s0 +key/certificate pair will be checked. \fBSSL_check_private_key()\fR performs +the same check for \fBssl\fR. If no key/certificate was explicitly added for +this \fBssl\fR, the last item added into \fBctx\fR will be checked. +.SH "NOTES" +.IX Header "NOTES" +The internal certificate store of OpenSSL can hold several private +key/certificate pairs at a time. The certificate used depends on the +cipher selected, see also \fBSSL_CTX_set_cipher_list\fR\|(3). +.PP +When reading certificates and private keys from file, files of type +\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain +one certificate or private key, consequently +\&\fBSSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. +Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. +.PP +\&\fBSSL_CTX_use_certificate_chain_file()\fR adds the first certificate found +in the file to the certificate store. The other certificates are added +to the store of chain certificates using \fBSSL_CTX_add1_chain_cert\fR\|(3). Note: versions of OpenSSL before 1.0.2 only had a single +certificate chain store for all certificate types, OpenSSL 1.0.2 and later +have a separate chain store for each type. \fBSSL_CTX_use_certificate_chain_file()\fR +should be used instead of the \fBSSL_CTX_use_certificate_file()\fR function in order +to allow the use of complete certificate chains even when no trusted \s-1CA\s0 +storage is used or when the \s-1CA\s0 issuing the certificate shall not be added to +the trusted \s-1CA\s0 storage. +.PP +If additional certificates are needed to complete the chain during the +\&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the +locations of trusted \s-1CA\s0 certificates, see +\&\fBSSL_CTX_load_verify_locations\fR\|(3). +.PP +The private keys loaded from file can be encrypted. In order to successfully +load encrypted keys, a function returning the passphrase must have been +supplied, see +\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3). +(Certificate files might be encrypted as well from the technical point +of view, it however does not make sense as the data in the certificate +is considered public anyway.) +.PP +All of the functions to set a new certificate will replace any existing +certificate of the same type that has already been set. Similarly all of the +functions to set a new private key will replace any private key that has already +been set. Applications should call \fBSSL_CTX_check_private_key\fR\|(3) or +\&\fBSSL_check_private_key\fR\|(3) as appropriate after loading a new certificate and +private key to confirm that the certificate and key match. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success, the functions return 1. +Otherwise check out the error stack to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3), +\&\fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_use_psk_identity_hint.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_use_psk_identity_hint.3 new file mode 100644 index 00000000..213311c9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_use_psk_identity_hint.3 @@ -0,0 +1,269 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3" +.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_psk_server_cb_func, SSL_psk_find_session_cb_func, SSL_CTX_use_psk_identity_hint, SSL_use_psk_identity_hint, SSL_CTX_set_psk_server_callback, SSL_set_psk_server_callback, SSL_CTX_set_psk_find_session_callback, SSL_set_psk_find_session_callback \&\- set PSK identity hint to use +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, +\& const unsigned char *identity, +\& size_t identity_len, +\& SSL_SESSION **sess); +\& +\& +\& void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, +\& SSL_psk_find_session_cb_func cb); +\& void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); +\& +\& typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, +\& const char *identity, +\& unsigned char *psk, +\& unsigned int max_psk_len); +\& +\& int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); +\& int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); +\& +\& void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); +\& void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A server application wishing to use TLSv1.3 PSKs should set a callback +using either \fBSSL_CTX_set_psk_find_session_callback()\fR or +\&\fBSSL_set_psk_find_session_callback()\fR as appropriate. +.PP +The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR and +an identity in \fBidentity\fR of length \fBidentity_len\fR. The callback function +should identify an \s-1SSL_SESSION\s0 object that provides the \s-1PSK\s0 details and store it +in \fB*sess\fR. The \s-1SSL_SESSION\s0 object should, as a minimum, set the master key, +the ciphersuite and the protocol version. See +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) for details. +.PP +It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this +case no \s-1PSK\s0 will be used but the handshake will continue. To do this the +callback should return successfully and ensure that \fB*sess\fR is +\&\s-1NULL.\s0 +.PP +Identity hints are not relevant for TLSv1.3. A server application wishing to use +\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fBSSL_CTX_use_psk_identity_hint()\fR +to set the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for \s-1SSL\s0 context +object \fBctx\fR. \fBSSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 +identity hint \fBhint\fR for the \s-1SSL\s0 connection object \fBssl\fR. If \fBhint\fR is +\&\fB\s-1NULL\s0\fR the current hint from \fBctx\fR or \fBssl\fR is deleted. +.PP +In the case where \s-1PSK\s0 identity hint is \fB\s-1NULL\s0\fR, the server does not send the +ServerKeyExchange message to the client. +.PP +A server application wishing to use PSKs for TLSv1.2 and below must provide a +callback function which is called when the server receives the +ClientKeyExchange message from the client. The purpose of the callback function +is to validate the received \s-1PSK\s0 identity and to fetch the pre-shared key used +during the connection setup phase. The callback is set using the functions +\&\fBSSL_CTX_set_psk_server_callback()\fR or \fBSSL_set_psk_server_callback()\fR. The callback +function is given the connection in parameter \fBssl\fR, \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 +identity sent by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of +length \fBmax_psk_len\fR bytes where the pre-shared key is to be stored. +.PP +The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use \fBSSL_CTX_set_psk_find_session_callback()\fR +or \fBSSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via \fBSSL_CTX_set_psk_find_session_callback()\fR or \fBSSL_set_psk_find_session_callback()\fR +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via \fBSSL_CTX_set_psk_server_callback()\fR or +\&\fBSSL_set_psk_server_callback()\fR and use that. In this case the handshake digest +will default to \s-1SHA\-256\s0 for any returned \s-1PSK.\s0 +.SH "NOTES" +.IX Header "NOTES" +A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption +has occurred so that \fBSSL_session_reused\fR\|(3) will return true. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fB\fBSSL_CTX_use_psk_identity_hint()\fB\fR and \fB\fBSSL_use_psk_identity_hint()\fB\fR return +1 on success, 0 otherwise. +.PP +Return values from the TLSv1.2 and below server callback are interpreted as +follows: +.IP "0" 4 +\&\s-1PSK\s0 identity was not found. An \*(L"unknown_psk_identity\*(R" alert message +will be sent and the connection setup fails. +.IP ">0" 4 +.IX Item ">0" +\&\s-1PSK\s0 identity was found and the server callback has provided the \s-1PSK\s0 +successfully in parameter \fBpsk\fR. Return value is the length of +\&\fBpsk\fR in bytes. It is an error to return a value greater than +\&\fBmax_psk_len\fR. +.Sp +If the \s-1PSK\s0 identity was not found but the callback instructs the +protocol to continue anyway, the callback must provide some random +data to \fBpsk\fR and return the length of the random data, so the +connection will fail with decryption_error before it will be finished +completely. +.PP +The \fBSSL_psk_find_session_cb_func\fR callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails. +.SH "NOTES" +.IX Header "NOTES" +There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or +below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution: +.PP +\&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +\&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), +\&\fBSSL_set_psk_use_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_CTX_set_psk_find_session_callback()\fR and \fBSSL_set_psk_find_session_callback()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_use_serverinfo.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_use_serverinfo.3 new file mode 100644 index 00000000..c8b3d327 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_CTX_use_serverinfo.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_USE_SERVERINFO 3" +.TH SSL_CTX_USE_SERVERINFO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_use_serverinfo_ex, SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file \&\- use serverinfo extension +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, +\& const unsigned char *serverinfo, +\& size_t serverinfo_length); +\& +\& int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, +\& size_t serverinfo_length); +\& +\& int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions load \*(L"serverinfo\*(R" \s-1TLS\s0 extensions into the \s-1SSL_CTX. A\s0 +\&\*(L"serverinfo\*(R" extension is returned in response to an empty ClientHello +Extension. +.PP +\&\fBSSL_CTX_use_serverinfo_ex()\fR loads one or more serverinfo extensions from +a byte array into \fBctx\fR. The \fBversion\fR parameter specifies the format of the +byte array provided in \fB*serverinfo\fR which is of length \fBserverinfo_length\fR. +.PP +If \fBversion\fR is \fB\s-1SSL_SERVERINFOV2\s0\fR then the extensions in the array must +consist of a 4\-byte context, a 2\-byte Extension Type, a 2\-byte length, and then +length bytes of extension_data. The context and type values have the same +meaning as for \fBSSL_CTX_add_custom_ext\fR\|(3). If serverinfo is being loaded for +extensions to be added to a Certificate message, then the extension will only +be added for the first certificate in the message (which is always the +end-entity certificate). +.PP +If \fBversion\fR is \fB\s-1SSL_SERVERINFOV1\s0\fR then the extensions in the array must +consist of a 2\-byte Extension Type, a 2\-byte length, and then length bytes of +extension_data. The type value has the same meaning as for +\&\fBSSL_CTX_add_custom_ext\fR\|(3). The following default context value will be used +in this case: +.PP +.Vb 2 +\& SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO +\& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION +.Ve +.PP +\&\fBSSL_CTX_use_serverinfo()\fR does the same thing as \fBSSL_CTX_use_serverinfo_ex()\fR +except that there is no \fBversion\fR parameter so a default version of +\&\s-1SSL_SERVERINFOV1\s0 is used instead. +.PP +\&\fBSSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from +\&\fBfile\fR into \fBctx\fR. The extensions must be in \s-1PEM\s0 format. Each extension +must be in a format as described above for \fBSSL_CTX_use_serverinfo_ex()\fR. Each +\&\s-1PEM\s0 extension name must begin with the phrase \*(L"\s-1BEGIN SERVERINFOV2 FOR \*(R"\s0 for +\&\s-1SSL_SERVERINFOV2\s0 data or \*(L"\s-1BEGIN SERVERINFO FOR \*(R"\s0 for \s-1SSL_SERVERINFOV1\s0 data. +.PP +If more than one certificate (\s-1RSA/DSA\s0) is installed using +\&\fBSSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the +last certificate installed. If e.g. the last item was a \s-1RSA\s0 certificate, the +loaded serverinfo extension data will be loaded for that certificate. To +use the serverinfo extension for multiple certificates, +\&\fBSSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR +each time a certificate is loaded via a call to \fBSSL_CTX_use_certificate()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success, the functions return 1. +On failure, the functions return 0. Check out the error stack to find out +the reason. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_free.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_free.3 new file mode 100644 index 00000000..517f97de --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_free.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_FREE 3" +.TH SSL_SESSION_FREE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_new, SSL_SESSION_dup, SSL_SESSION_up_ref, SSL_SESSION_free \- create, free and manage SSL_SESSION structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_SESSION *SSL_SESSION_new(void); +\& SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); +\& int SSL_SESSION_up_ref(SSL_SESSION *ses); +\& void SSL_SESSION_free(SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_new()\fR creates a new \s-1SSL_SESSION\s0 structure and returns a pointer to +it. +.PP +\&\fBSSL_SESSION_dup()\fR copies the contents of the \s-1SSL_SESSION\s0 structure in \fBsrc\fR +and returns a pointer to it. +.PP +\&\fBSSL_SESSION_up_ref()\fR increments the reference count on the given \s-1SSL_SESSION\s0 +structure. +.PP +\&\fBSSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes +the \fB\s-1SSL_SESSION\s0\fR structure pointed to by \fBsession\fR and frees up the allocated +memory, if the reference count has reached 0. +If \fBsession\fR is \s-1NULL\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation +is successfully completed. Depending on the settings, see +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and +linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object; +as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0 +object at the same time. It is therefore crucial to keep the reference +count (usage information) correct and not delete a \s-1SSL_SESSION\s0 object +that is still used, as this may lead to program failures due to +dangling pointers. These failures may also appear delayed, e.g. +when an \s-1SSL_SESSION\s0 object was completely freed as the reference count +incorrectly became 0, but it is still referenced in the internal +session cache and the cache list is processed during a +\&\fBSSL_CTX_flush_sessions\fR\|(3) operation. +.PP +\&\fBSSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for +which the reference count was explicitly incremented (e.g. +by calling \fBSSL_get1_session()\fR, see \fBSSL_get_session\fR\|(3)) +or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake +operation, e.g. by using \fBd2i_SSL_SESSION\fR\|(3). +It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause +incorrect reference counts and therefore program failures. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +SSL_SESSION_new returns a pointer to the newly allocated \s-1SSL_SESSION\s0 structure +or \s-1NULL\s0 on error. +.PP +SSL_SESSION_up_ref returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBd2i_SSL_SESSION\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_dup()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get0_cipher.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get0_cipher.3 new file mode 100644 index 00000000..e71a3690 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get0_cipher.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_CIPHER 3" +.TH SSL_SESSION_GET0_CIPHER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_cipher, SSL_SESSION_set_cipher \&\- set and retrieve the SSL cipher associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); +\& int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get0_cipher()\fR retrieves the cipher that was used by the +connection when the session was created, or \s-1NULL\s0 if it cannot be determined. +.PP +The value returned is a pointer to an object maintained within \fBs\fR and +should not be released. +.PP +\&\fBSSL_SESSION_set_cipher()\fR can be used to set the ciphersuite associated with the +\&\s-1SSL_SESSION\s0 \fBs\fR to \fBcipher\fR. For example, this could be used to set up a +session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get0_cipher()\fR returns the \s-1SSL_CIPHER\s0 associated with the \s-1SSL_SESSION\s0 +or \s-1NULL\s0 if it cannot be determined. +.PP +\&\fBSSL_SESSION_set_cipher()\fR returns 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_SESSION_get0_hostname\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_get0_cipher()\fR function was added in OpenSSL 1.1.0. +The \fBSSL_SESSION_set_cipher()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get0_hostname.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get0_hostname.3 new file mode 100644 index 00000000..1f5c4755 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get0_hostname.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_HOSTNAME 3" +.TH SSL_SESSION_GET0_HOSTNAME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_hostname, SSL_SESSION_set1_hostname, SSL_SESSION_get0_alpn_selected, SSL_SESSION_set1_alpn_selected \&\- get and set SNI and ALPN data associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +\& int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +\& +\& void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, +\& const unsigned char **alpn, +\& size_t *len); +\& int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, +\& size_t len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get0_hostname()\fR retrieves the \s-1SNI\s0 value that was sent by the +client when the session was created if it was accepted by the server and TLSv1.2 +or below was negotiated. Otherwise \s-1NULL\s0 is returned. Note that in TLSv1.3 the +\&\s-1SNI\s0 hostname is negotiated with each handshake including resumption handshakes +and is therefore never associated with the session. +.PP +The value returned is a pointer to memory maintained within \fBs\fR and +should not be free'd. +.PP +\&\fBSSL_SESSION_set1_hostname()\fR sets the \s-1SNI\s0 value for the hostname to a copy of +the string provided in hostname. +.PP +\&\fBSSL_SESSION_get0_alpn_selected()\fR retrieves the selected \s-1ALPN\s0 protocol for this +session and its associated length in bytes. The returned value of \fB*alpn\fR is a +pointer to memory maintained within \fBs\fR and should not be free'd. +.PP +\&\fBSSL_SESSION_set1_alpn_selected()\fR sets the \s-1ALPN\s0 protocol for this session to the +value in \fBalpn\fR which should be of length \fBlen\fR bytes. A copy of the input +value is made, and the caller retains ownership of the memory pointed to by +\&\fBalpn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get0_hostname()\fR returns either a string or \s-1NULL\s0 based on if there +is the \s-1SNI\s0 value sent by client. +.PP +\&\fBSSL_SESSION_set1_hostname()\fR returns 1 on success or 0 on error. +.PP +\&\fBSSL_SESSION_set1_alpn_selected()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_set1_hostname()\fR, \fBSSL_SESSION_get0_alpn_selected()\fR and +\&\fBSSL_SESSION_set1_alpn_selected()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get0_id_context.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get0_id_context.3 new file mode 100644 index 00000000..415113f2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get0_id_context.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_ID_CONTEXT 3" +.TH SSL_SESSION_GET0_ID_CONTEXT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_id_context, SSL_SESSION_set1_id_context \&\- get and set the SSL ID context associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, +\& unsigned int *len) +\& int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +See \fBSSL_CTX_set_session_id_context\fR\|(3) for further details on session \s-1ID\s0 +contexts. +.PP +\&\fBSSL_SESSION_get0_id_context()\fR returns the \s-1ID\s0 context associated with +the \s-1SSL/TLS\s0 session \fBs\fR. The length of the \s-1ID\s0 context is written to +\&\fB*len\fR if \fBlen\fR is not \s-1NULL.\s0 +.PP +The value returned is a pointer to an object maintained within \fBs\fR and +should not be released. +.PP +\&\fBSSL_SESSION_set1_id_context()\fR takes a copy of the provided \s-1ID\s0 context given in +\&\fBsid_ctx\fR and associates it with the session \fBs\fR. The length of the \s-1ID\s0 context +is given by \fBsid_ctx_len\fR which must not exceed \s-1SSL_MAX_SID_CTX_LENGTH\s0 bytes. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_set1_id_context()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_set_session_id_context\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_get0_id_context()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get0_peer.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get0_peer.3 new file mode 100644 index 00000000..55155fc3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get0_peer.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_PEER 3" +.TH SSL_SESSION_GET0_PEER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_peer \&\- get details about peer's certificate for a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get0_peer()\fR returns the peer certificate associated with the session +\&\fBs\fR or \s-1NULL\s0 if no peer certificate is available. The caller should not free the +returned value (unless \fBX509_up_ref\fR\|(3) has also been called). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get0_peer()\fR returns a pointer to the peer certificate or \s-1NULL\s0 if +no peer certificate is available. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get_compress_id.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get_compress_id.3 new file mode 100644 index 00000000..1bcdb163 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get_compress_id.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_COMPRESS_ID 3" +.TH SSL_SESSION_GET_COMPRESS_ID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_compress_id \&\- get details about the compression associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +If compression has been negotiated for an ssl session then +\&\fBSSL_SESSION_get_compress_id()\fR will return the id for the compression method or +0 otherwise. The only built-in supported compression method is zlib which has an +id of 1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get_compress_id()\fR returns the id of the compression method or 0 if +none. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get_ex_data.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get_ex_data.3 new file mode 100644 index 00000000..039a60b1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get_ex_data.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_EX_DATA 3" +.TH SSL_SESSION_GET_EX_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \&\- get and set application specific data on a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); +\& void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_set_ex_data()\fR enables an application to store arbitrary application +specific data \fBdata\fR in an \s-1SSL_SESSION\s0 structure \fBss\fR. The index \fBidx\fR should +be a value previously returned from a call to \fBCRYPTO_get_ex_new_index\fR\|(3). +.PP +\&\fBSSL_SESSION_get_ex_data()\fR retrieves application specific data previously stored +in an \s-1SSL_SESSION\s0 structure \fBs\fR. The \fBidx\fR value should be the same as that +used when originally storing the data. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_set_ex_data()\fR returns 1 for success or 0 for failure. +.PP +\&\fBSSL_SESSION_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on +failure. \s-1NULL\s0 may also be a valid value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBCRYPTO_get_ex_new_index\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get_protocol_version.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get_protocol_version.3 new file mode 100644 index 00000000..aa5f8996 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get_protocol_version.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_PROTOCOL_VERSION 3" +.TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_protocol_version, SSL_SESSION_set_protocol_version \&\- get and set the session protocol version +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +\& int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get_protocol_version()\fR returns the protocol version number used +by session \fBs\fR. +.PP +\&\fBSSL_SESSION_set_protocol_version()\fR sets the protocol version associated with the +\&\s-1SSL_SESSION\s0 object \fBs\fR to the value \fBversion\fR. This value should be a version +constant such as \fB\s-1TLS1_3_VERSION\s0\fR etc. For example, this could be used to set +up a session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get_protocol_version()\fR returns a number indicating the protocol +version used for the session; this number matches the constants \fIe.g.\fR +\&\fB\s-1TLS1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR or \fB\s-1TLS1_3_VERSION\s0\fR. +.PP +Note that the \fBSSL_SESSION_get_protocol_version()\fR function +does \fBnot\fR perform a null check on the provided session \fBs\fR pointer. +.PP +\&\fBSSL_SESSION_set_protocol_version()\fR returns 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_get_protocol_version()\fR function was added in OpenSSL 1.1.0. +The \fBSSL_SESSION_set_protocol_version()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get_time.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get_time.3 new file mode 100644 index 00000000..daf0671c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_get_time.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_TIME 3" +.TH SSL_SESSION_GET_TIME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_set_timeout, SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout \&\- retrieve and manipulate session time and timeout settings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_SESSION_get_time(const SSL_SESSION *s); +\& long SSL_SESSION_set_time(SSL_SESSION *s, long tm); +\& long SSL_SESSION_get_timeout(const SSL_SESSION *s); +\& long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm); +\& +\& long SSL_get_time(const SSL_SESSION *s); +\& long SSL_set_time(SSL_SESSION *s, long tm); +\& long SSL_get_timeout(const SSL_SESSION *s); +\& long SSL_set_timeout(SSL_SESSION *s, long tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was +established. The time is given in seconds since the Epoch and therefore +compatible to the time delivered by the \fBtime()\fR call. +.PP +\&\fBSSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with +the chosen value \fBtm\fR. +.PP +\&\fBSSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR +in seconds. +.PP +\&\fBSSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds +to \fBtm\fR. +.PP +The \fBSSL_get_time()\fR, \fBSSL_set_time()\fR, \fBSSL_get_timeout()\fR, and \fBSSL_set_timeout()\fR +functions are synonyms for the SSL_SESSION_*() counterparts. +.SH "NOTES" +.IX Header "NOTES" +Sessions are expired by examining the creation time and the timeout value. +Both are set at creation time of the session to the actual time and the +default timeout value at creation, respectively, as set by +\&\fBSSL_CTX_set_timeout\fR\|(3). +Using these functions it is possible to extend or shorten the lifetime +of the session. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get_time()\fR and \fBSSL_SESSION_get_timeout()\fR return the currently +valid values. +.PP +\&\fBSSL_SESSION_set_time()\fR and \fBSSL_SESSION_set_timeout()\fR return 1 on success. +.PP +If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR, +0 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_has_ticket.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_has_ticket.3 new file mode 100644 index 00000000..67bac9d2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_has_ticket.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_HAS_TICKET 3" +.TH SSL_SESSION_HAS_TICKET 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_ticket, SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint \&\- get details about the ticket associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_has_ticket(const SSL_SESSION *s); +\& unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +\& void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, +\& size_t *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_has_ticket()\fR returns 1 if there is a Session Ticket associated with +this session, and 0 otherwise. +.PP +SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds +associated with the session ticket. +.PP +SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a +session. The length of the ticket is written to \fB*len\fR. If \fBtick\fR is non +\&\s-1NULL\s0 then a pointer to the ticket is written to \fB*tick\fR. The pointer is only +valid while the connection is in use. The session (and hence the ticket pointer) +may also become invalid as a result of a call to \fBSSL_CTX_flush_sessions()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_has_ticket()\fR returns 1 if session ticket exists or 0 otherwise. +.PP +\&\fBSSL_SESSION_get_ticket_lifetime_hint()\fR returns the number of seconds. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_has_ticket()\fR, \fBSSL_SESSION_get_ticket_lifetime_hint()\fR +and \fBSSL_SESSION_get0_ticket()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_is_resumable.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_is_resumable.3 new file mode 100644 index 00000000..5fba8af1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_is_resumable.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_IS_RESUMABLE 3" +.TH SSL_SESSION_IS_RESUMABLE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_is_resumable \&\- determine whether an SSL_SESSION object can be used for resumption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_is_resumable(const SSL_SESSION *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_is_resumable()\fR determines whether an \s-1SSL_SESSION\s0 object can be used +to resume a session or not. Returns 1 if it can or 0 if not. Note that +attempting to resume with a non-resumable session will result in a full +handshake. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_is_resumable()\fR returns 1 if the session is resumable or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_get_session\fR\|(3), +\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_is_resumable()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_print.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_print.3 new file mode 100644 index 00000000..ca5568fb --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_print.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_PRINT 3" +.TH SSL_SESSION_PRINT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_print, SSL_SESSION_print_fp, SSL_SESSION_print_keylog \&\- printf information about a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +\& int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); +\& int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_print()\fR prints summary information about the session provided in +\&\fBses\fR to the \s-1BIO\s0 \fBfp\fR. +.PP +\&\fBSSL_SESSION_print_fp()\fR does the same as \fBSSL_SESSION_print()\fR except it prints it +to the \s-1FILE\s0 \fBfp\fR. +.PP +\&\fBSSL_SESSION_print_keylog()\fR prints session information to the provided \s-1BIO\s0 +in \s-1NSS\s0 keylog format. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_print()\fR, \fBSSL_SESSION_print_fp()\fR and SSL_SESSION_print_keylog return +1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_set1_id.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_set1_id.3 new file mode 100644 index 00000000..1cc5d613 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_SESSION_set1_id.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_SET1_ID 3" +.TH SSL_SESSION_SET1_ID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_id, SSL_SESSION_set1_id \&\- get and set the SSL session ID +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, +\& unsigned int *len) +\& int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, +\& unsigned int sid_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get_id()\fR returns a pointer to the internal session id value for the +session \fBs\fR. The length of the id in bytes is stored in \fB*len\fR. The length may +be 0. The caller should not free the returned pointer directly. +.PP +\&\fBSSL_SESSION_set1_id()\fR sets the session \s-1ID\s0 for the \fBssl\fR \s-1SSL/TLS\s0 session +to \fBsid\fR of length \fBsid_len\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get_id()\fR returns a pointer to the session id value. +\&\fBSSL_SESSION_set1_id()\fR returns 1 for success and 0 for failure, for example +if the supplied session \s-1ID\s0 length exceeds \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_set1_id()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_accept.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_accept.3 new file mode 100644 index 00000000..1ae4a174 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_accept.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_ACCEPT 3" +.TH SSL_ACCEPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_accept \- wait for a TLS/SSL client to initiate a TLS/SSL handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_accept(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake. +The communication channel must already have been set and assigned to the +\&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fBSSL_accept()\fR depends on the underlying \s-1BIO.\s0 +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_accept()\fR will only return once the +handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_accept()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_accept()\fR +to continue the handshake, indicating the problem by the return value \-1. +In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fBSSL_accept()\fR. +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +nothing is to be done, but \fBselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.IP "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.IP "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur if action is needed to continue the operation +for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_alert_type_string.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_alert_type_string.3 new file mode 100644 index 00000000..b07c7814 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_alert_type_string.3 @@ -0,0 +1,369 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_ALERT_TYPE_STRING 3" +.TH SSL_ALERT_TYPE_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_alert_type_string(int value); +\& const char *SSL_alert_type_string_long(int value); +\& +\& const char *SSL_alert_desc_string(int value); +\& const char *SSL_alert_desc_string_long(int value); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_alert_type_string()\fR returns a one letter string indicating the +type of the alert specified by \fBvalue\fR. +.PP +\&\fBSSL_alert_type_string_long()\fR returns a string indicating the type of the alert +specified by \fBvalue\fR. +.PP +\&\fBSSL_alert_desc_string()\fR returns a two letter string as a short form +describing the reason of the alert specified by \fBvalue\fR. +.PP +\&\fBSSL_alert_desc_string_long()\fR returns a string describing the reason +of the alert specified by \fBvalue\fR. +.SH "NOTES" +.IX Header "NOTES" +When one side of an \s-1SSL/TLS\s0 communication wants to inform the peer about +a special situation, it sends an alert. The alert is sent as a special message +and does not influence the normal data stream (unless its contents results +in the communication being canceled). +.PP +A warning alert is sent, when a non-fatal error condition occurs. The +\&\*(L"close notify\*(R" alert is sent as a warning alert. Other examples for +non-fatal errors are certificate errors (\*(L"certificate expired\*(R", +\&\*(L"unsupported certificate\*(R"), for which a warning alert may be sent. +(The sending party may however decide to send a fatal error.) The +receiving side may cancel the connection on reception of a warning +alert on it discretion. +.PP +Several alert messages must be sent as fatal alert messages as specified +by the \s-1TLS RFC. A\s0 fatal alert always leads to a connection abort. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following strings can occur for \fBSSL_alert_type_string()\fR or +\&\fBSSL_alert_type_string_long()\fR: +.ie n .IP """W""/""warning""" 4 +.el .IP "``W''/``warning''" 4 +.IX Item "W/warning" +.PD 0 +.ie n .IP """F""/""fatal""" 4 +.el .IP "``F''/``fatal''" 4 +.IX Item "F/fatal" +.ie n .IP """U""/""unknown""" 4 +.el .IP "``U''/``unknown''" 4 +.IX Item "U/unknown" +.PD +This indicates that no support is available for this alert type. +Probably \fBvalue\fR does not contain a correct alert message. +.PP +The following strings can occur for \fBSSL_alert_desc_string()\fR or +\&\fBSSL_alert_desc_string_long()\fR: +.ie n .IP """\s-1CN""/\s0""close notify""" 4 +.el .IP "``\s-1CN''/\s0``close notify''" 4 +.IX Item "CN/close notify" +The connection shall be closed. This is a warning alert. +.ie n .IP """\s-1UM""/\s0""unexpected message""" 4 +.el .IP "``\s-1UM''/\s0``unexpected message''" 4 +.IX Item "UM/unexpected message" +An inappropriate message was received. This alert is always fatal +and should never be observed in communication between proper +implementations. +.ie n .IP """\s-1BM""/\s0""bad record mac""" 4 +.el .IP "``\s-1BM''/\s0``bad record mac''" 4 +.IX Item "BM/bad record mac" +This alert is returned if a record is received with an incorrect +\&\s-1MAC.\s0 This message is always fatal. +.ie n .IP """\s-1DF""/\s0""decompression failure""" 4 +.el .IP "``\s-1DF''/\s0``decompression failure''" 4 +.IX Item "DF/decompression failure" +The decompression function received improper input (e.g. data +that would expand to excessive length). This message is always +fatal. +.ie n .IP """\s-1HF""/\s0""handshake failure""" 4 +.el .IP "``\s-1HF''/\s0``handshake failure''" 4 +.IX Item "HF/handshake failure" +Reception of a handshake_failure alert message indicates that the +sender was unable to negotiate an acceptable set of security +parameters given the options available. This is a fatal error. +.ie n .IP """\s-1NC""/\s0""no certificate""" 4 +.el .IP "``\s-1NC''/\s0``no certificate''" 4 +.IX Item "NC/no certificate" +A client, that was asked to send a certificate, does not send a certificate +(SSLv3 only). +.ie n .IP """\s-1BC""/\s0""bad certificate""" 4 +.el .IP "``\s-1BC''/\s0``bad certificate''" 4 +.IX Item "BC/bad certificate" +A certificate was corrupt, contained signatures that did not +verify correctly, etc +.ie n .IP """\s-1UC""/\s0""unsupported certificate""" 4 +.el .IP "``\s-1UC''/\s0``unsupported certificate''" 4 +.IX Item "UC/unsupported certificate" +A certificate was of an unsupported type. +.ie n .IP """\s-1CR""/\s0""certificate revoked""" 4 +.el .IP "``\s-1CR''/\s0``certificate revoked''" 4 +.IX Item "CR/certificate revoked" +A certificate was revoked by its signer. +.ie n .IP """\s-1CE""/\s0""certificate expired""" 4 +.el .IP "``\s-1CE''/\s0``certificate expired''" 4 +.IX Item "CE/certificate expired" +A certificate has expired or is not currently valid. +.ie n .IP """\s-1CU""/\s0""certificate unknown""" 4 +.el .IP "``\s-1CU''/\s0``certificate unknown''" 4 +.IX Item "CU/certificate unknown" +Some other (unspecified) issue arose in processing the +certificate, rendering it unacceptable. +.ie n .IP """\s-1IP""/\s0""illegal parameter""" 4 +.el .IP "``\s-1IP''/\s0``illegal parameter''" 4 +.IX Item "IP/illegal parameter" +A field in the handshake was out of range or inconsistent with +other fields. This is always fatal. +.ie n .IP """\s-1DC""/\s0""decryption failed""" 4 +.el .IP "``\s-1DC''/\s0``decryption failed''" 4 +.IX Item "DC/decryption failed" +A TLSCiphertext decrypted in an invalid way: either it wasn't an +even multiple of the block length or its padding values, when +checked, weren't correct. This message is always fatal. +.ie n .IP """\s-1RO""/\s0""record overflow""" 4 +.el .IP "``\s-1RO''/\s0``record overflow''" 4 +.IX Item "RO/record overflow" +A TLSCiphertext record was received which had a length more than +2^14+2048 bytes, or a record decrypted to a TLSCompressed record +with more than 2^14+1024 bytes. This message is always fatal. +.ie n .IP """\s-1CA""/\s0""unknown \s-1CA""\s0" 4 +.el .IP "``\s-1CA''/\s0``unknown \s-1CA''\s0" 4 +.IX Item "CA/unknown CA" +A valid certificate chain or partial chain was received, but the +certificate was not accepted because the \s-1CA\s0 certificate could not +be located or couldn't be matched with a known, trusted \s-1CA.\s0 This +message is always fatal. +.ie n .IP """\s-1AD""/\s0""access denied""" 4 +.el .IP "``\s-1AD''/\s0``access denied''" 4 +.IX Item "AD/access denied" +A valid certificate was received, but when access control was +applied, the sender decided not to proceed with negotiation. +This message is always fatal. +.ie n .IP """\s-1DE""/\s0""decode error""" 4 +.el .IP "``\s-1DE''/\s0``decode error''" 4 +.IX Item "DE/decode error" +A message could not be decoded because some field was out of the +specified range or the length of the message was incorrect. This +message is always fatal. +.ie n .IP """\s-1CY""/\s0""decrypt error""" 4 +.el .IP "``\s-1CY''/\s0``decrypt error''" 4 +.IX Item "CY/decrypt error" +A handshake cryptographic operation failed, including being +unable to correctly verify a signature, decrypt a key exchange, +or validate a finished message. +.ie n .IP """\s-1ER""/\s0""export restriction""" 4 +.el .IP "``\s-1ER''/\s0``export restriction''" 4 +.IX Item "ER/export restriction" +A negotiation not in compliance with export restrictions was +detected; for example, attempting to transfer a 1024 bit +ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This +message is always fatal. +.ie n .IP """\s-1PV""/\s0""protocol version""" 4 +.el .IP "``\s-1PV''/\s0``protocol version''" 4 +.IX Item "PV/protocol version" +The protocol version the client has attempted to negotiate is +recognized, but not supported. (For example, old protocol +versions might be avoided for security reasons). This message is +always fatal. +.ie n .IP """\s-1IS""/\s0""insufficient security""" 4 +.el .IP "``\s-1IS''/\s0``insufficient security''" 4 +.IX Item "IS/insufficient security" +Returned instead of handshake_failure when a negotiation has +failed specifically because the server requires ciphers more +secure than those supported by the client. This message is always +fatal. +.ie n .IP """\s-1IE""/\s0""internal error""" 4 +.el .IP "``\s-1IE''/\s0``internal error''" 4 +.IX Item "IE/internal error" +An internal error unrelated to the peer or the correctness of the +protocol makes it impossible to continue (such as a memory +allocation failure). This message is always fatal. +.ie n .IP """\s-1US""/\s0""user canceled""" 4 +.el .IP "``\s-1US''/\s0``user canceled''" 4 +.IX Item "US/user canceled" +This handshake is being canceled for some reason unrelated to a +protocol failure. If the user cancels an operation after the +handshake is complete, just closing the connection by sending a +close_notify is more appropriate. This alert should be followed +by a close_notify. This message is generally a warning. +.ie n .IP """\s-1NR""/\s0""no renegotiation""" 4 +.el .IP "``\s-1NR''/\s0``no renegotiation''" 4 +.IX Item "NR/no renegotiation" +Sent by the client in response to a hello request or by the +server in response to a client hello after initial handshaking. +Either of these would normally lead to renegotiation; when that +is not appropriate, the recipient should respond with this alert; +at that point, the original requester can decide whether to +proceed with the connection. One case where this would be +appropriate would be where a server has spawned a process to +satisfy a request; the process might receive security parameters +(key length, authentication, etc.) at startup and it might be +difficult to communicate changes to these parameters after that +point. This message is always a warning. +.ie n .IP """\s-1UP""/\s0""unknown \s-1PSK\s0 identity""" 4 +.el .IP "``\s-1UP''/\s0``unknown \s-1PSK\s0 identity''" 4 +.IX Item "UP/unknown PSK identity" +Sent by the server to indicate that it does not recognize a \s-1PSK\s0 +identity or an \s-1SRP\s0 identity. +.ie n .IP """\s-1UK""/\s0""unknown""" 4 +.el .IP "``\s-1UK''/\s0``unknown''" 4 +.IX Item "UK/unknown" +This indicates that no description is available for this alert type. +Probably \fBvalue\fR does not contain a correct alert message. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_alloc_buffers.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_alloc_buffers.3 new file mode 100644 index 00000000..5d8b6383 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_alloc_buffers.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_ALLOC_BUFFERS 3" +.TH SSL_ALLOC_BUFFERS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_free_buffers, SSL_alloc_buffers \- manage SSL structure buffers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_free_buffers(SSL *ssl); +\& int SSL_alloc_buffers(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_free_buffers()\fR frees the read and write buffers of the given \fBssl\fR. +\&\fBSSL_alloc_buffers()\fR allocates the read and write buffers of the given \fBssl\fR. +.PP +The \fB\s-1SSL_MODE_RELEASE_BUFFERS\s0\fR mode releases read or write buffers whenever +the buffers have been drained. These functions allow applications to manually +control when buffers are freed and allocated. +.PP +After freeing the buffers, the buffers are automatically reallocated upon a +new read or write. The \fBSSL_alloc_buffers()\fR does not need to be called, but +can be used to make sure the buffers are pre-allocated. This can be used to +avoid allocation during data processing or with \fBCRYPTO_set_mem_functions()\fR +to control where and how buffers are allocated. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0 (Failure)" 4 +.IX Item "0 (Failure)" +The \fBSSL_free_buffers()\fR function returns 0 when there is pending data to be +read or written. The \fBSSL_alloc_buffers()\fR function returns 0 when there is +an allocation failure. +.IP "1 (Success)" 4 +.IX Item "1 (Success)" +The \fBSSL_free_buffers()\fR function returns 1 if the buffers have been freed. This +value is also returned if the buffers had been freed before calling +\&\fBSSL_free_buffers()\fR. +The \fBSSL_alloc_buffers()\fR function returns 1 if the buffers have been allocated. +This value is also returned if the buffers had been allocated before calling +\&\fBSSL_alloc_buffers()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_new\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3), +CRYPTO_set_mem_functions +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_check_chain.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_check_chain.3 new file mode 100644 index 00000000..2fd273a6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_check_chain.3 @@ -0,0 +1,225 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CHECK_CHAIN 3" +.TH SSL_CHECK_CHAIN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_check_chain \- check certificate chain suitability +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_check_chain()\fR checks whether certificate \fBx\fR, private key \fBpk\fR and +certificate chain \fBchain\fR is suitable for use with the current session +\&\fBs\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_check_chain()\fR returns a bitmap of flags indicating the validity of the +chain. +.PP +\&\fB\s-1CERT_PKEY_VALID\s0\fR: the chain can be used with the current session. +If this flag is \fBnot\fR set then the certificate will never be used even +if the application tries to set it because it is inconsistent with the +peer preferences. +.PP +\&\fB\s-1CERT_PKEY_SIGN\s0\fR: the \s-1EE\s0 key can be used for signing. +.PP +\&\fB\s-1CERT_PKEY_EE_SIGNATURE\s0\fR: the signature algorithm of the \s-1EE\s0 certificate is +acceptable. +.PP +\&\fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR: the signature algorithms of all \s-1CA\s0 certificates +are acceptable. +.PP +\&\fB\s-1CERT_PKEY_EE_PARAM\s0\fR: the parameters of the end entity certificate are +acceptable (e.g. it is a supported curve). +.PP +\&\fB\s-1CERT_PKEY_CA_PARAM\s0\fR: the parameters of all \s-1CA\s0 certificates are acceptable. +.PP +\&\fB\s-1CERT_PKEY_EXPLICIT_SIGN\s0\fR: the end entity certificate algorithm +can be used explicitly for signing (i.e. it is mentioned in the signature +algorithms extension). +.PP +\&\fB\s-1CERT_PKEY_ISSUER_NAME\s0\fR: the issuer name is acceptable. This is only +meaningful for client authentication. +.PP +\&\fB\s-1CERT_PKEY_CERT_TYPE\s0\fR: the certificate type is acceptable. Only meaningful +for client authentication. +.PP +\&\fB\s-1CERT_PKEY_SUITEB\s0\fR: chain is suitable for Suite B use. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_check_chain()\fR must be called in servers after a client hello message or in +clients after a certificate request message. It will typically be called +in the certificate callback. +.PP +An application wishing to support multiple certificate chains may call this +function on each chain in turn: starting with the one it considers the +most secure. It could then use the chain of the first set which returns +suitable flags. +.PP +As a minimum the flag \fB\s-1CERT_PKEY_VALID\s0\fR must be set for a chain to be +usable. An application supporting multiple chains with different \s-1CA\s0 signature +algorithms may also wish to check \fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR too. If no +chain is suitable a server should fall back to the most secure chain which +sets \fB\s-1CERT_PKEY_VALID\s0\fR. +.PP +The validity of a chain is determined by checking if it matches a supported +signature algorithm, supported curves and in the case of client authentication +certificate types and issuer names. +.PP +Since the supported signature algorithms extension is only used in \s-1TLS 1.2, +TLS 1.3\s0 and \s-1DTLS 1.2\s0 the results for earlier versions of \s-1TLS\s0 and \s-1DTLS\s0 may not +be very useful. Applications may wish to specify a different \*(L"legacy\*(R" chain +for earlier versions of \s-1TLS\s0 or \s-1DTLS.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_cert_cb\fR\|(3), +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_clear.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_clear.3 new file mode 100644 index 00000000..7a619ba3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_clear.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CLEAR 3" +.TH SSL_CLEAR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_clear \- reset SSL object to allow another connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_clear(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Reset \fBssl\fR to allow another connection. All settings (method, ciphers, +BIOs) are kept. +.SH "NOTES" +.IX Header "NOTES" +SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all +settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. +If a session is still \fBopen\fR, it is considered bad and will be removed +from the session cache, as required by \s-1RFC2246. A\s0 session is considered open, +if \fBSSL_shutdown\fR\|(3) was not called for the connection +or at least \fBSSL_set_shutdown\fR\|(3) was used to +set the \s-1SSL_SENT_SHUTDOWN\s0 state. +.PP +If a session was closed cleanly, the session object will be kept and all +settings corresponding. This explicitly means, that e.g. the special method +used during the session will be kept for the next handshake. So if the +session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client +method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1 +server method, even if TLS_*_methods were chosen on startup. This +will might lead to connection failures (see \fBSSL_new\fR\|(3)) +for a description of the method's properties. +.SH "WARNINGS" +.IX Header "WARNINGS" +\&\fBSSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The +reset operation however keeps several settings of the last sessions +(some of these settings were made automatically during the last +handshake). It only makes sense for a new connection with the exact +same peer that shares these settings, and may fail if that peer +changes its settings between connections. Use the sequence +\&\fBSSL_get_session\fR\|(3); +\&\fBSSL_new\fR\|(3); +\&\fBSSL_set_session\fR\|(3); +\&\fBSSL_free\fR\|(3) +instead to avoid such failures +(or simply \fBSSL_free\fR\|(3); \fBSSL_new\fR\|(3) +if session reuse is not desired). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \fBSSL_clear()\fR operation could not be performed. Check the error stack to +find out the reason. +.IP "1" 4 +.IX Item "1" +The \fBSSL_clear()\fR operation was successful. +.PP +\&\fBSSL_new\fR\|(3), \fBSSL_free\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), \fBssl\fR\|(7), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_connect.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_connect.3 new file mode 100644 index 00000000..43684f8b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_connect.3 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONNECT 3" +.TH SSL_CONNECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_connect(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication +channel must already have been set and assigned to the \fBssl\fR by setting an +underlying \fB\s-1BIO\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fBSSL_connect()\fR depends on the underlying \s-1BIO.\s0 +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_connect()\fR will only return once the +handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_connect()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_connect()\fR +to continue the handshake, indicating the problem by the return value \-1. +In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fBSSL_connect()\fR. +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +nothing is to be done, but \fBselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +Many systems implement Nagle's algorithm by default which means that it will +buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent for which no +corresponding \s-1ACK\s0 has been received yet from the peer. This can have performance +impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below) +resumption handshake, because the last peer to communicate in the handshake is +the client. If the client is also the first to send application data (as is +typical for many protocols) then this data could be buffered until an \s-1ACK\s0 has +been received for the final handshake message. +.PP +The \fB\s-1TCP_NODELAY\s0\fR socket option is often available to disable Nagle's +algorithm. If an application opts to disable Nagle's algorithm consideration +should be given to turning it back on again later if appropriate. The helper +function \fBBIO_set_tcp_ndelay()\fR can be used to turn on or off the \fB\s-1TCP_NODELAY\s0\fR +option. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.IP "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.IP "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur if action is needed to continue the operation +for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_do_handshake.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_do_handshake.3 new file mode 100644 index 00000000..d3e222dc --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_do_handshake.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_DO_HANDSHAKE 3" +.TH SSL_DO_HANDSHAKE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_do_handshake \- perform a TLS/SSL handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_do_handshake(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the +connection is in client mode, the handshake will be started. The handshake +routines may have to be explicitly set in advance using either +\&\fBSSL_set_connect_state\fR\|(3) or +\&\fBSSL_set_accept_state\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fBSSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0 +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_do_handshake()\fR will only return +once the handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_do_handshake()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_do_handshake()\fR +to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fBSSL_do_handshake()\fR. +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +nothing is to be done, but \fBselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.IP "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.IP "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur if action is needed to continue the operation +for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_export_keying_material.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_export_keying_material.3 new file mode 100644 index 00000000..98b112da --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_export_keying_material.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_EXPORT_KEYING_MATERIAL 3" +.TH SSL_EXPORT_KEYING_MATERIAL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_export_keying_material, SSL_export_keying_material_early \&\- obtain keying material for application use +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, +\& const char *label, size_t llen, +\& const unsigned char *context, +\& size_t contextlen, int use_context); +\& +\& int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, +\& const char *label, size_t llen, +\& const unsigned char *context, +\& size_t contextlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During the creation of a \s-1TLS\s0 or \s-1DTLS\s0 connection shared keying material is +established between the two endpoints. The functions +\&\fBSSL_export_keying_material()\fR and \fBSSL_export_keying_material_early()\fR enable an +application to use some of this keying material for its own purposes in +accordance with \s-1RFC5705\s0 (for TLSv1.2 and below) or \s-1RFC8446\s0 (for TLSv1.3). +.PP +\&\fBSSL_export_keying_material()\fR derives keying material using +the \fIexporter_master_secret\fR established in the handshake. +.PP +\&\fBSSL_export_keying_material_early()\fR is only usable with TLSv1.3, and derives +keying material using the \fIearly_exporter_master_secret\fR (as defined in the +\&\s-1TLS 1.3 RFC\s0). For the client, the \fIearly_exporter_master_secret\fR is only +available when the client attempts to send 0\-RTT data. For the server, it is +only available when the server accepts 0\-RTT data. +.PP +An application may need to securely establish the context within which this +keying material will be used. For example this may include identifiers for the +application session, application algorithms or parameters, or the lifetime of +the context. The context value is left to the application but must be the same +on both sides of the communication. +.PP +For a given \s-1SSL\s0 connection \fBs\fR, \fBolen\fR bytes of data will be written to +\&\fBout\fR. The application specific context should be supplied in the location +pointed to by \fBcontext\fR and should be \fBcontextlen\fR bytes long. Provision of +a context is optional. If the context should be omitted entirely then +\&\fBuse_context\fR should be set to 0. Otherwise it should be any other value. If +\&\fBuse_context\fR is 0 then the values of \fBcontext\fR and \fBcontextlen\fR are ignored. +Note that in TLSv1.2 and below a zero length context is treated differently from +no context at all, and will result in different keying material being returned. +In TLSv1.3 a zero length context is that same as no context at all and will +result in the same keying material being returned. +.PP +An application specific label should be provided in the location pointed to by +\&\fBlabel\fR and should be \fBllen\fR bytes long. Typically this will be a value from +the \s-1IANA\s0 Exporter Label Registry +(). +Alternatively labels beginning with \*(L"\s-1EXPERIMENTAL\*(R"\s0 are permitted by the standard +to be used without registration. TLSv1.3 imposes a maximum label length of +249 bytes. +.PP +Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and +above. Attempting to use it in SSLv3 will result in an error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_export_keying_material()\fR returns 0 or \-1 on failure or 1 on success. +.PP +\&\fBSSL_export_keying_material_early()\fR returns 0 on failure or 1 on success. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_export_keying_material_early()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_extension_supported.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_extension_supported.3 new file mode 100644 index 00000000..93e5eef4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_extension_supported.3 @@ -0,0 +1,399 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_EXTENSION_SUPPORTED 3" +.TH SSL_EXTENSION_SUPPORTED 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_extension_supported, SSL_CTX_add_custom_ext, SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext, custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb \&\- custom TLS extension handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_custom_ext_add_cb_ex) (SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char **out, +\& size_t *outlen, X509 *x, +\& size_t chainidx, int *al, +\& void *add_arg); +\& +\& typedef void (*SSL_custom_ext_free_cb_ex) (SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char *out, +\& void *add_arg); +\& +\& typedef int (*SSL_custom_ext_parse_cb_ex) (SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char *in, +\& size_t inlen, X509 *x, +\& size_t chainidx, int *al, +\& void *parse_arg); +\& +\& int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& unsigned int context, +\& SSL_custom_ext_add_cb_ex add_cb, +\& SSL_custom_ext_free_cb_ex free_cb, +\& void *add_arg, +\& SSL_custom_ext_parse_cb_ex parse_cb, +\& void *parse_arg); +\& +\& typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char **out, +\& size_t *outlen, int *al, +\& void *add_arg); +\& +\& typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char *out, +\& void *add_arg); +\& +\& typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char *in, +\& size_t inlen, int *al, +\& void *parse_arg); +\& +\& int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& custom_ext_add_cb add_cb, +\& custom_ext_free_cb free_cb, void *add_arg, +\& custom_ext_parse_cb parse_cb, +\& void *parse_arg); +\& +\& int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& custom_ext_add_cb add_cb, +\& custom_ext_free_cb free_cb, void *add_arg, +\& custom_ext_parse_cb parse_cb, +\& void *parse_arg); +\& +\& int SSL_extension_supported(unsigned int ext_type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_add_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client or server +for all supported protocol versions with extension type \fBext_type\fR and +callbacks \fBadd_cb\fR, \fBfree_cb\fR and \fBparse_cb\fR (see the +\&\*(L"\s-1EXTENSION CALLBACKS\*(R"\s0 section below). The \fBcontext\fR value determines +which messages and under what conditions the extension will be added/parsed (see +the \*(L"\s-1EXTENSION CONTEXTS\*(R"\s0 section below). +.PP +\&\fBSSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client +with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and +\&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it only +applies to clients, uses the older style of callbacks, and implicitly sets the +\&\fBcontext\fR value to: +.PP +.Vb 2 +\& SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO +\& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION +.Ve +.PP +\&\fBSSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 server +with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and +\&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it +only applies to servers, uses the older style of callbacks, and implicitly sets +the \fBcontext\fR value to the same as for \fBSSL_CTX_add_client_custom_ext()\fR above. +.PP +The \fBext_type\fR parameter corresponds to the \fBextension_type\fR field of +\&\s-1RFC5246\s0 et al. It is \fBnot\fR a \s-1NID.\s0 In all cases the extension type must not be +handled by OpenSSL internally or an error occurs. +.PP +\&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +internally by OpenSSL and 0 otherwise. +.SH "EXTENSION CALLBACKS" +.IX Header "EXTENSION CALLBACKS" +The callback \fBadd_cb\fR is called to send custom extension data to be +included in various \s-1TLS\s0 messages. The \fBext_type\fR parameter is set to the +extension type which will be added and \fBadd_arg\fR to the value set when the +extension handler was added. When using the new style callbacks the \fBcontext\fR +parameter will indicate which message is currently being constructed e.g. for +the ClientHello it will be set to \fB\s-1SSL_EXT_CLIENT_HELLO\s0\fR. +.PP +If the application wishes to include the extension \fBext_type\fR it should +set \fB*out\fR to the extension data, set \fB*outlen\fR to the length of the +extension data and return 1. +.PP +If the \fBadd_cb\fR does not wish to include the extension it must return 0. +.PP +If \fBadd_cb\fR returns \-1 a fatal handshake error occurs using the \s-1TLS\s0 +alert value specified in \fB*al\fR. +.PP +When constructing the ClientHello, if \fBadd_cb\fR is set to \s-1NULL\s0 a zero length +extension is added for \fBext_type\fR. For all other messages if \fBadd_cb\fR is set +to \s-1NULL\s0 then no extension is added. +.PP +When constructing a Certificate message the callback will be called for each +certificate in the message. The \fBx\fR parameter will indicate the +current certificate and the \fBchainidx\fR parameter will indicate the position +of the certificate in the message. The first certificate is always the end +entity certificate and has a \fBchainidx\fR value of 0. The certificates are in the +order that they were received in the Certificate message. +.PP +For all messages except the ServerHello and EncryptedExtensions every +registered \fBadd_cb\fR is always called to see if the application wishes to add an +extension (as long as all requirements of the specified \fBcontext\fR are met). +.PP +For the ServerHello and EncryptedExtension messages every registered \fBadd_cb\fR +is called once if and only if the requirements of the specified \fBcontext\fR are +met and the corresponding extension was received in the ClientHello. That is, if +no corresponding extension was received in the ClientHello then \fBadd_cb\fR will +not be called. +.PP +If an extension is added (that is \fBadd_cb\fR returns 1) \fBfree_cb\fR is called +(if it is set) with the value of \fBout\fR set by the add callback. It can be +used to free up any dynamic extension data set by \fBadd_cb\fR. Since \fBout\fR is +constant (to permit use of constant data in \fBadd_cb\fR) applications may need to +cast away const to free the data. +.PP +The callback \fBparse_cb\fR receives data for \s-1TLS\s0 extensions. The callback is only +called if the extension is present and relevant for the context (see +\&\*(L"\s-1EXTENSION CONTEXTS\*(R"\s0 below). +.PP +The extension data consists of \fBinlen\fR bytes in the buffer \fBin\fR for the +extension \fBext_type\fR. +.PP +If the message being parsed is a TLSv1.3 compatible Certificate message then +\&\fBparse_cb\fR will be called for each certificate contained within the message. +The \fBx\fR parameter will indicate the current certificate and the \fBchainidx\fR +parameter will indicate the position of the certificate in the message. The +first certificate is always the end entity certificate and has a \fBchainidx\fR +value of 0. +.PP +If the \fBparse_cb\fR considers the extension data acceptable it must return +1. If it returns 0 or a negative value a fatal handshake error occurs +using the \s-1TLS\s0 alert value specified in \fB*al\fR. +.PP +The buffer \fBin\fR is a temporary internal buffer which will not be valid after +the callback returns. +.SH "EXTENSION CONTEXTS" +.IX Header "EXTENSION CONTEXTS" +An extension context defines which messages and under which conditions an +extension should be added or expected. The context is built up by performing +a bitwise \s-1OR\s0 of multiple pre-defined values together. The valid context values +are: +.IP "\s-1SSL_EXT_TLS_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS_ONLY" +The extension is only allowed in \s-1TLS\s0 +.IP "\s-1SSL_EXT_DTLS_ONLY\s0" 4 +.IX Item "SSL_EXT_DTLS_ONLY" +The extension is only allowed in \s-1DTLS\s0 +.IP "\s-1SSL_EXT_TLS_IMPLEMENTATION_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS_IMPLEMENTATION_ONLY" +The extension is allowed in \s-1DTLS,\s0 but there is only a \s-1TLS\s0 implementation +available (so it is ignored in \s-1DTLS\s0). +.IP "\s-1SSL_EXT_SSL3_ALLOWED\s0" 4 +.IX Item "SSL_EXT_SSL3_ALLOWED" +Extensions are not typically defined for SSLv3. Setting this value will allow +the extension in SSLv3. Applications will not typically need to use this. +.IP "\s-1SSL_EXT_TLS1_2_AND_BELOW_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS1_2_AND_BELOW_ONLY" +The extension is only defined for TLSv1.2/DTLSv1.2 and below. Servers will +ignore this extension if it is present in the ClientHello and TLSv1.3 is +negotiated. +.IP "\s-1SSL_EXT_TLS1_3_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS1_3_ONLY" +The extension is only defined for \s-1TLS1.3\s0 and above. Servers will ignore this +extension if it is present in the ClientHello and TLSv1.2 or below is +negotiated. +.IP "\s-1SSL_EXT_IGNORE_ON_RESUMPTION\s0" 4 +.IX Item "SSL_EXT_IGNORE_ON_RESUMPTION" +The extension will be ignored during parsing if a previous session is being +successfully resumed. +.IP "\s-1SSL_EXT_CLIENT_HELLO\s0" 4 +.IX Item "SSL_EXT_CLIENT_HELLO" +The extension may be present in the ClientHello message. +.IP "\s-1SSL_EXT_TLS1_2_SERVER_HELLO\s0" 4 +.IX Item "SSL_EXT_TLS1_2_SERVER_HELLO" +The extension may be present in a TLSv1.2 or below compatible ServerHello +message. +.IP "\s-1SSL_EXT_TLS1_3_SERVER_HELLO\s0" 4 +.IX Item "SSL_EXT_TLS1_3_SERVER_HELLO" +The extension may be present in a TLSv1.3 compatible ServerHello message. +.IP "\s-1SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS\s0" 4 +.IX Item "SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS" +The extension may be present in an EncryptedExtensions message. +.IP "\s-1SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST\s0" 4 +.IX Item "SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST" +The extension may be present in a HelloRetryRequest message. +.IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE\s0" 4 +.IX Item "SSL_EXT_TLS1_3_CERTIFICATE" +The extension may be present in a TLSv1.3 compatible Certificate message. +.IP "\s-1SSL_EXT_TLS1_3_NEW_SESSION_TICKET\s0" 4 +.IX Item "SSL_EXT_TLS1_3_NEW_SESSION_TICKET" +The extension may be present in a TLSv1.3 compatible NewSessionTicket message. +.IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE_REQUEST\s0" 4 +.IX Item "SSL_EXT_TLS1_3_CERTIFICATE_REQUEST" +The extension may be present in a TLSv1.3 compatible CertificateRequest message. +.PP +The context must include at least one message value (otherwise the extension +will never be used). +.SH "NOTES" +.IX Header "NOTES" +The \fBadd_arg\fR and \fBparse_arg\fR parameters can be set to arbitrary values +which will be passed to the corresponding callbacks. They can, for example, +be used to store the extension data received in a convenient structure or +pass the extension data to be added or freed when adding extensions. +.PP +If the same custom extension type is received multiple times a fatal +\&\fBdecode_error\fR alert is sent and the handshake aborts. If a custom extension +is received in a ServerHello/EncryptedExtensions message which was not sent in +the ClientHello a fatal \fBunsupported_extension\fR alert is sent and the +handshake is aborted. The ServerHello/EncryptedExtensions \fBadd_cb\fR callback is +only called if the corresponding extension was received in the ClientHello. This +is compliant with the \s-1TLS\s0 specifications. This behaviour ensures that each +callback is called at most once and that an application can never send +unsolicited extensions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_add_custom_ext()\fR, \fBSSL_CTX_add_client_custom_ext()\fR and +\&\fBSSL_CTX_add_server_custom_ext()\fR return 1 for success and 0 for failure. A +failure can occur if an attempt is made to add the same \fBext_type\fR more than +once, if an attempt is made to use an extension type handled internally by +OpenSSL or if an internal error occurs (for example a memory allocation +failure). +.PP +\&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +internally by OpenSSL and 0 otherwise. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CTX_add_custom_ext()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_free.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_free.3 new file mode 100644 index 00000000..55059475 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_free.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_FREE 3" +.TH SSL_FREE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_free \- free an allocated SSL structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_free(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0 +structure pointed to by \fBssl\fR and frees up the allocated memory if the +reference count has reached 0. +If \fBssl\fR is \s-1NULL\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_free()\fR also calls the \fBfree()\fRing procedures for indirectly affected items, if +applicable: the buffering \s-1BIO,\s0 the read and write BIOs, +cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR. +Do not explicitly free these indirectly freed up items before or after +calling \fBSSL_free()\fR, as trying to free things twice may lead to program +failure. +.PP +The ssl session has reference counts from two users: the \s-1SSL\s0 object, for +which the reference count is removed by \fBSSL_free()\fR and the internal +session cache. If the session is considered bad, because +\&\fBSSL_shutdown\fR\|(3) was not called for the connection +and \fBSSL_set_shutdown\fR\|(3) was not used to set the +\&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed +from the session cache as required by \s-1RFC2246.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_free()\fR does not provide diagnostic information. +.PP +\&\fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get0_peer_scts.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get0_peer_scts.3 new file mode 100644 index 00000000..9c5d0645 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get0_peer_scts.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET0_PEER_SCTS 3" +.TH SSL_GET0_PEER_SCTS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get0_peer_scts \- get SCTs received +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get0_peer_scts()\fR returns the signed certificate timestamps (SCTs) that have +been received. If this is the first time that this function has been called for +a given \fB\s-1SSL\s0\fR instance, it will examine the \s-1TLS\s0 extensions, \s-1OCSP\s0 response and +the peer's certificate for SCTs. Future calls will return the same SCTs. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +If no Certificate Transparency validation callback has been set (using +\&\fBSSL_CTX_set_ct_validation_callback\fR or \fBSSL_set_ct_validation_callback\fR), +this function is not guaranteed to return all of the SCTs that the peer is +capable of sending. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get0_peer_scts()\fR returns a list of SCTs found, or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_ct_validation_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_SSL_CTX.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_SSL_CTX.3 new file mode 100644 index 00000000..08750218 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_SSL_CTX.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_SSL_CTX 3" +.TH SSL_GET_SSL_CTX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_SSL_CTX \- get the SSL_CTX from which an SSL is created +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which +\&\fBssl\fR was created with \fBSSL_new\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The pointer to the \s-1SSL_CTX\s0 object is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_all_async_fds.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_all_async_fds.3 new file mode 100644 index 00000000..c544fcb5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_all_async_fds.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_ALL_ASYNC_FDS 3" +.TH SSL_GET_ALL_ASYNC_FDS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_waiting_for_async, SSL_get_all_async_fds, SSL_get_changed_async_fds \&\- manage asynchronous operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& int SSL_waiting_for_async(SSL *s); +\& int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fd, size_t *numfds); +\& int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, +\& OSSL_ASYNC_FD *delfd, size_t *numdelfds); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_waiting_for_async()\fR determines whether an \s-1SSL\s0 connection is currently +waiting for asynchronous operations to complete (see the \s-1SSL_MODE_ASYNC\s0 mode in +\&\fBSSL_CTX_set_mode\fR\|(3)). +.PP +\&\fBSSL_get_all_async_fds()\fR returns a list of file descriptor which can be used in a +call to \fBselect()\fR or \fBpoll()\fR to determine whether the current asynchronous +operation has completed or not. A completed operation will result in data +appearing as \*(L"read ready\*(R" on the file descriptor (no actual data should be read +from the file descriptor). This function should only be called if the \s-1SSL\s0 object +is currently waiting for asynchronous work to complete (i.e. +\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received \- see \fBSSL_get_error\fR\|(3)). Typically the +list will only contain one file descriptor. However if multiple asynchronous +capable engines are in use then more than one is possible. The number of file +descriptors returned is stored in \fB*numfds\fR and the file descriptors themselves +are in \fB*fds\fR. The \fBfds\fR parameter may be \s-1NULL\s0 in which case no file +descriptors are returned but \fB*numfds\fR is still populated. It is the callers +responsibility to ensure sufficient memory is allocated at \fB*fds\fR so typically +this function is called twice (once with a \s-1NULL\s0 \fBfds\fR parameter and once +without). +.PP +\&\fBSSL_get_changed_async_fds()\fR returns a list of the asynchronous file descriptors +that have been added and a list that have been deleted since the last +\&\s-1SSL_ERROR_WANT_ASYNC\s0 was received (or since the \s-1SSL\s0 object was created if no +\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received). Similar to \fBSSL_get_all_async_fds()\fR it +is the callers responsibility to ensure that \fB*addfd\fR and \fB*delfd\fR have +sufficient memory allocated, although they may be \s-1NULL.\s0 The number of added fds +and the number of deleted fds are stored in \fB*numaddfds\fR and \fB*numdelfds\fR +respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_waiting_for_async()\fR will return 1 if the current \s-1SSL\s0 operation is waiting +for an async operation to complete and 0 otherwise. +.PP +\&\fBSSL_get_all_async_fds()\fR and \fBSSL_get_changed_async_fds()\fR return 1 on success or +0 on error. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_waiting_for_async()\fR, \fBSSL_get_all_async_fds()\fR +and \fBSSL_get_changed_async_fds()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_ciphers.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_ciphers.3 new file mode 100644 index 00000000..3f38eeab --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_ciphers.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CIPHERS 3" +.TH SSL_GET_CIPHERS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get1_supported_ciphers, SSL_get_client_ciphers, SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_bytes_to_cipher_list, SSL_get_cipher_list, SSL_get_shared_ciphers \&\- get list of available SSL_CIPHERs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); +\& STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); +\& STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); +\& STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); +\& int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, +\& int isv2format, STACK_OF(SSL_CIPHER) **sk, +\& STACK_OF(SSL_CIPHER) **scsvs); +\& const char *SSL_get_cipher_list(const SSL *ssl, int priority); +\& char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR, +sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 +is returned. +.PP +\&\fBSSL_CTX_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBctx\fR. +.PP +\&\fBSSL_get1_supported_ciphers()\fR returns the stack of enabled SSL_CIPHERs for +\&\fBssl\fR as would be sent in a ClientHello (that is, sorted by preference). +The list depends on settings like the cipher list, the supported protocol +versions, the security level, and the enabled signature algorithms. +\&\s-1SRP\s0 and \s-1PSK\s0 ciphers are only enabled if the appropriate callbacks or settings +have been applied. +The list of ciphers that would be sent in a ClientHello can differ from +the list of ciphers that would be acceptable when acting as a server. +For example, additional ciphers may be usable by a server if there is +a gap in the list of supported protocols, and some ciphers may not be +usable by a server if there is not a suitable certificate configured. +If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 is returned. +.PP +\&\fBSSL_get_client_ciphers()\fR returns the stack of available SSL_CIPHERs matching the +list received from the client on \fBssl\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are +available, or \fBssl\fR is not operating in server mode, \s-1NULL\s0 is returned. +.PP +\&\fBSSL_bytes_to_cipher_list()\fR treats the supplied \fBlen\fR octets in \fBbytes\fR +as a wire-protocol cipher suite specification (in the three-octet-per-cipher +SSLv2 wire format if \fBisv2format\fR is nonzero; otherwise the two-octet +SSLv3/TLS wire format), and parses the cipher suites supported by the library +into the returned stacks of \s-1SSL_CIPHER\s0 objects sk and Signalling Cipher-Suite +Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success +and 0 on failure. +.PP +\&\fBSSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 +listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are +available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0 +is returned. +.PP +\&\fBSSL_get_shared_ciphers()\fR creates a colon separated and \s-1NUL\s0 terminated list of +\&\s-1SSL_CIPHER\s0 names that are available in both the client and the server. \fBbuf\fR is +the buffer that should be populated with the list of names and \fBsize\fR is the +size of that buffer. A pointer to \fBbuf\fR is returned on success or \s-1NULL\s0 on +error. If the supplied buffer is not large enough to contain the complete list +of names then a truncated list of names will be returned. Note that just because +a ciphersuite is available (i.e. it is configured in the cipher list) and shared +by both the client and the server it does not mean that it is enabled (see the +description of \fBSSL_get1_supported_ciphers()\fR above). This function will return +available shared ciphersuites whether or not they are enabled. This is a server +side function only and must only be called after the completion of the initial +handshake. +.SH "NOTES" +.IX Header "NOTES" +The details of the ciphers obtained by \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR +\&\fBSSL_get1_supported_ciphers()\fR and \fBSSL_get_client_ciphers()\fR can be obtained using +the \fBSSL_CIPHER_get_name\fR\|(3) family of functions. +.PP +Call \fBSSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the +sorted list of available ciphers, until \s-1NULL\s0 is returned. +.PP +Note: \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR and \fBSSL_get_client_ciphers()\fR +return a pointer to an internal cipher stack, which will be freed later on when +the \s-1SSL\s0 or \s-1SSL_SESSION\s0 object is freed. Therefore, the calling code \fB\s-1MUST NOT\s0\fR +free the return value itself. +.PP +The stack returned by \fBSSL_get1_supported_ciphers()\fR should be freed using +\&\fBsk_SSL_CIPHER_free()\fR. +.PP +The stacks returned by \fBSSL_bytes_to_cipher_list()\fR should be freed using +\&\fBsk_SSL_CIPHER_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CIPHER_get_name\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_client_random.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_client_random.3 new file mode 100644 index 00000000..8194dbcf --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_client_random.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CLIENT_RANDOM 3" +.TH SSL_GET_CLIENT_RANDOM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key, SSL_SESSION_set1_master_key \&\- get internal TLS/SSL random values and get/set master key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen); +\& size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen); +\& size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, +\& unsigned char *out, size_t outlen); +\& int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, +\& size_t len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_client_random()\fR extracts the random value sent from the client +to the server during the initial \s-1SSL/TLS\s0 handshake. It copies as many +bytes as it can of this value into the buffer provided in \fBout\fR, +which must have at least \fBoutlen\fR bytes available. It returns the +total number of bytes that were actually copied. If \fBoutlen\fR is +zero, \fBSSL_get_client_random()\fR copies nothing, and returns the +total size of the client_random value. +.PP +\&\fBSSL_get_server_random()\fR behaves the same, but extracts the random value +sent from the server to the client during the initial \s-1SSL/TLS\s0 handshake. +.PP +\&\fBSSL_SESSION_get_master_key()\fR behaves the same, but extracts the master +secret used to guarantee the security of the \s-1SSL/TLS\s0 session. This one +can be dangerous if misused; see \s-1NOTES\s0 below. +.PP +\&\fBSSL_SESSION_set1_master_key()\fR sets the master key value associated with the +\&\s-1SSL_SESSION\s0 \fBsess\fR. For example, this could be used to set up a session based +\&\s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). The master key of length +\&\fBlen\fR should be provided at \fBin\fR. The supplied master key is copied by the +function, so the caller is responsible for freeing and cleaning any memory +associated with \fBin\fR. The caller must ensure that the length of the key is +suitable for the ciphersuite associated with the \s-1SSL_SESSION.\s0 +.SH "NOTES" +.IX Header "NOTES" +You probably shouldn't use these functions. +.PP +These functions expose internal values from the \s-1TLS\s0 handshake, for +use in low-level protocols. You probably should not use them, unless +you are implementing something that needs access to the internal protocol +details. +.PP +Despite the names of \fBSSL_get_client_random()\fR and \fBSSL_get_server_random()\fR, they +\&\s-1ARE NOT\s0 random number generators. Instead, they return the mostly-random values that +were already generated and used in the \s-1TLS\s0 protocol. Using them +in place of \fBRAND_bytes()\fR would be grossly foolish. +.PP +The security of your \s-1TLS\s0 session depends on keeping the master key secret: +do not expose it, or any information about it, to anybody. +If you need to calculate another secret value that depends on the master +secret, you should probably use \fBSSL_export_keying_material()\fR instead, and +forget that you ever saw these functions. +.PP +In current versions of the \s-1TLS\s0 protocols, the length of client_random +(and also server_random) is always \s-1SSL3_RANDOM_SIZE\s0 bytes. Support for +other outlen arguments to the SSL_get_*\fB_random()\fR functions is provided +in case of the unlikely event that a future version or variant of \s-1TLS\s0 +uses some other length there. +.PP +Finally, though the \*(L"client_random\*(R" and \*(L"server_random\*(R" values are called +\&\*(L"random\*(R", many \s-1TLS\s0 implementations will generate four bytes of those +values based on their view of the current time. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_set1_master_key()\fR returns 1 on success or 0 on failure. +.PP +For the other functions, if \fBoutlen\fR is greater than 0 then these functions +return the number of bytes actually copied, which will be less than or equal to +\&\fBoutlen\fR. If \fBoutlen\fR is 0 then these functions return the maximum number +of bytes they would copy \*(-- that is, the length of the underlying field. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBRAND_bytes\fR\|(3), +\&\fBSSL_export_keying_material\fR\|(3), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_current_cipher.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_current_cipher.3 new file mode 100644 index 00000000..9ab87fb5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_current_cipher.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CURRENT_CIPHER 3" +.TH SSL_GET_CURRENT_CIPHER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, SSL_get_pending_cipher \- get SSL_CIPHER of a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); +\& SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl); +\& +\& const char *SSL_get_cipher_name(const SSL *s); +\& const char *SSL_get_cipher(const SSL *s); +\& int SSL_get_cipher_bits(const SSL *s, int *np); +\& const char *SSL_get_cipher_version(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +the description of the actually used cipher of a connection established with +the \fBssl\fR object. +See \fBSSL_CIPHER_get_name\fR\|(3) for more details. +.PP +\&\fBSSL_get_cipher_name()\fR obtains the +name of the currently used cipher. +\&\fBSSL_get_cipher()\fR is identical to \fBSSL_get_cipher_name()\fR. +\&\fBSSL_get_cipher_bits()\fR is a +macro to obtain the number of secret/algorithm bits used and +\&\fBSSL_get_cipher_version()\fR returns the protocol name. +.PP +\&\fBSSL_get_pending_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +the description of the cipher (if any) that has been negotiated for future use +on the connection established with the \fBssl\fR object, but is not yet in use. +This may be the case during handshake processing, when control flow can be +returned to the application via any of several callback methods. The internal +sequencing of handshake processing and callback invocation is not guaranteed +to be stable from release to release, and at present only the callback set +by \fBSSL_CTX_set_alpn_select_cb()\fR is guaranteed to have a non-NULL return value. +Other callbacks may be added to this list over time. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get_current_cipher()\fR returns the cipher actually used, or \s-1NULL\s0 if +no session has been established. +.PP +\&\fBSSL_get_pending_cipher()\fR returns the cipher to be used at the next change +of cipher suite, or \s-1NULL\s0 if no such cipher is known. +.SH "NOTES" +.IX Header "NOTES" +SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, and +SSL_get_cipher_name are implemented as macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CIPHER_get_name\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_default_timeout.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_default_timeout.3 new file mode 100644 index 00000000..496bfaf7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_default_timeout.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_DEFAULT_TIMEOUT 3" +.TH SSL_GET_DEFAULT_TIMEOUT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_default_timeout \- get default session timeout value +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_get_default_timeout(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_default_timeout()\fR returns the default timeout value assigned to +\&\s-1SSL_SESSION\s0 objects negotiated for the protocol valid for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Whenever a new session is negotiated, it is assigned a timeout value, +after which it will not be accepted for session reuse. If the timeout +value was not explicitly set using +\&\fBSSL_CTX_set_timeout\fR\|(3), the hardcoded default +timeout for the protocol will be used. +.PP +\&\fBSSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds +for all currently supported protocols. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See description. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_error.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_error.3 new file mode 100644 index 00000000..2f9fcdef --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_error.3 @@ -0,0 +1,304 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_ERROR 3" +.TH SSL_GET_ERROR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_error \- obtain result code for TLS/SSL I/O operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_error(const SSL *ssl, int ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" +statement) for a preceding call to \fBSSL_connect()\fR, \fBSSL_accept()\fR, \fBSSL_do_handshake()\fR, +\&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, \fBSSL_peek()\fR, \fBSSL_shutdown()\fR, +\&\fBSSL_write_ex()\fR or \fBSSL_write()\fR on \fBssl\fR. The value returned by that \s-1TLS/SSL I/O\s0 +function must be passed to \fBSSL_get_error()\fR in parameter \fBret\fR. +.PP +In addition to \fBssl\fR and \fBret\fR, \fBSSL_get_error()\fR inspects the +current thread's OpenSSL error queue. Thus, \fBSSL_get_error()\fR must be +used in the same thread that performed the \s-1TLS/SSL I/O\s0 operation, and no +other OpenSSL function calls should appear in between. The current +thread's error queue must be empty before the \s-1TLS/SSL I/O\s0 operation is +attempted, or \fBSSL_get_error()\fR will not work reliably. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur: +.IP "\s-1SSL_ERROR_NONE\s0" 4 +.IX Item "SSL_ERROR_NONE" +The \s-1TLS/SSL I/O\s0 operation completed. This result code is returned +if and only if \fBret > 0\fR. +.IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 +.IX Item "SSL_ERROR_ZERO_RETURN" +The \s-1TLS/SSL\s0 peer has closed the connection for writing by sending the +close_notify alert. +No more data can be read. +Note that \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR does not necessarily +indicate that the underlying transport has been closed. +.IP "\s-1SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE\s0" 4 +.IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" +The operation did not complete and can be retried later. +.Sp +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR is returned when the last operation was a read +operation from a non-blocking \fB\s-1BIO\s0\fR. +It means that not enough data was available at this time to complete the +operation. +If at a later time the underlying \fB\s-1BIO\s0\fR has data available for reading the same +function can be called again. +.Sp +\&\fBSSL_read()\fR and \fBSSL_read_ex()\fR can also set \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is +still unprocessed data available at either the \fB\s-1SSL\s0\fR or the \fB\s-1BIO\s0\fR layer, even +for a blocking \fB\s-1BIO\s0\fR. +See \fBSSL_read\fR\|(3) for more information. +.Sp +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR is returned when the last operation was a write +to a non-blocking \fB\s-1BIO\s0\fR and it was unable to sent all data to the \fB\s-1BIO\s0\fR. +When the \fB\s-1BIO\s0\fR is writeable again, the same function can be called again. +.Sp +Note that the retry may again lead to an \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR condition. +There is no fixed upper limit for the number of iterations that +may be necessary until progress becomes visible at application +protocol level. +.Sp +It is safe to call \fBSSL_read()\fR or \fBSSL_read_ex()\fR when more data is available +even when the call that set this error was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR. +However if the call was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR, it should be called +again to continue sending the application data. +.Sp +For socket \fB\s-1BIO\s0\fRs (e.g. when \fBSSL_set_fd()\fR was used), \fBselect()\fR or +\&\fBpoll()\fR on the underlying socket can be used to find out when the +\&\s-1TLS/SSL I/O\s0 function should be retried. +.Sp +Caveat: Any \s-1TLS/SSL I/O\s0 function can lead to either of +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. +In particular, +\&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, or \fBSSL_peek()\fR may want to write data +and \fBSSL_write()\fR or \fBSSL_write_ex()\fR may want to read data. +This is mainly because +\&\s-1TLS/SSL\s0 handshakes may occur at any time during the protocol (initiated by +either the client or the server); \fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, +\&\fBSSL_peek()\fR, \fBSSL_write_ex()\fR, and \fBSSL_write()\fR will handle any pending handshakes. +.IP "\s-1SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT\s0" 4 +.IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" +The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be +called again later. The underlying \s-1BIO\s0 was not connected yet to the peer +and the call would block in \fBconnect()\fR/\fBaccept()\fR. The \s-1SSL\s0 function should be +called again when the connection is established. These messages can only +appear with a \fBBIO_s_connect()\fR or \fBBIO_s_accept()\fR \s-1BIO,\s0 respectively. +In order to find out, when the connection has been successfully established, +on many platforms \fBselect()\fR or \fBpoll()\fR for writing on the socket file descriptor +can be used. +.IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 +.IX Item "SSL_ERROR_WANT_X509_LOOKUP" +The operation did not complete because an application callback set by +\&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. +The \s-1TLS/SSL I/O\s0 function should be called again later. +Details depend on the application. +.IP "\s-1SSL_ERROR_WANT_ASYNC\s0" 4 +.IX Item "SSL_ERROR_WANT_ASYNC" +The operation did not complete because an asynchronous engine is still +processing data. This will only occur if the mode has been set to \s-1SSL_MODE_ASYNC\s0 +using \fBSSL_CTX_set_mode\fR\|(3) or \fBSSL_set_mode\fR\|(3) and an asynchronous capable +engine is being used. An application can determine whether the engine has +completed its processing using \fBselect()\fR or \fBpoll()\fR on the asynchronous wait file +descriptor. This file descriptor is available by calling +\&\fBSSL_get_all_async_fds\fR\|(3) or \fBSSL_get_changed_async_fds\fR\|(3). The \s-1TLS/SSL I/O\s0 +function should be called again later. The function \fBmust\fR be called from the +same thread that the original call was made from. +.IP "\s-1SSL_ERROR_WANT_ASYNC_JOB\s0" 4 +.IX Item "SSL_ERROR_WANT_ASYNC_JOB" +The asynchronous job could not be started because there were no async jobs +available in the pool (see \fBASYNC_init_thread\fR\|(3)). This will only occur if the +mode has been set to \s-1SSL_MODE_ASYNC\s0 using \fBSSL_CTX_set_mode\fR\|(3) or +\&\fBSSL_set_mode\fR\|(3) and a maximum limit has been set on the async job pool +through a call to \fBASYNC_init_thread\fR\|(3). The application should retry the +operation after a currently executing asynchronous operation for the current +thread has completed. +.IP "\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0" 4 +.IX Item "SSL_ERROR_WANT_CLIENT_HELLO_CB" +The operation did not complete because an application callback set by +\&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again. +The \s-1TLS/SSL I/O\s0 function should be called again later. +Details depend on the application. +.IP "\s-1SSL_ERROR_SYSCALL\s0" 4 +.IX Item "SSL_ERROR_SYSCALL" +Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may +contain more information on the error. For socket I/O on Unix systems, consult +\&\fBerrno\fR for details. If this error occurs then no further I/O operations should +be performed on the connection and \fBSSL_shutdown()\fR must not be called. +.Sp +This value can also be returned for other errors, check the error queue for +details. +.IP "\s-1SSL_ERROR_SSL\s0" 4 +.IX Item "SSL_ERROR_SSL" +A non-recoverable, fatal error in the \s-1SSL\s0 library occurred, usually a protocol +error. The OpenSSL error queue contains more information on the error. If this +error occurs then no further I/O operations should be performed on the +connection and \fBSSL_shutdown()\fR must not be called. +.SH "BUGS" +.IX Header "BUGS" +The \fB\s-1SSL_ERROR_SYSCALL\s0\fR with \fBerrno\fR value of 0 indicates unexpected \s-1EOF\s0 from +the peer. This will be properly reported as \fB\s-1SSL_ERROR_SSL\s0\fR with reason +code \fB\s-1SSL_R_UNEXPECTED_EOF_WHILE_READING\s0\fR in the OpenSSL 3.0 release because +it is truly a \s-1TLS\s0 protocol error to terminate the connection without +a \fBSSL_shutdown()\fR. +.PP +The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications +which choose to ignore this protocol error depend on the existing way of +reporting the error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SSL_ERROR_WANT_ASYNC\s0 error code was added in OpenSSL 1.1.0. +The \s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 error code was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_extms_support.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_extms_support.3 new file mode 100644 index 00000000..2d6d0486 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_extms_support.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_EXTMS_SUPPORT 3" +.TH SSL_GET_EXTMS_SUPPORT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_extms_support \- extended master secret support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_extms_support(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_extms_support()\fR indicates whether the current session used extended +master secret. +.PP +This function is implemented as a macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get_extms_support()\fR returns 1 if the current session used extended +master secret, 0 if it did not and \-1 if a handshake is currently in +progress i.e. it is not possible to determine if extended master secret +was used. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_fd.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_fd.3 new file mode 100644 index 00000000..5aa53f72 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_fd.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_FD 3" +.TH SSL_GET_FD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_fd, SSL_get_rfd, SSL_get_wfd \- get file descriptor linked to an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_fd(const SSL *ssl); +\& int SSL_get_rfd(const SSL *ssl); +\& int SSL_get_wfd(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR. +\&\fBSSL_get_rfd()\fR and \fBSSL_get_wfd()\fR return the file descriptors for the +read or the write channel, which can be different. If the read and the +write channel are different, \fBSSL_get_fd()\fR will return the file descriptor +of the read channel. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\-1" 4 +.IX Item "-1" +The operation failed, because the underlying \s-1BIO\s0 is not of the correct type +(suitable for file descriptors). +.IP ">=0" 4 +.IX Item ">=0" +The file descriptor linked to \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_set_fd\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_peer_cert_chain.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_peer_cert_chain.3 new file mode 100644 index 00000000..bfd5cf72 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_peer_cert_chain.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_CERT_CHAIN 3" +.TH SSL_GET_PEER_CERT_CHAIN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_cert_chain, SSL_get0_verified_chain \- get the X509 certificate chain of the peer +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl); +\& STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACK_OF\s0(X509) certificates +forming the certificate chain sent by the peer. If called on the client side, +the stack also contains the peer's certificate; if called on the server +side, the peer's certificate must be obtained separately using +\&\fBSSL_get_peer_certificate\fR\|(3). +If the peer did not present a certificate, \s-1NULL\s0 is returned. +.PP +\&\s-1NB:\s0 \fBSSL_get_peer_cert_chain()\fR returns the peer chain as sent by the peer: it +only consists of certificates the peer has sent (in the order the peer +has sent them) it is \fBnot\fR a verified chain. +.PP +\&\fBSSL_get0_verified_chain()\fR returns the \fBverified\fR certificate chain +of the peer including the peer's end entity certificate. It must be called +after a session has been successfully established. If peer verification was +not successful (as indicated by \fBSSL_get_verify_result()\fR not returning +X509_V_OK) the chain may be incomplete or invalid. +.SH "NOTES" +.IX Header "NOTES" +If the session is resumed peers do not send certificates so a \s-1NULL\s0 pointer +is returned by these functions. Applications can call \fBSSL_session_reused()\fR +to determine whether a session is resumed. +.PP +The reference count of each certificate in the returned \s-1STACK_OF\s0(X509) object +is not incremented and the returned stack may be invalidated by renegotiation. +If applications wish to use any certificates in the returned chain +indefinitely they must increase the reference counts using \fBX509_up_ref()\fR or +obtain a copy of the whole chain with \fBX509_chain_up_ref()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +No certificate was presented by the peer or no connection was established +or the certificate chain is no longer available when a session is reused. +.IP "Pointer to a \s-1STACK_OF\s0(X509)" 4 +.IX Item "Pointer to a STACK_OF(X509)" +The return value points to the certificate chain presented by the peer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3), \fBX509_up_ref\fR\|(3), +\&\fBX509_chain_up_ref\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_peer_certificate.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_peer_certificate.3 new file mode 100644 index 00000000..0c8b8df9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_peer_certificate.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_CERTIFICATE 3" +.TH SSL_GET_PEER_CERTIFICATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_certificate \- get the X509 certificate of the peer +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *SSL_get_peer_certificate(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the +peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned. +.SH "NOTES" +.IX Header "NOTES" +Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a +certificate, if present. A client will only send a certificate when +explicitly requested to do so by the server (see +\&\fBSSL_CTX_set_verify\fR\|(3)). If an anonymous cipher +is used, no certificates are sent. +.PP +That a certificate is returned does not indicate information about the +verification state, use \fBSSL_get_verify_result\fR\|(3) +to check the verification state. +.PP +The reference count of the X509 object is incremented by one, so that it +will not be destroyed when the session containing the peer certificate is +freed. The X509 object must be explicitly freed using \fBX509_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +No certificate was presented by the peer or no connection was established. +.IP "Pointer to an X509 certificate" 4 +.IX Item "Pointer to an X509 certificate" +The return value points to the certificate presented by the peer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_peer_signature_nid.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_peer_signature_nid.3 new file mode 100644 index 00000000..22c86351 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_peer_signature_nid.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_SIGNATURE_NID 3" +.TH SSL_GET_PEER_SIGNATURE_NID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, SSL_get_signature_nid, SSL_get_signature_type_nid \- get TLS message signing types +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid); +\& int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid); +\& int SSL_get_signature_nid(SSL *ssl, int *psig_nid); +\& int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_peer_signature_nid()\fR sets \fB*psig_nid\fR to the \s-1NID\s0 of the digest used +by the peer to sign \s-1TLS\s0 messages. It is implemented as a macro. +.PP +\&\fBSSL_get_peer_signature_type_nid()\fR sets \fB*psigtype_nid\fR to the signature +type used by the peer to sign \s-1TLS\s0 messages. Currently the signature type +is the \s-1NID\s0 of the public key type used for signing except for \s-1PSS\s0 signing +where it is \fB\s-1EVP_PKEY_RSA_PSS\s0\fR. To differentiate between +\&\fBrsa_pss_rsae_*\fR and \fBrsa_pss_pss_*\fR signatures, it's necessary to check +the type of public key in the peer's certificate. +.PP +\&\fBSSL_get_signature_nid()\fR and \fBSSL_get_signature_type_nid()\fR return the equivalent +information for the local end of the connection. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 for success and 0 for failure. There are several +possible reasons for failure: the cipher suite has no signature (e.g. it +uses \s-1RSA\s0 key exchange or is anonymous), the \s-1TLS\s0 version is below 1.2 or +the functions were called too early, e.g. before the peer signed a message. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_peer_tmp_key.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_peer_tmp_key.3 new file mode 100644 index 00000000..810d2c59 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_peer_tmp_key.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_TMP_KEY 3" +.TH SSL_GET_PEER_TMP_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key \- get information about temporary keys used during a handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key); +\& long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key); +\& long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_peer_tmp_key()\fR returns the temporary key provided by the peer and +used during key exchange. For example, if \s-1ECDHE\s0 is in use, then this represents +the peer's public \s-1ECDHE\s0 key. On success a pointer to the key is stored in +\&\fB*key\fR. It is the caller's responsibility to free this key after use using +\&\fBEVP_PKEY_free\fR\|(3). +.PP +\&\fBSSL_get_server_tmp_key()\fR is a backwards compatibility alias for +\&\fBSSL_get_peer_tmp_key()\fR. +Under that name it worked just on the client side of the connection, its +behaviour on the server end is release-dependent. +.PP +\&\fBSSL_get_tmp_key()\fR returns the equivalent information for the local +end of the connection. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 on success and 0 otherwise. +.SH "NOTES" +.IX Header "NOTES" +This function is implemented as a macro. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBEVP_PKEY_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_psk_identity.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_psk_identity.3 new file mode 100644 index 00000000..89b08785 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_psk_identity.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PSK_IDENTITY 3" +.TH SSL_GET_PSK_IDENTITY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_psk_identity, SSL_get_psk_identity_hint \- get PSK client identity and hint +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_get_psk_identity_hint(const SSL *ssl); +\& const char *SSL_get_psk_identity(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_psk_identity_hint()\fR is used to retrieve the \s-1PSK\s0 identity hint +used during the connection setup related to \s-1SSL\s0 object +\&\fBssl\fR. Similarly, \fBSSL_get_psk_identity()\fR is used to retrieve the \s-1PSK\s0 +identity used during the connection setup. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If non\-\fB\s-1NULL\s0\fR, \fBSSL_get_psk_identity_hint()\fR returns the \s-1PSK\s0 identity +hint and \fBSSL_get_psk_identity()\fR returns the \s-1PSK\s0 identity. Both are +\&\fB\s-1NULL\s0\fR\-terminated. \fBSSL_get_psk_identity_hint()\fR may return \fB\s-1NULL\s0\fR if +no \s-1PSK\s0 identity hint was used during the connection setup. +.PP +Note that the return value is valid only during the lifetime of the +\&\s-1SSL\s0 object \fBssl\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_rbio.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_rbio.3 new file mode 100644 index 00000000..3bf26207 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_rbio.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_RBIO 3" +.TH SSL_GET_RBIO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_rbio, SSL_get_wbio \- get BIO linked to an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *SSL_get_rbio(SSL *ssl); +\& BIO *SSL_get_wbio(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_rbio()\fR and \fBSSL_get_wbio()\fR return pointers to the BIOs for the +read or the write channel, which can be different. The reference count +of the \s-1BIO\s0 is not incremented. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +No \s-1BIO\s0 was connected to the \s-1SSL\s0 object +.IP "Any other pointer" 4 +.IX Item "Any other pointer" +The \s-1BIO\s0 linked to \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_session.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_session.3 new file mode 100644 index 00000000..96249e2e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_session.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_SESSION 3" +.TH SSL_GET_SESSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_session, SSL_get0_session, SSL_get1_session \- retrieve TLS/SSL session data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_SESSION *SSL_get_session(const SSL *ssl); +\& SSL_SESSION *SSL_get0_session(const SSL *ssl); +\& SSL_SESSION *SSL_get1_session(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in +\&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so +that the pointer can become invalid by other operations. +.PP +\&\fBSSL_get0_session()\fR is the same as \fBSSL_get_session()\fR. +.PP +\&\fBSSL_get1_session()\fR is the same as \fBSSL_get_session()\fR, but the reference +count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one. +.SH "NOTES" +.IX Header "NOTES" +The ssl session contains all information required to re-establish the +connection without a full handshake for \s-1SSL\s0 versions up to and including +TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the +main handshake has occurred. The server will send the session information to the +client at a time of its choosing, which may be some while after the initial +connection is established (or never). Calling these functions on the client side +in TLSv1.3 before the session has been established will still return an +\&\s-1SSL_SESSION\s0 object but that object cannot be used for resuming the session. See +\&\fBSSL_SESSION_is_resumable\fR\|(3) for information on how to determine whether an +\&\s-1SSL_SESSION\s0 object can be used for resumption or not. +.PP +Additionally, in TLSv1.3, a server can send multiple messages that establish a +session for a single connection. In that case the above functions will only +return information on the last session that was received. +.PP +The preferred way for applications to obtain a resumable \s-1SSL_SESSION\s0 object is +to use a new session callback as described in \fBSSL_CTX_sess_set_new_cb\fR\|(3). +The new session callback is only invoked when a session is actually established, +so this avoids the problem described above where an application obtains an +\&\s-1SSL_SESSION\s0 object that cannot be used for resumption in TLSv1.3. It also +enables applications to obtain information about all sessions sent by the +server. +.PP +A session will be automatically removed from the session cache and marked as +non-resumable if the connection is not closed down cleanly, e.g. if a fatal +error occurs on the connection or \fBSSL_shutdown\fR\|(3) is not called prior to +\&\fBSSL_free\fR\|(3). +.PP +In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for +resumption once. +.PP +\&\fBSSL_get0_session()\fR returns a pointer to the actual session. As the +reference counter is not incremented, the pointer is only valid while +the connection is in use. If \fBSSL_clear\fR\|(3) or +\&\fBSSL_free\fR\|(3) is called, the session may be removed completely +(if considered bad), and the pointer obtained will become invalid. Even +if the session is valid, it can be removed at any time due to timeout +during \fBSSL_CTX_flush_sessions\fR\|(3). +.PP +If the data is to be kept, \fBSSL_get1_session()\fR will increment the reference +count, so that the session will not be implicitly removed by other operations +but stays in memory. In order to remove the session +\&\fBSSL_SESSION_free\fR\|(3) must be explicitly called once +to decrement the reference count again. +.PP +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +There is no session available in \fBssl\fR. +.IP "Pointer to an \s-1SSL_SESSION\s0" 4 +.IX Item "Pointer to an SSL_SESSION" +The return value points to the data of an \s-1SSL\s0 session. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_free\fR\|(3), +\&\fBSSL_clear\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_shared_sigalgs.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_shared_sigalgs.3 new file mode 100644 index 00000000..056e8543 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_shared_sigalgs.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_SHARED_SIGALGS 3" +.TH SSL_GET_SHARED_SIGALGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_shared_sigalgs, SSL_get_sigalgs \- get supported signature algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_shared_sigalgs(SSL *s, int idx, +\& int *psign, int *phash, int *psignhash, +\& unsigned char *rsig, unsigned char *rhash); +\& +\& int SSL_get_sigalgs(SSL *s, int idx, +\& int *psign, int *phash, int *psignhash, +\& unsigned char *rsig, unsigned char *rhash); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_shared_sigalgs()\fR returns information about the shared signature +algorithms supported by peer \fBs\fR. The parameter \fBidx\fR indicates the index +of the shared signature algorithm to return starting from zero. The signature +algorithm \s-1NID\s0 is written to \fB*psign\fR, the hash \s-1NID\s0 to \fB*phash\fR and the +sign and hash \s-1NID\s0 to \fB*psignhash\fR. The raw signature and hash values +are written to \fB*rsig\fR and \fB*rhash\fR. +.PP +\&\fBSSL_get_sigalgs()\fR is similar to \fBSSL_get_shared_sigalgs()\fR except it returns +information about all signature algorithms supported by \fBs\fR in the order +they were sent by the peer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get_shared_sigalgs()\fR and \fBSSL_get_sigalgs()\fR return the number of +signature algorithms or \fB0\fR if the \fBidx\fR parameter is out of range. +.SH "NOTES" +.IX Header "NOTES" +These functions are typically called for debugging purposes (to report +the peer's preferences) or where an application wants finer control over +certificate selection. Most applications will rely on internal handling +and will not need to call them. +.PP +If an application is only interested in the highest preference shared +signature algorithm it can just set \fBidx\fR to zero. +.PP +Any or all of the parameters \fBpsign\fR, \fBphash\fR, \fBpsignhash\fR, \fBrsig\fR or +\&\fBrhash\fR can be set to \fB\s-1NULL\s0\fR if the value is not required. By setting +them all to \fB\s-1NULL\s0\fR and setting \fBidx\fR to zero the total number of +signature algorithms can be determined: which can be zero. +.PP +These functions must be called after the peer has sent a list of supported +signature algorithms: after a client hello (for servers) or a certificate +request (for clients). They can (for example) be called in the certificate +callback. +.PP +Only \s-1TLS 1.2, TLS 1.3\s0 and \s-1DTLS 1.2\s0 currently support signature algorithms. +If these +functions are called on an earlier version of \s-1TLS\s0 or \s-1DTLS\s0 zero is returned. +.PP +The shared signature algorithms returned by \fBSSL_get_shared_sigalgs()\fR are +ordered according to configuration and peer preferences. +.PP +The raw values correspond to the on the wire form as defined by \s-1RFC5246\s0 et al. +The NIDs are OpenSSL equivalents. For example if the peer sent \fBsha256\fR\|(4) and +\&\fBrsa\fR\|(1) then \fB*rhash\fR would be 4, \fB*rsign\fR 1, \fB*phash\fR NID_sha256, \fB*psig\fR +NID_rsaEncryption and \fB*psighash\fR NID_sha256WithRSAEncryption. +.PP +If a signature algorithm is not recognised the corresponding NIDs +will be set to \fBNID_undef\fR. This may be because the value is not supported, +is not an appropriate combination (for example \s-1MD5\s0 and \s-1DSA\s0) or the +signature algorithm does not use a hash (for example Ed25519). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_cert_cb\fR\|(3), +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_verify_result.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_verify_result.3 new file mode 100644 index 00000000..cff20d38 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_verify_result.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_VERIFY_RESULT 3" +.TH SSL_GET_VERIFY_RESULT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_verify_result \- get result of peer certificate verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_get_verify_result(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_verify_result()\fR returns the result of the verification of the +X509 certificate presented by the peer, if any. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_get_verify_result()\fR can only return one error code while the verification +of a certificate can fail because of many reasons at the same time. Only +the last verification error that occurred during the processing is available +from \fBSSL_get_verify_result()\fR. +.PP +The verification result is part of the established session and is restored +when a session is reused. +.SH "BUGS" +.IX Header "BUGS" +If no peer certificate was presented, the returned result code is +X509_V_OK. This is because no verification error occurred, it does however +not indicate success. \fBSSL_get_verify_result()\fR is only useful in connection +with \fBSSL_get_peer_certificate\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur: +.IP "X509_V_OK" 4 +.IX Item "X509_V_OK" +The verification succeeded or no peer certificate was presented. +.IP "Any other value" 4 +.IX Item "Any other value" +Documented in \fBverify\fR\|(1). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_set_verify_result\fR\|(3), +\&\fBSSL_get_peer_certificate\fR\|(3), +\&\fBverify\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_version.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_version.3 new file mode 100644 index 00000000..e0268c26 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_get_version.3 @@ -0,0 +1,221 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_VERSION 3" +.TH SSL_GET_VERSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version \- get the protocol information of a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_client_version(const SSL *s); +\& +\& const char *SSL_get_version(const SSL *ssl); +\& +\& int SSL_is_dtls(const SSL *ssl); +\& +\& int SSL_version(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_client_version()\fR returns the numeric protocol version advertised by the +client in the legacy_version field of the ClientHello when initiating the +connection. Note that, for \s-1TLS,\s0 this value will never indicate a version greater +than TLSv1.2 even if TLSv1.3 is subsequently negotiated. \fBSSL_get_version()\fR +returns the name of the protocol used for the connection. \fBSSL_version()\fR returns +the numeric protocol version used for the connection. They should only be called +after the initial handshake has been completed. Prior to that the results +returned from these functions may be unreliable. +.PP +\&\fBSSL_is_dtls()\fR returns one if the connection is using \s-1DTLS,\s0 zero if not. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get_version()\fR returns one of the following strings: +.IP "SSLv3" 4 +.IX Item "SSLv3" +The connection uses the SSLv3 protocol. +.IP "TLSv1" 4 +.IX Item "TLSv1" +The connection uses the TLSv1.0 protocol. +.IP "TLSv1.1" 4 +.IX Item "TLSv1.1" +The connection uses the TLSv1.1 protocol. +.IP "TLSv1.2" 4 +.IX Item "TLSv1.2" +The connection uses the TLSv1.2 protocol. +.IP "TLSv1.3" 4 +.IX Item "TLSv1.3" +The connection uses the TLSv1.3 protocol. +.IP "unknown" 4 +.IX Item "unknown" +This indicates an unknown protocol version. +.PP +\&\fBSSL_version()\fR and \fBSSL_client_version()\fR return an integer which could include any +of the following: +.IP "\s-1SSL3_VERSION\s0" 4 +.IX Item "SSL3_VERSION" +The connection uses the SSLv3 protocol. +.IP "\s-1TLS1_VERSION\s0" 4 +.IX Item "TLS1_VERSION" +The connection uses the TLSv1.0 protocol. +.IP "\s-1TLS1_1_VERSION\s0" 4 +.IX Item "TLS1_1_VERSION" +The connection uses the TLSv1.1 protocol. +.IP "\s-1TLS1_2_VERSION\s0" 4 +.IX Item "TLS1_2_VERSION" +The connection uses the TLSv1.2 protocol. +.IP "\s-1TLS1_3_VERSION\s0" 4 +.IX Item "TLS1_3_VERSION" +The connection uses the TLSv1.3 protocol (never returned for +\&\fBSSL_client_version()\fR). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_is_dtls()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_in_init.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_in_init.3 new file mode 100644 index 00000000..8c7b909a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_in_init.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_IN_INIT 3" +.TH SSL_IN_INIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_in_before, SSL_in_init, SSL_is_init_finished, SSL_in_connect_init, SSL_in_accept_init, SSL_get_state \&\- retrieve information about the handshake state machine +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_in_init(const SSL *s); +\& int SSL_in_before(const SSL *s); +\& int SSL_is_init_finished(const SSL *s); +\& +\& int SSL_in_connect_init(SSL *s); +\& int SSL_in_accept_init(SSL *s); +\& +\& OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_in_init()\fR returns 1 if the \s-1SSL/TLS\s0 state machine is currently processing or +awaiting handshake messages, or 0 otherwise. +.PP +\&\fBSSL_in_before()\fR returns 1 if no \s-1SSL/TLS\s0 handshake has yet been initiated, or 0 +otherwise. +.PP +\&\fBSSL_is_init_finished()\fR returns 1 if the \s-1SSL/TLS\s0 connection is in a state where +fully protected application data can be transferred or 0 otherwise. +.PP +Note that in some circumstances (such as when early data is being transferred) +\&\fBSSL_in_init()\fR, \fBSSL_in_before()\fR and \fBSSL_is_init_finished()\fR can all return 0. +.PP +\&\fBSSL_in_connect_init()\fR returns 1 if \fBs\fR is acting as a client and \fBSSL_in_init()\fR +would return 1, or 0 otherwise. +.PP +\&\fBSSL_in_accept_init()\fR returns 1 if \fBs\fR is acting as a server and \fBSSL_in_init()\fR +would return 1, or 0 otherwise. +.PP +\&\fBSSL_in_connect_init()\fR and \fBSSL_in_accept_init()\fR are implemented as macros. +.PP +\&\fBSSL_get_state()\fR returns a value indicating the current state of the handshake +state machine. \s-1OSSL_HANDSHAKE_STATE\s0 is an enumerated type where each value +indicates a discrete state machine state. Note that future versions of OpenSSL +may define more states so applications should expect to receive unrecognised +state values. The naming format is made up of a number of elements as follows: +.PP +\&\fBprotocol\fR_ST_\fBrole\fR_\fBmessage\fR +.PP +\&\fBprotocol\fR is one of \s-1TLS\s0 or \s-1DTLS. DTLS\s0 is used where a state is specific to the +\&\s-1DTLS\s0 protocol. Otherwise \s-1TLS\s0 is used. +.PP +\&\fBrole\fR is one of \s-1CR, CW, SR\s0 or \s-1SW\s0 to indicate \*(L"client reading\*(R", +\&\*(L"client writing\*(R", \*(L"server reading\*(R" or \*(L"server writing\*(R" respectively. +.PP +\&\fBmessage\fR is the name of a handshake message that is being or has been sent, or +is being or has been processed. +.PP +Additionally there are some special states that do not conform to the above +format. These are: +.IP "\s-1TLS_ST_BEFORE\s0" 4 +.IX Item "TLS_ST_BEFORE" +No handshake messages have yet been been sent or received. +.IP "\s-1TLS_ST_OK\s0" 4 +.IX Item "TLS_ST_OK" +Handshake message sending/processing has completed. +.IP "\s-1TLS_ST_EARLY_DATA\s0" 4 +.IX Item "TLS_ST_EARLY_DATA" +Early data is being processed +.IP "\s-1TLS_ST_PENDING_EARLY_DATA_END\s0" 4 +.IX Item "TLS_ST_PENDING_EARLY_DATA_END" +Awaiting the end of early data processing +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_in_init()\fR, \fBSSL_in_before()\fR, \fBSSL_is_init_finished()\fR, \fBSSL_in_connect_init()\fR +and \fBSSL_in_accept_init()\fR return values as indicated above. +.PP +\&\fBSSL_get_state()\fR returns the current handshake state. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_read_early_data\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_key_update.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_key_update.3 new file mode 100644 index 00000000..1f02530a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_key_update.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_KEY_UPDATE 3" +.TH SSL_KEY_UPDATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_key_update, SSL_get_key_update_type, SSL_renegotiate, SSL_renegotiate_abbreviated, SSL_renegotiate_pending \&\- initiate and obtain information about updating connection keys +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_key_update(SSL *s, int updatetype); +\& int SSL_get_key_update_type(const SSL *s); +\& +\& int SSL_renegotiate(SSL *s); +\& int SSL_renegotiate_abbreviated(SSL *s); +\& int SSL_renegotiate_pending(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_key_update()\fR schedules an update of the keys for the current \s-1TLS\s0 connection. +If the \fBupdatetype\fR parameter is set to \fB\s-1SSL_KEY_UPDATE_NOT_REQUESTED\s0\fR then +the sending keys for this connection will be updated and the peer will be +informed of the change. If the \fBupdatetype\fR parameter is set to +\&\fB\s-1SSL_KEY_UPDATE_REQUESTED\s0\fR then the sending keys for this connection will be +updated and the peer will be informed of the change along with a request for the +peer to additionally update its sending keys. It is an error if \fBupdatetype\fR is +set to \fB\s-1SSL_KEY_UPDATE_NONE\s0\fR. +.PP +\&\fBSSL_key_update()\fR must only be called after the initial handshake has been +completed and TLSv1.3 has been negotiated. The key update will not take place +until the next time an \s-1IO\s0 operation such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR +takes place on the connection. Alternatively \fBSSL_do_handshake()\fR can be called to +force the update to take place immediately. +.PP +\&\fBSSL_get_key_update_type()\fR can be used to determine whether a key update +operation has been scheduled but not yet performed. The type of the pending key +update operation will be returned if there is one, or \s-1SSL_KEY_UPDATE_NONE\s0 +otherwise. +.PP +\&\fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR should only be called for +connections that have negotiated TLSv1.2 or less. Calling them on any other +connection will result in an error. +.PP +When called from the client side, \fBSSL_renegotiate()\fR schedules a completely new +handshake over an existing \s-1SSL/TLS\s0 connection. The next time an \s-1IO\s0 operation +such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR takes place on the connection a check +will be performed to confirm that it is a suitable time to start a +renegotiation. If so, then it will be initiated immediately. OpenSSL will not +attempt to resume any session associated with the connection in the new +handshake. +.PP +When called from the client side, \fBSSL_renegotiate_abbreviated()\fR works in the +same was as \fBSSL_renegotiate()\fR except that OpenSSL will attempt to resume the +session associated with the current connection in the new handshake. +.PP +When called from the server side, \fBSSL_renegotiate()\fR and +\&\fBSSL_renegotiate_abbreviated()\fR behave identically. They both schedule a request +for a new handshake to be sent to the client. The next time an \s-1IO\s0 operation is +performed then the same checks as on the client side are performed and then, if +appropriate, the request is sent. The client may or may not respond with a new +handshake and it may or may not attempt to resume an existing session. If +a new handshake is started then this will be handled transparently by calling +any OpenSSL \s-1IO\s0 function. +.PP +If an OpenSSL client receives a renegotiation request from a server then again +this will be handled transparently through calling any OpenSSL \s-1IO\s0 function. For +a \s-1TLS\s0 connection the client will attempt to resume the current session in the +new handshake. For historical reasons, \s-1DTLS\s0 clients will not attempt to resume +the session in the new handshake. +.PP +The \fBSSL_renegotiate_pending()\fR function returns 1 if a renegotiation or +renegotiation request has been scheduled but not yet acted on, or 0 otherwise. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_key_update()\fR, \fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR return 1 +on success or 0 on error. +.PP +\&\fBSSL_get_key_update_type()\fR returns the update type of the pending key update +operation or \s-1SSL_KEY_UPDATE_NONE\s0 if there is none. +.PP +\&\fBSSL_renegotiate_pending()\fR returns 1 if a renegotiation or renegotiation request +has been scheduled but not yet acted on, or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_key_update()\fR and \fBSSL_get_key_update_type()\fR functions were added in +OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_library_init.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_library_init.3 new file mode 100644 index 00000000..ecdc410b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_library_init.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_LIBRARY_INIT 3" +.TH SSL_LIBRARY_INIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_library_init, OpenSSL_add_ssl_algorithms \&\- initialize SSL library by registering algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_library_init(void); +\& +\& int OpenSSL_add_ssl_algorithms(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests. +.PP +\&\fBOpenSSL_add_ssl_algorithms()\fR is a synonym for \fBSSL_library_init()\fR and is +implemented as a macro. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_library_init()\fR must be called before any other action takes place. +\&\fBSSL_library_init()\fR is not reentrant. +.SH "WARNINGS" +.IX Header "WARNINGS" +\&\fBSSL_library_init()\fR adds ciphers and digests used directly and indirectly by +\&\s-1SSL/TLS.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return +value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBRAND_add\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_library_init()\fR and \fBOpenSSL_add_ssl_algorithms()\fR functions were +deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_ssl()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_load_client_CA_file.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_load_client_CA_file.3 new file mode 100644 index 00000000..ab03e310 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_load_client_CA_file.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_LOAD_CLIENT_CA_FILE 3" +.TH SSL_LOAD_CLIENT_CA_FILE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_load_client_CA_file, SSL_add_file_cert_subjects_to_stack, SSL_add_dir_cert_subjects_to_stack \&\- load certificate names +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +\& +\& int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, +\& const char *file) +\& int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, +\& const char *dir) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_load_client_CA_file()\fR reads certificates from \fIfile\fR and returns +a \s-1STACK_OF\s0(X509_NAME) with the subject names found. +.PP +\&\fBSSL_add_file_cert_subjects_to_stack()\fR reads certificates from \fIfile\fR, +and adds their subject name to the already existing \fIstack\fR. +.PP +\&\fBSSL_add_dir_cert_subjects_to_stack()\fR reads certificates from every +file in the directory \fIdir\fR, and adds their subject name to the +already existing \fIstack\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and +extracts the X509_NAMES of the certificates found. While the name suggests +the specific usage as support function for +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +it is not limited to \s-1CA\s0 certificates. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +The operation failed, check out the error stack for the reason. +.IP "Pointer to \s-1STACK_OF\s0(X509_NAME)" 4 +.IX Item "Pointer to STACK_OF(X509_NAME)" +Pointer to the subject names of the successfully read certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Load names of CAs from file and use it as a client \s-1CA\s0 list: +.PP +.Vb 2 +\& SSL_CTX *ctx; +\& STACK_OF(X509_NAME) *cert_names; +\& +\& ... +\& cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); +\& if (cert_names != NULL) +\& SSL_CTX_set_client_CA_list(ctx, cert_names); +\& else +\& /* error */ +\& ... +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_new.3 new file mode 100644 index 00000000..54cb214f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_new.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_NEW 3" +.TH SSL_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_dup, SSL_new, SSL_up_ref \- create an SSL structure for a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL *SSL_dup(SSL *s); +\& SSL *SSL_new(SSL_CTX *ctx); +\& int SSL_up_ref(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the +data for a \s-1TLS/SSL\s0 connection. The new structure inherits the settings +of the underlying context \fBctx\fR: connection method, +options, verification settings, timeout settings. An \fB\s-1SSL\s0\fR structure is +reference counted. Creating an \fB\s-1SSL\s0\fR structure for the first time increments +the reference count. Freeing it (using SSL_free) decrements it. When the +reference count drops to zero, any memory or resources allocated to the \fB\s-1SSL\s0\fR +structure are freed. +.PP +\&\fBSSL_up_ref()\fR increments the reference count for an +existing \fB\s-1SSL\s0\fR structure. +.PP +\&\fBSSL_dup()\fR duplicates an existing \fB\s-1SSL\s0\fR structure into a new allocated one. All +settings are inherited from the original \fB\s-1SSL\s0\fR structure. Dynamic data (i.e. +existing connection details) are not copied, the new \fB\s-1SSL\s0\fR is set into an +initial accept (server) or connect (client) state. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +The creation of a new \s-1SSL\s0 structure failed. Check the error stack to +find out the reason. +.IP "Pointer to an \s-1SSL\s0 structure" 4 +.IX Item "Pointer to an SSL structure" +The return value points to an allocated \s-1SSL\s0 structure. +.Sp +\&\fBSSL_up_ref()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBSSL_get_SSL_CTX\fR\|(3), +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_pending.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_pending.3 new file mode 100644 index 00000000..d8fa1675 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_pending.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_PENDING 3" +.TH SSL_PENDING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_pending, SSL_has_pending \- check for readable bytes buffered in an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_pending(const SSL *ssl); +\& int SSL_has_pending(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Data is received in whole blocks known as records from the peer. A whole record +is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is +read by the application via a call to \fBSSL_read_ex\fR\|(3) or \fBSSL_read\fR\|(3). +.PP +\&\fBSSL_pending()\fR returns the number of bytes which have been processed, buffered +and are available inside \fBssl\fR for immediate read. +.PP +If the \fB\s-1SSL\s0\fR object's \fIread_ahead\fR flag is set (see +\&\fBSSL_CTX_set_read_ahead\fR\|(3)), additional protocol bytes (beyond the current +record) may have been read containing more \s-1TLS/SSL\s0 records. This also applies to +\&\s-1DTLS\s0 and pipelining (see \fBSSL_CTX_set_split_send_fragment\fR\|(3)). These +additional bytes will be buffered by OpenSSL but will remain unprocessed until +they are needed. As these bytes are still in an unprocessed state \fBSSL_pending()\fR +will ignore them. Therefore it is possible for no more bytes to be readable from +the underlying \s-1BIO\s0 (because OpenSSL has already read them) and for \fBSSL_pending()\fR +to return 0, even though readable application data bytes are available (because +the data is in unprocessed buffered records). +.PP +\&\fBSSL_has_pending()\fR returns 1 if \fBs\fR has buffered data (whether processed or +unprocessed) and 0 otherwise. Note that it is possible for \fBSSL_has_pending()\fR to +return 1, and then a subsequent call to \fBSSL_read_ex()\fR or \fBSSL_read()\fR to return no +data because the unprocessed buffered data when processed yielded no application +data (for example this can happen during renegotiation). It is also possible in +this scenario for \fBSSL_has_pending()\fR to continue to return 1 even after an +\&\fBSSL_read_ex()\fR or \fBSSL_read()\fR call because the buffered and unprocessed data is +not yet processable (e.g. because OpenSSL has only received a partial record so +far). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_pending()\fR returns the number of buffered and processed application data +bytes that are pending and are available for immediate read. \fBSSL_has_pending()\fR +returns 1 if there is buffered record data in the \s-1SSL\s0 object and 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_CTX_set_read_ahead\fR\|(3), +\&\fBSSL_CTX_set_split_send_fragment\fR\|(3), \fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_has_pending()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_read.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_read.3 new file mode 100644 index 00000000..099374ac --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_read.3 @@ -0,0 +1,275 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_READ 3" +.TH SSL_READ 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek \&\- read bytes from a TLS/SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +\& int SSL_read(SSL *ssl, void *buf, int num); +\& +\& int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +\& int SSL_peek(SSL *ssl, void *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_read_ex()\fR and \fBSSL_read()\fR try to read \fBnum\fR bytes from the specified \fBssl\fR +into the buffer \fBbuf\fR. On success \fBSSL_read_ex()\fR will store the number of bytes +actually read in \fB*readbytes\fR. +.PP +\&\fBSSL_peek_ex()\fR and \fBSSL_peek()\fR are identical to \fBSSL_read_ex()\fR and \fBSSL_read()\fR +respectively except no bytes are actually removed from the underlying \s-1BIO\s0 during +the read, so that a subsequent call to \fBSSL_read_ex()\fR or \fBSSL_read()\fR will yield +at least the same bytes. +.SH "NOTES" +.IX Header "NOTES" +In the paragraphs below a \*(L"read function\*(R" is defined as one of \fBSSL_read_ex()\fR, +\&\fBSSL_read()\fR, \fBSSL_peek_ex()\fR or \fBSSL_peek()\fR. +.PP +If necessary, a read function will negotiate a \s-1TLS/SSL\s0 session, if not already +explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the +peer requests a re-negotiation, it will be performed transparently during +the read function operation. The behaviour of the read functions depends on the +underlying \s-1BIO.\s0 +.PP +For the transparent negotiation to succeed, the \fBssl\fR must have been +initialized to client or server mode. This is being done by calling +\&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR before the first +invocation of a read function. +.PP +The read functions work based on the \s-1SSL/TLS\s0 records. The data are received in +records (with a maximum record size of 16kB). Only when a record has been +completely received, can it be processed (decryption and check of integrity). +Therefore data that was not retrieved at the last read call can still be +buffered inside the \s-1SSL\s0 layer and will be retrieved on the next read +call. If \fBnum\fR is higher than the number of bytes buffered then the read +functions will return with the bytes buffered. If no more bytes are in the +buffer, the read functions will trigger the processing of the next record. +Only when the record has been received and processed completely will the read +functions return reporting success. At most the contents of one record will +be returned. As the size of an \s-1SSL/TLS\s0 record may exceed the maximum packet size +of the underlying transport (e.g. \s-1TCP\s0), it may be necessary to read several +packets from the transport layer before the record is complete and the read call +can succeed. +.PP +If \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR has been switched off and a non-application data +record has been processed, the read function can return and set the error to +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR. +In this case there might still be unprocessed data available in the \fB\s-1BIO\s0\fR. +If read ahead was set using \fBSSL_CTX_set_read_ahead\fR\|(3), there might also still +be unprocessed data available in the \fB\s-1SSL\s0\fR. +This behaviour can be controlled using the \fBSSL_CTX_set_mode\fR\|(3) call. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, a read function will only return once the +read operation has been finished or an error occurred, except when a +non-application data record has been processed and \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is +not set. +Note that if \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is set and only non-application data is +available the call will hang. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, a read function will also return when +the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue the +operation. +In this case a call to \fBSSL_get_error\fR\|(3) with the +return value of the read function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. +As at any time it's possible that non-application data needs to be sent, +a read function can also cause write operations. +The calling process then must repeat the call after taking appropriate action +to satisfy the needs of the read function. +The action depends on the underlying \s-1BIO.\s0 +When using a non-blocking socket, nothing is to be done, but \fBselect()\fR can be +used to check for the required condition. +When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or +retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +\&\fBSSL_pending\fR\|(3) can be used to find out whether there +are buffered bytes available for immediate retrieval. +In this case the read function can be called without blocking or actually +receiving new data from the underlying socket. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR will return 1 for success or 0 for failure. +Success means that 1 or more application data bytes have been read from the \s-1SSL\s0 +connection. +Failure means that no bytes could be read from the \s-1SSL\s0 connection. +Failures can be retryable (e.g. we are waiting for more bytes to +be delivered by the network) or non-retryable (e.g. a fatal network error). +In the event of a failure call \fBSSL_get_error\fR\|(3) to find out the reason which +indicates whether the call is retryable or not. +.PP +For \fBSSL_read()\fR and \fBSSL_peek()\fR the following return values can occur: +.IP "> 0" 4 +.IX Item "> 0" +The read operation was successful. +The return value is the number of bytes actually read from the \s-1TLS/SSL\s0 +connection. +.IP "<= 0" 4 +.IX Item "<= 0" +The read operation was not successful, because either the connection was closed, +an error occurred or action must be taken by the calling process. +Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. +.Sp +Old documentation indicated a difference between 0 and \-1, and that \-1 was +retryable. +You should instead call \fBSSL_get_error()\fR to find out if it's retryable. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_write_ex\fR\|(3), +\&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3) +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_pending\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBssl\fR\|(7), \fBbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_read_early_data.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_read_early_data.3 new file mode 100644 index 00000000..9dd64a0e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_read_early_data.3 @@ -0,0 +1,480 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_READ_EARLY_DATA 3" +.TH SSL_READ_EARLY_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_max_early_data, SSL_CTX_set_max_early_data, SSL_get_max_early_data, SSL_CTX_get_max_early_data, SSL_set_recv_max_early_data, SSL_CTX_set_recv_max_early_data, SSL_get_recv_max_early_data, SSL_CTX_get_recv_max_early_data, SSL_SESSION_get_max_early_data, SSL_SESSION_set_max_early_data, SSL_write_early_data, SSL_read_early_data, SSL_get_early_data_status, SSL_allow_early_data_cb_fn, SSL_CTX_set_allow_early_data_cb, SSL_set_allow_early_data_cb \&\- functions for sending and receiving early data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); +\& uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); +\& int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); +\& uint32_t SSL_get_max_early_data(const SSL *s); +\& +\& int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); +\& uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); +\& int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); +\& uint32_t SSL_get_recv_max_early_data(const SSL *s); +\& +\& uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); +\& int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data); +\& +\& int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written); +\& +\& int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes); +\& +\& int SSL_get_early_data_status(const SSL *s); +\& +\& +\& typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); +\& +\& void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, +\& SSL_allow_early_data_cb_fn cb, +\& void *arg); +\& void SSL_set_allow_early_data_cb(SSL *s, +\& SSL_allow_early_data_cb_fn cb, +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to send and receive early data where TLSv1.3 has been +negotiated. Early data can be sent by the client immediately after its initial +ClientHello without having to wait for the server to complete the handshake. +Early data can only be sent if a session has previously been established with +the server, and the server is known to support it. Additionally these functions +can be used to send data from the server to the client when the client has not +yet completed the authentication stage of the handshake. +.PP +Early data has weaker security properties than other data sent over an \s-1SSL/TLS\s0 +connection. In particular the data does not have forward secrecy. There are also +additional considerations around replay attacks (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 +below). For these reasons extreme care should be exercised when using early +data. For specific details, consult the \s-1TLS 1.3\s0 specification. +.PP +When a server receives early data it may opt to immediately respond by sending +application data back to the client. Data sent by the server at this stage is +done before the full handshake has been completed. Specifically the client's +authentication messages have not yet been received, i.e. the client is +unauthenticated at this point and care should be taken when using this +capability. +.PP +A server or client can determine whether the full handshake has been completed +or not by calling \fBSSL_is_init_finished\fR\|(3). +.PP +On the client side, the function \fBSSL_SESSION_get_max_early_data()\fR can be used to +determine if a session established with a server can be used to send early data. +If the session cannot be used then this function will return 0. Otherwise it +will return the maximum number of early data bytes that can be sent. +.PP +The function \fBSSL_SESSION_set_max_early_data()\fR sets the maximum number of early +data bytes that can be sent for a session. This would typically be used when +creating a \s-1PSK\s0 session file (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). If +using a ticket based \s-1PSK\s0 then this is set automatically to the value provided by +the server. +.PP +A client uses the function \fBSSL_write_early_data()\fR to send early data. This +function is similar to the \fBSSL_write_ex\fR\|(3) function, but with the following +differences. See \fBSSL_write_ex\fR\|(3) for information on how to write bytes to +the underlying connection, and how to handle any errors that may arise. This +page describes the differences between \fBSSL_write_early_data()\fR and +\&\fBSSL_write_ex\fR\|(3). +.PP +When called by a client, \fBSSL_write_early_data()\fR must be the first \s-1IO\s0 function +called on a new connection, i.e. it must occur before any calls to +\&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_connect\fR\|(3), \fBSSL_do_handshake\fR\|(3) +or other similar functions. It may be called multiple times to stream data to +the server, but the total number of bytes written must not exceed the value +returned from \fBSSL_SESSION_get_max_early_data()\fR. Once the initial +\&\fBSSL_write_early_data()\fR call has completed successfully the client may interleave +calls to \fBSSL_read_ex\fR\|(3) and \fBSSL_read\fR\|(3) with calls to +\&\fBSSL_write_early_data()\fR as required. +.PP +If \fBSSL_write_early_data()\fR fails you should call \fBSSL_get_error\fR\|(3) to determine +the correct course of action, as for \fBSSL_write_ex\fR\|(3). +.PP +When the client no longer wishes to send any more early data then it should +complete the handshake by calling a function such as \fBSSL_connect\fR\|(3) or +\&\fBSSL_do_handshake\fR\|(3). Alternatively you can call a standard write function +such as \fBSSL_write_ex\fR\|(3), which will transparently complete the connection and +write the requested data. +.PP +A server may choose to ignore early data that has been sent to it. Once the +connection has been completed you can determine whether the server accepted or +rejected the early data by calling \fBSSL_get_early_data_status()\fR. This will return +\&\s-1SSL_EARLY_DATA_ACCEPTED\s0 if the data was accepted, \s-1SSL_EARLY_DATA_REJECTED\s0 if it +was rejected or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. This function +may be called by either the client or the server. +.PP +A server uses the \fBSSL_read_early_data()\fR function to receive early data on a +connection for which early data has been enabled using +\&\fBSSL_CTX_set_max_early_data()\fR or \fBSSL_set_max_early_data()\fR. As for +\&\fBSSL_write_early_data()\fR, this must be the first \s-1IO\s0 function +called on a connection, i.e. it must occur before any calls to +\&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_accept\fR\|(3), \fBSSL_do_handshake\fR\|(3), +or other similar functions. +.PP +\&\fBSSL_read_early_data()\fR is similar to \fBSSL_read_ex\fR\|(3) with the following +differences. Refer to \fBSSL_read_ex\fR\|(3) for full details. +.PP +\&\fBSSL_read_early_data()\fR may return 3 possible values: +.IP "\s-1SSL_READ_EARLY_DATA_ERROR\s0" 4 +.IX Item "SSL_READ_EARLY_DATA_ERROR" +This indicates an \s-1IO\s0 or some other error occurred. This should be treated in the +same way as a 0 return value from \fBSSL_read_ex\fR\|(3). +.IP "\s-1SSL_READ_EARLY_DATA_SUCCESS\s0" 4 +.IX Item "SSL_READ_EARLY_DATA_SUCCESS" +This indicates that early data was successfully read. This should be treated in +the same way as a 1 return value from \fBSSL_read_ex\fR\|(3). You should continue to +call \fBSSL_read_early_data()\fR to read more data. +.IP "\s-1SSL_READ_EARLY_DATA_FINISH\s0" 4 +.IX Item "SSL_READ_EARLY_DATA_FINISH" +This indicates that no more early data can be read. It may be returned on the +first call to \fBSSL_read_early_data()\fR if the client has not sent any early data, +or if the early data was rejected. +.PP +Once the initial \fBSSL_read_early_data()\fR call has completed successfully (i.e. it +has returned \s-1SSL_READ_EARLY_DATA_SUCCESS\s0 or \s-1SSL_READ_EARLY_DATA_FINISH\s0) then the +server may choose to write data immediately to the unauthenticated client using +\&\fBSSL_write_early_data()\fR. If \fBSSL_read_early_data()\fR returned +\&\s-1SSL_READ_EARLY_DATA_FINISH\s0 then in some situations (e.g. if the client only +supports TLSv1.2) the handshake may have already been completed and calls +to \fBSSL_write_early_data()\fR are not allowed. Call \fBSSL_is_init_finished\fR\|(3) to +determine whether the handshake has completed or not. If the handshake is still +in progress then the server may interleave calls to \fBSSL_write_early_data()\fR with +calls to \fBSSL_read_early_data()\fR as required. +.PP +Servers must not call \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or +\&\fBSSL_write\fR\|(3) until \fBSSL_read_early_data()\fR has returned with +\&\s-1SSL_READ_EARLY_DATA_FINISH.\s0 Once it has done so the connection to the client +still needs to be completed. Complete the connection by calling a function such +as \fBSSL_accept\fR\|(3) or \fBSSL_do_handshake\fR\|(3). Alternatively you can call a +standard read function such as \fBSSL_read_ex\fR\|(3), which will transparently +complete the connection and read the requested data. Note that it is an error to +attempt to complete the connection before \fBSSL_read_early_data()\fR has returned +\&\s-1SSL_READ_EARLY_DATA_FINISH.\s0 +.PP +Only servers may call \fBSSL_read_early_data()\fR. +.PP +Calls to \fBSSL_read_early_data()\fR may, in certain circumstances, complete the +connection immediately without further need to call a function such as +\&\fBSSL_accept\fR\|(3). This can happen if the client is using a protocol version less +than TLSv1.3. Applications can test for this by calling +\&\fBSSL_is_init_finished\fR\|(3). Alternatively, applications may choose to call +\&\fBSSL_accept\fR\|(3) anyway. Such a call will successfully return immediately with no +further action taken. +.PP +When a session is created between a server and a client the server will specify +the maximum amount of any early data that it will accept on any future +connection attempt. By default the server does not accept early data; a +server may indicate support for early data by calling +\&\fBSSL_CTX_set_max_early_data()\fR or +\&\fBSSL_set_max_early_data()\fR to set it for the whole \s-1SSL_CTX\s0 or an individual \s-1SSL\s0 +object respectively. The \fBmax_early_data\fR parameter specifies the maximum +amount of early data in bytes that is permitted to be sent on a single +connection. Similarly the \fBSSL_CTX_get_max_early_data()\fR and +\&\fBSSL_get_max_early_data()\fR functions can be used to obtain the current maximum +early data settings for the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. Generally a +server application will either use both of \fBSSL_read_early_data()\fR and +\&\fBSSL_CTX_set_max_early_data()\fR (or \fBSSL_set_max_early_data()\fR), or neither of them, +since there is no practical benefit from using only one of them. If the maximum +early data setting for a server is non-zero then replay protection is +automatically enabled (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 below). +.PP +If the server rejects the early data sent by a client then it will skip over +the data that is sent. The maximum amount of received early data that is skipped +is controlled by the recv_max_early_data setting. If a client sends more than +this then the connection will abort. This value can be set by calling +\&\fBSSL_CTX_set_recv_max_early_data()\fR or \fBSSL_set_recv_max_early_data()\fR. The current +value for this setting can be obtained by calling +\&\fBSSL_CTX_get_recv_max_early_data()\fR or \fBSSL_get_recv_max_early_data()\fR. The default +value for this setting is 16,384 bytes. +.PP +The recv_max_early_data value also has an impact on early data that is accepted. +The amount of data that is accepted will always be the lower of the +max_early_data for the session and the recv_max_early_data setting for the +server. If a client sends more data than this then the connection will abort. +.PP +The configured value for max_early_data on a server may change over time as +required. However clients may have tickets containing the previously configured +max_early_data value. The recv_max_early_data should always be equal to or +higher than any recently configured max_early_data value in order to avoid +aborted connections. The recv_max_early_data should never be set to less than +the current configured max_early_data value. +.PP +Some server applications may wish to have more control over whether early data +is accepted or not, for example to mitigate replay risks (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 +below) or to decline early_data when the server is heavily loaded. The functions +\&\fBSSL_CTX_set_allow_early_data_cb()\fR and \fBSSL_set_allow_early_data_cb()\fR set a +callback which is called at a point in the handshake immediately before a +decision is made to accept or reject early data. The callback is provided with a +pointer to the user data argument that was provided when the callback was first +set. Returning 1 from the callback will allow early data and returning 0 will +reject it. Note that the OpenSSL library may reject early data for other reasons +in which case this callback will not get called. Notably, the built-in replay +protection feature will still be used even if a callback is present unless it +has been explicitly disabled using the \s-1SSL_OP_NO_ANTI_REPLAY\s0 option. See +\&\*(L"\s-1REPLAY PROTECTION\*(R"\s0 below. +.SH "NOTES" +.IX Header "NOTES" +The whole purpose of early data is to enable a client to start sending data to +the server before a full round trip of network traffic has occurred. Application +developers should ensure they consider optimisation of the underlying \s-1TCP\s0 socket +to obtain a performant solution. For example Nagle's algorithm is commonly used +by operating systems in an attempt to avoid lots of small \s-1TCP\s0 packets. In many +scenarios this is beneficial for performance, but it does not work well with the +early data solution as implemented in OpenSSL. In Nagle's algorithm the \s-1OS\s0 will +buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent which we have not +yet received an \s-1ACK\s0 for from the peer. The buffered data will only be +transmitted if enough data to fill an entire \s-1TCP\s0 packet is accumulated, or if +the \s-1ACK\s0 is received from the peer. The initial ClientHello will be sent in the +first \s-1TCP\s0 packet along with any data from the first call to +\&\fBSSL_write_early_data()\fR. If the amount of data written will exceed the size of a +single \s-1TCP\s0 packet, or if there are more calls to \fBSSL_write_early_data()\fR then +that additional data will be sent in subsequent \s-1TCP\s0 packets which will be +buffered by the \s-1OS\s0 and not sent until an \s-1ACK\s0 is received for the first packet +containing the ClientHello. This means the early data is not actually +sent until a complete round trip with the server has occurred which defeats the +objective of early data. +.PP +In many operating systems the \s-1TCP_NODELAY\s0 socket option is available to disable +Nagle's algorithm. If an application opts to disable Nagle's algorithm +consideration should be given to turning it back on again after the handshake is +complete if appropriate. +.PP +In rare circumstances, it may be possible for a client to have a session that +reports a max early data value greater than 0, but where the server does not +support this. For example, this can occur if a server has had its configuration +changed to accept a lower max early data value such as by calling +\&\fBSSL_CTX_set_recv_max_early_data()\fR. Another example is if a server used to +support TLSv1.3 but was later downgraded to TLSv1.2. Sending early data to such +a server will cause the connection to abort. Clients that encounter an aborted +connection while sending early data may want to retry the connection without +sending early data as this does not happen automatically. A client will have to +establish a new transport layer connection to the server and attempt the \s-1SSL/TLS\s0 +connection again but without sending early data. Note that it is inadvisable to +retry with a lower maximum protocol version. +.SH "REPLAY PROTECTION" +.IX Header "REPLAY PROTECTION" +When early data is in use the \s-1TLS\s0 protocol provides no security guarantees that +the same early data was not replayed across multiple connections. As a +mitigation for this issue OpenSSL automatically enables replay protection if the +server is configured with a non-zero max early data value. With replay +protection enabled sessions are forced to be single use only. If a client +attempts to reuse a session ticket more than once, then the second and +subsequent attempts will fall back to a full handshake (and any early data that +was submitted will be ignored). Note that single use tickets are enforced even +if a client does not send any early data. +.PP +The replay protection mechanism relies on the internal OpenSSL server session +cache (see \fBSSL_CTX_set_session_cache_mode\fR\|(3)). When replay protection is +being used the server will operate as if the \s-1SSL_OP_NO_TICKET\s0 option had been +selected (see \fBSSL_CTX_set_options\fR\|(3)). Sessions will be added to the cache +whenever a session ticket is issued. When a client attempts to resume the +session, OpenSSL will check for its presence in the internal cache. If it exists +then the resumption is allowed and the session is removed from the cache. If it +does not exist then the resumption is not allowed and a full handshake will +occur. +.PP +Note that some applications may maintain an external cache of sessions (see +\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) and similar functions). It is the application's +responsibility to ensure that any sessions in the external cache are also +populated in the internal cache and that once removed from the internal cache +they are similarly removed from the external cache. Failing to do this could +result in an application becoming vulnerable to replay attacks. Note that +OpenSSL will lock the internal cache while a session is removed but that lock is +not held when the remove session callback (see \fBSSL_CTX_sess_set_remove_cb\fR\|(3)) +is called. This could result in a small amount of time where the session has +been removed from the internal cache but is still available in the external +cache. Applications should be designed with this in mind in order to minimise +the possibility of replay attacks. +.PP +The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) +(e.g. see \fBSSL_CTX_set_psk_find_session_callback\fR\|(3)). Therefore extreme caution +should be applied when combining external PSKs with early data. +.PP +Some applications may mitigate the replay risks in other ways. For those +applications it is possible to turn off the built-in replay protection feature +using the \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR option. See \fBSSL_CTX_set_options\fR\|(3) for +details. Applications can also set a callback to make decisions about accepting +early data or not. See \fBSSL_CTX_set_allow_early_data_cb()\fR above for details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_write_early_data()\fR returns 1 for success or 0 for failure. In the event of a +failure call \fBSSL_get_error\fR\|(3) to determine the correct course of action. +.PP +\&\fBSSL_read_early_data()\fR returns \s-1SSL_READ_EARLY_DATA_ERROR\s0 for failure, +\&\s-1SSL_READ_EARLY_DATA_SUCCESS\s0 for success with more data to read and +\&\s-1SSL_READ_EARLY_DATA_FINISH\s0 for success with no more to data be read. In the +event of a failure call \fBSSL_get_error\fR\|(3) to determine the correct course of +action. +.PP +\&\fBSSL_get_max_early_data()\fR, \fBSSL_CTX_get_max_early_data()\fR and +\&\fBSSL_SESSION_get_max_early_data()\fR return the maximum number of early data bytes +that may be sent. +.PP +\&\fBSSL_set_max_early_data()\fR, \fBSSL_CTX_set_max_early_data()\fR and +\&\fBSSL_SESSION_set_max_early_data()\fR return 1 for success or 0 for failure. +.PP +\&\fBSSL_get_early_data_status()\fR returns \s-1SSL_EARLY_DATA_ACCEPTED\s0 if early data was +accepted by the server, \s-1SSL_EARLY_DATA_REJECTED\s0 if early data was rejected by +the server, or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), +\&\fBSSL_read_ex\fR\|(3), +\&\fBSSL_connect\fR\|(3), +\&\fBSSL_accept\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of the functions described above were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_rstate_string.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_rstate_string.3 new file mode 100644 index 00000000..52aeafca --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_rstate_string.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_RSTATE_STRING 3" +.TH SSL_RSTATE_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an SSL object during read operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_rstate_string(SSL *ssl); +\& const char *SSL_rstate_string_long(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_rstate_string()\fR returns a 2 letter string indicating the current read state +of the \s-1SSL\s0 object \fBssl\fR. +.PP +\&\fBSSL_rstate_string_long()\fR returns a string indicating the current read state of +the \s-1SSL\s0 object \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record, +consisting of header and body. When working in a blocking environment, +SSL_rstate_string[_long]() should always return \*(L"\s-1RD\*(R"/\s0\*(L"read done\*(R". +.PP +This function should only seldom be needed in applications. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_rstate_string()\fR and \fBSSL_rstate_string_long()\fR can return the following +values: +.ie n .IP """\s-1RH""/\s0""read header""" 4 +.el .IP "``\s-1RH''/\s0``read header''" 4 +.IX Item "RH/read header" +The header of the record is being evaluated. +.ie n .IP """\s-1RB""/\s0""read body""" 4 +.el .IP "``\s-1RB''/\s0``read body''" 4 +.IX Item "RB/read body" +The body of the record is being evaluated. +.ie n .IP """\s-1RD""/\s0""read done""" 4 +.el .IP "``\s-1RD''/\s0``read done''" 4 +.IX Item "RD/read done" +The record has been completely processed. +.ie n .IP """unknown""/""unknown""" 4 +.el .IP "``unknown''/``unknown''" 4 +.IX Item "unknown/unknown" +The read state is unknown. This should never happen. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_session_reused.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_session_reused.3 new file mode 100644 index 00000000..1a97bac0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_session_reused.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_REUSED 3" +.TH SSL_SESSION_REUSED 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_session_reused \- query whether a reused session was negotiated during handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_session_reused(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Query, whether a reused session was negotiated during the handshake. +.SH "NOTES" +.IX Header "NOTES" +During the negotiation, a client can propose to reuse a session. The server +then looks up the session in its cache. If both client and server agree +on the session, it will be reused and a flag is being set that can be +queried by the application. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +A new session was negotiated. +.IP "1" 4 +.IX Item "1" +A session was reused. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set1_host.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set1_host.3 new file mode 100644 index 00000000..8363fcce --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set1_host.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET1_HOST 3" +.TH SSL_SET1_HOST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername \- SSL server verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set1_host(SSL *s, const char *hostname); +\& int SSL_add1_host(SSL *s, const char *hostname); +\& void SSL_set_hostflags(SSL *s, unsigned int flags); +\& const char *SSL_get0_peername(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions configure server hostname checks in the \s-1SSL\s0 client. +.PP +\&\fBSSL_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \fBname\fR clearing +any previously specified host name or names. If \fBname\fR is \s-1NULL,\s0 +or the empty string the list of hostnames is cleared, and name +checks are not performed on the peer certificate. When a non-empty +\&\fBname\fR is specified, certificate verification automatically checks +the peer hostname via \fBX509_check_host\fR\|(3) with \fBflags\fR as specified +via \fBSSL_set_hostflags()\fR. Clients that enable \s-1DANE TLSA\s0 authentication +via \fBSSL_dane_enable\fR\|(3) should leave it to that function to set +the primary reference identifier of the peer, and should not call +\&\fBSSL_set1_host()\fR. +.PP +\&\fBSSL_add1_host()\fR adds \fBname\fR as an additional reference identifier +that can match the peer's certificate. Any previous names set via +\&\fBSSL_set1_host()\fR or \fBSSL_add1_host()\fR are retained, no change is made +if \fBname\fR is \s-1NULL\s0 or empty. When multiple names are configured, +the peer is considered verified when any name matches. This function +is required for \s-1DANE TLSA\s0 in the presence of service name indirection +via \s-1CNAME, MX\s0 or \s-1SRV\s0 records as specified in \s-1RFC7671, RFC7672\s0 or +\&\s-1RFC7673.\s0 +.PP +\&\fBSSL_set_hostflags()\fR sets the \fBflags\fR that will be passed to +\&\fBX509_check_host\fR\|(3) when name checks are applicable, by default +the \fBflags\fR value is 0. See \fBX509_check_host\fR\|(3) for the list +of available flags and their meaning. +.PP +\&\fBSSL_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject CommonName +from the peer certificate that matched one of the reference +identifiers. When wildcard matching is not disabled, the name +matched in the peer certificate may be a wildcard name. When one +of the reference identifiers configured via \fBSSL_set1_host()\fR or +\&\fBSSL_add1_host()\fR starts with \*(L".\*(R", which indicates a parent domain prefix +rather than a fixed name, the matched peer name may be a sub-domain +of the reference identifier. The returned string is allocated by +the library and is no longer valid once the associated \fBssl\fR handle +is cleared or freed, or a renegotiation takes place. Applications +must not free the return value. +.PP +\&\s-1SSL\s0 clients are advised to use these functions in preference to +explicitly calling \fBX509_check_host\fR\|(3). Hostname checks may be out +of scope with the \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3) certificate usage, and the +internal check will be suppressed as appropriate when \s-1DANE\s0 is +enabled. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set1_host()\fR and \fBSSL_add1_host()\fR return 1 for success and 0 for +failure. +.PP +\&\fBSSL_get0_peername()\fR returns \s-1NULL\s0 if peername verification is not +applicable (as with \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3)), or no trusted peername was +matched. Otherwise, it returns the matched peername. To determine +whether verification succeeded call \fBSSL_get_verify_result\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R". +The calls below will arrange to match either the \s-1MX\s0 hostname or the +destination domain name in the \s-1SMTP\s0 server certificate. Wildcards +are supported, but must match the entire label. The actual name +matched in the certificate (which might be a wildcard) is retrieved, +and must be copied by the application if it is to be retained beyond +the lifetime of the \s-1SSL\s0 connection. +.PP +.Vb 5 +\& SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); +\& if (!SSL_set1_host(ssl, "smtp.example.com")) +\& /* error */ +\& if (!SSL_add1_host(ssl, "example.com")) +\& /* error */ +\& +\& /* XXX: Perform SSL_connect() handshake and handle errors here */ +\& +\& if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& const char *peername = SSL_get0_peername(ssl); +\& +\& if (peername != NULL) +\& /* Name checks were in scope and matched the peername */ +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_check_host\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3). +\&\fBSSL_dane_enable\fR\|(3). +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_bio.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_bio.3 new file mode 100644 index 00000000..427ccdbd --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_bio.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_BIO 3" +.TH SSL_SET_BIO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio \- connect the SSL object with a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); +\& void SSL_set0_rbio(SSL *s, BIO *rbio); +\& void SSL_set0_wbio(SSL *s, BIO *wbio); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set0_rbio()\fR connects the \s-1BIO\s0 \fBrbio\fR for the read operations of the \fBssl\fR +object. The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR. If the \s-1BIO\s0 is +non-blocking then the \fBssl\fR object will also have non-blocking behaviour. This +function transfers ownership of \fBrbio\fR to \fBssl\fR. It will be automatically +freed using \fBBIO_free_all\fR\|(3) when the \fBssl\fR is freed. On calling this +function, any existing \fBrbio\fR that was previously set will also be freed via a +call to \fBBIO_free_all\fR\|(3) (this includes the case where the \fBrbio\fR is set to +the same value as previously). +.PP +\&\fBSSL_set0_wbio()\fR works in the same as \fBSSL_set0_rbio()\fR except that it connects +the \s-1BIO\s0 \fBwbio\fR for the write operations of the \fBssl\fR object. Note that if the +rbio and wbio are the same then \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR each take +ownership of one reference. Therefore it may be necessary to increment the +number of references available using \fBBIO_up_ref\fR\|(3) before calling the set0 +functions. +.PP +\&\fBSSL_set_bio()\fR is similar to \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR except +that it connects both the \fBrbio\fR and the \fBwbio\fR at the same time, and +transfers the ownership of \fBrbio\fR and \fBwbio\fR to \fBssl\fR according to +the following set of rules: +.IP "\(bu" 2 +If neither the \fBrbio\fR or \fBwbio\fR have changed from their previous values +then nothing is done. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and both are different +to their +previously set values then one reference is consumed for the rbio and one +reference is consumed for the wbio. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is not +the same as the previously set value then one reference is consumed. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is the +same as the previously set value, then no additional references are consumed. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBrbio\fR is the +same as the +previously set value then one reference is consumed for the \fBwbio\fR and no +references are consumed for the \fBrbio\fR. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR is the +same as the previously set value and the old \fBrbio\fR and \fBwbio\fR values +were the same as each other then one reference is consumed for the \fBrbio\fR +and no references are consumed for the \fBwbio\fR. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR +is the same as the +previously set value and the old \fBrbio\fR and \fBwbio\fR values were different +to each +other then one reference is consumed for the \fBrbio\fR and one reference +is consumed +for the \fBwbio\fR. +.PP +Because of this complexity, this function should be avoided; +use \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_bio()\fR, \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR cannot fail. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_rbio\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_connect_state.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_connect_state.3 new file mode 100644 index 00000000..66a93a83 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_connect_state.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_CONNECT_STATE 3" +.TH SSL_SET_CONNECT_STATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_connect_state, SSL_set_accept_state, SSL_is_server \&\- functions for manipulating and examining the client or server mode of an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_connect_state(SSL *ssl); +\& +\& void SSL_set_accept_state(SSL *ssl); +\& +\& int SSL_is_server(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set_connect_state()\fR sets \fBssl\fR to work in client mode. +.PP +\&\fBSSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. +.PP +\&\fBSSL_is_server()\fR checks if \fBssl\fR is working in server mode. +.SH "NOTES" +.IX Header "NOTES" +When the \s-1SSL_CTX\s0 object was created with \fBSSL_CTX_new\fR\|(3), +it was either assigned a dedicated client method, a dedicated server +method, or a generic method, that can be used for both client and +server connections. (The method might have been changed with +\&\fBSSL_CTX_set_ssl_version\fR\|(3) or +\&\fBSSL_set_ssl_method\fR\|(3).) +.PP +When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must +call the connect (client) or accept (server) routines. Even though it may +be clear from the method chosen, whether client or server mode was +requested, the handshake routines must be explicitly set. +.PP +When using the \fBSSL_connect\fR\|(3) or +\&\fBSSL_accept\fR\|(3) routines, the correct handshake +routines are automatically set. When performing a transparent negotiation +using \fBSSL_write_ex\fR\|(3), \fBSSL_write\fR\|(3), \fBSSL_read_ex\fR\|(3), or \fBSSL_read\fR\|(3), +the handshake routines must be explicitly set in advance using either +\&\fBSSL_set_connect_state()\fR or \fBSSL_set_accept_state()\fR. +.PP +If \fBSSL_is_server()\fR is called before \fBSSL_set_connect_state()\fR or +\&\fBSSL_set_accept_state()\fR is called (either automatically or explicitly), +the result depends on what method was used when \s-1SSL_CTX\s0 was created with +\&\fBSSL_CTX_new\fR\|(3). If a generic method or a dedicated server method was +passed to \fBSSL_CTX_new\fR\|(3), \fBSSL_is_server()\fR returns 1; otherwise, it returns 0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_connect_state()\fR and \fBSSL_set_accept_state()\fR do not return diagnostic +information. +.PP +\&\fBSSL_is_server()\fR returns 1 if \fBssl\fR is working in server mode or 0 for client mode. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_CTX_new\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), \fBSSL_write\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_set_ssl_version\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_fd.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_fd.3 new file mode 100644 index 00000000..de7fd78b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_fd.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_FD 3" +.TH SSL_SET_FD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_fd, SSL_set_rfd, SSL_set_wfd \- connect the SSL object with a file descriptor +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set_fd(SSL *ssl, int fd); +\& int SSL_set_rfd(SSL *ssl, int fd); +\& int SSL_set_wfd(SSL *ssl, int fd); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility +for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the +socket file descriptor of a network connection. +.PP +When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to +interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1SSL\s0 engine +inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will +also have non-blocking behaviour. +.PP +If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fBBIO_free()\fR will be called +(for both the reading and writing side, if different). +.PP +\&\fBSSL_set_rfd()\fR and \fBSSL_set_wfd()\fR perform the respective action, but only +for the read channel or the write channel, which can be set independently. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The operation failed. Check the error stack to find out why. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_fd\fR\|(3), \fBSSL_set_bio\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_session.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_session.3 new file mode 100644 index 00000000..0eaa2f30 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_session.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_SESSION 3" +.TH SSL_SET_SESSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_session \- set a TLS/SSL session to be used during TLS/SSL connect +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set_session(SSL *ssl, SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection +is to be established. \fBSSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients. +When the session is set, the reference count of \fBsession\fR is incremented +by 1. If the session is not reused, the reference count is decremented +again during \fBSSL_connect()\fR. Whether the session was reused can be queried +with the \fBSSL_session_reused\fR\|(3) call. +.PP +If there is already a session set inside \fBssl\fR (because it was set with +\&\fBSSL_set_session()\fR before or because the same \fBssl\fR was already used for +a connection), \fBSSL_SESSION_free()\fR will be called for that session. If that old +session is still \fBopen\fR, it is considered bad and will be removed from the +session cache (if used). A session is considered open, if \fBSSL_shutdown\fR\|(3) was +not called for the connection (or at least \fBSSL_set_shutdown\fR\|(3) was used to +set the \s-1SSL_SENT_SHUTDOWN\s0 state). +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The operation failed; check the error stack to find out the reason. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_get_session\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_shutdown.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_shutdown.3 new file mode 100644 index 00000000..46ad0f20 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_shutdown.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_SHUTDOWN 3" +.TH SSL_SET_SHUTDOWN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_shutdown(SSL *ssl, int mode); +\& +\& int SSL_get_shutdown(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR. +.PP +\&\fBSSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The shutdown state of an ssl connection is a bitmask of: +.IP "0" 4 +No shutdown setting, yet. +.IP "\s-1SSL_SENT_SHUTDOWN\s0" 4 +.IX Item "SSL_SENT_SHUTDOWN" +A close_notify shutdown alert was sent to the peer, the connection is being +considered closed and the session is closed and correct. +.IP "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 +.IX Item "SSL_RECEIVED_SHUTDOWN" +A shutdown alert was received form the peer, either a normal close_notify +or a fatal error. +.PP +\&\s-1SSL_SENT_SHUTDOWN\s0 and \s-1SSL_RECEIVED_SHUTDOWN\s0 can be set at the same time. +.PP +The shutdown state of the connection is used to determine the state of +the ssl session. If the session is still open, when +\&\fBSSL_clear\fR\|(3) or \fBSSL_free\fR\|(3) is called, +it is considered bad and removed according to \s-1RFC2246.\s0 +The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 +(according to the \s-1TLS RFC,\s0 it is acceptable to only send the close_notify +alert but to not wait for the peer's answer, when the underlying connection +is closed). +\&\fBSSL_set_shutdown()\fR can be used to set this state without sending a +close alert to the peer (see \fBSSL_shutdown\fR\|(3)). +.PP +If a close_notify was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, +for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call +\&\fBSSL_shutdown\fR\|(3) or \fBSSL_set_shutdown()\fR itself. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_shutdown()\fR does not return diagnostic information. +.PP +\&\fBSSL_get_shutdown()\fR returns the current setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3), +\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_verify_result.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_verify_result.3 new file mode 100644 index 00000000..516c7df2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_set_verify_result.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_VERIFY_RESULT 3" +.TH SSL_SET_VERIFY_RESULT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_verify_result \- override result of peer certificate verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_verify_result(SSL *ssl, long verify_result); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the +result of the verification of the X509 certificate presented by the peer, +if any. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_set_verify_result()\fR overrides the verification result. It only changes +the verification result of the \fBssl\fR object. It does not become part of the +established session, so if the session is to be reused later, the original +value will reappear. +.PP +The valid codes for \fBverify_result\fR are documented in \fBverify\fR\|(1). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_verify_result()\fR does not provide a return value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_get_peer_certificate\fR\|(3), +\&\fBverify\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_shutdown.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_shutdown.3 new file mode 100644 index 00000000..c2f127eb --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_shutdown.3 @@ -0,0 +1,287 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SHUTDOWN 3" +.TH SSL_SHUTDOWN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_shutdown \- shut down a TLS/SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_shutdown(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the +close_notify shutdown alert to the peer. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_shutdown()\fR tries to send the close_notify shutdown alert to the peer. +Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and +a currently open session is considered closed and good and will be kept in the +session cache for further reuse. +.PP +Note that \fBSSL_shutdown()\fR must not be called if a previous fatal error has +occurred on a connection i.e. if \fBSSL_get_error()\fR has returned \s-1SSL_ERROR_SYSCALL\s0 +or \s-1SSL_ERROR_SSL.\s0 +.PP +The shutdown procedure consists of two steps: sending of the close_notify +shutdown alert, and reception of the peer's close_notify shutdown alert. +The order of those two steps depends on the application. +.PP +It is acceptable for an application to only send its shutdown alert and +then close the underlying connection without waiting for the peer's response. +This way resources can be saved, as the process can already terminate or +serve another connection. +This should only be done when it is known that the other side will not send more +data, otherwise there is a risk of a truncation attack. +.PP +When a client only writes and never reads from the connection, and the server +has sent a session ticket to establish a session, the client might not be able +to resume the session because it did not received and process the session ticket +from the server. +In case the application wants to be able to resume the session, it is recommended to +do a complete shutdown procedure (bidirectional close_notify alerts). +.PP +When the underlying connection shall be used for more communications, the +complete shutdown procedure must be performed, so that the peers stay +synchronized. +.PP +\&\fBSSL_shutdown()\fR only closes the write direction. +It is not possible to call \fBSSL_write()\fR after calling \fBSSL_shutdown()\fR. +The read direction is closed by the peer. +.SS "First to close the connection" +.IX Subsection "First to close the connection" +When the application is the first party to send the close_notify +alert, \fBSSL_shutdown()\fR will only send the alert and then set the +\&\s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will +be kept in the cache). +If successful, \fBSSL_shutdown()\fR will return 0. +.PP +If a unidirectional shutdown is enough (the underlying connection shall be +closed anyway), this first successful call to \fBSSL_shutdown()\fR is sufficient. +.PP +In order to complete the bidirectional shutdown handshake, the peer needs +to send back a close_notify alert. +The \s-1SSL_RECEIVED_SHUTDOWN\s0 flag will be set after receiving and processing +it. +.PP +The peer is still allowed to send data after receiving the close_notify +event. +When it is done sending data, it will send the close_notify alert. +\&\fBSSL_read()\fR should be called until all data is received. +\&\fBSSL_read()\fR will indicate the end of the peer data by returning <= 0 +and \fBSSL_get_error()\fR returning \s-1SSL_ERROR_ZERO_RETURN.\s0 +.SS "Peer closes the connection" +.IX Subsection "Peer closes the connection" +If the peer already sent the close_notify alert \fBand\fR it was +already processed implicitly inside another function +(\fBSSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. +\&\fBSSL_read()\fR will return <= 0 in that case, and \fBSSL_get_error()\fR will return +\&\s-1SSL_ERROR_ZERO_RETURN.\s0 +\&\fBSSL_shutdown()\fR will send the close_notify alert, set the \s-1SSL_SENT_SHUTDOWN\s0 +flag. +If successful, \fBSSL_shutdown()\fR will return 1. +.PP +Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the +\&\fBSSL_get_shutdown()\fR (see also \fBSSL_set_shutdown\fR\|(3) call. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fBSSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0 +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_shutdown()\fR will only return once the +handshake step has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_shutdown()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_shutdown()\fR +to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fBSSL_shutdown()\fR. +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +nothing is to be done, but \fBselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +After \fBSSL_shutdown()\fR returned 0, it is possible to call \fBSSL_shutdown()\fR again +to wait for the peer's close_notify alert. +\&\fBSSL_shutdown()\fR will return 1 in that case. +However, it is recommended to wait for it using \fBSSL_read()\fR instead. +.PP +\&\fBSSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" +state but not actually send the close_notify alert messages, +see \fBSSL_CTX_set_quiet_shutdown\fR\|(3). +When \*(L"quiet shutdown\*(R" is enabled, \fBSSL_shutdown()\fR will always succeed +and return 1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The shutdown is not yet finished: the close_notify was sent but the peer +did not send it back yet. +Call \fBSSL_read()\fR to do a bidirectional shutdown. +The output of \fBSSL_get_error\fR\|(3) may be misleading, as an +erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. +.IP "1" 4 +.IX Item "1" +The shutdown was successfully completed. The close_notify alert was sent +and the peer's close_notify alert was received. +.IP "<0" 4 +.IX Item "<0" +The shutdown was not successful. +Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. +It can occur if an action is needed to continue the operation for non-blocking +BIOs. +.Sp +It can also occur when not all data was read using \fBSSL_read()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3), +\&\fBssl\fR\|(7), \fBbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_state_string.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_state_string.3 new file mode 100644 index 00000000..a1e19c1b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_state_string.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_STATE_STRING 3" +.TH SSL_STATE_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_state_string, SSL_state_string_long \- get textual description of state of an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_state_string(const SSL *ssl); +\& const char *SSL_state_string_long(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_state_string()\fR returns a 6 letter string indicating the current state +of the \s-1SSL\s0 object \fBssl\fR. +.PP +\&\fBSSL_state_string_long()\fR returns a string indicating the current state of +the \s-1SSL\s0 object \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +During its use, an \s-1SSL\s0 objects passes several states. The state is internally +maintained. Querying the state information is not very informative before +or when a connection has been established. It however can be of significant +interest during the handshake. +.PP +When using non-blocking sockets, the function call performing the handshake +may return with \s-1SSL_ERROR_WANT_READ\s0 or \s-1SSL_ERROR_WANT_WRITE\s0 condition, +so that SSL_state_string[_long]() may be called. +.PP +For both blocking or non-blocking sockets, the details state information +can be used within the info_callback function set with the +\&\fBSSL_set_info_callback()\fR call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Detailed description of possible states to be included later. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_want.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_want.3 new file mode 100644 index 00000000..5a8d917f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_want.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_WANT 3" +.TH SSL_WANT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, SSL_want_async, SSL_want_async_job, SSL_want_client_hello_cb \- obtain state information TLS/SSL I/O operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_want(const SSL *ssl); +\& int SSL_want_nothing(const SSL *ssl); +\& int SSL_want_read(const SSL *ssl); +\& int SSL_want_write(const SSL *ssl); +\& int SSL_want_x509_lookup(const SSL *ssl); +\& int SSL_want_async(const SSL *ssl); +\& int SSL_want_async_job(const SSL *ssl); +\& int SSL_want_client_hello_cb(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR. +.PP +The other SSL_want_*() calls are shortcuts for the possible states returned +by \fBSSL_want()\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its +return values are similar to that of \fBSSL_get_error\fR\|(3). +Unlike \fBSSL_get_error\fR\|(3), which also evaluates the +error queue, the results are obtained by examining an internal state flag +only. The information must therefore only be used for normal operation under +non-blocking I/O. Error conditions are not handled and must be treated +using \fBSSL_get_error\fR\|(3). +.PP +The result returned by \fBSSL_want()\fR should always be consistent with +the result of \fBSSL_get_error\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur for \fBSSL_want()\fR: +.IP "\s-1SSL_NOTHING\s0" 4 +.IX Item "SSL_NOTHING" +There is no data to be written or to be read. +.IP "\s-1SSL_WRITING\s0" 4 +.IX Item "SSL_WRITING" +There are data in the \s-1SSL\s0 buffer that must be written to the underlying +\&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. +A call to \fBSSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_WRITE.\s0 +.IP "\s-1SSL_READING\s0" 4 +.IX Item "SSL_READING" +More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to +complete the actual SSL_*() operation. +A call to \fBSSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_READ.\s0 +.IP "\s-1SSL_X509_LOOKUP\s0" 4 +.IX Item "SSL_X509_LOOKUP" +The operation did not complete because an application callback set by +\&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. +A call to \fBSSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_X509_LOOKUP.\s0 +.IP "\s-1SSL_ASYNC_PAUSED\s0" 4 +.IX Item "SSL_ASYNC_PAUSED" +An asynchronous operation partially completed and was then paused. See +\&\fBSSL_get_all_async_fds\fR\|(3). A call to \fBSSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_ASYNC.\s0 +.IP "\s-1SSL_ASYNC_NO_JOBS\s0" 4 +.IX Item "SSL_ASYNC_NO_JOBS" +The asynchronous job could not be started because there were no async jobs +available in the pool (see \fBASYNC_init_thread\fR\|(3)). A call to \fBSSL_get_error\fR\|(3) +should return \s-1SSL_ERROR_WANT_ASYNC_JOB.\s0 +.IP "\s-1SSL_CLIENT_HELLO_CB\s0" 4 +.IX Item "SSL_CLIENT_HELLO_CB" +The operation did not complete because an application callback set by +\&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again. +A call to \fBSSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB.\s0 +.PP +\&\fBSSL_want_nothing()\fR, \fBSSL_want_read()\fR, \fBSSL_want_write()\fR, \fBSSL_want_x509_lookup()\fR, +\&\fBSSL_want_async()\fR, \fBSSL_want_async_job()\fR, and \fBSSL_want_client_hello_cb()\fR return +1, when the corresponding condition is true or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_want_client_hello_cb()\fR function and the \s-1SSL_CLIENT_HELLO_CB\s0 return value +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_write.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_write.3 new file mode 100644 index 00000000..a2b8b73e --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/SSL_write.3 @@ -0,0 +1,251 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_WRITE 3" +.TH SSL_WRITE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_write_ex, SSL_write \- write bytes to a TLS/SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); +\& int SSL_write(SSL *ssl, const void *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_write_ex()\fR and \fBSSL_write()\fR write \fBnum\fR bytes from the buffer \fBbuf\fR into +the specified \fBssl\fR connection. On success \fBSSL_write_ex()\fR will store the number +of bytes written in \fB*written\fR. +.SH "NOTES" +.IX Header "NOTES" +In the paragraphs below a \*(L"write function\*(R" is defined as one of either +\&\fBSSL_write_ex()\fR, or \fBSSL_write()\fR. +.PP +If necessary, a write function will negotiate a \s-1TLS/SSL\s0 session, if not already +explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the peer +requests a re-negotiation, it will be performed transparently during +the write function operation. The behaviour of the write functions depends on the +underlying \s-1BIO.\s0 +.PP +For the transparent negotiation to succeed, the \fBssl\fR must have been +initialized to client or server mode. This is being done by calling +\&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR +before the first call to a write function. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, the write functions will only return, once +the write operation has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR the write functions will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue +the operation. In this case a call to \fBSSL_get_error\fR\|(3) with the +return value of the write function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR +or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a +call to a write function can also cause read operations! The calling process +then must repeat the call after taking appropriate action to satisfy the needs +of the write function. The action depends on the underlying \s-1BIO.\s0 When using a +non-blocking socket, nothing is to be done, but \fBselect()\fR can be used to check +for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data +must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +The write functions will only return with success when the complete contents of +\&\fBbuf\fR of length \fBnum\fR has been written. This default behaviour can be changed +with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of \fBSSL_CTX_set_mode\fR\|(3). When +this flag is set the write functions will also return with success when a +partial write has been successfully completed. In this case the write function +operation is considered completed. The bytes are sent and a new write call with +a new buffer (with the already sent bytes removed) must be started. A partial +write is performed with the size of a message block, which is 16kB. +.SH "WARNINGS" +.IX Header "WARNINGS" +When a write function call has to be repeated because \fBSSL_get_error\fR\|(3) +returned \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated +with the same arguments. +The data that was passed might have been partially processed. +When \fB\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0\fR was set using \fBSSL_CTX_set_mode\fR\|(3) +the pointer can be different, but the data and length should still be the same. +.PP +You should not call \fBSSL_write()\fR with num=0, it will return an error. +\&\fBSSL_write_ex()\fR can be called with num=0, but will not send application data to +the peer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_write_ex()\fR will return 1 for success or 0 for failure. Success means that +all requested application data bytes have been written to the \s-1SSL\s0 connection or, +if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use, at least 1 application data byte has +been written to the \s-1SSL\s0 connection. Failure means that not all the requested +bytes have been written yet (if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is not in use) or +no bytes could be written to the \s-1SSL\s0 connection (if +\&\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use). Failures can be retryable (e.g. the +network write buffer has temporarily filled up) or non-retryable (e.g. a fatal +network error). In the event of a failure call \fBSSL_get_error\fR\|(3) to find out +the reason which indicates whether the call is retryable or not. +.PP +For \fBSSL_write()\fR the following return values can occur: +.IP "> 0" 4 +.IX Item "> 0" +The write operation was successful, the return value is the number of +bytes actually written to the \s-1TLS/SSL\s0 connection. +.IP "<= 0" 4 +.IX Item "<= 0" +The write operation was not successful, because either the connection was +closed, an error occurred or action must be taken by the calling process. +Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. +.Sp +Old documentation indicated a difference between 0 and \-1, and that \-1 was +retryable. +You should instead call \fBSSL_get_error()\fR to find out if it's retryable. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3) +\&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3) +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBssl\fR\|(7), \fBbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_write_ex()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/UI_STRING.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/UI_STRING.3 new file mode 100644 index 00000000..e6d0ab48 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/UI_STRING.3 @@ -0,0 +1,274 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_STRING 3" +.TH UI_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI_STRING, UI_string_types, UI_get_string_type, UI_get_input_flags, UI_get0_output_string, UI_get0_action_string, UI_get0_result_string, UI_get_result_string_length, UI_get0_test_string, UI_get_result_minsize, UI_get_result_maxsize, UI_set_result, UI_set_result_ex \&\- User interface string parsing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ui_string_st UI_STRING; +\& +\& enum UI_string_types { +\& UIT_NONE = 0, +\& UIT_PROMPT, /* Prompt for a string */ +\& UIT_VERIFY, /* Prompt for a string and verify */ +\& UIT_BOOLEAN, /* Prompt for a yes/no response */ +\& UIT_INFO, /* Send info to the user */ +\& UIT_ERROR /* Send an error message to the user */ +\& }; +\& +\& enum UI_string_types UI_get_string_type(UI_STRING *uis); +\& int UI_get_input_flags(UI_STRING *uis); +\& const char *UI_get0_output_string(UI_STRING *uis); +\& const char *UI_get0_action_string(UI_STRING *uis); +\& const char *UI_get0_result_string(UI_STRING *uis); +\& int UI_get_result_string_length(UI_STRING *uis); +\& const char *UI_get0_test_string(UI_STRING *uis); +\& int UI_get_result_minsize(UI_STRING *uis); +\& int UI_get_result_maxsize(UI_STRING *uis); +\& int UI_set_result(UI *ui, UI_STRING *uis, const char *result); +\& int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1UI_STRING\s0\fR gets created internally and added to a \fB\s-1UI\s0\fR whenever +one of the functions \fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR, +\&\fBUI_add_verify_string()\fR, \fBUI_dup_verify_string()\fR, +\&\fBUI_add_input_boolean()\fR, \fBUI_dup_input_boolean()\fR, \fBUI_add_info_string()\fR, +\&\fBUI_dup_info_string()\fR, \fBUI_add_error_string()\fR or \fBUI_dup_error_string()\fR +is called. +For a \fB\s-1UI_METHOD\s0\fR user, there's no need to know more. +For a \fB\s-1UI_METHOD\s0\fR creator, it is of interest to fetch text from these +\&\fB\s-1UI_STRING\s0\fR objects as well as adding results to some of them. +.PP +\&\fBUI_get_string_type()\fR is used to retrieve the type of the given +\&\fB\s-1UI_STRING\s0\fR. +.PP +\&\fBUI_get_input_flags()\fR is used to retrieve the flags associated with the +given \fB\s-1UI_STRING\s0\fR. +.PP +\&\fBUI_get0_output_string()\fR is used to retrieve the actual string to +output (prompt, info, error, ...). +.PP +\&\fBUI_get0_action_string()\fR is used to retrieve the action description +associated with a \fB\s-1UIT_BOOLEAN\s0\fR type \fB\s-1UI_STRING\s0\fR. +For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. +See \fBUI_add_input_boolean\fR\|(3). +.PP +\&\fBUI_get0_result_string()\fR and \fBUI_get_result_string_length()\fR are used to +retrieve the result of a prompt and its length. +This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. +For all other \fB\s-1UI_STRING\s0\fR types, \fBUI_get0_result_string()\fR returns \s-1NULL\s0 +and \fBUI_get_result_string_length()\fR returns \-1. +.PP +\&\fBUI_get0_test_string()\fR is used to retrieve the string to compare the +prompt result with. +This is only useful for \fB\s-1UIT_VERIFY\s0\fR type strings. +For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. +.PP +\&\fBUI_get_result_minsize()\fR and \fBUI_get_result_maxsize()\fR are used to +retrieve the minimum and maximum required size of the result. +This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. +For all other \fB\s-1UI_STRING\s0\fR types, \-1 is returned. +.PP +\&\fBUI_set_result_ex()\fR is used to set the result value of a prompt and its length. +For \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, this sets the +result retrievable with \fBUI_get0_result_string()\fR by copying the +contents of \fBresult\fR if its length fits the minimum and maximum size +requirements. +For \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, this sets the first character of +the result retrievable with \fBUI_get0_result_string()\fR to the first +\&\fBok_char\fR given with \fBUI_add_input_boolean()\fR or \fBUI_dup_input_boolean()\fR +if the \fBresult\fR matched any of them, or the first of the +\&\fBcancel_chars\fR if the \fBresult\fR matched any of them, otherwise it's +set to the \s-1NUL\s0 char \f(CW\*(C`\e0\*(C'\fR. +See \fBUI_add_input_boolean\fR\|(3) for more information on \fBok_chars\fR and +\&\fBcancel_chars\fR. +.PP +\&\fBUI_set_result()\fR does the same thing as \fBUI_set_result_ex()\fR, but calculates +its length internally. +It expects the string to be terminated with a \s-1NUL\s0 byte, and is therefore +only useful with normal C strings. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBUI_get_string_type()\fR returns the \s-1UI\s0 string type. +.PP +\&\fBUI_get_input_flags()\fR returns the \s-1UI\s0 string flags. +.PP +\&\fBUI_get0_output_string()\fR returns the \s-1UI\s0 string output string. +.PP +\&\fBUI_get0_action_string()\fR returns the \s-1UI\s0 string action description +string for \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. +.PP +\&\fBUI_get0_result_string()\fR returns the \s-1UI\s0 string result buffer for +\&\fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other +type. +.PP +\&\fBUI_get_result_string_length()\fR returns the \s-1UI\s0 string result buffer's +content length for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, +\&\-1 for any other type. +.PP +\&\fBUI_get0_test_string()\fR returns the \s-1UI\s0 string action description +string for \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. +.PP +\&\fBUI_get_result_minsize()\fR returns the minimum allowed result size for +the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, +\&\-1 for any other type. +.PP +\&\fBUI_get_result_maxsize()\fR returns the minimum allowed result size for +the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, +\&\-1 for any other type. +.PP +\&\fBUI_set_result()\fR returns 0 on success or when the \s-1UI\s0 string is of any +type other than \fB\s-1UIT_PROMPT\s0\fR, \fB\s-1UIT_VERIFY\s0\fR or \fB\s-1UIT_BOOLEAN\s0\fR, \-1 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBUI\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/UI_UTIL_read_pw.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/UI_UTIL_read_pw.3 new file mode 100644 index 00000000..5a35dcff --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/UI_UTIL_read_pw.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_UTIL_READ_PW 3" +.TH UI_UTIL_READ_PW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI_UTIL_read_pw_string, UI_UTIL_read_pw, UI_UTIL_wrap_read_pem_callback \- user interface utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, +\& int verify); +\& int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, +\& int verify); +\& UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBUI_UTIL_read_pw_string()\fR asks for a passphrase, using \fBprompt\fR as a +prompt, and stores it in \fBbuf\fR. +The maximum allowed size is given with \fBlength\fR, including the +terminating \s-1NUL\s0 byte. +If \fBverify\fR is non-zero, the password will be verified as well. +.PP +\&\fBUI_UTIL_read_pw()\fR does the same as \fBUI_UTIL_read_pw_string()\fR, the +difference is that you can give it an external buffer \fBbuff\fR for the +verification passphrase. +.PP +\&\fBUI_UTIL_wrap_read_pem_callback()\fR can be used to create a temporary +\&\fB\s-1UI_METHOD\s0\fR that wraps a given \s-1PEM\s0 password callback \fBcb\fR. +\&\fBrwflag\fR is used to specify if this method will be used for +passphrase entry without (0) or with (1) verification. +When not used any more, the returned method should be freed with +\&\fBUI_destroy_method()\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR use default +\&\fB\s-1UI_METHOD\s0\fR. +See \fBUI_get_default_method\fR\|(3) and friends for more information. +.PP +The result from the \fB\s-1UI_METHOD\s0\fR created by +\&\fBUI_UTIL_wrap_read_pem_callback()\fR will generate password strings in the +encoding that the given password callback generates. +The default password prompting functions (apart from +\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR, there is +\&\fBPEM_def_callback()\fR, \fBEVP_read_pw_string()\fR and \fBEVP_read_pw_string_min()\fR) +all use the default \fB\s-1UI_METHOD\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR return 0 on success or a negative +value on error. +.PP +\&\fBUI_UTIL_wrap_read_pem_callback()\fR returns a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 +if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBUI_get_default_method\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/UI_create_method.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/UI_create_method.3 new file mode 100644 index 00000000..b5a6a043 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/UI_create_method.3 @@ -0,0 +1,319 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_CREATE_METHOD 3" +.TH UI_CREATE_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI_METHOD, UI_create_method, UI_destroy_method, UI_method_set_opener, UI_method_set_writer, UI_method_set_flusher, UI_method_set_reader, UI_method_set_closer, UI_method_set_data_duplicator, UI_method_set_prompt_constructor, UI_method_set_ex_data, UI_method_get_opener, UI_method_get_writer, UI_method_get_flusher, UI_method_get_reader, UI_method_get_closer, UI_method_get_data_duplicator, UI_method_get_data_destructor, UI_method_get_prompt_constructor, UI_method_get_ex_data \- user interface method creation and destruction +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ui_method_st UI_METHOD; +\& +\& UI_METHOD *UI_create_method(const char *name); +\& void UI_destroy_method(UI_METHOD *ui_method); +\& int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +\& int UI_method_set_writer(UI_METHOD *method, +\& int (*writer) (UI *ui, UI_STRING *uis)); +\& int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); +\& int UI_method_set_reader(UI_METHOD *method, +\& int (*reader) (UI *ui, UI_STRING *uis)); +\& int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +\& int UI_method_set_data_duplicator(UI_METHOD *method, +\& void *(*duplicator) (UI *ui, void *ui_data), +\& void (*destructor)(UI *ui, void *ui_data)); +\& int UI_method_set_prompt_constructor(UI_METHOD *method, +\& char *(*prompt_constructor) (UI *ui, +\& const char +\& *object_desc, +\& const char +\& *object_name)); +\& int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); +\& int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); +\& int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); +\& int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); +\& int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); +\& int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); +\& char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) +\& (UI *, const char *, const char *); +\& void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); +\& void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +\& const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A method contains a few functions that implement the low level of the +User Interface. +These functions are: +.IP "an opener" 4 +.IX Item "an opener" +This function takes a reference to a \s-1UI\s0 and starts a session, for +example by opening a channel to a tty, or by creating a dialog box. +.IP "a writer" 4 +.IX Item "a writer" +This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 String, and writes +the string where appropriate, maybe to the tty, maybe added as a field +label in a dialog box. +Note that this gets fed all strings associated with a \s-1UI,\s0 one after +the other, so care must be taken which ones it actually uses. +.IP "a flusher" 4 +.IX Item "a flusher" +This function takes a reference to a \s-1UI,\s0 and flushes everything that +has been output so far. +For example, if the method builds up a dialog box, this can be used to +actually display it and accepting input ended with a pressed button. +.IP "a reader" 4 +.IX Item "a reader" +This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 string and reads off +the given prompt, maybe from the tty, maybe from a field in a dialog +box. +Note that this gets fed all strings associated with a \s-1UI,\s0 one after +the other, so care must be taken which ones it actually uses. +.IP "a closer" 4 +.IX Item "a closer" +This function takes a reference to a \s-1UI,\s0 and closes the session, maybe +by closing the channel to the tty, maybe by destroying a dialog box. +.PP +All of these functions are expected to return 0 on error, 1 on +success, or \-1 on out-off-band events, for example if some prompting +has been cancelled (by pressing Ctrl-C, for example). +Only the flusher or the reader are expected to return \-1. +If returned by another of the functions, it's treated as if 0 was +returned. +.PP +Regarding the writer and the reader, don't assume the former should +only write and don't assume the latter should only read. +This depends on the needs of the method. +.PP +For example, a typical tty reader wouldn't write the prompts in the +write, but would rather do so in the reader, because of the sequential +nature of prompting on a tty. +This is how the \fBUI_OpenSSL()\fR method does it. +.PP +In contrast, a method that builds up a dialog box would add all prompt +text in the writer, have all input read in the flusher and store the +results in some temporary buffer, and finally have the reader just +fetch those results. +.PP +The central function that uses these method functions is \fBUI_process()\fR, +and it does it in five steps: +.IP "1." 4 +Open the session using the opener function if that one's defined. +If an error occurs, jump to 5. +.IP "2." 4 +For every \s-1UI\s0 String associated with the \s-1UI,\s0 call the writer function +if that one's defined. +If an error occurs, jump to 5. +.IP "3." 4 +Flush everything using the flusher function if that one's defined. +If an error occurs, jump to 5. +.IP "4." 4 +For every \s-1UI\s0 String associated with the \s-1UI,\s0 call the reader function +if that one's defined. +If an error occurs, jump to 5. +.IP "5." 4 +Close the session using the closer function if that one's defined. +.PP +\&\fBUI_create_method()\fR creates a new \s-1UI\s0 method with a given \fBname\fR. +.PP +\&\fBUI_destroy_method()\fR destroys the given \s-1UI\s0 method \fBui_method\fR. +.PP +\&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR, +\&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR and +\&\fBUI_method_set_closer()\fR set the five main method function to the given +function pointer. +.PP +\&\fBUI_method_set_data_duplicator()\fR sets the user data duplicator and destructor. +See \fBUI_dup_user_data\fR\|(3). +.PP +\&\fBUI_method_set_prompt_constructor()\fR sets the prompt constructor. +See \fBUI_construct_prompt\fR\|(3). +.PP +\&\fBUI_method_set_ex_data()\fR sets application specific data with a given +\&\s-1EX_DATA\s0 index. +See \fBCRYPTO_get_ex_new_index\fR\|(3) for general information on how to +get that index. +.PP +\&\fBUI_method_get_opener()\fR, \fBUI_method_get_writer()\fR, +\&\fBUI_method_get_flusher()\fR, \fBUI_method_get_reader()\fR, +\&\fBUI_method_get_closer()\fR, \fBUI_method_get_data_duplicator()\fR, +\&\fBUI_method_get_data_destructor()\fR and \fBUI_method_get_prompt_constructor()\fR +return the different method functions. +.PP +\&\fBUI_method_get_ex_data()\fR returns the application data previously stored +with \fBUI_method_set_ex_data()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBUI_create_method()\fR returns a \s-1UI_METHOD\s0 pointer on success, \s-1NULL\s0 on +error. +.PP +\&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR, +\&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR, +\&\fBUI_method_set_closer()\fR, \fBUI_method_set_data_duplicator()\fR and +\&\fBUI_method_set_prompt_constructor()\fR +return 0 on success, \-1 if the given \fBmethod\fR is \s-1NULL.\s0 +.PP +\&\fBUI_method_set_ex_data()\fR returns 1 on success and 0 on error (because +\&\fBCRYPTO_set_ex_data()\fR does so). +.PP +\&\fBUI_method_get_opener()\fR, \fBUI_method_get_writer()\fR, +\&\fBUI_method_get_flusher()\fR, \fBUI_method_get_reader()\fR, +\&\fBUI_method_get_closer()\fR, \fBUI_method_get_data_duplicator()\fR, +\&\fBUI_method_get_data_destructor()\fR and \fBUI_method_get_prompt_constructor()\fR +return the requested function pointer if it's set in the method, +otherwise \s-1NULL.\s0 +.PP +\&\fBUI_method_get_ex_data()\fR returns a pointer to the application specific +data associated with the method. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBUI\s0\fR\|(3), \fBCRYPTO_get_ex_data\fR\|(3), \s-1\fBUI_STRING\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBUI_method_set_data_duplicator()\fR, \fBUI_method_get_data_duplicator()\fR +and \fBUI_method_get_data_destructor()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/UI_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/UI_new.3 new file mode 100644 index 00000000..923d1523 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/UI_new.3 @@ -0,0 +1,376 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_NEW 3" +.TH UI_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI, UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, UI_add_error_string, UI_dup_error_string, UI_construct_prompt, UI_add_user_data, UI_dup_user_data, UI_get0_user_data, UI_get0_result, UI_get_result_length, UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_set_method, UI_OpenSSL, UI_null \- user interface +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ui_st UI; +\& +\& UI *UI_new(void); +\& UI *UI_new_method(const UI_METHOD *method); +\& void UI_free(UI *ui); +\& +\& int UI_add_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_dup_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_add_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, +\& const char *test_buf); +\& int UI_dup_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, +\& const char *test_buf); +\& int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_add_info_string(UI *ui, const char *text); +\& int UI_dup_info_string(UI *ui, const char *text); +\& int UI_add_error_string(UI *ui, const char *text); +\& int UI_dup_error_string(UI *ui, const char *text); +\& +\& char *UI_construct_prompt(UI *ui_method, +\& const char *object_desc, const char *object_name); +\& +\& void *UI_add_user_data(UI *ui, void *user_data); +\& int UI_dup_user_data(UI *ui, void *user_data); +\& void *UI_get0_user_data(UI *ui); +\& +\& const char *UI_get0_result(UI *ui, int i); +\& int UI_get_result_length(UI *ui, int i); +\& +\& int UI_process(UI *ui); +\& +\& int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()); +\& +\& void UI_set_default_method(const UI_METHOD *meth); +\& const UI_METHOD *UI_get_default_method(void); +\& const UI_METHOD *UI_get_method(UI *ui); +\& const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); +\& +\& UI_METHOD *UI_OpenSSL(void); +\& const UI_METHOD *UI_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1UI\s0 stands for User Interface, and is general purpose set of routines to +prompt the user for text-based information. Through user-written methods +(see \fBUI_create_method\fR\|(3)), prompting can be done in any way +imaginable, be it plain text prompting, through dialog boxes or from a +cell phone. +.PP +All the functions work through a context of the type \s-1UI.\s0 This context +contains all the information needed to prompt correctly as well as a +reference to a \s-1UI_METHOD,\s0 which is an ordered vector of functions that +carry out the actual prompting. +.PP +The first thing to do is to create a \s-1UI\s0 with \fBUI_new()\fR or \fBUI_new_method()\fR, +then add information to it with the UI_add or UI_dup functions. Also, +user-defined random data can be passed down to the underlying method +through calls to \fBUI_add_user_data()\fR or \fBUI_dup_user_data()\fR. The default +\&\s-1UI\s0 method doesn't care about these data, but other methods might. Finally, +use \fBUI_process()\fR to actually perform the prompting and \fBUI_get0_result()\fR +and \fBUI_get_result_length()\fR to find the result to the prompt and its length. +.PP +A \s-1UI\s0 can contain more than one prompt, which are performed in the given +sequence. Each prompt gets an index number which is returned by the +UI_add and UI_dup functions, and has to be used to get the corresponding +result with \fBUI_get0_result()\fR and \fBUI_get_result_length()\fR. +.PP +\&\fBUI_process()\fR can be called more than once on the same \s-1UI,\s0 thereby allowing +a \s-1UI\s0 to have a long lifetime, but can just as well have a short lifetime. +.PP +The functions are as follows: +.PP +\&\fBUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with +this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. +.PP +\&\fBUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with +this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. +.PP +\&\fBUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not necessarily the +default one, since the default can be changed. See further on). This +method is the most machine/OS dependent part of OpenSSL and normally +generates the most problems when porting. +.PP +\&\fBUI_null()\fR returns a \s-1UI\s0 method that does nothing. Its use is to avoid +getting internal defaults for passed \s-1UI_METHOD\s0 pointers. +.PP +\&\fBUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory +that's connected to it, like duplicated input strings, results and others. +If \fBui\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBUI_add_input_string()\fR and \fBUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0 +as well as flags and a result buffer and the desired minimum and maximum +sizes of the result, not counting the final \s-1NUL\s0 character. The given +information is used to prompt for information, for example a password, +and to verify a password (i.e. having the user enter it twice and check +that the same string was entered twice). \fBUI_add_verify_string()\fR takes +and extra argument that should be a pointer to the result buffer of the +input string that it's supposed to verify, or verification will fail. +.PP +\&\fBUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered +in a boolean way, with a single character for yes and a different character +for no. A set of characters that can be used to cancel the prompt is given +as well. The prompt itself is divided in two, one part being the +descriptive text (given through the \fIprompt\fR argument) and one describing +the possible answers (given through the \fIaction_desc\fR argument). +.PP +\&\fBUI_add_info_string()\fR and \fBUI_add_error_string()\fR add strings that are shown at +the same time as the prompt for extra information or to show an error string. +The difference between the two is only conceptual. With the builtin method, +there's no technical difference between them. Other methods may make a +difference between them, however. +.PP +The flags currently supported are \fB\s-1UI_INPUT_FLAG_ECHO\s0\fR, which is relevant for +\&\fBUI_add_input_string()\fR and will have the users response be echoed (when +prompting for a password, this flag should obviously not be used, and +\&\fB\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0\fR, which means that a default password of some +sort will be used (completely depending on the application and the \s-1UI\s0 +method). +.PP +\&\fBUI_dup_input_string()\fR, \fBUI_dup_verify_string()\fR, \fBUI_dup_input_boolean()\fR, +\&\fBUI_dup_info_string()\fR and \fBUI_dup_error_string()\fR are basically the same +as their UI_add counterparts, except that they make their own copies +of all strings. +.PP +\&\fBUI_construct_prompt()\fR is a helper function that can be used to create +a prompt from two pieces of information: an description and a name. +The default constructor (if there is none provided by the method used) +creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L". With the +description \*(R"pass phrase\*(L" and the file name \*(R"foo.key\*(L", that becomes +\&\*(R"Enter pass phrase for foo.key:". Other methods may create whatever +string and may include encodings that will be processed by the other +method functions. +.PP +\&\fBUI_add_user_data()\fR adds a user data pointer for the method to use at any +time. The builtin \s-1UI\s0 method doesn't care about this info. Note that several +calls to this function doesn't add data, it replaces the previous blob +with the one given as argument. +.PP +\&\fBUI_dup_user_data()\fR duplicates the user data and works as an alternative +to \fBUI_add_user_data()\fR when the user data needs to be preserved for a longer +duration, perhaps even the lifetime of the application. The \s-1UI\s0 object takes +ownership of this duplicate and will free it whenever it gets replaced or +the \s-1UI\s0 is destroyed. \fBUI_dup_user_data()\fR returns 0 on success, or \-1 on memory +allocation failure or if the method doesn't have a duplicator function. +.PP +\&\fBUI_get0_user_data()\fR retrieves the data that has last been given to the +\&\s-1UI\s0 with \fBUI_add_user_data()\fR or UI_dup_user_data. +.PP +\&\fBUI_get0_result()\fR returns a pointer to the result buffer associated with +the information indexed by \fIi\fR. +.PP +\&\fBUI_get_result_length()\fR returns the length of the result buffer associated with +the information indexed by \fIi\fR. +.PP +\&\fBUI_process()\fR goes through the information given so far, does all the printing +and prompting and returns the final status, which is \-2 on out-of-band events +(Interrupt, Cancel, ...), \-1 on error and 0 on success. +.PP +\&\fBUI_ctrl()\fR adds extra control for the application author. For now, it +understands two commands: \fB\s-1UI_CTRL_PRINT_ERRORS\s0\fR, which makes \fBUI_process()\fR +print the OpenSSL error stack as part of processing the \s-1UI,\s0 and +\&\fB\s-1UI_CTRL_IS_REDOABLE\s0\fR, which returns a flag saying if the used \s-1UI\s0 can +be used again or not. +.PP +\&\fBUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fBUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. +.PP +\&\fBUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0 +.PP +\&\fBUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0 +.SH "NOTES" +.IX Header "NOTES" +The resulting strings that the built in method \fBUI_OpenSSL()\fR generate +are assumed to be encoded according to the current locale or (for +Windows) code page. +For applications having different demands, these strings need to be +converted appropriately by the caller. +For Windows, if the \s-1OPENSSL_WIN32_UTF8\s0 environment variable is set, +the built-in method \fBUI_OpenSSL()\fR will produce \s-1UTF\-8\s0 encoded strings +instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBUI_new()\fR and \fBUI_new_method()\fR return a valid \fB\s-1UI\s0\fR structure or \s-1NULL\s0 if an error +occurred. +.PP +\&\fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR, \fBUI_add_verify_string()\fR, +\&\fBUI_dup_verify_string()\fR, \fBUI_add_input_boolean()\fR, \fBUI_dup_input_boolean()\fR, +\&\fBUI_add_info_string()\fR, \fBUI_dup_info_string()\fR, \fBUI_add_error_string()\fR +and \fBUI_dup_error_string()\fR return a positive number on success or a value which +is less than or equal to 0 otherwise. +.PP +\&\fBUI_construct_prompt()\fR returns a string or \s-1NULL\s0 if an error occurred. +.PP +\&\fBUI_dup_user_data()\fR returns 0 on success or \-1 on error. +.PP +\&\fBUI_get0_result()\fR returns a string or \s-1NULL\s0 on error. +.PP +\&\fBUI_get_result_length()\fR returns a positive integer or 0 on success; otherwise it +returns \-1 on error. +.PP +\&\fBUI_process()\fR returns 0 on success or a negative value on error. +.PP +\&\fBUI_ctrl()\fR returns a mask on success or \-1 on error. +.PP +\&\fBUI_get_default_method()\fR, \fBUI_get_method()\fR, \fBUI_OpenSSL()\fR, \fBUI_null()\fR and +\&\fBUI_set_method()\fR return either a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 +respectively. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBUI_dup_user_data()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509V3_get_d2i.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509V3_get_d2i.3 new file mode 100644 index 00000000..3180bf51 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509V3_get_d2i.3 @@ -0,0 +1,375 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_GET_D2I 3" +.TH X509V3_GET_D2I 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d \- X509 extension decode and encode functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, +\& int *idx); +\& int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, +\& int crit, unsigned long flags); +\& +\& void *X509V3_EXT_d2i(X509_EXTENSION *ext); +\& X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext); +\& +\& void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); +\& int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, +\& unsigned long flags); +\& +\& void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx); +\& int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit, +\& unsigned long flags); +\& +\& void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx); +\& int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit, +\& unsigned long flags); +\& +\& const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +\& const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +\& const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509V3_get_ext_d2i()\fR looks for an extension with \s-1OID\s0 \fBnid\fR in the extensions +\&\fBx\fR and, if found, decodes it. If \fBidx\fR is \fB\s-1NULL\s0\fR then only one +occurrence of an extension is permissible otherwise the first extension after +index \fB*idx\fR is returned and \fB*idx\fR updated to the location of the extension. +If \fBcrit\fR is not \fB\s-1NULL\s0\fR then \fB*crit\fR is set to a status value: \-2 if the +extension occurs multiple times (this is only returned if \fBidx\fR is \fB\s-1NULL\s0\fR), +\&\-1 if the extension could not be found, 0 if the extension is found and is +not critical and 1 if critical. A pointer to an extension specific structure +or \fB\s-1NULL\s0\fR is returned. +.PP +\&\fBX509V3_add1_i2d()\fR adds extension \fBvalue\fR to \s-1STACK\s0 \fB*x\fR (allocating a new +\&\s-1STACK\s0 if necessary) using \s-1OID\s0 \fBnid\fR and criticality \fBcrit\fR according +to \fBflags\fR. +.PP +\&\fBX509V3_EXT_d2i()\fR attempts to decode the \s-1ASN.1\s0 data contained in extension +\&\fBext\fR and returns a pointer to an extension specific structure or \fB\s-1NULL\s0\fR +if the extension could not be decoded (invalid syntax or not supported). +.PP +\&\fBX509V3_EXT_i2d()\fR encodes the extension specific structure \fBext\fR +with \s-1OID\s0 \fBext_nid\fR and criticality \fBcrit\fR. +.PP +\&\fBX509_get_ext_d2i()\fR and \fBX509_add1_ext_i2d()\fR operate on the extensions of +certificate \fBx\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and +\&\fBX509V3_add_i2d()\fR. +.PP +\&\fBX509_CRL_get_ext_d2i()\fR and \fBX509_CRL_add1_ext_i2d()\fR operate on the extensions +of \s-1CRL\s0 \fBcrl\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and +\&\fBX509V3_add_i2d()\fR. +.PP +\&\fBX509_REVOKED_get_ext_d2i()\fR and \fBX509_REVOKED_add1_ext_i2d()\fR operate on the +extensions of \fBX509_REVOKED\fR structure \fBr\fR (i.e for \s-1CRL\s0 entry extensions), +they are otherwise identical to \fBX509V3_get_d2i()\fR and \fBX509V3_add_i2d()\fR. +.PP +\&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and +\&\fBX509_REVOKED_get0_extensions()\fR return a stack of all the extensions +of a certificate a \s-1CRL\s0 or a \s-1CRL\s0 entry respectively. +.SH "NOTES" +.IX Header "NOTES" +In almost all cases an extension can occur at most once and multiple +occurrences is an error. Therefore the \fBidx\fR parameter is usually \fB\s-1NULL\s0\fR. +.PP +The \fBflags\fR parameter may be one of the following values. +.PP +\&\fBX509V3_ADD_DEFAULT\fR appends a new extension only if the extension does +not already exist. An error is returned if the extension does already +exist. +.PP +\&\fBX509V3_ADD_APPEND\fR appends a new extension, ignoring whether the extension +already exists. +.PP +\&\fBX509V3_ADD_REPLACE\fR replaces an extension if it exists otherwise appends +a new extension. +.PP +\&\fBX509V3_ADD_REPLACE_EXISTING\fR replaces an existing extension if it exists +otherwise returns an error. +.PP +\&\fBX509V3_ADD_KEEP_EXISTING\fR appends a new extension only if the extension does +not already exist. An error \fBis not\fR returned if the extension does already +exist. +.PP +\&\fBX509V3_ADD_DELETE\fR extension \fBnid\fR is deleted: no new extension is added. +.PP +If \fBX509V3_ADD_SILENT\fR is ored with \fBflags\fR: any error returned will not +be added to the error queue. +.PP +The function \fBX509V3_get_d2i()\fR will return \fB\s-1NULL\s0\fR if the extension is not +found, occurs multiple times or cannot be decoded. It is possible to +determine the precise reason by checking the value of \fB*crit\fR. +.SH "SUPPORTED EXTENSIONS" +.IX Header "SUPPORTED EXTENSIONS" +The following sections contain a list of all supported extensions +including their name and \s-1NID.\s0 +.SS "\s-1PKIX\s0 Certificate Extensions" +.IX Subsection "PKIX Certificate Extensions" +The following certificate extensions are defined in \s-1PKIX\s0 standards such as +\&\s-1RFC5280.\s0 +.PP +.Vb 3 +\& Basic Constraints NID_basic_constraints +\& Key Usage NID_key_usage +\& Extended Key Usage NID_ext_key_usage +\& +\& Subject Key Identifier NID_subject_key_identifier +\& Authority Key Identifier NID_authority_key_identifier +\& +\& Private Key Usage Period NID_private_key_usage_period +\& +\& Subject Alternative Name NID_subject_alt_name +\& Issuer Alternative Name NID_issuer_alt_name +\& +\& Authority Information Access NID_info_access +\& Subject Information Access NID_sinfo_access +\& +\& Name Constraints NID_name_constraints +\& +\& Certificate Policies NID_certificate_policies +\& Policy Mappings NID_policy_mappings +\& Policy Constraints NID_policy_constraints +\& Inhibit Any Policy NID_inhibit_any_policy +\& +\& TLS Feature NID_tlsfeature +.Ve +.SS "Netscape Certificate Extensions" +.IX Subsection "Netscape Certificate Extensions" +The following are (largely obsolete) Netscape certificate extensions. +.PP +.Vb 8 +\& Netscape Cert Type NID_netscape_cert_type +\& Netscape Base Url NID_netscape_base_url +\& Netscape Revocation Url NID_netscape_revocation_url +\& Netscape CA Revocation Url NID_netscape_ca_revocation_url +\& Netscape Renewal Url NID_netscape_renewal_url +\& Netscape CA Policy Url NID_netscape_ca_policy_url +\& Netscape SSL Server Name NID_netscape_ssl_server_name +\& Netscape Comment NID_netscape_comment +.Ve +.SS "Miscellaneous Certificate Extensions" +.IX Subsection "Miscellaneous Certificate Extensions" +.Vb 2 +\& Strong Extranet ID NID_sxnet +\& Proxy Certificate Information NID_proxyCertInfo +.Ve +.SS "\s-1PKIX CRL\s0 Extensions" +.IX Subsection "PKIX CRL Extensions" +The following are \s-1CRL\s0 extensions from \s-1PKIX\s0 standards such as \s-1RFC5280.\s0 +.PP +.Vb 6 +\& CRL Number NID_crl_number +\& CRL Distribution Points NID_crl_distribution_points +\& Delta CRL Indicator NID_delta_crl +\& Freshest CRL NID_freshest_crl +\& Invalidity Date NID_invalidity_date +\& Issuing Distribution Point NID_issuing_distribution_point +.Ve +.PP +The following are \s-1CRL\s0 entry extensions from \s-1PKIX\s0 standards such as \s-1RFC5280.\s0 +.PP +.Vb 2 +\& CRL Reason Code NID_crl_reason +\& Certificate Issuer NID_certificate_issuer +.Ve +.SS "\s-1OCSP\s0 Extensions" +.IX Subsection "OCSP Extensions" +.Vb 7 +\& OCSP Nonce NID_id_pkix_OCSP_Nonce +\& OCSP CRL ID NID_id_pkix_OCSP_CrlID +\& Acceptable OCSP Responses NID_id_pkix_OCSP_acceptableResponses +\& OCSP No Check NID_id_pkix_OCSP_noCheck +\& OCSP Archive Cutoff NID_id_pkix_OCSP_archiveCutoff +\& OCSP Service Locator NID_id_pkix_OCSP_serviceLocator +\& Hold Instruction Code NID_hold_instruction_code +.Ve +.SS "Certificate Transparency Extensions" +.IX Subsection "Certificate Transparency Extensions" +The following extensions are used by certificate transparency, \s-1RFC6962\s0 +.PP +.Vb 2 +\& CT Precertificate SCTs NID_ct_precert_scts +\& CT Certificate SCTs NID_ct_cert_scts +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509V3_EXT_d2i()\fR and *\fBX509V3_get_d2i()\fR return a pointer to an extension +specific structure of \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBX509V3_EXT_i2d()\fR returns a pointer to an \fBX509_EXTENSION\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBX509V3_add1_i2d()\fR returns 1 if the operation is successful and 0 if it +fails due to a non-fatal error (extension not found, already exists, +cannot be encoded) or \-1 due to a fatal error such as a memory allocation +failure. +.PP +\&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and +\&\fBX509_REVOKED_get0_extensions()\fR return a stack of extensions. They return +\&\s-1NULL\s0 if no extensions are present. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_ALGOR_dup.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_ALGOR_dup.3 new file mode 100644 index 00000000..d4088eee --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_ALGOR_dup.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_ALGOR_DUP 3" +.TH X509_ALGOR_DUP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp \- AlgorithmIdentifier functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg); +\& int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); +\& void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, +\& const void **ppval, const X509_ALGOR *alg); +\& void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +\& int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_ALGOR_dup()\fR returns a copy of \fBalg\fR. +.PP +\&\fBX509_ALGOR_set0()\fR sets the algorithm \s-1OID\s0 of \fBalg\fR to \fBaobj\fR and the +associated parameter type to \fBptype\fR with value \fBpval\fR. If \fBptype\fR is +\&\fBV_ASN1_UNDEF\fR the parameter is omitted, otherwise \fBptype\fR and \fBpval\fR have +the same meaning as the \fBtype\fR and \fBvalue\fR parameters to \fBASN1_TYPE_set()\fR. +All the supplied parameters are used internally so must \fB\s-1NOT\s0\fR be freed after +this call. +.PP +\&\fBX509_ALGOR_get0()\fR is the inverse of \fBX509_ALGOR_set0()\fR: it returns the +algorithm \s-1OID\s0 in \fB*paobj\fR and the associated parameter in \fB*pptype\fR +and \fB*ppval\fR from the \fBAlgorithmIdentifier\fR \fBalg\fR. +.PP +\&\fBX509_ALGOR_set_md()\fR sets the \fBAlgorithmIdentifier\fR \fBalg\fR to appropriate +values for the message digest \fBmd\fR. +.PP +\&\fBX509_ALGOR_cmp()\fR compares \fBa\fR and \fBb\fR and returns 0 if they have identical +encodings and non-zero otherwise. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_ALGOR_dup()\fR returns a valid \fBX509_ALGOR\fR structure or \s-1NULL\s0 if an error +occurred. +.PP +\&\fBX509_ALGOR_set0()\fR returns 1 on success or 0 on error. +.PP +\&\fBX509_ALGOR_get0()\fR and \fBX509_ALGOR_set_md()\fR return no values. +.PP +\&\fBX509_ALGOR_cmp()\fR returns 0 if the two parameters have identical encodings and +non-zero otherwise. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_CRL_get0_by_serial.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_CRL_get0_by_serial.3 new file mode 100644 index 00000000..43535225 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_CRL_get0_by_serial.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CRL_GET0_BY_SERIAL 3" +.TH X509_CRL_GET0_BY_SERIAL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate, X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, X509_CRL_add0_revoked, X509_CRL_sort \- CRL revoked entry utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_CRL_get0_by_serial(X509_CRL *crl, +\& X509_REVOKED **ret, ASN1_INTEGER *serial); +\& int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); +\& +\& STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +\& +\& const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *r); +\& const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *r); +\& +\& int X509_REVOKED_set_serialNumber(X509_REVOKED *r, ASN1_INTEGER *serial); +\& int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +\& +\& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +\& +\& int X509_CRL_sort(X509_CRL *crl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_CRL_get0_by_serial()\fR attempts to find a revoked entry in \fBcrl\fR for +serial number \fBserial\fR. If it is successful it sets \fB*ret\fR to the internal +pointer of the matching entry, as a result \fB*ret\fR must not be freed up +after the call. +.PP +\&\fBX509_CRL_get0_by_cert()\fR is similar to \fBX509_get0_by_serial()\fR except it +looks for a revoked entry using the serial number of certificate \fBx\fR. +.PP +\&\fBX509_CRL_get_REVOKED()\fR returns an internal pointer to a stack of all +revoked entries for \fBcrl\fR. +.PP +\&\fBX509_REVOKED_get0_serialNumber()\fR returns an internal pointer to the +serial number of \fBr\fR. +.PP +\&\fBX509_REVOKED_get0_revocationDate()\fR returns an internal pointer to the +revocation date of \fBr\fR. +.PP +\&\fBX509_REVOKED_set_serialNumber()\fR sets the serial number of \fBr\fR to \fBserial\fR. +The supplied \fBserial\fR pointer is not used internally so it should be +freed up after use. +.PP +\&\fBX509_REVOKED_set_revocationDate()\fR sets the revocation date of \fBr\fR to +\&\fBtm\fR. The supplied \fBtm\fR pointer is not used internally so it should be +freed up after use. +.PP +\&\fBX509_CRL_add0_revoked()\fR appends revoked entry \fBrev\fR to \s-1CRL\s0 \fBcrl\fR. The +pointer \fBrev\fR is used internally so it must not be freed up after the call: +it is freed when the parent \s-1CRL\s0 is freed. +.PP +\&\fBX509_CRL_sort()\fR sorts the revoked entries of \fBcrl\fR into ascending serial +number order. +.SH "NOTES" +.IX Header "NOTES" +Applications can determine the number of revoked entries returned by +\&\fBX509_CRL_get_revoked()\fR using \fBsk_X509_REVOKED_num()\fR and examine each one +in turn using \fBsk_X509_REVOKED_value()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_CRL_get0_by_serial()\fR and \fBX509_CRL_get0_by_cert()\fR return 0 for failure, +1 on success except if the revoked entry has the reason \f(CW\*(C`removeFromCRL\*(C'\fR (8), +in which case 2 is returned. +.PP +\&\fBX509_REVOKED_set_serialNumber()\fR, \fBX509_REVOKED_set_revocationDate()\fR, +\&\fBX509_CRL_add0_revoked()\fR and \fBX509_CRL_sort()\fR return 1 for success and 0 for +failure. +.PP +\&\fBX509_REVOKED_get0_serialNumber()\fR returns an \fB\s-1ASN1_INTEGER\s0\fR pointer. +.PP +\&\fBX509_REVOKED_get0_revocationDate()\fR returns an \fB\s-1ASN1_TIME\s0\fR value. +.PP +\&\fBX509_CRL_get_REVOKED()\fR returns a \s-1STACK\s0 of revoked entries. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_EXTENSION_set_object.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_EXTENSION_set_object.3 new file mode 100644 index 00000000..83464846 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_EXTENSION_set_object.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_EXTENSION_SET_OBJECT 3" +.TH X509_EXTENSION_SET_OBJECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_EXTENSION_set_object, X509_EXTENSION_set_critical, X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID, X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object, X509_EXTENSION_get_critical, X509_EXTENSION_get_data \- extension utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); +\& int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +\& int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); +\& +\& X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, +\& int nid, int crit, +\& ASN1_OCTET_STRING *data); +\& X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, +\& const ASN1_OBJECT *obj, int crit, +\& ASN1_OCTET_STRING *data); +\& +\& ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); +\& int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); +\& ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_EXTENSION_set_object()\fR sets the extension type of \fBex\fR to \fBobj\fR. The +\&\fBobj\fR pointer is duplicated internally so \fBobj\fR should be freed up after use. +.PP +\&\fBX509_EXTENSION_set_critical()\fR sets the criticality of \fBex\fR to \fBcrit\fR. If +\&\fBcrit\fR is zero the extension in non-critical otherwise it is critical. +.PP +\&\fBX509_EXTENSION_set_data()\fR sets the data in extension \fBex\fR to \fBdata\fR. The +\&\fBdata\fR pointer is duplicated internally. +.PP +\&\fBX509_EXTENSION_create_by_NID()\fR creates an extension of type \fBnid\fR, +criticality \fBcrit\fR using data \fBdata\fR. The created extension is returned and +written to \fB*ex\fR reusing or allocating a new extension if necessary so \fB*ex\fR +should either be \fB\s-1NULL\s0\fR or a valid \fBX509_EXTENSION\fR structure it must +\&\fBnot\fR be an uninitialised pointer. +.PP +\&\fBX509_EXTENSION_create_by_OBJ()\fR is identical to \fBX509_EXTENSION_create_by_NID()\fR +except it creates and extension using \fBobj\fR instead of a \s-1NID.\s0 +.PP +\&\fBX509_EXTENSION_get_object()\fR returns the extension type of \fBex\fR as an +\&\fB\s-1ASN1_OBJECT\s0\fR pointer. The returned pointer is an internal value which must +not be freed up. +.PP +\&\fBX509_EXTENSION_get_critical()\fR returns the criticality of extension \fBex\fR it +returns \fB1\fR for critical and \fB0\fR for non-critical. +.PP +\&\fBX509_EXTENSION_get_data()\fR returns the data of extension \fBex\fR. The returned +pointer is an internal value which must not be freed up. +.SH "NOTES" +.IX Header "NOTES" +These functions manipulate the contents of an extension directly. Most +applications will want to parse or encode and add an extension: they should +use the extension encode and decode functions instead such as +\&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR. +.PP +The \fBdata\fR associated with an extension is the extension encoding in an +\&\fB\s-1ASN1_OCTET_STRING\s0\fR structure. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_EXTENSION_set_object()\fR \fBX509_EXTENSION_set_critical()\fR and +\&\fBX509_EXTENSION_set_data()\fR return \fB1\fR for success and \fB0\fR for failure. +.PP +\&\fBX509_EXTENSION_create_by_NID()\fR and \fBX509_EXTENSION_create_by_OBJ()\fR return +an \fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBX509_EXTENSION_get_object()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR pointer. +.PP +\&\fBX509_EXTENSION_get_critical()\fR returns \fB0\fR for non-critical and \fB1\fR for +critical. +.PP +\&\fBX509_EXTENSION_get_data()\fR returns an \fB\s-1ASN1_OCTET_STRING\s0\fR pointer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509V3_get_d2i\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_LOOKUP.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_LOOKUP.3 new file mode 100644 index 00000000..31d81b2f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_LOOKUP.3 @@ -0,0 +1,310 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOOKUP 3" +.TH X509_LOOKUP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_LOOKUP, X509_LOOKUP_TYPE, X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init, X509_LOOKUP_shutdown, X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, X509_LOOKUP_ctrl, X509_LOOKUP_load_file, X509_LOOKUP_add_dir, X509_LOOKUP_get_store, X509_LOOKUP_by_subject, X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint, X509_LOOKUP_by_alias \&\- OpenSSL certificate lookup mechanisms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef x509_lookup_st X509_LOOKUP; +\& +\& typedef enum X509_LOOKUP_TYPE; +\& +\& X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +\& int X509_LOOKUP_init(X509_LOOKUP *ctx); +\& int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); +\& void X509_LOOKUP_free(X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +\& void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, +\& long argl, char **ret); +\& int X509_LOOKUP_load_file(X509_LOOKUP *ctx, char *name, long type); +\& int X509_LOOKUP_add_dir(X509_LOOKUP *ctx, char *name, long type); +\& +\& X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& X509_NAME *name, X509_OBJECT *ret); +\& int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& X509_NAME *name, ASN1_INTEGER *serial, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& const unsigned char *bytes, int len, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& const char *str, int len, X509_OBJECT *ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_LOOKUP\fR structure holds the information needed to look up +certificates and CRLs according to an associated \fBX509_LOOKUP_METHOD\fR\|(3). +Multiple \fBX509_LOOKUP\fR instances can be added to an \fBX509_STORE\fR\|(3) +to enable lookup in that store. +.PP +\&\fBX509_LOOKUP_new()\fR creates a new \fBX509_LOOKUP\fR using the given lookup +\&\fImethod\fR. +It can also be created by calling \fBX509_STORE_add_lookup\fR\|(3), which +will associate an \fBX509_STORE\fR with the lookup mechanism. +.PP +\&\fBX509_LOOKUP_init()\fR initializes the internal state and resources as +needed by the given \fBX509_LOOKUP\fR to do its work. +.PP +\&\fBX509_LOOKUP_shutdown()\fR tears down the internal state and resources of +the given \fBX509_LOOKUP\fR. +.PP +\&\fBX509_LOOKUP_free()\fR destructs the given \fBX509_LOOKUP\fR. +.PP +\&\fBX509_LOOKUP_set_method_data()\fR associates a pointer to application data +to the given \fBX509_LOOKUP\fR. +.PP +\&\fBX509_LOOKUP_get_method_data()\fR retrieves a pointer to application data +from the given \fBX509_LOOKUP\fR. +.PP +\&\fBX509_LOOKUP_ctrl()\fR is used to set or get additional data to or from an +\&\fBX509_LOOKUP\fR structure or its associated \fBX509_LOOKUP_METHOD\fR\|(3). +The arguments of the control command are passed via \fIargc\fR and \fIargl\fR, +its return value via \fI*ret\fR. +The meaning of the arguments depends on the \fIcmd\fR number of the +control command. In general, this function is not called directly, but +wrapped by a macro call, see below. +The control \fIcmd\fRs known to OpenSSL are discussed in more depth +in \*(L"Control Commands\*(R". +.PP +\&\fBX509_LOOKUP_load_file()\fR passes a filename to be loaded immediately +into the associated \fBX509_STORE\fR. +\&\fItype\fR indicates what type of object is expected. +This can only be used with a lookup using the implementation +\&\fBX509_LOOKUP_file\fR\|(3). +.PP +\&\fBX509_LOOKUP_add_dir()\fR passes a directory specification from which +certificates and CRLs are loaded on demand into the associated +\&\fBX509_STORE\fR. +\&\fItype\fR indicates what type of object is expected. +This can only be used with a lookup using the implementation +\&\fBX509_LOOKUP_hash_dir\fR\|(3). +.PP +\&\fBX509_LOOKUP_load_file()\fR, \fBX509_LOOKUP_add_dir()\fR, +\&\fBX509_LOOKUP_add_store()\fR, and \fBX509_LOOKUP_load_store()\fR are implemented +as macros that use \fBX509_LOOKUP_ctrl()\fR. +.PP +\&\fBX509_LOOKUP_by_subject()\fR, \fBX509_LOOKUP_by_issuer_serial()\fR, +\&\fBX509_LOOKUP_by_fingerprint()\fR, and \fBX509_LOOKUP_by_alias()\fR look up +certificates and CRLs in the \fBX509_STORE\fR\|(3) associated with the +\&\fBX509_LOOKUP\fR using different criteria, where the looked up object is +stored in \fIret\fR. +Some of the underlying \fBX509_LOOKUP_METHOD\fRs will also cache objects +matching the criteria in the associated \fBX509_STORE\fR, which makes it +possible to handle cases where the criteria have more than one hit. +.SS "File Types" +.IX Subsection "File Types" +\&\fBX509_LOOKUP_load_file()\fR and \fBX509_LOOKUP_add_dir()\fR take a \fItype\fR, +which can be one of the following: +.IP "\fBX509_FILETYPE_PEM\fR" 4 +.IX Item "X509_FILETYPE_PEM" +The file or files that are loaded are expected to be in \s-1PEM\s0 format. +.IP "\fBX509_FILETYPE_ASN1\fR" 4 +.IX Item "X509_FILETYPE_ASN1" +The file or files that are loaded are expected to be in raw \s-1DER\s0 format. +.IP "\fBX509_FILETYPE_DEFAULT\fR" 4 +.IX Item "X509_FILETYPE_DEFAULT" +The default certificate file or directory is used. In this case, +\&\fIname\fR is ignored. +.SS "Control Commands" +.IX Subsection "Control Commands" +The \fBX509_LOOKUP_METHOD\fRs built into OpenSSL recognise the following +\&\fBX509_LOOKUP_ctrl()\fR \fIcmd\fRs: +.IP "\fBX509_L_FILE_LOAD\fR" 4 +.IX Item "X509_L_FILE_LOAD" +This is the command that \fBX509_LOOKUP_load_file()\fR uses. +The filename is passed in \fIargc\fR, and the type in \fIargl\fR. +.IP "\fBX509_L_ADD_DIR\fR" 4 +.IX Item "X509_L_ADD_DIR" +This is the command that \fBX509_LOOKUP_add_dir()\fR uses. +The directory specification is passed in \fIargc\fR, and the type in +\&\fIargl\fR. +.IP "\fBX509_L_ADD_STORE\fR" 4 +.IX Item "X509_L_ADD_STORE" +This is the command that \fBX509_LOOKUP_add_store()\fR uses. +The \s-1URI\s0 is passed in \fIargc\fR. +.IP "\fBX509_L_LOAD_STORE\fR" 4 +.IX Item "X509_L_LOAD_STORE" +This is the command that \fBX509_LOOKUP_load_store()\fR uses. +The \s-1URI\s0 is passed in \fIargc\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_LOOKUP_new()\fR returns an \fBX509_LOOKUP\fR pointer when successful, +or \s-1NULL\s0 on error. +.PP +\&\fBX509_LOOKUP_init()\fR and \fBX509_LOOKUP_shutdown()\fR return 1 on success, or +0 on error. +.PP +\&\fBX509_LOOKUP_ctrl()\fR returns \-1 if the \fBX509_LOOKUP\fR doesn't have an +associated \fBX509_LOOKUP_METHOD\fR, or 1 if the +doesn't have a control function. +Otherwise, it returns what the control function in the +\&\fBX509_LOOKUP_METHOD\fR returns, which is usually 1 on success and 0 in +error. +.IX Xref "509_LOOKUP_METHOD" +.PP +\&\fBX509_LOOKUP_get_store()\fR returns an \fBX509_STORE\fR pointer if there is +one, otherwise \s-1NULL.\s0 +.PP +\&\fBX509_LOOKUP_by_subject()\fR, \fBX509_LOOKUP_by_issuer_serial()\fR, +\&\fBX509_LOOKUP_by_fingerprint()\fR, and \fBX509_LOOKUP_by_alias()\fR all return 0 +if there is no \fBX509_LOOKUP_METHOD\fR or that method doesn't implement +the corresponding function. +Otherwise, it returns what the corresponding function in the +\&\fBX509_LOOKUP_METHOD\fR returns, which is usually 1 on success and 0 in +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_LOOKUP_METHOD\fR\|(3), \fBX509_STORE\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_LOOKUP_hash_dir.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_LOOKUP_hash_dir.3 new file mode 100644 index 00000000..8ca6fa90 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_LOOKUP_hash_dir.3 @@ -0,0 +1,264 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOOKUP_HASH_DIR 3" +.TH X509_LOOKUP_HASH_DIR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_load_cert_file, X509_load_crl_file, X509_load_cert_crl_file \- Default OpenSSL certificate lookup methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +\& X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +\& +\& int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +\& int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +\& int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_LOOKUP_hash_dir\fR and \fBX509_LOOKUP_file\fR are two certificate +lookup methods to use with \fBX509_STORE\fR, provided by OpenSSL library. +.PP +Users of the library typically do not need to create instances of these +methods manually, they would be created automatically by +\&\fBX509_STORE_load_locations\fR\|(3) or +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +functions. +.PP +Internally loading of certificates and CRLs is implemented via functions +\&\fBX509_load_cert_crl_file\fR, \fBX509_load_cert_file\fR and +\&\fBX509_load_crl_file\fR. These functions support parameter \fItype\fR, which +can be one of constants \fB\s-1FILETYPE_PEM\s0\fR, \fB\s-1FILETYPE_ASN1\s0\fR and +\&\fB\s-1FILETYPE_DEFAULT\s0\fR. They load certificates and/or CRLs from specified +file into memory cache of \fBX509_STORE\fR objects which given \fBctx\fR +parameter is associated with. +.PP +Functions \fBX509_load_cert_file\fR and +\&\fBX509_load_crl_file\fR can load both \s-1PEM\s0 and \s-1DER\s0 formats depending of +type value. Because \s-1DER\s0 format cannot contain more than one certificate +or \s-1CRL\s0 object (while \s-1PEM\s0 can contain several concatenated \s-1PEM\s0 objects) +\&\fBX509_load_cert_crl_file\fR with \fB\s-1FILETYPE_ASN1\s0\fR is equivalent to +\&\fBX509_load_cert_file\fR. +.PP +Constant \fB\s-1FILETYPE_DEFAULT\s0\fR with \s-1NULL\s0 filename causes these functions +to load default certificate store file (see +\&\fBX509_STORE_set_default_paths\fR\|(3). +.PP +Functions return number of objects loaded from file or 0 in case of +error. +.PP +Both methods support adding several certificate locations into one +\&\fBX509_STORE\fR. +.PP +This page documents certificate store formats used by these methods and +caching policy. +.SS "File Method" +.IX Subsection "File Method" +The \fBX509_LOOKUP_file\fR method loads all the certificates or CRLs +present in a file into memory at the time the file is added as a +lookup source. +.PP +File format is \s-1ASCII\s0 text which contains concatenated \s-1PEM\s0 certificates +and CRLs. +.PP +This method should be used by applications which work with a small +set of CAs. +.SS "Hashed Directory Method" +.IX Subsection "Hashed Directory Method" +\&\fBX509_LOOKUP_hash_dir\fR is a more advanced method, which loads +certificates and CRLs on demand, and caches them in memory once +they are loaded. As of OpenSSL 1.0.0, it also checks for newer CRLs +upon each lookup, so that newer CRLs are as soon as they appear in +the directory. +.PP +The directory should contain one certificate or \s-1CRL\s0 per file in \s-1PEM\s0 format, +with a file name of the form \fIhash\fR.\fIN\fR for a certificate, or +\&\fIhash\fR.\fBr\fR\fIN\fR for a \s-1CRL.\s0 +The \fIhash\fR is the value returned by the \fBX509_NAME_hash\fR\|(3) function applied +to the subject name for certificates or issuer name for CRLs. +The hash can also be obtained via the \fB\-hash\fR option of the \fBx509\fR\|(1) or +\&\fBcrl\fR\|(1) commands. +.PP +The .\fIN\fR or .\fBr\fR\fIN\fR suffix is a sequence number that starts at zero, and is +incremented consecutively for each certificate or \s-1CRL\s0 with the same \fIhash\fR +value. +Gaps in the sequence numbers are not supported, it is assumed that there are no +more objects with the same hash beyond the first missing number in the +sequence. +.PP +Sequence numbers make it possible for the directory to contain multiple +certificates with same subject name hash value. +For example, it is possible to have in the store several certificates with same +subject or several CRLs with same issuer (and, for example, different validity +period). +.PP +When checking for new CRLs once one \s-1CRL\s0 for given hash value is +loaded, hash_dir lookup method checks only for certificates with +sequence number greater than that of the already cached \s-1CRL.\s0 +.PP +Note that the hash algorithm used for subject name hashing changed in OpenSSL +1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL +0.9.8 to 1.0.0. +.PP +OpenSSL includes a \fBrehash\fR\|(1) utility which creates symlinks with correct +hashed names for all files with .pem suffix in a given directory. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_LOOKUP_hash_dir()\fR and \fBX509_LOOKUP_file()\fR always return a valid +\&\fBX509_LOOKUP_METHOD\fR structure. +.PP +\&\fBX509_load_cert_file()\fR, \fBX509_load_crl_file()\fR and \fBX509_load_cert_crl_file()\fR return +the number of loaded objects or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPEM_read_PrivateKey\fR\|(3), +\&\fBX509_STORE_load_locations\fR\|(3), +\&\fBX509_store_add_lookup\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBX509_LOOKUP_meth_new\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_LOOKUP_meth_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_LOOKUP_meth_new.3 new file mode 100644 index 00000000..ffef831f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_LOOKUP_meth_new.3 @@ -0,0 +1,310 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOOKUP_METH_NEW 3" +.TH X509_LOOKUP_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_LOOKUP_METHOD, X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, X509_LOOKUP_meth_get_shutdown, X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, X509_LOOKUP_meth_get_get_by_subject, X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, X509_LOOKUP_meth_get_get_by_issuer_serial, X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, X509_LOOKUP_meth_get_get_by_fingerprint, X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, X509_LOOKUP_meth_get_get_by_alias, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL \&\- Routines to build up X509_LOOKUP methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef x509_lookup_method_st X509_LOOKUP_METHOD; +\& +\& X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +\& void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); +\& +\& int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, +\& int (*new_item) (X509_LOOKUP *ctx)); +\& int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, +\& void (*free) (X509_LOOKUP *ctx)); +\& void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, +\& int (*init) (X509_LOOKUP *ctx)); +\& int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, +\& int (*shutdown) (X509_LOOKUP *ctx)); +\& int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, +\& long argl, char **ret); +\& int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_ctrl_fn ctrl_fn); +\& X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& X509_NAME *name, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_get_by_subject_fn fn); +\& X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( +\& const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& X509_NAME *name, +\& ASN1_INTEGER *serial, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_issuer_serial( +\& X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn); +\& X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( +\& const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& const unsigned char* bytes, +\& int len, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_get_by_fingerprint_fn fn); +\& X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( +\& const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& const char *str, +\& int len, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_get_by_alias_fn fn); +\& X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( +\& const X509_LOOKUP_METHOD *method); +\& +\& int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); +\& int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_LOOKUP_METHOD\fR type is a structure used for the implementation of new +X509_LOOKUP types. It provides a set of functions used by OpenSSL for the +implementation of various X509 and X509_CRL lookup capabilities. One instance +of an X509_LOOKUP_METHOD can be associated to many instantiations of an +\&\fBX509_LOOKUP\fR structure. +.PP +\&\fBX509_LOOKUP_meth_new()\fR creates a new \fBX509_LOOKUP_METHOD\fR structure. It should +be given a human-readable string containing a brief description of the lookup +method. +.PP +\&\fBX509_LOOKUP_meth_free()\fR destroys a \fBX509_LOOKUP_METHOD\fR structure. +.PP +\&\fBX509_LOOKUP_get_new_item()\fR and \fBX509_LOOKUP_set_new_item()\fR get and set the +function that is called when an \fBX509_LOOKUP\fR object is created with +\&\fBX509_LOOKUP_new()\fR. If an X509_LOOKUP_METHOD requires any per\-X509_LOOKUP +specific data, the supplied new_item function should allocate this data and +invoke \fBX509_LOOKUP_set_method_data\fR\|(3). +.PP +\&\fBX509_LOOKUP_get_free()\fR and \fBX509_LOOKUP_set_free()\fR get and set the function +that is used to free any method data that was allocated and set from within +new_item function. +.PP +\&\fBX509_LOOKUP_meth_get_init()\fR and \fBX509_LOOKUP_meth_set_init()\fR get and set the +function that is used to initialize the method data that was set with +\&\fBX509_LOOKUP_set_method_data\fR\|(3) as part of the new_item routine. +.PP +\&\fBX509_LOOKUP_meth_get_shutdown()\fR and \fBX509_LOOKUP_meth_set_shutdown()\fR get and set +the function that is used to shut down the method data whose state was +previously initialized in the init function. +.PP +\&\fBX509_LOOKUP_meth_get_ctrl()\fR and \fBX509_LOOKUP_meth_set_ctrl()\fR get and set a +function to be used to handle arbitrary control commands issued by +\&\fBX509_LOOKUP_ctrl()\fR. The control function is given the X509_LOOKUP +\&\fBctx\fR, along with the arguments passed by X509_LOOKUP_ctrl. \fBcmd\fR is +an arbitrary integer that defines some operation. \fBargc\fR is a pointer +to an array of characters. \fBargl\fR is an integer. \fBret\fR, if set, +points to a location where any return data should be written to. How +\&\fBargc\fR and \fBargl\fR are used depends entirely on the control function. +.PP +\&\fBX509_LOOKUP_set_get_by_subject()\fR, \fBX509_LOOKUP_set_get_by_issuer_serial()\fR, +\&\fBX509_LOOKUP_set_get_by_fingerprint()\fR, \fBX509_LOOKUP_set_get_by_alias()\fR set +the functions used to retrieve an X509 or X509_CRL object by the object's +subject, issuer, fingerprint, and alias respectively. These functions are given +the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters +related to the lookup, and an X509_OBJECT that will receive the requested +object. +.PP +Implementations must add objects they find to the \fBX509_STORE\fR object +using \fBX509_STORE_add_cert()\fR or \fBX509_STORE_add_crl()\fR. This increments +its reference count. However, the \fBX509_STORE_CTX_get_by_subject()\fR +function also increases the reference count which leads to one too +many references being held. Therefore applications should +additionally call \fBX509_free()\fR or \fBX509_CRL_free()\fR to decrement the +reference count again. +.PP +Implementations should also use either \fBX509_OBJECT_set1_X509()\fR or +\&\fBX509_OBJECT_set1_X509_CRL()\fR to set the result. Note that this also +increments the result's reference count. +.PP +Any method data that was created as a result of the new_item function +set by \fBX509_LOOKUP_meth_set_new_item()\fR can be accessed with +\&\fBX509_LOOKUP_get_method_data\fR\|(3). The \fBX509_STORE\fR object that owns the +X509_LOOKUP may be accessed with \fBX509_LOOKUP_get_store\fR\|(3). Successful +lookups should return 1, and unsuccessful lookups should return 0. +.PP +\&\fBX509_LOOKUP_get_get_by_subject()\fR, \fBX509_LOOKUP_get_get_by_issuer_serial()\fR, +\&\fBX509_LOOKUP_get_get_by_fingerprint()\fR, \fBX509_LOOKUP_get_get_by_alias()\fR retrieve +the function set by the corresponding setter. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBX509_LOOKUP_meth_set\fR functions return 1 on success or 0 on error. +.PP +The \fBX509_LOOKUP_meth_get\fR functions return the corresponding function +pointers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_new\fR\|(3), \fBSSL_CTX_set_cert_store\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0i. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_NAME_ENTRY_get_object.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_NAME_ENTRY_get_object.3 new file mode 100644 index 00000000..68955b3b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_NAME_ENTRY_get_object.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_ENTRY_GET_OBJECT 3" +.TH X509_NAME_ENTRY_GET_OBJECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +\& ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +\& +\& int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); +\& int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, +\& const unsigned char *bytes, int len); +\& +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, +\& int type, const unsigned char *bytes, +\& int len); +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, +\& int type, const unsigned char *bytes, +\& int len); +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, +\& const ASN1_OBJECT *obj, int type, +\& const unsigned char *bytes, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in +and \fB\s-1ASN1_OBJECT\s0\fR structure. +.PP +\&\fBX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in +and \fB\s-1ASN1_STRING\s0\fR structure. +.PP +\&\fBX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR. +.PP +\&\fBX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type +\&\fBtype\fR and value determined by \fBbytes\fR and \fBlen\fR. +.PP +\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR +and \fBX509_NAME_ENTRY_create_by_OBJ()\fR create and return an +\&\fBX509_NAME_ENTRY\fR structure. +.SH "NOTES" +.IX Header "NOTES" +\&\fBX509_NAME_ENTRY_get_object()\fR and \fBX509_NAME_ENTRY_get_data()\fR can be +used to examine an \fBX509_NAME_ENTRY\fR function as returned by +\&\fBX509_NAME_get_entry()\fR for example. +.PP +\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_OBJ()\fR, +\&\fBX509_NAME_ENTRY_create_by_NID()\fR and \fBX509_NAME_ENTRY_set_data()\fR +are seldom used in practice because \fBX509_NAME_ENTRY\fR structures +are almost always part of \fBX509_NAME\fR structures and the +corresponding \fBX509_NAME\fR functions are typically used to +create and add new entries in a single operation. +.PP +The arguments of these functions support similar options to the similarly +named ones of the corresponding \fBX509_NAME\fR functions such as +\&\fBX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to +\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fBX509_set_data()\fR the field name must be +set first so the relevant field information can be looked up internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_NAME_ENTRY_get_object()\fR returns a valid \fB\s-1ASN1_OBJECT\s0\fR structure if it is +set or \s-1NULL\s0 if an error occurred. +.PP +\&\fBX509_NAME_ENTRY_get_data()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure if it is set +or \s-1NULL\s0 if an error occurred. +.PP +\&\fBX509_NAME_ENTRY_set_object()\fR and \fBX509_NAME_ENTRY_set_data()\fR return 1 on success +or 0 on error. +.PP +\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR and +\&\fBX509_NAME_ENTRY_create_by_OBJ()\fR return a valid \fBX509_NAME_ENTRY\fR on success or +\&\s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3), +\&\fBOBJ_nid2obj\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_NAME_add_entry_by_txt.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_NAME_add_entry_by_txt.3 new file mode 100644 index 00000000..8719140d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_NAME_add_entry_by_txt.3 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_ADD_ENTRY_BY_TXT 3" +.TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, +\& const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, +\& const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, +\& const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, int set); +\& +\& X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR and +\&\fBX509_NAME_add_entry_by_NID()\fR add a field whose name is defined +by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively. +The field value to be added is in \fBbytes\fR of length \fBlen\fR. If +\&\fBlen\fR is \-1 then the field length is calculated internally using +strlen(bytes). +.PP +The type of field is determined by \fBtype\fR which can either be a +definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a +standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is +added to a position determined by \fBloc\fR and \fBset\fR. +.PP +\&\fBX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR +to \fBname\fR. The new entry is added to a position determined by \fBloc\fR +and \fBset\fR. Since a copy of \fBne\fR is added \fBne\fR must be freed up after +the call. +.PP +\&\fBX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position +\&\fBloc\fR. The deleted entry is returned and must be freed up. +.SH "NOTES" +.IX Header "NOTES" +The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF8\s0\fR +is strongly recommended for the \fBtype\fR parameter. This allows the +internal code to correctly determine the type of the field and to +apply length checks according to the relevant standards. This is +done using \fBASN1_STRING_set_by_NID()\fR. +.PP +If instead an \s-1ASN1\s0 type is used no checks are performed and the +supplied data in \fBbytes\fR is used directly. +.PP +In \fBX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents +the field name using OBJ_txt2obj(field, 0). +.PP +The \fBloc\fR and \fBset\fR parameters determine where a new entry should +be added. For almost all applications \fBloc\fR can be set to \-1 and \fBset\fR +to 0. This adds a new entry to the end of \fBname\fR as a single valued +RelativeDistinguishedName (\s-1RDN\s0). +.PP +\&\fBloc\fR actually determines the index where the new entry is inserted: +if it is \-1 it is appended. +.PP +\&\fBset\fR determines how the new type is added. If it is zero a +new \s-1RDN\s0 is created. +.PP +If \fBset\fR is \-1 or 1 it is added to the previous or next \s-1RDN\s0 +structure respectively. This will then be a multivalued \s-1RDN:\s0 +since multivalues RDNs are very seldom used \fBset\fR is almost +always set to zero. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR, +\&\fBX509_NAME_add_entry_by_NID()\fR and \fBX509_NAME_add_entry()\fR return 1 for +success of 0 if an error occurred. +.PP +\&\fBX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR +structure of \fB\s-1NULL\s0\fR if an error occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \fBX509_NAME\fR structure: +.PP +\&\*(L"C=UK, O=Disorganized Organization, CN=Joe Bloggs\*(R" +.PP +.Vb 1 +\& X509_NAME *nm; +\& +\& nm = X509_NAME_new(); +\& if (nm == NULL) +\& /* Some error */ +\& if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC, +\& "UK", \-1, \-1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC, +\& "Disorganized Organization", \-1, \-1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, +\& "Joe Bloggs", \-1, \-1, 0)) +\& /* Error */ +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fBtype\fR can still be set to \fBV_ASN1_APP_CHOOSE\fR to use a +different algorithm to determine field types. Since this form does +not understand multicharacter types, performs no length checks and +can result in invalid field types its use is strongly discouraged. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_NAME_get0_der.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_NAME_get0_der.3 new file mode 100644 index 00000000..153d392b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_NAME_get0_der.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_GET0_DER 3" +.TH X509_NAME_GET0_DER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_get0_der \- get X509_NAME DER encoding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, +\& size_t *pderlen) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBX509_NAME_get0_der()\fR returns an internal pointer to the +encoding of an \fBX509_NAME\fR structure in \fB*pder\fR and consisting of +\&\fB*pderlen\fR bytes. It is useful for applications that wish to examine +the encoding of an \fBX509_NAME\fR structure without copying it. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The function \fBX509_NAME_get0_der()\fR returns 1 for success and 0 if an error +occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_NAME_get_index_by_NID.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_NAME_get_index_by_NID.3 new file mode 100644 index 00000000..158153a4 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_NAME_get_index_by_NID.3 @@ -0,0 +1,254 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_GET_INDEX_BY_NID 3" +.TH X509_NAME_GET_INDEX_BY_NID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \- X509_NAME lookup and enumeration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); +\& int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos); +\& +\& int X509_NAME_entry_count(const X509_NAME *name); +\& X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); +\& +\& int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); +\& int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fBX509_NAME\fR structure to be examined. The +\&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in +\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject +and issuer names. +.PP +\&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR retrieve +the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR +should initially be set to \-1. If there are no more entries \-1 is returned. +If \fBnid\fR is invalid (doesn't correspond to a valid \s-1OID\s0) then \-2 is returned. +.PP +\&\fBX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR. +.PP +\&\fBX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR +corresponding to index \fBloc\fR. Acceptable values for \fBloc\fR run from +0 to (X509_NAME_entry_count(name) \- 1). The value returned is an +internal pointer which must not be freed. +.PP +\&\fBX509_NAME_get_text_by_NID()\fR, \fBX509_NAME_get_text_by_OBJ()\fR retrieve +the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or +\&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes +will be written and the text written to \fBbuf\fR will be null +terminated. The length of the output string written is returned +excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount +of space needed in \fBbuf\fR (excluding the final null) is returned. +.SH "NOTES" +.IX Header "NOTES" +\&\fBX509_NAME_get_text_by_NID()\fR and \fBX509_NAME_get_text_by_OBJ()\fR should be +considered deprecated because they +have various limitations which make them +of minimal use in practice. They can only find the first matching +entry and will copy the contents of the field verbatim: this can +be highly confusing if the target is a multicharacter string type +like a BMPString or a UTF8String. +.PP +For a more general solution \fBX509_NAME_get_index_by_NID()\fR or +\&\fBX509_NAME_get_index_by_OBJ()\fR should be used followed by +\&\fBX509_NAME_get_entry()\fR on any matching indices and then the +various \fBX509_NAME_ENTRY\fR utility functions on the result. +.PP +The list of all relevant \fBNID_*\fR and \fBOBJ_* codes\fR can be found in +the source code header files and/or +. +.PP +Applications which could pass invalid NIDs to \fBX509_NAME_get_index_by_NID()\fR +should check for the return value of \-2. Alternatively the \s-1NID\s0 validity +can be determined first by checking OBJ_nid2obj(nid) is not \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR +return the index of the next matching entry or \-1 if not found. +\&\fBX509_NAME_get_index_by_NID()\fR can also return \-2 if the supplied +\&\s-1NID\s0 is invalid. +.PP +\&\fBX509_NAME_entry_count()\fR returns the total number of entries. +.PP +\&\fBX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the +requested entry or \fB\s-1NULL\s0\fR if the index is invalid. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Process all entries: +.PP +.Vb 2 +\& int i; +\& X509_NAME_ENTRY *e; +\& +\& for (i = 0; i < X509_NAME_entry_count(nm); i++) { +\& e = X509_NAME_get_entry(nm, i); +\& /* Do something with e */ +\& } +.Ve +.PP +Process all commonName entries: +.PP +.Vb 2 +\& int lastpos = \-1; +\& X509_NAME_ENTRY *e; +\& +\& for (;;) { +\& lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos); +\& if (lastpos == \-1) +\& break; +\& e = X509_NAME_get_entry(nm, lastpos); +\& /* Do something with e */ +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_NAME_print_ex.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_NAME_print_ex.3 new file mode 100644 index 00000000..e4b8884c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_NAME_print_ex.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_PRINT_EX 3" +.TH X509_NAME_PRINT_EX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, X509_NAME_oneline \- X509_NAME printing routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags); +\& int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags); +\& char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); +\& int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each +line (for multiline formats) is indented by \fBindent\fR spaces. The output format +can be extensively customised by use of the \fBflags\fR parameter. +.PP +\&\fBX509_NAME_print_ex_fp()\fR is identical to \fBX509_NAME_print_ex()\fR except the output is +written to \s-1FILE\s0 pointer \fBfp\fR. +.PP +\&\fBX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. +If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated and returned, and +\&\fBsize\fR is ignored. +Otherwise, at most \fBsize\fR bytes will be written, including the ending '\e0', +and \fBbuf\fR is returned. +.PP +\&\fBX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR +characters. Multiple lines are used if the output (including indent) exceeds +80 characters. +.SH "NOTES" +.IX Header "NOTES" +The functions \fBX509_NAME_oneline()\fR and \fBX509_NAME_print()\fR +produce a non standard output form, they don't handle multi character fields and +have various quirks and inconsistencies. +Their use is strongly discouraged in new applications and they could +be deprecated in a future release. +.PP +Although there are a large number of possible flags for most purposes +\&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. +As noted on the \fBASN1_STRING_print_ex\fR\|(3) manual page +for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example +\&\fB\s-1XN_FLAG_ONELINE &\s0 ~ASN1_STRFLGS_ESC_MSB\fR would be used. +.PP +The complete set of the flags supported by \fBX509_NAME_print_ex()\fR is listed below. +.PP +Several options can be ored together. +.PP +The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR, +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators +to use. Two distinct separators are used between distinct RelativeDistinguishedName +components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN.\s0 Multi-valued +RDNs are currently very rare so the second separator will hardly ever be used. +.PP +\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR +uses comma and plus with spaces: this is more readable that plain comma and plus. +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR uses spaced semicolon and plus. \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR uses +spaced newline and plus respectively. +.PP +If \fB\s-1XN_FLAG_DN_REV\s0\fR is set the whole \s-1DN\s0 is printed in reversed order. +.PP +The fields \fB\s-1XN_FLAG_FN_SN\s0\fR, \fB\s-1XN_FLAG_FN_LN\s0\fR, \fB\s-1XN_FLAG_FN_OID\s0\fR, +\&\fB\s-1XN_FLAG_FN_NONE\s0\fR determine how a field name is displayed. It will +use the short name (e.g. \s-1CN\s0) the long name (e.g. commonName) always +use \s-1OID\s0 numerical form (normally OIDs are only used if the field name is not +recognised) and no field name respectively. +.PP +If \fB\s-1XN_FLAG_SPC_EQ\s0\fR is set then spaces will be placed around the '=' character +separating field names and values. +.PP +If \fB\s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR is set then the encoding of unknown fields is +printed instead of the values. +.PP +If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this +is only of use for multiline format. +.PP +Additionally all the options supported by \fBASN1_STRING_print_ex()\fR can be used to +control how each field value is displayed. +.PP +In addition a number options can be set for commonly used formats. +.PP +\&\fB\s-1XN_FLAG_RFC2253\s0\fR sets options which produce an output compatible with \s-1RFC2253\s0 it +is equivalent to: + \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1XN_FLAG_SEP_COMMA_PLUS\s0 | \s-1XN_FLAG_DN_REV\s0 | \s-1XN_FLAG_FN_SN\s0 | \s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR +.PP +\&\fB\s-1XN_FLAG_ONELINE\s0\fR is a more readable one line format which is the same as: + \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1ASN1_STRFLGS_ESC_QUOTE\s0 | \s-1XN_FLAG_SEP_CPLUS_SPC\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_SN\s0\fR +.PP +\&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format which is the same as: + \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | \s-1XN_FLAG_SEP_MULTILINE\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_LN\s0 | \s-1XN_FLAG_FN_ALIGN\s0\fR +.PP +\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fBX509_NAME_print()\fR: in fact it calls \fBX509_NAME_print()\fR internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_NAME_oneline()\fR returns a valid string on success or \s-1NULL\s0 on error. +.PP +\&\fBX509_NAME_print()\fR returns 1 on success or 0 on error. +.PP +\&\fBX509_NAME_print_ex()\fR and \fBX509_NAME_print_ex_fp()\fR return 1 on success or 0 on error +if the \fB\s-1XN_FLAG_COMPAT\s0\fR is set, which is the same as \fBX509_NAME_print()\fR. Otherwise, +it returns \-1 on error or other values on success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBASN1_STRING_print_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_PUBKEY_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_PUBKEY_new.3 new file mode 100644 index 00000000..bff3d52d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_PUBKEY_new.3 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_PUBKEY_NEW 3" +.TH X509_PUBKEY_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, X509_PUBKEY_get0_param \- SubjectPublicKeyInfo public key functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_PUBKEY *X509_PUBKEY_new(void); +\& void X509_PUBKEY_free(X509_PUBKEY *a); +\& +\& int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +\& EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); +\& EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +\& +\& EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); +\& int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); +\& +\& EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); +\& EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +\& +\& int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); +\& int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); +\& +\& int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, +\& int ptype, void *pval, +\& unsigned char *penc, int penclen); +\& int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, +\& const unsigned char **pk, int *ppklen, +\& X509_ALGOR **pa, X509_PUBKEY *pub); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_PUBKEY\fR structure represents the \s-1ASN.1\s0 \fBSubjectPublicKeyInfo\fR +structure defined in \s-1RFC5280\s0 and used in certificates and certificate requests. +.PP +\&\fBX509_PUBKEY_new()\fR allocates and initializes an \fBX509_PUBKEY\fR structure. +.PP +\&\fBX509_PUBKEY_free()\fR frees up \fBX509_PUBKEY\fR structure \fBa\fR. If \fBa\fR is \s-1NULL\s0 +nothing is done. +.PP +\&\fBX509_PUBKEY_set()\fR sets the public key in \fB*x\fR to the public key contained +in the \fB\s-1EVP_PKEY\s0\fR structure \fBpkey\fR. If \fB*x\fR is not \s-1NULL\s0 any existing +public key structure will be freed. +.PP +\&\fBX509_PUBKEY_get0()\fR returns the public key contained in \fBkey\fR. The returned +value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed after use. +.PP +\&\fBX509_PUBKEY_get()\fR is similar to \fBX509_PUBKEY_get0()\fR except the reference +count on the returned key is incremented so it \fB\s-1MUST\s0\fR be freed using +\&\fBEVP_PKEY_free()\fR after use. +.PP +\&\fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR decode and encode an \fB\s-1EVP_PKEY\s0\fR structure +using \fBSubjectPublicKeyInfo\fR format. They otherwise follow the conventions of +other \s-1ASN.1\s0 functions such as \fBd2i_X509()\fR. +.PP +\&\fBd2i_PUBKEY_bio()\fR, \fBd2i_PUBKEY_fp()\fR, \fBi2d_PUBKEY_bio()\fR and \fBi2d_PUBKEY_fp()\fR are +similar to \fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR except they decode or encode using a +\&\fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR pointer. +.PP +\&\fBX509_PUBKEY_set0_param()\fR sets the public key parameters of \fBpub\fR. The +\&\s-1OID\s0 associated with the algorithm is set to \fBaobj\fR. The type of the +algorithm parameters is set to \fBtype\fR using the structure \fBpval\fR. +The encoding of the public key itself is set to the \fBpenclen\fR +bytes contained in buffer \fBpenc\fR. On success ownership of all the supplied +parameters is passed to \fBpub\fR so they must not be freed after the +call. +.PP +\&\fBX509_PUBKEY_get0_param()\fR retrieves the public key parameters from \fBpub\fR, +\&\fB*ppkalg\fR is set to the associated \s-1OID\s0 and the encoding consists of +\&\fB*ppklen\fR bytes at \fB*pk\fR, \fB*pa\fR is set to the associated +AlgorithmIdentifier for the public key. If the value of any of these +parameters is not required it can be set to \fB\s-1NULL\s0\fR. All of the +retrieved pointers are internal and must not be freed after the +call. +.SH "NOTES" +.IX Header "NOTES" +The \fBX509_PUBKEY\fR functions can be used to encode and decode public keys +in a standard format. +.PP +In many cases applications will not call the \fBX509_PUBKEY\fR functions +directly: they will instead call wrapper functions such as \fBX509_get0_pubkey()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBX509_PUBKEY_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). +.PP +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fBX509_PUBKEY_free()\fR does not return a value. +.PP +\&\fBX509_PUBKEY_get0()\fR and \fBX509_PUBKEY_get()\fR return a pointer to an \fB\s-1EVP_PKEY\s0\fR +structure or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBX509_PUBKEY_set()\fR, \fBX509_PUBKEY_set0_param()\fR and \fBX509_PUBKEY_get0_param()\fR +return 1 for success and 0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_SIG_get0.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_SIG_get0.3 new file mode 100644 index 00000000..b65a7e0d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_SIG_get0.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_SIG_GET0 3" +.TH X509_SIG_GET0 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_SIG_get0, X509_SIG_getm \- DigestInfo functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, +\& const ASN1_OCTET_STRING **pdigest); +\& void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, +\& ASN1_OCTET_STRING **pdigest, +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_SIG_get0()\fR returns pointers to the algorithm identifier and digest +value in \fBsig\fR. \fBX509_SIG_getm()\fR is identical to \fBX509_SIG_get0()\fR +except the pointers returned are not constant and can be modified: +for example to initialise them. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_SIG_get0()\fR and \fBX509_SIG_getm()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_CTX_get_error.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_CTX_get_error.3 new file mode 100644 index 00000000..763684bd --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_CTX_get_error.3 @@ -0,0 +1,416 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_GET_ERROR 3" +.TH X509_STORE_CTX_GET_ERROR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string \- get or set certificate verification status information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); +\& int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); +\& X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); +\& X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +\& +\& STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +\& +\& const char *X509_verify_cert_error_string(long n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are typically called after \fBX509_verify_cert()\fR has indicated +an error or in a verification callback to determine the nature of an error. +.PP +\&\fBX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see +the \fB\s-1ERROR CODES\s0\fR section for a full description of all error codes. +.PP +\&\fBX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example +it might be used in a verification callback to set an error based on additional +checks. +.PP +\&\fBX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a +non-negative integer representing where in the certificate chain the error +occurred. If it is zero it occurred in the end entity certificate, one if +it is the certificate which signed the end entity certificate and so on. +.PP +\&\fBX509_STORE_CTX_set_error_depth()\fR sets the error \fBdepth\fR. +This can be used in combination with \fBX509_STORE_CTX_set_error()\fR to set the +depth at which an error condition was detected. +.PP +\&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which +caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant. +.PP +\&\fBX509_STORE_CTX_set_current_cert()\fR sets the certificate \fBx\fR in \fBctx\fR which +caused the error. +This value is not intended to remain valid for very long, and remains owned by +the caller. +It may be examined by a verification callback invoked to handle each error +encountered during chain verification and is no longer required after such a +callback. +If a callback wishes the save the certificate for use after it returns, it +needs to increment its reference count via \fBX509_up_ref\fR\|(3). +Once such a \fIsaved\fR certificate is no longer needed it can be freed with +\&\fBX509_free\fR\|(3). +.PP +\&\fBX509_STORE_CTX_get0_cert()\fR retrieves an internal pointer to the +certificate being verified by the \fBctx\fR. +.PP +\&\fBX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous +call to \fBX509_verify_cert()\fR is successful. If the call to \fBX509_verify_cert()\fR +is \fBnot\fR successful the returned chain may be incomplete or invalid. The +returned chain persists after the \fBctx\fR structure is freed, when it is +no longer needed it should be free up using: +.PP +.Vb 1 +\& sk_X509_pop_free(chain, X509_free); +.Ve +.PP +\&\fBX509_verify_cert_error_string()\fR returns a human readable error string for +verification error \fBn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code. +.PP +\&\fBX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth. +.PP +\&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate which caused the +error or \fB\s-1NULL\s0\fR if no certificate is relevant to the error. +.PP +\&\fBX509_verify_cert_error_string()\fR returns a human readable error string for +verification error \fBn\fR. +.SH "ERROR CODES" +.IX Header "ERROR CODES" +A list of error codes and messages is shown below. Some of the +error codes are defined but currently never returned: these are described as +\&\*(L"unused\*(R". +.IP "\fBX509_V_OK: ok\fR" 4 +.IX Item "X509_V_OK: ok" +the operation was successful. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate" +the issuer certificate of a locally looked up certificate could not be found. +This normally means the list of trusted certificates is not complete. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL" +the \s-1CRL\s0 of a certificate could not be found. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" +the certificate signature could not be decrypted. This means that the actual +signature value could not be determined rather than it not matching the +expected value, this is only meaningful for \s-1RSA\s0 keys. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature" +the \s-1CRL\s0 signature could not be decrypted: this means that the actual signature +value could not be determined rather than it not matching the expected value. +Unused. +.IP "\fBX509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key" +the public key in the certificate SubjectPublicKeyInfo could not be read. +.IP "\fBX509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4 +.IX Item "X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure" +the signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 +.IX Item "X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" +the signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 +.IX Item "X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" +the certificate is not yet valid: the notBefore date is after the current time. +.IP "\fBX509_V_ERR_CERT_HAS_EXPIRED: certificate has expired\fR" 4 +.IX Item "X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired" +the certificate has expired: that is the notAfter date is before the current time. +.IP "\fBX509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 +.IX Item "X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" +the \s-1CRL\s0 is not yet valid. +.IP "\fBX509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 +.IX Item "X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" +the \s-1CRL\s0 has expired. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" +the certificate notBefore field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field" +the certificate notAfter field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" +the \s-1CRL\s0 lastUpdate field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" +the \s-1CRL\s0 nextUpdate field contains an invalid time. +.IP "\fBX509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 +.IX Item "X509_V_ERR_OUT_OF_MEM: out of memory" +an error occurred trying to allocate memory. This should never happen. +.IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate\fR" 4 +.IX Item "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate" +the passed certificate is self signed and the same certificate cannot be found +in the list of trusted certificates. +.IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain\fR" 4 +.IX Item "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain" +the certificate chain could be built up using the untrusted certificates but +the root could not be found locally. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate" +the issuer certificate could not be found: this occurs if the issuer certificate +of an untrusted certificate cannot be found. +.IP "\fBX509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate" +no signatures could be verified because the chain contains only one certificate +and it is not self signed. +.IP "\fBX509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4 +.IX Item "X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long" +the certificate chain length is greater than the supplied maximum depth. Unused. +.IP "\fBX509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 +.IX Item "X509_V_ERR_CERT_REVOKED: certificate revoked" +the certificate has been revoked. +.IP "\fBX509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 +.IX Item "X509_V_ERR_INVALID_CA: invalid CA certificate" +a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not +consistent with the supplied purpose. +.IP "\fBX509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4 +.IX Item "X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded" +the basicConstraints path-length parameter has been exceeded. +.IP "\fBX509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose\fR" 4 +.IX Item "X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose" +the supplied certificate cannot be used for the specified purpose. +.IP "\fBX509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4 +.IX Item "X509_V_ERR_CERT_UNTRUSTED: certificate not trusted" +the root \s-1CA\s0 is not marked as trusted for the specified purpose. +.IP "\fBX509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4 +.IX Item "X509_V_ERR_CERT_REJECTED: certificate rejected" +the root \s-1CA\s0 is marked to reject the specified purpose. +.IP "\fBX509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4 +.IX Item "X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch" +the current candidate issuer certificate was rejected because its subject name +did not match the issuer name of the current certificate. This is only set +if issuer check debugging is enabled it is used for status notification and +is \fBnot\fR in itself an error. +.IP "\fBX509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch\fR" 4 +.IX Item "X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch" +the current candidate issuer certificate was rejected because its subject key +identifier was present and did not match the authority key identifier current +certificate. This is only set if issuer check debugging is enabled it is used +for status notification and is \fBnot\fR in itself an error. +.IP "\fBX509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch\fR" 4 +.IX Item "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch" +the current candidate issuer certificate was rejected because its issuer name +and serial number was present and did not match the authority key identifier of +the current certificate. This is only set if issuer check debugging is enabled +it is used for status notification and is \fBnot\fR in itself an error. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing" +the current candidate issuer certificate was rejected because its keyUsage +extension does not permit certificate signing. This is only set if issuer check +debugging is enabled it is used for status notification and is \fBnot\fR in itself +an error. +.IP "\fBX509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension\fR" 4 +.IX Item "X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension" +A certificate extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. +.IP "\fBX509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension\fR" 4 +.IX Item "X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension" +A certificate policies extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. This error only +occurs if policy processing is enabled. +.IP "\fBX509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy\fR" 4 +.IX Item "X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy" +The verification flags were set to require and explicit policy but none was +present. +.IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE: Different \s-1CRL\s0 scope\fR" 4 +.IX Item "X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope" +The only CRLs that could be found did not match the scope of the certificate. +.IP "\fBX509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature" +Some feature of a certificate extension is not supported. Unused. +.IP "\fBX509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation\fR" 4 +.IX Item "X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation" +A name constraint violation occurred in the permitted subtrees. +.IP "\fBX509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation\fR" 4 +.IX Item "X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation" +A name constraint violation occurred in the excluded subtrees. +.IP "\fBX509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported\fR" 4 +.IX Item "X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported" +A certificate name constraints extension included a minimum or maximum field: +this is not supported. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type" +An unsupported name constraint type was encountered. OpenSSL currently only +supports directory name, \s-1DNS\s0 name, email and \s-1URI\s0 types. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax" +The format of the name constraint is not recognised: for example an email +address format of a form not mentioned in \s-1RFC3280.\s0 This could be caused by +a garbage extension or some new feature not currently supported. +.IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR: \s-1CRL\s0 path validation error\fR" 4 +.IX Item "X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error" +An error occurred when attempting to verify the \s-1CRL\s0 path. This error can only +happen if extended \s-1CRL\s0 checking is enabled. +.IP "\fBX509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4 +.IX Item "X509_V_ERR_APPLICATION_VERIFICATION: application verification failure" +an application specific error. This will never be returned unless explicitly +set by an application. +.SH "NOTES" +.IX Header "NOTES" +The above functions should be used instead of directly referencing the fields +in the \fBX509_VERIFY_CTX\fR structure. +.PP +In versions of OpenSSL before 1.0 the current certificate returned by +\&\fBX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should +check the return value before printing out any debugging information relating +to the current certificate. +.PP +If an unrecognised error code is passed to \fBX509_verify_cert_error_string()\fR the +numerical value of the unknown code is returned in a static buffer. This is not +thread safe but will never happen unless an invalid code is passed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_up_ref\fR\|(3), +\&\fBX509_free\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_CTX_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_CTX_new.3 new file mode 100644 index 00000000..5d5a0b1c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_CTX_new.3 @@ -0,0 +1,295 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_NEW 3" +.TH X509_STORE_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, X509_STORE_CTX_get_num_untrusted, X509_STORE_CTX_set_default, X509_STORE_CTX_set_verify, X509_STORE_CTX_verify_fn \&\- X509_STORE_CTX initialisation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_STORE_CTX *X509_STORE_CTX_new(void); +\& void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +\& +\& int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, +\& X509 *x509, STACK_OF(X509) *chain); +\& +\& void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +\& +\& void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x); +\& STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain); +\& void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); +\& +\& X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +\& int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); +\& +\& STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +\& +\& int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); +\& +\& typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); +\& void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use +by \fBX509_verify_cert()\fR. +.PP +\&\fBX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure. +.PP +\&\fBX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure. +The context can then be reused with an new call to \fBX509_STORE_CTX_init()\fR. +.PP +\&\fBX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR +is no longer valid. +If \fBctx\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation. +It must be called before each call to \fBX509_verify_cert()\fR, i.e. a \fBctx\fR is only +good for one call to \fBX509_verify_cert()\fR; if you want to verify a second +certificate with the same \fBctx\fR then you must call \fBX509_STORE_CTX_cleanup()\fR +and then \fBX509_STORE_CTX_init()\fR again before the second call to +\&\fBX509_verify_cert()\fR. The trusted certificate store is set to \fBstore\fR, the end +entity certificate to be verified is set to \fBx509\fR and a set of additional +certificates (which will be untrusted but may be used to build the chain) in +\&\fBchain\fR. Any or all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be +\&\fB\s-1NULL\s0\fR. +.PP +\&\fBX509_STORE_CTX_set0_trusted_stack()\fR sets the set of trusted certificates of +\&\fBctx\fR to \fBsk\fR. This is an alternative way of specifying trusted certificates +instead of using an \fBX509_STORE\fR. +.PP +\&\fBX509_STORE_CTX_set_cert()\fR sets the certificate to be verified in \fBctx\fR to +\&\fBx\fR. +.PP +\&\fBX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain used +by \fBctx\fR to be \fBchain\fR. +Ownership of the chain is transferred to \fBctx\fR and should not be +free'd by the caller. +\&\fBX509_STORE_CTX_get0_chain()\fR returns a the internal pointer used by the +\&\fBctx\fR that contains the validated chain. +.PP +\&\fBX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate +verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is +enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be +used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol, +for example in a PKCS#7 structure. +.PP +\&\fBX509_STORE_CTX_get0_param()\fR retrieves an internal pointer +to the verification parameters associated with \fBctx\fR. +.PP +\&\fBX509_STORE_CTX_get0_untrusted()\fR retrieves an internal pointer to the +stack of untrusted certificates associated with \fBctx\fR. +.PP +\&\fBX509_STORE_CTX_set0_untrusted()\fR sets the internal point to the stack +of untrusted certificates associated with \fBctx\fR to \fBsk\fR. +.PP +\&\fBX509_STORE_CTX_set0_param()\fR sets the internal verification parameter pointer +to \fBparam\fR. After this call \fBparam\fR should not be used. +.PP +\&\fBX509_STORE_CTX_set_default()\fR looks up and sets the default verification +method to \fBname\fR. This uses the function \fBX509_VERIFY_PARAM_lookup()\fR to +find an appropriate set of parameters from \fBname\fR. +.PP +\&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates +that were used in building the chain following a call to \fBX509_verify_cert()\fR. +.PP +\&\fBX509_STORE_CTX_set_verify()\fR provides the capability for overriding the default +verify function. This function is responsible for verifying chain signatures and +expiration times. +.PP +A verify function is defined as an X509_STORE_CTX_verify type which has the +following signature: +.PP +.Vb 1 +\& int (*verify)(X509_STORE_CTX *); +.Ve +.PP +This function should receive the current X509_STORE_CTX as a parameter and +return 1 on success or 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The certificates and CRLs in a store are used internally and should \fBnot\fR +be freed up until after the associated \fBX509_STORE_CTX\fR is freed. +.SH "BUGS" +.IX Header "BUGS" +The certificates and CRLs in a context are used internally and should \fBnot\fR +be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies +should be made or reference counts increased instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an +error occurred. +.PP +\&\fBX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fBX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR +structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBX509_STORE_CTX_cleanup()\fR, \fBX509_STORE_CTX_free()\fR, +\&\fBX509_STORE_CTX_set0_trusted_stack()\fR, +\&\fBX509_STORE_CTX_set_cert()\fR, +\&\fBX509_STORE_CTX_set0_crls()\fR and \fBX509_STORE_CTX_set0_param()\fR do not return +values. +.PP +\&\fBX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates +used. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify_cert\fR\|(3) +\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_STORE_CTX_set0_crls()\fR function was added in OpenSSL 1.0.0. +The \fBX509_STORE_CTX_get_num_untrusted()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_CTX_set_verify_cb.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_CTX_set_verify_cb.3 new file mode 100644 index 00000000..1312285f --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_CTX_set_verify_cb.3 @@ -0,0 +1,334 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_SET_VERIFY_CB 3" +.TH X509_STORE_CTX_SET_VERIFY_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_get_cleanup, X509_STORE_CTX_get_lookup_crls, X509_STORE_CTX_get_lookup_certs, X509_STORE_CTX_get_check_policy, X509_STORE_CTX_get_cert_crl, X509_STORE_CTX_get_check_crl, X509_STORE_CTX_get_get_crl, X509_STORE_CTX_get_check_revocation, X509_STORE_CTX_get_check_issued, X509_STORE_CTX_get_get_issuer, X509_STORE_CTX_get_verify_cb, X509_STORE_CTX_set_verify_cb, X509_STORE_CTX_verify_cb \&\- get and set verification callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +\& +\& X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, +\& X509_STORE_CTX_verify_cb verify_cb); +\& +\& X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBverify_cb\fR overwriting any existing callback. +.PP +The verification callback can be used to customise the operation of certificate +verification, either by overriding error conditions or logging errors for +debugging purposes. +.PP +However a verification callback is \fBnot\fR essential and the default operation +is often sufficient. +.PP +The \fBok\fR parameter to the callback indicates the value the callback should +return to retain the default behaviour. If it is zero then an error condition +is indicated. If it is 1 then no error occurred. If the flag +\&\fBX509_V_FLAG_NOTIFY_POLICY\fR is set then \fBok\fR is set to 2 to indicate the +policy checking is complete. +.PP +The \fBctx\fR parameter to the callback is the \fBX509_STORE_CTX\fR structure that +is performing the verification operation. A callback can examine this +structure and receive additional information about the error, for example +by calling \fBX509_STORE_CTX_get_current_cert()\fR. Additional application data can +be passed to the callback via the \fBex_data\fR mechanism. +.PP +\&\fBX509_STORE_CTX_get_verify_cb()\fR returns the value of the current callback +for the specific \fBctx\fR. +.PP +\&\fBX509_STORE_CTX_get_get_issuer()\fR, +\&\fBX509_STORE_CTX_get_check_issued()\fR, \fBX509_STORE_CTX_get_check_revocation()\fR, +\&\fBX509_STORE_CTX_get_get_crl()\fR, \fBX509_STORE_CTX_get_check_crl()\fR, +\&\fBX509_STORE_CTX_get_cert_crl()\fR, \fBX509_STORE_CTX_get_check_policy()\fR, +\&\fBX509_STORE_CTX_get_lookup_certs()\fR, \fBX509_STORE_CTX_get_lookup_crls()\fR +and \fBX509_STORE_CTX_get_cleanup()\fR return the function pointers cached +from the corresponding \fBX509_STORE\fR, please see +\&\fBX509_STORE_set_verify\fR\|(3) for more information. +.SH "WARNINGS" +.IX Header "WARNINGS" +In general a verification callback should \fB\s-1NOT\s0\fR unconditionally return 1 in +all circumstances because this will allow verification to succeed no matter +what the error. This effectively removes all security from the application +because \fBany\fR certificate (including untrusted generated ones) will be +accepted. +.SH "NOTES" +.IX Header "NOTES" +The verification callback can be set and inherited from the parent structure +performing the operation. In some cases (such as S/MIME verification) the +\&\fBX509_STORE_CTX\fR structure is created and destroyed internally and the +only way to set a custom verification callback is by inheriting it from the +associated \fBX509_STORE\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_CTX_set_verify_cb()\fR does not return a value. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Default callback operation: +.PP +.Vb 3 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) { +\& return ok; +\& } +.Ve +.PP +Simple example, suppose a certificate in the chain is expired and we wish +to continue after this error: +.PP +.Vb 7 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) { +\& /* Tolerate certificate expiration */ +\& if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED) +\& return 1; +\& /* Otherwise don\*(Aqt override */ +\& return ok; +\& } +.Ve +.PP +More complex example, we don't wish to continue after \fBany\fR certificate has +expired just one specific case: +.PP +.Vb 4 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& int err = X509_STORE_CTX_get_error(ctx); +\& X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& +\& if (err == X509_V_ERR_CERT_HAS_EXPIRED) { +\& if (check_is_acceptable_expired_cert(err_cert) +\& return 1; +\& } +\& return ok; +\& } +.Ve +.PP +Full featured logging callback. In this case the \fBbio_err\fR is assumed to be +a global logging \fB\s-1BIO\s0\fR, an alternative would to store a \s-1BIO\s0 in \fBctx\fR using +\&\fBex_data\fR. +.PP +.Vb 4 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& X509 *err_cert; +\& int err, depth; +\& +\& err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& err = X509_STORE_CTX_get_error(ctx); +\& depth = X509_STORE_CTX_get_error_depth(ctx); +\& +\& BIO_printf(bio_err, "depth=%d ", depth); +\& if (err_cert) { +\& X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), +\& 0, XN_FLAG_ONELINE); +\& BIO_puts(bio_err, "\en"); +\& } +\& else +\& BIO_puts(bio_err, "\en"); +\& if (!ok) +\& BIO_printf(bio_err, "verify error:num=%d:%s\en", err, +\& X509_verify_cert_error_string(err)); +\& switch (err) { +\& case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: +\& BIO_puts(bio_err, "issuer= "); +\& X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), +\& 0, XN_FLAG_ONELINE); +\& BIO_puts(bio_err, "\en"); +\& break; +\& case X509_V_ERR_CERT_NOT_YET_VALID: +\& case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: +\& BIO_printf(bio_err, "notBefore="); +\& ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); +\& BIO_printf(bio_err, "\en"); +\& break; +\& case X509_V_ERR_CERT_HAS_EXPIRED: +\& case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: +\& BIO_printf(bio_err, "notAfter="); +\& ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); +\& BIO_printf(bio_err, "\en"); +\& break; +\& case X509_V_ERR_NO_EXPLICIT_POLICY: +\& policies_print(bio_err, ctx); +\& break; +\& } +\& if (err == X509_V_OK && ok == 2) +\& /* print out policies */ +\& +\& BIO_printf(bio_err, "verify return:%d\en", ok); +\& return(ok); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_CTX_get_error\fR\|(3) +\&\fBX509_STORE_set_verify_cb_func\fR\|(3) +\&\fBX509_STORE_CTX_get_ex_new_index\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fBX509_STORE_CTX_get_get_issuer()\fR, +\&\fBX509_STORE_CTX_get_check_issued()\fR, \fBX509_STORE_CTX_get_check_revocation()\fR, +\&\fBX509_STORE_CTX_get_get_crl()\fR, \fBX509_STORE_CTX_get_check_crl()\fR, +\&\fBX509_STORE_CTX_get_cert_crl()\fR, \fBX509_STORE_CTX_get_check_policy()\fR, +\&\fBX509_STORE_CTX_get_lookup_certs()\fR, \fBX509_STORE_CTX_get_lookup_crls()\fR +and \fBX509_STORE_CTX_get_cleanup()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_add_cert.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_add_cert.3 new file mode 100644 index 00000000..e787ec45 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_add_cert.3 @@ -0,0 +1,243 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_ADD_CERT 3" +.TH X509_STORE_ADD_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE, X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, X509_STORE_add_lookup, X509_STORE_load_locations, X509_STORE_set_default_paths \&\- X509_STORE manipulation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef x509_store_st X509_STORE; +\& +\& int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +\& int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); +\& int X509_STORE_set_depth(X509_STORE *store, int depth); +\& int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +\& int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); +\& int X509_STORE_set_trust(X509_STORE *ctx, int trust); +\& +\& X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store, +\& X509_LOOKUP_METHOD *meth); +\& +\& int X509_STORE_load_locations(X509_STORE *ctx, +\& const char *file, const char *dir); +\& int X509_STORE_set_default_paths(X509_STORE *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_STORE\fR structure is intended to be a consolidated mechanism for +holding information about X.509 certificates and CRLs, and constructing +and validating chains of certificates terminating in trusted roots. +It admits multiple lookup mechanisms and efficient scaling performance +with large numbers of certificates, and a great deal of flexibility in +how validation and policy checks are performed. +.PP +\&\fBX509_STORE_new\fR\|(3) creates an empty \fBX509_STORE\fR structure, which contains +no information about trusted certificates or where such certificates +are located on disk, and is generally not usable. Normally, trusted +certificates will be added to the \fBX509_STORE\fR to prepare it for use, +via mechanisms such as \fBX509_STORE_add_lookup()\fR and \fBX509_LOOKUP_file()\fR, or +\&\fBPEM_read_bio_X509_AUX()\fR and \fBX509_STORE_add_cert()\fR. CRLs can also be added, +and many behaviors configured as desired. +.PP +Once the \fBX509_STORE\fR is suitably configured, \fBX509_STORE_CTX_new()\fR is +used to instantiate a single-use \fBX509_STORE_CTX\fR for each chain-building +and verification operation. That process includes providing the end-entity +certificate to be verified and an additional set of untrusted certificates +that may be used in chain-building. As such, it is expected that the +certificates included in the \fBX509_STORE\fR are certificates that represent +trusted entities such as root certificate authorities (CAs). +OpenSSL represents these trusted certificates internally as \fBX509\fR objects +with an associated \fBX509_CERT_AUX\fR, as are produced by +\&\fBPEM_read_bio_X509_AUX()\fR and similar routines that refer to X509_AUX. +The public interfaces that operate on such trusted certificates still +operate on pointers to \fBX509\fR objects, though. +.PP +\&\fBX509_STORE_add_cert()\fR and \fBX509_STORE_add_crl()\fR add the respective object +to the \fBX509_STORE\fR's local storage. Untrusted objects should not be +added in this way. The added object's reference count is incremented by one, +hence the caller retains ownership of the object and needs to free it when it +is no longer needed. +.PP +\&\fBX509_STORE_set_depth()\fR, \fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, +\&\fBX509_STORE_set_trust()\fR, and \fBX509_STORE_set1_param()\fR set the default values +for the corresponding values used in certificate chain validation. Their +behavior is documented in the corresponding \fBX509_VERIFY_PARAM\fR manual +pages, e.g., \fBX509_VERIFY_PARAM_set_depth\fR\|(3). +.PP +\&\fBX509_STORE_add_lookup()\fR finds or creates a \fBX509_LOOKUP\fR\|(3) with the +\&\fBX509_LOOKUP_METHOD\fR\|(3) \fImeth\fR and adds it to the \fBX509_STORE\fR +\&\fIstore\fR. This also associates the \fBX509_STORE\fR with the lookup, so +\&\fBX509_LOOKUP\fR functions can look up objects in that store. +.PP +\&\fBX509_STORE_load_locations()\fR loads trusted certificate(s) into an +\&\fBX509_STORE\fR from a given file and/or directory path. It is permitted +to specify just a file, just a directory, or both paths. The certificates +in the directory must be in hashed form, as documented in +\&\fBX509_LOOKUP_hash_dir\fR\|(3). +.PP +\&\fBX509_STORE_set_default_paths()\fR is somewhat misnamed, in that it does not +set what default paths should be used for loading certificates. Instead, +it loads certificates into the \fBX509_STORE\fR from the hardcoded default +paths. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_add_cert()\fR, \fBX509_STORE_add_crl()\fR, \fBX509_STORE_set_depth()\fR, +\&\fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, +\&\fBX509_STORE_set_trust()\fR, \fBX509_STORE_load_locations()\fR, and +\&\fBX509_STORE_set_default_paths()\fR return 1 on success or 0 on failure. +.PP +\&\fBX509_STORE_add_lookup()\fR returns the found or created +\&\fBX509_LOOKUP\fR\|(3), or \s-1NULL\s0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_LOOKUP_hash_dir\fR\|(3). +\&\fBX509_VERIFY_PARAM_set_depth\fR\|(3). +\&\fBX509_STORE_new\fR\|(3), +\&\fBX509_STORE_get0_param\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_get0_param.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_get0_param.3 new file mode 100644 index 00000000..325d199a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_get0_param.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_GET0_PARAM 3" +.TH X509_STORE_GET0_PARAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_get0_param, X509_STORE_set1_param, X509_STORE_get0_objects \- X509_STORE setter and getter functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); +\& int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +\& STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_STORE_set1_param()\fR sets the verification parameters +to \fBpm\fR for \fBctx\fR. +.PP +\&\fBX509_STORE_get0_param()\fR retrieves an internal pointer to the verification +parameters for \fBctx\fR. The returned pointer must not be freed by the +calling application +.PP +\&\fBX509_STORE_get0_objects()\fR retrieve an internal pointer to the store's +X509 object cache. The cache contains \fBX509\fR and \fBX509_CRL\fR objects. The +returned pointer must not be freed by the calling application. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_get0_param()\fR returns a pointer to an +\&\fBX509_VERIFY_PARAM\fR structure. +.PP +\&\fBX509_STORE_set1_param()\fR returns 1 for success and 0 for failure. +.PP +\&\fBX509_STORE_get0_objects()\fR returns a pointer to a stack of \fBX509_OBJECT\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_STORE_get0_param\fR and \fBX509_STORE_get0_objects\fR were added in +OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_new.3 new file mode 100644 index 00000000..7f7fcfa2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_new.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_NEW 3" +.TH X509_STORE_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, X509_STORE_unlock \- X509_STORE allocation, freeing and locking functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_STORE *X509_STORE_new(void); +\& void X509_STORE_free(X509_STORE *v); +\& int X509_STORE_lock(X509_STORE *v); +\& int X509_STORE_unlock(X509_STORE *v); +\& int X509_STORE_up_ref(X509_STORE *v); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_STORE_new()\fR function returns a new X509_STORE. +.PP +\&\fBX509_STORE_up_ref()\fR increments the reference count associated with the +X509_STORE object. +.PP +\&\fBX509_STORE_lock()\fR locks the store from modification by other threads, +\&\fBX509_STORE_unlock()\fR unlocks it. +.PP +\&\fBX509_STORE_free()\fR frees up a single X509_STORE object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_new()\fR returns a newly created X509_STORE or \s-1NULL\s0 if the call fails. +.PP +\&\fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR return +1 for success and 0 for failure. +.PP +\&\fBX509_STORE_free()\fR does not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_set_verify_cb_func\fR\|(3) +\&\fBX509_STORE_get0_param\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR +functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_set_verify_cb_func.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_set_verify_cb_func.3 new file mode 100644 index 00000000..15ccb7c6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_STORE_set_verify_cb_func.3 @@ -0,0 +1,364 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_SET_VERIFY_CB_FUNC 3" +.TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_set_lookup_crls_cb, X509_STORE_set_verify_func, X509_STORE_get_cleanup, X509_STORE_set_cleanup, X509_STORE_get_lookup_crls, X509_STORE_set_lookup_crls, X509_STORE_get_lookup_certs, X509_STORE_set_lookup_certs, X509_STORE_get_check_policy, X509_STORE_set_check_policy, X509_STORE_get_cert_crl, X509_STORE_set_cert_crl, X509_STORE_get_check_crl, X509_STORE_set_check_crl, X509_STORE_get_get_crl, X509_STORE_set_get_crl, X509_STORE_get_check_revocation, X509_STORE_set_check_revocation, X509_STORE_get_check_issued, X509_STORE_set_check_issued, X509_STORE_get_get_issuer, X509_STORE_set_get_issuer, X509_STORE_CTX_get_verify, X509_STORE_set_verify, X509_STORE_get_verify_cb, X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb, X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn, X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn \&\- set verification callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, +\& X509_STORE_CTX *ctx, X509 *x); +\& typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, +\& X509 *x, X509 *issuer); +\& typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); +\& typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, +\& X509_CRL **crl, X509 *x); +\& typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); +\& typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, +\& X509_CRL *crl, X509 *x); +\& typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); +\& typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, +\& X509_NAME *nm); +\& typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, +\& X509_NAME *nm); +\& typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_verify_cb(X509_STORE *ctx, +\& X509_STORE_CTX_verify_cb verify_cb); +\& X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +\& X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_get_issuer(X509_STORE *ctx, +\& X509_STORE_CTX_get_issuer_fn get_issuer); +\& X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_issued(X509_STORE *ctx, +\& X509_STORE_CTX_check_issued_fn check_issued); +\& X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_revocation(X509_STORE *ctx, +\& X509_STORE_CTX_check_revocation_fn check_revocation); +\& X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_get_crl(X509_STORE *ctx, +\& X509_STORE_CTX_get_crl_fn get_crl); +\& X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_crl(X509_STORE *ctx, +\& X509_STORE_CTX_check_crl_fn check_crl); +\& X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_cert_crl(X509_STORE *ctx, +\& X509_STORE_CTX_cert_crl_fn cert_crl); +\& X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_policy(X509_STORE *ctx, +\& X509_STORE_CTX_check_policy_fn check_policy); +\& X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_lookup_certs(X509_STORE *ctx, +\& X509_STORE_CTX_lookup_certs_fn lookup_certs); +\& X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_lookup_crls(X509_STORE *ctx, +\& X509_STORE_CTX_lookup_crls_fn lookup_crls); +\& X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_cleanup(X509_STORE *ctx, +\& X509_STORE_CTX_cleanup_fn cleanup); +\& X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx); +\& +\& /* Aliases */ +\& void X509_STORE_set_verify_cb_func(X509_STORE *st, +\& X509_STORE_CTX_verify_cb verify_cb); +\& void X509_STORE_set_verify_func(X509_STORE *ctx, +\& X509_STORE_CTX_verify_fn verify); +\& void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, +\& X509_STORE_CTX_lookup_crls_fn lookup_crls); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBverify_cb\fR overwriting the previous callback. +The callback assigned with this function becomes a default for the one +that can be assigned directly to the corresponding \fBX509_STORE_CTX\fR, +please see \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further information. +.PP +\&\fBX509_STORE_set_verify()\fR sets the final chain verification function for +\&\fBctx\fR to \fBverify\fR. +Its purpose is to go through the chain of certificates and check that +all signatures are valid and that the current time is within the +limits of each certificate's first and last validity time. +The final chain verification functions must return 0 on failure and 1 +on success. +\&\fIIf no chain verification function is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_get_issuer()\fR sets the function to get the issuer +certificate that verifies the given certificate \fBx\fR. +When found, the issuer certificate must be assigned to \fB*issuer\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_check_issued()\fR sets the function to check that a given +certificate \fBx\fR is issued with the issuer certificate \fBissuer\fR. +This function must return 0 on failure (among others if \fBx\fR hasn't +been issued with \fBissuer\fR) and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_check_revocation()\fR sets the revocation checking +function. +Its purpose is to look through the final chain and check the +revocation status for each certificate. +It must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_get_crl()\fR sets the function to get the crl for a given +certificate \fBx\fR. +When found, the crl must be assigned to \fB*crl\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_check_crl()\fR sets the function to check the validity of +the given \fBcrl\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_cert_crl()\fR sets the function to check the revocation +status of the given certificate \fBx\fR against the given \fBcrl\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_check_policy()\fR sets the function to check the policies +of all the certificates in the final chain.. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_lookup_certs()\fR and \fBX509_STORE_set_lookup_crls()\fR set the +functions to look up all the certs or all the CRLs that match the +given name \fBnm\fR. +These functions return \s-1NULL\s0 on failure and a pointer to a stack of +certificates (\fBX509\fR) or to a stack of CRLs (\fBX509_CRL\fR) on +success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_cleanup()\fR sets the final cleanup function, which is +called when the context (\fBX509_STORE_CTX\fR) is being torn down. +This function doesn't return any value. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_get_verify_cb()\fR, \fBX509_STORE_CTX_get_verify()\fR, +\&\fBX509_STORE_get_get_issuer()\fR, \fBX509_STORE_get_check_issued()\fR, +\&\fBX509_STORE_get_check_revocation()\fR, \fBX509_STORE_get_get_crl()\fR, +\&\fBX509_STORE_get_check_crl()\fR, \fBX509_STORE_set_verify()\fR, +\&\fBX509_STORE_set_get_issuer()\fR, \fBX509_STORE_get_cert_crl()\fR, +\&\fBX509_STORE_get_check_policy()\fR, \fBX509_STORE_get_lookup_certs()\fR, +\&\fBX509_STORE_get_lookup_crls()\fR and \fBX509_STORE_get_cleanup()\fR all return +the function pointer assigned with \fBX509_STORE_set_check_issued()\fR, +\&\fBX509_STORE_set_check_revocation()\fR, \fBX509_STORE_set_get_crl()\fR, +\&\fBX509_STORE_set_check_crl()\fR, \fBX509_STORE_set_cert_crl()\fR, +\&\fBX509_STORE_set_check_policy()\fR, \fBX509_STORE_set_lookup_certs()\fR, +\&\fBX509_STORE_set_lookup_crls()\fR and \fBX509_STORE_set_cleanup()\fR, or \s-1NULL\s0 if +no assignment has been made. +.PP +\&\fBX509_STORE_set_verify_cb_func()\fR, \fBX509_STORE_set_verify_func()\fR and +\&\fBX509_STORE_set_lookup_crls_cb()\fR are aliases for +\&\fBX509_STORE_set_verify_cb()\fR, \fBX509_STORE_set_verify()\fR and +X509_STORE_set_lookup_crls, available as macros for backward +compatibility. +.SH "NOTES" +.IX Header "NOTES" +All the callbacks from a \fBX509_STORE\fR are inherited by the +corresponding \fBX509_STORE_CTX\fR structure when it is initialized. +See \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further details. +.SH "BUGS" +.IX Header "BUGS" +The macro version of this function was the only one available before +OpenSSL 1.0.0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The X509_STORE_set_*() functions do not return a value. +.PP +The X509_STORE_get_*() functions return a pointer of the appropriate +function type. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_CTX_set_verify_cb\fR\|(3), \fBX509_STORE_CTX_get0_chain\fR\|(3), +\&\fBX509_STORE_CTX_verify_cb\fR\|(3), \fBX509_STORE_CTX_verify_fn\fR\|(3), +\&\fBCMS_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_STORE_set_verify_cb()\fR function was added in OpenSSL 1.0.0. +.PP +The functions +\&\fBX509_STORE_set_verify_cb()\fR, \fBX509_STORE_get_verify_cb()\fR, +\&\fBX509_STORE_set_verify()\fR, \fBX509_STORE_CTX_get_verify()\fR, +\&\fBX509_STORE_set_get_issuer()\fR, \fBX509_STORE_get_get_issuer()\fR, +\&\fBX509_STORE_set_check_issued()\fR, \fBX509_STORE_get_check_issued()\fR, +\&\fBX509_STORE_set_check_revocation()\fR, \fBX509_STORE_get_check_revocation()\fR, +\&\fBX509_STORE_set_get_crl()\fR, \fBX509_STORE_get_get_crl()\fR, +\&\fBX509_STORE_set_check_crl()\fR, \fBX509_STORE_get_check_crl()\fR, +\&\fBX509_STORE_set_cert_crl()\fR, \fBX509_STORE_get_cert_crl()\fR, +\&\fBX509_STORE_set_check_policy()\fR, \fBX509_STORE_get_check_policy()\fR, +\&\fBX509_STORE_set_lookup_certs()\fR, \fBX509_STORE_get_lookup_certs()\fR, +\&\fBX509_STORE_set_lookup_crls()\fR, \fBX509_STORE_get_lookup_crls()\fR, +\&\fBX509_STORE_set_cleanup()\fR and \fBX509_STORE_get_cleanup()\fR +were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_VERIFY_PARAM_set_flags.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_VERIFY_PARAM_set_flags.3 new file mode 100644 index 00000000..edd57c00 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_VERIFY_PARAM_set_flags.3 @@ -0,0 +1,500 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_VERIFY_PARAM_SET_FLAGS 3" +.TH X509_VERIFY_PARAM_SET_FLAGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_get_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc \&\- X509 verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, +\& unsigned long flags); +\& int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, +\& unsigned long flags); +\& unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, +\& uint32_t flags); +\& uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +\& int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +\& +\& void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +\& time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, +\& ASN1_OBJECT *policy); +\& int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, +\& STACK_OF(ASN1_OBJECT) *policies); +\& +\& void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +\& int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +\& +\& void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, +\& int auth_level); +\& int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, +\& const char *name, size_t namelen); +\& int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, +\& const char *name, size_t namelen); +\& void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, +\& unsigned int flags); +\& unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); +\& char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); +\& int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, +\& const char *email, size_t emaillen); +\& int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, +\& const unsigned char *ip, size_t iplen); +\& int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with +a certificate verification operation. +.PP +The \fBX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring +it with \fBflags\fR. See the \fB\s-1VERIFICATION FLAGS\s0\fR section for a complete +description of values the \fBflags\fR parameter can take. +.PP +\&\fBX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR. +.PP +\&\fBX509_VERIFY_PARAM_get_inh_flags()\fR returns the inheritance flags in \fBparam\fR +which specifies how verification flags are copied from one structure to +another. \fBX509_VERIFY_PARAM_set_inh_flags()\fR sets the inheritance flags. +See the \fB\s-1INHERITANCE FLAGS\s0\fR section for a description of these bits. +.PP +\&\fBX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR. +.PP +\&\fBX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR +to \fBpurpose\fR. This determines the acceptable purpose of the certificate +chain, for example \s-1SSL\s0 client or \s-1SSL\s0 server. +.PP +\&\fBX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to +\&\fBtrust\fR. +.PP +\&\fBX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to +\&\fBt\fR. Normally the current time is used. +.PP +\&\fBX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled +by default) and adds \fBpolicy\fR to the acceptable policy set. +.PP +\&\fBX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled +by default) and sets the acceptable policy set to \fBpolicies\fR. Any existing +policy set is cleared. The \fBpolicies\fR parameter can be \fB\s-1NULL\s0\fR to clear +an existing policy set. +.PP +\&\fBX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR. +That is the maximum number of intermediate \s-1CA\s0 certificates that can appear in a +chain. +A maximal depth chain contains 2 more certificates than the limit, since +neither the end-entity certificate nor the trust-anchor count against this +limit. +Thus a \fBdepth\fR limit of 0 only allows the end-entity certificate to be signed +directly by the trust-anchor, while with a \fBdepth\fR limit of 1 there can be one +intermediate \s-1CA\s0 certificate between the trust-anchor and the end-entity +certificate. +.PP +\&\fBX509_VERIFY_PARAM_set_auth_level()\fR sets the authentication security level to +\&\fBauth_level\fR. +The authentication security level determines the acceptable signature and public +key strength when verifying certificate chains. +For a certificate chain to validate, the public keys of all the certificates +must meet the specified security level. +The signature algorithm security level is not enforced for the chain's \fItrust +anchor\fR certificate, which is either directly trusted or validated by means other +than its signature. +See \fBSSL_CTX_set_security_level\fR\|(3) for the definitions of the available +levels. +The default security level is \-1, or \*(L"not set\*(R". +At security level 0 or lower all algorithms are acceptable. +Security level 1 requires at least 80\-bit\-equivalent security and is broadly +interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 keys +shorter than 1024 bits. +.PP +\&\fBX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to +\&\fBname\fR clearing any previously specified host name or names. If +\&\fBname\fR is \s-1NULL,\s0 or empty the list of hostnames is cleared, and +name checks are not performed on the peer certificate. If \fBname\fR +is NUL-terminated, \fBnamelen\fR may be zero, otherwise \fBnamelen\fR +must be set to the length of \fBname\fR. +.PP +When a hostname is specified, +certificate verification automatically invokes \fBX509_check_host\fR\|(3) +with flags equal to the \fBflags\fR argument given to +\&\fBX509_VERIFY_PARAM_set_hostflags()\fR (default zero). Applications +are strongly advised to use this interface in preference to explicitly +calling \fBX509_check_host\fR\|(3), hostname checks may be out of scope +with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will +be suppressed as appropriate when \s-1DANE\s0 verification is enabled. +.PP +When the subject CommonName will not be ignored, whether as a result of the +\&\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR host flag, or because no \s-1DNS\s0 subject +alternative names are present in the certificate, any \s-1DNS\s0 name constraints in +issuer certificates apply to the subject CommonName as well as the subject +alternative name extension. +.PP +When the subject CommonName will be ignored, whether as a result of the +\&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR host flag, or because some \s-1DNS\s0 subject +alternative names are present in the certificate, \s-1DNS\s0 name constraints in +issuer certificates will not be applied to the subject \s-1DN.\s0 +As described in \fBX509_check_host\fR\|(3) the \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR +flag takes precedence over the \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag. +.PP +\&\fBX509_VERIFY_PARAM_get_hostflags()\fR returns any host flags previously set via a +call to \fBX509_VERIFY_PARAM_set_hostflags()\fR. +.PP +\&\fBX509_VERIFY_PARAM_add1_host()\fR adds \fBname\fR as an additional reference +identifier that can match the peer's certificate. Any previous names +set via \fBX509_VERIFY_PARAM_set1_host()\fR or \fBX509_VERIFY_PARAM_add1_host()\fR +are retained, no change is made if \fBname\fR is \s-1NULL\s0 or empty. When +multiple names are configured, the peer is considered verified when +any name matches. +.PP +\&\fBX509_VERIFY_PARAM_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject +CommonName from the peer certificate that matched one of the reference +identifiers. When wildcard matching is not disabled, or when a +reference identifier specifies a parent domain (starts with \*(L".\*(R") +rather than a hostname, the peer name may be a wildcard name or a +sub-domain of the reference identifier respectively. The return +string is allocated by the library and is no longer valid once the +associated \fBparam\fR argument is freed. Applications must not free +the return value. +.PP +\&\fBX509_VERIFY_PARAM_set1_email()\fR sets the expected \s-1RFC822\s0 email address to +\&\fBemail\fR. If \fBemail\fR is NUL-terminated, \fBemaillen\fR may be zero, otherwise +\&\fBemaillen\fR must be set to the length of \fBemail\fR. When an email address +is specified, certificate verification automatically invokes +\&\fBX509_check_email\fR\|(3). +.PP +\&\fBX509_VERIFY_PARAM_set1_ip()\fR sets the expected \s-1IP\s0 address to \fBip\fR. +The \fBip\fR argument is in binary format, in network byte-order and +\&\fBiplen\fR must be set to 4 for IPv4 and 16 for IPv6. When an \s-1IP\s0 +address is specified, certificate verification automatically invokes +\&\fBX509_check_ip\fR\|(3). +.PP +\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR sets the expected \s-1IP\s0 address to +\&\fBipasc\fR. The \fBipasc\fR argument is a NUL-terminal \s-1ASCII\s0 string: +dotted decimal quad for IPv4 and colon-separated hexadecimal for +IPv6. The condensed \*(L"::\*(R" notation is supported for IPv6 addresses. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_VERIFY_PARAM_set_flags()\fR, \fBX509_VERIFY_PARAM_clear_flags()\fR, +\&\fBX509_VERIFY_PARAM_set_inh_flags()\fR, +\&\fBX509_VERIFY_PARAM_set_purpose()\fR, \fBX509_VERIFY_PARAM_set_trust()\fR, +\&\fBX509_VERIFY_PARAM_add0_policy()\fR \fBX509_VERIFY_PARAM_set1_policies()\fR, +\&\fBX509_VERIFY_PARAM_set1_host()\fR, \fBX509_VERIFY_PARAM_add1_host()\fR, +\&\fBX509_VERIFY_PARAM_set1_email()\fR, \fBX509_VERIFY_PARAM_set1_ip()\fR and +\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR return 1 for success and 0 for +failure. +.PP +\&\fBX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags. +.PP +\&\fBX509_VERIFY_PARAM_get_hostflags()\fR returns any current host flags. +.PP +\&\fBX509_VERIFY_PARAM_get_inh_flags()\fR returns the current inheritance flags. +.PP +\&\fBX509_VERIFY_PARAM_set_time()\fR and \fBX509_VERIFY_PARAM_set_depth()\fR do not return +values. +.PP +\&\fBX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth. +.PP +\&\fBX509_VERIFY_PARAM_get_auth_level()\fR returns the current authentication security +level. +.SH "VERIFICATION FLAGS" +.IX Header "VERIFICATION FLAGS" +The verification flags consists of zero or more of the following flags +ored together. +.PP +\&\fBX509_V_FLAG_CRL_CHECK\fR enables \s-1CRL\s0 checking for the certificate chain leaf +certificate. An error occurs if a suitable \s-1CRL\s0 cannot be found. +.PP +\&\fBX509_V_FLAG_CRL_CHECK_ALL\fR enables \s-1CRL\s0 checking for the entire certificate +chain. +.PP +\&\fBX509_V_FLAG_IGNORE_CRITICAL\fR disabled critical extension checking. By default +any unhandled critical extensions in certificates or (if checked) CRLs results +in a fatal error. If this flag is set unhandled critical extensions are +ignored. \fB\s-1WARNING\s0\fR setting this option for anything other than debugging +purposes can be a security risk. Finer control over which extensions are +supported can be performed in the verification callback. +.PP +The \fBX509_V_FLAG_X509_STRICT\fR flag disables workarounds for some broken +certificates and makes the verification strictly apply \fBX509\fR rules. +.PP +\&\fBX509_V_FLAG_ALLOW_PROXY_CERTS\fR enables proxy certificate verification. +.PP +\&\fBX509_V_FLAG_POLICY_CHECK\fR enables certificate policy checking, by default +no policy checking is performed. Additional information is sent to the +verification callback relating to policy checking. +.PP +\&\fBX509_V_FLAG_EXPLICIT_POLICY\fR, \fBX509_V_FLAG_INHIBIT_ANY\fR and +\&\fBX509_V_FLAG_INHIBIT_MAP\fR set the \fBrequire explicit policy\fR, \fBinhibit any +policy\fR and \fBinhibit policy mapping\fR flags respectively as defined in +\&\fB\s-1RFC3280\s0\fR. Policy checking is automatically enabled if any of these flags +are set. +.PP +If \fBX509_V_FLAG_NOTIFY_POLICY\fR is set and the policy checking is successful +a special status code is set to the verification callback. This permits it +to examine the valid policy tree and perform additional checks or simply +log it for debugging purposes. +.PP +By default some additional features such as indirect CRLs and CRLs signed by +different keys are disabled. If \fBX509_V_FLAG_EXTENDED_CRL_SUPPORT\fR is set +they are enabled. +.PP +If \fBX509_V_FLAG_USE_DELTAS\fR is set delta CRLs (if present) are used to +determine certificate status. If not set deltas are ignored. +.PP +\&\fBX509_V_FLAG_CHECK_SS_SIGNATURE\fR enables checking of the root \s-1CA\s0 self signed +certificate signature. By default this check is disabled because it doesn't +add any additional security but in some cases applications might want to +check the signature anyway. A side effect of not checking the root \s-1CA\s0 +signature is that disabled or unsupported message digests on the root \s-1CA\s0 +are not treated as fatal errors. +.PP +When \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, construction of the certificate chain +in \fBX509_verify_cert\fR\|(3) will search the trust store for issuer certificates +before searching the provided untrusted certificates. +Local issuer certificates are often more likely to satisfy local security +requirements and lead to a locally trusted root. +This is especially important when some certificates in the trust store have +explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fBx509\fR\|(1)). +As of OpenSSL 1.1.0 this option is on by default. +.PP +The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag suppresses checking for alternative +chains. +By default, unless \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, when building a +certificate chain, if the first certificate chain found is not trusted, then +OpenSSL will attempt to replace untrusted certificates supplied by the peer +with certificates from the trust store to see if an alternative chain can be +found that is trusted. +As of OpenSSL 1.1.0, with \fBX509_V_FLAG_TRUSTED_FIRST\fR always set, this option +has no effect. +.PP +The \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag causes intermediate certificates in the +trust store to be treated as trust-anchors, in the same way as the self-signed +root \s-1CA\s0 certificates. +This makes it possible to trust certificates issued by an intermediate \s-1CA\s0 +without having to trust its ancestor root \s-1CA.\s0 +With OpenSSL 1.1.0 and later and set, chain +construction stops as soon as the first certificate from the trust store is +added to the chain, whether that certificate is a self-signed \*(L"root\*(R" +certificate or a not self-signed intermediate certificate. +Thus, when an intermediate certificate is found in the trust store, the +verified chain passed to callbacks may be shorter than it otherwise would +be without the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag. +.PP +The \fBX509_V_FLAG_NO_CHECK_TIME\fR flag suppresses checking the validity period +of certificates and CRLs against the current time. If \fBX509_VERIFY_PARAM_set_time()\fR +is used to specify a verification time, the check is not suppressed. +.SH "INHERITANCE FLAGS" +.IX Header "INHERITANCE FLAGS" +These flags specify how parameters are \*(L"inherited\*(R" from one structure to +another. +.PP +If \fBX509_VP_FLAG_ONCE\fR is set then the current setting is zeroed +after the next call. +.PP +If \fBX509_VP_FLAG_LOCKED\fR is set then no values are copied. This overrides +all of the following flags. +.PP +If \fBX509_VP_FLAG_DEFAULT\fR is set then anything set in the source is copied +to the destination. Effectively the values in \*(L"to\*(R" become default values +which will be used only if nothing new is set in \*(L"from\*(R". This is the +default. +.PP +If \fBX509_VP_FLAG_OVERWRITE\fR is set then all value are copied across whether +they are set or not. Flags is still Ored though. +.PP +If \fBX509_VP_FLAG_RESET_FLAGS\fR is set then the flags value is copied instead +of ORed. +.SH "NOTES" +.IX Header "NOTES" +The above functions should be used to manipulate verification parameters +instead of functions which work in specific structures such as +\&\fBX509_STORE_CTX_set_flags()\fR which are likely to be deprecated in a future +release. +.SH "BUGS" +.IX Header "BUGS" +Delta \s-1CRL\s0 checking is currently primitive. Only a single delta can be used and +(partly due to limitations of \fBX509_STORE\fR) constructed CRLs are not +maintained. +.PP +If CRLs checking is enable CRLs are expected to be available in the +corresponding \fBX509_STORE\fR structure. No attempt is made to download +CRLs from the \s-1CRL\s0 distribution points extension. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Enable \s-1CRL\s0 checking when performing certificate verification during \s-1SSL\s0 +connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR: +.PP +.Vb 1 +\& X509_VERIFY_PARAM *param; +\& +\& param = X509_VERIFY_PARAM_new(); +\& X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); +\& SSL_CTX_set1_param(ctx, param); +\& X509_VERIFY_PARAM_free(param); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_check_host\fR\|(3), +\&\fBX509_check_email\fR\|(3), +\&\fBX509_check_ip\fR\|(3), +\&\fBx509\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.1.0. +The flag \fBX509_V_FLAG_CB_ISSUER_CHECK\fR was deprecated in OpenSSL 1.1.0 +and has no effect. +.PP +The \fBX509_VERIFY_PARAM_get_hostflags()\fR function was added in OpenSSL 1.1.0i. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_check_ca.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_check_ca.3 new file mode 100644 index 00000000..548e6e93 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_check_ca.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_CA 3" +.TH X509_CHECK_CA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_ca \- check if given certificate is CA certificate +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_ca(X509 *cert); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function checks if given certificate is \s-1CA\s0 certificate (can be used +to sign other certificates). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Function return 0, if it is not \s-1CA\s0 certificate, 1 if it is proper X509v3 +\&\s-1CA\s0 certificate with \fBbasicConstraints\fR extension \s-1CA:TRUE, +3,\s0 if it is self-signed X509 v1 certificate, 4, if it is certificate with +\&\fBkeyUsage\fR extension with bit \fBkeyCertSign\fR set, but without +\&\fBbasicConstraints\fR, and 5 if it has outdated Netscape Certificate Type +extension telling that it is \s-1CA\s0 certificate. +.PP +Actually, any non-zero value means that this certificate could have been +used to sign other certificates. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_check_issued\fR\|(3), +\&\fBX509_check_purpose\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_check_host.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_check_host.3 new file mode 100644 index 00000000..c708f84c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_check_host.3 @@ -0,0 +1,288 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_HOST 3" +.TH X509_CHECK_HOST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc \- X.509 certificate matching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_host(X509 *, const char *name, size_t namelen, +\& unsigned int flags, char **peername); +\& int X509_check_email(X509 *, const char *address, size_t addresslen, +\& unsigned int flags); +\& int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen, +\& unsigned int flags); +\& int X509_check_ip_asc(X509 *, const char *address, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The certificate matching functions are used to check whether a +certificate matches a given host name, email address, or \s-1IP\s0 address. +The validity of the certificate and its trust level has to be checked by +other means. +.PP +\&\fBX509_check_host()\fR checks if the certificate Subject Alternative +Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified host +name, which must be encoded in the preferred name syntax described +in section 3.5 of \s-1RFC 1034.\s0 By default, wildcards are supported +and they match only in the left-most label; but they may match +part of that label with an explicit prefix or suffix. For example, +by default, the host \fBname\fR \*(L"www.example.com\*(R" would match a +certificate with a \s-1SAN\s0 or \s-1CN\s0 value of \*(L"*.example.com\*(R", \*(L"w*.example.com\*(R" +or \*(L"*w.example.com\*(R". +.PP +Per section 6.4.2 of \s-1RFC 6125,\s0 \fBname\fR values representing international +domain names must be given in A\-label form. The \fBnamelen\fR argument +must be the number of characters in the name string or zero in which +case the length is calculated with strlen(\fBname\fR). When \fBname\fR starts +with a dot (e.g \*(L".example.com\*(R"), it will be matched by a certificate +valid for any sub-domain of \fBname\fR, (see also +\&\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR below). +.PP +When the certificate is matched, and \fBpeername\fR is not \s-1NULL,\s0 a +pointer to a copy of the matching \s-1SAN\s0 or \s-1CN\s0 from the peer certificate +is stored at the address passed in \fBpeername\fR. The application +is responsible for freeing the peername via \fBOPENSSL_free()\fR when it +is no longer needed. +.PP +\&\fBX509_check_email()\fR checks if the certificate matches the specified +email \fBaddress\fR. Only the mailbox syntax of \s-1RFC 822\s0 is supported, +comments are not allowed, and no attempt is made to normalize quoted +characters. The \fBaddresslen\fR argument must be the number of +characters in the address string or zero in which case the length +is calculated with strlen(\fBaddress\fR). +.PP +\&\fBX509_check_ip()\fR checks if the certificate matches a specified IPv4 or +IPv6 address. The \fBaddress\fR array is in binary format, in network +byte order. The length is either 4 (IPv4) or 16 (IPv6). Only +explicitly marked addresses in the certificates are considered; \s-1IP\s0 +addresses stored in \s-1DNS\s0 names and Common Names are ignored. +.PP +\&\fBX509_check_ip_asc()\fR is similar, except that the NUL-terminated +string \fBaddress\fR is first converted to the internal representation. +.PP +The \fBflags\fR argument is usually 0. It can be the bitwise \s-1OR\s0 of the +flags: +.IP "\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR," 4 +.IX Item "X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT," +.PD 0 +.IP "\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR," 4 +.IX Item "X509_CHECK_FLAG_NEVER_CHECK_SUBJECT," +.IP "\fBX509_CHECK_FLAG_NO_WILDCARDS\fR," 4 +.IX Item "X509_CHECK_FLAG_NO_WILDCARDS," +.IP "\fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR," 4 +.IX Item "X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS," +.IP "\fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR." 4 +.IX Item "X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS." +.IP "\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR." 4 +.IX Item "X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS." +.PD +.PP +The \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag causes the function +to consider the subject \s-1DN\s0 even if the certificate contains at least +one subject alternative name of the right type (\s-1DNS\s0 name or email +address as appropriate); the default is to ignore the subject \s-1DN\s0 +when at least one corresponding subject alternative names is present. +.PP +The \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR flag causes the function to never +consider the subject \s-1DN\s0 even if the certificate contains no subject alternative +names of the right type (\s-1DNS\s0 name or email address as appropriate); the default +is to use the subject \s-1DN\s0 when no corresponding subject alternative names are +present. +If both \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR and +\&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR are specified, the latter takes +precedence and the subject \s-1DN\s0 is not checked for matching names. +.PP +If set, \fBX509_CHECK_FLAG_NO_WILDCARDS\fR disables wildcard +expansion; this only applies to \fBX509_check_host\fR. +.PP +If set, \fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR suppresses support +for \*(L"*\*(R" as wildcard pattern in labels that have a prefix or suffix, +such as: \*(L"www*\*(R" or \*(L"*www\*(R"; this only applies to \fBX509_check_host\fR. +.PP +If set, \fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR allows a \*(L"*\*(R" that +constitutes the complete label of a \s-1DNS\s0 name (e.g. \*(L"*.example.com\*(R") +to match more than one label in \fBname\fR; this flag only applies +to \fBX509_check_host\fR. +.PP +If set, \fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR restricts \fBname\fR +values which start with \*(L".\*(R", that would otherwise match any sub-domain +in the peer certificate, to only match direct child sub-domains. +Thus, for instance, with this flag set a \fBname\fR of \*(L".example.com\*(R" +would match a peer certificate with a \s-1DNS\s0 name of \*(L"www.example.com\*(R", +but would not match a peer certificate with a \s-1DNS\s0 name of +\&\*(L"www.sub.example.com\*(R"; this flag only applies to \fBX509_check_host\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return 1 for a successful match, 0 for a failed match +and \-1 for an internal error: typically a memory allocation failure +or an \s-1ASN.1\s0 decoding error. +.PP +All functions can also return \-2 if the input is malformed. For example, +\&\fBX509_check_host()\fR returns \-2 if the provided \fBname\fR contains embedded +NULs. +.SH "NOTES" +.IX Header "NOTES" +Applications are encouraged to use \fBX509_VERIFY_PARAM_set1_host()\fR +rather than explicitly calling \fBX509_check_host\fR\|(3). Host name +checks may be out of scope with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, +and the internal checks will be suppressed as appropriate when +\&\s-1DANE\s0 support is enabled. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_host\fR\|(3), +\&\fBX509_VERIFY_PARAM_add1_host\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_email\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_ip\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_ipasc\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_check_issued.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_check_issued.3 new file mode 100644 index 00000000..a3f58496 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_check_issued.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_ISSUED 3" +.TH X509_CHECK_ISSUED 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_issued \- checks if certificate is issued by another certificate +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_issued(X509 *issuer, X509 *subject); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function checks if certificate \fIsubject\fR was issued using \s-1CA\s0 +certificate \fIissuer\fR. This function takes into account not only +matching of issuer field of \fIsubject\fR with subject field of \fIissuer\fR, +but also compares \fBauthorityKeyIdentifier\fR extension of \fIsubject\fR with +\&\fBsubjectKeyIdentifier\fR of \fIissuer\fR if \fBauthorityKeyIdentifier\fR +present in the \fIsubject\fR certificate and checks \fBkeyUsage\fR field of +\&\fIissuer\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Function return \fBX509_V_OK\fR if certificate \fIsubject\fR is issued by +\&\fIissuer\fR or some \fBX509_V_ERR*\fR constant to indicate an error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_check_ca\fR\|(3), +\&\fBverify\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_check_private_key.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_check_private_key.3 new file mode 100644 index 00000000..fe51bda3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_check_private_key.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_PRIVATE_KEY 3" +.TH X509_CHECK_PRIVATE_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_private_key, X509_REQ_check_private_key \- check the consistency of a private key with the public key in an X509 certificate or certificate request +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_private_key(X509 *x, EVP_PKEY *k); +\& +\& int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_check_private_key()\fR function checks the consistency of private +key \fBk\fR with the public key in \fBx\fR. +.PP +\&\fBX509_REQ_check_private_key()\fR is equivalent to \fBX509_check_private_key()\fR +except that \fBx\fR represents a certificate request of structure \fBX509_REQ\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_check_private_key()\fR and \fBX509_REQ_check_private_key()\fR return 1 if +the keys match each other, and 0 if not. +.PP +If the key is invalid or an error occurred, the reason code can be +obtained using \fBERR_get_error\fR\|(3). +.SH "BUGS" +.IX Header "BUGS" +The \fBcheck_private_key\fR functions don't check if \fBk\fR itself is indeed +a private key or not. It merely compares the public materials (e.g. exponent +and modulus of an \s-1RSA\s0 key) and/or key parameters (e.g. \s-1EC\s0 params of an \s-1EC\s0 key) +of a key pair. So if you pass a public key to these functions in \fBk\fR, it will +return success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_check_purpose.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_check_purpose.3 new file mode 100644 index 00000000..754ab172 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_check_purpose.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_PURPOSE 3" +.TH X509_CHECK_PURPOSE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_purpose \- Check the purpose of a certificate +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_purpose(X509 *x, int id, int ca) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function checks if certificate \fIx\fR was created with the purpose +represented by \fIid\fR. If \fIca\fR is nonzero, then certificate \fIx\fR is +checked to determine if it's a possible \s-1CA\s0 with various levels of certainty +possibly returned. +.PP +Below are the potential \s-1ID\s0's that can be checked: +.PP +.Vb 9 +\& # define X509_PURPOSE_SSL_CLIENT 1 +\& # define X509_PURPOSE_SSL_SERVER 2 +\& # define X509_PURPOSE_NS_SSL_SERVER 3 +\& # define X509_PURPOSE_SMIME_SIGN 4 +\& # define X509_PURPOSE_SMIME_ENCRYPT 5 +\& # define X509_PURPOSE_CRL_SIGN 6 +\& # define X509_PURPOSE_ANY 7 +\& # define X509_PURPOSE_OCSP_HELPER 8 +\& # define X509_PURPOSE_TIMESTAMP_SIGN 9 +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For non-CA checks +.IP "\-1 an error condition has occured" 4 +.IX Item "-1 an error condition has occured" +.PD 0 +.IP " 1 if the certificate was created to perform the purpose represented by \fIid\fR" 4 +.IX Item " 1 if the certificate was created to perform the purpose represented by id" +.IP " 0 if the certificate was not created to perform the purpose represented by \fIid\fR" 4 +.IX Item " 0 if the certificate was not created to perform the purpose represented by id" +.PD +.PP +For \s-1CA\s0 checks the below integers could be returned with the following meanings: +.IP "\-1 an error condition has occured" 4 +.IX Item "-1 an error condition has occured" +.PD 0 +.IP " 0 not a \s-1CA\s0 or does not have the purpose represented by \fIid\fR" 4 +.IX Item " 0 not a CA or does not have the purpose represented by id" +.IP " 1 is a \s-1CA.\s0" 4 +.IX Item " 1 is a CA." +.IP " 2 Only possible in old versions of openSSL when basicConstraints are absent. New versions will not return this value. May be a \s-1CA\s0" 4 +.IX Item " 2 Only possible in old versions of openSSL when basicConstraints are absent. New versions will not return this value. May be a CA" +.IP " 3 basicConstraints absent but self signed V1." 4 +.IX Item " 3 basicConstraints absent but self signed V1." +.IP " 4 basicConstraints absent but keyUsage present and keyCertSign asserted." 4 +.IX Item " 4 basicConstraints absent but keyUsage present and keyCertSign asserted." +.IP " 5 legacy Netscape specific \s-1CA\s0 Flags present" 4 +.IX Item " 5 legacy Netscape specific CA Flags present" +.PD +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this +file except in compliance with the License. You can obtain a copy in the file +\&\s-1LICENSE\s0 in the source distribution or at . diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_cmp.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_cmp.3 new file mode 100644 index 00000000..b0dde283 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_cmp.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CMP 3" +.TH X509_CMP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp, X509_CRL_match \&\- compare X509 certificates and related values +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_cmp(const X509 *a, const X509 *b); +\& int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +\& int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +\& int X509_issuer_name_cmp(const X509 *a, const X509 *b); +\& int X509_subject_name_cmp(const X509 *a, const X509 *b); +\& int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +\& int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This set of functions are used to compare X509 objects, including X509 +certificates, X509 \s-1CRL\s0 objects and various values in an X509 certificate. +.PP +The \fBX509_cmp()\fR function compares two \fBX509\fR objects indicated by parameters +\&\fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of the hash +values of two \fBX509\fR objects and the canonical (\s-1DER\s0) encoding values. +.PP +The \fBX509_NAME_cmp()\fR function compares two \fBX509_NAME\fR objects indicated by +parameters \fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of +the canonical (\s-1DER\s0) encoding values of the two objects. \fBi2d_X509_NAME\fR\|(3) +has a more detailed description of the \s-1DER\s0 encoding of the \fBX509_NAME\fR structure. +.PP +The \fBX509_issuer_and_serial_cmp()\fR function compares the serial number and issuer +values in the given \fBX509\fR objects \fBa\fR and \fBb\fR. +.PP +The \fBX509_issuer_name_cmp()\fR, \fBX509_subject_name_cmp()\fR and \fBX509_CRL_cmp()\fR functions +are effectively wrappers of the \fBX509_NAME_cmp()\fR function. These functions compare +issuer names and subject names of the objects, or issuers of \fBX509_CRL\fR +objects, respectively. +.IX Xref "509" +.PP +The \fBX509_CRL_match()\fR function compares two \fBX509_CRL\fR objects. Unlike the +\&\fBX509_CRL_cmp()\fR function, this function compares the whole \s-1CRL\s0 content instead +of just the issuer name. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Like common memory comparison functions, the \fBX509\fR comparison functions return +an integer less than, equal to, or greater than zero if object \fBa\fR is found to +be less than, to match, or be greater than object \fBb\fR, respectively. +.PP +\&\fBX509_NAME_cmp()\fR, \fBX509_issuer_and_serial_cmp()\fR, \fBX509_issuer_name_cmp()\fR, +\&\fBX509_subject_name_cmp()\fR and \fBX509_CRL_cmp()\fR may return \fB\-2\fR to indicate an error. +.SH "NOTES" +.IX Header "NOTES" +These functions in fact utilize the underlying \fBmemcmp\fR of the C library to do +the comparison job. Data to be compared varies from \s-1DER\s0 encoding data, hash +value or \fB\s-1ASN1_STRING\s0\fR. The sign of the comparison can be used to order the +objects but it does not have a special meaning in some cases. +.PP +\&\fBX509_NAME_cmp()\fR and wrappers utilize the value \fB\-2\fR to indicate errors in some +circumstances, which could cause confusion for the applications. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBi2d_X509_NAME\fR\|(3), \fBi2d_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_cmp_time.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_cmp_time.3 new file mode 100644 index 00000000..f9745c9c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_cmp_time.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CMP_TIME 3" +.TH X509_CMP_TIME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_cmp_time, X509_cmp_current_time, X509_time_adj, X509_time_adj_ex \&\- X509 time functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 5 +\& int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm); +\& int X509_cmp_current_time(const ASN1_TIME *asn1_time); +\& ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm); +\& ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long +\& offset_sec, time_t *in_tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fBasn1_time\fR with the time +in . \fBX509_cmp_current_time()\fR compares the \s-1ASN1_TIME\s0 in +\&\fBasn1_time\fR with the current time, expressed as time_t. \fBasn1_time\fR +must satisfy the \s-1ASN1_TIME\s0 format mandated by \s-1RFC 5280,\s0 i.e., its +format must be either \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ.\s0 +.PP +\&\fBX509_time_adj_ex()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time +\&\fBoffset_day\fR and \fBoffset_sec\fR after \fBin_tm\fR. +.PP +\&\fBX509_time_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time +\&\fBoffset_sec\fR after \fBin_tm\fR. This method can only handle second +offsets up to the capacity of long, so the newer \fBX509_time_adj_ex()\fR +\&\s-1API\s0 should be preferred. +.PP +In both methods, if \fBasn1_time\fR is \s-1NULL,\s0 a new \s-1ASN1_TIME\s0 structure +is allocated and returned. +.PP +In all methods, if \fBin_tm\fR is \s-1NULL,\s0 the current time, expressed as +time_t, is used. +.SH "BUGS" +.IX Header "BUGS" +Unlike many standard comparison functions, \fBX509_cmp_time()\fR and +\&\fBX509_cmp_current_time()\fR return 0 on error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_cmp_time()\fR and \fBX509_cmp_current_time()\fR return \-1 if \fBasn1_time\fR +is earlier than, or equal to, \fBcmp_time\fR (resp. current time), and 1 +otherwise. These methods return 0 on error. +.PP +\&\fBX509_time_adj()\fR and \fBX509_time_adj_ex()\fR return a pointer to the updated +\&\s-1ASN1_TIME\s0 structure, and \s-1NULL\s0 on error. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_digest.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_digest.3 new file mode 100644 index 00000000..5a5ce8a0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_digest.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_DIGEST 3" +.TH X509_DIGEST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_digest, X509_CRL_digest, X509_pubkey_digest, X509_NAME_digest, X509_REQ_digest, PKCS7_ISSUER_AND_SERIAL_digest \&\- get digest of various objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, +\& unsigned int *len); +\& +\& int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, +\& unsigned int *len); +\& +\& int X509_pubkey_digest(const X509 *data, const EVP_MD *type, +\& unsigned char *md, unsigned int *len); +\& +\& int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, +\& unsigned char *md, unsigned int *len); +\& +\& int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, +\& unsigned char *md, unsigned int *len); +\& +\& #include +\& +\& int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, +\& const EVP_MD *type, unsigned char *md, +\& unsigned int *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_pubkey_digest()\fR returns a digest of the \s-1DER\s0 representation of the public +key in the specified X509 \fBdata\fR object. +All other functions described here return a digest of the \s-1DER\s0 representation +of their entire \fBdata\fR objects. +.PP +The \fBtype\fR parameter specifies the digest to +be used, such as \fBEVP_sha1()\fR. The \fBmd\fR is a pointer to the buffer where the +digest will be copied and is assumed to be large enough; the constant +\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR is suggested. The \fBlen\fR parameter, if not \s-1NULL,\s0 points +to a place where the digest size will be stored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions described here return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_sha1\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_dup.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_dup.3 new file mode 100644 index 00000000..6166bc98 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_dup.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_DUP 3" +.TH X509_DUP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS, ASN1_ITEM, ACCESS_DESCRIPTION_free, ACCESS_DESCRIPTION_new, ADMISSIONS_free, ADMISSIONS_new, ADMISSION_SYNTAX_free, ADMISSION_SYNTAX_new, ASIdOrRange_free, ASIdOrRange_new, ASIdentifierChoice_free, ASIdentifierChoice_new, ASIdentifiers_free, ASIdentifiers_new, ASRange_free, ASRange_new, AUTHORITY_INFO_ACCESS_free, AUTHORITY_INFO_ACCESS_new, AUTHORITY_KEYID_free, AUTHORITY_KEYID_new, BASIC_CONSTRAINTS_free, BASIC_CONSTRAINTS_new, CERTIFICATEPOLICIES_free, CERTIFICATEPOLICIES_new, CMS_ContentInfo_free, CMS_ContentInfo_new, CMS_ContentInfo_print_ctx, CMS_ReceiptRequest_free, CMS_ReceiptRequest_new, CRL_DIST_POINTS_free, CRL_DIST_POINTS_new, DIRECTORYSTRING_free, DIRECTORYSTRING_new, DISPLAYTEXT_free, DISPLAYTEXT_new, DIST_POINT_NAME_free, DIST_POINT_NAME_new, DIST_POINT_free, DIST_POINT_new, DSAparams_dup, ECPARAMETERS_free, ECPARAMETERS_new, ECPKPARAMETERS_free, ECPKPARAMETERS_new, EDIPARTYNAME_free, EDIPARTYNAME_new, ESS_CERT_ID_dup, ESS_CERT_ID_free, ESS_CERT_ID_new, ESS_ISSUER_SERIAL_dup, ESS_ISSUER_SERIAL_free, ESS_ISSUER_SERIAL_new, ESS_SIGNING_CERT_dup, ESS_SIGNING_CERT_free, ESS_SIGNING_CERT_new, EXTENDED_KEY_USAGE_free, EXTENDED_KEY_USAGE_new, GENERAL_NAMES_free, GENERAL_NAMES_new, GENERAL_NAME_dup, GENERAL_NAME_free, GENERAL_NAME_new, GENERAL_SUBTREE_free, GENERAL_SUBTREE_new, IPAddressChoice_free, IPAddressChoice_new, IPAddressFamily_free, IPAddressFamily_new, IPAddressOrRange_free, IPAddressOrRange_new, IPAddressRange_free, IPAddressRange_new, ISSUING_DIST_POINT_free, ISSUING_DIST_POINT_new, NAME_CONSTRAINTS_free, NAME_CONSTRAINTS_new, NAMING_AUTHORITY_free, NAMING_AUTHORITY_new, NETSCAPE_CERT_SEQUENCE_free, NETSCAPE_CERT_SEQUENCE_new, NETSCAPE_SPKAC_free, NETSCAPE_SPKAC_new, NETSCAPE_SPKI_free, NETSCAPE_SPKI_new, NOTICEREF_free, NOTICEREF_new, OCSP_BASICRESP_free, OCSP_BASICRESP_new, OCSP_CERTID_dup, OCSP_CERTID_new, OCSP_CERTSTATUS_free, OCSP_CERTSTATUS_new, OCSP_CRLID_free, OCSP_CRLID_new, OCSP_ONEREQ_free, OCSP_ONEREQ_new, OCSP_REQINFO_free, OCSP_REQINFO_new, OCSP_RESPBYTES_free, OCSP_RESPBYTES_new, OCSP_RESPDATA_free, OCSP_RESPDATA_new, OCSP_RESPID_free, OCSP_RESPID_new, OCSP_RESPONSE_new, OCSP_REVOKEDINFO_free, OCSP_REVOKEDINFO_new, OCSP_SERVICELOC_free, OCSP_SERVICELOC_new, OCSP_SIGNATURE_free, OCSP_SIGNATURE_new, OCSP_SINGLERESP_free, OCSP_SINGLERESP_new, OTHERNAME_free, OTHERNAME_new, PBE2PARAM_free, PBE2PARAM_new, PBEPARAM_free, PBEPARAM_new, PBKDF2PARAM_free, PBKDF2PARAM_new, PKCS12_BAGS_free, PKCS12_BAGS_new, PKCS12_MAC_DATA_free, PKCS12_MAC_DATA_new, PKCS12_SAFEBAG_free, PKCS12_SAFEBAG_new, PKCS12_free, PKCS12_new, PKCS7_DIGEST_free, PKCS7_DIGEST_new, PKCS7_ENCRYPT_free, PKCS7_ENCRYPT_new, PKCS7_ENC_CONTENT_free, PKCS7_ENC_CONTENT_new, PKCS7_ENVELOPE_free, PKCS7_ENVELOPE_new, PKCS7_ISSUER_AND_SERIAL_free, PKCS7_ISSUER_AND_SERIAL_new, PKCS7_RECIP_INFO_free, PKCS7_RECIP_INFO_new, PKCS7_SIGNED_free, PKCS7_SIGNED_new, PKCS7_SIGNER_INFO_free, PKCS7_SIGNER_INFO_new, PKCS7_SIGN_ENVELOPE_free, PKCS7_SIGN_ENVELOPE_new, PKCS7_dup, PKCS7_free, PKCS7_new, PKCS7_print_ctx, PKCS8_PRIV_KEY_INFO_free, PKCS8_PRIV_KEY_INFO_new, PKEY_USAGE_PERIOD_free, PKEY_USAGE_PERIOD_new, POLICYINFO_free, POLICYINFO_new, POLICYQUALINFO_free, POLICYQUALINFO_new, POLICY_CONSTRAINTS_free, POLICY_CONSTRAINTS_new, POLICY_MAPPING_free, POLICY_MAPPING_new, PROFESSION_INFO_free, PROFESSION_INFO_new, PROFESSION_INFOS_free, PROFESSION_INFOS_new, PROXY_CERT_INFO_EXTENSION_free, PROXY_CERT_INFO_EXTENSION_new, PROXY_POLICY_free, PROXY_POLICY_new, RSAPrivateKey_dup, RSAPublicKey_dup, RSA_OAEP_PARAMS_free, RSA_OAEP_PARAMS_new, RSA_PSS_PARAMS_free, RSA_PSS_PARAMS_new, SCRYPT_PARAMS_free, SCRYPT_PARAMS_new, SXNETID_free, SXNETID_new, SXNET_free, SXNET_new, TLS_FEATURE_free, TLS_FEATURE_new, TS_ACCURACY_dup, TS_ACCURACY_free, TS_ACCURACY_new, TS_MSG_IMPRINT_dup, TS_MSG_IMPRINT_free, TS_MSG_IMPRINT_new, TS_REQ_dup, TS_REQ_free, TS_REQ_new, TS_RESP_dup, TS_RESP_free, TS_RESP_new, TS_STATUS_INFO_dup, TS_STATUS_INFO_free, TS_STATUS_INFO_new, TS_TST_INFO_dup, TS_TST_INFO_free, TS_TST_INFO_new, USERNOTICE_free, USERNOTICE_new, X509_ALGOR_free, X509_ALGOR_new, X509_ATTRIBUTE_dup, X509_ATTRIBUTE_free, X509_ATTRIBUTE_new, X509_CERT_AUX_free, X509_CERT_AUX_new, X509_CINF_free, X509_CINF_new, X509_CRL_INFO_free, X509_CRL_INFO_new, X509_CRL_dup, X509_CRL_free, X509_CRL_new, X509_EXTENSION_dup, X509_EXTENSION_free, X509_EXTENSION_new, X509_NAME_ENTRY_dup, X509_NAME_ENTRY_free, X509_NAME_ENTRY_new, X509_NAME_dup, X509_NAME_free, X509_NAME_new, X509_REQ_INFO_free, X509_REQ_INFO_new, X509_REQ_dup, X509_REQ_free, X509_REQ_new, X509_REVOKED_dup, X509_REVOKED_free, X509_REVOKED_new, X509_SIG_free, X509_SIG_new, X509_VAL_free, X509_VAL_new, X509_dup, \&\- ASN1 object utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DECLARE_ASN1_FUNCTIONS(type) +\& IMPLEMENT_ASN1_FUNCTIONS(stname) +\& +\& typedef struct ASN1_ITEM_st ASN1_ITEM; +\& +\& extern const ASN1_ITEM TYPE_it; +\& TYPE *TYPE_new(void); +\& TYPE *TYPE_dup(TYPE *a); +\& void TYPE_free(TYPE *a); +\& int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description below, \fI\s-1TYPE\s0\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. +.PP +The OpenSSL \s-1ASN1\s0 parsing library templates are like a data-driven bytecode +interpreter. +Every \s-1ASN1\s0 object as a global variable, TYPE_it, that describes the item +such as its fields. (On systems which cannot export variables from shared +libraries, the global is instead a function which returns a pointer to a +static variable. +.PP +The macro \s-1\fBDECLARE_ASN1_FUNCTIONS\s0()\fR is typically used in header files +to generate the function declarations. +.PP +The macro \s-1\fBIMPLEMENT_ASN1_FUNCTIONS\s0()\fR is used once in a source file +to generate the function bodies. +.PP +\&\fBTYPE_new()\fR allocates an empty object of the indicated type. +The object returned must be released by calling \fBTYPE_free()\fR. +.PP +\&\fBTYPE_dup()\fR copies an existing object. +.PP +\&\fBTYPE_free()\fR releases the object and all pointers and sub-objects +within it. +.PP +\&\fBTYPE_print_ctx()\fR prints the object \fBa\fR on the specified \s-1BIO\s0 \fBout\fR. +Each line will be prefixed with \fBindent\fR spaces. +The \fBpctx\fR specifies the printing context and is for internal +use; use \s-1NULL\s0 to get the default behavior. If a print function is +user-defined, then pass in any \fBpctx\fR down to any nested calls. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBTYPE_new()\fR and \fBTYPE_dup()\fR return a pointer to the object or \s-1NULL\s0 on failure. +.PP +\&\fBTYPE_print_ctx()\fR returns 1 on success or zero on failure. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get0_notBefore.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get0_notBefore.3 new file mode 100644 index 00000000..ed8ed2e3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get0_notBefore.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_NOTBEFORE 3" +.TH X509_GET0_NOTBEFORE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter, X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, X509_CRL_set1_nextUpdate \- get or set certificate or CRL dates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const ASN1_TIME *X509_get0_notBefore(const X509 *x); +\& const ASN1_TIME *X509_get0_notAfter(const X509 *x); +\& +\& ASN1_TIME *X509_getm_notBefore(const X509 *x); +\& ASN1_TIME *X509_getm_notAfter(const X509 *x); +\& +\& int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +\& int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +\& +\& const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +\& const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +\& +\& int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +\& int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR return the \fBnotBefore\fR +and \fBnotAfter\fR fields of certificate \fBx\fR respectively. The value +returned is an internal pointer which must not be freed up after +the call. +.PP +\&\fBX509_getm_notBefore()\fR and \fBX509_getm_notAfter()\fR are similar to +\&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR except they return +non-constant mutable references to the associated date field of +the certificate. +.PP +\&\fBX509_set1_notBefore()\fR and \fBX509_set1_notAfter()\fR set the \fBnotBefore\fR +and \fBnotAfter\fR fields of \fBx\fR to \fBtm\fR. Ownership of the passed +parameter \fBtm\fR is not transferred by these functions so it must +be freed up after the call. +.PP +\&\fBX509_CRL_get0_lastUpdate()\fR and \fBX509_CRL_get0_nextUpdate()\fR return the +\&\fBlastUpdate\fR and \fBnextUpdate\fR fields of \fBcrl\fR. The value +returned is an internal pointer which must not be freed up after +the call. If the \fBnextUpdate\fR field is absent from \fBcrl\fR then +\&\fB\s-1NULL\s0\fR is returned. +.PP +\&\fBX509_CRL_set1_lastUpdate()\fR and \fBX509_CRL_set1_nextUpdate()\fR set the \fBlastUpdate\fR +and \fBnextUpdate\fR fields of \fBcrl\fR to \fBtm\fR. Ownership of the passed parameter +\&\fBtm\fR is not transferred by these functions so it must be freed up after the +call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get0_notBefore()\fR, \fBX509_get0_notAfter()\fR and \fBX509_CRL_get0_lastUpdate()\fR +return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure. +.PP +\&\fBX509_CRL_get0_lastUpdate()\fR return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure +or \s-1NULL\s0 if the \fBlastUpdate\fR field is absent. +.PP +\&\fBX509_set1_notBefore()\fR, \fBX509_set1_notAfter()\fR, \fBX509_CRL_set1_lastUpdate()\fR and +\&\fBX509_CRL_set1_nextUpdate()\fR return 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions are available in all versions of OpenSSL. +.PP +\&\fBX509_get_notBefore()\fR and \fBX509_get_notAfter()\fR were deprecated in OpenSSL +1.1.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get0_signature.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get0_signature.3 new file mode 100644 index 00000000..d1712b45 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get0_signature.3 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_SIGNATURE 3" +.TH X509_GET0_SIGNATURE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set \- signature information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_get0_signature(const ASN1_BIT_STRING **psig, +\& const X509_ALGOR **palg, +\& const X509 *x); +\& int X509_get_signature_nid(const X509 *x); +\& const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); +\& +\& void X509_REQ_get0_signature(const X509_REQ *crl, +\& const ASN1_BIT_STRING **psig, +\& const X509_ALGOR **palg); +\& int X509_REQ_get_signature_nid(const X509_REQ *crl); +\& +\& void X509_CRL_get0_signature(const X509_CRL *crl, +\& const ASN1_BIT_STRING **psig, +\& const X509_ALGOR **palg); +\& int X509_CRL_get_signature_nid(const X509_CRL *crl); +\& +\& int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, +\& uint32_t *flags); +\& +\& int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, +\& int *secbits, uint32_t *flags); +\& void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, +\& int secbits, uint32_t flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get0_signature()\fR sets \fB*psig\fR to the signature of \fBx\fR and \fB*palg\fR +to the signature algorithm of \fBx\fR. The values returned are internal +pointers which \fB\s-1MUST NOT\s0\fR be freed up after the call. +.PP +\&\fBX509_get0_tbs_sigalg()\fR returns the signature algorithm in the signed +portion of \fBx\fR. +.PP +\&\fBX509_get_signature_nid()\fR returns the \s-1NID\s0 corresponding to the signature +algorithm of \fBx\fR. +.PP +\&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR +\&\fBX509_CRL_get0_signature()\fR and \fBX509_CRL_get_signature_nid()\fR perform the +same function for certificate requests and CRLs. +.PP +\&\fBX509_get_signature_info()\fR retrieves information about the signature of +certificate \fBx\fR. The \s-1NID\s0 of the signing digest is written to \fB*mdnid\fR, +the public key algorithm to \fB*pknid\fR, the effective security bits to +\&\fB*secbits\fR and flag details to \fB*flags\fR. Any of the parameters can +be set to \fB\s-1NULL\s0\fR if the information is not required. +.PP +\&\fBX509_SIG_INFO_get()\fR and \fBX509_SIG_INFO_set()\fR get and set information +about a signature in an \fBX509_SIG_INFO\fR structure. They are only +used by implementations of algorithms which need to set custom +signature information: most applications will never need to call +them. +.SH "NOTES" +.IX Header "NOTES" +These functions provide lower level access to signatures in certificates +where an application wishes to analyse or generate a signature in a form +where \fBX509_sign()\fR et al is not appropriate (for example a non standard +or unsupported format). +.PP +The security bits returned by \fBX509_get_signature_info()\fR refers to information +available from the certificate signature (such as the signing digest). In some +cases the actual security of the signature is less because the signing +key is less secure: for example a certificate signed using \s-1SHA\-512\s0 and a +1024 bit \s-1RSA\s0 key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_signature_nid()\fR, \fBX509_REQ_get_signature_nid()\fR and +\&\fBX509_CRL_get_signature_nid()\fR return a \s-1NID.\s0 +.PP +\&\fBX509_get0_signature()\fR, \fBX509_REQ_get0_signature()\fR and +\&\fBX509_CRL_get0_signature()\fR do not return values. +.PP +\&\fBX509_get_signature_info()\fR returns 1 if the signature information +returned is valid or 0 if the information is not available (e.g. +unknown algorithms or malformed parameters). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fBX509_get0_signature()\fR and \fBX509_get_signature_nid()\fR functions were +added in OpenSSL 1.0.2. +.PP +The +\&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR, +\&\fBX509_CRL_get0_signature()\fR and \fBX509_CRL_get_signature_nid()\fR were +added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get0_uids.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get0_uids.3 new file mode 100644 index 00000000..07d33add --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get0_uids.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_UIDS 3" +.TH X509_GET0_UIDS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_uids \- get certificate unique identifiers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, +\& const ASN1_BIT_STRING **psuid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get0_uids()\fR sets \fB*piuid\fR and \fB*psuid\fR to the issuer and subject unique +identifiers of certificate \fBx\fR or \s-1NULL\s0 if the fields are not present. +.SH "NOTES" +.IX Header "NOTES" +The issuer and subject unique identifier fields are very rarely encountered in +practice outside test cases. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get0_uids()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get_extension_flags.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get_extension_flags.3 new file mode 100644 index 00000000..de563373 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get_extension_flags.3 @@ -0,0 +1,308 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_EXTENSION_FLAGS 3" +.TH X509_GET_EXTENSION_FLAGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_subject_key_id, X509_get0_authority_key_id, X509_get0_authority_issuer, X509_get0_authority_serial, X509_get_pathlen, X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage, X509_set_proxy_flag, X509_set_proxy_pathlen, X509_get_proxy_pathlen \- retrieve certificate extension data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long X509_get_pathlen(X509 *x); +\& uint32_t X509_get_extension_flags(X509 *x); +\& uint32_t X509_get_key_usage(X509 *x); +\& uint32_t X509_get_extended_key_usage(X509 *x); +\& const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +\& const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); +\& const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); +\& const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); +\& void X509_set_proxy_flag(X509 *x); +\& void X509_set_proxy_pathlen(int l); +\& long X509_get_proxy_pathlen(X509 *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions retrieve information related to commonly used certificate extensions. +.PP +\&\fBX509_get_pathlen()\fR retrieves the path length extension from a certificate. +This extension is used to limit the length of a cert chain that may be +issued from that \s-1CA.\s0 +.PP +\&\fBX509_get_extension_flags()\fR retrieves general information about a certificate, +it will return one or more of the following flags ored together. +.IP "\fB\s-1EXFLAG_V1\s0\fR" 4 +.IX Item "EXFLAG_V1" +The certificate is an obsolete version 1 certificate. +.IP "\fB\s-1EXFLAG_BCONS\s0\fR" 4 +.IX Item "EXFLAG_BCONS" +The certificate contains a basic constraints extension. +.IP "\fB\s-1EXFLAG_CA\s0\fR" 4 +.IX Item "EXFLAG_CA" +The certificate contains basic constraints and asserts the \s-1CA\s0 flag. +.IP "\fB\s-1EXFLAG_PROXY\s0\fR" 4 +.IX Item "EXFLAG_PROXY" +The certificate is a valid proxy certificate. +.IP "\fB\s-1EXFLAG_SI\s0\fR" 4 +.IX Item "EXFLAG_SI" +The certificate is self issued (that is subject and issuer names match). +.IP "\fB\s-1EXFLAG_SS\s0\fR" 4 +.IX Item "EXFLAG_SS" +The subject and issuer names match and extension values imply it is self +signed. +.IP "\fB\s-1EXFLAG_FRESHEST\s0\fR" 4 +.IX Item "EXFLAG_FRESHEST" +The freshest \s-1CRL\s0 extension is present in the certificate. +.IP "\fB\s-1EXFLAG_CRITICAL\s0\fR" 4 +.IX Item "EXFLAG_CRITICAL" +The certificate contains an unhandled critical extension. +.IP "\fB\s-1EXFLAG_INVALID\s0\fR" 4 +.IX Item "EXFLAG_INVALID" +Some certificate extension values are invalid or inconsistent. The +certificate should be rejected. +This bit may also be raised after an out-of-memory error while +processing the X509 object, so it may not be related to the processed +\&\s-1ASN1\s0 object itself. +.IP "\fB\s-1EXFLAG_INVALID_POLICY\s0\fR" 4 +.IX Item "EXFLAG_INVALID_POLICY" +The NID_certificate_policies certificate extension is invalid or +inconsistent. The certificate should be rejected. +This bit may also be raised after an out-of-memory error while +processing the X509 object, so it may not be related to the processed +\&\s-1ASN1\s0 object itself. +.IP "\fB\s-1EXFLAG_KUSAGE\s0\fR" 4 +.IX Item "EXFLAG_KUSAGE" +The certificate contains a key usage extension. The value can be retrieved +using \fBX509_get_key_usage()\fR. +.IP "\fB\s-1EXFLAG_XKUSAGE\s0\fR" 4 +.IX Item "EXFLAG_XKUSAGE" +The certificate contains an extended key usage extension. The value can be +retrieved using \fBX509_get_extended_key_usage()\fR. +.PP +\&\fBX509_get_key_usage()\fR returns the value of the key usage extension. If key +usage is present will return zero or more of the flags: +\&\fB\s-1KU_DIGITAL_SIGNATURE\s0\fR, \fB\s-1KU_NON_REPUDIATION\s0\fR, \fB\s-1KU_KEY_ENCIPHERMENT\s0\fR, +\&\fB\s-1KU_DATA_ENCIPHERMENT\s0\fR, \fB\s-1KU_KEY_AGREEMENT\s0\fR, \fB\s-1KU_KEY_CERT_SIGN\s0\fR, +\&\fB\s-1KU_CRL_SIGN\s0\fR, \fB\s-1KU_ENCIPHER_ONLY\s0\fR or \fB\s-1KU_DECIPHER_ONLY\s0\fR corresponding to +individual key usage bits. If key usage is absent then \fB\s-1UINT32_MAX\s0\fR is +returned. +.PP +\&\fBX509_get_extended_key_usage()\fR returns the value of the extended key usage +extension. If extended key usage is present it will return zero or more of the +flags: \fB\s-1XKU_SSL_SERVER\s0\fR, \fB\s-1XKU_SSL_CLIENT\s0\fR, \fB\s-1XKU_SMIME\s0\fR, \fB\s-1XKU_CODE_SIGN\s0\fR +\&\fB\s-1XKU_OCSP_SIGN\s0\fR, \fB\s-1XKU_TIMESTAMP\s0\fR, \fB\s-1XKU_DVCS\s0\fR or \fB\s-1XKU_ANYEKU\s0\fR. These +correspond to the OIDs \fBid-kp-serverAuth\fR, \fBid-kp-clientAuth\fR, +\&\fBid-kp-emailProtection\fR, \fBid-kp-codeSigning\fR, \fBid-kp-OCSPSigning\fR, +\&\fBid-kp-timeStamping\fR, \fBid-kp-dvcs\fR and \fBanyExtendedKeyUsage\fR respectively. +Additionally \fB\s-1XKU_SGC\s0\fR is set if either Netscape or Microsoft \s-1SGC\s0 OIDs are +present. +.PP +\&\fBX509_get0_subject_key_id()\fR returns an internal pointer to the subject key +identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension +is not present or cannot be parsed. +.PP +\&\fBX509_get0_authority_key_id()\fR returns an internal pointer to the authority key +identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension +is not present or cannot be parsed. +.PP +\&\fBX509_get0_authority_issuer()\fR returns an internal pointer to the authority +certificate issuer of \fBx\fR as a stack of \fB\s-1GENERAL_NAME\s0\fR structures or +\&\fB\s-1NULL\s0\fR if the extension is not present or cannot be parsed. +.PP +\&\fBX509_get0_authority_serial()\fR returns an internal pointer to the authority +certificate serial number of \fBx\fR as an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1NULL\s0\fR if the +extension is not present or cannot be parsed. +.PP +\&\fBX509_set_proxy_flag()\fR marks the certificate with the \fB\s-1EXFLAG_PROXY\s0\fR flag. +This is for the users who need to mark non\-RFC3820 proxy certificates as +such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. +.PP +\&\fBX509_set_proxy_pathlen()\fR sets the proxy certificate path length for the given +certificate \fBx\fR. This is for the users who need to mark non\-RFC3820 proxy +certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. +.PP +\&\fBX509_get_proxy_pathlen()\fR returns the proxy certificate path length for the +given certificate \fBx\fR if it is a proxy certificate. +.SH "NOTES" +.IX Header "NOTES" +The value of the flags correspond to extension values which are cached +in the \fBX509\fR structure. If the flags returned do not provide sufficient +information an application should examine extension values directly +for example using \fBX509_get_ext_d2i()\fR. +.PP +If the key usage or extended key usage extension is absent then typically usage +is unrestricted. For this reason \fBX509_get_key_usage()\fR and +\&\fBX509_get_extended_key_usage()\fR return \fB\s-1UINT32_MAX\s0\fR when the corresponding +extension is absent. Applications can additionally check the return value of +\&\fBX509_get_extension_flags()\fR and take appropriate action is an extension is +absent. +.PP +If \fBX509_get0_subject_key_id()\fR returns \fB\s-1NULL\s0\fR then the extension may be +absent or malformed. Applications can determine the precise reason using +\&\fBX509_get_ext_d2i()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_pathlen()\fR returns the path length value, or \-1 if the extension +is not present. +.PP +\&\fBX509_get_extension_flags()\fR, \fBX509_get_key_usage()\fR and +\&\fBX509_get_extended_key_usage()\fR return sets of flags corresponding to the +certificate extension values. +.PP +\&\fBX509_get0_subject_key_id()\fR returns the subject key identifier as a +pointer to an \fB\s-1ASN1_OCTET_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if the extension +is absent or an error occurred during parsing. +.PP +\&\fBX509_get_proxy_pathlen()\fR returns the path length value if the given +certificate is a proxy one and has a path length set, and \-1 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_check_purpose\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_get_pathlen()\fR, \fBX509_set_proxy_flag()\fR, \fBX509_set_proxy_pathlen()\fR and +\&\fBX509_get_proxy_pathlen()\fR were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get_pubkey.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get_pubkey.3 new file mode 100644 index 00000000..27ccbb10 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get_pubkey.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_PUBKEY 3" +.TH X509_GET_PUBKEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, X509_REQ_get_X509_PUBKEY \- get or set certificate or certificate request public key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *X509_get_pubkey(X509 *x); +\& EVP_PKEY *X509_get0_pubkey(const X509 *x); +\& int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +\& X509_PUBKEY *X509_get_X509_PUBKEY(X509 *x); +\& +\& EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +\& EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +\& int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +\& X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get_pubkey()\fR attempts to decode the public key for certificate \fBx\fR. If +successful it returns the public key as an \fB\s-1EVP_PKEY\s0\fR pointer with its +reference count incremented: this means the returned key must be freed up +after use. \fBX509_get0_pubkey()\fR is similar except it does \fBnot\fR increment +the reference count of the returned \fB\s-1EVP_PKEY\s0\fR so it must not be freed up +after use. +.PP +\&\fBX509_get_X509_PUBKEY()\fR returns an internal pointer to the \fBX509_PUBKEY\fR +structure which encodes the certificate of \fBx\fR. The returned value +must not be freed up after use. +.PP +\&\fBX509_set_pubkey()\fR attempts to set the public key for certificate \fBx\fR to +\&\fBpkey\fR. The key \fBpkey\fR should be freed up after use. +.PP +\&\fBX509_REQ_get_pubkey()\fR, \fBX509_REQ_get0_pubkey()\fR, \fBX509_REQ_set_pubkey()\fR and +\&\fBX509_REQ_get_X509_PUBKEY()\fR are similar but operate on certificate request \fBreq\fR. +.SH "NOTES" +.IX Header "NOTES" +The first time a public key is decoded the \fB\s-1EVP_PKEY\s0\fR structure is +cached in the certificate or certificate request itself. Subsequent calls +return the cached structure with its reference count incremented to +improve performance. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_pubkey()\fR, \fBX509_get0_pubkey()\fR, \fBX509_get_X509_PUBKEY()\fR, +\&\fBX509_REQ_get_pubkey()\fR and \fBX509_REQ_get_X509_PUBKEY()\fR return a public key or +\&\fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBX509_set_pubkey()\fR and \fBX509_REQ_set_pubkey()\fR return 1 for success and 0 +for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get_serialNumber.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get_serialNumber.3 new file mode 100644 index 00000000..7aecb0a6 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get_serialNumber.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_SERIALNUMBER 3" +.TH X509_GET_SERIALNUMBER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_serialNumber, X509_get0_serialNumber, X509_set_serialNumber \&\- get or set certificate serial number +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_INTEGER *X509_get_serialNumber(X509 *x); +\& const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); +\& int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get_serialNumber()\fR returns the serial number of certificate \fBx\fR as an +\&\fB\s-1ASN1_INTEGER\s0\fR structure which can be examined or initialised. The value +returned is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed up after the call. +.PP +\&\fBX509_get0_serialNumber()\fR is the same as \fBX509_get_serialNumber()\fR except it +accepts a const parameter and returns a const result. +.PP +\&\fBX509_set_serialNumber()\fR sets the serial number of certificate \fBx\fR to +\&\fBserial\fR. A copy of the serial number is used internally so \fBserial\fR should +be freed up after use. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_serialNumber()\fR and \fBX509_get0_serialNumber()\fR return an \fB\s-1ASN1_INTEGER\s0\fR +structure. +.PP +\&\fBX509_set_serialNumber()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_get_serialNumber()\fR and \fBX509_set_serialNumber()\fR functions are +available in all versions of OpenSSL. +The \fBX509_get0_serialNumber()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get_subject_name.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get_subject_name.3 new file mode 100644 index 00000000..971b7b21 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get_subject_name.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_SUBJECT_NAME 3" +.TH X509_GET_SUBJECT_NAME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name, X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name, X509_CRL_get_issuer, X509_CRL_set_issuer_name \- get and set issuer or subject names +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_NAME *X509_get_subject_name(const X509 *x); +\& int X509_set_subject_name(X509 *x, X509_NAME *name); +\& +\& X509_NAME *X509_get_issuer_name(const X509 *x); +\& int X509_set_issuer_name(X509 *x, X509_NAME *name); +\& +\& X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); +\& int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +\& +\& X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +\& int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get_subject_name()\fR returns the subject name of certificate \fBx\fR. The +returned value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed. +.PP +\&\fBX509_set_subject_name()\fR sets the issuer name of certificate \fBx\fR to +\&\fBname\fR. The \fBname\fR parameter is copied internally and should be freed +up when it is no longer needed. +.PP +\&\fBX509_get_issuer_name()\fR and \fBX509_set_issuer_name()\fR are identical to +\&\fBX509_get_subject_name()\fR and \fBX509_set_subject_name()\fR except the get and +set the issuer name of \fBx\fR. +.PP +Similarly \fBX509_REQ_get_subject_name()\fR, \fBX509_REQ_set_subject_name()\fR, +\&\fBX509_CRL_get_issuer()\fR and \fBX509_CRL_set_issuer_name()\fR get or set the subject +or issuer names of certificate requests of CRLs respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_subject_name()\fR, \fBX509_get_issuer_name()\fR, \fBX509_REQ_get_subject_name()\fR +and \fBX509_CRL_get_issuer()\fR return an \fBX509_NAME\fR pointer. +.PP +\&\fBX509_set_subject_name()\fR, \fBX509_set_issuer_name()\fR, \fBX509_REQ_set_subject_name()\fR +and \fBX509_CRL_set_issuer_name()\fR return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), \fBd2i_X509\fR\|(3) +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_REQ_get_subject_name()\fR is a function in OpenSSL 1.1.0 and a macro in +earlier versions. +.PP +\&\fBX509_CRL_get_issuer()\fR is a function in OpenSSL 1.1.0. It was previously +added in OpenSSL 1.0.0 as a macro. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get_version.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get_version.3 new file mode 100644 index 00000000..f62c7aa9 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_get_version.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_VERSION 3" +.TH X509_GET_VERSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, X509_CRL_get_version, X509_CRL_set_version \- get or set certificate, certificate request or CRL version +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long X509_get_version(const X509 *x); +\& int X509_set_version(X509 *x, long version); +\& +\& long X509_REQ_get_version(const X509_REQ *req); +\& int X509_REQ_set_version(X509_REQ *x, long version); +\& +\& long X509_CRL_get_version(const X509_CRL *crl); +\& int X509_CRL_set_version(X509_CRL *x, long version); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get_version()\fR returns the numerical value of the version field of +certificate \fBx\fR. Note: this is defined by standards (X.509 et al) to be one +less than the certificate version. So a version 3 certificate will return 2 and +a version 1 certificate will return 0. +.PP +\&\fBX509_set_version()\fR sets the numerical value of the version field of certificate +\&\fBx\fR to \fBversion\fR. +.PP +Similarly \fBX509_REQ_get_version()\fR, \fBX509_REQ_set_version()\fR, +\&\fBX509_CRL_get_version()\fR and \fBX509_CRL_set_version()\fR get and set the version +number of certificate requests and CRLs. +.SH "NOTES" +.IX Header "NOTES" +The version field of certificates, certificate requests and CRLs has a +\&\s-1DEFAULT\s0 value of \fB\fBv1\fB\|(0)\fR meaning the field should be omitted for version +1. This is handled transparently by these functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_version()\fR, \fBX509_REQ_get_version()\fR and \fBX509_CRL_get_version()\fR +return the numerical value of the version field. +.PP +\&\fBX509_set_version()\fR, \fBX509_REQ_set_version()\fR and \fBX509_CRL_set_version()\fR +return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_get_version()\fR, \fBX509_REQ_get_version()\fR and \fBX509_CRL_get_version()\fR are +functions in OpenSSL 1.1.0, in previous versions they were macros. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_new.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_new.3 new file mode 100644 index 00000000..ca35a8cd --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_new.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NEW 3" +.TH X509_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_chain_up_ref, X509_new, X509_free, X509_up_ref \- X509 certificate ASN1 allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *X509_new(void); +\& void X509_free(X509 *a); +\& int X509_up_ref(X509 *a); +\& STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 \s-1ASN1\s0 allocation routines, allocate and free an +X509 structure, which represents an X509 certificate. +.PP +\&\fBX509_new()\fR allocates and initializes a X509 structure with reference count +\&\fB1\fR. +.PP +\&\fBX509_free()\fR decrements the reference count of \fBX509\fR structure \fBa\fR and +frees it up if the reference count is zero. If \fBa\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBX509_up_ref()\fR increments the reference count of \fBa\fR. +.PP +\&\fBX509_chain_up_ref()\fR increases the reference count of all certificates in +chain \fBx\fR and returns a copy of the stack. +.SH "NOTES" +.IX Header "NOTES" +The function \fBX509_up_ref()\fR if useful if a certificate structure is being +used by several different operations each of which will free it up after +use: this avoids the need to duplicate the entire certificate structure. +.PP +The function \fBX509_chain_up_ref()\fR doesn't just up the reference count of +each certificate it also returns a copy of the stack, using \fBsk_X509_dup()\fR, +but it serves a similar purpose: the returned chain persists after the +original has been freed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fBX509_up_ref()\fR returns 1 for success and 0 for failure. +.PP +\&\fBX509_chain_up_ref()\fR returns a copy of the stack or \fB\s-1NULL\s0\fR if an error +occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_sign.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_sign.3 new file mode 100644 index 00000000..3944b6fa --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_sign.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_SIGN 3" +.TH X509_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx, X509_REQ_verify, X509_CRL_sign, X509_CRL_sign_ctx, X509_CRL_verify \- sign or verify certificate, certificate request or CRL signature +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +\& int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +\& int X509_verify(X509 *a, EVP_PKEY *r); +\& +\& int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +\& int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +\& int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +\& +\& int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +\& int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +\& int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_sign()\fR signs certificate \fBx\fR using private key \fBpkey\fR and message +digest \fBmd\fR and sets the signature in \fBx\fR. \fBX509_sign_ctx()\fR also signs +certificate \fBx\fR but uses the parameters contained in digest context \fBctx\fR. +.PP +\&\fBX509_verify()\fR verifies the signature of certificate \fBx\fR using public key +\&\fBpkey\fR. Only the signature is checked: no other checks (such as certificate +chain validity) are performed. +.PP +\&\fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, \fBX509_REQ_verify()\fR, +\&\fBX509_CRL_sign()\fR, \fBX509_CRL_sign_ctx()\fR and \fBX509_CRL_verify()\fR sign and verify +certificate requests and CRLs respectively. +.SH "NOTES" +.IX Header "NOTES" +\&\fBX509_sign_ctx()\fR is used where the default parameters for the corresponding +public key and digest are not suitable. It can be used to sign keys using +RSA-PSS for example. +.PP +For efficiency reasons and to work around \s-1ASN.1\s0 encoding issues the encoding +of the signed portion of a certificate, certificate request and \s-1CRL\s0 is cached +internally. If the signed portion of the structure is modified the encoding +is not always updated meaning a stale version is sometimes used. This is not +normally a problem because modifying the signed portion will invalidate the +signature and signing will always update the encoding. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_sign()\fR, \fBX509_sign_ctx()\fR, \fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, +\&\fBX509_CRL_sign()\fR and \fBX509_CRL_sign_ctx()\fR return the size of the signature +in bytes for success and zero for failure. +.PP +\&\fBX509_verify()\fR, \fBX509_REQ_verify()\fR and \fBX509_CRL_verify()\fR return 1 if the +signature is valid and 0 if the signature check fails. If the signature +could not be checked at all because it was invalid or some other error +occurred then \-1 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_sign()\fR, \fBX509_REQ_sign()\fR and \fBX509_CRL_sign()\fR functions are +available in all versions of OpenSSL. +.PP +The \fBX509_sign_ctx()\fR, \fBX509_REQ_sign_ctx()\fR +and \fBX509_CRL_sign_ctx()\fR functions were added OpenSSL 1.0.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_verify_cert.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_verify_cert.3 new file mode 100644 index 00000000..e8df16cc --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509_verify_cert.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_VERIFY_CERT 3" +.TH X509_VERIFY_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_verify_cert \- discover and verify X509 certificate chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_verify_cert(X509_STORE_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_verify_cert()\fR function attempts to discover and validate a +certificate chain based on parameters in \fBctx\fR. A complete description of +the process is contained in the \fBverify\fR\|(1) manual page. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If a complete chain can be built and validated this function returns 1, +otherwise it return zero, in exceptional circumstances it can also +return a negative code. +.PP +If the function fails additional error information can be obtained by +examining \fBctx\fR using, for example \fBX509_STORE_CTX_get_error()\fR. +.SH "NOTES" +.IX Header "NOTES" +Applications rarely call this function directly but it is used by +OpenSSL internally for certificate validation, in both the S/MIME and +\&\s-1SSL/TLS\s0 code. +.PP +A negative return value from \fBX509_verify_cert()\fR can occur if it is invoked +incorrectly, such as with no certificate set in \fBctx\fR, or when it is called +twice in succession without reinitialising \fBctx\fR for the second call. +A negative return value can also happen due to internal resource problems or if +a retry operation is requested during internal lookups (which never happens +with standard lookup methods). +Applications must check for <= 0 return value on error. +.SH "BUGS" +.IX Header "BUGS" +This function uses the header \fBx509.h\fR as opposed to most chain verification +functions which use \fBx509_vfy.h\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_CTX_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509v3_get_ext_by_NID.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509v3_get_ext_by_NID.3 new file mode 100644 index 00000000..db05b485 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/X509v3_get_ext_by_NID.3 @@ -0,0 +1,264 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_GET_EXT_BY_NID 3" +.TH X509V3_GET_EXT_BY_NID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext, X509v3_add_ext, X509_get_ext_count, X509_get_ext, X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical, X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext, X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical, X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count, X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ, X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext, X509_REVOKED_add_ext \- extension stack utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +\& X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +\& +\& int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, +\& int nid, int lastpos); +\& int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, +\& const ASN1_OBJECT *obj, int lastpos); +\& int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, +\& int crit, int lastpos); +\& X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +\& STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, +\& X509_EXTENSION *ex, int loc); +\& +\& int X509_get_ext_count(const X509 *x); +\& X509_EXTENSION *X509_get_ext(const X509 *x, int loc); +\& int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +\& int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); +\& int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +\& X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +\& int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +\& +\& int X509_CRL_get_ext_count(const X509_CRL *x); +\& X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); +\& int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +\& int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos); +\& int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); +\& X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +\& int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +\& +\& int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +\& X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); +\& int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); +\& int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, +\& int lastpos); +\& int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos); +\& X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +\& int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509v3_get_ext_count()\fR retrieves the number of extensions in \fBx\fR. +.PP +\&\fBX509v3_get_ext()\fR retrieves extension \fBloc\fR from \fBx\fR. The index \fBloc\fR +can take any value from \fB0\fR to X509_get_ext_count(x) \- 1. The returned +extension is an internal pointer which \fBmust not\fR be freed up by the +application. +.PP +\&\fBX509v3_get_ext_by_NID()\fR and \fBX509v3_get_ext_by_OBJ()\fR look for an extension +with \fBnid\fR or \fBobj\fR from extension stack \fBx\fR. The search starts from the +extension after \fBlastpos\fR or from the beginning if is \fB\-1\fR. If +the extension is found its index is returned otherwise \fB\-1\fR is returned. +.PP +\&\fBX509v3_get_ext_by_critical()\fR is similar to \fBX509v3_get_ext_by_NID()\fR except it +looks for an extension of criticality \fBcrit\fR. A zero value for \fBcrit\fR +looks for a non-critical extension a non-zero value looks for a critical +extension. +.PP +\&\fBX509v3_delete_ext()\fR deletes the extension with index \fBloc\fR from \fBx\fR. The +deleted extension is returned and must be freed by the caller. If \fBloc\fR +is in invalid index value \fB\s-1NULL\s0\fR is returned. +.PP +\&\fBX509v3_add_ext()\fR adds extension \fBex\fR to stack \fB*x\fR at position \fBloc\fR. If +\&\fBloc\fR is \fB\-1\fR the new extension is added to the end. If \fB*x\fR is \fB\s-1NULL\s0\fR +a new stack will be allocated. The passed extension \fBex\fR is duplicated +internally so it must be freed after use. +.PP +\&\fBX509_get_ext_count()\fR, \fBX509_get_ext()\fR, \fBX509_get_ext_by_NID()\fR, +\&\fBX509_get_ext_by_OBJ()\fR, \fBX509_get_ext_by_critical()\fR, \fBX509_delete_ext()\fR +and \fBX509_add_ext()\fR operate on the extensions of certificate \fBx\fR they are +otherwise identical to the X509v3 functions. +.PP +\&\fBX509_CRL_get_ext_count()\fR, \fBX509_CRL_get_ext()\fR, \fBX509_CRL_get_ext_by_NID()\fR, +\&\fBX509_CRL_get_ext_by_OBJ()\fR, \fBX509_CRL_get_ext_by_critical()\fR, +\&\fBX509_CRL_delete_ext()\fR and \fBX509_CRL_add_ext()\fR operate on the extensions of +\&\s-1CRL\s0 \fBx\fR they are otherwise identical to the X509v3 functions. +.PP +\&\fBX509_REVOKED_get_ext_count()\fR, \fBX509_REVOKED_get_ext()\fR, +\&\fBX509_REVOKED_get_ext_by_NID()\fR, \fBX509_REVOKED_get_ext_by_OBJ()\fR, +\&\fBX509_REVOKED_get_ext_by_critical()\fR, \fBX509_REVOKED_delete_ext()\fR and +\&\fBX509_REVOKED_add_ext()\fR operate on the extensions of \s-1CRL\s0 entry \fBx\fR +they are otherwise identical to the X509v3 functions. +.SH "NOTES" +.IX Header "NOTES" +These functions are used to examine stacks of extensions directly. Many +applications will want to parse or encode and add an extension: they should +use the extension encode and decode functions instead such as +\&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR. +.PP +Extension indices start from zero, so a zero index return value is \fBnot\fR an +error. These search functions start from the extension \fBafter\fR the \fBlastpos\fR +parameter so it should initially be set to \fB\-1\fR, if it is set to zero the +initial extension will not be checked. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509v3_get_ext_count()\fR returns the extension count. +.PP +\&\fBX509v3_get_ext()\fR, \fBX509v3_delete_ext()\fR and \fBX509_delete_ext()\fR return an +\&\fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBX509v3_get_ext_by_NID()\fR \fBX509v3_get_ext_by_OBJ()\fR and +\&\fBX509v3_get_ext_by_critical()\fR return the an extension index or \fB\-1\fR if an +error occurs. +.PP +\&\fBX509v3_add_ext()\fR returns a stack of extensions or \fB\s-1NULL\s0\fR on error. +.PP +\&\fBX509_add_ext()\fR returns 1 on success and 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509V3_get_d2i\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/d2i_DHparams.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/d2i_DHparams.3 new file mode 100644 index 00000000..9638ab72 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/d2i_DHparams.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_DHPARAMS 3" +.TH D2I_DHPARAMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_DHparams, i2d_DHparams \- PKCS#3 DH parameter functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH *d2i_DHparams(DH **a, unsigned char **pp, long length); +\& int i2d_DHparams(DH *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the +DHparameter structure described in PKCS#3. +.PP +Otherwise these behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR +described in the \fBd2i_X509\fR\|(3) manual page. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_DHparams()\fR returns a valid \fB\s-1DH\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBi2d_DHparams()\fR returns the length of encoded data on success or a value which +is less than or equal to 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/d2i_PKCS8PrivateKey_bio.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/d2i_PKCS8PrivateKey_bio.3 new file mode 100644 index 00000000..da9f8399 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/d2i_PKCS8PrivateKey_bio.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_PKCS8PRIVATEKEY_BIO 3" +.TH D2I_PKCS8PRIVATEKEY_BIO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp \- PKCS#8 format private key functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); +\& EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The PKCS#8 functions encode and decode private keys in PKCS#8 format using both +PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms. +.PP +Other than the use of \s-1DER\s0 as opposed to \s-1PEM\s0 these functions are identical to the +corresponding \fB\s-1PEM\s0\fR function as described in \fBPEM_read_PrivateKey\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +These functions are currently the only way to store encrypted private keys using \s-1DER\s0 format. +.PP +Currently all the functions use BIOs or \s-1FILE\s0 pointers, there are no functions which +work directly on memory: this can be readily worked around by converting the buffers +to memory BIOs, see \fBBIO_s_mem\fR\|(3) for details. +.PP +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_PKCS8PrivateKey_bio()\fR and \fBd2i_PKCS8PrivateKey_fp()\fR return a valid \fB\s-1EVP_PKEY\s0\fR +structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBi2d_PKCS8PrivateKey_bio()\fR, \fBi2d_PKCS8PrivateKey_fp()\fR, \fBi2d_PKCS8PrivateKey_nid_bio()\fR +and \fBi2d_PKCS8PrivateKey_nid_fp()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPEM_read_PrivateKey\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/d2i_PrivateKey.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/d2i_PrivateKey.3 new file mode 100644 index 00000000..e09b748d --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/d2i_PrivateKey.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_PRIVATEKEY 3" +.TH D2I_PRIVATEKEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_PrivateKey, d2i_PublicKey, d2i_AutoPrivateKey, i2d_PrivateKey, i2d_PublicKey, d2i_PrivateKey_bio, d2i_PrivateKey_fp \&\- decode and encode functions for reading and saving EVP_PKEY structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); +\& int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); +\& +\& EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +\& EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBd2i_PrivateKey()\fR decodes a private key using algorithm \fBtype\fR. It attempts to +use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The +\&\fBtype\fR parameter should be a public key algorithm constant such as +\&\fB\s-1EVP_PKEY_RSA\s0\fR. An error occurs if the decoded key does not match \fBtype\fR. +\&\fBd2i_PublicKey()\fR does the same for public keys. +.PP +\&\fBd2i_AutoPrivateKey()\fR is similar to \fBd2i_PrivateKey()\fR except it attempts to +automatically detect the private key format. +.PP +\&\fBi2d_PrivateKey()\fR encodes \fBkey\fR. It uses a key specific format or, if none is +defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format. +\&\fBi2d_PublicKey()\fR does the same for public keys. +.PP +These functions are similar to the \fBd2i_X509()\fR functions; see \fBd2i_X509\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +All these functions use \s-1DER\s0 format and unencrypted keys. Applications wishing +to encrypt or decrypt private keys should use other functions such as +\&\fBd2i_PKCS8PrivateKey()\fR instead. +.PP +If the \fB*a\fR is not \s-1NULL\s0 when calling \fBd2i_PrivateKey()\fR or \fBd2i_AutoPrivateKey()\fR +(i.e. an existing structure is being reused) and the key format is PKCS#8 +then \fB*a\fR will be freed and replaced on a successful call. +.PP +To decode a key with type \fB\s-1EVP_PKEY_EC\s0\fR, \fBd2i_PublicKey()\fR requires \fB*a\fR to be +a non-NULL \s-1EVP_PKEY\s0 structure assigned an \s-1EC_KEY\s0 structure referencing the proper +\&\s-1EC_GROUP.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBd2i_PrivateKey()\fR, \fBd2i_AutoPrivateKey()\fR, \fBd2i_PrivateKey_bio()\fR, \fBd2i_PrivateKey_fp()\fR, +and \fBd2i_PublicKey()\fR functions return a valid \fB\s-1EVP_KEY\s0\fR structure or \fB\s-1NULL\s0\fR if an +error occurs. The error code can be obtained by calling \fBERR_get_error\fR\|(3). +.PP +\&\fBi2d_PrivateKey()\fR and \fBi2d_PublicKey()\fR return the number of bytes successfully +encoded or a negative value if an error occurs. The error code can be obtained +by calling \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/d2i_SSL_SESSION.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/d2i_SSL_SESSION.3 new file mode 100644 index 00000000..4f9aab76 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/d2i_SSL_SESSION.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_SSL_SESSION 3" +.TH D2I_SSL_SESSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_SSL_SESSION, i2d_SSL_SESSION \- convert SSL_SESSION object from/to ASN1 representation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, +\& long length); +\& int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an \s-1SSL_SESSION\s0 object. +For encoding details see \fBd2i_X509\fR\|(3). +.PP +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 +object. In case of failure the NULL-pointer is returned and the error message +can be retrieved from the error stack. +.PP +\&\fBi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes. +When the session is not valid, \fB0\fR is returned and no operation is performed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBd2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/d2i_X509.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/d2i_X509.3 new file mode 100644 index 00000000..704c93b2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/d2i_X509.3 @@ -0,0 +1,385 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_X509 3" +.TH D2I_X509 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_ACCESS_DESCRIPTION, d2i_ADMISSIONS, d2i_ADMISSION_SYNTAX, d2i_ASIdOrRange, d2i_ASIdentifierChoice, d2i_ASIdentifiers, d2i_ASN1_BIT_STRING, d2i_ASN1_BMPSTRING, d2i_ASN1_ENUMERATED, d2i_ASN1_GENERALIZEDTIME, d2i_ASN1_GENERALSTRING, d2i_ASN1_IA5STRING, d2i_ASN1_INTEGER, d2i_ASN1_NULL, d2i_ASN1_OBJECT, d2i_ASN1_OCTET_STRING, d2i_ASN1_PRINTABLE, d2i_ASN1_PRINTABLESTRING, d2i_ASN1_SEQUENCE_ANY, d2i_ASN1_SET_ANY, d2i_ASN1_T61STRING, d2i_ASN1_TIME, d2i_ASN1_TYPE, d2i_ASN1_UINTEGER, d2i_ASN1_UNIVERSALSTRING, d2i_ASN1_UTCTIME, d2i_ASN1_UTF8STRING, d2i_ASN1_VISIBLESTRING, d2i_ASRange, d2i_AUTHORITY_INFO_ACCESS, d2i_AUTHORITY_KEYID, d2i_BASIC_CONSTRAINTS, d2i_CERTIFICATEPOLICIES, d2i_CMS_ContentInfo, d2i_CMS_ReceiptRequest, d2i_CMS_bio, d2i_CRL_DIST_POINTS, d2i_DHxparams, d2i_DIRECTORYSTRING, d2i_DISPLAYTEXT, d2i_DIST_POINT, d2i_DIST_POINT_NAME, d2i_DSAPrivateKey, d2i_DSAPrivateKey_bio, d2i_DSAPrivateKey_fp, d2i_DSAPublicKey, d2i_DSA_PUBKEY, d2i_DSA_PUBKEY_bio, d2i_DSA_PUBKEY_fp, d2i_DSA_SIG, d2i_DSAparams, d2i_ECDSA_SIG, d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio, d2i_ECPrivateKey_fp, d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp, d2i_EDIPARTYNAME, d2i_ESS_CERT_ID, d2i_ESS_ISSUER_SERIAL, d2i_ESS_SIGNING_CERT, d2i_EXTENDED_KEY_USAGE, d2i_GENERAL_NAME, d2i_GENERAL_NAMES, d2i_IPAddressChoice, d2i_IPAddressFamily, d2i_IPAddressOrRange, d2i_IPAddressRange, d2i_ISSUING_DIST_POINT, d2i_NAMING_AUTHORITY, d2i_NETSCAPE_CERT_SEQUENCE, d2i_NETSCAPE_SPKAC, d2i_NETSCAPE_SPKI, d2i_NOTICEREF, d2i_OCSP_BASICRESP, d2i_OCSP_CERTID, d2i_OCSP_CERTSTATUS, d2i_OCSP_CRLID, d2i_OCSP_ONEREQ, d2i_OCSP_REQINFO, d2i_OCSP_REQUEST, d2i_OCSP_RESPBYTES, d2i_OCSP_RESPDATA, d2i_OCSP_RESPID, d2i_OCSP_RESPONSE, d2i_OCSP_REVOKEDINFO, d2i_OCSP_SERVICELOC, d2i_OCSP_SIGNATURE, d2i_OCSP_SINGLERESP, d2i_OTHERNAME, d2i_PBE2PARAM, d2i_PBEPARAM, d2i_PBKDF2PARAM, d2i_PKCS12, d2i_PKCS12_BAGS, d2i_PKCS12_MAC_DATA, d2i_PKCS12_SAFEBAG, d2i_PKCS12_bio, d2i_PKCS12_fp, d2i_PKCS7, d2i_PKCS7_DIGEST, d2i_PKCS7_ENCRYPT, d2i_PKCS7_ENC_CONTENT, d2i_PKCS7_ENVELOPE, d2i_PKCS7_ISSUER_AND_SERIAL, d2i_PKCS7_RECIP_INFO, d2i_PKCS7_SIGNED, d2i_PKCS7_SIGNER_INFO, d2i_PKCS7_SIGN_ENVELOPE, d2i_PKCS7_bio, d2i_PKCS7_fp, d2i_PKCS8_PRIV_KEY_INFO, d2i_PKCS8_PRIV_KEY_INFO_bio, d2i_PKCS8_PRIV_KEY_INFO_fp, d2i_PKCS8_bio, d2i_PKCS8_fp, d2i_PKEY_USAGE_PERIOD, d2i_POLICYINFO, d2i_POLICYQUALINFO, d2i_PROFESSION_INFO, d2i_PROXY_CERT_INFO_EXTENSION, d2i_PROXY_POLICY, d2i_RSAPrivateKey, d2i_RSAPrivateKey_bio, d2i_RSAPrivateKey_fp, d2i_RSAPublicKey, d2i_RSAPublicKey_bio, d2i_RSAPublicKey_fp, d2i_RSA_OAEP_PARAMS, d2i_RSA_PSS_PARAMS, d2i_RSA_PUBKEY, d2i_RSA_PUBKEY_bio, d2i_RSA_PUBKEY_fp, d2i_SCRYPT_PARAMS, d2i_SCT_LIST, d2i_SXNET, d2i_SXNETID, d2i_TS_ACCURACY, d2i_TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT_bio, d2i_TS_MSG_IMPRINT_fp, d2i_TS_REQ, d2i_TS_REQ_bio, d2i_TS_REQ_fp, d2i_TS_RESP, d2i_TS_RESP_bio, d2i_TS_RESP_fp, d2i_TS_STATUS_INFO, d2i_TS_TST_INFO, d2i_TS_TST_INFO_bio, d2i_TS_TST_INFO_fp, d2i_USERNOTICE, d2i_X509, d2i_X509_ALGOR, d2i_X509_ALGORS, d2i_X509_ATTRIBUTE, d2i_X509_CERT_AUX, d2i_X509_CINF, d2i_X509_CRL, d2i_X509_CRL_INFO, d2i_X509_CRL_bio, d2i_X509_CRL_fp, d2i_X509_EXTENSION, d2i_X509_EXTENSIONS, d2i_X509_NAME, d2i_X509_NAME_ENTRY, d2i_X509_PUBKEY, d2i_X509_REQ, d2i_X509_REQ_INFO, d2i_X509_REQ_bio, d2i_X509_REQ_fp, d2i_X509_REVOKED, d2i_X509_SIG, d2i_X509_VAL, i2d_ACCESS_DESCRIPTION, i2d_ADMISSIONS, i2d_ADMISSION_SYNTAX, i2d_ASIdOrRange, i2d_ASIdentifierChoice, i2d_ASIdentifiers, i2d_ASN1_BIT_STRING, i2d_ASN1_BMPSTRING, i2d_ASN1_ENUMERATED, i2d_ASN1_GENERALIZEDTIME, i2d_ASN1_GENERALSTRING, i2d_ASN1_IA5STRING, i2d_ASN1_INTEGER, i2d_ASN1_NULL, i2d_ASN1_OBJECT, i2d_ASN1_OCTET_STRING, i2d_ASN1_PRINTABLE, i2d_ASN1_PRINTABLESTRING, i2d_ASN1_SEQUENCE_ANY, i2d_ASN1_SET_ANY, i2d_ASN1_T61STRING, i2d_ASN1_TIME, i2d_ASN1_TYPE, i2d_ASN1_UNIVERSALSTRING, i2d_ASN1_UTCTIME, i2d_ASN1_UTF8STRING, i2d_ASN1_VISIBLESTRING, i2d_ASN1_bio_stream, i2d_ASRange, i2d_AUTHORITY_INFO_ACCESS, i2d_AUTHORITY_KEYID, i2d_BASIC_CONSTRAINTS, i2d_CERTIFICATEPOLICIES, i2d_CMS_ContentInfo, i2d_CMS_ReceiptRequest, i2d_CMS_bio, i2d_CRL_DIST_POINTS, i2d_DHxparams, i2d_DIRECTORYSTRING, i2d_DISPLAYTEXT, i2d_DIST_POINT, i2d_DIST_POINT_NAME, i2d_DSAPrivateKey, i2d_DSAPrivateKey_bio, i2d_DSAPrivateKey_fp, i2d_DSAPublicKey, i2d_DSA_PUBKEY, i2d_DSA_PUBKEY_bio, i2d_DSA_PUBKEY_fp, i2d_DSA_SIG, i2d_DSAparams, i2d_ECDSA_SIG, i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio, i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio, i2d_EC_PUBKEY_fp, i2d_EDIPARTYNAME, i2d_ESS_CERT_ID, i2d_ESS_ISSUER_SERIAL, i2d_ESS_SIGNING_CERT, i2d_EXTENDED_KEY_USAGE, i2d_GENERAL_NAME, i2d_GENERAL_NAMES, i2d_IPAddressChoice, i2d_IPAddressFamily, i2d_IPAddressOrRange, i2d_IPAddressRange, i2d_ISSUING_DIST_POINT, i2d_NAMING_AUTHORITY, i2d_NETSCAPE_CERT_SEQUENCE, i2d_NETSCAPE_SPKAC, i2d_NETSCAPE_SPKI, i2d_NOTICEREF, i2d_OCSP_BASICRESP, i2d_OCSP_CERTID, i2d_OCSP_CERTSTATUS, i2d_OCSP_CRLID, i2d_OCSP_ONEREQ, i2d_OCSP_REQINFO, i2d_OCSP_REQUEST, i2d_OCSP_RESPBYTES, i2d_OCSP_RESPDATA, i2d_OCSP_RESPID, i2d_OCSP_RESPONSE, i2d_OCSP_REVOKEDINFO, i2d_OCSP_SERVICELOC, i2d_OCSP_SIGNATURE, i2d_OCSP_SINGLERESP, i2d_OTHERNAME, i2d_PBE2PARAM, i2d_PBEPARAM, i2d_PBKDF2PARAM, i2d_PKCS12, i2d_PKCS12_BAGS, i2d_PKCS12_MAC_DATA, i2d_PKCS12_SAFEBAG, i2d_PKCS12_bio, i2d_PKCS12_fp, i2d_PKCS7, i2d_PKCS7_DIGEST, i2d_PKCS7_ENCRYPT, i2d_PKCS7_ENC_CONTENT, i2d_PKCS7_ENVELOPE, i2d_PKCS7_ISSUER_AND_SERIAL, i2d_PKCS7_NDEF, i2d_PKCS7_RECIP_INFO, i2d_PKCS7_SIGNED, i2d_PKCS7_SIGNER_INFO, i2d_PKCS7_SIGN_ENVELOPE, i2d_PKCS7_bio, i2d_PKCS7_fp, i2d_PKCS8PrivateKeyInfo_bio, i2d_PKCS8PrivateKeyInfo_fp, i2d_PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO_bio, i2d_PKCS8_PRIV_KEY_INFO_fp, i2d_PKCS8_bio, i2d_PKCS8_fp, i2d_PKEY_USAGE_PERIOD, i2d_POLICYINFO, i2d_POLICYQUALINFO, i2d_PROFESSION_INFO, i2d_PROXY_CERT_INFO_EXTENSION, i2d_PROXY_POLICY, i2d_RSAPrivateKey, i2d_RSAPrivateKey_bio, i2d_RSAPrivateKey_fp, i2d_RSAPublicKey, i2d_RSAPublicKey_bio, i2d_RSAPublicKey_fp, i2d_RSA_OAEP_PARAMS, i2d_RSA_PSS_PARAMS, i2d_RSA_PUBKEY, i2d_RSA_PUBKEY_bio, i2d_RSA_PUBKEY_fp, i2d_SCRYPT_PARAMS, i2d_SCT_LIST, i2d_SXNET, i2d_SXNETID, i2d_TS_ACCURACY, i2d_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT_bio, i2d_TS_MSG_IMPRINT_fp, i2d_TS_REQ, i2d_TS_REQ_bio, i2d_TS_REQ_fp, i2d_TS_RESP, i2d_TS_RESP_bio, i2d_TS_RESP_fp, i2d_TS_STATUS_INFO, i2d_TS_TST_INFO, i2d_TS_TST_INFO_bio, i2d_TS_TST_INFO_fp, i2d_USERNOTICE, i2d_X509, i2d_X509_ALGOR, i2d_X509_ALGORS, i2d_X509_ATTRIBUTE, i2d_X509_CERT_AUX, i2d_X509_CINF, i2d_X509_CRL, i2d_X509_CRL_INFO, i2d_X509_CRL_bio, i2d_X509_CRL_fp, i2d_X509_EXTENSION, i2d_X509_EXTENSIONS, i2d_X509_NAME, i2d_X509_NAME_ENTRY, i2d_X509_PUBKEY, i2d_X509_REQ, i2d_X509_REQ_INFO, i2d_X509_REQ_bio, i2d_X509_REQ_fp, i2d_X509_REVOKED, i2d_X509_SIG, i2d_X509_VAL, \&\- convert objects from/to ASN.1/DER representation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length); +\& TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a); +\& TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a); +\& +\& int i2d_TYPE(TYPE *a, unsigned char **ppout); +\& int i2d_TYPE_fp(FILE *fp, TYPE *a); +\& int i2d_TYPE_bio(BIO *bp, TYPE *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description here, \fI\s-1TYPE\s0\fR is used a placeholder +for any of the OpenSSL datatypes, such as \fIX509_CRL\fR. +The function parameters \fIppin\fR and \fIppout\fR are generally +either both named \fIpp\fR in the headers, or \fIin\fR and \fIout\fR. +.PP +These functions convert OpenSSL objects to and from their \s-1ASN.1/DER\s0 +encoding. Unlike the C structures which can have pointers to sub-objects +within, the \s-1DER\s0 is a serialized encoding, suitable for sending over the +network, writing to a file, and so on. +.PP +\&\fBd2i_TYPE()\fR attempts to decode \fBlen\fR bytes at \fB*ppin\fR. If successful a +pointer to the \fB\s-1TYPE\s0\fR structure is returned and \fB*ppin\fR is incremented to +the byte following the parsed data. If \fBa\fR is not \fB\s-1NULL\s0\fR then a pointer +to the returned structure is also written to \fB*a\fR. If an error occurred +then \fB\s-1NULL\s0\fR is returned. +.PP +On a successful return, if \fB*a\fR is not \fB\s-1NULL\s0\fR then it is assumed that \fB*a\fR +contains a valid \fB\s-1TYPE\s0\fR structure and an attempt is made to reuse it. This +\&\*(L"reuse\*(R" capability is present for historical compatibility but its use is +\&\fBstrongly discouraged\fR (see \s-1BUGS\s0 below, and the discussion in the \s-1RETURN +VALUES\s0 section). +.PP +\&\fBd2i_TYPE_bio()\fR is similar to \fBd2i_TYPE()\fR except it attempts +to parse data from \s-1BIO\s0 \fBbp\fR. +.PP +\&\fBd2i_TYPE_fp()\fR is similar to \fBd2i_TYPE()\fR except it attempts +to parse data from \s-1FILE\s0 pointer \fBfp\fR. +.PP +\&\fBi2d_TYPE()\fR encodes the structure pointed to by \fBa\fR into \s-1DER\s0 format. +If \fBppout\fR is not \fB\s-1NULL\s0\fR, it writes the \s-1DER\s0 encoded data to the buffer +at \fB*ppout\fR, and increments it to point after the data just written. +If the return value is negative an error occurred, otherwise it +returns the length of the encoded data. +.PP +If \fB*ppout\fR is \fB\s-1NULL\s0\fR memory will be allocated for a buffer and the encoded +data written to it. In this case \fB*ppout\fR is not incremented and it points +to the start of the data just written. +.PP +\&\fBi2d_TYPE_bio()\fR is similar to \fBi2d_TYPE()\fR except it writes +the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it +returns 1 for success and 0 for failure. +.PP +\&\fBi2d_TYPE_fp()\fR is similar to \fBi2d_TYPE()\fR except it writes +the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it +returns 1 for success and 0 for failure. +.PP +These routines do not encrypt private keys and therefore offer no +security; use \fBPEM_write_PrivateKey\fR\|(3) or similar for writing to files. +.SH "NOTES" +.IX Header "NOTES" +The letters \fBi\fR and \fBd\fR in \fBi2d_TYPE\fR stand for +\&\*(L"internal\*(R" (that is, an internal C structure) and \*(L"\s-1DER\*(R"\s0 respectively. +So \fBi2d_TYPE\fR converts from internal to \s-1DER.\s0 +.PP +The functions can also understand \fB\s-1BER\s0\fR forms. +.PP +The actual \s-1TYPE\s0 structure passed to \fBi2d_TYPE()\fR must be a valid +populated \fB\s-1TYPE\s0\fR structure \*(-- it \fBcannot\fR simply be fed with an +empty structure such as that returned by \fBTYPE_new()\fR. +.PP +The encoded data is in binary form and may contain embedded zeroes. +Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. +Functions such as \fBstrlen()\fR will \fBnot\fR return the correct length +of the encoded structure. +.PP +The ways that \fB*ppin\fR and \fB*ppout\fR are incremented after the operation +can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section for some common +errors. +The reason for this-auto increment behaviour is to reflect a typical +usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded +another will be processed after it. +.PP +The following points about the data types might be useful: +.IP "\fB\s-1ASN1_OBJECT\s0\fR" 4 +.IX Item "ASN1_OBJECT" +Represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 +.IP "\fBDHparams\fR" 4 +.IX Item "DHparams" +Represents a PKCS#3 \s-1DH\s0 parameters structure. +.IP "\fBDHxparams\fR" 4 +.IX Item "DHxparams" +Represents an \s-1ANSI X9.42 DH\s0 parameters structure. +.IP "\fB\s-1DSA_PUBKEY\s0\fR" 4 +.IX Item "DSA_PUBKEY" +Represents a \s-1DSA\s0 public key using a \fBSubjectPublicKeyInfo\fR structure. +.IP "\fBDSAPublicKey, DSAPrivateKey\fR" 4 +.IX Item "DSAPublicKey, DSAPrivateKey" +Use a non-standard OpenSSL format and should be avoided; use \fB\s-1DSA_PUBKEY\s0\fR, +\&\fB\fBPEM_write_PrivateKey\fB\|(3)\fR, or similar instead. +.IP "\fB\s-1ECDSA_SIG\s0\fR" 4 +.IX Item "ECDSA_SIG" +Represents an \s-1ECDSA\s0 signature. +.IP "\fBRSAPublicKey\fR" 4 +.IX Item "RSAPublicKey" +Represents a PKCS#1 \s-1RSA\s0 public key structure. +.IP "\fBX509_ALGOR\fR" 4 +.IX Item "X509_ALGOR" +Represents an \fBAlgorithmIdentifier\fR structure as used in \s-1IETF RFC 6960\s0 and +elsewhere. +.IP "\fBX509_Name\fR" 4 +.IX Item "X509_Name" +Represents a \fBName\fR type as used for subject and issuer names in +\&\s-1IETF RFC 6960\s0 and elsewhere. +.IP "\fBX509_REQ\fR" 4 +.IX Item "X509_REQ" +Represents a PKCS#10 certificate request. +.IP "\fBX509_SIG\fR" 4 +.IX Item "X509_SIG" +Represents the \fBDigestInfo\fR structure defined in PKCS#1 and PKCS#7. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_TYPE()\fR, \fBd2i_TYPE_bio()\fR and \fBd2i_TYPE_fp()\fR return a valid \fB\s-1TYPE\s0\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. If the \*(L"reuse\*(R" capability has been used with +a valid structure being passed in via \fBa\fR, then the object is freed in +the event of error and \fB*a\fR is set to \s-1NULL.\s0 +.PP +\&\fBi2d_TYPE()\fR returns the number of bytes successfully encoded or a negative +value if an error occurs. +.PP +\&\fBi2d_TYPE_bio()\fR and \fBi2d_TYPE_fp()\fR return 1 for success and 0 if an error +occurs. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Allocate and encode the \s-1DER\s0 encoding of an X509 structure: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +\& +\& buf = NULL; +\& len = i2d_X509(x, &buf); +\& if (len < 0) +\& /* error */ +.Ve +.PP +Attempt to decode a buffer: +.PP +.Vb 3 +\& X509 *x; +\& unsigned char *buf, *p; +\& int len; +\& +\& /* Set up buf and len to point to the input buffer. */ +\& p = buf; +\& x = d2i_X509(NULL, &p, len); +\& if (x == NULL) +\& /* error */ +.Ve +.PP +Alternative technique: +.PP +.Vb 3 +\& X509 *x; +\& unsigned char *buf, *p; +\& int len; +\& +\& /* Set up buf and len to point to the input buffer. */ +\& p = buf; +\& x = NULL; +\& +\& if (d2i_X509(&x, &p, len) == NULL) +\& /* error */ +.Ve +.SH "WARNINGS" +.IX Header "WARNINGS" +Using a temporary variable is mandatory. A common +mistake is to attempt to use a buffer directly as follows: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +\& +\& len = i2d_X509(x, NULL); +\& buf = OPENSSL_malloc(len); +\& ... +\& i2d_X509(x, &buf); +\& ... +\& OPENSSL_free(buf); +.Ve +.PP +This code will result in \fBbuf\fR apparently containing garbage because +it was incremented after the call to point after the data just written. +Also \fBbuf\fR will no longer contain the pointer allocated by \fBOPENSSL_malloc()\fR +and the subsequent call to \fBOPENSSL_free()\fR is likely to crash. +.PP +Another trap to avoid is misuse of the \fBa\fR argument to \fBd2i_TYPE()\fR: +.PP +.Vb 1 +\& X509 *x; +\& +\& if (d2i_X509(&x, &p, len) == NULL) +\& /* error */ +.Ve +.PP +This will probably crash somewhere in \fBd2i_X509()\fR. The reason for this +is that the variable \fBx\fR is uninitialized and an attempt will be made to +interpret its (invalid) value as an \fBX509\fR structure, typically causing +a segmentation violation. If \fBx\fR is set to \s-1NULL\s0 first then this will not +happen. +.SH "BUGS" +.IX Header "BUGS" +In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fBd2i_TYPE()\fR when +\&\fB*a\fR is valid is broken and some parts of the reused structure may +persist if they are not present in the new one. Additionally, in versions of +OpenSSL prior to 1.1.0, when the \*(L"reuse\*(R" behaviour is used and an error occurs +the behaviour is inconsistent. Some functions behaved as described here, while +some did not free \fB*a\fR on error and did not set \fB*a\fR to \s-1NULL.\s0 +.PP +As a result of the above issues the \*(L"reuse\*(R" behaviour is strongly discouraged. +.PP +\&\fBi2d_TYPE()\fR will not return an error in many versions of OpenSSL, +if mandatory fields are not initialized due to a programming error +then the encoded structure may contain invalid data or omit the +fields entirely and will not be parsed by \fBd2i_TYPE()\fR. This may be +fixed in future so code should not assume that \fBi2d_TYPE()\fR will +always succeed. +.PP +Any function which encodes a structure (\fBi2d_TYPE()\fR, +\&\fBi2d_TYPE()\fR or \fBi2d_TYPE()\fR) may return a stale encoding if the +structure has been modified after deserialization or previous +serialization. This is because some objects cache the encoding for +efficiency reasons. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 1998\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/i2d_CMS_bio_stream.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/i2d_CMS_bio_stream.3 new file mode 100644 index 00000000..e0451405 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/i2d_CMS_bio_stream.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "I2D_CMS_BIO_STREAM 3" +.TH I2D_CMS_BIO_STREAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2d_CMS_bio_stream \- output CMS_ContentInfo structure in BER format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format. +.PP +It is otherwise identical to the function \fBSMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fBi2d_CMS_bio()\fR supporting +streaming. +.SH "BUGS" +.IX Header "BUGS" +The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3), +\&\fBSMIME_write_CMS\fR\|(3), +\&\fBPEM_write_bio_CMS_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBi2d_CMS_bio_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/i2d_PKCS7_bio_stream.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/i2d_PKCS7_bio_stream.3 new file mode 100644 index 00000000..657ed5d7 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/i2d_PKCS7_bio_stream.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "I2D_PKCS7_BIO_STREAM 3" +.TH I2D_PKCS7_BIO_STREAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2d_PKCS7_bio_stream \- output PKCS7 structure in BER format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format. +.PP +It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fBd2i_PKCS7_bio()\fR supporting +streaming. +.SH "BUGS" +.IX Header "BUGS" +The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3), +\&\fBSMIME_write_PKCS7\fR\|(3), +\&\fBPEM_write_bio_PKCS7_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBi2d_PKCS7_bio_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/i2d_re_X509_tbs.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/i2d_re_X509_tbs.3 new file mode 100644 index 00000000..e9cb58d3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/i2d_re_X509_tbs.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "I2D_RE_X509_TBS 3" +.TH I2D_RE_X509_TBS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_X509_AUX, i2d_X509_AUX, i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs \&\- X509 encode and decode functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len); +\& int i2d_X509_AUX(X509 *x, unsigned char **out); +\& int i2d_re_X509_tbs(X509 *x, unsigned char **out); +\& int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp); +\& int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 encode and decode routines encode and parse an +\&\fBX509\fR structure, which represents an X509 certificate. +.PP +\&\fBd2i_X509_AUX()\fR is similar to \fBd2i_X509\fR\|(3) but the input is expected to +consist of an X509 certificate followed by auxiliary trust information. +This is used by the \s-1PEM\s0 routines to read \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. +This function should not be called on untrusted input. +.PP +\&\fBi2d_X509_AUX()\fR is similar to \fBi2d_X509\fR\|(3), but the encoded output +contains both the certificate and any auxiliary trust information. +This is used by the \s-1PEM\s0 routines to write \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. +Note that this is a non-standard OpenSSL-specific data format. +.PP +\&\fBi2d_re_X509_tbs()\fR is similar to \fBi2d_X509\fR\|(3) except it encodes only +the TBSCertificate portion of the certificate. \fBi2d_re_X509_CRL_tbs()\fR +and \fBi2d_re_X509_REQ_tbs()\fR are analogous for \s-1CRL\s0 and certificate request, +respectively. The \*(L"re\*(R" in \fBi2d_re_X509_tbs\fR stands for \*(L"re-encode\*(R", +and ensures that a fresh encoding is generated in case the object has been +modified after creation (see the \s-1BUGS\s0 section). +.PP +The encoding of the TBSCertificate portion of a certificate is cached +in the \fBX509\fR structure internally to improve encoding performance +and to ensure certificate signatures are verified correctly in some +certificates with broken (non-DER) encodings. +.PP +If, after modification, the \fBX509\fR object is re-signed with \fBX509_sign()\fR, +the encoding is automatically renewed. Otherwise, the encoding of the +TBSCertificate portion of the \fBX509\fR can be manually renewed by calling +\&\fBi2d_re_X509_tbs()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_X509_AUX()\fR returns a valid \fBX509\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBi2d_X509_AUX()\fR returns the length of encoded data or \-1 on error. +.PP +\&\fBi2d_re_X509_tbs()\fR, \fBi2d_re_X509_CRL_tbs()\fR and \fBi2d_re_X509_REQ_tbs()\fR return the +length of encoded data or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/o2i_SCT_LIST.3 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/o2i_SCT_LIST.3 new file mode 100644 index 00000000..b1120f9b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man3/o2i_SCT_LIST.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "O2I_SCT_LIST 3" +.TH O2I_SCT_LIST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT \- decode and encode Signed Certificate Timestamp lists in TLS wire format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, +\& size_t len); +\& int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); +\& SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); +\& int i2o_SCT(const SCT *sct, unsigned char **out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SCT_LIST\s0 and \s-1SCT\s0 functions are very similar to the i2d and d2i family of +functions, except that they convert to and from \s-1TLS\s0 wire format, as described in +\&\s-1RFC 6962.\s0 See d2i_SCT_LIST for more information about how the parameters are +treated and the return values. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All of the functions have return values consistent with those stated for +d2i_SCT_LIST and i2d_SCT_LIST. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7), +\&\fBd2i_SCT_LIST\fR\|(3), +\&\fBi2d_SCT_LIST\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man5/config.5 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man5/config.5 new file mode 100644 index 00000000..f9664b73 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man5/config.5 @@ -0,0 +1,600 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CONFIG 5" +.TH CONFIG 5 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +config \- OpenSSL CONF library configuration files +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL \s-1CONF\s0 library can be used to read configuration files. +It is used for the OpenSSL master configuration file \fBopenssl.cnf\fR +and in a few other places like \fB\s-1SPKAC\s0\fR files and certificate extension +files for the \fBx509\fR utility. OpenSSL applications can also use the +\&\s-1CONF\s0 library for their own purposes. +.PP +A configuration file is divided into a number of sections. Each section +starts with a line \fB[ section_name ]\fR and ends when a new section is +started or end of file is reached. A section name can consist of +alphanumeric characters and underscores. +.PP +The first section of a configuration file is special and is referred +to as the \fBdefault\fR section. This section is usually unnamed and spans from the +start of file until the first named section. When a name is being looked up +it is first looked up in a named section (if any) and then the +default section. +.PP +The environment is mapped onto a section called \fB\s-1ENV\s0\fR. +.PP +Comments can be included by preceding them with the \fB#\fR character +.PP +Other files can be included using the \fB.include\fR directive followed +by a path. If the path points to a directory all files with +names ending with \fB.cnf\fR or \fB.conf\fR are included from the directory. +Recursive inclusion of directories from files in such directory is not +supported. That means the files in the included directory can also contain +\&\fB.include\fR directives but only inclusion of regular files is supported +there. The inclusion of directories is not supported on systems without +\&\s-1POSIX IO\s0 support. +.PP +It is strongly recommended to use absolute paths with the \fB.include\fR +directive. Relative paths are evaluated based on the application current +working directory so unless the configuration file containing the +\&\fB.include\fR directive is application specific the inclusion will not +work as expected. +.PP +There can be optional \fB=\fR character and whitespace characters between +\&\fB.include\fR directive and the path which can be useful in cases the +configuration file needs to be loaded by old OpenSSL versions which do +not support the \fB.include\fR syntax. They would bail out with error +if the \fB=\fR character is not present but with it they just ignore +the include. +.PP +Each section in a configuration file consists of a number of name and +value pairs of the form \fBname=value\fR +.PP +The \fBname\fR string can contain any alphanumeric characters as well as +a few punctuation symbols such as \fB.\fR \fB,\fR \fB;\fR and \fB_\fR. +.PP +The \fBvalue\fR string consists of the string following the \fB=\fR character +until end of line with any leading and trailing white space removed. +.PP +The value string undergoes variable expansion. This can be done by +including the form \fB\f(CB$var\fB\fR or \fB${var}\fR: this will substitute the value +of the named variable in the current section. It is also possible to +substitute a value from another section using the syntax \fB\f(CB$section::name\fB\fR +or \fB${section::name}\fR. By using the form \fB\f(CB$ENV::name\fB\fR environment +variables can be substituted. It is also possible to assign values to +environment variables by using the name \fBENV::name\fR, this will work +if the program looks up environment variables using the \fB\s-1CONF\s0\fR library +instead of calling \fBgetenv()\fR directly. The value string must not exceed 64k in +length after variable expansion. Otherwise an error will occur. +.PP +It is possible to escape certain characters by using any kind of quote +or the \fB\e\fR character. By making the last character of a line a \fB\e\fR +a \fBvalue\fR string can be spread across multiple lines. In addition +the sequences \fB\en\fR, \fB\er\fR, \fB\eb\fR and \fB\et\fR are recognized. +.PP +All expansion and escape rules as described above that apply to \fBvalue\fR +also apply to the path of the \fB.include\fR directive. +.SH "OPENSSL LIBRARY CONFIGURATION" +.IX Header "OPENSSL LIBRARY CONFIGURATION" +Applications can automatically configure certain +aspects of OpenSSL using the master OpenSSL configuration file, or optionally +an alternative configuration file. The \fBopenssl\fR utility includes this +functionality: any sub command uses the master OpenSSL configuration file +unless an option is used in the sub command to use an alternative configuration +file. +.PP +To enable library configuration the default section needs to contain an +appropriate line which points to the main configuration section. The default +name is \fBopenssl_conf\fR which is used by the \fBopenssl\fR utility. Other +applications may use an alternative name such as \fBmyapplication_conf\fR. +All library configuration lines appear in the default section at the start +of the configuration file. +.PP +The configuration section should consist of a set of name value pairs which +contain specific module configuration information. The \fBname\fR represents +the name of the \fIconfiguration module\fR. The meaning of the \fBvalue\fR is +module specific: it may, for example, represent a further configuration +section containing configuration module specific information. E.g.: +.PP +.Vb 2 +\& # This must be in the default section +\& openssl_conf = openssl_init +\& +\& [openssl_init] +\& +\& oid_section = new_oids +\& engines = engine_section +\& +\& [new_oids] +\& +\& ... new oids here ... +\& +\& [engine_section] +\& +\& ... engine stuff here ... +.Ve +.PP +The features of each configuration module are described below. +.SS "\s-1ASN1\s0 Object Configuration Module" +.IX Subsection "ASN1 Object Configuration Module" +This module has the name \fBoid_section\fR. The value of this variable points +to a section containing name value pairs of OIDs: the name is the \s-1OID\s0 short +and long name, the value is the numerical form of the \s-1OID.\s0 Although some of +the \fBopenssl\fR utility sub commands already have their own \s-1ASN1 OBJECT\s0 section +functionality not all do. By using the \s-1ASN1 OBJECT\s0 configuration module +\&\fBall\fR the \fBopenssl\fR utility sub commands can see the new objects as well +as any compliant applications. For example: +.PP +.Vb 1 +\& [new_oids] +\& +\& some_new_oid = 1.2.3.4 +\& some_other_oid = 1.2.3.5 +.Ve +.PP +It is also possible to set the value to the long name followed +by a comma and the numerical \s-1OID\s0 form. For example: +.PP +.Vb 1 +\& shortName = some object long name, 1.2.3.4 +.Ve +.SS "Engine Configuration Module" +.IX Subsection "Engine Configuration Module" +This \s-1ENGINE\s0 configuration module has the name \fBengines\fR. The value of this +variable points to a section containing further \s-1ENGINE\s0 configuration +information. +.PP +The section pointed to by \fBengines\fR is a table of engine names (though see +\&\fBengine_id\fR below) and further sections containing configuration information +specific to each \s-1ENGINE.\s0 +.PP +Each \s-1ENGINE\s0 specific section is used to set default algorithms, load +dynamic, perform initialization and send ctrls. The actual operation performed +depends on the \fIcommand\fR name which is the name of the name value pair. The +currently supported commands are listed below. +.PP +For example: +.PP +.Vb 1 +\& [engine_section] +\& +\& # Configure ENGINE named "foo" +\& foo = foo_section +\& # Configure ENGINE named "bar" +\& bar = bar_section +\& +\& [foo_section] +\& ... foo ENGINE specific commands ... +\& +\& [bar_section] +\& ... "bar" ENGINE specific commands ... +.Ve +.PP +The command \fBengine_id\fR is used to give the \s-1ENGINE\s0 name. If used this +command must be first. For example: +.PP +.Vb 3 +\& [engine_section] +\& # This would normally handle an ENGINE named "foo" +\& foo = foo_section +\& +\& [foo_section] +\& # Override default name and use "myfoo" instead. +\& engine_id = myfoo +.Ve +.PP +The command \fBdynamic_path\fR loads and adds an \s-1ENGINE\s0 from the given path. It +is equivalent to sending the ctrls \fB\s-1SO_PATH\s0\fR with the path argument followed +by \fB\s-1LIST_ADD\s0\fR with value 2 and \fB\s-1LOAD\s0\fR to the dynamic \s-1ENGINE.\s0 If this is +not the required behaviour then alternative ctrls can be sent directly +to the dynamic \s-1ENGINE\s0 using ctrl commands. +.PP +The command \fBinit\fR determines whether to initialize the \s-1ENGINE.\s0 If the value +is \fB0\fR the \s-1ENGINE\s0 will not be initialized, if \fB1\fR and attempt it made to +initialized the \s-1ENGINE\s0 immediately. If the \fBinit\fR command is not present +then an attempt will be made to initialize the \s-1ENGINE\s0 after all commands in +its section have been processed. +.PP +The command \fBdefault_algorithms\fR sets the default algorithms an \s-1ENGINE\s0 will +supply using the functions \fBENGINE_set_default_string()\fR. +.PP +If the name matches none of the above command names it is assumed to be a +ctrl command which is sent to the \s-1ENGINE.\s0 The value of the command is the +argument to the ctrl command. If the value is the string \fB\s-1EMPTY\s0\fR then no +value is sent to the command. +.PP +For example: +.PP +.Vb 1 +\& [engine_section] +\& +\& # Configure ENGINE named "foo" +\& foo = foo_section +\& +\& [foo_section] +\& # Load engine from DSO +\& dynamic_path = /some/path/fooengine.so +\& # A foo specific ctrl. +\& some_ctrl = some_value +\& # Another ctrl that doesn\*(Aqt take a value. +\& other_ctrl = EMPTY +\& # Supply all default algorithms +\& default_algorithms = ALL +.Ve +.SS "\s-1EVP\s0 Configuration Module" +.IX Subsection "EVP Configuration Module" +This modules has the name \fBalg_section\fR which points to a section containing +algorithm commands. +.PP +Currently the only algorithm command supported is \fBfips_mode\fR whose +value can only be the boolean string \fBoff\fR. If \fBfips_mode\fR is set to \fBon\fR, +an error occurs as this library version is not \s-1FIPS\s0 capable. +.SS "\s-1SSL\s0 Configuration Module" +.IX Subsection "SSL Configuration Module" +This module has the name \fBssl_conf\fR which points to a section containing +\&\s-1SSL\s0 configurations. +.PP +Each line in the \s-1SSL\s0 configuration section contains the name of the +configuration and the section containing it. +.PP +Each configuration section consists of command value pairs for \fB\s-1SSL_CONF\s0\fR. +Each pair will be passed to a \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure if it calls +\&\fBSSL_CTX_config()\fR or \fBSSL_config()\fR with the appropriate configuration name. +.PP +Note: any characters before an initial dot in the configuration section are +ignored so the same command can be used multiple times. +.PP +For example: +.PP +.Vb 1 +\& ssl_conf = ssl_sect +\& +\& [ssl_sect] +\& +\& server = server_section +\& +\& [server_section] +\& +\& RSA.Certificate = server\-rsa.pem +\& ECDSA.Certificate = server\-ecdsa.pem +\& Ciphers = ALL:!RC4 +.Ve +.PP +The system default configuration with name \fBsystem_default\fR if present will +be applied during any creation of the \fB\s-1SSL_CTX\s0\fR structure. +.PP +Example of a configuration with the system default: +.PP +.Vb 1 +\& ssl_conf = ssl_sect +\& +\& [ssl_sect] +\& +\& system_default = system_default_sect +\& +\& [system_default_sect] +\& +\& MinProtocol = TLSv1.2 +.Ve +.SH "NOTES" +.IX Header "NOTES" +If a configuration file attempts to expand a variable that doesn't exist +then an error is flagged and the file will not load. This can happen +if an attempt is made to expand an environment variable that doesn't +exist. For example in a previous version of OpenSSL the default OpenSSL +master configuration file used the value of \fB\s-1HOME\s0\fR which may not be +defined on non Unix systems and would cause an error. +.PP +This can be worked around by including a \fBdefault\fR section to provide +a default value: then if the environment lookup fails the default value +will be used instead. For this to work properly the default value must +be defined earlier in the configuration file than the expansion. See +the \fB\s-1EXAMPLES\s0\fR section for an example of how to do this. +.PP +If the same variable exists in the same section then all but the last +value will be silently ignored. In certain circumstances such as with +DNs the same field may occur multiple times. This is usually worked +around by ignoring any characters before an initial \fB.\fR e.g. +.PP +.Vb 2 +\& 1.OU="My first OU" +\& 2.OU="My Second OU" +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Here is a sample configuration file using some of the features +mentioned above. +.PP +.Vb 1 +\& # This is the default section. +\& +\& HOME=/temp +\& RANDFILE= ${ENV::HOME}/.rnd +\& configdir=$ENV::HOME/config +\& +\& [ section_one ] +\& +\& # We are now in section one. +\& +\& # Quotes permit leading and trailing whitespace +\& any = " any variable name " +\& +\& other = A string that can \e +\& cover several lines \e +\& by including \e\e characters +\& +\& message = Hello World\en +\& +\& [ section_two ] +\& +\& greeting = $section_one::message +.Ve +.PP +This next example shows how to expand environment variables safely. +.PP +Suppose you want a variable called \fBtmpfile\fR to refer to a +temporary filename. The directory it is placed in can determined by +the \fB\s-1TEMP\s0\fR or \fB\s-1TMP\s0\fR environment variables but they may not be +set to any value at all. If you just include the environment variable +names and the variable doesn't exist then this will cause an error when +an attempt is made to load the configuration file. By making use of the +default section both values can be looked up with \fB\s-1TEMP\s0\fR taking +priority and \fB/tmp\fR used if neither is defined: +.PP +.Vb 5 +\& TMP=/tmp +\& # The above value is used if TMP isn\*(Aqt in the environment +\& TEMP=$ENV::TMP +\& # The above value is used if TEMP isn\*(Aqt in the environment +\& tmpfile=${ENV::TEMP}/tmp.filename +.Ve +.PP +Simple OpenSSL library configuration example to enter \s-1FIPS\s0 mode: +.PP +.Vb 3 +\& # Default appname: should match "appname" parameter (if any) +\& # supplied to CONF_modules_load_file et al. +\& openssl_conf = openssl_conf_section +\& +\& [openssl_conf_section] +\& # Configuration module list +\& alg_section = evp_sect +\& +\& [evp_sect] +\& # Set to "yes" to enter FIPS mode if supported +\& fips_mode = yes +.Ve +.PP +Note: in the above example you will get an error in non \s-1FIPS\s0 capable versions +of OpenSSL. +.PP +Simple OpenSSL library configuration to make \s-1TLS 1.3\s0 the system-default +minimum \s-1TLS\s0 version: +.PP +.Vb 2 +\& # Toplevel section for openssl (including libssl) +\& openssl_conf = default_conf_section +\& +\& [default_conf_section] +\& # We only specify configuration for the "ssl module" +\& ssl_conf = ssl_section +\& +\& [ssl_section] +\& system_default = system_default_section +\& +\& [system_default_section] +\& MinProtocol = TLSv1.3 +.Ve +.PP +More complex OpenSSL library configuration. Add \s-1OID\s0 and don't enter \s-1FIPS\s0 mode: +.PP +.Vb 3 +\& # Default appname: should match "appname" parameter (if any) +\& # supplied to CONF_modules_load_file et al. +\& openssl_conf = openssl_conf_section +\& +\& [openssl_conf_section] +\& # Configuration module list +\& alg_section = evp_sect +\& oid_section = new_oids +\& +\& [evp_sect] +\& # This will have no effect as FIPS mode is off by default. +\& # Set to "yes" to enter FIPS mode, if supported +\& fips_mode = no +\& +\& [new_oids] +\& # New OID, just short name +\& newoid1 = 1.2.3.4.1 +\& # New OID shortname and long name +\& newoid2 = New OID 2 long name, 1.2.3.4.2 +.Ve +.PP +The above examples can be used with any application supporting library +configuration if \*(L"openssl_conf\*(R" is modified to match the appropriate \*(L"appname\*(R". +.PP +For example if the second sample file above is saved to \*(L"example.cnf\*(R" then +the command line: +.PP +.Vb 1 +\& OPENSSL_CONF=example.cnf openssl asn1parse \-genstr OID:1.2.3.4.1 +.Ve +.PP +will output: +.PP +.Vb 1 +\& 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1 +.Ve +.PP +showing that the \s-1OID\s0 \*(L"newoid1\*(R" has been added as \*(L"1.2.3.4.1\*(R". +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_CONF\s0\fR" 4 +.IX Item "OPENSSL_CONF" +The path to the config file. +Ignored in set-user-ID and set-group-ID programs. +.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IX Item "OPENSSL_ENGINES" +The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs. +.SH "BUGS" +.IX Header "BUGS" +Currently there is no way to include characters using the octal \fB\ennn\fR +form. Strings are all null terminated so nulls cannot form part of +the value. +.PP +The escaping isn't quite right: if you want to use sequences like \fB\en\fR +you can't use any quote escaping on the same line. +.PP +Files are loaded in a single pass. This means that an variable expansion +will only work if the variables referenced are defined earlier in the +file. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBx509\fR\|(1), \fBreq\fR\|(1), \fBca\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man5/x509v3_config.5 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man5/x509v3_config.5 new file mode 100644 index 00000000..17df7432 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man5/x509v3_config.5 @@ -0,0 +1,704 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_CONFIG 5" +.TH X509V3_CONFIG 5 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +x509v3_config \- X509 V3 certificate extension configuration format +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several of the OpenSSL utilities can add extensions to a certificate or +certificate request based on the contents of a configuration file. +.PP +Typically the application will contain an option to point to an extension +section. Each line of the extension section takes the form: +.PP +.Vb 1 +\& extension_name=[critical,] extension_options +.Ve +.PP +If \fBcritical\fR is present then the extension will be critical. +.PP +The format of \fBextension_options\fR depends on the value of \fBextension_name\fR. +.PP +There are four main types of extension: \fIstring\fR extensions, \fImulti-valued\fR +extensions, \fIraw\fR and \fIarbitrary\fR extensions. +.PP +String extensions simply have a string which contains either the value itself +or how it is obtained. +.PP +For example: +.PP +.Vb 1 +\& nsComment="This is a Comment" +.Ve +.PP +Multi-valued extensions have a short form and a long form. The short form +is a list of names and values: +.PP +.Vb 1 +\& basicConstraints=critical,CA:true,pathlen:1 +.Ve +.PP +The long form allows the values to be placed in a separate section: +.PP +.Vb 1 +\& basicConstraints=critical,@bs_section +\& +\& [bs_section] +\& +\& CA=true +\& pathlen=1 +.Ve +.PP +Both forms are equivalent. +.PP +The syntax of raw extensions is governed by the extension code: it can +for example contain data in multiple sections. The correct syntax to +use is defined by the extension code itself: check out the certificate +policies extension for an example. +.PP +If an extension type is unsupported then the \fIarbitrary\fR extension syntax +must be used, see the \s-1ARBITRARY EXTENSIONS\s0 section for more details. +.SH "STANDARD EXTENSIONS" +.IX Header "STANDARD EXTENSIONS" +The following sections describe each supported extension in detail. +.SS "Basic Constraints." +.IX Subsection "Basic Constraints." +This is a multi valued extension which indicates whether a certificate is +a \s-1CA\s0 certificate. The first (mandatory) name is \fB\s-1CA\s0\fR followed by \fB\s-1TRUE\s0\fR or +\&\fB\s-1FALSE\s0\fR. If \fB\s-1CA\s0\fR is \fB\s-1TRUE\s0\fR then an optional \fBpathlen\fR name followed by an +non-negative value can be included. +.PP +For example: +.PP +.Vb 1 +\& basicConstraints=CA:TRUE +\& +\& basicConstraints=CA:FALSE +\& +\& basicConstraints=critical,CA:TRUE, pathlen:0 +.Ve +.PP +A \s-1CA\s0 certificate \fBmust\fR include the basicConstraints value with the \s-1CA\s0 field +set to \s-1TRUE.\s0 An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the +extension entirely. Some software may require the inclusion of basicConstraints +with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates. +.PP +The pathlen parameter indicates the maximum number of CAs that can appear +below this one in a chain. So if you have a \s-1CA\s0 with a pathlen of zero it can +only be used to sign end user certificates and not further CAs. +.SS "Key Usage." +.IX Subsection "Key Usage." +Key usage is a multi valued extension consisting of a list of names of the +permitted key usages. +.PP +The supported names are: digitalSignature, nonRepudiation, keyEncipherment, +dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly +and decipherOnly. +.PP +Examples: +.PP +.Vb 1 +\& keyUsage=digitalSignature, nonRepudiation +\& +\& keyUsage=critical, keyCertSign +.Ve +.SS "Extended Key Usage." +.IX Subsection "Extended Key Usage." +This extensions consists of a list of usages indicating purposes for which +the certificate public key can be used for, +.PP +These can either be object short names or the dotted numerical form of OIDs. +While any \s-1OID\s0 can be used only certain values make sense. In particular the +following \s-1PKIX, NS\s0 and \s-1MS\s0 values are meaningful: +.PP +.Vb 10 +\& Value Meaning +\& \-\-\-\-\- \-\-\-\-\-\-\- +\& serverAuth SSL/TLS Web Server Authentication. +\& clientAuth SSL/TLS Web Client Authentication. +\& codeSigning Code signing. +\& emailProtection E\-mail Protection (S/MIME). +\& timeStamping Trusted Timestamping +\& OCSPSigning OCSP Signing +\& ipsecIKE ipsec Internet Key Exchange +\& msCodeInd Microsoft Individual Code Signing (authenticode) +\& msCodeCom Microsoft Commercial Code Signing (authenticode) +\& msCTLSign Microsoft Trust List Signing +\& msEFS Microsoft Encrypted File System +.Ve +.PP +Examples: +.PP +.Vb 2 +\& extendedKeyUsage=critical,codeSigning,1.2.3.4 +\& extendedKeyUsage=serverAuth,clientAuth +.Ve +.SS "Subject Key Identifier." +.IX Subsection "Subject Key Identifier." +This is really a string extension and can take two possible values. Either +the word \fBhash\fR which will automatically follow the guidelines in \s-1RFC3280\s0 +or a hex string giving the extension value to include. The use of the hex +string is strongly discouraged. +.PP +Example: +.PP +.Vb 1 +\& subjectKeyIdentifier=hash +.Ve +.SS "Authority Key Identifier." +.IX Subsection "Authority Key Identifier." +The authority key identifier extension permits two options. keyid and issuer: +both can take the optional value \*(L"always\*(R". +.PP +If the keyid option is present an attempt is made to copy the subject key +identifier from the parent certificate. If the value \*(L"always\*(R" is present +then an error is returned if the option fails. +.PP +The issuer option copies the issuer and serial number from the issuer +certificate. This will only be done if the keyid option fails or +is not included unless the \*(L"always\*(R" flag will always include the value. +.PP +Example: +.PP +.Vb 1 +\& authorityKeyIdentifier=keyid,issuer +.Ve +.SS "Subject Alternative Name." +.IX Subsection "Subject Alternative Name." +The subject alternative name extension allows various literal values to be +included in the configuration file. These include \fBemail\fR (an email address) +\&\fB\s-1URI\s0\fR a uniform resource indicator, \fB\s-1DNS\s0\fR (a \s-1DNS\s0 domain name), \fB\s-1RID\s0\fR (a +registered \s-1ID: OBJECT IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR +(a distinguished name) and otherName. +.PP +The email option include a special 'copy' value. This will automatically +include any email addresses contained in the certificate subject name in +the extension. +.PP +The \s-1IP\s0 address used in the \fB\s-1IP\s0\fR options can be in either IPv4 or IPv6 format. +.PP +The value of \fBdirName\fR should point to a section containing the distinguished +name to use as a set of name value pairs. Multi values AVAs can be formed by +prefacing the name with a \fB+\fR character. +.PP +otherName can include arbitrary data associated with an \s-1OID:\s0 the value +should be the \s-1OID\s0 followed by a semicolon and the content in standard +\&\fBASN1_generate_nconf\fR\|(3) format. +.PP +Examples: +.PP +.Vb 5 +\& subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ +\& subjectAltName=IP:192.168.7.1 +\& subjectAltName=IP:13::17 +\& subjectAltName=email:my@other.address,RID:1.2.3.4 +\& subjectAltName=otherName:1.2.3.4;UTF8:some other identifier +\& +\& subjectAltName=dirName:dir_sect +\& +\& [dir_sect] +\& C=UK +\& O=My Organization +\& OU=My Unit +\& CN=My Name +.Ve +.SS "Issuer Alternative Name." +.IX Subsection "Issuer Alternative Name." +The issuer alternative name option supports all the literal options of +subject alternative name. It does \fBnot\fR support the email:copy option because +that would not make sense. It does support an additional issuer:copy option +that will copy all the subject alternative name values from the issuer +certificate (if possible). +.PP +Example: +.PP +.Vb 1 +\& issuerAltName = issuer:copy +.Ve +.SS "Authority Info Access." +.IX Subsection "Authority Info Access." +The authority information access extension gives details about how to access +certain information relating to the \s-1CA.\s0 Its syntax is accessOID;location +where \fIlocation\fR has the same syntax as subject alternative name (except +that email:copy is not supported). accessOID can be any valid \s-1OID\s0 but only +certain values are meaningful, for example \s-1OCSP\s0 and caIssuers. +.PP +Example: +.PP +.Vb 2 +\& authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ +\& authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html +.Ve +.SS "\s-1CRL\s0 distribution points" +.IX Subsection "CRL distribution points" +This is a multi-valued extension whose options can be either in name:value pair +using the same form as subject alternative name or a single value representing +a section name containing all the distribution point fields. +.PP +For a name:value pair a new DistributionPoint with the fullName field set to +the given value both the cRLissuer and reasons fields are omitted in this case. +.PP +In the single option case the section indicated contains values for each +field. In this section: +.PP +If the name is \*(L"fullname\*(R" the value field should contain the full name +of the distribution point in the same format as subject alternative name. +.PP +If the name is \*(L"relativename\*(R" then the value field should contain a section +name whose contents represent a \s-1DN\s0 fragment to be placed in this field. +.PP +The name \*(L"CRLIssuer\*(R" if present should contain a value for this field in +subject alternative name format. +.PP +If the name is \*(L"reasons\*(R" the value field should consist of a comma +separated field containing the reasons. Valid reasons are: \*(L"keyCompromise\*(R", +\&\*(L"CACompromise\*(R", \*(L"affiliationChanged\*(R", \*(L"superseded\*(R", \*(L"cessationOfOperation\*(R", +\&\*(L"certificateHold\*(R", \*(L"privilegeWithdrawn\*(R" and \*(L"AACompromise\*(R". +.PP +Simple examples: +.PP +.Vb 2 +\& crlDistributionPoints=URI:http://myhost.com/myca.crl +\& crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl +.Ve +.PP +Full distribution point example: +.PP +.Vb 1 +\& crlDistributionPoints=crldp1_section +\& +\& [crldp1_section] +\& +\& fullname=URI:http://myhost.com/myca.crl +\& CRLissuer=dirName:issuer_sect +\& reasons=keyCompromise, CACompromise +\& +\& [issuer_sect] +\& C=UK +\& O=Organisation +\& CN=Some Name +.Ve +.SS "Issuing Distribution Point" +.IX Subsection "Issuing Distribution Point" +This extension should only appear in CRLs. It is a multi valued extension +whose syntax is similar to the \*(L"section\*(R" pointed to by the \s-1CRL\s0 distribution +points extension with a few differences. +.PP +The names \*(L"reasons\*(R" and \*(L"CRLissuer\*(R" are not recognized. +.PP +The name \*(L"onlysomereasons\*(R" is accepted which sets this field. The value is +in the same format as the \s-1CRL\s0 distribution point \*(L"reasons\*(R" field. +.PP +The names \*(L"onlyuser\*(R", \*(L"onlyCA\*(R", \*(L"onlyAA\*(R" and \*(L"indirectCRL\*(R" are also accepted +the values should be a boolean value (\s-1TRUE\s0 or \s-1FALSE\s0) to indicate the value of +the corresponding field. +.PP +Example: +.PP +.Vb 1 +\& issuingDistributionPoint=critical, @idp_section +\& +\& [idp_section] +\& +\& fullname=URI:http://myhost.com/myca.crl +\& indirectCRL=TRUE +\& onlysomereasons=keyCompromise, CACompromise +\& +\& [issuer_sect] +\& C=UK +\& O=Organisation +\& CN=Some Name +.Ve +.SS "Certificate Policies." +.IX Subsection "Certificate Policies." +This is a \fIraw\fR extension. All the fields of this extension can be set by +using the appropriate syntax. +.PP +If you follow the \s-1PKIX\s0 recommendations and just using one \s-1OID\s0 then you just +include the value of that \s-1OID.\s0 Multiple OIDs can be set separated by commas, +for example: +.PP +.Vb 1 +\& certificatePolicies= 1.2.4.5, 1.1.3.4 +.Ve +.PP +If you wish to include qualifiers then the policy \s-1OID\s0 and qualifiers need to +be specified in a separate section: this is done by using the \f(CW@section\fR syntax +instead of a literal \s-1OID\s0 value. +.PP +The section referred to must include the policy \s-1OID\s0 using the name +policyIdentifier, cPSuri qualifiers can be included using the syntax: +.PP +.Vb 1 +\& CPS.nnn=value +.Ve +.PP +userNotice qualifiers can be set using the syntax: +.PP +.Vb 1 +\& userNotice.nnn=@notice +.Ve +.PP +The value of the userNotice qualifier is specified in the relevant section. +This section can include explicitText, organization and noticeNumbers +options. explicitText and organization are text strings, noticeNumbers is a +comma separated list of numbers. The organization and noticeNumbers options +(if included) must \s-1BOTH\s0 be present. If you use the userNotice option with \s-1IE5\s0 +then you need the 'ia5org' option at the top level to modify the encoding: +otherwise it will not be interpreted properly. +.PP +Example: +.PP +.Vb 1 +\& certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect +\& +\& [polsect] +\& +\& policyIdentifier = 1.3.5.8 +\& CPS.1="http://my.host.name/" +\& CPS.2="http://my.your.name/" +\& userNotice.1=@notice +\& +\& [notice] +\& +\& explicitText="Explicit Text Here" +\& organization="Organisation Name" +\& noticeNumbers=1,2,3,4 +.Ve +.PP +The \fBia5org\fR option changes the type of the \fIorganization\fR field. In \s-1RFC2459\s0 +it can only be of type DisplayText. In \s-1RFC3280\s0 IA5String is also permissible. +Some software (for example some versions of \s-1MSIE\s0) may require ia5org. +.PP +\&\s-1ASN1\s0 type of explicitText can be specified by prepending \fB\s-1UTF8\s0\fR, +\&\fB\s-1BMP\s0\fR or \fB\s-1VISIBLE\s0\fR prefix followed by colon. For example: +.PP +.Vb 2 +\& [notice] +\& explicitText="UTF8:Explicit Text Here" +.Ve +.SS "Policy Constraints" +.IX Subsection "Policy Constraints" +This is a multi-valued extension which consisting of the names +\&\fBrequireExplicitPolicy\fR or \fBinhibitPolicyMapping\fR and a non negative integer +value. At least one component must be present. +.PP +Example: +.PP +.Vb 1 +\& policyConstraints = requireExplicitPolicy:3 +.Ve +.SS "Inhibit Any Policy" +.IX Subsection "Inhibit Any Policy" +This is a string extension whose value must be a non negative integer. +.PP +Example: +.PP +.Vb 1 +\& inhibitAnyPolicy = 2 +.Ve +.SS "Name Constraints" +.IX Subsection "Name Constraints" +The name constraints extension is a multi-valued extension. The name should +begin with the word \fBpermitted\fR or \fBexcluded\fR followed by a \fB;\fR. The rest of +the name and the value follows the syntax of subjectAltName except email:copy +is not supported and the \fB\s-1IP\s0\fR form should consist of an \s-1IP\s0 addresses and +subnet mask separated by a \fB/\fR. +.PP +Examples: +.PP +.Vb 1 +\& nameConstraints=permitted;IP:192.168.0.0/255.255.0.0 +\& +\& nameConstraints=permitted;email:.somedomain.com +\& +\& nameConstraints=excluded;email:.com +.Ve +.SS "\s-1OCSP\s0 No Check" +.IX Subsection "OCSP No Check" +The \s-1OCSP\s0 No Check extension is a string extension but its value is ignored. +.PP +Example: +.PP +.Vb 1 +\& noCheck = ignored +.Ve +.SS "\s-1TLS\s0 Feature (aka Must Staple)" +.IX Subsection "TLS Feature (aka Must Staple)" +This is a multi-valued extension consisting of a list of \s-1TLS\s0 extension +identifiers. Each identifier may be a number (0..65535) or a supported name. +When a \s-1TLS\s0 client sends a listed extension, the \s-1TLS\s0 server is expected to +include that extension in its reply. +.PP +The supported names are: \fBstatus_request\fR and \fBstatus_request_v2\fR. +.PP +Example: +.PP +.Vb 1 +\& tlsfeature = status_request +.Ve +.SH "DEPRECATED EXTENSIONS" +.IX Header "DEPRECATED EXTENSIONS" +The following extensions are non standard, Netscape specific and largely +obsolete. Their use in new applications is discouraged. +.SS "Netscape String extensions." +.IX Subsection "Netscape String extensions." +Netscape Comment (\fBnsComment\fR) is a string extension containing a comment +which will be displayed when the certificate is viewed in some browsers. +.PP +Example: +.PP +.Vb 1 +\& nsComment = "Some Random Comment" +.Ve +.PP +Other supported extensions in this category are: \fBnsBaseUrl\fR, +\&\fBnsRevocationUrl\fR, \fBnsCaRevocationUrl\fR, \fBnsRenewalUrl\fR, \fBnsCaPolicyUrl\fR +and \fBnsSslServerName\fR. +.SS "Netscape Certificate Type" +.IX Subsection "Netscape Certificate Type" +This is a multi-valued extensions which consists of a list of flags to be +included. It was used to indicate the purposes for which a certificate could +be used. The basicConstraints, keyUsage and extended key usage extensions are +now used instead. +.PP +Acceptable values for nsCertType are: \fBclient\fR, \fBserver\fR, \fBemail\fR, +\&\fBobjsign\fR, \fBreserved\fR, \fBsslCA\fR, \fBemailCA\fR, \fBobjCA\fR. +.SH "ARBITRARY EXTENSIONS" +.IX Header "ARBITRARY EXTENSIONS" +If an extension is not supported by the OpenSSL code then it must be encoded +using the arbitrary extension format. It is also possible to use the arbitrary +format for supported extensions. Extreme care should be taken to ensure that +the data is formatted correctly for the given extension type. +.PP +There are two ways to encode arbitrary extensions. +.PP +The first way is to use the word \s-1ASN1\s0 followed by the extension content +using the same syntax as \fBASN1_generate_nconf\fR\|(3). +For example: +.PP +.Vb 1 +\& 1.2.3.4=critical,ASN1:UTF8String:Some random data +\& +\& 1.2.3.4=ASN1:SEQUENCE:seq_sect +\& +\& [seq_sect] +\& +\& field1 = UTF8:field1 +\& field2 = UTF8:field2 +.Ve +.PP +It is also possible to use the word \s-1DER\s0 to include the raw encoded data in any +extension. +.PP +.Vb 2 +\& 1.2.3.4=critical,DER:01:02:03:04 +\& 1.2.3.4=DER:01020304 +.Ve +.PP +The value following \s-1DER\s0 is a hex dump of the \s-1DER\s0 encoding of the extension +Any extension can be placed in this form to override the default behaviour. +For example: +.PP +.Vb 1 +\& basicConstraints=critical,DER:00:01:02:03 +.Ve +.SH "WARNINGS" +.IX Header "WARNINGS" +There is no guarantee that a specific implementation will process a given +extension. It may therefore be sometimes possible to use certificates for +purposes prohibited by their extensions because a specific application does +not recognize or honour the values of the relevant extensions. +.PP +The \s-1DER\s0 and \s-1ASN1\s0 options should be used with caution. It is possible to create +totally invalid extensions if they are not used carefully. +.SH "NOTES" +.IX Header "NOTES" +If an extension is multi-value and a field value must contain a comma the long +form must be used otherwise the comma would be misinterpreted as a field +separator. For example: +.PP +.Vb 1 +\& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar +.Ve +.PP +will produce an error but the equivalent form: +.PP +.Vb 1 +\& subjectAltName=@subject_alt_section +\& +\& [subject_alt_section] +\& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar +.Ve +.PP +is valid. +.PP +Due to the behaviour of the OpenSSL \fBconf\fR library the same field name +can only occur once in a section. This means that: +.PP +.Vb 1 +\& subjectAltName=@alt_section +\& +\& [alt_section] +\& +\& email=steve@here +\& email=steve@there +.Ve +.PP +will only recognize the last value. This can be worked around by using the form: +.PP +.Vb 1 +\& [alt_section] +\& +\& email.1=steve@here +\& email.2=steve@there +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBreq\fR\|(1), \fBca\fR\|(1), \fBx509\fR\|(1), +\&\fBASN1_generate_nconf\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/Ed25519.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/Ed25519.7 new file mode 100644 index 00000000..d61e6831 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/Ed25519.7 @@ -0,0 +1,221 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ED25519 7" +.TH ED25519 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +Ed25519, Ed448 \&\- EVP_PKEY Ed25519 and Ed448 support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEd25519\fR and \fBEd448\fR \s-1EVP_PKEY\s0 implementation supports key generation, +one-shot digest sign and digest verify using PureEdDSA and \fBEd25519\fR or \fBEd448\fR +(see \s-1RFC8032\s0). It has associated private and public key formats compatible with +\&\s-1RFC 8410.\s0 +.PP +No additional parameters can be set during key generation, one-shot signing or +verification. In particular, because PureEdDSA is used, a digest must \fB\s-1NOT\s0\fR be +specified when signing or verifying. +.SH "NOTES" +.IX Header "NOTES" +The PureEdDSA algorithm does not support the streaming mechanism +of other signature algorithms using, for example, \fBEVP_DigestUpdate()\fR. +The message to sign or verify must be passed using the one-shot +\&\fBEVP_DigestSign()\fR and \fBEVP_DigestVerify()\fR functions. +.PP +When calling \fBEVP_DigestSignInit()\fR or \fBEVP_DigestVerifyInit()\fR, the +digest \fBtype\fR parameter \fB\s-1MUST\s0\fR be set to \fB\s-1NULL\s0\fR. +.PP +Applications wishing to sign certificates (or other structures such as +CRLs or certificate requests) using Ed25519 or Ed448 can either use \fBX509_sign()\fR +or \fBX509_sign_ctx()\fR in the usual way. +.PP +A context for the \fBEd25519\fR algorithm can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); +.Ve +.PP +For the \fBEd448\fR algorithm a context can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED448, NULL); +.Ve +.PP +Ed25519 or Ed448 private keys can be set directly using +\&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or loaded from a PKCS#8 private key file +using \fBPEM_read_bio_PrivateKey\fR\|(3) (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key. +.PP +Ed25519 or Ed448 public keys can be set directly using +\&\fBEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo +structure in a \s-1PEM\s0 file using \fBPEM_read_bio_PUBKEY\fR\|(3) (or similar function). +.PP +Ed25519 and Ed448 can be tested within \fBspeed\fR\|(1) application since version 1.1.1. +Valid algorithm names are \fBed25519\fR, \fBed448\fR and \fBeddsa\fR. If \fBeddsa\fR is +specified, then both Ed25519 and Ed448 are benchmarked. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example generates an \fB\s-1ED25519\s0\fR private key and writes it to standard +output in \s-1PEM\s0 format: +.PP +.Vb 9 +\& #include +\& #include +\& ... +\& EVP_PKEY *pkey = NULL; +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); +\& EVP_PKEY_keygen_init(pctx); +\& EVP_PKEY_keygen(pctx, &pkey); +\& EVP_PKEY_CTX_free(pctx); +\& PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestVerifyInit\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/RAND.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/RAND.7 new file mode 100644 index 00000000..5c82830a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/RAND.7 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND 7" +.TH RAND 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND \&\- the OpenSSL random generator +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Random numbers are a vital part of cryptography, they are needed to provide +unpredictability for tasks like key generation, creating salts, and many more. +Software-based generators must be seeded with external randomness before they +can be used as a cryptographically-secure pseudo-random number generator +(\s-1CSPRNG\s0). +The availability of common hardware with special instructions and +modern operating systems, which may use items such as interrupt jitter +and network packet timings, can be reasonable sources of seeding material. +.PP +OpenSSL comes with a default implementation of the \s-1RAND API\s0 which is based on +the deterministic random bit generator (\s-1DRBG\s0) model as described in +[\s-1NIST SP 800\-90A\s0 Rev. 1]. The default random generator will initialize +automatically on first use and will be fully functional without having +to be initialized ('seeded') explicitly. +It seeds and reseeds itself automatically using trusted random sources +provided by the operating system. +.PP +As a normal application developer, you do not have to worry about any details, +just use \fBRAND_bytes\fR\|(3) to obtain random data. +Having said that, there is one important rule to obey: Always check the error +return value of \fBRAND_bytes\fR\|(3) and do not take randomness for granted. +Although (re\-)seeding is automatic, it can fail because no trusted random source +is available or the trusted source(s) temporarily fail to provide sufficient +random seed material. +In this case the \s-1CSPRNG\s0 enters an error state and ceases to provide output, +until it is able to recover from the error by reseeding itself. +For more details on reseeding and error recovery, see \s-1\fBRAND_DRBG\s0\fR\|(7). +.PP +For values that should remain secret, you can use \fBRAND_priv_bytes\fR\|(3) +instead. +This method does not provide 'better' randomness, it uses the same type of \s-1CSPRNG.\s0 +The intention behind using a dedicated \s-1CSPRNG\s0 exclusively for private +values is that none of its output should be visible to an attacker (e.g., +used as salt value), in order to reveal as little information as +possible about its internal state, and that a compromise of the \*(L"public\*(R" +\&\s-1CSPRNG\s0 instance will not affect the secrecy of these private values. +.PP +In the rare case where the default implementation does not satisfy your special +requirements, there are two options: +.IP "\(bu" 2 +Replace the default \s-1RAND\s0 method by your own \s-1RAND\s0 method using +\&\fBRAND_set_rand_method\fR\|(3). +.IP "\(bu" 2 +Modify the default settings of the OpenSSL \s-1RAND\s0 method by modifying the security +parameters of the underlying \s-1DRBG,\s0 which is described in detail in \s-1\fBRAND_DRBG\s0\fR\|(7). +.PP +Changing the default random generator or its default parameters should be necessary +only in exceptional cases and is not recommended, unless you have a profound knowledge +of cryptographic principles and understand the implications of your changes. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_priv_bytes\fR\|(3), +\&\fBRAND_get_rand_method\fR\|(3), +\&\fBRAND_set_rand_method\fR\|(3), +\&\fBRAND_OpenSSL\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/RAND_DRBG.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/RAND_DRBG.7 new file mode 100644 index 00000000..c87fe511 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/RAND_DRBG.7 @@ -0,0 +1,396 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG 7" +.TH RAND_DRBG 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG \- the deterministic random bit generator +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The default OpenSSL \s-1RAND\s0 method is based on the \s-1RAND_DRBG\s0 class, +which implements a deterministic random bit generator (\s-1DRBG\s0). +A \s-1DRBG\s0 is a certain type of cryptographically-secure pseudo-random +number generator (\s-1CSPRNG\s0), which is described in +[\s-1NIST SP 800\-90A\s0 Rev. 1]. +.PP +While the \s-1RAND API\s0 is the 'frontend' which is intended to be used by +application developers for obtaining random bytes, the \s-1RAND_DRBG API\s0 +serves as the 'backend', connecting the former with the operating +systems's entropy sources and providing access to the \s-1DRBG\s0's +configuration parameters. +.SS "Disclaimer" +.IX Subsection "Disclaimer" +Unless you have very specific requirements for your random generator, +it is in general not necessary to utilize the \s-1RAND_DRBG API\s0 directly. +The usual way to obtain random bytes is to use \fBRAND_bytes\fR\|(3) or +\&\fBRAND_priv_bytes\fR\|(3), see also \s-1\fBRAND\s0\fR\|(7). +.SS "Typical Use Cases" +.IX Subsection "Typical Use Cases" +Typical examples for such special use cases are the following: +.IP "\(bu" 2 +You want to use your own private \s-1DRBG\s0 instances. +Multiple \s-1DRBG\s0 instances which are accessed only by a single thread provide +additional security (because their internal states are independent) and +better scalability in multithreaded applications (because they don't need +to be locked). +.IP "\(bu" 2 +You need to integrate a previously unsupported entropy source. +.IP "\(bu" 2 +You need to change the default settings of the standard OpenSSL \s-1RAND\s0 +implementation to meet specific requirements. +.SH "CHAINING" +.IX Header "CHAINING" +A \s-1DRBG\s0 instance can be used as the entropy source of another \s-1DRBG\s0 instance, +provided it has itself access to a valid entropy source. +The \s-1DRBG\s0 instance which acts as entropy source is called the \fIparent\fR \s-1DRBG,\s0 +the other instance the \fIchild\fR \s-1DRBG.\s0 +.PP +This is called chaining. A chained \s-1DRBG\s0 instance is created by passing +a pointer to the parent \s-1DRBG\s0 as argument to the \fBRAND_DRBG_new()\fR call. +It is possible to create chains of more than two \s-1DRBG\s0 in a row. +.SH "THE THREE SHARED DRBG INSTANCES" +.IX Header "THE THREE SHARED DRBG INSTANCES" +Currently, there are three shared \s-1DRBG\s0 instances, +the , , and \s-1DRBG.\s0 +While the \s-1DRBG\s0 is a single global instance, the and +\&\s-1DRBG\s0 are created per thread and accessed through thread-local storage. +.PP +By default, the functions \fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3) use +the thread-local and \s-1DRBG\s0 instance, respectively. +.SS "The \s-1DRBG\s0 instance" +.IX Subsection "The DRBG instance" +The \s-1DRBG\s0 is not used directly by the application, only for reseeding +the two other two \s-1DRBG\s0 instances. It reseeds itself by obtaining randomness +either from os entropy sources or by consuming randomness which was added +previously by \fBRAND_add\fR\|(3). +.SS "The \s-1DRBG\s0 instance" +.IX Subsection "The DRBG instance" +This instance is used per default by \fBRAND_bytes\fR\|(3). +.SS "The \s-1DRBG\s0 instance" +.IX Subsection "The DRBG instance" +This instance is used per default by \fBRAND_priv_bytes\fR\|(3) +.SH "LOCKING" +.IX Header "LOCKING" +The \s-1DRBG\s0 is intended to be accessed concurrently for reseeding +by its child \s-1DRBG\s0 instances. The necessary locking is done internally. +It is \fInot\fR thread-safe to access the \s-1DRBG\s0 directly via the +\&\s-1RAND_DRBG\s0 interface. +The and \s-1DRBG\s0 are thread-local, i.e. there is an +instance of each per thread. So they can safely be accessed without +locking via the \s-1RAND_DRBG\s0 interface. +.PP +Pointers to these \s-1DRBG\s0 instances can be obtained using +\&\fBRAND_DRBG_get0_master()\fR, +\&\fBRAND_DRBG_get0_public()\fR, and +\&\fBRAND_DRBG_get0_private()\fR, respectively. +Note that it is not allowed to store a pointer to one of the thread-local +\&\s-1DRBG\s0 instances in a variable or other memory location where it will be +accessed and used by multiple threads. +.PP +All other \s-1DRBG\s0 instances created by an application don't support locking, +because they are intended to be used by a single thread. +Instead of accessing a single \s-1DRBG\s0 instance concurrently from different +threads, it is recommended to instantiate a separate \s-1DRBG\s0 instance per +thread. Using the \s-1DRBG\s0 as entropy source for multiple \s-1DRBG\s0 +instances on different threads is thread-safe, because the \s-1DRBG\s0 instance +will lock the \s-1DRBG\s0 automatically for obtaining random input. +.SH "THE OVERALL PICTURE" +.IX Header "THE OVERALL PICTURE" +The following picture gives an overview over how the \s-1DRBG\s0 instances work +together and are being used. +.PP +.Vb 10 +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& | os entropy sources | +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& | +\& v +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& RAND_add() ==> <\-| shared DRBG (with locking) | +\& / \e +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& / \e +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& <\- | per\-thread DRBG instances | +\& | | +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& v v +\& RAND_bytes() RAND_priv_bytes() +\& | ^ +\& | | +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& | general purpose | | used for secrets like session keys | +\& | random generator | | and private keys for certificates | +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +.Ve +.PP +The usual way to obtain random bytes is to call RAND_bytes(...) or +RAND_priv_bytes(...). These calls are roughly equivalent to calling +RAND_DRBG_bytes(, ...) and RAND_DRBG_bytes(, ...), +respectively. The method \fBRAND_DRBG_bytes\fR\|(3) is a convenience method +wrapping the \fBRAND_DRBG_generate\fR\|(3) function, which serves the actual +request for random data. +.SH "RESEEDING" +.IX Header "RESEEDING" +A \s-1DRBG\s0 instance seeds itself automatically, pulling random input from +its entropy source. The entropy source can be either a trusted operating +system entropy source, or another \s-1DRBG\s0 with access to such a source. +.PP +Automatic reseeding occurs after a predefined number of generate requests. +The selection of the trusted entropy sources is configured at build +time using the \-\-with\-rand\-seed option. The following sections explain +the reseeding process in more detail. +.SS "Automatic Reseeding" +.IX Subsection "Automatic Reseeding" +Before satisfying a generate request (\fBRAND_DRBG_generate\fR\|(3)), the \s-1DRBG\s0 +reseeds itself automatically, if one of the following conditions holds: +.PP +\&\- the \s-1DRBG\s0 was not instantiated (=seeded) yet or has been uninstantiated. +.PP +\&\- the number of generate requests since the last reseeding exceeds a +certain threshold, the so called \fIreseed_interval\fR. +This behaviour can be disabled by setting the \fIreseed_interval\fR to 0. +.PP +\&\- the time elapsed since the last reseeding exceeds a certain time +interval, the so called \fIreseed_time_interval\fR. +This can be disabled by setting the \fIreseed_time_interval\fR to 0. +.PP +\&\- the \s-1DRBG\s0 is in an error state. +.PP +\&\fBNote\fR: An error state is entered if the entropy source fails while +the \s-1DRBG\s0 is seeding or reseeding. +The last case ensures that the \s-1DRBG\s0 automatically recovers +from the error as soon as the entropy source is available again. +.SS "Manual Reseeding" +.IX Subsection "Manual Reseeding" +In addition to automatic reseeding, the caller can request an immediate +reseeding of the \s-1DRBG\s0 with fresh entropy by setting the +\&\fIprediction resistance\fR parameter to 1 when calling \fBRAND_DRBG_generate\fR\|(3). +.PP +The document [\s-1NIST SP 800\-90C\s0] describes prediction resistance requests +in detail and imposes strict conditions on the entropy sources that are +approved for providing prediction resistance. +Since the default \s-1DRBG\s0 implementation does not have access to such an approved +entropy source, a request for prediction resistance will currently always fail. +In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 +.PP +For the three shared DRBGs (and only for these) there is another way to +reseed them manually: +If \fBRAND_add\fR\|(3) is called with a positive \fIrandomness\fR argument +(or \fBRAND_seed\fR\|(3)), then this will immediately reseed the \s-1DRBG.\s0 +The and \s-1DRBG\s0 will detect this on their next generate +call and reseed, pulling randomness from . +.PP +The last feature has been added to support the common practice used with +previous OpenSSL versions to call \fBRAND_add()\fR before calling \fBRAND_bytes()\fR. +.SS "Entropy Input vs. Additional Data" +.IX Subsection "Entropy Input vs. Additional Data" +The \s-1DRBG\s0 distinguishes two different types of random input: \fIentropy\fR, +which comes from a trusted source, and \fIadditional input\fR', +which can optionally be added by the user and is considered untrusted. +It is possible to add \fIadditional input\fR not only during reseeding, +but also for every generate request. +This is in fact done automatically by \fBRAND_DRBG_bytes\fR\|(3). +.SS "Configuring the Random Seed Source" +.IX Subsection "Configuring the Random Seed Source" +In most cases OpenSSL will automatically choose a suitable seed source +for automatically seeding and reseeding its \s-1DRBG.\s0 In some cases +however, it will be necessary to explicitly specify a seed source during +configuration, using the \-\-with\-rand\-seed option. For more information, +see the \s-1INSTALL\s0 instructions. There are also operating systems where no +seed source is available and automatic reseeding is disabled by default. +.PP +The following two sections describe the reseeding process of the master +\&\s-1DRBG,\s0 depending on whether automatic reseeding is available or not. +.SS "Reseeding the master \s-1DRBG\s0 with automatic seeding enabled" +.IX Subsection "Reseeding the master DRBG with automatic seeding enabled" +Calling \fBRAND_poll()\fR or \fBRAND_add()\fR is not necessary, because the \s-1DRBG\s0 +pulls the necessary entropy from its source automatically. +However, both calls are permitted, and do reseed the \s-1RNG.\s0 +.PP +\&\fBRAND_add()\fR can be used to add both kinds of random input, depending on the +value of the \fBrandomness\fR argument: +.IP "randomness == 0:" 4 +.IX Item "randomness == 0:" +The random bytes are mixed as additional input into the current state of +the \s-1DRBG.\s0 +Mixing in additional input is not considered a full reseeding, hence the +reseed counter is not reset. +.IP "randomness > 0:" 4 +.IX Item "randomness > 0:" +The random bytes are used as entropy input for a full reseeding +(resp. reinstantiation) if the \s-1DRBG\s0 is instantiated +(resp. uninstantiated or in an error state). +The number of random bits required for reseeding is determined by the +security strength of the \s-1DRBG.\s0 Currently it defaults to 256 bits (32 bytes). +It is possible to provide less randomness than required. +In this case the missing randomness will be obtained by pulling random input +from the trusted entropy sources. +.SS "Reseeding the master \s-1DRBG\s0 with automatic seeding disabled" +.IX Subsection "Reseeding the master DRBG with automatic seeding disabled" +Calling \fBRAND_poll()\fR will always fail. +.PP +\&\fBRAND_add()\fR needs to be called for initial seeding and periodic reseeding. +At least 48 bytes (384 bits) of randomness have to be provided, otherwise +the (re\-)seeding of the \s-1DRBG\s0 will fail. This corresponds to one and a half +times the security strength of the \s-1DRBG.\s0 The extra half is used for the +nonce during instantiation. +.PP +More precisely, the number of bytes needed for seeding depend on the +\&\fIsecurity strength\fR of the \s-1DRBG,\s0 which is set to 256 by default. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_DRBG_bytes\fR\|(3), +\&\fBRAND_DRBG_generate\fR\|(3), +\&\fBRAND_DRBG_reseed\fR\|(3), +\&\fBRAND_DRBG_get0_master\fR\|(3), +\&\fBRAND_DRBG_get0_public\fR\|(3), +\&\fBRAND_DRBG_get0_private\fR\|(3), +\&\fBRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\fBRAND_DRBG_set_reseed_defaults\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/RSA-PSS.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/RSA-PSS.7 new file mode 100644 index 00000000..1b6ddf10 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/RSA-PSS.7 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA-PSS 7" +.TH RSA-PSS 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA\-PSS \- EVP_PKEY RSA\-PSS algorithm support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBRSA-PSS\fR \s-1EVP_PKEY\s0 implementation is a restricted version of the \s-1RSA\s0 +algorithm which only supports signing, verification and key generation +using \s-1PSS\s0 padding modes with optional parameter restrictions. +.PP +It has associated private key and public key formats. +.PP +This algorithm shares several control operations with the \fB\s-1RSA\s0\fR algorithm +but with some restrictions described below. +.SS "Signing and Verification" +.IX Subsection "Signing and Verification" +Signing and verification is similar to the \fB\s-1RSA\s0\fR algorithm except the +padding mode is always \s-1PSS.\s0 If the key in use has parameter restrictions then +the corresponding signature parameters are set to the restrictions: +for example, if the key can only be used with digest \s-1SHA256, MGF1 SHA256\s0 +and minimum salt length 32 then the digest, \s-1MGF1\s0 digest and salt length +will be set to \s-1SHA256, SHA256\s0 and 32 respectively. +.SS "Key Generation" +.IX Subsection "Key Generation" +By default no parameter restrictions are placed on the generated key. +.SH "NOTES" +.IX Header "NOTES" +The public key format is documented in \s-1RFC4055.\s0 +.PP +The PKCS#8 private key format used for RSA-PSS keys is similar to the \s-1RSA\s0 +format except it uses the \fBid-RSASSA-PSS\fR \s-1OID\s0 and the parameters field, if +present, restricts the key parameters in the same way as the public key. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 4055\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md\fR\|(3), +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md\fR\|(3), +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/SM2.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/SM2.7 new file mode 100644 index 00000000..66122c0a --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/SM2.7 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SM2 7" +.TH SM2 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SM2 \- Chinese SM2 signature and encryption algorithm support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1SM2\s0\fR algorithm was first defined by the Chinese national standard \s-1GM/T +0003\-2012\s0 and was later standardized by \s-1ISO\s0 as \s-1ISO/IEC 14888.\s0 \fB\s-1SM2\s0\fR is actually +an elliptic curve based algorithm. The current implementation in OpenSSL supports +both signature and encryption schemes via the \s-1EVP\s0 interface. +.PP +When doing the \fB\s-1SM2\s0\fR signature algorithm, it requires a distinguishing identifier +to form the message prefix which is hashed before the real message is hashed. +.SH "NOTES" +.IX Header "NOTES" +\&\fB\s-1SM2\s0\fR signatures can be generated by using the 'DigestSign' series of APIs, for +instance, \fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR. +Ditto for the verification process by calling the 'DigestVerify' series of APIs. +.PP +There are several special steps that need to be done before computing an \fB\s-1SM2\s0\fR +signature. +.PP +The \fB\s-1EVP_PKEY\s0\fR structure will default to using \s-1ECDSA\s0 for signatures when it is +created. It should be set to \fB\s-1EVP_PKEY_SM2\s0\fR by calling: +.PP +.Vb 1 +\& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); +.Ve +.PP +Then an \s-1ID\s0 should be set by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX_set1_id(pctx, id, id_len); +.Ve +.PP +When calling the \fBEVP_DigestSignInit()\fR or \fBEVP_DigestVerifyInit()\fR functions, a +pre-allocated \fB\s-1EVP_PKEY_CTX\s0\fR should be assigned to the \fB\s-1EVP_MD_CTX\s0\fR. This is +done by calling: +.PP +.Vb 1 +\& EVP_MD_CTX_set_pkey_ctx(mctx, pctx); +.Ve +.PP +And normally there is no need to pass a \fBpctx\fR parameter to \fBEVP_DigestSignInit()\fR +or \fBEVP_DigestVerifyInit()\fR in such a scenario. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example demonstrates the calling sequence for using an \fB\s-1EVP_PKEY\s0\fR to verify +a message with the \s-1SM2\s0 signature algorithm and the \s-1SM3\s0 hash algorithm: +.PP +.Vb 1 +\& #include +\& +\& /* obtain an EVP_PKEY using whatever methods... */ +\& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); +\& mctx = EVP_MD_CTX_new(); +\& pctx = EVP_PKEY_CTX_new(pkey, NULL); +\& EVP_PKEY_CTX_set1_id(pctx, id, id_len); +\& EVP_MD_CTX_set_pkey_ctx(mctx, pctx);; +\& EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey); +\& EVP_DigestVerifyUpdate(mctx, msg, msg_len); +\& EVP_DigestVerifyFinal(mctx, sig, sig_len) +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_set_alias_type\fR\|(3), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestVerifyInit\fR\|(3), +\&\fBEVP_PKEY_CTX_set1_id\fR\|(3), +\&\fBEVP_MD_CTX_set_pkey_ctx\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/X25519.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/X25519.7 new file mode 100644 index 00000000..d3802985 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/X25519.7 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X25519 7" +.TH X25519 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X25519, X448 \&\- EVP_PKEY X25519 and X448 support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX25519\fR and \fBX448\fR \s-1EVP_PKEY\s0 implementation supports key generation and +key derivation using \fBX25519\fR and \fBX448\fR. It has associated private and public +key formats compatible with \s-1RFC 8410.\s0 +.PP +No additional parameters can be set during key generation. +.PP +The peer public key must be set using \fBEVP_PKEY_derive_set_peer()\fR when +performing key derivation. +.SH "NOTES" +.IX Header "NOTES" +A context for the \fBX25519\fR algorithm can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); +.Ve +.PP +For the \fBX448\fR algorithm a context can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL); +.Ve +.PP +X25519 or X448 private keys can be set directly using +\&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or loaded from a PKCS#8 private key file +using \fBPEM_read_bio_PrivateKey\fR\|(3) (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key. +.PP +X25519 or X448 public keys can be set directly using +\&\fBEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo +structure in a \s-1PEM\s0 file using \fBPEM_read_bio_PUBKEY\fR\|(3) (or similar function). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example generates an \fBX25519\fR private key and writes it to standard +output in \s-1PEM\s0 format: +.PP +.Vb 9 +\& #include +\& #include +\& ... +\& EVP_PKEY *pkey = NULL; +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); +\& EVP_PKEY_keygen_init(pctx); +\& EVP_PKEY_keygen(pctx, &pkey); +\& EVP_PKEY_CTX_free(pctx); +\& PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); +.Ve +.PP +The key derivation example in \fBEVP_PKEY_derive\fR\|(3) can be used with +\&\fBX25519\fR and \fBX448\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3), +\&\fBEVP_PKEY_derive_set_peer\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/bio.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/bio.7 new file mode 100644 index 00000000..02d835cb --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/bio.7 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO 7" +.TH BIO 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +bio \- Basic I/O abstraction +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1BIO\s0 is an I/O abstraction, it hides many of the underlying I/O +details from an application. If an application uses a \s-1BIO\s0 for its +I/O it can transparently handle \s-1SSL\s0 connections, unencrypted network +connections and file I/O. +.PP +There are two type of \s-1BIO,\s0 a source/sink \s-1BIO\s0 and a filter \s-1BIO.\s0 +.PP +As its name implies a source/sink \s-1BIO\s0 is a source and/or sink of data, +examples include a socket \s-1BIO\s0 and a file \s-1BIO.\s0 +.PP +A filter \s-1BIO\s0 takes data from one \s-1BIO\s0 and passes it through to +another, or the application. The data may be left unmodified (for +example a message digest \s-1BIO\s0) or translated (for example an +encryption \s-1BIO\s0). The effect of a filter \s-1BIO\s0 may change according +to the I/O operation it is performing: for example an encryption +\&\s-1BIO\s0 will encrypt data if it is being written to and decrypt data +if it is being read from. +.PP +BIOs can be joined together to form a chain (a single \s-1BIO\s0 is a chain +with one component). A chain normally consist of one source/sink +\&\s-1BIO\s0 and one or more filter BIOs. Data read from or written to the +first \s-1BIO\s0 then traverses the chain to the end (normally a source/sink +\&\s-1BIO\s0). +.PP +Some BIOs (such as memory BIOs) can be used immediately after calling +\&\fBBIO_new()\fR. Others (such as file BIOs) need some additional initialization, +and frequently a utility function exists to create and initialize such BIOs. +.PP +If \fBBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting +in a memory leak. +.PP +Calling \fBBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling +\&\fBBIO_free()\fR on it other than the discarded return value. +.PP +Normally the \fBtype\fR argument is supplied by a function which returns a +pointer to a \s-1BIO_METHOD.\s0 There is a naming convention for such functions: +a source/sink \s-1BIO\s0 is normally called BIO_s_*() and a filter \s-1BIO\s0 +BIO_f_*(); +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a memory \s-1BIO:\s0 +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_ctrl\fR\|(3), +\&\fBBIO_f_base64\fR\|(3), \fBBIO_f_buffer\fR\|(3), +\&\fBBIO_f_cipher\fR\|(3), \fBBIO_f_md\fR\|(3), +\&\fBBIO_f_null\fR\|(3), \fBBIO_f_ssl\fR\|(3), +\&\fBBIO_find_type\fR\|(3), \fBBIO_new\fR\|(3), +\&\fBBIO_new_bio_pair\fR\|(3), +\&\fBBIO_push\fR\|(3), \fBBIO_read_ex\fR\|(3), +\&\fBBIO_s_accept\fR\|(3), \fBBIO_s_bio\fR\|(3), +\&\fBBIO_s_connect\fR\|(3), \fBBIO_s_fd\fR\|(3), +\&\fBBIO_s_file\fR\|(3), \fBBIO_s_mem\fR\|(3), +\&\fBBIO_s_null\fR\|(3), \fBBIO_s_socket\fR\|(3), +\&\fBBIO_set_callback\fR\|(3), +\&\fBBIO_should_retry\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/crypto.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/crypto.7 new file mode 100644 index 00000000..be52881c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/crypto.7 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO 7" +.TH CRYPTO 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +crypto \- OpenSSL cryptographic library +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +See the individual manual pages for details. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL \fBcrypto\fR library implements a wide range of cryptographic +algorithms used in various Internet standards. The services provided +by this library are used by the OpenSSL implementations of \s-1SSL, TLS\s0 +and S/MIME, and they have also been used to implement \s-1SSH,\s0 OpenPGP, and +other cryptographic standards. +.PP +\&\fBlibcrypto\fR consists of a number of sub-libraries that implement the +individual algorithms. +.PP +The functionality includes symmetric encryption, public key +cryptography and key agreement, certificate handling, cryptographic +hash functions, cryptographic pseudo-random number generator, and +various utilities. +.SH "NOTES" +.IX Header "NOTES" +Some of the newer functions follow a naming convention using the numbers +\&\fB0\fR and \fB1\fR. For example the functions: +.PP +.Vb 2 +\& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +\& int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +.Ve +.PP +The \fB0\fR version uses the supplied structure pointer directly +in the parent and it will be freed up when the parent is freed. +In the above example \fBcrl\fR would be freed but \fBrev\fR would not. +.PP +The \fB1\fR function uses a copy of the supplied structure pointer +(or in some cases increases its link count) in the parent and +so both (\fBx\fR and \fBobj\fR above) should be freed up. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See the individual manual pages for details. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\fR\|(1), \fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/ct.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/ct.7 new file mode 100644 index 00000000..173906df --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/ct.7 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CT 7" +.TH CT 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ct \- Certificate Transparency +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements Certificate Transparency (\s-1CT\s0) verification for \s-1TLS\s0 +clients, as defined in \s-1RFC 6962.\s0 This verification can provide some confidence +that a certificate has been publicly logged in a set of \s-1CT\s0 logs. +.PP +By default, these checks are disabled. They can be enabled using +\&\fBSSL_CTX_enable_ct\fR\|(3) or \fBSSL_enable_ct\fR\|(3). +.PP +This library can also be used to parse and examine \s-1CT\s0 data structures, such as +Signed Certificate Timestamps (SCTs), or to read a list of \s-1CT\s0 logs. There are +functions for: +\&\- decoding and encoding SCTs in \s-1DER\s0 and \s-1TLS\s0 wire format. +\&\- printing SCTs. +\&\- verifying the authenticity of SCTs. +\&\- loading a \s-1CT\s0 log list from a \s-1CONF\s0 file. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_SCT_LIST\fR\|(3), +\&\fBCTLOG_STORE_new\fR\|(3), +\&\fBCTLOG_STORE_get0_log_by_id\fR\|(3), +\&\fBSCT_new\fR\|(3), +\&\fBSCT_print\fR\|(3), +\&\fBSCT_validate\fR\|(3), +\&\fBSCT_validate\fR\|(3), +\&\fBCT_POLICY_EVAL_CTX_new\fR\|(3), +\&\fBSSL_CTX_set_ct_validation_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The ct library was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/des_modes.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/des_modes.7 new file mode 100644 index 00000000..3fd9a7c2 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/des_modes.7 @@ -0,0 +1,295 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DES_MODES 7" +.TH DES_MODES 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +des_modes \- the variants of DES and other crypto algorithms of OpenSSL +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several crypto algorithms for OpenSSL can be used in a number of modes. Those +are used for using block ciphers in a way similar to stream ciphers, among +other things. +.SH "OVERVIEW" +.IX Header "OVERVIEW" +.SS "Electronic Codebook Mode (\s-1ECB\s0)" +.IX Subsection "Electronic Codebook Mode (ECB)" +Normally, this is found as the function \fIalgorithm\fR\fB_ecb_encrypt()\fR. +.IP "\(bu" 2 +64 bits are enciphered at a time. +.IP "\(bu" 2 +The order of the blocks can be rearranged without detection. +.IP "\(bu" 2 +The same plaintext block always produces the same ciphertext block +(for the same key) making it vulnerable to a 'dictionary attack'. +.IP "\(bu" 2 +An error will only affect one ciphertext block. +.SS "Cipher Block Chaining Mode (\s-1CBC\s0)" +.IX Subsection "Cipher Block Chaining Mode (CBC)" +Normally, this is found as the function \fIalgorithm\fR\fB_cbc_encrypt()\fR. +Be aware that \fBdes_cbc_encrypt()\fR is not really \s-1DES CBC\s0 (it does +not update the \s-1IV\s0); use \fBdes_ncbc_encrypt()\fR instead. +.IP "\(bu" 2 +a multiple of 64 bits are enciphered at a time. +.IP "\(bu" 2 +The \s-1CBC\s0 mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable. +.IP "\(bu" 2 +The chaining operation makes the ciphertext blocks dependent on the +current and all preceding plaintext blocks and therefore blocks can not +be rearranged. +.IP "\(bu" 2 +The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext. +.IP "\(bu" 2 +An error will affect the current and the following ciphertext blocks. +.SS "Cipher Feedback Mode (\s-1CFB\s0)" +.IX Subsection "Cipher Feedback Mode (CFB)" +Normally, this is found as the function \fIalgorithm\fR\fB_cfb_encrypt()\fR. +.IP "\(bu" 2 +a number of bits (j) <= 64 are enciphered at a time. +.IP "\(bu" 2 +The \s-1CFB\s0 mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable. +.IP "\(bu" 2 +The chaining operation makes the ciphertext variables dependent on the +current and all preceding variables and therefore j\-bit variables are +chained together and can not be rearranged. +.IP "\(bu" 2 +The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext. +.IP "\(bu" 2 +The strength of the \s-1CFB\s0 mode depends on the size of k (maximal if +j == k). In my implementation this is always the case. +.IP "\(bu" 2 +Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads. +.IP "\(bu" 2 +Only multiples of j bits can be enciphered. +.IP "\(bu" 2 +An error will affect the current and the following ciphertext variables. +.SS "Output Feedback Mode (\s-1OFB\s0)" +.IX Subsection "Output Feedback Mode (OFB)" +Normally, this is found as the function \fIalgorithm\fR\fB_ofb_encrypt()\fR. +.IP "\(bu" 2 +a number of bits (j) <= 64 are enciphered at a time. +.IP "\(bu" 2 +The \s-1OFB\s0 mode produces the same ciphertext whenever the same +plaintext enciphered using the same key and starting variable. More +over, in the \s-1OFB\s0 mode the same key stream is produced when the same +key and start variable are used. Consequently, for security reasons +a specific start variable should be used only once for a given key. +.IP "\(bu" 2 +The absence of chaining makes the \s-1OFB\s0 more vulnerable to specific attacks. +.IP "\(bu" 2 +The use of different start variables values prevents the same +plaintext enciphering to the same ciphertext, by producing different +key streams. +.IP "\(bu" 2 +Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads. +.IP "\(bu" 2 +Only multiples of j bits can be enciphered. +.IP "\(bu" 2 +\&\s-1OFB\s0 mode of operation does not extend ciphertext errors in the +resultant plaintext output. Every bit error in the ciphertext causes +only one bit to be in error in the deciphered plaintext. +.IP "\(bu" 2 +\&\s-1OFB\s0 mode is not self-synchronizing. If the two operation of +encipherment and decipherment get out of synchronism, the system needs +to be re-initialized. +.IP "\(bu" 2 +Each re-initialization should use a value of the start variable +different from the start variable values used before with the same +key. The reason for this is that an identical bit stream would be +produced each time from the same parameters. This would be +susceptible to a 'known plaintext' attack. +.SS "Triple \s-1ECB\s0 Mode" +.IX Subsection "Triple ECB Mode" +Normally, this is found as the function \fIalgorithm\fR\fB_ecb3_encrypt()\fR. +.IP "\(bu" 2 +Encrypt with key1, decrypt with key2 and encrypt with key3 again. +.IP "\(bu" 2 +As for \s-1ECB\s0 encryption but increases the key length to 168 bits. +There are theoretic attacks that can be used that make the effective +key length 112 bits, but this attack also requires 2^56 blocks of +memory, not very likely, even for the \s-1NSA.\s0 +.IP "\(bu" 2 +If both keys are the same it is equivalent to encrypting once with +just one key. +.IP "\(bu" 2 +If the first and last key are the same, the key length is 112 bits. +There are attacks that could reduce the effective key strength +to only slightly more than 56 bits, but these require a lot of memory. +.IP "\(bu" 2 +If all 3 keys are the same, this is effectively the same as normal +ecb mode. +.SS "Triple \s-1CBC\s0 Mode" +.IX Subsection "Triple CBC Mode" +Normally, this is found as the function \fIalgorithm\fR\fB_ede3_cbc_encrypt()\fR. +.IP "\(bu" 2 +Encrypt with key1, decrypt with key2 and then encrypt with key3. +.IP "\(bu" 2 +As for \s-1CBC\s0 encryption but increases the key length to 168 bits with +the same restrictions as for triple ecb mode. +.SH "NOTES" +.IX Header "NOTES" +This text was been written in large parts by Eric Young in his original +documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed +it to: +.PP +.Vb 5 +\& AS 2805.5.2 +\& Australian Standard +\& Electronic funds transfer \- Requirements for interfaces, +\& Part 5.2: Modes of operation for an n\-bit block cipher algorithm +\& Appendix A +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBF_encrypt\fR\|(3), \fBDES_crypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/evp.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/evp.7 new file mode 100644 index 00000000..13122df3 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/evp.7 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP 7" +.TH EVP 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +evp \- high\-level cryptographic functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 library provides a high-level interface to cryptographic +functions. +.PP +The \fBEVP_Seal\fR\fI\s-1XXX\s0\fR and \fBEVP_Open\fR\fI\s-1XXX\s0\fR +functions provide public key encryption and decryption to implement digital \*(L"envelopes\*(R". +.PP +The \fBEVP_DigestSign\fR\fI\s-1XXX\s0\fR and +\&\fBEVP_DigestVerify\fR\fI\s-1XXX\s0\fR functions implement +digital signatures and Message Authentication Codes (MACs). Also see the older +\&\fBEVP_Sign\fR\fI\s-1XXX\s0\fR and \fBEVP_Verify\fR\fI\s-1XXX\s0\fR +functions. +.PP +Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI\s-1XXX\s0\fR +functions. The \fBEVP_Digest\fR\fI\s-1XXX\s0\fR functions provide message digests. +.PP +The \fB\s-1EVP_PKEY\s0\fR\fI\s-1XXX\s0\fR functions provide a high level interface to +asymmetric algorithms. To create a new \s-1EVP_PKEY\s0 see +\&\fBEVP_PKEY_new\fR\|(3). EVP_PKEYs can be associated +with a private key of a particular algorithm by using the functions +described on the \fBEVP_PKEY_set1_RSA\fR\|(3) page, or +new keys can be generated using \fBEVP_PKEY_keygen\fR\|(3). +EVP_PKEYs can be compared using \fBEVP_PKEY_cmp\fR\|(3), or printed using +\&\fBEVP_PKEY_print_private\fR\|(3). +.PP +The \s-1EVP_PKEY\s0 functions support the full range of asymmetric algorithm operations: +.IP "For key agreement see \fBEVP_PKEY_derive\fR\|(3)" 4 +.IX Item "For key agreement see EVP_PKEY_derive" +.PD 0 +.IP "For signing and verifying see \fBEVP_PKEY_sign\fR\|(3), \fBEVP_PKEY_verify\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the \fBEVP_DigestSignInit\fR\|(3) functions for this purpose." 4 +.IX Item "For signing and verifying see EVP_PKEY_sign, EVP_PKEY_verify and EVP_PKEY_verify_recover. However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the EVP_DigestSignInit functions for this purpose." +.ie n .IP "For encryption and decryption see \fBEVP_PKEY_encrypt\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ""digital envelope"" using the \fBEVP_SealInit\fR\|(3) and \fBEVP_OpenInit\fR\|(3) functions." 4 +.el .IP "For encryption and decryption see \fBEVP_PKEY_encrypt\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ``digital envelope'' using the \fBEVP_SealInit\fR\|(3) and \fBEVP_OpenInit\fR\|(3) functions." 4 +.IX Item "For encryption and decryption see EVP_PKEY_encrypt and EVP_PKEY_decrypt respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a digital envelope using the EVP_SealInit and EVP_OpenInit functions." +.PD +.PP +The \fBEVP_BytesToKey\fR\|(3) function provides some limited support for password +based encryption. Careful selection of the parameters will provide a PKCS#5 \s-1PBKDF1\s0 compatible +implementation. However, new applications should not typically use this (preferring, for example, +\&\s-1PBKDF2\s0 from PCKS#5). +.PP +The \fBEVP_Encode\fR\fI\s-1XXX\s0\fR and +\&\fBEVP_Decode\fR\fI\s-1XXX\s0\fR functions implement base 64 encoding +and decoding. +.PP +All the symmetric algorithms (ciphers), digests and asymmetric algorithms +(public key algorithms) can be replaced by \s-1ENGINE\s0 modules providing alternative +implementations. If \s-1ENGINE\s0 implementations of ciphers or digests are registered +as defaults, then the various \s-1EVP\s0 functions will automatically use those +implementations automatically in preference to built in software +implementations. For more information, consult the \fBengine\fR\|(3) man page. +.PP +Although low level algorithm specific functions exist for many algorithms +their use is discouraged. They cannot be used with an \s-1ENGINE\s0 and \s-1ENGINE\s0 +versions of new algorithms cannot be accessed using the low level functions. +Also makes code harder to adapt to new algorithms and some options are not +cleanly supported at the low level and some operations are more efficient +using the high level interface. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_OpenInit\fR\|(3), +\&\fBEVP_SealInit\fR\|(3), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_SignInit\fR\|(3), +\&\fBEVP_VerifyInit\fR\|(3), +\&\fBEVP_EncodeInit\fR\|(3), +\&\fBEVP_PKEY_new\fR\|(3), +\&\fBEVP_PKEY_set1_RSA\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3), +\&\fBEVP_PKEY_print_private\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3), +\&\fBEVP_BytesToKey\fR\|(3), +\&\fBENGINE_by_id\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/ossl_store-file.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/ossl_store-file.7 new file mode 100644 index 00000000..3aec5be5 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/ossl_store-file.7 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE-FILE 7" +.TH OSSL_STORE-FILE 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ossl_store\-file \- The store 'file' scheme loader +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +#include +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for the 'file' scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. +Since files come in all kinds of formats and content types, the 'file' +scheme has its own layer of functionality called \*(L"file handlers\*(R", +which are used to try to decode diverse types of file contents. +.PP +In case a file is formatted as \s-1PEM,\s0 each called file handler receives +the \s-1PEM\s0 name (everything following any '\f(CW\*(C`\-\-\-\-\-BEGIN \*(C'\fR') as well as +possible \s-1PEM\s0 headers, together with the decoded \s-1PEM\s0 body. Since \s-1PEM\s0 +formatted files can contain more than one object, the file handlers +are called upon for each such object. +.PP +If the file isn't determined to be formatted as \s-1PEM,\s0 the content is +loaded in raw form in its entirety and passed to the available file +handlers as is, with no \s-1PEM\s0 name or headers. +.PP +Each file handler is expected to handle \s-1PEM\s0 and non-PEM content as +appropriate. Some may refuse non-PEM content for the sake of +determinism (for example, there are keys out in the wild that are +represented as an \s-1ASN.1 OCTET STRING.\s0 In raw form, it's not easily +possible to distinguish those from any other data coming as an \s-1ASN.1 +OCTET STRING,\s0 so such keys would naturally be accepted as \s-1PEM\s0 files +only). +.SH "NOTES" +.IX Header "NOTES" +When needed, the 'file' scheme loader will require a pass phrase by +using the \f(CW\*(C`UI_METHOD\*(C'\fR that was passed via \fBOSSL_STORE_open()\fR. +This pass phrase is expected to be \s-1UTF\-8\s0 encoded, anything else will +give an undefined result. +The files made accessible through this loader are expected to be +standard compliant with regards to pass phrase encoding. +Files that aren't should be re-generated with a correctly encoded pass +phrase. +See \fBpassphrase\-encoding\fR\|(7) for more information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/ossl_store.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/ossl_store.7 new file mode 100644 index 00000000..e66149bd --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/ossl_store.7 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE 7" +.TH OSSL_STORE 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ossl_store \- Store retrieval functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +#include +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "General" +.IX Subsection "General" +A \s-1STORE\s0 is a layer of functionality to retrieve a number of supported +objects from a repository of any kind, addressable as a file name or +as a \s-1URI.\s0 +.PP +The functionality supports the pattern \*(L"open a channel to the +repository\*(R", \*(L"loop and retrieve one object at a time\*(R", and \*(L"finish up +by closing the channel\*(R". +.PP +The retrieved objects are returned as a wrapper type \fB\s-1OSSL_STORE_INFO\s0\fR, +from which an OpenSSL type can be retrieved. +.SS "\s-1URI\s0 schemes and loaders" +.IX Subsection "URI schemes and loaders" +Support for a \s-1URI\s0 scheme is called a \s-1STORE\s0 \*(L"loader\*(R", and can be added +dynamically from the calling application or from a loadable engine. +.PP +Support for the 'file' scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. +See \fBossl_store\-file\fR\|(7) for more information. +.SS "\s-1UI_METHOD\s0 and pass phrases" +.IX Subsection "UI_METHOD and pass phrases" +The \fB\s-1OSS_STORE\s0\fR \s-1API\s0 does nothing to enforce any specific format or +encoding on the pass phrase that the \fB\s-1UI_METHOD\s0\fR provides. However, +the pass phrase is expected to be \s-1UTF\-8\s0 encoded. The result of any +other encoding is undefined. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.SS "A generic call" +.IX Subsection "A generic call" +.Vb 1 +\& OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem"); +\& +\& /* +\& * OSSL_STORE_eof() simulates file semantics for any repository to signal +\& * that no more data can be expected +\& */ +\& while (!OSSL_STORE_eof(ctx)) { +\& OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); +\& +\& /* +\& * Do whatever is necessary with the OSSL_STORE_INFO, +\& * here just one example +\& */ +\& switch (OSSL_STORE_INFO_get_type(info)) { +\& case OSSL_STORE_INFO_X509: +\& /* Print the X.509 certificate text */ +\& X509_print_fp(stdout, OSSL_STORE_INFO_get0_CERT(info)); +\& /* Print the X.509 certificate PEM output */ +\& PEM_write_X509(stdout, OSSL_STORE_INFO_get0_CERT(info)); +\& break; +\& } +\& } +\& +\& OSSL_STORE_close(ctx); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \s-1\fBOSSL_STORE_LOADER\s0\fR\|(3), +\&\fBOSSL_STORE_open\fR\|(3), \fBOSSL_STORE_expect\fR\|(3), +\&\s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/passphrase-encoding.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/passphrase-encoding.7 new file mode 100644 index 00000000..a9b5de4c --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/passphrase-encoding.7 @@ -0,0 +1,287 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PASSPHRASE-ENCODING 7" +.TH PASSPHRASE-ENCODING 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +passphrase\-encoding \&\- How diverse parts of OpenSSL treat pass phrases character encoding +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In a modern world with all sorts of character encodings, the treatment of pass +phrases has become increasingly complex. +This manual page attempts to give an overview over how this problem is +currently addressed in different parts of the OpenSSL library. +.SS "The general case" +.IX Subsection "The general case" +The OpenSSL library doesn't treat pass phrases in any special way as a general +rule, and trusts the application or user to choose a suitable character set +and stick to that throughout the lifetime of affected objects. +This means that for an object that was encrypted using a pass phrase encoded in +\&\s-1ISO\-8859\-1,\s0 that object needs to be decrypted using a pass phrase encoded in +\&\s-1ISO\-8859\-1.\s0 +Using the wrong encoding is expected to cause a decryption failure. +.SS "PKCS#12" +.IX Subsection "PKCS#12" +PKCS#12 is a bit different regarding pass phrase encoding. +The standard stipulates that the pass phrase shall be encoded as an \s-1ASN.1\s0 +BMPString, which consists of the code points of the basic multilingual plane, +encoded in big endian (\s-1UCS\-2 BE\s0). +.PP +OpenSSL tries to adapt to this requirements in one of the following manners: +.IP "1." 4 +Treats the received pass phrase as \s-1UTF\-8\s0 encoded and tries to re-encode it to +\&\s-1UTF\-16\s0 (which is the same as \s-1UCS\-2\s0 for characters U+0000 to U+D7FF and U+E000 +to U+FFFF, but becomes an expansion for any other character), or failing that, +proceeds with step 2. +.IP "2." 4 +Assumes that the pass phrase is encoded in \s-1ASCII\s0 or \s-1ISO\-8859\-1\s0 and +opportunistically prepends each byte with a zero byte to obtain the \s-1UCS\-2\s0 +encoding of the characters, which it stores as a BMPString. +.Sp +Note that since there is no check of your locale, this may produce \s-1UCS\-2 / +UTF\-16\s0 characters that do not correspond to the original pass phrase characters +for other character sets, such as any \s-1ISO\-8859\-X\s0 encoding other than +\&\s-1ISO\-8859\-1\s0 (or for Windows, \s-1CP 1252\s0 with exception for the extra \*(L"graphical\*(R" +characters in the 0x80\-0x9F range). +.PP +OpenSSL versions older than 1.1.0 do variant 2 only, and that is the reason why +OpenSSL still does this, to be able to read files produced with older versions. +.PP +It should be noted that this approach isn't entirely fault free. +.PP +A pass phrase encoded in \s-1ISO\-8859\-2\s0 could very well have a sequence such as +0xC3 0xAF (which is the two characters \*(L"\s-1LATIN CAPITAL LETTER A WITH BREVE\*(R"\s0 +and \*(L"\s-1LATIN CAPITAL LETTER Z WITH DOT ABOVE\*(R"\s0 in \s-1ISO\-8859\-2\s0 encoding), but would +be misinterpreted as the perfectly valid \s-1UTF\-8\s0 encoded code point U+00EF (\s-1LATIN +SMALL LETTER I WITH DIAERESIS\s0) \fIif the pass phrase doesn't contain anything that +would be invalid \s-1UTF\-8\s0\fR. +A pass phrase that contains this kind of byte sequence will give a different +outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0. +.PP +.Vb 2 +\& 0x00 0xC3 0x00 0xAF # OpenSSL older than 1.1.0 +\& 0x00 0xEF # OpenSSL 1.1.0 and newer +.Ve +.PP +On the same accord, anything encoded in \s-1UTF\-8\s0 that was given to OpenSSL older +than 1.1.0 was misinterpreted as \s-1ISO\-8859\-1\s0 sequences. +.SS "\s-1OSSL_STORE\s0" +.IX Subsection "OSSL_STORE" +\&\fBossl_store\fR\|(7) acts as a general interface to access all kinds of objects, +potentially protected with a pass phrase, a \s-1PIN\s0 or something else. +This \s-1API\s0 stipulates that pass phrases should be \s-1UTF\-8\s0 encoded, and that any +other pass phrase encoding may give undefined results. +This \s-1API\s0 relies on the application to ensure \s-1UTF\-8\s0 encoding, and doesn't check +that this is the case, so what it gets, it will also pass to the underlying +loader. +.SH "RECOMMENDATIONS" +.IX Header "RECOMMENDATIONS" +This section assumes that you know what pass phrase was used for encryption, +but that it may have been encoded in a different character encoding than the +one used by your current input method. +For example, the pass phrase may have been used at a time when your default +encoding was \s-1ISO\-8859\-1\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61 +0xEF 0x76 0x65), and you're now in an environment where your default encoding +is \s-1UTF\-8\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76 +0x65). +Whenever it's mentioned that you should use a certain character encoding, it +should be understood that you either change the input method to use the +mentioned encoding when you type in your pass phrase, or use some suitable tool +to convert your pass phrase from your default encoding to the target encoding. +.PP +Also note that the sub-sections below discuss human readable pass phrases. +This is particularly relevant for PKCS#12 objects, where human readable pass +phrases are assumed. +For other objects, it's as legitimate to use any byte sequence (such as a +sequence of bytes from `/dev/urandom` that's been saved away), which makes any +character encoding discussion irrelevant; in such cases, simply use the same +byte sequence as it is. +.SS "Creating new objects" +.IX Subsection "Creating new objects" +For creating new pass phrase protected objects, make sure the pass phrase is +encoded using \s-1UTF\-8.\s0 +This is default on most modern Unixes, but may involve an effort on other +platforms. +Specifically for Windows, setting the environment variable +\&\f(CW\*(C`OPENSSL_WIN32_UTF8\*(C'\fR will have anything entered on [Windows] console prompt +converted to \s-1UTF\-8\s0 (command line and separately prompted pass phrases alike). +.SS "Opening existing objects" +.IX Subsection "Opening existing objects" +For opening pass phrase protected objects where you know what character +encoding was used for the encryption pass phrase, make sure to use the same +encoding again. +.PP +For opening pass phrase protected objects where the character encoding that was +used is unknown, or where the producing application is unknown, try one of the +following: +.IP "1." 4 +Try the pass phrase that you have as it is in the character encoding of your +environment. +It's possible that its byte sequence is exactly right. +.IP "2." 4 +Convert the pass phrase to \s-1UTF\-8\s0 and try with the result. +Specifically with PKCS#12, this should open up any object that was created +according to the specification. +.IP "3." 4 +Do a nai\*:ve (i.e. purely mathematical) \s-1ISO\-8859\-1\s0 to \s-1UTF\-8\s0 conversion and try +with the result. +This differs from the previous attempt because \s-1ISO\-8859\-1\s0 maps directly to +U+0000 to U+00FF, which other non\-UTF\-8 character sets do not. +.Sp +This also takes care of the case when a \s-1UTF\-8\s0 encoded string was used with +OpenSSL older than 1.1.0. +(for example, \f(CW\*(C`i\*:\*(C'\fR, which is 0xC3 0xAF when encoded in \s-1UTF\-8,\s0 would become 0xC3 +0x83 0xC2 0xAF when re-encoded in the nai\*:ve manner. +The conversion to BMPString would then yield 0x00 0xC3 0x00 0xA4 0x00 0x00, the +erroneous/non\-compliant encoding used by OpenSSL older than 1.1.0) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBossl_store\fR\|(7), +\&\fBEVP_BytesToKey\fR\|(3), \fBEVP_DecryptInit\fR\|(3), +\&\fBPEM_do_header\fR\|(3), +\&\fBPKCS12_parse\fR\|(3), \fBPKCS12_newpass\fR\|(3), +\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/proxy-certificates.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/proxy-certificates.7 new file mode 100644 index 00000000..23823c56 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/proxy-certificates.7 @@ -0,0 +1,478 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROXY-CERTIFICATES 7" +.TH PROXY-CERTIFICATES 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +proxy\-certificates \- Proxy certificates in OpenSSL +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Proxy certificates are defined in \s-1RFC 3820.\s0 They are used to +extend rights to some other entity (a computer process, typically, or +sometimes to the user itself). This allows the entity to perform +operations on behalf of the owner of the \s-1EE\s0 (End Entity) certificate. +.PP +The requirements for a valid proxy certificate are: +.IP "\(bu" 4 +They are issued by an End Entity, either a normal \s-1EE\s0 certificate, or +another proxy certificate. +.IP "\(bu" 4 +They must not have the \fBsubjectAltName\fR or \fBissuerAltName\fR +extensions. +.IP "\(bu" 4 +They must have the \fBproxyCertInfo\fR extension. +.IP "\(bu" 4 +They must have the subject of their issuer, with one \fBcommonName\fR +added. +.SS "Enabling proxy certificate verification" +.IX Subsection "Enabling proxy certificate verification" +OpenSSL expects applications that want to use proxy certificates to be +specially aware of them, and make that explicit. This is done by +setting an X509 verification flag: +.PP +.Vb 1 +\& X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); +.Ve +.PP +or +.PP +.Vb 1 +\& X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_ALLOW_PROXY_CERTS); +.Ve +.PP +See \*(L"\s-1NOTES\*(R"\s0 for a discussion on this requirement. +.SS "Creating proxy certificates" +.IX Subsection "Creating proxy certificates" +Creating proxy certificates can be done using the \fBopenssl\-x509\fR\|(1) +command, with some extra extensions: +.PP +.Vb 3 +\& [ v3_proxy ] +\& # A proxy certificate MUST NEVER be a CA certificate. +\& basicConstraints=CA:FALSE +\& +\& # Usual authority key ID +\& authorityKeyIdentifier=keyid,issuer:always +\& +\& # The extension which marks this certificate as a proxy +\& proxyCertInfo=critical,language:id\-ppl\-anyLanguage,pathlen:1,policy:text:AB +.Ve +.PP +It's also possible to specify the proxy extension in a separate section: +.PP +.Vb 1 +\& proxyCertInfo=critical,@proxy_ext +\& +\& [ proxy_ext ] +\& language=id\-ppl\-anyLanguage +\& pathlen=0 +\& policy=text:BC +.Ve +.PP +The policy value has a specific syntax, \fIsyntag\fR:\fIstring\fR, where the +\&\fIsyntag\fR determines what will be done with the string. The following +\&\fIsyntag\fRs are recognised: +.IP "\fBtext\fR" 4 +.IX Item "text" +indicates that the string is a byte sequence, without any encoding: +.Sp +.Vb 1 +\& policy=text:ra\*:ksmo\*:rga\*os +.Ve +.IP "\fBhex\fR" 4 +.IX Item "hex" +indicates the string is encoded hexadecimal encoded binary data, with +colons between each byte (every second hex digit): +.Sp +.Vb 1 +\& policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73 +.Ve +.IP "\fBfile\fR" 4 +.IX Item "file" +indicates that the text of the policy should be taken from a file. +The string is then a filename. This is useful for policies that are +large (more than a few lines, e.g. \s-1XML\s0 documents). +.PP +\&\fI\s-1NOTE:\s0 The proxy policy value is what determines the rights granted +to the process during the proxy certificate. It's up to the +application to interpret and combine these policies.\fR +.PP +With a proxy extension, creating a proxy certificate is a matter of +two commands: +.PP +.Vb 3 +\& openssl req \-new \-config proxy.cnf \e +\& \-out proxy.req \-keyout proxy.key \e +\& \-subj "/DC=org/DC=openssl/DC=users/CN=proxy 1" +\& +\& openssl x509 \-req \-CAcreateserial \-in proxy.req \-out proxy.crt \e +\& \-CA user.crt \-CAkey user.key \-days 7 \e +\& \-extfile proxy.cnf \-extensions v3_proxy1 +.Ve +.PP +You can also create a proxy certificate using another proxy +certificate as issuer (note: using a different configuration +section for the proxy extensions): +.PP +.Vb 3 +\& openssl req \-new \-config proxy.cnf \e +\& \-out proxy2.req \-keyout proxy2.key \e +\& \-subj "/DC=org/DC=openssl/DC=users/CN=proxy 1/CN=proxy 2" +\& +\& openssl x509 \-req \-CAcreateserial \-in proxy2.req \-out proxy2.crt \e +\& \-CA proxy.crt \-CAkey proxy.key \-days 7 \e +\& \-extfile proxy.cnf \-extensions v3_proxy2 +.Ve +.SS "Using proxy certs in applications" +.IX Subsection "Using proxy certs in applications" +To interpret proxy policies, the application would normally start with +some default rights (perhaps none at all), then compute the resulting +rights by checking the rights against the chain of proxy certificates, +user certificate and \s-1CA\s0 certificates. +.PP +The complicated part is figuring out how to pass data between your +application and the certificate validation procedure. +.PP +The following ingredients are needed for such processing: +.IP "\(bu" 4 +a callback function that will be called for every certificate being +validated. The callback is called several times for each certificate, +so you must be careful to do the proxy policy interpretation at the +right time. You also need to fill in the defaults when the \s-1EE\s0 +certificate is checked. +.IP "\(bu" 4 +a data structure that is shared between your application code and the +callback. +.IP "\(bu" 4 +a wrapper function that sets it all up. +.IP "\(bu" 4 +an ex_data index function that creates an index into the generic +ex_data store that is attached to an X509 validation context. +.PP +The following skeleton code can be used as a starting point: +.PP +.Vb 4 +\& #include +\& #include +\& #include +\& #include +\& +\& #define total_rights 25 +\& +\& /* +\& * In this example, I will use a view of granted rights as a bit +\& * array, one bit for each possible right. +\& */ +\& typedef struct your_rights { +\& unsigned char rights[(total_rights + 7) / 8]; +\& } YOUR_RIGHTS; +\& +\& /* +\& * The following procedure will create an index for the ex_data +\& * store in the X509 validation context the first time it\*(Aqs +\& * called. Subsequent calls will return the same index. +\& */ +\& static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx) +\& { +\& static volatile int idx = \-1; +\& +\& if (idx < 0) { +\& X509_STORE_lock(X509_STORE_CTX_get0_store(ctx)); +\& if (idx < 0) { +\& idx = X509_STORE_CTX_get_ex_new_index(0, +\& "for verify callback", +\& NULL,NULL,NULL); +\& } +\& X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx)); +\& } +\& return idx; +\& } +\& +\& /* Callback to be given to the X509 validation procedure. */ +\& static int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& if (ok == 1) { +\& /* +\& * It\*(Aqs REALLY important you keep the proxy policy check +\& * within this section. It\*(Aqs important to know that when +\& * ok is 1, the certificates are checked from top to +\& * bottom. You get the CA root first, followed by the +\& * possible chain of intermediate CAs, followed by the EE +\& * certificate, followed by the possible proxy +\& * certificates. +\& */ +\& X509 *xs = X509_STORE_CTX_get_current_cert(ctx); +\& +\& if (X509_get_extension_flags(xs) & EXFLAG_PROXY) { +\& YOUR_RIGHTS *rights = +\& (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, +\& get_proxy_auth_ex_data_idx(ctx)); +\& PROXY_CERT_INFO_EXTENSION *pci = +\& X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL); +\& +\& switch (OBJ_obj2nid(pci\->proxyPolicy\->policyLanguage)) { +\& case NID_Independent: +\& /* +\& * Do whatever you need to grant explicit rights +\& * to this particular proxy certificate, usually +\& * by pulling them from some database. If there +\& * are none to be found, clear all rights (making +\& * this and any subsequent proxy certificate void +\& * of any rights). +\& */ +\& memset(rights\->rights, 0, sizeof(rights\->rights)); +\& break; +\& case NID_id_ppl_inheritAll: +\& /* +\& * This is basically a NOP, we simply let the +\& * current rights stand as they are. +\& */ +\& break; +\& default: +\& /* +\& * This is usually the most complex section of +\& * code. You really do whatever you want as long +\& * as you follow RFC 3820. In the example we use +\& * here, the simplest thing to do is to build +\& * another, temporary bit array and fill it with +\& * the rights granted by the current proxy +\& * certificate, then use it as a mask on the +\& * accumulated rights bit array, and voila\*`, you +\& * now have a new accumulated rights bit array. +\& */ +\& { +\& int i; +\& YOUR_RIGHTS tmp_rights; +\& memset(tmp_rights.rights, 0, +\& sizeof(tmp_rights.rights)); +\& +\& /* +\& * process_rights() is supposed to be a +\& * procedure that takes a string and its +\& * length, interprets it and sets the bits +\& * in the YOUR_RIGHTS pointed at by the +\& * third argument. +\& */ +\& process_rights((char *) pci\->proxyPolicy\->policy\->data, +\& pci\->proxyPolicy\->policy\->length, +\& &tmp_rights); +\& +\& for(i = 0; i < total_rights / 8; i++) +\& rights\->rights[i] &= tmp_rights.rights[i]; +\& } +\& break; +\& } +\& PROXY_CERT_INFO_EXTENSION_free(pci); +\& } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) { +\& /* We have an EE certificate, let\*(Aqs use it to set default! */ +\& YOUR_RIGHTS *rights = +\& (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, +\& get_proxy_auth_ex_data_idx(ctx)); +\& +\& /* +\& * The following procedure finds out what rights the +\& * owner of the current certificate has, and sets them +\& * in the YOUR_RIGHTS structure pointed at by the +\& * second argument. +\& */ +\& set_default_rights(xs, rights); +\& } +\& } +\& return ok; +\& } +\& +\& static int my_X509_verify_cert(X509_STORE_CTX *ctx, +\& YOUR_RIGHTS *needed_rights) +\& { +\& int ok; +\& int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) = +\& X509_STORE_CTX_get_verify_cb(ctx); +\& YOUR_RIGHTS rights; +\& +\& X509_STORE_CTX_set_verify_cb(ctx, verify_callback); +\& X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx), +\& &rights); +\& X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); +\& ok = X509_verify_cert(ctx); +\& +\& if (ok == 1) { +\& ok = check_needed_rights(rights, needed_rights); +\& } +\& +\& X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb); +\& +\& return ok; +\& } +.Ve +.PP +If you use \s-1SSL\s0 or \s-1TLS,\s0 you can easily set up a callback to have the +certificates checked properly, using the code above: +.PP +.Vb 2 +\& SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, +\& &needed_rights); +.Ve +.SH "NOTES" +.IX Header "NOTES" +To this date, it seems that proxy certificates have only been used in +environments that are aware of them, and no one seems to have +investigated how they can be used or misused outside of such an +environment. +.PP +For that reason, OpenSSL requires that applications aware of proxy +certificates must also make that explicit. +.PP +\&\fBsubjectAltName\fR and \fBissuerAltName\fR are forbidden in proxy +certificates, and this is enforced in OpenSSL. The subject must be +the same as the issuer, with one commonName added on. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_CTX_set_flags\fR\|(3), +\&\fBX509_STORE_CTX_set_verify_cb\fR\|(3), +\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3), +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBopenssl\-req\fR\|(1), \fBopenssl\-x509\fR\|(1), +\&\s-1RFC 3820\s0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/scrypt.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/scrypt.7 new file mode 100644 index 00000000..7819d7d1 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/scrypt.7 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCRYPT 7" +.TH SCRYPT 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +scrypt \- EVP_PKEY scrypt KDF support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_PKEY_SCRYPT\s0 algorithm implements the scrypt password based key +derivation function, as described in \s-1RFC 7914.\s0 It is memory-hard in the sense +that it deliberately requires a significant amount of \s-1RAM\s0 for efficient +computation. The intention of this is to render brute forcing of passwords on +systems that lack large amounts of main memory (such as GPUs or ASICs) +computationally infeasible. +.PP +scrypt provides three work factors that can be customized: N, r and p. N, which +has to be a positive power of two, is the general work factor and scales \s-1CPU\s0 +time in an approximately linear fashion. r is the block size of the internally +used hash function and p is the parallelization factor. Both r and p need to be +greater than zero. The amount of \s-1RAM\s0 that scrypt requires for its computation +is roughly (128 * N * r * p) bytes. +.PP +In the original paper of Colin Percival (\*(L"Stronger Key Derivation via +Sequential Memory-Hard Functions\*(R", 2009), the suggested values that give a +computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N = +2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for +this computation is roughly 1 GiB. On a more recent \s-1CPU\s0 (Intel i7\-5930K at 3.5 +GHz), this computation takes about 3 seconds. When N, r or p are not specified, +they default to 1048576, 8, and 1, respectively. The default amount of \s-1RAM\s0 that +may be used by scrypt defaults to 1025 MiB. +.SH "NOTES" +.IX Header "NOTES" +A context for scrypt can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL); +.Ve +.PP +The output length of an scrypt key derivation is specified via the +length parameter to the \fBEVP_PKEY_derive\fR\|(3) function. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives a 64\-byte long test vector using scrypt using the password +\&\*(L"password\*(R", salt \*(L"NaCl\*(R" and N = 1024, r = 8, p = 16. +.PP +.Vb 2 +\& EVP_PKEY_CTX *pctx; +\& unsigned char out[64]; +\& +\& size_t outlen = sizeof(out); +\& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL); +\& +\& if (EVP_PKEY_derive_init(pctx) <= 0) { +\& error("EVP_PKEY_derive_init"); +\& } +\& if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) { +\& error("EVP_PKEY_CTX_set1_pbe_pass"); +\& } +\& if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, "NaCl", 4) <= 0) { +\& error("EVP_PKEY_CTX_set1_scrypt_salt"); +\& } +\& if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) { +\& error("EVP_PKEY_CTX_set_scrypt_N"); +\& } +\& if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) { +\& error("EVP_PKEY_CTX_set_scrypt_r"); +\& } +\& if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) { +\& error("EVP_PKEY_CTX_set_scrypt_p"); +\& } +\& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { +\& error("EVP_PKEY_derive"); +\& } +\& +\& { +\& const unsigned char expected[sizeof(out)] = { +\& 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, +\& 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, +\& 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, +\& 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, +\& 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, +\& 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, +\& 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, +\& 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 +\& }; +\& +\& assert(!memcmp(out, expected, sizeof(out))); +\& } +\& +\& EVP_PKEY_CTX_free(pctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 7914\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_set1_scrypt_salt\fR\|(3), +\&\fBEVP_PKEY_CTX_set_scrypt_N\fR\|(3), +\&\fBEVP_PKEY_CTX_set_scrypt_r\fR\|(3), +\&\fBEVP_PKEY_CTX_set_scrypt_p\fR\|(3), +\&\fBEVP_PKEY_CTX_set_scrypt_maxmem_bytes\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/ssl.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/ssl.7 new file mode 100644 index 00000000..95f18f7b --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/ssl.7 @@ -0,0 +1,914 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL 7" +.TH SSL 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ssl \- OpenSSL SSL/TLS library +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +See the individual manual pages for details. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL \fBssl\fR library implements the Secure Sockets Layer (\s-1SSL\s0 v2/v3) and +Transport Layer Security (\s-1TLS\s0 v1) protocols. It provides a rich \s-1API\s0 which is +documented here. +.PP +An \fB\s-1SSL_CTX\s0\fR object is created as a framework to establish +\&\s-1TLS/SSL\s0 enabled connections (see \fBSSL_CTX_new\fR\|(3)). +Various options regarding certificates, algorithms etc. can be set +in this object. +.PP +When a network connection has been created, it can be assigned to an +\&\fB\s-1SSL\s0\fR object. After the \fB\s-1SSL\s0\fR object has been created using +\&\fBSSL_new\fR\|(3), \fBSSL_set_fd\fR\|(3) or +\&\fBSSL_set_bio\fR\|(3) can be used to associate the network +connection with the object. +.PP +When the \s-1TLS/SSL\s0 handshake is performed using +\&\fBSSL_accept\fR\|(3) or \fBSSL_connect\fR\|(3) +respectively. +\&\fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) and \fBSSL_write\fR\|(3) are +used to read and write data on the \s-1TLS/SSL\s0 connection. +\&\fBSSL_shutdown\fR\|(3) can be used to shut down the +\&\s-1TLS/SSL\s0 connection. +.SH "DATA STRUCTURES" +.IX Header "DATA STRUCTURES" +Currently the OpenSSL \fBssl\fR library functions deals with the following data +structures: +.IP "\fB\s-1SSL_METHOD\s0\fR (\s-1SSL\s0 Method)" 4 +.IX Item "SSL_METHOD (SSL Method)" +This is a dispatch structure describing the internal \fBssl\fR library +methods/functions which implement the various protocol versions (SSLv3 +TLSv1, ...). It's needed to create an \fB\s-1SSL_CTX\s0\fR. +.IP "\fB\s-1SSL_CIPHER\s0\fR (\s-1SSL\s0 Cipher)" 4 +.IX Item "SSL_CIPHER (SSL Cipher)" +This structure holds the algorithm information for a particular cipher which +are a core part of the \s-1SSL/TLS\s0 protocol. The available ciphers are configured +on a \fB\s-1SSL_CTX\s0\fR basis and the actual ones used are then part of the +\&\fB\s-1SSL_SESSION\s0\fR. +.IP "\fB\s-1SSL_CTX\s0\fR (\s-1SSL\s0 Context)" 4 +.IX Item "SSL_CTX (SSL Context)" +This is the global context structure which is created by a server or client +once per program life-time and which holds mainly default values for the +\&\fB\s-1SSL\s0\fR structures which are later created for the connections. +.IP "\fB\s-1SSL_SESSION\s0\fR (\s-1SSL\s0 Session)" 4 +.IX Item "SSL_SESSION (SSL Session)" +This is a structure containing the current \s-1TLS/SSL\s0 session details for a +connection: \fB\s-1SSL_CIPHER\s0\fRs, client and server certificates, keys, etc. +.IP "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 +.IX Item "SSL (SSL Connection)" +This is the main \s-1SSL/TLS\s0 structure which is created by a server or client per +established connection. This actually is the core structure in the \s-1SSL API.\s0 +At run-time the application usually deals with this structure which has +links to mostly all other structures. +.SH "HEADER FILES" +.IX Header "HEADER FILES" +Currently the OpenSSL \fBssl\fR library provides the following C header files +containing the prototypes for the data structures and functions: +.IP "\fBssl.h\fR" 4 +.IX Item "ssl.h" +This is the common header file for the \s-1SSL/TLS API.\s0 Include it into your +program to make the \s-1API\s0 of the \fBssl\fR library available. It internally +includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library. +Whenever you need hard-core details on the internals of the \s-1SSL API,\s0 look +inside this header file. +.IP "\fBssl2.h\fR" 4 +.IX Item "ssl2.h" +Unused. Present for backwards compatibility only. +.IP "\fBssl3.h\fR" 4 +.IX Item "ssl3.h" +This is the sub header file dealing with the SSLv3 protocol only. +\&\fIUsually you don't have to include it explicitly because +it's already included by ssl.h\fR. +.IP "\fBtls1.h\fR" 4 +.IX Item "tls1.h" +This is the sub header file dealing with the TLSv1 protocol only. +\&\fIUsually you don't have to include it explicitly because +it's already included by ssl.h\fR. +.SH "API FUNCTIONS" +.IX Header "API FUNCTIONS" +Currently the OpenSSL \fBssl\fR library exports 214 \s-1API\s0 functions. +They are documented in the following: +.SS "Dealing with Protocol Methods" +.IX Subsection "Dealing with Protocol Methods" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures. +.IP "const \s-1SSL_METHOD\s0 *\fBTLS_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLS_method(void);" +Constructor for the \fIversion-flexible\fR \s-1SSL_METHOD\s0 structure for clients, +servers or both. +See \fBSSL_CTX_new\fR\|(3) for details. +.IP "const \s-1SSL_METHOD\s0 *\fBTLS_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLS_client_method(void);" +Constructor for the \fIversion-flexible\fR \s-1SSL_METHOD\s0 structure for clients. +Must be used to support the TLSv1.3 protocol. +.IP "const \s-1SSL_METHOD\s0 *\fBTLS_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLS_server_method(void);" +Constructor for the \fIversion-flexible\fR \s-1SSL_METHOD\s0 structure for servers. +Must be used to support the TLSv1.3 protocol. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_2_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_2_method(void);" +Constructor for the TLSv1.2 \s-1SSL_METHOD\s0 structure for clients, servers or both. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_2_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_2_client_method(void);" +Constructor for the TLSv1.2 \s-1SSL_METHOD\s0 structure for clients. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_2_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_2_server_method(void);" +Constructor for the TLSv1.2 \s-1SSL_METHOD\s0 structure for servers. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_1_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_1_method(void);" +Constructor for the TLSv1.1 \s-1SSL_METHOD\s0 structure for clients, servers or both. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_1_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_1_client_method(void);" +Constructor for the TLSv1.1 \s-1SSL_METHOD\s0 structure for clients. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_1_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_1_server_method(void);" +Constructor for the TLSv1.1 \s-1SSL_METHOD\s0 structure for servers. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_method(void);" +Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for clients, servers or both. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_client_method(void);" +Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for clients. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_server_method(void);" +Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for servers. +.IP "const \s-1SSL_METHOD\s0 *\fBSSLv3_method\fR(void);" 4 +.IX Item "const SSL_METHOD *SSLv3_method(void);" +Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for clients, servers or both. +.IP "const \s-1SSL_METHOD\s0 *\fBSSLv3_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *SSLv3_client_method(void);" +Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for clients. +.IP "const \s-1SSL_METHOD\s0 *\fBSSLv3_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *SSLv3_server_method(void);" +Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for servers. +.SS "Dealing with Ciphers" +.IX Subsection "Dealing with Ciphers" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +ciphers defined in \fB\s-1SSL_CIPHER\s0\fR structures. +.IP "char *\fBSSL_CIPHER_description\fR(\s-1SSL_CIPHER\s0 *cipher, char *buf, int len);" 4 +.IX Item "char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len);" +Write a string to \fIbuf\fR (with a maximum size of \fIlen\fR) containing a human +readable description of \fIcipher\fR. Returns \fIbuf\fR. +.IP "int \fBSSL_CIPHER_get_bits\fR(\s-1SSL_CIPHER\s0 *cipher, int *alg_bits);" 4 +.IX Item "int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);" +Determine the number of bits in \fIcipher\fR. Because of export crippled ciphers +there are two bits: The bits the algorithm supports in general (stored to +\&\fIalg_bits\fR) and the bits which are actually used (the return value). +.IP "const char *\fBSSL_CIPHER_get_name\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 +.IX Item "const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);" +Return the internal name of \fIcipher\fR as a string. These are the various +strings defined by the \fISSL3_TXT_xxx\fR and \fITLS1_TXT_xxx\fR +definitions in the header files. +.IP "const char *\fBSSL_CIPHER_get_version\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 +.IX Item "const char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);" +Returns a string like "\f(CW\*(C`SSLv3\*(C'\fR\*(L" or \*(R"\f(CW\*(C`TLSv1.2\*(C'\fR" which indicates the +\&\s-1SSL/TLS\s0 protocol version to which \fIcipher\fR belongs (i.e. where it was defined +in the specification the first time). +.SS "Dealing with Protocol Contexts" +.IX Subsection "Dealing with Protocol Contexts" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. +.IP "int \fBSSL_CTX_add_client_CA\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 +.IX Item "int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);" +.PD 0 +.IP "long \fBSSL_CTX_add_extra_chain_cert\fR(\s-1SSL_CTX\s0 *ctx, X509 *x509);" 4 +.IX Item "long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);" +.IP "int \fBSSL_CTX_add_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 +.IX Item "int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);" +.IP "int \fBSSL_CTX_check_private_key\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_check_private_key(const SSL_CTX *ctx);" +.IP "long \fBSSL_CTX_ctrl\fR(\s-1SSL_CTX\s0 *ctx, int cmd, long larg, char *parg);" 4 +.IX Item "long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);" +.IP "void \fBSSL_CTX_flush_sessions\fR(\s-1SSL_CTX\s0 *s, long t);" 4 +.IX Item "void SSL_CTX_flush_sessions(SSL_CTX *s, long t);" +.IP "void \fBSSL_CTX_free\fR(\s-1SSL_CTX\s0 *a);" 4 +.IX Item "void SSL_CTX_free(SSL_CTX *a);" +.IP "char *\fBSSL_CTX_get_app_data\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "char *SSL_CTX_get_app_data(SSL_CTX *ctx);" +.IP "X509_STORE *\fBSSL_CTX_get_cert_store\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);" +.IP "\s-1STACK\s0 *\fBSSL_CTX_get_ciphers\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "STACK *SSL_CTX_get_ciphers(const SSL_CTX *ctx);" +.IP "\s-1STACK\s0 *\fBSSL_CTX_get_client_CA_list\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "STACK *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);" +.IP "int (*\fBSSL_CTX_get_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey);" 4 +.IX Item "int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);" +.IP "void \fBSSL_CTX_get_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "void SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);" +.IP "char *\fBSSL_CTX_get_ex_data\fR(const \s-1SSL_CTX\s0 *s, int idx);" 4 +.IX Item "char *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx);" +.IP "int \fBSSL_CTX_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IX Item "int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" +.IP "void (*\fBSSL_CTX_get_info_callback\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, int cb, int ret);" 4 +.IX Item "void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);" +.IP "int \fBSSL_CTX_get_quiet_shutdown\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);" +.IP "void \fBSSL_CTX_get_read_ahead\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "void SSL_CTX_get_read_ahead(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_get_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_session_cache_mode(SSL_CTX *ctx);" +.IP "long \fBSSL_CTX_get_timeout\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "long SSL_CTX_get_timeout(const SSL_CTX *ctx);" +.IP "int (*\fBSSL_CTX_get_verify_callback\fR(const \s-1SSL_CTX\s0 *ctx))(int ok, X509_STORE_CTX *ctx);" 4 +.IX Item "int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);" +.IP "int \fBSSL_CTX_get_verify_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_verify_mode(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_load_verify_locations\fR(\s-1SSL_CTX\s0 *ctx, const char *CAfile, const char *CApath);" 4 +.IX Item "int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath);" +.IP "\s-1SSL_CTX\s0 *\fBSSL_CTX_new\fR(const \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);" +.IP "int SSL_CTX_up_ref(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_up_ref(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_remove_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 +.IX Item "int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);" +.IP "int \fBSSL_CTX_sess_accept\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_accept(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_accept_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_accept_good(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_accept_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_cache_full\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_cache_full(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_cb_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_cb_hits(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_connect\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_connect(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_connect_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_connect_good(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_connect_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_get_cache_size\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);" +.IP "\s-1SSL_SESSION\s0 *(*\fBSSL_CTX_sess_get_get_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy);" 4 +.IX Item "SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);" +.IP "int (*\fBSSL_CTX_sess_get_new_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess);" 4 +.IX Item "int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);" +.IP "void (*\fBSSL_CTX_sess_get_remove_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess);" 4 +.IX Item "void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);" +.IP "int \fBSSL_CTX_sess_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_hits(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_misses\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_misses(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_number\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_number(SSL_CTX *ctx);" +.IP "void \fBSSL_CTX_sess_set_cache_size\fR(\s-1SSL_CTX\s0 *ctx, t);" 4 +.IX Item "void SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, t);" +.IP "void \fBSSL_CTX_sess_set_get_cb\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *(*cb)(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy));" 4 +.IX Item "void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));" +.IP "void \fBSSL_CTX_sess_set_new_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess));" 4 +.IX Item "void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));" +.IP "void \fBSSL_CTX_sess_set_remove_cb\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess));" 4 +.IX Item "void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));" +.IP "int \fBSSL_CTX_sess_timeouts\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_timeouts(SSL_CTX *ctx);" +.IP "\s-1LHASH\s0 *\fBSSL_CTX_sessions\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "LHASH *SSL_CTX_sessions(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_set_app_data\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 +.IX Item "int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);" +.IP "void \fBSSL_CTX_set_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4 +.IX Item "void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs);" +.IP "void \fBSSL_CTX_set1_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4 +.IX Item "void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *cs);" +.IP "void \fBSSL_CTX_set_cert_verify_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(), char *arg)" 4 +.IX Item "void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg)" +.IP "int \fBSSL_CTX_set_cipher_list\fR(\s-1SSL_CTX\s0 *ctx, char *str);" 4 +.IX Item "int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str);" +.IP "void \fBSSL_CTX_set_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx, \s-1STACK\s0 *list);" 4 +.IX Item "void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);" +.IP "void \fBSSL_CTX_set_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey));" 4 +.IX Item "void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));" +.IP "int \fBSSL_CTX_set_ct_validation_callback\fR(\s-1SSL_CTX\s0 *ctx, ssl_ct_validation_cb callback, void *arg);" 4 +.IX Item "int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, ssl_ct_validation_cb callback, void *arg);" +.IP "void \fBSSL_CTX_set_default_passwd_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb);(void))" 4 +.IX Item "void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void))" +.IP "void \fBSSL_CTX_set_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4 +.IX Item "void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);" +.IP "int \fBSSL_CTX_set_default_verify_paths\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);" +.PD +Use the default paths to locate trusted \s-1CA\s0 certificates. There is one default +directory path and one default file path. Both are set via this call. +.IP "int \fBSSL_CTX_set_default_verify_dir\fR(\s-1SSL_CTX\s0 *ctx)" 4 +.IX Item "int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)" +Use the default directory path to locate trusted \s-1CA\s0 certificates. +.IP "int \fBSSL_CTX_set_default_verify_file\fR(\s-1SSL_CTX\s0 *ctx)" 4 +.IX Item "int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)" +Use the file path to locate trusted \s-1CA\s0 certificates. +.IP "int \fBSSL_CTX_set_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx, char *arg);" 4 +.IX Item "int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);" +.PD 0 +.IP "void \fBSSL_CTX_set_info_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL\s0 *ssl, int cb, int ret));" 4 +.IX Item "void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));" +.IP "void \fBSSL_CTX_set_msg_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IX Item "void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" +.IP "void \fBSSL_CTX_set_msg_callback_arg\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 +.IX Item "void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);" +.IP "unsigned long \fBSSL_CTX_clear_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 +.IX Item "unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);" +.IP "unsigned long \fBSSL_CTX_get_options\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "unsigned long SSL_CTX_get_options(SSL_CTX *ctx);" +.IP "unsigned long \fBSSL_CTX_set_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 +.IX Item "unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);" +.IP "void \fBSSL_CTX_set_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 +.IX Item "void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);" +.IP "void \fBSSL_CTX_set_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4 +.IX Item "void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int m);" +.IP "void \fBSSL_CTX_set_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 +.IX Item "void SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);" +.IP "int \fBSSL_CTX_set_ssl_version\fR(\s-1SSL_CTX\s0 *ctx, const \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);" +.IP "void \fBSSL_CTX_set_timeout\fR(\s-1SSL_CTX\s0 *ctx, long t);" 4 +.IX Item "void SSL_CTX_set_timeout(SSL_CTX *ctx, long t);" +.IP "long \fBSSL_CTX_set_tmp_dh\fR(SSL_CTX* ctx, \s-1DH\s0 *dh);" 4 +.IX Item "long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh);" +.IP "long \fBSSL_CTX_set_tmp_dh_callback\fR(\s-1SSL_CTX\s0 *ctx, \s-1DH\s0 *(*cb)(void));" 4 +.IX Item "long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void));" +.IP "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4 +.IX Item "void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))" +.IP "int \fBSSL_CTX_use_PrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1EVP_PKEY\s0 *pkey);" 4 +.IX Item "int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);" +.IP "int \fBSSL_CTX_use_PrivateKey_ASN1\fR(int type, \s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 +.IX Item "int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, long len);" +.IP "int \fBSSL_CTX_use_PrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, const char *file, int type);" 4 +.IX Item "int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);" +.IP "int \fBSSL_CTX_use_RSAPrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 +.IX Item "int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);" +.IP "int \fBSSL_CTX_use_RSAPrivateKey_ASN1\fR(\s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 +.IX Item "int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);" +.IP "int \fBSSL_CTX_use_RSAPrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, const char *file, int type);" 4 +.IX Item "int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);" +.IP "int \fBSSL_CTX_use_certificate\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 +.IX Item "int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);" +.IP "int \fBSSL_CTX_use_certificate_ASN1\fR(\s-1SSL_CTX\s0 *ctx, int len, unsigned char *d);" 4 +.IX Item "int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);" +.IP "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, const char *file, int type);" 4 +.IX Item "int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);" +.IP "int \fBSSL_CTX_use_cert_and_key\fR(\s-1SSL_CTX\s0 *ctx, X509 *x, \s-1EVP_PKEY\s0 *pkey, \s-1STACK_OF\s0(X509) *chain, int override);" 4 +.IX Item "int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);" +.IP "X509 *\fBSSL_CTX_get0_certificate\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);" +.IP "\s-1EVP_PKEY\s0 *\fBSSL_CTX_get0_privatekey\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);" +.IP "void \fBSSL_CTX_set_psk_client_callback\fR(\s-1SSL_CTX\s0 *ctx, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" 4 +.IX Item "void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" +.IP "int \fBSSL_CTX_use_psk_identity_hint\fR(\s-1SSL_CTX\s0 *ctx, const char *hint);" 4 +.IX Item "int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);" +.IP "void \fBSSL_CTX_set_psk_server_callback\fR(\s-1SSL_CTX\s0 *ctx, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *identity, unsigned char *psk, int max_psk_len));" 4 +.IX Item "void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));" +.PD +.SS "Dealing with Sessions" +.IX Subsection "Dealing with Sessions" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures. +.IP "int \fBSSL_SESSION_cmp\fR(const \s-1SSL_SESSION\s0 *a, const \s-1SSL_SESSION\s0 *b);" 4 +.IX Item "int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b);" +.PD 0 +.IP "void \fBSSL_SESSION_free\fR(\s-1SSL_SESSION\s0 *ss);" 4 +.IX Item "void SSL_SESSION_free(SSL_SESSION *ss);" +.IP "char *\fBSSL_SESSION_get_app_data\fR(\s-1SSL_SESSION\s0 *s);" 4 +.IX Item "char *SSL_SESSION_get_app_data(SSL_SESSION *s);" +.IP "char *\fBSSL_SESSION_get_ex_data\fR(const \s-1SSL_SESSION\s0 *s, int idx);" 4 +.IX Item "char *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx);" +.IP "int \fBSSL_SESSION_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IX Item "int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" +.IP "long \fBSSL_SESSION_get_time\fR(const \s-1SSL_SESSION\s0 *s);" 4 +.IX Item "long SSL_SESSION_get_time(const SSL_SESSION *s);" +.IP "long \fBSSL_SESSION_get_timeout\fR(const \s-1SSL_SESSION\s0 *s);" 4 +.IX Item "long SSL_SESSION_get_timeout(const SSL_SESSION *s);" +.IP "unsigned long \fBSSL_SESSION_hash\fR(const \s-1SSL_SESSION\s0 *a);" 4 +.IX Item "unsigned long SSL_SESSION_hash(const SSL_SESSION *a);" +.IP "\s-1SSL_SESSION\s0 *\fBSSL_SESSION_new\fR(void);" 4 +.IX Item "SSL_SESSION *SSL_SESSION_new(void);" +.IP "int \fBSSL_SESSION_print\fR(\s-1BIO\s0 *bp, const \s-1SSL_SESSION\s0 *x);" 4 +.IX Item "int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x);" +.IP "int \fBSSL_SESSION_print_fp\fR(\s-1FILE\s0 *fp, const \s-1SSL_SESSION\s0 *x);" 4 +.IX Item "int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x);" +.IP "int \fBSSL_SESSION_set_app_data\fR(\s-1SSL_SESSION\s0 *s, char *a);" 4 +.IX Item "int SSL_SESSION_set_app_data(SSL_SESSION *s, char *a);" +.IP "int \fBSSL_SESSION_set_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx, char *arg);" 4 +.IX Item "int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg);" +.IP "long \fBSSL_SESSION_set_time\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 +.IX Item "long SSL_SESSION_set_time(SSL_SESSION *s, long t);" +.IP "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 +.IX Item "long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);" +.PD +.SS "Dealing with Connections" +.IX Subsection "Dealing with Connections" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +connection defined in the \fB\s-1SSL\s0\fR structure. +.IP "int \fBSSL_accept\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_accept(SSL *ssl);" +.PD 0 +.IP "int \fBSSL_add_dir_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *dir);" 4 +.IX Item "int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir);" +.IP "int \fBSSL_add_file_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *file);" 4 +.IX Item "int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char *file);" +.IP "int \fBSSL_add_client_CA\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 +.IX Item "int SSL_add_client_CA(SSL *ssl, X509 *x);" +.IP "char *\fBSSL_alert_desc_string\fR(int value);" 4 +.IX Item "char *SSL_alert_desc_string(int value);" +.IP "char *\fBSSL_alert_desc_string_long\fR(int value);" 4 +.IX Item "char *SSL_alert_desc_string_long(int value);" +.IP "char *\fBSSL_alert_type_string\fR(int value);" 4 +.IX Item "char *SSL_alert_type_string(int value);" +.IP "char *\fBSSL_alert_type_string_long\fR(int value);" 4 +.IX Item "char *SSL_alert_type_string_long(int value);" +.IP "int \fBSSL_check_private_key\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_check_private_key(const SSL *ssl);" +.IP "void \fBSSL_clear\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_clear(SSL *ssl);" +.IP "long \fBSSL_clear_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_clear_num_renegotiations(SSL *ssl);" +.IP "int \fBSSL_connect\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_connect(SSL *ssl);" +.IP "int \fBSSL_copy_session_id\fR(\s-1SSL\s0 *t, const \s-1SSL\s0 *f);" 4 +.IX Item "int SSL_copy_session_id(SSL *t, const SSL *f);" +.PD +Sets the session details for \fBt\fR to be the same as in \fBf\fR. Returns 1 on +success or 0 on failure. +.IP "long \fBSSL_ctrl\fR(\s-1SSL\s0 *ssl, int cmd, long larg, char *parg);" 4 +.IX Item "long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);" +.PD 0 +.IP "int \fBSSL_do_handshake\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_do_handshake(SSL *ssl);" +.IP "\s-1SSL\s0 *\fBSSL_dup\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL *SSL_dup(SSL *ssl);" +.PD +\&\fBSSL_dup()\fR allows applications to configure an \s-1SSL\s0 handle for use +in multiple \s-1SSL\s0 connections, and then duplicate it prior to initiating +each connection with the duplicated handle. +Use of \fBSSL_dup()\fR avoids the need to repeat the configuration of the +handles for each connection. +.Sp +For \fBSSL_dup()\fR to work, the connection \s-1MUST\s0 be in its initial state +and \s-1MUST NOT\s0 have not yet have started the \s-1SSL\s0 handshake. +For connections that are not in their initial state \fBSSL_dup()\fR just +increments an internal reference count and returns the \fIsame\fR +handle. +It may be possible to use \fBSSL_clear\fR\|(3) to recycle an \s-1SSL\s0 handle +that is not in its initial state for re-use, but this is best +avoided. +Instead, save and restore the session, if desired, and construct a +fresh handle for each connection. +.IP "\s-1STACK\s0 *\fBSSL_dup_CA_list\fR(\s-1STACK\s0 *sk);" 4 +.IX Item "STACK *SSL_dup_CA_list(STACK *sk);" +.PD 0 +.IP "void \fBSSL_free\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_free(SSL *ssl);" +.IP "\s-1SSL_CTX\s0 *\fBSSL_get_SSL_CTX\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);" +.IP "char *\fBSSL_get_app_data\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_app_data(SSL *ssl);" +.IP "X509 *\fBSSL_get_certificate\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "X509 *SSL_get_certificate(const SSL *ssl);" +.IP "const char *\fBSSL_get_cipher\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "const char *SSL_get_cipher(const SSL *ssl);" +.IP "int \fBSSL_is_dtls\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_is_dtls(const SSL *ssl);" +.IP "int \fBSSL_get_cipher_bits\fR(const \s-1SSL\s0 *ssl, int *alg_bits);" 4 +.IX Item "int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits);" +.IP "char *\fBSSL_get_cipher_list\fR(const \s-1SSL\s0 *ssl, int n);" 4 +.IX Item "char *SSL_get_cipher_list(const SSL *ssl, int n);" +.IP "char *\fBSSL_get_cipher_name\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_cipher_name(const SSL *ssl);" +.IP "char *\fBSSL_get_cipher_version\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_cipher_version(const SSL *ssl);" +.IP "\s-1STACK\s0 *\fBSSL_get_ciphers\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_ciphers(const SSL *ssl);" +.IP "\s-1STACK\s0 *\fBSSL_get_client_CA_list\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_client_CA_list(const SSL *ssl);" +.IP "\s-1SSL_CIPHER\s0 *\fBSSL_get_current_cipher\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);" +.IP "long \fBSSL_get_default_timeout\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_default_timeout(const SSL *ssl);" +.IP "int \fBSSL_get_error\fR(const \s-1SSL\s0 *ssl, int i);" 4 +.IX Item "int SSL_get_error(const SSL *ssl, int i);" +.IP "char *\fBSSL_get_ex_data\fR(const \s-1SSL\s0 *ssl, int idx);" 4 +.IX Item "char *SSL_get_ex_data(const SSL *ssl, int idx);" +.IP "int \fBSSL_get_ex_data_X509_STORE_CTX_idx\fR(void);" 4 +.IX Item "int SSL_get_ex_data_X509_STORE_CTX_idx(void);" +.IP "int \fBSSL_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IX Item "int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" +.IP "int \fBSSL_get_fd\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_fd(const SSL *ssl);" +.IP "void (*\fBSSL_get_info_callback\fR(const \s-1SSL\s0 *ssl);)()" 4 +.IX Item "void (*SSL_get_info_callback(const SSL *ssl);)()" +.IP "int \fBSSL_get_key_update_type\fR(\s-1SSL\s0 *s);" 4 +.IX Item "int SSL_get_key_update_type(SSL *s);" +.IP "\s-1STACK\s0 *\fBSSL_get_peer_cert_chain\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_peer_cert_chain(const SSL *ssl);" +.IP "X509 *\fBSSL_get_peer_certificate\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "X509 *SSL_get_peer_certificate(const SSL *ssl);" +.IP "const \s-1STACK_OF\s0(\s-1SCT\s0) *\fBSSL_get0_peer_scts\fR(\s-1SSL\s0 *s);" 4 +.IX Item "const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);" +.IP "\s-1EVP_PKEY\s0 *\fBSSL_get_privatekey\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "EVP_PKEY *SSL_get_privatekey(const SSL *ssl);" +.IP "int \fBSSL_get_quiet_shutdown\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_quiet_shutdown(const SSL *ssl);" +.IP "\s-1BIO\s0 *\fBSSL_get_rbio\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "BIO *SSL_get_rbio(const SSL *ssl);" +.IP "int \fBSSL_get_read_ahead\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_read_ahead(const SSL *ssl);" +.IP "\s-1SSL_SESSION\s0 *\fBSSL_get_session\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_SESSION *SSL_get_session(const SSL *ssl);" +.IP "char *\fBSSL_get_shared_ciphers\fR(const \s-1SSL\s0 *ssl, char *buf, int size);" 4 +.IX Item "char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int size);" +.IP "int \fBSSL_get_shutdown\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_shutdown(const SSL *ssl);" +.IP "const \s-1SSL_METHOD\s0 *\fBSSL_get_ssl_method\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);" +.IP "int \fBSSL_get_state\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_state(const SSL *ssl);" +.IP "long \fBSSL_get_time\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_time(const SSL *ssl);" +.IP "long \fBSSL_get_timeout\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_timeout(const SSL *ssl);" +.IP "int (*\fBSSL_get_verify_callback\fR(const \s-1SSL\s0 *ssl))(int, X509_STORE_CTX *)" 4 +.IX Item "int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *)" +.IP "int \fBSSL_get_verify_mode\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_verify_mode(const SSL *ssl);" +.IP "long \fBSSL_get_verify_result\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_verify_result(const SSL *ssl);" +.IP "char *\fBSSL_get_version\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_version(const SSL *ssl);" +.IP "\s-1BIO\s0 *\fBSSL_get_wbio\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "BIO *SSL_get_wbio(const SSL *ssl);" +.IP "int \fBSSL_in_accept_init\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_accept_init(SSL *ssl);" +.IP "int \fBSSL_in_before\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_before(SSL *ssl);" +.IP "int \fBSSL_in_connect_init\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_connect_init(SSL *ssl);" +.IP "int \fBSSL_in_init\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_init(SSL *ssl);" +.IP "int \fBSSL_is_init_finished\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_is_init_finished(SSL *ssl);" +.IP "int \fBSSL_key_update\fR(\s-1SSL\s0 *s, int updatetype);" 4 +.IX Item "int SSL_key_update(SSL *s, int updatetype);" +.IP "\s-1STACK\s0 *\fBSSL_load_client_CA_file\fR(const char *file);" 4 +.IX Item "STACK *SSL_load_client_CA_file(const char *file);" +.IP "\s-1SSL\s0 *\fBSSL_new\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "SSL *SSL_new(SSL_CTX *ctx);" +.IP "int SSL_up_ref(\s-1SSL\s0 *s);" 4 +.IX Item "int SSL_up_ref(SSL *s);" +.IP "long \fBSSL_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_num_renegotiations(SSL *ssl);" +.IP "int \fBSSL_peek\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 +.IX Item "int SSL_peek(SSL *ssl, void *buf, int num);" +.IP "int \fBSSL_pending\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_pending(const SSL *ssl);" +.IP "int \fBSSL_read\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 +.IX Item "int SSL_read(SSL *ssl, void *buf, int num);" +.IP "int \fBSSL_renegotiate\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_renegotiate(SSL *ssl);" +.IP "char *\fBSSL_rstate_string\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_rstate_string(SSL *ssl);" +.IP "char *\fBSSL_rstate_string_long\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_rstate_string_long(SSL *ssl);" +.IP "long \fBSSL_session_reused\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_session_reused(SSL *ssl);" +.IP "void \fBSSL_set_accept_state\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_set_accept_state(SSL *ssl);" +.IP "void \fBSSL_set_app_data\fR(\s-1SSL\s0 *ssl, char *arg);" 4 +.IX Item "void SSL_set_app_data(SSL *ssl, char *arg);" +.IP "void \fBSSL_set_bio\fR(\s-1SSL\s0 *ssl, \s-1BIO\s0 *rbio, \s-1BIO\s0 *wbio);" 4 +.IX Item "void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);" +.IP "int \fBSSL_set_cipher_list\fR(\s-1SSL\s0 *ssl, char *str);" 4 +.IX Item "int SSL_set_cipher_list(SSL *ssl, char *str);" +.IP "void \fBSSL_set_client_CA_list\fR(\s-1SSL\s0 *ssl, \s-1STACK\s0 *list);" 4 +.IX Item "void SSL_set_client_CA_list(SSL *ssl, STACK *list);" +.IP "void \fBSSL_set_connect_state\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_set_connect_state(SSL *ssl);" +.IP "int \fBSSL_set_ct_validation_callback\fR(\s-1SSL\s0 *ssl, ssl_ct_validation_cb callback, void *arg);" 4 +.IX Item "int SSL_set_ct_validation_callback(SSL *ssl, ssl_ct_validation_cb callback, void *arg);" +.IP "int \fBSSL_set_ex_data\fR(\s-1SSL\s0 *ssl, int idx, char *arg);" 4 +.IX Item "int SSL_set_ex_data(SSL *ssl, int idx, char *arg);" +.IP "int \fBSSL_set_fd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IX Item "int SSL_set_fd(SSL *ssl, int fd);" +.IP "void \fBSSL_set_info_callback\fR(\s-1SSL\s0 *ssl, void (*cb);(void))" 4 +.IX Item "void SSL_set_info_callback(SSL *ssl, void (*cb);(void))" +.IP "void \fBSSL_set_msg_callback\fR(\s-1SSL\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IX Item "void SSL_set_msg_callback(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" +.IP "void \fBSSL_set_msg_callback_arg\fR(\s-1SSL\s0 *ctx, void *arg);" 4 +.IX Item "void SSL_set_msg_callback_arg(SSL *ctx, void *arg);" +.IP "unsigned long \fBSSL_clear_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 +.IX Item "unsigned long SSL_clear_options(SSL *ssl, unsigned long op);" +.IP "unsigned long \fBSSL_get_options\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "unsigned long SSL_get_options(SSL *ssl);" +.IP "unsigned long \fBSSL_set_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 +.IX Item "unsigned long SSL_set_options(SSL *ssl, unsigned long op);" +.IP "void \fBSSL_set_quiet_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 +.IX Item "void SSL_set_quiet_shutdown(SSL *ssl, int mode);" +.IP "void \fBSSL_set_read_ahead\fR(\s-1SSL\s0 *ssl, int yes);" 4 +.IX Item "void SSL_set_read_ahead(SSL *ssl, int yes);" +.IP "int \fBSSL_set_rfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IX Item "int SSL_set_rfd(SSL *ssl, int fd);" +.IP "int \fBSSL_set_session\fR(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *session);" 4 +.IX Item "int SSL_set_session(SSL *ssl, SSL_SESSION *session);" +.IP "void \fBSSL_set_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 +.IX Item "void SSL_set_shutdown(SSL *ssl, int mode);" +.IP "int \fBSSL_set_ssl_method\fR(\s-1SSL\s0 *ssl, const \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *meth);" +.IP "void \fBSSL_set_time\fR(\s-1SSL\s0 *ssl, long t);" 4 +.IX Item "void SSL_set_time(SSL *ssl, long t);" +.IP "void \fBSSL_set_timeout\fR(\s-1SSL\s0 *ssl, long t);" 4 +.IX Item "void SSL_set_timeout(SSL *ssl, long t);" +.IP "void \fBSSL_set_verify\fR(\s-1SSL\s0 *ssl, int mode, int (*callback);(void))" 4 +.IX Item "void SSL_set_verify(SSL *ssl, int mode, int (*callback);(void))" +.IP "void \fBSSL_set_verify_result\fR(\s-1SSL\s0 *ssl, long arg);" 4 +.IX Item "void SSL_set_verify_result(SSL *ssl, long arg);" +.IP "int \fBSSL_set_wfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IX Item "int SSL_set_wfd(SSL *ssl, int fd);" +.IP "int \fBSSL_shutdown\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_shutdown(SSL *ssl);" +.IP "\s-1OSSL_HANDSHAKE_STATE\s0 \fBSSL_get_state\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);" +.PD +Returns the current handshake state. +.IP "char *\fBSSL_state_string\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_state_string(const SSL *ssl);" +.PD 0 +.IP "char *\fBSSL_state_string_long\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_state_string_long(const SSL *ssl);" +.IP "long \fBSSL_total_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_total_renegotiations(SSL *ssl);" +.IP "int \fBSSL_use_PrivateKey\fR(\s-1SSL\s0 *ssl, \s-1EVP_PKEY\s0 *pkey);" 4 +.IX Item "int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);" +.IP "int \fBSSL_use_PrivateKey_ASN1\fR(int type, \s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 +.IX Item "int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len);" +.IP "int \fBSSL_use_PrivateKey_file\fR(\s-1SSL\s0 *ssl, const char *file, int type);" 4 +.IX Item "int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);" +.IP "int \fBSSL_use_RSAPrivateKey\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *rsa);" 4 +.IX Item "int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);" +.IP "int \fBSSL_use_RSAPrivateKey_ASN1\fR(\s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 +.IX Item "int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);" +.IP "int \fBSSL_use_RSAPrivateKey_file\fR(\s-1SSL\s0 *ssl, const char *file, int type);" 4 +.IX Item "int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);" +.IP "int \fBSSL_use_certificate\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 +.IX Item "int SSL_use_certificate(SSL *ssl, X509 *x);" +.IP "int \fBSSL_use_certificate_ASN1\fR(\s-1SSL\s0 *ssl, int len, unsigned char *d);" 4 +.IX Item "int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);" +.IP "int \fBSSL_use_certificate_file\fR(\s-1SSL\s0 *ssl, const char *file, int type);" 4 +.IX Item "int SSL_use_certificate_file(SSL *ssl, const char *file, int type);" +.IP "int \fBSSL_use_cert_and_key\fR(\s-1SSL\s0 *ssl, X509 *x, \s-1EVP_PKEY\s0 *pkey, \s-1STACK_OF\s0(X509) *chain, int override);" 4 +.IX Item "int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);" +.IP "int \fBSSL_version\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_version(const SSL *ssl);" +.IP "int \fBSSL_want\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want(const SSL *ssl);" +.IP "int \fBSSL_want_nothing\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_nothing(const SSL *ssl);" +.IP "int \fBSSL_want_read\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_read(const SSL *ssl);" +.IP "int \fBSSL_want_write\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_write(const SSL *ssl);" +.IP "int \fBSSL_want_x509_lookup\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_x509_lookup(const SSL *ssl);" +.IP "int \fBSSL_write\fR(\s-1SSL\s0 *ssl, const void *buf, int num);" 4 +.IX Item "int SSL_write(SSL *ssl, const void *buf, int num);" +.IP "void \fBSSL_set_psk_client_callback\fR(\s-1SSL\s0 *ssl, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" 4 +.IX Item "void SSL_set_psk_client_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" +.IP "int \fBSSL_use_psk_identity_hint\fR(\s-1SSL\s0 *ssl, const char *hint);" 4 +.IX Item "int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);" +.IP "void \fBSSL_set_psk_server_callback\fR(\s-1SSL\s0 *ssl, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *identity, unsigned char *psk, int max_psk_len));" 4 +.IX Item "void SSL_set_psk_server_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));" +.IP "const char *\fBSSL_get_psk_identity_hint\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "const char *SSL_get_psk_identity_hint(SSL *ssl);" +.IP "const char *\fBSSL_get_psk_identity\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "const char *SSL_get_psk_identity(SSL *ssl);" +.PD +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See the individual manual pages for details. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\fR\|(1), \fBcrypto\fR\|(7), +\&\fBCRYPTO_get_ex_new_index\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_connect\fR\|(3), +\&\fBSSL_CIPHER_get_name\fR\|(3), +\&\fBSSL_COMP_add_compression_method\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_ctrl\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_CTX_get_verify_mode\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +\&\fBSSL_CTX_new\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_sess_set_cache_size\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBSSL_CTX_sessions\fR\|(3), +\&\fBSSL_CTX_set_cert_store\fR\|(3), +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3), +\&\fBSSL_CTX_set_generate_session_id\fR\|(3), +\&\fBSSL_CTX_set_info_callback\fR\|(3), +\&\fBSSL_CTX_set_max_cert_list\fR\|(3), +\&\fBSSL_CTX_set_mode\fR\|(3), +\&\fBSSL_CTX_set_msg_callback\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fBSSL_CTX_set_read_ahead\fR\|(3), +\&\fBSSL_CTX_set_security_level\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_set_session_id_context\fR\|(3), +\&\fBSSL_CTX_set_ssl_version\fR\|(3), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_alert_type_string\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_enable_ct\fR\|(3), +\&\fBSSL_get_SSL_CTX\fR\|(3), +\&\fBSSL_get_ciphers\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3), +\&\fBSSL_get_error\fR\|(3), +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), +\&\fBSSL_get_fd\fR\|(3), +\&\fBSSL_get_peer_cert_chain\fR\|(3), +\&\fBSSL_get_rbio\fR\|(3), +\&\fBSSL_get_session\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_get_version\fR\|(3), +\&\fBSSL_load_client_CA_file\fR\|(3), +\&\fBSSL_new\fR\|(3), +\&\fBSSL_pending\fR\|(3), +\&\fBSSL_read_ex\fR\|(3), +\&\fBSSL_read\fR\|(3), +\&\fBSSL_rstate_string\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_set_bio\fR\|(3), +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_set_fd\fR\|(3), +\&\fBSSL_set_session\fR\|(3), +\&\fBSSL_set_shutdown\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), +\&\fBSSL_state_string\fR\|(3), +\&\fBSSL_want\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), +\&\fBSSL_write\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_CTX_set_psk_client_callback\fR\|(3), +\&\fBSSL_CTX_use_psk_identity_hint\fR\|(3), +\&\fBSSL_get_psk_identity\fR\|(3), +\&\fBDTLSv1_listen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSLv2_client_method\fR, \fBSSLv2_server_method\fR and \fBSSLv2_method\fR were removed +in OpenSSL 1.1.0. +.PP +The return type of \fBSSL_copy_session_id\fR was changed from void to int in +OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/x509.7 b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/x509.7 new file mode 100644 index 00000000..6823b768 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/share/man/man7/x509.7 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509 7" +.TH X509 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +x509 \- X.509 certificate handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An X.509 certificate is a structured grouping of information about +an individual, a device, or anything one can imagine. A X.509 \s-1CRL\s0 +(certificate revocation list) is a tool to help determine if a +certificate is still valid. The exact definition of those can be +found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX.\s0 +In OpenSSL, the type X509 is used to express such a certificate, and +the type X509_CRL is used to express a \s-1CRL.\s0 +.PP +A related structure is a certificate request, defined in PKCS#10 from +\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896.\s0 In OpenSSL, the type +X509_REQ is used to express such a certificate request. +.PP +To handle some complex parts of a certificate, there are the types +X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express +a certificate attributes), X509_EXTENSION (to express a certificate +extension) and a few more. +.PP +Finally, there's the supertype X509_INFO, which can contain a \s-1CRL,\s0 a +certificate and a corresponding private key. +.PP +\&\fBX509_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_\fR\fI\s-1XXX\s0\fR functions +handle X.509 certificates, with some exceptions, shown below. +.PP +\&\fBX509_CRL_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_CRL_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_CRL_\fR\fI\s-1XXX\s0\fR +functions handle X.509 CRLs. +.PP +\&\fBX509_REQ_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_REQ_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_REQ_\fR\fI\s-1XXX\s0\fR +functions handle PKCS#10 certificate requests. +.PP +\&\fBX509_NAME_\fR\fI\s-1XXX\s0\fR functions handle certificate names. +.PP +\&\fBX509_ATTRIBUTE_\fR\fI\s-1XXX\s0\fR functions handle certificate attributes. +.PP +\&\fBX509_EXTENSION_\fR\fI\s-1XXX\s0\fR functions handle certificate extensions. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_add_entry_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_NAME_new\fR\|(3), +\&\fBd2i_X509\fR\|(3), +\&\fBd2i_X509_ALGOR\fR\|(3), +\&\fBd2i_X509_CRL\fR\|(3), +\&\fBd2i_X509_NAME\fR\|(3), +\&\fBd2i_X509_REQ\fR\|(3), +\&\fBd2i_X509_SIG\fR\|(3), +\&\fBX509v3\fR\|(3), +\&\fBcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/android/arm64-v8a/usr/local/ssl/ct_log_list.cnf b/deps/openssl/android/arm64-v8a/usr/local/ssl/ct_log_list.cnf new file mode 100644 index 00000000..e643cfdb --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/ssl/ct_log_list.cnf @@ -0,0 +1,9 @@ +# This file specifies the Certificate Transparency logs +# that are to be trusted. + +# Google's list of logs can be found here: +# www.certificate-transparency.org/known-logs +# A Python program to convert the log list to OpenSSL's format can be +# found here: +# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py +# Use the "--openssl_output" flag. diff --git a/deps/openssl/android/arm64-v8a/usr/local/ssl/ct_log_list.cnf.dist b/deps/openssl/android/arm64-v8a/usr/local/ssl/ct_log_list.cnf.dist new file mode 100644 index 00000000..e643cfdb --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/ssl/ct_log_list.cnf.dist @@ -0,0 +1,9 @@ +# This file specifies the Certificate Transparency logs +# that are to be trusted. + +# Google's list of logs can be found here: +# www.certificate-transparency.org/known-logs +# A Python program to convert the log list to OpenSSL's format can be +# found here: +# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py +# Use the "--openssl_output" flag. diff --git a/deps/openssl/android/arm64-v8a/usr/local/ssl/misc/CA.pl b/deps/openssl/android/arm64-v8a/usr/local/ssl/misc/CA.pl new file mode 100755 index 00000000..a9dca559 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/ssl/misc/CA.pl @@ -0,0 +1,215 @@ +#!/usr/bin/env perl +# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# +# Wrapper around the ca to make it easier to use +# +# WARNING: do not edit! +# Generated by Makefile from apps/CA.pl.in + +use strict; +use warnings; + +my $openssl = "openssl"; +if(defined $ENV{'OPENSSL'}) { + $openssl = $ENV{'OPENSSL'}; +} else { + $ENV{'OPENSSL'} = $openssl; +} + +my $verbose = 1; + +my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || ""; +my $DAYS = "-days 365"; +my $CADAYS = "-days 1095"; # 3 years +my $REQ = "$openssl req $OPENSSL_CONFIG"; +my $CA = "$openssl ca $OPENSSL_CONFIG"; +my $VERIFY = "$openssl verify"; +my $X509 = "$openssl x509"; +my $PKCS12 = "$openssl pkcs12"; + +# default openssl.cnf file has setup as per the following +my $CATOP = "./demoCA"; +my $CAKEY = "cakey.pem"; +my $CAREQ = "careq.pem"; +my $CACERT = "cacert.pem"; +my $CACRL = "crl.pem"; +my $DIRMODE = 0777; + +my $NEWKEY = "newkey.pem"; +my $NEWREQ = "newreq.pem"; +my $NEWCERT = "newcert.pem"; +my $NEWP12 = "newcert.p12"; +my $RET = 0; +my $WHAT = shift @ARGV || ""; +my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify"); +my %EXTRA = extra_args(\@ARGV, "-extra-"); +my $FILE; + +sub extra_args { + my ($args_ref, $arg_prefix) = @_; + my %eargs = map { + if ($_ < $#$args_ref) { + my ($arg, $value) = splice(@$args_ref, $_, 2); + $arg =~ s/$arg_prefix//; + ($arg, $value); + } else { + (); + } + } reverse grep($$args_ref[$_] =~ /$arg_prefix/, 0..$#$args_ref); + my %empty = map { ($_, "") } @OPENSSL_CMDS; + return (%empty, %eargs); +} + +# See if reason for a CRL entry is valid; exit if not. +sub crl_reason_ok +{ + my $r = shift; + + if ($r eq 'unspecified' || $r eq 'keyCompromise' + || $r eq 'CACompromise' || $r eq 'affiliationChanged' + || $r eq 'superseded' || $r eq 'cessationOfOperation' + || $r eq 'certificateHold' || $r eq 'removeFromCRL') { + return 1; + } + print STDERR "Invalid CRL reason; must be one of:\n"; + print STDERR " unspecified, keyCompromise, CACompromise,\n"; + print STDERR " affiliationChanged, superseded, cessationOfOperation\n"; + print STDERR " certificateHold, removeFromCRL"; + exit 1; +} + +# Copy a PEM-format file; return like exit status (zero means ok) +sub copy_pemfile +{ + my ($infile, $outfile, $bound) = @_; + my $found = 0; + + open IN, $infile || die "Cannot open $infile, $!"; + open OUT, ">$outfile" || die "Cannot write to $outfile, $!"; + while () { + $found = 1 if /^-----BEGIN.*$bound/; + print OUT $_ if $found; + $found = 2, last if /^-----END.*$bound/; + } + close IN; + close OUT; + return $found == 2 ? 0 : 1; +} + +# Wrapper around system; useful for debugging. Returns just the exit status +sub run +{ + my $cmd = shift; + print "====\n$cmd\n" if $verbose; + my $status = system($cmd); + print "==> $status\n====\n" if $verbose; + return $status >> 8; +} + + +if ( $WHAT =~ /^(-\?|-h|-help)$/ ) { + print STDERR "usage: CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]\n"; + print STDERR " CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]\n"; + print STDERR " CA.pl -verify [-extra-verify extra-params] certfile ...\n"; + print STDERR " CA.pl -revoke [-extra-ca extra-params] certfile [reason]\n"; + exit 0; +} +if ($WHAT eq '-newcert' ) { + # create a certificate + $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS $EXTRA{req}"); + print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0; +} elsif ($WHAT eq '-precert' ) { + # create a pre-certificate + $RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS"); + print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0; +} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) { + # create a certificate request + $RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}"); + print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0; +} elsif ($WHAT eq '-newca' ) { + # create the directory hierarchy + mkdir ${CATOP}, $DIRMODE; + mkdir "${CATOP}/certs", $DIRMODE; + mkdir "${CATOP}/crl", $DIRMODE ; + mkdir "${CATOP}/newcerts", $DIRMODE; + mkdir "${CATOP}/private", $DIRMODE; + open OUT, ">${CATOP}/index.txt"; + close OUT; + open OUT, ">${CATOP}/crlnumber"; + print OUT "01\n"; + close OUT; + # ask user for existing CA certificate + print "CA certificate filename (or enter to create)\n"; + $FILE = "" unless defined($FILE = ); + $FILE =~ s{\R$}{}; + if ($FILE ne "") { + copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); + copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); + } else { + print "Making CA certificate ...\n"; + $RET = run("$REQ -new -keyout" + . " ${CATOP}/private/$CAKEY" + . " -out ${CATOP}/$CAREQ $EXTRA{req}"); + $RET = run("$CA -create_serial" + . " -out ${CATOP}/$CACERT $CADAYS -batch" + . " -keyfile ${CATOP}/private/$CAKEY -selfsign" + . " -extensions v3_ca $EXTRA{ca}" + . " -infiles ${CATOP}/$CAREQ") if $RET == 0; + print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0; + } +} elsif ($WHAT eq '-pkcs12' ) { + my $cname = $ARGV[0]; + $cname = "My Certificate" unless defined $cname; + $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY" + . " -certfile ${CATOP}/$CACERT" + . " -out $NEWP12" + . " -export -name \"$cname\" $EXTRA{pkcs12}"); + print "PKCS #12 file is in $NEWP12\n" if $RET == 0; +} elsif ($WHAT eq '-xsign' ) { + $RET = run("$CA -policy policy_anything $EXTRA{ca} -infiles $NEWREQ"); +} elsif ($WHAT eq '-sign' ) { + $RET = run("$CA -policy policy_anything -out $NEWCERT $EXTRA{ca} -infiles $NEWREQ"); + print "Signed certificate is in $NEWCERT\n" if $RET == 0; +} elsif ($WHAT eq '-signCA' ) { + $RET = run("$CA -policy policy_anything -out $NEWCERT" + . " -extensions v3_ca $EXTRA{ca} -infiles $NEWREQ"); + print "Signed CA certificate is in $NEWCERT\n" if $RET == 0; +} elsif ($WHAT eq '-signcert' ) { + $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ" + . " -out tmp.pem $EXTRA{x509}"); + $RET = run("$CA -policy policy_anything -out $NEWCERT" + . "$EXTRA{ca} -infiles tmp.pem") if $RET == 0; + print "Signed certificate is in $NEWCERT\n" if $RET == 0; +} elsif ($WHAT eq '-verify' ) { + my @files = @ARGV ? @ARGV : ( $NEWCERT ); + my $file; + foreach $file (@files) { + my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}"); + $RET = $status if $status != 0; + } +} elsif ($WHAT eq '-crl' ) { + $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}"); + print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0; +} elsif ($WHAT eq '-revoke' ) { + my $cname = $ARGV[0]; + if (!defined $cname) { + print "Certificate filename is required; reason optional.\n"; + exit 1; + } + my $reason = $ARGV[1]; + $reason = " -crl_reason $reason" + if defined $reason && crl_reason_ok($reason); + $RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca}); +} else { + print STDERR "Unknown arg \"$WHAT\"\n"; + print STDERR "Use -help for help.\n"; + exit 1; +} + +exit $RET; diff --git a/deps/openssl/android/arm64-v8a/usr/local/ssl/misc/tsget.pl b/deps/openssl/android/arm64-v8a/usr/local/ssl/misc/tsget.pl new file mode 100755 index 00000000..9ae48d19 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/ssl/misc/tsget.pl @@ -0,0 +1,200 @@ +#!/usr/bin/env perl +# Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright (c) 2002 The OpenTSA Project. All rights reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use IO::Handle; +use Getopt::Std; +use File::Basename; +use WWW::Curl::Easy; + +use vars qw(%options); + +# Callback for reading the body. +sub read_body { + my ($maxlength, $state) = @_; + my $return_data = ""; + my $data_len = length ${$state->{data}}; + if ($state->{bytes} < $data_len) { + $data_len = $data_len - $state->{bytes}; + $data_len = $maxlength if $data_len > $maxlength; + $return_data = substr ${$state->{data}}, $state->{bytes}, $data_len; + $state->{bytes} += $data_len; + } + return $return_data; +} + +# Callback for writing the body into a variable. +sub write_body { + my ($data, $pointer) = @_; + ${$pointer} .= $data; + return length($data); +} + +# Initialise a new Curl object. +sub create_curl { + my $url = shift; + + # Create Curl object. + my $curl = WWW::Curl::Easy::new(); + + # Error-handling related options. + $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d}; + $curl->setopt(CURLOPT_FAILONERROR, 1); + $curl->setopt(CURLOPT_USERAGENT, + "OpenTSA tsget.pl/openssl-1.1.1g"); + + # Options for POST method. + $curl->setopt(CURLOPT_UPLOAD, 1); + $curl->setopt(CURLOPT_CUSTOMREQUEST, "POST"); + $curl->setopt(CURLOPT_HTTPHEADER, + ["Content-Type: application/timestamp-query", + "Accept: application/timestamp-reply,application/timestamp-response"]); + $curl->setopt(CURLOPT_READFUNCTION, \&read_body); + $curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); }); + + # Options for getting the result. + $curl->setopt(CURLOPT_WRITEFUNCTION, \&write_body); + + # SSL related options. + $curl->setopt(CURLOPT_SSLKEYTYPE, "PEM"); + $curl->setopt(CURLOPT_SSL_VERIFYPEER, 1); # Verify server's certificate. + $curl->setopt(CURLOPT_SSL_VERIFYHOST, 2); # Check server's CN. + $curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k}); + $curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p}); + $curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c}); + $curl->setopt(CURLOPT_CAINFO, $options{C}) if defined($options{C}); + $curl->setopt(CURLOPT_CAPATH, $options{P}) if defined($options{P}); + $curl->setopt(CURLOPT_RANDOM_FILE, $options{r}) if defined($options{r}); + $curl->setopt(CURLOPT_EGDSOCKET, $options{g}) if defined($options{g}); + + # Setting destination. + $curl->setopt(CURLOPT_URL, $url); + + return $curl; +} + +# Send a request and returns the body back. +sub get_timestamp { + my $curl = shift; + my $body = shift; + my $ts_body; + local $::error_buf; + + # Error-handling related options. + $curl->setopt(CURLOPT_ERRORBUFFER, "::error_buf"); + + # Options for POST method. + $curl->setopt(CURLOPT_INFILE, {data => $body, bytes => 0}); + $curl->setopt(CURLOPT_INFILESIZE, length(${$body})); + + # Options for getting the result. + $curl->setopt(CURLOPT_FILE, \$ts_body); + + # Send the request... + my $error_code = $curl->perform(); + my $error_string; + if ($error_code != 0) { + my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE); + $error_string = "could not get timestamp"; + $error_string .= ", http code: $http_code" unless $http_code == 0; + $error_string .= ", curl code: $error_code"; + $error_string .= " ($::error_buf)" if defined($::error_buf); + } else { + my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE); + if (lc($ct) ne "application/timestamp-reply" + && lc($ct) ne "application/timestamp-response") { + $error_string = "unexpected content type returned: $ct"; + } + } + return ($ts_body, $error_string); + +} + +# Print usage information and exists. +sub usage { + + print STDERR "usage: $0 -h [-e ] [-o ] "; + print STDERR "[-v] [-d] [-k ] [-p ] "; + print STDERR "[-c ] [-C ] [-P ] "; + print STDERR "[-r ] [-g ] []...\n"; + exit 1; +} + +# ---------------------------------------------------------------------- +# Main program +# ---------------------------------------------------------------------- + +# Getting command-line options (default comes from TSGET environment variable). +my $getopt_arg = "h:e:o:vdk:p:c:C:P:r:g:"; +if (exists $ENV{TSGET}) { + my @old_argv = @ARGV; + @ARGV = split /\s+/, $ENV{TSGET}; + getopts($getopt_arg, \%options) or usage; + @ARGV = @old_argv; +} +getopts($getopt_arg, \%options) or usage; + +# Checking argument consistency. +if (!exists($options{h}) || (@ARGV == 0 && !exists($options{o})) + || (@ARGV > 1 && exists($options{o}))) { + print STDERR "Inconsistent command line options.\n"; + usage; +} +# Setting defaults. +@ARGV = ("-") unless @ARGV != 0; +$options{e} = ".tsr" unless defined($options{e}); + +# Processing requests. +my $curl = create_curl $options{h}; +undef $/; # For reading whole files. +REQUEST: foreach (@ARGV) { + my $input = $_; + my ($base, $path) = fileparse($input, '\.[^.]*'); + my $output_base = $base . $options{e}; + my $output = defined($options{o}) ? $options{o} : $path . $output_base; + + STDERR->printflush("$input: ") if $options{v}; + # Read request. + my $body; + if ($input eq "-") { + # Read the request from STDIN; + $body = ; + } else { + # Read the request from file. + open INPUT, "<" . $input + or warn("$input: could not open input file: $!\n"), next REQUEST; + $body = ; + close INPUT + or warn("$input: could not close input file: $!\n"), next REQUEST; + } + + # Send request. + STDERR->printflush("sending request") if $options{v}; + + my ($ts_body, $error) = get_timestamp $curl, \$body; + if (defined($error)) { + die "$input: fatal error: $error\n"; + } + STDERR->printflush(", reply received") if $options{v}; + + # Write response. + if ($output eq "-") { + # Write to STDOUT. + print $ts_body; + } else { + # Write to file. + open OUTPUT, ">", $output + or warn("$output: could not open output file: $!\n"), next REQUEST; + print OUTPUT $ts_body; + close OUTPUT + or warn("$output: could not close output file: $!\n"), next REQUEST; + } + STDERR->printflush(", $output written.\n") if $options{v}; +} +$curl->cleanup(); diff --git a/deps/openssl/android/arm64-v8a/usr/local/ssl/openssl.cnf b/deps/openssl/android/arm64-v8a/usr/local/ssl/openssl.cnf new file mode 100644 index 00000000..4acca4b0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/ssl/openssl.cnf @@ -0,0 +1,350 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# Note that you can include other files from the main configuration +# file using the .include directive. +#.include filename + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several certs with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key + +x509_extensions = usr_cert # The extensions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +basicConstraints = critical,CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) +signer_digest = sha256 # Signing digest to use. (Optional) +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) +ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1) diff --git a/deps/openssl/android/arm64-v8a/usr/local/ssl/openssl.cnf.dist b/deps/openssl/android/arm64-v8a/usr/local/ssl/openssl.cnf.dist new file mode 100644 index 00000000..4acca4b0 --- /dev/null +++ b/deps/openssl/android/arm64-v8a/usr/local/ssl/openssl.cnf.dist @@ -0,0 +1,350 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# Note that you can include other files from the main configuration +# file using the .include directive. +#.include filename + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several certs with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key + +x509_extensions = usr_cert # The extensions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +basicConstraints = critical,CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) +signer_digest = sha256 # Signing digest to use. (Optional) +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) +ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1) diff --git a/deps/openssl/mingw64/bin/c_rehash b/deps/openssl/mingw64/bin/c_rehash new file mode 100755 index 00000000..d4356967 --- /dev/null +++ b/deps/openssl/mingw64/bin/c_rehash @@ -0,0 +1,232 @@ +#!/usr/bin/env perl + +# WARNING: do not edit! +# Generated by Makefile from tools/c_rehash.in +# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Perl c_rehash script, scan all files in a directory +# and add symbolic links to their hash values. + +my $dir = ""; +my $prefix = "/home/cory/src/tildefriends/deps/openssl/mingw64"; + +my $errorcount = 0; +my $openssl = $ENV{OPENSSL} || "openssl"; +my $pwd; +my $x509hash = "-subject_hash"; +my $crlhash = "-hash"; +my $verbose = 0; +my $symlink_exists=eval {symlink("",""); 1}; +my $removelinks = 1; + +## Parse flags. +while ( $ARGV[0] =~ /^-/ ) { + my $flag = shift @ARGV; + last if ( $flag eq '--'); + if ( $flag eq '-old') { + $x509hash = "-subject_hash_old"; + $crlhash = "-hash_old"; + } elsif ( $flag eq '-h' || $flag eq '-help' ) { + help(); + } elsif ( $flag eq '-n' ) { + $removelinks = 0; + } elsif ( $flag eq '-v' ) { + $verbose++; + } + else { + print STDERR "Usage error; try -h.\n"; + exit 1; + } +} + +sub help { + print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n"; + print " -old use old-style digest\n"; + print " -h or -help print this help text\n"; + print " -v print files removed and linked\n"; + exit 0; +} + +eval "require Cwd"; +if (defined(&Cwd::getcwd)) { + $pwd=Cwd::getcwd(); +} else { + $pwd=`pwd`; + chomp($pwd); +} + +# DOS/Win32 or Unix delimiter? Prefix our installdir, then search. +my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; +$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); + +if (! -x $openssl) { + my $found = 0; + foreach (split /$path_delim/, $ENV{PATH}) { + if (-x "$_/$openssl") { + $found = 1; + $openssl = "$_/$openssl"; + last; + } + } + if ($found == 0) { + print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; + exit 0; + } +} + +if (@ARGV) { + @dirlist = @ARGV; +} elsif ($ENV{SSL_CERT_DIR}) { + @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; +} else { + $dirlist[0] = "$dir/certs"; +} + +if (-d $dirlist[0]) { + chdir $dirlist[0]; + $openssl="$pwd/$openssl" if (!-x $openssl); + chdir $pwd; +} + +foreach (@dirlist) { + if (-d $_ ) { + if ( -w $_) { + hash_dir($_); + } else { + print "Skipping $_, can't write\n"; + $errorcount++; + } + } +} +exit($errorcount); + +sub hash_dir { + my %hashlist; + print "Doing $_[0]\n"; + chdir $_[0]; + opendir(DIR, "."); + my @flist = sort readdir(DIR); + closedir DIR; + if ( $removelinks ) { + # Delete any existing symbolic links + foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { + if (-l $_) { + print "unlink $_" if $verbose; + unlink $_ || warn "Can't unlink $_, $!\n"; + } + } + } + FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { + # Check to see if certificates and/or CRLs present. + my ($cert, $crl) = check_file($fname); + if (!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } + link_hash_cert($fname) if ($cert); + link_hash_crl($fname) if ($crl); + } +} + +sub check_file { + my ($is_cert, $is_crl) = (0,0); + my $fname = $_[0]; + open IN, $fname; + while() { + if (/^-----BEGIN (.*)-----/) { + my $hdr = $1; + if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { + $is_cert = 1; + last if ($is_crl); + } elsif ($hdr eq "X509 CRL") { + $is_crl = 1; + last if ($is_cert); + } + } + } + close IN; + return ($is_cert, $is_crl); +} + + +# Link a certificate to its subject name hash value, each hash is of +# the form . where n is an integer. If the hash value already exists +# then we need to up the value of n, unless its a duplicate in which +# case we skip the link. We check for duplicates by comparing the +# certificate fingerprints + +sub link_hash_cert { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if ($hashlist{"$hash.$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate certificate $fname\n"; + return; + } + $suffix++; + } + $hash .= ".$suffix"; + if ($symlink_exists) { + print "link $fname -> $hash\n" if $verbose; + symlink $fname, $hash || warn "Can't symlink, $!"; + } else { + print "copy $fname -> $hash\n" if $verbose; + if (open($in, "<", $fname)) { + if (open($out,">", $hash)) { + print $out $_ while (<$in>); + close $out; + } else { + warn "can't open $hash for write, $!"; + } + close $in; + } else { + warn "can't open $fname for read, $!"; + } + } + $hashlist{$hash} = $fprint; +} + +# Same as above except for a CRL. CRL links are of the form .r + +sub link_hash_crl { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.r$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if ($hashlist{"$hash.r$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate CRL $fname\n"; + return; + } + $suffix++; + } + $hash .= ".r$suffix"; + if ($symlink_exists) { + print "link $fname -> $hash\n" if $verbose; + symlink $fname, $hash || warn "Can't symlink, $!"; + } else { + print "cp $fname -> $hash\n" if $verbose; + system ("cp", $fname, $hash); + warn "Can't copy, $!" if ($? >> 8) != 0; + } + $hashlist{$hash} = $fprint; +} diff --git a/deps/openssl/mingw64/bin/openssl.exe b/deps/openssl/mingw64/bin/openssl.exe new file mode 100755 index 00000000..37ea95b5 Binary files /dev/null and b/deps/openssl/mingw64/bin/openssl.exe differ diff --git a/deps/openssl/mingw64/include/openssl/aes.h b/deps/openssl/mingw64/include/openssl/aes.h new file mode 100644 index 00000000..245c552a --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/aes.h @@ -0,0 +1,92 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_AES_H +# define HEADER_AES_H + +# include + +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define AES_ENCRYPT 1 +# define AES_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ +# define AES_MAXNR 14 +# define AES_BLOCK_SIZE 16 + +/* This should be a hidden type, but EVP requires that the size be known */ +struct aes_key_st { +# ifdef AES_LONG + unsigned long rd_key[4 * (AES_MAXNR + 1)]; +# else + unsigned int rd_key[4 * (AES_MAXNR + 1)]; +# endif + int rounds; +}; +typedef struct aes_key_st AES_KEY; + +const char *AES_options(void); + +int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); + +void AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void AES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key, const int enc); +void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num); +/* NB: the IV is _two_ blocks long */ +void AES_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +/* NB: the IV is _four_ blocks long */ +void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + const AES_KEY *key2, const unsigned char *ivec, + const int enc); + +int AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); +int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen); + + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/asn1.h b/deps/openssl/mingw64/include/openssl/asn1.h new file mode 100644 index 00000000..9522eec1 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/asn1.h @@ -0,0 +1,886 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1_H +# define HEADER_ASN1_H + +# include +# include +# include +# include +# include +# include +# include + +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define V_ASN1_UNIVERSAL 0x00 +# define V_ASN1_APPLICATION 0x40 +# define V_ASN1_CONTEXT_SPECIFIC 0x80 +# define V_ASN1_PRIVATE 0xc0 + +# define V_ASN1_CONSTRUCTED 0x20 +# define V_ASN1_PRIMITIVE_TAG 0x1f +# define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG + +# define V_ASN1_APP_CHOOSE -2/* let the recipient choose */ +# define V_ASN1_OTHER -3/* used in ASN1_TYPE */ +# define V_ASN1_ANY -4/* used in ASN1 template code */ + +# define V_ASN1_UNDEF -1 +/* ASN.1 tag values */ +# define V_ASN1_EOC 0 +# define V_ASN1_BOOLEAN 1 /**/ +# define V_ASN1_INTEGER 2 +# define V_ASN1_BIT_STRING 3 +# define V_ASN1_OCTET_STRING 4 +# define V_ASN1_NULL 5 +# define V_ASN1_OBJECT 6 +# define V_ASN1_OBJECT_DESCRIPTOR 7 +# define V_ASN1_EXTERNAL 8 +# define V_ASN1_REAL 9 +# define V_ASN1_ENUMERATED 10 +# define V_ASN1_UTF8STRING 12 +# define V_ASN1_SEQUENCE 16 +# define V_ASN1_SET 17 +# define V_ASN1_NUMERICSTRING 18 /**/ +# define V_ASN1_PRINTABLESTRING 19 +# define V_ASN1_T61STRING 20 +# define V_ASN1_TELETEXSTRING 20/* alias */ +# define V_ASN1_VIDEOTEXSTRING 21 /**/ +# define V_ASN1_IA5STRING 22 +# define V_ASN1_UTCTIME 23 +# define V_ASN1_GENERALIZEDTIME 24 /**/ +# define V_ASN1_GRAPHICSTRING 25 /**/ +# define V_ASN1_ISO64STRING 26 /**/ +# define V_ASN1_VISIBLESTRING 26/* alias */ +# define V_ASN1_GENERALSTRING 27 /**/ +# define V_ASN1_UNIVERSALSTRING 28 /**/ +# define V_ASN1_BMPSTRING 30 + +/* + * NB the constants below are used internally by ASN1_INTEGER + * and ASN1_ENUMERATED to indicate the sign. They are *not* on + * the wire tag values. + */ + +# define V_ASN1_NEG 0x100 +# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) + +/* For use with d2i_ASN1_type_bytes() */ +# define B_ASN1_NUMERICSTRING 0x0001 +# define B_ASN1_PRINTABLESTRING 0x0002 +# define B_ASN1_T61STRING 0x0004 +# define B_ASN1_TELETEXSTRING 0x0004 +# define B_ASN1_VIDEOTEXSTRING 0x0008 +# define B_ASN1_IA5STRING 0x0010 +# define B_ASN1_GRAPHICSTRING 0x0020 +# define B_ASN1_ISO64STRING 0x0040 +# define B_ASN1_VISIBLESTRING 0x0040 +# define B_ASN1_GENERALSTRING 0x0080 +# define B_ASN1_UNIVERSALSTRING 0x0100 +# define B_ASN1_OCTET_STRING 0x0200 +# define B_ASN1_BIT_STRING 0x0400 +# define B_ASN1_BMPSTRING 0x0800 +# define B_ASN1_UNKNOWN 0x1000 +# define B_ASN1_UTF8STRING 0x2000 +# define B_ASN1_UTCTIME 0x4000 +# define B_ASN1_GENERALIZEDTIME 0x8000 +# define B_ASN1_SEQUENCE 0x10000 +/* For use with ASN1_mbstring_copy() */ +# define MBSTRING_FLAG 0x1000 +# define MBSTRING_UTF8 (MBSTRING_FLAG) +# define MBSTRING_ASC (MBSTRING_FLAG|1) +# define MBSTRING_BMP (MBSTRING_FLAG|2) +# define MBSTRING_UNIV (MBSTRING_FLAG|4) +# define SMIME_OLDMIME 0x400 +# define SMIME_CRLFEOL 0x800 +# define SMIME_STREAM 0x1000 + struct X509_algor_st; +DEFINE_STACK_OF(X509_ALGOR) + +# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ +/* + * This indicates that the ASN1_STRING is not a real value but just a place + * holder for the location where indefinite length constructed data should be + * inserted in the memory buffer + */ +# define ASN1_STRING_FLAG_NDEF 0x010 + +/* + * This flag is used by the CMS code to indicate that a string is not + * complete and is a place holder for content when it had all been accessed. + * The flag will be reset when content has been written to it. + */ + +# define ASN1_STRING_FLAG_CONT 0x020 +/* + * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +# define ASN1_STRING_FLAG_MSTRING 0x040 +/* String is embedded and only content should be freed */ +# define ASN1_STRING_FLAG_EMBED 0x080 +/* String should be parsed in RFC 5280's time format */ +# define ASN1_STRING_FLAG_X509_TIME 0x100 +/* This is the base type that holds just about everything :-) */ +struct asn1_string_st { + int length; + int type; + unsigned char *data; + /* + * The value of the following field depends on the type being held. It + * is mostly being used for BIT_STRING so if the input data has a + * non-zero 'unused bits' value, it will be handled correctly + */ + long flags; +}; + +/* + * ASN1_ENCODING structure: this is used to save the received encoding of an + * ASN1 type. This is useful to get round problems with invalid encodings + * which can break signatures. + */ + +typedef struct ASN1_ENCODING_st { + unsigned char *enc; /* DER encoding */ + long len; /* Length of encoding */ + int modified; /* set to 1 if 'enc' is invalid */ +} ASN1_ENCODING; + +/* Used with ASN1 LONG type: if a long is set to this it is omitted */ +# define ASN1_LONG_UNDEF 0x7fffffffL + +# define STABLE_FLAGS_MALLOC 0x01 +/* + * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted + * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting + * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias + * STABLE_FLAGS_CLEAR to reflect this. + */ +# define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC +# define STABLE_NO_MASK 0x02 +# define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) +# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) + +typedef struct asn1_string_table_st { + int nid; + long minsize; + long maxsize; + unsigned long mask; + unsigned long flags; +} ASN1_STRING_TABLE; + +DEFINE_STACK_OF(ASN1_STRING_TABLE) + +/* size limits: this stuff is taken straight from RFC2459 */ + +# define ub_name 32768 +# define ub_common_name 64 +# define ub_locality_name 128 +# define ub_state_name 128 +# define ub_organization_name 64 +# define ub_organization_unit_name 64 +# define ub_title 64 +# define ub_email_address 128 + +/* + * Declarations for template structures: for full definitions see asn1t.h + */ +typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; +typedef struct ASN1_TLC_st ASN1_TLC; +/* This is just an opaque pointer */ +typedef struct ASN1_VALUE_st ASN1_VALUE; + +/* Declare ASN1 functions: the implement macro in in asn1t.h */ + +# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) + +# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(itname) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(const type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(name) + +# define DECLARE_ASN1_NDEF_FUNCTION(name) \ + int i2d_##name##_NDEF(name *a, unsigned char **out); + +# define DECLARE_ASN1_FUNCTIONS_const(name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + type *name##_new(void); \ + void name##_free(type *a); + +# define DECLARE_ASN1_PRINT_FUNCTION(stname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) + +# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx); + +# define D2I_OF(type) type *(*)(type **,const unsigned char **,long) +# define I2D_OF(type) int (*)(type *,unsigned char **) +# define I2D_OF_const(type) int (*)(const type *,unsigned char **) + +# define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) +# define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) +# define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) +# define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +# define CHECKED_PPTR_OF(type, p) \ + ((void**) (1 ? p : (type**)0)) + +# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) +# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) +# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) + +TYPEDEF_D2I2D_OF(void); + +/*- + * The following macros and typedefs allow an ASN1_ITEM + * to be embedded in a structure and referenced. Since + * the ASN1_ITEM pointers need to be globally accessible + * (possibly from shared libraries) they may exist in + * different forms. On platforms that support it the + * ASN1_ITEM structure itself will be globally exported. + * Other platforms will export a function that returns + * an ASN1_ITEM pointer. + * + * To handle both cases transparently the macros below + * should be used instead of hard coding an ASN1_ITEM + * pointer in a structure. + * + * The structure will look like this: + * + * typedef struct SOMETHING_st { + * ... + * ASN1_ITEM_EXP *iptr; + * ... + * } SOMETHING; + * + * It would be initialised as e.g.: + * + * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...}; + * + * and the actual pointer extracted with: + * + * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr); + * + * Finally an ASN1_ITEM pointer can be extracted from an + * appropriate reference with: ASN1_ITEM_rptr(X509). This + * would be used when a function takes an ASN1_ITEM * argument. + * + */ + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM ASN1_ITEM_EXP; + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +# define ASN1_ITEM_ptr(iptr) (iptr) + +/* Macro to include ASN1_ITEM pointer from base type */ +# define ASN1_ITEM_ref(iptr) (&(iptr##_it)) + +# define ASN1_ITEM_rptr(ref) (&(ref##_it)) + +# define DECLARE_ASN1_ITEM(name) \ + OPENSSL_EXTERN const ASN1_ITEM name##_it; + +# else + +/* + * Platforms that can't easily handle shared global variables are declared as + * functions returning ASN1_ITEM pointers. + */ + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +# define ASN1_ITEM_ptr(iptr) (iptr()) + +/* Macro to include ASN1_ITEM pointer from base type */ +# define ASN1_ITEM_ref(iptr) (iptr##_it) + +# define ASN1_ITEM_rptr(ref) (ref##_it()) + +# define DECLARE_ASN1_ITEM(name) \ + const ASN1_ITEM * name##_it(void); + +# endif + +/* Parameters used by ASN1_STRING_print_ex() */ + +/* + * These determine which characters to escape: RFC2253 special characters, + * control characters and MSB set characters + */ + +# define ASN1_STRFLGS_ESC_2253 1 +# define ASN1_STRFLGS_ESC_CTRL 2 +# define ASN1_STRFLGS_ESC_MSB 4 + +/* + * This flag determines how we do escaping: normally RC2253 backslash only, + * set this to use backslash and quote. + */ + +# define ASN1_STRFLGS_ESC_QUOTE 8 + +/* These three flags are internal use only. */ + +/* Character is a valid PrintableString character */ +# define CHARTYPE_PRINTABLESTRING 0x10 +/* Character needs escaping if it is the first character */ +# define CHARTYPE_FIRST_ESC_2253 0x20 +/* Character needs escaping if it is the last character */ +# define CHARTYPE_LAST_ESC_2253 0x40 + +/* + * NB the internal flags are safely reused below by flags handled at the top + * level. + */ + +/* + * If this is set we convert all character strings to UTF8 first + */ + +# define ASN1_STRFLGS_UTF8_CONVERT 0x10 + +/* + * If this is set we don't attempt to interpret content: just assume all + * strings are 1 byte per character. This will produce some pretty odd + * looking output! + */ + +# define ASN1_STRFLGS_IGNORE_TYPE 0x20 + +/* If this is set we include the string type in the output */ +# define ASN1_STRFLGS_SHOW_TYPE 0x40 + +/* + * This determines which strings to display and which to 'dump' (hex dump of + * content octets or DER encoding). We can only dump non character strings or + * everything. If we don't dump 'unknown' they are interpreted as character + * strings with 1 octet per character and are subject to the usual escaping + * options. + */ + +# define ASN1_STRFLGS_DUMP_ALL 0x80 +# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 + +/* + * These determine what 'dumping' does, we can dump the content octets or the + * DER encoding: both use the RFC2253 #XXXXX notation. + */ + +# define ASN1_STRFLGS_DUMP_DER 0x200 + +/* + * This flag specifies that RC2254 escaping shall be performed. + */ +#define ASN1_STRFLGS_ESC_2254 0x400 + +/* + * All the string flags consistent with RFC2253, escaping control characters + * isn't essential in RFC2253 but it is advisable anyway. + */ + +# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | \ + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) + +DEFINE_STACK_OF(ASN1_INTEGER) + +DEFINE_STACK_OF(ASN1_GENERALSTRING) + +DEFINE_STACK_OF(ASN1_UTF8STRING) + +typedef struct asn1_type_st { + int type; + union { + char *ptr; + ASN1_BOOLEAN boolean; + ASN1_STRING *asn1_string; + ASN1_OBJECT *object; + ASN1_INTEGER *integer; + ASN1_ENUMERATED *enumerated; + ASN1_BIT_STRING *bit_string; + ASN1_OCTET_STRING *octet_string; + ASN1_PRINTABLESTRING *printablestring; + ASN1_T61STRING *t61string; + ASN1_IA5STRING *ia5string; + ASN1_GENERALSTRING *generalstring; + ASN1_BMPSTRING *bmpstring; + ASN1_UNIVERSALSTRING *universalstring; + ASN1_UTCTIME *utctime; + ASN1_GENERALIZEDTIME *generalizedtime; + ASN1_VISIBLESTRING *visiblestring; + ASN1_UTF8STRING *utf8string; + /* + * set and sequence are left complete and still contain the set or + * sequence bytes + */ + ASN1_STRING *set; + ASN1_STRING *sequence; + ASN1_VALUE *asn1_value; + } value; +} ASN1_TYPE; + +DEFINE_STACK_OF(ASN1_TYPE) + +typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) + +/* This is used to contain a list of bit names */ +typedef struct BIT_STRING_BITNAME_st { + int bitnum; + const char *lname; + const char *sname; +} BIT_STRING_BITNAME; + +# define B_ASN1_TIME \ + B_ASN1_UTCTIME | \ + B_ASN1_GENERALIZEDTIME + +# define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING| \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_T61STRING| \ + B_ASN1_IA5STRING| \ + B_ASN1_BIT_STRING| \ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING|\ + B_ASN1_SEQUENCE|\ + B_ASN1_UNKNOWN + +# define B_ASN1_DIRECTORYSTRING \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_TELETEXSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_UTF8STRING + +# define B_ASN1_DISPLAYTEXT \ + B_ASN1_IA5STRING| \ + B_ASN1_VISIBLESTRING| \ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING + +DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) + +int ASN1_TYPE_get(const ASN1_TYPE *a); +void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); + +ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t); +void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); + +ASN1_OBJECT *ASN1_OBJECT_new(void); +void ASN1_OBJECT_free(ASN1_OBJECT *a); +int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp); +ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long length); + +DECLARE_ASN1_ITEM(ASN1_OBJECT) + +DEFINE_STACK_OF(ASN1_OBJECT) + +ASN1_STRING *ASN1_STRING_new(void); +void ASN1_STRING_free(ASN1_STRING *a); +void ASN1_STRING_clear_free(ASN1_STRING *a); +int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); +ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); +ASN1_STRING *ASN1_STRING_type_new(int type); +int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); + /* + * Since this is used to store all sorts of things, via macros, for now, + * make its data void * + */ +int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); +int ASN1_STRING_length(const ASN1_STRING *x); +void ASN1_STRING_length_set(ASN1_STRING *x, int n); +int ASN1_STRING_type(const ASN1_STRING *x); +DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x)) +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); + +DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) +int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); +int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); +int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); +int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, + const unsigned char *flags, int flags_len); + +int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent); +int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); +int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, + BIT_STRING_BITNAME *tbl); + +DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); +ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x); +int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); + +DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) + +int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); +ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); + +int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + time_t t); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, + long offset_sec); +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); + +int ASN1_TIME_diff(int *pday, int *psec, + const ASN1_TIME *from, const ASN1_TIME *to); + +DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) +ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a); +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, + const ASN1_OCTET_STRING *b); +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, + int len); + +DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_NULL) +DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING) + +int UTF8_getc(const unsigned char *str, int len, unsigned long *val); +int UTF8_putc(unsigned char *str, int len, unsigned long value); + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT) +DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_TIME) + +DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) + +ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_TIME_check(const ASN1_TIME *t); +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, + ASN1_GENERALIZEDTIME **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); +int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +int ASN1_TIME_normalize(ASN1_TIME *s); +int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); +int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); + +int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); +int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); +int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); +int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); +int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); +int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); +int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); +int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); + +int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); +ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, + const char *sn, const char *ln); + +int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); + +int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); +long ASN1_INTEGER_get(const ASN1_INTEGER *a); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); + +int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); +int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); + + +int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); + +/* General */ +/* given a string, return the correct type, max is the maximum length */ +int ASN1_PRINTABLE_type(const unsigned char *s, int max); + +unsigned long ASN1_tag2bit(int tag); + +/* SPECIALS */ +int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax); +int ASN1_check_infinite_end(unsigned char **p, long len); +int ASN1_const_check_infinite_end(const unsigned char **p, long len); +void ASN1_put_object(unsigned char **pp, int constructed, int length, + int tag, int xclass); +int ASN1_put_eoc(unsigned char **pp); +int ASN1_object_size(int constructed, int length, int tag); + +/* Used to implement other functions */ +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x); + +# define ASN1_dup_of(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_dup_of_const(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(const type, x))) + +void *ASN1_item_dup(const ASN1_ITEM *it, void *x); + +/* ASN1 alloc/free macros for when a type is only used internally */ + +# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) +# define M_ASN1_free_of(x, type) \ + ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) + +# ifndef OPENSSL_NO_STDIO +void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); + +# define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); +int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x); + +# define ASN1_i2d_fp_of(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_i2d_fp_of_const(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); +int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); +# endif + +int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); + +void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); + +# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); +int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x); + +# define ASN1_i2d_bio_of(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +# define ASN1_i2d_bio_of_const(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); +int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); +int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); +int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); +int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); +int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off); +int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off); +int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); +int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, + int dump); +const char *ASN1_tag2str(int tag); + +/* Used to load and write Netscape format cert */ + +int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); + +int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); +int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len); +int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, + unsigned char *data, int len); +int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len); + +void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); + +ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, + ASN1_OCTET_STRING **oct); + +void ASN1_STRING_set_default_mask(unsigned long mask); +int ASN1_STRING_set_default_mask_asc(const char *p); +unsigned long ASN1_STRING_get_default_mask(void); +int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask); +int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask, + long minsize, long maxsize); + +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + const unsigned char *in, int inlen, + int inform, int nid); +ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); +int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); +void ASN1_STRING_TABLE_cleanup(void); + +/* ASN1 template functions */ + +/* Old API compatible functions */ +ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); +void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); +ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it); +int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); +int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it); + +void ASN1_add_oid_module(void); +void ASN1_add_stable_module(void); + +ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); +int ASN1_str2mask(const char *str, unsigned long *pmask); + +/* ASN1 Print flags */ + +/* Indicate missing OPTIONAL fields */ +# define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +/* Mark start and end of SEQUENCE */ +# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +/* Mark start and end of SEQUENCE/SET OF */ +# define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +/* Show the ASN1 type of primitives */ +# define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +/* Don't show ASN1 type of ANY */ +# define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +/* Don't show ASN1 type of MSTRINGs */ +# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +/* Don't show field names in SEQUENCE */ +# define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +/* Show structure names of each SEQUENCE field */ +# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +/* Don't show structure name even at top level */ +# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 + +int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx); +ASN1_PCTX *ASN1_PCTX_new(void); +void ASN1_PCTX_free(ASN1_PCTX *p); +unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); + +ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)); +void ASN1_SCTX_free(ASN1_SCTX *p); +const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p); +const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p); +unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p); +void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data); +void *ASN1_SCTX_get_app_data(ASN1_SCTX *p); + +const BIO_METHOD *BIO_f_asn1(void); + +BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); + +int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it); +int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const char *hdr, const ASN1_ITEM *it); +int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); +int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +int SMIME_text(BIO *in, BIO *out); + +const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); +const ASN1_ITEM *ASN1_ITEM_get(size_t i); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/asn1_mac.h b/deps/openssl/mingw64/include/openssl/asn1_mac.h new file mode 100644 index 00000000..7ac1782a --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/asn1_mac.h @@ -0,0 +1,10 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#error "This file is obsolete; please update your software." diff --git a/deps/openssl/mingw64/include/openssl/asn1err.h b/deps/openssl/mingw64/include/openssl/asn1err.h new file mode 100644 index 00000000..faed5a55 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/asn1err.h @@ -0,0 +1,256 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1ERR_H +# define HEADER_ASN1ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASN1_strings(void); + +/* + * ASN1 function codes. + */ +# define ASN1_F_A2D_ASN1_OBJECT 100 +# define ASN1_F_A2I_ASN1_INTEGER 102 +# define ASN1_F_A2I_ASN1_STRING 103 +# define ASN1_F_APPEND_EXP 176 +# define ASN1_F_ASN1_BIO_INIT 113 +# define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 +# define ASN1_F_ASN1_CB 177 +# define ASN1_F_ASN1_CHECK_TLEN 104 +# define ASN1_F_ASN1_COLLECT 106 +# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 +# define ASN1_F_ASN1_D2I_FP 109 +# define ASN1_F_ASN1_D2I_READ_BIO 107 +# define ASN1_F_ASN1_DIGEST 184 +# define ASN1_F_ASN1_DO_ADB 110 +# define ASN1_F_ASN1_DO_LOCK 233 +# define ASN1_F_ASN1_DUP 111 +# define ASN1_F_ASN1_ENC_SAVE 115 +# define ASN1_F_ASN1_EX_C2I 204 +# define ASN1_F_ASN1_FIND_END 190 +# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 +# define ASN1_F_ASN1_GENERATE_V3 178 +# define ASN1_F_ASN1_GET_INT64 224 +# define ASN1_F_ASN1_GET_OBJECT 114 +# define ASN1_F_ASN1_GET_UINT64 225 +# define ASN1_F_ASN1_I2D_BIO 116 +# define ASN1_F_ASN1_I2D_FP 117 +# define ASN1_F_ASN1_ITEM_D2I_FP 206 +# define ASN1_F_ASN1_ITEM_DUP 191 +# define ASN1_F_ASN1_ITEM_EMBED_D2I 120 +# define ASN1_F_ASN1_ITEM_EMBED_NEW 121 +# define ASN1_F_ASN1_ITEM_FLAGS_I2D 118 +# define ASN1_F_ASN1_ITEM_I2D_BIO 192 +# define ASN1_F_ASN1_ITEM_I2D_FP 193 +# define ASN1_F_ASN1_ITEM_PACK 198 +# define ASN1_F_ASN1_ITEM_SIGN 195 +# define ASN1_F_ASN1_ITEM_SIGN_CTX 220 +# define ASN1_F_ASN1_ITEM_UNPACK 199 +# define ASN1_F_ASN1_ITEM_VERIFY 197 +# define ASN1_F_ASN1_MBSTRING_NCOPY 122 +# define ASN1_F_ASN1_OBJECT_NEW 123 +# define ASN1_F_ASN1_OUTPUT_DATA 214 +# define ASN1_F_ASN1_PCTX_NEW 205 +# define ASN1_F_ASN1_PRIMITIVE_NEW 119 +# define ASN1_F_ASN1_SCTX_NEW 221 +# define ASN1_F_ASN1_SIGN 128 +# define ASN1_F_ASN1_STR2TYPE 179 +# define ASN1_F_ASN1_STRING_GET_INT64 227 +# define ASN1_F_ASN1_STRING_GET_UINT64 230 +# define ASN1_F_ASN1_STRING_SET 186 +# define ASN1_F_ASN1_STRING_TABLE_ADD 129 +# define ASN1_F_ASN1_STRING_TO_BN 228 +# define ASN1_F_ASN1_STRING_TYPE_NEW 130 +# define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 +# define ASN1_F_ASN1_TEMPLATE_NEW 133 +# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 +# define ASN1_F_ASN1_TIME_ADJ 217 +# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 +# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 +# define ASN1_F_ASN1_UTCTIME_ADJ 218 +# define ASN1_F_ASN1_VERIFY 137 +# define ASN1_F_B64_READ_ASN1 209 +# define ASN1_F_B64_WRITE_ASN1 210 +# define ASN1_F_BIO_NEW_NDEF 208 +# define ASN1_F_BITSTR_CB 180 +# define ASN1_F_BN_TO_ASN1_STRING 229 +# define ASN1_F_C2I_ASN1_BIT_STRING 189 +# define ASN1_F_C2I_ASN1_INTEGER 194 +# define ASN1_F_C2I_ASN1_OBJECT 196 +# define ASN1_F_C2I_IBUF 226 +# define ASN1_F_C2I_UINT64_INT 101 +# define ASN1_F_COLLECT_DATA 140 +# define ASN1_F_D2I_ASN1_OBJECT 147 +# define ASN1_F_D2I_ASN1_UINTEGER 150 +# define ASN1_F_D2I_AUTOPRIVATEKEY 207 +# define ASN1_F_D2I_PRIVATEKEY 154 +# define ASN1_F_D2I_PUBLICKEY 155 +# define ASN1_F_DO_BUF 142 +# define ASN1_F_DO_CREATE 124 +# define ASN1_F_DO_DUMP 125 +# define ASN1_F_DO_TCREATE 222 +# define ASN1_F_I2A_ASN1_OBJECT 126 +# define ASN1_F_I2D_ASN1_BIO_STREAM 211 +# define ASN1_F_I2D_ASN1_OBJECT 143 +# define ASN1_F_I2D_DSA_PUBKEY 161 +# define ASN1_F_I2D_EC_PUBKEY 181 +# define ASN1_F_I2D_PRIVATEKEY 163 +# define ASN1_F_I2D_PUBLICKEY 164 +# define ASN1_F_I2D_RSA_PUBKEY 165 +# define ASN1_F_LONG_C2I 166 +# define ASN1_F_NDEF_PREFIX 127 +# define ASN1_F_NDEF_SUFFIX 136 +# define ASN1_F_OID_MODULE_INIT 174 +# define ASN1_F_PARSE_TAGGING 182 +# define ASN1_F_PKCS5_PBE2_SET_IV 167 +# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 231 +# define ASN1_F_PKCS5_PBE_SET 202 +# define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 +# define ASN1_F_PKCS5_PBKDF2_SET 219 +# define ASN1_F_PKCS5_SCRYPT_SET 232 +# define ASN1_F_SMIME_READ_ASN1 212 +# define ASN1_F_SMIME_TEXT 213 +# define ASN1_F_STABLE_GET 138 +# define ASN1_F_STBL_MODULE_INIT 223 +# define ASN1_F_UINT32_C2I 105 +# define ASN1_F_UINT32_NEW 139 +# define ASN1_F_UINT64_C2I 112 +# define ASN1_F_UINT64_NEW 141 +# define ASN1_F_X509_CRL_ADD0_REVOKED 169 +# define ASN1_F_X509_INFO_NEW 170 +# define ASN1_F_X509_NAME_ENCODE 203 +# define ASN1_F_X509_NAME_EX_D2I 158 +# define ASN1_F_X509_NAME_EX_NEW 171 +# define ASN1_F_X509_PKEY_NEW 173 + +/* + * ASN1 reason codes. + */ +# define ASN1_R_ADDING_OBJECT 171 +# define ASN1_R_ASN1_PARSE_ERROR 203 +# define ASN1_R_ASN1_SIG_PARSE_ERROR 204 +# define ASN1_R_AUX_ERROR 100 +# define ASN1_R_BAD_OBJECT_HEADER 102 +# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 +# define ASN1_R_BN_LIB 105 +# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +# define ASN1_R_BUFFER_TOO_SMALL 107 +# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +# define ASN1_R_CONTEXT_NOT_INITIALISED 217 +# define ASN1_R_DATA_IS_WRONG 109 +# define ASN1_R_DECODE_ERROR 110 +# define ASN1_R_DEPTH_EXCEEDED 174 +# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 +# define ASN1_R_ENCODE_ERROR 112 +# define ASN1_R_ERROR_GETTING_TIME 173 +# define ASN1_R_ERROR_LOADING_SECTION 172 +# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 +# define ASN1_R_EXPECTING_AN_INTEGER 115 +# define ASN1_R_EXPECTING_AN_OBJECT 116 +# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 +# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 +# define ASN1_R_FIELD_MISSING 121 +# define ASN1_R_FIRST_NUM_TOO_LARGE 122 +# define ASN1_R_HEADER_TOO_LONG 123 +# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +# define ASN1_R_ILLEGAL_BOOLEAN 176 +# define ASN1_R_ILLEGAL_CHARACTERS 124 +# define ASN1_R_ILLEGAL_FORMAT 177 +# define ASN1_R_ILLEGAL_HEX 178 +# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +# define ASN1_R_ILLEGAL_INTEGER 180 +# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 +# define ASN1_R_ILLEGAL_NESTED_TAGGING 181 +# define ASN1_R_ILLEGAL_NULL 125 +# define ASN1_R_ILLEGAL_NULL_VALUE 182 +# define ASN1_R_ILLEGAL_OBJECT 183 +# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 +# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +# define ASN1_R_ILLEGAL_PADDING 221 +# define ASN1_R_ILLEGAL_TAGGED_ANY 127 +# define ASN1_R_ILLEGAL_TIME_VALUE 184 +# define ASN1_R_ILLEGAL_ZERO_CONTENT 222 +# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 +# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 +# define ASN1_R_INVALID_BMPSTRING_LENGTH 129 +# define ASN1_R_INVALID_DIGIT 130 +# define ASN1_R_INVALID_MIME_TYPE 205 +# define ASN1_R_INVALID_MODIFIER 186 +# define ASN1_R_INVALID_NUMBER 187 +# define ASN1_R_INVALID_OBJECT_ENCODING 216 +# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 +# define ASN1_R_INVALID_SEPARATOR 131 +# define ASN1_R_INVALID_STRING_TABLE_VALUE 218 +# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 +# define ASN1_R_INVALID_UTF8STRING 134 +# define ASN1_R_INVALID_VALUE 219 +# define ASN1_R_LIST_ERROR 188 +# define ASN1_R_MIME_NO_CONTENT_TYPE 206 +# define ASN1_R_MIME_PARSE_ERROR 207 +# define ASN1_R_MIME_SIG_PARSE_ERROR 208 +# define ASN1_R_MISSING_EOC 137 +# define ASN1_R_MISSING_SECOND_NUMBER 138 +# define ASN1_R_MISSING_VALUE 189 +# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 +# define ASN1_R_MSTRING_WRONG_TAG 140 +# define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 201 +# define ASN1_R_NON_HEX_CHARACTERS 141 +# define ASN1_R_NOT_ASCII_FORMAT 190 +# define ASN1_R_NOT_ENOUGH_DATA 142 +# define ASN1_R_NO_CONTENT_TYPE 209 +# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +# define ASN1_R_NO_MULTIPART_BOUNDARY 211 +# define ASN1_R_NO_SIG_CONTENT_TYPE 212 +# define ASN1_R_NULL_IS_WRONG_LENGTH 144 +# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 +# define ASN1_R_ODD_NUMBER_OF_CHARS 145 +# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 +# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 +# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 +# define ASN1_R_SHORT_LINE 150 +# define ASN1_R_SIG_INVALID_MIME_TYPE 213 +# define ASN1_R_STREAMING_NOT_SUPPORTED 202 +# define ASN1_R_STRING_TOO_LONG 151 +# define ASN1_R_STRING_TOO_SHORT 152 +# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +# define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +# define ASN1_R_TOO_LARGE 223 +# define ASN1_R_TOO_LONG 155 +# define ASN1_R_TOO_SMALL 224 +# define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +# define ASN1_R_TYPE_NOT_PRIMITIVE 195 +# define ASN1_R_UNEXPECTED_EOC 159 +# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 +# define ASN1_R_UNKNOWN_FORMAT 160 +# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 +# define ASN1_R_UNKNOWN_OBJECT_TYPE 162 +# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 +# define ASN1_R_UNKNOWN_TAG 194 +# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +# define ASN1_R_UNSUPPORTED_CIPHER 228 +# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +# define ASN1_R_UNSUPPORTED_TYPE 196 +# define ASN1_R_WRONG_INTEGER_TYPE 225 +# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 +# define ASN1_R_WRONG_TAG 168 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/asn1t.h b/deps/openssl/mingw64/include/openssl/asn1t.h new file mode 100644 index 00000000..a450ba0d --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/asn1t.h @@ -0,0 +1,945 @@ +/* + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1T_H +# define HEADER_ASN1T_H + +# include +# include +# include + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +/* ASN1 template defines, structures and functions */ + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr)) + +/* Macros for start and end of ASN1_ITEM definition */ + +# define ASN1_ITEM_start(itname) \ + const ASN1_ITEM itname##_it = { + +# define static_ASN1_ITEM_start(itname) \ + static const ASN1_ITEM itname##_it = { + +# define ASN1_ITEM_end(itname) \ + }; + +# else + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)())) + +/* Macros for start and end of ASN1_ITEM definition */ + +# define ASN1_ITEM_start(itname) \ + const ASN1_ITEM * itname##_it(void) \ + { \ + static const ASN1_ITEM local_it = { + +# define static_ASN1_ITEM_start(itname) \ + static ASN1_ITEM_start(itname) + +# define ASN1_ITEM_end(itname) \ + }; \ + return &local_it; \ + } + +# endif + +/* Macros to aid ASN1 template writing */ + +# define ASN1_ITEM_TEMPLATE(tname) \ + static const ASN1_TEMPLATE tname##_item_tt + +# define ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) + +/* This is a ASN1 type which just embeds a template */ + +/*- + * This pair helps declare a SEQUENCE. We can do: + * + * ASN1_SEQUENCE(stname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END(stname) + * + * This will produce an ASN1_ITEM called stname_it + * for a structure called stname. + * + * If you want the same structure but a different + * name then use: + * + * ASN1_SEQUENCE(itname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END_name(stname, itname) + * + * This will create an item called itname_it using + * a structure called stname. + */ + +# define ASN1_SEQUENCE(tname) \ + static const ASN1_TEMPLATE tname##_seq_tt[] + +# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) + +# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) + +# define ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + +# define ASN1_SEQUENCE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_BROKEN_SEQUENCE(tname) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_ref(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_enc(tname, enc, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) + +# define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) +# define static_ASN1_BROKEN_SEQUENCE_END(stname) \ + static_ASN1_SEQUENCE_END_ref(stname, stname) + +# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/*- + * This pair helps declare a CHOICE type. We can do: + * + * ASN1_CHOICE(chname) = { + * ... CHOICE options ... + * ASN1_CHOICE_END(chname) + * + * This will produce an ASN1_ITEM called chname_it + * for a structure called chname. The structure + * definition must look like this: + * typedef struct { + * int type; + * union { + * ASN1_SOMETHING *opt1; + * ASN1_SOMEOTHER *opt2; + * } value; + * } chname; + * + * the name of the selector must be 'type'. + * to use an alternative selector name use the + * ASN1_CHOICE_END_selector() version. + */ + +# define ASN1_CHOICE(tname) \ + static const ASN1_TEMPLATE tname##_ch_tt[] + +# define ASN1_CHOICE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_CHOICE(tname) + +# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) + +# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) + +# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) + +# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) + +# define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/* This helps with the template wrapper form of ASN1_ITEM */ + +# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ + (flags), (tag), 0,\ + #name, ASN1_ITEM_ref(type) } + +/* These help with SEQUENCE or CHOICE components */ + +/* used to declare other types */ + +# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ + (flags), (tag), offsetof(stname, field),\ + #field, ASN1_ITEM_ref(type) } + +/* implicit and explicit helper macros */ + +# define ASN1_IMP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type) + +# define ASN1_EXP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type) + +/* Any defined by macros: the field used is in the table itself */ + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +# else +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } +# endif +/* Plain simple type */ +# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) +/* Embedded simple type */ +# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type) + +/* OPTIONAL simple type */ +# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) +# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type) + +/* IMPLICIT tagged simple type */ +# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) +# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) + +/* IMPLICIT tagged OPTIONAL simple type */ +# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* Same as above but EXPLICIT */ + +# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) +# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) +# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* SEQUENCE OF type */ +# define ASN1_SEQUENCE_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) + +/* OPTIONAL SEQUENCE OF */ +# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Same as above but for SET OF */ + +# define ASN1_SET_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) + +# define ASN1_SET_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ + +# define ASN1_IMP_SET_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_EXP_SET_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +/* EXPLICIT using indefinite length constructed form */ +# define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) + +/* EXPLICIT OPTIONAL using indefinite length constructed form */ +# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) + +/* Macros for the ASN1_ADB structure */ + +# define ASN1_ADB(name) \ + static const ASN1_ADB_TABLE name##_adbtbl[] + +# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ + ;\ + static const ASN1_ADB name##_adb = {\ + flags,\ + offsetof(name, field),\ + adb_cb,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + } + +# else + +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ + ;\ + static const ASN1_ITEM *name##_adb(void) \ + { \ + static const ASN1_ADB internal_adb = \ + {\ + flags,\ + offsetof(name, field),\ + adb_cb,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + }; \ + return (const ASN1_ITEM *) &internal_adb; \ + } \ + void dummy_function(void) + +# endif + +# define ADB_ENTRY(val, template) {val, template} + +# define ASN1_ADB_TEMPLATE(name) \ + static const ASN1_TEMPLATE name##_tt + +/* + * This is the ASN1 template structure that defines a wrapper round the + * actual type. It determines the actual position of the field in the value + * structure, various flags such as OPTIONAL and the field name. + */ + +struct ASN1_TEMPLATE_st { + unsigned long flags; /* Various flags */ + long tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ + const char *field_name; /* Field name */ + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ +}; + +/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ + +# define ASN1_TEMPLATE_item(t) (t->item_ptr) +# define ASN1_TEMPLATE_adb(t) (t->item_ptr) + +typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE; +typedef struct ASN1_ADB_st ASN1_ADB; + +struct ASN1_ADB_st { + unsigned long flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ + int (*adb_cb)(long *psel); /* Application callback */ + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ + const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ + const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ +}; + +struct ASN1_ADB_TABLE_st { + long value; /* NID for an object or value for an int */ + const ASN1_TEMPLATE tt; /* item for this value */ +}; + +/* template flags */ + +/* Field is optional */ +# define ASN1_TFLG_OPTIONAL (0x1) + +/* Field is a SET OF */ +# define ASN1_TFLG_SET_OF (0x1 << 1) + +/* Field is a SEQUENCE OF */ +# define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) + +/* + * Special case: this refers to a SET OF that will be sorted into DER order + * when encoded *and* the corresponding STACK will be modified to match the + * new order. + */ +# define ASN1_TFLG_SET_ORDER (0x3 << 1) + +/* Mask for SET OF or SEQUENCE OF */ +# define ASN1_TFLG_SK_MASK (0x3 << 1) + +/* + * These flags mean the tag should be taken from the tag field. If EXPLICIT + * then the underlying type is used for the inner tag. + */ + +/* IMPLICIT tagging */ +# define ASN1_TFLG_IMPTAG (0x1 << 3) + +/* EXPLICIT tagging, inner tag from underlying type */ +# define ASN1_TFLG_EXPTAG (0x2 << 3) + +# define ASN1_TFLG_TAG_MASK (0x3 << 3) + +/* context specific IMPLICIT */ +# define ASN1_TFLG_IMPLICIT (ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT) + +/* context specific EXPLICIT */ +# define ASN1_TFLG_EXPLICIT (ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT) + +/* + * If tagging is in force these determine the type of tag to use. Otherwise + * the tag is determined by the underlying type. These values reflect the + * actual octet format. + */ + +/* Universal tag */ +# define ASN1_TFLG_UNIVERSAL (0x0<<6) +/* Application tag */ +# define ASN1_TFLG_APPLICATION (0x1<<6) +/* Context specific tag */ +# define ASN1_TFLG_CONTEXT (0x2<<6) +/* Private tag */ +# define ASN1_TFLG_PRIVATE (0x3<<6) + +# define ASN1_TFLG_TAG_CLASS (0x3<<6) + +/* + * These are for ANY DEFINED BY type. In this case the 'item' field points to + * an ASN1_ADB structure which contains a table of values to decode the + * relevant type + */ + +# define ASN1_TFLG_ADB_MASK (0x3<<8) + +# define ASN1_TFLG_ADB_OID (0x1<<8) + +# define ASN1_TFLG_ADB_INT (0x1<<9) + +/* + * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes + * indefinite length constructed encoding to be used if required. + */ + +# define ASN1_TFLG_NDEF (0x1<<11) + +/* Field is embedded and not a pointer */ +# define ASN1_TFLG_EMBED (0x1 << 12) + +/* This is the actual ASN1 item itself */ + +struct ASN1_ITEM_st { + char itype; /* The item type, primitive, SEQUENCE, CHOICE + * or extern */ + long utype; /* underlying type */ + const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains + * the contents */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* functions that handle this type */ + long size; /* Structure size (usually) */ + const char *sname; /* Structure name */ +}; + +/*- + * These are values for the itype field and + * determine how the type is interpreted. + * + * For PRIMITIVE types the underlying type + * determines the behaviour if items is NULL. + * + * Otherwise templates must contain a single + * template and the type is treated in the + * same way as the type specified in the template. + * + * For SEQUENCE types the templates field points + * to the members, the size field is the + * structure size. + * + * For CHOICE types the templates field points + * to each possible member (typically a union) + * and the 'size' field is the offset of the + * selector. + * + * The 'funcs' field is used for application + * specific functions. + * + * The EXTERN type uses a new style d2i/i2d. + * The new style should be used where possible + * because it avoids things like the d2i IMPLICIT + * hack. + * + * MSTRING is a multiple string type, it is used + * for a CHOICE of character strings where the + * actual strings all occupy an ASN1_STRING + * structure. In this case the 'utype' field + * has a special meaning, it is used as a mask + * of acceptable types using the B_ASN1 constants. + * + * NDEF_SEQUENCE is the same as SEQUENCE except + * that it will use indefinite length constructed + * encoding if requested. + * + */ + +# define ASN1_ITYPE_PRIMITIVE 0x0 + +# define ASN1_ITYPE_SEQUENCE 0x1 + +# define ASN1_ITYPE_CHOICE 0x2 + +# define ASN1_ITYPE_EXTERN 0x4 + +# define ASN1_ITYPE_MSTRING 0x5 + +# define ASN1_ITYPE_NDEF_SEQUENCE 0x6 + +/* + * Cache for ASN1 tag and length, so we don't keep re-reading it for things + * like CHOICE + */ + +struct ASN1_TLC_st { + char valid; /* Values below are valid */ + int ret; /* return value */ + long plen; /* length */ + int ptag; /* class value */ + int pclass; /* class value */ + int hdrlen; /* header length */ +}; + +/* Typedefs for ASN1 function pointers */ +typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); +typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + +typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, + int indent, const char *fname, + const ASN1_PCTX *pctx); + +typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, + int *putype, const ASN1_ITEM *it); +typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, + int len, int utype, char *free_cont, + const ASN1_ITEM *it); +typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, + const ASN1_ITEM *it, int indent, + const ASN1_PCTX *pctx); + +typedef struct ASN1_EXTERN_FUNCS_st { + void *app_data; + ASN1_ex_new_func *asn1_ex_new; + ASN1_ex_free_func *asn1_ex_free; + ASN1_ex_free_func *asn1_ex_clear; + ASN1_ex_d2i *asn1_ex_d2i; + ASN1_ex_i2d *asn1_ex_i2d; + ASN1_ex_print_func *asn1_ex_print; +} ASN1_EXTERN_FUNCS; + +typedef struct ASN1_PRIMITIVE_FUNCS_st { + void *app_data; + unsigned long flags; + ASN1_ex_new_func *prim_new; + ASN1_ex_free_func *prim_free; + ASN1_ex_free_func *prim_clear; + ASN1_primitive_c2i *prim_c2i; + ASN1_primitive_i2c *prim_i2c; + ASN1_primitive_print *prim_print; +} ASN1_PRIMITIVE_FUNCS; + +/* + * This is the ASN1_AUX structure: it handles various miscellaneous + * requirements. For example the use of reference counts and an informational + * callback. The "informational callback" is called at various points during + * the ASN1 encoding and decoding. It can be used to provide minor + * customisation of the structures used. This is most useful where the + * supplied routines *almost* do the right thing but need some extra help at + * a few points. If the callback returns zero then it is assumed a fatal + * error has occurred and the main operation should be abandoned. If major + * changes in the default behaviour are required then an external type is + * more appropriate. + */ + +typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, + void *exarg); + +typedef struct ASN1_AUX_st { + void *app_data; + int flags; + int ref_offset; /* Offset of reference value */ + int ref_lock; /* Lock type to use */ + ASN1_aux_cb *asn1_cb; + int enc_offset; /* Offset of ASN1_ENCODING structure */ +} ASN1_AUX; + +/* For print related callbacks exarg points to this structure */ +typedef struct ASN1_PRINT_ARG_st { + BIO *out; + int indent; + const ASN1_PCTX *pctx; +} ASN1_PRINT_ARG; + +/* For streaming related callbacks exarg points to this structure */ +typedef struct ASN1_STREAM_ARG_st { + /* BIO to stream through */ + BIO *out; + /* BIO with filters appended */ + BIO *ndef_bio; + /* Streaming I/O boundary */ + unsigned char **boundary; +} ASN1_STREAM_ARG; + +/* Flags in ASN1_AUX */ + +/* Use a reference count */ +# define ASN1_AFLG_REFCOUNT 1 +/* Save the encoding of structure (useful for signatures) */ +# define ASN1_AFLG_ENCODING 2 +/* The Sequence length is invalid */ +# define ASN1_AFLG_BROKEN 4 + +/* operation values for asn1_cb */ + +# define ASN1_OP_NEW_PRE 0 +# define ASN1_OP_NEW_POST 1 +# define ASN1_OP_FREE_PRE 2 +# define ASN1_OP_FREE_POST 3 +# define ASN1_OP_D2I_PRE 4 +# define ASN1_OP_D2I_POST 5 +# define ASN1_OP_I2D_PRE 6 +# define ASN1_OP_I2D_POST 7 +# define ASN1_OP_PRINT_PRE 8 +# define ASN1_OP_PRINT_POST 9 +# define ASN1_OP_STREAM_PRE 10 +# define ASN1_OP_STREAM_POST 11 +# define ASN1_OP_DETACHED_PRE 12 +# define ASN1_OP_DETACHED_POST 13 + +/* Macro to implement a primitive type */ +# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) +# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ + ASN1_ITEM_end(itname) + +/* Macro to implement a multi string type */ +# define IMPLEMENT_ASN1_MSTRING(itname, mask) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ + ASN1_ITEM_end(itname) + +# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_EXTERN, \ + tag, \ + NULL, \ + 0, \ + &fptrs, \ + 0, \ + #sname \ + ASN1_ITEM_end(sname) + +/* Macro to implement standard functions in terms of ASN1_ITEM structures */ + +# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) + +# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + +# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ + stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ + int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ + { \ + return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ + } + +# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \ + static stname *d2i_##stname(stname **a, \ + const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ + ASN1_ITEM_rptr(stname)); \ + } \ + static int i2d_##stname(stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, \ + ASN1_ITEM_rptr(stname)); \ + } + +/* + * This includes evil casts to remove const: they will go away when full ASN1 + * constification is done. + */ +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ + stname * stname##_dup(stname *x) \ + { \ + return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + } + +# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } + +# define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ + IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) + +# define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +/* external definitions for primitive types */ + +DECLARE_ASN1_ITEM(ASN1_BOOLEAN) +DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_SEQUENCE) +DECLARE_ASN1_ITEM(CBIGNUM) +DECLARE_ASN1_ITEM(BIGNUM) +DECLARE_ASN1_ITEM(INT32) +DECLARE_ASN1_ITEM(ZINT32) +DECLARE_ASN1_ITEM(UINT32) +DECLARE_ASN1_ITEM(ZUINT32) +DECLARE_ASN1_ITEM(INT64) +DECLARE_ASN1_ITEM(ZINT64) +DECLARE_ASN1_ITEM(UINT64) +DECLARE_ASN1_ITEM(ZUINT64) + +# if OPENSSL_API_COMPAT < 0x10200000L +/* + * LONG and ZLONG are strongly discouraged for use as stored data, as the + * underlying C type (long) differs in size depending on the architecture. + * They are designed with 32-bit longs in mind. + */ +DECLARE_ASN1_ITEM(LONG) +DECLARE_ASN1_ITEM(ZLONG) +# endif + +DEFINE_STACK_OF(ASN1_VALUE) + +/* Functions used internally by the ASN1 code */ + +int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); +void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/async.h b/deps/openssl/mingw64/include/openssl/async.h new file mode 100644 index 00000000..7052b890 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/async.h @@ -0,0 +1,76 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifndef HEADER_ASYNC_H +# define HEADER_ASYNC_H + +#if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include to use this */ +#define OSSL_ASYNC_FD HANDLE +#define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE +# endif +#else +#define OSSL_ASYNC_FD int +#define OSSL_BAD_ASYNC_FD -1 +#endif +# include + + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct async_job_st ASYNC_JOB; +typedef struct async_wait_ctx_st ASYNC_WAIT_CTX; + +#define ASYNC_ERR 0 +#define ASYNC_NO_JOBS 1 +#define ASYNC_PAUSE 2 +#define ASYNC_FINISH 3 + +int ASYNC_init_thread(size_t max_size, size_t init_size); +void ASYNC_cleanup_thread(void); + +#ifdef OSSL_ASYNC_FD +ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); +void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); +int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD fd, + void *custom_data, + void (*cleanup)(ASYNC_WAIT_CTX *, const void *, + OSSL_ASYNC_FD, void *)); +int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD *fd, void **custom_data); +int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, + size_t *numfds); +int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +#endif + +int ASYNC_is_capable(void); + +int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, + int (*func)(void *), void *args, size_t size); +int ASYNC_pause_job(void); + +ASYNC_JOB *ASYNC_get_current_job(void); +ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); +void ASYNC_block_pause(void); +void ASYNC_unblock_pause(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/asyncerr.h b/deps/openssl/mingw64/include/openssl/asyncerr.h new file mode 100644 index 00000000..91afbbb2 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/asyncerr.h @@ -0,0 +1,42 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASYNCERR_H +# define HEADER_ASYNCERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASYNC_strings(void); + +/* + * ASYNC function codes. + */ +# define ASYNC_F_ASYNC_CTX_NEW 100 +# define ASYNC_F_ASYNC_INIT_THREAD 101 +# define ASYNC_F_ASYNC_JOB_NEW 102 +# define ASYNC_F_ASYNC_PAUSE_JOB 103 +# define ASYNC_F_ASYNC_START_FUNC 104 +# define ASYNC_F_ASYNC_START_JOB 105 +# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD 106 + +/* + * ASYNC reason codes. + */ +# define ASYNC_R_FAILED_TO_SET_POOL 101 +# define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102 +# define ASYNC_R_INIT_FAILED 105 +# define ASYNC_R_INVALID_POOL_SIZE 103 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/bio.h b/deps/openssl/mingw64/include/openssl/bio.h new file mode 100644 index 00000000..ae559a51 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/bio.h @@ -0,0 +1,801 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BIO_H +# define HEADER_BIO_H + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* There are the classes of BIOs */ +# define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ +# define BIO_TYPE_FILTER 0x0200 +# define BIO_TYPE_SOURCE_SINK 0x0400 + +/* These are the 'types' of BIOs */ +# define BIO_TYPE_NONE 0 +# define BIO_TYPE_MEM ( 1|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_FILE ( 2|BIO_TYPE_SOURCE_SINK) + +# define BIO_TYPE_FD ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_SOCKET ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_NULL ( 6|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_SSL ( 7|BIO_TYPE_FILTER) +# define BIO_TYPE_MD ( 8|BIO_TYPE_FILTER) +# define BIO_TYPE_BUFFER ( 9|BIO_TYPE_FILTER) +# define BIO_TYPE_CIPHER (10|BIO_TYPE_FILTER) +# define BIO_TYPE_BASE64 (11|BIO_TYPE_FILTER) +# define BIO_TYPE_CONNECT (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ACCEPT (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) + +# define BIO_TYPE_NBIO_TEST (16|BIO_TYPE_FILTER)/* server proxy BIO */ +# define BIO_TYPE_NULL_FILTER (17|BIO_TYPE_FILTER) +# define BIO_TYPE_BIO (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */ +# define BIO_TYPE_LINEBUFFER (20|BIO_TYPE_FILTER) +# define BIO_TYPE_DGRAM (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ASN1 (22|BIO_TYPE_FILTER) +# define BIO_TYPE_COMP (23|BIO_TYPE_FILTER) +# ifndef OPENSSL_NO_SCTP +# define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# endif + +#define BIO_TYPE_START 128 + +/* + * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. + * BIO_set_fp(in,stdin,BIO_NOCLOSE); + */ +# define BIO_NOCLOSE 0x00 +# define BIO_CLOSE 0x01 + +/* + * These are used in the following macros and are passed to BIO_ctrl() + */ +# define BIO_CTRL_RESET 1/* opt - rewind/zero etc */ +# define BIO_CTRL_EOF 2/* opt - are we at the eof */ +# define BIO_CTRL_INFO 3/* opt - extra tit-bits */ +# define BIO_CTRL_SET 4/* man - set the 'IO' type */ +# define BIO_CTRL_GET 5/* man - get the 'IO' type */ +# define BIO_CTRL_PUSH 6/* opt - internal, used to signify change */ +# define BIO_CTRL_POP 7/* opt - internal, used to signify change */ +# define BIO_CTRL_GET_CLOSE 8/* man - set the 'close' on free */ +# define BIO_CTRL_SET_CLOSE 9/* man - set the 'close' on free */ +# define BIO_CTRL_PENDING 10/* opt - is their more data buffered */ +# define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */ +# define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */ +# define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */ +# define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ +# define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ + +# define BIO_CTRL_PEEK 29/* BIO_f_buffer special */ +# define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */ + +/* dgram BIO stuff */ +# define BIO_CTRL_DGRAM_CONNECT 31/* BIO dgram special */ +# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected + * socket to be passed in */ +# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */ +# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */ + +# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */ + +/* #ifdef IP_MTU_DISCOVER */ +# define BIO_CTRL_DGRAM_MTU_DISCOVER 39/* set DF bit on egress packets */ +/* #endif */ + +# define BIO_CTRL_DGRAM_QUERY_MTU 40/* as kernel for current MTU */ +# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 +# define BIO_CTRL_DGRAM_GET_MTU 41/* get cached value for MTU */ +# define BIO_CTRL_DGRAM_SET_MTU 42/* set cached value for MTU. + * want to use this if asking + * the kernel fails */ + +# define BIO_CTRL_DGRAM_MTU_EXCEEDED 43/* check whether the MTU was + * exceed in the previous write + * operation */ + +# define BIO_CTRL_DGRAM_GET_PEER 46 +# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */ + +# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout + * to adjust socket timeouts */ +# define BIO_CTRL_DGRAM_SET_DONT_FRAG 48 + +# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 + +/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */ +# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 +# ifndef OPENSSL_NO_SCTP +/* SCTP stuff */ +# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 +# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 +# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 +# define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 +# define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 +# define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 +# define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 +# define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 +# define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 +# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 +# endif + +# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 + +/* modifiers */ +# define BIO_FP_READ 0x02 +# define BIO_FP_WRITE 0x04 +# define BIO_FP_APPEND 0x08 +# define BIO_FP_TEXT 0x10 + +# define BIO_FLAGS_READ 0x01 +# define BIO_FLAGS_WRITE 0x02 +# define BIO_FLAGS_IO_SPECIAL 0x04 +# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) +# define BIO_FLAGS_SHOULD_RETRY 0x08 +# ifndef BIO_FLAGS_UPLINK +/* + * "UPLINK" flag denotes file descriptors provided by application. It + * defaults to 0, as most platforms don't require UPLINK interface. + */ +# define BIO_FLAGS_UPLINK 0 +# endif + +# define BIO_FLAGS_BASE64_NO_NL 0x100 + +/* + * This is used with memory BIOs: + * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way; + * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset. + */ +# define BIO_FLAGS_MEM_RDONLY 0x200 +# define BIO_FLAGS_NONCLEAR_RST 0x400 +# define BIO_FLAGS_IN_EOF 0x800 + +typedef union bio_addr_st BIO_ADDR; +typedef struct bio_addrinfo_st BIO_ADDRINFO; + +int BIO_get_new_index(void); +void BIO_set_flags(BIO *b, int flags); +int BIO_test_flags(const BIO *b, int flags); +void BIO_clear_flags(BIO *b, int flags); + +# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) +# define BIO_set_retry_special(b) \ + BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_read(b) \ + BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_write(b) \ + BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) + +/* These are normally used internally in BIOs */ +# define BIO_clear_retry_flags(b) \ + BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_get_retry_flags(b) \ + BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + +/* These should be used by the application to tell why we should retry */ +# define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +# define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +# define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +# define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +# define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) + +/* + * The next three are used in conjunction with the BIO_should_io_special() + * condition. After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int + * *reason); will walk the BIO stack and return the 'reason' for the special + * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return + * the code. + */ +/* + * Returned from the SSL bio when the certificate retrieval code had an error + */ +# define BIO_RR_SSL_X509_LOOKUP 0x01 +/* Returned from the connect BIO when a connect would have blocked */ +# define BIO_RR_CONNECT 0x02 +/* Returned from the accept BIO when an accept would have blocked */ +# define BIO_RR_ACCEPT 0x03 + +/* These are passed by the BIO callback */ +# define BIO_CB_FREE 0x01 +# define BIO_CB_READ 0x02 +# define BIO_CB_WRITE 0x03 +# define BIO_CB_PUTS 0x04 +# define BIO_CB_GETS 0x05 +# define BIO_CB_CTRL 0x06 + +/* + * The callback is called before and after the underling operation, The + * BIO_CB_RETURN flag indicates if it is after the call + */ +# define BIO_CB_RETURN 0x80 +# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) +# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) +# define BIO_cb_post(a) ((a)&BIO_CB_RETURN) + +typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, + long argl, long ret); +typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, + size_t len, int argi, + long argl, int ret, size_t *processed); +BIO_callback_fn BIO_get_callback(const BIO *b); +void BIO_set_callback(BIO *b, BIO_callback_fn callback); + +BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); + +char *BIO_get_callback_arg(const BIO *b); +void BIO_set_callback_arg(BIO *b, char *arg); + +typedef struct bio_method_st BIO_METHOD; + +const char *BIO_method_name(const BIO *b); +int BIO_method_type(const BIO *b); + +typedef int BIO_info_cb(BIO *, int, int); +typedef BIO_info_cb bio_info_cb; /* backward compatibility */ + +DEFINE_STACK_OF(BIO) + +/* Prefix and suffix callback in ASN1 BIO */ +typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen, + void *parg); + +# ifndef OPENSSL_NO_SCTP +/* SCTP parameter structs */ +struct bio_dgram_sctp_sndinfo { + uint16_t snd_sid; + uint16_t snd_flags; + uint32_t snd_ppid; + uint32_t snd_context; +}; + +struct bio_dgram_sctp_rcvinfo { + uint16_t rcv_sid; + uint16_t rcv_ssn; + uint16_t rcv_flags; + uint32_t rcv_ppid; + uint32_t rcv_tsn; + uint32_t rcv_cumtsn; + uint32_t rcv_context; +}; + +struct bio_dgram_sctp_prinfo { + uint16_t pr_policy; + uint32_t pr_value; +}; +# endif + +/* + * #define BIO_CONN_get_param_hostname BIO_ctrl + */ + +# define BIO_C_SET_CONNECT 100 +# define BIO_C_DO_STATE_MACHINE 101 +# define BIO_C_SET_NBIO 102 +/* # define BIO_C_SET_PROXY_PARAM 103 */ +# define BIO_C_SET_FD 104 +# define BIO_C_GET_FD 105 +# define BIO_C_SET_FILE_PTR 106 +# define BIO_C_GET_FILE_PTR 107 +# define BIO_C_SET_FILENAME 108 +# define BIO_C_SET_SSL 109 +# define BIO_C_GET_SSL 110 +# define BIO_C_SET_MD 111 +# define BIO_C_GET_MD 112 +# define BIO_C_GET_CIPHER_STATUS 113 +# define BIO_C_SET_BUF_MEM 114 +# define BIO_C_GET_BUF_MEM_PTR 115 +# define BIO_C_GET_BUFF_NUM_LINES 116 +# define BIO_C_SET_BUFF_SIZE 117 +# define BIO_C_SET_ACCEPT 118 +# define BIO_C_SSL_MODE 119 +# define BIO_C_GET_MD_CTX 120 +/* # define BIO_C_GET_PROXY_PARAM 121 */ +# define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ +# define BIO_C_GET_CONNECT 123 +# define BIO_C_GET_ACCEPT 124 +# define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +# define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +# define BIO_C_FILE_SEEK 128 +# define BIO_C_GET_CIPHER_CTX 129 +# define BIO_C_SET_BUF_MEM_EOF_RETURN 130/* return end of input + * value */ +# define BIO_C_SET_BIND_MODE 131 +# define BIO_C_GET_BIND_MODE 132 +# define BIO_C_FILE_TELL 133 +# define BIO_C_GET_SOCKS 134 +# define BIO_C_SET_SOCKS 135 + +# define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ +# define BIO_C_GET_WRITE_BUF_SIZE 137 +# define BIO_C_MAKE_BIO_PAIR 138 +# define BIO_C_DESTROY_BIO_PAIR 139 +# define BIO_C_GET_WRITE_GUARANTEE 140 +# define BIO_C_GET_READ_REQUEST 141 +# define BIO_C_SHUTDOWN_WR 142 +# define BIO_C_NREAD0 143 +# define BIO_C_NREAD 144 +# define BIO_C_NWRITE0 145 +# define BIO_C_NWRITE 146 +# define BIO_C_RESET_READ_REQUEST 147 +# define BIO_C_SET_MD_CTX 148 + +# define BIO_C_SET_PREFIX 149 +# define BIO_C_GET_PREFIX 150 +# define BIO_C_SET_SUFFIX 151 +# define BIO_C_GET_SUFFIX 152 + +# define BIO_C_SET_EX_ARG 153 +# define BIO_C_GET_EX_ARG 154 + +# define BIO_C_SET_CONNECT_MODE 155 + +# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) +# define BIO_get_app_data(s) BIO_get_ex_data(s,0) + +# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) + +# ifndef OPENSSL_NO_SOCK +/* IP families we support, for BIO_s_connect() and BIO_s_accept() */ +/* Note: the underlying operating system may not support some of them */ +# define BIO_FAMILY_IPV4 4 +# define BIO_FAMILY_IPV6 6 +# define BIO_FAMILY_IPANY 256 + +/* BIO_s_connect() */ +# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0, \ + (char *)(name)) +# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1, \ + (char *)(port)) +# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2, \ + (char *)(addr)) +# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f) +# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)) +# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) +# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) +# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) +# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) + +/* BIO_s_accept() */ +# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \ + (char *)(name)) +# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1, \ + (char *)(port)) +# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)) +# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1)) +# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2)) +# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3)) +/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ +# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL) +# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3, \ + (char *)(bio)) +# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) +# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) + +/* Aliases kept for backward compatibility */ +# define BIO_BIND_NORMAL 0 +# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR +# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR +# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) +# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) + +/* BIO_s_accept() and BIO_s_connect() */ +# define BIO_do_connect(b) BIO_do_handshake(b) +# define BIO_do_accept(b) BIO_do_handshake(b) +# endif /* OPENSSL_NO_SOCK */ + +# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) + +/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ +# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) +# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)(c)) + +/* BIO_s_file() */ +# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)(fp)) +# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)(fpp)) + +/* BIO_s_fd() and BIO_s_file() */ +# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) +# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) + +/* + * name is cast to lose const, but might be better to route through a + * function so we can do it safely + */ +# ifdef CONST_STRICT +/* + * If you are wondering why this isn't defined, its because CONST_STRICT is + * purely a compile-time kludge to allow const to be checked. + */ +int BIO_read_filename(BIO *b, const char *name); +# else +# define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ,(char *)(name)) +# endif +# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_WRITE,name) +# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_APPEND,name) +# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) + +/* + * WARNING WARNING, this ups the reference count on the read bio of the SSL + * structure. This is because the ssl read BIO is now pointed to by the + * next_bio field in the bio. So when you free the BIO, make sure you are + * doing a BIO_free_all() to catch the underlying BIO. + */ +# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)(ssl)) +# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)(sslp)) +# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) +# define BIO_set_ssl_renegotiate_bytes(b,num) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) +# define BIO_get_num_renegotiates(b) \ + BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL) +# define BIO_set_ssl_renegotiate_timeout(b,seconds) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) + +/* defined in evp.h */ +/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)(md)) */ + +# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)(pp)) +# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)(bm)) +# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0, \ + (char *)(pp)) +# define BIO_set_mem_eof_return(b,v) \ + BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) + +/* For the BIO_f_buffer() type */ +# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) +# define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) +# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) +# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) +# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) + +/* Don't use the next one unless you know what you are doing :-) */ +# define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) + +# define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) +# define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) +# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) +# define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) +# define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +# define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) +/* ...pending macros have inappropriate return type */ +size_t BIO_ctrl_pending(BIO *b); +size_t BIO_ctrl_wpending(BIO *b); +# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) +# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ + cbp) +# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) + +/* For the BIO_f_buffer() type */ +# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) +# define BIO_buffer_peek(b,s,l) BIO_ctrl(b,BIO_CTRL_PEEK,(l),(s)) + +/* For BIO_s_bio() */ +# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) +# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) +# define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) +# define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) +# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) +/* macros with inappropriate type -- but ...pending macros use int too: */ +# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) +# define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) +size_t BIO_ctrl_get_write_guarantee(BIO *b); +size_t BIO_ctrl_get_read_request(BIO *b); +int BIO_ctrl_reset_read_request(BIO *b); + +/* ctrl macros for dgram */ +# define BIO_ctrl_dgram_connect(b,peer) \ + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)(peer)) +# define BIO_ctrl_set_connected(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer)) +# define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +# define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +# define BIO_dgram_get_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) +# define BIO_dgram_set_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) +# define BIO_dgram_get_mtu_overhead(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) + +#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) +int BIO_set_ex_data(BIO *bio, int idx, void *data); +void *BIO_get_ex_data(BIO *bio, int idx); +uint64_t BIO_number_read(BIO *bio); +uint64_t BIO_number_written(BIO *bio); + +/* For BIO_f_asn1() */ +int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, + asn1_ps_func *prefix_free); +int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, + asn1_ps_func **pprefix_free); +int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, + asn1_ps_func *suffix_free); +int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, + asn1_ps_func **psuffix_free); + +const BIO_METHOD *BIO_s_file(void); +BIO *BIO_new_file(const char *filename, const char *mode); +# ifndef OPENSSL_NO_STDIO +BIO *BIO_new_fp(FILE *stream, int close_flag); +# endif +BIO *BIO_new(const BIO_METHOD *type); +int BIO_free(BIO *a); +void BIO_set_data(BIO *a, void *ptr); +void *BIO_get_data(BIO *a); +void BIO_set_init(BIO *a, int init); +int BIO_get_init(BIO *a); +void BIO_set_shutdown(BIO *a, int shut); +int BIO_get_shutdown(BIO *a); +void BIO_vfree(BIO *a); +int BIO_up_ref(BIO *a); +int BIO_read(BIO *b, void *data, int dlen); +int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +int BIO_gets(BIO *bp, char *buf, int size); +int BIO_write(BIO *b, const void *data, int dlen); +int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +int BIO_puts(BIO *bp, const char *buf); +int BIO_indent(BIO *b, int indent, int max); +long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); +void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +BIO *BIO_push(BIO *b, BIO *append); +BIO *BIO_pop(BIO *b); +void BIO_free_all(BIO *a); +BIO *BIO_find_type(BIO *b, int bio_type); +BIO *BIO_next(BIO *b); +void BIO_set_next(BIO *b, BIO *next); +BIO *BIO_get_retry_BIO(BIO *bio, int *reason); +int BIO_get_retry_reason(BIO *bio); +void BIO_set_retry_reason(BIO *bio, int reason); +BIO *BIO_dup_chain(BIO *in); + +int BIO_nread0(BIO *bio, char **buf); +int BIO_nread(BIO *bio, char **buf, int num); +int BIO_nwrite0(BIO *bio, char **buf); +int BIO_nwrite(BIO *bio, char **buf, int num); + +long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, + long argl, long ret); + +const BIO_METHOD *BIO_s_mem(void); +const BIO_METHOD *BIO_s_secmem(void); +BIO *BIO_new_mem_buf(const void *buf, int len); +# ifndef OPENSSL_NO_SOCK +const BIO_METHOD *BIO_s_socket(void); +const BIO_METHOD *BIO_s_connect(void); +const BIO_METHOD *BIO_s_accept(void); +# endif +const BIO_METHOD *BIO_s_fd(void); +const BIO_METHOD *BIO_s_log(void); +const BIO_METHOD *BIO_s_bio(void); +const BIO_METHOD *BIO_s_null(void); +const BIO_METHOD *BIO_f_null(void); +const BIO_METHOD *BIO_f_buffer(void); +const BIO_METHOD *BIO_f_linebuffer(void); +const BIO_METHOD *BIO_f_nbio_test(void); +# ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_datagram(void); +int BIO_dgram_non_fatal_error(int error); +BIO *BIO_new_dgram(int fd, int close_flag); +# ifndef OPENSSL_NO_SCTP +const BIO_METHOD *BIO_s_datagram_sctp(void); +BIO *BIO_new_dgram_sctp(int fd, int close_flag); +int BIO_dgram_is_sctp(BIO *bio); +int BIO_dgram_sctp_notification_cb(BIO *b, + void (*handle_notifications) (BIO *bio, + void *context, + void *buf), + void *context); +int BIO_dgram_sctp_wait_for_dry(BIO *b); +int BIO_dgram_sctp_msg_waiting(BIO *b); +# endif +# endif + +# ifndef OPENSSL_NO_SOCK +int BIO_sock_should_retry(int i); +int BIO_sock_non_fatal_error(int error); +# endif + +int BIO_fd_should_retry(int i); +int BIO_fd_non_fatal_error(int error); +int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const char *s, int len); +int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const char *s, int len, int indent); +int BIO_dump(BIO *b, const char *bytes, int len); +int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); +# ifndef OPENSSL_NO_STDIO +int BIO_dump_fp(FILE *fp, const char *s, int len); +int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); +# endif +int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, + int datalen); + +# ifndef OPENSSL_NO_SOCK +BIO_ADDR *BIO_ADDR_new(void); +int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, + const void *where, size_t wherelen, unsigned short port); +void BIO_ADDR_free(BIO_ADDR *); +void BIO_ADDR_clear(BIO_ADDR *ap); +int BIO_ADDR_family(const BIO_ADDR *ap); +int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); +unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); +char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_path_string(const BIO_ADDR *ap); + +const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); +const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); +void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); + +enum BIO_hostserv_priorities { + BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV +}; +int BIO_parse_hostserv(const char *hostserv, char **host, char **service, + enum BIO_hostserv_priorities hostserv_prio); +enum BIO_lookup_type { + BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER +}; +int BIO_lookup(const char *host, const char *service, + enum BIO_lookup_type lookup_type, + int family, int socktype, BIO_ADDRINFO **res); +int BIO_lookup_ex(const char *host, const char *service, + int lookup_type, int family, int socktype, int protocol, + BIO_ADDRINFO **res); +int BIO_sock_error(int sock); +int BIO_socket_ioctl(int fd, long type, void *arg); +int BIO_socket_nbio(int fd, int mode); +int BIO_sock_init(void); +# if OPENSSL_API_COMPAT < 0x10100000L +# define BIO_sock_cleanup() while(0) continue +# endif +int BIO_set_tcp_ndelay(int sock, int turn_on); + +DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name)) +DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr)) +DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip)) +DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode)) +DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port)) + +union BIO_sock_info_u { + BIO_ADDR *addr; +}; +enum BIO_sock_info_type { + BIO_SOCK_INFO_ADDRESS +}; +int BIO_sock_info(int sock, + enum BIO_sock_info_type type, union BIO_sock_info_u *info); + +# define BIO_SOCK_REUSEADDR 0x01 +# define BIO_SOCK_V6_ONLY 0x02 +# define BIO_SOCK_KEEPALIVE 0x04 +# define BIO_SOCK_NONBLOCK 0x08 +# define BIO_SOCK_NODELAY 0x10 + +int BIO_socket(int domain, int socktype, int protocol, int options); +int BIO_connect(int sock, const BIO_ADDR *addr, int options); +int BIO_bind(int sock, const BIO_ADDR *addr, int options); +int BIO_listen(int sock, const BIO_ADDR *addr, int options); +int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options); +int BIO_closesocket(int sock); + +BIO *BIO_new_socket(int sock, int close_flag); +BIO *BIO_new_connect(const char *host_port); +BIO *BIO_new_accept(const char *host_port); +# endif /* OPENSSL_NO_SOCK*/ + +BIO *BIO_new_fd(int fd, int close_flag); + +int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +/* + * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. + * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default + * value. + */ + +void BIO_copy_next_retry(BIO *b); + +/* + * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); + */ + +# define ossl_bio__attr__(x) +# if defined(__GNUC__) && defined(__STDC_VERSION__) \ + && !defined(__APPLE__) + /* + * Because we support the 'z' modifier, which made its appearance in C99, + * we can't use __attribute__ with pre C99 dialects. + */ +# if __STDC_VERSION__ >= 199901L +# undef ossl_bio__attr__ +# define ossl_bio__attr__ __attribute__ +# if __GNUC__*10 + __GNUC_MINOR__ >= 44 +# define ossl_bio__printf__ __gnu_printf__ +# else +# define ossl_bio__printf__ __printf__ +# endif +# endif +# endif +int BIO_printf(BIO *bio, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3))); +int BIO_vprintf(BIO *bio, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0))); +int BIO_snprintf(char *buf, size_t n, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4))); +int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); +# undef ossl_bio__attr__ +# undef ossl_bio__printf__ + + +BIO_METHOD *BIO_meth_new(int type, const char *name); +void BIO_meth_free(BIO_METHOD *biom); +int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); +int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t, + size_t *); +int BIO_meth_set_write(BIO_METHOD *biom, + int (*write) (BIO *, const char *, int)); +int BIO_meth_set_write_ex(BIO_METHOD *biom, + int (*bwrite) (BIO *, const char *, size_t, size_t *)); +int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *); +int BIO_meth_set_read(BIO_METHOD *biom, + int (*read) (BIO *, char *, int)); +int BIO_meth_set_read_ex(BIO_METHOD *biom, + int (*bread) (BIO *, char *, size_t, size_t *)); +int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); +int BIO_meth_set_puts(BIO_METHOD *biom, + int (*puts) (BIO *, const char *)); +int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); +int BIO_meth_set_gets(BIO_METHOD *biom, + int (*gets) (BIO *, char *, int)); +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); +int BIO_meth_set_ctrl(BIO_METHOD *biom, + long (*ctrl) (BIO *, int, long, void *)); +int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); +int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); +int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); +int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) + (BIO *, int, BIO_info_cb *); +int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, + long (*callback_ctrl) (BIO *, int, + BIO_info_cb *)); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/bioerr.h b/deps/openssl/mingw64/include/openssl/bioerr.h new file mode 100644 index 00000000..46e2c96e --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/bioerr.h @@ -0,0 +1,124 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BIOERR_H +# define HEADER_BIOERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BIO_strings(void); + +/* + * BIO function codes. + */ +# define BIO_F_ACPT_STATE 100 +# define BIO_F_ADDRINFO_WRAP 148 +# define BIO_F_ADDR_STRINGS 134 +# define BIO_F_BIO_ACCEPT 101 +# define BIO_F_BIO_ACCEPT_EX 137 +# define BIO_F_BIO_ACCEPT_NEW 152 +# define BIO_F_BIO_ADDR_NEW 144 +# define BIO_F_BIO_BIND 147 +# define BIO_F_BIO_CALLBACK_CTRL 131 +# define BIO_F_BIO_CONNECT 138 +# define BIO_F_BIO_CONNECT_NEW 153 +# define BIO_F_BIO_CTRL 103 +# define BIO_F_BIO_GETS 104 +# define BIO_F_BIO_GET_HOST_IP 106 +# define BIO_F_BIO_GET_NEW_INDEX 102 +# define BIO_F_BIO_GET_PORT 107 +# define BIO_F_BIO_LISTEN 139 +# define BIO_F_BIO_LOOKUP 135 +# define BIO_F_BIO_LOOKUP_EX 143 +# define BIO_F_BIO_MAKE_PAIR 121 +# define BIO_F_BIO_METH_NEW 146 +# define BIO_F_BIO_NEW 108 +# define BIO_F_BIO_NEW_DGRAM_SCTP 145 +# define BIO_F_BIO_NEW_FILE 109 +# define BIO_F_BIO_NEW_MEM_BUF 126 +# define BIO_F_BIO_NREAD 123 +# define BIO_F_BIO_NREAD0 124 +# define BIO_F_BIO_NWRITE 125 +# define BIO_F_BIO_NWRITE0 122 +# define BIO_F_BIO_PARSE_HOSTSERV 136 +# define BIO_F_BIO_PUTS 110 +# define BIO_F_BIO_READ 111 +# define BIO_F_BIO_READ_EX 105 +# define BIO_F_BIO_READ_INTERN 120 +# define BIO_F_BIO_SOCKET 140 +# define BIO_F_BIO_SOCKET_NBIO 142 +# define BIO_F_BIO_SOCK_INFO 141 +# define BIO_F_BIO_SOCK_INIT 112 +# define BIO_F_BIO_WRITE 113 +# define BIO_F_BIO_WRITE_EX 119 +# define BIO_F_BIO_WRITE_INTERN 128 +# define BIO_F_BUFFER_CTRL 114 +# define BIO_F_CONN_CTRL 127 +# define BIO_F_CONN_STATE 115 +# define BIO_F_DGRAM_SCTP_NEW 149 +# define BIO_F_DGRAM_SCTP_READ 132 +# define BIO_F_DGRAM_SCTP_WRITE 133 +# define BIO_F_DOAPR_OUTCH 150 +# define BIO_F_FILE_CTRL 116 +# define BIO_F_FILE_READ 130 +# define BIO_F_LINEBUFFER_CTRL 129 +# define BIO_F_LINEBUFFER_NEW 151 +# define BIO_F_MEM_WRITE 117 +# define BIO_F_NBIOF_NEW 154 +# define BIO_F_SLG_WRITE 155 +# define BIO_F_SSL_NEW 118 + +/* + * BIO reason codes. + */ +# define BIO_R_ACCEPT_ERROR 100 +# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141 +# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129 +# define BIO_R_BAD_FOPEN_MODE 101 +# define BIO_R_BROKEN_PIPE 124 +# define BIO_R_CONNECT_ERROR 103 +# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +# define BIO_R_GETSOCKNAME_ERROR 132 +# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133 +# define BIO_R_GETTING_SOCKTYPE 134 +# define BIO_R_INVALID_ARGUMENT 125 +# define BIO_R_INVALID_SOCKET 135 +# define BIO_R_IN_USE 123 +# define BIO_R_LENGTH_TOO_LONG 102 +# define BIO_R_LISTEN_V6_ONLY 136 +# define BIO_R_LOOKUP_RETURNED_NOTHING 142 +# define BIO_R_MALFORMED_HOST_OR_SERVICE 130 +# define BIO_R_NBIO_CONNECT_ERROR 110 +# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 +# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 +# define BIO_R_NO_PORT_DEFINED 113 +# define BIO_R_NO_SUCH_FILE 128 +# define BIO_R_NULL_PARAMETER 115 +# define BIO_R_UNABLE_TO_BIND_SOCKET 117 +# define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +# define BIO_R_UNABLE_TO_KEEPALIVE 137 +# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +# define BIO_R_UNABLE_TO_NODELAY 138 +# define BIO_R_UNABLE_TO_REUSEADDR 139 +# define BIO_R_UNAVAILABLE_IP_FAMILY 145 +# define BIO_R_UNINITIALIZED 120 +# define BIO_R_UNKNOWN_INFO_TYPE 140 +# define BIO_R_UNSUPPORTED_IP_FAMILY 146 +# define BIO_R_UNSUPPORTED_METHOD 121 +# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 +# define BIO_R_WRITE_TO_READ_ONLY_BIO 126 +# define BIO_R_WSASTARTUP 122 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/blowfish.h b/deps/openssl/mingw64/include/openssl/blowfish.h new file mode 100644 index 00000000..cd3e460e --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/blowfish.h @@ -0,0 +1,61 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BLOWFISH_H +# define HEADER_BLOWFISH_H + +# include + +# ifndef OPENSSL_NO_BF +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define BF_ENCRYPT 1 +# define BF_DECRYPT 0 + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! BF_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define BF_LONG unsigned int + +# define BF_ROUNDS 16 +# define BF_BLOCK 8 + +typedef struct bf_key_st { + BF_LONG P[BF_ROUNDS + 2]; + BF_LONG S[4 * 256]; +} BF_KEY; + +void BF_set_key(BF_KEY *key, int len, const unsigned char *data); + +void BF_encrypt(BF_LONG *data, const BF_KEY *key); +void BF_decrypt(BF_LONG *data, const BF_KEY *key); + +void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, + const BF_KEY *key, int enc); +void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + const BF_KEY *schedule, unsigned char *ivec, int enc); +void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num); +const char *BF_options(void); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/bn.h b/deps/openssl/mingw64/include/openssl/bn.h new file mode 100644 index 00000000..8af05d00 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/bn.h @@ -0,0 +1,539 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BN_H +# define HEADER_BN_H + +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * 64-bit processor with LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT_LONG +# define BN_ULONG unsigned long +# define BN_BYTES 8 +# endif + +/* + * 64-bit processor other than LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT +# define BN_ULONG unsigned long long +# define BN_BYTES 8 +# endif + +# ifdef THIRTY_TWO_BIT +# define BN_ULONG unsigned int +# define BN_BYTES 4 +# endif + +# define BN_BITS2 (BN_BYTES * 8) +# define BN_BITS (BN_BITS2 * 2) +# define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1)) + +# define BN_FLG_MALLOCED 0x01 +# define BN_FLG_STATIC_DATA 0x02 + +/* + * avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ +# define BN_FLG_CONSTTIME 0x04 +# define BN_FLG_SECURE 0x08 + +# if OPENSSL_API_COMPAT < 0x00908000L +/* deprecated name for the flag */ +# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME +# define BN_FLG_FREE 0x8000 /* used for debugging */ +# endif + +void BN_set_flags(BIGNUM *b, int n); +int BN_get_flags(const BIGNUM *b, int n); + +/* Values for |top| in BN_rand() */ +#define BN_RAND_TOP_ANY -1 +#define BN_RAND_TOP_ONE 0 +#define BN_RAND_TOP_TWO 1 + +/* Values for |bottom| in BN_rand() */ +#define BN_RAND_BOTTOM_ANY 0 +#define BN_RAND_BOTTOM_ODD 1 + +/* + * get a clone of a BIGNUM with changed flags, for *temporary* use only (the + * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The + * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that + * has not been otherwise initialised or used. + */ +void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); + +/* Wrapper function to make using BN_GENCB easier */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); + +BN_GENCB *BN_GENCB_new(void); +void BN_GENCB_free(BN_GENCB *cb); + +/* Populate a BN_GENCB structure with an "old"-style callback */ +void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), + void *cb_arg); + +/* Populate a BN_GENCB structure with a "new"-style callback */ +void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), + void *cb_arg); + +void *BN_GENCB_get_arg(BN_GENCB *cb); + +# define BN_prime_checks 0 /* default: select number of iterations based + * on the size of the number */ + +/* + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit + */ + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) + +# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + +int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_zero(const BIGNUM *a); +int BN_is_one(const BIGNUM *a); +int BN_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_odd(const BIGNUM *a); + +# define BN_one(a) (BN_set_word((a),1)) + +void BN_zero_ex(BIGNUM *a); + +# if OPENSSL_API_COMPAT >= 0x00908000L +# define BN_zero(a) BN_zero_ex(a) +# else +# define BN_zero(a) (BN_set_word((a),0)) +# endif + +const BIGNUM *BN_value_one(void); +char *BN_options(void); +BN_CTX *BN_CTX_new(void); +BN_CTX *BN_CTX_secure_new(void); +void BN_CTX_free(BN_CTX *c); +void BN_CTX_start(BN_CTX *ctx); +BIGNUM *BN_CTX_get(BN_CTX *ctx); +void BN_CTX_end(BN_CTX *ctx); +int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_num_bits(const BIGNUM *a); +int BN_num_bits_word(BN_ULONG l); +int BN_security_bits(int L, int N); +BIGNUM *BN_new(void); +BIGNUM *BN_secure_new(void); +void BN_clear_free(BIGNUM *a); +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +void BN_swap(BIGNUM *a, BIGNUM *b); +BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2bin(const BIGNUM *a, unsigned char *to); +int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +void BN_set_negative(BIGNUM *b, int n); +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param b pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +int BN_is_negative(const BIGNUM *b); + +int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +int BN_mul_word(BIGNUM *a, BN_ULONG w); +int BN_add_word(BIGNUM *a, BN_ULONG w); +int BN_sub_word(BIGNUM *a, BN_ULONG w); +int BN_set_word(BIGNUM *a, BN_ULONG w); +BN_ULONG BN_get_word(const BIGNUM *a); + +int BN_cmp(const BIGNUM *a, const BIGNUM *b); +void BN_free(BIGNUM *a); +int BN_is_bit_set(const BIGNUM *a, int n); +int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_lshift1(BIGNUM *r, const BIGNUM *a); +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); +int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); + +int BN_mask_bits(BIGNUM *a, int n); +# ifndef OPENSSL_NO_STDIO +int BN_print_fp(FILE *fp, const BIGNUM *a); +# endif +int BN_print(BIO *bio, const BIGNUM *a); +int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); +int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_rshift1(BIGNUM *r, const BIGNUM *a); +void BN_clear(BIGNUM *a); +BIGNUM *BN_dup(const BIGNUM *a); +int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +int BN_set_bit(BIGNUM *a, int n); +int BN_clear_bit(BIGNUM *a, int n); +char *BN_bn2hex(const BIGNUM *a); +char *BN_bn2dec(const BIGNUM *a); +int BN_hex2bn(BIGNUM **a, const char *str); +int BN_dec2bn(BIGNUM **a, const char *str); +int BN_asc2bn(BIGNUM **a, const char *str); +int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns + * -2 for + * error */ +BIGNUM *BN_mod_inverse(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); +BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + +/* Deprecated versions */ +DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, + const BIGNUM *rem, + void (*callback) (int, int, + void *), + void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime_fasttest(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg, + int do_trial_division)) + +/* Newer versions */ +int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); + +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, + const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, + BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, + BN_CTX *ctx, BN_GENCB *cb); + +BN_MONT_CTX *BN_MONT_CTX_new(void); +int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +void BN_MONT_CTX_free(BN_MONT_CTX *mont); +int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, + const BIGNUM *mod, BN_CTX *ctx); + +/* BN_BLINDING flags */ +# define BN_BLINDING_NO_UPDATE 0x00000001 +# define BN_BLINDING_NO_RECREATE 0x00000002 + +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); +void BN_BLINDING_free(BN_BLINDING *b); +int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, + BN_CTX *); + +int BN_BLINDING_is_current_thread(BN_BLINDING *b); +void BN_BLINDING_set_current_thread(BN_BLINDING *b); +int BN_BLINDING_lock(BN_BLINDING *b); +int BN_BLINDING_unlock(BN_BLINDING *b); + +unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); + +DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont)) +DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3 + * mont */ + +BN_RECP_CTX *BN_RECP_CTX_new(void); +void BN_RECP_CTX_free(BN_RECP_CTX *recp); +int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); +int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, + BN_RECP_CTX *recp, BN_CTX *ctx); +int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx); + +# ifndef OPENSSL_NO_EC2M + +/* + * Functions for arithmetic over binary polynomials represented by BIGNUMs. + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is + * ignored. Note that input arguments are not const so that their bit arrays + * can be expanded to the appropriate size if needed. + */ + +/* + * r = a + b + */ +int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +/* + * r=a mod p + */ +int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +/*- + * Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +/* r = a mod p */ +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], + BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], + BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); +int BN_GF2m_arr2poly(const int p[], BIGNUM *a); + +# endif + +/* + * faster mod functions for the 'NIST primes' 0 <= a < p^2 + */ +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +const BIGNUM *BN_get0_nist_prime_192(void); +const BIGNUM *BN_get0_nist_prime_224(void); +const BIGNUM *BN_get0_nist_prime_256(void); +const BIGNUM *BN_get0_nist_prime_384(void); +const BIGNUM *BN_get0_nist_prime_521(void); + +int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, + const BIGNUM *field, BN_CTX *ctx); + +int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, + const BIGNUM *priv, const unsigned char *message, + size_t message_len, BN_CTX *ctx); + +/* Primes from RFC 2409 */ +BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 +# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 +# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 +# define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048 +# define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072 +# define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096 +# define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144 +# define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192 +# endif + +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/bnerr.h b/deps/openssl/mingw64/include/openssl/bnerr.h new file mode 100644 index 00000000..9f3c7cfa --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/bnerr.h @@ -0,0 +1,100 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BNERR_H +# define HEADER_BNERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BN_strings(void); + +/* + * BN function codes. + */ +# define BN_F_BNRAND 127 +# define BN_F_BNRAND_RANGE 138 +# define BN_F_BN_BLINDING_CONVERT_EX 100 +# define BN_F_BN_BLINDING_CREATE_PARAM 128 +# define BN_F_BN_BLINDING_INVERT_EX 101 +# define BN_F_BN_BLINDING_NEW 102 +# define BN_F_BN_BLINDING_UPDATE 103 +# define BN_F_BN_BN2DEC 104 +# define BN_F_BN_BN2HEX 105 +# define BN_F_BN_COMPUTE_WNAF 142 +# define BN_F_BN_CTX_GET 116 +# define BN_F_BN_CTX_NEW 106 +# define BN_F_BN_CTX_START 129 +# define BN_F_BN_DIV 107 +# define BN_F_BN_DIV_RECP 130 +# define BN_F_BN_EXP 123 +# define BN_F_BN_EXPAND_INTERNAL 120 +# define BN_F_BN_GENCB_NEW 143 +# define BN_F_BN_GENERATE_DSA_NONCE 140 +# define BN_F_BN_GENERATE_PRIME_EX 141 +# define BN_F_BN_GF2M_MOD 131 +# define BN_F_BN_GF2M_MOD_EXP 132 +# define BN_F_BN_GF2M_MOD_MUL 133 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 +# define BN_F_BN_GF2M_MOD_SQR 136 +# define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 +# define BN_F_BN_MOD_EXP2_MONT 118 +# define BN_F_BN_MOD_EXP_MONT 109 +# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 +# define BN_F_BN_MOD_EXP_MONT_WORD 117 +# define BN_F_BN_MOD_EXP_RECP 125 +# define BN_F_BN_MOD_EXP_SIMPLE 126 +# define BN_F_BN_MOD_INVERSE 110 +# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 +# define BN_F_BN_MOD_LSHIFT_QUICK 119 +# define BN_F_BN_MOD_SQRT 121 +# define BN_F_BN_MONT_CTX_NEW 149 +# define BN_F_BN_MPI2BN 112 +# define BN_F_BN_NEW 113 +# define BN_F_BN_POOL_GET 147 +# define BN_F_BN_RAND 114 +# define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RECP_CTX_NEW 150 +# define BN_F_BN_RSHIFT 146 +# define BN_F_BN_SET_WORDS 144 +# define BN_F_BN_STACK_PUSH 148 +# define BN_F_BN_USUB 115 + +/* + * BN reason codes. + */ +# define BN_R_ARG2_LT_ARG3 100 +# define BN_R_BAD_RECIPROCAL 101 +# define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 +# define BN_R_CALLED_WITH_EVEN_MODULUS 102 +# define BN_R_DIV_BY_ZERO 103 +# define BN_R_ENCODING_ERROR 104 +# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +# define BN_R_INPUT_NOT_REDUCED 110 +# define BN_R_INVALID_LENGTH 106 +# define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 +# define BN_R_NOT_A_SQUARE 111 +# define BN_R_NOT_INITIALIZED 107 +# define BN_R_NO_INVERSE 108 +# define BN_R_NO_SOLUTION 116 +# define BN_R_PRIVATE_KEY_TOO_LARGE 117 +# define BN_R_P_IS_NOT_PRIME 112 +# define BN_R_TOO_MANY_ITERATIONS 113 +# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/buffer.h b/deps/openssl/mingw64/include/openssl/buffer.h new file mode 100644 index 00000000..d2765766 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/buffer.h @@ -0,0 +1,58 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BUFFER_H +# define HEADER_BUFFER_H + +# include +# ifndef HEADER_CRYPTO_H +# include +# endif +# include + + +#ifdef __cplusplus +extern "C" { +#endif + +# include +# include + +/* + * These names are outdated as of OpenSSL 1.1; a future release + * will move them to be deprecated. + */ +# define BUF_strdup(s) OPENSSL_strdup(s) +# define BUF_strndup(s, size) OPENSSL_strndup(s, size) +# define BUF_memdup(data, size) OPENSSL_memdup(data, size) +# define BUF_strlcpy(dst, src, size) OPENSSL_strlcpy(dst, src, size) +# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size) +# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen) + +struct buf_mem_st { + size_t length; /* current number of bytes */ + char *data; + size_t max; /* size of buffer */ + unsigned long flags; +}; + +# define BUF_MEM_FLAG_SECURE 0x01 + +BUF_MEM *BUF_MEM_new(void); +BUF_MEM *BUF_MEM_new_ex(unsigned long flags); +void BUF_MEM_free(BUF_MEM *a); +size_t BUF_MEM_grow(BUF_MEM *str, size_t len); +size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/buffererr.h b/deps/openssl/mingw64/include/openssl/buffererr.h new file mode 100644 index 00000000..04f6ff7a --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/buffererr.h @@ -0,0 +1,34 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BUFERR_H +# define HEADER_BUFERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BUF_strings(void); + +/* + * BUF function codes. + */ +# define BUF_F_BUF_MEM_GROW 100 +# define BUF_F_BUF_MEM_GROW_CLEAN 105 +# define BUF_F_BUF_MEM_NEW 101 + +/* + * BUF reason codes. + */ + +#endif diff --git a/deps/openssl/mingw64/include/openssl/camellia.h b/deps/openssl/mingw64/include/openssl/camellia.h new file mode 100644 index 00000000..151f3c13 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/camellia.h @@ -0,0 +1,83 @@ +/* + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CAMELLIA_H +# define HEADER_CAMELLIA_H + +# include + +# ifndef OPENSSL_NO_CAMELLIA +# include +#ifdef __cplusplus +extern "C" { +#endif + +# define CAMELLIA_ENCRYPT 1 +# define CAMELLIA_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ + +/* This should be a hidden type, but EVP requires that the size be known */ + +# define CAMELLIA_BLOCK_SIZE 16 +# define CAMELLIA_TABLE_BYTE_LEN 272 +# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) + +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match + * with WORD */ + +struct camellia_key_st { + union { + double d; /* ensures 64-bit align */ + KEY_TABLE_TYPE rd_key; + } u; + int grand_rounds; +}; +typedef struct camellia_key_st CAMELLIA_KEY; + +int Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); + +void Camellia_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); +void Camellia_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); + +void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key, const int enc); +void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, const int enc); +void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num); +void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/cast.h b/deps/openssl/mingw64/include/openssl/cast.h new file mode 100644 index 00000000..2cc89ae0 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/cast.h @@ -0,0 +1,53 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CAST_H +# define HEADER_CAST_H + +# include + +# ifndef OPENSSL_NO_CAST +# ifdef __cplusplus +extern "C" { +# endif + +# define CAST_ENCRYPT 1 +# define CAST_DECRYPT 0 + +# define CAST_LONG unsigned int + +# define CAST_BLOCK 8 +# define CAST_KEY_LENGTH 16 + +typedef struct cast_key_st { + CAST_LONG data[32]; + int short_key; /* Use reduced rounds for short key */ +} CAST_KEY; + +void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAST_KEY *key, int enc); +void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *ks, unsigned char *iv, + int enc); +void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/cmac.h b/deps/openssl/mingw64/include/openssl/cmac.h new file mode 100644 index 00000000..3535a9ab --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/cmac.h @@ -0,0 +1,41 @@ +/* + * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMAC_H +# define HEADER_CMAC_H + +# ifndef OPENSSL_NO_CMAC + +#ifdef __cplusplus +extern "C" { +#endif + +# include + +/* Opaque */ +typedef struct CMAC_CTX_st CMAC_CTX; + +CMAC_CTX *CMAC_CTX_new(void); +void CMAC_CTX_cleanup(CMAC_CTX *ctx); +void CMAC_CTX_free(CMAC_CTX *ctx); +EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx); +int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); + +int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl); +int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); +int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen); +int CMAC_resume(CMAC_CTX *ctx); + +#ifdef __cplusplus +} +#endif + +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/cms.h b/deps/openssl/mingw64/include/openssl/cms.h new file mode 100644 index 00000000..c7627968 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/cms.h @@ -0,0 +1,339 @@ +/* + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMS_H +# define HEADER_CMS_H + +# include + +# ifndef OPENSSL_NO_CMS +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct CMS_ContentInfo_st CMS_ContentInfo; +typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_CertificateChoices CMS_CertificateChoices; +typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; +typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; +typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; +typedef struct CMS_Receipt_st CMS_Receipt; +typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; +typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; + +DEFINE_STACK_OF(CMS_SignerInfo) +DEFINE_STACK_OF(CMS_RecipientEncryptedKey) +DEFINE_STACK_OF(CMS_RecipientInfo) +DEFINE_STACK_OF(CMS_RevocationInfoChoice) +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) +DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) +DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) + +# define CMS_SIGNERINFO_ISSUER_SERIAL 0 +# define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +# define CMS_RECIPINFO_NONE -1 +# define CMS_RECIPINFO_TRANS 0 +# define CMS_RECIPINFO_AGREE 1 +# define CMS_RECIPINFO_KEK 2 +# define CMS_RECIPINFO_PASS 3 +# define CMS_RECIPINFO_OTHER 4 + +/* S/MIME related flags */ + +# define CMS_TEXT 0x1 +# define CMS_NOCERTS 0x2 +# define CMS_NO_CONTENT_VERIFY 0x4 +# define CMS_NO_ATTR_VERIFY 0x8 +# define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) +# define CMS_NOINTERN 0x10 +# define CMS_NO_SIGNER_CERT_VERIFY 0x20 +# define CMS_NOVERIFY 0x20 +# define CMS_DETACHED 0x40 +# define CMS_BINARY 0x80 +# define CMS_NOATTR 0x100 +# define CMS_NOSMIMECAP 0x200 +# define CMS_NOOLDMIMETYPE 0x400 +# define CMS_CRLFEOL 0x800 +# define CMS_STREAM 0x1000 +# define CMS_NOCRL 0x2000 +# define CMS_PARTIAL 0x4000 +# define CMS_REUSE_DIGEST 0x8000 +# define CMS_USE_KEYID 0x10000 +# define CMS_DEBUG_DECRYPT 0x20000 +# define CMS_KEY_PARAM 0x40000 +# define CMS_ASCIICRLF 0x80000 + +const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +int CMS_is_detached(CMS_ContentInfo *cms); +int CMS_set_detached(CMS_ContentInfo *cms, int detached); + +# ifdef HEADER_PEM_H +DECLARE_PEM_rw_const(CMS, CMS_ContentInfo) +# endif +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); + +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, + int flags); +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, + unsigned int flags); + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, BIO *data, + unsigned int flags); + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, unsigned int flags); + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags); + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags); + +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, + size_t keylen, unsigned int flags); + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen); + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags); + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags); + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, + BIO *dcont, BIO *out, unsigned int flags); + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, + const unsigned char *id, size_t idlen); +int CMS_decrypt_set1_password(CMS_ContentInfo *cms, + unsigned char *pass, ossl_ssize_t passlen); + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, + X509 *recip, unsigned int flags); +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg); +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype); + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, + unsigned char *key, size_t keylen); + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen); + +int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, + unsigned char *pass, + ossl_ssize_t passlen); + +CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, + int iter, int wrap_nid, + int pbe_nid, + unsigned char *pass, + ossl_ssize_t passlen, + const EVP_CIPHER *kekciph); + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); + +int CMS_SignedData_init(CMS_ContentInfo *cms); +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags); +EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); +EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + unsigned int flags); +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, + X509 **signer, X509_ALGOR **pdig, + X509_ALGOR **psig); +ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +int CMS_SignerInfo_sign(CMS_SignerInfo *si); +int CMS_SignerInfo_verify(CMS_SignerInfo *si); +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, + int algnid, int keysize); +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si); +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, + int allorfirst, + STACK_OF(GENERAL_NAMES) + *receiptList, STACK_OF(GENERAL_NAMES) + *receiptsTo); +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); +int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pukm); +STACK_OF(CMS_RecipientEncryptedKey) +*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); + +int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, + X509_ALGOR **pubalg, + ASN1_BIT_STRING **pubkey, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); + +int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, + ASN1_OCTET_STRING **keyid, + ASN1_GENERALIZEDTIME **tm, + CMS_OtherKeyAttribute **other, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, + X509 *cert); +int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); +EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); +int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri, + CMS_RecipientEncryptedKey *rek); + +int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, + ASN1_OCTET_STRING *ukm, int keylen); + +/* Backward compatibility for spelling errors. */ +# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM +# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \ + CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/cmserr.h b/deps/openssl/mingw64/include/openssl/cmserr.h new file mode 100644 index 00000000..7dbc13dc --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/cmserr.h @@ -0,0 +1,202 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMSERR_H +# define HEADER_CMSERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_CMS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CMS_strings(void); + +/* + * CMS function codes. + */ +# define CMS_F_CHECK_CONTENT 99 +# define CMS_F_CMS_ADD0_CERT 164 +# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 +# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165 +# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 +# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 +# define CMS_F_CMS_ADD1_SIGNER 102 +# define CMS_F_CMS_ADD1_SIGNINGTIME 103 +# define CMS_F_CMS_COMPRESS 104 +# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 +# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 +# define CMS_F_CMS_COPY_CONTENT 107 +# define CMS_F_CMS_COPY_MESSAGEDIGEST 108 +# define CMS_F_CMS_DATA 109 +# define CMS_F_CMS_DATAFINAL 110 +# define CMS_F_CMS_DATAINIT 111 +# define CMS_F_CMS_DECRYPT 112 +# define CMS_F_CMS_DECRYPT_SET1_KEY 113 +# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166 +# define CMS_F_CMS_DECRYPT_SET1_PKEY 114 +# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 +# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 +# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 +# define CMS_F_CMS_DIGEST_VERIFY 118 +# define CMS_F_CMS_ENCODE_RECEIPT 161 +# define CMS_F_CMS_ENCRYPT 119 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 179 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 +# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 +# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 +# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 +# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 +# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 +# define CMS_F_CMS_ENVELOPED_DATA_INIT 126 +# define CMS_F_CMS_ENV_ASN1_CTRL 171 +# define CMS_F_CMS_FINAL 127 +# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 +# define CMS_F_CMS_GET0_CONTENT 129 +# define CMS_F_CMS_GET0_ECONTENT_TYPE 130 +# define CMS_F_CMS_GET0_ENVELOPED 131 +# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 +# define CMS_F_CMS_GET0_SIGNED 133 +# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 +# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 +# define CMS_F_CMS_RECEIPT_VERIFY 160 +# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 +# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 +# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167 +# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 +# define CMS_F_CMS_SD_ASN1_CTRL 170 +# define CMS_F_CMS_SET1_IAS 176 +# define CMS_F_CMS_SET1_KEYID 177 +# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 +# define CMS_F_CMS_SET_DETACHED 147 +# define CMS_F_CMS_SIGN 148 +# define CMS_F_CMS_SIGNED_DATA_INIT 149 +# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 +# define CMS_F_CMS_SIGNERINFO_SIGN 151 +# define CMS_F_CMS_SIGNERINFO_VERIFY 152 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 +# define CMS_F_CMS_SIGN_RECEIPT 163 +# define CMS_F_CMS_SI_CHECK_ATTRIBUTES 183 +# define CMS_F_CMS_STREAM 155 +# define CMS_F_CMS_UNCOMPRESS 156 +# define CMS_F_CMS_VERIFY 157 +# define CMS_F_KEK_UNWRAP_KEY 180 + +/* + * CMS reason codes. + */ +# define CMS_R_ADD_SIGNER_ERROR 99 +# define CMS_R_ATTRIBUTE_ERROR 161 +# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +# define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +# define CMS_R_CIPHER_INITIALISATION_ERROR 101 +# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +# define CMS_R_CMS_DATAFINAL_ERROR 103 +# define CMS_R_CMS_LIB 104 +# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +# define CMS_R_CONTENT_NOT_FOUND 105 +# define CMS_R_CONTENT_TYPE_MISMATCH 171 +# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +# define CMS_R_CONTENT_VERIFY_ERROR 109 +# define CMS_R_CTRL_ERROR 110 +# define CMS_R_CTRL_FAILURE 111 +# define CMS_R_DECRYPT_ERROR 112 +# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +# define CMS_R_ERROR_SETTING_KEY 115 +# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 +# define CMS_R_INVALID_KEY_LENGTH 118 +# define CMS_R_MD_BIO_INIT_ERROR 119 +# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +# define CMS_R_MSGSIGDIGEST_ERROR 172 +# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +# define CMS_R_NEED_ONE_SIGNER 164 +# define CMS_R_NOT_A_SIGNED_RECEIPT 165 +# define CMS_R_NOT_ENCRYPTED_DATA 122 +# define CMS_R_NOT_KEK 123 +# define CMS_R_NOT_KEY_AGREEMENT 181 +# define CMS_R_NOT_KEY_TRANSPORT 124 +# define CMS_R_NOT_PWRI 177 +# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +# define CMS_R_NO_CIPHER 126 +# define CMS_R_NO_CONTENT 127 +# define CMS_R_NO_CONTENT_TYPE 173 +# define CMS_R_NO_DEFAULT_DIGEST 128 +# define CMS_R_NO_DIGEST_SET 129 +# define CMS_R_NO_KEY 130 +# define CMS_R_NO_KEY_OR_CERT 174 +# define CMS_R_NO_MATCHING_DIGEST 131 +# define CMS_R_NO_MATCHING_RECIPIENT 132 +# define CMS_R_NO_MATCHING_SIGNATURE 166 +# define CMS_R_NO_MSGSIGDIGEST 167 +# define CMS_R_NO_PASSWORD 178 +# define CMS_R_NO_PRIVATE_KEY 133 +# define CMS_R_NO_PUBLIC_KEY 134 +# define CMS_R_NO_RECEIPT_REQUEST 168 +# define CMS_R_NO_SIGNERS 135 +# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +# define CMS_R_RECEIPT_DECODE_ERROR 169 +# define CMS_R_RECIPIENT_ERROR 137 +# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +# define CMS_R_SIGNFINAL_ERROR 139 +# define CMS_R_SMIME_TEXT_ERROR 140 +# define CMS_R_STORE_INIT_ERROR 141 +# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +# define CMS_R_TYPE_NOT_DATA 143 +# define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +# define CMS_R_UNKNOWN_CIPHER 148 +# define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149 +# define CMS_R_UNKNOWN_ID 150 +# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 +# define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 +# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +# define CMS_R_UNSUPPORTED_TYPE 156 +# define CMS_R_UNWRAP_ERROR 157 +# define CMS_R_UNWRAP_FAILURE 180 +# define CMS_R_VERIFICATION_FAILURE 158 +# define CMS_R_WRAP_ERROR 159 + +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/comp.h b/deps/openssl/mingw64/include/openssl/comp.h new file mode 100644 index 00000000..d814d3cf --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/comp.h @@ -0,0 +1,53 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_COMP_H +# define HEADER_COMP_H + +# include + +# ifndef OPENSSL_NO_COMP +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + + +COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); +int COMP_CTX_get_type(const COMP_CTX* comp); +int COMP_get_type(const COMP_METHOD *meth); +const char *COMP_get_name(const COMP_METHOD *meth); +void COMP_CTX_free(COMP_CTX *ctx); + +int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); +int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); + +COMP_METHOD *COMP_zlib(void); + +#if OPENSSL_API_COMPAT < 0x10100000L +#define COMP_zlib_cleanup() while(0) continue +#endif + +# ifdef HEADER_BIO_H +# ifdef ZLIB +const BIO_METHOD *BIO_f_zlib(void); +# endif +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/comperr.h b/deps/openssl/mingw64/include/openssl/comperr.h new file mode 100644 index 00000000..90231e9a --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/comperr.h @@ -0,0 +1,44 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_COMPERR_H +# define HEADER_COMPERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_COMP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_COMP_strings(void); + +/* + * COMP function codes. + */ +# define COMP_F_BIO_ZLIB_FLUSH 99 +# define COMP_F_BIO_ZLIB_NEW 100 +# define COMP_F_BIO_ZLIB_READ 101 +# define COMP_F_BIO_ZLIB_WRITE 102 +# define COMP_F_COMP_CTX_NEW 103 + +/* + * COMP reason codes. + */ +# define COMP_R_ZLIB_DEFLATE_ERROR 99 +# define COMP_R_ZLIB_INFLATE_ERROR 100 +# define COMP_R_ZLIB_NOT_SUPPORTED 101 + +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/conf.h b/deps/openssl/mingw64/include/openssl/conf.h new file mode 100644 index 00000000..7336cd2f --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/conf.h @@ -0,0 +1,168 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONF_H +# define HEADER_CONF_H + +# include +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + char *section; + char *name; + char *value; +} CONF_VALUE; + +DEFINE_STACK_OF(CONF_VALUE) +DEFINE_LHASH_OF(CONF_VALUE); + +struct conf_st; +struct conf_method_st; +typedef struct conf_method_st CONF_METHOD; + +struct conf_method_st { + const char *name; + CONF *(*create) (CONF_METHOD *meth); + int (*init) (CONF *conf); + int (*destroy) (CONF *conf); + int (*destroy_data) (CONF *conf); + int (*load_bio) (CONF *conf, BIO *bp, long *eline); + int (*dump) (const CONF *conf, BIO *bp); + int (*is_number) (const CONF *conf, char c); + int (*to_int) (const CONF *conf, char c); + int (*load) (CONF *conf, const char *name, long *eline); +}; + +/* Module definitions */ + +typedef struct conf_imodule_st CONF_IMODULE; +typedef struct conf_module_st CONF_MODULE; + +DEFINE_STACK_OF(CONF_MODULE) +DEFINE_STACK_OF(CONF_IMODULE) + +/* DSO module function typedefs */ +typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); +typedef void conf_finish_func (CONF_IMODULE *md); + +# define CONF_MFLAGS_IGNORE_ERRORS 0x1 +# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 +# define CONF_MFLAGS_SILENT 0x4 +# define CONF_MFLAGS_NO_DSO 0x8 +# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +# define CONF_MFLAGS_DEFAULT_SECTION 0x20 + +int CONF_set_default_method(CONF_METHOD *meth); +void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); +LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + long *eline); +# ifndef OPENSSL_NO_STDIO +LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline); +# endif +LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, + long *eline); +STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, + const char *section); +char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +void CONF_free(LHASH_OF(CONF_VALUE) *conf); +#ifndef OPENSSL_NO_STDIO +int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +#endif +int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); + +DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name)) + +#if OPENSSL_API_COMPAT < 0x10100000L +# define OPENSSL_no_config() \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) +#endif + +/* + * New conf code. The semantics are different from the functions above. If + * that wasn't the case, the above functions would have been replaced + */ + +struct conf_st { + CONF_METHOD *meth; + void *meth_data; + LHASH_OF(CONF_VALUE) *data; +}; + +CONF *NCONF_new(CONF_METHOD *meth); +CONF_METHOD *NCONF_default(void); +CONF_METHOD *NCONF_WIN32(void); +void NCONF_free(CONF *conf); +void NCONF_free_data(CONF *conf); + +int NCONF_load(CONF *conf, const char *file, long *eline); +# ifndef OPENSSL_NO_STDIO +int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); +# endif +int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); +STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, + const char *section); +char *NCONF_get_string(const CONF *conf, const char *group, const char *name); +int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, + long *result); +#ifndef OPENSSL_NO_STDIO +int NCONF_dump_fp(const CONF *conf, FILE *out); +#endif +int NCONF_dump_bio(const CONF *conf, BIO *out); + +#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) + +/* Module functions */ + +int CONF_modules_load(const CONF *cnf, const char *appname, + unsigned long flags); +int CONF_modules_load_file(const char *filename, const char *appname, + unsigned long flags); +void CONF_modules_unload(int all); +void CONF_modules_finish(void); +#if OPENSSL_API_COMPAT < 0x10100000L +# define CONF_modules_free() while(0) continue +#endif +int CONF_module_add(const char *name, conf_init_func *ifunc, + conf_finish_func *ffunc); + +const char *CONF_imodule_get_name(const CONF_IMODULE *md); +const char *CONF_imodule_get_value(const CONF_IMODULE *md); +void *CONF_imodule_get_usr_data(const CONF_IMODULE *md); +void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data); +CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md); +unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md); +void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags); +void *CONF_module_get_usr_data(CONF_MODULE *pmod); +void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); + +char *CONF_get1_default_config_file(void); + +int CONF_parse_list(const char *list, int sep, int nospc, + int (*list_cb) (const char *elem, int len, void *usr), + void *arg); + +void OPENSSL_load_builtin_modules(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/conf_api.h b/deps/openssl/mingw64/include/openssl/conf_api.h new file mode 100644 index 00000000..a0275ad7 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/conf_api.h @@ -0,0 +1,40 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONF_API_H +# define HEADER_CONF_API_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Up until OpenSSL 0.9.5a, this was new_section */ +CONF_VALUE *_CONF_new_section(CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was get_section */ +CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was CONF_get_section */ +STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, + const char *section); + +int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); +char *_CONF_get_string(const CONF *conf, const char *section, + const char *name); +long _CONF_get_number(const CONF *conf, const char *section, + const char *name); + +int _CONF_new_data(CONF *conf); +void _CONF_free_data(CONF *conf); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/conferr.h b/deps/openssl/mingw64/include/openssl/conferr.h new file mode 100644 index 00000000..32b92291 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/conferr.h @@ -0,0 +1,76 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONFERR_H +# define HEADER_CONFERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CONF_strings(void); + +/* + * CONF function codes. + */ +# define CONF_F_CONF_DUMP_FP 104 +# define CONF_F_CONF_LOAD 100 +# define CONF_F_CONF_LOAD_FP 103 +# define CONF_F_CONF_PARSE_LIST 119 +# define CONF_F_DEF_LOAD 120 +# define CONF_F_DEF_LOAD_BIO 121 +# define CONF_F_GET_NEXT_FILE 107 +# define CONF_F_MODULE_ADD 122 +# define CONF_F_MODULE_INIT 115 +# define CONF_F_MODULE_LOAD_DSO 117 +# define CONF_F_MODULE_RUN 118 +# define CONF_F_NCONF_DUMP_BIO 105 +# define CONF_F_NCONF_DUMP_FP 106 +# define CONF_F_NCONF_GET_NUMBER_E 112 +# define CONF_F_NCONF_GET_SECTION 108 +# define CONF_F_NCONF_GET_STRING 109 +# define CONF_F_NCONF_LOAD 113 +# define CONF_F_NCONF_LOAD_BIO 110 +# define CONF_F_NCONF_LOAD_FP 114 +# define CONF_F_NCONF_NEW 111 +# define CONF_F_PROCESS_INCLUDE 116 +# define CONF_F_SSL_MODULE_INIT 123 +# define CONF_F_STR_COPY 101 + +/* + * CONF reason codes. + */ +# define CONF_R_ERROR_LOADING_DSO 110 +# define CONF_R_LIST_CANNOT_BE_NULL 115 +# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 +# define CONF_R_MISSING_EQUAL_SIGN 101 +# define CONF_R_MISSING_INIT_FUNCTION 112 +# define CONF_R_MODULE_INITIALIZATION_ERROR 109 +# define CONF_R_NO_CLOSE_BRACE 102 +# define CONF_R_NO_CONF 105 +# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +# define CONF_R_NO_SECTION 107 +# define CONF_R_NO_SUCH_FILE 114 +# define CONF_R_NO_VALUE 108 +# define CONF_R_NUMBER_TOO_LARGE 121 +# define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 +# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 +# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 +# define CONF_R_SSL_SECTION_EMPTY 119 +# define CONF_R_SSL_SECTION_NOT_FOUND 120 +# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 +# define CONF_R_UNKNOWN_MODULE_NAME 113 +# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 +# define CONF_R_VARIABLE_HAS_NO_VALUE 104 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/crypto.h b/deps/openssl/mingw64/include/openssl/crypto.h new file mode 100644 index 00000000..7d0b5262 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/crypto.h @@ -0,0 +1,445 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CRYPTO_H +# define HEADER_CRYPTO_H + +# include +# include + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif + +# include +# include +# include +# include +# include + +# ifdef CHARSET_EBCDIC +# include +# endif + +/* + * Resolve problems on some operating systems with symbol names that clash + * one way or another + */ +# include + +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSLeay OpenSSL_version_num +# define SSLeay_version OpenSSL_version +# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +# define SSLEAY_VERSION OPENSSL_VERSION +# define SSLEAY_CFLAGS OPENSSL_CFLAGS +# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON +# define SSLEAY_PLATFORM OPENSSL_PLATFORM +# define SSLEAY_DIR OPENSSL_DIR + +/* + * Old type for allocating dynamic locks. No longer used. Use the new thread + * API instead. + */ +typedef struct { + int dummy; +} CRYPTO_dynlock; + +# endif /* OPENSSL_API_COMPAT */ + +typedef void CRYPTO_RWLOCK; + +CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); +int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); +void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); + +int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); + +/* + * The following can be used to detect memory leaks in the library. If + * used, it turns on malloc checking + */ +# define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */ +# define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */ + +struct crypto_ex_data_st { + STACK_OF(void) *sk; +}; +DEFINE_STACK_OF(void) + +/* + * Per class, we have a STACK of function pointers. + */ +# define CRYPTO_EX_INDEX_SSL 0 +# define CRYPTO_EX_INDEX_SSL_CTX 1 +# define CRYPTO_EX_INDEX_SSL_SESSION 2 +# define CRYPTO_EX_INDEX_X509 3 +# define CRYPTO_EX_INDEX_X509_STORE 4 +# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +# define CRYPTO_EX_INDEX_DH 6 +# define CRYPTO_EX_INDEX_DSA 7 +# define CRYPTO_EX_INDEX_EC_KEY 8 +# define CRYPTO_EX_INDEX_RSA 9 +# define CRYPTO_EX_INDEX_ENGINE 10 +# define CRYPTO_EX_INDEX_UI 11 +# define CRYPTO_EX_INDEX_BIO 12 +# define CRYPTO_EX_INDEX_APP 13 +# define CRYPTO_EX_INDEX_UI_METHOD 14 +# define CRYPTO_EX_INDEX_DRBG 15 +# define CRYPTO_EX_INDEX__COUNT 16 + +/* No longer needed, so this is a no-op */ +#define OPENSSL_malloc_init() while(0) continue + +int CRYPTO_mem_ctrl(int mode); + +# define OPENSSL_malloc(num) \ + CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_zalloc(num) \ + CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_realloc(addr, num) \ + CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_realloc(addr, old_num, num) \ + CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_free(addr, num) \ + CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_free(addr) \ + CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_memdup(str, s) \ + CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strdup(str) \ + CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strndup(str, n) \ + CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_malloc(num) \ + CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_zalloc(num) \ + CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_free(addr) \ + CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_clear_free(addr, num) \ + CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_actual_size(ptr) \ + CRYPTO_secure_actual_size(ptr) + +size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz); +size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz); +size_t OPENSSL_strnlen(const char *str, size_t maxlen); +char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len); +unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); +int OPENSSL_hexchar2int(unsigned char c); + +# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) + +unsigned long OpenSSL_version_num(void); +const char *OpenSSL_version(int type); +# define OPENSSL_VERSION 0 +# define OPENSSL_CFLAGS 1 +# define OPENSSL_BUILT_ON 2 +# define OPENSSL_PLATFORM 3 +# define OPENSSL_DIR 4 +# define OPENSSL_ENGINES_DIR 5 + +int OPENSSL_issetugid(void); + +typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp); +__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +/* No longer use an index. */ +int CRYPTO_free_ex_index(int class_index, int idx); + +/* + * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a + * given class (invokes whatever per-class callbacks are applicable) + */ +int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, + const CRYPTO_EX_DATA *from); + +void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); + +/* + * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular + * index (relative to the class type involved) + */ +int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); +void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); + +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * This function cleans up all "ex_data" state. It mustn't be called under + * potential race-conditions. + */ +# define CRYPTO_cleanup_all_ex_data() while(0) continue + +/* + * The old locking functions have been removed completely without compatibility + * macros. This is because the old functions either could not properly report + * errors, or the returned error values were not clearly documented. + * Replacing the locking functions with no-ops would cause race condition + * issues in the affected applications. It is far better for them to fail at + * compile time. + * On the other hand, the locking callbacks are no longer used. Consequently, + * the callback management functions can be safely replaced with no-op macros. + */ +# define CRYPTO_num_locks() (1) +# define CRYPTO_set_locking_callback(func) +# define CRYPTO_get_locking_callback() (NULL) +# define CRYPTO_set_add_lock_callback(func) +# define CRYPTO_get_add_lock_callback() (NULL) + +/* + * These defines where used in combination with the old locking callbacks, + * they are not called anymore, but old code that's not called might still + * use them. + */ +# define CRYPTO_LOCK 1 +# define CRYPTO_UNLOCK 2 +# define CRYPTO_READ 4 +# define CRYPTO_WRITE 8 + +/* This structure is no longer used */ +typedef struct crypto_threadid_st { + int dummy; +} CRYPTO_THREADID; +/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ +# define CRYPTO_THREADID_set_numeric(id, val) +# define CRYPTO_THREADID_set_pointer(id, ptr) +# define CRYPTO_THREADID_set_callback(threadid_func) (0) +# define CRYPTO_THREADID_get_callback() (NULL) +# define CRYPTO_THREADID_current(id) +# define CRYPTO_THREADID_cmp(a, b) (-1) +# define CRYPTO_THREADID_cpy(dest, src) +# define CRYPTO_THREADID_hash(id) (0UL) + +# if OPENSSL_API_COMPAT < 0x10000000L +# define CRYPTO_set_id_callback(func) +# define CRYPTO_get_id_callback() (NULL) +# define CRYPTO_thread_id() (0UL) +# endif /* OPENSSL_API_COMPAT < 0x10000000L */ + +# define CRYPTO_set_dynlock_create_callback(dyn_create_function) +# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) +# define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function) +# define CRYPTO_get_dynlock_create_callback() (NULL) +# define CRYPTO_get_dynlock_lock_callback() (NULL) +# define CRYPTO_get_dynlock_destroy_callback() (NULL) +# endif /* OPENSSL_API_COMPAT < 0x10100000L */ + +int CRYPTO_set_mem_functions( + void *(*m) (size_t, const char *, int), + void *(*r) (void *, size_t, const char *, int), + void (*f) (void *, const char *, int)); +int CRYPTO_set_mem_debug(int flag); +void CRYPTO_get_mem_functions( + void *(**m) (size_t, const char *, int), + void *(**r) (void *, size_t, const char *, int), + void (**f) (void *, const char *, int)); + +void *CRYPTO_malloc(size_t num, const char *file, int line); +void *CRYPTO_zalloc(size_t num, const char *file, int line); +void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); +void CRYPTO_free(void *ptr, const char *file, int line); +void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); +void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); +void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, + const char *file, int line); + +int CRYPTO_secure_malloc_init(size_t sz, int minsize); +int CRYPTO_secure_malloc_done(void); +void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +void CRYPTO_secure_free(void *ptr, const char *file, int line); +void CRYPTO_secure_clear_free(void *ptr, size_t num, + const char *file, int line); +int CRYPTO_secure_allocated(const void *ptr); +int CRYPTO_secure_malloc_initialized(void); +size_t CRYPTO_secure_actual_size(void *ptr); +size_t CRYPTO_secure_used(void); + +void OPENSSL_cleanse(void *ptr, size_t len); + +# ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_mem_debug_push(info) \ + CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_mem_debug_pop() \ + CRYPTO_mem_debug_pop() +int CRYPTO_mem_debug_push(const char *info, const char *file, int line); +int CRYPTO_mem_debug_pop(void); +void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); + +/*- + * Debugging functions (enabled by CRYPTO_set_mem_debug(1)) + * The flag argument has the following significance: + * 0: called before the actual memory allocation has taken place + * 1: called after the actual memory allocation has taken place + */ +void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag, + const char *file, int line); +void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag, + const char *file, int line); +void CRYPTO_mem_debug_free(void *addr, int flag, + const char *file, int line); + +int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); +# ifndef OPENSSL_NO_STDIO +int CRYPTO_mem_leaks_fp(FILE *); +# endif +int CRYPTO_mem_leaks(BIO *bio); +# endif + +/* die if we have to */ +ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); +# if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) +# endif +# define OPENSSL_assert(e) \ + (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1)) + +int OPENSSL_isservice(void); + +int FIPS_mode(void); +int FIPS_mode_set(int r); + +void OPENSSL_init(void); +# ifdef OPENSSL_SYS_UNIX +void OPENSSL_fork_prepare(void); +void OPENSSL_fork_parent(void); +void OPENSSL_fork_child(void); +# endif + +struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); +int OPENSSL_gmtime_diff(int *pday, int *psec, + const struct tm *from, const struct tm *to); + +/* + * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. + * It takes an amount of time dependent on |len|, but independent of the + * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements + * into a defined order as the return value when a != b is undefined, other + * than to be non-zero. + */ +int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); + +/* Standard initialisation options */ +# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L +# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L +# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L +# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L +# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L +# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L +# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L +# define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L +# define OPENSSL_INIT_ASYNC 0x00000100L +# define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L +# define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L +# define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L +# define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L +# define OPENSSL_INIT_ENGINE_CAPI 0x00002000L +# define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L +# define OPENSSL_INIT_ENGINE_AFALG 0x00008000L +/* OPENSSL_INIT_ZLIB 0x00010000L */ +# define OPENSSL_INIT_ATFORK 0x00020000L +/* OPENSSL_INIT_BASE_ONLY 0x00040000L */ +# define OPENSSL_INIT_NO_ATEXIT 0x00080000L +/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */ +/* Max OPENSSL_INIT flag value is 0x80000000 */ + +/* openssl and dasync not counted as builtin */ +# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ + (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \ + | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ + OPENSSL_INIT_ENGINE_PADLOCK) + + +/* Library initialisation functions */ +void OPENSSL_cleanup(void); +int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +int OPENSSL_atexit(void (*handler)(void)); +void OPENSSL_thread_stop(void); + +/* Low-level control of initialization */ +OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +# ifndef OPENSSL_NO_STDIO +int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *config_filename); +void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, + unsigned long flags); +int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, + const char *config_appname); +# endif +void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); + +# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) +# if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include in order to use this */ +typedef DWORD CRYPTO_THREAD_LOCAL; +typedef DWORD CRYPTO_THREAD_ID; + +typedef LONG CRYPTO_ONCE; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif +# else +# include +typedef pthread_once_t CRYPTO_ONCE; +typedef pthread_key_t CRYPTO_THREAD_LOCAL; +typedef pthread_t CRYPTO_THREAD_ID; + +# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT +# endif +# endif + +# if !defined(CRYPTO_ONCE_STATIC_INIT) +typedef unsigned int CRYPTO_ONCE; +typedef unsigned int CRYPTO_THREAD_LOCAL; +typedef unsigned int CRYPTO_THREAD_ID; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif + +int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); + +int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)); +void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key); +int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val); +int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key); + +CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void); +int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/cryptoerr.h b/deps/openssl/mingw64/include/openssl/cryptoerr.h new file mode 100644 index 00000000..3db5a4ee --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/cryptoerr.h @@ -0,0 +1,57 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CRYPTOERR_H +# define HEADER_CRYPTOERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CRYPTO_strings(void); + +/* + * CRYPTO function codes. + */ +# define CRYPTO_F_CMAC_CTX_NEW 120 +# define CRYPTO_F_CRYPTO_DUP_EX_DATA 110 +# define CRYPTO_F_CRYPTO_FREE_EX_DATA 111 +# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 +# define CRYPTO_F_CRYPTO_MEMDUP 115 +# define CRYPTO_F_CRYPTO_NEW_EX_DATA 112 +# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 121 +# define CRYPTO_F_CRYPTO_OCB128_INIT 122 +# define CRYPTO_F_CRYPTO_SET_EX_DATA 102 +# define CRYPTO_F_FIPS_MODE_SET 109 +# define CRYPTO_F_GET_AND_LOCK 113 +# define CRYPTO_F_OPENSSL_ATEXIT 114 +# define CRYPTO_F_OPENSSL_BUF2HEXSTR 117 +# define CRYPTO_F_OPENSSL_FOPEN 119 +# define CRYPTO_F_OPENSSL_HEXSTR2BUF 118 +# define CRYPTO_F_OPENSSL_INIT_CRYPTO 116 +# define CRYPTO_F_OPENSSL_LH_NEW 126 +# define CRYPTO_F_OPENSSL_SK_DEEP_COPY 127 +# define CRYPTO_F_OPENSSL_SK_DUP 128 +# define CRYPTO_F_PKEY_HMAC_INIT 123 +# define CRYPTO_F_PKEY_POLY1305_INIT 124 +# define CRYPTO_F_PKEY_SIPHASH_INIT 125 +# define CRYPTO_F_SK_RESERVE 129 + +/* + * CRYPTO reason codes. + */ +# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 +# define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 +# define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/ct.h b/deps/openssl/mingw64/include/openssl/ct.h new file mode 100644 index 00000000..ebdba34d --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/ct.h @@ -0,0 +1,474 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CT_H +# define HEADER_CT_H + +# include + +# ifndef OPENSSL_NO_CT +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + +/* Minimum RSA key size, from RFC6962 */ +# define SCT_MIN_RSA_BITS 2048 + +/* All hashes are SHA256 in v1 of Certificate Transparency */ +# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH + +typedef enum { + CT_LOG_ENTRY_TYPE_NOT_SET = -1, + CT_LOG_ENTRY_TYPE_X509 = 0, + CT_LOG_ENTRY_TYPE_PRECERT = 1 +} ct_log_entry_type_t; + +typedef enum { + SCT_VERSION_NOT_SET = -1, + SCT_VERSION_V1 = 0 +} sct_version_t; + +typedef enum { + SCT_SOURCE_UNKNOWN, + SCT_SOURCE_TLS_EXTENSION, + SCT_SOURCE_X509V3_EXTENSION, + SCT_SOURCE_OCSP_STAPLED_RESPONSE +} sct_source_t; + +typedef enum { + SCT_VALIDATION_STATUS_NOT_SET, + SCT_VALIDATION_STATUS_UNKNOWN_LOG, + SCT_VALIDATION_STATUS_VALID, + SCT_VALIDATION_STATUS_INVALID, + SCT_VALIDATION_STATUS_UNVERIFIED, + SCT_VALIDATION_STATUS_UNKNOWN_VERSION +} sct_validation_status_t; + +DEFINE_STACK_OF(SCT) +DEFINE_STACK_OF(CTLOG) + +/****************************************** + * CT policy evaluation context functions * + ******************************************/ + +/* + * Creates a new, empty policy evaluation context. + * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished + * with the CT_POLICY_EVAL_CTX. + */ +CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); + +/* Deletes a policy evaluation context and anything it owns. */ +void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); + +/* Gets the peer certificate that the SCTs are for */ +X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the certificate associated with the received SCTs. + * Increments the reference count of cert. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); + +/* Gets the issuer of the aforementioned certificate */ +X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the issuer of the certificate associated with the received SCTs. + * Increments the reference count of issuer. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); + +/* Gets the CT logs that are trusted sources of SCTs */ +const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); + +/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ +void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, + CTLOG_STORE *log_store); + +/* + * Gets the time, in milliseconds since the Unix epoch, that will be used as the + * current time when checking whether an SCT was issued in the future. + * Such SCTs will fail validation, as required by RFC6962. + */ +uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch. + * If an SCT's timestamp is after this time, it will be interpreted as having + * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs + * whose timestamp is in the future", so an SCT will not validate in this case. + */ +void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); + +/***************** + * SCT functions * + *****************/ + +/* + * Creates a new, blank SCT. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new(void); + +/* + * Creates a new SCT from some base64-encoded strings. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new_from_base64(unsigned char version, + const char *logid_base64, + ct_log_entry_type_t entry_type, + uint64_t timestamp, + const char *extensions_base64, + const char *signature_base64); + +/* + * Frees the SCT and the underlying data structures. + */ +void SCT_free(SCT *sct); + +/* + * Free a stack of SCTs, and the underlying SCTs themselves. + * Intended to be compatible with X509V3_EXT_FREE. + */ +void SCT_LIST_free(STACK_OF(SCT) *a); + +/* + * Returns the version of the SCT. + */ +sct_version_t SCT_get_version(const SCT *sct); + +/* + * Set the version of an SCT. + * Returns 1 on success, 0 if the version is unrecognized. + */ +__owur int SCT_set_version(SCT *sct, sct_version_t version); + +/* + * Returns the log entry type of the SCT. + */ +ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); + +/* + * Set the log entry type of an SCT. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); + +/* + * Gets the ID of the log that an SCT came from. + * Ownership of the log ID remains with the SCT. + * Returns the length of the log ID. + */ +size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); + +/* + * Set the log ID of an SCT to point directly to the *log_id specified. + * The SCT takes ownership of the specified pointer. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); + +/* + * Set the log ID of an SCT. + * This makes a copy of the log_id. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, + size_t log_id_len); + +/* + * Returns the timestamp for the SCT (epoch time in milliseconds). + */ +uint64_t SCT_get_timestamp(const SCT *sct); + +/* + * Set the timestamp of an SCT (epoch time in milliseconds). + */ +void SCT_set_timestamp(SCT *sct, uint64_t timestamp); + +/* + * Return the NID for the signature used by the SCT. + * For CT v1, this will be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset). + */ +int SCT_get_signature_nid(const SCT *sct); + +/* + * Set the signature type of an SCT + * For CT v1, this should be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_signature_nid(SCT *sct, int nid); + +/* + * Set *ext to point to the extension data for the SCT. ext must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); + +/* + * Set the extensions of an SCT to point directly to the *ext specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); + +/* + * Set the extensions of an SCT. + * This takes a copy of the ext. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext, + size_t ext_len); + +/* + * Set *sig to point to the signature for the SCT. sig must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); + +/* + * Set the signature of an SCT to point directly to the *sig specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); + +/* + * Set the signature of an SCT to be a copy of the *sig specified. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig, + size_t sig_len); + +/* + * The origin of this SCT, e.g. TLS extension, OCSP response, etc. + */ +sct_source_t SCT_get_source(const SCT *sct); + +/* + * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_source(SCT *sct, sct_source_t source); + +/* + * Returns a text string describing the validation status of |sct|. + */ +const char *SCT_validation_status_string(const SCT *sct); + +/* + * Pretty-prints an |sct| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came + * from, so that the log name can be printed. + */ +void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); + +/* + * Pretty-prints an |sct_list| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * SCTs will be delimited by |separator|. + * If |logs| is not NULL, it will be used to lookup the CT log that each SCT + * came from, so that the log names can be printed. + */ +void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, + const char *separator, const CTLOG_STORE *logs); + +/* + * Gets the last result of validating this SCT. + * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET. + */ +sct_validation_status_t SCT_get_validation_status(const SCT *sct); + +/* + * Validates the given SCT with the provided context. + * Sets the "validation_status" field of the SCT. + * Returns 1 if the SCT is valid and the signature verifies. + * Returns 0 if the SCT is invalid or could not be verified. + * Returns -1 if an error occurs. + */ +__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); + +/* + * Validates the given list of SCTs with the provided context. + * Sets the "validation_status" field of each SCT. + * Returns 1 if there are no invalid SCTs and all signatures verify. + * Returns 0 if at least one SCT is invalid or could not be verified. + * Returns a negative integer if an error occurs. + */ +__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts, + CT_POLICY_EVAL_CTX *ctx); + + +/********************************* + * SCT parsing and serialisation * + *********************************/ + +/* + * Serialize (to TLS format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just return the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Convert TLS format SCT list to a stack of SCTs. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + size_t len); + +/* + * Serialize (to DER format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just returns the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Parses an SCT list in DER format and returns it. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + long len); + +/* + * Serialize (to TLS format) an |sct| and write it to |out|. + * If |out| is null, no SCT will be output but the length will still be returned. + * If |out| points to a null pointer, a string will be allocated to hold the + * TLS-format SCT. It is the responsibility of the caller to free it. + * If |out| points to an allocated string, the TLS-format SCT will be written + * to it. + * The length of the SCT in TLS format will be returned. + */ +__owur int i2o_SCT(const SCT *sct, unsigned char **out); + +/* + * Parses an SCT in TLS format and returns it. + * If |psct| is not null, it will end up pointing to the parsed SCT. If it + * already points to a non-null pointer, the pointer will be free'd. + * |in| should be a pointer to a string containing the TLS-format SCT. + * |in| will be advanced to the end of the SCT if parsing succeeds. + * |len| should be the length of the SCT in |in|. + * Returns NULL if an error occurs. + * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len' + * fields will be populated (with |in| and |len| respectively). + */ +SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); + +/******************** + * CT log functions * + ********************/ + +/* + * Creates a new CT log instance with the given |public_key| and |name|. + * Takes ownership of |public_key| but copies |name|. + * Returns NULL if malloc fails or if |public_key| cannot be converted to DER. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); + +/* + * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER + * in |pkey_base64|. The |name| is a string to help users identify this log. + * Returns 1 on success, 0 on failure. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +int CTLOG_new_from_base64(CTLOG ** ct_log, + const char *pkey_base64, const char *name); + +/* + * Deletes a CT log instance and its fields. + */ +void CTLOG_free(CTLOG *log); + +/* Gets the name of the CT log */ +const char *CTLOG_get0_name(const CTLOG *log); +/* Gets the ID of the CT log */ +void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, + size_t *log_id_len); +/* Gets the public key of the CT log */ +EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); + +/************************** + * CT log store functions * + **************************/ + +/* + * Creates a new CT log store. + * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. + */ +CTLOG_STORE *CTLOG_STORE_new(void); + +/* + * Deletes a CT log store and all of the CT log instances held within. + */ +void CTLOG_STORE_free(CTLOG_STORE *store); + +/* + * Finds a CT log in the store based on its log ID. + * Returns the CT log, or NULL if no match is found. + */ +const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, + const uint8_t *log_id, + size_t log_id_len); + +/* + * Loads a CT log list into a |store| from a |file|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); + +/* + * Loads the default CT log list into a |store|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/cterr.h b/deps/openssl/mingw64/include/openssl/cterr.h new file mode 100644 index 00000000..feb7bc56 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/cterr.h @@ -0,0 +1,80 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CTERR_H +# define HEADER_CTERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_CT + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CT_strings(void); + +/* + * CT function codes. + */ +# define CT_F_CTLOG_NEW 117 +# define CT_F_CTLOG_NEW_FROM_BASE64 118 +# define CT_F_CTLOG_NEW_FROM_CONF 119 +# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 +# define CT_F_CTLOG_STORE_LOAD_FILE 123 +# define CT_F_CTLOG_STORE_LOAD_LOG 130 +# define CT_F_CTLOG_STORE_NEW 131 +# define CT_F_CT_BASE64_DECODE 124 +# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 +# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 +# define CT_F_I2O_SCT 107 +# define CT_F_I2O_SCT_LIST 108 +# define CT_F_I2O_SCT_SIGNATURE 109 +# define CT_F_O2I_SCT 110 +# define CT_F_O2I_SCT_LIST 111 +# define CT_F_O2I_SCT_SIGNATURE 112 +# define CT_F_SCT_CTX_NEW 126 +# define CT_F_SCT_CTX_VERIFY 128 +# define CT_F_SCT_NEW 100 +# define CT_F_SCT_NEW_FROM_BASE64 127 +# define CT_F_SCT_SET0_LOG_ID 101 +# define CT_F_SCT_SET1_EXTENSIONS 114 +# define CT_F_SCT_SET1_LOG_ID 115 +# define CT_F_SCT_SET1_SIGNATURE 116 +# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 +# define CT_F_SCT_SET_SIGNATURE_NID 103 +# define CT_F_SCT_SET_VERSION 104 + +/* + * CT reason codes. + */ +# define CT_R_BASE64_DECODE_ERROR 108 +# define CT_R_INVALID_LOG_ID_LENGTH 100 +# define CT_R_LOG_CONF_INVALID 109 +# define CT_R_LOG_CONF_INVALID_KEY 110 +# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +# define CT_R_LOG_CONF_MISSING_KEY 112 +# define CT_R_LOG_KEY_INVALID 113 +# define CT_R_SCT_FUTURE_TIMESTAMP 116 +# define CT_R_SCT_INVALID 104 +# define CT_R_SCT_INVALID_SIGNATURE 107 +# define CT_R_SCT_LIST_INVALID 105 +# define CT_R_SCT_LOG_ID_MISMATCH 114 +# define CT_R_SCT_NOT_SET 106 +# define CT_R_SCT_UNSUPPORTED_VERSION 115 +# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +# define CT_R_UNSUPPORTED_VERSION 103 + +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/des.h b/deps/openssl/mingw64/include/openssl/des.h new file mode 100644 index 00000000..be4abbdf --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/des.h @@ -0,0 +1,174 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DES_H +# define HEADER_DES_H + +# include + +# ifndef OPENSSL_NO_DES +# ifdef __cplusplus +extern "C" { +# endif +# include + +typedef unsigned int DES_LONG; + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +typedef unsigned char DES_cblock[8]; +typedef /* const */ unsigned char const_DES_cblock[8]; +/* + * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and + * const_DES_cblock * are incompatible pointer types. + */ + +typedef struct DES_ks { + union { + DES_cblock cblock; + /* + * make sure things are correct size on machines with 8 byte longs + */ + DES_LONG deslong[2]; + } ks[16]; +} DES_key_schedule; + +# define DES_KEY_SZ (sizeof(DES_cblock)) +# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) + +# define DES_ENCRYPT 1 +# define DES_DECRYPT 0 + +# define DES_CBC_MODE 0 +# define DES_PCBC_MODE 1 + +# define DES_ecb2_encrypt(i,o,k1,k2,e) \ + DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */ +# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) + +const char *DES_options(void); +void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, int enc); +DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, + long length, DES_key_schedule *schedule, + const_DES_cblock *ivec); +/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ +void DES_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, const_DES_cblock *inw, + const_DES_cblock *outw, int enc); +void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks, int enc); + +/* + * This is the DES encryption function that gets called by just about every + * other DES routine in the library. You should not use this function except + * to implement 'modes' of DES. I say this because the functions that call + * this routine do the conversion from 'char *' to long, and this needs to be + * done to make sure 'non-aligned' memory access do not occur. The + * characters are loaded 'little endian'. Data is a pointer to 2 unsigned + * long's and ks is the DES_key_schedule to use. enc, is non zero specifies + * encryption, zero if decryption. + */ +void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc); + +/* + * This functions is the same as DES_encrypt1() except that the DES initial + * permutation (IP) and final permutation (FP) have been left out. As for + * DES_encrypt1(), you should not use this function. It is used by the + * routines in the library that implement triple DES. IP() DES_encrypt2() + * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1() + * DES_encrypt1() DES_encrypt1() except faster :-). + */ +void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc); + +void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, DES_cblock *ivec, int enc); +void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num, int enc); +void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, + int numbits, long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int enc); +void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num); +char *DES_fcrypt(const char *buf, const char *salt, char *ret); +char *DES_crypt(const char *buf, const char *salt); +void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec); +void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], + long length, int out_count, DES_cblock *seed); +int DES_random_key(DES_cblock *ret); +void DES_set_odd_parity(DES_cblock *key); +int DES_check_key_parity(const_DES_cblock *key); +int DES_is_weak_key(const_DES_cblock *key); +/* + * DES_set_key (= set_key = DES_key_sched = key_sched) calls + * DES_set_key_checked if global variable DES_check_key is set, + * DES_set_key_unchecked otherwise. + */ +int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); +void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); +void DES_string_to_key(const char *str, DES_cblock *key); +void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); +void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num, int enc); +void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num); + +# define DES_fixup_key_parity DES_set_odd_parity + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/dh.h b/deps/openssl/mingw64/include/openssl/dh.h new file mode 100644 index 00000000..3527540c --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/dh.h @@ -0,0 +1,340 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DH_H +# define HEADER_DH_H + +# include + +# ifndef OPENSSL_NO_DH +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +# endif + +# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + +# define DH_FLAG_CACHE_MONT_P 0x01 + +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DH_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +/* + * If this flag is set the DH method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DH_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DH_FLAG_NON_FIPS_ALLOW 0x0400 + +/* Already defined in ossl_typ.h */ +/* typedef struct dh_st DH; */ +/* typedef struct dh_method DH_METHOD; */ + +DECLARE_ASN1_ITEM(DHparams) + +# define DH_GENERATOR_2 2 +/* #define DH_GENERATOR_3 3 */ +# define DH_GENERATOR_5 5 + +/* DH_check error codes */ +# define DH_CHECK_P_NOT_PRIME 0x01 +# define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +# define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +# define DH_NOT_SUITABLE_GENERATOR 0x08 +# define DH_CHECK_Q_NOT_PRIME 0x10 +# define DH_CHECK_INVALID_Q_VALUE 0x20 +# define DH_CHECK_INVALID_J_VALUE 0x40 + +/* DH_check_pub_key error codes */ +# define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +# define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +# define DH_CHECK_PUBKEY_INVALID 0x04 + +/* + * primes p where (p-1)/2 is prime too are called "safe"; we define this for + * backward compatibility: + */ +# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +# define d2i_DHparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x)) +# define d2i_DHparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x) +# define i2d_DHparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) + +# define d2i_DHxparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHxparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHxparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x)) +# define d2i_DHxparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x) +# define i2d_DHxparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x) + +DH *DHparams_dup(DH *); + +const DH_METHOD *DH_OpenSSL(void); + +void DH_set_default_method(const DH_METHOD *meth); +const DH_METHOD *DH_get_default_method(void); +int DH_set_method(DH *dh, const DH_METHOD *meth); +DH *DH_new_method(ENGINE *engine); + +DH *DH_new(void); +void DH_free(DH *dh); +int DH_up_ref(DH *dh); +int DH_bits(const DH *dh); +int DH_size(const DH *dh); +int DH_security_bits(const DH *dh); +#define DH_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) +int DH_set_ex_data(DH *d, int idx, void *arg); +void *DH_get_ex_data(DH *d, int idx); + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, + void *), + void *cb_arg)) + +/* New version */ +int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, + BN_GENCB *cb); + +int DH_check_params_ex(const DH *dh); +int DH_check_ex(const DH *dh); +int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); +int DH_check_params(const DH *dh, int *ret); +int DH_check(const DH *dh, int *codes); +int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); +int DH_generate_key(DH *dh); +int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); +int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh); +DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); +int i2d_DHparams(const DH *a, unsigned char **pp); +DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length); +int i2d_DHxparams(const DH *a, unsigned char **pp); +# ifndef OPENSSL_NO_STDIO +int DHparams_print_fp(FILE *fp, const DH *x); +# endif +int DHparams_print(BIO *bp, const DH *x); + +/* RFC 5114 parameters */ +DH *DH_get_1024_160(void); +DH *DH_get_2048_224(void); +DH *DH_get_2048_256(void); + +/* Named parameters, currently RFC7919 */ +DH *DH_new_by_nid(int nid); +int DH_get_nid(const DH *dh); + +# ifndef OPENSSL_NO_CMS +/* RFC2631 KDF */ +int DH_KDF_X9_42(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + ASN1_OBJECT *key_oid, + const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); +# endif + +void DH_get0_pqg(const DH *dh, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DH_get0_key(const DH *dh, + const BIGNUM **pub_key, const BIGNUM **priv_key); +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DH_get0_p(const DH *dh); +const BIGNUM *DH_get0_q(const DH *dh); +const BIGNUM *DH_get0_g(const DH *dh); +const BIGNUM *DH_get0_priv_key(const DH *dh); +const BIGNUM *DH_get0_pub_key(const DH *dh); +void DH_clear_flags(DH *dh, int flags); +int DH_test_flags(const DH *dh, int flags); +void DH_set_flags(DH *dh, int flags); +ENGINE *DH_get0_engine(DH *d); +long DH_get_length(const DH *dh); +int DH_set_length(DH *dh, long length); + +DH_METHOD *DH_meth_new(const char *name, int flags); +void DH_meth_free(DH_METHOD *dhm); +DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); +const char *DH_meth_get0_name(const DH_METHOD *dhm); +int DH_meth_set1_name(DH_METHOD *dhm, const char *name); +int DH_meth_get_flags(const DH_METHOD *dhm); +int DH_meth_set_flags(DH_METHOD *dhm, int flags); +void *DH_meth_get0_app_data(const DH_METHOD *dhm); +int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); +int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *); +int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *)); +int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) + (unsigned char *key, const BIGNUM *pub_key, DH *dh); +int DH_meth_set_compute_key(DH_METHOD *dhm, + int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh)); +int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) + (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *); +int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, + int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); +int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); +int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); +int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *); +int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)); +int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) + (DH *, int, int, BN_GENCB *); +int DH_meth_set_generate_params(DH_METHOD *dhm, + int (*generate_params) (DH *, int, int, BN_GENCB *)); + + +# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \ + EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_DH_NID, nid, NULL) + +# define EVP_PKEY_CTX_set_dh_pad(ctx, pad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_PAD, pad, NULL) + +# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid)) + +# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid)) + +# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen)) + +# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p)) + +# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p)) + +# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) +# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) +# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15) +# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16) + +/* KDF types */ +# define EVP_PKEY_DH_KDF_NONE 1 +# ifndef OPENSSL_NO_CMS +# define EVP_PKEY_DH_KDF_X9_42 2 +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/dherr.h b/deps/openssl/mingw64/include/openssl/dherr.h new file mode 100644 index 00000000..916b3bed --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/dherr.h @@ -0,0 +1,88 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DHERR_H +# define HEADER_DHERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_DH + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DH_strings(void); + +/* + * DH function codes. + */ +# define DH_F_COMPUTE_KEY 102 +# define DH_F_DHPARAMS_PRINT_FP 101 +# define DH_F_DH_BUILTIN_GENPARAMS 106 +# define DH_F_DH_CHECK_EX 121 +# define DH_F_DH_CHECK_PARAMS_EX 122 +# define DH_F_DH_CHECK_PUB_KEY_EX 123 +# define DH_F_DH_CMS_DECRYPT 114 +# define DH_F_DH_CMS_SET_PEERKEY 115 +# define DH_F_DH_CMS_SET_SHARED_INFO 116 +# define DH_F_DH_METH_DUP 117 +# define DH_F_DH_METH_NEW 118 +# define DH_F_DH_METH_SET1_NAME 119 +# define DH_F_DH_NEW_BY_NID 104 +# define DH_F_DH_NEW_METHOD 105 +# define DH_F_DH_PARAM_DECODE 107 +# define DH_F_DH_PKEY_PUBLIC_CHECK 124 +# define DH_F_DH_PRIV_DECODE 110 +# define DH_F_DH_PRIV_ENCODE 111 +# define DH_F_DH_PUB_DECODE 108 +# define DH_F_DH_PUB_ENCODE 109 +# define DH_F_DO_DH_PRINT 100 +# define DH_F_GENERATE_KEY 103 +# define DH_F_PKEY_DH_CTRL_STR 120 +# define DH_F_PKEY_DH_DERIVE 112 +# define DH_F_PKEY_DH_INIT 125 +# define DH_F_PKEY_DH_KEYGEN 113 + +/* + * DH reason codes. + */ +# define DH_R_BAD_GENERATOR 101 +# define DH_R_BN_DECODE_ERROR 109 +# define DH_R_BN_ERROR 106 +# define DH_R_CHECK_INVALID_J_VALUE 115 +# define DH_R_CHECK_INVALID_Q_VALUE 116 +# define DH_R_CHECK_PUBKEY_INVALID 122 +# define DH_R_CHECK_PUBKEY_TOO_LARGE 123 +# define DH_R_CHECK_PUBKEY_TOO_SMALL 124 +# define DH_R_CHECK_P_NOT_PRIME 117 +# define DH_R_CHECK_P_NOT_SAFE_PRIME 118 +# define DH_R_CHECK_Q_NOT_PRIME 119 +# define DH_R_DECODE_ERROR 104 +# define DH_R_INVALID_PARAMETER_NAME 110 +# define DH_R_INVALID_PARAMETER_NID 114 +# define DH_R_INVALID_PUBKEY 102 +# define DH_R_KDF_PARAMETER_ERROR 112 +# define DH_R_KEYS_NOT_SET 108 +# define DH_R_MISSING_PUBKEY 125 +# define DH_R_MODULUS_TOO_LARGE 103 +# define DH_R_NOT_SUITABLE_GENERATOR 120 +# define DH_R_NO_PARAMETERS_SET 107 +# define DH_R_NO_PRIVATE_VALUE 100 +# define DH_R_PARAMETER_ENCODING_ERROR 105 +# define DH_R_PEER_KEY_ERROR 111 +# define DH_R_SHARED_INFO_ERROR 113 +# define DH_R_UNABLE_TO_CHECK_GENERATOR 121 + +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/dsa.h b/deps/openssl/mingw64/include/openssl/dsa.h new file mode 100644 index 00000000..6d8a18a4 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/dsa.h @@ -0,0 +1,244 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DSA_H +# define HEADER_DSA_H + +# include + +# ifndef OPENSSL_NO_DSA +# ifdef __cplusplus +extern "C" { +# endif +# include +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include + +# ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +# endif + +# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 + +# define DSA_FLAG_CACHE_MONT_P 0x01 +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DSA_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +/* + * If this flag is set the DSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DSA_FLAG_NON_FIPS_ALLOW 0x0400 +# define DSA_FLAG_FIPS_CHECKED 0x0800 + +/* Already defined in ossl_typ.h */ +/* typedef struct dsa_st DSA; */ +/* typedef struct dsa_method DSA_METHOD; */ + +typedef struct DSA_SIG_st DSA_SIG; + +# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ + (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) +# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ + (unsigned char *)(x)) +# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) +# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) + +DSA *DSAparams_dup(DSA *x); +DSA_SIG *DSA_SIG_new(void); +void DSA_SIG_free(DSA_SIG *a); +int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); +DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +int DSA_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + +const DSA_METHOD *DSA_OpenSSL(void); + +void DSA_set_default_method(const DSA_METHOD *); +const DSA_METHOD *DSA_get_default_method(void); +int DSA_set_method(DSA *dsa, const DSA_METHOD *); +const DSA_METHOD *DSA_get_method(DSA *d); + +DSA *DSA_new(void); +DSA *DSA_new_method(ENGINE *engine); +void DSA_free(DSA *r); +/* "up" the DSA object's reference count */ +int DSA_up_ref(DSA *r); +int DSA_size(const DSA *); +int DSA_bits(const DSA *d); +int DSA_security_bits(const DSA *d); + /* next 4 return -1 on error */ +DEPRECATEDIN_1_2_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)) +int DSA_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, DSA *dsa); +int DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa); +#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) +int DSA_set_ex_data(DSA *d, int idx, void *arg); +void *DSA_get_ex_data(DSA *d, int idx); + +DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); +DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); +DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits, + unsigned char *seed, + int seed_len, + int *counter_ret, + unsigned long *h_ret, void + (*callback) (int, int, + void *), + void *cb_arg)) + +/* New version */ +int DSA_generate_parameters_ex(DSA *dsa, int bits, + const unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + +int DSA_generate_key(DSA *a); +int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +int i2d_DSAparams(const DSA *a, unsigned char **pp); + +int DSAparams_print(BIO *bp, const DSA *x); +int DSA_print(BIO *bp, const DSA *x, int off); +# ifndef OPENSSL_NO_STDIO +int DSAparams_print_fp(FILE *fp, const DSA *x); +int DSA_print_fp(FILE *bp, const DSA *x, int off); +# endif + +# define DSS_prime_checks 64 +/* + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. + */ +# define DSA_is_prime(n, callback, cb_arg) \ + BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) + +# ifndef OPENSSL_NO_DH +/* + * Convert DSA structure (key or just parameters) into DH structure (be + * careful to avoid small subgroup attacks when using this!) + */ +DH *DSA_dup_DH(const DSA *r); +# endif + +# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) + +void DSA_get0_pqg(const DSA *d, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DSA_get0_key(const DSA *d, + const BIGNUM **pub_key, const BIGNUM **priv_key); +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DSA_get0_p(const DSA *d); +const BIGNUM *DSA_get0_q(const DSA *d); +const BIGNUM *DSA_get0_g(const DSA *d); +const BIGNUM *DSA_get0_pub_key(const DSA *d); +const BIGNUM *DSA_get0_priv_key(const DSA *d); +void DSA_clear_flags(DSA *d, int flags); +int DSA_test_flags(const DSA *d, int flags); +void DSA_set_flags(DSA *d, int flags); +ENGINE *DSA_get0_engine(DSA *d); + +DSA_METHOD *DSA_meth_new(const char *name, int flags); +void DSA_meth_free(DSA_METHOD *dsam); +DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam); +const char *DSA_meth_get0_name(const DSA_METHOD *dsam); +int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); +int DSA_meth_get_flags(const DSA_METHOD *dsam); +int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); +void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); +int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); +DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA *); +int DSA_meth_set_sign(DSA_METHOD *dsam, + DSA_SIG *(*sign) (const unsigned char *, int, DSA *)); +int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) + (DSA *, BN_CTX *, BIGNUM **, BIGNUM **); +int DSA_meth_set_sign_setup(DSA_METHOD *dsam, + int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)); +int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA_SIG *, DSA *); +int DSA_meth_set_verify(DSA_METHOD *dsam, + int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)); +int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *); +int DSA_meth_set_mod_exp(DSA_METHOD *dsam, + int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *)); +int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *); +int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, + int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); +int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); +int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); +int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *); +int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *)); +int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) + (DSA *, int, const unsigned char *, int, int *, unsigned long *, + BN_GENCB *); +int DSA_meth_set_paramgen(DSA_METHOD *dsam, + int (*paramgen) (DSA *, int, const unsigned char *, int, int *, + unsigned long *, BN_GENCB *)); +int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *); +int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)); + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/dsaerr.h b/deps/openssl/mingw64/include/openssl/dsaerr.h new file mode 100644 index 00000000..495a1ac8 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/dsaerr.h @@ -0,0 +1,72 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DSAERR_H +# define HEADER_DSAERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_DSA + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DSA_strings(void); + +/* + * DSA function codes. + */ +# define DSA_F_DSAPARAMS_PRINT 100 +# define DSA_F_DSAPARAMS_PRINT_FP 101 +# define DSA_F_DSA_BUILTIN_PARAMGEN 125 +# define DSA_F_DSA_BUILTIN_PARAMGEN2 126 +# define DSA_F_DSA_DO_SIGN 112 +# define DSA_F_DSA_DO_VERIFY 113 +# define DSA_F_DSA_METH_DUP 127 +# define DSA_F_DSA_METH_NEW 128 +# define DSA_F_DSA_METH_SET1_NAME 129 +# define DSA_F_DSA_NEW_METHOD 103 +# define DSA_F_DSA_PARAM_DECODE 119 +# define DSA_F_DSA_PRINT_FP 105 +# define DSA_F_DSA_PRIV_DECODE 115 +# define DSA_F_DSA_PRIV_ENCODE 116 +# define DSA_F_DSA_PUB_DECODE 117 +# define DSA_F_DSA_PUB_ENCODE 118 +# define DSA_F_DSA_SIGN 106 +# define DSA_F_DSA_SIGN_SETUP 107 +# define DSA_F_DSA_SIG_NEW 102 +# define DSA_F_OLD_DSA_PRIV_DECODE 122 +# define DSA_F_PKEY_DSA_CTRL 120 +# define DSA_F_PKEY_DSA_CTRL_STR 104 +# define DSA_F_PKEY_DSA_KEYGEN 121 + +/* + * DSA reason codes. + */ +# define DSA_R_BAD_Q_VALUE 102 +# define DSA_R_BN_DECODE_ERROR 108 +# define DSA_R_BN_ERROR 109 +# define DSA_R_DECODE_ERROR 104 +# define DSA_R_INVALID_DIGEST_TYPE 106 +# define DSA_R_INVALID_PARAMETERS 112 +# define DSA_R_MISSING_PARAMETERS 101 +# define DSA_R_MISSING_PRIVATE_KEY 111 +# define DSA_R_MODULUS_TOO_LARGE 103 +# define DSA_R_NO_PARAMETERS_SET 107 +# define DSA_R_PARAMETER_ENCODING_ERROR 105 +# define DSA_R_Q_NOT_PRIME 113 +# define DSA_R_SEED_LEN_SMALL 110 + +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/dtls1.h b/deps/openssl/mingw64/include/openssl/dtls1.h new file mode 100644 index 00000000..d55ca9c3 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/dtls1.h @@ -0,0 +1,55 @@ +/* + * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DTLS1_H +# define HEADER_DTLS1_H + +#ifdef __cplusplus +extern "C" { +#endif + +# define DTLS1_VERSION 0xFEFF +# define DTLS1_2_VERSION 0xFEFD +# define DTLS_MIN_VERSION DTLS1_VERSION +# define DTLS_MAX_VERSION DTLS1_2_VERSION +# define DTLS1_VERSION_MAJOR 0xFE + +# define DTLS1_BAD_VER 0x0100 + +/* Special value for method supporting multiple versions */ +# define DTLS_ANY_VERSION 0x1FFFF + +/* lengths of messages */ +/* + * Actually the max cookie length in DTLS is 255. But we can't change this now + * due to compatibility concerns. + */ +# define DTLS1_COOKIE_LENGTH 256 + +# define DTLS1_RT_HEADER_LENGTH 13 + +# define DTLS1_HM_HEADER_LENGTH 12 + +# define DTLS1_HM_BAD_FRAGMENT -2 +# define DTLS1_HM_FRAGMENT_RETRY -3 + +# define DTLS1_CCS_HEADER_LENGTH 1 + +# define DTLS1_AL_HEADER_LENGTH 2 + +/* Timeout multipliers */ +# define DTLS1_TMO_READ_COUNT 2 +# define DTLS1_TMO_WRITE_COUNT 2 + +# define DTLS1_TMO_ALERT_COUNT 12 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/e_os2.h b/deps/openssl/mingw64/include/openssl/e_os2.h new file mode 100644 index 00000000..97a776cd --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/e_os2.h @@ -0,0 +1,300 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_E_OS2_H +# define HEADER_E_OS2_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/****************************************************************************** + * Detect operating systems. This probably needs completing. + * The result is that at least one OPENSSL_SYS_os macro should be defined. + * However, if none is defined, Unix is assumed. + **/ + +# define OPENSSL_SYS_UNIX + +/* --------------------- Microsoft operating systems ---------------------- */ + +/* + * Note that MSDOS actually denotes 32-bit environments running on top of + * MS-DOS, such as DJGPP one. + */ +# if defined(OPENSSL_SYS_MSDOS) +# undef OPENSSL_SYS_UNIX +# endif + +/* + * For 32 bit environment, there seems to be the CygWin environment and then + * all the others that try to do the same thing Microsoft does... + */ +/* + * UEFI lives here because it might be built with a Microsoft toolchain and + * we need to avoid the false positive match on Windows. + */ +# if defined(OPENSSL_SYS_UEFI) +# undef OPENSSL_SYS_UNIX +# elif defined(OPENSSL_SYS_UWIN) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WIN32_UWIN +# else +# if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) +# define OPENSSL_SYS_WIN32_CYGWIN +# else +# if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN32) +# define OPENSSL_SYS_WIN32 +# endif +# endif +# if defined(_WIN64) || defined(OPENSSL_SYS_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif +# if defined(OPENSSL_SYS_WINNT) +# undef OPENSSL_SYS_UNIX +# endif +# if defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# endif +# endif +# endif + +/* Anything that tries to look like Microsoft is "Windows" */ +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_SYS_MSDOS +# define OPENSSL_SYS_MSDOS +# endif +# endif + +/* + * DLL settings. This part is a bit tough, because it's up to the + * application implementor how he or she will link the application, so it + * requires some macro to be used. + */ +# ifdef OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_OPT_WINDLL +# if defined(_WINDLL) /* This is used when building OpenSSL to + * indicate that DLL linkage should be used */ +# define OPENSSL_OPT_WINDLL +# endif +# endif +# endif + +/* ------------------------------- OpenVMS -------------------------------- */ +# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS) +# if !defined(OPENSSL_SYS_VMS) +# undef OPENSSL_SYS_UNIX +# endif +# define OPENSSL_SYS_VMS +# if defined(__DECC) +# define OPENSSL_SYS_VMS_DECC +# elif defined(__DECCXX) +# define OPENSSL_SYS_VMS_DECC +# define OPENSSL_SYS_VMS_DECCXX +# else +# define OPENSSL_SYS_VMS_NODECC +# endif +# endif + +/* -------------------------------- Unix ---------------------------------- */ +# ifdef OPENSSL_SYS_UNIX +# if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX) +# define OPENSSL_SYS_LINUX +# endif +# if defined(_AIX) && !defined(OPENSSL_SYS_AIX) +# define OPENSSL_SYS_AIX +# endif +# endif + +/* -------------------------------- VOS ----------------------------------- */ +# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS) +# define OPENSSL_SYS_VOS +# ifdef __HPPA__ +# define OPENSSL_SYS_VOS_HPPA +# endif +# ifdef __IA32__ +# define OPENSSL_SYS_VOS_IA32 +# endif +# endif + +/** + * That's it for OS-specific stuff + *****************************************************************************/ + +/* Specials for I/O an exit */ +# ifdef OPENSSL_SYS_MSDOS +# define OPENSSL_UNISTD_IO +# define OPENSSL_DECLARE_EXIT extern void exit(int); +# else +# define OPENSSL_UNISTD_IO OPENSSL_UNISTD +# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */ +# endif + +/*- + * OPENSSL_EXTERN is normally used to declare a symbol with possible extra + * attributes to handle its presence in a shared library. + * OPENSSL_EXPORT is used to define a symbol with extra possible attributes + * to make it visible in a shared library. + * Care needs to be taken when a header file is used both to declare and + * define symbols. Basically, for any library that exports some global + * variables, the following code must be present in the header file that + * declares them, before OPENSSL_EXTERN is used: + * + * #ifdef SOME_BUILD_FLAG_MACRO + * # undef OPENSSL_EXTERN + * # define OPENSSL_EXTERN OPENSSL_EXPORT + * #endif + * + * The default is to have OPENSSL_EXPORT and OPENSSL_EXTERN + * have some generally sensible values. + */ + +# if defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) +# define OPENSSL_EXPORT extern __declspec(dllexport) +# define OPENSSL_EXTERN extern __declspec(dllimport) +# else +# define OPENSSL_EXPORT extern +# define OPENSSL_EXTERN extern +# endif + +/*- + * Macros to allow global variables to be reached through function calls when + * required (if a shared library version requires it, for example. + * The way it's done allows definitions like this: + * + * // in foobar.c + * OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0) + * // in foobar.h + * OPENSSL_DECLARE_GLOBAL(int,foobar); + * #define foobar OPENSSL_GLOBAL_REF(foobar) + */ +# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) \ + type *_shadow_##name(void) \ + { static type _hide_##name=value; return &_hide_##name; } +# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void) +# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name())) +# else +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) type _shadow_##name=value; +# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name +# define OPENSSL_GLOBAL_REF(name) _shadow_##name +# endif + +# ifdef _WIN32 +# ifdef _WIN64 +# define ossl_ssize_t __int64 +# define OSSL_SSIZE_MAX _I64_MAX +# else +# define ossl_ssize_t int +# define OSSL_SSIZE_MAX INT_MAX +# endif +# endif + +# if defined(OPENSSL_SYS_UEFI) && !defined(ossl_ssize_t) +# define ossl_ssize_t INTN +# define OSSL_SSIZE_MAX MAX_INTN +# endif + +# ifndef ossl_ssize_t +# define ossl_ssize_t ssize_t +# if defined(SSIZE_MAX) +# define OSSL_SSIZE_MAX SSIZE_MAX +# elif defined(_POSIX_SSIZE_MAX) +# define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX +# else +# define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX>>1)) +# endif +# endif + +# ifdef DEBUG_UNUSED +# define __owur __attribute__((__warn_unused_result__)) +# else +# define __owur +# endif + +/* Standard integer types */ +# if defined(OPENSSL_SYS_UEFI) +typedef INT8 int8_t; +typedef UINT8 uint8_t; +typedef INT16 int16_t; +typedef UINT16 uint16_t; +typedef INT32 int32_t; +typedef UINT32 uint32_t; +typedef INT64 int64_t; +typedef UINT64 uint64_t; +# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ + defined(__osf__) || defined(__sgi) || defined(__hpux) || \ + defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) +# include +# elif defined(_MSC_VER) && _MSC_VER<=1500 +/* + * minimally required typdefs for systems not supporting inttypes.h or + * stdint.h: currently just older VC++ + */ +typedef signed char int8_t; +typedef unsigned char uint8_t; +typedef short int16_t; +typedef unsigned short uint16_t; +typedef int int32_t; +typedef unsigned int uint32_t; +typedef __int64 int64_t; +typedef unsigned __int64 uint64_t; +# else +# include +# endif + +/* ossl_inline: portable inline definition usable in public headers */ +# if !defined(inline) && !defined(__cplusplus) +# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L + /* just use inline */ +# define ossl_inline inline +# elif defined(__GNUC__) && __GNUC__>=2 +# define ossl_inline __inline__ +# elif defined(_MSC_VER) + /* + * Visual Studio: inline is available in C++ only, however + * __inline is available for C, see + * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx + */ +# define ossl_inline __inline +# else +# define ossl_inline +# endif +# else +# define ossl_inline inline +# endif + +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L +# define ossl_noreturn _Noreturn +# elif defined(__GNUC__) && __GNUC__ >= 2 +# define ossl_noreturn __attribute__((noreturn)) +# else +# define ossl_noreturn +# endif + +/* ossl_unused: portable unused attribute for use in public headers */ +# if defined(__GNUC__) +# define ossl_unused __attribute__((unused)) +# else +# define ossl_unused +# endif + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/ebcdic.h b/deps/openssl/mingw64/include/openssl/ebcdic.h new file mode 100644 index 00000000..aa012855 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/ebcdic.h @@ -0,0 +1,33 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EBCDIC_H +# define HEADER_EBCDIC_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Avoid name clashes with other applications */ +# define os_toascii _openssl_os_toascii +# define os_toebcdic _openssl_os_toebcdic +# define ebcdic2ascii _openssl_ebcdic2ascii +# define ascii2ebcdic _openssl_ascii2ebcdic + +extern const unsigned char os_toascii[256]; +extern const unsigned char os_toebcdic[256]; +void *ebcdic2ascii(void *dest, const void *srce, size_t count); +void *ascii2ebcdic(void *dest, const void *srce, size_t count); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/ec.h b/deps/openssl/mingw64/include/openssl/ec.h new file mode 100644 index 00000000..5af9ebdc --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/ec.h @@ -0,0 +1,1479 @@ +/* + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EC_H +# define HEADER_EC_H + +# include + +# ifndef OPENSSL_NO_EC +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_ECC_MAX_FIELD_BITS +# define OPENSSL_ECC_MAX_FIELD_BITS 661 +# endif + +/** Enum for the point conversion form as defined in X9.62 (ECDSA) + * for the encoding of a elliptic curve point (x,y) */ +typedef enum { + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x04 */ + POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_HYBRID = 6 +} point_conversion_form_t; + +typedef struct ec_method_st EC_METHOD; +typedef struct ec_group_st EC_GROUP; +typedef struct ec_point_st EC_POINT; +typedef struct ecpk_parameters_st ECPKPARAMETERS; +typedef struct ec_parameters_st ECPARAMETERS; + +/********************************************************************/ +/* EC_METHODs for curves over GF(p) */ +/********************************************************************/ + +/** Returns the basic GFp ec methods which provides the basis for the + * optimized methods. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_simple_method(void); + +/** Returns GFp methods using montgomery multiplication. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_mont_method(void); + +/** Returns GFp methods using optimized methods for NIST recommended curves + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nist_method(void); + +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/** Returns 64-bit optimized methods for nistp224 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp224_method(void); + +/** Returns 64-bit optimized methods for nistp256 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp256_method(void); + +/** Returns 64-bit optimized methods for nistp521 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp521_method(void); +# endif + +# ifndef OPENSSL_NO_EC2M +/********************************************************************/ +/* EC_METHOD for curves over GF(2^m) */ +/********************************************************************/ + +/** Returns the basic GF2m ec method + * \return EC_METHOD object + */ +const EC_METHOD *EC_GF2m_simple_method(void); + +# endif + +/********************************************************************/ +/* EC_GROUP functions */ +/********************************************************************/ + +/** Creates a new EC_GROUP object + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + +/** Frees a EC_GROUP object + * \param group EC_GROUP object to be freed. + */ +void EC_GROUP_free(EC_GROUP *group); + +/** Clears and frees a EC_GROUP object + * \param group EC_GROUP object to be cleared and freed. + */ +void EC_GROUP_clear_free(EC_GROUP *group); + +/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. + * \param dst destination EC_GROUP object + * \param src source EC_GROUP object + * \return 1 on success and 0 if an error occurred. + */ +int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + +/** Creates a new EC_GROUP object and copies the copies the content + * form src to the newly created EC_KEY object + * \param src source EC_GROUP object + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + +/** Returns the EC_METHOD of the EC_GROUP object. + * \param group EC_GROUP object + * \return EC_METHOD used in this EC_GROUP object. + */ +const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + +/** Returns the field type of the EC_METHOD. + * \param meth EC_METHOD object + * \return NID of the underlying field type OID. + */ +int EC_METHOD_get_field_type(const EC_METHOD *meth); + +/** Sets the generator and its order/cofactor of a EC_GROUP object. + * \param group EC_GROUP object + * \param generator EC_POINT object with the generator. + * \param order the order of the group generated by the generator. + * \param cofactor the index of the sub-group generated by the generator + * in the group of all points on the elliptic curve. + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, + const BIGNUM *order, const BIGNUM *cofactor); + +/** Returns the generator of a EC_GROUP object. + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). + */ +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + +/** Returns the montgomery data for order(Generator) + * \param group EC_GROUP object + * \return the currently used montgomery data (possibly NULL). +*/ +BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); + +/** Gets the order of a EC_GROUP + * \param group EC_GROUP object + * \param order BIGNUM to which the order is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + +/** Gets the order of an EC_GROUP + * \param group EC_GROUP object + * \return the group order + */ +const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); + +/** Gets the number of bits of the order of an EC_GROUP + * \param group EC_GROUP object + * \return number of bits of group order. + */ +int EC_GROUP_order_bits(const EC_GROUP *group); + +/** Gets the cofactor of a EC_GROUP + * \param group EC_GROUP object + * \param cofactor BIGNUM to which the cofactor is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, + BN_CTX *ctx); + +/** Gets the cofactor of an EC_GROUP + * \param group EC_GROUP object + * \return the group cofactor + */ +const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); + +/** Sets the name of a EC_GROUP object + * \param group EC_GROUP object + * \param nid NID of the curve name OID + */ +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + +/** Returns the curve name of a EC_GROUP object + * \param group EC_GROUP object + * \return NID of the curve name OID or 0 if not set. + */ +int EC_GROUP_get_curve_name(const EC_GROUP *group); + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, + point_conversion_form_t form); +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +size_t EC_GROUP_get_seed_len(const EC_GROUP *); +size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + +/** Sets the parameters of a ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); + +/** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) + +# ifndef OPENSSL_NO_EC2M +/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) +# endif +/** Returns the number of bits needed to represent a field element + * \param group EC_GROUP object + * \return number of bits needed to represent a field element + */ +int EC_GROUP_get_degree(const EC_GROUP *group); + +/** Checks whether the parameter in the EC_GROUP define a valid ec group + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if group is a valid ec group and 0 otherwise + */ +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + +/** Checks whether the discriminant of the elliptic curve is zero or not + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if the discriminant is not zero and 0 otherwise + */ +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + +/** Compares two EC_GROUP objects + * \param a first EC_GROUP object + * \param b second EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 0 if the groups are equal, 1 if not, or -1 on error + */ +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + +/* + * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after + * choosing an appropriate EC_METHOD + */ + +/** Creates a new EC_GROUP object with the specified parameters defined + * over GFp (defined by the equation y^2 = x^3 + a*x + b) + * \param p BIGNUM with the prime number + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# ifndef OPENSSL_NO_EC2M +/** Creates a new EC_GROUP object with the specified parameters defined + * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# endif + +/** Creates a EC_GROUP object with a curve specified by a NID + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + +/** Creates a new EC_GROUP object from an ECPARAMETERS object + * \param params pointer to the ECPARAMETERS object + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params); + +/** Creates an ECPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPARAMETERS object or NULL + * \return pointer to the new ECPARAMETERS object or NULL + * if an error occurred. + */ +ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + ECPARAMETERS *params); + +/** Creates a new EC_GROUP object from an ECPKPARAMETERS object + * \param params pointer to an existing ECPKPARAMETERS object, or NULL + * \return newly created EC_GROUP object with specified curve, or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params); + +/** Creates an ECPKPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPKPARAMETERS object or NULL + * \return pointer to the new ECPKPARAMETERS object or NULL + * if an error occurred. + */ +ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, + ECPKPARAMETERS *params); + +/********************************************************************/ +/* handling of internal curves */ +/********************************************************************/ + +typedef struct { + int nid; + const char *comment; +} EC_builtin_curve; + +/* + * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all + * available curves or zero if a error occurred. In case r is not zero, + * nitems EC_builtin_curve structures are filled with the data of the first + * nitems internal groups + */ +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + +const char *EC_curve_nid2nist(int nid); +int EC_curve_nist2nid(const char *name); + +/********************************************************************/ +/* EC_POINT functions */ +/********************************************************************/ + +/** Creates a new EC_POINT object for the specified EC_GROUP + * \param group EC_GROUP the underlying EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_new(const EC_GROUP *group); + +/** Frees a EC_POINT object + * \param point EC_POINT object to be freed + */ +void EC_POINT_free(EC_POINT *point); + +/** Clears and frees a EC_POINT object + * \param point EC_POINT object to be cleared and freed + */ +void EC_POINT_clear_free(EC_POINT *point); + +/** Copies EC_POINT object + * \param dst destination EC_POINT object + * \param src source EC_POINT object + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + +/** Creates a new EC_POINT object and copies the content of the supplied + * EC_POINT + * \param src source EC_POINT object + * \param group underlying the EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + +/** Returns the EC_METHOD used in EC_POINT object + * \param point EC_POINT object + * \return the EC_METHOD used + */ +const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + +/** Sets a point to infinity (neutral element) + * \param group underlying EC_GROUP object + * \param point EC_POINT to set to infinity + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + +/** Sets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param z BIGNUM with the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, + const BIGNUM *y, const BIGNUM *z, + BN_CTX *ctx); + +/** Gets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param z BIGNUM for the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, + BIGNUM *y, BIGNUM *z, + BN_CTX *ctx); + +/** Sets the affine coordinates of an EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx); + +/** Gets the affine coordinates of an EC_POINT. + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, + BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) +# ifndef OPENSSL_NO_EC2M +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) +# endif +/** Encodes a EC_POINT object to a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param form point conversion form + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Decodes a EC_POINT from a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Encodes an EC_POINT object to an allocated octet string + * \param group underlying EC_GROUP object + * \param point EC_POINT object + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, + point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/* other interfaces to point2oct/oct2point: */ +BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); +EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); +char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); +EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + +/********************************************************************/ +/* functions for doing EC_POINT arithmetic */ +/********************************************************************/ + +/** Computes the sum of two EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = a + b) + * \param a EC_POINT object with the first summand + * \param b EC_POINT object with the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx); + +/** Computes the double of a EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = 2 * a) + * \param a EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + BN_CTX *ctx); + +/** Computes the inverse of a EC_POINT + * \param group underlying EC_GROUP object + * \param a EC_POINT object to be inverted (it's used for the result as well) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + +/** Checks whether the point is the neutral element of the group + * \param group the underlying EC_GROUP object + * \param p EC_POINT object + * \return 1 if the point is the neutral element and 0 otherwise + */ +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + +/** Checks whether the point is on the curve + * \param group underlying EC_GROUP object + * \param point EC_POINT object to check + * \param ctx BN_CTX object (optional) + * \return 1 if the point is on the curve, 0 if not, or -1 on error + */ +int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, + BN_CTX *ctx); + +/** Compares two EC_POINTs + * \param group underlying EC_GROUP object + * \param a first EC_POINT object + * \param b second EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 if the points are not equal, 0 if they are, or -1 on error + */ +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, + BN_CTX *ctx); + +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx); + +/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i] + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param num number further summands + * \param p array of size num of EC_POINT objects + * \param m array of size num of BIGNUM objects + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + size_t num, const EC_POINT *p[], const BIGNUM *m[], + BN_CTX *ctx); + +/** Computes r = generator * n + q * m + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param q EC_POINT object with the first factor of the second summand + * \param m BIGNUM with the second factor of the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + +/** Stores multiples of generator for faster point multiplication + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + +/** Reports whether a precomputation has been done + * \param group EC_GROUP object + * \return 1 if a pre-computation has been done and 0 otherwise + */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + +/********************************************************************/ +/* ASN1 stuff */ +/********************************************************************/ + +DECLARE_ASN1_ITEM(ECPKPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS) +DECLARE_ASN1_ITEM(ECPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) + +/* + * EC_GROUP_get_basis_type() returns the NID of the basis type used to + * represent the field elements + */ +int EC_GROUP_get_basis_type(const EC_GROUP *); +# ifndef OPENSSL_NO_EC2M +int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); +# endif + +# define OPENSSL_EC_EXPLICIT_CURVE 0x000 +# define OPENSSL_EC_NAMED_CURVE 0x001 + +EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); +int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + +# define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) +# define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) +# define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ + (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) +# define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ + (unsigned char *)(x)) + +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +# ifndef OPENSSL_NO_STDIO +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +# endif + +/********************************************************************/ +/* EC_KEY functions */ +/********************************************************************/ + +/* some values for the encoding_flag */ +# define EC_PKEY_NO_PARAMETERS 0x001 +# define EC_PKEY_NO_PUBKEY 0x002 + +/* some values for the flags field */ +# define EC_FLAG_NON_FIPS_ALLOW 0x1 +# define EC_FLAG_FIPS_CHECKED 0x2 +# define EC_FLAG_COFACTOR_ECDH 0x1000 + +/** Creates a new EC_KEY object. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new(void); + +int EC_KEY_get_flags(const EC_KEY *key); + +void EC_KEY_set_flags(EC_KEY *key, int flags); + +void EC_KEY_clear_flags(EC_KEY *key, int flags); + +/** Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new_by_curve_name(int nid); + +/** Frees a EC_KEY object. + * \param key EC_KEY object to be freed. + */ +void EC_KEY_free(EC_KEY *key); + +/** Copies a EC_KEY object. + * \param dst destination EC_KEY object + * \param src src EC_KEY object + * \return dst or NULL if an error occurred. + */ +EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + +/** Creates a new EC_KEY object and copies the content from src to it. + * \param src the source EC_KEY object + * \return newly created EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_dup(const EC_KEY *src); + +/** Increases the internal reference count of a EC_KEY object. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_up_ref(EC_KEY *key); + +/** Returns the ENGINE object of a EC_KEY object + * \param eckey EC_KEY object + * \return the ENGINE object (possibly NULL). + */ +ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); + +/** Returns the EC_GROUP object of a EC_KEY object + * \param key EC_KEY object + * \return the EC_GROUP object (possibly NULL). + */ +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + +/** Sets the EC_GROUP of a EC_KEY object. + * \param key EC_KEY object + * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY + * object will use an own copy of the EC_GROUP). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + +/** Returns the private key of a EC_KEY object. + * \param key EC_KEY object + * \return a BIGNUM with the private key (possibly NULL). + */ +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + +/** Sets the private key of a EC_KEY object. + * \param key EC_KEY object + * \param prv BIGNUM with the private key (note: the EC_KEY object + * will use an own copy of the BIGNUM). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + +/** Returns the public key of a EC_KEY object. + * \param key the EC_KEY object + * \return a EC_POINT object with the public key (possibly NULL) + */ +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + +/** Sets the public key of a EC_KEY object. + * \param key EC_KEY object + * \param pub EC_POINT object with the public key (note: the EC_KEY object + * will use an own copy of the EC_POINT object). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + +unsigned EC_KEY_get_enc_flags(const EC_KEY *key); +void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); + +#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) +int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); +void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); + +/* wrapper functions for the underlying EC_GROUP object */ +void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + +/** Creates a table of pre-computed multiples of the generator to + * accelerate further EC_KEY operations. + * \param key EC_KEY object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + +/** Creates a new ec private (and optional a new public) key. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_generate_key(EC_KEY *key); + +/** Verifies that a private and/or public key is valid. + * \param key the EC_KEY object + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_check_key(const EC_KEY *key); + +/** Indicates if an EC_KEY can be used for signing. + * \param eckey the EC_KEY object + * \return 1 if can can sign and 0 otherwise. + */ +int EC_KEY_can_sign(const EC_KEY *eckey); + +/** Sets a public key from affine coordinates performing + * necessary NIST PKV tests. + * \param key the EC_KEY object + * \param x public key x coordinate + * \param y public key y coordinate + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, + BIGNUM *y); + +/** Encodes an EC_KEY public key to an allocated octet string + * \param key key to encode + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/** Decodes a EC_KEY public key from a octet string + * \param key key to decode + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, + BN_CTX *ctx); + +/** Decodes an EC_KEY private key from an octet string + * \param key key to decode + * \param buf memory buffer with the encoded private key + * \param len length of the encoded key + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len); + +/** Encodes a EC_KEY private key to an octet string + * \param key key to encode + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ + +size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len); + +/** Encodes an EC_KEY private key to an allocated octet string + * \param eckey key to encode + * \param pbuf returns pointer to allocated buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); + +/********************************************************************/ +/* de- and encoding functions for SEC1 ECPrivateKey */ +/********************************************************************/ + +/** Decodes a private key from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded private key + * \param len length of the DER encoded private key + * \return the decoded private key or NULL if an error occurred. + */ +EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a private key object and stores the result in a buffer. + * \param key the EC_KEY object to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC parameters */ +/********************************************************************/ + +/** Decodes ec parameter from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded ec parameters + * \param len length of the DER encoded ec parameters + * \return a EC_KEY object with the decoded parameters or NULL if an error + * occurred. + */ +EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes ec parameter and stores the result in a buffer. + * \param key the EC_KEY object with ec parameters to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECParameters(EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC public key */ +/* (octet string, not DER -- hence 'o2i' and 'i2o') */ +/********************************************************************/ + +/** Decodes a ec public key from a octet string. + * \param key a pointer to a EC_KEY object which should be used + * \param in memory buffer with the encoded public key + * \param len length of the encoded public key + * \return EC_KEY object with decoded public key or NULL if an error + * occurred. + */ +EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a ec public key in an octet string. + * \param key the EC_KEY object with the public key + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred + */ +int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); + +/** Prints out the ec parameters on human readable form. + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print(BIO *bp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + +# ifndef OPENSSL_NO_STDIO +/** Prints out the ec parameters on human readable form. + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + +# endif + +const EC_KEY_METHOD *EC_KEY_OpenSSL(void); +const EC_KEY_METHOD *EC_KEY_get_default_method(void); +void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); +const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +EC_KEY *EC_KEY_new_method(ENGINE *engine); + +/** The old name for ecdh_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md); + +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + const EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, + void *out, size_t *outlen)); + +typedef struct ECDSA_SIG_st ECDSA_SIG; + +/** Allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_SIG_new(void); + +/** frees a ECDSA_SIG structure + * \param sig pointer to the ECDSA_SIG structure + */ +void ECDSA_SIG_free(ECDSA_SIG *sig); + +/** DER encode content of ECDSA_SIG object (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param sig pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or a negative value + * on error + */ +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); + +/** Decodes a DER encoded ECDSA signature (note: this function changes *pp + * (*pp += len)). + * \param sig pointer to ECDSA_SIG pointer (may be NULL) + * \param pp memory buffer with the DER encoded signature + * \param len length of the buffer + * \return pointer to the decoded ECDSA_SIG structure (or NULL) + */ +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); + +/** Accessor for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param pr pointer to BIGNUM pointer for r (may be NULL) + * \param ps pointer to BIGNUM pointer for s (may be NULL) + */ +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + +/** Accessor for r field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); + +/** Accessor for s field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); + +/** Setter for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param r pointer to BIGNUM for r (may be NULL) + * \param s pointer to BIGNUM for s (may be NULL) + */ +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +/** Computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, + EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, + EC_KEY *eckey); + +/** Verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig ECDSA_SIG structure + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); + +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); + +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); + +/** Returns the maximum length of the DER encoded signature + * \param eckey EC_KEY object + * \return numbers of bytes required for the DER encoded signature + */ +int ECDSA_size(const EC_KEY *eckey); + +/********************************************************************/ +/* EC_KEY_METHOD constructors, destructors, writers and accessors */ +/********************************************************************/ + +EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); +void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); +void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, + const EC_POINT *pub_key)); + +void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, + int (*keygen)(EC_KEY *key)); + +void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, + int (*ckey)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)); + +void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, + int (*sign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); + +void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, + const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, + const EC_POINT *pub_key)); + +void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, + int (**pkeygen)(EC_KEY *key)); + +void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, + int (**pck)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)); + +void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, + int (**psign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); + +# define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) + +# ifndef __cplusplus +# if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +# endif +# endif + +# define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + +# define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL) + +# define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL) + +# define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL) + +# define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, \ + (void *)(plen)) + +# define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)(p)) + +# define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)(p)) + +/* SM2 will skip the operation check so no need to pass operation here */ +# define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id)) + +# define EVP_PKEY_CTX_get1_id(ctx, id) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id)) + +# define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len)) + +# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SET1_ID (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET1_ID (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13) +/* KDF types */ +# define EVP_PKEY_ECDH_KDF_NONE 1 +# define EVP_PKEY_ECDH_KDF_X9_63 2 +/** The old name for EVP_PKEY_ECDH_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/ecdh.h b/deps/openssl/mingw64/include/openssl/ecdh.h new file mode 100644 index 00000000..681f3d5e --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/ecdh.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/deps/openssl/mingw64/include/openssl/ecdsa.h b/deps/openssl/mingw64/include/openssl/ecdsa.h new file mode 100644 index 00000000..681f3d5e --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/ecdsa.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/deps/openssl/mingw64/include/openssl/ecerr.h b/deps/openssl/mingw64/include/openssl/ecerr.h new file mode 100644 index 00000000..f7b91834 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/ecerr.h @@ -0,0 +1,275 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ECERR_H +# define HEADER_ECERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_EC + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EC_strings(void); + +/* + * EC function codes. + */ +# define EC_F_BN_TO_FELEM 224 +# define EC_F_D2I_ECPARAMETERS 144 +# define EC_F_D2I_ECPKPARAMETERS 145 +# define EC_F_D2I_ECPRIVATEKEY 146 +# define EC_F_DO_EC_KEY_PRINT 221 +# define EC_F_ECDH_CMS_DECRYPT 238 +# define EC_F_ECDH_CMS_SET_SHARED_INFO 239 +# define EC_F_ECDH_COMPUTE_KEY 246 +# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 257 +# define EC_F_ECDSA_DO_SIGN_EX 251 +# define EC_F_ECDSA_DO_VERIFY 252 +# define EC_F_ECDSA_SIGN_EX 254 +# define EC_F_ECDSA_SIGN_SETUP 248 +# define EC_F_ECDSA_SIG_NEW 265 +# define EC_F_ECDSA_VERIFY 253 +# define EC_F_ECD_ITEM_VERIFY 270 +# define EC_F_ECKEY_PARAM2TYPE 223 +# define EC_F_ECKEY_PARAM_DECODE 212 +# define EC_F_ECKEY_PRIV_DECODE 213 +# define EC_F_ECKEY_PRIV_ENCODE 214 +# define EC_F_ECKEY_PUB_DECODE 215 +# define EC_F_ECKEY_PUB_ENCODE 216 +# define EC_F_ECKEY_TYPE2PARAM 220 +# define EC_F_ECPARAMETERS_PRINT 147 +# define EC_F_ECPARAMETERS_PRINT_FP 148 +# define EC_F_ECPKPARAMETERS_PRINT 149 +# define EC_F_ECPKPARAMETERS_PRINT_FP 150 +# define EC_F_ECP_NISTZ256_GET_AFFINE 240 +# define EC_F_ECP_NISTZ256_INV_MOD_ORD 275 +# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 +# define EC_F_ECP_NISTZ256_POINTS_MUL 241 +# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 +# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 +# define EC_F_ECX_KEY_OP 266 +# define EC_F_ECX_PRIV_ENCODE 267 +# define EC_F_ECX_PUB_ENCODE 268 +# define EC_F_EC_ASN1_GROUP2CURVE 153 +# define EC_F_EC_ASN1_GROUP2FIELDID 154 +# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 +# define EC_F_EC_GF2M_SIMPLE_FIELD_INV 296 +# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 +# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 +# define EC_F_EC_GF2M_SIMPLE_LADDER_POST 285 +# define EC_F_EC_GF2M_SIMPLE_LADDER_PRE 288 +# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 +# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 +# define EC_F_EC_GF2M_SIMPLE_POINTS_MUL 289 +# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 +# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 +# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 +# define EC_F_EC_GFP_MONT_FIELD_DECODE 133 +# define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 +# define EC_F_EC_GFP_MONT_FIELD_INV 297 +# define EC_F_EC_GFP_MONT_FIELD_MUL 131 +# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 +# define EC_F_EC_GFP_MONT_FIELD_SQR 132 +# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 +# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 +# define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 +# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 +# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 230 +# define EC_F_EC_GFP_NISTP256_POINTS_MUL 231 +# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232 +# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 233 +# define EC_F_EC_GFP_NISTP521_POINTS_MUL 234 +# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235 +# define EC_F_EC_GFP_NIST_FIELD_MUL 200 +# define EC_F_EC_GFP_NIST_FIELD_SQR 201 +# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 +# define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 287 +# define EC_F_EC_GFP_SIMPLE_FIELD_INV 298 +# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 +# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 +# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 +# define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 +# define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 +# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 +# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 +# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 +# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 +# define EC_F_EC_GROUP_CHECK 170 +# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 +# define EC_F_EC_GROUP_COPY 106 +# define EC_F_EC_GROUP_GET_CURVE 291 +# define EC_F_EC_GROUP_GET_CURVE_GF2M 172 +# define EC_F_EC_GROUP_GET_CURVE_GFP 130 +# define EC_F_EC_GROUP_GET_DEGREE 173 +# define EC_F_EC_GROUP_GET_ECPARAMETERS 261 +# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 262 +# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 +# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 +# define EC_F_EC_GROUP_NEW 108 +# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 +# define EC_F_EC_GROUP_NEW_FROM_DATA 175 +# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 263 +# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 264 +# define EC_F_EC_GROUP_SET_CURVE 292 +# define EC_F_EC_GROUP_SET_CURVE_GF2M 176 +# define EC_F_EC_GROUP_SET_CURVE_GFP 109 +# define EC_F_EC_GROUP_SET_GENERATOR 111 +# define EC_F_EC_GROUP_SET_SEED 286 +# define EC_F_EC_KEY_CHECK_KEY 177 +# define EC_F_EC_KEY_COPY 178 +# define EC_F_EC_KEY_GENERATE_KEY 179 +# define EC_F_EC_KEY_NEW 182 +# define EC_F_EC_KEY_NEW_METHOD 245 +# define EC_F_EC_KEY_OCT2PRIV 255 +# define EC_F_EC_KEY_PRINT 180 +# define EC_F_EC_KEY_PRINT_FP 181 +# define EC_F_EC_KEY_PRIV2BUF 279 +# define EC_F_EC_KEY_PRIV2OCT 256 +# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 +# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258 +# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 259 +# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 260 +# define EC_F_EC_PKEY_CHECK 273 +# define EC_F_EC_PKEY_PARAM_CHECK 274 +# define EC_F_EC_POINTS_MAKE_AFFINE 136 +# define EC_F_EC_POINTS_MUL 290 +# define EC_F_EC_POINT_ADD 112 +# define EC_F_EC_POINT_BN2POINT 280 +# define EC_F_EC_POINT_CMP 113 +# define EC_F_EC_POINT_COPY 114 +# define EC_F_EC_POINT_DBL 115 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES 293 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 +# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 +# define EC_F_EC_POINT_INVERT 210 +# define EC_F_EC_POINT_IS_AT_INFINITY 118 +# define EC_F_EC_POINT_IS_ON_CURVE 119 +# define EC_F_EC_POINT_MAKE_AFFINE 120 +# define EC_F_EC_POINT_NEW 121 +# define EC_F_EC_POINT_OCT2POINT 122 +# define EC_F_EC_POINT_POINT2BUF 281 +# define EC_F_EC_POINT_POINT2OCT 123 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES 294 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES 295 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 +# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 +# define EC_F_EC_POINT_SET_TO_INFINITY 127 +# define EC_F_EC_PRE_COMP_NEW 196 +# define EC_F_EC_SCALAR_MUL_LADDER 284 +# define EC_F_EC_WNAF_MUL 187 +# define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 +# define EC_F_I2D_ECPARAMETERS 190 +# define EC_F_I2D_ECPKPARAMETERS 191 +# define EC_F_I2D_ECPRIVATEKEY 192 +# define EC_F_I2O_ECPUBLICKEY 151 +# define EC_F_NISTP224_PRE_COMP_NEW 227 +# define EC_F_NISTP256_PRE_COMP_NEW 236 +# define EC_F_NISTP521_PRE_COMP_NEW 237 +# define EC_F_O2I_ECPUBLICKEY 152 +# define EC_F_OLD_EC_PRIV_DECODE 222 +# define EC_F_OSSL_ECDH_COMPUTE_KEY 247 +# define EC_F_OSSL_ECDSA_SIGN_SIG 249 +# define EC_F_OSSL_ECDSA_VERIFY_SIG 250 +# define EC_F_PKEY_ECD_CTRL 271 +# define EC_F_PKEY_ECD_DIGESTSIGN 272 +# define EC_F_PKEY_ECD_DIGESTSIGN25519 276 +# define EC_F_PKEY_ECD_DIGESTSIGN448 277 +# define EC_F_PKEY_ECX_DERIVE 269 +# define EC_F_PKEY_EC_CTRL 197 +# define EC_F_PKEY_EC_CTRL_STR 198 +# define EC_F_PKEY_EC_DERIVE 217 +# define EC_F_PKEY_EC_INIT 282 +# define EC_F_PKEY_EC_KDF_DERIVE 283 +# define EC_F_PKEY_EC_KEYGEN 199 +# define EC_F_PKEY_EC_PARAMGEN 219 +# define EC_F_PKEY_EC_SIGN 218 +# define EC_F_VALIDATE_ECX_DERIVE 278 + +/* + * EC reason codes. + */ +# define EC_R_ASN1_ERROR 115 +# define EC_R_BAD_SIGNATURE 156 +# define EC_R_BIGNUM_OUT_OF_RANGE 144 +# define EC_R_BUFFER_TOO_SMALL 100 +# define EC_R_CANNOT_INVERT 165 +# define EC_R_COORDINATES_OUT_OF_RANGE 146 +# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 +# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 +# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +# define EC_R_DECODE_ERROR 142 +# define EC_R_DISCRIMINANT_IS_ZERO 118 +# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +# define EC_R_FIELD_TOO_LARGE 143 +# define EC_R_GF2M_NOT_SUPPORTED 147 +# define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +# define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 +# define EC_R_INCOMPATIBLE_OBJECTS 101 +# define EC_R_INVALID_ARGUMENT 112 +# define EC_R_INVALID_COMPRESSED_POINT 110 +# define EC_R_INVALID_COMPRESSION_BIT 109 +# define EC_R_INVALID_CURVE 141 +# define EC_R_INVALID_DIGEST 151 +# define EC_R_INVALID_DIGEST_TYPE 138 +# define EC_R_INVALID_ENCODING 102 +# define EC_R_INVALID_FIELD 103 +# define EC_R_INVALID_FORM 104 +# define EC_R_INVALID_GROUP_ORDER 122 +# define EC_R_INVALID_KEY 116 +# define EC_R_INVALID_OUTPUT_LENGTH 161 +# define EC_R_INVALID_PEER_KEY 133 +# define EC_R_INVALID_PENTANOMIAL_BASIS 132 +# define EC_R_INVALID_PRIVATE_KEY 123 +# define EC_R_INVALID_TRINOMIAL_BASIS 137 +# define EC_R_KDF_PARAMETER_ERROR 148 +# define EC_R_KEYS_NOT_SET 140 +# define EC_R_LADDER_POST_FAILURE 136 +# define EC_R_LADDER_PRE_FAILURE 153 +# define EC_R_LADDER_STEP_FAILURE 162 +# define EC_R_MISSING_PARAMETERS 124 +# define EC_R_MISSING_PRIVATE_KEY 125 +# define EC_R_NEED_NEW_SETUP_VALUES 157 +# define EC_R_NOT_A_NIST_PRIME 135 +# define EC_R_NOT_IMPLEMENTED 126 +# define EC_R_NOT_INITIALIZED 111 +# define EC_R_NO_PARAMETERS_SET 139 +# define EC_R_NO_PRIVATE_VALUE 154 +# define EC_R_OPERATION_NOT_SUPPORTED 152 +# define EC_R_PASSED_NULL_PARAMETER 134 +# define EC_R_PEER_KEY_ERROR 149 +# define EC_R_PKPARAMETERS2GROUP_FAILURE 127 +# define EC_R_POINT_ARITHMETIC_FAILURE 155 +# define EC_R_POINT_AT_INFINITY 106 +# define EC_R_POINT_COORDINATES_BLIND_FAILURE 163 +# define EC_R_POINT_IS_NOT_ON_CURVE 107 +# define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 +# define EC_R_SHARED_INFO_ERROR 150 +# define EC_R_SLOT_FULL 108 +# define EC_R_UNDEFINED_GENERATOR 113 +# define EC_R_UNDEFINED_ORDER 128 +# define EC_R_UNKNOWN_COFACTOR 164 +# define EC_R_UNKNOWN_GROUP 129 +# define EC_R_UNKNOWN_ORDER 114 +# define EC_R_UNSUPPORTED_FIELD 131 +# define EC_R_WRONG_CURVE_PARAMETERS 145 +# define EC_R_WRONG_ORDER 130 + +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/engine.h b/deps/openssl/mingw64/include/openssl/engine.h new file mode 100644 index 00000000..0780f0fb --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/engine.h @@ -0,0 +1,751 @@ +/* + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENGINE_H +# define HEADER_ENGINE_H + +# include + +# ifndef OPENSSL_NO_ENGINE +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# include +# include +# include +# include +# include +# include +# include +# endif +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* + * These flags are used to control combinations of algorithm (methods) by + * bitwise "OR"ing. + */ +# define ENGINE_METHOD_RSA (unsigned int)0x0001 +# define ENGINE_METHOD_DSA (unsigned int)0x0002 +# define ENGINE_METHOD_DH (unsigned int)0x0004 +# define ENGINE_METHOD_RAND (unsigned int)0x0008 +# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 +# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +# define ENGINE_METHOD_EC (unsigned int)0x0800 +/* Obvious all-or-nothing cases. */ +# define ENGINE_METHOD_ALL (unsigned int)0xFFFF +# define ENGINE_METHOD_NONE (unsigned int)0x0000 + +/* + * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used + * internally to control registration of ENGINE implementations, and can be + * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to + * initialise registered ENGINEs if they are not already initialised. + */ +# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 + +/* ENGINE flags that can be set by ENGINE_set_flags(). */ +/* Not used */ +/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ + +/* + * This flag is for ENGINEs that wish to handle the various 'CMD'-related + * control commands on their own. Without this flag, ENGINE_ctrl() handles + * these control commands on behalf of the ENGINE using their "cmd_defns" + * data. + */ +# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 + +/* + * This flag is for ENGINEs who return new duplicate structures when found + * via "ENGINE_by_id()". When an ENGINE must store state (eg. if + * ENGINE_ctrl() commands are called in sequence as part of some stateful + * process like key-generation setup and execution), it can set this flag - + * then each attempt to obtain the ENGINE will result in it being copied into + * a new structure. Normally, ENGINEs don't declare this flag so + * ENGINE_by_id() just increments the existing ENGINE's structural reference + * count. + */ +# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 + +/* + * This flag if for an ENGINE that does not want its methods registered as + * part of ENGINE_register_all_complete() for example if the methods are not + * usable as default methods. + */ + +# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 + +/* + * ENGINEs can support their own command types, and these flags are used in + * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input + * each command expects. Currently only numeric and string input is + * supported. If a control command supports none of the _NUMERIC, _STRING, or + * _NO_INPUT options, then it is regarded as an "internal" control command - + * and not for use in config setting situations. As such, they're not + * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() + * access. Changes to this list of 'command types' should be reflected + * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). + */ + +/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ +# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +/* + * accepts string input (cast from 'void*' to 'const char *', 4th parameter + * to ENGINE_ctrl) + */ +# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +/* + * Indicates that the control command takes *no* input. Ie. the control + * command is unparameterised. + */ +# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +/* + * Indicates that the control command is internal. This control command won't + * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() + * function. + */ +# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 + +/* + * NB: These 3 control commands are deprecated and should not be used. + * ENGINEs relying on these commands should compile conditional support for + * compatibility (eg. if these symbols are defined) but should also migrate + * the same functionality to their own ENGINE-specific control functions that + * can be "discovered" by calling applications. The fact these control + * commands wouldn't be "executable" (ie. usable by text-based config) + * doesn't change the fact that application code can find and use them + * without requiring per-ENGINE hacking. + */ + +/* + * These flags are used to tell the ctrl function what should be done. All + * command numbers are shared between all engines, even if some don't make + * sense to some engines. In such a case, they do nothing but return the + * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. + */ +# define ENGINE_CTRL_SET_LOGSTREAM 1 +# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 +# define ENGINE_CTRL_HUP 3/* Close and reinitialise + * any handles/connections + * etc. */ +# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */ +# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used + * when calling the password + * callback and the user + * interface */ +# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration, + * given a string that + * represents a file name + * or so */ +# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given + * section in the already + * loaded configuration */ + +/* + * These control commands allow an application to deal with an arbitrary + * engine in a dynamic way. Warn: Negative return values indicate errors FOR + * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other + * commands, including ENGINE-specific command types, return zero for an + * error. An ENGINE can choose to implement these ctrl functions, and can + * internally manage things however it chooses - it does so by setting the + * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise + * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the + * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's + * ctrl() handler need only implement its own commands - the above "meta" + * commands will be taken care of. + */ + +/* + * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", + * then all the remaining control commands will return failure, so it is + * worth checking this first if the caller is trying to "discover" the + * engine's capabilities and doesn't want errors generated unnecessarily. + */ +# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 +/* + * Returns a positive command number for the first command supported by the + * engine. Returns zero if no ctrl commands are supported. + */ +# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +/* + * The 'long' argument specifies a command implemented by the engine, and the + * return value is the next command supported, or zero if there are no more. + */ +# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +/* + * The 'void*' argument is a command name (cast from 'const char *'), and the + * return value is the command that corresponds to it. + */ +# define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +/* + * The next two allow a command to be converted into its corresponding string + * form. In each case, the 'long' argument supplies the command. In the + * NAME_LEN case, the return value is the length of the command name (not + * counting a trailing EOL). In the NAME case, the 'void*' argument must be a + * string buffer large enough, and it will be populated with the name of the + * command (WITH a trailing EOL). + */ +# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +# define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +/* The next two are similar but give a "short description" of a command. */ +# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +# define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +/* + * With this command, the return value is the OR'd combination of + * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given + * engine-specific ctrl command expects. + */ +# define ENGINE_CTRL_GET_CMD_FLAGS 18 + +/* + * ENGINE implementations should start the numbering of their own control + * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). + */ +# define ENGINE_CMD_BASE 200 + +/* + * NB: These 2 nCipher "chil" control commands are deprecated, and their + * functionality is now available through ENGINE-specific control commands + * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 + * commands should be migrated to the more general command handling before + * these are removed. + */ + +/* Flags specific to the nCipher "chil" engine */ +# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 + /* + * Depending on the value of the (long)i argument, this sets or + * unsets the SimpleForkCheck flag in the CHIL API to enable or + * disable checking and workarounds for applications that fork(). + */ +# define ENGINE_CTRL_CHIL_NO_LOCKING 101 + /* + * This prevents the initialisation function from providing mutex + * callbacks to the nCipher library. + */ + +/* + * If an ENGINE supports its own specific control commands and wishes the + * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on + * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN + * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl() + * handler that supports the stated commands (ie. the "cmd_num" entries as + * described by the array). NB: The array must be ordered in increasing order + * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element + * has cmd_num set to zero and/or cmd_name set to NULL. + */ +typedef struct ENGINE_CMD_DEFN_st { + unsigned int cmd_num; /* The command number */ + const char *cmd_name; /* The command name itself */ + const char *cmd_desc; /* A short description of the command */ + unsigned int cmd_flags; /* The input the command expects */ +} ENGINE_CMD_DEFN; + +/* Generic function pointer */ +typedef int (*ENGINE_GEN_FUNC_PTR) (void); +/* Generic function pointer taking no arguments */ +typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *); +/* Specific control function pointer */ +typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *, + void (*f) (void)); +/* Generic load_key function pointer */ +typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, + UI_METHOD *ui_method, + void *callback_data); +typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, + X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, + void *callback_data); +/*- + * These callback types are for an ENGINE's handler for cipher and digest logic. + * These handlers have these prototypes; + * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); + * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); + * Looking at how to implement these handlers in the case of cipher support, if + * the framework wants the EVP_CIPHER for 'nid', it will call; + * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure) + * If the framework wants a list of supported 'nid's, it will call; + * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) + */ +/* + * Returns to a pointer to the array of supported cipher 'nid's. If the + * second parameter is non-NULL it is set to the size of the returned array. + */ +typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **, + const int **, int); +typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **, + int); +typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **, + const int **, int); +typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **, + const int **, int); +/* + * STRUCTURE functions ... all of these functions deal with pointers to + * ENGINE structures where the pointers have a "structural reference". This + * means that their reference is to allowed access to the structure but it + * does not imply that the structure is functional. To simply increment or + * decrement the structural reference count, use ENGINE_by_id and + * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next + * as it will automatically decrement the structural reference count of the + * "current" ENGINE and increment the structural reference count of the + * ENGINE it returns (unless it is NULL). + */ + +/* Get the first/last "ENGINE" type available. */ +ENGINE *ENGINE_get_first(void); +ENGINE *ENGINE_get_last(void); +/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ +ENGINE *ENGINE_get_next(ENGINE *e); +ENGINE *ENGINE_get_prev(ENGINE *e); +/* Add another "ENGINE" type into the array. */ +int ENGINE_add(ENGINE *e); +/* Remove an existing "ENGINE" type from the array. */ +int ENGINE_remove(ENGINE *e); +/* Retrieve an engine from the list by its unique "id" value. */ +ENGINE *ENGINE_by_id(const char *id); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define ENGINE_load_openssl() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) +# define ENGINE_load_dynamic() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) +# ifndef OPENSSL_NO_STATIC_ENGINE +# define ENGINE_load_padlock() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) +# define ENGINE_load_capi() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) +# define ENGINE_load_afalg() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL) +# endif +# define ENGINE_load_cryptodev() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) +# define ENGINE_load_rdrand() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) +#endif +void ENGINE_load_builtin_engines(void); + +/* + * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation + * "registry" handling. + */ +unsigned int ENGINE_get_table_flags(void); +void ENGINE_set_table_flags(unsigned int flags); + +/*- Manage registration of ENGINEs per "table". For each type, there are 3 + * functions; + * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) + * ENGINE_unregister_***(e) - unregister the implementation from 'e' + * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list + * Cleanup is automatically registered from each table when required. + */ + +int ENGINE_register_RSA(ENGINE *e); +void ENGINE_unregister_RSA(ENGINE *e); +void ENGINE_register_all_RSA(void); + +int ENGINE_register_DSA(ENGINE *e); +void ENGINE_unregister_DSA(ENGINE *e); +void ENGINE_register_all_DSA(void); + +int ENGINE_register_EC(ENGINE *e); +void ENGINE_unregister_EC(ENGINE *e); +void ENGINE_register_all_EC(void); + +int ENGINE_register_DH(ENGINE *e); +void ENGINE_unregister_DH(ENGINE *e); +void ENGINE_register_all_DH(void); + +int ENGINE_register_RAND(ENGINE *e); +void ENGINE_unregister_RAND(ENGINE *e); +void ENGINE_register_all_RAND(void); + +int ENGINE_register_ciphers(ENGINE *e); +void ENGINE_unregister_ciphers(ENGINE *e); +void ENGINE_register_all_ciphers(void); + +int ENGINE_register_digests(ENGINE *e); +void ENGINE_unregister_digests(ENGINE *e); +void ENGINE_register_all_digests(void); + +int ENGINE_register_pkey_meths(ENGINE *e); +void ENGINE_unregister_pkey_meths(ENGINE *e); +void ENGINE_register_all_pkey_meths(void); + +int ENGINE_register_pkey_asn1_meths(ENGINE *e); +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); +void ENGINE_register_all_pkey_asn1_meths(void); + +/* + * These functions register all support from the above categories. Note, use + * of these functions can result in static linkage of code your application + * may not need. If you only need a subset of functionality, consider using + * more selective initialisation. + */ +int ENGINE_register_complete(ENGINE *e); +int ENGINE_register_all_complete(void); + +/* + * Send parameterised control commands to the engine. The possibilities to + * send down an integer, a pointer to data or a function pointer are + * provided. Any of the parameters may or may not be NULL, depending on the + * command number. In actuality, this function only requires a structural + * (rather than functional) reference to an engine, but many control commands + * may require the engine be functional. The caller should be aware of trying + * commands that require an operational ENGINE, and only use functional + * references in such situations. + */ +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); + +/* + * This function tests if an ENGINE-specific command is usable as a + * "setting". Eg. in an application's config file that gets processed through + * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to + * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). + */ +int ENGINE_cmd_is_executable(ENGINE *e, int cmd); + +/* + * This function works like ENGINE_ctrl() with the exception of taking a + * command name instead of a command number, and can handle optional + * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation + * on how to use the cmd_name and cmd_optional. + */ +int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, + long i, void *p, void (*f) (void), int cmd_optional); + +/* + * This function passes a command-name and argument to an ENGINE. The + * cmd_name is converted to a command number and the control command is + * called using 'arg' as an argument (unless the ENGINE doesn't support such + * a command, in which case no control command is called). The command is + * checked for input flags, and if necessary the argument will be converted + * to a numeric value. If cmd_optional is non-zero, then if the ENGINE + * doesn't support the given cmd_name the return value will be success + * anyway. This function is intended for applications to use so that users + * (or config files) can supply engine-specific config data to the ENGINE at + * run-time to control behaviour of specific engines. As such, it shouldn't + * be used for calling ENGINE_ctrl() functions that return data, deal with + * binary data, or that are otherwise supposed to be used directly through + * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl() + * operation in this function will be lost - the return value is interpreted + * as failure if the return value is zero, success otherwise, and this + * function returns a boolean value as a result. In other words, vendors of + * 'ENGINE'-enabled devices should write ENGINE implementations with + * parameterisations that work in this scheme, so that compliant ENGINE-based + * applications can work consistently with the same configuration for the + * same ENGINE-enabled devices, across applications. + */ +int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, + int cmd_optional); + +/* + * These functions are useful for manufacturing new ENGINE structures. They + * don't address reference counting at all - one uses them to populate an + * ENGINE structure with personalised implementations of things prior to + * using it directly or adding it to the builtin ENGINE list in OpenSSL. + * These are also here so that the ENGINE structure doesn't have to be + * exposed and break binary compatibility! + */ +ENGINE *ENGINE_new(void); +int ENGINE_free(ENGINE *e); +int ENGINE_up_ref(ENGINE *e); +int ENGINE_set_id(ENGINE *e, const char *id); +int ENGINE_set_name(ENGINE *e, const char *name); +int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth); +int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +int ENGINE_set_load_privkey_function(ENGINE *e, + ENGINE_LOAD_KEY_PTR loadpriv_f); +int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR + loadssl_f); +int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); +int ENGINE_set_flags(ENGINE *e, int flags); +int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +/* These functions allow control over any per-structure ENGINE data. */ +#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef) +int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +void *ENGINE_get_ex_data(const ENGINE *e, int idx); + +#if OPENSSL_API_COMPAT < 0x10100000L +/* + * This function previously cleaned up anything that needs it. Auto-deinit will + * now take care of it so it is no longer required to call this function. + */ +# define ENGINE_cleanup() while(0) continue +#endif + +/* + * These return values from within the ENGINE structure. These can be useful + * with functional references as well as structural references - it depends + * which you obtained. Using the result for functional purposes if you only + * obtained a structural reference may be problematic! + */ +const char *ENGINE_get_id(const ENGINE *e); +const char *ENGINE_get_name(const ENGINE *e); +const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e); +const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE + *e); +ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); +const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, + int len); +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, + int len); +const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +int ENGINE_get_flags(const ENGINE *e); + +/* + * FUNCTIONAL functions. These functions deal with ENGINE structures that + * have (or will) be initialised for use. Broadly speaking, the structural + * functions are useful for iterating the list of available engine types, + * creating new engine types, and other "list" operations. These functions + * actually deal with ENGINEs that are to be used. As such these functions + * can fail (if applicable) when particular engines are unavailable - eg. if + * a hardware accelerator is not attached or not functioning correctly. Each + * ENGINE has 2 reference counts; structural and functional. Every time a + * functional reference is obtained or released, a corresponding structural + * reference is automatically obtained or released too. + */ + +/* + * Initialise a engine type for use (or up its reference count if it's + * already in use). This will fail if the engine is not currently operational + * and cannot initialise. + */ +int ENGINE_init(ENGINE *e); +/* + * Free a functional reference to a engine type. This does not require a + * corresponding call to ENGINE_free as it also releases a structural + * reference. + */ +int ENGINE_finish(ENGINE *e); + +/* + * The following functions handle keys that are stored in some secondary + * location, handled by the engine. The storage may be on a card or + * whatever. + */ +EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, + EVP_PKEY **ppkey, STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data); + +/* + * This returns a pointer for the current ENGINE structure that is (by + * default) performing any RSA operations. The value returned is an + * incremented reference, so it should be free'd (ENGINE_finish) before it is + * discarded. + */ +ENGINE *ENGINE_get_default_RSA(void); +/* Same for the other "methods" */ +ENGINE *ENGINE_get_default_DSA(void); +ENGINE *ENGINE_get_default_EC(void); +ENGINE *ENGINE_get_default_DH(void); +ENGINE *ENGINE_get_default_RAND(void); +/* + * These functions can be used to get a functional reference to perform + * ciphering or digesting corresponding to "nid". + */ +ENGINE *ENGINE_get_cipher_engine(int nid); +ENGINE *ENGINE_get_digest_engine(int nid); +ENGINE *ENGINE_get_pkey_meth_engine(int nid); +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); + +/* + * This sets a new default ENGINE structure for performing RSA operations. If + * the result is non-zero (success) then the ENGINE structure will have had + * its reference count up'd so the caller should still free their own + * reference 'e'. + */ +int ENGINE_set_default_RSA(ENGINE *e); +int ENGINE_set_default_string(ENGINE *e, const char *def_list); +/* Same for the other "methods" */ +int ENGINE_set_default_DSA(ENGINE *e); +int ENGINE_set_default_EC(ENGINE *e); +int ENGINE_set_default_DH(ENGINE *e); +int ENGINE_set_default_RAND(ENGINE *e); +int ENGINE_set_default_ciphers(ENGINE *e); +int ENGINE_set_default_digests(ENGINE *e); +int ENGINE_set_default_pkey_meths(ENGINE *e); +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); + +/* + * The combination "set" - the flags are bitwise "OR"d from the + * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" + * function, this function can result in unnecessary static linkage. If your + * application requires only specific functionality, consider using more + * selective functions. + */ +int ENGINE_set_default(ENGINE *e, unsigned int flags); + +void ENGINE_add_conf_module(void); + +/* Deprecated functions ... */ +/* int ENGINE_clear_defaults(void); */ + +/**************************/ +/* DYNAMIC ENGINE SUPPORT */ +/**************************/ + +/* Binary/behaviour compatibility levels */ +# define OSSL_DYNAMIC_VERSION (unsigned long)0x00030000 +/* + * Binary versions older than this are too old for us (whether we're a loader + * or a loadee) + */ +# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00030000 + +/* + * When compiling an ENGINE entirely as an external shared library, loadable + * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' + * structure type provides the calling application's (or library's) error + * functionality and memory management function pointers to the loaded + * library. These should be used/set in the loaded library code so that the + * loading application's 'state' will be used/changed in all operations. The + * 'static_state' pointer allows the loaded library to know if it shares the + * same static data as the calling application (or library), and thus whether + * these callbacks need to be set or not. + */ +typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int); +typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int); +typedef void (*dyn_MEM_free_fn) (void *, const char *, int); +typedef struct st_dynamic_MEM_fns { + dyn_MEM_malloc_fn malloc_fn; + dyn_MEM_realloc_fn realloc_fn; + dyn_MEM_free_fn free_fn; +} dynamic_MEM_fns; +/* + * FIXME: Perhaps the memory and locking code (crypto.h) should declare and + * use these types so we (and any other dependent code) can simplify a bit?? + */ +/* The top-level structure */ +typedef struct st_dynamic_fns { + void *static_state; + dynamic_MEM_fns mem_fns; +} dynamic_fns; + +/* + * The version checking function should be of this prototype. NB: The + * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading + * code. If this function returns zero, it indicates a (potential) version + * incompatibility and the loaded library doesn't believe it can proceed. + * Otherwise, the returned value is the (latest) version supported by the + * loading library. The loader may still decide that the loaded code's + * version is unsatisfactory and could veto the load. The function is + * expected to be implemented with the symbol name "v_check", and a default + * implementation can be fully instantiated with + * IMPLEMENT_DYNAMIC_CHECK_FN(). + */ +typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); +# define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ + if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ + return 0; } + +/* + * This function is passed the ENGINE structure to initialise with its own + * function and command settings. It should not adjust the structural or + * functional reference counts. If this function returns zero, (a) the load + * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto + * the structure, and (c) the shared library will be unloaded. So + * implementations should do their own internal cleanup in failure + * circumstances otherwise they could leak. The 'id' parameter, if non-NULL, + * represents the ENGINE id that the loader is looking for. If this is NULL, + * the shared library can choose to return failure or to initialise a + * 'default' ENGINE. If non-NULL, the shared library must initialise only an + * ENGINE matching the passed 'id'. The function is expected to be + * implemented with the symbol name "bind_engine". A standard implementation + * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter + * 'fn' is a callback function that populates the ENGINE structure and + * returns an int value (zero for failure). 'fn' should have prototype; + * [static] int fn(ENGINE *e, const char *id); + */ +typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, + const dynamic_fns *fns); +# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ + CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ + fns->mem_fns.realloc_fn, \ + fns->mem_fns.free_fn); \ + skip_cbs: \ + if (!fn(e, id)) return 0; \ + return 1; } + +/* + * If the loading application (or library) and the loaded ENGINE library + * share the same static data (eg. they're both dynamically linked to the + * same libcrypto.so) we need a way to avoid trying to set system callbacks - + * this would fail, and for the same reason that it's unnecessary to try. If + * the loaded ENGINE has (or gets from through the loader) its own copy of + * the libcrypto static data, we will need to set the callbacks. The easiest + * way to detect this is to have a function that returns a pointer to some + * static data and let the loading application and loaded ENGINE compare + * their respective values. + */ +void *ENGINE_get_static_state(void); + +# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) +DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void)) +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/engineerr.h b/deps/openssl/mingw64/include/openssl/engineerr.h new file mode 100644 index 00000000..05e84bd2 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/engineerr.h @@ -0,0 +1,111 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENGINEERR_H +# define HEADER_ENGINEERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_ENGINE + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ENGINE_strings(void); + +/* + * ENGINE function codes. + */ +# define ENGINE_F_DIGEST_UPDATE 198 +# define ENGINE_F_DYNAMIC_CTRL 180 +# define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 +# define ENGINE_F_DYNAMIC_LOAD 182 +# define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 +# define ENGINE_F_ENGINE_ADD 105 +# define ENGINE_F_ENGINE_BY_ID 106 +# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 +# define ENGINE_F_ENGINE_CTRL 142 +# define ENGINE_F_ENGINE_CTRL_CMD 178 +# define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 +# define ENGINE_F_ENGINE_FINISH 107 +# define ENGINE_F_ENGINE_GET_CIPHER 185 +# define ENGINE_F_ENGINE_GET_DIGEST 186 +# define ENGINE_F_ENGINE_GET_FIRST 195 +# define ENGINE_F_ENGINE_GET_LAST 196 +# define ENGINE_F_ENGINE_GET_NEXT 115 +# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 +# define ENGINE_F_ENGINE_GET_PKEY_METH 192 +# define ENGINE_F_ENGINE_GET_PREV 116 +# define ENGINE_F_ENGINE_INIT 119 +# define ENGINE_F_ENGINE_LIST_ADD 120 +# define ENGINE_F_ENGINE_LIST_REMOVE 121 +# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 +# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 +# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 +# define ENGINE_F_ENGINE_NEW 122 +# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 197 +# define ENGINE_F_ENGINE_REMOVE 123 +# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 +# define ENGINE_F_ENGINE_SET_ID 129 +# define ENGINE_F_ENGINE_SET_NAME 130 +# define ENGINE_F_ENGINE_TABLE_REGISTER 184 +# define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 +# define ENGINE_F_ENGINE_UP_REF 190 +# define ENGINE_F_INT_CLEANUP_ITEM 199 +# define ENGINE_F_INT_CTRL_HELPER 172 +# define ENGINE_F_INT_ENGINE_CONFIGURE 188 +# define ENGINE_F_INT_ENGINE_MODULE_INIT 187 +# define ENGINE_F_OSSL_HMAC_INIT 200 + +/* + * ENGINE reason codes. + */ +# define ENGINE_R_ALREADY_LOADED 100 +# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 +# define ENGINE_R_CMD_NOT_EXECUTABLE 134 +# define ENGINE_R_COMMAND_TAKES_INPUT 135 +# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 +# define ENGINE_R_CONFLICTING_ENGINE_ID 103 +# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +# define ENGINE_R_DSO_FAILURE 104 +# define ENGINE_R_DSO_NOT_FOUND 132 +# define ENGINE_R_ENGINES_SECTION_ERROR 148 +# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 +# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 +# define ENGINE_R_ENGINE_SECTION_ERROR 149 +# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 +# define ENGINE_R_FINISH_FAILED 106 +# define ENGINE_R_ID_OR_NAME_MISSING 108 +# define ENGINE_R_INIT_FAILED 109 +# define ENGINE_R_INTERNAL_LIST_ERROR 110 +# define ENGINE_R_INVALID_ARGUMENT 143 +# define ENGINE_R_INVALID_CMD_NAME 137 +# define ENGINE_R_INVALID_CMD_NUMBER 138 +# define ENGINE_R_INVALID_INIT_VALUE 151 +# define ENGINE_R_INVALID_STRING 150 +# define ENGINE_R_NOT_INITIALISED 117 +# define ENGINE_R_NOT_LOADED 112 +# define ENGINE_R_NO_CONTROL_FUNCTION 120 +# define ENGINE_R_NO_INDEX 144 +# define ENGINE_R_NO_LOAD_FUNCTION 125 +# define ENGINE_R_NO_REFERENCE 130 +# define ENGINE_R_NO_SUCH_ENGINE 116 +# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 +# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 +# define ENGINE_R_VERSION_INCOMPATIBILITY 145 + +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/err.h b/deps/openssl/mingw64/include/openssl/err.h new file mode 100644 index 00000000..b49f8812 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/err.h @@ -0,0 +1,274 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ERR_H +# define HEADER_ERR_H + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# include +# endif + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_NO_ERR +# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) +# else +# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) +# endif + +# include + +# define ERR_TXT_MALLOCED 0x01 +# define ERR_TXT_STRING 0x02 + +# define ERR_FLAG_MARK 0x01 +# define ERR_FLAG_CLEAR 0x02 + +# define ERR_NUM_ERRORS 16 +typedef struct err_state_st { + int err_flags[ERR_NUM_ERRORS]; + unsigned long err_buffer[ERR_NUM_ERRORS]; + char *err_data[ERR_NUM_ERRORS]; + int err_data_flags[ERR_NUM_ERRORS]; + const char *err_file[ERR_NUM_ERRORS]; + int err_line[ERR_NUM_ERRORS]; + int top, bottom; +} ERR_STATE; + +/* library */ +# define ERR_LIB_NONE 1 +# define ERR_LIB_SYS 2 +# define ERR_LIB_BN 3 +# define ERR_LIB_RSA 4 +# define ERR_LIB_DH 5 +# define ERR_LIB_EVP 6 +# define ERR_LIB_BUF 7 +# define ERR_LIB_OBJ 8 +# define ERR_LIB_PEM 9 +# define ERR_LIB_DSA 10 +# define ERR_LIB_X509 11 +/* #define ERR_LIB_METH 12 */ +# define ERR_LIB_ASN1 13 +# define ERR_LIB_CONF 14 +# define ERR_LIB_CRYPTO 15 +# define ERR_LIB_EC 16 +# define ERR_LIB_SSL 20 +/* #define ERR_LIB_SSL23 21 */ +/* #define ERR_LIB_SSL2 22 */ +/* #define ERR_LIB_SSL3 23 */ +/* #define ERR_LIB_RSAREF 30 */ +/* #define ERR_LIB_PROXY 31 */ +# define ERR_LIB_BIO 32 +# define ERR_LIB_PKCS7 33 +# define ERR_LIB_X509V3 34 +# define ERR_LIB_PKCS12 35 +# define ERR_LIB_RAND 36 +# define ERR_LIB_DSO 37 +# define ERR_LIB_ENGINE 38 +# define ERR_LIB_OCSP 39 +# define ERR_LIB_UI 40 +# define ERR_LIB_COMP 41 +# define ERR_LIB_ECDSA 42 +# define ERR_LIB_ECDH 43 +# define ERR_LIB_OSSL_STORE 44 +# define ERR_LIB_FIPS 45 +# define ERR_LIB_CMS 46 +# define ERR_LIB_TS 47 +# define ERR_LIB_HMAC 48 +/* # define ERR_LIB_JPAKE 49 */ +# define ERR_LIB_CT 50 +# define ERR_LIB_ASYNC 51 +# define ERR_LIB_KDF 52 +# define ERR_LIB_SM2 53 + +# define ERR_LIB_USER 128 + +# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + +# define ERR_PACK(l,f,r) ( \ + (((unsigned int)(l) & 0x0FF) << 24L) | \ + (((unsigned int)(f) & 0xFFF) << 12L) | \ + (((unsigned int)(r) & 0xFFF) ) ) +# define ERR_GET_LIB(l) (int)(((l) >> 24L) & 0x0FFL) +# define ERR_GET_FUNC(l) (int)(((l) >> 12L) & 0xFFFL) +# define ERR_GET_REASON(l) (int)( (l) & 0xFFFL) +# define ERR_FATAL_ERROR(l) (int)( (l) & ERR_R_FATAL) + +/* OS functions */ +# define SYS_F_FOPEN 1 +# define SYS_F_CONNECT 2 +# define SYS_F_GETSERVBYNAME 3 +# define SYS_F_SOCKET 4 +# define SYS_F_IOCTLSOCKET 5 +# define SYS_F_BIND 6 +# define SYS_F_LISTEN 7 +# define SYS_F_ACCEPT 8 +# define SYS_F_WSASTARTUP 9/* Winsock stuff */ +# define SYS_F_OPENDIR 10 +# define SYS_F_FREAD 11 +# define SYS_F_GETADDRINFO 12 +# define SYS_F_GETNAMEINFO 13 +# define SYS_F_SETSOCKOPT 14 +# define SYS_F_GETSOCKOPT 15 +# define SYS_F_GETSOCKNAME 16 +# define SYS_F_GETHOSTBYNAME 17 +# define SYS_F_FFLUSH 18 +# define SYS_F_OPEN 19 +# define SYS_F_CLOSE 20 +# define SYS_F_IOCTL 21 +# define SYS_F_STAT 22 +# define SYS_F_FCNTL 23 +# define SYS_F_FSTAT 24 + +/* reasons */ +# define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ +# define ERR_R_BN_LIB ERR_LIB_BN/* 3 */ +# define ERR_R_RSA_LIB ERR_LIB_RSA/* 4 */ +# define ERR_R_DH_LIB ERR_LIB_DH/* 5 */ +# define ERR_R_EVP_LIB ERR_LIB_EVP/* 6 */ +# define ERR_R_BUF_LIB ERR_LIB_BUF/* 7 */ +# define ERR_R_OBJ_LIB ERR_LIB_OBJ/* 8 */ +# define ERR_R_PEM_LIB ERR_LIB_PEM/* 9 */ +# define ERR_R_DSA_LIB ERR_LIB_DSA/* 10 */ +# define ERR_R_X509_LIB ERR_LIB_X509/* 11 */ +# define ERR_R_ASN1_LIB ERR_LIB_ASN1/* 13 */ +# define ERR_R_EC_LIB ERR_LIB_EC/* 16 */ +# define ERR_R_BIO_LIB ERR_LIB_BIO/* 32 */ +# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */ +# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */ +# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */ +# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ +# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ +# define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */ + +# define ERR_R_NESTED_ASN1_ERROR 58 +# define ERR_R_MISSING_ASN1_EOS 63 + +/* fatal error */ +# define ERR_R_FATAL 64 +# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) +# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) +# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) +# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) +# define ERR_R_DISABLED (5|ERR_R_FATAL) +# define ERR_R_INIT_FAIL (6|ERR_R_FATAL) +# define ERR_R_PASSED_INVALID_ARGUMENT (7) +# define ERR_R_OPERATION_FAIL (8|ERR_R_FATAL) + +/* + * 99 is the maximum possible ERR_R_... code, higher values are reserved for + * the individual libraries + */ + +typedef struct ERR_string_data_st { + unsigned long error; + const char *string; +} ERR_STRING_DATA; + +DEFINE_LHASH_OF(ERR_STRING_DATA); + +void ERR_put_error(int lib, int func, int reason, const char *file, int line); +void ERR_set_error_data(char *data, int flags); + +unsigned long ERR_get_error(void); +unsigned long ERR_get_error_line(const char **file, int *line); +unsigned long ERR_get_error_line_data(const char **file, int *line, + const char **data, int *flags); +unsigned long ERR_peek_error(void); +unsigned long ERR_peek_error_line(const char **file, int *line); +unsigned long ERR_peek_error_line_data(const char **file, int *line, + const char **data, int *flags); +unsigned long ERR_peek_last_error(void); +unsigned long ERR_peek_last_error_line(const char **file, int *line); +unsigned long ERR_peek_last_error_line_data(const char **file, int *line, + const char **data, int *flags); +void ERR_clear_error(void); +char *ERR_error_string(unsigned long e, char *buf); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); +const char *ERR_lib_error_string(unsigned long e); +const char *ERR_func_error_string(unsigned long e); +const char *ERR_reason_error_string(unsigned long e); +void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); +# ifndef OPENSSL_NO_STDIO +void ERR_print_errors_fp(FILE *fp); +# endif +void ERR_print_errors(BIO *bp); +void ERR_add_error_data(int num, ...); +void ERR_add_error_vdata(int num, va_list args); +int ERR_load_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_strings_const(const ERR_STRING_DATA *str); +int ERR_unload_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_ERR_strings(void); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define ERR_load_crypto_strings() \ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# define ERR_free_strings() while(0) continue +#endif + +DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *)) +DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid)) +ERR_STATE *ERR_get_state(void); + +int ERR_get_next_error_library(void); + +int ERR_set_mark(void); +int ERR_pop_to_mark(void); +int ERR_clear_last_mark(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/evp.h b/deps/openssl/mingw64/include/openssl/evp.h new file mode 100644 index 00000000..a411f3f2 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/evp.h @@ -0,0 +1,1666 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENVELOPE_H +# define HEADER_ENVELOPE_H + +# include +# include +# include +# include +# include + +# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ +# define EVP_MAX_KEY_LENGTH 64 +# define EVP_MAX_IV_LENGTH 16 +# define EVP_MAX_BLOCK_LENGTH 32 + +# define PKCS5_SALT_LEN 8 +/* Default PKCS#5 iteration count */ +# define PKCS5_DEFAULT_ITER 2048 + +# include + +# define EVP_PK_RSA 0x0001 +# define EVP_PK_DSA 0x0002 +# define EVP_PK_DH 0x0004 +# define EVP_PK_EC 0x0008 +# define EVP_PKT_SIGN 0x0010 +# define EVP_PKT_ENC 0x0020 +# define EVP_PKT_EXCH 0x0040 +# define EVP_PKS_RSA 0x0100 +# define EVP_PKS_DSA 0x0200 +# define EVP_PKS_EC 0x0400 + +# define EVP_PKEY_NONE NID_undef +# define EVP_PKEY_RSA NID_rsaEncryption +# define EVP_PKEY_RSA2 NID_rsa +# define EVP_PKEY_RSA_PSS NID_rsassaPss +# define EVP_PKEY_DSA NID_dsa +# define EVP_PKEY_DSA1 NID_dsa_2 +# define EVP_PKEY_DSA2 NID_dsaWithSHA +# define EVP_PKEY_DSA3 NID_dsaWithSHA1 +# define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 +# define EVP_PKEY_DH NID_dhKeyAgreement +# define EVP_PKEY_DHX NID_dhpublicnumber +# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +# define EVP_PKEY_SM2 NID_sm2 +# define EVP_PKEY_HMAC NID_hmac +# define EVP_PKEY_CMAC NID_cmac +# define EVP_PKEY_SCRYPT NID_id_scrypt +# define EVP_PKEY_TLS1_PRF NID_tls1_prf +# define EVP_PKEY_HKDF NID_hkdf +# define EVP_PKEY_POLY1305 NID_poly1305 +# define EVP_PKEY_SIPHASH NID_siphash +# define EVP_PKEY_X25519 NID_X25519 +# define EVP_PKEY_ED25519 NID_ED25519 +# define EVP_PKEY_X448 NID_X448 +# define EVP_PKEY_ED448 NID_ED448 + +#ifdef __cplusplus +extern "C" { +#endif + +# define EVP_PKEY_MO_SIGN 0x0001 +# define EVP_PKEY_MO_VERIFY 0x0002 +# define EVP_PKEY_MO_ENCRYPT 0x0004 +# define EVP_PKEY_MO_DECRYPT 0x0008 + +# ifndef EVP_MD +EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +void EVP_MD_meth_free(EVP_MD *md); + +int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, + const void *data, + size_t count)); +int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, + unsigned char *md)); +int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, + const EVP_MD_CTX *from)); +int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2)); + +int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +int EVP_MD_meth_get_result_size(const EVP_MD *md); +int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, + const void *data, + size_t count); +int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, + unsigned char *md); +int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, + const EVP_MD_CTX *from); +int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2); + +/* digest can only handle a single block */ +# define EVP_MD_FLAG_ONESHOT 0x0001 + +/* digest is extensible-output function, XOF */ +# define EVP_MD_FLAG_XOF 0x0002 + +/* DigestAlgorithmIdentifier flags... */ + +# define EVP_MD_FLAG_DIGALGID_MASK 0x0018 + +/* NULL or absent parameter accepted. Use NULL */ + +# define EVP_MD_FLAG_DIGALGID_NULL 0x0000 + +/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ + +# define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 + +/* Custom handling via ctrl */ + +# define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 + +/* Note if suitable for use in FIPS mode */ +# define EVP_MD_FLAG_FIPS 0x0400 + +/* Digest ctrls */ + +# define EVP_MD_CTRL_DIGALGID 0x1 +# define EVP_MD_CTRL_MICALG 0x2 +# define EVP_MD_CTRL_XOF_LEN 0x3 + +/* Minimum Algorithm specific ctrl value */ + +# define EVP_MD_CTRL_ALG_CTRL 0x1000 + +# endif /* !EVP_MD */ + +/* values for EVP_MD_CTX flags */ + +# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be + * called once only */ +# define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been + * cleaned */ +# define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data + * in EVP_MD_CTX_reset */ +/* + * FIPS and pad options are ignored in 1.0.0, definitions are here so we + * don't accidentally reuse the values for other purposes. + */ + +# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS + * digest in FIPS mode */ + +/* + * The following PAD options are also currently ignored in 1.0.0, digest + * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() + * instead. + */ +# define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */ +# define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ +# define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ +# define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ + +# define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ +/* + * Some functions such as EVP_DigestSign only finalise copies of internal + * contexts so additional data can be included after the finalisation call. + * This is inefficient if this functionality is not required: it is disabled + * if the following flag is set. + */ +# define EVP_MD_CTX_FLAG_FINALISE 0x0200 +/* NOTE: 0x0400 is reserved for internal usage */ + +EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); + +int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, + int (*init) (EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc)); +int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, + int (*do_cipher) (EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl)); +int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, + int (*cleanup) (EVP_CIPHER_CTX *)); +int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, + int (*set_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, + int (*get_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, + int (*ctrl) (EVP_CIPHER_CTX *, int type, + int arg, void *ptr)); + +int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc); +int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl); +int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + int type, int arg, + void *ptr); + +/* Values for cipher flags */ + +/* Modes for ciphers */ + +# define EVP_CIPH_STREAM_CIPHER 0x0 +# define EVP_CIPH_ECB_MODE 0x1 +# define EVP_CIPH_CBC_MODE 0x2 +# define EVP_CIPH_CFB_MODE 0x3 +# define EVP_CIPH_OFB_MODE 0x4 +# define EVP_CIPH_CTR_MODE 0x5 +# define EVP_CIPH_GCM_MODE 0x6 +# define EVP_CIPH_CCM_MODE 0x7 +# define EVP_CIPH_XTS_MODE 0x10001 +# define EVP_CIPH_WRAP_MODE 0x10002 +# define EVP_CIPH_OCB_MODE 0x10003 +# define EVP_CIPH_MODE 0xF0007 +/* Set if variable length cipher */ +# define EVP_CIPH_VARIABLE_LENGTH 0x8 +/* Set if the iv handling should be done by the cipher itself */ +# define EVP_CIPH_CUSTOM_IV 0x10 +/* Set if the cipher's init() function should be called if key is NULL */ +# define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +/* Call ctrl() to init cipher parameters */ +# define EVP_CIPH_CTRL_INIT 0x40 +/* Don't use standard key length function */ +# define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 +/* Don't use standard block padding */ +# define EVP_CIPH_NO_PADDING 0x100 +/* cipher handles random key generation */ +# define EVP_CIPH_RAND_KEY 0x200 +/* cipher has its own additional copying logic */ +# define EVP_CIPH_CUSTOM_COPY 0x400 +/* Don't use standard iv length function */ +# define EVP_CIPH_CUSTOM_IV_LENGTH 0x800 +/* Allow use default ASN1 get/set iv */ +# define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 +/* Buffer length in bits not bytes: CFB1 mode only */ +# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 +/* Note if suitable for use in FIPS mode */ +# define EVP_CIPH_FLAG_FIPS 0x4000 +/* Allow non FIPS cipher in FIPS mode */ +# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 +/* + * Cipher handles any and all padding logic as well as finalisation. + */ +# define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 +# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 +/* Cipher can handle pipeline operations */ +# define EVP_CIPH_FLAG_PIPELINE 0X800000 + +/* + * Cipher context flag to indicate we can handle wrap mode: if allowed in + * older applications it could overflow buffers. + */ + +# define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 + +/* ctrl() values */ + +# define EVP_CTRL_INIT 0x0 +# define EVP_CTRL_SET_KEY_LENGTH 0x1 +# define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +# define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +# define EVP_CTRL_GET_RC5_ROUNDS 0x4 +# define EVP_CTRL_SET_RC5_ROUNDS 0x5 +# define EVP_CTRL_RAND_KEY 0x6 +# define EVP_CTRL_PBE_PRF_NID 0x7 +# define EVP_CTRL_COPY 0x8 +# define EVP_CTRL_AEAD_SET_IVLEN 0x9 +# define EVP_CTRL_AEAD_GET_TAG 0x10 +# define EVP_CTRL_AEAD_SET_TAG 0x11 +# define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_GCM_IV_GEN 0x13 +# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_CCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_CCM_SET_L 0x14 +# define EVP_CTRL_CCM_SET_MSGLEN 0x15 +/* + * AEAD cipher deduces payload length and returns number of bytes required to + * store MAC and eventual padding. Subsequent call to EVP_Cipher even + * appends/verifies MAC. + */ +# define EVP_CTRL_AEAD_TLS1_AAD 0x16 +/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ +# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 +/* Set the GCM invocation field, decrypt only */ +# define EVP_CTRL_GCM_SET_IV_INV 0x18 + +# define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 +# define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a +# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b +# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c + +# define EVP_CTRL_SSL3_MASTER_SECRET 0x1d + +/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */ +# define EVP_CTRL_SET_SBOX 0x1e +/* + * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a + * pre-allocated buffer with specified size + */ +# define EVP_CTRL_SBOX_USED 0x1f +/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after, + * 0 switches meshing off + */ +# define EVP_CTRL_KEY_MESH 0x20 +/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */ +# define EVP_CTRL_BLOCK_PADDING_MODE 0x21 + +/* Set the output buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS 0x22 +/* Set the input buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23 +/* Set the input buffer lengths to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 + +# define EVP_CTRL_GET_IVLEN 0x25 + +/* Padding modes */ +#define EVP_PADDING_PKCS7 1 +#define EVP_PADDING_ISO7816_4 2 +#define EVP_PADDING_ANSI923 3 +#define EVP_PADDING_ISO10126 4 +#define EVP_PADDING_ZERO 5 + +/* RFC 5246 defines additional data to be 13 bytes in length */ +# define EVP_AEAD_TLS1_AAD_LEN 13 + +typedef struct { + unsigned char *out; + const unsigned char *inp; + size_t len; + unsigned int interleave; +} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM; + +/* GCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_GCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 +/* Length of tag for TLS */ +# define EVP_GCM_TLS_TAG_LEN 16 + +/* CCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_CCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 +/* Total length of CCM IV length for TLS */ +# define EVP_CCM_TLS_IV_LEN 12 +/* Length of tag for TLS */ +# define EVP_CCM_TLS_TAG_LEN 16 +/* Length of CCM8 tag for TLS */ +# define EVP_CCM8_TLS_TAG_LEN 8 + +/* Length of tag for TLS */ +# define EVP_CHACHAPOLY_TLS_TAG_LEN 16 + +typedef struct evp_cipher_info_st { + const EVP_CIPHER *cipher; + unsigned char iv[EVP_MAX_IV_LENGTH]; +} EVP_CIPHER_INFO; + + +/* Password based encryption function */ +typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de); + +# ifndef OPENSSL_NO_RSA +# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) +# endif + +# ifndef OPENSSL_NO_DSA +# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (char *)(dsa)) +# endif + +# ifndef OPENSSL_NO_DH +# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ + (char *)(dh)) +# endif + +# ifndef OPENSSL_NO_EC +# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ + (char *)(eckey)) +# endif +# ifndef OPENSSL_NO_SIPHASH +# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),EVP_PKEY_SIPHASH,\ + (char *)(shkey)) +# endif + +# ifndef OPENSSL_NO_POLY1305 +# define EVP_PKEY_assign_POLY1305(pkey,polykey) EVP_PKEY_assign((pkey),EVP_PKEY_POLY1305,\ + (char *)(polykey)) +# endif + +/* Add some extra combinations */ +# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + +int EVP_MD_type(const EVP_MD *md); +# define EVP_MD_nid(e) EVP_MD_type(e) +# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) +int EVP_MD_pkey_type(const EVP_MD *md); +int EVP_MD_size(const EVP_MD *md); +int EVP_MD_block_size(const EVP_MD *md); +unsigned long EVP_MD_flags(const EVP_MD *md); + +const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count); +void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update) (EVP_MD_CTX *ctx, + const void *data, size_t count)); +# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) +EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); + +int EVP_CIPHER_nid(const EVP_CIPHER *cipher); +# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) +int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); +int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); +unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); +# define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) + +const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); +void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +# if OPENSSL_API_COMPAT < 0x10100000L +# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c)) +# endif +# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c)) + +# define EVP_ENCODE_LENGTH(l) ((((l)+2)/3*4)+((l)/48+1)*2+80) +# define EVP_DECODE_LENGTH(l) (((l)+3)/4*3+80) + +# define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_SignInit(a,b) EVP_DigestInit(a,b) +# define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) +# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) +# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) +# define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) + +# ifdef CONST_STRICT +void BIO_set_md(BIO *, const EVP_MD *md); +# else +# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)(md)) +# endif +# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)(mdp)) +# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0, \ + (char *)(mdcp)) +# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0, \ + (char *)(mdcp)) +# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) +# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0, \ + (char *)(c_pp)) + +/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, + unsigned char *out, + const unsigned char *in, unsigned int inl); + +# define EVP_add_cipher_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_add_digest_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_delete_cipher_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); +# define EVP_delete_digest_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); + +int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +EVP_MD_CTX *EVP_MD_CTX_new(void); +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +# define EVP_MD_CTX_create() EVP_MD_CTX_new() +# define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) +# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx)) +__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); +__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, + ENGINE *impl); +__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, + size_t cnt); +__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_Digest(const void *data, size_t count, + unsigned char *md, unsigned int *size, + const EVP_MD *type, ENGINE *impl); + +__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); +__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, + size_t len); + +int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); +int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, + const char *prompt, int verify); +void EVP_set_pw_prompt(const char *prompt); +char *EVP_get_pw_prompt(void); + +__owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, + const unsigned char *data, int datal, int count, + unsigned char *key, unsigned char *iv); + +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); + +__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); +/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); + +__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, + int enc); +/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv, int enc); +__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + EVP_PKEY *pkey); + +__owur int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen, const unsigned char *tbs, + size_t tbslen); + +__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey); + +__owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + +/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen); + +__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen); + +# ifndef OPENSSL_NO_RSA +__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, + const unsigned char *iv, EVP_PKEY *priv); +__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); +__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +# endif + +EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx); +int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned + char *out, int *outl); +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) +# define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) +# endif +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); + +const BIO_METHOD *BIO_f_md(void); +const BIO_METHOD *BIO_f_base64(void); +const BIO_METHOD *BIO_f_cipher(void); +const BIO_METHOD *BIO_f_reliable(void); +__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int enc); + +const EVP_MD *EVP_md_null(void); +# ifndef OPENSSL_NO_MD2 +const EVP_MD *EVP_md2(void); +# endif +# ifndef OPENSSL_NO_MD4 +const EVP_MD *EVP_md4(void); +# endif +# ifndef OPENSSL_NO_MD5 +const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_md5_sha1(void); +# endif +# ifndef OPENSSL_NO_BLAKE2 +const EVP_MD *EVP_blake2b512(void); +const EVP_MD *EVP_blake2s256(void); +# endif +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); +const EVP_MD *EVP_sha512_224(void); +const EVP_MD *EVP_sha512_256(void); +const EVP_MD *EVP_sha3_224(void); +const EVP_MD *EVP_sha3_256(void); +const EVP_MD *EVP_sha3_384(void); +const EVP_MD *EVP_sha3_512(void); +const EVP_MD *EVP_shake128(void); +const EVP_MD *EVP_shake256(void); +# ifndef OPENSSL_NO_MDC2 +const EVP_MD *EVP_mdc2(void); +# endif +# ifndef OPENSSL_NO_RMD160 +const EVP_MD *EVP_ripemd160(void); +# endif +# ifndef OPENSSL_NO_WHIRLPOOL +const EVP_MD *EVP_whirlpool(void); +# endif +# ifndef OPENSSL_NO_SM3 +const EVP_MD *EVP_sm3(void); +# endif +const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +# ifndef OPENSSL_NO_DES +const EVP_CIPHER *EVP_des_ecb(void); +const EVP_CIPHER *EVP_des_ede(void); +const EVP_CIPHER *EVP_des_ede3(void); +const EVP_CIPHER *EVP_des_ede_ecb(void); +const EVP_CIPHER *EVP_des_ede3_ecb(void); +const EVP_CIPHER *EVP_des_cfb64(void); +# define EVP_des_cfb EVP_des_cfb64 +const EVP_CIPHER *EVP_des_cfb1(void); +const EVP_CIPHER *EVP_des_cfb8(void); +const EVP_CIPHER *EVP_des_ede_cfb64(void); +# define EVP_des_ede_cfb EVP_des_ede_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb64(void); +# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb1(void); +const EVP_CIPHER *EVP_des_ede3_cfb8(void); +const EVP_CIPHER *EVP_des_ofb(void); +const EVP_CIPHER *EVP_des_ede_ofb(void); +const EVP_CIPHER *EVP_des_ede3_ofb(void); +const EVP_CIPHER *EVP_des_cbc(void); +const EVP_CIPHER *EVP_des_ede_cbc(void); +const EVP_CIPHER *EVP_des_ede3_cbc(void); +const EVP_CIPHER *EVP_desx_cbc(void); +const EVP_CIPHER *EVP_des_ede3_wrap(void); +/* + * This should now be supported through the dev_crypto ENGINE. But also, why + * are rc4 and md5 declarations made here inside a "NO_DES" precompiler + * branch? + */ +# endif +# ifndef OPENSSL_NO_RC4 +const EVP_CIPHER *EVP_rc4(void); +const EVP_CIPHER *EVP_rc4_40(void); +# ifndef OPENSSL_NO_MD5 +const EVP_CIPHER *EVP_rc4_hmac_md5(void); +# endif +# endif +# ifndef OPENSSL_NO_IDEA +const EVP_CIPHER *EVP_idea_ecb(void); +const EVP_CIPHER *EVP_idea_cfb64(void); +# define EVP_idea_cfb EVP_idea_cfb64 +const EVP_CIPHER *EVP_idea_ofb(void); +const EVP_CIPHER *EVP_idea_cbc(void); +# endif +# ifndef OPENSSL_NO_RC2 +const EVP_CIPHER *EVP_rc2_ecb(void); +const EVP_CIPHER *EVP_rc2_cbc(void); +const EVP_CIPHER *EVP_rc2_40_cbc(void); +const EVP_CIPHER *EVP_rc2_64_cbc(void); +const EVP_CIPHER *EVP_rc2_cfb64(void); +# define EVP_rc2_cfb EVP_rc2_cfb64 +const EVP_CIPHER *EVP_rc2_ofb(void); +# endif +# ifndef OPENSSL_NO_BF +const EVP_CIPHER *EVP_bf_ecb(void); +const EVP_CIPHER *EVP_bf_cbc(void); +const EVP_CIPHER *EVP_bf_cfb64(void); +# define EVP_bf_cfb EVP_bf_cfb64 +const EVP_CIPHER *EVP_bf_ofb(void); +# endif +# ifndef OPENSSL_NO_CAST +const EVP_CIPHER *EVP_cast5_ecb(void); +const EVP_CIPHER *EVP_cast5_cbc(void); +const EVP_CIPHER *EVP_cast5_cfb64(void); +# define EVP_cast5_cfb EVP_cast5_cfb64 +const EVP_CIPHER *EVP_cast5_ofb(void); +# endif +# ifndef OPENSSL_NO_RC5 +const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); +# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 +const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); +# endif +const EVP_CIPHER *EVP_aes_128_ecb(void); +const EVP_CIPHER *EVP_aes_128_cbc(void); +const EVP_CIPHER *EVP_aes_128_cfb1(void); +const EVP_CIPHER *EVP_aes_128_cfb8(void); +const EVP_CIPHER *EVP_aes_128_cfb128(void); +# define EVP_aes_128_cfb EVP_aes_128_cfb128 +const EVP_CIPHER *EVP_aes_128_ofb(void); +const EVP_CIPHER *EVP_aes_128_ctr(void); +const EVP_CIPHER *EVP_aes_128_ccm(void); +const EVP_CIPHER *EVP_aes_128_gcm(void); +const EVP_CIPHER *EVP_aes_128_xts(void); +const EVP_CIPHER *EVP_aes_128_wrap(void); +const EVP_CIPHER *EVP_aes_128_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_128_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_192_ecb(void); +const EVP_CIPHER *EVP_aes_192_cbc(void); +const EVP_CIPHER *EVP_aes_192_cfb1(void); +const EVP_CIPHER *EVP_aes_192_cfb8(void); +const EVP_CIPHER *EVP_aes_192_cfb128(void); +# define EVP_aes_192_cfb EVP_aes_192_cfb128 +const EVP_CIPHER *EVP_aes_192_ofb(void); +const EVP_CIPHER *EVP_aes_192_ctr(void); +const EVP_CIPHER *EVP_aes_192_ccm(void); +const EVP_CIPHER *EVP_aes_192_gcm(void); +const EVP_CIPHER *EVP_aes_192_wrap(void); +const EVP_CIPHER *EVP_aes_192_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_192_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_256_ecb(void); +const EVP_CIPHER *EVP_aes_256_cbc(void); +const EVP_CIPHER *EVP_aes_256_cfb1(void); +const EVP_CIPHER *EVP_aes_256_cfb8(void); +const EVP_CIPHER *EVP_aes_256_cfb128(void); +# define EVP_aes_256_cfb EVP_aes_256_cfb128 +const EVP_CIPHER *EVP_aes_256_ofb(void); +const EVP_CIPHER *EVP_aes_256_ctr(void); +const EVP_CIPHER *EVP_aes_256_ccm(void); +const EVP_CIPHER *EVP_aes_256_gcm(void); +const EVP_CIPHER *EVP_aes_256_xts(void); +const EVP_CIPHER *EVP_aes_256_wrap(void); +const EVP_CIPHER *EVP_aes_256_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_256_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); +# ifndef OPENSSL_NO_ARIA +const EVP_CIPHER *EVP_aria_128_ecb(void); +const EVP_CIPHER *EVP_aria_128_cbc(void); +const EVP_CIPHER *EVP_aria_128_cfb1(void); +const EVP_CIPHER *EVP_aria_128_cfb8(void); +const EVP_CIPHER *EVP_aria_128_cfb128(void); +# define EVP_aria_128_cfb EVP_aria_128_cfb128 +const EVP_CIPHER *EVP_aria_128_ctr(void); +const EVP_CIPHER *EVP_aria_128_ofb(void); +const EVP_CIPHER *EVP_aria_128_gcm(void); +const EVP_CIPHER *EVP_aria_128_ccm(void); +const EVP_CIPHER *EVP_aria_192_ecb(void); +const EVP_CIPHER *EVP_aria_192_cbc(void); +const EVP_CIPHER *EVP_aria_192_cfb1(void); +const EVP_CIPHER *EVP_aria_192_cfb8(void); +const EVP_CIPHER *EVP_aria_192_cfb128(void); +# define EVP_aria_192_cfb EVP_aria_192_cfb128 +const EVP_CIPHER *EVP_aria_192_ctr(void); +const EVP_CIPHER *EVP_aria_192_ofb(void); +const EVP_CIPHER *EVP_aria_192_gcm(void); +const EVP_CIPHER *EVP_aria_192_ccm(void); +const EVP_CIPHER *EVP_aria_256_ecb(void); +const EVP_CIPHER *EVP_aria_256_cbc(void); +const EVP_CIPHER *EVP_aria_256_cfb1(void); +const EVP_CIPHER *EVP_aria_256_cfb8(void); +const EVP_CIPHER *EVP_aria_256_cfb128(void); +# define EVP_aria_256_cfb EVP_aria_256_cfb128 +const EVP_CIPHER *EVP_aria_256_ctr(void); +const EVP_CIPHER *EVP_aria_256_ofb(void); +const EVP_CIPHER *EVP_aria_256_gcm(void); +const EVP_CIPHER *EVP_aria_256_ccm(void); +# endif +# ifndef OPENSSL_NO_CAMELLIA +const EVP_CIPHER *EVP_camellia_128_ecb(void); +const EVP_CIPHER *EVP_camellia_128_cbc(void); +const EVP_CIPHER *EVP_camellia_128_cfb1(void); +const EVP_CIPHER *EVP_camellia_128_cfb8(void); +const EVP_CIPHER *EVP_camellia_128_cfb128(void); +# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_128_ctr(void); +const EVP_CIPHER *EVP_camellia_192_ecb(void); +const EVP_CIPHER *EVP_camellia_192_cbc(void); +const EVP_CIPHER *EVP_camellia_192_cfb1(void); +const EVP_CIPHER *EVP_camellia_192_cfb8(void); +const EVP_CIPHER *EVP_camellia_192_cfb128(void); +# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ctr(void); +const EVP_CIPHER *EVP_camellia_256_ecb(void); +const EVP_CIPHER *EVP_camellia_256_cbc(void); +const EVP_CIPHER *EVP_camellia_256_cfb1(void); +const EVP_CIPHER *EVP_camellia_256_cfb8(void); +const EVP_CIPHER *EVP_camellia_256_cfb128(void); +# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +const EVP_CIPHER *EVP_camellia_256_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ctr(void); +# endif +# ifndef OPENSSL_NO_CHACHA +const EVP_CIPHER *EVP_chacha20(void); +# ifndef OPENSSL_NO_POLY1305 +const EVP_CIPHER *EVP_chacha20_poly1305(void); +# endif +# endif + +# ifndef OPENSSL_NO_SEED +const EVP_CIPHER *EVP_seed_ecb(void); +const EVP_CIPHER *EVP_seed_cbc(void); +const EVP_CIPHER *EVP_seed_cfb128(void); +# define EVP_seed_cfb EVP_seed_cfb128 +const EVP_CIPHER *EVP_seed_ofb(void); +# endif + +# ifndef OPENSSL_NO_SM4 +const EVP_CIPHER *EVP_sm4_ecb(void); +const EVP_CIPHER *EVP_sm4_cbc(void); +const EVP_CIPHER *EVP_sm4_cfb128(void); +# define EVP_sm4_cfb EVP_sm4_cfb128 +const EVP_CIPHER *EVP_sm4_ofb(void); +const EVP_CIPHER *EVP_sm4_ctr(void); +# endif + +# if OPENSSL_API_COMPAT < 0x10100000L +# define OPENSSL_add_all_algorithms_conf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ + | OPENSSL_INIT_LOAD_CONFIG, NULL) +# define OPENSSL_add_all_algorithms_noconf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# ifdef OPENSSL_LOAD_CONF +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf() +# else +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf() +# endif + +# define OpenSSL_add_all_ciphers() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL) +# define OpenSSL_add_all_digests() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# define EVP_cleanup() while(0) continue +# endif + +int EVP_add_cipher(const EVP_CIPHER *cipher); +int EVP_add_digest(const EVP_MD *digest); + +const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +const EVP_MD *EVP_get_digestbyname(const char *name); + +void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_CIPHER_do_all_sorted(void (*fn) + (const EVP_CIPHER *ciph, const char *from, + const char *to, void *x), void *arg); + +void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_MD_do_all_sorted(void (*fn) + (const EVP_MD *ciph, const char *from, + const char *to, void *x), void *arg); + +int EVP_PKEY_decrypt_old(unsigned char *dec_key, + const unsigned char *enc_key, int enc_key_len, + EVP_PKEY *private_key); +int EVP_PKEY_encrypt_old(unsigned char *enc_key, + const unsigned char *key, int key_len, + EVP_PKEY *pub_key); +int EVP_PKEY_type(int type); +int EVP_PKEY_id(const EVP_PKEY *pkey); +int EVP_PKEY_base_id(const EVP_PKEY *pkey); +int EVP_PKEY_bits(const EVP_PKEY *pkey); +int EVP_PKEY_security_bits(const EVP_PKEY *pkey); +int EVP_PKEY_size(const EVP_PKEY *pkey); +int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); +int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); +# ifndef OPENSSL_NO_ENGINE +int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); +ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); +# endif +int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); +void *EVP_PKEY_get0(const EVP_PKEY *pkey); +const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); +# ifndef OPENSSL_NO_POLY1305 +const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); +# endif +# ifndef OPENSSL_NO_SIPHASH +const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); +# endif + +# ifndef OPENSSL_NO_RSA +struct rsa_st; +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); +struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); +struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DSA +struct dsa_st; +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); +struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); +struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DH +struct dh_st; +int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); +struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey); +struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_EC +struct ec_key_st; +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); +struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); +struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +# endif + +EVP_PKEY *EVP_PKEY_new(void); +int EVP_PKEY_up_ref(EVP_PKEY *pkey); +void EVP_PKEY_free(EVP_PKEY *pkey); + +EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); + +EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); + +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); + +int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, + const unsigned char *pt, size_t ptlen); +size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt); + +int EVP_CIPHER_type(const EVP_CIPHER *ctx); + +/* calls methods */ +int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* These are used by EVP_CIPHER methods */ +int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* PKCS5 password based encryption */ +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); +int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out); +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, unsigned char *out); +int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); + +#ifndef OPENSSL_NO_SCRYPT +int EVP_PBE_scrypt(const char *pass, size_t passlen, + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen); + +int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de); +#endif + +void PKCS5_PBE_add(void); + +int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + +/* PBE type */ + +/* Can appear as the outermost AlgorithmIdentifier */ +# define EVP_PBE_TYPE_OUTER 0x0 +/* Is an PRF type OID */ +# define EVP_PBE_TYPE_PRF 0x1 +/* Is a PKCS#5 v2.0 KDF */ +# define EVP_PBE_TYPE_KDF 0x2 + +int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, + int md_nid, EVP_PBE_KEYGEN *keygen); +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen); +int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, + EVP_PBE_KEYGEN **pkeygen); +void EVP_PBE_cleanup(void); +int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); + +# define ASN1_PKEY_ALIAS 0x1 +# define ASN1_PKEY_DYNAMIC 0x2 +# define ASN1_PKEY_SIGPARAM_NULL 0x4 + +# define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 +# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 +# define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 +# define ASN1_PKEY_CTRL_CMS_SIGN 0x5 +# define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 +# define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 + +# define ASN1_PKEY_CTRL_SET1_TLS_ENCPT 0x9 +# define ASN1_PKEY_CTRL_GET1_TLS_ENCPT 0xa + +int EVP_PKEY_asn1_get_count(void); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); +int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +int EVP_PKEY_asn1_add_alias(int to, int from); +int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, + int *ppkey_flags, const char **pinfo, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); +EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, + const char *pem_str, + const char *info); +void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + const EVP_PKEY_ASN1_METHOD *src); +void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pub_decode) (EVP_PKEY *pk, + X509_PUBKEY *pub), + int (*pub_encode) (X509_PUBKEY *pub, + const EVP_PKEY *pk), + int (*pub_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*pub_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx), + int (*pkey_size) (const EVP_PKEY *pk), + int (*pkey_bits) (const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode) (EVP_PKEY *pk, + const PKCS8_PRIV_KEY_INFO + *p8inf), + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, + const EVP_PKEY *pk), + int (*priv_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); +void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, + int (*param_decode) (EVP_PKEY *pkey, + const unsigned char **pder, + int derlen), + int (*param_encode) (const EVP_PKEY *pkey, + unsigned char **pder), + int (*param_missing) (const EVP_PKEY *pk), + int (*param_copy) (EVP_PKEY *to, + const EVP_PKEY *from), + int (*param_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*param_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); + +void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, + void (*pkey_free) (EVP_PKEY *pkey)); +void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, + long arg1, void *arg2)); +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); + +void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, + int (*siginf_set) (X509_SIG_INFO *siginf, + const X509_ALGOR *alg, + const ASN1_STRING *sig)); + +void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_pub_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_param_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_priv_key) (EVP_PKEY *pk, + const unsigned char + *priv, + size_t len)); +void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_pub_key) (EVP_PKEY *pk, + const unsigned char *pub, + size_t len)); +void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_priv_key) (const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)); +void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_pub_key) (const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)); + +void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits) (const EVP_PKEY + *pk)); + +# define EVP_PKEY_OP_UNDEFINED 0 +# define EVP_PKEY_OP_PARAMGEN (1<<1) +# define EVP_PKEY_OP_KEYGEN (1<<2) +# define EVP_PKEY_OP_SIGN (1<<3) +# define EVP_PKEY_OP_VERIFY (1<<4) +# define EVP_PKEY_OP_VERIFYRECOVER (1<<5) +# define EVP_PKEY_OP_SIGNCTX (1<<6) +# define EVP_PKEY_OP_VERIFYCTX (1<<7) +# define EVP_PKEY_OP_ENCRYPT (1<<8) +# define EVP_PKEY_OP_DECRYPT (1<<9) +# define EVP_PKEY_OP_DERIVE (1<<10) + +# define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +# define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +# define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE) + +# define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) + +# define EVP_PKEY_CTX_set_signature_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_GET_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_mac_key(ctx, key, len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)(key)) + +# define EVP_PKEY_CTRL_MD 1 +# define EVP_PKEY_CTRL_PEER_KEY 2 + +# define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 +# define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 + +# define EVP_PKEY_CTRL_PKCS7_SIGN 5 + +# define EVP_PKEY_CTRL_SET_MAC_KEY 6 + +# define EVP_PKEY_CTRL_DIGESTINIT 7 + +/* Used by GOST key encryption in TLS */ +# define EVP_PKEY_CTRL_SET_IV 8 + +# define EVP_PKEY_CTRL_CMS_ENCRYPT 9 +# define EVP_PKEY_CTRL_CMS_DECRYPT 10 +# define EVP_PKEY_CTRL_CMS_SIGN 11 + +# define EVP_PKEY_CTRL_CIPHER 12 + +# define EVP_PKEY_CTRL_GET_MD 13 + +# define EVP_PKEY_CTRL_SET_DIGEST_SIZE 14 + +# define EVP_PKEY_ALG_CTRL 0x1000 + +# define EVP_PKEY_FLAG_AUTOARGLEN 2 +/* + * Method handles all operations: don't assume any digest related defaults. + */ +# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 + +const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); +void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, + const EVP_PKEY_METHOD *meth); +void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); +size_t EVP_PKEY_meth_get_count(void); +const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); +int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, uint64_t value); + +int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); +int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); + +int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, + const unsigned char *key, int keylen); +EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, + const unsigned char *priv, + size_t len); +EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, + const unsigned char *pub, + size_t len); +int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len); +int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len); + +EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, + size_t len, const EVP_CIPHER *cipher); + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); + +void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init) (EVP_PKEY_CTX *ctx), + int (*paramgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init) (EVP_PKEY_CTX *ctx), + int (*keygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init) (EVP_PKEY_CTX *ctx), + int (*sign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init) (EVP_PKEY_CTX *ctx), + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init) (EVP_PKEY_CTX + *ctx), + int (*verify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*signctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*verifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init) (EVP_PKEY_CTX *ctx), + int (*encryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init) (EVP_PKEY_CTX *ctx), + int (*decrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init) (EVP_PKEY_CTX *ctx), + int (*derive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (*ctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, + int (*digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, + int (*digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, + int (*digest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, + int (**digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, + int (**digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, + int (**pdigest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); +void EVP_add_alg_module(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/evperr.h b/deps/openssl/mingw64/include/openssl/evperr.h new file mode 100644 index 00000000..d2b26ea5 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/evperr.h @@ -0,0 +1,205 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EVPERR_H +# define HEADER_EVPERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EVP_strings(void); + +/* + * EVP function codes. + */ +# define EVP_F_AESNI_INIT_KEY 165 +# define EVP_F_AESNI_XTS_INIT_KEY 207 +# define EVP_F_AES_GCM_CTRL 196 +# define EVP_F_AES_INIT_KEY 133 +# define EVP_F_AES_OCB_CIPHER 169 +# define EVP_F_AES_T4_INIT_KEY 178 +# define EVP_F_AES_T4_XTS_INIT_KEY 208 +# define EVP_F_AES_WRAP_CIPHER 170 +# define EVP_F_AES_XTS_INIT_KEY 209 +# define EVP_F_ALG_MODULE_INIT 177 +# define EVP_F_ARIA_CCM_INIT_KEY 175 +# define EVP_F_ARIA_GCM_CTRL 197 +# define EVP_F_ARIA_GCM_INIT_KEY 176 +# define EVP_F_ARIA_INIT_KEY 185 +# define EVP_F_B64_NEW 198 +# define EVP_F_CAMELLIA_INIT_KEY 159 +# define EVP_F_CHACHA20_POLY1305_CTRL 182 +# define EVP_F_CMLL_T4_INIT_KEY 179 +# define EVP_F_DES_EDE3_WRAP_CIPHER 171 +# define EVP_F_DO_SIGVER_INIT 161 +# define EVP_F_ENC_NEW 199 +# define EVP_F_EVP_CIPHERINIT_EX 123 +# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 204 +# define EVP_F_EVP_CIPHER_CTX_COPY 163 +# define EVP_F_EVP_CIPHER_CTX_CTRL 124 +# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 +# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 205 +# define EVP_F_EVP_DECRYPTFINAL_EX 101 +# define EVP_F_EVP_DECRYPTUPDATE 166 +# define EVP_F_EVP_DIGESTFINALXOF 174 +# define EVP_F_EVP_DIGESTINIT_EX 128 +# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 +# define EVP_F_EVP_ENCRYPTFINAL_EX 127 +# define EVP_F_EVP_ENCRYPTUPDATE 167 +# define EVP_F_EVP_MD_CTX_COPY_EX 110 +# define EVP_F_EVP_MD_SIZE 162 +# define EVP_F_EVP_OPENINIT 102 +# define EVP_F_EVP_PBE_ALG_ADD 115 +# define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 +# define EVP_F_EVP_PBE_CIPHERINIT 116 +# define EVP_F_EVP_PBE_SCRYPT 181 +# define EVP_F_EVP_PKCS82PKEY 111 +# define EVP_F_EVP_PKEY2PKCS8 113 +# define EVP_F_EVP_PKEY_ASN1_ADD0 188 +# define EVP_F_EVP_PKEY_CHECK 186 +# define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +# define EVP_F_EVP_PKEY_CTX_CTRL 137 +# define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 +# define EVP_F_EVP_PKEY_CTX_DUP 156 +# define EVP_F_EVP_PKEY_CTX_MD 168 +# define EVP_F_EVP_PKEY_DECRYPT 104 +# define EVP_F_EVP_PKEY_DECRYPT_INIT 138 +# define EVP_F_EVP_PKEY_DECRYPT_OLD 151 +# define EVP_F_EVP_PKEY_DERIVE 153 +# define EVP_F_EVP_PKEY_DERIVE_INIT 154 +# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 +# define EVP_F_EVP_PKEY_ENCRYPT 105 +# define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 +# define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 +# define EVP_F_EVP_PKEY_GET0_DH 119 +# define EVP_F_EVP_PKEY_GET0_DSA 120 +# define EVP_F_EVP_PKEY_GET0_EC_KEY 131 +# define EVP_F_EVP_PKEY_GET0_HMAC 183 +# define EVP_F_EVP_PKEY_GET0_POLY1305 184 +# define EVP_F_EVP_PKEY_GET0_RSA 121 +# define EVP_F_EVP_PKEY_GET0_SIPHASH 172 +# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY 202 +# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY 203 +# define EVP_F_EVP_PKEY_KEYGEN 146 +# define EVP_F_EVP_PKEY_KEYGEN_INIT 147 +# define EVP_F_EVP_PKEY_METH_ADD0 194 +# define EVP_F_EVP_PKEY_METH_NEW 195 +# define EVP_F_EVP_PKEY_NEW 106 +# define EVP_F_EVP_PKEY_NEW_CMAC_KEY 193 +# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 191 +# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY 192 +# define EVP_F_EVP_PKEY_PARAMGEN 148 +# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 +# define EVP_F_EVP_PKEY_PARAM_CHECK 189 +# define EVP_F_EVP_PKEY_PUBLIC_CHECK 190 +# define EVP_F_EVP_PKEY_SET1_ENGINE 187 +# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE 206 +# define EVP_F_EVP_PKEY_SIGN 140 +# define EVP_F_EVP_PKEY_SIGN_INIT 141 +# define EVP_F_EVP_PKEY_VERIFY 142 +# define EVP_F_EVP_PKEY_VERIFY_INIT 143 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 +# define EVP_F_EVP_SIGNFINAL 107 +# define EVP_F_EVP_VERIFYFINAL 108 +# define EVP_F_INT_CTX_NEW 157 +# define EVP_F_OK_NEW 200 +# define EVP_F_PKCS5_PBE_KEYIVGEN 117 +# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 +# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 +# define EVP_F_PKEY_SET_TYPE 158 +# define EVP_F_RC2_MAGIC_TO_METH 109 +# define EVP_F_RC5_CTRL 125 +# define EVP_F_R_32_12_16_INIT_KEY 242 +# define EVP_F_S390X_AES_GCM_CTRL 201 +# define EVP_F_UPDATE 173 + +/* + * EVP reason codes. + */ +# define EVP_R_AES_KEY_SETUP_FAILED 143 +# define EVP_R_ARIA_KEY_SETUP_FAILED 176 +# define EVP_R_BAD_DECRYPT 100 +# define EVP_R_BAD_KEY_LENGTH 195 +# define EVP_R_BUFFER_TOO_SMALL 155 +# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +# define EVP_R_CIPHER_PARAMETER_ERROR 122 +# define EVP_R_COMMAND_NOT_SUPPORTED 147 +# define EVP_R_COPY_ERROR 173 +# define EVP_R_CTRL_NOT_IMPLEMENTED 132 +# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 +# define EVP_R_DECODE_ERROR 114 +# define EVP_R_DIFFERENT_KEY_TYPES 101 +# define EVP_R_DIFFERENT_PARAMETERS 153 +# define EVP_R_ERROR_LOADING_SECTION 165 +# define EVP_R_ERROR_SETTING_FIPS_MODE 166 +# define EVP_R_EXPECTING_AN_HMAC_KEY 174 +# define EVP_R_EXPECTING_AN_RSA_KEY 127 +# define EVP_R_EXPECTING_A_DH_KEY 128 +# define EVP_R_EXPECTING_A_DSA_KEY 129 +# define EVP_R_EXPECTING_A_EC_KEY 142 +# define EVP_R_EXPECTING_A_POLY1305_KEY 164 +# define EVP_R_EXPECTING_A_SIPHASH_KEY 175 +# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 +# define EVP_R_GET_RAW_KEY_FAILED 182 +# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 +# define EVP_R_INITIALIZATION_ERROR 134 +# define EVP_R_INPUT_NOT_INITIALIZED 111 +# define EVP_R_INVALID_DIGEST 152 +# define EVP_R_INVALID_FIPS_MODE 168 +# define EVP_R_INVALID_IV_LENGTH 194 +# define EVP_R_INVALID_KEY 163 +# define EVP_R_INVALID_KEY_LENGTH 130 +# define EVP_R_INVALID_OPERATION 148 +# define EVP_R_KEYGEN_FAILURE 120 +# define EVP_R_KEY_SETUP_FAILED 180 +# define EVP_R_MEMORY_LIMIT_EXCEEDED 172 +# define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +# define EVP_R_METHOD_NOT_SUPPORTED 144 +# define EVP_R_MISSING_PARAMETERS 103 +# define EVP_R_NOT_XOF_OR_INVALID_LENGTH 178 +# define EVP_R_NO_CIPHER_SET 131 +# define EVP_R_NO_DEFAULT_DIGEST 158 +# define EVP_R_NO_DIGEST_SET 139 +# define EVP_R_NO_KEY_SET 154 +# define EVP_R_NO_OPERATION_SET 149 +# define EVP_R_ONLY_ONESHOT_SUPPORTED 177 +# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +# define EVP_R_OPERATON_NOT_INITIALIZED 151 +# define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PBKDF2_ERROR 181 +# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 +# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 +# define EVP_R_PUBLIC_KEY_NOT_RSA 106 +# define EVP_R_UNKNOWN_CIPHER 160 +# define EVP_R_UNKNOWN_DIGEST 161 +# define EVP_R_UNKNOWN_OPTION 169 +# define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +# define EVP_R_UNSUPPORTED_ALGORITHM 156 +# define EVP_R_UNSUPPORTED_CIPHER 107 +# define EVP_R_UNSUPPORTED_KEYLENGTH 123 +# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +# define EVP_R_UNSUPPORTED_KEY_SIZE 108 +# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 +# define EVP_R_UNSUPPORTED_PRF 125 +# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +# define EVP_R_UNSUPPORTED_SALT_TYPE 126 +# define EVP_R_WRAP_MODE_NOT_ALLOWED 170 +# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +# define EVP_R_XTS_DUPLICATED_KEYS 183 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/hmac.h b/deps/openssl/mingw64/include/openssl/hmac.h new file mode 100644 index 00000000..458efc1d --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/hmac.h @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_HMAC_H +# define HEADER_HMAC_H + +# include + +# include + +# if OPENSSL_API_COMPAT < 0x10200000L +# define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */ +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +size_t HMAC_size(const HMAC_CTX *e); +HMAC_CTX *HMAC_CTX_new(void); +int HMAC_CTX_reset(HMAC_CTX *ctx); +void HMAC_CTX_free(HMAC_CTX *ctx); + +DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md)) + +/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md, ENGINE *impl); +/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, + size_t len); +/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, + unsigned int *len); +unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + const unsigned char *d, size_t n, unsigned char *md, + unsigned int *md_len); +__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); + +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); +const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/idea.h b/deps/openssl/mingw64/include/openssl/idea.h new file mode 100644 index 00000000..4334f3ea --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/idea.h @@ -0,0 +1,64 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_IDEA_H +# define HEADER_IDEA_H + +# include + +# ifndef OPENSSL_NO_IDEA +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned int IDEA_INT; + +# define IDEA_ENCRYPT 1 +# define IDEA_DECRYPT 0 + +# define IDEA_BLOCK 8 +# define IDEA_KEY_LENGTH 16 + +typedef struct idea_key_st { + IDEA_INT data[9][6]; +} IDEA_KEY_SCHEDULE; + +const char *IDEA_options(void); +void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out, + IDEA_KEY_SCHEDULE *ks); +void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); +void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int enc); +void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num, int enc); +void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num); +void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define idea_options IDEA_options +# define idea_ecb_encrypt IDEA_ecb_encrypt +# define idea_set_encrypt_key IDEA_set_encrypt_key +# define idea_set_decrypt_key IDEA_set_decrypt_key +# define idea_cbc_encrypt IDEA_cbc_encrypt +# define idea_cfb64_encrypt IDEA_cfb64_encrypt +# define idea_ofb64_encrypt IDEA_ofb64_encrypt +# define idea_encrypt IDEA_encrypt +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/kdf.h b/deps/openssl/mingw64/include/openssl/kdf.h new file mode 100644 index 00000000..5abd4c37 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/kdf.h @@ -0,0 +1,97 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_KDF_H +# define HEADER_KDF_H + +# include +#ifdef __cplusplus +extern "C" { +#endif + +# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) +# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_PASS (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_SCRYPT_SALT (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_SCRYPT_N (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SCRYPT_R (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_SCRYPT_P (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES (EVP_PKEY_ALG_CTRL + 13) + +# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0 +# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1 +# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2 + +# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)(sec)) + +# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)(seed)) + +# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key)) + +# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info)) + +# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MODE, mode, NULL) + +# define EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, passlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_PASS, passlen, (void *)(pass)) + +# define EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set_scrypt_N(pctx, n) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_N, n) + +# define EVP_PKEY_CTX_set_scrypt_r(pctx, r) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_R, r) + +# define EVP_PKEY_CTX_set_scrypt_p(pctx, p) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_P, p) + +# define EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem_bytes) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes) + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/kdferr.h b/deps/openssl/mingw64/include/openssl/kdferr.h new file mode 100644 index 00000000..3f51bd02 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/kdferr.h @@ -0,0 +1,55 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_KDFERR_H +# define HEADER_KDFERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_KDF_strings(void); + +/* + * KDF function codes. + */ +# define KDF_F_PKEY_HKDF_CTRL_STR 103 +# define KDF_F_PKEY_HKDF_DERIVE 102 +# define KDF_F_PKEY_HKDF_INIT 108 +# define KDF_F_PKEY_SCRYPT_CTRL_STR 104 +# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 105 +# define KDF_F_PKEY_SCRYPT_DERIVE 109 +# define KDF_F_PKEY_SCRYPT_INIT 106 +# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 107 +# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 +# define KDF_F_PKEY_TLS1_PRF_DERIVE 101 +# define KDF_F_PKEY_TLS1_PRF_INIT 110 +# define KDF_F_TLS1_PRF_ALG 111 + +/* + * KDF reason codes. + */ +# define KDF_R_INVALID_DIGEST 100 +# define KDF_R_MISSING_ITERATION_COUNT 109 +# define KDF_R_MISSING_KEY 104 +# define KDF_R_MISSING_MESSAGE_DIGEST 105 +# define KDF_R_MISSING_PARAMETER 101 +# define KDF_R_MISSING_PASS 110 +# define KDF_R_MISSING_SALT 111 +# define KDF_R_MISSING_SECRET 107 +# define KDF_R_MISSING_SEED 106 +# define KDF_R_UNKNOWN_PARAMETER_TYPE 103 +# define KDF_R_VALUE_ERROR 108 +# define KDF_R_VALUE_MISSING 102 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/lhash.h b/deps/openssl/mingw64/include/openssl/lhash.h new file mode 100644 index 00000000..2e42d727 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/lhash.h @@ -0,0 +1,241 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Header for dynamic hash table routines Author - Eric Young + */ + +#ifndef HEADER_LHASH_H +# define HEADER_LHASH_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct lhash_node_st OPENSSL_LH_NODE; +typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *); +typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *); +typedef void (*OPENSSL_LH_DOALL_FUNC) (void *); +typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *); +typedef struct lhash_st OPENSSL_LHASH; + +/* + * Macros for declaring and implementing type-safe wrappers for LHASH + * callbacks. This way, callbacks can be provided to LHASH structures without + * function pointer casting and the macro-defined callbacks provide + * per-variable casting before deferring to the underlying type-specific + * callbacks. NB: It is possible to place a "static" in front of both the + * DECLARE and IMPLEMENT macros if the functions are strictly internal. + */ + +/* First: "hash" functions */ +# define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) { \ + const o_type *a = arg; \ + return name##_hash(a); } +# define LHASH_HASH_FN(name) name##_LHASH_HASH + +/* Second: "compare" functions */ +# define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a,b); } +# define LHASH_COMP_FN(name) name##_LHASH_COMP + +/* Fourth: "doall_arg" functions */ +# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); } +# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + + +# define LH_LOAD_MULT 256 + +int OPENSSL_LH_error(OPENSSL_LHASH *lh); +OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); +void OPENSSL_LH_free(OPENSSL_LHASH *lh); +void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data); +void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data); +void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data); +void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func); +void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg); +unsigned long OPENSSL_LH_strhash(const char *c); +unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh); +unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh); +void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load); + +# ifndef OPENSSL_NO_STDIO +void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); +void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); +void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); +# endif +void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define _LHASH OPENSSL_LHASH +# define LHASH_NODE OPENSSL_LH_NODE +# define lh_error OPENSSL_LH_error +# define lh_new OPENSSL_LH_new +# define lh_free OPENSSL_LH_free +# define lh_insert OPENSSL_LH_insert +# define lh_delete OPENSSL_LH_delete +# define lh_retrieve OPENSSL_LH_retrieve +# define lh_doall OPENSSL_LH_doall +# define lh_doall_arg OPENSSL_LH_doall_arg +# define lh_strhash OPENSSL_LH_strhash +# define lh_num_items OPENSSL_LH_num_items +# ifndef OPENSSL_NO_STDIO +# define lh_stats OPENSSL_LH_stats +# define lh_node_stats OPENSSL_LH_node_stats +# define lh_node_usage_stats OPENSSL_LH_node_usage_stats +# endif +# define lh_stats_bio OPENSSL_LH_stats_bio +# define lh_node_stats_bio OPENSSL_LH_node_stats_bio +# define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio +# endif + +/* Type checking... */ + +# define LHASH_OF(type) struct lhash_st_##type + +# define DEFINE_LHASH_OF(type) \ + LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \ + static ossl_unused ossl_inline LHASH_OF(type) *lh_##type##_new(unsigned long (*hfn)(const type *), \ + int (*cfn)(const type *, const type *)) \ + { \ + return (LHASH_OF(type) *) \ + OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ + } \ + static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ + { \ + OPENSSL_LH_free((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ + { \ + return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ + { \ + OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ + } \ + static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ + void (*doall)(type *)) \ + { \ + OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ + } \ + LHASH_OF(type) + +#define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \ + int_implement_lhash_doall(type, argtype, const type) + +#define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \ + int_implement_lhash_doall(type, argtype, type) + +#define int_implement_lhash_doall(type, argtype, cbargtype) \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ + void (*fn)(cbargtype *, argtype *), \ + argtype *arg) \ + { \ + OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \ + } \ + LHASH_OF(type) + +DEFINE_LHASH_OF(OPENSSL_STRING); +# ifdef _MSC_VER +/* + * push and pop this warning: + * warning C4090: 'function': different 'const' qualifiers + */ +# pragma warning (push) +# pragma warning (disable: 4090) +# endif + +DEFINE_LHASH_OF(OPENSSL_CSTRING); + +# ifdef _MSC_VER +# pragma warning (pop) +# endif + +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_LH_new +# pragma weak OPENSSL_LH_free +# pragma weak OPENSSL_LH_insert +# pragma weak OPENSSL_LH_delete +# pragma weak OPENSSL_LH_retrieve +# pragma weak OPENSSL_LH_error +# pragma weak OPENSSL_LH_num_items +# pragma weak OPENSSL_LH_node_stats_bio +# pragma weak OPENSSL_LH_node_usage_stats_bio +# pragma weak OPENSSL_LH_stats_bio +# pragma weak OPENSSL_LH_get_down_load +# pragma weak OPENSSL_LH_set_down_load +# pragma weak OPENSSL_LH_doall +# pragma weak OPENSSL_LH_doall_arg +# endif /* __SUNPRO_C */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/md2.h b/deps/openssl/mingw64/include/openssl/md2.h new file mode 100644 index 00000000..7faf8e3d --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/md2.h @@ -0,0 +1,44 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MD2_H +# define HEADER_MD2_H + +# include + +# ifndef OPENSSL_NO_MD2 +# include +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned char MD2_INT; + +# define MD2_DIGEST_LENGTH 16 +# define MD2_BLOCK 16 + +typedef struct MD2state_st { + unsigned int num; + unsigned char data[MD2_BLOCK]; + MD2_INT cksm[MD2_BLOCK]; + MD2_INT state[MD2_BLOCK]; +} MD2_CTX; + +const char *MD2_options(void); +int MD2_Init(MD2_CTX *c); +int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); +int MD2_Final(unsigned char *md, MD2_CTX *c); +unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/md4.h b/deps/openssl/mingw64/include/openssl/md4.h new file mode 100644 index 00000000..940e29db --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/md4.h @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MD4_H +# define HEADER_MD4_H + +# include + +# ifndef OPENSSL_NO_MD4 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD4_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD4_LONG unsigned int + +# define MD4_CBLOCK 64 +# define MD4_LBLOCK (MD4_CBLOCK/4) +# define MD4_DIGEST_LENGTH 16 + +typedef struct MD4state_st { + MD4_LONG A, B, C, D; + MD4_LONG Nl, Nh; + MD4_LONG data[MD4_LBLOCK]; + unsigned int num; +} MD4_CTX; + +int MD4_Init(MD4_CTX *c); +int MD4_Update(MD4_CTX *c, const void *data, size_t len); +int MD4_Final(unsigned char *md, MD4_CTX *c); +unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md); +void MD4_Transform(MD4_CTX *c, const unsigned char *b); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/md5.h b/deps/openssl/mingw64/include/openssl/md5.h new file mode 100644 index 00000000..2deb7721 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/md5.h @@ -0,0 +1,50 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MD5_H +# define HEADER_MD5_H + +# include + +# ifndef OPENSSL_NO_MD5 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD5_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD5_LONG unsigned int + +# define MD5_CBLOCK 64 +# define MD5_LBLOCK (MD5_CBLOCK/4) +# define MD5_DIGEST_LENGTH 16 + +typedef struct MD5state_st { + MD5_LONG A, B, C, D; + MD5_LONG Nl, Nh; + MD5_LONG data[MD5_LBLOCK]; + unsigned int num; +} MD5_CTX; + +int MD5_Init(MD5_CTX *c); +int MD5_Update(MD5_CTX *c, const void *data, size_t len); +int MD5_Final(unsigned char *md, MD5_CTX *c); +unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); +void MD5_Transform(MD5_CTX *c, const unsigned char *b); +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/mdc2.h b/deps/openssl/mingw64/include/openssl/mdc2.h new file mode 100644 index 00000000..aabd2bfa --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/mdc2.h @@ -0,0 +1,42 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MDC2_H +# define HEADER_MDC2_H + +# include + +#ifndef OPENSSL_NO_MDC2 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define MDC2_BLOCK 8 +# define MDC2_DIGEST_LENGTH 16 + +typedef struct mdc2_ctx_st { + unsigned int num; + unsigned char data[MDC2_BLOCK]; + DES_cblock h, hh; + int pad_type; /* either 1 or 2, default 1 */ +} MDC2_CTX; + +int MDC2_Init(MDC2_CTX *c); +int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); +int MDC2_Final(unsigned char *md, MDC2_CTX *c); +unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/modes.h b/deps/openssl/mingw64/include/openssl/modes.h new file mode 100644 index 00000000..d544f98d --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/modes.h @@ -0,0 +1,208 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_MODES_H +# define HEADER_MODES_H + +# include + +# ifdef __cplusplus +extern "C" { +# endif +typedef void (*block128_f) (const unsigned char in[16], + unsigned char out[16], const void *key); + +typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); + +typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16]); + +typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); + +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], unsigned int *num, + block128_f block); + +void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], + unsigned int *num, ctr128_f ctr); + +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); + +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +typedef struct gcm128_context GCM128_CONTEXT; + +GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); +void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block); +void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, + size_t len); +int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); + +typedef struct ccm128_context CCM128_CONTEXT; + +void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, + unsigned int M, unsigned int L, void *key, + block128_f block); +int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce, + size_t nlen, size_t mlen); +void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad, + size_t alen); +int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len); + +typedef struct xts128_context XTS128_CONTEXT; + +int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc); + +size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); + +size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); +size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); +size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); + +# ifndef OPENSSL_NO_OCB +typedef struct ocb128_context OCB128_CONTEXT; + +typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); + +OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, + void *keyenc, void *keydec); +int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, + size_t len, size_t taglen); +int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx); +# endif /* OPENSSL_NO_OCB */ + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/obj_mac.h b/deps/openssl/mingw64/include/openssl/obj_mac.h new file mode 100644 index 00000000..483fc050 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/obj_mac.h @@ -0,0 +1,5198 @@ +/* + * WARNING: do not edit! + * Generated by crypto/objects/objects.pl + * + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L + +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 645 +#define OBJ_itu_t 0L + +#define NID_ccitt 404 +#define OBJ_ccitt OBJ_itu_t + +#define SN_iso "ISO" +#define LN_iso "iso" +#define NID_iso 181 +#define OBJ_iso 1L + +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 646 +#define OBJ_joint_iso_itu_t 2L + +#define NID_joint_iso_ccitt 393 +#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t + +#define SN_member_body "member-body" +#define LN_member_body "ISO Member Body" +#define NID_member_body 182 +#define OBJ_member_body OBJ_iso,2L + +#define SN_identified_organization "identified-organization" +#define NID_identified_organization 676 +#define OBJ_identified_organization OBJ_iso,3L + +#define SN_hmac_md5 "HMAC-MD5" +#define LN_hmac_md5 "hmac-md5" +#define NID_hmac_md5 780 +#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L + +#define SN_hmac_sha1 "HMAC-SHA1" +#define LN_hmac_sha1 "hmac-sha1" +#define NID_hmac_sha1 781 +#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L + +#define SN_x509ExtAdmission "x509ExtAdmission" +#define LN_x509ExtAdmission "Professional Information or basis for Admission" +#define NID_x509ExtAdmission 1093 +#define OBJ_x509ExtAdmission OBJ_identified_organization,36L,8L,3L,3L + +#define SN_certicom_arc "certicom-arc" +#define NID_certicom_arc 677 +#define OBJ_certicom_arc OBJ_identified_organization,132L + +#define SN_ieee "ieee" +#define NID_ieee 1170 +#define OBJ_ieee OBJ_identified_organization,111L + +#define SN_ieee_siswg "ieee-siswg" +#define LN_ieee_siswg "IEEE Security in Storage Working Group" +#define NID_ieee_siswg 1171 +#define OBJ_ieee_siswg OBJ_ieee,2L,1619L + +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 647 +#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + +#define SN_wap "wap" +#define NID_wap 678 +#define OBJ_wap OBJ_international_organizations,43L + +#define SN_wap_wsg "wap-wsg" +#define NID_wap_wsg 679 +#define OBJ_wap_wsg OBJ_wap,1L + +#define SN_selected_attribute_types "selected-attribute-types" +#define LN_selected_attribute_types "Selected Attribute Types" +#define NID_selected_attribute_types 394 +#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L + +#define SN_clearance "clearance" +#define NID_clearance 395 +#define OBJ_clearance OBJ_selected_attribute_types,55L + +#define SN_ISO_US "ISO-US" +#define LN_ISO_US "ISO US Member Body" +#define NID_ISO_US 183 +#define OBJ_ISO_US OBJ_member_body,840L + +#define SN_X9_57 "X9-57" +#define LN_X9_57 "X9.57" +#define NID_X9_57 184 +#define OBJ_X9_57 OBJ_ISO_US,10040L + +#define SN_X9cm "X9cm" +#define LN_X9cm "X9.57 CM ?" +#define NID_X9cm 185 +#define OBJ_X9cm OBJ_X9_57,4L + +#define SN_ISO_CN "ISO-CN" +#define LN_ISO_CN "ISO CN Member Body" +#define NID_ISO_CN 1140 +#define OBJ_ISO_CN OBJ_member_body,156L + +#define SN_oscca "oscca" +#define NID_oscca 1141 +#define OBJ_oscca OBJ_ISO_CN,10197L + +#define SN_sm_scheme "sm-scheme" +#define NID_sm_scheme 1142 +#define OBJ_sm_scheme OBJ_oscca,1L + +#define SN_dsa "DSA" +#define LN_dsa "dsaEncryption" +#define NID_dsa 116 +#define OBJ_dsa OBJ_X9cm,1L + +#define SN_dsaWithSHA1 "DSA-SHA1" +#define LN_dsaWithSHA1 "dsaWithSHA1" +#define NID_dsaWithSHA1 113 +#define OBJ_dsaWithSHA1 OBJ_X9cm,3L + +#define SN_ansi_X9_62 "ansi-X9-62" +#define LN_ansi_X9_62 "ANSI X9.62" +#define NID_ansi_X9_62 405 +#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L + +#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L + +#define SN_X9_62_prime_field "prime-field" +#define NID_X9_62_prime_field 406 +#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L + +#define SN_X9_62_characteristic_two_field "characteristic-two-field" +#define NID_X9_62_characteristic_two_field 407 +#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L + +#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" +#define NID_X9_62_id_characteristic_two_basis 680 +#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L + +#define SN_X9_62_onBasis "onBasis" +#define NID_X9_62_onBasis 681 +#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L + +#define SN_X9_62_tpBasis "tpBasis" +#define NID_X9_62_tpBasis 682 +#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L + +#define SN_X9_62_ppBasis "ppBasis" +#define NID_X9_62_ppBasis 683 +#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L + +#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L + +#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" +#define NID_X9_62_id_ecPublicKey 408 +#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L + +#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L + +#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L + +#define SN_X9_62_c2pnb163v1 "c2pnb163v1" +#define NID_X9_62_c2pnb163v1 684 +#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L + +#define SN_X9_62_c2pnb163v2 "c2pnb163v2" +#define NID_X9_62_c2pnb163v2 685 +#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L + +#define SN_X9_62_c2pnb163v3 "c2pnb163v3" +#define NID_X9_62_c2pnb163v3 686 +#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L + +#define SN_X9_62_c2pnb176v1 "c2pnb176v1" +#define NID_X9_62_c2pnb176v1 687 +#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L + +#define SN_X9_62_c2tnb191v1 "c2tnb191v1" +#define NID_X9_62_c2tnb191v1 688 +#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L + +#define SN_X9_62_c2tnb191v2 "c2tnb191v2" +#define NID_X9_62_c2tnb191v2 689 +#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L + +#define SN_X9_62_c2tnb191v3 "c2tnb191v3" +#define NID_X9_62_c2tnb191v3 690 +#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L + +#define SN_X9_62_c2onb191v4 "c2onb191v4" +#define NID_X9_62_c2onb191v4 691 +#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L + +#define SN_X9_62_c2onb191v5 "c2onb191v5" +#define NID_X9_62_c2onb191v5 692 +#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L + +#define SN_X9_62_c2pnb208w1 "c2pnb208w1" +#define NID_X9_62_c2pnb208w1 693 +#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L + +#define SN_X9_62_c2tnb239v1 "c2tnb239v1" +#define NID_X9_62_c2tnb239v1 694 +#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L + +#define SN_X9_62_c2tnb239v2 "c2tnb239v2" +#define NID_X9_62_c2tnb239v2 695 +#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L + +#define SN_X9_62_c2tnb239v3 "c2tnb239v3" +#define NID_X9_62_c2tnb239v3 696 +#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L + +#define SN_X9_62_c2onb239v4 "c2onb239v4" +#define NID_X9_62_c2onb239v4 697 +#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L + +#define SN_X9_62_c2onb239v5 "c2onb239v5" +#define NID_X9_62_c2onb239v5 698 +#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L + +#define SN_X9_62_c2pnb272w1 "c2pnb272w1" +#define NID_X9_62_c2pnb272w1 699 +#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L + +#define SN_X9_62_c2pnb304w1 "c2pnb304w1" +#define NID_X9_62_c2pnb304w1 700 +#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L + +#define SN_X9_62_c2tnb359v1 "c2tnb359v1" +#define NID_X9_62_c2tnb359v1 701 +#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L + +#define SN_X9_62_c2pnb368w1 "c2pnb368w1" +#define NID_X9_62_c2pnb368w1 702 +#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L + +#define SN_X9_62_c2tnb431r1 "c2tnb431r1" +#define NID_X9_62_c2tnb431r1 703 +#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L + +#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L + +#define SN_X9_62_prime192v1 "prime192v1" +#define NID_X9_62_prime192v1 409 +#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L + +#define SN_X9_62_prime192v2 "prime192v2" +#define NID_X9_62_prime192v2 410 +#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L + +#define SN_X9_62_prime192v3 "prime192v3" +#define NID_X9_62_prime192v3 411 +#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L + +#define SN_X9_62_prime239v1 "prime239v1" +#define NID_X9_62_prime239v1 412 +#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L + +#define SN_X9_62_prime239v2 "prime239v2" +#define NID_X9_62_prime239v2 413 +#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L + +#define SN_X9_62_prime239v3 "prime239v3" +#define NID_X9_62_prime239v3 414 +#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L + +#define SN_X9_62_prime256v1 "prime256v1" +#define NID_X9_62_prime256v1 415 +#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L + +#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L + +#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" +#define NID_ecdsa_with_SHA1 416 +#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L + +#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" +#define NID_ecdsa_with_Recommended 791 +#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L + +#define SN_ecdsa_with_Specified "ecdsa-with-Specified" +#define NID_ecdsa_with_Specified 792 +#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L + +#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" +#define NID_ecdsa_with_SHA224 793 +#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L + +#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" +#define NID_ecdsa_with_SHA256 794 +#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L + +#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" +#define NID_ecdsa_with_SHA384 795 +#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L + +#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" +#define NID_ecdsa_with_SHA512 796 +#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L + +#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L + +#define SN_secp112r1 "secp112r1" +#define NID_secp112r1 704 +#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L + +#define SN_secp112r2 "secp112r2" +#define NID_secp112r2 705 +#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L + +#define SN_secp128r1 "secp128r1" +#define NID_secp128r1 706 +#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L + +#define SN_secp128r2 "secp128r2" +#define NID_secp128r2 707 +#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L + +#define SN_secp160k1 "secp160k1" +#define NID_secp160k1 708 +#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L + +#define SN_secp160r1 "secp160r1" +#define NID_secp160r1 709 +#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L + +#define SN_secp160r2 "secp160r2" +#define NID_secp160r2 710 +#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L + +#define SN_secp192k1 "secp192k1" +#define NID_secp192k1 711 +#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L + +#define SN_secp224k1 "secp224k1" +#define NID_secp224k1 712 +#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L + +#define SN_secp224r1 "secp224r1" +#define NID_secp224r1 713 +#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L + +#define SN_secp256k1 "secp256k1" +#define NID_secp256k1 714 +#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L + +#define SN_secp384r1 "secp384r1" +#define NID_secp384r1 715 +#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L + +#define SN_secp521r1 "secp521r1" +#define NID_secp521r1 716 +#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L + +#define SN_sect113r1 "sect113r1" +#define NID_sect113r1 717 +#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L + +#define SN_sect113r2 "sect113r2" +#define NID_sect113r2 718 +#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L + +#define SN_sect131r1 "sect131r1" +#define NID_sect131r1 719 +#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L + +#define SN_sect131r2 "sect131r2" +#define NID_sect131r2 720 +#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L + +#define SN_sect163k1 "sect163k1" +#define NID_sect163k1 721 +#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L + +#define SN_sect163r1 "sect163r1" +#define NID_sect163r1 722 +#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L + +#define SN_sect163r2 "sect163r2" +#define NID_sect163r2 723 +#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L + +#define SN_sect193r1 "sect193r1" +#define NID_sect193r1 724 +#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L + +#define SN_sect193r2 "sect193r2" +#define NID_sect193r2 725 +#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L + +#define SN_sect233k1 "sect233k1" +#define NID_sect233k1 726 +#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L + +#define SN_sect233r1 "sect233r1" +#define NID_sect233r1 727 +#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L + +#define SN_sect239k1 "sect239k1" +#define NID_sect239k1 728 +#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L + +#define SN_sect283k1 "sect283k1" +#define NID_sect283k1 729 +#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L + +#define SN_sect283r1 "sect283r1" +#define NID_sect283r1 730 +#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L + +#define SN_sect409k1 "sect409k1" +#define NID_sect409k1 731 +#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L + +#define SN_sect409r1 "sect409r1" +#define NID_sect409r1 732 +#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L + +#define SN_sect571k1 "sect571k1" +#define NID_sect571k1 733 +#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L + +#define SN_sect571r1 "sect571r1" +#define NID_sect571r1 734 +#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L + +#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L + +#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" +#define NID_wap_wsg_idm_ecid_wtls1 735 +#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L + +#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" +#define NID_wap_wsg_idm_ecid_wtls3 736 +#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L + +#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" +#define NID_wap_wsg_idm_ecid_wtls4 737 +#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L + +#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" +#define NID_wap_wsg_idm_ecid_wtls5 738 +#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L + +#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" +#define NID_wap_wsg_idm_ecid_wtls6 739 +#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L + +#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" +#define NID_wap_wsg_idm_ecid_wtls7 740 +#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L + +#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" +#define NID_wap_wsg_idm_ecid_wtls8 741 +#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L + +#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" +#define NID_wap_wsg_idm_ecid_wtls9 742 +#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L + +#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" +#define NID_wap_wsg_idm_ecid_wtls10 743 +#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L + +#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" +#define NID_wap_wsg_idm_ecid_wtls11 744 +#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L + +#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" +#define NID_wap_wsg_idm_ecid_wtls12 745 +#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L + +#define SN_cast5_cbc "CAST5-CBC" +#define LN_cast5_cbc "cast5-cbc" +#define NID_cast5_cbc 108 +#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L + +#define SN_cast5_ecb "CAST5-ECB" +#define LN_cast5_ecb "cast5-ecb" +#define NID_cast5_ecb 109 + +#define SN_cast5_cfb64 "CAST5-CFB" +#define LN_cast5_cfb64 "cast5-cfb" +#define NID_cast5_cfb64 110 + +#define SN_cast5_ofb64 "CAST5-OFB" +#define LN_cast5_ofb64 "cast5-ofb" +#define NID_cast5_ofb64 111 + +#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" +#define NID_pbeWithMD5AndCast5_CBC 112 +#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L + +#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" +#define LN_id_PasswordBasedMAC "password based MAC" +#define NID_id_PasswordBasedMAC 782 +#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L + +#define SN_id_DHBasedMac "id-DHBasedMac" +#define LN_id_DHBasedMac "Diffie-Hellman based MAC" +#define NID_id_DHBasedMac 783 +#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L + +#define SN_rsadsi "rsadsi" +#define LN_rsadsi "RSA Data Security, Inc." +#define NID_rsadsi 1 +#define OBJ_rsadsi OBJ_ISO_US,113549L + +#define SN_pkcs "pkcs" +#define LN_pkcs "RSA Data Security, Inc. PKCS" +#define NID_pkcs 2 +#define OBJ_pkcs OBJ_rsadsi,1L + +#define SN_pkcs1 "pkcs1" +#define NID_pkcs1 186 +#define OBJ_pkcs1 OBJ_pkcs,1L + +#define LN_rsaEncryption "rsaEncryption" +#define NID_rsaEncryption 6 +#define OBJ_rsaEncryption OBJ_pkcs1,1L + +#define SN_md2WithRSAEncryption "RSA-MD2" +#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +#define NID_md2WithRSAEncryption 7 +#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L + +#define SN_md4WithRSAEncryption "RSA-MD4" +#define LN_md4WithRSAEncryption "md4WithRSAEncryption" +#define NID_md4WithRSAEncryption 396 +#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L + +#define SN_md5WithRSAEncryption "RSA-MD5" +#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +#define NID_md5WithRSAEncryption 8 +#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L + +#define SN_sha1WithRSAEncryption "RSA-SHA1" +#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +#define NID_sha1WithRSAEncryption 65 +#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L + +#define SN_rsaesOaep "RSAES-OAEP" +#define LN_rsaesOaep "rsaesOaep" +#define NID_rsaesOaep 919 +#define OBJ_rsaesOaep OBJ_pkcs1,7L + +#define SN_mgf1 "MGF1" +#define LN_mgf1 "mgf1" +#define NID_mgf1 911 +#define OBJ_mgf1 OBJ_pkcs1,8L + +#define SN_pSpecified "PSPECIFIED" +#define LN_pSpecified "pSpecified" +#define NID_pSpecified 935 +#define OBJ_pSpecified OBJ_pkcs1,9L + +#define SN_rsassaPss "RSASSA-PSS" +#define LN_rsassaPss "rsassaPss" +#define NID_rsassaPss 912 +#define OBJ_rsassaPss OBJ_pkcs1,10L + +#define SN_sha256WithRSAEncryption "RSA-SHA256" +#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" +#define NID_sha256WithRSAEncryption 668 +#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L + +#define SN_sha384WithRSAEncryption "RSA-SHA384" +#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" +#define NID_sha384WithRSAEncryption 669 +#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L + +#define SN_sha512WithRSAEncryption "RSA-SHA512" +#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" +#define NID_sha512WithRSAEncryption 670 +#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L + +#define SN_sha224WithRSAEncryption "RSA-SHA224" +#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" +#define NID_sha224WithRSAEncryption 671 +#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L + +#define SN_sha512_224WithRSAEncryption "RSA-SHA512/224" +#define LN_sha512_224WithRSAEncryption "sha512-224WithRSAEncryption" +#define NID_sha512_224WithRSAEncryption 1145 +#define OBJ_sha512_224WithRSAEncryption OBJ_pkcs1,15L + +#define SN_sha512_256WithRSAEncryption "RSA-SHA512/256" +#define LN_sha512_256WithRSAEncryption "sha512-256WithRSAEncryption" +#define NID_sha512_256WithRSAEncryption 1146 +#define OBJ_sha512_256WithRSAEncryption OBJ_pkcs1,16L + +#define SN_pkcs3 "pkcs3" +#define NID_pkcs3 27 +#define OBJ_pkcs3 OBJ_pkcs,3L + +#define LN_dhKeyAgreement "dhKeyAgreement" +#define NID_dhKeyAgreement 28 +#define OBJ_dhKeyAgreement OBJ_pkcs3,1L + +#define SN_pkcs5 "pkcs5" +#define NID_pkcs5 187 +#define OBJ_pkcs5 OBJ_pkcs,5L + +#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +#define NID_pbeWithMD2AndDES_CBC 9 +#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L + +#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +#define NID_pbeWithMD5AndDES_CBC 10 +#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L + +#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +#define NID_pbeWithMD2AndRC2_CBC 168 +#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L + +#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +#define NID_pbeWithMD5AndRC2_CBC 169 +#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L + +#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +#define NID_pbeWithSHA1AndDES_CBC 170 +#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L + +#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +#define NID_pbeWithSHA1AndRC2_CBC 68 +#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L + +#define LN_id_pbkdf2 "PBKDF2" +#define NID_id_pbkdf2 69 +#define OBJ_id_pbkdf2 OBJ_pkcs5,12L + +#define LN_pbes2 "PBES2" +#define NID_pbes2 161 +#define OBJ_pbes2 OBJ_pkcs5,13L + +#define LN_pbmac1 "PBMAC1" +#define NID_pbmac1 162 +#define OBJ_pbmac1 OBJ_pkcs5,14L + +#define SN_pkcs7 "pkcs7" +#define NID_pkcs7 20 +#define OBJ_pkcs7 OBJ_pkcs,7L + +#define LN_pkcs7_data "pkcs7-data" +#define NID_pkcs7_data 21 +#define OBJ_pkcs7_data OBJ_pkcs7,1L + +#define LN_pkcs7_signed "pkcs7-signedData" +#define NID_pkcs7_signed 22 +#define OBJ_pkcs7_signed OBJ_pkcs7,2L + +#define LN_pkcs7_enveloped "pkcs7-envelopedData" +#define NID_pkcs7_enveloped 23 +#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L + +#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +#define NID_pkcs7_signedAndEnveloped 24 +#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L + +#define LN_pkcs7_digest "pkcs7-digestData" +#define NID_pkcs7_digest 25 +#define OBJ_pkcs7_digest OBJ_pkcs7,5L + +#define LN_pkcs7_encrypted "pkcs7-encryptedData" +#define NID_pkcs7_encrypted 26 +#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L + +#define SN_pkcs9 "pkcs9" +#define NID_pkcs9 47 +#define OBJ_pkcs9 OBJ_pkcs,9L + +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L + +#define LN_pkcs9_unstructuredName "unstructuredName" +#define NID_pkcs9_unstructuredName 49 +#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L + +#define LN_pkcs9_contentType "contentType" +#define NID_pkcs9_contentType 50 +#define OBJ_pkcs9_contentType OBJ_pkcs9,3L + +#define LN_pkcs9_messageDigest "messageDigest" +#define NID_pkcs9_messageDigest 51 +#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L + +#define LN_pkcs9_signingTime "signingTime" +#define NID_pkcs9_signingTime 52 +#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L + +#define LN_pkcs9_countersignature "countersignature" +#define NID_pkcs9_countersignature 53 +#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L + +#define LN_pkcs9_challengePassword "challengePassword" +#define NID_pkcs9_challengePassword 54 +#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L + +#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +#define NID_pkcs9_unstructuredAddress 55 +#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L + +#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +#define NID_pkcs9_extCertAttributes 56 +#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L + +#define SN_ext_req "extReq" +#define LN_ext_req "Extension Request" +#define NID_ext_req 172 +#define OBJ_ext_req OBJ_pkcs9,14L + +#define SN_SMIMECapabilities "SMIME-CAPS" +#define LN_SMIMECapabilities "S/MIME Capabilities" +#define NID_SMIMECapabilities 167 +#define OBJ_SMIMECapabilities OBJ_pkcs9,15L + +#define SN_SMIME "SMIME" +#define LN_SMIME "S/MIME" +#define NID_SMIME 188 +#define OBJ_SMIME OBJ_pkcs9,16L + +#define SN_id_smime_mod "id-smime-mod" +#define NID_id_smime_mod 189 +#define OBJ_id_smime_mod OBJ_SMIME,0L + +#define SN_id_smime_ct "id-smime-ct" +#define NID_id_smime_ct 190 +#define OBJ_id_smime_ct OBJ_SMIME,1L + +#define SN_id_smime_aa "id-smime-aa" +#define NID_id_smime_aa 191 +#define OBJ_id_smime_aa OBJ_SMIME,2L + +#define SN_id_smime_alg "id-smime-alg" +#define NID_id_smime_alg 192 +#define OBJ_id_smime_alg OBJ_SMIME,3L + +#define SN_id_smime_cd "id-smime-cd" +#define NID_id_smime_cd 193 +#define OBJ_id_smime_cd OBJ_SMIME,4L + +#define SN_id_smime_spq "id-smime-spq" +#define NID_id_smime_spq 194 +#define OBJ_id_smime_spq OBJ_SMIME,5L + +#define SN_id_smime_cti "id-smime-cti" +#define NID_id_smime_cti 195 +#define OBJ_id_smime_cti OBJ_SMIME,6L + +#define SN_id_smime_mod_cms "id-smime-mod-cms" +#define NID_id_smime_mod_cms 196 +#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L + +#define SN_id_smime_mod_ess "id-smime-mod-ess" +#define NID_id_smime_mod_ess 197 +#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L + +#define SN_id_smime_mod_oid "id-smime-mod-oid" +#define NID_id_smime_mod_oid 198 +#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L + +#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" +#define NID_id_smime_mod_msg_v3 199 +#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L + +#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" +#define NID_id_smime_mod_ets_eSignature_88 200 +#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L + +#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" +#define NID_id_smime_mod_ets_eSignature_97 201 +#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L + +#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" +#define NID_id_smime_mod_ets_eSigPolicy_88 202 +#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L + +#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" +#define NID_id_smime_mod_ets_eSigPolicy_97 203 +#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L + +#define SN_id_smime_ct_receipt "id-smime-ct-receipt" +#define NID_id_smime_ct_receipt 204 +#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L + +#define SN_id_smime_ct_authData "id-smime-ct-authData" +#define NID_id_smime_ct_authData 205 +#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L + +#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" +#define NID_id_smime_ct_publishCert 206 +#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L + +#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" +#define NID_id_smime_ct_TSTInfo 207 +#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L + +#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" +#define NID_id_smime_ct_TDTInfo 208 +#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L + +#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" +#define NID_id_smime_ct_contentInfo 209 +#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L + +#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" +#define NID_id_smime_ct_DVCSRequestData 210 +#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L + +#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" +#define NID_id_smime_ct_DVCSResponseData 211 +#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L + +#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" +#define NID_id_smime_ct_compressedData 786 +#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L + +#define SN_id_smime_ct_contentCollection "id-smime-ct-contentCollection" +#define NID_id_smime_ct_contentCollection 1058 +#define OBJ_id_smime_ct_contentCollection OBJ_id_smime_ct,19L + +#define SN_id_smime_ct_authEnvelopedData "id-smime-ct-authEnvelopedData" +#define NID_id_smime_ct_authEnvelopedData 1059 +#define OBJ_id_smime_ct_authEnvelopedData OBJ_id_smime_ct,23L + +#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +#define NID_id_ct_asciiTextWithCRLF 787 +#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + +#define SN_id_ct_xml "id-ct-xml" +#define NID_id_ct_xml 1060 +#define OBJ_id_ct_xml OBJ_id_smime_ct,28L + +#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" +#define NID_id_smime_aa_receiptRequest 212 +#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L + +#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" +#define NID_id_smime_aa_securityLabel 213 +#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L + +#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" +#define NID_id_smime_aa_mlExpandHistory 214 +#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L + +#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" +#define NID_id_smime_aa_contentHint 215 +#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L + +#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" +#define NID_id_smime_aa_msgSigDigest 216 +#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L + +#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" +#define NID_id_smime_aa_encapContentType 217 +#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L + +#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" +#define NID_id_smime_aa_contentIdentifier 218 +#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L + +#define SN_id_smime_aa_macValue "id-smime-aa-macValue" +#define NID_id_smime_aa_macValue 219 +#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L + +#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" +#define NID_id_smime_aa_equivalentLabels 220 +#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L + +#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" +#define NID_id_smime_aa_contentReference 221 +#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L + +#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" +#define NID_id_smime_aa_encrypKeyPref 222 +#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L + +#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" +#define NID_id_smime_aa_signingCertificate 223 +#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L + +#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" +#define NID_id_smime_aa_smimeEncryptCerts 224 +#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L + +#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" +#define NID_id_smime_aa_timeStampToken 225 +#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L + +#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" +#define NID_id_smime_aa_ets_sigPolicyId 226 +#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L + +#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" +#define NID_id_smime_aa_ets_commitmentType 227 +#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L + +#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" +#define NID_id_smime_aa_ets_signerLocation 228 +#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L + +#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" +#define NID_id_smime_aa_ets_signerAttr 229 +#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L + +#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" +#define NID_id_smime_aa_ets_otherSigCert 230 +#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L + +#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" +#define NID_id_smime_aa_ets_contentTimestamp 231 +#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L + +#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" +#define NID_id_smime_aa_ets_CertificateRefs 232 +#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L + +#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" +#define NID_id_smime_aa_ets_RevocationRefs 233 +#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L + +#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" +#define NID_id_smime_aa_ets_certValues 234 +#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L + +#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" +#define NID_id_smime_aa_ets_revocationValues 235 +#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L + +#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" +#define NID_id_smime_aa_ets_escTimeStamp 236 +#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L + +#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" +#define NID_id_smime_aa_ets_certCRLTimestamp 237 +#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L + +#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" +#define NID_id_smime_aa_ets_archiveTimeStamp 238 +#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L + +#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" +#define NID_id_smime_aa_signatureType 239 +#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L + +#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" +#define NID_id_smime_aa_dvcs_dvc 240 +#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L + +#define SN_id_smime_aa_signingCertificateV2 "id-smime-aa-signingCertificateV2" +#define NID_id_smime_aa_signingCertificateV2 1086 +#define OBJ_id_smime_aa_signingCertificateV2 OBJ_id_smime_aa,47L + +#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" +#define NID_id_smime_alg_ESDHwith3DES 241 +#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L + +#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" +#define NID_id_smime_alg_ESDHwithRC2 242 +#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L + +#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" +#define NID_id_smime_alg_3DESwrap 243 +#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L + +#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" +#define NID_id_smime_alg_RC2wrap 244 +#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L + +#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" +#define NID_id_smime_alg_ESDH 245 +#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L + +#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" +#define NID_id_smime_alg_CMS3DESwrap 246 +#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L + +#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" +#define NID_id_smime_alg_CMSRC2wrap 247 +#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L + +#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" +#define NID_id_alg_PWRI_KEK 893 +#define OBJ_id_alg_PWRI_KEK OBJ_id_smime_alg,9L + +#define SN_id_smime_cd_ldap "id-smime-cd-ldap" +#define NID_id_smime_cd_ldap 248 +#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L + +#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" +#define NID_id_smime_spq_ets_sqt_uri 249 +#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L + +#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" +#define NID_id_smime_spq_ets_sqt_unotice 250 +#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L + +#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" +#define NID_id_smime_cti_ets_proofOfOrigin 251 +#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L + +#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" +#define NID_id_smime_cti_ets_proofOfReceipt 252 +#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L + +#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" +#define NID_id_smime_cti_ets_proofOfDelivery 253 +#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L + +#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" +#define NID_id_smime_cti_ets_proofOfSender 254 +#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L + +#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" +#define NID_id_smime_cti_ets_proofOfApproval 255 +#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L + +#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" +#define NID_id_smime_cti_ets_proofOfCreation 256 +#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L + +#define LN_friendlyName "friendlyName" +#define NID_friendlyName 156 +#define OBJ_friendlyName OBJ_pkcs9,20L + +#define LN_localKeyID "localKeyID" +#define NID_localKeyID 157 +#define OBJ_localKeyID OBJ_pkcs9,21L + +#define SN_ms_csp_name "CSPName" +#define LN_ms_csp_name "Microsoft CSP Name" +#define NID_ms_csp_name 417 +#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L + +#define SN_LocalKeySet "LocalKeySet" +#define LN_LocalKeySet "Microsoft Local Key set" +#define NID_LocalKeySet 856 +#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L + +#define OBJ_certTypes OBJ_pkcs9,22L + +#define LN_x509Certificate "x509Certificate" +#define NID_x509Certificate 158 +#define OBJ_x509Certificate OBJ_certTypes,1L + +#define LN_sdsiCertificate "sdsiCertificate" +#define NID_sdsiCertificate 159 +#define OBJ_sdsiCertificate OBJ_certTypes,2L + +#define OBJ_crlTypes OBJ_pkcs9,23L + +#define LN_x509Crl "x509Crl" +#define NID_x509Crl 160 +#define OBJ_x509Crl OBJ_crlTypes,1L + +#define OBJ_pkcs12 OBJ_pkcs,12L + +#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L + +#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +#define NID_pbe_WithSHA1And128BitRC4 144 +#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L + +#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +#define NID_pbe_WithSHA1And40BitRC4 145 +#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L + +#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L + +#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L + +#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +#define NID_pbe_WithSHA1And128BitRC2_CBC 148 +#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L + +#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +#define NID_pbe_WithSHA1And40BitRC2_CBC 149 +#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L + +#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L + +#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L + +#define LN_keyBag "keyBag" +#define NID_keyBag 150 +#define OBJ_keyBag OBJ_pkcs12_BagIds,1L + +#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +#define NID_pkcs8ShroudedKeyBag 151 +#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L + +#define LN_certBag "certBag" +#define NID_certBag 152 +#define OBJ_certBag OBJ_pkcs12_BagIds,3L + +#define LN_crlBag "crlBag" +#define NID_crlBag 153 +#define OBJ_crlBag OBJ_pkcs12_BagIds,4L + +#define LN_secretBag "secretBag" +#define NID_secretBag 154 +#define OBJ_secretBag OBJ_pkcs12_BagIds,5L + +#define LN_safeContentsBag "safeContentsBag" +#define NID_safeContentsBag 155 +#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L + +#define SN_md2 "MD2" +#define LN_md2 "md2" +#define NID_md2 3 +#define OBJ_md2 OBJ_rsadsi,2L,2L + +#define SN_md4 "MD4" +#define LN_md4 "md4" +#define NID_md4 257 +#define OBJ_md4 OBJ_rsadsi,2L,4L + +#define SN_md5 "MD5" +#define LN_md5 "md5" +#define NID_md5 4 +#define OBJ_md5 OBJ_rsadsi,2L,5L + +#define SN_md5_sha1 "MD5-SHA1" +#define LN_md5_sha1 "md5-sha1" +#define NID_md5_sha1 114 + +#define LN_hmacWithMD5 "hmacWithMD5" +#define NID_hmacWithMD5 797 +#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L + +#define LN_hmacWithSHA1 "hmacWithSHA1" +#define NID_hmacWithSHA1 163 +#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L + +#define SN_sm2 "SM2" +#define LN_sm2 "sm2" +#define NID_sm2 1172 +#define OBJ_sm2 OBJ_sm_scheme,301L + +#define SN_sm3 "SM3" +#define LN_sm3 "sm3" +#define NID_sm3 1143 +#define OBJ_sm3 OBJ_sm_scheme,401L + +#define SN_sm3WithRSAEncryption "RSA-SM3" +#define LN_sm3WithRSAEncryption "sm3WithRSAEncryption" +#define NID_sm3WithRSAEncryption 1144 +#define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L + +#define LN_hmacWithSHA224 "hmacWithSHA224" +#define NID_hmacWithSHA224 798 +#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L + +#define LN_hmacWithSHA256 "hmacWithSHA256" +#define NID_hmacWithSHA256 799 +#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L + +#define LN_hmacWithSHA384 "hmacWithSHA384" +#define NID_hmacWithSHA384 800 +#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L + +#define LN_hmacWithSHA512 "hmacWithSHA512" +#define NID_hmacWithSHA512 801 +#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L + +#define LN_hmacWithSHA512_224 "hmacWithSHA512-224" +#define NID_hmacWithSHA512_224 1193 +#define OBJ_hmacWithSHA512_224 OBJ_rsadsi,2L,12L + +#define LN_hmacWithSHA512_256 "hmacWithSHA512-256" +#define NID_hmacWithSHA512_256 1194 +#define OBJ_hmacWithSHA512_256 OBJ_rsadsi,2L,13L + +#define SN_rc2_cbc "RC2-CBC" +#define LN_rc2_cbc "rc2-cbc" +#define NID_rc2_cbc 37 +#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L + +#define SN_rc2_ecb "RC2-ECB" +#define LN_rc2_ecb "rc2-ecb" +#define NID_rc2_ecb 38 + +#define SN_rc2_cfb64 "RC2-CFB" +#define LN_rc2_cfb64 "rc2-cfb" +#define NID_rc2_cfb64 39 + +#define SN_rc2_ofb64 "RC2-OFB" +#define LN_rc2_ofb64 "rc2-ofb" +#define NID_rc2_ofb64 40 + +#define SN_rc2_40_cbc "RC2-40-CBC" +#define LN_rc2_40_cbc "rc2-40-cbc" +#define NID_rc2_40_cbc 98 + +#define SN_rc2_64_cbc "RC2-64-CBC" +#define LN_rc2_64_cbc "rc2-64-cbc" +#define NID_rc2_64_cbc 166 + +#define SN_rc4 "RC4" +#define LN_rc4 "rc4" +#define NID_rc4 5 +#define OBJ_rc4 OBJ_rsadsi,3L,4L + +#define SN_rc4_40 "RC4-40" +#define LN_rc4_40 "rc4-40" +#define NID_rc4_40 97 + +#define SN_des_ede3_cbc "DES-EDE3-CBC" +#define LN_des_ede3_cbc "des-ede3-cbc" +#define NID_des_ede3_cbc 44 +#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L + +#define SN_rc5_cbc "RC5-CBC" +#define LN_rc5_cbc "rc5-cbc" +#define NID_rc5_cbc 120 +#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L + +#define SN_rc5_ecb "RC5-ECB" +#define LN_rc5_ecb "rc5-ecb" +#define NID_rc5_ecb 121 + +#define SN_rc5_cfb64 "RC5-CFB" +#define LN_rc5_cfb64 "rc5-cfb" +#define NID_rc5_cfb64 122 + +#define SN_rc5_ofb64 "RC5-OFB" +#define LN_rc5_ofb64 "rc5-ofb" +#define NID_rc5_ofb64 123 + +#define SN_ms_ext_req "msExtReq" +#define LN_ms_ext_req "Microsoft Extension Request" +#define NID_ms_ext_req 171 +#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L + +#define SN_ms_code_ind "msCodeInd" +#define LN_ms_code_ind "Microsoft Individual Code Signing" +#define NID_ms_code_ind 134 +#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L + +#define SN_ms_code_com "msCodeCom" +#define LN_ms_code_com "Microsoft Commercial Code Signing" +#define NID_ms_code_com 135 +#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L + +#define SN_ms_ctl_sign "msCTLSign" +#define LN_ms_ctl_sign "Microsoft Trust List Signing" +#define NID_ms_ctl_sign 136 +#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L + +#define SN_ms_sgc "msSGC" +#define LN_ms_sgc "Microsoft Server Gated Crypto" +#define NID_ms_sgc 137 +#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L + +#define SN_ms_efs "msEFS" +#define LN_ms_efs "Microsoft Encrypted File System" +#define NID_ms_efs 138 +#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L + +#define SN_ms_smartcard_login "msSmartcardLogin" +#define LN_ms_smartcard_login "Microsoft Smartcard Login" +#define NID_ms_smartcard_login 648 +#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L + +#define SN_ms_upn "msUPN" +#define LN_ms_upn "Microsoft User Principal Name" +#define NID_ms_upn 649 +#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L + +#define SN_idea_cbc "IDEA-CBC" +#define LN_idea_cbc "idea-cbc" +#define NID_idea_cbc 34 +#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L + +#define SN_idea_ecb "IDEA-ECB" +#define LN_idea_ecb "idea-ecb" +#define NID_idea_ecb 36 + +#define SN_idea_cfb64 "IDEA-CFB" +#define LN_idea_cfb64 "idea-cfb" +#define NID_idea_cfb64 35 + +#define SN_idea_ofb64 "IDEA-OFB" +#define LN_idea_ofb64 "idea-ofb" +#define NID_idea_ofb64 46 + +#define SN_bf_cbc "BF-CBC" +#define LN_bf_cbc "bf-cbc" +#define NID_bf_cbc 91 +#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L + +#define SN_bf_ecb "BF-ECB" +#define LN_bf_ecb "bf-ecb" +#define NID_bf_ecb 92 + +#define SN_bf_cfb64 "BF-CFB" +#define LN_bf_cfb64 "bf-cfb" +#define NID_bf_cfb64 93 + +#define SN_bf_ofb64 "BF-OFB" +#define LN_bf_ofb64 "bf-ofb" +#define NID_bf_ofb64 94 + +#define SN_id_pkix "PKIX" +#define NID_id_pkix 127 +#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L + +#define SN_id_pkix_mod "id-pkix-mod" +#define NID_id_pkix_mod 258 +#define OBJ_id_pkix_mod OBJ_id_pkix,0L + +#define SN_id_pe "id-pe" +#define NID_id_pe 175 +#define OBJ_id_pe OBJ_id_pkix,1L + +#define SN_id_qt "id-qt" +#define NID_id_qt 259 +#define OBJ_id_qt OBJ_id_pkix,2L + +#define SN_id_kp "id-kp" +#define NID_id_kp 128 +#define OBJ_id_kp OBJ_id_pkix,3L + +#define SN_id_it "id-it" +#define NID_id_it 260 +#define OBJ_id_it OBJ_id_pkix,4L + +#define SN_id_pkip "id-pkip" +#define NID_id_pkip 261 +#define OBJ_id_pkip OBJ_id_pkix,5L + +#define SN_id_alg "id-alg" +#define NID_id_alg 262 +#define OBJ_id_alg OBJ_id_pkix,6L + +#define SN_id_cmc "id-cmc" +#define NID_id_cmc 263 +#define OBJ_id_cmc OBJ_id_pkix,7L + +#define SN_id_on "id-on" +#define NID_id_on 264 +#define OBJ_id_on OBJ_id_pkix,8L + +#define SN_id_pda "id-pda" +#define NID_id_pda 265 +#define OBJ_id_pda OBJ_id_pkix,9L + +#define SN_id_aca "id-aca" +#define NID_id_aca 266 +#define OBJ_id_aca OBJ_id_pkix,10L + +#define SN_id_qcs "id-qcs" +#define NID_id_qcs 267 +#define OBJ_id_qcs OBJ_id_pkix,11L + +#define SN_id_cct "id-cct" +#define NID_id_cct 268 +#define OBJ_id_cct OBJ_id_pkix,12L + +#define SN_id_ppl "id-ppl" +#define NID_id_ppl 662 +#define OBJ_id_ppl OBJ_id_pkix,21L + +#define SN_id_ad "id-ad" +#define NID_id_ad 176 +#define OBJ_id_ad OBJ_id_pkix,48L + +#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" +#define NID_id_pkix1_explicit_88 269 +#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L + +#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" +#define NID_id_pkix1_implicit_88 270 +#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L + +#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" +#define NID_id_pkix1_explicit_93 271 +#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L + +#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" +#define NID_id_pkix1_implicit_93 272 +#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L + +#define SN_id_mod_crmf "id-mod-crmf" +#define NID_id_mod_crmf 273 +#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L + +#define SN_id_mod_cmc "id-mod-cmc" +#define NID_id_mod_cmc 274 +#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L + +#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" +#define NID_id_mod_kea_profile_88 275 +#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L + +#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" +#define NID_id_mod_kea_profile_93 276 +#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L + +#define SN_id_mod_cmp "id-mod-cmp" +#define NID_id_mod_cmp 277 +#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L + +#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" +#define NID_id_mod_qualified_cert_88 278 +#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L + +#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" +#define NID_id_mod_qualified_cert_93 279 +#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L + +#define SN_id_mod_attribute_cert "id-mod-attribute-cert" +#define NID_id_mod_attribute_cert 280 +#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L + +#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" +#define NID_id_mod_timestamp_protocol 281 +#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L + +#define SN_id_mod_ocsp "id-mod-ocsp" +#define NID_id_mod_ocsp 282 +#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L + +#define SN_id_mod_dvcs "id-mod-dvcs" +#define NID_id_mod_dvcs 283 +#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L + +#define SN_id_mod_cmp2000 "id-mod-cmp2000" +#define NID_id_mod_cmp2000 284 +#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L + +#define SN_info_access "authorityInfoAccess" +#define LN_info_access "Authority Information Access" +#define NID_info_access 177 +#define OBJ_info_access OBJ_id_pe,1L + +#define SN_biometricInfo "biometricInfo" +#define LN_biometricInfo "Biometric Info" +#define NID_biometricInfo 285 +#define OBJ_biometricInfo OBJ_id_pe,2L + +#define SN_qcStatements "qcStatements" +#define NID_qcStatements 286 +#define OBJ_qcStatements OBJ_id_pe,3L + +#define SN_ac_auditEntity "ac-auditEntity" +#define NID_ac_auditEntity 287 +#define OBJ_ac_auditEntity OBJ_id_pe,4L + +#define SN_ac_targeting "ac-targeting" +#define NID_ac_targeting 288 +#define OBJ_ac_targeting OBJ_id_pe,5L + +#define SN_aaControls "aaControls" +#define NID_aaControls 289 +#define OBJ_aaControls OBJ_id_pe,6L + +#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" +#define NID_sbgp_ipAddrBlock 290 +#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L + +#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" +#define NID_sbgp_autonomousSysNum 291 +#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L + +#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" +#define NID_sbgp_routerIdentifier 292 +#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L + +#define SN_ac_proxying "ac-proxying" +#define NID_ac_proxying 397 +#define OBJ_ac_proxying OBJ_id_pe,10L + +#define SN_sinfo_access "subjectInfoAccess" +#define LN_sinfo_access "Subject Information Access" +#define NID_sinfo_access 398 +#define OBJ_sinfo_access OBJ_id_pe,11L + +#define SN_proxyCertInfo "proxyCertInfo" +#define LN_proxyCertInfo "Proxy Certificate Information" +#define NID_proxyCertInfo 663 +#define OBJ_proxyCertInfo OBJ_id_pe,14L + +#define SN_tlsfeature "tlsfeature" +#define LN_tlsfeature "TLS Feature" +#define NID_tlsfeature 1020 +#define OBJ_tlsfeature OBJ_id_pe,24L + +#define SN_id_qt_cps "id-qt-cps" +#define LN_id_qt_cps "Policy Qualifier CPS" +#define NID_id_qt_cps 164 +#define OBJ_id_qt_cps OBJ_id_qt,1L + +#define SN_id_qt_unotice "id-qt-unotice" +#define LN_id_qt_unotice "Policy Qualifier User Notice" +#define NID_id_qt_unotice 165 +#define OBJ_id_qt_unotice OBJ_id_qt,2L + +#define SN_textNotice "textNotice" +#define NID_textNotice 293 +#define OBJ_textNotice OBJ_id_qt,3L + +#define SN_server_auth "serverAuth" +#define LN_server_auth "TLS Web Server Authentication" +#define NID_server_auth 129 +#define OBJ_server_auth OBJ_id_kp,1L + +#define SN_client_auth "clientAuth" +#define LN_client_auth "TLS Web Client Authentication" +#define NID_client_auth 130 +#define OBJ_client_auth OBJ_id_kp,2L + +#define SN_code_sign "codeSigning" +#define LN_code_sign "Code Signing" +#define NID_code_sign 131 +#define OBJ_code_sign OBJ_id_kp,3L + +#define SN_email_protect "emailProtection" +#define LN_email_protect "E-mail Protection" +#define NID_email_protect 132 +#define OBJ_email_protect OBJ_id_kp,4L + +#define SN_ipsecEndSystem "ipsecEndSystem" +#define LN_ipsecEndSystem "IPSec End System" +#define NID_ipsecEndSystem 294 +#define OBJ_ipsecEndSystem OBJ_id_kp,5L + +#define SN_ipsecTunnel "ipsecTunnel" +#define LN_ipsecTunnel "IPSec Tunnel" +#define NID_ipsecTunnel 295 +#define OBJ_ipsecTunnel OBJ_id_kp,6L + +#define SN_ipsecUser "ipsecUser" +#define LN_ipsecUser "IPSec User" +#define NID_ipsecUser 296 +#define OBJ_ipsecUser OBJ_id_kp,7L + +#define SN_time_stamp "timeStamping" +#define LN_time_stamp "Time Stamping" +#define NID_time_stamp 133 +#define OBJ_time_stamp OBJ_id_kp,8L + +#define SN_OCSP_sign "OCSPSigning" +#define LN_OCSP_sign "OCSP Signing" +#define NID_OCSP_sign 180 +#define OBJ_OCSP_sign OBJ_id_kp,9L + +#define SN_dvcs "DVCS" +#define LN_dvcs "dvcs" +#define NID_dvcs 297 +#define OBJ_dvcs OBJ_id_kp,10L + +#define SN_ipsec_IKE "ipsecIKE" +#define LN_ipsec_IKE "ipsec Internet Key Exchange" +#define NID_ipsec_IKE 1022 +#define OBJ_ipsec_IKE OBJ_id_kp,17L + +#define SN_capwapAC "capwapAC" +#define LN_capwapAC "Ctrl/provision WAP Access" +#define NID_capwapAC 1023 +#define OBJ_capwapAC OBJ_id_kp,18L + +#define SN_capwapWTP "capwapWTP" +#define LN_capwapWTP "Ctrl/Provision WAP Termination" +#define NID_capwapWTP 1024 +#define OBJ_capwapWTP OBJ_id_kp,19L + +#define SN_sshClient "secureShellClient" +#define LN_sshClient "SSH Client" +#define NID_sshClient 1025 +#define OBJ_sshClient OBJ_id_kp,21L + +#define SN_sshServer "secureShellServer" +#define LN_sshServer "SSH Server" +#define NID_sshServer 1026 +#define OBJ_sshServer OBJ_id_kp,22L + +#define SN_sendRouter "sendRouter" +#define LN_sendRouter "Send Router" +#define NID_sendRouter 1027 +#define OBJ_sendRouter OBJ_id_kp,23L + +#define SN_sendProxiedRouter "sendProxiedRouter" +#define LN_sendProxiedRouter "Send Proxied Router" +#define NID_sendProxiedRouter 1028 +#define OBJ_sendProxiedRouter OBJ_id_kp,24L + +#define SN_sendOwner "sendOwner" +#define LN_sendOwner "Send Owner" +#define NID_sendOwner 1029 +#define OBJ_sendOwner OBJ_id_kp,25L + +#define SN_sendProxiedOwner "sendProxiedOwner" +#define LN_sendProxiedOwner "Send Proxied Owner" +#define NID_sendProxiedOwner 1030 +#define OBJ_sendProxiedOwner OBJ_id_kp,26L + +#define SN_cmcCA "cmcCA" +#define LN_cmcCA "CMC Certificate Authority" +#define NID_cmcCA 1131 +#define OBJ_cmcCA OBJ_id_kp,27L + +#define SN_cmcRA "cmcRA" +#define LN_cmcRA "CMC Registration Authority" +#define NID_cmcRA 1132 +#define OBJ_cmcRA OBJ_id_kp,28L + +#define SN_id_it_caProtEncCert "id-it-caProtEncCert" +#define NID_id_it_caProtEncCert 298 +#define OBJ_id_it_caProtEncCert OBJ_id_it,1L + +#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" +#define NID_id_it_signKeyPairTypes 299 +#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L + +#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" +#define NID_id_it_encKeyPairTypes 300 +#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L + +#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" +#define NID_id_it_preferredSymmAlg 301 +#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L + +#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" +#define NID_id_it_caKeyUpdateInfo 302 +#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L + +#define SN_id_it_currentCRL "id-it-currentCRL" +#define NID_id_it_currentCRL 303 +#define OBJ_id_it_currentCRL OBJ_id_it,6L + +#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" +#define NID_id_it_unsupportedOIDs 304 +#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L + +#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" +#define NID_id_it_subscriptionRequest 305 +#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L + +#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" +#define NID_id_it_subscriptionResponse 306 +#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L + +#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" +#define NID_id_it_keyPairParamReq 307 +#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L + +#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" +#define NID_id_it_keyPairParamRep 308 +#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L + +#define SN_id_it_revPassphrase "id-it-revPassphrase" +#define NID_id_it_revPassphrase 309 +#define OBJ_id_it_revPassphrase OBJ_id_it,12L + +#define SN_id_it_implicitConfirm "id-it-implicitConfirm" +#define NID_id_it_implicitConfirm 310 +#define OBJ_id_it_implicitConfirm OBJ_id_it,13L + +#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" +#define NID_id_it_confirmWaitTime 311 +#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L + +#define SN_id_it_origPKIMessage "id-it-origPKIMessage" +#define NID_id_it_origPKIMessage 312 +#define OBJ_id_it_origPKIMessage OBJ_id_it,15L + +#define SN_id_it_suppLangTags "id-it-suppLangTags" +#define NID_id_it_suppLangTags 784 +#define OBJ_id_it_suppLangTags OBJ_id_it,16L + +#define SN_id_regCtrl "id-regCtrl" +#define NID_id_regCtrl 313 +#define OBJ_id_regCtrl OBJ_id_pkip,1L + +#define SN_id_regInfo "id-regInfo" +#define NID_id_regInfo 314 +#define OBJ_id_regInfo OBJ_id_pkip,2L + +#define SN_id_regCtrl_regToken "id-regCtrl-regToken" +#define NID_id_regCtrl_regToken 315 +#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L + +#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" +#define NID_id_regCtrl_authenticator 316 +#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L + +#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" +#define NID_id_regCtrl_pkiPublicationInfo 317 +#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L + +#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" +#define NID_id_regCtrl_pkiArchiveOptions 318 +#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L + +#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" +#define NID_id_regCtrl_oldCertID 319 +#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L + +#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" +#define NID_id_regCtrl_protocolEncrKey 320 +#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L + +#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" +#define NID_id_regInfo_utf8Pairs 321 +#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L + +#define SN_id_regInfo_certReq "id-regInfo-certReq" +#define NID_id_regInfo_certReq 322 +#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L + +#define SN_id_alg_des40 "id-alg-des40" +#define NID_id_alg_des40 323 +#define OBJ_id_alg_des40 OBJ_id_alg,1L + +#define SN_id_alg_noSignature "id-alg-noSignature" +#define NID_id_alg_noSignature 324 +#define OBJ_id_alg_noSignature OBJ_id_alg,2L + +#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" +#define NID_id_alg_dh_sig_hmac_sha1 325 +#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L + +#define SN_id_alg_dh_pop "id-alg-dh-pop" +#define NID_id_alg_dh_pop 326 +#define OBJ_id_alg_dh_pop OBJ_id_alg,4L + +#define SN_id_cmc_statusInfo "id-cmc-statusInfo" +#define NID_id_cmc_statusInfo 327 +#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L + +#define SN_id_cmc_identification "id-cmc-identification" +#define NID_id_cmc_identification 328 +#define OBJ_id_cmc_identification OBJ_id_cmc,2L + +#define SN_id_cmc_identityProof "id-cmc-identityProof" +#define NID_id_cmc_identityProof 329 +#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L + +#define SN_id_cmc_dataReturn "id-cmc-dataReturn" +#define NID_id_cmc_dataReturn 330 +#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L + +#define SN_id_cmc_transactionId "id-cmc-transactionId" +#define NID_id_cmc_transactionId 331 +#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L + +#define SN_id_cmc_senderNonce "id-cmc-senderNonce" +#define NID_id_cmc_senderNonce 332 +#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L + +#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" +#define NID_id_cmc_recipientNonce 333 +#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L + +#define SN_id_cmc_addExtensions "id-cmc-addExtensions" +#define NID_id_cmc_addExtensions 334 +#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L + +#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" +#define NID_id_cmc_encryptedPOP 335 +#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L + +#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" +#define NID_id_cmc_decryptedPOP 336 +#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L + +#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" +#define NID_id_cmc_lraPOPWitness 337 +#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L + +#define SN_id_cmc_getCert "id-cmc-getCert" +#define NID_id_cmc_getCert 338 +#define OBJ_id_cmc_getCert OBJ_id_cmc,15L + +#define SN_id_cmc_getCRL "id-cmc-getCRL" +#define NID_id_cmc_getCRL 339 +#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L + +#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" +#define NID_id_cmc_revokeRequest 340 +#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L + +#define SN_id_cmc_regInfo "id-cmc-regInfo" +#define NID_id_cmc_regInfo 341 +#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L + +#define SN_id_cmc_responseInfo "id-cmc-responseInfo" +#define NID_id_cmc_responseInfo 342 +#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L + +#define SN_id_cmc_queryPending "id-cmc-queryPending" +#define NID_id_cmc_queryPending 343 +#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L + +#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" +#define NID_id_cmc_popLinkRandom 344 +#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L + +#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" +#define NID_id_cmc_popLinkWitness 345 +#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L + +#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" +#define NID_id_cmc_confirmCertAcceptance 346 +#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L + +#define SN_id_on_personalData "id-on-personalData" +#define NID_id_on_personalData 347 +#define OBJ_id_on_personalData OBJ_id_on,1L + +#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" +#define LN_id_on_permanentIdentifier "Permanent Identifier" +#define NID_id_on_permanentIdentifier 858 +#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L + +#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" +#define NID_id_pda_dateOfBirth 348 +#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L + +#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" +#define NID_id_pda_placeOfBirth 349 +#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L + +#define SN_id_pda_gender "id-pda-gender" +#define NID_id_pda_gender 351 +#define OBJ_id_pda_gender OBJ_id_pda,3L + +#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" +#define NID_id_pda_countryOfCitizenship 352 +#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L + +#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" +#define NID_id_pda_countryOfResidence 353 +#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L + +#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" +#define NID_id_aca_authenticationInfo 354 +#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L + +#define SN_id_aca_accessIdentity "id-aca-accessIdentity" +#define NID_id_aca_accessIdentity 355 +#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L + +#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" +#define NID_id_aca_chargingIdentity 356 +#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L + +#define SN_id_aca_group "id-aca-group" +#define NID_id_aca_group 357 +#define OBJ_id_aca_group OBJ_id_aca,4L + +#define SN_id_aca_role "id-aca-role" +#define NID_id_aca_role 358 +#define OBJ_id_aca_role OBJ_id_aca,5L + +#define SN_id_aca_encAttrs "id-aca-encAttrs" +#define NID_id_aca_encAttrs 399 +#define OBJ_id_aca_encAttrs OBJ_id_aca,6L + +#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" +#define NID_id_qcs_pkixQCSyntax_v1 359 +#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L + +#define SN_id_cct_crs "id-cct-crs" +#define NID_id_cct_crs 360 +#define OBJ_id_cct_crs OBJ_id_cct,1L + +#define SN_id_cct_PKIData "id-cct-PKIData" +#define NID_id_cct_PKIData 361 +#define OBJ_id_cct_PKIData OBJ_id_cct,2L + +#define SN_id_cct_PKIResponse "id-cct-PKIResponse" +#define NID_id_cct_PKIResponse 362 +#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L + +#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" +#define LN_id_ppl_anyLanguage "Any language" +#define NID_id_ppl_anyLanguage 664 +#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L + +#define SN_id_ppl_inheritAll "id-ppl-inheritAll" +#define LN_id_ppl_inheritAll "Inherit all" +#define NID_id_ppl_inheritAll 665 +#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L + +#define SN_Independent "id-ppl-independent" +#define LN_Independent "Independent" +#define NID_Independent 667 +#define OBJ_Independent OBJ_id_ppl,2L + +#define SN_ad_OCSP "OCSP" +#define LN_ad_OCSP "OCSP" +#define NID_ad_OCSP 178 +#define OBJ_ad_OCSP OBJ_id_ad,1L + +#define SN_ad_ca_issuers "caIssuers" +#define LN_ad_ca_issuers "CA Issuers" +#define NID_ad_ca_issuers 179 +#define OBJ_ad_ca_issuers OBJ_id_ad,2L + +#define SN_ad_timeStamping "ad_timestamping" +#define LN_ad_timeStamping "AD Time Stamping" +#define NID_ad_timeStamping 363 +#define OBJ_ad_timeStamping OBJ_id_ad,3L + +#define SN_ad_dvcs "AD_DVCS" +#define LN_ad_dvcs "ad dvcs" +#define NID_ad_dvcs 364 +#define OBJ_ad_dvcs OBJ_id_ad,4L + +#define SN_caRepository "caRepository" +#define LN_caRepository "CA Repository" +#define NID_caRepository 785 +#define OBJ_caRepository OBJ_id_ad,5L + +#define OBJ_id_pkix_OCSP OBJ_ad_OCSP + +#define SN_id_pkix_OCSP_basic "basicOCSPResponse" +#define LN_id_pkix_OCSP_basic "Basic OCSP Response" +#define NID_id_pkix_OCSP_basic 365 +#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L + +#define SN_id_pkix_OCSP_Nonce "Nonce" +#define LN_id_pkix_OCSP_Nonce "OCSP Nonce" +#define NID_id_pkix_OCSP_Nonce 366 +#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L + +#define SN_id_pkix_OCSP_CrlID "CrlID" +#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" +#define NID_id_pkix_OCSP_CrlID 367 +#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L + +#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" +#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" +#define NID_id_pkix_OCSP_acceptableResponses 368 +#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L + +#define SN_id_pkix_OCSP_noCheck "noCheck" +#define LN_id_pkix_OCSP_noCheck "OCSP No Check" +#define NID_id_pkix_OCSP_noCheck 369 +#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L + +#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" +#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" +#define NID_id_pkix_OCSP_archiveCutoff 370 +#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L + +#define SN_id_pkix_OCSP_serviceLocator "serviceLocator" +#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" +#define NID_id_pkix_OCSP_serviceLocator 371 +#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L + +#define SN_id_pkix_OCSP_extendedStatus "extendedStatus" +#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" +#define NID_id_pkix_OCSP_extendedStatus 372 +#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L + +#define SN_id_pkix_OCSP_valid "valid" +#define NID_id_pkix_OCSP_valid 373 +#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L + +#define SN_id_pkix_OCSP_path "path" +#define NID_id_pkix_OCSP_path 374 +#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L + +#define SN_id_pkix_OCSP_trustRoot "trustRoot" +#define LN_id_pkix_OCSP_trustRoot "Trust Root" +#define NID_id_pkix_OCSP_trustRoot 375 +#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L + +#define SN_algorithm "algorithm" +#define LN_algorithm "algorithm" +#define NID_algorithm 376 +#define OBJ_algorithm 1L,3L,14L,3L,2L + +#define SN_md5WithRSA "RSA-NP-MD5" +#define LN_md5WithRSA "md5WithRSA" +#define NID_md5WithRSA 104 +#define OBJ_md5WithRSA OBJ_algorithm,3L + +#define SN_des_ecb "DES-ECB" +#define LN_des_ecb "des-ecb" +#define NID_des_ecb 29 +#define OBJ_des_ecb OBJ_algorithm,6L + +#define SN_des_cbc "DES-CBC" +#define LN_des_cbc "des-cbc" +#define NID_des_cbc 31 +#define OBJ_des_cbc OBJ_algorithm,7L + +#define SN_des_ofb64 "DES-OFB" +#define LN_des_ofb64 "des-ofb" +#define NID_des_ofb64 45 +#define OBJ_des_ofb64 OBJ_algorithm,8L + +#define SN_des_cfb64 "DES-CFB" +#define LN_des_cfb64 "des-cfb" +#define NID_des_cfb64 30 +#define OBJ_des_cfb64 OBJ_algorithm,9L + +#define SN_rsaSignature "rsaSignature" +#define NID_rsaSignature 377 +#define OBJ_rsaSignature OBJ_algorithm,11L + +#define SN_dsa_2 "DSA-old" +#define LN_dsa_2 "dsaEncryption-old" +#define NID_dsa_2 67 +#define OBJ_dsa_2 OBJ_algorithm,12L + +#define SN_dsaWithSHA "DSA-SHA" +#define LN_dsaWithSHA "dsaWithSHA" +#define NID_dsaWithSHA 66 +#define OBJ_dsaWithSHA OBJ_algorithm,13L + +#define SN_shaWithRSAEncryption "RSA-SHA" +#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +#define NID_shaWithRSAEncryption 42 +#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L + +#define SN_des_ede_ecb "DES-EDE" +#define LN_des_ede_ecb "des-ede" +#define NID_des_ede_ecb 32 +#define OBJ_des_ede_ecb OBJ_algorithm,17L + +#define SN_des_ede3_ecb "DES-EDE3" +#define LN_des_ede3_ecb "des-ede3" +#define NID_des_ede3_ecb 33 + +#define SN_des_ede_cbc "DES-EDE-CBC" +#define LN_des_ede_cbc "des-ede-cbc" +#define NID_des_ede_cbc 43 + +#define SN_des_ede_cfb64 "DES-EDE-CFB" +#define LN_des_ede_cfb64 "des-ede-cfb" +#define NID_des_ede_cfb64 60 + +#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +#define LN_des_ede3_cfb64 "des-ede3-cfb" +#define NID_des_ede3_cfb64 61 + +#define SN_des_ede_ofb64 "DES-EDE-OFB" +#define LN_des_ede_ofb64 "des-ede-ofb" +#define NID_des_ede_ofb64 62 + +#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +#define LN_des_ede3_ofb64 "des-ede3-ofb" +#define NID_des_ede3_ofb64 63 + +#define SN_desx_cbc "DESX-CBC" +#define LN_desx_cbc "desx-cbc" +#define NID_desx_cbc 80 + +#define SN_sha "SHA" +#define LN_sha "sha" +#define NID_sha 41 +#define OBJ_sha OBJ_algorithm,18L + +#define SN_sha1 "SHA1" +#define LN_sha1 "sha1" +#define NID_sha1 64 +#define OBJ_sha1 OBJ_algorithm,26L + +#define SN_dsaWithSHA1_2 "DSA-SHA1-old" +#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +#define NID_dsaWithSHA1_2 70 +#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L + +#define SN_sha1WithRSA "RSA-SHA1-2" +#define LN_sha1WithRSA "sha1WithRSA" +#define NID_sha1WithRSA 115 +#define OBJ_sha1WithRSA OBJ_algorithm,29L + +#define SN_ripemd160 "RIPEMD160" +#define LN_ripemd160 "ripemd160" +#define NID_ripemd160 117 +#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L + +#define SN_ripemd160WithRSA "RSA-RIPEMD160" +#define LN_ripemd160WithRSA "ripemd160WithRSA" +#define NID_ripemd160WithRSA 119 +#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L + +#define SN_blake2b512 "BLAKE2b512" +#define LN_blake2b512 "blake2b512" +#define NID_blake2b512 1056 +#define OBJ_blake2b512 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L + +#define SN_blake2s256 "BLAKE2s256" +#define LN_blake2s256 "blake2s256" +#define NID_blake2s256 1057 +#define OBJ_blake2s256 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L + +#define SN_sxnet "SXNetID" +#define LN_sxnet "Strong Extranet ID" +#define NID_sxnet 143 +#define OBJ_sxnet 1L,3L,101L,1L,4L,1L + +#define SN_X500 "X500" +#define LN_X500 "directory services (X.500)" +#define NID_X500 11 +#define OBJ_X500 2L,5L + +#define SN_X509 "X509" +#define NID_X509 12 +#define OBJ_X509 OBJ_X500,4L + +#define SN_commonName "CN" +#define LN_commonName "commonName" +#define NID_commonName 13 +#define OBJ_commonName OBJ_X509,3L + +#define SN_surname "SN" +#define LN_surname "surname" +#define NID_surname 100 +#define OBJ_surname OBJ_X509,4L + +#define LN_serialNumber "serialNumber" +#define NID_serialNumber 105 +#define OBJ_serialNumber OBJ_X509,5L + +#define SN_countryName "C" +#define LN_countryName "countryName" +#define NID_countryName 14 +#define OBJ_countryName OBJ_X509,6L + +#define SN_localityName "L" +#define LN_localityName "localityName" +#define NID_localityName 15 +#define OBJ_localityName OBJ_X509,7L + +#define SN_stateOrProvinceName "ST" +#define LN_stateOrProvinceName "stateOrProvinceName" +#define NID_stateOrProvinceName 16 +#define OBJ_stateOrProvinceName OBJ_X509,8L + +#define SN_streetAddress "street" +#define LN_streetAddress "streetAddress" +#define NID_streetAddress 660 +#define OBJ_streetAddress OBJ_X509,9L + +#define SN_organizationName "O" +#define LN_organizationName "organizationName" +#define NID_organizationName 17 +#define OBJ_organizationName OBJ_X509,10L + +#define SN_organizationalUnitName "OU" +#define LN_organizationalUnitName "organizationalUnitName" +#define NID_organizationalUnitName 18 +#define OBJ_organizationalUnitName OBJ_X509,11L + +#define SN_title "title" +#define LN_title "title" +#define NID_title 106 +#define OBJ_title OBJ_X509,12L + +#define LN_description "description" +#define NID_description 107 +#define OBJ_description OBJ_X509,13L + +#define LN_searchGuide "searchGuide" +#define NID_searchGuide 859 +#define OBJ_searchGuide OBJ_X509,14L + +#define LN_businessCategory "businessCategory" +#define NID_businessCategory 860 +#define OBJ_businessCategory OBJ_X509,15L + +#define LN_postalAddress "postalAddress" +#define NID_postalAddress 861 +#define OBJ_postalAddress OBJ_X509,16L + +#define LN_postalCode "postalCode" +#define NID_postalCode 661 +#define OBJ_postalCode OBJ_X509,17L + +#define LN_postOfficeBox "postOfficeBox" +#define NID_postOfficeBox 862 +#define OBJ_postOfficeBox OBJ_X509,18L + +#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +#define NID_physicalDeliveryOfficeName 863 +#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L + +#define LN_telephoneNumber "telephoneNumber" +#define NID_telephoneNumber 864 +#define OBJ_telephoneNumber OBJ_X509,20L + +#define LN_telexNumber "telexNumber" +#define NID_telexNumber 865 +#define OBJ_telexNumber OBJ_X509,21L + +#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +#define NID_teletexTerminalIdentifier 866 +#define OBJ_teletexTerminalIdentifier OBJ_X509,22L + +#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +#define NID_facsimileTelephoneNumber 867 +#define OBJ_facsimileTelephoneNumber OBJ_X509,23L + +#define LN_x121Address "x121Address" +#define NID_x121Address 868 +#define OBJ_x121Address OBJ_X509,24L + +#define LN_internationaliSDNNumber "internationaliSDNNumber" +#define NID_internationaliSDNNumber 869 +#define OBJ_internationaliSDNNumber OBJ_X509,25L + +#define LN_registeredAddress "registeredAddress" +#define NID_registeredAddress 870 +#define OBJ_registeredAddress OBJ_X509,26L + +#define LN_destinationIndicator "destinationIndicator" +#define NID_destinationIndicator 871 +#define OBJ_destinationIndicator OBJ_X509,27L + +#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +#define NID_preferredDeliveryMethod 872 +#define OBJ_preferredDeliveryMethod OBJ_X509,28L + +#define LN_presentationAddress "presentationAddress" +#define NID_presentationAddress 873 +#define OBJ_presentationAddress OBJ_X509,29L + +#define LN_supportedApplicationContext "supportedApplicationContext" +#define NID_supportedApplicationContext 874 +#define OBJ_supportedApplicationContext OBJ_X509,30L + +#define SN_member "member" +#define NID_member 875 +#define OBJ_member OBJ_X509,31L + +#define SN_owner "owner" +#define NID_owner 876 +#define OBJ_owner OBJ_X509,32L + +#define LN_roleOccupant "roleOccupant" +#define NID_roleOccupant 877 +#define OBJ_roleOccupant OBJ_X509,33L + +#define SN_seeAlso "seeAlso" +#define NID_seeAlso 878 +#define OBJ_seeAlso OBJ_X509,34L + +#define LN_userPassword "userPassword" +#define NID_userPassword 879 +#define OBJ_userPassword OBJ_X509,35L + +#define LN_userCertificate "userCertificate" +#define NID_userCertificate 880 +#define OBJ_userCertificate OBJ_X509,36L + +#define LN_cACertificate "cACertificate" +#define NID_cACertificate 881 +#define OBJ_cACertificate OBJ_X509,37L + +#define LN_authorityRevocationList "authorityRevocationList" +#define NID_authorityRevocationList 882 +#define OBJ_authorityRevocationList OBJ_X509,38L + +#define LN_certificateRevocationList "certificateRevocationList" +#define NID_certificateRevocationList 883 +#define OBJ_certificateRevocationList OBJ_X509,39L + +#define LN_crossCertificatePair "crossCertificatePair" +#define NID_crossCertificatePair 884 +#define OBJ_crossCertificatePair OBJ_X509,40L + +#define SN_name "name" +#define LN_name "name" +#define NID_name 173 +#define OBJ_name OBJ_X509,41L + +#define SN_givenName "GN" +#define LN_givenName "givenName" +#define NID_givenName 99 +#define OBJ_givenName OBJ_X509,42L + +#define SN_initials "initials" +#define LN_initials "initials" +#define NID_initials 101 +#define OBJ_initials OBJ_X509,43L + +#define LN_generationQualifier "generationQualifier" +#define NID_generationQualifier 509 +#define OBJ_generationQualifier OBJ_X509,44L + +#define LN_x500UniqueIdentifier "x500UniqueIdentifier" +#define NID_x500UniqueIdentifier 503 +#define OBJ_x500UniqueIdentifier OBJ_X509,45L + +#define SN_dnQualifier "dnQualifier" +#define LN_dnQualifier "dnQualifier" +#define NID_dnQualifier 174 +#define OBJ_dnQualifier OBJ_X509,46L + +#define LN_enhancedSearchGuide "enhancedSearchGuide" +#define NID_enhancedSearchGuide 885 +#define OBJ_enhancedSearchGuide OBJ_X509,47L + +#define LN_protocolInformation "protocolInformation" +#define NID_protocolInformation 886 +#define OBJ_protocolInformation OBJ_X509,48L + +#define LN_distinguishedName "distinguishedName" +#define NID_distinguishedName 887 +#define OBJ_distinguishedName OBJ_X509,49L + +#define LN_uniqueMember "uniqueMember" +#define NID_uniqueMember 888 +#define OBJ_uniqueMember OBJ_X509,50L + +#define LN_houseIdentifier "houseIdentifier" +#define NID_houseIdentifier 889 +#define OBJ_houseIdentifier OBJ_X509,51L + +#define LN_supportedAlgorithms "supportedAlgorithms" +#define NID_supportedAlgorithms 890 +#define OBJ_supportedAlgorithms OBJ_X509,52L + +#define LN_deltaRevocationList "deltaRevocationList" +#define NID_deltaRevocationList 891 +#define OBJ_deltaRevocationList OBJ_X509,53L + +#define SN_dmdName "dmdName" +#define NID_dmdName 892 +#define OBJ_dmdName OBJ_X509,54L + +#define LN_pseudonym "pseudonym" +#define NID_pseudonym 510 +#define OBJ_pseudonym OBJ_X509,65L + +#define SN_role "role" +#define LN_role "role" +#define NID_role 400 +#define OBJ_role OBJ_X509,72L + +#define LN_organizationIdentifier "organizationIdentifier" +#define NID_organizationIdentifier 1089 +#define OBJ_organizationIdentifier OBJ_X509,97L + +#define SN_countryCode3c "c3" +#define LN_countryCode3c "countryCode3c" +#define NID_countryCode3c 1090 +#define OBJ_countryCode3c OBJ_X509,98L + +#define SN_countryCode3n "n3" +#define LN_countryCode3n "countryCode3n" +#define NID_countryCode3n 1091 +#define OBJ_countryCode3n OBJ_X509,99L + +#define LN_dnsName "dnsName" +#define NID_dnsName 1092 +#define OBJ_dnsName OBJ_X509,100L + +#define SN_X500algorithms "X500algorithms" +#define LN_X500algorithms "directory services - algorithms" +#define NID_X500algorithms 378 +#define OBJ_X500algorithms OBJ_X500,8L + +#define SN_rsa "RSA" +#define LN_rsa "rsa" +#define NID_rsa 19 +#define OBJ_rsa OBJ_X500algorithms,1L,1L + +#define SN_mdc2WithRSA "RSA-MDC2" +#define LN_mdc2WithRSA "mdc2WithRSA" +#define NID_mdc2WithRSA 96 +#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L + +#define SN_mdc2 "MDC2" +#define LN_mdc2 "mdc2" +#define NID_mdc2 95 +#define OBJ_mdc2 OBJ_X500algorithms,3L,101L + +#define SN_id_ce "id-ce" +#define NID_id_ce 81 +#define OBJ_id_ce OBJ_X500,29L + +#define SN_subject_directory_attributes "subjectDirectoryAttributes" +#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" +#define NID_subject_directory_attributes 769 +#define OBJ_subject_directory_attributes OBJ_id_ce,9L + +#define SN_subject_key_identifier "subjectKeyIdentifier" +#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +#define NID_subject_key_identifier 82 +#define OBJ_subject_key_identifier OBJ_id_ce,14L + +#define SN_key_usage "keyUsage" +#define LN_key_usage "X509v3 Key Usage" +#define NID_key_usage 83 +#define OBJ_key_usage OBJ_id_ce,15L + +#define SN_private_key_usage_period "privateKeyUsagePeriod" +#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +#define NID_private_key_usage_period 84 +#define OBJ_private_key_usage_period OBJ_id_ce,16L + +#define SN_subject_alt_name "subjectAltName" +#define LN_subject_alt_name "X509v3 Subject Alternative Name" +#define NID_subject_alt_name 85 +#define OBJ_subject_alt_name OBJ_id_ce,17L + +#define SN_issuer_alt_name "issuerAltName" +#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +#define NID_issuer_alt_name 86 +#define OBJ_issuer_alt_name OBJ_id_ce,18L + +#define SN_basic_constraints "basicConstraints" +#define LN_basic_constraints "X509v3 Basic Constraints" +#define NID_basic_constraints 87 +#define OBJ_basic_constraints OBJ_id_ce,19L + +#define SN_crl_number "crlNumber" +#define LN_crl_number "X509v3 CRL Number" +#define NID_crl_number 88 +#define OBJ_crl_number OBJ_id_ce,20L + +#define SN_crl_reason "CRLReason" +#define LN_crl_reason "X509v3 CRL Reason Code" +#define NID_crl_reason 141 +#define OBJ_crl_reason OBJ_id_ce,21L + +#define SN_invalidity_date "invalidityDate" +#define LN_invalidity_date "Invalidity Date" +#define NID_invalidity_date 142 +#define OBJ_invalidity_date OBJ_id_ce,24L + +#define SN_delta_crl "deltaCRL" +#define LN_delta_crl "X509v3 Delta CRL Indicator" +#define NID_delta_crl 140 +#define OBJ_delta_crl OBJ_id_ce,27L + +#define SN_issuing_distribution_point "issuingDistributionPoint" +#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" +#define NID_issuing_distribution_point 770 +#define OBJ_issuing_distribution_point OBJ_id_ce,28L + +#define SN_certificate_issuer "certificateIssuer" +#define LN_certificate_issuer "X509v3 Certificate Issuer" +#define NID_certificate_issuer 771 +#define OBJ_certificate_issuer OBJ_id_ce,29L + +#define SN_name_constraints "nameConstraints" +#define LN_name_constraints "X509v3 Name Constraints" +#define NID_name_constraints 666 +#define OBJ_name_constraints OBJ_id_ce,30L + +#define SN_crl_distribution_points "crlDistributionPoints" +#define LN_crl_distribution_points "X509v3 CRL Distribution Points" +#define NID_crl_distribution_points 103 +#define OBJ_crl_distribution_points OBJ_id_ce,31L + +#define SN_certificate_policies "certificatePolicies" +#define LN_certificate_policies "X509v3 Certificate Policies" +#define NID_certificate_policies 89 +#define OBJ_certificate_policies OBJ_id_ce,32L + +#define SN_any_policy "anyPolicy" +#define LN_any_policy "X509v3 Any Policy" +#define NID_any_policy 746 +#define OBJ_any_policy OBJ_certificate_policies,0L + +#define SN_policy_mappings "policyMappings" +#define LN_policy_mappings "X509v3 Policy Mappings" +#define NID_policy_mappings 747 +#define OBJ_policy_mappings OBJ_id_ce,33L + +#define SN_authority_key_identifier "authorityKeyIdentifier" +#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +#define NID_authority_key_identifier 90 +#define OBJ_authority_key_identifier OBJ_id_ce,35L + +#define SN_policy_constraints "policyConstraints" +#define LN_policy_constraints "X509v3 Policy Constraints" +#define NID_policy_constraints 401 +#define OBJ_policy_constraints OBJ_id_ce,36L + +#define SN_ext_key_usage "extendedKeyUsage" +#define LN_ext_key_usage "X509v3 Extended Key Usage" +#define NID_ext_key_usage 126 +#define OBJ_ext_key_usage OBJ_id_ce,37L + +#define SN_freshest_crl "freshestCRL" +#define LN_freshest_crl "X509v3 Freshest CRL" +#define NID_freshest_crl 857 +#define OBJ_freshest_crl OBJ_id_ce,46L + +#define SN_inhibit_any_policy "inhibitAnyPolicy" +#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" +#define NID_inhibit_any_policy 748 +#define OBJ_inhibit_any_policy OBJ_id_ce,54L + +#define SN_target_information "targetInformation" +#define LN_target_information "X509v3 AC Targeting" +#define NID_target_information 402 +#define OBJ_target_information OBJ_id_ce,55L + +#define SN_no_rev_avail "noRevAvail" +#define LN_no_rev_avail "X509v3 No Revocation Available" +#define NID_no_rev_avail 403 +#define OBJ_no_rev_avail OBJ_id_ce,56L + +#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" +#define LN_anyExtendedKeyUsage "Any Extended Key Usage" +#define NID_anyExtendedKeyUsage 910 +#define OBJ_anyExtendedKeyUsage OBJ_ext_key_usage,0L + +#define SN_netscape "Netscape" +#define LN_netscape "Netscape Communications Corp." +#define NID_netscape 57 +#define OBJ_netscape 2L,16L,840L,1L,113730L + +#define SN_netscape_cert_extension "nsCertExt" +#define LN_netscape_cert_extension "Netscape Certificate Extension" +#define NID_netscape_cert_extension 58 +#define OBJ_netscape_cert_extension OBJ_netscape,1L + +#define SN_netscape_data_type "nsDataType" +#define LN_netscape_data_type "Netscape Data Type" +#define NID_netscape_data_type 59 +#define OBJ_netscape_data_type OBJ_netscape,2L + +#define SN_netscape_cert_type "nsCertType" +#define LN_netscape_cert_type "Netscape Cert Type" +#define NID_netscape_cert_type 71 +#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L + +#define SN_netscape_base_url "nsBaseUrl" +#define LN_netscape_base_url "Netscape Base Url" +#define NID_netscape_base_url 72 +#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L + +#define SN_netscape_revocation_url "nsRevocationUrl" +#define LN_netscape_revocation_url "Netscape Revocation Url" +#define NID_netscape_revocation_url 73 +#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L + +#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +#define NID_netscape_ca_revocation_url 74 +#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L + +#define SN_netscape_renewal_url "nsRenewalUrl" +#define LN_netscape_renewal_url "Netscape Renewal Url" +#define NID_netscape_renewal_url 75 +#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L + +#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +#define NID_netscape_ca_policy_url 76 +#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L + +#define SN_netscape_ssl_server_name "nsSslServerName" +#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +#define NID_netscape_ssl_server_name 77 +#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L + +#define SN_netscape_comment "nsComment" +#define LN_netscape_comment "Netscape Comment" +#define NID_netscape_comment 78 +#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L + +#define SN_netscape_cert_sequence "nsCertSequence" +#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +#define NID_netscape_cert_sequence 79 +#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L + +#define SN_ns_sgc "nsSGC" +#define LN_ns_sgc "Netscape Server Gated Crypto" +#define NID_ns_sgc 139 +#define OBJ_ns_sgc OBJ_netscape,4L,1L + +#define SN_org "ORG" +#define LN_org "org" +#define NID_org 379 +#define OBJ_org OBJ_iso,3L + +#define SN_dod "DOD" +#define LN_dod "dod" +#define NID_dod 380 +#define OBJ_dod OBJ_org,6L + +#define SN_iana "IANA" +#define LN_iana "iana" +#define NID_iana 381 +#define OBJ_iana OBJ_dod,1L + +#define OBJ_internet OBJ_iana + +#define SN_Directory "directory" +#define LN_Directory "Directory" +#define NID_Directory 382 +#define OBJ_Directory OBJ_internet,1L + +#define SN_Management "mgmt" +#define LN_Management "Management" +#define NID_Management 383 +#define OBJ_Management OBJ_internet,2L + +#define SN_Experimental "experimental" +#define LN_Experimental "Experimental" +#define NID_Experimental 384 +#define OBJ_Experimental OBJ_internet,3L + +#define SN_Private "private" +#define LN_Private "Private" +#define NID_Private 385 +#define OBJ_Private OBJ_internet,4L + +#define SN_Security "security" +#define LN_Security "Security" +#define NID_Security 386 +#define OBJ_Security OBJ_internet,5L + +#define SN_SNMPv2 "snmpv2" +#define LN_SNMPv2 "SNMPv2" +#define NID_SNMPv2 387 +#define OBJ_SNMPv2 OBJ_internet,6L + +#define LN_Mail "Mail" +#define NID_Mail 388 +#define OBJ_Mail OBJ_internet,7L + +#define SN_Enterprises "enterprises" +#define LN_Enterprises "Enterprises" +#define NID_Enterprises 389 +#define OBJ_Enterprises OBJ_Private,1L + +#define SN_dcObject "dcobject" +#define LN_dcObject "dcObject" +#define NID_dcObject 390 +#define OBJ_dcObject OBJ_Enterprises,1466L,344L + +#define SN_mime_mhs "mime-mhs" +#define LN_mime_mhs "MIME MHS" +#define NID_mime_mhs 504 +#define OBJ_mime_mhs OBJ_Mail,1L + +#define SN_mime_mhs_headings "mime-mhs-headings" +#define LN_mime_mhs_headings "mime-mhs-headings" +#define NID_mime_mhs_headings 505 +#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L + +#define SN_mime_mhs_bodies "mime-mhs-bodies" +#define LN_mime_mhs_bodies "mime-mhs-bodies" +#define NID_mime_mhs_bodies 506 +#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L + +#define SN_id_hex_partial_message "id-hex-partial-message" +#define LN_id_hex_partial_message "id-hex-partial-message" +#define NID_id_hex_partial_message 507 +#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L + +#define SN_id_hex_multipart_message "id-hex-multipart-message" +#define LN_id_hex_multipart_message "id-hex-multipart-message" +#define NID_id_hex_multipart_message 508 +#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L + +#define SN_zlib_compression "ZLIB" +#define LN_zlib_compression "zlib compression" +#define NID_zlib_compression 125 +#define OBJ_zlib_compression OBJ_id_smime_alg,8L + +#define OBJ_csor 2L,16L,840L,1L,101L,3L + +#define OBJ_nistAlgorithms OBJ_csor,4L + +#define OBJ_aes OBJ_nistAlgorithms,1L + +#define SN_aes_128_ecb "AES-128-ECB" +#define LN_aes_128_ecb "aes-128-ecb" +#define NID_aes_128_ecb 418 +#define OBJ_aes_128_ecb OBJ_aes,1L + +#define SN_aes_128_cbc "AES-128-CBC" +#define LN_aes_128_cbc "aes-128-cbc" +#define NID_aes_128_cbc 419 +#define OBJ_aes_128_cbc OBJ_aes,2L + +#define SN_aes_128_ofb128 "AES-128-OFB" +#define LN_aes_128_ofb128 "aes-128-ofb" +#define NID_aes_128_ofb128 420 +#define OBJ_aes_128_ofb128 OBJ_aes,3L + +#define SN_aes_128_cfb128 "AES-128-CFB" +#define LN_aes_128_cfb128 "aes-128-cfb" +#define NID_aes_128_cfb128 421 +#define OBJ_aes_128_cfb128 OBJ_aes,4L + +#define SN_id_aes128_wrap "id-aes128-wrap" +#define NID_id_aes128_wrap 788 +#define OBJ_id_aes128_wrap OBJ_aes,5L + +#define SN_aes_128_gcm "id-aes128-GCM" +#define LN_aes_128_gcm "aes-128-gcm" +#define NID_aes_128_gcm 895 +#define OBJ_aes_128_gcm OBJ_aes,6L + +#define SN_aes_128_ccm "id-aes128-CCM" +#define LN_aes_128_ccm "aes-128-ccm" +#define NID_aes_128_ccm 896 +#define OBJ_aes_128_ccm OBJ_aes,7L + +#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" +#define NID_id_aes128_wrap_pad 897 +#define OBJ_id_aes128_wrap_pad OBJ_aes,8L + +#define SN_aes_192_ecb "AES-192-ECB" +#define LN_aes_192_ecb "aes-192-ecb" +#define NID_aes_192_ecb 422 +#define OBJ_aes_192_ecb OBJ_aes,21L + +#define SN_aes_192_cbc "AES-192-CBC" +#define LN_aes_192_cbc "aes-192-cbc" +#define NID_aes_192_cbc 423 +#define OBJ_aes_192_cbc OBJ_aes,22L + +#define SN_aes_192_ofb128 "AES-192-OFB" +#define LN_aes_192_ofb128 "aes-192-ofb" +#define NID_aes_192_ofb128 424 +#define OBJ_aes_192_ofb128 OBJ_aes,23L + +#define SN_aes_192_cfb128 "AES-192-CFB" +#define LN_aes_192_cfb128 "aes-192-cfb" +#define NID_aes_192_cfb128 425 +#define OBJ_aes_192_cfb128 OBJ_aes,24L + +#define SN_id_aes192_wrap "id-aes192-wrap" +#define NID_id_aes192_wrap 789 +#define OBJ_id_aes192_wrap OBJ_aes,25L + +#define SN_aes_192_gcm "id-aes192-GCM" +#define LN_aes_192_gcm "aes-192-gcm" +#define NID_aes_192_gcm 898 +#define OBJ_aes_192_gcm OBJ_aes,26L + +#define SN_aes_192_ccm "id-aes192-CCM" +#define LN_aes_192_ccm "aes-192-ccm" +#define NID_aes_192_ccm 899 +#define OBJ_aes_192_ccm OBJ_aes,27L + +#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" +#define NID_id_aes192_wrap_pad 900 +#define OBJ_id_aes192_wrap_pad OBJ_aes,28L + +#define SN_aes_256_ecb "AES-256-ECB" +#define LN_aes_256_ecb "aes-256-ecb" +#define NID_aes_256_ecb 426 +#define OBJ_aes_256_ecb OBJ_aes,41L + +#define SN_aes_256_cbc "AES-256-CBC" +#define LN_aes_256_cbc "aes-256-cbc" +#define NID_aes_256_cbc 427 +#define OBJ_aes_256_cbc OBJ_aes,42L + +#define SN_aes_256_ofb128 "AES-256-OFB" +#define LN_aes_256_ofb128 "aes-256-ofb" +#define NID_aes_256_ofb128 428 +#define OBJ_aes_256_ofb128 OBJ_aes,43L + +#define SN_aes_256_cfb128 "AES-256-CFB" +#define LN_aes_256_cfb128 "aes-256-cfb" +#define NID_aes_256_cfb128 429 +#define OBJ_aes_256_cfb128 OBJ_aes,44L + +#define SN_id_aes256_wrap "id-aes256-wrap" +#define NID_id_aes256_wrap 790 +#define OBJ_id_aes256_wrap OBJ_aes,45L + +#define SN_aes_256_gcm "id-aes256-GCM" +#define LN_aes_256_gcm "aes-256-gcm" +#define NID_aes_256_gcm 901 +#define OBJ_aes_256_gcm OBJ_aes,46L + +#define SN_aes_256_ccm "id-aes256-CCM" +#define LN_aes_256_ccm "aes-256-ccm" +#define NID_aes_256_ccm 902 +#define OBJ_aes_256_ccm OBJ_aes,47L + +#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" +#define NID_id_aes256_wrap_pad 903 +#define OBJ_id_aes256_wrap_pad OBJ_aes,48L + +#define SN_aes_128_xts "AES-128-XTS" +#define LN_aes_128_xts "aes-128-xts" +#define NID_aes_128_xts 913 +#define OBJ_aes_128_xts OBJ_ieee_siswg,0L,1L,1L + +#define SN_aes_256_xts "AES-256-XTS" +#define LN_aes_256_xts "aes-256-xts" +#define NID_aes_256_xts 914 +#define OBJ_aes_256_xts OBJ_ieee_siswg,0L,1L,2L + +#define SN_aes_128_cfb1 "AES-128-CFB1" +#define LN_aes_128_cfb1 "aes-128-cfb1" +#define NID_aes_128_cfb1 650 + +#define SN_aes_192_cfb1 "AES-192-CFB1" +#define LN_aes_192_cfb1 "aes-192-cfb1" +#define NID_aes_192_cfb1 651 + +#define SN_aes_256_cfb1 "AES-256-CFB1" +#define LN_aes_256_cfb1 "aes-256-cfb1" +#define NID_aes_256_cfb1 652 + +#define SN_aes_128_cfb8 "AES-128-CFB8" +#define LN_aes_128_cfb8 "aes-128-cfb8" +#define NID_aes_128_cfb8 653 + +#define SN_aes_192_cfb8 "AES-192-CFB8" +#define LN_aes_192_cfb8 "aes-192-cfb8" +#define NID_aes_192_cfb8 654 + +#define SN_aes_256_cfb8 "AES-256-CFB8" +#define LN_aes_256_cfb8 "aes-256-cfb8" +#define NID_aes_256_cfb8 655 + +#define SN_aes_128_ctr "AES-128-CTR" +#define LN_aes_128_ctr "aes-128-ctr" +#define NID_aes_128_ctr 904 + +#define SN_aes_192_ctr "AES-192-CTR" +#define LN_aes_192_ctr "aes-192-ctr" +#define NID_aes_192_ctr 905 + +#define SN_aes_256_ctr "AES-256-CTR" +#define LN_aes_256_ctr "aes-256-ctr" +#define NID_aes_256_ctr 906 + +#define SN_aes_128_ocb "AES-128-OCB" +#define LN_aes_128_ocb "aes-128-ocb" +#define NID_aes_128_ocb 958 + +#define SN_aes_192_ocb "AES-192-OCB" +#define LN_aes_192_ocb "aes-192-ocb" +#define NID_aes_192_ocb 959 + +#define SN_aes_256_ocb "AES-256-OCB" +#define LN_aes_256_ocb "aes-256-ocb" +#define NID_aes_256_ocb 960 + +#define SN_des_cfb1 "DES-CFB1" +#define LN_des_cfb1 "des-cfb1" +#define NID_des_cfb1 656 + +#define SN_des_cfb8 "DES-CFB8" +#define LN_des_cfb8 "des-cfb8" +#define NID_des_cfb8 657 + +#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" +#define LN_des_ede3_cfb1 "des-ede3-cfb1" +#define NID_des_ede3_cfb1 658 + +#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" +#define LN_des_ede3_cfb8 "des-ede3-cfb8" +#define NID_des_ede3_cfb8 659 + +#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L + +#define SN_sha256 "SHA256" +#define LN_sha256 "sha256" +#define NID_sha256 672 +#define OBJ_sha256 OBJ_nist_hashalgs,1L + +#define SN_sha384 "SHA384" +#define LN_sha384 "sha384" +#define NID_sha384 673 +#define OBJ_sha384 OBJ_nist_hashalgs,2L + +#define SN_sha512 "SHA512" +#define LN_sha512 "sha512" +#define NID_sha512 674 +#define OBJ_sha512 OBJ_nist_hashalgs,3L + +#define SN_sha224 "SHA224" +#define LN_sha224 "sha224" +#define NID_sha224 675 +#define OBJ_sha224 OBJ_nist_hashalgs,4L + +#define SN_sha512_224 "SHA512-224" +#define LN_sha512_224 "sha512-224" +#define NID_sha512_224 1094 +#define OBJ_sha512_224 OBJ_nist_hashalgs,5L + +#define SN_sha512_256 "SHA512-256" +#define LN_sha512_256 "sha512-256" +#define NID_sha512_256 1095 +#define OBJ_sha512_256 OBJ_nist_hashalgs,6L + +#define SN_sha3_224 "SHA3-224" +#define LN_sha3_224 "sha3-224" +#define NID_sha3_224 1096 +#define OBJ_sha3_224 OBJ_nist_hashalgs,7L + +#define SN_sha3_256 "SHA3-256" +#define LN_sha3_256 "sha3-256" +#define NID_sha3_256 1097 +#define OBJ_sha3_256 OBJ_nist_hashalgs,8L + +#define SN_sha3_384 "SHA3-384" +#define LN_sha3_384 "sha3-384" +#define NID_sha3_384 1098 +#define OBJ_sha3_384 OBJ_nist_hashalgs,9L + +#define SN_sha3_512 "SHA3-512" +#define LN_sha3_512 "sha3-512" +#define NID_sha3_512 1099 +#define OBJ_sha3_512 OBJ_nist_hashalgs,10L + +#define SN_shake128 "SHAKE128" +#define LN_shake128 "shake128" +#define NID_shake128 1100 +#define OBJ_shake128 OBJ_nist_hashalgs,11L + +#define SN_shake256 "SHAKE256" +#define LN_shake256 "shake256" +#define NID_shake256 1101 +#define OBJ_shake256 OBJ_nist_hashalgs,12L + +#define SN_hmac_sha3_224 "id-hmacWithSHA3-224" +#define LN_hmac_sha3_224 "hmac-sha3-224" +#define NID_hmac_sha3_224 1102 +#define OBJ_hmac_sha3_224 OBJ_nist_hashalgs,13L + +#define SN_hmac_sha3_256 "id-hmacWithSHA3-256" +#define LN_hmac_sha3_256 "hmac-sha3-256" +#define NID_hmac_sha3_256 1103 +#define OBJ_hmac_sha3_256 OBJ_nist_hashalgs,14L + +#define SN_hmac_sha3_384 "id-hmacWithSHA3-384" +#define LN_hmac_sha3_384 "hmac-sha3-384" +#define NID_hmac_sha3_384 1104 +#define OBJ_hmac_sha3_384 OBJ_nist_hashalgs,15L + +#define SN_hmac_sha3_512 "id-hmacWithSHA3-512" +#define LN_hmac_sha3_512 "hmac-sha3-512" +#define NID_hmac_sha3_512 1105 +#define OBJ_hmac_sha3_512 OBJ_nist_hashalgs,16L + +#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA224 "dsa_with_SHA224" +#define NID_dsa_with_SHA224 802 +#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L + +#define SN_dsa_with_SHA256 "dsa_with_SHA256" +#define NID_dsa_with_SHA256 803 +#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L + +#define OBJ_sigAlgs OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA384 "id-dsa-with-sha384" +#define LN_dsa_with_SHA384 "dsa_with_SHA384" +#define NID_dsa_with_SHA384 1106 +#define OBJ_dsa_with_SHA384 OBJ_sigAlgs,3L + +#define SN_dsa_with_SHA512 "id-dsa-with-sha512" +#define LN_dsa_with_SHA512 "dsa_with_SHA512" +#define NID_dsa_with_SHA512 1107 +#define OBJ_dsa_with_SHA512 OBJ_sigAlgs,4L + +#define SN_dsa_with_SHA3_224 "id-dsa-with-sha3-224" +#define LN_dsa_with_SHA3_224 "dsa_with_SHA3-224" +#define NID_dsa_with_SHA3_224 1108 +#define OBJ_dsa_with_SHA3_224 OBJ_sigAlgs,5L + +#define SN_dsa_with_SHA3_256 "id-dsa-with-sha3-256" +#define LN_dsa_with_SHA3_256 "dsa_with_SHA3-256" +#define NID_dsa_with_SHA3_256 1109 +#define OBJ_dsa_with_SHA3_256 OBJ_sigAlgs,6L + +#define SN_dsa_with_SHA3_384 "id-dsa-with-sha3-384" +#define LN_dsa_with_SHA3_384 "dsa_with_SHA3-384" +#define NID_dsa_with_SHA3_384 1110 +#define OBJ_dsa_with_SHA3_384 OBJ_sigAlgs,7L + +#define SN_dsa_with_SHA3_512 "id-dsa-with-sha3-512" +#define LN_dsa_with_SHA3_512 "dsa_with_SHA3-512" +#define NID_dsa_with_SHA3_512 1111 +#define OBJ_dsa_with_SHA3_512 OBJ_sigAlgs,8L + +#define SN_ecdsa_with_SHA3_224 "id-ecdsa-with-sha3-224" +#define LN_ecdsa_with_SHA3_224 "ecdsa_with_SHA3-224" +#define NID_ecdsa_with_SHA3_224 1112 +#define OBJ_ecdsa_with_SHA3_224 OBJ_sigAlgs,9L + +#define SN_ecdsa_with_SHA3_256 "id-ecdsa-with-sha3-256" +#define LN_ecdsa_with_SHA3_256 "ecdsa_with_SHA3-256" +#define NID_ecdsa_with_SHA3_256 1113 +#define OBJ_ecdsa_with_SHA3_256 OBJ_sigAlgs,10L + +#define SN_ecdsa_with_SHA3_384 "id-ecdsa-with-sha3-384" +#define LN_ecdsa_with_SHA3_384 "ecdsa_with_SHA3-384" +#define NID_ecdsa_with_SHA3_384 1114 +#define OBJ_ecdsa_with_SHA3_384 OBJ_sigAlgs,11L + +#define SN_ecdsa_with_SHA3_512 "id-ecdsa-with-sha3-512" +#define LN_ecdsa_with_SHA3_512 "ecdsa_with_SHA3-512" +#define NID_ecdsa_with_SHA3_512 1115 +#define OBJ_ecdsa_with_SHA3_512 OBJ_sigAlgs,12L + +#define SN_RSA_SHA3_224 "id-rsassa-pkcs1-v1_5-with-sha3-224" +#define LN_RSA_SHA3_224 "RSA-SHA3-224" +#define NID_RSA_SHA3_224 1116 +#define OBJ_RSA_SHA3_224 OBJ_sigAlgs,13L + +#define SN_RSA_SHA3_256 "id-rsassa-pkcs1-v1_5-with-sha3-256" +#define LN_RSA_SHA3_256 "RSA-SHA3-256" +#define NID_RSA_SHA3_256 1117 +#define OBJ_RSA_SHA3_256 OBJ_sigAlgs,14L + +#define SN_RSA_SHA3_384 "id-rsassa-pkcs1-v1_5-with-sha3-384" +#define LN_RSA_SHA3_384 "RSA-SHA3-384" +#define NID_RSA_SHA3_384 1118 +#define OBJ_RSA_SHA3_384 OBJ_sigAlgs,15L + +#define SN_RSA_SHA3_512 "id-rsassa-pkcs1-v1_5-with-sha3-512" +#define LN_RSA_SHA3_512 "RSA-SHA3-512" +#define NID_RSA_SHA3_512 1119 +#define OBJ_RSA_SHA3_512 OBJ_sigAlgs,16L + +#define SN_hold_instruction_code "holdInstructionCode" +#define LN_hold_instruction_code "Hold Instruction Code" +#define NID_hold_instruction_code 430 +#define OBJ_hold_instruction_code OBJ_id_ce,23L + +#define OBJ_holdInstruction OBJ_X9_57,2L + +#define SN_hold_instruction_none "holdInstructionNone" +#define LN_hold_instruction_none "Hold Instruction None" +#define NID_hold_instruction_none 431 +#define OBJ_hold_instruction_none OBJ_holdInstruction,1L + +#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" +#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" +#define NID_hold_instruction_call_issuer 432 +#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L + +#define SN_hold_instruction_reject "holdInstructionReject" +#define LN_hold_instruction_reject "Hold Instruction Reject" +#define NID_hold_instruction_reject 433 +#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L + +#define SN_data "data" +#define NID_data 434 +#define OBJ_data OBJ_itu_t,9L + +#define SN_pss "pss" +#define NID_pss 435 +#define OBJ_pss OBJ_data,2342L + +#define SN_ucl "ucl" +#define NID_ucl 436 +#define OBJ_ucl OBJ_pss,19200300L + +#define SN_pilot "pilot" +#define NID_pilot 437 +#define OBJ_pilot OBJ_ucl,100L + +#define LN_pilotAttributeType "pilotAttributeType" +#define NID_pilotAttributeType 438 +#define OBJ_pilotAttributeType OBJ_pilot,1L + +#define LN_pilotAttributeSyntax "pilotAttributeSyntax" +#define NID_pilotAttributeSyntax 439 +#define OBJ_pilotAttributeSyntax OBJ_pilot,3L + +#define LN_pilotObjectClass "pilotObjectClass" +#define NID_pilotObjectClass 440 +#define OBJ_pilotObjectClass OBJ_pilot,4L + +#define LN_pilotGroups "pilotGroups" +#define NID_pilotGroups 441 +#define OBJ_pilotGroups OBJ_pilot,10L + +#define LN_iA5StringSyntax "iA5StringSyntax" +#define NID_iA5StringSyntax 442 +#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L + +#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" +#define NID_caseIgnoreIA5StringSyntax 443 +#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L + +#define LN_pilotObject "pilotObject" +#define NID_pilotObject 444 +#define OBJ_pilotObject OBJ_pilotObjectClass,3L + +#define LN_pilotPerson "pilotPerson" +#define NID_pilotPerson 445 +#define OBJ_pilotPerson OBJ_pilotObjectClass,4L + +#define SN_account "account" +#define NID_account 446 +#define OBJ_account OBJ_pilotObjectClass,5L + +#define SN_document "document" +#define NID_document 447 +#define OBJ_document OBJ_pilotObjectClass,6L + +#define SN_room "room" +#define NID_room 448 +#define OBJ_room OBJ_pilotObjectClass,7L + +#define LN_documentSeries "documentSeries" +#define NID_documentSeries 449 +#define OBJ_documentSeries OBJ_pilotObjectClass,9L + +#define SN_Domain "domain" +#define LN_Domain "Domain" +#define NID_Domain 392 +#define OBJ_Domain OBJ_pilotObjectClass,13L + +#define LN_rFC822localPart "rFC822localPart" +#define NID_rFC822localPart 450 +#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L + +#define LN_dNSDomain "dNSDomain" +#define NID_dNSDomain 451 +#define OBJ_dNSDomain OBJ_pilotObjectClass,15L + +#define LN_domainRelatedObject "domainRelatedObject" +#define NID_domainRelatedObject 452 +#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L + +#define LN_friendlyCountry "friendlyCountry" +#define NID_friendlyCountry 453 +#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L + +#define LN_simpleSecurityObject "simpleSecurityObject" +#define NID_simpleSecurityObject 454 +#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L + +#define LN_pilotOrganization "pilotOrganization" +#define NID_pilotOrganization 455 +#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L + +#define LN_pilotDSA "pilotDSA" +#define NID_pilotDSA 456 +#define OBJ_pilotDSA OBJ_pilotObjectClass,21L + +#define LN_qualityLabelledData "qualityLabelledData" +#define NID_qualityLabelledData 457 +#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L + +#define SN_userId "UID" +#define LN_userId "userId" +#define NID_userId 458 +#define OBJ_userId OBJ_pilotAttributeType,1L + +#define LN_textEncodedORAddress "textEncodedORAddress" +#define NID_textEncodedORAddress 459 +#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L + +#define SN_rfc822Mailbox "mail" +#define LN_rfc822Mailbox "rfc822Mailbox" +#define NID_rfc822Mailbox 460 +#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L + +#define SN_info "info" +#define NID_info 461 +#define OBJ_info OBJ_pilotAttributeType,4L + +#define LN_favouriteDrink "favouriteDrink" +#define NID_favouriteDrink 462 +#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L + +#define LN_roomNumber "roomNumber" +#define NID_roomNumber 463 +#define OBJ_roomNumber OBJ_pilotAttributeType,6L + +#define SN_photo "photo" +#define NID_photo 464 +#define OBJ_photo OBJ_pilotAttributeType,7L + +#define LN_userClass "userClass" +#define NID_userClass 465 +#define OBJ_userClass OBJ_pilotAttributeType,8L + +#define SN_host "host" +#define NID_host 466 +#define OBJ_host OBJ_pilotAttributeType,9L + +#define SN_manager "manager" +#define NID_manager 467 +#define OBJ_manager OBJ_pilotAttributeType,10L + +#define LN_documentIdentifier "documentIdentifier" +#define NID_documentIdentifier 468 +#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L + +#define LN_documentTitle "documentTitle" +#define NID_documentTitle 469 +#define OBJ_documentTitle OBJ_pilotAttributeType,12L + +#define LN_documentVersion "documentVersion" +#define NID_documentVersion 470 +#define OBJ_documentVersion OBJ_pilotAttributeType,13L + +#define LN_documentAuthor "documentAuthor" +#define NID_documentAuthor 471 +#define OBJ_documentAuthor OBJ_pilotAttributeType,14L + +#define LN_documentLocation "documentLocation" +#define NID_documentLocation 472 +#define OBJ_documentLocation OBJ_pilotAttributeType,15L + +#define LN_homeTelephoneNumber "homeTelephoneNumber" +#define NID_homeTelephoneNumber 473 +#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L + +#define SN_secretary "secretary" +#define NID_secretary 474 +#define OBJ_secretary OBJ_pilotAttributeType,21L + +#define LN_otherMailbox "otherMailbox" +#define NID_otherMailbox 475 +#define OBJ_otherMailbox OBJ_pilotAttributeType,22L + +#define LN_lastModifiedTime "lastModifiedTime" +#define NID_lastModifiedTime 476 +#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L + +#define LN_lastModifiedBy "lastModifiedBy" +#define NID_lastModifiedBy 477 +#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L + +#define SN_domainComponent "DC" +#define LN_domainComponent "domainComponent" +#define NID_domainComponent 391 +#define OBJ_domainComponent OBJ_pilotAttributeType,25L + +#define LN_aRecord "aRecord" +#define NID_aRecord 478 +#define OBJ_aRecord OBJ_pilotAttributeType,26L + +#define LN_pilotAttributeType27 "pilotAttributeType27" +#define NID_pilotAttributeType27 479 +#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L + +#define LN_mXRecord "mXRecord" +#define NID_mXRecord 480 +#define OBJ_mXRecord OBJ_pilotAttributeType,28L + +#define LN_nSRecord "nSRecord" +#define NID_nSRecord 481 +#define OBJ_nSRecord OBJ_pilotAttributeType,29L + +#define LN_sOARecord "sOARecord" +#define NID_sOARecord 482 +#define OBJ_sOARecord OBJ_pilotAttributeType,30L + +#define LN_cNAMERecord "cNAMERecord" +#define NID_cNAMERecord 483 +#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L + +#define LN_associatedDomain "associatedDomain" +#define NID_associatedDomain 484 +#define OBJ_associatedDomain OBJ_pilotAttributeType,37L + +#define LN_associatedName "associatedName" +#define NID_associatedName 485 +#define OBJ_associatedName OBJ_pilotAttributeType,38L + +#define LN_homePostalAddress "homePostalAddress" +#define NID_homePostalAddress 486 +#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L + +#define LN_personalTitle "personalTitle" +#define NID_personalTitle 487 +#define OBJ_personalTitle OBJ_pilotAttributeType,40L + +#define LN_mobileTelephoneNumber "mobileTelephoneNumber" +#define NID_mobileTelephoneNumber 488 +#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L + +#define LN_pagerTelephoneNumber "pagerTelephoneNumber" +#define NID_pagerTelephoneNumber 489 +#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L + +#define LN_friendlyCountryName "friendlyCountryName" +#define NID_friendlyCountryName 490 +#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L + +#define SN_uniqueIdentifier "uid" +#define LN_uniqueIdentifier "uniqueIdentifier" +#define NID_uniqueIdentifier 102 +#define OBJ_uniqueIdentifier OBJ_pilotAttributeType,44L + +#define LN_organizationalStatus "organizationalStatus" +#define NID_organizationalStatus 491 +#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L + +#define LN_janetMailbox "janetMailbox" +#define NID_janetMailbox 492 +#define OBJ_janetMailbox OBJ_pilotAttributeType,46L + +#define LN_mailPreferenceOption "mailPreferenceOption" +#define NID_mailPreferenceOption 493 +#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L + +#define LN_buildingName "buildingName" +#define NID_buildingName 494 +#define OBJ_buildingName OBJ_pilotAttributeType,48L + +#define LN_dSAQuality "dSAQuality" +#define NID_dSAQuality 495 +#define OBJ_dSAQuality OBJ_pilotAttributeType,49L + +#define LN_singleLevelQuality "singleLevelQuality" +#define NID_singleLevelQuality 496 +#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L + +#define LN_subtreeMinimumQuality "subtreeMinimumQuality" +#define NID_subtreeMinimumQuality 497 +#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L + +#define LN_subtreeMaximumQuality "subtreeMaximumQuality" +#define NID_subtreeMaximumQuality 498 +#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L + +#define LN_personalSignature "personalSignature" +#define NID_personalSignature 499 +#define OBJ_personalSignature OBJ_pilotAttributeType,53L + +#define LN_dITRedirect "dITRedirect" +#define NID_dITRedirect 500 +#define OBJ_dITRedirect OBJ_pilotAttributeType,54L + +#define SN_audio "audio" +#define NID_audio 501 +#define OBJ_audio OBJ_pilotAttributeType,55L + +#define LN_documentPublisher "documentPublisher" +#define NID_documentPublisher 502 +#define OBJ_documentPublisher OBJ_pilotAttributeType,56L + +#define SN_id_set "id-set" +#define LN_id_set "Secure Electronic Transactions" +#define NID_id_set 512 +#define OBJ_id_set OBJ_international_organizations,42L + +#define SN_set_ctype "set-ctype" +#define LN_set_ctype "content types" +#define NID_set_ctype 513 +#define OBJ_set_ctype OBJ_id_set,0L + +#define SN_set_msgExt "set-msgExt" +#define LN_set_msgExt "message extensions" +#define NID_set_msgExt 514 +#define OBJ_set_msgExt OBJ_id_set,1L + +#define SN_set_attr "set-attr" +#define NID_set_attr 515 +#define OBJ_set_attr OBJ_id_set,3L + +#define SN_set_policy "set-policy" +#define NID_set_policy 516 +#define OBJ_set_policy OBJ_id_set,5L + +#define SN_set_certExt "set-certExt" +#define LN_set_certExt "certificate extensions" +#define NID_set_certExt 517 +#define OBJ_set_certExt OBJ_id_set,7L + +#define SN_set_brand "set-brand" +#define NID_set_brand 518 +#define OBJ_set_brand OBJ_id_set,8L + +#define SN_setct_PANData "setct-PANData" +#define NID_setct_PANData 519 +#define OBJ_setct_PANData OBJ_set_ctype,0L + +#define SN_setct_PANToken "setct-PANToken" +#define NID_setct_PANToken 520 +#define OBJ_setct_PANToken OBJ_set_ctype,1L + +#define SN_setct_PANOnly "setct-PANOnly" +#define NID_setct_PANOnly 521 +#define OBJ_setct_PANOnly OBJ_set_ctype,2L + +#define SN_setct_OIData "setct-OIData" +#define NID_setct_OIData 522 +#define OBJ_setct_OIData OBJ_set_ctype,3L + +#define SN_setct_PI "setct-PI" +#define NID_setct_PI 523 +#define OBJ_setct_PI OBJ_set_ctype,4L + +#define SN_setct_PIData "setct-PIData" +#define NID_setct_PIData 524 +#define OBJ_setct_PIData OBJ_set_ctype,5L + +#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" +#define NID_setct_PIDataUnsigned 525 +#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L + +#define SN_setct_HODInput "setct-HODInput" +#define NID_setct_HODInput 526 +#define OBJ_setct_HODInput OBJ_set_ctype,7L + +#define SN_setct_AuthResBaggage "setct-AuthResBaggage" +#define NID_setct_AuthResBaggage 527 +#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L + +#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" +#define NID_setct_AuthRevReqBaggage 528 +#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L + +#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" +#define NID_setct_AuthRevResBaggage 529 +#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L + +#define SN_setct_CapTokenSeq "setct-CapTokenSeq" +#define NID_setct_CapTokenSeq 530 +#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L + +#define SN_setct_PInitResData "setct-PInitResData" +#define NID_setct_PInitResData 531 +#define OBJ_setct_PInitResData OBJ_set_ctype,12L + +#define SN_setct_PI_TBS "setct-PI-TBS" +#define NID_setct_PI_TBS 532 +#define OBJ_setct_PI_TBS OBJ_set_ctype,13L + +#define SN_setct_PResData "setct-PResData" +#define NID_setct_PResData 533 +#define OBJ_setct_PResData OBJ_set_ctype,14L + +#define SN_setct_AuthReqTBS "setct-AuthReqTBS" +#define NID_setct_AuthReqTBS 534 +#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L + +#define SN_setct_AuthResTBS "setct-AuthResTBS" +#define NID_setct_AuthResTBS 535 +#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L + +#define SN_setct_AuthResTBSX "setct-AuthResTBSX" +#define NID_setct_AuthResTBSX 536 +#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L + +#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" +#define NID_setct_AuthTokenTBS 537 +#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L + +#define SN_setct_CapTokenData "setct-CapTokenData" +#define NID_setct_CapTokenData 538 +#define OBJ_setct_CapTokenData OBJ_set_ctype,20L + +#define SN_setct_CapTokenTBS "setct-CapTokenTBS" +#define NID_setct_CapTokenTBS 539 +#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L + +#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" +#define NID_setct_AcqCardCodeMsg 540 +#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L + +#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" +#define NID_setct_AuthRevReqTBS 541 +#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L + +#define SN_setct_AuthRevResData "setct-AuthRevResData" +#define NID_setct_AuthRevResData 542 +#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L + +#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" +#define NID_setct_AuthRevResTBS 543 +#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L + +#define SN_setct_CapReqTBS "setct-CapReqTBS" +#define NID_setct_CapReqTBS 544 +#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L + +#define SN_setct_CapReqTBSX "setct-CapReqTBSX" +#define NID_setct_CapReqTBSX 545 +#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L + +#define SN_setct_CapResData "setct-CapResData" +#define NID_setct_CapResData 546 +#define OBJ_setct_CapResData OBJ_set_ctype,28L + +#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" +#define NID_setct_CapRevReqTBS 547 +#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L + +#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" +#define NID_setct_CapRevReqTBSX 548 +#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L + +#define SN_setct_CapRevResData "setct-CapRevResData" +#define NID_setct_CapRevResData 549 +#define OBJ_setct_CapRevResData OBJ_set_ctype,31L + +#define SN_setct_CredReqTBS "setct-CredReqTBS" +#define NID_setct_CredReqTBS 550 +#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L + +#define SN_setct_CredReqTBSX "setct-CredReqTBSX" +#define NID_setct_CredReqTBSX 551 +#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L + +#define SN_setct_CredResData "setct-CredResData" +#define NID_setct_CredResData 552 +#define OBJ_setct_CredResData OBJ_set_ctype,34L + +#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" +#define NID_setct_CredRevReqTBS 553 +#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L + +#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" +#define NID_setct_CredRevReqTBSX 554 +#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L + +#define SN_setct_CredRevResData "setct-CredRevResData" +#define NID_setct_CredRevResData 555 +#define OBJ_setct_CredRevResData OBJ_set_ctype,37L + +#define SN_setct_PCertReqData "setct-PCertReqData" +#define NID_setct_PCertReqData 556 +#define OBJ_setct_PCertReqData OBJ_set_ctype,38L + +#define SN_setct_PCertResTBS "setct-PCertResTBS" +#define NID_setct_PCertResTBS 557 +#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L + +#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" +#define NID_setct_BatchAdminReqData 558 +#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L + +#define SN_setct_BatchAdminResData "setct-BatchAdminResData" +#define NID_setct_BatchAdminResData 559 +#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L + +#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" +#define NID_setct_CardCInitResTBS 560 +#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L + +#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" +#define NID_setct_MeAqCInitResTBS 561 +#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L + +#define SN_setct_RegFormResTBS "setct-RegFormResTBS" +#define NID_setct_RegFormResTBS 562 +#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L + +#define SN_setct_CertReqData "setct-CertReqData" +#define NID_setct_CertReqData 563 +#define OBJ_setct_CertReqData OBJ_set_ctype,45L + +#define SN_setct_CertReqTBS "setct-CertReqTBS" +#define NID_setct_CertReqTBS 564 +#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L + +#define SN_setct_CertResData "setct-CertResData" +#define NID_setct_CertResData 565 +#define OBJ_setct_CertResData OBJ_set_ctype,47L + +#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" +#define NID_setct_CertInqReqTBS 566 +#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L + +#define SN_setct_ErrorTBS "setct-ErrorTBS" +#define NID_setct_ErrorTBS 567 +#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L + +#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" +#define NID_setct_PIDualSignedTBE 568 +#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L + +#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" +#define NID_setct_PIUnsignedTBE 569 +#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L + +#define SN_setct_AuthReqTBE "setct-AuthReqTBE" +#define NID_setct_AuthReqTBE 570 +#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L + +#define SN_setct_AuthResTBE "setct-AuthResTBE" +#define NID_setct_AuthResTBE 571 +#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L + +#define SN_setct_AuthResTBEX "setct-AuthResTBEX" +#define NID_setct_AuthResTBEX 572 +#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L + +#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" +#define NID_setct_AuthTokenTBE 573 +#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L + +#define SN_setct_CapTokenTBE "setct-CapTokenTBE" +#define NID_setct_CapTokenTBE 574 +#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L + +#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" +#define NID_setct_CapTokenTBEX 575 +#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L + +#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" +#define NID_setct_AcqCardCodeMsgTBE 576 +#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L + +#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" +#define NID_setct_AuthRevReqTBE 577 +#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L + +#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" +#define NID_setct_AuthRevResTBE 578 +#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L + +#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" +#define NID_setct_AuthRevResTBEB 579 +#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L + +#define SN_setct_CapReqTBE "setct-CapReqTBE" +#define NID_setct_CapReqTBE 580 +#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L + +#define SN_setct_CapReqTBEX "setct-CapReqTBEX" +#define NID_setct_CapReqTBEX 581 +#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L + +#define SN_setct_CapResTBE "setct-CapResTBE" +#define NID_setct_CapResTBE 582 +#define OBJ_setct_CapResTBE OBJ_set_ctype,64L + +#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" +#define NID_setct_CapRevReqTBE 583 +#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L + +#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" +#define NID_setct_CapRevReqTBEX 584 +#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L + +#define SN_setct_CapRevResTBE "setct-CapRevResTBE" +#define NID_setct_CapRevResTBE 585 +#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L + +#define SN_setct_CredReqTBE "setct-CredReqTBE" +#define NID_setct_CredReqTBE 586 +#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L + +#define SN_setct_CredReqTBEX "setct-CredReqTBEX" +#define NID_setct_CredReqTBEX 587 +#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L + +#define SN_setct_CredResTBE "setct-CredResTBE" +#define NID_setct_CredResTBE 588 +#define OBJ_setct_CredResTBE OBJ_set_ctype,70L + +#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" +#define NID_setct_CredRevReqTBE 589 +#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L + +#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" +#define NID_setct_CredRevReqTBEX 590 +#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L + +#define SN_setct_CredRevResTBE "setct-CredRevResTBE" +#define NID_setct_CredRevResTBE 591 +#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L + +#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" +#define NID_setct_BatchAdminReqTBE 592 +#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L + +#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" +#define NID_setct_BatchAdminResTBE 593 +#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L + +#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" +#define NID_setct_RegFormReqTBE 594 +#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L + +#define SN_setct_CertReqTBE "setct-CertReqTBE" +#define NID_setct_CertReqTBE 595 +#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L + +#define SN_setct_CertReqTBEX "setct-CertReqTBEX" +#define NID_setct_CertReqTBEX 596 +#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L + +#define SN_setct_CertResTBE "setct-CertResTBE" +#define NID_setct_CertResTBE 597 +#define OBJ_setct_CertResTBE OBJ_set_ctype,79L + +#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" +#define NID_setct_CRLNotificationTBS 598 +#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L + +#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" +#define NID_setct_CRLNotificationResTBS 599 +#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L + +#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" +#define NID_setct_BCIDistributionTBS 600 +#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L + +#define SN_setext_genCrypt "setext-genCrypt" +#define LN_setext_genCrypt "generic cryptogram" +#define NID_setext_genCrypt 601 +#define OBJ_setext_genCrypt OBJ_set_msgExt,1L + +#define SN_setext_miAuth "setext-miAuth" +#define LN_setext_miAuth "merchant initiated auth" +#define NID_setext_miAuth 602 +#define OBJ_setext_miAuth OBJ_set_msgExt,3L + +#define SN_setext_pinSecure "setext-pinSecure" +#define NID_setext_pinSecure 603 +#define OBJ_setext_pinSecure OBJ_set_msgExt,4L + +#define SN_setext_pinAny "setext-pinAny" +#define NID_setext_pinAny 604 +#define OBJ_setext_pinAny OBJ_set_msgExt,5L + +#define SN_setext_track2 "setext-track2" +#define NID_setext_track2 605 +#define OBJ_setext_track2 OBJ_set_msgExt,7L + +#define SN_setext_cv "setext-cv" +#define LN_setext_cv "additional verification" +#define NID_setext_cv 606 +#define OBJ_setext_cv OBJ_set_msgExt,8L + +#define SN_set_policy_root "set-policy-root" +#define NID_set_policy_root 607 +#define OBJ_set_policy_root OBJ_set_policy,0L + +#define SN_setCext_hashedRoot "setCext-hashedRoot" +#define NID_setCext_hashedRoot 608 +#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L + +#define SN_setCext_certType "setCext-certType" +#define NID_setCext_certType 609 +#define OBJ_setCext_certType OBJ_set_certExt,1L + +#define SN_setCext_merchData "setCext-merchData" +#define NID_setCext_merchData 610 +#define OBJ_setCext_merchData OBJ_set_certExt,2L + +#define SN_setCext_cCertRequired "setCext-cCertRequired" +#define NID_setCext_cCertRequired 611 +#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L + +#define SN_setCext_tunneling "setCext-tunneling" +#define NID_setCext_tunneling 612 +#define OBJ_setCext_tunneling OBJ_set_certExt,4L + +#define SN_setCext_setExt "setCext-setExt" +#define NID_setCext_setExt 613 +#define OBJ_setCext_setExt OBJ_set_certExt,5L + +#define SN_setCext_setQualf "setCext-setQualf" +#define NID_setCext_setQualf 614 +#define OBJ_setCext_setQualf OBJ_set_certExt,6L + +#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" +#define NID_setCext_PGWYcapabilities 615 +#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L + +#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" +#define NID_setCext_TokenIdentifier 616 +#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L + +#define SN_setCext_Track2Data "setCext-Track2Data" +#define NID_setCext_Track2Data 617 +#define OBJ_setCext_Track2Data OBJ_set_certExt,9L + +#define SN_setCext_TokenType "setCext-TokenType" +#define NID_setCext_TokenType 618 +#define OBJ_setCext_TokenType OBJ_set_certExt,10L + +#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" +#define NID_setCext_IssuerCapabilities 619 +#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L + +#define SN_setAttr_Cert "setAttr-Cert" +#define NID_setAttr_Cert 620 +#define OBJ_setAttr_Cert OBJ_set_attr,0L + +#define SN_setAttr_PGWYcap "setAttr-PGWYcap" +#define LN_setAttr_PGWYcap "payment gateway capabilities" +#define NID_setAttr_PGWYcap 621 +#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L + +#define SN_setAttr_TokenType "setAttr-TokenType" +#define NID_setAttr_TokenType 622 +#define OBJ_setAttr_TokenType OBJ_set_attr,2L + +#define SN_setAttr_IssCap "setAttr-IssCap" +#define LN_setAttr_IssCap "issuer capabilities" +#define NID_setAttr_IssCap 623 +#define OBJ_setAttr_IssCap OBJ_set_attr,3L + +#define SN_set_rootKeyThumb "set-rootKeyThumb" +#define NID_set_rootKeyThumb 624 +#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L + +#define SN_set_addPolicy "set-addPolicy" +#define NID_set_addPolicy 625 +#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L + +#define SN_setAttr_Token_EMV "setAttr-Token-EMV" +#define NID_setAttr_Token_EMV 626 +#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L + +#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" +#define NID_setAttr_Token_B0Prime 627 +#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L + +#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" +#define NID_setAttr_IssCap_CVM 628 +#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L + +#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" +#define NID_setAttr_IssCap_T2 629 +#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L + +#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" +#define NID_setAttr_IssCap_Sig 630 +#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L + +#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" +#define LN_setAttr_GenCryptgrm "generate cryptogram" +#define NID_setAttr_GenCryptgrm 631 +#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L + +#define SN_setAttr_T2Enc "setAttr-T2Enc" +#define LN_setAttr_T2Enc "encrypted track 2" +#define NID_setAttr_T2Enc 632 +#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L + +#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" +#define LN_setAttr_T2cleartxt "cleartext track 2" +#define NID_setAttr_T2cleartxt 633 +#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L + +#define SN_setAttr_TokICCsig "setAttr-TokICCsig" +#define LN_setAttr_TokICCsig "ICC or token signature" +#define NID_setAttr_TokICCsig 634 +#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L + +#define SN_setAttr_SecDevSig "setAttr-SecDevSig" +#define LN_setAttr_SecDevSig "secure device signature" +#define NID_setAttr_SecDevSig 635 +#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L + +#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" +#define NID_set_brand_IATA_ATA 636 +#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L + +#define SN_set_brand_Diners "set-brand-Diners" +#define NID_set_brand_Diners 637 +#define OBJ_set_brand_Diners OBJ_set_brand,30L + +#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" +#define NID_set_brand_AmericanExpress 638 +#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L + +#define SN_set_brand_JCB "set-brand-JCB" +#define NID_set_brand_JCB 639 +#define OBJ_set_brand_JCB OBJ_set_brand,35L + +#define SN_set_brand_Visa "set-brand-Visa" +#define NID_set_brand_Visa 640 +#define OBJ_set_brand_Visa OBJ_set_brand,4L + +#define SN_set_brand_MasterCard "set-brand-MasterCard" +#define NID_set_brand_MasterCard 641 +#define OBJ_set_brand_MasterCard OBJ_set_brand,5L + +#define SN_set_brand_Novus "set-brand-Novus" +#define NID_set_brand_Novus 642 +#define OBJ_set_brand_Novus OBJ_set_brand,6011L + +#define SN_des_cdmf "DES-CDMF" +#define LN_des_cdmf "des-cdmf" +#define NID_des_cdmf 643 +#define OBJ_des_cdmf OBJ_rsadsi,3L,10L + +#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" +#define NID_rsaOAEPEncryptionSET 644 +#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L + +#define SN_ipsec3 "Oakley-EC2N-3" +#define LN_ipsec3 "ipsec3" +#define NID_ipsec3 749 + +#define SN_ipsec4 "Oakley-EC2N-4" +#define LN_ipsec4 "ipsec4" +#define NID_ipsec4 750 + +#define SN_whirlpool "whirlpool" +#define NID_whirlpool 804 +#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L + +#define SN_cryptopro "cryptopro" +#define NID_cryptopro 805 +#define OBJ_cryptopro OBJ_member_body,643L,2L,2L + +#define SN_cryptocom "cryptocom" +#define NID_cryptocom 806 +#define OBJ_cryptocom OBJ_member_body,643L,2L,9L + +#define SN_id_tc26 "id-tc26" +#define NID_id_tc26 974 +#define OBJ_id_tc26 OBJ_member_body,643L,7L,1L + +#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" +#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" +#define NID_id_GostR3411_94_with_GostR3410_2001 807 +#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L + +#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" +#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" +#define NID_id_GostR3411_94_with_GostR3410_94 808 +#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L + +#define SN_id_GostR3411_94 "md_gost94" +#define LN_id_GostR3411_94 "GOST R 34.11-94" +#define NID_id_GostR3411_94 809 +#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L + +#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" +#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" +#define NID_id_HMACGostR3411_94 810 +#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L + +#define SN_id_GostR3410_2001 "gost2001" +#define LN_id_GostR3410_2001 "GOST R 34.10-2001" +#define NID_id_GostR3410_2001 811 +#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L + +#define SN_id_GostR3410_94 "gost94" +#define LN_id_GostR3410_94 "GOST R 34.10-94" +#define NID_id_GostR3410_94 812 +#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L + +#define SN_id_Gost28147_89 "gost89" +#define LN_id_Gost28147_89 "GOST 28147-89" +#define NID_id_Gost28147_89 813 +#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L + +#define SN_gost89_cnt "gost89-cnt" +#define NID_gost89_cnt 814 + +#define SN_gost89_cnt_12 "gost89-cnt-12" +#define NID_gost89_cnt_12 975 + +#define SN_gost89_cbc "gost89-cbc" +#define NID_gost89_cbc 1009 + +#define SN_gost89_ecb "gost89-ecb" +#define NID_gost89_ecb 1010 + +#define SN_gost89_ctr "gost89-ctr" +#define NID_gost89_ctr 1011 + +#define SN_id_Gost28147_89_MAC "gost-mac" +#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" +#define NID_id_Gost28147_89_MAC 815 +#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L + +#define SN_gost_mac_12 "gost-mac-12" +#define NID_gost_mac_12 976 + +#define SN_id_GostR3411_94_prf "prf-gostr3411-94" +#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" +#define NID_id_GostR3411_94_prf 816 +#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L + +#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" +#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" +#define NID_id_GostR3410_2001DH 817 +#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L + +#define SN_id_GostR3410_94DH "id-GostR3410-94DH" +#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" +#define NID_id_GostR3410_94DH 818 +#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L + +#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" +#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 +#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L + +#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" +#define NID_id_Gost28147_89_None_KeyMeshing 820 +#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L + +#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" +#define NID_id_GostR3411_94_TestParamSet 821 +#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L + +#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" +#define NID_id_GostR3411_94_CryptoProParamSet 822 +#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L + +#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" +#define NID_id_Gost28147_89_TestParamSet 823 +#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L + +#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 +#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L + +#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 +#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L + +#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 +#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L + +#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 +#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L + +#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L + +#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" +#define NID_id_GostR3410_94_TestParamSet 831 +#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L + +#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 +#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L + +#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 +#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L + +#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 +#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L + +#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 +#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L + +#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L + +#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L + +#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L + +#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" +#define NID_id_GostR3410_2001_TestParamSet 839 +#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L + +#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 +#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L + +#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 +#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L + +#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 +#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L + +#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L + +#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L + +#define SN_id_GostR3410_94_a "id-GostR3410-94-a" +#define NID_id_GostR3410_94_a 845 +#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L + +#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" +#define NID_id_GostR3410_94_aBis 846 +#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L + +#define SN_id_GostR3410_94_b "id-GostR3410-94-b" +#define NID_id_GostR3410_94_b 847 +#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L + +#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" +#define NID_id_GostR3410_94_bBis 848 +#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L + +#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" +#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" +#define NID_id_Gost28147_89_cc 849 +#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L + +#define SN_id_GostR3410_94_cc "gost94cc" +#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" +#define NID_id_GostR3410_94_cc 850 +#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L + +#define SN_id_GostR3410_2001_cc "gost2001cc" +#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" +#define NID_id_GostR3410_2001_cc 851 +#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L + +#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" +#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 +#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L + +#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" +#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 +#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L + +#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" +#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" +#define NID_id_GostR3410_2001_ParamSet_cc 854 +#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L + +#define SN_id_tc26_algorithms "id-tc26-algorithms" +#define NID_id_tc26_algorithms 977 +#define OBJ_id_tc26_algorithms OBJ_id_tc26,1L + +#define SN_id_tc26_sign "id-tc26-sign" +#define NID_id_tc26_sign 978 +#define OBJ_id_tc26_sign OBJ_id_tc26_algorithms,1L + +#define SN_id_GostR3410_2012_256 "gost2012_256" +#define LN_id_GostR3410_2012_256 "GOST R 34.10-2012 with 256 bit modulus" +#define NID_id_GostR3410_2012_256 979 +#define OBJ_id_GostR3410_2012_256 OBJ_id_tc26_sign,1L + +#define SN_id_GostR3410_2012_512 "gost2012_512" +#define LN_id_GostR3410_2012_512 "GOST R 34.10-2012 with 512 bit modulus" +#define NID_id_GostR3410_2012_512 980 +#define OBJ_id_GostR3410_2012_512 OBJ_id_tc26_sign,2L + +#define SN_id_tc26_digest "id-tc26-digest" +#define NID_id_tc26_digest 981 +#define OBJ_id_tc26_digest OBJ_id_tc26_algorithms,2L + +#define SN_id_GostR3411_2012_256 "md_gost12_256" +#define LN_id_GostR3411_2012_256 "GOST R 34.11-2012 with 256 bit hash" +#define NID_id_GostR3411_2012_256 982 +#define OBJ_id_GostR3411_2012_256 OBJ_id_tc26_digest,2L + +#define SN_id_GostR3411_2012_512 "md_gost12_512" +#define LN_id_GostR3411_2012_512 "GOST R 34.11-2012 with 512 bit hash" +#define NID_id_GostR3411_2012_512 983 +#define OBJ_id_GostR3411_2012_512 OBJ_id_tc26_digest,3L + +#define SN_id_tc26_signwithdigest "id-tc26-signwithdigest" +#define NID_id_tc26_signwithdigest 984 +#define OBJ_id_tc26_signwithdigest OBJ_id_tc26_algorithms,3L + +#define SN_id_tc26_signwithdigest_gost3410_2012_256 "id-tc26-signwithdigest-gost3410-2012-256" +#define LN_id_tc26_signwithdigest_gost3410_2012_256 "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_256 985 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_256 OBJ_id_tc26_signwithdigest,2L + +#define SN_id_tc26_signwithdigest_gost3410_2012_512 "id-tc26-signwithdigest-gost3410-2012-512" +#define LN_id_tc26_signwithdigest_gost3410_2012_512 "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_512 986 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_512 OBJ_id_tc26_signwithdigest,3L + +#define SN_id_tc26_mac "id-tc26-mac" +#define NID_id_tc26_mac 987 +#define OBJ_id_tc26_mac OBJ_id_tc26_algorithms,4L + +#define SN_id_tc26_hmac_gost_3411_2012_256 "id-tc26-hmac-gost-3411-2012-256" +#define LN_id_tc26_hmac_gost_3411_2012_256 "HMAC GOST 34.11-2012 256 bit" +#define NID_id_tc26_hmac_gost_3411_2012_256 988 +#define OBJ_id_tc26_hmac_gost_3411_2012_256 OBJ_id_tc26_mac,1L + +#define SN_id_tc26_hmac_gost_3411_2012_512 "id-tc26-hmac-gost-3411-2012-512" +#define LN_id_tc26_hmac_gost_3411_2012_512 "HMAC GOST 34.11-2012 512 bit" +#define NID_id_tc26_hmac_gost_3411_2012_512 989 +#define OBJ_id_tc26_hmac_gost_3411_2012_512 OBJ_id_tc26_mac,2L + +#define SN_id_tc26_cipher "id-tc26-cipher" +#define NID_id_tc26_cipher 990 +#define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L + +#define SN_id_tc26_cipher_gostr3412_2015_magma "id-tc26-cipher-gostr3412-2015-magma" +#define NID_id_tc26_cipher_gostr3412_2015_magma 1173 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma OBJ_id_tc26_cipher,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_magma,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_magma,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik "id-tc26-cipher-gostr3412-2015-kuznyechik" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik 1176 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik OBJ_id_tc26_cipher,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L + +#define SN_id_tc26_agreement "id-tc26-agreement" +#define NID_id_tc26_agreement 991 +#define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L + +#define SN_id_tc26_agreement_gost_3410_2012_256 "id-tc26-agreement-gost-3410-2012-256" +#define NID_id_tc26_agreement_gost_3410_2012_256 992 +#define OBJ_id_tc26_agreement_gost_3410_2012_256 OBJ_id_tc26_agreement,1L + +#define SN_id_tc26_agreement_gost_3410_2012_512 "id-tc26-agreement-gost-3410-2012-512" +#define NID_id_tc26_agreement_gost_3410_2012_512 993 +#define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L + +#define SN_id_tc26_wrap "id-tc26-wrap" +#define NID_id_tc26_wrap 1179 +#define OBJ_id_tc26_wrap OBJ_id_tc26_algorithms,7L + +#define SN_id_tc26_wrap_gostr3412_2015_magma "id-tc26-wrap-gostr3412-2015-magma" +#define NID_id_tc26_wrap_gostr3412_2015_magma 1180 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma OBJ_id_tc26_wrap,1L + +#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 "id-tc26-wrap-gostr3412-2015-magma-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 1181 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik "id-tc26-wrap-gostr3412-2015-kuznyechik" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik 1182 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik OBJ_id_tc26_wrap,2L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_constants "id-tc26-constants" +#define NID_id_tc26_constants 994 +#define OBJ_id_tc26_constants OBJ_id_tc26,2L + +#define SN_id_tc26_sign_constants "id-tc26-sign-constants" +#define NID_id_tc26_sign_constants 995 +#define OBJ_id_tc26_sign_constants OBJ_id_tc26_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_constants "id-tc26-gost-3410-2012-256-constants" +#define NID_id_tc26_gost_3410_2012_256_constants 1147 +#define OBJ_id_tc26_gost_3410_2012_256_constants OBJ_id_tc26_sign_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetA "id-tc26-gost-3410-2012-256-paramSetA" +#define LN_id_tc26_gost_3410_2012_256_paramSetA "GOST R 34.10-2012 (256 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_256_paramSetA 1148 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetA OBJ_id_tc26_gost_3410_2012_256_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetB "id-tc26-gost-3410-2012-256-paramSetB" +#define LN_id_tc26_gost_3410_2012_256_paramSetB "GOST R 34.10-2012 (256 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_256_paramSetB 1184 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetB OBJ_id_tc26_gost_3410_2012_256_constants,2L + +#define SN_id_tc26_gost_3410_2012_256_paramSetC "id-tc26-gost-3410-2012-256-paramSetC" +#define LN_id_tc26_gost_3410_2012_256_paramSetC "GOST R 34.10-2012 (256 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_256_paramSetC 1185 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetC OBJ_id_tc26_gost_3410_2012_256_constants,3L + +#define SN_id_tc26_gost_3410_2012_256_paramSetD "id-tc26-gost-3410-2012-256-paramSetD" +#define LN_id_tc26_gost_3410_2012_256_paramSetD "GOST R 34.10-2012 (256 bit) ParamSet D" +#define NID_id_tc26_gost_3410_2012_256_paramSetD 1186 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetD OBJ_id_tc26_gost_3410_2012_256_constants,4L + +#define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants" +#define NID_id_tc26_gost_3410_2012_512_constants 996 +#define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetTest "id-tc26-gost-3410-2012-512-paramSetTest" +#define LN_id_tc26_gost_3410_2012_512_paramSetTest "GOST R 34.10-2012 (512 bit) testing parameter set" +#define NID_id_tc26_gost_3410_2012_512_paramSetTest 997 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest OBJ_id_tc26_gost_3410_2012_512_constants,0L + +#define SN_id_tc26_gost_3410_2012_512_paramSetA "id-tc26-gost-3410-2012-512-paramSetA" +#define LN_id_tc26_gost_3410_2012_512_paramSetA "GOST R 34.10-2012 (512 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_512_paramSetA 998 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetA OBJ_id_tc26_gost_3410_2012_512_constants,1L + +#define SN_id_tc26_gost_3410_2012_512_paramSetB "id-tc26-gost-3410-2012-512-paramSetB" +#define LN_id_tc26_gost_3410_2012_512_paramSetB "GOST R 34.10-2012 (512 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_512_paramSetB 999 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetB OBJ_id_tc26_gost_3410_2012_512_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetC "id-tc26-gost-3410-2012-512-paramSetC" +#define LN_id_tc26_gost_3410_2012_512_paramSetC "GOST R 34.10-2012 (512 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_512_paramSetC 1149 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetC OBJ_id_tc26_gost_3410_2012_512_constants,3L + +#define SN_id_tc26_digest_constants "id-tc26-digest-constants" +#define NID_id_tc26_digest_constants 1000 +#define OBJ_id_tc26_digest_constants OBJ_id_tc26_constants,2L + +#define SN_id_tc26_cipher_constants "id-tc26-cipher-constants" +#define NID_id_tc26_cipher_constants 1001 +#define OBJ_id_tc26_cipher_constants OBJ_id_tc26_constants,5L + +#define SN_id_tc26_gost_28147_constants "id-tc26-gost-28147-constants" +#define NID_id_tc26_gost_28147_constants 1002 +#define OBJ_id_tc26_gost_28147_constants OBJ_id_tc26_cipher_constants,1L + +#define SN_id_tc26_gost_28147_param_Z "id-tc26-gost-28147-param-Z" +#define LN_id_tc26_gost_28147_param_Z "GOST 28147-89 TC26 parameter set" +#define NID_id_tc26_gost_28147_param_Z 1003 +#define OBJ_id_tc26_gost_28147_param_Z OBJ_id_tc26_gost_28147_constants,1L + +#define SN_INN "INN" +#define LN_INN "INN" +#define NID_INN 1004 +#define OBJ_INN OBJ_member_body,643L,3L,131L,1L,1L + +#define SN_OGRN "OGRN" +#define LN_OGRN "OGRN" +#define NID_OGRN 1005 +#define OBJ_OGRN OBJ_member_body,643L,100L,1L + +#define SN_SNILS "SNILS" +#define LN_SNILS "SNILS" +#define NID_SNILS 1006 +#define OBJ_SNILS OBJ_member_body,643L,100L,3L + +#define SN_subjectSignTool "subjectSignTool" +#define LN_subjectSignTool "Signing Tool of Subject" +#define NID_subjectSignTool 1007 +#define OBJ_subjectSignTool OBJ_member_body,643L,100L,111L + +#define SN_issuerSignTool "issuerSignTool" +#define LN_issuerSignTool "Signing Tool of Issuer" +#define NID_issuerSignTool 1008 +#define OBJ_issuerSignTool OBJ_member_body,643L,100L,112L + +#define SN_grasshopper_ecb "grasshopper-ecb" +#define NID_grasshopper_ecb 1012 + +#define SN_grasshopper_ctr "grasshopper-ctr" +#define NID_grasshopper_ctr 1013 + +#define SN_grasshopper_ofb "grasshopper-ofb" +#define NID_grasshopper_ofb 1014 + +#define SN_grasshopper_cbc "grasshopper-cbc" +#define NID_grasshopper_cbc 1015 + +#define SN_grasshopper_cfb "grasshopper-cfb" +#define NID_grasshopper_cfb 1016 + +#define SN_grasshopper_mac "grasshopper-mac" +#define NID_grasshopper_mac 1017 + +#define SN_magma_ecb "magma-ecb" +#define NID_magma_ecb 1187 + +#define SN_magma_ctr "magma-ctr" +#define NID_magma_ctr 1188 + +#define SN_magma_ofb "magma-ofb" +#define NID_magma_ofb 1189 + +#define SN_magma_cbc "magma-cbc" +#define NID_magma_cbc 1190 + +#define SN_magma_cfb "magma-cfb" +#define NID_magma_cfb 1191 + +#define SN_magma_mac "magma-mac" +#define NID_magma_mac 1192 + +#define SN_camellia_128_cbc "CAMELLIA-128-CBC" +#define LN_camellia_128_cbc "camellia-128-cbc" +#define NID_camellia_128_cbc 751 +#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L + +#define SN_camellia_192_cbc "CAMELLIA-192-CBC" +#define LN_camellia_192_cbc "camellia-192-cbc" +#define NID_camellia_192_cbc 752 +#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L + +#define SN_camellia_256_cbc "CAMELLIA-256-CBC" +#define LN_camellia_256_cbc "camellia-256-cbc" +#define NID_camellia_256_cbc 753 +#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L + +#define SN_id_camellia128_wrap "id-camellia128-wrap" +#define NID_id_camellia128_wrap 907 +#define OBJ_id_camellia128_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,2L + +#define SN_id_camellia192_wrap "id-camellia192-wrap" +#define NID_id_camellia192_wrap 908 +#define OBJ_id_camellia192_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,3L + +#define SN_id_camellia256_wrap "id-camellia256-wrap" +#define NID_id_camellia256_wrap 909 +#define OBJ_id_camellia256_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,4L + +#define OBJ_ntt_ds 0L,3L,4401L,5L + +#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L + +#define SN_camellia_128_ecb "CAMELLIA-128-ECB" +#define LN_camellia_128_ecb "camellia-128-ecb" +#define NID_camellia_128_ecb 754 +#define OBJ_camellia_128_ecb OBJ_camellia,1L + +#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" +#define LN_camellia_128_ofb128 "camellia-128-ofb" +#define NID_camellia_128_ofb128 766 +#define OBJ_camellia_128_ofb128 OBJ_camellia,3L + +#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" +#define LN_camellia_128_cfb128 "camellia-128-cfb" +#define NID_camellia_128_cfb128 757 +#define OBJ_camellia_128_cfb128 OBJ_camellia,4L + +#define SN_camellia_128_gcm "CAMELLIA-128-GCM" +#define LN_camellia_128_gcm "camellia-128-gcm" +#define NID_camellia_128_gcm 961 +#define OBJ_camellia_128_gcm OBJ_camellia,6L + +#define SN_camellia_128_ccm "CAMELLIA-128-CCM" +#define LN_camellia_128_ccm "camellia-128-ccm" +#define NID_camellia_128_ccm 962 +#define OBJ_camellia_128_ccm OBJ_camellia,7L + +#define SN_camellia_128_ctr "CAMELLIA-128-CTR" +#define LN_camellia_128_ctr "camellia-128-ctr" +#define NID_camellia_128_ctr 963 +#define OBJ_camellia_128_ctr OBJ_camellia,9L + +#define SN_camellia_128_cmac "CAMELLIA-128-CMAC" +#define LN_camellia_128_cmac "camellia-128-cmac" +#define NID_camellia_128_cmac 964 +#define OBJ_camellia_128_cmac OBJ_camellia,10L + +#define SN_camellia_192_ecb "CAMELLIA-192-ECB" +#define LN_camellia_192_ecb "camellia-192-ecb" +#define NID_camellia_192_ecb 755 +#define OBJ_camellia_192_ecb OBJ_camellia,21L + +#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" +#define LN_camellia_192_ofb128 "camellia-192-ofb" +#define NID_camellia_192_ofb128 767 +#define OBJ_camellia_192_ofb128 OBJ_camellia,23L + +#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" +#define LN_camellia_192_cfb128 "camellia-192-cfb" +#define NID_camellia_192_cfb128 758 +#define OBJ_camellia_192_cfb128 OBJ_camellia,24L + +#define SN_camellia_192_gcm "CAMELLIA-192-GCM" +#define LN_camellia_192_gcm "camellia-192-gcm" +#define NID_camellia_192_gcm 965 +#define OBJ_camellia_192_gcm OBJ_camellia,26L + +#define SN_camellia_192_ccm "CAMELLIA-192-CCM" +#define LN_camellia_192_ccm "camellia-192-ccm" +#define NID_camellia_192_ccm 966 +#define OBJ_camellia_192_ccm OBJ_camellia,27L + +#define SN_camellia_192_ctr "CAMELLIA-192-CTR" +#define LN_camellia_192_ctr "camellia-192-ctr" +#define NID_camellia_192_ctr 967 +#define OBJ_camellia_192_ctr OBJ_camellia,29L + +#define SN_camellia_192_cmac "CAMELLIA-192-CMAC" +#define LN_camellia_192_cmac "camellia-192-cmac" +#define NID_camellia_192_cmac 968 +#define OBJ_camellia_192_cmac OBJ_camellia,30L + +#define SN_camellia_256_ecb "CAMELLIA-256-ECB" +#define LN_camellia_256_ecb "camellia-256-ecb" +#define NID_camellia_256_ecb 756 +#define OBJ_camellia_256_ecb OBJ_camellia,41L + +#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" +#define LN_camellia_256_ofb128 "camellia-256-ofb" +#define NID_camellia_256_ofb128 768 +#define OBJ_camellia_256_ofb128 OBJ_camellia,43L + +#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" +#define LN_camellia_256_cfb128 "camellia-256-cfb" +#define NID_camellia_256_cfb128 759 +#define OBJ_camellia_256_cfb128 OBJ_camellia,44L + +#define SN_camellia_256_gcm "CAMELLIA-256-GCM" +#define LN_camellia_256_gcm "camellia-256-gcm" +#define NID_camellia_256_gcm 969 +#define OBJ_camellia_256_gcm OBJ_camellia,46L + +#define SN_camellia_256_ccm "CAMELLIA-256-CCM" +#define LN_camellia_256_ccm "camellia-256-ccm" +#define NID_camellia_256_ccm 970 +#define OBJ_camellia_256_ccm OBJ_camellia,47L + +#define SN_camellia_256_ctr "CAMELLIA-256-CTR" +#define LN_camellia_256_ctr "camellia-256-ctr" +#define NID_camellia_256_ctr 971 +#define OBJ_camellia_256_ctr OBJ_camellia,49L + +#define SN_camellia_256_cmac "CAMELLIA-256-CMAC" +#define LN_camellia_256_cmac "camellia-256-cmac" +#define NID_camellia_256_cmac 972 +#define OBJ_camellia_256_cmac OBJ_camellia,50L + +#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" +#define LN_camellia_128_cfb1 "camellia-128-cfb1" +#define NID_camellia_128_cfb1 760 + +#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" +#define LN_camellia_192_cfb1 "camellia-192-cfb1" +#define NID_camellia_192_cfb1 761 + +#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" +#define LN_camellia_256_cfb1 "camellia-256-cfb1" +#define NID_camellia_256_cfb1 762 + +#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" +#define LN_camellia_128_cfb8 "camellia-128-cfb8" +#define NID_camellia_128_cfb8 763 + +#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" +#define LN_camellia_192_cfb8 "camellia-192-cfb8" +#define NID_camellia_192_cfb8 764 + +#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" +#define LN_camellia_256_cfb8 "camellia-256-cfb8" +#define NID_camellia_256_cfb8 765 + +#define OBJ_aria 1L,2L,410L,200046L,1L,1L + +#define SN_aria_128_ecb "ARIA-128-ECB" +#define LN_aria_128_ecb "aria-128-ecb" +#define NID_aria_128_ecb 1065 +#define OBJ_aria_128_ecb OBJ_aria,1L + +#define SN_aria_128_cbc "ARIA-128-CBC" +#define LN_aria_128_cbc "aria-128-cbc" +#define NID_aria_128_cbc 1066 +#define OBJ_aria_128_cbc OBJ_aria,2L + +#define SN_aria_128_cfb128 "ARIA-128-CFB" +#define LN_aria_128_cfb128 "aria-128-cfb" +#define NID_aria_128_cfb128 1067 +#define OBJ_aria_128_cfb128 OBJ_aria,3L + +#define SN_aria_128_ofb128 "ARIA-128-OFB" +#define LN_aria_128_ofb128 "aria-128-ofb" +#define NID_aria_128_ofb128 1068 +#define OBJ_aria_128_ofb128 OBJ_aria,4L + +#define SN_aria_128_ctr "ARIA-128-CTR" +#define LN_aria_128_ctr "aria-128-ctr" +#define NID_aria_128_ctr 1069 +#define OBJ_aria_128_ctr OBJ_aria,5L + +#define SN_aria_192_ecb "ARIA-192-ECB" +#define LN_aria_192_ecb "aria-192-ecb" +#define NID_aria_192_ecb 1070 +#define OBJ_aria_192_ecb OBJ_aria,6L + +#define SN_aria_192_cbc "ARIA-192-CBC" +#define LN_aria_192_cbc "aria-192-cbc" +#define NID_aria_192_cbc 1071 +#define OBJ_aria_192_cbc OBJ_aria,7L + +#define SN_aria_192_cfb128 "ARIA-192-CFB" +#define LN_aria_192_cfb128 "aria-192-cfb" +#define NID_aria_192_cfb128 1072 +#define OBJ_aria_192_cfb128 OBJ_aria,8L + +#define SN_aria_192_ofb128 "ARIA-192-OFB" +#define LN_aria_192_ofb128 "aria-192-ofb" +#define NID_aria_192_ofb128 1073 +#define OBJ_aria_192_ofb128 OBJ_aria,9L + +#define SN_aria_192_ctr "ARIA-192-CTR" +#define LN_aria_192_ctr "aria-192-ctr" +#define NID_aria_192_ctr 1074 +#define OBJ_aria_192_ctr OBJ_aria,10L + +#define SN_aria_256_ecb "ARIA-256-ECB" +#define LN_aria_256_ecb "aria-256-ecb" +#define NID_aria_256_ecb 1075 +#define OBJ_aria_256_ecb OBJ_aria,11L + +#define SN_aria_256_cbc "ARIA-256-CBC" +#define LN_aria_256_cbc "aria-256-cbc" +#define NID_aria_256_cbc 1076 +#define OBJ_aria_256_cbc OBJ_aria,12L + +#define SN_aria_256_cfb128 "ARIA-256-CFB" +#define LN_aria_256_cfb128 "aria-256-cfb" +#define NID_aria_256_cfb128 1077 +#define OBJ_aria_256_cfb128 OBJ_aria,13L + +#define SN_aria_256_ofb128 "ARIA-256-OFB" +#define LN_aria_256_ofb128 "aria-256-ofb" +#define NID_aria_256_ofb128 1078 +#define OBJ_aria_256_ofb128 OBJ_aria,14L + +#define SN_aria_256_ctr "ARIA-256-CTR" +#define LN_aria_256_ctr "aria-256-ctr" +#define NID_aria_256_ctr 1079 +#define OBJ_aria_256_ctr OBJ_aria,15L + +#define SN_aria_128_cfb1 "ARIA-128-CFB1" +#define LN_aria_128_cfb1 "aria-128-cfb1" +#define NID_aria_128_cfb1 1080 + +#define SN_aria_192_cfb1 "ARIA-192-CFB1" +#define LN_aria_192_cfb1 "aria-192-cfb1" +#define NID_aria_192_cfb1 1081 + +#define SN_aria_256_cfb1 "ARIA-256-CFB1" +#define LN_aria_256_cfb1 "aria-256-cfb1" +#define NID_aria_256_cfb1 1082 + +#define SN_aria_128_cfb8 "ARIA-128-CFB8" +#define LN_aria_128_cfb8 "aria-128-cfb8" +#define NID_aria_128_cfb8 1083 + +#define SN_aria_192_cfb8 "ARIA-192-CFB8" +#define LN_aria_192_cfb8 "aria-192-cfb8" +#define NID_aria_192_cfb8 1084 + +#define SN_aria_256_cfb8 "ARIA-256-CFB8" +#define LN_aria_256_cfb8 "aria-256-cfb8" +#define NID_aria_256_cfb8 1085 + +#define SN_aria_128_ccm "ARIA-128-CCM" +#define LN_aria_128_ccm "aria-128-ccm" +#define NID_aria_128_ccm 1120 +#define OBJ_aria_128_ccm OBJ_aria,37L + +#define SN_aria_192_ccm "ARIA-192-CCM" +#define LN_aria_192_ccm "aria-192-ccm" +#define NID_aria_192_ccm 1121 +#define OBJ_aria_192_ccm OBJ_aria,38L + +#define SN_aria_256_ccm "ARIA-256-CCM" +#define LN_aria_256_ccm "aria-256-ccm" +#define NID_aria_256_ccm 1122 +#define OBJ_aria_256_ccm OBJ_aria,39L + +#define SN_aria_128_gcm "ARIA-128-GCM" +#define LN_aria_128_gcm "aria-128-gcm" +#define NID_aria_128_gcm 1123 +#define OBJ_aria_128_gcm OBJ_aria,34L + +#define SN_aria_192_gcm "ARIA-192-GCM" +#define LN_aria_192_gcm "aria-192-gcm" +#define NID_aria_192_gcm 1124 +#define OBJ_aria_192_gcm OBJ_aria,35L + +#define SN_aria_256_gcm "ARIA-256-GCM" +#define LN_aria_256_gcm "aria-256-gcm" +#define NID_aria_256_gcm 1125 +#define OBJ_aria_256_gcm OBJ_aria,36L + +#define SN_kisa "KISA" +#define LN_kisa "kisa" +#define NID_kisa 773 +#define OBJ_kisa OBJ_member_body,410L,200004L + +#define SN_seed_ecb "SEED-ECB" +#define LN_seed_ecb "seed-ecb" +#define NID_seed_ecb 776 +#define OBJ_seed_ecb OBJ_kisa,1L,3L + +#define SN_seed_cbc "SEED-CBC" +#define LN_seed_cbc "seed-cbc" +#define NID_seed_cbc 777 +#define OBJ_seed_cbc OBJ_kisa,1L,4L + +#define SN_seed_cfb128 "SEED-CFB" +#define LN_seed_cfb128 "seed-cfb" +#define NID_seed_cfb128 779 +#define OBJ_seed_cfb128 OBJ_kisa,1L,5L + +#define SN_seed_ofb128 "SEED-OFB" +#define LN_seed_ofb128 "seed-ofb" +#define NID_seed_ofb128 778 +#define OBJ_seed_ofb128 OBJ_kisa,1L,6L + +#define SN_sm4_ecb "SM4-ECB" +#define LN_sm4_ecb "sm4-ecb" +#define NID_sm4_ecb 1133 +#define OBJ_sm4_ecb OBJ_sm_scheme,104L,1L + +#define SN_sm4_cbc "SM4-CBC" +#define LN_sm4_cbc "sm4-cbc" +#define NID_sm4_cbc 1134 +#define OBJ_sm4_cbc OBJ_sm_scheme,104L,2L + +#define SN_sm4_ofb128 "SM4-OFB" +#define LN_sm4_ofb128 "sm4-ofb" +#define NID_sm4_ofb128 1135 +#define OBJ_sm4_ofb128 OBJ_sm_scheme,104L,3L + +#define SN_sm4_cfb128 "SM4-CFB" +#define LN_sm4_cfb128 "sm4-cfb" +#define NID_sm4_cfb128 1137 +#define OBJ_sm4_cfb128 OBJ_sm_scheme,104L,4L + +#define SN_sm4_cfb1 "SM4-CFB1" +#define LN_sm4_cfb1 "sm4-cfb1" +#define NID_sm4_cfb1 1136 +#define OBJ_sm4_cfb1 OBJ_sm_scheme,104L,5L + +#define SN_sm4_cfb8 "SM4-CFB8" +#define LN_sm4_cfb8 "sm4-cfb8" +#define NID_sm4_cfb8 1138 +#define OBJ_sm4_cfb8 OBJ_sm_scheme,104L,6L + +#define SN_sm4_ctr "SM4-CTR" +#define LN_sm4_ctr "sm4-ctr" +#define NID_sm4_ctr 1139 +#define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L + +#define SN_hmac "HMAC" +#define LN_hmac "hmac" +#define NID_hmac 855 + +#define SN_cmac "CMAC" +#define LN_cmac "cmac" +#define NID_cmac 894 + +#define SN_rc4_hmac_md5 "RC4-HMAC-MD5" +#define LN_rc4_hmac_md5 "rc4-hmac-md5" +#define NID_rc4_hmac_md5 915 + +#define SN_aes_128_cbc_hmac_sha1 "AES-128-CBC-HMAC-SHA1" +#define LN_aes_128_cbc_hmac_sha1 "aes-128-cbc-hmac-sha1" +#define NID_aes_128_cbc_hmac_sha1 916 + +#define SN_aes_192_cbc_hmac_sha1 "AES-192-CBC-HMAC-SHA1" +#define LN_aes_192_cbc_hmac_sha1 "aes-192-cbc-hmac-sha1" +#define NID_aes_192_cbc_hmac_sha1 917 + +#define SN_aes_256_cbc_hmac_sha1 "AES-256-CBC-HMAC-SHA1" +#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" +#define NID_aes_256_cbc_hmac_sha1 918 + +#define SN_aes_128_cbc_hmac_sha256 "AES-128-CBC-HMAC-SHA256" +#define LN_aes_128_cbc_hmac_sha256 "aes-128-cbc-hmac-sha256" +#define NID_aes_128_cbc_hmac_sha256 948 + +#define SN_aes_192_cbc_hmac_sha256 "AES-192-CBC-HMAC-SHA256" +#define LN_aes_192_cbc_hmac_sha256 "aes-192-cbc-hmac-sha256" +#define NID_aes_192_cbc_hmac_sha256 949 + +#define SN_aes_256_cbc_hmac_sha256 "AES-256-CBC-HMAC-SHA256" +#define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" +#define NID_aes_256_cbc_hmac_sha256 950 + +#define SN_chacha20_poly1305 "ChaCha20-Poly1305" +#define LN_chacha20_poly1305 "chacha20-poly1305" +#define NID_chacha20_poly1305 1018 + +#define SN_chacha20 "ChaCha20" +#define LN_chacha20 "chacha20" +#define NID_chacha20 1019 + +#define SN_dhpublicnumber "dhpublicnumber" +#define LN_dhpublicnumber "X9.42 DH" +#define NID_dhpublicnumber 920 +#define OBJ_dhpublicnumber OBJ_ISO_US,10046L,2L,1L + +#define SN_brainpoolP160r1 "brainpoolP160r1" +#define NID_brainpoolP160r1 921 +#define OBJ_brainpoolP160r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,1L + +#define SN_brainpoolP160t1 "brainpoolP160t1" +#define NID_brainpoolP160t1 922 +#define OBJ_brainpoolP160t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,2L + +#define SN_brainpoolP192r1 "brainpoolP192r1" +#define NID_brainpoolP192r1 923 +#define OBJ_brainpoolP192r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,3L + +#define SN_brainpoolP192t1 "brainpoolP192t1" +#define NID_brainpoolP192t1 924 +#define OBJ_brainpoolP192t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,4L + +#define SN_brainpoolP224r1 "brainpoolP224r1" +#define NID_brainpoolP224r1 925 +#define OBJ_brainpoolP224r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,5L + +#define SN_brainpoolP224t1 "brainpoolP224t1" +#define NID_brainpoolP224t1 926 +#define OBJ_brainpoolP224t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,6L + +#define SN_brainpoolP256r1 "brainpoolP256r1" +#define NID_brainpoolP256r1 927 +#define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L + +#define SN_brainpoolP256t1 "brainpoolP256t1" +#define NID_brainpoolP256t1 928 +#define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L + +#define SN_brainpoolP320r1 "brainpoolP320r1" +#define NID_brainpoolP320r1 929 +#define OBJ_brainpoolP320r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,9L + +#define SN_brainpoolP320t1 "brainpoolP320t1" +#define NID_brainpoolP320t1 930 +#define OBJ_brainpoolP320t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,10L + +#define SN_brainpoolP384r1 "brainpoolP384r1" +#define NID_brainpoolP384r1 931 +#define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L + +#define SN_brainpoolP384t1 "brainpoolP384t1" +#define NID_brainpoolP384t1 932 +#define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L + +#define SN_brainpoolP512r1 "brainpoolP512r1" +#define NID_brainpoolP512r1 933 +#define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L + +#define SN_brainpoolP512t1 "brainpoolP512t1" +#define NID_brainpoolP512t1 934 +#define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L + +#define OBJ_x9_63_scheme 1L,3L,133L,16L,840L,63L,0L + +#define OBJ_secg_scheme OBJ_certicom_arc,1L + +#define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme" +#define NID_dhSinglePass_stdDH_sha1kdf_scheme 936 +#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L + +#define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme" +#define NID_dhSinglePass_stdDH_sha224kdf_scheme 937 +#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L + +#define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme" +#define NID_dhSinglePass_stdDH_sha256kdf_scheme 938 +#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L + +#define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme" +#define NID_dhSinglePass_stdDH_sha384kdf_scheme 939 +#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L + +#define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme" +#define NID_dhSinglePass_stdDH_sha512kdf_scheme 940 +#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L + +#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 941 +#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L + +#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 942 +#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L + +#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 943 +#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L + +#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 944 +#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L + +#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 945 +#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L + +#define SN_dh_std_kdf "dh-std-kdf" +#define NID_dh_std_kdf 946 + +#define SN_dh_cofactor_kdf "dh-cofactor-kdf" +#define NID_dh_cofactor_kdf 947 + +#define SN_ct_precert_scts "ct_precert_scts" +#define LN_ct_precert_scts "CT Precertificate SCTs" +#define NID_ct_precert_scts 951 +#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L + +#define SN_ct_precert_poison "ct_precert_poison" +#define LN_ct_precert_poison "CT Precertificate Poison" +#define NID_ct_precert_poison 952 +#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L + +#define SN_ct_precert_signer "ct_precert_signer" +#define LN_ct_precert_signer "CT Precertificate Signer" +#define NID_ct_precert_signer 953 +#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L + +#define SN_ct_cert_scts "ct_cert_scts" +#define LN_ct_cert_scts "CT Certificate SCTs" +#define NID_ct_cert_scts 954 +#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L + +#define SN_jurisdictionLocalityName "jurisdictionL" +#define LN_jurisdictionLocalityName "jurisdictionLocalityName" +#define NID_jurisdictionLocalityName 955 +#define OBJ_jurisdictionLocalityName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L + +#define SN_jurisdictionStateOrProvinceName "jurisdictionST" +#define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" +#define NID_jurisdictionStateOrProvinceName 956 +#define OBJ_jurisdictionStateOrProvinceName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L + +#define SN_jurisdictionCountryName "jurisdictionC" +#define LN_jurisdictionCountryName "jurisdictionCountryName" +#define NID_jurisdictionCountryName 957 +#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L + +#define SN_id_scrypt "id-scrypt" +#define LN_id_scrypt "scrypt" +#define NID_id_scrypt 973 +#define OBJ_id_scrypt 1L,3L,6L,1L,4L,1L,11591L,4L,11L + +#define SN_tls1_prf "TLS1-PRF" +#define LN_tls1_prf "tls1-prf" +#define NID_tls1_prf 1021 + +#define SN_hkdf "HKDF" +#define LN_hkdf "hkdf" +#define NID_hkdf 1036 + +#define SN_id_pkinit "id-pkinit" +#define NID_id_pkinit 1031 +#define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L + +#define SN_pkInitClientAuth "pkInitClientAuth" +#define LN_pkInitClientAuth "PKINIT Client Auth" +#define NID_pkInitClientAuth 1032 +#define OBJ_pkInitClientAuth OBJ_id_pkinit,4L + +#define SN_pkInitKDC "pkInitKDC" +#define LN_pkInitKDC "Signing KDC Response" +#define NID_pkInitKDC 1033 +#define OBJ_pkInitKDC OBJ_id_pkinit,5L + +#define SN_X25519 "X25519" +#define NID_X25519 1034 +#define OBJ_X25519 1L,3L,101L,110L + +#define SN_X448 "X448" +#define NID_X448 1035 +#define OBJ_X448 1L,3L,101L,111L + +#define SN_ED25519 "ED25519" +#define NID_ED25519 1087 +#define OBJ_ED25519 1L,3L,101L,112L + +#define SN_ED448 "ED448" +#define NID_ED448 1088 +#define OBJ_ED448 1L,3L,101L,113L + +#define SN_kx_rsa "KxRSA" +#define LN_kx_rsa "kx-rsa" +#define NID_kx_rsa 1037 + +#define SN_kx_ecdhe "KxECDHE" +#define LN_kx_ecdhe "kx-ecdhe" +#define NID_kx_ecdhe 1038 + +#define SN_kx_dhe "KxDHE" +#define LN_kx_dhe "kx-dhe" +#define NID_kx_dhe 1039 + +#define SN_kx_ecdhe_psk "KxECDHE-PSK" +#define LN_kx_ecdhe_psk "kx-ecdhe-psk" +#define NID_kx_ecdhe_psk 1040 + +#define SN_kx_dhe_psk "KxDHE-PSK" +#define LN_kx_dhe_psk "kx-dhe-psk" +#define NID_kx_dhe_psk 1041 + +#define SN_kx_rsa_psk "KxRSA_PSK" +#define LN_kx_rsa_psk "kx-rsa-psk" +#define NID_kx_rsa_psk 1042 + +#define SN_kx_psk "KxPSK" +#define LN_kx_psk "kx-psk" +#define NID_kx_psk 1043 + +#define SN_kx_srp "KxSRP" +#define LN_kx_srp "kx-srp" +#define NID_kx_srp 1044 + +#define SN_kx_gost "KxGOST" +#define LN_kx_gost "kx-gost" +#define NID_kx_gost 1045 + +#define SN_kx_any "KxANY" +#define LN_kx_any "kx-any" +#define NID_kx_any 1063 + +#define SN_auth_rsa "AuthRSA" +#define LN_auth_rsa "auth-rsa" +#define NID_auth_rsa 1046 + +#define SN_auth_ecdsa "AuthECDSA" +#define LN_auth_ecdsa "auth-ecdsa" +#define NID_auth_ecdsa 1047 + +#define SN_auth_psk "AuthPSK" +#define LN_auth_psk "auth-psk" +#define NID_auth_psk 1048 + +#define SN_auth_dss "AuthDSS" +#define LN_auth_dss "auth-dss" +#define NID_auth_dss 1049 + +#define SN_auth_gost01 "AuthGOST01" +#define LN_auth_gost01 "auth-gost01" +#define NID_auth_gost01 1050 + +#define SN_auth_gost12 "AuthGOST12" +#define LN_auth_gost12 "auth-gost12" +#define NID_auth_gost12 1051 + +#define SN_auth_srp "AuthSRP" +#define LN_auth_srp "auth-srp" +#define NID_auth_srp 1052 + +#define SN_auth_null "AuthNULL" +#define LN_auth_null "auth-null" +#define NID_auth_null 1053 + +#define SN_auth_any "AuthANY" +#define LN_auth_any "auth-any" +#define NID_auth_any 1064 + +#define SN_poly1305 "Poly1305" +#define LN_poly1305 "poly1305" +#define NID_poly1305 1061 + +#define SN_siphash "SipHash" +#define LN_siphash "siphash" +#define NID_siphash 1062 + +#define SN_ffdhe2048 "ffdhe2048" +#define NID_ffdhe2048 1126 + +#define SN_ffdhe3072 "ffdhe3072" +#define NID_ffdhe3072 1127 + +#define SN_ffdhe4096 "ffdhe4096" +#define NID_ffdhe4096 1128 + +#define SN_ffdhe6144 "ffdhe6144" +#define NID_ffdhe6144 1129 + +#define SN_ffdhe8192 "ffdhe8192" +#define NID_ffdhe8192 1130 + +#define SN_ISO_UA "ISO-UA" +#define NID_ISO_UA 1150 +#define OBJ_ISO_UA OBJ_member_body,804L + +#define SN_ua_pki "ua-pki" +#define NID_ua_pki 1151 +#define OBJ_ua_pki OBJ_ISO_UA,2L,1L,1L,1L + +#define SN_dstu28147 "dstu28147" +#define LN_dstu28147 "DSTU Gost 28147-2009" +#define NID_dstu28147 1152 +#define OBJ_dstu28147 OBJ_ua_pki,1L,1L,1L + +#define SN_dstu28147_ofb "dstu28147-ofb" +#define LN_dstu28147_ofb "DSTU Gost 28147-2009 OFB mode" +#define NID_dstu28147_ofb 1153 +#define OBJ_dstu28147_ofb OBJ_dstu28147,2L + +#define SN_dstu28147_cfb "dstu28147-cfb" +#define LN_dstu28147_cfb "DSTU Gost 28147-2009 CFB mode" +#define NID_dstu28147_cfb 1154 +#define OBJ_dstu28147_cfb OBJ_dstu28147,3L + +#define SN_dstu28147_wrap "dstu28147-wrap" +#define LN_dstu28147_wrap "DSTU Gost 28147-2009 key wrap" +#define NID_dstu28147_wrap 1155 +#define OBJ_dstu28147_wrap OBJ_dstu28147,5L + +#define SN_hmacWithDstu34311 "hmacWithDstu34311" +#define LN_hmacWithDstu34311 "HMAC DSTU Gost 34311-95" +#define NID_hmacWithDstu34311 1156 +#define OBJ_hmacWithDstu34311 OBJ_ua_pki,1L,1L,2L + +#define SN_dstu34311 "dstu34311" +#define LN_dstu34311 "DSTU Gost 34311-95" +#define NID_dstu34311 1157 +#define OBJ_dstu34311 OBJ_ua_pki,1L,2L,1L + +#define SN_dstu4145le "dstu4145le" +#define LN_dstu4145le "DSTU 4145-2002 little endian" +#define NID_dstu4145le 1158 +#define OBJ_dstu4145le OBJ_ua_pki,1L,3L,1L,1L + +#define SN_dstu4145be "dstu4145be" +#define LN_dstu4145be "DSTU 4145-2002 big endian" +#define NID_dstu4145be 1159 +#define OBJ_dstu4145be OBJ_dstu4145le,1L,1L + +#define SN_uacurve0 "uacurve0" +#define LN_uacurve0 "DSTU curve 0" +#define NID_uacurve0 1160 +#define OBJ_uacurve0 OBJ_dstu4145le,2L,0L + +#define SN_uacurve1 "uacurve1" +#define LN_uacurve1 "DSTU curve 1" +#define NID_uacurve1 1161 +#define OBJ_uacurve1 OBJ_dstu4145le,2L,1L + +#define SN_uacurve2 "uacurve2" +#define LN_uacurve2 "DSTU curve 2" +#define NID_uacurve2 1162 +#define OBJ_uacurve2 OBJ_dstu4145le,2L,2L + +#define SN_uacurve3 "uacurve3" +#define LN_uacurve3 "DSTU curve 3" +#define NID_uacurve3 1163 +#define OBJ_uacurve3 OBJ_dstu4145le,2L,3L + +#define SN_uacurve4 "uacurve4" +#define LN_uacurve4 "DSTU curve 4" +#define NID_uacurve4 1164 +#define OBJ_uacurve4 OBJ_dstu4145le,2L,4L + +#define SN_uacurve5 "uacurve5" +#define LN_uacurve5 "DSTU curve 5" +#define NID_uacurve5 1165 +#define OBJ_uacurve5 OBJ_dstu4145le,2L,5L + +#define SN_uacurve6 "uacurve6" +#define LN_uacurve6 "DSTU curve 6" +#define NID_uacurve6 1166 +#define OBJ_uacurve6 OBJ_dstu4145le,2L,6L + +#define SN_uacurve7 "uacurve7" +#define LN_uacurve7 "DSTU curve 7" +#define NID_uacurve7 1167 +#define OBJ_uacurve7 OBJ_dstu4145le,2L,7L + +#define SN_uacurve8 "uacurve8" +#define LN_uacurve8 "DSTU curve 8" +#define NID_uacurve8 1168 +#define OBJ_uacurve8 OBJ_dstu4145le,2L,8L + +#define SN_uacurve9 "uacurve9" +#define LN_uacurve9 "DSTU curve 9" +#define NID_uacurve9 1169 +#define OBJ_uacurve9 OBJ_dstu4145le,2L,9L diff --git a/deps/openssl/mingw64/include/openssl/objects.h b/deps/openssl/mingw64/include/openssl/objects.h new file mode 100644 index 00000000..5e8b5762 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/objects.h @@ -0,0 +1,175 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OBJECTS_H +# define HEADER_OBJECTS_H + +# include +# include +# include +# include + +# define OBJ_NAME_TYPE_UNDEF 0x00 +# define OBJ_NAME_TYPE_MD_METH 0x01 +# define OBJ_NAME_TYPE_CIPHER_METH 0x02 +# define OBJ_NAME_TYPE_PKEY_METH 0x03 +# define OBJ_NAME_TYPE_COMP_METH 0x04 +# define OBJ_NAME_TYPE_NUM 0x05 + +# define OBJ_NAME_ALIAS 0x8000 + +# define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct obj_name_st { + int type; + int alias; + const char *name; + const char *data; +} OBJ_NAME; + +# define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) + +int OBJ_NAME_init(void); +int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), + int (*cmp_func) (const char *, const char *), + void (*free_func) (const char *, int, const char *)); +const char *OBJ_NAME_get(const char *name, int type); +int OBJ_NAME_add(const char *name, int type, const char *data); +int OBJ_NAME_remove(const char *name, int type); +void OBJ_NAME_cleanup(int type); /* -1 for everything */ +void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), + void *arg); +void OBJ_NAME_do_all_sorted(int type, + void (*fn) (const OBJ_NAME *, void *arg), + void *arg); + +ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o); +ASN1_OBJECT *OBJ_nid2obj(int n); +const char *OBJ_nid2ln(int n); +const char *OBJ_nid2sn(int n); +int OBJ_obj2nid(const ASN1_OBJECT *o); +ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); +int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +int OBJ_txt2nid(const char *s); +int OBJ_ln2nid(const char *s); +int OBJ_sn2nid(const char *s); +int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, + int (*cmp) (const void *, const void *)); +const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, + int size, + int (*cmp) (const void *, const void *), + int flags); + +# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ + static int nm##_cmp(type1 const *, type2 const *); \ + scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +/*- + * Unsolved problem: if a type is actually a pointer type, like + * nid_triple is, then its impossible to get a const where you need + * it. Consider: + * + * typedef int nid_triple[3]; + * const void *a_; + * const nid_triple const *a = a_; + * + * The assignment discards a const because what you really want is: + * + * const int const * const *a = a_; + * + * But if you do that, you lose the fact that a is an array of 3 ints, + * which breaks comparison functions. + * + * Thus we end up having to cast, sadly, or unpack the + * declarations. Or, as I finally did in this case, declare nid_triple + * to be a struct, which it should have been in the first place. + * + * Ben, August 2008. + * + * Also, strictly speaking not all types need be const, but handling + * the non-constness means a lot of complication, and in practice + * comparison routines do always not touch their arguments. + */ + +# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define OBJ_bsearch(type1,key,type2,base,num,cmp) \ + ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN))) + +# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ + ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN)),flags) + +int OBJ_new_nid(int num); +int OBJ_add_object(const ASN1_OBJECT *obj); +int OBJ_create(const char *oid, const char *sn, const char *ln); +#if OPENSSL_API_COMPAT < 0x10100000L +# define OBJ_cleanup() while(0) continue +#endif +int OBJ_create_objects(BIO *in); + +size_t OBJ_length(const ASN1_OBJECT *obj); +const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); + +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); +int OBJ_add_sigid(int signid, int dig_id, int pkey_id); +void OBJ_sigid_free(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/objectserr.h b/deps/openssl/mingw64/include/openssl/objectserr.h new file mode 100644 index 00000000..02e166f1 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/objectserr.h @@ -0,0 +1,42 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OBJERR_H +# define HEADER_OBJERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OBJ_strings(void); + +/* + * OBJ function codes. + */ +# define OBJ_F_OBJ_ADD_OBJECT 105 +# define OBJ_F_OBJ_ADD_SIGID 107 +# define OBJ_F_OBJ_CREATE 100 +# define OBJ_F_OBJ_DUP 101 +# define OBJ_F_OBJ_NAME_NEW_INDEX 106 +# define OBJ_F_OBJ_NID2LN 102 +# define OBJ_F_OBJ_NID2OBJ 103 +# define OBJ_F_OBJ_NID2SN 104 +# define OBJ_F_OBJ_TXT2OBJ 108 + +/* + * OBJ reason codes. + */ +# define OBJ_R_OID_EXISTS 102 +# define OBJ_R_UNKNOWN_NID 101 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/ocsp.h b/deps/openssl/mingw64/include/openssl/ocsp.h new file mode 100644 index 00000000..4d759a49 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/ocsp.h @@ -0,0 +1,352 @@ +/* + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OCSP_H +# define HEADER_OCSP_H + +#include + +/* + * These definitions are outside the OPENSSL_NO_OCSP guard because although for + * historical reasons they have OCSP_* names, they can actually be used + * independently of OCSP. E.g. see RFC5280 + */ +/*- + * CRLReason ::= ENUMERATED { + * unspecified (0), + * keyCompromise (1), + * cACompromise (2), + * affiliationChanged (3), + * superseded (4), + * cessationOfOperation (5), + * certificateHold (6), + * removeFromCRL (8) } + */ +# define OCSP_REVOKED_STATUS_NOSTATUS -1 +# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +# define OCSP_REVOKED_STATUS_SUPERSEDED 4 +# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 + + +# ifndef OPENSSL_NO_OCSP + +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Various flags and values */ + +# define OCSP_DEFAULT_NONCE_LENGTH 16 + +# define OCSP_NOCERTS 0x1 +# define OCSP_NOINTERN 0x2 +# define OCSP_NOSIGS 0x4 +# define OCSP_NOCHAIN 0x8 +# define OCSP_NOVERIFY 0x10 +# define OCSP_NOEXPLICIT 0x20 +# define OCSP_NOCASIGN 0x40 +# define OCSP_NODELEGATED 0x80 +# define OCSP_NOCHECKS 0x100 +# define OCSP_TRUSTOTHER 0x200 +# define OCSP_RESPID_KEY 0x400 +# define OCSP_NOTIME 0x800 + +typedef struct ocsp_cert_id_st OCSP_CERTID; + +DEFINE_STACK_OF(OCSP_CERTID) + +typedef struct ocsp_one_request_st OCSP_ONEREQ; + +DEFINE_STACK_OF(OCSP_ONEREQ) + +typedef struct ocsp_req_info_st OCSP_REQINFO; +typedef struct ocsp_signature_st OCSP_SIGNATURE; +typedef struct ocsp_request_st OCSP_REQUEST; + +# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +# define OCSP_RESPONSE_STATUS_TRYLATER 3 +# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 + +typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; + +# define V_OCSP_RESPID_NAME 0 +# define V_OCSP_RESPID_KEY 1 + +DEFINE_STACK_OF(OCSP_RESPID) + +typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; + +# define V_OCSP_CERTSTATUS_GOOD 0 +# define V_OCSP_CERTSTATUS_REVOKED 1 +# define V_OCSP_CERTSTATUS_UNKNOWN 2 + +typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; +typedef struct ocsp_single_response_st OCSP_SINGLERESP; + +DEFINE_STACK_OF(OCSP_SINGLERESP) + +typedef struct ocsp_response_data_st OCSP_RESPDATA; + +typedef struct ocsp_basic_response_st OCSP_BASICRESP; + +typedef struct ocsp_crl_id_st OCSP_CRLID; +typedef struct ocsp_service_locator_st OCSP_SERVICELOC; + +# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" +# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" + +# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) + +# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) + +# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \ + bp,(char **)(x),cb,NULL) + +# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio(\ + (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \ + bp,(char **)(x),cb,NULL) + +# define PEM_write_bio_OCSP_REQUEST(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) + +# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) + +# define ASN1_BIT_STRING_digest(data,type,md,len) \ + ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) + +# define OCSP_CERTSTATUS_dup(cs)\ + (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ + (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) + +OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id); + +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, + int maxline); +int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx); +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline); +void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); +int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, + ASN1_VALUE *val); +int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval, + const ASN1_ITEM *it); +BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx); +int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path); +int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); +int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, + const char *name, const char *value); + +OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, + const X509 *issuer); + +OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, + const X509_NAME *issuerName, + const ASN1_BIT_STRING *issuerKey, + const ASN1_INTEGER *serialNumber); + +OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + +int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); + +int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); +int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); + +int OCSP_request_sign(OCSP_REQUEST *req, + X509 *signer, + EVP_PKEY *key, + const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); + +int OCSP_response_status(OCSP_RESPONSE *resp); +OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); + +const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); + +int OCSP_resp_count(OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs); +const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, + const X509_NAME **pname); +int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, + ASN1_OCTET_STRING **pid, + X509_NAME **pname); + +int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, + int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + +int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, + X509_STORE *store, unsigned long flags); + +int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, + int *pssl); + +int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); + +int OCSP_request_onereq_count(OCSP_REQUEST *req); +OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); +int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid); +int OCSP_request_is_signed(OCSP_REQUEST *req); +OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, + OCSP_CERTID *cid, + int status, int reason, + ASN1_TIME *revtime, + ASN1_TIME *thisupd, + ASN1_TIME *nextupd); +int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); +int OCSP_basic_sign(OCSP_BASICRESP *brsp, + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, + X509 *signer, EVP_MD_CTX *ctx, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); + +X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); + +X509_EXTENSION *OCSP_accept_responses_new(char **oids); + +X509_EXTENSION *OCSP_archive_cutoff_new(char *tim); + +X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls); + +int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); +int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); +int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); +X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); +X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); +void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, + int *idx); +int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); + +int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); +int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); +int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos); +int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); +X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); +X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); +void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); +int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); + +int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); +int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); +int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); +X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); +void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, + int *idx); +int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); + +int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); +int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); +int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); +X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); +void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, + int *idx); +int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); +const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x); + +DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) +DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES) +DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTID) +DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST) +DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE) +DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) +DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) + +const char *OCSP_response_status_str(long s); +const char *OCSP_cert_status_str(long s); +const char *OCSP_crl_reason_str(long s); + +int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags); +int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); + +int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/ocsperr.h b/deps/openssl/mingw64/include/openssl/ocsperr.h new file mode 100644 index 00000000..8dd9e01a --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/ocsperr.h @@ -0,0 +1,78 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OCSPERR_H +# define HEADER_OCSPERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_OCSP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OCSP_strings(void); + +/* + * OCSP function codes. + */ +# define OCSP_F_D2I_OCSP_NONCE 102 +# define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 +# define OCSP_F_OCSP_BASIC_SIGN 104 +# define OCSP_F_OCSP_BASIC_SIGN_CTX 119 +# define OCSP_F_OCSP_BASIC_VERIFY 105 +# define OCSP_F_OCSP_CERT_ID_NEW 101 +# define OCSP_F_OCSP_CHECK_DELEGATED 106 +# define OCSP_F_OCSP_CHECK_IDS 107 +# define OCSP_F_OCSP_CHECK_ISSUER 108 +# define OCSP_F_OCSP_CHECK_VALIDITY 115 +# define OCSP_F_OCSP_MATCH_ISSUERID 109 +# define OCSP_F_OCSP_PARSE_URL 114 +# define OCSP_F_OCSP_REQUEST_SIGN 110 +# define OCSP_F_OCSP_REQUEST_VERIFY 116 +# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 +# define OCSP_F_PARSE_HTTP_LINE1 118 + +/* + * OCSP reason codes. + */ +# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 +# define OCSP_R_DIGEST_ERR 102 +# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +# define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 +# define OCSP_R_ERROR_PARSING_URL 121 +# define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 +# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 +# define OCSP_R_NOT_BASIC_RESPONSE 104 +# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 +# define OCSP_R_NO_RESPONSE_DATA 108 +# define OCSP_R_NO_REVOKED_TIME 109 +# define OCSP_R_NO_SIGNER_KEY 130 +# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 +# define OCSP_R_REQUEST_NOT_SIGNED 128 +# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 +# define OCSP_R_ROOT_CA_NOT_TRUSTED 112 +# define OCSP_R_SERVER_RESPONSE_ERROR 114 +# define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 +# define OCSP_R_SIGNATURE_FAILURE 117 +# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 +# define OCSP_R_STATUS_EXPIRED 125 +# define OCSP_R_STATUS_NOT_YET_VALID 126 +# define OCSP_R_STATUS_TOO_OLD 127 +# define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 +# define OCSP_R_UNKNOWN_NID 120 +# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 + +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/opensslconf.h b/deps/openssl/mingw64/include/openssl/opensslconf.h new file mode 100644 index 00000000..928fd64e --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/opensslconf.h @@ -0,0 +1,198 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/opensslconf.h.in + * + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_ALGORITHM_DEFINES +# error OPENSSL_ALGORITHM_DEFINES no longer supported +#endif + +/* + * OpenSSL was configured with the following options: + */ + +#ifndef OPENSSL_SYS_MINGW64 +# define OPENSSL_SYS_MINGW64 1 +#endif +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_RAND_SEED_OS +# define OPENSSL_RAND_SEED_OS +#endif +#ifndef OPENSSL_NO_AFALGENG +# define OPENSSL_NO_AFALGENG +#endif +#ifndef OPENSSL_NO_ASAN +# define OPENSSL_NO_ASAN +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_NO_CRYPTO_MDEBUG +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +#endif +#ifndef OPENSSL_NO_DEVCRYPTOENG +# define OPENSSL_NO_DEVCRYPTOENG +#endif +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +#endif +#ifndef OPENSSL_NO_EGD +# define OPENSSL_NO_EGD +#endif +#ifndef OPENSSL_NO_EXTERNAL_TESTS +# define OPENSSL_NO_EXTERNAL_TESTS +#endif +#ifndef OPENSSL_NO_FUZZ_AFL +# define OPENSSL_NO_FUZZ_AFL +#endif +#ifndef OPENSSL_NO_FUZZ_LIBFUZZER +# define OPENSSL_NO_FUZZ_LIBFUZZER +#endif +#ifndef OPENSSL_NO_HEARTBEATS +# define OPENSSL_NO_HEARTBEATS +#endif +#ifndef OPENSSL_NO_MSAN +# define OPENSSL_NO_MSAN +#endif +#ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +#endif +#ifndef OPENSSL_NO_SSL_TRACE +# define OPENSSL_NO_SSL_TRACE +#endif +#ifndef OPENSSL_NO_SSL3 +# define OPENSSL_NO_SSL3 +#endif +#ifndef OPENSSL_NO_SSL3_METHOD +# define OPENSSL_NO_SSL3_METHOD +#endif +#ifndef OPENSSL_NO_UBSAN +# define OPENSSL_NO_UBSAN +#endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +# define OPENSSL_NO_WEAK_SSL_CIPHERS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif + + +/* + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers + * don't like that. This will hopefully silence them. + */ +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; + +/* + * Applications should use -DOPENSSL_API_COMPAT= to suppress the + * declarations of functions deprecated in or before . Otherwise, they + * still won't see them if the library has been built to disable deprecated + * functions. + */ +#ifndef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +#endif + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif +#endif + +#ifndef OPENSSL_MIN_API +# define OPENSSL_MIN_API 0 +#endif + +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API +# undef OPENSSL_API_COMPAT +# define OPENSSL_API_COMPAT OPENSSL_MIN_API +#endif + +/* + * Do not deprecate things to be deprecated in version 1.2.0 before the + * OpenSSL version number matches. + */ +#if OPENSSL_VERSION_NUMBER < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) f; +#elif OPENSSL_API_COMPAT < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_2_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10100000L +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_1_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10000000L +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_0_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x00908000L +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_0_9_8(f) +#endif + +/* Generate 80386 code? */ +#undef I386_ONLY + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#define OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* + * The following are cipher-specific, but are part of the public API. + */ +#if !defined(OPENSSL_SYS_UEFI) +# undef BN_LLONG +/* Only one for the following should be defined */ +# undef SIXTY_FOUR_BIT_LONG +# define SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT +#endif + +#define RC4_INT unsigned int + +#ifdef __cplusplus +} +#endif diff --git a/deps/openssl/mingw64/include/openssl/opensslv.h b/deps/openssl/mingw64/include/openssl/opensslv.h new file mode 100644 index 00000000..17d271f5 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/opensslv.h @@ -0,0 +1,101 @@ +/* + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OPENSSLV_H +# define HEADER_OPENSSLV_H + +#ifdef __cplusplus +extern "C" { +#endif + +/*- + * Numeric release version identifier: + * MNNFFPPS: major minor fix patch status + * The status nibble has one of the values 0 for development, 1 to e for betas + * 1 to 14, and f for release. The patch level is exactly that. + * For example: + * 0.9.3-dev 0x00903000 + * 0.9.3-beta1 0x00903001 + * 0.9.3-beta2-dev 0x00903002 + * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) + * 0.9.3 0x0090300f + * 0.9.3a 0x0090301f + * 0.9.4 0x0090400f + * 1.2.3z 0x102031af + * + * For continuity reasons (because 0.9.5 is already out, and is coded + * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level + * part is slightly different, by setting the highest bit. This means + * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start + * with 0x0090600S... + * + * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.) + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +# define OPENSSL_VERSION_NUMBER 0x1010107fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1g 21 Apr 2020" + +/*- + * The macros below are to be used for shared library (.so, .dll, ...) + * versioning. That kind of versioning works a bit differently between + * operating systems. The most usual scheme is to set a major and a minor + * number, and have the runtime loader check that the major number is equal + * to what it was at application link time, while the minor number has to + * be greater or equal to what it was at application link time. With this + * scheme, the version number is usually part of the file name, like this: + * + * libcrypto.so.0.9 + * + * Some unixen also make a softlink with the major version number only: + * + * libcrypto.so.0 + * + * On Tru64 and IRIX 6.x it works a little bit differently. There, the + * shared library version is stored in the file, and is actually a series + * of versions, separated by colons. The rightmost version present in the + * library when linking an application is stored in the application to be + * matched at run time. When the application is run, a check is done to + * see if the library version stored in the application matches any of the + * versions in the version string of the library itself. + * This version string can be constructed in any way, depending on what + * kind of matching is desired. However, to implement the same scheme as + * the one used in the other unixen, all compatible versions, from lowest + * to highest, should be part of the string. Consecutive builds would + * give the following versions strings: + * + * 3.0 + * 3.0:3.1 + * 3.0:3.1:3.2 + * 4.0 + * 4.0:4.1 + * + * Notice how version 4 is completely incompatible with version, and + * therefore give the breach you can see. + * + * There may be other schemes as well that I haven't yet discovered. + * + * So, here's the way it works here: first of all, the library version + * number doesn't need at all to match the overall OpenSSL version. + * However, it's nice and more understandable if it actually does. + * The current library version is stored in the macro SHLIB_VERSION_NUMBER, + * which is just a piece of text in the format "M.m.e" (Major, minor, edit). + * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways, + * we need to keep a history of version numbers, which is done in the + * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and + * should only keep the versions that are binary compatible with the current. + */ +# define SHLIB_VERSION_HISTORY "" +# define SHLIB_VERSION_NUMBER "1.1" + + +#ifdef __cplusplus +} +#endif +#endif /* HEADER_OPENSSLV_H */ diff --git a/deps/openssl/mingw64/include/openssl/ossl_typ.h b/deps/openssl/mingw64/include/openssl/ossl_typ.h new file mode 100644 index 00000000..e0edfaaf --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/ossl_typ.h @@ -0,0 +1,197 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OPENSSL_TYPES_H +# define HEADER_OPENSSL_TYPES_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +# include + +# ifdef NO_ASN1_TYPEDEFS +# define ASN1_INTEGER ASN1_STRING +# define ASN1_ENUMERATED ASN1_STRING +# define ASN1_BIT_STRING ASN1_STRING +# define ASN1_OCTET_STRING ASN1_STRING +# define ASN1_PRINTABLESTRING ASN1_STRING +# define ASN1_T61STRING ASN1_STRING +# define ASN1_IA5STRING ASN1_STRING +# define ASN1_UTCTIME ASN1_STRING +# define ASN1_GENERALIZEDTIME ASN1_STRING +# define ASN1_TIME ASN1_STRING +# define ASN1_GENERALSTRING ASN1_STRING +# define ASN1_UNIVERSALSTRING ASN1_STRING +# define ASN1_BMPSTRING ASN1_STRING +# define ASN1_VISIBLESTRING ASN1_STRING +# define ASN1_UTF8STRING ASN1_STRING +# define ASN1_BOOLEAN int +# define ASN1_NULL int +# else +typedef struct asn1_string_st ASN1_INTEGER; +typedef struct asn1_string_st ASN1_ENUMERATED; +typedef struct asn1_string_st ASN1_BIT_STRING; +typedef struct asn1_string_st ASN1_OCTET_STRING; +typedef struct asn1_string_st ASN1_PRINTABLESTRING; +typedef struct asn1_string_st ASN1_T61STRING; +typedef struct asn1_string_st ASN1_IA5STRING; +typedef struct asn1_string_st ASN1_GENERALSTRING; +typedef struct asn1_string_st ASN1_UNIVERSALSTRING; +typedef struct asn1_string_st ASN1_BMPSTRING; +typedef struct asn1_string_st ASN1_UTCTIME; +typedef struct asn1_string_st ASN1_TIME; +typedef struct asn1_string_st ASN1_GENERALIZEDTIME; +typedef struct asn1_string_st ASN1_VISIBLESTRING; +typedef struct asn1_string_st ASN1_UTF8STRING; +typedef struct asn1_string_st ASN1_STRING; +typedef int ASN1_BOOLEAN; +typedef int ASN1_NULL; +# endif + +typedef struct asn1_object_st ASN1_OBJECT; + +typedef struct ASN1_ITEM_st ASN1_ITEM; +typedef struct asn1_pctx_st ASN1_PCTX; +typedef struct asn1_sctx_st ASN1_SCTX; + +# ifdef _WIN32 +# undef X509_NAME +# undef X509_EXTENSIONS +# undef PKCS7_ISSUER_AND_SERIAL +# undef PKCS7_SIGNER_INFO +# undef OCSP_REQUEST +# undef OCSP_RESPONSE +# endif + +# ifdef BIGNUM +# undef BIGNUM +# endif +struct dane_st; +typedef struct bio_st BIO; +typedef struct bignum_st BIGNUM; +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; + +typedef struct buf_mem_st BUF_MEM; + +typedef struct evp_cipher_st EVP_CIPHER; +typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; +typedef struct evp_md_st EVP_MD; +typedef struct evp_md_ctx_st EVP_MD_CTX; +typedef struct evp_pkey_st EVP_PKEY; + +typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + +typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + +typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; + +typedef struct hmac_ctx_st HMAC_CTX; + +typedef struct dh_st DH; +typedef struct dh_method DH_METHOD; + +typedef struct dsa_st DSA; +typedef struct dsa_method DSA_METHOD; + +typedef struct rsa_st RSA; +typedef struct rsa_meth_st RSA_METHOD; +typedef struct rsa_pss_params_st RSA_PSS_PARAMS; + +typedef struct ec_key_st EC_KEY; +typedef struct ec_key_method_st EC_KEY_METHOD; + +typedef struct rand_meth_st RAND_METHOD; +typedef struct rand_drbg_st RAND_DRBG; + +typedef struct ssl_dane_st SSL_DANE; +typedef struct x509_st X509; +typedef struct X509_algor_st X509_ALGOR; +typedef struct X509_crl_st X509_CRL; +typedef struct x509_crl_method_st X509_CRL_METHOD; +typedef struct x509_revoked_st X509_REVOKED; +typedef struct X509_name_st X509_NAME; +typedef struct X509_pubkey_st X509_PUBKEY; +typedef struct x509_store_st X509_STORE; +typedef struct x509_store_ctx_st X509_STORE_CTX; + +typedef struct x509_object_st X509_OBJECT; +typedef struct x509_lookup_st X509_LOOKUP; +typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; +typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; + +typedef struct x509_sig_info_st X509_SIG_INFO; + +typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; + +typedef struct v3_ext_ctx X509V3_CTX; +typedef struct conf_st CONF; +typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS; + +typedef struct ui_st UI; +typedef struct ui_method_st UI_METHOD; + +typedef struct engine_st ENGINE; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; + +typedef struct comp_ctx_st COMP_CTX; +typedef struct comp_method_st COMP_METHOD; + +typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; +typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; +typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; +typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; + +typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; +typedef struct DIST_POINT_st DIST_POINT; +typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; +typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; + +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; + +typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; +typedef struct ocsp_response_st OCSP_RESPONSE; +typedef struct ocsp_responder_id_st OCSP_RESPID; + +typedef struct sct_st SCT; +typedef struct sct_ctx_st SCT_CTX; +typedef struct ctlog_st CTLOG; +typedef struct ctlog_store_st CTLOG_STORE; +typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; + +typedef struct ossl_store_info_st OSSL_STORE_INFO; +typedef struct ossl_store_search_st OSSL_STORE_SEARCH; + +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ + defined(INTMAX_MAX) && defined(UINTMAX_MAX) +typedef intmax_t ossl_intmax_t; +typedef uintmax_t ossl_uintmax_t; +#else +/* + * Not long long, because the C-library can only be expected to provide + * strtoll(), strtoull() at the same time as intmax_t and strtoimax(), + * strtoumax(). Since we use these for parsing arguments, we need the + * conversion functions, not just the sizes. + */ +typedef long ossl_intmax_t; +typedef unsigned long ossl_uintmax_t; +#endif + +#ifdef __cplusplus +} +#endif +#endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/deps/openssl/mingw64/include/openssl/pem.h b/deps/openssl/mingw64/include/openssl/pem.h new file mode 100644 index 00000000..2ef5b5d0 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/pem.h @@ -0,0 +1,378 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEM_H +# define HEADER_PEM_H + +# include +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PEM_BUFSIZE 1024 + +# define PEM_STRING_X509_OLD "X509 CERTIFICATE" +# define PEM_STRING_X509 "CERTIFICATE" +# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" +# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +# define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +# define PEM_STRING_X509_CRL "X509 CRL" +# define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" +# define PEM_STRING_PUBLIC "PUBLIC KEY" +# define PEM_STRING_RSA "RSA PRIVATE KEY" +# define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +# define PEM_STRING_DSA "DSA PRIVATE KEY" +# define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" +# define PEM_STRING_PKCS7 "PKCS7" +# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" +# define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" +# define PEM_STRING_PKCS8INF "PRIVATE KEY" +# define PEM_STRING_DHPARAMS "DH PARAMETERS" +# define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS" +# define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +# define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +# define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +# define PEM_STRING_PARAMETERS "PARAMETERS" +# define PEM_STRING_CMS "CMS" + +# define PEM_TYPE_ENCRYPTED 10 +# define PEM_TYPE_MIC_ONLY 20 +# define PEM_TYPE_MIC_CLEAR 30 +# define PEM_TYPE_CLEAR 40 + +/* + * These macros make the PEM_read/PEM_write functions easier to maintain and + * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or + * IMPLEMENT_PEM_rw_cb(...) + */ + +# ifdef OPENSSL_NO_STDIO + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ +# else + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ +type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ +} + +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, const type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +# endif + +# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ +type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ +} + +# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, const type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \ + } + +# define IMPLEMENT_PEM_write(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_read_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb(name, type, str, asn1) + +/* These are the same except they are for the declarations */ + +# if defined(OPENSSL_NO_STDIO) + +# define DECLARE_PEM_read_fp(name, type) /**/ +# define DECLARE_PEM_write_fp(name, type) /**/ +# define DECLARE_PEM_write_fp_const(name, type) /**/ +# define DECLARE_PEM_write_cb_fp(name, type) /**/ +# else + +# define DECLARE_PEM_read_fp(name, type) \ + type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x); + +# define DECLARE_PEM_write_fp_const(name, type) \ + int PEM_write_##name(FILE *fp, const type *x); + +# define DECLARE_PEM_write_cb_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +# endif + +# define DECLARE_PEM_read_bio(name, type) \ + type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x); + +# define DECLARE_PEM_write_bio_const(name, type) \ + int PEM_write_bio_##name(BIO *bp, const type *x); + +# define DECLARE_PEM_write_cb_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write(name, type) \ + DECLARE_PEM_write_bio(name, type) \ + DECLARE_PEM_write_fp(name, type) +# define DECLARE_PEM_write_const(name, type) \ + DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_fp_const(name, type) +# define DECLARE_PEM_write_cb(name, type) \ + DECLARE_PEM_write_cb_bio(name, type) \ + DECLARE_PEM_write_cb_fp(name, type) +# define DECLARE_PEM_read(name, type) \ + DECLARE_PEM_read_bio(name, type) \ + DECLARE_PEM_read_fp(name, type) +# define DECLARE_PEM_rw(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write(name, type) +# define DECLARE_PEM_rw_const(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_const(name, type) +# define DECLARE_PEM_rw_cb(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_cb(name, type) +typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); + +int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); +int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, + pem_password_cb *callback, void *u); + +int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data, long *len); +# define PEM_FLAG_SECURE 0x1 +# define PEM_FLAG_EAY_COMPATIBLE 0x2 +# define PEM_FLAG_ONLY_B64 0x4 +int PEM_read_bio_ex(BIO *bp, char **name, char **header, + unsigned char **data, long *len, unsigned int flags); +int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +int PEM_write_bio(BIO *bp, const char *name, const char *hdr, + const unsigned char *data, long len); +int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cd, void *u); + +#ifndef OPENSSL_NO_STDIO +int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data, long *len); +int PEM_write(FILE *fp, const char *name, const char *hdr, + const unsigned char *data, long len); +void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + void *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u); +STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +#endif + +int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); +int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey); + +/* The default pem_password_cb that's used internally */ +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata); +void PEM_proc_type(char *buf, int type); +void PEM_dek_info(char *buf, const char *type, int len, char *str); + +# include + +DECLARE_PEM_rw(X509, X509) +DECLARE_PEM_rw(X509_AUX, X509) +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) +DECLARE_PEM_rw(X509_CRL, X509_CRL) +DECLARE_PEM_rw(PKCS7, PKCS7) +DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) +DECLARE_PEM_rw(PKCS8, X509_SIG) +DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) +# ifndef OPENSSL_NO_RSA +DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) +DECLARE_PEM_rw_const(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) +# endif +# ifndef OPENSSL_NO_DSA +DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) +DECLARE_PEM_rw(DSA_PUBKEY, DSA) +DECLARE_PEM_rw_const(DSAparams, DSA) +# endif +# ifndef OPENSSL_NO_EC +DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +# endif +# ifndef OPENSSL_NO_DH +DECLARE_PEM_rw_const(DHparams, DH) +DECLARE_PEM_write_const(DHxparams, DH) +# endif +DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) +DECLARE_PEM_rw(PUBKEY, EVP_PKEY) + +int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, + const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, + char *, int, pem_password_cb *, void *); +int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); + +EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cd, + void *u); +# endif +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); + +# ifndef OPENSSL_NO_DSA +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PrivateKey_bio(BIO *in); +EVP_PKEY *b2i_PublicKey_bio(BIO *in); +int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); +int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); +# ifndef OPENSSL_NO_RC4 +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u); +# endif +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/pem2.h b/deps/openssl/mingw64/include/openssl/pem2.h new file mode 100644 index 00000000..038fe790 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/pem2.h @@ -0,0 +1,13 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEM2_H +# define HEADER_PEM2_H +# include +#endif diff --git a/deps/openssl/mingw64/include/openssl/pemerr.h b/deps/openssl/mingw64/include/openssl/pemerr.h new file mode 100644 index 00000000..0c45918f --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/pemerr.h @@ -0,0 +1,103 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEMERR_H +# define HEADER_PEMERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PEM_strings(void); + +/* + * PEM function codes. + */ +# define PEM_F_B2I_DSS 127 +# define PEM_F_B2I_PVK_BIO 128 +# define PEM_F_B2I_RSA 129 +# define PEM_F_CHECK_BITLEN_DSA 130 +# define PEM_F_CHECK_BITLEN_RSA 131 +# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 +# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 +# define PEM_F_DO_B2I 132 +# define PEM_F_DO_B2I_BIO 133 +# define PEM_F_DO_BLOB_HEADER 134 +# define PEM_F_DO_I2B 146 +# define PEM_F_DO_PK8PKEY 126 +# define PEM_F_DO_PK8PKEY_FP 125 +# define PEM_F_DO_PVK_BODY 135 +# define PEM_F_DO_PVK_HEADER 136 +# define PEM_F_GET_HEADER_AND_DATA 143 +# define PEM_F_GET_NAME 144 +# define PEM_F_I2B_PVK 137 +# define PEM_F_I2B_PVK_BIO 138 +# define PEM_F_LOAD_IV 101 +# define PEM_F_PEM_ASN1_READ 102 +# define PEM_F_PEM_ASN1_READ_BIO 103 +# define PEM_F_PEM_ASN1_WRITE 104 +# define PEM_F_PEM_ASN1_WRITE_BIO 105 +# define PEM_F_PEM_DEF_CALLBACK 100 +# define PEM_F_PEM_DO_HEADER 106 +# define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +# define PEM_F_PEM_READ 108 +# define PEM_F_PEM_READ_BIO 109 +# define PEM_F_PEM_READ_BIO_DHPARAMS 141 +# define PEM_F_PEM_READ_BIO_EX 145 +# define PEM_F_PEM_READ_BIO_PARAMETERS 140 +# define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 +# define PEM_F_PEM_READ_DHPARAMS 142 +# define PEM_F_PEM_READ_PRIVATEKEY 124 +# define PEM_F_PEM_SIGNFINAL 112 +# define PEM_F_PEM_WRITE 113 +# define PEM_F_PEM_WRITE_BIO 114 +# define PEM_F_PEM_WRITE_PRIVATEKEY 139 +# define PEM_F_PEM_X509_INFO_READ 115 +# define PEM_F_PEM_X509_INFO_READ_BIO 116 +# define PEM_F_PEM_X509_INFO_WRITE_BIO 117 + +/* + * PEM reason codes. + */ +# define PEM_R_BAD_BASE64_DECODE 100 +# define PEM_R_BAD_DECRYPT 101 +# define PEM_R_BAD_END_LINE 102 +# define PEM_R_BAD_IV_CHARS 103 +# define PEM_R_BAD_MAGIC_NUMBER 116 +# define PEM_R_BAD_PASSWORD_READ 104 +# define PEM_R_BAD_VERSION_NUMBER 117 +# define PEM_R_BIO_WRITE_FAILURE 118 +# define PEM_R_CIPHER_IS_NULL 127 +# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +# define PEM_R_HEADER_TOO_LONG 128 +# define PEM_R_INCONSISTENT_HEADER 121 +# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +# define PEM_R_KEYBLOB_TOO_SHORT 123 +# define PEM_R_MISSING_DEK_IV 129 +# define PEM_R_NOT_DEK_INFO 105 +# define PEM_R_NOT_ENCRYPTED 106 +# define PEM_R_NOT_PROC_TYPE 107 +# define PEM_R_NO_START_LINE 108 +# define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +# define PEM_R_PVK_DATA_TOO_SHORT 124 +# define PEM_R_PVK_TOO_SHORT 125 +# define PEM_R_READ_KEY 111 +# define PEM_R_SHORT_HEADER 112 +# define PEM_R_UNEXPECTED_DEK_IV 130 +# define PEM_R_UNSUPPORTED_CIPHER 113 +# define PEM_R_UNSUPPORTED_ENCRYPTION 114 +# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/pkcs12.h b/deps/openssl/mingw64/include/openssl/pkcs12.h new file mode 100644 index 00000000..3f43dad6 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/pkcs12.h @@ -0,0 +1,223 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS12_H +# define HEADER_PKCS12_H + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PKCS12_KEY_ID 1 +# define PKCS12_IV_ID 2 +# define PKCS12_MAC_ID 3 + +/* Default iteration count */ +# ifndef PKCS12_DEFAULT_ITER +# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER +# endif + +# define PKCS12_MAC_KEY_LENGTH 20 + +# define PKCS12_SALT_LEN 8 + +/* It's not clear if these are actually needed... */ +# define PKCS12_key_gen PKCS12_key_gen_utf8 +# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 + +/* MS key usage constants */ + +# define KEY_EX 0x10 +# define KEY_SIG 0x80 + +typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; + +typedef struct PKCS12_st PKCS12; + +typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; + +DEFINE_STACK_OF(PKCS12_SAFEBAG) + +typedef struct pkcs12_bag_st PKCS12_BAGS; + +# define PKCS12_ERROR 0 +# define PKCS12_OK 1 + +/* Compatibility macros */ + +#if OPENSSL_API_COMPAT < 0x10100000L + +# define M_PKCS12_bag_type PKCS12_bag_type +# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type +# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type + +# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert +# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl +# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid +# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid +# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl +# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf +# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt + +#endif + +DEPRECATEDIN_1_1_0(ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)) + +ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); +int PKCS12_mac_present(const PKCS12 *p12); +void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, + const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, + const ASN1_INTEGER **piter, + const PKCS12 *p12); + +const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, + int attr_nid); +const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); + +X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); +const STACK_OF(PKCS12_SAFEBAG) * +PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); +const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); +const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf); + +PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + int nid1, int nid2); +PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, + int passlen); +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, + const char *pass, int passlen); +X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); +X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); +PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); +PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + int passlen); + +int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); +STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); + +int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, + int namelen); +int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, + const unsigned char *name, int namelen); +int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); +ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, + int attr_nid); +char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +const STACK_OF(X509_ATTRIBUTE) * +PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, + const char *pass, int passlen, + const unsigned char *in, int inlen, + unsigned char **data, int *datalen, + int en_de); +void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, + const ASN1_OCTET_STRING *oct, int zbuf); +ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf); +PKCS12 *PKCS12_init(int mode); +int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md_type, int en_de); +int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen); +int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); +int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); +int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); +unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen); + +DECLARE_ASN1_FUNCTIONS(PKCS12) +DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) +DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) +DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) + +DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) +DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) + +void PKCS12_PBE_add(void); +int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); +PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype); + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, + EVP_PKEY *key, int key_usage, int iter, + int key_nid, const char *pass); +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int safe_nid, int iter, const char *pass); +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); + +int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); +# endif +PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); +# ifndef OPENSSL_NO_STDIO +PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); +# endif +int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/pkcs12err.h b/deps/openssl/mingw64/include/openssl/pkcs12err.h new file mode 100644 index 00000000..eff5eb26 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/pkcs12err.h @@ -0,0 +1,81 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS12ERR_H +# define HEADER_PKCS12ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS12_strings(void); + +/* + * PKCS12 function codes. + */ +# define PKCS12_F_OPENSSL_ASC2UNI 121 +# define PKCS12_F_OPENSSL_UNI2ASC 124 +# define PKCS12_F_OPENSSL_UNI2UTF8 127 +# define PKCS12_F_OPENSSL_UTF82UNI 129 +# define PKCS12_F_PKCS12_CREATE 105 +# define PKCS12_F_PKCS12_GEN_MAC 107 +# define PKCS12_F_PKCS12_INIT 109 +# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 +# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 +# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 +# define PKCS12_F_PKCS12_KEY_GEN_ASC 110 +# define PKCS12_F_PKCS12_KEY_GEN_UNI 111 +# define PKCS12_F_PKCS12_KEY_GEN_UTF8 116 +# define PKCS12_F_PKCS12_NEWPASS 128 +# define PKCS12_F_PKCS12_PACK_P7DATA 114 +# define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 +# define PKCS12_F_PKCS12_PARSE 118 +# define PKCS12_F_PKCS12_PBE_CRYPT 119 +# define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 112 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 113 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 133 +# define PKCS12_F_PKCS12_SETUP_MAC 122 +# define PKCS12_F_PKCS12_SET_MAC 123 +# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 +# define PKCS12_F_PKCS12_UNPACK_P7DATA 131 +# define PKCS12_F_PKCS12_VERIFY_MAC 126 +# define PKCS12_F_PKCS8_ENCRYPT 125 +# define PKCS12_F_PKCS8_SET0_PBE 132 + +/* + * PKCS12 reason codes. + */ +# define PKCS12_R_CANT_PACK_STRUCTURE 100 +# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 +# define PKCS12_R_DECODE_ERROR 101 +# define PKCS12_R_ENCODE_ERROR 102 +# define PKCS12_R_ENCRYPT_ERROR 103 +# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 +# define PKCS12_R_INVALID_NULL_ARGUMENT 104 +# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 +# define PKCS12_R_IV_GEN_ERROR 106 +# define PKCS12_R_KEY_GEN_ERROR 107 +# define PKCS12_R_MAC_ABSENT 108 +# define PKCS12_R_MAC_GENERATION_ERROR 109 +# define PKCS12_R_MAC_SETUP_ERROR 110 +# define PKCS12_R_MAC_STRING_SET_ERROR 111 +# define PKCS12_R_MAC_VERIFY_FAILURE 113 +# define PKCS12_R_PARSE_ERROR 114 +# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 +# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 +# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 +# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 +# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/pkcs7.h b/deps/openssl/mingw64/include/openssl/pkcs7.h new file mode 100644 index 00000000..9b66e002 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/pkcs7.h @@ -0,0 +1,319 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS7_H +# define HEADER_PKCS7_H + +# include +# include +# include + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- +Encryption_ID DES-CBC +Digest_ID MD5 +Digest_Encryption_ID rsaEncryption +Key_Encryption_ID rsaEncryption +*/ + +typedef struct pkcs7_issuer_and_serial_st { + X509_NAME *issuer; + ASN1_INTEGER *serial; +} PKCS7_ISSUER_AND_SERIAL; + +typedef struct pkcs7_signer_info_st { + ASN1_INTEGER *version; /* version 1 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *digest_alg; + STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ + X509_ALGOR *digest_enc_alg; + ASN1_OCTET_STRING *enc_digest; + STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ + /* The private key to sign with */ + EVP_PKEY *pkey; +} PKCS7_SIGNER_INFO; + +DEFINE_STACK_OF(PKCS7_SIGNER_INFO) + +typedef struct pkcs7_recip_info_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *key_enc_algor; + ASN1_OCTET_STRING *enc_key; + X509 *cert; /* get the pub-key from this */ +} PKCS7_RECIP_INFO; + +DEFINE_STACK_OF(PKCS7_RECIP_INFO) + +typedef struct pkcs7_signed_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + struct pkcs7_st *contents; +} PKCS7_SIGNED; +/* + * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about + * merging the two + */ + +typedef struct pkcs7_enc_content_st { + ASN1_OBJECT *content_type; + X509_ALGOR *algorithm; + ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ + const EVP_CIPHER *cipher; +} PKCS7_ENC_CONTENT; + +typedef struct pkcs7_enveloped_st { + ASN1_INTEGER *version; /* version 0 */ + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENVELOPE; + +typedef struct pkcs7_signedandenveloped_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + PKCS7_ENC_CONTENT *enc_data; + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; +} PKCS7_SIGN_ENVELOPE; + +typedef struct pkcs7_digest_st { + ASN1_INTEGER *version; /* version 0 */ + X509_ALGOR *md; /* md used */ + struct pkcs7_st *contents; + ASN1_OCTET_STRING *digest; +} PKCS7_DIGEST; + +typedef struct pkcs7_encrypted_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENCRYPT; + +typedef struct pkcs7_st { + /* + * The following is non NULL if it contains ASN1 encoding of this + * structure + */ + unsigned char *asn1; + long length; +# define PKCS7_S_HEADER 0 +# define PKCS7_S_BODY 1 +# define PKCS7_S_TAIL 2 + int state; /* used during processing */ + int detached; + ASN1_OBJECT *type; + /* content as defined by the type */ + /* + * all encryption/message digests are applied to the 'contents', leaving + * out the 'type' field. + */ + union { + char *ptr; + /* NID_pkcs7_data */ + ASN1_OCTET_STRING *data; + /* NID_pkcs7_signed */ + PKCS7_SIGNED *sign; + /* NID_pkcs7_enveloped */ + PKCS7_ENVELOPE *enveloped; + /* NID_pkcs7_signedAndEnveloped */ + PKCS7_SIGN_ENVELOPE *signed_and_enveloped; + /* NID_pkcs7_digest */ + PKCS7_DIGEST *digest; + /* NID_pkcs7_encrypted */ + PKCS7_ENCRYPT *encrypted; + /* Anything else */ + ASN1_TYPE *other; + } d; +} PKCS7; + +DEFINE_STACK_OF(PKCS7) + +# define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +# define PKCS7_OP_GET_DETACHED_SIGNATURE 2 + +# define PKCS7_get_signed_attributes(si) ((si)->auth_attr) +# define PKCS7_get_attributes(si) ((si)->unauth_attr) + +# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +# define PKCS7_type_is_signedAndEnveloped(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) +# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + +# define PKCS7_set_detached(p,v) \ + PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) +# define PKCS7_get_detached(p) \ + PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) + +# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) + +/* S/MIME related flags */ + +# define PKCS7_TEXT 0x1 +# define PKCS7_NOCERTS 0x2 +# define PKCS7_NOSIGS 0x4 +# define PKCS7_NOCHAIN 0x8 +# define PKCS7_NOINTERN 0x10 +# define PKCS7_NOVERIFY 0x20 +# define PKCS7_DETACHED 0x40 +# define PKCS7_BINARY 0x80 +# define PKCS7_NOATTR 0x100 +# define PKCS7_NOSMIMECAP 0x200 +# define PKCS7_NOOLDMIMETYPE 0x400 +# define PKCS7_CRLFEOL 0x800 +# define PKCS7_STREAM 0x1000 +# define PKCS7_NOCRL 0x2000 +# define PKCS7_PARTIAL 0x4000 +# define PKCS7_REUSE_DIGEST 0x8000 +# define PKCS7_NO_DUAL_CONTENT 0x10000 + +/* Flags: for compatibility with older code */ + +# define SMIME_TEXT PKCS7_TEXT +# define SMIME_NOCERTS PKCS7_NOCERTS +# define SMIME_NOSIGS PKCS7_NOSIGS +# define SMIME_NOCHAIN PKCS7_NOCHAIN +# define SMIME_NOINTERN PKCS7_NOINTERN +# define SMIME_NOVERIFY PKCS7_NOVERIFY +# define SMIME_DETACHED PKCS7_DETACHED +# define SMIME_BINARY PKCS7_BINARY +# define SMIME_NOATTR PKCS7_NOATTR + +/* CRLF ASCII canonicalisation */ +# define SMIME_ASCIICRLF 0x80000 + +DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) + +int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, + unsigned int *len); +# ifndef OPENSSL_NO_STDIO +PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); +int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); +# endif +PKCS7 *PKCS7_dup(PKCS7 *p7); +PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); +int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7); +int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); +int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); + +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT) +DECLARE_ASN1_FUNCTIONS(PKCS7) + +DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) +DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) + +DECLARE_ASN1_NDEF_FUNCTION(PKCS7) +DECLARE_ASN1_PRINT_FUNCTION(PKCS7) + +long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); + +int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); +int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); +int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst); +int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); +int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); +int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +int PKCS7_content_new(PKCS7 *p7, int nid); +int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + X509 *x509); + +BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); +int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); +BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); + +PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, + EVP_PKEY *pkey, const EVP_MD *dgst); +X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); +STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); + +PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); +void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig); +void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); +int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); +int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); +int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); +int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); + +PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); +ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, + void *data); +int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value); +ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); +ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); +int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); + +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags); + +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, + X509 *signcert, EVP_PKEY *pkey, + const EVP_MD *md, int flags); + +int PKCS7_final(PKCS7 *p7, BIO *data, int flags); +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags); +STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, + int flags); +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int flags); +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, + int flags); + +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, + STACK_OF(X509_ALGOR) *cap); +STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); +int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); + +int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); +int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); +int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + const unsigned char *md, int mdlen); + +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/pkcs7err.h b/deps/openssl/mingw64/include/openssl/pkcs7err.h new file mode 100644 index 00000000..02e0299a --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/pkcs7err.h @@ -0,0 +1,103 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS7ERR_H +# define HEADER_PKCS7ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS7_strings(void); + +/* + * PKCS7 function codes. + */ +# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 +# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 +# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 +# define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 +# define PKCS7_F_PKCS7_ADD_CRL 101 +# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 +# define PKCS7_F_PKCS7_ADD_SIGNATURE 131 +# define PKCS7_F_PKCS7_ADD_SIGNER 103 +# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 +# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 +# define PKCS7_F_PKCS7_CTRL 104 +# define PKCS7_F_PKCS7_DATADECODE 112 +# define PKCS7_F_PKCS7_DATAFINAL 128 +# define PKCS7_F_PKCS7_DATAINIT 105 +# define PKCS7_F_PKCS7_DATAVERIFY 107 +# define PKCS7_F_PKCS7_DECRYPT 114 +# define PKCS7_F_PKCS7_DECRYPT_RINFO 133 +# define PKCS7_F_PKCS7_ENCODE_RINFO 132 +# define PKCS7_F_PKCS7_ENCRYPT 115 +# define PKCS7_F_PKCS7_FINAL 134 +# define PKCS7_F_PKCS7_FIND_DIGEST 127 +# define PKCS7_F_PKCS7_GET0_SIGNERS 124 +# define PKCS7_F_PKCS7_RECIP_INFO_SET 130 +# define PKCS7_F_PKCS7_SET_CIPHER 108 +# define PKCS7_F_PKCS7_SET_CONTENT 109 +# define PKCS7_F_PKCS7_SET_DIGEST 126 +# define PKCS7_F_PKCS7_SET_TYPE 110 +# define PKCS7_F_PKCS7_SIGN 116 +# define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 +# define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 +# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 +# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 +# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 +# define PKCS7_F_PKCS7_VERIFY 117 + +/* + * PKCS7 reason codes. + */ +# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 +# define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +# define PKCS7_R_CTRL_ERROR 152 +# define PKCS7_R_DECRYPT_ERROR 119 +# define PKCS7_R_DIGEST_FAILURE 101 +# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 +# define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +# define PKCS7_R_ERROR_SETTING_CIPHER 121 +# define PKCS7_R_INVALID_NULL_POINTER 143 +# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 +# define PKCS7_R_NO_CONTENT 122 +# define PKCS7_R_NO_DEFAULT_DIGEST 151 +# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 +# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +# define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +# define PKCS7_R_NO_SIGNERS 142 +# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 +# define PKCS7_R_PKCS7_DATASIGN 145 +# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 +# define PKCS7_R_SIGNATURE_FAILURE 105 +# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +# define PKCS7_R_SIGNING_CTRL_FAILURE 147 +# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 +# define PKCS7_R_SMIME_TEXT_ERROR 129 +# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 +# define PKCS7_R_UNKNOWN_OPERATION 110 +# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 +# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 +# define PKCS7_R_WRONG_CONTENT_TYPE 113 +# define PKCS7_R_WRONG_PKCS7_TYPE 114 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/rand.h b/deps/openssl/mingw64/include/openssl/rand.h new file mode 100644 index 00000000..38a2a271 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/rand.h @@ -0,0 +1,77 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RAND_H +# define HEADER_RAND_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +struct rand_meth_st { + int (*seed) (const void *buf, int num); + int (*bytes) (unsigned char *buf, int num); + void (*cleanup) (void); + int (*add) (const void *buf, int num, double randomness); + int (*pseudorand) (unsigned char *buf, int num); + int (*status) (void); +}; + +int RAND_set_rand_method(const RAND_METHOD *meth); +const RAND_METHOD *RAND_get_rand_method(void); +# ifndef OPENSSL_NO_ENGINE +int RAND_set_rand_engine(ENGINE *engine); +# endif + +RAND_METHOD *RAND_OpenSSL(void); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define RAND_cleanup() while(0) continue +# endif +int RAND_bytes(unsigned char *buf, int num); +int RAND_priv_bytes(unsigned char *buf, int num); +DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) + +void RAND_seed(const void *buf, int num); +void RAND_keep_random_devices_open(int keep); + +# if defined(__ANDROID__) && defined(__NDK_FPABI__) +__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ +# endif +void RAND_add(const void *buf, int num, double randomness); +int RAND_load_file(const char *file, long max_bytes); +int RAND_write_file(const char *file); +const char *RAND_file_name(char *file, size_t num); +int RAND_status(void); + +# ifndef OPENSSL_NO_EGD +int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); +int RAND_egd(const char *path); +int RAND_egd_bytes(const char *path, int bytes); +# endif + +int RAND_poll(void); + +# if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) +/* application has to include in order to use these */ +DEPRECATEDIN_1_1_0(void RAND_screen(void)) +DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) +# endif + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/rand_drbg.h b/deps/openssl/mingw64/include/openssl/rand_drbg.h new file mode 100644 index 00000000..45b731b7 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/rand_drbg.h @@ -0,0 +1,130 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DRBG_RAND_H +# define HEADER_DRBG_RAND_H + +# include +# include +# include + +/* + * RAND_DRBG flags + * + * Note: if new flags are added, the constant `rand_drbg_used_flags` + * in drbg_lib.c needs to be updated accordingly. + */ + +/* In CTR mode, disable derivation function ctr_df */ +# define RAND_DRBG_FLAG_CTR_NO_DF 0x1 + + +# if OPENSSL_API_COMPAT < 0x10200000L +/* This #define was replaced by an internal constant and should not be used. */ +# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF) +# endif + +/* + * Default security strength (in the sense of [NIST SP 800-90Ar1]) + * + * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that + * of the cipher by collecting less entropy. The current DRBG implementation + * does not take RAND_DRBG_STRENGTH into account and sets the strength of the + * DRBG to that of the cipher. + * + * RAND_DRBG_STRENGTH is currently only used for the legacy RAND + * implementation. + * + * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and + * NID_aes_256_ctr + */ +# define RAND_DRBG_STRENGTH 256 +/* Default drbg type */ +# define RAND_DRBG_TYPE NID_aes_256_ctr +/* Default drbg flags */ +# define RAND_DRBG_FLAGS 0 + + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * Object lifetime functions. + */ +RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent); +RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent); +int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags); +int RAND_DRBG_set_defaults(int type, unsigned int flags); +int RAND_DRBG_instantiate(RAND_DRBG *drbg, + const unsigned char *pers, size_t perslen); +int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); +void RAND_DRBG_free(RAND_DRBG *drbg); + +/* + * Object "use" functions. + */ +int RAND_DRBG_reseed(RAND_DRBG *drbg, + const unsigned char *adin, size_t adinlen, + int prediction_resistance); +int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, + int prediction_resistance, + const unsigned char *adin, size_t adinlen); +int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen); + +int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval); +int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval); + +int RAND_DRBG_set_reseed_defaults( + unsigned int master_reseed_interval, + unsigned int slave_reseed_interval, + time_t master_reseed_time_interval, + time_t slave_reseed_time_interval + ); + +RAND_DRBG *RAND_DRBG_get0_master(void); +RAND_DRBG *RAND_DRBG_get0_public(void); +RAND_DRBG *RAND_DRBG_get0_private(void); + +/* + * EXDATA + */ +# define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef) +int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg); +void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx); + +/* + * Callback function typedefs + */ +typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *drbg, + unsigned char **pout, + int entropy, size_t min_len, + size_t max_len, + int prediction_resistance); +typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx, + unsigned char *out, size_t outlen); +typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *drbg, unsigned char **pout, + int entropy, size_t min_len, + size_t max_len); +typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *drbg, + unsigned char *out, size_t outlen); + +int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, + RAND_DRBG_get_entropy_fn get_entropy, + RAND_DRBG_cleanup_entropy_fn cleanup_entropy, + RAND_DRBG_get_nonce_fn get_nonce, + RAND_DRBG_cleanup_nonce_fn cleanup_nonce); + + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/randerr.h b/deps/openssl/mingw64/include/openssl/randerr.h new file mode 100644 index 00000000..79d57905 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/randerr.h @@ -0,0 +1,94 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RANDERR_H +# define HEADER_RANDERR_H + +# include + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RAND_strings(void); + +/* + * RAND function codes. + */ +# define RAND_F_DATA_COLLECT_METHOD 127 +# define RAND_F_DRBG_BYTES 101 +# define RAND_F_DRBG_GET_ENTROPY 105 +# define RAND_F_DRBG_SETUP 117 +# define RAND_F_GET_ENTROPY 106 +# define RAND_F_RAND_BYTES 100 +# define RAND_F_RAND_DRBG_ENABLE_LOCKING 119 +# define RAND_F_RAND_DRBG_GENERATE 107 +# define RAND_F_RAND_DRBG_GET_ENTROPY 120 +# define RAND_F_RAND_DRBG_GET_NONCE 123 +# define RAND_F_RAND_DRBG_INSTANTIATE 108 +# define RAND_F_RAND_DRBG_NEW 109 +# define RAND_F_RAND_DRBG_RESEED 110 +# define RAND_F_RAND_DRBG_RESTART 102 +# define RAND_F_RAND_DRBG_SET 104 +# define RAND_F_RAND_DRBG_SET_DEFAULTS 121 +# define RAND_F_RAND_DRBG_UNINSTANTIATE 118 +# define RAND_F_RAND_LOAD_FILE 111 +# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 +# define RAND_F_RAND_POOL_ADD 103 +# define RAND_F_RAND_POOL_ADD_BEGIN 113 +# define RAND_F_RAND_POOL_ADD_END 114 +# define RAND_F_RAND_POOL_ATTACH 124 +# define RAND_F_RAND_POOL_BYTES_NEEDED 115 +# define RAND_F_RAND_POOL_GROW 125 +# define RAND_F_RAND_POOL_NEW 116 +# define RAND_F_RAND_PSEUDO_BYTES 126 +# define RAND_F_RAND_WRITE_FILE 112 + +/* + * RAND reason codes. + */ +# define RAND_R_ADDITIONAL_INPUT_TOO_LONG 102 +# define RAND_R_ALREADY_INSTANTIATED 103 +# define RAND_R_ARGUMENT_OUT_OF_RANGE 105 +# define RAND_R_CANNOT_OPEN_FILE 121 +# define RAND_R_DRBG_ALREADY_INITIALIZED 129 +# define RAND_R_DRBG_NOT_INITIALISED 104 +# define RAND_R_ENTROPY_INPUT_TOO_LONG 106 +# define RAND_R_ENTROPY_OUT_OF_RANGE 124 +# define RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED 127 +# define RAND_R_ERROR_INITIALISING_DRBG 107 +# define RAND_R_ERROR_INSTANTIATING_DRBG 108 +# define RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 109 +# define RAND_R_ERROR_RETRIEVING_ENTROPY 110 +# define RAND_R_ERROR_RETRIEVING_NONCE 111 +# define RAND_R_FAILED_TO_CREATE_LOCK 126 +# define RAND_R_FUNC_NOT_IMPLEMENTED 101 +# define RAND_R_FWRITE_ERROR 123 +# define RAND_R_GENERATE_ERROR 112 +# define RAND_R_INTERNAL_ERROR 113 +# define RAND_R_IN_ERROR_STATE 114 +# define RAND_R_NOT_A_REGULAR_FILE 122 +# define RAND_R_NOT_INSTANTIATED 115 +# define RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED 128 +# define RAND_R_PARENT_LOCKING_NOT_ENABLED 130 +# define RAND_R_PARENT_STRENGTH_TOO_WEAK 131 +# define RAND_R_PERSONALISATION_STRING_TOO_LONG 116 +# define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED 133 +# define RAND_R_PRNG_NOT_SEEDED 100 +# define RAND_R_RANDOM_POOL_OVERFLOW 125 +# define RAND_R_RANDOM_POOL_UNDERFLOW 134 +# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG 117 +# define RAND_R_RESEED_ERROR 118 +# define RAND_R_SELFTEST_FAILURE 119 +# define RAND_R_TOO_LITTLE_NONCE_REQUESTED 135 +# define RAND_R_TOO_MUCH_NONCE_REQUESTED 136 +# define RAND_R_UNSUPPORTED_DRBG_FLAGS 132 +# define RAND_R_UNSUPPORTED_DRBG_TYPE 120 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/rc2.h b/deps/openssl/mingw64/include/openssl/rc2.h new file mode 100644 index 00000000..585f9e4c --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/rc2.h @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RC2_H +# define HEADER_RC2_H + +# include + +# ifndef OPENSSL_NO_RC2 +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned int RC2_INT; + +# define RC2_ENCRYPT 1 +# define RC2_DECRYPT 0 + +# define RC2_BLOCK 8 +# define RC2_KEY_LENGTH 16 + +typedef struct rc2_key_st { + RC2_INT data[64]; +} RC2_KEY; + +void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); +void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, + RC2_KEY *key, int enc); +void RC2_encrypt(unsigned long *data, RC2_KEY *key); +void RC2_decrypt(unsigned long *data, RC2_KEY *key); +void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + RC2_KEY *ks, unsigned char *iv, int enc); +void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num, int enc); +void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/rc4.h b/deps/openssl/mingw64/include/openssl/rc4.h new file mode 100644 index 00000000..86803b37 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/rc4.h @@ -0,0 +1,36 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RC4_H +# define HEADER_RC4_H + +# include + +# ifndef OPENSSL_NO_RC4 +# include +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct rc4_key_st { + RC4_INT x, y; + RC4_INT data[256]; +} RC4_KEY; + +const char *RC4_options(void); +void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/rc5.h b/deps/openssl/mingw64/include/openssl/rc5.h new file mode 100644 index 00000000..793f88e4 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/rc5.h @@ -0,0 +1,63 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RC5_H +# define HEADER_RC5_H + +# include + +# ifndef OPENSSL_NO_RC5 +# ifdef __cplusplus +extern "C" { +# endif + +# define RC5_ENCRYPT 1 +# define RC5_DECRYPT 0 + +# define RC5_32_INT unsigned int + +# define RC5_32_BLOCK 8 +# define RC5_32_KEY_LENGTH 16/* This is a default, max is 255 */ + +/* + * This are the only values supported. Tweak the code if you want more The + * most supported modes will be RC5-32/12/16 RC5-32/16/8 + */ +# define RC5_8_ROUNDS 8 +# define RC5_12_ROUNDS 12 +# define RC5_16_ROUNDS 16 + +typedef struct rc5_key_st { + /* Number of rounds */ + int rounds; + RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)]; +} RC5_32_KEY; + +void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, + int rounds); +void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, + RC5_32_KEY *key, int enc); +void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key); +void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key); +void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *ks, unsigned char *iv, + int enc); +void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/ripemd.h b/deps/openssl/mingw64/include/openssl/ripemd.h new file mode 100644 index 00000000..c42026aa --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/ripemd.h @@ -0,0 +1,47 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RIPEMD_H +# define HEADER_RIPEMD_H + +# include + +#ifndef OPENSSL_NO_RMD160 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define RIPEMD160_LONG unsigned int + +# define RIPEMD160_CBLOCK 64 +# define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) +# define RIPEMD160_DIGEST_LENGTH 20 + +typedef struct RIPEMD160state_st { + RIPEMD160_LONG A, B, C, D, E; + RIPEMD160_LONG Nl, Nh; + RIPEMD160_LONG data[RIPEMD160_LBLOCK]; + unsigned int num; +} RIPEMD160_CTX; + +int RIPEMD160_Init(RIPEMD160_CTX *c); +int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); +int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md); +void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); + +# ifdef __cplusplus +} +# endif +# endif + + +#endif diff --git a/deps/openssl/mingw64/include/openssl/rsa.h b/deps/openssl/mingw64/include/openssl/rsa.h new file mode 100644 index 00000000..5e76365c --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/rsa.h @@ -0,0 +1,513 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RSA_H +# define HEADER_RSA_H + +# include + +# ifndef OPENSSL_NO_RSA +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* The types RSA and RSA_METHOD are defined in ossl_typ.h */ + +# ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +# endif + +# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 + +# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +# endif +# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS + +/* exponent limit enforced for "large" modulus only */ +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 +# endif + +# define RSA_3 0x3L +# define RSA_F4 0x10001L + +/* based on RFC 8017 appendix A.1.2 */ +# define RSA_ASN1_VERSION_DEFAULT 0 +# define RSA_ASN1_VERSION_MULTI 1 + +# define RSA_DEFAULT_PRIME_NUM 2 + +# define RSA_METHOD_FLAG_NO_CHECK 0x0001/* don't check pub/private + * match */ + +# define RSA_FLAG_CACHE_PUBLIC 0x0002 +# define RSA_FLAG_CACHE_PRIVATE 0x0004 +# define RSA_FLAG_BLINDING 0x0008 +# define RSA_FLAG_THREAD_SAFE 0x0010 +/* + * This flag means the private key operations will be handled by rsa_mod_exp + * and that they do not depend on the private key components being present: + * for example a key stored in external hardware. Without this flag + * bn_mod_exp gets called when private key components are absent. + */ +# define RSA_FLAG_EXT_PKEY 0x0020 + +/* + * new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ +# define RSA_FLAG_NO_BLINDING 0x0080 +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define RSA_FLAG_NO_CONSTTIME 0x0000 +# endif +# if OPENSSL_API_COMPAT < 0x00908000L +/* deprecated name for the flag*/ +/* + * new with 0.9.7h; the built-in RSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME +# endif + +# define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ + RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_RSA_PADDING, pad, NULL) + +# define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \ + RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) + +# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ + RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) +/* Salt length matches digest */ +# define RSA_PSS_SALTLEN_DIGEST -1 +/* Verify only: auto detect salt length */ +# define RSA_PSS_SALTLEN_AUTO -2 +/* Set salt length to maximum possible */ +# define RSA_PSS_SALTLEN_MAX -3 +/* Old compatible max salt length for sign only */ +# define RSA_PSS_SALTLEN_MAX_SIGN -2 + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \ + RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen) + +# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) + +# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + +# define EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, primes, NULL) + +# define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l)) + +# define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)(l)) + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \ + EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \ + 0, (void *)(md)) + +# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) + +# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) + +# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) + +# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) + +# define RSA_PKCS1_PADDING 1 +# define RSA_SSLV23_PADDING 2 +# define RSA_NO_PADDING 3 +# define RSA_PKCS1_OAEP_PADDING 4 +# define RSA_X931_PADDING 5 +/* EVP_PKEY_ only */ +# define RSA_PKCS1_PSS_PADDING 6 + +# define RSA_PKCS1_PADDING_SIZE 11 + +# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) +# define RSA_get_app_data(s) RSA_get_ex_data(s,0) + +RSA *RSA_new(void); +RSA *RSA_new_method(ENGINE *engine); +int RSA_bits(const RSA *rsa); +int RSA_size(const RSA *rsa); +int RSA_security_bits(const RSA *rsa); + +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], + BIGNUM *coeffs[], int pnum); +void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +int RSA_get_multi_prime_extra_count(const RSA *r); +int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); +void RSA_get0_crt_params(const RSA *r, + const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp); +int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], + const BIGNUM *coeffs[]); +const BIGNUM *RSA_get0_n(const RSA *d); +const BIGNUM *RSA_get0_e(const RSA *d); +const BIGNUM *RSA_get0_d(const RSA *d); +const BIGNUM *RSA_get0_p(const RSA *d); +const BIGNUM *RSA_get0_q(const RSA *d); +const BIGNUM *RSA_get0_dmp1(const RSA *r); +const BIGNUM *RSA_get0_dmq1(const RSA *r); +const BIGNUM *RSA_get0_iqmp(const RSA *r); +const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); +void RSA_clear_flags(RSA *r, int flags); +int RSA_test_flags(const RSA *r, int flags); +void RSA_set_flags(RSA *r, int flags); +int RSA_get_version(RSA *r); +ENGINE *RSA_get0_engine(const RSA *r); + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void + (*callback) (int, int, void *), + void *cb_arg)) + +/* New version */ +int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +/* Multi-prime version */ +int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, + BIGNUM *e, BN_GENCB *cb); + +int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, + BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, + const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb); +int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, + BN_GENCB *cb); + +int RSA_check_key(const RSA *); +int RSA_check_key_ex(const RSA *, BN_GENCB *cb); + /* next 4 return -1 on error */ +int RSA_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +void RSA_free(RSA *r); +/* "up" the RSA object's reference count */ +int RSA_up_ref(RSA *r); + +int RSA_flags(const RSA *r); + +void RSA_set_default_method(const RSA_METHOD *meth); +const RSA_METHOD *RSA_get_default_method(void); +const RSA_METHOD *RSA_null_method(void); +const RSA_METHOD *RSA_get_method(const RSA *rsa); +int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); + +/* these are the actual RSA functions */ +const RSA_METHOD *RSA_PKCS1_OpenSSL(void); + +int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) + +struct rsa_pss_params_st { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; + /* Decoded hash algorithm from maskGenAlgorithm */ + X509_ALGOR *maskHash; +}; + +DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) + +typedef struct rsa_oaep_params_st { + X509_ALGOR *hashFunc; + X509_ALGOR *maskGenFunc; + X509_ALGOR *pSourceFunc; + /* Decoded hash algorithm from maskGenFunc */ + X509_ALGOR *maskHash; +} RSA_OAEP_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) + +# ifndef OPENSSL_NO_STDIO +int RSA_print_fp(FILE *fp, const RSA *r, int offset); +# endif + +int RSA_print(BIO *bp, const RSA *r, int offset); + +/* + * The following 2 functions sign and verify a X509_SIG ASN1 object inside + * PKCS#1 padded RSA encryption + */ +int RSA_sign(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int RSA_verify(int type, const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +/* + * The following 2 function sign and verify a ASN1_OCTET_STRING object inside + * PKCS#1 padded RSA encryption + */ +int RSA_sign_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + RSA *rsa); +int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigbuf, + unsigned int siglen, RSA *rsa); + +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +void RSA_blinding_off(RSA *rsa); +BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); + +int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed, + long seedlen, const EVP_MD *dgst); +int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, + const unsigned char *p, int pl); +int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len, + const unsigned char *p, int pl); +int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, int plen, + const EVP_MD *md, const EVP_MD *mgf1md); +int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + int num, const unsigned char *param, + int plen, const EVP_MD *md, + const EVP_MD *mgf1md); +int RSA_padding_add_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f, + int fl); +int RSA_padding_check_none(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f, + int fl); +int RSA_padding_check_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_X931_hash_id(int nid); + +int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const unsigned char *EM, + int sLen); +int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, const EVP_MD *Hash, + int sLen); + +int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + const unsigned char *EM, int sLen); + +int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + int sLen); + +#define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) +int RSA_set_ex_data(RSA *r, int idx, void *arg); +void *RSA_get_ex_data(const RSA *r, int idx); + +RSA *RSAPublicKey_dup(RSA *rsa); +RSA *RSAPrivateKey_dup(RSA *rsa); + +/* + * If this flag is set the RSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define RSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +/* + * Application has decided PRNG is good enough to generate a key: don't + * check. + */ +# define RSA_FLAG_CHECKED 0x0800 + +RSA_METHOD *RSA_meth_new(const char *name, int flags); +void RSA_meth_free(RSA_METHOD *meth); +RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +const char *RSA_meth_get0_name(const RSA_METHOD *meth); +int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +int RSA_meth_get_flags(const RSA_METHOD *meth); +int RSA_meth_set_flags(RSA_METHOD *meth, int flags); +void *RSA_meth_get0_app_data(const RSA_METHOD *meth); +int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); +int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_pub_enc(RSA_METHOD *rsa, + int (*pub_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_pub_dec(RSA_METHOD *rsa, + int (*pub_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_priv_enc(RSA_METHOD *rsa, + int (*priv_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_meth_set_priv_dec(RSA_METHOD *rsa, + int (*priv_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) + (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); +int RSA_meth_set_mod_exp(RSA_METHOD *rsa, + int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, + BN_CTX *ctx)); +int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) + (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx)); +int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa); +int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa)); +int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa); +int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa)); +int (*RSA_meth_get_sign(const RSA_METHOD *meth)) + (int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa); +int RSA_meth_set_sign(RSA_METHOD *rsa, + int (*sign) (int type, const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa)); +int (*RSA_meth_get_verify(const RSA_METHOD *meth)) + (int dtype, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); +int RSA_meth_set_verify(RSA_METHOD *rsa, + int (*verify) (int dtype, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa)); +int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +int RSA_meth_set_keygen(RSA_METHOD *rsa, + int (*keygen) (RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb)); +int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); +int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, + int (*keygen) (RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb)); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/rsaerr.h b/deps/openssl/mingw64/include/openssl/rsaerr.h new file mode 100644 index 00000000..59b15e13 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/rsaerr.h @@ -0,0 +1,167 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RSAERR_H +# define HEADER_RSAERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RSA_strings(void); + +/* + * RSA function codes. + */ +# define RSA_F_CHECK_PADDING_MD 140 +# define RSA_F_ENCODE_PKCS1 146 +# define RSA_F_INT_RSA_VERIFY 145 +# define RSA_F_OLD_RSA_PRIV_DECODE 147 +# define RSA_F_PKEY_PSS_INIT 165 +# define RSA_F_PKEY_RSA_CTRL 143 +# define RSA_F_PKEY_RSA_CTRL_STR 144 +# define RSA_F_PKEY_RSA_SIGN 142 +# define RSA_F_PKEY_RSA_VERIFY 149 +# define RSA_F_PKEY_RSA_VERIFYRECOVER 141 +# define RSA_F_RSA_ALGOR_TO_MD 156 +# define RSA_F_RSA_BUILTIN_KEYGEN 129 +# define RSA_F_RSA_CHECK_KEY 123 +# define RSA_F_RSA_CHECK_KEY_EX 160 +# define RSA_F_RSA_CMS_DECRYPT 159 +# define RSA_F_RSA_CMS_VERIFY 158 +# define RSA_F_RSA_ITEM_VERIFY 148 +# define RSA_F_RSA_METH_DUP 161 +# define RSA_F_RSA_METH_NEW 162 +# define RSA_F_RSA_METH_SET1_NAME 163 +# define RSA_F_RSA_MGF1_TO_MD 157 +# define RSA_F_RSA_MULTIP_INFO_NEW 166 +# define RSA_F_RSA_NEW_METHOD 106 +# define RSA_F_RSA_NULL 124 +# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 +# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 +# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 +# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 +# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 101 +# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 102 +# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 103 +# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 104 +# define RSA_F_RSA_PADDING_ADD_NONE 107 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 154 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 152 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 +# define RSA_F_RSA_PADDING_ADD_SSLV23 110 +# define RSA_F_RSA_PADDING_ADD_X931 127 +# define RSA_F_RSA_PADDING_CHECK_NONE 111 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 153 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 +# define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +# define RSA_F_RSA_PADDING_CHECK_X931 128 +# define RSA_F_RSA_PARAM_DECODE 164 +# define RSA_F_RSA_PRINT 115 +# define RSA_F_RSA_PRINT_FP 116 +# define RSA_F_RSA_PRIV_DECODE 150 +# define RSA_F_RSA_PRIV_ENCODE 138 +# define RSA_F_RSA_PSS_GET_PARAM 151 +# define RSA_F_RSA_PSS_TO_CTX 155 +# define RSA_F_RSA_PUB_DECODE 139 +# define RSA_F_RSA_SETUP_BLINDING 136 +# define RSA_F_RSA_SIGN 117 +# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 +# define RSA_F_RSA_VERIFY 119 +# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 +# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 126 +# define RSA_F_SETUP_TBUF 167 + +/* + * RSA reason codes. + */ +# define RSA_R_ALGORITHM_MISMATCH 100 +# define RSA_R_BAD_E_VALUE 101 +# define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +# define RSA_R_BAD_PAD_BYTE_COUNT 103 +# define RSA_R_BAD_SIGNATURE 104 +# define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +# define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +# define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +# define RSA_R_DATA_TOO_LARGE 109 +# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 +# define RSA_R_DATA_TOO_SMALL 111 +# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +# define RSA_R_DIGEST_DOES_NOT_MATCH 158 +# define RSA_R_DIGEST_NOT_ALLOWED 145 +# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +# define RSA_R_FIRST_OCTET_INVALID 133 +# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +# define RSA_R_INVALID_DIGEST 157 +# define RSA_R_INVALID_DIGEST_LENGTH 143 +# define RSA_R_INVALID_HEADER 137 +# define RSA_R_INVALID_LABEL 160 +# define RSA_R_INVALID_MESSAGE_LENGTH 131 +# define RSA_R_INVALID_MGF1_MD 156 +# define RSA_R_INVALID_MULTI_PRIME_KEY 167 +# define RSA_R_INVALID_OAEP_PARAMETERS 161 +# define RSA_R_INVALID_PADDING 138 +# define RSA_R_INVALID_PADDING_MODE 141 +# define RSA_R_INVALID_PSS_PARAMETERS 149 +# define RSA_R_INVALID_PSS_SALTLEN 146 +# define RSA_R_INVALID_SALT_LENGTH 150 +# define RSA_R_INVALID_TRAILER 139 +# define RSA_R_INVALID_X931_DIGEST 142 +# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +# define RSA_R_KEY_PRIME_NUM_INVALID 165 +# define RSA_R_KEY_SIZE_TOO_SMALL 120 +# define RSA_R_LAST_OCTET_INVALID 134 +# define RSA_R_MISSING_PRIVATE_KEY 179 +# define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 +# define RSA_R_MODULUS_TOO_LARGE 105 +# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168 +# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 +# define RSA_R_MP_R_NOT_PRIME 170 +# define RSA_R_NO_PUBLIC_EXPONENT 140 +# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172 +# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +# define RSA_R_OAEP_DECODING_ERROR 121 +# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 +# define RSA_R_PADDING_CHECK_FAILED 114 +# define RSA_R_PKCS_DECODING_ERROR 159 +# define RSA_R_PSS_SALTLEN_TOO_SMALL 164 +# define RSA_R_P_NOT_PRIME 128 +# define RSA_R_Q_NOT_PRIME 129 +# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +# define RSA_R_SLEN_CHECK_FAILED 136 +# define RSA_R_SLEN_RECOVERY_FAILED 135 +# define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +# define RSA_R_UNKNOWN_DIGEST 166 +# define RSA_R_UNKNOWN_MASK_DIGEST 151 +# define RSA_R_UNKNOWN_PADDING_TYPE 118 +# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 +# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 +# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 +# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 +# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 +# define RSA_R_VALUE_MISSING 147 +# define RSA_R_WRONG_SIGNATURE_LENGTH 119 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/safestack.h b/deps/openssl/mingw64/include/openssl/safestack.h new file mode 100644 index 00000000..38b55789 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/safestack.h @@ -0,0 +1,207 @@ +/* + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SAFESTACK_H +# define HEADER_SAFESTACK_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define STACK_OF(type) struct stack_st_##type + +# define SKM_DEFINE_STACK_OF(t1, t2, t3) \ + STACK_OF(t1); \ + typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ + typedef void (*sk_##t1##_freefunc)(t3 *a); \ + typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ + static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ + { \ + return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \ + { \ + return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_free((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ + { \ + return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ + (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ + { \ + OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ + { \ + return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_sort((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ + sk_##t1##_copyfunc copyfunc, \ + sk_##t1##_freefunc freefunc) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \ + (OPENSSL_sk_copyfunc)copyfunc, \ + (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \ + { \ + return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \ + } + +# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2) +# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) +# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \ + SKM_DEFINE_STACK_OF(t1, const t2, t2) +# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t) + +/*- + * Strings are special: normally an lhash entry will point to a single + * (somewhat) mutable object. In the case of strings: + * + * a) Instead of a single char, there is an array of chars, NUL-terminated. + * b) The string may have be immutable. + * + * So, they need their own declarations. Especially important for + * type-checking tools, such as Deputy. + * + * In practice, however, it appears to be hard to have a const + * string. For now, I'm settling for dealing with the fact it is a + * string at all. + */ +typedef char *OPENSSL_STRING; +typedef const char *OPENSSL_CSTRING; + +/*- + * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned + * above, instead of a single char each entry is a NUL-terminated array of + * chars. So, we have to implement STRING specially for STACK_OF. This is + * dealt with in the autogenerated macros below. + */ +DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char) +DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char) + +/* + * Similarly, we sometimes use a block of characters, NOT nul-terminated. + * These should also be distinguished from "normal" stacks. + */ +typedef void *OPENSSL_BLOCK; +DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) + +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_sk_num +# pragma weak OPENSSL_sk_value +# pragma weak OPENSSL_sk_new +# pragma weak OPENSSL_sk_new_null +# pragma weak OPENSSL_sk_new_reserve +# pragma weak OPENSSL_sk_reserve +# pragma weak OPENSSL_sk_free +# pragma weak OPENSSL_sk_zero +# pragma weak OPENSSL_sk_delete +# pragma weak OPENSSL_sk_delete_ptr +# pragma weak OPENSSL_sk_push +# pragma weak OPENSSL_sk_unshift +# pragma weak OPENSSL_sk_pop +# pragma weak OPENSSL_sk_shift +# pragma weak OPENSSL_sk_pop_free +# pragma weak OPENSSL_sk_insert +# pragma weak OPENSSL_sk_set +# pragma weak OPENSSL_sk_find +# pragma weak OPENSSL_sk_find_ex +# pragma weak OPENSSL_sk_sort +# pragma weak OPENSSL_sk_is_sorted +# pragma weak OPENSSL_sk_dup +# pragma weak OPENSSL_sk_deep_copy +# pragma weak OPENSSL_sk_set_cmp_func +# endif /* __SUNPRO_C */ + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/seed.h b/deps/openssl/mingw64/include/openssl/seed.h new file mode 100644 index 00000000..de10b085 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/seed.h @@ -0,0 +1,96 @@ +/* + * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of author nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef HEADER_SEED_H +# define HEADER_SEED_H + +# include + +# ifndef OPENSSL_NO_SEED +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* look whether we need 'long' to get 32 bits */ +# ifdef AES_LONG +# ifndef SEED_LONG +# define SEED_LONG 1 +# endif +# endif + +# include + +# define SEED_BLOCK_SIZE 16 +# define SEED_KEY_LENGTH 16 + +typedef struct seed_key_st { +# ifdef SEED_LONG + unsigned long data[32]; +# else + unsigned int data[32]; +# endif +} SEED_KEY_SCHEDULE; + +void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], + SEED_KEY_SCHEDULE *ks); + +void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); +void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); + +void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, + const SEED_KEY_SCHEDULE *ks, int enc); +void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, + const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int enc); +void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num, + int enc); +void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/sha.h b/deps/openssl/mingw64/include/openssl/sha.h new file mode 100644 index 00000000..6a1eb0de --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/sha.h @@ -0,0 +1,119 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SHA_H +# define HEADER_SHA_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! SHA_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define SHA_LONG unsigned int + +# define SHA_LBLOCK 16 +# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ +# define SHA_LAST_BLOCK (SHA_CBLOCK-8) +# define SHA_DIGEST_LENGTH 20 + +typedef struct SHAstate_st { + SHA_LONG h0, h1, h2, h3, h4; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num; +} SHA_CTX; + +int SHA1_Init(SHA_CTX *c); +int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +int SHA1_Final(unsigned char *md, SHA_CTX *c); +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); +void SHA1_Transform(SHA_CTX *c, const unsigned char *data); + +# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ + +typedef struct SHA256state_st { + SHA_LONG h[8]; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num, md_len; +} SHA256_CTX; + +int SHA224_Init(SHA256_CTX *c); +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA224_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); +int SHA256_Init(SHA256_CTX *c); +int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA256_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); +void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); + +# define SHA224_DIGEST_LENGTH 28 +# define SHA256_DIGEST_LENGTH 32 +# define SHA384_DIGEST_LENGTH 48 +# define SHA512_DIGEST_LENGTH 64 + +/* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c + * for further details. + */ +/* + * SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. + */ +# define SHA512_CBLOCK (SHA_LBLOCK*8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define SHA_LONG64 unsigned __int64 +# define U64(C) C##UI64 +# elif defined(__arch64__) +# define SHA_LONG64 unsigned long +# define U64(C) C##UL +# else +# define SHA_LONG64 unsigned long long +# define U64(C) C##ULL +# endif + +typedef struct SHA512state_st { + SHA_LONG64 h[8]; + SHA_LONG64 Nl, Nh; + union { + SHA_LONG64 d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; + unsigned int num, md_len; +} SHA512_CTX; + +int SHA384_Init(SHA512_CTX *c); +int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA384_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); +int SHA512_Init(SHA512_CTX *c); +int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA512_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); +void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/srp.h b/deps/openssl/mingw64/include/openssl/srp.h new file mode 100644 index 00000000..aaf13558 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/srp.h @@ -0,0 +1,135 @@ +/* + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2004, EdelKey Project. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Christophe Renou and Peter Sylvester, + * for the EdelKey project. + */ + +#ifndef HEADER_SRP_H +# define HEADER_SRP_H + +#include + +#ifndef OPENSSL_NO_SRP +# include +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct SRP_gN_cache_st { + char *b64_bn; + BIGNUM *bn; +} SRP_gN_cache; + + +DEFINE_STACK_OF(SRP_gN_cache) + +typedef struct SRP_user_pwd_st { + /* Owned by us. */ + char *id; + BIGNUM *s; + BIGNUM *v; + /* Not owned by us. */ + const BIGNUM *g; + const BIGNUM *N; + /* Owned by us. */ + char *info; +} SRP_user_pwd; + +void SRP_user_pwd_free(SRP_user_pwd *user_pwd); + +DEFINE_STACK_OF(SRP_user_pwd) + +typedef struct SRP_VBASE_st { + STACK_OF(SRP_user_pwd) *users_pwd; + STACK_OF(SRP_gN_cache) *gN_cache; +/* to simulate a user */ + char *seed_key; + const BIGNUM *default_g; + const BIGNUM *default_N; +} SRP_VBASE; + +/* + * Internal structure storing N and g pair + */ +typedef struct SRP_gN_st { + char *id; + const BIGNUM *g; + const BIGNUM *N; +} SRP_gN; + +DEFINE_STACK_OF(SRP_gN) + +SRP_VBASE *SRP_VBASE_new(char *seed_key); +void SRP_VBASE_free(SRP_VBASE *vb); +int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); + +/* This method ignores the configured seed and fails for an unknown user. */ +DEPRECATEDIN_1_1_0(SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)) +/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ +SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); + +char *SRP_create_verifier(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g); +int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g); + +# define SRP_NO_ERROR 0 +# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +# define SRP_ERR_VBASE_BN_LIB 2 +# define SRP_ERR_OPEN_FILE 3 +# define SRP_ERR_MEMORY 4 + +# define DB_srptype 0 +# define DB_srpverifier 1 +# define DB_srpsalt 2 +# define DB_srpid 3 +# define DB_srpgN 4 +# define DB_srpinfo 5 +# undef DB_NUMBER +# define DB_NUMBER 6 + +# define DB_SRP_INDEX 'I' +# define DB_SRP_VALID 'V' +# define DB_SRP_REVOKED 'R' +# define DB_SRP_MODIF 'v' + +/* see srp.c */ +char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); +SRP_gN *SRP_get_default_gN(const char *id); + +/* server side .... */ +BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, + const BIGNUM *b, const BIGNUM *N); +BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v); +int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N); +BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); + +/* client side .... */ +BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); +BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); +BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); +int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N); + +# define SRP_MINIMAL_N 1024 + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/srtp.h b/deps/openssl/mingw64/include/openssl/srtp.h new file mode 100644 index 00000000..0b57c235 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/srtp.h @@ -0,0 +1,50 @@ +/* + * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * DTLS code by Eric Rescorla + * + * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. + */ + +#ifndef HEADER_D1_SRTP_H +# define HEADER_D1_SRTP_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define SRTP_AES128_CM_SHA1_80 0x0001 +# define SRTP_AES128_CM_SHA1_32 0x0002 +# define SRTP_AES128_F8_SHA1_80 0x0003 +# define SRTP_AES128_F8_SHA1_32 0x0004 +# define SRTP_NULL_SHA1_80 0x0005 +# define SRTP_NULL_SHA1_32 0x0006 + +/* AEAD SRTP protection profiles from RFC 7714 */ +# define SRTP_AEAD_AES_128_GCM 0x0007 +# define SRTP_AEAD_AES_256_GCM 0x0008 + +# ifndef OPENSSL_NO_SRTP + +__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); + +__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/ssl.h b/deps/openssl/mingw64/include/openssl/ssl.h new file mode 100644 index 00000000..6724ccf2 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/ssl.h @@ -0,0 +1,2438 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL_H +# define HEADER_SSL_H + +# include +# include +# include +# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# include +# include +# endif +# include +# include +# include +# include + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* OpenSSL version number for ASN.1 encoding of the session information */ +/*- + * Version 0 - initial version + * Version 1 - added the optional peer certificate + */ +# define SSL_SESSION_ASN1_VERSION 0x0001 + +# define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +# define SSL_MAX_SID_CTX_LENGTH 32 + +# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) +# define SSL_MAX_KEY_ARG_LENGTH 8 +# define SSL_MAX_MASTER_KEY_LENGTH 48 + +/* The maximum number of encrypt/decrypt pipelines we can support */ +# define SSL_MAX_PIPELINES 32 + +/* text strings for the ciphers */ + +/* These are used to specify which ciphers to use and not to use */ + +# define SSL_TXT_LOW "LOW" +# define SSL_TXT_MEDIUM "MEDIUM" +# define SSL_TXT_HIGH "HIGH" +# define SSL_TXT_FIPS "FIPS" + +# define SSL_TXT_aNULL "aNULL" +# define SSL_TXT_eNULL "eNULL" +# define SSL_TXT_NULL "NULL" + +# define SSL_TXT_kRSA "kRSA" +# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ +# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ +# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ +# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ +# define SSL_TXT_kDHE "kDHE" +# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ +# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ +# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ +# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ +# define SSL_TXT_kECDHE "kECDHE" +# define SSL_TXT_kPSK "kPSK" +# define SSL_TXT_kRSAPSK "kRSAPSK" +# define SSL_TXT_kECDHEPSK "kECDHEPSK" +# define SSL_TXT_kDHEPSK "kDHEPSK" +# define SSL_TXT_kGOST "kGOST" +# define SSL_TXT_kSRP "kSRP" + +# define SSL_TXT_aRSA "aRSA" +# define SSL_TXT_aDSS "aDSS" +# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDSA "aECDSA" +# define SSL_TXT_aPSK "aPSK" +# define SSL_TXT_aGOST94 "aGOST94" +# define SSL_TXT_aGOST01 "aGOST01" +# define SSL_TXT_aGOST12 "aGOST12" +# define SSL_TXT_aGOST "aGOST" +# define SSL_TXT_aSRP "aSRP" + +# define SSL_TXT_DSS "DSS" +# define SSL_TXT_DH "DH" +# define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */ +# define SSL_TXT_EDH "EDH"/* alias for DHE */ +# define SSL_TXT_ADH "ADH" +# define SSL_TXT_RSA "RSA" +# define SSL_TXT_ECDH "ECDH" +# define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */ +# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ +# define SSL_TXT_AECDH "AECDH" +# define SSL_TXT_ECDSA "ECDSA" +# define SSL_TXT_PSK "PSK" +# define SSL_TXT_SRP "SRP" + +# define SSL_TXT_DES "DES" +# define SSL_TXT_3DES "3DES" +# define SSL_TXT_RC4 "RC4" +# define SSL_TXT_RC2 "RC2" +# define SSL_TXT_IDEA "IDEA" +# define SSL_TXT_SEED "SEED" +# define SSL_TXT_AES128 "AES128" +# define SSL_TXT_AES256 "AES256" +# define SSL_TXT_AES "AES" +# define SSL_TXT_AES_GCM "AESGCM" +# define SSL_TXT_AES_CCM "AESCCM" +# define SSL_TXT_AES_CCM_8 "AESCCM8" +# define SSL_TXT_CAMELLIA128 "CAMELLIA128" +# define SSL_TXT_CAMELLIA256 "CAMELLIA256" +# define SSL_TXT_CAMELLIA "CAMELLIA" +# define SSL_TXT_CHACHA20 "CHACHA20" +# define SSL_TXT_GOST "GOST89" +# define SSL_TXT_ARIA "ARIA" +# define SSL_TXT_ARIA_GCM "ARIAGCM" +# define SSL_TXT_ARIA128 "ARIA128" +# define SSL_TXT_ARIA256 "ARIA256" + +# define SSL_TXT_MD5 "MD5" +# define SSL_TXT_SHA1 "SHA1" +# define SSL_TXT_SHA "SHA"/* same as "SHA1" */ +# define SSL_TXT_GOST94 "GOST94" +# define SSL_TXT_GOST89MAC "GOST89MAC" +# define SSL_TXT_GOST12 "GOST12" +# define SSL_TXT_GOST89MAC12 "GOST89MAC12" +# define SSL_TXT_SHA256 "SHA256" +# define SSL_TXT_SHA384 "SHA384" + +# define SSL_TXT_SSLV3 "SSLv3" +# define SSL_TXT_TLSV1 "TLSv1" +# define SSL_TXT_TLSV1_1 "TLSv1.1" +# define SSL_TXT_TLSV1_2 "TLSv1.2" + +# define SSL_TXT_ALL "ALL" + +/*- + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) + * ciphers normally not being used. + * Example: "RC4" will activate all ciphers using RC4 including ciphers + * without authentication, which would normally disabled by DEFAULT (due + * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" + * will make sure that it is also disabled in the specific selection. + * COMPLEMENTOF* identifiers are portable between version, as adjustments + * to the default cipher setup will also be included here. + * + * COMPLEMENTOFDEFAULT does not experience the same special treatment that + * DEFAULT gets, as only selection is being done and no sorting as needed + * for DEFAULT. + */ +# define SSL_TXT_CMPALL "COMPLEMENTOFALL" +# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" + +/* + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + * This applies to ciphersuites for TLSv1.2 and below. + */ +# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" +/* This is the default set of TLSv1.3 ciphersuites */ +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_CHACHA20_POLY1305_SHA256:" \ + "TLS_AES_128_GCM_SHA256" +# else +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_AES_128_GCM_SHA256" +#endif +/* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is + * throwing out anonymous and unencrypted ciphersuites! (The latter are not + * actually enabled by ALL, but "ALL:RSA" would enable some of them.) + */ + +/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ +# define SSL_SENT_SHUTDOWN 1 +# define SSL_RECEIVED_SHUTDOWN 2 + +#ifdef __cplusplus +} +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +# define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +/* + * This is needed to stop compilers complaining about the 'struct ssl_st *' + * function parameters used to prototype callbacks in SSL_CTX. + */ +typedef struct ssl_st *ssl_crock_st; +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; +typedef struct ssl_method_st SSL_METHOD; +typedef struct ssl_cipher_st SSL_CIPHER; +typedef struct ssl_session_st SSL_SESSION; +typedef struct tls_sigalgs_st TLS_SIGALGS; +typedef struct ssl_conf_ctx_st SSL_CONF_CTX; +typedef struct ssl_comp_st SSL_COMP; + +STACK_OF(SSL_CIPHER); +STACK_OF(SSL_COMP); + +/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ +typedef struct srtp_protection_profile_st { + const char *name; + unsigned long id; +} SRTP_PROTECTION_PROFILE; + +DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) + +typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, + int len, void *arg); +typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg); + +/* Extension context codes */ +/* This extension is only allowed in TLS */ +#define SSL_EXT_TLS_ONLY 0x0001 +/* This extension is only allowed in DTLS */ +#define SSL_EXT_DTLS_ONLY 0x0002 +/* Some extensions may be allowed in DTLS but we don't implement them for it */ +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 +/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ +#define SSL_EXT_SSL3_ALLOWED 0x0008 +/* Extension is only defined for TLS1.2 and below */ +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 +/* Extension is only defined for TLS1.3 and above */ +#define SSL_EXT_TLS1_3_ONLY 0x0020 +/* Ignore this extension during parsing if we are resuming */ +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 +#define SSL_EXT_CLIENT_HELLO 0x0080 +/* Really means TLS1.2 or below */ +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 + +/* Typedefs for handling custom extensions */ + +typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, + const unsigned char **out, size_t *outlen, + int *al, void *add_arg); + +typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, + const unsigned char *out, void *add_arg); + +typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, + const unsigned char *in, size_t inlen, + int *al, void *parse_arg); + + +typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, + size_t chainidx, + int *al, void *add_arg); + +typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *out, + void *add_arg); + +typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, + size_t chainidx, + int *al, void *parse_arg); + +/* Typedef for verification callback */ +typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); + +/* + * Some values are reserved until OpenSSL 1.2.0 because they were previously + * included in SSL_OP_ALL in a 1.1.x release. + * + * Reserved value (until OpenSSL 1.2.0) 0x00000001U + * Reserved value (until OpenSSL 1.2.0) 0x00000002U + */ +/* Allow initial connection to servers that don't support RI */ +# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U + +/* Reserved value (until OpenSSL 1.2.0) 0x00000008U */ +# define SSL_OP_TLSEXT_PADDING 0x00000010U +/* Reserved value (until OpenSSL 1.2.0) 0x00000020U */ +# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U +/* + * Reserved value (until OpenSSL 1.2.0) 0x00000080U + * Reserved value (until OpenSSL 1.2.0) 0x00000100U + * Reserved value (until OpenSSL 1.2.0) 0x00000200U + */ + +/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ +# define SSL_OP_ALLOW_NO_DHE_KEX 0x00000400U + +/* + * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in + * OpenSSL 0.9.6d. Usually (depending on the application protocol) the + * workaround is not needed. Unfortunately some broken SSL/TLS + * implementations cannot handle it at all, which is why we include it in + * SSL_OP_ALL. Added in 0.9.6e + */ +# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U + +/* DTLS options */ +# define SSL_OP_NO_QUERY_MTU 0x00001000U +/* Turn on Cookie Exchange (on relevant for servers) */ +# define SSL_OP_COOKIE_EXCHANGE 0x00002000U +/* Don't use RFC4507 ticket extension */ +# define SSL_OP_NO_TICKET 0x00004000U +# ifndef OPENSSL_NO_DTLS1_METHOD +/* Use Cisco's "speshul" version of DTLS_BAD_VER + * (only with deprecated DTLSv1_client_method()) */ +# define SSL_OP_CISCO_ANYCONNECT 0x00008000U +# endif + +/* As server, disallow session resumption on renegotiation */ +# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U +/* Don't use compression even if supported */ +# define SSL_OP_NO_COMPRESSION 0x00020000U +/* Permit unsafe legacy renegotiation */ +# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U +/* Disable encrypt-then-mac */ +# define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U + +/* + * Enable TLSv1.3 Compatibility mode. This is on by default. A future version + * of OpenSSL may have this disabled by default. + */ +# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0x00100000U + +/* Prioritize Chacha20Poly1305 when client does. + * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */ +# define SSL_OP_PRIORITIZE_CHACHA 0x00200000U + +/* + * Set on servers to choose the cipher according to the server's preferences + */ +# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U +/* + * If set, a server will allow a client to issue a SSLv3.0 version number as + * latest version supported in the premaster secret, even when TLSv1.0 + * (version 3.1) was announced in the client hello. Normally this is + * forbidden to prevent version rollback attacks. + */ +# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U + +/* + * Switches off automatic TLSv1.3 anti-replay protection for early data. This + * is a server-side option only (no effect on the client). + */ +# define SSL_OP_NO_ANTI_REPLAY 0x01000000U + +# define SSL_OP_NO_SSLv3 0x02000000U +# define SSL_OP_NO_TLSv1 0x04000000U +# define SSL_OP_NO_TLSv1_2 0x08000000U +# define SSL_OP_NO_TLSv1_1 0x10000000U +# define SSL_OP_NO_TLSv1_3 0x20000000U + +# define SSL_OP_NO_DTLSv1 0x04000000U +# define SSL_OP_NO_DTLSv1_2 0x08000000U + +# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ + SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3) +# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) + +/* Disallow all renegotiation */ +# define SSL_OP_NO_RENEGOTIATION 0x40000000U + +/* + * Make server add server-hello extension from early version of cryptopro + * draft, when GOST ciphersuite is negotiated. Required for interoperability + * with CryptoPro CSP 3.x + */ +# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U + +/* + * SSL_OP_ALL: various bug workarounds that should be rather harmless. + * This used to be 0x000FFFFFL before 0.9.7. + * This used to be 0x80000BFFU before 1.1.1. + */ +# define SSL_OP_ALL (SSL_OP_CRYPTOPRO_TLSEXT_BUG|\ + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|\ + SSL_OP_LEGACY_SERVER_CONNECT|\ + SSL_OP_TLSEXT_PADDING|\ + SSL_OP_SAFARI_ECDHE_ECDSA_BUG) + +/* OBSOLETE OPTIONS: retained for compatibility */ + +/* Removed from OpenSSL 1.1.0. Was 0x00000001L */ +/* Related to removed SSLv2. */ +# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000002L */ +/* Related to removed SSLv2. */ +# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 +/* Removed from OpenSSL 0.9.8q and 1.0.0c. Was 0x00000008L */ +/* Dead forever, see CVE-2010-4180 */ +# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 +/* Removed from OpenSSL 1.0.1h and 1.0.2. Was 0x00000010L */ +/* Refers to ancient SSLREF and SSLv2. */ +# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000020 */ +# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 +/* Removed from OpenSSL 0.9.7h and 0.9.8b. Was 0x00000040L */ +# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000080 */ +/* Ancient SSLeay version. */ +# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000100L */ +# define SSL_OP_TLS_D5_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000200L */ +# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00080000L */ +# define SSL_OP_SINGLE_ECDH_USE 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00100000L */ +# define SSL_OP_SINGLE_DH_USE 0x0 +/* Removed from OpenSSL 1.0.1k and 1.0.2. Was 0x00200000L */ +# define SSL_OP_EPHEMERAL_RSA 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x01000000L */ +# define SSL_OP_NO_SSLv2 0x0 +/* Removed from OpenSSL 1.0.1. Was 0x08000000L */ +# define SSL_OP_PKCS1_CHECK_1 0x0 +/* Removed from OpenSSL 1.0.1. Was 0x10000000L */ +# define SSL_OP_PKCS1_CHECK_2 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x20000000L */ +# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x40000000L */ +# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 + +/* + * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + * when just a single record has been written): + */ +# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U +/* + * Make it possible to retry SSL_write() with changed buffer location (buffer + * contents must stay the same!); this is not the default to avoid the + * misconception that non-blocking SSL_write() behaves like non-blocking + * write(): + */ +# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U +/* + * Never bother the application with retries if the transport is blocking: + */ +# define SSL_MODE_AUTO_RETRY 0x00000004U +/* Don't attempt to automatically build certificate chain */ +# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U +/* + * Save RAM by releasing read and write buffers when they're empty. (SSL3 and + * TLS only.) Released buffers are freed. + */ +# define SSL_MODE_RELEASE_BUFFERS 0x00000010U +/* + * Send the current time in the Random fields of the ClientHello and + * ServerHello records for compatibility with hypothetical implementations + * that require it. + */ +# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U +# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U +/* + * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications + * that reconnect with a downgraded protocol version; see + * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your + * application attempts a normal handshake. Only use this in explicit + * fallback retries, following the guidance in + * draft-ietf-tls-downgrade-scsv-00. + */ +# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U +/* + * Support Asynchronous operation + */ +# define SSL_MODE_ASYNC 0x00000100U + +/* + * When using DTLS/SCTP, include the terminating zero in the label + * used for computing the endpoint-pair shared secret. Required for + * interoperability with implementations having this bug like these + * older version of OpenSSL: + * - OpenSSL 1.0.0 series + * - OpenSSL 1.0.1 series + * - OpenSSL 1.0.2 series + * - OpenSSL 1.1.0 series + * - OpenSSL 1.1.1 and 1.1.1a + */ +# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U + +/* Cert related flags */ +/* + * Many implementations ignore some aspects of the TLS standards such as + * enforcing certificate chain algorithms. When this is set we enforce them. + */ +# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U + +/* Suite B modes, takes same values as certificate verify flags */ +# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 + +/* Perform all sorts of protocol violations for testing purposes */ +# define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 + +/* Flags for building certificate chains */ +/* Treat any existing certificates as untrusted CAs */ +# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 +/* Don't include root CA in chain */ +# define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +/* Just check certificates already there */ +# define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 +/* Ignore verification errors */ +# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 +/* Clear verification errors from queue */ +# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 + +/* Flags returned by SSL_check_chain */ +/* Certificate can be used with this session */ +# define CERT_PKEY_VALID 0x1 +/* Certificate can also be used for signing */ +# define CERT_PKEY_SIGN 0x2 +/* EE certificate signing algorithm OK */ +# define CERT_PKEY_EE_SIGNATURE 0x10 +/* CA signature algorithms OK */ +# define CERT_PKEY_CA_SIGNATURE 0x20 +/* EE certificate parameters OK */ +# define CERT_PKEY_EE_PARAM 0x40 +/* CA certificate parameters OK */ +# define CERT_PKEY_CA_PARAM 0x80 +/* Signing explicitly allowed as opposed to SHA1 fallback */ +# define CERT_PKEY_EXPLICIT_SIGN 0x100 +/* Client CA issuer names match (always set for server cert) */ +# define CERT_PKEY_ISSUER_NAME 0x200 +/* Cert type matches client types (always set for server cert) */ +# define CERT_PKEY_CERT_TYPE 0x400 +/* Cert chain suitable to Suite B */ +# define CERT_PKEY_SUITEB 0x800 + +# define SSL_CONF_FLAG_CMDLINE 0x1 +# define SSL_CONF_FLAG_FILE 0x2 +# define SSL_CONF_FLAG_CLIENT 0x4 +# define SSL_CONF_FLAG_SERVER 0x8 +# define SSL_CONF_FLAG_SHOW_ERRORS 0x10 +# define SSL_CONF_FLAG_CERTIFICATE 0x20 +# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 +/* Configuration value types */ +# define SSL_CONF_TYPE_UNKNOWN 0x0 +# define SSL_CONF_TYPE_STRING 0x1 +# define SSL_CONF_TYPE_FILE 0x2 +# define SSL_CONF_TYPE_DIR 0x3 +# define SSL_CONF_TYPE_NONE 0x4 + +/* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */ +# define SSL_COOKIE_LENGTH 4096 + +/* + * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they + * cannot be used to clear bits. + */ + +unsigned long SSL_CTX_get_options(const SSL_CTX *ctx); +unsigned long SSL_get_options(const SSL *s); +unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_clear_options(SSL *s, unsigned long op); +unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_set_options(SSL *s, unsigned long op); + +# define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +# define SSL_CTX_clear_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) +# define SSL_clear_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_set_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +# define SSL_get_mode(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) +# define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) +# define DTLS_set_link_mtu(ssl, mtu) \ + SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) +# define DTLS_get_link_min_mtu(ssl) \ + SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) + +# define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_heartbeat(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL) +# endif + +# define SSL_CTX_set_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_set_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_CTX_clear_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) +# define SSL_clear_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +void SSL_set_msg_callback(SSL *ssl, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + +# define SSL_get_extms_support(s) \ + SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) + +# ifndef OPENSSL_NO_SRP + +/* see tls_srp.c */ +__owur int SSL_SRP_CTX_init(SSL *s); +__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); +int SSL_SRP_CTX_free(SSL *ctx); +int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); +__owur int SSL_srp_server_param_with_username(SSL *s, int *ad); +__owur int SRP_Calc_A_param(SSL *s); + +# endif + +/* 100k max cert list */ +# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 + +# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) + +/* + * This callback type is used inside SSL_CTX, SSL, and in the functions that + * set them. It is used to override the generation of SSL/TLS session IDs in + * a server. Return value should be zero on an error, non-zero to proceed. + * Also, callbacks should themselves check if the id they generate is unique + * otherwise the SSL handshake will fail with an error - callbacks can do + * this using the 'ssl' value they're passed by; + * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in + * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32 + * bytes. The callback can alter this length to be less if desired. It is + * also an error for the callback to set the size to zero. + */ +typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id, + unsigned int *id_len); + +# define SSL_SESS_CACHE_OFF 0x0000 +# define SSL_SESS_CACHE_CLIENT 0x0001 +# define SSL_SESS_CACHE_SERVER 0x0002 +# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) +# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ +# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +# define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) + +LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); +# define SSL_CTX_sess_number(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) +# define SSL_CTX_sess_connect(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) +# define SSL_CTX_sess_connect_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) +# define SSL_CTX_sess_connect_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) +# define SSL_CTX_sess_accept_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) +# define SSL_CTX_sess_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) +# define SSL_CTX_sess_cb_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) +# define SSL_CTX_sess_misses(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) +# define SSL_CTX_sess_timeouts(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) +# define SSL_CTX_sess_cache_full(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) + +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, + int (*new_session_cb) (struct ssl_st *ssl, + SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + SSL_SESSION *sess); +void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, + void (*remove_session_cb) (struct ssl_ctx_st + *ctx, + SSL_SESSION *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, + SSL_SESSION *sess); +void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, + SSL_SESSION *(*get_session_cb) (struct ssl_st + *ssl, + const unsigned char + *data, int len, + int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + const unsigned char *data, + int len, int *copy); +void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, + int val); +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*client_cert_cb) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey); +# ifndef OPENSSL_NO_ENGINE +__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); +# endif +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*app_gen_cookie_cb) (SSL *ssl, + unsigned char + *cookie, + unsigned int + *cookie_len)); +void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*app_verify_cookie_cb) (SSL *ssl, + const unsigned + char *cookie, + unsigned int + cookie_len)); + +void SSL_CTX_set_stateless_cookie_generate_cb( + SSL_CTX *ctx, + int (*gen_stateless_cookie_cb) (SSL *ssl, + unsigned char *cookie, + size_t *cookie_len)); +void SSL_CTX_set_stateless_cookie_verify_cb( + SSL_CTX *ctx, + int (*verify_stateless_cookie_cb) (SSL *ssl, + const unsigned char *cookie, + size_t cookie_len)); +# ifndef OPENSSL_NO_NEXTPROTONEG + +typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg); +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, + SSL_CTX_npn_advertised_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb + +typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, + SSL_CTX_npn_select_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb + +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len); +# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated +# endif + +__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); + +# define OPENSSL_NPN_UNSUPPORTED 0 +# define OPENSSL_NPN_NEGOTIATED 1 +# define OPENSSL_NPN_NO_OVERLAP 2 + +__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, + unsigned int protos_len); +__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, + unsigned int protos_len); +typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + SSL_CTX_alpn_select_cb_func cb, + void *arg); +void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, + unsigned int *len); + +# ifndef OPENSSL_NO_PSK +/* + * the maximum length of the buffer given to callbacks containing the + * resulting identity/psk + */ +# define PSK_MAX_IDENTITY_LEN 128 +# define PSK_MAX_PSK_LEN 256 +typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, + const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); +void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); + +typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, + const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); +void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); + +__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); +__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); +const char *SSL_get_psk_identity_hint(const SSL *s); +const char *SSL_get_psk_identity(const SSL *s); +# endif + +typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, + const unsigned char *identity, + size_t identity_len, + SSL_SESSION **sess); +typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, + const unsigned char **id, + size_t *idlen, + SSL_SESSION **sess); + +void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); +void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, + SSL_psk_find_session_cb_func cb); +void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, + SSL_psk_use_session_cb_func cb); + +/* Register callbacks to handle custom TLS Extensions for client or server. */ + +__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, + unsigned int ext_type); + +__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg); + +__owur int SSL_extension_supported(unsigned int ext_type); + +# define SSL_NOTHING 1 +# define SSL_WRITING 2 +# define SSL_READING 3 +# define SSL_X509_LOOKUP 4 +# define SSL_ASYNC_PAUSED 5 +# define SSL_ASYNC_NO_JOBS 6 +# define SSL_CLIENT_HELLO_CB 7 + +/* These will only be used when doing non-blocking IO */ +# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +# define SSL_want_read(s) (SSL_want(s) == SSL_READING) +# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) +# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) +# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) + +# define SSL_MAC_FLAG_READ_MAC_STREAM 1 +# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 + +/* + * A callback for logging out TLS key material. This callback should log out + * |line| followed by a newline. + */ +typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); + +/* + * SSL_CTX_set_keylog_callback configures a callback to log key material. This + * is intended for debugging use with tools like Wireshark. The cb function + * should log line followed by a newline. + */ +void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); + +/* + * SSL_CTX_get_keylog_callback returns the callback configured by + * SSL_CTX_set_keylog_callback. + */ +SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); + +int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); +uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); +int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); +uint32_t SSL_get_max_early_data(const SSL *s); +int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); +uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); +int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); +uint32_t SSL_get_recv_max_early_data(const SSL *s); + +#ifdef __cplusplus +} +#endif + +# include +# include +# include /* This is mostly sslv3 with a few tweaks */ +# include /* Datagram TLS */ +# include /* Support for the use_srtp extension */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * These need to be after the above set of includes due to a compiler bug + * in VisualStudio 2015 + */ +DEFINE_STACK_OF_CONST(SSL_CIPHER) +DEFINE_STACK_OF(SSL_COMP) + +/* compatibility */ +# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)(arg))) +# define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) +# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0, \ + (char *)(a))) +# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) +# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) +# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0, \ + (char *)(arg))) +DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug)) + +/* TLSv1.3 KeyUpdate message types */ +/* -1 used so that this is an invalid value for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NONE -1 +/* Values as defined for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NOT_REQUESTED 0 +#define SSL_KEY_UPDATE_REQUESTED 1 + +/* + * The valid handshake states (one for each type message sent and one for each + * type of message received). There are also two "special" states: + * TLS = TLS or DTLS state + * DTLS = DTLS specific state + * CR/SR = Client Read/Server Read + * CW/SW = Client Write/Server Write + * + * The "special" states are: + * TLS_ST_BEFORE = No handshake has been initiated yet + * TLS_ST_OK = A handshake has been successfully completed + */ +typedef enum { + TLS_ST_BEFORE, + TLS_ST_OK, + DTLS_ST_CR_HELLO_VERIFY_REQUEST, + TLS_ST_CR_SRVR_HELLO, + TLS_ST_CR_CERT, + TLS_ST_CR_CERT_STATUS, + TLS_ST_CR_KEY_EXCH, + TLS_ST_CR_CERT_REQ, + TLS_ST_CR_SRVR_DONE, + TLS_ST_CR_SESSION_TICKET, + TLS_ST_CR_CHANGE, + TLS_ST_CR_FINISHED, + TLS_ST_CW_CLNT_HELLO, + TLS_ST_CW_CERT, + TLS_ST_CW_KEY_EXCH, + TLS_ST_CW_CERT_VRFY, + TLS_ST_CW_CHANGE, + TLS_ST_CW_NEXT_PROTO, + TLS_ST_CW_FINISHED, + TLS_ST_SW_HELLO_REQ, + TLS_ST_SR_CLNT_HELLO, + DTLS_ST_SW_HELLO_VERIFY_REQUEST, + TLS_ST_SW_SRVR_HELLO, + TLS_ST_SW_CERT, + TLS_ST_SW_KEY_EXCH, + TLS_ST_SW_CERT_REQ, + TLS_ST_SW_SRVR_DONE, + TLS_ST_SR_CERT, + TLS_ST_SR_KEY_EXCH, + TLS_ST_SR_CERT_VRFY, + TLS_ST_SR_NEXT_PROTO, + TLS_ST_SR_CHANGE, + TLS_ST_SR_FINISHED, + TLS_ST_SW_SESSION_TICKET, + TLS_ST_SW_CERT_STATUS, + TLS_ST_SW_CHANGE, + TLS_ST_SW_FINISHED, + TLS_ST_SW_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_CERT_VRFY, + TLS_ST_SW_CERT_VRFY, + TLS_ST_CR_HELLO_REQ, + TLS_ST_SW_KEY_UPDATE, + TLS_ST_CW_KEY_UPDATE, + TLS_ST_SR_KEY_UPDATE, + TLS_ST_CR_KEY_UPDATE, + TLS_ST_EARLY_DATA, + TLS_ST_PENDING_EARLY_DATA_END, + TLS_ST_CW_END_OF_EARLY_DATA, + TLS_ST_SR_END_OF_EARLY_DATA +} OSSL_HANDSHAKE_STATE; + +/* + * Most of the following state values are no longer used and are defined to be + * the closest equivalent value in the current state machine code. Not all + * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT + * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP, + * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. + */ + +# define SSL_ST_CONNECT 0x1000 +# define SSL_ST_ACCEPT 0x2000 + +# define SSL_ST_MASK 0x0FFF + +# define SSL_CB_LOOP 0x01 +# define SSL_CB_EXIT 0x02 +# define SSL_CB_READ 0x04 +# define SSL_CB_WRITE 0x08 +# define SSL_CB_ALERT 0x4000/* used in callback */ +# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) +# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) +# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) +# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) +# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) +# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) +# define SSL_CB_HANDSHAKE_START 0x10 +# define SSL_CB_HANDSHAKE_DONE 0x20 + +/* Is the SSL_connection established? */ +# define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) +# define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) +int SSL_in_init(const SSL *s); +int SSL_in_before(const SSL *s); +int SSL_is_init_finished(const SSL *s); + +/* + * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you + * should not need these + */ +# define SSL_ST_READ_HEADER 0xF0 +# define SSL_ST_READ_BODY 0xF1 +# define SSL_ST_READ_DONE 0xF2 + +/*- + * Obtain latest Finished message + * -- that we sent (SSL_get_finished) + * -- that we expected from peer (SSL_get_peer_finished). + * Returns length (0 == no Finished so far), copies up to 'count' bytes. + */ +size_t SSL_get_finished(const SSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + +/* + * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are + * 'ored' with SSL_VERIFY_PEER if they are desired + */ +# define SSL_VERIFY_NONE 0x00 +# define SSL_VERIFY_PEER 0x01 +# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +# define SSL_VERIFY_CLIENT_ONCE 0x04 +# define SSL_VERIFY_POST_HANDSHAKE 0x08 + +# if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSL_add_ssl_algorithms() SSL_library_init() +# define SSLeay_add_ssl_algorithms() SSL_library_init() +# endif + +/* More backward compatibility */ +# define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_cipher_bits(s,np) \ + SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +# define SSL_get_cipher_version(s) \ + SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +# define SSL_get_cipher_name(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_time(a) SSL_SESSION_get_time(a) +# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) +# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) +# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) + +# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) +# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) + +DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) +# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value + * from SSL_AD_... */ +/* These alert types are for SSLv3 and TLSv1 */ +# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY +/* fatal */ +# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +/* fatal */ +# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC +# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED +# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW +/* fatal */ +# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +/* fatal */ +# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +/* Not for TLS */ +# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE +# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE +# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE +# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED +# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED +# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN +/* fatal */ +# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +/* fatal */ +# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +/* fatal */ +# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +/* fatal */ +# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR +# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR +/* fatal */ +# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +/* fatal */ +# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +/* fatal */ +# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +/* fatal */ +# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR +# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED +# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +# define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION +# define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED +# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION +# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE +# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE +# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE +/* fatal */ +# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +/* fatal */ +# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK +# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL +# define SSL_ERROR_NONE 0 +# define SSL_ERROR_SSL 1 +# define SSL_ERROR_WANT_READ 2 +# define SSL_ERROR_WANT_WRITE 3 +# define SSL_ERROR_WANT_X509_LOOKUP 4 +# define SSL_ERROR_SYSCALL 5/* look at error stack/return + * value/errno */ +# define SSL_ERROR_ZERO_RETURN 6 +# define SSL_ERROR_WANT_CONNECT 7 +# define SSL_ERROR_WANT_ACCEPT 8 +# define SSL_ERROR_WANT_ASYNC 9 +# define SSL_ERROR_WANT_ASYNC_JOB 10 +# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 +# define SSL_CTRL_SET_TMP_DH 3 +# define SSL_CTRL_SET_TMP_ECDH 4 +# define SSL_CTRL_SET_TMP_DH_CB 6 +# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 +# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +# define SSL_CTRL_GET_FLAGS 13 +# define SSL_CTRL_EXTRA_CHAIN_CERT 14 +# define SSL_CTRL_SET_MSG_CALLBACK 15 +# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 +/* only applies to datagram connections */ +# define SSL_CTRL_SET_MTU 17 +/* Stats */ +# define SSL_CTRL_SESS_NUMBER 20 +# define SSL_CTRL_SESS_CONNECT 21 +# define SSL_CTRL_SESS_CONNECT_GOOD 22 +# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 +# define SSL_CTRL_SESS_ACCEPT 24 +# define SSL_CTRL_SESS_ACCEPT_GOOD 25 +# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 +# define SSL_CTRL_SESS_HIT 27 +# define SSL_CTRL_SESS_CB_HIT 28 +# define SSL_CTRL_SESS_MISSES 29 +# define SSL_CTRL_SESS_TIMEOUTS 30 +# define SSL_CTRL_SESS_CACHE_FULL 31 +# define SSL_CTRL_MODE 33 +# define SSL_CTRL_GET_READ_AHEAD 40 +# define SSL_CTRL_SET_READ_AHEAD 41 +# define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +# define SSL_CTRL_GET_SESS_CACHE_SIZE 43 +# define SSL_CTRL_SET_SESS_CACHE_MODE 44 +# define SSL_CTRL_GET_SESS_CACHE_MODE 45 +# define SSL_CTRL_GET_MAX_CERT_LIST 50 +# define SSL_CTRL_SET_MAX_CERT_LIST 51 +# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 +/* see tls1.h for macros based on these */ +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 +# define SSL_CTRL_SET_SRP_ARG 78 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT 85 +# define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING 86 +# define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS 87 +# endif +# define DTLS_CTRL_GET_TIMEOUT 73 +# define DTLS_CTRL_HANDLE_TIMEOUT 74 +# define SSL_CTRL_GET_RI_SUPPORT 76 +# define SSL_CTRL_CLEAR_MODE 78 +# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 +# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +# define SSL_CTRL_CHAIN 88 +# define SSL_CTRL_CHAIN_CERT 89 +# define SSL_CTRL_GET_GROUPS 90 +# define SSL_CTRL_SET_GROUPS 91 +# define SSL_CTRL_SET_GROUPS_LIST 92 +# define SSL_CTRL_GET_SHARED_GROUP 93 +# define SSL_CTRL_SET_SIGALGS 97 +# define SSL_CTRL_SET_SIGALGS_LIST 98 +# define SSL_CTRL_CERT_FLAGS 99 +# define SSL_CTRL_CLEAR_CERT_FLAGS 100 +# define SSL_CTRL_SET_CLIENT_SIGALGS 101 +# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 +# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 +# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 +# define SSL_CTRL_BUILD_CERT_CHAIN 105 +# define SSL_CTRL_SET_VERIFY_CERT_STORE 106 +# define SSL_CTRL_SET_CHAIN_CERT_STORE 107 +# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 +# define SSL_CTRL_GET_PEER_TMP_KEY 109 +# define SSL_CTRL_GET_RAW_CIPHERLIST 110 +# define SSL_CTRL_GET_EC_POINT_FORMATS 111 +# define SSL_CTRL_GET_CHAIN_CERTS 115 +# define SSL_CTRL_SELECT_CURRENT_CERT 116 +# define SSL_CTRL_SET_CURRENT_CERT 117 +# define SSL_CTRL_SET_DH_AUTO 118 +# define DTLS_CTRL_SET_LINK_MTU 120 +# define DTLS_CTRL_GET_LINK_MIN_MTU 121 +# define SSL_CTRL_GET_EXTMS_SUPPORT 122 +# define SSL_CTRL_SET_MIN_PROTO_VERSION 123 +# define SSL_CTRL_SET_MAX_PROTO_VERSION 124 +# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 +# define SSL_CTRL_SET_MAX_PIPELINES 126 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 +# define SSL_CTRL_GET_MIN_PROTO_VERSION 130 +# define SSL_CTRL_GET_MAX_PROTO_VERSION 131 +# define SSL_CTRL_GET_SIGNATURE_NID 132 +# define SSL_CTRL_GET_TMP_KEY 133 +# define SSL_CERT_SET_FIRST 1 +# define SSL_CERT_SET_NEXT 2 +# define SSL_CERT_SET_SERVER 3 +# define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg)) +# define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) +# define SSL_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_clear_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) +# define SSL_CTX_set_tmp_dh(ctx,dh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# define SSL_CTX_set_dh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_dh_auto(s, onoff) \ + SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_tmp_dh(ssl,dh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# define SSL_set_tmp_ecdh(ssl,ecdh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# define SSL_CTX_add_extra_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_get_extra_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) +# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) +# define SSL_CTX_clear_extra_chain_certs(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) +# define SSL_CTX_set0_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_CTX_set1_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_CTX_add0_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_add1_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_CTX_get0_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_CTX_clear_chain_certs(ctx) \ + SSL_CTX_set0_chain(ctx,NULL) +# define SSL_CTX_build_cert_chain(ctx, flags) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_CTX_select_current_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_CTX_set_current_cert(ctx, op) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_CTX_set0_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +# define SSL_CTX_set0_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_set0_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_set1_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_add0_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_add1_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_get0_chain_certs(s,px509) \ + SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_clear_chain_certs(s) \ + SSL_set0_chain(s,NULL) +# define SSL_build_cert_chain(s, flags) \ + SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_select_current_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_set_current_cert(s,op) \ + SSL_ctrl(s,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_set0_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_set1_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +# define SSL_set0_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_set1_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_get1_groups(s, glist) \ + SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) +# define SSL_CTX_set1_groups(ctx, glist, glistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_CTX_set1_groups_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) +# define SSL_set1_groups(s, glist, glistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_set1_groups_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str)) +# define SSL_get_shared_group(s, n) \ + SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) +# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(str)) +# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_client_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_client_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(str)) +# define SSL_get0_certificate_types(s, clist) \ + SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) +# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \ + (char *)(clist)) +# define SSL_set1_client_certificate_types(s, clist, clistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) +# define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) +# define SSL_get_peer_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) +# define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) +# define SSL_get_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) +# define SSL_get0_raw_cipherlist(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) +# define SSL_get0_ec_point_formats(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) +# define SSL_CTX_set_min_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_CTX_set_max_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_CTX_get_min_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_CTX_get_max_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +# define SSL_set_min_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_set_max_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_get_min_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_get_max_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) + +/* Backwards compatibility, original 1.1.0 names */ +# define SSL_CTRL_GET_SERVER_TMP_KEY \ + SSL_CTRL_GET_PEER_TMP_KEY +# define SSL_get_server_tmp_key(s, pk) \ + SSL_get_peer_tmp_key(s, pk) + +/* + * The following symbol names are old and obsolete. They are kept + * for compatibility reasons only and should not be used anymore. + */ +# define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS +# define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS +# define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST +# define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP + +# define SSL_get1_curves SSL_get1_groups +# define SSL_CTX_set1_curves SSL_CTX_set1_groups +# define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list +# define SSL_set1_curves SSL_set1_groups +# define SSL_set1_curves_list SSL_set1_groups_list +# define SSL_get_shared_curve SSL_get_shared_group + + +# if OPENSSL_API_COMPAT < 0x10100000L +/* Provide some compatibility macros for removed functionality. */ +# define SSL_CTX_need_tmp_RSA(ctx) 0 +# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 +# define SSL_need_tmp_RSA(ssl) 0 +# define SSL_set_tmp_rsa(ssl,rsa) 1 +# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +/* + * We "pretend" to call the callback to avoid warnings about unused static + * functions. + */ +# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) +# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) +# endif +__owur const BIO_METHOD *BIO_f_ssl(void); +__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from); +void BIO_ssl_shutdown(BIO *ssl_bio); + +__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); +__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +int SSL_CTX_up_ref(SSL_CTX *ctx); +void SSL_CTX_free(SSL_CTX *); +__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); +__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); +void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); +void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *); +__owur int SSL_want(const SSL *s); +__owur int SSL_clear(SSL *s); + +void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); + +__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s); +__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); +__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); +__owur const char *OPENSSL_cipher_name(const char *rfc_name); +__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +__owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); +__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c); + +__owur int SSL_get_fd(const SSL *s); +__owur int SSL_get_rfd(const SSL *s); +__owur int SSL_get_wfd(const SSL *s); +__owur const char *SSL_get_cipher_list(const SSL *s, int n); +__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); +__owur int SSL_get_read_ahead(const SSL *s); +__owur int SSL_pending(const SSL *s); +__owur int SSL_has_pending(const SSL *s); +# ifndef OPENSSL_NO_SOCK +__owur int SSL_set_fd(SSL *s, int fd); +__owur int SSL_set_rfd(SSL *s, int fd); +__owur int SSL_set_wfd(SSL *s, int fd); +# endif +void SSL_set0_rbio(SSL *s, BIO *rbio); +void SSL_set0_wbio(SSL *s, BIO *wbio); +void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); +__owur BIO *SSL_get_rbio(const SSL *s); +__owur BIO *SSL_get_wbio(const SSL *s); +__owur int SSL_set_cipher_list(SSL *s, const char *str); +__owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +__owur int SSL_set_ciphersuites(SSL *s, const char *str); +void SSL_set_read_ahead(SSL *s, int yes); +__owur int SSL_get_verify_mode(const SSL *s); +__owur int SSL_get_verify_depth(const SSL *s); +__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s); +void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback); +void SSL_set_verify_depth(SSL *s, int depth); +void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); +# ifndef OPENSSL_NO_RSA +__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, + long len); +# endif +__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, + long len); +__owur int SSL_use_certificate(SSL *ssl, X509 *x); +__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); +__owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + + +/* serverinfo file format versions */ +# define SSL_SERVERINFOV1 1 +# define SSL_SERVERINFOV2 2 + +/* Set serverinfo data for the current active cert. */ +__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, + const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); + +#ifndef OPENSSL_NO_RSA +__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +#endif + +__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); + +#ifndef OPENSSL_NO_RSA +__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +#endif +__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, + int type); +/* PEM type */ +__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *file); +int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *dir); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_load_error_strings() \ + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# endif + +__owur const char *SSL_state_string(const SSL *s); +__owur const char *SSL_rstate_string(const SSL *s); +__owur const char *SSL_state_string_long(const SSL *s); +__owur const char *SSL_rstate_string_long(const SSL *s); +__owur long SSL_SESSION_get_time(const SSL_SESSION *s); +__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t); +__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s); +__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); + +__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len); +__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, + const unsigned char *alpn, + size_t len); +__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); +__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); +__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); +__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, + size_t *len); +__owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); +__owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s, + uint32_t max_early_data); +__owur int SSL_copy_session_id(SSL *to, const SSL *from); +__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); +__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, + unsigned int sid_len); +__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); + +__owur SSL_SESSION *SSL_SESSION_new(void); +__owur SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, + unsigned int *len); +const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, + unsigned int *len); +__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +# ifndef OPENSSL_NO_STDIO +int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); +# endif +int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +int SSL_SESSION_up_ref(SSL_SESSION *ses); +void SSL_SESSION_free(SSL_SESSION *ses); +__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +__owur int SSL_set_session(SSL *to, SSL_SESSION *session); +int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session); +int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session); +__owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +__owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb); +__owur int SSL_has_matching_session_id(const SSL *s, + const unsigned char *id, + unsigned int id_len); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, + long length); + +# ifdef HEADER_X509_H +__owur X509 *SSL_get_peer_certificate(const SSL *s); +# endif + +__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); + +__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx); +void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback); +void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, + int (*cb) (X509_STORE_CTX *, void *), + void *arg); +void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), + void *arg); +# ifndef OPENSSL_NO_RSA +__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, + long len); +# endif +__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, + const unsigned char *d, long len); +__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, + const unsigned char *d); +__owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); +pem_password_cb *SSL_get_default_passwd_cb(SSL *s); +void *SSL_get_default_passwd_cb_userdata(SSL *s); + +__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); +__owur int SSL_check_private_key(const SSL *ctx); + +__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +SSL *SSL_new(SSL_CTX *ctx); +int SSL_up_ref(SSL *s); +int SSL_is_dtls(const SSL *s); +__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +__owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); +__owur int SSL_set_purpose(SSL *ssl, int purpose); +__owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); +__owur int SSL_set_trust(SSL *ssl, int trust); + +__owur int SSL_set1_host(SSL *s, const char *hostname); +__owur int SSL_add1_host(SSL *s, const char *hostname); +__owur const char *SSL_get0_peername(SSL *s); +void SSL_set_hostflags(SSL *s, unsigned int flags); + +__owur int SSL_CTX_dane_enable(SSL_CTX *ctx); +__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, + uint8_t mtype, uint8_t ord); +__owur int SSL_dane_enable(SSL *s, const char *basedomain); +__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, + uint8_t mtype, unsigned const char *data, size_t dlen); +__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); +__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, + uint8_t *mtype, unsigned const char **data, + size_t *dlen); +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +SSL_DANE *SSL_get0_dane(SSL *ssl); +/* + * DANE flags + */ +unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); +unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); + +__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); + +__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); +__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); + +# ifndef OPENSSL_NO_SRP +int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); +int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); +int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); +int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, + char *(*cb) (SSL *, void *)); +int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, + int (*cb) (SSL *, void *)); +int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, + int (*cb) (SSL *, int *, void *)); +int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); + +int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, + BIGNUM *sa, BIGNUM *v, char *info); +int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, + const char *grp); + +__owur BIGNUM *SSL_get_srp_g(SSL *s); +__owur BIGNUM *SSL_get_srp_N(SSL *s); + +__owur char *SSL_get_srp_username(SSL *s); +__owur char *SSL_get_srp_userinfo(SSL *s); +# endif + +/* + * ClientHello callback and helpers. + */ + +# define SSL_CLIENT_HELLO_SUCCESS 1 +# define SSL_CLIENT_HELLO_ERROR 0 +# define SSL_CLIENT_HELLO_RETRY (-1) + +typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg); +void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, + void *arg); +int SSL_client_hello_isv2(SSL *s); +unsigned int SSL_client_hello_get0_legacy_version(SSL *s); +size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_compression_methods(SSL *s, + const unsigned char **out); +int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); +int SSL_client_hello_get0_ext(SSL *s, unsigned int type, + const unsigned char **out, size_t *outlen); + +void SSL_certs_clear(SSL *s); +void SSL_free(SSL *ssl); +# ifdef OSSL_ASYNC_FD +/* + * Windows application developer has to include windows.h to use these. + */ +__owur int SSL_waiting_for_async(SSL *s); +__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); +__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +# endif +__owur int SSL_accept(SSL *ssl); +__owur int SSL_stateless(SSL *s); +__owur int SSL_connect(SSL *ssl); +__owur int SSL_read(SSL *ssl, void *buf, int num); +__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); + +# define SSL_READ_EARLY_DATA_ERROR 0 +# define SSL_READ_EARLY_DATA_SUCCESS 1 +# define SSL_READ_EARLY_DATA_FINISH 2 + +__owur int SSL_read_early_data(SSL *s, void *buf, size_t num, + size_t *readbytes); +__owur int SSL_peek(SSL *ssl, void *buf, int num); +__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +__owur int SSL_write(SSL *ssl, const void *buf, int num); +__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); +__owur int SSL_write_early_data(SSL *s, const void *buf, size_t num, + size_t *written); +long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +long SSL_callback_ctrl(SSL *, int, void (*)(void)); +long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); + +# define SSL_EARLY_DATA_NOT_SENT 0 +# define SSL_EARLY_DATA_REJECTED 1 +# define SSL_EARLY_DATA_ACCEPTED 2 + +__owur int SSL_get_early_data_status(const SSL *s); + +__owur int SSL_get_error(const SSL *s, int ret_code); +__owur const char *SSL_get_version(const SSL *s); + +/* This sets the 'default' SSL version that SSL_new() will create */ +__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + +# ifndef OPENSSL_NO_SSL3_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) +# endif + +#define SSLv23_method TLS_method +#define SSLv23_server_method TLS_server_method +#define SSLv23_client_method TLS_client_method + +/* Negotiate highest available SSL/TLS version */ +__owur const SSL_METHOD *TLS_method(void); +__owur const SSL_METHOD *TLS_server_method(void); +__owur const SSL_METHOD *TLS_client_method(void); + +# ifndef OPENSSL_NO_TLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_TLS1_1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_TLS1_2_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) +# endif + +# ifndef OPENSSL_NO_DTLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_DTLS1_2_METHOD +/* DTLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) +# endif + +__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ + +__owur size_t DTLS_get_data_mtu(const SSL *s); + +__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); +__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); + +__owur int SSL_do_handshake(SSL *s); +int SSL_key_update(SSL *s, int updatetype); +int SSL_get_key_update_type(const SSL *s); +int SSL_renegotiate(SSL *s); +int SSL_renegotiate_abbreviated(SSL *s); +__owur int SSL_renegotiate_pending(const SSL *s); +int SSL_shutdown(SSL *s); +__owur int SSL_verify_client_post_handshake(SSL *s); +void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +void SSL_set_post_handshake_auth(SSL *s, int val); + +__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); +__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s); +__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +__owur const char *SSL_alert_type_string_long(int value); +__owur const char *SSL_alert_type_string(int value); +__owur const char *SSL_alert_desc_string_long(int value); +__owur const char *SSL_alert_desc_string(int value); + +void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); +__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); +__owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); +__owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); +__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); + +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); +__owur int SSL_add_client_CA(SSL *ssl, X509 *x); +__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + +void SSL_set_connect_state(SSL *s); +void SSL_set_accept_state(SSL *s); + +__owur long SSL_get_default_timeout(const SSL *s); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_library_init() OPENSSL_init_ssl(0, NULL) +# endif + +__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); +__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); + +__owur SSL *SSL_dup(SSL *ssl); + +__owur X509 *SSL_get_certificate(const SSL *ssl); +/* + * EVP_PKEY + */ +struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); + +__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); +__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); + +void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +void SSL_set_quiet_shutdown(SSL *ssl, int mode); +__owur int SSL_get_quiet_shutdown(const SSL *ssl); +void SSL_set_shutdown(SSL *ssl, int mode); +__owur int SSL_get_shutdown(const SSL *ssl); +__owur int SSL_version(const SSL *ssl); +__owur int SSL_client_version(const SSL *s); +__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath); +# define SSL_get0_session SSL_get_session/* just peek at pointer */ +__owur SSL_SESSION *SSL_get_session(const SSL *ssl); +__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ +__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); +void SSL_set_info_callback(SSL *ssl, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, + int val); +__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); + +void SSL_set_verify_result(SSL *ssl, long v); +__owur long SSL_get_verify_result(const SSL *ssl); +__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); + +__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess, + unsigned char *out, size_t outlen); +__owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess, + const unsigned char *in, size_t len); +uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess); + +#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) +__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); +void *SSL_get_ex_data(const SSL *ssl, int idx); +#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef) +__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); +void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); +#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) +__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); +void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); + +__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); + +# define SSL_CTX_sess_set_cache_size(ctx,t) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) +# define SSL_CTX_sess_get_cache_size(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) +# define SSL_CTX_set_session_cache_mode(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) +# define SSL_CTX_get_session_cache_mode(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) + +# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) +# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) +# define SSL_CTX_get_read_ahead(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) +# define SSL_CTX_set_read_ahead(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) +# define SSL_CTX_get_max_cert_list(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_CTX_set_max_cert_list(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) +# define SSL_get_max_cert_list(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_set_max_cert_list(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) + +# define SSL_CTX_set_max_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_set_max_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_split_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_set_split_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_max_pipelines(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) +# define SSL_set_max_pipelines(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) + +void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +void SSL_set_default_read_buffer_len(SSL *s, size_t len); + +# ifndef OPENSSL_NO_DH +/* NB: the |keylength| is only applicable when is_export is true */ +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +void SSL_set_tmp_dh_callback(SSL *ssl, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +# endif + +__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); +__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); +__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); +__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); +__owur int SSL_COMP_get_id(const SSL_COMP *comp); +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) + *meths); +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_COMP_free_compression_methods() while(0) continue +# endif +__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + +const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); +int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, + int isv2format, STACK_OF(SSL_CIPHER) **sk, + STACK_OF(SSL_CIPHER) **scsvs); + +/* TLS extensions functions */ +__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); + +__owur int SSL_set_session_ticket_ext_cb(SSL *s, + tls_session_ticket_ext_cb_fn cb, + void *arg); + +/* Pre-shared secret session resumption functions */ +__owur int SSL_set_session_secret_cb(SSL *s, + tls_session_secret_cb_fn session_secret_cb, + void *arg); + +void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, + int (*cb) (SSL *ssl, + int + is_forward_secure)); + +void SSL_set_not_resumable_session_callback(SSL *ssl, + int (*cb) (SSL *ssl, + int is_forward_secure)); + +void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); +void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); +int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); + +void SSL_set_record_padding_callback(SSL *ssl, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); +void *SSL_get_record_padding_callback_arg(const SSL *ssl); +int SSL_set_block_padding(SSL *ssl, size_t block_size); + +int SSL_set_num_tickets(SSL *s, size_t num_tickets); +size_t SSL_get_num_tickets(const SSL *s); +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_cache_hit(s) SSL_session_reused(s) +# endif + +__owur int SSL_session_reused(const SSL *s); +__owur int SSL_is_server(const SSL *s); + +__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); +int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); +void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, + unsigned int flags); +__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); + +void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); + +__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); + +void SSL_add_ssl_module(void); +int SSL_config(SSL *s, const char *name); +int SSL_CTX_config(SSL_CTX *ctx, const char *name); + +# ifndef OPENSSL_NO_SSL_TRACE +void SSL_trace(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); +# endif + +# ifndef OPENSSL_NO_SOCK +int DTLSv1_listen(SSL *s, BIO_ADDR *client); +# endif + +# ifndef OPENSSL_NO_CT + +/* + * A callback for verifying that the received SCTs are sufficient. + * Expected to return 1 if they are sufficient, otherwise 0. + * May return a negative integer if an error occurs. + * A connection should be aborted if the SCTs are deemed insufficient. + */ +typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *arg); + +/* + * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate + * the received SCTs. + * If the callback returns a non-positive result, the connection is terminated. + * Call this function before beginning a handshake. + * If a NULL |callback| is provided, SCT validation is disabled. + * |arg| is arbitrary userdata that will be passed to the callback whenever it + * is invoked. Ownership of |arg| remains with the caller. + * + * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response + * will be requested. + */ +int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, + void *arg); +int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, + ssl_ct_validation_cb callback, + void *arg); +#define SSL_disable_ct(s) \ + ((void) SSL_set_validation_callback((s), NULL, NULL)) +#define SSL_CTX_disable_ct(ctx) \ + ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL)) + +/* + * The validation type enumerates the available behaviours of the built-in SSL + * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct(). + * The underlying callback is a static function in libssl. + */ +enum { + SSL_CT_VALIDATION_PERMISSIVE = 0, + SSL_CT_VALIDATION_STRICT +}; + +/* + * Enable CT by setting up a callback that implements one of the built-in + * validation variants. The SSL_CT_VALIDATION_PERMISSIVE variant always + * continues the handshake, the application can make appropriate decisions at + * handshake completion. The SSL_CT_VALIDATION_STRICT variant requires at + * least one valid SCT, or else handshake termination will be requested. The + * handshake may continue anyway if SSL_VERIFY_NONE is in effect. + */ +int SSL_enable_ct(SSL *s, int validation_mode); +int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); + +/* + * Report whether a non-NULL callback is enabled. + */ +int SSL_ct_is_enabled(const SSL *s); +int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); + +/* Gets the SCTs received from a connection */ +const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); + +/* + * Loads the CT log list from the default location. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); + +/* + * Loads the CT log list from the specified file path. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); + +/* + * Sets the CT log list used by all SSL connections created from this SSL_CTX. + * Ownership of the CTLOG_STORE is transferred to the SSL_CTX. + */ +void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs); + +/* + * Gets the CT log list used by all SSL connections created from this SSL_CTX. + * This will be NULL unless one of the following functions has been called: + * - SSL_CTX_set_default_ctlog_list_file + * - SSL_CTX_set_ctlog_list_file + * - SSL_CTX_set_ctlog_store + */ +const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); + +# endif /* OPENSSL_NO_CT */ + +/* What the "other" parameter contains in security callback */ +/* Mask for type */ +# define SSL_SECOP_OTHER_TYPE 0xffff0000 +# define SSL_SECOP_OTHER_NONE 0 +# define SSL_SECOP_OTHER_CIPHER (1 << 16) +# define SSL_SECOP_OTHER_CURVE (2 << 16) +# define SSL_SECOP_OTHER_DH (3 << 16) +# define SSL_SECOP_OTHER_PKEY (4 << 16) +# define SSL_SECOP_OTHER_SIGALG (5 << 16) +# define SSL_SECOP_OTHER_CERT (6 << 16) + +/* Indicated operation refers to peer key or certificate */ +# define SSL_SECOP_PEER 0x1000 + +/* Values for "op" parameter in security callback */ + +/* Called to filter ciphers */ +/* Ciphers client supports */ +# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +/* Cipher shared by client/server */ +# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +/* Sanity check of cipher server selects */ +# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +/* Curves supported by client */ +# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +/* Curves shared by client/server */ +# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +/* Sanity check of curve server selects */ +# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +/* Temporary DH key */ +# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) +/* SSL/TLS version */ +# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +/* Session tickets */ +# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +/* Supported signature algorithms sent to peer */ +# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +/* Shared signature algorithm */ +# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +/* Sanity check signature algorithm allowed */ +# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +/* Used to get mask of supported public key signature algorithms */ +# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +/* Use to see if compression is allowed */ +# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +/* EE key in certificate */ +# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +/* CA key in certificate */ +# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +/* CA digest algorithm in certificate */ +# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +/* Peer EE key in certificate */ +# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +/* Peer CA key in certificate */ +# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +/* Peer CA digest algorithm in certificate */ +# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) + +void SSL_set_security_level(SSL *s, int level); +__owur int SSL_get_security_level(const SSL *s); +void SSL_set_security_callback(SSL *s, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, + const SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex); +void SSL_set0_security_ex_data(SSL *s, void *ex); +__owur void *SSL_get0_security_ex_data(const SSL *s); + +void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); +void SSL_CTX_set_security_callback(SSL_CTX *ctx, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, + const SSL_CTX *ctx, + int op, int bits, + int nid, + void *other, + void *ex); +void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); + +/* OPENSSL_INIT flag 0x010000 reserved for internal use */ +# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L +# define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L + +# define OPENSSL_INIT_SSL_DEFAULT \ + (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) + +int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); + +# ifndef OPENSSL_NO_UNIT_TEST +__owur const struct openssl_ssl_test_functions *SSL_test_functions(void); +# endif + +__owur int SSL_free_buffers(SSL *ssl); +__owur int SSL_alloc_buffers(SSL *ssl); + +/* Status codes passed to the decrypt session ticket callback. Some of these + * are for internal use only and are never passed to the callback. */ +typedef int SSL_TICKET_STATUS; + +/* Support for ticket appdata */ +/* fatal error, malloc failure */ +# define SSL_TICKET_FATAL_ERR_MALLOC 0 +/* fatal error, either from parsing or decrypting the ticket */ +# define SSL_TICKET_FATAL_ERR_OTHER 1 +/* No ticket present */ +# define SSL_TICKET_NONE 2 +/* Empty ticket present */ +# define SSL_TICKET_EMPTY 3 +/* the ticket couldn't be decrypted */ +# define SSL_TICKET_NO_DECRYPT 4 +/* a ticket was successfully decrypted */ +# define SSL_TICKET_SUCCESS 5 +/* same as above but the ticket needs to be renewed */ +# define SSL_TICKET_SUCCESS_RENEW 6 + +/* Return codes for the decrypt session ticket callback */ +typedef int SSL_TICKET_RETURN; + +/* An error occurred */ +#define SSL_TICKET_RETURN_ABORT 0 +/* Do not use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE 1 +/* Do not use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE_RENEW 2 +/* Use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE 3 +/* Use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE_RENEW 4 + +typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); +typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, + const unsigned char *keyname, + size_t keyname_length, + SSL_TICKET_STATUS status, + void *arg); +int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, + SSL_CTX_generate_session_ticket_fn gen_cb, + SSL_CTX_decrypt_session_ticket_fn dec_cb, + void *arg); +int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); +int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); + +extern const char SSL_version_str[]; + +typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); + +void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); + + +typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); +void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, + SSL_allow_early_data_cb_fn cb, + void *arg); +void SSL_set_allow_early_data_cb(SSL *s, + SSL_allow_early_data_cb_fn cb, + void *arg); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/ssl2.h b/deps/openssl/mingw64/include/openssl/ssl2.h new file mode 100644 index 00000000..5321bd27 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/ssl2.h @@ -0,0 +1,24 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL2_H +# define HEADER_SSL2_H + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL2_VERSION 0x0002 + +# define SSL2_MT_CLIENT_HELLO 1 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/ssl3.h b/deps/openssl/mingw64/include/openssl/ssl3.h new file mode 100644 index 00000000..8d01fcc4 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/ssl3.h @@ -0,0 +1,339 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL3_H +# define HEADER_SSL3_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) + */ +# define SSL3_CK_SCSV 0x030000FF + +/* + * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) + */ +# define SSL3_CK_FALLBACK_SCSV 0x03005600 + +# define SSL3_CK_RSA_NULL_MD5 0x03000001 +# define SSL3_CK_RSA_NULL_SHA 0x03000002 +# define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +# define SSL3_CK_RSA_RC4_128_MD5 0x03000004 +# define SSL3_CK_RSA_RC4_128_SHA 0x03000005 +# define SSL3_CK_RSA_RC2_40_MD5 0x03000006 +# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 +# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 +# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 +# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A + +# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B +# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C +# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D +# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E +# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F +# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + +# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011 +# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012 +# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013 +# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA +# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014 +# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015 +# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016 +# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA + +# define SSL3_CK_ADH_RC4_40_MD5 0x03000017 +# define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 +# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A +# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define SSL3_RFC_RSA_NULL_MD5 "TLS_RSA_WITH_NULL_MD5" +# define SSL3_RFC_RSA_NULL_SHA "TLS_RSA_WITH_NULL_SHA" +# define SSL3_RFC_RSA_DES_192_CBC3_SHA "TLS_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_ADH_DES_192_CBC_SHA "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_RSA_IDEA_128_SHA "TLS_RSA_WITH_IDEA_CBC_SHA" +# define SSL3_RFC_RSA_RC4_128_MD5 "TLS_RSA_WITH_RC4_128_MD5" +# define SSL3_RFC_RSA_RC4_128_SHA "TLS_RSA_WITH_RC4_128_SHA" +# define SSL3_RFC_ADH_RC4_128_MD5 "TLS_DH_anon_WITH_RC4_128_MD5" + +# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" +# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" +# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" +# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" +# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" +# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" + +# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA" + +/* + * This next block of six "EDH" labels is for backward compatibility with + * older versions of OpenSSL. New code should use the six "DHE" labels above + * instead: + */ +# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" +# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" +# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" + +# define SSL3_SSL_SESSION_ID_LENGTH 32 +# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 + +# define SSL3_MASTER_SECRET_SIZE 48 +# define SSL3_RANDOM_SIZE 32 +# define SSL3_SESSION_ID_SIZE 32 +# define SSL3_RT_HEADER_LENGTH 5 + +# define SSL3_HM_HEADER_LENGTH 4 + +# ifndef SSL3_ALIGN_PAYLOAD + /* + * Some will argue that this increases memory footprint, but it's not + * actually true. Point is that malloc has to return at least 64-bit aligned + * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case. + * Suggested pre-gaping simply moves these wasted bytes from the end of + * allocated region to its front, but makes data payload aligned, which + * improves performance:-) + */ +# define SSL3_ALIGN_PAYLOAD 8 +# else +# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 +# error "insane SSL3_ALIGN_PAYLOAD" +# undef SSL3_ALIGN_PAYLOAD +# endif +# endif + +/* + * This is the maximum MAC (digest) size used by the SSL library. Currently + * maximum of 20 is used by SHA1, but we reserve for future extension for + * 512-bit hashes. + */ + +# define SSL3_RT_MAX_MD_SIZE 64 + +/* + * Maximum block size used in all ciphersuites. Currently 16 for AES. + */ + +# define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 + +# define SSL3_RT_MAX_EXTRA (16384) + +/* Maximum plaintext length: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_PLAIN_LENGTH 16384 +/* Maximum compression overhead: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 + +/* + * The standards give a maximum encryption overhead of 1024 bytes. In + * practice the value is lower than this. The overhead is the maximum number + * of padding bytes (256) plus the mac size. + */ +# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD 256 + +/* + * OpenSSL currently only uses a padding length of at most one block so the + * send overhead is smaller. + */ + +# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ + (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) + +/* If compression isn't used don't include the compression overhead */ + +# ifdef OPENSSL_NO_COMP +# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +# else +# define SSL3_RT_MAX_COMPRESSED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) +# endif +# define SSL3_RT_MAX_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD) +# define SSL3_RT_MAX_PACKET_SIZE \ + (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) + +# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" +# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" + +# define SSL3_VERSION 0x0300 +# define SSL3_VERSION_MAJOR 0x03 +# define SSL3_VERSION_MINOR 0x00 + +# define SSL3_RT_CHANGE_CIPHER_SPEC 20 +# define SSL3_RT_ALERT 21 +# define SSL3_RT_HANDSHAKE 22 +# define SSL3_RT_APPLICATION_DATA 23 +# define DTLS1_RT_HEARTBEAT 24 + +/* Pseudo content types to indicate additional parameters */ +# define TLS1_RT_CRYPTO 0x1000 +# define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) +# define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) +# define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) +# define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) + +# define TLS1_RT_CRYPTO_READ 0x0000 +# define TLS1_RT_CRYPTO_WRITE 0x0100 +# define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) +# define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) +# define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) +# define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) + +/* Pseudo content types for SSL/TLS header info */ +# define SSL3_RT_HEADER 0x100 +# define SSL3_RT_INNER_CONTENT_TYPE 0x101 + +# define SSL3_AL_WARNING 1 +# define SSL3_AL_FATAL 2 + +# define SSL3_AD_CLOSE_NOTIFY 0 +# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ +# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ +# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */ +# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */ +# define SSL3_AD_NO_CERTIFICATE 41 +# define SSL3_AD_BAD_CERTIFICATE 42 +# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +# define SSL3_AD_CERTIFICATE_REVOKED 44 +# define SSL3_AD_CERTIFICATE_EXPIRED 45 +# define SSL3_AD_CERTIFICATE_UNKNOWN 46 +# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ + +# define TLS1_HB_REQUEST 1 +# define TLS1_HB_RESPONSE 2 + + +# define SSL3_CT_RSA_SIGN 1 +# define SSL3_CT_DSS_SIGN 2 +# define SSL3_CT_RSA_FIXED_DH 3 +# define SSL3_CT_DSS_FIXED_DH 4 +# define SSL3_CT_RSA_EPHEMERAL_DH 5 +# define SSL3_CT_DSS_EPHEMERAL_DH 6 +# define SSL3_CT_FORTEZZA_DMS 20 +/* + * SSL3_CT_NUMBER is used to size arrays and it must be large enough to + * contain all of the cert types defined for *either* SSLv3 and TLSv1. + */ +# define SSL3_CT_NUMBER 10 + +# if defined(TLS_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +/* No longer used as of OpenSSL 1.1.1 */ +# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 + +/* Removed from OpenSSL 1.1.0 */ +# define TLS1_FLAGS_TLS_PADDING_BUG 0x0 + +# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 + +/* Set if we encrypt then mac instead of usual mac then encrypt */ +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ 0x0100 +# define TLS1_FLAGS_ENCRYPT_THEN_MAC TLS1_FLAGS_ENCRYPT_THEN_MAC_READ + +/* Set if extended master secret extension received from peer */ +# define TLS1_FLAGS_RECEIVED_EXTMS 0x0200 + +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE 0x0400 + +# define TLS1_FLAGS_STATELESS 0x0800 + +# define SSL3_MT_HELLO_REQUEST 0 +# define SSL3_MT_CLIENT_HELLO 1 +# define SSL3_MT_SERVER_HELLO 2 +# define SSL3_MT_NEWSESSION_TICKET 4 +# define SSL3_MT_END_OF_EARLY_DATA 5 +# define SSL3_MT_ENCRYPTED_EXTENSIONS 8 +# define SSL3_MT_CERTIFICATE 11 +# define SSL3_MT_SERVER_KEY_EXCHANGE 12 +# define SSL3_MT_CERTIFICATE_REQUEST 13 +# define SSL3_MT_SERVER_DONE 14 +# define SSL3_MT_CERTIFICATE_VERIFY 15 +# define SSL3_MT_CLIENT_KEY_EXCHANGE 16 +# define SSL3_MT_FINISHED 20 +# define SSL3_MT_CERTIFICATE_URL 21 +# define SSL3_MT_CERTIFICATE_STATUS 22 +# define SSL3_MT_SUPPLEMENTAL_DATA 23 +# define SSL3_MT_KEY_UPDATE 24 +# ifndef OPENSSL_NO_NEXTPROTONEG +# define SSL3_MT_NEXT_PROTO 67 +# endif +# define SSL3_MT_MESSAGE_HASH 254 +# define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + +/* Dummy message type for handling CCS like a normal handshake message */ +# define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101 + +# define SSL3_MT_CCS 1 + +/* These are used when changing over to a new cipher */ +# define SSL3_CC_READ 0x001 +# define SSL3_CC_WRITE 0x002 +# define SSL3_CC_CLIENT 0x010 +# define SSL3_CC_SERVER 0x020 +# define SSL3_CC_EARLY 0x040 +# define SSL3_CC_HANDSHAKE 0x080 +# define SSL3_CC_APPLICATION 0x100 +# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) +# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/sslerr.h b/deps/openssl/mingw64/include/openssl/sslerr.h new file mode 100644 index 00000000..82983d3c --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/sslerr.h @@ -0,0 +1,773 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSLERR_H +# define HEADER_SSLERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_SSL_strings(void); + +/* + * SSL function codes. + */ +# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT 438 +# define SSL_F_ADD_KEY_SHARE 512 +# define SSL_F_BYTES_TO_CIPHER_LIST 519 +# define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 +# define SSL_F_CIPHERSUITE_CB 622 +# define SSL_F_CONSTRUCT_CA_NAMES 552 +# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 553 +# define SSL_F_CONSTRUCT_STATEFUL_TICKET 636 +# define SSL_F_CONSTRUCT_STATELESS_TICKET 637 +# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 539 +# define SSL_F_CREATE_TICKET_PREQUEL 638 +# define SSL_F_CT_MOVE_SCTS 345 +# define SSL_F_CT_STRICT 349 +# define SSL_F_CUSTOM_EXT_ADD 554 +# define SSL_F_CUSTOM_EXT_PARSE 555 +# define SSL_F_D2I_SSL_SESSION 103 +# define SSL_F_DANE_CTX_ENABLE 347 +# define SSL_F_DANE_MTYPE_SET 393 +# define SSL_F_DANE_TLSA_ADD 394 +# define SSL_F_DERIVE_SECRET_KEY_AND_IV 514 +# define SSL_F_DO_DTLS1_WRITE 245 +# define SSL_F_DO_SSL3_WRITE 104 +# define SSL_F_DTLS1_BUFFER_RECORD 247 +# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 318 +# define SSL_F_DTLS1_HEARTBEAT 305 +# define SSL_F_DTLS1_HM_FRAGMENT_NEW 623 +# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 +# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 +# define SSL_F_DTLS1_PROCESS_RECORD 257 +# define SSL_F_DTLS1_READ_BYTES 258 +# define SSL_F_DTLS1_READ_FAILED 339 +# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 390 +# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 +# define SSL_F_DTLS1_WRITE_BYTES 545 +# define SSL_F_DTLSV1_LISTEN 350 +# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371 +# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 +# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 +# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 +# define SSL_F_DTLS_RECORD_LAYER_NEW 635 +# define SSL_F_DTLS_WAIT_FOR_DRY 592 +# define SSL_F_EARLY_DATA_COUNT_OK 532 +# define SSL_F_FINAL_EARLY_DATA 556 +# define SSL_F_FINAL_EC_PT_FORMATS 485 +# define SSL_F_FINAL_EMS 486 +# define SSL_F_FINAL_KEY_SHARE 503 +# define SSL_F_FINAL_MAXFRAGMENTLEN 557 +# define SSL_F_FINAL_RENEGOTIATE 483 +# define SSL_F_FINAL_SERVER_NAME 558 +# define SSL_F_FINAL_SIG_ALGS 497 +# define SSL_F_GET_CERT_VERIFY_TBS_DATA 588 +# define SSL_F_NSS_KEYLOG_INT 500 +# define SSL_F_OPENSSL_INIT_SSL 342 +# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 436 +# define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION 598 +# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 430 +# define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE 593 +# define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE 594 +# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 +# define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION 599 +# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION 437 +# define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION 600 +# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 431 +# define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 601 +# define SSL_F_OSSL_STATEM_SERVER_POST_WORK 602 +# define SSL_F_OSSL_STATEM_SERVER_PRE_WORK 640 +# define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 603 +# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 +# define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 604 +# define SSL_F_PARSE_CA_NAMES 541 +# define SSL_F_PITEM_NEW 624 +# define SSL_F_PQUEUE_NEW 625 +# define SSL_F_PROCESS_KEY_SHARE_EXT 439 +# define SSL_F_READ_STATE_MACHINE 352 +# define SSL_F_SET_CLIENT_CIPHERSUITE 540 +# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 595 +# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 589 +# define SSL_F_SRP_VERIFY_SERVER_PARAM 596 +# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 +# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 +# define SSL_F_SSL3_CTRL 213 +# define SSL_F_SSL3_CTX_CTRL 133 +# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 +# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 +# define SSL_F_SSL3_ENC 608 +# define SSL_F_SSL3_FINAL_FINISH_MAC 285 +# define SSL_F_SSL3_FINISH_MAC 587 +# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 +# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 +# define SSL_F_SSL3_GET_RECORD 143 +# define SSL_F_SSL3_INIT_FINISHED_MAC 397 +# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 +# define SSL_F_SSL3_READ_BYTES 148 +# define SSL_F_SSL3_READ_N 149 +# define SSL_F_SSL3_SETUP_KEY_BLOCK 157 +# define SSL_F_SSL3_SETUP_READ_BUFFER 156 +# define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 +# define SSL_F_SSL3_WRITE_BYTES 158 +# define SSL_F_SSL3_WRITE_PENDING 159 +# define SSL_F_SSL_ADD_CERT_CHAIN 316 +# define SSL_F_SSL_ADD_CERT_TO_BUF 319 +# define SSL_F_SSL_ADD_CERT_TO_WPACKET 493 +# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 +# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 +# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 +# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 +# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 +# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 +# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 +# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 +# define SSL_F_SSL_BAD_METHOD 160 +# define SSL_F_SSL_BUILD_CERT_CHAIN 332 +# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +# define SSL_F_SSL_CACHE_CIPHERLIST 520 +# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 346 +# define SSL_F_SSL_CERT_DUP 221 +# define SSL_F_SSL_CERT_NEW 162 +# define SSL_F_SSL_CERT_SET0_CHAIN 340 +# define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 +# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO 606 +# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 +# define SSL_F_SSL_CHOOSE_CLIENT_VERSION 607 +# define SSL_F_SSL_CIPHER_DESCRIPTION 626 +# define SSL_F_SSL_CIPHER_LIST_TO_BYTES 425 +# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 +# define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 +# define SSL_F_SSL_CLEAR 164 +# define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT 627 +# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 +# define SSL_F_SSL_CONF_CMD 334 +# define SSL_F_SSL_CREATE_CIPHER_LIST 166 +# define SSL_F_SSL_CTRL 232 +# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 +# define SSL_F_SSL_CTX_ENABLE_CT 398 +# define SSL_F_SSL_CTX_MAKE_PROFILES 309 +# define SSL_F_SSL_CTX_NEW 169 +# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 343 +# define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 +# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 +# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 396 +# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 +# define SSL_F_SSL_CTX_SET_SSL_VERSION 170 +# define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH 551 +# define SSL_F_SSL_CTX_USE_CERTIFICATE 171 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 +# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 +# define SSL_F_SSL_CTX_USE_SERVERINFO 336 +# define SSL_F_SSL_CTX_USE_SERVERINFO_EX 543 +# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 +# define SSL_F_SSL_DANE_DUP 403 +# define SSL_F_SSL_DANE_ENABLE 395 +# define SSL_F_SSL_DERIVE 590 +# define SSL_F_SSL_DO_CONFIG 391 +# define SSL_F_SSL_DO_HANDSHAKE 180 +# define SSL_F_SSL_DUP_CA_LIST 408 +# define SSL_F_SSL_ENABLE_CT 402 +# define SSL_F_SSL_GENERATE_PKEY_GROUP 559 +# define SSL_F_SSL_GENERATE_SESSION_ID 547 +# define SSL_F_SSL_GET_NEW_SESSION 181 +# define SSL_F_SSL_GET_PREV_SESSION 217 +# define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 +# define SSL_F_SSL_GET_SIGN_PKEY 183 +# define SSL_F_SSL_HANDSHAKE_HASH 560 +# define SSL_F_SSL_INIT_WBIO_BUFFER 184 +# define SSL_F_SSL_KEY_UPDATE 515 +# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +# define SSL_F_SSL_LOG_MASTER_SECRET 498 +# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 499 +# define SSL_F_SSL_MODULE_INIT 392 +# define SSL_F_SSL_NEW 186 +# define SSL_F_SSL_NEXT_PROTO_VALIDATE 565 +# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 +# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 +# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 +# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 +# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 +# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 +# define SSL_F_SSL_PEEK 270 +# define SSL_F_SSL_PEEK_EX 432 +# define SSL_F_SSL_PEEK_INTERNAL 522 +# define SSL_F_SSL_READ 223 +# define SSL_F_SSL_READ_EARLY_DATA 529 +# define SSL_F_SSL_READ_EX 434 +# define SSL_F_SSL_READ_INTERNAL 523 +# define SSL_F_SSL_RENEGOTIATE 516 +# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 546 +# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 +# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 +# define SSL_F_SSL_SESSION_DUP 348 +# define SSL_F_SSL_SESSION_NEW 189 +# define SSL_F_SSL_SESSION_PRINT_FP 190 +# define SSL_F_SSL_SESSION_SET1_ID 423 +# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 +# define SSL_F_SSL_SET_ALPN_PROTOS 344 +# define SSL_F_SSL_SET_CERT 191 +# define SSL_F_SSL_SET_CERT_AND_KEY 621 +# define SSL_F_SSL_SET_CIPHER_LIST 271 +# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 399 +# define SSL_F_SSL_SET_FD 192 +# define SSL_F_SSL_SET_PKEY 193 +# define SSL_F_SSL_SET_RFD 194 +# define SSL_F_SSL_SET_SESSION 195 +# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 +# define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 +# define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH 550 +# define SSL_F_SSL_SET_WFD 196 +# define SSL_F_SSL_SHUTDOWN 224 +# define SSL_F_SSL_SRP_CTX_INIT 313 +# define SSL_F_SSL_START_ASYNC_JOB 389 +# define SSL_F_SSL_UNDEFINED_FUNCTION 197 +# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 +# define SSL_F_SSL_USE_CERTIFICATE 198 +# define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 +# define SSL_F_SSL_USE_CERTIFICATE_FILE 200 +# define SSL_F_SSL_USE_PRIVATEKEY 201 +# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 +# define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 +# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 +# define SSL_F_SSL_USE_RSAPRIVATEKEY 204 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 +# define SSL_F_SSL_VALIDATE_CT 400 +# define SSL_F_SSL_VERIFY_CERT_CHAIN 207 +# define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE 616 +# define SSL_F_SSL_WRITE 208 +# define SSL_F_SSL_WRITE_EARLY_DATA 526 +# define SSL_F_SSL_WRITE_EARLY_FINISH 527 +# define SSL_F_SSL_WRITE_EX 433 +# define SSL_F_SSL_WRITE_INTERNAL 524 +# define SSL_F_STATE_MACHINE 353 +# define SSL_F_TLS12_CHECK_PEER_SIGALG 333 +# define SSL_F_TLS12_COPY_SIGALGS 533 +# define SSL_F_TLS13_CHANGE_CIPHER_STATE 440 +# define SSL_F_TLS13_ENC 609 +# define SSL_F_TLS13_FINAL_FINISH_MAC 605 +# define SSL_F_TLS13_GENERATE_SECRET 591 +# define SSL_F_TLS13_HKDF_EXPAND 561 +# define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA 617 +# define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA 618 +# define SSL_F_TLS13_SETUP_KEY_BLOCK 441 +# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 +# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341 +# define SSL_F_TLS1_ENC 401 +# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 +# define SSL_F_TLS1_GET_CURVELIST 338 +# define SSL_F_TLS1_PRF 284 +# define SSL_F_TLS1_SAVE_U16 628 +# define SSL_F_TLS1_SETUP_KEY_BLOCK 211 +# define SSL_F_TLS1_SET_GROUPS 629 +# define SSL_F_TLS1_SET_RAW_SIGALGS 630 +# define SSL_F_TLS1_SET_SERVER_SIGALGS 335 +# define SSL_F_TLS1_SET_SHARED_SIGALGS 631 +# define SSL_F_TLS1_SET_SIGALGS 632 +# define SSL_F_TLS_CHOOSE_SIGALG 513 +# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 +# define SSL_F_TLS_COLLECT_EXTENSIONS 435 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES 542 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS 429 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY 494 +# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY 496 +# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 427 +# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404 +# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405 +# define SSL_F_TLS_CONSTRUCT_CKE_GOST 406 +# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407 +# define SSL_F_TLS_CONSTRUCT_CKE_RSA 409 +# define SSL_F_TLS_CONSTRUCT_CKE_SRP 410 +# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 484 +# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 487 +# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 488 +# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 489 +# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN 466 +# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 355 +# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE 535 +# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA 530 +# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS 467 +# define SSL_F_TLS_CONSTRUCT_CTOS_EMS 468 +# define SSL_F_TLS_CONSTRUCT_CTOS_ETM 469 +# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO 356 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE 357 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 470 +# define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN 549 +# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 471 +# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 472 +# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 619 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK 501 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 509 +# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 473 +# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 474 +# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 475 +# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET 476 +# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS 477 +# define SSL_F_TLS_CONSTRUCT_CTOS_SRP 478 +# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST 479 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS 480 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS 481 +# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP 482 +# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY 358 +# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 443 +# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA 536 +# define SSL_F_TLS_CONSTRUCT_EXTENSIONS 447 +# define SSL_F_TLS_CONSTRUCT_FINISHED 359 +# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 +# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST 510 +# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE 517 +# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428 +# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 426 +# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 490 +# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 491 +# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 492 +# define SSL_F_TLS_CONSTRUCT_STOC_ALPN 451 +# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 374 +# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 613 +# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 452 +# define SSL_F_TLS_CONSTRUCT_STOC_DONE 375 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA 531 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO 525 +# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS 453 +# define SSL_F_TLS_CONSTRUCT_STOC_EMS 454 +# define SSL_F_TLS_CONSTRUCT_STOC_ETM 455 +# define SSL_F_TLS_CONSTRUCT_STOC_HELLO 376 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE 377 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE 456 +# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 548 +# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 457 +# define SSL_F_TLS_CONSTRUCT_STOC_PSK 504 +# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 458 +# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 459 +# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 460 +# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST 461 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS 544 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS 611 +# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP 462 +# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 521 +# define SSL_F_TLS_FINISH_HANDSHAKE 597 +# define SSL_F_TLS_GET_MESSAGE_BODY 351 +# define SSL_F_TLS_GET_MESSAGE_HEADER 387 +# define SSL_F_TLS_HANDLE_ALPN 562 +# define SSL_F_TLS_HANDLE_STATUS_REQUEST 563 +# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 566 +# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 449 +# define SSL_F_TLS_PARSE_CTOS_ALPN 567 +# define SSL_F_TLS_PARSE_CTOS_COOKIE 614 +# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 568 +# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 569 +# define SSL_F_TLS_PARSE_CTOS_EMS 570 +# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 463 +# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 571 +# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 620 +# define SSL_F_TLS_PARSE_CTOS_PSK 505 +# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 572 +# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464 +# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 573 +# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 574 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 575 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT 615 +# define SSL_F_TLS_PARSE_CTOS_SRP 576 +# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 577 +# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 578 +# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465 +# define SSL_F_TLS_PARSE_STOC_ALPN 579 +# define SSL_F_TLS_PARSE_STOC_COOKIE 534 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 538 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528 +# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 580 +# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445 +# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 581 +# define SSL_F_TLS_PARSE_STOC_NPN 582 +# define SSL_F_TLS_PARSE_STOC_PSK 502 +# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448 +# define SSL_F_TLS_PARSE_STOC_SCT 564 +# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 583 +# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 584 +# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 585 +# define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS 612 +# define SSL_F_TLS_PARSE_STOC_USE_SRTP 446 +# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378 +# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384 +# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360 +# define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST 610 +# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 361 +# define SSL_F_TLS_PROCESS_CERT_STATUS 362 +# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY 495 +# define SSL_F_TLS_PROCESS_CERT_VERIFY 379 +# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363 +# define SSL_F_TLS_PROCESS_CKE_DHE 411 +# define SSL_F_TLS_PROCESS_CKE_ECDHE 412 +# define SSL_F_TLS_PROCESS_CKE_GOST 413 +# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 414 +# define SSL_F_TLS_PROCESS_CKE_RSA 415 +# define SSL_F_TLS_PROCESS_CKE_SRP 416 +# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380 +# define SSL_F_TLS_PROCESS_CLIENT_HELLO 381 +# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382 +# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS 444 +# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA 537 +# define SSL_F_TLS_PROCESS_FINISHED 364 +# define SSL_F_TLS_PROCESS_HELLO_REQ 507 +# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST 511 +# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT 442 +# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365 +# define SSL_F_TLS_PROCESS_KEY_UPDATE 518 +# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 366 +# define SSL_F_TLS_PROCESS_NEXT_PROTO 383 +# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367 +# define SSL_F_TLS_PROCESS_SERVER_DONE 368 +# define SSL_F_TLS_PROCESS_SERVER_HELLO 369 +# define SSL_F_TLS_PROCESS_SKE_DHE 419 +# define SSL_F_TLS_PROCESS_SKE_ECDHE 420 +# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 421 +# define SSL_F_TLS_PROCESS_SKE_SRP 422 +# define SSL_F_TLS_PSK_DO_BINDER 506 +# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 450 +# define SSL_F_TLS_SETUP_HANDSHAKE 508 +# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220 +# define SSL_F_WPACKET_INTERN_INIT_LEN 633 +# define SSL_F_WPACKET_START_SUB_PACKET_LEN__ 634 +# define SSL_F_WRITE_STATE_MACHINE 586 + +/* + * SSL reason codes. + */ +# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291 +# define SSL_R_APP_DATA_IN_HANDSHAKE 100 +# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143 +# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 +# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +# define SSL_R_BAD_CIPHER 186 +# define SSL_R_BAD_DATA 390 +# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +# define SSL_R_BAD_DECOMPRESSION 107 +# define SSL_R_BAD_DH_VALUE 102 +# define SSL_R_BAD_DIGEST_LENGTH 111 +# define SSL_R_BAD_EARLY_DATA 233 +# define SSL_R_BAD_ECC_CERT 304 +# define SSL_R_BAD_ECPOINT 306 +# define SSL_R_BAD_EXTENSION 110 +# define SSL_R_BAD_HANDSHAKE_LENGTH 332 +# define SSL_R_BAD_HANDSHAKE_STATE 236 +# define SSL_R_BAD_HELLO_REQUEST 105 +# define SSL_R_BAD_HRR_VERSION 263 +# define SSL_R_BAD_KEY_SHARE 108 +# define SSL_R_BAD_KEY_UPDATE 122 +# define SSL_R_BAD_LEGACY_VERSION 292 +# define SSL_R_BAD_LENGTH 271 +# define SSL_R_BAD_PACKET 240 +# define SSL_R_BAD_PACKET_LENGTH 115 +# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +# define SSL_R_BAD_PSK 219 +# define SSL_R_BAD_PSK_IDENTITY 114 +# define SSL_R_BAD_RECORD_TYPE 443 +# define SSL_R_BAD_RSA_ENCRYPT 119 +# define SSL_R_BAD_SIGNATURE 123 +# define SSL_R_BAD_SRP_A_LENGTH 347 +# define SSL_R_BAD_SRP_PARAMETERS 371 +# define SSL_R_BAD_SRTP_MKI_VALUE 352 +# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 +# define SSL_R_BAD_SSL_FILETYPE 124 +# define SSL_R_BAD_VALUE 384 +# define SSL_R_BAD_WRITE_RETRY 127 +# define SSL_R_BINDER_DOES_NOT_VERIFY 253 +# define SSL_R_BIO_NOT_SET 128 +# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +# define SSL_R_BN_LIB 130 +# define SSL_R_CALLBACK_FAILED 234 +# define SSL_R_CANNOT_CHANGE_CIPHER 109 +# define SSL_R_CA_DN_LENGTH_MISMATCH 131 +# define SSL_R_CA_KEY_TOO_SMALL 397 +# define SSL_R_CA_MD_TOO_WEAK 398 +# define SSL_R_CCS_RECEIVED_EARLY 133 +# define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +# define SSL_R_CERT_CB_ERROR 377 +# define SSL_R_CERT_LENGTH_MISMATCH 135 +# define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED 218 +# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 +# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 +# define SSL_R_CLIENTHELLO_TLSEXT 226 +# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +# define SSL_R_COMPRESSION_DISABLED 343 +# define SSL_R_COMPRESSION_FAILURE 141 +# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 +# define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +# define SSL_R_CONNECTION_TYPE_NOT_SET 144 +# define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 +# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 +# define SSL_R_COOKIE_MISMATCH 308 +# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 +# define SSL_R_DANE_ALREADY_ENABLED 172 +# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 +# define SSL_R_DANE_NOT_ENABLED 175 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE 180 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE 184 +# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH 189 +# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH 192 +# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE 200 +# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY 201 +# define SSL_R_DANE_TLSA_BAD_SELECTOR 202 +# define SSL_R_DANE_TLSA_NULL_DATA 203 +# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 +# define SSL_R_DATA_LENGTH_TOO_LONG 146 +# define SSL_R_DECRYPTION_FAILED 147 +# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 394 +# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 +# define SSL_R_DIGEST_CHECK_FAILED 149 +# define SSL_R_DTLS_MESSAGE_TOO_BIG 334 +# define SSL_R_DUPLICATE_COMPRESSION_ID 309 +# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 +# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 +# define SSL_R_EE_KEY_TOO_SMALL 399 +# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 +# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 +# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 +# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 +# define SSL_R_EXTENSION_NOT_RECEIVED 279 +# define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +# define SSL_R_EXT_LENGTH_MISMATCH 163 +# define SSL_R_FAILED_TO_INIT_ASYNC 405 +# define SSL_R_FRAGMENTED_CLIENT_HELLO 401 +# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +# define SSL_R_HTTPS_PROXY_REQUEST 155 +# define SSL_R_HTTP_REQUEST 156 +# define SSL_R_ILLEGAL_POINT_COMPRESSION 162 +# define SSL_R_ILLEGAL_SUITEB_DIGEST 380 +# define SSL_R_INAPPROPRIATE_FALLBACK 373 +# define SSL_R_INCONSISTENT_COMPRESSION 340 +# define SSL_R_INCONSISTENT_EARLY_DATA_ALPN 222 +# define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231 +# define SSL_R_INCONSISTENT_EXTMS 104 +# define SSL_R_INSUFFICIENT_SECURITY 241 +# define SSL_R_INVALID_ALERT 205 +# define SSL_R_INVALID_CCS_MESSAGE 260 +# define SSL_R_INVALID_CERTIFICATE_OR_ALG 238 +# define SSL_R_INVALID_COMMAND 280 +# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +# define SSL_R_INVALID_CONFIG 283 +# define SSL_R_INVALID_CONFIGURATION_NAME 113 +# define SSL_R_INVALID_CONTEXT 282 +# define SSL_R_INVALID_CT_VALIDATION_TYPE 212 +# define SSL_R_INVALID_KEY_UPDATE_TYPE 120 +# define SSL_R_INVALID_MAX_EARLY_DATA 174 +# define SSL_R_INVALID_NULL_CMD_NAME 385 +# define SSL_R_INVALID_SEQUENCE_NUMBER 402 +# define SSL_R_INVALID_SERVERINFO_DATA 388 +# define SSL_R_INVALID_SESSION_ID 999 +# define SSL_R_INVALID_SRP_USERNAME 357 +# define SSL_R_INVALID_STATUS_RESPONSE 328 +# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 +# define SSL_R_LENGTH_MISMATCH 159 +# define SSL_R_LENGTH_TOO_LONG 404 +# define SSL_R_LENGTH_TOO_SHORT 160 +# define SSL_R_LIBRARY_BUG 274 +# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +# define SSL_R_MISSING_DSA_SIGNING_CERT 165 +# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 +# define SSL_R_MISSING_FATAL 256 +# define SSL_R_MISSING_PARAMETERS 290 +# define SSL_R_MISSING_RSA_CERTIFICATE 168 +# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 +# define SSL_R_MISSING_RSA_SIGNING_CERT 170 +# define SSL_R_MISSING_SIGALGS_EXTENSION 112 +# define SSL_R_MISSING_SIGNING_CERT 221 +# define SSL_R_MISSING_SRP_PARAM 358 +# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209 +# define SSL_R_MISSING_TMP_DH_KEY 171 +# define SSL_R_MISSING_TMP_ECDH_KEY 311 +# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 +# define SSL_R_NOT_ON_RECORD_BOUNDARY 182 +# define SSL_R_NOT_REPLACING_CERTIFICATE 289 +# define SSL_R_NOT_SERVER 284 +# define SSL_R_NO_APPLICATION_PROTOCOL 235 +# define SSL_R_NO_CERTIFICATES_RETURNED 176 +# define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +# define SSL_R_NO_CERTIFICATE_SET 179 +# define SSL_R_NO_CHANGE_FOLLOWING_HRR 214 +# define SSL_R_NO_CIPHERS_AVAILABLE 181 +# define SSL_R_NO_CIPHERS_SPECIFIED 183 +# define SSL_R_NO_CIPHER_MATCH 185 +# define SSL_R_NO_CLIENT_CERT_METHOD 331 +# define SSL_R_NO_COMPRESSION_SPECIFIED 187 +# define SSL_R_NO_COOKIE_CALLBACK_SET 287 +# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 +# define SSL_R_NO_METHOD_SPECIFIED 188 +# define SSL_R_NO_PEM_EXTENSIONS 389 +# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +# define SSL_R_NO_PROTOCOLS_AVAILABLE 191 +# define SSL_R_NO_RENEGOTIATION 339 +# define SSL_R_NO_REQUIRED_DIGEST 324 +# define SSL_R_NO_SHARED_CIPHER 193 +# define SSL_R_NO_SHARED_GROUPS 410 +# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 +# define SSL_R_NO_SRTP_PROFILES 359 +# define SSL_R_NO_SUITABLE_KEY_SHARE 101 +# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 118 +# define SSL_R_NO_VALID_SCTS 216 +# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 +# define SSL_R_NULL_SSL_CTX 195 +# define SSL_R_NULL_SSL_METHOD_PASSED 196 +# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +# define SSL_R_OVERFLOW_ERROR 237 +# define SSL_R_PACKET_LENGTH_TOO_LONG 198 +# define SSL_R_PARSE_TLSEXT 227 +# define SSL_R_PATH_TOO_LONG 270 +# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 +# define SSL_R_PEM_NAME_BAD_PREFIX 391 +# define SSL_R_PEM_NAME_TOO_SHORT 392 +# define SSL_R_PIPELINE_FAILURE 406 +# define SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR 278 +# define SSL_R_PRIVATE_KEY_MISMATCH 288 +# define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +# define SSL_R_PSK_IDENTITY_NOT_FOUND 223 +# define SSL_R_PSK_NO_CLIENT_CB 224 +# define SSL_R_PSK_NO_SERVER_CB 225 +# define SSL_R_READ_BIO_NOT_SET 211 +# define SSL_R_READ_TIMEOUT_EXPIRED 312 +# define SSL_R_RECORD_LENGTH_MISMATCH 213 +# define SSL_R_RECORD_TOO_SMALL 298 +# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 +# define SSL_R_RENEGOTIATION_ENCODING_ERR 336 +# define SSL_R_RENEGOTIATION_MISMATCH 337 +# define SSL_R_REQUEST_PENDING 285 +# define SSL_R_REQUEST_SENT 286 +# define SSL_R_REQUIRED_CIPHER_MISSING 215 +# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 +# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +# define SSL_R_SCT_VERIFICATION_FAILED 208 +# define SSL_R_SERVERHELLO_TLSEXT 275 +# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 +# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 +# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +# define SSL_R_SRP_A_CALC 361 +# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 +# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 +# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 +# define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 +# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 +# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 +# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 +# define SSL_R_SSL_HANDSHAKE_FAILURE 229 +# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +# define SSL_R_SSL_NEGATIVE_LENGTH 372 +# define SSL_R_SSL_SECTION_EMPTY 126 +# define SSL_R_SSL_SECTION_NOT_FOUND 136 +# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +# define SSL_R_SSL_SESSION_ID_CONFLICT 302 +# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 +# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +# define SSL_R_SSL_SESSION_ID_TOO_LONG 408 +# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 +# define SSL_R_STILL_IN_INIT 121 +# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 +# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 +# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 +# define SSL_R_TLS_HEARTBEAT_PENDING 366 +# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 +# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_KEY_UPDATES 132 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 +# define SSL_R_TOO_MUCH_EARLY_DATA 164 +# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 +# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 +# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 +# define SSL_R_UNEXPECTED_CCS_MESSAGE 262 +# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 +# define SSL_R_UNEXPECTED_MESSAGE 244 +# define SSL_R_UNEXPECTED_RECORD 245 +# define SSL_R_UNINITIALIZED 276 +# define SSL_R_UNKNOWN_ALERT_TYPE 246 +# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 +# define SSL_R_UNKNOWN_CIPHER_RETURNED 248 +# define SSL_R_UNKNOWN_CIPHER_TYPE 249 +# define SSL_R_UNKNOWN_CMD_NAME 386 +# define SSL_R_UNKNOWN_COMMAND 139 +# define SSL_R_UNKNOWN_DIGEST 368 +# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +# define SSL_R_UNKNOWN_PKEY_TYPE 251 +# define SSL_R_UNKNOWN_PROTOCOL 252 +# define SSL_R_UNKNOWN_SSL_VERSION 254 +# define SSL_R_UNKNOWN_STATE 255 +# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 +# define SSL_R_UNSOLICITED_EXTENSION 217 +# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +# define SSL_R_UNSUPPORTED_PROTOCOL 258 +# define SSL_R_UNSUPPORTED_SSL_VERSION 259 +# define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +# define SSL_R_VERSION_TOO_HIGH 166 +# define SSL_R_VERSION_TOO_LOW 396 +# define SSL_R_WRONG_CERTIFICATE_TYPE 383 +# define SSL_R_WRONG_CIPHER_RETURNED 261 +# define SSL_R_WRONG_CURVE 378 +# define SSL_R_WRONG_SIGNATURE_LENGTH 264 +# define SSL_R_WRONG_SIGNATURE_SIZE 265 +# define SSL_R_WRONG_SIGNATURE_TYPE 370 +# define SSL_R_WRONG_SSL_VERSION 266 +# define SSL_R_WRONG_VERSION_NUMBER 267 +# define SSL_R_X509_LIB 268 +# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/stack.h b/deps/openssl/mingw64/include/openssl/stack.h new file mode 100644 index 00000000..cfc07505 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/stack.h @@ -0,0 +1,83 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_STACK_H +# define HEADER_STACK_H + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */ + +typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); +typedef void (*OPENSSL_sk_freefunc)(void *); +typedef void *(*OPENSSL_sk_copyfunc)(const void *); + +int OPENSSL_sk_num(const OPENSSL_STACK *); +void *OPENSSL_sk_value(const OPENSSL_STACK *, int); + +void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data); + +OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_new_null(void); +OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n); +int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n); +void OPENSSL_sk_free(OPENSSL_STACK *); +void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *)); +OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, + OPENSSL_sk_copyfunc c, + OPENSSL_sk_freefunc f); +int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where); +void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc); +void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p); +int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data); +void *OPENSSL_sk_shift(OPENSSL_STACK *st); +void *OPENSSL_sk_pop(OPENSSL_STACK *st); +void OPENSSL_sk_zero(OPENSSL_STACK *st); +OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, + OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st); +void OPENSSL_sk_sort(OPENSSL_STACK *st); +int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define _STACK OPENSSL_STACK +# define sk_num OPENSSL_sk_num +# define sk_value OPENSSL_sk_value +# define sk_set OPENSSL_sk_set +# define sk_new OPENSSL_sk_new +# define sk_new_null OPENSSL_sk_new_null +# define sk_free OPENSSL_sk_free +# define sk_pop_free OPENSSL_sk_pop_free +# define sk_deep_copy OPENSSL_sk_deep_copy +# define sk_insert OPENSSL_sk_insert +# define sk_delete OPENSSL_sk_delete +# define sk_delete_ptr OPENSSL_sk_delete_ptr +# define sk_find OPENSSL_sk_find +# define sk_find_ex OPENSSL_sk_find_ex +# define sk_push OPENSSL_sk_push +# define sk_unshift OPENSSL_sk_unshift +# define sk_shift OPENSSL_sk_shift +# define sk_pop OPENSSL_sk_pop +# define sk_zero OPENSSL_sk_zero +# define sk_set_cmp_func OPENSSL_sk_set_cmp_func +# define sk_dup OPENSSL_sk_dup +# define sk_sort OPENSSL_sk_sort +# define sk_is_sorted OPENSSL_sk_is_sorted +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/store.h b/deps/openssl/mingw64/include/openssl/store.h new file mode 100644 index 00000000..a40a7339 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/store.h @@ -0,0 +1,266 @@ +/* + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OSSL_STORE_H +# define HEADER_OSSL_STORE_H + +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * The main OSSL_STORE functions. + * ------------------------------ + * + * These allow applications to open a channel to a resource with supported + * data (keys, certs, crls, ...), read the data a piece at a time and decide + * what to do with it, and finally close. + */ + +typedef struct ossl_store_ctx_st OSSL_STORE_CTX; + +/* + * Typedef for the OSSL_STORE_INFO post processing callback. This can be used + * to massage the given OSSL_STORE_INFO, or to drop it entirely (by returning + * NULL). + */ +typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, + void *); + +/* + * Open a channel given a URI. The given UI method will be used any time the + * loader needs extra input, for example when a password or pin is needed, and + * will be passed the same user data every time it's needed in this context. + * + * Returns a context reference which represents the channel to communicate + * through. + */ +OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, + void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); + +/* + * Control / fine tune the OSSL_STORE channel. |cmd| determines what is to be + * done, and depends on the underlying loader (use OSSL_STORE_get0_scheme to + * determine which loader is used), except for common commands (see below). + * Each command takes different arguments. + */ +int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); +int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args); + +/* + * Common ctrl commands that different loaders may choose to support. + */ +/* int on = 0 or 1; STORE_ctrl(ctx, STORE_C_USE_SECMEM, &on); */ +# define OSSL_STORE_C_USE_SECMEM 1 +/* Where custom commands start */ +# define OSSL_STORE_C_CUSTOM_START 100 + +/* + * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE + * functionality, given a context. + * Returns a OSSL_STORE_INFO pointer, from which OpenSSL typed data can be + * extracted with OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), ... + * NULL is returned on error, which may include that the data found at the URI + * can't be figured out for certain or is ambiguous. + */ +OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); + +/* + * Check if end of data (end of file) is reached + * Returns 1 on end, 0 otherwise. + */ +int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); + +/* + * Check if an error occurred + * Returns 1 if it did, 0 otherwise. + */ +int OSSL_STORE_error(OSSL_STORE_CTX *ctx); + +/* + * Close the channel + * Returns 1 on success, 0 on error. + */ +int OSSL_STORE_close(OSSL_STORE_CTX *ctx); + + +/*- + * Extracting OpenSSL types from and creating new OSSL_STORE_INFOs + * --------------------------------------------------------------- + */ + +/* + * Types of data that can be ossl_stored in a OSSL_STORE_INFO. + * OSSL_STORE_INFO_NAME is typically found when getting a listing of + * available "files" / "tokens" / what have you. + */ +# define OSSL_STORE_INFO_NAME 1 /* char * */ +# define OSSL_STORE_INFO_PARAMS 2 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_PKEY 3 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_CERT 4 /* X509 * */ +# define OSSL_STORE_INFO_CRL 5 /* X509_CRL * */ + +/* + * Functions to generate OSSL_STORE_INFOs, one function for each type we + * support having in them, as well as a generic constructor. + * + * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO + * and will therefore be freed when the OSSL_STORE_INFO is freed. + */ +OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); +int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); + +/* + * Functions to try to extract data from a OSSL_STORE_INFO. + */ +int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info); + +const char *OSSL_STORE_INFO_type_string(int type); + +/* + * Free the OSSL_STORE_INFO + */ +void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info); + + +/*- + * Functions to construct a search URI from a base URI and search criteria + * ----------------------------------------------------------------------- + */ + +/* OSSL_STORE search types */ +# define OSSL_STORE_SEARCH_BY_NAME 1 /* subject in certs, issuer in CRLs */ +# define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 2 +# define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 3 +# define OSSL_STORE_SEARCH_BY_ALIAS 4 + +/* To check what search types the scheme handler supports */ +int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type); + +/* Search term constructors */ +/* + * The input is considered to be owned by the caller, and must therefore + * remain present throughout the lifetime of the returned OSSL_STORE_SEARCH + */ +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, + const ASN1_INTEGER + *serial); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, + const unsigned char + *bytes, size_t len); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); + +/* Search term destructor */ +void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); + +/* Search term accessors */ +int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); +X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion); +const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH + *criterion); +const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH + *criterion, size_t *length); +const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); +const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion); + +/* + * Add search criterion and expected return type (which can be unspecified) + * to the loading channel. This MUST happen before the first OSSL_STORE_load(). + */ +int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); +int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); + + +/*- + * Function to register a loader for the given URI scheme. + * ------------------------------------------------------- + * + * The loader receives all the main components of an URI except for the + * scheme. + */ + +typedef struct ossl_store_loader_st OSSL_STORE_LOADER; +OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); +const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader); +const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); +/* struct ossl_store_loader_ctx_st is defined differently by each loader */ +typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const OSSL_STORE_LOADER + *loader, + const char *uri, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, + OSSL_STORE_open_fn open_function); +typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, + va_list args); +int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, + OSSL_STORE_ctrl_fn ctrl_function); +typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); +int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, + OSSL_STORE_expect_fn expect_function); +typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, + OSSL_STORE_SEARCH *criteria); +int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, + OSSL_STORE_find_fn find_function); +typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, + OSSL_STORE_load_fn load_function); +typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, + OSSL_STORE_eof_fn eof_function); +typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, + OSSL_STORE_error_fn error_function); +typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, + OSSL_STORE_close_fn close_function); +void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); + +int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); +OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); + +/*- + * Functions to list STORE loaders + * ------------------------------- + */ +int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER + *loader, void *do_arg), + void *do_arg); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/storeerr.h b/deps/openssl/mingw64/include/openssl/storeerr.h new file mode 100644 index 00000000..190eab07 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/storeerr.h @@ -0,0 +1,91 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OSSL_STOREERR_H +# define HEADER_OSSL_STOREERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OSSL_STORE_strings(void); + +/* + * OSSL_STORE function codes. + */ +# define OSSL_STORE_F_FILE_CTRL 129 +# define OSSL_STORE_F_FILE_FIND 138 +# define OSSL_STORE_F_FILE_GET_PASS 118 +# define OSSL_STORE_F_FILE_LOAD 119 +# define OSSL_STORE_F_FILE_LOAD_TRY_DECODE 124 +# define OSSL_STORE_F_FILE_NAME_TO_URI 126 +# define OSSL_STORE_F_FILE_OPEN 120 +# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO 127 +# define OSSL_STORE_F_OSSL_STORE_EXPECT 130 +# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT 128 +# define OSSL_STORE_F_OSSL_STORE_FIND 131 +# define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT 100 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT 101 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL 102 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME 103 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 135 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS 104 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY 105 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT 106 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL 107 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED 123 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME 109 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS 110 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY 111 +# define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 134 +# define OSSL_STORE_F_OSSL_STORE_INIT_ONCE 112 +# define OSSL_STORE_F_OSSL_STORE_LOADER_NEW 113 +# define OSSL_STORE_F_OSSL_STORE_OPEN 114 +# define OSSL_STORE_F_OSSL_STORE_OPEN_INT 115 +# define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT 117 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS 132 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 133 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 136 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME 137 +# define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT 116 +# define OSSL_STORE_F_TRY_DECODE_PARAMS 121 +# define OSSL_STORE_F_TRY_DECODE_PKCS12 122 +# define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED 125 + +/* + * OSSL_STORE reason codes. + */ +# define OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE 107 +# define OSSL_STORE_R_BAD_PASSWORD_READ 115 +# define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC 113 +# define OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST 121 +# define OSSL_STORE_R_INVALID_SCHEME 106 +# define OSSL_STORE_R_IS_NOT_A 112 +# define OSSL_STORE_R_LOADER_INCOMPLETE 116 +# define OSSL_STORE_R_LOADING_STARTED 117 +# define OSSL_STORE_R_NOT_A_CERTIFICATE 100 +# define OSSL_STORE_R_NOT_A_CRL 101 +# define OSSL_STORE_R_NOT_A_KEY 102 +# define OSSL_STORE_R_NOT_A_NAME 103 +# define OSSL_STORE_R_NOT_PARAMETERS 104 +# define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR 114 +# define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE 108 +# define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119 +# define OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 109 +# define OSSL_STORE_R_UNREGISTERED_SCHEME 105 +# define OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE 110 +# define OSSL_STORE_R_UNSUPPORTED_OPERATION 118 +# define OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE 120 +# define OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED 111 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/symhacks.h b/deps/openssl/mingw64/include/openssl/symhacks.h new file mode 100644 index 00000000..156ea6e4 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/symhacks.h @@ -0,0 +1,37 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SYMHACKS_H +# define HEADER_SYMHACKS_H + +# include + +/* Case insensitive linking causes problems.... */ +# if defined(OPENSSL_SYS_VMS) +# undef ERR_load_CRYPTO_strings +# define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings +# undef OCSP_crlID_new +# define OCSP_crlID_new OCSP_crlID2_new + +# undef d2i_ECPARAMETERS +# define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +# undef i2d_ECPARAMETERS +# define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +# undef d2i_ECPKPARAMETERS +# define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +# undef i2d_ECPKPARAMETERS +# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS + +/* This one clashes with CMS_data_create */ +# undef cms_Data_create +# define cms_Data_create priv_cms_Data_create + +# endif + +#endif /* ! defined HEADER_VMS_IDHACKS_H */ diff --git a/deps/openssl/mingw64/include/openssl/tls1.h b/deps/openssl/mingw64/include/openssl/tls1.h new file mode 100644 index 00000000..76d9fda4 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/tls1.h @@ -0,0 +1,1237 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TLS1_H +# define HEADER_TLS1_H + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Default security level if not overridden at config time */ +# ifndef OPENSSL_TLS_SECURITY_LEVEL +# define OPENSSL_TLS_SECURITY_LEVEL 1 +# endif + +# define TLS1_VERSION 0x0301 +# define TLS1_1_VERSION 0x0302 +# define TLS1_2_VERSION 0x0303 +# define TLS1_3_VERSION 0x0304 +# define TLS_MAX_VERSION TLS1_3_VERSION + +/* Special value for method supporting multiple versions */ +# define TLS_ANY_VERSION 0x10000 + +# define TLS1_VERSION_MAJOR 0x03 +# define TLS1_VERSION_MINOR 0x01 + +# define TLS1_1_VERSION_MAJOR 0x03 +# define TLS1_1_VERSION_MINOR 0x02 + +# define TLS1_2_VERSION_MAJOR 0x03 +# define TLS1_2_VERSION_MINOR 0x03 + +# define TLS1_get_version(s) \ + ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0) + +# define TLS1_get_client_version(s) \ + ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0) + +# define TLS1_AD_DECRYPTION_FAILED 21 +# define TLS1_AD_RECORD_OVERFLOW 22 +# define TLS1_AD_UNKNOWN_CA 48/* fatal */ +# define TLS1_AD_ACCESS_DENIED 49/* fatal */ +# define TLS1_AD_DECODE_ERROR 50/* fatal */ +# define TLS1_AD_DECRYPT_ERROR 51 +# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ +# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ +# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ +# define TLS1_AD_INTERNAL_ERROR 80/* fatal */ +# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ +# define TLS1_AD_USER_CANCELLED 90 +# define TLS1_AD_NO_RENEGOTIATION 100 +/* TLSv1.3 alerts */ +# define TLS13_AD_MISSING_EXTENSION 109 /* fatal */ +# define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */ +/* codes 110-114 are from RFC3546 */ +# define TLS1_AD_UNSUPPORTED_EXTENSION 110 +# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +# define TLS1_AD_UNRECOGNIZED_NAME 112 +# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ +# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ + +/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ +# define TLSEXT_TYPE_server_name 0 +# define TLSEXT_TYPE_max_fragment_length 1 +# define TLSEXT_TYPE_client_certificate_url 2 +# define TLSEXT_TYPE_trusted_ca_keys 3 +# define TLSEXT_TYPE_truncated_hmac 4 +# define TLSEXT_TYPE_status_request 5 +/* ExtensionType values from RFC4681 */ +# define TLSEXT_TYPE_user_mapping 6 +/* ExtensionType values from RFC5878 */ +# define TLSEXT_TYPE_client_authz 7 +# define TLSEXT_TYPE_server_authz 8 +/* ExtensionType values from RFC6091 */ +# define TLSEXT_TYPE_cert_type 9 + +/* ExtensionType values from RFC4492 */ +/* + * Prior to TLSv1.3 the supported_groups extension was known as + * elliptic_curves + */ +# define TLSEXT_TYPE_supported_groups 10 +# define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups +# define TLSEXT_TYPE_ec_point_formats 11 + + +/* ExtensionType value from RFC5054 */ +# define TLSEXT_TYPE_srp 12 + +/* ExtensionType values from RFC5246 */ +# define TLSEXT_TYPE_signature_algorithms 13 + +/* ExtensionType value from RFC5764 */ +# define TLSEXT_TYPE_use_srtp 14 + +/* ExtensionType value from RFC5620 */ +# define TLSEXT_TYPE_heartbeat 15 + +/* ExtensionType value from RFC7301 */ +# define TLSEXT_TYPE_application_layer_protocol_negotiation 16 + +/* + * Extension type for Certificate Transparency + * https://tools.ietf.org/html/rfc6962#section-3.3.1 + */ +# define TLSEXT_TYPE_signed_certificate_timestamp 18 + +/* + * ExtensionType value for TLS padding extension. + * http://tools.ietf.org/html/draft-agl-tls-padding + */ +# define TLSEXT_TYPE_padding 21 + +/* ExtensionType value from RFC7366 */ +# define TLSEXT_TYPE_encrypt_then_mac 22 + +/* ExtensionType value from RFC7627 */ +# define TLSEXT_TYPE_extended_master_secret 23 + +/* ExtensionType value from RFC4507 */ +# define TLSEXT_TYPE_session_ticket 35 + +/* As defined for TLS1.3 */ +# define TLSEXT_TYPE_psk 41 +# define TLSEXT_TYPE_early_data 42 +# define TLSEXT_TYPE_supported_versions 43 +# define TLSEXT_TYPE_cookie 44 +# define TLSEXT_TYPE_psk_kex_modes 45 +# define TLSEXT_TYPE_certificate_authorities 47 +# define TLSEXT_TYPE_post_handshake_auth 49 +# define TLSEXT_TYPE_signature_algorithms_cert 50 +# define TLSEXT_TYPE_key_share 51 + +/* Temporary extension type */ +# define TLSEXT_TYPE_renegotiate 0xff01 + +# ifndef OPENSSL_NO_NEXTPROTONEG +/* This is not an IANA defined extension number */ +# define TLSEXT_TYPE_next_proto_neg 13172 +# endif + +/* NameType value from RFC3546 */ +# define TLSEXT_NAMETYPE_host_name 0 +/* status request value from RFC3546 */ +# define TLSEXT_STATUSTYPE_ocsp 1 + +/* ECPointFormat values from RFC4492 */ +# define TLSEXT_ECPOINTFORMAT_first 0 +# define TLSEXT_ECPOINTFORMAT_uncompressed 0 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 +# define TLSEXT_ECPOINTFORMAT_last 2 + +/* Signature and hash algorithms from RFC5246 */ +# define TLSEXT_signature_anonymous 0 +# define TLSEXT_signature_rsa 1 +# define TLSEXT_signature_dsa 2 +# define TLSEXT_signature_ecdsa 3 +# define TLSEXT_signature_gostr34102001 237 +# define TLSEXT_signature_gostr34102012_256 238 +# define TLSEXT_signature_gostr34102012_512 239 + +/* Total number of different signature algorithms */ +# define TLSEXT_signature_num 7 + +# define TLSEXT_hash_none 0 +# define TLSEXT_hash_md5 1 +# define TLSEXT_hash_sha1 2 +# define TLSEXT_hash_sha224 3 +# define TLSEXT_hash_sha256 4 +# define TLSEXT_hash_sha384 5 +# define TLSEXT_hash_sha512 6 +# define TLSEXT_hash_gostr3411 237 +# define TLSEXT_hash_gostr34112012_256 238 +# define TLSEXT_hash_gostr34112012_512 239 + +/* Total number of different digest algorithms */ + +# define TLSEXT_hash_num 10 + +/* Flag set for unrecognised algorithms */ +# define TLSEXT_nid_unknown 0x1000000 + +/* ECC curves */ + +# define TLSEXT_curve_P_256 23 +# define TLSEXT_curve_P_384 24 + +/* OpenSSL value to disable maximum fragment length extension */ +# define TLSEXT_max_fragment_length_DISABLED 0 +/* Allowed values for max fragment length extension */ +# define TLSEXT_max_fragment_length_512 1 +# define TLSEXT_max_fragment_length_1024 2 +# define TLSEXT_max_fragment_length_2048 3 +# define TLSEXT_max_fragment_length_4096 4 + +int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); +int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); + +# define TLSEXT_MAXLEN_host_name 255 + +__owur const char *SSL_get_servername(const SSL *s, const int type); +__owur int SSL_get_servername_type(const SSL *s); +/* + * SSL_export_keying_material exports a value derived from the master secret, + * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + * optional context. (Since a zero length context is allowed, the |use_context| + * flag controls whether a context is included.) It returns 1 on success and + * 0 or -1 otherwise. + */ +__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); + +/* + * SSL_export_keying_material_early exports a value derived from the + * early exporter master secret, as specified in + * https://tools.ietf.org/html/draft-ietf-tls-tls13-23. It writes + * |olen| bytes to |out| given a label and optional context. It + * returns 1 on success and 0 otherwise. + */ +__owur int SSL_export_keying_material_early(SSL *s, unsigned char *out, + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); + +int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid); +int SSL_get_signature_type_nid(const SSL *s, int *pnid); + +int SSL_get_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +int SSL_get_shared_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); + +# define SSL_set_tlsext_host_name(s,name) \ + SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,\ + (void *)name) + +# define SSL_set_tlsext_debug_callback(ssl, cb) \ + SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,\ + (void (*)(void))cb) + +# define SSL_set_tlsext_debug_arg(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0,arg) + +# define SSL_get_tlsext_status_type(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# define SSL_set_tlsext_status_type(ssl, type) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_get_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_set_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_get_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_set_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0,arg) + +# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen,arg) + +# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ + SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,\ + (void (*)(void))cb) + +# define SSL_TLSEXT_ERR_OK 0 +# define SSL_TLSEXT_ERR_ALERT_WARNING 1 +# define SSL_TLSEXT_ERR_ALERT_FATAL 2 +# define SSL_TLSEXT_ERR_NOACK 3 + +# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0,arg) + +# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_TICKET_KEYS,keylen,keys) +# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_TICKET_KEYS,keylen,keys) + +# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0,(void *)cb) +# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,\ + (void (*)(void))cb) + +# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) +# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) + +# define SSL_CTX_set_tlsext_status_type(ssl, type) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_CTX_get_tlsext_status_type(ssl) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,\ + (void (*)(void))cb) + +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_DTLSEXT_HB_ENABLED 0x01 +# define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS 0x02 +# define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS 0x04 +# define SSL_get_dtlsext_heartbeat_pending(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL) +# define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \ + SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT +# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \ + SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING +# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \ + SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS +# define SSL_TLSEXT_HB_ENABLED \ + SSL_DTLSEXT_HB_ENABLED +# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \ + SSL_DTLSEXT_HB_DONT_SEND_REQUESTS +# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \ + SSL_DTLSEXT_HB_DONT_RECV_REQUESTS +# define SSL_get_tlsext_heartbeat_pending(ssl) \ + SSL_get_dtlsext_heartbeat_pending(ssl) +# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ + SSL_set_dtlsext_heartbeat_no_requests(ssl,arg) +# endif +# endif + +/* PSK ciphersuites from 4279 */ +# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A +# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D +# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E +# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091 +# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092 +# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095 + +/* PSK ciphersuites from 5487 */ +# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 +# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256 0x030000AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB +# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC +# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF +# define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0 +# define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E + +/* AES ciphersuites from RFC3268 */ +# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 +# define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 +# define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 +# define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B +# define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C +# define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B +# define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C +# define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +# define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +# define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +# define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +# define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +# define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C +# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D +# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E +# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F +# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 +# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 +# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 +# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 +# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 +# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 +# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 +# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_CK_RSA_WITH_AES_128_CCM 0x0300C09C +# define TLS1_CK_RSA_WITH_AES_256_CCM 0x0300C09D +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM 0x0300C09E +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM 0x0300C09F +# define TLS1_CK_RSA_WITH_AES_128_CCM_8 0x0300C0A0 +# define TLS1_CK_RSA_WITH_AES_256_CCM_8 0x0300C0A1 +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8 0x0300C0A2 +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8 0x0300C0A3 +# define TLS1_CK_PSK_WITH_AES_128_CCM 0x0300C0A4 +# define TLS1_CK_PSK_WITH_AES_256_CCM 0x0300C0A5 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM 0x0300C0A6 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM 0x0300C0A7 +# define TLS1_CK_PSK_WITH_AES_128_CCM_8 0x0300C0A8 +# define TLS1_CK_PSK_WITH_AES_256_CCM_8 0x0300C0A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8 0x0300C0AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8 0x0300C0AB + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8 0x0300C0AE +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8 0x0300C0AF + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF + +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 + +# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A + +# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F + +# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 + +# define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 + +/* SRP ciphersuites from RFC 5054 */ +# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A +# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B +# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C +# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F +# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 + +/* ECDHE PSK ciphersuites from RFC5489 */ +# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA 0x0300C033 +# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300C034 +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 + +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072 +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C074 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C075 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C076 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C077 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079 + +# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094 +# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099 +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 +# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 +# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA +# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305 0x0300CCAB +# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAC +# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD +# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE + +/* TLS v1.3 ciphersuites */ +# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 +# define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 +# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 +# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 +# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050 +# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051 +# define TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C052 +# define TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C053 +# define TLS1_CK_DH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C054 +# define TLS1_CK_DH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C055 +# define TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C056 +# define TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C057 +# define TLS1_CK_DH_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C058 +# define TLS1_CK_DH_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C059 +# define TLS1_CK_DH_anon_WITH_ARIA_128_GCM_SHA256 0x0300C05A +# define TLS1_CK_DH_anon_WITH_ARIA_256_GCM_SHA384 0x0300C05B +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05C +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05D +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05E +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05F +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C060 +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C061 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C062 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C063 +# define TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06A +# define TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06B +# define TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06C +# define TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06D +# define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06E +# define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06F + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_128_SHA "TLS_DH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_WITH_AES_256_SHA "TLS_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_256_SHA "TLS_DH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_NULL_SHA256 "TLS_RSA_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_SHA256 "TLS_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_SHA256 "TLS_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_128_SHA256 "TLS_DH_anon_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_SHA256 "TLS_DH_anon_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256 "TLS_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384 "TLS_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256 "TLS_DH_anon_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384 "TLS_DH_anon_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_WITH_AES_128_CCM "TLS_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_RSA_WITH_AES_256_CCM "TLS_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM "TLS_DHE_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM "TLS_DHE_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_RSA_WITH_AES_128_CCM_8 "TLS_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_RSA_WITH_AES_256_CCM_8 "TLS_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8 "TLS_DHE_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8 "TLS_DHE_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_128_CCM "TLS_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_PSK_WITH_AES_256_CCM "TLS_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM "TLS_DHE_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM "TLS_DHE_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_PSK_WITH_AES_128_CCM_8 "TLS_PSK_WITH_AES_128_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_256_CCM_8 "TLS_PSK_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8 "TLS_PSK_DHE_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8 "TLS_PSK_DHE_WITH_AES_256_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" +# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" +# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" +# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" +# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA "TLS_ECDHE_RSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA "TLS_ECDH_anon_WITH_NULL_SHA" +# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA "TLS_PSK_WITH_NULL_SHA" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA "TLS_DHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA "TLS_RSA_PSK_WITH_NULL_SHA" +# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA "TLS_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA "TLS_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA "TLS_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256 "TLS_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384 "TLS_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256 "TLS_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384 "TLS_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA256 "TLS_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_PSK_WITH_NULL_SHA384 "TLS_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256 "TLS_DHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384 "TLS_DHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256 "TLS_RSA_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384 "TLS_RSA_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA "TLS_ECDHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256 "TLS_ECDHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384 "TLS_ECDHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305 "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_WITH_SEED_SHA "TLS_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA "TLS_DHE_DSS_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA "TLS_DHE_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ADH_WITH_SEED_SHA "TLS_DH_anon_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA "TLS_ECDHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA "TLS_ECDH_anon_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA "TLS_ECDHE_RSA_WITH_RC4_128_SHA" +# define TLS1_RFC_PSK_WITH_RC4_128_SHA "TLS_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA "TLS_RSA_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA "TLS_DHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_anon_WITH_ARIA_128_GCM_SHA256 "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_anon_WITH_ARIA_256_GCM_SHA384 "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" + + +/* + * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE + * ciphers names with "EDH" instead of "DHE". Going forward, we should be + * using DHE everywhere, though we may indefinitely maintain aliases for + * users or configurations that used "EDH" + */ +# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" + +# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA" + +/* AES ciphersuites from RFC3268 */ +# define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" +# define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" + +# define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" +# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" + +# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" +# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" +# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" + +/* PSK ciphersuites from RFC 4279 */ +# define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" +# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" + +# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA "DHE-PSK-RC4-SHA" +# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA "DHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA "DHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA "DHE-PSK-AES256-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA" +# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA" + +/* PSK ciphersuites from RFC 5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256 "DHE-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384 "DHE-PSK-AES256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384" + +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384" +# define TLS1_TXT_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256" +# define TLS1_TXT_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384" + +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256 "DHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384 "DHE-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256 "DHE-PSK-NULL-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384 "DHE-PSK-NULL-SHA384" + +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256 "RSA-PSK-NULL-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384 "RSA-PSK-NULL-SHA384" + +/* SRP ciphersuite from RFC 5054 */ +# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" + +# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384" + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +# define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +# define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" + +/* TLS v1.2 ciphersuites */ +# define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" +# define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" +# define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM" +# define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM "DHE-RSA-AES256-CCM" + +# define TLS1_TXT_RSA_WITH_AES_128_CCM_8 "AES128-CCM8" +# define TLS1_TXT_RSA_WITH_AES_256_CCM_8 "AES256-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8 "DHE-RSA-AES128-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8 "DHE-RSA-AES256-CCM8" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM "PSK-AES128-CCM" +# define TLS1_TXT_PSK_WITH_AES_256_CCM "PSK-AES256-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM "DHE-PSK-AES128-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM "DHE-PSK-AES256-CCM" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM8" +# define TLS1_TXT_PSK_WITH_AES_256_CCM_8 "PSK-AES256-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8 "DHE-PSK-AES128-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8" + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8" + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" + +/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" + +/* ECDHE PSK ciphersuites from RFC 5489 */ +# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA "ECDHE-PSK-RC4-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "ECDHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" + +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-AES256-CBC-SHA384" + +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA "ECDHE-PSK-NULL-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256 "ECDHE-PSK-NULL-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384 "ECDHE-PSK-NULL-SHA384" + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-RSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305 "PSK-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305 "ECDHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256 "ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384 "ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "DHE-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "DHE-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_ARIA_128_GCM_SHA256 "DH-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_ARIA_256_GCM_SHA384 "DH-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "DHE-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "DHE-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_ARIA_128_GCM_SHA256 "DH-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_ARIA_256_GCM_SHA384 "DH-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_anon_WITH_ARIA_128_GCM_SHA256 "ADH-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_anon_WITH_ARIA_256_GCM_SHA384 "ADH-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ARIA256-GCM-SHA384" +# define TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256 "PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384 "PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "DHE-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "DHE-PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384" + +# define TLS_CT_RSA_SIGN 1 +# define TLS_CT_DSS_SIGN 2 +# define TLS_CT_RSA_FIXED_DH 3 +# define TLS_CT_DSS_FIXED_DH 4 +# define TLS_CT_ECDSA_SIGN 64 +# define TLS_CT_RSA_FIXED_ECDH 65 +# define TLS_CT_ECDSA_FIXED_ECDH 66 +# define TLS_CT_GOST01_SIGN 22 +# define TLS_CT_GOST12_SIGN 238 +# define TLS_CT_GOST12_512_SIGN 239 + +/* + * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see + * comment there) + */ +# define TLS_CT_NUMBER 10 + +# if defined(SSL3_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +# define TLS1_FINISH_MAC_LENGTH 12 + +# define TLS_MD_MAX_CONST_SIZE 22 +# define TLS_MD_CLIENT_FINISH_CONST "client finished" +# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 +# define TLS_MD_SERVER_FINISH_CONST "server finished" +# define TLS_MD_SERVER_FINISH_CONST_SIZE 15 +# define TLS_MD_KEY_EXPANSION_CONST "key expansion" +# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 +# define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" +# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_IV_BLOCK_CONST "IV block" +# define TLS_MD_IV_BLOCK_CONST_SIZE 8 +# define TLS_MD_MASTER_SECRET_CONST "master secret" +# define TLS_MD_MASTER_SECRET_CONST_SIZE 13 +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret" +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22 + +# ifdef CHARSET_EBCDIC +# undef TLS_MD_CLIENT_FINISH_CONST +/* + * client finished + */ +# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_FINISH_CONST +/* + * server finished + */ +# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_KEY_EXPANSION_CONST +/* + * key expansion + */ +# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" + +# undef TLS_MD_CLIENT_WRITE_KEY_CONST +/* + * client write key + */ +# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_IV_BLOCK_CONST +/* + * IV block + */ +# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" + +# undef TLS_MD_MASTER_SECRET_CONST +/* + * master secret + */ +# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# undef TLS_MD_EXTENDED_MASTER_SECRET_CONST +/* + * extended master secret + */ +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# endif + +/* TLS Session Ticket extension struct */ +struct tls_session_ticket_ext_st { + unsigned short length; + void *data; +}; + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/ts.h b/deps/openssl/mingw64/include/openssl/ts.h new file mode 100644 index 00000000..3b58aa52 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/ts.h @@ -0,0 +1,559 @@ +/* + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TS_H +# define HEADER_TS_H + +# include + +# ifndef OPENSSL_NO_TS +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# include +# include + +typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; +typedef struct TS_req_st TS_REQ; +typedef struct TS_accuracy_st TS_ACCURACY; +typedef struct TS_tst_info_st TS_TST_INFO; + +/* Possible values for status. */ +# define TS_STATUS_GRANTED 0 +# define TS_STATUS_GRANTED_WITH_MODS 1 +# define TS_STATUS_REJECTION 2 +# define TS_STATUS_WAITING 3 +# define TS_STATUS_REVOCATION_WARNING 4 +# define TS_STATUS_REVOCATION_NOTIFICATION 5 + +/* Possible values for failure_info. */ +# define TS_INFO_BAD_ALG 0 +# define TS_INFO_BAD_REQUEST 2 +# define TS_INFO_BAD_DATA_FORMAT 5 +# define TS_INFO_TIME_NOT_AVAILABLE 14 +# define TS_INFO_UNACCEPTED_POLICY 15 +# define TS_INFO_UNACCEPTED_EXTENSION 16 +# define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +# define TS_INFO_SYSTEM_FAILURE 25 + + +typedef struct TS_status_info_st TS_STATUS_INFO; +typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; +typedef struct ESS_cert_id ESS_CERT_ID; +typedef struct ESS_signing_cert ESS_SIGNING_CERT; + +DEFINE_STACK_OF(ESS_CERT_ID) + +typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2; +typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2; + +DEFINE_STACK_OF(ESS_CERT_ID_V2) + +typedef struct TS_resp_st TS_RESP; + +TS_REQ *TS_REQ_new(void); +void TS_REQ_free(TS_REQ *a); +int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp); +TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); + +TS_REQ *TS_REQ_dup(TS_REQ *a); + +#ifndef OPENSSL_NO_STDIO +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); +int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); +#endif +TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); +int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void); +void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a); +int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, + const unsigned char **pp, long length); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); + +#ifndef OPENSSL_NO_STDIO +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); +#endif +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a); + +TS_RESP *TS_RESP_new(void); +void TS_RESP_free(TS_RESP *a); +int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp); +TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); +TS_RESP *TS_RESP_dup(TS_RESP *a); + +#ifndef OPENSSL_NO_STDIO +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); +int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); +#endif +TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a); + +TS_STATUS_INFO *TS_STATUS_INFO_new(void); +void TS_STATUS_INFO_free(TS_STATUS_INFO *a); +int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp); +TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, + const unsigned char **pp, long length); +TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a); + +TS_TST_INFO *TS_TST_INFO_new(void); +void TS_TST_INFO_free(TS_TST_INFO *a); +int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp); +TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, + long length); +TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); + +#ifndef OPENSSL_NO_STDIO +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); +#endif +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a); + +TS_ACCURACY *TS_ACCURACY_new(void); +void TS_ACCURACY_free(TS_ACCURACY *a); +int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp); +TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp, + long length); +TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a); + +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void); +void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a); +int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **pp); +ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, + const unsigned char **pp, + long length); +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a); + +ESS_CERT_ID *ESS_CERT_ID_new(void); +void ESS_CERT_ID_free(ESS_CERT_ID *a); +int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp); +ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp, + long length); +ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a); + +ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void); +void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a); +int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **pp); +ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, + const unsigned char **pp, long length); +ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); + +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void); +void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a); +int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **pp); +ESS_CERT_ID_V2 *d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a, + const unsigned char **pp, long length); +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *a); + +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void); +void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a); +int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a, unsigned char **pp); +ESS_SIGNING_CERT_V2 *d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a, + const unsigned char **pp, + long length); +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *a); + +int TS_REQ_set_version(TS_REQ *a, long version); +long TS_REQ_get_version(const TS_REQ *a); + +int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i); +const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a); + +const STACK_OF(ASN1_UTF8STRING) * +TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a); + +const ASN1_BIT_STRING * +TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a); + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); +int TS_REQ_get_cert_req(const TS_REQ *a); + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); +void TS_REQ_ext_free(TS_REQ *a); +int TS_REQ_get_ext_count(TS_REQ *a); +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); + +/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a); + +/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); +PKCS7 *TS_RESP_get_token(TS_RESP *a); +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); +long TS_TST_INFO_get_version(const TS_TST_INFO *a); + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); +void TS_TST_INFO_ext_free(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, + int lastpos); +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); + +/* + * Declarations related to response generation, defined in ts/ts_resp_sign.c. + */ + +/* Optional flags for response generation. */ + +/* Don't include the TSA name in response. */ +# define TS_TSA_NAME 0x01 + +/* Set ordering to true in response. */ +# define TS_ORDERING 0x02 + +/* + * Include the signer certificate and the other specified certificates in + * the ESS signing certificate attribute beside the PKCS7 signed data. + * Only the signer certificates is included by default. + */ +# define TS_ESS_CERT_ID_CHAIN 0x04 + +/* Forward declaration. */ +struct TS_resp_ctx; + +/* This must return a unique number less than 160 bits long. */ +typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *); + +/* + * This must return the seconds and microseconds since Jan 1, 1970 in the sec + * and usec variables allocated by the caller. Return non-zero for success + * and zero for failure. + */ +typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, + long *usec); + +/* + * This must process the given extension. It can modify the TS_TST_INFO + * object of the context. Return values: !0 (processed), 0 (error, it must + * set the status info/failure info of the response). + */ +typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, + void *); + +typedef struct TS_resp_ctx TS_RESP_CTX; + +DEFINE_STACK_OF_CONST(EVP_MD) + +/* Creates a response context that can be used for generating responses. */ +TS_RESP_CTX *TS_RESP_CTX_new(void); +void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, + const EVP_MD *signer_digest); +int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); + +/* No additional certs are included in the response by default. */ +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + +/* + * Adds a new acceptable policy, only the default policy is accepted by + * default. + */ +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); + +/* + * Adds a new acceptable message digest. Note that no message digests are + * accepted by default. The md argument is shared with the caller. + */ +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* Accuracy is not included by default. */ +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros); + +/* + * Clock precision digits, i.e. the number of decimal digits: '0' means sec, + * '3' msec, '6' usec, and so on. Default is 0. + */ +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, + unsigned clock_precision_digits); +/* At most we accept usec precision. */ +# define TS_MAX_CLOCK_PRECISION_DIGITS 6 + +/* Maximum status message length */ +# define TS_MAX_STATUS_LENGTH (1024 * 1024) + +/* No flags are set by default. */ +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); + +/* Default callback always returns a constant. */ +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); + +/* Default callback uses the gettimeofday() and gmtime() system calls. */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + +/* + * Default callback rejects all extensions. The extension callback is called + * when the TS_TST_INFO object is already set up and not signed yet. + */ +/* FIXME: extension handling is not tested yet. */ +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data); + +/* The following methods can be used in the callbacks. */ +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text); + +/* Sets the status info only if it is still TS_STATUS_GRANTED. */ +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text); + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); + +/* The get methods below can be used in the extension callback. */ +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); + +/* + * Creates the signed TS_TST_INFO and puts it in TS_RESP. + * In case of errors it sets the status info properly. + * Returns NULL only in case of memory allocation/fatal error. + */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); + +/* + * Declarations related to response verification, + * they are defined in ts/ts_resp_verify.c. + */ + +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out); + +/* Context structure for the generic verify method. */ + +/* Verify the signer's certificate and the signature of the response. */ +# define TS_VFY_SIGNATURE (1u << 0) +/* Verify the version number of the response. */ +# define TS_VFY_VERSION (1u << 1) +/* Verify if the policy supplied by the user matches the policy of the TSA. */ +# define TS_VFY_POLICY (1u << 2) +/* + * Verify the message imprint provided by the user. This flag should not be + * specified with TS_VFY_DATA. + */ +# define TS_VFY_IMPRINT (1u << 3) +/* + * Verify the message imprint computed by the verify method from the user + * provided data and the MD algorithm of the response. This flag should not + * be specified with TS_VFY_IMPRINT. + */ +# define TS_VFY_DATA (1u << 4) +/* Verify the nonce value. */ +# define TS_VFY_NONCE (1u << 5) +/* Verify if the TSA name field matches the signer certificate. */ +# define TS_VFY_SIGNER (1u << 6) +/* Verify if the TSA name field equals to the user provided name. */ +# define TS_VFY_TSA_NAME (1u << 7) + +/* You can use the following convenience constants. */ +# define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +# define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +typedef struct TS_verify_ctx TS_VERIFY_CTX; + +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + +/* + * Declarations related to response verification context, + */ +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); +int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f); +int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f); +BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b); +unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, + unsigned char *hexstr, long len); +X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s); +STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); + +/*- + * If ctx is NULL, it allocates and returns a new object, otherwise + * it returns ctx. It initialises all the members as follows: + * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) + * certs = NULL + * store = NULL + * policy = policy from the request or NULL if absent (in this case + * TS_VFY_POLICY is cleared from flags as well) + * md_alg = MD algorithm from request + * imprint, imprint_len = imprint from request + * data = NULL + * nonce, nonce_len = nonce from the request or NULL if absent (in this case + * TS_VFY_NONCE is cleared from flags as well) + * tsa_name = NULL + * Important: after calling this method TS_VFY_SIGNATURE should be added! + */ +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); + +/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a); +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); + +/* Common utility functions defined in ts/ts_lib.c */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + +/* + * Function declarations for handling configuration options, defined in + * ts/ts_conf.c + */ + +X509 *TS_CONF_load_cert(const char *file); +STACK_OF(X509) *TS_CONF_load_certs(const char *file); +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +#ifndef OPENSSL_NO_ENGINE +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device); +int TS_CONF_set_default_engine(const char *name); +#endif +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_digest(CONF *conf, const char *section, + const char *md, TS_RESP_CTX *ctx); +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); +int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, + TS_RESP_CTX *ctx); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/tserr.h b/deps/openssl/mingw64/include/openssl/tserr.h new file mode 100644 index 00000000..07f23339 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/tserr.h @@ -0,0 +1,132 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TSERR_H +# define HEADER_TSERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# include + +# ifndef OPENSSL_NO_TS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_TS_strings(void); + +/* + * TS function codes. + */ +# define TS_F_DEF_SERIAL_CB 110 +# define TS_F_DEF_TIME_CB 111 +# define TS_F_ESS_ADD_SIGNING_CERT 112 +# define TS_F_ESS_ADD_SIGNING_CERT_V2 147 +# define TS_F_ESS_CERT_ID_NEW_INIT 113 +# define TS_F_ESS_CERT_ID_V2_NEW_INIT 156 +# define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 +# define TS_F_ESS_SIGNING_CERT_V2_NEW_INIT 157 +# define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 +# define TS_F_PKCS7_TO_TS_TST_INFO 148 +# define TS_F_TS_ACCURACY_SET_MICROS 115 +# define TS_F_TS_ACCURACY_SET_MILLIS 116 +# define TS_F_TS_ACCURACY_SET_SECONDS 117 +# define TS_F_TS_CHECK_IMPRINTS 100 +# define TS_F_TS_CHECK_NONCES 101 +# define TS_F_TS_CHECK_POLICY 102 +# define TS_F_TS_CHECK_SIGNING_CERTS 103 +# define TS_F_TS_CHECK_STATUS_INFO 104 +# define TS_F_TS_COMPUTE_IMPRINT 145 +# define TS_F_TS_CONF_INVALID 151 +# define TS_F_TS_CONF_LOAD_CERT 153 +# define TS_F_TS_CONF_LOAD_CERTS 154 +# define TS_F_TS_CONF_LOAD_KEY 155 +# define TS_F_TS_CONF_LOOKUP_FAIL 152 +# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 +# define TS_F_TS_GET_STATUS_TEXT 105 +# define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 +# define TS_F_TS_REQ_SET_MSG_IMPRINT 119 +# define TS_F_TS_REQ_SET_NONCE 120 +# define TS_F_TS_REQ_SET_POLICY_ID 121 +# define TS_F_TS_RESP_CREATE_RESPONSE 122 +# define TS_F_TS_RESP_CREATE_TST_INFO 123 +# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 +# define TS_F_TS_RESP_CTX_ADD_MD 125 +# define TS_F_TS_RESP_CTX_ADD_POLICY 126 +# define TS_F_TS_RESP_CTX_NEW 127 +# define TS_F_TS_RESP_CTX_SET_ACCURACY 128 +# define TS_F_TS_RESP_CTX_SET_CERTS 129 +# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 +# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 +# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 +# define TS_F_TS_RESP_GET_POLICY 133 +# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 +# define TS_F_TS_RESP_SET_STATUS_INFO 135 +# define TS_F_TS_RESP_SET_TST_INFO 150 +# define TS_F_TS_RESP_SIGN 136 +# define TS_F_TS_RESP_VERIFY_SIGNATURE 106 +# define TS_F_TS_TST_INFO_SET_ACCURACY 137 +# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 +# define TS_F_TS_TST_INFO_SET_NONCE 139 +# define TS_F_TS_TST_INFO_SET_POLICY_ID 140 +# define TS_F_TS_TST_INFO_SET_SERIAL 141 +# define TS_F_TS_TST_INFO_SET_TIME 142 +# define TS_F_TS_TST_INFO_SET_TSA 143 +# define TS_F_TS_VERIFY 108 +# define TS_F_TS_VERIFY_CERT 109 +# define TS_F_TS_VERIFY_CTX_NEW 144 + +/* + * TS reason codes. + */ +# define TS_R_BAD_PKCS7_TYPE 132 +# define TS_R_BAD_TYPE 133 +# define TS_R_CANNOT_LOAD_CERT 137 +# define TS_R_CANNOT_LOAD_KEY 138 +# define TS_R_CERTIFICATE_VERIFY_ERROR 100 +# define TS_R_COULD_NOT_SET_ENGINE 127 +# define TS_R_COULD_NOT_SET_TIME 115 +# define TS_R_DETACHED_CONTENT 134 +# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +# define TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR 139 +# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +# define TS_R_INVALID_NULL_POINTER 102 +# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +# define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +# define TS_R_NONCE_MISMATCH 104 +# define TS_R_NONCE_NOT_RETURNED 105 +# define TS_R_NO_CONTENT 106 +# define TS_R_NO_TIME_STAMP_TOKEN 107 +# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +# define TS_R_POLICY_MISMATCH 108 +# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +# define TS_R_RESPONSE_SETUP_ERROR 121 +# define TS_R_SIGNATURE_FAILURE 109 +# define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +# define TS_R_TIME_SYSCALL_ERROR 122 +# define TS_R_TOKEN_NOT_PRESENT 130 +# define TS_R_TOKEN_PRESENT 131 +# define TS_R_TSA_NAME_MISMATCH 111 +# define TS_R_TSA_UNTRUSTED 112 +# define TS_R_TST_INFO_SETUP_ERROR 123 +# define TS_R_TS_DATASIGN 124 +# define TS_R_UNACCEPTABLE_POLICY 125 +# define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +# define TS_R_UNSUPPORTED_VERSION 113 +# define TS_R_VAR_BAD_VALUE 135 +# define TS_R_VAR_LOOKUP_FAILURE 136 +# define TS_R_WRONG_CONTENT_TYPE 114 + +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/txt_db.h b/deps/openssl/mingw64/include/openssl/txt_db.h new file mode 100644 index 00000000..ec981a43 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/txt_db.h @@ -0,0 +1,57 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TXT_DB_H +# define HEADER_TXT_DB_H + +# include +# include +# include +# include + +# define DB_ERROR_OK 0 +# define DB_ERROR_MALLOC 1 +# define DB_ERROR_INDEX_CLASH 2 +# define DB_ERROR_INDEX_OUT_OF_RANGE 3 +# define DB_ERROR_NO_INDEX 4 +# define DB_ERROR_INSERT_INDEX_CLASH 5 +# define DB_ERROR_WRONG_NUM_FIELDS 6 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef OPENSSL_STRING *OPENSSL_PSTRING; +DEFINE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) + +typedef struct txt_db_st { + int num_fields; + STACK_OF(OPENSSL_PSTRING) *data; + LHASH_OF(OPENSSL_STRING) **index; + int (**qual) (OPENSSL_STRING *); + long error; + long arg1; + long arg2; + OPENSSL_STRING *arg_row; +} TXT_DB; + +TXT_DB *TXT_DB_read(BIO *in, int num); +long TXT_DB_write(BIO *out, TXT_DB *db); +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), + OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp); +void TXT_DB_free(TXT_DB *db); +OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, + OPENSSL_STRING *value); +int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/ui.h b/deps/openssl/mingw64/include/openssl/ui.h new file mode 100644 index 00000000..7c721ec8 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/ui.h @@ -0,0 +1,368 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_UI_H +# define HEADER_UI_H + +# include + +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# include +# include +# include + +/* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */ +# if OPENSSL_API_COMPAT < 0x10200000L +# ifdef OPENSSL_NO_UI_CONSOLE +# define OPENSSL_NO_UI +# endif +# endif + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * All the following functions return -1 or NULL on error and in some cases + * (UI_process()) -2 if interrupted or in some other way cancelled. When + * everything is fine, they return 0, a positive value or a non-NULL pointer, + * all depending on their purpose. + */ + +/* Creators and destructor. */ +UI *UI_new(void); +UI *UI_new_method(const UI_METHOD *method); +void UI_free(UI *ui); + +/*- + The following functions are used to add strings to be printed and prompt + strings to prompt for data. The names are UI_{add,dup}__string + and UI_{add,dup}_input_boolean. + + UI_{add,dup}__string have the following meanings: + add add a text or prompt string. The pointers given to these + functions are used verbatim, no copying is done. + dup make a copy of the text or prompt string, then add the copy + to the collection of strings in the user interface. + + The function is a name for the functionality that the given + string shall be used for. It can be one of: + input use the string as data prompt. + verify use the string as verification prompt. This + is used to verify a previous input. + info use the string for informational output. + error use the string for error output. + Honestly, there's currently no difference between info and error for the + moment. + + UI_{add,dup}_input_boolean have the same semantics for "add" and "dup", + and are typically used when one wants to prompt for a yes/no response. + + All of the functions in this group take a UI and a prompt string. + The string input and verify addition functions also take a flag argument, + a buffer for the result to end up with, a minimum input size and a maximum + input size (the result buffer MUST be large enough to be able to contain + the maximum number of characters). Additionally, the verify addition + functions takes another buffer to compare the result against. + The boolean input functions take an action description string (which should + be safe to ignore if the expected user action is obvious, for example with + a dialog box with an OK button and a Cancel button), a string of acceptable + characters to mean OK and to mean Cancel. The two last strings are checked + to make sure they don't have common characters. Additionally, the same + flag argument as for the string input is taken, as well as a result buffer. + The result buffer is required to be at least one byte long. Depending on + the answer, the first character from the OK or the Cancel character strings + will be stored in the first byte of the result buffer. No NUL will be + added, so the result is *not* a string. + + On success, the all return an index of the added information. That index + is useful when retrieving results with UI_get0_result(). */ +int UI_add_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_dup_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_add_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_dup_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_add_info_string(UI *ui, const char *text); +int UI_dup_info_string(UI *ui, const char *text); +int UI_add_error_string(UI *ui, const char *text); +int UI_dup_error_string(UI *ui, const char *text); + +/* These are the possible flags. They can be or'ed together. */ +/* Use to have echoing of input */ +# define UI_INPUT_FLAG_ECHO 0x01 +/* + * Use a default password. Where that password is found is completely up to + * the application, it might for example be in the user data set with + * UI_add_user_data(). It is not recommended to have more than one input in + * each UI being marked with this flag, or the application might get + * confused. + */ +# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 + +/*- + * The user of these routines may want to define flags of their own. The core + * UI won't look at those, but will pass them on to the method routines. They + * must use higher bits so they don't get confused with the UI bits above. + * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good + * example of use is this: + * + * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) + * +*/ +# define UI_INPUT_FLAG_USER_BASE 16 + +/*- + * The following function helps construct a prompt. object_desc is a + * textual short description of the object, for example "pass phrase", + * and object_name is the name of the object (might be a card name or + * a file name. + * The returned string shall always be allocated on the heap with + * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). + * + * If the ui_method doesn't contain a pointer to a user-defined prompt + * constructor, a default string is built, looking like this: + * + * "Enter {object_desc} for {object_name}:" + * + * So, if object_desc has the value "pass phrase" and object_name has + * the value "foo.key", the resulting string is: + * + * "Enter pass phrase for foo.key:" +*/ +char *UI_construct_prompt(UI *ui_method, + const char *object_desc, const char *object_name); + +/* + * The following function is used to store a pointer to user-specific data. + * Any previous such pointer will be returned and replaced. + * + * For callback purposes, this function makes a lot more sense than using + * ex_data, since the latter requires that different parts of OpenSSL or + * applications share the same ex_data index. + * + * Note that the UI_OpenSSL() method completely ignores the user data. Other + * methods may not, however. + */ +void *UI_add_user_data(UI *ui, void *user_data); +/* + * Alternatively, this function is used to duplicate the user data. + * This uses the duplicator method function. The destroy function will + * be used to free the user data in this case. + */ +int UI_dup_user_data(UI *ui, void *user_data); +/* We need a user data retrieving function as well. */ +void *UI_get0_user_data(UI *ui); + +/* Return the result associated with a prompt given with the index i. */ +const char *UI_get0_result(UI *ui, int i); +int UI_get_result_length(UI *ui, int i); + +/* When all strings have been added, process the whole thing. */ +int UI_process(UI *ui); + +/* + * Give a user interface parameterised control commands. This can be used to + * send down an integer, a data pointer or a function pointer, as well as be + * used to get information from a UI. + */ +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); + +/* The commands */ +/* + * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the + * OpenSSL error stack before printing any info or added error messages and + * before any prompting. + */ +# define UI_CTRL_PRINT_ERRORS 1 +/* + * Check if a UI_process() is possible to do again with the same instance of + * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 + * if not. + */ +# define UI_CTRL_IS_REDOABLE 2 + +/* Some methods may use extra data */ +# define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) +# define UI_get_app_data(s) UI_get_ex_data(s,0) + +# define UI_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) +int UI_set_ex_data(UI *r, int idx, void *arg); +void *UI_get_ex_data(UI *r, int idx); + +/* Use specific methods instead of the built-in one */ +void UI_set_default_method(const UI_METHOD *meth); +const UI_METHOD *UI_get_default_method(void); +const UI_METHOD *UI_get_method(UI *ui); +const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); + +# ifndef OPENSSL_NO_UI_CONSOLE + +/* The method with all the built-in thingies */ +UI_METHOD *UI_OpenSSL(void); + +# endif + +/* + * NULL method. Literally does nothing, but may serve as a placeholder + * to avoid internal default. + */ +const UI_METHOD *UI_null(void); + +/* ---------- For method writers ---------- */ +/*- + A method contains a number of functions that implement the low level + of the User Interface. The functions are: + + an opener This function starts a session, maybe by opening + a channel to a tty, or by opening a window. + a writer This function is called to write a given string, + maybe to the tty, maybe as a field label in a + window. + a flusher This function is called to flush everything that + has been output so far. It can be used to actually + display a dialog box after it has been built. + a reader This function is called to read a given prompt, + maybe from the tty, maybe from a field in a + window. Note that it's called with all string + structures, not only the prompt ones, so it must + check such things itself. + a closer This function closes the session, maybe by closing + the channel to the tty, or closing the window. + + All these functions are expected to return: + + 0 on error. + 1 on success. + -1 on out-of-band events, for example if some prompting has + been canceled (by pressing Ctrl-C, for example). This is + only checked when returned by the flusher or the reader. + + The way this is used, the opener is first called, then the writer for all + strings, then the flusher, then the reader for all strings and finally the + closer. Note that if you want to prompt from a terminal or other command + line interface, the best is to have the reader also write the prompts + instead of having the writer do it. If you want to prompt from a dialog + box, the writer can be used to build up the contents of the box, and the + flusher to actually display the box and run the event loop until all data + has been given, after which the reader only grabs the given data and puts + them back into the UI strings. + + All method functions take a UI as argument. Additionally, the writer and + the reader take a UI_STRING. +*/ + +/* + * The UI_STRING type is the data structure that contains all the needed info + * about a string or a prompt, including test data for a verification prompt. + */ +typedef struct ui_string_st UI_STRING; +DEFINE_STACK_OF(UI_STRING) + +/* + * The different types of strings that are currently supported. This is only + * needed by method authors. + */ +enum UI_string_types { + UIT_NONE = 0, + UIT_PROMPT, /* Prompt for a string */ + UIT_VERIFY, /* Prompt for a string and verify */ + UIT_BOOLEAN, /* Prompt for a yes/no response */ + UIT_INFO, /* Send info to the user */ + UIT_ERROR /* Send an error message to the user */ +}; + +/* Create and manipulate methods */ +UI_METHOD *UI_create_method(const char *name); +void UI_destroy_method(UI_METHOD *ui_method); +int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +int UI_method_set_writer(UI_METHOD *method, + int (*writer) (UI *ui, UI_STRING *uis)); +int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); +int UI_method_set_reader(UI_METHOD *method, + int (*reader) (UI *ui, UI_STRING *uis)); +int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +int UI_method_set_data_duplicator(UI_METHOD *method, + void *(*duplicator) (UI *ui, void *ui_data), + void (*destructor)(UI *ui, void *ui_data)); +int UI_method_set_prompt_constructor(UI_METHOD *method, + char *(*prompt_constructor) (UI *ui, + const char + *object_desc, + const char + *object_name)); +int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); +int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); +int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); +int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); +char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) + (UI *, const char *, const char *); +void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); +void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); + +/* + * The following functions are helpers for method writers to access relevant + * data from a UI_STRING. + */ + +/* Return type of the UI_STRING */ +enum UI_string_types UI_get_string_type(UI_STRING *uis); +/* Return input flags of the UI_STRING */ +int UI_get_input_flags(UI_STRING *uis); +/* Return the actual string to output (the prompt, info or error) */ +const char *UI_get0_output_string(UI_STRING *uis); +/* + * Return the optional action string to output (the boolean prompt + * instruction) + */ +const char *UI_get0_action_string(UI_STRING *uis); +/* Return the result of a prompt */ +const char *UI_get0_result_string(UI_STRING *uis); +int UI_get_result_string_length(UI_STRING *uis); +/* + * Return the string to test the result against. Only useful with verifies. + */ +const char *UI_get0_test_string(UI_STRING *uis); +/* Return the required minimum size of the result */ +int UI_get_result_minsize(UI_STRING *uis); +/* Return the required maximum size of the result */ +int UI_get_result_maxsize(UI_STRING *uis); +/* Set the result of a UI_STRING. */ +int UI_set_result(UI *ui, UI_STRING *uis, const char *result); +int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); + +/* A couple of popular utility functions */ +int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, + int verify); +int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, + int verify); +UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/uierr.h b/deps/openssl/mingw64/include/openssl/uierr.h new file mode 100644 index 00000000..bd68864d --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/uierr.h @@ -0,0 +1,65 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_UIERR_H +# define HEADER_UIERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_UI_strings(void); + +/* + * UI function codes. + */ +# define UI_F_CLOSE_CONSOLE 115 +# define UI_F_ECHO_CONSOLE 116 +# define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 +# define UI_F_GENERAL_ALLOCATE_PROMPT 109 +# define UI_F_NOECHO_CONSOLE 117 +# define UI_F_OPEN_CONSOLE 114 +# define UI_F_UI_CONSTRUCT_PROMPT 121 +# define UI_F_UI_CREATE_METHOD 112 +# define UI_F_UI_CTRL 111 +# define UI_F_UI_DUP_ERROR_STRING 101 +# define UI_F_UI_DUP_INFO_STRING 102 +# define UI_F_UI_DUP_INPUT_BOOLEAN 110 +# define UI_F_UI_DUP_INPUT_STRING 103 +# define UI_F_UI_DUP_USER_DATA 118 +# define UI_F_UI_DUP_VERIFY_STRING 106 +# define UI_F_UI_GET0_RESULT 107 +# define UI_F_UI_GET_RESULT_LENGTH 119 +# define UI_F_UI_NEW_METHOD 104 +# define UI_F_UI_PROCESS 113 +# define UI_F_UI_SET_RESULT 105 +# define UI_F_UI_SET_RESULT_EX 120 + +/* + * UI reason codes. + */ +# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 +# define UI_R_INDEX_TOO_LARGE 102 +# define UI_R_INDEX_TOO_SMALL 103 +# define UI_R_NO_RESULT_BUFFER 105 +# define UI_R_PROCESSING_ERROR 107 +# define UI_R_RESULT_TOO_LARGE 100 +# define UI_R_RESULT_TOO_SMALL 101 +# define UI_R_SYSASSIGN_ERROR 109 +# define UI_R_SYSDASSGN_ERROR 110 +# define UI_R_SYSQIOW_ERROR 111 +# define UI_R_UNKNOWN_CONTROL_COMMAND 106 +# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE 108 +# define UI_R_USER_DATA_DUPLICATION_UNSUPPORTED 112 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/whrlpool.h b/deps/openssl/mingw64/include/openssl/whrlpool.h new file mode 100644 index 00000000..20ea3503 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/whrlpool.h @@ -0,0 +1,48 @@ +/* + * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_WHRLPOOL_H +# define HEADER_WHRLPOOL_H + +#include + +# ifndef OPENSSL_NO_WHIRLPOOL +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define WHIRLPOOL_DIGEST_LENGTH (512/8) +# define WHIRLPOOL_BBLOCK 512 +# define WHIRLPOOL_COUNTER (256/8) + +typedef struct { + union { + unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; + /* double q is here to ensure 64-bit alignment */ + double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)]; + } H; + unsigned char data[WHIRLPOOL_BBLOCK / 8]; + unsigned int bitoff; + size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; +} WHIRLPOOL_CTX; + +int WHIRLPOOL_Init(WHIRLPOOL_CTX *c); +int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes); +void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits); +int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c); +unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md); + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/deps/openssl/mingw64/include/openssl/x509.h b/deps/openssl/mingw64/include/openssl/x509.h new file mode 100644 index 00000000..39ca0ba5 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/x509.h @@ -0,0 +1,1047 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509_H +# define HEADER_X509_H + +# include +# include +# include +# include +# include +# include +# include +# include +# include + +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# include +# include +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + + +/* Flags for X509_get_signature_info() */ +/* Signature info is valid */ +# define X509_SIG_INFO_VALID 0x1 +/* Signature is suitable for TLS use */ +# define X509_SIG_INFO_TLS 0x2 + +# define X509_FILETYPE_PEM 1 +# define X509_FILETYPE_ASN1 2 +# define X509_FILETYPE_DEFAULT 3 + +# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +# define X509v3_KU_NON_REPUDIATION 0x0040 +# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +# define X509v3_KU_KEY_AGREEMENT 0x0008 +# define X509v3_KU_KEY_CERT_SIGN 0x0004 +# define X509v3_KU_CRL_SIGN 0x0002 +# define X509v3_KU_ENCIPHER_ONLY 0x0001 +# define X509v3_KU_DECIPHER_ONLY 0x8000 +# define X509v3_KU_UNDEF 0xffff + +struct X509_algor_st { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameter; +} /* X509_ALGOR */ ; + +typedef STACK_OF(X509_ALGOR) X509_ALGORS; + +typedef struct X509_val_st { + ASN1_TIME *notBefore; + ASN1_TIME *notAfter; +} X509_VAL; + +typedef struct X509_sig_st X509_SIG; + +typedef struct X509_name_entry_st X509_NAME_ENTRY; + +DEFINE_STACK_OF(X509_NAME_ENTRY) + +DEFINE_STACK_OF(X509_NAME) + +# define X509_EX_V_NETSCAPE_HACK 0x8000 +# define X509_EX_V_INIT 0x0001 +typedef struct X509_extension_st X509_EXTENSION; + +typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + +DEFINE_STACK_OF(X509_EXTENSION) + +typedef struct x509_attributes_st X509_ATTRIBUTE; + +DEFINE_STACK_OF(X509_ATTRIBUTE) + +typedef struct X509_req_info_st X509_REQ_INFO; + +typedef struct X509_req_st X509_REQ; + +typedef struct x509_cert_aux_st X509_CERT_AUX; + +typedef struct x509_cinf_st X509_CINF; + +DEFINE_STACK_OF(X509) + +/* This is used for a table of trust checking functions */ + +typedef struct x509_trust_st { + int trust; + int flags; + int (*check_trust) (struct x509_trust_st *, X509 *, int); + char *name; + int arg1; + void *arg2; +} X509_TRUST; + +DEFINE_STACK_OF(X509_TRUST) + +/* standard trust ids */ + +# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ + +# define X509_TRUST_COMPAT 1 +# define X509_TRUST_SSL_CLIENT 2 +# define X509_TRUST_SSL_SERVER 3 +# define X509_TRUST_EMAIL 4 +# define X509_TRUST_OBJECT_SIGN 5 +# define X509_TRUST_OCSP_SIGN 6 +# define X509_TRUST_OCSP_REQUEST 7 +# define X509_TRUST_TSA 8 + +/* Keep these up to date! */ +# define X509_TRUST_MIN 1 +# define X509_TRUST_MAX 8 + +/* trust_flags values */ +# define X509_TRUST_DYNAMIC (1U << 0) +# define X509_TRUST_DYNAMIC_NAME (1U << 1) +/* No compat trust if self-signed, preempts "DO_SS" */ +# define X509_TRUST_NO_SS_COMPAT (1U << 2) +/* Compat trust if no explicit accepted trust EKUs */ +# define X509_TRUST_DO_SS_COMPAT (1U << 3) +/* Accept "anyEKU" as a wildcard trust OID */ +# define X509_TRUST_OK_ANY_EKU (1U << 4) + +/* check_trust return codes */ + +# define X509_TRUST_TRUSTED 1 +# define X509_TRUST_REJECTED 2 +# define X509_TRUST_UNTRUSTED 3 + +/* Flags for X509_print_ex() */ + +# define X509_FLAG_COMPAT 0 +# define X509_FLAG_NO_HEADER 1L +# define X509_FLAG_NO_VERSION (1L << 1) +# define X509_FLAG_NO_SERIAL (1L << 2) +# define X509_FLAG_NO_SIGNAME (1L << 3) +# define X509_FLAG_NO_ISSUER (1L << 4) +# define X509_FLAG_NO_VALIDITY (1L << 5) +# define X509_FLAG_NO_SUBJECT (1L << 6) +# define X509_FLAG_NO_PUBKEY (1L << 7) +# define X509_FLAG_NO_EXTENSIONS (1L << 8) +# define X509_FLAG_NO_SIGDUMP (1L << 9) +# define X509_FLAG_NO_AUX (1L << 10) +# define X509_FLAG_NO_ATTRIBUTES (1L << 11) +# define X509_FLAG_NO_IDS (1L << 12) + +/* Flags specific to X509_NAME_print_ex() */ + +/* The field separator information */ + +# define XN_FLAG_SEP_MASK (0xf << 16) + +# define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */ +# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ +# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ +# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ +# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */ + +# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */ + +/* How the field name is shown */ + +# define XN_FLAG_FN_MASK (0x3 << 21) + +# define XN_FLAG_FN_SN 0/* Object short name */ +# define XN_FLAG_FN_LN (1 << 21)/* Object long name */ +# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */ +# define XN_FLAG_FN_NONE (3 << 21)/* No field names */ + +# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */ + +/* + * This determines if we dump fields we don't recognise: RFC2253 requires + * this. + */ + +# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) + +# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20 + * characters */ + +/* Complete set of RFC2253 flags */ + +# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ + XN_FLAG_SEP_COMMA_PLUS | \ + XN_FLAG_DN_REV | \ + XN_FLAG_FN_SN | \ + XN_FLAG_DUMP_UNKNOWN_FIELDS) + +/* readable oneline form */ + +# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + XN_FLAG_SEP_CPLUS_SPC | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_SN) + +/* readable multiline form */ + +# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + XN_FLAG_SEP_MULTILINE | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_LN | \ + XN_FLAG_FN_ALIGN) + +DEFINE_STACK_OF(X509_REVOKED) + +typedef struct X509_crl_info_st X509_CRL_INFO; + +DEFINE_STACK_OF(X509_CRL) + +typedef struct private_key_st { + int version; + /* The PKCS#8 data types */ + X509_ALGOR *enc_algor; + ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ + /* When decrypted, the following will not be NULL */ + EVP_PKEY *dec_pkey; + /* used to encrypt and decrypt */ + int key_length; + char *key_data; + int key_free; /* true if we should auto free key_data */ + /* expanded version of 'enc_algor' */ + EVP_CIPHER_INFO cipher; +} X509_PKEY; + +typedef struct X509_info_st { + X509 *x509; + X509_CRL *crl; + X509_PKEY *x_pkey; + EVP_CIPHER_INFO enc_cipher; + int enc_len; + char *enc_data; +} X509_INFO; + +DEFINE_STACK_OF(X509_INFO) + +/* + * The next 2 structures and their 8 routines are used to manipulate Netscape's + * spki structures - useful if you are writing a CA web page + */ +typedef struct Netscape_spkac_st { + X509_PUBKEY *pubkey; + ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ +} NETSCAPE_SPKAC; + +typedef struct Netscape_spki_st { + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ + X509_ALGOR sig_algor; + ASN1_BIT_STRING *signature; +} NETSCAPE_SPKI; + +/* Netscape certificate sequence structure */ +typedef struct Netscape_certificate_sequence { + ASN1_OBJECT *type; + STACK_OF(X509) *certs; +} NETSCAPE_CERT_SEQUENCE; + +/*- Unused (and iv length is wrong) +typedef struct CBCParameter_st + { + unsigned char iv[8]; + } CBC_PARAM; +*/ + +/* Password based encryption structure */ + +typedef struct PBEPARAM_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; +} PBEPARAM; + +/* Password based encryption V2 structures */ + +typedef struct PBE2PARAM_st { + X509_ALGOR *keyfunc; + X509_ALGOR *encryption; +} PBE2PARAM; + +typedef struct PBKDF2PARAM_st { +/* Usually OCTET STRING but could be anything */ + ASN1_TYPE *salt; + ASN1_INTEGER *iter; + ASN1_INTEGER *keylength; + X509_ALGOR *prf; +} PBKDF2PARAM; + +#ifndef OPENSSL_NO_SCRYPT +typedef struct SCRYPT_PARAMS_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *costParameter; + ASN1_INTEGER *blockSize; + ASN1_INTEGER *parallelizationParameter; + ASN1_INTEGER *keyLength; +} SCRYPT_PARAMS; +#endif + +#ifdef __cplusplus +} +#endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define X509_EXT_PACK_UNKNOWN 1 +# define X509_EXT_PACK_STRING 2 + +# define X509_extract_key(x) X509_get_pubkey(x)/*****/ +# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) + +void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); +X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), + int (*crl_free) (X509_CRL *crl), + int (*crl_lookup) (X509_CRL *crl, + X509_REVOKED **ret, + ASN1_INTEGER *ser, + X509_NAME *issuer), + int (*crl_verify) (X509_CRL *crl, + EVP_PKEY *pk)); +void X509_CRL_METHOD_free(X509_CRL_METHOD *m); + +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); +void *X509_CRL_get_meth_data(X509_CRL *crl); + +const char *X509_verify_cert_error_string(long n); + +int X509_verify(X509 *a, EVP_PKEY *r); + +int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); + +NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len); +char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); +EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); +int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + +int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); + +int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); +int X509_signature_print(BIO *bp, const X509_ALGOR *alg, + const ASN1_STRING *sig); + +int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +# ifndef OPENSSL_NO_OCSP +int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert); +# endif +int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +# ifndef OPENSSL_NO_OCSP +int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl); +# endif +int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); + +int X509_pubkey_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); + +# ifndef OPENSSL_NO_STDIO +X509 *d2i_X509_fp(FILE *fp, X509 **x509); +int i2d_X509_fp(FILE *fp, X509 *x509); +X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); +int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl); +X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); +int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa); +RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa); +RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); +int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); +int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); +DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); +int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); +int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); +int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); +int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); +int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); +int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +# endif + +X509 *d2i_X509_bio(BIO *bp, X509 **x509); +int i2d_X509_bio(BIO *bp, X509 *x509); +X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); +int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl); +X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); +int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa); +RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa); +RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); +int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); +int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); +DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); +int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); +int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); +int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); +int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); +int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); + +X509 *X509_dup(X509 *x509); +X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); +X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); +X509_CRL *X509_CRL_dup(X509_CRL *crl); +X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev); +X509_REQ *X509_REQ_dup(X509_REQ *req); +X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, + void *pval); +void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, + const void **ppval, const X509_ALGOR *algor); +void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); + +X509_NAME *X509_NAME_dup(X509_NAME *xn); +X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); + +int X509_cmp_time(const ASN1_TIME *s, time_t *t); +int X509_cmp_current_time(const ASN1_TIME *s); +ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, + int offset_day, long offset_sec, time_t *t); +ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); + +const char *X509_get_default_cert_area(void); +const char *X509_get_default_cert_dir(void); +const char *X509_get_default_cert_file(void); +const char *X509_get_default_cert_dir_env(void); +const char *X509_get_default_cert_file_env(void); +const char *X509_get_default_private_dir(void); + +X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey); + +DECLARE_ASN1_FUNCTIONS(X509_ALGOR) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) +DECLARE_ASN1_FUNCTIONS(X509_VAL) + +DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) + +int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); +EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); +long X509_get_pathlen(X509 *x); +int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); +EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); +# ifndef OPENSSL_NO_RSA +int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); +RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length); +# endif +# ifndef OPENSSL_NO_DSA +int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp); +DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); +# endif +# ifndef OPENSSL_NO_EC +int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); +EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length); +# endif + +DECLARE_ASN1_FUNCTIONS(X509_SIG) +void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, + const ASN1_OCTET_STRING **pdigest); +void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest); + +DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) +DECLARE_ASN1_FUNCTIONS(X509_REQ) + +DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) +X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); + +DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) + +DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) + +DECLARE_ASN1_FUNCTIONS(X509_NAME) + +int X509_NAME_set(X509_NAME **xn, X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(X509_CINF) + +DECLARE_ASN1_FUNCTIONS(X509) +DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) + +#define X509_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) +int X509_set_ex_data(X509 *r, int idx, void *arg); +void *X509_get_ex_data(X509 *r, int idx); +int i2d_X509_AUX(X509 *a, unsigned char **pp); +X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); + +int i2d_re_X509_tbs(X509 *x, unsigned char **pp); + +int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, + int *secbits, uint32_t *flags); +void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, + int secbits, uint32_t flags); + +int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, + uint32_t *flags); + +void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x); +int X509_get_signature_nid(const X509 *x); + +int X509_trusted(const X509 *x); +int X509_alias_set1(X509 *x, const unsigned char *name, int len); +int X509_keyid_set1(X509 *x, const unsigned char *id, int len); +unsigned char *X509_alias_get0(X509 *x, int *len); +unsigned char *X509_keyid_get0(X509 *x, int *len); +int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, + int); +int X509_TRUST_set(int *t, int trust); +int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj); +void X509_trust_clear(X509 *x); +void X509_reject_clear(X509 *x); + +STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x); +STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x); + +DECLARE_ASN1_FUNCTIONS(X509_REVOKED) +DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) +DECLARE_ASN1_FUNCTIONS(X509_CRL) + +int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial); +int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); + +X509_PKEY *X509_PKEY_new(void); +void X509_PKEY_free(X509_PKEY *a); + +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) + +X509_INFO *X509_INFO_new(void); +void X509_INFO_free(X509_INFO *a); +char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); + +int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); + +int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, + unsigned char *md, unsigned int *len); + +int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + char *data, EVP_PKEY *pkey, const EVP_MD *type); + +int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, + unsigned char *md, unsigned int *len); + +int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey); + +int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data, + EVP_PKEY *pkey, const EVP_MD *type); +int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + void *asn, EVP_MD_CTX *ctx); + +long X509_get_version(const X509 *x); +int X509_set_version(X509 *x, long version); +int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +ASN1_INTEGER *X509_get_serialNumber(X509 *x); +const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); +int X509_set_issuer_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_issuer_name(const X509 *a); +int X509_set_subject_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_subject_name(const X509 *a); +const ASN1_TIME * X509_get0_notBefore(const X509 *x); +ASN1_TIME *X509_getm_notBefore(const X509 *x); +int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +const ASN1_TIME *X509_get0_notAfter(const X509 *x); +ASN1_TIME *X509_getm_notAfter(const X509 *x); +int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +int X509_up_ref(X509 *x); +int X509_get_signature_type(const X509 *x); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_get_notBefore X509_getm_notBefore +# define X509_get_notAfter X509_getm_notAfter +# define X509_set_notBefore X509_set1_notBefore +# define X509_set_notAfter X509_set1_notAfter +#endif + + +/* + * This one is only used so that a binary form can output, as in + * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) + */ +X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); +const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, + const ASN1_BIT_STRING **psuid); +const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); + +EVP_PKEY *X509_get0_pubkey(const X509 *x); +EVP_PKEY *X509_get_pubkey(X509 *x); +ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); +int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey); + +long X509_REQ_get_version(const X509_REQ *req); +int X509_REQ_set_version(X509_REQ *x, long version); +X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); +int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +int X509_REQ_get_signature_nid(const X509_REQ *req); +int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); +int X509_REQ_extension_nid(int nid); +int *X509_REQ_get_extension_nids(void); +void X509_REQ_set_extension_nids(int *nids); +STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid); +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); +int X509_REQ_get_attr_count(const X509_REQ *req); +int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); +int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); +X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); +int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); +int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_NID(X509_REQ *req, + int nid, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_txt(X509_REQ *req, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_CRL_set_version(X509_CRL *x, long version); +int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_sort(X509_CRL *crl); +int X509_CRL_up_ref(X509_CRL *crl); + +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate +# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate +#endif + +long X509_CRL_get_version(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)) +DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)) +X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +int X509_CRL_get_signature_nid(const X509_CRL *crl); +int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); + +const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); +int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x); +int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +const STACK_OF(X509_EXTENSION) * +X509_REVOKED_get0_extensions(const X509_REVOKED *r); + +X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, + EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); + +int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); + +int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); +int X509_chain_check_suiteb(int *perror_depth, + X509 *x, STACK_OF(X509) *chain, + unsigned long flags); +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); + +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_and_serial_hash(X509 *a); + +int X509_issuer_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_name_hash(X509 *a); + +int X509_subject_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_subject_name_hash(X509 *x); + +# ifndef OPENSSL_NO_MD5 +unsigned long X509_issuer_name_hash_old(X509 *a); +unsigned long X509_subject_name_hash_old(X509 *x); +# endif + +int X509_cmp(const X509 *a, const X509 *b); +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +unsigned long X509_NAME_hash(X509_NAME *x); +unsigned long X509_NAME_hash_old(X509_NAME *x); + +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +int X509_aux_print(BIO *out, X509 *x, int indent); +# ifndef OPENSSL_NO_STDIO +int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print_fp(FILE *bp, X509 *x); +int X509_CRL_print_fp(FILE *bp, X509_CRL *x); +int X509_REQ_print_fp(FILE *bp, X509_REQ *req); +int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, + unsigned long flags); +# endif + +int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, + unsigned long flags); +int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print(BIO *bp, X509 *x); +int X509_ocspid_print(BIO *bp, X509 *x); +int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag); +int X509_CRL_print(BIO *bp, X509_CRL *x); +int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, + unsigned long cflag); +int X509_REQ_print(BIO *bp, X509_REQ *req); + +int X509_NAME_entry_count(const X509_NAME *name); +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + char *buf, int len); + +/* + * NOTE: you should be passing -1, not 0 as lastpos. The functions that use + * lastpos, search after that position on. + */ +int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); +int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + int lastpos); +X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, + int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len, int loc, + int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, + const char *field, int type, + const unsigned char *bytes, + int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, + int type, + const unsigned char *bytes, + int len); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, + int len); +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + const unsigned char *bytes, int len); +ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); + +int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, + size_t *pderlen); + +int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, + int nid, int lastpos); +int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, + const ASN1_OBJECT *obj, int lastpos); +int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, + int crit, int lastpos); +X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, + X509_EXTENSION *ex, int loc); + +int X509_get_ext_count(const X509 *x); +int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); +int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +X509_EXTENSION *X509_get_ext(const X509 *x, int loc); +X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); +int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_CRL_get_ext_count(const X509_CRL *x); +int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); +X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); +X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); +int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); +int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, + int lastpos); +X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); +X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, + int *idx); +int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, + unsigned long flags); + +X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, + ASN1_OCTET_STRING *data); +X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, + const ASN1_OBJECT *obj, int crit, + ASN1_OCTET_STRING *data); +int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); +int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); +ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); +ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); + +int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); +int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos); +int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); +X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) + **x, const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) + **x, int nid, int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) + **x, const char *attrname, + int type, + const unsigned char *bytes, + int len); +void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, + const ASN1_OBJECT *obj, int lastpos, int type); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, + const ASN1_OBJECT *obj, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, + const char *atrname, int type, + const unsigned char *bytes, + int len); +int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); +int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + const void *data, int len); +void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, + void *data); +int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); +ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); +ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + +int EVP_PKEY_get_attr_count(const EVP_PKEY *key); +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_verify_cert(X509_STORE_CTX *ctx); + +/* lookup a cert from a X509 STACK */ +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, + ASN1_INTEGER *serial); +X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(PBEPARAM) +DECLARE_ASN1_FUNCTIONS(PBE2PARAM) +DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) +#ifndef OPENSSL_NO_SCRYPT +DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS) +#endif + +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen); + +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + const unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); + +#ifndef OPENSSL_NO_SCRYPT +X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, + const unsigned char *salt, int saltlen, + unsigned char *aiv, uint64_t N, uint64_t r, + uint64_t p); +#endif + +X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen); + +/* PKCS#8 utilities */ + +DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) + +EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); + +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, + int version, int ptype, void *pval, + unsigned char *penc, int penclen); +int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); + +const STACK_OF(X509_ATTRIBUTE) * +PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); +int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, + const unsigned char *bytes, int len); + +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, + int ptype, void *pval, + unsigned char *penc, int penclen); +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, X509_PUBKEY *pub); + +int X509_check_trust(X509 *x, int id, int flags); +int X509_TRUST_get_count(void); +X509_TRUST *X509_TRUST_get0(int idx); +int X509_TRUST_get_by_id(int id); +int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), + const char *name, int arg1, void *arg2); +void X509_TRUST_cleanup(void); +int X509_TRUST_get_flags(const X509_TRUST *xp); +char *X509_TRUST_get0_name(const X509_TRUST *xp); +int X509_TRUST_get_trust(const X509_TRUST *xp); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/x509_vfy.h b/deps/openssl/mingw64/include/openssl/x509_vfy.h new file mode 100644 index 00000000..adb8bce7 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/x509_vfy.h @@ -0,0 +1,628 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509_VFY_H +# define HEADER_X509_VFY_H + +/* + * Protect against recursion, x509.h and x509_vfy.h each include the other. + */ +# ifndef HEADER_X509_H +# include +# endif + +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- +SSL_CTX -> X509_STORE + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + +SSL -> X509_STORE_CTX + ->X509_STORE + +The X509_STORE holds the tables etc for verification stuff. +A X509_STORE_CTX is used while validating a single certificate. +The X509_STORE has X509_LOOKUPs for looking up certs. +The X509_STORE then calls a function to actually verify the +certificate chain. +*/ + +typedef enum { + X509_LU_NONE = 0, + X509_LU_X509, X509_LU_CRL +} X509_LOOKUP_TYPE; + +#if OPENSSL_API_COMPAT < 0x10100000L +#define X509_LU_RETRY -1 +#define X509_LU_FAIL 0 +#endif + +DEFINE_STACK_OF(X509_LOOKUP) +DEFINE_STACK_OF(X509_OBJECT) +DEFINE_STACK_OF(X509_VERIFY_PARAM) + +int X509_STORE_set_depth(X509_STORE *store, int depth); + +typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); +typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, + X509_STORE_CTX *ctx, X509 *x); +typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, + X509 *x, X509 *issuer); +typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); +typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL **crl, X509 *x); +typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); +typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL *crl, X509 *x); +typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); +typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, + X509_NAME *nm); +typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, + X509_NAME *nm); +typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); + + +void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + +# define X509_STORE_CTX_set_app_data(ctx,data) \ + X509_STORE_CTX_set_ex_data(ctx,0,data) +# define X509_STORE_CTX_get_app_data(ctx) \ + X509_STORE_CTX_get_ex_data(ctx,0) + +# define X509_L_FILE_LOAD 1 +# define X509_L_ADD_DIR 2 + +# define X509_LOOKUP_load_file(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) + +# define X509_LOOKUP_add_dir(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) + +# define X509_V_OK 0 +# define X509_V_ERR_UNSPECIFIED 1 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +# define X509_V_ERR_UNABLE_TO_GET_CRL 3 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +# define X509_V_ERR_CERT_NOT_YET_VALID 9 +# define X509_V_ERR_CERT_HAS_EXPIRED 10 +# define X509_V_ERR_CRL_NOT_YET_VALID 11 +# define X509_V_ERR_CRL_HAS_EXPIRED 12 +# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +# define X509_V_ERR_OUT_OF_MEM 17 +# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +# define X509_V_ERR_CERT_REVOKED 23 +# define X509_V_ERR_INVALID_CA 24 +# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +# define X509_V_ERR_INVALID_PURPOSE 26 +# define X509_V_ERR_CERT_UNTRUSTED 27 +# define X509_V_ERR_CERT_REJECTED 28 +/* These are 'informational' when looking for issuer cert */ +# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +# define X509_V_ERR_AKID_SKID_MISMATCH 30 +# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 +# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +# define X509_V_ERR_INVALID_NON_CA 37 +# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 +# define X509_V_ERR_INVALID_EXTENSION 41 +# define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +# define X509_V_ERR_NO_EXPLICIT_POLICY 43 +# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 +# define X509_V_ERR_UNNESTED_RESOURCE 46 +# define X509_V_ERR_PERMITTED_VIOLATION 47 +# define X509_V_ERR_EXCLUDED_VIOLATION 48 +# define X509_V_ERR_SUBTREE_MINMAX 49 +/* The application is not happy */ +# define X509_V_ERR_APPLICATION_VERIFICATION 50 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 +/* Another issuer check debug option */ +# define X509_V_ERR_PATH_LOOP 55 +/* Suite B mode algorithm violation */ +# define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +# define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 +/* Host, email and IP check errors */ +# define X509_V_ERR_HOSTNAME_MISMATCH 62 +# define X509_V_ERR_EMAIL_MISMATCH 63 +# define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +/* DANE TLSA errors */ +# define X509_V_ERR_DANE_NO_MATCH 65 +/* security level errors */ +# define X509_V_ERR_EE_KEY_TOO_SMALL 66 +# define X509_V_ERR_CA_KEY_TOO_SMALL 67 +# define X509_V_ERR_CA_MD_TOO_WEAK 68 +/* Caller error */ +# define X509_V_ERR_INVALID_CALL 69 +/* Issuer lookup error */ +# define X509_V_ERR_STORE_LOOKUP 70 +/* Certificate transparency */ +# define X509_V_ERR_NO_VALID_SCTS 71 + +# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +/* OCSP status errors */ +# define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ +# define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ +# define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ + +/* Certificate verify flags */ + +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ +# endif +/* Use check time instead of current time */ +# define X509_V_FLAG_USE_CHECK_TIME 0x2 +/* Lookup CRLs */ +# define X509_V_FLAG_CRL_CHECK 0x4 +/* Lookup CRLs for whole chain */ +# define X509_V_FLAG_CRL_CHECK_ALL 0x8 +/* Ignore unhandled critical extensions */ +# define X509_V_FLAG_IGNORE_CRITICAL 0x10 +/* Disable workarounds for broken certificates */ +# define X509_V_FLAG_X509_STRICT 0x20 +/* Enable proxy certificate validation */ +# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 +/* Enable policy checking */ +# define X509_V_FLAG_POLICY_CHECK 0x80 +/* Policy variable require-explicit-policy */ +# define X509_V_FLAG_EXPLICIT_POLICY 0x100 +/* Policy variable inhibit-any-policy */ +# define X509_V_FLAG_INHIBIT_ANY 0x200 +/* Policy variable inhibit-policy-mapping */ +# define X509_V_FLAG_INHIBIT_MAP 0x400 +/* Notify callback that policy is OK */ +# define X509_V_FLAG_NOTIFY_POLICY 0x800 +/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ +# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +/* Delta CRL support */ +# define X509_V_FLAG_USE_DELTAS 0x2000 +/* Check self-signed CA signature */ +# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* Use trusted store first */ +# define X509_V_FLAG_TRUSTED_FIRST 0x8000 +/* Suite B 128 bit only mode: not normally used */ +# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define X509_V_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define X509_V_FLAG_SUITEB_128_LOS 0x30000 +/* Allow partial chains if at least one certificate is in trusted store */ +# define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag + * will force the behaviour to match that of previous versions. + */ +# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 +/* Do not check certificate/CRL validity against current time */ +# define X509_V_FLAG_NO_CHECK_TIME 0x200000 + +# define X509_VP_FLAG_DEFAULT 0x1 +# define X509_VP_FLAG_OVERWRITE 0x2 +# define X509_VP_FLAG_RESET_FLAGS 0x4 +# define X509_VP_FLAG_LOCKED 0x8 +# define X509_VP_FLAG_ONCE 0x10 + +/* Internal use: mask of policy related options */ +# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ + | X509_V_FLAG_EXPLICIT_POLICY \ + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) + +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, + X509_LOOKUP_TYPE type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, + X509_OBJECT *x); +int X509_OBJECT_up_ref_count(X509_OBJECT *a); +X509_OBJECT *X509_OBJECT_new(void); +void X509_OBJECT_free(X509_OBJECT *a); +X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); +X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); +X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); +X509_STORE *X509_STORE_new(void); +void X509_STORE_free(X509_STORE *v); +int X509_STORE_lock(X509_STORE *ctx); +int X509_STORE_unlock(X509_STORE *ctx); +int X509_STORE_up_ref(X509_STORE *v); +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); + +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); +int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); +int X509_STORE_set_trust(X509_STORE *ctx, int trust); +int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); + +void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +#define X509_STORE_set_verify_func(ctx, func) \ + X509_STORE_set_verify((ctx),(func)) +void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_fn verify); +X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); +void X509_STORE_set_verify_cb(X509_STORE *ctx, + X509_STORE_CTX_verify_cb verify_cb); +# define X509_STORE_set_verify_cb_func(ctx,func) \ + X509_STORE_set_verify_cb((ctx),(func)) +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx); +void X509_STORE_set_get_issuer(X509_STORE *ctx, + X509_STORE_CTX_get_issuer_fn get_issuer); +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx); +void X509_STORE_set_check_issued(X509_STORE *ctx, + X509_STORE_CTX_check_issued_fn check_issued); +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx); +void X509_STORE_set_check_revocation(X509_STORE *ctx, + X509_STORE_CTX_check_revocation_fn check_revocation); +X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx); +void X509_STORE_set_get_crl(X509_STORE *ctx, + X509_STORE_CTX_get_crl_fn get_crl); +X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx); +void X509_STORE_set_check_crl(X509_STORE *ctx, + X509_STORE_CTX_check_crl_fn check_crl); +X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx); +void X509_STORE_set_cert_crl(X509_STORE *ctx, + X509_STORE_CTX_cert_crl_fn cert_crl); +X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx); +void X509_STORE_set_check_policy(X509_STORE *ctx, + X509_STORE_CTX_check_policy_fn check_policy); +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx); +void X509_STORE_set_lookup_certs(X509_STORE *ctx, + X509_STORE_CTX_lookup_certs_fn lookup_certs); +X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx); +void X509_STORE_set_lookup_crls(X509_STORE *ctx, + X509_STORE_CTX_lookup_crls_fn lookup_crls); +#define X509_STORE_set_lookup_crls_cb(ctx, func) \ + X509_STORE_set_lookup_crls((ctx), (func)) +X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx); +void X509_STORE_set_cleanup(X509_STORE *ctx, + X509_STORE_CTX_cleanup_fn cleanup); +X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx); + +#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) +int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); +void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx); + +X509_STORE_CTX *X509_STORE_CTX_new(void); + +int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + +void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + X509 *x509, STACK_OF(X509) *chain); +void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + +X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_cb verify); +X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); +X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); +X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); +X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain +# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted +# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack +# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs +# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls +/* the following macro is misspelled; use X509_STORE_get1_certs instead */ +# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs +/* the following macro is misspelled; use X509_STORE_get1_crls instead */ +# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls +#endif + +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); +X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +X509_LOOKUP_METHOD *X509_LOOKUP_file(void); + +typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); +typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + ASN1_INTEGER *serial, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free_fn) (X509_LOOKUP *ctx)); +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn fn); +X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + +int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); + +int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, + X509_NAME *name); + +int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); + +int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); + +X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +void X509_LOOKUP_free(X509_LOOKUP *ctx); +int X509_LOOKUP_init(X509_LOOKUP *ctx); +int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, ASN1_INTEGER *serial, + X509_OBJECT *ret); +int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const unsigned char *bytes, int len, + X509_OBJECT *ret); +int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const char *str, int len, X509_OBJECT *ret); +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); +int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); + +int X509_STORE_load_locations(X509_STORE *ctx, + const char *file, const char *dir); +int X509_STORE_set_default_paths(X509_STORE *ctx); + +#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) +int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); +void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); +int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); +X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); +void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); +int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); +int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); +int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + int purpose, int trust); +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + time_t t); + +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane); +#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0) + +/* X509_VERIFY_PARAM functions */ + +X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); +void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); +int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); +time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); +void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); + +int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, + uint32_t flags); +uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, + unsigned int flags); +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); +char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); +void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); +int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, + const char *email, size_t emaillen); +int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, + const unsigned char *ip, size_t iplen); +int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, + const char *ipasc); + +int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); +const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_count(void); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); +void X509_VERIFY_PARAM_table_cleanup(void); + +/* Non positive return values are errors */ +#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */ +#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */ +#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */ + +/* + * Positive return values form a bit mask, all but the first are internal to + * the library and don't appear in results from X509_policy_check(). + */ +#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */ +#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */ +#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */ + +int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); + +void X509_policy_tree_free(X509_POLICY_TREE *tree); + +int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); +X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, + int i); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const + X509_POLICY_TREE + *tree); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const + X509_POLICY_TREE + *tree); + +int X509_policy_level_node_count(X509_POLICY_LEVEL *level); + +X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, + int i); + +const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); + +STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const + X509_POLICY_NODE + *node); +const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE + *node); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/x509err.h b/deps/openssl/mingw64/include/openssl/x509err.h new file mode 100644 index 00000000..02738531 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/x509err.h @@ -0,0 +1,130 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509ERR_H +# define HEADER_X509ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509_strings(void); + +/* + * X509 function codes. + */ +# define X509_F_ADD_CERT_DIR 100 +# define X509_F_BUILD_CHAIN 106 +# define X509_F_BY_FILE_CTRL 101 +# define X509_F_CHECK_NAME_CONSTRAINTS 149 +# define X509_F_CHECK_POLICY 145 +# define X509_F_DANE_I2D 107 +# define X509_F_DIR_CTRL 102 +# define X509_F_GET_CERT_BY_SUBJECT 103 +# define X509_F_I2D_X509_AUX 151 +# define X509_F_LOOKUP_CERTS_SK 152 +# define X509_F_NETSCAPE_SPKI_B64_DECODE 129 +# define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 +# define X509_F_NEW_DIR 153 +# define X509_F_X509AT_ADD1_ATTR 135 +# define X509_F_X509V3_ADD_EXT 104 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 +# define X509_F_X509_ATTRIBUTE_GET0_DATA 139 +# define X509_F_X509_ATTRIBUTE_SET1_DATA 138 +# define X509_F_X509_CHECK_PRIVATE_KEY 128 +# define X509_F_X509_CRL_DIFF 105 +# define X509_F_X509_CRL_METHOD_NEW 154 +# define X509_F_X509_CRL_PRINT_FP 147 +# define X509_F_X509_EXTENSION_CREATE_BY_NID 108 +# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 +# define X509_F_X509_GET_PUBKEY_PARAMETERS 110 +# define X509_F_X509_LOAD_CERT_CRL_FILE 132 +# define X509_F_X509_LOAD_CERT_FILE 111 +# define X509_F_X509_LOAD_CRL_FILE 112 +# define X509_F_X509_LOOKUP_METH_NEW 160 +# define X509_F_X509_LOOKUP_NEW 155 +# define X509_F_X509_NAME_ADD_ENTRY 113 +# define X509_F_X509_NAME_CANON 156 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 +# define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 +# define X509_F_X509_NAME_ONELINE 116 +# define X509_F_X509_NAME_PRINT 117 +# define X509_F_X509_OBJECT_NEW 150 +# define X509_F_X509_PRINT_EX_FP 118 +# define X509_F_X509_PUBKEY_DECODE 148 +# define X509_F_X509_PUBKEY_GET0 119 +# define X509_F_X509_PUBKEY_SET 120 +# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 +# define X509_F_X509_REQ_PRINT_EX 121 +# define X509_F_X509_REQ_PRINT_FP 122 +# define X509_F_X509_REQ_TO_X509 123 +# define X509_F_X509_STORE_ADD_CERT 124 +# define X509_F_X509_STORE_ADD_CRL 125 +# define X509_F_X509_STORE_ADD_LOOKUP 157 +# define X509_F_X509_STORE_CTX_GET1_ISSUER 146 +# define X509_F_X509_STORE_CTX_INIT 143 +# define X509_F_X509_STORE_CTX_NEW 142 +# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 +# define X509_F_X509_STORE_NEW 158 +# define X509_F_X509_TO_X509_REQ 126 +# define X509_F_X509_TRUST_ADD 133 +# define X509_F_X509_TRUST_SET 141 +# define X509_F_X509_VERIFY_CERT 127 +# define X509_F_X509_VERIFY_PARAM_NEW 159 + +/* + * X509 reason codes. + */ +# define X509_R_AKID_MISMATCH 110 +# define X509_R_BAD_SELECTOR 133 +# define X509_R_BAD_X509_FILETYPE 100 +# define X509_R_BASE64_DECODE_ERROR 118 +# define X509_R_CANT_CHECK_DH_KEY 114 +# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +# define X509_R_CRL_ALREADY_DELTA 127 +# define X509_R_CRL_VERIFY_FAILURE 131 +# define X509_R_IDP_MISMATCH 128 +# define X509_R_INVALID_ATTRIBUTES 138 +# define X509_R_INVALID_DIRECTORY 113 +# define X509_R_INVALID_FIELD_NAME 119 +# define X509_R_INVALID_TRUST 123 +# define X509_R_ISSUER_MISMATCH 129 +# define X509_R_KEY_TYPE_MISMATCH 115 +# define X509_R_KEY_VALUES_MISMATCH 116 +# define X509_R_LOADING_CERT_DIR 103 +# define X509_R_LOADING_DEFAULTS 104 +# define X509_R_METHOD_NOT_SUPPORTED 124 +# define X509_R_NAME_TOO_LONG 134 +# define X509_R_NEWER_CRL_NOT_NEWER 132 +# define X509_R_NO_CERTIFICATE_FOUND 135 +# define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 +# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +# define X509_R_NO_CRL_FOUND 137 +# define X509_R_NO_CRL_NUMBER 130 +# define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 +# define X509_R_SHOULD_RETRY 106 +# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +# define X509_R_UNKNOWN_KEY_TYPE 117 +# define X509_R_UNKNOWN_NID 109 +# define X509_R_UNKNOWN_PURPOSE_ID 121 +# define X509_R_UNKNOWN_TRUST_ID 120 +# define X509_R_UNSUPPORTED_ALGORITHM 111 +# define X509_R_WRONG_LOOKUP_TYPE 112 +# define X509_R_WRONG_TYPE 122 + +#endif diff --git a/deps/openssl/mingw64/include/openssl/x509v3.h b/deps/openssl/mingw64/include/openssl/x509v3.h new file mode 100644 index 00000000..6c6eca38 --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/x509v3.h @@ -0,0 +1,937 @@ +/* + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509V3_H +# define HEADER_X509V3_H + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Forward reference */ +struct v3_ext_method; +struct v3_ext_ctx; + +/* Useful typedefs */ + +typedef void *(*X509V3_EXT_NEW)(void); +typedef void (*X509V3_EXT_FREE) (void *); +typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); +typedef int (*X509V3_EXT_I2D) (void *, unsigned char **); +typedef STACK_OF(CONF_VALUE) * + (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, + void *ext); +typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, + BIO *out, int indent); +typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); + +/* V3 extension structure */ + +struct v3_ext_method { + int ext_nid; + int ext_flags; +/* If this is set the following four fields are ignored */ + ASN1_ITEM_EXP *it; +/* Old style ASN1 calls */ + X509V3_EXT_NEW ext_new; + X509V3_EXT_FREE ext_free; + X509V3_EXT_D2I d2i; + X509V3_EXT_I2D i2d; +/* The following pair is used for string extensions */ + X509V3_EXT_I2S i2s; + X509V3_EXT_S2I s2i; +/* The following pair is used for multi-valued extensions */ + X509V3_EXT_I2V i2v; + X509V3_EXT_V2I v2i; +/* The following are used for raw extensions */ + X509V3_EXT_I2R i2r; + X509V3_EXT_R2I r2i; + void *usr_data; /* Any extension specific data */ +}; + +typedef struct X509V3_CONF_METHOD_st { + char *(*get_string) (void *db, const char *section, const char *value); + STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section); + void (*free_string) (void *db, char *string); + void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); +} X509V3_CONF_METHOD; + +/* Context specific info */ +struct v3_ext_ctx { +# define CTX_TEST 0x1 +# define X509V3_CTX_REPLACE 0x2 + int flags; + X509 *issuer_cert; + X509 *subject_cert; + X509_REQ *subject_req; + X509_CRL *crl; + X509V3_CONF_METHOD *db_meth; + void *db; +/* Maybe more here */ +}; + +typedef struct v3_ext_method X509V3_EXT_METHOD; + +DEFINE_STACK_OF(X509V3_EXT_METHOD) + +/* ext_flags values */ +# define X509V3_EXT_DYNAMIC 0x1 +# define X509V3_EXT_CTX_DEP 0x2 +# define X509V3_EXT_MULTILINE 0x4 + +typedef BIT_STRING_BITNAME ENUMERATED_NAMES; + +typedef struct BASIC_CONSTRAINTS_st { + int ca; + ASN1_INTEGER *pathlen; +} BASIC_CONSTRAINTS; + +typedef struct PKEY_USAGE_PERIOD_st { + ASN1_GENERALIZEDTIME *notBefore; + ASN1_GENERALIZEDTIME *notAfter; +} PKEY_USAGE_PERIOD; + +typedef struct otherName_st { + ASN1_OBJECT *type_id; + ASN1_TYPE *value; +} OTHERNAME; + +typedef struct EDIPartyName_st { + ASN1_STRING *nameAssigner; + ASN1_STRING *partyName; +} EDIPARTYNAME; + +typedef struct GENERAL_NAME_st { +# define GEN_OTHERNAME 0 +# define GEN_EMAIL 1 +# define GEN_DNS 2 +# define GEN_X400 3 +# define GEN_DIRNAME 4 +# define GEN_EDIPARTY 5 +# define GEN_URI 6 +# define GEN_IPADD 7 +# define GEN_RID 8 + int type; + union { + char *ptr; + OTHERNAME *otherName; /* otherName */ + ASN1_IA5STRING *rfc822Name; + ASN1_IA5STRING *dNSName; + ASN1_TYPE *x400Address; + X509_NAME *directoryName; + EDIPARTYNAME *ediPartyName; + ASN1_IA5STRING *uniformResourceIdentifier; + ASN1_OCTET_STRING *iPAddress; + ASN1_OBJECT *registeredID; + /* Old names */ + ASN1_OCTET_STRING *ip; /* iPAddress */ + X509_NAME *dirn; /* dirn */ + ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, + * uniformResourceIdentifier */ + ASN1_OBJECT *rid; /* registeredID */ + ASN1_TYPE *other; /* x400Address */ + } d; +} GENERAL_NAME; + +typedef struct ACCESS_DESCRIPTION_st { + ASN1_OBJECT *method; + GENERAL_NAME *location; +} ACCESS_DESCRIPTION; + +typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; + +typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; + +typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; + +DEFINE_STACK_OF(GENERAL_NAME) +typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; +DEFINE_STACK_OF(GENERAL_NAMES) + +DEFINE_STACK_OF(ACCESS_DESCRIPTION) + +typedef struct DIST_POINT_NAME_st { + int type; + union { + GENERAL_NAMES *fullname; + STACK_OF(X509_NAME_ENTRY) *relativename; + } name; +/* If relativename then this contains the full distribution point name */ + X509_NAME *dpname; +} DIST_POINT_NAME; +/* All existing reasons */ +# define CRLDP_ALL_REASONS 0x807f + +# define CRL_REASON_NONE -1 +# define CRL_REASON_UNSPECIFIED 0 +# define CRL_REASON_KEY_COMPROMISE 1 +# define CRL_REASON_CA_COMPROMISE 2 +# define CRL_REASON_AFFILIATION_CHANGED 3 +# define CRL_REASON_SUPERSEDED 4 +# define CRL_REASON_CESSATION_OF_OPERATION 5 +# define CRL_REASON_CERTIFICATE_HOLD 6 +# define CRL_REASON_REMOVE_FROM_CRL 8 +# define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +# define CRL_REASON_AA_COMPROMISE 10 + +struct DIST_POINT_st { + DIST_POINT_NAME *distpoint; + ASN1_BIT_STRING *reasons; + GENERAL_NAMES *CRLissuer; + int dp_reasons; +}; + +typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; + +DEFINE_STACK_OF(DIST_POINT) + +struct AUTHORITY_KEYID_st { + ASN1_OCTET_STRING *keyid; + GENERAL_NAMES *issuer; + ASN1_INTEGER *serial; +}; + +/* Strong extranet structures */ + +typedef struct SXNET_ID_st { + ASN1_INTEGER *zone; + ASN1_OCTET_STRING *user; +} SXNETID; + +DEFINE_STACK_OF(SXNETID) + +typedef struct SXNET_st { + ASN1_INTEGER *version; + STACK_OF(SXNETID) *ids; +} SXNET; + +typedef struct NOTICEREF_st { + ASN1_STRING *organization; + STACK_OF(ASN1_INTEGER) *noticenos; +} NOTICEREF; + +typedef struct USERNOTICE_st { + NOTICEREF *noticeref; + ASN1_STRING *exptext; +} USERNOTICE; + +typedef struct POLICYQUALINFO_st { + ASN1_OBJECT *pqualid; + union { + ASN1_IA5STRING *cpsuri; + USERNOTICE *usernotice; + ASN1_TYPE *other; + } d; +} POLICYQUALINFO; + +DEFINE_STACK_OF(POLICYQUALINFO) + +typedef struct POLICYINFO_st { + ASN1_OBJECT *policyid; + STACK_OF(POLICYQUALINFO) *qualifiers; +} POLICYINFO; + +typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; + +DEFINE_STACK_OF(POLICYINFO) + +typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; +} POLICY_MAPPING; + +DEFINE_STACK_OF(POLICY_MAPPING) + +typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + +typedef struct GENERAL_SUBTREE_st { + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; +} GENERAL_SUBTREE; + +DEFINE_STACK_OF(GENERAL_SUBTREE) + +struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +}; + +typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; +} POLICY_CONSTRAINTS; + +/* Proxy certificate structures, see RFC 3820 */ +typedef struct PROXY_POLICY_st { + ASN1_OBJECT *policyLanguage; + ASN1_OCTET_STRING *policy; +} PROXY_POLICY; + +typedef struct PROXY_CERT_INFO_EXTENSION_st { + ASN1_INTEGER *pcPathLengthConstraint; + PROXY_POLICY *proxyPolicy; +} PROXY_CERT_INFO_EXTENSION; + +DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) +DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + +struct ISSUING_DIST_POINT_st { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; +}; + +/* Values in idp_flags field */ +/* IDP present */ +# define IDP_PRESENT 0x1 +/* IDP values inconsistent */ +# define IDP_INVALID 0x2 +/* onlyuser true */ +# define IDP_ONLYUSER 0x4 +/* onlyCA true */ +# define IDP_ONLYCA 0x8 +/* onlyattr true */ +# define IDP_ONLYATTR 0x10 +/* indirectCRL true */ +# define IDP_INDIRECT 0x20 +/* onlysomereasons present */ +# define IDP_REASONS 0x40 + +# define X509V3_conf_err(val) ERR_add_error_data(6, \ + "section:", (val)->section, \ + ",name:", (val)->name, ",value:", (val)->value) + +# define X509V3_set_ctx_test(ctx) \ + X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) +# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; + +# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ + 0,0,0,0, \ + 0,0, \ + (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ + (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ + NULL, NULL, \ + table} + +# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ + 0,0,0,0, \ + (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ + 0,0,0,0, \ + NULL} + +# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} + +/* X509_PURPOSE stuff */ + +# define EXFLAG_BCONS 0x1 +# define EXFLAG_KUSAGE 0x2 +# define EXFLAG_XKUSAGE 0x4 +# define EXFLAG_NSCERT 0x8 + +# define EXFLAG_CA 0x10 +/* Really self issued not necessarily self signed */ +# define EXFLAG_SI 0x20 +# define EXFLAG_V1 0x40 +# define EXFLAG_INVALID 0x80 +/* EXFLAG_SET is set to indicate that some values have been precomputed */ +# define EXFLAG_SET 0x100 +# define EXFLAG_CRITICAL 0x200 +# define EXFLAG_PROXY 0x400 + +# define EXFLAG_INVALID_POLICY 0x800 +# define EXFLAG_FRESHEST 0x1000 +/* Self signed */ +# define EXFLAG_SS 0x2000 + +# define KU_DIGITAL_SIGNATURE 0x0080 +# define KU_NON_REPUDIATION 0x0040 +# define KU_KEY_ENCIPHERMENT 0x0020 +# define KU_DATA_ENCIPHERMENT 0x0010 +# define KU_KEY_AGREEMENT 0x0008 +# define KU_KEY_CERT_SIGN 0x0004 +# define KU_CRL_SIGN 0x0002 +# define KU_ENCIPHER_ONLY 0x0001 +# define KU_DECIPHER_ONLY 0x8000 + +# define NS_SSL_CLIENT 0x80 +# define NS_SSL_SERVER 0x40 +# define NS_SMIME 0x20 +# define NS_OBJSIGN 0x10 +# define NS_SSL_CA 0x04 +# define NS_SMIME_CA 0x02 +# define NS_OBJSIGN_CA 0x01 +# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) + +# define XKU_SSL_SERVER 0x1 +# define XKU_SSL_CLIENT 0x2 +# define XKU_SMIME 0x4 +# define XKU_CODE_SIGN 0x8 +# define XKU_SGC 0x10 +# define XKU_OCSP_SIGN 0x20 +# define XKU_TIMESTAMP 0x40 +# define XKU_DVCS 0x80 +# define XKU_ANYEKU 0x100 + +# define X509_PURPOSE_DYNAMIC 0x1 +# define X509_PURPOSE_DYNAMIC_NAME 0x2 + +typedef struct x509_purpose_st { + int purpose; + int trust; /* Default trust ID */ + int flags; + int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); + char *name; + char *sname; + void *usr_data; +} X509_PURPOSE; + +# define X509_PURPOSE_SSL_CLIENT 1 +# define X509_PURPOSE_SSL_SERVER 2 +# define X509_PURPOSE_NS_SSL_SERVER 3 +# define X509_PURPOSE_SMIME_SIGN 4 +# define X509_PURPOSE_SMIME_ENCRYPT 5 +# define X509_PURPOSE_CRL_SIGN 6 +# define X509_PURPOSE_ANY 7 +# define X509_PURPOSE_OCSP_HELPER 8 +# define X509_PURPOSE_TIMESTAMP_SIGN 9 + +# define X509_PURPOSE_MIN 1 +# define X509_PURPOSE_MAX 9 + +/* Flags for X509V3_EXT_print() */ + +# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +/* Return error for unknown extensions */ +# define X509V3_EXT_DEFAULT 0 +/* Print error for unknown extensions */ +# define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +/* ASN1 parse unknown extensions */ +# define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +/* BIO_dump unknown extensions */ +# define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + +/* Flags for X509V3_add1_i2d */ + +# define X509V3_ADD_OP_MASK 0xfL +# define X509V3_ADD_DEFAULT 0L +# define X509V3_ADD_APPEND 1L +# define X509V3_ADD_REPLACE 2L +# define X509V3_ADD_REPLACE_EXISTING 3L +# define X509V3_ADD_KEEP_EXISTING 4L +# define X509V3_ADD_DELETE 5L +# define X509V3_ADD_SILENT 0x10 + +DEFINE_STACK_OF(X509_PURPOSE) + +DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) + +DECLARE_ASN1_FUNCTIONS(SXNET) +DECLARE_ASN1_FUNCTIONS(SXNETID) + +int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen); +int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, + int userlen); +int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, + int userlen); + +ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); +ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); +ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); + +DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) + +DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) +GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); +int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); + +ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); +STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); +char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); +ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, + GENERAL_NAME *gen, + STACK_OF(CONF_VALUE) *ret); +int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, + GENERAL_NAMES *gen, + STACK_OF(CONF_VALUE) *extlist); +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +DECLARE_ASN1_FUNCTIONS(OTHERNAME) +DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) +int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); +void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); +void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); +int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + ASN1_OBJECT *oid, ASN1_TYPE *value); +int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + const ASN1_OCTET_STRING *ia5); +ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) +int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) + +DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) +DECLARE_ASN1_FUNCTIONS(POLICYINFO) +DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) +DECLARE_ASN1_FUNCTIONS(USERNOTICE) +DECLARE_ASN1_FUNCTIONS(NOTICEREF) + +DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) +DECLARE_ASN1_FUNCTIONS(DIST_POINT) +DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) +DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) + +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); +int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc); + +DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) +DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) + +DECLARE_ASN1_ITEM(POLICY_MAPPING) +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) +DECLARE_ASN1_ITEM(POLICY_MAPPINGS) + +DECLARE_ASN1_ITEM(GENERAL_SUBTREE) +DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + +DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) +DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) +DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, + const char *value, int is_nc); + +# ifdef HEADER_CONF_H +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, + int is_nc); +void X509V3_conf_free(CONF_VALUE *val); + +X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, + const char *value); +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, + STACK_OF(X509_EXTENSION) **sk); +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509 *cert); +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_REQ *req); +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_CRL *crl); + +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, + X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *name, const char *value); +int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509 *cert); +int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_REQ *req); +int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_CRL *crl); + +int X509V3_add_value_bool_nf(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); +int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); +void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); +void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); +# endif + +char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section); +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); +void X509V3_string_free(X509V3_CTX *ctx, char *str); +void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); +void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, + X509_REQ *req, X509_CRL *crl, int flags); + +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_uchar(const char *name, const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_bool(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist); +char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); +ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); +char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, + const ASN1_ENUMERATED *aint); +int X509V3_EXT_add(X509V3_EXT_METHOD *ext); +int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); +int X509V3_EXT_add_alias(int nid_to, int nid_from); +void X509V3_EXT_cleanup(void); + +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +int X509V3_add_standard_extensions(void); +STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); +void *X509V3_EXT_d2i(X509_EXTENSION *ext); +void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, + int *idx); + +X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); +int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, + int crit, unsigned long flags); + +#if OPENSSL_API_COMPAT < 0x10100000L +/* The new declarations are in crypto.h, but the old ones were here. */ +# define hex_to_string OPENSSL_buf2hexstr +# define string_to_hex OPENSSL_hexstr2buf +#endif + +void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, + int ml); +int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + int indent); +#ifndef OPENSSL_NO_STDIO +int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); +#endif +int X509V3_extensions_print(BIO *out, const char *title, + const STACK_OF(X509_EXTENSION) *exts, + unsigned long flag, int indent); + +int X509_check_ca(X509 *x); +int X509_check_purpose(X509 *x, int id, int ca); +int X509_supported_extension(X509_EXTENSION *ex); +int X509_PURPOSE_set(int *p, int purpose); +int X509_check_issued(X509 *issuer, X509 *subject); +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); +void X509_set_proxy_flag(X509 *x); +void X509_set_proxy_pathlen(X509 *x, long l); +long X509_get_proxy_pathlen(X509 *x); + +uint32_t X509_get_extension_flags(X509 *x); +uint32_t X509_get_key_usage(X509 *x); +uint32_t X509_get_extended_key_usage(X509 *x); +const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); +const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); +const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); + +int X509_PURPOSE_get_count(void); +X509_PURPOSE *X509_PURPOSE_get0(int idx); +int X509_PURPOSE_get_by_sname(const char *sname); +int X509_PURPOSE_get_by_id(int id); +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck) (const X509_PURPOSE *, const X509 *, int), + const char *name, const char *sname, void *arg); +char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); +char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); +int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); +void X509_PURPOSE_cleanup(void); +int X509_PURPOSE_get_id(const X509_PURPOSE *); + +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); +void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); +/* Flags for X509_check_* functions */ + +/* + * Always check subject name for host match even if subject alt names present + */ +# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +/* Disable wildcard matching for dnsName fields and common name. */ +# define X509_CHECK_FLAG_NO_WILDCARDS 0x2 +/* Wildcards must not match a partial label. */ +# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 +/* Allow (non-partial) wildcards to match multiple labels. */ +# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 +/* Constraint verifier subdomain patterns to match a single labels. */ +# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/* Never check the subject CN */ +# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 +/* + * Match reference identifiers starting with "." to any sub-domain. + * This is a non-public flag, turned on implicitly when the subject + * reference identity is a DNS name. + */ +# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 + +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername); +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); + +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, + unsigned long chtype); + +void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +DEFINE_STACK_OF(X509_POLICY_NODE) + +#ifndef OPENSSL_NO_RFC3779 +typedef struct ASRange_st { + ASN1_INTEGER *min, *max; +} ASRange; + +# define ASIdOrRange_id 0 +# define ASIdOrRange_range 1 + +typedef struct ASIdOrRange_st { + int type; + union { + ASN1_INTEGER *id; + ASRange *range; + } u; +} ASIdOrRange; + +typedef STACK_OF(ASIdOrRange) ASIdOrRanges; +DEFINE_STACK_OF(ASIdOrRange) + +# define ASIdentifierChoice_inherit 0 +# define ASIdentifierChoice_asIdsOrRanges 1 + +typedef struct ASIdentifierChoice_st { + int type; + union { + ASN1_NULL *inherit; + ASIdOrRanges *asIdsOrRanges; + } u; +} ASIdentifierChoice; + +typedef struct ASIdentifiers_st { + ASIdentifierChoice *asnum, *rdi; +} ASIdentifiers; + +DECLARE_ASN1_FUNCTIONS(ASRange) +DECLARE_ASN1_FUNCTIONS(ASIdOrRange) +DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) +DECLARE_ASN1_FUNCTIONS(ASIdentifiers) + +typedef struct IPAddressRange_st { + ASN1_BIT_STRING *min, *max; +} IPAddressRange; + +# define IPAddressOrRange_addressPrefix 0 +# define IPAddressOrRange_addressRange 1 + +typedef struct IPAddressOrRange_st { + int type; + union { + ASN1_BIT_STRING *addressPrefix; + IPAddressRange *addressRange; + } u; +} IPAddressOrRange; + +typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; +DEFINE_STACK_OF(IPAddressOrRange) + +# define IPAddressChoice_inherit 0 +# define IPAddressChoice_addressesOrRanges 1 + +typedef struct IPAddressChoice_st { + int type; + union { + ASN1_NULL *inherit; + IPAddressOrRanges *addressesOrRanges; + } u; +} IPAddressChoice; + +typedef struct IPAddressFamily_st { + ASN1_OCTET_STRING *addressFamily; + IPAddressChoice *ipAddressChoice; +} IPAddressFamily; + +typedef STACK_OF(IPAddressFamily) IPAddrBlocks; +DEFINE_STACK_OF(IPAddressFamily) + +DECLARE_ASN1_FUNCTIONS(IPAddressRange) +DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) +DECLARE_ASN1_FUNCTIONS(IPAddressChoice) +DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + +/* + * API tag for elements of the ASIdentifer SEQUENCE. + */ +# define V3_ASID_ASNUM 0 +# define V3_ASID_RDI 1 + +/* + * AFI values, assigned by IANA. It'd be nice to make the AFI + * handling code totally generic, but there are too many little things + * that would need to be defined for other address families for it to + * be worth the trouble. + */ +# define IANA_AFI_IPV4 1 +# define IANA_AFI_IPV6 2 + +/* + * Utilities to construct and extract values from RFC3779 extensions, + * since some of the encodings (particularly for IP address prefixes + * and ranges) are a bit tedious to work with directly. + */ +int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); +int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, + ASN1_INTEGER *min, ASN1_INTEGER *max); +int X509v3_addr_add_inherit(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi); +int X509v3_addr_add_prefix(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *a, const int prefixlen); +int X509v3_addr_add_range(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *min, unsigned char *max); +unsigned X509v3_addr_get_afi(const IPAddressFamily *f); +int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, + unsigned char *min, unsigned char *max, + const int length); + +/* + * Canonical forms. + */ +int X509v3_asid_is_canonical(ASIdentifiers *asid); +int X509v3_addr_is_canonical(IPAddrBlocks *addr); +int X509v3_asid_canonize(ASIdentifiers *asid); +int X509v3_addr_canonize(IPAddrBlocks *addr); + +/* + * Tests for inheritance and containment. + */ +int X509v3_asid_inherits(ASIdentifiers *asid); +int X509v3_addr_inherits(IPAddrBlocks *addr); +int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); +int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); + +/* + * Check whether RFC 3779 extensions nest properly in chains. + */ +int X509v3_asid_validate_path(X509_STORE_CTX *); +int X509v3_addr_validate_path(X509_STORE_CTX *); +int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, + ASIdentifiers *ext, + int allow_inheritance); +int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, + IPAddrBlocks *ext, int allow_inheritance); + +#endif /* OPENSSL_NO_RFC3779 */ + +DEFINE_STACK_OF(ASN1_STRING) + +/* + * Admission Syntax + */ +typedef struct NamingAuthority_st NAMING_AUTHORITY; +typedef struct ProfessionInfo_st PROFESSION_INFO; +typedef struct Admissions_st ADMISSIONS; +typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; +DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY) +DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO) +DECLARE_ASN1_FUNCTIONS(ADMISSIONS) +DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX) +DEFINE_STACK_OF(ADMISSIONS) +DEFINE_STACK_OF(PROFESSION_INFO) +typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; + +const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( + const NAMING_AUTHORITY *n); +const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( + const NAMING_AUTHORITY *n); +const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( + const NAMING_AUTHORITY *n); +void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, + ASN1_OBJECT* namingAuthorityId); +void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, + ASN1_IA5STRING* namingAuthorityUrl); +void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, + ASN1_STRING* namingAuthorityText); + +const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_admissionAuthority( + ADMISSION_SYNTAX *as, GENERAL_NAME *aa); +const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_contentsOfAdmissions( + ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); +const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); +const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); +const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); +void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); +const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_addProfessionInfo( + PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); +const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_namingAuthority( + PROFESSION_INFO *pi, NAMING_AUTHORITY *na); +const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionItems( + PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); +const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionOIDs( + PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); +const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_registrationNumber( + PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/mingw64/include/openssl/x509v3err.h b/deps/openssl/mingw64/include/openssl/x509v3err.h new file mode 100644 index 00000000..5f25442f --- /dev/null +++ b/deps/openssl/mingw64/include/openssl/x509v3err.h @@ -0,0 +1,162 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509V3ERR_H +# define HEADER_X509V3ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509V3_strings(void); + +/* + * X509V3 function codes. + */ +# define X509V3_F_A2I_GENERAL_NAME 164 +# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166 +# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 +# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 +# define X509V3_F_BIGNUM_TO_STRING 167 +# define X509V3_F_COPY_EMAIL 122 +# define X509V3_F_COPY_ISSUER 123 +# define X509V3_F_DO_DIRNAME 144 +# define X509V3_F_DO_EXT_I2D 135 +# define X509V3_F_DO_EXT_NCONF 151 +# define X509V3_F_GNAMES_FROM_SECTNAME 156 +# define X509V3_F_I2S_ASN1_ENUMERATED 121 +# define X509V3_F_I2S_ASN1_IA5STRING 149 +# define X509V3_F_I2S_ASN1_INTEGER 120 +# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 +# define X509V3_F_LEVEL_ADD_NODE 168 +# define X509V3_F_NOTICE_SECTION 132 +# define X509V3_F_NREF_NOS 133 +# define X509V3_F_POLICY_CACHE_CREATE 169 +# define X509V3_F_POLICY_CACHE_NEW 170 +# define X509V3_F_POLICY_DATA_NEW 171 +# define X509V3_F_POLICY_SECTION 131 +# define X509V3_F_PROCESS_PCI_VALUE 150 +# define X509V3_F_R2I_CERTPOL 130 +# define X509V3_F_R2I_PCI 155 +# define X509V3_F_S2I_ASN1_IA5STRING 100 +# define X509V3_F_S2I_ASN1_INTEGER 108 +# define X509V3_F_S2I_ASN1_OCTET_STRING 112 +# define X509V3_F_S2I_SKEY_ID 115 +# define X509V3_F_SET_DIST_POINT_NAME 158 +# define X509V3_F_SXNET_ADD_ID_ASC 125 +# define X509V3_F_SXNET_ADD_ID_INTEGER 126 +# define X509V3_F_SXNET_ADD_ID_ULONG 127 +# define X509V3_F_SXNET_GET_ID_ASC 128 +# define X509V3_F_SXNET_GET_ID_ULONG 129 +# define X509V3_F_TREE_INIT 172 +# define X509V3_F_V2I_ASIDENTIFIERS 163 +# define X509V3_F_V2I_ASN1_BIT_STRING 101 +# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 +# define X509V3_F_V2I_AUTHORITY_KEYID 119 +# define X509V3_F_V2I_BASIC_CONSTRAINTS 102 +# define X509V3_F_V2I_CRLD 134 +# define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 +# define X509V3_F_V2I_GENERAL_NAMES 118 +# define X509V3_F_V2I_GENERAL_NAME_EX 117 +# define X509V3_F_V2I_IDP 157 +# define X509V3_F_V2I_IPADDRBLOCKS 159 +# define X509V3_F_V2I_ISSUER_ALT 153 +# define X509V3_F_V2I_NAME_CONSTRAINTS 147 +# define X509V3_F_V2I_POLICY_CONSTRAINTS 146 +# define X509V3_F_V2I_POLICY_MAPPINGS 145 +# define X509V3_F_V2I_SUBJECT_ALT 154 +# define X509V3_F_V2I_TLS_FEATURE 165 +# define X509V3_F_V3_GENERIC_EXTENSION 116 +# define X509V3_F_X509V3_ADD1_I2D 140 +# define X509V3_F_X509V3_ADD_VALUE 105 +# define X509V3_F_X509V3_EXT_ADD 104 +# define X509V3_F_X509V3_EXT_ADD_ALIAS 106 +# define X509V3_F_X509V3_EXT_I2D 136 +# define X509V3_F_X509V3_EXT_NCONF 152 +# define X509V3_F_X509V3_GET_SECTION 142 +# define X509V3_F_X509V3_GET_STRING 143 +# define X509V3_F_X509V3_GET_VALUE_BOOL 110 +# define X509V3_F_X509V3_PARSE_LIST 109 +# define X509V3_F_X509_PURPOSE_ADD 137 +# define X509V3_F_X509_PURPOSE_SET 141 + +/* + * X509V3 reason codes. + */ +# define X509V3_R_BAD_IP_ADDRESS 118 +# define X509V3_R_BAD_OBJECT 119 +# define X509V3_R_BN_DEC2BN_ERROR 100 +# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +# define X509V3_R_DIRNAME_ERROR 149 +# define X509V3_R_DISTPOINT_ALREADY_SET 160 +# define X509V3_R_DUPLICATE_ZONE_ID 133 +# define X509V3_R_ERROR_CONVERTING_ZONE 131 +# define X509V3_R_ERROR_CREATING_EXTENSION 144 +# define X509V3_R_ERROR_IN_EXTENSION 128 +# define X509V3_R_EXPECTED_A_SECTION_NAME 137 +# define X509V3_R_EXTENSION_EXISTS 145 +# define X509V3_R_EXTENSION_NAME_ERROR 115 +# define X509V3_R_EXTENSION_NOT_FOUND 102 +# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 +# define X509V3_R_EXTENSION_VALUE_ERROR 116 +# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 +# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +# define X509V3_R_INVALID_ASNUMBER 162 +# define X509V3_R_INVALID_ASRANGE 163 +# define X509V3_R_INVALID_BOOLEAN_STRING 104 +# define X509V3_R_INVALID_EXTENSION_STRING 105 +# define X509V3_R_INVALID_INHERITANCE 165 +# define X509V3_R_INVALID_IPADDRESS 166 +# define X509V3_R_INVALID_MULTIPLE_RDNS 161 +# define X509V3_R_INVALID_NAME 106 +# define X509V3_R_INVALID_NULL_ARGUMENT 107 +# define X509V3_R_INVALID_NULL_NAME 108 +# define X509V3_R_INVALID_NULL_VALUE 109 +# define X509V3_R_INVALID_NUMBER 140 +# define X509V3_R_INVALID_NUMBERS 141 +# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +# define X509V3_R_INVALID_OPTION 138 +# define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 +# define X509V3_R_INVALID_PURPOSE 146 +# define X509V3_R_INVALID_SAFI 164 +# define X509V3_R_INVALID_SECTION 135 +# define X509V3_R_INVALID_SYNTAX 143 +# define X509V3_R_ISSUER_DECODE_ERROR 126 +# define X509V3_R_MISSING_VALUE 124 +# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 +# define X509V3_R_NO_CONFIG_DATABASE 136 +# define X509V3_R_NO_ISSUER_CERTIFICATE 121 +# define X509V3_R_NO_ISSUER_DETAILS 127 +# define X509V3_R_NO_POLICY_IDENTIFIER 139 +# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 +# define X509V3_R_NO_PUBLIC_KEY 114 +# define X509V3_R_NO_SUBJECT_DETAILS 125 +# define X509V3_R_OPERATION_NOT_DEFINED 148 +# define X509V3_R_OTHERNAME_ERROR 147 +# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 +# define X509V3_R_POLICY_PATH_LENGTH 156 +# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 +# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +# define X509V3_R_SECTION_NOT_FOUND 150 +# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 +# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 +# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 +# define X509V3_R_UNKNOWN_EXTENSION 129 +# define X509V3_R_UNKNOWN_EXTENSION_NAME 130 +# define X509V3_R_UNKNOWN_OPTION 120 +# define X509V3_R_UNSUPPORTED_OPTION 117 +# define X509V3_R_UNSUPPORTED_TYPE 167 +# define X509V3_R_USER_TOO_LONG 132 + +#endif diff --git a/deps/openssl/mingw64/lib/pkgconfig/libcrypto.pc b/deps/openssl/mingw64/lib/pkgconfig/libcrypto.pc new file mode 100644 index 00000000..dc8c870d --- /dev/null +++ b/deps/openssl/mingw64/lib/pkgconfig/libcrypto.pc @@ -0,0 +1,12 @@ +prefix=/home/cory/src/tildefriends/deps/openssl/mingw64 +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include +enginesdir=${libdir}/engines-1_1 + +Name: OpenSSL-libcrypto +Description: OpenSSL cryptography library +Version: 1.1.1g +Libs: -L${libdir} -lcrypto +Libs.private: -lws2_32 -lgdi32 -lcrypt32 +Cflags: -I${includedir} diff --git a/deps/openssl/mingw64/lib/pkgconfig/libssl.pc b/deps/openssl/mingw64/lib/pkgconfig/libssl.pc new file mode 100644 index 00000000..ff6f0dc6 --- /dev/null +++ b/deps/openssl/mingw64/lib/pkgconfig/libssl.pc @@ -0,0 +1,11 @@ +prefix=/home/cory/src/tildefriends/deps/openssl/mingw64 +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +Name: OpenSSL-libssl +Description: Secure Sockets Layer and cryptography libraries +Version: 1.1.1g +Requires.private: libcrypto +Libs: -L${libdir} -lssl +Cflags: -I${includedir} diff --git a/deps/openssl/mingw64/lib/pkgconfig/openssl.pc b/deps/openssl/mingw64/lib/pkgconfig/openssl.pc new file mode 100644 index 00000000..c3e23c6a --- /dev/null +++ b/deps/openssl/mingw64/lib/pkgconfig/openssl.pc @@ -0,0 +1,9 @@ +prefix=/home/cory/src/tildefriends/deps/openssl/mingw64 +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +Name: OpenSSL +Description: Secure Sockets Layer and cryptography libraries and tools +Version: 1.1.1g +Requires: libssl libcrypto diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/CA.pl.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/CA.pl.html new file mode 100644 index 00000000..be1293ff --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/CA.pl.html @@ -0,0 +1,198 @@ + + + + +CA.pl + + + + + + + + + + +

NAME

+ +

CA.pl - friendlier interface for OpenSSL certificate programs

+ +

SYNOPSIS

+ +

CA.pl -? | -h | -help

+ +

CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]

+ +

CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]

+ +

CA.pl -verify [-extra-verify extra-params] certfile...

+ +

CA.pl -revoke [-extra-ca extra-params] certfile [reason]

+ +

DESCRIPTION

+ +

The CA.pl script is a perl script that supplies the relevant command line arguments to the openssl command for some common certificate operations. It is intended to simplify the process of certificate creation and management by the use of some simple options.

+ +

OPTIONS

+ +
+ +
?, -h, -help
+
+ +

Prints a usage message.

+ +
+
-newcert
+
+ +

Creates a new self signed certificate. The private key is written to the file "newkey.pem" and the request written to the file "newreq.pem". This argument invokes openssl req command.

+ +
+
-newreq
+
+ +

Creates a new certificate request. The private key is written to the file "newkey.pem" and the request written to the file "newreq.pem". Executes openssl req command below the hood.

+ +
+
-newreq-nodes
+
+ +

Is like -newreq except that the private key will not be encrypted. Uses openssl req command.

+ +
+
-newca
+
+ +

Creates a new CA hierarchy for use with the ca program (or the -signcert and -xsign options). The user is prompted to enter the filename of the CA certificates (which should also contain the private key) or by hitting ENTER details of the CA will be prompted for. The relevant files and directories are created in a directory called "demoCA" in the current directory. openssl req and openssl ca commands are get invoked.

+ +
+
-pkcs12
+
+ +

Create a PKCS#12 file containing the user certificate, private key and CA certificate. It expects the user certificate and private key to be in the file "newcert.pem" and the CA certificate to be in the file demoCA/cacert.pem, it creates a file "newcert.p12". This command can thus be called after the -sign option. The PKCS#12 file can be imported directly into a browser. If there is an additional argument on the command line it will be used as the "friendly name" for the certificate (which is typically displayed in the browser list box), otherwise the name "My Certificate" is used. Delegates work to openssl pkcs12 command.

+ +
+
-sign, -signcert, -xsign
+
+ +

Calls the ca program to sign a certificate request. It expects the request to be in the file "newreq.pem". The new certificate is written to the file "newcert.pem" except in the case of the -xsign option when it is written to standard output. Leverages openssl ca command.

+ +
+
-signCA
+
+ +

This option is the same as the -signreq option except it uses the configuration file section v3_ca and so makes the signed request a valid CA certificate. This is useful when creating intermediate CA from a root CA. Extra params are passed on to openssl ca command.

+ +
+
-signcert
+
+ +

This option is the same as -sign except it expects a self signed certificate to be present in the file "newreq.pem". Extra params are passed on to openssl x509 and openssl ca commands.

+ +
+
-crl
+
+ +

Generate a CRL. Executes openssl ca command.

+ +
+
-revoke certfile [reason]
+
+ +

Revoke the certificate contained in the specified certfile. An optional reason may be specified, and must be one of: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, or removeFromCRL. Leverages openssl ca command.

+ +
+
-verify
+
+ +

Verifies certificates against the CA certificate for "demoCA". If no certificates are specified on the command line it tries to verify the file "newcert.pem". Invokes openssl verify command.

+ +
+
-extra-req | -extra-ca | -extra-pkcs12 | -extra-x509 | -extra-verify <extra-params>
+
+ +

The purpose of these parameters is to allow optional parameters to be supplied to openssl that this command executes. The -extra-cmd are specific to the option being used and the openssl command getting invoked. For example when this command invokes openssl req extra parameters can be passed on with the -extra-req parameter. The openssl commands being invoked per option are documented below. Users should consult openssl command documentation for more information.

+ +
+
+ +

EXAMPLES

+ +

Create a CA hierarchy:

+ +
CA.pl -newca
+ +

Complete certificate creation example: create a CA, create a request, sign the request and finally create a PKCS#12 file containing it.

+ +
CA.pl -newca
+CA.pl -newreq
+CA.pl -signreq
+CA.pl -pkcs12 "My Test Certificate"
+ +

DSA CERTIFICATES

+ +

Although the CA.pl creates RSA CAs and requests it is still possible to use it with DSA certificates and requests using the req(1) command directly. The following example shows the steps that would typically be taken.

+ +

Create some DSA parameters:

+ +
openssl dsaparam -out dsap.pem 1024
+ +

Create a DSA CA certificate and private key:

+ +
openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem
+ +

Create the CA directories and files:

+ +
CA.pl -newca
+ +

enter cacert.pem when prompted for the CA file name.

+ +

Create a DSA certificate request and private key (a different set of parameters can optionally be created first):

+ +
openssl req -out newreq.pem -newkey dsa:dsap.pem
+ +

Sign the request:

+ +
CA.pl -signreq
+ +

NOTES

+ +

Most of the filenames mentioned can be modified by editing the CA.pl script.

+ +

If the demoCA directory already exists then the -newca command will not overwrite it and will do nothing. This can happen if a previous call using the -newca option terminated abnormally. To get the correct behaviour delete the demoCA directory if it already exists.

+ +

Under some environments it may not be possible to run the CA.pl script directly (for example Win32) and the default configuration file location may be wrong. In this case the command:

+ +
perl -S CA.pl
+ +

can be used and the OPENSSL_CONF environment variable changed to point to the correct path of the configuration file.

+ +

The script is intended as a simple front end for the openssl program for use by a beginner. Its behaviour isn't always what is wanted. For more control over the behaviour of the certificate commands call the openssl command directly.

+ +

SEE ALSO

+ +

x509(1), ca(1), req(1), pkcs12(1), config(5)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/asn1parse.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/asn1parse.html new file mode 100644 index 00000000..d7b6f514 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/asn1parse.html @@ -0,0 +1,227 @@ + + + + +asn1parse + + + + + + + + + + +

NAME

+ +

openssl-asn1parse, asn1parse - ASN.1 parsing tool

+ +

SYNOPSIS

+ +

openssl asn1parse [-help] [-inform PEM|DER] [-in filename] [-out filename] [-noout] [-offset number] [-length number] [-i] [-oid filename] [-dump] [-dlimit num] [-strparse offset] [-genstr string] [-genconf file] [-strictpem] [-item name]

+ +

DESCRIPTION

+ +

The asn1parse command is a diagnostic utility that can parse ASN.1 structures. It can also be used to extract data from ASN.1 formatted data.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

The input format. DER is binary format and PEM (the default) is base64 encoded.

+ +
+
-in filename
+
+ +

The input file, default is standard input.

+ +
+
-out filename
+
+ +

Output file to place the DER encoded data into. If this option is not present then no data will be output. This is most useful when combined with the -strparse option.

+ +
+
-noout
+
+ +

Don't output the parsed version of the input file.

+ +
+
-offset number
+
+ +

Starting offset to begin parsing, default is start of file.

+ +
+
-length number
+
+ +

Number of bytes to parse, default is until end of file.

+ +
+
-i
+
+ +

Indents the output according to the "depth" of the structures.

+ +
+
-oid filename
+
+ +

A file containing additional OBJECT IDENTIFIERs (OIDs). The format of this file is described in the NOTES section below.

+ +
+
-dump
+
+ +

Dump unknown data in hex format.

+ +
+
-dlimit num
+
+ +

Like -dump, but only the first num bytes are output.

+ +
+
-strparse offset
+
+ +

Parse the contents octets of the ASN.1 object starting at offset. This option can be used multiple times to "drill down" into a nested structure.

+ +
+
-genstr string, -genconf file
+
+ +

Generate encoded data based on string, file or both using ASN1_generate_nconf(3) format. If file only is present then the string is obtained from the default section using the name asn1. The encoded data is passed through the ASN1 parser and printed out as though it came from a file, the contents can thus be examined and written to a file using the out option.

+ +
+
-strictpem
+
+ +

If this option is used then -inform will be ignored. Without this option any data in a PEM format input file will be treated as being base64 encoded and processed whether it has the normal PEM BEGIN and END markers or not. This option will ignore any data prior to the start of the BEGIN marker, or after an END marker in a PEM file.

+ +
+
-item name
+
+ +

Attempt to decode and print the data as ASN1_ITEM name. This can be used to print out the fields of any supported ASN.1 structure if the type is known.

+ +
+
+ +

Output

+ +

The output will typically contain lines like this:

+ +
0:d=0  hl=4 l= 681 cons: SEQUENCE
+ +

.....

+ +
229:d=3  hl=3 l= 141 prim: BIT STRING
+373:d=2  hl=3 l= 162 cons: cont [ 3 ]
+376:d=3  hl=3 l= 159 cons: SEQUENCE
+379:d=4  hl=2 l=  29 cons: SEQUENCE
+381:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
+386:d=5  hl=2 l=  22 prim: OCTET STRING
+410:d=4  hl=2 l= 112 cons: SEQUENCE
+412:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
+417:d=5  hl=2 l= 105 prim: OCTET STRING
+524:d=4  hl=2 l=  12 cons: SEQUENCE
+ +

.....

+ +

This example is part of a self-signed certificate. Each line starts with the offset in decimal. d=XX specifies the current depth. The depth is increased within the scope of any SET or SEQUENCE. hl=XX gives the header length (tag and length octets) of the current type. l=XX gives the length of the contents octets.

+ +

The -i option can be used to make the output more readable.

+ +

Some knowledge of the ASN.1 structure is needed to interpret the output.

+ +

In this example the BIT STRING at offset 229 is the certificate public key. The contents octets of this will contain the public key information. This can be examined using the option -strparse 229 to yield:

+ +
  0:d=0  hl=3 l= 137 cons: SEQUENCE
+  3:d=1  hl=3 l= 129 prim: INTEGER           :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
+135:d=1  hl=2 l=   3 prim: INTEGER           :010001
+ +

NOTES

+ +

If an OID is not part of OpenSSL's internal table it will be represented in numerical form (for example 1.2.3.4). The file passed to the -oid option allows additional OIDs to be included. Each line consists of three columns, the first column is the OID in numerical format and should be followed by white space. The second column is the "short name" which is a single word followed by white space. The final column is the rest of the line and is the "long name". asn1parse displays the long name. Example:

+ +

1.2.3.4 shortName A long name

+ +

EXAMPLES

+ +

Parse a file:

+ +
openssl asn1parse -in file.pem
+ +

Parse a DER file:

+ +
openssl asn1parse -inform DER -in file.der
+ +

Generate a simple UTF8String:

+ +
openssl asn1parse -genstr 'UTF8:Hello World'
+ +

Generate and write out a UTF8String, don't print parsed output:

+ +
openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der
+ +

Generate using a config file:

+ +
openssl asn1parse -genconf asn1.cnf -noout -out asn1.der
+ +

Example config file:

+ +
asn1=SEQUENCE:seq_sect
+
+[seq_sect]
+
+field1=BOOL:TRUE
+field2=EXP:0, UTF8:some random string
+ +

BUGS

+ +

There should be options to change the format of output lines. The output of some ASN.1 types is not well handled (if at all).

+ +

SEE ALSO

+ +

ASN1_generate_nconf(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/ca.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/ca.html new file mode 100644 index 00000000..7f277476 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/ca.html @@ -0,0 +1,671 @@ + + + + +ca + + + + + + + + + + +

NAME

+ +

openssl-ca, ca - sample minimal CA application

+ +

SYNOPSIS

+ +

openssl ca [-help] [-verbose] [-config filename] [-name section] [-gencrl] [-revoke file] [-valid file] [-status serial] [-updatedb] [-crl_reason reason] [-crl_hold instruction] [-crl_compromise time] [-crl_CA_compromise time] [-crldays days] [-crlhours hours] [-crlexts section] [-startdate date] [-enddate date] [-days arg] [-md arg] [-policy arg] [-keyfile arg] [-keyform PEM|DER] [-key arg] [-passin arg] [-cert file] [-selfsign] [-in file] [-out file] [-notext] [-outdir dir] [-infiles] [-spkac file] [-ss_cert file] [-preserveDN] [-noemailDN] [-batch] [-msie_hack] [-extensions section] [-extfile section] [-engine id] [-subj arg] [-utf8] [-sigopt nm:v] [-create_serial] [-rand_serial] [-multivalue-rdn] [-rand file...] [-writerand file]

+ +

DESCRIPTION

+ +

The ca command is a minimal CA application. It can be used to sign certificate requests in a variety of forms and generate CRLs it also maintains a text database of issued certificates and their status.

+ +

The options descriptions will be divided into each purpose.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-verbose
+
+ +

This prints extra details about the operations being performed.

+ +
+
-config filename
+
+ +

Specifies the configuration file to use. Optional; for a description of the default value, see "COMMAND SUMMARY" in openssl(1).

+ +
+
-name section
+
+ +

Specifies the configuration file section to use (overrides default_ca in the ca section).

+ +
+
-in filename
+
+ +

An input filename containing a single certificate request to be signed by the CA.

+ +
+
-ss_cert filename
+
+ +

A single self-signed certificate to be signed by the CA.

+ +
+
-spkac filename
+
+ +

A file containing a single Netscape signed public key and challenge and additional field values to be signed by the CA. See the SPKAC FORMAT section for information on the required input and output format.

+ +
+
-infiles
+
+ +

If present this should be the last option, all subsequent arguments are taken as the names of files containing certificate requests.

+ +
+
-out filename
+
+ +

The output file to output certificates to. The default is standard output. The certificate details will also be printed out to this file in PEM format (except that -spkac outputs DER format).

+ +
+
-outdir directory
+
+ +

The directory to output certificates to. The certificate will be written to a filename consisting of the serial number in hex with ".pem" appended.

+ +
+
-cert
+
+ +

The CA certificate file.

+ +
+
-keyfile filename
+
+ +

The private key to sign requests with.

+ +
+
-keyform PEM|DER
+
+ +

The format of the data in the private key file. The default is PEM.

+ +
+
-sigopt nm:v
+
+ +

Pass options to the signature algorithm during sign or verify operations. Names and values of these options are algorithm-specific.

+ +
+
-key password
+
+ +

The password used to encrypt the private key. Since on some systems the command line arguments are visible (e.g. Unix with the 'ps' utility) this option should be used with caution.

+ +
+
-selfsign
+
+ +

Indicates the issued certificates are to be signed with the key the certificate requests were signed with (given with -keyfile). Certificate requests signed with a different key are ignored. If -spkac, -ss_cert or -gencrl are given, -selfsign is ignored.

+ +

A consequence of using -selfsign is that the self-signed certificate appears among the entries in the certificate database (see the configuration option database), and uses the same serial number counter as all other certificates sign with the self-signed certificate.

+ +
+
-passin arg
+
+ +

The key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-notext
+
+ +

Don't output the text form of a certificate to the output file.

+ +
+
-startdate date
+
+ +

This allows the start date to be explicitly set. The format of the date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In both formats, seconds SS and timezone Z must be present.

+ +
+
-enddate date
+
+ +

This allows the expiry date to be explicitly set. The format of the date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In both formats, seconds SS and timezone Z must be present.

+ +
+
-days arg
+
+ +

The number of days to certify the certificate for.

+ +
+
-md alg
+
+ +

The message digest to use. Any digest supported by the OpenSSL dgst command can be used. For signing algorithms that do not support a digest (i.e. Ed25519 and Ed448) any message digest that is set is ignored. This option also applies to CRLs.

+ +
+
-policy arg
+
+ +

This option defines the CA "policy" to use. This is a section in the configuration file which decides which fields should be mandatory or match the CA certificate. Check out the POLICY FORMAT section for more information.

+ +
+
-msie_hack
+
+ +

This is a deprecated option to make ca work with very old versions of the IE certificate enrollment control "certenr3". It used UniversalStrings for almost everything. Since the old control has various security bugs its use is strongly discouraged.

+ +
+
-preserveDN
+
+ +

Normally the DN order of a certificate is the same as the order of the fields in the relevant policy section. When this option is set the order is the same as the request. This is largely for compatibility with the older IE enrollment control which would only accept certificates if their DNs match the order of the request. This is not needed for Xenroll.

+ +
+
-noemailDN
+
+ +

The DN of a certificate can contain the EMAIL field if present in the request DN, however it is good policy just having the e-mail set into the altName extension of the certificate. When this option is set the EMAIL field is removed from the certificate' subject and set only in the, eventually present, extensions. The email_in_dn keyword can be used in the configuration file to enable this behaviour.

+ +
+
-batch
+
+ +

This sets the batch mode. In this mode no questions will be asked and all certificates will be certified automatically.

+ +
+
-extensions section
+
+ +

The section of the configuration file containing certificate extensions to be added when a certificate is issued (defaults to x509_extensions unless the -extfile option is used). If no extension section is present then, a V1 certificate is created. If the extension section is present (even if it is empty), then a V3 certificate is created. See the x509v3_config(5) manual page for details of the extension section format.

+ +
+
-extfile file
+
+ +

An additional configuration file to read certificate extensions from (using the default section unless the -extensions option is also used).

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause ca to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-subj arg
+
+ +

Supersedes subject name given in the request. The arg must be formatted as /type0=value0/type1=value1/type2=.... Keyword characters may be escaped by \ (backslash), and whitespace is retained. Empty values are permitted, but the corresponding type will not be included in the resulting certificate.

+ +
+
-utf8
+
+ +

This option causes field values to be interpreted as UTF8 strings, by default they are interpreted as ASCII. This means that the field values, whether prompted from a terminal or obtained from a configuration file, must be valid UTF8 strings.

+ +
+
-create_serial
+
+ +

If reading serial from the text file as specified in the configuration fails, specifying this option creates a new random serial to be used as next serial number. To get random serial numbers, use the -rand_serial flag instead; this should only be used for simple error-recovery.

+ +
+
-rand_serial
+
+ +

Generate a large random number to use as the serial number. This overrides any option or configuration to use a serial number file.

+ +
+
-multivalue-rdn
+
+ +

This option causes the -subj argument to be interpreted with full support for multivalued RDNs. Example:

+ +

/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe

+ +

If -multi-rdn is not used then the UID value is 123456+CN=John Doe.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
+ +

CRL OPTIONS

+ +
+ +
-gencrl
+
+ +

This option generates a CRL based on information in the index file.

+ +
+
-crldays num
+
+ +

The number of days before the next CRL is due. That is the days from now to place in the CRL nextUpdate field.

+ +
+
-crlhours num
+
+ +

The number of hours before the next CRL is due.

+ +
+
-revoke filename
+
+ +

A filename containing a certificate to revoke.

+ +
+
-valid filename
+
+ +

A filename containing a certificate to add a Valid certificate entry.

+ +
+
-status serial
+
+ +

Displays the revocation status of the certificate with the specified serial number and exits.

+ +
+
-updatedb
+
+ +

Updates the database index to purge expired certificates.

+ +
+
-crl_reason reason
+
+ +

Revocation reason, where reason is one of: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold or removeFromCRL. The matching of reason is case insensitive. Setting any revocation reason will make the CRL v2.

+ +

In practice removeFromCRL is not particularly useful because it is only used in delta CRLs which are not currently implemented.

+ +
+
-crl_hold instruction
+
+ +

This sets the CRL revocation reason code to certificateHold and the hold instruction to instruction which must be an OID. Although any OID can be used only holdInstructionNone (the use of which is discouraged by RFC2459) holdInstructionCallIssuer or holdInstructionReject will normally be used.

+ +
+
-crl_compromise time
+
+ +

This sets the revocation reason to keyCompromise and the compromise time to time. time should be in GeneralizedTime format that is YYYYMMDDHHMMSSZ.

+ +
+
-crl_CA_compromise time
+
+ +

This is the same as crl_compromise except the revocation reason is set to CACompromise.

+ +
+
-crlexts section
+
+ +

The section of the configuration file containing CRL extensions to include. If no CRL extension section is present then a V1 CRL is created, if the CRL extension section is present (even if it is empty) then a V2 CRL is created. The CRL extensions specified are CRL extensions and not CRL entry extensions. It should be noted that some software (for example Netscape) can't handle V2 CRLs. See x509v3_config(5) manual page for details of the extension section format.

+ +
+
+ +

CONFIGURATION FILE OPTIONS

+ +

The section of the configuration file containing options for ca is found as follows: If the -name command line option is used, then it names the section to be used. Otherwise the section to be used must be named in the default_ca option of the ca section of the configuration file (or in the default section of the configuration file). Besides default_ca, the following options are read directly from the ca section: RANDFILE preserve msie_hack With the exception of RANDFILE, this is probably a bug and may change in future releases.

+ +

Many of the configuration file options are identical to command line options. Where the option is present in the configuration file and the command line the command line value is used. Where an option is described as mandatory then it must be present in the configuration file or the command line equivalent (if any) used.

+ +
+ +
oid_file
+
+ +

This specifies a file containing additional OBJECT IDENTIFIERS. Each line of the file should consist of the numerical form of the object identifier followed by white space then the short name followed by white space and finally the long name.

+ +
+
oid_section
+
+ +

This specifies a section in the configuration file containing extra object identifiers. Each line should consist of the short name of the object identifier followed by = and the numerical form. The short and long names are the same when this option is used.

+ +
+
new_certs_dir
+
+ +

The same as the -outdir command line option. It specifies the directory where new certificates will be placed. Mandatory.

+ +
+
certificate
+
+ +

The same as -cert. It gives the file containing the CA certificate. Mandatory.

+ +
+
private_key
+
+ +

Same as the -keyfile option. The file containing the CA private key. Mandatory.

+ +
+
RANDFILE
+
+ +

At startup the specified file is loaded into the random number generator, and at exit 256 bytes will be written to it.

+ +
+
default_days
+
+ +

The same as the -days option. The number of days to certify a certificate for.

+ +
+
default_startdate
+
+ +

The same as the -startdate option. The start date to certify a certificate for. If not set the current time is used.

+ +
+
default_enddate
+
+ +

The same as the -enddate option. Either this option or default_days (or the command line equivalents) must be present.

+ +
+
default_crl_hours default_crl_days
+
+ +

The same as the -crlhours and the -crldays options. These will only be used if neither command line option is present. At least one of these must be present to generate a CRL.

+ +
+
default_md
+
+ +

The same as the -md option. Mandatory except where the signing algorithm does not require a digest (i.e. Ed25519 and Ed448).

+ +
+
database
+
+ +

The text database file to use. Mandatory. This file must be present though initially it will be empty.

+ +
+
unique_subject
+
+ +

If the value yes is given, the valid certificate entries in the database must have unique subjects. if the value no is given, several valid certificate entries may have the exact same subject. The default value is yes, to be compatible with older (pre 0.9.8) versions of OpenSSL. However, to make CA certificate roll-over easier, it's recommended to use the value no, especially if combined with the -selfsign command line option.

+ +

Note that it is valid in some circumstances for certificates to be created without any subject. In the case where there are multiple certificates without subjects this does not count as a duplicate.

+ +
+
serial
+
+ +

A text file containing the next serial number to use in hex. Mandatory. This file must be present and contain a valid serial number.

+ +
+
crlnumber
+
+ +

A text file containing the next CRL number to use in hex. The crl number will be inserted in the CRLs only if this file exists. If this file is present, it must contain a valid CRL number.

+ +
+
x509_extensions
+
+ +

The same as -extensions.

+ +
+
crl_extensions
+
+ +

The same as -crlexts.

+ +
+
preserve
+
+ +

The same as -preserveDN

+ +
+
email_in_dn
+
+ +

The same as -noemailDN. If you want the EMAIL field to be removed from the DN of the certificate simply set this to 'no'. If not present the default is to allow for the EMAIL filed in the certificate's DN.

+ +
+
msie_hack
+
+ +

The same as -msie_hack

+ +
+
policy
+
+ +

The same as -policy. Mandatory. See the POLICY FORMAT section for more information.

+ +
+
name_opt, cert_opt
+
+ +

These options allow the format used to display the certificate details when asking the user to confirm signing. All the options supported by the x509 utilities -nameopt and -certopt switches can be used here, except the no_signame and no_sigdump are permanently set and cannot be disabled (this is because the certificate signature cannot be displayed because the certificate has not been signed at this point).

+ +

For convenience the values ca_default are accepted by both to produce a reasonable output.

+ +

If neither option is present the format used in earlier versions of OpenSSL is used. Use of the old format is strongly discouraged because it only displays fields mentioned in the policy section, mishandles multicharacter string types and does not display extensions.

+ +
+
copy_extensions
+
+ +

Determines how extensions in certificate requests should be handled. If set to none or this option is not present then extensions are ignored and not copied to the certificate. If set to copy then any extensions present in the request that are not already present are copied to the certificate. If set to copyall then all extensions in the request are copied to the certificate: if the extension is already present in the certificate it is deleted first. See the WARNINGS section before using this option.

+ +

The main use of this option is to allow a certificate request to supply values for certain extensions such as subjectAltName.

+ +
+
+ +

POLICY FORMAT

+ +

The policy section consists of a set of variables corresponding to certificate DN fields. If the value is "match" then the field value must match the same field in the CA certificate. If the value is "supplied" then it must be present. If the value is "optional" then it may be present. Any fields not mentioned in the policy section are silently deleted, unless the -preserveDN option is set but this can be regarded more of a quirk than intended behaviour.

+ +

SPKAC FORMAT

+ +

The input to the -spkac command line option is a Netscape signed public key and challenge. This will usually come from the KEYGEN tag in an HTML form to create a new private key. It is however possible to create SPKACs using the spkac utility.

+ +

The file should contain the variable SPKAC set to the value of the SPKAC and also the required DN components as name value pairs. If you need to include the same component twice then it can be preceded by a number and a '.'.

+ +

When processing SPKAC format, the output is DER if the -out flag is used, but PEM format if sending to stdout or the -outdir flag is used.

+ +

EXAMPLES

+ +

Note: these examples assume that the ca directory structure is already set up and the relevant files already exist. This usually involves creating a CA certificate and private key with req, a serial number file and an empty index file and placing them in the relevant directories.

+ +

To use the sample configuration file below the directories demoCA, demoCA/private and demoCA/newcerts would be created. The CA certificate would be copied to demoCA/cacert.pem and its private key to demoCA/private/cakey.pem. A file demoCA/serial would be created containing for example "01" and the empty index file demoCA/index.txt.

+ +

Sign a certificate request:

+ +
openssl ca -in req.pem -out newcert.pem
+ +

Sign a certificate request, using CA extensions:

+ +
openssl ca -in req.pem -extensions v3_ca -out newcert.pem
+ +

Generate a CRL

+ +
openssl ca -gencrl -out crl.pem
+ +

Sign several requests:

+ +
openssl ca -infiles req1.pem req2.pem req3.pem
+ +

Certify a Netscape SPKAC:

+ +
openssl ca -spkac spkac.txt
+ +

A sample SPKAC file (the SPKAC line has been truncated for clarity):

+ +
SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5
+CN=Steve Test
+emailAddress=steve@openssl.org
+0.OU=OpenSSL Group
+1.OU=Another Group
+ +

A sample configuration file with the relevant sections for ca:

+ +
[ ca ]
+default_ca      = CA_default            # The default ca section
+
+[ CA_default ]
+
+dir            = ./demoCA              # top dir
+database       = $dir/index.txt        # index file.
+new_certs_dir  = $dir/newcerts         # new certs dir
+
+certificate    = $dir/cacert.pem       # The CA cert
+serial         = $dir/serial           # serial no file
+#rand_serial    = yes                  # for random serial#'s
+private_key    = $dir/private/cakey.pem# CA private key
+RANDFILE       = $dir/private/.rand    # random number file
+
+default_days   = 365                   # how long to certify for
+default_crl_days= 30                   # how long before next CRL
+default_md     = md5                   # md to use
+
+policy         = policy_any            # default policy
+email_in_dn    = no                    # Don't add the email into cert DN
+
+name_opt       = ca_default            # Subject name display option
+cert_opt       = ca_default            # Certificate display option
+copy_extensions = none                 # Don't copy extensions from request
+
+[ policy_any ]
+countryName            = supplied
+stateOrProvinceName    = optional
+organizationName       = optional
+organizationalUnitName = optional
+commonName             = supplied
+emailAddress           = optional
+ +

FILES

+ +

Note: the location of all files can change either by compile time options, configuration file entries, environment variables or command line options. The values below reflect the default values.

+ +
/usr/local/ssl/lib/openssl.cnf - master configuration file
+./demoCA                       - main CA directory
+./demoCA/cacert.pem            - CA certificate
+./demoCA/private/cakey.pem     - CA private key
+./demoCA/serial                - CA serial number file
+./demoCA/serial.old            - CA serial number backup file
+./demoCA/index.txt             - CA text database file
+./demoCA/index.txt.old         - CA text database backup file
+./demoCA/certs                 - certificate output file
+./demoCA/.rnd                  - CA random seed information
+ +

RESTRICTIONS

+ +

The text database index file is a critical part of the process and if corrupted it can be difficult to fix. It is theoretically possible to rebuild the index file from all the issued certificates and a current CRL: however there is no option to do this.

+ +

V2 CRL features like delta CRLs are not currently supported.

+ +

Although several requests can be input and handled at once it is only possible to include one SPKAC or self-signed certificate.

+ +

BUGS

+ +

The use of an in-memory text database can cause problems when large numbers of certificates are present because, as the name implies the database has to be kept in memory.

+ +

The ca command really needs rewriting or the required functionality exposed at either a command or interface level so a more friendly utility (perl script or GUI) can handle things properly. The script CA.pl helps a little but not very much.

+ +

Any fields in a request that are not present in a policy are silently deleted. This does not happen if the -preserveDN option is used. To enforce the absence of the EMAIL field within the DN, as suggested by RFCs, regardless the contents of the request' subject the -noemailDN option can be used. The behaviour should be more friendly and configurable.

+ +

Canceling some commands by refusing to certify a certificate can create an empty file.

+ +

WARNINGS

+ +

The ca command is quirky and at times downright unfriendly.

+ +

The ca utility was originally meant as an example of how to do things in a CA. It was not supposed to be used as a full blown CA itself: nevertheless some people are using it for this purpose.

+ +

The ca command is effectively a single user command: no locking is done on the various files and attempts to run more than one ca command on the same database can have unpredictable results.

+ +

The copy_extensions option should be used with caution. If care is not taken then it can be a security risk. For example if a certificate request contains a basicConstraints extension with CA:TRUE and the copy_extensions value is set to copyall and the user does not spot this when the certificate is displayed then this will hand the requester a valid CA certificate.

+ +

This situation can be avoided by setting copy_extensions to copy and including basicConstraints with CA:FALSE in the configuration file. Then if the request contains a basicConstraints extension it will be ignored.

+ +

It is advisable to also include values for other extensions such as keyUsage to prevent a request supplying its own values.

+ +

Additional restrictions can be placed on the CA certificate itself. For example if the CA certificate has:

+ +
basicConstraints = CA:TRUE, pathlen:0
+ +

then even if a certificate is issued with CA:TRUE it will not be valid.

+ +

HISTORY

+ +

Since OpenSSL 1.1.1, the program follows RFC5280. Specifically, certificate validity period (specified by any of -startdate, -enddate and -days) will be encoded as UTCTime if the dates are earlier than year 2049 (included), and as GeneralizedTime if the dates are in year 2050 or later.

+ +

SEE ALSO

+ +

req(1), spkac(1), x509(1), CA.pl(1), config(5), x509v3_config(5)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/ciphers.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/ciphers.html new file mode 100644 index 00000000..98131fc7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/ciphers.html @@ -0,0 +1,811 @@ + + + + +ciphers + + + + + + + + + + +

NAME

+ +

openssl-ciphers, ciphers - SSL cipher display and cipher list tool

+ +

SYNOPSIS

+ +

openssl ciphers [-help] [-s] [-v] [-V] [-ssl3] [-tls1] [-tls1_1] [-tls1_2] [-tls1_3] [-s] [-psk] [-srp] [-stdname] [-convert name] [-ciphersuites val] [cipherlist]

+ +

DESCRIPTION

+ +

The ciphers command converts textual OpenSSL cipher lists into ordered SSL cipher preference lists. It can be used as a test tool to determine the appropriate cipherlist.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print a usage message.

+ +
+
-s
+
+ +

Only list supported ciphers: those consistent with the security level, and minimum and maximum protocol version. This is closer to the actual cipher list an application will support.

+ +

PSK and SRP ciphers are not enabled by default: they require -psk or -srp to enable them.

+ +

It also does not change the default list of supported signature algorithms.

+ +

On a server the list of supported ciphers might also exclude other ciphers depending on the configured certificates and presence of DH parameters.

+ +

If this option is not used then all ciphers that match the cipherlist will be listed.

+ +
+
-psk
+
+ +

When combined with -s includes cipher suites which require PSK.

+ +
+
-srp
+
+ +

When combined with -s includes cipher suites which require SRP.

+ +
+
-v
+
+ +

Verbose output: For each cipher suite, list details as provided by SSL_CIPHER_description(3).

+ +
+
-V
+
+ +

Like -v, but include the official cipher suite values in hex.

+ +
+
-tls1_3, -tls1_2, -tls1_1, -tls1, -ssl3
+
+ +

In combination with the -s option, list the ciphers which could be used if the specified protocol were negotiated. Note that not all protocols and flags may be available, depending on how OpenSSL was built.

+ +
+
-stdname
+
+ +

Precede each cipher suite by its standard name.

+ +
+
-convert name
+
+ +

Convert a standard cipher name to its OpenSSL name.

+ +
+
-ciphersuites val
+
+ +

Sets the list of TLSv1.3 ciphersuites. This list will be combined with any TLSv1.2 and below ciphersuites that have been configured. The format for this list is a simple colon (":") separated list of TLSv1.3 ciphersuite names. By default this value is:

+ +
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+ +
+
cipherlist
+
+ +

A cipher list of TLSv1.2 and below ciphersuites to convert to a cipher preference list. This list will be combined with any TLSv1.3 ciphersuites that have been configured. If it is not included then the default cipher list will be used. The format is described below.

+ +
+
+ +

CIPHER LIST FORMAT

+ +

The cipher list consists of one or more cipher strings separated by colons. Commas or spaces are also acceptable separators but colons are normally used.

+ +

The actual cipher string can take several different forms.

+ +

It can consist of a single cipher suite such as RC4-SHA.

+ +

It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For example SHA1 represents all ciphers suites using the digest algorithm SHA1 and SSLv3 represents all SSL v3 algorithms.

+ +

Lists of cipher suites can be combined in a single cipher string using the + character. This is used as a logical and operation. For example SHA1+DES represents all cipher suites containing the SHA1 and the DES algorithms.

+ +

Each cipher string can be optionally preceded by the characters !, - or +.

+ +

If ! is used then the ciphers are permanently deleted from the list. The ciphers deleted can never reappear in the list even if they are explicitly stated.

+ +

If - is used then the ciphers are deleted from the list, but some or all of the ciphers can be added again by later options.

+ +

If + is used then the ciphers are moved to the end of the list. This option doesn't add any new ciphers it just moves matching existing ones.

+ +

If none of these characters is present then the string is just interpreted as a list of ciphers to be appended to the current preference list. If the list includes any ciphers already present they will be ignored: that is they will not moved to the end of the list.

+ +

The cipher string @STRENGTH can be used at any point to sort the current cipher list in order of encryption algorithm key length.

+ +

The cipher string @SECLEVEL=n can be used at any point to set the security level to n, which should be a number between zero and five, inclusive. See SSL_CTX_set_security_level for a description of what each level means.

+ +

The cipher list can be prefixed with the DEFAULT keyword, which enables the default cipher list as defined below. Unlike cipher strings, this prefix may not be combined with other strings using + character. For example, DEFAULT+DES is not valid.

+ +

The content of the default list is determined at compile time and normally corresponds to ALL:!COMPLEMENTOFDEFAULT:!eNULL.

+ +

CIPHER STRINGS

+ +

The following is a list of all permitted cipher strings and their meanings.

+ +
+ +
COMPLEMENTOFDEFAULT
+
+ +

The ciphers included in ALL, but not enabled by default. Currently this includes all RC4 and anonymous ciphers. Note that this rule does not cover eNULL, which is not included by ALL (use COMPLEMENTOFALL if necessary). Note that RC4 based cipher suites are not built into OpenSSL by default (see the enable-weak-ssl-ciphers option to Configure).

+ +
+
ALL
+
+ +

All cipher suites except the eNULL ciphers (which must be explicitly enabled if needed). As of OpenSSL 1.0.0, the ALL cipher suites are sensibly ordered by default.

+ +
+
COMPLEMENTOFALL
+
+ +

The cipher suites not enabled by ALL, currently eNULL.

+ +
+
HIGH
+
+ +

"High" encryption cipher suites. This currently means those with key lengths larger than 128 bits, and some cipher suites with 128-bit keys.

+ +
+
MEDIUM
+
+ +

"Medium" encryption cipher suites, currently some of those using 128 bit encryption.

+ +
+
LOW
+
+ +

"Low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms but excluding export cipher suites. All these cipher suites have been removed as of OpenSSL 1.1.0.

+ +
+
eNULL, NULL
+
+ +

The "NULL" ciphers that is those offering no encryption. Because these offer no encryption at all and are a security risk they are not enabled via either the DEFAULT or ALL cipher strings. Be careful when building cipherlists out of lower-level primitives such as kRSA or aECDSA as these do overlap with the eNULL ciphers. When in doubt, include !eNULL in your cipherlist.

+ +
+
aNULL
+
+ +

The cipher suites offering no authentication. This is currently the anonymous DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable to "man in the middle" attacks and so their use is discouraged. These are excluded from the DEFAULT ciphers, but included in the ALL ciphers. Be careful when building cipherlists out of lower-level primitives such as kDHE or AES as these do overlap with the aNULL ciphers. When in doubt, include !aNULL in your cipherlist.

+ +
+
kRSA, aRSA, RSA
+
+ +

Cipher suites using RSA key exchange or authentication. RSA is an alias for kRSA.

+ +
+
kDHr, kDHd, kDH
+
+ +

Cipher suites using static DH key agreement and DH certificates signed by CAs with RSA and DSS keys or either respectively. All these cipher suites have been removed in OpenSSL 1.1.0.

+ +
+
kDHE, kEDH, DH
+
+ +

Cipher suites using ephemeral DH key agreement, including anonymous cipher suites.

+ +
+
DHE, EDH
+
+ +

Cipher suites using authenticated ephemeral DH key agreement.

+ +
+
ADH
+
+ +

Anonymous DH cipher suites, note that this does not include anonymous Elliptic Curve DH (ECDH) cipher suites.

+ +
+
kEECDH, kECDHE, ECDH
+
+ +

Cipher suites using ephemeral ECDH key agreement, including anonymous cipher suites.

+ +
+
ECDHE, EECDH
+
+ +

Cipher suites using authenticated ephemeral ECDH key agreement.

+ +
+
AECDH
+
+ +

Anonymous Elliptic Curve Diffie-Hellman cipher suites.

+ +
+
aDSS, DSS
+
+ +

Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.

+ +
+
aDH
+
+ +

Cipher suites effectively using DH authentication, i.e. the certificates carry DH keys. All these cipher suites have been removed in OpenSSL 1.1.0.

+ +
+
aECDSA, ECDSA
+
+ +

Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA keys.

+ +
+
TLSv1.2, TLSv1.0, SSLv3
+
+ +

Lists cipher suites which are only supported in at least TLS v1.2, TLS v1.0 or SSL v3.0 respectively. Note: there are no cipher suites specific to TLS v1.1. Since this is only the minimum version, if, for example, TLSv1.0 is negotiated then both TLSv1.0 and SSLv3.0 cipher suites are available.

+ +

Note: these cipher strings do not change the negotiated version of SSL or TLS, they only affect the list of available cipher suites.

+ +
+
AES128, AES256, AES
+
+ +

cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES.

+ +
+
AESGCM
+
+ +

AES in Galois Counter Mode (GCM): these cipher suites are only supported in TLS v1.2.

+ +
+
AESCCM, AESCCM8
+
+ +

AES in Cipher Block Chaining - Message Authentication Mode (CCM): these cipher suites are only supported in TLS v1.2. AESCCM references CCM cipher suites using both 16 and 8 octet Integrity Check Value (ICV) while AESCCM8 only references 8 octet ICV.

+ +
+
ARIA128, ARIA256, ARIA
+
+ +

Cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit ARIA.

+ +
+
CAMELLIA128, CAMELLIA256, CAMELLIA
+
+ +

Cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit CAMELLIA.

+ +
+
CHACHA20
+
+ +

Cipher suites using ChaCha20.

+ +
+
3DES
+
+ +

Cipher suites using triple DES.

+ +
+
DES
+
+ +

Cipher suites using DES (not triple DES). All these cipher suites have been removed in OpenSSL 1.1.0.

+ +
+
RC4
+
+ +

Cipher suites using RC4.

+ +
+
RC2
+
+ +

Cipher suites using RC2.

+ +
+
IDEA
+
+ +

Cipher suites using IDEA.

+ +
+
SEED
+
+ +

Cipher suites using SEED.

+ +
+
MD5
+
+ +

Cipher suites using MD5.

+ +
+
SHA1, SHA
+
+ +

Cipher suites using SHA1.

+ +
+
SHA256, SHA384
+
+ +

Cipher suites using SHA256 or SHA384.

+ +
+
aGOST
+
+ +

Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication (needs an engine supporting GOST algorithms).

+ +
+
aGOST01
+
+ +

Cipher suites using GOST R 34.10-2001 authentication.

+ +
+
kGOST
+
+ +

Cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.

+ +
+
GOST94
+
+ +

Cipher suites, using HMAC based on GOST R 34.11-94.

+ +
+
GOST89MAC
+
+ +

Cipher suites using GOST 28147-89 MAC instead of HMAC.

+ +
+
PSK
+
+ +

All cipher suites using pre-shared keys (PSK).

+ +
+
kPSK, kECDHEPSK, kDHEPSK, kRSAPSK
+
+ +

Cipher suites using PSK key exchange, ECDHE_PSK, DHE_PSK or RSA_PSK.

+ +
+
aPSK
+
+ +

Cipher suites using PSK authentication (currently all PSK modes apart from RSA_PSK).

+ +
+
SUITEB128, SUITEB128ONLY, SUITEB192
+
+ +

Enables suite B mode of operation using 128 (permitting 192 bit mode by peer) 128 bit (not permitting 192 bit by peer) or 192 bit level of security respectively. If used these cipherstrings should appear first in the cipher list and anything after them is ignored. Setting Suite B mode has additional consequences required to comply with RFC6460. In particular the supported signature algorithms is reduced to support only ECDSA and SHA256 or SHA384, only the elliptic curves P-256 and P-384 can be used and only the two suite B compliant cipher suites (ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-ECDSA-AES256-GCM-SHA384) are permissible.

+ +
+
+ +

CIPHER SUITE NAMES

+ +

The following lists give the SSL or TLS cipher suites names from the relevant specification and their OpenSSL equivalents. It should be noted, that several cipher suite names do not include the authentication used, e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.

+ +

SSL v3.0 cipher suites

+ +
SSL_RSA_WITH_NULL_MD5                   NULL-MD5
+SSL_RSA_WITH_NULL_SHA                   NULL-SHA
+SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
+SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
+SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
+
+SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        DH-DSS-DES-CBC3-SHA
+SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        DH-RSA-DES-CBC3-SHA
+SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
+SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
+
+SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
+
+SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
+SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
+SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
+ +

TLS v1.0 cipher suites

+ +
TLS_RSA_WITH_NULL_MD5                   NULL-MD5
+TLS_RSA_WITH_NULL_SHA                   NULL-SHA
+TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
+TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
+TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
+
+TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
+TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
+
+TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
+ +

AES cipher suites from RFC3268, extending TLS v1.0

+ +
TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
+TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
+
+TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
+TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
+TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
+TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
+
+TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
+TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
+TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
+TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
+
+TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
+TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
+ +

Camellia cipher suites from RFC4132, extending TLS v1.0

+ +
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      CAMELLIA128-SHA
+TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      CAMELLIA256-SHA
+
+TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   DH-DSS-CAMELLIA128-SHA
+TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   DH-DSS-CAMELLIA256-SHA
+TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   DH-RSA-CAMELLIA128-SHA
+TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   DH-RSA-CAMELLIA256-SHA
+
+TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  DHE-DSS-CAMELLIA128-SHA
+TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  DHE-DSS-CAMELLIA256-SHA
+TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  DHE-RSA-CAMELLIA128-SHA
+TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  DHE-RSA-CAMELLIA256-SHA
+
+TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  ADH-CAMELLIA128-SHA
+TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  ADH-CAMELLIA256-SHA
+ +

SEED cipher suites from RFC4162, extending TLS v1.0

+ +
TLS_RSA_WITH_SEED_CBC_SHA              SEED-SHA
+
+TLS_DH_DSS_WITH_SEED_CBC_SHA           DH-DSS-SEED-SHA
+TLS_DH_RSA_WITH_SEED_CBC_SHA           DH-RSA-SEED-SHA
+
+TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
+TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA
+
+TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
+ +

GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0

+ +

Note: these ciphers require an engine which including GOST cryptographic algorithms, such as the ccgost engine, included in the OpenSSL distribution.

+ +
TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
+TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
+TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
+TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
+ +

Additional Export 1024 and other cipher suites

+ +

Note: these ciphers can also be used in SSL v3.

+ +
TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
+ +

Elliptic curve cipher suites.

+ +
TLS_ECDHE_RSA_WITH_NULL_SHA             ECDHE-RSA-NULL-SHA
+TLS_ECDHE_RSA_WITH_RC4_128_SHA          ECDHE-RSA-RC4-SHA
+TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     ECDHE-RSA-DES-CBC3-SHA
+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      ECDHE-RSA-AES128-SHA
+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      ECDHE-RSA-AES256-SHA
+
+TLS_ECDHE_ECDSA_WITH_NULL_SHA           ECDHE-ECDSA-NULL-SHA
+TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        ECDHE-ECDSA-RC4-SHA
+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   ECDHE-ECDSA-DES-CBC3-SHA
+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    ECDHE-ECDSA-AES128-SHA
+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    ECDHE-ECDSA-AES256-SHA
+
+TLS_ECDH_anon_WITH_NULL_SHA             AECDH-NULL-SHA
+TLS_ECDH_anon_WITH_RC4_128_SHA          AECDH-RC4-SHA
+TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     AECDH-DES-CBC3-SHA
+TLS_ECDH_anon_WITH_AES_128_CBC_SHA      AECDH-AES128-SHA
+TLS_ECDH_anon_WITH_AES_256_CBC_SHA      AECDH-AES256-SHA
+ +

TLS v1.2 cipher suites

+ +
TLS_RSA_WITH_NULL_SHA256                  NULL-SHA256
+
+TLS_RSA_WITH_AES_128_CBC_SHA256           AES128-SHA256
+TLS_RSA_WITH_AES_256_CBC_SHA256           AES256-SHA256
+TLS_RSA_WITH_AES_128_GCM_SHA256           AES128-GCM-SHA256
+TLS_RSA_WITH_AES_256_GCM_SHA384           AES256-GCM-SHA384
+
+TLS_DH_RSA_WITH_AES_128_CBC_SHA256        DH-RSA-AES128-SHA256
+TLS_DH_RSA_WITH_AES_256_CBC_SHA256        DH-RSA-AES256-SHA256
+TLS_DH_RSA_WITH_AES_128_GCM_SHA256        DH-RSA-AES128-GCM-SHA256
+TLS_DH_RSA_WITH_AES_256_GCM_SHA384        DH-RSA-AES256-GCM-SHA384
+
+TLS_DH_DSS_WITH_AES_128_CBC_SHA256        DH-DSS-AES128-SHA256
+TLS_DH_DSS_WITH_AES_256_CBC_SHA256        DH-DSS-AES256-SHA256
+TLS_DH_DSS_WITH_AES_128_GCM_SHA256        DH-DSS-AES128-GCM-SHA256
+TLS_DH_DSS_WITH_AES_256_GCM_SHA384        DH-DSS-AES256-GCM-SHA384
+
+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       DHE-RSA-AES128-SHA256
+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       DHE-RSA-AES256-SHA256
+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       DHE-RSA-AES128-GCM-SHA256
+TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       DHE-RSA-AES256-GCM-SHA384
+
+TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       DHE-DSS-AES128-SHA256
+TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       DHE-DSS-AES256-SHA256
+TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       DHE-DSS-AES128-GCM-SHA256
+TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       DHE-DSS-AES256-GCM-SHA384
+
+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     ECDHE-RSA-AES128-SHA256
+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     ECDHE-RSA-AES256-SHA384
+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     ECDHE-RSA-AES128-GCM-SHA256
+TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     ECDHE-RSA-AES256-GCM-SHA384
+
+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   ECDHE-ECDSA-AES128-SHA256
+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDHE-ECDSA-AES256-SHA384
+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDHE-ECDSA-AES128-GCM-SHA256
+TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDHE-ECDSA-AES256-GCM-SHA384
+
+TLS_DH_anon_WITH_AES_128_CBC_SHA256       ADH-AES128-SHA256
+TLS_DH_anon_WITH_AES_256_CBC_SHA256       ADH-AES256-SHA256
+TLS_DH_anon_WITH_AES_128_GCM_SHA256       ADH-AES128-GCM-SHA256
+TLS_DH_anon_WITH_AES_256_GCM_SHA384       ADH-AES256-GCM-SHA384
+
+RSA_WITH_AES_128_CCM                      AES128-CCM
+RSA_WITH_AES_256_CCM                      AES256-CCM
+DHE_RSA_WITH_AES_128_CCM                  DHE-RSA-AES128-CCM
+DHE_RSA_WITH_AES_256_CCM                  DHE-RSA-AES256-CCM
+RSA_WITH_AES_128_CCM_8                    AES128-CCM8
+RSA_WITH_AES_256_CCM_8                    AES256-CCM8
+DHE_RSA_WITH_AES_128_CCM_8                DHE-RSA-AES128-CCM8
+DHE_RSA_WITH_AES_256_CCM_8                DHE-RSA-AES256-CCM8
+ECDHE_ECDSA_WITH_AES_128_CCM              ECDHE-ECDSA-AES128-CCM
+ECDHE_ECDSA_WITH_AES_256_CCM              ECDHE-ECDSA-AES256-CCM
+ECDHE_ECDSA_WITH_AES_128_CCM_8            ECDHE-ECDSA-AES128-CCM8
+ECDHE_ECDSA_WITH_AES_256_CCM_8            ECDHE-ECDSA-AES256-CCM8
+ +

ARIA cipher suites from RFC6209, extending TLS v1.2

+ +

Note: the CBC modes mentioned in this RFC are not supported.

+ +
TLS_RSA_WITH_ARIA_128_GCM_SHA256          ARIA128-GCM-SHA256
+TLS_RSA_WITH_ARIA_256_GCM_SHA384          ARIA256-GCM-SHA384
+TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256      DHE-RSA-ARIA128-GCM-SHA256
+TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384      DHE-RSA-ARIA256-GCM-SHA384
+TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256      DHE-DSS-ARIA128-GCM-SHA256
+TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384      DHE-DSS-ARIA256-GCM-SHA384
+TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256  ECDHE-ECDSA-ARIA128-GCM-SHA256
+TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384  ECDHE-ECDSA-ARIA256-GCM-SHA384
+TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256    ECDHE-ARIA128-GCM-SHA256
+TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384    ECDHE-ARIA256-GCM-SHA384
+TLS_PSK_WITH_ARIA_128_GCM_SHA256          PSK-ARIA128-GCM-SHA256
+TLS_PSK_WITH_ARIA_256_GCM_SHA384          PSK-ARIA256-GCM-SHA384
+TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256      DHE-PSK-ARIA128-GCM-SHA256
+TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384      DHE-PSK-ARIA256-GCM-SHA384
+TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256      RSA-PSK-ARIA128-GCM-SHA256
+TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384      RSA-PSK-ARIA256-GCM-SHA384
+ +

Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2

+ +
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
+TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
+TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-RSA-CAMELLIA128-SHA256
+TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-RSA-CAMELLIA256-SHA384
+ +

Pre-shared keying (PSK) cipher suites

+ +
PSK_WITH_NULL_SHA                         PSK-NULL-SHA
+DHE_PSK_WITH_NULL_SHA                     DHE-PSK-NULL-SHA
+RSA_PSK_WITH_NULL_SHA                     RSA-PSK-NULL-SHA
+
+PSK_WITH_RC4_128_SHA                      PSK-RC4-SHA
+PSK_WITH_3DES_EDE_CBC_SHA                 PSK-3DES-EDE-CBC-SHA
+PSK_WITH_AES_128_CBC_SHA                  PSK-AES128-CBC-SHA
+PSK_WITH_AES_256_CBC_SHA                  PSK-AES256-CBC-SHA
+
+DHE_PSK_WITH_RC4_128_SHA                  DHE-PSK-RC4-SHA
+DHE_PSK_WITH_3DES_EDE_CBC_SHA             DHE-PSK-3DES-EDE-CBC-SHA
+DHE_PSK_WITH_AES_128_CBC_SHA              DHE-PSK-AES128-CBC-SHA
+DHE_PSK_WITH_AES_256_CBC_SHA              DHE-PSK-AES256-CBC-SHA
+
+RSA_PSK_WITH_RC4_128_SHA                  RSA-PSK-RC4-SHA
+RSA_PSK_WITH_3DES_EDE_CBC_SHA             RSA-PSK-3DES-EDE-CBC-SHA
+RSA_PSK_WITH_AES_128_CBC_SHA              RSA-PSK-AES128-CBC-SHA
+RSA_PSK_WITH_AES_256_CBC_SHA              RSA-PSK-AES256-CBC-SHA
+
+PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
+PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
+DHE_PSK_WITH_AES_128_GCM_SHA256           DHE-PSK-AES128-GCM-SHA256
+DHE_PSK_WITH_AES_256_GCM_SHA384           DHE-PSK-AES256-GCM-SHA384
+RSA_PSK_WITH_AES_128_GCM_SHA256           RSA-PSK-AES128-GCM-SHA256
+RSA_PSK_WITH_AES_256_GCM_SHA384           RSA-PSK-AES256-GCM-SHA384
+
+PSK_WITH_AES_128_CBC_SHA256               PSK-AES128-CBC-SHA256
+PSK_WITH_AES_256_CBC_SHA384               PSK-AES256-CBC-SHA384
+PSK_WITH_NULL_SHA256                      PSK-NULL-SHA256
+PSK_WITH_NULL_SHA384                      PSK-NULL-SHA384
+DHE_PSK_WITH_AES_128_CBC_SHA256           DHE-PSK-AES128-CBC-SHA256
+DHE_PSK_WITH_AES_256_CBC_SHA384           DHE-PSK-AES256-CBC-SHA384
+DHE_PSK_WITH_NULL_SHA256                  DHE-PSK-NULL-SHA256
+DHE_PSK_WITH_NULL_SHA384                  DHE-PSK-NULL-SHA384
+RSA_PSK_WITH_AES_128_CBC_SHA256           RSA-PSK-AES128-CBC-SHA256
+RSA_PSK_WITH_AES_256_CBC_SHA384           RSA-PSK-AES256-CBC-SHA384
+RSA_PSK_WITH_NULL_SHA256                  RSA-PSK-NULL-SHA256
+RSA_PSK_WITH_NULL_SHA384                  RSA-PSK-NULL-SHA384
+PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
+PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
+
+ECDHE_PSK_WITH_RC4_128_SHA                ECDHE-PSK-RC4-SHA
+ECDHE_PSK_WITH_3DES_EDE_CBC_SHA           ECDHE-PSK-3DES-EDE-CBC-SHA
+ECDHE_PSK_WITH_AES_128_CBC_SHA            ECDHE-PSK-AES128-CBC-SHA
+ECDHE_PSK_WITH_AES_256_CBC_SHA            ECDHE-PSK-AES256-CBC-SHA
+ECDHE_PSK_WITH_AES_128_CBC_SHA256         ECDHE-PSK-AES128-CBC-SHA256
+ECDHE_PSK_WITH_AES_256_CBC_SHA384         ECDHE-PSK-AES256-CBC-SHA384
+ECDHE_PSK_WITH_NULL_SHA                   ECDHE-PSK-NULL-SHA
+ECDHE_PSK_WITH_NULL_SHA256                ECDHE-PSK-NULL-SHA256
+ECDHE_PSK_WITH_NULL_SHA384                ECDHE-PSK-NULL-SHA384
+
+PSK_WITH_CAMELLIA_128_CBC_SHA256          PSK-CAMELLIA128-SHA256
+PSK_WITH_CAMELLIA_256_CBC_SHA384          PSK-CAMELLIA256-SHA384
+
+DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256      DHE-PSK-CAMELLIA128-SHA256
+DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384      DHE-PSK-CAMELLIA256-SHA384
+
+RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256      RSA-PSK-CAMELLIA128-SHA256
+RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384      RSA-PSK-CAMELLIA256-SHA384
+
+ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256    ECDHE-PSK-CAMELLIA128-SHA256
+ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384    ECDHE-PSK-CAMELLIA256-SHA384
+
+PSK_WITH_AES_128_CCM                      PSK-AES128-CCM
+PSK_WITH_AES_256_CCM                      PSK-AES256-CCM
+DHE_PSK_WITH_AES_128_CCM                  DHE-PSK-AES128-CCM
+DHE_PSK_WITH_AES_256_CCM                  DHE-PSK-AES256-CCM
+PSK_WITH_AES_128_CCM_8                    PSK-AES128-CCM8
+PSK_WITH_AES_256_CCM_8                    PSK-AES256-CCM8
+DHE_PSK_WITH_AES_128_CCM_8                DHE-PSK-AES128-CCM8
+DHE_PSK_WITH_AES_256_CCM_8                DHE-PSK-AES256-CCM8
+ +

ChaCha20-Poly1305 cipher suites, extending TLS v1.2

+ +
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256      ECDHE-RSA-CHACHA20-POLY1305
+TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256    ECDHE-ECDSA-CHACHA20-POLY1305
+TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256        DHE-RSA-CHACHA20-POLY1305
+TLS_PSK_WITH_CHACHA20_POLY1305_SHA256            PSK-CHACHA20-POLY1305
+TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256      ECDHE-PSK-CHACHA20-POLY1305
+TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256        DHE-PSK-CHACHA20-POLY1305
+TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256        RSA-PSK-CHACHA20-POLY1305
+ +

TLS v1.3 cipher suites

+ +
TLS_AES_128_GCM_SHA256                     TLS_AES_128_GCM_SHA256
+TLS_AES_256_GCM_SHA384                     TLS_AES_256_GCM_SHA384
+TLS_CHACHA20_POLY1305_SHA256               TLS_CHACHA20_POLY1305_SHA256
+TLS_AES_128_CCM_SHA256                     TLS_AES_128_CCM_SHA256
+TLS_AES_128_CCM_8_SHA256                   TLS_AES_128_CCM_8_SHA256
+ +

Older names used by OpenSSL

+ +

The following names are accepted by older releases:

+ +
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA    EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA)
+SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA    EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA)
+ +

NOTES

+ +

Some compiled versions of OpenSSL may not include all the ciphers listed here because some ciphers were excluded at compile time.

+ +

EXAMPLES

+ +

Verbose listing of all OpenSSL ciphers including NULL ciphers:

+ +
openssl ciphers -v 'ALL:eNULL'
+ +

Include all ciphers except NULL and anonymous DH then sort by strength:

+ +
openssl ciphers -v 'ALL:!ADH:@STRENGTH'
+ +

Include all ciphers except ones with no encryption (eNULL) or no authentication (aNULL):

+ +
openssl ciphers -v 'ALL:!aNULL'
+ +

Include only 3DES ciphers and then place RSA ciphers last:

+ +
openssl ciphers -v '3DES:+RSA'
+ +

Include all RC4 ciphers but leave out those without authentication:

+ +
openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
+ +

Include all ciphers with RSA authentication but leave out ciphers without encryption.

+ +
openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
+ +

Set security level to 2 and display all ciphers consistent with level 2:

+ +
openssl ciphers -s -v 'ALL:@SECLEVEL=2'
+ +

SEE ALSO

+ +

s_client(1), s_server(1), ssl(7)

+ +

HISTORY

+ +

The -V option for the ciphers command was added in OpenSSL 1.0.0.

+ +

The -stdname is only available if OpenSSL is built with tracing enabled (enable-ssl-trace argument to Configure) before OpenSSL 1.1.1.

+ +

The -convert option was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/cms.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/cms.html new file mode 100644 index 00000000..28ef380c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/cms.html @@ -0,0 +1,636 @@ + + + + +cms + + + + + + + + + + +

NAME

+ +

openssl-cms, cms - CMS utility

+ +

SYNOPSIS

+ +

openssl cms [-help] [-encrypt] [-decrypt] [-sign] [-verify] [-cmsout] [-resign] [-data_create] [-data_out] [-digest_create] [-digest_verify] [-compress] [-uncompress] [-EncryptedData_encrypt] [-sign_receipt] [-verify_receipt receipt] [-in filename] [-inform SMIME|PEM|DER] [-rctform SMIME|PEM|DER] [-out filename] [-outform SMIME|PEM|DER] [-stream -indef -noindef] [-noindef] [-content filename] [-text] [-noout] [-print] [-CAfile file] [-CApath dir] [-no-CAfile] [-no-CApath] [-attime timestamp] [-check_ss_sig] [-crl_check] [-crl_check_all] [-explicit_policy] [-extended_crl] [-ignore_critical] [-inhibit_any] [-inhibit_map] [-no_check_time] [-partial_chain] [-policy arg] [-policy_check] [-policy_print] [-purpose purpose] [-suiteB_128] [-suiteB_128_only] [-suiteB_192] [-trusted_first] [-no_alt_chains] [-use_deltas] [-auth_level num] [-verify_depth num] [-verify_email email] [-verify_hostname hostname] [-verify_ip ip] [-verify_name name] [-x509_strict] [-md digest] [-cipher] [-nointern] [-noverify] [-nocerts] [-noattr] [-nosmimecap] [-binary] [-crlfeol] [-asciicrlf] [-nodetach] [-certfile file] [-certsout file] [-signer file] [-recip file] [-keyid] [-receipt_request_all] [-receipt_request_first] [-receipt_request_from emailaddress] [-receipt_request_to emailaddress] [-receipt_request_print] [-secretkey key] [-secretkeyid id] [-econtent_type type] [-inkey file] [-keyopt name:parameter] [-passin arg] [-rand file...] [-writerand file] [cert.pem...] [-to addr] [-from addr] [-subject subj] [cert.pem]...

+ +

DESCRIPTION

+ +

The cms command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME messages.

+ +

OPTIONS

+ +

There are fourteen operation options that set the type of operation to be performed. The meaning of the other options varies according to the operation type.

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-encrypt
+
+ +

Encrypt mail for the given recipient certificates. Input file is the message to be encrypted. The output file is the encrypted mail in MIME format. The actual CMS type is <B>EnvelopedData<B>.

+ +

Note that no revocation check is done for the recipient cert, so if that key has been compromised, others may be able to decrypt the text.

+ +
+
-decrypt
+
+ +

Decrypt mail using the supplied certificate and private key. Expects an encrypted mail message in MIME format for the input file. The decrypted mail is written to the output file.

+ +
+
-debug_decrypt
+
+ +

This option sets the CMS_DEBUG_DECRYPT flag. This option should be used with caution: see the notes section below.

+ +
+
-sign
+
+ +

Sign mail using the supplied certificate and private key. Input file is the message to be signed. The signed message in MIME format is written to the output file.

+ +
+
-verify
+
+ +

Verify signed mail. Expects a signed mail message on input and outputs the signed data. Both clear text and opaque signing is supported.

+ +
+
-cmsout
+
+ +

Takes an input message and writes out a PEM encoded CMS structure.

+ +
+
-resign
+
+ +

Resign a message: take an existing message and one or more new signers.

+ +
+
-data_create
+
+ +

Create a CMS Data type.

+ +
+
-data_out
+
+ +

Data type and output the content.

+ +
+
-digest_create
+
+ +

Create a CMS DigestedData type.

+ +
+
-digest_verify
+
+ +

Verify a CMS DigestedData type and output the content.

+ +
+
-compress
+
+ +

Create a CMS CompressedData type. OpenSSL must be compiled with zlib support for this option to work, otherwise it will output an error.

+ +
+
-uncompress
+
+ +

Uncompress a CMS CompressedData type and output the content. OpenSSL must be compiled with zlib support for this option to work, otherwise it will output an error.

+ +
+
-EncryptedData_encrypt
+
+ +

Encrypt content using supplied symmetric key and algorithm using a CMS EncryptedData type and output the content.

+ +
+
-sign_receipt
+
+ +

Generate and output a signed receipt for the supplied message. The input message must contain a signed receipt request. Functionality is otherwise similar to the -sign operation.

+ +
+
-verify_receipt receipt
+
+ +

Verify a signed receipt in filename receipt. The input message must contain the original receipt request. Functionality is otherwise similar to the -verify operation.

+ +
+
-in filename
+
+ +

The input message to be encrypted or signed or the message to be decrypted or verified.

+ +
+
-inform SMIME|PEM|DER
+
+ +

This specifies the input format for the CMS structure. The default is SMIME which reads an S/MIME format message. PEM and DER format change this to expect PEM and DER format CMS structures instead. This currently only affects the input format of the CMS structure, if no CMS structure is being input (for example with -encrypt or -sign) this option has no effect.

+ +
+
-rctform SMIME|PEM|DER
+
+ +

Specify the format for a signed receipt for use with the -receipt_verify operation.

+ +
+
-out filename
+
+ +

The message text that has been decrypted or verified or the output MIME format message that has been signed or verified.

+ +
+
-outform SMIME|PEM|DER
+
+ +

This specifies the output format for the CMS structure. The default is SMIME which writes an S/MIME format message. PEM and DER format change this to write PEM and DER format CMS structures instead. This currently only affects the output format of the CMS structure, if no CMS structure is being output (for example with -verify or -decrypt) this option has no effect.

+ +
+
-stream -indef -noindef
+
+ +

The -stream and -indef options are equivalent and enable streaming I/O for encoding operations. This permits single pass processing of data without the need to hold the entire contents in memory, potentially supporting very large files. Streaming is automatically set for S/MIME signing with detached data if the output format is SMIME it is currently off by default for all other operations.

+ +
+
-noindef
+
+ +

Disable streaming I/O where it would produce and indefinite length constructed encoding. This option currently has no effect. In future streaming will be enabled by default on all relevant operations and this option will disable it.

+ +
+
-content filename
+
+ +

This specifies a file containing the detached content, this is only useful with the -verify command. This is only usable if the CMS structure is using the detached signature form where the content is not included. This option will override any content if the input format is S/MIME and it uses the multipart/signed MIME content type.

+ +
+
-text
+
+ +

This option adds plain text (text/plain) MIME headers to the supplied message if encrypting or signing. If decrypting or verifying it strips off text headers: if the decrypted or verified message is not of MIME type text/plain then an error occurs.

+ +
+
-noout
+
+ +

For the -cmsout operation do not output the parsed CMS structure. This is useful when combined with the -print option or if the syntax of the CMS structure is being checked.

+ +
+
-print
+
+ +

For the -cmsout operation print out all fields of the CMS structure. This is mainly useful for testing purposes.

+ +
+
-CAfile file
+
+ +

A file containing trusted CA certificates, only used with -verify.

+ +
+
-CApath dir
+
+ +

A directory containing trusted CA certificates, only used with -verify. This directory must be a standard certificate directory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location

+ +
+
-md digest
+
+ +

Digest algorithm to use when signing or resigning. If not present then the default digest algorithm for the signing key will be used (usually SHA1).

+ +
+
-cipher
+
+ +

The encryption algorithm to use. For example triple DES (168 bits) - -des3 or 256 bit AES - -aes256. Any standard algorithm name (as used by the EVP_get_cipherbyname() function) can also be used preceded by a dash, for example -aes-128-cbc. See enc(1) for a list of ciphers supported by your version of OpenSSL.

+ +

If not specified triple DES is used. Only used with -encrypt and -EncryptedData_create commands.

+ +
+
-nointern
+
+ +

When verifying a message normally certificates (if any) included in the message are searched for the signing certificate. With this option only the certificates specified in the -certfile option are used. The supplied certificates can still be used as untrusted CAs however.

+ +
+
-noverify
+
+ +

Do not verify the signers certificate of a signed message.

+ +
+
-nocerts
+
+ +

When signing a message the signer's certificate is normally included with this option it is excluded. This will reduce the size of the signed message but the verifier must have a copy of the signers certificate available locally (passed using the -certfile option for example).

+ +
+
-noattr
+
+ +

Normally when a message is signed a set of attributes are included which include the signing time and supported symmetric algorithms. With this option they are not included.

+ +
+
-nosmimecap
+
+ +

Exclude the list of supported algorithms from signed attributes, other options such as signing time and content type are still included.

+ +
+
-binary
+
+ +

Normally the input message is converted to "canonical" format which is effectively using CR and LF as end of line: as required by the S/MIME specification. When this option is present no translation occurs. This is useful when handling binary data which may not be in MIME format.

+ +
+
-crlfeol
+
+ +

Normally the output file uses a single LF as end of line. When this option is present CRLF is used instead.

+ +
+
-asciicrlf
+
+ +

When signing use ASCII CRLF format canonicalisation. This strips trailing whitespace from all lines, deletes trailing blank lines at EOF and sets the encapsulated content type. This option is normally used with detached content and an output signature format of DER. This option is not normally needed when verifying as it is enabled automatically if the encapsulated content format is detected.

+ +
+
-nodetach
+
+ +

When signing a message use opaque signing: this form is more resistant to translation by mail relays but it cannot be read by mail agents that do not support S/MIME. Without this option cleartext signing with the MIME type multipart/signed is used.

+ +
+
-certfile file
+
+ +

Allows additional certificates to be specified. When signing these will be included with the message. When verifying these will be searched for the signers certificates. The certificates should be in PEM format.

+ +
+
-certsout file
+
+ +

Any certificates contained in the message are written to file.

+ +
+
-signer file
+
+ +

A signing certificate when signing or resigning a message, this option can be used multiple times if more than one signer is required. If a message is being verified then the signers certificates will be written to this file if the verification was successful.

+ +
+
-recip file
+
+ +

When decrypting a message this specifies the recipients certificate. The certificate must match one of the recipients of the message or an error occurs.

+ +

When encrypting a message this option may be used multiple times to specify each recipient. This form must be used if customised parameters are required (for example to specify RSA-OAEP).

+ +

Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this option.

+ +
+
-keyid
+
+ +

Use subject key identifier to identify certificates instead of issuer name and serial number. The supplied certificate must include a subject key identifier extension. Supported by -sign and -encrypt options.

+ +
+
-receipt_request_all, -receipt_request_first
+
+ +

For -sign option include a signed receipt request. Indicate requests should be provided by all recipient or first tier recipients (those mailed directly and not from a mailing list). Ignored it -receipt_request_from is included.

+ +
+
-receipt_request_from emailaddress
+
+ +

For -sign option include a signed receipt request. Add an explicit email address where receipts should be supplied.

+ +
+
-receipt_request_to emailaddress
+
+ +

Add an explicit email address where signed receipts should be sent to. This option must but supplied if a signed receipt it requested.

+ +
+
-receipt_request_print
+
+ +

For the -verify operation print out the contents of any signed receipt requests.

+ +
+
-secretkey key
+
+ +

Specify symmetric key to use. The key must be supplied in hex format and be consistent with the algorithm used. Supported by the -EncryptedData_encrypt -EncryptedData_decrypt, -encrypt and -decrypt options. When used with -encrypt or -decrypt the supplied key is used to wrap or unwrap the content encryption key using an AES key in the KEKRecipientInfo type.

+ +
+
-secretkeyid id
+
+ +

The key identifier for the supplied symmetric key for KEKRecipientInfo type. This option must be present if the -secretkey option is used with -encrypt. With -decrypt operations the id is used to locate the relevant key if it is not supplied then an attempt is used to decrypt any KEKRecipientInfo structures.

+ +
+
-econtent_type type
+
+ +

Set the encapsulated content type to type if not supplied the Data type is used. The type argument can be any valid OID name in either text or numerical format.

+ +
+
-inkey file
+
+ +

The private key to use when signing or decrypting. This must match the corresponding certificate. If this option is not specified then the private key must be included in the certificate file specified with the -recip or -signer file. When signing this option can be used multiple times to specify successive keys.

+ +
+
-keyopt name:opt
+
+ +

For signing and encryption this option can be used multiple times to set customised parameters for the preceding key or certificate. It can currently be used to set RSA-PSS for signing, RSA-OAEP for encryption or to modify default parameters for ECDH.

+ +
+
-passin arg
+
+ +

The private key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
cert.pem...
+
+ +

One or more certificates of message recipients: used when encrypting a message.

+ +
+
-to, -from, -subject
+
+ +

The relevant mail headers. These are included outside the signed portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address.

+ +
+
-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict
+
+ +

Set various certificate chain validation options. See the verify(1) manual page for details.

+ +
+
+ +

NOTES

+ +

The MIME message must be sent without any blank lines between the headers and the output. Some mail programs will automatically add a blank line. Piping the mail directly to sendmail is one way to achieve the correct format.

+ +

The supplied message to be signed or encrypted must include the necessary MIME headers or many S/MIME clients won't display it properly (if at all). You can use the -text option to automatically add plain text headers.

+ +

A "signed and encrypted" message is one where a signed message is then encrypted. This can be produced by encrypting an already signed message: see the examples section.

+ +

This version of the program only allows one signer per message but it will verify multiple signers on received messages. Some S/MIME clients choke if a message contains multiple signers. It is possible to sign messages "in parallel" by signing an already signed message.

+ +

The options -encrypt and -decrypt reflect common usage in S/MIME clients. Strictly speaking these process CMS enveloped data: CMS encrypted data is used for other purposes.

+ +

The -resign option uses an existing message digest when adding a new signer. This means that attributes must be present in at least one existing signer using the same message digest or this operation will fail.

+ +

The -stream and -indef options enable streaming I/O support. As a result the encoding is BER using indefinite length constructed encoding and no longer DER. Streaming is supported for the -encrypt operation and the -sign operation if the content is not detached.

+ +

Streaming is always used for the -sign operation with detached data but since the content is no longer part of the CMS structure the encoding remains DER.

+ +

If the -decrypt option is used without a recipient certificate then an attempt is made to locate the recipient by trying each potential recipient in turn using the supplied private key. To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or not and if no recipients match the message is "decrypted" using a random key which will typically output garbage. The -debug_decrypt option can be used to disable the MMA attack protection and return an error if no recipient can be found: this option should be used with caution. For a fuller description see CMS_decrypt(3)).

+ +

EXIT CODES

+ +
+ +
0
+
+ +

The operation was completely successfully.

+ +
+
1
+
+ +

An error occurred parsing the command options.

+ +
+
2
+
+ +

One of the input files could not be read.

+ +
+
3
+
+ +

An error occurred creating the CMS file or when reading the MIME message.

+ +
+
4
+
+ +

An error occurred decrypting or verifying the message.

+ +
+
5
+
+ +

The message was verified correctly but an error occurred writing out the signers certificates.

+ +
+
+ +

COMPATIBILITY WITH PKCS#7 format.

+ +

The smime utility can only process the older PKCS#7 format. The cms utility supports Cryptographic Message Syntax format. Use of some features will result in messages which cannot be processed by applications which only support the older format. These are detailed below.

+ +

The use of the -keyid option with -sign or -encrypt.

+ +

The -outform PEM option uses different headers.

+ +

The -compress option.

+ +

The -secretkey option when used with -encrypt.

+ +

The use of PSS with -sign.

+ +

The use of OAEP or non-RSA keys with -encrypt.

+ +

Additionally the -EncryptedData_create and -data_create type cannot be processed by the older smime command.

+ +

EXAMPLES

+ +

Create a cleartext signed message:

+ +
openssl cms -sign -in message.txt -text -out mail.msg \
+       -signer mycert.pem
+ +

Create an opaque signed message

+ +
openssl cms -sign -in message.txt -text -out mail.msg -nodetach \
+       -signer mycert.pem
+ +

Create a signed message, include some additional certificates and read the private key from another file:

+ +
openssl cms -sign -in in.txt -text -out mail.msg \
+       -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
+ +

Create a signed message with two signers, use key identifier:

+ +
openssl cms -sign -in message.txt -text -out mail.msg \
+       -signer mycert.pem -signer othercert.pem -keyid
+ +

Send a signed message under Unix directly to sendmail, including headers:

+ +
openssl cms -sign -in in.txt -text -signer mycert.pem \
+       -from steve@openssl.org -to someone@somewhere \
+       -subject "Signed message" | sendmail someone@somewhere
+ +

Verify a message and extract the signer's certificate if successful:

+ +
openssl cms -verify -in mail.msg -signer user.pem -out signedtext.txt
+ +

Send encrypted mail using triple DES:

+ +
openssl cms -encrypt -in in.txt -from steve@openssl.org \
+       -to someone@somewhere -subject "Encrypted message" \
+       -des3 user.pem -out mail.msg
+ +

Sign and encrypt mail:

+ +
openssl cms -sign -in ml.txt -signer my.pem -text \
+       | openssl cms -encrypt -out mail.msg \
+       -from steve@openssl.org -to someone@somewhere \
+       -subject "Signed and Encrypted message" -des3 user.pem
+ +

Note: the encryption command does not include the -text option because the message being encrypted already has MIME headers.

+ +

Decrypt mail:

+ +
openssl cms -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
+ +

The output from Netscape form signing is a PKCS#7 structure with the detached signature format. You can use this program to verify the signature by line wrapping the base64 encoded structure and surrounding it with:

+ +
-----BEGIN PKCS7-----
+-----END PKCS7-----
+ +

and using the command,

+ +
openssl cms -verify -inform PEM -in signature.pem -content content.txt
+ +

alternatively you can base64 decode the signature and use

+ +
openssl cms -verify -inform DER -in signature.der -content content.txt
+ +

Create an encrypted message using 128 bit Camellia:

+ +
openssl cms -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
+ +

Add a signer to an existing message:

+ +
openssl cms -resign -in mail.msg -signer newsign.pem -out mail2.msg
+ +

Sign mail using RSA-PSS:

+ +
openssl cms -sign -in message.txt -text -out mail.msg \
+       -signer mycert.pem -keyopt rsa_padding_mode:pss
+ +

Create encrypted mail using RSA-OAEP:

+ +
openssl cms -encrypt -in plain.txt -out mail.msg \
+       -recip cert.pem -keyopt rsa_padding_mode:oaep
+ +

Use SHA256 KDF with an ECDH certificate:

+ +
openssl cms -encrypt -in plain.txt -out mail.msg \
+       -recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256
+ +

BUGS

+ +

The MIME parser isn't very clever: it seems to handle most messages that I've thrown at it but it may choke on others.

+ +

The code currently will only write out the signer's certificate to a file: if the signer has a separate encryption certificate this must be manually extracted. There should be some heuristic that determines the correct encryption certificate.

+ +

Ideally a database should be maintained of a certificates for each email address.

+ +

The code doesn't currently take note of the permitted symmetric encryption algorithms as supplied in the SMIMECapabilities signed attribute. this means the user has to manually include the correct encryption algorithm. It should store the list of permitted ciphers in a database and only use those.

+ +

No revocation checking is done on the signer's certificate.

+ +

HISTORY

+ +

The use of multiple -signer options and the -resign command were first added in OpenSSL 1.0.0.

+ +

The keyopt option was added in OpenSSL 1.0.2.

+ +

Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2.

+ +

The use of non-RSA keys with -encrypt and -decrypt was added in OpenSSL 1.0.2.

+ +

The -no_alt_chains option was added in OpenSSL 1.0.2b.

+ +

COPYRIGHT

+ +

Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/crl.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/crl.html new file mode 100644 index 00000000..c2280be5 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/crl.html @@ -0,0 +1,170 @@ + + + + +crl + + + + + + + + + + +

NAME

+ +

openssl-crl, crl - CRL utility

+ +

SYNOPSIS

+ +

openssl crl [-help] [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename] [-out filename] [-nameopt option] [-noout] [-hash] [-issuer] [-lastupdate] [-nextupdate] [-CAfile file] [-CApath dir]

+ +

DESCRIPTION

+ +

The crl command processes CRL files in DER or PEM format.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. DER format is DER encoded CRL structure. PEM (the default) is a base64 encoded version of the DER form with header and footer lines.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

Specifies the output filename to write to or standard output by default.

+ +
+
-text
+
+ +

Print out the CRL in text form.

+ +
+
-nameopt option
+
+ +

Option which determines how the subject or issuer names are displayed. See the description of -nameopt in x509(1).

+ +
+
-noout
+
+ +

Don't output the encoded version of the CRL.

+ +
+
-hash
+
+ +

Output a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name.

+ +
+
-hash_old
+
+ +

Outputs the "hash" of the CRL issuer name using the older algorithm as used by OpenSSL before version 1.0.0.

+ +
+
-issuer
+
+ +

Output the issuer name.

+ +
+
-lastupdate
+
+ +

Output the lastUpdate field.

+ +
+
-nextupdate
+
+ +

Output the nextUpdate field.

+ +
+
-CAfile file
+
+ +

Verify the signature on a CRL by looking up the issuing certificate in file.

+ +
+
-CApath dir
+
+ +

Verify the signature on a CRL by looking up the issuing certificate in dir. This directory must be a standard certificate directory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate.

+ +
+
+ +

NOTES

+ +

The PEM CRL format uses the header and footer lines:

+ +
-----BEGIN X509 CRL-----
+-----END X509 CRL-----
+ +

EXAMPLES

+ +

Convert a CRL file from PEM to DER:

+ +
openssl crl -in crl.pem -outform DER -out crl.der
+ +

Output the text form of a DER encoded certificate:

+ +
openssl crl -in crl.der -inform DER -text -noout
+ +

BUGS

+ +

Ideally it should be possible to create a CRL using appropriate options and files too.

+ +

SEE ALSO

+ +

crl2pkcs7(1), ca(1), x509(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/crl2pkcs7.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/crl2pkcs7.html new file mode 100644 index 00000000..82157935 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/crl2pkcs7.html @@ -0,0 +1,119 @@ + + + + +crl2pkcs7 + + + + + + + + + + +

NAME

+ +

openssl-crl2pkcs7, crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates

+ +

SYNOPSIS

+ +

openssl crl2pkcs7 [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out filename] [-certfile filename] [-nocrl]

+ +

DESCRIPTION

+ +

The crl2pkcs7 command takes an optional CRL and one or more certificates and converts them into a PKCS#7 degenerate "certificates only" structure.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the CRL input format. DER format is DER encoded CRL structure.PEM (the default) is a base64 encoded version of the DER form with header and footer lines. The default format is PEM.

+ +
+
-outform DER|PEM
+
+ +

This specifies the PKCS#7 structure output format. DER format is DER encoded PKCS#7 structure.PEM (the default) is a base64 encoded version of the DER form with header and footer lines. The default format is PEM.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a CRL from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

Specifies the output filename to write the PKCS#7 structure to or standard output by default.

+ +
+
-certfile filename
+
+ +

Specifies a filename containing one or more certificates in PEM format. All certificates in the file will be added to the PKCS#7 structure. This option can be used more than once to read certificates form multiple files.

+ +
+
-nocrl
+
+ +

Normally a CRL is included in the output file. With this option no CRL is included in the output file and a CRL is not read from the input file.

+ +
+
+ +

EXAMPLES

+ +

Create a PKCS#7 structure from a certificate and CRL:

+ +
openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
+ +

Creates a PKCS#7 structure in DER format with no CRL from several different certificates:

+ +
openssl crl2pkcs7 -nocrl -certfile newcert.pem
+       -certfile demoCA/cacert.pem -outform DER -out p7.der
+ +

NOTES

+ +

The output file is a PKCS#7 signed data structure containing no signers and just certificates and an optional CRL.

+ +

This utility can be used to send certificates and CAs to Netscape as part of the certificate enrollment process. This involves sending the DER encoded output as MIME type application/x-x509-user-cert.

+ +

The PEM encoded form with the header and footer lines removed can be used to install user certificates and CAs in MSIE using the Xenroll control.

+ +

SEE ALSO

+ +

pkcs7(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/dgst.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/dgst.html new file mode 100644 index 00000000..ed3dcce8 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/dgst.html @@ -0,0 +1,250 @@ + + + + +dgst + + + + + + + + + + +

NAME

+ +

openssl-dgst, dgst - perform digest operations

+ +

SYNOPSIS

+ +

openssl dgst [-digest] [-help] [-c] [-d] [-list] [-hex] [-binary] [-r] [-out filename] [-sign filename] [-keyform arg] [-passin arg] [-verify filename] [-prverify filename] [-signature filename] [-sigopt nm:v] [-hmac key] [-fips-fingerprint] [-rand file...] [-engine id] [-engine_impl] [file...]

+ +

openssl digest [...]

+ +

DESCRIPTION

+ +

The digest functions output the message digest of a supplied file or files in hexadecimal. The digest functions also generate and verify digital signatures using message digests.

+ +

The generic name, dgst, may be used with an option specifying the algorithm to be used. The default digest is sha256. A supported digest name may also be used as the command name. To see the list of supported algorithms, use the list --digest-commands command.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-digest
+
+ +

Specifies name of a supported digest to be used. To see the list of supported digests, use the command list --digest-commands.

+ +
+
-c
+
+ +

Print out the digest in two digit groups separated by colons, only relevant if hex format output is used.

+ +
+
-d
+
+ +

Print out BIO debugging information.

+ +
+
-list
+
+ +

Prints out a list of supported message digests.

+ +
+
-hex
+
+ +

Digest is to be output as a hex dump. This is the default case for a "normal" digest as opposed to a digital signature. See NOTES below for digital signatures using -hex.

+ +
+
-binary
+
+ +

Output the digest or signature in binary form.

+ +
+
-r
+
+ +

Output the digest in the "coreutils" format, including newlines. Used by programs like sha1sum.

+ +
+
-out filename
+
+ +

Filename to output to, or standard output by default.

+ +
+
-sign filename
+
+ +

Digitally sign the digest using the private key in "filename". Note this option does not support Ed25519 or Ed448 private keys. Use the pkeyutl command instead for this.

+ +
+
-keyform arg
+
+ +

Specifies the key format to sign digest with. The DER, PEM, P12, and ENGINE formats are supported.

+ +
+
-sigopt nm:v
+
+ +

Pass options to the signature algorithm during sign or verify operations. Names and values of these options are algorithm-specific.

+ +
+
-passin arg
+
+ +

The private key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-verify filename
+
+ +

Verify the signature using the public key in "filename". The output is either "Verification OK" or "Verification Failure".

+ +
+
-prverify filename
+
+ +

Verify the signature using the private key in "filename".

+ +
+
-signature filename
+
+ +

The actual signature to verify.

+ +
+
-hmac key
+
+ +

Create a hashed MAC using "key".

+ +
+
-mac alg
+
+ +

Create MAC (keyed Message Authentication Code). The most popular MAC algorithm is HMAC (hash-based MAC), but there are other MAC algorithms which are not based on hash, for instance gost-mac algorithm, supported by ccgost engine. MAC keys and other options should be set via -macopt parameter.

+ +
+
-macopt nm:v
+
+ +

Passes options to MAC algorithm, specified by -mac key. Following options are supported by both by HMAC and gost-mac:

+ +
+ +
key:string
+
+ +

Specifies MAC key as alphanumeric string (use if key contain printable characters only). String length must conform to any restrictions of the MAC algorithm for example exactly 32 chars for gost-mac.

+ +
+
hexkey:string
+
+ +

Specifies MAC key in hexadecimal form (two hex digits per byte). Key length must conform to any restrictions of the MAC algorithm for example exactly 32 chars for gost-mac.

+ +
+
+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-fips-fingerprint
+
+ +

Compute HMAC using a specific key for certain OpenSSL-FIPS operations.

+ +
+
-engine id
+
+ +

Use engine id for operations (including private key storage). This engine is not used as source for digest algorithms, unless it is also specified in the configuration file or -engine_impl is also specified.

+ +
+
-engine_impl
+
+ +

When used with the -engine option, it specifies to also use engine id for digest operations.

+ +
+
file...
+
+ +

File or files to digest. If no files are specified then standard input is used.

+ +
+
+ +

EXAMPLES

+ +

To create a hex-encoded message digest of a file: openssl dgst -md5 -hex file.txt

+ +

To sign a file using SHA-256 with binary file output: openssl dgst -sha256 -sign privatekey.pem -out signature.sign file.txt

+ +

To verify a signature: openssl dgst -sha256 -verify publickey.pem \ -signature signature.sign \ file.txt

+ +

NOTES

+ +

The digest mechanisms that are available will depend on the options used when building OpenSSL. The list digest-commands command can be used to list them.

+ +

New or agile applications should use probably use SHA-256. Other digests, particularly SHA-1 and MD5, are still widely used for interoperating with existing formats and protocols.

+ +

When signing a file, dgst will automatically determine the algorithm (RSA, ECC, etc) to use for signing based on the private key's ASN.1 info. When verifying signatures, it only handles the RSA, DSA, or ECDSA signature itself, not the related data to identify the signer and algorithm used in formats such as x.509, CMS, and S/MIME.

+ +

A source of random numbers is required for certain signing algorithms, in particular ECDSA and DSA.

+ +

The signing and verify options should only be used if a single file is being signed or verified.

+ +

Hex signatures cannot be verified using openssl. Instead, use "xxd -r" or similar program to transform the hex signature into a binary signature prior to verification.

+ +

HISTORY

+ +

The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. The FIPS-related options were removed in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/dhparam.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/dhparam.html new file mode 100644 index 00000000..10947929 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/dhparam.html @@ -0,0 +1,170 @@ + + + + +dhparam + + + + + + + + + + +

NAME

+ +

openssl-dhparam, dhparam - DH parameter manipulation and generation

+ +

SYNOPSIS

+ +

openssl dhparam [-help] [-inform DER|PEM] [-outform DER|PEM] [-in filename] [-out filename] [-dsaparam] [-check] [-noout] [-text] [-C] [-2] [-5] [-rand file...] [-writerand file] [-engine id] [numbits]

+ +

DESCRIPTION

+ +

This command is used to manipulate DH parameter files.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option uses an ASN1 DER encoded form compatible with the PKCS#3 DHparameter structure. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read parameters from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

This specifies the output filename parameters to. Standard output is used if this option is not present. The output filename should not be the same as the input filename.

+ +
+
-dsaparam
+
+ +

If this option is used, DSA rather than DH parameters are read or created; they are converted to DH format. Otherwise, "strong" primes (such that (p-1)/2 is also prime) will be used for DH parameter generation.

+ +

DH parameter generation with the -dsaparam option is much faster, and the recommended exponent length is shorter, which makes DH key exchange more efficient. Beware that with such DSA-style DH parameters, a fresh DH key should be created for each use to avoid small-subgroup attacks that may be possible otherwise.

+ +
+
-check
+
+ +

Performs numerous checks to see if the supplied parameters are valid and displays a warning if not.

+ +
+
-2, -5
+
+ +

The generator to use, either 2 or 5. If present then the input file is ignored and parameters are generated instead. If not present but numbits is present, parameters are generated with the default generator 2.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
numbits
+
+ +

This option specifies that a parameter set should be generated of size numbits. It must be the last option. If this option is present then the input file is ignored and parameters are generated instead. If this option is not present but a generator (-2 or -5) is present, parameters are generated with a default length of 2048 bits.

+ +
+
-noout
+
+ +

This option inhibits the output of the encoded version of the parameters.

+ +
+
-text
+
+ +

This option prints out the DH parameters in human readable form.

+ +
+
-C
+
+ +

This option converts the parameters into C code. The parameters can then be loaded by calling the get_dhNNNN() function.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause dhparam to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

WARNINGS

+ +

The program dhparam combines the functionality of the programs dh and gendh in previous versions of OpenSSL. The dh and gendh programs are retained for now but may have different purposes in future versions of OpenSSL.

+ +

NOTES

+ +

PEM format DH parameters use the header and footer lines:

+ +
-----BEGIN DH PARAMETERS-----
+-----END DH PARAMETERS-----
+ +

OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42 DH.

+ +

This program manipulates DH parameters not keys.

+ +

BUGS

+ +

There should be a way to generate and manipulate DH keys.

+ +

SEE ALSO

+ +

dsaparam(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/dsa.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/dsa.html new file mode 100644 index 00000000..55891a02 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/dsa.html @@ -0,0 +1,178 @@ + + + + +dsa + + + + + + + + + + +

NAME

+ +

openssl-dsa, dsa - DSA key processing

+ +

SYNOPSIS

+ +

openssl dsa [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-aes128] [-aes192] [-aes256] [-aria128] [-aria192] [-aria256] [-camellia128] [-camellia192] [-camellia256] [-des] [-des3] [-idea] [-text] [-noout] [-modulus] [-pubin] [-pubout] [-engine id]

+ +

DESCRIPTION

+ +

The dsa command processes DSA keys. They can be converted between various forms and their components printed out. Note This command uses the traditional SSLeay compatible format for private key encryption: newer applications should use the more secure PKCS#8 format using the pkcs8

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option with a private key uses an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of version (currently zero), p, q, g, the public and private key components respectively as ASN.1 INTEGERs. When used with a public key it uses a SubjectPublicKeyInfo structure: it is an error if the key is not DSA.

+ +

The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines. In the case of a private key PKCS#8 format is also accepted.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for.

+ +
+
-passin arg
+
+ +

The input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-out filename
+
+ +

This specifies the output filename to write a key to or standard output by is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should not be the same as the input filename.

+ +
+
-passout arg
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
+
+ +

These options encrypt the private key with the specified cipher before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the dsa utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by setting the encryption options it can be use to add or change the pass phrase. These options can only be used with PEM format output files.

+ +
+
-text
+
+ +

Prints out the public, private key components and parameters.

+ +
+
-noout
+
+ +

This option prevents output of the encoded version of the key.

+ +
+
-modulus
+
+ +

This option prints out the value of the public key component of the key.

+ +
+
-pubin
+
+ +

By default, a private key is read from the input file. With this option a public key is read instead.

+ +
+
-pubout
+
+ +

By default, a private key is output. With this option a public key will be output instead. This option is automatically set if the input is a public key.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause dsa to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

NOTES

+ +

The PEM private key format uses the header and footer lines:

+ +
-----BEGIN DSA PRIVATE KEY-----
+-----END DSA PRIVATE KEY-----
+ +

The PEM public key format uses the header and footer lines:

+ +
-----BEGIN PUBLIC KEY-----
+-----END PUBLIC KEY-----
+ +

EXAMPLES

+ +

To remove the pass phrase on a DSA private key:

+ +
openssl dsa -in key.pem -out keyout.pem
+ +

To encrypt a private key using triple DES:

+ +
openssl dsa -in key.pem -des3 -out keyout.pem
+ +

To convert a private key from PEM to DER format:

+ +
openssl dsa -in key.pem -outform DER -out keyout.der
+ +

To print out the components of a private key to standard output:

+ +
openssl dsa -in key.pem -text -noout
+ +

To just output the public part of a private key:

+ +
openssl dsa -in key.pem -pubout -out pubkey.pem
+ +

SEE ALSO

+ +

dsaparam(1), gendsa(1), rsa(1), genrsa(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/dsaparam.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/dsaparam.html new file mode 100644 index 00000000..418e2646 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/dsaparam.html @@ -0,0 +1,144 @@ + + + + +dsaparam + + + + + + + + + + +

NAME

+ +

openssl-dsaparam, dsaparam - DSA parameter manipulation and generation

+ +

SYNOPSIS

+ +

openssl dsaparam [-help] [-inform DER|PEM] [-outform DER|PEM] [-in filename] [-out filename] [-noout] [-text] [-C] [-rand file...] [-writerand file] [-genkey] [-engine id] [numbits]

+ +

DESCRIPTION

+ +

This command is used to manipulate or generate DSA parameter files.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option uses an ASN1 DER encoded form compatible with RFC2459 (PKIX) DSS-Parms that is a SEQUENCE consisting of p, q and g respectively. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read parameters from or standard input if this option is not specified. If the numbits parameter is included then this option will be ignored.

+ +
+
-out filename
+
+ +

This specifies the output filename parameters to. Standard output is used if this option is not present. The output filename should not be the same as the input filename.

+ +
+
-noout
+
+ +

This option inhibits the output of the encoded version of the parameters.

+ +
+
-text
+
+ +

This option prints out the DSA parameters in human readable form.

+ +
+
-C
+
+ +

This option converts the parameters into C code. The parameters can then be loaded by calling the get_dsaXXX() function.

+ +
+
-genkey
+
+ +

This option will generate a DSA either using the specified or generated parameters.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
numbits
+
+ +

This option specifies that a parameter set should be generated of size numbits. It must be the last option. If this option is included then the input file (if any) is ignored.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause dsaparam to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

NOTES

+ +

PEM format DSA parameters use the header and footer lines:

+ +
-----BEGIN DSA PARAMETERS-----
+-----END DSA PARAMETERS-----
+ +

DSA parameter generation is a slow process and as a result the same set of DSA parameters is often used to generate several distinct keys.

+ +

SEE ALSO

+ +

gendsa(1), dsa(1), genrsa(1), rsa(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/ec.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/ec.html new file mode 100644 index 00000000..864feca4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/ec.html @@ -0,0 +1,198 @@ + + + + +ec + + + + + + + + + + +

NAME

+ +

openssl-ec, ec - EC key processing

+ +

SYNOPSIS

+ +

openssl ec [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-des] [-des3] [-idea] [-text] [-noout] [-param_out] [-pubin] [-pubout] [-conv_form arg] [-param_enc arg] [-no_public] [-check] [-engine id]

+ +

DESCRIPTION

+ +

The ec command processes EC keys. They can be converted between various forms and their components printed out. Note OpenSSL uses the private key format specified in 'SEC 1: Elliptic Curve Cryptography' (http://www.secg.org/). To convert an OpenSSL EC private key into the PKCS#8 private key format use the pkcs8 command.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option with a private key uses an ASN.1 DER encoded SEC1 private key. When used with a public key it uses the SubjectPublicKeyInfo structure as specified in RFC 3280. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines. In the case of a private key PKCS#8 format is also accepted.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for.

+ +
+
-passin arg
+
+ +

The input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-out filename
+
+ +

This specifies the output filename to write a key to or standard output by is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should not be the same as the input filename.

+ +
+
-passout arg
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-des|-des3|-idea
+
+ +

These options encrypt the private key with the DES, triple DES, IDEA or any other cipher supported by OpenSSL before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the ec utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by setting the encryption options it can be use to add or change the pass phrase. These options can only be used with PEM format output files.

+ +
+
-text
+
+ +

Prints out the public, private key components and parameters.

+ +
+
-noout
+
+ +

This option prevents output of the encoded version of the key.

+ +
+
-pubin
+
+ +

By default, a private key is read from the input file. With this option a public key is read instead.

+ +
+
-pubout
+
+ +

By default a private key is output. With this option a public key will be output instead. This option is automatically set if the input is a public key.

+ +
+
-conv_form
+
+ +

This specifies how the points on the elliptic curve are converted into octet strings. Possible values are: compressed (the default value), uncompressed and hybrid. For more information regarding the point conversion forms please read the X9.62 standard. Note Due to patent issues the compressed option is disabled by default for binary curves and can be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at compile time.

+ +
+
-param_enc arg
+
+ +

This specifies how the elliptic curve parameters are encoded. Possible value are: named_curve, i.e. the ec parameters are specified by an OID, or explicit where the ec parameters are explicitly given (see RFC 3279 for the definition of the EC parameters structures). The default value is named_curve. Note the implicitlyCA alternative, as specified in RFC 3279, is currently not implemented in OpenSSL.

+ +
+
-no_public
+
+ +

This option omits the public key components from the private key output.

+ +
+
-check
+
+ +

This option checks the consistency of an EC private or public key.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause ec to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

NOTES

+ +

The PEM private key format uses the header and footer lines:

+ +
-----BEGIN EC PRIVATE KEY-----
+-----END EC PRIVATE KEY-----
+ +

The PEM public key format uses the header and footer lines:

+ +
-----BEGIN PUBLIC KEY-----
+-----END PUBLIC KEY-----
+ +

EXAMPLES

+ +

To encrypt a private key using triple DES:

+ +
openssl ec -in key.pem -des3 -out keyout.pem
+ +

To convert a private key from PEM to DER format:

+ +
openssl ec -in key.pem -outform DER -out keyout.der
+ +

To print out the components of a private key to standard output:

+ +
openssl ec -in key.pem -text -noout
+ +

To just output the public part of a private key:

+ +
openssl ec -in key.pem -pubout -out pubkey.pem
+ +

To change the parameters encoding to explicit:

+ +
openssl ec -in key.pem -param_enc explicit -out keyout.pem
+ +

To change the point conversion form to compressed:

+ +
openssl ec -in key.pem -conv_form compressed -out keyout.pem
+ +

SEE ALSO

+ +

ecparam(1), dsa(1), rsa(1)

+ +

COPYRIGHT

+ +

Copyright 2003-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/ecparam.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/ecparam.html new file mode 100644 index 00000000..440835d3 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/ecparam.html @@ -0,0 +1,201 @@ + + + + +ecparam + + + + + + + + + + +

NAME

+ +

openssl-ecparam, ecparam - EC parameter manipulation and generation

+ +

SYNOPSIS

+ +

openssl ecparam [-help] [-inform DER|PEM] [-outform DER|PEM] [-in filename] [-out filename] [-noout] [-text] [-C] [-check] [-name arg] [-list_curves] [-conv_form arg] [-param_enc arg] [-no_seed] [-rand file...] [-writerand file] [-genkey] [-engine id]

+ +

DESCRIPTION

+ +

This command is used to manipulate or generate EC parameter files.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option uses an ASN.1 DER encoded form compatible with RFC 3279 EcpkParameters. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read parameters from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

This specifies the output filename parameters to. Standard output is used if this option is not present. The output filename should not be the same as the input filename.

+ +
+
-noout
+
+ +

This option inhibits the output of the encoded version of the parameters.

+ +
+
-text
+
+ +

This option prints out the EC parameters in human readable form.

+ +
+
-C
+
+ +

This option converts the EC parameters into C code. The parameters can then be loaded by calling the get_ec_group_XXX() function.

+ +
+
-check
+
+ +

Validate the elliptic curve parameters.

+ +
+
-name arg
+
+ +

Use the EC parameters with the specified 'short' name. Use -list_curves to get a list of all currently implemented EC parameters.

+ +
+
-list_curves
+
+ +

If this options is specified ecparam will print out a list of all currently implemented EC parameters names and exit.

+ +
+
-conv_form
+
+ +

This specifies how the points on the elliptic curve are converted into octet strings. Possible values are: compressed, uncompressed (the default value) and hybrid. For more information regarding the point conversion forms please read the X9.62 standard. Note Due to patent issues the compressed option is disabled by default for binary curves and can be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at compile time.

+ +
+
-param_enc arg
+
+ +

This specifies how the elliptic curve parameters are encoded. Possible value are: named_curve, i.e. the ec parameters are specified by an OID, or explicit where the ec parameters are explicitly given (see RFC 3279 for the definition of the EC parameters structures). The default value is named_curve. Note the implicitlyCA alternative, as specified in RFC 3279, is currently not implemented in OpenSSL.

+ +
+
-no_seed
+
+ +

This option inhibits that the 'seed' for the parameter generation is included in the ECParameters structure (see RFC 3279).

+ +
+
-genkey
+
+ +

This option will generate an EC private key using the specified parameters.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause ecparam to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

NOTES

+ +

PEM format EC parameters use the header and footer lines:

+ +
-----BEGIN EC PARAMETERS-----
+-----END EC PARAMETERS-----
+ +

OpenSSL is currently not able to generate new groups and therefore ecparam can only create EC parameters from known (named) curves.

+ +

EXAMPLES

+ +

To create EC parameters with the group 'prime192v1':

+ +
openssl ecparam -out ec_param.pem -name prime192v1
+ +

To create EC parameters with explicit parameters:

+ +
openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
+ +

To validate given EC parameters:

+ +
openssl ecparam -in ec_param.pem -check
+ +

To create EC parameters and a private key:

+ +
openssl ecparam -out ec_key.pem -name prime192v1 -genkey
+ +

To change the point encoding to 'compressed':

+ +
openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
+ +

To print out the EC parameters to standard output:

+ +
openssl ecparam -in ec_param.pem -noout -text
+ +

SEE ALSO

+ +

ec(1), dsaparam(1)

+ +

COPYRIGHT

+ +

Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/enc.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/enc.html new file mode 100644 index 00000000..ce215fe4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/enc.html @@ -0,0 +1,412 @@ + + + + +enc + + + + + + + + + + +

NAME

+ +

openssl-enc, enc - symmetric cipher routines

+ +

SYNOPSIS

+ +

openssl enc -cipher [-help] [-list] [-ciphers] [-in filename] [-out filename] [-pass arg] [-e] [-d] [-a] [-base64] [-A] [-k password] [-kfile filename] [-K key] [-iv IV] [-S salt] [-salt] [-nosalt] [-z] [-md digest] [-iter count] [-pbkdf2] [-p] [-P] [-bufsize number] [-nopad] [-debug] [-none] [-rand file...] [-writerand file] [-engine id]

+ +

openssl [cipher] [...]

+ +

DESCRIPTION

+ +

The symmetric cipher commands allow data to be encrypted or decrypted using various block and stream ciphers using keys based on passwords or explicitly provided. Base64 encoding or decoding can also be performed either by itself or in addition to the encryption or decryption.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-list
+
+ +

List all supported ciphers.

+ +
+
-ciphers
+
+ +

Alias of -list to display all supported ciphers.

+ +
+
-in filename
+
+ +

The input filename, standard input by default.

+ +
+
-out filename
+
+ +

The output filename, standard output by default.

+ +
+
-pass arg
+
+ +

The password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-e
+
+ +

Encrypt the input data: this is the default.

+ +
+
-d
+
+ +

Decrypt the input data.

+ +
+
-a
+
+ +

Base64 process the data. This means that if encryption is taking place the data is base64 encoded after encryption. If decryption is set then the input data is base64 decoded before being decrypted.

+ +
+
-base64
+
+ +

Same as -a

+ +
+
-A
+
+ +

If the -a option is set then base64 process the data on one line.

+ +
+
-k password
+
+ +

The password to derive the key from. This is for compatibility with previous versions of OpenSSL. Superseded by the -pass argument.

+ +
+
-kfile filename
+
+ +

Read the password to derive the key from the first line of filename. This is for compatibility with previous versions of OpenSSL. Superseded by the -pass argument.

+ +
+
-md digest
+
+ +

Use the specified digest to create the key from the passphrase. The default algorithm is sha-256.

+ +
+
-iter count
+
+ +

Use a given number of iterations on the password in deriving the encryption key. High values increase the time required to brute-force the resulting file. This option enables the use of PBKDF2 algorithm to derive the key.

+ +
+
-pbkdf2
+
+ +

Use PBKDF2 algorithm with default iteration count unless otherwise specified.

+ +
+
-nosalt
+
+ +

Don't use a salt in the key derivation routines. This option SHOULD NOT be used except for test purposes or compatibility with ancient versions of OpenSSL.

+ +
+
-salt
+
+ +

Use salt (randomly generated or provide with -S option) when encrypting, this is the default.

+ +
+
-S salt
+
+ +

The actual salt to use: this must be represented as a string of hex digits.

+ +
+
-K key
+
+ +

The actual key to use: this must be represented as a string comprised only of hex digits. If only the key is specified, the IV must additionally specified using the -iv option. When both a key and a password are specified, the key given with the -K option will be used and the IV generated from the password will be taken. It does not make much sense to specify both key and password.

+ +
+
-iv IV
+
+ +

The actual IV to use: this must be represented as a string comprised only of hex digits. When only the key is specified using the -K option, the IV must explicitly be defined. When a password is being specified using one of the other options, the IV is generated from this password.

+ +
+
-p
+
+ +

Print out the key and IV used.

+ +
+
-P
+
+ +

Print out the key and IV used then immediately exit: don't do any encryption or decryption.

+ +
+
-bufsize number
+
+ +

Set the buffer size for I/O.

+ +
+
-nopad
+
+ +

Disable standard block padding.

+ +
+
-debug
+
+ +

Debug the BIOs used for I/O.

+ +
+
-z
+
+ +

Compress or decompress clear text using zlib before encryption or after decryption. This option exists only if OpenSSL with compiled with zlib or zlib-dynamic option.

+ +
+
-none
+
+ +

Use NULL cipher (no encryption or decryption of input).

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
+ +

NOTES

+ +

The program can be called either as openssl cipher or openssl enc -cipher. The first form doesn't work with engine-provided ciphers, because this form is processed before the configuration file is read and any ENGINEs loaded. Use the list command to get a list of supported ciphers.

+ +

Engines which provide entirely new encryption algorithms (such as the ccgost engine which provides gost89 algorithm) should be configured in the configuration file. Engines specified on the command line using -engine options can only be used for hardware-assisted implementations of ciphers which are supported by the OpenSSL core or another engine specified in the configuration file.

+ +

When the enc command lists supported ciphers, ciphers provided by engines, specified in the configuration files are listed too.

+ +

A password will be prompted for to derive the key and IV if necessary.

+ +

The -salt option should ALWAYS be used if the key is being derived from a password unless you want compatibility with previous versions of OpenSSL.

+ +

Without the -salt option it is possible to perform efficient dictionary attacks on the password and to attack stream cipher encrypted data. The reason for this is that without the salt the same password always generates the same encryption key. When the salt is being used the first eight bytes of the encrypted data are reserved for the salt: it is generated at random when encrypting a file and read from the encrypted file when it is decrypted.

+ +

Some of the ciphers do not have large keys and others have security implications if not used correctly. A beginner is advised to just use a strong block cipher, such as AES, in CBC mode.

+ +

All the block ciphers normally use PKCS#5 padding, also known as standard block padding. This allows a rudimentary integrity or password check to be performed. However since the chance of random data passing the test is better than 1 in 256 it isn't a very good test.

+ +

If padding is disabled then the input data must be a multiple of the cipher block length.

+ +

All RC2 ciphers have the same key and effective key length.

+ +

Blowfish and RC5 algorithms use a 128 bit key.

+ +

SUPPORTED CIPHERS

+ +

Note that some of these ciphers can be disabled at compile time and some are available only if an appropriate engine is configured in the configuration file. The output of the enc command run with the -ciphers option (that is openssl enc -ciphers) produces a list of ciphers, supported by your version of OpenSSL, including ones provided by configured engines.

+ +

The enc program does not support authenticated encryption modes like CCM and GCM, and will not support such modes in the future. The enc interface by necessity must begin streaming output (e.g., to standard output when -out is not used) before the authentication tag could be validated, leading to the usage of enc in pipelines that begin processing untrusted data and are not capable of rolling back upon authentication failure. The AEAD modes currently in common use also suffer from catastrophic failure of confidentiality and/or integrity upon reuse of key/iv/nonce, and since enc places the entire burden of key/iv/nonce management upon the user, the risk of exposing AEAD modes is too great to allow. These key/iv/nonce management issues also affect other modes currently exposed in enc, but the failure modes are less extreme in these cases, and the functionality cannot be removed with a stable release branch. For bulk encryption of data, whether using authenticated encryption modes or other modes, cms(1) is recommended, as it provides a standard data format and performs the needed key/iv/nonce management.

+ +
base64             Base 64
+
+bf-cbc             Blowfish in CBC mode
+bf                 Alias for bf-cbc
+blowfish           Alias for bf-cbc
+bf-cfb             Blowfish in CFB mode
+bf-ecb             Blowfish in ECB mode
+bf-ofb             Blowfish in OFB mode
+
+cast-cbc           CAST in CBC mode
+cast               Alias for cast-cbc
+cast5-cbc          CAST5 in CBC mode
+cast5-cfb          CAST5 in CFB mode
+cast5-ecb          CAST5 in ECB mode
+cast5-ofb          CAST5 in OFB mode
+
+chacha20           ChaCha20 algorithm
+
+des-cbc            DES in CBC mode
+des                Alias for des-cbc
+des-cfb            DES in CFB mode
+des-ofb            DES in OFB mode
+des-ecb            DES in ECB mode
+
+des-ede-cbc        Two key triple DES EDE in CBC mode
+des-ede            Two key triple DES EDE in ECB mode
+des-ede-cfb        Two key triple DES EDE in CFB mode
+des-ede-ofb        Two key triple DES EDE in OFB mode
+
+des-ede3-cbc       Three key triple DES EDE in CBC mode
+des-ede3           Three key triple DES EDE in ECB mode
+des3               Alias for des-ede3-cbc
+des-ede3-cfb       Three key triple DES EDE CFB mode
+des-ede3-ofb       Three key triple DES EDE in OFB mode
+
+desx               DESX algorithm.
+
+gost89             GOST 28147-89 in CFB mode (provided by ccgost engine)
+gost89-cnt        `GOST 28147-89 in CNT mode (provided by ccgost engine)
+
+idea-cbc           IDEA algorithm in CBC mode
+idea               same as idea-cbc
+idea-cfb           IDEA in CFB mode
+idea-ecb           IDEA in ECB mode
+idea-ofb           IDEA in OFB mode
+
+rc2-cbc            128 bit RC2 in CBC mode
+rc2                Alias for rc2-cbc
+rc2-cfb            128 bit RC2 in CFB mode
+rc2-ecb            128 bit RC2 in ECB mode
+rc2-ofb            128 bit RC2 in OFB mode
+rc2-64-cbc         64 bit RC2 in CBC mode
+rc2-40-cbc         40 bit RC2 in CBC mode
+
+rc4                128 bit RC4
+rc4-64             64 bit RC4
+rc4-40             40 bit RC4
+
+rc5-cbc            RC5 cipher in CBC mode
+rc5                Alias for rc5-cbc
+rc5-cfb            RC5 cipher in CFB mode
+rc5-ecb            RC5 cipher in ECB mode
+rc5-ofb            RC5 cipher in OFB mode
+
+seed-cbc           SEED cipher in CBC mode
+seed               Alias for seed-cbc
+seed-cfb           SEED cipher in CFB mode
+seed-ecb           SEED cipher in ECB mode
+seed-ofb           SEED cipher in OFB mode
+
+sm4-cbc            SM4 cipher in CBC mode
+sm4                Alias for sm4-cbc
+sm4-cfb            SM4 cipher in CFB mode
+sm4-ctr            SM4 cipher in CTR mode
+sm4-ecb            SM4 cipher in ECB mode
+sm4-ofb            SM4 cipher in OFB mode
+
+aes-[128|192|256]-cbc  128/192/256 bit AES in CBC mode
+aes[128|192|256]       Alias for aes-[128|192|256]-cbc
+aes-[128|192|256]-cfb  128/192/256 bit AES in 128 bit CFB mode
+aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
+aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
+aes-[128|192|256]-ctr  128/192/256 bit AES in CTR mode
+aes-[128|192|256]-ecb  128/192/256 bit AES in ECB mode
+aes-[128|192|256]-ofb  128/192/256 bit AES in OFB mode
+
+aria-[128|192|256]-cbc  128/192/256 bit ARIA in CBC mode
+aria[128|192|256]       Alias for aria-[128|192|256]-cbc
+aria-[128|192|256]-cfb  128/192/256 bit ARIA in 128 bit CFB mode
+aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
+aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
+aria-[128|192|256]-ctr  128/192/256 bit ARIA in CTR mode
+aria-[128|192|256]-ecb  128/192/256 bit ARIA in ECB mode
+aria-[128|192|256]-ofb  128/192/256 bit ARIA in OFB mode
+
+camellia-[128|192|256]-cbc  128/192/256 bit Camellia in CBC mode
+camellia[128|192|256]       Alias for camellia-[128|192|256]-cbc
+camellia-[128|192|256]-cfb  128/192/256 bit Camellia in 128 bit CFB mode
+camellia-[128|192|256]-cfb1 128/192/256 bit Camellia in 1 bit CFB mode
+camellia-[128|192|256]-cfb8 128/192/256 bit Camellia in 8 bit CFB mode
+camellia-[128|192|256]-ctr  128/192/256 bit Camellia in CTR mode
+camellia-[128|192|256]-ecb  128/192/256 bit Camellia in ECB mode
+camellia-[128|192|256]-ofb  128/192/256 bit Camellia in OFB mode
+ +

EXAMPLES

+ +

Just base64 encode a binary file:

+ +
openssl base64 -in file.bin -out file.b64
+ +

Decode the same file

+ +
openssl base64 -d -in file.b64 -out file.bin
+ +

Encrypt a file using AES-128 using a prompted password and PBKDF2 key derivation:

+ +
openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128
+ +

Decrypt a file using a supplied password:

+ +
openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \
+   -pass pass:<password>
+ +

Encrypt a file then base64 encode it (so it can be sent via mail for example) using AES-256 in CTR mode and PBKDF2 key derivation:

+ +
openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256
+ +

Base64 decode a file then decrypt it using a password supplied in a file:

+ +
openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \
+   -pass file:<passfile>
+ +

BUGS

+ +

The -A option when used with large files doesn't work properly.

+ +

The enc program only supports a fixed number of algorithms with certain parameters. So if, for example, you want to use RC2 with a 76 bit key or RC4 with an 84 bit key you can't use this program.

+ +

HISTORY

+ +

The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.

+ +

The -list option was added in OpenSSL 1.1.1e.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/engine.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/engine.html new file mode 100644 index 00000000..b40fb1c5 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/engine.html @@ -0,0 +1,133 @@ + + + + +engine + + + + + + + + + + +

NAME

+ +

openssl-engine, engine - load and query engines

+ +

SYNOPSIS

+ +

openssl engine [ engine... ] [-v] [-vv] [-vvv] [-vvv] [-vvv] [-c] [-t] [-tt] [-pre command] [-post command] [ engine... ]

+ +

DESCRIPTION

+ +

The engine command is used to query the status and capabilities of the specified engine's. Engines may be specified before and after all other command-line flags. Only those specified are queried.

+ +

OPTIONS

+ +
+ +
-v -vv -vvv -vvvv
+
+ +

Provides information about each specified engine. The first flag lists all the possible run-time control commands; the second adds a description of each command; the third adds the input flags, and the final option adds the internal input flags.

+ +
+
-c
+
+ +

Lists the capabilities of each engine.

+ +
+
-t
+
+ +

Tests if each specified engine is available, and displays the answer.

+ +
+
-tt
+
+ +

Displays an error trace for any unavailable engine.

+ +
+
-pre command
+
+ +
+
-post command
+
+ +

Command-line configuration of engines. The -pre command is given to the engine before it is loaded and the -post command is given after the engine is loaded. The command is of the form cmd:val where cmd is the command, and val is the value for the command. See the example below.

+ +
+
+ +

EXAMPLES

+ +

To list all the commands available to a dynamic engine:

+ +
$ openssl engine -t -tt -vvvv dynamic
+(dynamic) Dynamic engine loading support
+     [ unavailable ]
+     SO_PATH: Specifies the path to the new ENGINE shared library
+          (input flags): STRING
+     NO_VCHECK: Specifies to continue even if version checking fails (boolean)
+          (input flags): NUMERIC
+     ID: Specifies an ENGINE id name for loading
+          (input flags): STRING
+     LIST_ADD: Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)
+          (input flags): NUMERIC
+     DIR_LOAD: Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)
+          (input flags): NUMERIC
+     DIR_ADD: Adds a directory from which ENGINEs can be loaded
+          (input flags): STRING
+     LOAD: Load up the ENGINE specified by other settings
+          (input flags): NO_INPUT
+ +

To list the capabilities of the rsax engine:

+ +
$ openssl engine -c
+(rsax) RSAX engine support
+ [RSA]
+(dynamic) Dynamic engine loading support
+ +

ENVIRONMENT

+ +
+ +
OPENSSL_ENGINES
+
+ +

The path to the engines directory.

+ +
+
+ +

SEE ALSO

+ +

config(5)

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/errstr.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/errstr.html new file mode 100644 index 00000000..0d4868cb --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/errstr.html @@ -0,0 +1,64 @@ + + + + +errstr + + + + + + + + + + +

NAME

+ +

openssl-errstr, errstr - lookup error codes

+ +

SYNOPSIS

+ +

openssl errstr error_code

+ +

DESCRIPTION

+ +

Sometimes an application will not load error message and only numerical forms will be available. The errstr utility can be used to display the meaning of the hex code. The hex code is the hex digits after the second colon.

+ +

OPTIONS

+ +

None.

+ +

EXAMPLES

+ +

The error code:

+ +
27594:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107:
+ +

can be displayed with:

+ +
openssl errstr 2006D080
+ +

to produce the error message:

+ +
error:2006D080:BIO routines:BIO_new_file:no such file
+ +

COPYRIGHT

+ +

Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/gendsa.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/gendsa.html new file mode 100644 index 00000000..7a2dd65a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/gendsa.html @@ -0,0 +1,103 @@ + + + + +gendsa + + + + + + + + + + +

NAME

+ +

openssl-gendsa, gendsa - generate a DSA private key from a set of parameters

+ +

SYNOPSIS

+ +

openssl gendsa [-help] [-out filename] [-aes128] [-aes192] [-aes256] [-aria128] [-aria192] [-aria256] [-camellia128] [-camellia192] [-camellia256] [-des] [-des3] [-idea] [-rand file...] [-writerand file] [-engine id] [paramfile]

+ +

DESCRIPTION

+ +

The gendsa command generates a DSA private key from a DSA parameter file (which will be typically generated by the openssl dsaparam command).

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-out filename
+
+ +

Output the key to the specified file. If this argument is not specified then standard output is used.

+ +
+
-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
+
+ +

These options encrypt the private key with specified cipher before outputting it. A pass phrase is prompted for. If none of these options is specified no encryption is used.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause gendsa to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
paramfile
+
+ +

This option specifies the DSA parameter file to use. The parameters in this file determine the size of the private key. DSA parameters can be generated and examined using the openssl dsaparam command.

+ +
+
+ +

NOTES

+ +

DSA key generation is little more than random number generation so it is much quicker that RSA key generation for example.

+ +

SEE ALSO

+ +

dsaparam(1), dsa(1), genrsa(1), rsa(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/genpkey.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/genpkey.html new file mode 100644 index 00000000..453fdde1 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/genpkey.html @@ -0,0 +1,363 @@ + + + + +genpkey + + + + + + + + + + +

NAME

+ +

openssl-genpkey, genpkey - generate a private key

+ +

SYNOPSIS

+ +

openssl genpkey [-help] [-out filename] [-outform PEM|DER] [-pass arg] [-cipher] [-engine id] [-paramfile file] [-algorithm alg] [-pkeyopt opt:value] [-genparam] [-text]

+ +

DESCRIPTION

+ +

The genpkey command generates a private key.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-out filename
+
+ +

Output the key to the specified file. If this argument is not specified then standard output is used.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format DER or PEM. The default format is PEM.

+ +
+
-pass arg
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-cipher
+
+ +

This option encrypts the private key with the supplied cipher. Any algorithm name accepted by EVP_get_cipherbyname() is acceptable such as des3.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause genpkey to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. If used this option should precede all other options.

+ +
+
-algorithm alg
+
+ +

Public key algorithm to use such as RSA, DSA or DH. If used this option must precede any -pkeyopt options. The options -paramfile and -algorithm are mutually exclusive. Engines may add algorithms in addition to the standard built-in ones.

+ +

Valid built-in algorithm names for private key generation are RSA, RSA-PSS, EC, X25519, X448, ED25519 and ED448.

+ +

Valid built-in algorithm names for parameter generation (see the -genparam option) are DH, DSA and EC.

+ +

Note that the algorithm name X9.42 DH may be used as a synonym for the DH algorithm. These are identical and do not indicate the type of parameters that will be generated. Use the dh_paramgen_type option to indicate whether PKCS#3 or X9.42 DH parameters are required. See "DH Parameter Generation Options" below for more details.

+ +
+
-pkeyopt opt:value
+
+ +

Set the public key algorithm option opt to value. The precise set of options supported depends on the public key algorithm used and its implementation. See "KEY GENERATION OPTIONS" and "PARAMETER GENERATION OPTIONS" below for more details.

+ +
+
-genparam
+
+ +

Generate a set of parameters instead of a private key. If used this option must precede any -algorithm, -paramfile or -pkeyopt options.

+ +
+
-paramfile filename
+
+ +

Some public key algorithms generate a private key based on a set of parameters. They can be supplied using this option. If this option is used the public key algorithm used is determined by the parameters. If used this option must precede any -pkeyopt options. The options -paramfile and -algorithm are mutually exclusive.

+ +
+
-text
+
+ +

Print an (unencrypted) text representation of private and public keys and parameters along with the PEM or DER structure.

+ +
+
+ +

KEY GENERATION OPTIONS

+ +

The options supported by each algorithm and indeed each implementation of an algorithm can vary. The options for the OpenSSL implementations are detailed below. There are no key generation options defined for the X25519, X448, ED25519 or ED448 algorithms.

+ +

RSA Key Generation Options

+ +
+ +
rsa_keygen_bits:numbits
+
+ +

The number of bits in the generated key. If not specified 2048 is used.

+ +
+
rsa_keygen_primes:numprimes
+
+ +

The number of primes in the generated key. If not specified 2 is used.

+ +
+
rsa_keygen_pubexp:value
+
+ +

The RSA public exponent value. This can be a large decimal or hexadecimal value if preceded by 0x. Default value is 65537.

+ +
+
+ +

RSA-PSS Key Generation Options

+ +

Note: by default an RSA-PSS key has no parameter restrictions.

+ +
+ +
rsa_keygen_bits:numbits, rsa_keygen_primes:numprimes, rsa_keygen_pubexp:value
+
+ +

These options have the same meaning as the RSA algorithm.

+ +
+
rsa_pss_keygen_md:digest
+
+ +

If set the key is restricted and can only use digest for signing.

+ +
+
rsa_pss_keygen_mgf1_md:digest
+
+ +

If set the key is restricted and can only use digest as it's MGF1 parameter.

+ +
+
rsa_pss_keygen_saltlen:len
+
+ +

If set the key is restricted and len specifies the minimum salt length.

+ +
+
+ +

EC Key Generation Options

+ +

The EC key generation options can also be used for parameter generation.

+ +
+ +
ec_paramgen_curve:curve
+
+ +

The EC curve to use. OpenSSL supports NIST curve names such as "P-256".

+ +
+
ec_param_enc:encoding
+
+ +

The encoding to use for parameters. The "encoding" parameter must be either "named_curve" or "explicit". The default value is "named_curve".

+ +
+
+ +

PARAMETER GENERATION OPTIONS

+ +

The options supported by each algorithm and indeed each implementation of an algorithm can vary. The options for the OpenSSL implementations are detailed below.

+ +

DSA Parameter Generation Options

+ +
+ +
dsa_paramgen_bits:numbits
+
+ +

The number of bits in the generated prime. If not specified 2048 is used.

+ +
+
dsa_paramgen_q_bits:numbits
+
+ +

The number of bits in the q parameter. Must be one of 160, 224 or 256. If not specified 224 is used.

+ +
+
dsa_paramgen_md:digest
+
+ +

The digest to use during parameter generation. Must be one of sha1, sha224 or sha256. If set, then the number of bits in q will match the output size of the specified digest and the dsa_paramgen_q_bits parameter will be ignored. If not set, then a digest will be used that gives an output matching the number of bits in q, i.e. sha1 if q length is 160, sha224 if it 224 or sha256 if it is 256.

+ +
+
+ +

DH Parameter Generation Options

+ +
+ +
dh_paramgen_prime_len:numbits
+
+ +

The number of bits in the prime parameter p. The default is 2048.

+ +
+
dh_paramgen_subprime_len:numbits
+
+ +

The number of bits in the sub prime parameter q. The default is 256 if the prime is at least 2048 bits long or 160 otherwise. Only relevant if used in conjunction with the dh_paramgen_type option to generate X9.42 DH parameters.

+ +
+
dh_paramgen_generator:value
+
+ +

The value to use for the generator g. The default is 2.

+ +
+
dh_paramgen_type:value
+
+ +

The type of DH parameters to generate. Use 0 for PKCS#3 DH and 1 for X9.42 DH. The default is 0.

+ +
+
dh_rfc5114:num
+
+ +

If this option is set, then the appropriate RFC5114 parameters are used instead of generating new parameters. The value num can take the values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of 1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections 2.1, 2.2 and 2.3 respectively. If present this overrides all other DH parameter options.

+ +
+
+ +

EC Parameter Generation Options

+ +

The EC parameter generation options are the same as for key generation. See "EC Key Generation Options" above.

+ +

NOTES

+ +

The use of the genpkey program is encouraged over the algorithm specific utilities because additional algorithm options and ENGINE provided algorithms can be used.

+ +

EXAMPLES

+ +

Generate an RSA private key using default parameters:

+ +
openssl genpkey -algorithm RSA -out key.pem
+ +

Encrypt output private key using 128 bit AES and the passphrase "hello":

+ +
openssl genpkey -algorithm RSA -out key.pem -aes-128-cbc -pass pass:hello
+ +

Generate a 2048 bit RSA key using 3 as the public exponent:

+ +
openssl genpkey -algorithm RSA -out key.pem \
+    -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
+ +

Generate 2048 bit DSA parameters:

+ +
openssl genpkey -genparam -algorithm DSA -out dsap.pem \
+    -pkeyopt dsa_paramgen_bits:2048
+ +

Generate DSA key from parameters:

+ +
openssl genpkey -paramfile dsap.pem -out dsakey.pem
+ +

Generate 2048 bit DH parameters:

+ +
openssl genpkey -genparam -algorithm DH -out dhp.pem \
+    -pkeyopt dh_paramgen_prime_len:2048
+ +

Generate 2048 bit X9.42 DH parameters:

+ +
openssl genpkey -genparam -algorithm DH -out dhpx.pem \
+    -pkeyopt dh_paramgen_prime_len:2048 \
+    -pkeyopt dh_paramgen_type:1
+ +

Output RFC5114 2048 bit DH parameters with 224 bit subgroup:

+ +
openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt dh_rfc5114:2
+ +

Generate DH key from parameters:

+ +
openssl genpkey -paramfile dhp.pem -out dhkey.pem
+ +

Generate EC parameters:

+ +
openssl genpkey -genparam -algorithm EC -out ecp.pem \
+       -pkeyopt ec_paramgen_curve:secp384r1 \
+       -pkeyopt ec_param_enc:named_curve
+ +

Generate EC key from parameters:

+ +
openssl genpkey -paramfile ecp.pem -out eckey.pem
+ +

Generate EC key directly:

+ +
openssl genpkey -algorithm EC -out eckey.pem \
+       -pkeyopt ec_paramgen_curve:P-384 \
+       -pkeyopt ec_param_enc:named_curve
+ +

Generate an X25519 private key:

+ +
openssl genpkey -algorithm X25519 -out xkey.pem
+ +

Generate an ED448 private key:

+ +
openssl genpkey -algorithm ED448 -out xkey.pem
+ +

HISTORY

+ +

The ability to use NIST curve names, and to generate an EC key directly, were added in OpenSSL 1.0.2. The ability to generate X25519 keys was added in OpenSSL 1.1.0. The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/genrsa.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/genrsa.html new file mode 100644 index 00000000..80ad33de --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/genrsa.html @@ -0,0 +1,123 @@ + + + + +genrsa + + + + + + + + + + +

NAME

+ +

openssl-genrsa, genrsa - generate an RSA private key

+ +

SYNOPSIS

+ +

openssl genrsa [-help] [-out filename] [-passout arg] [-aes128] [-aes192] [-aes256] [-aria128] [-aria192] [-aria256] [-camellia128] [-camellia192] [-camellia256] [-des] [-des3] [-idea] [-f4] [-3] [-rand file...] [-writerand file] [-engine id] [-primes num] [numbits]

+ +

DESCRIPTION

+ +

The genrsa command generates an RSA private key.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-out filename
+
+ +

Output the key to the specified file. If this argument is not specified then standard output is used.

+ +
+
-passout arg
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
+
+ +

These options encrypt the private key with specified cipher before outputting it. If none of these options is specified no encryption is used. If encryption is used a pass phrase is prompted for if it is not supplied via the -passout argument.

+ +
+
-F4|-3
+
+ +

The public exponent to use, either 65537 or 3. The default is 65537.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause genrsa to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-primes num
+
+ +

Specify the number of primes to use while generating the RSA key. The num parameter must be a positive integer that is greater than 1 and less than 16. If num is greater than 2, then the generated key is called a 'multi-prime' RSA key, which is defined in RFC 8017.

+ +
+
numbits
+
+ +

The size of the private key to generate in bits. This must be the last option specified. The default is 2048 and values less than 512 are not allowed.

+ +
+
+ +

NOTES

+ +

RSA private key generation essentially involves the generation of two or more prime numbers. When generating a private key various symbols will be output to indicate the progress of the generation. A . represents each number which has passed an initial sieve test, + means a number has passed a single round of the Miller-Rabin primality test, * means the current prime starts a regenerating progress due to some failed tests. A newline means that the number has passed all the prime tests (the actual number depends on the key size).

+ +

Because key generation is a random process the time taken to generate a key may vary somewhat. But in general, more primes lead to less generation time of a key.

+ +

SEE ALSO

+ +

gendsa(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/list.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/list.html new file mode 100644 index 00000000..f0c5e04b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/list.html @@ -0,0 +1,111 @@ + + + + +list + + + + + + + + + + +

NAME

+ +

openssl-list, list - list algorithms and features

+ +

SYNOPSIS

+ +

openssl list [-help] [-1] [-commands] [-digest-commands] [-digest-algorithms] [-cipher-commands] [-cipher-algorithms] [-public-key-algorithms] [-public-key-methods] [-disabled]

+ +

DESCRIPTION

+ +

This command is used to generate list of algorithms or disabled features.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Display a usage message.

+ +
+
-1
+
+ +

List the commands, digest-commands, or cipher-commands in a single column. If used, this option must be given first.

+ +
+
-commands
+
+ +

Display a list of standard commands.

+ +
+
-digest-commands
+
+ +

Display a list of message digest commands, which are typically used as input to the dgst(1) or speed(1) commands.

+ +
+
-digest-algorithms
+
+ +

Display a list of message digest algorithms. If a line is of the form foo => bar then foo is an alias for the official algorithm name, bar.

+ +
+
-cipher-commands
+
+ +

Display a list of cipher commands, which are typically used as input to the dgst(1) or speed(1) commands.

+ +
+
-cipher-algorithms
+
+ +

Display a list of cipher algorithms. If a line is of the form foo => bar then foo is an alias for the official algorithm name, bar.

+ +
+
-public-key-algorithms
+
+ +

Display a list of public key algorithms, with each algorithm as a block of multiple lines, all but the first are indented.

+ +
+
-public-key-methods
+
+ +

Display a list of public key method OIDs: this also includes public key methods without an associated ASN.1 method, for example, KDF algorithms.

+ +
+
-disabled
+
+ +

Display a list of disabled features, those that were compiled out of the installation.

+ +
+
+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/nseq.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/nseq.html new file mode 100644 index 00000000..3983f48a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/nseq.html @@ -0,0 +1,101 @@ + + + + +nseq + + + + + + + + + + +

NAME

+ +

openssl-nseq, nseq - create or examine a Netscape certificate sequence

+ +

SYNOPSIS

+ +

openssl nseq [-help] [-in filename] [-out filename] [-toseq]

+ +

DESCRIPTION

+ +

The nseq command takes a file containing a Netscape certificate sequence and prints out the certificates contained in it or takes a file of certificates and converts it into a Netscape certificate sequence.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-in filename
+
+ +

This specifies the input filename to read or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

Specifies the output filename or standard output by default.

+ +
+
-toseq
+
+ +

Normally a Netscape certificate sequence will be input and the output is the certificates contained in it. With the -toseq option the situation is reversed: a Netscape certificate sequence is created from a file of certificates.

+ +
+
+ +

EXAMPLES

+ +

Output the certificates in a Netscape certificate sequence

+ +
openssl nseq -in nseq.pem -out certs.pem
+ +

Create a Netscape certificate sequence

+ +
openssl nseq -in certs.pem -toseq -out nseq.pem
+ +

NOTES

+ +

The PEM encoded form uses the same headers and footers as a certificate:

+ +
-----BEGIN CERTIFICATE-----
+-----END CERTIFICATE-----
+ +

A Netscape certificate sequence is a Netscape specific format that can be sent to browsers as an alternative to the standard PKCS#7 format when several certificates are sent to the browser: for example during certificate enrollment. It is used by Netscape certificate server for example.

+ +

BUGS

+ +

This program needs a few more options: like allowing DER or PEM input and output files and allowing multiple certificate files to be used.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/ocsp.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/ocsp.html new file mode 100644 index 00000000..d8d27273 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/ocsp.html @@ -0,0 +1,415 @@ + + + + +ocsp + + + + + + + + + + +

NAME

+ +

openssl-ocsp, ocsp - Online Certificate Status Protocol utility

+ +

SYNOPSIS

+ +

openssl ocsp [-help] [-out file] [-issuer file] [-cert file] [-serial n] [-signer file] [-signkey file] [-sign_other file] [-no_certs] [-req_text] [-resp_text] [-text] [-reqout file] [-respout file] [-reqin file] [-respin file] [-nonce] [-no_nonce] [-url URL] [-host host:port] [-multi process-count] [-header] [-path] [-CApath dir] [-CAfile file] [-no-CAfile] [-no-CApath] [-attime timestamp] [-check_ss_sig] [-crl_check] [-crl_check_all] [-explicit_policy] [-extended_crl] [-ignore_critical] [-inhibit_any] [-inhibit_map] [-no_check_time] [-partial_chain] [-policy arg] [-policy_check] [-policy_print] [-purpose purpose] [-suiteB_128] [-suiteB_128_only] [-suiteB_192] [-trusted_first] [-no_alt_chains] [-use_deltas] [-auth_level num] [-verify_depth num] [-verify_email email] [-verify_hostname hostname] [-verify_ip ip] [-verify_name name] [-x509_strict] [-VAfile file] [-validity_period n] [-status_age n] [-noverify] [-verify_other file] [-trust_other] [-no_intern] [-no_signature_verify] [-no_cert_verify] [-no_chain] [-no_cert_checks] [-no_explicit] [-port num] [-ignore_err] [-index file] [-CA file] [-rsigner file] [-rkey file] [-rother file] [-rsigopt nm:v] [-resp_no_certs] [-nmin n] [-ndays n] [-resp_key_id] [-nrequest n] [-digest]

+ +

DESCRIPTION

+ +

The Online Certificate Status Protocol (OCSP) enables applications to determine the (revocation) state of an identified certificate (RFC 2560).

+ +

The ocsp command performs many common OCSP tasks. It can be used to print out requests and responses, create requests and send queries to an OCSP responder and behave like a mini OCSP server itself.

+ +

OPTIONS

+ +

This command operates as either a client or a server. The options are described below, divided into those two modes.

+ +

OCSP Client Options

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-out filename
+
+ +

specify output filename, default is standard output.

+ +
+
-issuer filename
+
+ +

This specifies the current issuer certificate. This option can be used multiple times. The certificate specified in filename must be in PEM format. This option MUST come before any -cert options.

+ +
+
-cert filename
+
+ +

Add the certificate filename to the request. The issuer certificate is taken from the previous issuer option, or an error occurs if no issuer certificate is specified.

+ +
+
-serial num
+
+ +

Same as the cert option except the certificate with serial number num is added to the request. The serial number is interpreted as a decimal integer unless preceded by 0x. Negative integers can also be specified by preceding the value by a - sign.

+ +
+
-signer filename, -signkey filename
+
+ +

Sign the OCSP request using the certificate specified in the signer option and the private key specified by the signkey option. If the signkey option is not present then the private key is read from the same file as the certificate. If neither option is specified then the OCSP request is not signed.

+ +
+
-sign_other filename
+
+ +

Additional certificates to include in the signed request.

+ +
+
-nonce, -no_nonce
+
+ +

Add an OCSP nonce extension to a request or disable OCSP nonce addition. Normally if an OCSP request is input using the reqin option no nonce is added: using the nonce option will force addition of a nonce. If an OCSP request is being created (using cert and serial options) a nonce is automatically added specifying no_nonce overrides this.

+ +
+
-req_text, -resp_text, -text
+
+ +

Print out the text form of the OCSP request, response or both respectively.

+ +
+
-reqout file, -respout file
+
+ +

Write out the DER encoded certificate request or response to file.

+ +
+
-reqin file, -respin file
+
+ +

Read OCSP request or response file from file. These option are ignored if OCSP request or response creation is implied by other options (for example with serial, cert and host options).

+ +
+
-url responder_url
+
+ +

Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified.

+ +
+
-host hostname:port, -path pathname
+
+ +

If the host option is present then the OCSP request is sent to the host hostname on port port. path specifies the HTTP path name to use or "/" by default. This is equivalent to specifying -url with scheme http:// and the given hostname, port, and pathname.

+ +
+
-header name=value
+
+ +

Adds the header name with the specified value to the OCSP request that is sent to the responder. This may be repeated.

+ +
+
-timeout seconds
+
+ +

Connection timeout to the OCSP responder in seconds. On POSIX systems, when running as an OCSP responder, this option also limits the time that the responder is willing to wait for the client request. This time is measured from the time the responder accepts the connection until the complete request is received.

+ +
+
-multi process-count
+
+ +

Run the specified number of OCSP responder child processes, with the parent process respawning child processes as needed. Child processes will detect changes in the CA index file and automatically reload it. When running as a responder -timeout option is recommended to limit the time each child is willing to wait for the client's OCSP response. This option is available on POSIX systems (that support the fork() and other required unix system-calls).

+ +
+
-CAfile file, -CApath pathname
+
+ +

File or pathname containing trusted CA certificates. These are used to verify the signature on the OCSP response.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location

+ +
+
-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict
+
+ +

Set different certificate verification options. See verify(1) manual page for details.

+ +
+
-verify_other file
+
+ +

File containing additional certificates to search when attempting to locate the OCSP response signing certificate. Some responders omit the actual signer's certificate from the response: this option can be used to supply the necessary certificate in such cases.

+ +
+
-trust_other
+
+ +

The certificates specified by the -verify_other option should be explicitly trusted and no additional checks will be performed on them. This is useful when the complete responder certificate chain is not available or trusting a root CA is not appropriate.

+ +
+
-VAfile file
+
+ +

File containing explicitly trusted responder certificates. Equivalent to the -verify_other and -trust_other options.

+ +
+
-noverify
+
+ +

Don't attempt to verify the OCSP response signature or the nonce values. This option will normally only be used for debugging since it disables all verification of the responders certificate.

+ +
+
-no_intern
+
+ +

Ignore certificates contained in the OCSP response when searching for the signers certificate. With this option the signers certificate must be specified with either the -verify_other or -VAfile options.

+ +
+
-no_signature_verify
+
+ +

Don't check the signature on the OCSP response. Since this option tolerates invalid signatures on OCSP responses it will normally only be used for testing purposes.

+ +
+
-no_cert_verify
+
+ +

Don't verify the OCSP response signers certificate at all. Since this option allows the OCSP response to be signed by any certificate it should only be used for testing purposes.

+ +
+
-no_chain
+
+ +

Do not use certificates in the response as additional untrusted CA certificates.

+ +
+
-no_explicit
+
+ +

Do not explicitly trust the root CA if it is set to be trusted for OCSP signing.

+ +
+
-no_cert_checks
+
+ +

Don't perform any additional checks on the OCSP response signers certificate. That is do not make any checks to see if the signers certificate is authorised to provide the necessary status information: as a result this option should only be used for testing purposes.

+ +
+
-validity_period nsec, -status_age age
+
+ +

These options specify the range of times, in seconds, which will be tolerated in an OCSP response. Each certificate status response includes a notBefore time and an optional notAfter time. The current time should fall between these two values, but the interval between the two times may be only a few seconds. In practice the OCSP responder and clients clocks may not be precisely synchronised and so such a check may fail. To avoid this the -validity_period option can be used to specify an acceptable error range in seconds, the default value is 5 minutes.

+ +

If the notAfter time is omitted from a response then this means that new status information is immediately available. In this case the age of the notBefore field is checked to see it is not older than age seconds old. By default this additional check is not performed.

+ +
+
-digest
+
+ +

This option sets digest algorithm to use for certificate identification in the OCSP request. Any digest supported by the OpenSSL dgst command can be used. The default is SHA-1. This option may be used multiple times to specify the digest used by subsequent certificate identifiers.

+ +
+
+ +

OCSP Server Options

+ +
+ +
-index indexfile
+
+ +

The indexfile parameter is the name of a text index file in ca format containing certificate revocation information.

+ +

If the index option is specified the ocsp utility is in responder mode, otherwise it is in client mode. The request(s) the responder processes can be either specified on the command line (using issuer and serial options), supplied in a file (using the reqin option) or via external OCSP clients (if port or url is specified).

+ +

If the index option is present then the CA and rsigner options must also be present.

+ +
+
-CA file
+
+ +

CA certificate corresponding to the revocation information in indexfile.

+ +
+
-rsigner file
+
+ +

The certificate to sign OCSP responses with.

+ +
+
-rother file
+
+ +

Additional certificates to include in the OCSP response.

+ +
+
-resp_no_certs
+
+ +

Don't include any certificates in the OCSP response.

+ +
+
-resp_key_id
+
+ +

Identify the signer certificate using the key ID, default is to use the subject name.

+ +
+
-rkey file
+
+ +

The private key to sign OCSP responses with: if not present the file specified in the rsigner option is used.

+ +
+
-rsigopt nm:v
+
+ +

Pass options to the signature algorithm when signing OCSP responses. Names and values of these options are algorithm-specific.

+ +
+
-port portnum
+
+ +

Port to listen for OCSP requests on. The port may also be specified using the url option.

+ +
+
-ignore_err
+
+ +

Ignore malformed requests or responses: When acting as an OCSP client, retry if a malformed response is received. When acting as an OCSP responder, continue running instead of terminating upon receiving a malformed request.

+ +
+
-nrequest number
+
+ +

The OCSP server will exit after receiving number requests, default unlimited.

+ +
+
-nmin minutes, -ndays days
+
+ +

Number of minutes or days when fresh revocation information is available: used in the nextUpdate field. If neither option is present then the nextUpdate field is omitted meaning fresh revocation information is immediately available.

+ +
+
+ +

OCSP Response verification.

+ +

OCSP Response follows the rules specified in RFC2560.

+ +

Initially the OCSP responder certificate is located and the signature on the OCSP request checked using the responder certificate's public key.

+ +

Then a normal certificate verify is performed on the OCSP responder certificate building up a certificate chain in the process. The locations of the trusted certificates used to build the chain can be specified by the CAfile and CApath options or they will be looked for in the standard OpenSSL certificates directory.

+ +

If the initial verify fails then the OCSP verify process halts with an error.

+ +

Otherwise the issuing CA certificate in the request is compared to the OCSP responder certificate: if there is a match then the OCSP verify succeeds.

+ +

Otherwise the OCSP responder certificate's CA is checked against the issuing CA certificate in the request. If there is a match and the OCSPSigning extended key usage is present in the OCSP responder certificate then the OCSP verify succeeds.

+ +

Otherwise, if -no_explicit is not set the root CA of the OCSP responders CA is checked to see if it is trusted for OCSP signing. If it is the OCSP verify succeeds.

+ +

If none of these checks is successful then the OCSP verify fails.

+ +

What this effectively means if that if the OCSP responder certificate is authorised directly by the CA it is issuing revocation information about (and it is correctly configured) then verification will succeed.

+ +

If the OCSP responder is a "global responder" which can give details about multiple CAs and has its own separate certificate chain then its root CA can be trusted for OCSP signing. For example:

+ +
openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem
+ +

Alternatively the responder certificate itself can be explicitly trusted with the -VAfile option.

+ +

NOTES

+ +

As noted, most of the verify options are for testing or debugging purposes. Normally only the -CApath, -CAfile and (if the responder is a 'global VA') -VAfile options need to be used.

+ +

The OCSP server is only useful for test and demonstration purposes: it is not really usable as a full OCSP responder. It contains only a very simple HTTP request handling and can only handle the POST form of OCSP queries. It also handles requests serially meaning it cannot respond to new requests until it has processed the current one. The text index file format of revocation is also inefficient for large quantities of revocation data.

+ +

It is possible to run the ocsp application in responder mode via a CGI script using the reqin and respout options.

+ +

EXAMPLES

+ +

Create an OCSP request and write it to a file:

+ +
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
+ +

Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the response to a file, print it out in text form, and verify the response:

+ +
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
+    -url http://ocsp.myhost.com/ -resp_text -respout resp.der
+ +

Read in an OCSP response and print out text form:

+ +
openssl ocsp -respin resp.der -text -noverify
+ +

OCSP server on port 8888 using a standard ca configuration, and a separate responder certificate. All requests and responses are printed to a file.

+ +
openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
+       -text -out log.txt
+ +

As above but exit after processing one request:

+ +
openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
+    -nrequest 1
+ +

Query status information using an internally generated request:

+ +
openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
+    -issuer demoCA/cacert.pem -serial 1
+ +

Query status information using request read from a file, and write the response to a second file.

+ +
openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
+    -reqin req.der -respout resp.der
+ +

HISTORY

+ +

The -no_alt_chains option was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/openssl.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/openssl.html new file mode 100644 index 00000000..f90b19ce --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/openssl.html @@ -0,0 +1,712 @@ + + + + +openssl + + + + + + + + + + +

NAME

+ +

openssl - OpenSSL command line tool

+ +

SYNOPSIS

+ +

openssl command [ command_opts ] [ command_args ]

+ +

openssl list [ standard-commands | digest-commands | cipher-commands | cipher-algorithms | digest-algorithms | public-key-algorithms]

+ +

openssl no-XXX [ arbitrary options ]

+ +

DESCRIPTION

+ +

OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.

+ +

The openssl program is a command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for

+ +
o  Creation and management of private keys, public keys and parameters
+o  Public key cryptographic operations
+o  Creation of X.509 certificates, CSRs and CRLs
+o  Calculation of Message Digests
+o  Encryption and Decryption with Ciphers
+o  SSL/TLS Client and Server Tests
+o  Handling of S/MIME signed or encrypted mail
+o  Time Stamp requests, generation and verification
+ +

COMMAND SUMMARY

+ +

The openssl program provides a rich variety of commands (command in the SYNOPSIS above), each of which often has a wealth of options and arguments (command_opts and command_args in the SYNOPSIS).

+ +

Detailed documentation and use cases for most standard subcommands are available (e.g., x509(1) or openssl-x509(1)).

+ +

Many commands use an external configuration file for some or all of their arguments and have a -config option to specify that file. The environment variable OPENSSL_CONF can be used to specify the location of the file. If the environment variable is not specified, then the file is named openssl.cnf in the default certificate storage area, whose value depends on the configuration flags specified when the OpenSSL was built.

+ +

The list parameters standard-commands, digest-commands, and cipher-commands output a list (one entry per line) of the names of all standard commands, message digest commands, or cipher commands, respectively, that are available in the present openssl utility.

+ +

The list parameters cipher-algorithms and digest-algorithms list all cipher and message digest names, one entry per line. Aliases are listed as:

+ +
from => to
+ +

The list parameter public-key-algorithms lists all supported public key algorithms.

+ +

The command no-XXX tests whether a command of the specified name is available. If no command named XXX exists, it returns 0 (success) and prints no-XXX; otherwise it returns 1 and prints XXX. In both cases, the output goes to stdout and nothing is printed to stderr. Additional command line arguments are always ignored. Since for each cipher there is a command of the same name, this provides an easy way for shell scripts to test for the availability of ciphers in the openssl program. (no-XXX is not able to detect pseudo-commands such as quit, list, or no-XXX itself.)

+ +

Standard Commands

+ +
+ +
asn1parse
+
+ +

Parse an ASN.1 sequence.

+ +
+
ca
+
+ +

Certificate Authority (CA) Management.

+ +
+
ciphers
+
+ +

Cipher Suite Description Determination.

+ +
+
cms
+
+ +

CMS (Cryptographic Message Syntax) utility.

+ +
+
crl
+
+ +

Certificate Revocation List (CRL) Management.

+ +
+
crl2pkcs7
+
+ +

CRL to PKCS#7 Conversion.

+ +
+
dgst
+
+ +

Message Digest Calculation.

+ +
+
dh
+
+ +

Diffie-Hellman Parameter Management. Obsoleted by dhparam(1).

+ +
+
dhparam
+
+ +

Generation and Management of Diffie-Hellman Parameters. Superseded by genpkey(1) and pkeyparam(1).

+ +
+
dsa
+
+ +

DSA Data Management.

+ +
+
dsaparam
+
+ +

DSA Parameter Generation and Management. Superseded by genpkey(1) and pkeyparam(1).

+ +
+
ec
+
+ +

EC (Elliptic curve) key processing.

+ +
+
ecparam
+
+ +

EC parameter manipulation and generation.

+ +
+
enc
+
+ +

Encoding with Ciphers.

+ +
+
engine
+
+ +

Engine (loadable module) information and manipulation.

+ +
+
errstr
+
+ +

Error Number to Error String Conversion.

+ +
+
gendh
+
+ +

Generation of Diffie-Hellman Parameters. Obsoleted by dhparam(1).

+ +
+
gendsa
+
+ +

Generation of DSA Private Key from Parameters. Superseded by genpkey(1) and pkey(1).

+ +
+
genpkey
+
+ +

Generation of Private Key or Parameters.

+ +
+
genrsa
+
+ +

Generation of RSA Private Key. Superseded by genpkey(1).

+ +
+
nseq
+
+ +

Create or examine a Netscape certificate sequence.

+ +
+
ocsp
+
+ +

Online Certificate Status Protocol utility.

+ +
+
passwd
+
+ +

Generation of hashed passwords.

+ +
+
pkcs12
+
+ +

PKCS#12 Data Management.

+ +
+
pkcs7
+
+ +

PKCS#7 Data Management.

+ +
+
pkcs8
+
+ +

PKCS#8 format private key conversion tool.

+ +
+
pkey
+
+ +

Public and private key management.

+ +
+
pkeyparam
+
+ +

Public key algorithm parameter management.

+ +
+
pkeyutl
+
+ +

Public key algorithm cryptographic operation utility.

+ +
+
prime
+
+ +

Compute prime numbers.

+ +
+
rand
+
+ +

Generate pseudo-random bytes.

+ +
+
rehash
+
+ +

Create symbolic links to certificate and CRL files named by the hash values.

+ +
+
req
+
+ +

PKCS#10 X.509 Certificate Signing Request (CSR) Management.

+ +
+
rsa
+
+ +

RSA key management.

+ +
+
rsautl
+
+ +

RSA utility for signing, verification, encryption, and decryption. Superseded by pkeyutl(1).

+ +
+
s_client
+
+ +

This implements a generic SSL/TLS client which can establish a transparent connection to a remote server speaking SSL/TLS. It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the OpenSSL ssl library.

+ +
+
s_server
+
+ +

This implements a generic SSL/TLS server which accepts connections from remote clients speaking SSL/TLS. It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the OpenSSL ssl library. It provides both an own command line oriented protocol for testing SSL functions and a simple HTTP response facility to emulate an SSL/TLS-aware webserver.

+ +
+
s_time
+
+ +

SSL Connection Timer.

+ +
+
sess_id
+
+ +

SSL Session Data Management.

+ +
+
smime
+
+ +

S/MIME mail processing.

+ +
+
speed
+
+ +

Algorithm Speed Measurement.

+ +
+
spkac
+
+ +

SPKAC printing and generating utility.

+ +
+
srp
+
+ +

Maintain SRP password file.

+ +
+
storeutl
+
+ +

Utility to list and display certificates, keys, CRLs, etc.

+ +
+
ts
+
+ +

Time Stamping Authority tool (client/server).

+ +
+
verify
+
+ +

X.509 Certificate Verification.

+ +
+
version
+
+ +

OpenSSL Version Information.

+ +
+
x509
+
+ +

X.509 Certificate Data Management.

+ +
+
+ +

Message Digest Commands

+ +
+ +
blake2b512
+
+ +

BLAKE2b-512 Digest

+ +
+
blake2s256
+
+ +

BLAKE2s-256 Digest

+ +
+
md2
+
+ +

MD2 Digest

+ +
+
md4
+
+ +

MD4 Digest

+ +
+
md5
+
+ +

MD5 Digest

+ +
+
mdc2
+
+ +

MDC2 Digest

+ +
+
rmd160
+
+ +

RMD-160 Digest

+ +
+
sha1
+
+ +

SHA-1 Digest

+ +
+
sha224
+
+ +

SHA-2 224 Digest

+ +
+
sha256
+
+ +

SHA-2 256 Digest

+ +
+
sha384
+
+ +

SHA-2 384 Digest

+ +
+
sha512
+
+ +

SHA-2 512 Digest

+ +
+
sha3-224
+
+ +

SHA-3 224 Digest

+ +
+
sha3-256
+
+ +

SHA-3 256 Digest

+ +
+
sha3-384
+
+ +

SHA-3 384 Digest

+ +
+
sha3-512
+
+ +

SHA-3 512 Digest

+ +
+
shake128
+
+ +

SHA-3 SHAKE128 Digest

+ +
+
shake256
+
+ +

SHA-3 SHAKE256 Digest

+ +
+
sm3
+
+ +

SM3 Digest

+ +
+
+ +

Encoding and Cipher Commands

+ +

The following aliases provide convenient access to the most used encodings and ciphers.

+ +

Depending on how OpenSSL was configured and built, not all ciphers listed here may be present. See enc(1) for more information and command usage.

+ +
+ +
aes128, aes-128-cbc, aes-128-cfb, aes-128-ctr, aes-128-ecb, aes-128-ofb
+
+ +

AES-128 Cipher

+ +
+
aes192, aes-192-cbc, aes-192-cfb, aes-192-ctr, aes-192-ecb, aes-192-ofb
+
+ +

AES-192 Cipher

+ +
+
aes256, aes-256-cbc, aes-256-cfb, aes-256-ctr, aes-256-ecb, aes-256-ofb
+
+ +

AES-256 Cipher

+ +
+
aria128, aria-128-cbc, aria-128-cfb, aria-128-ctr, aria-128-ecb, aria-128-ofb
+
+ +

Aria-128 Cipher

+ +
+
aria192, aria-192-cbc, aria-192-cfb, aria-192-ctr, aria-192-ecb, aria-192-ofb
+
+ +

Aria-192 Cipher

+ +
+
aria256, aria-256-cbc, aria-256-cfb, aria-256-ctr, aria-256-ecb, aria-256-ofb
+
+ +

Aria-256 Cipher

+ +
+
base64
+
+ +

Base64 Encoding

+ +
+
bf, bf-cbc, bf-cfb, bf-ecb, bf-ofb
+
+ +

Blowfish Cipher

+ +
+
camellia128, camellia-128-cbc, camellia-128-cfb, camellia-128-ctr, camellia-128-ecb, camellia-128-ofb
+
+ +

Camellia-128 Cipher

+ +
+
camellia192, camellia-192-cbc, camellia-192-cfb, camellia-192-ctr, camellia-192-ecb, camellia-192-ofb
+
+ +

Camellia-192 Cipher

+ +
+
camellia256, camellia-256-cbc, camellia-256-cfb, camellia-256-ctr, camellia-256-ecb, camellia-256-ofb
+
+ +

Camellia-256 Cipher

+ +
+
cast, cast-cbc
+
+ +

CAST Cipher

+ +
+
cast5-cbc, cast5-cfb, cast5-ecb, cast5-ofb
+
+ +

CAST5 Cipher

+ +
+
chacha20
+
+ +

Chacha20 Cipher

+ +
+
des, des-cbc, des-cfb, des-ecb, des-ede, des-ede-cbc, des-ede-cfb, des-ede-ofb, des-ofb
+
+ +

DES Cipher

+ +
+
des3, desx, des-ede3, des-ede3-cbc, des-ede3-cfb, des-ede3-ofb
+
+ +

Triple-DES Cipher

+ +
+
idea, idea-cbc, idea-cfb, idea-ecb, idea-ofb
+
+ +

IDEA Cipher

+ +
+
rc2, rc2-cbc, rc2-cfb, rc2-ecb, rc2-ofb
+
+ +

RC2 Cipher

+ +
+
rc4
+
+ +

RC4 Cipher

+ +
+
rc5, rc5-cbc, rc5-cfb, rc5-ecb, rc5-ofb
+
+ +

RC5 Cipher

+ +
+
seed, seed-cbc, seed-cfb, seed-ecb, seed-ofb
+
+ +

SEED Cipher

+ +
+
sm4, sm4-cbc, sm4-cfb, sm4-ctr, sm4-ecb, sm4-ofb
+
+ +

SM4 Cipher

+ +
+
+ +

OPTIONS

+ +

Details of which options are available depend on the specific command. This section describes some common options with common behavior.

+ +

Common Options

+ +
+ +
-help
+
+ +

Provides a terse summary of all options.

+ +
+
+ +

Pass Phrase Options

+ +

Several commands accept password arguments, typically using -passin and -passout for input and output passwords respectively. These allow the password to be obtained from a variety of sources. Both of these options take a single argument whose format is described below. If no password argument is given and a password is required then the user is prompted to enter one: this will typically be read from the current terminal with echoing turned off.

+ +

Note that character encoding may be relevant, please see passphrase-encoding(7).

+ +
+ +
pass:password
+
+ +

The actual password is password. Since the password is visible to utilities (like 'ps' under Unix) this form should only be used where security is not important.

+ +
+
env:var
+
+ +

Obtain the password from the environment variable var. Since the environment of other processes is visible on certain platforms (e.g. ps under certain Unix OSes) this option should be used with caution.

+ +
+
file:pathname
+
+ +

The first line of pathname is the password. If the same pathname argument is supplied to -passin and -passout arguments then the first line will be used for the input password and the next line for the output password. pathname need not refer to a regular file: it could for example refer to a device or named pipe.

+ +
+
fd:number
+
+ +

Read the password from the file descriptor number. This can be used to send the data via a pipe for example.

+ +
+
stdin
+
+ +

Read the password from standard input.

+ +
+
+ +

SEE ALSO

+ +

asn1parse(1), ca(1), ciphers(1), cms(1), config(5), crl(1), crl2pkcs7(1), dgst(1), dhparam(1), dsa(1), dsaparam(1), ec(1), ecparam(1), enc(1), engine(1), errstr(1), gendsa(1), genpkey(1), genrsa(1), nseq(1), ocsp(1), passwd(1), pkcs12(1), pkcs7(1), pkcs8(1), pkey(1), pkeyparam(1), pkeyutl(1), prime(1), rand(1), rehash(1), req(1), rsa(1), rsautl(1), s_client(1), s_server(1), s_time(1), sess_id(1), smime(1), speed(1), spkac(1), srp(1), storeutl(1), ts(1), verify(1), version(1), x509(1), crypto(7), ssl(7), x509v3_config(5)

+ +

HISTORY

+ +

The list-XXX-algorithms pseudo-commands were added in OpenSSL 1.0.0; For notes on the availability of other commands, see their individual manual pages.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/passwd.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/passwd.html new file mode 100644 index 00000000..30e8706a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/passwd.html @@ -0,0 +1,154 @@ + + + + +passwd + + + + + + + + + + +

NAME

+ +

openssl-passwd, passwd - compute password hashes

+ +

SYNOPSIS

+ +

openssl passwd [-help] [-crypt] [-1] [-apr1] [-aixmd5] [-5] [-6] [-salt string] [-in file] [-stdin] [-noverify] [-quiet] [-table] [-rand file...] [-writerand file] {password}

+ +

DESCRIPTION

+ +

The passwd command computes the hash of a password typed at run-time or the hash of each password in a list. The password list is taken from the named file for option -in file, from stdin for option -stdin, or from the command line, or from the terminal otherwise. The Unix standard algorithm crypt and the MD5-based BSD password algorithm 1, its Apache variant apr1, and its AIX variant are available.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-crypt
+
+ +

Use the crypt algorithm (default).

+ +
+
-1
+
+ +

Use the MD5 based BSD password algorithm 1.

+ +
+
-apr1
+
+ +

Use the apr1 algorithm (Apache variant of the BSD algorithm).

+ +
+
-aixmd5
+
+ +

Use the AIX MD5 algorithm (AIX variant of the BSD algorithm).

+ +
+
-5
+
+ +
+
-6
+
+ +

Use the SHA256 / SHA512 based algorithms defined by Ulrich Drepper. See https://www.akkadia.org/drepper/SHA-crypt.txt.

+ +
+
-salt string
+
+ +

Use the specified salt. When reading a password from the terminal, this implies -noverify.

+ +
+
-in file
+
+ +

Read passwords from file.

+ +
+
-stdin
+
+ +

Read passwords from stdin.

+ +
+
-noverify
+
+ +

Don't verify when reading a password from the terminal.

+ +
+
-quiet
+
+ +

Don't output warnings when passwords given at the command line are truncated.

+ +
+
-table
+
+ +

In the output list, prepend the cleartext password and a TAB character to each password hash.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
+ +

EXAMPLES

+ +
% openssl passwd -crypt -salt xx password
+xxj31ZMTZzkVA
+
+% openssl passwd -1 -salt xxxxxxxx password
+$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.
+
+% openssl passwd -apr1 -salt xxxxxxxx password
+$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0
+
+% openssl passwd -aixmd5 -salt xxxxxxxx password
+xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/
+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/pkcs12.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/pkcs12.html new file mode 100644 index 00000000..4a8cf87c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/pkcs12.html @@ -0,0 +1,379 @@ + + + + +pkcs12 + + + + + + + + + + +

NAME

+ +

openssl-pkcs12, pkcs12 - PKCS#12 file utility

+ +

SYNOPSIS

+ +

openssl pkcs12 [-help] [-export] [-chain] [-inkey file_or_id] [-certfile filename] [-name name] [-caname name] [-in filename] [-out filename] [-noout] [-nomacver] [-nocerts] [-clcerts] [-cacerts] [-nokeys] [-info] [-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -aria128 | -aria192 | -aria256 | -camellia128 | -camellia192 | -camellia256 | -nodes] [-noiter] [-maciter | -nomaciter | -nomac] [-twopass] [-descert] [-certpbe cipher] [-keypbe cipher] [-macalg digest] [-keyex] [-keysig] [-password arg] [-passin arg] [-passout arg] [-rand file...] [-writerand file] [-CAfile file] [-CApath dir] [-no-CAfile] [-no-CApath] [-CSP name]

+ +

DESCRIPTION

+ +

The pkcs12 command allows PKCS#12 files (sometimes referred to as PFX files) to be created and parsed. PKCS#12 files are used by several programs including Netscape, MSIE and MS Outlook.

+ +

OPTIONS

+ +

There are a lot of options the meaning of some depends of whether a PKCS#12 file is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 file can be created by using the -export option (see below).

+ +

PARSING OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-in filename
+
+ +

This specifies filename of the PKCS#12 file to be parsed. Standard input is used by default.

+ +
+
-out filename
+
+ +

The filename to write certificates and private keys to, standard output by default. They are all written in PEM format.

+ +
+
-passin arg
+
+ +

The PKCS#12 file (i.e. input file) password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-passout arg
+
+ +

Pass phrase source to encrypt any outputted private keys with. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-password arg
+
+ +

With -export, -password is equivalent to -passout. Otherwise, -password is equivalent to -passin.

+ +
+
-noout
+
+ +

This option inhibits output of the keys and certificates to the output file version of the PKCS#12 file.

+ +
+
-clcerts
+
+ +

Only output client certificates (not CA certificates).

+ +
+
-cacerts
+
+ +

Only output CA certificates (not client certificates).

+ +
+
-nocerts
+
+ +

No certificates at all will be output.

+ +
+
-nokeys
+
+ +

No private keys will be output.

+ +
+
-info
+
+ +

Output additional information about the PKCS#12 file structure, algorithms used and iteration counts.

+ +
+
-des
+
+ +

Use DES to encrypt private keys before outputting.

+ +
+
-des3
+
+ +

Use triple DES to encrypt private keys before outputting, this is the default.

+ +
+
-idea
+
+ +

Use IDEA to encrypt private keys before outputting.

+ +
+
-aes128, -aes192, -aes256
+
+ +

Use AES to encrypt private keys before outputting.

+ +
+
-aria128, -aria192, -aria256
+
+ +

Use ARIA to encrypt private keys before outputting.

+ +
+
-camellia128, -camellia192, -camellia256
+
+ +

Use Camellia to encrypt private keys before outputting.

+ +
+
-nodes
+
+ +

Don't encrypt the private keys at all.

+ +
+
-nomacver
+
+ +

Don't attempt to verify the integrity MAC before reading the file.

+ +
+
-twopass
+
+ +

Prompt for separate integrity and encryption passwords: most software always assumes these are the same so this option will render such PKCS#12 files unreadable. Cannot be used in combination with the options -password, -passin (if importing) or -passout (if exporting).

+ +
+
+ +

FILE CREATION OPTIONS

+ +
+ +
-export
+
+ +

This option specifies that a PKCS#12 file will be created rather than parsed.

+ +
+
-out filename
+
+ +

This specifies filename to write the PKCS#12 file to. Standard output is used by default.

+ +
+
-in filename
+
+ +

The filename to read certificates and private keys from, standard input by default. They must all be in PEM format. The order doesn't matter but one private key and its corresponding certificate should be present. If additional certificates are present they will also be included in the PKCS#12 file.

+ +
+
-inkey file_or_id
+
+ +

File to read private key from. If not present then a private key must be present in the input file. If no engine is used, the argument is taken as a file; if an engine is specified, the argument is given to the engine as a key identifier.

+ +
+
-name friendlyname
+
+ +

This specifies the "friendly name" for the certificate and private key. This name is typically displayed in list boxes by software importing the file.

+ +
+
-certfile filename
+
+ +

A filename to read additional certificates from.

+ +
+
-caname friendlyname
+
+ +

This specifies the "friendly name" for other certificates. This option may be used multiple times to specify names for all certificates in the order they appear. Netscape ignores friendly names on other certificates whereas MSIE displays them.

+ +
+
-pass arg, -passout arg
+
+ +

The PKCS#12 file (i.e. output file) password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-passin password
+
+ +

Pass phrase source to decrypt any input private keys with. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-chain
+
+ +

If this option is present then an attempt is made to include the entire certificate chain of the user certificate. The standard CA store is used for this search. If the search fails it is considered a fatal error.

+ +
+
-descert
+
+ +

Encrypt the certificate using triple DES, this may render the PKCS#12 file unreadable by some "export grade" software. By default the private key is encrypted using triple DES and the certificate using 40 bit RC2 unless RC2 is disabled in which case triple DES is used.

+ +
+
-keypbe alg, -certpbe alg
+
+ +

These options allow the algorithm used to encrypt the private key and certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used (see NOTES section for more information). If a cipher name (as output by the list-cipher-algorithms command is specified then it is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only use PKCS#12 algorithms.

+ +
+
-keyex|-keysig
+
+ +

Specifies that the private key is to be used for key exchange or just signing. This option is only interpreted by MSIE and similar MS software. Normally "export grade" software will only allow 512 bit RSA keys to be used for encryption purposes but arbitrary length keys for signing. The -keysig option marks the key for signing only. Signing only keys can be used for S/MIME signing, authenticode (ActiveX control signing) and SSL client authentication, however due to a bug only MSIE 5.0 and later support the use of signing only keys for SSL client authentication.

+ +
+
-macalg digest
+
+ +

Specify the MAC digest algorithm. If not included them SHA1 will be used.

+ +
+
-nomaciter, -noiter
+
+ +

These options affect the iteration counts on the MAC and key algorithms. Unless you wish to produce files compatible with MSIE 4.0 you should leave these options alone.

+ +

To discourage attacks by using large dictionaries of common passwords the algorithm that derives keys from passwords can have an iteration count applied to it: this causes a certain part of the algorithm to be repeated and slows it down. The MAC is used to check the file integrity but since it will normally have the same password as the keys and certificates it could also be attacked. By default both MAC and encryption iteration counts are set to 2048, using these options the MAC and encryption iteration counts can be set to 1, since this reduces the file security you should not use these options unless you really have to. Most software supports both MAC and key iteration counts. MSIE 4.0 doesn't support MAC iteration counts so it needs the -nomaciter option.

+ +
+
-maciter
+
+ +

This option is included for compatibility with previous versions, it used to be needed to use MAC iterations counts but they are now used by default.

+ +
+
-nomac
+
+ +

Don't attempt to provide the MAC integrity.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-CAfile file
+
+ +

CA storage as a file.

+ +
+
-CApath dir
+
+ +

CA storage as a directory. This directory must be a standard certificate directory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location.

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location.

+ +
+
-CSP name
+
+ +

Write name as a Microsoft CSP name.

+ +
+
+ +

NOTES

+ +

Although there are a large number of options most of them are very rarely used. For PKCS#12 file parsing only -in and -out need to be used for PKCS#12 file creation -export and -name are also used.

+ +

If none of the -clcerts, -cacerts or -nocerts options are present then all certificates will be output in the order they appear in the input PKCS#12 files. There is no guarantee that the first certificate present is the one corresponding to the private key. Certain software which requires a private key and certificate and assumes the first certificate in the file is the one corresponding to the private key: this may not always be the case. Using the -clcerts option will solve this problem by only outputting the certificate corresponding to the private key. If the CA certificates are required then they can be output to a separate file using the -nokeys -cacerts options to just output CA certificates.

+ +

The -keypbe and -certpbe algorithms allow the precise encryption algorithms for private keys and certificates to be specified. Normally the defaults are fine but occasionally software can't handle triple DES encrypted private keys, then the option -keypbe PBE-SHA1-RC2-40 can be used to reduce the private key encryption to 40 bit RC2. A complete description of all algorithms is contained in the pkcs8 manual page.

+ +

Prior 1.1 release passwords containing non-ASCII characters were encoded in non-compliant manner, which limited interoperability, in first hand with Windows. But switching to standard-compliant password encoding poses problem accessing old data protected with broken encoding. For this reason even legacy encodings is attempted when reading the data. If you use PKCS#12 files in production application you are advised to convert the data, because implemented heuristic approach is not MT-safe, its sole goal is to facilitate the data upgrade with this utility.

+ +

EXAMPLES

+ +

Parse a PKCS#12 file and output it to a file:

+ +
openssl pkcs12 -in file.p12 -out file.pem
+ +

Output only client certificates to a file:

+ +
openssl pkcs12 -in file.p12 -clcerts -out file.pem
+ +

Don't encrypt the private key:

+ +
openssl pkcs12 -in file.p12 -out file.pem -nodes
+ +

Print some info about a PKCS#12 file:

+ +
openssl pkcs12 -in file.p12 -info -noout
+ +

Create a PKCS#12 file:

+ +
openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate"
+ +

Include some extra certificates:

+ +
openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \
+ -certfile othercerts.pem
+ +

SEE ALSO

+ +

pkcs8(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/pkcs7.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/pkcs7.html new file mode 100644 index 00000000..1bebd969 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/pkcs7.html @@ -0,0 +1,141 @@ + + + + +pkcs7 + + + + + + + + + + +

NAME

+ +

openssl-pkcs7, pkcs7 - PKCS#7 utility

+ +

SYNOPSIS

+ +

openssl pkcs7 [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out filename] [-print_certs] [-text] [-noout] [-engine id]

+ +

DESCRIPTION

+ +

The pkcs7 command processes PKCS#7 files in DER or PEM format.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. DER format is DER encoded PKCS#7 v1.5 structure.PEM (the default) is a base64 encoded version of the DER form with header and footer lines.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

Specifies the output filename to write to or standard output by default.

+ +
+ +
+ +

Prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format.

+ +
+
-text
+
+ +

Prints out certificates details in full rather than just subject and issuer names.

+ +
+
-noout
+
+ +

Don't output the encoded version of the PKCS#7 structure (or certificates is -print_certs is set).

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause pkcs7 to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

EXAMPLES

+ +

Convert a PKCS#7 file from PEM to DER:

+ +
openssl pkcs7 -in file.pem -outform DER -out file.der
+ +

Output all certificates in a file:

+ +
openssl pkcs7 -in file.pem -print_certs -out certs.pem
+ +

NOTES

+ +

The PEM PKCS#7 format uses the header and footer lines:

+ +
-----BEGIN PKCS7-----
+-----END PKCS7-----
+ +

For compatibility with some CAs it will also accept:

+ +
-----BEGIN CERTIFICATE-----
+-----END CERTIFICATE-----
+ +

RESTRICTIONS

+ +

There is no option to print out all the fields of a PKCS#7 file.

+ +

This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they cannot currently parse, for example, the new CMS as described in RFC2630.

+ +

SEE ALSO

+ +

crl2pkcs7(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/pkcs8.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/pkcs8.html new file mode 100644 index 00000000..be9b789b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/pkcs8.html @@ -0,0 +1,291 @@ + + + + +pkcs8 + + + + + + + + + + +

NAME

+ +

openssl-pkcs8, pkcs8 - PKCS#8 format private key conversion tool

+ +

SYNOPSIS

+ +

openssl pkcs8 [-help] [-topk8] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-iter count] [-noiter] [-rand file...] [-writerand file] [-nocrypt] [-traditional] [-v2 alg] [-v2prf alg] [-v1 alg] [-engine id] [-scrypt] [-scrypt_N N] [-scrypt_r r] [-scrypt_p p]

+ +

DESCRIPTION

+ +

The pkcs8 command processes private keys in PKCS#8 format. It can handle both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-topk8
+
+ +

Normally a PKCS#8 private key is expected on input and a private key will be written to the output file. With the -topk8 option the situation is reversed: it reads a private key and writes a PKCS#8 format key.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format: see "KEY FORMATS" for more details. The default format is PEM.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format: see "KEY FORMATS" for more details. The default format is PEM.

+ +
+
-traditional
+
+ +

When this option is present and -topk8 is not a traditional format private key is written.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for.

+ +
+
-passin arg
+
+ +

The input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-out filename
+
+ +

This specifies the output filename to write a key to or standard output by default. If any encryption options are set then a pass phrase will be prompted for. The output filename should not be the same as the input filename.

+ +
+
-passout arg
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-iter count
+
+ +

When creating new PKCS#8 containers, use a given number of iterations on the password in deriving the encryption key for the PKCS#8 output. High values increase the time required to brute-force a PKCS#8 container.

+ +
+
-nocrypt
+
+ +

PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo structures using an appropriate password based encryption algorithm. With this option an unencrypted PrivateKeyInfo structure is expected or output. This option does not encrypt private keys at all and should only be used when absolutely necessary. Certain software such as some versions of Java code signing software used unencrypted private keys.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-v2 alg
+
+ +

This option sets the PKCS#5 v2.0 algorithm.

+ +

The alg argument is the encryption algorithm to use, valid values include aes128, aes256 and des3. If this option isn't specified then aes256 is used.

+ +
+
-v2prf alg
+
+ +

This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value value would be hmacWithSHA256. If this option isn't set then the default for the cipher is used or hmacWithSHA256 if there is no default.

+ +

Some implementations may not support custom PRF algorithms and may require the hmacWithSHA1 option to work.

+ +
+
-v1 alg
+
+ +

This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some older implementations may not support PKCS#5 v2.0 and may require this option. If not specified PKCS#5 v2.0 form is used.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause pkcs8 to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-scrypt
+
+ +

Uses the scrypt algorithm for private key encryption using default parameters: currently N=16384, r=8 and p=1 and AES in CBC mode with a 256 bit key. These parameters can be modified using the -scrypt_N, -scrypt_r, -scrypt_p and -v2 options.

+ +
+
-scrypt_N N -scrypt_r r -scrypt_p p
+
+ +

Sets the scrypt N, r or p parameters.

+ +
+
+ +

KEY FORMATS

+ +

Various different formats are used by the pkcs8 utility. These are detailed below.

+ +

If a key is being converted from PKCS#8 form (i.e. the -topk8 option is not used) then the input file must be in PKCS#8 format. An encrypted key is expected unless -nocrypt is included.

+ +

If -topk8 is not used and PEM mode is set the output file will be an unencrypted private key in PKCS#8 format. If the -traditional option is used then a traditional format private key is written instead.

+ +

If -topk8 is not used and DER mode is set the output file will be an unencrypted private key in traditional DER format.

+ +

If -topk8 is used then any supported private key can be used for the input file in a format specified by -inform. The output file will be encrypted PKCS#8 format using the specified encryption parameters unless -nocrypt is included.

+ +

NOTES

+ +

By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit AES with HMAC and SHA256 is used.

+ +

Some older implementations do not support PKCS#5 v2.0 format and require the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak encryption algorithms such as 56 bit DES.

+ +

The encrypted form of a PEM encode PKCS#8 files uses the following headers and footers:

+ +
-----BEGIN ENCRYPTED PRIVATE KEY-----
+-----END ENCRYPTED PRIVATE KEY-----
+ +

The unencrypted form uses:

+ +
-----BEGIN PRIVATE KEY-----
+-----END PRIVATE KEY-----
+ +

Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts are more secure that those encrypted using the traditional SSLeay compatible formats. So if additional security is considered important the keys should be converted.

+ +

It is possible to write out DER encoded encrypted private keys in PKCS#8 format because the encryption details are included at an ASN1 level whereas the traditional format includes them at a PEM level.

+ +

PKCS#5 v1.5 and PKCS#12 algorithms.

+ +

Various algorithms can be used with the -v1 command line option, including PKCS#5 v1.5 and PKCS#12. These are described in more detail below.

+ +
+ +
PBE-MD2-DES PBE-MD5-DES
+
+ +

These algorithms were included in the original PKCS#5 v1.5 specification. They only offer 56 bits of protection since they both use DES.

+ +
+
PBE-SHA1-RC2-64, PBE-MD2-RC2-64, PBE-MD5-RC2-64, PBE-SHA1-DES
+
+ +

These algorithms are not mentioned in the original PKCS#5 v1.5 specification but they use the same key derivation algorithm and are supported by some software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or 56 bit DES.

+ +
+
PBE-SHA1-RC4-128, PBE-SHA1-RC4-40, PBE-SHA1-3DES, PBE-SHA1-2DES, PBE-SHA1-RC2-128, PBE-SHA1-RC2-40
+
+ +

These algorithms use the PKCS#12 password based encryption algorithm and allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.

+ +
+
+ +

EXAMPLES

+ +

Convert a private key to PKCS#8 format using default parameters (AES with 256 bit key and hmacWithSHA256):

+ +
openssl pkcs8 -in key.pem -topk8 -out enckey.pem
+ +

Convert a private key to PKCS#8 unencrypted format:

+ +
openssl pkcs8 -in key.pem -topk8 -nocrypt -out enckey.pem
+ +

Convert a private key to PKCS#5 v2.0 format using triple DES:

+ +
openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
+ +

Convert a private key to PKCS#5 v2.0 format using AES with 256 bits in CBC mode and hmacWithSHA512 PRF:

+ +
openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA512 -out enckey.pem
+ +

Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm (DES):

+ +
openssl pkcs8 -in key.pem -topk8 -v1 PBE-MD5-DES -out enckey.pem
+ +

Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm (3DES):

+ +
openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES
+ +

Read a DER unencrypted PKCS#8 format private key:

+ +
openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
+ +

Convert a private key from any PKCS#8 encrypted format to traditional format:

+ +
openssl pkcs8 -in pk8.pem -traditional -out key.pem
+ +

Convert a private key to PKCS#8 format, encrypting with AES-256 and with one million iterations of the password:

+ +
openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
+ +

STANDARDS

+ +

Test vectors from this PKCS#5 v2.0 implementation were posted to the pkcs-tng mailing list using triple DES, DES and RC2 with high iteration counts, several people confirmed that they could decrypt the private keys produced and Therefore it can be assumed that the PKCS#5 v2.0 implementation is reasonably accurate at least as far as these algorithms are concerned.

+ +

The format of PKCS#8 DSA (and other) private keys is not well documented: it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA PKCS#8 private key format complies with this standard.

+ +

BUGS

+ +

There should be an option that prints out the encryption algorithm in use and other details such as the iteration count.

+ +

SEE ALSO

+ +

dsa(1), rsa(1), genrsa(1), gendsa(1)

+ +

HISTORY

+ +

The -iter option was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/pkey.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/pkey.html new file mode 100644 index 00000000..9ee24a3b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/pkey.html @@ -0,0 +1,185 @@ + + + + +pkey + + + + + + + + + + +

NAME

+ +

openssl-pkey, pkey - public or private key processing tool

+ +

SYNOPSIS

+ +

openssl pkey [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-traditional] [-cipher] [-text] [-text_pub] [-noout] [-pubin] [-pubout] [-engine id] [-check] [-pubcheck]

+ +

DESCRIPTION

+ +

The pkey command processes public or private keys. They can be converted between various forms and their components printed out.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format DER or PEM. The default format is PEM.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for.

+ +
+
-passin arg
+
+ +

The input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-out filename
+
+ +

This specifies the output filename to write a key to or standard output if this option is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should not be the same as the input filename.

+ +
+
-passout password
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-traditional
+
+ +

Normally a private key is written using standard format: this is PKCS#8 form with the appropriate encryption algorithm (if any). If the -traditional option is specified then the older "traditional" format is used instead.

+ +
+
-cipher
+
+ +

These options encrypt the private key with the supplied cipher. Any algorithm name accepted by EVP_get_cipherbyname() is acceptable such as des3.

+ +
+
-text
+
+ +

Prints out the various public or private key components in plain text in addition to the encoded version.

+ +
+
-text_pub
+
+ +

Print out only public key components even if a private key is being processed.

+ +
+
-noout
+
+ +

Do not output the encoded version of the key.

+ +
+
-pubin
+
+ +

By default a private key is read from the input file: with this option a public key is read instead.

+ +
+
-pubout
+
+ +

By default a private key is output: with this option a public key will be output instead. This option is automatically set if the input is a public key.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause pkey to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-check
+
+ +

This option checks the consistency of a key pair for both public and private components.

+ +
+
-pubcheck
+
+ +

This option checks the correctness of either a public key or the public component of a key pair.

+ +
+
+ +

EXAMPLES

+ +

To remove the pass phrase on an RSA private key:

+ +
openssl pkey -in key.pem -out keyout.pem
+ +

To encrypt a private key using triple DES:

+ +
openssl pkey -in key.pem -des3 -out keyout.pem
+ +

To convert a private key from PEM to DER format:

+ +
openssl pkey -in key.pem -outform DER -out keyout.der
+ +

To print out the components of a private key to standard output:

+ +
openssl pkey -in key.pem -text -noout
+ +

To print out the public components of a private key to standard output:

+ +
openssl pkey -in key.pem -text_pub -noout
+ +

To just output the public part of a private key:

+ +
openssl pkey -in key.pem -pubout -out pubkey.pem
+ +

SEE ALSO

+ +

genpkey(1), rsa(1), pkcs8(1), dsa(1), genrsa(1), gendsa(1)

+ +

COPYRIGHT

+ +

Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/pkeyparam.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/pkeyparam.html new file mode 100644 index 00000000..0e763dac --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/pkeyparam.html @@ -0,0 +1,110 @@ + + + + +pkeyparam + + + + + + + + + + +

NAME

+ +

openssl-pkeyparam, pkeyparam - public key algorithm parameter processing tool

+ +

SYNOPSIS

+ +

openssl pkeyparam [-help] [-in filename] [-out filename] [-text] [-noout] [-engine id] [-check]

+ +

DESCRIPTION

+ +

The pkeyparam command processes public key algorithm parameters. They can be checked for correctness and their components printed out.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-in filename
+
+ +

This specifies the input filename to read parameters from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

This specifies the output filename to write parameters to or standard output if this option is not specified.

+ +
+
-text
+
+ +

Prints out the parameters in plain text in addition to the encoded version.

+ +
+
-noout
+
+ +

Do not output the encoded version of the parameters.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause pkeyparam to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-check
+
+ +

This option checks the correctness of parameters.

+ +
+
+ +

EXAMPLES

+ +

Print out text version of parameters:

+ +
openssl pkeyparam -in param.pem -text
+ +

NOTES

+ +

There are no -inform or -outform options for this command because only PEM format is supported because the key type is determined by the PEM headers.

+ +

SEE ALSO

+ +

genpkey(1), rsa(1), pkcs8(1), dsa(1), genrsa(1), gendsa(1)

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/pkeyutl.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/pkeyutl.html new file mode 100644 index 00000000..9a7e88c7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/pkeyutl.html @@ -0,0 +1,331 @@ + + + + +pkeyutl + + + + + + + + + + +

NAME

+ +

openssl-pkeyutl, pkeyutl - public key algorithm utility

+ +

SYNOPSIS

+ +

openssl pkeyutl [-help] [-in file] [-out file] [-sigfile file] [-inkey file] [-keyform PEM|DER|ENGINE] [-passin arg] [-peerkey file] [-peerform PEM|DER|ENGINE] [-pubin] [-certin] [-rev] [-sign] [-verify] [-verifyrecover] [-encrypt] [-decrypt] [-derive] [-kdf algorithm] [-kdflen length] [-pkeyopt opt:value] [-hexdump] [-asn1parse] [-rand file...] [-writerand file] [-engine id] [-engine_impl]

+ +

DESCRIPTION

+ +

The pkeyutl command can be used to perform low level public key operations using any supported algorithm.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-in filename
+
+ +

This specifies the input filename to read data from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

Specifies the output filename to write to or standard output by default.

+ +
+
-sigfile file
+
+ +

Signature file, required for verify operations only

+ +
+
-inkey file
+
+ +

The input key file, by default it should be a private key.

+ +
+
-keyform PEM|DER|ENGINE
+
+ +

The key format PEM, DER or ENGINE. Default is PEM.

+ +
+
-passin arg
+
+ +

The input key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-peerkey file
+
+ +

The peer key file, used by key derivation (agreement) operations.

+ +
+
-peerform PEM|DER|ENGINE
+
+ +

The peer key format PEM, DER or ENGINE. Default is PEM.

+ +
+
-pubin
+
+ +

The input file is a public key.

+ +
+
-certin
+
+ +

The input is a certificate containing a public key.

+ +
+
-rev
+
+ +

Reverse the order of the input buffer. This is useful for some libraries (such as CryptoAPI) which represent the buffer in little endian format.

+ +
+
-sign
+
+ +

Sign the input data (which must be a hash) and output the signed result. This requires a private key.

+ +
+
-verify
+
+ +

Verify the input data (which must be a hash) against the signature file and indicate if the verification succeeded or failed.

+ +
+
-verifyrecover
+
+ +

Verify the input data (which must be a hash) and output the recovered data.

+ +
+
-encrypt
+
+ +

Encrypt the input data using a public key.

+ +
+
-decrypt
+
+ +

Decrypt the input data using a private key.

+ +
+
-derive
+
+ +

Derive a shared secret using the peer key.

+ +
+
-kdf algorithm
+
+ +

Use key derivation function algorithm. The supported algorithms are at present TLS1-PRF and HKDF. Note: additional parameters and the KDF output length will normally have to be set for this to work. See EVP_PKEY_CTX_set_hkdf_md(3) and EVP_PKEY_CTX_set_tls1_prf_md(3) for the supported string parameters of each algorithm.

+ +
+
-kdflen length
+
+ +

Set the output length for KDF.

+ +
+
-pkeyopt opt:value
+
+ +

Public key options specified as opt:value. See NOTES below for more details.

+ +
+
-hexdump
+
+ +

hex dump the output data.

+ +
+
-asn1parse
+
+ +

Parse the ASN.1 output data, this is useful when combined with the -verifyrecover option when an ASN1 structure is signed.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause pkeyutl to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-engine_impl
+
+ +

When used with the -engine option, it specifies to also use engine id for crypto operations.

+ +
+
+ +

NOTES

+ +

The operations and options supported vary according to the key algorithm and its implementation. The OpenSSL operations and options are indicated below.

+ +

Unless otherwise mentioned all algorithms support the digest:alg option which specifies the digest in use for sign, verify and verifyrecover operations. The value alg should represent a digest name as used in the EVP_get_digestbyname() function for example sha1. This value is not used to hash the input data. It is used (by some algorithms) for sanity-checking the lengths of data passed in to the pkeyutl and for creating the structures that make up the signature (e.g. DigestInfo in RSASSA PKCS#1 v1.5 signatures).

+ +

This utility does not hash the input data but rather it will use the data directly as input to the signature algorithm. Depending on the key type, signature type, and mode of padding, the maximum acceptable lengths of input data differ. The signed data can't be longer than the key modulus with RSA. In case of ECDSA and DSA the data shouldn't be longer than the field size, otherwise it will be silently truncated to the field size. In any event the input size must not be larger than the largest supported digest size.

+ +

In other words, if the value of digest is sha1 the input should be the 20 bytes long binary encoding of the SHA-1 hash function output.

+ +

The Ed25519 and Ed448 signature algorithms are not supported by this utility. They accept non-hashed input, but this utility can only be used to sign hashed input.

+ +

RSA ALGORITHM

+ +

The RSA algorithm generally supports the encrypt, decrypt, sign, verify and verifyrecover operations. However, some padding modes support only a subset of these operations. The following additional pkeyopt values are supported:

+ +
+ +
rsa_padding_mode:mode
+
+ +

This sets the RSA padding mode. Acceptable values for mode are pkcs1 for PKCS#1 padding, sslv23 for SSLv23 padding, none for no padding, oaep for OAEP mode, x931 for X9.31 mode and pss for PSS.

+ +

In PKCS#1 padding if the message digest is not set then the supplied data is signed or verified directly instead of using a DigestInfo structure. If a digest is set then the a DigestInfo structure is used and its the length must correspond to the digest type.

+ +

For oaep mode only encryption and decryption is supported.

+ +

For x931 if the digest type is set it is used to format the block data otherwise the first byte is used to specify the X9.31 digest ID. Sign, verify and verifyrecover are can be performed in this mode.

+ +

For pss mode only sign and verify are supported and the digest type must be specified.

+ +
+
rsa_pss_saltlen:len
+
+ +

For pss mode only this option specifies the salt length. Three special values are supported: "digest" sets the salt length to the digest length, "max" sets the salt length to the maximum permissible value. When verifying "auto" causes the salt length to be automatically determined based on the PSS block structure.

+ +
+
rsa_mgf1_md:digest
+
+ +

For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not explicitly set in PSS mode then the signing digest is used.

+ +
+
+ +

RSA-PSS ALGORITHM

+ +

The RSA-PSS algorithm is a restricted version of the RSA algorithm which only supports the sign and verify operations with PSS padding. The following additional pkeyopt values are supported:

+ +
+ +
rsa_padding_mode:mode, rsa_pss_saltlen:len, rsa_mgf1_md:digest
+
+ +

These have the same meaning as the RSA algorithm with some additional restrictions. The padding mode can only be set to pss which is the default value.

+ +

If the key has parameter restrictions than the digest, MGF1 digest and salt length are set to the values specified in the parameters. The digest and MG cannot be changed and the salt length cannot be set to a value less than the minimum restriction.

+ +
+
+ +

DSA ALGORITHM

+ +

The DSA algorithm supports signing and verification operations only. Currently there are no additional -pkeyopt options other than digest. The SHA1 digest is assumed by default.

+ +

DH ALGORITHM

+ +

The DH algorithm only supports the derivation operation and no additional -pkeyopt options.

+ +

EC ALGORITHM

+ +

The EC algorithm supports sign, verify and derive operations. The sign and verify operations use ECDSA and derive uses ECDH. SHA1 is assumed by default for the -pkeyopt digest option.

+ +

X25519 and X448 ALGORITHMS

+ +

The X25519 and X448 algorithms support key derivation only. Currently there are no additional options.

+ +

EXAMPLES

+ +

Sign some data using a private key:

+ +
openssl pkeyutl -sign -in file -inkey key.pem -out sig
+ +

Recover the signed data (e.g. if an RSA key is used):

+ +
openssl pkeyutl -verifyrecover -in sig -inkey key.pem
+ +

Verify the signature (e.g. a DSA key):

+ +
openssl pkeyutl -verify -in file -sigfile sig -inkey key.pem
+ +

Sign data using a message digest value (this is currently only valid for RSA):

+ +
openssl pkeyutl -sign -in file -inkey key.pem -out sig -pkeyopt digest:sha256
+ +

Derive a shared secret value:

+ +
openssl pkeyutl -derive -inkey key.pem -peerkey pubkey.pem -out secret
+ +

Hexdump 48 bytes of TLS1 PRF using digest SHA256 and shared secret and seed consisting of the single byte 0xFF:

+ +
openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \
+   -pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump
+ +

SEE ALSO

+ +

genpkey(1), pkey(1), rsautl(1) dgst(1), rsa(1), genrsa(1), EVP_PKEY_CTX_set_hkdf_md(3), EVP_PKEY_CTX_set_tls1_prf_md(3)

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/prime.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/prime.html new file mode 100644 index 00000000..243eade4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/prime.html @@ -0,0 +1,89 @@ + + + + +prime + + + + + + + + + + +

NAME

+ +

openssl-prime, prime - compute prime numbers

+ +

SYNOPSIS

+ +

openssl prime [-help] [-hex] [-generate] [-bits] [-safe] [-checks] [number...]

+ +

DESCRIPTION

+ +

The prime command checks if the specified numbers are prime.

+ +

If no numbers are given on the command line, the -generate flag should be used to generate primes according to the requirements specified by the rest of the flags.

+ +

OPTIONS

+ +
+ +
[-help]
+
+ +

Display an option summary.

+ +
+
[-hex]
+
+ +

Generate hex output.

+ +
+
[-generate]
+
+ +

Generate a prime number.

+ +
+
[-bits num]
+
+ +

Generate a prime with num bits.

+ +
+
[-safe]
+
+ +

When used with -generate, generates a "safe" prime. If the number generated is n, then check that (n-1)/2 is also prime.

+ +
+
[-checks num]
+
+ +

Perform the checks num times to see that the generated number is prime. The default is 20.

+ +
+
+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/rand.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/rand.html new file mode 100644 index 00000000..ba233d99 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/rand.html @@ -0,0 +1,101 @@ + + + + +rand + + + + + + + + + + +

NAME

+ +

openssl-rand, rand - generate pseudo-random bytes

+ +

SYNOPSIS

+ +

openssl rand [-help] [-out file] [-rand file...] [-writerand file] [-base64] [-hex] num

+ +

DESCRIPTION

+ +

This command generates num random bytes using a cryptographically secure pseudo random number generator (CSPRNG).

+ +

The random bytes are generated using the RAND_bytes(3) function, which provides a security level of 256 bits, provided it managed to seed itself successfully from a trusted operating system entropy source. Otherwise, the command will fail with a nonzero error code. For more details, see RAND_bytes(3), RAND(7), and RAND_DRBG(7).

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-out file
+
+ +

Write to file instead of standard output.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others. Explicitly specifying a seed file is in general not necessary, see the "NOTES" section for more information.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-base64
+
+ +

Perform base64 encoding on the output.

+ +
+
-hex
+
+ +

Show the output as a hex string.

+ +
+
+ +

NOTES

+ +

Prior to OpenSSL 1.1.1, it was common for applications to store information about the state of the random-number generator in a file that was loaded at startup and rewritten upon exit. On modern operating systems, this is generally no longer necessary as OpenSSL will seed itself from a trusted entropy source provided by the operating system. The -rand and -writerand flags are still supported for special platforms or circumstances that might require them.

+ +

It is generally an error to use the same seed file more than once and every use of -rand should be paired with -writerand.

+ +

SEE ALSO

+ +

RAND_bytes(3), RAND(7), RAND_DRBG(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/rehash.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/rehash.html new file mode 100644 index 00000000..e14b3f7e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/rehash.html @@ -0,0 +1,132 @@ + + + + +rehash + + + + + + + + + + +

NAME

+ +

openssl-c_rehash, openssl-rehash, c_rehash, rehash - Create symbolic links to files named by the hash values

+ +

SYNOPSIS

+ +

openssl rehash [-h] [-help] [-old] [-n] [-v] [ directory...]

+ +

c_rehash flags...

+ +

DESCRIPTION

+ +

On some platforms, the OpenSSL rehash command is available as an external script called c_rehash. They are functionally equivalent, except for minor differences noted below.

+ +

rehash scans directories and calculates a hash value of each .pem, .crt, .cer, or .crl file in the specified directory list and creates symbolic links for each file, where the name of the link is the hash value. (If the platform does not support symbolic links, a copy is made.) This utility is useful as many programs that use OpenSSL require directories to be set up like this in order to find certificates.

+ +

If any directories are named on the command line, then those are processed in turn. If not, then the SSL_CERT_DIR environment variable is consulted; this should be a colon-separated list of directories, like the Unix PATH variable. If that is not set then the default directory (installation-specific but often /usr/local/ssl/certs) is processed.

+ +

In order for a directory to be processed, the user must have write permissions on that directory, otherwise an error will be generated.

+ +

The links created are of the form HHHHHHHH.D, where each H is a hexadecimal character and D is a single decimal digit. When processing a directory, rehash will first remove all links that have a name in that syntax, even if they are being used for some other purpose. To skip the removal step, use the -n flag. Hashes for CRL's look similar except the letter r appears after the period, like this: HHHHHHHH.rD.

+ +

Multiple objects may have the same hash; they will be indicated by incrementing the D value. Duplicates are found by comparing the full SHA-1 fingerprint. A warning will be displayed if a duplicate is found.

+ +

A warning will also be displayed if there are files that cannot be parsed as either a certificate or a CRL or if more than one such object appears in the file.

+ +

Script Configuration

+ +

The c_rehash script uses the openssl program to compute the hashes and fingerprints. If not found in the user's PATH, then set the OPENSSL environment variable to the full pathname. Any program can be used, it will be invoked as follows for either a certificate or CRL:

+ +
$OPENSSL x509 -hash -fingerprint -noout -in FILENAME
+$OPENSSL crl -hash -fingerprint -noout -in FILENAME
+ +

where FILENAME is the filename. It must output the hash of the file on the first line, and the fingerprint on the second, optionally prefixed with some text and an equals sign.

+ +

OPTIONS

+ +
+ +
-help -h
+
+ +

Display a brief usage message.

+ +
+
-old
+
+ +

Use old-style hashing (MD5, as opposed to SHA-1) for generating links to be used for releases before 1.0.0. Note that current versions will not use the old style.

+ +
+
-n
+
+ +

Do not remove existing links. This is needed when keeping new and old-style links in the same directory.

+ +
+
-compat
+
+ +

Generate links for both old-style (MD5) and new-style (SHA1) hashing. This allows releases before 1.0.0 to use these links along-side newer releases.

+ +
+
-v
+
+ +

Print messages about old links removed and new links created. By default, rehash only lists each directory as it is processed.

+ +
+
+ +

ENVIRONMENT

+ +
+ +
OPENSSL
+
+ +

The path to an executable to use to generate hashes and fingerprints (see above).

+ +
+
SSL_CERT_DIR
+
+ +

Colon separated list of directories to operate on. Ignored if directories are listed on the command line.

+ +
+
+ +

SEE ALSO

+ +

openssl(1), crl(1). x509(1).

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/req.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/req.html new file mode 100644 index 00000000..3494c087 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/req.html @@ -0,0 +1,612 @@ + + + + +req + + + + + + + + + + +

NAME

+ +

openssl-req, req - PKCS#10 certificate request and certificate generating utility

+ +

SYNOPSIS

+ +

openssl req [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-text] [-pubkey] [-noout] [-verify] [-modulus] [-new] [-rand file...] [-writerand file] [-newkey rsa:bits] [-newkey alg:file] [-nodes] [-key filename] [-keyform PEM|DER] [-keyout filename] [-keygen_engine id] [-digest] [-config filename] [-multivalue-rdn] [-x509] [-days n] [-set_serial n] [-newhdr] [-addext ext] [-extensions section] [-reqexts section] [-precert] [-utf8] [-nameopt] [-reqopt] [-subject] [-subj arg] [-sigopt nm:v] [-batch] [-verbose] [-engine id]

+ +

DESCRIPTION

+ +

The req command primarily creates and processes certificate requests in PKCS#10 format. It can additionally create self signed certificates for use as root CAs for example.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option uses an ASN1 DER encoded form compatible with the PKCS#10. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a request from or standard input if this option is not specified. A request is only read if the creation options (-new and -newkey) are not specified.

+ +
+
-sigopt nm:v
+
+ +

Pass options to the signature algorithm during sign or verify operations. Names and values of these options are algorithm-specific.

+ +
+
-passin arg
+
+ +

The input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-out filename
+
+ +

This specifies the output filename to write to or standard output by default.

+ +
+
-passout arg
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-text
+
+ +

Prints out the certificate request in text form.

+ +
+
-subject
+
+ +

Prints out the request subject (or certificate subject if -x509 is specified)

+ +
+
-pubkey
+
+ +

Outputs the public key.

+ +
+
-noout
+
+ +

This option prevents output of the encoded version of the request.

+ +
+
-modulus
+
+ +

This option prints out the value of the modulus of the public key contained in the request.

+ +
+
-verify
+
+ +

Verifies the signature on the request.

+ +
+
-new
+
+ +

This option generates a new certificate request. It will prompt the user for the relevant field values. The actual fields prompted for and their maximum and minimum sizes are specified in the configuration file and any requested extensions.

+ +

If the -key option is not used it will generate a new RSA private key using information specified in the configuration file.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-newkey arg
+
+ +

This option creates a new certificate request and a new private key. The argument takes one of several forms. rsa:nbits, where nbits is the number of bits, generates an RSA key nbits in size. If nbits is omitted, i.e. -newkey rsa specified, the default key size, specified in the configuration file is used.

+ +

All other algorithms support the -newkey alg:file form, where file may be an algorithm parameter file, created by the genpkey -genparam command or and X.509 certificate for a key with appropriate algorithm.

+ +

param:file generates a key using the parameter file or certificate file, the algorithm is determined by the parameters. algname:file use algorithm algname and parameter file file: the two algorithms must match or an error occurs. algname just uses algorithm algname, and parameters, if necessary should be specified via -pkeyopt parameter.

+ +

dsa:filename generates a DSA key using the parameters in the file filename. ec:filename generates EC key (usable both with ECDSA or ECDH algorithms), gost2001:filename generates GOST R 34.10-2001 key (requires ccgost engine configured in the configuration file). If just gost2001 is specified a parameter set should be specified by -pkeyopt paramset:X

+ +
+
-pkeyopt opt:value
+
+ +

Set the public key algorithm option opt to value. The precise set of options supported depends on the public key algorithm used and its implementation. See KEY GENERATION OPTIONS in the genpkey manual page for more details.

+ +
+
-key filename
+
+ +

This specifies the file to read the private key from. It also accepts PKCS#8 format private keys for PEM format files.

+ +
+
-keyform PEM|DER
+
+ +

The format of the private key file specified in the -key argument. PEM is the default.

+ +
+
-keyout filename
+
+ +

This gives the filename to write the newly created private key to. If this option is not specified then the filename present in the configuration file is used.

+ +
+
-nodes
+
+ +

If this option is specified then if a private key is created it will not be encrypted.

+ +
+
-digest
+
+ +

This specifies the message digest to sign the request. Any digest supported by the OpenSSL dgst command can be used. This overrides the digest algorithm specified in the configuration file.

+ +

Some public key algorithms may override this choice. For instance, DSA signatures always use SHA1, GOST R 34.10 signatures always use GOST R 34.11-94 (-md_gost94), Ed25519 and Ed448 never use any digest.

+ +
+
-config filename
+
+ +

This allows an alternative configuration file to be specified. Optional; for a description of the default value, see "COMMAND SUMMARY" in openssl(1).

+ +
+
-subj arg
+
+ +

Sets subject name for new request or supersedes the subject name when processing a request. The arg must be formatted as /type0=value0/type1=value1/type2=.... Keyword characters may be escaped by \ (backslash), and whitespace is retained. Empty values are permitted, but the corresponding type will not be included in the request.

+ +
+
-multivalue-rdn
+
+ +

This option causes the -subj argument to be interpreted with full support for multivalued RDNs. Example:

+ +

/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe

+ +

If -multi-rdn is not used then the UID value is 123456+CN=John Doe.

+ +
+
-x509
+
+ +

This option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA. The extensions added to the certificate (if any) are specified in the configuration file. Unless specified using the set_serial option, a large random number will be used for the serial number.

+ +

If existing request is specified with the -in option, it is converted to the self signed certificate otherwise new request is created.

+ +
+
-days n
+
+ +

When the -x509 option is being used this specifies the number of days to certify the certificate for, otherwise it is ignored. n should be a positive integer. The default is 30 days.

+ +
+
-set_serial n
+
+ +

Serial number to use when outputting a self signed certificate. This may be specified as a decimal value or a hex value if preceded by 0x.

+ +
+
-addext ext
+
+ +

Add a specific extension to the certificate (if the -x509 option is present) or certificate request. The argument must have the form of a key=value pair as it would appear in a config file.

+ +

This option can be given multiple times.

+ +
+
-extensions section
+
+ +
+
-reqexts section
+
+ +

These options specify alternative sections to include certificate extensions (if the -x509 option is present) or certificate request extensions. This allows several different sections to be used in the same configuration file to specify requests for a variety of purposes.

+ +
+
-precert
+
+ +

A poison extension will be added to the certificate, making it a "pre-certificate" (see RFC6962). This can be submitted to Certificate Transparency logs in order to obtain signed certificate timestamps (SCTs). These SCTs can then be embedded into the pre-certificate as an extension, before removing the poison and signing the certificate.

+ +

This implies the -new flag.

+ +
+
-utf8
+
+ +

This option causes field values to be interpreted as UTF8 strings, by default they are interpreted as ASCII. This means that the field values, whether prompted from a terminal or obtained from a configuration file, must be valid UTF8 strings.

+ +
+
-nameopt option
+
+ +

Option which determines how the subject or issuer names are displayed. The option argument can be a single option or multiple options separated by commas. Alternatively the -nameopt switch may be used more than once to set multiple options. See the x509(1) manual page for details.

+ +
+
-reqopt
+
+ +

Customise the output format used with -text. The option argument can be a single option or multiple options separated by commas.

+ +

See discussion of the -certopt parameter in the x509(1) command.

+ +
+
-newhdr
+
+ +

Adds the word NEW to the PEM file header and footer lines on the outputted request. Some software (Netscape certificate server) and some CAs need this.

+ +
+
-batch
+
+ +

Non-interactive mode.

+ +
+
-verbose
+
+ +

Print extra details about the operations being performed.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause req to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-keygen_engine id
+
+ +

Specifies an engine (by its unique id string) which would be used for key generation operations.

+ +
+
+ +

CONFIGURATION FILE FORMAT

+ +

The configuration options are specified in the req section of the configuration file. As with all configuration files if no value is specified in the specific section (i.e. req) then the initial unnamed or default section is searched too.

+ +

The options available are described in detail below.

+ +
+ +
input_password output_password
+
+ +

The passwords for the input private key file (if present) and the output private key file (if one will be created). The command line options passin and passout override the configuration file values.

+ +
+
default_bits
+
+ +

Specifies the default key size in bits.

+ +

This option is used in conjunction with the -new option to generate a new key. It can be overridden by specifying an explicit key size in the -newkey option. The smallest accepted key size is 512 bits. If no key size is specified then 2048 bits is used.

+ +
+
default_keyfile
+
+ +

This is the default filename to write a private key to. If not specified the key is written to standard output. This can be overridden by the -keyout option.

+ +
+
oid_file
+
+ +

This specifies a file containing additional OBJECT IDENTIFIERS. Each line of the file should consist of the numerical form of the object identifier followed by white space then the short name followed by white space and finally the long name.

+ +
+
oid_section
+
+ +

This specifies a section in the configuration file containing extra object identifiers. Each line should consist of the short name of the object identifier followed by = and the numerical form. The short and long names are the same when this option is used.

+ +
+
RANDFILE
+
+ +

At startup the specified file is loaded into the random number generator, and at exit 256 bytes will be written to it. It is used for private key generation.

+ +
+
encrypt_key
+
+ +

If this is set to no then if a private key is generated it is not encrypted. This is equivalent to the -nodes command line option. For compatibility encrypt_rsa_key is an equivalent option.

+ +
+
default_md
+
+ +

This option specifies the digest algorithm to use. Any digest supported by the OpenSSL dgst command can be used. This option can be overridden on the command line. Certain signing algorithms (i.e. Ed25519 and Ed448) will ignore any digest that has been set.

+ +
+
string_mask
+
+ +

This option masks out the use of certain string types in certain fields. Most users will not need to change this option.

+ +

It can be set to several values default which is also the default option uses PrintableStrings, T61Strings and BMPStrings if the pkix value is used then only PrintableStrings and BMPStrings will be used. This follows the PKIX recommendation in RFC2459. If the utf8only option is used then only UTF8Strings will be used: this is the PKIX recommendation in RFC2459 after 2003. Finally the nombstr option just uses PrintableStrings and T61Strings: certain software has problems with BMPStrings and UTF8Strings: in particular Netscape.

+ +
+
req_extensions
+
+ +

This specifies the configuration file section containing a list of extensions to add to the certificate request. It can be overridden by the -reqexts command line switch. See the x509v3_config(5) manual page for details of the extension section format.

+ +
+
x509_extensions
+
+ +

This specifies the configuration file section containing a list of extensions to add to certificate generated when the -x509 switch is used. It can be overridden by the -extensions command line switch.

+ +
+
prompt
+
+ +

If set to the value no this disables prompting of certificate fields and just takes values from the config file directly. It also changes the expected format of the distinguished_name and attributes sections.

+ +
+
utf8
+
+ +

If set to the value yes then field values to be interpreted as UTF8 strings, by default they are interpreted as ASCII. This means that the field values, whether prompted from a terminal or obtained from a configuration file, must be valid UTF8 strings.

+ +
+
attributes
+
+ +

This specifies the section containing any request attributes: its format is the same as distinguished_name. Typically these may contain the challengePassword or unstructuredName types. They are currently ignored by OpenSSL's request signing utilities but some CAs might want them.

+ +
+
distinguished_name
+
+ +

This specifies the section containing the distinguished name fields to prompt for when generating a certificate or certificate request. The format is described in the next section.

+ +
+
+ +

DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT

+ +

There are two separate formats for the distinguished name and attribute sections. If the prompt option is set to no then these sections just consist of field names and values: for example,

+ +
CN=My Name
+OU=My Organization
+emailAddress=someone@somewhere.org
+ +

This allows external programs (e.g. GUI based) to generate a template file with all the field names and values and just pass it to req. An example of this kind of configuration file is contained in the EXAMPLES section.

+ +

Alternatively if the prompt option is absent or not set to no then the file contains field prompting information. It consists of lines of the form:

+ +
fieldName="prompt"
+fieldName_default="default field value"
+fieldName_min= 2
+fieldName_max= 4
+ +

"fieldName" is the field name being used, for example commonName (or CN). The "prompt" string is used to ask the user to enter the relevant details. If the user enters nothing then the default value is used if no default value is present then the field is omitted. A field can still be omitted if a default value is present if the user just enters the '.' character.

+ +

The number of characters entered must be between the fieldName_min and fieldName_max limits: there may be additional restrictions based on the field being used (for example countryName can only ever be two characters long and must fit in a PrintableString).

+ +

Some fields (such as organizationName) can be used more than once in a DN. This presents a problem because configuration files will not recognize the same name occurring twice. To avoid this problem if the fieldName contains some characters followed by a full stop they will be ignored. So for example a second organizationName can be input by calling it "1.organizationName".

+ +

The actual permitted field names are any object identifier short or long names. These are compiled into OpenSSL and include the usual values such as commonName, countryName, localityName, organizationName, organizationalUnitName, stateOrProvinceName. Additionally emailAddress is included as well as name, surname, givenName, initials, and dnQualifier.

+ +

Additional object identifiers can be defined with the oid_file or oid_section options in the configuration file. Any additional fields will be treated as though they were a DirectoryString.

+ +

EXAMPLES

+ +

Examine and verify certificate request:

+ +
openssl req -in req.pem -text -verify -noout
+ +

Create a private key and then generate a certificate request from it:

+ +
openssl genrsa -out key.pem 2048
+openssl req -new -key key.pem -out req.pem
+ +

The same but just using req:

+ +
openssl req -newkey rsa:2048 -keyout key.pem -out req.pem
+ +

Generate a self signed root certificate:

+ +
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem
+ +

Example of a file pointed to by the oid_file option:

+ +
1.2.3.4        shortName       A longer Name
+1.2.3.6        otherName       Other longer Name
+ +

Example of a section pointed to by oid_section making use of variable expansion:

+ +
testoid1=1.2.3.5
+testoid2=${testoid1}.6
+ +

Sample configuration file prompting for field values:

+ +
[ req ]
+default_bits           = 2048
+default_keyfile        = privkey.pem
+distinguished_name     = req_distinguished_name
+attributes             = req_attributes
+req_extensions         = v3_ca
+
+dirstring_type = nobmp
+
+[ req_distinguished_name ]
+countryName                    = Country Name (2 letter code)
+countryName_default            = AU
+countryName_min                = 2
+countryName_max                = 2
+
+localityName                   = Locality Name (eg, city)
+
+organizationalUnitName         = Organizational Unit Name (eg, section)
+
+commonName                     = Common Name (eg, YOUR name)
+commonName_max                 = 64
+
+emailAddress                   = Email Address
+emailAddress_max               = 40
+
+[ req_attributes ]
+challengePassword              = A challenge password
+challengePassword_min          = 4
+challengePassword_max          = 20
+
+[ v3_ca ]
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical, CA:true
+ +

Sample configuration containing all field values:

+ +
RANDFILE               = $ENV::HOME/.rnd
+
+[ req ]
+default_bits           = 2048
+default_keyfile        = keyfile.pem
+distinguished_name     = req_distinguished_name
+attributes             = req_attributes
+prompt                 = no
+output_password        = mypass
+
+[ req_distinguished_name ]
+C                      = GB
+ST                     = Test State or Province
+L                      = Test Locality
+O                      = Organization Name
+OU                     = Organizational Unit Name
+CN                     = Common Name
+emailAddress           = test@email.address
+
+[ req_attributes ]
+challengePassword              = A challenge password
+ +

Example of giving the most common attributes (subject and extensions) on the command line:

+ +
openssl req -new -subj "/C=GB/CN=foo" \
+                 -addext "subjectAltName = DNS:foo.co.uk" \
+                 -addext "certificatePolicies = 1.2.3.4" \
+                 -newkey rsa:2048 -keyout key.pem -out req.pem
+ +

NOTES

+ +

The header and footer lines in the PEM format are normally:

+ +
-----BEGIN CERTIFICATE REQUEST-----
+-----END CERTIFICATE REQUEST-----
+ +

some software (some versions of Netscape certificate server) instead needs:

+ +
-----BEGIN NEW CERTIFICATE REQUEST-----
+-----END NEW CERTIFICATE REQUEST-----
+ +

which is produced with the -newhdr option but is otherwise compatible. Either form is accepted transparently on input.

+ +

The certificate requests generated by Xenroll with MSIE have extensions added. It includes the keyUsage extension which determines the type of key (signature only or general purpose) and any additional OIDs entered by the script in an extendedKeyUsage extension.

+ +

DIAGNOSTICS

+ +

The following messages are frequently asked about:

+ +
Using configuration from /some/path/openssl.cnf
+Unable to load config info
+ +

This is followed some time later by...

+ +
unable to find 'distinguished_name' in config
+problems making Certificate Request
+ +

The first error message is the clue: it can't find the configuration file! Certain operations (like examining a certificate request) don't need a configuration file so its use isn't enforced. Generation of certificates or requests however does need a configuration file. This could be regarded as a bug.

+ +

Another puzzling message is this:

+ +
Attributes:
+    a0:00
+ +

this is displayed when no attributes are present and the request includes the correct empty SET OF structure (the DER encoding of which is 0xa0 0x00). If you just see:

+ +
Attributes:
+ +

then the SET OF is missing and the encoding is technically invalid (but it is tolerated). See the description of the command line option -asn1-kludge for more information.

+ +

BUGS

+ +

OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour. This can cause problems if you need characters that aren't available in PrintableStrings and you don't want to or can't use BMPStrings.

+ +

As a consequence of the T61String handling the only correct way to represent accented characters in OpenSSL is to use a BMPString: unfortunately Netscape currently chokes on these. If you have to use accented characters with Netscape and MSIE then you currently need to use the invalid T61String form.

+ +

The current prompting is not very friendly. It doesn't allow you to confirm what you've just entered. Other things like extensions in certificate requests are statically defined in the configuration file. Some of these: like an email address in subjectAltName should be input by the user.

+ +

SEE ALSO

+ +

x509(1), ca(1), genrsa(1), gendsa(1), config(5), x509v3_config(5)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/rsa.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/rsa.html new file mode 100644 index 00000000..b5a0ba9f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/rsa.html @@ -0,0 +1,202 @@ + + + + +rsa + + + + + + + + + + +

NAME

+ +

openssl-rsa, rsa - RSA key processing tool

+ +

SYNOPSIS

+ +

openssl rsa [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-aes128] [-aes192] [-aes256] [-aria128] [-aria192] [-aria256] [-camellia128] [-camellia192] [-camellia256] [-des] [-des3] [-idea] [-text] [-noout] [-modulus] [-check] [-pubin] [-pubout] [-RSAPublicKey_in] [-RSAPublicKey_out] [-engine id]

+ +

DESCRIPTION

+ +

The rsa command processes RSA keys. They can be converted between various forms and their components printed out. Note this command uses the traditional SSLeay compatible format for private key encryption: newer applications should use the more secure PKCS#8 format using the pkcs8 utility.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option uses an ASN1 DER encoded form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines. On input PKCS#8 format private keys are also accepted.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for.

+ +
+
-passin arg
+
+ +

The input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-out filename
+
+ +

This specifies the output filename to write a key to or standard output if this option is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should not be the same as the input filename.

+ +
+
-passout password
+
+ +

The output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
+
+ +

These options encrypt the private key with the specified cipher before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the rsa utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by setting the encryption options it can be use to add or change the pass phrase. These options can only be used with PEM format output files.

+ +
+
-text
+
+ +

Prints out the various public or private key components in plain text in addition to the encoded version.

+ +
+
-noout
+
+ +

This option prevents output of the encoded version of the key.

+ +
+
-modulus
+
+ +

This option prints out the value of the modulus of the key.

+ +
+
-check
+
+ +

This option checks the consistency of an RSA private key.

+ +
+
-pubin
+
+ +

By default a private key is read from the input file: with this option a public key is read instead.

+ +
+
-pubout
+
+ +

By default a private key is output: with this option a public key will be output instead. This option is automatically set if the input is a public key.

+ +
+
-RSAPublicKey_in, -RSAPublicKey_out
+
+ +

Like -pubin and -pubout except RSAPublicKey format is used instead.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause rsa to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

NOTES

+ +

The PEM private key format uses the header and footer lines:

+ +
-----BEGIN RSA PRIVATE KEY-----
+-----END RSA PRIVATE KEY-----
+ +

The PEM public key format uses the header and footer lines:

+ +
-----BEGIN PUBLIC KEY-----
+-----END PUBLIC KEY-----
+ +

The PEM RSAPublicKey format uses the header and footer lines:

+ +
-----BEGIN RSA PUBLIC KEY-----
+-----END RSA PUBLIC KEY-----
+ +

EXAMPLES

+ +

To remove the pass phrase on an RSA private key:

+ +
openssl rsa -in key.pem -out keyout.pem
+ +

To encrypt a private key using triple DES:

+ +
openssl rsa -in key.pem -des3 -out keyout.pem
+ +

To convert a private key from PEM to DER format:

+ +
openssl rsa -in key.pem -outform DER -out keyout.der
+ +

To print out the components of a private key to standard output:

+ +
openssl rsa -in key.pem -text -noout
+ +

To just output the public part of a private key:

+ +
openssl rsa -in key.pem -pubout -out pubkey.pem
+ +

Output the public part of a private key in RSAPublicKey format:

+ +
openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem
+ +

BUGS

+ +

There should be an option that automatically handles .key files, without having to manually edit them.

+ +

SEE ALSO

+ +

pkcs8(1), dsa(1), genrsa(1), gendsa(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/rsautl.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/rsautl.html new file mode 100644 index 00000000..c922ee05 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/rsautl.html @@ -0,0 +1,236 @@ + + + + +rsautl + + + + + + + + + + +

NAME

+ +

openssl-rsautl, rsautl - RSA utility

+ +

SYNOPSIS

+ +

openssl rsautl [-help] [-in file] [-out file] [-inkey file] [-keyform PEM|DER|ENGINE] [-pubin] [-certin] [-sign] [-verify] [-encrypt] [-decrypt] [-rand file...] [-writerand file] [-pkcs] [-ssl] [-raw] [-hexdump] [-asn1parse]

+ +

DESCRIPTION

+ +

The rsautl command can be used to sign, verify, encrypt and decrypt data using the RSA algorithm.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-in filename
+
+ +

This specifies the input filename to read data from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

Specifies the output filename to write to or standard output by default.

+ +
+
-inkey file
+
+ +

The input key file, by default it should be an RSA private key.

+ +
+
-keyform PEM|DER|ENGINE
+
+ +

The key format PEM, DER or ENGINE.

+ +
+
-pubin
+
+ +

The input file is an RSA public key.

+ +
+
-certin
+
+ +

The input is a certificate containing an RSA public key.

+ +
+
-sign
+
+ +

Sign the input data and output the signed result. This requires an RSA private key.

+ +
+
-verify
+
+ +

Verify the input data and output the recovered data.

+ +
+
-encrypt
+
+ +

Encrypt the input data using an RSA public key.

+ +
+
-decrypt
+
+ +

Decrypt the input data using an RSA private key.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-pkcs, -oaep, -ssl, -raw
+
+ +

The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, special padding used in SSL v2 backwards compatible handshakes, or no padding, respectively. For signatures, only -pkcs and -raw can be used.

+ +
+
-hexdump
+
+ +

Hex dump the output data.

+ +
+
-asn1parse
+
+ +

Parse the ASN.1 output data, this is useful when combined with the -verify option.

+ +
+
+ +

NOTES

+ +

rsautl because it uses the RSA algorithm directly can only be used to sign or verify small pieces of data.

+ +

EXAMPLES

+ +

Sign some data using a private key:

+ +
openssl rsautl -sign -in file -inkey key.pem -out sig
+ +

Recover the signed data

+ +
openssl rsautl -verify -in sig -inkey key.pem
+ +

Examine the raw signed data:

+ +
openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
+
+0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64   .....hello world
+ +

The PKCS#1 block formatting is evident from this. If this was done using encrypt and decrypt the block would have been of type 2 (the second byte) and random padding data visible instead of the 0xff bytes.

+ +

It is possible to analyse the signature of certificates using this utility in conjunction with asn1parse. Consider the self signed example in certs/pca-cert.pem . Running asn1parse as follows yields:

+ +
openssl asn1parse -in pca-cert.pem
+
+   0:d=0  hl=4 l= 742 cons: SEQUENCE
+   4:d=1  hl=4 l= 591 cons:  SEQUENCE
+   8:d=2  hl=2 l=   3 cons:   cont [ 0 ]
+  10:d=3  hl=2 l=   1 prim:    INTEGER           :02
+  13:d=2  hl=2 l=   1 prim:   INTEGER           :00
+  16:d=2  hl=2 l=  13 cons:   SEQUENCE
+  18:d=3  hl=2 l=   9 prim:    OBJECT            :md5WithRSAEncryption
+  29:d=3  hl=2 l=   0 prim:    NULL
+  31:d=2  hl=2 l=  92 cons:   SEQUENCE
+  33:d=3  hl=2 l=  11 cons:    SET
+  35:d=4  hl=2 l=   9 cons:     SEQUENCE
+  37:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
+  42:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :AU
+ ....
+ 599:d=1  hl=2 l=  13 cons:  SEQUENCE
+ 601:d=2  hl=2 l=   9 prim:   OBJECT            :md5WithRSAEncryption
+ 612:d=2  hl=2 l=   0 prim:   NULL
+ 614:d=1  hl=3 l= 129 prim:  BIT STRING
+ +

The final BIT STRING contains the actual signature. It can be extracted with:

+ +
openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
+ +

The certificate public key can be extracted with:

+ +
openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
+ +

The signature can be analysed with:

+ +
openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
+
+   0:d=0  hl=2 l=  32 cons: SEQUENCE
+   2:d=1  hl=2 l=  12 cons:  SEQUENCE
+   4:d=2  hl=2 l=   8 prim:   OBJECT            :md5
+  14:d=2  hl=2 l=   0 prim:   NULL
+  16:d=1  hl=2 l=  16 prim:  OCTET STRING
+     0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5   .F...Js.7...H%..
+ +

This is the parsed version of an ASN1 DigestInfo structure. It can be seen that the digest used was md5. The actual part of the certificate that was signed can be extracted with:

+ +
openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
+ +

and its digest computed with:

+ +
openssl md5 -c tbs
+MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
+ +

which it can be seen agrees with the recovered value above.

+ +

SEE ALSO

+ +

dgst(1), rsa(1), genrsa(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/s_client.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/s_client.html new file mode 100644 index 00000000..11617c97 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/s_client.html @@ -0,0 +1,681 @@ + + + + +s_client + + + + + + + + + + +

NAME

+ +

openssl-s_client, s_client - SSL/TLS client program

+ +

SYNOPSIS

+ +

openssl s_client [-help] [-connect host:port] [-bind host:port] [-proxy host:port] [-unix path] [-4] [-6] [-servername name] [-noservername] [-verify depth] [-verify_return_error] [-cert filename] [-certform DER|PEM] [-key filename] [-keyform DER|PEM] [-cert_chain filename] [-build_chain] [-xkey] [-xcert] [-xchain] [-xchain_build] [-xcertform PEM|DER] [-xkeyform PEM|DER] [-pass arg] [-CApath directory] [-CAfile filename] [-chainCApath directory] [-chainCAfile filename] [-no-CAfile] [-no-CApath] [-requestCAfile filename] [-dane_tlsa_domain domain] [-dane_tlsa_rrdata rrdata] [-dane_ee_no_namechecks] [-attime timestamp] [-check_ss_sig] [-crl_check] [-crl_check_all] [-explicit_policy] [-extended_crl] [-ignore_critical] [-inhibit_any] [-inhibit_map] [-no_check_time] [-partial_chain] [-policy arg] [-policy_check] [-policy_print] [-purpose purpose] [-suiteB_128] [-suiteB_128_only] [-suiteB_192] [-trusted_first] [-no_alt_chains] [-use_deltas] [-auth_level num] [-nameopt option] [-verify_depth num] [-verify_email email] [-verify_hostname hostname] [-verify_ip ip] [-verify_name name] [-build_chain] [-x509_strict] [-reconnect] [-showcerts] [-debug] [-msg] [-nbio_test] [-state] [-nbio] [-crlf] [-ign_eof] [-no_ign_eof] [-psk_identity identity] [-psk key] [-psk_session file] [-quiet] [-ssl3] [-tls1] [-tls1_1] [-tls1_2] [-tls1_3] [-no_ssl3] [-no_tls1] [-no_tls1_1] [-no_tls1_2] [-no_tls1_3] [-dtls] [-dtls1] [-dtls1_2] [-sctp] [-sctp_label_bug] [-fallback_scsv] [-async] [-max_send_frag] [-split_send_frag] [-max_pipelines] [-read_buf] [-bugs] [-comp] [-no_comp] [-allow_no_dhe_kex] [-sigalgs sigalglist] [-curves curvelist] [-cipher cipherlist] [-ciphersuites val] [-serverpref] [-starttls protocol] [-xmpphost hostname] [-name hostname] [-engine id] [-tlsextdebug] [-no_ticket] [-sess_out filename] [-sess_in filename] [-rand file...] [-writerand file] [-serverinfo types] [-status] [-alpn protocols] [-nextprotoneg protocols] [-ct] [-noct] [-ctlogfile] [-keylogfile file] [-early_data file] [-enable_pha] [target]

+ +

DESCRIPTION

+ +

The s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS. It is a very useful diagnostic tool for SSL servers.

+ +

OPTIONS

+ +

In addition to the options below the s_client utility also supports the common and client only options documented in the "Supported Command Line Commands" section of the SSL_CONF_cmd(3) manual page.

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-connect host:port
+
+ +

This specifies the host and optional port to connect to. It is possible to select the host and port using the optional target positional argument instead. If neither this nor the target positional argument are specified then an attempt is made to connect to the local host on port 4433.

+ +
+
-bind host:port]
+
+ +

This specifies the host address and or port to bind as the source for the connection. For Unix-domain sockets the port is ignored and the host is used as the source socket address.

+ +
+
-proxy host:port
+
+ +

When used with the -connect flag, the program uses the host and port specified with this flag and issues an HTTP CONNECT command to connect to the desired server.

+ +
+
-unix path
+
+ +

Connect over the specified Unix-domain socket.

+ +
+
-4
+
+ +

Use IPv4 only.

+ +
+
-6
+
+ +

Use IPv6 only.

+ +
+
-servername name
+
+ +

Set the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value. If -servername is not provided, the TLS SNI extension will be populated with the name given to -connect if it follows a DNS name format. If -connect is not provided either, the SNI is set to "localhost". This is the default since OpenSSL 1.1.1.

+ +

Even though SNI should normally be a DNS name and not an IP address, if -servername is provided then that name will be sent, regardless of whether it is a DNS name or not.

+ +

This option cannot be used in conjunction with -noservername.

+ +
+
-noservername
+
+ +

Suppresses sending of the SNI (Server Name Indication) extension in the ClientHello message. Cannot be used in conjunction with the -servername or <-dane_tlsa_domain> options.

+ +
+
-cert certname
+
+ +

The certificate to use, if one is requested by the server. The default is not to use a certificate.

+ +
+
-certform format
+
+ +

The certificate format to use: DER or PEM. PEM is the default.

+ +
+
-key keyfile
+
+ +

The private key to use. If not specified then the certificate file will be used.

+ +
+
-keyform format
+
+ +

The private format to use: DER or PEM. PEM is the default.

+ +
+
-cert_chain
+
+ +

A file containing trusted certificates to use when attempting to build the client/server certificate chain related to the certificate specified via the -cert option.

+ +
+
-build_chain
+
+ +

Specify whether the application should build the certificate chain to be provided to the server.

+ +
+
-xkey infile, -xcert infile, -xchain
+
+ +

Specify an extra certificate, private key and certificate chain. These behave in the same manner as the -cert, -key and -cert_chain options. When specified, the callback returning the first valid chain will be in use by the client.

+ +
+
-xchain_build
+
+ +

Specify whether the application should build the certificate chain to be provided to the server for the extra certificates provided via -xkey infile, -xcert infile, -xchain options.

+ +
+
-xcertform PEM|DER, -xkeyform PEM|DER
+
+ +

Extra certificate and private key format respectively.

+ +
+
-pass arg
+
+ +

the private key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-verify depth
+
+ +

The verify depth to use. This specifies the maximum length of the server certificate chain and turns on server certificate verification. Currently the verify operation continues after errors so all the problems with a certificate chain can be seen. As a side effect the connection will never fail due to a server certificate verify failure.

+ +
+
-verify_return_error
+
+ +

Return verification errors instead of continuing. This will typically abort the handshake with a fatal error.

+ +
+
-nameopt option
+
+ +

Option which determines how the subject or issuer names are displayed. The option argument can be a single option or multiple options separated by commas. Alternatively the -nameopt switch may be used more than once to set multiple options. See the x509(1) manual page for details.

+ +
+
-CApath directory
+
+ +

The directory to use for server certificate verification. This directory must be in "hash format", see verify(1) for more information. These are also used when building the client certificate chain.

+ +
+
-CAfile file
+
+ +

A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain.

+ +
+
-chainCApath directory
+
+ +

The directory to use for building the chain provided to the server. This directory must be in "hash format", see verify(1) for more information.

+ +
+
-chainCAfile file
+
+ +

A file containing trusted certificates to use when attempting to build the client certificate chain.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location

+ +
+
-requestCAfile file
+
+ +

A file containing a list of certificates whose subject names will be sent to the server in the certificate_authorities extension. Only supported for TLS 1.3

+ +
+
-dane_tlsa_domain domain
+
+ +

Enable RFC6698/RFC7671 DANE TLSA authentication and specify the TLSA base domain which becomes the default SNI hint and the primary reference identifier for hostname checks. This must be used in combination with at least one instance of the -dane_tlsa_rrdata option below.

+ +

When DANE authentication succeeds, the diagnostic output will include the lowest (closest to 0) depth at which a TLSA record authenticated a chain certificate. When that TLSA record is a "2 1 0" trust anchor public key that signed (rather than matched) the top-most certificate of the chain, the result is reported as "TA public key verified". Otherwise, either the TLSA record "matched TA certificate" at a positive depth or else "matched EE certificate" at depth 0.

+ +
+
-dane_tlsa_rrdata rrdata
+
+ +

Use one or more times to specify the RRDATA fields of the DANE TLSA RRset associated with the target service. The rrdata value is specified in "presentation form", that is four whitespace separated fields that specify the usage, selector, matching type and associated data, with the last of these encoded in hexadecimal. Optional whitespace is ignored in the associated data field. For example:

+ +
$ openssl s_client -brief -starttls smtp \
+  -connect smtp.example.com:25 \
+  -dane_tlsa_domain smtp.example.com \
+  -dane_tlsa_rrdata "2 1 1
+    B111DD8A1C2091A89BD4FD60C57F0716CCE50FEEFF8137CDBEE0326E 02CF362B" \
+  -dane_tlsa_rrdata "2 1 1
+    60B87575447DCBA2A36B7D11AC09FB24A9DB406FEE12D2CC90180517 616E8A18"
+...
+Verification: OK
+Verified peername: smtp.example.com
+DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1
+...
+ +
+
-dane_ee_no_namechecks
+
+ +

This disables server name checks when authenticating via DANE-EE(3) TLSA records. For some applications, primarily web browsers, it is not safe to disable name checks due to "unknown key share" attacks, in which a malicious server can convince a client that a connection to a victim server is instead a secure connection to the malicious server. The malicious server may then be able to violate cross-origin scripting restrictions. Thus, despite the text of RFC7671, name checks are by default enabled for DANE-EE(3) TLSA records, and can be disabled in applications where it is safe to do so. In particular, SMTP and XMPP clients should set this option as SRV and MX records already make it possible for a remote domain to redirect client connections to any server of its choice, and in any case SMTP and XMPP clients do not execute scripts downloaded from remote servers.

+ +
+
-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict
+
+ +

Set various certificate chain validation options. See the verify(1) manual page for details.

+ +
+
-reconnect
+
+ +

Reconnects to the same server 5 times using the same session ID, this can be used as a test that session caching is working.

+ +
+
-showcerts
+
+ +

Displays the server certificate list as sent by the server: it only consists of certificates the server has sent (in the order the server has sent them). It is not a verified chain.

+ +
+
-prexit
+
+ +

Print session information when the program exits. This will always attempt to print out information even if the connection fails. Normally information will only be printed out once if the connection succeeds. This option is useful because the cipher in use may be renegotiated or the connection may fail because a client certificate is required or is requested only after an attempt is made to access a certain URL. Note: the output produced by this option is not always accurate because a connection might never have been established.

+ +
+
-state
+
+ +

Prints out the SSL session states.

+ +
+
-debug
+
+ +

Print extensive debugging information including a hex dump of all traffic.

+ +
+
-msg
+
+ +

Show all protocol messages with hex dump.

+ +
+
-trace
+
+ +

Show verbose trace output of protocol messages. OpenSSL needs to be compiled with enable-ssl-trace for this option to work.

+ +
+
-msgfile
+
+ +

File to send output of -msg or -trace to, default standard output.

+ +
+
-nbio_test
+
+ +

Tests non-blocking I/O

+ +
+
-nbio
+
+ +

Turns on non-blocking I/O

+ +
+
-crlf
+
+ +

This option translated a line feed from the terminal into CR+LF as required by some servers.

+ +
+
-ign_eof
+
+ +

Inhibit shutting down the connection when end of file is reached in the input.

+ +
+
-quiet
+
+ +

Inhibit printing of session and certificate information. This implicitly turns on -ign_eof as well.

+ +
+
-no_ign_eof
+
+ +

Shut down the connection when end of file is reached in the input. Can be used to override the implicit -ign_eof after -quiet.

+ +
+
-psk_identity identity
+
+ +

Use the PSK identity identity when using a PSK cipher suite. The default value is "Client_identity" (without the quotes).

+ +
+
-psk key
+
+ +

Use the PSK key key when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. This option must be provided in order to use a PSK cipher.

+ +
+
-psk_session file
+
+ +

Use the pem encoded SSL_SESSION data stored in file as the basis of a PSK. Note that this will only work if TLSv1.3 is negotiated.

+ +
+
-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3
+
+ +

These options require or disable the use of the specified SSL or TLS protocols. By default s_client will negotiate the highest mutually supported protocol version. When a specific TLS version is required, only that version will be offered to and accepted from the server. Note that not all protocols and flags may be available, depending on how OpenSSL was built.

+ +
+
-dtls, -dtls1, -dtls1_2
+
+ +

These options make s_client use DTLS protocols instead of TLS. With -dtls, s_client will negotiate any supported DTLS protocol version, whilst -dtls1 and -dtls1_2 will only support DTLS1.0 and DTLS1.2 respectively.

+ +
+
-sctp
+
+ +

Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in conjunction with -dtls, -dtls1 or -dtls1_2. This option is only available where OpenSSL has support for SCTP enabled.

+ +
+
-sctp_label_bug
+
+ +

Use the incorrect behaviour of older OpenSSL implementations when computing endpoint-pair shared secrets for DTLS/SCTP. This allows communication with older broken implementations but breaks interoperability with correct implementations. Must be used in conjunction with -sctp. This option is only available where OpenSSL has support for SCTP enabled.

+ +
+
-fallback_scsv
+
+ +

Send TLS_FALLBACK_SCSV in the ClientHello.

+ +
+
-async
+
+ +

Switch on asynchronous mode. Cryptographic operations will be performed asynchronously. This will only have an effect if an asynchronous capable engine is also used via the -engine option. For test purposes the dummy async engine (dasync) can be used (if available).

+ +
+
-max_send_frag int
+
+ +

The maximum size of data fragment to send. See SSL_CTX_set_max_send_fragment(3) for further information.

+ +
+
-split_send_frag int
+
+ +

The size used to split data for encrypt pipelines. If more data is written in one go than this value then it will be split into multiple pipelines, up to the maximum number of pipelines defined by max_pipelines. This only has an effect if a suitable cipher suite has been negotiated, an engine that supports pipelining has been loaded, and max_pipelines is greater than 1. See SSL_CTX_set_split_send_fragment(3) for further information.

+ +
+
-max_pipelines int
+
+ +

The maximum number of encrypt/decrypt pipelines to be used. This will only have an effect if an engine has been loaded that supports pipelining (e.g. the dasync engine) and a suitable cipher suite has been negotiated. The default value is 1. See SSL_CTX_set_max_pipelines(3) for further information.

+ +
+
-read_buf int
+
+ +

The default read buffer size to be used for connections. This will only have an effect if the buffer size is larger than the size that would otherwise be used and pipelining is in use (see SSL_CTX_set_default_read_buffer_len(3) for further information).

+ +
+
-bugs
+
+ +

There are several known bugs in SSL and TLS implementations. Adding this option enables various workarounds.

+ +
+
-comp
+
+ +

Enables support for SSL/TLS compression. This option was introduced in OpenSSL 1.1.0. TLS compression is not recommended and is off by default as of OpenSSL 1.1.0.

+ +
+
-no_comp
+
+ +

Disables support for SSL/TLS compression. TLS compression is not recommended and is off by default as of OpenSSL 1.1.0.

+ +
+
-brief
+
+ +

Only provide a brief summary of connection parameters instead of the normal verbose output.

+ +
+
-sigalgs sigalglist
+
+ +

Specifies the list of signature algorithms that are sent by the client. The server selects one entry in the list based on its preferences. For example strings, see SSL_CTX_set1_sigalgs(3)

+ +
+
-curves curvelist
+
+ +

Specifies the list of supported curves to be sent by the client. The curve is ultimately selected by the server. For a list of all curves, use:

+ +
$ openssl ecparam -list_curves
+ +
+
-cipher cipherlist
+
+ +

This allows the TLSv1.2 and below cipher list sent by the client to be modified. This list will be combined with any TLSv1.3 ciphersuites that have been configured. Although the server determines which ciphersuite is used it should take the first supported cipher in the list sent by the client. See the ciphers command for more information.

+ +
+
-ciphersuites val
+
+ +

This allows the TLSv1.3 ciphersuites sent by the client to be modified. This list will be combined with any TLSv1.2 and below ciphersuites that have been configured. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See the ciphers command for more information. The format for this list is a simple colon (":") separated list of TLSv1.3 ciphersuite names.

+ +
+
-starttls protocol
+
+ +

Send the protocol-specific message(s) to switch to TLS for communication. protocol is a keyword for the intended protocol. Currently, the only supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server", "irc", "postgres", "mysql", "lmtp", "nntp", "sieve" and "ldap".

+ +
+
-xmpphost hostname
+
+ +

This option, when used with "-starttls xmpp" or "-starttls xmpp-server", specifies the host for the "to" attribute of the stream element. If this option is not specified, then the host specified with "-connect" will be used.

+ +

This option is an alias of the -name option for "xmpp" and "xmpp-server".

+ +
+
-name hostname
+
+ +

This option is used to specify hostname information for various protocols used with -starttls option. Currently only "xmpp", "xmpp-server", "smtp" and "lmtp" can utilize this -name option.

+ +

If this option is used with "-starttls xmpp" or "-starttls xmpp-server", if specifies the host for the "to" attribute of the stream element. If this option is not specified, then the host specified with "-connect" will be used.

+ +

If this option is used with "-starttls lmtp" or "-starttls smtp", it specifies the name to use in the "LMTP LHLO" or "SMTP EHLO" message, respectively. If this option is not specified, then "mail.example.com" will be used.

+ +
+
-tlsextdebug
+
+ +

Print out a hex dump of any TLS extensions received from the server.

+ +
+
-no_ticket
+
+ +

Disable RFC4507bis session ticket support.

+ +
+
-sess_out filename
+
+ +

Output SSL session to filename.

+ +
+
-sess_in sess.pem
+
+ +

Load SSL session from filename. The client will attempt to resume a connection from this session.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause s_client to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-serverinfo types
+
+ +

A list of comma-separated TLS Extension Types (numbers between 0 and 65535). Each type will be sent as an empty ClientHello TLS Extension. The server's response (if any) will be encoded and displayed as a PEM file.

+ +
+
-status
+
+ +

Sends a certificate status request to the server (OCSP stapling). The server response (if any) is printed out.

+ +
+
-alpn protocols, -nextprotoneg protocols
+
+ +

These flags enable the Enable the Application-Layer Protocol Negotiation or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the IETF standard and replaces NPN. The protocols list is a comma-separated list of protocol names that the client should advertise support for. The list should contain the most desirable protocols first. Protocol names are printable ASCII strings, for example "http/1.1" or "spdy/3". An empty list of protocols is treated specially and will cause the client to advertise support for the TLS extension but disconnect just after receiving ServerHello with a list of server supported protocols. The flag -nextprotoneg cannot be specified if -tls1_3 is used.

+ +
+
-ct, -noct
+
+ +

Use one of these two options to control whether Certificate Transparency (CT) is enabled (-ct) or disabled (-noct). If CT is enabled, signed certificate timestamps (SCTs) will be requested from the server and reported at handshake completion.

+ +

Enabling CT also enables OCSP stapling, as this is one possible delivery method for SCTs.

+ +
+
-ctlogfile
+
+ +

A file containing a list of known Certificate Transparency logs. See SSL_CTX_set_ctlog_list_file(3) for the expected file format.

+ +
+
-keylogfile file
+
+ +

Appends TLS secrets to the specified keylog file such that external programs (like Wireshark) can decrypt TLS connections.

+ +
+
-early_data file
+
+ +

Reads the contents of the specified file and attempts to send it as early data to the server. This will only work with resumed sessions that support early data and when the server accepts the early data.

+ +
+
-enable_pha
+
+ +

For TLSv1.3 only, send the Post-Handshake Authentication extension. This will happen whether or not a certificate has been provided via -cert.

+ +
+
[target]
+
+ +

Rather than providing -connect, the target hostname and optional port may be provided as a single positional argument after all options. If neither this nor -connect are provided, falls back to attempting to connect to localhost on port 4433.

+ +
+
+ +

CONNECTED COMMANDS

+ +

If a connection is established with an SSL server then any data received from the server is displayed and any key presses will be sent to the server. If end of file is reached then the connection will be closed down. When used interactively (which means neither -quiet nor -ign_eof have been given), then certain commands are also recognized which perform special operations. These commands are a letter which must appear at the start of a line. They are listed below.

+ +
+ +
Q
+
+ +

End the current SSL connection and exit.

+ +
+
R
+
+ +

Renegotiate the SSL session (TLSv1.2 and below only).

+ +
+
B
+
+ +

Send a heartbeat message to the server (DTLS only)

+ +
+
k
+
+ +

Send a key update message to the server (TLSv1.3 only)

+ +
+
K
+
+ +

Send a key update message to the server and request one back (TLSv1.3 only)

+ +
+
+ +

NOTES

+ +

s_client can be used to debug SSL servers. To connect to an SSL HTTP server the command:

+ +
openssl s_client -connect servername:443
+ +

would typically be used (https uses port 443). If the connection succeeds then an HTTP command can be given such as "GET /" to retrieve a web page.

+ +

If the handshake fails then there are several possible causes, if it is nothing obvious like no client certificate then the -bugs, -ssl3, -tls1, -no_ssl3, -no_tls1 options can be tried in case it is a buggy server. In particular you should play with these options before submitting a bug report to an OpenSSL mailing list.

+ +

A frequent problem when attempting to get client certificates working is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using s_client the CA list can be viewed and checked. However some servers only request client authentication after a specific URL is requested. To obtain the list in this case it is necessary to use the -prexit option and send an HTTP request for an appropriate page.

+ +

If a certificate is specified on the command line using the -cert option it will not be used unless the server specifically requests a client certificate. Therefor merely including a client certificate on the command line is no guarantee that the certificate works.

+ +

If there are problems verifying a server certificate then the -showcerts option can be used to show all the certificates sent by the server.

+ +

The s_client utility is a test tool and is designed to continue the handshake after any certificate verification errors. As a result it will accept any certificate chain (trusted or not) sent by the peer. None test applications should not do this as it makes them vulnerable to a MITM attack. This behaviour can be changed by with the -verify_return_error option: any verify errors are then returned aborting the handshake.

+ +

The -bind option may be useful if the server or a firewall requires connections to come from some particular address and or port.

+ +

BUGS

+ +

Because this program has a lot of options and also because some of the techniques used are rather old, the C source of s_client is rather hard to read and not a model of how things should be done. A typical SSL client program would be much simpler.

+ +

The -prexit option is a bit of a hack. We should really report information whenever a session is renegotiated.

+ +

SEE ALSO

+ +

SSL_CONF_cmd(3), sess_id(1), s_server(1), ciphers(1), SSL_CTX_set_max_send_fragment(3), SSL_CTX_set_split_send_fragment(3), SSL_CTX_set_max_pipelines(3)

+ +

HISTORY

+ +

The -no_alt_chains option was added in OpenSSL 1.1.0. The -name option was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/s_server.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/s_server.html new file mode 100644 index 00000000..8dfa0356 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/s_server.html @@ -0,0 +1,714 @@ + + + + +s_server + + + + + + + + + + +

NAME

+ +

openssl-s_server, s_server - SSL/TLS server program

+ +

SYNOPSIS

+ +

openssl s_server [-help] [-port +int] [-accept val] [-unix val] [-4] [-6] [-unlink] [-context val] [-verify int] [-Verify int] [-cert infile] [-nameopt val] [-naccept +int] [-serverinfo val] [-certform PEM|DER] [-key infile] [-keyform format] [-pass val] [-dcert infile] [-dcertform PEM|DER] [-dkey infile] [-dkeyform PEM|DER] [-dpass val] [-nbio_test] [-crlf] [-debug] [-msg] [-msgfile outfile] [-state] [-CAfile infile] [-CApath dir] [-no-CAfile] [-no-CApath] [-nocert] [-quiet] [-no_resume_ephemeral] [-www] [-WWW] [-servername] [-servername_fatal] [-cert2 infile] [-key2 infile] [-tlsextdebug] [-HTTP] [-id_prefix val] [-rand file...] [-writerand file] [-keymatexport val] [-keymatexportlen +int] [-CRL infile] [-crl_download] [-cert_chain infile] [-dcert_chain infile] [-chainCApath dir] [-verifyCApath dir] [-no_cache] [-ext_cache] [-CRLform PEM|DER] [-verify_return_error] [-verify_quiet] [-build_chain] [-chainCAfile infile] [-verifyCAfile infile] [-ign_eof] [-no_ign_eof] [-status] [-status_verbose] [-status_timeout int] [-status_url val] [-status_file infile] [-trace] [-security_debug] [-security_debug_verbose] [-brief] [-rev] [-async] [-ssl_config val] [-max_send_frag +int] [-split_send_frag +int] [-max_pipelines +int] [-read_buf +int] [-no_ssl3] [-no_tls1] [-no_tls1_1] [-no_tls1_2] [-no_tls1_3] [-bugs] [-no_comp] [-comp] [-no_ticket] [-num_tickets] [-serverpref] [-legacy_renegotiation] [-no_renegotiation] [-legacy_server_connect] [-no_resumption_on_reneg] [-no_legacy_server_connect] [-allow_no_dhe_kex] [-prioritize_chacha] [-strict] [-sigalgs val] [-client_sigalgs val] [-groups val] [-curves val] [-named_curve val] [-cipher val] [-ciphersuites val] [-dhparam infile] [-record_padding val] [-debug_broken_protocol] [-policy val] [-purpose val] [-verify_name val] [-verify_depth int] [-auth_level int] [-attime intmax] [-verify_hostname val] [-verify_email val] [-verify_ip] [-ignore_critical] [-issuer_checks] [-crl_check] [-crl_check_all] [-policy_check] [-explicit_policy] [-inhibit_any] [-inhibit_map] [-x509_strict] [-extended_crl] [-use_deltas] [-policy_print] [-check_ss_sig] [-trusted_first] [-suiteB_128_only] [-suiteB_128] [-suiteB_192] [-partial_chain] [-no_alt_chains] [-no_check_time] [-allow_proxy_certs] [-xkey] [-xcert] [-xchain] [-xchain_build] [-xcertform PEM|DER] [-xkeyform PEM|DER] [-nbio] [-psk_identity val] [-psk_hint val] [-psk val] [-psk_session file] [-srpvfile infile] [-srpuserseed val] [-ssl3] [-tls1] [-tls1_1] [-tls1_2] [-tls1_3] [-dtls] [-timeout] [-mtu +int] [-listen] [-dtls1] [-dtls1_2] [-sctp] [-sctp_label_bug] [-no_dhe] [-nextprotoneg val] [-use_srtp val] [-alpn val] [-engine val] [-keylogfile outfile] [-max_early_data int] [-early_data] [-anti_replay] [-no_anti_replay]

+ +

DESCRIPTION

+ +

The s_server command implements a generic SSL/TLS server which listens for connections on a given port using SSL/TLS.

+ +

OPTIONS

+ +

In addition to the options below the s_server utility also supports the common and server only options documented in the "Supported Command Line Commands" section of the SSL_CONF_cmd(3) manual page.

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-port +int
+
+ +

The TCP port to listen on for connections. If not specified 4433 is used.

+ +
+
-accept val
+
+ +

The optional TCP host and port to listen on for connections. If not specified, *:4433 is used.

+ +
+
-unix val
+
+ +

Unix domain socket to accept on.

+ +
+
-4
+
+ +

Use IPv4 only.

+ +
+
-6
+
+ +

Use IPv6 only.

+ +
+ +
+ +

For -unix, unlink any existing socket first.

+ +
+
-context val
+
+ +

Sets the SSL context id. It can be given any string value. If this option is not present a default value will be used.

+ +
+
-verify int, -Verify int
+
+ +

The verify depth to use. This specifies the maximum length of the client certificate chain and makes the server request a certificate from the client. With the -verify option a certificate is requested but the client does not have to send one, with the -Verify option the client must supply a certificate or an error occurs.

+ +

If the cipher suite cannot request a client certificate (for example an anonymous cipher suite or PSK) this option has no effect.

+ +
+
-cert infile
+
+ +

The certificate to use, most servers cipher suites require the use of a certificate and some require a certificate with a certain public key type: for example the DSS cipher suites require a certificate containing a DSS (DSA) key. If not specified then the filename "server.pem" will be used.

+ +
+
-cert_chain
+
+ +

A file containing trusted certificates to use when attempting to build the client/server certificate chain related to the certificate specified via the -cert option.

+ +
+
-build_chain
+
+ +

Specify whether the application should build the certificate chain to be provided to the client.

+ +
+
-nameopt val
+
+ +

Option which determines how the subject or issuer names are displayed. The val argument can be a single option or multiple options separated by commas. Alternatively the -nameopt switch may be used more than once to set multiple options. See the x509(1) manual page for details.

+ +
+
-naccept +int
+
+ +

The server will exit after receiving the specified number of connections, default unlimited.

+ +
+
-serverinfo val
+
+ +

A file containing one or more blocks of PEM data. Each PEM block must encode a TLS ServerHello extension (2 bytes type, 2 bytes length, followed by "length" bytes of extension data). If the client sends an empty TLS ClientHello extension matching the type, the corresponding ServerHello extension will be returned.

+ +
+
-certform PEM|DER
+
+ +

The certificate format to use: DER or PEM. PEM is the default.

+ +
+
-key infile
+
+ +

The private key to use. If not specified then the certificate file will be used.

+ +
+
-keyform format
+
+ +

The private format to use: DER or PEM. PEM is the default.

+ +
+
-pass val
+
+ +

The private key password source. For more information about the format of val see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-dcert infile, -dkey infile
+
+ +

Specify an additional certificate and private key, these behave in the same manner as the -cert and -key options except there is no default if they are not specified (no additional certificate and key is used). As noted above some cipher suites require a certificate containing a key of a certain type. Some cipher suites need a certificate carrying an RSA key and some a DSS (DSA) key. By using RSA and DSS certificates and keys a server can support clients which only support RSA or DSS cipher suites by using an appropriate certificate.

+ +
+
-dcert_chain
+
+ +

A file containing trusted certificates to use when attempting to build the server certificate chain when a certificate specified via the -dcert option is in use.

+ +
+
-dcertform PEM|DER, -dkeyform PEM|DER, -dpass val
+
+ +

Additional certificate and private key format and passphrase respectively.

+ +
+
-xkey infile, -xcert infile, -xchain
+
+ +

Specify an extra certificate, private key and certificate chain. These behave in the same manner as the -cert, -key and -cert_chain options. When specified, the callback returning the first valid chain will be in use by the server.

+ +
+
-xchain_build
+
+ +

Specify whether the application should build the certificate chain to be provided to the client for the extra certificates provided via -xkey infile, -xcert infile, -xchain options.

+ +
+
-xcertform PEM|DER, -xkeyform PEM|DER
+
+ +

Extra certificate and private key format respectively.

+ +
+
-nbio_test
+
+ +

Tests non blocking I/O.

+ +
+
-crlf
+
+ +

This option translated a line feed from the terminal into CR+LF.

+ +
+
-debug
+
+ +

Print extensive debugging information including a hex dump of all traffic.

+ +
+
-msg
+
+ +

Show all protocol messages with hex dump.

+ +
+
-msgfile outfile
+
+ +

File to send output of -msg or -trace to, default standard output.

+ +
+
-state
+
+ +

Prints the SSL session states.

+ +
+
-CAfile infile
+
+ +

A file containing trusted certificates to use during client authentication and to use when attempting to build the server certificate chain. The list is also used in the list of acceptable client CAs passed to the client when a certificate is requested.

+ +
+
-CApath dir
+
+ +

The directory to use for client certificate verification. This directory must be in "hash format", see verify(1) for more information. These are also used when building the server certificate chain.

+ +
+
-chainCApath dir
+
+ +

The directory to use for building the chain provided to the client. This directory must be in "hash format", see verify(1) for more information.

+ +
+
-chainCAfile file
+
+ +

A file containing trusted certificates to use when attempting to build the server certificate chain.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location.

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location.

+ +
+
-nocert
+
+ +

If this option is set then no certificate is used. This restricts the cipher suites available to the anonymous ones (currently just anonymous DH).

+ +
+
-quiet
+
+ +

Inhibit printing of session and certificate information.

+ +
+
-www
+
+ +

Sends a status message back to the client when it connects. This includes information about the ciphers used and various session parameters. The output is in HTML format so this option will normally be used with a web browser. Cannot be used in conjunction with -early_data.

+ +
+
-WWW
+
+ +

Emulates a simple web server. Pages will be resolved relative to the current directory, for example if the URL https://myhost/page.html is requested the file ./page.html will be loaded. Cannot be used in conjunction with -early_data.

+ +
+
-tlsextdebug
+
+ +

Print a hex dump of any TLS extensions received from the server.

+ +
+
-HTTP
+
+ +

Emulates a simple web server. Pages will be resolved relative to the current directory, for example if the URL https://myhost/page.html is requested the file ./page.html will be loaded. The files loaded are assumed to contain a complete and correct HTTP response (lines that are part of the HTTP response line and headers must end with CRLF). Cannot be used in conjunction with -early_data.

+ +
+
-id_prefix val
+
+ +

Generate SSL/TLS session IDs prefixed by val. This is mostly useful for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple servers, when each of which might be generating a unique range of session IDs (eg. with a certain prefix).

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-verify_return_error
+
+ +

Verification errors normally just print a message but allow the connection to continue, for debugging purposes. If this option is used, then verification errors close the connection.

+ +
+
-status
+
+ +

Enables certificate status request support (aka OCSP stapling).

+ +
+
-status_verbose
+
+ +

Enables certificate status request support (aka OCSP stapling) and gives a verbose printout of the OCSP response.

+ +
+
-status_timeout int
+
+ +

Sets the timeout for OCSP response to int seconds.

+ +
+
-status_url val
+
+ +

Sets a fallback responder URL to use if no responder URL is present in the server certificate. Without this option an error is returned if the server certificate does not contain a responder address.

+ +
+
-status_file infile
+
+ +

Overrides any OCSP responder URLs from the certificate and always provides the OCSP Response stored in the file. The file must be in DER format.

+ +
+
-trace
+
+ +

Show verbose trace output of protocol messages. OpenSSL needs to be compiled with enable-ssl-trace for this option to work.

+ +
+
-brief
+
+ +

Provide a brief summary of connection parameters instead of the normal verbose output.

+ +
+
-rev
+
+ +

Simple test server which just reverses the text received from the client and sends it back to the server. Also sets -brief. Cannot be used in conjunction with -early_data.

+ +
+
-async
+
+ +

Switch on asynchronous mode. Cryptographic operations will be performed asynchronously. This will only have an effect if an asynchronous capable engine is also used via the -engine option. For test purposes the dummy async engine (dasync) can be used (if available).

+ +
+
-max_send_frag +int
+
+ +

The maximum size of data fragment to send. See SSL_CTX_set_max_send_fragment(3) for further information.

+ +
+
-split_send_frag +int
+
+ +

The size used to split data for encrypt pipelines. If more data is written in one go than this value then it will be split into multiple pipelines, up to the maximum number of pipelines defined by max_pipelines. This only has an effect if a suitable cipher suite has been negotiated, an engine that supports pipelining has been loaded, and max_pipelines is greater than 1. See SSL_CTX_set_split_send_fragment(3) for further information.

+ +
+
-max_pipelines +int
+
+ +

The maximum number of encrypt/decrypt pipelines to be used. This will only have an effect if an engine has been loaded that supports pipelining (e.g. the dasync engine) and a suitable cipher suite has been negotiated. The default value is 1. See SSL_CTX_set_max_pipelines(3) for further information.

+ +
+
-read_buf +int
+
+ +

The default read buffer size to be used for connections. This will only have an effect if the buffer size is larger than the size that would otherwise be used and pipelining is in use (see SSL_CTX_set_default_read_buffer_len(3) for further information).

+ +
+
-ssl2, -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl2, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3
+
+ +

These options require or disable the use of the specified SSL or TLS protocols. By default s_server will negotiate the highest mutually supported protocol version. When a specific TLS version is required, only that version will be accepted from the client. Note that not all protocols and flags may be available, depending on how OpenSSL was built.

+ +
+
-bugs
+
+ +

There are several known bugs in SSL and TLS implementations. Adding this option enables various workarounds.

+ +
+
-no_comp
+
+ +

Disable negotiation of TLS compression. TLS compression is not recommended and is off by default as of OpenSSL 1.1.0.

+ +
+
-comp
+
+ +

Enable negotiation of TLS compression. This option was introduced in OpenSSL 1.1.0. TLS compression is not recommended and is off by default as of OpenSSL 1.1.0.

+ +
+
-no_ticket
+
+ +

Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3 is negotiated. See -num_tickets.

+ +
+
-num_tickets
+
+ +

Control the number of tickets that will be sent to the client after a full handshake in TLSv1.3. The default number of tickets is 2. This option does not affect the number of tickets sent after a resumption handshake.

+ +
+
-serverpref
+
+ +

Use the server's cipher preferences, rather than the client's preferences.

+ +
+
-prioritize_chacha
+
+ +

Prioritize ChaCha ciphers when preferred by clients. Requires -serverpref.

+ +
+
-no_resumption_on_reneg
+
+ +

Set the SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION option.

+ +
+
-client_sigalgs val
+
+ +

Signature algorithms to support for client certificate authentication (colon-separated list).

+ +
+
-named_curve val
+
+ +

Specifies the elliptic curve to use. NOTE: this is single curve, not a list. For a list of all possible curves, use:

+ +
$ openssl ecparam -list_curves
+ +
+
-cipher val
+
+ +

This allows the list of TLSv1.2 and below ciphersuites used by the server to be modified. This list is combined with any TLSv1.3 ciphersuites that have been configured. When the client sends a list of supported ciphers the first client cipher also included in the server list is used. Because the client specifies the preference order, the order of the server cipherlist is irrelevant. See the ciphers command for more information.

+ +
+
-ciphersuites val
+
+ +

This allows the list of TLSv1.3 ciphersuites used by the server to be modified. This list is combined with any TLSv1.2 and below ciphersuites that have been configured. When the client sends a list of supported ciphers the first client cipher also included in the server list is used. Because the client specifies the preference order, the order of the server cipherlist is irrelevant. See the ciphers command for more information. The format for this list is a simple colon (":") separated list of TLSv1.3 ciphersuite names.

+ +
+
-dhparam infile
+
+ +

The DH parameter file to use. The ephemeral DH cipher suites generate keys using a set of DH parameters. If not specified then an attempt is made to load the parameters from the server certificate file. If this fails then a static set of parameters hard coded into the s_server program will be used.

+ +
+
-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict
+
+ +

Set different peer certificate verification options. See the verify(1) manual page for details.

+ +
+
-crl_check, -crl_check_all
+
+ +

Check the peer certificate has not been revoked by its CA. The CRL(s) are appended to the certificate file. With the -crl_check_all option all CRLs of all CAs in the chain are checked.

+ +
+
-nbio
+
+ +

Turns on non blocking I/O.

+ +
+
-psk_identity val
+
+ +

Expect the client to send PSK identity val when using a PSK cipher suite, and warn if they do not. By default, the expected PSK identity is the string "Client_identity".

+ +
+
-psk_hint val
+
+ +

Use the PSK identity hint val when using a PSK cipher suite.

+ +
+
-psk val
+
+ +

Use the PSK key val when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. This option must be provided in order to use a PSK cipher.

+ +
+
-psk_session file
+
+ +

Use the pem encoded SSL_SESSION data stored in file as the basis of a PSK. Note that this will only work if TLSv1.3 is negotiated.

+ +
+
-listen
+
+ +

This option can only be used in conjunction with one of the DTLS options above. With this option s_server will listen on a UDP port for incoming connections. Any ClientHellos that arrive will be checked to see if they have a cookie in them or not. Any without a cookie will be responded to with a HelloVerifyRequest. If a ClientHello with a cookie is received then s_server will connect to that peer and complete the handshake.

+ +
+
-dtls, -dtls1, -dtls1_2
+
+ +

These options make s_server use DTLS protocols instead of TLS. With -dtls, s_server will negotiate any supported DTLS protocol version, whilst -dtls1 and -dtls1_2 will only support DTLSv1.0 and DTLSv1.2 respectively.

+ +
+
-sctp
+
+ +

Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in conjunction with -dtls, -dtls1 or -dtls1_2. This option is only available where OpenSSL has support for SCTP enabled.

+ +
+
-sctp_label_bug
+
+ +

Use the incorrect behaviour of older OpenSSL implementations when computing endpoint-pair shared secrets for DTLS/SCTP. This allows communication with older broken implementations but breaks interoperability with correct implementations. Must be used in conjunction with -sctp. This option is only available where OpenSSL has support for SCTP enabled.

+ +
+
-no_dhe
+
+ +

If this option is set then no DH parameters will be loaded effectively disabling the ephemeral DH cipher suites.

+ +
+
-alpn val, -nextprotoneg val
+
+ +

These flags enable the Enable the Application-Layer Protocol Negotiation or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the IETF standard and replaces NPN. The val list is a comma-separated list of supported protocol names. The list should contain the most desirable protocols first. Protocol names are printable ASCII strings, for example "http/1.1" or "spdy/3". The flag -nextprotoneg cannot be specified if -tls1_3 is used.

+ +
+
-engine val
+
+ +

Specifying an engine (by its unique id string in val) will cause s_server to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-keylogfile outfile
+
+ +

Appends TLS secrets to the specified keylog file such that external programs (like Wireshark) can decrypt TLS connections.

+ +
+
-max_early_data int
+
+ +

Change the default maximum early data bytes that are specified for new sessions and any incoming early data (when used in conjunction with the -early_data flag). The default value is approximately 16k. The argument must be an integer greater than or equal to 0.

+ +
+
-early_data
+
+ +

Accept early data where possible. Cannot be used in conjunction with -www, -WWW, -HTTP or -rev.

+ +
+
-anti_replay, -no_anti_replay
+
+ +

Switches replay protection on or off, respectively. Replay protection is on by default unless overridden by a configuration file. When it is on, OpenSSL will automatically detect if a session ticket has been used more than once, TLSv1.3 has been negotiated, and early data is enabled on the server. A full handshake is forced if a session ticket is used a second or subsequent time. Any early data that was sent will be rejected.

+ +
+
+ +

CONNECTED COMMANDS

+ +

If a connection request is established with an SSL client and neither the -www nor the -WWW option has been used then normally any data received from the client is displayed and any key presses will be sent to the client.

+ +

Certain commands are also recognized which perform special operations. These commands are a letter which must appear at the start of a line. They are listed below.

+ +
+ +
q
+
+ +

End the current SSL connection but still accept new connections.

+ +
+
Q
+
+ +

End the current SSL connection and exit.

+ +
+
r
+
+ +

Renegotiate the SSL session (TLSv1.2 and below only).

+ +
+
R
+
+ +

Renegotiate the SSL session and request a client certificate (TLSv1.2 and below only).

+ +
+
P
+
+ +

Send some plain text down the underlying TCP connection: this should cause the client to disconnect due to a protocol violation.

+ +
+
S
+
+ +

Print out some session cache status information.

+ +
+
B
+
+ +

Send a heartbeat message to the client (DTLS only)

+ +
+
k
+
+ +

Send a key update message to the client (TLSv1.3 only)

+ +
+
K
+
+ +

Send a key update message to the client and request one back (TLSv1.3 only)

+ +
+
c
+
+ +

Send a certificate request to the client (TLSv1.3 only)

+ +
+
+ +

NOTES

+ +

s_server can be used to debug SSL clients. To accept connections from a web browser the command:

+ +
openssl s_server -accept 443 -www
+ +

can be used for example.

+ +

Although specifying an empty list of CAs when requesting a client certificate is strictly speaking a protocol violation, some SSL clients interpret this to mean any CA is acceptable. This is useful for debugging purposes.

+ +

The session parameters can printed out using the sess_id program.

+ +

BUGS

+ +

Because this program has a lot of options and also because some of the techniques used are rather old, the C source of s_server is rather hard to read and not a model of how things should be done. A typical SSL server program would be much simpler.

+ +

The output of common ciphers is wrong: it just gives the list of ciphers that OpenSSL recognizes and the client supports.

+ +

There should be a way for the s_server program to print out details of any unknown cipher suites a client says it supports.

+ +

SEE ALSO

+ +

SSL_CONF_cmd(3), sess_id(1), s_client(1), ciphers(1) SSL_CTX_set_max_send_fragment(3), SSL_CTX_set_split_send_fragment(3), SSL_CTX_set_max_pipelines(3)

+ +

HISTORY

+ +

The -no_alt_chains option was added in OpenSSL 1.1.0.

+ +

The -allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/s_time.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/s_time.html new file mode 100644 index 00000000..81cd2961 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/s_time.html @@ -0,0 +1,190 @@ + + + + +s_time + + + + + + + + + + +

NAME

+ +

openssl-s_time, s_time - SSL/TLS performance timing program

+ +

SYNOPSIS

+ +

openssl s_time [-help] [-connect host:port] [-www page] [-cert filename] [-key filename] [-CApath directory] [-CAfile filename] [-no-CAfile] [-no-CApath] [-reuse] [-new] [-verify depth] [-nameopt option] [-time seconds] [-ssl3] [-bugs] [-cipher cipherlist] [-ciphersuites val]

+ +

DESCRIPTION

+ +

The s_time command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS. It can request a page from the server and includes the time to transfer the payload data in its timing measurements. It measures the number of connections within a given timeframe, the amount of data transferred (if any), and calculates the average time spent for one connection.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-connect host:port
+
+ +

This specifies the host and optional port to connect to.

+ +
+
-www page
+
+ +

This specifies the page to GET from the server. A value of '/' gets the index.htm[l] page. If this parameter is not specified, then s_time will only perform the handshake to establish SSL connections but not transfer any payload data.

+ +
+
-cert certname
+
+ +

The certificate to use, if one is requested by the server. The default is not to use a certificate. The file is in PEM format.

+ +
+
-key keyfile
+
+ +

The private key to use. If not specified then the certificate file will be used. The file is in PEM format.

+ +
+
-verify depth
+
+ +

The verify depth to use. This specifies the maximum length of the server certificate chain and turns on server certificate verification. Currently the verify operation continues after errors so all the problems with a certificate chain can be seen. As a side effect the connection will never fail due to a server certificate verify failure.

+ +
+
-nameopt option
+
+ +

Option which determines how the subject or issuer names are displayed. The option argument can be a single option or multiple options separated by commas. Alternatively the -nameopt switch may be used more than once to set multiple options. See the x509(1) manual page for details.

+ +
+
-CApath directory
+
+ +

The directory to use for server certificate verification. This directory must be in "hash format", see verify for more information. These are also used when building the client certificate chain.

+ +
+
-CAfile file
+
+ +

A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location

+ +
+
-new
+
+ +

Performs the timing test using a new session ID for each connection. If neither -new nor -reuse are specified, they are both on by default and executed in sequence.

+ +
+
-reuse
+
+ +

Performs the timing test using the same session ID; this can be used as a test that session caching is working. If neither -new nor -reuse are specified, they are both on by default and executed in sequence.

+ +
+
-ssl3
+
+ +

This option disables the use of SSL version 3. By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3 or TLS as appropriate.

+ +

The timing program is not as rich in options to turn protocols on and off as the s_client(1) program and may not connect to all servers. Unfortunately there are a lot of ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only work if TLS is turned off with the -ssl3 option.

+ +

Note that this option may not be available, depending on how OpenSSL was built.

+ +
+
-bugs
+
+ +

There are several known bugs in SSL and TLS implementations. Adding this option enables various workarounds.

+ +
+
-cipher cipherlist
+
+ +

This allows the TLSv1.2 and below cipher list sent by the client to be modified. This list will be combined with any TLSv1.3 ciphersuites that have been configured. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See ciphers(1) for more information.

+ +
+
-ciphersuites val
+
+ +

This allows the TLSv1.3 ciphersuites sent by the client to be modified. This list will be combined with any TLSv1.2 and below ciphersuites that have been configured. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See ciphers(1) for more information. The format for this list is a simple colon (":") separated list of TLSv1.3 ciphersuite names.

+ +
+
-time length
+
+ +

Specifies how long (in seconds) s_time should establish connections and optionally transfer payload data from a server. Server and client performance and the link speed determine how many connections s_time can establish.

+ +
+
+ +

NOTES

+ +

s_time can be used to measure the performance of an SSL connection. To connect to an SSL HTTP server and get the default page the command

+ +
openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3]
+ +

would typically be used (https uses port 443). 'commoncipher' is a cipher to which both client and server can agree, see the ciphers(1) command for details.

+ +

If the handshake fails then there are several possible causes, if it is nothing obvious like no client certificate then the -bugs and -ssl3 options can be tried in case it is a buggy server. In particular you should play with these options before submitting a bug report to an OpenSSL mailing list.

+ +

A frequent problem when attempting to get client certificates working is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using s_client(1) the CA list can be viewed and checked. However some servers only request client authentication after a specific URL is requested. To obtain the list in this case it is necessary to use the -prexit option of s_client(1) and send an HTTP request for an appropriate page.

+ +

If a certificate is specified on the command line using the -cert option it will not be used unless the server specifically requests a client certificate. Therefor merely including a client certificate on the command line is no guarantee that the certificate works.

+ +

BUGS

+ +

Because this program does not have all the options of the s_client(1) program to turn protocols on and off, you may not be able to measure the performance of all protocols with all servers.

+ +

The -verify option should really exit if the server verification fails.

+ +

SEE ALSO

+ +

s_client(1), s_server(1), ciphers(1)

+ +

COPYRIGHT

+ +

Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/sess_id.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/sess_id.html new file mode 100644 index 00000000..c2ae674e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/sess_id.html @@ -0,0 +1,195 @@ + + + + +sess_id + + + + + + + + + + +

NAME

+ +

openssl-sess_id, sess_id - SSL/TLS session handling utility

+ +

SYNOPSIS

+ +

openssl sess_id [-help] [-inform PEM|DER] [-outform PEM|DER|NSS] [-in filename] [-out filename] [-text] [-noout] [-context ID]

+ +

DESCRIPTION

+ +

The sess_id process the encoded version of the SSL session structure and optionally prints out SSL session details (for example the SSL session master key) in human readable format. Since this is a diagnostic tool that needs some knowledge of the SSL protocol to use properly, most users will not need to use it.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format. The DER option uses an ASN1 DER encoded format containing session details. The precise format can vary from one version to the next. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines.

+ +
+
-outform DER|PEM|NSS
+
+ +

This specifies the output format. The PEM and DER options have the same meaning and default as the -inform option. The NSS option outputs the session id and the master key in NSS keylog format.

+ +
+
-in filename
+
+ +

This specifies the input filename to read session information from or standard input by default.

+ +
+
-out filename
+
+ +

This specifies the output filename to write session information to or standard output if this option is not specified.

+ +
+
-text
+
+ +

Prints out the various public or private key components in plain text in addition to the encoded version.

+ +
+
-cert
+
+ +

If a certificate is present in the session it will be output using this option, if the -text option is also present then it will be printed out in text form.

+ +
+
-noout
+
+ +

This option prevents output of the encoded version of the session.

+ +
+
-context ID
+
+ +

This option can set the session id so the output session information uses the supplied ID. The ID can be any string of characters. This option won't normally be used.

+ +
+
+ +

OUTPUT

+ +

Typical output:

+ +
SSL-Session:
+    Protocol  : TLSv1
+    Cipher    : 0016
+    Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
+    Session-ID-ctx: 01000000
+    Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
+    Key-Arg   : None
+    Start Time: 948459261
+    Timeout   : 300 (sec)
+    Verify return code 0 (ok)
+ +

These are described below in more detail.

+ +
+ +
Protocol
+
+ +

This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3.

+ +
+
Cipher
+
+ +

The cipher used this is the actual raw SSL or TLS cipher code, see the SSL or TLS specifications for more information.

+ +
+
Session-ID
+
+ +

The SSL session ID in hex format.

+ +
+
Session-ID-ctx
+
+ +

The session ID context in hex format.

+ +
+
Master-Key
+
+ +

This is the SSL session master key.

+ +
+
Start Time
+
+ +

This is the session start time represented as an integer in standard Unix format.

+ +
+
Timeout
+
+ +

The timeout in seconds.

+ +
+
Verify return code
+
+ +

This is the return code when an SSL client certificate is verified.

+ +
+
+ +

NOTES

+ +

The PEM encoded session format uses the header and footer lines:

+ +
-----BEGIN SSL SESSION PARAMETERS-----
+-----END SSL SESSION PARAMETERS-----
+ +

Since the SSL session output contains the master key it is possible to read the contents of an encrypted session using this information. Therefore appropriate security precautions should be taken if the information is being output by a "real" application. This is however strongly discouraged and should only be used for debugging purposes.

+ +

BUGS

+ +

The cipher and start time should be printed out in human readable form.

+ +

SEE ALSO

+ +

ciphers(1), s_server(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/smime.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/smime.html new file mode 100644 index 00000000..5e78ea5f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/smime.html @@ -0,0 +1,454 @@ + + + + +smime + + + + + + + + + + +

NAME

+ +

openssl-smime, smime - S/MIME utility

+ +

SYNOPSIS

+ +

openssl smime [-help] [-encrypt] [-decrypt] [-sign] [-resign] [-verify] [-pk7out] [-binary] [-crlfeol] [-cipher] [-in file] [-CAfile file] [-CApath dir] [-no-CAfile] [-no-CApath] [-attime timestamp] [-check_ss_sig] [-crl_check] [-crl_check_all] [-explicit_policy] [-extended_crl] [-ignore_critical] [-inhibit_any] [-inhibit_map] [-partial_chain] [-policy arg] [-policy_check] [-policy_print] [-purpose purpose] [-suiteB_128] [-suiteB_128_only] [-suiteB_192] [-trusted_first] [-no_alt_chains] [-use_deltas] [-auth_level num] [-verify_depth num] [-verify_email email] [-verify_hostname hostname] [-verify_ip ip] [-verify_name name] [-x509_strict] [-certfile file] [-signer file] [-recip file] [-inform SMIME|PEM|DER] [-passin arg] [-inkey file_or_id] [-out file] [-outform SMIME|PEM|DER] [-content file] [-to addr] [-from ad] [-subject s] [-text] [-indef] [-noindef] [-stream] [-rand file...] [-writerand file] [-md digest] [cert.pem]...

+ +

DESCRIPTION

+ +

The smime command handles S/MIME mail. It can encrypt, decrypt, sign and verify S/MIME messages.

+ +

OPTIONS

+ +

There are six operation options that set the type of operation to be performed. The meaning of the other options varies according to the operation type.

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-encrypt
+
+ +

Encrypt mail for the given recipient certificates. Input file is the message to be encrypted. The output file is the encrypted mail in MIME format.

+ +

Note that no revocation check is done for the recipient cert, so if that key has been compromised, others may be able to decrypt the text.

+ +
+
-decrypt
+
+ +

Decrypt mail using the supplied certificate and private key. Expects an encrypted mail message in MIME format for the input file. The decrypted mail is written to the output file.

+ +
+
-sign
+
+ +

Sign mail using the supplied certificate and private key. Input file is the message to be signed. The signed message in MIME format is written to the output file.

+ +
+
-verify
+
+ +

Verify signed mail. Expects a signed mail message on input and outputs the signed data. Both clear text and opaque signing is supported.

+ +
+
-pk7out
+
+ +

Takes an input message and writes out a PEM encoded PKCS#7 structure.

+ +
+
-resign
+
+ +

Resign a message: take an existing message and one or more new signers.

+ +
+
-in filename
+
+ +

The input message to be encrypted or signed or the MIME message to be decrypted or verified.

+ +
+
-inform SMIME|PEM|DER
+
+ +

This specifies the input format for the PKCS#7 structure. The default is SMIME which reads an S/MIME format message. PEM and DER format change this to expect PEM and DER format PKCS#7 structures instead. This currently only affects the input format of the PKCS#7 structure, if no PKCS#7 structure is being input (for example with -encrypt or -sign) this option has no effect.

+ +
+
-out filename
+
+ +

The message text that has been decrypted or verified or the output MIME format message that has been signed or verified.

+ +
+
-outform SMIME|PEM|DER
+
+ +

This specifies the output format for the PKCS#7 structure. The default is SMIME which write an S/MIME format message. PEM and DER format change this to write PEM and DER format PKCS#7 structures instead. This currently only affects the output format of the PKCS#7 structure, if no PKCS#7 structure is being output (for example with -verify or -decrypt) this option has no effect.

+ +
+
-stream -indef -noindef
+
+ +

The -stream and -indef options are equivalent and enable streaming I/O for encoding operations. This permits single pass processing of data without the need to hold the entire contents in memory, potentially supporting very large files. Streaming is automatically set for S/MIME signing with detached data if the output format is SMIME it is currently off by default for all other operations.

+ +
+
-noindef
+
+ +

Disable streaming I/O where it would produce and indefinite length constructed encoding. This option currently has no effect. In future streaming will be enabled by default on all relevant operations and this option will disable it.

+ +
+
-content filename
+
+ +

This specifies a file containing the detached content, this is only useful with the -verify command. This is only usable if the PKCS#7 structure is using the detached signature form where the content is not included. This option will override any content if the input format is S/MIME and it uses the multipart/signed MIME content type.

+ +
+
-text
+
+ +

This option adds plain text (text/plain) MIME headers to the supplied message if encrypting or signing. If decrypting or verifying it strips off text headers: if the decrypted or verified message is not of MIME type text/plain then an error occurs.

+ +
+
-CAfile file
+
+ +

A file containing trusted CA certificates, only used with -verify.

+ +
+
-CApath dir
+
+ +

A directory containing trusted CA certificates, only used with -verify. This directory must be a standard certificate directory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location.

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location.

+ +
+
-md digest
+
+ +

Digest algorithm to use when signing or resigning. If not present then the default digest algorithm for the signing key will be used (usually SHA1).

+ +
+
-cipher
+
+ +

The encryption algorithm to use. For example DES (56 bits) - -des, triple DES (168 bits) - -des3, EVP_get_cipherbyname() function) can also be used preceded by a dash, for example -aes-128-cbc. See enc for list of ciphers supported by your version of OpenSSL.

+ +

If not specified triple DES is used. Only used with -encrypt.

+ +
+
-nointern
+
+ +

When verifying a message normally certificates (if any) included in the message are searched for the signing certificate. With this option only the certificates specified in the -certfile option are used. The supplied certificates can still be used as untrusted CAs however.

+ +
+
-noverify
+
+ +

Do not verify the signers certificate of a signed message.

+ +
+
-nochain
+
+ +

Do not do chain verification of signers certificates: that is don't use the certificates in the signed message as untrusted CAs.

+ +
+
-nosigs
+
+ +

Don't try to verify the signatures on the message.

+ +
+
-nocerts
+
+ +

When signing a message the signer's certificate is normally included with this option it is excluded. This will reduce the size of the signed message but the verifier must have a copy of the signers certificate available locally (passed using the -certfile option for example).

+ +
+
-noattr
+
+ +

Normally when a message is signed a set of attributes are included which include the signing time and supported symmetric algorithms. With this option they are not included.

+ +
+
-binary
+
+ +

Normally the input message is converted to "canonical" format which is effectively using CR and LF as end of line: as required by the S/MIME specification. When this option is present no translation occurs. This is useful when handling binary data which may not be in MIME format.

+ +
+
-crlfeol
+
+ +

Normally the output file uses a single LF as end of line. When this option is present CRLF is used instead.

+ +
+
-nodetach
+
+ +

When signing a message use opaque signing: this form is more resistant to translation by mail relays but it cannot be read by mail agents that do not support S/MIME. Without this option cleartext signing with the MIME type multipart/signed is used.

+ +
+
-certfile file
+
+ +

Allows additional certificates to be specified. When signing these will be included with the message. When verifying these will be searched for the signers certificates. The certificates should be in PEM format.

+ +
+
-signer file
+
+ +

A signing certificate when signing or resigning a message, this option can be used multiple times if more than one signer is required. If a message is being verified then the signers certificates will be written to this file if the verification was successful.

+ +
+
-recip file
+
+ +

The recipients certificate when decrypting a message. This certificate must match one of the recipients of the message or an error occurs.

+ +
+
-inkey file_or_id
+
+ +

The private key to use when signing or decrypting. This must match the corresponding certificate. If this option is not specified then the private key must be included in the certificate file specified with the -recip or -signer file. When signing this option can be used multiple times to specify successive keys. If no engine is used, the argument is taken as a file; if an engine is specified, the argument is given to the engine as a key identifier.

+ +
+
-passin arg
+
+ +

The private key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
cert.pem...
+
+ +

One or more certificates of message recipients: used when encrypting a message.

+ +
+
-to, -from, -subject
+
+ +

The relevant mail headers. These are included outside the signed portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address.

+ +
+
-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict
+
+ +

Set various options of certificate chain verification. See verify(1) manual page for details.

+ +
+
+ +

NOTES

+ +

The MIME message must be sent without any blank lines between the headers and the output. Some mail programs will automatically add a blank line. Piping the mail directly to sendmail is one way to achieve the correct format.

+ +

The supplied message to be signed or encrypted must include the necessary MIME headers or many S/MIME clients won't display it properly (if at all). You can use the -text option to automatically add plain text headers.

+ +

A "signed and encrypted" message is one where a signed message is then encrypted. This can be produced by encrypting an already signed message: see the examples section.

+ +

This version of the program only allows one signer per message but it will verify multiple signers on received messages. Some S/MIME clients choke if a message contains multiple signers. It is possible to sign messages "in parallel" by signing an already signed message.

+ +

The options -encrypt and -decrypt reflect common usage in S/MIME clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 encrypted data is used for other purposes.

+ +

The -resign option uses an existing message digest when adding a new signer. This means that attributes must be present in at least one existing signer using the same message digest or this operation will fail.

+ +

The -stream and -indef options enable streaming I/O support. As a result the encoding is BER using indefinite length constructed encoding and no longer DER. Streaming is supported for the -encrypt operation and the -sign operation if the content is not detached.

+ +

Streaming is always used for the -sign operation with detached data but since the content is no longer part of the PKCS#7 structure the encoding remains DER.

+ +

EXIT CODES

+ +
+ +
0
+
+ +

The operation was completely successfully.

+ +
+
1
+
+ +

An error occurred parsing the command options.

+ +
+
2
+
+ +

One of the input files could not be read.

+ +
+
3
+
+ +

An error occurred creating the PKCS#7 file or when reading the MIME message.

+ +
+
4
+
+ +

An error occurred decrypting or verifying the message.

+ +
+
5
+
+ +

The message was verified correctly but an error occurred writing out the signers certificates.

+ +
+
+ +

EXAMPLES

+ +

Create a cleartext signed message:

+ +
openssl smime -sign -in message.txt -text -out mail.msg \
+       -signer mycert.pem
+ +

Create an opaque signed message:

+ +
openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
+       -signer mycert.pem
+ +

Create a signed message, include some additional certificates and read the private key from another file:

+ +
openssl smime -sign -in in.txt -text -out mail.msg \
+       -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
+ +

Create a signed message with two signers:

+ +
openssl smime -sign -in message.txt -text -out mail.msg \
+       -signer mycert.pem -signer othercert.pem
+ +

Send a signed message under Unix directly to sendmail, including headers:

+ +
openssl smime -sign -in in.txt -text -signer mycert.pem \
+       -from steve@openssl.org -to someone@somewhere \
+       -subject "Signed message" | sendmail someone@somewhere
+ +

Verify a message and extract the signer's certificate if successful:

+ +
openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt
+ +

Send encrypted mail using triple DES:

+ +
openssl smime -encrypt -in in.txt -from steve@openssl.org \
+       -to someone@somewhere -subject "Encrypted message" \
+       -des3 user.pem -out mail.msg
+ +

Sign and encrypt mail:

+ +
openssl smime -sign -in ml.txt -signer my.pem -text \
+       | openssl smime -encrypt -out mail.msg \
+       -from steve@openssl.org -to someone@somewhere \
+       -subject "Signed and Encrypted message" -des3 user.pem
+ +

Note: the encryption command does not include the -text option because the message being encrypted already has MIME headers.

+ +

Decrypt mail:

+ +
openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
+ +

The output from Netscape form signing is a PKCS#7 structure with the detached signature format. You can use this program to verify the signature by line wrapping the base64 encoded structure and surrounding it with:

+ +
-----BEGIN PKCS7-----
+-----END PKCS7-----
+ +

and using the command:

+ +
openssl smime -verify -inform PEM -in signature.pem -content content.txt
+ +

Alternatively you can base64 decode the signature and use:

+ +
openssl smime -verify -inform DER -in signature.der -content content.txt
+ +

Create an encrypted message using 128 bit Camellia:

+ +
openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
+ +

Add a signer to an existing message:

+ +
openssl smime -resign -in mail.msg -signer newsign.pem -out mail2.msg
+ +

BUGS

+ +

The MIME parser isn't very clever: it seems to handle most messages that I've thrown at it but it may choke on others.

+ +

The code currently will only write out the signer's certificate to a file: if the signer has a separate encryption certificate this must be manually extracted. There should be some heuristic that determines the correct encryption certificate.

+ +

Ideally a database should be maintained of a certificates for each email address.

+ +

The code doesn't currently take note of the permitted symmetric encryption algorithms as supplied in the SMIMECapabilities signed attribute. This means the user has to manually include the correct encryption algorithm. It should store the list of permitted ciphers in a database and only use those.

+ +

No revocation checking is done on the signer's certificate.

+ +

The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 structures may cause parsing errors.

+ +

HISTORY

+ +

The use of multiple -signer options and the -resign command were first added in OpenSSL 1.0.0

+ +

The -no_alt_chains option was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/speed.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/speed.html new file mode 100644 index 00000000..c1c2d44d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/speed.html @@ -0,0 +1,117 @@ + + + + +speed + + + + + + + + + + +

NAME

+ +

openssl-speed, speed - test library performance

+ +

SYNOPSIS

+ +

openssl speed [-help] [-engine id] [-elapsed] [-evp algo] [-decrypt] [-rand file...] [-writerand file] [-primes num] [-seconds num] [-bytes num] [algorithm...]

+ +

DESCRIPTION

+ +

This command is used to test the performance of cryptographic algorithms. To see the list of supported algorithms, use the list --digest-commands or list --cipher-commands command. The global CSPRNG is denoted by the rand algorithm name.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause speed to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-elapsed
+
+ +

When calculating operations- or bytes-per-second, use wall-clock time instead of CPU user time as divisor. It can be useful when testing speed of hardware engines.

+ +
+
-evp algo
+
+ +

Use the specified cipher or message digest algorithm via the EVP interface. If algo is an AEAD cipher, then you can pass <-aead> to benchmark a TLS-like sequence. And if algo is a multi-buffer capable cipher, e.g. aes-128-cbc-hmac-sha1, then -mb will time multi-buffer operation.

+ +
+
-decrypt
+
+ +

Time the decryption instead of encryption. Affects only the EVP testing.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-primes num
+
+ +

Generate a num-prime RSA key and use it to run the benchmarks. This option is only effective if RSA algorithm is specified to test.

+ +
+
-seconds num
+
+ +

Run benchmarks for num seconds.

+ +
+
-bytes num
+
+ +

Run benchmarks on num-byte buffers. Affects ciphers, digests and the CSPRNG.

+ +
+
[zero or more test algorithms]
+
+ +

If any options are given, speed tests those algorithms, otherwise a pre-compiled grand selection is tested.

+ +
+
+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/spkac.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/spkac.html new file mode 100644 index 00000000..40fbd64a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/spkac.html @@ -0,0 +1,167 @@ + + + + +spkac + + + + + + + + + + +

NAME

+ +

openssl-spkac, spkac - SPKAC printing and generating utility

+ +

SYNOPSIS

+ +

openssl spkac [-help] [-in filename] [-out filename] [-key keyfile] [-keyform PEM|DER|ENGINE] [-passin arg] [-challenge string] [-pubkey] [-spkac spkacname] [-spksect section] [-noout] [-verify] [-engine id]

+ +

DESCRIPTION

+ +

The spkac command processes Netscape signed public key and challenge (SPKAC) files. It can print out their contents, verify the signature and produce its own SPKACs from a supplied private key.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-in filename
+
+ +

This specifies the input filename to read from or standard input if this option is not specified. Ignored if the -key option is used.

+ +
+
-out filename
+
+ +

Specifies the output filename to write to or standard output by default.

+ +
+
-key keyfile
+
+ +

Create an SPKAC file using the private key in keyfile. The -in, -noout, -spksect and -verify options are ignored if present.

+ +
+
-keyform PEM|DER|ENGINE
+
+ +

Whether the key format is PEM, DER, or an engine-backed key. The default is PEM.

+ +
+
-passin password
+
+ +

The input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-challenge string
+
+ +

Specifies the challenge string if an SPKAC is being created.

+ +
+
-spkac spkacname
+
+ +

Allows an alternative name form the variable containing the SPKAC. The default is "SPKAC". This option affects both generated and input SPKAC files.

+ +
+
-spksect section
+
+ +

Allows an alternative name form the section containing the SPKAC. The default is the default section.

+ +
+
-noout
+
+ +

Don't output the text version of the SPKAC (not used if an SPKAC is being created).

+ +
+
-pubkey
+
+ +

Output the public key of an SPKAC (not used if an SPKAC is being created).

+ +
+
-verify
+
+ +

Verifies the digital signature on the supplied SPKAC.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause spkac to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
+ +

EXAMPLES

+ +

Print out the contents of an SPKAC:

+ +
openssl spkac -in spkac.cnf
+ +

Verify the signature of an SPKAC:

+ +
openssl spkac -in spkac.cnf -noout -verify
+ +

Create an SPKAC using the challenge string "hello":

+ +
openssl spkac -key key.pem -challenge hello -out spkac.cnf
+ +

Example of an SPKAC, (long lines split up for clarity):

+ +
SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\
+1cCoq2Wa3Ixs47uI7FPVwHVIPDx5yso105Y6zpozam135a\
+8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03uPFoQIDAQAB\
+FgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJ\
+h1bEIYuc2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnD\
+dq+NQ3F+X4deMx9AaEglZtULwV4=
+ +

NOTES

+ +

A created SPKAC with suitable DN components appended can be fed into the ca utility.

+ +

SPKACs are typically generated by Netscape when a form is submitted containing the KEYGEN tag as part of the certificate enrollment process.

+ +

The challenge string permits a primitive form of proof of possession of private key. By checking the SPKAC signature and a random challenge string some guarantee is given that the user knows the private key corresponding to the public key being certified. This is important in some applications. Without this it is possible for a previous SPKAC to be used in a "replay attack".

+ +

SEE ALSO

+ +

ca(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/srp.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/srp.html new file mode 100644 index 00000000..4fb653c9 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/srp.html @@ -0,0 +1,71 @@ + + + + +srp + + + + + + + + + + +

NAME

+ +

openssl-srp, srp - maintain SRP password file

+ +

SYNOPSIS

+ +

openssl srp [-help] [-verbose] [-add] [-modify] [-delete] [-list] [-name section] [-config file] [-srpvfile file] [-gn identifier] [-userinfo text...] [-passin arg] [-passout arg] [user...]

+ +

DESCRIPTION

+ +

The srp command is user to maintain an SRP (secure remote password) file. At most one of the -add, -modify, -delete, and -list options can be specified. These options take zero or more usernames as parameters and perform the appropriate operation on the SRP file. For -list, if no user is given then all users are displayed.

+ +

The configuration file to use, and the section within the file, can be specified with the -config and -name flags, respectively. If the config file is not specified, the -srpvfile can be used to just specify the file to operate on.

+ +

The -userinfo option specifies additional information to add when adding or modifying a user.

+ +

The -gn flag specifies the g and N values, using one of the strengths defined in IETF RFC 5054.

+ +

The -passin and -passout arguments are parsed as described in the openssl(1) command.

+ +

OPTIONS

+ +
+ +
[-help]
+
+ +

Display an option summary.

+ +
+
[-verbose]
+
+ +

Generate verbose output while processing.

+ +
+
+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/storeutl.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/storeutl.html new file mode 100644 index 00000000..27ed22e6 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/storeutl.html @@ -0,0 +1,151 @@ + + + + +storeutl + + + + + + + + + + +

NAME

+ +

openssl-storeutl, storeutl - STORE utility

+ +

SYNOPSIS

+ +

openssl storeutl [-help] [-out file] [-noout] [-passin arg] [-text arg] [-engine id] [-r] [-certs] [-keys] [-crls] [-subject arg] [-issuer arg] [-serial arg] [-alias arg] [-fingerprint arg] [-digest] uri ...

+ +

DESCRIPTION

+ +

The storeutl command can be used to display the contents (after decryption as the case may be) fetched from the given URIs.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-out filename
+
+ +

specifies the output filename to write to or standard output by default.

+ +
+
-noout
+
+ +

this option prevents output of the PEM data.

+ +
+
-passin arg
+
+ +

the key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-text
+
+ +

Prints out the objects in text form, similarly to the -text output from openssl x509, openssl pkey, etc.

+ +
+
-engine id
+
+ +

specifying an engine (by its unique id string) will cause storeutl to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-r
+
+ +

Fetch objects recursively when possible.

+ +
+
-certs
+
+ +
+
-keys
+
+ +
+
-crls
+
+ +

Only select the certificates, keys or CRLs from the given URI. However, if this URI would return a set of names (URIs), those are always returned.

+ +
+
-subject arg
+
+ +

Search for an object having the subject name arg. The arg must be formatted as /type0=value0/type1=value1/type2=.... Keyword characters may be escaped by \ (backslash), and whitespace is retained. Empty values are permitted but are ignored for the search. That is, a search with an empty value will have the same effect as not specifying the type at all.

+ +
+
-issuer arg
+
+ +
+
-serial arg
+
+ +

Search for an object having the given issuer name and serial number. These two options must be used together. The issuer arg must be formatted as /type0=value0/type1=value1/type2=..., characters may be escaped by \ (backslash), no spaces are skipped. The serial arg may be specified as a decimal value or a hex value if preceded by 0x.

+ +
+
-alias arg
+
+ +

Search for an object having the given alias.

+ +
+
-fingerprint arg
+
+ +

Search for an object having the given fingerprint.

+ +
+
-digest
+
+ +

The digest that was used to compute the fingerprint given with -fingerprint.

+ +
+
+ +

SEE ALSO

+ +

openssl(1)

+ +

HISTORY

+ +

The openssl storeutl app was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/ts.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/ts.html new file mode 100644 index 00000000..b8d5a619 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/ts.html @@ -0,0 +1,555 @@ + + + + +ts + + + + + + + + + + +

NAME

+ +

openssl-ts, ts - Time Stamping Authority tool (client/server)

+ +

SYNOPSIS

+ +

openssl ts -query [-rand file...] [-writerand file] [-config configfile] [-data file_to_hash] [-digest digest_bytes] [-digest] [-tspolicy object_id] [-no_nonce] [-cert] [-in request.tsq] [-out request.tsq] [-text]

+ +

openssl ts -reply [-config configfile] [-section tsa_section] [-queryfile request.tsq] [-passin password_src] [-signer tsa_cert.pem] [-inkey file_or_id] [-digest] [-chain certs_file.pem] [-tspolicy object_id] [-in response.tsr] [-token_in] [-out response.tsr] [-token_out] [-text] [-engine id]

+ +

openssl ts -verify [-data file_to_hash] [-digest digest_bytes] [-queryfile request.tsq] [-in response.tsr] [-token_in] [-CApath trusted_cert_path] [-CAfile trusted_certs.pem] [-untrusted cert_file.pem] [verify options]

+ +

verify options: [-attime timestamp] [-check_ss_sig] [-crl_check] [-crl_check_all] [-explicit_policy] [-extended_crl] [-ignore_critical] [-inhibit_any] [-inhibit_map] [-issuer_checks] [-no_alt_chains] [-no_check_time] [-partial_chain] [-policy arg] [-policy_check] [-policy_print] [-purpose purpose] [-suiteB_128] [-suiteB_128_only] [-suiteB_192] [-trusted_first] [-use_deltas] [-auth_level num] [-verify_depth num] [-verify_email email] [-verify_hostname hostname] [-verify_ip ip] [-verify_name name] [-x509_strict]

+ +

DESCRIPTION

+ +

The ts command is a basic Time Stamping Authority (TSA) client and server application as specified in RFC 3161 (Time-Stamp Protocol, TSP). A TSA can be part of a PKI deployment and its role is to provide long term proof of the existence of a certain datum before a particular time. Here is a brief description of the protocol:

+ +
    + +
  1. The TSA client computes a one-way hash value for a data file and sends the hash to the TSA.

    + +
  2. +
  3. The TSA attaches the current date and time to the received hash value, signs them and sends the time stamp token back to the client. By creating this token the TSA certifies the existence of the original data file at the time of response generation.

    + +
  4. +
  5. The TSA client receives the time stamp token and verifies the signature on it. It also checks if the token contains the same hash value that it had sent to the TSA.

    + +
  6. +
+ +

There is one DER encoded protocol data unit defined for transporting a time stamp request to the TSA and one for sending the time stamp response back to the client. The ts command has three main functions: creating a time stamp request based on a data file, creating a time stamp response based on a request, verifying if a response corresponds to a particular request or a data file.

+ +

There is no support for sending the requests/responses automatically over HTTP or TCP yet as suggested in RFC 3161. The users must send the requests either by ftp or e-mail.

+ +

OPTIONS

+ +

Time Stamp Request generation

+ +

The -query switch can be used for creating and printing a time stamp request with the following options:

+ +
+ +
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-config configfile
+
+ +

The configuration file to use. Optional; for a description of the default value, see "COMMAND SUMMARY" in openssl(1).

+ +
+
-data file_to_hash
+
+ +

The data file for which the time stamp request needs to be created. stdin is the default if neither the -data nor the -digest parameter is specified. (Optional)

+ +
+
-digest digest_bytes
+
+ +

It is possible to specify the message imprint explicitly without the data file. The imprint must be specified in a hexadecimal format, two characters per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or 1AF601...). The number of bytes must match the message digest algorithm in use. (Optional)

+ +
+
-digest
+
+ +

The message digest to apply to the data file. Any digest supported by the OpenSSL dgst command can be used. The default is SHA-1. (Optional)

+ +
+
-tspolicy object_id
+
+ +

The policy that the client expects the TSA to use for creating the time stamp token. Either the dotted OID notation or OID names defined in the config file can be used. If no policy is requested the TSA will use its own default policy. (Optional)

+ +
+
-no_nonce
+
+ +

No nonce is specified in the request if this option is given. Otherwise a 64 bit long pseudo-random none is included in the request. It is recommended to use nonce to protect against replay-attacks. (Optional)

+ +
+
-cert
+
+ +

The TSA is expected to include its signing certificate in the response. (Optional)

+ +
+
-in request.tsq
+
+ +

This option specifies a previously created time stamp request in DER format that will be printed into the output file. Useful when you need to examine the content of a request in human-readable format. (Optional)

+ +
+
-out request.tsq
+
+ +

Name of the output file to which the request will be written. Default is stdout. (Optional)

+ +
+
-text
+
+ +

If this option is specified the output is human-readable text format instead of DER. (Optional)

+ +
+
+ +

Time Stamp Response generation

+ +

A time stamp response (TimeStampResp) consists of a response status and the time stamp token itself (ContentInfo), if the token generation was successful. The -reply command is for creating a time stamp response or time stamp token based on a request and printing the response/token in human-readable format. If -token_out is not specified the output is always a time stamp response (TimeStampResp), otherwise it is a time stamp token (ContentInfo).

+ +
+ +
-config configfile
+
+ +

The configuration file to use. Optional; for a description of the default value, see "COMMAND SUMMARY" in openssl(1). See CONFIGURATION FILE OPTIONS for configurable variables.

+ +
+
-section tsa_section
+
+ +

The name of the config file section containing the settings for the response generation. If not specified the default TSA section is used, see CONFIGURATION FILE OPTIONS for details. (Optional)

+ +
+
-queryfile request.tsq
+
+ +

The name of the file containing a DER encoded time stamp request. (Optional)

+ +
+
-passin password_src
+
+ +

Specifies the password source for the private key of the TSA. See PASS PHRASE ARGUMENTS in openssl(1). (Optional)

+ +
+
-signer tsa_cert.pem
+
+ +

The signer certificate of the TSA in PEM format. The TSA signing certificate must have exactly one extended key usage assigned to it: timeStamping. The extended key usage must also be critical, otherwise the certificate is going to be refused. Overrides the signer_cert variable of the config file. (Optional)

+ +
+
-inkey file_or_id
+
+ +

The signer private key of the TSA in PEM format. Overrides the signer_key config file option. (Optional) If no engine is used, the argument is taken as a file; if an engine is specified, the argument is given to the engine as a key identifier.

+ +
+
-digest
+
+ +

Signing digest to use. Overrides the signer_digest config file option. (Mandatory unless specified in the config file)

+ +
+
-chain certs_file.pem
+
+ +

The collection of certificates in PEM format that will all be included in the response in addition to the signer certificate if the -cert option was used for the request. This file is supposed to contain the certificate chain for the signer certificate from its issuer upwards. The -reply command does not build a certificate chain automatically. (Optional)

+ +
+
-tspolicy object_id
+
+ +

The default policy to use for the response unless the client explicitly requires a particular TSA policy. The OID can be specified either in dotted notation or with its name. Overrides the default_policy config file option. (Optional)

+ +
+
-in response.tsr
+
+ +

Specifies a previously created time stamp response or time stamp token (if -token_in is also specified) in DER format that will be written to the output file. This option does not require a request, it is useful e.g. when you need to examine the content of a response or token or you want to extract the time stamp token from a response. If the input is a token and the output is a time stamp response a default 'granted' status info is added to the token. (Optional)

+ +
+
-token_in
+
+ +

This flag can be used together with the -in option and indicates that the input is a DER encoded time stamp token (ContentInfo) instead of a time stamp response (TimeStampResp). (Optional)

+ +
+
-out response.tsr
+
+ +

The response is written to this file. The format and content of the file depends on other options (see -text, -token_out). The default is stdout. (Optional)

+ +
+
-token_out
+
+ +

The output is a time stamp token (ContentInfo) instead of time stamp response (TimeStampResp). (Optional)

+ +
+
-text
+
+ +

If this option is specified the output is human-readable text format instead of DER. (Optional)

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause ts to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. Default is builtin. (Optional)

+ +
+
+ +

Time Stamp Response verification

+ +

The -verify command is for verifying if a time stamp response or time stamp token is valid and matches a particular time stamp request or data file. The -verify command does not use the configuration file.

+ +
+ +
-data file_to_hash
+
+ +

The response or token must be verified against file_to_hash. The file is hashed with the message digest algorithm specified in the token. The -digest and -queryfile options must not be specified with this one. (Optional)

+ +
+
-digest digest_bytes
+
+ +

The response or token must be verified against the message digest specified with this option. The number of bytes must match the message digest algorithm specified in the token. The -data and -queryfile options must not be specified with this one. (Optional)

+ +
+
-queryfile request.tsq
+
+ +

The original time stamp request in DER format. The -data and -digest options must not be specified with this one. (Optional)

+ +
+
-in response.tsr
+
+ +

The time stamp response that needs to be verified in DER format. (Mandatory)

+ +
+
-token_in
+
+ +

This flag can be used together with the -in option and indicates that the input is a DER encoded time stamp token (ContentInfo) instead of a time stamp response (TimeStampResp). (Optional)

+ +
+
-CApath trusted_cert_path
+
+ +

The name of the directory containing the trusted CA certificates of the client. See the similar option of verify(1) for additional details. Either this option or -CAfile must be specified. (Optional)

+ +
+
-CAfile trusted_certs.pem
+
+ +

The name of the file containing a set of trusted self-signed CA certificates in PEM format. See the similar option of verify(1) for additional details. Either this option or -CApath must be specified. (Optional)

+ +
+
-untrusted cert_file.pem
+
+ +

Set of additional untrusted certificates in PEM format which may be needed when building the certificate chain for the TSA's signing certificate. This file must contain the TSA signing certificate and all intermediate CA certificates unless the response includes them. (Optional)

+ +
+
verify options
+
+ +

The options -attime timestamp, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -issuer_checks, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, and -x509_strict can be used to control timestamp verification. See verify(1).

+ +
+
+ +

CONFIGURATION FILE OPTIONS

+ +

The -query and -reply commands make use of a configuration file. See config(5) for a general description of the syntax of the config file. The -query command uses only the symbolic OID names section and it can work without it. However, the -reply command needs the config file for its operation.

+ +

When there is a command line switch equivalent of a variable the switch always overrides the settings in the config file.

+ +
+ +
tsa section, default_tsa
+
+ +

This is the main section and it specifies the name of another section that contains all the options for the -reply command. This default section can be overridden with the -section command line switch. (Optional)

+ +
+
oid_file
+
+ +

See ca(1) for description. (Optional)

+ +
+
oid_section
+
+ +

See ca(1) for description. (Optional)

+ +
+
RANDFILE
+
+ +

See ca(1) for description. (Optional)

+ +
+
serial
+
+ +

The name of the file containing the hexadecimal serial number of the last time stamp response created. This number is incremented by 1 for each response. If the file does not exist at the time of response generation a new file is created with serial number 1. (Mandatory)

+ +
+
crypto_device
+
+ +

Specifies the OpenSSL engine that will be set as the default for all available algorithms. The default value is builtin, you can specify any other engines supported by OpenSSL (e.g. use chil for the NCipher HSM). (Optional)

+ +
+
signer_cert
+
+ +

TSA signing certificate in PEM format. The same as the -signer command line option. (Optional)

+ +
+
certs
+
+ +

A file containing a set of PEM encoded certificates that need to be included in the response. The same as the -chain command line option. (Optional)

+ +
+
signer_key
+
+ +

The private key of the TSA in PEM format. The same as the -inkey command line option. (Optional)

+ +
+
signer_digest
+
+ +

Signing digest to use. The same as the -digest command line option. (Mandatory unless specified on the command line)

+ +
+
default_policy
+
+ +

The default policy to use when the request does not mandate any policy. The same as the -tspolicy command line option. (Optional)

+ +
+
other_policies
+
+ +

Comma separated list of policies that are also acceptable by the TSA and used only if the request explicitly specifies one of them. (Optional)

+ +
+
digests
+
+ +

The list of message digest algorithms that the TSA accepts. At least one algorithm must be specified. (Mandatory)

+ +
+
accuracy
+
+ +

The accuracy of the time source of the TSA in seconds, milliseconds and microseconds. E.g. secs:1, millisecs:500, microsecs:100. If any of the components is missing zero is assumed for that field. (Optional)

+ +
+
clock_precision_digits
+
+ +

Specifies the maximum number of digits, which represent the fraction of seconds, that need to be included in the time field. The trailing zeroes must be removed from the time, so there might actually be fewer digits, or no fraction of seconds at all. Supported only on UNIX platforms. The maximum value is 6, default is 0. (Optional)

+ +
+
ordering
+
+ +

If this option is yes the responses generated by this TSA can always be ordered, even if the time difference between two responses is less than the sum of their accuracies. Default is no. (Optional)

+ +
+
tsa_name
+
+ +

Set this option to yes if the subject name of the TSA must be included in the TSA name field of the response. Default is no. (Optional)

+ +
+
ess_cert_id_chain
+
+ +

The SignedData objects created by the TSA always contain the certificate identifier of the signing certificate in a signed attribute (see RFC 2634, Enhanced Security Services). If this option is set to yes and either the certs variable or the -chain option is specified then the certificate identifiers of the chain will also be included in the SigningCertificate signed attribute. If this variable is set to no, only the signing certificate identifier is included. Default is no. (Optional)

+ +
+
ess_cert_id_alg
+
+ +

This option specifies the hash function to be used to calculate the TSA's public key certificate identifier. Default is sha1. (Optional)

+ +
+
+ +

EXAMPLES

+ +

All the examples below presume that OPENSSL_CONF is set to a proper configuration file, e.g. the example configuration file openssl/apps/openssl.cnf will do.

+ +

Time Stamp Request

+ +

To create a time stamp request for design1.txt with SHA-1 without nonce and policy and no certificate is required in the response:

+ +
openssl ts -query -data design1.txt -no_nonce \
+      -out design1.tsq
+ +

To create a similar time stamp request with specifying the message imprint explicitly:

+ +
openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
+       -no_nonce -out design1.tsq
+ +

To print the content of the previous request in human readable format:

+ +
openssl ts -query -in design1.tsq -text
+ +

To create a time stamp request which includes the MD-5 digest of design2.txt, requests the signer certificate and nonce, specifies a policy id (assuming the tsa_policy1 name is defined in the OID section of the config file):

+ +
openssl ts -query -data design2.txt -md5 \
+      -tspolicy tsa_policy1 -cert -out design2.tsq
+ +

Time Stamp Response

+ +

Before generating a response a signing certificate must be created for the TSA that contains the timeStamping critical extended key usage extension without any other key usage extensions. You can add this line to the user certificate section of the config file to generate a proper certificate;

+ +
extendedKeyUsage = critical,timeStamping
+ +

See req(1), ca(1), and x509(1) for instructions. The examples below assume that cacert.pem contains the certificate of the CA, tsacert.pem is the signing certificate issued by cacert.pem and tsakey.pem is the private key of the TSA.

+ +

To create a time stamp response for a request:

+ +
openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \
+      -signer tsacert.pem -out design1.tsr
+ +

If you want to use the settings in the config file you could just write:

+ +
openssl ts -reply -queryfile design1.tsq -out design1.tsr
+ +

To print a time stamp reply to stdout in human readable format:

+ +
openssl ts -reply -in design1.tsr -text
+ +

To create a time stamp token instead of time stamp response:

+ +
openssl ts -reply -queryfile design1.tsq -out design1_token.der -token_out
+ +

To print a time stamp token to stdout in human readable format:

+ +
openssl ts -reply -in design1_token.der -token_in -text -token_out
+ +

To extract the time stamp token from a response:

+ +
openssl ts -reply -in design1.tsr -out design1_token.der -token_out
+ +

To add 'granted' status info to a time stamp token thereby creating a valid response:

+ +
openssl ts -reply -in design1_token.der -token_in -out design1.tsr
+ +

Time Stamp Verification

+ +

To verify a time stamp reply against a request:

+ +
openssl ts -verify -queryfile design1.tsq -in design1.tsr \
+      -CAfile cacert.pem -untrusted tsacert.pem
+ +

To verify a time stamp reply that includes the certificate chain:

+ +
openssl ts -verify -queryfile design2.tsq -in design2.tsr \
+      -CAfile cacert.pem
+ +

To verify a time stamp token against the original data file: openssl ts -verify -data design2.txt -in design2.tsr \ -CAfile cacert.pem

+ +

To verify a time stamp token against a message imprint: openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ -in design2.tsr -CAfile cacert.pem

+ +

You could also look at the 'test' directory for more examples.

+ +

BUGS

+ +
    + +
  • No support for time stamps over SMTP, though it is quite easy to implement an automatic e-mail based TSA with procmail(1) and perl(1). HTTP server support is provided in the form of a separate apache module. HTTP client support is provided by tsget(1). Pure TCP/IP protocol is not supported.

    + +
  • +
  • The file containing the last serial number of the TSA is not locked when being read or written. This is a problem if more than one instance of openssl(1) is trying to create a time stamp response at the same time. This is not an issue when using the apache server module, it does proper locking.

    + +
  • +
  • Look for the FIXME word in the source files.

    + +
  • +
  • The source code should really be reviewed by somebody else, too.

    + +
  • +
  • More testing is needed, I have done only some basic tests (see test/testtsa).

    + +
  • +
+ +

SEE ALSO

+ +

tsget(1), openssl(1), req(1), x509(1), ca(1), genrsa(1), config(5)

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/tsget.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/tsget.html new file mode 100644 index 00000000..ed6c7bdc --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/tsget.html @@ -0,0 +1,190 @@ + + + + +tsget + + + + + + + + + + +

NAME

+ +

openssl-tsget, tsget - Time Stamping HTTP/HTTPS client

+ +

SYNOPSIS

+ +

tsget -h server_url [-e extension] [-o output] [-v] [-d] [-k private_key.pem] [-p key_password] [-c client_cert.pem] [-C CA_certs.pem] [-P CA_path] [-r file:file...] [-g EGD_socket] [request]...

+ +

DESCRIPTION

+ +

The tsget command can be used for sending a time stamp request, as specified in RFC 3161, to a time stamp server over HTTP or HTTPS and storing the time stamp response in a file. This tool cannot be used for creating the requests and verifying responses, you can use the OpenSSL ts(1) command to do that. tsget can send several requests to the server without closing the TCP connection if more than one requests are specified on the command line.

+ +

The tool sends the following HTTP request for each time stamp request:

+ +
POST url HTTP/1.1
+User-Agent: OpenTSA tsget.pl/<version>
+Host: <host>:<port>
+Pragma: no-cache
+Content-Type: application/timestamp-query
+Accept: application/timestamp-reply
+Content-Length: length of body
+
+...binary request specified by the user...
+ +

tsget expects a response of type application/timestamp-reply, which is written to a file without any interpretation.

+ +

OPTIONS

+ +
+ +
-h server_url
+
+ +

The URL of the HTTP/HTTPS server listening for time stamp requests.

+ +
+
-e extension
+
+ +

If the -o option is not given this argument specifies the extension of the output files. The base name of the output file will be the same as those of the input files. Default extension is '.tsr'. (Optional)

+ +
+
-o output
+
+ +

This option can be specified only when just one request is sent to the server. The time stamp response will be written to the given output file. '-' means standard output. In case of multiple time stamp requests or the absence of this argument the names of the output files will be derived from the names of the input files and the default or specified extension argument. (Optional)

+ +
+
-v
+
+ +

The name of the currently processed request is printed on standard error. (Optional)

+ +
+
-d
+
+ +

Switches on verbose mode for the underlying curl library. You can see detailed debug messages for the connection. (Optional)

+ +
+
-k private_key.pem
+
+ +

(HTTPS) In case of certificate-based client authentication over HTTPS <private_key.pem> must contain the private key of the user. The private key file can optionally be protected by a passphrase. The -c option must also be specified. (Optional)

+ +
+
-p key_password
+
+ +

(HTTPS) Specifies the passphrase for the private key specified by the -k argument. If this option is omitted and the key is passphrase protected tsget will ask for it. (Optional)

+ +
+
-c client_cert.pem
+
+ +

(HTTPS) In case of certificate-based client authentication over HTTPS <client_cert.pem> must contain the X.509 certificate of the user. The -k option must also be specified. If this option is not specified no certificate-based client authentication will take place. (Optional)

+ +
+
-C CA_certs.pem
+
+ +

(HTTPS) The trusted CA certificate store. The certificate chain of the peer's certificate must include one of the CA certificates specified in this file. Either option -C or option -P must be given in case of HTTPS. (Optional)

+ +
+
-P CA_path
+
+ +

(HTTPS) The path containing the trusted CA certificates to verify the peer's certificate. The directory must be prepared with the c_rehash OpenSSL utility. Either option -C or option -P must be given in case of HTTPS. (Optional)

+ +
+
-rand file:file...
+
+ +

The files containing random data for seeding the random number generator. Multiple files can be specified, the separator is ; for MS-Windows, , for VMS and : for all other platforms. (Optional)

+ +
+
-g EGD_socket
+
+ +

The name of an EGD socket to get random data from. (Optional)

+ +
+
[request]...
+
+ +

List of files containing RFC 3161 DER-encoded time stamp requests. If no requests are specified only one request will be sent to the server and it will be read from the standard input. (Optional)

+ +
+
+ +

ENVIRONMENT VARIABLES

+ +

The TSGET environment variable can optionally contain default arguments. The content of this variable is added to the list of command line arguments.

+ +

EXAMPLES

+ +

The examples below presume that file1.tsq and file2.tsq contain valid time stamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests and at port 8443 for HTTPS requests, the TSA service is available at the /tsa absolute path.

+ +

Get a time stamp response for file1.tsq over HTTP, output is written to file1.tsr:

+ +
tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq
+ +

Get a time stamp response for file1.tsq and file2.tsq over HTTP showing progress, output is written to file1.reply and file2.reply respectively:

+ +
tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \
+      file1.tsq file2.tsq
+ +

Create a time stamp request, write it to file3.tsq, send it to the server and write the response to file3.tsr:

+ +
openssl ts -query -data file3.txt -cert | tee file3.tsq \
+      | tsget -h http://tsa.opentsa.org:8080/tsa \
+      -o file3.tsr
+ +

Get a time stamp response for file1.tsq over HTTPS without client authentication:

+ +
tsget -h https://tsa.opentsa.org:8443/tsa \
+      -C cacerts.pem file1.tsq
+ +

Get a time stamp response for file1.tsq over HTTPS with certificate-based client authentication (it will ask for the passphrase if client_key.pem is protected):

+ +
tsget -h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
+      -k client_key.pem -c client_cert.pem file1.tsq
+ +

You can shorten the previous command line if you make use of the TSGET environment variable. The following commands do the same as the previous example:

+ +
TSGET='-h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
+      -k client_key.pem -c client_cert.pem'
+export TSGET
+tsget file1.tsq
+ +

SEE ALSO

+ +

openssl(1), ts(1), curl(1), RFC 3161

+ +

COPYRIGHT

+ +

Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/verify.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/verify.html new file mode 100644 index 00000000..da3e6252 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/verify.html @@ -0,0 +1,825 @@ + + + + +verify + + + + + + + + + + +

NAME

+ +

openssl-verify, verify - Utility to verify certificates

+ +

SYNOPSIS

+ +

openssl verify [-help] [-CAfile file] [-CApath directory] [-no-CAfile] [-no-CApath] [-allow_proxy_certs] [-attime timestamp] [-check_ss_sig] [-CRLfile file] [-crl_download] [-crl_check] [-crl_check_all] [-engine id] [-explicit_policy] [-extended_crl] [-ignore_critical] [-inhibit_any] [-inhibit_map] [-nameopt option] [-no_check_time] [-partial_chain] [-policy arg] [-policy_check] [-policy_print] [-purpose purpose] [-suiteB_128] [-suiteB_128_only] [-suiteB_192] [-trusted_first] [-no_alt_chains] [-untrusted file] [-trusted file] [-use_deltas] [-verbose] [-auth_level level] [-verify_depth num] [-verify_email email] [-verify_hostname hostname] [-verify_ip ip] [-verify_name name] [-x509_strict] [-show_chain] [-] [certificates]

+ +

DESCRIPTION

+ +

The verify command verifies certificate chains.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-CAfile file
+
+ +

A file of trusted certificates. The file should contain one or more certificates in PEM format.

+ +
+
-CApath directory
+
+ +

A directory of trusted certificates. The certificates should have names of the form: hash.0 or have symbolic links to them of this form ("hash" is the hashed certificate subject name: see the -hash option of the x509 utility). Under Unix the c_rehash script will automatically create symbolic links to a directory of certificates.

+ +
+
-no-CAfile
+
+ +

Do not load the trusted CA certificates from the default file location.

+ +
+
-no-CApath
+
+ +

Do not load the trusted CA certificates from the default directory location.

+ +
+
-allow_proxy_certs
+
+ +

Allow the verification of proxy certificates.

+ +
+
-attime timestamp
+
+ +

Perform validation checks using time specified by timestamp and not current system time. timestamp is the number of seconds since 01.01.1970 (UNIX time).

+ +
+
-check_ss_sig
+
+ +

Verify the signature on the self-signed root CA. This is disabled by default because it doesn't add any security.

+ +
+
-CRLfile file
+
+ +

The file should contain one or more CRLs in PEM format. This option can be specified more than once to include CRLs from multiple files.

+ +
+
-crl_download
+
+ +

Attempt to download CRL information for this certificate.

+ +
+
-crl_check
+
+ +

Checks end entity certificate validity by attempting to look up a valid CRL. If a valid CRL cannot be found an error occurs.

+ +
+
-crl_check_all
+
+ +

Checks the validity of all certificates in the chain by attempting to look up valid CRLs.

+ +
+
-engine id
+
+ +

Specifying an engine id will cause verify(1) to attempt to load the specified engine. The engine will then be set as the default for all its supported algorithms. If you want to load certificates or CRLs that require engine support via any of the -trusted, -untrusted or -CRLfile options, the -engine option must be specified before those options.

+ +
+
-explicit_policy
+
+ +

Set policy variable require-explicit-policy (see RFC5280).

+ +
+
-extended_crl
+
+ +

Enable extended CRL features such as indirect CRLs and alternate CRL signing keys.

+ +
+
-ignore_critical
+
+ +

Normally if an unhandled critical extension is present which is not supported by OpenSSL the certificate is rejected (as required by RFC5280). If this option is set critical extensions are ignored.

+ +
+
-inhibit_any
+
+ +

Set policy variable inhibit-any-policy (see RFC5280).

+ +
+
-inhibit_map
+
+ +

Set policy variable inhibit-policy-mapping (see RFC5280).

+ +
+
-nameopt option
+
+ +

Option which determines how the subject or issuer names are displayed. The option argument can be a single option or multiple options separated by commas. Alternatively the -nameopt switch may be used more than once to set multiple options. See the x509(1) manual page for details.

+ +
+
-no_check_time
+
+ +

This option suppresses checking the validity period of certificates and CRLs against the current time. If option -attime timestamp is used to specify a verification time, the check is not suppressed.

+ +
+
-partial_chain
+
+ +

Allow verification to succeed even if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed.

+ +
+
-policy arg
+
+ +

Enable policy processing and add arg to the user-initial-policy-set (see RFC5280). The policy arg can be an object name an OID in numeric form. This argument can appear more than once.

+ +
+
-policy_check
+
+ +

Enables certificate policy processing.

+ +
+
-policy_print
+
+ +

Print out diagnostics related to policy processing.

+ +
+
-purpose purpose
+
+ +

The intended use for the certificate. If this option is not specified, verify will not consider certificate purpose during chain verification. Currently accepted uses are sslclient, sslserver, nssslserver, smimesign, smimeencrypt. See the VERIFY OPERATION section for more information.

+ +
+
-suiteB_128_only, -suiteB_128, -suiteB_192
+
+ +

Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or 192 bit, or only 192 bit Level of Security respectively. See RFC6460 for details. In particular the supported signature algorithms are reduced to support only ECDSA and SHA256 or SHA384 and only the elliptic curves P-256 and P-384.

+ +
+
-trusted_first
+
+ +

When constructing the certificate chain, use the trusted certificates specified via -CAfile, -CApath or -trusted before any certificates specified via -untrusted. This can be useful in environments with Bridge or Cross-Certified CAs. As of OpenSSL 1.1.0 this option is on by default and cannot be disabled.

+ +
+
-no_alt_chains
+
+ +

By default, unless -trusted_first is specified, when building a certificate chain, if the first certificate chain found is not trusted, then OpenSSL will attempt to replace untrusted issuer certificates with certificates from the trust store to see if an alternative chain can be found that is trusted. As of OpenSSL 1.1.0, with -trusted_first always on, this option has no effect.

+ +
+
-untrusted file
+
+ +

A file of additional untrusted certificates (intermediate issuer CAs) used to construct a certificate chain from the subject certificate to a trust-anchor. The file should contain one or more certificates in PEM format. This option can be specified more than once to include untrusted certificates from multiple files.

+ +
+
-trusted file
+
+ +

A file of trusted certificates, which must be self-signed, unless the -partial_chain option is specified. The file contains one or more certificates in PEM format. With this option, no additional (e.g., default) certificate lists are consulted. That is, the only trust-anchors are those listed in file. This option can be specified more than once to include trusted certificates from multiple files. This option implies the -no-CAfile and -no-CApath options. This option cannot be used in combination with either of the -CAfile or -CApath options.

+ +
+
-use_deltas
+
+ +

Enable support for delta CRLs.

+ +
+
-verbose
+
+ +

Print extra information about the operations being performed.

+ +
+
-auth_level level
+
+ +

Set the certificate chain authentication security level to level. The authentication security level determines the acceptable signature and public key strength when verifying certificate chains. For a certificate chain to validate, the public keys of all the certificates must meet the specified security level. The signature algorithm security level is enforced for all the certificates in the chain except for the chain's trust anchor, which is either directly trusted or validated by means other than its signature. See SSL_CTX_set_security_level(3) for the definitions of the available levels. The default security level is -1, or "not set". At security level 0 or lower all algorithms are acceptable. Security level 1 requires at least 80-bit-equivalent security and is broadly interoperable, though it will, for example, reject MD5 signatures or RSA keys shorter than 1024 bits.

+ +
+
-verify_depth num
+
+ +

Limit the certificate chain to num intermediate CA certificates. A maximal depth chain can have up to num+2 certificates, since neither the end-entity certificate nor the trust-anchor certificate count against the -verify_depth limit.

+ +
+
-verify_email email
+
+ +

Verify if the email matches the email address in Subject Alternative Name or the email in the subject Distinguished Name.

+ +
+
-verify_hostname hostname
+
+ +

Verify if the hostname matches DNS name in Subject Alternative Name or Common Name in the subject certificate.

+ +
+
-verify_ip ip
+
+ +

Verify if the ip matches the IP address in Subject Alternative Name of the subject certificate.

+ +
+
-verify_name name
+
+ +

Use default verification policies like trust model and required certificate policies identified by name. The trust model determines which auxiliary trust or reject OIDs are applicable to verifying the given certificate chain. See the -addtrust and -addreject options of the x509(1) command-line utility. Supported policy names include: default, pkcs7, smime_sign, ssl_client, ssl_server. These mimics the combinations of purpose and trust settings used in SSL, CMS and S/MIME. As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not specified, so the -verify_name options are functionally equivalent to the corresponding -purpose settings.

+ +
+
-x509_strict
+
+ +

For strict X.509 compliance, disable non-compliant workarounds for broken certificates.

+ +
+
-show_chain
+
+ +

Display information about the certificate chain that has been built (if successful). Certificates in the chain that came from the untrusted list will be flagged as "untrusted".

+ +
+
-
+
+ +

Indicates the last option. All arguments following this are assumed to be certificate files. This is useful if the first certificate filename begins with a -.

+ +
+
certificates
+
+ +

One or more certificates to verify. If no certificates are given, verify will attempt to read a certificate from standard input. Certificates must be in PEM format.

+ +
+
+ +

VERIFY OPERATION

+ +

The verify program uses the same functions as the internal SSL and S/MIME verification, therefore this description applies to these verify operations too.

+ +

There is one crucial difference between the verify operations performed by the verify program: wherever possible an attempt is made to continue after an error whereas normally the verify operation would halt on the first error. This allows all the problems with a certificate chain to be determined.

+ +

The verify operation consists of a number of separate steps.

+ +

Firstly a certificate chain is built up starting from the supplied certificate and ending in the root CA. It is an error if the whole chain cannot be built up. The chain is built up by looking up the issuers certificate of the current certificate. If a certificate is found which is its own issuer it is assumed to be the root CA.

+ +

The process of 'looking up the issuers certificate' itself involves a number of steps. After all certificates whose subject name matches the issuer name of the current certificate are subject to further tests. The relevant authority key identifier components of the current certificate (if present) must match the subject key identifier (if present) and issuer and serial number of the candidate issuer, in addition the keyUsage extension of the candidate issuer (if present) must permit certificate signing.

+ +

The lookup first looks in the list of untrusted certificates and if no match is found the remaining lookups are from the trusted certificates. The root CA is always looked up in the trusted certificate list: if the certificate to verify is a root certificate then an exact match must be found in the trusted list.

+ +

The second operation is to check every untrusted certificate's extensions for consistency with the supplied purpose. If the -purpose option is not included then no checks are done. The supplied or "leaf" certificate must have extensions compatible with the supplied purpose and all other certificates must also be valid CA certificates. The precise extensions required are described in more detail in the CERTIFICATE EXTENSIONS section of the x509 utility.

+ +

The third operation is to check the trust settings on the root CA. The root CA should be trusted for the supplied purpose. For compatibility with previous versions of OpenSSL, a certificate with no trust settings is considered to be valid for all purposes.

+ +

The final operation is to check the validity of the certificate chain. The validity period is checked against the current system time and the notBefore and notAfter dates in the certificate. The certificate signatures are also checked at this point.

+ +

If all operations complete successfully then certificate is considered valid. If any operation fails then the certificate is not valid.

+ +

DIAGNOSTICS

+ +

When a verify operation fails the output messages can be somewhat cryptic. The general form of the error message is:

+ +
server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+error 24 at 1 depth lookup:invalid CA certificate
+ +

The first line contains the name of the certificate being verified followed by the subject name of the certificate. The second line contains the error number and the depth. The depth is number of the certificate being verified when a problem was detected starting with zero for the certificate being verified itself then 1 for the CA that signed the certificate and so on. Finally a text version of the error number is presented.

+ +

A partial list of the error codes and messages is shown below, this also includes the name of the error code as defined in the header file x509_vfy.h Some of the error codes are defined but never returned: these are described as "unused".

+ +
+ +
X509_V_OK
+
+ +

The operation was successful.

+ +
+
X509_V_ERR_UNSPECIFIED
+
+ +

Unspecified error; should not happen.

+ +
+
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
+
+ +

The issuer certificate of a looked up certificate could not be found. This normally means the list of trusted certificates is not complete.

+ +
+
X509_V_ERR_UNABLE_TO_GET_CRL
+
+ +

The CRL of a certificate could not be found.

+ +
+
X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
+
+ +

The certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for RSA keys.

+ +
+
X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
+
+ +

The CRL signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused.

+ +
+
X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
+
+ +

The public key in the certificate SubjectPublicKeyInfo could not be read.

+ +
+
X509_V_ERR_CERT_SIGNATURE_FAILURE
+
+ +

The signature of the certificate is invalid.

+ +
+
X509_V_ERR_CRL_SIGNATURE_FAILURE
+
+ +

The signature of the certificate is invalid.

+ +
+
X509_V_ERR_CERT_NOT_YET_VALID
+
+ +

The certificate is not yet valid: the notBefore date is after the current time.

+ +
+
X509_V_ERR_CERT_HAS_EXPIRED
+
+ +

The certificate has expired: that is the notAfter date is before the current time.

+ +
+
X509_V_ERR_CRL_NOT_YET_VALID
+
+ +

The CRL is not yet valid.

+ +
+
X509_V_ERR_CRL_HAS_EXPIRED
+
+ +

The CRL has expired.

+ +
+
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
+
+ +

The certificate notBefore field contains an invalid time.

+ +
+
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
+
+ +

The certificate notAfter field contains an invalid time.

+ +
+
X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
+
+ +

The CRL lastUpdate field contains an invalid time.

+ +
+
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
+
+ +

The CRL nextUpdate field contains an invalid time.

+ +
+
X509_V_ERR_OUT_OF_MEM
+
+ +

An error occurred trying to allocate memory. This should never happen.

+ +
+
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
+
+ +

The passed certificate is self-signed and the same certificate cannot be found in the list of trusted certificates.

+ +
+
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
+
+ +

The certificate chain could be built up using the untrusted certificates but the root could not be found locally.

+ +
+
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
+
+ +

The issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found.

+ +
+
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
+
+ +

No signatures could be verified because the chain contains only one certificate and it is not self signed.

+ +
+
X509_V_ERR_CERT_CHAIN_TOO_LONG
+
+ +

The certificate chain length is greater than the supplied maximum depth. Unused.

+ +
+
X509_V_ERR_CERT_REVOKED
+
+ +

The certificate has been revoked.

+ +
+
X509_V_ERR_INVALID_CA
+
+ +

A CA certificate is invalid. Either it is not a CA or its extensions are not consistent with the supplied purpose.

+ +
+
X509_V_ERR_PATH_LENGTH_EXCEEDED
+
+ +

The basicConstraints pathlength parameter has been exceeded.

+ +
+
X509_V_ERR_INVALID_PURPOSE
+
+ +

The supplied certificate cannot be used for the specified purpose.

+ +
+
X509_V_ERR_CERT_UNTRUSTED
+
+ +

The root CA is not marked as trusted for the specified purpose.

+ +
+
X509_V_ERR_CERT_REJECTED
+
+ +

The root CA is marked to reject the specified purpose.

+ +
+
X509_V_ERR_SUBJECT_ISSUER_MISMATCH
+
+ +

Not used as of OpenSSL 1.1.0 as a result of the deprecation of the -issuer_checks option.

+ +
+
X509_V_ERR_AKID_SKID_MISMATCH
+
+ +

Not used as of OpenSSL 1.1.0 as a result of the deprecation of the -issuer_checks option.

+ +
+
X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
+
+ +

Not used as of OpenSSL 1.1.0 as a result of the deprecation of the -issuer_checks option.

+ +
+
X509_V_ERR_KEYUSAGE_NO_CERTSIGN
+
+ +

Not used as of OpenSSL 1.1.0 as a result of the deprecation of the -issuer_checks option.

+ +
+
X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
+
+ +

Unable to get CRL issuer certificate.

+ +
+
X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
+
+ +

Unhandled critical extension.

+ +
+
X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
+
+ +

Key usage does not include CRL signing.

+ +
+
X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
+
+ +

Unhandled critical CRL extension.

+ +
+
X509_V_ERR_INVALID_NON_CA
+
+ +

Invalid non-CA certificate has CA markings.

+ +
+
X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
+
+ +

Proxy path length constraint exceeded.

+ +
+
X509_V_ERR_PROXY_SUBJECT_INVALID
+
+ +

Proxy certificate subject is invalid. It MUST be the same as the issuer with a single CN component added.

+ +
+
X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
+
+ +

Key usage does not include digital signature.

+ +
+
X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
+
+ +

Proxy certificates not allowed, please use -allow_proxy_certs.

+ +
+
X509_V_ERR_INVALID_EXTENSION
+
+ +

Invalid or inconsistent certificate extension.

+ +
+
X509_V_ERR_INVALID_POLICY_EXTENSION
+
+ +

Invalid or inconsistent certificate policy extension.

+ +
+
X509_V_ERR_NO_EXPLICIT_POLICY
+
+ +

No explicit policy.

+ +
+
X509_V_ERR_DIFFERENT_CRL_SCOPE
+
+ +

Different CRL scope.

+ +
+
X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
+
+ +

Unsupported extension feature.

+ +
+
X509_V_ERR_UNNESTED_RESOURCE
+
+ +

RFC 3779 resource not subset of parent's resources.

+ +
+
X509_V_ERR_PERMITTED_VIOLATION
+
+ +

Permitted subtree violation.

+ +
+
X509_V_ERR_EXCLUDED_VIOLATION
+
+ +

Excluded subtree violation.

+ +
+
X509_V_ERR_SUBTREE_MINMAX
+
+ +

Name constraints minimum and maximum not supported.

+ +
+
X509_V_ERR_APPLICATION_VERIFICATION
+
+ +

Application verification failure. Unused.

+ +
+
X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
+
+ +

Unsupported name constraint type.

+ +
+
X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
+
+ +

Unsupported or invalid name constraint syntax.

+ +
+
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
+
+ +

Unsupported or invalid name syntax.

+ +
+
X509_V_ERR_CRL_PATH_VALIDATION_ERROR
+
+ +

CRL path validation error.

+ +
+
X509_V_ERR_PATH_LOOP
+
+ +

Path loop.

+ +
+
X509_V_ERR_SUITE_B_INVALID_VERSION
+
+ +

Suite B: certificate version invalid.

+ +
+
X509_V_ERR_SUITE_B_INVALID_ALGORITHM
+
+ +

Suite B: invalid public key algorithm.

+ +
+
X509_V_ERR_SUITE_B_INVALID_CURVE
+
+ +

Suite B: invalid ECC curve.

+ +
+
X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
+
+ +

Suite B: invalid signature algorithm.

+ +
+
X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
+
+ +

Suite B: curve not allowed for this LOS.

+ +
+
X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256
+
+ +

Suite B: cannot sign P-384 with P-256.

+ +
+
X509_V_ERR_HOSTNAME_MISMATCH
+
+ +

Hostname mismatch.

+ +
+
X509_V_ERR_EMAIL_MISMATCH
+
+ +

Email address mismatch.

+ +
+
X509_V_ERR_IP_ADDRESS_MISMATCH
+
+ +

IP address mismatch.

+ +
+
X509_V_ERR_DANE_NO_MATCH
+
+ +

DANE TLSA authentication is enabled, but no TLSA records matched the certificate chain. This error is only possible in s_client(1).

+ +
+
X509_V_ERR_EE_KEY_TOO_SMALL
+
+ +

EE certificate key too weak.

+ +
+
X509_ERR_CA_KEY_TOO_SMALL
+
+ +

CA certificate key too weak.

+ +
+
X509_ERR_CA_MD_TOO_WEAK
+
+ +

CA signature digest algorithm too weak.

+ +
+
X509_V_ERR_INVALID_CALL
+
+ +

nvalid certificate verification context.

+ +
+
X509_V_ERR_STORE_LOOKUP
+
+ +

Issuer certificate lookup error.

+ +
+
X509_V_ERR_NO_VALID_SCTS
+
+ +

Certificate Transparency required, but no valid SCTs found.

+ +
+
X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION
+
+ +

Proxy subject name violation.

+ +
+
X509_V_ERR_OCSP_VERIFY_NEEDED
+
+ +

Returned by the verify callback to indicate an OCSP verification is needed.

+ +
+
X509_V_ERR_OCSP_VERIFY_FAILED
+
+ +

Returned by the verify callback to indicate OCSP verification failed.

+ +
+
X509_V_ERR_OCSP_CERT_UNKNOWN
+
+ +

Returned by the verify callback to indicate that the certificate is not recognized by the OCSP responder.

+ +
+
+ +

BUGS

+ +

Although the issuer checks are a considerable improvement over the old technique they still suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that trusted certificates with matching subject name must either appear in a file (as specified by the -CAfile option) or a directory (as specified by -CApath). If they occur in both then only the certificates in the file will be recognised.

+ +

Previous versions of OpenSSL assume certificates with matching subject name are identical and mishandled them.

+ +

Previous versions of this documentation swapped the meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error codes.

+ +

SEE ALSO

+ +

x509(1)

+ +

HISTORY

+ +

The -show_chain option was added in OpenSSL 1.1.0.

+ +

The -issuer_checks option is deprecated as of OpenSSL 1.1.0 and is silently ignored.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/version.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/version.html new file mode 100644 index 00000000..0d36c192 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/version.html @@ -0,0 +1,110 @@ + + + + +version + + + + + + + + + + +

NAME

+ +

openssl-version, version - print OpenSSL version information

+ +

SYNOPSIS

+ +

openssl version [-help] [-a] [-v] [-b] [-o] [-f] [-p] [-d] [-e]

+ +

DESCRIPTION

+ +

This command is used to print out version information about OpenSSL.

+ +

OPTIONS

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-a
+
+ +

All information, this is the same as setting all the other flags.

+ +
+
-v
+
+ +

The current OpenSSL version.

+ +
+
-b
+
+ +

The date the current version of OpenSSL was built.

+ +
+
-o
+
+ +

Option information: various options set when the library was built.

+ +
+
-f
+
+ +

Compilation flags.

+ +
+
-p
+
+ +

Platform setting.

+ +
+
-d
+
+ +

OPENSSLDIR setting.

+ +
+
-e
+
+ +

ENGINESDIR setting.

+ +
+
+ +

NOTES

+ +

The output of openssl version -a would typically be used when sending in a bug report.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man1/x509.html b/deps/openssl/mingw64/share/doc/openssl/html/man1/x509.html new file mode 100644 index 00000000..a1482747 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man1/x509.html @@ -0,0 +1,892 @@ + + + + +x509 + + + + + + + + + + +

NAME

+ +

openssl-x509, x509 - Certificate display and signing utility

+ +

SYNOPSIS

+ +

openssl x509 [-help] [-inform DER|PEM] [-outform DER|PEM] [-keyform DER|PEM|ENGINE] [-CAform DER|PEM] [-CAkeyform DER|PEM] [-in filename] [-out filename] [-serial] [-hash] [-subject_hash] [-issuer_hash] [-ocspid] [-subject] [-issuer] [-nameopt option] [-email] [-ocsp_uri] [-startdate] [-enddate] [-purpose] [-dates] [-checkend num] [-modulus] [-pubkey] [-fingerprint] [-alias] [-noout] [-trustout] [-clrtrust] [-clrreject] [-addtrust arg] [-addreject arg] [-setalias arg] [-days arg] [-set_serial n] [-signkey arg] [-passin arg] [-x509toreq] [-req] [-CA filename] [-CAkey filename] [-CAcreateserial] [-CAserial filename] [-force_pubkey key] [-text] [-ext extensions] [-certopt option] [-C] [-digest] [-clrext] [-extfile filename] [-extensions section] [-sigopt nm:v] [-rand file...] [-writerand file] [-engine id] [-preserve_dates]

+ +

DESCRIPTION

+ +

The x509 command is a multi purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests like a "mini CA" or edit certificate trust settings.

+ +

Since there are a large number of options they will split up into various sections.

+ +

OPTIONS

+ +

Input, Output, and General Purpose Options

+ +
+ +
-help
+
+ +

Print out a usage message.

+ +
+
-inform DER|PEM
+
+ +

This specifies the input format normally the command will expect an X509 certificate but this can change if other options such as -req are present. The DER format is the DER encoding of the certificate and PEM is the base64 encoding of the DER encoding with header and footer lines added. The default format is PEM.

+ +
+
-outform DER|PEM
+
+ +

This specifies the output format, the options have the same meaning and default as the -inform option.

+ +
+
-in filename
+
+ +

This specifies the input filename to read a certificate from or standard input if this option is not specified.

+ +
+
-out filename
+
+ +

This specifies the output filename to write to or standard output by default.

+ +
+
-digest
+
+ +

The digest to use. This affects any signing or display option that uses a message digest, such as the -fingerprint, -signkey and -CA options. Any digest supported by the OpenSSL dgst command can be used. If not specified then SHA1 is used with -fingerprint or the default digest for the signing algorithm is used, typically SHA256.

+ +
+
-rand file...
+
+ +

A file or files containing random data used to seed the random number generator. Multiple files can be specified separated by an OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

+ +
+
[-writerand file]
+
+ +

Writes random data to the specified file upon exit. This can be used with a subsequent -rand flag.

+ +
+
-engine id
+
+ +

Specifying an engine (by its unique id string) will cause x509 to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

+ +
+
-preserve_dates
+
+ +

When signing a certificate, preserve the "notBefore" and "notAfter" dates instead of adjusting them to current time and duration. Cannot be used with the -days option.

+ +
+
+ +

Display Options

+ +

Note: the -alias and -purpose options are also display options but are described in the TRUST SETTINGS section.

+ +
+ +
-text
+
+ +

Prints out the certificate in text form. Full details are output including the public key, signature algorithms, issuer and subject names, serial number any extensions present and any trust settings.

+ +
+
-ext extensions
+
+ +

Prints out the certificate extensions in text form. Extensions are specified with a comma separated string, e.g., "subjectAltName,subjectKeyIdentifier". See the x509v3_config(5) manual page for the extension names.

+ +
+
-certopt option
+
+ +

Customise the output format used with -text. The option argument can be a single option or multiple options separated by commas. The -certopt switch may be also be used more than once to set multiple options. See the TEXT OPTIONS section for more information.

+ +
+
-noout
+
+ +

This option prevents output of the encoded version of the certificate.

+ +
+
-pubkey
+
+ +

Outputs the certificate's SubjectPublicKeyInfo block in PEM format.

+ +
+
-modulus
+
+ +

This option prints out the value of the modulus of the public key contained in the certificate.

+ +
+
-serial
+
+ +

Outputs the certificate serial number.

+ +
+
-subject_hash
+
+ +

Outputs the "hash" of the certificate subject name. This is used in OpenSSL to form an index to allow certificates in a directory to be looked up by subject name.

+ +
+
-issuer_hash
+
+ +

Outputs the "hash" of the certificate issuer name.

+ +
+
-ocspid
+
+ +

Outputs the OCSP hash values for the subject name and public key.

+ +
+
-hash
+
+ +

Synonym for "-subject_hash" for backward compatibility reasons.

+ +
+
-subject_hash_old
+
+ +

Outputs the "hash" of the certificate subject name using the older algorithm as used by OpenSSL before version 1.0.0.

+ +
+
-issuer_hash_old
+
+ +

Outputs the "hash" of the certificate issuer name using the older algorithm as used by OpenSSL before version 1.0.0.

+ +
+
-subject
+
+ +

Outputs the subject name.

+ +
+
-issuer
+
+ +

Outputs the issuer name.

+ +
+
-nameopt option
+
+ +

Option which determines how the subject or issuer names are displayed. The option argument can be a single option or multiple options separated by commas. Alternatively the -nameopt switch may be used more than once to set multiple options. See the NAME OPTIONS section for more information.

+ +
+
-email
+
+ +

Outputs the email address(es) if any.

+ +
+
-ocsp_uri
+
+ +

Outputs the OCSP responder address(es) if any.

+ +
+
-startdate
+
+ +

Prints out the start date of the certificate, that is the notBefore date.

+ +
+
-enddate
+
+ +

Prints out the expiry date of the certificate, that is the notAfter date.

+ +
+
-dates
+
+ +

Prints out the start and expiry dates of a certificate.

+ +
+
-checkend arg
+
+ +

Checks if the certificate expires within the next arg seconds and exits non-zero if yes it will expire or zero if not.

+ +
+
-fingerprint
+
+ +

Calculates and outputs the digest of the DER encoded version of the entire certificate (see digest options). This is commonly called a "fingerprint". Because of the nature of message digests, the fingerprint of a certificate is unique to that certificate and two certificates with the same fingerprint can be considered to be the same.

+ +
+
-C
+
+ +

This outputs the certificate in the form of a C source file.

+ +
+
+ +

Trust Settings

+ +

A trusted certificate is an ordinary certificate which has several additional pieces of information attached to it such as the permitted and prohibited uses of the certificate and an "alias".

+ +

Normally when a certificate is being verified at least one certificate must be "trusted". By default a trusted certificate must be stored locally and must be a root CA: any certificate chain ending in this CA is then usable for any purpose.

+ +

Trust settings currently are only used with a root CA. They allow a finer control over the purposes the root CA can be used for. For example a CA may be trusted for SSL client but not SSL server use.

+ +

See the description of the verify utility for more information on the meaning of trust settings.

+ +

Future versions of OpenSSL will recognize trust settings on any certificate: not just root CAs.

+ +
+ +
-trustout
+
+ +

This causes x509 to output a trusted certificate. An ordinary or trusted certificate can be input but by default an ordinary certificate is output and any trust settings are discarded. With the -trustout option a trusted certificate is output. A trusted certificate is automatically output if any trust settings are modified.

+ +
+
-setalias arg
+
+ +

Sets the alias of the certificate. This will allow the certificate to be referred to using a nickname for example "Steve's Certificate".

+ +
+
-alias
+
+ +

Outputs the certificate alias, if any.

+ +
+
-clrtrust
+
+ +

Clears all the permitted or trusted uses of the certificate.

+ +
+
-clrreject
+
+ +

Clears all the prohibited or rejected uses of the certificate.

+ +
+
-addtrust arg
+
+ +

Adds a trusted certificate use. Any object name can be used here but currently only clientAuth (SSL client use), serverAuth (SSL server use), emailProtection (S/MIME email) and anyExtendedKeyUsage are used. As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or enables all purposes when trusted. Other OpenSSL applications may define additional uses.

+ +
+
-addreject arg
+
+ +

Adds a prohibited use. It accepts the same values as the -addtrust option.

+ +
+
-purpose
+
+ +

This option performs tests on the certificate extensions and outputs the results. For a more complete description see the CERTIFICATE EXTENSIONS section.

+ +
+
+ +

Signing Options

+ +

The x509 utility can be used to sign certificates and requests: it can thus behave like a "mini CA".

+ +
+ +
-signkey arg
+
+ +

This option causes the input file to be self signed using the supplied private key or engine. The private key's format is specified with the -keyform option.

+ +

If the input file is a certificate it sets the issuer name to the subject name (i.e. makes it self signed) changes the public key to the supplied value and changes the start and end dates. The start date is set to the current time and the end date is set to a value determined by the -days option. Any certificate extensions are retained unless the -clrext option is supplied; this includes, for example, any existing key identifier extensions.

+ +

If the input is a certificate request then a self signed certificate is created using the supplied private key using the subject name in the request.

+ +
+
-sigopt nm:v
+
+ +

Pass options to the signature algorithm during sign or verify operations. Names and values of these options are algorithm-specific.

+ +
+
-passin arg
+
+ +

The key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

+ +
+
-clrext
+
+ +

Delete any extensions from a certificate. This option is used when a certificate is being created from another certificate (for example with the -signkey or the -CA options). Normally all extensions are retained.

+ +
+
-keyform PEM|DER|ENGINE
+
+ +

Specifies the format (DER or PEM) of the private key file used in the -signkey option.

+ +
+
-days arg
+
+ +

Specifies the number of days to make a certificate valid for. The default is 30 days. Cannot be used with the -preserve_dates option.

+ +
+
-x509toreq
+
+ +

Converts a certificate into a certificate request. The -signkey option is used to pass the required private key.

+ +
+
-req
+
+ +

By default a certificate is expected on input. With this option a certificate request is expected instead.

+ +
+
-set_serial n
+
+ +

Specifies the serial number to use. This option can be used with either the -signkey or -CA options. If used in conjunction with the -CA option the serial number file (as specified by the -CAserial or -CAcreateserial options) is not used.

+ +

The serial number can be decimal or hex (if preceded by 0x).

+ +
+
-CA filename
+
+ +

Specifies the CA certificate to be used for signing. When this option is present x509 behaves like a "mini CA". The input file is signed by this CA using this option: that is its issuer name is set to the subject name of the CA and it is digitally signed using the CAs private key.

+ +

This option is normally combined with the -req option. Without the -req option the input is a certificate which must be self signed.

+ +
+
-CAkey filename
+
+ +

Sets the CA private key to sign a certificate with. If this option is not specified then it is assumed that the CA private key is present in the CA certificate file.

+ +
+
-CAserial filename
+
+ +

Sets the CA serial number file to use.

+ +

When the -CA option is used to sign a certificate it uses a serial number specified in a file. This file consists of one line containing an even number of hex digits with the serial number to use. After each use the serial number is incremented and written out to the file again.

+ +

The default filename consists of the CA certificate file base name with ".srl" appended. For example if the CA certificate file is called "mycacert.pem" it expects to find a serial number file called "mycacert.srl".

+ +
+
-CAcreateserial
+
+ +

With this option the CA serial number file is created if it does not exist: it will contain the serial number "02" and the certificate being signed will have the 1 as its serial number. If the -CA option is specified and the serial number file does not exist a random number is generated; this is the recommended practice.

+ +
+
-extfile filename
+
+ +

File containing certificate extensions to use. If not specified then no extensions are added to the certificate.

+ +
+
-extensions section
+
+ +

The section to add certificate extensions from. If this option is not specified then the extensions should either be contained in the unnamed (default) section or the default section should contain a variable called "extensions" which contains the section to use. See the x509v3_config(5) manual page for details of the extension section format.

+ +
+
-force_pubkey key
+
+ +

When a certificate is created set its public key to key instead of the key in the certificate or certificate request. This option is useful for creating certificates where the algorithm can't normally sign requests, for example DH.

+ +

The format or key can be specified using the -keyform option.

+ +
+
+ +

Name Options

+ +

The nameopt command line switch determines how the subject and issuer names are displayed. If no nameopt switch is present the default "oneline" format is used which is compatible with previous versions of OpenSSL. Each option is described in detail below, all options can be preceded by a - to turn the option off. Only the first four will normally be used.

+ +
+ +
compat
+
+ +

Use the old format.

+ +
+
RFC2253
+
+ +

Displays names compatible with RFC2253 equivalent to esc_2253, esc_ctrl, esc_msb, utf8, dump_nostr, dump_unknown, dump_der, sep_comma_plus, dn_rev and sname.

+ +
+
oneline
+
+ +

A oneline format which is more readable than RFC2253. It is equivalent to specifying the esc_2253, esc_ctrl, esc_msb, utf8, dump_nostr, dump_der, use_quote, sep_comma_plus_space, space_eq and sname options. This is the default of no name options are given explicitly.

+ +
+
multiline
+
+ +

A multiline format. It is equivalent esc_ctrl, esc_msb, sep_multiline, space_eq, lname and align.

+ +
+
esc_2253
+
+ +

Escape the "special" characters required by RFC2253 in a field. That is ,+"<>;. Additionally # is escaped at the beginning of a string and a space character at the beginning or end of a string.

+ +
+
esc_2254
+
+ +

Escape the "special" characters required by RFC2254 in a field. That is the NUL character as well as and ()*.

+ +
+
esc_ctrl
+
+ +

Escape control characters. That is those with ASCII values less than 0x20 (space) and the delete (0x7f) character. They are escaped using the RFC2253 \XX notation (where XX are two hex digits representing the character value).

+ +
+
esc_msb
+
+ +

Escape characters with the MSB set, that is with ASCII values larger than 127.

+ +
+
use_quote
+
+ +

Escapes some characters by surrounding the whole string with " characters, without the option all escaping is done with the \ character.

+ +
+
utf8
+
+ +

Convert all strings to UTF8 format first. This is required by RFC2253. If you are lucky enough to have a UTF8 compatible terminal then the use of this option (and not setting esc_msb) may result in the correct display of multibyte (international) characters. Is this option is not present then multibyte characters larger than 0xff will be represented using the format \UXXXX for 16 bits and \WXXXXXXXX for 32 bits. Also if this option is off any UTF8Strings will be converted to their character form first.

+ +
+
ignore_type
+
+ +

This option does not attempt to interpret multibyte characters in any way. That is their content octets are merely dumped as though one octet represents each character. This is useful for diagnostic purposes but will result in rather odd looking output.

+ +
+
show_type
+
+ +

Show the type of the ASN1 character string. The type precedes the field contents. For example "BMPSTRING: Hello World".

+ +
+
dump_der
+
+ +

When this option is set any fields that need to be hexdumped will be dumped using the DER encoding of the field. Otherwise just the content octets will be displayed. Both options use the RFC2253 #XXXX... format.

+ +
+
dump_nostr
+
+ +

Dump non character string types (for example OCTET STRING) if this option is not set then non character string types will be displayed as though each content octet represents a single character.

+ +
+
dump_all
+
+ +

Dump all fields. This option when used with dump_der allows the DER encoding of the structure to be unambiguously determined.

+ +
+
dump_unknown
+
+ +

Dump any field whose OID is not recognised by OpenSSL.

+ +
+
sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space, sep_multiline
+
+ +

These options determine the field separators. The first character is between RDNs and the second between multiple AVAs (multiple AVAs are very rare and their use is discouraged). The options ending in "space" additionally place a space after the separator to make it more readable. The sep_multiline uses a linefeed character for the RDN separator and a spaced + for the AVA separator. It also indents the fields by four characters. If no field separator is specified then sep_comma_plus_space is used by default.

+ +
+
dn_rev
+
+ +

Reverse the fields of the DN. This is required by RFC2253. As a side effect this also reverses the order of multiple AVAs but this is permissible.

+ +
+
nofname, sname, lname, oid
+
+ +

These options alter how the field name is displayed. nofname does not display the field at all. sname uses the "short name" form (CN for commonName for example). lname uses the long form. oid represents the OID in numerical form and is useful for diagnostic purpose.

+ +
+
align
+
+ +

Align field values for a more readable output. Only usable with sep_multiline.

+ +
+
space_eq
+
+ +

Places spaces round the = character which follows the field name.

+ +
+
+ +

Text Options

+ +

As well as customising the name output format, it is also possible to customise the actual fields printed using the certopt options when the text option is present. The default behaviour is to print all fields.

+ +
+ +
compatible
+
+ +

Use the old format. This is equivalent to specifying no output options at all.

+ +
+
no_header
+
+ +

Don't print header information: that is the lines saying "Certificate" and "Data".

+ +
+
no_version
+
+ +

Don't print out the version number.

+ +
+
no_serial
+
+ +

Don't print out the serial number.

+ +
+
no_signame
+
+ +

Don't print out the signature algorithm used.

+ +
+
no_validity
+
+ +

Don't print the validity, that is the notBefore and notAfter fields.

+ +
+
no_subject
+
+ +

Don't print out the subject name.

+ +
+
no_issuer
+
+ +

Don't print out the issuer name.

+ +
+
no_pubkey
+
+ +

Don't print out the public key.

+ +
+
no_sigdump
+
+ +

Don't give a hexadecimal dump of the certificate signature.

+ +
+
no_aux
+
+ +

Don't print out certificate trust information.

+ +
+
no_extensions
+
+ +

Don't print out any X509V3 extensions.

+ +
+
ext_default
+
+ +

Retain default extension behaviour: attempt to print out unsupported certificate extensions.

+ +
+
ext_error
+
+ +

Print an error message for unsupported certificate extensions.

+ +
+
ext_parse
+
+ +

ASN1 parse unsupported extensions.

+ +
+
ext_dump
+
+ +

Hex dump unsupported extensions.

+ +
+
ca_default
+
+ +

The value used by the ca utility, equivalent to no_issuer, no_pubkey, no_header, and no_version.

+ +
+
+ +

EXAMPLES

+ +

Note: in these examples the '\' means the example should be all on one line.

+ +

Display the contents of a certificate:

+ +
openssl x509 -in cert.pem -noout -text
+ +

Display the "Subject Alternative Name" extension of a certificate:

+ +
openssl x509 -in cert.pem -noout -ext subjectAltName
+ +

Display more extensions of a certificate:

+ +
openssl x509 -in cert.pem -noout -ext subjectAltName,nsCertType
+ +

Display the certificate serial number:

+ +
openssl x509 -in cert.pem -noout -serial
+ +

Display the certificate subject name:

+ +
openssl x509 -in cert.pem -noout -subject
+ +

Display the certificate subject name in RFC2253 form:

+ +
openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
+ +

Display the certificate subject name in oneline form on a terminal supporting UTF8:

+ +
openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
+ +

Display the certificate SHA1 fingerprint:

+ +
openssl x509 -sha1 -in cert.pem -noout -fingerprint
+ +

Convert a certificate from PEM to DER format:

+ +
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
+ +

Convert a certificate to a certificate request:

+ +
openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
+ +

Convert a certificate request into a self signed certificate using extensions for a CA:

+ +
openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
+       -signkey key.pem -out cacert.pem
+ +

Sign a certificate request using the CA certificate above and add user certificate extensions:

+ +
openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
+       -CA cacert.pem -CAkey key.pem -CAcreateserial
+ +

Set a certificate to be trusted for SSL client use and change set its alias to "Steve's Class 1 CA"

+ +
openssl x509 -in cert.pem -addtrust clientAuth \
+       -setalias "Steve's Class 1 CA" -out trust.pem
+ +

NOTES

+ +

The PEM format uses the header and footer lines:

+ +
-----BEGIN CERTIFICATE-----
+-----END CERTIFICATE-----
+ +

it will also handle files containing:

+ +
-----BEGIN X509 CERTIFICATE-----
+-----END X509 CERTIFICATE-----
+ +

Trusted certificates have the lines

+ +
-----BEGIN TRUSTED CERTIFICATE-----
+-----END TRUSTED CERTIFICATE-----
+ +

The conversion to UTF8 format used with the name options assumes that T61Strings use the ISO8859-1 character set. This is wrong but Netscape and MSIE do this as do many certificates. So although this is incorrect it is more likely to display the majority of certificates correctly.

+ +

The -email option searches the subject name and the subject alternative name extension. Only unique email addresses will be printed out: it will not print the same address more than once.

+ +

CERTIFICATE EXTENSIONS

+ +

The -purpose option checks the certificate extensions and determines what the certificate can be used for. The actual checks done are rather complex and include various hacks and workarounds to handle broken certificates and software.

+ +

The same code is used when verifying untrusted certificates in chains so this section is useful if a chain is rejected by the verify code.

+ +

The basicConstraints extension CA flag is used to determine whether the certificate can be used as a CA. If the CA flag is true then it is a CA, if the CA flag is false then it is not a CA. All CAs should have the CA flag set to true.

+ +

If the basicConstraints extension is absent then the certificate is considered to be a "possible CA" other extensions are checked according to the intended use of the certificate. A warning is given in this case because the certificate should really not be regarded as a CA: however it is allowed to be a CA to work around some broken software.

+ +

If the certificate is a V1 certificate (and thus has no extensions) and it is self signed it is also assumed to be a CA but a warning is again given: this is to work around the problem of Verisign roots which are V1 self signed certificates.

+ +

If the keyUsage extension is present then additional restraints are made on the uses of the certificate. A CA certificate must have the keyCertSign bit set if the keyUsage extension is present.

+ +

The extended key usage extension places additional restrictions on the certificate uses. If this extension is present (whether critical or not) the key can only be used for the purposes specified.

+ +

A complete description of each test is given below. The comments about basicConstraints and keyUsage and V1 certificates above apply to all CA certificates.

+ +
+ +
SSL Client
+
+ +

The extended key usage extension must be absent or include the "web client authentication" OID. keyUsage must be absent or it must have the digitalSignature bit set. Netscape certificate type must be absent or it must have the SSL client bit set.

+ +
+
SSL Client CA
+
+ +

The extended key usage extension must be absent or include the "web client authentication" OID. Netscape certificate type must be absent or it must have the SSL CA bit set: this is used as a work around if the basicConstraints extension is absent.

+ +
+
SSL Server
+
+ +

The extended key usage extension must be absent or include the "web server authentication" and/or one of the SGC OIDs. keyUsage must be absent or it must have the digitalSignature, the keyEncipherment set or both bits set. Netscape certificate type must be absent or have the SSL server bit set.

+ +
+
SSL Server CA
+
+ +

The extended key usage extension must be absent or include the "web server authentication" and/or one of the SGC OIDs. Netscape certificate type must be absent or the SSL CA bit must be set: this is used as a work around if the basicConstraints extension is absent.

+ +
+
Netscape SSL Server
+
+ +

For Netscape SSL clients to connect to an SSL server it must have the keyEncipherment bit set if the keyUsage extension is present. This isn't always valid because some cipher suites use the key for digital signing. Otherwise it is the same as a normal SSL server.

+ +
+
Common S/MIME Client Tests
+
+ +

The extended key usage extension must be absent or include the "email protection" OID. Netscape certificate type must be absent or should have the S/MIME bit set. If the S/MIME bit is not set in Netscape certificate type then the SSL client bit is tolerated as an alternative but a warning is shown: this is because some Verisign certificates don't set the S/MIME bit.

+ +
+
S/MIME Signing
+
+ +

In addition to the common S/MIME client tests the digitalSignature bit or the nonRepudiation bit must be set if the keyUsage extension is present.

+ +
+
S/MIME Encryption
+
+ +

In addition to the common S/MIME tests the keyEncipherment bit must be set if the keyUsage extension is present.

+ +
+
S/MIME CA
+
+ +

The extended key usage extension must be absent or include the "email protection" OID. Netscape certificate type must be absent or must have the S/MIME CA bit set: this is used as a work around if the basicConstraints extension is absent.

+ +
+
CRL Signing
+
+ +

The keyUsage extension must be absent or it must have the CRL signing bit set.

+ +
+
CRL Signing CA
+
+ +

The normal CA tests apply. Except in this case the basicConstraints extension must be present.

+ +
+
+ +

BUGS

+ +

Extensions in certificates are not transferred to certificate requests and vice versa.

+ +

It is possible to produce invalid certificates or requests by specifying the wrong private key or using inconsistent options in some cases: these should be checked.

+ +

There should be options to explicitly set such things as start and end dates rather than an offset from the current time.

+ +

SEE ALSO

+ +

req(1), ca(1), genrsa(1), gendsa(1), verify(1), x509v3_config(5)

+ +

HISTORY

+ +

The hash algorithm used in the -subject_hash and -issuer_hash options before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding of the distinguished name. In OpenSSL 1.0.0 and later it is based on a canonical version of the DN using SHA1. This means that any directories using the old form must have their links rebuilt using c_rehash or similar.

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ADMISSIONS.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ADMISSIONS.html new file mode 100644 index 00000000..75b33cf0 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ADMISSIONS.html @@ -0,0 +1,120 @@ + + + + +ADMISSIONS + + + + + + + + + + +

NAME

+ +

ADMISSIONS, ADMISSIONS_get0_admissionAuthority, ADMISSIONS_get0_namingAuthority, ADMISSIONS_get0_professionInfos, ADMISSIONS_set0_admissionAuthority, ADMISSIONS_set0_namingAuthority, ADMISSIONS_set0_professionInfos, ADMISSION_SYNTAX, ADMISSION_SYNTAX_get0_admissionAuthority, ADMISSION_SYNTAX_get0_contentsOfAdmissions, ADMISSION_SYNTAX_set0_admissionAuthority, ADMISSION_SYNTAX_set0_contentsOfAdmissions, NAMING_AUTHORITY, NAMING_AUTHORITY_get0_authorityId, NAMING_AUTHORITY_get0_authorityURL, NAMING_AUTHORITY_get0_authorityText, NAMING_AUTHORITY_set0_authorityId, NAMING_AUTHORITY_set0_authorityURL, NAMING_AUTHORITY_set0_authorityText, PROFESSION_INFO, PROFESSION_INFOS, PROFESSION_INFO_get0_addProfessionInfo, PROFESSION_INFO_get0_namingAuthority, PROFESSION_INFO_get0_professionItems, PROFESSION_INFO_get0_professionOIDs, PROFESSION_INFO_get0_registrationNumber, PROFESSION_INFO_set0_addProfessionInfo, PROFESSION_INFO_set0_namingAuthority, PROFESSION_INFO_set0_professionItems, PROFESSION_INFO_set0_professionOIDs, PROFESSION_INFO_set0_registrationNumber - Accessors and settors for ADMISSION_SYNTAX

+ +

SYNOPSIS

+ +
typedef struct NamingAuthority_st NAMING_AUTHORITY;
+typedef struct ProfessionInfo_st PROFESSION_INFO;
+typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS;
+typedef struct Admissions_st ADMISSIONS;
+typedef struct AdmissionSyntax_st ADMISSION_SYNTAX;
+
+const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(
+    const NAMING_AUTHORITY *n);
+void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n,
+    ASN1_OBJECT* namingAuthorityId);
+const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(
+    const NAMING_AUTHORITY *n);
+void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n,
+    ASN1_IA5STRING* namingAuthorityUrl);
+const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(
+    const NAMING_AUTHORITY *n);
+void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n,
+    ASN1_STRING* namingAuthorityText);
+
+const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(
+    const ADMISSION_SYNTAX *as);
+void ADMISSION_SYNTAX_set0_admissionAuthority(
+    ADMISSION_SYNTAX *as, GENERAL_NAME *aa);
+const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(
+    const ADMISSION_SYNTAX *as);
+void ADMISSION_SYNTAX_set0_contentsOfAdmissions(
+    ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a);
+
+const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a);
+void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa);
+const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a);
+void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na);
+const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a);
+void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi);
+
+const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_addProfessionInfo(
+    PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos);
+const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_namingAuthority(
+    PROFESSION_INFO *pi, NAMING_AUTHORITY *na);
+const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_professionItems(
+    PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as);
+const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_professionOIDs(
+    PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po);
+const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_registrationNumber(
+    PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn);
+ +

DESCRIPTION

+ +

The PROFESSION_INFOS, ADMISSION_SYNTAX, ADMISSIONS, and PROFESSION_INFO types are opaque structures representing the analogous types defined in the Common PKI Specification published by https://www.t7ev.org. Knowledge of those structures and their semantics is assumed.

+ +

The conventional routines to convert between DER and the local format are described in d2i_X509(3). The conventional routines to allocate and free the types are defined in X509_dup(3).

+ +

The PROFESSION_INFOS type is a stack of PROFESSION_INFO; see DEFINE_STACK_OF(3) for details.

+ +

The NAMING_AUTHORITY type has an authority ID and URL, and text fields. The NAMING_AUTHORITY_get0_authorityId(), NAMING_AUTHORITY_get0_get0_authorityURL(), and NAMING_AUTHORITY_get0_get0_authorityText(), functions return pointers to those values within the object. The NAMING_AUTHORITY_set0_authorityId(), NAMING_AUTHORITY_set0_get0_authorityURL(), and NAMING_AUTHORITY_set0_get0_authorityText(), functions free any existing value and set the pointer to the specified value.

+ +

The ADMISSION_SYNTAX type has an authority name and a stack of ADMISSION objects. The ADMISSION_SYNTAX_get0_admissionAuthority() and ADMISSION_SYNTAX_get0_contentsOfAdmissions() functions return pointers to those values within the object. The ADMISSION_SYNTAX_set0_admissionAuthority() and ADMISSION_SYNTAX_set0_contentsOfAdmissions() functions free any existing value and set the pointer to the specified value.

+ +

The ADMISSION type has an authority name, authority object, and a stack of PROFESSION_INFO items. The ADMISSIONS_get0_admissionAuthority(), ADMISSIONS_get0_namingAuthority(), and ADMISSIONS_get0_professionInfos() functions return pointers to those values within the object. The ADMISSIONS_set0_admissionAuthority(), ADMISSIONS_set0_namingAuthority(), and ADMISSIONS_set0_professionInfos() functions free any existing value and set the pointer to the specified value.

+ +

The PROFESSION_INFO type has a name authority, stacks of profession Items and OIDs, a registration number, and additional profession info. The functions PROFESSION_INFO_get0_addProfessionInfo(), PROFESSION_INFO_get0_namingAuthority(), PROFESSION_INFO_get0_professionItems(), PROFESSION_INFO_get0_professionOIDs(), and PROFESSION_INFO_get0_registrationNumber() functions return pointers to those values within the object. The PROFESSION_INFO_set0_addProfessionInfo(), PROFESSION_INFO_set0_namingAuthority(), PROFESSION_INFO_set0_professionItems(), PROFESSION_INFO_set0_professionOIDs(), and PROFESSION_INFO_set0_registrationNumber() functions free any existing value and set the pointer to the specified value.

+ +

RETURN VALUES

+ +

Described above. Note that all of the get0 functions return a pointer to the internal data structure and must not be freed.

+ +

SEE ALSO

+ +

X509_dup(3), d2i_X509(3),

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_INTEGER_get_int64.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_INTEGER_get_int64.html new file mode 100644 index 00000000..9c7c7536 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_INTEGER_get_int64.html @@ -0,0 +1,116 @@ + + + + +ASN1_INTEGER_get_int64 + + + + + + + + + + +

NAME

+ +

ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN - ASN.1 INTEGER and ENUMERATED utilities

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a);
+long ASN1_INTEGER_get(const ASN1_INTEGER *a);
+
+int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r);
+int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v);
+
+int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a);
+int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r);
+
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
+
+int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a);
+long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
+
+int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r);
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn);
+ +

DESCRIPTION

+ +

These functions convert to and from ASN1_INTEGER and ASN1_ENUMERATED structures.

+ +

ASN1_INTEGER_get_int64() converts an ASN1_INTEGER into an int64_t type If successful it returns 1 and sets *pr to the value of a. If it fails (due to invalid type or the value being too big to fit into an int64_t type) it returns 0.

+ +

ASN1_INTEGER_get_uint64() is similar to ASN1_INTEGER_get_int64_t() except it converts to a uint64_t type and an error is returned if the passed integer is negative.

+ +

ASN1_INTEGER_get() also returns the value of a but it returns 0 if a is NULL and -1 on error (which is ambiguous because -1 is a legitimate value for an ASN1_INTEGER). New applications should use ASN1_INTEGER_get_int64() instead.

+ +

ASN1_INTEGER_set_int64() sets the value of ASN1_INTEGER a to the int64_t value r.

+ +

ASN1_INTEGER_set_uint64() sets the value of ASN1_INTEGER a to the uint64_t value r.

+ +

ASN1_INTEGER_set() sets the value of ASN1_INTEGER a to the long value v.

+ +

BN_to_ASN1_INTEGER() converts BIGNUM bn to an ASN1_INTEGER. If ai is NULL a new ASN1_INTEGER structure is returned. If ai is not NULL then the existing structure will be used instead.

+ +

ASN1_INTEGER_to_BN() converts ASN1_INTEGER ai into a BIGNUM. If bn is NULL a new BIGNUM structure is returned. If bn is not NULL then the existing structure will be used instead.

+ +

ASN1_ENUMERATED_get_int64(), ASN1_ENUMERATED_set_int64(), ASN1_ENUMERATED_set(), BN_to_ASN1_ENUMERATED() and ASN1_ENUMERATED_to_BN() behave in an identical way to their ASN1_INTEGER counterparts except they operate on an ASN1_ENUMERATED value.

+ +

ASN1_ENUMERATED_get() returns the value of a in a similar way to ASN1_INTEGER_get() but it returns 0xffffffffL if the value of a will not fit in a long type. New applications should use ASN1_ENUMERATED_get_int64() instead.

+ +

NOTES

+ +

In general an ASN1_INTEGER or ASN1_ENUMERATED type can contain an integer of almost arbitrary size and so cannot always be represented by a C int64_t type. However in many cases (for example version numbers) they represent small integers which can be more easily manipulated if converted to an appropriate C integer type.

+ +

BUGS

+ +

The ambiguous return values of ASN1_INTEGER_get() and ASN1_ENUMERATED_get() mean these functions should be avoided if possible. They are retained for compatibility. Normally the ambiguous return values are not legitimate values for the fields they represent.

+ +

RETURN VALUES

+ +

ASN1_INTEGER_set_int64(), ASN1_INTEGER_set(), ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_set() return 1 for success and 0 for failure. They will only fail if a memory allocation error occurs.

+ +

ASN1_INTEGER_get_int64() and ASN1_ENUMERATED_get_int64() return 1 for success and 0 for failure. They will fail if the passed type is incorrect (this will only happen if there is a programming error) or if the value exceeds the range of an int64_t type.

+ +

BN_to_ASN1_INTEGER() and BN_to_ASN1_ENUMERATED() return an ASN1_INTEGER or ASN1_ENUMERATED structure respectively or NULL if an error occurs. They will only fail due to a memory allocation error.

+ +

ASN1_INTEGER_to_BN() and ASN1_ENUMERATED_to_BN() return a BIGNUM structure of NULL if an error occurs. They can fail if the passed type is incorrect (due to programming error) or due to a memory allocation failure.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

HISTORY

+ +

ASN1_INTEGER_set_int64(), ASN1_INTEGER_get_int64(), ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_get_int64() were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_ITEM_lookup.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_ITEM_lookup.html new file mode 100644 index 00000000..3080e388 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_ITEM_lookup.html @@ -0,0 +1,59 @@ + + + + +ASN1_ITEM_lookup + + + + + + + + + + +

NAME

+ +

ASN1_ITEM_lookup, ASN1_ITEM_get - lookup ASN.1 structures

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+const ASN1_ITEM *ASN1_ITEM_lookup(const char *name);
+const ASN1_ITEM *ASN1_ITEM_get(size_t i);
+ +

DESCRIPTION

+ +

ASN1_ITEM_lookup() returns the ASN1_ITEM name.

+ +

ASN1_ITEM_get() returns the ASN1_ITEM with index i. This function returns NULL if the index i is out of range.

+ +

RETURN VALUES

+ +

ASN1_ITEM_lookup() and ASN1_ITEM_get() return a valid ASN1_ITEM structure or NULL if an error occurred.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_OBJECT_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_OBJECT_new.html new file mode 100644 index 00000000..6b9b0c30 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_OBJECT_new.html @@ -0,0 +1,68 @@ + + + + +ASN1_OBJECT_new + + + + + + + + + + +

NAME

+ +

ASN1_OBJECT_new, ASN1_OBJECT_free - object allocation functions

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+ASN1_OBJECT *ASN1_OBJECT_new(void);
+void ASN1_OBJECT_free(ASN1_OBJECT *a);
+ +

DESCRIPTION

+ +

The ASN1_OBJECT allocation routines, allocate and free an ASN1_OBJECT structure, which represents an ASN1 OBJECT IDENTIFIER.

+ +

ASN1_OBJECT_new() allocates and initializes an ASN1_OBJECT structure.

+ +

ASN1_OBJECT_free() frees up the ASN1_OBJECT structure a. If a is NULL, nothing is done.

+ +

NOTES

+ +

Although ASN1_OBJECT_new() allocates a new ASN1_OBJECT structure it is almost never used in applications. The ASN1 object utility functions such as OBJ_nid2obj() are used instead.

+ +

RETURN VALUES

+ +

If the allocation fails, ASN1_OBJECT_new() returns NULL and sets an error code that can be obtained by ERR_get_error(3). Otherwise it returns a pointer to the newly allocated structure.

+ +

ASN1_OBJECT_free() returns no value.

+ +

SEE ALSO

+ +

ERR_get_error(3), d2i_ASN1_OBJECT(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_STRING_TABLE_add.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_STRING_TABLE_add.html new file mode 100644 index 00000000..879c2bea --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_STRING_TABLE_add.html @@ -0,0 +1,82 @@ + + + + +ASN1_STRING_TABLE_add + + + + + + + + + + +

NAME

+ +

ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, ASN1_STRING_TABLE_cleanup - ASN1_STRING_TABLE manipulation functions

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+typedef struct asn1_string_table_st ASN1_STRING_TABLE;
+
+int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize,
+                          unsigned long mask, unsigned long flags);
+ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid);
+void ASN1_STRING_TABLE_cleanup(void);
+ +

DESCRIPTION

+ +

Types

+ +

ASN1_STRING_TABLE is a table which holds string information (basically minimum size, maximum size, type and etc) for a NID object.

+ +

Functions

+ +

ASN1_STRING_TABLE_add() adds a new ASN1_STRING_TABLE item into the local ASN1 string table based on the nid along with other parameters.

+ +

If the item is already in the table, fields of ASN1_STRING_TABLE are updated (depending on the values of those parameters, e.g., minsize and maxsize >= 0, mask and flags != 0). If the nid is standard, a copy of the standard ASN1_STRING_TABLE is created and updated with other parameters.

+ +

ASN1_STRING_TABLE_get() searches for an ASN1_STRING_TABLE item based on nid. It will search the local table first, then the standard one.

+ +

ASN1_STRING_TABLE_cleanup() frees all ASN1_STRING_TABLE items added by ASN1_STRING_TABLE_add().

+ +

RETURN VALUES

+ +

ASN1_STRING_TABLE_add() returns 1 on success, 0 if an error occurred.

+ +

ASN1_STRING_TABLE_get() returns a valid ASN1_STRING_TABLE structure or NULL if nothing is found.

+ +

ASN1_STRING_TABLE_cleanup() does not return a value.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_STRING_length.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_STRING_length.html new file mode 100644 index 00000000..9aaa61c5 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_STRING_length.html @@ -0,0 +1,107 @@ + + + + +ASN1_STRING_length + + + + + + + + + + +

NAME

+ +

ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data, ASN1_STRING_to_UTF8 - ASN1_STRING utility functions

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+int ASN1_STRING_length(ASN1_STRING *x);
+const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x);
+unsigned char * ASN1_STRING_data(ASN1_STRING *x);
+
+ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a);
+
+int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+
+int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+
+int ASN1_STRING_type(const ASN1_STRING *x);
+
+int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
+ +

DESCRIPTION

+ +

These functions allow an ASN1_STRING structure to be manipulated.

+ +

ASN1_STRING_length() returns the length of the content of x.

+ +

ASN1_STRING_get0_data() returns an internal pointer to the data of x. Since this is an internal pointer it should not be freed or modified in any way.

+ +

ASN1_STRING_data() is similar to ASN1_STRING_get0_data() except the returned value is not constant. This function is deprecated: applications should use ASN1_STRING_get0_data() instead.

+ +

ASN1_STRING_dup() returns a copy of the structure a.

+ +

ASN1_STRING_cmp() compares a and b returning 0 if the two are identical. The string types and content are compared.

+ +

ASN1_STRING_set() sets the data of string str to the buffer data or length len. The supplied data is copied. If len is -1 then the length is determined by strlen(data).

+ +

ASN1_STRING_type() returns the type of x, using standard constants such as V_ASN1_OCTET_STRING.

+ +

ASN1_STRING_to_UTF8() converts the string in to UTF8 format, the converted data is allocated in a buffer in *out. The length of out is returned or a negative error code. The buffer *out should be freed using OPENSSL_free().

+ +

NOTES

+ +

Almost all ASN1 types in OpenSSL are represented as an ASN1_STRING structure. Other types such as ASN1_OCTET_STRING are simply typedef'ed to ASN1_STRING and the functions call the ASN1_STRING equivalents. ASN1_STRING is also used for some CHOICE types which consist entirely of primitive string types such as DirectoryString and Time.

+ +

These functions should not be used to examine or modify ASN1_INTEGER or ASN1_ENUMERATED types: the relevant INTEGER or ENUMERATED utility functions should be used instead.

+ +

In general it cannot be assumed that the data returned by ASN1_STRING_data() is null terminated or does not contain embedded nulls. The actual format of the data will depend on the actual string type itself: for example for an IA5String the data will be ASCII, for a BMPString two bytes per character in big endian format, and for an UTF8String it will be in UTF8 format.

+ +

Similar care should be take to ensure the data is in the correct format when calling ASN1_STRING_set().

+ +

RETURN VALUES

+ +

ASN1_STRING_length() returns the length of the content of x.

+ +

ASN1_STRING_get0_data() and ASN1_STRING_data() return an internal pointer to the data of x.

+ +

ASN1_STRING_dup() returns a valid ASN1_STRING structure or NULL if an error occurred.

+ +

ASN1_STRING_cmp() returns an integer greater than, equal to, or less than 0, according to whether a is greater than, equal to, or less than b.

+ +

ASN1_STRING_set() returns 1 on success or 0 on error.

+ +

ASN1_STRING_type() returns the type of x.

+ +

ASN1_STRING_to_UTF8() returns the number of bytes in output string out or a negative value if an error occurred.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_STRING_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_STRING_new.html new file mode 100644 index 00000000..4e006e50 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_STRING_new.html @@ -0,0 +1,69 @@ + + + + +ASN1_STRING_new + + + + + + + + + + +

NAME

+ +

ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free - ASN1_STRING allocation functions

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+ASN1_STRING * ASN1_STRING_new(void);
+ASN1_STRING * ASN1_STRING_type_new(int type);
+void ASN1_STRING_free(ASN1_STRING *a);
+ +

DESCRIPTION

+ +

ASN1_STRING_new() returns an allocated ASN1_STRING structure. Its type is undefined.

+ +

ASN1_STRING_type_new() returns an allocated ASN1_STRING structure of type type.

+ +

ASN1_STRING_free() frees up a. If a is NULL nothing is done.

+ +

NOTES

+ +

Other string types call the ASN1_STRING functions. For example ASN1_OCTET_STRING_new() calls ASN1_STRING_type(V_ASN1_OCTET_STRING).

+ +

RETURN VALUES

+ +

ASN1_STRING_new() and ASN1_STRING_type_new() return a valid ASN1_STRING structure or NULL if an error occurred.

+ +

ASN1_STRING_free() does not return a value.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_STRING_print_ex.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_STRING_print_ex.html new file mode 100644 index 00000000..afe4abff --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_STRING_print_ex.html @@ -0,0 +1,103 @@ + + + + +ASN1_STRING_print_ex + + + + + + + + + + +

NAME

+ +

ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print - ASN1_STRING output routines

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags);
+int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags);
+int ASN1_STRING_print(BIO *out, const ASN1_STRING *str);
+
+const char *ASN1_tag2str(int tag);
+ +

DESCRIPTION

+ +

These functions output an ASN1_STRING structure. ASN1_STRING is used to represent all the ASN1 string types.

+ +

ASN1_STRING_print_ex() outputs str to out, the format is determined by the options flags. ASN1_STRING_print_ex_fp() is identical except it outputs to fp instead.

+ +

ASN1_STRING_print() prints str to out but using a different format to ASN1_STRING_print_ex(). It replaces unprintable characters (other than CR, LF) with '.'.

+ +

ASN1_tag2str() returns a human-readable name of the specified ASN.1 tag.

+ +

NOTES

+ +

ASN1_STRING_print() is a deprecated function which should be avoided; use ASN1_STRING_print_ex() instead.

+ +

Although there are a large number of options frequently ASN1_STRFLGS_RFC2253 is suitable, or on UTF8 terminals ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB.

+ +

The complete set of supported options for flags is listed below.

+ +

Various characters can be escaped. If ASN1_STRFLGS_ESC_2253 is set the characters determined by RFC2253 are escaped. If ASN1_STRFLGS_ESC_CTRL is set control characters are escaped. If ASN1_STRFLGS_ESC_MSB is set characters with the MSB set are escaped: this option should not be used if the terminal correctly interprets UTF8 sequences.

+ +

Escaping takes several forms.

+ +

If the character being escaped is a 16 bit character then the form "\UXXXX" is used using exactly four characters for the hex representation. If it is 32 bits then "\WXXXXXXXX" is used using eight characters of its hex representation. These forms will only be used if UTF8 conversion is not set (see below).

+ +

Printable characters are normally escaped using the backslash '\' character. If ASN1_STRFLGS_ESC_QUOTE is set then the whole string is instead surrounded by double quote characters: this is arguably more readable than the backslash notation. Other characters use the "\XX" using exactly two characters of the hex representation.

+ +

If ASN1_STRFLGS_UTF8_CONVERT is set then characters are converted to UTF8 format first. If the terminal supports the display of UTF8 sequences then this option will correctly display multi byte characters.

+ +

If ASN1_STRFLGS_IGNORE_TYPE is set then the string type is not interpreted at all: everything is assumed to be one byte per character. This is primarily for debugging purposes and can result in confusing output in multi character strings.

+ +

If ASN1_STRFLGS_SHOW_TYPE is set then the string type itself is printed out before its value (for example "BMPSTRING"), this actually uses ASN1_tag2str().

+ +

The content of a string instead of being interpreted can be "dumped": this just outputs the value of the string using the form #XXXX using hex format for each octet.

+ +

If ASN1_STRFLGS_DUMP_ALL is set then any type is dumped.

+ +

Normally non character string types (such as OCTET STRING) are assumed to be one byte per character, if ASN1_STRFLGS_DUMP_UNKNOWN is set then they will be dumped instead.

+ +

When a type is dumped normally just the content octets are printed, if ASN1_STRFLGS_DUMP_DER is set then the complete encoding is dumped instead (including tag and length octets).

+ +

ASN1_STRFLGS_RFC2253 includes all the flags required by RFC2253. It is equivalent to: ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER

+ +

RETURN VALUES

+ +

ASN1_STRING_print_ex() and ASN1_STRING_print_ex_fp() return the number of characters written or -1 if an error occurred.

+ +

ASN1_STRING_print() returns 1 on success or 0 on error.

+ +

ASN1_tag2str() returns a human-readable name of the specified ASN.1 tag.

+ +

SEE ALSO

+ +

X509_NAME_print_ex(3), ASN1_tag2str(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_TIME_set.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_TIME_set.html new file mode 100644 index 00000000..81f883b8 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_TIME_set.html @@ -0,0 +1,190 @@ + + + + +ASN1_TIME_set + + + + + + + + + + +

NAME

+ +

ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, ASN1_TIME_adj, ASN1_UTCTIME_adj, ASN1_GENERALIZEDTIME_adj, ASN1_TIME_check, ASN1_UTCTIME_check, ASN1_GENERALIZEDTIME_check, ASN1_TIME_set_string, ASN1_UTCTIME_set_string, ASN1_GENERALIZEDTIME_set_string, ASN1_TIME_set_string_X509, ASN1_TIME_normalize, ASN1_TIME_to_tm, ASN1_TIME_print, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, ASN1_TIME_diff, ASN1_TIME_cmp_time_t, ASN1_UTCTIME_cmp_time_t, ASN1_TIME_compare, ASN1_TIME_to_generalizedtime - ASN.1 Time functions

+ +

SYNOPSIS

+ +
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+                                               time_t t);
+
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day,
+                         long offset_sec);
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                               int offset_day, long offset_sec);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+                                               time_t t, int offset_day,
+                                               long offset_sec);
+
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
+int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s,
+                                    const char *str);
+
+int ASN1_TIME_normalize(ASN1_TIME *s);
+
+int ASN1_TIME_check(const ASN1_TIME *t);
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *t);
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *t);
+
+int ASN1_TIME_print(BIO *b, const ASN1_TIME *s);
+int ASN1_UTCTIME_print(BIO *b, const ASN1_UTCTIME *s);
+int ASN1_GENERALIZEDTIME_print(BIO *b, const ASN1_GENERALIZEDTIME *s);
+
+int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm);
+int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from,
+                   const ASN1_TIME *to);
+
+int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t);
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+
+int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b);
+
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
+                                                   ASN1_GENERALIZEDTIME **out);
+ +

DESCRIPTION

+ +

The ASN1_TIME_set(), ASN1_UTCTIME_set() and ASN1_GENERALIZEDTIME_set() functions set the structure s to the time represented by the time_t value t. If s is NULL a new time structure is allocated and returned.

+ +

The ASN1_TIME_adj(), ASN1_UTCTIME_adj() and ASN1_GENERALIZEDTIME_adj() functions set the time structure s to the time represented by the time offset_day and offset_sec after the time_t value t. The values of offset_day or offset_sec can be negative to set a time before t. The offset_sec value can also exceed the number of seconds in a day. If s is NULL a new structure is allocated and returned.

+ +

The ASN1_TIME_set_string(), ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() functions set the time structure s to the time represented by string str which must be in appropriate ASN.1 time format (for example YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ). If s is NULL this function performs a format check on str only. The string str is copied into s.

+ +

ASN1_TIME_set_string_X509() sets ASN1_TIME structure s to the time represented by string str which must be in appropriate time format that RFC 5280 requires, which means it only allows YYMMDDHHMMSSZ and YYYYMMDDHHMMSSZ (leap second is rejected), all other ASN.1 time format are not allowed. If s is NULL this function performs a format check on str only.

+ +

The ASN1_TIME_normalize() function converts an ASN1_GENERALIZEDTIME or ASN1_UTCTIME into a time value that can be used in a certificate. It should be used after the ASN1_TIME_set_string() functions and before ASN1_TIME_print() functions to get consistent (i.e. GMT) results.

+ +

The ASN1_TIME_check(), ASN1_UTCTIME_check() and ASN1_GENERALIZEDTIME_check() functions check the syntax of the time structure s.

+ +

The ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() functions print the time structure s to BIO b in human readable format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example "Feb 3 00:55:52 2015 GMT" it does not include a newline. If the time structure has invalid format it prints out "Bad time value" and returns an error. The output for generalized time may include a fractional part following the second.

+ +

ASN1_TIME_to_tm() converts the time s to the standard tm structure. If s is NULL, then the current time is converted. The output time is GMT. The tm_sec, tm_min, tm_hour, tm_mday, tm_wday, tm_yday, tm_mon and tm_year fields of tm structure are set to proper values, whereas all other fields are set to 0. If tm is NULL this function performs a format check on s only. If s is in Generalized format with fractional seconds, e.g. YYYYMMDDHHMMSS.SSSZ, the fractional seconds will be lost while converting s to tm structure.

+ +

ASN1_TIME_diff() sets *pday and *psec to the time difference between from and to. If to represents a time later than from then one or both (depending on the time difference) of *pday and *psec will be positive. If to represents a time earlier than from then one or both of *pday and *psec will be negative. If to and from represent the same time then *pday and *psec will both be zero. If both *pday and *psec are non-zero they will always have the same sign. The value of *psec will always be less than the number of seconds in a day. If from or to is NULL the current time is used.

+ +

The ASN1_TIME_cmp_time_t() and ASN1_UTCTIME_cmp_time_t() functions compare the two times represented by the time structure s and the time_t t.

+ +

The ASN1_TIME_compare() function compares the two times represented by the time structures a and b.

+ +

The ASN1_TIME_to_generalizedtime() function converts an ASN1_TIME to an ASN1_GENERALIZEDTIME, regardless of year. If either out or *out are NULL, then a new object is allocated and must be freed after use.

+ +

NOTES

+ +

The ASN1_TIME structure corresponds to the ASN.1 structure Time defined in RFC5280 et al. The time setting functions obey the rules outlined in RFC5280: if the date can be represented by UTCTime it is used, else GeneralizedTime is used.

+ +

The ASN1_TIME, ASN1_UTCTIME and ASN1_GENERALIZEDTIME structures are represented as an ASN1_STRING internally and can be freed up using ASN1_STRING_free().

+ +

The ASN1_TIME structure can represent years from 0000 to 9999 but no attempt is made to correct ancient calendar changes (for example from Julian to Gregorian calendars).

+ +

ASN1_UTCTIME is limited to a year range of 1950 through 2049.

+ +

Some applications add offset times directly to a time_t value and pass the results to ASN1_TIME_set() (or equivalent). This can cause problems as the time_t value can overflow on some systems resulting in unexpected results. New applications should use ASN1_TIME_adj() instead and pass the offset value in the offset_sec and offset_day parameters instead of directly manipulating a time_t value.

+ +

ASN1_TIME_adj() may change the type from ASN1_GENERALIZEDTIME to ASN1_UTCTIME, or vice versa, based on the resulting year. The ASN1_GENERALIZEDTIME_adj() and ASN1_UTCTIME_adj() functions will not modify the type of the return structure.

+ +

It is recommended that functions starting with ASN1_TIME be used instead of those starting with ASN1_UTCTIME or ASN1_GENERALIZEDTIME. The functions starting with ASN1_UTCTIME and ASN1_GENERALIZEDTIME act only on that specific time format. The functions starting with ASN1_TIME will operate on either format.

+ +

BUGS

+ +

ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() do not print out the time zone: it either prints out "GMT" or nothing. But all certificates complying with RFC5280 et al use GMT anyway.

+ +

Use the ASN1_TIME_normalize() function to normalize the time value before printing to get GMT results.

+ +

RETURN VALUES

+ +

ASN1_TIME_set(), ASN1_UTCTIME_set(), ASN1_GENERALIZEDTIME_set(), ASN1_TIME_adj(), ASN1_UTCTIME_adj and ASN1_GENERALIZEDTIME_set return a pointer to a time structure or NULL if an error occurred.

+ +

ASN1_TIME_set_string(), ASN1_UTCTIME_set_string(), ASN1_GENERALIZEDTIME_set_string() ASN1_TIME_set_string_X509() return 1 if the time value is successfully set and 0 otherwise.

+ +

ASN1_TIME_normalize() returns 1 on success, and 0 on error.

+ +

ASN1_TIME_check(), ASN1_UTCTIME_check and ASN1_GENERALIZEDTIME_check() return 1 if the structure is syntactically correct and 0 otherwise.

+ +

ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() return 1 if the time is successfully printed out and 0 if an error occurred (I/O error or invalid time format).

+ +

ASN1_TIME_to_tm() returns 1 if the time is successfully parsed and 0 if an error occurred (invalid time format).

+ +

ASN1_TIME_diff() returns 1 for success and 0 for failure. It can fail if the passed-in time structure has invalid syntax, for example.

+ +

ASN1_TIME_cmp_time_t() and ASN1_UTCTIME_cmp_time_t() return -1 if s is before t, 0 if s equals t, or 1 if s is after t. -2 is returned on error.

+ +

ASN1_TIME_compare() returns -1 if a is before b, 0 if a equals b, or 1 if a is after b. -2 is returned on error.

+ +

ASN1_TIME_to_generalizedtime() returns a pointer to the appropriate time structure on success or NULL if an error occurred.

+ +

EXAMPLES

+ +

Set a time structure to one hour after the current time and print it out:

+ +
#include <time.h>
+#include <openssl/asn1.h>
+
+ASN1_TIME *tm;
+time_t t;
+BIO *b;
+
+t = time(NULL);
+tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60);
+b = BIO_new_fp(stdout, BIO_NOCLOSE);
+ASN1_TIME_print(b, tm);
+ASN1_STRING_free(tm);
+BIO_free(b);
+ +

Determine if one time is later or sooner than the current time:

+ +
int day, sec;
+
+if (!ASN1_TIME_diff(&day, &sec, NULL, to))
+    /* Invalid time format */
+
+if (day > 0 || sec > 0)
+    printf("Later\n");
+else if (day < 0 || sec < 0)
+    printf("Sooner\n");
+else
+    printf("Same\n");
+ +

HISTORY

+ +

The ASN1_TIME_to_tm() function was added in OpenSSL 1.1.1. The ASN1_TIME_set_string_X509() function was added in OpenSSL 1.1.1. The ASN1_TIME_normalize() function was added in OpenSSL 1.1.1. The ASN1_TIME_cmp_time_t() function was added in OpenSSL 1.1.1. The ASN1_TIME_compare() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_TYPE_get.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_TYPE_get.html new file mode 100644 index 00000000..f2526bc3 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_TYPE_get.html @@ -0,0 +1,89 @@ + + + + +ASN1_TYPE_get + + + + + + + + + + +

NAME

+ +

ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_sequence, ASN1_TYPE_pack_sequence - ASN1_TYPE utility functions

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+int ASN1_TYPE_get(const ASN1_TYPE *a);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
+
+void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t);
+ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s,
+                                   ASN1_TYPE **t);
+ +

DESCRIPTION

+ +

These functions allow an ASN1_TYPE structure to be manipulated. The ASN1_TYPE structure can contain any ASN.1 type or constructed type such as a SEQUENCE: it is effectively equivalent to the ASN.1 ANY type.

+ +

ASN1_TYPE_get() returns the type of a.

+ +

ASN1_TYPE_set() sets the value of a to type and value. This function uses the pointer value internally so it must not be freed up after the call.

+ +

ASN1_TYPE_set1() sets the value of a to type a copy of value.

+ +

ASN1_TYPE_cmp() compares ASN.1 types a and b and returns 0 if they are identical and non-zero otherwise.

+ +

ASN1_TYPE_unpack_sequence() attempts to parse the SEQUENCE present in t using the ASN.1 structure it. If successful it returns a pointer to the ASN.1 structure corresponding to it which must be freed by the caller. If it fails it return NULL.

+ +

ASN1_TYPE_pack_sequence() attempts to encode the ASN.1 structure s corresponding to it into an ASN1_TYPE. If successful the encoded ASN1_TYPE is returned. If t and *t are not NULL the encoded type is written to t overwriting any existing data. If t is not NULL but *t is NULL the returned ASN1_TYPE is written to *t.

+ +

NOTES

+ +

The type and meaning of the value parameter for ASN1_TYPE_set() and ASN1_TYPE_set1() is determined by the type parameter. If type is V_ASN1_NULL value is ignored. If type is V_ASN1_BOOLEAN then the boolean is set to TRUE if value is not NULL. If type is V_ASN1_OBJECT then value is an ASN1_OBJECT structure. Otherwise type is and ASN1_STRING structure. If type corresponds to a primitive type (or a string type) then the contents of the ASN1_STRING contain the content octets of the type. If type corresponds to a constructed type or a tagged type (V_ASN1_SEQUENCE, V_ASN1_SET or V_ASN1_OTHER) then the ASN1_STRING contains the entire ASN.1 encoding verbatim (including tag and length octets).

+ +

ASN1_TYPE_cmp() may not return zero if two types are equivalent but have different encodings. For example the single content octet of the boolean TRUE value under BER can have any non-zero encoding but ASN1_TYPE_cmp() will only return zero if the values are the same.

+ +

If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the return value is non-zero. Technically if both parameters are NULL the two types could be absent OPTIONAL fields and so should match, however passing NULL values could also indicate a programming error (for example an unparsable type which returns NULL) for types which do not match. So applications should handle the case of two absent values separately.

+ +

RETURN VALUES

+ +

ASN1_TYPE_get() returns the type of the ASN1_TYPE argument.

+ +

ASN1_TYPE_set() does not return a value.

+ +

ASN1_TYPE_set1() returns 1 for success and 0 for failure.

+ +

ASN1_TYPE_cmp() returns 0 if the types are identical and non-zero otherwise.

+ +

ASN1_TYPE_unpack_sequence() returns a pointer to an ASN.1 structure or NULL on failure.

+ +

ASN1_TYPE_pack_sequence() return an ASN1_TYPE structure if it succeeds or NULL on failure.

+ +

COPYRIGHT

+ +

Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_generate_nconf.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_generate_nconf.html new file mode 100644 index 00000000..faee7086 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASN1_generate_nconf.html @@ -0,0 +1,274 @@ + + + + +ASN1_generate_nconf + + + + + + + + + + +

NAME

+ +

ASN1_generate_nconf, ASN1_generate_v3 - ASN1 generation functions

+ +

SYNOPSIS

+ +
#include <openssl/asn1.h>
+
+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
+ +

DESCRIPTION

+ +

These functions generate the ASN1 encoding of a string in an ASN1_TYPE structure.

+ +

str contains the string to encode nconf or cnf contains the optional configuration information where additional strings will be read from. nconf will typically come from a config file whereas cnf is obtained from an X509V3_CTX structure which will typically be used by X509 v3 certificate extension functions. cnf or nconf can be set to NULL if no additional configuration will be used.

+ +

GENERATION STRING FORMAT

+ +

The actual data encoded is determined by the string str and the configuration information. The general format of the string is:

+ +
+ +
[modifier,]type[:value]
+
+ +
+
+ +

That is zero or more comma separated modifiers followed by a type followed by an optional colon and a value. The formats of type, value and modifier are explained below.

+ +

Supported Types

+ +

The supported types are listed below. Unless otherwise specified only the ASCII format is permissible.

+ +
+ +
BOOLEAN, BOOL
+
+ +

This encodes a boolean type. The value string is mandatory and should be TRUE or FALSE. Additionally TRUE, true, Y, y, YES, yes, FALSE, false, N, n, NO and no are acceptable.

+ +
+
NULL
+
+ +

Encode the NULL type, the value string must not be present.

+ +
+
INTEGER, INT
+
+ +

Encodes an ASN1 INTEGER type. The value string represents the value of the integer, it can be prefaced by a minus sign and is normally interpreted as a decimal value unless the prefix 0x is included.

+ +
+
ENUMERATED, ENUM
+
+ +

Encodes the ASN1 ENUMERATED type, it is otherwise identical to INTEGER.

+ +
+
OBJECT, OID
+
+ +

Encodes an ASN1 OBJECT IDENTIFIER, the value string can be a short name, a long name or numerical format.

+ +
+
UTCTIME, UTC
+
+ +

Encodes an ASN1 UTCTime structure, the value should be in the format YYMMDDHHMMSSZ.

+ +
+
GENERALIZEDTIME, GENTIME
+
+ +

Encodes an ASN1 GeneralizedTime structure, the value should be in the format YYYYMMDDHHMMSSZ.

+ +
+
OCTETSTRING, OCT
+
+ +

Encodes an ASN1 OCTET STRING. value represents the contents of this structure, the format strings ASCII and HEX can be used to specify the format of value.

+ +
+
BITSTRING, BITSTR
+
+ +

Encodes an ASN1 BIT STRING. value represents the contents of this structure, the format strings ASCII, HEX and BITLIST can be used to specify the format of value.

+ +

If the format is anything other than BITLIST the number of unused bits is set to zero.

+ +
+
UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC
+
+ +

These encode the corresponding string types. value represents the contents of this structure. The format can be ASCII or UTF8.

+ +
+
SEQUENCE, SEQ, SET
+
+ +

Formats the result as an ASN1 SEQUENCE or SET type. value should be a section name which will contain the contents. The field names in the section are ignored and the values are in the generated string format. If value is absent then an empty SEQUENCE will be encoded.

+ +
+
+ +

Modifiers

+ +

Modifiers affect the following structure, they can be used to add EXPLICIT or IMPLICIT tagging, add wrappers or to change the string format of the final type and value. The supported formats are documented below.

+ +
+ +
EXPLICIT, EXP
+
+ +

Add an explicit tag to the following structure. This string should be followed by a colon and the tag value to use as a decimal value.

+ +

By following the number with U, A, P or C UNIVERSAL, APPLICATION, PRIVATE or CONTEXT SPECIFIC tagging can be used, the default is CONTEXT SPECIFIC.

+ +
+
IMPLICIT, IMP
+
+ +

This is the same as EXPLICIT except IMPLICIT tagging is used instead.

+ +
+
OCTWRAP, SEQWRAP, SETWRAP, BITWRAP
+
+ +

The following structure is surrounded by an OCTET STRING, a SEQUENCE, a SET or a BIT STRING respectively. For a BIT STRING the number of unused bits is set to zero.

+ +
+
FORMAT
+
+ +

This specifies the format of the ultimate value. It should be followed by a colon and one of the strings ASCII, UTF8, HEX or BITLIST.

+ +

If no format specifier is included then ASCII is used. If UTF8 is specified then the value string must be a valid UTF8 string. For HEX the output must be a set of hex digits. BITLIST (which is only valid for a BIT STRING) is a comma separated list of the indices of the set bits, all other bits are zero.

+ +
+
+ +

RETURN VALUES

+ +

ASN1_generate_nconf() and ASN1_generate_v3() return the encoded data as an ASN1_TYPE structure or NULL if an error occurred.

+ +

The error codes that can be obtained by ERR_get_error(3).

+ +

EXAMPLES

+ +

A simple IA5String:

+ +
IA5STRING:Hello World
+ +

An IA5String explicitly tagged:

+ +
EXPLICIT:0,IA5STRING:Hello World
+ +

An IA5String explicitly tagged using APPLICATION tagging:

+ +
EXPLICIT:0A,IA5STRING:Hello World
+ +

A BITSTRING with bits 1 and 5 set and all others zero:

+ +
FORMAT:BITLIST,BITSTRING:1,5
+ +

A more complex example using a config file to produce a SEQUENCE consisting of a BOOL an OID and a UTF8String:

+ +
asn1 = SEQUENCE:seq_section
+
+[seq_section]
+
+field1 = BOOLEAN:TRUE
+field2 = OID:commonName
+field3 = UTF8:Third field
+ +

This example produces an RSAPrivateKey structure, this is the key contained in the file client.pem in all OpenSSL distributions (note: the field names such as 'coeff' are ignored and are present just for clarity):

+ +
asn1=SEQUENCE:private_key
+[private_key]
+version=INTEGER:0
+
+n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
+D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
+
+e=INTEGER:0x010001
+
+d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\
+F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D
+
+p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\
+D4BD57
+
+q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\
+46EC4F
+
+exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\
+9C0A39B9
+
+exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\
+E7B2458F
+
+coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\
+628657053A
+ +

This example is the corresponding public key in a SubjectPublicKeyInfo structure:

+ +
# Start with a SEQUENCE
+asn1=SEQUENCE:pubkeyinfo
+
+# pubkeyinfo contains an algorithm identifier and the public key wrapped
+# in a BIT STRING
+[pubkeyinfo]
+algorithm=SEQUENCE:rsa_alg
+pubkey=BITWRAP,SEQUENCE:rsapubkey
+
+# algorithm ID for RSA is just an OID and a NULL
+[rsa_alg]
+algorithm=OID:rsaEncryption
+parameter=NULL
+
+# Actual public key: modulus and exponent
+[rsapubkey]
+n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
+D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
+
+e=INTEGER:0x010001
+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ASYNC_WAIT_CTX_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASYNC_WAIT_CTX_new.html new file mode 100644 index 00000000..fc33210b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASYNC_WAIT_CTX_new.html @@ -0,0 +1,96 @@ + + + + +ASYNC_WAIT_CTX_new + + + + + + + + + + +

NAME

+ +

ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd - functions to manage waiting for asynchronous jobs to complete

+ +

SYNOPSIS

+ +
#include <openssl/async.h>
+
+ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void);
+void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx);
+int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                               OSSL_ASYNC_FD fd,
+                               void *custom_data,
+                               void (*cleanup)(ASYNC_WAIT_CTX *, const void *,
+                                               OSSL_ASYNC_FD, void *));
+int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                          OSSL_ASYNC_FD *fd, void **custom_data);
+int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
+                               size_t *numfds);
+int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
+                                   size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                   size_t *numdelfds);
+int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
+ +

DESCRIPTION

+ +

For an overview of how asynchronous operations are implemented in OpenSSL see ASYNC_start_job(3). An ASYNC_WAIT_CTX object represents an asynchronous "session", i.e. a related set of crypto operations. For example in SSL terms this would have a one-to-one correspondence with an SSL connection.

+ +

Application code must create an ASYNC_WAIT_CTX using the ASYNC_WAIT_CTX_new() function prior to calling ASYNC_start_job() (see ASYNC_start_job(3)). When the job is started it is associated with the ASYNC_WAIT_CTX for the duration of that job. An ASYNC_WAIT_CTX should only be used for one ASYNC_JOB at any one time, but can be reused after an ASYNC_JOB has finished for a subsequent ASYNC_JOB. When the session is complete (e.g. the SSL connection is closed), application code cleans up with ASYNC_WAIT_CTX_free().

+ +

ASYNC_WAIT_CTXs can have "wait" file descriptors associated with them. Calling ASYNC_WAIT_CTX_get_all_fds() and passing in a pointer to an ASYNC_WAIT_CTX in the ctx parameter will return the wait file descriptors associated with that job in *fd. The number of file descriptors returned will be stored in *numfds. It is the caller's responsibility to ensure that sufficient memory has been allocated in *fd to receive all the file descriptors. Calling ASYNC_WAIT_CTX_get_all_fds() with a NULL fd value will return no file descriptors but will still populate *numfds. Therefore application code is typically expected to call this function twice: once to get the number of fds, and then again when sufficient memory has been allocated. If only one asynchronous engine is being used then normally this call will only ever return one fd. If multiple asynchronous engines are being used then more could be returned.

+ +

The function ASYNC_WAIT_CTX_get_changed_fds() can be used to detect if any fds have changed since the last call time ASYNC_start_job() returned an ASYNC_PAUSE result (or since the ASYNC_WAIT_CTX was created if no ASYNC_PAUSE result has been received). The numaddfds and numdelfds parameters will be populated with the number of fds added or deleted respectively. *addfd and *delfd will be populated with the list of added and deleted fds respectively. Similarly to ASYNC_WAIT_CTX_get_all_fds() either of these can be NULL, but if they are not NULL then the caller is responsible for ensuring sufficient memory is allocated.

+ +

Implementors of async aware code (e.g. engines) are encouraged to return a stable fd for the lifetime of the ASYNC_WAIT_CTX in order to reduce the "churn" of regularly changing fds - although no guarantees of this are provided to applications.

+ +

Applications can wait for the file descriptor to be ready for "read" using a system function call such as select or poll (being ready for "read" indicates that the job should be resumed). If no file descriptor is made available then an application will have to periodically "poll" the job by attempting to restart it to see if it is ready to continue.

+ +

Async aware code (e.g. engines) can get the current ASYNC_WAIT_CTX from the job via ASYNC_get_wait_ctx(3) and provide a file descriptor to use for waiting on by calling ASYNC_WAIT_CTX_set_wait_fd(). Typically this would be done by an engine immediately prior to calling ASYNC_pause_job() and not by end user code. An existing association with a file descriptor can be obtained using ASYNC_WAIT_CTX_get_fd() and cleared using ASYNC_WAIT_CTX_clear_fd(). Both of these functions requires a key value which is unique to the async aware code. This could be any unique value but a good candidate might be the ENGINE * for the engine. The custom_data parameter can be any value, and will be returned in a subsequent call to ASYNC_WAIT_CTX_get_fd(). The ASYNC_WAIT_CTX_set_wait_fd() function also expects a pointer to a "cleanup" routine. This can be NULL but if provided will automatically get called when the ASYNC_WAIT_CTX is freed, and gives the engine the opportunity to close the fd or any other resources. Note: The "cleanup" routine does not get called if the fd is cleared directly via a call to ASYNC_WAIT_CTX_clear_fd().

+ +

An example of typical usage might be an async capable engine. User code would initiate cryptographic operations. The engine would initiate those operations asynchronously and then call ASYNC_WAIT_CTX_set_wait_fd() followed by ASYNC_pause_job() to return control to the user code. The user code can then perform other tasks or wait for the job to be ready by calling "select" or other similar function on the wait file descriptor. The engine can signal to the user code that the job should be resumed by making the wait file descriptor "readable". Once resumed the engine should clear the wake signal on the wait file descriptor.

+ +

RETURN VALUES

+ +

ASYNC_WAIT_CTX_new() returns a pointer to the newly allocated ASYNC_WAIT_CTX or NULL on error.

+ +

ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, ASYNC_WAIT_CTX_get_changed_fds and ASYNC_WAIT_CTX_clear_fd all return 1 on success or 0 on error.

+ +

NOTES

+ +

On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore it is defined as an application developer's responsibility to include windows.h prior to async.h.

+ +

SEE ALSO

+ +

crypto(7), ASYNC_start_job(3)

+ +

HISTORY

+ +

ASYNC_WAIT_CTX_new(), ASYNC_WAIT_CTX_free(), ASYNC_WAIT_CTX_set_wait_fd(), ASYNC_WAIT_CTX_get_fd(), ASYNC_WAIT_CTX_get_all_fds(), ASYNC_WAIT_CTX_get_changed_fds() and ASYNC_WAIT_CTX_clear_fd() were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ASYNC_start_job.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASYNC_start_job.html new file mode 100644 index 00000000..b7f8c77b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ASYNC_start_job.html @@ -0,0 +1,273 @@ + + + + +ASYNC_start_job + + + + + + + + + + +

NAME

+ +

ASYNC_get_wait_ctx, ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable - asynchronous job management functions

+ +

SYNOPSIS

+ +
#include <openssl/async.h>
+
+int ASYNC_init_thread(size_t max_size, size_t init_size);
+void ASYNC_cleanup_thread(void);
+
+int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
+                    int (*func)(void *), void *args, size_t size);
+int ASYNC_pause_job(void);
+
+ASYNC_JOB *ASYNC_get_current_job(void);
+ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job);
+void ASYNC_block_pause(void);
+void ASYNC_unblock_pause(void);
+
+int ASYNC_is_capable(void);
+ +

DESCRIPTION

+ +

OpenSSL implements asynchronous capabilities through an ASYNC_JOB. This represents code that can be started and executes until some event occurs. At that point the code can be paused and control returns to user code until some subsequent event indicates that the job can be resumed.

+ +

The creation of an ASYNC_JOB is a relatively expensive operation. Therefore, for efficiency reasons, jobs can be created up front and reused many times. They are held in a pool until they are needed, at which point they are removed from the pool, used, and then returned to the pool when the job completes. If the user application is multi-threaded, then ASYNC_init_thread() may be called for each thread that will initiate asynchronous jobs. Before user code exits per-thread resources need to be cleaned up. This will normally occur automatically (see OPENSSL_init_crypto(3)) but may be explicitly initiated by using ASYNC_cleanup_thread(). No asynchronous jobs must be outstanding for the thread when ASYNC_cleanup_thread() is called. Failing to ensure this will result in memory leaks.

+ +

The max_size argument limits the number of ASYNC_JOBs that will be held in the pool. If max_size is set to 0 then no upper limit is set. When an ASYNC_JOB is needed but there are none available in the pool already then one will be automatically created, as long as the total of ASYNC_JOBs managed by the pool does not exceed max_size. When the pool is first initialised init_size ASYNC_JOBs will be created immediately. If ASYNC_init_thread() is not called before the pool is first used then it will be called automatically with a max_size of 0 (no upper limit) and an init_size of 0 (no ASYNC_JOBs created up front).

+ +

An asynchronous job is started by calling the ASYNC_start_job() function. Initially *job should be NULL. ctx should point to an ASYNC_WAIT_CTX object created through the ASYNC_WAIT_CTX_new(3) function. ret should point to a location where the return value of the asynchronous function should be stored on completion of the job. func represents the function that should be started asynchronously. The data pointed to by args and of size size will be copied and then passed as an argument to func when the job starts. ASYNC_start_job will return one of the following values:

+ +
+ +
ASYNC_ERR
+
+ +

An error occurred trying to start the job. Check the OpenSSL error queue (e.g. see ERR_print_errors(3)) for more details.

+ +
+
ASYNC_NO_JOBS
+
+ +

There are no jobs currently available in the pool. This call can be retried again at a later time.

+ +
+
ASYNC_PAUSE
+
+ +

The job was successfully started but was "paused" before it completed (see ASYNC_pause_job() below). A handle to the job is placed in *job. Other work can be performed (if desired) and the job restarted at a later time. To restart a job call ASYNC_start_job() again passing the job handle in *job. The func, args and size parameters will be ignored when restarting a job. When restarting a job ASYNC_start_job() must be called from the same thread that the job was originally started from.

+ +
+
ASYNC_FINISH
+
+ +

The job completed. *job will be NULL and the return value from func will be placed in *ret.

+ +
+
+ +

At any one time there can be a maximum of one job actively running per thread (you can have many that are paused). ASYNC_get_current_job() can be used to get a pointer to the currently executing ASYNC_JOB. If no job is currently executing then this will return NULL.

+ +

If executing within the context of a job (i.e. having been called directly or indirectly by the function "func" passed as an argument to ASYNC_start_job()) then ASYNC_pause_job() will immediately return control to the calling application with ASYNC_PAUSE returned from the ASYNC_start_job() call. A subsequent call to ASYNC_start_job passing in the relevant ASYNC_JOB in the *job parameter will resume execution from the ASYNC_pause_job() call. If ASYNC_pause_job() is called whilst not within the context of a job then no action is taken and ASYNC_pause_job() returns immediately.

+ +

ASYNC_get_wait_ctx() can be used to get a pointer to the ASYNC_WAIT_CTX for the job. ASYNC_WAIT_CTXs can have a "wait" file descriptor associated with them. Applications can wait for the file descriptor to be ready for "read" using a system function call such as select or poll (being ready for "read" indicates that the job should be resumed). If no file descriptor is made available then an application will have to periodically "poll" the job by attempting to restart it to see if it is ready to continue.

+ +

An example of typical usage might be an async capable engine. User code would initiate cryptographic operations. The engine would initiate those operations asynchronously and then call ASYNC_WAIT_CTX_set_wait_fd(3) followed by ASYNC_pause_job() to return control to the user code. The user code can then perform other tasks or wait for the job to be ready by calling "select" or other similar function on the wait file descriptor. The engine can signal to the user code that the job should be resumed by making the wait file descriptor "readable". Once resumed the engine should clear the wake signal on the wait file descriptor.

+ +

The ASYNC_block_pause() function will prevent the currently active job from pausing. The block will remain in place until a subsequent call to ASYNC_unblock_pause(). These functions can be nested, e.g. if you call ASYNC_block_pause() twice then you must call ASYNC_unblock_pause() twice in order to re-enable pausing. If these functions are called while there is no currently active job then they have no effect. This functionality can be useful to avoid deadlock scenarios. For example during the execution of an ASYNC_JOB an application acquires a lock. It then calls some cryptographic function which invokes ASYNC_pause_job(). This returns control back to the code that created the ASYNC_JOB. If that code then attempts to acquire the same lock before resuming the original job then a deadlock can occur. By calling ASYNC_block_pause() immediately after acquiring the lock and ASYNC_unblock_pause() immediately before releasing it then this situation cannot occur.

+ +

Some platforms cannot support async operations. The ASYNC_is_capable() function can be used to detect whether the current platform is async capable or not.

+ +

RETURN VALUES

+ +

ASYNC_init_thread returns 1 on success or 0 otherwise.

+ +

ASYNC_start_job returns one of ASYNC_ERR, ASYNC_NO_JOBS, ASYNC_PAUSE or ASYNC_FINISH as described above.

+ +

ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when not within the context of an ASYNC_JOB then this is counted as success so 1 is returned.

+ +

ASYNC_get_current_job returns a pointer to the currently executing ASYNC_JOB or NULL if not within the context of a job.

+ +

ASYNC_get_wait_ctx() returns a pointer to the ASYNC_WAIT_CTX for the job.

+ +

ASYNC_is_capable() returns 1 if the current platform is async capable or 0 otherwise.

+ +

NOTES

+ +

On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore it is defined as an application developer's responsibility to include windows.h prior to async.h.

+ +

EXAMPLES

+ +

The following example demonstrates how to use most of the core async APIs:

+ +
#ifdef _WIN32
+# include <windows.h>
+#endif
+#include <stdio.h>
+#include <unistd.h>
+#include <openssl/async.h>
+#include <openssl/crypto.h>
+
+int unique = 0;
+
+void cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD r, void *vw)
+{
+    OSSL_ASYNC_FD *w = (OSSL_ASYNC_FD *)vw;
+
+    close(r);
+    close(*w);
+    OPENSSL_free(w);
+}
+
+int jobfunc(void *arg)
+{
+    ASYNC_JOB *currjob;
+    unsigned char *msg;
+    int pipefds[2] = {0, 0};
+    OSSL_ASYNC_FD *wptr;
+    char buf = 'X';
+
+    currjob = ASYNC_get_current_job();
+    if (currjob != NULL) {
+        printf("Executing within a job\n");
+    } else {
+        printf("Not executing within a job - should not happen\n");
+        return 0;
+    }
+
+    msg = (unsigned char *)arg;
+    printf("Passed in message is: %s\n", msg);
+
+    if (pipe(pipefds) != 0) {
+        printf("Failed to create pipe\n");
+        return 0;
+    }
+    wptr = OPENSSL_malloc(sizeof(OSSL_ASYNC_FD));
+    if (wptr == NULL) {
+        printf("Failed to malloc\n");
+        return 0;
+    }
+    *wptr = pipefds[1];
+    ASYNC_WAIT_CTX_set_wait_fd(ASYNC_get_wait_ctx(currjob), &unique,
+                               pipefds[0], wptr, cleanup);
+
+    /*
+     * Normally some external event would cause this to happen at some
+     * later point - but we do it here for demo purposes, i.e.
+     * immediately signalling that the job is ready to be woken up after
+     * we return to main via ASYNC_pause_job().
+     */
+    write(pipefds[1], &buf, 1);
+
+    /* Return control back to main */
+    ASYNC_pause_job();
+
+    /* Clear the wake signal */
+    read(pipefds[0], &buf, 1);
+
+    printf ("Resumed the job after a pause\n");
+
+    return 1;
+}
+
+int main(void)
+{
+    ASYNC_JOB *job = NULL;
+    ASYNC_WAIT_CTX *ctx = NULL;
+    int ret;
+    OSSL_ASYNC_FD waitfd;
+    fd_set waitfdset;
+    size_t numfds;
+    unsigned char msg[13] = "Hello world!";
+
+    printf("Starting...\n");
+
+    ctx = ASYNC_WAIT_CTX_new();
+    if (ctx == NULL) {
+        printf("Failed to create ASYNC_WAIT_CTX\n");
+        abort();
+    }
+
+    for (;;) {
+        switch (ASYNC_start_job(&job, ctx, &ret, jobfunc, msg, sizeof(msg))) {
+        case ASYNC_ERR:
+        case ASYNC_NO_JOBS:
+            printf("An error occurred\n");
+            goto end;
+        case ASYNC_PAUSE:
+            printf("Job was paused\n");
+            break;
+        case ASYNC_FINISH:
+            printf("Job finished with return value %d\n", ret);
+            goto end;
+        }
+
+        /* Wait for the job to be woken */
+        printf("Waiting for the job to be woken up\n");
+
+        if (!ASYNC_WAIT_CTX_get_all_fds(ctx, NULL, &numfds)
+                || numfds > 1) {
+            printf("Unexpected number of fds\n");
+            abort();
+        }
+        ASYNC_WAIT_CTX_get_all_fds(ctx, &waitfd, &numfds);
+        FD_ZERO(&waitfdset);
+        FD_SET(waitfd, &waitfdset);
+        select(waitfd + 1, &waitfdset, NULL, NULL, NULL);
+    }
+
+end:
+    ASYNC_WAIT_CTX_free(ctx);
+    printf("Finishing\n");
+
+    return 0;
+}
+ +

The expected output from executing the above example program is:

+ +
Starting...
+Executing within a job
+Passed in message is: Hello world!
+Job was paused
+Waiting for the job to be woken up
+Resumed the job after a pause
+Job finished with return value 1
+Finishing
+ +

SEE ALSO

+ +

crypto(7), ERR_print_errors(3)

+ +

HISTORY

+ +

ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_get_wait_ctx(), ASYNC_block_pause(), ASYNC_unblock_pause() and ASYNC_is_capable() were first added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BF_encrypt.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BF_encrypt.html new file mode 100644 index 00000000..781f1f8c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BF_encrypt.html @@ -0,0 +1,95 @@ + + + + +BF_encrypt + + + + + + + + + + +

NAME

+ +

BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption

+ +

SYNOPSIS

+ +
#include <openssl/blowfish.h>
+
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                    BF_KEY *key, int enc);
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                    long length, BF_KEY *schedule,
+                    unsigned char *ivec, int enc);
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, BF_KEY *schedule,
+                      unsigned char *ivec, int *num, int enc);
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, BF_KEY *schedule,
+                      unsigned char *ivec, int *num);
+const char *BF_options(void);
+
+void BF_encrypt(BF_LONG *data, const BF_KEY *key);
+void BF_decrypt(BF_LONG *data, const BF_KEY *key);
+ +

DESCRIPTION

+ +

This library implements the Blowfish cipher, which was invented and described by Counterpane (see http://www.counterpane.com/blowfish.html ).

+ +

Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. It uses a variable size key, but typically, 128 bit (16 byte) keys are considered good for strong encryption. Blowfish can be used in the same modes as DES (see des_modes(7)). Blowfish is currently one of the faster block ciphers. It is quite a bit faster than DES, and much faster than IDEA or RC2.

+ +

Blowfish consists of a key setup phase and the actual encryption or decryption phase.

+ +

BF_set_key() sets up the BF_KEY key using the len bytes long key at data.

+ +

BF_ecb_encrypt() is the basic Blowfish encryption and decryption function. It encrypts or decrypts the first 64 bits of in using the key key, putting the result in out. enc decides if encryption (BF_ENCRYPT) or decryption (BF_DECRYPT) shall be performed. The vector pointed at by in and out must be 64 bits in length, no less. If they are larger, everything after the first 64 bits is ignored.

+ +

The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt() all operate on variable length data. They all take an initialization vector ivec which needs to be passed along into the next call of the same function for the same message. ivec may be initialized with anything, but the recipient needs to know what it was initialized with, or it won't be able to decrypt. Some programs and protocols simplify this, like SSH, where ivec is simply initialized to zero. BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable number of bytes (the amount does not have to be an exact multiple of 8). The purpose of the latter two is to simulate stream ciphers, and therefore, they need the parameter num, which is a pointer to an integer where the current offset in ivec is stored between calls. This integer must be initialized to zero when ivec is initialized.

+ +

BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It encrypts or decrypts the 64 bits chunks of in using the key schedule, putting the result in out. enc decides if encryption (BF_ENCRYPT) or decryption (BF_DECRYPT) shall be performed. ivec must point at an 8 byte long initialization vector.

+ +

BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback. It encrypts or decrypts the bytes in in using the key schedule, putting the result in out. enc decides if encryption (BF_ENCRYPT) or decryption (BF_DECRYPT) shall be performed. ivec must point at an 8 byte long initialization vector. num must point at an integer which must be initially zero.

+ +

BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback. It uses the same parameters as BF_cfb64_encrypt(), which must be initialized the same way.

+ +

BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish encryption. They encrypt/decrypt the first 64 bits of the vector pointed by data, using the key key. These functions should not be used unless you implement 'modes' of Blowfish. The alternative is to use BF_ecb_encrypt(). If you still want to use these functions, you should be aware that they take each 32-bit chunk in host-byte order, which is little-endian on little-endian platforms and big-endian on big-endian ones.

+ +

RETURN VALUES

+ +

None of the functions presented here return any value.

+ +

NOTE

+ +

Applications should use the higher level functions EVP_EncryptInit(3) etc. instead of calling these functions directly.

+ +

SEE ALSO

+ +

EVP_EncryptInit(3), des_modes(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_ADDR.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_ADDR.html new file mode 100644 index 00000000..d2e27afc --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_ADDR.html @@ -0,0 +1,96 @@ + + + + +BIO_ADDR + + + + + + + + + + +

NAME

+ +

BIO_ADDR, BIO_ADDR_new, BIO_ADDR_clear, BIO_ADDR_free, BIO_ADDR_rawmake, BIO_ADDR_family, BIO_ADDR_rawaddress, BIO_ADDR_rawport, BIO_ADDR_hostname_string, BIO_ADDR_service_string, BIO_ADDR_path_string - BIO_ADDR routines

+ +

SYNOPSIS

+ +
#include <sys/types.h>
+#include <openssl/bio.h>
+
+typedef union bio_addr_st BIO_ADDR;
+
+BIO_ADDR *BIO_ADDR_new(void);
+void BIO_ADDR_free(BIO_ADDR *);
+void BIO_ADDR_clear(BIO_ADDR *ap);
+int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
+                     const void *where, size_t wherelen, unsigned short port);
+int BIO_ADDR_family(const BIO_ADDR *ap);
+int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l);
+unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap);
+char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric);
+char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric);
+char *BIO_ADDR_path_string(const BIO_ADDR *ap);
+ +

DESCRIPTION

+ +

The BIO_ADDR type is a wrapper around all types of socket addresses that OpenSSL deals with, currently transparently supporting AF_INET, AF_INET6 and AF_UNIX according to what's available on the platform at hand.

+ +

BIO_ADDR_new() creates a new unfilled BIO_ADDR, to be used with routines that will fill it with information, such as BIO_accept_ex().

+ +

BIO_ADDR_free() frees a BIO_ADDR created with BIO_ADDR_new().

+ +

BIO_ADDR_clear() clears any data held within the provided BIO_ADDR and sets it back to an uninitialised state.

+ +

BIO_ADDR_rawmake() takes a protocol family, an byte array of size wherelen with an address in network byte order pointed at by where and a port number in network byte order in port (except for the AF_UNIX protocol family, where port is meaningless and therefore ignored) and populates the given BIO_ADDR with them. In case this creates a AF_UNIX BIO_ADDR, wherelen is expected to be the length of the path string (not including the terminating NUL, such as the result of a call to strlen()). Read on about the addresses in "RAW ADDRESSES" below.

+ +

BIO_ADDR_family() returns the protocol family of the given BIO_ADDR. The possible non-error results are one of the constants AF_INET, AF_INET6 and AF_UNIX. It will also return AF_UNSPEC if the BIO_ADDR has not been initialised.

+ +

BIO_ADDR_rawaddress() will write the raw address of the given BIO_ADDR in the area pointed at by p if p is non-NULL, and will set *l to be the amount of bytes the raw address takes up if l is non-NULL. A technique to only find out the size of the address is a call with p set to NULL. The raw address will be in network byte order, most significant byte first. In case this is a AF_UNIX BIO_ADDR, l gets the length of the path string (not including the terminating NUL, such as the result of a call to strlen()). Read on about the addresses in "RAW ADDRESSES" below.

+ +

BIO_ADDR_rawport() returns the raw port of the given BIO_ADDR. The raw port will be in network byte order.

+ +

BIO_ADDR_hostname_string() returns a character string with the hostname of the given BIO_ADDR. If numeric is 1, the string will contain the numerical form of the address. This only works for BIO_ADDR of the protocol families AF_INET and AF_INET6. The returned string has been allocated on the heap and must be freed with OPENSSL_free().

+ +

BIO_ADDR_service_string() returns a character string with the service name of the port of the given BIO_ADDR. If numeric is 1, the string will contain the port number. This only works for BIO_ADDR of the protocol families AF_INET and AF_INET6. The returned string has been allocated on the heap and must be freed with OPENSSL_free().

+ +

BIO_ADDR_path_string() returns a character string with the path of the given BIO_ADDR. This only works for BIO_ADDR of the protocol family AF_UNIX. The returned string has been allocated on the heap and must be freed with OPENSSL_free().

+ +

RAW ADDRESSES

+ +

Both BIO_ADDR_rawmake() and BIO_ADDR_rawaddress() take a pointer to a network byte order address of a specific site. Internally, those are treated as a pointer to struct in_addr (for AF_INET), struct in6_addr (for AF_INET6) or char * (for AF_UNIX), all depending on the protocol family the address is for.

+ +

RETURN VALUES

+ +

The string producing functions BIO_ADDR_hostname_string(), BIO_ADDR_service_string() and BIO_ADDR_path_string() will return NULL on error and leave an error indication on the OpenSSL error stack.

+ +

All other functions described here return 0 or NULL when the information they should return isn't available.

+ +

SEE ALSO

+ +

BIO_connect(3), BIO_s_connect(3)

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_ADDRINFO.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_ADDRINFO.html new file mode 100644 index 00000000..285455e3 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_ADDRINFO.html @@ -0,0 +1,101 @@ + + + + +BIO_ADDRINFO + + + + + + + + + + +

NAME

+ +

BIO_lookup_type, BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free, BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol, BIO_ADDRINFO_address, BIO_lookup_ex, BIO_lookup - BIO_ADDRINFO type and routines

+ +

SYNOPSIS

+ +
#include <sys/types.h>
+#include <openssl/bio.h>
+
+typedef union bio_addrinfo_st BIO_ADDRINFO;
+
+enum BIO_lookup_type {
+    BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER
+};
+
+int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
+                  int family, int socktype, int protocol, BIO_ADDRINFO **res);
+int BIO_lookup(const char *node, const char *service,
+               enum BIO_lookup_type lookup_type,
+               int family, int socktype, BIO_ADDRINFO **res);
+
+const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai);
+const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai);
+void BIO_ADDRINFO_free(BIO_ADDRINFO *bai);
+ +

DESCRIPTION

+ +

The BIO_ADDRINFO type is a wrapper for address information types provided on your platform.

+ +

BIO_ADDRINFO normally forms a chain of several that can be picked at one by one.

+ +

BIO_lookup_ex() looks up a specified host and service, and uses lookup_type to determine what the default address should be if host is NULL. family, socktype and protocol are used to determine what protocol family, socket type and protocol should be used for the lookup. family can be any of AF_INET, AF_INET6, AF_UNIX and AF_UNSPEC. socktype can be SOCK_STREAM, SOCK_DGRAM or 0. Specifying 0 indicates that any type can be used. protocol specifies a protocol such as IPPROTO_TCP, IPPROTO_UDP or IPPORTO_SCTP. If set to 0 than any protocol can be used. res points at a pointer to hold the start of a BIO_ADDRINFO chain.

+ +

For the family AF_UNIX, BIO_lookup_ex() will ignore the service parameter and expects the node parameter to hold the path to the socket file.

+ +

BIO_lookup() does the same as BIO_lookup_ex() but does not provide the ability to select based on the protocol (any protocol may be returned).

+ +

BIO_ADDRINFO_family() returns the family of the given BIO_ADDRINFO. The result will be one of the constants AF_INET, AF_INET6 and AF_UNIX.

+ +

BIO_ADDRINFO_socktype() returns the socket type of the given BIO_ADDRINFO. The result will be one of the constants SOCK_STREAM and SOCK_DGRAM.

+ +

BIO_ADDRINFO_protocol() returns the protocol id of the given BIO_ADDRINFO. The result will be one of the constants IPPROTO_TCP and IPPROTO_UDP.

+ +

BIO_ADDRINFO_address() returns the underlying BIO_ADDR of the given BIO_ADDRINFO.

+ +

BIO_ADDRINFO_next() returns the next BIO_ADDRINFO in the chain from the given one.

+ +

BIO_ADDRINFO_free() frees the chain of BIO_ADDRINFO starting with the given one.

+ +

RETURN VALUES

+ +

BIO_lookup_ex() and BIO_lookup() return 1 on success and 0 when an error occurred, and will leave an error indication on the OpenSSL error stack in that case.

+ +

All other functions described here return 0 or NULL when the information they should return isn't available.

+ +

NOTES

+ +

The BIO_lookup_ex() implementation uses the platform provided getaddrinfo() function. On Linux it is known that specifying 0 for the protocol will not return any SCTP based addresses when calling getaddrinfo(). Therefore if an SCTP address is required then the protocol parameter to BIO_lookup_ex() should be explicitly set to IPPROTO_SCTP. The same may be true on other platforms.

+ +

HISTORY

+ +

The BIO_lookup_ex() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_connect.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_connect.html new file mode 100644 index 00000000..81740adc --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_connect.html @@ -0,0 +1,121 @@ + + + + +BIO_connect + + + + + + + + + + +

NAME

+ +

BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket - BIO socket communication setup routines

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+int BIO_socket(int domain, int socktype, int protocol, int options);
+int BIO_bind(int sock, const BIO_ADDR *addr, int options);
+int BIO_connect(int sock, const BIO_ADDR *addr, int options);
+int BIO_listen(int sock, const BIO_ADDR *addr, int options);
+int BIO_accept_ex(int accept_sock, BIO_ADDR *peer, int options);
+int BIO_closesocket(int sock);
+ +

DESCRIPTION

+ +

BIO_socket() creates a socket in the domain domain, of type socktype and protocol. Socket options are currently unused, but is present for future use.

+ +

BIO_bind() binds the source address and service to a socket and may be useful before calling BIO_connect(). The options may include BIO_SOCK_REUSEADDR, which is described in "FLAGS" below.

+ +

BIO_connect() connects sock to the address and service given by addr. Connection options may be zero or any combination of BIO_SOCK_KEEPALIVE, BIO_SOCK_NONBLOCK and BIO_SOCK_NODELAY. The flags are described in "FLAGS" below.

+ +

BIO_listen() has sock start listening on the address and service given by addr. Connection options may be zero or any combination of BIO_SOCK_KEEPALIVE, BIO_SOCK_NONBLOCK, BIO_SOCK_NODELAY, BIO_SOCK_REUSEADDR and BIO_SOCK_V6_ONLY. The flags are described in "FLAGS" below.

+ +

BIO_accept_ex() waits for an incoming connections on the given socket accept_sock. When it gets a connection, the address and port of the peer gets stored in peer if that one is non-NULL. Accept options may be zero or BIO_SOCK_NONBLOCK, and is applied on the accepted socket. The flags are described in "FLAGS" below.

+ +

BIO_closesocket() closes sock.

+ +

FLAGS

+ +
+ +
BIO_SOCK_KEEPALIVE
+
+ +

Enables regular sending of keep-alive messages.

+ +
+
BIO_SOCK_NONBLOCK
+
+ +

Sets the socket to non-blocking mode.

+ +
+
BIO_SOCK_NODELAY
+
+ +

Corresponds to TCP_NODELAY, and disables the Nagle algorithm. With this set, any data will be sent as soon as possible instead of being buffered until there's enough for the socket to send out in one go.

+ +
+
BIO_SOCK_REUSEADDR
+
+ +

Try to reuse the address and port combination for a recently closed port.

+ +
+
BIO_SOCK_V6_ONLY
+
+ +

When creating an IPv6 socket, make it only listen for IPv6 addresses and not IPv4 addresses mapped to IPv6.

+ +
+
+ +

These flags are bit flags, so they are to be combined with the | operator, for example:

+ +
BIO_connect(sock, addr, BIO_SOCK_KEEPALIVE | BIO_SOCK_NONBLOCK);
+ +

RETURN VALUES

+ +

BIO_socket() returns the socket number on success or INVALID_SOCKET (-1) on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error.

+ +

BIO_bind(), BIO_connect() and BIO_listen() return 1 on success or 0 on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error.

+ +

BIO_accept_ex() returns the accepted socket on success or INVALID_SOCKET (-1) on error. When an error has occurred, the OpenSSL error stack will hold the error data and errno has the system error.

+ +

SEE ALSO

+ +

BIO_ADDR(3)

+ +

HISTORY

+ +

BIO_gethostname(), BIO_get_port(), BIO_get_host_ip(), BIO_get_accept_socket() and BIO_accept() were deprecated in OpenSSL 1.1.0. Use the functions described above instead.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_ctrl.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_ctrl.html new file mode 100644 index 00000000..b1671037 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_ctrl.html @@ -0,0 +1,115 @@ + + + + +BIO_ctrl + + + + + + + + + + +

NAME

+ +

BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb - BIO control operations

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+typedef int BIO_info_cb(BIO *b, int state, int res);
+
+long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
+long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb);
+char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
+long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
+
+int BIO_reset(BIO *b);
+int BIO_seek(BIO *b, int ofs);
+int BIO_tell(BIO *b);
+int BIO_flush(BIO *b);
+int BIO_eof(BIO *b);
+int BIO_set_close(BIO *b, long flag);
+int BIO_get_close(BIO *b);
+int BIO_pending(BIO *b);
+int BIO_wpending(BIO *b);
+size_t BIO_ctrl_pending(BIO *b);
+size_t BIO_ctrl_wpending(BIO *b);
+
+int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp);
+int BIO_set_info_callback(BIO *b, BIO_info_cb *cb);
+ +

DESCRIPTION

+ +

BIO_ctrl(), BIO_callback_ctrl(), BIO_ptr_ctrl() and BIO_int_ctrl() are BIO "control" operations taking arguments of various types. These functions are not normally called directly, various macros are used instead. The standard macros are described below, macros specific to a particular type of BIO are described in the specific BIOs manual page as well as any special features of the standard calls.

+ +

BIO_reset() typically resets a BIO to some initial state, in the case of file related BIOs for example it rewinds the file pointer to the start of the file.

+ +

BIO_seek() resets a file related BIO's (that is file descriptor and FILE BIOs) file position pointer to ofs bytes from start of file.

+ +

BIO_tell() returns the current file position of a file related BIO.

+ +

BIO_flush() normally writes out any internally buffered data, in some cases it is used to signal EOF and that no more data will be written.

+ +

BIO_eof() returns 1 if the BIO has read EOF, the precise meaning of "EOF" varies according to the BIO type.

+ +

BIO_set_close() sets the BIO b close flag to flag. flag can take the value BIO_CLOSE or BIO_NOCLOSE. Typically BIO_CLOSE is used in a source/sink BIO to indicate that the underlying I/O stream should be closed when the BIO is freed.

+ +

BIO_get_close() returns the BIOs close flag.

+ +

BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending() return the number of pending characters in the BIOs read and write buffers. Not all BIOs support these calls. BIO_ctrl_pending() and BIO_ctrl_wpending() return a size_t type and are functions, BIO_pending() and BIO_wpending() are macros which call BIO_ctrl().

+ +

RETURN VALUES

+ +

BIO_reset() normally returns 1 for success and 0 or -1 for failure. File BIOs are an exception, they return 0 for success and -1 for failure.

+ +

BIO_seek() and BIO_tell() both return the current file position on success and -1 for failure, except file BIOs which for BIO_seek() always return 0 for success and -1 for failure.

+ +

BIO_flush() returns 1 for success and 0 or -1 for failure.

+ +

BIO_eof() returns 1 if EOF has been reached 0 otherwise.

+ +

BIO_set_close() always returns 1.

+ +

BIO_get_close() returns the close flag value: BIO_CLOSE or BIO_NOCLOSE.

+ +

BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending() return the amount of pending data.

+ +

NOTES

+ +

BIO_flush(), because it can write data may return 0 or -1 indicating that the call should be retried later in a similar manner to BIO_write_ex(). The BIO_should_retry() call should be used and appropriate action taken is the call fails.

+ +

The return values of BIO_pending() and BIO_wpending() may not reliably determine the amount of pending data in all cases. For example in the case of a file BIO some data may be available in the FILE structures internal buffers but it is not possible to determine this in a portably way. For other types of BIO they may not be supported.

+ +

Filter BIOs if they do not internally handle a particular BIO_ctrl() operation usually pass the operation to the next BIO in the chain. This often means there is no need to locate the required BIO for a particular operation, it can be called on a chain and it will be automatically passed to the relevant BIO. However this can cause unexpected results: for example no current filter BIOs implement BIO_seek(), but this may still succeed if the chain ends in a FILE or file descriptor BIO.

+ +

Source/sink BIOs return an 0 if they do not recognize the BIO_ctrl() operation.

+ +

BUGS

+ +

Some of the return values are ambiguous and care should be taken. In particular a return value of 0 can be returned if an operation is not supported, if an error occurred, if EOF has not been reached and in the case of BIO_seek() on a file BIO for a successful operation.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_base64.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_base64.html new file mode 100644 index 00000000..9a2092c8 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_base64.html @@ -0,0 +1,102 @@ + + + + +BIO_f_base64 + + + + + + + + + + +

NAME

+ +

BIO_f_base64 - base64 BIO filter

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+const BIO_METHOD *BIO_f_base64(void);
+ +

DESCRIPTION

+ +

BIO_f_base64() returns the base64 BIO method. This is a filter BIO that base64 encodes any data written through it and decodes any data read through it.

+ +

Base64 BIOs do not support BIO_gets() or BIO_puts().

+ +

BIO_flush() on a base64 BIO that is being written through is used to signal that no more data is to be encoded: this is used to flush the final block through the BIO.

+ +

The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags() to encode the data all on one line or expect the data to be all on one line.

+ +

NOTES

+ +

Because of the format of base64 encoding the end of the encoded block cannot always be reliably determined.

+ +

RETURN VALUES

+ +

BIO_f_base64() returns the base64 BIO method.

+ +

EXAMPLES

+ +

Base64 encode the string "Hello World\n" and write the result to standard output:

+ +
BIO *bio, *b64;
+char message[] = "Hello World \n";
+
+b64 = BIO_new(BIO_f_base64());
+bio = BIO_new_fp(stdout, BIO_NOCLOSE);
+BIO_push(b64, bio);
+BIO_write(b64, message, strlen(message));
+BIO_flush(b64);
+
+BIO_free_all(b64);
+ +

Read Base64 encoded data from standard input and write the decoded data to standard output:

+ +
BIO *bio, *b64, *bio_out;
+char inbuf[512];
+int inlen;
+
+b64 = BIO_new(BIO_f_base64());
+bio = BIO_new_fp(stdin, BIO_NOCLOSE);
+bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+BIO_push(b64, bio);
+while ((inlen = BIO_read(b64, inbuf, 512)) > 0)
+    BIO_write(bio_out, inbuf, inlen);
+
+BIO_flush(bio_out);
+BIO_free_all(b64);
+ +

BUGS

+ +

The ambiguity of EOF in base64 encoded data can cause additional data following the base64 encoded block to be misinterpreted.

+ +

There should be some way of specifying a test that the BIO can perform to reliably determine EOF (for example a MIME boundary).

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_buffer.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_buffer.html new file mode 100644 index 00000000..59f97e65 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_buffer.html @@ -0,0 +1,89 @@ + + + + +BIO_f_buffer + + + + + + + + + + +

NAME

+ +

BIO_get_buffer_num_lines, BIO_set_read_buffer_size, BIO_set_write_buffer_size, BIO_set_buffer_size, BIO_set_buffer_read_data, BIO_f_buffer - buffering BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_f_buffer(void);
+
+long BIO_get_buffer_num_lines(BIO *b);
+long BIO_set_read_buffer_size(BIO *b, long size);
+long BIO_set_write_buffer_size(BIO *b, long size);
+long BIO_set_buffer_size(BIO *b, long size);
+long BIO_set_buffer_read_data(BIO *b, void *buf, long num);
+ +

DESCRIPTION

+ +

BIO_f_buffer() returns the buffering BIO method.

+ +

Data written to a buffering BIO is buffered and periodically written to the next BIO in the chain. Data read from a buffering BIO comes from an internal buffer which is filled from the next BIO in the chain. Both BIO_gets() and BIO_puts() are supported.

+ +

Calling BIO_reset() on a buffering BIO clears any buffered data.

+ +

BIO_get_buffer_num_lines() returns the number of lines currently buffered.

+ +

BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size() set the read, write or both read and write buffer sizes to size. The initial buffer size is DEFAULT_BUFFER_SIZE, currently 4096. Any attempt to reduce the buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared when the buffer is resized.

+ +

BIO_set_buffer_read_data() clears the read buffer and fills it with num bytes of buf. If num is larger than the current buffer size the buffer is expanded.

+ +

NOTES

+ +

These functions, other than BIO_f_buffer(), are implemented as macros.

+ +

Buffering BIOs implement BIO_read_ex() and BIO_gets() by using BIO_read_ex() operations on the next BIO in the chain and storing the result in an internal buffer, from which bytes are given back to the caller as appropriate for the call; a BIO_gets() is guaranteed to give the caller a whole line, and BIO_read_ex() is guaranteed to give the caller the number of bytes it asks for, unless there's an error or end of communication is reached in the next BIO. By prepending a buffering BIO to a chain it is therefore possible to provide BIO_gets() or exact size BIO_read_ex() functionality if the following BIOs do not support it.

+ +

Do not add more than one BIO_f_buffer() to a BIO chain. The result of doing so will force a full read of the size of the internal buffer of the top BIO_f_buffer(), which is 4 KiB at a minimum.

+ +

Data is only written to the next BIO in the chain when the write buffer fills or when BIO_flush() is called. It is therefore important to call BIO_flush() whenever any pending data should be written such as when removing a buffering BIO using BIO_pop(). BIO_flush() may need to be retried if the ultimate source/sink BIO is non blocking.

+ +

RETURN VALUES

+ +

BIO_f_buffer() returns the buffering BIO method.

+ +

BIO_get_buffer_num_lines() returns the number of lines buffered (may be 0).

+ +

BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size() return 1 if the buffer was successfully resized or 0 for failure.

+ +

BIO_set_buffer_read_data() returns 1 if the data was set correctly or 0 if there was an error.

+ +

SEE ALSO

+ +

bio(7), BIO_reset(3), BIO_flush(3), BIO_pop(3), BIO_ctrl(3).

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_cipher.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_cipher.html new file mode 100644 index 00000000..7d724984 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_cipher.html @@ -0,0 +1,81 @@ + + + + +BIO_f_cipher + + + + + + + + + + +

NAME

+ +

BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher BIO filter

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+const BIO_METHOD *BIO_f_cipher(void);
+void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher,
+                    unsigned char *key, unsigned char *iv, int enc);
+int BIO_get_cipher_status(BIO *b)
+int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
+ +

DESCRIPTION

+ +

BIO_f_cipher() returns the cipher BIO method. This is a filter BIO that encrypts any data written through it, and decrypts any data read from it. It is a BIO wrapper for the cipher routines EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal().

+ +

Cipher BIOs do not support BIO_gets() or BIO_puts().

+ +

BIO_flush() on an encryption BIO that is being written through is used to signal that no more data is to be encrypted: this is used to flush and possibly pad the final block through the BIO.

+ +

BIO_set_cipher() sets the cipher of BIO b to cipher using key key and IV iv. enc should be set to 1 for encryption and zero for decryption.

+ +

When reading from an encryption BIO the final block is automatically decrypted and checked when EOF is detected. BIO_get_cipher_status() is a BIO_ctrl() macro which can be called to determine whether the decryption operation was successful.

+ +

BIO_get_cipher_ctx() is a BIO_ctrl() macro which retrieves the internal BIO cipher context. The retrieved context can be used in conjunction with the standard cipher routines to set it up. This is useful when BIO_set_cipher() is not flexible enough for the applications needs.

+ +

NOTES

+ +

When encrypting BIO_flush() must be called to flush the final block through the BIO. If it is not then the final block will fail a subsequent decrypt.

+ +

When decrypting an error on the final block is signaled by a zero return value from the read operation. A successful decrypt followed by EOF will also return zero for the final read. BIO_get_cipher_status() should be called to determine if the decrypt was successful.

+ +

As always, if BIO_gets() or BIO_puts() support is needed then it can be achieved by preceding the cipher BIO with a buffering BIO.

+ +

RETURN VALUES

+ +

BIO_f_cipher() returns the cipher BIO method.

+ +

BIO_set_cipher() does not return a value.

+ +

BIO_get_cipher_status() returns 1 for a successful decrypt and 0 for failure.

+ +

BIO_get_cipher_ctx() currently always returns 1.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_md.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_md.html new file mode 100644 index 00000000..95b95556 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_md.html @@ -0,0 +1,156 @@ + + + + +BIO_f_md + + + + + + + + + + +

NAME

+ +

BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+const BIO_METHOD *BIO_f_md(void);
+int BIO_set_md(BIO *b, EVP_MD *md);
+int BIO_get_md(BIO *b, EVP_MD **mdp);
+int BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp);
+ +

DESCRIPTION

+ +

BIO_f_md() returns the message digest BIO method. This is a filter BIO that digests any data passed through it, it is a BIO wrapper for the digest routines EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal().

+ +

Any data written or read through a digest BIO using BIO_read_ex() and BIO_write_ex() is digested.

+ +

BIO_gets(), if its size parameter is large enough finishes the digest calculation and returns the digest value. BIO_puts() is not supported.

+ +

BIO_reset() reinitialises a digest BIO.

+ +

BIO_set_md() sets the message digest of BIO b to md: this must be called to initialize a digest BIO before any data is passed through it. It is a BIO_ctrl() macro.

+ +

BIO_get_md() places the a pointer to the digest BIOs digest method in mdp, it is a BIO_ctrl() macro.

+ +

BIO_get_md_ctx() returns the digest BIOs context into mdcp.

+ +

NOTES

+ +

The context returned by BIO_get_md_ctx() can be used in calls to EVP_DigestFinal() and also the signature routines EVP_SignFinal() and EVP_VerifyFinal().

+ +

The context returned by BIO_get_md_ctx() is an internal context structure. Changes made to this context will affect the digest BIO itself and the context pointer will become invalid when the digest BIO is freed.

+ +

After the digest has been retrieved from a digest BIO it must be reinitialized by calling BIO_reset(), or BIO_set_md() before any more data is passed through it.

+ +

If an application needs to call BIO_gets() or BIO_puts() through a chain containing digest BIOs then this can be done by prepending a buffering BIO.

+ +

Calling BIO_get_md_ctx() will return the context and initialize the BIO state. This allows applications to initialize the context externally if the standard calls such as BIO_set_md() are not sufficiently flexible.

+ +

RETURN VALUES

+ +

BIO_f_md() returns the digest BIO method.

+ +

BIO_set_md(), BIO_get_md() and BIO_md_ctx() return 1 for success and 0 for failure.

+ +

EXAMPLES

+ +

The following example creates a BIO chain containing an SHA1 and MD5 digest BIO and passes the string "Hello World" through it. Error checking has been omitted for clarity.

+ +
BIO *bio, *mdtmp;
+char message[] = "Hello World";
+
+bio = BIO_new(BIO_s_null());
+mdtmp = BIO_new(BIO_f_md());
+BIO_set_md(mdtmp, EVP_sha1());
+/*
+ * For BIO_push() we want to append the sink BIO and keep a note of
+ * the start of the chain.
+ */
+bio = BIO_push(mdtmp, bio);
+mdtmp = BIO_new(BIO_f_md());
+BIO_set_md(mdtmp, EVP_md5());
+bio = BIO_push(mdtmp, bio);
+/* Note: mdtmp can now be discarded */
+BIO_write(bio, message, strlen(message));
+ +

The next example digests data by reading through a chain instead:

+ +
BIO *bio, *mdtmp;
+char buf[1024];
+int rdlen;
+
+bio = BIO_new_file(file, "rb");
+mdtmp = BIO_new(BIO_f_md());
+BIO_set_md(mdtmp, EVP_sha1());
+bio = BIO_push(mdtmp, bio);
+mdtmp = BIO_new(BIO_f_md());
+BIO_set_md(mdtmp, EVP_md5());
+bio = BIO_push(mdtmp, bio);
+do {
+    rdlen = BIO_read(bio, buf, sizeof(buf));
+    /* Might want to do something with the data here */
+} while (rdlen > 0);
+ +

This next example retrieves the message digests from a BIO chain and outputs them. This could be used with the examples above.

+ +
BIO *mdtmp;
+unsigned char mdbuf[EVP_MAX_MD_SIZE];
+int mdlen;
+int i;
+
+mdtmp = bio;   /* Assume bio has previously been set up */
+do {
+    EVP_MD *md;
+
+    mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
+    if (!mdtmp)
+        break;
+    BIO_get_md(mdtmp, &md);
+    printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
+    mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
+    for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
+    printf("\n");
+    mdtmp = BIO_next(mdtmp);
+} while (mdtmp);
+
+BIO_free_all(bio);
+ +

BUGS

+ +

The lack of support for BIO_puts() and the non standard behaviour of BIO_gets() could be regarded as anomalous. It could be argued that BIO_gets() and BIO_puts() should be passed to the next BIO in the chain and digest the data passed through and that digests should be retrieved using a separate BIO_ctrl() call.

+ +

HISTORY

+ +

Before OpenSSL 1.0.0., the call to BIO_get_md_ctx() would only work if the BIO was initialized first.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_null.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_null.html new file mode 100644 index 00000000..d969ee91 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_null.html @@ -0,0 +1,58 @@ + + + + +BIO_f_null + + + + + + + + + + +

NAME

+ +

BIO_f_null - null filter

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_f_null(void);
+ +

DESCRIPTION

+ +

BIO_f_null() returns the null filter BIO method. This is a filter BIO that does nothing.

+ +

All requests to a null filter BIO are passed through to the next BIO in the chain: this means that a BIO chain containing a null filter BIO behaves just as though the BIO was not there.

+ +

NOTES

+ +

As may be apparent a null filter BIO is not particularly useful.

+ +

RETURN VALUES

+ +

BIO_f_null() returns the null filter BIO method.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_ssl.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_ssl.html new file mode 100644 index 00000000..e1688c5f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_f_ssl.html @@ -0,0 +1,263 @@ + + + + +BIO_f_ssl + + + + + + + + + + +

NAME

+ +

BIO_do_handshake, BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, BIO_ssl_shutdown - SSL BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+#include <openssl/ssl.h>
+
+const BIO_METHOD *BIO_f_ssl(void);
+
+long BIO_set_ssl(BIO *b, SSL *ssl, long c);
+long BIO_get_ssl(BIO *b, SSL **sslp);
+long BIO_set_ssl_mode(BIO *b, long client);
+long BIO_set_ssl_renegotiate_bytes(BIO *b, long num);
+long BIO_set_ssl_renegotiate_timeout(BIO *b, long seconds);
+long BIO_get_num_renegotiates(BIO *b);
+
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+int BIO_ssl_copy_session_id(BIO *to, BIO *from);
+void BIO_ssl_shutdown(BIO *bio);
+
+long BIO_do_handshake(BIO *b);
+ +

DESCRIPTION

+ +

BIO_f_ssl() returns the SSL BIO method. This is a filter BIO which is a wrapper round the OpenSSL SSL routines adding a BIO "flavour" to SSL I/O.

+ +

I/O performed on an SSL BIO communicates using the SSL protocol with the SSLs read and write BIOs. If an SSL connection is not established then an attempt is made to establish one on the first I/O call.

+ +

If a BIO is appended to an SSL BIO using BIO_push() it is automatically used as the SSL BIOs read and write BIOs.

+ +

Calling BIO_reset() on an SSL BIO closes down any current SSL connection by calling SSL_shutdown(). BIO_reset() is then sent to the next BIO in the chain: this will typically disconnect the underlying transport. The SSL BIO is then reset to the initial accept or connect state.

+ +

If the close flag is set when an SSL BIO is freed then the internal SSL structure is also freed using SSL_free().

+ +

BIO_set_ssl() sets the internal SSL pointer of BIO b to ssl using the close flag c.

+ +

BIO_get_ssl() retrieves the SSL pointer of BIO b, it can then be manipulated using the standard SSL library functions.

+ +

BIO_set_ssl_mode() sets the SSL BIO mode to client. If client is 1 client mode is set. If client is 0 server mode is set.

+ +

BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count to num. When set after every num bytes of I/O (read and write) the SSL session is automatically renegotiated. num must be at least 512 bytes.

+ +

BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout to seconds. When the renegotiate timeout elapses the session is automatically renegotiated.

+ +

BIO_get_num_renegotiates() returns the total number of session renegotiations due to I/O or timeout.

+ +

BIO_new_ssl() allocates an SSL BIO using SSL_CTX ctx and using client mode if client is non zero.

+ +

BIO_new_ssl_connect() creates a new BIO chain consisting of an SSL BIO (using ctx) followed by a connect BIO.

+ +

BIO_new_buffer_ssl_connect() creates a new BIO chain consisting of a buffering BIO, an SSL BIO (using ctx) and a connect BIO.

+ +

BIO_ssl_copy_session_id() copies an SSL session id between BIO chains from and to. It does this by locating the SSL BIOs in each chain and calling SSL_copy_session_id() on the internal SSL pointer.

+ +

BIO_ssl_shutdown() closes down an SSL connection on BIO chain bio. It does this by locating the SSL BIO in the chain and calling SSL_shutdown() on its internal SSL pointer.

+ +

BIO_do_handshake() attempts to complete an SSL handshake on the supplied BIO and establish the SSL connection. It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the call BIO_should_retry() should be used for non blocking connect BIOs to determine if the call should be retried. If an SSL connection has already been established this call has no effect.

+ +

NOTES

+ +

SSL BIOs are exceptional in that if the underlying transport is non blocking they can still request a retry in exceptional circumstances. Specifically this will happen if a session renegotiation takes place during a BIO_read_ex() operation, one case where this happens is when step up occurs.

+ +

The SSL flag SSL_AUTO_RETRY can be set to disable this behaviour. That is when this flag is set an SSL BIO using a blocking transport will never request a retry.

+ +

Since unknown BIO_ctrl() operations are sent through filter BIOs the servers name and port can be set using BIO_set_host() on the BIO returned by BIO_new_ssl_connect() without having to locate the connect BIO first.

+ +

Applications do not have to call BIO_do_handshake() but may wish to do so to separate the handshake process from other I/O processing.

+ +

BIO_set_ssl(), BIO_get_ssl(), BIO_set_ssl_mode(), BIO_set_ssl_renegotiate_bytes(), BIO_set_ssl_renegotiate_timeout(), BIO_get_num_renegotiates(), and BIO_do_handshake() are implemented as macros.

+ +

RETURN VALUES

+ +

BIO_f_ssl() returns the SSL BIO_METHOD structure.

+ +

BIO_set_ssl(), BIO_get_ssl(), BIO_set_ssl_mode(), BIO_set_ssl_renegotiate_bytes(), BIO_set_ssl_renegotiate_timeout() and BIO_get_num_renegotiates() return 1 on success or a value which is less than or equal to 0 if an error occurred.

+ +

BIO_new_ssl(), BIO_new_ssl_connect() and BIO_new_buffer_ssl_connect() return a valid BIO structure on success or NULL if an error occurred.

+ +

BIO_ssl_copy_session_id() returns 1 on success or 0 on error.

+ +

BIO_do_handshake() returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established.

+ +

EXAMPLES

+ +

This SSL/TLS client example attempts to retrieve a page from an SSL/TLS web server. The I/O routines are identical to those of the unencrypted example in BIO_s_connect(3).

+ +
BIO *sbio, *out;
+int len;
+char tmpbuf[1024];
+SSL_CTX *ctx;
+SSL *ssl;
+
+/* XXX Seed the PRNG if needed. */
+
+ctx = SSL_CTX_new(TLS_client_method());
+
+/* XXX Set verify paths and mode here. */
+
+sbio = BIO_new_ssl_connect(ctx);
+BIO_get_ssl(sbio, &ssl);
+if (ssl == NULL) {
+    fprintf(stderr, "Can't locate SSL pointer\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+
+/* Don't want any retries */
+SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+/* XXX We might want to do other things with ssl here */
+
+/* An empty host part means the loopback address */
+BIO_set_conn_hostname(sbio, ":https");
+
+out = BIO_new_fp(stdout, BIO_NOCLOSE);
+if (BIO_do_connect(sbio) <= 0) {
+    fprintf(stderr, "Error connecting to server\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+if (BIO_do_handshake(sbio) <= 0) {
+    fprintf(stderr, "Error establishing SSL connection\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+
+/* XXX Could examine ssl here to get connection info */
+
+BIO_puts(sbio, "GET / HTTP/1.0\n\n");
+for (;;) {
+    len = BIO_read(sbio, tmpbuf, 1024);
+    if (len <= 0)
+        break;
+    BIO_write(out, tmpbuf, len);
+}
+BIO_free_all(sbio);
+BIO_free(out);
+ +

Here is a simple server example. It makes use of a buffering BIO to allow lines to be read from the SSL BIO using BIO_gets. It creates a pseudo web page containing the actual request from a client and also echoes the request to standard output.

+ +
BIO *sbio, *bbio, *acpt, *out;
+int len;
+char tmpbuf[1024];
+SSL_CTX *ctx;
+SSL *ssl;
+
+/* XXX Seed the PRNG if needed. */
+
+ctx = SSL_CTX_new(TLS_server_method());
+if (!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM)
+        || !SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM)
+        || !SSL_CTX_check_private_key(ctx)) {
+    fprintf(stderr, "Error setting up SSL_CTX\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+
+/* XXX Other things like set verify locations, EDH temp callbacks. */
+
+/* New SSL BIO setup as server */
+sbio = BIO_new_ssl(ctx, 0);
+BIO_get_ssl(sbio, &ssl);
+if (ssl == NULL) {
+    fprintf(stderr, "Can't locate SSL pointer\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+
+SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+bbio = BIO_new(BIO_f_buffer());
+sbio = BIO_push(bbio, sbio);
+acpt = BIO_new_accept("4433");
+
+/*
+ * By doing this when a new connection is established
+ * we automatically have sbio inserted into it. The
+ * BIO chain is now 'swallowed' by the accept BIO and
+ * will be freed when the accept BIO is freed.
+ */
+BIO_set_accept_bios(acpt, sbio);
+out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+/* Setup accept BIO */
+if (BIO_do_accept(acpt) <= 0) {
+    fprintf(stderr, "Error setting up accept BIO\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+
+/* We only want one connection so remove and free accept BIO */
+sbio = BIO_pop(acpt);
+BIO_free_all(acpt);
+
+if (BIO_do_handshake(sbio) <= 0) {
+    fprintf(stderr, "Error in SSL handshake\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+
+BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
+BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
+BIO_puts(sbio, "--------------------------------------------------\r\n");
+
+for (;;) {
+    len = BIO_gets(sbio, tmpbuf, 1024);
+    if (len <= 0)
+        break;
+    BIO_write(sbio, tmpbuf, len);
+    BIO_write(out, tmpbuf, len);
+    /* Look for blank line signifying end of headers*/
+    if (tmpbuf[0] == '\r' || tmpbuf[0] == '\n')
+        break;
+}
+
+BIO_puts(sbio, "--------------------------------------------------\r\n");
+BIO_puts(sbio, "\r\n");
+BIO_flush(sbio);
+BIO_free_all(sbio);
+ +

HISTORY

+ +

In OpenSSL before 1.0.0 the BIO_pop() call was handled incorrectly, the I/O BIO reference count was incorrectly incremented (instead of decremented) and dissociated with the SSL BIO even if the SSL BIO was not explicitly being popped (e.g. a pop higher up the chain). Applications which included workarounds for this bug (e.g. freeing BIOs more than once) should be modified to handle this fix or they may free up an already freed BIO.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_find_type.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_find_type.html new file mode 100644 index 00000000..51188228 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_find_type.html @@ -0,0 +1,83 @@ + + + + +BIO_find_type + + + + + + + + + + +

NAME

+ +

BIO_find_type, BIO_next, BIO_method_type - BIO chain traversal

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+BIO *BIO_find_type(BIO *b, int bio_type);
+BIO *BIO_next(BIO *b);
+int BIO_method_type(const BIO *b);
+ +

DESCRIPTION

+ +

The BIO_find_type() searches for a BIO of a given type in a chain, starting at BIO b. If type is a specific type (such as BIO_TYPE_MEM) then a search is made for a BIO of that type. If type is a general type (such as BIO_TYPE_SOURCE_SINK) then the next matching BIO of the given general type is searched for. BIO_find_type() returns the next matching BIO or NULL if none is found.

+ +

The following general types are defined: BIO_TYPE_DESCRIPTOR, BIO_TYPE_FILTER, and BIO_TYPE_SOURCE_SINK.

+ +

For a list of the specific types, see the openssl/bio.h header file.

+ +

BIO_next() returns the next BIO in a chain. It can be used to traverse all BIOs in a chain or used in conjunction with BIO_find_type() to find all BIOs of a certain type.

+ +

BIO_method_type() returns the type of a BIO.

+ +

RETURN VALUES

+ +

BIO_find_type() returns a matching BIO or NULL for no match.

+ +

BIO_next() returns the next BIO in a chain.

+ +

BIO_method_type() returns the type of the BIO b.

+ +

EXAMPLES

+ +

Traverse a chain looking for digest BIOs:

+ +
BIO *btmp;
+
+btmp = in_bio; /* in_bio is chain to search through */
+do {
+    btmp = BIO_find_type(btmp, BIO_TYPE_MD);
+    if (btmp == NULL)
+        break; /* Not found */
+    /* btmp is a digest BIO, do something with it ...*/
+    ...
+
+    btmp = BIO_next(btmp);
+} while (btmp);
+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_get_data.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_get_data.html new file mode 100644 index 00000000..7eb54c2f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_get_data.html @@ -0,0 +1,76 @@ + + + + +BIO_get_data + + + + + + + + + + +

NAME

+ +

BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, BIO_get_shutdown - functions for managing BIO state information

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+void BIO_set_data(BIO *a, void *ptr);
+void *BIO_get_data(BIO *a);
+void BIO_set_init(BIO *a, int init);
+int BIO_get_init(BIO *a);
+void BIO_set_shutdown(BIO *a, int shut);
+int BIO_get_shutdown(BIO *a);
+ +

DESCRIPTION

+ +

These functions are mainly useful when implementing a custom BIO.

+ +

The BIO_set_data() function associates the custom data pointed to by ptr with the BIO. This data can subsequently be retrieved via a call to BIO_get_data(). This can be used by custom BIOs for storing implementation specific information.

+ +

The BIO_set_init() function sets the value of the BIO's "init" flag to indicate whether initialisation has been completed for this BIO or not. A non-zero value indicates that initialisation is complete, whilst zero indicates that it is not. Often initialisation will complete during initial construction of the BIO. For some BIOs however, initialisation may not complete until after additional steps have occurred (for example through calling custom ctrls). The BIO_get_init() function returns the value of the "init" flag.

+ +

The BIO_set_shutdown() and BIO_get_shutdown() functions set and get the state of this BIO's shutdown (i.e. BIO_CLOSE) flag. If set then the underlying resource is also closed when the BIO is freed.

+ +

RETURN VALUES

+ +

BIO_get_data() returns a pointer to the implementation specific custom data associated with this BIO, or NULL if none has been set.

+ +

BIO_get_init() returns the state of the BIO's init flag.

+ +

BIO_get_shutdown() returns the stat of the BIO's shutdown (i.e. BIO_CLOSE) flag.

+ +

SEE ALSO

+ +

bio, BIO_meth_new

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_get_ex_new_index.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_get_ex_new_index.html new file mode 100644 index 00000000..6739e44e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_get_ex_new_index.html @@ -0,0 +1,75 @@ + + + + +BIO_get_ex_new_index + + + + + + + + + + +

NAME

+ +

BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data, UI_get_ex_new_index, UI_set_ex_data, UI_get_ex_data, X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data, X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data, X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data, DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data, EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data, RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - application-specific data

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int TYPE_get_ex_new_index(long argl, void *argp,
+                          CRYPTO_EX_new *new_func,
+                          CRYPTO_EX_dup *dup_func,
+                          CRYPTO_EX_free *free_func);
+
+int TYPE_set_ex_data(TYPE *d, int idx, void *arg);
+
+void *TYPE_get_ex_data(TYPE *d, int idx);
+ +

DESCRIPTION

+ +

In the description here, TYPE is used a placeholder for any of the OpenSSL datatypes listed in CRYPTO_get_ex_new_index(3).

+ +

These functions handle application-specific data for OpenSSL data structures.

+ +

TYPE_get_ex_new_index() is a macro that calls CRYPTO_get_ex_new_index() with the correct index value.

+ +

TYPE_set_ex_data() is a function that calls CRYPTO_set_ex_data() with an offset into the opaque exdata part of the TYPE object.

+ +

TYPE_get_ex_data() is a function that calls CRYPTO_get_ex_data() with an offset into the opaque exdata part of the TYPE object.

+ +

RETURN VALUES

+ +

TYPE_get_ex_new_index() returns a new index on success or -1 on error.

+ +

TYPE_set_ex_data() returns 1 on success or 0 on error.

+ +

TYPE_get_ex_data() returns the application data or NULL if an error occurred.

+ +

SEE ALSO

+ +

CRYPTO_get_ex_new_index(3).

+ +

COPYRIGHT

+ +

Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_meth_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_meth_new.html new file mode 100644 index 00000000..fccdeefc --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_meth_new.html @@ -0,0 +1,128 @@ + + + + +BIO_meth_new + + + + + + + + + + +

NAME

+ +

BIO_get_new_index, BIO_meth_new, BIO_meth_free, BIO_meth_get_read_ex, BIO_meth_set_read_ex, BIO_meth_get_write_ex, BIO_meth_set_write_ex, BIO_meth_get_write, BIO_meth_set_write, BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, BIO_meth_set_puts, BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, BIO_meth_set_ctrl, BIO_meth_get_create, BIO_meth_set_create, BIO_meth_get_destroy, BIO_meth_set_destroy, BIO_meth_get_callback_ctrl, BIO_meth_set_callback_ctrl - Routines to build up BIO methods

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+int BIO_get_new_index(void);
+
+BIO_METHOD *BIO_meth_new(int type, const char *name);
+
+void BIO_meth_free(BIO_METHOD *biom);
+
+int (*BIO_meth_get_write_ex(const BIO_METHOD *biom))(BIO *, const char *, size_t,
+                                               size_t *);
+int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int);
+int BIO_meth_set_write_ex(BIO_METHOD *biom,
+                          int (*bwrite)(BIO *, const char *, size_t, size_t *));
+int BIO_meth_set_write(BIO_METHOD *biom,
+                       int (*write)(BIO *, const char *, int));
+
+int (*BIO_meth_get_read_ex(const BIO_METHOD *biom))(BIO *, char *, size_t, size_t *);
+int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int);
+int BIO_meth_set_read_ex(BIO_METHOD *biom,
+                         int (*bread)(BIO *, char *, size_t, size_t *));
+int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int));
+
+int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *);
+int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *));
+
+int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int);
+int BIO_meth_set_gets(BIO_METHOD *biom,
+                      int (*gets)(BIO *, char *, int));
+
+long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *);
+int BIO_meth_set_ctrl(BIO_METHOD *biom,
+                      long (*ctrl)(BIO *, int, long, void *));
+
+int (*BIO_meth_get_create(const BIO_METHOD *bion))(BIO *);
+int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *));
+
+int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *);
+int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *));
+
+long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *);
+int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+                               long (*callback_ctrl)(BIO *, int, BIO_info_cb *));
+ +

DESCRIPTION

+ +

The BIO_METHOD type is a structure used for the implementation of new BIO types. It provides a set of functions used by OpenSSL for the implementation of the various BIO capabilities. See the bio page for more information.

+ +

BIO_meth_new() creates a new BIO_METHOD structure. It should be given a unique integer type and a string that represents its name. Use BIO_get_new_index() to get the value for type.

+ +

The set of standard OpenSSL provided BIO types is provided in bio.h. Some examples include BIO_TYPE_BUFFER and BIO_TYPE_CIPHER. Filter BIOs should have a type which have the "filter" bit set (BIO_TYPE_FILTER). Source/sink BIOs should have the "source/sink" bit set (BIO_TYPE_SOURCE_SINK). File descriptor based BIOs (e.g. socket, fd, connect, accept etc) should additionally have the "descriptor" bit set (BIO_TYPE_DESCRIPTOR). See the BIO_find_type page for more information.

+ +

BIO_meth_free() destroys a BIO_METHOD structure and frees up any memory associated with it.

+ +

BIO_meth_get_write_ex() and BIO_meth_set_write_ex() get and set the function used for writing arbitrary length data to the BIO respectively. This function will be called in response to the application calling BIO_write_ex() or BIO_write(). The parameters for the function have the same meaning as for BIO_write_ex(). Older code may call BIO_meth_get_write() and BIO_meth_set_write() instead. Applications should not call both BIO_meth_set_write_ex() and BIO_meth_set_write() or call BIO_meth_get_write() when the function was set with BIO_meth_set_write_ex().

+ +

BIO_meth_get_read_ex() and BIO_meth_set_read_ex() get and set the function used for reading arbitrary length data from the BIO respectively. This function will be called in response to the application calling BIO_read_ex() or BIO_read(). The parameters for the function have the same meaning as for BIO_read_ex(). Older code may call BIO_meth_get_read() and BIO_meth_set_read() instead. Applications should not call both BIO_meth_set_read_ex() and BIO_meth_set_read() or call BIO_meth_get_read() when the function was set with BIO_meth_set_read_ex().

+ +

BIO_meth_get_puts() and BIO_meth_set_puts() get and set the function used for writing a NULL terminated string to the BIO respectively. This function will be called in response to the application calling BIO_puts(). The parameters for the function have the same meaning as for BIO_puts().

+ +

BIO_meth_get_gets() and BIO_meth_set_gets() get and set the function typically used for reading a line of data from the BIO respectively (see the BIO_gets(3) page for more information). This function will be called in response to the application calling BIO_gets(). The parameters for the function have the same meaning as for BIO_gets().

+ +

BIO_meth_get_ctrl() and BIO_meth_set_ctrl() get and set the function used for processing ctrl messages in the BIO respectively. See the BIO_ctrl page for more information. This function will be called in response to the application calling BIO_ctrl(). The parameters for the function have the same meaning as for BIO_ctrl().

+ +

BIO_meth_get_create() and BIO_meth_set_create() get and set the function used for creating a new instance of the BIO respectively. This function will be called in response to the application calling BIO_new() and passing in a pointer to the current BIO_METHOD. The BIO_new() function will allocate the memory for the new BIO, and a pointer to this newly allocated structure will be passed as a parameter to the function.

+ +

BIO_meth_get_destroy() and BIO_meth_set_destroy() get and set the function used for destroying an instance of a BIO respectively. This function will be called in response to the application calling BIO_free(). A pointer to the BIO to be destroyed is passed as a parameter. The destroy function should be used for BIO specific clean up. The memory for the BIO itself should not be freed by this function.

+ +

BIO_meth_get_callback_ctrl() and BIO_meth_set_callback_ctrl() get and set the function used for processing callback ctrl messages in the BIO respectively. See the BIO_callback_ctrl(3) page for more information. This function will be called in response to the application calling BIO_callback_ctrl(). The parameters for the function have the same meaning as for BIO_callback_ctrl().

+ +

RETURN VALUES

+ +

BIO_get_new_index() returns the new BIO type value or -1 if an error occurred.

+ +

BIO_meth_new(int type, const char *name) returns a valid BIO_METHOD or NULL if an error occurred.

+ +

The BIO_meth_set functions return 1 on success or 0 on error.

+ +

The BIO_meth_get functions return the corresponding function pointers.

+ +

SEE ALSO

+ +

bio, BIO_find_type, BIO_ctrl, BIO_read_ex, BIO_new

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_new.html new file mode 100644 index 00000000..30b46277 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_new.html @@ -0,0 +1,84 @@ + + + + +BIO_new + + + + + + + + + + +

NAME

+ +

BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all - BIO allocation and freeing functions

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+BIO *  BIO_new(const BIO_METHOD *type);
+int    BIO_up_ref(BIO *a);
+int    BIO_free(BIO *a);
+void   BIO_vfree(BIO *a);
+void   BIO_free_all(BIO *a);
+ +

DESCRIPTION

+ +

The BIO_new() function returns a new BIO using method type.

+ +

BIO_up_ref() increments the reference count associated with the BIO object.

+ +

BIO_free() frees up a single BIO, BIO_vfree() also frees up a single BIO but it does not return a value. If a is NULL nothing is done. Calling BIO_free() may also have some effect on the underlying I/O structure, for example it may close the file being referred to under certain circumstances. For more details see the individual BIO_METHOD descriptions.

+ +

BIO_free_all() frees up an entire BIO chain, it does not halt if an error occurs freeing up an individual BIO in the chain. If a is NULL nothing is done.

+ +

RETURN VALUES

+ +

BIO_new() returns a newly created BIO or NULL if the call fails.

+ +

BIO_up_ref() and BIO_free() return 1 for success and 0 for failure.

+ +

BIO_free_all() and BIO_vfree() do not return values.

+ +

NOTES

+ +

If BIO_free() is called on a BIO chain it will only free one BIO resulting in a memory leak.

+ +

Calling BIO_free_all() on a single BIO has the same effect as calling BIO_free() on it other than the discarded return value.

+ +

HISTORY

+ +

BIO_set() was removed in OpenSSL 1.1.0 as BIO type is now opaque.

+ +

EXAMPLES

+ +

Create a memory BIO:

+ +
BIO *mem = BIO_new(BIO_s_mem());
+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_new_CMS.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_new_CMS.html new file mode 100644 index 00000000..78652b7e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_new_CMS.html @@ -0,0 +1,81 @@ + + + + +BIO_new_CMS + + + + + + + + + + +

NAME

+ +

BIO_new_CMS - CMS streaming filter BIO

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
+ +

DESCRIPTION

+ +

BIO_new_CMS() returns a streaming filter BIO chain based on cms. The output of the filter is written to out. Any data written to the chain is automatically translated to a BER format CMS structure of the appropriate type.

+ +

NOTES

+ +

The chain returned by this function behaves like a standard filter BIO. It supports non blocking I/O. Content is processed and streamed on the fly and not all held in memory at once: so it is possible to encode very large structures. After all content has been written through the chain BIO_flush() must be called to finalise the structure.

+ +

The CMS_STREAM flag must be included in the corresponding flags parameter of the cms creation function.

+ +

If an application wishes to write additional data to out BIOs should be removed from the chain using BIO_pop() and freed with BIO_free() until out is reached. If no additional data needs to be written BIO_free_all() can be called to free up the whole chain.

+ +

Any content written through the filter is used verbatim: no canonical translation is performed.

+ +

It is possible to chain multiple BIOs to, for example, create a triple wrapped signed, enveloped, signed structure. In this case it is the applications responsibility to set the inner content type of any outer CMS_ContentInfo structures.

+ +

Large numbers of small writes through the chain should be avoided as this will produce an output consisting of lots of OCTET STRING structures. Prepending a BIO_f_buffer() buffering BIO will prevent this.

+ +

BUGS

+ +

There is currently no corresponding inverse BIO: i.e. one which can decode a CMS structure on the fly.

+ +

RETURN VALUES

+ +

BIO_new_CMS() returns a BIO chain when successful or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_encrypt(3)

+ +

HISTORY

+ +

The BIO_new_CMS() function was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_parse_hostserv.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_parse_hostserv.html new file mode 100644 index 00000000..3c75e8b4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_parse_hostserv.html @@ -0,0 +1,91 @@ + + + + +BIO_parse_hostserv + + + + + + + + + + +

NAME

+ +

BIO_hostserv_priorities, BIO_parse_hostserv - utility routines to parse a standard host and service string

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+enum BIO_hostserv_priorities {
+    BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV
+};
+int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
+                       enum BIO_hostserv_priorities hostserv_prio);
+ +

DESCRIPTION

+ +

BIO_parse_hostserv() will parse the information given in hostserv, create strings with the host name and service name and give those back via host and service. Those will need to be freed after they are used. hostserv_prio helps determine if hostserv shall be interpreted primarily as a host name or a service name in ambiguous cases.

+ +

The syntax the BIO_parse_hostserv() recognises is:

+ +
host + ':' + service
+host + ':' + '*'
+host + ':'
+       ':' + service
+'*'  + ':' + service
+host
+service
+ +

The host part can be a name or an IP address. If it's a IPv6 address, it MUST be enclosed in brackets, such as '[::1]'.

+ +

The service part can be a service name or its port number.

+ +

The returned values will depend on the given hostserv string and hostserv_prio, as follows:

+ +
host + ':' + service  => *host = "host", *service = "service"
+host + ':' + '*'      => *host = "host", *service = NULL
+host + ':'            => *host = "host", *service = NULL
+       ':' + service  => *host = NULL, *service = "service"
+ '*' + ':' + service  => *host = NULL, *service = "service"
+
+in case no ':' is present in the string, the result depends on
+hostserv_prio, as follows:
+
+when hostserv_prio == BIO_PARSE_PRIO_HOST
+host                 => *host = "host", *service untouched
+
+when hostserv_prio == BIO_PARSE_PRIO_SERV
+service              => *host untouched, *service = "service"
+ +

RETURN VALUES

+ +

BIO_parse_hostserv() returns 1 on success or 0 on error.

+ +

SEE ALSO

+ +

BIO_ADDRINFO(3)

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_printf.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_printf.html new file mode 100644 index 00000000..cc2c06fe --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_printf.html @@ -0,0 +1,61 @@ + + + + +BIO_printf + + + + + + + + + + +

NAME

+ +

BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf - formatted output to a BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+int BIO_printf(BIO *bio, const char *format, ...)
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
+
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+ +

DESCRIPTION

+ +

BIO_printf() is similar to the standard C printf() function, except that the output is sent to the specified BIO, bio, rather than standard output. All common format specifiers are supported.

+ +

BIO_vprintf() is similar to the vprintf() function found on many platforms, the output is sent to the specified BIO, bio, rather than standard output. All common format specifiers are supported. The argument list args is a stdarg argument list.

+ +

BIO_snprintf() is for platforms that do not have the common snprintf() function. It is like sprintf() except that the size parameter, n, specifies the size of the output buffer.

+ +

BIO_vsnprintf() is to BIO_snprintf() as BIO_vprintf() is to BIO_printf().

+ +

RETURN VALUES

+ +

All functions return the number of bytes written, or -1 on error. For BIO_snprintf() and BIO_vsnprintf() this includes when the output buffer is too small.

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_push.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_push.html new file mode 100644 index 00000000..6c490997 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_push.html @@ -0,0 +1,98 @@ + + + + +BIO_push + + + + + + + + + + +

NAME

+ +

BIO_push, BIO_pop, BIO_set_next - add and remove BIOs from a chain

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+BIO *BIO_push(BIO *b, BIO *append);
+BIO *BIO_pop(BIO *b);
+void BIO_set_next(BIO *b, BIO *next);
+ +

DESCRIPTION

+ +

The BIO_push() function appends the BIO append to b, it returns b.

+ +

BIO_pop() removes the BIO b from a chain and returns the next BIO in the chain, or NULL if there is no next BIO. The removed BIO then becomes a single BIO with no association with the original chain, it can thus be freed or attached to a different chain.

+ +

BIO_set_next() replaces the existing next BIO in a chain with the BIO pointed to by next. The new chain may include some of the same BIOs from the old chain or it may be completely different.

+ +

NOTES

+ +

The names of these functions are perhaps a little misleading. BIO_push() joins two BIO chains whereas BIO_pop() deletes a single BIO from a chain, the deleted BIO does not need to be at the end of a chain.

+ +

The process of calling BIO_push() and BIO_pop() on a BIO may have additional consequences (a control call is made to the affected BIOs) any effects will be noted in the descriptions of individual BIOs.

+ +

RETURN VALUES

+ +

BIO_push() returns the end of the chain, b.

+ +

BIO_pop() returns the next BIO in the chain, or NULL if there is no next BIO.

+ +

EXAMPLES

+ +

For these examples suppose md1 and md2 are digest BIOs, b64 is a base64 BIO and f is a file BIO.

+ +

If the call:

+ +
BIO_push(b64, f);
+ +

is made then the new chain will be b64-f. After making the calls

+ +
BIO_push(md2, b64);
+BIO_push(md1, md2);
+ +

the new chain is md1-md2-b64-f. Data written to md1 will be digested by md1 and md2, base64 encoded and written to f.

+ +

It should be noted that reading causes data to pass in the reverse direction, that is data is read from f, base64 decoded and digested by md1 and md2. If the call:

+ +
BIO_pop(md2);
+ +

The call will return b64 and the new chain will be md1-b64-f data can be written to md1 as before.

+ +

SEE ALSO

+ +

bio

+ +

HISTORY

+ +

The BIO_set_next() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_read.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_read.html new file mode 100644 index 00000000..05fce951 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_read.html @@ -0,0 +1,90 @@ + + + + +BIO_read + + + + + + + + + + +

NAME

+ +

BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts - BIO I/O functions

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+
+int BIO_read(BIO *b, void *data, int dlen);
+int BIO_gets(BIO *b, char *buf, int size);
+int BIO_write(BIO *b, const void *data, int dlen);
+int BIO_puts(BIO *b, const char *buf);
+ +

DESCRIPTION

+ +

BIO_read_ex() attempts to read dlen bytes from BIO b and places the data in data. If any bytes were successfully read then the number of bytes read is stored in *readbytes.

+ +

BIO_write_ex() attempts to write dlen bytes from data to BIO b. If successful then the number of bytes written is stored in *written.

+ +

BIO_read() attempts to read len bytes from BIO b and places the data in buf.

+ +

BIO_gets() performs the BIOs "gets" operation and places the data in buf. Usually this operation will attempt to read a line of data from the BIO of maximum length size-1. There are exceptions to this, however; for example, BIO_gets() on a digest BIO will calculate and return the digest and other BIOs may not support BIO_gets() at all. The returned string is always NUL-terminated and the '\n' is preserved if present in the input data.

+ +

BIO_write() attempts to write len bytes from buf to BIO b.

+ +

BIO_puts() attempts to write a NUL-terminated string buf to BIO b.

+ +

RETURN VALUES

+ +

BIO_read_ex() and BIO_write_ex() return 1 if data was successfully read or written, and 0 otherwise.

+ +

All other functions return either the amount of data successfully read or written (if the return value is positive) or that no data was successfully read or written if the result is 0 or -1. If the return value is -2 then the operation is not implemented in the specific BIO type. The trailing NUL is not included in the length returned by BIO_gets().

+ +

NOTES

+ +

A 0 or -1 return is not necessarily an indication of an error. In particular when the source/sink is non-blocking or of a certain type it may merely be an indication that no data is currently available and that the application should retry the operation later.

+ +

One technique sometimes used with blocking sockets is to use a system call (such as select(), poll() or equivalent) to determine when data is available and then call read() to read the data. The equivalent with BIOs (that is call select() on the underlying I/O structure and then call BIO_read() to read the data) should not be used because a single call to BIO_read() can cause several reads (and writes in the case of SSL BIOs) on the underlying I/O structure and may block as a result. Instead select() (or equivalent) should be combined with non blocking I/O so successive reads will request a retry instead of blocking.

+ +

See BIO_should_retry(3) for details of how to determine the cause of a retry and other I/O issues.

+ +

If the BIO_gets() function is not supported by a BIO then it possible to work around this by adding a buffering BIO BIO_f_buffer(3) to the chain.

+ +

SEE ALSO

+ +

BIO_should_retry(3)

+ +

HISTORY

+ +

BIO_gets() on 1.1.0 and older when called on BIO_fd() based BIO does not keep the '\n' at the end of the line in the buffer.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_accept.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_accept.html new file mode 100644 index 00000000..23ad9cde --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_accept.html @@ -0,0 +1,175 @@ + + + + +BIO_s_accept + + + + + + + + + + +

NAME

+ +

BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, BIO_get_peer_name, BIO_get_peer_port, BIO_get_accept_ip_family, BIO_set_accept_ip_family, BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept - accept BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_s_accept(void);
+
+long BIO_set_accept_name(BIO *b, char *name);
+char *BIO_get_accept_name(BIO *b);
+
+long BIO_set_accept_port(BIO *b, char *port);
+char *BIO_get_accept_port(BIO *b);
+
+BIO *BIO_new_accept(char *host_port);
+
+long BIO_set_nbio_accept(BIO *b, int n);
+long BIO_set_accept_bios(BIO *b, char *bio);
+
+char *BIO_get_peer_name(BIO *b);
+char *BIO_get_peer_port(BIO *b);
+long BIO_get_accept_ip_family(BIO *b);
+long BIO_set_accept_ip_family(BIO *b, long family);
+
+long BIO_set_bind_mode(BIO *b, long mode);
+long BIO_get_bind_mode(BIO *b);
+
+int BIO_do_accept(BIO *b);
+ +

DESCRIPTION

+ +

BIO_s_accept() returns the accept BIO method. This is a wrapper round the platform's TCP/IP socket accept routines.

+ +

Using accept BIOs, TCP/IP connections can be accepted and data transferred using only BIO routines. In this way any platform specific operations are hidden by the BIO abstraction.

+ +

Read and write operations on an accept BIO will perform I/O on the underlying connection. If no connection is established and the port (see below) is set up properly then the BIO waits for an incoming connection.

+ +

Accept BIOs support BIO_puts() but not BIO_gets().

+ +

If the close flag is set on an accept BIO then any active connection on that chain is shutdown and the socket closed when the BIO is freed.

+ +

Calling BIO_reset() on an accept BIO will close any active connection and reset the BIO into a state where it awaits another incoming connection.

+ +

BIO_get_fd() and BIO_set_fd() can be called to retrieve or set the accept socket. See BIO_s_fd(3)

+ +

BIO_set_accept_name() uses the string name to set the accept name. The name is represented as a string of the form "host:port", where "host" is the interface to use and "port" is the port. The host can be "*" or empty which is interpreted as meaning any interface. If the host is an IPv6 address, it has to be enclosed in brackets, for example "[::1]:https". "port" has the same syntax as the port specified in BIO_set_conn_port() for connect BIOs, that is it can be a numerical port string or a string to lookup using getservbyname() and a string table.

+ +

BIO_set_accept_port() uses the string port to set the accept port. "port" has the same syntax as the port specified in BIO_set_conn_port() for connect BIOs, that is it can be a numerical port string or a string to lookup using getservbyname() and a string table.

+ +

BIO_new_accept() combines BIO_new() and BIO_set_accept_name() into a single call: that is it creates a new accept BIO with port host_port.

+ +

BIO_set_nbio_accept() sets the accept socket to blocking mode (the default) if n is 0 or non blocking mode if n is 1.

+ +

BIO_set_accept_bios() can be used to set a chain of BIOs which will be duplicated and prepended to the chain when an incoming connection is received. This is useful if, for example, a buffering or SSL BIO is required for each connection. The chain of BIOs must not be freed after this call, they will be automatically freed when the accept BIO is freed.

+ +

BIO_set_bind_mode() and BIO_get_bind_mode() set and retrieve the current bind mode. If BIO_BIND_NORMAL (the default) is set then another socket cannot be bound to the same port. If BIO_BIND_REUSEADDR is set then other sockets can bind to the same port. If BIO_BIND_REUSEADDR_IF_UNUSED is set then and attempt is first made to use BIO_BIN_NORMAL, if this fails and the port is not in use then a second attempt is made using BIO_BIND_REUSEADDR.

+ +

BIO_do_accept() serves two functions. When it is first called, after the accept BIO has been setup, it will attempt to create the accept socket and bind an address to it. Second and subsequent calls to BIO_do_accept() will await an incoming connection, or request a retry in non blocking mode.

+ +

NOTES

+ +

When an accept BIO is at the end of a chain it will await an incoming connection before processing I/O calls. When an accept BIO is not at then end of a chain it passes I/O calls to the next BIO in the chain.

+ +

When a connection is established a new socket BIO is created for the connection and appended to the chain. That is the chain is now accept->socket. This effectively means that attempting I/O on an initial accept socket will await an incoming connection then perform I/O on it.

+ +

If any additional BIOs have been set using BIO_set_accept_bios() then they are placed between the socket and the accept BIO, that is the chain will be accept->otherbios->socket.

+ +

If a server wishes to process multiple connections (as is normally the case) then the accept BIO must be made available for further incoming connections. This can be done by waiting for a connection and then calling:

+ +
connection = BIO_pop(accept);
+ +

After this call connection will contain a BIO for the recently established connection and accept will now be a single BIO again which can be used to await further incoming connections. If no further connections will be accepted the accept can be freed using BIO_free().

+ +

If only a single connection will be processed it is possible to perform I/O using the accept BIO itself. This is often undesirable however because the accept BIO will still accept additional incoming connections. This can be resolved by using BIO_pop() (see above) and freeing up the accept BIO after the initial connection.

+ +

If the underlying accept socket is non-blocking and BIO_do_accept() is called to await an incoming connection it is possible for BIO_should_io_special() with the reason BIO_RR_ACCEPT. If this happens then it is an indication that an accept attempt would block: the application should take appropriate action to wait until the underlying socket has accepted a connection and retry the call.

+ +

BIO_set_accept_name(), BIO_get_accept_name(), BIO_set_accept_port(), BIO_get_accept_port(), BIO_set_nbio_accept(), BIO_set_accept_bios(), BIO_get_peer_name(), BIO_get_peer_port(), BIO_get_accept_ip_family(), BIO_set_accept_ip_family(), BIO_set_bind_mode(), BIO_get_bind_mode() and BIO_do_accept() are macros.

+ +

RETURN VALUES

+ +

BIO_do_accept(), BIO_set_accept_name(), BIO_set_accept_port(), BIO_set_nbio_accept(), BIO_set_accept_bios(), BIO_set_accept_ip_family(), and BIO_set_bind_mode() return 1 for success and 0 or -1 for failure.

+ +

BIO_get_accept_name() returns the accept name or NULL on error. BIO_get_peer_name() returns the peer name or NULL on error.

+ +

BIO_get_accept_port() returns the accept port as a string or NULL on error. BIO_get_peer_port() returns the peer port as a string or NULL on error. BIO_get_accept_ip_family() returns the IP family or -1 on error.

+ +

BIO_get_bind_mode() returns the set of BIO_BIND flags, or -1 on failure.

+ +

BIO_new_accept() returns a BIO or NULL on error.

+ +

EXAMPLES

+ +

This example accepts two connections on port 4444, sends messages down each and finally closes both down.

+ +
BIO *abio, *cbio, *cbio2;
+
+/* First call to BIO_accept() sets up accept BIO */
+abio = BIO_new_accept("4444");
+if (BIO_do_accept(abio) <= 0) {
+    fprintf(stderr, "Error setting up accept\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+
+/* Wait for incoming connection */
+if (BIO_do_accept(abio) <= 0) {
+    fprintf(stderr, "Error accepting connection\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+fprintf(stderr, "Connection 1 established\n");
+
+/* Retrieve BIO for connection */
+cbio = BIO_pop(abio);
+BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\n");
+fprintf(stderr, "Sent out data on connection 1\n");
+
+/* Wait for another connection */
+if (BIO_do_accept(abio) <= 0) {
+    fprintf(stderr, "Error accepting connection\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+fprintf(stderr, "Connection 2 established\n");
+
+/* Close accept BIO to refuse further connections */
+cbio2 = BIO_pop(abio);
+BIO_free(abio);
+BIO_puts(cbio2, "Connection 2: Sending out Data on second\n");
+fprintf(stderr, "Sent out data on connection 2\n");
+
+BIO_puts(cbio, "Connection 1: Second connection established\n");
+
+/* Close the two established connections */
+BIO_free(cbio);
+BIO_free(cbio2);
+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_bio.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_bio.html new file mode 100644 index 00000000..4d6cd528 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_bio.html @@ -0,0 +1,157 @@ + + + + +BIO_s_bio + + + + + + + + + + +

NAME

+ +

BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request, BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_s_bio(void);
+
+int BIO_make_bio_pair(BIO *b1, BIO *b2);
+int BIO_destroy_bio_pair(BIO *b);
+int BIO_shutdown_wr(BIO *b);
+
+int BIO_set_write_buf_size(BIO *b, long size);
+size_t BIO_get_write_buf_size(BIO *b, long size);
+
+int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
+
+int BIO_get_write_guarantee(BIO *b);
+size_t BIO_ctrl_get_write_guarantee(BIO *b);
+int BIO_get_read_request(BIO *b);
+size_t BIO_ctrl_get_read_request(BIO *b);
+int BIO_ctrl_reset_read_request(BIO *b);
+ +

DESCRIPTION

+ +

BIO_s_bio() returns the method for a BIO pair. A BIO pair is a pair of source/sink BIOs where data written to either half of the pair is buffered and can be read from the other half. Both halves must usually by handled by the same application thread since no locking is done on the internal data structures.

+ +

Since BIO chains typically end in a source/sink BIO it is possible to make this one half of a BIO pair and have all the data processed by the chain under application control.

+ +

One typical use of BIO pairs is to place TLS/SSL I/O under application control, this can be used when the application wishes to use a non standard transport for TLS/SSL or the normal socket routines are inappropriate.

+ +

Calls to BIO_read_ex() will read data from the buffer or request a retry if no data is available.

+ +

Calls to BIO_write_ex() will place data in the buffer or request a retry if the buffer is full.

+ +

The standard calls BIO_ctrl_pending() and BIO_ctrl_wpending() can be used to determine the amount of pending data in the read or write buffer.

+ +

BIO_reset() clears any data in the write buffer.

+ +

BIO_make_bio_pair() joins two separate BIOs into a connected pair.

+ +

BIO_destroy_pair() destroys the association between two connected BIOs. Freeing up any half of the pair will automatically destroy the association.

+ +

BIO_shutdown_wr() is used to close down a BIO b. After this call no further writes on BIO b are allowed (they will return an error). Reads on the other half of the pair will return any pending data or EOF when all pending data has been read.

+ +

BIO_set_write_buf_size() sets the write buffer size of BIO b to size. If the size is not initialized a default value is used. This is currently 17K, sufficient for a maximum size TLS record.

+ +

BIO_get_write_buf_size() returns the size of the write buffer.

+ +

BIO_new_bio_pair() combines the calls to BIO_new(), BIO_make_bio_pair() and BIO_set_write_buf_size() to create a connected pair of BIOs bio1, bio2 with write buffer sizes writebuf1 and writebuf2. If either size is zero then the default size is used. BIO_new_bio_pair() does not check whether bio1 or bio2 do point to some other BIO, the values are overwritten, BIO_free() is not called.

+ +

BIO_get_write_guarantee() and BIO_ctrl_get_write_guarantee() return the maximum length of data that can be currently written to the BIO. Writes larger than this value will return a value from BIO_write_ex() less than the amount requested or if the buffer is full request a retry. BIO_ctrl_get_write_guarantee() is a function whereas BIO_get_write_guarantee() is a macro.

+ +

BIO_get_read_request() and BIO_ctrl_get_read_request() return the amount of data requested, or the buffer size if it is less, if the last read attempt at the other half of the BIO pair failed due to an empty buffer. This can be used to determine how much data should be written to the BIO so the next read will succeed: this is most useful in TLS/SSL applications where the amount of data read is usually meaningful rather than just a buffer size. After a successful read this call will return zero. It also will return zero once new data has been written satisfying the read request or part of it. Note that BIO_get_read_request() never returns an amount larger than that returned by BIO_get_write_guarantee().

+ +

BIO_ctrl_reset_read_request() can also be used to reset the value returned by BIO_get_read_request() to zero.

+ +

NOTES

+ +

Both halves of a BIO pair should be freed. That is even if one half is implicit freed due to a BIO_free_all() or SSL_free() call the other half needs to be freed.

+ +

When used in bidirectional applications (such as TLS/SSL) care should be taken to flush any data in the write buffer. This can be done by calling BIO_pending() on the other half of the pair and, if any data is pending, reading it and sending it to the underlying transport. This must be done before any normal processing (such as calling select() ) due to a request and BIO_should_read() being true.

+ +

To see why this is important consider a case where a request is sent using BIO_write_ex() and a response read with BIO_read_ex(), this can occur during an TLS/SSL handshake for example. BIO_write_ex() will succeed and place data in the write buffer. BIO_read_ex() will initially fail and BIO_should_read() will be true. If the application then waits for data to be available on the underlying transport before flushing the write buffer it will never succeed because the request was never sent!

+ +

BIO_eof() is true if no data is in the peer BIO and the peer BIO has been shutdown.

+ +

BIO_make_bio_pair(), BIO_destroy_bio_pair(), BIO_shutdown_wr(), BIO_set_write_buf_size(), BIO_get_write_buf_size(), BIO_get_write_guarantee(), and BIO_get_read_request() are implemented as macros.

+ +

RETURN VALUES

+ +

BIO_new_bio_pair() returns 1 on success, with the new BIOs available in bio1 and bio2, or 0 on failure, with NULL pointers stored into the locations for bio1 and bio2. Check the error stack for more information.

+ +

[XXXXX: More return values need to be added here]

+ +

EXAMPLES

+ +

The BIO pair can be used to have full control over the network access of an application. The application can call select() on the socket as required without having to go through the SSL-interface.

+ +
BIO *internal_bio, *network_bio;
+
+...
+BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0);
+SSL_set_bio(ssl, internal_bio, internal_bio);
+SSL_operations(); /* e.g SSL_read and SSL_write */
+...
+
+application |   TLS-engine
+   |        |
+   +----------> SSL_operations()
+            |     /\    ||
+            |     ||    \/
+            |   BIO-pair (internal_bio)
+            |   BIO-pair (network_bio)
+            |     ||     /\
+            |     \/     ||
+   +-----------< BIO_operations()
+   |        |
+   |        |
+  socket
+
+ ...
+ SSL_free(ssl);                /* implicitly frees internal_bio */
+ BIO_free(network_bio);
+ ...
+ +

As the BIO pair will only buffer the data and never directly access the connection, it behaves non-blocking and will return as soon as the write buffer is full or the read buffer is drained. Then the application has to flush the write buffer and/or fill the read buffer.

+ +

Use the BIO_ctrl_pending(), to find out whether data is buffered in the BIO and must be transferred to the network. Use BIO_ctrl_get_read_request() to find out, how many bytes must be written into the buffer before the SSL_operation() can successfully be continued.

+ +

WARNINGS

+ +

As the data is buffered, SSL_operation() may return with an ERROR_SSL_WANT_READ condition, but there is still data in the write buffer. An application must not rely on the error value of SSL_operation() but must assure that the write buffer is always flushed first. Otherwise a deadlock may occur as the peer might be waiting for the data before being able to continue.

+ +

SEE ALSO

+ +

SSL_set_bio(3), ssl(7), bio(7), BIO_should_retry(3), BIO_read_ex(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_connect.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_connect.html new file mode 100644 index 00000000..1c28920a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_connect.html @@ -0,0 +1,171 @@ + + + + +BIO_s_connect + + + + + + + + + + +

NAME

+ +

BIO_set_conn_address, BIO_get_conn_address, BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port, BIO_set_conn_ip_family, BIO_get_conn_ip_family, BIO_get_conn_hostname, BIO_get_conn_port, BIO_set_nbio, BIO_do_connect - connect BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD * BIO_s_connect(void);
+
+BIO *BIO_new_connect(char *name);
+
+long BIO_set_conn_hostname(BIO *b, char *name);
+long BIO_set_conn_port(BIO *b, char *port);
+long BIO_set_conn_address(BIO *b, BIO_ADDR *addr);
+long BIO_set_conn_ip_family(BIO *b, long family);
+const char *BIO_get_conn_hostname(BIO *b);
+const char *BIO_get_conn_port(BIO *b);
+const BIO_ADDR *BIO_get_conn_address(BIO *b);
+const long BIO_get_conn_ip_family(BIO *b);
+
+long BIO_set_nbio(BIO *b, long n);
+
+int BIO_do_connect(BIO *b);
+ +

DESCRIPTION

+ +

BIO_s_connect() returns the connect BIO method. This is a wrapper round the platform's TCP/IP socket connection routines.

+ +

Using connect BIOs, TCP/IP connections can be made and data transferred using only BIO routines. In this way any platform specific operations are hidden by the BIO abstraction.

+ +

Read and write operations on a connect BIO will perform I/O on the underlying connection. If no connection is established and the port and hostname (see below) is set up properly then a connection is established first.

+ +

Connect BIOs support BIO_puts() but not BIO_gets().

+ +

If the close flag is set on a connect BIO then any active connection is shutdown and the socket closed when the BIO is freed.

+ +

Calling BIO_reset() on a connect BIO will close any active connection and reset the BIO into a state where it can connect to the same host again.

+ +

BIO_get_fd() places the underlying socket in c if it is not NULL, it also returns the socket . If c is not NULL it should be of type (int *).

+ +

BIO_set_conn_hostname() uses the string name to set the hostname. The hostname can be an IP address; if the address is an IPv6 one, it must be enclosed with brackets. The hostname can also include the port in the form hostname:port.

+ +

BIO_set_conn_port() sets the port to port. port can be the numerical form or a string such as "http". A string will be looked up first using getservbyname() on the host platform but if that fails a standard table of port names will be used. This internal list is http, telnet, socks, https, ssl, ftp, and gopher.

+ +

BIO_set_conn_address() sets the address and port information using a BIO_ADDR(3ssl).

+ +

BIO_set_conn_ip_family() sets the IP family.

+ +

BIO_get_conn_hostname() returns the hostname of the connect BIO or NULL if the BIO is initialized but no hostname is set. This return value is an internal pointer which should not be modified.

+ +

BIO_get_conn_port() returns the port as a string. This return value is an internal pointer which should not be modified.

+ +

BIO_get_conn_address() returns the address information as a BIO_ADDR. This return value is an internal pointer which should not be modified.

+ +

BIO_get_conn_ip_family() returns the IP family of the connect BIO.

+ +

BIO_set_nbio() sets the non blocking I/O flag to n. If n is zero then blocking I/O is set. If n is 1 then non blocking I/O is set. Blocking I/O is the default. The call to BIO_set_nbio() should be made before the connection is established because non blocking I/O is set during the connect process.

+ +

BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into a single call: that is it creates a new connect BIO with name.

+ +

BIO_do_connect() attempts to connect the supplied BIO. It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the call BIO_should_retry() should be used for non blocking connect BIOs to determine if the call should be retried.

+ +

NOTES

+ +

If blocking I/O is set then a non positive return value from any I/O call is caused by an error condition, although a zero return will normally mean that the connection was closed.

+ +

If the port name is supplied as part of the host name then this will override any value set with BIO_set_conn_port(). This may be undesirable if the application does not wish to allow connection to arbitrary ports. This can be avoided by checking for the presence of the ':' character in the passed hostname and either indicating an error or truncating the string at that point.

+ +

The values returned by BIO_get_conn_hostname(), BIO_get_conn_address(), and BIO_get_conn_port() are updated when a connection attempt is made. Before any connection attempt the values returned are those set by the application itself.

+ +

Applications do not have to call BIO_do_connect() but may wish to do so to separate the connection process from other I/O processing.

+ +

If non blocking I/O is set then retries will be requested as appropriate.

+ +

It addition to BIO_should_read() and BIO_should_write() it is also possible for BIO_should_io_special() to be true during the initial connection process with the reason BIO_RR_CONNECT. If this is returned then this is an indication that a connection attempt would block, the application should then take appropriate action to wait until the underlying socket has connected and retry the call.

+ +

BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_get_conn_hostname(), BIO_set_conn_address(), BIO_get_conn_port(), BIO_get_conn_address(), BIO_set_conn_ip_family(), BIO_get_conn_ip_family(), BIO_set_nbio(), and BIO_do_connect() are macros.

+ +

RETURN VALUES

+ +

BIO_s_connect() returns the connect BIO method.

+ +

BIO_get_fd() returns the socket or -1 if the BIO has not been initialized.

+ +

BIO_set_conn_address(), BIO_set_conn_port(), and BIO_set_conn_ip_family() always return 1.

+ +

BIO_set_conn_hostname() returns 1 on success and 0 on failure.

+ +

BIO_get_conn_address() returns the address information or NULL if none was set.

+ +

BIO_get_conn_hostname() returns the connected hostname or NULL if none was set.

+ +

BIO_get_conn_ip_family() returns the address family or -1 if none was set.

+ +

BIO_get_conn_port() returns a string representing the connected port or NULL if not set.

+ +

BIO_set_nbio() always returns 1.

+ +

BIO_do_connect() returns 1 if the connection was successfully established and 0 or -1 if the connection failed.

+ +

EXAMPLES

+ +

This is example connects to a webserver on the local host and attempts to retrieve a page and copy the result to standard output.

+ +
BIO *cbio, *out;
+int len;
+char tmpbuf[1024];
+
+cbio = BIO_new_connect("localhost:http");
+out = BIO_new_fp(stdout, BIO_NOCLOSE);
+if (BIO_do_connect(cbio) <= 0) {
+    fprintf(stderr, "Error connecting to server\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+BIO_puts(cbio, "GET / HTTP/1.0\n\n");
+for (;;) {
+    len = BIO_read(cbio, tmpbuf, 1024);
+    if (len <= 0)
+        break;
+    BIO_write(out, tmpbuf, len);
+}
+BIO_free(cbio);
+BIO_free(out);
+ +

SEE ALSO

+ +

BIO_ADDR(3)

+ +

HISTORY

+ +

BIO_set_conn_int_port(), BIO_get_conn_int_port(), BIO_set_conn_ip(), and BIO_get_conn_ip() were removed in OpenSSL 1.1.0. Use BIO_set_conn_address() and BIO_get_conn_address() instead.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_fd.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_fd.html new file mode 100644 index 00000000..509451c9 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_fd.html @@ -0,0 +1,103 @@ + + + + +BIO_s_fd + + + + + + + + + + +

NAME

+ +

BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd - file descriptor BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_s_fd(void);
+
+int BIO_set_fd(BIO *b, int fd, int c);
+int BIO_get_fd(BIO *b, int *c);
+
+BIO *BIO_new_fd(int fd, int close_flag);
+ +

DESCRIPTION

+ +

BIO_s_fd() returns the file descriptor BIO method. This is a wrapper round the platforms file descriptor routines such as read() and write().

+ +

BIO_read_ex() and BIO_write_ex() read or write the underlying descriptor. BIO_puts() is supported but BIO_gets() is not.

+ +

If the close flag is set then close() is called on the underlying file descriptor when the BIO is freed.

+ +

BIO_reset() attempts to change the file pointer to the start of file such as by using lseek(fd, 0, 0).

+ +

BIO_seek() sets the file pointer to position ofs from start of file such as by using lseek(fd, ofs, 0).

+ +

BIO_tell() returns the current file position such as by calling lseek(fd, 0, 1).

+ +

BIO_set_fd() sets the file descriptor of BIO b to fd and the close flag to c.

+ +

BIO_get_fd() places the file descriptor in c if it is not NULL, it also returns the file descriptor.

+ +

BIO_new_fd() returns a file descriptor BIO using fd and close_flag.

+ +

NOTES

+ +

The behaviour of BIO_read_ex() and BIO_write_ex() depends on the behavior of the platforms read() and write() calls on the descriptor. If the underlying file descriptor is in a non blocking mode then the BIO will behave in the manner described in the BIO_read_ex(3) and BIO_should_retry(3) manual pages.

+ +

File descriptor BIOs should not be used for socket I/O. Use socket BIOs instead.

+ +

BIO_set_fd() and BIO_get_fd() are implemented as macros.

+ +

RETURN VALUES

+ +

BIO_s_fd() returns the file descriptor BIO method.

+ +

BIO_set_fd() always returns 1.

+ +

BIO_get_fd() returns the file descriptor or -1 if the BIO has not been initialized.

+ +

BIO_new_fd() returns the newly allocated BIO or NULL is an error occurred.

+ +

EXAMPLES

+ +

This is a file descriptor BIO version of "Hello World":

+ +
BIO *out;
+
+out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
+BIO_printf(out, "Hello World\n");
+BIO_free(out);
+ +

SEE ALSO

+ +

BIO_seek(3), BIO_tell(3), BIO_reset(3), BIO_read_ex(3), BIO_write_ex(3), BIO_puts(3), BIO_gets(3), BIO_printf(3), BIO_set_close(3), BIO_get_close(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_file.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_file.html new file mode 100644 index 00000000..31246e59 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_file.html @@ -0,0 +1,159 @@ + + + + +BIO_s_file + + + + + + + + + + +

NAME

+ +

BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, BIO_read_filename, BIO_write_filename, BIO_append_filename, BIO_rw_filename - FILE bio

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_s_file(void);
+BIO *BIO_new_file(const char *filename, const char *mode);
+BIO *BIO_new_fp(FILE *stream, int flags);
+
+BIO_set_fp(BIO *b, FILE *fp, int flags);
+BIO_get_fp(BIO *b, FILE **fpp);
+
+int BIO_read_filename(BIO *b, char *name)
+int BIO_write_filename(BIO *b, char *name)
+int BIO_append_filename(BIO *b, char *name)
+int BIO_rw_filename(BIO *b, char *name)
+ +

DESCRIPTION

+ +

BIO_s_file() returns the BIO file method. As its name implies it is a wrapper round the stdio FILE structure and it is a source/sink BIO.

+ +

Calls to BIO_read_ex() and BIO_write_ex() read and write data to the underlying stream. BIO_gets() and BIO_puts() are supported on file BIOs.

+ +

BIO_flush() on a file BIO calls the fflush() function on the wrapped stream.

+ +

BIO_reset() attempts to change the file pointer to the start of file using fseek(stream, 0, 0).

+ +

BIO_seek() sets the file pointer to position ofs from start of file using fseek(stream, ofs, 0).

+ +

BIO_eof() calls feof().

+ +

Setting the BIO_CLOSE flag calls fclose() on the stream when the BIO is freed.

+ +

BIO_new_file() creates a new file BIO with mode mode the meaning of mode is the same as the stdio function fopen(). The BIO_CLOSE flag is set on the returned BIO.

+ +

BIO_new_fp() creates a file BIO wrapping stream. Flags can be: BIO_CLOSE, BIO_NOCLOSE (the close flag) BIO_FP_TEXT (sets the underlying stream to text mode, default is binary: this only has any effect under Win32).

+ +

BIO_set_fp() sets the fp of a file BIO to fp. flags has the same meaning as in BIO_new_fp(), it is a macro.

+ +

BIO_get_fp() retrieves the fp of a file BIO, it is a macro.

+ +

BIO_seek() is a macro that sets the position pointer to offset bytes from the start of file.

+ +

BIO_tell() returns the value of the position pointer.

+ +

BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and BIO_rw_filename() set the file BIO b to use file name for reading, writing, append or read write respectively.

+ +

NOTES

+ +

When wrapping stdout, stdin or stderr the underlying stream should not normally be closed so the BIO_NOCLOSE flag should be set.

+ +

Because the file BIO calls the underlying stdio functions any quirks in stdio behaviour will be mirrored by the corresponding BIO.

+ +

On Windows BIO_new_files reserves for the filename argument to be UTF-8 encoded. In other words if you have to make it work in multi- lingual environment, encode file names in UTF-8.

+ +

RETURN VALUES

+ +

BIO_s_file() returns the file BIO method.

+ +

BIO_new_file() and BIO_new_fp() return a file BIO or NULL if an error occurred.

+ +

BIO_set_fp() and BIO_get_fp() return 1 for success or 0 for failure (although the current implementation never return 0).

+ +

BIO_seek() returns the same value as the underlying fseek() function: 0 for success or -1 for failure.

+ +

BIO_tell() returns the current file position.

+ +

BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and BIO_rw_filename() return 1 for success or 0 for failure.

+ +

EXAMPLES

+ +

File BIO "hello world":

+ +
BIO *bio_out;
+
+bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+BIO_printf(bio_out, "Hello World\n");
+ +

Alternative technique:

+ +
BIO *bio_out;
+
+bio_out = BIO_new(BIO_s_file());
+if (bio_out == NULL)
+    /* Error */
+if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE))
+    /* Error */
+BIO_printf(bio_out, "Hello World\n");
+ +

Write to a file:

+ +
BIO *out;
+
+out = BIO_new_file("filename.txt", "w");
+if (!out)
+    /* Error */
+BIO_printf(out, "Hello World\n");
+BIO_free(out);
+ +

Alternative technique:

+ +
BIO *out;
+
+out = BIO_new(BIO_s_file());
+if (out == NULL)
+    /* Error */
+if (!BIO_write_filename(out, "filename.txt"))
+    /* Error */
+BIO_printf(out, "Hello World\n");
+BIO_free(out);
+ +

BUGS

+ +

BIO_reset() and BIO_seek() are implemented using fseek() on the underlying stream. The return value for fseek() is 0 for success or -1 if an error occurred this differs from other types of BIO which will typically return 1 for success and a non positive value if an error occurred.

+ +

SEE ALSO

+ +

BIO_seek(3), BIO_tell(3), BIO_reset(3), BIO_flush(3), BIO_read_ex(3), BIO_write_ex(3), BIO_puts(3), BIO_gets(3), BIO_printf(3), BIO_set_close(3), BIO_get_close(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_mem.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_mem.html new file mode 100644 index 00000000..d427457a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_mem.html @@ -0,0 +1,137 @@ + + + + +BIO_s_mem + + + + + + + + + + +

NAME

+ +

BIO_s_secmem, BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_s_mem(void);
+const BIO_METHOD *BIO_s_secmem(void);
+
+BIO_set_mem_eof_return(BIO *b, int v)
+long BIO_get_mem_data(BIO *b, char **pp)
+BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c)
+BIO_get_mem_ptr(BIO *b, BUF_MEM **pp)
+
+BIO *BIO_new_mem_buf(const void *buf, int len);
+ +

DESCRIPTION

+ +

BIO_s_mem() returns the memory BIO method function.

+ +

A memory BIO is a source/sink BIO which uses memory for its I/O. Data written to a memory BIO is stored in a BUF_MEM structure which is extended as appropriate to accommodate the stored data.

+ +

BIO_s_secmem() is like BIO_s_mem() except that the secure heap is used for buffer storage.

+ +

Any data written to a memory BIO can be recalled by reading from it. Unless the memory BIO is read only any data read from it is deleted from the BIO.

+ +

Memory BIOs support BIO_gets() and BIO_puts().

+ +

If the BIO_CLOSE flag is set when a memory BIO is freed then the underlying BUF_MEM structure is also freed.

+ +

Calling BIO_reset() on a read write memory BIO clears any data in it if the flag BIO_FLAGS_NONCLEAR_RST is not set, otherwise it just restores the read pointer to the state it was just after the last write was performed and the data can be read again. On a read only BIO it similarly restores the BIO to its original state and the read only data can be read again.

+ +

BIO_eof() is true if no data is in the BIO.

+ +

BIO_ctrl_pending() returns the number of bytes currently stored.

+ +

BIO_set_mem_eof_return() sets the behaviour of memory BIO b when it is empty. If the v is zero then an empty memory BIO will return EOF (that is it will return zero and BIO_should_retry(b) will be false. If v is non zero then it will return v when it is empty and it will set the read retry flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal positive return value v should be set to a negative value, typically -1.

+ +

BIO_get_mem_data() sets *pp to a pointer to the start of the memory BIOs data and returns the total amount of data available. It is implemented as a macro.

+ +

BIO_set_mem_buf() sets the internal BUF_MEM structure to bm and sets the close flag to c, that is c should be either BIO_CLOSE or BIO_NOCLOSE. It is a macro.

+ +

BIO_get_mem_ptr() places the underlying BUF_MEM structure in *pp. It is a macro.

+ +

BIO_new_mem_buf() creates a memory BIO using len bytes of data at buf, if len is -1 then the buf is assumed to be nul terminated and its length is determined by strlen. The BIO is set to a read only state and as a result cannot be written to. This is useful when some data needs to be made available from a static area of memory in the form of a BIO. The supplied data is read directly from the supplied buffer: it is not copied first, so the supplied area of memory must be unchanged until the BIO is freed.

+ +

NOTES

+ +

Writes to memory BIOs will always succeed if memory is available: that is their size can grow indefinitely.

+ +

Every write after partial read (not all data in the memory buffer was read) to a read write memory BIO will have to move the unread data with an internal copy operation, if a BIO contains a lot of data and it is read in small chunks intertwined with writes the operation can be very slow. Adding a buffering BIO to the chain can speed up the process.

+ +

Calling BIO_set_mem_buf() on a BIO created with BIO_new_secmem() will give undefined results, including perhaps a program crash.

+ +

Switching the memory BIO from read write to read only is not supported and can give undefined results including a program crash. There are two notable exceptions to the rule. The first one is to assign a static memory buffer immediately after BIO creation and set the BIO as read only.

+ +

The other supported sequence is to start with read write BIO then temporarily switch it to read only and call BIO_reset() on the read only BIO immediately before switching it back to read write. Before the BIO is freed it must be switched back to the read write mode.

+ +

Calling BIO_get_mem_ptr() on read only BIO will return a BUF_MEM that contains only the remaining data to be read. If the close status of the BIO is set to BIO_NOCLOSE, before freeing the BUF_MEM the data pointer in it must be set to NULL as the data pointer does not point to an allocated memory.

+ +

Calling BIO_reset() on a read write memory BIO with BIO_FLAGS_NONCLEAR_RST flag set can have unexpected outcome when the reads and writes to the BIO are intertwined. As documented above the BIO will be reset to the state after the last completed write operation. The effects of reads preceding that write operation cannot be undone.

+ +

Calling BIO_get_mem_ptr() prior to a BIO_reset() call with BIO_FLAGS_NONCLEAR_RST set has the same effect as a write operation.

+ +

BUGS

+ +

There should be an option to set the maximum size of a memory BIO.

+ +

RETURN VALUES

+ +

BIO_s_mem() and BIO_s_secmem() return a valid memory BIO_METHOD structure.

+ +

BIO_set_mem_eof_return(), BIO_set_mem_buf() and BIO_get_mem_ptr() return 1 on success or a value which is less than or equal to 0 if an error occurred.

+ +

BIO_get_mem_data() returns the total number of bytes available on success, 0 if b is NULL, or a negative value in case of other errors.

+ +

BIO_new_mem_buf() returns a valid BIO structure on success or NULL on error.

+ +

EXAMPLES

+ +

Create a memory BIO and write some data to it:

+ +
BIO *mem = BIO_new(BIO_s_mem());
+
+BIO_puts(mem, "Hello World\n");
+ +

Create a read only memory BIO:

+ +
char data[] = "Hello World";
+BIO *mem = BIO_new_mem_buf(data, -1);
+ +

Extract the BUF_MEM structure from a memory BIO and then free up the BIO:

+ +
BUF_MEM *bptr;
+
+BIO_get_mem_ptr(mem, &bptr);
+BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
+BIO_free(mem);
+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_null.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_null.html new file mode 100644 index 00000000..f4c20ae8 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_null.html @@ -0,0 +1,60 @@ + + + + +BIO_s_null + + + + + + + + + + +

NAME

+ +

BIO_s_null - null data sink

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_s_null(void);
+ +

DESCRIPTION

+ +

BIO_s_null() returns the null sink BIO method. Data written to the null sink is discarded, reads return EOF.

+ +

NOTES

+ +

A null sink BIO behaves in a similar manner to the Unix /dev/null device.

+ +

A null bio can be placed on the end of a chain to discard any data passed through it.

+ +

A null sink is useful if, for example, an application wishes to digest some data by writing through a digest bio but not send the digested data anywhere. Since a BIO chain must normally include a source/sink BIO this can be achieved by adding a null sink BIO to the end of the chain

+ +

RETURN VALUES

+ +

BIO_s_null() returns the null sink BIO method.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_socket.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_socket.html new file mode 100644 index 00000000..947c9180 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_s_socket.html @@ -0,0 +1,68 @@ + + + + +BIO_s_socket + + + + + + + + + + +

NAME

+ +

BIO_s_socket, BIO_new_socket - socket BIO

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+const BIO_METHOD *BIO_s_socket(void);
+
+BIO *BIO_new_socket(int sock, int close_flag);
+ +

DESCRIPTION

+ +

BIO_s_socket() returns the socket BIO method. This is a wrapper round the platform's socket routines.

+ +

BIO_read_ex() and BIO_write_ex() read or write the underlying socket. BIO_puts() is supported but BIO_gets() is not.

+ +

If the close flag is set then the socket is shut down and closed when the BIO is freed.

+ +

BIO_new_socket() returns a socket BIO using sock and close_flag.

+ +

NOTES

+ +

Socket BIOs also support any relevant functionality of file descriptor BIOs.

+ +

The reason for having separate file descriptor and socket BIOs is that on some platforms sockets are not file descriptors and use distinct I/O routines, Windows is one such platform. Any code mixing the two will not work on all platforms.

+ +

RETURN VALUES

+ +

BIO_s_socket() returns the socket BIO method.

+ +

BIO_new_socket() returns the newly allocated BIO or NULL is an error occurred.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_set_callback.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_set_callback.html new file mode 100644 index 00000000..025db3a7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_set_callback.html @@ -0,0 +1,251 @@ + + + + +BIO_set_callback + + + + + + + + + + +

NAME

+ +

BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback, BIO_callback_fn_ex, BIO_callback_fn - BIO callback functions

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp,
+                                   size_t len, int argi,
+                                   long argl, int ret, size_t *processed);
+typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
+                                long argl, long ret);
+
+void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback);
+BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b);
+
+void BIO_set_callback(BIO *b, BIO_callback_fn cb);
+BIO_callback_fn BIO_get_callback(BIO *b);
+void BIO_set_callback_arg(BIO *b, char *arg);
+char *BIO_get_callback_arg(const BIO *b);
+
+long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
+                        long argl, long ret);
+ +

DESCRIPTION

+ +

BIO_set_callback_ex() and BIO_get_callback_ex() set and retrieve the BIO callback. The callback is called during most high level BIO operations. It can be used for debugging purposes to trace operations on a BIO or to modify its operation.

+ +

BIO_set_callback() and BIO_get_callback() set and retrieve the old format BIO callback. New code should not use these functions, but they are retained for backwards compatibility. Any callback set via BIO_set_callback_ex() will get called in preference to any set by BIO_set_callback().

+ +

BIO_set_callback_arg() and BIO_get_callback_arg() are macros which can be used to set and retrieve an argument for use in the callback.

+ +

BIO_debug_callback() is a standard debugging callback which prints out information relating to each BIO operation. If the callback argument is set it is interpreted as a BIO to send the information to, otherwise stderr is used.

+ +

BIO_callback_fn_ex() is the type of the callback function and BIO_callback_fn() is the type of the old format callback function. The meaning of each argument is described below:

+ +
+ +
b
+
+ +

The BIO the callback is attached to is passed in b.

+ +
+
oper
+
+ +

oper is set to the operation being performed. For some operations the callback is called twice, once before and once after the actual operation, the latter case has oper or'ed with BIO_CB_RETURN.

+ +
+
len
+
+ +

The length of the data requested to be read or written. This is only useful if oper is BIO_CB_READ, BIO_CB_WRITE or BIO_CB_GETS.

+ +
+
argp argi argl
+
+ +

The meaning of the arguments argp, argi and argl depends on the value of oper, that is the operation being performed.

+ +
+
processed
+
+ +

processed is a pointer to a location which will be updated with the amount of data that was actually read or written. Only used for BIO_CB_READ, BIO_CB_WRITE, BIO_CB_GETS and BIO_CB_PUTS.

+ +
+
ret
+
+ +

ret is the return value that would be returned to the application if no callback were present. The actual value returned is the return value of the callback itself. In the case of callbacks called before the actual BIO operation 1 is placed in ret, if the return value is not positive it will be immediately returned to the application and the BIO operation will not be performed.

+ +
+
+ +

The callback should normally simply return ret when it has finished processing, unless it specifically wishes to modify the value returned to the application.

+ +

CALLBACK OPERATIONS

+ +

In the notes below, callback defers to the actual callback function that is called.

+ +
+ +
BIO_free(b)
+
+ +
callback_ex(b, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL)
+ +

or

+ +
callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L)
+ +

is called before the free operation.

+ +
+
BIO_read_ex(b, data, dlen, readbytes)
+
+ +
callback_ex(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, NULL)
+ +

or

+ +
callback(b, BIO_CB_READ, data, dlen, 0L, 1L)
+ +

is called before the read and

+ +
callback_ex(b, BIO_CB_READ | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue,
+            &readbytes)
+ +

or

+ +
callback(b, BIO_CB_READ|BIO_CB_RETURN, data, dlen, 0L, retvalue)
+ +

after.

+ +
+
BIO_write(b, data, dlen, written)
+
+ +
callback_ex(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, NULL)
+ +

or

+ +
callback(b, BIO_CB_WRITE, datat, dlen, 0L, 1L)
+ +

is called before the write and

+ +
callback_ex(b, BIO_CB_WRITE | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue,
+            &written)
+ +

or

+ +
callback(b, BIO_CB_WRITE|BIO_CB_RETURN, data, dlen, 0L, retvalue)
+ +

after.

+ +
+
BIO_gets(b, buf, size)
+
+ +
callback_ex(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL, NULL)
+ +

or

+ +
callback(b, BIO_CB_GETS, buf, size, 0L, 1L)
+ +

is called before the operation and

+ +
callback_ex(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, 0, 0L, retvalue,
+            &readbytes)
+ +

or

+ +
callback(b, BIO_CB_GETS|BIO_CB_RETURN, buf, size, 0L, retvalue)
+ +

after.

+ +
+
BIO_puts(b, buf)
+
+ +
callback_ex(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL);
+ +

or

+ +
callback(b, BIO_CB_PUTS, buf, 0, 0L, 1L)
+ +

is called before the operation and

+ +
callback_ex(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, 0L, retvalue, &written)
+ +

or

+ +
callback(b, BIO_CB_PUTS|BIO_CB_RETURN, buf, 0, 0L, retvalue)
+ +

after.

+ +
+
BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
+
+ +
callback_ex(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL)
+ +

or

+ +
callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L)
+ +

is called before the call and

+ +
callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, larg, ret, NULL)
+ +

or

+ +
callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret)
+ +

after.

+ +

Note: cmd == BIO_CTRL_SET_CALLBACK is special, because parg is not the argument of type BIO_info_cb itself. In this case parg is a pointer to the actual call parameter, see BIO_callback_ctrl.

+ +
+
+ +

RETURN VALUES

+ +

BIO_get_callback_ex() and BIO_get_callback() return the callback function previously set by a call to BIO_set_callback_ex() and BIO_set_callback() respectively.

+ +

BIO_get_callback_arg() returns a char pointer to the value previously set via a call to BIO_set_callback_arg().

+ +

BIO_debug_callback() returns 1 or ret if it's called after specific BIO operations.

+ +

EXAMPLES

+ +

The BIO_debug_callback() function is a good example, its source is in crypto/bio/bio_cb.c

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_should_retry.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_should_retry.html new file mode 100644 index 00000000..56dca25b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BIO_should_retry.html @@ -0,0 +1,115 @@ + + + + +BIO_should_retry + + + + + + + + + + +

NAME

+ +

BIO_should_read, BIO_should_write, BIO_should_io_special, BIO_retry_type, BIO_should_retry, BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason - BIO retry functions

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+
+int BIO_should_read(BIO *b);
+int BIO_should_write(BIO *b);
+int BIO_should_io_special(iBIO *b);
+int BIO_retry_type(BIO *b);
+int BIO_should_retry(BIO *b);
+
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
+int BIO_get_retry_reason(BIO *bio);
+void BIO_set_retry_reason(BIO *bio, int reason);
+ +

DESCRIPTION

+ +

These functions determine why a BIO is not able to read or write data. They will typically be called after a failed BIO_read_ex() or BIO_write_ex() call.

+ +

BIO_should_retry() is true if the call that produced this condition should then be retried at a later time.

+ +

If BIO_should_retry() is false then the cause is an error condition.

+ +

BIO_should_read() is true if the cause of the condition is that the BIO has insufficient data to return. Check for readability and/or retry the last operation.

+ +

BIO_should_write() is true if the cause of the condition is that the BIO has pending data to write. Check for writability and/or retry the last operation.

+ +

BIO_should_io_special() is true if some "special" condition, that is a reason other than reading or writing is the cause of the condition.

+ +

BIO_retry_type() returns a mask of the cause of a retry condition consisting of the values BIO_FLAGS_READ, BIO_FLAGS_WRITE, BIO_FLAGS_IO_SPECIAL though current BIO types will only set one of these.

+ +

BIO_get_retry_BIO() determines the precise reason for the special condition, it returns the BIO that caused this condition and if reason is not NULL it contains the reason code. The meaning of the reason code and the action that should be taken depends on the type of BIO that resulted in this condition.

+ +

BIO_get_retry_reason() returns the reason for a special condition if passed the relevant BIO, for example as returned by BIO_get_retry_BIO().

+ +

BIO_set_retry_reason() sets the retry reason for a special condition for a given BIO. This would usually only be called by BIO implementations.

+ +

NOTES

+ +

BIO_should_read(), BIO_should_write(), BIO_should_io_special(), BIO_retry_type(), and BIO_should_retry(), are implemented as macros.

+ +

If BIO_should_retry() returns false then the precise "error condition" depends on the BIO type that caused it and the return code of the BIO operation. For example if a call to BIO_read_ex() on a socket BIO returns 0 and BIO_should_retry() is false then the cause will be that the connection closed. A similar condition on a file BIO will mean that it has reached EOF. Some BIO types may place additional information on the error queue. For more details see the individual BIO type manual pages.

+ +

If the underlying I/O structure is in a blocking mode almost all current BIO types will not request a retry, because the underlying I/O calls will not. If the application knows that the BIO type will never signal a retry then it need not call BIO_should_retry() after a failed BIO I/O call. This is typically done with file BIOs.

+ +

SSL BIOs are the only current exception to this rule: they can request a retry even if the underlying I/O structure is blocking, if a handshake occurs during a call to BIO_read(). An application can retry the failed call immediately or avoid this situation by setting SSL_MODE_AUTO_RETRY on the underlying SSL structure.

+ +

While an application may retry a failed non blocking call immediately this is likely to be very inefficient because the call will fail repeatedly until data can be processed or is available. An application will normally wait until the necessary condition is satisfied. How this is done depends on the underlying I/O structure.

+ +

For example if the cause is ultimately a socket and BIO_should_read() is true then a call to select() may be made to wait until data is available and then retry the BIO operation. By combining the retry conditions of several non blocking BIOs in a single select() call it is possible to service several BIOs in a single thread, though the performance may be poor if SSL BIOs are present because long delays can occur during the initial handshake process.

+ +

It is possible for a BIO to block indefinitely if the underlying I/O structure cannot process or return any data. This depends on the behaviour of the platforms I/O functions. This is often not desirable: one solution is to use non blocking I/O and use a timeout on the select() (or equivalent) call.

+ +

BUGS

+ +

The OpenSSL ASN1 functions cannot gracefully deal with non blocking I/O: that is they cannot retry after a partial read or write. This is usually worked around by only passing the relevant data to ASN1 functions when the entire structure can be read or written.

+ +

RETURN VALUES

+ +

BIO_should_read(), BIO_should_write(), BIO_should_io_special(), and BIO_should_retry() return either 1 or 0 based on the actual conditions of the BIO.

+ +

BIO_retry_type() returns a flag combination presenting the cause of a retry condition or false if there is no retry condition.

+ +

BIO_get_retry_BIO() returns a valid BIO structure.

+ +

BIO_get_retry_reason() returns the reason for a special condition.

+ +

SEE ALSO

+ +

bio

+ +

HISTORY

+ +

The BIO_get_retry_reason() and BIO_set_retry_reason() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_BLINDING_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_BLINDING_new.html new file mode 100644 index 00000000..8e33d782 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_BLINDING_new.html @@ -0,0 +1,112 @@ + + + + +BN_BLINDING_new + + + + + + + + + + +

NAME

+ +

BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread, BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags, BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functions

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
+                             BIGNUM *mod);
+void BN_BLINDING_free(BN_BLINDING *b);
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
+                           BN_CTX *ctx);
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+                          BN_CTX *ctx);
+int BN_BLINDING_is_current_thread(BN_BLINDING *b);
+void BN_BLINDING_set_current_thread(BN_BLINDING *b);
+int BN_BLINDING_lock(BN_BLINDING *b);
+int BN_BLINDING_unlock(BN_BLINDING *b);
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+                                      const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+                                      int (*bn_mod_exp)(BIGNUM *r,
+                                                        const BIGNUM *a,
+                                                        const BIGNUM *p,
+                                                        const BIGNUM *m,
+                                                        BN_CTX *ctx,
+                                                        BN_MONT_CTX *m_ctx),
+                                      BN_MONT_CTX *m_ctx);
+ +

DESCRIPTION

+ +

BN_BLINDING_new() allocates a new BN_BLINDING structure and copies the A and Ai values into the newly created BN_BLINDING object.

+ +

BN_BLINDING_free() frees the BN_BLINDING structure. If b is NULL, nothing is done.

+ +

BN_BLINDING_update() updates the BN_BLINDING parameters by squaring the A and Ai or, after specific number of uses and if the necessary parameters are set, by re-creating the blinding parameters.

+ +

BN_BLINDING_convert_ex() multiplies n with the blinding factor A. If r is not NULL a copy the inverse blinding factor Ai will be returned in r (this is useful if a RSA object is shared among several threads). BN_BLINDING_invert_ex() multiplies n with the inverse blinding factor Ai. If r is not NULL it will be used as the inverse blinding.

+ +

BN_BLINDING_convert() and BN_BLINDING_invert() are wrapper functions for BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() with r set to NULL.

+ +

BN_BLINDING_is_current_thread() returns whether the BN_BLINDING structure is owned by the current thread. This is to help users provide proper locking if needed for multi-threaded use.

+ +

BN_BLINDING_set_current_thread() sets the current thread as the owner of the BN_BLINDING structure.

+ +

BN_BLINDING_lock() locks the BN_BLINDING structure.

+ +

BN_BLINDING_unlock() unlocks the BN_BLINDING structure.

+ +

BN_BLINDING_get_flags() returns the BN_BLINDING flags. Currently there are two supported flags: BN_BLINDING_NO_UPDATE and BN_BLINDING_NO_RECREATE. BN_BLINDING_NO_UPDATE inhibits the automatic update of the BN_BLINDING parameters after each use and BN_BLINDING_NO_RECREATE inhibits the automatic re-creation of the BN_BLINDING parameters after a fixed number of uses (currently 32). In newly allocated BN_BLINDING objects no flags are set. BN_BLINDING_set_flags() sets the BN_BLINDING parameters flags.

+ +

BN_BLINDING_create_param() creates new BN_BLINDING parameters using the exponent e and the modulus m. bn_mod_exp and m_ctx can be used to pass special functions for exponentiation (normally BN_mod_exp_mont() and BN_MONT_CTX).

+ +

RETURN VALUES

+ +

BN_BLINDING_new() returns the newly allocated BN_BLINDING structure or NULL in case of an error.

+ +

BN_BLINDING_update(), BN_BLINDING_convert(), BN_BLINDING_invert(), BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() return 1 on success and 0 if an error occurred.

+ +

BN_BLINDING_is_current_thread() returns 1 if the current thread owns the BN_BLINDING object, 0 otherwise.

+ +

BN_BLINDING_set_current_thread() doesn't return anything.

+ +

BN_BLINDING_lock(), BN_BLINDING_unlock() return 1 if the operation succeeded or 0 on error.

+ +

BN_BLINDING_get_flags() returns the currently set BN_BLINDING flags (a unsigned long value).

+ +

BN_BLINDING_create_param() returns the newly created BN_BLINDING parameters or NULL on error.

+ +

HISTORY

+ +

BN_BLINDING_thread_id() was first introduced in OpenSSL 1.0.0, and it deprecates BN_BLINDING_set_thread_id() and BN_BLINDING_get_thread_id().

+ +

COPYRIGHT

+ +

Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_CTX_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_CTX_new.html new file mode 100644 index 00000000..a5532ca3 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_CTX_new.html @@ -0,0 +1,87 @@ + + + + +BN_CTX_new + + + + + + + + + + +

NAME

+ +

BN_CTX_new, BN_CTX_secure_new, BN_CTX_free - allocate and free BN_CTX structures

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+BN_CTX *BN_CTX_new(void);
+
+BN_CTX *BN_CTX_secure_new(void);
+
+void BN_CTX_free(BN_CTX *c);
+ +

DESCRIPTION

+ +

A BN_CTX is a structure that holds BIGNUM temporary variables used by library functions. Since dynamic memory allocation to create BIGNUMs is rather expensive when used in conjunction with repeated subroutine calls, the BN_CTX structure is used.

+ +

BN_CTX_new() allocates and initializes a BN_CTX structure. BN_CTX_secure_new() allocates and initializes a BN_CTX structure but uses the secure heap (see CRYPTO_secure_malloc(3)) to hold the BIGNUMs.

+ +

BN_CTX_free() frees the components of the BN_CTX and the structure itself. Since BN_CTX_start() is required in order to obtain BIGNUMs from the BN_CTX, in most cases BN_CTX_end() must be called before the BN_CTX may be freed by BN_CTX_free(). If c is NULL, nothing is done.

+ +

A given BN_CTX must only be used by a single thread of execution. No locking is performed, and the internal pool allocator will not properly handle multiple threads of execution.

+ +

RETURN VALUES

+ +

BN_CTX_new() and BN_CTX_secure_new() return a pointer to the BN_CTX. If the allocation fails, they return NULL and sets an error code that can be obtained by ERR_get_error(3).

+ +

BN_CTX_free() has no return values.

+ +

REMOVED FUNCTIONALITY

+ +
void BN_CTX_init(BN_CTX *c);
+ +

BN_CTX_init() is no longer available as of OpenSSL 1.1.0. Applications should replace use of BN_CTX_init with BN_CTX_new instead:

+ +
BN_CTX *ctx;
+ctx = BN_CTX_new();
+if (!ctx)
+    /* error */
+...
+BN_CTX_free(ctx);
+ +

SEE ALSO

+ +

ERR_get_error(3), BN_add(3), BN_CTX_start(3)

+ +

HISTORY

+ +

BN_CTX_init() was removed in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_CTX_start.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_CTX_start.html new file mode 100644 index 00000000..b3774985 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_CTX_start.html @@ -0,0 +1,66 @@ + + + + +BN_CTX_start + + + + + + + + + + +

NAME

+ +

BN_CTX_start, BN_CTX_get, BN_CTX_end - use temporary BIGNUM variables

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+void BN_CTX_start(BN_CTX *ctx);
+
+BIGNUM *BN_CTX_get(BN_CTX *ctx);
+
+void BN_CTX_end(BN_CTX *ctx);
+ +

DESCRIPTION

+ +

These functions are used to obtain temporary BIGNUM variables from a BN_CTX (which can been created by using BN_CTX_new(3)) in order to save the overhead of repeatedly creating and freeing BIGNUMs in functions that are called from inside a loop.

+ +

A function must call BN_CTX_start() first. Then, BN_CTX_get() may be called repeatedly to obtain temporary BIGNUMs. All BN_CTX_get() calls must be made before calling any other functions that use the ctx as an argument.

+ +

Finally, BN_CTX_end() must be called before returning from the function. If ctx is NULL, nothing is done. When BN_CTX_end() is called, the BIGNUM pointers obtained from BN_CTX_get() become invalid.

+ +

RETURN VALUES

+ +

BN_CTX_start() and BN_CTX_end() return no values.

+ +

BN_CTX_get() returns a pointer to the BIGNUM, or NULL on error. Once BN_CTX_get() has failed, the subsequent calls will return NULL as well, so it is sufficient to check the return value of the last BN_CTX_get() call. In case of an error, an error code is set, which can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

BN_CTX_new(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_add.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_add.html new file mode 100644 index 00000000..94cd8a60 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_add.html @@ -0,0 +1,117 @@ + + + + +BN_add + + + + + + + + + + +

NAME

+ +

BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd - arithmetic operations on BIGNUMs

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+
+int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+
+int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+           BN_CTX *ctx);
+
+int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
+int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
+int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+
+int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+
+int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+
+int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
+int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+
+int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx);
+
+int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ +

DESCRIPTION

+ +

BN_add() adds a and b and places the result in r (r=a+b). r may be the same BIGNUM as a or b.

+ +

BN_sub() subtracts b from a and places the result in r (r=a-b). r may be the same BIGNUM as a or b.

+ +

BN_mul() multiplies a and b and places the result in r (r=a*b). r may be the same BIGNUM as a or b. For multiplication by powers of 2, use BN_lshift(3).

+ +

BN_sqr() takes the square of a and places the result in r (r=a^2). r and a may be the same BIGNUM. This function is faster than BN_mul(r,a,a).

+ +

BN_div() divides a by d and places the result in dv and the remainder in rem (dv=a/d, rem=a%d). Either of dv and rem may be NULL, in which case the respective value is not returned. The result is rounded towards zero; thus if a is negative, the remainder will be zero or negative. For division by powers of 2, use BN_rshift(3).

+ +

BN_mod() corresponds to BN_div() with dv set to NULL.

+ +

BN_nnmod() reduces a modulo m and places the non-negative remainder in r.

+ +

BN_mod_add() adds a to b modulo m and places the non-negative result in r.

+ +

BN_mod_sub() subtracts b from a modulo m and places the non-negative result in r.

+ +

BN_mod_mul() multiplies a by b and finds the non-negative remainder respective to modulus m (r=(a*b) mod m). r may be the same BIGNUM as a or b. For more efficient algorithms for repeated computations using the same modulus, see BN_mod_mul_montgomery(3) and BN_mod_mul_reciprocal(3).

+ +

BN_mod_sqr() takes the square of a modulo m and places the result in r.

+ +

BN_exp() raises a to the p-th power and places the result in r (r=a^p). This function is faster than repeated applications of BN_mul().

+ +

BN_mod_exp() computes a to the p-th power modulo m (r=a^p % m). This function uses less time and space than BN_exp(). Do not call this function when m is even and any of the parameters have the BN_FLG_CONSTTIME flag set.

+ +

BN_gcd() computes the greatest common divisor of a and b and places the result in r. r may be the same BIGNUM as a or b.

+ +

For all functions, ctx is a previously allocated BN_CTX used for temporary variables; see BN_CTX_new(3).

+ +

Unless noted otherwise, the result BIGNUM must be different from the arguments.

+ +

RETURN VALUES

+ +

For all functions, 1 is returned for success, 0 on error. The return value should always be checked (e.g., if (!BN_add(r,a,b)) goto err;). The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), BN_CTX_new(3), BN_add_word(3), BN_set_bit(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_add_word.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_add_word.html new file mode 100644 index 00000000..cbe1dce8 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_add_word.html @@ -0,0 +1,78 @@ + + + + +BN_add_word + + + + + + + + + + +

NAME

+ +

BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word - arithmetic functions on BIGNUMs with integers

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_add_word(BIGNUM *a, BN_ULONG w);
+
+int BN_sub_word(BIGNUM *a, BN_ULONG w);
+
+int BN_mul_word(BIGNUM *a, BN_ULONG w);
+
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+ +

DESCRIPTION

+ +

These functions perform arithmetic operations on BIGNUMs with unsigned integers. They are much more efficient than the normal BIGNUM arithmetic operations.

+ +

BN_add_word() adds w to a (a+=w).

+ +

BN_sub_word() subtracts w from a (a-=w).

+ +

BN_mul_word() multiplies a and w (a*=w).

+ +

BN_div_word() divides a by w (a/=w) and returns the remainder.

+ +

BN_mod_word() returns the remainder of a divided by w (a%w).

+ +

For BN_div_word() and BN_mod_word(), w must not be 0.

+ +

RETURN VALUES

+ +

BN_add_word(), BN_sub_word() and BN_mul_word() return 1 for success, 0 on error. The error codes can be obtained by ERR_get_error(3).

+ +

BN_mod_word() and BN_div_word() return a%w on success and (BN_ULONG)-1 if an error occurred.

+ +

SEE ALSO

+ +

ERR_get_error(3), BN_add(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_bn2bin.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_bn2bin.html new file mode 100644 index 00000000..62dc51c2 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_bn2bin.html @@ -0,0 +1,100 @@ + + + + +BN_bn2bin + + + + + + + + + + +

NAME

+ +

BN_bn2binpad, BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn - format conversions

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+
+int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+
+char *BN_bn2hex(const BIGNUM *a);
+char *BN_bn2dec(const BIGNUM *a);
+int BN_hex2bn(BIGNUM **a, const char *str);
+int BN_dec2bn(BIGNUM **a, const char *str);
+
+int BN_print(BIO *fp, const BIGNUM *a);
+int BN_print_fp(FILE *fp, const BIGNUM *a);
+
+int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
+ +

DESCRIPTION

+ +

BN_bn2bin() converts the absolute value of a into big-endian form and stores it at to. to must point to BN_num_bytes(a) bytes of memory.

+ +

BN_bn2binpad() also converts the absolute value of a into big-endian form and stores it at to. tolen indicates the length of the output buffer to. The result is padded with zeroes if necessary. If tolen is less than BN_num_bytes(a) an error is returned.

+ +

BN_bin2bn() converts the positive integer in big-endian form of length len at s into a BIGNUM and places it in ret. If ret is NULL, a new BIGNUM is created.

+ +

BN_bn2lebinpad() and BN_lebin2bn() are identical to BN_bn2binpad() and BN_bin2bn() except the buffer is in little-endian format.

+ +

BN_bn2hex() and BN_bn2dec() return printable strings containing the hexadecimal and decimal encoding of a respectively. For negative numbers, the string is prefaced with a leading '-'. The string must be freed later using OPENSSL_free().

+ +

BN_hex2bn() takes as many characters as possible from the string str, including the leading character '-' which means negative, to form a valid hexadecimal number representation and converts them to a BIGNUM and stores it in **a. If *a is NULL, a new BIGNUM is created. If a is NULL, it only computes the length of valid representation. A "negative zero" is converted to zero. BN_dec2bn() is the same using the decimal system.

+ +

BN_print() and BN_print_fp() write the hexadecimal encoding of a, with a leading '-' for negative numbers, to the BIO or FILE fp.

+ +

BN_bn2mpi() and BN_mpi2bn() convert BIGNUMs from and to a format that consists of the number's length in bytes represented as a 4-byte big-endian number, and the number itself in big-endian format, where the most significant bit signals a negative number (the representation of numbers with the MSB set is prefixed with null byte).

+ +

BN_bn2mpi() stores the representation of a at to, where to must be large enough to hold the result. The size can be determined by calling BN_bn2mpi(a, NULL).

+ +

BN_mpi2bn() converts the len bytes long representation at s to a BIGNUM and stores it at ret, or in a newly allocated BIGNUM if ret is NULL.

+ +

RETURN VALUES

+ +

BN_bn2bin() returns the length of the big-endian number placed at to. BN_bin2bn() returns the BIGNUM, NULL on error.

+ +

BN_bn2binpad() returns the number of bytes written or -1 if the supplied buffer is too small.

+ +

BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL on error. BN_hex2bn() and BN_dec2bn() return the number of characters used in parsing, or 0 on error, in which case no new BIGNUM will be created.

+ +

BN_print_fp() and BN_print() return 1 on success, 0 on write errors.

+ +

BN_bn2mpi() returns the length of the representation. BN_mpi2bn() returns the BIGNUM, and NULL on error.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), BN_zero(3), ASN1_INTEGER_to_BN(3), BN_num_bytes(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_cmp.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_cmp.html new file mode 100644 index 00000000..71e45612 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_cmp.html @@ -0,0 +1,63 @@ + + + + +BN_cmp + + + + + + + + + + +

NAME

+ +

BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_cmp(BIGNUM *a, BIGNUM *b);
+int BN_ucmp(BIGNUM *a, BIGNUM *b);
+
+int BN_is_zero(BIGNUM *a);
+int BN_is_one(BIGNUM *a);
+int BN_is_word(BIGNUM *a, BN_ULONG w);
+int BN_is_odd(BIGNUM *a);
+ +

DESCRIPTION

+ +

BN_cmp() compares the numbers a and b. BN_ucmp() compares their absolute values.

+ +

BN_is_zero(), BN_is_one() and BN_is_word() test if a equals 0, 1, or w respectively. BN_is_odd() tests if a is odd.

+ +

BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros.

+ +

RETURN VALUES

+ +

BN_cmp() returns -1 if a < b, 0 if a == b and 1 if a > b. BN_ucmp() is the same using the absolute values of a and b.

+ +

BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if the condition is true, 0 otherwise.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_copy.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_copy.html new file mode 100644 index 00000000..7dc6a019 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_copy.html @@ -0,0 +1,75 @@ + + + + +BN_copy + + + + + + + + + + +

NAME

+ +

BN_copy, BN_dup, BN_with_flags - copy BIGNUMs

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from);
+
+BIGNUM *BN_dup(const BIGNUM *from);
+
+void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags);
+ +

DESCRIPTION

+ +

BN_copy() copies from to to. BN_dup() creates a new BIGNUM containing the value from.

+ +

BN_with_flags creates a temporary shallow copy of b in dest. It places significant restrictions on the copied data. Applications that do no adhere to these restrictions may encounter unexpected side effects or crashes. For that reason use of this function is discouraged. Any flags provided in flags will be set in dest in addition to any flags already set in b. For example this might commonly be used to create a temporary copy of a BIGNUM with the BN_FLG_CONSTTIME flag set for constant time operations. The temporary copy in dest will share some internal state with b. For this reason the following restrictions apply to the use of dest:

+ +
    + +
  • dest should be a newly allocated BIGNUM obtained via a call to BN_new(). It should not have been used for other purposes or initialised in any way.

    + +
  • +
  • dest must only be used in "read-only" operations, i.e. typically those functions where the relevant parameter is declared "const".

    + +
  • +
  • dest must be used and freed before any further subsequent use of b

    + +
  • +
+ +

RETURN VALUES

+ +

BN_copy() returns to on success, NULL on error. BN_dup() returns the new BIGNUM, and NULL on error. The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_generate_prime.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_generate_prime.html new file mode 100644 index 00000000..bdb2ff7d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_generate_prime.html @@ -0,0 +1,174 @@ + + + + +BN_generate_prime + + + + + + + + + + +

NAME

+ +

BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+                         const BIGNUM *rem, BN_GENCB *cb);
+
+int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+
+int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
+                            int do_trial_division, BN_GENCB *cb);
+
+int BN_GENCB_call(BN_GENCB *cb, int a, int b);
+
+BN_GENCB *BN_GENCB_new(void);
+
+void BN_GENCB_free(BN_GENCB *cb);
+
+void BN_GENCB_set_old(BN_GENCB *gencb,
+                      void (*callback)(int, int, void *), void *cb_arg);
+
+void BN_GENCB_set(BN_GENCB *gencb,
+                  int (*callback)(int, int, BN_GENCB *), void *cb_arg);
+
+void *BN_GENCB_get_arg(BN_GENCB *cb);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x00908000L
+BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
+                          BIGNUM *rem, void (*callback)(int, int, void *),
+                          void *cb_arg);
+
+int BN_is_prime(const BIGNUM *a, int checks,
+                void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
+
+int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+                         void (*callback)(int, int, void *), BN_CTX *ctx,
+                         void *cb_arg, int do_trial_division);
+#endif
+ +

DESCRIPTION

+ +

BN_generate_prime_ex() generates a pseudo-random prime number of at least bit length bits. The returned number is probably prime with a negligible error. If add is NULL the returned prime number will have exact bit length bits with the top most two bits set.

+ +

If ret is not NULL, it will be used to store the number.

+ +

If cb is not NULL, it is used as follows:

+ +
    + +
  • BN_GENCB_call(cb, 0, i) is called after generating the i-th potential prime number.

    + +
  • +
  • While the number is being tested for primality, BN_GENCB_call(cb, 1, j) is called as described below.

    + +
  • +
  • When a prime has been found, BN_GENCB_call(cb, 2, i) is called.

    + +
  • +
  • The callers of BN_generate_prime_ex() may call BN_GENCB_call(cb, i, j) with other values as described in their respective man pages; see "SEE ALSO".

    + +
  • +
+ +

The prime may have to fulfill additional requirements for use in Diffie-Hellman key exchange:

+ +

If add is not NULL, the prime will fulfill the condition p % add == rem (p % add == 1 if rem == NULL) in order to suit a given generator.

+ +

If safe is true, it will be a safe prime (i.e. a prime p so that (p-1)/2 is also prime). If safe is true, and rem == NULL the condition will be p % add == 3. It is recommended that add is a multiple of 4.

+ +

The random generator must be seeded prior to calling BN_generate_prime_ex(). If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

BN_is_prime_ex() and BN_is_prime_fasttest_ex() test if the number p is prime. The following tests are performed until one of them shows that p is composite; if p passes all these tests, it is considered prime.

+ +

BN_is_prime_fasttest_ex(), when called with do_trial_division == 1, first attempts trial division by a number of small primes; if no divisors are found by this test and cb is not NULL, BN_GENCB_call(cb, 1, -1) is called. If do_trial_division == 0, this test is skipped.

+ +

Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin probabilistic primality test with nchecks iterations. If nchecks == BN_prime_checks, a number of iterations is used that yields a false positive rate of at most 2^-64 for random input. The error rate depends on the size of the prime and goes down for bigger primes. The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bits, 2^-128 at 1080 bits, 2^-192 at 3747 bits and 2^-256 at 6394 bits.

+ +

When the source of the prime is not random or not trusted, the number of checks needs to be much higher to reach the same level of assurance: It should equal half of the targeted security level in bits (rounded up to the next integer if necessary). For instance, to reach the 128 bit security level, nchecks should be set to 64.

+ +

If cb is not NULL, BN_GENCB_call(cb, 1, j) is called after the j-th iteration (j = 0, 1, ...). ctx is a pre-allocated BN_CTX (to save the overhead of allocating and freeing the structure in a loop), or NULL.

+ +

BN_GENCB_call() calls the callback function held in the BN_GENCB structure and passes the ints a and b as arguments. There are two types of BN_GENCB structure that are supported: "new" style and "old" style. New programs should prefer the "new" style, whilst the "old" style is provided for backwards compatibility purposes.

+ +

A BN_GENCB structure should be created through a call to BN_GENCB_new(), and freed through a call to BN_GENCB_free().

+ +

For "new" style callbacks a BN_GENCB structure should be initialised with a call to BN_GENCB_set(), where gencb is a BN_GENCB *, callback is of type int (*callback)(int, int, BN_GENCB *) and cb_arg is a void *. "Old" style callbacks are the same except they are initialised with a call to BN_GENCB_set_old() and callback is of type void (*callback)(int, int, void *).

+ +

A callback is invoked through a call to BN_GENCB_call. This will check the type of the callback and will invoke callback(a, b, gencb) for new style callbacks or callback(a, b, cb_arg) for old style.

+ +

It is possible to obtain the argument associated with a BN_GENCB structure (set via a call to BN_GENCB_set or BN_GENCB_set_old) using BN_GENCB_get_arg.

+ +

BN_generate_prime() (deprecated) works in the same way as BN_generate_prime_ex() but expects an old-style callback function directly in the callback parameter, and an argument to pass to it in the cb_arg. BN_is_prime() and BN_is_prime_fasttest() can similarly be compared to BN_is_prime_ex() and BN_is_prime_fasttest_ex(), respectively.

+ +

RETURN VALUES

+ +

BN_generate_prime_ex() return 1 on success or 0 on error.

+ +

BN_is_prime_ex(), BN_is_prime_fasttest_ex(), BN_is_prime() and BN_is_prime_fasttest() return 0 if the number is composite, 1 if it is prime with an error probability of less than 0.25^nchecks, and -1 on error.

+ +

BN_generate_prime() returns the prime number on success, NULL otherwise.

+ +

BN_GENCB_new returns a pointer to a BN_GENCB structure on success, or NULL otherwise.

+ +

BN_GENCB_get_arg returns the argument previously associated with a BN_GENCB structure.

+ +

Callback functions should return 1 on success or 0 on error.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

REMOVED FUNCTIONALITY

+ +

As of OpenSSL 1.1.0 it is no longer possible to create a BN_GENCB structure directly, as in:

+ +
BN_GENCB callback;
+ +

Instead applications should create a BN_GENCB structure using BN_GENCB_new:

+ +
BN_GENCB *callback;
+callback = BN_GENCB_new();
+if (!callback)
+    /* error */
+...
+BN_GENCB_free(callback);
+ +

SEE ALSO

+ +

DH_generate_parameters(3), DSA_generate_parameters(3), RSA_generate_key(3), ERR_get_error(3), RAND_bytes(3), RAND(7)

+ +

HISTORY

+ +

The BN_GENCB_new(), BN_GENCB_free(), and BN_GENCB_get_arg() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_mod_inverse.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_mod_inverse.html new file mode 100644 index 00000000..4bd456bb --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_mod_inverse.html @@ -0,0 +1,59 @@ + + + + +BN_mod_inverse + + + + + + + + + + +

NAME

+ +

BN_mod_inverse - compute inverse modulo n

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+                       BN_CTX *ctx);
+ +

DESCRIPTION

+ +

BN_mod_inverse() computes the inverse of a modulo n places the result in r ((a*r)%n==1). If r is NULL, a new BIGNUM is created.

+ +

ctx is a previously allocated BN_CTX used for temporary variables. r may be the same BIGNUM as a or n.

+ +

RETURN VALUES

+ +

BN_mod_inverse() returns the BIGNUM containing the inverse, and NULL on error. The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), BN_add(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_mod_mul_montgomery.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_mod_mul_montgomery.html new file mode 100644 index 00000000..825b3ed1 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_mod_mul_montgomery.html @@ -0,0 +1,99 @@ + + + + +BN_mod_mul_montgomery + + + + + + + + + + +

NAME

+ +

BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, BN_from_montgomery, BN_to_montgomery - Montgomery multiplication

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+BN_MONT_CTX *BN_MONT_CTX_new(void);
+void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+
+int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx);
+
+int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+                       BN_CTX *ctx);
+
+int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+                     BN_CTX *ctx);
+ +

DESCRIPTION

+ +

These functions implement Montgomery multiplication. They are used automatically when BN_mod_exp(3) is called with suitable input, but they may be useful when several operations are to be performed using the same modulus.

+ +

BN_MONT_CTX_new() allocates and initializes a BN_MONT_CTX structure.

+ +

BN_MONT_CTX_set() sets up the mont structure from the modulus m by precomputing its inverse and a value R.

+ +

BN_MONT_CTX_copy() copies the BN_MONT_CTX from to to.

+ +

BN_MONT_CTX_free() frees the components of the BN_MONT_CTX, and, if it was created by BN_MONT_CTX_new(), also the structure itself. If mont is NULL, nothing is done.

+ +

BN_mod_mul_montgomery() computes Mont(a,b):=a*b*R^-1 and places the result in r.

+ +

BN_from_montgomery() performs the Montgomery reduction r = a*R^-1.

+ +

BN_to_montgomery() computes Mont(a,R^2), i.e. a*R. Note that a must be non-negative and smaller than the modulus.

+ +

For all functions, ctx is a previously allocated BN_CTX used for temporary variables.

+ +

RETURN VALUES

+ +

BN_MONT_CTX_new() returns the newly allocated BN_MONT_CTX, and NULL on error.

+ +

BN_MONT_CTX_free() has no return value.

+ +

For the other functions, 1 is returned for success, 0 on error. The error codes can be obtained by ERR_get_error(3).

+ +

WARNINGS

+ +

The inputs must be reduced modulo m, otherwise the result will be outside the expected range.

+ +

SEE ALSO

+ +

ERR_get_error(3), BN_add(3), BN_CTX_new(3)

+ +

HISTORY

+ +

BN_MONT_CTX_init() was removed in OpenSSL 1.1.0

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_mod_mul_reciprocal.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_mod_mul_reciprocal.html new file mode 100644 index 00000000..6c144944 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_mod_mul_reciprocal.html @@ -0,0 +1,84 @@ + + + + +BN_mod_mul_reciprocal + + + + + + + + + + +

NAME

+ +

BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_free, BN_RECP_CTX_set - modular multiplication using reciprocal

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+BN_RECP_CTX *BN_RECP_CTX_new(void);
+void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
+
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp,
+                BN_CTX *ctx);
+
+int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+                          BN_RECP_CTX *recp, BN_CTX *ctx);
+ +

DESCRIPTION

+ +

BN_mod_mul_reciprocal() can be used to perform an efficient BN_mod_mul(3) operation when the operation will be performed repeatedly with the same modulus. It computes r=(a*b)%m using recp=1/m, which is set as described below. ctx is a previously allocated BN_CTX used for temporary variables.

+ +

BN_RECP_CTX_new() allocates and initializes a BN_RECP structure.

+ +

BN_RECP_CTX_free() frees the components of the BN_RECP, and, if it was created by BN_RECP_CTX_new(), also the structure itself. If recp is NULL, nothing is done.

+ +

BN_RECP_CTX_set() stores m in recp and sets it up for computing 1/m and shifting it left by BN_num_bits(m)+1 to make it an integer. The result and the number of bits it was shifted left will later be stored in recp.

+ +

BN_div_recp() divides a by m using recp. It places the quotient in dv and the remainder in rem.

+ +

The BN_RECP_CTX structure cannot be shared between threads.

+ +

RETURN VALUES

+ +

BN_RECP_CTX_new() returns the newly allocated BN_RECP_CTX, and NULL on error.

+ +

BN_RECP_CTX_free() has no return value.

+ +

For the other functions, 1 is returned for success, 0 on error. The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), BN_add(3), BN_CTX_new(3)

+ +

HISTORY

+ +

BN_RECP_CTX_init() was removed in OpenSSL 1.1.0

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_new.html new file mode 100644 index 00000000..cf03b245 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_new.html @@ -0,0 +1,75 @@ + + + + +BN_new + + + + + + + + + + +

NAME

+ +

BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+BIGNUM *BN_new(void);
+
+BIGNUM *BN_secure_new(void);
+
+void BN_clear(BIGNUM *a);
+
+void BN_free(BIGNUM *a);
+
+void BN_clear_free(BIGNUM *a);
+ +

DESCRIPTION

+ +

BN_new() allocates and initializes a BIGNUM structure. BN_secure_new() does the same except that the secure heap OPENSSL_secure_malloc(3) is used to store the value.

+ +

BN_clear() is used to destroy sensitive data such as keys when they are no longer needed. It erases the memory used by a and sets it to the value 0. If a is NULL, nothing is done.

+ +

BN_free() frees the components of the BIGNUM, and if it was created by BN_new(), also the structure itself. BN_clear_free() additionally overwrites the data before the memory is returned to the system. If a is NULL, nothing is done.

+ +

RETURN VALUES

+ +

BN_new() and BN_secure_new() return a pointer to the BIGNUM initialised to the value 0. If the allocation fails, they return NULL and set an error code that can be obtained by ERR_get_error(3).

+ +

BN_clear(), BN_free() and BN_clear_free() have no return values.

+ +

SEE ALSO

+ +

ERR_get_error(3), OPENSSL_secure_malloc(3)

+ +

HISTORY

+ +

BN_init() was removed in OpenSSL 1.1.0; use BN_new() instead.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_num_bytes.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_num_bytes.html new file mode 100644 index 00000000..fa66fc8c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_num_bytes.html @@ -0,0 +1,71 @@ + + + + +BN_num_bytes + + + + + + + + + + +

NAME

+ +

BN_num_bits, BN_num_bytes, BN_num_bits_word - get BIGNUM size

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_num_bytes(const BIGNUM *a);
+
+int BN_num_bits(const BIGNUM *a);
+
+int BN_num_bits_word(BN_ULONG w);
+ +

DESCRIPTION

+ +

BN_num_bytes() returns the size of a BIGNUM in bytes.

+ +

BN_num_bits_word() returns the number of significant bits in a word. If we take 0x00000432 as an example, it returns 11, not 16, not 32. Basically, except for a zero, it returns floor(log2(w))+1.

+ +

BN_num_bits() returns the number of significant bits in a BIGNUM, following the same principle as BN_num_bits_word().

+ +

BN_num_bytes() is a macro.

+ +

RETURN VALUES

+ +

The size.

+ +

NOTES

+ +

Some have tried using BN_num_bits() on individual numbers in RSA keys, DH keys and DSA keys, and found that they don't always come up with the number of bits they expected (something like 512, 1024, 2048, ...). This is because generating a number with some specific number of bits doesn't always set the highest bits, thereby making the number of significant bits a little lower. If you want to know the "key size" of such a key, either use functions like RSA_size(), DH_size() and DSA_size(), or use BN_num_bytes() and multiply with 8 (although there's no real guarantee that will match the "key size", just a lot more probability).

+ +

SEE ALSO

+ +

DH_size(3), DSA_size(3), RSA_size(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_rand.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_rand.html new file mode 100644 index 00000000..6f99cbbd --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_rand.html @@ -0,0 +1,88 @@ + + + + +BN_rand + + + + + + + + + + +

NAME

+ +

BN_rand, BN_priv_rand, BN_pseudo_rand, BN_rand_range, BN_priv_rand_range, BN_pseudo_rand_range - generate pseudo-random number

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+
+int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range);
+
+int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+ +

DESCRIPTION

+ +

BN_rand() generates a cryptographically strong pseudo-random number of bits in length and stores it in rnd. If bits is less than zero, or too small to accommodate the requirements specified by the top and bottom parameters, an error is returned. The top parameters specifies requirements on the most significant bit of the generated number. If it is BN_RAND_TOP_ANY, there is no constraint. If it is BN_RAND_TOP_ONE, the top bit must be one. If it is BN_RAND_TOP_TWO, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*bits length. If bottom is BN_RAND_BOTTOM_ODD, the number will be odd; if it is BN_RAND_BOTTOM_ANY it can be odd or even. If bits is 1 then top cannot also be BN_RAND_FLG_TOPTWO.

+ +

BN_rand_range() generates a cryptographically strong pseudo-random number rnd in the range 0 <= rnd < range.

+ +

BN_priv_rand() and BN_priv_rand_range() have the same semantics as BN_rand() and BN_rand_range() respectively. They are intended to be used for generating values that should remain private, and mirror the same difference between RAND_bytes(3) and RAND_priv_bytes(3).

+ +

NOTES

+ +

Always check the error return value of these functions and do not take randomness for granted: an error occurs if the CSPRNG has not been seeded with enough randomness to ensure an unpredictable byte sequence.

+ +

RETURN VALUES

+ +

The functions return 1 on success, 0 on error. The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), RAND_add(3), RAND_bytes(3), RAND_priv_bytes(3), RAND(7), RAND_DRBG(7)

+ +

HISTORY

+ +
    + +
  • Starting with OpenSSL release 1.1.0, BN_pseudo_rand() has been identical to BN_rand() and BN_pseudo_rand_range() has been identical to BN_rand_range(). The "pseudo" functions should not be used and may be deprecated in a future release.

    + +
  • +
  • The BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1.

    + +
  • +
+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_security_bits.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_security_bits.html new file mode 100644 index 00000000..fa6966ba --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_security_bits.html @@ -0,0 +1,66 @@ + + + + +BN_security_bits + + + + + + + + + + +

NAME

+ +

BN_security_bits - returns bits of security based on given numbers

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_security_bits(int L, int N);
+ +

DESCRIPTION

+ +

BN_security_bits() returns the number of bits of security provided by a specific algorithm and a particular key size. The bits of security is defined in NIST SP800-57. Currently, BN_security_bits() support two types of asymmetric algorithms: the FFC (Finite Field Cryptography) and IFC (Integer Factorization Cryptography). For FFC, e.g., DSA and DH, both parameters L and N are used to decide the bits of security, where L is the size of the public key and N is the size of the private key. For IFC, e.g., RSA, only L is used and it's commonly considered to be the key size (modulus).

+ +

RETURN VALUES

+ +

Number of security bits.

+ +

NOTES

+ +

ECC (Elliptic Curve Cryptography) is not covered by the BN_security_bits() function. The symmetric algorithms are not covered neither.

+ +

SEE ALSO

+ +

DH_security_bits(3), DSA_security_bits(3), RSA_security_bits(3)

+ +

HISTORY

+ +

The BN_security_bits() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_set_bit.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_set_bit.html new file mode 100644 index 00000000..9a6c6fc0 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_set_bit.html @@ -0,0 +1,81 @@ + + + + +BN_set_bit + + + + + + + + + + +

NAME

+ +

BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, BN_lshift1, BN_rshift, BN_rshift1 - bit operations on BIGNUMs

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+int BN_set_bit(BIGNUM *a, int n);
+int BN_clear_bit(BIGNUM *a, int n);
+
+int BN_is_bit_set(const BIGNUM *a, int n);
+
+int BN_mask_bits(BIGNUM *a, int n);
+
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_lshift1(BIGNUM *r, BIGNUM *a);
+
+int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+int BN_rshift1(BIGNUM *r, BIGNUM *a);
+ +

DESCRIPTION

+ +

BN_set_bit() sets bit n in a to 1 (a|=(1<<n)). The number is expanded if necessary.

+ +

BN_clear_bit() sets bit n in a to 0 (a&=~(1<<n)). An error occurs if a is shorter than n bits.

+ +

BN_is_bit_set() tests if bit n in a is set.

+ +

BN_mask_bits() truncates a to an n bit number (a&=~((~0)>>n)). An error occurs if a already is shorter than n bits.

+ +

BN_lshift() shifts a left by n bits and places the result in r (r=a*2^n). Note that n must be non-negative. BN_lshift1() shifts a left by one and places the result in r (r=2*a).

+ +

BN_rshift() shifts a right by n bits and places the result in r (r=a/2^n). Note that n must be non-negative. BN_rshift1() shifts a right by one and places the result in r (r=a/2).

+ +

For the shift functions, r and a may be the same variable.

+ +

RETURN VALUES

+ +

BN_is_bit_set() returns 1 if the bit is set, 0 otherwise.

+ +

All other functions return 1 for success, 0 on error. The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

BN_num_bytes(3), BN_add(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_swap.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_swap.html new file mode 100644 index 00000000..53b37a20 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_swap.html @@ -0,0 +1,51 @@ + + + + +BN_swap + + + + + + + + + + +

NAME

+ +

BN_swap - exchange BIGNUMs

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+void BN_swap(BIGNUM *a, BIGNUM *b);
+ +

DESCRIPTION

+ +

BN_swap() exchanges the values of a and b.

+ +

RETURN VALUES

+ +

BN_swap() does not return a value.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_zero.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_zero.html new file mode 100644 index 00000000..e92b821c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BN_zero.html @@ -0,0 +1,82 @@ + + + + +BN_zero + + + + + + + + + + +

NAME

+ +

BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word - BIGNUM assignment operations

+ +

SYNOPSIS

+ +
#include <openssl/bn.h>
+
+void BN_zero(BIGNUM *a);
+int BN_one(BIGNUM *a);
+
+const BIGNUM *BN_value_one(void);
+
+int BN_set_word(BIGNUM *a, BN_ULONG w);
+unsigned BN_ULONG BN_get_word(BIGNUM *a);
+ +

DESCRIPTION

+ +

BN_ULONG is a macro that will be an unsigned integral type optimized for the most efficient implementation on the local platform.

+ +

BN_zero(), BN_one() and BN_set_word() set a to the values 0, 1 and w respectively. BN_zero() and BN_one() are macros.

+ +

BN_value_one() returns a BIGNUM constant of value 1. This constant is useful for use in comparisons and assignment.

+ +

BN_get_word() returns a, if it can be represented as a BN_ULONG.

+ +

RETURN VALUES

+ +

BN_get_word() returns the value a, or all-bits-set if a cannot be represented as a single integer.

+ +

BN_one() and BN_set_word() return 1 on success, 0 otherwise. BN_value_one() returns the constant. BN_zero() never fails and returns no value.

+ +

BUGS

+ +

If a BIGNUM is equal to the value of all-bits-set, it will collide with the error condition returned by BN_get_word() which uses that as an error value.

+ +

BN_ULONG should probably be a typedef.

+ +

SEE ALSO

+ +

BN_bn2bin(3)

+ +

HISTORY

+ +

In OpenSSL 0.9.8, BN_zero() was changed to not return a value; previous versions returned an int.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/BUF_MEM_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/BUF_MEM_new.html new file mode 100644 index 00000000..fa6c957f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/BUF_MEM_new.html @@ -0,0 +1,86 @@ + + + + +BUF_MEM_new + + + + + + + + + + +

NAME

+ +

BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, BUF_MEM_grow_clean, BUF_reverse - simple character array structure

+ +

SYNOPSIS

+ +
#include <openssl/buffer.h>
+
+BUF_MEM *BUF_MEM_new(void);
+
+BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
+
+void BUF_MEM_free(BUF_MEM *a);
+
+int BUF_MEM_grow(BUF_MEM *str, int len);
+size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
+
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size);
+ +

DESCRIPTION

+ +

The buffer library handles simple character arrays. Buffers are used for various purposes in the library, most notably memory BIOs.

+ +

BUF_MEM_new() allocates a new buffer of zero size.

+ +

BUF_MEM_new_ex() allocates a buffer with the specified flags. The flag BUF_MEM_FLAG_SECURE specifies that the data pointer should be allocated on the secure heap; see CRYPTO_secure_malloc(3).

+ +

BUF_MEM_free() frees up an already existing buffer. The data is zeroed before freeing up in case the buffer contains sensitive data.

+ +

BUF_MEM_grow() changes the size of an already existing buffer to len. Any data already in the buffer is preserved if it increases in size.

+ +

BUF_MEM_grow_clean() is similar to BUF_MEM_grow() but it sets any free'd or additionally-allocated memory to zero.

+ +

BUF_reverse() reverses size bytes at in into out. If in is NULL, the array is reversed in-place.

+ +

RETURN VALUES

+ +

BUF_MEM_new() returns the buffer or NULL on error.

+ +

BUF_MEM_free() has no return value.

+ +

BUF_MEM_grow() and BUF_MEM_grow_clean() return zero on error or the new size (i.e., len).

+ +

SEE ALSO

+ +

bio(7), CRYPTO_secure_malloc(3).

+ +

HISTORY

+ +

The BUF_MEM_new_ex() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_add0_cert.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_add0_cert.html new file mode 100644 index 00000000..963021b2 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_add0_cert.html @@ -0,0 +1,79 @@ + + + + +CMS_add0_cert + + + + + + + + + + +

NAME

+ +

CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls - CMS certificate and CRL utility functions

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
+
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
+ +

DESCRIPTION

+ +

CMS_add0_cert() and CMS_add1_cert() add certificate cert to cms. must be of type signed data or enveloped data.

+ +

CMS_get1_certs() returns all certificates in cms.

+ +

CMS_add0_crl() and CMS_add1_crl() add CRL crl to cms. CMS_get1_crls() returns any CRLs in cms.

+ +

NOTES

+ +

The CMS_ContentInfo structure cms must be of type signed data or enveloped data or an error will be returned.

+ +

For signed data certificates and CRLs are added to the certificates and crls fields of SignedData structure. For enveloped data they are added to OriginatorInfo.

+ +

As the 0 implies CMS_add0_cert() adds cert internally to cms and it must not be freed up after the call as opposed to CMS_add1_cert() where cert must be freed up.

+ +

The same certificate or CRL must not be added to the same cms structure more than once.

+ +

RETURN VALUES

+ +

CMS_add0_cert(), CMS_add1_cert() and CMS_add0_crl() and CMS_add1_crl() return 1 for success and 0 for failure.

+ +

CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs or NULL if there are none or an error occurs. The only error which will occur in practice is if the cms type is invalid.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_encrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_add1_recipient_cert.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_add1_recipient_cert.html new file mode 100644 index 00000000..15da3724 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_add1_recipient_cert.html @@ -0,0 +1,77 @@ + + + + +CMS_add1_recipient_cert + + + + + + + + + + +

NAME

+ +

CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+                                           X509 *recip, unsigned int flags);
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+                                          unsigned char *key, size_t keylen,
+                                          unsigned char *id, size_t idlen,
+                                          ASN1_GENERALIZEDTIME *date,
+                                          ASN1_OBJECT *otherTypeId,
+                                          ASN1_TYPE *otherType);
+ +

DESCRIPTION

+ +

CMS_add1_recipient_cert() adds recipient recip to CMS_ContentInfo enveloped data structure cms as a KeyTransRecipientInfo structure.

+ +

CMS_add0_recipient_key() adds symmetric key key of length keylen using wrapping algorithm nid, identifier id of length idlen and optional values date, otherTypeId and otherType to CMS_ContentInfo enveloped data structure cms as a KEKRecipientInfo structure.

+ +

The CMS_ContentInfo structure should be obtained from an initial call to CMS_encrypt() with the flag CMS_PARTIAL set.

+ +

NOTES

+ +

The main purpose of this function is to provide finer control over a CMS enveloped data structure where the simpler CMS_encrypt() function defaults are not appropriate. For example if one or more KEKRecipientInfo structures need to be added. New attributes can also be added using the returned CMS_RecipientInfo structure and the CMS attribute utility functions.

+ +

OpenSSL will by default identify recipient certificates using issuer name and serial number. If CMS_USE_KEYID is set it will use the subject key identifier value instead. An error occurs if all recipient certificates do not have a subject key identifier extension.

+ +

Currently only AES based key wrapping algorithms are supported for nid, specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. If nid is set to NID_undef then an AES wrap algorithm will be used consistent with keylen.

+ +

RETURN VALUES

+ +

CMS_add1_recipient_cert() and CMS_add0_recipient_key() return an internal pointer to the CMS_RecipientInfo structure just added or NULL if an error occurs.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_decrypt(3), CMS_final(3),

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_add1_signer.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_add1_signer.html new file mode 100644 index 00000000..b2e91064 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_add1_signer.html @@ -0,0 +1,89 @@ + + + + +CMS_add1_signer + + + + + + + + + + +

NAME

+ +

CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert,
+                                EVP_PKEY *pkey, const EVP_MD *md,
+                                unsigned int flags);
+
+int CMS_SignerInfo_sign(CMS_SignerInfo *si);
+ +

DESCRIPTION

+ +

CMS_add1_signer() adds a signer with certificate signcert and private key pkey using message digest md to CMS_ContentInfo SignedData structure cms.

+ +

The CMS_ContentInfo structure should be obtained from an initial call to CMS_sign() with the flag CMS_PARTIAL set or in the case or re-signing a valid CMS_ContentInfo SignedData structure.

+ +

If the md parameter is NULL then the default digest for the public key algorithm will be used.

+ +

Unless the CMS_REUSE_DIGEST flag is set the returned CMS_ContentInfo structure is not complete and must be finalized either by streaming (if applicable) or a call to CMS_final().

+ +

The CMS_SignerInfo_sign() function will explicitly sign a CMS_SignerInfo structure, its main use is when CMS_REUSE_DIGEST and CMS_PARTIAL flags are both set.

+ +

NOTES

+ +

The main purpose of CMS_add1_signer() is to provide finer control over a CMS signed data structure where the simpler CMS_sign() function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed. New attributes can also be added using the returned CMS_SignerInfo structure and the CMS attribute utility functions or the CMS signed receipt request functions.

+ +

Any of the following flags (ored together) can be passed in the flags parameter.

+ +

If CMS_REUSE_DIGEST is set then an attempt is made to copy the content digest value from the CMS_ContentInfo structure: to add a signer to an existing structure. An error occurs if a matching digest value cannot be found to copy. The returned CMS_ContentInfo structure will be valid and finalized when this flag is set.

+ +

If CMS_PARTIAL is set in addition to CMS_REUSE_DIGEST then the CMS_SignerInfo structure will not be finalized so additional attributes can be added. In this case an explicit call to CMS_SignerInfo_sign() is needed to finalize it.

+ +

If CMS_NOCERTS is set the signer's certificate will not be included in the CMS_ContentInfo structure, the signer's certificate must still be supplied in the signcert parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message.

+ +

The SignedData structure includes several CMS signedAttributes including the signing time, the CMS content type and the supported list of ciphers in an SMIMECapabilities attribute. If CMS_NOATTR is set then no signedAttributes will be used. If CMS_NOSMIMECAP is set then just the SMIMECapabilities are omitted.

+ +

OpenSSL will by default identify signing certificates using issuer name and serial number. If CMS_USE_KEYID is set it will use the subject key identifier value instead. An error occurs if the signing certificate does not have a subject key identifier extension.

+ +

If present the SMIMECapabilities attribute indicates support for the following algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is not loaded.

+ +

CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo structure just added, this can be used to set additional attributes before it is finalized.

+ +

RETURN VALUES

+ +

CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo structure just added or NULL if an error occurs.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_final(3),

+ +

COPYRIGHT

+ +

Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_compress.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_compress.html new file mode 100644 index 00000000..069b0ede --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_compress.html @@ -0,0 +1,85 @@ + + + + +CMS_compress + + + + + + + + + + +

NAME

+ +

CMS_compress - create a CMS CompressedData structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_compress() creates and returns a CMS CompressedData structure. comp_nid is the compression algorithm to use or NID_undef to use the default algorithm (zlib compression). in is the content to be compressed. flags is an optional set of flags.

+ +

NOTES

+ +

The only currently supported compression algorithm is zlib using the NID NID_zlib_compression.

+ +

If zlib support is not compiled into OpenSSL then CMS_compress() will return an error.

+ +

If the CMS_TEXT flag is set MIME headers for type text/plain are prepended to the data.

+ +

Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) if CMS_BINARY is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. If CMS_BINARY is set then CMS_TEXT is ignored.

+ +

If the CMS_STREAM flag is set a partial CMS_ContentInfo structure is returned suitable for streaming I/O: no data is read from the BIO in.

+ +

The compressed data is included in the CMS_ContentInfo structure, unless CMS_DETACHED is set in which case it is omitted. This is rarely used in practice and is not supported by SMIME_write_CMS().

+ +

NOTES

+ +

If the flag CMS_STREAM is set the returned CMS_ContentInfo structure is not complete and outputting its contents via a function that does not properly finalize the CMS_ContentInfo structure will give unpredictable results.

+ +

Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization can be performed by obtaining the streaming ASN1 BIO directly using BIO_new_CMS().

+ +

Additional compression parameters such as the zlib compression level cannot currently be set.

+ +

RETURN VALUES

+ +

CMS_compress() returns either a CMS_ContentInfo structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_uncompress(3)

+ +

HISTORY

+ +

The CMS_STREAM flag was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_decrypt.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_decrypt.html new file mode 100644 index 00000000..b900628c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_decrypt.html @@ -0,0 +1,79 @@ + + + + +CMS_decrypt + + + + + + + + + + +

NAME

+ +

CMS_decrypt - decrypt content from a CMS envelopedData structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
+                BIO *dcont, BIO *out, unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_decrypt() extracts and decrypts the content from a CMS EnvelopedData structure. pkey is the private key of the recipient, cert is the recipient's certificate, out is a BIO to write the content to and flags is an optional set of flags.

+ +

The dcont parameter is used in the rare case where the encrypted content is detached. It will normally be set to NULL.

+ +

NOTES

+ +

Although the recipients certificate is not needed to decrypt the data it is needed to locate the appropriate (of possible several) recipients in the CMS structure.

+ +

If cert is set to NULL all possible recipients are tried. This case however is problematic. To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or not. If no recipient succeeds then a random symmetric key is used to decrypt the content: this will typically output garbage and may (but is not guaranteed to) ultimately return a padding error only. If CMS_decrypt() just returned an error when all recipient encrypted keys failed to decrypt an attacker could use this in a timing attack. If the special flag CMS_DEBUG_DECRYPT is set then the above behaviour is modified and an error is returned if no recipient encrypted key can be decrypted without generating a random content encryption key. Applications should use this flag with extreme caution especially in automated gateways as it can leave them open to attack.

+ +

It is possible to determine the correct recipient key by other means (for example looking them up in a database) and setting them in the CMS structure in advance using the CMS utility functions such as CMS_set1_pkey(). In this case both cert and pkey should be set to NULL.

+ +

To process KEKRecipientInfo types CMS_set1_key() or CMS_RecipientInfo_set0_key() and CMS_RecipientInfo_decrypt() should be called before CMS_decrypt() and cert and pkey set to NULL.

+ +

The following flags can be passed in the flags parameter.

+ +

If the CMS_TEXT flag is set MIME headers for type text/plain are deleted from the content. If the content is not of type text/plain then an error is returned.

+ +

RETURN VALUES

+ +

CMS_decrypt() returns either 1 for success or 0 for failure. The error can be obtained from ERR_get_error(3)

+ +

BUGS

+ +

The lack of single pass processing and the need to hold all data in memory as mentioned in CMS_verify() also applies to CMS_decrypt().

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_encrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_encrypt.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_encrypt.html new file mode 100644 index 00000000..8221d8c5 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_encrypt.html @@ -0,0 +1,98 @@ + + + + +CMS_encrypt + + + + + + + + + + +

NAME

+ +

CMS_encrypt - create a CMS envelopedData structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+                             const EVP_CIPHER *cipher, unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_encrypt() creates and returns a CMS EnvelopedData structure. certs is a list of recipient certificates. in is the content to be encrypted. cipher is the symmetric cipher to use. flags is an optional set of flags.

+ +

NOTES

+ +

Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this function.

+ +

EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because most clients will support it.

+ +

The algorithm passed in the cipher parameter must support ASN1 encoding of its parameters.

+ +

Many browsers implement a "sign and encrypt" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory BIO and passing it to CMS_encrypt().

+ +

The following flags can be passed in the flags parameter.

+ +

If the CMS_TEXT flag is set MIME headers for type text/plain are prepended to the data.

+ +

Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) if CMS_BINARY is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. If CMS_BINARY is set then CMS_TEXT is ignored.

+ +

OpenSSL will by default identify recipient certificates using issuer name and serial number. If CMS_USE_KEYID is set it will use the subject key identifier value instead. An error occurs if all recipient certificates do not have a subject key identifier extension.

+ +

If the CMS_STREAM flag is set a partial CMS_ContentInfo structure is returned suitable for streaming I/O: no data is read from the BIO in.

+ +

If the CMS_PARTIAL flag is set a partial CMS_ContentInfo structure is returned to which additional recipients and attributes can be added before finalization.

+ +

The data being encrypted is included in the CMS_ContentInfo structure, unless CMS_DETACHED is set in which case it is omitted. This is rarely used in practice and is not supported by SMIME_write_CMS().

+ +

NOTES

+ +

If the flag CMS_STREAM is set the returned CMS_ContentInfo structure is not complete and outputting its contents via a function that does not properly finalize the CMS_ContentInfo structure will give unpredictable results.

+ +

Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization can be performed by obtaining the streaming ASN1 BIO directly using BIO_new_CMS().

+ +

The recipients specified in certs use a CMS KeyTransRecipientInfo info structure. KEKRecipientInfo is also supported using the flag CMS_PARTIAL and CMS_add0_recipient_key().

+ +

The parameter certs may be NULL if CMS_PARTIAL is set and recipients added later using CMS_add1_recipient_cert() or CMS_add0_recipient_key().

+ +

RETURN VALUES

+ +

CMS_encrypt() returns either a CMS_ContentInfo structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_decrypt(3)

+ +

HISTORY

+ +

The CMS_STREAM flag was first supported in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_final.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_final.html new file mode 100644 index 00000000..42ed3701 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_final.html @@ -0,0 +1,61 @@ + + + + +CMS_final + + + + + + + + + + +

NAME

+ +

CMS_final - finalise a CMS_ContentInfo structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_final() finalises the structure cms. Its purpose is to perform any operations necessary on cms (digest computation for example) and set the appropriate fields. The parameter data contains the content to be processed. The dcont parameter contains a BIO to write content to after processing: this is only used with detached data and will usually be set to NULL.

+ +

NOTES

+ +

This function will normally be called when the CMS_PARTIAL flag is used. It should only be used when streaming is not performed because the streaming I/O functions perform finalisation operations internally.

+ +

RETURN VALUES

+ +

CMS_final() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_encrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_get0_RecipientInfos.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_get0_RecipientInfos.html new file mode 100644 index 00000000..717dcf6e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_get0_RecipientInfos.html @@ -0,0 +1,110 @@ + + + + +CMS_get0_RecipientInfos + + + + + + + + + + +

NAME

+ +

CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt - CMS envelopedData RecipientInfo routines

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
+
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+                                          ASN1_OCTET_STRING **keyid,
+                                          X509_NAME **issuer,
+                                          ASN1_INTEGER **sno);
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
+                                    ASN1_OCTET_STRING **pid,
+                                    ASN1_GENERALIZEDTIME **pdate,
+                                    ASN1_OBJECT **potherid,
+                                    ASN1_TYPE **pothertype);
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+                                   const unsigned char *id, size_t idlen);
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+                               unsigned char *key, size_t keylen);
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+ +

DESCRIPTION

+ +

The function CMS_get0_RecipientInfos() returns all the CMS_RecipientInfo structures associated with a CMS EnvelopedData structure.

+ +

CMS_RecipientInfo_type() returns the type of CMS_RecipientInfo structure ri. It will currently return CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER.

+ +

CMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate recipient identifier associated with a specific CMS_RecipientInfo structure ri, which must be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in keyid or both issuer name and serial number in issuer and sno.

+ +

CMS_RecipientInfo_ktri_cert_cmp() compares the certificate cert against the CMS_RecipientInfo structure ri, which must be of type CMS_RECIPINFO_TRANS. It returns zero if the comparison is successful and non zero if not.

+ +

CMS_RecipientInfo_set0_pkey() associates the private key pkey with the CMS_RecipientInfo structure ri, which must be of type CMS_RECIPINFO_TRANS.

+ +

CMS_RecipientInfo_kekri_get0_id() retrieves the key information from the CMS_RecipientInfo structure ri which must be of type CMS_RECIPINFO_KEK. Any of the remaining parameters can be NULL if the application is not interested in the value of a field. Where a field is optional and absent NULL will be written to the corresponding parameter. The keyEncryptionAlgorithm field is written to palg, the keyIdentifier field is written to pid, the date field if present is written to pdate, if the other field is present the components keyAttrId and keyAttr are written to parameters potherid and pothertype.

+ +

CMS_RecipientInfo_kekri_id_cmp() compares the ID in the id and idlen parameters against the keyIdentifier CMS_RecipientInfo structure ri, which must be of type CMS_RECIPINFO_KEK. It returns zero if the comparison is successful and non zero if not.

+ +

CMS_RecipientInfo_set0_key() associates the symmetric key key of length keylen with the CMS_RecipientInfo structure ri, which must be of type CMS_RECIPINFO_KEK.

+ +

CMS_RecipientInfo_decrypt() attempts to decrypt CMS_RecipientInfo structure ri in structure cms. A key must have been associated with the structure first.

+ +

CMS_RecipientInfo_encrypt() attempts to encrypt CMS_RecipientInfo structure ri in structure cms. A key must have been associated with the structure first and the content encryption key must be available: for example by a previous call to CMS_RecipientInfo_decrypt().

+ +

NOTES

+ +

The main purpose of these functions is to enable an application to lookup recipient keys using any appropriate technique when the simpler method of CMS_decrypt() is not appropriate.

+ +

In typical usage and application will retrieve all CMS_RecipientInfo structures using CMS_get0_RecipientInfos() and check the type of each using CMS_RecipientInfo_type(). Depending on the type the CMS_RecipientInfo structure can be ignored or its key identifier data retrieved using an appropriate function. Then if the corresponding secret or private key can be obtained by any appropriate means it can then associated with the structure and CMS_RecipientInfo_decrypt() called. If successful CMS_decrypt() can be called with a NULL key to decrypt the enveloped content.

+ +

The CMS_RecipientInfo_encrypt() can be used to add a new recipient to an existing enveloped data structure. Typically an application will first decrypt an appropriate CMS_RecipientInfo structure to make the content encrypt key available, it will then add a new recipient using a function such as CMS_add1_recipient_cert() and finally encrypt the content encryption key using CMS_RecipientInfo_encrypt().

+ +

RETURN VALUES

+ +

CMS_get0_RecipientInfos() returns all CMS_RecipientInfo structures, or NULL if an error occurs.

+ +

CMS_RecipientInfo_ktri_get0_signer_id(), CMS_RecipientInfo_set0_pkey(), CMS_RecipientInfo_kekri_get0_id(), CMS_RecipientInfo_set0_key() and CMS_RecipientInfo_decrypt() return 1 for success or 0 if an error occurs. CMS_RecipientInfo_encrypt() return 1 for success or 0 if an error occurs.

+ +

CMS_RecipientInfo_ktri_cert_cmp() and CMS_RecipientInfo_kekri_cmp() return 0 for a successful comparison and non zero otherwise.

+ +

Any error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_decrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_get0_SignerInfos.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_get0_SignerInfos.html new file mode 100644 index 00000000..4b47af2b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_get0_SignerInfos.html @@ -0,0 +1,89 @@ + + + + +CMS_get0_SignerInfos + + + + + + + + + + +

NAME

+ +

CMS_SignerInfo_set1_signer_cert, CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp - CMS signedData signer functions

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
+
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid,
+                                  X509_NAME **issuer, ASN1_INTEGER **sno);
+ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
+ +

DESCRIPTION

+ +

The function CMS_get0_SignerInfos() returns all the CMS_SignerInfo structures associated with a CMS signedData structure.

+ +

CMS_SignerInfo_get0_signer_id() retrieves the certificate signer identifier associated with a specific CMS_SignerInfo structure si. Either the keyidentifier will be set in keyid or both issuer name and serial number in issuer and sno.

+ +

CMS_SignerInfo_get0_signature() retrieves the signature associated with si in a pointer to an ASN1_OCTET_STRING structure. This pointer returned corresponds to the internal signature value if si so it may be read or modified.

+ +

CMS_SignerInfo_cert_cmp() compares the certificate cert against the signer identifier si. It returns zero if the comparison is successful and non zero if not.

+ +

CMS_SignerInfo_set1_signer_cert() sets the signers certificate of si to signer.

+ +

NOTES

+ +

The main purpose of these functions is to enable an application to lookup signers certificates using any appropriate technique when the simpler method of CMS_verify() is not appropriate.

+ +

In typical usage and application will retrieve all CMS_SignerInfo structures using CMS_get0_SignerInfo() and retrieve the identifier information using CMS. It will then obtain the signer certificate by some unspecified means (or return and error if it cannot be found) and set it using CMS_SignerInfo_set1_signer_cert().

+ +

Once all signer certificates have been set CMS_verify() can be used.

+ +

Although CMS_get0_SignerInfos() can return NULL if an error occurs or if there are no signers this is not a problem in practice because the only error which can occur is if the cms structure is not of type signedData due to application error.

+ +

RETURN VALUES

+ +

CMS_get0_SignerInfos() returns all CMS_SignerInfo structures, or NULL there are no signers or an error occurs.

+ +

CMS_SignerInfo_get0_signer_id() returns 1 for success and 0 for failure.

+ +

CMS_SignerInfo_cert_cmp() returns 0 for a successful comparison and non zero otherwise.

+ +

CMS_SignerInfo_set1_signer_cert() does not return a value.

+ +

Any error can be obtained from ERR_get_error(3)

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_verify(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_get0_type.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_get0_type.html new file mode 100644 index 00000000..947c3fd9 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_get0_type.html @@ -0,0 +1,87 @@ + + + + +CMS_get0_type + + + + + + + + + + +

NAME

+ +

CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - get and set CMS content types and content

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
+ +

DESCRIPTION

+ +

CMS_get0_type() returns the content type of a CMS_ContentInfo structure as an ASN1_OBJECT pointer. An application can then decide how to process the CMS_ContentInfo structure based on this value.

+ +

CMS_set1_eContentType() sets the embedded content type of a CMS_ContentInfo structure. It should be called with CMS functions (such as CMS_sign, CMS_encrypt) with the CMS_PARTIAL flag and before the structure is finalised, otherwise the results are undefined.

+ +

ASN1_OBJECT *CMS_get0_eContentType() returns a pointer to the embedded content type.

+ +

CMS_get0_content() returns a pointer to the ASN1_OCTET_STRING pointer containing the embedded content.

+ +

NOTES

+ +

As the 0 implies CMS_get0_type(), CMS_get0_eContentType() and CMS_get0_content() return internal pointers which should not be freed up. CMS_set1_eContentType() copies the supplied OID and it should be freed up after use.

+ +

The ASN1_OBJECT values returned can be converted to an integer NID value using OBJ_obj2nid(). For the currently supported content types the following values are returned:

+ +
NID_pkcs7_data
+NID_pkcs7_signed
+NID_pkcs7_digest
+NID_id_smime_ct_compressedData:
+NID_pkcs7_encrypted
+NID_pkcs7_enveloped
+ +

The return value of CMS_get0_content() is a pointer to the ASN1_OCTET_STRING content pointer. That means that for example:

+ +
ASN1_OCTET_STRING **pconf = CMS_get0_content(cms);
+ +

*pconf could be NULL if there is no embedded content. Applications can access, modify or create the embedded content in a CMS_ContentInfo structure using this function. Applications usually will not need to modify the embedded content as it is normally set by higher level functions.

+ +

RETURN VALUES

+ +

CMS_get0_type() and CMS_get0_eContentType() return an ASN1_OBJECT structure.

+ +

CMS_set1_eContentType() returns 1 for success or 0 if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_get1_ReceiptRequest.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_get1_ReceiptRequest.html new file mode 100644 index 00000000..da08c1a4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_get1_ReceiptRequest.html @@ -0,0 +1,82 @@ + + + + +CMS_get1_ReceiptRequest + + + + + + + + + + +

NAME

+ +

CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values - CMS signed receipt request functions

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+                                               int allorfirst,
+                                               STACK_OF(GENERAL_NAMES) *receiptList,
+                                               STACK_OF(GENERAL_NAMES) *receiptsTo);
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
+                                    int *pallorfirst,
+                                    STACK_OF(GENERAL_NAMES) **plist,
+                                    STACK_OF(GENERAL_NAMES) **prto);
+ +

DESCRIPTION

+ +

CMS_ReceiptRequest_create0() creates a signed receipt request structure. The signedContentIdentifier field is set using id and idlen, or it is set to 32 bytes of pseudo random data if id is NULL. If receiptList is NULL the allOrFirstTier option in receiptsFrom is used and set to the value of the allorfirst parameter. If receiptList is not NULL the receiptList option in receiptsFrom is used. The receiptsTo parameter specifies the receiptsTo field value.

+ +

The CMS_add1_ReceiptRequest() function adds a signed receipt request rr to SignerInfo structure si.

+ +

int CMS_get1_ReceiptRequest() looks for a signed receipt request in si, if any is found it is decoded and written to prr.

+ +

CMS_ReceiptRequest_get0_values() retrieves the values of a receipt request. The signedContentIdentifier is copied to pcid. If the allOrFirstTier option of receiptsFrom is used its value is copied to pallorfirst otherwise the receiptList field is copied to plist. The receiptsTo parameter is copied to prto.

+ +

NOTES

+ +

For more details of the meaning of the fields see RFC2634.

+ +

The contents of a signed receipt should only be considered meaningful if the corresponding CMS_ContentInfo structure can be successfully verified using CMS_verify().

+ +

RETURN VALUES

+ +

CMS_ReceiptRequest_create0() returns a signed receipt request structure or NULL if an error occurred.

+ +

CMS_add1_ReceiptRequest() returns 1 for success or 0 if an error occurred.

+ +

CMS_get1_ReceiptRequest() returns 1 is a signed receipt request is found and decoded. It returns 0 if a signed receipt request is not present and -1 if it is present but malformed.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_sign_receipt(3), CMS_verify(3) CMS_verify_receipt(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_sign.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_sign.html new file mode 100644 index 00000000..66ecd5f3 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_sign.html @@ -0,0 +1,104 @@ + + + + +CMS_sign + + + + + + + + + + +

NAME

+ +

CMS_sign - create a CMS SignedData structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                          BIO *data, unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_sign() creates and returns a CMS SignedData structure. signcert is the certificate to sign with, pkey is the corresponding private key. certs is an optional additional set of certificates to include in the CMS structure (for example any intermediate CAs in the chain). Any or all of these parameters can be NULL, see NOTES below.

+ +

The data to be signed is read from BIO data.

+ +

flags is an optional set of flags.

+ +

NOTES

+ +

Any of the following flags (ored together) can be passed in the flags parameter.

+ +

Many S/MIME clients expect the signed content to include valid MIME headers. If the CMS_TEXT flag is set MIME headers for type text/plain are prepended to the data.

+ +

If CMS_NOCERTS is set the signer's certificate will not be included in the CMS_ContentInfo structure, the signer's certificate must still be supplied in the signcert parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message.

+ +

The data being signed is included in the CMS_ContentInfo structure, unless CMS_DETACHED is set in which case it is omitted. This is used for CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed messages for example.

+ +

Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) if CMS_BINARY is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it.

+ +

The SignedData structure includes several CMS signedAttributes including the signing time, the CMS content type and the supported list of ciphers in an SMIMECapabilities attribute. If CMS_NOATTR is set then no signedAttributes will be used. If CMS_NOSMIMECAP is set then just the SMIMECapabilities are omitted.

+ +

If present the SMIMECapabilities attribute indicates support for the following algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is not loaded.

+ +

OpenSSL will by default identify signing certificates using issuer name and serial number. If CMS_USE_KEYID is set it will use the subject key identifier value instead. An error occurs if the signing certificate does not have a subject key identifier extension.

+ +

If the flags CMS_STREAM is set then the returned CMS_ContentInfo structure is just initialized ready to perform the signing operation. The signing is however not performed and the data to be signed is not read from the data parameter. Signing is deferred until after the data has been written. In this way data can be signed in a single pass.

+ +

If the CMS_PARTIAL flag is set a partial CMS_ContentInfo structure is output to which additional signers and capabilities can be added before finalization.

+ +

If the flag CMS_STREAM is set the returned CMS_ContentInfo structure is not complete and outputting its contents via a function that does not properly finalize the CMS_ContentInfo structure will give unpredictable results.

+ +

Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization can be performed by obtaining the streaming ASN1 BIO directly using BIO_new_CMS().

+ +

If a signer is specified it will use the default digest for the signing algorithm. This is SHA1 for both RSA and DSA keys.

+ +

If signcert and pkey are NULL then a certificates only CMS structure is output.

+ +

The function CMS_sign() is a basic CMS signing function whose output will be suitable for many purposes. For finer control of the output format the certs, signcert and pkey parameters can all be NULL and the CMS_PARTIAL flag set. Then one or more signers can be added using the function CMS_sign_add1_signer(), non default digests can be used and custom attributes added. CMS_final() must then be called to finalize the structure if streaming is not enabled.

+ +

BUGS

+ +

Some attributes such as counter signatures are not supported.

+ +

RETURN VALUES

+ +

CMS_sign() returns either a valid CMS_ContentInfo structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_verify(3)

+ +

HISTORY

+ +

The CMS_STREAM flag is only supported for detached data in OpenSSL 0.9.8, it is supported for embedded data in OpenSSL 1.0.0 and later.

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_sign_receipt.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_sign_receipt.html new file mode 100644 index 00000000..e77d654c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_sign_receipt.html @@ -0,0 +1,65 @@ + + + + +CMS_sign_receipt + + + + + + + + + + +

NAME

+ +

CMS_sign_receipt - create a CMS signed receipt

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert,
+                                  EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                                  unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_sign_receipt() creates and returns a CMS signed receipt structure. si is the CMS_SignerInfo structure containing the signed receipt request. signcert is the certificate to sign with, pkey is the corresponding private key. certs is an optional additional set of certificates to include in the CMS structure (for example any intermediate CAs in the chain).

+ +

flags is an optional set of flags.

+ +

NOTES

+ +

This functions behaves in a similar way to CMS_sign() except the flag values CMS_DETACHED, CMS_BINARY, CMS_NOATTR, CMS_TEXT and CMS_STREAM are not supported since they do not make sense in the context of signed receipts.

+ +

RETURN VALUES

+ +

CMS_sign_receipt() returns either a valid CMS_ContentInfo structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_verify_receipt(3), CMS_sign(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_uncompress.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_uncompress.html new file mode 100644 index 00000000..ed1f08ea --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_uncompress.html @@ -0,0 +1,74 @@ + + + + +CMS_uncompress + + + + + + + + + + +

NAME

+ +

CMS_uncompress - uncompress a CMS CompressedData structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_uncompress() extracts and uncompresses the content from a CMS CompressedData structure cms. data is a BIO to write the content to and flags is an optional set of flags.

+ +

The dcont parameter is used in the rare case where the compressed content is detached. It will normally be set to NULL.

+ +

NOTES

+ +

The only currently supported compression algorithm is zlib: if the structure indicates the use of any other algorithm an error is returned.

+ +

If zlib support is not compiled into OpenSSL then CMS_uncompress() will always return an error.

+ +

The following flags can be passed in the flags parameter.

+ +

If the CMS_TEXT flag is set MIME headers for type text/plain are deleted from the content. If the content is not of type text/plain then an error is returned.

+ +

RETURN VALUES

+ +

CMS_uncompress() returns either 1 for success or 0 for failure. The error can be obtained from ERR_get_error(3)

+ +

BUGS

+ +

The lack of single pass processing and the need to hold all data in memory as mentioned in CMS_verify() also applies to CMS_decompress().

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_compress(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_verify.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_verify.html new file mode 100644 index 00000000..8f37373c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_verify.html @@ -0,0 +1,114 @@ + + + + +CMS_verify + + + + + + + + + + +

NAME

+ +

CMS_verify, CMS_get0_signers - verify a CMS SignedData structure

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store,
+               BIO *indata, BIO *out, unsigned int flags);
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
+ +

DESCRIPTION

+ +

CMS_verify() verifies a CMS SignedData structure. cms is the CMS_ContentInfo structure to verify. certs is a set of certificates in which to search for the signing certificate(s). store is a trusted certificate store used for chain verification. indata is the detached content if the content is not present in cms. The content is written to out if it is not NULL.

+ +

flags is an optional set of flags, which can be used to modify the verify operation.

+ +

CMS_get0_signers() retrieves the signing certificate(s) from cms, it must be called after a successful CMS_verify() operation.

+ +

VERIFY PROCESS

+ +

Normally the verify process proceeds as follows.

+ +

Initially some sanity checks are performed on cms. The type of cms must be SignedData. There must be at least one signature on the data and if the content is detached indata cannot be NULL.

+ +

An attempt is made to locate all the signing certificate(s), first looking in the certs parameter (if it is not NULL) and then looking in any certificates contained in the cms structure itself. If any signing certificate cannot be located the operation fails.

+ +

Each signing certificate is chain verified using the smimesign purpose and the supplied trusted certificate store. Any internal certificates in the message are used as untrusted CAs. If CRL checking is enabled in store any internal CRLs are used in addition to attempting to look them up in store. If any chain verify fails an error code is returned.

+ +

Finally the signed content is read (and written to out if it is not NULL) and the signature's checked.

+ +

If all signature's verify correctly then the function is successful.

+ +

Any of the following flags (ored together) can be passed in the flags parameter to change the default verify behaviour.

+ +

If CMS_NOINTERN is set the certificates in the message itself are not searched when locating the signing certificate(s). This means that all the signing certificates must be in the certs parameter.

+ +

If CMS_NOCRL is set and CRL checking is enabled in store then any CRLs in the message itself are ignored.

+ +

If the CMS_TEXT flag is set MIME headers for type text/plain are deleted from the content. If the content is not of type text/plain then an error is returned.

+ +

If CMS_NO_SIGNER_CERT_VERIFY is set the signing certificates are not verified.

+ +

If CMS_NO_ATTR_VERIFY is set the signed attributes signature is not verified.

+ +

If CMS_NO_CONTENT_VERIFY is set then the content digest is not checked.

+ +

NOTES

+ +

One application of CMS_NOINTERN is to only accept messages signed by a small number of certificates. The acceptable certificates would be passed in the certs parameter. In this case if the signer is not one of the certificates supplied in certs then the verify will fail because the signer cannot be found.

+ +

In some cases the standard techniques for looking up and validating certificates are not appropriate: for example an application may wish to lookup certificates in a database or perform customised verification. This can be achieved by setting and verifying the signers certificates manually using the signed data utility functions.

+ +

Care should be taken when modifying the default verify behaviour, for example setting CMS_NO_CONTENT_VERIFY will totally disable all content verification and any modified content will be considered valid. This combination is however useful if one merely wishes to write the content to out and its validity is not considered important.

+ +

Chain verification should arguably be performed using the signing time rather than the current time. However since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp).

+ +

RETURN VALUES

+ +

CMS_verify() returns 1 for a successful verification and zero if an error occurred.

+ +

CMS_get0_signers() returns all signers or NULL if an error occurred.

+ +

The error can be obtained from ERR_get_error(3)

+ +

BUGS

+ +

The trusted certificate store is not searched for the signing certificate, this is primarily due to the inadequacies of the current X509_STORE functionality.

+ +

The lack of single pass processing means that the signed content must all be held in memory if it is not detached.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_verify_receipt.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_verify_receipt.html new file mode 100644 index 00000000..21b0e8df --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CMS_verify_receipt.html @@ -0,0 +1,67 @@ + + + + +CMS_verify_receipt + + + + + + + + + + +

NAME

+ +

CMS_verify_receipt - verify a CMS signed receipt

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+                       STACK_OF(X509) *certs, X509_STORE *store,
+                       unsigned int flags);
+ +

DESCRIPTION

+ +

CMS_verify_receipt() verifies a CMS signed receipt. rcms is the signed receipt to verify. ocms is the original SignedData structure containing the receipt request. certs is a set of certificates in which to search for the signing certificate. store is a trusted certificate store (used for chain verification).

+ +

flags is an optional set of flags, which can be used to modify the verify operation.

+ +

NOTES

+ +

This functions behaves in a similar way to CMS_verify() except the flag values CMS_DETACHED, CMS_BINARY, CMS_TEXT and CMS_STREAM are not supported since they do not make sense in the context of signed receipts.

+ +

RETURN VALUES

+ +

CMS_verify_receipt() returns 1 for a successful verification and zero if an error occurred.

+ +

The error can be obtained from ERR_get_error(3)

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign_receipt(3), CMS_verify(3),

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CONF_modules_free.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CONF_modules_free.html new file mode 100644 index 00000000..10a53ee2 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CONF_modules_free.html @@ -0,0 +1,72 @@ + + + + +CONF_modules_free + + + + + + + + + + +

NAME

+ +

CONF_modules_free, CONF_modules_finish, CONF_modules_unload - OpenSSL configuration cleanup functions

+ +

SYNOPSIS

+ +
#include <openssl/conf.h>
+
+void CONF_modules_finish(void);
+void CONF_modules_unload(int all);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10100000L
+void CONF_modules_free(void)
+#endif
+ +

DESCRIPTION

+ +

CONF_modules_free() closes down and frees up all memory allocated by all configuration modules. Normally, in versions of OpenSSL prior to 1.1.0, applications called CONF_modules_free() at exit to tidy up any configuration performed.

+ +

CONF_modules_finish() calls each configuration modules finish handler to free up any configuration that module may have performed.

+ +

CONF_modules_unload() finishes and unloads configuration modules. If all is set to 0 only modules loaded from DSOs will be unloads. If all is 1 all modules, including builtin modules will be unloaded.

+ +

RETURN VALUES

+ +

None of the functions return a value.

+ +

SEE ALSO

+ +

config(5), OPENSSL_config(3), CONF_modules_load_file(3)

+ +

HISTORY

+ +

CONF_modules_free() was deprecated in OpenSSL 1.1.0; do not use it. For more information see OPENSSL_init_crypto(3).

+ +

COPYRIGHT

+ +

Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CONF_modules_load_file.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CONF_modules_load_file.html new file mode 100644 index 00000000..82d5c546 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CONF_modules_load_file.html @@ -0,0 +1,137 @@ + + + + +CONF_modules_load_file + + + + + + + + + + +

NAME

+ +

CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions

+ +

SYNOPSIS

+ +
#include <openssl/conf.h>
+
+int CONF_modules_load_file(const char *filename, const char *appname,
+                           unsigned long flags);
+int CONF_modules_load(const CONF *cnf, const char *appname,
+                      unsigned long flags);
+ +

DESCRIPTION

+ +

The function CONF_modules_load_file() configures OpenSSL using file filename and application name appname. If filename is NULL the standard OpenSSL configuration file is used. If appname is NULL the standard OpenSSL application name openssl_conf is used. The behaviour can be customized using flags.

+ +

CONF_modules_load() is identical to CONF_modules_load_file() except it reads configuration information from cnf.

+ +

NOTES

+ +

The following flags are currently recognized:

+ +

If CONF_MFLAGS_IGNORE_ERRORS is set errors returned by individual configuration modules are ignored. If not set the first module error is considered fatal and no further modules are loaded.

+ +

Normally any modules errors will add error information to the error queue. If CONF_MFLAGS_SILENT is set no error information is added.

+ +

If CONF_MFLAGS_IGNORE_RETURN_CODES is set the function unconditionally returns success. This is used by default in OPENSSL_init_crypto(3) to ignore any errors in the default system-wide configuration file, as having all OpenSSL applications fail to start when there are potentially minor issues in the file is too risky. Applications calling CONF_modules_load_file explicitly should not generally set this flag.

+ +

If CONF_MFLAGS_NO_DSO is set configuration module loading from DSOs is disabled.

+ +

CONF_MFLAGS_IGNORE_MISSING_FILE if set will make CONF_load_modules_file() ignore missing configuration files. Normally a missing configuration file return an error.

+ +

CONF_MFLAGS_DEFAULT_SECTION if set and appname is not NULL will use the default section pointed to by openssl_conf if appname does not exist.

+ +

By using CONF_modules_load_file() with appropriate flags an application can customise application configuration to best suit its needs. In some cases the use of a configuration file is optional and its absence is not an error: in this case CONF_MFLAGS_IGNORE_MISSING_FILE would be set.

+ +

Errors during configuration may also be handled differently by different applications. For example in some cases an error may simply print out a warning message and the application continue. In other cases an application might consider a configuration file error as fatal and exit immediately.

+ +

Applications can use the CONF_modules_load() function if they wish to load a configuration file themselves and have finer control over how errors are treated.

+ +

RETURN VALUES

+ +

These functions return 1 for success and a zero or negative value for failure. If module errors are not ignored the return code will reflect the return value of the failing module (this will always be zero or negative).

+ +

EXAMPLES

+ +

Load a configuration file and print out any errors and exit (missing file considered fatal):

+ +
if (CONF_modules_load_file(NULL, NULL, 0) <= 0) {
+    fprintf(stderr, "FATAL: error loading configuration file\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+ +

Load default configuration file using the section indicated by "myapp", tolerate missing files, but exit on other errors:

+ +
if (CONF_modules_load_file(NULL, "myapp",
+                           CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+    fprintf(stderr, "FATAL: error loading configuration file\n");
+    ERR_print_errors_fp(stderr);
+    exit(1);
+}
+ +

Load custom configuration file and section, only print warnings on error, missing configuration file ignored:

+ +
if (CONF_modules_load_file("/something/app.cnf", "myapp",
+                           CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+    fprintf(stderr, "WARNING: error loading configuration file\n");
+    ERR_print_errors_fp(stderr);
+}
+ +

Load and parse configuration file manually, custom error handling:

+ +
FILE *fp;
+CONF *cnf = NULL;
+long eline;
+
+fp = fopen("/somepath/app.cnf", "r");
+if (fp == NULL) {
+    fprintf(stderr, "Error opening configuration file\n");
+    /* Other missing configuration file behaviour */
+} else {
+    cnf = NCONF_new(NULL);
+    if (NCONF_load_fp(cnf, fp, &eline) == 0) {
+        fprintf(stderr, "Error on line %ld of configuration file\n", eline);
+        ERR_print_errors_fp(stderr);
+        /* Other malformed configuration file behaviour */
+    } else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
+        fprintf(stderr, "Error configuring application\n");
+        ERR_print_errors_fp(stderr);
+        /* Other configuration error behaviour */
+    }
+    fclose(fp);
+    NCONF_free(cnf);
+}
+ +

SEE ALSO

+ +

config(5), OPENSSL_config(3)

+ +

COPYRIGHT

+ +

Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CRYPTO_THREAD_run_once.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CRYPTO_THREAD_run_once.html new file mode 100644 index 00000000..8a519eaa --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CRYPTO_THREAD_run_once.html @@ -0,0 +1,159 @@ + + + + +CRYPTO_THREAD_run_once + + + + + + + + + + +

NAME

+ +

CRYPTO_THREAD_run_once, CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock, CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add - OpenSSL thread support

+ +

SYNOPSIS

+ +
#include <openssl/crypto.h>
+
+CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT;
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
+ +

DESCRIPTION

+ +

OpenSSL can be safely used in multi-threaded applications provided that support for the underlying OS threading API is built-in. Currently, OpenSSL supports the pthread and Windows APIs. OpenSSL can also be built without any multi-threading support, for example on platforms that don't provide any threading support or that provide a threading API that is not yet supported by OpenSSL.

+ +

The following multi-threading function are provided:

+ +
    + +
  • CRYPTO_THREAD_run_once() can be used to perform one-time initialization. The once argument must be a pointer to a static object of type CRYPTO_ONCE that was statically initialized to the value CRYPTO_ONCE_STATIC_INIT. The init argument is a pointer to a function that performs the desired exactly once initialization. In particular, this can be used to allocate locks in a thread-safe manner, which can then be used with the locking functions below.

    + +
  • +
  • CRYPTO_THREAD_lock_new() allocates, initializes and returns a new read/write lock.

    + +
  • +
  • CRYPTO_THREAD_read_lock() locks the provided lock for reading.

    + +
  • +
  • CRYPTO_THREAD_write_lock() locks the provided lock for writing.

    + +
  • +
  • CRYPTO_THREAD_unlock() unlocks the previously locked lock.

    + +
  • +
  • CRYPTO_THREAD_lock_free() frees the provided lock.

    + +
  • +
  • CRYPTO_atomic_add() atomically adds amount to val and returns the result of the operation in ret. lock will be locked, unless atomic operations are supported on the specific platform. Because of this, if a variable is modified by CRYPTO_atomic_add() then CRYPTO_atomic_add() must be the only way that the variable is modified.

    + +
  • +
+ +

RETURN VALUES

+ +

CRYPTO_THREAD_run_once() returns 1 on success, or 0 on error.

+ +

CRYPTO_THREAD_lock_new() returns the allocated lock, or NULL on error.

+ +

CRYPTO_THREAD_lock_free() returns no value.

+ +

The other functions return 1 on success, or 0 on error.

+ +

NOTES

+ +

On Windows platforms the CRYPTO_THREAD_* types and functions in the openssl/crypto.h header are dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore it is defined as an application developer's responsibility to include windows.h prior to crypto.h where use of CRYPTO_THREAD_* types and functions is required.

+ +

EXAMPLES

+ +

This example safely initializes and uses a lock.

+ +
#ifdef _WIN32
+# include <windows.h>
+#endif
+#include <openssl/crypto.h>
+
+static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT;
+static CRYPTO_RWLOCK *lock;
+
+static void myinit(void)
+{
+    lock = CRYPTO_THREAD_lock_new();
+}
+
+static int mylock(void)
+{
+    if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL)
+        return 0;
+    return CRYPTO_THREAD_write_lock(lock);
+}
+
+static int myunlock(void)
+{
+    return CRYPTO_THREAD_unlock(lock);
+}
+
+int serialized(void)
+{
+    int ret = 0;
+
+    if (mylock()) {
+        /* Your code here, do not return without releasing the lock! */
+        ret = ... ;
+    }
+    myunlock();
+    return ret;
+}
+ +

Finalization of locks is an advanced topic, not covered in this example. This can only be done at process exit or when a dynamically loaded library is no longer in use and is unloaded. The simplest solution is to just "leak" the lock in applications and not repeatedly load/unload shared libraries that allocate locks.

+ +

NOTES

+ +

You can find out if OpenSSL was configured with thread support:

+ +
#include <openssl/opensslconf.h>
+#if defined(OPENSSL_THREADS)
+    /* thread support enabled */
+#else
+    /* no thread support */
+#endif
+ +

SEE ALSO

+ +

crypto(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CRYPTO_get_ex_new_index.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CRYPTO_get_ex_new_index.html new file mode 100644 index 00000000..b39927a4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CRYPTO_get_ex_new_index.html @@ -0,0 +1,129 @@ + + + + +CRYPTO_get_ex_new_index + + + + + + + + + + +

NAME

+ +

CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup, CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, CRYPTO_set_ex_data, CRYPTO_get_ex_data, CRYPTO_free_ex_data, CRYPTO_new_ex_data - functions supporting application-specific data

+ +

SYNOPSIS

+ +
#include <openssl/crypto.h>
+
+int CRYPTO_get_ex_new_index(int class_index,
+                            long argl, void *argp,
+                            CRYPTO_EX_new *new_func,
+                            CRYPTO_EX_dup *dup_func,
+                            CRYPTO_EX_free *free_func);
+
+typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                           int idx, long argl, void *argp);
+typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                            int idx, long argl, void *argp);
+typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                          void *from_d, int idx, long argl, void *argp);
+
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
+
+void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
+
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *r);
+
+int CRYPTO_free_ex_index(int class_index, int idx);
+ +

DESCRIPTION

+ +

Several OpenSSL structures can have application-specific data attached to them, known as "exdata." The specific structures are:

+ +
APP
+BIO
+DH
+DRBG
+DSA
+EC_KEY
+ENGINE
+RSA
+SSL
+SSL_CTX
+SSL_SESSION
+UI
+UI_METHOD
+X509
+X509_STORE
+X509_STORE_CTX
+ +

Each is identified by an CRYPTO_EX_INDEX_xxx define in the crypto.h header file. In addition, CRYPTO_EX_INDEX_APP is reserved for applications to use this facility for their own structures.

+ +

The API described here is used by OpenSSL to manipulate exdata for specific structures. Since the application data can be anything at all it is passed and retrieved as a void * type.

+ +

The CRYPTO_EX_DATA type is opaque. To initialize the exdata part of a structure, call CRYPTO_new_ex_data(). This is only necessary for CRYPTO_EX_INDEX_APP objects.

+ +

Exdata types are identified by an index, an integer guaranteed to be unique within structures for the lifetime of the program. Applications using exdata typically call CRYPTO_get_ex_new_index at startup, and store the result in a global variable, or write a wrapper function to provide lazy evaluation. The class_index should be one of the CRYPTO_EX_INDEX_xxx values. The argl and argp parameters are saved to be passed to the callbacks but are otherwise not used. In order to transparently manipulate exdata, three callbacks must be provided. The semantics of those callbacks are described below.

+ +

When copying or releasing objects with exdata, the callback functions are called in increasing order of their index value.

+ +

If a dynamic library can be unloaded, it should call CRYPTO_free_ex_index() when this is done. This will replace the callbacks with no-ops so that applications don't crash. Any existing exdata will be leaked.

+ +

To set or get the exdata on an object, the appropriate type-specific routine must be used. This is because the containing structure is opaque and the CRYPTO_EX_DATA field is not accessible. In both API's, the idx parameter should be an already-created index value.

+ +

When setting exdata, the pointer specified with a particular index is saved, and returned on a subsequent "get" call. If the application is going to release the data, it must make sure to set a NULL value at the index, to avoid likely double-free crashes.

+ +

The function CRYPTO_free_ex_data is used to free all exdata attached to a structure. The appropriate type-specific routine must be used. The class_index identifies the structure type, the obj is a pointer to the actual structure, and r is a pointer to the structure's exdata field.

+ +

Callback Functions

+ +

This section describes how the callback functions are used. Applications that are defining their own exdata using CYPRTO_EX_INDEX_APP must call them as described here.

+ +

When a structure is initially allocated (such as RSA_new()) then the new_func() is called for every defined index. There is no requirement that the entire parent, or containing, structure has been set up. The new_func() is typically used only to allocate memory to store the exdata, and perhaps an "initialized" flag within that memory. The exdata value should be set by calling CRYPTO_set_ex_data().

+ +

When a structure is free'd (such as SSL_CTX_free()) then the free_func() is called for every defined index. Again, the state of the parent structure is not guaranteed. The free_func() may be called with a NULL pointer.

+ +

Both new_func() and free_func() take the same parameters. The parent is the pointer to the structure that contains the exdata. The ptr is the current exdata item; for new_func() this will typically be NULL. The r parameter is a pointer to the exdata field of the object. The idx is the index and is the value returned when the callbacks were initially registered via CRYPTO_get_ex_new_index() and can be used if the same callback handles different types of exdata.

+ +

dup_func() is called when a structure is being copied. This is only done for SSL, SSL_SESSION, EC_KEY objects and BIO chains via BIO_dup_chain(). The to and from parameters are pointers to the destination and source CRYPTO_EX_DATA structures, respectively. The from_d parameter needs to be cast to a void **pptr as the API has currently the wrong signature; that will be changed in a future version. The *pptr is a pointer to the source exdata. When the dup_func() returns, the value in *pptr is copied to the destination ex_data. If the pointer contained in *pptr is not modified by the dup_func(), then both to and from will point to the same data. The idx, argl and argp parameters are as described for the other two callbacks. If the dup_func() returns 0 the whole CRYPTO_dup_ex_data() will fail.

+ +

RETURN VALUES

+ +

CRYPTO_get_ex_new_index() returns a new index or -1 on failure.

+ +

CRYPTO_free_ex_index() and CRYPTO_set_ex_data() return 1 on success or 0 on failure.

+ +

CRYPTO_get_ex_data() returns the application data or NULL on failure; note that NULL may be a valid value.

+ +

dup_func() should return 0 for failure and 1 for success.

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CRYPTO_memcmp.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CRYPTO_memcmp.html new file mode 100644 index 00000000..31a0228a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CRYPTO_memcmp.html @@ -0,0 +1,56 @@ + + + + +CRYPTO_memcmp + + + + + + + + + + +

NAME

+ +

CRYPTO_memcmp - Constant time memory comparison

+ +

SYNOPSIS

+ +
#include <openssl/crypto.h>
+
+int CRYPTO_memcmp(const void *a, const void *b, size_t len);
+ +

DESCRIPTION

+ +

The CRYPTO_memcmp function compares the len bytes pointed to by a and b for equality. It takes an amount of time dependent on len, but independent of the contents of the memory regions pointed to by a and b.

+ +

RETURN VALUES

+ +

CRYPTO_memcmp() returns 0 if the memory regions are equal and non-zero otherwise.

+ +

NOTES

+ +

Unlike memcmp(2), this function cannot be used to order the two memory regions as the return value when they differ is undefined, other than being non-zero.

+ +

COPYRIGHT

+ +

Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CTLOG_STORE_get0_log_by_id.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CTLOG_STORE_get0_log_by_id.html new file mode 100644 index 00000000..6db95676 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CTLOG_STORE_get0_log_by_id.html @@ -0,0 +1,65 @@ + + + + +CTLOG_STORE_get0_log_by_id + + + + + + + + + + +

NAME

+ +

CTLOG_STORE_get0_log_by_id - Get a Certificate Transparency log from a CTLOG_STORE

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
+                                        const uint8_t *log_id,
+                                        size_t log_id_len);
+ +

DESCRIPTION

+ +

A Signed Certificate Timestamp (SCT) identifies the Certificate Transparency (CT) log that issued it using the log's LogID (see RFC 6962, Section 3.2). Therefore, it is useful to be able to look up more information about a log (e.g. its public key) using this LogID.

+ +

CTLOG_STORE_get0_log_by_id() provides a way to do this. It will find a CTLOG in a CTLOG_STORE that has a given LogID.

+ +

RETURN VALUES

+ +

CTLOG_STORE_get0_log_by_id returns a CTLOG with the given LogID, if it exists in the given CTLOG_STORE, otherwise it returns NULL.

+ +

SEE ALSO

+ +

ct(7), CTLOG_STORE_new(3)

+ +

HISTORY

+ +

The CTLOG_STORE_get0_log_by_id() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CTLOG_STORE_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CTLOG_STORE_new.html new file mode 100644 index 00000000..b2a22a62 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CTLOG_STORE_new.html @@ -0,0 +1,86 @@ + + + + +CTLOG_STORE_new + + + + + + + + + + +

NAME

+ +

CTLOG_STORE_new, CTLOG_STORE_free, CTLOG_STORE_load_default_file, CTLOG_STORE_load_file - Create and populate a Certificate Transparency log list

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+CTLOG_STORE *CTLOG_STORE_new(void);
+void CTLOG_STORE_free(CTLOG_STORE *store);
+
+int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
+int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
+ +

DESCRIPTION

+ +

A CTLOG_STORE is a container for a list of CTLOGs (Certificate Transparency logs). The list can be loaded from one or more files and then searched by LogID (see RFC 6962, Section 3.2, for the definition of a LogID).

+ +

CTLOG_STORE_new() creates an empty list of CT logs. This is then populated by CTLOG_STORE_load_default_file() or CTLOG_STORE_load_file(). CTLOG_STORE_load_default_file() loads from the default file, which is named "ct_log_list.cnf" in OPENSSLDIR (see the output of version). This can be overridden using an environment variable named "CTLOG_FILE". CTLOG_STORE_load_file() loads from a caller-specified file path instead. Both of these functions append any loaded CT logs to the CTLOG_STORE.

+ +

The expected format of the file is:

+ +
enabled_logs=foo,bar
+
+[foo]
+description = Log 1
+key = <base64-encoded DER SubjectPublicKeyInfo here>
+
+[bar]
+description = Log 2
+key = <base64-encoded DER SubjectPublicKeyInfo here>
+ +

Once a CTLOG_STORE is no longer required, it should be passed to CTLOG_STORE_free(). This will delete all of the CTLOGs stored within, along with the CTLOG_STORE itself.

+ +

NOTES

+ +

If there are any invalid CT logs in a file, they are skipped and the remaining valid logs will still be added to the CTLOG_STORE. A CT log will be considered invalid if it is missing a "key" or "description" field.

+ +

RETURN VALUES

+ +

Both CTLOG_STORE_load_default_file and CTLOG_STORE_load_file return 1 if all CT logs in the file are successfully parsed and loaded, 0 otherwise.

+ +

SEE ALSO

+ +

ct(7), CTLOG_STORE_get0_log_by_id(3), SSL_CTX_set_ctlog_list_file(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CTLOG_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CTLOG_new.html new file mode 100644 index 00000000..4a3c641b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CTLOG_new.html @@ -0,0 +1,80 @@ + + + + +CTLOG_new + + + + + + + + + + +

NAME

+ +

CTLOG_new, CTLOG_new_from_base64, CTLOG_free, CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key - encapsulates information about a Certificate Transparency log

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
+int CTLOG_new_from_base64(CTLOG ** ct_log,
+                          const char *pkey_base64, const char *name);
+void CTLOG_free(CTLOG *log);
+const char *CTLOG_get0_name(const CTLOG *log);
+void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
+                       size_t *log_id_len);
+EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
+ +

DESCRIPTION

+ +

CTLOG_new() returns a new CTLOG that represents the Certificate Transparency (CT) log with the given public key. A name must also be provided that can be used to help users identify this log. Ownership of the public key is transferred.

+ +

CTLOG_new_from_base64() also creates a new CTLOG, but takes the public key in base64-encoded DER form and sets the ct_log pointer to point to the new CTLOG. The base64 will be decoded and the public key parsed.

+ +

Regardless of whether CTLOG_new() or CTLOG_new_from_base64() is used, it is the caller's responsibility to pass the CTLOG to CTLOG_free() once it is no longer needed. This will delete it and, if created by CTLOG_new(), the EVP_PKEY that was passed to it.

+ +

CTLOG_get0_name() returns the name of the log, as provided when the CTLOG was created. Ownership of the string remains with the CTLOG.

+ +

CTLOG_get0_log_id() sets *log_id to point to a string containing that log's LogID (see RFC 6962). It sets *log_id_len to the length of that LogID. For a v1 CT log, the LogID will be a SHA-256 hash (i.e. 32 bytes long). Ownership of the string remains with the CTLOG.

+ +

CTLOG_get0_public_key() returns the public key of the CT log. Ownership of the EVP_PKEY remains with the CTLOG.

+ +

RETURN VALUES

+ +

CTLOG_new() will return NULL if an error occurs.

+ +

CTLOG_new_from_base64() will return 1 on success, 0 otherwise.

+ +

SEE ALSO

+ +

ct(7)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/CT_POLICY_EVAL_CTX_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/CT_POLICY_EVAL_CTX_new.html new file mode 100644 index 00000000..5b3fbb7d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/CT_POLICY_EVAL_CTX_new.html @@ -0,0 +1,126 @@ + + + + +CT_POLICY_EVAL_CTX_new + + + + + + + + + + +

NAME

+ +

CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free, CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert, CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer, CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE, CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time - Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
+void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
+X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
+X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
+const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
+void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+                                               CTLOG_STORE *log_store);
+uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx);
+void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms);
+ +

DESCRIPTION

+ +

A CT_POLICY_EVAL_CTX is used by functions that evaluate whether Signed Certificate Timestamps (SCTs) fulfil a Certificate Transparency (CT) policy. This policy may be, for example, that at least one valid SCT is available. To determine this, an SCT's timestamp and signature must be verified. This requires:

+ +
    + +
  • the public key of the log that issued the SCT

    + +
  • +
  • the certificate that the SCT was issued for

    + +
  • +
  • the issuer certificate (if the SCT was issued for a pre-certificate)

    + +
  • +
  • the current time

    + +
  • +
+ +

The above requirements are met using the setters described below.

+ +

CT_POLICY_EVAL_CTX_new() creates an empty policy evaluation context. This should then be populated using:

+ +
    + +
  • CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs were issued for

    + +

    Increments the reference count of the certificate.

    + +
  • +
  • CT_POLICY_EVAL_CTX_set1_issuer() to provide the issuer certificate

    + +

    Increments the reference count of the certificate.

    + +
  • +
  • CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE() to provide a list of logs that are trusted as sources of SCTs

    + +

    Holds a pointer to the CTLOG_STORE, so the CTLOG_STORE must outlive the CT_POLICY_EVAL_CTX.

    + +
  • +
  • CT_POLICY_EVAL_CTX_set_time() to set the time SCTs should be compared with to determine if they are valid

    + +

    The SCT timestamp will be compared to this time to check whether the SCT was issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose timestamp is in the future". By default, this will be set to 5 minutes in the future (e.g. (time() + 300) * 1000), to allow for clock drift.

    + +

    The time should be in milliseconds since the Unix epoch.

    + +
  • +
+ +

Each setter has a matching getter for accessing the current value.

+ +

When no longer required, the CT_POLICY_EVAL_CTX should be passed to CT_POLICY_EVAL_CTX_free() to delete it.

+ +

NOTES

+ +

The issuer certificate only needs to be provided if at least one of the SCTs was issued for a pre-certificate. This will be the case for SCTs embedded in a certificate (i.e. those in an X.509 extension), but may not be the case for SCTs found in the TLS SCT extension or OCSP response.

+ +

RETURN VALUES

+ +

CT_POLICY_EVAL_CTX_new() will return NULL if malloc fails.

+ +

SEE ALSO

+ +

ct(7)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DEFINE_STACK_OF.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DEFINE_STACK_OF.html new file mode 100644 index 00000000..9cc97517 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DEFINE_STACK_OF.html @@ -0,0 +1,197 @@ + + + + +DEFINE_STACK_OF + + + + + + + + + + +

NAME

+ +

DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, DEFINE_SPECIAL_STACK_OF_CONST, sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, sk_TYPE_reserve, sk_TYPE_free, sk_TYPE_zero, sk_TYPE_delete, sk_TYPE_delete_ptr, sk_TYPE_push, sk_TYPE_unshift, sk_TYPE_pop, sk_TYPE_shift, sk_TYPE_pop_free, sk_TYPE_insert, sk_TYPE_set, sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort, sk_TYPE_is_sorted, sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func, sk_TYPE_new_reserve - stack container

+ +

SYNOPSIS

+ +
#include <openssl/safestack.h>
+
+STACK_OF(TYPE)
+DEFINE_STACK_OF(TYPE)
+DEFINE_STACK_OF_CONST(TYPE)
+DEFINE_SPECIAL_STACK_OF(FUNCTYPE, TYPE)
+DEFINE_SPECIAL_STACK_OF_CONST(FUNCTYPE, TYPE)
+
+typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b);
+typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a);
+typedef void (*sk_TYPE_freefunc)(TYPE *a);
+
+int sk_TYPE_num(const STACK_OF(TYPE) *sk);
+TYPE *sk_TYPE_value(const STACK_OF(TYPE) *sk, int idx);
+STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare);
+STACK_OF(TYPE) *sk_TYPE_new_null(void);
+int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n);
+void sk_TYPE_free(const STACK_OF(TYPE) *sk);
+void sk_TYPE_zero(const STACK_OF(TYPE) *sk);
+TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i);
+TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr);
+int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr);
+int sk_TYPE_unshift(STACK_OF(TYPE) *sk, const TYPE *ptr);
+TYPE *sk_TYPE_pop(STACK_OF(TYPE) *sk);
+TYPE *sk_TYPE_shift(STACK_OF(TYPE) *sk);
+void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc);
+int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx);
+TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, const TYPE *ptr);
+int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr);
+int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr);
+void sk_TYPE_sort(const STACK_OF(TYPE) *sk);
+int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk);
+STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk);
+STACK_OF(TYPE) *sk_TYPE_deep_copy(const STACK_OF(TYPE) *sk,
+                                  sk_TYPE_copyfunc copyfunc,
+                                  sk_TYPE_freefunc freefunc);
+sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk,
+                                        sk_TYPE_compfunc compare));
+STACK_OF(TYPE) *sk_TYPE_new_reserve(sk_TYPE_compfunc compare, int n);
+ +

DESCRIPTION

+ +

Applications can create and use their own stacks by placing any of the macros described below in a header file. These macros define typesafe inline functions that wrap around the utility OPENSSL_sk_ API. In the description here, TYPE is used as a placeholder for any of the OpenSSL datatypes, such as X509.

+ +

STACK_OF() returns the name for a stack of the specified TYPE. DEFINE_STACK_OF() creates set of functions for a stack of TYPE. This will mean that type TYPE is stored in each stack, the type is referenced by STACK_OF(TYPE) and each function name begins with sk_TYPE_. For example:

+ +
TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
+ +

DEFINE_STACK_OF_CONST() is identical to DEFINE_STACK_OF() except each element is constant. For example:

+ +
const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
+ +

DEFINE_SPECIAL_STACK_OF() defines a stack of TYPE but each function uses FUNCNAME in the function name. For example:

+ +
TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
+ +

DEFINE_SPECIAL_STACK_OF_CONST() is similar except that each element is constant:

+ +
const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
+ +

sk_TYPE_num() returns the number of elements in sk or -1 if sk is NULL.

+ +

sk_TYPE_value() returns element idx in sk, where idx starts at zero. If idx is out of range then NULL is returned.

+ +

sk_TYPE_new() allocates a new empty stack using comparison function compare. If compare is NULL then no comparison function is used. This function is equivalent to sk_TYPE_new_reserve(compare, 0).

+ +

sk_TYPE_new_null() allocates a new empty stack with no comparison function. This function is equivalent to sk_TYPE_new_reserve(NULL, 0).

+ +

sk_TYPE_reserve() allocates additional memory in the sk structure such that the next n calls to sk_TYPE_insert(), sk_TYPE_push() or sk_TYPE_unshift() will not fail or cause memory to be allocated or reallocated. If n is zero, any excess space allocated in the sk structure is freed. On error sk is unchanged.

+ +

sk_TYPE_new_reserve() allocates a new stack. The new stack will have additional memory allocated to hold n elements if n is positive. The next n calls to sk_TYPE_insert(), sk_TYPE_push() or sk_TYPE_unshift() will not fail or cause memory to be allocated or reallocated. If n is zero or less than zero, no memory is allocated. sk_TYPE_new_reserve() also sets the comparison function compare to the newly created stack. If compare is NULL then no comparison function is used.

+ +

sk_TYPE_set_cmp_func() sets the comparison function of sk to compare. The previous comparison function is returned or NULL if there was no previous comparison function.

+ +

sk_TYPE_free() frees up the sk structure. It does not free up any elements of sk. After this call sk is no longer valid.

+ +

sk_TYPE_zero() sets the number of elements in sk to zero. It does not free sk so after this call sk is still valid.

+ +

sk_TYPE_pop_free() frees up all elements of sk and sk itself. The free function freefunc() is called on each element to free it.

+ +

sk_TYPE_delete() deletes element i from sk. It returns the deleted element or NULL if i is out of range.

+ +

sk_TYPE_delete_ptr() deletes element matching ptr from sk. It returns the deleted element or NULL if no element matching ptr was found.

+ +

sk_TYPE_insert() inserts ptr into sk at position idx. Any existing elements at or after idx are moved downwards. If idx is out of range the new element is appended to sk. sk_TYPE_insert() either returns the number of elements in sk after the new element is inserted or zero if an error (such as memory allocation failure) occurred.

+ +

sk_TYPE_push() appends ptr to sk it is equivalent to:

+ +
sk_TYPE_insert(sk, ptr, -1);
+ +

sk_TYPE_unshift() inserts ptr at the start of sk it is equivalent to:

+ +
sk_TYPE_insert(sk, ptr, 0);
+ +

sk_TYPE_pop() returns and removes the last element from sk.

+ +

sk_TYPE_shift() returns and removes the first element from sk.

+ +

sk_TYPE_set() sets element idx of sk to ptr replacing the current element. The new element value is returned or NULL if an error occurred: this will only happen if sk is NULL or idx is out of range.

+ +

sk_TYPE_find() searches sk for the element ptr. In the case where no comparison function has been specified, the function performs a linear search for a pointer equal to ptr. The index of the first matching element is returned or -1 if there is no match. In the case where a comparison function has been specified, sk is sorted then sk_TYPE_find() returns the index of a matching element or -1 if there is no match. Note that, in this case, the matching element returned is not guaranteed to be the first; the comparison function will usually compare the values pointed to rather than the pointers themselves and the order of elements in sk could change.

+ +

sk_TYPE_find_ex() operates like sk_TYPE_find() except when a comparison function has been specified and no matching element is found. Instead of returning -1, sk_TYPE_find_ex() returns the index of the element either before or after the location where ptr would be if it were present in sk.

+ +

sk_TYPE_sort() sorts sk using the supplied comparison function.

+ +

sk_TYPE_is_sorted() returns 1 if sk is sorted and 0 otherwise.

+ +

sk_TYPE_dup() returns a copy of sk. Note the pointers in the copy are identical to the original.

+ +

sk_TYPE_deep_copy() returns a new stack where each element has been copied. Copying is performed by the supplied copyfunc() and freeing by freefunc(). The function freefunc() is only called if an error occurs.

+ +

NOTES

+ +

Care should be taken when accessing stacks in multi-threaded environments. Any operation which increases the size of a stack such as sk_TYPE_insert() or sk_push() can "grow" the size of an internal array and cause race conditions if the same stack is accessed in a different thread. Operations such as sk_find() and sk_sort() can also reorder the stack.

+ +

Any comparison function supplied should use a metric suitable for use in a binary search operation. That is it should return zero, a positive or negative value if a is equal to, greater than or less than b respectively.

+ +

Care should be taken when checking the return values of the functions sk_TYPE_find() and sk_TYPE_find_ex(). They return an index to the matching element. In particular 0 indicates a matching first element. A failed search is indicated by a -1 return value.

+ +

STACK_OF(), DEFINE_STACK_OF(), DEFINE_STACK_OF_CONST(), and DEFINE_SPECIAL_STACK_OF() are implemented as macros.

+ +

The underlying utility OPENSSL_sk_ API should not be used directly. It defines these functions: OPENSSL_sk_deep_copy(), OPENSSL_sk_delete(), OPENSSL_sk_delete_ptr(), OPENSSL_sk_dup(), OPENSSL_sk_find(), OPENSSL_sk_find_ex(), OPENSSL_sk_free(), OPENSSL_sk_insert(), OPENSSL_sk_is_sorted(), OPENSSL_sk_new(), OPENSSL_sk_new_null(), OPENSSL_sk_num(), OPENSSL_sk_pop(), OPENSSL_sk_pop_free(), OPENSSL_sk_push(), OPENSSL_sk_reserve(), OPENSSL_sk_set(), OPENSSL_sk_set_cmp_func(), OPENSSL_sk_shift(), OPENSSL_sk_sort(), OPENSSL_sk_unshift(), OPENSSL_sk_value(), OPENSSL_sk_zero().

+ +

RETURN VALUES

+ +

sk_TYPE_num() returns the number of elements in the stack or -1 if the passed stack is NULL.

+ +

sk_TYPE_value() returns a pointer to a stack element or NULL if the index is out of range.

+ +

sk_TYPE_new(), sk_TYPE_new_null() and sk_TYPE_new_reserve() return an empty stack or NULL if an error occurs.

+ +

sk_TYPE_reserve() returns 1 on successful allocation of the required memory or 0 on error.

+ +

sk_TYPE_set_cmp_func() returns the old comparison function or NULL if there was no old comparison function.

+ +

sk_TYPE_free(), sk_TYPE_zero(), sk_TYPE_pop_free() and sk_TYPE_sort() do not return values.

+ +

sk_TYPE_pop(), sk_TYPE_shift(), sk_TYPE_delete() and sk_TYPE_delete_ptr() return a pointer to the deleted element or NULL on error.

+ +

sk_TYPE_insert(), sk_TYPE_push() and sk_TYPE_unshift() return the total number of elements in the stack and 0 if an error occurred.

+ +

sk_TYPE_set() returns a pointer to the replacement element or NULL on error.

+ +

sk_TYPE_find() and sk_TYPE_find_ex() return an index to the found element or -1 on error.

+ +

sk_TYPE_is_sorted() returns 1 if the stack is sorted and 0 if it is not.

+ +

sk_TYPE_dup() and sk_TYPE_deep_copy() return a pointer to the copy of the stack.

+ +

HISTORY

+ +

Before OpenSSL 1.1.0, this was implemented via macros and not inline functions and was not a public API.

+ +

sk_TYPE_reserve() and sk_TYPE_new_reserve() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DES_random_key.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DES_random_key.html new file mode 100644 index 00000000..086cbefc --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DES_random_key.html @@ -0,0 +1,217 @@ + + + + +DES_random_key + + + + + + + + + + +

NAME

+ +

DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, DES_fcrypt, DES_crypt - DES encryption

+ +

SYNOPSIS

+ +
#include <openssl/des.h>
+
+void DES_random_key(DES_cblock *ret);
+
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
+
+void DES_set_odd_parity(DES_cblock *key);
+int DES_is_weak_key(const_DES_cblock *key);
+
+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+                     DES_key_schedule *ks, int enc);
+void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
+                      DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+                      DES_key_schedule *ks1, DES_key_schedule *ks2,
+                      DES_key_schedule *ks3, int enc);
+
+void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                      int enc);
+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
+                     int numbits, long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec, int enc);
+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
+                     int numbits, long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec);
+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                      int enc);
+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                       int *num, int enc);
+void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                       int *num);
+
+void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                      const_DES_cblock *inw, const_DES_cblock *outw, int enc);
+
+void DES_ede2_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                          long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_cblock *ivec, int enc);
+void DES_ede2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_cblock *ivec,
+                            int *num, int enc);
+void DES_ede2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_cblock *ivec, int *num);
+
+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                          long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_key_schedule *ks3,
+                          DES_cblock *ivec, int enc);
+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_key_schedule *ks3,
+                            DES_cblock *ivec, int *num, int enc);
+void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_key_schedule *ks3,
+                            DES_cblock *ivec, int *num);
+
+DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
+                       long length, DES_key_schedule *schedule,
+                       const_DES_cblock *ivec);
+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+                        long length, int out_count, DES_cblock *seed);
+void DES_string_to_key(const char *str, DES_cblock *key);
+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
+
+char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+char *DES_crypt(const char *buf, const char *salt);
+ +

DESCRIPTION

+ +

This library contains a fast implementation of the DES encryption algorithm.

+ +

There are two phases to the use of DES encryption. The first is the generation of a DES_key_schedule from a key, the second is the actual encryption. A DES key is of type DES_cblock. This type consists of 8 bytes with odd parity. The least significant bit in each byte is the parity bit. The key schedule is an expanded form of the key; it is used to speed the encryption process.

+ +

DES_random_key() generates a random key. The random generator must be seeded when calling this function. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail. If the function fails, 0 is returned.

+ +

Before a DES key can be used, it must be converted into the architecture dependent DES_key_schedule via the DES_set_key_checked() or DES_set_key_unchecked() function.

+ +

DES_set_key_checked() will check that the key passed is of odd parity and is not a weak or semi-weak key. If the parity is wrong, then -1 is returned. If the key is a weak key, then -2 is returned. If an error is returned, the key schedule is not generated.

+ +

DES_set_key() works like DES_set_key_checked() if the DES_check_key flag is non-zero, otherwise like DES_set_key_unchecked(). These functions are available for compatibility; it is recommended to use a function that does not depend on a global variable.

+ +

DES_set_odd_parity() sets the parity of the passed key to odd.

+ +

DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it is ok.

+ +

The following routines mostly operate on an input and output stream of DES_cblocks.

+ +

DES_ecb_encrypt() is the basic DES encryption routine that encrypts or decrypts a single 8-byte DES_cblock in electronic code book (ECB) mode. It always transforms the input data, pointed to by input, into the output data, pointed to by the output argument. If the encrypt argument is non-zero (DES_ENCRYPT), the input (cleartext) is encrypted in to the output (ciphertext) using the key_schedule specified by the schedule argument, previously set via DES_set_key. If encrypt is zero (DES_DECRYPT), the input (now ciphertext) is decrypted into the output (now cleartext). Input and output may overlap. DES_ecb_encrypt() does not return a value.

+ +

DES_ecb3_encrypt() encrypts/decrypts the input block by using three-key Triple-DES encryption in ECB mode. This involves encrypting the input with ks1, decrypting with the key schedule ks2, and then encrypting with ks3. This routine greatly reduces the chances of brute force breaking of DES and has the advantage of if ks1, ks2 and ks3 are the same, it is equivalent to just encryption using ECB mode and ks1 as the key.

+ +

The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES encryption by using ks1 for the final encryption.

+ +

DES_ncbc_encrypt() encrypts/decrypts using the cipher-block-chaining (CBC) mode of DES. If the encrypt argument is non-zero, the routine cipher-block-chain encrypts the cleartext data pointed to by the input argument into the ciphertext pointed to by the output argument, using the key schedule provided by the schedule argument, and initialization vector provided by the ivec argument. If the length argument is not an integral multiple of eight bytes, the last block is copied to a temporary area and zero filled. The output is always an integral multiple of eight bytes.

+ +

DES_xcbc_encrypt() is RSA's DESX mode of DES. It uses inw and outw to 'whiten' the encryption. inw and outw are secret (unlike the iv) and are as such, part of the key. So the key is sort of 24 bytes. This is much better than CBC DES.

+ +

DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with three keys. This means that each DES operation inside the CBC mode is C=E(ks3,D(ks2,E(ks1,M))). This mode is used by SSL.

+ +

The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by reusing ks1 for the final encryption. C=E(ks1,D(ks2,E(ks1,M))). This form of Triple-DES is used by the RSAREF library.

+ +

DES_pcbc_encrypt() encrypts/decrypts using the propagating cipher block chaining mode used by Kerberos v4. Its parameters are the same as DES_ncbc_encrypt().

+ +

DES_cfb_encrypt() encrypts/decrypts using cipher feedback mode. This method takes an array of characters as input and outputs an array of characters. It does not require any padding to 8 character groups. Note: the ivec variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs a complete DES ECB encryption per numbits, this function is only suggested for use when sending a small number of characters.

+ +

DES_cfb64_encrypt() implements CFB mode of DES with 64-bit feedback. Why is this useful you ask? Because this routine will allow you to encrypt an arbitrary number of bytes, without 8 byte padding. Each call to this routine will encrypt the input bytes to output and then update ivec and num. num contains 'how far' we are though ivec. If this does not make much sense, read more about CFB mode of DES.

+ +

DES_ede3_cfb64_encrypt() and DES_ede2_cfb64_encrypt() is the same as DES_cfb64_encrypt() except that Triple-DES is used.

+ +

DES_ofb_encrypt() encrypts using output feedback mode. This method takes an array of characters as input and outputs an array of characters. It does not require any padding to 8 character groups. Note: the ivec variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs a complete DES ECB encryption per numbits, this function is only suggested for use when sending a small number of characters.

+ +

DES_ofb64_encrypt() is the same as DES_cfb64_encrypt() using Output Feed Back mode.

+ +

DES_ede3_ofb64_encrypt() and DES_ede2_ofb64_encrypt() is the same as DES_ofb64_encrypt(), using Triple-DES.

+ +

The following functions are included in the DES library for compatibility with the MIT Kerberos library.

+ +

DES_cbc_cksum() produces an 8 byte checksum based on the input stream (via CBC encryption). The last 4 bytes of the checksum are returned and the complete 8 bytes are placed in output. This function is used by Kerberos v4. Other applications should use EVP_DigestInit(3) etc. instead.

+ +

DES_quad_cksum() is a Kerberos v4 function. It returns a 4 byte checksum from the input bytes. The algorithm can be iterated over the input, depending on out_count, 1, 2, 3 or 4 times. If output is non-NULL, the 8 bytes generated by each pass are written into output.

+ +

The following are DES-based transformations:

+ +

DES_fcrypt() is a fast version of the Unix crypt(3) function. This version takes only a small amount of space relative to other fast crypt() implementations. This is different to the normal crypt() in that the third parameter is the buffer that the return value is written into. It needs to be at least 14 bytes long. This function is thread safe, unlike the normal crypt().

+ +

DES_crypt() is a faster replacement for the normal system crypt(). This function calls DES_fcrypt() with a static array passed as the third parameter. This mostly emulates the normal non-thread-safe semantics of crypt(3). The salt must be two ASCII characters.

+ +

The values returned by DES_fcrypt() and DES_crypt() are terminated by NUL character.

+ +

DES_enc_write() writes len bytes to file descriptor fd from buffer buf. The data is encrypted via pcbc_encrypt (default) using sched for the key and iv as a starting vector. The actual data send down fd consists of 4 bytes (in network byte order) containing the length of the following encrypted data. The encrypted data then follows, padded with random data out to a multiple of 8 bytes.

+ +

BUGS

+ +

DES_cbc_encrypt() does not modify ivec; use DES_ncbc_encrypt() instead.

+ +

DES_cfb_encrypt() and DES_ofb_encrypt() operates on input of 8 bits. What this means is that if you set numbits to 12, and length to 2, the first 12 bits will come from the 1st input byte and the low half of the second input byte. The second 12 bits will have the low 8 bits taken from the 3rd input byte and the top 4 bits taken from the 4th input byte. The same holds for output. This function has been implemented this way because most people will be using a multiple of 8 and because once you get into pulling bytes input bytes apart things get ugly!

+ +

DES_string_to_key() is available for backward compatibility with the MIT library. New applications should use a cryptographic hash function. The same applies for DES_string_to_2key().

+ +

NOTES

+ +

The des library was written to be source code compatible with the MIT Kerberos library.

+ +

Applications should use the higher level functions EVP_EncryptInit(3) etc. instead of calling these functions directly.

+ +

Single-key DES is insecure due to its short key size. ECB mode is not suitable for most applications; see des_modes(7).

+ +

RETURN VALUES

+ +

DES_set_key(), DES_key_sched(), DES_set_key_checked() and DES_is_weak_key() return 0 on success or negative values on error.

+ +

DES_cbc_cksum() and DES_quad_cksum() return 4-byte integer representing the last 4 bytes of the checksum of the input.

+ +

DES_fcrypt() returns a pointer to the caller-provided buffer and DES_crypt() - to a static buffer on success; otherwise they return NULL.

+ +

SEE ALSO

+ +

des_modes(7), EVP_EncryptInit(3)

+ +

HISTORY

+ +

The requirement that the salt parameter to DES_crypt() and DES_fcrypt() be two ASCII characters was first enforced in OpenSSL 1.1.0. Previous versions tried to use the letter uppercase A if both character were not present, and could crash when given non-ASCII on some platforms.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_generate_key.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_generate_key.html new file mode 100644 index 00000000..07b78000 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_generate_key.html @@ -0,0 +1,66 @@ + + + + +DH_generate_key + + + + + + + + + + +

NAME

+ +

DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+int DH_generate_key(DH *dh);
+
+int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+ +

DESCRIPTION

+ +

DH_generate_key() performs the first step of a Diffie-Hellman key exchange by generating private and public DH values. By calling DH_compute_key(), these are combined with the other party's public value to compute the shared key.

+ +

DH_generate_key() expects dh to contain the shared parameters dh->p and dh->g. It generates a random private DH value unless dh->priv_key is already set, and computes the corresponding public value dh->pub_key, which can then be published.

+ +

DH_compute_key() computes the shared secret from the private DH value in dh and the other party's public value in pub_key and stores it in key. key must point to DH_size(dh) bytes of memory.

+ +

RETURN VALUES

+ +

DH_generate_key() returns 1 on success, 0 otherwise.

+ +

DH_compute_key() returns the size of the shared secret on success, -1 on error.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

DH_new(3), ERR_get_error(3), RAND_bytes(3), DH_size(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_generate_parameters.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_generate_parameters.html new file mode 100644 index 00000000..9338b659 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_generate_parameters.html @@ -0,0 +1,155 @@ + + + + +DH_generate_parameters + + + + + + + + + + +

NAME

+ +

DH_generate_parameters_ex, DH_generate_parameters, DH_check, DH_check_params, DH_check_ex, DH_check_params_ex, DH_check_pub_key_ex - generate and check Diffie-Hellman parameters

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb);
+
+int DH_check(DH *dh, int *codes);
+int DH_check_params(DH *dh, int *codes);
+
+int DH_check_ex(const DH *dh);
+int DH_check_params_ex(const DH *dh);
+int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x00908000L
+DH *DH_generate_parameters(int prime_len, int generator,
+                           void (*callback)(int, int, void *), void *cb_arg);
+#endif
+ +

DESCRIPTION

+ +

DH_generate_parameters_ex() generates Diffie-Hellman parameters that can be shared among a group of users, and stores them in the provided DH structure. The pseudo-random number generator must be seeded before calling it. The parameters generated by DH_generate_parameters_ex() should not be used in signature schemes.

+ +

prime_len is the length in bits of the safe prime to be generated. generator is a small number > 1, typically 2 or 5.

+ +

A callback function may be used to provide feedback about the progress of the key generation. If cb is not NULL, it will be called as described in BN_generate_prime(3) while a random prime number is generated, and when a prime has been found, BN_GENCB_call(cb, 3, 0) is called. See BN_generate_prime_ex(3) for information on the BN_GENCB_call() function.

+ +

DH_generate_parameters() is similar to DH_generate_prime_ex() but expects an old-style callback function; see BN_generate_prime(3) for information on the old-style callback.

+ +

DH_check_params() confirms that the p and g are likely enough to be valid. This is a lightweight check, if a more thorough check is needed, use DH_check(). The value of *codes is updated with any problems found. If *codes is zero then no problems were found, otherwise the following bits may be set:

+ +
+ +
DH_CHECK_P_NOT_PRIME
+
+ +

The parameter p has been determined to not being an odd prime. Note that the lack of this bit doesn't guarantee that p is a prime.

+ +
+
DH_NOT_SUITABLE_GENERATOR
+
+ +

The generator g is not suitable. Note that the lack of this bit doesn't guarantee that g is suitable, unless p is known to be a strong prime.

+ +
+
+ +

DH_check() confirms that the Diffie-Hellman parameters dh are valid. The value of *codes is updated with any problems found. If *codes is zero then no problems were found, otherwise the following bits may be set:

+ +
+ +
DH_CHECK_P_NOT_PRIME
+
+ +

The parameter p is not prime.

+ +
+
DH_CHECK_P_NOT_SAFE_PRIME
+
+ +

The parameter p is not a safe prime and no q value is present.

+ +
+
DH_UNABLE_TO_CHECK_GENERATOR
+
+ +

The generator g cannot be checked for suitability.

+ +
+
DH_NOT_SUITABLE_GENERATOR
+
+ +

The generator g is not suitable.

+ +
+
DH_CHECK_Q_NOT_PRIME
+
+ +

The parameter q is not prime.

+ +
+
DH_CHECK_INVALID_Q_VALUE
+
+ +

The parameter q is invalid.

+ +
+
DH_CHECK_INVALID_J_VALUE
+
+ +

The parameter j is invalid.

+ +
+
+ +

DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() are similar to DH_check() and DH_check_params() respectively, but the error reasons are added to the thread's error queue instead of provided as return values from the function.

+ +

RETURN VALUES

+ +

DH_generate_parameters_ex(), DH_check() and DH_check_params() return 1 if the check could be performed, 0 otherwise.

+ +

DH_generate_parameters() returns a pointer to the DH structure or NULL if the parameter generation fails.

+ +

DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() return 1 if the check is successful, 0 for failed.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

DH_new(3), ERR_get_error(3), RAND_bytes(3), DH_free(3)

+ +

HISTORY

+ +

DH_generate_parameters() was deprecated in OpenSSL 0.9.8; use DH_generate_parameters_ex() instead.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_get0_pqg.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_get0_pqg.html new file mode 100644 index 00000000..abeb59f0 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_get0_pqg.html @@ -0,0 +1,106 @@ + + + + +DH_get0_pqg + + + + + + + + + + +

NAME

+ +

DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, DH_get0_p, DH_get0_q, DH_get0_g, DH_get0_priv_key, DH_get0_pub_key, DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, DH_get_length, DH_set_length - Routines for getting and setting data in a DH object

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+void DH_get0_pqg(const DH *dh,
+                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DH_get0_key(const DH *dh,
+                 const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+const BIGNUM *DH_get0_p(const DH *dh);
+const BIGNUM *DH_get0_q(const DH *dh);
+const BIGNUM *DH_get0_g(const DH *dh);
+const BIGNUM *DH_get0_priv_key(const DH *dh);
+const BIGNUM *DH_get0_pub_key(const DH *dh);
+void DH_clear_flags(DH *dh, int flags);
+int DH_test_flags(const DH *dh, int flags);
+void DH_set_flags(DH *dh, int flags);
+ENGINE *DH_get0_engine(DH *d);
+long DH_get_length(const DH *dh);
+int DH_set_length(DH *dh, long length);
+ +

DESCRIPTION

+ +

A DH object contains the parameters p, q and g. Note that the q parameter is optional. It also contains a public key (pub_key) and (optionally) a private key (priv_key).

+ +

The p, q and g parameters can be obtained by calling DH_get0_pqg(). If the parameters have not yet been set then *p, *q and *g will be set to NULL. Otherwise they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed directly. Any of the out parameters p, q, and g can be NULL, in which case no value will be returned for that parameter.

+ +

The p, q and g values can be set by calling DH_set0_pqg() and passing the new values for p, q and g as parameters to the function. Calling this function transfers the memory management of the values to the DH object, and therefore the values that have been passed in should not be freed directly after this function has been called. The q parameter may be NULL.

+ +

To get the public and private key values use the DH_get0_key() function. A pointer to the public key will be stored in *pub_key, and a pointer to the private key will be stored in *priv_key. Either may be NULL if they have not been set yet, although if the private key has been set then the public key must be. The values point to the internal representation of the public key and private key values. This memory should not be freed directly. Any of the out parameters pub_key and priv_key can be NULL, in which case no value will be returned for that parameter.

+ +

The public and private key values can be set using DH_set0_key(). Either parameter may be NULL, which means the corresponding DH field is left untouched. As with DH_set0_pqg() this function transfers the memory management of the key values to the DH object, and therefore they should not be freed directly after this function has been called.

+ +

Any of the values p, q, g, priv_key, and pub_key can also be retrieved separately by the corresponding function DH_get0_p(), DH_get0_q(), DH_get0_g(), DH_get0_priv_key(), and DH_get0_pub_key(), respectively.

+ +

DH_set_flags() sets the flags in the flags parameter on the DH object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. DH_test_flags() tests to see whether the flags passed in the flags parameter are currently set in the DH object. Multiple flags can be tested in one go. All flags that are currently set are returned, or zero if none of the flags are set. DH_clear_flags() clears the specified flags within the DH object.

+ +

DH_get0_engine() returns a handle to the ENGINE that has been set for this DH object, or NULL if no such ENGINE has been set.

+ +

The DH_get_length() and DH_set_length() functions get and set the optional length parameter associated with this DH object. If the length is non-zero then it is used, otherwise it is ignored. The length parameter indicates the length of the secret exponent (private key) in bits.

+ +

NOTES

+ +

Values retrieved with DH_get0_key() are owned by the DH object used in the call and may therefore not be passed to DH_set0_key(). If needed, duplicate the received value using BN_dup() and pass the duplicate. The same applies to DH_get0_pqg() and DH_set0_pqg().

+ +

RETURN VALUES

+ +

DH_set0_pqg() and DH_set0_key() return 1 on success or 0 on failure.

+ +

DH_get0_p(), DH_get0_q(), DH_get0_g(), DH_get0_priv_key(), and DH_get0_pub_key() return the respective value, or NULL if it is unset.

+ +

DH_test_flags() returns the current state of the flags in the DH object.

+ +

DH_get0_engine() returns the ENGINE set for the DH object or NULL if no ENGINE has been set.

+ +

DH_get_length() returns the length of the secret exponent (private key) in bits, or zero if no such length has been explicitly set.

+ +

SEE ALSO

+ +

DH_new(3), DH_new(3), DH_generate_parameters(3), DH_generate_key(3), DH_set_method(3), DH_size(3), DH_meth_new(3)

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_get_1024_160.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_get_1024_160.html new file mode 100644 index 00000000..f810914f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_get_1024_160.html @@ -0,0 +1,71 @@ + + + + +DH_get_1024_160 + + + + + + + + + + +

NAME

+ +

DH_get_1024_160, DH_get_2048_224, DH_get_2048_256, BN_get0_nist_prime_192, BN_get0_nist_prime_224, BN_get0_nist_prime_256, BN_get0_nist_prime_384, BN_get0_nist_prime_521, BN_get_rfc2409_prime_768, BN_get_rfc2409_prime_1024, BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192 - Create standardized public primes or DH pairs

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+DH *DH_get_1024_160(void)
+DH *DH_get_2048_224(void)
+DH *DH_get_2048_256(void)
+
+const BIGNUM *BN_get0_nist_prime_192(void)
+const BIGNUM *BN_get0_nist_prime_224(void)
+const BIGNUM *BN_get0_nist_prime_256(void)
+const BIGNUM *BN_get0_nist_prime_384(void)
+const BIGNUM *BN_get0_nist_prime_521(void)
+
+BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn)
+BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn)
+BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn)
+ +

DESCRIPTION

+ +

DH_get_1024_160(), DH_get_2048_224(), and DH_get_2048_256() each return a DH object for the IETF RFC 5114 value.

+ +

BN_get0_nist_prime_192(), BN_get0_nist_prime_224(), BN_get0_nist_prime_256(), BN_get0_nist_prime_384(), and BN_get0_nist_prime_521() functions return a BIGNUM for the specific NIST prime curve (e.g., P-256).

+ +

BN_get_rfc2409_prime_768(), BN_get_rfc2409_prime_1024(), BN_get_rfc3526_prime_1536(), BN_get_rfc3526_prime_2048(), BN_get_rfc3526_prime_3072(), BN_get_rfc3526_prime_4096(), BN_get_rfc3526_prime_6144(), and BN_get_rfc3526_prime_8192() functions return a BIGNUM for the specified size from IETF RFC 2409. If bn is not NULL, the BIGNUM will be set into that location as well.

+ +

RETURN VALUES

+ +

Defined above.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_meth_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_meth_new.html new file mode 100644 index 00000000..f06d81b8 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_meth_new.html @@ -0,0 +1,135 @@ + + + + +DH_meth_new + + + + + + + + + + +

NAME

+ +

DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data, DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key, DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp, DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish, DH_meth_get_generate_params, DH_meth_set_generate_params - Routines to build up DH methods

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+DH_METHOD *DH_meth_new(const char *name, int flags);
+
+void DH_meth_free(DH_METHOD *dhm);
+
+DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
+
+const char *DH_meth_get0_name(const DH_METHOD *dhm);
+int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
+
+int DH_meth_get_flags(const DH_METHOD *dhm);
+int DH_meth_set_flags(DH_METHOD *dhm, int flags);
+
+void *DH_meth_get0_app_data(const DH_METHOD *dhm);
+int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
+
+int (*DH_meth_get_generate_key(const DH_METHOD *dhm))(DH *);
+int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key)(DH *));
+
+int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+    (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+int DH_meth_set_compute_key(DH_METHOD *dhm,
+    int (*compute_key)(unsigned char *key, const BIGNUM *pub_key, DH *dh));
+
+int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+    (const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+    int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
+                      const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                      BN_MONT_CTX *m_ctx));
+
+int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
+int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
+
+int (*DH_meth_get_finish(const DH_METHOD *dhm))(DH *);
+int DH_meth_set_finish(DH_METHOD *dhm, int (*finish)(DH *));
+
+int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+    (DH *, int, int, BN_GENCB *);
+int DH_meth_set_generate_params(DH_METHOD *dhm,
+    int (*generate_params)(DH *, int, int, BN_GENCB *));
+ +

DESCRIPTION

+ +

The DH_METHOD type is a structure used for the provision of custom DH implementations. It provides a set of functions used by OpenSSL for the implementation of the various DH capabilities.

+ +

DH_meth_new() creates a new DH_METHOD structure. It should be given a unique name and a set of flags. The name should be a NULL terminated string, which will be duplicated and stored in the DH_METHOD object. It is the callers responsibility to free the original string. The flags will be used during the construction of a new DH object based on this DH_METHOD. Any new DH object will have those flags set by default.

+ +

DH_meth_dup() creates a duplicate copy of the DH_METHOD object passed as a parameter. This might be useful for creating a new DH_METHOD based on an existing one, but with some differences.

+ +

DH_meth_free() destroys a DH_METHOD structure and frees up any memory associated with it.

+ +

DH_meth_get0_name() will return a pointer to the name of this DH_METHOD. This is a pointer to the internal name string and so should not be freed by the caller. DH_meth_set1_name() sets the name of the DH_METHOD to name. The string is duplicated and the copy is stored in the DH_METHOD structure, so the caller remains responsible for freeing the memory associated with the name.

+ +

DH_meth_get_flags() returns the current value of the flags associated with this DH_METHOD. DH_meth_set_flags() provides the ability to set these flags.

+ +

The functions DH_meth_get0_app_data() and DH_meth_set0_app_data() provide the ability to associate implementation specific data with the DH_METHOD. It is the application's responsibility to free this data before the DH_METHOD is freed via a call to DH_meth_free().

+ +

DH_meth_get_generate_key() and DH_meth_set_generate_key() get and set the function used for generating a new DH key pair respectively. This function will be called in response to the application calling DH_generate_key(). The parameter for the function has the same meaning as for DH_generate_key().

+ +

DH_meth_get_compute_key() and DH_meth_set_compute_key() get and set the function used for computing a new DH shared secret respectively. This function will be called in response to the application calling DH_compute_key(). The parameters for the function have the same meaning as for DH_compute_key().

+ +

DH_meth_get_bn_mod_exp() and DH_meth_set_bn_mod_exp() get and set the function used for computing the following value:

+ +
r = a ^ p mod m
+ +

This function will be called by the default OpenSSL function for DH_generate_key(). The result is stored in the r parameter. This function may be NULL unless using the default generate key function, in which case it must be present.

+ +

DH_meth_get_init() and DH_meth_set_init() get and set the function used for creating a new DH instance respectively. This function will be called in response to the application calling DH_new() (if the current default DH_METHOD is this one) or DH_new_method(). The DH_new() and DH_new_method() functions will allocate the memory for the new DH object, and a pointer to this newly allocated structure will be passed as a parameter to the function. This function may be NULL.

+ +

DH_meth_get_finish() and DH_meth_set_finish() get and set the function used for destroying an instance of a DH object respectively. This function will be called in response to the application calling DH_free(). A pointer to the DH to be destroyed is passed as a parameter. The destroy function should be used for DH implementation specific clean up. The memory for the DH itself should not be freed by this function. This function may be NULL.

+ +

DH_meth_get_generate_params() and DH_meth_set_generate_params() get and set the function used for generating DH parameters respectively. This function will be called in response to the application calling DH_generate_parameters_ex() (or DH_generate_parameters()). The parameters for the function have the same meaning as for DH_generate_parameters_ex(). This function may be NULL.

+ +

RETURN VALUES

+ +

DH_meth_new() and DH_meth_dup() return the newly allocated DH_METHOD object or NULL on failure.

+ +

DH_meth_get0_name() and DH_meth_get_flags() return the name and flags associated with the DH_METHOD respectively.

+ +

All other DH_meth_get_*() functions return the appropriate function pointer that has been set in the DH_METHOD, or NULL if no such pointer has yet been set.

+ +

DH_meth_set1_name() and all DH_meth_set_*() functions return 1 on success or 0 on failure.

+ +

SEE ALSO

+ +

DH_new(3), DH_new(3), DH_generate_parameters(3), DH_generate_key(3), DH_set_method(3), DH_size(3), DH_get0_pqg(3)

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_new.html new file mode 100644 index 00000000..336c9cf6 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_new.html @@ -0,0 +1,62 @@ + + + + +DH_new + + + + + + + + + + +

NAME

+ +

DH_new, DH_free - allocate and free DH objects

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+DH* DH_new(void);
+
+void DH_free(DH *dh);
+ +

DESCRIPTION

+ +

DH_new() allocates and initializes a DH structure.

+ +

DH_free() frees the DH structure and its components. The values are erased before the memory is returned to the system. If dh is NULL nothing is done.

+ +

RETURN VALUES

+ +

If the allocation fails, DH_new() returns NULL and sets an error code that can be obtained by ERR_get_error(3). Otherwise it returns a pointer to the newly allocated structure.

+ +

DH_free() returns no value.

+ +

SEE ALSO

+ +

DH_new(3), ERR_get_error(3), DH_generate_parameters(3), DH_generate_key(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_new_by_nid.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_new_by_nid.html new file mode 100644 index 00000000..035fd433 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_new_by_nid.html @@ -0,0 +1,55 @@ + + + + +DH_new_by_nid + + + + + + + + + + +

NAME

+ +

DH_new_by_nid, DH_get_nid - get or find DH named parameters

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+DH *DH_new_by_nid(int nid);
+int *DH_get_nid(const DH *dh);
+ +

DESCRIPTION

+ +

DH_new_by_nid() creates and returns a DH structure containing named parameters nid. Currently nid must be NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096, NID_ffdhe6144 or NID_ffdhe8192.

+ +

DH_get_nid() determines if the parameters contained in dh match any named set. It returns the NID corresponding to the matching parameters or NID_undef if there is no match.

+ +

RETURN VALUES

+ +

DH_new_by_nid() returns a set of DH parameters or NULL if an error occurred.

+ +

DH_get_nid() returns the NID of the matching set of parameters or NID_undef if there is no match.

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_set_method.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_set_method.html new file mode 100644 index 00000000..252a6480 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_set_method.html @@ -0,0 +1,82 @@ + + + + +DH_set_method + + + + + + + + + + +

NAME

+ +

DH_set_default_method, DH_get_default_method, DH_set_method, DH_new_method, DH_OpenSSL - select DH method

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+void DH_set_default_method(const DH_METHOD *meth);
+
+const DH_METHOD *DH_get_default_method(void);
+
+int DH_set_method(DH *dh, const DH_METHOD *meth);
+
+DH *DH_new_method(ENGINE *engine);
+
+const DH_METHOD *DH_OpenSSL(void);
+ +

DESCRIPTION

+ +

A DH_METHOD specifies the functions that OpenSSL uses for Diffie-Hellman operations. By modifying the method, alternative implementations such as hardware accelerators may be used. IMPORTANT: See the NOTES section for important information about how these DH API functions are affected by the use of ENGINE API calls.

+ +

Initially, the default DH_METHOD is the OpenSSL internal implementation, as returned by DH_OpenSSL().

+ +

DH_set_default_method() makes meth the default method for all DH structures created later. NB: This is true only whilst no ENGINE has been set as a default for DH, so this function is no longer recommended. This function is not thread-safe and should not be called at the same time as other OpenSSL functions.

+ +

DH_get_default_method() returns a pointer to the current default DH_METHOD. However, the meaningfulness of this result is dependent on whether the ENGINE API is being used, so this function is no longer recommended.

+ +

DH_set_method() selects meth to perform all operations using the key dh. This will replace the DH_METHOD used by the DH key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have DH keys that only work with certain DH_METHOD implementations (eg. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the DH_METHOD for the key can have unexpected results.

+ +

DH_new_method() allocates and initializes a DH structure so that engine will be used for the DH operations. If engine is NULL, the default ENGINE for DH operations is used, and if no default ENGINE is set, the DH_METHOD controlled by DH_set_default_method() is used.

+ +

A new DH_METHOD object may be constructed using DH_meth_new() (see DH_meth_new(3)).

+ +

RETURN VALUES

+ +

DH_OpenSSL() and DH_get_default_method() return pointers to the respective DH_METHODs.

+ +

DH_set_default_method() returns no value.

+ +

DH_set_method() returns non-zero if the provided meth was successfully set as the method for dh (including unloading the ENGINE handle if the previous method was supplied by an ENGINE).

+ +

DH_new_method() returns NULL and sets an error code that can be obtained by ERR_get_error(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure.

+ +

SEE ALSO

+ +

DH_new(3), DH_new(3), DH_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_size.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_size.html new file mode 100644 index 00000000..8bb1aa3b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DH_size.html @@ -0,0 +1,75 @@ + + + + +DH_size + + + + + + + + + + +

NAME

+ +

DH_size, DH_bits, DH_security_bits - get Diffie-Hellman prime size and security bits

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+int DH_size(const DH *dh);
+
+int DH_bits(const DH *dh);
+
+int DH_security_bits(const DH *dh);
+ +

DESCRIPTION

+ +

DH_size() returns the Diffie-Hellman prime size in bytes. It can be used to determine how much memory must be allocated for the shared secret computed by DH_compute_key(3).

+ +

DH_bits() returns the number of significant bits.

+ +

dh and dh->p must not be NULL.

+ +

DH_security_bits() returns the number of security bits of the given dh key. See BN_security_bits(3).

+ +

RETURN VALUES

+ +

DH_size() returns the prime size of Diffie-Hellman in bytes.

+ +

DH_bits() returns the number of bits in the key.

+ +

DH_security_bits() returns the number of security bits.

+ +

SEE ALSO

+ +

DH_new(3), DH_generate_key(3), BN_num_bits(3)

+ +

HISTORY

+ +

The DH_bits() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_SIG_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_SIG_new.html new file mode 100644 index 00000000..bcb1bc84 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_SIG_new.html @@ -0,0 +1,69 @@ + + + + +DSA_SIG_new + + + + + + + + + + +

NAME

+ +

DSA_SIG_get0, DSA_SIG_set0, DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+DSA_SIG *DSA_SIG_new(void);
+void DSA_SIG_free(DSA_SIG *a);
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+ +

DESCRIPTION

+ +

DSA_SIG_new() allocates an empty DSA_SIG structure.

+ +

DSA_SIG_free() frees the DSA_SIG structure and its components. The values are erased before the memory is returned to the system.

+ +

DSA_SIG_get0() returns internal pointers to the r and s values contained in sig.

+ +

The r and s values can be set by calling DSA_SIG_set0() and passing the new values for r and s as parameters to the function. Calling this function transfers the memory management of the values to the DSA_SIG object, and therefore the values that have been passed in should not be freed directly after this function has been called.

+ +

RETURN VALUES

+ +

If the allocation fails, DSA_SIG_new() returns NULL and sets an error code that can be obtained by ERR_get_error(3). Otherwise it returns a pointer to the newly allocated structure.

+ +

DSA_SIG_free() returns no value.

+ +

DSA_SIG_set0() returns 1 on success or 0 on failure.

+ +

SEE ALSO

+ +

DSA_new(3), ERR_get_error(3), DSA_do_sign(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_do_sign.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_do_sign.html new file mode 100644 index 00000000..62e99a71 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_do_sign.html @@ -0,0 +1,63 @@ + + + + +DSA_do_sign + + + + + + + + + + +

NAME

+ +

DSA_do_sign, DSA_do_verify - raw DSA signature operations

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+
+int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+                  DSA_SIG *sig, DSA *dsa);
+ +

DESCRIPTION

+ +

DSA_do_sign() computes a digital signature on the len byte message digest dgst using the private key dsa and returns it in a newly allocated DSA_SIG structure.

+ +

DSA_sign_setup(3) may be used to precompute part of the signing operation in case signature generation is time-critical.

+ +

DSA_do_verify() verifies that the signature sig matches a given message digest dgst of size len. dsa is the signer's public key.

+ +

RETURN VALUES

+ +

DSA_do_sign() returns the signature, NULL on error. DSA_do_verify() returns 1 for a valid signature, 0 for an incorrect signature and -1 on error. The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

DSA_new(3), ERR_get_error(3), RAND_bytes(3), DSA_SIG_new(3), DSA_sign(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_dup_DH.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_dup_DH.html new file mode 100644 index 00000000..f18c70e1 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_dup_DH.html @@ -0,0 +1,61 @@ + + + + +DSA_dup_DH + + + + + + + + + + +

NAME

+ +

DSA_dup_DH - create a DH structure out of DSA structure

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+DH *DSA_dup_DH(const DSA *r);
+ +

DESCRIPTION

+ +

DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q is lost during that conversion, but the resulting DH parameters contain its length.

+ +

RETURN VALUES

+ +

DSA_dup_DH() returns the new DH structure, and NULL on error. The error codes can be obtained by ERR_get_error(3).

+ +

NOTE

+ +

Be careful to avoid small subgroup attacks when using this.

+ +

SEE ALSO

+ +

DH_new(3), DSA_new(3), ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_generate_key.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_generate_key.html new file mode 100644 index 00000000..e535d8d0 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_generate_key.html @@ -0,0 +1,58 @@ + + + + +DSA_generate_key + + + + + + + + + + +

NAME

+ +

DSA_generate_key - generate DSA key pair

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+int DSA_generate_key(DSA *a);
+ +

DESCRIPTION

+ +

DSA_generate_key() expects a to contain DSA parameters. It generates a new key pair and stores it in a->pub_key and a->priv_key.

+ +

The random generator must be seeded prior to calling DSA_generate_key(). If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

RETURN VALUES

+ +

DSA_generate_key() returns 1 on success, 0 otherwise. The error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

DSA_new(3), ERR_get_error(3), RAND_bytes(3), DSA_generate_parameters_ex(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_generate_parameters.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_generate_parameters.html new file mode 100644 index 00000000..301678a5 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_generate_parameters.html @@ -0,0 +1,114 @@ + + + + +DSA_generate_parameters + + + + + + + + + + +

NAME

+ +

DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+int DSA_generate_parameters_ex(DSA *dsa, int bits,
+                               const unsigned char *seed, int seed_len,
+                               int *counter_ret, unsigned long *h_ret,
+                               BN_GENCB *cb);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x00908000L
+DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len,
+                             int *counter_ret, unsigned long *h_ret,
+                             void (*callback)(int, int, void *), void *cb_arg);
+#endif
+ +

DESCRIPTION

+ +

DSA_generate_parameters_ex() generates primes p and q and a generator g for use in the DSA and stores the result in dsa.

+ +

bits is the length of the prime p to be generated. For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits.

+ +

If seed is NULL, the primes will be generated at random. If seed_len is less than the length of q, an error is returned.

+ +

DSA_generate_parameters_ex() places the iteration count in *counter_ret and a counter used for finding a generator in *h_ret, unless these are NULL.

+ +

A callback function may be used to provide feedback about the progress of the key generation. If cb is not NULL, it will be called as shown below. For information on the BN_GENCB structure and the BN_GENCB_call function discussed below, refer to BN_generate_prime(3).

+ +

DSA_generate_prime() is similar to DSA_generate_prime_ex() but expects an old-style callback function; see BN_generate_prime(3) for information on the old-style callback.

+ +
    + +
  • When a candidate for q is generated, BN_GENCB_call(cb, 0, m++) is called (m is 0 for the first candidate).

    + +
  • +
  • When a candidate for q has passed a test by trial division, BN_GENCB_call(cb, 1, -1) is called. While a candidate for q is tested by Miller-Rabin primality tests, BN_GENCB_call(cb, 1, i) is called in the outer loop (once for each witness that confirms that the candidate may be prime); i is the loop counter (starting at 0).

    + +
  • +
  • When a prime q has been found, BN_GENCB_call(cb, 2, 0) and BN_GENCB_call(cb, 3, 0) are called.

    + +
  • +
  • Before a candidate for p (other than the first) is generated and tested, BN_GENCB_call(cb, 0, counter) is called.

    + +
  • +
  • When a candidate for p has passed the test by trial division, BN_GENCB_call(cb, 1, -1) is called. While it is tested by the Miller-Rabin primality test, BN_GENCB_call(cb, 1, i) is called in the outer loop (once for each witness that confirms that the candidate may be prime). i is the loop counter (starting at 0).

    + +
  • +
  • When p has been found, BN_GENCB_call(cb, 2, 1) is called.

    + +
  • +
  • When the generator has been found, BN_GENCB_call(cb, 3, 1) is called.

    + +
  • +
+ +

RETURN VALUES

+ +

DSA_generate_parameters_ex() returns a 1 on success, or 0 otherwise. The error codes can be obtained by ERR_get_error(3).

+ +

DSA_generate_parameters() returns a pointer to the DSA structure or NULL if the parameter generation fails.

+ +

BUGS

+ +

Seed lengths greater than 20 are not supported.

+ +

SEE ALSO

+ +

DSA_new(3), ERR_get_error(3), RAND_bytes(3), DSA_free(3), BN_generate_prime(3)

+ +

HISTORY

+ +

DSA_generate_parameters() was deprecated in OpenSSL 0.9.8; use DSA_generate_parameters_ex() instead.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_get0_pqg.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_get0_pqg.html new file mode 100644 index 00000000..10a918fe --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_get0_pqg.html @@ -0,0 +1,98 @@ + + + + +DSA_get0_pqg + + + + + + + + + + +

NAME

+ +

DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, DSA_get0_g, DSA_get0_pub_key, DSA_get0_priv_key, DSA_clear_flags, DSA_test_flags, DSA_set_flags, DSA_get0_engine - Routines for getting and setting data in a DSA object

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+void DSA_get0_pqg(const DSA *d,
+                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DSA_get0_key(const DSA *d,
+                  const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+const BIGNUM *DSA_get0_p(const DSA *d);
+const BIGNUM *DSA_get0_q(const DSA *d);
+const BIGNUM *DSA_get0_g(const DSA *d);
+const BIGNUM *DSA_get0_pub_key(const DSA *d);
+const BIGNUM *DSA_get0_priv_key(const DSA *d);
+void DSA_clear_flags(DSA *d, int flags);
+int DSA_test_flags(const DSA *d, int flags);
+void DSA_set_flags(DSA *d, int flags);
+ENGINE *DSA_get0_engine(DSA *d);
+ +

DESCRIPTION

+ +

A DSA object contains the parameters p, q and g. It also contains a public key (pub_key) and (optionally) a private key (priv_key).

+ +

The p, q and g parameters can be obtained by calling DSA_get0_pqg(). If the parameters have not yet been set then *p, *q and *g will be set to NULL. Otherwise they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed directly.

+ +

The p, q and g values can be set by calling DSA_set0_pqg() and passing the new values for p, q and g as parameters to the function. Calling this function transfers the memory management of the values to the DSA object, and therefore the values that have been passed in should not be freed directly after this function has been called.

+ +

To get the public and private key values use the DSA_get0_key() function. A pointer to the public key will be stored in *pub_key, and a pointer to the private key will be stored in *priv_key. Either may be NULL if they have not been set yet, although if the private key has been set then the public key must be. The values point to the internal representation of the public key and private key values. This memory should not be freed directly.

+ +

The public and private key values can be set using DSA_set0_key(). The public key must be non-NULL the first time this function is called on a given DSA object. The private key may be NULL. On subsequent calls, either may be NULL, which means the corresponding DSA field is left untouched. As for DSA_set0_pqg() this function transfers the memory management of the key values to the DSA object, and therefore they should not be freed directly after this function has been called.

+ +

Any of the values p, q, g, priv_key, and pub_key can also be retrieved separately by the corresponding function DSA_get0_p(), DSA_get0_q(), DSA_get0_g(), DSA_get0_priv_key(), and DSA_get0_pub_key(), respectively.

+ +

DSA_set_flags() sets the flags in the flags parameter on the DSA object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. DSA_test_flags() tests to see whether the flags passed in the flags parameter are currently set in the DSA object. Multiple flags can be tested in one go. All flags that are currently set are returned, or zero if none of the flags are set. DSA_clear_flags() clears the specified flags within the DSA object.

+ +

DSA_get0_engine() returns a handle to the ENGINE that has been set for this DSA object, or NULL if no such ENGINE has been set.

+ +

NOTES

+ +

Values retrieved with DSA_get0_key() are owned by the DSA object used in the call and may therefore not be passed to DSA_set0_key(). If needed, duplicate the received value using BN_dup() and pass the duplicate. The same applies to DSA_get0_pqg() and DSA_set0_pqg().

+ +

RETURN VALUES

+ +

DSA_set0_pqg() and DSA_set0_key() return 1 on success or 0 on failure.

+ +

DSA_test_flags() returns the current state of the flags in the DSA object.

+ +

DSA_get0_engine() returns the ENGINE set for the DSA object or NULL if no ENGINE has been set.

+ +

SEE ALSO

+ +

DSA_new(3), DSA_new(3), DSA_generate_parameters(3), DSA_generate_key(3), DSA_dup_DH(3), DSA_do_sign(3), DSA_set_method(3), DSA_SIG_new(3), DSA_sign(3), DSA_size(3), DSA_meth_new(3)

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_meth_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_meth_new.html new file mode 100644 index 00000000..50ad2d3b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_meth_new.html @@ -0,0 +1,171 @@ + + + + +DSA_meth_new + + + + + + + + + + +

NAME

+ +

DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign, DSA_meth_set_sign, DSA_meth_get_sign_setup, DSA_meth_set_sign_setup, DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen, DSA_meth_set_keygen - Routines to build up DSA methods

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+DSA_METHOD *DSA_meth_new(const char *name, int flags);
+
+void DSA_meth_free(DSA_METHOD *dsam);
+
+DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth);
+
+const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
+int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
+
+int DSA_meth_get_flags(const DSA_METHOD *dsam);
+int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
+
+void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
+int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
+
+DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))(const unsigned char *,
+                                                      int, DSA *);
+int DSA_meth_set_sign(DSA_METHOD *dsam, DSA_SIG *(*sign)(const unsigned char *,
+                                                         int, DSA *));
+
+int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))(DSA *, BN_CTX *,$
+                                                       BIGNUM **, BIGNUM **);
+int DSA_meth_set_sign_setup(DSA_METHOD *dsam, int (*sign_setup)(DSA *, BN_CTX *,
+                                                                BIGNUM **, BIGNUM **));
+
+int (*DSA_meth_get_verify(const DSA_METHOD *dsam))(const unsigned char *,
+                                                   int, DSA_SIG *, DSA *);
+int DSA_meth_set_verify(DSA_METHOD *dsam, int (*verify)(const unsigned char *,
+                                                        int, DSA_SIG *, DSA *));
+
+int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                                                    BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
+                                                    BIGNUM *m, BN_CTX *ctx,
+                                                    BN_MONT_CTX *in_mont);
+int DSA_meth_set_mod_exp(DSA_METHOD *dsam, int (*mod_exp)(DSA *dsa, BIGNUM *rr,
+                                                          BIGNUM *a1, BIGNUM *p1,
+                                                          BIGNUM *a2, BIGNUM *p2,
+                                                          BIGNUM *m, BN_CTX *ctx,
+                                                          BN_MONT_CTX *mont));
+
+int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                                                       const BIGNUM *p, const BIGNUM *m,
+                                                       BN_CTX *ctx, BN_MONT_CTX *mont);
+int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, int (*bn_mod_exp)(DSA *dsa,
+                                                                BIGNUM *r,
+                                                                BIGNUM *a,
+                                                                const BIGNUM *p,
+                                                                const BIGNUM *m,
+                                                                BN_CTX *ctx,
+                                                                BN_MONT_CTX *mont));
+
+int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
+int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
+
+int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *);
+int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish)(DSA *));
+
+int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))(DSA *, int,
+                                                     const unsigned char *,
+                                                     int, int *, unsigned long *,
+                                                     BN_GENCB *);
+int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+                          int (*paramgen)(DSA *, int, const unsigned char *,
+                                          int, int *, unsigned long *, BN_GENCB *));
+
+int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *);
+int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen)(DSA *));
+ +

DESCRIPTION

+ +

The DSA_METHOD type is a structure used for the provision of custom DSA implementations. It provides a set of functions used by OpenSSL for the implementation of the various DSA capabilities. See the dsa page for more information.

+ +

DSA_meth_new() creates a new DSA_METHOD structure. It should be given a unique name and a set of flags. The name should be a NULL terminated string, which will be duplicated and stored in the DSA_METHOD object. It is the callers responsibility to free the original string. The flags will be used during the construction of a new DSA object based on this DSA_METHOD. Any new DSA object will have those flags set by default.

+ +

DSA_meth_dup() creates a duplicate copy of the DSA_METHOD object passed as a parameter. This might be useful for creating a new DSA_METHOD based on an existing one, but with some differences.

+ +

DSA_meth_free() destroys a DSA_METHOD structure and frees up any memory associated with it.

+ +

DSA_meth_get0_name() will return a pointer to the name of this DSA_METHOD. This is a pointer to the internal name string and so should not be freed by the caller. DSA_meth_set1_name() sets the name of the DSA_METHOD to name. The string is duplicated and the copy is stored in the DSA_METHOD structure, so the caller remains responsible for freeing the memory associated with the name.

+ +

DSA_meth_get_flags() returns the current value of the flags associated with this DSA_METHOD. DSA_meth_set_flags() provides the ability to set these flags.

+ +

The functions DSA_meth_get0_app_data() and DSA_meth_set0_app_data() provide the ability to associate implementation specific data with the DSA_METHOD. It is the application's responsibility to free this data before the DSA_METHOD is freed via a call to DSA_meth_free().

+ +

DSA_meth_get_sign() and DSA_meth_set_sign() get and set the function used for creating a DSA signature respectively. This function will be called in response to the application calling DSA_do_sign() (or DSA_sign()). The parameters for the function have the same meaning as for DSA_do_sign().

+ +

DSA_meth_get_sign_setup() and DSA_meth_set_sign_setup() get and set the function used for precalculating the DSA signature values k^-1 and r. This function will be called in response to the application calling DSA_sign_setup(). The parameters for the function have the same meaning as for DSA_sign_setup().

+ +

DSA_meth_get_verify() and DSA_meth_set_verify() get and set the function used for verifying a DSA signature respectively. This function will be called in response to the application calling DSA_do_verify() (or DSA_verify()). The parameters for the function have the same meaning as for DSA_do_verify().

+ +

DSA_meth_get_mod_exp() and DSA_meth_set_mod_exp() get and set the function used for computing the following value:

+ +
rr = a1^p1 * a2^p2 mod m
+ +

This function will be called by the default OpenSSL method during verification of a DSA signature. The result is stored in the rr parameter. This function may be NULL.

+ +

DSA_meth_get_bn_mod_exp() and DSA_meth_set_bn_mod_exp() get and set the function used for computing the following value:

+ +
r = a ^ p mod m
+ +

This function will be called by the default OpenSSL function for DSA_sign_setup(). The result is stored in the r parameter. This function may be NULL.

+ +

DSA_meth_get_init() and DSA_meth_set_init() get and set the function used for creating a new DSA instance respectively. This function will be called in response to the application calling DSA_new() (if the current default DSA_METHOD is this one) or DSA_new_method(). The DSA_new() and DSA_new_method() functions will allocate the memory for the new DSA object, and a pointer to this newly allocated structure will be passed as a parameter to the function. This function may be NULL.

+ +

DSA_meth_get_finish() and DSA_meth_set_finish() get and set the function used for destroying an instance of a DSA object respectively. This function will be called in response to the application calling DSA_free(). A pointer to the DSA to be destroyed is passed as a parameter. The destroy function should be used for DSA implementation specific clean up. The memory for the DSA itself should not be freed by this function. This function may be NULL.

+ +

DSA_meth_get_paramgen() and DSA_meth_set_paramgen() get and set the function used for generating DSA parameters respectively. This function will be called in response to the application calling DSA_generate_parameters_ex() (or DSA_generate_parameters()). The parameters for the function have the same meaning as for DSA_generate_parameters_ex().

+ +

DSA_meth_get_keygen() and DSA_meth_set_keygen() get and set the function used for generating a new DSA key pair respectively. This function will be called in response to the application calling DSA_generate_key(). The parameter for the function has the same meaning as for DSA_generate_key().

+ +

RETURN VALUES

+ +

DSA_meth_new() and DSA_meth_dup() return the newly allocated DSA_METHOD object or NULL on failure.

+ +

DSA_meth_get0_name() and DSA_meth_get_flags() return the name and flags associated with the DSA_METHOD respectively.

+ +

All other DSA_meth_get_*() functions return the appropriate function pointer that has been set in the DSA_METHOD, or NULL if no such pointer has yet been set.

+ +

DSA_meth_set1_name() and all DSA_meth_set_*() functions return 1 on success or 0 on failure.

+ +

SEE ALSO

+ +

DSA_new(3), DSA_new(3), DSA_generate_parameters(3), DSA_generate_key(3), DSA_dup_DH(3), DSA_do_sign(3), DSA_set_method(3), DSA_SIG_new(3), DSA_sign(3), DSA_size(3), DSA_get0_pqg(3)

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_new.html new file mode 100644 index 00000000..2f57958d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_new.html @@ -0,0 +1,62 @@ + + + + +DSA_new + + + + + + + + + + +

NAME

+ +

DSA_new, DSA_free - allocate and free DSA objects

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+DSA* DSA_new(void);
+
+void DSA_free(DSA *dsa);
+ +

DESCRIPTION

+ +

DSA_new() allocates and initializes a DSA structure. It is equivalent to calling DSA_new_method(NULL).

+ +

DSA_free() frees the DSA structure and its components. The values are erased before the memory is returned to the system. If dsa is NULL nothing is done.

+ +

RETURN VALUES

+ +

If the allocation fails, DSA_new() returns NULL and sets an error code that can be obtained by ERR_get_error(3). Otherwise it returns a pointer to the newly allocated structure.

+ +

DSA_free() returns no value.

+ +

SEE ALSO

+ +

DSA_new(3), ERR_get_error(3), DSA_generate_parameters(3), DSA_generate_key(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_set_method.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_set_method.html new file mode 100644 index 00000000..35e36fd6 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_set_method.html @@ -0,0 +1,80 @@ + + + + +DSA_set_method + + + + + + + + + + +

NAME

+ +

DSA_set_default_method, DSA_get_default_method, DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+void DSA_set_default_method(const DSA_METHOD *meth);
+
+const DSA_METHOD *DSA_get_default_method(void);
+
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
+
+DSA *DSA_new_method(ENGINE *engine);
+
+DSA_METHOD *DSA_OpenSSL(void);
+ +

DESCRIPTION

+ +

A DSA_METHOD specifies the functions that OpenSSL uses for DSA operations. By modifying the method, alternative implementations such as hardware accelerators may be used. IMPORTANT: See the NOTES section for important information about how these DSA API functions are affected by the use of ENGINE API calls.

+ +

Initially, the default DSA_METHOD is the OpenSSL internal implementation, as returned by DSA_OpenSSL().

+ +

DSA_set_default_method() makes meth the default method for all DSA structures created later. NB: This is true only whilst no ENGINE has been set as a default for DSA, so this function is no longer recommended. This function is not thread-safe and should not be called at the same time as other OpenSSL functions.

+ +

DSA_get_default_method() returns a pointer to the current default DSA_METHOD. However, the meaningfulness of this result is dependent on whether the ENGINE API is being used, so this function is no longer recommended.

+ +

DSA_set_method() selects meth to perform all operations using the key rsa. This will replace the DSA_METHOD used by the DSA key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have DSA keys that only work with certain DSA_METHOD implementations (eg. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the DSA_METHOD for the key can have unexpected results. See DSA_meth_new for information on constructing custom DSA_METHOD objects;

+ +

DSA_new_method() allocates and initializes a DSA structure so that engine will be used for the DSA operations. If engine is NULL, the default engine for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD controlled by DSA_set_default_method() is used.

+ +

RETURN VALUES

+ +

DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective DSA_METHODs.

+ +

DSA_set_default_method() returns no value.

+ +

DSA_set_method() returns non-zero if the provided meth was successfully set as the method for dsa (including unloading the ENGINE handle if the previous method was supplied by an ENGINE).

+ +

DSA_new_method() returns NULL and sets an error code that can be obtained by ERR_get_error(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure.

+ +

SEE ALSO

+ +

DSA_new(3), DSA_new(3), DSA_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_sign.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_sign.html new file mode 100644 index 00000000..f79dcb70 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_sign.html @@ -0,0 +1,75 @@ + + + + +DSA_sign + + + + + + + + + + +

NAME

+ +

DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+int DSA_sign(int type, const unsigned char *dgst, int len,
+             unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, BIGNUM **rp);
+
+int DSA_verify(int type, const unsigned char *dgst, int len,
+               unsigned char *sigbuf, int siglen, DSA *dsa);
+ +

DESCRIPTION

+ +

DSA_sign() computes a digital signature on the len byte message digest dgst using the private key dsa and places its ASN.1 DER encoding at sigret. The length of the signature is places in *siglen. sigret must point to DSA_size(dsa) bytes of memory.

+ +

DSA_sign_setup() is defined only for backward binary compatibility and should not be used. Since OpenSSL 1.1.0 the DSA type is opaque and the output of DSA_sign_setup() cannot be used anyway: calling this function will only cause overhead, and does not affect the actual signature (pre-)computation.

+ +

DSA_verify() verifies that the signature sigbuf of size siglen matches a given message digest dgst of size len. dsa is the signer's public key.

+ +

The type parameter is ignored.

+ +

The random generator must be seeded when DSA_sign() (or DSA_sign_setup()) is called. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

RETURN VALUES

+ +

DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error. DSA_verify() returns 1 for a valid signature, 0 for an incorrect signature and -1 on error. The error codes can be obtained by ERR_get_error(3).

+ +

CONFORMING TO

+ +

US Federal Information Processing Standard FIPS 186 (Digital Signature Standard, DSS), ANSI X9.30

+ +

SEE ALSO

+ +

DSA_new(3), ERR_get_error(3), RAND_bytes(3), DSA_do_sign(3), RAND(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_size.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_size.html new file mode 100644 index 00000000..241aa9e5 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DSA_size.html @@ -0,0 +1,66 @@ + + + + +DSA_size + + + + + + + + + + +

NAME

+ +

DSA_size, DSA_bits, DSA_security_bits - get DSA signature size, key bits or security bits

+ +

SYNOPSIS

+ +
#include <openssl/dsa.h>
+
+int DSA_size(const DSA *dsa);
+int DSA_bits(const DSA *dsa);
+int DSA_security_bits(const DSA *dsa);
+ +

DESCRIPTION

+ +

DSA_size() returns the maximum size of an ASN.1 encoded DSA signature for key dsa in bytes. It can be used to determine how much memory must be allocated for a DSA signature.

+ +

dsa->q must not be NULL.

+ +

DSA_bits() returns the number of bits in key dsa: this is the number of bits in the p parameter.

+ +

DSA_security_bits() returns the number of security bits of the given dsa key. See BN_security_bits(3).

+ +

RETURN VALUES

+ +

DSA_size() returns the signature size in bytes.

+ +

DSA_bits() returns the number of bits in the key.

+ +

SEE ALSO

+ +

DSA_new(3), DSA_sign(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DTLS_get_data_mtu.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DTLS_get_data_mtu.html new file mode 100644 index 00000000..6005a6d6 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DTLS_get_data_mtu.html @@ -0,0 +1,56 @@ + + + + +DTLS_get_data_mtu + + + + + + + + + + +

NAME

+ +

DTLS_get_data_mtu - Get maximum data payload size

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+size_t DTLS_get_data_mtu(const SSL *ssl);
+ +

DESCRIPTION

+ +

This function obtains the maximum data payload size for the established DTLS connection ssl, based on the DTLS record MTU and the overhead of the DTLS record header, encryption and authentication currently in use.

+ +

RETURN VALUES

+ +

Returns the maximum data payload size on success, or 0 on failure.

+ +

HISTORY

+ +

The DTLS_get_data_mtu() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DTLS_set_timer_cb.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DTLS_set_timer_cb.html new file mode 100644 index 00000000..3289503b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DTLS_set_timer_cb.html @@ -0,0 +1,58 @@ + + + + +DTLS_set_timer_cb + + + + + + + + + + +

NAME

+ +

DTLS_timer_cb, DTLS_set_timer_cb - Set callback for controlling DTLS timer duration

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us);
+
+void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb);
+ +

DESCRIPTION

+ +

This function sets an optional callback function for controlling the timeout interval on the DTLS protocol. The callback function will be called by DTLS for every new DTLS packet that is sent.

+ +

RETURN VALUES

+ +

Returns void.

+ +

HISTORY

+ +

The DTLS_set_timer_cb() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/DTLSv1_listen.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/DTLSv1_listen.html new file mode 100644 index 00000000..616c36f9 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/DTLSv1_listen.html @@ -0,0 +1,95 @@ + + + + +DTLSv1_listen + + + + + + + + + + +

NAME

+ +

SSL_stateless, DTLSv1_listen - Statelessly listen for incoming connections

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_stateless(SSL *s);
+int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer);
+ +

DESCRIPTION

+ +

SSL_stateless() statelessly listens for new incoming TLSv1.3 connections. DTLSv1_listen() statelessly listens for new incoming DTLS connections. If a ClientHello is received that does not contain a cookie, then they respond with a request for a new ClientHello that does contain a cookie. If a ClientHello is received with a cookie that is verified then the function returns in order to enable the handshake to be completed (for example by using SSL_accept()).

+ +

NOTES

+ +

Some transport protocols (such as UDP) can be susceptible to amplification attacks. Unlike TCP there is no initial connection setup in UDP that validates that the client can actually receive messages on its advertised source address. An attacker could forge its source IP address and then send handshake initiation messages to the server. The server would then send its response to the forged source IP. If the response messages are larger than the original message then the amplification attack has succeeded.

+ +

If DTLS is used over UDP (or any datagram based protocol that does not validate the source IP) then it is susceptible to this type of attack. TLSv1.3 is designed to operate over a stream-based transport protocol (such as TCP). If TCP is being used then there is no need to use SSL_stateless(). However some stream-based transport protocols (e.g. QUIC) may not validate the source address. In this case a TLSv1.3 application would be susceptible to this attack.

+ +

As a countermeasure to this issue TLSv1.3 and DTLS include a stateless cookie mechanism. The idea is that when a client attempts to connect to a server it sends a ClientHello message. The server responds with a HelloRetryRequest (in TLSv1.3) or a HelloVerifyRequest (in DTLS) which contains a unique cookie. The client then resends the ClientHello, but this time includes the cookie in the message thus proving that the client is capable of receiving messages sent to that address. All of this can be done by the server without allocating any state, and thus without consuming expensive resources.

+ +

OpenSSL implements this capability via the SSL_stateless() and DTLSv1_listen() functions. The ssl parameter should be a newly allocated SSL object with its read and write BIOs set, in the same way as might be done for a call to SSL_accept(). Typically, for DTLS, the read BIO will be in an "unconnected" state and thus capable of receiving messages from any peer.

+ +

When a ClientHello is received that contains a cookie that has been verified, then these functions will return with the ssl parameter updated into a state where the handshake can be continued by a call to (for example) SSL_accept(). Additionally, for DTLSv1_listen(), the BIO_ADDR pointed to by peer will be filled in with details of the peer that sent the ClientHello. If the underlying BIO is unable to obtain the BIO_ADDR of the peer (for example because the BIO does not support this), then *peer will be cleared and the family set to AF_UNSPEC. Typically user code is expected to "connect" the underlying socket to the peer and continue the handshake in a connected state.

+ +

Prior to calling DTLSv1_listen() user code must ensure that cookie generation and verification callbacks have been set up using SSL_CTX_set_cookie_generate_cb(3) and SSL_CTX_set_cookie_verify_cb(3) respectively. For SSL_stateless(), SSL_CTX_set_stateless_cookie_generate_cb(3) and SSL_CTX_set_stateless_cookie_verify_cb(3) must be used instead.

+ +

Since DTLSv1_listen() operates entirely statelessly whilst processing incoming ClientHellos it is unable to process fragmented messages (since this would require the allocation of state). An implication of this is that DTLSv1_listen() only supports ClientHellos that fit inside a single datagram.

+ +

For SSL_stateless() if an entire ClientHello message cannot be read without the "read" BIO becoming empty then the SSL_stateless() call will fail. It is the application's responsibility to ensure that data read from the "read" BIO during a single SSL_stateless() call is all from the same peer.

+ +

SSL_stateless() will fail (with a 0 return value) if some TLS version less than TLSv1.3 is used.

+ +

Both SSL_stateless() and DTLSv1_listen() will clear the error queue when they start.

+ +

RETURN VALUES

+ +

For SSL_stateless() a return value of 1 indicates success and the ssl object will be set up ready to continue the handshake. A return value of 0 or -1 indicates failure. If the value is 0 then a HelloRetryRequest was sent. A value of -1 indicates any other error. User code may retry the SSL_stateless() call.

+ +

For DTLSv1_listen() a return value of >= 1 indicates success. The ssl object will be set up ready to continue the handshake. the peer value will also be filled in.

+ +

A return value of 0 indicates a non-fatal error. This could (for example) be because of non-blocking IO, or some invalid message having been received from a peer. Errors may be placed on the OpenSSL error queue with further information if appropriate. Typically user code is expected to retry the call to DTLSv1_listen() in the event of a non-fatal error.

+ +

A return value of <0 indicates a fatal error. This could (for example) be because of a failure to allocate sufficient memory for the operation.

+ +

For DTLSv1_listen(), prior to OpenSSL 1.1.0, fatal and non-fatal errors both produce return codes <= 0 (in typical implementations user code treats all errors as non-fatal), whilst return codes >0 indicate success.

+ +

SEE ALSO

+ +

SSL_CTX_set_cookie_generate_cb(3), SSL_CTX_set_cookie_verify_cb(3), SSL_CTX_set_stateless_cookie_generate_cb(3), SSL_CTX_set_stateless_cookie_verify_cb(3), SSL_get_error(3), SSL_accept(3), ssl(7), bio(7)

+ +

HISTORY

+ +

The SSL_stateless() function was added in OpenSSL 1.1.1.

+ +

The DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. The type of "peer" also changed in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ECDSA_SIG_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ECDSA_SIG_new.html new file mode 100644 index 00000000..67ed3ab4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ECDSA_SIG_new.html @@ -0,0 +1,180 @@ + + + + +ECDSA_SIG_new + + + + + + + + + + +

NAME

+ +

ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, ECDSA_do_sign_ex - low level elliptic curve digital signature algorithm (ECDSA) functions

+ +

SYNOPSIS

+ +
#include <openssl/ecdsa.h>
+
+ECDSA_SIG *ECDSA_SIG_new(void);
+void ECDSA_SIG_free(ECDSA_SIG *sig);
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig);
+const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+int ECDSA_size(const EC_KEY *eckey);
+
+int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
+               unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
+                         EC_KEY *eckey);
+
+int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
+                 const unsigned char *sig, int siglen, EC_KEY *eckey);
+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+                    const ECDSA_SIG *sig, EC_KEY* eckey);
+
+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
+                            const BIGNUM *kinv, const BIGNUM *rp,
+                            EC_KEY *eckey);
+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
+                  unsigned char *sig, unsigned int *siglen,
+                  const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
+ +

DESCRIPTION

+ +

Note: these functions provide a low level interface to ECDSA. Most applications should use the higher level EVP interface such as EVP_DigestSignInit(3) or EVP_DigestVerifyInit(3) instead.

+ +

ECDSA_SIG is an opaque structure consisting of two BIGNUMs for the r and s value of an ECDSA signature (see X9.62 or FIPS 186-2).

+ +

ECDSA_SIG_new() allocates an empty ECDSA_SIG structure. Note: before OpenSSL 1.1.0 the: the r and s components were initialised.

+ +

ECDSA_SIG_free() frees the ECDSA_SIG structure sig.

+ +

ECDSA_SIG_get0() returns internal pointers the r and s values contained in sig and stores them in *pr and *ps, respectively. The pointer pr or ps can be NULL, in which case the corresponding value is not returned.

+ +

The values r, s can also be retrieved separately by the corresponding function ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s(), respectively.

+ +

The r and s values can be set by calling ECDSA_SIG_set0() and passing the new values for r and s as parameters to the function. Calling this function transfers the memory management of the values to the ECDSA_SIG object, and therefore the values that have been passed in should not be freed directly after this function has been called.

+ +

See i2d_ECDSA_SIG(3) and d2i_ECDSA_SIG(3) for information about encoding and decoding ECDSA signatures to/from DER.

+ +

ECDSA_size() returns the maximum length of a DER encoded ECDSA signature created with the private EC key eckey.

+ +

ECDSA_sign() computes a digital signature of the dgstlen bytes hash value dgst using the private EC key eckey. The DER encoded signatures is stored in sig and its length is returned in sig_len. Note: sig must point to ECDSA_size(eckey) bytes of memory. The parameter type is currently ignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with kinv and rp set to NULL.

+ +

ECDSA_do_sign() is similar to ECDSA_sign() except the signature is returned as a newly allocated ECDSA_SIG structure (or NULL on error). ECDSA_do_sign() is a wrapper function for ECDSA_do_sign_ex() with kinv and rp set to NULL.

+ +

ECDSA_verify() verifies that the signature in sig of size siglen is a valid ECDSA signature of the hash value dgst of size dgstlen using the public key eckey. The parameter type is ignored.

+ +

ECDSA_do_verify() is similar to ECDSA_verify() except the signature is presented in the form of a pointer to an ECDSA_SIG structure.

+ +

The remaining functions utilise the internal kinv and r values used during signature computation. Most applications will never need to call these and some external ECDSA ENGINE implementations may not support them at all if either kinv or r is not NULL.

+ +

ECDSA_sign_setup() may be used to precompute parts of the signing operation. eckey is the private EC key and ctx is a pointer to BN_CTX structure (or NULL). The precomputed values or returned in kinv and rp and can be used in a later call to ECDSA_sign_ex() or ECDSA_do_sign_ex().

+ +

ECDSA_sign_ex() computes a digital signature of the dgstlen bytes hash value dgst using the private EC key eckey and the optional pre-computed values kinv and rp. The DER encoded signature is stored in sig and its length is returned in sig_len. Note: sig must point to ECDSA_size(eckey) bytes of memory. The parameter type is ignored.

+ +

ECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is returned as a newly allocated ECDSA_SIG structure (or NULL on error).

+ +

RETURN VALUES

+ +

ECDSA_SIG_new() returns NULL if the allocation fails.

+ +

ECDSA_SIG_set0() returns 1 on success or 0 on failure.

+ +

ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s() return the corresponding value, or NULL if it is unset.

+ +

ECDSA_size() returns the maximum length signature or 0 on error.

+ +

ECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful or 0 on error.

+ +

ECDSA_do_sign() and ECDSA_do_sign_ex() return a pointer to an allocated ECDSA_SIG structure or NULL on error.

+ +

ECDSA_verify() and ECDSA_do_verify() return 1 for a valid signature, 0 for an invalid signature and -1 on error. The error codes can be obtained by ERR_get_error(3).

+ +

EXAMPLES

+ +

Creating an ECDSA signature of a given SHA-256 hash value using the named curve prime256v1 (aka P-256).

+ +

First step: create an EC_KEY object (note: this part is not ECDSA specific)

+ +
int ret;
+ECDSA_SIG *sig;
+EC_KEY *eckey;
+
+eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+if (eckey == NULL)
+    /* error */
+if (EC_KEY_generate_key(eckey) == 0)
+    /* error */
+ +

Second step: compute the ECDSA signature of a SHA-256 hash value using ECDSA_do_sign():

+ +
sig = ECDSA_do_sign(digest, 32, eckey);
+if (sig == NULL)
+    /* error */
+ +

or using ECDSA_sign():

+ +
unsigned char *buffer, *pp;
+int buf_len;
+
+buf_len = ECDSA_size(eckey);
+buffer = OPENSSL_malloc(buf_len);
+pp = buffer;
+if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0)
+    /* error */
+ +

Third step: verify the created ECDSA signature using ECDSA_do_verify():

+ +
ret = ECDSA_do_verify(digest, 32, sig, eckey);
+ +

or using ECDSA_verify():

+ +
ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey);
+ +

and finally evaluate the return value:

+ +
if (ret == 1)
+    /* signature ok */
+else if (ret == 0)
+    /* incorrect signature */
+else
+    /* error */
+ +

CONFORMING TO

+ +

ANSI X9.62, US Federal Information Processing Standard FIPS 186-2 (Digital Signature Standard, DSS)

+ +

SEE ALSO

+ +

EC_KEY_new(3), EVP_DigestSignInit(3), EVP_DigestVerifyInit(3), i2d_ECDSA_SIG(3), d2i_ECDSA_SIG(3)

+ +

COPYRIGHT

+ +

Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ECPKParameters_print.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ECPKParameters_print.html new file mode 100644 index 00000000..0dc61ec9 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ECPKParameters_print.html @@ -0,0 +1,59 @@ + + + + +ECPKParameters_print + + + + + + + + + + +

NAME

+ +

ECPKParameters_print, ECPKParameters_print_fp - Functions for decoding and encoding ASN1 representations of elliptic curve entities

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
+ +

DESCRIPTION

+ +

The ECPKParameters represent the public parameters for an EC_GROUP structure, which represents a curve.

+ +

The ECPKParameters_print() and ECPKParameters_print_fp() functions print a human-readable output of the public parameters of the EC_GROUP to bp or fp. The output lines are indented by off spaces.

+ +

RETURN VALUES

+ +

ECPKParameters_print() and ECPKParameters_print_fp() return 1 for success and 0 if an error occurs.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), EC_GFp_simple_method(3),

+ +

COPYRIGHT

+ +

Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_GFp_simple_method.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_GFp_simple_method.html new file mode 100644 index 00000000..fe835d4b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_GFp_simple_method.html @@ -0,0 +1,75 @@ + + + + +EC_GFp_simple_method + + + + + + + + + + +

NAME

+ +

EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type - Functions for obtaining EC_METHOD objects

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+const EC_METHOD *EC_GFp_simple_method(void);
+const EC_METHOD *EC_GFp_mont_method(void);
+const EC_METHOD *EC_GFp_nist_method(void);
+const EC_METHOD *EC_GFp_nistp224_method(void);
+const EC_METHOD *EC_GFp_nistp256_method(void);
+const EC_METHOD *EC_GFp_nistp521_method(void);
+
+const EC_METHOD *EC_GF2m_simple_method(void);
+
+int EC_METHOD_get_field_type(const EC_METHOD *meth);
+ +

DESCRIPTION

+ +

The Elliptic Curve library provides a number of different implementations through a single common interface. When constructing a curve using EC_GROUP_new (see EC_GROUP_new(3)) an implementation method must be provided. The functions described here all return a const pointer to an EC_METHOD structure that can be passed to EC_GROUP_NEW. It is important that the correct implementation type for the form of curve selected is used.

+ +

For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method.

+ +

For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the use of montgomery multiplication (see BN_mod_mul_montgomery(3)). EC_GFp_nist_method offers an implementation optimised for use with NIST recommended curves (NIST curves are available through EC_GROUP_new_by_curve_name as described in EC_GROUP_new(3)).

+ +

The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit optimised implementations for the NIST P224, P256 and P521 curves respectively. Note, however, that these implementations are not available on all platforms.

+ +

EC_METHOD_get_field_type identifies what type of field the EC_METHOD structure supports, which will be either F2^m or Fp. If the field type is Fp then the value NID_X9_62_prime_field is returned. If the field type is F2^m then the value NID_X9_62_characteristic_two_field is returned. These values are defined in the obj_mac.h header file.

+ +

RETURN VALUES

+ +

All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an EC_METHOD structure.

+ +

EC_METHOD_get_field_type returns an integer that identifies the type of field the EC_METHOD structure supports.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), d2i_ECPKParameters(3), BN_mod_mul_montgomery(3)

+ +

COPYRIGHT

+ +

Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_GROUP_copy.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_GROUP_copy.html new file mode 100644 index 00000000..1344c7b1 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_GROUP_copy.html @@ -0,0 +1,180 @@ + + + + +EC_GROUP_copy + + + + + + + + + + +

NAME

+ +

EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis - Functions for manipulating EC_GROUP objects

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
+EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
+
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
+
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
+                           const BIGNUM *order, const BIGNUM *cofactor);
+const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
+
+int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
+const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
+int EC_GROUP_order_bits(const EC_GROUP *group);
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
+const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
+
+void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
+int EC_GROUP_get_curve_name(const EC_GROUP *group);
+
+void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
+int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
+
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
+point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group);
+
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
+size_t EC_GROUP_get_seed_len(const EC_GROUP *);
+size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
+
+int EC_GROUP_get_degree(const EC_GROUP *group);
+
+int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
+
+int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
+
+int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
+
+int EC_GROUP_get_basis_type(const EC_GROUP *);
+int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
+int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
+                                   unsigned int *k2, unsigned int *k3);
+ +

DESCRIPTION

+ +

EC_GROUP_copy() copies the curve src into dst. Both src and dst must use the same EC_METHOD.

+ +

EC_GROUP_dup() creates a new EC_GROUP object and copies the content from src to the newly created EC_GROUP object.

+ +

EC_GROUP_method_of() obtains the EC_METHOD of group.

+ +

EC_GROUP_set_generator() sets curve parameters that must be agreed by all participants using the curve. These parameters include the generator, the order and the cofactor. The generator is a well defined point on the curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and n-1 where n is the order. The order multiplied by the cofactor gives the number of points on the curve.

+ +

EC_GROUP_get0_generator() returns the generator for the identified group.

+ +

EC_GROUP_get_order() retrieves the order of group and copies its value into order. It fails in case group is not fully initialized (i.e., its order is not set or set to zero).

+ +

EC_GROUP_get_cofactor() retrieves the cofactor of group and copies its value into cofactor. It fails in case group is not fully initialized or if the cofactor is not set (or set to zero).

+ +

The functions EC_GROUP_set_curve_name() and EC_GROUP_get_curve_name(), set and get the NID for the curve respectively (see EC_GROUP_new(3)). If a curve does not have a NID associated with it, then EC_GROUP_get_curve_name will return NID_undef.

+ +

The asn1_flag value is used to determine whether the curve encoding uses explicit parameters or a named curve using an ASN1 OID: many applications only support the latter form. If asn1_flag is OPENSSL_EC_NAMED_CURVE then the named curve form is used and the parameters must have a corresponding named curve NID set. If asn1_flags is OPENSSL_EC_EXPLICIT_CURVE the parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag() and EC_GROUP_set_asn1_flag() get and set the status of the asn1_flag for the curve. Note: OPENSSL_EC_EXPLICIT_CURVE was added in OpenSSL 1.1.0, for previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL 1.1.0 the default form was to use explicit parameters (meaning that applications would have to explicitly set the named curve form) in OpenSSL 1.1.0 and later the named curve form is the default.

+ +

The point_conversion_form for a curve controls how EC_POINT data is encoded as ASN1 as defined in X9.62 (ECDSA). point_conversion_form_t is an enum defined as follows:

+ +
typedef enum {
+       /** the point is encoded as z||x, where the octet z specifies
+        *   which solution of the quadratic equation y is  */
+       POINT_CONVERSION_COMPRESSED = 2,
+       /** the point is encoded as z||x||y, where z is the octet 0x04  */
+       POINT_CONVERSION_UNCOMPRESSED = 4,
+       /** the point is encoded as z||x||y, where the octet z specifies
+        *  which solution of the quadratic equation y is  */
+       POINT_CONVERSION_HYBRID = 6
+} point_conversion_form_t;
+ +

For POINT_CONVERSION_UNCOMPRESSED the point is encoded as an octet signifying the UNCOMPRESSED form has been used followed by the octets for x, followed by the octets for y.

+ +

For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For POINT_CONVERSION_COMPRESSED the point is encoded as an octet signifying that the COMPRESSED form has been used AND which of the two possible solutions for y has been used, followed by the octets for x.

+ +

For POINT_CONVERSION_HYBRID the point is encoded as an octet signifying the HYBRID form has been used AND which of the two possible solutions for y has been used, followed by the octets for x, followed by the octets for y.

+ +

The functions EC_GROUP_set_point_conversion_form() and EC_GROUP_get_point_conversion_form(), set and get the point_conversion_form for the curve respectively.

+ +

ANSI X9.62 (ECDSA standard) defines a method of generating the curve parameter b from a random number. This provides advantages in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it. If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL EC library does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed(). This returns a pointer to a memory block containing the seed that was used. The length of the memory block can be obtained using EC_GROUP_get_seed_len(). A number of the built-in curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using EC_GROUP_set_seed() and passing a pointer to a memory block, along with the length of the seed. Again, the EC library will not use this seed value, although it will be preserved in any ASN1 based communications.

+ +

EC_GROUP_get_degree() gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be the value m.

+ +

The function EC_GROUP_check_discriminant() calculates the discriminant for the curve and verifies that it is valid. For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is simply b. In either case for the curve to be valid the discriminant must be non zero.

+ +

The function EC_GROUP_check() performs a number of checks on a curve to verify that it is valid. Checks performed include verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has the correct order.

+ +

EC_GROUP_cmp() compares a and b to determine whether they represent the same curve or not.

+ +

The functions EC_GROUP_get_basis_type(), EC_GROUP_get_trinomial_basis() and EC_GROUP_get_pentanomial_basis() should only be called for curves defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial function f(x). This function is either a trinomial of the form:

+ +

f(x) = x^m + x^k + 1 with m > k >= 1

+ +

or a pentanomial of the form:

+ +

f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1

+ +

The function EC_GROUP_get_basis_type() returns a NID identifying whether a trinomial or pentanomial is in use for the field. The function EC_GROUP_get_trinomial_basis() must only be called where f(x) is of the trinomial form, and returns the value of k. Similarly the function EC_GROUP_get_pentanomial_basis() must only be called where f(x) is of the pentanomial form, and returns the values of k1, k2 and k3 respectively.

+ +

RETURN VALUES

+ +

The following functions return 1 on success or 0 on error: EC_GROUP_copy(), EC_GROUP_set_generator(), EC_GROUP_check(), EC_GROUP_check_discriminant(), EC_GROUP_get_trinomial_basis() and EC_GROUP_get_pentanomial_basis().

+ +

EC_GROUP_dup() returns a pointer to the duplicated curve, or NULL on error.

+ +

EC_GROUP_method_of() returns the EC_METHOD implementation in use for the given curve or NULL on error.

+ +

EC_GROUP_get0_generator() returns the generator for the given curve or NULL on error.

+ +

EC_GROUP_get_order() returns 0 if the order is not set (or set to zero) for group or if copying into order fails, 1 otherwise.

+ +

EC_GROUP_get_cofactor() returns 0 if the cofactor is not set (or is set to zero) for group or if copying into cofactor fails, 1 otherwise.

+ +

EC_GROUP_get_curve_name() returns the curve name (NID) for group or will return NID_undef if no curve name is associated.

+ +

EC_GROUP_get_asn1_flag() returns the ASN1 flag for the specified group .

+ +

EC_GROUP_get_point_conversion_form() returns the point_conversion_form for group.

+ +

EC_GROUP_get_degree() returns the degree for group or 0 if the operation is not supported by the underlying group implementation.

+ +

EC_GROUP_get0_order() returns an internal pointer to the group order. EC_GROUP_order_bits() returns the number of bits in the group order. EC_GROUP_get0_cofactor() returns an internal pointer to the group cofactor.

+ +

EC_GROUP_get0_seed() returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not specified. EC_GROUP_get_seed_len() returns the length of the seed or 0 if the seed is not specified.

+ +

EC_GROUP_set_seed() returns the length of the seed that has been set. If the supplied seed is NULL, or the supplied seed length is 0, the return value will be 1. On error 0 is returned.

+ +

EC_GROUP_cmp() returns 0 if the curves are equal, 1 if they are not equal, or -1 on error.

+ +

EC_GROUP_get_basis_type() returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in <openssl/obj_mac.h>) for a trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_new(3), EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), EC_GFp_simple_method(3), d2i_ECPKParameters(3)

+ +

COPYRIGHT

+ +

Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_GROUP_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_GROUP_new.html new file mode 100644 index 00000000..ab1f5d05 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_GROUP_new.html @@ -0,0 +1,123 @@ + + + + +EC_GROUP_new + + + + + + + + + + +

NAME

+ +

EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters, EC_GROUP_new, EC_GROUP_new_from_ecparameters, EC_GROUP_new_from_ecpkparameters, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp, EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve, EC_GROUP_get_curve, EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m, EC_get_builtin_curves - Functions for creating and destroying EC_GROUP objects

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
+EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
+EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
+void EC_GROUP_free(EC_GROUP *group);
+void EC_GROUP_clear_free(EC_GROUP *group);
+
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
+                                 const BIGNUM *b, BN_CTX *ctx);
+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
+                                  const BIGNUM *b, BN_CTX *ctx);
+EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
+
+int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                       const BIGNUM *b, BN_CTX *ctx);
+int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+                       BN_CTX *ctx);
+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
+                           const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
+                           BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
+                            const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p,
+                            BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+
+ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params)
+ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params)
+
+size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
+ +

DESCRIPTION

+ +

Within the library there are two forms of elliptic curve that are of interest. The first form is those defined over the prime field Fp. The elements of Fp are the integers 0 to p-1, where p is a prime number. This gives us a revised elliptic curve equation as follows:

+ +

y^2 mod p = x^3 +ax + b mod p

+ +

The second form is those defined over a binary field F2^m where the elements of the field are integers of length at most m bits. For this form the elliptic curve equation is modified to:

+ +

y^2 + xy = x^3 + ax^2 + b (where b != 0)

+ +

Operations in a binary field are performed relative to an irreducible polynomial. All such curves with OpenSSL use a trinomial or a pentanomial for this parameter.

+ +

A new curve can be constructed by calling EC_GROUP_new(), using the implementation provided by meth (see EC_GFp_simple_method(3)). It is then necessary to call EC_GROUP_set_curve() to set the curve parameters. EC_GROUP_new_from_ecparameters() will create a group from the specified params and EC_GROUP_new_from_ecpkparameters() will create a group from the specific PK params.

+ +

EC_GROUP_set_curve() sets the curve parameters p, a and b. For a curve over Fp p is the prime for the field. For a curve over F2^m p represents the irreducible polynomial - each bit represents a term in the polynomial. Therefore there will either be three or five bits set dependent on whether the polynomial is a trinomial or a pentanomial. In either case, a and b represents the coefficients a and b from the relevant equation introduced above.

+ +

EC_group_get_curve() obtains the previously set curve parameters.

+ +

EC_GROUP_set_curve_GFp() and EC_GROUP_set_curve_GF2m() are synonyms for EC_GROUP_set_curve(). They are defined for backwards compatibility only and should not be used.

+ +

EC_GROUP_get_curve_GFp() and EC_GROUP_get_curve_GF2m() are synonyms for EC_GROUP_get_curve(). They are defined for backwards compatibility only and should not be used.

+ +

The functions EC_GROUP_new_curve_GFp() and EC_GROUP_new_curve_GF2m() are shortcuts for calling EC_GROUP_new() and then the EC_GROUP_set_curve() function. An appropriate default implementation method will be used.

+ +

Whilst the library can be used to create any curve using the functions described above, there are also a number of predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function EC_get_builtin_curves(). The parameter r should be an array of EC_builtin_curve structures of size nitems. The function will populate the r array with information about the builtin curves. If nitems is less than the total number of curves available, then the first nitems curves will be returned. Otherwise the total number of curves will be provided. The return value is the total number of curves available (whether that number has been populated in r or not). Passing a NULL r, or setting nitems to 0 will do nothing other than return the total number of curves available. The EC_builtin_curve structure is defined as follows:

+ +
typedef struct {
+       int nid;
+       const char *comment;
+       } EC_builtin_curve;
+ +

Each EC_builtin_curve item has a unique integer id (nid), and a human readable comment string describing the curve.

+ +

In order to construct a builtin curve use the function EC_GROUP_new_by_curve_name() and provide the nid of the curve to be constructed.

+ +

EC_GROUP_free() frees the memory associated with the EC_GROUP. If group is NULL nothing is done.

+ +

EC_GROUP_clear_free() destroys any sensitive data held within the EC_GROUP and then frees its memory. If group is NULL nothing is done.

+ +

RETURN VALUES

+ +

All EC_GROUP_new* functions return a pointer to the newly constructed group, or NULL on error.

+ +

EC_get_builtin_curves() returns the number of builtin curves that are available.

+ +

EC_GROUP_set_curve_GFp(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(), EC_GROUP_get_curve_GF2m() return 1 on success or 0 on error.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_copy(3), EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), EC_GFp_simple_method(3), d2i_ECPKParameters(3)

+ +

COPYRIGHT

+ +

Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_KEY_get_enc_flags.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_KEY_get_enc_flags.html new file mode 100644 index 00000000..cfbb2338 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_KEY_get_enc_flags.html @@ -0,0 +1,61 @@ + + + + +EC_KEY_get_enc_flags + + + + + + + + + + +

NAME

+ +

EC_KEY_get_enc_flags, EC_KEY_set_enc_flags - Get and set flags for encoding EC_KEY structures

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+unsigned int EC_KEY_get_enc_flags(const EC_KEY *key);
+void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+ +

DESCRIPTION

+ +

The format of the external representation of the public key written by i2d_ECPrivateKey() (such as whether it is stored in a compressed form or not) is described by the point_conversion_form. See EC_GROUP_copy(3) for a description of point_conversion_form.

+ +

When reading a private key encoded without an associated public key (e.g. if EC_PKEY_NO_PUBKEY has been used - see below), then d2i_ECPrivateKey() generates the missing public key automatically. Private keys encoded without parameters (e.g. if EC_PKEY_NO_PARAMETERS has been used - see below) cannot be loaded using d2i_ECPrivateKey().

+ +

The functions EC_KEY_get_enc_flags() and EC_KEY_set_enc_flags() get and set the value of the encoding flags for the key. There are two encoding flags currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags define the behaviour of how the key is converted into ASN1 in a call to i2d_ECPrivateKey(). If EC_PKEY_NO_PARAMETERS is set then the public parameters for the curve are not encoded along with the private key. If EC_PKEY_NO_PUBKEY is set then the public key is not encoded along with the private key.

+ +

RETURN VALUES

+ +

EC_KEY_get_enc_flags() returns the value of the current encoding flags for the EC_KEY.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), EC_POINT_new(3), EC_POINT_add(3), EC_GFp_simple_method(3), d2i_ECPKParameters(3), d2i_ECPrivateKey(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_KEY_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_KEY_new.html new file mode 100644 index 00000000..1919e81e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_KEY_new.html @@ -0,0 +1,143 @@ + + + + +EC_KEY_new + + + + + + + + + + +

NAME

+ +

EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_conv_form, EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, EC_KEY_priv2buf - Functions for creating, destroying and manipulating EC_KEY objects

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+EC_KEY *EC_KEY_new(void);
+int EC_KEY_get_flags(const EC_KEY *key);
+void EC_KEY_set_flags(EC_KEY *key, int flags);
+void EC_KEY_clear_flags(EC_KEY *key, int flags);
+EC_KEY *EC_KEY_new_by_curve_name(int nid);
+void EC_KEY_free(EC_KEY *key);
+EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
+EC_KEY *EC_KEY_dup(const EC_KEY *src);
+int EC_KEY_up_ref(EC_KEY *key);
+ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey);
+const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
+int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
+const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
+int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
+const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
+int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
+void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
+int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
+int EC_KEY_generate_key(EC_KEY *key);
+int EC_KEY_check_key(const EC_KEY *key);
+int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);
+const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
+int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
+
+int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len, BN_CTX *ctx);
+size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form,
+                      unsigned char **pbuf, BN_CTX *ctx);
+
+int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len);
+size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len);
+
+size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
+ +

DESCRIPTION

+ +

An EC_KEY represents a public key and, optionally, the associated private key. A new EC_KEY with no associated curve can be constructed by calling EC_KEY_new(). The reference count for the newly created EC_KEY is initially set to 1. A curve can be associated with the EC_KEY by calling EC_KEY_set_group().

+ +

Alternatively a new EC_KEY can be constructed by calling EC_KEY_new_by_curve_name() and supplying the nid of the associated curve. See EC_GROUP_new(3) for a description of curve names. This function simply wraps calls to EC_KEY_new() and EC_GROUP_new_by_curve_name().

+ +

Calling EC_KEY_free() decrements the reference count for the EC_KEY object, and if it has dropped to zero then frees the memory associated with it. If key is NULL nothing is done.

+ +

EC_KEY_copy() copies the contents of the EC_KEY in src into dest.

+ +

EC_KEY_dup() creates a new EC_KEY object and copies ec_key into it.

+ +

EC_KEY_up_ref() increments the reference count associated with the EC_KEY object.

+ +

EC_KEY_get0_engine() returns a handle to the ENGINE that has been set for this EC_KEY object.

+ +

EC_KEY_generate_key() generates a new public and private key for the supplied eckey object. eckey must have an EC_GROUP object associated with it before calling this function. The private key is a random integer (0 < priv_key < order, where order is the order of the EC_GROUP object). The public key is an EC_POINT on the curve calculated by multiplying the generator for the curve by the private key.

+ +

EC_KEY_check_key() performs various sanity checks on the EC_KEY object to confirm that it is valid.

+ +

EC_KEY_set_public_key_affine_coordinates() sets the public key for key based on its affine co-ordinates; i.e., it constructs an EC_POINT object based on the supplied x and y values and sets the public key to be this EC_POINT. It also performs certain sanity checks on the key to confirm that it is valid.

+ +

The functions EC_KEY_get0_group(), EC_KEY_set_group(), EC_KEY_get0_private_key(), EC_KEY_set_private_key(), EC_KEY_get0_public_key(), and EC_KEY_set_public_key() get and set the EC_GROUP object, the private key, and the EC_POINT public key for the key respectively.

+ +

The functions EC_KEY_get_conv_form() and EC_KEY_set_conv_form() get and set the point_conversion_form for the key. For a description of point_conversion_forms please see EC_POINT_new(3).

+ +

EC_KEY_set_flags() sets the flags in the flags parameter on the EC_KEY object. Any flags that are already set are left set. The flags currently defined are EC_FLAG_NON_FIPS_ALLOW and EC_FLAG_FIPS_CHECKED. In addition there is the flag EC_FLAG_COFACTOR_ECDH which is specific to ECDH. EC_KEY_get_flags() returns the current flags that are set for this EC_KEY. EC_KEY_clear_flags() clears the flags indicated by the flags parameter; all other flags are left in their existing state.

+ +

EC_KEY_set_asn1_flag() sets the asn1_flag on the underlying EC_GROUP object (if set). Refer to EC_GROUP_copy(3) for further information on the asn1_flag.

+ +

EC_KEY_precompute_mult() stores multiples of the underlying EC_GROUP generator for faster point multiplication. See also EC_POINT_add(3).

+ +

EC_KEY_oct2key() and EC_KEY_key2buf() are identical to the functions EC_POINT_oct2point() and EC_KEY_point2buf() except they use the public key EC_POINT in eckey.

+ +

EC_KEY_oct2priv() and EC_KEY_priv2oct() convert between the private key component of eckey and octet form. The octet form consists of the content octets of the privateKey OCTET STRING in an ECPrivateKey ASN.1 structure.

+ +

The function EC_KEY_priv2oct() must be supplied with a buffer long enough to store the octet form. The return value provides the number of octets stored. Calling the function with a NULL buffer will not perform the conversion but will just return the required buffer length.

+ +

The function EC_KEY_priv2buf() allocates a buffer of suitable length and writes an EC_KEY to it in octet format. The allocated buffer is written to *pbuf and its length is returned. The caller must free up the allocated buffer with a call to OPENSSL_free(). Since the allocated buffer value is written to *pbuf the pbuf parameter MUST NOT be NULL.

+ +

EC_KEY_priv2buf() converts an EC_KEY private key into an allocated buffer.

+ +

RETURN VALUES

+ +

EC_KEY_new(), EC_KEY_new_by_curve_name() and EC_KEY_dup() return a pointer to the newly created EC_KEY object, or NULL on error.

+ +

EC_KEY_get_flags() returns the flags associated with the EC_KEY object as an integer.

+ +

EC_KEY_copy() returns a pointer to the destination key, or NULL on error.

+ +

EC_KEY_get0_engine() returns a pointer to an ENGINE, or NULL if it wasn't set.

+ +

EC_KEY_up_ref(), EC_KEY_set_group(), EC_KEY_set_private_key(), EC_KEY_set_public_key(), EC_KEY_precompute_mult(), EC_KEY_generate_key(), EC_KEY_check_key(), EC_KEY_set_public_key_affine_coordinates(), EC_KEY_oct2key() and EC_KEY_oct2priv() return 1 on success or 0 on error.

+ +

EC_KEY_get0_group() returns the EC_GROUP associated with the EC_KEY.

+ +

EC_KEY_get0_private_key() returns the private key associated with the EC_KEY.

+ +

EC_KEY_get_conv_form() return the point_conversion_form for the EC_KEY.

+ +

EC_KEY_key2buf(), EC_KEY_priv2oct() and EC_KEY_priv2buf() return the length of the buffer or 0 on error.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), EC_POINT_new(3), EC_POINT_add(3), EC_GFp_simple_method(3), d2i_ECPKParameters(3)

+ +

COPYRIGHT

+ +

Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_POINT_add.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_POINT_add.html new file mode 100644 index 00000000..2c197ebc --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_POINT_add.html @@ -0,0 +1,95 @@ + + + + +EC_POINT_add + + + + + + + + + + +

NAME

+ +

EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult - Functions for performing mathematical operations and tests on EC_POINT objects

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 const EC_POINT *b, BN_CTX *ctx);
+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
+int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
+int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
+                          EC_POINT *points[], BN_CTX *ctx);
+int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num,
+                  const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
+int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
+                 const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
+int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
+ +

DESCRIPTION

+ +

EC_POINT_add adds the two points a and b and places the result in r. Similarly EC_POINT_dbl doubles the point a and places the result in r. In both cases it is valid for r to be one of a or b.

+ +

EC_POINT_invert calculates the inverse of the supplied point a. The result is placed back in a.

+ +

The function EC_POINT_is_at_infinity tests whether the supplied point is at infinity or not.

+ +

EC_POINT_is_on_curve tests whether the supplied point is on the curve or not.

+ +

EC_POINT_cmp compares the two supplied points and tests whether or not they are equal.

+ +

The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the EC_POINT(s) into the affine co-ordinate system. In the case of EC_POINTs_make_affine the value num provides the number of points in the array points to be forced.

+ +

EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * n + q * m and stores the result in r. The value n may be NULL in which case the result is just q * m (variable point multiplication). Alternatively, both q and m may be NULL, and n non-NULL, in which case the result is just generator * n (fixed point multiplication). When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either n or m) is in the range [0, ec_group_order).

+ +

EC_POINTs_mul calculates the value generator * n + q[0] * m[0] + ... + q[num-1] * m[num-1]. As for EC_POINT_mul the value n may be NULL or num may be zero. When performing a fixed point multiplication (n is non-NULL and num is 0) or a variable point multiplication (n is NULL and num is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either n or m[0]) is in the range [0, ec_group_order).

+ +

The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See EC_GROUP_copy(3) for information about the generator.

+ +

RETURN VALUES

+ +

The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_make_affine, EC_POINT_mul, EC_POINTs_mul and EC_GROUP_precompute_mult.

+ +

EC_POINT_is_at_infinity returns 1 if the point is at infinity, or 0 otherwise.

+ +

EC_POINT_is_on_curve returns 1 if the point is on the curve, 0 if not, or -1 on error.

+ +

EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or -1 on error.

+ +

EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), EC_POINT_new(3), EC_KEY_new(3), EC_GFp_simple_method(3), d2i_ECPKParameters(3)

+ +

COPYRIGHT

+ +

Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_POINT_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_POINT_new.html new file mode 100644 index 00000000..3d2cf8a7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EC_POINT_new.html @@ -0,0 +1,169 @@ + + + + +EC_POINT_new + + + + + + + + + + +

NAME

+ +

EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of, EC_POINT_set_to_infinity, EC_POINT_get_Jprojective_coordinates_GFp, EC_POINT_set_affine_coordinates, EC_POINT_get_affine_coordinates, EC_POINT_set_compressed_coordinates, EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m, EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex, EC_POINT_hex2point - Functions for creating, destroying and manipulating EC_POINT objects

+ +

SYNOPSIS

+ +
#include <openssl/ec.h>
+
+EC_POINT *EC_POINT_new(const EC_GROUP *group);
+void EC_POINT_free(EC_POINT *point);
+void EC_POINT_clear_free(EC_POINT *point);
+int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
+EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
+int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             EC_POINT *p,
+                                             const BIGNUM *x, const BIGNUM *y,
+                                             const BIGNUM *z, BN_CTX *ctx);
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             const EC_POINT *p,
+                                             BIGNUM *x, BIGNUM *y, BIGNUM *z,
+                                             BN_CTX *ctx);
+int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                    const BIGNUM *x, const BIGNUM *y,
+                                    BN_CTX *ctx);
+int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
+                                    BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                        const BIGNUM *x, int y_bit,
+                                        BN_CTX *ctx);
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
+                                        const BIGNUM *x, const BIGNUM *y,
+                                        BN_CTX *ctx);
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+                                        const EC_POINT *p,
+                                        BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+                                            EC_POINT *p,
+                                            const BIGNUM *x, int y_bit,
+                                            BN_CTX *ctx);
+int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
+                                         const BIGNUM *x, const BIGNUM *y,
+                                         BN_CTX *ctx);
+int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+                                         const EC_POINT *p,
+                                         BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
+                                             EC_POINT *p,
+                                             const BIGNUM *x, int y_bit,
+                                             BN_CTX *ctx);
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
+                          point_conversion_form_t form,
+                          unsigned char *buf, size_t len, BN_CTX *ctx);
+size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
+                          point_conversion_form_t form,
+                          unsigned char **pbuf, BN_CTX *ctx);
+int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
+                       const unsigned char *buf, size_t len, BN_CTX *ctx);
+BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *p,
+                          point_conversion_form_t form, BIGNUM *bn,
+                          BN_CTX *ctx);
+EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn,
+                            EC_POINT *p, BN_CTX *ctx);
+char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p,
+                         point_conversion_form_t form, BN_CTX *ctx);
+EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex,
+                             EC_POINT *p, BN_CTX *ctx);
+ +

DESCRIPTION

+ +

An EC_POINT structure represents a point on a curve. A new point is constructed by calling the function EC_POINT_new() and providing the group object that the point relates to.

+ +

EC_POINT_free() frees the memory associated with the EC_POINT. if point is NULL nothing is done.

+ +

EC_POINT_clear_free() destroys any sensitive data held within the EC_POINT and then frees its memory. If point is NULL nothing is done.

+ +

EC_POINT_copy() copies the point src into dst. Both src and dst must use the same EC_METHOD.

+ +

EC_POINT_dup() creates a new EC_POINT object and copies the content from src to the newly created EC_POINT object.

+ +

EC_POINT_method_of() obtains the EC_METHOD associated with point.

+ +

A valid point on a curve is the special point at infinity. A point is set to be at infinity by calling EC_POINT_set_to_infinity().

+ +

The affine co-ordinates for a point describe a point in terms of its x and y position. The function EC_POINT_set_affine_coordinates() sets the x and y co-ordinates for the point p defined over the curve given in group. The function EC_POINT_get_affine_coordinates() sets x and y, either of which may be NULL, to the corresponding coordinates of p.

+ +

The functions EC_POINT_set_affine_coordinates_GFp() and EC_POINT_set_affine_coordinates_GF2m() are synonyms for EC_POINT_set_affine_coordinates(). They are defined for backwards compatibility only and should not be used.

+ +

The functions EC_POINT_get_affine_coordinates_GFp() and EC_POINT_get_affine_coordinates_GF2m() are synonyms for EC_POINT_get_affine_coordinates(). They are defined for backwards compatibility only and should not be used.

+ +

As well as the affine co-ordinates, a point can alternatively be described in terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian projective co-ordinates are expressed as three values x, y and z. Working in this co-ordinate system provides more efficient point multiplication operations. A mapping exists between Jacobian projective co-ordinates and affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped to (x, y, 1). To set or get the projective co-ordinates use EC_POINT_set_Jprojective_coordinates_GFp() and EC_POINT_get_Jprojective_coordinates_GFp() respectively.

+ +

Points can also be described in terms of their compressed co-ordinates. For a point (x, y), for any given value for x such that the point is on the curve there will only ever be two possible values for y. Therefore a point can be set using the EC_POINT_set_compressed_coordinates() function where x is the x co-ordinate and y_bit is a value 0 or 1 to identify which of the two possible values for y should be used.

+ +

The functions EC_POINT_set_compressed_coordinates_GFp() and EC_POINT_set_compressed_coordinates_GF2m() are synonyms for EC_POINT_set_compressed_coordinates(). They are defined for backwards compatibility only and should not be used.

+ +

In addition EC_POINT can be converted to and from various external representations. The octet form is the binary encoding of the ECPoint structure (as defined in RFC5480 and used in certificates and TLS records): only the content octets are present, the OCTET STRING tag and length are not included. BIGNUM form is the octet form interpreted as a big endian integer converted to a BIGNUM structure. Hexadecimal form is the octet form converted to a NULL terminated character string where each character is one of the printable values 0-9 or A-F (or a-f).

+ +

The functions EC_POINT_point2oct(), EC_POINT_oct2point(), EC_POINT_point2bn(), EC_POINT_bn2point(), EC_POINT_point2hex() and EC_POINT_hex2point() convert from and to EC_POINTs for the formats: octet, BIGNUM and hexadecimal respectively.

+ +

The function EC_POINT_point2oct() encodes the given curve point p as an octet string into the buffer buf of size len, using the specified conversion form form. The encoding conforms with Sec. 2.3.3 of the SECG SEC 1 ("Elliptic Curve Cryptography") standard. Similarly the function EC_POINT_oct2point() decodes a curve point into p from the octet string contained in the given buffer buf of size len, conforming to Sec. 2.3.4 of the SECG SEC 1 ("Elliptic Curve Cryptography") standard.

+ +

The functions EC_POINT_point2hex() and EC_POINT_point2bn() convert a point p, respectively, to the hexadecimal or BIGNUM representation of the same encoding of the function EC_POINT_point2oct(). Vice versa, similarly to the function EC_POINT_oct2point(), the functions EC_POINT_hex2point() and EC_POINT_point2bn() decode the hexadecimal or BIGNUM representation into the EC_POINT p.

+ +

Notice that, according to the standard, the octet string encoding of the point at infinity for a given curve is fixed to a single octet of value zero and that, vice versa, a single octet of size zero is decoded as the point at infinity.

+ +

The function EC_POINT_point2oct() must be supplied with a buffer long enough to store the octet form. The return value provides the number of octets stored. Calling the function with a NULL buffer will not perform the conversion but will still return the required buffer length.

+ +

The function EC_POINT_point2buf() allocates a buffer of suitable length and writes an EC_POINT to it in octet format. The allocated buffer is written to *pbuf and its length is returned. The caller must free up the allocated buffer with a call to OPENSSL_free(). Since the allocated buffer value is written to *pbuf the pbuf parameter MUST NOT be NULL.

+ +

The function EC_POINT_point2hex() will allocate sufficient memory to store the hexadecimal string. It is the caller's responsibility to free this memory with a subsequent call to OPENSSL_free().

+ +

RETURN VALUES

+ +

EC_POINT_new() and EC_POINT_dup() return the newly allocated EC_POINT or NULL on error.

+ +

The following functions return 1 on success or 0 on error: EC_POINT_copy(), EC_POINT_set_to_infinity(), EC_POINT_set_Jprojective_coordinates_GFp(), EC_POINT_get_Jprojective_coordinates_GFp(), EC_POINT_set_affine_coordinates_GFp(), EC_POINT_get_affine_coordinates_GFp(), EC_POINT_set_compressed_coordinates_GFp(), EC_POINT_set_affine_coordinates_GF2m(), EC_POINT_get_affine_coordinates_GF2m(), EC_POINT_set_compressed_coordinates_GF2m() and EC_POINT_oct2point().

+ +

EC_POINT_method_of returns the EC_METHOD associated with the supplied EC_POINT.

+ +

EC_POINT_point2oct() and EC_POINT_point2buf() return the length of the required buffer or 0 on error.

+ +

EC_POINT_point2bn() returns the pointer to the BIGNUM supplied, or NULL on error.

+ +

EC_POINT_bn2point() returns the pointer to the EC_POINT supplied, or NULL on error.

+ +

EC_POINT_point2hex() returns a pointer to the hex string, or NULL on error.

+ +

EC_POINT_hex2point() returns the pointer to the EC_POINT supplied, or NULL on error.

+ +

SEE ALSO

+ +

crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), EC_POINT_add(3), EC_KEY_new(3), EC_GFp_simple_method(3), d2i_ECPKParameters(3)

+ +

COPYRIGHT

+ +

Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ENGINE_add.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ENGINE_add.html new file mode 100644 index 00000000..52d622ad --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ENGINE_add.html @@ -0,0 +1,422 @@ + + + + +ENGINE_add + + + + + + + + + + +

NAME

+ +

ENGINE_get_DH, ENGINE_get_DSA, ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH, ENGINE_get_default_DSA, ENGINE_get_default_RAND, ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first, ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new, ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests, ENGINE_get_destroy_function, ENGINE_get_finish_function, ENGINE_get_init_function, ENGINE_get_load_privkey_function, ENGINE_get_load_pubkey_function, ENGINE_load_private_key, ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id, ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher, ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable, ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string, ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init, ENGINE_register_DH, ENGINE_register_DSA, ENGINE_register_RAND, ENGINE_register_RSA, ENGINE_register_all_complete, ENGINE_register_ciphers, ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove, ENGINE_set_DH, ENGINE_set_DSA, ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers, ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default, ENGINE_set_default_DH, ENGINE_set_default_DSA, ENGINE_set_default_RAND, ENGINE_set_default_RSA, ENGINE_set_default_ciphers, ENGINE_set_default_digests, ENGINE_set_default_string, ENGINE_set_destroy_function, ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags, ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function, ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref, ENGINE_get_table_flags, ENGINE_cleanup, ENGINE_load_builtin_engines, ENGINE_register_all_DH, ENGINE_register_all_DSA, ENGINE_register_all_RAND, ENGINE_register_all_RSA, ENGINE_register_all_ciphers, ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH, ENGINE_unregister_DSA, ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers, ENGINE_unregister_digests - ENGINE cryptographic module support

+ +

SYNOPSIS

+ +
#include <openssl/engine.h>
+
+ENGINE *ENGINE_get_first(void);
+ENGINE *ENGINE_get_last(void);
+ENGINE *ENGINE_get_next(ENGINE *e);
+ENGINE *ENGINE_get_prev(ENGINE *e);
+
+int ENGINE_add(ENGINE *e);
+int ENGINE_remove(ENGINE *e);
+
+ENGINE *ENGINE_by_id(const char *id);
+
+int ENGINE_init(ENGINE *e);
+int ENGINE_finish(ENGINE *e);
+
+void ENGINE_load_builtin_engines(void);
+
+ENGINE *ENGINE_get_default_RSA(void);
+ENGINE *ENGINE_get_default_DSA(void);
+ENGINE *ENGINE_get_default_DH(void);
+ENGINE *ENGINE_get_default_RAND(void);
+ENGINE *ENGINE_get_cipher_engine(int nid);
+ENGINE *ENGINE_get_digest_engine(int nid);
+
+int ENGINE_set_default_RSA(ENGINE *e);
+int ENGINE_set_default_DSA(ENGINE *e);
+int ENGINE_set_default_DH(ENGINE *e);
+int ENGINE_set_default_RAND(ENGINE *e);
+int ENGINE_set_default_ciphers(ENGINE *e);
+int ENGINE_set_default_digests(ENGINE *e);
+int ENGINE_set_default_string(ENGINE *e, const char *list);
+
+int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+unsigned int ENGINE_get_table_flags(void);
+void ENGINE_set_table_flags(unsigned int flags);
+
+int ENGINE_register_RSA(ENGINE *e);
+void ENGINE_unregister_RSA(ENGINE *e);
+void ENGINE_register_all_RSA(void);
+int ENGINE_register_DSA(ENGINE *e);
+void ENGINE_unregister_DSA(ENGINE *e);
+void ENGINE_register_all_DSA(void);
+int ENGINE_register_DH(ENGINE *e);
+void ENGINE_unregister_DH(ENGINE *e);
+void ENGINE_register_all_DH(void);
+int ENGINE_register_RAND(ENGINE *e);
+void ENGINE_unregister_RAND(ENGINE *e);
+void ENGINE_register_all_RAND(void);
+int ENGINE_register_ciphers(ENGINE *e);
+void ENGINE_unregister_ciphers(ENGINE *e);
+void ENGINE_register_all_ciphers(void);
+int ENGINE_register_digests(ENGINE *e);
+void ENGINE_unregister_digests(ENGINE *e);
+void ENGINE_register_all_digests(void);
+int ENGINE_register_complete(ENGINE *e);
+int ENGINE_register_all_complete(void);
+
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+                    long i, void *p, void (*f)(void), int cmd_optional);
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                           int cmd_optional);
+
+ENGINE *ENGINE_new(void);
+int ENGINE_free(ENGINE *e);
+int ENGINE_up_ref(ENGINE *e);
+
+int ENGINE_set_id(ENGINE *e, const char *id);
+int ENGINE_set_name(ENGINE *e, const char *name);
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+int ENGINE_set_flags(ENGINE *e, int flags);
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+
+const char *ENGINE_get_id(const ENGINE *e);
+const char *ENGINE_get_name(const ENGINE *e);
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+int ENGINE_get_flags(const ENGINE *e);
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+                                  UI_METHOD *ui_method, void *callback_data);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+                                 UI_METHOD *ui_method, void *callback_data);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10100000L
+void ENGINE_cleanup(void)
+#endif
+ +

DESCRIPTION

+ +

These functions create, manipulate, and use cryptographic modules in the form of ENGINE objects. These objects act as containers for implementations of cryptographic algorithms, and support a reference-counted mechanism to allow them to be dynamically loaded in and out of the running application.

+ +

The cryptographic functionality that can be provided by an ENGINE implementation includes the following abstractions;

+ +
RSA_METHOD - for providing alternative RSA implementations
+DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD,
+      - similarly for other OpenSSL APIs
+EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
+EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
+key-loading - loading public and/or private EVP_PKEY keys
+ +

Reference counting and handles

+ +

Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be treated as handles - ie. not only as pointers, but also as references to the underlying ENGINE object. Ie. one should obtain a new reference when making copies of an ENGINE pointer if the copies will be used (and released) independently.

+ +

ENGINE objects have two levels of reference-counting to match the way in which the objects are used. At the most basic level, each ENGINE pointer is inherently a structural reference - a structural reference is required to use the pointer value at all, as this kind of reference is a guarantee that the structure can not be deallocated until the reference is released.

+ +

However, a structural reference provides no guarantee that the ENGINE is initialised and able to use any of its cryptographic implementations. Indeed it's quite possible that most ENGINEs will not initialise at all in typical environments, as ENGINEs are typically used to support specialised hardware. To use an ENGINE's functionality, you need a functional reference. This kind of reference can be considered a specialised form of structural reference, because each functional reference implicitly contains a structural reference as well - however to avoid difficult-to-find programming bugs, it is recommended to treat the two kinds of reference independently. If you have a functional reference to an ENGINE, you have a guarantee that the ENGINE has been initialised and is ready to perform cryptographic operations, and will remain initialised until after you have released your reference.

+ +

Structural references

+ +

This basic type of reference is used for instantiating new ENGINEs, iterating across OpenSSL's internal linked-list of loaded ENGINEs, reading information about an ENGINE, etc. Essentially a structural reference is sufficient if you only need to query or manipulate the data of an ENGINE implementation rather than use its functionality.

+ +

The ENGINE_new() function returns a structural reference to a new (empty) ENGINE object. There are other ENGINE API functions that return structural references such as; ENGINE_by_id(), ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next(), ENGINE_get_prev(). All structural references should be released by a corresponding to call to the ENGINE_free() function - the ENGINE object itself will only actually be cleaned up and deallocated when the last structural reference is released.

+ +

It should also be noted that many ENGINE API function calls that accept a structural reference will internally obtain another reference - typically this happens whenever the supplied ENGINE will be needed by OpenSSL after the function has returned. Eg. the function to add a new ENGINE to OpenSSL's internal list is ENGINE_add() - if this function returns success, then OpenSSL will have stored a new structural reference internally so the caller is still responsible for freeing their own reference with ENGINE_free() when they are finished with it. In a similar way, some functions will automatically release the structural reference passed to it if part of the function's job is to do so. Eg. the ENGINE_get_next() and ENGINE_get_prev() functions are used for iterating across the internal ENGINE list - they will return a new structural reference to the next (or previous) ENGINE in the list or NULL if at the end (or beginning) of the list, but in either case the structural reference passed to the function is released on behalf of the caller.

+ +

To clarify a particular function's handling of references, one should always consult that function's documentation "man" page, or failing that the openssl/engine.h header file includes some hints.

+ +

Functional references

+ +

As mentioned, functional references exist when the cryptographic functionality of an ENGINE is required to be available. A functional reference can be obtained in one of two ways; from an existing structural reference to the required ENGINE, or by asking OpenSSL for the default operational ENGINE for a given cryptographic purpose.

+ +

To obtain a functional reference from an existing structural reference, call the ENGINE_init() function. This returns zero if the ENGINE was not already operational and couldn't be successfully initialised (eg. lack of system drivers, no special hardware attached, etc), otherwise it will return non-zero to indicate that the ENGINE is now operational and will have allocated a new functional reference to the ENGINE. All functional references are released by calling ENGINE_finish() (which removes the implicit structural reference as well).

+ +

The second way to get a functional reference is by asking OpenSSL for a default implementation for a given task, eg. by ENGINE_get_default_RSA(), ENGINE_get_default_cipher_engine(), etc. These are discussed in the next section, though they are not usually required by application programmers as they are used automatically when creating and using the relevant algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.

+ +

Default implementations

+ +

For each supported abstraction, the ENGINE code maintains an internal table of state to control which implementations are available for a given abstraction and which should be used by default. These implementations are registered in the tables and indexed by an 'nid' value, because abstractions like EVP_CIPHER and EVP_DIGEST support many distinct algorithms and modes, and ENGINEs can support arbitrarily many of them. In the case of other abstractions like RSA, DSA, etc, there is only one "algorithm" so all implementations implicitly register using the same 'nid' index.

+ +

When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg. when calling RSA_new_method(NULL)), a "get_default" call will be made to the ENGINE subsystem to process the corresponding state table and return a functional reference to an initialised ENGINE whose implementation should be used. If no ENGINE should (or can) be used, it will return NULL and the caller will operate with a NULL ENGINE handle - this usually equates to using the conventional software implementation. In the latter case, OpenSSL will from then on behave the way it used to before the ENGINE API existed.

+ +

Each state table has a flag to note whether it has processed this "get_default" query since the table was last modified, because to process this question it must iterate across all the registered ENGINEs in the table trying to initialise each of them in turn, in case one of them is operational. If it returns a functional reference to an ENGINE, it will also cache another reference to speed up processing future queries (without needing to iterate across the table). Likewise, it will cache a NULL response if no ENGINE was available so that future queries won't repeat the same iteration unless the state table changes. This behaviour can also be changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using ENGINE_set_table_flags()), no attempted initialisations will take place, instead the only way for the state table to return a non-NULL ENGINE to the "get_default" query will be if one is expressly set in the table. Eg. ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except that it also sets the state table's cached response for the "get_default" query. In the case of abstractions like EVP_CIPHER, where implementations are indexed by 'nid', these flags and cached-responses are distinct for each 'nid' value.

+ +

Application requirements

+ +

This section will explain the basic things an application programmer should support to make the most useful elements of the ENGINE functionality available to the user. The first thing to consider is whether the programmer wishes to make alternative ENGINE modules available to the application and user. OpenSSL maintains an internal linked list of "visible" ENGINEs from which it has to operate - at start-up, this list is empty and in fact if an application does not call any ENGINE API calls and it uses static linking against openssl, then the resulting application binary will not contain any alternative ENGINE code at all. So the first consideration is whether any/all available ENGINE implementations should be made visible to OpenSSL - this is controlled by calling the various "load" functions.

+ +

The fact that ENGINEs are made visible to OpenSSL (and thus are linked into the program and loaded into memory at run-time) does not mean they are "registered" or called into use by OpenSSL automatically - that behaviour is something for the application to control. Some applications will want to allow the user to specify exactly which ENGINE they want used if any is to be used at all. Others may prefer to load all support and have OpenSSL automatically use at run-time any ENGINE that is able to successfully initialise - ie. to assume that this corresponds to acceleration hardware attached to the machine or some such thing. There are probably numerous other ways in which applications may prefer to handle things, so we will simply illustrate the consequences as they apply to a couple of simple cases and leave developers to consider these and the source code to openssl's builtin utilities as guides.

+ +

If no ENGINE API functions are called within an application, then OpenSSL will not allocate any internal resources. Prior to OpenSSL 1.1.0, however, if any ENGINEs are loaded, even if not registered or used, it was necessary to call ENGINE_cleanup() before the program exits.

+ +

Using a specific ENGINE implementation

+ +

Here we'll assume an application has been configured by its user or admin to want to use the "ACME" ENGINE if it is available in the version of OpenSSL the application was compiled with. If it is available, it should be used by default for all RSA, DSA, and symmetric cipher operations, otherwise OpenSSL should use its builtin software as per usual. The following code illustrates how to approach this;

+ +
ENGINE *e;
+const char *engine_id = "ACME";
+ENGINE_load_builtin_engines();
+e = ENGINE_by_id(engine_id);
+if (!e)
+    /* the engine isn't available */
+    return;
+if (!ENGINE_init(e)) {
+    /* the engine couldn't initialise, release 'e' */
+    ENGINE_free(e);
+    return;
+}
+if (!ENGINE_set_default_RSA(e))
+    /*
+     * This should only happen when 'e' can't initialise, but the previous
+     * statement suggests it did.
+     */
+    abort();
+ENGINE_set_default_DSA(e);
+ENGINE_set_default_ciphers(e);
+/* Release the functional reference from ENGINE_init() */
+ENGINE_finish(e);
+/* Release the structural reference from ENGINE_by_id() */
+ENGINE_free(e);
+ +

Automatically using builtin ENGINE implementations

+ +

Here we'll assume we want to load and register all ENGINE implementations bundled with OpenSSL, such that for any cryptographic algorithm required by OpenSSL - if there is an ENGINE that implements it and can be initialised, it should be used. The following code illustrates how this can work;

+ +
/* Load all bundled ENGINEs into memory and make them visible */
+ENGINE_load_builtin_engines();
+/* Register all of them for every algorithm they collectively implement */
+ENGINE_register_all_complete();
+ +

That's all that's required. Eg. the next time OpenSSL tries to set up an RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to ENGINE_init() and if any of those succeed, that ENGINE will be set as the default for RSA use from then on.

+ +

Advanced configuration support

+ +

There is a mechanism supported by the ENGINE framework that allows each ENGINE implementation to define an arbitrary set of configuration "commands" and expose them to OpenSSL and any applications based on OpenSSL. This mechanism is entirely based on the use of name-value pairs and assumes ASCII input (no unicode or UTF for now!), so it is ideal if applications want to provide a transparent way for users to provide arbitrary configuration "directives" directly to such ENGINEs. It is also possible for the application to dynamically interrogate the loaded ENGINE implementations for the names, descriptions, and input flags of their available "control commands", providing a more flexible configuration scheme. However, if the user is expected to know which ENGINE device he/she is using (in the case of specialised hardware, this goes without saying) then applications may not need to concern themselves with discovering the supported control commands and simply prefer to pass settings into ENGINEs exactly as they are provided by the user.

+ +

Before illustrating how control commands work, it is worth mentioning what they are typically used for. Broadly speaking there are two uses for control commands; the first is to provide the necessary details to the implementation (which may know nothing at all specific to the host system) so that it can be initialised for use. This could include the path to any driver or config files it needs to load, required network addresses, smart-card identifiers, passwords to initialise protected devices, logging information, etc etc. This class of commands typically needs to be passed to an ENGINE before attempting to initialise it, ie. before calling ENGINE_init(). The other class of commands consist of settings or operations that tweak certain behaviour or cause certain operations to take place, and these commands may work either before or after ENGINE_init(), or in some cases both. ENGINE implementations should provide indications of this in the descriptions attached to builtin control commands and/or in external product documentation.

+ +

Issuing control commands to an ENGINE

+ +

Let's illustrate by example; a function for which the caller supplies the name of the ENGINE it wishes to use, a table of string-pairs for use before initialisation, and another table for use after initialisation. Note that the string-pairs used for control commands consist of a command "name" followed by the command "parameter" - the parameter could be NULL in some cases but the name can not. This function should initialise the ENGINE (issuing the "pre" commands beforehand and the "post" commands afterwards) and set it as the default for everything except RAND and then return a boolean success or failure.

+ +
int generic_load_engine_fn(const char *engine_id,
+                           const char **pre_cmds, int pre_num,
+                           const char **post_cmds, int post_num)
+{
+    ENGINE *e = ENGINE_by_id(engine_id);
+    if (!e) return 0;
+    while (pre_num--) {
+        if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
+            fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                    pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
+            ENGINE_free(e);
+            return 0;
+        }
+        pre_cmds += 2;
+    }
+    if (!ENGINE_init(e)) {
+        fprintf(stderr, "Failed initialisation\n");
+        ENGINE_free(e);
+        return 0;
+    }
+    /*
+     * ENGINE_init() returned a functional reference, so free the structural
+     * reference from ENGINE_by_id().
+     */
+    ENGINE_free(e);
+    while (post_num--) {
+        if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
+            fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                    post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
+            ENGINE_finish(e);
+            return 0;
+        }
+        post_cmds += 2;
+    }
+    ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
+    /* Success */
+    return 1;
+}
+ +

Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can relax the semantics of the function - if set non-zero it will only return failure if the ENGINE supported the given command name but failed while executing it, if the ENGINE doesn't support the command name it will simply return success without doing anything. In this case we assume the user is only supplying commands specific to the given ENGINE so we set this to FALSE.

+ +

Discovering supported control commands

+ +

It is possible to discover at run-time the names, numerical-ids, descriptions and input parameters of the control commands supported by an ENGINE using a structural reference. Note that some control commands are defined by OpenSSL itself and it will intercept and handle these control commands on behalf of the ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command. openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands implemented by ENGINEs should be numbered from. Any command value lower than this symbol is considered a "generic" command is handled directly by the OpenSSL core routines.

+ +

It is using these "core" control commands that one can discover the control commands implemented by a given ENGINE, specifically the commands:

+ +
ENGINE_HAS_CTRL_FUNCTION
+ENGINE_CTRL_GET_FIRST_CMD_TYPE
+ENGINE_CTRL_GET_NEXT_CMD_TYPE
+ENGINE_CTRL_GET_CMD_FROM_NAME
+ENGINE_CTRL_GET_NAME_LEN_FROM_CMD
+ENGINE_CTRL_GET_NAME_FROM_CMD
+ENGINE_CTRL_GET_DESC_LEN_FROM_CMD
+ENGINE_CTRL_GET_DESC_FROM_CMD
+ENGINE_CTRL_GET_CMD_FLAGS
+ +

Whilst these commands are automatically processed by the OpenSSL framework code, they use various properties exposed by each ENGINE to process these queries. An ENGINE has 3 properties it exposes that can affect how this behaves; it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in the ENGINE's flags, and it can expose an array of control command descriptions. If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will simply pass all these "core" control commands directly to the ENGINE's ctrl() handler (and thus, it must have supplied one), so it is up to the ENGINE to reply to these "discovery" commands itself. If that flag is not set, then the OpenSSL framework code will work with the following rules:

+ +
if no ctrl() handler supplied;
+    ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
+    all other commands fail.
+if a ctrl() handler was supplied but no array of control commands;
+    ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+    all other commands fail.
+if a ctrl() handler and array of control commands was supplied;
+    ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+    all other commands proceed processing ...
+ +

If the ENGINE's array of control commands is empty then all other commands will fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the identifier of a command supported by the ENGINE and returns the next command identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string name for a command and returns the corresponding identifier or fails if no such command name exists, and the remaining commands take a command identifier and return properties of the corresponding commands. All except ENGINE_CTRL_GET_FLAGS return the string length of a command name or description, or populate a supplied character buffer with a copy of the command name or description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following possible values:

+ +
ENGINE_CMD_FLAG_NUMERIC
+ENGINE_CMD_FLAG_STRING
+ENGINE_CMD_FLAG_NO_INPUT
+ENGINE_CMD_FLAG_INTERNAL
+ +

If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely informational to the caller - this flag will prevent the command being usable for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string(). "INTERNAL" commands are not intended to be exposed to text-based configuration by applications, administrations, users, etc. These can support arbitrary operations via ENGINE_ctrl(), including passing to and/or from the control commands data of any arbitrary type. These commands are supported in the discovery mechanisms simply to allow applications to determine if an ENGINE supports certain specific commands it might want to use (eg. application "foo" might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" - and ENGINE could therefore decide whether or not to support this "foo"-specific extension).

+ +

ENVIRONMENT

+ +
+ +
OPENSSL_ENGINES
+
+ +

The path to the engines directory. Ignored in set-user-ID and set-group-ID programs.

+ +
+
+ +

RETURN VALUES

+ +

ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next() and ENGINE_get_prev() return a valid ENGINE structure or NULL if an error occurred.

+ +

ENGINE_add() and ENGINE_remove() return 1 on success or 0 on error.

+ +

ENGINE_by_id() returns a valid ENGINE structure or NULL if an error occurred.

+ +

ENGINE_init() and ENGINE_finish() return 1 on success or 0 on error.

+ +

All ENGINE_get_default_TYPE() functions, ENGINE_get_cipher_engine() and ENGINE_get_digest_engine() return a valid ENGINE structure on success or NULL if an error occurred.

+ +

All ENGINE_set_default_TYPE() functions return 1 on success or 0 on error.

+ +

ENGINE_set_default() returns 1 on success or 0 on error.

+ +

ENGINE_get_table_flags() returns an unsigned integer value representing the global table flags which are used to control the registration behaviour of ENGINE implementations.

+ +

All ENGINE_register_TYPE() functions return 1 on success or 0 on error.

+ +

ENGINE_register_complete() and ENGINE_register_all_complete() return 1 on success or 0 on error.

+ +

ENGINE_ctrl() returns a positive value on success or others on error.

+ +

ENGINE_cmd_is_executable() returns 1 if cmd is executable or 0 otherwise.

+ +

ENGINE_ctrl_cmd() and ENGINE_ctrl_cmd_string() return 1 on success or 0 on error.

+ +

ENGINE_new() returns a valid ENGINE structure on success or NULL if an error occurred.

+ +

ENGINE_free() returns 1 on success or 0 on error.

+ +

ENGINE_up_ref() returns 1 on success or 0 on error.

+ +

ENGINE_set_id() and ENGINE_set_name() return 1 on success or 0 on error.

+ +

All other ENGINE_set_* functions return 1 on success or 0 on error.

+ +

ENGINE_get_id() and ENGINE_get_name() return a string representing the identifier and the name of the ENGINE e respectively.

+ +

ENGINE_get_RSA(), ENGINE_get_DSA(), ENGINE_get_DH() and ENGINE_get_RAND() return corresponding method structures for each algorithms.

+ +

ENGINE_get_destroy_function(), ENGINE_get_init_function(), ENGINE_get_finish_function(), ENGINE_get_ctrl_function(), ENGINE_get_load_privkey_function(), ENGINE_get_load_pubkey_function(), ENGINE_get_ciphers() and ENGINE_get_digests() return corresponding function pointers of the callbacks.

+ +

ENGINE_get_cipher() returns a valid EVP_CIPHER structure on success or NULL if an error occurred.

+ +

ENGINE_get_digest() returns a valid EVP_MD structure on success or NULL if an error occurred.

+ +

ENGINE_get_flags() returns an integer representing the ENGINE flags which are used to control various behaviours of an ENGINE.

+ +

ENGINE_get_cmd_defns() returns an ENGINE_CMD_DEFN structure or NULL if it's not set.

+ +

ENGINE_load_private_key() and ENGINE_load_public_key() return a valid EVP_PKEY structure on success or NULL if an error occurred.

+ +

SEE ALSO

+ +

OPENSSL_init_crypto(3), RSA_new_method(3), DSA_new(3), DH_new(3), RAND_bytes(3), config(5)

+ +

HISTORY

+ +

ENGINE_cleanup() was deprecated in OpenSSL 1.1.0 by the automatic cleanup done by OPENSSL_cleanup() and should not be used.

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_GET_LIB.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_GET_LIB.html new file mode 100644 index 00000000..d745dd0a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_GET_LIB.html @@ -0,0 +1,77 @@ + + + + +ERR_GET_LIB + + + + + + + + + + +

NAME

+ +

ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR - get information from error codes

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+int ERR_GET_LIB(unsigned long e);
+
+int ERR_GET_FUNC(unsigned long e);
+
+int ERR_GET_REASON(unsigned long e);
+
+int ERR_FATAL_ERROR(unsigned long e);
+ +

DESCRIPTION

+ +

The error code returned by ERR_get_error() consists of a library number, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() can be used to extract these.

+ +

ERR_FATAL_ERROR() indicates whether a given error code is a fatal error.

+ +

The library number and function code describe where the error occurred, the reason code is the information about what went wrong.

+ +

Each sub-library of OpenSSL has a unique library number; function and reason codes are unique within each sub-library. Note that different libraries may use the same value to signal different functions and reasons.

+ +

ERR_R_... reason codes such as ERR_R_MALLOC_FAILURE are globally unique. However, when checking for sub-library specific reason codes, be sure to also compare the library number.

+ +

ERR_GET_LIB(), ERR_GET_FUNC(), ERR_GET_REASON(), and ERR_FATAL_ERROR() are macros.

+ +

RETURN VALUES

+ +

The library number, function code, reason code, and whether the error is fatal, respectively.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

HISTORY

+ +

ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in all versions of OpenSSL.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_clear_error.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_clear_error.html new file mode 100644 index 00000000..a568fdf9 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_clear_error.html @@ -0,0 +1,56 @@ + + + + +ERR_clear_error + + + + + + + + + + +

NAME

+ +

ERR_clear_error - clear the error queue

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+void ERR_clear_error(void);
+ +

DESCRIPTION

+ +

ERR_clear_error() empties the current thread's error queue.

+ +

RETURN VALUES

+ +

ERR_clear_error() has no return value.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_error_string.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_error_string.html new file mode 100644 index 00000000..1679ef6f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_error_string.html @@ -0,0 +1,77 @@ + + + + +ERR_error_string + + + + + + + + + + +

NAME

+ +

ERR_error_string, ERR_error_string_n, ERR_lib_error_string, ERR_func_error_string, ERR_reason_error_string - obtain human-readable error message

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+char *ERR_error_string(unsigned long e, char *buf);
+void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+
+const char *ERR_lib_error_string(unsigned long e);
+const char *ERR_func_error_string(unsigned long e);
+const char *ERR_reason_error_string(unsigned long e);
+ +

DESCRIPTION

+ +

ERR_error_string() generates a human-readable string representing the error code e, and places it at buf. buf must be at least 256 bytes long. If buf is NULL, the error string is placed in a static buffer. Note that this function is not thread-safe and does no checks on the size of the buffer; use ERR_error_string_n() instead.

+ +

ERR_error_string_n() is a variant of ERR_error_string() that writes at most len characters (including the terminating 0) and truncates the string if necessary. For ERR_error_string_n(), buf may not be NULL.

+ +

The string will have the following format:

+ +
error:[error code]:[library name]:[function name]:[reason string]
+ +

error code is an 8 digit hexadecimal number, library name, function name and reason string are ASCII text.

+ +

ERR_lib_error_string(), ERR_func_error_string() and ERR_reason_error_string() return the library name, function name and reason string respectively.

+ +

If there is no text string registered for the given error code, the error string will contain the numeric code.

+ +

ERR_print_errors(3) can be used to print all error codes currently in the queue.

+ +

RETURN VALUES

+ +

ERR_error_string() returns a pointer to a static buffer containing the string if buf == NULL, buf otherwise.

+ +

ERR_lib_error_string(), ERR_func_error_string() and ERR_reason_error_string() return the strings, and NULL if none is registered for the error code.

+ +

SEE ALSO

+ +

ERR_get_error(3), ERR_print_errors(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_get_error.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_get_error.html new file mode 100644 index 00000000..bb244e7c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_get_error.html @@ -0,0 +1,81 @@ + + + + +ERR_get_error + + + + + + + + + + +

NAME

+ +

ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data - obtain error code and data

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+unsigned long ERR_get_error(void);
+unsigned long ERR_peek_error(void);
+unsigned long ERR_peek_last_error(void);
+
+unsigned long ERR_get_error_line(const char **file, int *line);
+unsigned long ERR_peek_error_line(const char **file, int *line);
+unsigned long ERR_peek_last_error_line(const char **file, int *line);
+
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+                                      const char **data, int *flags);
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+                                       const char **data, int *flags);
+unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+                                            const char **data, int *flags);
+ +

DESCRIPTION

+ +

ERR_get_error() returns the earliest error code from the thread's error queue and removes the entry. This function can be called repeatedly until there are no more error codes to return.

+ +

ERR_peek_error() returns the earliest error code from the thread's error queue without modifying it.

+ +

ERR_peek_last_error() returns the latest error code from the thread's error queue without modifying it.

+ +

See ERR_GET_LIB(3) for obtaining information about location and reason of the error, and ERR_error_string(3) for human-readable error messages.

+ +

ERR_get_error_line(), ERR_peek_error_line() and ERR_peek_last_error_line() are the same as the above, but they additionally store the file name and line number where the error occurred in *file and *line, unless these are NULL.

+ +

ERR_get_error_line_data(), ERR_peek_error_line_data() and ERR_peek_last_error_line_data() store additional data and flags associated with the error code in *data and *flags, unless these are NULL. *data contains a string if *flags&ERR_TXT_STRING is true.

+ +

An application MUST NOT free the *data pointer (or any other pointers returned by these functions) with OPENSSL_free() as freeing is handled automatically by the error library.

+ +

RETURN VALUES

+ +

The error code, or 0 if there is no error in the queue.

+ +

SEE ALSO

+ +

ERR_error_string(3), ERR_GET_LIB(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_load_crypto_strings.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_load_crypto_strings.html new file mode 100644 index 00000000..6bff77db --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_load_crypto_strings.html @@ -0,0 +1,74 @@ + + + + +ERR_load_crypto_strings + + + + + + + + + + +

NAME

+ +

ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings - load and free error strings

+ +

SYNOPSIS

+ +

Deprecated:

+ +
#include <openssl/err.h>
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void ERR_load_crypto_strings(void);
+void ERR_free_strings(void);
+#endif
+
+#include <openssl/ssl.h>
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void SSL_load_error_strings(void);
+#endif
+ +

DESCRIPTION

+ +

ERR_load_crypto_strings() registers the error strings for all libcrypto functions. SSL_load_error_strings() does the same, but also registers the libssl error strings.

+ +

In versions prior to OpenSSL 1.1.0, ERR_free_strings() releases any resources created by the above functions.

+ +

RETURN VALUES

+ +

ERR_load_crypto_strings(), SSL_load_error_strings() and ERR_free_strings() return no values.

+ +

SEE ALSO

+ +

ERR_error_string(3)

+ +

HISTORY

+ +

The ERR_load_crypto_strings(), SSL_load_error_strings(), and ERR_free_strings() functions were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto() and OPENSSL_init_ssl() and should not be used.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_load_strings.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_load_strings.html new file mode 100644 index 00000000..69fb1bb3 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_load_strings.html @@ -0,0 +1,74 @@ + + + + +ERR_load_strings + + + + + + + + + + +

NAME

+ +

ERR_load_strings, ERR_PACK, ERR_get_next_error_library - load arbitrary error strings

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
+
+int ERR_get_next_error_library(void);
+
+unsigned long ERR_PACK(int lib, int func, int reason);
+ +

DESCRIPTION

+ +

ERR_load_strings() registers error strings for library number lib.

+ +

str is an array of error string data:

+ +
typedef struct ERR_string_data_st
+{
+    unsigned long error;
+    char *string;
+} ERR_STRING_DATA;
+ +

The error code is generated from the library number and a function and reason code: error = ERR_PACK(lib, func, reason). ERR_PACK() is a macro.

+ +

The last entry in the array is {0,0}.

+ +

ERR_get_next_error_library() can be used to assign library numbers to user libraries at runtime.

+ +

RETURN VALUES

+ +

ERR_load_strings() returns no value. ERR_PACK() return the error code. ERR_get_next_error_library() returns zero on failure, otherwise a new library number.

+ +

SEE ALSO

+ +

ERR_load_strings(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_print_errors.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_print_errors.html new file mode 100644 index 00000000..9a8d5543 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_print_errors.html @@ -0,0 +1,70 @@ + + + + +ERR_print_errors + + + + + + + + + + +

NAME

+ +

ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb - print error messages

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+void ERR_print_errors(BIO *bp);
+void ERR_print_errors_fp(FILE *fp);
+void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u)
+ +

DESCRIPTION

+ +

ERR_print_errors() is a convenience function that prints the error strings for all errors that OpenSSL has recorded to bp, thus emptying the error queue.

+ +

ERR_print_errors_fp() is the same, except that the output goes to a FILE.

+ +

ERR_print_errors_cb() is the same, except that the callback function, cb, is called for each error line with the string, length, and userdata u as the callback parameters.

+ +

The error strings will have the following format:

+ +
[pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message]
+ +

error code is an 8 digit hexadecimal number. library name, function name and reason string are ASCII text, as is optional text message if one was set for the respective error code.

+ +

If there is no text string registered for the given error code, the error string will contain the numeric code.

+ +

RETURN VALUES

+ +

ERR_print_errors() and ERR_print_errors_fp() return no values.

+ +

SEE ALSO

+ +

ERR_error_string(3), ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_put_error.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_put_error.html new file mode 100644 index 00000000..f158c6f8 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_put_error.html @@ -0,0 +1,79 @@ + + + + +ERR_put_error + + + + + + + + + + +

NAME

+ +

ERR_put_error, ERR_add_error_data, ERR_add_error_vdata - record an error

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+void ERR_put_error(int lib, int func, int reason, const char *file, int line);
+
+void ERR_add_error_data(int num, ...);
+void ERR_add_error_vdata(int num, va_list arg);
+ +

DESCRIPTION

+ +

ERR_put_error() adds an error code to the thread's error queue. It signals that the error of reason code reason occurred in function func of library lib, in line number line of file. This function is usually called by a macro.

+ +

ERR_add_error_data() associates the concatenation of its num string arguments with the error code added last. ERR_add_error_vdata() is similar except the argument is a va_list.

+ +

ERR_load_strings(3) can be used to register error strings so that the application can a generate human-readable error messages for the error code.

+ +

Reporting errors

+ +

Each sub-library has a specific macro XXXerr() that is used to report errors. Its first argument is a function code XXX_F_..., the second argument is a reason code XXX_R_.... Function codes are derived from the function names; reason codes consist of textual error descriptions. For example, the function ssl3_read_bytes() reports a "handshake failure" as follows:

+ +
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+ +

Function and reason codes should consist of upper case characters, numbers and underscores only. The error file generation script translates function codes into function names by looking in the header files for an appropriate function name, if none is found it just uses the capitalized form such as "SSL3_READ_BYTES" in the above example.

+ +

The trailing section of a reason code (after the "_R_") is translated into lower case and underscores changed to spaces.

+ +

Although a library will normally report errors using its own specific XXXerr macro, another library's macro can be used. This is normally only done when a library wants to include ASN1 code which must use the ASN1err() macro.

+ +

RETURN VALUES

+ +

ERR_put_error() and ERR_add_error_data() return no values.

+ +

SEE ALSO

+ +

ERR_load_strings(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_remove_state.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_remove_state.html new file mode 100644 index 00000000..ed6cec47 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_remove_state.html @@ -0,0 +1,67 @@ + + + + +ERR_remove_state + + + + + + + + + + +

NAME

+ +

ERR_remove_thread_state, ERR_remove_state - DEPRECATED

+ +

SYNOPSIS

+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10000000L
+void ERR_remove_state(unsigned long tid);
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void ERR_remove_thread_state(void *tid);
+#endif
+ +

DESCRIPTION

+ +

ERR_remove_state() frees the error queue associated with the specified thread, identified by tid. ERR_remove_thread_state() does the same thing, except the identifier is an opaque pointer.

+ +

RETURN VALUES

+ +

ERR_remove_state() and ERR_remove_thread_state() return no value.

+ +

SEE ALSO

+ +

LOPENSSL_init_crypto(3)

+ +

HISTORY

+ +

ERR_remove_state() was deprecated in OpenSSL 1.0.0 and ERR_remove_thread_state() was deprecated in OpenSSL 1.1.0; these functions and should not be used.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_set_mark.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_set_mark.html new file mode 100644 index 00000000..b8cf1a61 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/ERR_set_mark.html @@ -0,0 +1,57 @@ + + + + +ERR_set_mark + + + + + + + + + + +

NAME

+ +

ERR_set_mark, ERR_pop_to_mark - set marks and pop errors until mark

+ +

SYNOPSIS

+ +
#include <openssl/err.h>
+
+int ERR_set_mark(void);
+
+int ERR_pop_to_mark(void);
+ +

DESCRIPTION

+ +

ERR_set_mark() sets a mark on the current topmost error record if there is one.

+ +

ERR_pop_to_mark() will pop the top of the error stack until a mark is found. The mark is then removed. If there is no mark, the whole stack is removed.

+ +

RETURN VALUES

+ +

ERR_set_mark() returns 0 if the error stack is empty, otherwise 1.

+ +

ERR_pop_to_mark() returns 0 if there was no mark in the error stack, which implies that the stack became empty, otherwise 1.

+ +

COPYRIGHT

+ +

Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_BytesToKey.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_BytesToKey.html new file mode 100644 index 00000000..64eb0e29 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_BytesToKey.html @@ -0,0 +1,81 @@ + + + + +EVP_BytesToKey + + + + + + + + + + +

NAME

+ +

EVP_BytesToKey - password based encryption routine

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+                   const unsigned char *salt,
+                   const unsigned char *data, int datal, int count,
+                   unsigned char *key, unsigned char *iv);
+ +

DESCRIPTION

+ +

EVP_BytesToKey() derives a key and IV from various parameters. type is the cipher to derive the key and IV for. md is the message digest to use. The salt parameter is used as a salt in the derivation: it should point to an 8 byte buffer or NULL if no salt is used. data is a buffer containing datal bytes which is used to derive the keying data. count is the iteration count to use. The derived key and IV will be written to key and iv respectively.

+ +

NOTES

+ +

A typical application of this function is to derive keying material for an encryption algorithm from a password in the data parameter.

+ +

Increasing the count parameter slows down the algorithm which makes it harder for an attacker to perform a brute force attack using a large number of candidate passwords.

+ +

If the total key and IV length is less than the digest length and MD5 is used then the derivation algorithm is compatible with PKCS#5 v1.5 otherwise a non standard extension is used to derive the extra data.

+ +

Newer applications should use a more modern algorithm such as PBKDF2 as defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC.

+ +

KEY DERIVATION ALGORITHM

+ +

The key and IV is derived by concatenating D_1, D_2, etc until enough data is available for the key and IV. D_i is defined as:

+ +
D_i = HASH^count(D_(i-1) || data || salt)
+ +

where || denotes concatenation, D_0 is empty, HASH is the digest algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data) is HASH(HASH(data)) and so on.

+ +

The initial bytes are used for the key and the subsequent bytes for the IV.

+ +

RETURN VALUES

+ +

If data is NULL, then EVP_BytesToKey() returns the number of bytes needed to store the derived key. Otherwise, EVP_BytesToKey() returns the size of the derived key in bytes, or 0 on error.

+ +

SEE ALSO

+ +

evp(7), RAND_bytes(3), PKCS5_PBKDF2_HMAC(3), EVP_EncryptInit(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_CIPHER_CTX_get_cipher_data.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_CIPHER_CTX_get_cipher_data.html new file mode 100644 index 00000000..2fc6c01a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_CIPHER_CTX_get_cipher_data.html @@ -0,0 +1,61 @@ + + + + +EVP_CIPHER_CTX_get_cipher_data + + + + + + + + + + +

NAME

+ +

EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data - Routines to inspect and modify EVP_CIPHER_CTX objects

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
+void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
+ +

DESCRIPTION

+ +

The EVP_CIPHER_CTX_get_cipher_data() function returns a pointer to the cipher data relevant to EVP_CIPHER_CTX. The contents of this data is specific to the particular implementation of the cipher. For example this data can be used by engines to store engine specific information. The data is automatically allocated and freed by OpenSSL, so applications and engines should not normally free this directly (but see below).

+ +

The EVP_CIPHER_CTX_set_cipher_data() function allows an application or engine to replace the cipher data with new data. A pointer to any existing cipher data is returned from this function. If the old data is no longer required then it should be freed through a call to OPENSSL_free().

+ +

RETURN VALUES

+ +

The EVP_CIPHER_CTX_get_cipher_data() function returns a pointer to the current cipher data for the EVP_CIPHER_CTX.

+ +

The EVP_CIPHER_CTX_set_cipher_data() function returns a pointer to the old cipher data for the EVP_CIPHER_CTX.

+ +

HISTORY

+ +

The EVP_CIPHER_CTX_get_cipher_data() and EVP_CIPHER_CTX_set_cipher_data() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_CIPHER_meth_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_CIPHER_meth_new.html new file mode 100644 index 00000000..fbb13ec2 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_CIPHER_meth_new.html @@ -0,0 +1,217 @@ + + + + +EVP_CIPHER_meth_new + + + + + + + + + + +

NAME

+ +

EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags, EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init, EVP_CIPHER_meth_set_do_cipher, EVP_CIPHER_meth_set_cleanup, EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params, EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init, EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup, EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
+EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
+
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
+int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size);
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+                             int (*init)(EVP_CIPHER_CTX *ctx,
+                                         const unsigned char *key,
+                                         const unsigned char *iv,
+                                         int enc));
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+                                  int (*do_cipher)(EVP_CIPHER_CTX *ctx,
+                                                   unsigned char *out,
+                                                   const unsigned char *in,
+                                                   size_t inl));
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+                                int (*cleanup)(EVP_CIPHER_CTX *));
+int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
+                                        int (*set_asn1_parameters)(EVP_CIPHER_CTX *,
+                                                                   ASN1_TYPE *));
+int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
+                                        int (*get_asn1_parameters)(EVP_CIPHER_CTX *,
+                                                                   ASN1_TYPE *));
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+                             int (*ctrl)(EVP_CIPHER_CTX *, int type,
+                                         int arg, void *ptr));
+
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                          const unsigned char *key,
+                                                          const unsigned char *iv,
+                                                          int enc);
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                               unsigned char *out,
+                                                               const unsigned char *in,
+                                                               size_t inl);
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *);
+int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                     ASN1_TYPE *);
+int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                     ASN1_TYPE *);
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                          int type, int arg,
+                                                          void *ptr);
+ +

DESCRIPTION

+ +

The EVP_CIPHER type is a structure for symmetric cipher method implementation.

+ +

EVP_CIPHER_meth_new() creates a new EVP_CIPHER structure.

+ +

EVP_CIPHER_meth_dup() creates a copy of cipher.

+ +

EVP_CIPHER_meth_free() destroys a EVP_CIPHER structure.

+ +

EVP_CIPHER_meth_set_iv_length() sets the length of the IV. This is only needed when the implemented cipher mode requires it.

+ +

EVP_CIPHER_meth_set_flags() sets the flags to describe optional behaviours in the particular cipher. With the exception of cipher modes, of which only one may be present, several flags can be or'd together. The available flags are:

+ +
+ +
EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE
+
+ +

The cipher mode.

+ +
+
EVP_CIPH_VARIABLE_LENGTH
+
+ +

This cipher is of variable length.

+ +
+
EVP_CIPH_CUSTOM_IV
+
+ +

Storing and initialising the IV is left entirely to the implementation.

+ +
+
EVP_CIPH_ALWAYS_CALL_INIT
+
+ +

Set this if the implementation's init() function should be called even if key is NULL.

+ +
+
EVP_CIPH_CTRL_INIT
+
+ +

Set this to have the implementation's ctrl() function called with command code EVP_CTRL_INIT early in its setup.

+ +
+
EVP_CIPH_CUSTOM_KEY_LENGTH
+
+ +

Checking and setting the key length after creating the EVP_CIPHER is left to the implementation. Whenever someone uses EVP_CIPHER_CTX_set_key_length() on a EVP_CIPHER with this flag set, the implementation's ctrl() function will be called with the control code EVP_CTRL_SET_KEY_LENGTH and the key length in arg.

+ +
+
EVP_CIPH_NO_PADDING
+
+ +

Don't use standard block padding.

+ +
+
EVP_CIPH_RAND_KEY
+
+ +

Making a key with random content is left to the implementation. This is done by calling the implementation's ctrl() function with the control code EVP_CTRL_RAND_KEY and the pointer to the key memory storage in ptr.

+ +
+
EVP_CIPH_CUSTOM_COPY
+
+ +

Set this to have the implementation's ctrl() function called with command code EVP_CTRL_COPY at the end of EVP_CIPHER_CTX_copy(). The intended use is for further things to deal with after the implementation specific data block has been copied. The destination EVP_CIPHER_CTX is passed to the control with the ptr parameter. The implementation specific data block is reached with EVP_CIPHER_CTX_get_cipher_data().

+ +
+
EVP_CIPH_FLAG_DEFAULT_ASN1
+
+ +

Use the default EVP routines to pass IV to and from ASN.1.

+ +
+
EVP_CIPH_FLAG_LENGTH_BITS
+
+ +

Signals that the length of the input buffer for encryption / decryption is to be understood as the number of bits instead of bytes for this implementation. This is only useful for CFB1 ciphers.

+ +
+
EVP_CIPH_FLAG_CUSTOM_CIPHER
+
+ +

This indicates that the implementation takes care of everything, including padding, buffering and finalization. The EVP routines will simply give them control and do nothing more.

+ +
+
EVP_CIPH_FLAG_AEAD_CIPHER
+
+ +

This indicates that this is an AEAD cipher implementation.

+ +
+
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+
+ +

Allow interleaving of crypto blocks, a particular optimization only applicable to certain TLS ciphers.

+ +
+
+ +

EVP_CIPHER_meth_set_impl_ctx_size() sets the size of the EVP_CIPHER's implementation context so that it can be automatically allocated.

+ +

EVP_CIPHER_meth_set_init() sets the cipher init function for cipher. The cipher init function is called by EVP_CipherInit(), EVP_CipherInit_ex(), EVP_EncryptInit(), EVP_EncryptInit_ex(), EVP_DecryptInit(), EVP_DecryptInit_ex().

+ +

EVP_CIPHER_meth_set_do_cipher() sets the cipher function for cipher. The cipher function is called by EVP_CipherUpdate(), EVP_EncryptUpdate(), EVP_DecryptUpdate(), EVP_CipherFinal(), EVP_EncryptFinal(), EVP_EncryptFinal_ex(), EVP_DecryptFinal() and EVP_DecryptFinal_ex().

+ +

EVP_CIPHER_meth_set_cleanup() sets the function for cipher to do extra cleanup before the method's private data structure is cleaned out and freed. Note that the cleanup function is passed a EVP_CIPHER_CTX *, the private data structure is then available with EVP_CIPHER_CTX_get_cipher_data(). This cleanup function is called by EVP_CIPHER_CTX_reset() and EVP_CIPHER_CTX_free().

+ +

EVP_CIPHER_meth_set_set_asn1_params() sets the function for cipher to set the AlgorithmIdentifier "parameter" based on the passed cipher. This function is called by EVP_CIPHER_param_to_asn1(). EVP_CIPHER_meth_set_get_asn1_params() sets the function for cipher that sets the cipher parameters based on an ASN.1 AlgorithmIdentifier "parameter". Both these functions are needed when there is a need for custom data (more or other than the cipher IV). They are called by EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() respectively if defined.

+ +

EVP_CIPHER_meth_set_ctrl() sets the control function for cipher.

+ +

EVP_CIPHER_meth_get_init(), EVP_CIPHER_meth_get_do_cipher(), EVP_CIPHER_meth_get_cleanup(), EVP_CIPHER_meth_get_set_asn1_params(), EVP_CIPHER_meth_get_get_asn1_params() and EVP_CIPHER_meth_get_ctrl() are all used to retrieve the method data given with the EVP_CIPHER_meth_set_*() functions above.

+ +

RETURN VALUES

+ +

EVP_CIPHER_meth_new() and EVP_CIPHER_meth_dup() return a pointer to a newly created EVP_CIPHER, or NULL on failure. All EVP_CIPHER_meth_set_*() functions return 1. All EVP_CIPHER_meth_get_*() functions return pointers to their respective cipher function.

+ +

SEE ALSO

+ +

EVP_EncryptInit

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_DigestInit.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_DigestInit.html new file mode 100644 index 00000000..3f48d1e4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_DigestInit.html @@ -0,0 +1,442 @@ + + + + +EVP_DigestInit + + + + + + + + + + +

NAME

+ +

EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, EVP_md_null, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_MD_CTX *EVP_MD_CTX_new(void);
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2);
+void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
+void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
+
+int EVP_Digest(const void *data, size_t count, unsigned char *md,
+               unsigned int *size, const EVP_MD *type, ENGINE *impl);
+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
+int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
+
+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+
+int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
+
+int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in);
+
+int EVP_MD_type(const EVP_MD *md);
+int EVP_MD_pkey_type(const EVP_MD *md);
+int EVP_MD_size(const EVP_MD *md);
+int EVP_MD_block_size(const EVP_MD *md);
+unsigned long EVP_MD_flags(const EVP_MD *md);
+
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+int EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
+int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
+int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
+void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
+int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+                                             const void *data, size_t count);
+void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+                              int (*update)(EVP_MD_CTX *ctx,
+                                            const void *data, size_t count));
+
+const EVP_MD *EVP_md_null(void);
+
+const EVP_MD *EVP_get_digestbyname(const char *name);
+const EVP_MD *EVP_get_digestbynid(int type);
+const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o);
+
+EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
+void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
+ +

DESCRIPTION

+ +

The EVP digest routines are a high level interface to message digests, and should be used instead of the cipher-specific functions.

+ +
+ +
EVP_MD_CTX_new()
+
+ +

Allocates and returns a digest context.

+ +
+
EVP_MD_CTX_reset()
+
+ +

Resets the digest context ctx. This can be used to reuse an already existing context.

+ +
+
EVP_MD_CTX_free()
+
+ +

Cleans up digest context ctx and frees up the space allocated to it.

+ +
+
EVP_MD_CTX_ctrl()
+
+ +

Performs digest-specific control actions on context ctx. The control command is indicated in cmd and any additional arguments in p1 and p2. EVP_MD_CTX_ctrl() must be called after EVP_DigestInit_ex(). Other restrictions may apply depending on the control type and digest implementation. See "CONTROLS" below for more information.

+ +
+
EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()
+
+ +

Sets, clears and tests ctx flags. See "FLAGS" below for more information.

+ +
+
EVP_Digest()
+
+ +

A wrapper around the Digest Init_ex, Update and Final_ex functions. Hashes count bytes of data at data using a digest type from ENGINE impl. The digest value is placed in md and its length is written at size if the pointer is not NULL. At most EVP_MAX_MD_SIZE bytes will be written. If impl is NULL the default implementation of digest type is used.

+ +
+
EVP_DigestInit_ex()
+
+ +

Sets up digest context ctx to use a digest type from ENGINE impl. type will typically be supplied by a function such as EVP_sha1(). If impl is NULL then the default implementation of digest type is used.

+ +
+
EVP_DigestUpdate()
+
+ +

Hashes cnt bytes of data at d into the digest context ctx. This function can be called several times on the same ctx to hash additional data.

+ +
+
EVP_DigestFinal_ex()
+
+ +

Retrieves the digest value from ctx and places it in md. If the s parameter is not NULL then the number of bytes of data written (i.e. the length of the digest) will be written to the integer at s, at most EVP_MAX_MD_SIZE bytes will be written. After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate() can be made, but EVP_DigestInit_ex() can be called to initialize a new digest operation.

+ +
+
EVP_DigestFinalXOF()
+
+ +

Interfaces to extendable-output functions, XOFs, such as SHAKE128 and SHAKE256. It retrieves the digest value from ctx and places it in len-sized <B>md. After calling this function no additional calls to EVP_DigestUpdate() can be made, but EVP_DigestInit_ex() can be called to initialize a new operation.

+ +
+
EVP_MD_CTX_copy_ex()
+
+ +

Can be used to copy the message digest state from in to out. This is useful if large amounts of data are to be hashed which only differ in the last few bytes.

+ +
+
EVP_DigestInit()
+
+ +

Behaves in the same way as EVP_DigestInit_ex() except it always uses the default digest implementation and calls EVP_MD_CTX_reset().

+ +
+
EVP_DigestFinal()
+
+ +

Similar to EVP_DigestFinal_ex() except the digest context ctx is automatically cleaned up.

+ +
+
EVP_MD_CTX_copy()
+
+ +

Similar to EVP_MD_CTX_copy_ex() except the destination out does not have to be initialized.

+ +
+
EVP_MD_size(), EVP_MD_CTX_size()
+
+ +

Return the size of the message digest when passed an EVP_MD or an EVP_MD_CTX structure, i.e. the size of the hash.

+ +
+
EVP_MD_block_size(), EVP_MD_CTX_block_size()
+
+ +

Return the block size of the message digest when passed an EVP_MD or an EVP_MD_CTX structure.

+ +
+
EVP_MD_type(), EVP_MD_CTX_type()
+
+ +

Return the NID of the OBJECT IDENTIFIER representing the given message digest when passed an EVP_MD structure. For example, EVP_MD_type(EVP_sha1()) returns NID_sha1. This function is normally used when setting ASN1 OIDs.

+ +
+
EVP_MD_CTX_md_data()
+
+ +

Return the digest method private data for the passed EVP_MD_CTX. The space is allocated by OpenSSL and has the size originally set with EVP_MD_meth_set_app_datasize().

+ +
+
EVP_MD_CTX_md()
+
+ +

Returns the EVP_MD structure corresponding to the passed EVP_MD_CTX.

+ +
+
EVP_MD_CTX_set_update_fn()
+
+ +

Sets the update function for ctx to update. This is the function that is called by EVP_DigestUpdate. If not set, the update function from the EVP_MD type specified at initialization is used.

+ +
+
EVP_MD_CTX_update_fn()
+
+ +

Returns the update function for ctx.

+ +
+
EVP_MD_flags()
+
+ +

Returns the md flags. Note that these are different from the EVP_MD_CTX ones. See EVP_MD_meth_set_flags(3) for more information.

+ +
+
EVP_MD_pkey_type()
+
+ +

Returns the NID of the public key signing algorithm associated with this digest. For example EVP_sha1() is associated with RSA so this will return NID_sha1WithRSAEncryption. Since digests and signature algorithms are no longer linked this function is only retained for compatibility reasons.

+ +
+
EVP_md_null()
+
+ +

A "null" message digest that does nothing: i.e. the hash it returns is of zero length.

+ +
+
EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()
+
+ +

Returns an EVP_MD structure when passed a digest name, a digest NID or an ASN1_OBJECT structure respectively.

+ +
+
EVP_MD_CTX_pkey_ctx()
+
+ +

Returns the EVP_PKEY_CTX assigned to ctx. The returned pointer should not be freed by the caller.

+ +
+
EVP_MD_CTX_set_pkey_ctx()
+
+ +

Assigns an EVP_PKEY_CTX to EVP_MD_CTX. This is usually used to provide a customized EVP_PKEY_CTX to EVP_DigestSignInit(3) or EVP_DigestVerifyInit(3). The pctx passed to this function should be freed by the caller. A NULL pctx pointer is also allowed to clear the EVP_PKEY_CTX assigned to ctx. In such case, freeing the cleared EVP_PKEY_CTX or not depends on how the EVP_PKEY_CTX is created.

+ +
+
+ +

CONTROLS

+ +

EVP_MD_CTX_ctrl() can be used to send the following standard controls:

+ +
+ +
EVP_MD_CTRL_MICALG
+
+ +

Gets the digest Message Integrity Check algorithm string. This is used when creating S/MIME multipart/signed messages, as specified in RFC 3851. The string value is written to p2.

+ +
+
EVP_MD_CTRL_XOF_LEN
+
+ +

This control sets the digest length for extendable output functions to p1. Sending this control directly should not be necessary, the use of EVP_DigestFinalXOF() is preferred. Currently used by SHAKE.

+ +
+
+ +

FLAGS

+ +

EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags() and EVP_MD_CTX_test_flags() can be used the manipulate and test these EVP_MD_CTX flags:

+ +
+ +
EVP_MD_CTX_FLAG_ONESHOT
+
+ +

This flag instructs the digest to optimize for one update only, if possible.

+ +
+
EVP_MD_CTX_FLAG_NO_INIT
+
+ +

This flag instructs EVP_DigestInit() and similar not to initialise the implementation specific data.

+ +
+
EVP_MD_CTX_FLAG_FINALISE
+
+ +

Some functions such as EVP_DigestSign only finalise copies of internal contexts so additional data can be included after the finalisation call. This is inefficient if this functionality is not required, and can be disabled with this flag.

+ +
+
+ +

RETURN VALUES

+ +
+ +
EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex()
+
+ +

Returns 1 for success and 0 for failure.

+ +
+
EVP_MD_CTX_ctrl()
+
+ +

Returns 1 if successful or 0 for failure.

+ +
+
EVP_MD_CTX_copy_ex()
+
+ +

Returns 1 if successful or 0 for failure.

+ +
+
EVP_MD_type(), EVP_MD_pkey_type()
+
+ +

Returns the NID of the corresponding OBJECT IDENTIFIER or NID_undef if none exists.

+ +
+
EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size()
+
+ +

Returns the digest or block size in bytes.

+ +
+
EVP_md_null()
+
+ +

Returns a pointer to the EVP_MD structure of the "null" message digest.

+ +
+
EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()
+
+ +

Returns either an EVP_MD structure or NULL if an error occurs.

+ +
+
EVP_MD_CTX_set_pkey_ctx()
+
+ +

This function has no return value.

+ +
+
+ +

NOTES

+ +

The EVP interface to message digests should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the digest used and much more flexible.

+ +

New applications should use the SHA-2 (such as EVP_sha256(3)) or the SHA-3 digest algorithms (such as EVP_sha3_512(3)). The other digest algorithms are still in common use.

+ +

For most applications the impl parameter to EVP_DigestInit_ex() will be set to NULL to use the default digest implementation.

+ +

The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are obsolete but are retained to maintain compatibility with existing code. New applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context instead of initializing and cleaning it up on each call and allow non default implementations of digests to be specified.

+ +

If digest contexts are not cleaned up after use, memory leaks will occur.

+ +

EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), EVP_MD_CTX_type(), EVP_get_digestbynid() and EVP_get_digestbyobj() are defined as macros.

+ +

EVP_MD_CTX_ctrl() sends commands to message digests for additional configuration or control.

+ +

EXAMPLES

+ +

This example digests the data "Test Message\n" and "Hello World\n", using the digest name passed on the command line.

+ +
#include <stdio.h>
+#include <string.h>
+#include <openssl/evp.h>
+
+int main(int argc, char *argv[])
+{
+    EVP_MD_CTX *mdctx;
+    const EVP_MD *md;
+    char mess1[] = "Test Message\n";
+    char mess2[] = "Hello World\n";
+    unsigned char md_value[EVP_MAX_MD_SIZE];
+    unsigned int md_len, i;
+
+    if (argv[1] == NULL) {
+        printf("Usage: mdtest digestname\n");
+        exit(1);
+    }
+
+    md = EVP_get_digestbyname(argv[1]);
+    if (md == NULL) {
+        printf("Unknown message digest %s\n", argv[1]);
+        exit(1);
+    }
+
+    mdctx = EVP_MD_CTX_new();
+    EVP_DigestInit_ex(mdctx, md, NULL);
+    EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
+    EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
+    EVP_DigestFinal_ex(mdctx, md_value, &md_len);
+    EVP_MD_CTX_free(mdctx);
+
+    printf("Digest is: ");
+    for (i = 0; i < md_len; i++)
+        printf("%02x", md_value[i]);
+    printf("\n");
+
+    exit(0);
+}
+ +

SEE ALSO

+ +

EVP_MD_meth_new(3), dgst(1), evp(7)

+ +

The full list of digest algorithms are provided below.

+ +

EVP_blake2b512(3), EVP_md2(3), EVP_md4(3), EVP_md5(3), EVP_mdc2(3), EVP_ripemd160(3), EVP_sha1(3), EVP_sha224(3), EVP_sha3_224(3), EVP_sm3(3), EVP_whirlpool(3)

+ +

HISTORY

+ +

The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0, respectively.

+ +

The link between digests and signing algorithms was fixed in OpenSSL 1.0 and later, so now EVP_sha1() can be used with RSA and DSA.

+ +

The EVP_dss1() function was removed in OpenSSL 1.1.0.

+ +

The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_DigestSignInit.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_DigestSignInit.html new file mode 100644 index 00000000..3f44a370 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_DigestSignInit.html @@ -0,0 +1,157 @@ + + + + +EVP_DigestSignInit + + + + + + + + + + +

NAME

+ +

EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal, EVP_DigestSign - EVP signing functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                       const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
+
+int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret,
+                   size_t *siglen, const unsigned char *tbs,
+                   size_t tbslen);
+ +

DESCRIPTION

+ +

The EVP signature routines are a high level interface to digital signatures.

+ +

EVP_DigestSignInit() sets up signing context ctx to use digest type from ENGINE e and private key pkey. ctx must be created with EVP_MD_CTX_new() before calling this function. If pctx is not NULL, the EVP_PKEY_CTX of the signing operation will be written to *pctx: this can be used to set alternative signing options. Note that any existing value in *pctx is overwritten. The EVP_PKEY_CTX value returned must not be freed directly by the application if ctx is not assigned an EVP_PKEY_CTX value before being passed to EVP_DigestSignInit() (which means the EVP_PKEY_CTX is created inside EVP_DigestSignInit() and it will be freed automatically when the EVP_MD_CTX is freed).

+ +

The digest type may be NULL if the signing algorithm supports it.

+ +

No EVP_PKEY_CTX will be created by EVP_DigestSignInit() if the passed ctx has already been assigned one via EVP_MD_CTX_set_pkey_ctx(3). See also SM2(7).

+ +

Only EVP_PKEY types that support signing can be used with these functions. This includes MAC algorithms where the MAC generation is considered as a form of "signing". Built-in EVP_PKEY types supported by these functions are CMAC, Poly1305, DSA, ECDSA, HMAC, RSA, SipHash, Ed25519 and Ed448.

+ +

Not all digests can be used for all key types. The following combinations apply.

+ +
+ +
DSA
+
+ +

Supports SHA1, SHA224, SHA256, SHA384 and SHA512

+ +
+
ECDSA
+
+ +

Supports SHA1, SHA224, SHA256, SHA384, SHA512 and SM3

+ +
+
RSA with no padding
+
+ +

Supports no digests (the digest type must be NULL)

+ +
+
RSA with X931 padding
+
+ +

Supports SHA1, SHA256, SHA384 and SHA512

+ +
+
All other RSA padding types
+
+ +

Support SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, SHA3-224, SHA3-256, SHA3-384, SHA3-512

+ +
+
Ed25519 and Ed448
+
+ +

Support no digests (the digest type must be NULL)

+ +
+
HMAC
+
+ +

Supports any digest

+ +
+
CMAC, Poly1305 and SipHash
+
+ +

Will ignore any digest provided.

+ +
+
+ +

If RSA-PSS is used and restrictions apply then the digest must match.

+ +

EVP_DigestSignUpdate() hashes cnt bytes of data at d into the signature context ctx. This function can be called several times on the same ctx to include additional data. This function is currently implemented using a macro.

+ +

EVP_DigestSignFinal() signs the data in ctx and places the signature in sig. If sig is NULL then the maximum size of the output buffer is written to the siglen parameter. If sig is not NULL then before the call the siglen parameter should contain the length of the sig buffer. If the call is successful the signature is written to sig and the amount of data written to siglen.

+ +

EVP_DigestSign() signs tbslen bytes of data at tbs and places the signature in sig and its length in siglen in a similar way to EVP_DigestSignFinal().

+ +

RETURN VALUES

+ +

EVP_DigestSignInit(), EVP_DigestSignUpdate(), EVP_DigestSignFinal() and EVP_DigestSign() return 1 for success and 0 for failure.

+ +

The error codes can be obtained from ERR_get_error(3).

+ +

NOTES

+ +

The EVP interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible.

+ +

EVP_DigestSign() is a one shot operation which signs a single block of data in one function. For algorithms that support streaming it is equivalent to calling EVP_DigestSignUpdate() and EVP_DigestSignFinal(). For algorithms which do not support streaming (e.g. PureEdDSA) it is the only way to sign data.

+ +

In previous versions of OpenSSL there was a link between message digest types and public key algorithms. This meant that "clone" digests such as EVP_dss1() needed to be used to sign using SHA1 and DSA. This is no longer necessary and the use of clone digest is now discouraged.

+ +

For some key types and parameters the random number generator must be seeded. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

The call to EVP_DigestSignFinal() internally finalizes a copy of the digest context. This means that calls to EVP_DigestSignUpdate() and EVP_DigestSignFinal() can be called later to digest and sign additional data.

+ +

Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur.

+ +

The use of EVP_PKEY_size() with these functions is discouraged because some signature operations may have a signature length which depends on the parameters set. As a result EVP_PKEY_size() would have to return a value which indicates the maximum possible signature for any set of parameters.

+ +

SEE ALSO

+ +

EVP_DigestVerifyInit(3), EVP_DigestInit(3), evp(7), HMAC(3), MD2(3), MD5(3), MDC2(3), RIPEMD160(3), SHA1(3), dgst(1), RAND(7)

+ +

HISTORY

+ +

EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_DigestVerifyInit.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_DigestVerifyInit.html new file mode 100644 index 00000000..39ee47aa --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_DigestVerifyInit.html @@ -0,0 +1,96 @@ + + + + +EVP_DigestVerifyInit + + + + + + + + + + +

NAME

+ +

EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_DigestVerify - EVP signature verification functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                         const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+                          size_t siglen);
+int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+                     size_t siglen, const unsigned char *tbs, size_t tbslen);
+ +

DESCRIPTION

+ +

The EVP signature routines are a high level interface to digital signatures.

+ +

EVP_DigestVerifyInit() sets up verification context ctx to use digest type from ENGINE e and public key pkey. ctx must be created with EVP_MD_CTX_new() before calling this function. If pctx is not NULL, the EVP_PKEY_CTX of the verification operation will be written to *pctx: this can be used to set alternative verification options. Note that any existing value in *pctx is overwritten. The EVP_PKEY_CTX value returned must not be freed directly by the application if ctx is not assigned an EVP_PKEY_CTX value before being passed to EVP_DigestVerifyInit() (which means the EVP_PKEY_CTX is created inside EVP_DigestVerifyInit() and it will be freed automatically when the EVP_MD_CTX is freed).

+ +

No EVP_PKEY_CTX will be created by EVP_DigestSignInit() if the passed ctx has already been assigned one via EVP_MD_CTX_set_pkey_ctx(3). See also SM2(7).

+ +

EVP_DigestVerifyUpdate() hashes cnt bytes of data at d into the verification context ctx. This function can be called several times on the same ctx to include additional data. This function is currently implemented using a macro.

+ +

EVP_DigestVerifyFinal() verifies the data in ctx against the signature in sig of length siglen.

+ +

EVP_DigestVerify() verifies tbslen bytes at tbs against the signature in sig of length siglen.

+ +

RETURN VALUES

+ +

EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0 for failure.

+ +

EVP_DigestVerifyFinal() and EVP_DigestVerify() return 1 for success; any other value indicates failure. A return value of zero indicates that the signature did not verify successfully (that is, tbs did not match the original data or the signature had an invalid form), while other values indicate a more serious error (and sometimes also indicate an invalid signature form).

+ +

The error codes can be obtained from ERR_get_error(3).

+ +

NOTES

+ +

The EVP interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible.

+ +

EVP_DigestVerify() is a one shot operation which verifies a single block of data in one function. For algorithms that support streaming it is equivalent to calling EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal(). For algorithms which do not support streaming (e.g. PureEdDSA) it is the only way to verify data.

+ +

In previous versions of OpenSSL there was a link between message digest types and public key algorithms. This meant that "clone" digests such as EVP_dss1() needed to be used to sign using SHA1 and DSA. This is no longer necessary and the use of clone digest is now discouraged.

+ +

For some key types and parameters the random number generator must be seeded. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data.

+ +

Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur.

+ +

SEE ALSO

+ +

EVP_DigestSignInit(3), EVP_DigestInit(3), evp(7), HMAC(3), MD2(3), MD5(3), MDC2(3), RIPEMD160(3), SHA1(3), dgst(1), RAND(7)

+ +

HISTORY

+ +

EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_EncodeInit.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_EncodeInit.html new file mode 100644 index 00000000..8301e17b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_EncodeInit.html @@ -0,0 +1,108 @@ + + + + +EVP_EncodeInit + + + + + + + + + + +

NAME

+ +

EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy, EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64 encode/decode routines

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
+int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx);
+int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl);
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl);
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
+ +

DESCRIPTION

+ +

The EVP encode routines provide a high level interface to base 64 encoding and decoding. Base 64 encoding converts binary data into a printable form that uses the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3 bytes of binary data provided 4 bytes of base 64 encoded data will be produced plus some occasional newlines (see below). If the input data length is not a multiple of 3 then the output data will be padded at the end using the "=" character.

+ +

EVP_ENCODE_CTX_new() allocates, initializes and returns a context to be used for the encode/decode functions.

+ +

EVP_ENCODE_CTX_free() cleans up an encode/decode context ctx and frees up the space allocated to it.

+ +

Encoding of binary data is performed in blocks of 48 input bytes (or less for the final block). For each 48 byte input block encoded 64 bytes of base 64 data is output plus an additional newline character (i.e. 65 bytes in total). The final block (which may be less than 48 bytes) will output 4 bytes for every 3 bytes of input. If the data length is not divisible by 3 then a full 4 bytes is still output for the final 1 or 2 bytes of input. Similarly a newline character will also be output.

+ +

EVP_EncodeInit() initialises ctx for the start of a new encoding operation.

+ +

EVP_EncodeUpdate() encode inl bytes of data found in the buffer pointed to by in. The output is stored in the buffer out and the number of bytes output is stored in *outl. It is the caller's responsibility to ensure that the buffer at out is sufficiently large to accommodate the output data. Only full blocks of data (48 bytes) will be immediately processed and output by this function. Any remainder is held in the ctx object and will be processed by a subsequent call to EVP_EncodeUpdate() or EVP_EncodeFinal(). To calculate the required size of the output buffer add together the value of inl with the amount of unprocessed data held in ctx and divide the result by 48 (ignore any remainder). This gives the number of blocks of data that will be processed. Ensure the output buffer contains 65 bytes of storage for each block, plus an additional byte for a NUL terminator. EVP_EncodeUpdate() may be called repeatedly to process large amounts of input data. In the event of an error EVP_EncodeUpdate() will set *outl to 0 and return 0. On success 1 will be returned.

+ +

EVP_EncodeFinal() must be called at the end of an encoding operation. It will process any partial block of data remaining in the ctx object. The output data will be stored in out and the length of the data written will be stored in *outl. It is the caller's responsibility to ensure that out is sufficiently large to accommodate the output data which will never be more than 65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).

+ +

EVP_ENCODE_CTX_copy() can be used to copy a context sctx to a context dctx. dctx must be initialized before calling this function.

+ +

EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still to be encoded or decoded that are pending in the ctx object.

+ +

EVP_EncodeBlock() encodes a full block of input data in f and of length dlen and stores it in t. For every 3 bytes of input provided 4 bytes of output data will be produced. If dlen is not divisible by 3 then the block is encoded as a final block of data and the output is padded such that it is always divisible by 4. Additionally a NUL terminator character will be added. For example if 16 bytes of input data is provided then 24 bytes of encoded data is created plus 1 byte for a NUL terminator (i.e. 25 bytes in total). The length of the data generated without the NUL terminator is returned from the function.

+ +

EVP_DecodeInit() initialises ctx for the start of a new decoding operation.

+ +

EVP_DecodeUpdate() decodes inl characters of data found in the buffer pointed to by in. The output is stored in the buffer out and the number of bytes output is stored in *outl. It is the caller's responsibility to ensure that the buffer at out is sufficiently large to accommodate the output data. This function will attempt to decode as much data as possible in 4 byte chunks. Any whitespace, newline or carriage return characters are ignored. Any partial chunk of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in the ctx object and processed by a subsequent call to EVP_DecodeUpdate(). If any illegal base 64 characters are encountered or if the base 64 padding character "=" is encountered in the middle of the data then the function returns -1 to indicate an error. A return value of 0 or 1 indicates successful processing of the data. A return value of 0 additionally indicates that the last input data characters processed included the base 64 padding character "=" and therefore no more non-padding character data is expected to be processed. For every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and line feeds), 3 bytes of binary output data will be produced (or less at the end of the data where the padding character "=" has been used).

+ +

EVP_DecodeFinal() must be called at the end of a decoding operation. If there is any unprocessed data still in ctx then the input data must not have been a multiple of 4 and therefore an error has occurred. The function will return -1 in this case. Otherwise the function returns 1 on success.

+ +

EVP_DecodeBlock() will decode the block of n characters of base 64 data contained in f and store the result in t. Any leading whitespace will be trimmed as will any trailing whitespace, newlines, carriage returns or EOF characters. After such trimming the length of the data in f must be divisible by 4. For every 4 input bytes exactly 3 output bytes will be produced. The output will be padded with 0 bits if necessary to ensure that the output is always 3 bytes for every 4 input bytes. This function will return the length of the data decoded or -1 on error.

+ +

RETURN VALUES

+ +

EVP_ENCODE_CTX_new() returns a pointer to the newly allocated EVP_ENCODE_CTX object or NULL on error.

+ +

EVP_ENCODE_CTX_num() returns the number of bytes pending encoding or decoding in ctx.

+ +

EVP_EncodeUpdate() returns 0 on error or 1 on success.

+ +

EVP_EncodeBlock() returns the number of bytes encoded excluding the NUL terminator.

+ +

EVP_DecodeUpdate() returns -1 on error and 0 or 1 on success. If 0 is returned then no more non-padding base 64 characters are expected.

+ +

EVP_DecodeFinal() returns -1 on error or 1 on success.

+ +

EVP_DecodeBlock() returns the length of the data decoded or -1 on error.

+ +

SEE ALSO

+ +

evp(7)

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_EncryptInit.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_EncryptInit.html new file mode 100644 index 00000000..9f820dd4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_EncryptInit.html @@ -0,0 +1,467 @@ + + + + +EVP_EncryptInit + + + + + + + + + + +

NAME

+ +

EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl, EVP_EncryptInit, EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, EVP_CIPHER_CTX_set_padding, EVP_enc_null - EVP cipher routines

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
+
+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                       ENGINE *impl, const unsigned char *key, const unsigned char *iv);
+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      int *outl, const unsigned char *in, int inl);
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                       ENGINE *impl, const unsigned char *key, const unsigned char *iv);
+int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      int *outl, const unsigned char *in, int inl);
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                      ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
+int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                     int *outl, const unsigned char *in, int inl);
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                    const unsigned char *key, const unsigned char *iv);
+int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                    const unsigned char *key, const unsigned char *iv);
+int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                   const unsigned char *key, const unsigned char *iv, int enc);
+int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
+
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+const EVP_CIPHER *EVP_get_cipherbynid(int nid);
+const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a);
+
+int EVP_CIPHER_nid(const EVP_CIPHER *e);
+int EVP_CIPHER_block_size(const EVP_CIPHER *e);
+int EVP_CIPHER_key_length(const EVP_CIPHER *e);
+int EVP_CIPHER_iv_length(const EVP_CIPHER *e);
+unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e);
+unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e);
+int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+
+const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
+void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data);
+int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx);
+
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ +

DESCRIPTION

+ +

The EVP cipher routines are a high level interface to certain symmetric ciphers.

+ +

EVP_CIPHER_CTX_new() creates a cipher context.

+ +

EVP_CIPHER_CTX_free() clears all information from a cipher context and free up any allocated memory associate with it, including ctx itself. This function should be called after all operations using a cipher are complete so sensitive information does not remain in memory.

+ +

EVP_EncryptInit_ex() sets up cipher context ctx for encryption with cipher type from ENGINE impl. ctx must be created before calling this function. type is normally supplied by a function such as EVP_aes_256_cbc(). If impl is NULL then the default implementation is used. key is the symmetric key to use and iv is the IV to use (if necessary), the actual number of bytes used for the key and IV depends on the cipher. It is possible to set all parameters to NULL except type in an initial call and supply the remaining parameters in subsequent calls, all of which have type set to NULL. This is done when the default cipher parameters are not appropriate.

+ +

EVP_EncryptUpdate() encrypts inl bytes from the buffer in and writes the encrypted version to out. This function can be called multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data: as a result the amount of data written may be anything from zero bytes to (inl + cipher_block_size - 1) so out should contain sufficient room. The actual number of bytes written is placed in outl. It also checks if in and out are partially overlapping, and if they are 0 is returned to indicate failure.

+ +

If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts the "final" data, that is any data that remains in a partial block. It uses standard block padding (aka PKCS padding) as described in the NOTES section, below. The encrypted final data is written to out which should have sufficient space for one cipher block. The number of bytes written is placed in outl. After this function is called the encryption operation is finished and no further calls to EVP_EncryptUpdate() should be made.

+ +

If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more data and it will return an error if any data remains in a partial block: that is if the total data length is not a multiple of the block size.

+ +

EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the corresponding decryption operations. EVP_DecryptFinal() will return an error code if padding is enabled and the final block is not correctly formatted. The parameters and restrictions are identical to the encryption operations except that if padding is enabled the decrypted data buffer out passed to EVP_DecryptUpdate() should have sufficient room for (inl + cipher_block_size) bytes unless the cipher block size is 1 in which case inl bytes is sufficient.

+ +

EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are functions that can be used for decryption or encryption. The operation performed depends on the value of the enc parameter. It should be set to 1 for encryption, 0 for decryption and -1 to leave the value unchanged (the actual value of 'enc' being supplied in a previous call).

+ +

EVP_CIPHER_CTX_reset() clears all information from a cipher context and free up any allocated memory associate with it, except the ctx itself. This function should be called anytime ctx is to be reused for another EVP_CipherInit() / EVP_CipherUpdate() / EVP_CipherFinal() series of calls.

+ +

EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex() and EVP_CipherInit_ex() except they always use the default cipher implementation.

+ +

EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() are identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and EVP_CipherFinal_ex(). In previous releases they also cleaned up the ctx, but this is no longer done and EVP_CIPHER_CTX_clean() must be called to free any context resources.

+ +

EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() return an EVP_CIPHER structure when passed a cipher name, a NID or an ASN1_OBJECT structure.

+ +

EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX structure. The actual NID value is an internal value which may not have a corresponding OBJECT IDENTIFIER.

+ +

EVP_CIPHER_CTX_set_padding() enables or disables padding. This function should be called after the context is set up for encryption or decryption with EVP_EncryptInit_ex(), EVP_DecryptInit_ex() or EVP_CipherInit_ex(). By default encryption operations are padded using standard block padding and the padding is checked and removed when decrypting. If the pad parameter is zero then no padding is performed, the total amount of data encrypted or decrypted must then be a multiple of the block size or an error will occur.

+ +

EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key length of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX structure. The constant EVP_MAX_KEY_LENGTH is the maximum key length for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a given cipher, the value of EVP_CIPHER_CTX_key_length() may be different for variable key length ciphers.

+ +

EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx. If the cipher is a fixed length cipher then attempting to set the key length to any value other than the fixed value is an error.

+ +

EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV length of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX. It will return zero if the cipher does not use an IV. The constant EVP_MAX_IV_LENGTH is the maximum IV length for all ciphers.

+ +

EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block size of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX structure. The constant EVP_MAX_BLOCK_LENGTH is also the maximum block length for all ciphers.

+ +

EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed cipher or context. This "type" is the actual NID of the cipher OBJECT IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and 128 bit RC2 have the same NID. If the cipher does not have an object identifier or does not have ASN1 support this function will return NID_undef.

+ +

EVP_CIPHER_CTX_cipher() returns the EVP_CIPHER structure when passed an EVP_CIPHER_CTX structure.

+ +

EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode: EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE or EVP_CIPH_OCB_MODE. If the cipher is a stream cipher then EVP_CIPH_STREAM_CIPHER is returned.

+ +

EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based on the passed cipher. This will typically include any parameters and an IV. The cipher IV (if any) must be set when this call is made. This call should be made before the cipher is actually "used" (before any EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function may fail if the cipher does not have any ASN1 support.

+ +

EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1 AlgorithmIdentifier "parameter". The precise effect depends on the cipher In the case of RC2, for example, it will set the IV and effective key length. This function should be called after the base cipher type is set but before the key is set. For example EVP_CipherInit() will be called with the IV and key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally EVP_CipherInit() again with all parameters except the key set to NULL. It is possible for this function to fail if the cipher does not have any ASN1 support or the parameters cannot be set (for example the RC2 effective key length is not supported.

+ +

EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined and set.

+ +

EVP_CIPHER_CTX_rand_key() generates a random key of the appropriate length based on the cipher context. The EVP_CIPHER can provide its own random key generation routine to support keys of a specific form. Key must point to a buffer at least as big as the value returned by EVP_CIPHER_CTX_key_length().

+ +

RETURN VALUES

+ +

EVP_CIPHER_CTX_new() returns a pointer to a newly created EVP_CIPHER_CTX for success and NULL for failure.

+ +

EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex() return 1 for success and 0 for failure.

+ +

EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure. EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.

+ +

EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure. EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success.

+ +

EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure.

+ +

EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() return an EVP_CIPHER structure or NULL on error.

+ +

EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID.

+ +

EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block size.

+ +

EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key length.

+ +

EVP_CIPHER_CTX_set_padding() always returns 1.

+ +

EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV length or zero if the cipher does not use an IV.

+ +

EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.

+ +

EVP_CIPHER_CTX_cipher() returns an EVP_CIPHER structure.

+ +

EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return greater than zero for success and zero or a negative number on failure.

+ +

EVP_CIPHER_CTX_rand_key() returns 1 for success.

+ +

CIPHER LISTING

+ +

All algorithms have a fixed key length unless otherwise stated.

+ +

Refer to "SEE ALSO" for the full list of ciphers available through the EVP interface.

+ +
+ +
EVP_enc_null()
+
+ +

Null cipher: does nothing.

+ +
+
+ +

AEAD Interface

+ +

The EVP interface for Authenticated Encryption with Associated Data (AEAD) modes are subtly altered and several additional ctrl operations are supported depending on the mode specified.

+ +

To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output parameter out set to NULL.

+ +

When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal() indicates whether the operation was successful. If it does not indicate success, the authentication operation has failed and any output data MUST NOT be used as it is corrupted.

+ +

GCM and OCB Modes

+ +

The following ctrls are supported in GCM and OCB modes.

+ +
+ +
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
+
+ +

Sets the IV length. This call can only be made before specifying an IV. If not called a default IV length is used.

+ +

For GCM AES and OCB AES the default is 12 (i.e. 96 bits). For OCB mode the maximum is 15.

+ +
+
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)
+
+ +

Writes taglen bytes of the tag value to the buffer indicated by tag. This call can only be made when encrypting data and after all data has been processed (e.g. after an EVP_EncryptFinal() call).

+ +

For OCB, taglen must either be 16 or the value previously set via EVP_CTRL_AEAD_SET_TAG.

+ +
+
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
+
+ +

Sets the expected tag to taglen bytes from tag. The tag length can only be set before specifying an IV. taglen must be between 1 and 16 inclusive.

+ +

For GCM, this call is only valid when decrypting data.

+ +

For OCB, this call is valid when decrypting data to set the expected tag, and before encryption to set the desired tag length.

+ +

In OCB mode, calling this before encryption with tag set to NULL sets the tag length. If this is not called prior to encryption, a default tag length is used.

+ +

For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the maximum tag length for OCB.

+ +
+
+ +

CCM Mode

+ +

The EVP interface for CCM mode is similar to that of the GCM mode but with a few additional requirements and different ctrl values.

+ +

For CCM mode, the total plaintext or ciphertext length MUST be passed to EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() with the output and input parameters (in and out) set to NULL and the length passed in the inl parameter.

+ +

The following ctrls are supported in CCM mode.

+ +
+ +
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
+
+ +

This call is made to set the expected CCM tag value when decrypting or the length of the tag (with the tag parameter set to NULL) when encrypting. The tag length is often referred to as M. If not set a default value is used (12 for AES). When decrypting, the tag needs to be set before passing in data to be decrypted, but as in GCM and OCB mode, it can be set after passing additional authenticated data (see "AEAD Interface").

+ +
+
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)
+
+ +

Sets the CCM L value. If not set a default is used (8 for AES).

+ +
+
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
+
+ +

Sets the CCM nonce (IV) length. This call can only be made before specifying an nonce value. The nonce length is given by 15 - L so it is 7 by default for AES.

+ +
+
+ +

ChaCha20-Poly1305

+ +

The following ctrls are supported for the ChaCha20-Poly1305 AEAD algorithm.

+ +
+ +
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
+
+ +

Sets the nonce length. This call can only be made before specifying the nonce. If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum nonce length is 12 bytes (i.e. 96-bits). If a nonce of less than 12 bytes is set then the nonce is automatically padded with leading 0 bytes to make it 12 bytes in length.

+ +
+
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)
+
+ +

Writes taglen bytes of the tag value to the buffer indicated by tag. This call can only be made when encrypting data and after all data has been processed (e.g. after an EVP_EncryptFinal() call).

+ +

taglen specified here must be 16 (POLY1305_BLOCK_SIZE, i.e. 128-bits) or less.

+ +
+
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
+
+ +

Sets the expected tag to taglen bytes from tag. The tag length can only be set before specifying an IV. taglen must be between 1 and 16 (POLY1305_BLOCK_SIZE) inclusive. This call is only valid when decrypting data.

+ +
+
+ +

NOTES

+ +

Where possible the EVP interface to symmetric ciphers should be used in preference to the low level interfaces. This is because the code then becomes transparent to the cipher used and much more flexible. Additionally, the EVP interface will ensure the use of platform specific cryptographic acceleration such as AES-NI (the low level interfaces do not provide the guarantee).

+ +

PKCS padding works by adding n padding bytes of value n to make the total length of the encrypted data a multiple of the block size. Padding is always added so if the data is already a multiple of the block size n will equal the block size. For example if the block size is 8 and 11 bytes are to be encrypted then 5 padding bytes of value 5 will be added.

+ +

When decrypting the final block is checked to see if it has the correct form.

+ +

Although the decryption operation can produce an error if padding is enabled, it is not a strong test that the input data or key is correct. A random block has better than 1 in 256 chance of being of the correct format and problems with the input data earlier on will not produce a final decrypt error.

+ +

If padding is disabled then the decryption operation will always succeed if the total amount of data decrypted is a multiple of the block size.

+ +

The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(), EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for compatibility with existing code. New code should use EVP_EncryptInit_ex(), EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an existing context without allocating and freeing it up on each call.

+ +

There are some differences between functions EVP_CipherInit() and EVP_CipherInit_ex(), significant in some circumstances. EVP_CipherInit() fills the passed context object with zeros. As a consequence, EVP_CipherInit() does not allow step-by-step initialization of the ctx when the key and iv are passed in separate calls. It also means that the flags set for the CTX are removed, and it is especially important for the EVP_CIPHER_CTX_FLAG_WRAP_ALLOW flag treated specially in EVP_CipherInit_ex().

+ +

EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros.

+ +

BUGS

+ +

EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with default key lengths. If custom ciphers exceed these values the results are unpredictable. This is because it has become standard practice to define a generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes.

+ +

The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.

+ +

EXAMPLES

+ +

Encrypt a string using IDEA:

+ +
int do_crypt(char *outfile)
+{
+    unsigned char outbuf[1024];
+    int outlen, tmplen;
+    /*
+     * Bogus key and IV: we'd normally set these from
+     * another source.
+     */
+    unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+    unsigned char iv[] = {1,2,3,4,5,6,7,8};
+    char intext[] = "Some Crypto Text";
+    EVP_CIPHER_CTX *ctx;
+    FILE *out;
+
+    ctx = EVP_CIPHER_CTX_new();
+    EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
+
+    if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) {
+        /* Error */
+        EVP_CIPHER_CTX_free(ctx);
+        return 0;
+    }
+    /*
+     * Buffer passed to EVP_EncryptFinal() must be after data just
+     * encrypted to avoid overwriting it.
+     */
+    if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) {
+        /* Error */
+        EVP_CIPHER_CTX_free(ctx);
+        return 0;
+    }
+    outlen += tmplen;
+    EVP_CIPHER_CTX_free(ctx);
+    /*
+     * Need binary mode for fopen because encrypted data is
+     * binary data. Also cannot use strlen() on it because
+     * it won't be NUL terminated and may contain embedded
+     * NULs.
+     */
+    out = fopen(outfile, "wb");
+    if (out == NULL) {
+        /* Error */
+        return 0;
+    }
+    fwrite(outbuf, 1, outlen, out);
+    fclose(out);
+    return 1;
+}
+ +

The ciphertext from the above example can be decrypted using the openssl utility with the command line (shown on two lines for clarity):

+ +
openssl idea -d \
+    -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 <filename
+ +

General encryption and decryption function example using FILE I/O and AES128 with a 128-bit key:

+ +
int do_crypt(FILE *in, FILE *out, int do_encrypt)
+{
+    /* Allow enough space in output buffer for additional block */
+    unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
+    int inlen, outlen;
+    EVP_CIPHER_CTX *ctx;
+    /*
+     * Bogus key and IV: we'd normally set these from
+     * another source.
+     */
+    unsigned char key[] = "0123456789abcdeF";
+    unsigned char iv[] = "1234567887654321";
+
+    /* Don't set key or IV right away; we want to check lengths */
+    ctx = EVP_CIPHER_CTX_new();
+    EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
+                      do_encrypt);
+    OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
+    OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
+
+    /* Now we can set key and IV */
+    EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
+
+    for (;;) {
+        inlen = fread(inbuf, 1, 1024, in);
+        if (inlen <= 0)
+            break;
+        if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) {
+            /* Error */
+            EVP_CIPHER_CTX_free(ctx);
+            return 0;
+        }
+        fwrite(outbuf, 1, outlen, out);
+    }
+    if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) {
+        /* Error */
+        EVP_CIPHER_CTX_free(ctx);
+        return 0;
+    }
+    fwrite(outbuf, 1, outlen, out);
+
+    EVP_CIPHER_CTX_free(ctx);
+    return 1;
+}
+ +

SEE ALSO

+ +

evp(7)

+ +

Supported ciphers are listed in:

+ +

EVP_aes(3), EVP_aria(3), EVP_bf(3), EVP_camellia(3), EVP_cast5(3), EVP_chacha20(3), EVP_des(3), EVP_desx(3), EVP_idea(3), EVP_rc2(3), EVP_rc4(3), EVP_rc5(3), EVP_seed(3), EVP_sm4(3)

+ +

HISTORY

+ +

Support for OCB mode was added in OpenSSL 1.1.0.

+ +

EVP_CIPHER_CTX was made opaque in OpenSSL 1.1.0. As a result, EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() disappeared. EVP_CIPHER_CTX_init() remains as an alias for EVP_CIPHER_CTX_reset().

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_MD_meth_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_MD_meth_new.html new file mode 100644 index 00000000..9bf2afd8 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_MD_meth_new.html @@ -0,0 +1,163 @@ + + + + +EVP_MD_meth_new + + + + + + + + + + +

NAME

+ +

EVP_MD_meth_dup, EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize, EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update, EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup, EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, EVP_MD_meth_get_ctrl - Routines to build up EVP_MD methods

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
+void EVP_MD_meth_free(EVP_MD *md);
+EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
+
+int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
+int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize);
+int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize);
+int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags);
+int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx));
+int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
+                                                     const void *data,
+                                                     size_t count));
+int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
+                                                   unsigned char *md));
+int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
+                                                 const EVP_MD_CTX *from));
+int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx));
+int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
+                                                 int p1, void *p2));
+
+int EVP_MD_meth_get_input_blocksize(const EVP_MD *md);
+int EVP_MD_meth_get_result_size(const EVP_MD *md);
+int EVP_MD_meth_get_app_datasize(const EVP_MD *md);
+unsigned long EVP_MD_meth_get_flags(const EVP_MD *md);
+int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx);
+int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                const void *data,
+                                                size_t count);
+int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                               unsigned char *md);
+int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
+                                              const EVP_MD_CTX *from);
+int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx);
+int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
+                                              int p1, void *p2);
+ +

DESCRIPTION

+ +

The EVP_MD type is a structure for digest method implementation. It can also have associated public/private key signing and verifying routines.

+ +

EVP_MD_meth_new() creates a new EVP_MD structure.

+ +

EVP_MD_meth_dup() creates a copy of md.

+ +

EVP_MD_meth_free() destroys a EVP_MD structure.

+ +

EVP_MD_meth_set_input_blocksize() sets the internal input block size for the method md to blocksize bytes.

+ +

EVP_MD_meth_set_result_size() sets the size of the result that the digest method in md is expected to produce to resultsize bytes.

+ +

The digest method may have its own private data, which OpenSSL will allocate for it. EVP_MD_meth_set_app_datasize() should be used to set the size for it to datasize.

+ +

EVP_MD_meth_set_flags() sets the flags to describe optional behaviours in the particular md. Several flags can be or'd together. The available flags are:

+ +
+ +
EVP_MD_FLAG_ONESHOT
+
+ +

This digest method can only handle one block of input.

+ +
+
EVP_MD_FLAG_XOF
+
+ +

This digest method is an extensible-output function (XOF) and supports the EVP_MD_CTRL_XOF_LEN control.

+ +
+
EVP_MD_FLAG_DIGALGID_NULL
+
+ +

When setting up a DigestAlgorithmIdentifier, this flag will have the parameter set to NULL by default. Use this for PKCS#1. Note: if combined with EVP_MD_FLAG_DIGALGID_ABSENT, the latter will override.

+ +
+
EVP_MD_FLAG_DIGALGID_ABSENT
+
+ +

When setting up a DigestAlgorithmIdentifier, this flag will have the parameter be left absent by default. Note: if combined with EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.

+ +
+
EVP_MD_FLAG_DIGALGID_CUSTOM
+
+ +

Custom DigestAlgorithmIdentifier handling via ctrl, with EVP_MD_FLAG_DIGALGID_ABSENT as default. Note: if combined with EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden. Currently unused.

+ +
+
EVP_MD_FLAG_FIPS
+
+ +

This digest method is suitable for use in FIPS mode. Currently unused.

+ +
+
+ +

EVP_MD_meth_set_init() sets the digest init function for md. The digest init function is called by EVP_Digest(), EVP_DigestInit(), EVP_DigestInit_ex(), EVP_SignInit, EVP_SignInit_ex(), EVP_VerifyInit() and EVP_VerifyInit_ex().

+ +

EVP_MD_meth_set_update() sets the digest update function for md. The digest update function is called by EVP_Digest(), EVP_DigestUpdate() and EVP_SignUpdate().

+ +

EVP_MD_meth_set_final() sets the digest final function for md. The digest final function is called by EVP_Digest(), EVP_DigestFinal(), EVP_DigestFinal_ex(), EVP_SignFinal() and EVP_VerifyFinal().

+ +

EVP_MD_meth_set_copy() sets the function for md to do extra computations after the method's private data structure has been copied from one EVP_MD_CTX to another. If all that's needed is to copy the data, there is no need for this copy function. Note that the copy function is passed two EVP_MD_CTX *, the private data structure is then available with EVP_MD_CTX_md_data(). This copy function is called by EVP_MD_CTX_copy() and EVP_MD_CTX_copy_ex().

+ +

EVP_MD_meth_set_cleanup() sets the function for md to do extra cleanup before the method's private data structure is cleaned out and freed. Note that the cleanup function is passed a EVP_MD_CTX *, the private data structure is then available with EVP_MD_CTX_md_data(). This cleanup function is called by EVP_MD_CTX_reset() and EVP_MD_CTX_free().

+ +

EVP_MD_meth_set_ctrl() sets the control function for md. See EVP_MD_CTX_ctrl(3) for the available controls.

+ +

EVP_MD_meth_get_input_blocksize(), EVP_MD_meth_get_result_size(), EVP_MD_meth_get_app_datasize(), EVP_MD_meth_get_flags(), EVP_MD_meth_get_init(), EVP_MD_meth_get_update(), EVP_MD_meth_get_final(), EVP_MD_meth_get_copy(), EVP_MD_meth_get_cleanup() and EVP_MD_meth_get_ctrl() are all used to retrieve the method data given with the EVP_MD_meth_set_*() functions above.

+ +

RETURN VALUES

+ +

EVP_MD_meth_new() and EVP_MD_meth_dup() return a pointer to a newly created EVP_MD, or NULL on failure. All EVP_MD_meth_set_*() functions return 1. EVP_MD_get_input_blocksize(), EVP_MD_meth_get_result_size(), EVP_MD_meth_get_app_datasize() and EVP_MD_meth_get_flags() return the indicated sizes or flags. All other EVP_CIPHER_meth_get_*() functions return pointers to their respective md function.

+ +

SEE ALSO

+ +

EVP_DigestInit(3), EVP_SignInit(3), EVP_VerifyInit(3)

+ +

HISTORY

+ +

The EVP_MD structure was openly available in OpenSSL before version 1.1. The functions described here were added in OpenSSL 1.1.

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_OpenInit.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_OpenInit.html new file mode 100644 index 00000000..c1c73618 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_OpenInit.html @@ -0,0 +1,75 @@ + + + + +EVP_OpenInit + + + + + + + + + + +

NAME

+ +

EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
+                 int ekl, unsigned char *iv, EVP_PKEY *priv);
+int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                   int *outl, unsigned char *in, int inl);
+int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+ +

DESCRIPTION

+ +

The EVP envelope routines are a high level interface to envelope decryption. They decrypt a public key encrypted symmetric key and then decrypt data using it.

+ +

EVP_OpenInit() initializes a cipher context ctx for decryption with cipher type. It decrypts the encrypted symmetric key of length ekl bytes passed in the ek parameter using the private key priv. The IV is supplied in the iv parameter.

+ +

EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as documented on the EVP_EncryptInit(3) manual page.

+ +

NOTES

+ +

It is possible to call EVP_OpenInit() twice in the same way as EVP_DecryptInit(). The first call should have priv set to NULL and (after setting any cipher parameters) it should be called again with type set to NULL.

+ +

If the cipher passed in the type parameter is a variable length cipher then the key length will be set to the value of the recovered key length. If the cipher is a fixed length cipher then the recovered key length must match the fixed cipher length.

+ +

RETURN VALUES

+ +

EVP_OpenInit() returns 0 on error or a non zero integer (actually the recovered secret key size) if successful.

+ +

EVP_OpenUpdate() returns 1 for success or 0 for failure.

+ +

EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success.

+ +

SEE ALSO

+ +

evp(7), RAND_bytes(3), EVP_EncryptInit(3), EVP_SealInit(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_ASN1_METHOD.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_ASN1_METHOD.html new file mode 100644 index 00000000..5860824b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_ASN1_METHOD.html @@ -0,0 +1,341 @@ + + + + +EVP_PKEY_ASN1_METHOD + + + + + + + + + + +

NAME

+ +

EVP_PKEY_ASN1_METHOD, EVP_PKEY_asn1_new, EVP_PKEY_asn1_copy, EVP_PKEY_asn1_free, EVP_PKEY_asn1_add0, EVP_PKEY_asn1_add_alias, EVP_PKEY_asn1_set_public, EVP_PKEY_asn1_set_private, EVP_PKEY_asn1_set_param, EVP_PKEY_asn1_set_free, EVP_PKEY_asn1_set_ctrl, EVP_PKEY_asn1_set_item, EVP_PKEY_asn1_set_siginf, EVP_PKEY_asn1_set_check, EVP_PKEY_asn1_set_public_check, EVP_PKEY_asn1_set_param_check, EVP_PKEY_asn1_set_security_bits, EVP_PKEY_asn1_set_set_priv_key, EVP_PKEY_asn1_set_set_pub_key, EVP_PKEY_asn1_set_get_priv_key, EVP_PKEY_asn1_set_get_pub_key, EVP_PKEY_get0_asn1 - manipulating and registering EVP_PKEY_ASN1_METHOD structure

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
+
+EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
+                                        const char *pem_str,
+                                        const char *info);
+void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
+                        const EVP_PKEY_ASN1_METHOD *src);
+void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
+int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
+int EVP_PKEY_asn1_add_alias(int to, int from);
+
+void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*pub_decode) (EVP_PKEY *pk,
+                                                 X509_PUBKEY *pub),
+                              int (*pub_encode) (X509_PUBKEY *pub,
+                                                 const EVP_PKEY *pk),
+                              int (*pub_cmp) (const EVP_PKEY *a,
+                                              const EVP_PKEY *b),
+                              int (*pub_print) (BIO *out,
+                                                const EVP_PKEY *pkey,
+                                                int indent, ASN1_PCTX *pctx),
+                              int (*pkey_size) (const EVP_PKEY *pk),
+                              int (*pkey_bits) (const EVP_PKEY *pk));
+void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
+                               int (*priv_decode) (EVP_PKEY *pk,
+                                                   const PKCS8_PRIV_KEY_INFO
+                                                   *p8inf),
+                               int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8,
+                                                   const EVP_PKEY *pk),
+                               int (*priv_print) (BIO *out,
+                                                  const EVP_PKEY *pkey,
+                                                  int indent,
+                                                  ASN1_PCTX *pctx));
+void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*param_decode) (EVP_PKEY *pkey,
+                                                  const unsigned char **pder,
+                                                  int derlen),
+                             int (*param_encode) (const EVP_PKEY *pkey,
+                                                  unsigned char **pder),
+                             int (*param_missing) (const EVP_PKEY *pk),
+                             int (*param_copy) (EVP_PKEY *to,
+                                                const EVP_PKEY *from),
+                             int (*param_cmp) (const EVP_PKEY *a,
+                                               const EVP_PKEY *b),
+                             int (*param_print) (BIO *out,
+                                                 const EVP_PKEY *pkey,
+                                                 int indent,
+                                                 ASN1_PCTX *pctx));
+
+void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
+                            void (*pkey_free) (EVP_PKEY *pkey));
+void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
+                                              long arg1, void *arg2));
+void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*item_verify) (EVP_MD_CTX *ctx,
+                                                const ASN1_ITEM *it,
+                                                void *asn,
+                                                X509_ALGOR *a,
+                                                ASN1_BIT_STRING *sig,
+                                                EVP_PKEY *pkey),
+                            int (*item_sign) (EVP_MD_CTX *ctx,
+                                              const ASN1_ITEM *it,
+                                              void *asn,
+                                              X509_ALGOR *alg1,
+                                              X509_ALGOR *alg2,
+                                              ASN1_BIT_STRING *sig));
+
+void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*siginf_set) (X509_SIG_INFO *siginf,
+                                                 const X509_ALGOR *alg,
+                                                 const ASN1_STRING *sig));
+
+void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*pkey_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*pkey_pub_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*pkey_param_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*pkey_security_bits) (const EVP_PKEY
+                                                                *pk));
+
+void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*set_priv_key) (EVP_PKEY *pk,
+                                                         const unsigned char
+                                                            *priv,
+                                                         size_t len));
+
+void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*set_pub_key) (EVP_PKEY *pk,
+                                                       const unsigned char *pub,
+                                                       size_t len));
+
+void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*get_priv_key) (const EVP_PKEY *pk,
+                                                         unsigned char *priv,
+                                                         size_t *len));
+
+void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*get_pub_key) (const EVP_PKEY *pk,
+                                                       unsigned char *pub,
+                                                       size_t *len));
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey);
+ +

DESCRIPTION

+ +

EVP_PKEY_ASN1_METHOD is a structure which holds a set of ASN.1 conversion, printing and information methods for a specific public key algorithm.

+ +

There are two places where the EVP_PKEY_ASN1_METHOD objects are stored: one is a built-in array representing the standard methods for different algorithms, and the other one is a stack of user-defined application-specific methods, which can be manipulated by using EVP_PKEY_asn1_add0(3).

+ +

Methods

+ +

The methods are the underlying implementations of a particular public key algorithm present by the EVP_PKEY object.

+ +
int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub);
+int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk);
+int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                  ASN1_PCTX *pctx);
+ +

The pub_decode() and pub_encode() methods are called to decode / encode X509_PUBKEY ASN.1 parameters to / from pk. They MUST return 0 on error, 1 on success. They're called by X509_PUBKEY_get0(3) and X509_PUBKEY_set(3).

+ +

The pub_cmp() method is called when two public keys are to be compared. It MUST return 1 when the keys are equal, 0 otherwise. It's called by EVP_PKEY_cmp(3).

+ +

The pub_print() method is called to print a public key in humanly readable text to out, indented indent spaces. It MUST return 0 on error, 1 on success. It's called by EVP_PKEY_print_public(3).

+ +
int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
+int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
+int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                   ASN1_PCTX *pctx);
+ +

The priv_decode() and priv_encode() methods are called to decode / encode PKCS8_PRIV_KEY_INFO form private key to / from pk. They MUST return 0 on error, 1 on success. They're called by EVP_PKCS82PKEY(3) and EVP_PKEY2PKCS8(3).

+ +

The priv_print() method is called to print a private key in humanly readable text to out, indented indent spaces. It MUST return 0 on error, 1 on success. It's called by EVP_PKEY_print_private(3).

+ +
int (*pkey_size) (const EVP_PKEY *pk);
+int (*pkey_bits) (const EVP_PKEY *pk);
+int (*pkey_security_bits) (const EVP_PKEY *pk);
+ +

The pkey_size() method returns the key size in bytes. It's called by EVP_PKEY_size(3).

+ +

The pkey_bits() method returns the key size in bits. It's called by EVP_PKEY_bits(3).

+ +
int (*param_decode) (EVP_PKEY *pkey,
+                     const unsigned char **pder, int derlen);
+int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+int (*param_missing) (const EVP_PKEY *pk);
+int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from);
+int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                    ASN1_PCTX *pctx);
+ +

The param_decode() and param_encode() methods are called to decode / encode DER formatted parameters to / from pk. They MUST return 0 on error, 1 on success. They're called by PEM_read_bio_Parameters(3) and the file: OSSL_STORE_LOADER(3).

+ +

The param_missing() method returns 0 if a key parameter is missing, otherwise 1. It's called by EVP_PKEY_missing_parameters(3).

+ +

The param_copy() method copies key parameters from from to to. It MUST return 0 on error, 1 on success. It's called by EVP_PKEY_copy_parameters(3).

+ +

The param_cmp() method compares the parameters of keys a and b. It MUST return 1 when the keys are equal, 0 when not equal, or a negative number on error. It's called by EVP_PKEY_cmp_parameters(3).

+ +

The param_print() method prints the private key parameters in humanly readable text to out, indented indent spaces. It MUST return 0 on error, 1 on success. It's called by EVP_PKEY_print_params(3).

+ +
int (*sig_print) (BIO *out,
+                  const X509_ALGOR *sigalg, const ASN1_STRING *sig,
+                  int indent, ASN1_PCTX *pctx);
+ +

The sig_print() method prints a signature in humanly readable text to out, indented indent spaces. sigalg contains the exact signature algorithm. If the signature in sig doesn't correspond to what this method expects, X509_signature_dump() must be used as a last resort. It MUST return 0 on error, 1 on success. It's called by X509_signature_print(3).

+ +
void (*pkey_free) (EVP_PKEY *pkey);
+ +

The pkey_free() method helps freeing the internals of pkey. It's called by EVP_PKEY_free(3), EVP_PKEY_set_type(3), EVP_PKEY_set_type_str(3), and EVP_PKEY_assign(3).

+ +
int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2);
+ +

The pkey_ctrl() method adds extra algorithm specific control. It's called by EVP_PKEY_get_default_digest_nid(3), EVP_PKEY_set1_tls_encodedpoint(3), EVP_PKEY_get1_tls_encodedpoint(3), PKCS7_SIGNER_INFO_set(3), PKCS7_RECIP_INFO_set(3), ...

+ +
int (*old_priv_decode) (EVP_PKEY *pkey,
+                        const unsigned char **pder, int derlen);
+int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+ +

The old_priv_decode() and old_priv_encode() methods decode / encode they private key pkey from / to a DER formatted array. These are exclusively used to help decoding / encoding older (pre PKCS#8) PEM formatted encrypted private keys. old_priv_decode() MUST return 0 on error, 1 on success. old_priv_encode() MUST the return same kind of values as i2d_PrivateKey(). They're called by d2i_PrivateKey(3) and i2d_PrivateKey(3).

+ +
int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                    X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
+int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                  X509_ALGOR *alg1, X509_ALGOR *alg2,
+                  ASN1_BIT_STRING *sig);
+ +

The item_sign() and item_verify() methods make it possible to have algorithm specific signatures and verification of them.

+ +

item_sign() MUST return one of:

+ +
+ +
<=0
+
+ +

error

+ +
+
1
+
+ +

item_sign() did everything, OpenSSL internals just needs to pass the signature length back.

+ +
+
2
+
+ +

item_sign() did nothing, OpenSSL internal standard routines are expected to continue with the default signature production.

+ +
+
3
+
+ +

item_sign() set the algorithm identifier algor1 and algor2, OpenSSL internals should just sign using those algorithms.

+ +
+
+ +

item_verify() MUST return one of:

+ +
+ +
<=0
+
+ +

error

+ +
+
1
+
+ +

item_sign() did everything, OpenSSL internals just needs to pass the signature length back.

+ +
+
2
+
+ +

item_sign() did nothing, OpenSSL internal standard routines are expected to continue with the default signature production.

+ +
+
+ +

item_verify() and item_sign() are called by ASN1_item_verify(3) and ASN1_item_sign(3), and by extension, X509_verify(3), X509_REQ_verify(3), X509_sign(3), X509_REQ_sign(3), ...

+ +
int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                   const ASN1_STRING *sig);
+ +

The siginf_set() method is used to set custom X509_SIG_INFO parameters. It MUST return 0 on error, or 1 on success. It's called as part of X509_check_purpose(3), X509_check_ca(3) and X509_check_issued(3).

+ +
int (*pkey_check) (const EVP_PKEY *pk);
+int (*pkey_public_check) (const EVP_PKEY *pk);
+int (*pkey_param_check) (const EVP_PKEY *pk);
+ +

The pkey_check(), pkey_public_check() and pkey_param_check() methods are used to check the validity of pk for key-pair, public component and parameters, respectively. They MUST return 0 for an invalid key, or 1 for a valid key. They are called by EVP_PKEY_check(3), EVP_PKEY_public_check(3) and EVP_PKEY_param_check(3) respectively.

+ +
int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len);
+int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len);
+ +

The set_priv_key() and set_pub_key() methods are used to set the raw private and public key data for an EVP_PKEY. They MUST return 0 on error, or 1 on success. They are called by EVP_PKEY_new_raw_private_key(3), and EVP_PKEY_new_raw_public_key(3) respectively.

+ +

Functions

+ +

EVP_PKEY_asn1_new() creates and returns a new EVP_PKEY_ASN1_METHOD object, and associates the given id, flags, pem_str and info. id is a NID, pem_str is the PEM type string, info is a descriptive string. The following flags are supported:

+ +
ASN1_PKEY_SIGPARAM_NULL
+ +

If ASN1_PKEY_SIGPARAM_NULL is set, then the signature algorithm parameters are given the type V_ASN1_NULL by default, otherwise they will be given the type V_ASN1_UNDEF (i.e. the parameter is omitted). See X509_ALGOR_set0(3) for more information.

+ +

EVP_PKEY_asn1_copy() copies an EVP_PKEY_ASN1_METHOD object from src to dst. This function is not thread safe, it's recommended to only use this when initializing the application.

+ +

EVP_PKEY_asn1_free() frees an existing EVP_PKEY_ASN1_METHOD pointed by ameth.

+ +

EVP_PKEY_asn1_add0() adds ameth to the user defined stack of methods unless another EVP_PKEY_ASN1_METHOD with the same NID is already there. This function is not thread safe, it's recommended to only use this when initializing the application.

+ +

EVP_PKEY_asn1_add_alias() creates an alias with the NID to for the EVP_PKEY_ASN1_METHOD with NID from unless another EVP_PKEY_ASN1_METHOD with the same NID is already added. This function is not thread safe, it's recommended to only use this when initializing the application.

+ +

EVP_PKEY_asn1_set_public(), EVP_PKEY_asn1_set_private(), EVP_PKEY_asn1_set_param(), EVP_PKEY_asn1_set_free(), EVP_PKEY_asn1_set_ctrl(), EVP_PKEY_asn1_set_item(), EVP_PKEY_asn1_set_siginf(), EVP_PKEY_asn1_set_check(), EVP_PKEY_asn1_set_public_check(), EVP_PKEY_asn1_set_param_check(), EVP_PKEY_asn1_set_security_bits(), EVP_PKEY_asn1_set_set_priv_key(), EVP_PKEY_asn1_set_set_pub_key(), EVP_PKEY_asn1_set_get_priv_key() and EVP_PKEY_asn1_set_get_pub_key() set the diverse methods of the given EVP_PKEY_ASN1_METHOD object.

+ +

EVP_PKEY_get0_asn1() finds the EVP_PKEY_ASN1_METHOD associated with the key pkey.

+ +

RETURN VALUES

+ +

EVP_PKEY_asn1_new() returns NULL on error, or a pointer to an EVP_PKEY_ASN1_METHOD object otherwise.

+ +

EVP_PKEY_asn1_add0() and EVP_PKEY_asn1_add_alias() return 0 on error, or 1 on success.

+ +

EVP_PKEY_get0_asn1() returns NULL on error, or a pointer to a constant EVP_PKEY_ASN1_METHOD object otherwise.

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_ctrl.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_ctrl.html new file mode 100644 index 00000000..5c0108cd --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_ctrl.html @@ -0,0 +1,278 @@ + + + + +EVP_PKEY_CTX_ctrl + + + + + + + + + + +

NAME

+ +

EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX_md, EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_get_signature_md, EVP_PKEY_CTX_set_mac_key, EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_CTX_get_rsa_padding, EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_get_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits, EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_rsa_keygen_primes, EVP_PKEY_CTX_set_rsa_mgf1_md, EVP_PKEY_CTX_get_rsa_mgf1_md, EVP_PKEY_CTX_set_rsa_oaep_md, EVP_PKEY_CTX_get_rsa_oaep_md, EVP_PKEY_CTX_set0_rsa_oaep_label, EVP_PKEY_CTX_get0_rsa_oaep_label, EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dsa_paramgen_q_bits, EVP_PKEY_CTX_set_dsa_paramgen_md, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_subprime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, EVP_PKEY_CTX_set_dh_paramgen_type, EVP_PKEY_CTX_set_dh_rfc5114, EVP_PKEY_CTX_set_dhx_rfc5114, EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid, EVP_PKEY_CTX_set_dh_kdf_type, EVP_PKEY_CTX_get_dh_kdf_type, EVP_PKEY_CTX_set0_dh_kdf_oid, EVP_PKEY_CTX_get0_dh_kdf_oid, EVP_PKEY_CTX_set_dh_kdf_md, EVP_PKEY_CTX_get_dh_kdf_md, EVP_PKEY_CTX_set_dh_kdf_outlen, EVP_PKEY_CTX_get_dh_kdf_outlen, EVP_PKEY_CTX_set0_dh_kdf_ukm, EVP_PKEY_CTX_get0_dh_kdf_ukm, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc, EVP_PKEY_CTX_set_ecdh_cofactor_mode, EVP_PKEY_CTX_get_ecdh_cofactor_mode, EVP_PKEY_CTX_set_ecdh_kdf_type, EVP_PKEY_CTX_get_ecdh_kdf_type, EVP_PKEY_CTX_set_ecdh_kdf_md, EVP_PKEY_CTX_get_ecdh_kdf_md, EVP_PKEY_CTX_set_ecdh_kdf_outlen, EVP_PKEY_CTX_get_ecdh_kdf_outlen, EVP_PKEY_CTX_set0_ecdh_kdf_ukm, EVP_PKEY_CTX_get0_ecdh_kdf_ukm, EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len - algorithm specific control operations

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                      int cmd, int p1, void *p2);
+int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                             int cmd, uint64_t value);
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                          const char *value);
+
+int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md);
+
+int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd);
+
+int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, unsigned char *key, int len);
+
+#include <openssl/rsa.h>
+
+int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
+int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad);
+int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
+int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len);
+int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
+int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
+int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes);
+int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len);
+int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
+
+#include <openssl/dsa.h>
+
+int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
+int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits);
+int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+
+#include <openssl/dh.h>
+
+int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len);
+int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len);
+int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type);
+int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
+int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid);
+int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid);
+int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid);
+int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
+int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
+
+#include <openssl/ec.h>
+
+int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
+int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
+int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode);
+int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
+int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
+
+int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len);
+int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id);
+int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len);
+ +

DESCRIPTION

+ +

The function EVP_PKEY_CTX_ctrl() sends a control operation to the context ctx. The key type used must match keytype if it is not -1. The parameter optype is a mask indicating which operations the control can be applied to. The control command is indicated in cmd and any additional arguments in p1 and p2.

+ +

For cmd = EVP_PKEY_CTRL_SET_MAC_KEY, p1 is the length of the MAC key, and p2 is MAC key. This is used by Poly1305, SipHash, HMAC and CMAC.

+ +

Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will instead call one of the algorithm specific macros below.

+ +

The function EVP_PKEY_CTX_ctrl_uint64() is a wrapper that directly passes a uint64 value as p2 to EVP_PKEY_CTX_ctrl().

+ +

The function EVP_PKEY_CTX_ctrl_str() allows an application to send an algorithm specific control operation to a context ctx in string form. This is intended to be used for options specified on the command line or in text files. The commands supported are documented in the openssl utility command line pages for the option -pkeyopt which is supported by the pkeyutl, genpkey and req commands.

+ +

The function EVP_PKEY_CTX_md() sends a message digest control operation to the context ctx. The message digest is specified by its name md.

+ +

All the remaining "functions" are implemented as macros.

+ +

The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used in a signature. It can be used in the RSA, DSA and ECDSA algorithms.

+ +

The EVP_PKEY_CTX_get_signature_md() macro gets the message digest type used in a signature. It can be used in the RSA, DSA and ECDSA algorithms.

+ +

Key generation typically involves setting up parameters to be used and generating the private and public key data. Some algorithm implementations allow private key data to be set explicitly using the EVP_PKEY_CTX_set_mac_key() macro. In this case key generation is simply the process of setting up the parameters for the key and then setting the raw key data to the value explicitly provided by that macro. Normally applications would call EVP_PKEY_new_raw_private_key(3) or similar functions instead of this macro.

+ +

The EVP_PKEY_CTX_set_mac_key() macro can be used with any of the algorithms supported by the EVP_PKEY_new_raw_private_key(3) function.

+ +

RSA parameters

+ +

The EVP_PKEY_CTX_set_rsa_padding() macro sets the RSA padding mode for ctx. The pad parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding, RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding, RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only), RSA_X931_PADDING for X9.31 padding (signature operations only) and RSA_PKCS1_PSS_PADDING (sign and verify only).

+ +

Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md() is used. If this macro is called for PKCS#1 padding the plaintext buffer is an actual digest value and is encapsulated in a DigestInfo structure according to PKCS#1 when signing and this structure is expected (and stripped off) when verifying. If this control is not used with RSA and PKCS#1 padding then the supplied data is used directly and not encapsulated. In the case of X9.31 padding for RSA the algorithm identifier byte is added or checked and removed if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte.

+ +

The EVP_PKEY_CTX_get_rsa_padding() macro gets the RSA padding mode for ctx.

+ +

The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to len. As its name implies it is only supported for PSS padding. Three special values are supported: RSA_PSS_SALTLEN_DIGEST sets the salt length to the digest length, RSA_PSS_SALTLEN_MAX sets the salt length to the maximum permissible value. When verifying RSA_PSS_SALTLEN_AUTO causes the salt length to be automatically determined based on the PSS block structure. If this macro is not called maximum salt length is used when signing and auto detection when verifying is used by default.

+ +

The EVP_PKEY_CTX_get_rsa_pss_saltlen() macro gets the RSA PSS salt length for ctx. The padding mode must have been set to RSA_PKCS1_PSS_PADDING.

+ +

The EVP_PKEY_CTX_set_rsa_keygen_bits() macro sets the RSA key length for RSA key generation to bits. If not specified 1024 bits is used.

+ +

The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value for RSA key generation to pubexp. Currently it should be an odd integer. The pubexp pointer is used internally by this function so it should not be modified or freed after the call. If not specified 65537 is used.

+ +

The EVP_PKEY_CTX_set_rsa_keygen_primes() macro sets the number of primes for RSA key generation to primes. If not specified 2 is used.

+ +

The EVP_PKEY_CTX_set_rsa_mgf1_md() macro sets the MGF1 digest for RSA padding schemes to md. If not explicitly set the signing digest is used. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING or RSA_PKCS1_PSS_PADDING.

+ +

The EVP_PKEY_CTX_get_rsa_mgf1_md() macro gets the MGF1 digest for ctx. If not explicitly set the signing digest is used. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING or RSA_PKCS1_PSS_PADDING.

+ +

The EVP_PKEY_CTX_set_rsa_oaep_md() macro sets the message digest type used in RSA OAEP to md. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING.

+ +

The EVP_PKEY_CTX_get_rsa_oaep_md() macro gets the message digest type used in RSA OAEP to md. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING.

+ +

The EVP_PKEY_CTX_set0_rsa_oaep_label() macro sets the RSA OAEP label to label and its length to len. If label is NULL or len is 0, the label is cleared. The library takes ownership of the label so the caller should not free the original memory pointed to by label. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING.

+ +

The EVP_PKEY_CTX_get0_rsa_oaep_label() macro gets the RSA OAEP label to label. The return value is the label length. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING. The resulting pointer is owned by the library and should not be freed by the caller.

+ +

DSA parameters

+ +

The EVP_PKEY_CTX_set_dsa_paramgen_bits() macro sets the number of bits used for DSA parameter generation to nbits. If not specified, 1024 is used.

+ +

The EVP_PKEY_CTX_set_dsa_paramgen_q_bits() macro sets the number of bits in the subprime parameter q for DSA parameter generation to qbits. If not specified, 160 is used. If a digest function is specified below, this parameter is ignored and instead, the number of bits in q matches the size of the digest.

+ +

The EVP_PKEY_CTX_set_dsa_paramgen_md() macro sets the digest function used for DSA parameter generation to md. If not specified, one of SHA-1, SHA-224, or SHA-256 is selected to match the bit length of q above.

+ +

DH parameters

+ +

The EVP_PKEY_CTX_set_dh_paramgen_prime_len() macro sets the length of the DH prime parameter p for DH parameter generation. If this macro is not called then 1024 is used. Only accepts lengths greater than or equal to 256.

+ +

The EVP_PKEY_CTX_set_dh_paramgen_subprime_len() macro sets the length of the DH optional subprime parameter q for DH parameter generation. The default is 256 if the prime is at least 2048 bits long or 160 otherwise. The DH paramgen type must have been set to x9.42.

+ +

The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to gen for DH parameter generation. If not specified 2 is used.

+ +

The EVP_PKEY_CTX_set_dh_paramgen_type() macro sets the key type for DH parameter generation. Use 0 for PKCS#3 DH and 1 for X9.42 DH. The default is 0.

+ +

The EVP_PKEY_CTX_set_dh_pad() macro sets the DH padding mode. If pad is 1 the shared secret is padded with zeroes up to the size of the DH prime p. If pad is zero (the default) then no padding is performed.

+ +

EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to nid as defined in RFC7919. The nid parameter must be NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096, NID_ffdhe6144, NID_ffdhe8192 or NID_undef to clear the stored value. This macro can be called during parameter or key generation. The nid parameter and the rfc5114 parameter are mutually exclusive.

+ +

The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are synonymous. They set the DH parameters to the values defined in RFC5114. The rfc5114 parameter must be 1, 2 or 3 corresponding to RFC5114 sections 2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called during parameter generation. The ctx must have a key type of EVP_PKEY_DHX. The rfc5114 parameter and the nid parameter are mutually exclusive.

+ +

DH key derivation function parameters

+ +

Note that all of the following functions require that the ctx parameter has a private key type of EVP_PKEY_DHX. When using key derivation, the output of EVP_PKEY_derive() is the output of the KDF instead of the DH shared secret. The KDF output is typically used as a Key Encryption Key (KEK) that in turn encrypts a Content Encryption Key (CEK).

+ +

The EVP_PKEY_CTX_set_dh_kdf_type() macro sets the key derivation function type to kdf for DH key derivation. Possible values are EVP_PKEY_DH_KDF_NONE and EVP_PKEY_DH_KDF_X9_42 which uses the key derivation specified in RFC2631 (based on the keying algorithm described in X9.42). When using key derivation, the kdf_oid, kdf_md and kdf_outlen parameters must also be specified.

+ +

The EVP_PKEY_CTX_get_dh_kdf_type() macro gets the key derivation function type for ctx used for DH key derivation. Possible values are EVP_PKEY_DH_KDF_NONE and EVP_PKEY_DH_KDF_X9_42.

+ +

The EVP_PKEY_CTX_set0_dh_kdf_oid() macro sets the key derivation function object identifier to oid for DH key derivation. This OID should identify the algorithm to be used with the Content Encryption Key. The library takes ownership of the object identifier so the caller should not free the original memory pointed to by oid.

+ +

The EVP_PKEY_CTX_get0_dh_kdf_oid() macro gets the key derivation function oid for ctx used for DH key derivation. The resulting pointer is owned by the library and should not be freed by the caller.

+ +

The EVP_PKEY_CTX_set_dh_kdf_md() macro sets the key derivation function message digest to md for DH key derivation. Note that RFC2631 specifies that this digest should be SHA1 but OpenSSL tolerates other digests.

+ +

The EVP_PKEY_CTX_get_dh_kdf_md() macro gets the key derivation function message digest for ctx used for DH key derivation.

+ +

The EVP_PKEY_CTX_set_dh_kdf_outlen() macro sets the key derivation function output length to len for DH key derivation.

+ +

The EVP_PKEY_CTX_get_dh_kdf_outlen() macro gets the key derivation function output length for ctx used for DH key derivation.

+ +

The EVP_PKEY_CTX_set0_dh_kdf_ukm() macro sets the user key material to ukm and its length to len for DH key derivation. This parameter is optional and corresponds to the partyAInfo field in RFC2631 terms. The specification requires that it is 512 bits long but this is not enforced by OpenSSL. The library takes ownership of the user key material so the caller should not free the original memory pointed to by ukm.

+ +

The EVP_PKEY_CTX_get0_dh_kdf_ukm() macro gets the user key material for ctx. The return value is the user key material length. The resulting pointer is owned by the library and should not be freed by the caller.

+ +

EC parameters

+ +

The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter generation to nid. For EC parameter generation this macro must be called or an error occurs because there is no default curve. This function can also be called to set the curve explicitly when generating an EC key.

+ +

The EVP_PKEY_CTX_set_ec_param_enc() macro sets the EC parameter encoding to param_enc when generating EC parameters or an EC key. The encoding can be OPENSSL_EC_EXPLICIT_CURVE for explicit parameters (the default in versions of OpenSSL before 1.1.0) or OPENSSL_EC_NAMED_CURVE to use named curve form. For maximum compatibility the named curve form should be used. Note: the OPENSSL_EC_NAMED_CURVE value was added in OpenSSL 1.1.0; previous versions should use 0 instead.

+ +

ECDH parameters

+ +

The EVP_PKEY_CTX_set_ecdh_cofactor_mode() macro sets the cofactor mode to cofactor_mode for ECDH key derivation. Possible values are 1 to enable cofactor key derivation, 0 to disable it and -1 to clear the stored cofactor mode and fallback to the private key cofactor mode.

+ +

The EVP_PKEY_CTX_get_ecdh_cofactor_mode() macro returns the cofactor mode for ctx used for ECDH key derivation. Possible values are 1 when cofactor key derivation is enabled and 0 otherwise.

+ +

ECDH key derivation function parameters

+ +

The EVP_PKEY_CTX_set_ecdh_kdf_type() macro sets the key derivation function type to kdf for ECDH key derivation. Possible values are EVP_PKEY_ECDH_KDF_NONE and EVP_PKEY_ECDH_KDF_X9_63 which uses the key derivation specified in X9.63. When using key derivation, the kdf_md and kdf_outlen parameters must also be specified.

+ +

The EVP_PKEY_CTX_get_ecdh_kdf_type() macro returns the key derivation function type for ctx used for ECDH key derivation. Possible values are EVP_PKEY_ECDH_KDF_NONE and EVP_PKEY_ECDH_KDF_X9_63.

+ +

The EVP_PKEY_CTX_set_ecdh_kdf_md() macro sets the key derivation function message digest to md for ECDH key derivation. Note that X9.63 specifies that this digest should be SHA1 but OpenSSL tolerates other digests.

+ +

The EVP_PKEY_CTX_get_ecdh_kdf_md() macro gets the key derivation function message digest for ctx used for ECDH key derivation.

+ +

The EVP_PKEY_CTX_set_ecdh_kdf_outlen() macro sets the key derivation function output length to len for ECDH key derivation.

+ +

The EVP_PKEY_CTX_get_ecdh_kdf_outlen() macro gets the key derivation function output length for ctx used for ECDH key derivation.

+ +

The EVP_PKEY_CTX_set0_ecdh_kdf_ukm() macro sets the user key material to ukm for ECDH key derivation. This parameter is optional and corresponds to the shared info in X9.63 terms. The library takes ownership of the user key material so the caller should not free the original memory pointed to by ukm.

+ +

The EVP_PKEY_CTX_get0_ecdh_kdf_ukm() macro gets the user key material for ctx. The return value is the user key material length. The resulting pointer is owned by the library and should not be freed by the caller.

+ +

Other parameters

+ +

The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() macros are used to manipulate the special identifier field for specific signature algorithms such as SM2. The EVP_PKEY_CTX_set1_id() sets an ID pointed by id with the length id_len to the library. The library takes a copy of the id so that the caller can safely free the original memory pointed to by id. The EVP_PKEY_CTX_get1_id_len() macro returns the length of the ID set via a previous call to EVP_PKEY_CTX_set1_id(). The length is usually used to allocate adequate memory for further calls to EVP_PKEY_CTX_get1_id(). The EVP_PKEY_CTX_get1_id() macro returns the previously set ID value to caller in id. The caller should allocate adequate memory space for the id before calling EVP_PKEY_CTX_get1_id().

+ +

RETURN VALUES

+ +

EVP_PKEY_CTX_ctrl() and its macros return a positive value for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3), EVP_PKEY_derive(3), EVP_PKEY_keygen(3)

+ +

HISTORY

+ +

The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_new.html new file mode 100644 index 00000000..1e985841 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_new.html @@ -0,0 +1,77 @@ + + + + +EVP_PKEY_CTX_new + + + + + + + + + + +

NAME

+ +

EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free - public key algorithm context functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+ +

DESCRIPTION

+ +

The EVP_PKEY_CTX_new() function allocates public key algorithm context using the algorithm specified in pkey and ENGINE e.

+ +

The EVP_PKEY_CTX_new_id() function allocates public key algorithm context using the algorithm specified by id and ENGINE e. It is normally used when no EVP_PKEY structure is associated with the operations, for example during parameter generation of key generation for some algorithms.

+ +

EVP_PKEY_CTX_dup() duplicates the context ctx.

+ +

EVP_PKEY_CTX_free() frees up the context ctx. If ctx is NULL, nothing is done.

+ +

NOTES

+ +

The EVP_PKEY_CTX structure is an opaque public key algorithm context used by the OpenSSL high level public key API. Contexts MUST NOT be shared between threads: that is it is not permissible to use the same context simultaneously in two threads.

+ +

RETURN VALUES

+ +

EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() returns either the newly allocated EVP_PKEY_CTX structure of NULL if an error occurred.

+ +

EVP_PKEY_CTX_free() does not return a value.

+ +

SEE ALSO

+ +

EVP_PKEY_new(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html new file mode 100644 index 00000000..a44d4aef --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html @@ -0,0 +1,69 @@ + + + + +EVP_PKEY_CTX_set1_pbe_pass + + + + + + + + + + +

NAME

+ +

EVP_PKEY_CTX_set1_pbe_pass - generic KDF support functions

+ +

SYNOPSIS

+ +
#include <openssl/kdf.h>
+
+int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *pctx, unsigned char *pass,
+                               int passlen);
+ +

DESCRIPTION

+ +

These functions are generic support functions for all KDF algorithms.

+ +

EVP_PKEY_CTX_set1_pbe_pass() sets the password to the passlen first bytes from pass.

+ +

STRING CTRLS

+ +

There is also support for string based control operations via EVP_PKEY_CTX_ctrl_str(3). The password can be directly specified using the type parameter "pass" or given in hex encoding using the "hexpass" parameter.

+ +

NOTES

+ +

All these functions are implemented as macros.

+ +

RETURN VALUES

+ +

All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_hkdf_md.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_hkdf_md.html new file mode 100644 index 00000000..98216a1c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_hkdf_md.html @@ -0,0 +1,153 @@ + + + + +EVP_PKEY_CTX_set_hkdf_md + + + + + + + + + + +

NAME

+ +

EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, EVP_PKEY_CTX_hkdf_mode - HMAC-based Extract-and-Expand key derivation algorithm

+ +

SYNOPSIS

+ +
#include <openssl/kdf.h>
+
+int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode);
+
+int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
+
+int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt,
+                                int saltlen);
+
+int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key,
+                               int keylen);
+
+int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info,
+                                int infolen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function. HKDF follows the "extract-then-expand" paradigm, where the KDF logically consists of two modules. The first stage takes the input keying material and "extracts" from it a fixed-length pseudorandom key K. The second stage "expands" the key K into several additional pseudorandom keys (the output of the KDF).

+ +

EVP_PKEY_CTX_hkdf_mode() sets the mode for the HKDF operation. There are three modes that are currently defined:

+ +
+ +
EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND
+
+ +

This is the default mode. Calling EVP_PKEY_derive(3) on an EVP_PKEY_CTX set up for HKDF will perform an extract followed by an expand operation in one go. The derived key returned will be the result after the expand operation. The intermediate fixed-length pseudorandom key K is not returned.

+ +

In this mode the digest, key, salt and info values must be set before a key is derived or an error occurs.

+ +
+
EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY
+
+ +

In this mode calling EVP_PKEY_derive(3) will just perform the extract operation. The value returned will be the intermediate fixed-length pseudorandom key K.

+ +

The digest, key and salt values must be set before a key is derived or an error occurs.

+ +
+
EVP_PKEY_HKDEF_MODE_EXPAND_ONLY
+
+ +

In this mode calling EVP_PKEY_derive(3) will just perform the expand operation. The input key should be set to the intermediate fixed-length pseudorandom key K returned from a previous extract operation.

+ +

The digest, key and info values must be set before a key is derived or an error occurs.

+ +
+
+ +

EVP_PKEY_CTX_set_hkdf_md() sets the message digest associated with the HKDF.

+ +

EVP_PKEY_CTX_set1_hkdf_salt() sets the salt to saltlen bytes of the buffer salt. Any existing value is replaced.

+ +

EVP_PKEY_CTX_set1_hkdf_key() sets the key to keylen bytes of the buffer key. Any existing value is replaced.

+ +

EVP_PKEY_CTX_add1_hkdf_info() sets the info value to infolen bytes of the buffer info. If a value is already set, it is appended to the existing value.

+ +

STRING CTRLS

+ +

HKDF also supports string based control operations via EVP_PKEY_CTX_ctrl_str(3). The type parameter "md" uses the supplied value as the name of the digest algorithm to use. The type parameter "mode" uses the values "EXTRACT_AND_EXPAND", "EXTRACT_ONLY" and "EXPAND_ONLY" to determine the mode to use. The type parameters "salt", "key" and "info" use the supplied value parameter as a seed, key or info value. The names "hexsalt", "hexkey" and "hexinfo" are similar except they take a hex string which is converted to binary.

+ +

NOTES

+ +

All these functions are implemented as macros.

+ +

A context for HKDF can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+ +

The total length of the info buffer cannot exceed 1024 bytes in length: this should be more than enough for any normal use of HKDF.

+ +

The output length of an HKDF expand operation is specified via the length parameter to the EVP_PKEY_derive(3) function. Since the HKDF output length is variable, passing a NULL buffer as a means to obtain the requisite length is not meaningful with HKDF in any mode that performs an expand operation. Instead, the caller must allocate a buffer of the desired length, and pass that buffer to EVP_PKEY_derive(3) along with (a pointer initialized to) the desired length. Passing a NULL buffer to obtain the length is allowed when using EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY.

+ +

Optimised versions of HKDF can be implemented in an ENGINE.

+ +

RETURN VALUES

+ +

All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

This example derives 10 bytes using SHA-256 with the secret key "secret", salt value "salt" and info value "label":

+ +
EVP_PKEY_CTX *pctx;
+unsigned char out[10];
+size_t outlen = sizeof(out);
+pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+
+if (EVP_PKEY_derive_init(pctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0)
+    /* Error */
+if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
+    /* Error */
+ +

CONFORMING TO

+ +

RFC 5869

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html new file mode 100644 index 00000000..1ad95838 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html @@ -0,0 +1,93 @@ + + + + +EVP_PKEY_CTX_set_rsa_pss_keygen_md + + + + + + + + + + +

NAME

+ +

EVP_PKEY_CTX_set_rsa_pss_keygen_md, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen - EVP_PKEY RSA-PSS algorithm support functions

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx,
+                                       const EVP_MD *md);
+int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx,
+                                            const EVP_MD *md);
+int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx,
+                                            int saltlen);
+ +

DESCRIPTION

+ +

These are the functions that implement RSA-PSS(7).

+ +

Signing and Verification

+ +

The macro EVP_PKEY_CTX_set_rsa_padding() is supported but an error is returned if an attempt is made to set the padding mode to anything other than PSS. It is otherwise similar to the RSA version.

+ +

The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro is used to set the salt length. If the key has usage restrictions then an error is returned if an attempt is made to set the salt length below the minimum value. It is otherwise similar to the RSA operation except detection of the salt length (using RSA_PSS_SALTLEN_AUTO) is not supported for verification if the key has usage restrictions.

+ +

The EVP_PKEY_CTX_set_signature_md() and EVP_PKEY_CTX_set_rsa_mgf1_md() macros are used to set the digest and MGF1 algorithms respectively. If the key has usage restrictions then an error is returned if an attempt is made to set the digest to anything other than the restricted value. Otherwise these are similar to the RSA versions.

+ +

Key Generation

+ +

As with RSA key generation the EVP_PKEY_CTX_set_rsa_keygen_bits() and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS: they have exactly the same meaning as for the RSA algorithm.

+ +

Optional parameter restrictions can be specified when generating a PSS key. If any restrictions are set (using the macros described below) then all parameters are restricted. For example, setting a minimum salt length also restricts the digest and MGF1 algorithms. If any restrictions are in place then they are reflected in the corresponding parameters of the public key when (for example) a certificate request is signed.

+ +

EVP_PKEY_CTX_set_rsa_pss_keygen_md() restricts the digest algorithm the generated key can use to md.

+ +

EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md() restricts the MGF1 algorithm the generated key can use to md.

+ +

EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen() restricts the minimum salt length to saltlen.

+ +

NOTES

+ +

A context for the RSA-PSS algorithm can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL);
+ +

RETURN VALUES

+ +

All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

SEE ALSO

+ +

RSA-PSS(7), EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_scrypt_N.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_scrypt_N.html new file mode 100644 index 00000000..006cbd3b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_scrypt_N.html @@ -0,0 +1,84 @@ + + + + +EVP_PKEY_CTX_set_scrypt_N + + + + + + + + + + +

NAME

+ +

EVP_PKEY_CTX_set1_scrypt_salt, EVP_PKEY_CTX_set_scrypt_N, EVP_PKEY_CTX_set_scrypt_r, EVP_PKEY_CTX_set_scrypt_p, EVP_PKEY_CTX_set_scrypt_maxmem_bytes - EVP_PKEY scrypt KDF support functions

+ +

SYNOPSIS

+ +
#include <openssl/kdf.h>
+
+int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *pctx, unsigned char *salt,
+                                  int saltlen);
+
+int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *pctx, uint64_t N);
+
+int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *pctx, uint64_t r);
+
+int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *pctx, uint64_t p);
+
+int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx,
+                                         uint64_t maxmem);
+ +

DESCRIPTION

+ +

These functions are used to set up the necessary data to use the scrypt KDF. For more information on scrypt, see scrypt(7).

+ +

EVP_PKEY_CTX_set1_scrypt_salt() sets the saltlen bytes long salt value.

+ +

EVP_PKEY_CTX_set_scrypt_N(), EVP_PKEY_CTX_set_scrypt_r() and EVP_PKEY_CTX_set_scrypt_p() configure the work factors N, r and p.

+ +

EVP_PKEY_CTX_set_scrypt_maxmem_bytes() sets how much RAM key derivation may maximally use, given in bytes. If RAM is exceeded because the load factors are chosen too high, the key derivation will fail.

+ +

STRING CTRLS

+ +

scrypt also supports string based control operations via EVP_PKEY_CTX_ctrl_str(3). Similarly, the salt can either be specified using the type parameter "salt" or in hex encoding by using the "hexsalt" parameter. The work factors N, r and p as well as maxmem_bytes can be set by using the parameters "N", "r", "p" and "maxmem_bytes", respectively.

+ +

NOTES

+ +

The scrypt KDF also uses EVP_PKEY_CTX_set1_pbe_pass() as well as the value from the string controls "pass" and "hexpass". See EVP_PKEY_CTX_set1_pbe_pass(3).

+ +

All the functions described here are implemented as macros.

+ +

RETURN VALUES

+ +

All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

SEE ALSO

+ +

scrypt(7), EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html new file mode 100644 index 00000000..de581770 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html @@ -0,0 +1,109 @@ + + + + +EVP_PKEY_CTX_set_tls1_prf_md + + + + + + + + + + +

NAME

+ +

EVP_PKEY_CTX_set_tls1_prf_md, EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed - TLS PRF key derivation algorithm

+ +

SYNOPSIS

+ +
#include <openssl/kdf.h>
+
+int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
+int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx,
+                                      unsigned char *sec, int seclen);
+int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx,
+                                    unsigned char *seed, int seedlen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_TLS1_PRF algorithm implements the PRF key derivation function for TLS. It has no associated private key and only implements key derivation using EVP_PKEY_derive(3).

+ +

EVP_PKEY_set_tls1_prf_md() sets the message digest associated with the TLS PRF. EVP_md5_sha1() is treated as a special case which uses the PRF algorithm using both MD5 and SHA1 as used in TLS 1.0 and 1.1.

+ +

EVP_PKEY_CTX_set_tls1_prf_secret() sets the secret value of the TLS PRF to seclen bytes of the buffer sec. Any existing secret value is replaced and any seed is reset.

+ +

EVP_PKEY_CTX_add1_tls1_prf_seed() sets the seed to seedlen bytes of seed. If a seed is already set it is appended to the existing value.

+ +

STRING CTRLS

+ +

The TLS PRF also supports string based control operations using EVP_PKEY_CTX_ctrl_str(3). The type parameter "md" uses the supplied value as the name of the digest algorithm to use. The type parameters "secret" and "seed" use the supplied value parameter as a secret or seed value. The names "hexsecret" and "hexseed" are similar except they take a hex string which is converted to binary.

+ +

NOTES

+ +

All these functions are implemented as macros.

+ +

A context for the TLS PRF can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+ +

The digest, secret value and seed must be set before a key is derived or an error occurs.

+ +

The total length of all seeds cannot exceed 1024 bytes in length: this should be more than enough for any normal use of the TLS PRF.

+ +

The output length of the PRF is specified by the length parameter in the EVP_PKEY_derive() function. Since the output length is variable, setting the buffer to NULL is not meaningful for the TLS PRF.

+ +

Optimised versions of the TLS PRF can be implemented in an ENGINE.

+ +

RETURN VALUES

+ +

All these functions return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

This example derives 10 bytes using SHA-256 with the secret key "secret" and seed value "seed":

+ +
EVP_PKEY_CTX *pctx;
+unsigned char out[10];
+size_t outlen = sizeof(out);
+
+pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+if (EVP_PKEY_derive_init(pctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0)
+    /* Error */
+if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
+    /* Error */
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_asn1_get_count.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_asn1_get_count.html new file mode 100644 index 00000000..781e9fe2 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_asn1_get_count.html @@ -0,0 +1,78 @@ + + + + +EVP_PKEY_asn1_get_count + + + + + + + + + + +

NAME

+ +

EVP_PKEY_asn1_find, EVP_PKEY_asn1_find_str, EVP_PKEY_asn1_get_count, EVP_PKEY_asn1_get0, EVP_PKEY_asn1_get0_info - enumerate public key ASN.1 methods

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_asn1_get_count(void);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
+                                                   const char *str, int len);
+int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id,
+                            int *ppkey_flags, const char **pinfo,
+                            const char **ppem_str,
+                            const EVP_PKEY_ASN1_METHOD *ameth);
+ +

DESCRIPTION

+ +

EVP_PKEY_asn1_count() returns a count of the number of public key ASN.1 methods available: it includes standard methods and any methods added by the application.

+ +

EVP_PKEY_asn1_get0() returns the public key ASN.1 method idx. The value of idx must be between zero and EVP_PKEY_asn1_get_count() - 1.

+ +

EVP_PKEY_asn1_find() looks up the EVP_PKEY_ASN1_METHOD with NID type. If pe isn't NULL, then it will look up an engine implementing a EVP_PKEY_ASN1_METHOD for the NID type and return that instead, and also set *pe to point at the engine that implements it.

+ +

EVP_PKEY_asn1_find_str() looks up the EVP_PKEY_ASN1_METHOD with PEM type string str. Just like EVP_PKEY_asn1_find(), if pe isn't NULL, then it will look up an engine implementing a EVP_PKEY_ASN1_METHOD for the NID type and return that instead, and also set *pe to point at the engine that implements it.

+ +

EVP_PKEY_asn1_get0_info() returns the public key ID, base public key ID (both NIDs), any flags, the method description and PEM type string associated with the public key ASN.1 method *ameth.

+ +

EVP_PKEY_asn1_count(), EVP_PKEY_asn1_get0(), EVP_PKEY_asn1_find() and EVP_PKEY_asn1_find_str() are not thread safe, but as long as all EVP_PKEY_ASN1_METHOD objects are added before the application gets threaded, using them is safe. See EVP_PKEY_asn1_add0(3).

+ +

RETURN VALUES

+ +

EVP_PKEY_asn1_count() returns the number of available public key methods.

+ +

EVP_PKEY_asn1_get0() return a public key method or NULL if idx is out of range.

+ +

EVP_PKEY_asn1_get0_info() returns 0 on failure, 1 on success.

+ +

SEE ALSO

+ +

EVP_PKEY_asn1_new(3), EVP_PKEY_asn1_add0(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_cmp.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_cmp.html new file mode 100644 index 00000000..cf0a6dd4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_cmp.html @@ -0,0 +1,77 @@ + + + + +EVP_PKEY_cmp + + + + + + + + + + +

NAME

+ +

EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp - public key parameter and comparison functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
+int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
+
+int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
+int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
+ +

DESCRIPTION

+ +

The function EVP_PKEY_missing_parameters() returns 1 if the public key parameters of pkey are missing and 0 if they are present or the algorithm doesn't use parameters.

+ +

The function EVP_PKEY_copy_parameters() copies the parameters from key from to key to. An error is returned if the parameters are missing in from or present in both from and to and mismatch. If the parameters in from and to are both present and match this function has no effect.

+ +

The function EVP_PKEY_cmp_parameters() compares the parameters of keys a and b.

+ +

The function EVP_PKEY_cmp() compares the public key components and parameters (if present) of keys a and b.

+ +

NOTES

+ +

The main purpose of the functions EVP_PKEY_missing_parameters() and EVP_PKEY_copy_parameters() is to handle public keys in certificates where the parameters are sometimes omitted from a public key if they are inherited from the CA that signed it.

+ +

Since OpenSSL private keys contain public key components too the function EVP_PKEY_cmp() can also be used to determine if a private key matches a public key.

+ +

RETURN VALUES

+ +

The function EVP_PKEY_missing_parameters() returns 1 if the public key parameters of pkey are missing and 0 if they are present or the algorithm doesn't use parameters.

+ +

These functions EVP_PKEY_copy_parameters() returns 1 for success and 0 for failure.

+ +

The function EVP_PKEY_cmp_parameters() and EVP_PKEY_cmp() return 1 if the keys match, 0 if they don't match, -1 if the key types are different and -2 if the operation is not supported.

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_keygen(3)

+ +

COPYRIGHT

+ +

Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_decrypt.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_decrypt.html new file mode 100644 index 00000000..301bb7d6 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_decrypt.html @@ -0,0 +1,113 @@ + + + + +EVP_PKEY_decrypt + + + + + + + + + + +

NAME

+ +

EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_decrypt_init() function initializes a public key algorithm context using key pkey for a decryption operation.

+ +

The EVP_PKEY_decrypt() function performs a public key decryption operation using ctx. The data to be decrypted is specified using the in and inlen parameters. If out is NULL then the maximum size of the output buffer is written to the outlen parameter. If out is not NULL then before the call the outlen parameter should contain the length of the out buffer, if the call is successful the decrypted data is written to out and the amount of data written to outlen.

+ +

NOTES

+ +

After the call to EVP_PKEY_decrypt_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation.

+ +

The function EVP_PKEY_decrypt() can be called more than once on the same context if several operations are performed using the same parameters.

+ +

RETURN VALUES

+ +

EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

Decrypt data using OAEP (for RSA keys):

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+EVP_PKEY_CTX *ctx;
+ENGINE *eng;
+unsigned char *out, *in;
+size_t outlen, inlen;
+EVP_PKEY *key;
+
+/*
+ * NB: assumes key, eng, in, inlen are already set up
+ * and that key is an RSA private key
+ */
+ctx = EVP_PKEY_CTX_new(key, eng);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_decrypt_init(ctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+    /* Error */
+
+/* Determine buffer length */
+if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+    /* Error */
+
+out = OPENSSL_malloc(outlen);
+
+if (!out)
+    /* malloc failure */
+
+if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
+    /* Error */
+
+/* Decrypted data is outlen bytes written to buffer out */
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_encrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3), EVP_PKEY_derive(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_derive.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_derive.html new file mode 100644 index 00000000..af93a8ed --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_derive.html @@ -0,0 +1,111 @@ + + + + +EVP_PKEY_derive + + + + + + + + + + +

NAME

+ +

EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public key algorithm shared secret

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_derive_init() function initializes a public key algorithm context using key pkey for shared secret derivation.

+ +

The EVP_PKEY_derive_set_peer() function sets the peer key: this will normally be a public key.

+ +

The EVP_PKEY_derive() derives a shared secret using ctx. If key is NULL then the maximum size of the output buffer is written to the keylen parameter. If key is not NULL then before the call the keylen parameter should contain the length of the key buffer, if the call is successful the shared secret is written to key and the amount of data written to keylen.

+ +

NOTES

+ +

After the call to EVP_PKEY_derive_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation.

+ +

The function EVP_PKEY_derive() can be called more than once on the same context if several operations are performed using the same parameters.

+ +

RETURN VALUES

+ +

EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

Derive shared secret (for example DH or EC keys):

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+EVP_PKEY_CTX *ctx;
+ENGINE *eng;
+unsigned char *skey;
+size_t skeylen;
+EVP_PKEY *pkey, *peerkey;
+/* NB: assumes pkey, eng, peerkey have been already set up */
+
+ctx = EVP_PKEY_CTX_new(pkey, eng);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_derive_init(ctx) <= 0)
+    /* Error */
+if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
+    /* Error */
+
+/* Determine buffer length */
+if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
+    /* Error */
+
+skey = OPENSSL_malloc(skeylen);
+
+if (!skey)
+    /* malloc failure */
+
+if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
+    /* Error */
+
+/* Shared secret is skey bytes written to buffer skey */
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3),

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_encrypt.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_encrypt.html new file mode 100644 index 00000000..e2def41a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_encrypt.html @@ -0,0 +1,114 @@ + + + + +EVP_PKEY_encrypt + + + + + + + + + + +

NAME

+ +

EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_encrypt_init() function initializes a public key algorithm context using key pkey for an encryption operation.

+ +

The EVP_PKEY_encrypt() function performs a public key encryption operation using ctx. The data to be encrypted is specified using the in and inlen parameters. If out is NULL then the maximum size of the output buffer is written to the outlen parameter. If out is not NULL then before the call the outlen parameter should contain the length of the out buffer, if the call is successful the encrypted data is written to out and the amount of data written to outlen.

+ +

NOTES

+ +

After the call to EVP_PKEY_encrypt_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation.

+ +

The function EVP_PKEY_encrypt() can be called more than once on the same context if several operations are performed using the same parameters.

+ +

RETURN VALUES

+ +

EVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

Encrypt data using OAEP (for RSA keys). See also PEM_read_PUBKEY(3) or d2i_X509(3) for means to load a public key. You may also simply set 'eng = NULL;' to start with the default OpenSSL RSA implementation:

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/engine.h>
+
+EVP_PKEY_CTX *ctx;
+ENGINE *eng;
+unsigned char *out, *in;
+size_t outlen, inlen;
+EVP_PKEY *key;
+
+/*
+ * NB: assumes eng, key, in, inlen are already set up,
+ * and that key is an RSA public key
+ */
+ctx = EVP_PKEY_CTX_new(key, eng);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_encrypt_init(ctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+    /* Error */
+
+/* Determine buffer length */
+if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+    /* Error */
+
+out = OPENSSL_malloc(outlen);
+
+if (!out)
+    /* malloc failure */
+
+if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
+    /* Error */
+
+/* Encrypted data is outlen bytes written to buffer out */
+ +

SEE ALSO

+ +

d2i_X509(3), ENGINE_by_id(3), EVP_PKEY_CTX_new(3), EVP_PKEY_decrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3), EVP_PKEY_derive(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_get_default_digest_nid.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_get_default_digest_nid.html new file mode 100644 index 00000000..b744d9c3 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_get_default_digest_nid.html @@ -0,0 +1,65 @@ + + + + +EVP_PKEY_get_default_digest_nid + + + + + + + + + + +

NAME

+ +

EVP_PKEY_get_default_digest_nid - get default signature digest

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+ +

DESCRIPTION

+ +

The EVP_PKEY_get_default_digest_nid() function sets pnid to the default message digest NID for the public key signature operations associated with key pkey. Note that some signature algorithms (i.e. Ed25519 and Ed448) do not use a digest during signing. In this case pnid will be set to NID_undef.

+ +

NOTES

+ +

For all current standard OpenSSL public key algorithms SHA1 is returned.

+ +

RETURN VALUES

+ +

The EVP_PKEY_get_default_digest_nid() function returns 1 if the message digest is advisory (that is other digests can be used) and 2 if it is mandatory (other digests can not be used). It returns 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3),

+ +

HISTORY

+ +

This function was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_keygen.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_keygen.html new file mode 100644 index 00000000..671b7a3a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_keygen.html @@ -0,0 +1,181 @@ + + + + +EVP_PKEY_keygen + + + + + + + + + + +

NAME

+ +

EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data, EVP_PKEY_gen_cb, EVP_PKEY_check, EVP_PKEY_public_check, EVP_PKEY_param_check - key and parameter generation and check functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+
+typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
+
+void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
+
+void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
+ +

DESCRIPTION

+ +

The EVP_PKEY_keygen_init() function initializes a public key algorithm context using key pkey for a key generation operation.

+ +

The EVP_PKEY_keygen() function performs a key generation operation, the generated key is written to ppkey.

+ +

The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar except parameters are generated.

+ +

The function EVP_PKEY_set_cb() sets the key or parameter generation callback to cb. The function EVP_PKEY_CTX_get_cb() returns the key or parameter generation callback.

+ +

The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated with the generation operation. If idx is -1 the total number of parameters available is returned. Any non negative value returns the value of that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for idx should only be called within the generation callback.

+ +

If the callback returns 0 then the key generation operation is aborted and an error occurs. This might occur during a time consuming operation where a user clicks on a "cancel" button.

+ +

The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set and retrieve an opaque pointer. This can be used to set some application defined value which can be retrieved in the callback: for example a handle which is used to update a "progress dialog".

+ +

EVP_PKEY_check() validates the key-pair given by ctx. This function first tries to use customized key check method in EVP_PKEY_METHOD if it's present; otherwise it calls a default one defined in EVP_PKEY_ASN1_METHOD.

+ +

EVP_PKEY_public_check() validates the public component of the key-pair given by ctx. This function first tries to use customized key check method in EVP_PKEY_METHOD if it's present; otherwise it calls a default one defined in EVP_PKEY_ASN1_METHOD.

+ +

EVP_PKEY_param_check() validates the algorithm parameters of the key-pair given by ctx. This function first tries to use customized key check method in EVP_PKEY_METHOD if it's present; otherwise it calls a default one defined in EVP_PKEY_ASN1_METHOD.

+ +

NOTES

+ +

After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation.

+ +

The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than once on the same context if several operations are performed using the same parameters.

+ +

The meaning of the parameters passed to the callback will depend on the algorithm and the specific implementation of the algorithm. Some might not give any useful information at all during key or parameter generation. Others might not even call the callback.

+ +

The operation performed by key or parameter generation depends on the algorithm used. In some cases (e.g. EC with a supplied named curve) the "generation" option merely sets the appropriate fields in an EVP_PKEY structure.

+ +

In OpenSSL an EVP_PKEY structure containing a private key also contains the public key components and parameters (if any). An OpenSSL private key is equivalent to what some libraries call a "key pair". A private key can be used in functions which require the use of a public key or parameters.

+ +

RETURN VALUES

+ +

EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() return 1 for success or others for failure. They return -2 if the operation is not supported for the specific algorithm.

+ +

EXAMPLES

+ +

Generate a 2048 bit RSA key:

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+EVP_PKEY_CTX *ctx;
+EVP_PKEY *pkey = NULL;
+
+ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_keygen_init(ctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
+    /* Error */
+
+/* Generate key */
+if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+    /* Error */
+ +

Generate a key from a set of parameters:

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+EVP_PKEY_CTX *ctx;
+ENGINE *eng;
+EVP_PKEY *pkey = NULL, *param;
+
+/* Assumed param, eng are set up already */
+ctx = EVP_PKEY_CTX_new(param, eng);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_keygen_init(ctx) <= 0)
+    /* Error */
+
+/* Generate key */
+if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+    /* Error */
+ +

Example of generation callback for OpenSSL public key implementations:

+ +
/* Application data is a BIO to output status to */
+
+EVP_PKEY_CTX_set_app_data(ctx, status_bio);
+
+static int genpkey_cb(EVP_PKEY_CTX *ctx)
+{
+    char c = '*';
+    BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+    int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    BIO_write(b, &c, 1);
+    (void)BIO_flush(b);
+    return 1;
+}
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3), EVP_PKEY_derive(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_meth_get_count.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_meth_get_count.html new file mode 100644 index 00000000..ac93fa56 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_meth_get_count.html @@ -0,0 +1,67 @@ + + + + +EVP_PKEY_meth_get_count + + + + + + + + + + +

NAME

+ +

EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info - enumerate public key methods

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+size_t EVP_PKEY_meth_get_count(void);
+const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx);
+void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
+                             const EVP_PKEY_METHOD *meth);
+ +

DESCRIPTION

+ +

EVP_PKEY_meth_count() returns a count of the number of public key methods available: it includes standard methods and any methods added by the application.

+ +

EVP_PKEY_meth_get0() returns the public key method idx. The value of idx must be between zero and EVP_PKEY_meth_get_count() - 1.

+ +

EVP_PKEY_meth_get0_info() returns the public key ID (a NID) and any flags associated with the public key method *meth.

+ +

RETURN VALUES

+ +

EVP_PKEY_meth_count() returns the number of available public key methods.

+ +

EVP_PKEY_meth_get0() return a public key method or NULL if idx is out of range.

+ +

EVP_PKEY_meth_get0_info() does not return a value.

+ +

SEE ALSO

+ +

EVP_PKEY_new(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_meth_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_meth_new.html new file mode 100644 index 00000000..5fd51558 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_meth_new.html @@ -0,0 +1,394 @@ + + + + +EVP_PKEY_meth_new + + + + + + + + + + +

NAME

+ +

EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, EVP_PKEY_meth_add0, EVP_PKEY_METHOD, EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, EVP_PKEY_meth_set_digestsign, EVP_PKEY_meth_set_digestverify, EVP_PKEY_meth_set_check, EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, EVP_PKEY_meth_set_digest_custom, EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, EVP_PKEY_meth_get_digestsign, EVP_PKEY_meth_get_digestverify, EVP_PKEY_meth_get_check, EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, EVP_PKEY_meth_get_digest_custom, EVP_PKEY_meth_remove - manipulating EVP_PKEY_METHOD structure

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
+
+EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags);
+void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
+void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
+const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
+int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
+int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth);
+
+void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
+                            int (*init) (EVP_PKEY_CTX *ctx));
+void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
+                            int (*copy) (EVP_PKEY_CTX *dst,
+                                         EVP_PKEY_CTX *src));
+void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
+                               void (*cleanup) (EVP_PKEY_CTX *ctx));
+void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
+                                int (*paramgen_init) (EVP_PKEY_CTX *ctx),
+                                int (*paramgen) (EVP_PKEY_CTX *ctx,
+                                                 EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
+                              int (*keygen_init) (EVP_PKEY_CTX *ctx),
+                              int (*keygen) (EVP_PKEY_CTX *ctx,
+                                             EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
+                            int (*sign_init) (EVP_PKEY_CTX *ctx),
+                            int (*sign) (EVP_PKEY_CTX *ctx,
+                                         unsigned char *sig, size_t *siglen,
+                                         const unsigned char *tbs,
+                                         size_t tbslen));
+void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
+                              int (*verify_init) (EVP_PKEY_CTX *ctx),
+                              int (*verify) (EVP_PKEY_CTX *ctx,
+                                             const unsigned char *sig,
+                                             size_t siglen,
+                                             const unsigned char *tbs,
+                                             size_t tbslen));
+void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
+                                      int (*verify_recover_init) (EVP_PKEY_CTX
+                                                                  *ctx),
+                                      int (*verify_recover) (EVP_PKEY_CTX
+                                                             *ctx,
+                                                             unsigned char
+                                                             *sig,
+                                                             size_t *siglen,
+                                                             const unsigned
+                                                             char *tbs,
+                                                             size_t tbslen));
+void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
+                               int (*signctx_init) (EVP_PKEY_CTX *ctx,
+                                                    EVP_MD_CTX *mctx),
+                               int (*signctx) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *sig,
+                                               size_t *siglen,
+                                               EVP_MD_CTX *mctx));
+void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
+                                 int (*verifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                        EVP_MD_CTX *mctx),
+                                 int (*verifyctx) (EVP_PKEY_CTX *ctx,
+                                                   const unsigned char *sig,
+                                                   int siglen,
+                                                   EVP_MD_CTX *mctx));
+void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*encrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*encryptfn) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen));
+void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*decrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*decrypt) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *out,
+                                               size_t *outlen,
+                                               const unsigned char *in,
+                                               size_t inlen));
+void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
+                              int (*derive_init) (EVP_PKEY_CTX *ctx),
+                              int (*derive) (EVP_PKEY_CTX *ctx,
+                                             unsigned char *key,
+                                             size_t *keylen));
+void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
+                            int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                         void *p2),
+                            int (*ctrl_str) (EVP_PKEY_CTX *ctx,
+                                             const char *type,
+                                             const char *value));
+void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth,
+                                  int (*digestsign) (EVP_MD_CTX *ctx,
+                                                     unsigned char *sig,
+                                                     size_t *siglen,
+                                                     const unsigned char *tbs,
+                                                     size_t tbslen));
+void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth,
+                                    int (*digestverify) (EVP_MD_CTX *ctx,
+                                                         const unsigned char *sig,
+                                                         size_t siglen,
+                                                         const unsigned char *tbs,
+                                                         size_t tbslen));
+void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
+                             int (*check) (EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+                                    int (*check) (EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+                                   int (*check) (EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                    int (*digest_custom) (EVP_PKEY_CTX *ctx,
+                                                          EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth,
+                            int (**pinit) (EVP_PKEY_CTX *ctx));
+void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth,
+                            int (**pcopy) (EVP_PKEY_CTX *dst,
+                                           EVP_PKEY_CTX *src));
+void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth,
+                               void (**pcleanup) (EVP_PKEY_CTX *ctx));
+void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth,
+                                int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
+                                int (**pparamgen) (EVP_PKEY_CTX *ctx,
+                                                   EVP_PKEY *pkey));
+void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth,
+                              int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
+                              int (**pkeygen) (EVP_PKEY_CTX *ctx,
+                                               EVP_PKEY *pkey));
+void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth,
+                            int (**psign_init) (EVP_PKEY_CTX *ctx),
+                            int (**psign) (EVP_PKEY_CTX *ctx,
+                                           unsigned char *sig, size_t *siglen,
+                                           const unsigned char *tbs,
+                                           size_t tbslen));
+void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth,
+                              int (**pverify_init) (EVP_PKEY_CTX *ctx),
+                              int (**pverify) (EVP_PKEY_CTX *ctx,
+                                               const unsigned char *sig,
+                                               size_t siglen,
+                                               const unsigned char *tbs,
+                                               size_t tbslen));
+void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth,
+                                      int (**pverify_recover_init) (EVP_PKEY_CTX
+                                                                    *ctx),
+                                      int (**pverify_recover) (EVP_PKEY_CTX
+                                                               *ctx,
+                                                               unsigned char
+                                                               *sig,
+                                                               size_t *siglen,
+                                                               const unsigned
+                                                               char *tbs,
+                                                               size_t tbslen));
+void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth,
+                               int (**psignctx_init) (EVP_PKEY_CTX *ctx,
+                                                      EVP_MD_CTX *mctx),
+                               int (**psignctx) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *sig,
+                                                 size_t *siglen,
+                                                 EVP_MD_CTX *mctx));
+void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth,
+                                 int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                          EVP_MD_CTX *mctx),
+                                 int (**pverifyctx) (EVP_PKEY_CTX *ctx,
+                                                     const unsigned char *sig,
+                                                     int siglen,
+                                                     EVP_MD_CTX *mctx));
+void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth,
+                               int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pencryptfn) (EVP_PKEY_CTX *ctx,
+                                                   unsigned char *out,
+                                                   size_t *outlen,
+                                                   const unsigned char *in,
+                                                   size_t inlen));
+void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth,
+                               int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pdecrypt) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen));
+void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth,
+                              int (**pderive_init) (EVP_PKEY_CTX *ctx),
+                              int (**pderive) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *key,
+                                               size_t *keylen));
+void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
+                            int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                           void *p2),
+                            int (**pctrl_str) (EVP_PKEY_CTX *ctx,
+                                               const char *type,
+                                               const char *value));
+void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth,
+                                  int (**digestsign) (EVP_MD_CTX *ctx,
+                                                      unsigned char *sig,
+                                                      size_t *siglen,
+                                                      const unsigned char *tbs,
+                                                      size_t tbslen));
+void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth,
+                                    int (**digestverify) (EVP_MD_CTX *ctx,
+                                                          const unsigned char *sig,
+                                                          size_t siglen,
+                                                          const unsigned char *tbs,
+                                                          size_t tbslen));
+void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
+                             int (**pcheck) (EVP_PKEY *pkey));
+void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
+                                    int (**pcheck) (EVP_PKEY *pkey));
+void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
+                                   int (**pcheck) (EVP_PKEY *pkey));
+void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                    int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
+                                                            EVP_MD_CTX *mctx));
+ +

DESCRIPTION

+ +

EVP_PKEY_METHOD is a structure which holds a set of methods for a specific public key cryptographic algorithm. Those methods are usually used to perform different jobs, such as generating a key, signing or verifying, encrypting or decrypting, etc.

+ +

There are two places where the EVP_PKEY_METHOD objects are stored: one is a built-in static array representing the standard methods for different algorithms, and the other one is a stack of user-defined application-specific methods, which can be manipulated by using EVP_PKEY_meth_add0(3).

+ +

The EVP_PKEY_METHOD objects are usually referenced by EVP_PKEY_CTX objects.

+ +

Methods

+ +

The methods are the underlying implementations of a particular public key algorithm present by the EVP_PKEY_CTX object.

+ +
int (*init) (EVP_PKEY_CTX *ctx);
+int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
+void (*cleanup) (EVP_PKEY_CTX *ctx);
+ +

The init() method is called to initialize algorithm-specific data when a new EVP_PKEY_CTX is created. As opposed to init(), the cleanup() method is called when an EVP_PKEY_CTX is freed. The copy() method is called when an EVP_PKEY_CTX is being duplicated. Refer to EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_new_id(3), EVP_PKEY_CTX_free(3) and EVP_PKEY_CTX_dup(3).

+ +
int (*paramgen_init) (EVP_PKEY_CTX *ctx);
+int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+ +

The paramgen_init() and paramgen() methods deal with key parameter generation. They are called by EVP_PKEY_paramgen_init(3) and EVP_PKEY_paramgen(3) to handle the parameter generation process.

+ +
int (*keygen_init) (EVP_PKEY_CTX *ctx);
+int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+ +

The keygen_init() and keygen() methods are used to generate the actual key for the specified algorithm. They are called by EVP_PKEY_keygen_init(3) and EVP_PKEY_keygen(3).

+ +
int (*sign_init) (EVP_PKEY_CTX *ctx);
+int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+             const unsigned char *tbs, size_t tbslen);
+ +

The sign_init() and sign() methods are used to generate the signature of a piece of data using a private key. They are called by EVP_PKEY_sign_init(3) and EVP_PKEY_sign(3).

+ +
int (*verify_init) (EVP_PKEY_CTX *ctx);
+int (*verify) (EVP_PKEY_CTX *ctx,
+               const unsigned char *sig, size_t siglen,
+               const unsigned char *tbs, size_t tbslen);
+ +

The verify_init() and verify() methods are used to verify whether a signature is valid. They are called by EVP_PKEY_verify_init(3) and EVP_PKEY_verify(3).

+ +
int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
+int (*verify_recover) (EVP_PKEY_CTX *ctx,
+                       unsigned char *rout, size_t *routlen,
+                       const unsigned char *sig, size_t siglen);
+ +

The verify_recover_init() and verify_recover() methods are used to verify a signature and then recover the digest from the signature (for instance, a signature that was generated by RSA signing algorithm). They are called by EVP_PKEY_verify_recover_init(3) and EVP_PKEY_verify_recover(3).

+ +
int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                EVP_MD_CTX *mctx);
+ +

The signctx_init() and signctx() methods are used to sign a digest present by a EVP_MD_CTX object. They are called by the EVP_DigestSign functions. See EVP_DigestSignInit(3) for details.

+ +
int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
+                  EVP_MD_CTX *mctx);
+ +

The verifyctx_init() and verifyctx() methods are used to verify a signature against the data in a EVP_MD_CTX object. They are called by the various EVP_DigestVerify functions. See EVP_DigestVerifyInit(3) for details.

+ +
int (*encrypt_init) (EVP_PKEY_CTX *ctx);
+int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                const unsigned char *in, size_t inlen);
+ +

The encrypt_init() and encrypt() methods are used to encrypt a piece of data. They are called by EVP_PKEY_encrypt_init(3) and EVP_PKEY_encrypt(3).

+ +
int (*decrypt_init) (EVP_PKEY_CTX *ctx);
+int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                const unsigned char *in, size_t inlen);
+ +

The decrypt_init() and decrypt() methods are used to decrypt a piece of data. They are called by EVP_PKEY_decrypt_init(3) and EVP_PKEY_decrypt(3).

+ +
int (*derive_init) (EVP_PKEY_CTX *ctx);
+int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+ +

The derive_init() and derive() methods are used to derive the shared secret from a public key algorithm (for instance, the DH algorithm). They are called by EVP_PKEY_derive_init(3) and EVP_PKEY_derive(3).

+ +
int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
+ +

The ctrl() and ctrl_str() methods are used to adjust algorithm-specific settings. See EVP_PKEY_CTX_ctrl(3) and related functions for details.

+ +
int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+                   const unsigned char *tbs, size_t tbslen);
+int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+                     size_t siglen, const unsigned char *tbs,
+                     size_t tbslen);
+ +

The digestsign() and digestverify() methods are used to generate or verify a signature in a one-shot mode. They could be called by EVP_DigestSign(3) and EVP_DigestVerify(3).

+ +
int (*check) (EVP_PKEY *pkey);
+int (*public_check) (EVP_PKEY *pkey);
+int (*param_check) (EVP_PKEY *pkey);
+ +

The check(), public_check() and param_check() methods are used to validate a key-pair, the public component and parameters respectively for a given pkey. They could be called by EVP_PKEY_check(3), EVP_PKEY_public_check(3) and EVP_PKEY_param_check(3) respectively.

+ +
int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+ +

The digest_custom() method is used to generate customized digest content before the real message is passed to functions like EVP_DigestSignUpdate(3) or EVP_DigestVerifyInit(3). This is usually required by some public key signature algorithms like SM2 which requires a hashed prefix to the message to be signed. The digest_custom() function will be called by EVP_DigestSignInit(3) and EVP_DigestVerifyInit(3).

+ +

Functions

+ +

EVP_PKEY_meth_new() creates and returns a new EVP_PKEY_METHOD object, and associates the given id and flags. The following flags are supported:

+ +
EVP_PKEY_FLAG_AUTOARGLEN
+EVP_PKEY_FLAG_SIGCTX_CUSTOM
+ +

If an EVP_PKEY_METHOD is set with the EVP_PKEY_FLAG_AUTOARGLEN flag, the maximum size of the output buffer will be automatically calculated or checked in corresponding EVP methods by the EVP framework. Thus the implementations of these methods don't need to care about handling the case of returning output buffer size by themselves. For details on the output buffer size, refer to EVP_PKEY_sign(3).

+ +

The EVP_PKEY_FLAG_SIGCTX_CUSTOM is used to indicate the signctx() method of an EVP_PKEY_METHOD is always called by the EVP framework while doing a digest signing operation by calling EVP_DigestSignFinal(3).

+ +

EVP_PKEY_meth_free() frees an existing EVP_PKEY_METHOD pointed by pmeth.

+ +

EVP_PKEY_meth_copy() copies an EVP_PKEY_METHOD object from src to dst.

+ +

EVP_PKEY_meth_find() finds an EVP_PKEY_METHOD object with the id. This function first searches through the user-defined method objects and then the built-in objects.

+ +

EVP_PKEY_meth_add0() adds pmeth to the user defined stack of methods.

+ +

EVP_PKEY_meth_remove() removes an EVP_PKEY_METHOD object added by EVP_PKEY_meth_add0().

+ +

The EVP_PKEY_meth_set functions set the corresponding fields of EVP_PKEY_METHOD structure with the arguments passed.

+ +

The EVP_PKEY_meth_get functions get the corresponding fields of EVP_PKEY_METHOD structure to the arguments provided.

+ +

RETURN VALUES

+ +

EVP_PKEY_meth_new() returns a pointer to a new EVP_PKEY_METHOD object or returns NULL on error.

+ +

EVP_PKEY_meth_free() and EVP_PKEY_meth_copy() do not return values.

+ +

EVP_PKEY_meth_find() returns a pointer to the found EVP_PKEY_METHOD object or returns NULL if not found.

+ +

EVP_PKEY_meth_add0() returns 1 if method is added successfully or 0 if an error occurred.

+ +

EVP_PKEY_meth_remove() returns 1 if method is removed successfully or 0 if an error occurred.

+ +

All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return values. For the 'get' functions, function pointers are returned by arguments.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_new.html new file mode 100644 index 00000000..6ded6b5e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_new.html @@ -0,0 +1,106 @@ + + + + +EVP_PKEY_new + + + + + + + + + + +

NAME

+ +

EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free, EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key, EVP_PKEY_new_CMAC_key, EVP_PKEY_new_mac_key, EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key - public/private key allocation and raw key handling functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_PKEY *EVP_PKEY_new(void);
+int EVP_PKEY_up_ref(EVP_PKEY *key);
+void EVP_PKEY_free(EVP_PKEY *key);
+
+EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
+                                       const unsigned char *key, size_t keylen);
+EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
+                                      const unsigned char *key, size_t keylen);
+EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
+                                size_t len, const EVP_CIPHER *cipher);
+EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key,
+                               int keylen);
+
+int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                 size_t *len);
+int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
+                                size_t *len);
+ +

DESCRIPTION

+ +

The EVP_PKEY_new() function allocates an empty EVP_PKEY structure which is used by OpenSSL to store public and private keys. The reference count is set to 1.

+ +

EVP_PKEY_up_ref() increments the reference count of key.

+ +

EVP_PKEY_free() decrements the reference count of key and, if the reference count is zero, frees it up. If key is NULL, nothing is done.

+ +

EVP_PKEY_new_raw_private_key() allocates a new EVP_PKEY. If e is non-NULL then the new EVP_PKEY structure is associated with the engine e. The type argument indicates what kind of key this is. The value should be a NID for a public key algorithm that supports raw private keys, i.e. one of EVP_PKEY_HMAC, EVP_PKEY_POLY1305, EVP_PKEY_SIPHASH, EVP_PKEY_X25519, EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448. key points to the raw private key data for this EVP_PKEY which should be of length keylen. The length should be appropriate for the type of the key. The public key data will be automatically derived from the given private key data (if appropriate for the algorithm type).

+ +

EVP_PKEY_new_raw_public_key() works in the same way as EVP_PKEY_new_raw_private_key() except that key points to the raw public key data. The EVP_PKEY structure will be initialised without any private key information. Algorithm types that support raw public keys are EVP_PKEY_X25519, EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448.

+ +

EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key() except it is only for the EVP_PKEY_CMAC algorithm type. In addition to the raw private key data, it also takes a cipher algorithm to be used during creation of a CMAC in the cipher argument.

+ +

EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key(). New applications should use EVP_PKEY_new_raw_private_key() instead.

+ +

EVP_PKEY_get_raw_private_key() fills the buffer provided by priv with raw private key data. The size of the priv buffer should be in *len on entry to the function, and on exit *len is updated with the number of bytes actually written. If the buffer priv is NULL then *len is populated with the number of bytes required to hold the key. The calling application is responsible for ensuring that the buffer is large enough to receive the private key data. This function only works for algorithms that support raw private keys. Currently this is: EVP_PKEY_HMAC, EVP_PKEY_POLY1305, EVP_PKEY_SIPHASH, EVP_PKEY_X25519, EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448.

+ +

EVP_PKEY_get_raw_public_key() fills the buffer provided by pub with raw public key data. The size of the pub buffer should be in *len on entry to the function, and on exit *len is updated with the number of bytes actually written. If the buffer pub is NULL then *len is populated with the number of bytes required to hold the key. The calling application is responsible for ensuring that the buffer is large enough to receive the public key data. This function only works for algorithms that support raw public keys. Currently this is: EVP_PKEY_X25519, EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448.

+ +

NOTES

+ +

The EVP_PKEY structure is used by various OpenSSL functions which require a general private key without reference to any particular algorithm.

+ +

The structure returned by EVP_PKEY_new() is empty. To add a private or public key to this empty structure use the appropriate functions described in EVP_PKEY_set1_RSA(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or EVP_PKEY_set1_EC_KEY.

+ +

RETURN VALUES

+ +

EVP_PKEY_new(), EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), EVP_PKEY_new_CMAC_key() and EVP_PKEY_new_mac_key() return either the newly allocated EVP_PKEY structure or NULL if an error occurred.

+ +

EVP_PKEY_up_ref(), EVP_PKEY_get_raw_private_key() and EVP_PKEY_get_raw_public_key() return 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

EVP_PKEY_set1_RSA(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or EVP_PKEY_set1_EC_KEY

+ +

HISTORY

+ +

The EVP_PKEY_new() and EVP_PKEY_free() functions exist in all versions of OpenSSL.

+ +

The EVP_PKEY_up_ref() function was added in OpenSSL 1.1.0.

+ +

The EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), EVP_PKEY_new_CMAC_key(), EVP_PKEY_new_raw_private_key() and EVP_PKEY_get_raw_public_key() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_print_private.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_print_private.html new file mode 100644 index 00000000..4ef35295 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_print_private.html @@ -0,0 +1,75 @@ + + + + +EVP_PKEY_print_private + + + + + + + + + + +

NAME

+ +

EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public key algorithm printing routines

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                           int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx);
+ +

DESCRIPTION

+ +

The functions EVP_PKEY_print_public(), EVP_PKEY_print_private() and EVP_PKEY_print_params() print out the public, private or parameter components of key pkey respectively. The key is sent to BIO out in human readable form. The parameter indent indicated how far the printout should be indented.

+ +

The pctx parameter allows the print output to be finely tuned by using ASN1 printing options. If pctx is set to NULL then default values will be used.

+ +

NOTES

+ +

Currently no public key algorithms include any options in the pctx parameter.

+ +

If the key does not include all the components indicated by the function then only those contained in the key will be printed. For example passing a public key to EVP_PKEY_print_private() will only print the public components.

+ +

RETURN VALUES

+ +

These functions all return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_keygen(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_set1_RSA.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_set1_RSA.html new file mode 100644 index 00000000..897f8578 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_set1_RSA.html @@ -0,0 +1,135 @@ + + + + +EVP_PKEY_set1_RSA + + + + + + + + + + +

NAME

+ +

EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
+
+RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
+const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
+const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
+DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
+DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
+EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
+
+int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
+int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
+int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
+int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
+int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
+int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
+
+int EVP_PKEY_id(const EVP_PKEY *pkey);
+int EVP_PKEY_base_id(const EVP_PKEY *pkey);
+int EVP_PKEY_type(int type);
+int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
+
+ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey);
+int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine);
+ +

DESCRIPTION

+ +

EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and EVP_PKEY_set1_EC_KEY() set the key referenced by pkey to key.

+ +

EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() return the referenced key in pkey or NULL if the key is not of the correct type.

+ +

EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() also return the referenced key in pkey or NULL if the key is not of the correct type but the reference count of the returned key is not incremented and so must not be freed up after use.

+ +

EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and EVP_PKEY_assign_SIPHASH() also set the referenced key to key however these use the supplied key internally and so key will be freed when the parent pkey is freed.

+ +

EVP_PKEY_base_id() returns the type of pkey. For example an RSA key will return EVP_PKEY_RSA.

+ +

EVP_PKEY_id() returns the actual OID associated with pkey. Historically keys using the same algorithm could use different OIDs. For example an RSA key could use the OIDs corresponding to the NIDs NID_rsaEncryption (equivalent to EVP_PKEY_RSA) or NID_rsa (equivalent to EVP_PKEY_RSA2). The use of alternative non-standard OIDs is now rare so EVP_PKEY_RSA2 et al are not often seen in practice.

+ +

EVP_PKEY_type() returns the underlying type of the NID type. For example EVP_PKEY_type(EVP_PKEY_RSA2) will return EVP_PKEY_RSA.

+ +

EVP_PKEY_get0_engine() returns a reference to the ENGINE handling pkey.

+ +

EVP_PKEY_set1_engine() sets the ENGINE handling pkey to engine. It must be called after the key algorithm and components are set up. If engine does not include an EVP_PKEY_METHOD for pkey an error occurs.

+ +

EVP_PKEY_set_alias_type() allows modifying a EVP_PKEY to use a different set of algorithms than the default. This is currently used to support SM2 keys, which use an identical encoding to ECDSA.

+ +

NOTES

+ +

In accordance with the OpenSSL naming convention the key obtained from or assigned to the pkey using the 1 functions must be freed as well as pkey.

+ +

EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and EVP_PKEY_assign_SIPHASH() are implemented as macros.

+ +

Most applications wishing to know a key type will simply call EVP_PKEY_base_id() and will not care about the actual type: which will be identical in almost all cases.

+ +

Previous versions of this document suggested using EVP_PKEY_type(pkey->type) to determine the type of a key. Since EVP_PKEY is now opaque this is no longer possible: the equivalent is EVP_PKEY_base_id(pkey).

+ +

EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM key as part of its routine to load a private key.

+ +

RETURN VALUES

+ +

EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.

+ +

EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() return the referenced key or NULL if an error occurred.

+ +

EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure.

+ +

EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key type or NID_undef (equivalently EVP_PKEY_NONE) on error.

+ +

EVP_PKEY_set1_engine() returns 1 for success and 0 for failure.

+ +

EVP_PKEY_set_alias_type() returns 1 for success and 0 for error.

+ +

EXAMPLES

+ +

After loading an ECC key, it is possible to convert it to using SM2 algorithms with EVP_PKEY_set_alias_type:

+ +
EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
+ +

SEE ALSO

+ +

EVP_PKEY_new(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_sign.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_sign.html new file mode 100644 index 00000000..eb7ef7a7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_sign.html @@ -0,0 +1,118 @@ + + + + +EVP_PKEY_sign + + + + + + + + + + +

NAME

+ +

EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                  unsigned char *sig, size_t *siglen,
+                  const unsigned char *tbs, size_t tbslen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_sign_init() function initializes a public key algorithm context using key pkey for a signing operation.

+ +

The EVP_PKEY_sign() function performs a public key signing operation using ctx. The data to be signed is specified using the tbs and tbslen parameters. If sig is NULL then the maximum size of the output buffer is written to the siglen parameter. If sig is not NULL then before the call the siglen parameter should contain the length of the sig buffer, if the call is successful the signature is written to sig and the amount of data written to siglen.

+ +

NOTES

+ +

EVP_PKEY_sign() does not hash the data to be signed, and therefore is normally used to sign digests. For signing arbitrary messages, see the EVP_DigestSignInit(3) and EVP_SignInit(3) signing interfaces instead.

+ +

After the call to EVP_PKEY_sign_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation (see EVP_PKEY_CTX_ctrl(3)).

+ +

The function EVP_PKEY_sign() can be called more than once on the same context if several operations are performed using the same parameters.

+ +

RETURN VALUES

+ +

EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

Sign data using RSA with PKCS#1 padding and SHA256 digest:

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+EVP_PKEY_CTX *ctx;
+/* md is a SHA-256 digest in this example. */
+unsigned char *md, *sig;
+size_t mdlen = 32, siglen;
+EVP_PKEY *signing_key;
+
+/*
+ * NB: assumes signing_key and md are set up before the next
+ * step. signing_key must be an RSA private key and md must
+ * point to the SHA-256 digest to be signed.
+ */
+ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_sign_init(ctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+    /* Error */
+
+/* Determine buffer length */
+if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
+    /* Error */
+
+sig = OPENSSL_malloc(siglen);
+
+if (!sig)
+    /* malloc failure */
+
+if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
+    /* Error */
+
+/* Signature is siglen bytes written to buffer sig */
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3), EVP_PKEY_derive(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_size.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_size.html new file mode 100644 index 00000000..e6eeb69d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_size.html @@ -0,0 +1,71 @@ + + + + +EVP_PKEY_size + + + + + + + + + + +

NAME

+ +

EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits - EVP_PKEY information functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_size(const EVP_PKEY *pkey);
+int EVP_PKEY_bits(const EVP_PKEY *pkey);
+int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
+ +

DESCRIPTION

+ +

EVP_PKEY_size() returns the maximum suitable size for the output buffers for almost all operations that can be done with pkey. The primary documented use is with EVP_SignFinal(3) and EVP_SealInit(3), but it isn't limited there. The returned size is also large enough for the output buffer of EVP_PKEY_sign(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_derive(3).

+ +

It must be stressed that, unless the documentation for the operation that's being performed says otherwise, the size returned by EVP_PKEY_size() is only preliminary and not exact, so the final contents of the target buffer may be smaller. It is therefore crucial to take note of the size given back by the function that performs the operation, such as EVP_PKEY_sign(3) (the siglen argument will receive that length), to avoid bugs.

+ +

EVP_PKEY_bits() returns the cryptographic length of the cryptosystem to which the key in pkey belongs, in bits. Note that the definition of cryptographic length is specific to the key cryptosystem.

+ +

EVP_PKEY_security_bits() returns the number of security bits of the given pkey, bits of security is defined in NIST SP800-57.

+ +

RETURN VALUES

+ +

EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits() return a positive number, or 0 if this size isn't available.

+ +

NOTES

+ +

Most functions that have an output buffer and are mentioned with EVP_PKEY_size() have a functionality where you can pass NULL for the buffer and still pass a pointer to an integer and get the exact size that this function call delivers in the context that it's called in. This allows those functions to be called twice, once to find out the exact buffer size, then allocate the buffer in between, and call that function again actually output the data. For those functions, it isn't strictly necessary to call EVP_PKEY_size() to find out the buffer size, but may be useful in cases where it's desirable to know the upper limit in advance.

+ +

It should also be especially noted that EVP_PKEY_size() shouldn't be used to get the output size for EVP_DigestSignFinal(), according to "NOTES" in EVP_DigestSignFinal(3).

+ +

SEE ALSO

+ +

EVP_SignFinal(3), EVP_SealInit(3), EVP_PKEY_sign(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_verify.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_verify.html new file mode 100644 index 00000000..318aa28d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_verify.html @@ -0,0 +1,110 @@ + + + + +EVP_PKEY_verify + + + + + + + + + + +

NAME

+ +

EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public key algorithm

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                    const unsigned char *sig, size_t siglen,
+                    const unsigned char *tbs, size_t tbslen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_verify_init() function initializes a public key algorithm context using key pkey for a signature verification operation.

+ +

The EVP_PKEY_verify() function performs a public key verification operation using ctx. The signature is specified using the sig and siglen parameters. The verified data (i.e. the data believed originally signed) is specified using the tbs and tbslen parameters.

+ +

NOTES

+ +

After the call to EVP_PKEY_verify_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation.

+ +

The function EVP_PKEY_verify() can be called more than once on the same context if several operations are performed using the same parameters.

+ +

RETURN VALUES

+ +

EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was successful and 0 if it failed. Unlike other functions the return value 0 from EVP_PKEY_verify() only indicates that the signature did not verify successfully (that is tbs did not match the original data or the signature was of invalid form) it is not an indication of a more serious error.

+ +

A negative value indicates an error other that signature verification failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

Verify signature using PKCS#1 and SHA256 digest:

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+EVP_PKEY_CTX *ctx;
+unsigned char *md, *sig;
+size_t mdlen, siglen;
+EVP_PKEY *verify_key;
+
+/*
+ * NB: assumes verify_key, sig, siglen md and mdlen are already set up
+ * and that verify_key is an RSA public key
+ */
+ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_verify_init(ctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+    /* Error */
+
+/* Perform operation */
+ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
+
+/*
+ * ret == 1 indicates success, 0 verify failure and < 0 for some
+ * other error.
+ */
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify_recover(3), EVP_PKEY_derive(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_verify_recover.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_verify_recover.html new file mode 100644 index 00000000..4accc148 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_PKEY_verify_recover.html @@ -0,0 +1,118 @@ + + + + +EVP_PKEY_verify_recover + + + + + + + + + + +

NAME

+ +

EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using a public key algorithm

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                            unsigned char *rout, size_t *routlen,
+                            const unsigned char *sig, size_t siglen);
+ +

DESCRIPTION

+ +

The EVP_PKEY_verify_recover_init() function initializes a public key algorithm context using key pkey for a verify recover operation.

+ +

The EVP_PKEY_verify_recover() function recovers signed data using ctx. The signature is specified using the sig and siglen parameters. If rout is NULL then the maximum size of the output buffer is written to the routlen parameter. If rout is not NULL then before the call the routlen parameter should contain the length of the rout buffer, if the call is successful recovered data is written to rout and the amount of data written to routlen.

+ +

NOTES

+ +

Normally an application is only interested in whether a signature verification operation is successful in those cases the EVP_verify() function should be used.

+ +

Sometimes however it is useful to obtain the data originally signed using a signing operation. Only certain public key algorithms can recover a signature in this way (for example RSA in PKCS padding mode).

+ +

After the call to EVP_PKEY_verify_recover_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation.

+ +

The function EVP_PKEY_verify_recover() can be called more than once on the same context if several operations are performed using the same parameters.

+ +

RETURN VALUES

+ +

EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm.

+ +

EXAMPLES

+ +

Recover digest originally signed using PKCS#1 and SHA256 digest:

+ +
#include <openssl/evp.h>
+#include <openssl/rsa.h>
+
+EVP_PKEY_CTX *ctx;
+unsigned char *rout, *sig;
+size_t routlen, siglen;
+EVP_PKEY *verify_key;
+
+/*
+ * NB: assumes verify_key, sig and siglen are already set up
+ * and that verify_key is an RSA public key
+ */
+ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
+if (!ctx)
+    /* Error occurred */
+if (EVP_PKEY_verify_recover_init(ctx) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+    /* Error */
+if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+    /* Error */
+
+/* Determine buffer length */
+if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
+    /* Error */
+
+rout = OPENSSL_malloc(routlen);
+
+if (!rout)
+    /* malloc failure */
+
+if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
+    /* Error */
+
+/* Recovered data is routlen bytes written to buffer rout */
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_derive(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_SealInit.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_SealInit.html new file mode 100644 index 00000000..670bea7b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_SealInit.html @@ -0,0 +1,82 @@ + + + + +EVP_SealInit + + + + + + + + + + +

NAME

+ +

EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                 unsigned char **ek, int *ekl, unsigned char *iv,
+                 EVP_PKEY **pubk, int npubk);
+int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                   int *outl, unsigned char *in, int inl);
+int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+ +

DESCRIPTION

+ +

The EVP envelope routines are a high level interface to envelope encryption. They generate a random key and IV (if required) then "envelope" it by using public key encryption. Data can then be encrypted using this key.

+ +

EVP_SealInit() initializes a cipher context ctx for encryption with cipher type using a random secret key and IV. type is normally supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted using one or more public keys, this allows the same encrypted data to be decrypted using any of the corresponding private keys. ek is an array of buffers where the public key encrypted secret key will be written, each buffer must contain enough room for the corresponding encrypted key: that is ek[i] must have room for EVP_PKEY_size(pubk[i]) bytes. The actual size of each encrypted secret key is written to the array ekl. pubk is an array of npubk public keys.

+ +

The iv parameter is a buffer where the generated IV is written to. It must contain enough room for the corresponding cipher's IV, as determined by (for example) EVP_CIPHER_iv_length(type).

+ +

If the cipher does not require an IV then the iv parameter is ignored and can be NULL.

+ +

EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as documented on the EVP_EncryptInit(3) manual page.

+ +

RETURN VALUES

+ +

EVP_SealInit() returns 0 on error or npubk if successful.

+ +

EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for failure.

+ +

NOTES

+ +

Because a random secret key is generated the random number generator must be seeded when EVP_SealInit() is called. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

The public key must be RSA because it is the only OpenSSL public key algorithm that supports key transport.

+ +

Envelope encryption is the usual method of using public key encryption on large amounts of data, this is because public key encryption is slow but symmetric encryption is fast. So symmetric encryption is used for bulk encryption and the small random symmetric key used is transferred using public key encryption.

+ +

It is possible to call EVP_SealInit() twice in the same way as EVP_EncryptInit(). The first call should have npubk set to 0 and (after setting any cipher parameters) it should be called again with type set to NULL.

+ +

SEE ALSO

+ +

evp(7), RAND_bytes(3), EVP_EncryptInit(3), EVP_OpenInit(3), RAND(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_SignInit.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_SignInit.html new file mode 100644 index 00000000..6821f115 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_SignInit.html @@ -0,0 +1,92 @@ + + + + +EVP_SignInit + + + + + + + + + + +

NAME

+ +

EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal - EVP signing functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey);
+
+void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ +

DESCRIPTION

+ +

The EVP signature routines are a high level interface to digital signatures.

+ +

EVP_SignInit_ex() sets up signing context ctx to use digest type from ENGINE impl. ctx must be created with EVP_MD_CTX_new() before calling this function.

+ +

EVP_SignUpdate() hashes cnt bytes of data at d into the signature context ctx. This function can be called several times on the same ctx to include additional data.

+ +

EVP_SignFinal() signs the data in ctx using the private key pkey and places the signature in sig. sig must be at least EVP_PKEY_size(pkey) bytes in size. s is an OUT parameter, and not used as an IN parameter. The number of bytes of data written (i.e. the length of the signature) will be written to the integer at s, at most EVP_PKEY_size(pkey) bytes will be written.

+ +

EVP_SignInit() initializes a signing context ctx to use the default implementation of digest type.

+ +

RETURN VALUES

+ +

EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1 for success and 0 for failure.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

NOTES

+ +

The EVP interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible.

+ +

When signing with DSA private keys the random number generator must be seeded. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail. This requirement does not hold for RSA signatures.

+ +

The call to EVP_SignFinal() internally finalizes a copy of the digest context. This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called later to digest and sign additional data.

+ +

Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur.

+ +

BUGS

+ +

Older versions of this documentation wrongly stated that calls to EVP_SignUpdate() could not be made after calling EVP_SignFinal().

+ +

Since the private key is passed in the call to EVP_SignFinal() any error relating to the private key (for example an unsuitable key and digest combination) will not be indicated until after potentially large amounts of data have been passed through EVP_SignUpdate().

+ +

It is not possible to change the signing parameters using these function.

+ +

The previous two bugs are fixed in the newer EVP_SignDigest*() function.

+ +

SEE ALSO

+ +

EVP_PKEY_size(3), EVP_PKEY_bits(3), EVP_PKEY_security_bits(3), EVP_VerifyInit(3), EVP_DigestInit(3), evp(7), HMAC(3), MD2(3), MD5(3), MDC2(3), RIPEMD160(3), SHA1(3), dgst(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_VerifyInit.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_VerifyInit.html new file mode 100644 index 00000000..8a0d589f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_VerifyInit.html @@ -0,0 +1,93 @@ + + + + +EVP_VerifyInit + + + + + + + + + + +

NAME

+ +

EVP_VerifyInit_ex, EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen,
+                    EVP_PKEY *pkey);
+
+int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ +

DESCRIPTION

+ +

The EVP signature verification routines are a high level interface to digital signatures.

+ +

EVP_VerifyInit_ex() sets up verification context ctx to use digest type from ENGINE impl. ctx must be created by calling EVP_MD_CTX_new() before calling this function.

+ +

EVP_VerifyUpdate() hashes cnt bytes of data at d into the verification context ctx. This function can be called several times on the same ctx to include additional data.

+ +

EVP_VerifyFinal() verifies the data in ctx using the public key pkey and against the siglen bytes at sigbuf.

+ +

EVP_VerifyInit() initializes verification context ctx to use the default implementation of digest type.

+ +

RETURN VALUES

+ +

EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for failure.

+ +

EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some other error occurred.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

NOTES

+ +

The EVP interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible.

+ +

The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data.

+ +

Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur.

+ +

BUGS

+ +

Older versions of this documentation wrongly stated that calls to EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().

+ +

Since the public key is passed in the call to EVP_SignFinal() any error relating to the private key (for example an unsuitable key and digest combination) will not be indicated until after potentially large amounts of data have been passed through EVP_SignUpdate().

+ +

It is not possible to change the signing parameters using these function.

+ +

The previous two bugs are fixed in the newer EVP_DigestVerify*() function.

+ +

SEE ALSO

+ +

evp(7), EVP_SignInit(3), EVP_DigestInit(3), evp(7), HMAC(3), MD2(3), MD5(3), MDC2(3), RIPEMD160(3), SHA1(3), dgst(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_aes.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_aes.html new file mode 100644 index 00000000..c14b857c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_aes.html @@ -0,0 +1,108 @@ + + + + +EVP_aes + + + + + + + + + + +

NAME

+ +

EVP_aes_128_cbc, EVP_aes_192_cbc, EVP_aes_256_cbc, EVP_aes_128_cfb, EVP_aes_192_cfb, EVP_aes_256_cfb, EVP_aes_128_cfb1, EVP_aes_192_cfb1, EVP_aes_256_cfb1, EVP_aes_128_cfb8, EVP_aes_192_cfb8, EVP_aes_256_cfb8, EVP_aes_128_cfb128, EVP_aes_192_cfb128, EVP_aes_256_cfb128, EVP_aes_128_ctr, EVP_aes_192_ctr, EVP_aes_256_ctr, EVP_aes_128_ecb, EVP_aes_192_ecb, EVP_aes_256_ecb, EVP_aes_128_ofb, EVP_aes_192_ofb, EVP_aes_256_ofb, EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1, EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256, EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ocb, EVP_aes_192_ocb, EVP_aes_256_ocb, EVP_aes_128_wrap, EVP_aes_192_wrap, EVP_aes_256_wrap, EVP_aes_128_wrap_pad, EVP_aes_192_wrap_pad, EVP_aes_256_wrap_pad, EVP_aes_128_xts, EVP_aes_256_xts - EVP AES cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_ciphername(void)
+ +

EVP_ciphername is used a placeholder for any of the described cipher functions, such as EVP_aes_128_cbc.

+ +

DESCRIPTION

+ +

The AES encryption algorithm for EVP.

+ +
+ +
EVP_aes_128_cbc(), EVP_aes_192_cbc(), EVP_aes_256_cbc(), EVP_aes_128_cfb(), EVP_aes_192_cfb(), EVP_aes_256_cfb(), EVP_aes_128_cfb1(), EVP_aes_192_cfb1(), EVP_aes_256_cfb1(), EVP_aes_128_cfb8(), EVP_aes_192_cfb8(), EVP_aes_256_cfb8(), EVP_aes_128_cfb128(), EVP_aes_192_cfb128(), EVP_aes_256_cfb128(), EVP_aes_128_ctr(), EVP_aes_192_ctr(), EVP_aes_256_ctr(), EVP_aes_128_ecb(), EVP_aes_192_ecb(), EVP_aes_256_ecb(), EVP_aes_128_ofb(), EVP_aes_192_ofb(), EVP_aes_256_ofb()
+
+ +

AES for 128, 192 and 256 bit keys in the following modes: CBC, CFB with 128-bit shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB, and OFB.

+ +
+
EVP_aes_128_cbc_hmac_sha1(), EVP_aes_256_cbc_hmac_sha1()
+
+ +

Authenticated encryption with AES in CBC mode using SHA-1 as HMAC, with keys of 128 and 256 bits length respectively. The authentication tag is 160 bits long.

+ +

WARNING: this is not intended for usage outside of TLS and requires calling of some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD interface.

+ +
+
EVP_aes_128_cbc_hmac_sha256(), EVP_aes_256_cbc_hmac_sha256()
+
+ +

Authenticated encryption with AES in CBC mode using SHA256 (SHA-2, 256-bits) as HMAC, with keys of 128 and 256 bits length respectively. The authentication tag is 256 bits long.

+ +

WARNING: this is not intended for usage outside of TLS and requires calling of some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD interface.

+ +
+
EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm(), EVP_aes_128_gcm(), EVP_aes_192_gcm(), EVP_aes_256_gcm(), EVP_aes_128_ocb(), EVP_aes_192_ocb(), EVP_aes_256_ocb()
+
+ +

AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM), Galois Counter Mode (GCM) and OCB Mode respectively. These ciphers require additional control operations to function correctly, see the "AEAD Interface" in EVP_EncryptInit(3) section for details.

+ +
+
EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_256_wrap_pad()
+
+ +

AES key wrap with 128, 192 and 256 bit keys, as according to RFC 3394 section 2.2.1 ("wrap") and RFC 5649 section 4.1 ("wrap with padding") respectively.

+ +
+
EVP_aes_128_xts(), EVP_aes_256_xts()
+
+ +

AES XTS mode (XTS-AES) is standardized in IEEE Std. 1619-2007 and described in NIST SP 800-38E. The XTS (XEX-based tweaked-codebook mode with ciphertext stealing) mode was designed by Prof. Phillip Rogaway of University of California, Davis, intended for encrypting data on a storage device.

+ +

XTS-AES provides confidentiality but not authentication of data. It also requires a key of double-length for protection of a certain key size. In particular, XTS-AES-128 (EVP_aes_128_xts) takes input of a 256-bit key to achieve AES 128-bit security, and XTS-AES-256 (EVP_aes_256_xts) takes input of a 512-bit key to achieve AES 256-bit security.

+ +

The XTS implementation in OpenSSL does not support streaming. That is there must only be one EVP_EncryptUpdate(3) call per EVP_EncryptInit_ex(3) call (and similarly with the "Decrypt" functions).

+ +

The iv parameter to EVP_EncryptInit_ex(3) or EVP_DecryptInit_ex(3) is the XTS "tweak" value.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_aria.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_aria.html new file mode 100644 index 00000000..55948541 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_aria.html @@ -0,0 +1,74 @@ + + + + +EVP_aria + + + + + + + + + + +

NAME

+ +

EVP_aria_128_cbc, EVP_aria_192_cbc, EVP_aria_256_cbc, EVP_aria_128_cfb, EVP_aria_192_cfb, EVP_aria_256_cfb, EVP_aria_128_cfb1, EVP_aria_192_cfb1, EVP_aria_256_cfb1, EVP_aria_128_cfb8, EVP_aria_192_cfb8, EVP_aria_256_cfb8, EVP_aria_128_cfb128, EVP_aria_192_cfb128, EVP_aria_256_cfb128, EVP_aria_128_ctr, EVP_aria_192_ctr, EVP_aria_256_ctr, EVP_aria_128_ecb, EVP_aria_192_ecb, EVP_aria_256_ecb, EVP_aria_128_ofb, EVP_aria_192_ofb, EVP_aria_256_ofb, EVP_aria_128_ccm, EVP_aria_192_ccm, EVP_aria_256_ccm, EVP_aria_128_gcm, EVP_aria_192_gcm, EVP_aria_256_gcm, - EVP ARIA cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_ciphername(void)
+ +

EVP_ciphername is used a placeholder for any of the described cipher functions, such as EVP_aria_128_cbc.

+ +

DESCRIPTION

+ +

The ARIA encryption algorithm for EVP.

+ +
+ +
EVP_aria_128_cbc(), EVP_aria_192_cbc(), EVP_aria_256_cbc(), EVP_aria_128_cfb(), EVP_aria_192_cfb(), EVP_aria_256_cfb(), EVP_aria_128_cfb1(), EVP_aria_192_cfb1(), EVP_aria_256_cfb1(), EVP_aria_128_cfb8(), EVP_aria_192_cfb8(), EVP_aria_256_cfb8(), EVP_aria_128_cfb128(), EVP_aria_192_cfb128(), EVP_aria_256_cfb128(), EVP_aria_128_ctr(), EVP_aria_192_ctr(), EVP_aria_256_ctr(), EVP_aria_128_ecb(), EVP_aria_192_ecb(), EVP_aria_256_ecb(), EVP_aria_128_ofb(), EVP_aria_192_ofb(), EVP_aria_256_ofb()
+
+ +

ARIA for 128, 192 and 256 bit keys in the following modes: CBC, CFB with 128-bit shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB and OFB.

+ +
+
EVP_aria_128_ccm(), EVP_aria_192_ccm(), EVP_aria_256_ccm(), EVP_aria_128_gcm(), EVP_aria_192_gcm(), EVP_aria_256_gcm(),
+
+ +

ARIA for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM) and Galois Counter Mode (GCM). These ciphers require additional control operations to function correctly, see the "AEAD Interface" in EVP_EncryptInit(3) section for details.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_bf_cbc.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_bf_cbc.html new file mode 100644 index 00000000..4c6303ad --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_bf_cbc.html @@ -0,0 +1,72 @@ + + + + +EVP_bf_cbc + + + + + + + + + + +

NAME

+ +

EVP_bf_cbc, EVP_bf_cfb, EVP_bf_cfb64, EVP_bf_ecb, EVP_bf_ofb - EVP Blowfish cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_bf_cbc(void)
+const EVP_CIPHER *EVP_bf_cfb(void)
+const EVP_CIPHER *EVP_bf_cfb64(void)
+const EVP_CIPHER *EVP_bf_ecb(void)
+const EVP_CIPHER *EVP_bf_ofb(void)
+ +

DESCRIPTION

+ +

The Blowfish encryption algorithm for EVP.

+ +

This is a variable key length cipher.

+ +
+ +
EVP_bf_cbc(), EVP_bf_cfb(), EVP_bf_cfb64(), EVP_bf_ecb(), EVP_bf_ofb()
+
+ +

Blowfish encryption algorithm in CBC, CFB, ECB and OFB modes respectively.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_blake2b512.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_blake2b512.html new file mode 100644 index 00000000..39dee2b0 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_blake2b512.html @@ -0,0 +1,83 @@ + + + + +EVP_blake2b512 + + + + + + + + + + +

NAME

+ +

EVP_blake2b512, EVP_blake2s256 - BLAKE2 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_blake2b512(void);
+const EVP_MD *EVP_blake2s256(void);
+ +

DESCRIPTION

+ +

BLAKE2 is an improved version of BLAKE, which was submitted to the NIST SHA-3 algorithm competition. The BLAKE2s and BLAKE2b algorithms are described in RFC 7693.

+ +
+ +
EVP_blake2s256()
+
+ +

The BLAKE2s algorithm that produces a 256-bit output from a given input.

+ +
+
EVP_blake2b512()
+
+ +

The BLAKE2b algorithm that produces a 512-bit output from a given input.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

RFC 7693.

+ +

NOTES

+ +

While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, this implementation outputs a digest of a fixed length (the maximum length supported), which is 512-bits for BLAKE2b and 256-bits for BLAKE2s.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_camellia.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_camellia.html new file mode 100644 index 00000000..c6eff3a1 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_camellia.html @@ -0,0 +1,68 @@ + + + + +EVP_camellia + + + + + + + + + + +

NAME

+ +

EVP_camellia_128_cbc, EVP_camellia_192_cbc, EVP_camellia_256_cbc, EVP_camellia_128_cfb, EVP_camellia_192_cfb, EVP_camellia_256_cfb, EVP_camellia_128_cfb1, EVP_camellia_192_cfb1, EVP_camellia_256_cfb1, EVP_camellia_128_cfb8, EVP_camellia_192_cfb8, EVP_camellia_256_cfb8, EVP_camellia_128_cfb128, EVP_camellia_192_cfb128, EVP_camellia_256_cfb128, EVP_camellia_128_ctr, EVP_camellia_192_ctr, EVP_camellia_256_ctr, EVP_camellia_128_ecb, EVP_camellia_192_ecb, EVP_camellia_256_ecb, EVP_camellia_128_ofb, EVP_camellia_192_ofb, EVP_camellia_256_ofb - EVP Camellia cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_ciphername(void)
+ +

EVP_ciphername is used a placeholder for any of the described cipher functions, such as EVP_camellia_128_cbc.

+ +

DESCRIPTION

+ +

The Camellia encryption algorithm for EVP.

+ +
+ +
EVP_camellia_128_cbc(), EVP_camellia_192_cbc(), EVP_camellia_256_cbc(), EVP_camellia_128_cfb(), EVP_camellia_192_cfb(), EVP_camellia_256_cfb(), EVP_camellia_128_cfb1(), EVP_camellia_192_cfb1(), EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), EVP_camellia_128_cfb128(), EVP_camellia_192_cfb128(), EVP_camellia_256_cfb128(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), EVP_camellia_128_ecb(), EVP_camellia_192_ecb(), EVP_camellia_256_ecb(), EVP_camellia_128_ofb(), EVP_camellia_192_ofb(), EVP_camellia_256_ofb()
+
+ +

Camellia for 128, 192 and 256 bit keys in the following modes: CBC, CFB with 128-bit shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB and OFB.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_cast5_cbc.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_cast5_cbc.html new file mode 100644 index 00000000..a1c37dda --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_cast5_cbc.html @@ -0,0 +1,72 @@ + + + + +EVP_cast5_cbc + + + + + + + + + + +

NAME

+ +

EVP_cast5_cbc, EVP_cast5_cfb, EVP_cast5_cfb64, EVP_cast5_ecb, EVP_cast5_ofb - EVP CAST cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_cast5_cbc(void)
+const EVP_CIPHER *EVP_cast5_cfb(void)
+const EVP_CIPHER *EVP_cast5_cfb64(void)
+const EVP_CIPHER *EVP_cast5_ecb(void)
+const EVP_CIPHER *EVP_cast5_ofb(void)
+ +

DESCRIPTION

+ +

The CAST encryption algorithm for EVP.

+ +

This is a variable key length cipher.

+ +
+ +
EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_cfb64(), EVP_cast5_ofb()
+
+ +

CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_chacha20.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_chacha20.html new file mode 100644 index 00000000..51ae0af4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_chacha20.html @@ -0,0 +1,79 @@ + + + + +EVP_chacha20 + + + + + + + + + + +

NAME

+ +

EVP_chacha20, EVP_chacha20_poly1305 - EVP ChaCha20 stream cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_chacha20(void)
+const EVP_CIPHER *EVP_chacha20_poly1305(void)
+ +

DESCRIPTION

+ +

The ChaCha20 stream cipher for EVP.

+ +
+ +
EVP_chacha20()
+
+ +

The ChaCha20 stream cipher. The key length is 256 bits, the IV is 128 bits long. The first 32 bits consists of a counter in little-endian order followed by a 96 bit nonce. For example a nonce of:

+ +

000000000000000000000002

+ +

With an initial counter of 42 (2a in hex) would be expressed as:

+ +

2a000000000000000000000000000002

+ +
+
EVP_chacha20_poly1305()
+
+ +

Authenticated encryption with ChaCha20-Poly1305. Like EVP_chacha20(), the key is 256 bits and the IV is 96 bits. This supports additional authenticated data (AAD) and produces a 128-bit authentication tag. See the "AEAD Interface" in EVP_EncryptInit(3) section for more information.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_des.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_des.html new file mode 100644 index 00000000..d463a0db --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_des.html @@ -0,0 +1,86 @@ + + + + +EVP_des + + + + + + + + + + +

NAME

+ +

EVP_des_cbc, EVP_des_cfb, EVP_des_cfb1, EVP_des_cfb8, EVP_des_cfb64, EVP_des_ecb, EVP_des_ofb, EVP_des_ede, EVP_des_ede_cbc, EVP_des_ede_cfb, EVP_des_ede_cfb64, EVP_des_ede_ecb, EVP_des_ede_ofb, EVP_des_ede3, EVP_des_ede3_cbc, EVP_des_ede3_cfb, EVP_des_ede3_cfb1, EVP_des_ede3_cfb8, EVP_des_ede3_cfb64, EVP_des_ede3_ecb, EVP_des_ede3_ofb, EVP_des_ede3_wrap - EVP DES cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_ciphername(void)
+ +

EVP_ciphername is used a placeholder for any of the described cipher functions, such as EVP_des_cbc.

+ +

DESCRIPTION

+ +

The DES encryption algorithm for EVP.

+ +
+ +
EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), EVP_des_cfb64(), EVP_des_ofb()
+
+ +

DES in CBC, ECB, CFB with 64-bit shift, CFB with 1-bit shift, CFB with 8-bit shift and OFB modes.

+ +
+
EVP_des_ede(), EVP_des_ede_cbc(), EVP_des_ede_cfb(), EVP_des_ede_cfb64(), EVP_des_ede_ecb(), EVP_des_ede_ofb()
+
+ +

Two key triple DES in ECB, CBC, CFB with 64-bit shift and OFB modes.

+ +
+
EVP_des_ede3(), EVP_des_ede3_cbc(), EVP_des_ede3_cfb(), EVP_des_ede3_cfb1(), EVP_des_ede3_cfb8(), EVP_des_ede3_cfb64(), EVP_des_ede3_ecb(), EVP_des_ede3_ofb()
+
+ +

Three-key triple DES in ECB, CBC, CFB with 64-bit shift, CFB with 1-bit shift, CFB with 8-bit shift and OFB modes.

+ +
+
EVP_des_ede3_wrap()
+
+ +

Triple-DES key wrap according to RFC 3217 Section 3.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_desx_cbc.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_desx_cbc.html new file mode 100644 index 00000000..db5ba954 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_desx_cbc.html @@ -0,0 +1,68 @@ + + + + +EVP_desx_cbc + + + + + + + + + + +

NAME

+ +

EVP_desx_cbc - EVP DES-X cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_desx_cbc(void)
+ +

DESCRIPTION

+ +

The DES-X encryption algorithm for EVP.

+ +

All modes below use a key length of 128 bits and acts on blocks of 128-bits.

+ +
+ +
EVP_desx_cbc()
+
+ +

The DES-X algorithm in CBC mode.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_idea_cbc.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_idea_cbc.html new file mode 100644 index 00000000..85ba7cd9 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_idea_cbc.html @@ -0,0 +1,70 @@ + + + + +EVP_idea_cbc + + + + + + + + + + +

NAME

+ +

EVP_idea_cbc, EVP_idea_cfb, EVP_idea_cfb64, EVP_idea_ecb, EVP_idea_ofb - EVP IDEA cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_idea_cbc(void)
+const EVP_CIPHER *EVP_idea_cfb(void)
+const EVP_CIPHER *EVP_idea_cfb64(void)
+const EVP_CIPHER *EVP_idea_ecb(void)
+const EVP_CIPHER *EVP_idea_ofb(void)
+ +

DESCRIPTION

+ +

The IDEA encryption algorithm for EVP.

+ +
+ +
EVP_idea_cbc(), EVP_idea_cfb(), EVP_idea_cfb64(), EVP_idea_ecb(), EVP_idea_ofb()
+
+ +

The IDEA encryption algorithm in CBC, CFB, ECB and OFB modes respectively.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_md2.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_md2.html new file mode 100644 index 00000000..9cf1d534 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_md2.html @@ -0,0 +1,71 @@ + + + + +EVP_md2 + + + + + + + + + + +

NAME

+ +

EVP_md2 - MD2 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_md2(void);
+ +

DESCRIPTION

+ +

MD2 is a cryptographic hash function standardized in RFC 1319 and designed by Ronald Rivest.

+ +
+ +
EVP_md2()
+
+ +

The MD2 algorithm which produces a 128-bit output from a given input.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

IETF RFC 1319.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_md4.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_md4.html new file mode 100644 index 00000000..cc4a6a3e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_md4.html @@ -0,0 +1,71 @@ + + + + +EVP_md4 + + + + + + + + + + +

NAME

+ +

EVP_md4 - MD4 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_md4(void);
+ +

DESCRIPTION

+ +

MD4 is a cryptographic hash function standardized in RFC 1320 and designed by Ronald Rivest, first published in 1990.

+ +
+ +
EVP_md4()
+
+ +

The MD4 algorithm which produces a 128-bit output from a given input.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

IETF RFC 1320.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_md5.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_md5.html new file mode 100644 index 00000000..edb4d8c4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_md5.html @@ -0,0 +1,82 @@ + + + + +EVP_md5 + + + + + + + + + + +

NAME

+ +

EVP_md5, EVP_md5_sha1 - MD5 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_md5(void);
+const EVP_MD *EVP_md5_sha1(void);
+ +

DESCRIPTION

+ +

MD5 is a cryptographic hash function standardized in RFC 1321 and designed by Ronald Rivest.

+ +

The CMU Software Engineering Institute considers MD5 unsuitable for further use since its security has been severely compromised.

+ +
+ +
EVP_md5()
+
+ +

The MD5 algorithm which produces a 128-bit output from a given input.

+ +
+
EVP_md5_sha1()
+
+ +

A hash algorithm of SSL v3 that combines MD5 with SHA-1 as described in RFC 6101.

+ +

WARNING: this algorithm is not intended for non-SSL usage.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

IETF RFC 1321.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_mdc2.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_mdc2.html new file mode 100644 index 00000000..8408d0b7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_mdc2.html @@ -0,0 +1,71 @@ + + + + +EVP_mdc2 + + + + + + + + + + +

NAME

+ +

EVP_mdc2 - MDC-2 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_mdc2(void);
+ +

DESCRIPTION

+ +

MDC-2 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic hash function based on a block cipher.

+ +
+ +
EVP_mdc2()
+
+ +

The MDC-2DES algorithm of using MDC-2 with the DES block cipher. It produces a 128-bit output from a given input.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

ISO/IEC 10118-2:2000 Hash-Function 2, with DES as the underlying block cipher.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_rc2_cbc.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_rc2_cbc.html new file mode 100644 index 00000000..a494ff73 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_rc2_cbc.html @@ -0,0 +1,80 @@ + + + + +EVP_rc2_cbc + + + + + + + + + + +

NAME

+ +

EVP_rc2_cbc, EVP_rc2_cfb, EVP_rc2_cfb64, EVP_rc2_ecb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc - EVP RC2 cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_rc2_cbc(void)
+const EVP_CIPHER *EVP_rc2_cfb(void)
+const EVP_CIPHER *EVP_rc2_cfb64(void)
+const EVP_CIPHER *EVP_rc2_ecb(void)
+const EVP_CIPHER *EVP_rc2_ofb(void)
+const EVP_CIPHER *EVP_rc2_40_cbc(void)
+const EVP_CIPHER *EVP_rc2_64_cbc(void)
+ +

DESCRIPTION

+ +

The RC2 encryption algorithm for EVP.

+ +
+ +
EVP_rc2_cbc(), EVP_rc2_cfb(), EVP_rc2_cfb64(), EVP_rc2_ecb(), EVP_rc2_ofb()
+
+ +

RC2 encryption algorithm in CBC, CFB, ECB and OFB modes respectively. This is a variable key length cipher with an additional parameter called "effective key bits" or "effective key length". By default both are set to 128 bits.

+ +
+
EVP_rc2_40_cbc(), EVP_rc2_64_cbc()
+
+ +

RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits.

+ +

WARNING: these functions are obsolete. Their usage should be replaced with the EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and EVP_CIPHER_CTX_ctrl() functions to set the key length and effective key length.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_rc4.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_rc4.html new file mode 100644 index 00000000..2f9a1b5f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_rc4.html @@ -0,0 +1,84 @@ + + + + +EVP_rc4 + + + + + + + + + + +

NAME

+ +

EVP_rc4, EVP_rc4_40, EVP_rc4_hmac_md5 - EVP RC4 stream cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_rc4(void)
+const EVP_CIPHER *EVP_rc4_40(void)
+const EVP_CIPHER *EVP_rc4_hmac_md5(void)
+ +

DESCRIPTION

+ +

The RC4 stream cipher for EVP.

+ +
+ +
EVP_rc4()
+
+ +

RC4 stream cipher. This is a variable key length cipher with a default key length of 128 bits.

+ +
+
EVP_rc4_40()
+
+ +

RC4 stream cipher with 40 bit key length.

+ +

WARNING: this function is obsolete. Its usage should be replaced with the EVP_rc4() and the EVP_CIPHER_CTX_set_key_length() functions.

+ +
+
EVP_rc4_hmac_md5()
+
+ +

Authenticated encryption with the RC4 stream cipher with MD5 as HMAC.

+ +

WARNING: this is not intended for usage outside of TLS and requires calling of some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD interface.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_rc5_32_12_16_cbc.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_rc5_32_12_16_cbc.html new file mode 100644 index 00000000..01ee65a7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_rc5_32_12_16_cbc.html @@ -0,0 +1,88 @@ + + + + +EVP_rc5_32_12_16_cbc + + + + + + + + + + +

NAME

+ +

EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_cfb64, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb - EVP RC5 cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void)
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void)
+const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void)
+const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void)
+ +

DESCRIPTION

+ +

The RC5 encryption algorithm for EVP.

+ +
+ +
EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_cfb64(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_ofb()
+
+ +

RC5 encryption algorithm in CBC, CFB, ECB and OFB modes respectively. This is a variable key length cipher with an additional "number of rounds" parameter. By default the key length is set to 128 bits and 12 rounds. Alternative key lengths can be set using EVP_CIPHER_CTX_set_key_length(3). The maximum key length is 2040 bits.

+ +

The following rc5 specific ctrls are supported (see EVP_CIPHER_CTX_ctrl(3)).

+ +
+ +
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)
+
+ +

Sets the number of rounds to rounds. This must be one of RC5_8_ROUNDS, RC5_12_ROUNDS or RC5_16_ROUNDS.

+ +
+
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds)
+
+ +

Stores the number of rounds currently configured in *rounds where *rounds is an int.

+ +
+
+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_ripemd160.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_ripemd160.html new file mode 100644 index 00000000..8e5b880a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_ripemd160.html @@ -0,0 +1,71 @@ + + + + +EVP_ripemd160 + + + + + + + + + + +

NAME

+ +

EVP_ripemd160 - RIPEMD160 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_ripemd160(void);
+ +

DESCRIPTION

+ +

RIPEMD-160 is a cryptographic hash function first published in 1996 belonging to the RIPEMD family (RACE Integrity Primitives Evaluation Message Digest).

+ +
+ +
EVP_ripemd160()
+
+ +

The RIPEMD-160 algorithm which produces a 160-bit output from a given input.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

ISO/IEC 10118-3:2016 Dedicated Hash-Function 1 (RIPEMD-160).

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_seed_cbc.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_seed_cbc.html new file mode 100644 index 00000000..bb87fa06 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_seed_cbc.html @@ -0,0 +1,72 @@ + + + + +EVP_seed_cbc + + + + + + + + + + +

NAME

+ +

EVP_seed_cbc, EVP_seed_cfb, EVP_seed_cfb128, EVP_seed_ecb, EVP_seed_ofb - EVP SEED cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_seed_cbc(void)
+const EVP_CIPHER *EVP_seed_cfb(void)
+const EVP_CIPHER *EVP_seed_cfb128(void)
+const EVP_CIPHER *EVP_seed_ecb(void)
+const EVP_CIPHER *EVP_seed_ofb(void)
+ +

DESCRIPTION

+ +

The SEED encryption algorithm for EVP.

+ +

All modes below use a key length of 128 bits and acts on blocks of 128-bits.

+ +
+ +
EVP_seed_cbc(), EVP_seed_cfb(), EVP_seed_cfb128(), EVP_seed_ecb(), EVP_seed_ofb()
+
+ +

The SEED encryption algorithm in CBC, CFB, ECB and OFB modes respectively.

+ +
+
+ +

RETURN VALUES

+ +

These functions return an EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_sha1.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_sha1.html new file mode 100644 index 00000000..1ec7299d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_sha1.html @@ -0,0 +1,71 @@ + + + + +EVP_sha1 + + + + + + + + + + +

NAME

+ +

EVP_sha1 - SHA-1 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_sha1(void);
+ +

DESCRIPTION

+ +

SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function standardized in NIST FIPS 180-4. The algorithm was designed by the United States National Security Agency and initially published in 1995.

+ +
+ +
EVP_sha1()
+
+ +

The SHA-1 algorithm which produces a 160-bit output from a given input.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

NIST FIPS 180-4.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_sha224.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_sha224.html new file mode 100644 index 00000000..81f3b433 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_sha224.html @@ -0,0 +1,78 @@ + + + + +EVP_sha224 + + + + + + + + + + +

NAME

+ +

EVP_sha224, EVP_sha256, EVP_sha512_224, EVP_sha512_256, EVP_sha384, EVP_sha512 - SHA-2 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_sha224(void);
+const EVP_MD *EVP_sha256(void);
+const EVP_MD *EVP_sha512_224(void);
+const EVP_MD *EVP_sha512_256(void);
+const EVP_MD *EVP_sha384(void);
+const EVP_MD *EVP_sha512(void);
+ +

DESCRIPTION

+ +

SHA-2 (Secure Hash Algorithm 2) is a family of cryptographic hash functions standardized in NIST FIPS 180-4, first published in 2001.

+ +
+ +
EVP_sha224(), EVP_sha256(), EVP_sha512_224, EVP_sha512_256, EVP_sha384(), EVP_sha512()
+
+ +

The SHA-2 SHA-224, SHA-256, SHA-512/224, SHA512/256, SHA-384 and SHA-512 algorithms, which generate 224, 256, 224, 256, 384 and 512 bits respectively of output from a given input.

+ +

The two algorithms: SHA-512/224 and SHA512/256 are truncated forms of the SHA-512 algorithm. They are distinct from SHA-224 and SHA-256 even though their outputs are of the same size.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

NIST FIPS 180-4.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_sha3_224.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_sha3_224.html new file mode 100644 index 00000000..72707088 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_sha3_224.html @@ -0,0 +1,85 @@ + + + + +EVP_sha3_224 + + + + + + + + + + +

NAME

+ +

EVP_sha3_224, EVP_sha3_256, EVP_sha3_384, EVP_sha3_512, EVP_shake128, EVP_shake256 - SHA-3 For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_sha3_224(void);
+const EVP_MD *EVP_sha3_256(void);
+const EVP_MD *EVP_sha3_384(void);
+const EVP_MD *EVP_sha3_512(void);
+
+const EVP_MD *EVP_shake128(void);
+const EVP_MD *EVP_shake256(void);
+ +

DESCRIPTION

+ +

SHA-3 (Secure Hash Algorithm 3) is a family of cryptographic hash functions standardized in NIST FIPS 202, first published in 2015. It is based on the Keccak algorithm.

+ +
+ +
EVP_sha3_224(), EVP_sha3_256(), EVP_sha3_384(), EVP_sha3_512()
+
+ +

The SHA-3 SHA-3-224, SHA-3-256, SHA-3-384, and SHA-3-512 algorithms respectively. They produce 224, 256, 384 and 512 bits of output from a given input.

+ +
+
EVP_shake128(), EVP_shake256()
+
+ +

The SHAKE-128 and SHAKE-256 Extendable Output Functions (XOF) that can generate a variable hash length.

+ +

Specifically, EVP_shake128 provides an overall security of 128 bits, while EVP_shake256 provides that of 256 bits.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

NIST FIPS 202.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_sm3.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_sm3.html new file mode 100644 index 00000000..cca78651 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_sm3.html @@ -0,0 +1,71 @@ + + + + +EVP_sm3 + + + + + + + + + + +

NAME

+ +

EVP_sm3 - SM3 for EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_sm3(void);
+ +

DESCRIPTION

+ +

SM3 is a cryptographic hash function with a 256-bit output, defined in GB/T 32905-2016.

+ +
+ +
EVP_sm3()
+
+ +

The SM3 hash function.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

GB/T 32905-2016 and GM/T 0004-2012.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Copyright 2017 Ribose Inc. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_sm4_cbc.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_sm4_cbc.html new file mode 100644 index 00000000..8579a1aa --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_sm4_cbc.html @@ -0,0 +1,73 @@ + + + + +EVP_sm4_cbc + + + + + + + + + + +

NAME

+ +

EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, EVP_sm4_cfb128, EVP_sm4_ofb, EVP_sm4_ctr - EVP SM4 cipher

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_CIPHER *EVP_sm4_cbc(void);
+const EVP_CIPHER *EVP_sm4_ecb(void);
+const EVP_CIPHER *EVP_sm4_cfb(void);
+const EVP_CIPHER *EVP_sm4_cfb128(void);
+const EVP_CIPHER *EVP_sm4_ofb(void);
+const EVP_CIPHER *EVP_sm4_ctr(void);
+ +

DESCRIPTION

+ +

The SM4 blockcipher (GB/T 32907-2016) for EVP.

+ +

All modes below use a key length of 128 bits and acts on blocks of 128 bits.

+ +
+ +
EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), EVP_sm4_cfb128(), EVP_sm4_ofb(), EVP_sm4_ctr()
+
+ +

The SM4 blockcipher with a 128-bit key in CBC, ECB, CFB, OFB and CTR modes respectively.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_CIPHER structure that contains the implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for details of the EVP_CIPHER structure.

+ +

SEE ALSO

+ +

evp(7), EVP_EncryptInit(3), EVP_CIPHER_meth_new(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Copyright 2017 Ribose Inc. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_whirlpool.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_whirlpool.html new file mode 100644 index 00000000..528d3578 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/EVP_whirlpool.html @@ -0,0 +1,71 @@ + + + + +EVP_whirlpool + + + + + + + + + + +

NAME

+ +

EVP_whirlpool - WHIRLPOOL For EVP

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+const EVP_MD *EVP_whirlpool(void);
+ +

DESCRIPTION

+ +

WHIRLPOOL is a cryptographic hash function standardized in ISO/IEC 10118-3:2004 designed by Vincent Rijmen and Paulo S. L. M. Barreto.

+ +
+ +
EVP_whirlpool()
+
+ +

The WHIRLPOOL algorithm that produces a message digest of 512-bits from a given input.

+ +
+
+ +

RETURN VALUES

+ +

These functions return a EVP_MD structure that contains the implementation of the symmetric cipher. See EVP_MD_meth_new(3) for details of the EVP_MD structure.

+ +

CONFORMING TO

+ +

ISO/IEC 10118-3:2004.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/HMAC.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/HMAC.html new file mode 100644 index 00000000..528fd531 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/HMAC.html @@ -0,0 +1,137 @@ + + + + +HMAC + + + + + + + + + + +

NAME

+ +

HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags, HMAC_CTX_get_md, HMAC_size - HMAC message authentication code

+ +

SYNOPSIS

+ +
#include <openssl/hmac.h>
+
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
+                    int key_len, const unsigned char *d, int n,
+                    unsigned char *md, unsigned int *md_len);
+
+HMAC_CTX *HMAC_CTX_new(void);
+int HMAC_CTX_reset(HMAC_CTX *ctx);
+
+int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
+                 const EVP_MD *md, ENGINE *impl);
+int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+
+void HMAC_CTX_free(HMAC_CTX *ctx);
+
+int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
+const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
+
+size_t HMAC_size(const HMAC_CTX *e);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10100000L
+int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
+              const EVP_MD *md);
+#endif
+ +

DESCRIPTION

+ +

HMAC is a MAC (message authentication code), i.e. a keyed hash function used for message authentication, which is based on a hash function.

+ +

HMAC() computes the message authentication code of the n bytes at d using the hash function evp_md and the key key which is key_len bytes long.

+ +

It places the result in md (which must have space for the output of the hash function, which is no more than EVP_MAX_MD_SIZE bytes). If md is NULL, the digest is placed in a static array. The size of the output is placed in md_len, unless it is NULL. Note: passing a NULL value for md to use the static array is not thread safe.

+ +

evp_md is a message digest such as EVP_sha1(), EVP_ripemd160() etc. HMAC does not support variable output length digests such as EVP_shake128() and EVP_shake256().

+ +

HMAC_CTX_new() creates a new HMAC_CTX in heap memory.

+ +

HMAC_CTX_reset() zeroes an existing HMAC_CTX and associated resources, making it suitable for new computations as if it was newly created with HMAC_CTX_new().

+ +

HMAC_CTX_free() erases the key and other data from the HMAC_CTX, releases any associated resources and finally frees the HMAC_CTX itself.

+ +

The following functions may be used if the message is not completely stored in memory:

+ +

HMAC_Init_ex() initializes or reuses a HMAC_CTX structure to use the hash function evp_md and key key. If both are NULL, or if key is NULL and evp_md is the same as the previous call, then the existing key is reused. ctx must have been created with HMAC_CTX_new() before the first use of an HMAC_CTX in this function.

+ +

If HMAC_Init_ex() is called with key NULL and evp_md is not the same as the previous digest used by ctx then an error is returned because reuse of an existing key with a different digest is not supported.

+ +

HMAC_Init() initializes a HMAC_CTX structure to use the hash function evp_md and the key key which is key_len bytes long.

+ +

HMAC_Update() can be called repeatedly with chunks of the message to be authenticated (len bytes at data).

+ +

HMAC_Final() places the message authentication code in md, which must have space for the hash function output.

+ +

HMAC_CTX_copy() copies all of the internal state from sctx into dctx.

+ +

HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs. These flags have the same meaning as for EVP_MD_CTX_set_flags(3).

+ +

HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the supplied HMAC_CTX.

+ +

HMAC_size() returns the length in bytes of the underlying hash function output.

+ +

RETURN VALUES

+ +

HMAC() returns a pointer to the message authentication code or NULL if an error occurred.

+ +

HMAC_CTX_new() returns a pointer to a new HMAC_CTX on success or NULL if an error occurred.

+ +

HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and HMAC_CTX_copy() return 1 for success or 0 if an error occurred.

+ +

HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or NULL if no EVP_MD has been set.

+ +

HMAC_size() returns the length in bytes of the underlying hash function output or zero on error.

+ +

CONFORMING TO

+ +

RFC 2104

+ +

SEE ALSO

+ +

SHA1(3), evp(7)

+ +

HISTORY

+ +

HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0.

+ +

HMAC_CTX_cleanup() existed in OpenSSL before version 1.1.0.

+ +

HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL 1.1.0.

+ +

HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in OpenSSL before version 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/MD5.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/MD5.html new file mode 100644 index 00000000..2e9c4f51 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/MD5.html @@ -0,0 +1,104 @@ + + + + +MD5 + + + + + + + + + + +

NAME

+ +

MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions

+ +

SYNOPSIS

+ +
#include <openssl/md2.h>
+
+unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md);
+
+int MD2_Init(MD2_CTX *c);
+int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len);
+int MD2_Final(unsigned char *md, MD2_CTX *c);
+
+
+#include <openssl/md4.h>
+
+unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md);
+
+int MD4_Init(MD4_CTX *c);
+int MD4_Update(MD4_CTX *c, const void *data, unsigned long len);
+int MD4_Final(unsigned char *md, MD4_CTX *c);
+
+
+#include <openssl/md5.h>
+
+unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md);
+
+int MD5_Init(MD5_CTX *c);
+int MD5_Update(MD5_CTX *c, const void *data, unsigned long len);
+int MD5_Final(unsigned char *md, MD5_CTX *c);
+ +

DESCRIPTION

+ +

MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output.

+ +

MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest of the n bytes at d and place it in md (which must have space for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16 bytes of output). If md is NULL, the digest is placed in a static array.

+ +

The following functions may be used if the message is not completely stored in memory:

+ +

MD2_Init() initializes a MD2_CTX structure.

+ +

MD2_Update() can be called repeatedly with chunks of the message to be hashed (len bytes at data).

+ +

MD2_Final() places the message digest in md, which must have space for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the MD2_CTX.

+ +

MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() are analogous using an MD4_CTX and MD5_CTX structure.

+ +

Applications should use the higher level functions EVP_DigestInit(3) etc. instead of calling the hash functions directly.

+ +

NOTE

+ +

MD2, MD4, and MD5 are recommended only for compatibility with existing applications. In new applications, SHA-1 or RIPEMD-160 should be preferred.

+ +

RETURN VALUES

+ +

MD2(), MD4(), and MD5() return pointers to the hash value.

+ +

MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for success, 0 otherwise.

+ +

CONFORMING TO

+ +

RFC 1319, RFC 1320, RFC 1321

+ +

SEE ALSO

+ +

EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/MDC2_Init.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/MDC2_Init.html new file mode 100644 index 00000000..208f3274 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/MDC2_Init.html @@ -0,0 +1,81 @@ + + + + +MDC2_Init + + + + + + + + + + +

NAME

+ +

MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function

+ +

SYNOPSIS

+ +
#include <openssl/mdc2.h>
+
+unsigned char *MDC2(const unsigned char *d, unsigned long n,
+                    unsigned char *md);
+
+int MDC2_Init(MDC2_CTX *c);
+int MDC2_Update(MDC2_CTX *c, const unsigned char *data,
+                unsigned long len);
+int MDC2_Final(unsigned char *md, MDC2_CTX *c);
+ +

DESCRIPTION

+ +

MDC2 is a method to construct hash functions with 128 bit output from block ciphers. These functions are an implementation of MDC2 with DES.

+ +

MDC2() computes the MDC2 message digest of the n bytes at d and places it in md (which must have space for MDC2_DIGEST_LENGTH == 16 bytes of output). If md is NULL, the digest is placed in a static array.

+ +

The following functions may be used if the message is not completely stored in memory:

+ +

MDC2_Init() initializes a MDC2_CTX structure.

+ +

MDC2_Update() can be called repeatedly with chunks of the message to be hashed (len bytes at data).

+ +

MDC2_Final() places the message digest in md, which must have space for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the MDC2_CTX.

+ +

Applications should use the higher level functions EVP_DigestInit(3) etc. instead of calling the hash functions directly.

+ +

RETURN VALUES

+ +

MDC2() returns a pointer to the hash value.

+ +

MDC2_Init(), MDC2_Update() and MDC2_Final() return 1 for success, 0 otherwise.

+ +

CONFORMING TO

+ +

ISO/IEC 10118-2:2000 Hash-Function 2, with DES as the underlying block cipher.

+ +

SEE ALSO

+ +

EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OBJ_nid2obj.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OBJ_nid2obj.html new file mode 100644 index 00000000..3b60824d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OBJ_nid2obj.html @@ -0,0 +1,165 @@ + + + + +OBJ_nid2obj + + + + + + + + + + +

NAME

+ +

i2t_ASN1_OBJECT, OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup - ASN1 object utility functions

+ +

SYNOPSIS

+ +
#include <openssl/objects.h>
+
+ASN1_OBJECT *OBJ_nid2obj(int n);
+const char *OBJ_nid2ln(int n);
+const char *OBJ_nid2sn(int n);
+
+int OBJ_obj2nid(const ASN1_OBJECT *o);
+int OBJ_ln2nid(const char *ln);
+int OBJ_sn2nid(const char *sn);
+
+int OBJ_txt2nid(const char *s);
+
+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name);
+int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+
+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
+
+int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o);
+
+int OBJ_create(const char *oid, const char *sn, const char *ln);
+
+size_t OBJ_length(const ASN1_OBJECT *obj);
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10100000L
+void OBJ_cleanup(void)
+#endif
+ +

DESCRIPTION

+ +

The ASN1 object utility functions process ASN1_OBJECT structures which are a representation of the ASN1 OBJECT IDENTIFIER (OID) type. For convenience, OIDs are usually represented in source code as numeric identifiers, or NIDs. OpenSSL has an internal table of OIDs that are generated when the library is built, and their corresponding NIDs are available as defined constants. For the functions below, application code should treat all returned values -- OIDs, NIDs, or names -- as constants.

+ +

OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID n to an ASN1_OBJECT structure, its long name and its short name respectively, or NULL if an error occurred.

+ +

OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID for the object o, the long name <ln> or the short name <sn> respectively or NID_undef if an error occurred.

+ +

OBJ_txt2nid() returns NID corresponding to text string <s>. s can be a long name, a short name or the numerical representation of an object.

+ +

OBJ_txt2obj() converts the text string s into an ASN1_OBJECT structure. If no_name is 0 then long names and short names will be interpreted as well as numerical forms. If no_name is 1 only the numerical form is acceptable.

+ +

OBJ_obj2txt() converts the ASN1_OBJECT a into a textual representation. The representation is written as a null terminated string to buf at most buf_len bytes are written, truncating the result if necessary. The total amount of space required is returned. If no_name is 0 then if the object has a long or short name then that will be used, otherwise the numerical form will be used. If no_name is 1 then the numerical form will always be used.

+ +

i2t_ASN1_OBJECT() is the same as OBJ_obj2txt() with the no_name set to zero.

+ +

OBJ_cmp() compares a to b. If the two are identical 0 is returned.

+ +

OBJ_dup() returns a copy of o.

+ +

OBJ_create() adds a new object to the internal table. oid is the numerical form of the object, sn the short name and ln the long name. A new NID is returned for the created object in case of success and NID_undef in case of failure.

+ +

OBJ_length() returns the size of the content octets of obj.

+ +

OBJ_get0_data() returns a pointer to the content octets of obj. The returned pointer is an internal pointer which must not be freed.

+ +

OBJ_cleanup() releases any resources allocated by creating new objects.

+ +

NOTES

+ +

Objects in OpenSSL can have a short name, a long name and a numerical identifier (NID) associated with them. A standard set of objects is represented in an internal table. The appropriate values are defined in the header file objects.h.

+ +

For example the OID for commonName has the following definitions:

+ +
#define SN_commonName                   "CN"
+#define LN_commonName                   "commonName"
+#define NID_commonName                  13
+ +

New objects can be added by calling OBJ_create().

+ +

Table objects have certain advantages over other objects: for example their NIDs can be used in a C language switch statement. They are also static constant structures which are shared: that is there is only a single constant structure for each table object.

+ +

Objects which are not in the table have the NID value NID_undef.

+ +

Objects do not need to be in the internal tables to be processed, the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical form of an OID.

+ +

Some objects are used to represent algorithms which do not have a corresponding ASN.1 OBJECT IDENTIFIER encoding (for example no OID currently exists for a particular algorithm). As a result they cannot be encoded or decoded as part of ASN.1 structures. Applications can determine if there is a corresponding OBJECT IDENTIFIER by checking OBJ_length() is not zero.

+ +

These functions cannot return const because an ASN1_OBJECT can represent both an internal, constant, OID and a dynamically-created one. The latter cannot be constant because it needs to be freed after use.

+ +

RETURN VALUES

+ +

OBJ_nid2obj() returns an ASN1_OBJECT structure or NULL is an error occurred.

+ +

OBJ_nid2ln() and OBJ_nid2sn() returns a valid string or NULL on error.

+ +

OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return a NID or NID_undef on error.

+ +

EXAMPLES

+ +

Create an object for commonName:

+ +
ASN1_OBJECT *o = OBJ_nid2obj(NID_commonName);
+ +

Check if an object is commonName

+ +
if (OBJ_obj2nid(obj) == NID_commonName)
+    /* Do something */
+ +

Create a new NID and initialize an object from it:

+ +
int new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
+ASN1_OBJECT *obj = OBJ_nid2obj(new_nid);
+ +

Create a new object directly:

+ +
obj = OBJ_txt2obj("1.2.3.4", 1);
+ +

BUGS

+ +

OBJ_obj2txt() is awkward and messy to use: it doesn't follow the convention of other OpenSSL functions where the buffer can be set to NULL to determine the amount of data that should be written. Instead buf must point to a valid buffer and buf_len should be set to a positive value. A buffer length of 80 should be more than enough to handle any OID encountered in practice.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

HISTORY

+ +

OBJ_cleanup() was deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto(3) and should not be used.

+ +

COPYRIGHT

+ +

Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_REQUEST_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_REQUEST_new.html new file mode 100644 index 00000000..dffbb711 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_REQUEST_new.html @@ -0,0 +1,117 @@ + + + + +OCSP_REQUEST_new + + + + + + + + + + +

NAME

+ +

OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, OCSP_request_add1_cert, OCSP_request_onereq_count, OCSP_request_onereq_get0 - OCSP request functions

+ +

SYNOPSIS

+ +
#include <openssl/ocsp.h>
+
+OCSP_REQUEST *OCSP_REQUEST_new(void);
+void OCSP_REQUEST_free(OCSP_REQUEST *req);
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
+
+int OCSP_request_sign(OCSP_REQUEST *req,
+                      X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                      STACK_OF(X509) *certs, unsigned long flags);
+
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req);
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
+ +

DESCRIPTION

+ +

OCSP_REQUEST_new() allocates and returns an empty OCSP_REQUEST structure.

+ +

OCSP_REQUEST_free() frees up the request structure req.

+ +

OCSP_request_add0_id() adds certificate ID cid to req. It returns the OCSP_ONEREQ structure added so an application can add additional extensions to the request. The id parameter MUST NOT be freed up after the operation.

+ +

OCSP_request_sign() signs OCSP request req using certificate signer, private key key, digest dgst and additional certificates certs. If the flags option OCSP_NOCERTS is set then no certificates will be included in the request.

+ +

OCSP_request_add1_cert() adds certificate cert to request req. The application is responsible for freeing up cert after use.

+ +

OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ structures in req.

+ +

OCSP_request_onereq_get0() returns an internal pointer to the OCSP_ONEREQ contained in req of index i. The index value i runs from 0 to OCSP_request_onereq_count(req) - 1.

+ +

RETURN VALUES

+ +

OCSP_REQUEST_new() returns an empty OCSP_REQUEST structure or NULL if an error occurred.

+ +

OCSP_request_add0_id() returns the OCSP_ONEREQ structure containing cid or NULL if an error occurred.

+ +

OCSP_request_sign() and OCSP_request_add1_cert() return 1 for success and 0 for failure.

+ +

OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ structures in req.

+ +

OCSP_request_onereq_get0() returns a pointer to an OCSP_ONEREQ structure or NULL if the index value is out or range.

+ +

NOTES

+ +

An OCSP request structure contains one or more OCSP_ONEREQ structures corresponding to each certificate.

+ +

OCSP_request_onereq_count() and OCSP_request_onereq_get0() are mainly used by OCSP responders.

+ +

EXAMPLES

+ +

Create an OCSP_REQUEST structure for certificate cert with issuer issuer:

+ +
OCSP_REQUEST *req;
+OCSP_ID *cid;
+
+req = OCSP_REQUEST_new();
+if (req == NULL)
+   /* error */
+cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
+if (cid == NULL)
+   /* error */
+
+if (OCSP_REQUEST_add0_id(req, cid) == NULL)
+   /* error */
+
+/* Do something with req, e.g. query responder */
+
+OCSP_REQUEST_free(req);
+ +

SEE ALSO

+ +

crypto(7), OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_resp_find_status(3), OCSP_response_status(3), OCSP_sendreq_new(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_cert_to_id.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_cert_to_id.html new file mode 100644 index 00000000..e7d3fa00 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_cert_to_id.html @@ -0,0 +1,94 @@ + + + + +OCSP_cert_to_id + + + + + + + + + + +

NAME

+ +

OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, OCSP_id_cmp, OCSP_id_get0_info - OCSP certificate ID utility functions

+ +

SYNOPSIS

+ +
#include <openssl/ocsp.h>
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst,
+                             X509 *subject, X509 *issuer);
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+                              X509_NAME *issuerName,
+                              ASN1_BIT_STRING *issuerKey,
+                              ASN1_INTEGER *serialNumber);
+
+void OCSP_CERTID_free(OCSP_CERTID *id);
+
+int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
+int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
+
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+                      ASN1_OCTET_STRING **pikeyHash,
+                      ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+ +

DESCRIPTION

+ +

OCSP_cert_to_id() creates and returns a new OCSP_CERTID structure using message digest dgst for certificate subject with issuer issuer. If dgst is NULL then SHA1 is used.

+ +

OCSP_cert_id_new() creates and returns a new OCSP_CERTID using dgst and issuer name issuerName, issuer key hash issuerKey and serial number serialNumber.

+ +

OCSP_CERTID_free() frees up id.

+ +

OCSP_id_cmp() compares OCSP_CERTID a and b.

+ +

OCSP_id_issuer_cmp() compares only the issuer name of OCSP_CERTID a and b.

+ +

OCSP_id_get0_info() returns the issuer name hash, hash OID, issuer key hash and serial number contained in cid. If any of the values are not required the corresponding parameter can be set to NULL.

+ +

RETURN VALUES

+ +

OCSP_cert_to_id() and OCSP_cert_id_new() return either a pointer to a valid OCSP_CERTID structure or NULL if an error occurred.

+ +

OCSP_id_cmp() and OCSP_id_issuer_cmp() returns zero for a match and non-zero otherwise.

+ +

OCSP_CERTID_free() does not return a value.

+ +

OCSP_id_get0_info() returns 1 for success and 0 for failure.

+ +

NOTES

+ +

OCSP clients will typically only use OCSP_cert_to_id() or OCSP_cert_id_new(): the other functions are used by responder applications.

+ +

The values returned by OCSP_id_get0_info() are internal pointers and MUST NOT be freed up by an application: they will be freed when the corresponding OCSP_CERTID structure is freed.

+ +

SEE ALSO

+ +

crypto(7), OCSP_request_add1_nonce(3), OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_response_status(3), OCSP_sendreq_new(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_request_add1_nonce.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_request_add1_nonce.html new file mode 100644 index 00000000..1fb5c504 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_request_add1_nonce.html @@ -0,0 +1,82 @@ + + + + +OCSP_request_add1_nonce + + + + + + + + + + +

NAME

+ +

OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce - OCSP nonce functions

+ +

SYNOPSIS

+ +
#include <openssl/ocsp.h>
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp);
+ +

DESCRIPTION

+ +

OCSP_request_add1_nonce() adds a nonce of value val and length len to OCSP request req. If val is NULL a random nonce is used. If len is zero or negative a default length will be used (currently 16 bytes).

+ +

OCSP_basic_add1_nonce() is identical to OCSP_request_add1_nonce() except it adds a nonce to OCSP basic response resp.

+ +

OCSP_check_nonce() compares the nonce value in req and resp.

+ +

OCSP_copy_nonce() copies any nonce value present in req to resp.

+ +

RETURN VALUES

+ +

OCSP_request_add1_nonce() and OCSP_basic_add1_nonce() return 1 for success and 0 for failure.

+ +

OCSP_copy_nonce() returns 1 if a nonce was successfully copied, 2 if no nonce was present in req and 0 if an error occurred.

+ +

OCSP_check_nonce() returns the result of the nonce comparison between req and resp. The return value indicates the result of the comparison. If nonces are present and equal 1 is returned. If the nonces are absent 2 is returned. If a nonce is present in the response only 3 is returned. If nonces are present and unequal 0 is returned. If the nonce is present in the request only then -1 is returned.

+ +

NOTES

+ +

For most purposes the nonce value in a request is set to a random value so the val parameter in OCSP_request_add1_nonce() is usually NULL.

+ +

An OCSP nonce is typically added to an OCSP request to thwart replay attacks by checking the same nonce value appears in the response.

+ +

Some responders may include a nonce in all responses even if one is not supplied.

+ +

Some responders cache OCSP responses and do not sign each response for performance reasons. As a result they do not support nonces.

+ +

The return values of OCSP_check_nonce() can be checked to cover each case. A positive return value effectively indicates success: nonces are both present and match, both absent or present in the response only. A non-zero return additionally covers the case where the nonce is present in the request only: this will happen if the responder doesn't support nonces. A zero return value indicates present and mismatched nonces: this should be treated as an error condition.

+ +

SEE ALSO

+ +

crypto(7), OCSP_cert_to_id(3), OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_response_status(3), OCSP_sendreq_new(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_resp_find_status.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_resp_find_status.html new file mode 100644 index 00000000..cd47020d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_resp_find_status.html @@ -0,0 +1,140 @@ + + + + +OCSP_resp_find_status + + + + + + + + + + +

NAME

+ +

OCSP_resp_get0_certs, OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get1_id, OCSP_resp_get0_produced_at, OCSP_resp_get0_signature, OCSP_resp_get0_tbs_sigalg, OCSP_resp_get0_respdata, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity, OCSP_basic_verify - OCSP response utility functions

+ +

SYNOPSIS

+ +
#include <openssl/ocsp.h>
+
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+                          int *reason,
+                          ASN1_GENERALIZEDTIME **revtime,
+                          ASN1_GENERALIZEDTIME **thisupd,
+                          ASN1_GENERALIZEDTIME **nextupd);
+
+int OCSP_resp_count(OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+                            ASN1_GENERALIZEDTIME **revtime,
+                            ASN1_GENERALIZEDTIME **thisupd,
+                            ASN1_GENERALIZEDTIME **nextupd);
+
+const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(
+                            const OCSP_BASICRESP* single);
+
+const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs);
+const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs);
+const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs);
+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
+
+int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+                          STACK_OF(X509) *extra_certs);
+
+int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                      const ASN1_OCTET_STRING **pid,
+                      const X509_NAME **pname);
+int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
+                      ASN1_OCTET_STRING **pid,
+                      X509_NAME **pname);
+
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+                        ASN1_GENERALIZEDTIME *nextupd,
+                        long sec, long maxsec);
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+                     X509_STORE *st, unsigned long flags);
+ +

DESCRIPTION

+ +

OCSP_resp_find_status() searches bs for an OCSP response for id. If it is successful the fields of the response are returned in *status, *reason, *revtime, *thisupd and *nextupd. The *status value will be one of V_OCSP_CERTSTATUS_GOOD, V_OCSP_CERTSTATUS_REVOKED or V_OCSP_CERTSTATUS_UNKNOWN. The *reason and *revtime fields are only set if the status is V_OCSP_CERTSTATUS_REVOKED. If set the *reason field will be set to the revocation reason which will be one of OCSP_REVOKED_STATUS_NOSTATUS, OCSP_REVOKED_STATUS_UNSPECIFIED, OCSP_REVOKED_STATUS_KEYCOMPROMISE, OCSP_REVOKED_STATUS_CACOMPROMISE, OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, OCSP_REVOKED_STATUS_SUPERSEDED, OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, OCSP_REVOKED_STATUS_CERTIFICATEHOLD or OCSP_REVOKED_STATUS_REMOVEFROMCRL.

+ +

OCSP_resp_count() returns the number of OCSP_SINGLERESP structures in bs.

+ +

OCSP_resp_get0() returns the OCSP_SINGLERESP structure in bs corresponding to index idx. Where idx runs from 0 to OCSP_resp_count(bs) - 1.

+ +

OCSP_resp_find() searches bs for id and returns the index of the first matching entry after last or starting from the beginning if last is -1.

+ +

OCSP_single_get0_status() extracts the fields of single in *reason, *revtime, *thisupd and *nextupd.

+ +

OCSP_resp_get0_produced_at() extracts the producedAt field from the single response bs.

+ +

OCSP_resp_get0_signature() returns the signature from bs.

+ +

OCSP_resp_get0_tbs_sigalg() returns the signatureAlgorithm from bs.

+ +

OCSP_resp_get0_respdata() returns the tbsResponseData from bs.

+ +

OCSP_resp_get0_certs() returns any certificates included in bs.

+ +

OCSP_resp_get0_signer() attempts to retrieve the certificate that directly signed bs. The OCSP protocol does not require that this certificate is included in the certs field of the response, so additional certificates can be supplied in extra_certs if the certificates that may have signed the response are known via some out-of-band mechanism.

+ +

OCSP_resp_get0_id() gets the responder id of bs. If the responder ID is a name then <*pname> is set to the name and *pid is set to NULL. If the responder ID is by key ID then *pid is set to the key ID and *pname is set to NULL. OCSP_resp_get1_id() leaves ownership of *pid and *pname with the caller, who is responsible for freeing them. Both functions return 1 in case of success and 0 in case of failure. If OCSP_resp_get1_id() returns 0, no freeing of the results is necessary.

+ +

OCSP_check_validity() checks the validity of thisupd and nextupd values which will be typically obtained from OCSP_resp_find_status() or OCSP_single_get0_status(). If sec is non-zero it indicates how many seconds leeway should be allowed in the check. If maxsec is positive it indicates the maximum age of thisupd in seconds.

+ +

OCSP_basic_verify() checks that the basic response message bs is correctly signed and that the signer certificate can be validated. It takes st as the trusted store and certs as a set of untrusted intermediate certificates. The function first tries to find the signer certificate of the response in <certs>. It also searches the certificates the responder may have included in bs unless the flags contain OCSP_NOINTERN. It fails if the signer certificate cannot be found. Next, the function checks the signature of bs and fails on error unless the flags contain OCSP_NOSIGS. Then the function already returns success if the flags contain OCSP_NOVERIFY or if the signer certificate was found in certs and the flags contain OCSP_TRUSTOTHER. Otherwise the function continues by validating the signer certificate. To this end, all certificates in cert and in bs are considered as untrusted certificates for the construction of the validation path for the signer certificate unless the OCSP_NOCHAIN flag is set. After successful path validation the function returns success if the OCSP_NOCHECKS flag is set. Otherwise it verifies that the signer certificate meets the OCSP issuer criteria including potential delegation. If this does not succeed and the flags do not contain OCSP_NOEXPLICIT the function checks for explicit trust for OCSP signing in the root CA certificate.

+ +

RETURN VALUES

+ +

OCSP_resp_find_status() returns 1 if id is found in bs and 0 otherwise.

+ +

OCSP_resp_count() returns the total number of OCSP_SINGLERESP fields in bs.

+ +

OCSP_resp_get0() returns a pointer to an OCSP_SINGLERESP structure or NULL if idx is out of range.

+ +

OCSP_resp_find() returns the index of id in bs (which may be 0) or -1 if id was not found.

+ +

OCSP_single_get0_status() returns the status of single or -1 if an error occurred.

+ +

OCSP_resp_get0_signer() returns 1 if the signing certificate was located, or 0 on error.

+ +

OCSP_basic_verify() returns 1 on success, 0 on error, or -1 on fatal error such as malloc failure.

+ +

NOTES

+ +

Applications will typically call OCSP_resp_find_status() using the certificate ID of interest and then check its validity using OCSP_check_validity(). They can then take appropriate action based on the status of the certificate.

+ +

An OCSP response for a certificate contains thisUpdate and nextUpdate fields. Normally the current time should be between these two values. To account for clock skew the maxsec field can be set to non-zero in OCSP_check_validity(). Some responders do not set the nextUpdate field, this would otherwise mean an ancient response would be considered valid: the maxsec parameter to OCSP_check_validity() can be used to limit the permitted age of responses.

+ +

The values written to *revtime, *thisupd and *nextupd by OCSP_resp_find_status() and OCSP_single_get0_status() are internal pointers which MUST NOT be freed up by the calling application. Any or all of these parameters can be set to NULL if their value is not required.

+ +

SEE ALSO

+ +

crypto(7), OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_REQUEST_new(3), OCSP_response_status(3), OCSP_sendreq_new(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_response_status.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_response_status.html new file mode 100644 index 00000000..5f978866 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_response_status.html @@ -0,0 +1,107 @@ + + + + +OCSP_response_status + + + + + + + + + + +

NAME

+ +

OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, OCSP_RESPID_set_by_key, OCSP_RESPID_match, OCSP_basic_sign, OCSP_basic_sign_ctx - OCSP response functions

+ +

SYNOPSIS

+ +
#include <openssl/ocsp.h>
+
+int OCSP_response_status(OCSP_RESPONSE *resp);
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
+void OCSP_RESPONSE_free(OCSP_RESPONSE *resp);
+
+int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert);
+
+int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
+                    const EVP_MD *dgst, STACK_OF(X509) *certs,
+                    unsigned long flags);
+int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx,
+                        STACK_OF(X509) *certs, unsigned long flags);
+ +

DESCRIPTION

+ +

OCSP_response_status() returns the OCSP response status of resp. It returns one of the values: OCSP_RESPONSE_STATUS_SUCCESSFUL, OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, OCSP_RESPONSE_STATUS_INTERNALERROR, OCSP_RESPONSE_STATUS_TRYLATER OCSP_RESPONSE_STATUS_SIGREQUIRED, or OCSP_RESPONSE_STATUS_UNAUTHORIZED.

+ +

OCSP_response_get1_basic() decodes and returns the OCSP_BASICRESP structure contained in resp.

+ +

OCSP_response_create() creates and returns an OCSP_RESPONSE structure for status and optionally including basic response bs.

+ +

OCSP_RESPONSE_free() frees up OCSP response resp.

+ +

OCSP_RESPID_set_by_name() sets the name of the OCSP_RESPID to be the same as the subject name in the supplied X509 certificate cert for the OCSP responder.

+ +

OCSP_RESPID_set_by_key() sets the key of the OCSP_RESPID to be the same as the key in the supplied X509 certificate cert for the OCSP responder. The key is stored as a SHA1 hash.

+ +

Note that an OCSP_RESPID can only have one of the name, or the key set. Calling OCSP_RESPID_set_by_name() or OCSP_RESPID_set_by_key() will clear any existing setting.

+ +

OCSP_RESPID_match() tests whether the OCSP_RESPID given in respid matches with the X509 certificate cert.

+ +

OCSP_basic_sign() signs OCSP response brsp using certificate signer, private key key, digest dgst and additional certificates certs. If the flags option OCSP_NOCERTS is set then no certificates will be included in the response. If the flags option OCSP_RESPID_KEY is set then the responder is identified by key ID rather than by name. OCSP_basic_sign_ctx() also signs OCSP response brsp but uses the parameters contained in digest context ctx.

+ +

RETURN VALUES

+ +

OCSP_RESPONSE_status() returns a status value.

+ +

OCSP_response_get1_basic() returns an OCSP_BASICRESP structure pointer or NULL if an error occurred.

+ +

OCSP_response_create() returns an OCSP_RESPONSE structure pointer or NULL if an error occurred.

+ +

OCSP_RESPONSE_free() does not return a value.

+ +

OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key(), OCSP_basic_sign(), and OCSP_basic_sign_ctx() return 1 on success or 0 on failure.

+ +

OCSP_RESPID_match() returns 1 if the OCSP_RESPID and the X509 certificate match or 0 otherwise.

+ +

NOTES

+ +

OCSP_response_get1_basic() is only called if the status of a response is OCSP_RESPONSE_STATUS_SUCCESSFUL.

+ +

SEE ALSO

+ +

crypto(7) OCSP_cert_to_id(3) OCSP_request_add1_nonce(3) OCSP_REQUEST_new(3) OCSP_resp_find_status(3) OCSP_sendreq_new(3) OCSP_RESPID_new(3) OCSP_RESPID_free(3)

+ +

HISTORY

+ +

The OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key() and OCSP_RESPID_match() functions were added in OpenSSL 1.1.0a.

+ +

The OCSP_basic_sign_ctx() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_sendreq_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_sendreq_new.html new file mode 100644 index 00000000..2eba48a1 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OCSP_sendreq_new.html @@ -0,0 +1,107 @@ + + + + +OCSP_sendreq_new + + + + + + + + + + +

NAME

+ +

OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions

+ +

SYNOPSIS

+ +
#include <openssl/ocsp.h>
+
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
+                               int maxline);
+
+int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
+
+void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
+
+void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);
+
+int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                             const char *name, const char *value);
+
+int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
+ +

DESCRIPTION

+ +

The function OCSP_sendreq_new() returns an OCSP_CTX structure using the responder io, the URL path path, the OCSP request req and with a response header maximum line length of maxline. If maxline is zero a default value of 4k is used. The OCSP request req may be set to NULL and provided later if required.

+ +

OCSP_sendreq_nbio() performs non-blocking I/O on the OCSP request context rctx. When the operation is complete it returns the response in *presp.

+ +

OCSP_REQ_CTX_free() frees up the OCSP context rctx.

+ +

OCSP_set_max_response_length() sets the maximum response length for rctx to len. If the response exceeds this length an error occurs. If not set a default value of 100k is used.

+ +

OCSP_REQ_CTX_add1_header() adds header name with value value to the context rctx. It can be called more than once to add multiple headers. It MUST be called before any calls to OCSP_sendreq_nbio(). The req parameter in the initial to OCSP_sendreq_new() call MUST be set to NULL if additional headers are set.

+ +

OCSP_REQ_CTX_set1_req() sets the OCSP request in rctx to req. This function should be called after any calls to OCSP_REQ_CTX_add1_header().

+ +

OCSP_sendreq_bio() performs an OCSP request using the responder io, the URL path path, and the OCSP request req with a response header maximum line length 4k. It waits indefinitely on a response.

+ +

RETURN VALUES

+ +

OCSP_sendreq_new() returns a valid OCSP_REQ_CTX structure or NULL if an error occurred.

+ +

OCSP_sendreq_nbio() returns 1 if the operation was completed successfully, -1 if the operation should be retried and 0 if an error occurred.

+ +

OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return 1 for success and 0 for failure.

+ +

OCSP_sendreq_bio() returns the OCSP_RESPONSE structure sent by the responder or NULL if an error occurred.

+ +

OCSP_REQ_CTX_free() and OCSP_set_max_response_length() do not return values.

+ +

NOTES

+ +

These functions only perform a minimal HTTP query to a responder. If an application wishes to support more advanced features it should use an alternative more complete HTTP library.

+ +

Currently only HTTP POST queries to responders are supported.

+ +

The arguments to OCSP_sendreq_new() correspond to the components of the URL. For example if the responder URL is http://ocsp.com/ocspreq the BIO io should be connected to host ocsp.com on port 80 and path should be set to "/ocspreq"

+ +

The headers added with OCSP_REQ_CTX_add1_header() are of the form "name: value" or just "name" if value is NULL. So to add a Host header for ocsp.com you would call:

+ +
OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com");
+ +

If OCSP_sendreq_nbio() indicates an operation should be retried the corresponding BIO can be examined to determine which operation (read or write) should be retried and appropriate action taken (for example a select() call on the underlying socket).

+ +

OCSP_sendreq_bio() does not support retries and so cannot handle non-blocking I/O efficiently. It is retained for compatibility and its use in new applications is not recommended.

+ +

SEE ALSO

+ +

crypto(7), OCSP_cert_to_id(3), OCSP_request_add1_nonce(3), OCSP_REQUEST_new(3), OCSP_resp_find_status(3), OCSP_response_status(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_Applink.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_Applink.html new file mode 100644 index 00000000..6522064a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_Applink.html @@ -0,0 +1,49 @@ + + + + +OPENSSL_Applink + + + + + + + + + + +

NAME

+ +

OPENSSL_Applink - glue between OpenSSL BIO and Win32 compiler run-time

+ +

SYNOPSIS

+ +
__declspec(dllexport) void **OPENSSL_Applink();
+ +

DESCRIPTION

+ +

OPENSSL_Applink is application-side interface which provides a glue between OpenSSL BIO layer and Win32 compiler run-time environment. Even though it appears at application side, it's essentially OpenSSL private interface. For this reason application developers are not expected to implement it, but to compile provided module with compiler of their choice and link it into the target application. The referred module is available as applink.c, located alongside the public header files (only on the platforms where applicable).

+ +

RETURN VALUES

+ +

Not available.

+ +

COPYRIGHT

+ +

Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_LH_COMPFUNC.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_LH_COMPFUNC.html new file mode 100644 index 00000000..0afff468 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_LH_COMPFUNC.html @@ -0,0 +1,176 @@ + + + + +OPENSSL_LH_COMPFUNC + + + + + + + + + + +

NAME

+ +

LHASH, DECLARE_LHASH_OF, OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC, LHASH_DOALL_ARG_FN_TYPE, IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, lh_TYPE_new, lh_TYPE_free, lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error - dynamic hash table

+ +

SYNOPSIS

+ +
#include <openssl/lhash.h>
+
+DECLARE_LHASH_OF(TYPE);
+
+LHASH *lh_TYPE_new(OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC compare);
+void lh_TYPE_free(LHASH_OF(TYPE) *table);
+
+TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data);
+TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data);
+TYPE *lh_retrieve(LHASH_OF(TYPE) *table, TYPE *data);
+
+void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func);
+void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func,
+                       TYPE *arg);
+
+int lh_TYPE_error(LHASH_OF(TYPE) *table);
+
+typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *);
+typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *);
+typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *);
+typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *);
+ +

DESCRIPTION

+ +

This library implements type-checked dynamic hash tables. The hash table entries can be arbitrary structures. Usually they consist of key and value fields. In the description here, TYPE is used a placeholder for any of the OpenSSL datatypes, such as SSL_SESSION.

+ +

lh_TYPE_new() creates a new LHASH_OF(TYPE) structure to store arbitrary data entries, and specifies the 'hash' and 'compare' callbacks to be used in organising the table's entries. The hash callback takes a pointer to a table entry as its argument and returns an unsigned long hash value for its key field. The hash value is normally truncated to a power of 2, so make sure that your hash function returns well mixed low order bits. The compare callback takes two arguments (pointers to two hash table entries), and returns 0 if their keys are equal, non-zero otherwise.

+ +

If your hash table will contain items of some particular type and the hash and compare callbacks hash/compare these types, then the IMPLEMENT_LHASH_HASH_FN and IMPLEMENT_LHASH_COMP_FN macros can be used to create callback wrappers of the prototypes required by lh_TYPE_new() as shown in this example:

+ +
/*
+ * Implement the hash and compare functions; "stuff" can be any word.
+ */
+static unsigned long stuff_hash(const TYPE *a)
+{
+    ...
+}
+static int stuff_cmp(const TYPE *a, const TYPE *b)
+{
+    ...
+}
+
+/*
+ * Implement the wrapper functions.
+ */
+static IMPLEMENT_LHASH_HASH_FN(stuff, TYPE)
+static IMPLEMENT_LHASH_COMP_FN(stuff, TYPE)
+ +

If the type is going to be used in several places, the following macros can be used in a common header file to declare the function wrappers:

+ +
DECLARE_LHASH_HASH_FN(stuff, TYPE)
+DECLARE_LHASH_COMP_FN(stuff, TYPE)
+ +

Then a hash table of TYPE objects can be created using this:

+ +
LHASH_OF(TYPE) *htable;
+
+htable = lh_TYPE_new(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff));
+ +

lh_TYPE_free() frees the LHASH_OF(TYPE) structure table. Allocated hash table entries will not be freed; consider using lh_TYPE_doall() to deallocate any remaining entries in the hash table (see below).

+ +

lh_TYPE_insert() inserts the structure pointed to by data into table. If there already is an entry with the same key, the old value is replaced. Note that lh_TYPE_insert() stores pointers, the data are not copied.

+ +

lh_TYPE_delete() deletes an entry from table.

+ +

lh_TYPE_retrieve() looks up an entry in table. Normally, data is a structure with the key field(s) set; the function will return a pointer to a fully populated structure.

+ +

lh_TYPE_doall() will, for every entry in the hash table, call func with the data item as its parameter. For example:

+ +
/* Cleans up resources belonging to 'a' (this is implemented elsewhere) */
+void TYPE_cleanup_doall(TYPE *a);
+
+/* Implement a prototype-compatible wrapper for "TYPE_cleanup" */
+IMPLEMENT_LHASH_DOALL_FN(TYPE_cleanup, TYPE)
+
+/* Call "TYPE_cleanup" against all items in a hash table. */
+lh_TYPE_doall(hashtable, LHASH_DOALL_FN(TYPE_cleanup));
+
+/* Then the hash table itself can be deallocated */
+lh_TYPE_free(hashtable);
+ +

When doing this, be careful if you delete entries from the hash table in your callbacks: the table may decrease in size, moving the item that you are currently on down lower in the hash table - this could cause some entries to be skipped during the iteration. The second best solution to this problem is to set hash->down_load=0 before you start (which will stop the hash table ever decreasing in size). The best solution is probably to avoid deleting items from the hash table inside a "doall" callback!

+ +

lh_TYPE_doall_arg() is the same as lh_TYPE_doall() except that func will be called with arg as the second argument and func should be of type LHASH_DOALL_ARG_FN_TYPE (a callback prototype that is passed both the table entry and an extra argument). As with lh_doall(), you can instead choose to declare your callback with a prototype matching the types you are dealing with and use the declare/implement macros to create compatible wrappers that cast variables before calling your type-specific callbacks. An example of this is demonstrated here (printing all hash table entries to a BIO that is provided by the caller):

+ +
/* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */
+void TYPE_print_doall_arg(const TYPE *a, BIO *output_bio);
+
+/* Implement a prototype-compatible wrapper for "TYPE_print" */
+static IMPLEMENT_LHASH_DOALL_ARG_FN(TYPE, const TYPE, BIO)
+
+/* Print out the entire hashtable to a particular BIO */
+lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO,
+                  logging_bio);
+ +

lh_TYPE_error() can be used to determine if an error occurred in the last operation.

+ +

RETURN VALUES

+ +

lh_TYPE_new() returns NULL on error, otherwise a pointer to the new LHASH structure.

+ +

When a hash table entry is replaced, lh_TYPE_insert() returns the value being replaced. NULL is returned on normal operation and on error.

+ +

lh_TYPE_delete() returns the entry being deleted. NULL is returned if there is no such value in the hash table.

+ +

lh_TYPE_retrieve() returns the hash table entry if it has been found, NULL otherwise.

+ +

lh_TYPE_error() returns 1 if an error occurred in the last operation, 0 otherwise. It's meaningful only after non-retrieve operations.

+ +

lh_TYPE_free(), lh_TYPE_doall() and lh_TYPE_doall_arg() return no values.

+ +

NOTE

+ +

The LHASH code is not thread safe. All updating operations, as well as lh_TYPE_error call must be performed under a write lock. All retrieve operations should be performed under a read lock, unless accurate usage statistics are desired. In which case, a write lock should be used for retrieve operations as well. For output of the usage statistics, using the functions from OPENSSL_LH_stats(3), a read lock suffices.

+ +

The LHASH code regards table entries as constant data. As such, it internally represents lh_insert()'d items with a "const void *" pointer type. This is why callbacks such as those used by lh_doall() and lh_doall_arg() declare their prototypes with "const", even for the parameters that pass back the table items' data pointers - for consistency, user-provided data is "const" at all times as far as the LHASH code is concerned. However, as callers are themselves providing these pointers, they can choose whether they too should be treating all such parameters as constant.

+ +

As an example, a hash table may be maintained by code that, for reasons of encapsulation, has only "const" access to the data being indexed in the hash table (ie. it is returned as "const" from elsewhere in their code) - in this case the LHASH prototypes are appropriate as-is. Conversely, if the caller is responsible for the life-time of the data in question, then they may well wish to make modifications to table item passed back in the lh_doall() or lh_doall_arg() callbacks (see the "TYPE_cleanup" example above). If so, the caller can either cast the "const" away (if they're providing the raw callbacks themselves) or use the macros to declare/implement the wrapper functions without "const" types.

+ +

Callers that only have "const" access to data they're indexing in a table, yet declare callbacks without constant types (or cast the "const" away themselves), are therefore creating their own risks/bugs without being encouraged to do so by the API. On a related note, those auditing code should pay special attention to any instances of DECLARE/IMPLEMENT_LHASH_DOALL_[ARG_]_FN macros that provide types without any "const" qualifiers.

+ +

BUGS

+ +

lh_TYPE_insert() returns NULL both for success and error.

+ +

SEE ALSO

+ +

OPENSSL_LH_stats(3)

+ +

HISTORY

+ +

In OpenSSL 1.0.0, the lhash interface was revamped for better type checking.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_LH_stats.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_LH_stats.html new file mode 100644 index 00000000..6b088f44 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_LH_stats.html @@ -0,0 +1,75 @@ + + + + +OPENSSL_LH_stats + + + + + + + + + + +

NAME

+ +

OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio - LHASH statistics

+ +

SYNOPSIS

+ +
#include <openssl/lhash.h>
+
+void OPENSSL_LH_stats(LHASH *table, FILE *out);
+void OPENSSL_LH_node_stats(LHASH *table, FILE *out);
+void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out);
+
+void OPENSSL_LH_stats_bio(LHASH *table, BIO *out);
+void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out);
+void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out);
+ +

DESCRIPTION

+ +

The LHASH structure records statistics about most aspects of accessing the hash table.

+ +

OPENSSL_LH_stats() prints out statistics on the size of the hash table, how many entries are in it, and the number and result of calls to the routines in this library.

+ +

OPENSSL_LH_node_stats() prints the number of entries for each 'bucket' in the hash table.

+ +

OPENSSL_LH_node_usage_stats() prints out a short summary of the state of the hash table. It prints the 'load' and the 'actual load'. The load is the average number of data items per 'bucket' in the hash table. The 'actual load' is the average number of items per 'bucket', but only for buckets which contain entries. So the 'actual load' is the average number of searches that will need to find an item in the hash table, while the 'load' is the average number that will be done to record a miss.

+ +

OPENSSL_LH_stats_bio(), OPENSSL_LH_node_stats_bio() and OPENSSL_LH_node_usage_stats_bio() are the same as the above, except that the output goes to a BIO.

+ +

RETURN VALUES

+ +

These functions do not return values.

+ +

NOTE

+ +

These calls should be made under a read lock. Refer to "NOTE" in OPENSSL_LH_COMPFUNC(3) for more details about the locks required when using the LHASH data structure.

+ +

SEE ALSO

+ +

bio(7), OPENSSL_LH_COMPFUNC(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_VERSION_NUMBER.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_VERSION_NUMBER.html new file mode 100644 index 00000000..1e257b2d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_VERSION_NUMBER.html @@ -0,0 +1,132 @@ + + + + +OPENSSL_VERSION_NUMBER + + + + + + + + + + +

NAME

+ +

OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version, OpenSSL_version_num - get OpenSSL version number

+ +

SYNOPSIS

+ +
#include <openssl/opensslv.h>
+#define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
+#define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx"
+
+#include <openssl/crypto.h>
+
+unsigned long OpenSSL_version_num();
+const char *OpenSSL_version(int t);
+ +

DESCRIPTION

+ +

OPENSSL_VERSION_NUMBER is a numeric release version identifier:

+ +
MNNFFPPS: major minor fix patch status
+ +

The status nibble has one of the values 0 for development, 1 to e for betas 1 to 14, and f for release.

+ +

for example

+ +
0x000906000 == 0.9.6 dev
+0x000906023 == 0.9.6b beta 3
+0x00090605f == 0.9.6e release
+ +

Versions prior to 0.9.3 have identifiers < 0x0930. Versions between 0.9.3 and 0.9.5 had a version identifier with this interpretation:

+ +
MMNNFFRBB major minor fix final beta/patch
+ +

for example

+ +
0x000904100 == 0.9.4 release
+0x000905000 == 0.9.5 dev
+ +

Version 0.9.5a had an interim interpretation that is like the current one, except the patch level got the highest bit set, to keep continuity. The number was therefore 0x0090581f.

+ +

OPENSSL_VERSION_TEXT is the text variant of the version number and the release date. For example, "OpenSSL 1.0.1a 15 Oct 2015".

+ +

OpenSSL_version_num() returns the version number.

+ +

OpenSSL_version() returns different strings depending on t:

+ +
+ +
OPENSSL_VERSION
+
+ +

The text variant of the version number and the release date. For example, "OpenSSL 1.0.1a 15 Oct 2015".

+ +
+
OPENSSL_CFLAGS
+
+ +

The compiler flags set for the compilation process in the form "compiler: ..." if available or "compiler: information not available" otherwise.

+ +
+
OPENSSL_BUILT_ON
+
+ +

The date of the build process in the form "built on: ..." if available or "built on: date not available" otherwise.

+ +
+
OPENSSL_PLATFORM
+
+ +

The "Configure" target of the library build in the form "platform: ..." if available or "platform: information not available" otherwise.

+ +
+
OPENSSL_DIR
+
+ +

The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "..."" if available or "OPENSSLDIR: N/A" otherwise.

+ +
+
OPENSSL_ENGINES_DIR
+
+ +

The "ENGINESDIR" setting of the library build in the form "ENGINESDIR: "..."" if available or "ENGINESDIR: N/A" otherwise.

+ +
+
+ +

For an unknown t, the text "not available" is returned.

+ +

RETURN VALUES

+ +

OpenSSL_version_num() returns the version number.

+ +

OpenSSL_version() returns requested version strings.

+ +

SEE ALSO

+ +

crypto(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_config.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_config.html new file mode 100644 index 00000000..3a6b8ba2 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_config.html @@ -0,0 +1,88 @@ + + + + +OPENSSL_config + + + + + + + + + + +

NAME

+ +

OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions

+ +

SYNOPSIS

+ +
#include <openssl/conf.h>
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void OPENSSL_config(const char *appname);
+void OPENSSL_no_config(void);
+#endif
+ +

DESCRIPTION

+ +

OPENSSL_config() configures OpenSSL using the standard openssl.cnf and reads from the application section appname. If appname is NULL then the default section, openssl_conf, will be used. Errors are silently ignored. Multiple calls have no effect.

+ +

OPENSSL_no_config() disables configuration. If called before OPENSSL_config() no configuration takes place.

+ +

If the application is built with OPENSSL_LOAD_CONF defined, then a call to OpenSSL_add_all_algorithms() will implicitly call OPENSSL_config() first.

+ +

NOTES

+ +

The OPENSSL_config() function is designed to be a very simple "call it and forget it" function. It is however much better than nothing. Applications which need finer control over their configuration functionality should use the configuration functions such as CONF_modules_load() directly. This function is deprecated and its use should be avoided. Applications should instead call CONF_modules_load() during initialization (that is before starting any threads).

+ +

There are several reasons why calling the OpenSSL configuration routines is advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). However very few applications currently support the control interface and so very few can load and use dynamic ENGINEs. Equally in future more sophisticated ENGINEs will require certain control operations to customize them. If an application calls OPENSSL_config() it doesn't need to know or care about ENGINE control operations because they can be performed by editing a configuration file.

+ +

ENVIRONMENT

+ +
+ +
OPENSSL_CONF
+
+ +

The path to the config file. Ignored in set-user-ID and set-group-ID programs.

+ +
+
+ +

RETURN VALUES

+ +

Neither OPENSSL_config() nor OPENSSL_no_config() return a value.

+ +

SEE ALSO

+ +

config(5), CONF_modules_load_file(3)

+ +

HISTORY

+ +

The OPENSSL_no_config() and OPENSSL_config() functions were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto().

+ +

COPYRIGHT

+ +

Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_fork_prepare.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_fork_prepare.html new file mode 100644 index 00000000..55058e48 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_fork_prepare.html @@ -0,0 +1,67 @@ + + + + +OPENSSL_fork_prepare + + + + + + + + + + +

NAME

+ +

OPENSSL_fork_prepare, OPENSSL_fork_parent, OPENSSL_fork_child - OpenSSL fork handlers

+ +

SYNOPSIS

+ +
#include <openssl/crypto.h>
+
+void OPENSSL_fork_prepare(void);
+void OPENSSL_fork_parent(void);
+void OPENSSL_fork_child(void);
+ +

DESCRIPTION

+ +

OpenSSL has state that should be reset when a process forks. For example, the entropy pool used to generate random numbers (and therefore encryption keys) should not be shared across multiple programs. The OPENSSL_fork_prepare(), OPENSSL_fork_parent(), and OPENSSL_fork_child() functions are used to reset this internal state.

+ +

Platforms without fork(2) will probably not need to use these functions. Platforms with fork(2) but without pthread_atfork(3) will probably need to call them manually, as described in the following paragraph. Platforms such as Linux that have both functions will normally not need to call these functions as the OpenSSL library will do so automatically.

+ +

OPENSSL_init_crypto(3) will register these functions with the appropriate handler, when the OPENSSL_INIT_ATFORK flag is used. For other applications, these functions can be called directly. They should be used according to the calling sequence described by the pthread_atfork(3) documentation, which is summarized here. OPENSSL_fork_prepare() should be called before a fork() is done. After the fork() returns, the parent process should call OPENSSL_fork_parent() and the child process should call OPENSSL_fork_child().

+ +

RETURN VALUES

+ +

OPENSSL_fork_prepare(), OPENSSL_fork_parent() and OPENSSL_fork_child() do not return values.

+ +

SEE ALSO

+ +

OPENSSL_init_crypto(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_ia32cap.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_ia32cap.html new file mode 100644 index 00000000..473cf8fe --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_ia32cap.html @@ -0,0 +1,206 @@ + + + + +OPENSSL_ia32cap + + + + + + + + + + +

NAME

+ +

OPENSSL_ia32cap - the x86[_64] processor capabilities vector

+ +

SYNOPSIS

+ +
env OPENSSL_ia32cap=... <application>
+ +

DESCRIPTION

+ +

OpenSSL supports a range of x86[_64] instruction set extensions. These extensions are denoted by individual bits in capability vector returned by processor in EDX:ECX register pair after executing CPUID instruction with EAX=1 input value (see Intel Application Note #241618). This vector is copied to memory upon toolkit initialization and used to choose between different code paths to provide optimal performance across wide range of processors. For the moment of this writing following bits are significant:

+ +
+ +
bit #4 denoting presence of Time-Stamp Counter.
+
+ +
+
bit #19 denoting availability of CLFLUSH instruction;
+
+ +
+
bit #20, reserved by Intel, is used to choose among RC4 code paths;
+
+ +
+
bit #23 denoting MMX support;
+
+ +
+
bit #24, FXSR bit, denoting availability of XMM registers;
+
+ +
+
bit #25 denoting SSE support;
+
+ +
+
bit #26 denoting SSE2 support;
+
+ +
+
bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;
+
+ +
+
bit #30, reserved by Intel, denotes specifically Intel CPUs;
+
+ +
+
bit #33 denoting availability of PCLMULQDQ instruction;
+
+ +
+
bit #41 denoting SSSE3, Supplemental SSE3, support;
+
+ +
+
bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);
+
+ +
+
bit #54 denoting availability of MOVBE instruction;
+
+ +
+
bit #57 denoting AES-NI instruction set extension;
+
+ +
+
bit #58, XSAVE bit, lack of which in combination with MOVBE is used to identify Atom Silvermont core;
+
+ +
+
bit #59, OSXSAVE bit, denoting availability of YMM registers;
+
+ +
+
bit #60 denoting AVX extension;
+
+ +
+
bit #62 denoting availability of RDRAND instruction;
+
+ +
+
+ +

For example, in 32-bit application context clearing bit #26 at run-time disables high-performance SSE2 code present in the crypto library, while clearing bit #24 disables SSE2 code operating on 128-bit XMM register bank. You might have to do the latter if target OpenSSL application is executed on SSE2 capable CPU, but under control of OS that does not enable XMM registers. Historically address of the capability vector copy was exposed to application through OPENSSL_ia32cap_loc(), but not anymore. Now the only way to affect the capability detection is to set OPENSSL_ia32cap environment variable prior target application start. To give a specific example, on Intel P4 processor 'env OPENSSL_ia32cap=0x16980010 apps/openssl', or better yet 'env OPENSSL_ia32cap=~0x1000000 apps/openssl' would achieve the desired effect. Alternatively you can reconfigure the toolkit with no-sse2 option and recompile.

+ +

Less intuitive is clearing bit #28, or ~0x10000000 in the "environment variable" terms. The truth is that it's not copied from CPUID output verbatim, but is adjusted to reflect whether or not the data cache is actually shared between logical cores. This in turn affects the decision on whether or not expensive countermeasures against cache-timing attacks are applied, most notably in AES assembler module.

+ +

The capability vector is further extended with EBX value returned by CPUID with EAX=7 and ECX=0 as input. Following bits are significant:

+ +
+ +
bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;
+
+ +
+
bit #64+5 denoting availability of AVX2 instructions;
+
+ +
+
bit #64+8 denoting availability of BMI2 instructions, e.g. MULX and RORX;
+
+ +
+
bit #64+16 denoting availability of AVX512F extension;
+
+ +
+
bit #64+18 denoting availability of RDSEED instruction;
+
+ +
+
bit #64+19 denoting availability of ADCX and ADOX instructions;
+
+ +
+
bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, a.k.a. AVX512IFMA extension;
+
+ +
+
bit #64+29 denoting availability of SHA extension;
+
+ +
+
bit #64+30 denoting availability of AVX512BW extension;
+
+ +
+
bit #64+31 denoting availability of AVX512VL extension;
+
+ +
+
bit #64+41 denoting availability of VAES extension;
+
+ +
+
bit #64+42 denoting availability of VPCLMULQDQ extension;
+
+ +
+
+ +

To control this extended capability word use ':' as delimiter when setting up OPENSSL_ia32cap environment variable. For example assigning ':~0x20' would disable AVX2 code paths, and ':0' - all post-AVX extensions.

+ +

It should be noted that whether or not some of the most "fancy" extension code paths are actually assembled depends on current assembler version. Base minimum of AES-NI/PCLMULQDQ, SSSE3 and SHA extension code paths are always assembled. Apart from that, minimum assembler version requirements are summarized in below table:

+ +
Extension   | GNU as | nasm   | llvm
+------------+--------+--------+--------
+AVX         | 2.19   | 2.09   | 3.0
+AVX2        | 2.22   | 2.10   | 3.1
+ADCX/ADOX   | 2.23   | 2.10   | 3.3
+AVX512      | 2.25   | 2.11.8 | see NOTES
+AVX512IFMA  | 2.26   | 2.11.8 | see NOTES
+VAES        | 2.30   | 2.13.3 |
+ +

NOTES

+ +

Even though AVX512 support was implemented in llvm 3.6, compilation of assembly modules apparently requires explicit -march flag. But then compiler generates processor-specific code, which in turn contradicts the mere idea of run-time switch execution facilitated by the variable in question. Till the limitation is lifted, it's possible to work around the problem by making build procedure use following script:

+ +
#!/bin/sh
+exec clang -no-integrated-as "$@"
+ +

instead of real clang. In which case it doesn't matter which clang version is used, as it is GNU assembler version that will be checked.

+ +

RETURN VALUES

+ +

Not available.

+ +

COPYRIGHT

+ +

Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_init_crypto.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_init_crypto.html new file mode 100644 index 00000000..96905d69 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_init_crypto.html @@ -0,0 +1,221 @@ + + + + +OPENSSL_init_crypto + + + + + + + + + + +

NAME

+ +

OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL initialisation and deinitialisation functions

+ +

SYNOPSIS

+ +
#include <openssl/crypto.h>
+
+void OPENSSL_cleanup(void);
+int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+int OPENSSL_atexit(void (*handler)(void));
+void OPENSSL_thread_stop(void);
+
+OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
+int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init,
+                                     const char* filename);
+int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init,
+                                       unsigned long flags);
+int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
+                                    const char* name);
+void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
+ +

DESCRIPTION

+ +

During normal operation OpenSSL (libcrypto) will allocate various resources at start up that must, subsequently, be freed on close down of the library. Additionally some resources are allocated on a per thread basis (if the application is multi-threaded), and these resources must be freed prior to the thread closing.

+ +

As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required.

+ +

However, there may be situations when explicit initialisation is desirable or needed, for example when some non-default initialisation is required. The function OPENSSL_init_crypto() can be used for this purpose for libcrypto (see also OPENSSL_init_ssl(3) for the libssl equivalent).

+ +

Numerous internal OpenSSL functions call OPENSSL_init_crypto(). Therefore, in order to perform non-default initialisation, OPENSSL_init_crypto() MUST be called by application code prior to any other OpenSSL function calls.

+ +

The opts parameter specifies which aspects of libcrypto should be initialised. Valid options are:

+ +
+ +
OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
+
+ +

Suppress automatic loading of the libcrypto error strings. This option is not a default option. Once selected subsequent calls to OPENSSL_init_crypto() with the option OPENSSL_INIT_LOAD_CRYPTO_STRINGS will be ignored.

+ +
+
OPENSSL_INIT_LOAD_CRYPTO_STRINGS
+
+ +

Automatic loading of the libcrypto error strings. With this option the library will automatically load the libcrypto error strings. This option is a default option. Once selected subsequent calls to OPENSSL_init_crypto() with the option OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS will be ignored.

+ +
+
OPENSSL_INIT_ADD_ALL_CIPHERS
+
+ +

With this option the library will automatically load and make available all libcrypto ciphers. This option is a default option. Once selected subsequent calls to OPENSSL_init_crypto() with the option OPENSSL_INIT_NO_ADD_ALL_CIPHERS will be ignored.

+ +
+
OPENSSL_INIT_ADD_ALL_DIGESTS
+
+ +

With this option the library will automatically load and make available all libcrypto digests. This option is a default option. Once selected subsequent calls to OPENSSL_init_crypto() with the option OPENSSL_INIT_NO_ADD_ALL_CIPHERS will be ignored.

+ +
+
OPENSSL_INIT_NO_ADD_ALL_CIPHERS
+
+ +

With this option the library will suppress automatic loading of libcrypto ciphers. This option is not a default option. Once selected subsequent calls to OPENSSL_init_crypto() with the option OPENSSL_INIT_ADD_ALL_CIPHERS will be ignored.

+ +
+
OPENSSL_INIT_NO_ADD_ALL_DIGESTS
+
+ +

With this option the library will suppress automatic loading of libcrypto digests. This option is not a default option. Once selected subsequent calls to OPENSSL_init_crypto() with the option OPENSSL_INIT_ADD_ALL_DIGESTS will be ignored.

+ +
+
OPENSSL_INIT_LOAD_CONFIG
+
+ +

With this option an OpenSSL configuration file will be automatically loaded and used by calling OPENSSL_config(). This is not a default option for libcrypto. As of OpenSSL 1.1.1 this is a default option for libssl (see OPENSSL_init_ssl(3) for further details about libssl initialisation). See the description of OPENSSL_INIT_new(), below.

+ +
+
OPENSSL_INIT_NO_LOAD_CONFIG
+
+ +

With this option the loading of OpenSSL configuration files will be suppressed. It is the equivalent of calling OPENSSL_no_config(). This is not a default option.

+ +
+
OPENSSL_INIT_ASYNC
+
+ +

With this option the library with automatically initialise the libcrypto async sub-library (see ASYNC_start_job(3)). This is a default option.

+ +
+
OPENSSL_INIT_ENGINE_RDRAND
+
+ +

With this option the library will automatically load and initialise the RDRAND engine (if available). This not a default option.

+ +
+
OPENSSL_INIT_ENGINE_DYNAMIC
+
+ +

With this option the library will automatically load and initialise the dynamic engine. This not a default option.

+ +
+
OPENSSL_INIT_ENGINE_OPENSSL
+
+ +

With this option the library will automatically load and initialise the openssl engine. This not a default option.

+ +
+
OPENSSL_INIT_ENGINE_CRYPTODEV
+
+ +

With this option the library will automatically load and initialise the cryptodev engine (if available). This not a default option.

+ +
+
OPENSSL_INIT_ENGINE_CAPI
+
+ +

With this option the library will automatically load and initialise the CAPI engine (if available). This not a default option.

+ +
+
OPENSSL_INIT_ENGINE_PADLOCK
+
+ +

With this option the library will automatically load and initialise the padlock engine (if available). This not a default option.

+ +
+
OPENSSL_INIT_ENGINE_AFALG
+
+ +

With this option the library will automatically load and initialise the AFALG engine. This not a default option.

+ +
+
OPENSSL_INIT_ENGINE_ALL_BUILTIN
+
+ +

With this option the library will automatically load and initialise all the built in engines listed above with the exception of the openssl and afalg engines. This not a default option.

+ +
+
OPENSSL_INIT_ATFORK
+
+ +

With this option the library will register its fork handlers. See OPENSSL_fork_prepare(3) for details.

+ +
+
OPENSSL_INIT_NO_ATEXIT
+
+ +

By default OpenSSL will attempt to clean itself up when the process exits via an "atexit" handler. Using this option suppresses that behaviour. This means that the application will have to clean up OpenSSL explicitly using OPENSSL_cleanup().

+ +
+
+ +

Multiple options may be combined together in a single call to OPENSSL_init_crypto(). For example:

+ +
OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
+                    | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
+ +

The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto and libssl). All resources allocated by OpenSSL are freed. Typically there should be no need to call this function directly as it is initiated automatically on application exit. This is done via the standard C library atexit() function. In the event that the application will close in a manner that will not call the registered atexit() handlers then the application should call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL are discouraged from calling this function and should instead, typically, rely on auto-deinitialisation. This is to avoid error conditions where both an application and a library it depends on both use OpenSSL, and the library deinitialises it before the application has finished using it.

+ +

Once OPENSSL_cleanup() has been called the library cannot be reinitialised. Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error will be added to the error stack. Note that because initialisation has failed OpenSSL error strings will not be available, only an error code. This code can be put through the openssl errstr command line application to produce a human readable error (see errstr(1)).

+ +

The OPENSSL_atexit() function enables the registration of a function to be called during OPENSSL_cleanup(). Stop handlers are called after deinitialisation of resources local to a thread, but before other process wide resources are freed. In the event that multiple stop handlers are registered, no guarantees are made about the order of execution.

+ +

The OPENSSL_thread_stop() function deallocates resources associated with the current thread. Typically this function will be called automatically by the library when the thread exits. This should only be called directly if resources should be freed at an earlier time, or under the circumstances described in the NOTES section below.

+ +

The OPENSSL_INIT_LOAD_CONFIG flag will load a configuration file, as with CONF_modules_load_file(3) with NULL filename and application name and the CONF_MFLAGS_IGNORE_MISSING_FILE, CONF_MFLAGS_IGNORE_RETURN_CODES and CONF_MFLAGS_DEFAULT_SECTION flags. The filename, application name, and flags can be customized by providing a non-null OPENSSL_INIT_SETTINGS object. The object can be allocated via OPENSSL_init_new(). The OPENSSL_INIT_set_config_filename() function can be used to specify a non-default filename, which is copied and need not refer to persistent storage. Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a non-default application name. Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. If the CONF_MFLAGS_IGNORE_RETURN_CODES flag is not included, any errors in the configuration file will cause an error return from OPENSSL_init_crypto or indirectly OPENSSL_init_ssl(3). The object can be released with OPENSSL_INIT_free() when done.

+ +

NOTES

+ +

Resources local to a thread are deallocated automatically when the thread exits (e.g. in a pthreads environment, when pthread_exit() is called). On Windows platforms this is done in response to a DLL_THREAD_DETACH message being sent to the libcrypto32.dll entry point. Some windows functions may cause threads to exit without sending this message (for example ExitProcess()). If the application uses such functions, then the application must free up OpenSSL resources directly via a call to OPENSSL_thread_stop() on each thread. Similarly this message will also not be sent if OpenSSL is linked statically, and therefore applications using static linking should also call OPENSSL_thread_stop() on each thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the threads are not destroyed until after FreeLibrary() is called then each thread should call OPENSSL_thread_stop() prior to the FreeLibrary() call.

+ +

On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is multi-threaded and if dlclose() is subsequently called prior to the threads being destroyed then OpenSSL will not be able to deallocate resources associated with those threads. The application should either call OPENSSL_thread_stop() on each thread prior to the dlclose() call, or alternatively the original dlopen() call should use the RTLD_NODELETE flag (where available on the platform).

+ +

RETURN VALUES

+ +

The functions OPENSSL_init_crypto, OPENSSL_atexit() and OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error.

+ +

SEE ALSO

+ +

OPENSSL_init_ssl(3)

+ +

HISTORY

+ +

The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(), OPENSSL_thread_stop(), OPENSSL_INIT_new(), OPENSSL_INIT_set_config_appname() and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_init_ssl.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_init_ssl.html new file mode 100644 index 00000000..464a3000 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_init_ssl.html @@ -0,0 +1,87 @@ + + + + +OPENSSL_init_ssl + + + + + + + + + + +

NAME

+ +

OPENSSL_init_ssl - OpenSSL (libssl and libcrypto) initialisation

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+ +

DESCRIPTION

+ +

During normal operation OpenSSL (libssl and libcrypto) will allocate various resources at start up that must, subsequently, be freed on close down of the library. Additionally some resources are allocated on a per thread basis (if the application is multi-threaded), and these resources must be freed prior to the thread closing.

+ +

As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required.

+ +

However, there may be situations when explicit initialisation is desirable or needed, for example when some non-default initialisation is required. The function OPENSSL_init_ssl() can be used for this purpose. Calling this function will explicitly initialise BOTH libcrypto and libssl. To explicitly initialise ONLY libcrypto see the OPENSSL_init_crypto(3) function.

+ +

Numerous internal OpenSSL functions call OPENSSL_init_ssl(). Therefore, in order to perform non-default initialisation, OPENSSL_init_ssl() MUST be called by application code prior to any other OpenSSL function calls.

+ +

The opts parameter specifies which aspects of libssl and libcrypto should be initialised. Valid options for libcrypto are described on the OPENSSL_init_crypto(3) page. In addition to any libcrypto specific option the following libssl options can also be used:

+ +
+ +
OPENSSL_INIT_NO_LOAD_SSL_STRINGS
+
+ +

Suppress automatic loading of the libssl error strings. This option is not a default option. Once selected subsequent calls to OPENSSL_init_ssl() with the option OPENSSL_INIT_LOAD_SSL_STRINGS will be ignored.

+ +
+
OPENSSL_INIT_LOAD_SSL_STRINGS
+
+ +

Automatic loading of the libssl error strings. This option is a default option. Once selected subsequent calls to OPENSSL_init_ssl() with the option OPENSSL_INIT_LOAD_SSL_STRINGS will be ignored.

+ +
+
+ +

OPENSSL_init_ssl() takes a settings parameter which can be used to set parameter values. See OPENSSL_init_crypto(3) for details.

+ +

RETURN VALUES

+ +

The function OPENSSL_init_ssl() returns 1 on success or 0 on error.

+ +

SEE ALSO

+ +

OPENSSL_init_crypto(3)

+ +

HISTORY

+ +

The OPENSSL_init_ssl() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_instrument_bus.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_instrument_bus.html new file mode 100644 index 00000000..d4e332a4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_instrument_bus.html @@ -0,0 +1,58 @@ + + + + +OPENSSL_instrument_bus + + + + + + + + + + +

NAME

+ +

OPENSSL_instrument_bus, OPENSSL_instrument_bus2 - instrument references to memory bus

+ +

SYNOPSIS

+ +
#ifdef OPENSSL_CPUID_OBJ
+size_t OPENSSL_instrument_bus(int *vector, size_t num);
+size_t OPENSSL_instrument_bus2(int *vector, size_t num, size_t max);
+#endif
+ +

DESCRIPTION

+ +

It was empirically found that timings of references to primary memory are subject to irregular, apparently non-deterministic variations. The subroutines in question instrument these references for purposes of gathering randomness for random number generator. In order to make it bus-bound a 'flush cache line' instruction is used between probes. In addition probes are added to vector elements in atomic or interlocked manner, which should contribute additional noise on multi-processor systems. This also means that vector[num] should be zeroed upon invocation (if you want to retrieve actual probe values).

+ +

OPENSSL_instrument_bus() performs num probes and records the number of oscillator cycles every probe took.

+ +

OPENSSL_instrument_bus2() on the other hand accumulates consecutive probes with the same value, i.e. in a way it records duration of periods when probe values appeared deterministic. The subroutine performs at most max probes in attempt to fill the vector[num], with max value of 0 meaning "as many as it takes."

+ +

RETURN VALUES

+ +

Return value of 0 indicates that CPU is not capable of performing the benchmark, either because oscillator counter or 'flush cache line' is not available on current platform. For reference, on x86 'flush cache line' was introduced with the SSE2 extensions.

+ +

Otherwise number of recorded values is returned.

+ +

COPYRIGHT

+ +

Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_load_builtin_modules.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_load_builtin_modules.html new file mode 100644 index 00000000..35b573ab --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_load_builtin_modules.html @@ -0,0 +1,71 @@ + + + + +OPENSSL_load_builtin_modules + + + + + + + + + + +

NAME

+ +

OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module - add standard configuration modules

+ +

SYNOPSIS

+ +
#include <openssl/conf.h>
+
+void OPENSSL_load_builtin_modules(void);
+void ASN1_add_oid_module(void);
+void ENGINE_add_conf_module(void);
+ +

DESCRIPTION

+ +

The function OPENSSL_load_builtin_modules() adds all the standard OpenSSL configuration modules to the internal list. They can then be used by the OpenSSL configuration code.

+ +

ASN1_add_oid_module() adds just the ASN1 OBJECT module.

+ +

ENGINE_add_conf_module() adds just the ENGINE configuration module.

+ +

NOTES

+ +

If the simple configuration function OPENSSL_config() is called then OPENSSL_load_builtin_modules() is called automatically.

+ +

Applications which use the configuration functions directly will need to call OPENSSL_load_builtin_modules() themselves before any other configuration code.

+ +

Applications should call OPENSSL_load_builtin_modules() to load all configuration modules instead of adding modules selectively: otherwise functionality may be missing from the application if an when new modules are added.

+ +

RETURN VALUES

+ +

None of the functions return a value.

+ +

SEE ALSO

+ +

config(5), OPENSSL_config(3)

+ +

COPYRIGHT

+ +

Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_malloc.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_malloc.html new file mode 100644 index 00000000..5c15c2f6 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_malloc.html @@ -0,0 +1,164 @@ + + + + +OPENSSL_malloc + + + + + + + + + + +

NAME

+ +

OPENSSL_malloc_init, OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free, OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse, CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free, OPENSSL_strdup, OPENSSL_strndup, OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat, OPENSSL_hexstr2buf, OPENSSL_buf2hexstr, OPENSSL_hexchar2int, CRYPTO_strdup, CRYPTO_strndup, OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop, CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop, CRYPTO_clear_realloc, CRYPTO_clear_free, CRYPTO_get_mem_functions, CRYPTO_set_mem_functions, CRYPTO_get_alloc_counts, CRYPTO_set_mem_debug, CRYPTO_mem_ctrl, CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp, CRYPTO_mem_leaks_cb, OPENSSL_MALLOC_FAILURES, OPENSSL_MALLOC_FD - Memory allocation functions

+ +

SYNOPSIS

+ +
#include <openssl/crypto.h>
+
+int OPENSSL_malloc_init(void)
+
+void *OPENSSL_malloc(size_t num)
+void *OPENSSL_zalloc(size_t num)
+void *OPENSSL_realloc(void *addr, size_t num)
+void OPENSSL_free(void *addr)
+char *OPENSSL_strdup(const char *str)
+char *OPENSSL_strndup(const char *str, size_t s)
+size_t OPENSSL_strlcat(char *dst, const char *src, size_t size);
+size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size);
+void *OPENSSL_memdup(void *data, size_t s)
+void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num)
+void OPENSSL_clear_free(void *str, size_t num)
+void OPENSSL_cleanse(void *ptr, size_t len);
+
+unsigned char *OPENSSL_hexstr2buf(const char *str, long *len);
+char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len);
+int OPENSSL_hexchar2int(unsigned char c);
+
+void *CRYPTO_malloc(size_t num, const char *file, int line)
+void *CRYPTO_zalloc(size_t num, const char *file, int line)
+void *CRYPTO_realloc(void *p, size_t num, const char *file, int line)
+void CRYPTO_free(void *str, const char *, int)
+char *CRYPTO_strdup(const char *p, const char *file, int line)
+char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line)
+void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num,
+                           const char *file, int line)
+void CRYPTO_clear_free(void *str, size_t num, const char *, int)
+
+void CRYPTO_get_mem_functions(
+        void *(**m)(size_t, const char *, int),
+        void *(**r)(void *, size_t, const char *, int),
+        void (**f)(void *, const char *, int))
+int CRYPTO_set_mem_functions(
+        void *(*m)(size_t, const char *, int),
+        void *(*r)(void *, size_t, const char *, int),
+        void (*f)(void *, const char *, int))
+
+void CRYPTO_get_alloc_counts(int *m, int *r, int *f)
+
+int CRYPTO_set_mem_debug(int onoff)
+
+env OPENSSL_MALLOC_FAILURES=... <application>
+env OPENSSL_MALLOC_FD=... <application>
+
+int CRYPTO_mem_ctrl(int mode);
+
+int OPENSSL_mem_debug_push(const char *info)
+int OPENSSL_mem_debug_pop(void);
+
+int CRYPTO_mem_debug_push(const char *info, const char *file, int line);
+int CRYPTO_mem_debug_pop(void);
+
+int CRYPTO_mem_leaks(BIO *b);
+int CRYPTO_mem_leaks_fp(FILE *fp);
+int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u),
+                        void *u);
+ +

DESCRIPTION

+ +

OpenSSL memory allocation is handled by the OPENSSL_xxx API. These are generally macro's that add the standard C __FILE__ and __LINE__ parameters and call a lower-level CRYPTO_xxx API. Some functions do not add those parameters, but exist for consistency.

+ +

OPENSSL_malloc_init() does nothing and does not need to be called. It is included for compatibility with older versions of OpenSSL.

+ +

OPENSSL_malloc(), OPENSSL_realloc(), and OPENSSL_free() are like the C malloc(), realloc(), and free() functions. OPENSSL_zalloc() calls memset() to zero the memory before returning.

+ +

OPENSSL_clear_realloc() and OPENSSL_clear_free() should be used when the buffer at addr holds sensitive information. The old buffer is filled with zero's by calling OPENSSL_cleanse() before ultimately calling OPENSSL_free().

+ +

OPENSSL_cleanse() fills ptr of size len with a string of 0's. Use OPENSSL_cleanse() with care if the memory is a mapping of a file. If the storage controller uses write compression, then its possible that sensitive tail bytes will survive zeroization because the block of zeros will be compressed. If the storage controller uses wear leveling, then the old sensitive data will not be overwritten; rather, a block of 0's will be written at a new physical location.

+ +

OPENSSL_strdup(), OPENSSL_strndup() and OPENSSL_memdup() are like the equivalent C functions, except that memory is allocated by calling the OPENSSL_malloc() and should be released by calling OPENSSL_free().

+ +

OPENSSL_strlcpy(), OPENSSL_strlcat() and OPENSSL_strnlen() are equivalents of the common C library functions and are provided for portability.

+ +

OPENSSL_hexstr2buf() parses str as a hex string and returns a pointer to the parsed value. The memory is allocated by calling OPENSSL_malloc() and should be released by calling OPENSSL_free(). If len is not NULL, it is filled in with the output length. Colons between two-character hex "bytes" are ignored. An odd number of hex digits is an error.

+ +

OPENSSL_buf2hexstr() takes the specified buffer and length, and returns a hex string for value, or NULL on error. Buffer cannot be NULL; if len is 0 an empty string is returned.

+ +

OPENSSL_hexchar2int() converts a character to the hexadecimal equivalent, or returns -1 on error.

+ +

If no allocations have been done, it is possible to "swap out" the default implementations for OPENSSL_malloc(), OPENSSL_realloc and OPENSSL_free() and replace them with alternate versions (hooks). CRYPTO_get_mem_functions() function fills in the given arguments with the function pointers for the current implementations. With CRYPTO_set_mem_functions(), you can specify a different set of functions. If any of m, r, or f are NULL, then the function is not changed.

+ +

The default implementation can include some debugging capability (if enabled at build-time). This adds some overhead by keeping a list of all memory allocations, and removes items from the list when they are free'd. This is most useful for identifying memory leaks. CRYPTO_set_mem_debug() turns this tracking on and off. In order to have any effect, is must be called before any of the allocation functions (e.g., CRYPTO_malloc()) are called, and is therefore normally one of the first lines of main() in an application. CRYPTO_mem_ctrl() provides fine-grained control of memory leak tracking. To enable tracking call CRYPTO_mem_ctrl() with a mode argument of the CRYPTO_MEM_CHECK_ON. To disable tracking call CRYPTO_mem_ctrl() with a mode argument of the CRYPTO_MEM_CHECK_OFF.

+ +

While checking memory, it can be useful to store additional context about what is being done. For example, identifying the field names when parsing a complicated data structure. OPENSSL_mem_debug_push() (which calls CRYPTO_mem_debug_push()) attaches an identifying string to the allocation stack. This must be a global or other static string; it is not copied. OPENSSL_mem_debug_pop() removes identifying state from the stack.

+ +

At the end of the program, calling CRYPTO_mem_leaks() or CRYPTO_mem_leaks_fp() will report all "leaked" memory, writing it to the specified BIO b or FILE fp. These functions return 1 if there are no leaks, 0 if there are leaks and -1 if an error occurred.

+ +

CRYPTO_mem_leaks_cb() does the same as CRYPTO_mem_leaks(), but instead of writing to a given BIO, the callback function is called for each output string with the string, length, and userdata u as the callback parameters.

+ +

If the library is built with the crypto-mdebug option, then one function, CRYPTO_get_alloc_counts(), and two additional environment variables, OPENSSL_MALLOC_FAILURES and OPENSSL_MALLOC_FD, are available.

+ +

The function CRYPTO_get_alloc_counts() fills in the number of times each of CRYPTO_malloc(), CRYPTO_realloc(), and CRYPTO_free() have been called, into the values pointed to by mcount, rcount, and fcount, respectively. If a pointer is NULL, then the corresponding count is not stored.

+ +

The variable OPENSSL_MALLOC_FAILURES controls how often allocations should fail. It is a set of fields separated by semicolons, which each field is a count (defaulting to zero) and an optional atsign and percentage (defaulting to 100). If the count is zero, then it lasts forever. For example, 100;@25 or 100@0;0@25 means the first 100 allocations pass, then all other allocations (until the program exits or crashes) have a 25% chance of failing.

+ +

If the variable OPENSSL_MALLOC_FD is parsed as a positive integer, then it is taken as an open file descriptor, and a record of all allocations is written to that descriptor. If an allocation will fail, and the platform supports it, then a backtrace will be written to the descriptor. This can be useful because a malloc may fail but not be checked, and problems will only occur later. The following example in classic shell syntax shows how to use this (will not work on all platforms):

+ +
OPENSSL_MALLOC_FAILURES='200;@10'
+export OPENSSL_MALLOC_FAILURES
+OPENSSL_MALLOC_FD=3
+export OPENSSL_MALLOC_FD
+...app invocation... 3>/tmp/log$$
+ +

RETURN VALUES

+ +

OPENSSL_malloc_init(), OPENSSL_free(), OPENSSL_clear_free() CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_get_mem_functions() return no value.

+ +

CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return 1 if there are no leaks, 0 if there are leaks and -1 if an error occurred.

+ +

OPENSSL_malloc(), OPENSSL_zalloc(), OPENSSL_realloc(), OPENSSL_clear_realloc(), CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_realloc(), CRYPTO_clear_realloc(), OPENSSL_buf2hexstr(), OPENSSL_hexstr2buf(), OPENSSL_strdup(), and OPENSSL_strndup() return a pointer to allocated memory or NULL on error.

+ +

CRYPTO_set_mem_functions() and CRYPTO_set_mem_debug() return 1 on success or 0 on failure (almost always because allocations have already happened).

+ +

CRYPTO_mem_ctrl() returns -1 if an error occurred, otherwise the previous value of the mode.

+ +

OPENSSL_mem_debug_push() and OPENSSL_mem_debug_pop() return 1 on success or 0 on failure.

+ +

NOTES

+ +

While it's permitted to swap out only a few and not all the functions with CRYPTO_set_mem_functions(), it's recommended to swap them all out at once. This applies specially if OpenSSL was built with the configuration option crypto-mdebug enabled. In case, swapping out only, say, the malloc() implementation is outright dangerous.

+ +

COPYRIGHT

+ +

Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_secure_malloc.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_secure_malloc.html new file mode 100644 index 00000000..fa09e139 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OPENSSL_secure_malloc.html @@ -0,0 +1,114 @@ + + + + +OPENSSL_secure_malloc + + + + + + + + + + +

NAME

+ +

CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, CRYPTO_secure_free, OPENSSL_secure_clear_free, CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, CRYPTO_secure_allocated, CRYPTO_secure_used - secure heap storage

+ +

SYNOPSIS

+ +
#include <openssl/crypto.h>
+
+int CRYPTO_secure_malloc_init(size_t size, int minsize);
+
+int CRYPTO_secure_malloc_initialized();
+
+int CRYPTO_secure_malloc_done();
+
+void *OPENSSL_secure_malloc(size_t num);
+void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
+
+void *OPENSSL_secure_zalloc(size_t num);
+void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
+
+void OPENSSL_secure_free(void* ptr);
+void CRYPTO_secure_free(void *ptr, const char *, int);
+
+void OPENSSL_secure_clear_free(void* ptr, size_t num);
+void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int);
+
+size_t OPENSSL_secure_actual_size(const void *ptr);
+
+int CRYPTO_secure_allocated(const void *ptr);
+size_t CRYPTO_secure_used();
+ +

DESCRIPTION

+ +

In order to help protect applications (particularly long-running servers) from pointer overruns or underruns that could return arbitrary data from the program's dynamic memory area, where keys and other sensitive information might be stored, OpenSSL supports the concept of a "secure heap." The level and type of security guarantees depend on the operating system. It is a good idea to review the code and see if it addresses your threat model and concerns.

+ +

If a secure heap is used, then private key BIGNUM values are stored there. This protects long-term storage of private keys, but will not necessarily put all intermediate values and computations there.

+ +

CRYPTO_secure_malloc_init() creates the secure heap, with the specified size in bytes. The minsize parameter is the minimum size to allocate from the heap. Both size and minsize must be a power of two.

+ +

CRYPTO_secure_malloc_initialized() indicates whether or not the secure heap as been initialized and is available.

+ +

CRYPTO_secure_malloc_done() releases the heap and makes the memory unavailable to the process if all secure memory has been freed. It can take noticeably long to complete.

+ +

OPENSSL_secure_malloc() allocates num bytes from the heap. If CRYPTO_secure_malloc_init() is not called, this is equivalent to calling OPENSSL_malloc(). It is a macro that expands to CRYPTO_secure_malloc() and adds the __FILE__ and __LINE__ parameters.

+ +

OPENSSL_secure_zalloc() and CRYPTO_secure_zalloc() are like OPENSSL_secure_malloc() and CRYPTO_secure_malloc(), respectively, except that they call memset() to zero the memory before returning.

+ +

OPENSSL_secure_free() releases the memory at ptr back to the heap. It must be called with a value previously obtained from OPENSSL_secure_malloc(). If CRYPTO_secure_malloc_init() is not called, this is equivalent to calling OPENSSL_free(). It exists for consistency with OPENSSL_secure_malloc() , and is a macro that expands to CRYPTO_secure_free() and adds the __FILE__ and __LINE__ parameters..

+ +

OPENSSL_secure_clear_free() is similar to OPENSSL_secure_free() except that it has an additional num parameter which is used to clear the memory if it was not allocated from the secure heap. If CRYPTO_secure_malloc_init() is not called, this is equivalent to calling OPENSSL_clear_free().

+ +

OPENSSL_secure_actual_size() tells the actual size allocated to the pointer; implementations may allocate more space than initially requested, in order to "round up" and reduce secure heap fragmentation.

+ +

OPENSSL_secure_allocated() tells if a pointer is allocated in the secure heap.

+ +

CRYPTO_secure_used() returns the number of bytes allocated in the secure heap.

+ +

RETURN VALUES

+ +

CRYPTO_secure_malloc_init() returns 0 on failure, 1 if successful, and 2 if successful but the heap could not be protected by memory mapping.

+ +

CRYPTO_secure_malloc_initialized() returns 1 if the secure heap is available (that is, if CRYPTO_secure_malloc_init() has been called, but CRYPTO_secure_malloc_done() has not been called or failed) or 0 if not.

+ +

OPENSSL_secure_malloc() and OPENSSL_secure_zalloc() return a pointer into the secure heap of the requested size, or NULL if memory could not be allocated.

+ +

CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 if not.

+ +

CRYPTO_secure_malloc_done() returns 1 if the secure memory area is released, or 0 if not.

+ +

OPENSSL_secure_free() and OPENSSL_secure_clear_free() return no values.

+ +

SEE ALSO

+ +

OPENSSL_malloc(3), BN_new(3)

+ +

HISTORY

+ +

The OPENSSL_secure_clear_free() function was added in OpenSSL 1.1.0g.

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OSSL_STORE_INFO.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OSSL_STORE_INFO.html new file mode 100644 index 00000000..ca1d9d8a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OSSL_STORE_INFO.html @@ -0,0 +1,163 @@ + + + + +OSSL_STORE_INFO + + + + + + + + + + +

NAME

+ +

OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, OSSL_STORE_INFO_get0_NAME_description, OSSL_STORE_INFO_get0_PARAMS, OSSL_STORE_INFO_get0_PKEY, OSSL_STORE_INFO_get0_CERT, OSSL_STORE_INFO_get0_CRL, OSSL_STORE_INFO_get1_NAME, OSSL_STORE_INFO_get1_NAME_description, OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PKEY, OSSL_STORE_INFO_get1_CERT, OSSL_STORE_INFO_get1_CRL, OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free, OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description, OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL - Functions to manipulate OSSL_STORE_INFO objects

+ +

SYNOPSIS

+ +
#include <openssl/store.h>
+
+typedef struct ossl_store_info_st OSSL_STORE_INFO;
+
+int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *store_info);
+const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *store_info);
+char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *store_info);
+const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO
+                                                  *store_info);
+char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *store_info);
+EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *store_info);
+EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *store_info);
+EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *store_info);
+EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *store_info);
+X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *store_info);
+X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *store_info);
+X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *store_info);
+X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *store_info);
+
+const char *OSSL_STORE_INFO_type_string(int type);
+
+void OSSL_STORE_INFO_free(OSSL_STORE_INFO *store_info);
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name);
+int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(DSA *dsa_params);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl);
+ +

DESCRIPTION

+ +

These functions are primarily useful for applications to retrieve supported objects from OSSL_STORE_INFO objects and for scheme specific loaders to create OSSL_STORE_INFO holders.

+ +

Types

+ +

OSSL_STORE_INFO is an opaque type that's just an intermediary holder for the objects that have been retrieved by OSSL_STORE_load() and similar functions. Supported OpenSSL type object can be extracted using one of STORE_INFO_get0_TYPE(). The life time of this extracted object is as long as the life time of the OSSL_STORE_INFO it was extracted from, so care should be taken not to free the latter too early. As an alternative, STORE_INFO_get1_TYPE() extracts a duplicate (or the same object with its reference count increased), which can be used after the containing OSSL_STORE_INFO has been freed. The object returned by STORE_INFO_get1_TYPE() must be freed separately by the caller. See "SUPPORTED OBJECTS" for more information on the types that are supported.

+ +

Functions

+ +

OSSL_STORE_INFO_get_type() takes a OSSL_STORE_INFO and returns the STORE type number for the object inside. STORE_INFO_get_type_string() takes a STORE type number and returns a short string describing it.

+ +

OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all take a OSSL_STORE_INFO and return the held object of the appropriate OpenSSL type provided that's what's held.

+ +

OSSL_STORE_INFO_get1_NAME(), OSSL_STORE_INFO_get1_NAME_description(), OSSL_STORE_INFO_get1_PARAMS(), OSSL_STORE_INFO_get1_PKEY(), OSSL_STORE_INFO_get1_CERT() and OSSL_STORE_INFO_get1_CRL() all take a OSSL_STORE_INFO and return a duplicate of the held object of the appropriate OpenSSL type provided that's what's held.

+ +

OSSL_STORE_INFO_free() frees a OSSL_STORE_INFO and its contained type.

+ +

OSSL_STORE_INFO_new_NAME() , OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() create a OSSL_STORE_INFO object to hold the given input object. Additionally, for OSSL_STORE_INFO_NAME` objects, OSSL_STORE_INFO_set0_NAME_description() can be used to add an extra description. This description is meant to be human readable and should be used for information printout.

+ +

SUPPORTED OBJECTS

+ +

Currently supported object types are:

+ +
+ +
OSSL_STORE_INFO_NAME
+
+ +

A name is exactly that, a name. It's like a name in a directory, but formatted as a complete URI. For example, the path in URI file:/foo/bar/ could include a file named cookie.pem, and in that case, the returned OSSL_STORE_INFO_NAME object would have the URI file:/foo/bar/cookie.pem, which can be used by the application to get the objects in that file. This can be applied to all schemes that can somehow support a listing of object URIs.

+ +

For file: URIs that are used without the explicit scheme, the returned name will be the path of each object, so if /foo/bar was given and that path has the file cookie.pem, the name /foo/bar/cookie.pem will be returned.

+ +

The returned URI is considered canonical and must be unique and permanent for the storage where the object (or collection of objects) resides. Each loader is responsible for ensuring that it only returns canonical URIs. However, it's possible that certain schemes allow an object (or collection thereof) to be reached with alternative URIs; just because one URI is canonical doesn't mean that other variants can't be used.

+ +

At the discretion of the loader that was used to get these names, an extra description may be attached as well.

+ +
+
OSSL_STORE_INFO_PARAMS
+
+ +

Key parameters.

+ +
+
OSSL_STORE_INFO_PKEY
+
+ +

A private/public key of some sort.

+ +
+
OSSL_STORE_INFO_CERT
+
+ +

An X.509 certificate.

+ +
+
OSSL_STORE_INFO_CRL
+
+ +

A X.509 certificate revocation list.

+ +
+
+ +

RETURN VALUES

+ +

OSSL_STORE_INFO_get_type() returns the STORE type number of the given OSSL_STORE_INFO. There is no error value.

+ +

OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all return a pointer to the OpenSSL object on success, NULL otherwise.

+ +

OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all return a pointer to a duplicate of the OpenSSL object on success, NULL otherwise.

+ +

OSSL_STORE_INFO_type_string() returns a string on success, or NULL on failure.

+ +

OSSL_STORE_INFO_new_NAME(), OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() return a OSSL_STORE_INFO pointer on success, or NULL on failure.

+ +

OSSL_STORE_INFO_set0_NAME_description() returns 1 on success, or 0 on failure.

+ +

SEE ALSO

+ +

ossl_store(7), OSSL_STORE_open(3), OSSL_STORE_register_loader(3)

+ +

HISTORY

+ +

OSSL_STORE_INFO(), OSSL_STORE_INFO_get_type(), OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), OSSL_STORE_INFO_get0_CRL(), OSSL_STORE_INFO_type_string(), OSSL_STORE_INFO_free(), OSSL_STORE_INFO_new_NAME(), OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OSSL_STORE_LOADER.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OSSL_STORE_LOADER.html new file mode 100644 index 00000000..ad4904c7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OSSL_STORE_LOADER.html @@ -0,0 +1,219 @@ + + + + +OSSL_STORE_LOADER + + + + + + + + + + +

NAME

+ +

OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme, OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_ctrl, OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find, OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof, OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close, OSSL_STORE_LOADER_free, OSSL_STORE_register_loader, OSSL_STORE_unregister_loader, OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, OSSL_STORE_expect_fn, OSSL_STORE_find_fn, OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, OSSL_STORE_close_fn - Types and functions to manipulate, register and unregister STORE loaders for different URI schemes

+ +

SYNOPSIS

+ +
#include <openssl/store.h>
+
+typedef struct ossl_store_loader_st OSSL_STORE_LOADER;
+
+OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme);
+const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER
+                                            *store_loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER
+                                          *store_loader);
+
+/* struct ossl_store_loader_ctx_st is defined differently by each loader */
+typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX;
+
+typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const char *uri,
+                                                     const UI_METHOD *ui_method,
+                                                     void *ui_data);
+int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader,
+                               OSSL_STORE_open_fn store_open_function);
+typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd,
+                                  va_list args);
+int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *store_loader,
+                               OSSL_STORE_ctrl_fn store_ctrl_function);
+typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected);
+int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
+                                 OSSL_STORE_expect_fn expect_function);
+typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx,
+                                  OSSL_STORE_SEARCH *criteria);
+int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_find_fn find_function);
+typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx,
+                                               UI_METHOD *ui_method,
+                                               void *ui_data);
+int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *store_loader,
+                               OSSL_STORE_load_fn store_load_function);
+typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx);
+int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *store_loader,
+                              OSSL_STORE_eof_fn store_eof_function);
+typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx);
+int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *store_loader,
+                                OSSL_STORE_error_fn store_error_function);
+typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx);
+int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *store_loader,
+                                OSSL_STORE_close_fn store_close_function);
+void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *store_loader);
+
+int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
+OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme);
+ +

DESCRIPTION

+ +

These functions help applications and engines to create loaders for schemes they support.

+ +

Types

+ +

OSSL_STORE_LOADER is the type to hold a loader. It contains a scheme and the functions needed to implement OSSL_STORE_open(), OSSL_STORE_load(), OSSL_STORE_eof(), OSSL_STORE_error() and OSSL_STORE_close() for this scheme.

+ +

OSSL_STORE_LOADER_CTX is a type template, to be defined by each loader using struct ossl_store_loader_ctx_st { ... }.

+ +

OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, OSSL_STORE_expect_fn, OSSL_STORE_find_fn, OSSL_STORE_load_fn, OSSL_STORE_eof_fn, and OSSL_STORE_close_fn are the function pointer types used within a STORE loader. The functions pointed at define the functionality of the given loader.

+ +
+ +
OSSL_STORE_open_fn
+
+ +

This function takes a URI and is expected to interpret it in the best manner possible according to the scheme the loader implements, it also takes a UI_METHOD and associated data, to be used any time something needs to be prompted for. Furthermore, this function is expected to initialize what needs to be initialized, to create a private data store (OSSL_STORE_LOADER_CTX, see above), and to return it. If something goes wrong, this function is expected to return NULL.

+ +
+
OSSL_STORE_ctrl_fn
+
+ +

This function takes a OSSL_STORE_LOADER_CTX pointer, a command number cmd and a va_list args and is used to manipulate loader specific parameters.

+ +

Loader specific command numbers must begin at OSSL_STORE_C_CUSTOM_START. Any number below that is reserved for future globally known command numbers.

+ +

This function is expected to return 1 on success, 0 on error.

+ +
+
OSSL_STORE_expect_fn
+
+ +

This function takes a OSSL_STORE_LOADER_CTX pointer and a OSSL_STORE_INFO identity expected, and is used to tell the loader what object type is expected. expected may be zero to signify that no specific object type is expected.

+ +

This function is expected to return 1 on success, 0 on error.

+ +
+
OSSL_STORE_find_fn
+
+ +

This function takes a OSSL_STORE_LOADER_CTX pointer and a OSSL_STORE_SEARCH search criterion, and is used to tell the loader what to search for.

+ +

When called with the loader context being NULL, this function is expected to return 1 if the loader supports the criterion, otherwise 0.

+ +

When called with the loader context being something other than NULL, this function is expected to return 1 on success, 0 on error.

+ +
+
OSSL_STORE_load_fn
+
+ +

This function takes a OSSL_STORE_LOADER_CTX pointer and a UI_METHOD with associated data. It's expected to load the next available data, mold it into a data structure that can be wrapped in a OSSL_STORE_INFO using one of the OSSL_STORE_INFO(3) functions. If no more data is available or an error occurs, this function is expected to return NULL. The OSSL_STORE_eof_fn and OSSL_STORE_error_fn functions must indicate if it was in fact the end of data or if an error occurred.

+ +

Note that this function retrieves one data item only.

+ +
+
OSSL_STORE_eof_fn
+
+ +

This function takes a OSSL_STORE_LOADER_CTX pointer and is expected to return 1 to indicate that the end of available data has been reached. It is otherwise expected to return 0.

+ +
+
OSSL_STORE_error_fn
+
+ +

This function takes a OSSL_STORE_LOADER_CTX pointer and is expected to return 1 to indicate that an error occurred in a previous call to the OSSL_STORE_load_fn function. It is otherwise expected to return 0.

+ +
+
OSSL_STORE_close_fn
+
+ +

This function takes a OSSL_STORE_LOADER_CTX pointer and is expected to close or shut down what needs to be closed, and finally free the contents of the OSSL_STORE_LOADER_CTX pointer. It returns 1 on success and 0 on error.

+ +
+
+ +

Functions

+ +

OSSL_STORE_LOADER_new() creates a new OSSL_STORE_LOADER. It takes an ENGINE e and a string scheme. scheme must always be set. Both e and scheme are used as is and must therefore be alive as long as the created loader is.

+ +

OSSL_STORE_LOADER_get0_engine() returns the engine of the store_loader. OSSL_STORE_LOADER_get0_scheme() returns the scheme of the store_loader.

+ +

OSSL_STORE_LOADER_set_open() sets the opener function for the store_loader.

+ +

OSSL_STORE_LOADER_set_ctrl() sets the control function for the store_loader.

+ +

OSSL_STORE_LOADER_set_expect() sets the expect function for the store_loader.

+ +

OSSL_STORE_LOADER_set_load() sets the loader function for the store_loader.

+ +

OSSL_STORE_LOADER_set_eof() sets the end of file checker function for the store_loader.

+ +

OSSL_STORE_LOADER_set_close() sets the closing function for the store_loader.

+ +

OSSL_STORE_LOADER_free() frees the given store_loader.

+ +

OSSL_STORE_register_loader() register the given store_loader and thereby makes it available for use with OSSL_STORE_open(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close().

+ +

OSSL_STORE_unregister_loader() unregister the store loader for the given scheme.

+ +

NOTES

+ +

The file: scheme has built in support.

+ +

RETURN VALUES

+ +

The functions with the types OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, OSSL_STORE_expect_fn, OSSL_STORE_load_fn, OSSL_STORE_eof_fn and OSSL_STORE_close_fn have the same return values as OSSL_STORE_open(), OSSL_STORE_ctrl(), OSSL_STORE_expect(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close(), respectively.

+ +

OSSL_STORE_LOADER_new() returns a pointer to a OSSL_STORE_LOADER on success, or NULL on failure.

+ +

OSSL_STORE_LOADER_set_open(), OSSL_STORE_LOADER_set_ctrl(), OSSL_STORE_LOADER_set_load(), OSSL_STORE_LOADER_set_eof() and OSSL_STORE_LOADER_set_close() return 1 on success, or 0 on failure.

+ +

OSSL_STORE_register_loader() returns 1 on success, or 0 on failure.

+ +

OSSL_STORE_unregister_loader() returns the unregistered loader on success, or NULL on failure.

+ +

SEE ALSO

+ +

ossl_store(7), OSSL_STORE_open(3)

+ +

HISTORY

+ +

OSSL_STORE_LOADER(), OSSL_STORE_LOADER_CTX(), OSSL_STORE_LOADER_new(), OSSL_STORE_LOADER_set0_scheme(), OSSL_STORE_LOADER_set_open(), OSSL_STORE_LOADER_set_ctrl(), OSSL_STORE_LOADER_set_load(), OSSL_STORE_LOADER_set_eof(), OSSL_STORE_LOADER_set_close(), OSSL_STORE_LOADER_free(), OSSL_STORE_register_loader(), OSSL_STORE_unregister_loader(), OSSL_STORE_open_fn(), OSSL_STORE_ctrl_fn(), OSSL_STORE_load_fn(), OSSL_STORE_eof_fn() and OSSL_STORE_close_fn() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OSSL_STORE_SEARCH.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OSSL_STORE_SEARCH.html new file mode 100644 index 00000000..078d308c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OSSL_STORE_SEARCH.html @@ -0,0 +1,151 @@ + + + + +OSSL_STORE_SEARCH + + + + + + + + + + +

NAME

+ +

OSSL_STORE_SEARCH, OSSL_STORE_SEARCH_by_name, OSSL_STORE_SEARCH_by_issuer_serial, OSSL_STORE_SEARCH_by_key_fingerprint, OSSL_STORE_SEARCH_by_alias, OSSL_STORE_SEARCH_free, OSSL_STORE_SEARCH_get_type, OSSL_STORE_SEARCH_get0_name, OSSL_STORE_SEARCH_get0_serial, OSSL_STORE_SEARCH_get0_bytes, OSSL_STORE_SEARCH_get0_string, OSSL_STORE_SEARCH_get0_digest - Type and functions to create OSSL_STORE search criteria

+ +

SYNOPSIS

+ +
#include <openssl/store.h>
+
+typedef struct ossl_store_search_st OSSL_STORE_SEARCH;
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
+                                                      const ASN1_INTEGER
+                                                      *serial);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
+                                                        const unsigned char
+                                                        *bytes, int len);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias);
+
+void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search);
+
+int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion);
+X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion);
+const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
+                                                  *criterion);
+const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
+                                                  *criterion, size_t *length);
+const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion);
+const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH
+                                            *criterion);
+ +

DESCRIPTION

+ +

These functions are used to specify search criteria to help search for specific objects through other names than just the URI that's given to OSSL_STORE_open(). For example, this can be useful for an application that has received a URI and then wants to add on search criteria in a uniform and supported manner.

+ +

Types

+ +

OSSL_STORE_SEARCH is an opaque type that holds the constructed search criterion, and that can be given to an OSSL_STORE context with OSSL_STORE_find().

+ +

The calling application owns the allocation of an OSSL_STORE_SEARCH at all times, and should therefore be careful not to deallocate it before OSSL_STORE_close() has been called for the OSSL_STORE context it was given to.

+ +

Application Functions

+ +

OSSL_STORE_SEARCH_by_name(), OSSL_STORE_SEARCH_by_issuer_serial(), OSSL_STORE_SEARCH_by_key_fingerprint(), and OSSL_STORE_SEARCH_by_alias() are used to create an OSSL_STORE_SEARCH from a subject name, an issuer name and serial number pair, a key fingerprint, and an alias (for example a friendly name). The parameters that are provided are not copied, only referred to in a criterion, so they must have at least the same life time as the created OSSL_STORE_SEARCH.

+ +

OSSL_STORE_SEARCH_free() is used to free the OSSL_STORE_SEARCH.

+ +

Loader Functions

+ +

OSSL_STORE_SEARCH_get_type() returns the criterion type for the given OSSL_STORE_SEARCH.

+ +

OSSL_STORE_SEARCH_get0_name(), OSSL_STORE_SEARCH_get0_serial(), OSSL_STORE_SEARCH_get0_bytes(), OSSL_STORE_SEARCH_get0_string(), and OSSL_STORE_SEARCH_get0_digest() are used to retrieve different data from a OSSL_STORE_SEARCH, as available for each type. For more information, see "SUPPORTED CRITERION TYPES" below.

+ +

SUPPORTED CRITERION TYPES

+ +

Currently supported criterion types are:

+ +
+ +
OSSL_STORE_SEARCH_BY_NAME
+
+ +

This criterion supports a search by exact match of subject name. The subject name itself is a X509_NAME pointer. A criterion of this type is created with OSSL_STORE_SEARCH_by_name(), and the actual subject name is retrieved with OSSL_STORE_SEARCH_get0_name().

+ +
+
OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
+
+ +

This criterion supports a search by exact match of both issuer name and serial number. The issuer name itself is a X509_NAME pointer, and the serial number is a ASN1_INTEGER pointer. A criterion of this type is created with OSSL_STORE_SEARCH_by_issuer_serial() and the actual issuer name and serial number are retrieved with OSSL_STORE_SEARCH_get0_name() and OSSL_STORE_SEARCH_get0_serial().

+ +
+
OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
+
+ +

This criterion supports a search by exact match of key fingerprint. The key fingerprint in itself is a string of bytes and its length, as well as the algorithm that was used to compute the fingerprint. The digest may be left unspecified (NULL), and in that case, the loader has to decide on a default digest and compare fingerprints accordingly. A criterion of this type is created with OSSL_STORE_SEARCH_by_key_fingerprint() and the actual fingerprint and its length can be retrieved with OSSL_STORE_SEARCH_get0_bytes(). The digest can be retrieved with OSSL_STORE_SEARCH_get0_digest().

+ +
+
OSSL_STORE_SEARCH_BY_ALIAS
+
+ +

This criterion supports a search by match of an alias of some kind. The alias in itself is a simple C string. A criterion of this type is created with OSSL_STORE_SEARCH_by_alias() and the actual alias is retrieved with OSSL_STORE_SEARCH_get0_string().

+ +
+
+ +

RETURN VALUES

+ +

OSSL_STORE_SEARCH_by_name(), OSSL_STORE_SEARCH_by_issuer_serial(), OSSL_STORE_SEARCH_by_key_fingerprint(), and OSSL_STORE_SEARCH_by_alias() return a OSSL_STORE_SEARCH pointer on success, or NULL on failure.

+ +

OSSL_STORE_SEARCH_get_type() returns the criterion type of the given OSSL_STORE_SEARCH. There is no error value.

+ +

OSSL_STORE_SEARCH_get0_name() returns a X509_NAME pointer on success, or NULL when the given OSSL_STORE_SEARCH was of a different type.

+ +

OSSL_STORE_SEARCH_get0_serial() returns a ASN1_INTEGER pointer on success, or NULL when the given OSSL_STORE_SEARCH was of a different type.

+ +

OSSL_STORE_SEARCH_get0_bytes() returns a const unsigned char pointer and sets *length to the strings length on success, or NULL when the given OSSL_STORE_SEARCH was of a different type.

+ +

OSSL_STORE_SEARCH_get0_string() returns a const char pointer on success, or NULL when the given OSSL_STORE_SEARCH was of a different type.

+ +

OSSL_STORE_SEARCH_get0_digest() returns a const EVP_MD pointer. NULL is a valid value and means that the store loader default will be used when applicable.

+ +

SEE ALSO

+ +

ossl_store(7), OSSL_STORE_supports_search(3), OSSL_STORE_find(3)

+ +

HISTORY

+ +

OSSL_STORE_SEARCH, OSSL_STORE_SEARCH_by_name(), OSSL_STORE_SEARCH_by_issuer_serial(), OSSL_STORE_SEARCH_by_key_fingerprint(), OSSL_STORE_SEARCH_by_alias(), OSSL_STORE_SEARCH_free(), OSSL_STORE_SEARCH_get_type(), OSSL_STORE_SEARCH_get0_name(), OSSL_STORE_SEARCH_get0_serial(), OSSL_STORE_SEARCH_get0_bytes(), and OSSL_STORE_SEARCH_get0_string() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OSSL_STORE_expect.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OSSL_STORE_expect.html new file mode 100644 index 00000000..e217af49 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OSSL_STORE_expect.html @@ -0,0 +1,82 @@ + + + + +OSSL_STORE_expect + + + + + + + + + + +

NAME

+ +

OSSL_STORE_expect, OSSL_STORE_supports_search, OSSL_STORE_find - Specify what object type is expected

+ +

SYNOPSIS

+ +
#include <openssl/store.h>
+
+int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type);
+
+int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int criterion_type);
+
+int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search);
+ +

DESCRIPTION

+ +

OSSL_STORE_expect() helps applications filter what OSSL_STORE_load() returns by specifying a OSSL_STORE_INFO type. For example, if file:/foo/bar/store.pem contains several different objects and only the certificates are interesting, the application can simply say that it expects the type OSSL_STORE_INFO_CERT. All known object types (see "SUPPORTED OBJECTS" in OSSL_STORE_INFO(3)) except for OSSL_STORE_INFO_NAME are supported.

+ +

OSSL_STORE_find() helps applications specify a criterion for a more fine grained search of objects.

+ +

OSSL_STORE_supports_search() checks if the loader of the given OSSL_STORE context supports the given search type. See "SUPPORTED CRITERION TYPES" in OSSL_STORE_SEARCH for information on the supported search criterion types.

+ +

OSSL_STORE_expect() and OSSL_STORE_find must be called before the first OSSL_STORE_load() of a given session, or they will fail.

+ +

NOTES

+ +

If a more elaborate filter is required by the application, a better choice would be to use a post-processing function. See OSSL_STORE_open(3) for more information.

+ +

However, some loaders may take advantage of the knowledge of an expected type to make object retrieval more efficient, so if a single type is expected, this method is usually preferable.

+ +

RETURN VALUES

+ +

OSSL_STORE_expect() returns 1 on success, or 0 on failure.

+ +

OSSL_STORE_supports_search() returns 1 if the criterion is supported, or 0 otherwise.

+ +

OSSL_STORE_find() returns 1 on success, or 0 on failure.

+ +

SEE ALSO

+ +

ossl_store(7), OSSL_STORE_INFO(3), OSSL_STORE_SEARCH(3), OSSL_STORE_load(3)

+ +

HISTORY

+ +

OSSL_STORE_expect(), OSSL_STORE_supports_search() and OSSL_STORE_find() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OSSL_STORE_open.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OSSL_STORE_open.html new file mode 100644 index 00000000..e6b96df3 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OSSL_STORE_open.html @@ -0,0 +1,133 @@ + + + + +OSSL_STORE_open + + + + + + + + + + +

NAME

+ +

OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, OSSL_STORE_error, OSSL_STORE_close - Types and functions to read objects from a URI

+ +

SYNOPSIS

+ +
#include <openssl/store.h>
+
+typedef struct ossl_store_ctx_st OSSL_STORE_CTX;
+
+typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *,
+                                                            void *);
+
+OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
+                                void *ui_data,
+                                OSSL_STORE_post_process_info_fn post_process,
+                                void *post_process_data);
+int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */);
+OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
+int OSSL_STORE_eof(OSSL_STORE_CTX *ctx);
+int OSSL_STORE_error(OSSL_STORE_CTX *ctx);
+int OSSL_STORE_close(OSSL_STORE_CTX *ctx);
+ +

DESCRIPTION

+ +

These functions help the application to fetch supported objects (see "SUPPORTED OBJECTS" in OSSL_STORE_INFO(3) for information on which those are) from a given URI (see "SUPPORTED SCHEMES" for more information on the supported URI schemes). The general method to do so is to "open" the URI using OSSL_STORE_open(), read each available and supported object using OSSL_STORE_load() as long as OSSL_STORE_eof() hasn't been reached, and finish it off with OSSL_STORE_close().

+ +

The retrieved information is stored in a OSSL_STORE_INFO, which is further described in OSSL_STORE_INFO(3).

+ +

Types

+ +

OSSL_STORE_CTX is a context variable that holds all the internal information for OSSL_STORE_open(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() to work together.

+ +

Functions

+ +

OSSL_STORE_open() takes a uri or path uri, password UI method ui_method with associated data ui_data, and post processing callback post_process with associated data post_process_data, opens a channel to the data located at that URI and returns a OSSL_STORE_CTX with all necessary internal information. The given ui_method and ui_data_data will be reused by all functions that use OSSL_STORE_CTX when interaction is needed. The given post_process and post_process_data will be reused by OSSL_STORE_load() to manipulate or drop the value to be returned. The post_process function drops values by returning NULL, which will cause OSSL_STORE_load() to start its process over with loading the next object, until post_process returns something other than NULL, or the end of data is reached as indicated by OSSL_STORE_eof().

+ +

OSSL_STORE_ctrl() takes a OSSL_STORE_CTX, and command number cmd and more arguments not specified here. The available loader specific command numbers and arguments they each take depends on the loader that's used and is documented together with that loader.

+ +

There are also global controls available:

+ +
+ +
OSSL_STORE_C_USE_SECMEM
+
+ +

Controls if the loader should attempt to use secure memory for any allocated OSSL_STORE_INFO and its contents. This control expects one argument, a pointer to an int that is expected to have the value 1 (yes) or 0 (no). Any other value is an error.

+ +
+
+ +

OSSL_STORE_load() takes a OSSL_STORE_CTX, tries to load the next available object and return it wrapped with OSSL_STORE_INFO.

+ +

OSSL_STORE_eof() takes a OSSL_STORE_CTX and checks if we've reached the end of data.

+ +

OSSL_STORE_error() takes a OSSL_STORE_CTX and checks if an error occurred in the last OSSL_STORE_load() call. Note that it may still be meaningful to try and load more objects, unless OSSL_STORE_eof() shows that the end of data has been reached.

+ +

OSSL_STORE_close() takes a OSSL_STORE_CTX, closes the channel that was opened by OSSL_STORE_open() and frees all other information that was stored in the OSSL_STORE_CTX, as well as the OSSL_STORE_CTX itself.

+ +

SUPPORTED SCHEMES

+ +

The basic supported scheme is file:. Any other scheme can be added dynamically, using OSSL_STORE_register_loader().

+ +

NOTES

+ +

A string without a scheme prefix (that is, a non-URI string) is implicitly interpreted as using the file: scheme.

+ +

There are some tools that can be used together with OSSL_STORE_open() to determine if any failure is caused by an unparsable URI, or if it's a different error (such as memory allocation failures); if the URI was parsable but the scheme unregistered, the top error will have the reason OSSL_STORE_R_UNREGISTERED_SCHEME.

+ +

These functions make no direct assumption regarding the pass phrase received from the password callback. The loaders may make assumptions, however. For example, the file: scheme loader inherits the assumptions made by OpenSSL functionality that handles the different file types; this is mostly relevant for PKCS#12 objects. See passphrase-encoding(7) for further information.

+ +

RETURN VALUES

+ +

OSSL_STORE_open() returns a pointer to a OSSL_STORE_CTX on success, or NULL on failure.

+ +

OSSL_STORE_load() returns a pointer to a OSSL_STORE_INFO on success, or NULL on error or when end of data is reached. Use OSSL_STORE_error() and OSSL_STORE_eof() to determine the meaning of a returned NULL.

+ +

OSSL_STORE_eof() returns 1 if the end of data has been reached, otherwise 0.

+ +

OSSL_STORE_error() returns 1 if an error occurred in an OSSL_STORE_load() call, otherwise 0.

+ +

OSSL_STORE_ctrl() and OSSL_STORE_close() returns 1 on success, or 0 on failure.

+ +

SEE ALSO

+ +

ossl_store(7), OSSL_STORE_INFO(3), OSSL_STORE_register_loader(3), passphrase-encoding(7)

+ +

HISTORY

+ +

OSSL_STORE_CTX(), OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(), OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/OpenSSL_add_all_algorithms.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/OpenSSL_add_all_algorithms.html new file mode 100644 index 00000000..44496b20 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/OpenSSL_add_all_algorithms.html @@ -0,0 +1,77 @@ + + + + +OpenSSL_add_all_algorithms + + + + + + + + + + +

NAME

+ +

OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup - add algorithms to internal table

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+ +

Deprecated:

+ +
 # if OPENSSL_API_COMPAT < 0x10100000L
+ void OpenSSL_add_all_algorithms(void);
+ void OpenSSL_add_all_ciphers(void);
+ void OpenSSL_add_all_digests(void);
+
+ void EVP_cleanup(void)
+# endif
+ +

DESCRIPTION

+ +

OpenSSL keeps an internal table of digest algorithms and ciphers. It uses this table to lookup ciphers via functions such as EVP_get_cipher_byname().

+ +

OpenSSL_add_all_digests() adds all digest algorithms to the table.

+ +

OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and ciphers).

+ +

OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including password based encryption algorithms.

+ +

In versions prior to 1.1.0 EVP_cleanup() removed all ciphers and digests from the table. It no longer has any effect in OpenSSL 1.1.0.

+ +

RETURN VALUES

+ +

None of the functions return a value.

+ +

SEE ALSO

+ +

evp(7), EVP_DigestInit(3), EVP_EncryptInit(3)

+ +

HISTORY

+ +

The OpenSSL_add_all_algorithms(), OpenSSL_add_all_ciphers(), OpenSSL_add_all_digests(), and EVP_cleanup(), functions were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto() and should not be used.

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_bytes_read_bio.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_bytes_read_bio.html new file mode 100644 index 00000000..08027082 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_bytes_read_bio.html @@ -0,0 +1,81 @@ + + + + +PEM_bytes_read_bio + + + + + + + + + + +

NAME

+ +

PEM_bytes_read_bio, PEM_bytes_read_bio_secmem - read a PEM-encoded data structure from a BIO

+ +

SYNOPSIS

+ +
#include <openssl/pem.h>
+
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+                       const char *name, BIO *bp, pem_password_cb *cb,
+                       void *u);
+int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
+                              const char *name, BIO *bp, pem_password_cb *cb,
+                              void *u);
+ +

DESCRIPTION

+ +

PEM_bytes_read_bio() reads PEM-formatted (IETF RFC 1421 and IETF RFC 7468) data from the BIO bp for the data type given in name (RSA PRIVATE KEY, CERTIFICATE, etc.). If multiple PEM-encoded data structures are present in the same stream, PEM_bytes_read_bio() will skip non-matching data types and continue reading. Non-PEM data present in the stream may cause an error.

+ +

The PEM header may indicate that the following data is encrypted; if so, the data will be decrypted, waiting on user input to supply a passphrase if needed. The password callback cb and rock u are used to obtain the decryption passphrase, if applicable.

+ +

Some data types have compatibility aliases, such as a file containing X509 CERTIFICATE matching a request for the deprecated type CERTIFICATE. The actual type indicated by the file is returned in *pnm if pnm is non-NULL. The caller must free the storage pointed to by *pnm.

+ +

The returned data is the DER-encoded form of the requested type, in *pdata with length *plen. The caller must free the storage pointed to by *pdata.

+ +

PEM_bytes_read_bio_secmem() is similar to PEM_bytes_read_bio(), but uses memory from the secure heap for its temporary buffers and the storage returned in *pdata and *pnm. Accordingly, the caller must use OPENSSL_secure_free() to free that storage.

+ +

NOTES

+ +

PEM_bytes_read_bio_secmem() only enforces that the secure heap is used for storage allocated within the PEM processing stack. The BIO stack from which input is read may also use temporary buffers, which are not necessarily allocated from the secure heap. In cases where it is desirable to ensure that the contents of the PEM file only appears in memory from the secure heap, care is needed in generating the BIO passed as bp. In particular, the use of BIO_s_file() indicates the use of the operating system stdio functionality, which includes buffering as a feature; BIO_s_fd() is likely to be more appropriate in such cases.

+ +

These functions make no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence.

+ +

RETURN VALUES

+ +

PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

PEM_read_bio_ex(3), passphrase-encoding(7)

+ +

HISTORY

+ +

PEM_bytes_read_bio_secmem() was introduced in OpenSSL 1.1.1

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_read.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_read.html new file mode 100644 index 00000000..2f59013a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_read.html @@ -0,0 +1,98 @@ + + + + +PEM_read + + + + + + + + + + +

NAME

+ +

PEM_write, PEM_write_bio, PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO - PEM encoding routines

+ +

SYNOPSIS

+ +
#include <openssl/pem.h>
+
+int PEM_write(FILE *fp, const char *name, const char *header,
+              const unsigned char *data, long len)
+int PEM_write_bio(BIO *bp, const char *name, const char *header,
+                  const unsigned char *data, long len)
+
+int PEM_read(FILE *fp, char **name, char **header,
+             unsigned char **data, long *len);
+int PEM_read_bio(BIO *bp, char **name, char **header,
+                 unsigned char **data, long *len);
+
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo);
+int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len,
+                  pem_password_cb *cb, void *u);
+ +

DESCRIPTION

+ +

These functions read and write PEM-encoded objects, using the PEM type name, any additional header information, and the raw data of length len.

+ +

PEM is the term used for binary content encoding first defined in IETF RFC 1421. The content is a series of base64-encoded lines, surrounded by begin/end markers each on their own line. For example:

+ +
-----BEGIN PRIVATE KEY-----
+MIICdg....
+... bhTQ==
+-----END PRIVATE KEY-----
+ +

Optional header line(s) may appear after the begin line, and their existence depends on the type of object being written or read.

+ +

PEM_write() writes to the file fp, while PEM_write_bio() writes to the BIO bp. The name is the name to use in the marker, the header is the header value or NULL, and data and len specify the data and its length.

+ +

The final data buffer is typically an ASN.1 object which can be decoded with the d2i function appropriate to the type name; see d2i_X509(3) for examples.

+ +

PEM_read() reads from the file fp, while PEM_read_bio() reads from the BIO bp. Both skip any non-PEM data that precedes the start of the next PEM object. When an object is successfully retrieved, the type name from the "----BEGIN <type>-----" is returned via the name argument, any encapsulation headers are returned in header and the base64-decoded content and its length are returned via data and len respectively. The name, header and data pointers are allocated via OPENSSL_malloc() and should be freed by the caller via OPENSSL_free() when no longer needed.

+ +

PEM_get_EVP_CIPHER_INFO() can be used to determine the data returned by PEM_read() or PEM_read_bio() is encrypted and to retrieve the associated cipher and IV. The caller passes a pointer to structure of type EVP_CIPHER_INFO via the cinfo argument and the header returned via PEM_read() or PEM_read_bio(). If the call is successful 1 is returned and the cipher and IV are stored at the address pointed to by cinfo. When the header is malformed, or not supported or when the cipher is unknown or some internal error happens 0 is returned. This function is deprecated, see NOTES below.

+ +

PEM_do_header() can then be used to decrypt the data if the header indicates encryption. The cinfo argument is a pointer to the structure initialized by the previous call to PEM_get_EVP_CIPHER_INFO(). The data and len arguments are those returned by the previous call to PEM_read() or PEM_read_bio(). The cb and u arguments make it possible to override the default password prompt function as described in PEM_read_PrivateKey(3). On successful completion the data is decrypted in place, and len is updated to indicate the plaintext length. This function is deprecated, see NOTES below.

+ +

If the data is a priori known to not be encrypted, then neither PEM_do_header() nor PEM_get_EVP_CIPHER_INFO() need be called.

+ +

RETURN VALUES

+ +

PEM_read() and PEM_read_bio() return 1 on success and 0 on failure, the latter includes the case when no more PEM objects remain in the input file. To distinguish end of file from more serious errors the caller must peek at the error stack and check for PEM_R_NO_START_LINE, which indicates that no more PEM objects were found. See ERR_peek_last_error(3), ERR_GET_REASON(3).

+ +

PEM_get_EVP_CIPHER_INFO() and PEM_do_header() return 1 on success, and 0 on failure. The data is likely meaningless if these functions fail.

+ +

NOTES

+ +

The PEM_get_EVP_CIPHER_INFO() and PEM_do_header() functions are deprecated. This is because the underlying PEM encryption format is obsolete, and should be avoided. It uses an encryption format with an OpenSSL-specific key-derivation function, which employs MD5 with an iteration count of 1! Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 v2.0 PBE. See PEM_write_PrivateKey(3) and d2i_PKCS8PrivateKey_bio(3).

+ +

PEM_do_header() makes no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence.

+ +

SEE ALSO

+ +

ERR_peek_last_error(3), ERR_GET_LIB(3), d2i_PKCS8PrivateKey_bio(3), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_read_CMS.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_read_CMS.html new file mode 100644 index 00000000..c850692f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_read_CMS.html @@ -0,0 +1,78 @@ + + + + +PEM_read_CMS + + + + + + + + + + +

NAME

+ +

DECLARE_PEM_rw, PEM_read_CMS, PEM_read_bio_CMS, PEM_write_CMS, PEM_write_bio_CMS, PEM_write_DHxparams, PEM_write_bio_DHxparams, PEM_read_ECPKParameters, PEM_read_bio_ECPKParameters, PEM_write_ECPKParameters, PEM_write_bio_ECPKParameters, PEM_read_ECPrivateKey, PEM_write_ECPrivateKey, PEM_write_bio_ECPrivateKey, PEM_read_EC_PUBKEY, PEM_read_bio_EC_PUBKEY, PEM_write_EC_PUBKEY, PEM_write_bio_EC_PUBKEY, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_PKCS8, PEM_read_bio_PKCS8, PEM_write_PKCS8, PEM_write_bio_PKCS8, PEM_write_PKCS8_PRIV_KEY_INFO, PEM_read_bio_PKCS8_PRIV_KEY_INFO, PEM_read_PKCS8_PRIV_KEY_INFO, PEM_write_bio_PKCS8_PRIV_KEY_INFO, PEM_read_SSL_SESSION, PEM_read_bio_SSL_SESSION, PEM_write_SSL_SESSION, PEM_write_bio_SSL_SESSION - PEM object encoding routines

+ +

SYNOPSIS

+ +
#include <openssl/pem.h>
+
+DECLARE_PEM_rw(name, TYPE)
+
+TYPE *PEM_read_TYPE(FILE *fp, TYPE **a, pem_password_cb *cb, void *u);
+TYPE *PEM_read_bio_TYPE(BIO *bp, TYPE **a, pem_password_cb *cb, void *u);
+int PEM_write_TYPE(FILE *fp, const TYPE *a);
+int PEM_write_bio_TYPE(BIO *bp, const TYPE *a);
+ +

DESCRIPTION

+ +

In the description below, TYPE is used as a placeholder for any of the OpenSSL datatypes, such as X509. The macro DECLARE_PEM_rw expands to the set of declarations shown in the next four lines of the synopsis.

+ +

These routines convert between local instances of ASN1 datatypes and the PEM encoding. For more information on the templates, see ASN1_ITEM(3). For more information on the lower-level routines used by the functions here, see PEM_read(3).

+ +

PEM_read_TYPE() reads a PEM-encoded object of TYPE from the file fp and returns it. The cb and u parameters are as described in pem_password_cb(3).

+ +

PEM_read_bio_TYPE() is similar to PEM_read_TYPE() but reads from the BIO bp.

+ +

PEM_write_TYPE() writes the PEM encoding of the object a to the file fp.

+ +

PEM_write_bio_TYPE() similarly writes to the BIO bp.

+ +

NOTES

+ +

These functions make no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence.

+ +

RETURN VALUES

+ +

PEM_read_TYPE() and PEM_read_bio_TYPE() return a pointer to an allocated object, which should be released by calling TYPE_free(), or NULL on error.

+ +

PEM_write_TYPE() and PEM_write_bio_TYPE() return the number of bytes written or zero on error.

+ +

SEE ALSO

+ +

PEM_read(3), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_read_bio_PrivateKey.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_read_bio_PrivateKey.html new file mode 100644 index 00000000..dd68d34b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_read_bio_PrivateKey.html @@ -0,0 +1,381 @@ + + + + +PEM_read_bio_PrivateKey + + + + + + + + + + +

NAME

+ +

pem_password_cb, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines

+ +

SYNOPSIS

+ +
#include <openssl/pem.h>
+
+typedef int pem_password_cb(char *buf, int size, int rwflag, void *u);
+
+EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
+                                  pem_password_cb *cb, void *u);
+EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
+                              pem_password_cb *cb, void *u);
+int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                             unsigned char *kstr, int klen,
+                             pem_password_cb *cb, void *u);
+int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+                                         const EVP_CIPHER *enc,
+                                         unsigned char *kstr, int klen,
+                                         pem_password_cb *cb, void *u);
+int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                         unsigned char *kstr, int klen,
+                         pem_password_cb *cb, void *u);
+
+int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                              char *kstr, int klen,
+                              pem_password_cb *cb, void *u);
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+                                      char *kstr, int klen,
+                                      pem_password_cb *cb, void *u);
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+
+EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
+                              pem_password_cb *cb, void *u);
+EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
+                          pem_password_cb *cb, void *u);
+int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
+int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
+
+RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
+                                pem_password_cb *cb, void *u);
+RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
+                            pem_password_cb *cb, void *u);
+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                unsigned char *kstr, int klen,
+                                pem_password_cb *cb, void *u);
+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                            unsigned char *kstr, int klen,
+                            pem_password_cb *cb, void *u);
+
+RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
+                               pem_password_cb *cb, void *u);
+RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
+                           pem_password_cb *cb, void *u);
+int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
+int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
+
+RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
+                             pem_password_cb *cb, void *u);
+RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
+                         pem_password_cb *cb, void *u);
+int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
+int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
+
+DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
+                                pem_password_cb *cb, void *u);
+DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
+                            pem_password_cb *cb, void *u);
+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+                                unsigned char *kstr, int klen,
+                                pem_password_cb *cb, void *u);
+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+                            unsigned char *kstr, int klen,
+                            pem_password_cb *cb, void *u);
+
+DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
+                             pem_password_cb *cb, void *u);
+DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
+                         pem_password_cb *cb, void *u);
+int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
+int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
+
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
+int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x);
+
+DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
+DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
+int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
+int PEM_write_DSAparams(FILE *fp, DSA *x);
+
+DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
+DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
+int PEM_write_bio_DHparams(BIO *bp, DH *x);
+int PEM_write_DHparams(FILE *fp, DH *x);
+
+X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+int PEM_write_bio_X509(BIO *bp, X509 *x);
+int PEM_write_X509(FILE *fp, X509 *x);
+
+X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
+int PEM_write_X509_AUX(FILE *fp, X509 *x);
+
+X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
+                                pem_password_cb *cb, void *u);
+X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
+                            pem_password_cb *cb, void *u);
+int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
+int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
+int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
+int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
+
+X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
+                                pem_password_cb *cb, void *u);
+X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
+                            pem_password_cb *cb, void *u);
+int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
+int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
+
+PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
+PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
+int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
+int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
+ +

DESCRIPTION

+ +

The PEM functions read or write structures in PEM format. In this sense PEM format is simply base64 encoded data surrounded by header lines.

+ +

For more details about the meaning of arguments see the PEM FUNCTION ARGUMENTS section.

+ +

Each operation has four functions associated with it. For brevity the term "TYPE functions" will be used below to collectively refer to the PEM_read_bio_TYPE(), PEM_read_TYPE(), PEM_write_bio_TYPE(), and PEM_write_TYPE() functions.

+ +

The PrivateKey functions read or write a private key in PEM format using an EVP_PKEY structure. The write routines use PKCS#8 private key format and are equivalent to PEM_write_bio_PKCS8PrivateKey().The read functions transparently handle traditional and PKCS#8 format encrypted and unencrypted keys.

+ +

PEM_write_bio_PrivateKey_traditional() writes out a private key in the "traditional" format with a simple private key marker and should only be used for compatibility with legacy programs.

+ +

PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a private key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption algorithms. The cipher argument specifies the encryption algorithm to use: unlike some other PEM routines the encryption is applied at the PKCS#8 level and not in the PEM headers. If cipher is NULL then no encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.

+ +

PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid() also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm to use is specified in the nid parameter and should be the NID of the corresponding OBJECT IDENTIFIER (see NOTES section).

+ +

The PUBKEY functions process a public key using an EVP_PKEY structure. The public key is encoded as a SubjectPublicKeyInfo structure.

+ +

The RSAPrivateKey functions process an RSA private key using an RSA structure. The write routines uses traditional format. The read routines handles the same formats as the PrivateKey functions but an error occurs if the private key is not RSA.

+ +

The RSAPublicKey functions process an RSA public key using an RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey structure.

+ +

The RSA_PUBKEY functions also process an RSA public key using an RSA structure. However the public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public key is not RSA.

+ +

The DSAPrivateKey functions process a DSA private key using a DSA structure. The write routines uses traditional format. The read routines handles the same formats as the PrivateKey functions but an error occurs if the private key is not DSA.

+ +

The DSA_PUBKEY functions process a DSA public key using a DSA structure. The public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public key is not DSA.

+ +

The Parameters functions read or write key parameters in PEM format using an EVP_PKEY structure. The encoding depends on the type of key; for DSA key parameters, it will be a Dss-Parms structure as defined in RFC2459, and for DH key parameters, it will be a PKCS#3 DHparameter structure. These functions only exist for the BIO type.

+ +

The DSAparams functions process DSA parameters using a DSA structure. The parameters are encoded using a Dss-Parms structure as defined in RFC2459.

+ +

The DHparams functions process DH parameters using a DH structure. The parameters are encoded using a PKCS#3 DHparameter structure.

+ +

The X509 functions process an X509 certificate using an X509 structure. They will also process a trusted X509 certificate but any trust settings are discarded.

+ +

The X509_AUX functions process a trusted X509 certificate using an X509 structure.

+ +

The X509_REQ and X509_REQ_NEW functions process a PKCS#10 certificate request using an X509_REQ structure. The X509_REQ write functions use CERTIFICATE REQUEST in the header whereas the X509_REQ_NEW functions use NEW CERTIFICATE REQUEST (as required by some CAs). The X509_REQ read functions will handle either form so there are no X509_REQ_NEW read functions.

+ +

The X509_CRL functions process an X509 CRL using an X509_CRL structure.

+ +

The PKCS7 functions process a PKCS#7 ContentInfo using a PKCS7 structure.

+ +

PEM FUNCTION ARGUMENTS

+ +

The PEM functions have many common arguments.

+ +

The bp BIO parameter (if present) specifies the BIO to read from or write to.

+ +

The fp FILE parameter (if present) specifies the FILE pointer to read from or write to.

+ +

The PEM read functions all take an argument TYPE **x and return a TYPE * pointer. Where TYPE is whatever structure the function uses. If x is NULL then the parameter is ignored. If x is not NULL but *x is NULL then the structure returned will be written to *x. If neither x nor *x is NULL then an attempt is made to reuse the structure at *x (but see BUGS and EXAMPLES sections). Irrespective of the value of x a pointer to the structure is always returned (or NULL if an error occurred).

+ +

The PEM functions which write private keys take an enc parameter which specifies the encryption algorithm to use, encryption is done at the PEM level. If this parameter is set to NULL then the private key is written in unencrypted form.

+ +

The cb argument is the callback to use when querying for the pass phrase used for encrypted PEM structures (normally only private keys).

+ +

For the PEM write routines if the kstr parameter is not NULL then klen bytes at kstr are used as the passphrase and cb is ignored.

+ +

If the cb parameters is set to NULL and the u parameter is not NULL then the u parameter is interpreted as a null terminated string to use as the passphrase. If both cb and u are NULL then the default callback routine is used which will typically prompt for the passphrase on the current terminal with echoing turned off.

+ +

The default passphrase callback is sometimes inappropriate (for example in a GUI application) so an alternative can be supplied. The callback routine has the following form:

+ +
int cb(char *buf, int size, int rwflag, void *u);
+ +

buf is the buffer to write the passphrase to. size is the maximum length of the passphrase (i.e. the size of buf). rwflag is a flag which is set to 0 when reading and 1 when writing. A typical routine will ask the user to verify the passphrase (for example by prompting for it twice) if rwflag is 1. The u parameter has the same value as the u parameter passed to the PEM routine. It allows arbitrary data to be passed to the callback by the application (for example a window handle in a GUI application). The callback must return the number of characters in the passphrase or -1 if an error occurred.

+ +

NOTES

+ +

The old PrivateKey write routines are retained for compatibility. New applications should write private keys using the PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines because they are more secure (they use an iteration count of 2048 whereas the traditional routines use a count of 1) unless compatibility with older versions of OpenSSL is important.

+ +

The PrivateKey read routines can be used in all applications because they handle all formats transparently.

+ +

A frequent cause of problems is attempting to use the PEM routines like this:

+ +
X509 *x;
+
+PEM_read_bio_X509(bp, &x, 0, NULL);
+ +

this is a bug because an attempt will be made to reuse the data at x which is an uninitialised pointer.

+ +

These functions make no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence.

+ +

PEM ENCRYPTION FORMAT

+ +

These old PrivateKey routines use a non standard technique for encryption.

+ +

The private key (or other data) takes the following form:

+ +
-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
+
+...base64 encoded data...
+-----END RSA PRIVATE KEY-----
+ +

The line beginning with Proc-Type contains the version and the protection on the encapsulated data. The line beginning DEK-Info contains two comma separated values: the encryption algorithm name as used by EVP_get_cipherbyname() and an initialization vector used by the cipher encoded as a set of hexadecimal digits. After those two lines is the base64-encoded encrypted data.

+ +

The encryption key is derived using EVP_BytesToKey(). The cipher's initialization vector is passed to EVP_BytesToKey() as the salt parameter. Internally, PKCS5_SALT_LEN bytes of the salt are used (regardless of the size of the initialization vector). The user's password is passed to EVP_BytesToKey() using the data and datal parameters. Finally, the library uses an iteration count of 1 for EVP_BytesToKey().

+ +

The key derived by EVP_BytesToKey() along with the original initialization vector is then used to decrypt the encrypted data. The iv produced by EVP_BytesToKey() is not utilized or needed, and NULL should be passed to the function.

+ +

The pseudo code to derive the key would look similar to:

+ +
EVP_CIPHER* cipher = EVP_des_ede3_cbc();
+EVP_MD* md = EVP_md5();
+
+unsigned int nkey = EVP_CIPHER_key_length(cipher);
+unsigned int niv = EVP_CIPHER_iv_length(cipher);
+unsigned char key[nkey];
+unsigned char iv[niv];
+
+memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv);
+rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/);
+if (rc != nkey)
+    /* Error */
+
+/* On success, use key and iv to initialize the cipher */
+ +

BUGS

+ +

The PEM read routines in some versions of OpenSSL will not correctly reuse an existing structure. Therefore the following:

+ +
PEM_read_bio_X509(bp, &x, 0, NULL);
+ +

where x already contains a valid certificate, may not work, whereas:

+ +
X509_free(x);
+x = PEM_read_bio_X509(bp, NULL, 0, NULL);
+ +

is guaranteed to work.

+ +

RETURN VALUES

+ +

The read routines return either a pointer to the structure read or NULL if an error occurred.

+ +

The write routines return 1 for success or 0 for failure.

+ +

EXAMPLES

+ +

Although the PEM routines take several arguments in almost all applications most of them are set to 0 or NULL.

+ +

Read a certificate in PEM format from a BIO:

+ +
X509 *x;
+
+x = PEM_read_bio_X509(bp, NULL, 0, NULL);
+if (x == NULL)
+    /* Error */
+ +

Alternative method:

+ +
X509 *x = NULL;
+
+if (!PEM_read_bio_X509(bp, &x, 0, NULL))
+    /* Error */
+ +

Write a certificate to a BIO:

+ +
if (!PEM_write_bio_X509(bp, x))
+    /* Error */
+ +

Write a private key (using traditional format) to a BIO using triple DES encryption, the pass phrase is prompted for:

+ +
if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
+    /* Error */
+ +

Write a private key (using PKCS#8 format) to a BIO using triple DES encryption, using the pass phrase "hello":

+ +
if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
+                                   NULL, 0, 0, "hello"))
+    /* Error */
+ +

Read a private key from a BIO using a pass phrase callback:

+ +
key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
+if (key == NULL)
+    /* Error */
+ +

Skeleton pass phrase callback:

+ +
int pass_cb(char *buf, int size, int rwflag, void *u)
+{
+
+    /* We'd probably do something else if 'rwflag' is 1 */
+    printf("Enter pass phrase for \"%s\"\n", (char *)u);
+
+    /* get pass phrase, length 'len' into 'tmp' */
+    char *tmp = "hello";
+    if (tmp == NULL) /* An error occurred */
+        return -1;
+
+    size_t len = strlen(tmp);
+
+    if (len > size)
+        len = size;
+    memcpy(buf, tmp, len);
+    return len;
+}
+ +

SEE ALSO

+ +

EVP_EncryptInit(3), EVP_BytesToKey(3), passphrase-encoding(7)

+ +

HISTORY

+ +

The old Netscape certificate sequences were no longer documented in OpenSSL 1.1.0; applications should use the PKCS7 standard instead as they will be formally deprecated in a future releases.

+ +

COPYRIGHT

+ +

Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_read_bio_ex.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_read_bio_ex.html new file mode 100644 index 00000000..0a48ad99 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_read_bio_ex.html @@ -0,0 +1,80 @@ + + + + +PEM_read_bio_ex + + + + + + + + + + +

NAME

+ +

PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, PEM_FLAG_ONLY_B64 - read PEM format files with custom processing

+ +

SYNOPSIS

+ +
#include <openssl/pem.h>
+
+#define PEM_FLAG_SECURE             0x1
+#define PEM_FLAG_EAY_COMPATIBLE     0x2
+#define PEM_FLAG_ONLY_B64           0x4
+int PEM_read_bio_ex(BIO *in, char **name, char **header,
+                    unsigned char **data, long *len, unsigned int flags);
+ +

DESCRIPTION

+ +

PEM_read_bio_ex() reads in PEM formatted data from an input BIO, outputting the name of the type of contained data, the header information regarding the possibly encrypted data, and the binary data payload (after base64 decoding). It should generally only be used to implement PEM_read_bio_-family functions for specific data types or other usage, but is exposed to allow greater flexibility over how processing is performed, if needed.

+ +

If PEM_FLAG_SECURE is set, the intermediate buffers used to read in lines of input are allocated from the secure heap.

+ +

If PEM_FLAG_EAY_COMPATIBLE is set, a simple algorithm is used to remove whitespace and control characters from the end of each line, so as to be compatible with the historical behavior of PEM_read_bio().

+ +

If PEM_FLAG_ONLY_B64 is set, all characters are required to be valid base64 characters (or newlines); non-base64 characters are treated as end of input.

+ +

If neither PEM_FLAG_EAY_COMPATIBLE or PEM_FLAG_ONLY_B64 is set, control characters are ignored.

+ +

If both PEM_FLAG_EAY_COMPATIBLE and PEM_FLAG_ONLY_B64 are set, an error is returned; these options are not compatible with each other.

+ +

NOTES

+ +

The caller must release the storage allocated for *name, *header, and *data. If PEM_FLAG_SECURE was set, use OPENSSL_secure_free(); otherwise, OPENSSL_free() is used.

+ +

RETURN VALUES

+ +

PEM_read_bio_ex() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

PEM_bytes_read_bio(3)

+ +

HISTORY

+ +

The PEM_read_bio_ex() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_write_bio_CMS_stream.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_write_bio_CMS_stream.html new file mode 100644 index 00000000..37ff67df --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_write_bio_CMS_stream.html @@ -0,0 +1,68 @@ + + + + +PEM_write_bio_CMS_stream + + + + + + + + + + +

NAME

+ +

PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+ +

DESCRIPTION

+ +

PEM_write_bio_CMS_stream() outputs a CMS_ContentInfo structure in PEM format.

+ +

It is otherwise identical to the function SMIME_write_CMS().

+ +

NOTES

+ +

This function is effectively a version of the PEM_write_bio_CMS() supporting streaming.

+ +

RETURN VALUES

+ +

PEM_write_bio_CMS_stream() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_verify(3), CMS_encrypt(3) CMS_decrypt(3), PEM_write(3), SMIME_write_CMS(3), i2d_CMS_bio_stream(3)

+ +

HISTORY

+ +

The PEM_write_bio_CMS_stream() function was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_write_bio_PKCS7_stream.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_write_bio_PKCS7_stream.html new file mode 100644 index 00000000..f99bcf93 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PEM_write_bio_PKCS7_stream.html @@ -0,0 +1,68 @@ + + + + +PEM_write_bio_PKCS7_stream + + + + + + + + + + +

NAME

+ +

PEM_write_bio_PKCS7_stream - output PKCS7 structure in PEM format

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
+ +

DESCRIPTION

+ +

PEM_write_bio_PKCS7_stream() outputs a PKCS7 structure in PEM format.

+ +

It is otherwise identical to the function SMIME_write_PKCS7().

+ +

NOTES

+ +

This function is effectively a version of the PEM_write_bio_PKCS7() supporting streaming.

+ +

RETURN VALUES

+ +

PEM_write_bio_PKCS7_stream() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_sign(3), PKCS7_verify(3), PKCS7_encrypt(3) PKCS7_decrypt(3), SMIME_write_PKCS7(3), i2d_PKCS7_bio_stream(3)

+ +

HISTORY

+ +

The PEM_write_bio_PKCS7_stream() function was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS12_create.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS12_create.html new file mode 100644 index 00000000..05762365 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS12_create.html @@ -0,0 +1,83 @@ + + + + +PKCS12_create + + + + + + + + + + +

NAME

+ +

PKCS12_create - create a PKCS#12 structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs12.h>
+
+PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
+                      X509 *cert, STACK_OF(X509) *ca,
+                      int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
+ +

DESCRIPTION

+ +

PKCS12_create() creates a PKCS#12 structure.

+ +

pass is the passphrase to use. name is the friendlyName to use for the supplied certificate and key. pkey is the private key to include in the structure and cert its corresponding certificates. ca, if not NULL is an optional set of certificates to also include in the structure.

+ +

nid_key and nid_cert are the encryption algorithms that should be used for the key and certificate respectively. The modes GCM, CCM, XTS, and OCB are unsupported. iter is the encryption algorithm iteration count to use and mac_iter is the MAC iteration count to use. keytype is the type of key.

+ +

NOTES

+ +

The parameters nid_key, nid_cert, iter, mac_iter and keytype can all be set to zero and sensible defaults will be used.

+ +

These defaults are: 40 bit RC2 encryption for certificates, triple DES encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER (currently 2048) and a MAC iteration count of 1.

+ +

The default MAC iteration count is 1 in order to retain compatibility with old software which did not interpret MAC iteration counts. If such compatibility is not required then mac_iter should be set to PKCS12_DEFAULT_ITER.

+ +

keytype adds a flag to the store private key. This is a non standard extension that is only currently interpreted by MSIE. If set to zero the flag is omitted, if set to KEY_SIG the key can be used for signing only, if set to KEY_EX it can be used for signing and encryption. This option was useful for old export grade software which could use signing only keys of arbitrary size but had restrictions on the permissible sizes of keys which could be used for encryption.

+ +

If a certificate contains an alias or keyid then this will be used for the corresponding friendlyName or localKeyID in the PKCS12 structure.

+ +

Either pkey, cert or both can be NULL to indicate that no key or certificate is required. In previous versions both had to be present or a fatal error is returned.

+ +

nid_key or nid_cert can be set to -1 indicating that no encryption should be used.

+ +

mac_iter can be set to -1 and the MAC will then be omitted entirely.

+ +

PKCS12_create() makes assumptions regarding the encoding of the given pass phrase. See passphrase-encoding(7) for more information.

+ +

RETURN VALUES

+ +

PKCS12_create() returns a valid PKCS12 structure or NULL if an error occurred.

+ +

SEE ALSO

+ +

d2i_PKCS12(3), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS12_newpass.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS12_newpass.html new file mode 100644 index 00000000..bf5b6054 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS12_newpass.html @@ -0,0 +1,125 @@ + + + + +PKCS12_newpass + + + + + + + + + + +

NAME

+ +

PKCS12_newpass - change the password of a PKCS12 structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs12.h>
+
+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
+ +

DESCRIPTION

+ +

PKCS12_newpass() changes the password of a PKCS12 structure.

+ +

p12 is a pointer to a PKCS12 structure. oldpass is the existing password and newpass is the new password.

+ +

NOTES

+ +

Each of oldpass and newpass is independently interpreted as a string in the UTF-8 encoding. If it is not valid UTF-8, it is assumed to be ISO8859-1 instead.

+ +

In particular, this means that passwords in the locale character set (or code page on Windows) must potentially be converted to UTF-8 before use. This may include passwords from local text files, or input from the terminal or command line. Refer to the documentation of UI_OpenSSL(3), for example.

+ +

RETURN VALUES

+ +

PKCS12_newpass() returns 1 on success or 0 on failure. Applications can retrieve the most recent error from PKCS12_newpass() with ERR_get_error().

+ +

EXAMPLES

+ +

This example loads a PKCS#12 file, changes its password and writes out the result to a new file.

+ +
#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+int main(int argc, char **argv)
+{
+    FILE *fp;
+    PKCS12 *p12;
+
+    if (argc != 5) {
+        fprintf(stderr, "Usage: pkread p12file password newpass opfile\n");
+        return 1;
+    }
+    if ((fp = fopen(argv[1], "rb")) == NULL) {
+        fprintf(stderr, "Error opening file %s\n", argv[1]);
+        return 1;
+    }
+    p12 = d2i_PKCS12_fp(fp, NULL);
+    fclose(fp);
+    if (p12 == NULL) {
+        fprintf(stderr, "Error reading PKCS#12 file\n");
+        ERR_print_errors_fp(stderr);
+        return 1;
+    }
+    if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) {
+        fprintf(stderr, "Error changing password\n");
+        ERR_print_errors_fp(stderr);
+        PKCS12_free(p12);
+        return 1;
+    }
+    if ((fp = fopen(argv[4], "wb")) == NULL) {
+        fprintf(stderr, "Error opening file %s\n", argv[4]);
+        PKCS12_free(p12);
+        return 1;
+    }
+    i2d_PKCS12_fp(fp, p12);
+    PKCS12_free(p12);
+    fclose(fp);
+    return 0;
+}
+ +

NOTES

+ +

If the PKCS#12 structure does not have a password, then you must use the empty string "" for oldpass. Using NULL for oldpass will result in a PKCS12_newpass() failure.

+ +

If the wrong password is used for oldpass then the function will fail, with a MAC verification error. In rare cases the PKCS12 structure does not contain a MAC: in this case it will usually fail with a decryption padding error.

+ +

BUGS

+ +

The password format is a NULL terminated ASCII string which is converted to Unicode form internally. As a result some passwords cannot be supplied to this function.

+ +

SEE ALSO

+ +

PKCS12_create(3), ERR_get_error(3), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS12_parse.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS12_parse.html new file mode 100644 index 00000000..d9394d3e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS12_parse.html @@ -0,0 +1,81 @@ + + + + +PKCS12_parse + + + + + + + + + + +

NAME

+ +

PKCS12_parse - parse a PKCS#12 structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs12.h>
+
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+                 STACK_OF(X509) **ca);
+ +

DESCRIPTION

+ +

PKCS12_parse() parses a PKCS12 structure.

+ +

p12 is the PKCS12 structure to parse. pass is the passphrase to use. If successful the private key will be written to *pkey, the corresponding certificate to *cert and any additional certificates to *ca.

+ +

NOTES

+ +

The parameters pkey and cert cannot be NULL. ca can be <NULL> in which case additional certificates will be discarded. *ca can also be a valid STACK in which case additional certificates are appended to *ca. If *ca is NULL a new STACK will be allocated.

+ +

The friendlyName and localKeyID attributes (if present) on each certificate will be stored in the alias and keyid attributes of the X509 structure.

+ +

The parameter pass is interpreted as a string in the UTF-8 encoding. If it is not valid UTF-8, then it is assumed to be ISO8859-1 instead.

+ +

In particular, this means that passwords in the locale character set (or code page on Windows) must potentially be converted to UTF-8 before use. This may include passwords from local text files, or input from the terminal or command line. Refer to the documentation of UI_OpenSSL(3), for example.

+ +

RETURN VALUES

+ +

PKCS12_parse() returns 1 for success and zero if an error occurred.

+ +

The error can be obtained from ERR_get_error(3)

+ +

BUGS

+ +

Only a single private key and corresponding certificate is returned by this function. More complex PKCS#12 files with multiple private keys will only return the first match.

+ +

Only friendlyName and localKeyID attributes are currently stored in certificates. Other attributes are discarded.

+ +

Attributes currently cannot be stored in the private key EVP_PKEY structure.

+ +

SEE ALSO

+ +

d2i_PKCS12(3), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS5_PBKDF2_HMAC.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS5_PBKDF2_HMAC.html new file mode 100644 index 00000000..fccc784c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS5_PBKDF2_HMAC.html @@ -0,0 +1,82 @@ + + + + +PKCS5_PBKDF2_HMAC + + + + + + + + + + +

NAME

+ +

PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 - password based derivation routines with salt and iteration count

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+                      const unsigned char *salt, int saltlen, int iter,
+                      const EVP_MD *digest,
+                      int keylen, unsigned char *out);
+
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+                           const unsigned char *salt, int saltlen, int iter,
+                           int keylen, unsigned char *out);
+ +

DESCRIPTION

+ +

PKCS5_PBKDF2_HMAC() derives a key from a password using a salt and iteration count as specified in RFC 2898.

+ +

pass is the password used in the derivation of length passlen. pass is an optional parameter and can be NULL. If passlen is -1, then the function will calculate the length of pass using strlen().

+ +

salt is the salt used in the derivation of length saltlen. If the salt is NULL, then saltlen must be 0. The function will not attempt to calculate the length of the salt because it is not assumed to be NULL terminated.

+ +

iter is the iteration count and its value should be greater than or equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any iter less than 1 is treated as a single iteration.

+ +

digest is the message digest function used in the derivation. Values include any of the EVP_* message digests. PKCS5_PBKDF2_HMAC_SHA1() calls PKCS5_PBKDF2_HMAC() with EVP_sha1().

+ +

The derived key will be written to out. The size of the out buffer is specified via keylen.

+ +

NOTES

+ +

A typical application of this function is to derive keying material for an encryption algorithm from a password in the pass, a salt in salt, and an iteration count.

+ +

Increasing the iter parameter slows down the algorithm which makes it harder for an attacker to perform a brute force attack using a large number of candidate passwords.

+ +

These functions make no assumption regarding the given password. It will simply be treated as a byte sequence.

+ +

RETURN VALUES

+ +

PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on error.

+ +

SEE ALSO

+ +

evp(7), RAND_bytes(3), EVP_BytesToKey(3), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS7_decrypt.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS7_decrypt.html new file mode 100644 index 00000000..e429fe7c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS7_decrypt.html @@ -0,0 +1,72 @@ + + + + +PKCS7_decrypt + + + + + + + + + + +

NAME

+ +

PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+ +

DESCRIPTION

+ +

PKCS7_decrypt() extracts and decrypts the content from a PKCS#7 envelopedData structure. pkey is the private key of the recipient, cert is the recipients certificate, data is a BIO to write the content to and flags is an optional set of flags.

+ +

NOTES

+ +

Although the recipients certificate is not needed to decrypt the data it is needed to locate the appropriate (of possible several) recipients in the PKCS#7 structure.

+ +

The following flags can be passed in the flags parameter.

+ +

If the PKCS7_TEXT flag is set MIME headers for type text/plain are deleted from the content. If the content is not of type text/plain then an error is returned.

+ +

RETURN VALUES

+ +

PKCS7_decrypt() returns either 1 for success or 0 for failure. The error can be obtained from ERR_get_error(3)

+ +

BUGS

+ +

PKCS7_decrypt() must be passed the correct recipient key and certificate. It would be better if it could look up the correct key and certificate from a database.

+ +

The lack of single pass processing and need to hold all data in memory as mentioned in PKCS7_sign() also applies to PKCS7_verify().

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_encrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS7_encrypt.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS7_encrypt.html new file mode 100644 index 00000000..c1bacd03 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS7_encrypt.html @@ -0,0 +1,90 @@ + + + + +PKCS7_encrypt + + + + + + + + + + +

NAME

+ +

PKCS7_encrypt - create a PKCS#7 envelopedData structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+                     int flags);
+ +

DESCRIPTION

+ +

PKCS7_encrypt() creates and returns a PKCS#7 envelopedData structure. certs is a list of recipient certificates. in is the content to be encrypted. cipher is the symmetric cipher to use. flags is an optional set of flags.

+ +

NOTES

+ +

Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates supplied to this function must all contain RSA public keys, though they do not have to be signed using the RSA algorithm.

+ +

EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because most clients will support it.

+ +

Some old "export grade" clients may only support weak encryption using 40 or 64 bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively.

+ +

The algorithm passed in the cipher parameter must support ASN1 encoding of its parameters.

+ +

Many browsers implement a "sign and encrypt" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory BIO and passing it to PKCS7_encrypt().

+ +

The following flags can be passed in the flags parameter.

+ +

If the PKCS7_TEXT flag is set MIME headers for type text/plain are prepended to the data.

+ +

Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) if PKCS7_BINARY is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. If PKCS7_BINARY is set then PKCS7_TEXT is ignored.

+ +

If the PKCS7_STREAM flag is set a partial PKCS7 structure is output suitable for streaming I/O: no data is read from the BIO in.

+ +

NOTES

+ +

If the flag PKCS7_STREAM is set the returned PKCS7 structure is not complete and outputting its contents via a function that does not properly finalize the PKCS7 structure will give unpredictable results.

+ +

Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(), PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization can be performed by obtaining the streaming ASN1 BIO directly using BIO_new_PKCS7().

+ +

RETURN VALUES

+ +

PKCS7_encrypt() returns either a PKCS7 structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_decrypt(3)

+ +

HISTORY

+ +

The PKCS7_STREAM flag was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS7_sign.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS7_sign.html new file mode 100644 index 00000000..7d443339 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS7_sign.html @@ -0,0 +1,109 @@ + + + + +PKCS7_sign + + + + + + + + + + +

NAME

+ +

PKCS7_sign - create a PKCS#7 signedData structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                  BIO *data, int flags);
+ +

DESCRIPTION

+ +

PKCS7_sign() creates and returns a PKCS#7 signedData structure. signcert is the certificate to sign with, pkey is the corresponding private key. certs is an optional additional set of certificates to include in the PKCS#7 structure (for example any intermediate CAs in the chain).

+ +

The data to be signed is read from BIO data.

+ +

flags is an optional set of flags.

+ +

NOTES

+ +

Any of the following flags (ored together) can be passed in the flags parameter.

+ +

Many S/MIME clients expect the signed content to include valid MIME headers. If the PKCS7_TEXT flag is set MIME headers for type text/plain are prepended to the data.

+ +

If PKCS7_NOCERTS is set the signer's certificate will not be included in the PKCS7 structure, the signer's certificate must still be supplied in the signcert parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message.

+ +

The data being signed is included in the PKCS7 structure, unless PKCS7_DETACHED is set in which case it is omitted. This is used for PKCS7 detached signatures which are used in S/MIME plaintext signed messages for example.

+ +

Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) if PKCS7_BINARY is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it.

+ +

The signedData structure includes several PKCS#7 authenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of ciphers in an SMIMECapabilities attribute. If PKCS7_NOATTR is set then no authenticatedAttributes will be used. If PKCS7_NOSMIMECAP is set then just the SMIMECapabilities are omitted.

+ +

If present the SMIMECapabilities attribute indicates support for the following algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is disabled then it will not be included.

+ +

If the flags PKCS7_STREAM is set then the returned PKCS7 structure is just initialized ready to perform the signing operation. The signing is however not performed and the data to be signed is not read from the data parameter. Signing is deferred until after the data has been written. In this way data can be signed in a single pass.

+ +

If the PKCS7_PARTIAL flag is set a partial PKCS7 structure is output to which additional signers and capabilities can be added before finalization.

+ +

NOTES

+ +

If the flag PKCS7_STREAM is set the returned PKCS7 structure is not complete and outputting its contents via a function that does not properly finalize the PKCS7 structure will give unpredictable results.

+ +

Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(), PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization can be performed by obtaining the streaming ASN1 BIO directly using BIO_new_PKCS7().

+ +

If a signer is specified it will use the default digest for the signing algorithm. This is SHA1 for both RSA and DSA keys.

+ +

The certs, signcert and pkey parameters can all be NULL if the PKCS7_PARTIAL flag is set. One or more signers can be added using the function PKCS7_sign_add_signer(). PKCS7_final() must also be called to finalize the structure if streaming is not enabled. Alternative signing digests can also be specified using this method.

+ +

If signcert and pkey are NULL then a certificates only PKCS#7 structure is output.

+ +

In versions of OpenSSL before 1.0.0 the signcert and pkey parameters must NOT be NULL.

+ +

BUGS

+ +

Some advanced attributes such as counter signatures are not supported.

+ +

RETURN VALUES

+ +

PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_verify(3)

+ +

HISTORY

+ +

The PKCS7_PARTIAL flag, and the ability for certs, signcert, and pkey parameters to be NULL were added in OpenSSL 1.0.0.

+ +

The PKCS7_STREAM flag was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS7_sign_add_signer.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS7_sign_add_signer.html new file mode 100644 index 00000000..af1bec17 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS7_sign_add_signer.html @@ -0,0 +1,87 @@ + + + + +PKCS7_sign_add_signer + + + + + + + + + + +

NAME

+ +

PKCS7_sign_add_signer - add a signer PKCS7 signed data structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
+                                         EVP_PKEY *pkey, const EVP_MD *md, int flags);
+ +

DESCRIPTION

+ +

PKCS7_sign_add_signer() adds a signer with certificate signcert and private key pkey using message digest md to a PKCS7 signed data structure p7.

+ +

The PKCS7 structure should be obtained from an initial call to PKCS7_sign() with the flag PKCS7_PARTIAL set or in the case or re-signing a valid PKCS7 signed data structure.

+ +

If the md parameter is NULL then the default digest for the public key algorithm will be used.

+ +

Unless the PKCS7_REUSE_DIGEST flag is set the returned PKCS7 structure is not complete and must be finalized either by streaming (if applicable) or a call to PKCS7_final().

+ +

NOTES

+ +

The main purpose of this function is to provide finer control over a PKCS#7 signed data structure where the simpler PKCS7_sign() function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed.

+ +

Any of the following flags (ored together) can be passed in the flags parameter.

+ +

If PKCS7_REUSE_DIGEST is set then an attempt is made to copy the content digest value from the PKCS7 structure: to add a signer to an existing structure. An error occurs if a matching digest value cannot be found to copy. The returned PKCS7 structure will be valid and finalized when this flag is set.

+ +

If PKCS7_PARTIAL is set in addition to PKCS7_REUSE_DIGEST then the PKCS7_SIGNER_INO structure will not be finalized so additional attributes can be added. In this case an explicit call to PKCS7_SIGNER_INFO_sign() is needed to finalize it.

+ +

If PKCS7_NOCERTS is set the signer's certificate will not be included in the PKCS7 structure, the signer's certificate must still be supplied in the signcert parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message.

+ +

The signedData structure includes several PKCS#7 authenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of ciphers in an SMIMECapabilities attribute. If PKCS7_NOATTR is set then no authenticatedAttributes will be used. If PKCS7_NOSMIMECAP is set then just the SMIMECapabilities are omitted.

+ +

If present the SMIMECapabilities attribute indicates support for the following algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is disabled then it will not be included.

+ +

PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO structure just added, this can be used to set additional attributes before it is finalized.

+ +

RETURN VALUES

+ +

PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO structure just added or NULL if an error occurs.

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_sign(3), PKCS7_final(3),

+ +

HISTORY

+ +

The PPKCS7_sign_add_signer() function was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS7_verify.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS7_verify.html new file mode 100644 index 00000000..140846c3 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/PKCS7_verify.html @@ -0,0 +1,110 @@ + + + + +PKCS7_verify + + + + + + + + + + +

NAME

+ +

PKCS7_verify, PKCS7_get0_signers - verify a PKCS#7 signedData structure

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+                 BIO *indata, BIO *out, int flags);
+
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+ +

DESCRIPTION

+ +

PKCS7_verify() verifies a PKCS#7 signedData structure. p7 is the PKCS7 structure to verify. certs is a set of certificates in which to search for the signer's certificate. store is a trusted certificate store (used for chain verification). indata is the signed data if the content is not present in p7 (that is it is detached). The content is written to out if it is not NULL.

+ +

flags is an optional set of flags, which can be used to modify the verify operation.

+ +

PKCS7_get0_signers() retrieves the signer's certificates from p7, it does not check their validity or whether any signatures are valid. The certs and flags parameters have the same meanings as in PKCS7_verify().

+ +

VERIFY PROCESS

+ +

Normally the verify process proceeds as follows.

+ +

Initially some sanity checks are performed on p7. The type of p7 must be signedData. There must be at least one signature on the data and if the content is detached indata cannot be NULL. If the content is not detached and indata is not NULL, then the structure has both embedded and external content. To treat this as an error, use the flag PKCS7_NO_DUAL_CONTENT. The default behavior allows this, for compatibility with older versions of OpenSSL.

+ +

An attempt is made to locate all the signer's certificates, first looking in the certs parameter (if it is not NULL) and then looking in any certificates contained in the p7 structure itself. If any signer's certificates cannot be located the operation fails.

+ +

Each signer's certificate is chain verified using the smimesign purpose and the supplied trusted certificate store. Any internal certificates in the message are used as untrusted CAs. If any chain verify fails an error code is returned.

+ +

Finally the signed content is read (and written to out is it is not NULL) and the signature's checked.

+ +

If all signature's verify correctly then the function is successful.

+ +

Any of the following flags (ored together) can be passed in the flags parameter to change the default verify behaviour. Only the flag PKCS7_NOINTERN is meaningful to PKCS7_get0_signers().

+ +

If PKCS7_NOINTERN is set the certificates in the message itself are not searched when locating the signer's certificate. This means that all the signers certificates must be in the certs parameter.

+ +

If the PKCS7_TEXT flag is set MIME headers for type text/plain are deleted from the content. If the content is not of type text/plain then an error is returned.

+ +

If PKCS7_NOVERIFY is set the signer's certificates are not chain verified.

+ +

If PKCS7_NOCHAIN is set then the certificates contained in the message are not used as untrusted CAs. This means that the whole verify chain (apart from the signer's certificate) must be contained in the trusted store.

+ +

If PKCS7_NOSIGS is set then the signatures on the data are not checked.

+ +

NOTES

+ +

One application of PKCS7_NOINTERN is to only accept messages signed by a small number of certificates. The acceptable certificates would be passed in the certs parameter. In this case if the signer is not one of the certificates supplied in certs then the verify will fail because the signer cannot be found.

+ +

Care should be taken when modifying the default verify behaviour, for example setting PKCS7_NOVERIFY|PKCS7_NOSIGS will totally disable all verification and any signed message will be considered valid. This combination is however useful if one merely wishes to write the content to out and its validity is not considered important.

+ +

Chain verification should arguably be performed using the signing time rather than the current time. However since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp).

+ +

RETURN VALUES

+ +

PKCS7_verify() returns one for a successful verification and zero if an error occurs.

+ +

PKCS7_get0_signers() returns all signers or NULL if an error occurred.

+ +

The error can be obtained from ERR_get_error(3)

+ +

BUGS

+ +

The trusted certificate store is not searched for the signers certificate, this is primarily due to the inadequacies of the current X509_STORE functionality.

+ +

The lack of single pass processing and need to hold all data in memory as mentioned in PKCS7_sign() also applies to PKCS7_verify().

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_sign(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_generate.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_generate.html new file mode 100644 index 00000000..35f151c2 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_generate.html @@ -0,0 +1,80 @@ + + + + +RAND_DRBG_generate + + + + + + + + + + +

NAME

+ +

RAND_DRBG_generate, RAND_DRBG_bytes - generate random bytes using the given drbg instance

+ +

SYNOPSIS

+ +
#include <openssl/rand_drbg.h>
+
+int RAND_DRBG_generate(RAND_DRBG *drbg,
+                       unsigned char *out, size_t outlen,
+                       int prediction_resistance,
+                       const unsigned char *adin, size_t adinlen);
+
+int RAND_DRBG_bytes(RAND_DRBG *drbg,
+                    unsigned char *out, size_t outlen);
+ +

DESCRIPTION

+ +

RAND_DRBG_generate() generates outlen random bytes using the given DRBG instance drbg and stores them in the buffer at out.

+ +

Before generating the output, the DRBG instance checks whether the maximum number of generate requests (reseed interval) or the maximum timespan (reseed time interval) since its last seeding have been reached. If this is the case, the DRBG reseeds automatically. Additionally, an immediate reseeding can be requested by setting the prediction_resistance flag to 1. See NOTES section for more details.

+ +

The caller can optionally provide additional data to be used for reseeding by passing a pointer adin to a buffer of length adinlen. This additional data is mixed into the internal state of the random generator but does not contribute to the entropy count. The additional data can be omitted by setting adin to NULL and adinlen to 0;

+ +

RAND_DRBG_bytes() generates outlen random bytes using the given DRBG instance drbg and stores them in the buffer at out. This function is a wrapper around the RAND_DRBG_generate() call, which collects some additional data from low entropy sources (e.g., a high resolution timer) and calls RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen).

+ +

RETURN VALUES

+ +

RAND_DRBG_generate() and RAND_DRBG_bytes() return 1 on success, and 0 on failure.

+ +

NOTES

+ +

The reseed interval and reseed time interval of the drbg are set to reasonable default values, which in general do not have to be adjusted. If necessary, they can be changed using RAND_DRBG_set_reseed_interval(3) and RAND_DRBG_set_reseed_time_interval(3), respectively.

+ +

A request for prediction resistance can only be satisfied by pulling fresh entropy from one of the approved entropy sources listed in section 5.5.2 of [NIST SP 800-90C]. Since the default DRBG implementation does not have access to such an approved entropy source, a request for prediction resistance will always fail. In other words, prediction resistance is currently not supported yet by the DRBG.

+ +

SEE ALSO

+ +

RAND_bytes(3), RAND_DRBG_set_reseed_interval(3), RAND_DRBG_set_reseed_time_interval(3), RAND_DRBG(7)

+ +

HISTORY

+ +

The RAND_DRBG functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_get0_master.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_get0_master.html new file mode 100644 index 00000000..8e5b68e9 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_get0_master.html @@ -0,0 +1,80 @@ + + + + +RAND_DRBG_get0_master + + + + + + + + + + +

NAME

+ +

RAND_DRBG_get0_master, RAND_DRBG_get0_public, RAND_DRBG_get0_private - get access to the global RAND_DRBG instances

+ +

SYNOPSIS

+ +
#include <openssl/rand_drbg.h>
+
+RAND_DRBG *RAND_DRBG_get0_master(void);
+RAND_DRBG *RAND_DRBG_get0_public(void);
+RAND_DRBG *RAND_DRBG_get0_private(void);
+ +

DESCRIPTION

+ +

The default RAND API implementation (RAND_OpenSSL()) utilizes three shared DRBG instances which are accessed via the RAND API:

+ +

The <public> and <private> DRBG are thread-local instances, which are used by RAND_bytes() and RAND_priv_bytes(), respectively. The <master> DRBG is a global instance, which is not intended to be used directly, but is used internally to reseed the other two instances.

+ +

These functions here provide access to the shared DRBG instances.

+ +

RETURN VALUES

+ +

RAND_DRBG_get0_master() returns a pointer to the <master> DRBG instance.

+ +

RAND_DRBG_get0_public() returns a pointer to the <public> DRBG instance.

+ +

RAND_DRBG_get0_private() returns a pointer to the <private> DRBG instance.

+ +

NOTES

+ +

It is not thread-safe to access the <master> DRBG instance. The <public> and <private> DRBG instance can be accessed safely, because they are thread-local. Note however, that changes to these two instances apply only to the current thread.

+ +

For that reason it is recommended not to change the settings of these three instances directly. Instead, an application should change the default settings for new DRBG instances at initialization time, before creating additional threads.

+ +

During initialization, it is possible to change the reseed interval and reseed time interval. It is also possible to exchange the reseeding callbacks entirely.

+ +

SEE ALSO

+ +

RAND_DRBG_set_callbacks(3), RAND_DRBG_set_reseed_defaults(3), RAND_DRBG_set_reseed_interval(3), RAND_DRBG_set_reseed_time_interval(3), RAND_DRBG_set_callbacks(3), RAND_DRBG_generate(3), RAND_DRBG(7)

+ +

HISTORY

+ +

The RAND_DRBG functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_new.html new file mode 100644 index 00000000..950459c3 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_new.html @@ -0,0 +1,105 @@ + + + + +RAND_DRBG_new + + + + + + + + + + +

NAME

+ +

RAND_DRBG_new, RAND_DRBG_secure_new, RAND_DRBG_set, RAND_DRBG_set_defaults, RAND_DRBG_instantiate, RAND_DRBG_uninstantiate, RAND_DRBG_free - initialize and cleanup a RAND_DRBG instance

+ +

SYNOPSIS

+ +
#include <openssl/rand_drbg.h>
+
+
+RAND_DRBG *RAND_DRBG_new(int type,
+                         unsigned int flags,
+                         RAND_DRBG *parent);
+
+RAND_DRBG *RAND_DRBG_secure_new(int type,
+                                unsigned int flags,
+                                RAND_DRBG *parent);
+
+int RAND_DRBG_set(RAND_DRBG *drbg,
+                  int type, unsigned int flags);
+
+int RAND_DRBG_set_defaults(int type, unsigned int flags);
+
+int RAND_DRBG_instantiate(RAND_DRBG *drbg,
+                          const unsigned char *pers, size_t perslen);
+
+int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
+
+void RAND_DRBG_free(RAND_DRBG *drbg);
+ +

DESCRIPTION

+ +

RAND_DRBG_new() and RAND_DRBG_secure_new() create a new DRBG instance of the given type, allocated from the heap resp. the secure heap (using OPENSSL_zalloc() resp. OPENSSL_secure_zalloc()).

+ +

RAND_DRBG_set() initializes the drbg with the given type and flags.

+ +

RAND_DRBG_set_defaults() sets the default type and flags for new DRBG instances.

+ +

Currently, all DRBG types are based on AES-CTR, so type can be one of the following values: NID_aes_128_ctr, NID_aes_192_ctr, NID_aes_256_ctr. Before the DRBG can be used to generate random bits, it is necessary to set its type and to instantiate it.

+ +

The optional flags argument specifies a set of bit flags which can be joined using the | operator. Currently, the only flag is RAND_DRBG_FLAG_CTR_NO_DF, which disables the use of a the derivation function ctr_df. For an explanation, see [NIST SP 800-90A Rev. 1].

+ +

If a parent instance is specified then this will be used instead of the default entropy source for reseeding the drbg. It is said that the drbg is chained to its parent. For more information, see the NOTES section.

+ +

RAND_DRBG_instantiate() seeds the drbg instance using random input from trusted entropy sources. Optionally, a personalization string pers of length perslen can be specified. To omit the personalization string, set pers=NULL and perslen=0;

+ +

RAND_DRBG_uninstantiate() clears the internal state of the drbg and puts it back in the uninstantiated state.

+ +

RETURN VALUES

+ +

RAND_DRBG_new() and RAND_DRBG_secure_new() return a pointer to a DRBG instance allocated on the heap, resp. secure heap.

+ +

RAND_DRBG_set(), RAND_DRBG_instantiate(), and RAND_DRBG_uninstantiate() return 1 on success, and 0 on failure.

+ +

RAND_DRBG_free() does not return a value.

+ +

NOTES

+ +

The DRBG design supports chaining, which means that a DRBG instance can use another parent DRBG instance instead of the default entropy source to obtain fresh random input for reseeding, provided that parent DRBG instance was properly instantiated, either from a trusted entropy source, or from yet another parent DRBG instance. For a detailed description of the reseeding process, see RAND_DRBG(7).

+ +

The default DRBG type and flags are applied only during creation of a DRBG instance. To ensure that they are applied to the global and thread-local DRBG instances (<master>, resp. <public> and <private>), it is necessary to call RAND_DRBG_set_defaults() before creating any thread and before calling any cryptographic routines that obtain random data directly or indirectly.

+ +

SEE ALSO

+ +

OPENSSL_zalloc(3), OPENSSL_secure_zalloc(3), RAND_DRBG_generate(3), RAND_DRBG(7)

+ +

HISTORY

+ +

The RAND_DRBG functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_reseed.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_reseed.html new file mode 100644 index 00000000..90c1015b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_reseed.html @@ -0,0 +1,91 @@ + + + + +RAND_DRBG_reseed + + + + + + + + + + +

NAME

+ +

RAND_DRBG_reseed, RAND_DRBG_set_reseed_interval, RAND_DRBG_set_reseed_time_interval, RAND_DRBG_set_reseed_defaults - reseed a RAND_DRBG instance

+ +

SYNOPSIS

+ +
#include <openssl/rand_drbg.h>
+
+int RAND_DRBG_reseed(RAND_DRBG *drbg,
+                     const unsigned char *adin, size_t adinlen,
+                     int prediction_resistance);
+
+int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg,
+                                  unsigned int interval);
+
+int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg,
+                                       time_t interval);
+
+int RAND_DRBG_set_reseed_defaults(
+                                  unsigned int master_reseed_interval,
+                                  unsigned int slave_reseed_interval,
+                                  time_t master_reseed_time_interval,
+                                  time_t slave_reseed_time_interval
+                                  );
+ +

DESCRIPTION

+ +

RAND_DRBG_reseed() reseeds the given drbg, obtaining entropy input from its entropy source and mixing in the specified additional data provided in the buffer adin of length adinlen. The additional data can be omitted by setting adin to NULL and adinlen to 0. An immediate reseeding from a live entropy source can be requested by setting the prediction_resistance flag to 1. This feature is not implemented yet, so reseeding with prediction resistance requested will always fail.

+ +

RAND_DRBG_set_reseed_interval() sets the reseed interval of the drbg, which is the maximum allowed number of generate requests between consecutive reseedings. If interval > 0, then the drbg will reseed automatically whenever the number of generate requests since its last seeding exceeds the given reseed interval. If interval == 0, then this feature is disabled.

+ +

RAND_DRBG_set_reseed_time_interval() sets the reseed time interval of the drbg, which is the maximum allowed number of seconds between consecutive reseedings. If interval > 0, then the drbg will reseed automatically whenever the elapsed time since its last reseeding exceeds the given reseed time interval. If interval == 0, then this feature is disabled.

+ +

RAND_DRBG_set_reseed_defaults() sets the default values for the reseed interval (master_reseed_interval and slave_reseed_interval) and the reseed time interval (master_reseed_time_interval and slave_reseed_tme_interval) of DRBG instances. The default values are set independently for master DRBG instances (which don't have a parent) and slave DRBG instances (which are chained to a parent DRBG).

+ +

RETURN VALUES

+ +

RAND_DRBG_reseed(), RAND_DRBG_set_reseed_interval(), and RAND_DRBG_set_reseed_time_interval(), return 1 on success, 0 on failure.

+ +

NOTES

+ +

The default OpenSSL random generator is already set up for automatic reseeding, so in general it is not necessary to reseed it explicitly, or to modify its reseeding thresholds.

+ +

Normally, the entropy input for seeding a DRBG is either obtained from a trusted os entropy source or from a parent DRBG instance, which was seeded (directly or indirectly) from a trusted os entropy source. In exceptional cases it is possible to replace the reseeding mechanism entirely by providing application defined callbacks using RAND_DRBG_set_callbacks().

+ +

The reseeding default values are applied only during creation of a DRBG instance. To ensure that they are applied to the global and thread-local DRBG instances (<master>, resp. <public> and <private>), it is necessary to call RAND_DRBG_set_reseed_defaults() before creating any thread and before calling any cryptographic routines that obtain random data directly or indirectly.

+ +

SEE ALSO

+ +

RAND_DRBG_generate(3), RAND_DRBG_bytes(3), RAND_DRBG_set_callbacks(3). RAND_DRBG(7)

+ +

HISTORY

+ +

The RAND_DRBG functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_set_callbacks.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_set_callbacks.html new file mode 100644 index 00000000..4d162b17 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_set_callbacks.html @@ -0,0 +1,120 @@ + + + + +RAND_DRBG_set_callbacks + + + + + + + + + + +

NAME

+ +

RAND_DRBG_set_callbacks, RAND_DRBG_get_entropy_fn, RAND_DRBG_cleanup_entropy_fn, RAND_DRBG_get_nonce_fn, RAND_DRBG_cleanup_nonce_fn - set callbacks for reseeding

+ +

SYNOPSIS

+ +
#include <openssl/rand_drbg.h>
+
+
+int RAND_DRBG_set_callbacks(RAND_DRBG *drbg,
+                            RAND_DRBG_get_entropy_fn get_entropy,
+                            RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
+                            RAND_DRBG_get_nonce_fn get_nonce,
+                            RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
+ +

Callback Functions

+ +
typedef size_t (*RAND_DRBG_get_entropy_fn)(
+                      RAND_DRBG *drbg,
+                      unsigned char **pout,
+                      int entropy,
+                      size_t min_len, size_t max_len,
+                      int prediction_resistance);
+
+typedef void (*RAND_DRBG_cleanup_entropy_fn)(
+                    RAND_DRBG *drbg,
+                    unsigned char *out, size_t outlen);
+
+typedef size_t (*RAND_DRBG_get_nonce_fn)(
+                      RAND_DRBG *drbg,
+                      unsigned char **pout,
+                      int entropy,
+                      size_t min_len, size_t max_len);
+
+typedef void (*RAND_DRBG_cleanup_nonce_fn)(
+                    RAND_DRBG *drbg,
+                    unsigned char *out, size_t outlen);
+ +

DESCRIPTION

+ +

RAND_DRBG_set_callbacks() sets the callbacks for obtaining fresh entropy and the nonce when reseeding the given drbg. The callback functions are implemented and provided by the caller. Their parameter lists need to match the function prototypes above.

+ +

Setting the callbacks is allowed only if the DRBG has not been initialized yet. Otherwise, the operation will fail. To change the settings for one of the three shared DRBGs it is necessary to call RAND_DRBG_uninstantiate() first.

+ +

The get_entropy() callback is called by the drbg when it requests fresh random input. It is expected that the callback allocates and fills a random buffer of size min_len <= size <= max_len (in bytes) which contains at least entropy bits of randomness. The prediction_resistance flag indicates whether the reseeding was triggered by a prediction resistance request.

+ +

The buffer's address is to be returned in *pout and the number of collected randomness bytes as return value.

+ +

If the callback fails to acquire at least entropy bits of randomness, it must indicate an error by returning a buffer length of 0.

+ +

If prediction_resistance was requested and the random source of the DRBG does not satisfy the conditions requested by [NIST SP 800-90C], then it must also indicate an error by returning a buffer length of 0. See NOTES section for more details.

+ +

The cleanup_entropy() callback is called from the drbg to to clear and free the buffer allocated previously by get_entropy(). The values out and outlen are the random buffer's address and length, as returned by the get_entropy() callback.

+ +

The get_nonce() and cleanup_nonce() callbacks are used to obtain a nonce and free it again. A nonce is only required for instantiation (not for reseeding) and only in the case where the DRBG uses a derivation function. The callbacks are analogous to get_entropy() and cleanup_entropy(), except for the missing prediction_resistance flag.

+ +

If the derivation function is disabled, then no nonce is used for instantiation, and the get_nonce() and cleanup_nonce() callbacks can be omitted by setting them to NULL.

+ +

RETURN VALUES

+ +

RAND_DRBG_set_callbacks() return 1 on success, and 0 on failure

+ +

NOTES

+ +

It is important that cleanup_entropy() and cleanup_nonce() clear the buffer contents safely before freeing it, in order not to leave sensitive information about the DRBG's state in memory.

+ +

A request for prediction resistance can only be satisfied by pulling fresh entropy from one of the approved entropy sources listed in section 5.5.2 of [NIST SP 800-90C]. Since the default implementation of the get_entropy callback does not have access to such an approved entropy source, a request for prediction resistance will always fail. In other words, prediction resistance is currently not supported yet by the DRBG.

+ +

The derivation function is disabled during initialization by calling the RAND_DRBG_set() function with the RAND_DRBG_FLAG_CTR_NO_DF flag. For more information on the derivation function and when it can be omitted, see [NIST SP 800-90A Rev. 1]. Roughly speaking it can be omitted if the random source has "full entropy", i.e., contains 8 bits of entropy per byte.

+ +

Even if a nonce is required, the get_nonce() and cleanup_nonce() callbacks can be omitted by setting them to NULL. In this case the DRBG will automatically request an extra amount of entropy (using the get_entropy() and cleanup_entropy() callbacks) which it will utilize for the nonce, following the recommendations of [NIST SP 800-90A Rev. 1], section 8.6.7.

+ +

SEE ALSO

+ +

RAND_DRBG_new(3), RAND_DRBG_reseed(3), RAND_DRBG(7)

+ +

HISTORY

+ +

The RAND_DRBG functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_set_ex_data.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_set_ex_data.html new file mode 100644 index 00000000..04f2c26d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_DRBG_set_ex_data.html @@ -0,0 +1,74 @@ + + + + +RAND_DRBG_set_ex_data + + + + + + + + + + +

NAME

+ +

RAND_DRBG_set_ex_data, RAND_DRBG_get_ex_data, RAND_DRBG_get_ex_new_index - store and retrieve extra data from the DRBG instance

+ +

SYNOPSIS

+ +
#include <openssl/rand_drbg.h>
+
+int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *data);
+
+void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx);
+
+int RAND_DRBG_get_ex_new_index(long argl, void *argp,
+                               CRYPTO_EX_new *new_func,
+                               CRYPTO_EX_dup *dup_func,
+                               CRYPTO_EX_free *free_func);
+ +

DESCRIPTION

+ +

RAND_DRBG_set_ex_data() enables an application to store arbitrary application specific data data in a RAND_DRBG instance drbg. The index idx should be a value previously returned from a call to RAND_DRBG_get_ex_new_index().

+ +

RAND_DRBG_get_ex_data() retrieves application specific data previously stored in an RAND_DRBG instance drbg. The idx value should be the same as that used when originally storing the data.

+ +

For more detailed information see CRYPTO_get_ex_data(3) and CRYPTO_set_ex_data(3) which implement these functions and CRYPTO_get_ex_new_index(3) for generating a unique index.

+ +

RETURN VALUES

+ +

RAND_DRBG_set_ex_data() returns 1 for success or 0 for failure.

+ +

RAND_DRBG_get_ex_data() returns the previously stored value or NULL on failure. NULL may also be a valid value.

+ +

NOTES

+ +

RAND_DRBG_get_ex_new_index(...) is implemented as a macro and equivalent to CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG,...).

+ +

SEE ALSO

+ +

CRYPTO_get_ex_data(3), CRYPTO_set_ex_data(3), CRYPTO_get_ex_new_index(3), RAND_DRBG(7)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_add.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_add.html new file mode 100644 index 00000000..ec1ce24b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_add.html @@ -0,0 +1,92 @@ + + + + +RAND_add + + + + + + + + + + +

NAME

+ +

RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, RAND_keep_random_devices_open - add randomness to the PRNG or get its status

+ +

SYNOPSIS

+ +
#include <openssl/rand.h>
+
+int RAND_status(void);
+int RAND_poll();
+
+void RAND_add(const void *buf, int num, double randomness);
+void RAND_seed(const void *buf, int num);
+
+void RAND_keep_random_devices_open(int keep);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10100000L
+int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
+void RAND_screen(void);
+#endif
+ +

DESCRIPTION

+ +

These functions can be used to seed the random generator and to check its seeded state. In general, manual (re-)seeding of the default OpenSSL random generator (RAND_OpenSSL(3)) is not necessary (but allowed), since it does (re-)seed itself automatically using trusted system entropy sources. This holds unless the default RAND_METHOD has been replaced or OpenSSL was built with automatic reseeding disabled, see RAND(7) for more details.

+ +

RAND_status() indicates whether or not the random generator has been sufficiently seeded. If not, functions such as RAND_bytes(3) will fail.

+ +

RAND_poll() uses the system's capabilities to seed the random generator using random input obtained from polling various trusted entropy sources. The default choice of the entropy source can be modified at build time, see RAND(7) for more details.

+ +

RAND_add() mixes the num bytes at buf into the internal state of the random generator. This function will not normally be needed, as mentioned above. The randomness argument is an estimate of how much randomness is contained in buf, in bytes, and should be a number between zero and num. Details about sources of randomness and how to estimate their randomness can be found in the literature; for example [NIST SP 800-90B]. The content of buf cannot be recovered from subsequent random generator output. Applications that intend to save and restore random state in an external file should consider using RAND_load_file(3) instead.

+ +

RAND_seed() is equivalent to RAND_add() with randomness set to num.

+ +

RAND_keep_random_devices_open() is used to control file descriptor usage by the random seed sources. Some seed sources maintain open file descriptors by default, which allows such sources to operate in a chroot(2) jail without the associated device nodes being available. When the keep argument is zero, this call disables the retention of file descriptors. Conversely, a non-zero argument enables the retention of file descriptors. This function is usually called during initialization and it takes effect immediately.

+ +

RAND_event() and RAND_screen() are equivalent to RAND_poll() and exist for compatibility reasons only. See HISTORY section below.

+ +

RETURN VALUES

+ +

RAND_status() returns 1 if the random generator has been seeded with enough data, 0 otherwise.

+ +

RAND_poll() returns 1 if it generated seed data, 0 otherwise.

+ +

RAND_event() returns RAND_status().

+ +

The other functions do not return values.

+ +

SEE ALSO

+ +

RAND_bytes(3), RAND_egd(3), RAND_load_file(3), RAND(7)

+ +

HISTORY

+ +

RAND_event() and RAND_screen() were deprecated in OpenSSL 1.1.0 and should not be used.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_bytes.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_bytes.html new file mode 100644 index 00000000..537a7015 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_bytes.html @@ -0,0 +1,87 @@ + + + + +RAND_bytes + + + + + + + + + + +

NAME

+ +

RAND_bytes, RAND_priv_bytes, RAND_pseudo_bytes - generate random data

+ +

SYNOPSIS

+ +
#include <openssl/rand.h>
+
+int RAND_bytes(unsigned char *buf, int num);
+int RAND_priv_bytes(unsigned char *buf, int num);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10100000L
+int RAND_pseudo_bytes(unsigned char *buf, int num);
+#endif
+ +

DESCRIPTION

+ +

RAND_bytes() generates num random bytes using a cryptographically secure pseudo random generator (CSPRNG) and stores them in buf.

+ +

RAND_priv_bytes() has the same semantics as RAND_bytes(). It is intended to be used for generating values that should remain private. If using the default RAND_METHOD, this function uses a separate "private" PRNG instance so that a compromise of the "public" PRNG instance will not affect the secrecy of these private values, as described in RAND(7) and RAND_DRBG(7).

+ +

NOTES

+ +

By default, the OpenSSL CSPRNG supports a security level of 256 bits, provided it was able to seed itself from a trusted entropy source. On all major platforms supported by OpenSSL (including the Unix-like platforms and Windows), OpenSSL is configured to automatically seed the CSPRNG on first use using the operating systems's random generator.

+ +

If the entropy source fails or is not available, the CSPRNG will enter an error state and refuse to generate random bytes. For that reason, it is important to always check the error return value of RAND_bytes() and RAND_priv_bytes() and not take randomness for granted.

+ +

On other platforms, there might not be a trusted entropy source available or OpenSSL might have been explicitly configured to use different entropy sources. If you are in doubt about the quality of the entropy source, don't hesitate to ask your operating system vendor or post a question on GitHub or the openssl-users mailing list.

+ +

RETURN VALUES

+ +

RAND_bytes() and RAND_priv_bytes() return 1 on success, -1 if not supported by the current RAND method, or 0 on other failure. The error code can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

RAND_add(3), RAND_bytes(3), RAND_priv_bytes(3), ERR_get_error(3), RAND(7), RAND_DRBG(7)

+ +

HISTORY

+ +
    + +
  • RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead.

    + +
  • +
  • The RAND_priv_bytes() function was added in OpenSSL 1.1.1.

    + +
  • +
+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_cleanup.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_cleanup.html new file mode 100644 index 00000000..8528cd60 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_cleanup.html @@ -0,0 +1,63 @@ + + + + +RAND_cleanup + + + + + + + + + + +

NAME

+ +

RAND_cleanup - erase the PRNG state

+ +

SYNOPSIS

+ +
#include <openssl/rand.h>
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void RAND_cleanup(void)
+#endif
+ +

DESCRIPTION

+ +

Prior to OpenSSL 1.1.0, RAND_cleanup() released all resources used by the PRNG. As of version 1.1.0, it does nothing and should not be called, since no explicit initialisation or de-initialisation is necessary. See OPENSSL_init_crypto(3).

+ +

RETURN VALUES

+ +

RAND_cleanup() returns no value.

+ +

SEE ALSO

+ +

RAND(7)

+ +

HISTORY

+ +

RAND_cleanup() was deprecated in OpenSSL 1.1.0; do not use it. See OPENSSL_init_crypto(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_egd.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_egd.html new file mode 100644 index 00000000..8a3ef6d3 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_egd.html @@ -0,0 +1,67 @@ + + + + +RAND_egd + + + + + + + + + + +

NAME

+ +

RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes - query entropy gathering daemon

+ +

SYNOPSIS

+ +
#include <openssl/rand.h>
+
+int RAND_egd_bytes(const char *path, int num);
+int RAND_egd(const char *path);
+
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int num);
+ +

DESCRIPTION

+ +

On older platforms without a good source of randomness such as /dev/urandom, it is possible to query an Entropy Gathering Daemon (EGD) over a local socket to obtain randomness and seed the OpenSSL RNG. The protocol used is defined by the EGDs available at http://egd.sourceforge.net/ or http://prngd.sourceforge.net.

+ +

RAND_egd_bytes() requests num bytes of randomness from an EGD at the specified socket path, and passes the data it receives into RAND_add(). RAND_egd() is equivalent to RAND_egd_bytes() with num set to 255.

+ +

RAND_query_egd_bytes() requests num bytes of randomness from an EGD at the specified socket path, where num must be less than 256. If buf is NULL, it is equivalent to RAND_egd_bytes(). If buf is not NULL, then the data is copied to the buffer and RAND_add() is not called.

+ +

OpenSSL can be configured at build time to try to use the EGD for seeding automatically.

+ +

RETURN VALUES

+ +

RAND_egd() and RAND_egd_bytes() return the number of bytes read from the daemon on success, or -1 if the connection failed or the daemon did not return enough data to fully seed the PRNG.

+ +

RAND_query_egd_bytes() returns the number of bytes read from the daemon on success, or -1 if the connection failed.

+ +

SEE ALSO

+ +

RAND_add(3), RAND_bytes(3), RAND(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_load_file.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_load_file.html new file mode 100644 index 00000000..8e48e5ff --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_load_file.html @@ -0,0 +1,94 @@ + + + + +RAND_load_file + + + + + + + + + + +

NAME

+ +

RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file

+ +

SYNOPSIS

+ +
#include <openssl/rand.h>
+
+int RAND_load_file(const char *filename, long max_bytes);
+
+int RAND_write_file(const char *filename);
+
+const char *RAND_file_name(char *buf, size_t num);
+ +

DESCRIPTION

+ +

RAND_load_file() reads a number of bytes from file filename and adds them to the PRNG. If max_bytes is non-negative, up to max_bytes are read; if max_bytes is -1, the complete file is read. Do not load the same file multiple times unless its contents have been updated by RAND_write_file() between reads. Also, note that filename should be adequately protected so that an attacker cannot replace or examine the contents. If filename is not a regular file, then user is considered to be responsible for any side effects, e.g. non-anticipated blocking or capture of controlling terminal.

+ +

RAND_write_file() writes a number of random bytes (currently 128) to file filename which can be used to initialize the PRNG by calling RAND_load_file() in a later session.

+ +

RAND_file_name() generates a default path for the random seed file. buf points to a buffer of size num in which to store the filename.

+ +

On all systems, if the environment variable RANDFILE is set, its value will be used as the seed file name. Otherwise, the file is called .rnd, found in platform dependent locations:

+ +
+ +
On Windows (in order of preference)
+
+ +
%HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\
+ +
+
On VMS
+
+ +
SYS$LOGIN:
+ +
+
On all other systems
+
+ +
$HOME
+ +
+
+ +

If $HOME (on non-Windows and non-VMS system) is not set either, or num is too small for the path name, an error occurs.

+ +

RETURN VALUES

+ +

RAND_load_file() returns the number of bytes read or -1 on error.

+ +

RAND_write_file() returns the number of bytes written, or -1 if the bytes written were generated without appropriate seeding.

+ +

RAND_file_name() returns a pointer to buf on success, and NULL on error.

+ +

SEE ALSO

+ +

RAND_add(3), RAND_bytes(3), RAND(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_set_rand_method.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_set_rand_method.html new file mode 100644 index 00000000..c1a4a7a1 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RAND_set_rand_method.html @@ -0,0 +1,82 @@ + + + + +RAND_set_rand_method + + + + + + + + + + +

NAME

+ +

RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL - select RAND method

+ +

SYNOPSIS

+ +
#include <openssl/rand.h>
+
+RAND_METHOD *RAND_OpenSSL(void);
+
+int RAND_set_rand_method(const RAND_METHOD *meth);
+
+const RAND_METHOD *RAND_get_rand_method(void);
+ +

DESCRIPTION

+ +

A RAND_METHOD specifies the functions that OpenSSL uses for random number generation.

+ +

RAND_OpenSSL() returns the default RAND_METHOD implementation by OpenSSL. This implementation ensures that the PRNG state is unique for each thread.

+ +

If an ENGINE is loaded that provides the RAND API, however, it will be used instead of the method returned by RAND_OpenSSL().

+ +

RAND_set_rand_method() makes meth the method for PRNG use. If an ENGINE was providing the method, it will be released first.

+ +

RAND_get_rand_method() returns a pointer to the current RAND_METHOD.

+ +

THE RAND_METHOD STRUCTURE

+ +
typedef struct rand_meth_st {
+    int (*seed)(const void *buf, int num);
+    int (*bytes)(unsigned char *buf, int num);
+    void (*cleanup)(void);
+    int (*add)(const void *buf, int num, double entropy);
+    int (*pseudorand)(unsigned char *buf, int num);
+    int (*status)(void);
+} RAND_METHOD;
+ +

The fields point to functions that are used by, in order, RAND_seed(), RAND_bytes(), internal RAND cleanup, RAND_add(), RAND_pseudo_rand() and RAND_status(). Each pointer may be NULL if the function is not implemented.

+ +

RETURN VALUES

+ +

RAND_set_rand_method() returns 1 on success and 0 on failure. RAND_get_rand_method() and RAND_OpenSSL() return pointers to the respective methods.

+ +

SEE ALSO

+ +

RAND_bytes(3), ENGINE_by_id(3), RAND(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RC4_set_key.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RC4_set_key.html new file mode 100644 index 00000000..1cd3445a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RC4_set_key.html @@ -0,0 +1,76 @@ + + + + +RC4_set_key + + + + + + + + + + +

NAME

+ +

RC4_set_key, RC4 - RC4 encryption

+ +

SYNOPSIS

+ +
#include <openssl/rc4.h>
+
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+
+void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+         unsigned char *outdata);
+ +

DESCRIPTION

+ +

This library implements the Alleged RC4 cipher, which is described for example in Applied Cryptography. It is believed to be compatible with RC4[TM], a proprietary cipher of RSA Security Inc.

+ +

RC4 is a stream cipher with variable key length. Typically, 128 bit (16 byte) keys are used for strong encryption, but shorter insecure key sizes have been widely used due to export restrictions.

+ +

RC4 consists of a key setup phase and the actual encryption or decryption phase.

+ +

RC4_set_key() sets up the RC4_KEY key using the len bytes long key at data.

+ +

RC4() encrypts or decrypts the len bytes of data at indata using key and places the result at outdata. Repeated RC4() calls with the same key yield a continuous key stream.

+ +

Since RC4 is a stream cipher (the input is XORed with a pseudo-random key stream to produce the output), decryption uses the same function calls as encryption.

+ +

RETURN VALUES

+ +

RC4_set_key() and RC4() do not return values.

+ +

NOTE

+ +

Applications should use the higher level functions EVP_EncryptInit(3) etc. instead of calling these functions directly.

+ +

It is difficult to securely use stream ciphers. For example, do not perform multiple encryptions using the same key stream.

+ +

SEE ALSO

+ +

EVP_EncryptInit(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RIPEMD160_Init.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RIPEMD160_Init.html new file mode 100644 index 00000000..4b500ea6 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RIPEMD160_Init.html @@ -0,0 +1,83 @@ + + + + +RIPEMD160_Init + + + + + + + + + + +

NAME

+ +

RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final - RIPEMD-160 hash function

+ +

SYNOPSIS

+ +
#include <openssl/ripemd.h>
+
+unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+                         unsigned char *md);
+
+int RIPEMD160_Init(RIPEMD160_CTX *c);
+int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len);
+int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+ +

DESCRIPTION

+ +

RIPEMD-160 is a cryptographic hash function with a 160 bit output.

+ +

RIPEMD160() computes the RIPEMD-160 message digest of the n bytes at d and places it in md (which must have space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output). If md is NULL, the digest is placed in a static array.

+ +

The following functions may be used if the message is not completely stored in memory:

+ +

RIPEMD160_Init() initializes a RIPEMD160_CTX structure.

+ +

RIPEMD160_Update() can be called repeatedly with chunks of the message to be hashed (len bytes at data).

+ +

RIPEMD160_Final() places the message digest in md, which must have space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output, and erases the RIPEMD160_CTX.

+ +

RETURN VALUES

+ +

RIPEMD160() returns a pointer to the hash value.

+ +

RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() return 1 for success, 0 otherwise.

+ +

NOTE

+ +

Applications should use the higher level functions EVP_DigestInit(3) etc. instead of calling these functions directly.

+ +

CONFORMING TO

+ +

ISO/IEC 10118-3:2016 Dedicated Hash-Function 1 (RIPEMD-160).

+ +

SEE ALSO

+ +

EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_blinding_on.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_blinding_on.html new file mode 100644 index 00000000..31616b51 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_blinding_on.html @@ -0,0 +1,59 @@ + + + + +RSA_blinding_on + + + + + + + + + + +

NAME

+ +

RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+
+void RSA_blinding_off(RSA *rsa);
+ +

DESCRIPTION

+ +

RSA is vulnerable to timing attacks. In a setup where attackers can measure the time of RSA decryption or signature operations, blinding must be used to protect the RSA operation from that attack.

+ +

RSA_blinding_on() turns blinding on for key rsa and generates a random blinding factor. ctx is NULL or a pre-allocated and initialized BN_CTX.

+ +

RSA_blinding_off() turns blinding off and frees the memory used for the blinding factor.

+ +

RETURN VALUES

+ +

RSA_blinding_on() returns 1 on success, and 0 if an error occurred.

+ +

RSA_blinding_off() returns no value.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_check_key.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_check_key.html new file mode 100644 index 00000000..44b10932 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_check_key.html @@ -0,0 +1,81 @@ + + + + +RSA_check_key + + + + + + + + + + +

NAME

+ +

RSA_check_key_ex, RSA_check_key - validate private RSA keys

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb);
+
+int RSA_check_key(RSA *rsa);
+ +

DESCRIPTION

+ +

RSA_check_key_ex() function validates RSA keys. It checks that p and q are in fact prime, and that n = p*q.

+ +

It does not work on RSA public keys that have only the modulus and public exponent elements populated. It also checks that d*e = 1 mod (p-1*q-1), and that dmp1, dmq1 and iqmp are set correctly or are NULL. It performs integrity checks on all the RSA key material, so the RSA key structure must contain all the private key data too. Therefore, it cannot be used with any arbitrary RSA key object, even if it is otherwise fit for regular RSA operation.

+ +

The cb parameter is a callback that will be invoked in the same manner as BN_is_prime_ex(3).

+ +

RSA_check_key() is equivalent to RSA_check_key_ex() with a NULL cb.

+ +

RETURN VALUES

+ +

RSA_check_key_ex() and RSA_check_key() return 1 if rsa is a valid RSA key, and 0 otherwise. They return -1 if an error occurs while checking the key.

+ +

If the key is invalid or an error occurred, the reason code can be obtained using ERR_get_error(3).

+ +

NOTES

+ +

Unlike most other RSA functions, this function does not work transparently with any underlying ENGINE implementation because it uses the key data in the RSA structure directly. An ENGINE implementation can override the way key data is stored and handled, and can even provide support for HSM keys - in which case the RSA structure may contain no key data at all! If the ENGINE in question is only being used for acceleration or analysis purposes, then in all likelihood the RSA key data is complete and untouched, but this can't be assumed in the general case.

+ +

BUGS

+ +

A method of verifying the RSA key using opaque RSA API functions might need to be considered. Right now RSA_check_key() simply uses the RSA structure elements directly, bypassing the RSA_METHOD table altogether (and completely violating encapsulation and object-orientation in the process). The best fix will probably be to introduce a "check_key()" handler to the RSA_METHOD function table so that alternative implementations can also provide their own verifiers.

+ +

SEE ALSO

+ +

BN_is_prime_ex(3), ERR_get_error(3)

+ +

HISTORY

+ +

RSA_check_key_ex() appeared after OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_generate_key.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_generate_key.html new file mode 100644 index 00000000..86542050 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_generate_key.html @@ -0,0 +1,105 @@ + + + + +RSA_generate_key + + + + + + + + + + +

NAME

+ +

RSA_generate_key_ex, RSA_generate_key, RSA_generate_multi_prime_key - generate RSA key pair

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x00908000L
+RSA *RSA_generate_key(int bits, unsigned long e,
+                      void (*callback)(int, int, void *), void *cb_arg);
+#endif
+ +

DESCRIPTION

+ +

RSA_generate_key_ex() generates a 2-prime RSA key pair and stores it in the RSA structure provided in rsa. The pseudo-random number generator must be seeded prior to calling RSA_generate_key_ex().

+ +

RSA_generate_multi_prime_key() generates a multi-prime RSA key pair and stores it in the RSA structure provided in rsa. The number of primes is given by the primes parameter. The random number generator must be seeded when calling RSA_generate_multi_prime_key(). If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

The modulus size will be of length bits, the number of primes to form the modulus will be primes, and the public exponent will be e. Key sizes with num < 1024 should be considered insecure. The exponent is an odd number, typically 3, 17 or 65537.

+ +

In order to maintain adequate security level, the maximum number of permitted primes depends on modulus bit length:

+ +
<1024 | >=1024 | >=4096 | >=8192
+------+--------+--------+-------
+  2   |   3    |   4    |   5
+ +

A callback function may be used to provide feedback about the progress of the key generation. If cb is not NULL, it will be called as follows using the BN_GENCB_call() function described on the BN_generate_prime(3) page.

+ +

RSA_generate_key() is similar to RSA_generate_key_ex() but expects an old-style callback function; see BN_generate_prime(3) for information on the old-style callback.

+ +
    + +
  • While a random prime number is generated, it is called as described in BN_generate_prime(3).

    + +
  • +
  • When the n-th randomly generated prime is rejected as not suitable for the key, BN_GENCB_call(cb, 2, n) is called.

    + +
  • +
  • When a random p has been found with p-1 relatively prime to e, it is called as BN_GENCB_call(cb, 3, 0).

    + +
  • +
+ +

The process is then repeated for prime q and other primes (if any) with BN_GENCB_call(cb, 3, i) where i indicates the i-th prime.

+ +

RETURN VALUES

+ +

RSA_generate_multi_prime_key() returns 1 on success or 0 on error. RSA_generate_key_ex() returns 1 on success or 0 on error. The error codes can be obtained by ERR_get_error(3).

+ +

RSA_generate_key() returns a pointer to the RSA structure or NULL if the key generation fails.

+ +

BUGS

+ +

BN_GENCB_call(cb, 2, x) is used with two different meanings.

+ +

SEE ALSO

+ +

ERR_get_error(3), RAND_bytes(3), BN_generate_prime(3), RAND(7)

+ +

HISTORY

+ +

RSA_generate_key() was deprecated in OpenSSL 0.9.8; use RSA_generate_key_ex() instead.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_get0_key.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_get0_key.html new file mode 100644 index 00000000..a019eb14 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_get0_key.html @@ -0,0 +1,136 @@ + + + + +RSA_get0_key + + + + + + + + + + +

NAME

+ +

RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_get0_pss_params, RSA_clear_flags, RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, RSA_set0_multi_prime_params, RSA_get_version - Routines for getting and setting data in an RSA object

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+void RSA_get0_key(const RSA *r,
+                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
+void RSA_get0_crt_params(const RSA *r,
+                         const BIGNUM **dmp1, const BIGNUM **dmq1,
+                         const BIGNUM **iqmp);
+const BIGNUM *RSA_get0_n(const RSA *d);
+const BIGNUM *RSA_get0_e(const RSA *d);
+const BIGNUM *RSA_get0_d(const RSA *d);
+const BIGNUM *RSA_get0_p(const RSA *d);
+const BIGNUM *RSA_get0_q(const RSA *d);
+const BIGNUM *RSA_get0_dmp1(const RSA *r);
+const BIGNUM *RSA_get0_dmq1(const RSA *r);
+const BIGNUM *RSA_get0_iqmp(const RSA *r);
+const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r);
+void RSA_clear_flags(RSA *r, int flags);
+int RSA_test_flags(const RSA *r, int flags);
+void RSA_set_flags(RSA *r, int flags);
+ENGINE *RSA_get0_engine(RSA *r);
+int RSA_get_multi_prime_extra_count(const RSA *r);
+int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]);
+int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
+                                    const BIGNUM *coeffs[]);
+int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
+                               BIGNUM *coeffs[], int pnum);
+int RSA_get_version(RSA *r);
+ +

DESCRIPTION

+ +

An RSA object contains the components for the public and private key, n, e, d, p, q, dmp1, dmq1 and iqmp. n is the modulus common to both public and private key, e is the public exponent and d is the private exponent. p, q, dmp1, dmq1 and iqmp are the factors for the second representation of a private key (see PKCS#1 section 3 Key Types), where p and q are the first and second factor of n and dmp1, dmq1 and iqmp are the exponents and coefficient for CRT calculations.

+ +

For multi-prime RSA (defined in RFC 8017), there are also one or more 'triplet' in an RSA object. A triplet contains three members, r, d and t. r is the additional prime besides p and q. d and t are the exponent and coefficient for CRT calculations.

+ +

The n, e and d parameters can be obtained by calling RSA_get0_key(). If they have not been set yet, then *n, *e and *d will be set to NULL. Otherwise, they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed by the caller.

+ +

The n, e and d parameter values can be set by calling RSA_set0_key() and passing the new values for n, e and d as parameters to the function. The values n and e must be non-NULL the first time this function is called on a given RSA object. The value d may be NULL. On subsequent calls any of these values may be NULL which means the corresponding RSA field is left untouched. Calling this function transfers the memory management of the values to the RSA object, and therefore the values that have been passed in should not be freed by the caller after this function has been called.

+ +

In a similar fashion, the p and q parameters can be obtained and set with RSA_get0_factors() and RSA_set0_factors(), and the dmp1, dmq1 and iqmp parameters can be obtained and set with RSA_get0_crt_params() and RSA_set0_crt_params().

+ +

For RSA_get0_key(), RSA_get0_factors(), and RSA_get0_crt_params(), NULL value BIGNUM ** output parameters are permitted. The functions ignore NULL parameters but return values for other, non-NULL, parameters.

+ +

For multi-prime RSA, RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_params() can be used to obtain other primes and related CRT parameters. The return values are stored in an array of BIGNUM *. RSA_set0_multi_prime_params() sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient) into an RSA object.

+ +

Any of the values n, e, d, p, q, dmp1, dmq1, and iqmp can also be retrieved separately by the corresponding function RSA_get0_n(), RSA_get0_e(), RSA_get0_d(), RSA_get0_p(), RSA_get0_q(), RSA_get0_dmp1(), RSA_get0_dmq1(), and RSA_get0_iqmp(), respectively.

+ +

RSA_get0_pss_params() is used to retrieve the RSA-PSS parameters.

+ +

RSA_set_flags() sets the flags in the flags parameter on the RSA object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. RSA_test_flags() tests to see whether the flags passed in the flags parameter are currently set in the RSA object. Multiple flags can be tested in one go. All flags that are currently set are returned, or zero if none of the flags are set. RSA_clear_flags() clears the specified flags within the RSA object.

+ +

RSA_get0_engine() returns a handle to the ENGINE that has been set for this RSA object, or NULL if no such ENGINE has been set.

+ +

RSA_get_version() returns the version of an RSA object r.

+ +

NOTES

+ +

Values retrieved with RSA_get0_key() are owned by the RSA object used in the call and may therefore not be passed to RSA_set0_key(). If needed, duplicate the received value using BN_dup() and pass the duplicate. The same applies to RSA_get0_factors() and RSA_set0_factors() as well as RSA_get0_crt_params() and RSA_set0_crt_params().

+ +

The caller should obtain the size by calling RSA_get_multi_prime_extra_count() in advance and allocate sufficient buffer to store the return values before calling RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_params().

+ +

RSA_set0_multi_prime_params() always clears the original multi-prime triplets in RSA object r and assign the new set of triplets into it.

+ +

RETURN VALUES

+ +

RSA_set0_key(), RSA_set0_factors(), RSA_set0_crt_params() and RSA_set0_multi_prime_params() return 1 on success or 0 on failure.

+ +

RSA_get0_n(), RSA_get0_e(), RSA_get0_d(), RSA_get0_p(), RSA_get0_q(), RSA_get0_dmp1(), RSA_get0_dmq1(), and RSA_get0_iqmp() return the respective value.

+ +

RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_crt_params() return 1 on success or 0 on failure.

+ +

RSA_get_multi_prime_extra_count() returns two less than the number of primes in use, which is 0 for traditional RSA and the number of extra primes for multi-prime RSA.

+ +

RSA_get_version() returns RSA_ASN1_VERSION_MULTI for multi-prime RSA and RSA_ASN1_VERSION_DEFAULT for normal two-prime RSA, as defined in RFC 8017.

+ +

RSA_test_flags() returns the current state of the flags in the RSA object.

+ +

RSA_get0_engine() returns the ENGINE set for the RSA object or NULL if no ENGINE has been set.

+ +

SEE ALSO

+ +

RSA_new(3), RSA_size(3)

+ +

HISTORY

+ +

The RSA_get0_pss_params() function was added in OpenSSL 1.1.1e.

+ +

The RSA_get_multi_prime_extra_count(), RSA_get0_multi_prime_factors(), RSA_get0_multi_prime_crt_params(), RSA_set0_multi_prime_params(), and RSA_get_version() functions were added in OpenSSL 1.1.1.

+ +

Other functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_meth_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_meth_new.html new file mode 100644 index 00000000..4c144099 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_meth_new.html @@ -0,0 +1,202 @@ + + + + +RSA_meth_new + + + + + + + + + + +

NAME

+ +

RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, RSA_meth_get_pub_enc, RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen - Routines to build up RSA methods

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+RSA_METHOD *RSA_meth_new(const char *name, int flags);
+void RSA_meth_free(RSA_METHOD *meth);
+
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
+
+const char *RSA_meth_get0_name(const RSA_METHOD *meth);
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
+
+int RSA_meth_get_flags(const RSA_METHOD *meth);
+int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
+
+void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
+int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
+
+int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from,
+                                                    unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
+                         int (*pub_enc)(int flen, const unsigned char *from,
+                                        unsigned char *to, RSA *rsa,
+                                        int padding));
+
+int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
+                         int (*pub_dec)(int flen, const unsigned char *from,
+                                        unsigned char *to, RSA *rsa,
+                                        int padding));
+
+int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from,
+                                                     unsigned char *to, RSA *rsa,
+                                                     int padding);
+int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
+                          int (*priv_enc)(int flen, const unsigned char *from,
+                                          unsigned char *to, RSA *rsa, int padding));
+
+int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from,
+                                                     unsigned char *to, RSA *rsa,
+                                                     int padding);
+int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
+                          int (*priv_dec)(int flen, const unsigned char *from,
+                                          unsigned char *to, RSA *rsa, int padding));
+
+/* Can be null */
+int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i,
+                                                    RSA *rsa, BN_CTX *ctx);
+int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
+                         int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+                                        BN_CTX *ctx));
+
+/* Can be null */
+int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, const BIGNUM *a,
+                                                       const BIGNUM *p, const BIGNUM *m,
+                                                       BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
+                            int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a,
+                                              const BIGNUM *p, const BIGNUM *m,
+                                              BN_CTX *ctx, BN_MONT_CTX *m_ctx));
+
+/* called at new */
+int (*RSA_meth_get_init(const RSA_METHOD *meth) (RSA *rsa);
+int RSA_meth_set_init(RSA_METHOD *rsa, int (*init (RSA *rsa));
+
+/* called at free */
+int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
+int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish)(RSA *rsa));
+
+int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, const unsigned char *m,
+                                                 unsigned int m_length,
+                                                 unsigned char *sigret,
+                                                 unsigned int *siglen, const RSA *rsa);
+int RSA_meth_set_sign(RSA_METHOD *rsa,
+                      int (*sign)(int type, const unsigned char *m,
+                                  unsigned int m_length, unsigned char *sigret,
+                                  unsigned int *siglen, const RSA *rsa));
+
+int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, const unsigned char *m,
+                                                   unsigned int m_length,
+                                                   const unsigned char *sigbuf,
+                                                   unsigned int siglen, const RSA *rsa);
+int RSA_meth_set_verify(RSA_METHOD *rsa,
+                        int (*verify)(int dtype, const unsigned char *m,
+                                      unsigned int m_length,
+                                      const unsigned char *sigbuf,
+                                      unsigned int siglen, const RSA *rsa));
+
+int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e,
+                                                   BN_GENCB *cb);
+int RSA_meth_set_keygen(RSA_METHOD *rsa,
+                        int (*keygen)(RSA *rsa, int bits, BIGNUM *e,
+                                      BN_GENCB *cb));
+
+int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits,
+                                                               int primes, BIGNUM *e,
+                                                               BN_GENCB *cb);
+
+int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
+                                    int (*keygen) (RSA *rsa, int bits,
+                                                   int primes, BIGNUM *e,
+                                                   BN_GENCB *cb));
+ +

DESCRIPTION

+ +

The RSA_METHOD type is a structure used for the provision of custom RSA implementations. It provides a set of functions used by OpenSSL for the implementation of the various RSA capabilities. See the rsa page for more information.

+ +

RSA_meth_new() creates a new RSA_METHOD structure. It should be given a unique name and a set of flags. The name should be a NULL terminated string, which will be duplicated and stored in the RSA_METHOD object. It is the callers responsibility to free the original string. The flags will be used during the construction of a new RSA object based on this RSA_METHOD. Any new RSA object will have those flags set by default.

+ +

RSA_meth_dup() creates a duplicate copy of the RSA_METHOD object passed as a parameter. This might be useful for creating a new RSA_METHOD based on an existing one, but with some differences.

+ +

RSA_meth_free() destroys an RSA_METHOD structure and frees up any memory associated with it.

+ +

RSA_meth_get0_name() will return a pointer to the name of this RSA_METHOD. This is a pointer to the internal name string and so should not be freed by the caller. RSA_meth_set1_name() sets the name of the RSA_METHOD to name. The string is duplicated and the copy is stored in the RSA_METHOD structure, so the caller remains responsible for freeing the memory associated with the name.

+ +

RSA_meth_get_flags() returns the current value of the flags associated with this RSA_METHOD. RSA_meth_set_flags() provides the ability to set these flags.

+ +

The functions RSA_meth_get0_app_data() and RSA_meth_set0_app_data() provide the ability to associate implementation specific data with the RSA_METHOD. It is the application's responsibility to free this data before the RSA_METHOD is freed via a call to RSA_meth_free().

+ +

RSA_meth_get_sign() and RSA_meth_set_sign() get and set the function used for creating an RSA signature respectively. This function will be called in response to the application calling RSA_sign(). The parameters for the function have the same meaning as for RSA_sign().

+ +

RSA_meth_get_verify() and RSA_meth_set_verify() get and set the function used for verifying an RSA signature respectively. This function will be called in response to the application calling RSA_verify(). The parameters for the function have the same meaning as for RSA_verify().

+ +

RSA_meth_get_mod_exp() and RSA_meth_set_mod_exp() get and set the function used for CRT computations.

+ +

RSA_meth_get_bn_mod_exp() and RSA_meth_set_bn_mod_exp() get and set the function used for CRT computations, specifically the following value:

+ +
r = a ^ p mod m
+ +

Both the mod_exp() and bn_mod_exp() functions are called by the default OpenSSL method during encryption, decryption, signing and verification.

+ +

RSA_meth_get_init() and RSA_meth_set_init() get and set the function used for creating a new RSA instance respectively. This function will be called in response to the application calling RSA_new() (if the current default RSA_METHOD is this one) or RSA_new_method(). The RSA_new() and RSA_new_method() functions will allocate the memory for the new RSA object, and a pointer to this newly allocated structure will be passed as a parameter to the function. This function may be NULL.

+ +

RSA_meth_get_finish() and RSA_meth_set_finish() get and set the function used for destroying an instance of an RSA object respectively. This function will be called in response to the application calling RSA_free(). A pointer to the RSA to be destroyed is passed as a parameter. The destroy function should be used for RSA implementation specific clean up. The memory for the RSA itself should not be freed by this function. This function may be NULL.

+ +

RSA_meth_get_keygen() and RSA_meth_set_keygen() get and set the function used for generating a new RSA key pair respectively. This function will be called in response to the application calling RSA_generate_key_ex(). The parameter for the function has the same meaning as for RSA_generate_key_ex().

+ +

RSA_meth_get_multi_prime_keygen() and RSA_meth_set_multi_prime_keygen() get and set the function used for generating a new multi-prime RSA key pair respectively. This function will be called in response to the application calling RSA_generate_multi_prime_key(). The parameter for the function has the same meaning as for RSA_generate_multi_prime_key().

+ +

RSA_meth_get_pub_enc(), RSA_meth_set_pub_enc(), RSA_meth_get_pub_dec(), RSA_meth_set_pub_dec(), RSA_meth_get_priv_enc(), RSA_meth_set_priv_enc(), RSA_meth_get_priv_dec(), RSA_meth_set_priv_dec() get and set the functions used for public and private key encryption and decryption. These functions will be called in response to the application calling RSA_public_encrypt(), RSA_private_decrypt(), RSA_private_encrypt() and RSA_public_decrypt() and take the same parameters as those.

+ +

RETURN VALUES

+ +

RSA_meth_new() and RSA_meth_dup() return the newly allocated RSA_METHOD object or NULL on failure.

+ +

RSA_meth_get0_name() and RSA_meth_get_flags() return the name and flags associated with the RSA_METHOD respectively.

+ +

All other RSA_meth_get_*() functions return the appropriate function pointer that has been set in the RSA_METHOD, or NULL if no such pointer has yet been set.

+ +

RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on success or 0 on failure.

+ +

SEE ALSO

+ +

RSA_new(3), RSA_generate_key_ex(3), RSA_sign(3), RSA_set_method(3), RSA_size(3), RSA_get0_key(3), RSA_generate_multi_prime_key(3)

+ +

HISTORY

+ +

RSA_meth_get_multi_prime_keygen() and RSA_meth_set_multi_prime_keygen() were added in OpenSSL 1.1.1.

+ +

Other functions described here were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_new.html new file mode 100644 index 00000000..82eefc8a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_new.html @@ -0,0 +1,62 @@ + + + + +RSA_new + + + + + + + + + + +

NAME

+ +

RSA_new, RSA_free - allocate and free RSA objects

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+RSA *RSA_new(void);
+
+void RSA_free(RSA *rsa);
+ +

DESCRIPTION

+ +

RSA_new() allocates and initializes an RSA structure. It is equivalent to calling RSA_new_method(NULL).

+ +

RSA_free() frees the RSA structure and its components. The key is erased before the memory is returned to the system. If rsa is NULL nothing is done.

+ +

RETURN VALUES

+ +

If the allocation fails, RSA_new() returns NULL and sets an error code that can be obtained by ERR_get_error(3). Otherwise it returns a pointer to the newly allocated structure.

+ +

RSA_free() returns no value.

+ +

SEE ALSO

+ +

ERR_get_error(3), RSA_generate_key(3), RSA_new_method(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_padding_add_PKCS1_type_1.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_padding_add_PKCS1_type_1.html new file mode 100644 index 00000000..961981b9 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_padding_add_PKCS1_type_1.html @@ -0,0 +1,149 @@ + + + + +RSA_padding_add_PKCS1_type_1 + + + + + + + + + + +

NAME

+ +

RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption padding

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl);
+
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+                                   const unsigned char *f, int fl, int rsa_len);
+
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl);
+
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+                                   const unsigned char *f, int fl, int rsa_len);
+
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+                               const unsigned char *f, int fl,
+                               const unsigned char *p, int pl);
+
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl, int rsa_len,
+                                 const unsigned char *p, int pl);
+
+int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                    const unsigned char *f, int fl,
+                                    const unsigned char *p, int pl,
+                                    const EVP_MD *md, const EVP_MD *mgf1md);
+
+int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                      const unsigned char *f, int fl, int rsa_len,
+                                      const unsigned char *p, int pl,
+                                      const EVP_MD *md, const EVP_MD *mgf1md);
+
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl);
+
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+                             const unsigned char *f, int fl, int rsa_len);
+
+int RSA_padding_add_none(unsigned char *to, int tlen,
+                         const unsigned char *f, int fl);
+
+int RSA_padding_check_none(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl, int rsa_len);
+ +

DESCRIPTION

+ +

The RSA_padding_xxx_xxx() functions are called from the RSA encrypt, decrypt, sign and verify functions. Normally they should not be called from application programs.

+ +

However, they can also be called directly to implement padding for other asymmetric ciphers. RSA_padding_add_PKCS1_OAEP() and RSA_padding_check_PKCS1_OAEP() may be used in an application combined with RSA_NO_PADDING in order to implement OAEP with an encoding parameter.

+ +

RSA_padding_add_xxx() encodes fl bytes from f so as to fit into tlen bytes and stores the result at to. An error occurs if fl does not meet the size requirements of the encoding method.

+ +

The following encoding methods are implemented:

+ +
+ +
PKCS1_type_1
+
+ +

PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); used for signatures

+ +
+
PKCS1_type_2
+
+ +

PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2)

+ +
+
PKCS1_OAEP
+
+ +

PKCS #1 v2.0 EME-OAEP

+ +
+
SSLv23
+
+ +

PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification

+ +
+
none
+
+ +

simply copy the data

+ +
+
+ +

The random number generator must be seeded prior to calling RSA_padding_add_xxx(). If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

RSA_padding_check_xxx() verifies that the fl bytes at f contain a valid encoding for a rsa_len byte RSA key in the respective encoding method and stores the recovered data of at most tlen bytes (for RSA_NO_PADDING: of size tlen) at to.

+ +

For RSA_padding_xxx_OAEP(), p points to the encoding parameter of length pl. p may be NULL if pl is 0.

+ +

For RSA_padding_xxx_OAEP_mgf1(), md points to the md hash, if md is NULL that means md=sha1, and mgf1md points to the mgf1 hash, if mgf1md is NULL that means mgf1md=md.

+ +

RETURN VALUES

+ +

The RSA_padding_add_xxx() functions return 1 on success, 0 on error. The RSA_padding_check_xxx() functions return the length of the recovered data, -1 on error. Error codes can be obtained by calling ERR_get_error(3).

+ +

WARNINGS

+ +

The result of RSA_padding_check_PKCS1_type_2() is a very sensitive information which can potentially be used to mount a Bleichenbacher padding oracle attack. This is an inherent weakness in the PKCS #1 v1.5 padding design. Prefer PKCS1_OAEP padding. If that is not possible, the result of RSA_padding_check_PKCS1_type_2() should be checked in constant time if it matches the expected length of the plaintext and additionally some application specific consistency checks on the plaintext need to be performed in constant time. If the plaintext is rejected it must be kept secret which of the checks caused the application to reject the message. Do not remove the zero-padding from the decrypted raw RSA data which was computed by RSA_private_decrypt() with RSA_NO_PADDING, as this would create a small timing side channel which could be used to mount a Bleichenbacher attack against any padding mode including PKCS1_OAEP.

+ +

SEE ALSO

+ +

RSA_public_encrypt(3), RSA_private_decrypt(3), RSA_sign(3), RSA_verify(3), RAND(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_print.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_print.html new file mode 100644 index 00000000..26bf0ce6 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_print.html @@ -0,0 +1,71 @@ + + + + +RSA_print + + + + + + + + + + +

NAME

+ +

RSA_print, RSA_print_fp, DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic parameters

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_print(BIO *bp, RSA *x, int offset);
+int RSA_print_fp(FILE *fp, RSA *x, int offset);
+
+#include <openssl/dsa.h>
+
+int DSAparams_print(BIO *bp, DSA *x);
+int DSAparams_print_fp(FILE *fp, DSA *x);
+int DSA_print(BIO *bp, DSA *x, int offset);
+int DSA_print_fp(FILE *fp, DSA *x, int offset);
+
+#include <openssl/dh.h>
+
+int DHparams_print(BIO *bp, DH *x);
+int DHparams_print_fp(FILE *fp, DH *x);
+ +

DESCRIPTION

+ +

A human-readable hexadecimal output of the components of the RSA key, DSA parameters or key or DH parameters is printed to bp or fp.

+ +

The output lines are indented by offset spaces.

+ +

RETURN VALUES

+ +

These functions return 1 on success, 0 on error.

+ +

SEE ALSO

+ +

BN_bn2bin(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_private_encrypt.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_private_encrypt.html new file mode 100644 index 00000000..f8ffeb19 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_private_encrypt.html @@ -0,0 +1,84 @@ + + + + +RSA_private_encrypt + + + + + + + + + + +

NAME

+ +

RSA_private_encrypt, RSA_public_decrypt - low level signature operations

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_private_encrypt(int flen, unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+
+int RSA_public_decrypt(int flen, unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+ +

DESCRIPTION

+ +

These functions handle RSA signatures at a low level.

+ +

RSA_private_encrypt() signs the flen bytes at from (usually a message digest with an algorithm identifier) using the private key rsa and stores the signature in to. to must point to RSA_size(rsa) bytes of memory.

+ +

padding denotes one of the following modes:

+ +
+ +
RSA_PKCS1_PADDING
+
+ +

PKCS #1 v1.5 padding. This function does not handle the algorithmIdentifier specified in PKCS #1. When generating or verifying PKCS #1 signatures, RSA_sign(3) and RSA_verify(3) should be used.

+ +
+
RSA_NO_PADDING
+
+ +

Raw RSA signature. This mode should only be used to implement cryptographically sound padding modes in the application code. Signing user data directly with RSA is insecure.

+ +
+
+ +

RSA_public_decrypt() recovers the message digest from the flen bytes long signature at from using the signer's public key rsa. to must point to a memory section large enough to hold the message digest (which is smaller than RSA_size(rsa) - 11). padding is the padding mode that was used to sign the data.

+ +

RETURN VALUES

+ +

RSA_private_encrypt() returns the size of the signature (i.e., RSA_size(rsa)). RSA_public_decrypt() returns the size of the recovered message digest.

+ +

On error, -1 is returned; the error codes can be obtained by ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), RSA_sign(3), RSA_verify(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_public_encrypt.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_public_encrypt.html new file mode 100644 index 00000000..25524612 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_public_encrypt.html @@ -0,0 +1,106 @@ + + + + +RSA_public_encrypt + + + + + + + + + + +

NAME

+ +

RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_public_encrypt(int flen, const unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+
+int RSA_private_decrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+ +

DESCRIPTION

+ +

RSA_public_encrypt() encrypts the flen bytes at from (usually a session key) using the public key rsa and stores the ciphertext in to. to must point to RSA_size(rsa) bytes of memory.

+ +

padding denotes one of the following modes:

+ +
+ +
RSA_PKCS1_PADDING
+
+ +

PKCS #1 v1.5 padding. This currently is the most widely used mode. However, it is highly recommended to use RSA_PKCS1_OAEP_PADDING in new applications. SEE WARNING BELOW.

+ +
+
RSA_PKCS1_OAEP_PADDING
+
+ +

EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty encoding parameter. This mode is recommended for all new applications.

+ +
+
RSA_SSLV23_PADDING
+
+ +

PKCS #1 v1.5 padding with an SSL-specific modification that denotes that the server is SSL3 capable.

+ +
+
RSA_NO_PADDING
+
+ +

Raw RSA encryption. This mode should only be used to implement cryptographically sound padding modes in the application code. Encrypting user data directly with RSA is insecure.

+ +
+
+ +

flen must not be more than RSA_size(rsa) - 11 for the PKCS #1 v1.5 based padding modes, not more than RSA_size(rsa) - 42 for RSA_PKCS1_OAEP_PADDING and exactly RSA_size(rsa) for RSA_NO_PADDING. When a padding mode other than RSA_NO_PADDING is in use, then RSA_public_encrypt() will include some random bytes into the ciphertext and therefore the ciphertext will be different each time, even if the plaintext and the public key are exactly identical. The returned ciphertext in to will always be zero padded to exactly RSA_size(rsa) bytes. to and from may overlap.

+ +

RSA_private_decrypt() decrypts the flen bytes at from using the private key rsa and stores the plaintext in to. flen should be equal to RSA_size(rsa) but may be smaller, when leading zero bytes are in the ciphertext. Those are not important and may be removed, but RSA_public_encrypt() does not do that. to must point to a memory section large enough to hold the maximal possible decrypted data (which is equal to RSA_size(rsa) for RSA_NO_PADDING, RSA_size(rsa) - 11 for the PKCS #1 v1.5 based padding modes and RSA_size(rsa) - 42 for RSA_PKCS1_OAEP_PADDING). padding is the padding mode that was used to encrypt the data. to and from may overlap.

+ +

RETURN VALUES

+ +

RSA_public_encrypt() returns the size of the encrypted data (i.e., RSA_size(rsa)). RSA_private_decrypt() returns the size of the recovered plaintext. A return value of 0 is not an error and means only that the plaintext was empty.

+ +

On error, -1 is returned; the error codes can be obtained by ERR_get_error(3).

+ +

WARNINGS

+ +

Decryption failures in the RSA_PKCS1_PADDING mode leak information which can potentially be used to mount a Bleichenbacher padding oracle attack. This is an inherent weakness in the PKCS #1 v1.5 padding design. Prefer RSA_PKCS1_OAEP_PADDING.

+ +

CONFORMING TO

+ +

SSL, PKCS #1 v2.0

+ +

SEE ALSO

+ +

ERR_get_error(3), RAND_bytes(3), RSA_size(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_set_method.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_set_method.html new file mode 100644 index 00000000..b45f26bc --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_set_method.html @@ -0,0 +1,161 @@ + + + + +RSA_set_method + + + + + + + + + + +

NAME

+ +

RSA_set_default_method, RSA_get_default_method, RSA_set_method, RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, RSA_new_method - select RSA method

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+void RSA_set_default_method(const RSA_METHOD *meth);
+
+RSA_METHOD *RSA_get_default_method(void);
+
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+
+RSA_METHOD *RSA_get_method(const RSA *rsa);
+
+RSA_METHOD *RSA_PKCS1_OpenSSL(void);
+
+int RSA_flags(const RSA *rsa);
+
+RSA *RSA_new_method(ENGINE *engine);
+ +

DESCRIPTION

+ +

An RSA_METHOD specifies the functions that OpenSSL uses for RSA operations. By modifying the method, alternative implementations such as hardware accelerators may be used. IMPORTANT: See the NOTES section for important information about how these RSA API functions are affected by the use of ENGINE API calls.

+ +

Initially, the default RSA_METHOD is the OpenSSL internal implementation, as returned by RSA_PKCS1_OpenSSL().

+ +

RSA_set_default_method() makes meth the default method for all RSA structures created later. NB: This is true only whilst no ENGINE has been set as a default for RSA, so this function is no longer recommended. This function is not thread-safe and should not be called at the same time as other OpenSSL functions.

+ +

RSA_get_default_method() returns a pointer to the current default RSA_METHOD. However, the meaningfulness of this result is dependent on whether the ENGINE API is being used, so this function is no longer recommended.

+ +

RSA_set_method() selects meth to perform all operations using the key rsa. This will replace the RSA_METHOD used by the RSA key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have RSA keys that only work with certain RSA_METHOD implementations (eg. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the RSA_METHOD for the key can have unexpected results.

+ +

RSA_get_method() returns a pointer to the RSA_METHOD being used by rsa. This method may or may not be supplied by an ENGINE implementation, but if it is, the return value can only be guaranteed to be valid as long as the RSA key itself is valid and does not have its implementation changed by RSA_set_method().

+ +

RSA_flags() returns the flags that are set for rsa's current RSA_METHOD. See the BUGS section.

+ +

RSA_new_method() allocates and initializes an RSA structure so that engine will be used for the RSA operations. If engine is NULL, the default ENGINE for RSA operations is used, and if no default ENGINE is set, the RSA_METHOD controlled by RSA_set_default_method() is used.

+ +

RSA_flags() returns the flags that are set for rsa's current method.

+ +

RSA_new_method() allocates and initializes an RSA structure so that method will be used for the RSA operations. If method is NULL, the default method is used.

+ +

THE RSA_METHOD STRUCTURE

+ +
typedef struct rsa_meth_st
+{
+    /* name of the implementation */
+    const char *name;
+
+    /* encrypt */
+    int (*rsa_pub_enc)(int flen, unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+
+    /* verify arbitrary data */
+    int (*rsa_pub_dec)(int flen, unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+
+    /* sign arbitrary data */
+    int (*rsa_priv_enc)(int flen, unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+
+    /* decrypt */
+    int (*rsa_priv_dec)(int flen, unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+
+    /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some implementations) */
+    int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+
+    /* compute r = a ^ p mod m (May be NULL for some implementations) */
+    int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+    /* called at RSA_new */
+    int (*init)(RSA *rsa);
+
+    /* called at RSA_free */
+    int (*finish)(RSA *rsa);
+
+    /*
+     * RSA_FLAG_EXT_PKEY        - rsa_mod_exp is called for private key
+     *                            operations, even if p,q,dmp1,dmq1,iqmp
+     *                            are NULL
+     * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
+     */
+    int flags;
+
+    char *app_data; /* ?? */
+
+    int (*rsa_sign)(int type,
+                    const unsigned char *m, unsigned int m_length,
+                    unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+    int (*rsa_verify)(int dtype,
+                      const unsigned char *m, unsigned int m_length,
+                      const unsigned char *sigbuf, unsigned int siglen,
+                      const RSA *rsa);
+    /* keygen. If NULL builtin RSA key generation will be used */
+    int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+
+} RSA_METHOD;
+ +

RETURN VALUES

+ +

RSA_PKCS1_OpenSSL(), RSA_PKCS1_null_method(), RSA_get_default_method() and RSA_get_method() return pointers to the respective RSA_METHODs.

+ +

RSA_set_default_method() returns no value.

+ +

RSA_set_method() returns a pointer to the old RSA_METHOD implementation that was replaced. However, this return value should probably be ignored because if it was supplied by an ENGINE, the pointer could be invalidated at any time if the ENGINE is unloaded (in fact it could be unloaded as a result of the RSA_set_method() function releasing its handle to the ENGINE). For this reason, the return type may be replaced with a void declaration in a future release.

+ +

RSA_new_method() returns NULL and sets an error code that can be obtained by ERR_get_error(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure.

+ +

BUGS

+ +

The behaviour of RSA_flags() is a mis-feature that is left as-is for now to avoid creating compatibility problems. RSA functionality, such as the encryption functions, are controlled by the flags value in the RSA key itself, not by the flags value in the RSA_METHOD attached to the RSA key (which is what this function returns). If the flags element of an RSA key is changed, the changes will be honoured by RSA functionality but will not be reflected in the return value of the RSA_flags() function - in effect RSA_flags() behaves more like an RSA_default_flags() function (which does not currently exist).

+ +

SEE ALSO

+ +

RSA_new(3)

+ +

HISTORY

+ +

The RSA_null_method(), which was a partial attempt to avoid patent issues, was replaced to always return NULL in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_sign.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_sign.html new file mode 100644 index 00000000..bc6d974c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_sign.html @@ -0,0 +1,71 @@ + + + + +RSA_sign + + + + + + + + + + +

NAME

+ +

RSA_sign, RSA_verify - RSA signatures

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+             unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+
+int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
+               unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+ +

DESCRIPTION

+ +

RSA_sign() signs the message digest m of size m_len using the private key rsa using RSASSA-PKCS1-v1_5 as specified in RFC 3447. It stores the signature in sigret and the signature size in siglen. sigret must point to RSA_size(rsa) bytes of memory. Note that PKCS #1 adds meta-data, placing limits on the size of the key that can be used. See RSA_private_encrypt(3) for lower-level operations.

+ +

type denotes the message digest algorithm that was used to generate m. If type is NID_md5_sha1, an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding and no algorithm identifier) is created.

+ +

RSA_verify() verifies that the signature sigbuf of size siglen matches a given message digest m of size m_len. type denotes the message digest algorithm that was used to generate the signature. rsa is the signer's public key.

+ +

RETURN VALUES

+ +

RSA_sign() returns 1 on success. RSA_verify() returns 1 on successful verification.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

CONFORMING TO

+ +

SSL, PKCS #1 v2.0

+ +

SEE ALSO

+ +

ERR_get_error(3), RSA_private_encrypt(3), RSA_public_decrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_sign_ASN1_OCTET_STRING.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_sign_ASN1_OCTET_STRING.html new file mode 100644 index 00000000..43e53e8a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_sign_ASN1_OCTET_STRING.html @@ -0,0 +1,75 @@ + + + + +RSA_sign_ASN1_OCTET_STRING + + + + + + + + + + +

NAME

+ +

RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+                               unsigned int m_len, unsigned char *sigret,
+                               unsigned int *siglen, RSA *rsa);
+
+int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+                                 unsigned int m_len, unsigned char *sigbuf,
+                                 unsigned int siglen, RSA *rsa);
+ +

DESCRIPTION

+ +

RSA_sign_ASN1_OCTET_STRING() signs the octet string m of size m_len using the private key rsa represented in DER using PKCS #1 padding. It stores the signature in sigret and the signature size in siglen. sigret must point to RSA_size(rsa) bytes of memory.

+ +

dummy is ignored.

+ +

The random number generator must be seeded when calling RSA_sign_ASN1_OCTET_STRING(). If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see RAND(7)), the operation will fail.

+ +

RSA_verify_ASN1_OCTET_STRING() verifies that the signature sigbuf of size siglen is the DER representation of a given octet string m of size m_len. dummy is ignored. rsa is the signer's public key.

+ +

RETURN VALUES

+ +

RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise. RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0 otherwise.

+ +

The error codes can be obtained by ERR_get_error(3).

+ +

BUGS

+ +

These functions serve no recognizable purpose.

+ +

SEE ALSO

+ +

ERR_get_error(3), RAND_bytes(3), RSA_sign(3), RSA_verify(3), RAND(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_size.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_size.html new file mode 100644 index 00000000..03067d92 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/RSA_size.html @@ -0,0 +1,75 @@ + + + + +RSA_size + + + + + + + + + + +

NAME

+ +

RSA_size, RSA_bits, RSA_security_bits - get RSA modulus size or security bits

+ +

SYNOPSIS

+ +
#include <openssl/rsa.h>
+
+int RSA_size(const RSA *rsa);
+
+int RSA_bits(const RSA *rsa);
+
+int RSA_security_bits(const RSA *rsa)
+ +

DESCRIPTION

+ +

RSA_size() returns the RSA modulus size in bytes. It can be used to determine how much memory must be allocated for an RSA encrypted value.

+ +

RSA_bits() returns the number of significant bits.

+ +

rsa and rsa->n must not be NULL.

+ +

RSA_security_bits() returns the number of security bits of the given rsa key. See BN_security_bits(3).

+ +

RETURN VALUES

+ +

RSA_size() returns the size of modulus in bytes.

+ +

DSA_bits() returns the number of bits in the key.

+ +

RSA_security_bits() returns the number of security bits.

+ +

SEE ALSO

+ +

BN_num_bits(3)

+ +

HISTORY

+ +

The RSA_bits() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SCT_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SCT_new.html new file mode 100644 index 00000000..6be46be9 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SCT_new.html @@ -0,0 +1,199 @@ + + + + +SCT_new + + + + + + + + + + +

NAME

+ +

SCT_new, SCT_new_from_base64, SCT_free, SCT_LIST_free, SCT_get_version, SCT_set_version, SCT_get_log_entry_type, SCT_set_log_entry_type, SCT_get0_log_id, SCT_set0_log_id, SCT_set1_log_id, SCT_get_timestamp, SCT_set_timestamp, SCT_get_signature_nid, SCT_set_signature_nid, SCT_get0_signature, SCT_set0_signature, SCT_set1_signature, SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions, SCT_get_source, SCT_set_source - A Certificate Transparency Signed Certificate Timestamp

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+typedef enum {
+    CT_LOG_ENTRY_TYPE_NOT_SET = -1,
+    CT_LOG_ENTRY_TYPE_X509 = 0,
+    CT_LOG_ENTRY_TYPE_PRECERT = 1
+} ct_log_entry_type_t;
+
+typedef enum {
+    SCT_VERSION_NOT_SET = -1,
+    SCT_VERSION_V1 = 0
+} sct_version_t;
+
+typedef enum {
+    SCT_SOURCE_UNKNOWN,
+    SCT_SOURCE_TLS_EXTENSION,
+    SCT_SOURCE_X509V3_EXTENSION,
+    SCT_SOURCE_OCSP_STAPLED_RESPONSE
+} sct_source_t;
+
+SCT *SCT_new(void);
+SCT *SCT_new_from_base64(unsigned char version,
+                         const char *logid_base64,
+                         ct_log_entry_type_t entry_type,
+                         uint64_t timestamp,
+                         const char *extensions_base64,
+                         const char *signature_base64);
+
+void SCT_free(SCT *sct);
+void SCT_LIST_free(STACK_OF(SCT) *a);
+
+sct_version_t SCT_get_version(const SCT *sct);
+int SCT_set_version(SCT *sct, sct_version_t version);
+
+ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct);
+int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type);
+
+size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id);
+int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len);
+int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len);
+
+uint64_t SCT_get_timestamp(const SCT *sct);
+void SCT_set_timestamp(SCT *sct, uint64_t timestamp);
+
+int SCT_get_signature_nid(const SCT *sct);
+int SCT_set_signature_nid(SCT *sct, int nid);
+
+size_t SCT_get0_signature(const SCT *sct, unsigned char **sig);
+void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len);
+int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len);
+
+size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext);
+void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len);
+int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len);
+
+sct_source_t SCT_get_source(const SCT *sct);
+int SCT_set_source(SCT *sct, sct_source_t source);
+ +

DESCRIPTION

+ +

Signed Certificate Timestamps (SCTs) are defined by RFC 6962, Section 3.2. They constitute a promise by a Certificate Transparency (CT) log to publicly record a certificate. By cryptographically verifying that a log did indeed issue an SCT, some confidence can be gained that the certificate is publicly known.

+ +

An internal representation of an SCT can be created in one of two ways. The first option is to create a blank SCT, using SCT_new(), and then populate it using:

+ +
    + +
  • SCT_set_version() to set the SCT version.

    + +

    Only SCT_VERSION_V1 is currently supported.

    + +
  • +
  • SCT_set_log_entry_type() to set the type of certificate the SCT was issued for:

    + +

    CT_LOG_ENTRY_TYPE_X509 for a normal certificate. CT_LOG_ENTRY_TYPE_PRECERT for a pre-certificate.

    + +
  • +
  • SCT_set0_log_id() or SCT_set1_log_id() to set the LogID of the CT log that the SCT came from.

    + +

    The former takes ownership, whereas the latter makes a copy. See RFC 6962, Section 3.2 for the definition of LogID.

    + +
  • +
  • SCT_set_timestamp() to set the time the SCT was issued (epoch time in milliseconds).

    + +
  • +
  • SCT_set_signature_nid() to set the NID of the signature.

    + +
  • +
  • SCT_set0_signature() or SCT_set1_signature() to set the raw signature value.

    + +

    The former takes ownership, whereas the latter makes a copy.

    + +
  • +
  • SCT_set0_extensions() or SCT_set1_extensions to provide SCT extensions.

    + +

    The former takes ownership, whereas the latter makes a copy.

    + +
  • +
+ +

Alternatively, the SCT can be pre-populated from the following data using SCT_new_from_base64():

+ +
    + +
  • The SCT version (only SCT_VERSION_V1 is currently supported).

    + +
  • +
  • The LogID (see RFC 6962, Section 3.2), base64 encoded.

    + +
  • +
  • The type of certificate the SCT was issued for: CT_LOG_ENTRY_TYPE_X509 for a normal certificate. CT_LOG_ENTRY_TYPE_PRECERT for a pre-certificate.

    + +
  • +
  • The time that the SCT was issued (epoch time in milliseconds).

    + +
  • +
  • The SCT extensions, base64 encoded.

    + +
  • +
  • The SCT signature, base64 encoded.

    + +
  • +
+ +

SCT_set_source() can be used to record where the SCT was found (TLS extension, X.509 certificate extension or OCSP response). This is not required for verifying the SCT.

+ +

NOTES

+ +

Some of the setters return int, instead of void. These will all return 1 on success, 0 on failure. They will not make changes on failure.

+ +

All of the setters will reset the validation status of the SCT to SCT_VALIDATION_STATUS_NOT_SET (see SCT_validate(3)).

+ +

SCT_set_source() will call SCT_set_log_entry_type() if the type of certificate the SCT was issued for can be inferred from where the SCT was found. For example, an SCT found in an X.509 extension must have been issued for a pre- certificate.

+ +

SCT_set_source() will not refuse unknown values.

+ +

RETURN VALUES

+ +

SCT_set_version() returns 1 if the specified version is supported, 0 otherwise.

+ +

SCT_set_log_entry_type() returns 1 if the specified log entry type is supported, 0 otherwise.

+ +

SCT_set0_log_id() and SCT_set1_log_id return 1 if the specified LogID is a valid SHA-256 hash, 0 otherwise. Additionally, SCT_set1_log_id returns 0 if malloc fails.

+ +

SCT_set_signature_nid returns 1 if the specified NID is supported, 0 otherwise.

+ +

SCT_set1_extensions and SCT_set1_signature return 1 if the supplied buffer is copied successfully, 0 otherwise (i.e. if malloc fails).

+ +

SCT_set_source returns 1 on success, 0 otherwise.

+ +

SEE ALSO

+ +

ct(7), SCT_validate(3), OBJ_nid2obj(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SCT_print.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SCT_print.html new file mode 100644 index 00000000..a3723c56 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SCT_print.html @@ -0,0 +1,68 @@ + + + + +SCT_print + + + + + + + + + + +

NAME

+ +

SCT_print, SCT_LIST_print, SCT_validation_status_string - Prints Signed Certificate Timestamps in a human-readable way

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs);
+void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
+                    const char *separator, const CTLOG_STORE *logs);
+const char *SCT_validation_status_string(const SCT *sct);
+ +

DESCRIPTION

+ +

SCT_print() prints a single Signed Certificate Timestamp (SCT) to a bio in a human-readable format. SCT_LIST_print() prints an entire list of SCTs in a similar way. A separator can be specified to delimit each SCT in the output.

+ +

The output can be indented by a specified number of spaces. If a CTLOG_STORE is provided, it will be used to print the description of the CT log that issued each SCT (if that log is in the CTLOG_STORE). Alternatively, NULL can be passed as the CTLOG_STORE parameter to disable this feature.

+ +

SCT_validation_status_string() will return the validation status of an SCT as a human-readable string. Call SCT_validate() or SCT_LIST_validate() beforehand in order to set the validation status of an SCT first.

+ +

RETURN VALUES

+ +

SCT_validation_status_string() returns a null-terminated string representing the validation status of an SCT object.

+ +

SEE ALSO

+ +

ct(7), bio(7), CTLOG_STORE_new(3), SCT_validate(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SCT_validate.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SCT_validate.html new file mode 100644 index 00000000..676a384d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SCT_validate.html @@ -0,0 +1,108 @@ + + + + +SCT_validate + + + + + + + + + + +

NAME

+ +

SCT_validate, SCT_LIST_validate, SCT_get_validation_status - checks Signed Certificate Timestamps (SCTs) are valid

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+typedef enum {
+    SCT_VALIDATION_STATUS_NOT_SET,
+    SCT_VALIDATION_STATUS_UNKNOWN_LOG,
+    SCT_VALIDATION_STATUS_VALID,
+    SCT_VALIDATION_STATUS_INVALID,
+    SCT_VALIDATION_STATUS_UNVERIFIED,
+    SCT_VALIDATION_STATUS_UNKNOWN_VERSION
+} sct_validation_status_t;
+
+int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
+int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx);
+sct_validation_status_t SCT_get_validation_status(const SCT *sct);
+ +

DESCRIPTION

+ +

SCT_validate() will check that an SCT is valid and verify its signature. SCT_LIST_validate() performs the same checks on an entire stack of SCTs. The result of the validation checks can be obtained by passing the SCT to SCT_get_validation_status().

+ +

A CT_POLICY_EVAL_CTX must be provided that specifies:

+ +
    + +
  • The certificate the SCT was issued for.

    + +

    Failure to provide the certificate will result in the validation status being SCT_VALIDATION_STATUS_UNVERIFIED.

    + +
  • +
  • The issuer of that certificate.

    + +

    This is only required if the SCT was issued for a pre-certificate (see RFC 6962). If it is required but not provided, the validation status will be SCT_VALIDATION_STATUS_UNVERIFIED.

    + +
  • +
  • A CTLOG_STORE that contains the CT log that issued this SCT.

    + +

    If the SCT was issued by a log that is not in this CTLOG_STORE, the validation status will be SCT_VALIDATION_STATUS_UNKNOWN_LOG.

    + +
  • +
+ +

If the SCT is of an unsupported version (only v1 is currently supported), the validation status will be SCT_VALIDATION_STATUS_UNKNOWN_VERSION.

+ +

If the SCT's signature is incorrect, its timestamp is in the future (relative to the time in CT_POLICY_EVAL_CTX), or if it is otherwise invalid, the validation status will be SCT_VALIDATION_STATUS_INVALID.

+ +

If all checks pass, the validation status will be SCT_VALIDATION_STATUS_VALID.

+ +

NOTES

+ +

A return value of 0 from SCT_LIST_validate() should not be interpreted as a failure. At a minimum, only one valid SCT may provide sufficient confidence that a certificate has been publicly logged.

+ +

RETURN VALUES

+ +

SCT_validate() returns a negative integer if an internal error occurs, 0 if the SCT fails validation, or 1 if the SCT passes validation.

+ +

SCT_LIST_validate() returns a negative integer if an internal error occurs, 0 if any of SCTs fails validation, or 1 if they all pass validation.

+ +

SCT_get_validation_status() returns the validation status of the SCT. If SCT_validate() or SCT_LIST_validate() have not been passed that SCT, the returned value will be SCT_VALIDATION_STATUS_NOT_SET.

+ +

SEE ALSO

+ +

ct(7)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SHA256_Init.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SHA256_Init.html new file mode 100644 index 00000000..b16a0a5c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SHA256_Init.html @@ -0,0 +1,107 @@ + + + + +SHA256_Init + + + + + + + + + + +

NAME

+ +

SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, SHA512_Final - Secure Hash Algorithm

+ +

SYNOPSIS

+ +
#include <openssl/sha.h>
+
+int SHA1_Init(SHA_CTX *c);
+int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+int SHA1_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA1(const unsigned char *d, size_t n,
+                    unsigned char *md);
+
+int SHA224_Init(SHA256_CTX *c);
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA224(const unsigned char *d, size_t n,
+                      unsigned char *md);
+
+int SHA256_Init(SHA256_CTX *c);
+int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA256(const unsigned char *d, size_t n,
+                      unsigned char *md);
+
+int SHA384_Init(SHA512_CTX *c);
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA384(const unsigned char *d, size_t n,
+                      unsigned char *md);
+
+int SHA512_Init(SHA512_CTX *c);
+int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA512(const unsigned char *d, size_t n,
+                      unsigned char *md);
+ +

DESCRIPTION

+ +

Applications should use the higher level functions EVP_DigestInit(3) etc. instead of calling the hash functions directly.

+ +

SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output.

+ +

SHA1() computes the SHA-1 message digest of the n bytes at d and places it in md (which must have space for SHA_DIGEST_LENGTH == 20 bytes of output). If md is NULL, the digest is placed in a static array. Note: setting md to NULL is not thread safe.

+ +

The following functions may be used if the message is not completely stored in memory:

+ +

SHA1_Init() initializes a SHA_CTX structure.

+ +

SHA1_Update() can be called repeatedly with chunks of the message to be hashed (len bytes at data).

+ +

SHA1_Final() places the message digest in md, which must have space for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the SHA_CTX.

+ +

The SHA224, SHA256, SHA384 and SHA512 families of functions operate in the same way as for the SHA1 functions. Note that SHA224 and SHA256 use a SHA256_CTX object instead of SHA_CTX. SHA384 and SHA512 use SHA512_CTX. The buffer md must have space for the output from the SHA variant being used (defined by SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH and SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if md is NULL.

+ +

The predecessor of SHA-1, SHA, is also implemented, but it should be used only when backward compatibility is required.

+ +

RETURN VALUES

+ +

SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash value.

+ +

SHA1_Init(), SHA1_Update() and SHA1_Final() and equivalent SHA224, SHA256, SHA384 and SHA512 functions return 1 for success, 0 otherwise.

+ +

CONFORMING TO

+ +

US Federal Information Processing Standard FIPS PUB 180-4 (Secure Hash Standard), ANSI X9.30

+ +

SEE ALSO

+ +

EVP_DigestInit(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SMIME_read_CMS.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SMIME_read_CMS.html new file mode 100644 index 00000000..997086c2 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SMIME_read_CMS.html @@ -0,0 +1,85 @@ + + + + +SMIME_read_CMS + + + + + + + + + + +

NAME

+ +

SMIME_read_CMS - parse S/MIME message

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont);
+ +

DESCRIPTION

+ +

SMIME_read_CMS() parses a message in S/MIME format.

+ +

in is a BIO to read the message from.

+ +

If cleartext signing is used then the content is saved in a memory bio which is written to *bcont, otherwise *bcont is set to NULL.

+ +

The parsed CMS_ContentInfo structure is returned or NULL if an error occurred.

+ +

NOTES

+ +

If *bcont is not NULL then the message is clear text signed. *bcont can then be passed to CMS_verify() with the CMS_DETACHED flag set.

+ +

Otherwise the type of the returned structure can be determined using CMS_get0_type().

+ +

To support future functionality if bcont is not NULL *bcont should be initialized to NULL. For example:

+ +
BIO *cont = NULL;
+CMS_ContentInfo *cms;
+
+cms = SMIME_read_CMS(in, &cont);
+ +

BUGS

+ +

The MIME parser used by SMIME_read_CMS() is somewhat primitive. While it will handle most S/MIME messages more complex compound formats may not work.

+ +

The parser assumes that the CMS_ContentInfo structure is always base64 encoded and will not handle the case where it is in binary format or uses quoted printable format.

+ +

The use of a memory BIO to hold the signed content limits the size of message which can be processed due to memory restraints: a streaming single pass option should be available.

+ +

RETURN VALUES

+ +

SMIME_read_CMS() returns a valid CMS_ContentInfo structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_type(3), SMIME_read_CMS(3), CMS_sign(3), CMS_verify(3), CMS_encrypt(3), CMS_decrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SMIME_read_PKCS7.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SMIME_read_PKCS7.html new file mode 100644 index 00000000..fc97995a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SMIME_read_PKCS7.html @@ -0,0 +1,85 @@ + + + + +SMIME_read_PKCS7 + + + + + + + + + + +

NAME

+ +

SMIME_read_PKCS7 - parse S/MIME message

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
+ +

DESCRIPTION

+ +

SMIME_read_PKCS7() parses a message in S/MIME format.

+ +

in is a BIO to read the message from.

+ +

If cleartext signing is used then the content is saved in a memory bio which is written to *bcont, otherwise *bcont is set to NULL.

+ +

The parsed PKCS#7 structure is returned or NULL if an error occurred.

+ +

NOTES

+ +

If *bcont is not NULL then the message is clear text signed. *bcont can then be passed to PKCS7_verify() with the PKCS7_DETACHED flag set.

+ +

Otherwise the type of the returned structure can be determined using PKCS7_type_is_enveloped(), etc.

+ +

To support future functionality if bcont is not NULL *bcont should be initialized to NULL. For example:

+ +
BIO *cont = NULL;
+PKCS7 *p7;
+
+p7 = SMIME_read_PKCS7(in, &cont);
+ +

BUGS

+ +

The MIME parser used by SMIME_read_PKCS7() is somewhat primitive. While it will handle most S/MIME messages more complex compound formats may not work.

+ +

The parser assumes that the PKCS7 structure is always base64 encoded and will not handle the case where it is in binary format or uses quoted printable format.

+ +

The use of a memory BIO to hold the signed content limits the size of message which can be processed due to memory restraints: a streaming single pass option should be available.

+ +

RETURN VALUES

+ +

SMIME_read_PKCS7() returns a valid PKCS7 structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3).

+ +

SEE ALSO

+ +

ERR_get_error(3), SMIME_read_PKCS7(3), PKCS7_sign(3), PKCS7_verify(3), PKCS7_encrypt(3) PKCS7_decrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SMIME_write_CMS.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SMIME_write_CMS.html new file mode 100644 index 00000000..706c840f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SMIME_write_CMS.html @@ -0,0 +1,78 @@ + + + + +SMIME_write_CMS + + + + + + + + + + +

NAME

+ +

SMIME_write_CMS - convert CMS structure to S/MIME format

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+ +

DESCRIPTION

+ +

SMIME_write_CMS() adds the appropriate MIME headers to a CMS structure to produce an S/MIME message.

+ +

out is the BIO to write the data to. cms is the appropriate CMS_ContentInfo structure. If streaming is enabled then the content must be supplied in the data argument. flags is an optional set of flags.

+ +

NOTES

+ +

The following flags can be passed in the flags parameter.

+ +

If CMS_DETACHED is set then cleartext signing will be used, this option only makes sense for SignedData where CMS_DETACHED is also set when CMS_sign() is called.

+ +

If the CMS_TEXT flag is set MIME headers for type text/plain are added to the content, this only makes sense if CMS_DETACHED is also set.

+ +

If the CMS_STREAM flag is set streaming is performed. This flag should only be set if CMS_STREAM was also set in the previous call to a CMS_ContentInfo creation function.

+ +

If cleartext signing is being used and CMS_STREAM not set then the data must be read twice: once to compute the signature in CMS_sign() and once to output the S/MIME message.

+ +

If streaming is performed the content is output in BER format using indefinite length constructed encoding except in the case of signed data with detached content where the content is absent and DER format is used.

+ +

BUGS

+ +

SMIME_write_CMS() always base64 encodes CMS structures, there should be an option to disable this.

+ +

RETURN VALUES

+ +

SMIME_write_CMS() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_verify(3), CMS_encrypt(3) CMS_decrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SMIME_write_PKCS7.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SMIME_write_PKCS7.html new file mode 100644 index 00000000..a0a7999e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SMIME_write_PKCS7.html @@ -0,0 +1,78 @@ + + + + +SMIME_write_PKCS7 + + + + + + + + + + +

NAME

+ +

SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
+ +

DESCRIPTION

+ +

SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7 structure to produce an S/MIME message.

+ +

out is the BIO to write the data to. p7 is the appropriate PKCS7 structure. If streaming is enabled then the content must be supplied in the data argument. flags is an optional set of flags.

+ +

NOTES

+ +

The following flags can be passed in the flags parameter.

+ +

If PKCS7_DETACHED is set then cleartext signing will be used, this option only makes sense for signedData where PKCS7_DETACHED is also set when PKCS7_sign() is also called.

+ +

If the PKCS7_TEXT flag is set MIME headers for type text/plain are added to the content, this only makes sense if PKCS7_DETACHED is also set.

+ +

If the PKCS7_STREAM flag is set streaming is performed. This flag should only be set if PKCS7_STREAM was also set in the previous call to PKCS7_sign() or PKCS7_encrypt().

+ +

If cleartext signing is being used and PKCS7_STREAM not set then the data must be read twice: once to compute the signature in PKCS7_sign() and once to output the S/MIME message.

+ +

If streaming is performed the content is output in BER format using indefinite length constructed encoding except in the case of signed data with detached content where the content is absent and DER format is used.

+ +

BUGS

+ +

SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there should be an option to disable this.

+ +

RETURN VALUES

+ +

SMIME_write_PKCS7() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_sign(3), PKCS7_verify(3), PKCS7_encrypt(3) PKCS7_decrypt(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CIPHER_get_name.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CIPHER_get_name.html new file mode 100644 index 00000000..850ae6ba --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CIPHER_get_name.html @@ -0,0 +1,181 @@ + + + + +SSL_CIPHER_get_name + + + + + + + + + + +

NAME

+ +

SSL_CIPHER_get_name, SSL_CIPHER_standard_name, OPENSSL_cipher_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description, SSL_CIPHER_get_cipher_nid, SSL_CIPHER_get_digest_nid, SSL_CIPHER_get_handshake_digest, SSL_CIPHER_get_kx_nid, SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead, SSL_CIPHER_find, SSL_CIPHER_get_id, SSL_CIPHER_get_protocol_id - get SSL_CIPHER properties

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
+const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher);
+const char *OPENSSL_cipher_name(const char *stdname);
+int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
+char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
+char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
+int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
+const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c);
+int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
+const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
+uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
+uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
+ +

DESCRIPTION

+ +

SSL_CIPHER_get_name() returns a pointer to the name of cipher. If the cipher is NULL, it returns "(NONE)".

+ +

SSL_CIPHER_standard_name() returns a pointer to the standard RFC name of cipher. If the cipher is NULL, it returns "(NONE)". If the cipher has no standard name, it returns NULL. If cipher was defined in both SSLv3 and TLS, it returns the TLS name.

+ +

OPENSSL_cipher_name() returns a pointer to the OpenSSL name of stdname. If the stdname is NULL, or stdname has no corresponding OpenSSL name, it returns "(NONE)". Where both exist, stdname should be the TLS name rather than the SSLv3 name.

+ +

SSL_CIPHER_get_bits() returns the number of secret bits used for cipher. If cipher is NULL, 0 is returned.

+ +

SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol version that first defined the cipher. It returns "(NONE)" if cipher is NULL.

+ +

SSL_CIPHER_get_cipher_nid() returns the cipher NID corresponding to c. If there is no cipher (e.g. for cipher suites with no encryption) then NID_undef is returned.

+ +

SSL_CIPHER_get_digest_nid() returns the digest NID corresponding to the MAC used by c during record encryption/decryption. If there is no digest (e.g. for AEAD cipher suites) then NID_undef is returned.

+ +

SSL_CIPHER_get_handshake_digest() returns an EVP_MD for the digest used during the SSL/TLS handshake when using the SSL_CIPHER c. Note that this may be different to the digest used to calculate the MAC for encrypted records.

+ +

SSL_CIPHER_get_kx_nid() returns the key exchange NID corresponding to the method used by c. If there is no key exchange, then NID_undef is returned. If any appropriate key exchange algorithm can be used (as in the case of TLS 1.3 cipher suites) NID_kx_any is returned. Examples (not comprehensive):

+ +
NID_kx_rsa
+NID_kx_ecdhe
+NID_kx_dhe
+NID_kx_psk
+ +

SSL_CIPHER_get_auth_nid() returns the authentication NID corresponding to the method used by c. If there is no authentication, then NID_undef is returned. If any appropriate authentication algorithm can be used (as in the case of TLS 1.3 cipher suites) NID_auth_any is returned. Examples (not comprehensive):

+ +
NID_auth_rsa
+NID_auth_ecdsa
+NID_auth_psk
+ +

SSL_CIPHER_is_aead() returns 1 if the cipher c is AEAD (e.g. GCM or ChaCha20/Poly1305), and 0 if it is not AEAD.

+ +

SSL_CIPHER_find() returns a SSL_CIPHER structure which has the cipher ID stored in ptr. The ptr parameter is a two element array of char, which stores the two-byte TLS cipher ID (as allocated by IANA) in network byte order. This parameter is usually retrieved from a TLS packet by using functions like SSL_client_hello_get0_ciphers(3). SSL_CIPHER_find() returns NULL if an error occurs or the indicated cipher is not found.

+ +

SSL_CIPHER_get_id() returns the OpenSSL-specific ID of the given cipher c. That ID is not the same as the IANA-specific ID.

+ +

SSL_CIPHER_get_protocol_id() returns the two-byte ID used in the TLS protocol of the given cipher c.

+ +

SSL_CIPHER_description() returns a textual description of the cipher used into the buffer buf of length len provided. If buf is provided, it must be at least 128 bytes, otherwise a buffer will be allocated using OPENSSL_malloc(). If the provided buffer is too small, or the allocation fails, NULL is returned.

+ +

The string returned by SSL_CIPHER_description() consists of several fields separated by whitespace:

+ +
+ +
<ciphername>
+
+ +

Textual representation of the cipher name.

+ +
+
<protocol version>
+
+ +

The minimum protocol version that the ciphersuite supports, such as TLSv1.2. Note that this is not always the same as the protocol version in which the ciphersuite was first defined because some ciphersuites are backwards compatible with earlier protocol versions.

+ +
+
Kx=<key exchange>
+
+ +

Key exchange method such as RSA, ECDHE, etc.

+ +
+
Au=<authentication>
+
+ +

Authentication method such as RSA, None, etc.. None is the representation of anonymous ciphers.

+ +
+
Enc=<symmetric encryption method>
+
+ +

Encryption method, with number of secret bits, such as AESGCM(128).

+ +
+
Mac=<message authentication code>
+
+ +

Message digest, such as SHA256.

+ +
+
+ +

Some examples for the output of SSL_CIPHER_description():

+ +
ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
+RSA-PSK-AES256-CBC-SHA384 TLSv1.0 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA384
+ +

RETURN VALUES

+ +

SSL_CIPHER_get_name(), SSL_CIPHER_standard_name(), OPENSSL_cipher_name(), SSL_CIPHER_get_version() and SSL_CIPHER_description() return the corresponding value in a null-terminated string for a specific cipher or "(NONE)" if the cipher is not found.

+ +

SSL_CIPHER_get_bits() returns a positive integer representing the number of secret bits or 0 if an error occurred.

+ +

SSL_CIPHER_get_cipher_nid(), SSL_CIPHER_get_digest_nid(), SSL_CIPHER_get_kx_nid() and SSL_CIPHER_get_auth_nid() return the NID value or NID_undef if an error occurred.

+ +

SSL_CIPHER_get_handshake_digest() returns a valid EVP_MD structure or NULL if an error occurred.

+ +

SSL_CIPHER_is_aead() returns 1 if the cipher is AEAD or 0 otherwise.

+ +

SSL_CIPHER_find() returns a valid SSL_CIPHER structure or NULL if an error occurred.

+ +

SSL_CIPHER_get_id() returns a 4-byte integer representing the OpenSSL-specific ID.

+ +

SSL_CIPHER_get_protocol_id() returns a 2-byte integer representing the TLS protocol-specific ID.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_current_cipher(3), SSL_get_ciphers(3), ciphers(1)

+ +

HISTORY

+ +

The SSL_CIPHER_get_version() function was updated to always return the correct protocol string in OpenSSL 1.1.0.

+ +

The SSL_CIPHER_description() function was changed to return NULL on error, rather than a fixed string, in OpenSSL 1.1.0.

+ +

The SSL_CIPHER_get_handshake_digest() function was added in OpenSSL 1.1.1.

+ +

The SSL_CIPHER_standard_name() function was globally available in OpenSSL 1.1.1. Before OpenSSL 1.1.1, tracing (enable-ssl-trace argument to Configure) was required to enable this function.

+ +

The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_COMP_add_compression_method.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_COMP_add_compression_method.html new file mode 100644 index 00000000..3253f753 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_COMP_add_compression_method.html @@ -0,0 +1,111 @@ + + + + +SSL_COMP_add_compression_method + + + + + + + + + + +

NAME

+ +

SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods - handle SSL/TLS integrated compression methods

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+const char *SSL_COMP_get0_name(const SSL_COMP *comp);
+int SSL_COMP_get_id(const SSL_COMP *comp);
+ +

Deprecated:

+ +
#if OPENSSL_API_COMPAT < 0x10100000L
+void SSL_COMP_free_compression_methods(void)
+#endif
+ +

DESCRIPTION

+ +

SSL_COMP_add_compression_method() adds the compression method cm with the identifier id to the list of available compression methods. This list is globally maintained for all SSL operations within this application. It cannot be set for specific SSL_CTX or SSL objects.

+ +

SSL_COMP_get_compression_methods() returns a stack of all of the available compression methods or NULL on error.

+ +

SSL_COMP_get0_name() returns the name of the compression method comp.

+ +

SSL_COMP_get_id() returns the id of the compression method comp.

+ +

SSL_COMP_free_compression_methods() releases any resources acquired to maintain the internal table of compression methods.

+ +

NOTES

+ +

The TLS standard (or SSLv3) allows the integration of compression methods into the communication. The TLS RFC does however not specify compression methods or their corresponding identifiers, so there is currently no compatible way to integrate compression with unknown peers. It is therefore currently not recommended to integrate compression into applications. Applications for non-public use may agree on certain compression methods. Using different compression methods with the same identifier will lead to connection failure.

+ +

An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) will unconditionally send the list of all compression methods enabled with SSL_COMP_add_compression_method() to the server during the handshake. Unlike the mechanisms to set a cipher list, there is no method available to restrict the list of compression method on a per connection basis.

+ +

An OpenSSL server will match the identifiers listed by a client against its own compression methods and will unconditionally activate compression when a matching identifier is found. There is no way to restrict the list of compression methods supported on a per connection basis.

+ +

If enabled during compilation, the OpenSSL library will have the COMP_zlib() compression method available.

+ +

RETURN VALUES

+ +

SSL_COMP_add_compression_method() may return the following values:

+ +
+ +
0
+
+ +

The operation succeeded.

+ +
+
1
+
+ +

The operation failed. Check the error queue to find out the reason.

+ +
+
+ +

SSL_COMP_get_compression_methods() returns the stack of compressions methods or NULL on error.

+ +

SSL_COMP_get0_name() returns the name of the compression method or NULL on error.

+ +

SSL_COMP_get_id() returns the name of the compression method or -1 on error.

+ +

SEE ALSO

+ +

ssl(7)

+ +

HISTORY

+ +

The SSL_COMP_free_compression_methods() function was deprecated in OpenSSL 1.1.0. The SSL_COMP_get0_name() and SSL_comp_get_id() functions were added in OpenSSL 1.1.0d.

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_CTX_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_CTX_new.html new file mode 100644 index 00000000..c3371bc6 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_CTX_new.html @@ -0,0 +1,66 @@ + + + + +SSL_CONF_CTX_new + + + + + + + + + + +

NAME

+ +

SSL_CONF_CTX_new, SSL_CONF_CTX_free - SSL configuration allocation functions

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL_CONF_CTX *SSL_CONF_CTX_new(void);
+void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
+ +

DESCRIPTION

+ +

The function SSL_CONF_CTX_new() allocates and initialises an SSL_CONF_CTX structure for use with the SSL_CONF functions.

+ +

The function SSL_CONF_CTX_free() frees up the context cctx. If cctx is NULL nothing is done.

+ +

RETURN VALUES

+ +

SSL_CONF_CTX_new() returns either the newly allocated SSL_CONF_CTX structure or NULL if an error occurs.

+ +

SSL_CONF_CTX_free() does not return a value.

+ +

SEE ALSO

+ +

SSL_CONF_CTX_set_flags(3), SSL_CONF_CTX_set_ssl_ctx(3), SSL_CONF_CTX_set1_prefix(3), SSL_CONF_cmd(3), SSL_CONF_cmd_argv(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_CTX_set1_prefix.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_CTX_set1_prefix.html new file mode 100644 index 00000000..b49e0dcf --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_CTX_set1_prefix.html @@ -0,0 +1,70 @@ + + + + +SSL_CONF_CTX_set1_prefix + + + + + + + + + + +

NAME

+ +

SSL_CONF_CTX_set1_prefix - Set configuration context command prefix

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix);
+ +

DESCRIPTION

+ +

The function SSL_CONF_CTX_set1_prefix() sets the command prefix of cctx to prefix. If prefix is NULL it is restored to the default value.

+ +

NOTES

+ +

Command prefixes alter the commands recognised by subsequent SSL_CONF_cmd() calls. For example for files, if the prefix "SSL" is set then command names such as "SSLProtocol", "SSLOptions" etc. are recognised instead of "Protocol" and "Options". Similarly for command lines if the prefix is "--ssl-" then "--ssl-no_tls1_2" is recognised instead of "-no_tls1_2".

+ +

If the SSL_CONF_FLAG_CMDLINE flag is set then prefix checks are case sensitive and "-" is the default. In the unlikely even an application explicitly wants to set no prefix it must be explicitly set to "".

+ +

If the SSL_CONF_FLAG_FILE flag is set then prefix checks are case insensitive and no prefix is the default.

+ +

RETURN VALUES

+ +

SSL_CONF_CTX_set1_prefix() returns 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

SSL_CONF_CTX_new(3), SSL_CONF_CTX_set_flags(3), SSL_CONF_CTX_set_ssl_ctx(3), SSL_CONF_cmd(3), SSL_CONF_cmd_argv(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_CTX_set_flags.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_CTX_set_flags.html new file mode 100644 index 00000000..280bf767 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_CTX_set_flags.html @@ -0,0 +1,105 @@ + + + + +SSL_CONF_CTX_set_flags + + + + + + + + + + +

NAME

+ +

SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags - Set or clear SSL configuration context flags

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+ +

DESCRIPTION

+ +

The function SSL_CONF_CTX_set_flags() sets flags in the context cctx.

+ +

The function SSL_CONF_CTX_clear_flags() clears flags in the context cctx.

+ +

NOTES

+ +

The flags set affect how subsequent calls to SSL_CONF_cmd() or SSL_CONF_argv() behave.

+ +

Currently the following flags values are recognised:

+ +
+ +
SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE
+
+ +

recognise options intended for command line or configuration file use. At least one of these flags must be set.

+ +
+
SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER
+
+ +

recognise options intended for use in SSL/TLS clients or servers. One or both of these flags must be set.

+ +
+
SSL_CONF_FLAG_CERTIFICATE
+
+ +

recognise certificate and private key options.

+ +
+
SSL_CONF_FLAG_REQUIRE_PRIVATE
+
+ +

If this option is set then if a private key is not specified for a certificate it will attempt to load a private key from the certificate file when SSL_CONF_CTX_finish() is called. If a key cannot be loaded from the certificate file an error occurs.

+ +
+
SSL_CONF_FLAG_SHOW_ERRORS
+
+ +

indicate errors relating to unrecognised options or missing arguments in the error queue. If this option isn't set such errors are only reflected in the return values of SSL_CONF_set_cmd() or SSL_CONF_set_argv()

+ +
+
+ +

RETURN VALUES

+ +

SSL_CONF_CTX_set_flags() and SSL_CONF_CTX_clear_flags() returns the new flags value after setting or clearing flags.

+ +

SEE ALSO

+ +

SSL_CONF_CTX_new(3), SSL_CONF_CTX_set_ssl_ctx(3), SSL_CONF_CTX_set1_prefix(3), SSL_CONF_cmd(3), SSL_CONF_cmd_argv(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_CTX_set_ssl_ctx.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_CTX_set_ssl_ctx.html new file mode 100644 index 00000000..031cda52 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_CTX_set_ssl_ctx.html @@ -0,0 +1,69 @@ + + + + +SSL_CONF_CTX_set_ssl_ctx + + + + + + + + + + +

NAME

+ +

SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);
+void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_CONF_CTX_set_ssl_ctx() sets the context associated with cctx to the SSL_CTX structure ctx. Any previous SSL or SSL_CTX associated with cctx is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to ctx.

+ +

SSL_CONF_CTX_set_ssl() sets the context associated with cctx to the SSL structure ssl. Any previous SSL or SSL_CTX associated with cctx is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to ssl.

+ +

NOTES

+ +

The context need not be set or it can be set to NULL in which case only syntax checking of commands is performed, where possible.

+ +

RETURN VALUES

+ +

SSL_CONF_CTX_set_ssl_ctx() and SSL_CTX_set_ssl() do not return a value.

+ +

SEE ALSO

+ +

SSL_CONF_CTX_new(3), SSL_CONF_CTX_set_flags(3), SSL_CONF_CTX_set1_prefix(3), SSL_CONF_cmd(3), SSL_CONF_cmd_argv(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_cmd.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_cmd.html new file mode 100644 index 00000000..9934b55d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_cmd.html @@ -0,0 +1,556 @@ + + + + +SSL_CONF_cmd + + + + + + + + + + +

NAME

+ +

SSL_CONF_cmd_value_type, SSL_CONF_cmd - send configuration command

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
+int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
+ +

DESCRIPTION

+ +

The function SSL_CONF_cmd() performs configuration operation cmd with optional parameter value on ctx. Its purpose is to simplify application configuration of SSL_CTX or SSL structures by providing a common framework for command line options or configuration files.

+ +

SSL_CONF_cmd_value_type() returns the type of value that cmd refers to.

+ +

SUPPORTED COMMAND LINE COMMANDS

+ +

Currently supported cmd names for command lines (i.e. when the flag SSL_CONF_CMDLINE is set) are listed below. Note: all cmd names are case sensitive. Unless otherwise stated commands can be used by both clients and servers and the value parameter is not used. The default prefix for command line commands is - and that is reflected below.

+ +
+ +
-sigalgs
+
+ +

This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. For clients this value is used directly for the supported signature algorithms extension. For servers it is used to determine which signature algorithms to support.

+ +

The value argument should be a colon separated list of signature algorithms in order of decreasing preference of the form algorithm+hash or signature_scheme. algorithm is one of RSA, DSA or ECDSA and hash is a supported algorithm OID short name such as SHA1, SHA224, SHA256, SHA384 of SHA512. Note: algorithm and hash names are case sensitive. signature_scheme is one of the signature schemes defined in TLSv1.3, specified using the IETF name, e.g., ecdsa_secp256r1_sha256, ed25519, or rsa_pss_pss_sha256.

+ +

If this option is not set then all signature algorithms supported by the OpenSSL library are permissible.

+ +

Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by using RSA as the algorithm or by using one of the rsa_pkcs1_* identifiers) are ignored in TLSv1.3 and will not be negotiated.

+ +
+
-client_sigalgs
+
+ +

This sets the supported signature algorithms associated with client authentication for TLSv1.2 and TLSv1.3. For servers the value is used in the signature_algorithms field of a CertificateRequest message. For clients it is used to determine which signature algorithm to use with the client certificate. If a server does not request a certificate this option has no effect.

+ +

The syntax of value is identical to -sigalgs. If not set then the value set for -sigalgs will be used instead.

+ +
+
-groups
+
+ +

This sets the supported groups. For clients, the groups are sent using the supported groups extension. For servers, it is used to determine which group to use. This setting affects groups used for signatures (in TLSv1.2 and earlier) and key exchange. The first group listed will also be used for the key_share sent by a client in a TLSv1.3 ClientHello.

+ +

The value argument is a colon separated list of groups. The group can be either the NIST name (e.g. P-256), some other commonly used name where applicable (e.g. X25519) or an OpenSSL OID name (e.g prime256v1). Group names are case sensitive. The list should be in order of preference with the most preferred group first.

+ +
+
-curves
+
+ +

This is a synonym for the "-groups" command.

+ +
+
-named_curve
+
+ +

This sets the temporary curve used for ephemeral ECDH modes. Only used by servers

+ +

The value argument is a curve name or the special value auto which picks an appropriate curve based on client and server preferences. The curve can be either the NIST name (e.g. P-256) or an OpenSSL OID name (e.g prime256v1). Curve names are case sensitive.

+ +
+
-cipher
+
+ +

Sets the TLSv1.2 and below ciphersuite list to value. This list will be combined with any configured TLSv1.3 ciphersuites. Note: syntax checking of value is currently not performed unless a SSL or SSL_CTX structure is associated with cctx.

+ +
+
-ciphersuites
+
+ +

Sets the available ciphersuites for TLSv1.3 to value. This is a simple colon (":") separated list of TLSv1.3 ciphersuite names in order of preference. This list will be combined any configured TLSv1.2 and below ciphersuites. See ciphers(1) for more information.

+ +
+
-cert
+
+ +

Attempts to use the file value as the certificate for the appropriate context. It currently uses SSL_CTX_use_certificate_chain_file() if an SSL_CTX structure is set or SSL_use_certificate_file() with filetype PEM if an SSL structure is set. This option is only supported if certificate operations are permitted.

+ +
+
-key
+
+ +

Attempts to use the file value as the private key for the appropriate context. This option is only supported if certificate operations are permitted. Note: if no -key option is set then a private key is not loaded unless the flag SSL_CONF_FLAG_REQUIRE_PRIVATE is set.

+ +
+
-dhparam
+
+ +

Attempts to use the file value as the set of temporary DH parameters for the appropriate context. This option is only supported if certificate operations are permitted.

+ +
+
-record_padding
+
+ +

Attempts to pad TLSv1.3 records so that they are a multiple of value in length on send. A value of 0 or 1 turns off padding. Otherwise, the value must be >1 or <=16384.

+ +
+
-no_renegotiation
+
+ +

Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting SSL_OP_NO_RENEGOTIATION.

+ +
+
-min_protocol, -max_protocol
+
+ +

Sets the minimum and maximum supported protocol. Currently supported protocol values are SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 for TLS and DTLSv1, DTLSv1.2 for DTLS, and None for no limit. If either bound is not specified then only the other bound applies, if specified. To restrict the supported protocol versions use these commands rather than the deprecated alternative commands below.

+ +
+
-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3
+
+ +

Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by setting the corresponding options SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2 and SSL_OP_NO_TLSv1_3 respectively. These options are deprecated, instead use -min_protocol and -max_protocol.

+ +
+
-bugs
+
+ +

Various bug workarounds are set, same as setting SSL_OP_ALL.

+ +
+
-comp
+
+ +

Enables support for SSL/TLS compression, same as clearing SSL_OP_NO_COMPRESSION. This command was introduced in OpenSSL 1.1.0. As of OpenSSL 1.1.0, compression is off by default.

+ +
+
-no_comp
+
+ +

Disables support for SSL/TLS compression, same as setting SSL_OP_NO_COMPRESSION. As of OpenSSL 1.1.0, compression is off by default.

+ +
+
-no_ticket
+
+ +

Disables support for session tickets, same as setting SSL_OP_NO_TICKET.

+ +
+
-serverpref
+
+ +

Use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to SSL_OP_CIPHER_SERVER_PREFERENCE. Only used by servers.

+ +
+
-prioritize_chacha
+
+ +

Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of its preference list. This usually indicates a client without AES hardware acceleration (e.g. mobile) is in use. Equivalent to SSL_OP_PRIORITIZE_CHACHA. Only used by servers. Requires -serverpref.

+ +
+
-no_resumption_on_reneg
+
+ +

set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.

+ +
+
-legacyrenegotiation
+
+ +

permits the use of unsafe legacy renegotiation. Equivalent to setting SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.

+ +
+
-legacy_server_connect, -no_legacy_server_connect
+
+ +

permits or prohibits the use of unsafe legacy renegotiation for OpenSSL clients only. Equivalent to setting or clearing SSL_OP_LEGACY_SERVER_CONNECT. Set by default.

+ +
+
-allow_no_dhe_kex
+
+ +

In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session.

+ +
+
-strict
+
+ +

enables strict mode protocol handling. Equivalent to setting SSL_CERT_FLAG_TLS_STRICT.

+ +
+
-anti_replay, -no_anti_replay
+
+ +

Switches replay protection, on or off respectively. With replay protection on, OpenSSL will automatically detect if a session ticket has been used more than once, TLSv1.3 has been negotiated, and early data is enabled on the server. A full handshake is forced if a session ticket is used a second or subsequent time. Anti-Replay is on by default unless overridden by a configuration file and is only used by servers. Anti-replay measures are required for compliance with the TLSv1.3 specification. Some applications may be able to mitigate the replay risks in other ways and in such cases the built-in OpenSSL functionality is not required. Switching off anti-replay is equivalent to SSL_OP_NO_ANTI_REPLAY.

+ +
+
+ +

SUPPORTED CONFIGURATION FILE COMMANDS

+ +

Currently supported cmd names for configuration files (i.e. when the flag SSL_CONF_FLAG_FILE is set) are listed below. All configuration file cmd names are case insensitive so signaturealgorithms is recognised as well as SignatureAlgorithms. Unless otherwise stated the value names are also case insensitive.

+ +

Note: the command prefix (if set) alters the recognised cmd values.

+ +
+ +
CipherString
+
+ +

Sets the ciphersuite list for TLSv1.2 and below to value. This list will be combined with any configured TLSv1.3 ciphersuites. Note: syntax checking of value is currently not performed unless an SSL or SSL_CTX structure is associated with cctx.

+ +
+
Ciphersuites
+
+ +

Sets the available ciphersuites for TLSv1.3 to value. This is a simple colon (":") separated list of TLSv1.3 ciphersuite names in order of preference. This list will be combined any configured TLSv1.2 and below ciphersuites. See ciphers(1) for more information.

+ +
+
Certificate
+
+ +

Attempts to use the file value as the certificate for the appropriate context. It currently uses SSL_CTX_use_certificate_chain_file() if an SSL_CTX structure is set or SSL_use_certificate_file() with filetype PEM if an SSL structure is set. This option is only supported if certificate operations are permitted.

+ +
+
PrivateKey
+
+ +

Attempts to use the file value as the private key for the appropriate context. This option is only supported if certificate operations are permitted. Note: if no PrivateKey option is set then a private key is not loaded unless the SSL_CONF_FLAG_REQUIRE_PRIVATE is set.

+ +
+
ChainCAFile, ChainCAPath, VerifyCAFile, VerifyCAPath
+
+ +

These options indicate a file or directory used for building certificate chains or verifying certificate chains. These options are only supported if certificate operations are permitted.

+ +
+
RequestCAFile
+
+ +

This option indicates a file containing a set of certificates in PEM form. The subject names of the certificates are sent to the peer in the certificate_authorities extension for TLS 1.3 (in ClientHello or CertificateRequest) or in a certificate request for previous versions or TLS.

+ +
+
ServerInfoFile
+
+ +

Attempts to use the file value in the "serverinfo" extension using the function SSL_CTX_use_serverinfo_file.

+ +
+
DHParameters
+
+ +

Attempts to use the file value as the set of temporary DH parameters for the appropriate context. This option is only supported if certificate operations are permitted.

+ +
+
RecordPadding
+
+ +

Attempts to pad TLSv1.3 records so that they are a multiple of value in length on send. A value of 0 or 1 turns off padding. Otherwise, the value must be >1 or <=16384.

+ +
+
SignatureAlgorithms
+
+ +

This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. For clients this value is used directly for the supported signature algorithms extension. For servers it is used to determine which signature algorithms to support.

+ +

The value argument should be a colon separated list of signature algorithms in order of decreasing preference of the form algorithm+hash or signature_scheme. algorithm is one of RSA, DSA or ECDSA and hash is a supported algorithm OID short name such as SHA1, SHA224, SHA256, SHA384 of SHA512. Note: algorithm and hash names are case sensitive. signature_scheme is one of the signature schemes defined in TLSv1.3, specified using the IETF name, e.g., ecdsa_secp256r1_sha256, ed25519, or rsa_pss_pss_sha256.

+ +

If this option is not set then all signature algorithms supported by the OpenSSL library are permissible.

+ +

Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by using RSA as the algorithm or by using one of the rsa_pkcs1_* identifiers) are ignored in TLSv1.3 and will not be negotiated.

+ +
+
ClientSignatureAlgorithms
+
+ +

This sets the supported signature algorithms associated with client authentication for TLSv1.2 and TLSv1.3. For servers the value is used in the signature_algorithms field of a CertificateRequest message. For clients it is used to determine which signature algorithm to use with the client certificate. If a server does not request a certificate this option has no effect.

+ +

The syntax of value is identical to SignatureAlgorithms. If not set then the value set for SignatureAlgorithms will be used instead.

+ +
+
Groups
+
+ +

This sets the supported groups. For clients, the groups are sent using the supported groups extension. For servers, it is used to determine which group to use. This setting affects groups used for signatures (in TLSv1.2 and earlier) and key exchange. The first group listed will also be used for the key_share sent by a client in a TLSv1.3 ClientHello.

+ +

The value argument is a colon separated list of groups. The group can be either the NIST name (e.g. P-256), some other commonly used name where applicable (e.g. X25519) or an OpenSSL OID name (e.g prime256v1). Group names are case sensitive. The list should be in order of preference with the most preferred group first.

+ +
+
Curves
+
+ +

This is a synonym for the "Groups" command.

+ +
+
MinProtocol
+
+ +

This sets the minimum supported SSL, TLS or DTLS version.

+ +

Currently supported protocol values are SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, DTLSv1 and DTLSv1.2. The value None will disable the limit.

+ +
+
MaxProtocol
+
+ +

This sets the maximum supported SSL, TLS or DTLS version.

+ +

Currently supported protocol values are SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, DTLSv1 and DTLSv1.2. The value None will disable the limit.

+ +
+
Protocol
+
+ +

This can be used to enable or disable certain versions of the SSL, TLS or DTLS protocol.

+ +

The value argument is a comma separated list of supported protocols to enable or disable. If a protocol is preceded by - that version is disabled.

+ +

All protocol versions are enabled by default. You need to disable at least one protocol version for this setting have any effect. Only enabling some protocol versions does not disable the other protocol versions.

+ +

Currently supported protocol values are SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, DTLSv1 and DTLSv1.2. The special value ALL refers to all supported versions.

+ +

This can't enable protocols that are disabled using MinProtocol or MaxProtocol, but can disable protocols that are still allowed by them.

+ +

The Protocol command is fragile and deprecated; do not use it. Use MinProtocol and MaxProtocol instead. If you do use Protocol, make sure that the resulting range of enabled protocols has no "holes", e.g. if TLS 1.0 and TLS 1.2 are both enabled, make sure to also leave TLS 1.1 enabled.

+ +
+
Options
+
+ +

The value argument is a comma separated list of various flags to set. If a flag string is preceded - it is disabled. See the SSL_CTX_set_options(3) function for more details of individual options.

+ +

Each option is listed below. Where an operation is enabled by default the -flag syntax is needed to disable it.

+ +

SessionTicket: session ticket support, enabled by default. Inverse of SSL_OP_NO_TICKET: that is -SessionTicket is the same as setting SSL_OP_NO_TICKET.

+ +

Compression: SSL/TLS compression support, enabled by default. Inverse of SSL_OP_NO_COMPRESSION.

+ +

EmptyFragments: use empty fragments as a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers. It is set by default. Inverse of SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.

+ +

Bugs: enable various bug workarounds. Same as SSL_OP_ALL.

+ +

DHSingle: enable single use DH keys, set by default. Inverse of SSL_OP_DH_SINGLE. Only used by servers.

+ +

ECDHSingle: enable single use ECDH keys, set by default. Inverse of SSL_OP_ECDH_SINGLE. Only used by servers.

+ +

ServerPreference: use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to SSL_OP_CIPHER_SERVER_PREFERENCE. Only used by servers.

+ +

PrioritizeChaCha: prioritizes ChaCha ciphers when the client has a ChaCha20 cipher at the top of its preference list. This usually indicates a mobile client is in use. Equivalent to SSL_OP_PRIORITIZE_CHACHA. Only used by servers.

+ +

NoResumptionOnRenegotiation: set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.

+ +

NoRenegotiation: disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting SSL_OP_NO_RENEGOTIATION.

+ +

UnsafeLegacyRenegotiation: permits the use of unsafe legacy renegotiation. Equivalent to SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.

+ +

UnsafeLegacyServerConnect: permits the use of unsafe legacy renegotiation for OpenSSL clients only. Equivalent to SSL_OP_LEGACY_SERVER_CONNECT. Set by default.

+ +

EncryptThenMac: use encrypt-then-mac extension, enabled by default. Inverse of SSL_OP_NO_ENCRYPT_THEN_MAC: that is, -EncryptThenMac is the same as setting SSL_OP_NO_ENCRYPT_THEN_MAC.

+ +

AllowNoDHEKEX: In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session. Equivalent to SSL_OP_ALLOW_NO_DHE_KEX.

+ +

MiddleboxCompat: If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that do not understand TLSv1.3 will not drop the connection. This option is set by default. A future version of OpenSSL may not set this by default. Equivalent to SSL_OP_ENABLE_MIDDLEBOX_COMPAT.

+ +

AntiReplay: If set then OpenSSL will automatically detect if a session ticket has been used more than once, TLSv1.3 has been negotiated, and early data is enabled on the server. A full handshake is forced if a session ticket is used a second or subsequent time. This option is set by default and is only used by servers. Anti-replay measures are required to comply with the TLSv1.3 specification. Some applications may be able to mitigate the replay risks in other ways and in such cases the built-in OpenSSL functionality is not required. Disabling anti-replay is equivalent to setting SSL_OP_NO_ANTI_REPLAY.

+ +
+
VerifyMode
+
+ +

The value argument is a comma separated list of flags to set.

+ +

Peer enables peer verification: for clients only.

+ +

Request requests but does not require a certificate from the client. Servers only.

+ +

Require requests and requires a certificate from the client: an error occurs if the client does not present a certificate. Servers only.

+ +

Once requests a certificate from a client only on the initial connection: not when renegotiating. Servers only.

+ +

RequestPostHandshake configures the connection to support requests but does not require a certificate from the client post-handshake. A certificate will not be requested during the initial handshake. The server application must provide a mechanism to request a certificate post-handshake. Servers only. TLSv1.3 only.

+ +

RequiresPostHandshake configures the connection to support requests and requires a certificate from the client post-handshake: an error occurs if the client does not present a certificate. A certificate will not be requested during the initial handshake. The server application must provide a mechanism to request a certificate post-handshake. Servers only. TLSv1.3 only.

+ +
+
ClientCAFile, ClientCAPath
+
+ +

A file or directory of certificates in PEM format whose names are used as the set of acceptable names for client CAs. Servers only. This option is only supported if certificate operations are permitted.

+ +
+
+ +

SUPPORTED COMMAND TYPES

+ +

The function SSL_CONF_cmd_value_type() currently returns one of the following types:

+ +
+ +
SSL_CONF_TYPE_UNKNOWN
+
+ +

The cmd string is unrecognised, this return value can be use to flag syntax errors.

+ +
+
SSL_CONF_TYPE_STRING
+
+ +

The value is a string without any specific structure.

+ +
+
SSL_CONF_TYPE_FILE
+
+ +

The value is a file name.

+ +
+
SSL_CONF_TYPE_DIR
+
+ +

The value is a directory name.

+ +
+
SSL_CONF_TYPE_NONE
+
+ +

The value string is not used e.g. a command line option which doesn't take an argument.

+ +
+
+ +

NOTES

+ +

The order of operations is significant. This can be used to set either defaults or values which cannot be overridden. For example if an application calls:

+ +
SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
+SSL_CONF_cmd(ctx, userparam, uservalue);
+ +

it will disable SSLv3 support by default but the user can override it. If however the call sequence is:

+ +
SSL_CONF_cmd(ctx, userparam, uservalue);
+SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
+ +

SSLv3 is always disabled and attempt to override this by the user are ignored.

+ +

By checking the return code of SSL_CONF_cmd() it is possible to query if a given cmd is recognised, this is useful if SSL_CONF_cmd() values are mixed with additional application specific operations.

+ +

For example an application might call SSL_CONF_cmd() and if it returns -2 (unrecognised command) continue with processing of application specific commands.

+ +

Applications can also use SSL_CONF_cmd() to process command lines though the utility function SSL_CONF_cmd_argv() is normally used instead. One way to do this is to set the prefix to an appropriate value using SSL_CONF_CTX_set1_prefix(), pass the current argument to cmd and the following argument to value (which may be NULL).

+ +

In this case if the return value is positive then it is used to skip that number of arguments as they have been processed by SSL_CONF_cmd(). If -2 is returned then cmd is not recognised and application specific arguments can be checked instead. If -3 is returned a required argument is missing and an error is indicated. If 0 is returned some other error occurred and this can be reported back to the user.

+ +

The function SSL_CONF_cmd_value_type() can be used by applications to check for the existence of a command or to perform additional syntax checking or translation of the command value. For example if the return value is SSL_CONF_TYPE_FILE an application could translate a relative pathname to an absolute pathname.

+ +

RETURN VALUES

+ +

SSL_CONF_cmd() returns 1 if the value of cmd is recognised and value is NOT used and 2 if both cmd and value are used. In other words it returns the number of arguments processed. This is useful when processing command lines.

+ +

A return value of -2 means cmd is not recognised.

+ +

A return value of -3 means cmd is recognised and the command requires a value but value is NULL.

+ +

A return code of 0 indicates that both cmd and value are valid but an error occurred attempting to perform the operation: for example due to an error in the syntax of value in this case the error queue may provide additional information.

+ +

EXAMPLES

+ +

Set supported signature algorithms:

+ +
SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256");
+ +

There are various ways to select the supported protocols.

+ +

This set the minimum protocol version to TLSv1, and so disables SSLv3. This is the recommended way to disable protocols.

+ +
SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1");
+ +

The following also disables SSLv3:

+ +
SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
+ +

The following will first enable all protocols, and then disable SSLv3. If no protocol versions were disabled before this has the same effect as "-SSLv3", but if some versions were disables this will re-enable them before disabling SSLv3.

+ +
SSL_CONF_cmd(ctx, "Protocol", "ALL,-SSLv3");
+ +

Only enable TLSv1.2:

+ +
SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1.2");
+SSL_CONF_cmd(ctx, "MaxProtocol", "TLSv1.2");
+ +

This also only enables TLSv1.2:

+ +
SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2");
+ +

Disable TLS session tickets:

+ +
SSL_CONF_cmd(ctx, "Options", "-SessionTicket");
+ +

Enable compression:

+ +
SSL_CONF_cmd(ctx, "Options", "Compression");
+ +

Set supported curves to P-256, P-384:

+ +
SSL_CONF_cmd(ctx, "Curves", "P-256:P-384");
+ +

SEE ALSO

+ +

SSL_CONF_CTX_new(3), SSL_CONF_CTX_set_flags(3), SSL_CONF_CTX_set1_prefix(3), SSL_CONF_CTX_set_ssl_ctx(3), SSL_CONF_cmd_argv(3), SSL_CTX_set_options(3)

+ +

HISTORY

+ +

The SSL_CONF_cmd() function was added in OpenSSL 1.0.2.

+ +

The SSL_OP_NO_SSL2 option doesn't have effect since 1.1.0, but the macro is retained for backwards compatibility.

+ +

The SSL_CONF_TYPE_NONE was added in OpenSSL 1.1.0. In earlier versions of OpenSSL passing a command which didn't take an argument would return SSL_CONF_TYPE_UNKNOWN.

+ +

MinProtocol and MaxProtocol where added in OpenSSL 1.1.0.

+ +

AllowNoDHEKEX and PrioritizeChaCha were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2012-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_cmd_argv.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_cmd_argv.html new file mode 100644 index 00000000..213d482b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CONF_cmd_argv.html @@ -0,0 +1,65 @@ + + + + +SSL_CONF_cmd_argv + + + + + + + + + + +

NAME

+ +

SSL_CONF_cmd_argv - SSL configuration command line processing

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
+ +

DESCRIPTION

+ +

The function SSL_CONF_cmd_argv() processes at most two command line arguments from pargv and pargc. The values of pargv and pargc are updated to reflect the number of command options processed. The pargc argument can be set to NULL if it is not used.

+ +

RETURN VALUES

+ +

SSL_CONF_cmd_argv() returns the number of command arguments processed: 0, 1, 2 or a negative error code.

+ +

If -2 is returned then an argument for a command is missing.

+ +

If -1 is returned the command is recognised but couldn't be processed due to an error: for example a syntax error in the argument.

+ +

SEE ALSO

+ +

SSL_CONF_CTX_new(3), SSL_CONF_CTX_set_flags(3), SSL_CONF_CTX_set1_prefix(3), SSL_CONF_CTX_set_ssl_ctx(3), SSL_CONF_cmd(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_add1_chain_cert.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_add1_chain_cert.html new file mode 100644 index 00000000..3c17541d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_add1_chain_cert.html @@ -0,0 +1,122 @@ + + + + +SSL_CTX_add1_chain_cert + + + + + + + + + + +

NAME

+ +

SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, SSL_build_cert_chain, SSL_CTX_select_current_cert, SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert - extra chain certificate processing

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk);
+int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk);
+int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509);
+int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509);
+int SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
+int SSL_CTX_clear_chain_certs(SSL_CTX *ctx);
+
+int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *sk);
+int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *sk);
+int SSL_add0_chain_cert(SSL *ssl, X509 *x509);
+int SSL_add1_chain_cert(SSL *ssl, X509 *x509);
+int SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **sk);
+int SSL_clear_chain_certs(SSL *ssl);
+
+int SSL_CTX_build_cert_chain(SSL_CTX *ctx, flags);
+int SSL_build_cert_chain(SSL *ssl, flags);
+
+int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509);
+int SSL_select_current_cert(SSL *ssl, X509 *x509);
+int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op);
+int SSL_set_current_cert(SSL *ssl, long op);
+ +

DESCRIPTION

+ +

SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain associated with the current certificate of ctx to sk.

+ +

SSL_CTX_add0_chain_cert() and SSL_CTX_add1_chain_cert() append the single certificate x509 to the chain associated with the current certificate of ctx.

+ +

SSL_CTX_get0_chain_certs() retrieves the chain associated with the current certificate of ctx.

+ +

SSL_CTX_clear_chain_certs() clears any existing chain associated with the current certificate of ctx. (This is implemented by calling SSL_CTX_set0_chain() with sk set to NULL).

+ +

SSL_CTX_build_cert_chain() builds the certificate chain for ctx normally this uses the chain store or the verify store if the chain store is not set. If the function is successful the built chain will replace any existing chain. The flags parameter can be set to SSL_BUILD_CHAIN_FLAG_UNTRUSTED to use existing chain certificates as untrusted CAs, SSL_BUILD_CHAIN_FLAG_NO_ROOT to omit the root CA from the built chain, SSL_BUILD_CHAIN_FLAG_CHECK to use all existing chain certificates only to build the chain (effectively sanity checking and rearranging them if necessary), the flag SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR ignores any errors during verification: if flag SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR is also set verification errors are cleared from the error queue.

+ +

Each of these functions operates on the current end entity (i.e. server or client) certificate. This is the last certificate loaded or selected on the corresponding ctx structure.

+ +

SSL_CTX_select_current_cert() selects x509 as the current end entity certificate, but only if x509 has already been loaded into ctx using a function such as SSL_CTX_use_certificate().

+ +

SSL_set0_chain(), SSL_set1_chain(), SSL_add0_chain_cert(), SSL_add1_chain_cert(), SSL_get0_chain_certs(), SSL_clear_chain_certs(), SSL_build_cert_chain(), SSL_select_current_cert() and SSL_set_current_cert() are similar except they apply to SSL structure ssl.

+ +

SSL_CTX_set_current_cert() changes the current certificate to a value based on the op argument. Currently op can be SSL_CERT_SET_FIRST to use the first valid certificate or SSL_CERT_SET_NEXT to set the next valid certificate after the current certificate. These two operations can be used to iterate over all certificates in an SSL_CTX structure.

+ +

SSL_set_current_cert() also supports the option SSL_CERT_SET_SERVER. If ssl is a server and has sent a certificate to a connected client this option sets that certificate to the current certificate and returns 1. If the negotiated cipher suite is anonymous (and thus no certificate will be sent) 2 is returned and the current certificate is unchanged. If ssl is not a server or a certificate has not been sent 0 is returned and the current certificate is unchanged.

+ +

All these functions are implemented as macros. Those containing a 1 increment the reference count of the supplied certificate or chain so it must be freed at some point after the operation. Those containing a 0 do not increment reference counts and the supplied certificate or chain MUST NOT be freed after the operation.

+ +

NOTES

+ +

The chains associate with an SSL_CTX structure are copied to any SSL structures when SSL_new() is called. SSL structures will not be affected by any chains subsequently changed in the parent SSL_CTX.

+ +

One chain can be set for each key type supported by a server. So, for example, an RSA and a DSA certificate can (and often will) have different chains.

+ +

The functions SSL_CTX_build_cert_chain() and SSL_build_cert_chain() can be used to check application configuration and to ensure any necessary subordinate CAs are sent in the correct order. Misconfigured applications sending incorrect certificate chains often cause problems with peers.

+ +

For example an application can add any set of certificates using SSL_CTX_use_certificate_chain_file() then call SSL_CTX_build_cert_chain() with the option SSL_BUILD_CHAIN_FLAG_CHECK to check and reorder them.

+ +

Applications can issue non fatal warnings when checking chains by setting the flag SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS and checking the return value.

+ +

Calling SSL_CTX_build_cert_chain() or SSL_build_cert_chain() is more efficient than the automatic chain building as it is only performed once. Automatic chain building is performed on each new session.

+ +

If any certificates are added using these functions no certificates added using SSL_CTX_add_extra_chain_cert() will be used.

+ +

RETURN VALUES

+ +

SSL_set_current_cert() with SSL_CERT_SET_SERVER return 1 for success, 2 if no server certificate is used because the cipher suites is anonymous and 0 for failure.

+ +

SSL_CTX_build_cert_chain() and SSL_build_cert_chain() return 1 for success and 0 for failure. If the flag SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR and a verification error occurs then 2 is returned.

+ +

All other functions return 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

SSL_CTX_add_extra_chain_cert(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_add_extra_chain_cert.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_add_extra_chain_cert.html new file mode 100644 index 00000000..a9443a1b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_add_extra_chain_cert.html @@ -0,0 +1,75 @@ + + + + +SSL_CTX_add_extra_chain_cert + + + + + + + + + + +

NAME

+ +

SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear extra chain certificates

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
+long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_add_extra_chain_cert() adds the certificate x509 to the extra chain certificates associated with ctx. Several certificates can be added one after another.

+ +

SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates associated with ctx.

+ +

These functions are implemented as macros.

+ +

NOTES

+ +

When sending a certificate chain, extra chain certificates are sent in order following the end entity certificate.

+ +

If no chain is specified, the library will try to complete the chain from the available CA certificates in the trusted CA storage, see SSL_CTX_load_verify_locations(3).

+ +

The x509 certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the SSL_CTX is destroyed. An application should not free the x509 object.

+ +

RESTRICTIONS

+ +

Only one set of extra chain certificates can be specified per SSL_CTX structure. Different chains for different certificates (for example if both RSA and DSA certificates are specified by the same server) or different SSL structures with the same parent SSL_CTX cannot be specified using this function. For more flexibility functions such as SSL_add1_chain_cert() should be used instead.

+ +

RETURN VALUES

+ +

SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return 1 on success and 0 for failure. Check out the error stack to find out the reason for failure.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_use_certificate(3), SSL_CTX_set_client_cert_cb(3), SSL_CTX_load_verify_locations(3) SSL_CTX_set0_chain(3) SSL_CTX_set1_chain(3) SSL_CTX_add0_chain_cert(3) SSL_CTX_add1_chain_cert(3) SSL_set0_chain(3) SSL_set1_chain(3) SSL_add0_chain_cert(3) SSL_add1_chain_cert(3) SSL_CTX_build_cert_chain(3) SSL_build_cert_chain(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_add_session.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_add_session.html new file mode 100644 index 00000000..08140fee --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_add_session.html @@ -0,0 +1,83 @@ + + + + +SSL_CTX_add_session + + + + + + + + + + +

NAME

+ +

SSL_CTX_add_session, SSL_CTX_remove_session - manipulate session cache

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);
+
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
+ +

DESCRIPTION

+ +

SSL_CTX_add_session() adds the session c to the context ctx. The reference count for session c is incremented by 1. If a session with the same session id already exists, the old session is removed by calling SSL_SESSION_free(3).

+ +

SSL_CTX_remove_session() removes the session c from the context ctx and marks it as non-resumable. SSL_SESSION_free(3) is called once for c.

+ +

NOTES

+ +

When adding a new session to the internal session cache, it is examined whether a session with the same session id already exists. In this case it is assumed that both sessions are identical. If the same session is stored in a different SSL_SESSION object, The old session is removed and replaced by the new session. If the session is actually identical (the SSL_SESSION object is identical), SSL_CTX_add_session() is a no-op, and the return value is 0.

+ +

If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE flag then the internal cache will not be populated automatically by new sessions negotiated by the SSL/TLS implementation, even though the internal cache will be searched automatically for session-resume requests (the latter can be suppressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the application can use SSL_CTX_add_session() directly to have full control over the sessions that can be resumed if desired.

+ +

RETURN VALUES

+ +

The following values are returned by all functions:

+ +
+ +
0
+
+ +

The operation failed. In case of the add operation, it was tried to add the same (identical) session twice. In case of the remove operation, the session was not found in the cache.

+ +
+
1
+
+ +

The operation succeeded.

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_session_cache_mode(3), SSL_SESSION_free(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_config.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_config.html new file mode 100644 index 00000000..de3dfed2 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_config.html @@ -0,0 +1,105 @@ + + + + +SSL_CTX_config + + + + + + + + + + +

NAME

+ +

SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_config(SSL_CTX *ctx, const char *name);
+int SSL_config(SSL *s, const char *name);
+ +

DESCRIPTION

+ +

The functions SSL_CTX_config() and SSL_config() configure an SSL_CTX or SSL structure using the configuration name.

+ +

NOTES

+ +

By calling SSL_CTX_config() or SSL_config() an application can perform many complex tasks based on the contents of the configuration file: greatly simplifying application configuration code. A degree of future proofing can also be achieved: an application can support configuration features in newer versions of OpenSSL automatically.

+ +

A configuration file must have been previously loaded, for example using CONF_modules_load_file(). See config(5) for details of the configuration file syntax.

+ +

RETURN VALUES

+ +

SSL_CTX_config() and SSL_config() return 1 for success or 0 if an error occurred.

+ +

EXAMPLES

+ +

If the file "config.cnf" contains the following:

+ +
testapp = test_sect
+
+[test_sect]
+# list of configuration modules
+
+ssl_conf = ssl_sect
+
+[ssl_sect]
+server = server_section
+
+[server_section]
+RSA.Certificate = server-rsa.pem
+ECDSA.Certificate = server-ecdsa.pem
+Ciphers = ALL:!RC4
+ +

An application could call:

+ +
if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) {
+    fprintf(stderr, "Error processing config file\n");
+    goto err;
+}
+
+ctx = SSL_CTX_new(TLS_server_method());
+
+if (SSL_CTX_config(ctx, "server") == 0) {
+    fprintf(stderr, "Error configuring server.\n");
+    goto err;
+}
+ +

In this example two certificates and the cipher list are configured without the need for any additional application code.

+ +

SEE ALSO

+ +

config(5), SSL_CONF_cmd(3), CONF_modules_load_file(3)

+ +

HISTORY

+ +

The SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_ctrl.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_ctrl.html new file mode 100644 index 00000000..d9aeb1b7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_ctrl.html @@ -0,0 +1,60 @@ + + + + +SSL_CTX_ctrl + + + + + + + + + + +

NAME

+ +

SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl - internal handling functions for SSL_CTX and SSL objects

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)());
+
+long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+long SSL_callback_ctrl(SSL *, int cmd, void (*fp)());
+ +

DESCRIPTION

+ +

The SSL_*_ctrl() family of functions is used to manipulate settings of the SSL_CTX and SSL objects. Depending on the command cmd the arguments larg, parg, or fp are evaluated. These functions should never be called directly. All functionalities needed are made available via other functions or macros.

+ +

RETURN VALUES

+ +

The return values of the SSL*_ctrl() functions depend on the command supplied via the cmd parameter.

+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_dane_enable.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_dane_enable.html new file mode 100644 index 00000000..42f4684d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_dane_enable.html @@ -0,0 +1,252 @@ + + + + +SSL_CTX_dane_enable + + + + + + + + + + +

NAME

+ +

SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa, SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, SSL_dane_set_flags, SSL_dane_clear_flags - enable DANE TLS authentication of the remote TLS server in the local TLS client

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_dane_enable(SSL_CTX *ctx);
+int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
+                           uint8_t mtype, uint8_t ord);
+int SSL_dane_enable(SSL *s, const char *basedomain);
+int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+                      uint8_t mtype, unsigned const char *data, size_t dlen);
+int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
+int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+                       uint8_t *mtype, unsigned const char **data,
+                       size_t *dlen);
+unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
+unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
+unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
+unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
+ +

DESCRIPTION

+ +

These functions implement support for DANE TLSA (RFC6698 and RFC7671) peer authentication.

+ +

SSL_CTX_dane_enable() must be called first to initialize the shared state required for DANE support. Individual connections associated with the context can then enable per-connection DANE support as appropriate. DANE authentication is implemented in the X509_verify_cert(3) function, and applications that override X509_verify_cert(3) via SSL_CTX_set_cert_verify_callback(3) are responsible to authenticate the peer chain in whatever manner they see fit.

+ +

SSL_CTX_dane_mtype_set() may then be called zero or more times to adjust the supported digest algorithms. This must be done before any SSL handles are created for the context.

+ +

The mtype argument specifies a DANE TLSA matching type and the md argument specifies the associated digest algorithm handle. The ord argument specifies a strength ordinal. Algorithms with a larger strength ordinal are considered more secure. Strength ordinals are used to implement RFC7671 digest algorithm agility. Specifying a NULL digest algorithm for a matching type disables support for that matching type. Matching type Full(0) cannot be modified or disabled.

+ +

By default, matching type SHA2-256(1) (see RFC7218 for definitions of the DANE TLSA parameter acronyms) is mapped to EVP_sha256() with a strength ordinal of 1 and matching type SHA2-512(2) is mapped to EVP_sha512() with a strength ordinal of 2.

+ +

SSL_dane_enable() must be called before the SSL handshake is initiated with SSL_connect(3) if (and only if) you want to enable DANE for that connection. (The connection must be associated with a DANE-enabled SSL context). The basedomain argument specifies the RFC7671 TLSA base domain, which will be the primary peer reference identifier for certificate name checks. Additional server names can be specified via SSL_add1_host(3). The basedomain is used as the default SNI hint if none has yet been specified via SSL_set_tlsext_host_name(3).

+ +

SSL_dane_tlsa_add() may then be called one or more times, to load each of the TLSA records that apply to the remote TLS peer. (This too must be done prior to the beginning of the SSL handshake). The arguments specify the fields of the TLSA record. The data field is provided in binary (wire RDATA) form, not the hexadecimal ASCII presentation form, with an explicit length passed via dlen. The library takes a copy of the data buffer contents and the caller may free the original data buffer when convenient. A return value of 0 indicates that "unusable" TLSA records (with invalid or unsupported parameters) were provided. A negative return value indicates an internal error in processing the record.

+ +

The caller is expected to check the return value of each SSL_dane_tlsa_add() call and take appropriate action if none are usable or an internal error is encountered in processing some records.

+ +

If no TLSA records are added successfully, DANE authentication is not enabled, and authentication will be based on any configured traditional trust-anchors; authentication success in this case does not mean that the peer was DANE-authenticated.

+ +

SSL_get0_dane_authority() can be used to get more detailed information about the matched DANE trust-anchor after successful connection completion. The return value is negative if DANE verification failed (or was not enabled), 0 if an EE TLSA record directly matched the leaf certificate, or a positive number indicating the depth at which a TA record matched an issuer certificate. The complete verified chain can be retrieved via SSL_get0_verified_chain(3). The return value is an index into this verified chain, rather than the list of certificates sent by the peer as returned by SSL_get_peer_cert_chain(3).

+ +

If the mcert argument is not NULL and a TLSA record matched a chain certificate, a pointer to the matching certificate is returned via mcert. The returned address is a short-term internal reference to the certificate and must not be freed by the application. Applications that want to retain access to the certificate can call X509_up_ref(3) to obtain a long-term reference which must then be freed via X509_free(3) once no longer needed.

+ +

If no TLSA records directly matched any elements of the certificate chain, but a DANE-TA(2) SPKI(1) Full(0) record provided the public key that signed an element of the chain, then that key is returned via mspki argument (if not NULL). In this case the return value is the depth of the top-most element of the validated certificate chain. As with mcert this is a short-term internal reference, and EVP_PKEY_up_ref(3) and EVP_PKEY_free(3) can be used to acquire and release long-term references respectively.

+ +

SSL_get0_dane_tlsa() can be used to retrieve the fields of the TLSA record that matched the peer certificate chain. The return value indicates the match depth or failure to match just as with SSL_get0_dane_authority(). When the return value is non-negative, the storage pointed to by the usage, selector, mtype and data parameters is updated to the corresponding TLSA record fields. The data field is in binary wire form, and is therefore not NUL-terminated, its length is returned via the dlen parameter. If any of these parameters is NULL, the corresponding field is not returned. The data parameter is set to a short-term internal-copy of the associated data field and must not be freed by the application. Applications that need long-term access to this field need to copy the content.

+ +

SSL_CTX_dane_set_flags() and SSL_dane_set_flags() can be used to enable optional DANE verification features. SSL_CTX_dane_clear_flags() and SSL_dane_clear_flags() can be used to disable the same features. The flags argument is a bitmask of the features to enable or disable. The flags set for an SSL_CTX context are copied to each SSL handle associated with that context at the time the handle is created. Subsequent changes in the context's flags have no effect on the flags set for the handle.

+ +

At present, the only available option is DANE_FLAG_NO_DANE_EE_NAMECHECKS which can be used to disable server name checks when authenticating via DANE-EE(3) TLSA records. For some applications, primarily web browsers, it is not safe to disable name checks due to "unknown key share" attacks, in which a malicious server can convince a client that a connection to a victim server is instead a secure connection to the malicious server. The malicious server may then be able to violate cross-origin scripting restrictions. Thus, despite the text of RFC7671, name checks are by default enabled for DANE-EE(3) TLSA records, and can be disabled in applications where it is safe to do so. In particular, SMTP and XMPP clients should set this option as SRV and MX records already make it possible for a remote domain to redirect client connections to any server of its choice, and in any case SMTP and XMPP clients do not execute scripts downloaded from remote servers.

+ +

RETURN VALUES

+ +

The functions SSL_CTX_dane_enable(), SSL_CTX_dane_mtype_set(), SSL_dane_enable() and SSL_dane_tlsa_add() return a positive value on success. Negative return values indicate resource problems (out of memory, etc.) in the SSL library, while a return value of 0 indicates incorrect usage or invalid input, such as an unsupported TLSA record certificate usage, selector or matching type. Invalid input also includes malformed data, either a digest length that does not match the digest algorithm, or a Full(0) (binary ASN.1 DER form) certificate or a public key that fails to parse.

+ +

The functions SSL_get0_dane_authority() and SSL_get0_dane_tlsa() return a negative value when DANE authentication failed or was not enabled, a non-negative value indicates the chain depth at which the TLSA record matched a chain certificate, or the depth of the top-most certificate, when the TLSA record is a full public key that is its signer.

+ +

The functions SSL_CTX_dane_set_flags(), SSL_CTX_dane_clear_flags(), SSL_dane_set_flags() and SSL_dane_clear_flags() return the flags in effect before they were called.

+ +

EXAMPLES

+ +

Suppose "smtp.example.com" is the MX host of the domain "example.com", and has DNSSEC-validated TLSA records. The calls below will perform DANE authentication and arrange to match either the MX hostname or the destination domain name in the SMTP server certificate. Wildcards are supported, but must match the entire label. The actual name matched in the certificate (which might be a wildcard) is retrieved, and must be copied by the application if it is to be retained beyond the lifetime of the SSL connection.

+ +
SSL_CTX *ctx;
+SSL *ssl;
+int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL;
+int num_usable = 0;
+const char *nexthop_domain = "example.com";
+const char *dane_tlsa_domain = "smtp.example.com";
+uint8_t usage, selector, mtype;
+
+if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
+    /* error */
+if (SSL_CTX_dane_enable(ctx) <= 0)
+    /* error */
+if ((ssl = SSL_new(ctx)) == NULL)
+    /* error */
+if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0)
+    /* error */
+
+/*
+ * For many applications it is safe to skip DANE-EE(3) namechecks.  Do not
+ * disable the checks unless "unknown key share" attacks pose no risk for
+ * your application.
+ */
+SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
+
+if (!SSL_add1_host(ssl, nexthop_domain))
+    /* error */
+SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+
+for (... each TLSA record ...) {
+    unsigned char *data;
+    size_t len;
+    int ret;
+
+    /* set usage, selector, mtype, data, len */
+
+    /*
+     * Opportunistic DANE TLS clients support only DANE-TA(2) or DANE-EE(3).
+     * They treat all other certificate usages, and in particular PKIX-TA(0)
+     * and PKIX-EE(1), as unusable.
+     */
+    switch (usage) {
+    default:
+    case 0:     /* PKIX-TA(0) */
+    case 1:     /* PKIX-EE(1) */
+        continue;
+    case 2:     /* DANE-TA(2) */
+    case 3:     /* DANE-EE(3) */
+        break;
+    }
+
+    ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len);
+    /* free data as appropriate */
+
+    if (ret < 0)
+        /* handle SSL library internal error */
+    else if (ret == 0)
+        /* handle unusable TLSA record */
+    else
+        ++num_usable;
+}
+
+/*
+ * At this point, the verification mode is still the default SSL_VERIFY_NONE.
+ * Opportunistic DANE clients use unauthenticated TLS when all TLSA records
+ * are unusable, so continue the handshake even if authentication fails.
+ */
+if (num_usable == 0) {
+    /* Log all records unusable? */
+
+    /* Optionally set verify_cb to a suitable non-NULL callback. */
+    SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb);
+} else {
+    /* At least one usable record.  We expect to verify the peer */
+
+    /* Optionally set verify_cb to a suitable non-NULL callback. */
+
+    /*
+     * Below we elect to fail the handshake when peer verification fails.
+     * Alternatively, use the permissive SSL_VERIFY_NONE verification mode,
+     * complete the handshake, check the verification status, and if not
+     * verified disconnect gracefully at the application layer, especially if
+     * application protocol supports informing the server that authentication
+     * failed.
+     */
+    SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb);
+}
+
+/*
+ * Load any saved session for resumption, making sure that the previous
+ * session applied the same security and authentication requirements that
+ * would be expected of a fresh connection.
+ */
+
+/* Perform SSL_connect() handshake and handle errors here */
+
+if (SSL_session_reused(ssl)) {
+    if (SSL_get_verify_result(ssl) == X509_V_OK) {
+        /*
+         * Resumed session was originally verified, this connection is
+         * authenticated.
+         */
+    } else {
+        /*
+         * Resumed session was not originally verified, this connection is not
+         * authenticated.
+         */
+    }
+} else if (SSL_get_verify_result(ssl) == X509_V_OK) {
+    const char *peername = SSL_get0_peername(ssl);
+    EVP_PKEY *mspki = NULL;
+
+    int depth = SSL_get0_dane_authority(ssl, NULL, &mspki);
+    if (depth >= 0) {
+        (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL);
+        printf("DANE TLSA %d %d %d %s at depth %d\n", usage, selector, mtype,
+               (mspki != NULL) ? "TA public key verified certificate" :
+               depth ? "matched TA certificate" : "matched EE certificate",
+               depth);
+    }
+    if (peername != NULL) {
+        /* Name checks were in scope and matched the peername */
+        printf("Verified peername: %s\n", peername);
+    }
+} else {
+    /*
+     * Not authenticated, presumably all TLSA rrs unusable, but possibly a
+     * callback suppressed connection termination despite the presence of
+     * usable TLSA RRs none of which matched.  Do whatever is appropriate for
+     * fresh unauthenticated connections.
+     */
+}
+ +

NOTES

+ +

It is expected that the majority of clients employing DANE TLS will be doing "opportunistic DANE TLS" in the sense of RFC7672 and RFC7435. That is, they will use DANE authentication when DNSSEC-validated TLSA records are published for a given peer, and otherwise will use unauthenticated TLS or even cleartext.

+ +

Such applications should generally treat any TLSA records published by the peer with usages PKIX-TA(0) and PKIX-EE(1) as "unusable", and should not include them among the TLSA records used to authenticate peer connections. In addition, some TLSA records with supported usages may be "unusable" as a result of invalid or unsupported parameters.

+ +

When a peer has TLSA records, but none are "usable", an opportunistic application must avoid cleartext, but cannot authenticate the peer, and so should generally proceed with an unauthenticated connection. Opportunistic applications need to note the return value of each call to SSL_dane_tlsa_add(), and if all return 0 (due to invalid or unsupported parameters) disable peer authentication by calling SSL_set_verify(3) with mode equal to SSL_VERIFY_NONE.

+ +

SEE ALSO

+ +

SSL_new(3), SSL_add1_host(3), SSL_set_hostflags(3), SSL_set_tlsext_host_name(3), SSL_set_verify(3), SSL_CTX_set_cert_verify_callback(3), SSL_get0_verified_chain(3), SSL_get_peer_cert_chain(3), SSL_get_verify_result(3), SSL_connect(3), SSL_get0_peername(3), X509_verify_cert(3), X509_up_ref(3), X509_free(3), EVP_get_digestbyname(3), EVP_PKEY_up_ref(3), EVP_PKEY_free(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_flush_sessions.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_flush_sessions.html new file mode 100644 index 00000000..1973598d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_flush_sessions.html @@ -0,0 +1,65 @@ + + + + +SSL_CTX_flush_sessions + + + + + + + + + + +

NAME

+ +

SSL_CTX_flush_sessions - remove expired sessions

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
+ +

DESCRIPTION

+ +

SSL_CTX_flush_sessions() causes a run through the session cache of ctx to remove sessions expired at time tm.

+ +

NOTES

+ +

If enabled, the internal session cache will collect all sessions established up to the specified maximum number (see SSL_CTX_sess_set_cache_size()). As sessions will not be reused ones they are expired, they should be removed from the cache to save resources. This can either be done automatically whenever 255 new sessions were established (see SSL_CTX_set_session_cache_mode(3)) or manually by calling SSL_CTX_flush_sessions().

+ +

The parameter tm specifies the time which should be used for the expiration test, in most cases the actual time given by time(0) will be used.

+ +

SSL_CTX_flush_sessions() will only check sessions stored in the internal cache. When a session is found and removed, the remove_session_cb is however called to synchronize with the external cache (see SSL_CTX_sess_set_get_cb(3)).

+ +

RETURN VALUES

+ +

SSL_CTX_flush_sessions() does not return a value.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_session_cache_mode(3), SSL_CTX_set_timeout(3), SSL_CTX_sess_set_get_cb(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_free.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_free.html new file mode 100644 index 00000000..b1844a21 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_free.html @@ -0,0 +1,65 @@ + + + + +SSL_CTX_free + + + + + + + + + + +

NAME

+ +

SSL_CTX_free - free an allocated SSL_CTX object

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_free(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_free() decrements the reference count of ctx, and removes the SSL_CTX object pointed to by ctx and frees up the allocated memory if the reference count has reached 0.

+ +

It also calls the free()ing procedures for indirectly affected items, if applicable: the session cache, the list of ciphers, the list of Client CAs, the certificates and keys.

+ +

If ctx is NULL nothing is done.

+ +

WARNINGS

+ +

If a session-remove callback is set (SSL_CTX_sess_set_remove_cb()), this callback will be called for each session being freed from ctx's session cache. This implies, that all corresponding sessions from an external session cache are removed as well. If this is not desired, the user should explicitly unset the callback by calling SSL_CTX_sess_set_remove_cb(ctx, NULL) prior to calling SSL_CTX_free().

+ +

RETURN VALUES

+ +

SSL_CTX_free() does not provide diagnostic information.

+ +

SEE ALSO

+ +

SSL_CTX_new(3), ssl(7), SSL_CTX_sess_set_get_cb(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_get0_param.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_get0_param.html new file mode 100644 index 00000000..f87495e2 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_get0_param.html @@ -0,0 +1,81 @@ + + + + +SSL_CTX_get0_param + + + + + + + + + + +

NAME

+ +

SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param - get and set verification parameters

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
+int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
+ +

DESCRIPTION

+ +

SSL_CTX_get0_param() and SSL_get0_param() retrieve an internal pointer to the verification parameters for ctx or ssl respectively. The returned pointer must not be freed by the calling application.

+ +

SSL_CTX_set1_param() and SSL_set1_param() set the verification parameters to vpm for ctx or ssl.

+ +

NOTES

+ +

Typically parameters are retrieved from an SSL_CTX or SSL structure using SSL_CTX_get0_param() or SSL_get0_param() and an application modifies them to suit its needs: for example to add a hostname check.

+ +

RETURN VALUES

+ +

SSL_CTX_get0_param() and SSL_get0_param() return a pointer to an X509_VERIFY_PARAM structure.

+ +

SSL_CTX_set1_param() and SSL_set1_param() return 1 for success and 0 for failure.

+ +

EXAMPLES

+ +

Check hostname matches "www.foo.com" in peer certificate:

+ +
X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl);
+X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0);
+ +

SEE ALSO

+ +

X509_VERIFY_PARAM_set_flags(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_get_verify_mode.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_get_verify_mode.html new file mode 100644 index 00000000..44bc3b05 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_get_verify_mode.html @@ -0,0 +1,71 @@ + + + + +SSL_CTX_get_verify_mode + + + + + + + + + + +

NAME

+ +

SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback - get currently set verification parameters

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
+int SSL_get_verify_mode(const SSL *ssl);
+int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
+int SSL_get_verify_depth(const SSL *ssl);
+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
+int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *);
+ +

DESCRIPTION

+ +

SSL_CTX_get_verify_mode() returns the verification mode currently set in ctx.

+ +

SSL_get_verify_mode() returns the verification mode currently set in ssl.

+ +

SSL_CTX_get_verify_depth() returns the verification depth limit currently set in ctx. If no limit has been explicitly set, -1 is returned and the default value will be used.

+ +

SSL_get_verify_depth() returns the verification depth limit currently set in ssl. If no limit has been explicitly set, -1 is returned and the default value will be used.

+ +

SSL_CTX_get_verify_callback() returns a function pointer to the verification callback currently set in ctx. If no callback was explicitly set, the NULL pointer is returned and the default callback will be used.

+ +

SSL_get_verify_callback() returns a function pointer to the verification callback currently set in ssl. If no callback was explicitly set, the NULL pointer is returned and the default callback will be used.

+ +

RETURN VALUES

+ +

See DESCRIPTION

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_verify(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_has_client_custom_ext.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_has_client_custom_ext.html new file mode 100644 index 00000000..4ee01e99 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_has_client_custom_ext.html @@ -0,0 +1,56 @@ + + + + +SSL_CTX_has_client_custom_ext + + + + + + + + + + +

NAME

+ +

SSL_CTX_has_client_custom_ext - check whether a handler exists for a particular client extension type

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type);
+ +

DESCRIPTION

+ +

SSL_CTX_has_client_custom_ext() checks whether a handler has been set for a client extension of type ext_type using SSL_CTX_add_client_custom_ext().

+ +

RETURN VALUES

+ +

Returns 1 if a handler has been set, 0 otherwise.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_add_client_custom_ext(3)

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_load_verify_locations.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_load_verify_locations.html new file mode 100644 index 00000000..369a444e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_load_verify_locations.html @@ -0,0 +1,131 @@ + + + + +SSL_CTX_load_verify_locations + + + + + + + + + + +

NAME

+ +

SSL_CTX_load_verify_locations, SSL_CTX_set_default_verify_paths, SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file - set default locations for trusted CA certificates

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                  const char *CApath);
+
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+
+int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
+
+int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_load_verify_locations() specifies the locations for ctx, at which CA certificates for verification purposes are located. The certificates available via CAfile and CApath are trusted.

+ +

SSL_CTX_set_default_verify_paths() specifies that the default locations from which CA certificates are loaded should be used. There is one default directory and one default file. The default CA certificates directory is called "certs" in the default OpenSSL directory. Alternatively the SSL_CERT_DIR environment variable can be defined to override this location. The default CA certificates file is called "cert.pem" in the default OpenSSL directory. Alternatively the SSL_CERT_FILE environment variable can be defined to override this location.

+ +

SSL_CTX_set_default_verify_dir() is similar to SSL_CTX_set_default_verify_paths() except that just the default directory is used.

+ +

SSL_CTX_set_default_verify_file() is similar to SSL_CTX_set_default_verify_paths() except that just the default file is used.

+ +

NOTES

+ +

If CAfile is not NULL, it points to a file of CA certificates in PEM format. The file can contain several CA certificates identified by

+ +
-----BEGIN CERTIFICATE-----
+... (CA certificate in base64 encoding) ...
+-----END CERTIFICATE-----
+ +

sequences. Before, between, and after the certificates text is allowed which can be used e.g. for descriptions of the certificates.

+ +

The CAfile is processed on execution of the SSL_CTX_load_verify_locations() function.

+ +

If CApath is not NULL, it points to a directory containing CA certificates in PEM format. The files each contain one CA certificate. The files are looked up by the CA subject name hash value, which must hence be available. If more than one CA certificate with the same name hash value exist, the extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in the ordering of the extension number, regardless of other properties of the certificates. Use the c_rehash utility to create the necessary links.

+ +

The certificates in CApath are only looked up when required, e.g. when building the certificate chain or when actually performing the verification of a peer certificate.

+ +

When looking up CA certificates, the OpenSSL library will first search the certificates in CAfile, then those in CApath. Certificate matching is done based on the subject name, the key identifier (if present), and the serial number as taken from the certificate to be verified. If these data do not match, the next certificate will be tried. If a first certificate matching the parameters is found, the verification process will be performed; no other certificates for the same parameters will be searched in case of failure.

+ +

In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list is not influenced by the contents of CAfile or CApath and must explicitly be set using the SSL_CTX_set_client_CA_list(3) family of functions.

+ +

When building its own certificate chain, an OpenSSL client/server will try to fill in missing certificates from CAfile/CApath, if the certificate chain was not explicitly specified (see SSL_CTX_add_extra_chain_cert(3), SSL_CTX_use_certificate(3).

+ +

WARNINGS

+ +

If several CA certificates matching the name, key identifier, and serial number condition are available, only the first one will be examined. This may lead to unexpected results if the same CA certificate is available with different expiration dates. If a "certificate expired" verification error occurs, no other certificate will be searched. Make sure to not have expired certificates mixed with valid ones.

+ +

RETURN VALUES

+ +

For SSL_CTX_load_verify_locations the following return values can occur:

+ +
+ +
0
+
+ +

The operation failed because CAfile and CApath are NULL or the processing at one of the locations specified failed. Check the error stack to find out the reason.

+ +
+
1
+
+ +

The operation succeeded.

+ +
+
+ +

SSL_CTX_set_default_verify_paths(), SSL_CTX_set_default_verify_dir() and SSL_CTX_set_default_verify_file() all return 1 on success or 0 on failure. A missing default location is still treated as a success.

+ +

EXAMPLES

+ +

Generate a CA certificate file with descriptive text from the CA certificates ca1.pem ca2.pem ca3.pem:

+ +
#!/bin/sh
+rm CAfile.pem
+for i in ca1.pem ca2.pem ca3.pem ; do
+    openssl x509 -in $i -text >> CAfile.pem
+done
+ +

Prepare the directory /some/where/certs containing several CA certificates for use as CApath:

+ +
cd /some/where/certs
+c_rehash .
+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_client_CA_list(3), SSL_get_client_CA_list(3), SSL_CTX_use_certificate(3), SSL_CTX_add_extra_chain_cert(3), SSL_CTX_set_cert_store(3), SSL_CTX_set_client_CA_list(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_new.html new file mode 100644 index 00000000..b8fba1be --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_new.html @@ -0,0 +1,205 @@ + + + + +SSL_CTX_new + + + + + + + + + + +

NAME

+ +

TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method - create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled functions

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
+int SSL_CTX_up_ref(SSL_CTX *ctx);
+
+const SSL_METHOD *TLS_method(void);
+const SSL_METHOD *TLS_server_method(void);
+const SSL_METHOD *TLS_client_method(void);
+
+const SSL_METHOD *SSLv23_method(void);
+const SSL_METHOD *SSLv23_server_method(void);
+const SSL_METHOD *SSLv23_client_method(void);
+
+#ifndef OPENSSL_NO_SSL3_METHOD
+const SSL_METHOD *SSLv3_method(void);
+const SSL_METHOD *SSLv3_server_method(void);
+const SSL_METHOD *SSLv3_client_method(void);
+#endif
+
+#ifndef OPENSSL_NO_TLS1_METHOD
+const SSL_METHOD *TLSv1_method(void);
+const SSL_METHOD *TLSv1_server_method(void);
+const SSL_METHOD *TLSv1_client_method(void);
+#endif
+
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+const SSL_METHOD *TLSv1_1_method(void);
+const SSL_METHOD *TLSv1_1_server_method(void);
+const SSL_METHOD *TLSv1_1_client_method(void);
+#endif
+
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+const SSL_METHOD *TLSv1_2_method(void);
+const SSL_METHOD *TLSv1_2_server_method(void);
+const SSL_METHOD *TLSv1_2_client_method(void);
+#endif
+
+const SSL_METHOD *DTLS_method(void);
+const SSL_METHOD *DTLS_server_method(void);
+const SSL_METHOD *DTLS_client_method(void);
+
+#ifndef OPENSSL_NO_DTLS1_METHOD
+const SSL_METHOD *DTLSv1_method(void);
+const SSL_METHOD *DTLSv1_server_method(void);
+const SSL_METHOD *DTLSv1_client_method(void);
+#endif
+
+#ifndef OPENSSL_NO_DTLS1_2_METHOD
+const SSL_METHOD *DTLSv1_2_method(void);
+const SSL_METHOD *DTLSv1_2_server_method(void);
+const SSL_METHOD *DTLSv1_2_client_method(void);
+#endif
+ +

DESCRIPTION

+ +

SSL_CTX_new() creates a new SSL_CTX object as framework to establish TLS/SSL or DTLS enabled connections. An SSL_CTX object is reference counted. Creating an SSL_CTX object for the first time increments the reference count. Freeing it (using SSL_CTX_free) decrements it. When the reference count drops to zero, any memory or resources allocated to the SSL_CTX object are freed. SSL_CTX_up_ref() increments the reference count for an existing SSL_CTX structure.

+ +

NOTES

+ +

The SSL_CTX object uses method as connection method. The methods exist in a generic type (for client and server use), a server only type, and a client only type. method can be of the following types:

+ +
+ +
TLS_method(), TLS_server_method(), TLS_client_method()
+
+ +

These are the general-purpose version-flexible SSL/TLS methods. The actual protocol version used will be negotiated to the highest version mutually supported by the client and the server. The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. Applications should use these methods, and avoid the version-specific methods described below, which are deprecated.

+ +
+
SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()
+
+ +

These functions do not exist anymore, they have been renamed to TLS_method(), TLS_server_method() and TLS_client_method() respectively. Currently, the old function calls are renamed to the corresponding new ones by preprocessor macros, to ensure that existing code which uses the old function names still compiles. However, using the old function names is deprecated and new code should call the new functions instead.

+ +
+
TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()
+
+ +

A TLS/SSL connection established with these methods will only understand the TLSv1.2 protocol. These methods are deprecated.

+ +
+
TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()
+
+ +

A TLS/SSL connection established with these methods will only understand the TLSv1.1 protocol. These methods are deprecated.

+ +
+
TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()
+
+ +

A TLS/SSL connection established with these methods will only understand the TLSv1 protocol. These methods are deprecated.

+ +
+
SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()
+
+ +

A TLS/SSL connection established with these methods will only understand the SSLv3 protocol. The SSLv3 protocol is deprecated and should not be used.

+ +
+
DTLS_method(), DTLS_server_method(), DTLS_client_method()
+
+ +

These are the version-flexible DTLS methods. Currently supported protocols are DTLS 1.0 and DTLS 1.2.

+ +
+
DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()
+
+ +

These are the version-specific methods for DTLSv1.2. These methods are deprecated.

+ +
+
DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()
+
+ +

These are the version-specific methods for DTLSv1. These methods are deprecated.

+ +
+
+ +

SSL_CTX_new() initializes the list of ciphers, the session cache setting, the callbacks, the keys and certificates and the options to their default values.

+ +

TLS_method(), TLS_server_method(), TLS_client_method(), DTLS_method(), DTLS_server_method() and DTLS_client_method() are the version-flexible methods. All other methods only support one specific protocol version. Use the version-flexible methods instead of the version specific methods.

+ +

If you want to limit the supported protocols for the version flexible methods you can use SSL_CTX_set_min_proto_version(3), SSL_set_min_proto_version(3), SSL_CTX_set_max_proto_version(3) and SSL_set_max_proto_version(3) functions. Using these functions it is possible to choose e.g. TLS_server_method() and be able to negotiate with all possible clients, but to only allow newer protocols like TLS 1.0, TLS 1.1, TLS 1.2 or TLS 1.3.

+ +

The list of protocols available can also be limited using the SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_3, SSL_OP_NO_TLSv1_2 and SSL_OP_NO_TLSv1_3 options of the SSL_CTX_set_options(3) or SSL_set_options(3) functions, but this approach is not recommended. Clients should avoid creating "holes" in the set of protocols they support. When disabling a protocol, make sure that you also disable either all previous or all subsequent protocol versions. In clients, when a protocol version is disabled without disabling all previous protocol versions, the effect is to also disable all subsequent protocol versions.

+ +

The SSLv3 protocol is deprecated and should generally not be used. Applications should typically use SSL_CTX_set_min_proto_version(3) to set the minimum protocol to at least TLS1_VERSION.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
NULL
+
+ +

The creation of a new SSL_CTX object failed. Check the error stack to find out the reason.

+ +
+
Pointer to an SSL_CTX object
+
+ +

The return value points to an allocated SSL_CTX object.

+ +

SSL_CTX_up_ref() returns 1 for success and 0 for failure.

+ +
+
+ +

SEE ALSO

+ +

SSL_CTX_set_options(3), SSL_CTX_free(3), SSL_accept(3), SSL_CTX_set_min_proto_version(3), ssl(7), SSL_set_connect_state(3)

+ +

HISTORY

+ +

Support for SSLv2 and the corresponding SSLv2_method(), SSLv2_server_method() and SSLv2_client_method() functions where removed in OpenSSL 1.1.0.

+ +

SSLv23_method(), SSLv23_server_method() and SSLv23_client_method() were deprecated and the preferred TLS_method(), TLS_server_method() and TLS_client_method() functions were added in OpenSSL 1.1.0.

+ +

All version-specific methods were deprecated in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_sess_number.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_sess_number.html new file mode 100644 index 00000000..a40f8b64 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_sess_number.html @@ -0,0 +1,89 @@ + + + + +SSL_CTX_sess_number + + + + + + + + + + +

NAME

+ +

SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full - obtain session cache statistics

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_sess_number(SSL_CTX *ctx);
+long SSL_CTX_sess_connect(SSL_CTX *ctx);
+long SSL_CTX_sess_connect_good(SSL_CTX *ctx);
+long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);
+long SSL_CTX_sess_accept(SSL_CTX *ctx);
+long SSL_CTX_sess_accept_good(SSL_CTX *ctx);
+long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);
+long SSL_CTX_sess_hits(SSL_CTX *ctx);
+long SSL_CTX_sess_cb_hits(SSL_CTX *ctx);
+long SSL_CTX_sess_misses(SSL_CTX *ctx);
+long SSL_CTX_sess_timeouts(SSL_CTX *ctx);
+long SSL_CTX_sess_cache_full(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_sess_number() returns the current number of sessions in the internal session cache.

+ +

SSL_CTX_sess_connect() returns the number of started SSL/TLS handshakes in client mode.

+ +

SSL_CTX_sess_connect_good() returns the number of successfully established SSL/TLS sessions in client mode.

+ +

SSL_CTX_sess_connect_renegotiate() returns the number of started renegotiations in client mode.

+ +

SSL_CTX_sess_accept() returns the number of started SSL/TLS handshakes in server mode.

+ +

SSL_CTX_sess_accept_good() returns the number of successfully established SSL/TLS sessions in server mode.

+ +

SSL_CTX_sess_accept_renegotiate() returns the number of started renegotiations in server mode.

+ +

SSL_CTX_sess_hits() returns the number of successfully reused sessions. In client mode a session set with SSL_set_session(3) successfully reused is counted as a hit. In server mode a session successfully retrieved from internal or external cache is counted as a hit.

+ +

SSL_CTX_sess_cb_hits() returns the number of successfully retrieved sessions from the external session cache in server mode.

+ +

SSL_CTX_sess_misses() returns the number of sessions proposed by clients that were not found in the internal session cache in server mode.

+ +

SSL_CTX_sess_timeouts() returns the number of sessions proposed by clients and either found in the internal or external session cache in server mode, but that were invalid due to timeout. These sessions are not included in the SSL_CTX_sess_hits() count.

+ +

SSL_CTX_sess_cache_full() returns the number of sessions that were removed because the maximum session cache size was exceeded.

+ +

RETURN VALUES

+ +

The functions return the values indicated in the DESCRIPTION section.

+ +

SEE ALSO

+ +

ssl(7), SSL_set_session(3), SSL_CTX_set_session_cache_mode(3) SSL_CTX_sess_set_cache_size(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_sess_set_cache_size.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_sess_set_cache_size.html new file mode 100644 index 00000000..a10dc722 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_sess_set_cache_size.html @@ -0,0 +1,70 @@ + + + + +SSL_CTX_sess_set_cache_size + + + + + + + + + + +

NAME

+ +

SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size - manipulate session cache size

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t);
+long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_sess_set_cache_size() sets the size of the internal session cache of context ctx to t. This value is a hint and not an absolute; see the notes below.

+ +

SSL_CTX_sess_get_cache_size() returns the currently valid session cache size.

+ +

NOTES

+ +

The internal session cache size is SSL_SESSION_CACHE_MAX_SIZE_DEFAULT, currently 1024*20, so that up to 20000 sessions can be held. This size can be modified using the SSL_CTX_sess_set_cache_size() call. A special case is the size 0, which is used for unlimited size.

+ +

If adding the session makes the cache exceed its size, then unused sessions are dropped from the end of the cache. Cache space may also be reclaimed by calling SSL_CTX_flush_sessions(3) to remove expired sessions.

+ +

If the size of the session cache is reduced and more sessions are already in the session cache, old session will be removed at the next time a session shall be added. This removal is not synchronized with the expiration of sessions.

+ +

RETURN VALUES

+ +

SSL_CTX_sess_set_cache_size() returns the previously valid size.

+ +

SSL_CTX_sess_get_cache_size() returns the currently valid size.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_session_cache_mode(3), SSL_CTX_sess_number(3), SSL_CTX_flush_sessions(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_sess_set_get_cb.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_sess_set_get_cb.html new file mode 100644 index 00000000..82e583f7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_sess_set_get_cb.html @@ -0,0 +1,93 @@ + + + + +SSL_CTX_sess_set_get_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb - provide callback functions for server side external session caching

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+                             int (*new_session_cb)(SSL *, SSL_SESSION *));
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+                                void (*remove_session_cb)(SSL_CTX *ctx,
+                                                          SSL_SESSION *));
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+                             SSL_SESSION (*get_session_cb)(SSL *,
+                                                           const unsigned char *,
+                                                           int, int *));
+
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+                                             SSL_SESSION *sess);
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
+                                                 SSL_SESSION *sess);
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+                                                      const unsigned char *data,
+                                                      int len, int *copy);
+ +

DESCRIPTION

+ +

SSL_CTX_sess_set_new_cb() sets the callback function that is called whenever a new session was negotiated.

+ +

SSL_CTX_sess_set_remove_cb() sets the callback function that is called whenever a session is removed by the SSL engine. For example, this can occur because a session is considered faulty or has become obsolete because of exceeding the timeout value.

+ +

SSL_CTX_sess_set_get_cb() sets the callback function that is called whenever a TLS client proposed to resume a session but the session could not be found in the internal session cache (see SSL_CTX_set_session_cache_mode(3)). (TLS server only.)

+ +

SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and SSL_CTX_sess_get_get_cb() retrieve the function pointers set by the corresponding set callback functions. If a callback function has not been set, the NULL pointer is returned.

+ +

NOTES

+ +

In order to allow external session caching, synchronization with the internal session cache is realized via callback functions. Inside these callback functions, session can be saved to disk or put into a database using the d2i_SSL_SESSION(3) interface.

+ +

The new_session_cb() is called whenever a new session has been negotiated and session caching is enabled (see SSL_CTX_set_session_cache_mode(3)). The new_session_cb() is passed the ssl connection and the nascent ssl session sess. Since sessions are reference-counted objects, the reference count on the session is incremented before the callback, on behalf of the application. If the callback returns 0, the session will be immediately removed from the internal cache and the reference count released. If the callback returns 1, the application retains the reference (for an entry in the application-maintained "external session cache"), and is responsible for calling SSL_SESSION_free() when the session reference is no longer in use.

+ +

Note that in TLSv1.3, sessions are established after the main handshake has completed. The server decides when to send the client the session information and this may occur some time after the end of the handshake (or not at all). This means that applications should expect the new_session_cb() function to be invoked during the handshake (for <= TLSv1.2) or after the handshake (for TLSv1.3). It is also possible in TLSv1.3 for multiple sessions to be established with a single connection. In these case the new_session_cb() function will be invoked multiple times.

+ +

In TLSv1.3 it is recommended that each SSL_SESSION object is only used for resumption once. One way of enforcing that is for applications to call SSL_CTX_remove_session(3) after a session has been used.

+ +

The remove_session_cb() is called whenever the SSL engine removes a session from the internal cache. This can happen when the session is removed because it is expired or when a connection was not shutdown cleanly. It also happens for all sessions in the internal session cache when SSL_CTX_free(3) is called. The remove_session_cb() is passed the ctx and the ssl session sess. It does not provide any feedback.

+ +

The get_session_cb() is only called on SSL/TLS servers, and is given the session id proposed by the client. The get_session_cb() is always called, even when session caching was disabled. The get_session_cb() is passed the ssl connection and the session id of length length at the memory location data. By setting the parameter copy to 1, the callback can require the SSL engine to increment the reference count of the SSL_SESSION object; setting copy to 0 causes the reference count to remain unchanged. If the get_session_cb() does not write to copy, the reference count is incremented and the session must be explicitly freed with SSL_SESSION_free(3).

+ +

RETURN VALUES

+ +

SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb() and SSL_CTX_sess_get_get_cb() return different callback function pointers respectively.

+ +

SEE ALSO

+ +

ssl(7), d2i_SSL_SESSION(3), SSL_CTX_set_session_cache_mode(3), SSL_CTX_flush_sessions(3), SSL_SESSION_free(3), SSL_CTX_free(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_sessions.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_sessions.html new file mode 100644 index 00000000..b2990840 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_sessions.html @@ -0,0 +1,61 @@ + + + + +SSL_CTX_sessions + + + + + + + + + + +

NAME

+ +

SSL_CTX_sessions - access internal session cache

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_sessions() returns a pointer to the lhash databases containing the internal session cache for ctx.

+ +

NOTES

+ +

The sessions in the internal session cache are kept in an LHASH(3) type database. It is possible to directly access this database e.g. for searching. In parallel, the sessions form a linked list which is maintained separately from the LHASH(3) operations, so that the database must not be modified directly but by using the SSL_CTX_add_session(3) family of functions.

+ +

RETURN VALUES

+ +

SSL_CTX_sessions() returns a pointer to the lhash of SSL_SESSION.

+ +

SEE ALSO

+ +

ssl(7), LHASH(3), SSL_CTX_add_session(3), SSL_CTX_set_session_cache_mode(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set0_CA_list.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set0_CA_list.html new file mode 100644 index 00000000..76ca3839 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set0_CA_list.html @@ -0,0 +1,130 @@ + + + + +SSL_CTX_set0_CA_list + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_get_client_CA_list, SSL_CTX_get_client_CA_list, SSL_CTX_add_client_CA, SSL_add_client_CA, SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list, SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list, SSL_get0_peer_CA_list - get or set CA list

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
+int SSL_add_client_CA(SSL *ssl, X509 *cacert);
+
+void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
+void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx);
+const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s);
+int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x);
+int SSL_add1_to_CA_list(SSL *ssl, const X509 *x);
+
+const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s);
+ +

DESCRIPTION

+ +

The functions described here set and manage the list of CA names that are sent between two communicating peers.

+ +

For TLS versions 1.2 and earlier the list of CA names is only sent from the server to the client when requesting a client certificate. So any list of CA names set is never sent from client to server and the list of CA names retrieved by SSL_get0_peer_CA_list() is always NULL.

+ +

For TLS 1.3 the list of CA names is sent using the certificate_authorities extension and may be sent by a client (in the ClientHello message) or by a server (when requesting a certificate).

+ +

In most cases it is not necessary to set CA names on the client side. The list of CA names that are acceptable to the client will be sent in plaintext to the server. This has privacy implications and may also have performance implications if the list is large. This optional capability was introduced as part of TLSv1.3 and therefore setting CA names on the client side will have no impact if that protocol version has been disabled. Most servers do not need this and so this should be avoided unless required.

+ +

The "client CA list" functions below only have an effect when called on the server side.

+ +

SSL_CTX_set_client_CA_list() sets the list of CAs sent to the client when requesting a client certificate for ctx. Ownership of list is transferred to ctx and it should not be freed by the caller.

+ +

SSL_set_client_CA_list() sets the list of CAs sent to the client when requesting a client certificate for the chosen ssl, overriding the setting valid for ssl's SSL_CTX object. Ownership of list is transferred to s and it should not be freed by the caller.

+ +

SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for ctx using SSL_CTX_set_client_CA_list(). The returned list should not be freed by the caller.

+ +

SSL_get_client_CA_list() returns the list of client CAs explicitly set for ssl using SSL_set_client_CA_list() or ssl's SSL_CTX object with SSL_CTX_set_client_CA_list(), when in server mode. In client mode, SSL_get_client_CA_list returns the list of client CAs sent from the server, if any. The returned list should not be freed by the caller.

+ +

SSL_CTX_add_client_CA() adds the CA name extracted from cacert to the list of CAs sent to the client when requesting a client certificate for ctx.

+ +

SSL_add_client_CA() adds the CA name extracted from cacert to the list of CAs sent to the client when requesting a client certificate for the chosen ssl, overriding the setting valid for ssl's SSL_CTX object.

+ +

SSL_get0_peer_CA_list() retrieves the list of CA names (if any) the peer has sent. This can be called on either the server or the client side. The returned list should not be freed by the caller.

+ +

The "generic CA list" functions below are very similar to the "client CA list" functions except that they have an effect on both the server and client sides. The lists of CA names managed are separate - so you cannot (for example) set CA names using the "client CA list" functions and then get them using the "generic CA list" functions. Where a mix of the two types of functions has been used on the server side then the "client CA list" functions take precedence. Typically, on the server side, the "client CA list " functions should be used in preference. As noted above in most cases it is not necessary to set CA names on the client side.

+ +

SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to name_list. Ownership of name_list is transferred to ctx and it should not be freed by the caller.

+ +

SSL_set0_CA_list() sets the list of CAs to be sent to the peer to name_list overriding any list set in the parent SSL_CTX of s. Ownership of name_list is transferred to s and it should not be freed by the caller.

+ +

SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for ctx. The returned list should not be freed by the caller.

+ +

SSL_get0_CA_list() retrieves any previously set list of CAs set for s or if none are set the list from the parent SSL_CTX is retrieved. The returned list should not be freed by the caller.

+ +

SSL_CTX_add1_to_CA_list() appends the CA subject name extracted from x to the list of CAs sent to peer for ctx.

+ +

SSL_add1_to_CA_list() appends the CA subject name extracted from x to the list of CAs sent to the peer for s, overriding the setting in the parent SSL_CTX.

+ +

NOTES

+ +

When a TLS/SSL server requests a client certificate (see SSL_CTX_set_verify(3)), it sends a list of CAs, for which it will accept certificates, to the client.

+ +

This list must explicitly be set using SSL_CTX_set_client_CA_list() or SSL_CTX_set0_CA_list() for ctx and SSL_set_client_CA_list() or SSL_set0_CA_list() for the specific ssl. The list specified overrides the previous setting. The CAs listed do not become trusted (list only contains the names, not the complete certificates); use SSL_CTX_load_verify_locations(3) to additionally load them for verification.

+ +

If the list of acceptable CAs is compiled in a file, the SSL_load_client_CA_file(3) function can be used to help to import the necessary data.

+ +

SSL_CTX_add_client_CA(), SSL_CTX_add1_to_CA_list(), SSL_add_client_CA() and SSL_add1_to_CA_list() can be used to add additional items the list of CAs. If no list was specified before using SSL_CTX_set_client_CA_list(), SSL_CTX_set0_CA_list(), SSL_set_client_CA_list() or SSL_set0_CA_list(), a new CA list for ctx or ssl (as appropriate) is opened.

+ +

RETURN VALUES

+ +

SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(), SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(), SSL_CTX_set0_CA_list() and SSL_set0_CA_list() do not return a value.

+ +

SSL_CTX_get_client_CA_list(), SSL_get_client_CA_list(), SSL_CTX_get0_CA_list() and SSL_get0_CA_list() return a stack of CA names or NULL is no CA names are set.

+ +

SSL_CTX_add_client_CA(),SSL_add_client_CA(), SSL_CTX_add1_to_CA_list() and SSL_add1_to_CA_list() return 1 for success and 0 for failure.

+ +

SSL_get0_peer_CA_list() returns a stack of CA names sent by the peer or NULL or an empty stack if no list was sent.

+ +

EXAMPLES

+ +

Scan all certificates in CAfile and list them as acceptable CAs:

+ +
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
+ +

SEE ALSO

+ +

ssl(7), SSL_load_client_CA_file(3), SSL_CTX_load_verify_locations(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set1_curves.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set1_curves.html new file mode 100644 index 00000000..4d026098 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set1_curves.html @@ -0,0 +1,102 @@ + + + + +SSL_CTX_set1_curves + + + + + + + + + + +

NAME

+ +

SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve - EC supported curve functions

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen);
+int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list);
+
+int SSL_set1_groups(SSL *ssl, int *glist, int glistlen);
+int SSL_set1_groups_list(SSL *ssl, char *list);
+
+int SSL_get1_groups(SSL *ssl, int *groups);
+int SSL_get_shared_group(SSL *s, int n);
+
+int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen);
+int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list);
+
+int SSL_set1_curves(SSL *ssl, int *clist, int clistlen);
+int SSL_set1_curves_list(SSL *ssl, char *list);
+
+int SSL_get1_curves(SSL *ssl, int *curves);
+int SSL_get_shared_curve(SSL *s, int n);
+ +

DESCRIPTION

+ +

For all of the functions below that set the supported groups there must be at least one group in the list.

+ +

SSL_CTX_set1_groups() sets the supported groups for ctx to glistlen groups in the array glist. The array consist of all NIDs of groups in preference order. For a TLS client the groups are used directly in the supported groups extension. For a TLS server the groups are used to determine the set of shared groups.

+ +

SSL_CTX_set1_groups_list() sets the supported groups for ctx to string list. The string is a colon separated list of group NIDs or names, for example "P-521:P-384:P-256".

+ +

SSL_set1_groups() and SSL_set1_groups_list() are similar except they set supported groups for the SSL structure ssl.

+ +

SSL_get1_groups() returns the set of supported groups sent by a client in the supported groups extension. It returns the total number of supported groups. The groups parameter can be NULL to simply return the number of groups for memory allocation purposes. The groups array is in the form of a set of group NIDs in preference order. It can return zero if the client did not send a supported groups extension.

+ +

SSL_get_shared_group() returns shared group n for a server-side SSL ssl. If n is -1 then the total number of shared groups is returned, which may be zero. Other than for diagnostic purposes, most applications will only be interested in the first shared group so n is normally set to zero. If the value n is out of range, NID_undef is returned.

+ +

All these functions are implemented as macros.

+ +

The curve functions are synonyms for the equivalently named group functions and are identical in every respect. They exist because, prior to TLS1.3, there was only the concept of supported curves. In TLS1.3 this was renamed to supported groups, and extended to include Diffie Hellman groups. The group functions should be used in preference.

+ +

NOTES

+ +

If an application wishes to make use of several of these functions for configuration purposes either on a command line or in a file it should consider using the SSL_CONF interface instead of manually parsing options.

+ +

RETURN VALUES

+ +

SSL_CTX_set1_groups(), SSL_CTX_set1_groups_list(), SSL_set1_groups() and SSL_set1_groups_list(), return 1 for success and 0 for failure.

+ +

SSL_get1_groups() returns the number of groups, which may be zero.

+ +

SSL_get_shared_group() returns the NID of shared group n or NID_undef if there is no shared group n; or the total number of shared groups if n is -1.

+ +

When called on a client ssl, SSL_get_shared_group() has no meaning and returns -1.

+ +

SEE ALSO

+ +

SSL_CTX_add_extra_chain_cert(3)

+ +

HISTORY

+ +

The curve functions were added in OpenSSL 1.0.2. The equivalent group functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set1_sigalgs.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set1_sigalgs.html new file mode 100644 index 00000000..7efae4fe --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set1_sigalgs.html @@ -0,0 +1,106 @@ + + + + +SSL_CTX_set1_sigalgs + + + + + + + + + + +

NAME

+ +

SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs, SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list, SSL_set1_client_sigalgs_list - set supported signature algorithms

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set1_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen);
+long SSL_set1_sigalgs(SSL *ssl, const int *slist, long slistlen);
+long SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str);
+long SSL_set1_sigalgs_list(SSL *ssl, const char *str);
+
+long SSL_CTX_set1_client_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen);
+long SSL_set1_client_sigalgs(SSL *ssl, const int *slist, long slistlen);
+long SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str);
+long SSL_set1_client_sigalgs_list(SSL *ssl, const char *str);
+ +

DESCRIPTION

+ +

SSL_CTX_set1_sigalgs() and SSL_set1_sigalgs() set the supported signature algorithms for ctx or ssl. The array slist of length slistlen must consist of pairs of NIDs corresponding to digest and public key algorithms.

+ +

SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list() set the supported signature algorithms for ctx or ssl. The str parameter must be a null terminated string consisting of a colon separated list of elements, where each element is either a combination of a public key algorithm and a digest separated by +, or a TLS 1.3-style named SignatureScheme such as rsa_pss_pss_sha256.

+ +

SSL_CTX_set1_client_sigalgs(), SSL_set1_client_sigalgs(), SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() set signature algorithms related to client authentication, otherwise they are identical to SSL_CTX_set1_sigalgs(), SSL_set1_sigalgs(), SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list().

+ +

All these functions are implemented as macros. The signature algorithm parameter (integer array or string) is not freed: the application should free it, if necessary.

+ +

NOTES

+ +

If an application wishes to allow the setting of signature algorithms as one of many user configurable options it should consider using the more flexible SSL_CONF API instead.

+ +

The signature algorithms set by a client are used directly in the supported signature algorithm in the client hello message.

+ +

The supported signature algorithms set by a server are not sent to the client but are used to determine the set of shared signature algorithms and (if server preferences are set with SSL_OP_CIPHER_SERVER_PREFERENCE) their order.

+ +

The client authentication signature algorithms set by a server are sent in a certificate request message if client authentication is enabled, otherwise they are unused.

+ +

Similarly client authentication signature algorithms set by a client are used to determined the set of client authentication shared signature algorithms.

+ +

Signature algorithms will neither be advertised nor used if the security level prohibits them (for example SHA1 if the security level is 4 or more).

+ +

Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and NID_sha512 digest NIDs are supported and the public key algorithm NIDs EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_DSA and EVP_PKEY_EC.

+ +

The short or long name values for digests can be used in a string (for example "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512") and the public key algorithm strings "RSA", "RSA-PSS", "DSA" or "ECDSA".

+ +

The TLS 1.3 signature scheme names (such as "rsa_pss_pss_sha256") can also be used with the _list forms of the API.

+ +

The use of MD5 as a digest is strongly discouraged due to security weaknesses.

+ +

RETURN VALUES

+ +

All these functions return 1 for success and 0 for failure.

+ +

EXAMPLES

+ +

Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA using an array:

+ +
const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA};
+
+SSL_CTX_set1_sigalgs(ctx, slist, 4);
+ +

Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA using a string:

+ +
SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256");
+ +

SEE ALSO

+ +

ssl(7), SSL_get_shared_sigalgs(3), SSL_CONF_CTX_new(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set1_verify_cert_store.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set1_verify_cert_store.html new file mode 100644 index 00000000..8d08b842 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set1_verify_cert_store.html @@ -0,0 +1,90 @@ + + + + +SSL_CTX_set1_verify_cert_store + + + + + + + + + + +

NAME

+ +

SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate verification or chain store

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);
+int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);
+int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
+int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
+
+int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st);
+int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st);
+int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st);
+int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st);
+ +

DESCRIPTION

+ +

SSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store() set the certificate store used for certificate verification to st.

+ +

SSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store() set the certificate store used for certificate chain building to st.

+ +

SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar except they apply to SSL structure ssl.

+ +

All these functions are implemented as macros. Those containing a 1 increment the reference count of the supplied store so it must be freed at some point after the operation. Those containing a 0 do not increment reference counts and the supplied store MUST NOT be freed after the operation.

+ +

NOTES

+ +

The stores pointers associated with an SSL_CTX structure are copied to any SSL structures when SSL_new() is called. As a result SSL structures will not be affected if the parent SSL_CTX store pointer is set to a new value.

+ +

The verification store is used to verify the certificate chain sent by the peer: that is an SSL/TLS client will use the verification store to verify the server's certificate chain and a SSL/TLS server will use it to verify any client certificate chain.

+ +

The chain store is used to build the certificate chain.

+ +

If the mode SSL_MODE_NO_AUTO_CHAIN is set or a certificate chain is configured already (for example using the functions such as SSL_CTX_add1_chain_cert(3) or SSL_CTX_add_extra_chain_cert(3)) then automatic chain building is disabled.

+ +

If the mode SSL_MODE_NO_AUTO_CHAIN is set then automatic chain building is disabled.

+ +

If the chain or the verification store is not set then the store associated with the parent SSL_CTX is used instead to retain compatibility with previous versions of OpenSSL.

+ +

RETURN VALUES

+ +

All these functions return 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

SSL_CTX_add_extra_chain_cert(3) SSL_CTX_set0_chain(3) SSL_CTX_set1_chain(3) SSL_CTX_add0_chain_cert(3) SSL_CTX_add1_chain_cert(3) SSL_set0_chain(3) SSL_set1_chain(3) SSL_add0_chain_cert(3) SSL_add1_chain_cert(3) SSL_CTX_build_cert_chain(3) SSL_build_cert_chain(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_alpn_select_cb.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_alpn_select_cb.html new file mode 100644 index 00000000..7315d486 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_alpn_select_cb.html @@ -0,0 +1,167 @@ + + + + +SSL_CTX_set_alpn_select_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb, SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated - handle application layer protocol negotiation (ALPN)

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+                            unsigned int protos_len);
+int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+                        unsigned int protos_len);
+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+                                int (*cb) (SSL *ssl,
+                                           const unsigned char **out,
+                                           unsigned char *outlen,
+                                           const unsigned char *in,
+                                           unsigned int inlen,
+                                           void *arg), void *arg);
+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+                            unsigned int *len);
+
+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx,
+                                           int (*cb)(SSL *ssl,
+                                                     const unsigned char **out,
+                                                     unsigned int *outlen,
+                                                     void *arg),
+                                           void *arg);
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
+                              int (*cb)(SSL *s,
+                                        unsigned char **out,
+                                        unsigned char *outlen,
+                                        const unsigned char *in,
+                                        unsigned int inlen,
+                                        void *arg),
+                              void *arg);
+int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+                          const unsigned char *server,
+                          unsigned int server_len,
+                          const unsigned char *client,
+                          unsigned int client_len)
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+                            unsigned *len);
+ +

DESCRIPTION

+ +

SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to set the list of protocols available to be negotiated. The protos must be in protocol-list format, described below. The length of protos is specified in protos_len.

+ +

SSL_CTX_set_alpn_select_cb() sets the application callback cb used by a server to select which protocol to use for the incoming connection. When cb is NULL, ALPN is not used. The arg value is a pointer which is passed to the application callback.

+ +

cb is the application defined callback. The in, inlen parameters are a vector in protocol-list format. The value of the out, outlen vector should be set to the value of a single protocol selected from the in, inlen vector. The out buffer may point directly into in, or to a buffer that outlives the handshake. The arg parameter is the pointer set via SSL_CTX_set_alpn_select_cb().

+ +

SSL_select_next_proto() is a helper function used to select protocols. It implements the standard protocol selection. It is expected that this function is called from the application callback cb. The protocol data in server, server_len and client, client_len must be in the protocol-list format described below. The first item in the server, server_len list that matches an item in the client, client_len list is selected, and returned in out, outlen. The out value will point into either server or client, so it should be copied immediately. If no match is found, the first item in client, client_len is returned in out, outlen. This function can also be used in the NPN callback.

+ +

SSL_CTX_set_next_proto_select_cb() sets a callback cb that is called when a client needs to select a protocol from the server's provided list, and a user-defined pointer argument arg which will be passed to this callback. For the callback itself, out must be set to point to the selected protocol (which may be within in). The length of the protocol name must be written into outlen. The server's advertised protocols are provided in in and inlen. The callback can assume that in is syntactically valid. The client must select a protocol. It is fatal to the connection if this callback returns a value other than SSL_TLSEXT_ERR_OK. The arg parameter is the pointer set via SSL_CTX_set_next_proto_select_cb().

+ +

SSL_CTX_set_next_protos_advertised_cb() sets a callback cb that is called when a TLS server needs a list of supported protocols for Next Protocol Negotiation. The returned list must be in protocol-list format, described below. The list is returned by setting out to point to it and outlen to its length. This memory will not be modified, but the SSL does keep a reference to it. The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no such extension will be included in the ServerHello.

+ +

SSL_get0_alpn_selected() returns a pointer to the selected protocol in data with length len. It is not NUL-terminated. data is set to NULL and len is set to 0 if no protocol has been selected. data must not be freed.

+ +

SSL_get0_next_proto_negotiated() sets data and len to point to the client's requested protocol for this connection. If the client did not request any protocol or NPN is not enabled, then data is set to NULL and len to 0. Note that the client can request any protocol it chooses. The value returned from this function need not be a member of the list of supported protocols provided by the callback.

+ +

NOTES

+ +

The protocol-lists must be in wire-format, which is defined as a vector of non-empty, 8-bit length-prefixed, byte strings. The length-prefix byte is not included in the length. Each string is limited to 255 bytes. A byte-string length of 0 is invalid. A truncated byte-string is invalid. The length of the vector is not in the vector itself, but in a separate variable.

+ +

Example:

+ +
unsigned char vector[] = {
+    6, 's', 'p', 'd', 'y', '/', '1',
+    8, 'h', 't', 't', 'p', '/', '1', '.', '1'
+};
+unsigned int length = sizeof(vector);
+ +

The ALPN callback is executed after the servername callback; as that servername callback may update the SSL_CTX, and subsequently, the ALPN callback.

+ +

If there is no ALPN proposed in the ClientHello, the ALPN callback is not invoked.

+ +

RETURN VALUES

+ +

SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() return 0 on success, and non-0 on failure. WARNING: these functions reverse the return value convention.

+ +

SSL_select_next_proto() returns one of the following:

+ +
+ +
OPENSSL_NPN_NEGOTIATED
+
+ +

A match was found and is returned in out, outlen.

+ +
+
OPENSSL_NPN_NO_OVERLAP
+
+ +

No match was found. The first item in client, client_len is returned in out, outlen.

+ +
+
+ +

The ALPN select callback cb, must return one of the following:

+ +
+ +
SSL_TLSEXT_ERR_OK
+
+ +

ALPN protocol selected.

+ +
+
SSL_TLSEXT_ERR_ALERT_FATAL
+
+ +

There was no overlap between the client's supplied list and the server configuration.

+ +
+
SSL_TLSEXT_ERR_NOACK
+
+ +

ALPN protocol not selected, e.g., because no ALPN protocols are configured for this connection.

+ +
+
+ +

The callback set using SSL_CTX_set_next_proto_select_cb() should return SSL_TLSEXT_ERR_OK if successful. Any other value is fatal to the connection.

+ +

The callback set using SSL_CTX_set_next_protos_advertised_cb() should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no such extension will be included in the ServerHello.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_tlsext_servername_callback(3), SSL_CTX_set_tlsext_servername_arg(3)

+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_cert_cb.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_cert_cb.html new file mode 100644 index 00000000..f249a6ed --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_cert_cb.html @@ -0,0 +1,77 @@ + + + + +SSL_CTX_set_cert_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_cert_cb, SSL_set_cert_cb - handle certificate callback function

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg),
+                         void *arg);
+void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg);
+
+int (*cert_cb)(SSL *ssl, void *arg);
+ +

DESCRIPTION

+ +

SSL_CTX_set_cert_cb() and SSL_set_cert_cb() sets the cert_cb() callback, arg value is pointer which is passed to the application callback.

+ +

When cert_cb() is NULL, no callback function is used.

+ +

cert_cb() is the application defined callback. It is called before a certificate will be used by a client or server. The callback can then inspect the passed ssl structure and set or clear any appropriate certificates. If the callback is successful it MUST return 1 even if no certificates have been set. A zero is returned on error which will abort the handshake with a fatal internal error alert. A negative return value will suspend the handshake and the handshake function will return immediately. SSL_get_error(3) will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of cert_cb(). It is the job of the cert_cb() to store information about the state of the last call, if required to continue.

+ +

NOTES

+ +

An application will typically call SSL_use_certificate() and SSL_use_PrivateKey() to set the end entity certificate and private key. It can add intermediate and optionally the root CA certificates using SSL_add1_chain_cert().

+ +

It might also call SSL_certs_clear() to delete any certificates associated with the SSL object.

+ +

The certificate callback functionality supersedes the (largely broken) functionality provided by the old client certificate callback interface. It is always called even is a certificate is already set so the callback can modify or delete the existing certificate.

+ +

A more advanced callback might examine the handshake parameters and set whatever chain is appropriate. For example a legacy client supporting only TLSv1.0 might receive a certificate chain signed using SHA1 whereas a TLSv1.2 or later client which advertises support for SHA256 could receive a chain using SHA256.

+ +

Normal server sanity checks are performed on any certificates set by the callback. So if an EC chain is set for a curve the client does not support it will not be used.

+ +

RETURN VALUES

+ +

SSL_CTX_set_cert_cb() and SSL_set_cert_cb() do not return values.

+ +

SEE ALSO

+ +

ssl(7), SSL_use_certificate(3), SSL_add1_chain_cert(3), SSL_get_client_CA_list(3), SSL_clear(3), SSL_free(3)

+ +

COPYRIGHT

+ +

Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_cert_store.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_cert_store.html new file mode 100644 index 00000000..53acd914 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_cert_store.html @@ -0,0 +1,84 @@ + + + + +SSL_CTX_set_cert_store + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
+void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store);
+X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_set_cert_store() sets/replaces the certificate verification storage of ctx to/with store. If another X509_STORE object is currently set in ctx, it will be X509_STORE_free()ed.

+ +

SSL_CTX_set1_cert_store() sets/replaces the certificate verification storage of ctx to/with store. The store's reference count is incremented. If another X509_STORE object is currently set in ctx, it will be X509_STORE_free()ed.

+ +

SSL_CTX_get_cert_store() returns a pointer to the current certificate verification storage.

+ +

NOTES

+ +

In order to verify the certificates presented by the peer, trusted CA certificates must be accessed. These CA certificates are made available via lookup methods, handled inside the X509_STORE. From the X509_STORE the X509_STORE_CTX used when verifying certificates is created.

+ +

Typically the trusted certificate store is handled indirectly via using SSL_CTX_load_verify_locations(3). Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions it is possible to manipulate the X509_STORE object beyond the SSL_CTX_load_verify_locations(3) call.

+ +

Currently no detailed documentation on how to use the X509_STORE object is available. Not all members of the X509_STORE are used when the verification takes place. So will e.g. the verify_callback() be overridden with the verify_callback() set via the SSL_CTX_set_verify(3) family of functions. This document must therefore be updated when documentation about the X509_STORE object and its handling becomes available.

+ +

SSL_CTX_set_cert_store() does not increment the store's reference count, so it should not be used to assign an X509_STORE that is owned by another SSL_CTX.

+ +

To share X509_STOREs between two SSL_CTXs, use SSL_CTX_get_cert_store() to get the X509_STORE from the first SSL_CTX, and then use SSL_CTX_set1_cert_store() to assign to the second SSL_CTX and increment the reference count of the X509_STORE.

+ +

RESTRICTIONS

+ +

The X509_STORE structure used by an SSL_CTX is used for verifying peer certificates and building certificate chains, it is also shared by every child SSL structure. Applications wanting finer control can use functions such as SSL_CTX_set1_verify_cert_store() instead.

+ +

RETURN VALUES

+ +

SSL_CTX_set_cert_store() does not return diagnostic output.

+ +

SSL_CTX_set1_cert_store() does not return diagnostic output.

+ +

SSL_CTX_get_cert_store() returns the current setting.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_load_verify_locations(3), SSL_CTX_set_verify(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_cert_verify_callback.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_cert_verify_callback.html new file mode 100644 index 00000000..c6c8b4b6 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_cert_verify_callback.html @@ -0,0 +1,81 @@ + + + + +SSL_CTX_set_cert_verify_callback + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+                                      int (*callback)(X509_STORE_CTX *, void *),
+                                      void *arg);
+ +

DESCRIPTION

+ +

SSL_CTX_set_cert_verify_callback() sets the verification callback function for ctx. SSL objects that are created from ctx inherit the setting valid at the time when SSL_new(3) is called.

+ +

NOTES

+ +

Whenever a certificate is verified during a SSL/TLS handshake, a verification function is called. If the application does not explicitly specify a verification callback function, the built-in verification function is used. If a verification callback callback is specified via SSL_CTX_set_cert_verify_callback(), the supplied callback function is called instead. By setting callback to NULL, the default behaviour is restored.

+ +

When the verification must be performed, callback will be called with the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The argument arg is specified by the application when setting callback.

+ +

callback should return 1 to indicate verification success and 0 to indicate verification failure. If SSL_VERIFY_PEER is set and callback returns 0, the handshake will fail. As the verification procedure may allow the connection to continue in the case of failure (by always returning 1) the verification result must be set in any case using the error member of x509_store_ctx so that the calling application will be informed about the detailed result of the verification procedure!

+ +

Within x509_store_ctx, callback has access to the verify_callback function set using SSL_CTX_set_verify(3).

+ +

RETURN VALUES

+ +

SSL_CTX_set_cert_verify_callback() does not return a value.

+ +

WARNINGS

+ +

Do not mix the verification callback described in this function with the verify_callback function called during the verification process. The latter is set using the SSL_CTX_set_verify(3) family of functions.

+ +

Providing a complete verification procedure including certificate purpose settings etc is a complex task. The built-in procedure is quite powerful and in most cases it should be sufficient to modify its behaviour using the verify_callback function.

+ +

BUGS

+ +

SSL_CTX_set_cert_verify_callback() does not provide diagnostic information.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_verify(3), SSL_get_verify_result(3), SSL_CTX_load_verify_locations(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_cipher_list.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_cipher_list.html new file mode 100644 index 00000000..8e93cdb7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_cipher_list.html @@ -0,0 +1,109 @@ + + + + +SSL_CTX_set_cipher_list + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_cipher_list, SSL_set_cipher_list, SSL_CTX_set_ciphersuites, SSL_set_ciphersuites - choose list of available SSL_CIPHERs

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
+int SSL_set_cipher_list(SSL *ssl, const char *str);
+
+int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str);
+int SSL_set_ciphersuites(SSL *s, const char *str);
+ +

DESCRIPTION

+ +

SSL_CTX_set_cipher_list() sets the list of available ciphers (TLSv1.2 and below) for ctx using the control string str. The format of the string is described in ciphers(1). The list of ciphers is inherited by all ssl objects created from ctx. This function does not impact TLSv1.3 ciphersuites. Use SSL_CTX_set_ciphersuites() to configure those.

+ +

SSL_set_cipher_list() sets the list of ciphers (TLSv1.2 and below) only for ssl.

+ +

SSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3 ciphersuites for ctx. This is a simple colon (":") separated list of TLSv1.3 ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are:

+ +
+ +
TLS_AES_128_GCM_SHA256
+
+ +
+
TLS_AES_256_GCM_SHA384
+
+ +
+
TLS_CHACHA20_POLY1305_SHA256
+
+ +
+
TLS_AES_128_CCM_SHA256
+
+ +
+
TLS_AES_128_CCM_8_SHA256
+
+ +
+
+ +

An empty list is permissible. The default value for the this setting is:

+ +

"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"

+ +

SSL_set_ciphersuites() is the same as SSL_CTX_set_ciphersuites() except it configures the ciphersuites for ssl.

+ +

NOTES

+ +

The control string str for SSL_CTX_set_cipher_list() and SSL_set_cipher_list() should be universally usable and not depend on details of the library configuration (ciphers compiled in). Thus no syntax checking takes place. Items that are not recognized, because the corresponding ciphers are not compiled in or because they are mistyped, are simply ignored. Failure is only flagged if no ciphers could be collected at all.

+ +

It should be noted, that inclusion of a cipher to be used into the list is a necessary condition. On the client side, the inclusion into the list is also sufficient unless the security level excludes it. On the server side, additional restrictions apply. All ciphers have additional requirements. ADH ciphers don't need a certificate, but DH-parameters must have been set. All other ciphers need a corresponding certificate and key.

+ +

A RSA cipher can only be chosen, when a RSA certificate is available. RSA ciphers using DHE need a certificate and key and additional DH-parameters (see SSL_CTX_set_tmp_dh_callback(3)).

+ +

A DSA cipher can only be chosen, when a DSA certificate is available. DSA ciphers always use DH key exchange and therefore need DH-parameters (see SSL_CTX_set_tmp_dh_callback(3)).

+ +

When these conditions are not met for any cipher in the list (e.g. a client only supports export RSA ciphers with an asymmetric key length of 512 bits and the server is not configured to use temporary RSA keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated and the handshake will fail.

+ +

RETURN VALUES

+ +

SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher could be selected and 0 on complete failure.

+ +

SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() return 1 if the requested ciphersuite list was configured, and 0 otherwise.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_ciphers(3), SSL_CTX_use_certificate(3), SSL_CTX_set_tmp_dh_callback(3), ciphers(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_client_cert_cb.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_client_cert_cb.html new file mode 100644 index 00000000..5a7546c6 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_client_cert_cb.html @@ -0,0 +1,83 @@ + + + + +SSL_CTX_set_client_cert_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+                                int (*client_cert_cb)(SSL *ssl, X509 **x509,
+                                                      EVP_PKEY **pkey));
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
+                                                EVP_PKEY **pkey);
+int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+ +

DESCRIPTION

+ +

SSL_CTX_set_client_cert_cb() sets the client_cert_cb() callback, that is called when a client certificate is requested by a server and no certificate was yet set for the SSL object.

+ +

When client_cert_cb() is NULL, no callback function is used.

+ +

SSL_CTX_get_client_cert_cb() returns a pointer to the currently set callback function.

+ +

client_cert_cb() is the application defined callback. If it wants to set a certificate, a certificate/private key combination must be set using the x509 and pkey arguments and "1" must be returned. The certificate will be installed into ssl, see the NOTES and BUGS sections. If no certificate should be set, "0" has to be returned and no certificate will be sent. A negative return value will suspend the handshake and the handshake function will return immediately. SSL_get_error(3) will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of client_cert_cb(). It is the job of the client_cert_cb() to store information about the state of the last call, if required to continue.

+ +

NOTES

+ +

During a handshake (or renegotiation) a server may request a certificate from the client. A client certificate must only be sent, when the server did send the request.

+ +

When a certificate was set using the SSL_CTX_use_certificate(3) family of functions, it will be sent to the server. The TLS standard requires that only a certificate is sent, if it matches the list of acceptable CAs sent by the server. This constraint is violated by the default behavior of the OpenSSL library. Using the callback function it is possible to implement a proper selection routine or to allow a user interaction to choose the certificate to be sent.

+ +

If a callback function is defined and no certificate was yet defined for the SSL object, the callback function will be called. If the callback function returns a certificate, the OpenSSL library will try to load the private key and certificate data into the SSL object using the SSL_use_certificate() and SSL_use_private_key() functions. Thus it will permanently install the certificate and key for this SSL object. It will not be reset by calling SSL_clear(3). If the callback returns no certificate, the OpenSSL library will not send a certificate.

+ +

RETURN VALUES

+ +

SSL_CTX_get_client_cert_cb() returns function pointer of client_cert_cb() or NULL if the callback is not set.

+ +

BUGS

+ +

The client_cert_cb() cannot return a complete certificate chain, it can only return one client certificate. If the chain only has a length of 2, the root CA certificate may be omitted according to the TLS standard and thus a standard conforming answer can be sent to the server. For a longer chain, the client must send the complete chain (with the option to leave out the root CA certificate). This can only be accomplished by either adding the intermediate CA certificates into the trusted certificate store for the SSL_CTX object (resulting in having to add CA certificates that otherwise maybe would not be trusted), or by adding the chain certificates using the SSL_CTX_add_extra_chain_cert(3) function, which is only available for the SSL_CTX object as a whole and that therefore probably can only apply for one client certificate, making the concept of the callback function (to allow the choice from several certificates) questionable.

+ +

Once the SSL object has been used in conjunction with the callback function, the certificate will be set for the SSL object and will not be cleared even when SSL_clear(3) is being called. It is therefore mandatory to destroy the SSL object using SSL_free(3) and create a new one to return to the previous state.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_use_certificate(3), SSL_CTX_add_extra_chain_cert(3), SSL_get_client_CA_list(3), SSL_clear(3), SSL_free(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_client_hello_cb.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_client_hello_cb.html new file mode 100644 index 00000000..09467e5c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_client_hello_cb.html @@ -0,0 +1,97 @@ + + + + +SSL_CTX_set_client_hello_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext - callback functions for early server-side ClientHello processing

+ +

SYNOPSIS

+ +
typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg);
+void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn *f,
+                                 void *arg);
+int SSL_client_hello_isv2(SSL *s);
+unsigned int SSL_client_hello_get0_legacy_version(SSL *s);
+size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_compression_methods(SSL *s,
+                                                 const unsigned char **out);
+int SSL_client_hello_get1_extensions_present(SSL *s, int **out,
+                                             size_t *outlen);
+int SSL_client_hello_get0_ext(SSL *s, int type, const unsigned char **out,
+                              size_t *outlen);
+ +

DESCRIPTION

+ +

SSL_CTX_set_client_hello_cb() sets the callback function, which is automatically called during the early stages of ClientHello processing on the server. The argument supplied when setting the callback is passed back to the callback at runtime. A callback that returns failure (0) will cause the connection to terminate, and callbacks returning failure should indicate what alert value is to be sent in the al parameter. A callback may also return a negative value to suspend the handshake, and the handshake function will return immediately. SSL_get_error(3) will return SSL_ERROR_WANT_CLIENT_HELLO_CB to indicate that the handshake was suspended. It is the job of the ClientHello callback to store information about the state of the last call if needed to continue. On the next call into the handshake function, the ClientHello callback will be called again, and, if it returns success, normal handshake processing will continue from that point.

+ +

SSL_client_hello_isv2() indicates whether the ClientHello was carried in a SSLv2 record and is in the SSLv2 format. The SSLv2 format has substantial differences from the normal SSLv3 format, including using three bytes per cipher suite, and not allowing extensions. Additionally, the SSLv2 format 'challenge' field is exposed via SSL_client_hello_get0_random(), padded to SSL3_RANDOM_SIZE bytes with zeros if needed. For SSLv2 format ClientHellos, SSL_client_hello_get0_compression_methods() returns a dummy list that only includes the null compression method, since the SSLv2 format does not include a mechanism by which to negotiate compression.

+ +

SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), SSL_client_hello_get0_ciphers(), and SSL_client_hello_get0_compression_methods() provide access to the corresponding ClientHello fields, returning the field length and optionally setting an out pointer to the octets of that field.

+ +

Similarly, SSL_client_hello_get0_ext() provides access to individual extensions from the ClientHello on a per-extension basis. For the provided wire protocol extension type value, the extension value and length are returned in the output parameters (if present).

+ +

SSL_client_hello_get1_extensions_present() can be used prior to SSL_client_hello_get0_ext(), to determine which extensions are present in the ClientHello before querying for them. The out and outlen parameters are both required, and on success the caller must release the storage allocated for *out using OPENSSL_free(). The contents of *out is an array of integers holding the numerical value of the TLS extension types in the order they appear in the ClientHello. *outlen contains the number of elements in the array. In situations when the ClientHello has no extensions, the function will return success with *out set to NULL and *outlen set to 0.

+ +

NOTES

+ +

The ClientHello callback provides a vast window of possibilities for application code to affect the TLS handshake. A primary use of the callback is to allow the server to examine the server name indication extension provided by the client in order to select an appropriate certificate to present, and make other configuration adjustments relevant to that server name and its configuration. Such configuration changes can include swapping out the associated SSL_CTX pointer, modifying the server's list of permitted TLS versions, changing the server's cipher list in response to the client's cipher list, etc.

+ +

It is also recommended that applications utilize a ClientHello callback and not use a servername callback, in order to avoid unexpected behavior that occurs due to the relative order of processing between things like session resumption and the historical servername callback.

+ +

The SSL_client_hello_* family of functions may only be called from code executing within a ClientHello callback.

+ +

RETURN VALUES

+ +

The application's supplied ClientHello callback returns SSL_CLIENT_HELLO_SUCCESS on success, SSL_CLIENT_HELLO_ERROR on failure, and SSL_CLIENT_HELLO_RETRY to suspend processing.

+ +

SSL_client_hello_isv2() returns 1 for SSLv2-format ClientHellos and 0 otherwise.

+ +

SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), SSL_client_hello_get0_ciphers(), and SSL_client_hello_get0_compression_methods() return the length of the corresponding ClientHello fields. If zero is returned, the output pointer should not be assumed to be valid.

+ +

SSL_client_hello_get0_ext() returns 1 if the extension of type 'type' is present, and 0 otherwise.

+ +

SSL_client_hello_get1_extensions_present() returns 1 on success and 0 on failure.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_tlsext_servername_callback(3), SSL_bytes_to_cipher_list

+ +

HISTORY

+ +

The SSL ClientHello callback, SSL_client_hello_isv2(), SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), SSL_client_hello_get0_ciphers(), SSL_client_hello_get0_compression_methods(), SSL_client_hello_get0_ext(), and SSL_client_hello_get1_extensions_present() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_ct_validation_callback.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_ct_validation_callback.html new file mode 100644 index 00000000..9f97e740 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_ct_validation_callback.html @@ -0,0 +1,101 @@ + + + + +SSL_CTX_set_ct_validation_callback + + + + + + + + + + +

NAME

+ +

ssl_ct_validation_cb, SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_disable_ct, SSL_set_ct_validation_callback, SSL_CTX_set_ct_validation_callback, SSL_ct_is_enabled, SSL_CTX_ct_is_enabled - control Certificate Transparency policy

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx,
+                                   const STACK_OF(SCT) *scts, void *arg);
+
+int SSL_enable_ct(SSL *s, int validation_mode);
+int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode);
+int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
+                                   void *arg);
+int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
+                                       ssl_ct_validation_cb callback,
+                                       void *arg);
+void SSL_disable_ct(SSL *s);
+void SSL_CTX_disable_ct(SSL_CTX *ctx);
+int SSL_ct_is_enabled(const SSL *s);
+int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_enable_ct() and SSL_CTX_enable_ct() enable the processing of signed certificate timestamps (SCTs) either for a given SSL connection or for all connections that share the given SSL context, respectively. This is accomplished by setting a built-in CT validation callback. The behaviour of the callback is determined by the validation_mode argument, which can be either of SSL_CT_VALIDATION_PERMISSIVE or SSL_CT_VALIDATION_STRICT as described below.

+ +

If validation_mode is equal to SSL_CT_VALIDATION_STRICT, then in a full TLS handshake with the verification mode set to SSL_VERIFY_PEER, if the peer presents no valid SCTs the handshake will be aborted. If the verification mode is SSL_VERIFY_NONE, the handshake will continue despite lack of valid SCTs. However, in that case if the verification status before the built-in callback was X509_V_OK it will be set to X509_V_ERR_NO_VALID_SCTS after the callback. Applications can call SSL_get_verify_result(3) to check the status at handshake completion, even after session resumption since the verification status is part of the saved session state. See SSL_set_verify(3), <SSL_get_verify_result(3)>, SSL_session_reused(3).

+ +

If validation_mode is equal to SSL_CT_VALIDATION_PERMISSIVE, then the handshake continues, and the verification status is not modified, regardless of the validation status of any SCTs. The application can still inspect the validation status of the SCTs at handshake completion. Note that with session resumption there will not be any SCTs presented during the handshake. Therefore, in applications that delay SCT policy enforcement until after handshake completion, such delayed SCT checks should only be performed when the session is not resumed.

+ +

SSL_set_ct_validation_callback() and SSL_CTX_set_ct_validation_callback() register a custom callback that may implement a different policy than either of the above. This callback can examine the peer's SCTs and determine whether they are sufficient to allow the connection to continue. The TLS handshake is aborted if the verification mode is not SSL_VERIFY_NONE and the callback returns a non-positive result.

+ +

An arbitrary callback context argument, arg, can be passed in when setting the callback. This will be passed to the callback whenever it is invoked. Ownership of this context remains with the caller.

+ +

If no callback is set, SCTs will not be requested and Certificate Transparency validation will not occur.

+ +

No callback will be invoked when the peer presents no certificate, e.g. by employing an anonymous (aNULL) cipher suite. In that case the handshake continues as it would had no callback been requested. Callbacks are also not invoked when the peer certificate chain is invalid or validated via DANE-TA(2) or DANE-EE(3) TLSA records which use a private X.509 PKI, or no X.509 PKI at all, respectively. Clients that require SCTs are expected to not have enabled any aNULL ciphers nor to have specified server verification via DANE-TA(2) or DANE-EE(3) TLSA records.

+ +

SSL_disable_ct() and SSL_CTX_disable_ct() turn off CT processing, whether enabled via the built-in or the custom callbacks, by setting a NULL callback. These may be implemented as macros.

+ +

SSL_ct_is_enabled() and SSL_CTX_ct_is_enabled() return 1 if CT processing is enabled via either SSL_enable_ct() or a non-null custom callback, and 0 otherwise.

+ +

NOTES

+ +

When SCT processing is enabled, OCSP stapling will be enabled. This is because one possible source of SCTs is the OCSP response from a server.

+ +

The time returned by SSL_SESSION_get_time() will be used to evaluate whether any presented SCTs have timestamps that are in the future (and therefore invalid).

+ +

RESTRICTIONS

+ +

Certificate Transparency validation cannot be enabled and so a callback cannot be set if a custom client extension handler has been registered to handle SCT extensions (TLSEXT_TYPE_signed_certificate_timestamp).

+ +

RETURN VALUES

+ +

SSL_enable_ct(), SSL_CTX_enable_ct(), SSL_CTX_set_ct_validation_callback() and SSL_set_ct_validation_callback() return 1 if the callback is successfully set. They return 0 if an error occurs, e.g. a custom client extension handler has been setup to handle SCTs.

+ +

SSL_disable_ct() and SSL_CTX_disable_ct() do not return a result.

+ +

SSL_CTX_ct_is_enabled() and SSL_ct_is_enabled() return a 1 if a non-null CT validation callback is set, or 0 if no callback (or equivalently a NULL callback) is set.

+ +

SEE ALSO

+ +

ssl(7), <SSL_get_verify_result(3)>, SSL_session_reused(3), SSL_set_verify(3), SSL_CTX_set_verify(3), SSL_SESSION_get_time(3)

+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_ctlog_list_file.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_ctlog_list_file.html new file mode 100644 index 00000000..49375335 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_ctlog_list_file.html @@ -0,0 +1,66 @@ + + + + +SSL_CTX_set_ctlog_list_file + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file - load a Certificate Transparency log list from a file

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx);
+int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
+ +

DESCRIPTION

+ +

SSL_CTX_set_default_ctlog_list_file() loads a list of Certificate Transparency (CT) logs from the default file location, "ct_log_list.cnf", found in the directory where OpenSSL is installed.

+ +

SSL_CTX_set_ctlog_list_file() loads a list of CT logs from a specific path. See CTLOG_STORE_new(3) for the file format.

+ +

NOTES

+ +

These functions will not clear the existing CT log list - it will be appended to. To replace the existing list, use SSL_CTX_set0_ctlog_store first.

+ +

If an error occurs whilst parsing a particular log entry in the file, that log entry will be skipped.

+ +

RETURN VALUES

+ +

SSL_CTX_set_default_ctlog_list_file() and SSL_CTX_set_ctlog_list_file() return 1 if the log list is successfully loaded, and 0 if an error occurs. In the case of an error, the log list may have been partially loaded.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_ct_validation_callback(3), CTLOG_STORE_new(3)

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_default_passwd_cb.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_default_passwd_cb.html new file mode 100644 index 00000000..492f4565 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_default_passwd_cb.html @@ -0,0 +1,100 @@ + + + + +SSL_CTX_set_default_passwd_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata, SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata, SSL_get_default_passwd_cb, SSL_get_default_passwd_cb_userdata - set or get passwd callback for encrypted PEM file handling

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
+void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
+
+void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);
+void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);
+pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
+void *SSL_get_default_passwd_cb_userdata(SSL *s);
+ +

DESCRIPTION

+ +

SSL_CTX_set_default_passwd_cb() sets the default password callback called when loading/storing a PEM certificate with encryption.

+ +

SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to userdata, u, which will be provided to the password callback on invocation.

+ +

SSL_CTX_get_default_passwd_cb() returns a function pointer to the password callback currently set in ctx. If no callback was explicitly set, the NULL pointer is returned.

+ +

SSL_CTX_get_default_passwd_cb_userdata() returns a pointer to the userdata currently set in ctx. If no userdata was explicitly set, the NULL pointer is returned.

+ +

SSL_set_default_passwd_cb(), SSL_set_default_passwd_cb_userdata(), SSL_get_default_passwd_cb() and SSL_get_default_passwd_cb_userdata() perform the same function as their SSL_CTX counterparts, but using an SSL object.

+ +

The password callback, which must be provided by the application, hands back the password to be used during decryption. On invocation a pointer to userdata is provided. The function must store the password into the provided buffer buf which is of size size. The actual length of the password must be returned to the calling function. rwflag indicates whether the callback is used for reading/decryption (rwflag=0) or writing/encryption (rwflag=1). For more details, see pem_password_cb(3).

+ +

NOTES

+ +

When loading or storing private keys, a password might be supplied to protect the private key. The way this password can be supplied may depend on the application. If only one private key is handled, it can be practical to have the callback handle the password dialog interactively. If several keys have to be handled, it can be practical to ask for the password once, then keep it in memory and use it several times. In the last case, the password could be stored into the userdata storage and the callback only returns the password already stored.

+ +

When asking for the password interactively, the callback can use rwflag to check, whether an item shall be encrypted (rwflag=1). In this case the password dialog may ask for the same password twice for comparison in order to catch typos, that would make decryption impossible.

+ +

Other items in PEM formatting (certificates) can also be encrypted, it is however not usual, as certificate information is considered public.

+ +

RETURN VALUES

+ +

These functions do not provide diagnostic information.

+ +

EXAMPLES

+ +

The following example returns the password provided as userdata to the calling function. The password is considered to be a '\0' terminated string. If the password does not fit into the buffer, the password is truncated.

+ +
int my_cb(char *buf, int size, int rwflag, void *u)
+{
+    strncpy(buf, (char *)u, size);
+    buf[size - 1] = '\0';
+    return strlen(buf);
+}
+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_use_certificate(3)

+ +

HISTORY

+ +

SSL_CTX_get_default_passwd_cb(), SSL_CTX_get_default_passwd_cb_userdata(), SSL_set_default_passwd_cb() and SSL_set_default_passwd_cb_userdata() were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_ex_data.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_ex_data.html new file mode 100644 index 00000000..1a7eeb81 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_ex_data.html @@ -0,0 +1,64 @@ + + + + +SSL_CTX_set_ex_data + + + + + + + + + + +

NAME

+ +

SSL_CTX_get_ex_data, SSL_CTX_set_ex_data, SSL_get_ex_data, SSL_set_ex_data - Store and retrieve extra data from the SSL_CTX, SSL or SSL_SESSION

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx);
+
+int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg);
+
+void *SSL_get_ex_data(const SSL *s, int idx);
+
+int SSL_set_ex_data(SSL *s, int idx, void *arg);
+ +

DESCRIPTION

+ +

SSL*_set_ex_data() functions can be used to store arbitrary user data into the SSL_CTX, or SSL object. The user must supply a unique index which they can subsequently use to retrieve the data using SSL*_get_ex_data().

+ +

For more detailed information see CRYPTO_get_ex_data(3) and CRYPTO_set_ex_data(3) which implement these functions and CRYPTO_get_ex_new_index(3) for generating a unique index.

+ +

RETURN VALUES

+ +

The SSL*_set_ex_data() functions return 1 if the item is successfully stored and 0 if it is not. The SSL*_get_ex_data() functions return the ex_data pointer if successful, otherwise NULL.

+ +

SEE ALSO

+ +

CRYPTO_get_ex_data(3), CRYPTO_set_ex_data(3), CRYPTO_get_ex_new_index(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_generate_session_id.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_generate_session_id.html new file mode 100644 index 00000000..c005b7a8 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_generate_session_id.html @@ -0,0 +1,116 @@ + + + + +SSL_CTX_set_generate_session_id + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id, GEN_SESSION_CB - manipulate generation of SSL session IDs (server only)

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef int (*GEN_SESSION_CB)(SSL *ssl, unsigned char *id,
+                              unsigned int *id_len);
+
+int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
+int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb);
+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+                                unsigned int id_len);
+ +

DESCRIPTION

+ +

SSL_CTX_set_generate_session_id() sets the callback function for generating new session ids for SSL/TLS sessions for ctx to be cb.

+ +

SSL_set_generate_session_id() sets the callback function for generating new session ids for SSL/TLS sessions for ssl to be cb.

+ +

SSL_has_matching_session_id() checks, whether a session with id id (of length id_len) is already contained in the internal session cache of the parent context of ssl.

+ +

NOTES

+ +

When a new session is established between client and server, the server generates a session id. The session id is an arbitrary sequence of bytes. The length of the session id is between 1 and 32 bytes. The session id is not security critical but must be unique for the server. Additionally, the session id is transmitted in the clear when reusing the session so it must not contain sensitive information.

+ +

Without a callback being set, an OpenSSL server will generate a unique session id from pseudo random numbers of the maximum possible length. Using the callback function, the session id can be changed to contain additional information like e.g. a host id in order to improve load balancing or external caching techniques.

+ +

The callback function receives a pointer to the memory location to put id into and a pointer to the maximum allowed length id_len. The buffer at location id is only guaranteed to have the size id_len. The callback is only allowed to generate a shorter id and reduce id_len; the callback must never increase id_len or write to the location id exceeding the given limit.

+ +

The location id is filled with 0x00 before the callback is called, so the callback may only fill part of the possible length and leave id_len untouched while maintaining reproducibility.

+ +

Since the sessions must be distinguished, session ids must be unique. Without the callback a random number is used, so that the probability of generating the same session id is extremely small (2^256 for SSLv3/TLSv1). In order to assure the uniqueness of the generated session id, the callback must call SSL_has_matching_session_id() and generate another id if a conflict occurs. If an id conflict is not resolved, the handshake will fail. If the application codes e.g. a unique host id, a unique process number, and a unique sequence number into the session id, uniqueness could easily be achieved without randomness added (it should however be taken care that no confidential information is leaked this way). If the application can not guarantee uniqueness, it is recommended to use the maximum id_len and fill in the bytes not used to code special information with random data to avoid collisions.

+ +

SSL_has_matching_session_id() will only query the internal session cache, not the external one. Since the session id is generated before the handshake is completed, it is not immediately added to the cache. If another thread is using the same internal session cache, a race condition can occur in that another thread generates the same session id. Collisions can also occur when using an external session cache, since the external cache is not tested with SSL_has_matching_session_id() and the same race condition applies.

+ +

The callback must return 0 if it cannot generate a session id for whatever reason and return 1 on success.

+ +

RETURN VALUES

+ +

SSL_CTX_set_generate_session_id() and SSL_set_generate_session_id() always return 1.

+ +

SSL_has_matching_session_id() returns 1 if another session with the same id is already in the cache.

+ +

EXAMPLES

+ +

The callback function listed will generate a session id with the server id given, and will fill the rest with pseudo random bytes:

+ +
const char session_id_prefix = "www-18";
+
+#define MAX_SESSION_ID_ATTEMPTS 10
+static int generate_session_id(SSL *ssl, unsigned char *id,
+                               unsigned int *id_len)
+{
+    unsigned int count = 0;
+
+    do {
+        RAND_pseudo_bytes(id, *id_len);
+        /*
+         * Prefix the session_id with the required prefix. NB: If our
+         * prefix is too long, clip it - but there will be worse effects
+         * anyway, eg. the server could only possibly create 1 session
+         * ID (ie. the prefix!) so all future session negotiations will
+         * fail due to conflicts.
+         */
+        memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ?
+                                      strlen(session_id_prefix) : *id_len);
+    } while (SSL_has_matching_session_id(ssl, id, *id_len)
+              && ++count < MAX_SESSION_ID_ATTEMPTS);
+    if (count >= MAX_SESSION_ID_ATTEMPTS)
+        return 0;
+    return 1;
+}
+ +

SEE ALSO

+ +

ssl(7), SSL_get_version(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_info_callback.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_info_callback.html new file mode 100644 index 00000000..a8b1acd0 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_info_callback.html @@ -0,0 +1,186 @@ + + + + +SSL_CTX_set_info_callback + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback - handle information callback for SSL connections

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
+void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();
+
+void SSL_set_info_callback(SSL *ssl, void (*callback)());
+void (*SSL_get_info_callback(const SSL *ssl))();
+ +

DESCRIPTION

+ +

SSL_CTX_set_info_callback() sets the callback function, that can be used to obtain state information for SSL objects created from ctx during connection setup and use. The setting for ctx is overridden from the setting for a specific SSL object, if specified. When callback is NULL, no callback function is used.

+ +

SSL_set_info_callback() sets the callback function, that can be used to obtain state information for ssl during connection setup and use. When callback is NULL, the callback setting currently valid for ctx is used.

+ +

SSL_CTX_get_info_callback() returns a pointer to the currently set information callback function for ctx.

+ +

SSL_get_info_callback() returns a pointer to the currently set information callback function for ssl.

+ +

NOTES

+ +

When setting up a connection and during use, it is possible to obtain state information from the SSL/TLS engine. When set, an information callback function is called whenever a significant event occurs such as: the state changes, an alert appears, or an error occurs.

+ +

The callback function is called as callback(SSL *ssl, int where, int ret). The where argument specifies information about where (in which context) the callback function was called. If ret is 0, an error condition occurred. If an alert is handled, SSL_CB_ALERT is set and ret specifies the alert information.

+ +

where is a bitmask made up of the following bits:

+ +
+ +
SSL_CB_LOOP
+
+ +

Callback has been called to indicate state change or some other significant state machine event. This may mean that the callback gets invoked more than once per state in some situations.

+ +
+
SSL_CB_EXIT
+
+ +

Callback has been called to indicate exit of a handshake function. This will happen after the end of a handshake, but may happen at other times too such as on error or when IO might otherwise block and non-blocking is being used.

+ +
+
SSL_CB_READ
+
+ +

Callback has been called during read operation.

+ +
+
SSL_CB_WRITE
+
+ +

Callback has been called during write operation.

+ +
+
SSL_CB_ALERT
+
+ +

Callback has been called due to an alert being sent or received.

+ +
+
SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
+
+ +
+
SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
+
+ +
+
SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
+
+ +
+
SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
+
+ +
+
SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
+
+ +
+
SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
+
+ +
+
SSL_CB_HANDSHAKE_START
+
+ +

Callback has been called because a new handshake is started. It also occurs when resuming a handshake following a pause to handle early data.

+ +
+
SSL_CB_HANDSHAKE_DONE
+
+ +

Callback has been called because a handshake is finished. It also occurs if the handshake is paused to allow the exchange of early data.

+ +
+
+ +

The current state information can be obtained using the SSL_state_string(3) family of functions.

+ +

The ret information can be evaluated using the SSL_alert_type_string(3) family of functions.

+ +

RETURN VALUES

+ +

SSL_set_info_callback() does not provide diagnostic information.

+ +

SSL_get_info_callback() returns the current setting.

+ +

EXAMPLES

+ +

The following example callback function prints state strings, information about alerts being handled and error messages to the bio_err BIO.

+ +
void apps_ssl_info_callback(SSL *s, int where, int ret)
+{
+    const char *str;
+    int w = where & ~SSL_ST_MASK;
+
+    if (w & SSL_ST_CONNECT)
+        str = "SSL_connect";
+    else if (w & SSL_ST_ACCEPT)
+        str = "SSL_accept";
+    else
+        str = "undefined";
+
+    if (where & SSL_CB_LOOP) {
+        BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
+    } else if (where & SSL_CB_ALERT) {
+        str = (where & SSL_CB_READ) ? "read" : "write";
+        BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str,
+                   SSL_alert_type_string_long(ret),
+                   SSL_alert_desc_string_long(ret));
+    } else if (where & SSL_CB_EXIT) {
+        if (ret == 0) {
+            BIO_printf(bio_err, "%s:failed in %s\n",
+                       str, SSL_state_string_long(s));
+        } else if (ret < 0) {
+            BIO_printf(bio_err, "%s:error in %s\n",
+                       str, SSL_state_string_long(s));
+        }
+    }
+}
+ +

SEE ALSO

+ +

ssl(7), SSL_state_string(3), SSL_alert_type_string(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_keylog_callback.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_keylog_callback.html new file mode 100644 index 00000000..53964bed --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_keylog_callback.html @@ -0,0 +1,63 @@ + + + + +SSL_CTX_set_keylog_callback + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, SSL_CTX_keylog_cb_func - logging TLS key material

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
+
+void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
+SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_set_keylog_callback() sets the TLS key logging callback. This callback is called whenever TLS key material is generated or received, in order to allow applications to store this keying material for debugging purposes.

+ +

SSL_CTX_get_keylog_callback() retrieves the previously set TLS key logging callback. If no callback has been set, this will return NULL. When there is no key logging callback, or if SSL_CTX_set_keylog_callback is called with NULL as the value of cb, no logging of key material will be done.

+ +

The key logging callback is called with two items: the ssl object associated with the connection, and line, a string containing the key material in the format used by NSS for its SSLKEYLOGFILE debugging output. To recreate that file, the key logging callback should log line, followed by a newline. line will always be a NULL-terminated string.

+ +

RETURN VALUES

+ +

SSL_CTX_get_keylog_callback() returns a pointer to SSL_CTX_keylog_cb_func or NULL if the callback is not set.

+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_max_cert_list.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_max_cert_list.html new file mode 100644 index 00000000..4e2530ff --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_max_cert_list.html @@ -0,0 +1,81 @@ + + + + +SSL_CTX_set_max_cert_list + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list - manipulate allowed size for the peer's certificate chain

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size);
+long SSL_CTX_get_max_cert_list(SSL_CTX *ctx);
+
+long SSL_set_max_cert_list(SSL *ssl, long size);
+long SSL_get_max_cert_list(SSL *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_set_max_cert_list() sets the maximum size allowed for the peer's certificate chain for all SSL objects created from ctx to be <size> bytes. The SSL objects inherit the setting valid for ctx at the time SSL_new(3) is being called.

+ +

SSL_CTX_get_max_cert_list() returns the currently set maximum size for ctx.

+ +

SSL_set_max_cert_list() sets the maximum size allowed for the peer's certificate chain for ssl to be <size> bytes. This setting stays valid until a new value is set.

+ +

SSL_get_max_cert_list() returns the currently set maximum size for ssl.

+ +

NOTES

+ +

During the handshake process, the peer may send a certificate chain. The TLS/SSL standard does not give any maximum size of the certificate chain. The OpenSSL library handles incoming data by a dynamically allocated buffer. In order to prevent this buffer from growing without bounds due to data received from a faulty or malicious peer, a maximum size for the certificate chain is set.

+ +

The default value for the maximum certificate chain size is 100kB (30kB on the 16bit DOS platform). This should be sufficient for usual certificate chains (OpenSSL's default maximum chain length is 10, see SSL_CTX_set_verify(3), and certificates without special extensions have a typical size of 1-2kB).

+ +

For special applications it can be necessary to extend the maximum certificate chain size allowed to be sent by the peer, see e.g. the work on "Internet X.509 Public Key Infrastructure Proxy Certificate Profile" and "TLS Delegation Protocol" at http://www.ietf.org/ and http://www.globus.org/ .

+ +

Under normal conditions it should never be necessary to set a value smaller than the default, as the buffer is handled dynamically and only uses the memory actually required by the data sent by the peer.

+ +

If the maximum certificate chain size allowed is exceeded, the handshake will fail with a SSL_R_EXCESSIVE_MESSAGE_SIZE error.

+ +

RETURN VALUES

+ +

SSL_CTX_set_max_cert_list() and SSL_set_max_cert_list() return the previously set value.

+ +

SSL_CTX_get_max_cert_list() and SSL_get_max_cert_list() return the currently set value.

+ +

SEE ALSO

+ +

ssl(7), SSL_new(3), SSL_CTX_set_verify(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_min_proto_version.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_min_proto_version.html new file mode 100644 index 00000000..0c9c8846 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_min_proto_version.html @@ -0,0 +1,80 @@ + + + + +SSL_CTX_set_min_proto_version + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, SSL_set_min_proto_version, SSL_set_max_proto_version, SSL_get_min_proto_version, SSL_get_max_proto_version - Get and set minimum and maximum supported protocol version

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
+int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
+int SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
+int SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
+
+int SSL_set_min_proto_version(SSL *ssl, int version);
+int SSL_set_max_proto_version(SSL *ssl, int version);
+int SSL_get_min_proto_version(SSL *ssl);
+int SSL_get_max_proto_version(SSL *ssl);
+ +

DESCRIPTION

+ +

The functions get or set the minimum and maximum supported protocol versions for the ctx or ssl. This works in combination with the options set via SSL_CTX_set_options(3) that also make it possible to disable specific protocol versions. Use these functions instead of disabling specific protocol versions.

+ +

Setting the minimum or maximum version to 0, will enable protocol versions down to the lowest version, or up to the highest version supported by the library, respectively.

+ +

Getters return 0 in case ctx or ssl have been configured to automatically use the lowest or highest version supported by the library.

+ +

Currently supported versions are SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION, TLS1_2_VERSION, TLS1_3_VERSION for TLS and DTLS1_VERSION, DTLS1_2_VERSION for DTLS.

+ +

RETURN VALUES

+ +

These setter functions return 1 on success and 0 on failure. The getter functions return the configured version or 0 for auto-configuration of lowest or highest protocol, respectively.

+ +

NOTES

+ +

All these functions are implemented using macros.

+ +

SEE ALSO

+ +

SSL_CTX_set_options(3), SSL_CONF_cmd(3)

+ +

HISTORY

+ +

The setter functions were added in OpenSSL 1.1.0. The getter functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_mode.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_mode.html new file mode 100644 index 00000000..9fd3a569 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_mode.html @@ -0,0 +1,136 @@ + + + + +SSL_CTX_set_mode + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
+long SSL_CTX_clear_mode(SSL_CTX *ctx, long mode);
+long SSL_set_mode(SSL *ssl, long mode);
+long SSL_clear_mode(SSL *ssl, long mode);
+
+long SSL_CTX_get_mode(SSL_CTX *ctx);
+long SSL_get_mode(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_CTX_set_mode() adds the mode set via bitmask in mode to ctx. Options already set before are not cleared. SSL_CTX_clear_mode() removes the mode set via bitmask in mode from ctx.

+ +

SSL_set_mode() adds the mode set via bitmask in mode to ssl. Options already set before are not cleared. SSL_clear_mode() removes the mode set via bitmask in mode from ssl.

+ +

SSL_CTX_get_mode() returns the mode set for ctx.

+ +

SSL_get_mode() returns the mode set for ssl.

+ +

NOTES

+ +

The following mode changes are available:

+ +
+ +
SSL_MODE_ENABLE_PARTIAL_WRITE
+
+ +

Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success when just a single record has been written). This works in a similar way for SSL_write(). When not set (the default), SSL_write_ex() or SSL_write() will only report success once the complete chunk was written. Once SSL_write_ex() or SSL_write() returns successful, r bytes have been written and the next call to SSL_write_ex() or SSL_write() must only send the n-r bytes left, imitating the behaviour of write().

+ +
+
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
+
+ +

Make it possible to retry SSL_write_ex() or SSL_write() with changed buffer location (the buffer contents must stay the same). This is not the default to avoid the misconception that non-blocking SSL_write() behaves like non-blocking write().

+ +
+
SSL_MODE_AUTO_RETRY
+
+ +

During normal operations, non-application data records might need to be sent or received that the application is not aware of. If a non-application data record was processed, SSL_read_ex(3) and SSL_read(3) can return with a failure and indicate the need to retry with SSL_ERROR_WANT_READ. If such a non-application data record was processed, the flag SSL_MODE_AUTO_RETRY causes it to try to process the next record instead of returning.

+ +

In a non-blocking environment applications must be prepared to handle incomplete read/write operations. Setting SSL_MODE_AUTO_RETRY for a non-blocking BIO will process non-application data records until either no more data is available or an application data record has been processed.

+ +

In a blocking environment, applications are not always prepared to deal with the functions returning intermediate reports such as retry requests, and setting the SSL_MODE_AUTO_RETRY flag will cause the functions to only return after successfully processing an application data record or a failure.

+ +

Turning off SSL_MODE_AUTO_RETRY can be useful with blocking BIOs in case they are used in combination with something like select() or poll(). Otherwise the call to SSL_read() or SSL_read_ex() might hang when a non-application record was sent and no application data was sent.

+ +
+
SSL_MODE_RELEASE_BUFFERS
+
+ +

When we no longer need a read buffer or a write buffer for a given SSL, then release the memory we were using to hold it. Using this flag can save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections.

+ +
+
SSL_MODE_SEND_FALLBACK_SCSV
+
+ +

Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications that reconnect with a downgraded protocol version; see draft-ietf-tls-downgrade-scsv-00 for details.

+ +

DO NOT ENABLE THIS if your application attempts a normal handshake. Only use this in explicit fallback retries, following the guidance in draft-ietf-tls-downgrade-scsv-00.

+ +
+
SSL_MODE_ASYNC
+
+ +

Enable asynchronous processing. TLS I/O operations may indicate a retry with SSL_ERROR_WANT_ASYNC with this mode set if an asynchronous capable engine is used to perform cryptographic operations. See SSL_get_error(3).

+ +
+
SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG
+
+ +

Older versions of OpenSSL had a bug in the computation of the label length used for computing the endpoint-pair shared secret. The bug was that the terminating zero was included in the length of the label. Setting this option enables this behaviour to allow interoperability with such broken implementations. Please note that setting this option breaks interoperability with correct implementations. This option only applies to DTLS over SCTP.

+ +
+
+ +

All modes are off by default except for SSL_MODE_AUTO_RETRY which is on by default since 1.1.1.

+ +

RETURN VALUES

+ +

SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask after adding mode.

+ +

SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask.

+ +

SEE ALSO

+ +

ssl(7), SSL_read_ex(3), SSL_read(3), SSL_write_ex(3) or SSL_write(3), SSL_get_error(3)

+ +

HISTORY

+ +

SSL_MODE_ASYNC was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_msg_callback.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_msg_callback.html new file mode 100644 index 00000000..e5ea154d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_msg_callback.html @@ -0,0 +1,142 @@ + + + + +SSL_CTX_set_msg_callback + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_set_msg_callback_arg - install callback for observing protocol messages

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+                              void (*cb)(int write_p, int version,
+                                         int content_type, const void *buf,
+                                         size_t len, SSL *ssl, void *arg));
+void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+
+void SSL_set_msg_callback(SSL *ssl,
+                          void (*cb)(int write_p, int version,
+                                     int content_type, const void *buf,
+                                     size_t len, SSL *ssl, void *arg));
+void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
+ +

DESCRIPTION

+ +

SSL_CTX_set_msg_callback() or SSL_set_msg_callback() can be used to define a message callback function cb for observing all SSL/TLS protocol messages (such as handshake messages) that are received or sent, as well as other events that occur during processing. SSL_CTX_set_msg_callback_arg() and SSL_set_msg_callback_arg() can be used to set argument arg to the callback function, which is available for arbitrary application use.

+ +

SSL_CTX_set_msg_callback() and SSL_CTX_set_msg_callback_arg() specify default settings that will be copied to new SSL objects by SSL_new(3). SSL_set_msg_callback() and SSL_set_msg_callback_arg() modify the actual settings of an SSL object. Using a NULL pointer for cb disables the message callback.

+ +

When cb is called by the SSL/TLS library the function arguments have the following meaning:

+ +
+ +
write_p
+
+ +

This flag is 0 when a protocol message has been received and 1 when a protocol message has been sent.

+ +
+
version
+
+ +

The protocol version according to which the protocol message is interpreted by the library such as TLS1_3_VERSION, TLS1_2_VERSION etc. This is set to 0 for the SSL3_RT_HEADER pseudo content type (see NOTES below).

+ +
+
content_type
+
+ +

This is one of the content type values defined in the protocol specification (SSL3_RT_CHANGE_CIPHER_SPEC, SSL3_RT_ALERT, SSL3_RT_HANDSHAKE; but never SSL3_RT_APPLICATION_DATA because the callback will only be called for protocol messages). Alternatively it may be a "pseudo" content type. These pseudo content types are used to signal some other event in the processing of data (see NOTES below).

+ +
+
buf, len
+
+ +

buf points to a buffer containing the protocol message or other data (in the case of pseudo content types), which consists of len bytes. The buffer is no longer valid after the callback function has returned.

+ +
+
ssl
+
+ +

The SSL object that received or sent the message.

+ +
+
arg
+
+ +

The user-defined argument optionally defined by SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg().

+ +
+
+ +

NOTES

+ +

Protocol messages are passed to the callback function after decryption and fragment collection where applicable. (Thus record boundaries are not visible.)

+ +

If processing a received protocol message results in an error, the callback function may not be called. For example, the callback function will never see messages that are considered too large to be processed.

+ +

Due to automatic protocol version negotiation, version is not necessarily the protocol version used by the sender of the message: If a TLS 1.0 ClientHello message is received by an SSL 3.0-only server, version will be SSL3_VERSION.

+ +

Pseudo content type values may be sent at various points during the processing of data. The following pseudo content types are currently defined:

+ +
+ +
SSL3_RT_HEADER
+
+ +

Used when a record is sent or received. The buf contains the record header bytes only.

+ +
+
SSL3_RT_INNER_CONTENT_TYPE
+
+ +

Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3 records the content type in the record header is always SSL3_RT_APPLICATION_DATA. The real content type for the record is contained in an "inner" content type. buf contains the encoded "inner" content type byte.

+ +
+
+ +

RETURN VALUES

+ +

SSL_CTX_set_msg_callback(), SSL_CTX_set_msg_callback_arg(), SSL_set_msg_callback() and SSL_set_msg_callback_arg() do not return values.

+ +

SEE ALSO

+ +

ssl(7), SSL_new(3)

+ +

HISTORY

+ +

The pseudo content type SSL3_RT_INNER_CONTENT_TYPE was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_num_tickets.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_num_tickets.html new file mode 100644 index 00000000..f469f92b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_num_tickets.html @@ -0,0 +1,67 @@ + + + + +SSL_CTX_set_num_tickets + + + + + + + + + + +

NAME

+ +

SSL_set_num_tickets, SSL_get_num_tickets, SSL_CTX_set_num_tickets, SSL_CTX_get_num_tickets - control the number of TLSv1.3 session tickets that are issued

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_set_num_tickets(SSL *s, size_t num_tickets);
+size_t SSL_get_num_tickets(SSL *s);
+int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
+size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_set_num_tickets() and SSL_set_num_tickets() can be called for a server application and set the number of TLSv1.3 session tickets that will be sent to the client after a full handshake. Set the desired value (which could be 0) in the num_tickets argument. Typically these functions should be called before the start of the handshake.

+ +

The default number of tickets is 2; the default number of tickets sent following a resumption handshake is 1 but this cannot be changed using these functions. The number of tickets following a resumption handshake can be reduced to 0 using custom session ticket callbacks (see SSL_CTX_set_session_ticket_cb(3)).

+ +

Tickets are also issued on receipt of a post-handshake certificate from the client following a request by the server using SSL_verify_client_post_handshake(3). These new tickets will be associated with the updated client identity (i.e. including their certificate and verification status). The number of tickets issued will normally be the same as was used for the initial handshake. If the initial handshake was a full handshake then SSL_set_num_tickets() can be called again prior to calling SSL_verify_client_post_handshake() to update the number of tickets that will be sent.

+ +

SSL_CTX_get_num_tickets() and SSL_get_num_tickets() return the number of tickets set by a previous call to SSL_CTX_set_num_tickets() or SSL_set_num_tickets(), or 2 if no such call has been made.

+ +

RETURN VALUES

+ +

SSL_CTX_set_num_tickets() and SSL_set_num_tickets() return 1 on success or 0 on failure.

+ +

SSL_CTX_get_num_tickets() and SSL_get_num_tickets() return the number of tickets that have been previously set.

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_options.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_options.html new file mode 100644 index 00000000..cd6ea3b7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_options.html @@ -0,0 +1,350 @@ + + + + +SSL_CTX_set_options + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support - manipulate SSL options

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set_options(SSL_CTX *ctx, long options);
+long SSL_set_options(SSL *ssl, long options);
+
+long SSL_CTX_clear_options(SSL_CTX *ctx, long options);
+long SSL_clear_options(SSL *ssl, long options);
+
+long SSL_CTX_get_options(SSL_CTX *ctx);
+long SSL_get_options(SSL *ssl);
+
+long SSL_get_secure_renegotiation_support(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_CTX_set_options() adds the options set via bitmask in options to ctx. Options already set before are not cleared!

+ +

SSL_set_options() adds the options set via bitmask in options to ssl. Options already set before are not cleared!

+ +

SSL_CTX_clear_options() clears the options set via bitmask in options to ctx.

+ +

SSL_clear_options() clears the options set via bitmask in options to ssl.

+ +

SSL_CTX_get_options() returns the options set for ctx.

+ +

SSL_get_options() returns the options set for ssl.

+ +

SSL_get_secure_renegotiation_support() indicates whether the peer supports secure renegotiation. Note, this is implemented via a macro.

+ +

NOTES

+ +

The behaviour of the SSL library can be changed by setting several options. The options are coded as bitmasks and can be combined by a bitwise or operation (|).

+ +

SSL_CTX_set_options() and SSL_set_options() affect the (external) protocol behaviour of the SSL library. The (internal) behaviour of the API can be changed by using the similar SSL_CTX_set_mode(3) and SSL_set_mode() functions.

+ +

During a handshake, the option settings of the SSL object are used. When a new SSL object is created from a context using SSL_new(), the current option setting is copied. Changes to ctx do not affect already created SSL objects. SSL_clear() does not affect the settings.

+ +

The following bug workaround options are available:

+ +
+ +
SSL_OP_SAFARI_ECDHE_ECDSA_BUG
+
+ +

Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.

+ +
+
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+
+ +

Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers, which cannot be handled by some broken SSL implementations. This option has no effect for connections using other ciphers.

+ +
+
SSL_OP_TLSEXT_PADDING
+
+ +

Adds a padding extension to ensure the ClientHello size is never between 256 and 511 bytes in length. This is needed as a workaround for some implementations.

+ +
+
SSL_OP_ALL
+
+ +

All of the above bug workarounds plus SSL_OP_LEGACY_SERVER_CONNECT as mentioned below.

+ +
+
+ +

It is usually safe to use SSL_OP_ALL to enable the bug workaround options if compatibility with somewhat broken implementations is desired.

+ +

The following modifying options are available:

+ +
+ +
SSL_OP_TLS_ROLLBACK_BUG
+
+ +

Disable version rollback attack detection.

+ +

During the client key exchange, the client must send the same information about acceptable SSL/TLS protocol levels as during the first hello. Some clients violate this rule by adapting to the server's answer. (Example: the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server only understands up to SSLv3. In this case the client must still use the same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect to the server's answer and violate the version rollback protection.)

+ +
+
SSL_OP_CIPHER_SERVER_PREFERENCE
+
+ +

When choosing a cipher, use the server's preferences instead of the client preferences. When not set, the SSL server will always follow the clients preferences. When set, the SSL/TLS server will choose following its own preferences.

+ +
+
SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2
+
+ +

These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS, respectively. As of OpenSSL 1.1.0, these options are deprecated, use SSL_CTX_set_min_proto_version(3) and SSL_CTX_set_max_proto_version(3) instead.

+ +
+
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+
+ +

When performing renegotiation as a server, always start a new session (i.e., session resumption requests are only accepted in the initial handshake). This option is not needed for clients.

+ +
+
SSL_OP_NO_COMPRESSION
+
+ +

Do not use compression even if it is supported.

+ +
+
SSL_OP_NO_QUERY_MTU
+
+ +

Do not query the MTU. Only affects DTLS connections.

+ +
+ +
+ +

Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. Only affects DTLS connections.

+ +
+
SSL_OP_NO_TICKET
+
+ +

SSL/TLS supports two mechanisms for resuming sessions: session ids and stateless session tickets.

+ +

When using session ids a copy of the session information is cached on the server and a unique id is sent to the client. When the client wishes to resume it provides the unique id so that the server can retrieve the session information from its cache.

+ +

When using stateless session tickets the server uses a session ticket encryption key to encrypt the session information. This encrypted data is sent to the client as a "ticket". When the client wishes to resume it sends the encrypted data back to the server. The server uses its key to decrypt the data and resume the session. In this way the server can operate statelessly - no session information needs to be cached locally.

+ +

The TLSv1.3 protocol only supports tickets and does not directly support session ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful and stateless. Stateless tickets work the same way as in TLSv1.2 and below. Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. The session information is cached on the server and the session id is wrapped up in a ticket and sent back to the client. When the client wishes to resume, it presents a ticket in the same way as for stateless tickets. The server can then extract the session id from the ticket and retrieve the session information from its cache.

+ +

By default OpenSSL will use stateless tickets. The SSL_OP_NO_TICKET option will cause stateless tickets to not be issued. In TLSv1.2 and below this means no ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be sent. This is a server-side option only.

+ +

In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from being sent by calling SSL_CTX_set_num_tickets(3) or SSL_set_num_tickets(3).

+ +
+
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+
+ +

Allow legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See the SECURE RENEGOTIATION section for more details.

+ +
+
SSL_OP_LEGACY_SERVER_CONNECT
+
+ +

Allow legacy insecure renegotiation between OpenSSL and unpatched servers only: this option is currently set by default. See the SECURE RENEGOTIATION section for more details.

+ +
+
SSL_OP_NO_ENCRYPT_THEN_MAC
+
+ +

Normally clients and servers will transparently attempt to negotiate the RFC7366 Encrypt-then-MAC option on TLS and DTLS connection.

+ +

If this option is set, Encrypt-then-MAC is disabled. Clients will not propose, and servers will not accept the extension.

+ +
+
SSL_OP_NO_RENEGOTIATION
+
+ +

Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest messages, and ignore renegotiation requests via ClientHello.

+ +
+
SSL_OP_ALLOW_NO_DHE_KEX
+
+ +

In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session.

+ +
+
SSL_OP_PRIORITIZE_CHACHA
+
+ +

When SSL_OP_CIPHER_SERVER_PREFERENCE is set, temporarily reprioritize ChaCha20-Poly1305 ciphers to the top of the server cipher list if a ChaCha20-Poly1305 cipher is at the top of the client cipher list. This helps those clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher is anywhere in the server cipher list; but still allows other clients to use AES and other ciphers. Requires SSL_OP_CIPHER_SERVER_PREFERENCE.

+ +
+
SSL_OP_ENABLE_MIDDLEBOX_COMPAT
+
+ +

If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that do not understand TLSv1.3 will not drop the connection. Regardless of whether this option is set or not CCS messages received from the peer will always be ignored in TLSv1.3. This option is set by default. To switch it off use SSL_clear_options(). A future version of OpenSSL may not set this by default.

+ +
+
SSL_OP_NO_ANTI_REPLAY
+
+ +

By default, when a server is configured for early data (i.e., max_early_data > 0), OpenSSL will switch on replay protection. See SSL_read_early_data(3) for a description of the replay protection feature. Anti-replay measures are required to comply with the TLSv1.3 specification. Some applications may be able to mitigate the replay risks in other ways and in such cases the built in OpenSSL functionality is not required. Those applications can turn this feature off by setting this option. This is a server-side opton only. It is ignored by clients.

+ +
+
+ +

The following options no longer have any effect but their identifiers are retained for compatibility purposes:

+ +
+ +
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+
+ +
+
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+
+ +
+
SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+
+ +
+
SSL_OP_TLS_D5_BUG
+
+ +
+
SSL_OP_TLS_BLOCK_PADDING_BUG
+
+ +
+
SSL_OP_MSIE_SSLV2_RSA_PADDING
+
+ +
+
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+
+ +
+
SSL_OP_MICROSOFT_SESS_ID_BUG
+
+ +
+
SSL_OP_NETSCAPE_CHALLENGE_BUG
+
+ +
+
SSL_OP_PKCS1_CHECK_1
+
+ +
+
SSL_OP_PKCS1_CHECK_2
+
+ +
+
SSL_OP_SINGLE_DH_USE
+
+ +
+
SSL_OP_SINGLE_ECDH_USE
+
+ +
+
SSL_OP_EPHEMERAL_RSA
+
+ +
+
+ +

SECURE RENEGOTIATION

+ +

OpenSSL always attempts to use secure renegotiation as described in RFC5746. This counters the prefix attack described in CVE-2009-3555 and elsewhere.

+ +

This attack has far reaching consequences which application writers should be aware of. In the description below an implementation supporting secure renegotiation is referred to as patched. A server not supporting secure renegotiation is referred to as unpatched.

+ +

The following sections describe the operations permitted by OpenSSL's secure renegotiation implementation.

+ +

Patched client and server

+ +

Connections and renegotiation are always permitted by OpenSSL implementations.

+ +

Unpatched client and patched OpenSSL server

+ +

The initial connection succeeds but client renegotiation is denied by the server with a no_renegotiation warning alert if TLS v1.0 is used or a fatal handshake_failure alert in SSL v3.0.

+ +

If the patched OpenSSL server attempts to renegotiate a fatal handshake_failure alert is sent. This is because the server code may be unaware of the unpatched nature of the client.

+ +

If the option SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is set then renegotiation always succeeds.

+ +

Patched OpenSSL client and unpatched server.

+ +

If the option SSL_OP_LEGACY_SERVER_CONNECT or SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is set then initial connections and renegotiation between patched OpenSSL clients and unpatched servers succeeds. If neither option is set then initial connections to unpatched servers will fail.

+ +

The option SSL_OP_LEGACY_SERVER_CONNECT is currently set by default even though it has security implications: otherwise it would be impossible to connect to unpatched servers (i.e. all of them initially) and this is clearly not acceptable. Renegotiation is permitted because this does not add any additional security issues: during an attack clients do not see any renegotiations anyway.

+ +

As more servers become patched the option SSL_OP_LEGACY_SERVER_CONNECT will not be set by default in a future version of OpenSSL.

+ +

OpenSSL client applications wishing to ensure they can connect to unpatched servers should always set SSL_OP_LEGACY_SERVER_CONNECT

+ +

OpenSSL client applications that want to ensure they can not connect to unpatched servers (and thus avoid any security issues) should always clear SSL_OP_LEGACY_SERVER_CONNECT using SSL_CTX_clear_options() or SSL_clear_options().

+ +

The difference between the SSL_OP_LEGACY_SERVER_CONNECT and SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION options is that SSL_OP_LEGACY_SERVER_CONNECT enables initial connections and secure renegotiation between OpenSSL clients and unpatched servers only, while SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION allows initial connections and renegotiation between OpenSSL and unpatched clients or servers.

+ +

RETURN VALUES

+ +

SSL_CTX_set_options() and SSL_set_options() return the new options bitmask after adding options.

+ +

SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask after clearing options.

+ +

SSL_CTX_get_options() and SSL_get_options() return the current bitmask.

+ +

SSL_get_secure_renegotiation_support() returns 1 is the peer supports secure renegotiation and 0 if it does not.

+ +

SEE ALSO

+ +

ssl(7), SSL_new(3), SSL_clear(3), SSL_CTX_set_tmp_dh_callback(3), SSL_CTX_set_min_proto_version(3), dhparam(1)

+ +

HISTORY

+ +

The attempt to always try to use secure renegotiation was added in OpenSSL 0.9.8m.

+ +

The SSL_OP_PRIORITIZE_CHACHA and SSL_OP_NO_RENEGOTIATION options were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_psk_client_callback.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_psk_client_callback.html new file mode 100644 index 00000000..ecc81231 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_psk_client_callback.html @@ -0,0 +1,143 @@ + + + + +SSL_CTX_set_psk_client_callback + + + + + + + + + + +

NAME

+ +

SSL_psk_client_cb_func, SSL_psk_use_session_cb_func, SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback, SSL_CTX_set_psk_use_session_callback, SSL_set_psk_use_session_callback - set PSK client callback

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md,
+                                           const unsigned char **id,
+                                           size_t *idlen,
+                                           SSL_SESSION **sess);
+
+
+void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
+                                          SSL_psk_use_session_cb_func cb);
+void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
+
+
+typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl,
+                                               const char *hint,
+                                               char *identity,
+                                               unsigned int max_identity_len,
+                                               unsigned char *psk,
+                                               unsigned int max_psk_len);
+
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb);
+void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb);
+ +

DESCRIPTION

+ +

A client application wishing to use TLSv1.3 PSKs should use either SSL_CTX_set_psk_use_session_callback() or SSL_set_psk_use_session_callback() as appropriate. These functions cannot be used for TLSv1.2 and below PSKs.

+ +

The callback function is given a pointer to the SSL connection in ssl.

+ +

The first time the callback is called for a connection the md parameter is NULL. In some circumstances the callback will be called a second time. In that case the server will have specified a ciphersuite to use already and the PSK must be compatible with the digest for that ciphersuite. The digest will be given in md. The PSK returned by the callback is allowed to be different between the first and second time it is called.

+ +

On successful completion the callback must store a pointer to an identifier for the PSK in *id. The identifier length in bytes should be stored in *idlen. The memory pointed to by *id remains owned by the application and should be freed by it as required at any point after the handshake is complete.

+ +

Additionally the callback should store a pointer to an SSL_SESSION object in *sess. This is used as the basis for the PSK, and should, at a minimum, have the following fields set:

+ +
+ +
The master key
+
+ +

This can be set via a call to SSL_SESSION_set1_master_key(3).

+ +
+
A ciphersuite
+
+ +

Only the handshake digest associated with the ciphersuite is relevant for the PSK (the server may go on to negotiate any ciphersuite which is compatible with the digest). The application can use any TLSv1.3 ciphersuite. If md is not NULL the handshake digest for the ciphersuite should be the same. The ciphersuite can be set via a call to <SSL_SESSION_set_cipher(3)>. The handshake digest of an SSL_CIPHER object can be checked using <SSL_CIPHER_get_handshake_digest(3)>.

+ +
+
The protocol version
+
+ +

This can be set via a call to SSL_SESSION_set_protocol_version(3) and should be TLS1_3_VERSION.

+ +
+
+ +

Additionally the maximum early data value should be set via a call to SSL_SESSION_set_max_early_data(3) if the PSK will be used for sending early data.

+ +

Alternatively an SSL_SESSION created from a previous non-PSK handshake may also be used as the basis for a PSK.

+ +

Ownership of the SSL_SESSION object is passed to the OpenSSL library and so it should not be freed by the application.

+ +

It is also possible for the callback to succeed but not supply a PSK. In this case no PSK will be sent to the server but the handshake will continue. To do this the callback should return successfully and ensure that *sess is NULL. The contents of *id and *idlen will be ignored.

+ +

A client application wishing to use PSK ciphersuites for TLSv1.2 and below must provide a different callback function. This function will be called when the client is sending the ClientKeyExchange message to the server.

+ +

The purpose of the callback function is to select the PSK identity and the pre-shared key to use during the connection setup phase.

+ +

The callback is set using functions SSL_CTX_set_psk_client_callback() or SSL_set_psk_client_callback(). The callback function is given the connection in parameter ssl, a NULL-terminated PSK identity hint sent by the server in parameter hint, a buffer identity of length max_identity_len bytes where the resulting NUL-terminated identity is to be stored, and a buffer psk of length max_psk_len bytes where the resulting pre-shared key is to be stored.

+ +

The callback for use in TLSv1.2 will also work in TLSv1.3 although it is recommended to use SSL_CTX_set_psk_use_session_callback() or SSL_set_psk_use_session_callback() for this purpose instead. If TLSv1.3 has been negotiated then OpenSSL will first check to see if a callback has been set via SSL_CTX_set_psk_use_session_callback() or SSL_set_psk_use_session_callback() and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via SSL_CTX_set_psk_client_callback() or SSL_set_psk_client_callback() and use that. In this case the hint value will always be NULL and the handshake digest will default to SHA-256 for any returned PSK.

+ +

NOTES

+ +

Note that parameter hint given to the callback may be NULL.

+ +

A connection established via a TLSv1.3 PSK will appear as if session resumption has occurred so that SSL_session_reused(3) will return true.

+ +

There are no known security issues with sharing the same PSK between TLSv1.2 (or below) and TLSv1.3. However the RFC has this note of caution:

+ +

"While there is no known way in which the same PSK might produce related output in both versions, only limited analysis has been done. Implementations can ensure safety from cross-protocol related output by not reusing PSKs between TLS 1.3 and TLS 1.2."

+ +

RETURN VALUES

+ +

Return values from the SSL_psk_client_cb_func callback are interpreted as follows:

+ +

On success (callback found a PSK identity and a pre-shared key to use) the length (> 0) of psk in bytes is returned.

+ +

Otherwise or on errors the callback should return 0. In this case the connection setup fails.

+ +

The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on failure. In the event of failure the connection setup fails.

+ +

SEE ALSO

+ +

SSL_CTX_set_psk_find_session_callback(3), SSL_set_psk_find_session_callback(3)

+ +

HISTORY

+ +

SSL_CTX_set_psk_use_session_callback() and SSL_set_psk_use_session_callback() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_quiet_shutdown.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_quiet_shutdown.html new file mode 100644 index 00000000..8e7e9103 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_quiet_shutdown.html @@ -0,0 +1,77 @@ + + + + +SSL_CTX_set_quiet_shutdown + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown - manipulate shutdown behaviour

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
+
+void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+int SSL_get_quiet_shutdown(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_CTX_set_quiet_shutdown() sets the "quiet shutdown" flag for ctx to be mode. SSL objects created from ctx inherit the mode valid at the time SSL_new(3) is called. mode may be 0 or 1.

+ +

SSL_CTX_get_quiet_shutdown() returns the "quiet shutdown" setting of ctx.

+ +

SSL_set_quiet_shutdown() sets the "quiet shutdown" flag for ssl to be mode. The setting stays valid until ssl is removed with SSL_free(3) or SSL_set_quiet_shutdown() is called again. It is not changed when SSL_clear(3) is called. mode may be 0 or 1.

+ +

SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of ssl.

+ +

NOTES

+ +

Normally when a SSL connection is finished, the parties must send out close_notify alert messages using SSL_shutdown(3) for a clean shutdown.

+ +

When setting the "quiet shutdown" flag to 1, SSL_shutdown(3) will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. (SSL_shutdown(3) then behaves like SSL_set_shutdown(3) called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) The session is thus considered to be shutdown, but no close_notify alert is sent to the peer. This behaviour violates the TLS standard.

+ +

The default is normal shutdown behaviour as described by the TLS standard.

+ +

RETURN VALUES

+ +

SSL_CTX_set_quiet_shutdown() and SSL_set_quiet_shutdown() do not return diagnostic information.

+ +

SSL_CTX_get_quiet_shutdown() and SSL_get_quiet_shutdown return the current setting.

+ +

SEE ALSO

+ +

ssl(7), SSL_shutdown(3), SSL_set_shutdown(3), SSL_new(3), SSL_clear(3), SSL_free(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_read_ahead.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_read_ahead.html new file mode 100644 index 00000000..9f7ba2da --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_read_ahead.html @@ -0,0 +1,72 @@ + + + + +SSL_CTX_set_read_ahead + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead, SSL_CTX_get_default_read_ahead - manage whether to read as many input bytes as possible

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_set_read_ahead(SSL *s, int yes);
+int SSL_get_read_ahead(const SSL *s);
+
+SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes);
+long SSL_CTX_get_read_ahead(SSL_CTX *ctx);
+long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as many input bytes as possible (for non-blocking reads) or not. For example if x bytes are currently required by OpenSSL, but y bytes are available from the underlying BIO (where y > x), then OpenSSL will read all y bytes into its buffer (providing that the buffer is large enough) if reading ahead is on, or x bytes otherwise. Setting the parameter yes to 0 turns reading ahead is off, other values turn it on. SSL_CTX_set_default_read_ahead() is identical to SSL_CTX_set_read_ahead().

+ +

SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading ahead has been set or not. SSL_CTX_get_default_read_ahead() is identical to SSL_CTX_get_read_ahead().

+ +

NOTES

+ +

These functions have no impact when used with DTLS. The return values for SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS. Setting read_ahead can impact the behaviour of the SSL_pending() function (see SSL_pending(3)).

+ +

Since SSL_read() can return SSL_ERROR_WANT_READ for non-application data records, and SSL_has_pending() can't tell the difference between processed and unprocessed data, it's recommended that if read ahead is turned on that SSL_MODE_AUTO_RETRY is not turned off using SSL_CTX_clear_mode(). That will prevent getting SSL_ERROR_WANT_READ when there is still a complete record available that hasn't been processed.

+ +

If the application wants to continue to use the underlying transport (e.g. TCP connection) after the SSL connection is finished using SSL_shutdown() reading ahead should be turned off. Otherwise the SSL structure might read data that it shouldn't.

+ +

RETURN VALUES

+ +

SSL_get_read_ahead() and SSL_CTX_get_read_ahead() return 0 if reading ahead is off, and non zero otherwise.

+ +

SEE ALSO

+ +

ssl(7), SSL_pending(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_record_padding_callback.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_record_padding_callback.html new file mode 100644 index 00000000..b61277b2 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_record_padding_callback.html @@ -0,0 +1,94 @@ + + + + +SSL_CTX_set_record_padding_callback + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_record_padding_callback, SSL_set_record_padding_callback, SSL_CTX_set_record_padding_callback_arg, SSL_set_record_padding_callback_arg, SSL_CTX_get_record_padding_callback_arg, SSL_get_record_padding_callback_arg, SSL_CTX_set_block_padding, SSL_set_block_padding - install callback to specify TLS 1.3 record padding

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg));
+void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg));
+
+void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
+void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx);
+
+void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
+void *SSL_get_record_padding_callback_arg(const SSL *ssl);
+
+int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
+int SSL_set_block_padding(SSL *ssl, size_t block_size);
+ +

DESCRIPTION

+ +

SSL_CTX_set_record_padding_callback() or SSL_set_record_padding_callback() can be used to assign a callback function cb to specify the padding for TLS 1.3 records. The value set in ctx is copied to a new SSL by SSL_new().

+ +

SSL_CTX_set_record_padding_callback_arg() and SSL_set_record_padding_callback_arg() assign a value arg that is passed to the callback when it is invoked. The value set in ctx is copied to a new SSL by SSL_new().

+ +

SSL_CTX_get_record_padding_callback_arg() and SSL_get_record_padding_callback_arg() retrieve the arg value that is passed to the callback.

+ +

SSL_CTX_set_block_padding() and SSL_set_block_padding() pads the record to a multiple of the block_size. A block_size of 0 or 1 disables block padding. The limit of block_size is SSL3_RT_MAX_PLAIN_LENGTH.

+ +

The callback is invoked for every record before encryption. The type parameter is the TLS record type that is being processed; may be one of SSL3_RT_APPLICATION_DATA, SSL3_RT_HANDSHAKE, or SSL3_RT_ALERT. The len parameter is the current plaintext length of the record before encryption. The arg parameter is the value set via SSL_CTX_set_record_padding_callback_arg() or SSL_set_record_padding_callback_arg().

+ +

RETURN VALUES

+ +

The SSL_CTX_get_record_padding_callback_arg() and SSL_get_record_padding_callback_arg() functions return the arg value assigned in the corresponding set functions.

+ +

The SSL_CTX_set_block_padding() and SSL_set_block_padding() functions return 1 on success or 0 if block_size is too large.

+ +

The cb returns the number of padding bytes to add to the record. A return of 0 indicates no padding will be added. A return value that causes the record to exceed the maximum record size (SSL3_RT_MAX_PLAIN_LENGTH) will pad out to the maximum record size.

+ +

NOTES

+ +

The default behavior is to add no padding to the record.

+ +

A user-supplied padding callback function will override the behavior set by SSL_set_block_padding() or SSL_CTX_set_block_padding(). Setting the user-supplied callback to NULL will restore the configured block padding behavior.

+ +

These functions only apply to TLS 1.3 records being written.

+ +

Padding bytes are not added in constant-time.

+ +

SEE ALSO

+ +

ssl(7), SSL_new(3)

+ +

HISTORY

+ +

The record padding API was added for TLS 1.3 support in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_security_level.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_security_level.html new file mode 100644 index 00000000..18e730d4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_security_level.html @@ -0,0 +1,167 @@ + + + + +SSL_CTX_set_security_level + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, SSL_get_security_level, SSL_CTX_set_security_callback, SSL_set_security_callback, SSL_CTX_get_security_callback, SSL_get_security_callback, SSL_CTX_set0_security_ex_data, SSL_set0_security_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data - SSL/TLS security framework

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
+void SSL_set_security_level(SSL *s, int level);
+
+int SSL_CTX_get_security_level(const SSL_CTX *ctx);
+int SSL_get_security_level(const SSL *s);
+
+void SSL_CTX_set_security_callback(SSL_CTX *ctx,
+                                   int (*cb)(SSL *s, SSL_CTX *ctx, int op,
+                                             int bits, int nid,
+                                             void *other, void *ex));
+
+void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op,
+                                                 int bits, int nid,
+                                                 void *other, void *ex));
+
+int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op,
+                                                         int bits, int nid, void *other,
+                                                         void *ex);
+int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op,
+                                               int bits, int nid, void *other,
+                                               void *ex);
+
+void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
+void SSL_set0_security_ex_data(SSL *s, void *ex);
+
+void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
+void *SSL_get0_security_ex_data(const SSL *s);
+ +

DESCRIPTION

+ +

The functions SSL_CTX_set_security_level() and SSL_set_security_level() set the security level to level. If not set the library default security level is used.

+ +

The functions SSL_CTX_get_security_level() and SSL_get_security_level() retrieve the current security level.

+ +

SSL_CTX_set_security_callback(), SSL_set_security_callback(), SSL_CTX_get_security_callback() and SSL_get_security_callback() get or set the security callback associated with ctx or s. If not set a default security callback is used. The meaning of the parameters and the behaviour of the default callbacks is described below.

+ +

SSL_CTX_set0_security_ex_data(), SSL_set0_security_ex_data(), SSL_CTX_get0_security_ex_data() and SSL_get0_security_ex_data() set the extra data pointer passed to the ex parameter of the callback. This value is passed to the callback verbatim and can be set to any convenient application specific value.

+ +

DEFAULT CALLBACK BEHAVIOUR

+ +

If an application doesn't set its own security callback the default callback is used. It is intended to provide sane defaults. The meaning of each level is described below.

+ +
+ +
Level 0
+
+ +

Everything is permitted. This retains compatibility with previous versions of OpenSSL.

+ +
+
Level 1
+
+ +

The security level corresponds to a minimum of 80 bits of security. Any parameters offering below 80 bits of security are excluded. As a result RSA, DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits are prohibited. All export cipher suites are prohibited since they all offer less than 80 bits of security. SSL version 2 is prohibited. Any cipher suite using MD5 for the MAC is also prohibited.

+ +
+
Level 2
+
+ +

Security level set to 112 bits of security. As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. In addition to the level 1 exclusions any cipher suite using RC4 is also prohibited. SSL version 3 is also not allowed. Compression is disabled.

+ +
+
Level 3
+
+ +

Security level set to 128 bits of security. As a result RSA, DSA and DH keys shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited. In addition to the level 2 exclusions cipher suites not offering forward secrecy are prohibited. TLS versions below 1.1 are not permitted. Session tickets are disabled.

+ +
+
Level 4
+
+ +

Security level set to 192 bits of security. As a result RSA, DSA and DH keys shorter than 7680 bits and ECC keys shorter than 384 bits are prohibited. Cipher suites using SHA1 for the MAC are prohibited. TLS versions below 1.2 are not permitted.

+ +
+
Level 5
+
+ +

Security level set to 256 bits of security. As a result RSA, DSA and DH keys shorter than 15360 bits and ECC keys shorter than 512 bits are prohibited.

+ +
+
+ +

APPLICATION DEFINED SECURITY CALLBACKS

+ +

Documentation to be provided.

+ +

NOTES

+ +

WARNING at this time setting the security level higher than 1 for general internet use is likely to cause considerable interoperability issues and is not recommended. This is because the SHA1 algorithm is very widely used in certificates and will be rejected at levels higher than 1 because it only offers 80 bits of security.

+ +

The default security level can be configured when OpenSSL is compiled by setting -DOPENSSL_TLS_SECURITY_LEVEL=level. If not set then 1 is used.

+ +

The security framework disables or reject parameters inconsistent with the set security level. In the past this was difficult as applications had to set a number of distinct parameters (supported ciphers, supported curves supported signature algorithms) to achieve this end and some cases (DH parameter size for example) could not be checked at all.

+ +

By setting an appropriate security level much of this complexity can be avoided.

+ +

The bits of security limits affect all relevant parameters including cipher suite encryption algorithms, supported ECC curves, supported signature algorithms, DH parameter sizes, certificate key sizes and signature algorithms. This limit applies no matter what other custom settings an application has set: so if the cipher suite is set to ALL then only cipher suites consistent with the security level are permissible.

+ +

See SP800-57 for how the security limits are related to individual algorithms.

+ +

Some security levels require large key sizes for non-ECC public key algorithms which can severely degrade performance. For example 256 bits of security requires the use of RSA keys of at least 15360 bits in size.

+ +

Some restrictions can be gracefully handled: for example cipher suites offering insufficient security are not sent by the client and will not be selected by the server. Other restrictions such as the peer certificate key size or the DH parameter size will abort the handshake with a fatal alert.

+ +

Attempts to set certificates or parameters with insufficient security are also blocked. For example trying to set a certificate using a 512 bit RSA key using SSL_CTX_use_certificate() at level 1. Applications which do not check the return values for errors will misbehave: for example it might appear that a certificate is not set at all because it had been rejected.

+ +

RETURN VALUES

+ +

SSL_CTX_set_security_level() and SSL_set_security_level() do not return values.

+ +

SSL_CTX_get_security_level() and SSL_get_security_level() return a integer that represents the security level with SSL_CTX or SSL, respectively.

+ +

SSL_CTX_set_security_callback() and SSL_set_security_callback() do not return values.

+ +

SSL_CTX_get_security_callback() and SSL_get_security_callback() return the pointer to the security callback or NULL if the callback is not set.

+ +

SSL_CTX_get0_security_ex_data() and SSL_get0_security_ex_data() return the extra data pointer or NULL if the ex data is not set.

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_session_cache_mode.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_session_cache_mode.html new file mode 100644 index 00000000..75d89689 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_session_cache_mode.html @@ -0,0 +1,128 @@ + + + + +SSL_CTX_set_session_cache_mode + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode - enable/disable session caching

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode);
+long SSL_CTX_get_session_cache_mode(SSL_CTX ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_set_session_cache_mode() enables/disables session caching by setting the operational mode for ctx to <mode>.

+ +

SSL_CTX_get_session_cache_mode() returns the currently used cache mode.

+ +

NOTES

+ +

The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse. The sessions can be held in memory for each ctx, if more than one SSL_CTX object is being maintained, the sessions are unique for each SSL_CTX object.

+ +

In order to reuse a session, a client must send the session's id to the server. It can only send exactly one id. The server then either agrees to reuse the session or it starts a full handshake (to create a new session).

+ +

A server will look up the session in its internal session storage. If the session is not found in internal storage or lookups for the internal storage have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try the external storage if available.

+ +

Since a client may try to reuse a session intended for use in a different context, the session id context must be set by the server (see SSL_CTX_set_session_id_context(3)).

+ +

The following session cache modes and modifiers are available:

+ +
+ +
SSL_SESS_CACHE_OFF
+
+ +

No session caching for client or server takes place.

+ +
+
SSL_SESS_CACHE_CLIENT
+
+ +

Client sessions are added to the session cache. As there is no reliable way for the OpenSSL library to know whether a session should be reused or which session to choose (due to the abstract BIO layer the SSL engine does not have details about the connection), the application must select the session to be reused by using the SSL_set_session(3) function. This option is not activated by default.

+ +
+
SSL_SESS_CACHE_SERVER
+
+ +

Server sessions are added to the session cache. When a client proposes a session to be reused, the server looks for the corresponding session in (first) the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set), then (second) in the external cache if available. If the session is found, the server will try to reuse the session. This is the default.

+ +
+
SSL_SESS_CACHE_BOTH
+
+ +

Enable both SSL_SESS_CACHE_CLIENT and SSL_SESS_CACHE_SERVER at the same time.

+ +
+
SSL_SESS_CACHE_NO_AUTO_CLEAR
+
+ +

Normally the session cache is checked for expired sessions every 255 connections using the SSL_CTX_flush_sessions(3) function. Since this may lead to a delay which cannot be controlled, the automatic flushing may be disabled and SSL_CTX_flush_sessions(3) can be called explicitly by the application.

+ +
+
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+
+ +

By setting this flag, session-resume operations in an SSL/TLS server will not automatically look up sessions in the internal cache, even if sessions are automatically stored there. If external session caching callbacks are in use, this flag guarantees that all lookups are directed to the external cache. As automatic lookup only applies for SSL/TLS servers, the flag has no effect on clients.

+ +
+
SSL_SESS_CACHE_NO_INTERNAL_STORE
+
+ +

Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER, sessions negotiated in an SSL/TLS handshake may be cached for possible reuse. Normally a new session is added to the internal cache as well as any external session caching (callback) that is configured for the SSL_CTX. This flag will prevent sessions being stored in the internal cache (though the application can add them manually using SSL_CTX_add_session(3)). Note: in any SSL/TLS servers where external caching is configured, any successful session lookups in the external cache (ie. for session-resume requests) would normally be copied into the local cache before processing continues - this flag prevents these additions to the internal cache as well.

+ +
+
SSL_SESS_CACHE_NO_INTERNAL
+
+ +

Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.

+ +
+
+ +

The default mode is SSL_SESS_CACHE_SERVER.

+ +

RETURN VALUES

+ +

SSL_CTX_set_session_cache_mode() returns the previously set cache mode.

+ +

SSL_CTX_get_session_cache_mode() returns the currently set cache mode.

+ +

SEE ALSO

+ +

ssl(7), SSL_set_session(3), SSL_session_reused(3), SSL_CTX_add_session(3), SSL_CTX_sess_number(3), SSL_CTX_sess_set_cache_size(3), SSL_CTX_sess_set_get_cb(3), SSL_CTX_set_session_id_context(3), SSL_CTX_set_timeout(3), SSL_CTX_flush_sessions(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_session_id_context.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_session_id_context.html new file mode 100644 index 00000000..ca281b2c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_session_id_context.html @@ -0,0 +1,95 @@ + + + + +SSL_CTX_set_session_id_context + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_session_id_context, SSL_set_session_id_context - set context within which session can be reused (server side only)

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                   unsigned int sid_ctx_len);
+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+                               unsigned int sid_ctx_len);
+ +

DESCRIPTION

+ +

SSL_CTX_set_session_id_context() sets the context sid_ctx of length sid_ctx_len within which a session can be reused for the ctx object.

+ +

SSL_set_session_id_context() sets the context sid_ctx of length sid_ctx_len within which a session can be reused for the ssl object.

+ +

NOTES

+ +

Sessions are generated within a certain context. When exporting/importing sessions with i2d_SSL_SESSION/d2i_SSL_SESSION it would be possible, to re-import a session generated from another context (e.g. another application), which might lead to malfunctions. Therefore each application must set its own session id context sid_ctx which is used to distinguish the contexts and is stored in exported sessions. The sid_ctx can be any kind of binary data with a given length, it is therefore possible to use e.g. the name of the application and/or the hostname and/or service name ...

+ +

The session id context becomes part of the session. The session id context is set by the SSL/TLS server. The SSL_CTX_set_session_id_context() and SSL_set_session_id_context() functions are therefore only useful on the server side.

+ +

OpenSSL clients will check the session id context returned by the server when reusing a session.

+ +

The maximum length of the sid_ctx is limited to SSL_MAX_SID_CTX_LENGTH.

+ +

WARNINGS

+ +

If the session id context is not set on an SSL/TLS server and client certificates are used, stored sessions will not be reused but a fatal error will be flagged and the handshake will fail.

+ +

If a server returns a different session id context to an OpenSSL client when reusing a session, an error will be flagged and the handshake will fail. OpenSSL servers will always return the correct session id context, as an OpenSSL server checks the session id context itself before reusing a session as described above.

+ +

RETURN VALUES

+ +

SSL_CTX_set_session_id_context() and SSL_set_session_id_context() return the following values:

+ +
+ +
0
+
+ +

The length sid_ctx_len of the session id context sid_ctx exceeded the maximum allowed length of SSL_MAX_SID_CTX_LENGTH. The error is logged to the error stack.

+ +
+
1
+
+ +

The operation succeeded.

+ +
+
+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_session_ticket_cb.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_session_ticket_cb.html new file mode 100644 index 00000000..d2ba22ca --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_session_ticket_cb.html @@ -0,0 +1,169 @@ + + + + +SSL_CTX_set_session_ticket_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_session_ticket_cb, SSL_SESSION_get0_ticket_appdata, SSL_SESSION_set1_ticket_appdata, SSL_CTX_generate_session_ticket_fn, SSL_CTX_decrypt_session_ticket_fn - manage session ticket application data

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg);
+typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss,
+                                                               const unsigned char *keyname,
+                                                               size_t keyname_len,
+                                                               SSL_TICKET_STATUS status,
+                                                               void *arg);
+int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
+                                  SSL_CTX_generate_session_ticket_fn gen_cb,
+                                  SSL_CTX_decrypt_session_ticket_fn dec_cb,
+                                  void *arg);
+int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len);
+int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len);
+ +

DESCRIPTION

+ +

SSL_CTX_set_set_session_ticket_cb() sets the application callbacks gen_cb and dec_cb that are used by a server to set and get application data stored with a session, and placed into a session ticket. Either callback function may be set to NULL. The value of arg is passed to the callbacks.

+ +

gen_cb is the application defined callback invoked when a session ticket is about to be created. The application can call SSL_SESSION_set1_ticket_appdata() at this time to add application data to the session ticket. The value of arg is the same as that given to SSL_CTX_set_session_ticket_cb(). The gen_cb callback is defined as type SSL_CTX_generate_session_ticket_fn.

+ +

dec_cb is the application defined callback invoked after session ticket decryption has been attempted and any session ticket application data is available. If ticket decryption was successful then the ss argument contains the session data. The keyname and keyname_len arguments identify the key used to decrypt the session ticket. The status argument is the result of the ticket decryption. See the NOTES section below for further details. The value of arg is the same as that given to SSL_CTX_set_session_ticket_cb(). The dec_cb callback is defined as type SSL_CTX_decrypt_session_ticket_fn.

+ +

SSL_SESSION_set1_ticket_appdata() sets the application data specified by data and len into ss which is then placed into any generated session tickets. It can be called at any time before a session ticket is created to update the data placed into the session ticket. However, given that sessions and tickets are created by the handshake, the gen_cb is provided to notify the application that a session ticket is about to be generated.

+ +

SSL_SESSION_get0_ticket_appdata() assigns data to the session ticket application data and assigns len to the length of the session ticket application data from ss. The application data can be set via SSL_SESSION_set1_ticket_appdata() or by a session ticket. NULL will be assigned to data and 0 will be assigned to len if there is no session ticket application data. SSL_SESSION_get0_ticket_appdata() can be called any time after a session has been created. The dec_cb is provided to notify the application that a session ticket has just been decrypted.

+ +

NOTES

+ +

When the dec_cb callback is invoked, the SSL_SESSION ss has not yet been assigned to the SSL s. The status indicates the result of the ticket decryption. The callback must check the status value before performing any action, as it is called even if ticket decryption fails.

+ +

The keyname and keyname_len arguments to dec_cb may be used to identify the key that was used to encrypt the session ticket.

+ +

The status argument can be any of these values:

+ +
+ +
SSL_TICKET_EMPTY
+
+ +

Empty ticket present. No ticket data will be used and a new ticket should be sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not valid for a client to send an empty ticket.

+ +
+
SSL_TICKET_NO_DECRYPT
+
+ +

The ticket couldn't be decrypted. No ticket data will be used and a new ticket should be sent to the client.

+ +
+
SSL_TICKET_SUCCESS
+
+ +

A ticket was successfully decrypted, any session ticket application data should be available. A new ticket should not be sent to the client.

+ +
+
SSL_TICKET_SUCCESS_RENEW
+
+ +

Same as SSL_TICKET_SUCCESS, but a new ticket should be sent to the client.

+ +
+
+ +

The return value can be any of these values:

+ +
+ +
SSL_TICKET_RETURN_ABORT
+
+ +

The handshake should be aborted, either because of an error or because of some policy. Note that in TLSv1.3 a client may send more than one ticket in a single handshake. Therefore just because one ticket is unacceptable it does not mean that all of them are. For this reason this option should be used with caution.

+ +
+
SSL_TICKET_RETURN_IGNORE
+
+ +

Do not use a ticket (if one was available). Do not send a renewed ticket to the client.

+ +
+
SSL_TICKET_RETURN_IGNORE_RENEW
+
+ +

Do not use a ticket (if one was available). Send a renewed ticket to the client.

+ +

If the callback does not wish to change the default ticket behaviour then it should return this value if status is SSL_TICKET_EMPTY or SSL_TICKET_NO_DECRYPT.

+ +
+
SSL_TICKET_RETURN_USE
+
+ +

Use the ticket. Do not send a renewed ticket to the client. It is an error for the callback to return this value if status has a value other than SSL_TICKET_SUCCESS or SSL_TICKET_SUCCESS_RENEW.

+ +

If the callback does not wish to change the default ticket behaviour then it should return this value if status is SSL_TICKET_SUCCESS.

+ +
+
SSL_TICKET_RETURN_USE_RENEW
+
+ +

Use the ticket. Send a renewed ticket to the client. It is an error for the callback to return this value if status has a value other than SSL_TICKET_SUCCESS or SSL_TICKET_SUCCESS_RENEW.

+ +

If the callback does not wish to change the default ticket behaviour then it should return this value if status is SSL_TICKET_SUCCESS_RENEW.

+ +
+
+ +

If status has the value SSL_TICKET_EMPTY or SSL_TICKET_NO_DECRYPT then no session data will be available and the callback must not use the ss argument. If status has the value SSL_TICKET_SUCCESS or SSL_TICKET_SUCCESS_RENEW then the application can call SSL_SESSION_get0_ticket_appdata() using the session provided in the ss argument to retrieve the application data.

+ +

When the gen_cb callback is invoked, the SSL_get_session() function can be used to retrieve the SSL_SESSION for SSL_SESSION_set1_ticket_appdata().

+ +

By default, in TLSv1.2 and below, a new session ticket is not issued on a successful resumption and therefore gen_cb will not be called. In TLSv1.3 the default behaviour is to always issue a new ticket on resumption. In both cases this behaviour can be changed if a ticket key callback is in use (see SSL_CTX_set_tlsext_ticket_key_cb(3)).

+ +

RETURN VALUES

+ +

The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata() and SSL_SESSION_get0_ticket_appdata() functions return 1 on success and 0 on failure.

+ +

The gen_cb callback must return 1 to continue the connection. A return of 0 will terminate the connection with an INTERNAL_ERROR alert.

+ +

The dec_cb callback must return a value as described in NOTES above.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_session(3)

+ +

HISTORY

+ +

The SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() and SSL_SESSION_get_ticket_appdata() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_split_send_fragment.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_split_send_fragment.html new file mode 100644 index 00000000..dd5e75db --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_split_send_fragment.html @@ -0,0 +1,150 @@ + + + + +SSL_CTX_set_split_send_fragment + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len, SSL_CTX_set_tlsext_max_fragment_length, SSL_set_tlsext_max_fragment_length, SSL_SESSION_get_max_fragment_length - Control fragment size settings and pipelining operations

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, long);
+long SSL_set_max_send_fragment(SSL *ssl, long m);
+
+long SSL_CTX_set_max_pipelines(SSL_CTX *ctx, long m);
+long SSL_set_max_pipelines(SSL_CTX *ssl, long m);
+
+long SSL_CTX_set_split_send_fragment(SSL_CTX *ctx, long m);
+long SSL_set_split_send_fragment(SSL *ssl, long m);
+
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
+void SSL_set_default_read_buffer_len(SSL *s, size_t len);
+
+int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
+int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
+uint8_t SSL_SESSION_get_max_fragment_length(SSL_SESSION *session);
+ +

DESCRIPTION

+ +

Some engines are able to process multiple simultaneous crypto operations. This capability could be utilised to parallelise the processing of a single connection. For example a single write can be split into multiple records and each one encrypted independently and in parallel. Note: this will only work in TLS1.1+. There is no support in SSLv3, TLSv1.0 or DTLS (any version). This capability is known as "pipelining" within OpenSSL.

+ +

In order to benefit from the pipelining capability. You need to have an engine that provides ciphers that support this. The OpenSSL "dasync" engine provides AES128-SHA based ciphers that have this capability. However these are for development and test purposes only.

+ +

SSL_CTX_set_max_send_fragment() and SSL_set_max_send_fragment() set the max_send_fragment parameter for SSL_CTX and SSL objects respectively. This value restricts the amount of plaintext bytes that will be sent in any one SSL/TLS record. By default its value is SSL3_RT_MAX_PLAIN_LENGTH (16384). These functions will only accept a value in the range 512 - SSL3_RT_MAX_PLAIN_LENGTH.

+ +

SSL_CTX_set_max_pipelines() and SSL_set_max_pipelines() set the maximum number of pipelines that will be used at any one time. This value applies to both "read" pipelining and "write" pipelining. By default only one pipeline will be used (i.e. normal non-parallel operation). The number of pipelines set must be in the range 1 - SSL_MAX_PIPELINES (32). Setting this to a value > 1 will also automatically turn on "read_ahead" (see SSL_CTX_set_read_ahead(3)). This is explained further below. OpenSSL will only every use more than one pipeline if a cipher suite is negotiated that uses a pipeline capable cipher provided by an engine.

+ +

Pipelining operates slightly differently for reading encrypted data compared to writing encrypted data. SSL_CTX_set_split_send_fragment() and SSL_set_split_send_fragment() define how data is split up into pipelines when writing encrypted data. The number of pipelines used will be determined by the amount of data provided to the SSL_write_ex() or SSL_write() call divided by split_send_fragment.

+ +

For example if split_send_fragment is set to 2000 and max_pipelines is 4 then:

+ +

SSL_write/SSL_write_ex called with 0-2000 bytes == 1 pipeline used

+ +

SSL_write/SSL_write_ex called with 2001-4000 bytes == 2 pipelines used

+ +

SSL_write/SSL_write_ex called with 4001-6000 bytes == 3 pipelines used

+ +

SSL_write/SSL_write_ex called with 6001+ bytes == 4 pipelines used

+ +

split_send_fragment must always be less than or equal to max_send_fragment. By default it is set to be equal to max_send_fragment. This will mean that the same number of records will always be created as would have been created in the non-parallel case, although the data will be apportioned differently. In the parallel case data will be spread equally between the pipelines.

+ +

Read pipelining is controlled in a slightly different way than with write pipelining. While reading we are constrained by the number of records that the peer (and the network) can provide to us in one go. The more records we can get in one go the more opportunity we have to parallelise the processing. As noted above when setting max_pipelines to a value greater than one, read_ahead is automatically set. The read_ahead parameter causes OpenSSL to attempt to read as much data into the read buffer as the network can provide and will fit into the buffer. Without this set data is read into the read buffer one record at a time. The more data that can be read, the more opportunity there is for parallelising the processing at the cost of increased memory overhead per connection. Setting read_ahead can impact the behaviour of the SSL_pending() function (see SSL_pending(3)).

+ +

The SSL_CTX_set_default_read_buffer_len() and SSL_set_default_read_buffer_len() functions control the size of the read buffer that will be used. The len parameter sets the size of the buffer. The value will only be used if it is greater than the default that would have been used anyway. The normal default value depends on a number of factors but it will be at least SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD (16704) bytes.

+ +

SSL_CTX_set_tlsext_max_fragment_length() sets the default maximum fragment length negotiation mode via value mode to ctx. This setting affects only SSL instances created after this function is called. It affects the client-side as only its side may initiate this extension use.

+ +

SSL_set_tlsext_max_fragment_length() sets the maximum fragment length negotiation mode via value mode to ssl. This setting will be used during a handshake when extensions are exchanged between client and server. So it only affects SSL sessions created after this function is called. It affects the client-side as only its side may initiate this extension use.

+ +

SSL_SESSION_get_max_fragment_length() gets the maximum fragment length negotiated in session.

+ +

RETURN VALUES

+ +

All non-void functions return 1 on success and 0 on failure.

+ +

NOTES

+ +

The Maximum Fragment Length extension support is optional on the server side. If the server does not support this extension then SSL_SESSION_get_max_fragment_length() will return: TLSEXT_max_fragment_length_DISABLED.

+ +

The following modes are available:

+ +
+ +
TLSEXT_max_fragment_length_DISABLED
+
+ +

Disables Maximum Fragment Length Negotiation (default).

+ +
+
TLSEXT_max_fragment_length_512
+
+ +

Sets Maximum Fragment Length to 512 bytes.

+ +
+
TLSEXT_max_fragment_length_1024
+
+ +

Sets Maximum Fragment Length to 1024.

+ +
+
TLSEXT_max_fragment_length_2048
+
+ +

Sets Maximum Fragment Length to 2048.

+ +
+
TLSEXT_max_fragment_length_4096
+
+ +

Sets Maximum Fragment Length to 4096.

+ +
+
+ +

With the exception of SSL_CTX_set_default_read_buffer_len() SSL_set_default_read_buffer_len(), SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() and SSL_SESSION_get_max_fragment_length() all these functions are implemented using macros.

+ +

SEE ALSO

+ +

SSL_CTX_set_read_ahead(3), SSL_pending(3)

+ +

HISTORY

+ +

The SSL_CTX_set_max_pipelines(), SSL_set_max_pipelines(), SSL_CTX_set_split_send_fragment(), SSL_set_split_send_fragment(), SSL_CTX_set_default_read_buffer_len() and SSL_set_default_read_buffer_len() functions were added in OpenSSL 1.1.0.

+ +

The SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() and SSL_SESSION_get_max_fragment_length() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_ssl_version.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_ssl_version.html new file mode 100644 index 00000000..d44ecd5e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_ssl_version.html @@ -0,0 +1,85 @@ + + + + +SSL_CTX_set_ssl_version + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method - choose a new TLS/SSL method

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method);
+int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
+const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_CTX_set_ssl_version() sets a new default TLS/SSL method for SSL objects newly created from this ctx. SSL objects already created with SSL_new(3) are not affected, except when SSL_clear(3) is being called.

+ +

SSL_set_ssl_method() sets a new TLS/SSL method for a particular ssl object. It may be reset, when SSL_clear() is called.

+ +

SSL_get_ssl_method() returns a function pointer to the TLS/SSL method set in ssl.

+ +

NOTES

+ +

The available method choices are described in SSL_CTX_new(3).

+ +

When SSL_clear(3) is called and no session is connected to an SSL object, the method of the SSL object is reset to the method currently set in the corresponding SSL_CTX object.

+ +

RETURN VALUES

+ +

The following return values can occur for SSL_CTX_set_ssl_version() and SSL_set_ssl_method():

+ +
+ +
0
+
+ +

The new choice failed, check the error stack to find out the reason.

+ +
+
1
+
+ +

The operation succeeded.

+ +
+
+ +

SEE ALSO

+ +

SSL_CTX_new(3), SSL_new(3), SSL_clear(3), ssl(7), SSL_set_connect_state(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html new file mode 100644 index 00000000..e22d5c52 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html @@ -0,0 +1,89 @@ + + + + +SSL_CTX_set_stateless_cookie_generate_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_stateless_cookie_generate_cb, SSL_CTX_set_stateless_cookie_verify_cb, SSL_CTX_set_cookie_generate_cb, SSL_CTX_set_cookie_verify_cb - Callback functions for stateless TLS1.3 cookies

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_stateless_cookie_generate_cb(
+    SSL_CTX *ctx,
+    int (*gen_stateless_cookie_cb) (SSL *ssl,
+                                    unsigned char *cookie,
+                                    size_t *cookie_len));
+void SSL_CTX_set_stateless_cookie_verify_cb(
+    SSL_CTX *ctx,
+    int (*verify_stateless_cookie_cb) (SSL *ssl,
+                                       const unsigned char *cookie,
+                                       size_t cookie_len));
+
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+                                    int (*app_gen_cookie_cb) (SSL *ssl,
+                                                              unsigned char
+                                                              *cookie,
+                                                              unsigned int
+                                                              *cookie_len));
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+                                  int (*app_verify_cookie_cb) (SSL *ssl,
+                                                               const unsigned
+                                                               char *cookie,
+                                                               unsigned int
+                                                               cookie_len));
+ +

DESCRIPTION

+ +

SSL_CTX_set_stateless_cookie_generate_cb() sets the callback used by SSL_stateless(3) to generate the application-controlled portion of the cookie provided to clients in the HelloRetryRequest transmitted as a response to a ClientHello with a missing or invalid cookie. gen_stateless_cookie_cb() must write at most SSL_COOKIE_LENGTH bytes into cookie, and must write the number of bytes written to cookie_len. If a cookie cannot be generated, a zero return value can be used to abort the handshake.

+ +

SSL_CTX_set_stateless_cookie_verify_cb() sets the callback used by SSL_stateless(3) to determine whether the application-controlled portion of a ClientHello cookie is valid. The cookie data is pointed to by cookie and is of length cookie_len. A nonzero return value from verify_stateless_cookie_cb() communicates that the cookie is valid. The integrity of the entire cookie, including the application-controlled portion, is automatically verified by HMAC before verify_stateless_cookie_cb() is called.

+ +

SSL_CTX_set_cookie_generate_cb() sets the callback used by DTLSv1_listen(3) to generate the cookie provided to clients in the HelloVerifyRequest transmitted as a response to a ClientHello with a missing or invalid cookie. app_gen_cookie_cb() must write at most DTLS1_COOKIE_LENGTH bytes into cookie, and must write the number of bytes written to cookie_len. If a cookie cannot be generated, a zero return value can be used to abort the handshake.

+ +

SSL_CTX_set_cookie_verify_cb() sets the callback used by DTLSv1_listen(3) to determine whether the cookie in a ClientHello is valid. The cookie data is pointed to by cookie and is of length cookie_len. A nonzero return value from app_verify_cookie_cb() communicates that the cookie is valid. The integrity of the cookie is not verified by OpenSSL. This is an application responsibility.

+ +

RETURN VALUES

+ +

Neither function returns a value.

+ +

SEE ALSO

+ +

SSL_stateless(3), DTLSv1_listen(3)

+ +

HISTORY

+ +

SSL_CTX_set_stateless_cookie_generate_cb() and SSL_CTX_set_stateless_cookie_verify_cb() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_timeout.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_timeout.html new file mode 100644 index 00000000..632f3b2a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_timeout.html @@ -0,0 +1,74 @@ + + + + +SSL_CTX_set_timeout + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for session caching

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+long SSL_CTX_get_timeout(SSL_CTX *ctx);
+ +

DESCRIPTION

+ +

SSL_CTX_set_timeout() sets the timeout for newly created sessions for ctx to t. The timeout value t must be given in seconds.

+ +

SSL_CTX_get_timeout() returns the currently set timeout value for ctx.

+ +

NOTES

+ +

Whenever a new session is created, it is assigned a maximum lifetime. This lifetime is specified by storing the creation time of the session and the timeout value valid at this time. If the actual time is later than creation time plus timeout, the session is not reused.

+ +

Due to this realization, all sessions behave according to the timeout value valid at the time of the session negotiation. Changes of the timeout value do not affect already established sessions.

+ +

The expiration time of a single session can be modified using the SSL_SESSION_get_time(3) family of functions.

+ +

Expired sessions are removed from the internal session cache, whenever SSL_CTX_flush_sessions(3) is called, either directly by the application or automatically (see SSL_CTX_set_session_cache_mode(3))

+ +

The default value for session timeout is decided on a per protocol basis, see SSL_get_default_timeout(3). All currently supported protocols have the same default timeout value of 300 seconds.

+ +

RETURN VALUES

+ +

SSL_CTX_set_timeout() returns the previously set timeout value.

+ +

SSL_CTX_get_timeout() returns the currently set timeout value.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_session_cache_mode(3), SSL_SESSION_get_time(3), SSL_CTX_flush_sessions(3), SSL_get_default_timeout(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_servername_callback.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_servername_callback.html new file mode 100644 index 00000000..55c9673a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_servername_callback.html @@ -0,0 +1,167 @@ + + + + +SSL_CTX_set_tlsext_servername_callback + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, SSL_get_servername_type, SSL_get_servername, SSL_set_tlsext_host_name - handle server name indication (SNI)

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx,
+                                  int (*cb)(SSL *s, int *al, void *arg));
+long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);
+
+const char *SSL_get_servername(const SSL *s, const int type);
+int SSL_get_servername_type(const SSL *s);
+
+int SSL_set_tlsext_host_name(const SSL *s, const char *name);
+ +

DESCRIPTION

+ +

The functionality provided by the servername callback is mostly superseded by the ClientHello callback, which can be set using SSL_CTX_set_client_hello_cb(). However, even where the ClientHello callback is used, the servername callback is still necessary in order to acknowledge the servername requested by the client.

+ +

SSL_CTX_set_tlsext_servername_callback() sets the application callback cb used by a server to perform any actions or configuration required based on the servername extension received in the incoming connection. When cb is NULL, SNI is not used.

+ +

The servername callback should return one of the following values:

+ +
+ +
SSL_TLSEXT_ERR_OK
+
+ +

This is used to indicate that the servername requested by the client has been accepted. Typically a server will call SSL_set_SSL_CTX() in the callback to set up a different configuration for the selected servername in this case.

+ +
+
SSL_TLSEXT_ERR_ALERT_FATAL
+
+ +

In this case the servername requested by the client is not accepted and the handshake will be aborted. The value of the alert to be used should be stored in the location pointed to by the al parameter to the callback. By default this value is initialised to SSL_AD_UNRECOGNIZED_NAME.

+ +
+
SSL_TLSEXT_ERR_ALERT_WARNING
+
+ +

If this value is returned then the servername is not accepted by the server. However the handshake will continue and send a warning alert instead. The value of the alert should be stored in the location pointed to by the al parameter as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support warning alerts, so if TLSv1.3 has been negotiated then this return value is treated the same way as SSL_TLSEXT_ERR_NOACK.

+ +
+
SSL_TLSEXT_ERR_NOACK
+
+ +

This return value indicates that the servername is not accepted by the server. No alerts are sent and the server will not acknowledge the requested servername.

+ +
+
+ +

SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be passed into the callback (via the arg parameter) for this SSL_CTX.

+ +

The behaviour of SSL_get_servername() depends on a number of different factors. In particular note that in TLSv1.3 the servername is negotiated in every handshake. In TLSv1.2 the servername is only negotiated on initial handshakes and not on resumption handshakes.

+ +
+ +
On the client, before the handshake
+
+ +

If a servername has been set via a call to SSL_set_tlsext_host_name() then it will return that servername.

+ +

If one has not been set, but a TLSv1.2 resumption is being attempted and the session from the original handshake had a servername accepted by the server then it will return that servername.

+ +

Otherwise it returns NULL.

+ +
+
On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred
+
+ +

If the session from the orignal handshake had a servername accepted by the server then it will return that servername.

+ +

Otherwise it returns the servername set via SSL_set_tlsext_host_name() or NULL if it was not called.

+ +
+
On the client, during or after the handshake and a TLSv1.2 (or below) resumption did not occur
+
+ +

It will return the servername set via SSL_set_tlsext_host_name() or NULL if it was not called.

+ +
+
On the server, before the handshake
+
+ +

The function will always return NULL before the handshake

+ +
+
On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred
+
+ +

If a servername was accepted by the server in the original handshake then it will return that servername, or NULL otherwise.

+ +
+
On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur
+
+ +

The function will return the servername requested by the client in this handshake or NULL if none was requested.

+ +
+
+ +

Note that the ClientHello callback occurs before a servername extension from the client is processed. The servername, certificate and ALPN callbacks occur after a servername extension from the client is processed.

+ +

SSL_get_servername_type() returns the servername type or -1 if no servername is present. Currently the only supported type (defined in RFC3546) is TLSEXT_NAMETYPE_host_name.

+ +

SSL_set_tlsext_host_name() sets the server name indication ClientHello extension to contain the value name. The type of server name indication extension is set to TLSEXT_NAMETYPE_host_name (defined in RFC3546).

+ +

NOTES

+ +

Several callbacks are executed during ClientHello processing, including the ClientHello, ALPN, and servername callbacks. The ClientHello callback is executed first, then the servername callback, followed by the ALPN callback.

+ +

The SSL_set_tlsext_host_name() function should only be called on SSL objects that will act as clients; otherwise the configured name will be ignored.

+ +

RETURN VALUES

+ +

SSL_CTX_set_tlsext_servername_callback() and SSL_CTX_set_tlsext_servername_arg() both always return 1 indicating success. SSL_set_tlsext_host_name() returns 1 on success, 0 in case of error.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_alpn_select_cb(3), SSL_get0_alpn_selected(3), SSL_CTX_set_client_hello_cb(3)

+ +

HISTORY

+ +

SSL_get_servername() historically provided some unexpected results in certain corner cases. This has been fixed from OpenSSL 1.1.1e.

+ +

Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2 handshake, the server accepted it, and then the client successfully resumed but set a different explict servername in the second handshake then when called by the client it returned the servername from the second handshake. This has now been changed to return the servername requested in the original handshake.

+ +

Also prior to 1.1.1e, if the client sent a servername in the first handshake but the server did not accept it, and then a second handshake occured where TLSv1.2 resumption was successful then when called by the server it returned the servername requested in the original handshake. This has now been changed to NULL.

+ +

COPYRIGHT

+ +

Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_status_cb.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_status_cb.html new file mode 100644 index 00000000..e8b8127a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_status_cb.html @@ -0,0 +1,87 @@ + + + + +SSL_CTX_set_tlsext_status_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_tlsext_status_cb, SSL_CTX_get_tlsext_status_cb, SSL_CTX_set_tlsext_status_arg, SSL_CTX_get_tlsext_status_arg, SSL_CTX_set_tlsext_status_type, SSL_CTX_get_tlsext_status_type, SSL_set_tlsext_status_type, SSL_get_tlsext_status_type, SSL_get_tlsext_status_ocsp_resp, SSL_set_tlsext_status_ocsp_resp - OCSP Certificate Status Request functions

+ +

SYNOPSIS

+ +
#include <openssl/tls1.h>
+
+long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *));
+long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *));
+
+long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
+long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg);
+
+long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type);
+long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx);
+
+long SSL_set_tlsext_status_type(SSL *s, int type);
+long SSL_get_tlsext_status_type(SSL *s);
+
+long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp);
+long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len);
+ +

DESCRIPTION

+ +

A client application may request that a server send back an OCSP status response (also known as OCSP stapling). To do so the client should call the SSL_CTX_set_tlsext_status_type() function prior to the creation of any SSL objects. Alternatively an application can call the SSL_set_tlsext_status_type() function on an individual SSL object prior to the start of the handshake. Currently the only supported type is TLSEXT_STATUSTYPE_ocsp. This value should be passed in the type argument. Calling SSL_CTX_get_tlsext_status_type() will return the type TLSEXT_STATUSTYPE_ocsp previously set via SSL_CTX_set_tlsext_status_type() or -1 if not set.

+ +

The client should additionally provide a callback function to decide what to do with the returned OCSP response by calling SSL_CTX_set_tlsext_status_cb(). The callback function should determine whether the returned OCSP response is acceptable or not. The callback will be passed as an argument the value previously set via a call to SSL_CTX_set_tlsext_status_arg(). Note that the callback will not be called in the event of a handshake where session resumption occurs (because there are no Certificates exchanged in such a handshake). The callback previously set via SSL_CTX_set_tlsext_status_cb() can be retrieved by calling SSL_CTX_get_tlsext_status_cb(), and the argument by calling SSL_CTX_get_tlsext_status_arg().

+ +

On the client side SSL_get_tlsext_status_type() can be used to determine whether the client has previously called SSL_set_tlsext_status_type(). It will return TLSEXT_STATUSTYPE_ocsp if it has been called or -1 otherwise. On the server side SSL_get_tlsext_status_type() can be used to determine whether the client requested OCSP stapling. If the client requested it then this function will return TLSEXT_STATUSTYPE_ocsp, or -1 otherwise.

+ +

The response returned by the server can be obtained via a call to SSL_get_tlsext_status_ocsp_resp(). The value *resp will be updated to point to the OCSP response data and the return value will be the length of that data. Typically a callback would obtain an OCSP_RESPONSE object from this data via a call to the d2i_OCSP_RESPONSE() function. If the server has not provided any response data then *resp will be NULL and the return value from SSL_get_tlsext_status_ocsp_resp() will be -1.

+ +

A server application must also call the SSL_CTX_set_tlsext_status_cb() function if it wants to be able to provide clients with OCSP Certificate Status responses. Typically the server callback would obtain the server certificate that is being sent back to the client via a call to SSL_get_certificate(); obtain the OCSP response to be sent back; and then set that response data by calling SSL_set_tlsext_status_ocsp_resp(). A pointer to the response data should be provided in the resp argument, and the length of that data should be in the len argument.

+ +

RETURN VALUES

+ +

The callback when used on the client side should return a negative value on error; 0 if the response is not acceptable (in which case the handshake will fail) or a positive value if it is acceptable.

+ +

The callback when used on the server side should return with either SSL_TLSEXT_ERR_OK (meaning that the OCSP response that has been set should be returned), SSL_TLSEXT_ERR_NOACK (meaning that an OCSP response should not be returned) or SSL_TLSEXT_ERR_ALERT_FATAL (meaning that a fatal error has occurred).

+ +

SSL_CTX_set_tlsext_status_cb(), SSL_CTX_set_tlsext_status_arg(), SSL_CTX_set_tlsext_status_type(), SSL_set_tlsext_status_type() and SSL_set_tlsext_status_ocsp_resp() return 0 on error or 1 on success.

+ +

SSL_CTX_get_tlsext_status_type() returns the value previously set by SSL_CTX_set_tlsext_status_type(), or -1 if not set.

+ +

SSL_get_tlsext_status_ocsp_resp() returns the length of the OCSP response data or -1 if there is no OCSP response data.

+ +

SSL_get_tlsext_status_type() returns TLSEXT_STATUSTYPE_ocsp on the client side if SSL_set_tlsext_status_type() was previously called, or on the server side if the client requested OCSP stapling. Otherwise -1 is returned.

+ +

HISTORY

+ +

The SSL_get_tlsext_status_type(), SSL_CTX_get_tlsext_status_type() and SSL_CTX_set_tlsext_status_type() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html new file mode 100644 index 00000000..6116bf59 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html @@ -0,0 +1,175 @@ + + + + +SSL_CTX_set_tlsext_ticket_key_cb + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_tlsext_ticket_key_cb - set a callback for session ticket processing

+ +

SYNOPSIS

+ +
#include <openssl/tls1.h>
+
+long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx,
+    int (*cb)(SSL *s, unsigned char key_name[16],
+              unsigned char iv[EVP_MAX_IV_LENGTH],
+              EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc));
+ +

DESCRIPTION

+ +

SSL_CTX_set_tlsext_ticket_key_cb() sets a callback function cb for handling session tickets for the ssl context sslctx. Session tickets, defined in RFC5077 provide an enhanced session resumption capability where the server implementation is not required to maintain per session state. It only applies to TLS and there is no SSLv3 implementation.

+ +

The callback function cb will be called for every client instigated TLS session when session ticket extension is presented in the TLS hello message. It is the responsibility of this function to create or retrieve the cryptographic parameters and to maintain their state.

+ +

The OpenSSL library uses your callback function to help implement a common TLS ticket construction state according to RFC5077 Section 4 such that per session state is unnecessary and a small set of cryptographic variables needs to be maintained by the callback function implementation.

+ +

In order to reuse a session, a TLS client must send the a session ticket extension to the server. The client can only send exactly one session ticket. The server, through the callback function, either agrees to reuse the session ticket information or it starts a full TLS handshake to create a new session ticket.

+ +

Before the callback function is started ctx and hctx have been initialised with EVP_CIPHER_CTX_reset(3) and HMAC_CTX_reset(3) respectively.

+ +

For new sessions tickets, when the client doesn't present a session ticket, or an attempted retrieval of the ticket failed, or a renew option was indicated, the callback function will be called with enc equal to 1. The OpenSSL library expects that the function will set an arbitrary name, initialize iv, and set the cipher context ctx and the hash context hctx.

+ +

The name is 16 characters long and is used as a key identifier.

+ +

The iv length is the length of the IV of the corresponding cipher. The maximum IV length is EVP_MAX_IV_LENGTH bytes defined in evp.h.

+ +

The initialization vector iv should be a random value. The cipher context ctx should use the initialisation vector iv. The cipher context can be set using EVP_EncryptInit_ex(3). The hmac context can be set using HMAC_Init_ex(3).

+ +

When the client presents a session ticket, the callback function with be called with enc set to 0 indicating that the cb function should retrieve a set of parameters. In this case name and iv have already been parsed out of the session ticket. The OpenSSL library expects that the name will be used to retrieve a cryptographic parameters and that the cryptographic context ctx will be set with the retrieved parameters and the initialization vector iv. using a function like EVP_DecryptInit_ex(3). The hctx needs to be set using HMAC_Init_ex(3).

+ +

If the name is still valid but a renewal of the ticket is required the callback function should return 2. The library will call the callback again with an argument of enc equal to 1 to set the new ticket.

+ +

The return value of the cb function is used by OpenSSL to determine what further processing will occur. The following return values have meaning:

+ +
+ +
2
+
+ +

This indicates that the ctx and hctx have been set and the session can continue on those parameters. Additionally it indicates that the session ticket is in a renewal period and should be replaced. The OpenSSL library will call cb again with an enc argument of 1 to set the new ticket (see RFC5077 3.3 paragraph 2).

+ +
+
1
+
+ +

This indicates that the ctx and hctx have been set and the session can continue on those parameters.

+ +
+
0
+
+ +

This indicates that it was not possible to set/retrieve a session ticket and the SSL/TLS session will continue by negotiating a set of cryptographic parameters or using the alternate SSL/TLS resumption mechanism, session ids.

+ +

If called with enc equal to 0 the library will call the cb again to get a new set of parameters.

+ +
+
less than 0
+
+ +

This indicates an error.

+ +
+
+ +

NOTES

+ +

Session resumption shortcuts the TLS so that the client certificate negotiation don't occur. It makes up for this by storing client certificate an all other negotiated state information encrypted within the ticket. In a resumed session the applications will have all this state information available exactly as if a full negotiation had occurred.

+ +

If an attacker can obtain the key used to encrypt a session ticket, they can obtain the master secret for any ticket using that key and decrypt any traffic using that session: even if the cipher suite supports forward secrecy. As a result applications may wish to use multiple keys and avoid using long term keys stored in files.

+ +

Applications can use longer keys to maintain a consistent level of security. For example if a cipher suite uses 256 bit ciphers but only a 128 bit ticket key the overall security is only 128 bits because breaking the ticket key will enable an attacker to obtain the session keys.

+ +

RETURN VALUES

+ +

returns 0 to indicate the callback function was set.

+ +

EXAMPLES

+ +

Reference Implementation:

+ +
SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb);
+...
+
+static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16],
+                                    unsigned char *iv, EVP_CIPHER_CTX *ctx,
+                                    HMAC_CTX *hctx, int enc)
+{
+    if (enc) { /* create new session */
+        if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0)
+            return -1; /* insufficient random */
+
+        key = currentkey(); /* something that you need to implement */
+        if (key == NULL) {
+            /* current key doesn't exist or isn't valid */
+            key = createkey(); /*
+                                * Something that you need to implement.
+                                * createkey needs to initialise a name,
+                                * an aes_key, a hmac_key and optionally
+                                * an expire time.
+                                */
+            if (key == NULL) /* key couldn't be created */
+                return 0;
+        }
+        memcpy(key_name, key->name, 16);
+
+        EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
+        HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
+
+        return 1;
+
+    } else { /* retrieve session */
+        key = findkey(name);
+
+        if (key == NULL || key->expire < now())
+            return 0;
+
+        HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
+        EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
+
+        if (key->expire < now() - RENEW_TIME) {
+            /*
+             * return 2 - This session will get a new ticket even though the
+             * current one is still valid.
+             */
+            return 2;
+        }
+        return 1;
+    }
+}
+ +

SEE ALSO

+ +

ssl(7), SSL_set_session(3), SSL_session_reused(3), SSL_CTX_add_session(3), SSL_CTX_sess_number(3), SSL_CTX_sess_set_get_cb(3), SSL_CTX_set_session_id_context(3),

+ +

COPYRIGHT

+ +

Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_use_srtp.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_use_srtp.html new file mode 100644 index 00000000..e4db222c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_use_srtp.html @@ -0,0 +1,106 @@ + + + + +SSL_CTX_set_tlsext_use_srtp + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_tlsext_use_srtp, SSL_set_tlsext_use_srtp, SSL_get_srtp_profiles, SSL_get_selected_srtp_profile - Configure and query SRTP support

+ +

SYNOPSIS

+ +
#include <openssl/srtp.h>
+
+int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
+int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles);
+
+STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
+SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
+ +

DESCRIPTION

+ +

SRTP is the Secure Real-Time Transport Protocol. OpenSSL implements support for the "use_srtp" DTLS extension defined in RFC5764. This provides a mechanism for establishing SRTP keying material, algorithms and parameters using DTLS. This capability may be used as part of an implementation that conforms to RFC5763. OpenSSL does not implement SRTP itself or RFC5763. Note that OpenSSL does not support the use of SRTP Master Key Identifiers (MKIs). Also note that this extension is only supported in DTLS. Any SRTP configuration will be ignored if a TLS connection is attempted.

+ +

An OpenSSL client wishing to send the "use_srtp" extension should call SSL_CTX_set_tlsext_use_srtp() to set its use for all SSL objects subsequently created from an SSL_CTX. Alternatively a client may call SSL_set_tlsext_use_srtp() to set its use for an individual SSL object. The profiles parameters should point to a NUL-terminated, colon delimited list of SRTP protection profile names.

+ +

The currently supported protection profile names are:

+ +
+ +
SRTP_AES128_CM_SHA1_80
+
+ +

This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC5764.

+ +
+
SRTP_AES128_CM_SHA1_32
+
+ +

This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC5764.

+ +
+
SRTP_AEAD_AES_128_GCM
+
+ +

This corresponds to the profile of the same name defined in RFC7714.

+ +
+
SRTP_AEAD_AES_256_GCM
+
+ +

This corresponds to the profile of the same name defined in RFC7714.

+ +
+
+ +

Supplying an unrecognised protection profile name will result in an error.

+ +

An OpenSSL server wishing to support the "use_srtp" extension should also call SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() to indicate the protection profiles that it is willing to negotiate.

+ +

The currently configured list of protection profiles for either a client or a server can be obtained by calling SSL_get_srtp_profiles(). This returns a stack of SRTP_PROTECTION_PROFILE objects. The memory pointed to in the return value of this function should not be freed by the caller.

+ +

After a handshake has been completed the negotiated SRTP protection profile (if any) can be obtained (on the client or the server) by calling SSL_get_selected_srtp_profile(). This function will return NULL if no SRTP protection profile was negotiated. The memory returned from this function should not be freed by the caller.

+ +

If an SRTP protection profile has been successfully negotiated then the SRTP keying material (on both the client and server) should be obtained via a call to SSL_export_keying_material(3). This call should provide a label value of "EXTRACTOR-dtls_srtp" and a NULL context value (use_context is 0). The total length of keying material obtained should be equal to two times the sum of the master key length and the salt length as defined for the protection profile in use. This provides the client write master key, the server write master key, the client write master salt and the server write master salt in that order.

+ +

RETURN VALUES

+ +

SSL_CTX_set_tlsext_use_srtp() and SSL_set_tlsext_use_srtp() return 0 on success or 1 on error.

+ +

SSL_get_srtp_profiles() returns a stack of SRTP_PROTECTION_PROFILE objects on success or NULL on error or if no protection profiles have been configured.

+ +

SSL_get_selected_srtp_profile() returns a pointer to an SRTP_PROTECTION_PROFILE object if one has been negotiated or NULL otherwise.

+ +

SEE ALSO

+ +

SSL_export_keying_material(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_tmp_dh_callback.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_tmp_dh_callback.html new file mode 100644 index 00000000..1cdbef51 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_tmp_dh_callback.html @@ -0,0 +1,119 @@ + + + + +SSL_CTX_set_tmp_dh_callback + + + + + + + + + + +

NAME

+ +

SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral key exchange

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+                                 DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
+                                                        int keylength));
+long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
+
+void SSL_set_tmp_dh_callback(SSL *ctx,
+                             DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
+                                                    int keylength));
+long SSL_set_tmp_dh(SSL *ssl, DH *dh)
+ +

DESCRIPTION

+ +

SSL_CTX_set_tmp_dh_callback() sets the callback function for ctx to be used when a DH parameters are required to tmp_dh_callback. The callback is inherited by all ssl objects created from ctx.

+ +

SSL_CTX_set_tmp_dh() sets DH parameters to be used to be dh. The key is inherited by all ssl objects created from ctx.

+ +

SSL_set_tmp_dh_callback() sets the callback only for ssl.

+ +

SSL_set_tmp_dh() sets the parameters only for ssl.

+ +

These functions apply to SSL/TLS servers only.

+ +

NOTES

+ +

When using a cipher with RSA authentication, an ephemeral DH key exchange can take place. Ciphers with DSA keys always use ephemeral DH keys as well. In these cases, the session data are negotiated using the ephemeral/temporary DH key and the key supplied and certified by the certificate chain is only used for signing. Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.

+ +

Using ephemeral DH key exchange yields forward secrecy, as the connection can only be decrypted, when the DH key is known. By generating a temporary DH key inside the server application that is lost when the application is left, it becomes impossible for an attacker to decrypt past sessions, even if he gets hold of the normal (certified) key, as this key was only used for signing.

+ +

In order to perform a DH key exchange the server must use a DH group (DH parameters) and generate a DH key. The server will always generate a new DH key during the negotiation.

+ +

As generating DH parameters is extremely time consuming, an application should not generate the parameters on the fly but supply the parameters. DH parameters can be reused, as the actual key is newly generated during the negotiation. The risk in reusing DH parameters is that an attacker may specialize on a very often used DH group. Applications should therefore generate their own DH parameters during the installation process using the openssl dhparam(1) application. This application guarantees that "strong" primes are used.

+ +

Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current version of the OpenSSL distribution contain the 'SKIP' DH parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the -C option of the dhparam(1) application. Generation of custom DH parameters during installation should still be preferred to stop an attacker from specializing on a commonly used group. File dh1024.pem contains old parameters that must not be used by applications.

+ +

An application may either directly specify the DH parameters or can supply the DH parameters via a callback function.

+ +

Previous versions of the callback used is_export and keylength parameters to control parameter generation for export and non-export cipher suites. Modern servers that do not support export cipher suites are advised to either use SSL_CTX_set_tmp_dh() or alternatively, use the callback but ignore keylength and is_export and simply supply at least 2048-bit parameters in the callback.

+ +

RETURN VALUES

+ +

SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return diagnostic output.

+ +

SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0 on failure. Check the error queue to find out the reason of failure.

+ +

EXAMPLES

+ +

Setup DH parameters with a key length of 2048 bits. (Error handling partly left out.)

+ +

Command-line parameter generation:

+ +
$ openssl dhparam -out dh_param_2048.pem 2048
+ +

Code for setting up parameters during server initialization:

+ +
SSL_CTX ctx = SSL_CTX_new();
+
+DH *dh_2048 = NULL;
+FILE *paramfile = fopen("dh_param_2048.pem", "r");
+
+if (paramfile) {
+    dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+    fclose(paramfile);
+} else {
+    /* Error. */
+}
+if (dh_2048 == NULL)
+    /* Error. */
+if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1)
+    /* Error. */
+...
+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_cipher_list(3), SSL_CTX_set_options(3), ciphers(1), dhparam(1)

+ +

COPYRIGHT

+ +

Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_verify.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_verify.html new file mode 100644 index 00000000..1f41ec04 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_set_verify.html @@ -0,0 +1,264 @@ + + + + +SSL_CTX_set_verify + + + + + + + + + + +

NAME

+ +

SSL_get_ex_data_X509_STORE_CTX_idx, SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth, SSL_verify_cb, SSL_verify_client_post_handshake, SSL_set_post_handshake_auth, SSL_CTX_set_post_handshake_auth - set peer certificate verification parameters

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
+
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback);
+void SSL_set_verify(SSL *ssl, int mode, SSL_verify_cb verify_callback);
+SSL_get_ex_data_X509_STORE_CTX_idx(void);
+
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
+void SSL_set_verify_depth(SSL *ssl, int depth);
+
+int SSL_verify_client_post_handshake(SSL *ssl);
+void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val);
+void SSL_set_post_handshake_auth(SSL *ssl, int val);
+ +

DESCRIPTION

+ +

SSL_CTX_set_verify() sets the verification flags for ctx to be mode and specifies the verify_callback function to be used. If no callback function shall be specified, the NULL pointer can be used for verify_callback.

+ +

SSL_set_verify() sets the verification flags for ssl to be mode and specifies the verify_callback function to be used. If no callback function shall be specified, the NULL pointer can be used for verify_callback. In this case last verify_callback set specifically for this ssl remains. If no special callback was set before, the default callback for the underlying ctx is used, that was valid at the time ssl was created with SSL_new(3). Within the callback function, SSL_get_ex_data_X509_STORE_CTX_idx can be called to get the data index of the current SSL object that is doing the verification.

+ +

SSL_CTX_set_verify_depth() sets the maximum depth for the certificate chain verification that shall be allowed for ctx.

+ +

SSL_set_verify_depth() sets the maximum depth for the certificate chain verification that shall be allowed for ssl.

+ +

SSL_CTX_set_post_handshake_auth() and SSL_set_post_handshake_auth() enable the Post-Handshake Authentication extension to be added to the ClientHello such that post-handshake authentication can be requested by the server. If val is 0 then the extension is not sent, otherwise it is. By default the extension is not sent. A certificate callback will need to be set via SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization.

+ +

SSL_verify_client_post_handshake() causes a CertificateRequest message to be sent by a server on the given ssl connection. The SSL_VERIFY_PEER flag must be set; the SSL_VERIFY_POST_HANDSHAKE flag is optional.

+ +

NOTES

+ +

The verification of certificates can be controlled by a set of logically or'ed mode flags:

+ +
+ +
SSL_VERIFY_NONE
+
+ +

Server mode: the server will not send a client certificate request to the client, so the client will not send a certificate.

+ +

Client mode: if not using an anonymous cipher (by default disabled), the server will send a certificate which will be checked. The result of the certificate verification process can be checked after the TLS/SSL handshake using the SSL_get_verify_result(3) function. The handshake will be continued regardless of the verification result.

+ +
+
SSL_VERIFY_PEER
+
+ +

Server mode: the server sends a client certificate request to the client. The certificate returned (if any) is checked. If the verification process fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. The behaviour can be controlled by the additional SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSL_VERIFY_CLIENT_ONCE and SSL_VERIFY_POST_HANDSHAKE flags.

+ +

Client mode: the server certificate is verified. If the verification process fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. If no server certificate is sent, because an anonymous cipher is used, SSL_VERIFY_PEER is ignored.

+ +
+
SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+
+ +

Server mode: if the client did not return a certificate, the TLS/SSL handshake is immediately terminated with a "handshake failure" alert. This flag must be used together with SSL_VERIFY_PEER.

+ +

Client mode: ignored (see BUGS)

+ +
+
SSL_VERIFY_CLIENT_ONCE
+
+ +

Server mode: only request a client certificate once during the connection. Do not ask for a client certificate again during renegotiation or post-authentication if a certificate was requested during the initial handshake. This flag must be used together with SSL_VERIFY_PEER.

+ +

Client mode: ignored (see BUGS)

+ +
+
SSL_VERIFY_POST_HANDSHAKE
+
+ +

Server mode: the server will not send a client certificate request during the initial handshake, but will send the request via SSL_verify_client_post_handshake(). This allows the SSL_CTX or SSL to be configured for post-handshake peer verification before the handshake occurs. This flag must be used together with SSL_VERIFY_PEER. TLSv1.3 only; no effect on pre-TLSv1.3 connections.

+ +

Client mode: ignored (see BUGS)

+ +
+
+ +

If the mode is SSL_VERIFY_NONE none of the other flags may be set.

+ +

The actual verification procedure is performed either using the built-in verification procedure or using another application provided verification function set with SSL_CTX_set_cert_verify_callback(3). The following descriptions apply in the case of the built-in procedure. An application provided procedure also has access to the verify depth information and the verify_callback() function, but the way this information is used may be different.

+ +

SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set a limit on the number of certificates between the end-entity and trust-anchor certificates. Neither the end-entity nor the trust-anchor certificates count against depth. If the certificate chain needed to reach a trusted issuer is longer than depth+2, X509_V_ERR_CERT_CHAIN_TOO_LONG will be issued. The depth count is "level 0:peer certificate", "level 1: CA certificate", "level 2: higher level CA certificate", and so on. Setting the maximum depth to 2 allows the levels 0, 1, 2 and 3 (0 being the end-entity and 3 the trust-anchor). The default depth limit is 100, allowing for the peer certificate, at most 100 intermediate CA certificates and a final trust anchor certificate.

+ +

The verify_callback function is used to control the behaviour when the SSL_VERIFY_PEER flag is set. It must be supplied by the application and receives two arguments: preverify_ok indicates, whether the verification of the certificate in question was passed (preverify_ok=1) or not (preverify_ok=0). x509_ctx is a pointer to the complete context used for the certificate chain verification.

+ +

The certificate chain is checked starting with the deepest nesting level (the root CA certificate) and worked upward to the peer's certificate. At each level signatures and issuer attributes are checked. Whenever a verification error is found, the error number is stored in x509_ctx and verify_callback is called with preverify_ok=0. By applying X509_CTX_store_* functions verify_callback can locate the certificate in question and perform additional steps (see EXAMPLES). If no error is found for a certificate, verify_callback is called with preverify_ok=1 before advancing to the next level.

+ +

The return value of verify_callback controls the strategy of the further verification process. If verify_callback returns 0, the verification process is immediately stopped with "verification failed" state. If SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and the TLS/SSL handshake is terminated. If verify_callback returns 1, the verification process is continued. If verify_callback always returns 1, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. The calling process can however retrieve the error code of the last verification error using SSL_get_verify_result(3) or by maintaining its own error storage managed by verify_callback.

+ +

If no verify_callback is specified, the default callback will be used. Its return value is identical to preverify_ok, so that any verification failure will lead to a termination of the TLS/SSL handshake with an alert message, if SSL_VERIFY_PEER is set.

+ +

After calling SSL_set_post_handshake_auth(), the client will need to add a certificate or certificate callback to its configuration before it can successfully authenticate. This must be called before SSL_connect().

+ +

SSL_verify_client_post_handshake() requires that verify flags have been previously set, and that a client sent the post-handshake authentication extension. When the client returns a certificate the verify callback will be invoked. A write operation must take place for the Certificate Request to be sent to the client, this can be done with SSL_do_handshake() or SSL_write_ex(). Only one certificate request may be outstanding at any time.

+ +

When post-handshake authentication occurs, a refreshed NewSessionTicket message is sent to the client.

+ +

BUGS

+ +

In client mode, it is not checked whether the SSL_VERIFY_PEER flag is set, but whether any flags other than SSL_VERIFY_NONE are set. This can lead to unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as required.

+ +

RETURN VALUES

+ +

The SSL*_set_verify*() functions do not provide diagnostic information.

+ +

The SSL_verify_client_post_handshake() function returns 1 if the request succeeded, and 0 if the request failed. The error stack can be examined to determine the failure reason.

+ +

EXAMPLES

+ +

The following code sequence realizes an example verify_callback function that will always continue the TLS/SSL handshake regardless of verification failure, if wished. The callback realizes a verification depth limit with more informational output.

+ +

All verification errors are printed; information about the certificate chain is printed on request. The example is realized for a server that does allow but not require client certificates.

+ +

The example makes use of the ex_data technique to store application data into/retrieve application data from the SSL structure (see CRYPTO_get_ex_new_index(3), SSL_get_ex_data_X509_STORE_CTX_idx(3)).

+ +
...
+typedef struct {
+  int verbose_mode;
+  int verify_depth;
+  int always_continue;
+} mydata_t;
+int mydata_index;
+
+...
+static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
+{
+    char    buf[256];
+    X509   *err_cert;
+    int     err, depth;
+    SSL    *ssl;
+    mydata_t *mydata;
+
+    err_cert = X509_STORE_CTX_get_current_cert(ctx);
+    err = X509_STORE_CTX_get_error(ctx);
+    depth = X509_STORE_CTX_get_error_depth(ctx);
+
+    /*
+     * Retrieve the pointer to the SSL of the connection currently treated
+     * and the application specific data stored into the SSL object.
+     */
+    ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+    mydata = SSL_get_ex_data(ssl, mydata_index);
+
+    X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
+
+    /*
+     * Catch a too long certificate chain. The depth limit set using
+     * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
+     * that whenever the "depth>verify_depth" condition is met, we
+     * have violated the limit and want to log this error condition.
+     * We must do it here, because the CHAIN_TOO_LONG error would not
+     * be found explicitly; only errors introduced by cutting off the
+     * additional certificates would be logged.
+     */
+    if (depth > mydata->verify_depth) {
+        preverify_ok = 0;
+        err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+        X509_STORE_CTX_set_error(ctx, err);
+    }
+    if (!preverify_ok) {
+        printf("verify error:num=%d:%s:depth=%d:%s\n", err,
+               X509_verify_cert_error_string(err), depth, buf);
+    } else if (mydata->verbose_mode) {
+        printf("depth=%d:%s\n", depth, buf);
+    }
+
+    /*
+     * At this point, err contains the last verification error. We can use
+     * it for something special
+     */
+    if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
+        X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256);
+        printf("issuer= %s\n", buf);
+    }
+
+    if (mydata->always_continue)
+        return 1;
+    else
+        return preverify_ok;
+}
+...
+
+mydata_t mydata;
+
+...
+mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
+
+...
+SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
+                   verify_callback);
+
+/*
+ * Let the verify_callback catch the verify_depth error so that we get
+ * an appropriate error in the logfile.
+ */
+SSL_CTX_set_verify_depth(verify_depth + 1);
+
+/*
+ * Set up the SSL specific data into "mydata" and store it into th SSL
+ * structure.
+ */
+mydata.verify_depth = verify_depth; ...
+SSL_set_ex_data(ssl, mydata_index, &mydata);
+
+...
+SSL_accept(ssl);       /* check of success left out for clarity */
+if (peer = SSL_get_peer_certificate(ssl)) {
+    if (SSL_get_verify_result(ssl) == X509_V_OK) {
+        /* The client sent a certificate which verified OK */
+    }
+}
+ +

SEE ALSO

+ +

ssl(7), SSL_new(3), SSL_CTX_get_verify_mode(3), SSL_get_verify_result(3), SSL_CTX_load_verify_locations(3), SSL_get_peer_certificate(3), SSL_CTX_set_cert_verify_callback(3), SSL_get_ex_data_X509_STORE_CTX_idx(3), SSL_CTX_set_client_cert_cb(3), CRYPTO_get_ex_new_index(3)

+ +

HISTORY

+ +

The SSL_VERIFY_POST_HANDSHAKE option, and the SSL_verify_client_post_handshake() and SSL_set_post_handshake_auth() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_use_certificate.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_use_certificate.html new file mode 100644 index 00000000..3bc55103 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_use_certificate.html @@ -0,0 +1,121 @@ + + + + +SSL_CTX_use_certificate + + + + + + + + + + +

NAME

+ +

SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, SSL_CTX_use_cert_and_key, SSL_use_cert_and_key - load certificate and key data

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+int SSL_use_certificate(SSL *ssl, X509 *x);
+int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
+int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
+
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d,
+                                long len);
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len);
+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+
+int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+int SSL_check_private_key(const SSL *ssl);
+
+int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);
+int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);
+ +

DESCRIPTION

+ +

These functions load the certificates and private keys into the SSL_CTX or SSL object, respectively.

+ +

The SSL_CTX_* class of functions loads the certificates and keys into the SSL_CTX object ctx. The information is passed to SSL objects ssl created from ctx with SSL_new(3) by copying, so that changes applied to ctx do not propagate to already existing SSL objects.

+ +

The SSL_* class of functions only loads certificates and keys into a specific SSL object. The specific information is kept, when SSL_clear(3) is called for this SSL object.

+ +

SSL_CTX_use_certificate() loads the certificate x into ctx, SSL_use_certificate() loads x into ssl. The rest of the certificates needed to form the complete certificate chain can be specified using the SSL_CTX_add_extra_chain_cert(3) function.

+ +

SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from the memory location d (with length len) into ctx, SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into ssl.

+ +

SSL_CTX_use_certificate_file() loads the first certificate stored in file into ctx. The formatting type of the certificate must be specified from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. SSL_use_certificate_file() loads the certificate from file into ssl. See the NOTES section on why SSL_CTX_use_certificate_chain_file() should be preferred.

+ +

SSL_CTX_use_certificate_chain_file() loads a certificate chain from file into ctx. The certificates must be in PEM format and must be sorted starting with the subject's certificate (actual client or server certificate), followed by intermediate CA certificates if applicable, and ending at the highest level (root) CA. SSL_use_certificate_chain_file() is similar except it loads the certificate chain into ssl.

+ +

SSL_CTX_use_PrivateKey() adds pkey as private key to ctx. SSL_CTX_use_RSAPrivateKey() adds the private key rsa of type RSA to ctx. SSL_use_PrivateKey() adds pkey as private key to ssl; SSL_use_RSAPrivateKey() adds rsa as private key of type RSA to ssl. If a certificate has already been set and the private does not belong to the certificate an error is returned. To change a certificate, private key pair the new certificate needs to be set with SSL_use_certificate() or SSL_CTX_use_certificate() before setting the private key with SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey().

+ +

SSL_CTX_use_cert_and_key() and SSL_use_cert_and_key() assign the X.509 certificate x, private key key, and certificate chain onto the corresponding ssl or ctx. The pkey argument must be the private key of the X.509 certificate x. If the override argument is 0, then x, pkey and chain are set only if all were not previously set. If override is non-0, then the certificate, private key and chain certs are always set. If pkey is NULL, then the public key of x is used as the private key. This is intended to be used with hardware (via the ENGINE interface) that stores the private key securely, such that it cannot be accessed by OpenSSL. The reference count of the public key is incremented (twice if there is no private key); it is not copied nor duplicated. This allows all private key validations checks to succeed without an actual private key being assigned via SSL_CTX_use_PrivateKey(), etc.

+ +

SSL_CTX_use_PrivateKey_ASN1() adds the private key of type pk stored at memory location d (length len) to ctx. SSL_CTX_use_RSAPrivateKey_ASN1() adds the private key of type RSA stored at memory location d (length len) to ctx. SSL_use_PrivateKey_ASN1() and SSL_use_RSAPrivateKey_ASN1() add the private key to ssl.

+ +

SSL_CTX_use_PrivateKey_file() adds the first private key found in file to ctx. The formatting type of the private key must be specified from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. SSL_CTX_use_RSAPrivateKey_file() adds the first private RSA key found in file to ctx. SSL_use_PrivateKey_file() adds the first private key found in file to ssl; SSL_use_RSAPrivateKey_file() adds the first private RSA key found to ssl.

+ +

SSL_CTX_check_private_key() checks the consistency of a private key with the corresponding certificate loaded into ctx. If more than one key/certificate pair (RSA/DSA) is installed, the last item installed will be checked. If e.g. the last item was a RSA certificate or key, the RSA key/certificate pair will be checked. SSL_check_private_key() performs the same check for ssl. If no key/certificate was explicitly added for this ssl, the last item added into ctx will be checked.

+ +

NOTES

+ +

The internal certificate store of OpenSSL can hold several private key/certificate pairs at a time. The certificate used depends on the cipher selected, see also SSL_CTX_set_cipher_list(3).

+ +

When reading certificates and private keys from file, files of type SSL_FILETYPE_ASN1 (also known as DER, binary encoding) can only contain one certificate or private key, consequently SSL_CTX_use_certificate_chain_file() is only applicable to PEM formatting. Files of type SSL_FILETYPE_PEM can contain more than one item.

+ +

SSL_CTX_use_certificate_chain_file() adds the first certificate found in the file to the certificate store. The other certificates are added to the store of chain certificates using SSL_CTX_add1_chain_cert(3). Note: versions of OpenSSL before 1.0.2 only had a single certificate chain store for all certificate types, OpenSSL 1.0.2 and later have a separate chain store for each type. SSL_CTX_use_certificate_chain_file() should be used instead of the SSL_CTX_use_certificate_file() function in order to allow the use of complete certificate chains even when no trusted CA storage is used or when the CA issuing the certificate shall not be added to the trusted CA storage.

+ +

If additional certificates are needed to complete the chain during the TLS negotiation, CA certificates are additionally looked up in the locations of trusted CA certificates, see SSL_CTX_load_verify_locations(3).

+ +

The private keys loaded from file can be encrypted. In order to successfully load encrypted keys, a function returning the passphrase must have been supplied, see SSL_CTX_set_default_passwd_cb(3). (Certificate files might be encrypted as well from the technical point of view, it however does not make sense as the data in the certificate is considered public anyway.)

+ +

All of the functions to set a new certificate will replace any existing certificate of the same type that has already been set. Similarly all of the functions to set a new private key will replace any private key that has already been set. Applications should call SSL_CTX_check_private_key(3) or SSL_check_private_key(3) as appropriate after loading a new certificate and private key to confirm that the certificate and key match.

+ +

RETURN VALUES

+ +

On success, the functions return 1. Otherwise check out the error stack to find out the reason.

+ +

SEE ALSO

+ +

ssl(7), SSL_new(3), SSL_clear(3), SSL_CTX_load_verify_locations(3), SSL_CTX_set_default_passwd_cb(3), SSL_CTX_set_cipher_list(3), SSL_CTX_set_client_CA_list(3), SSL_CTX_set_client_cert_cb(3), SSL_CTX_add_extra_chain_cert(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_use_psk_identity_hint.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_use_psk_identity_hint.html new file mode 100644 index 00000000..01507c96 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_use_psk_identity_hint.html @@ -0,0 +1,126 @@ + + + + +SSL_CTX_use_psk_identity_hint + + + + + + + + + + +

NAME

+ +

SSL_psk_server_cb_func, SSL_psk_find_session_cb_func, SSL_CTX_use_psk_identity_hint, SSL_use_psk_identity_hint, SSL_CTX_set_psk_server_callback, SSL_set_psk_server_callback, SSL_CTX_set_psk_find_session_callback, SSL_set_psk_find_session_callback - set PSK identity hint to use

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl,
+                                            const unsigned char *identity,
+                                            size_t identity_len,
+                                            SSL_SESSION **sess);
+
+
+void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
+                                           SSL_psk_find_session_cb_func cb);
+void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb);
+
+typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl,
+                                               const char *identity,
+                                               unsigned char *psk,
+                                               unsigned int max_psk_len);
+
+int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);
+int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
+
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
+void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);
+ +

DESCRIPTION

+ +

A server application wishing to use TLSv1.3 PSKs should set a callback using either SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback() as appropriate.

+ +

The callback function is given a pointer to the SSL connection in ssl and an identity in identity of length identity_len. The callback function should identify an SSL_SESSION object that provides the PSK details and store it in *sess. The SSL_SESSION object should, as a minimum, set the master key, the ciphersuite and the protocol version. See SSL_CTX_set_psk_use_session_callback(3) for details.

+ +

It is also possible for the callback to succeed but not supply a PSK. In this case no PSK will be used but the handshake will continue. To do this the callback should return successfully and ensure that *sess is NULL.

+ +

Identity hints are not relevant for TLSv1.3. A server application wishing to use PSK ciphersuites for TLSv1.2 and below may call SSL_CTX_use_psk_identity_hint() to set the given NUL-terminated PSK identity hint hint for SSL context object ctx. SSL_use_psk_identity_hint() sets the given NUL-terminated PSK identity hint hint for the SSL connection object ssl. If hint is NULL the current hint from ctx or ssl is deleted.

+ +

In the case where PSK identity hint is NULL, the server does not send the ServerKeyExchange message to the client.

+ +

A server application wishing to use PSKs for TLSv1.2 and below must provide a callback function which is called when the server receives the ClientKeyExchange message from the client. The purpose of the callback function is to validate the received PSK identity and to fetch the pre-shared key used during the connection setup phase. The callback is set using the functions SSL_CTX_set_psk_server_callback() or SSL_set_psk_server_callback(). The callback function is given the connection in parameter ssl, NUL-terminated PSK identity sent by the client in parameter identity, and a buffer psk of length max_psk_len bytes where the pre-shared key is to be stored.

+ +

The callback for use in TLSv1.2 will also work in TLSv1.3 although it is recommended to use SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback() for this purpose instead. If TLSv1.3 has been negotiated then OpenSSL will first check to see if a callback has been set via SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback() and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via SSL_CTX_set_psk_server_callback() or SSL_set_psk_server_callback() and use that. In this case the handshake digest will default to SHA-256 for any returned PSK.

+ +

NOTES

+ +

A connection established via a TLSv1.3 PSK will appear as if session resumption has occurred so that SSL_session_reused(3) will return true.

+ +

RETURN VALUES

+ +

SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return 1 on success, 0 otherwise.

+ +

Return values from the TLSv1.2 and below server callback are interpreted as follows:

+ +
+ +
0
+
+ +

PSK identity was not found. An "unknown_psk_identity" alert message will be sent and the connection setup fails.

+ +
+
>0
+
+ +

PSK identity was found and the server callback has provided the PSK successfully in parameter psk. Return value is the length of psk in bytes. It is an error to return a value greater than max_psk_len.

+ +

If the PSK identity was not found but the callback instructs the protocol to continue anyway, the callback must provide some random data to psk and return the length of the random data, so the connection will fail with decryption_error before it will be finished completely.

+ +
+
+ +

The SSL_psk_find_session_cb_func callback should return 1 on success or 0 on failure. In the event of failure the connection setup fails.

+ +

NOTES

+ +

There are no known security issues with sharing the same PSK between TLSv1.2 (or below) and TLSv1.3. However the RFC has this note of caution:

+ +

"While there is no known way in which the same PSK might produce related output in both versions, only limited analysis has been done. Implementations can ensure safety from cross-protocol related output by not reusing PSKs between TLS 1.3 and TLS 1.2."

+ +

SEE ALSO

+ +

SSL_CTX_set_psk_use_session_callback(3), SSL_set_psk_use_session_callback(3)

+ +

HISTORY

+ +

SSL_CTX_set_psk_find_session_callback() and SSL_set_psk_find_session_callback() were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_use_serverinfo.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_use_serverinfo.html new file mode 100644 index 00000000..77b2532a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_CTX_use_serverinfo.html @@ -0,0 +1,73 @@ + + + + +SSL_CTX_use_serverinfo + + + + + + + + + + +

NAME

+ +

SSL_CTX_use_serverinfo_ex, SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file - use serverinfo extension

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
+                              const unsigned char *serverinfo,
+                              size_t serverinfo_length);
+
+int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+                           size_t serverinfo_length);
+
+int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
+ +

DESCRIPTION

+ +

These functions load "serverinfo" TLS extensions into the SSL_CTX. A "serverinfo" extension is returned in response to an empty ClientHello Extension.

+ +

SSL_CTX_use_serverinfo_ex() loads one or more serverinfo extensions from a byte array into ctx. The version parameter specifies the format of the byte array provided in *serverinfo which is of length serverinfo_length.

+ +

If version is SSL_SERVERINFOV2 then the extensions in the array must consist of a 4-byte context, a 2-byte Extension Type, a 2-byte length, and then length bytes of extension_data. The context and type values have the same meaning as for SSL_CTX_add_custom_ext(3). If serverinfo is being loaded for extensions to be added to a Certificate message, then the extension will only be added for the first certificate in the message (which is always the end-entity certificate).

+ +

If version is SSL_SERVERINFOV1 then the extensions in the array must consist of a 2-byte Extension Type, a 2-byte length, and then length bytes of extension_data. The type value has the same meaning as for SSL_CTX_add_custom_ext(3). The following default context value will be used in this case:

+ +
SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO
+| SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION
+ +

SSL_CTX_use_serverinfo() does the same thing as SSL_CTX_use_serverinfo_ex() except that there is no version parameter so a default version of SSL_SERVERINFOV1 is used instead.

+ +

SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from file into ctx. The extensions must be in PEM format. Each extension must be in a format as described above for SSL_CTX_use_serverinfo_ex(). Each PEM extension name must begin with the phrase "BEGIN SERVERINFOV2 FOR " for SSL_SERVERINFOV2 data or "BEGIN SERVERINFO FOR " for SSL_SERVERINFOV1 data.

+ +

If more than one certificate (RSA/DSA) is installed using SSL_CTX_use_certificate(), the serverinfo extension will be loaded into the last certificate installed. If e.g. the last item was a RSA certificate, the loaded serverinfo extension data will be loaded for that certificate. To use the serverinfo extension for multiple certificates, SSL_CTX_use_serverinfo() needs to be called multiple times, once after each time a certificate is loaded via a call to SSL_CTX_use_certificate().

+ +

RETURN VALUES

+ +

On success, the functions return 1. On failure, the functions return 0. Check out the error stack to find out the reason.

+ +

COPYRIGHT

+ +

Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_free.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_free.html new file mode 100644 index 00000000..4ea50ff1 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_free.html @@ -0,0 +1,79 @@ + + + + +SSL_SESSION_free + + + + + + + + + + +

NAME

+ +

SSL_SESSION_new, SSL_SESSION_dup, SSL_SESSION_up_ref, SSL_SESSION_free - create, free and manage SSL_SESSION structures

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL_SESSION *SSL_SESSION_new(void);
+SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src);
+int SSL_SESSION_up_ref(SSL_SESSION *ses);
+void SSL_SESSION_free(SSL_SESSION *session);
+ +

DESCRIPTION

+ +

SSL_SESSION_new() creates a new SSL_SESSION structure and returns a pointer to it.

+ +

SSL_SESSION_dup() copies the contents of the SSL_SESSION structure in src and returns a pointer to it.

+ +

SSL_SESSION_up_ref() increments the reference count on the given SSL_SESSION structure.

+ +

SSL_SESSION_free() decrements the reference count of session and removes the SSL_SESSION structure pointed to by session and frees up the allocated memory, if the reference count has reached 0. If session is NULL nothing is done.

+ +

NOTES

+ +

SSL_SESSION objects are allocated, when a TLS/SSL handshake operation is successfully completed. Depending on the settings, see SSL_CTX_set_session_cache_mode(3), the SSL_SESSION objects are internally referenced by the SSL_CTX and linked into its session cache. SSL objects may be using the SSL_SESSION object; as a session may be reused, several SSL objects may be using one SSL_SESSION object at the same time. It is therefore crucial to keep the reference count (usage information) correct and not delete a SSL_SESSION object that is still used, as this may lead to program failures due to dangling pointers. These failures may also appear delayed, e.g. when an SSL_SESSION object was completely freed as the reference count incorrectly became 0, but it is still referenced in the internal session cache and the cache list is processed during a SSL_CTX_flush_sessions(3) operation.

+ +

SSL_SESSION_free() must only be called for SSL_SESSION objects, for which the reference count was explicitly incremented (e.g. by calling SSL_get1_session(), see SSL_get_session(3)) or when the SSL_SESSION object was generated outside a TLS handshake operation, e.g. by using d2i_SSL_SESSION(3). It must not be called on other SSL_SESSION objects, as this would cause incorrect reference counts and therefore program failures.

+ +

RETURN VALUES

+ +

SSL_SESSION_new returns a pointer to the newly allocated SSL_SESSION structure or NULL on error.

+ +

SSL_SESSION_up_ref returns 1 on success or 0 on error.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_session(3), SSL_CTX_set_session_cache_mode(3), SSL_CTX_flush_sessions(3), d2i_SSL_SESSION(3)

+ +

HISTORY

+ +

The SSL_SESSION_dup() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get0_cipher.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get0_cipher.html new file mode 100644 index 00000000..5690e44e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get0_cipher.html @@ -0,0 +1,68 @@ + + + + +SSL_SESSION_get0_cipher + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get0_cipher, SSL_SESSION_set_cipher - set and retrieve the SSL cipher associated with a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
+int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher);
+ +

DESCRIPTION

+ +

SSL_SESSION_get0_cipher() retrieves the cipher that was used by the connection when the session was created, or NULL if it cannot be determined.

+ +

The value returned is a pointer to an object maintained within s and should not be released.

+ +

SSL_SESSION_set_cipher() can be used to set the ciphersuite associated with the SSL_SESSION s to cipher. For example, this could be used to set up a session based PSK (see SSL_CTX_set_psk_use_session_callback(3)).

+ +

RETURN VALUES

+ +

SSL_SESSION_get0_cipher() returns the SSL_CIPHER associated with the SSL_SESSION or NULL if it cannot be determined.

+ +

SSL_SESSION_set_cipher() returns 1 on success or 0 on failure.

+ +

SEE ALSO

+ +

ssl(7), d2i_SSL_SESSION(3), SSL_SESSION_get_time(3), SSL_SESSION_get0_hostname(3), SSL_SESSION_free(3), SSL_CTX_set_psk_use_session_callback(3)

+ +

HISTORY

+ +

The SSL_SESSION_get0_cipher() function was added in OpenSSL 1.1.0. The SSL_SESSION_set_cipher() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get0_hostname.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get0_hostname.html new file mode 100644 index 00000000..179754c7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get0_hostname.html @@ -0,0 +1,80 @@ + + + + +SSL_SESSION_get0_hostname + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get0_hostname, SSL_SESSION_set1_hostname, SSL_SESSION_get0_alpn_selected, SSL_SESSION_set1_alpn_selected - get and set SNI and ALPN data associated with a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
+int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);
+
+void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                    const unsigned char **alpn,
+                                    size_t *len);
+int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
+                                   size_t len);
+ +

DESCRIPTION

+ +

SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the client when the session was created if it was accepted by the server and TLSv1.2 or below was negotiated. Otherwise NULL is returned. Note that in TLSv1.3 the SNI hostname is negotiated with each handshake including resumption handshakes and is therefore never associated with the session.

+ +

The value returned is a pointer to memory maintained within s and should not be free'd.

+ +

SSL_SESSION_set1_hostname() sets the SNI value for the hostname to a copy of the string provided in hostname.

+ +

SSL_SESSION_get0_alpn_selected() retrieves the selected ALPN protocol for this session and its associated length in bytes. The returned value of *alpn is a pointer to memory maintained within s and should not be free'd.

+ +

SSL_SESSION_set1_alpn_selected() sets the ALPN protocol for this session to the value in alpn which should be of length len bytes. A copy of the input value is made, and the caller retains ownership of the memory pointed to by alpn.

+ +

RETURN VALUES

+ +

SSL_SESSION_get0_hostname() returns either a string or NULL based on if there is the SNI value sent by client.

+ +

SSL_SESSION_set1_hostname() returns 1 on success or 0 on error.

+ +

SSL_SESSION_set1_alpn_selected() returns 1 on success or 0 on error.

+ +

SEE ALSO

+ +

ssl(7), d2i_SSL_SESSION(3), SSL_SESSION_get_time(3), SSL_SESSION_free(3)

+ +

HISTORY

+ +

The SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and SSL_SESSION_set1_alpn_selected() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get0_id_context.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get0_id_context.html new file mode 100644 index 00000000..04c937b4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get0_id_context.html @@ -0,0 +1,70 @@ + + + + +SSL_SESSION_get0_id_context + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get0_id_context, SSL_SESSION_set1_id_context - get and set the SSL ID context associated with a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+                                                 unsigned int *len)
+int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+                               unsigned int sid_ctx_len);
+ +

DESCRIPTION

+ +

See SSL_CTX_set_session_id_context(3) for further details on session ID contexts.

+ +

SSL_SESSION_get0_id_context() returns the ID context associated with the SSL/TLS session s. The length of the ID context is written to *len if len is not NULL.

+ +

The value returned is a pointer to an object maintained within s and should not be released.

+ +

SSL_SESSION_set1_id_context() takes a copy of the provided ID context given in sid_ctx and associates it with the session s. The length of the ID context is given by sid_ctx_len which must not exceed SSL_MAX_SID_CTX_LENGTH bytes.

+ +

RETURN VALUES

+ +

SSL_SESSION_set1_id_context() returns 1 on success or 0 on error.

+ +

SEE ALSO

+ +

ssl(7), SSL_set_session_id_context(3)

+ +

HISTORY

+ +

The SSL_SESSION_get0_id_context() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get0_peer.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get0_peer.html new file mode 100644 index 00000000..b05aa4f9 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get0_peer.html @@ -0,0 +1,56 @@ + + + + +SSL_SESSION_get0_peer + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get0_peer - get details about peer's certificate for a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
+ +

DESCRIPTION

+ +

SSL_SESSION_get0_peer() returns the peer certificate associated with the session s or NULL if no peer certificate is available. The caller should not free the returned value (unless X509_up_ref(3) has also been called).

+ +

RETURN VALUES

+ +

SSL_SESSION_get0_peer() returns a pointer to the peer certificate or NULL if no peer certificate is available.

+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get_compress_id.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get_compress_id.html new file mode 100644 index 00000000..91af12b6 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get_compress_id.html @@ -0,0 +1,56 @@ + + + + +SSL_SESSION_get_compress_id + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get_compress_id - get details about the compression associated with a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
+ +

DESCRIPTION

+ +

If compression has been negotiated for an ssl session then SSL_SESSION_get_compress_id() will return the id for the compression method or 0 otherwise. The only built-in supported compression method is zlib which has an id of 1.

+ +

RETURN VALUES

+ +

SSL_SESSION_get_compress_id() returns the id of the compression method or 0 if none.

+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get_ex_data.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get_ex_data.html new file mode 100644 index 00000000..c7b8caf5 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get_ex_data.html @@ -0,0 +1,61 @@ + + + + +SSL_SESSION_get_ex_data + + + + + + + + + + +

NAME

+ +

SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data - get and set application specific data on a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx);
+ +

DESCRIPTION

+ +

SSL_SESSION_set_ex_data() enables an application to store arbitrary application specific data data in an SSL_SESSION structure ss. The index idx should be a value previously returned from a call to CRYPTO_get_ex_new_index(3).

+ +

SSL_SESSION_get_ex_data() retrieves application specific data previously stored in an SSL_SESSION structure s. The idx value should be the same as that used when originally storing the data.

+ +

RETURN VALUES

+ +

SSL_SESSION_set_ex_data() returns 1 for success or 0 for failure.

+ +

SSL_SESSION_get_ex_data() returns the previously stored value or NULL on failure. NULL may also be a valid value.

+ +

SEE ALSO

+ +

ssl(7), CRYPTO_get_ex_new_index(3)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get_protocol_version.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get_protocol_version.html new file mode 100644 index 00000000..765ee4ad --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get_protocol_version.html @@ -0,0 +1,68 @@ + + + + +SSL_SESSION_get_protocol_version + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get_protocol_version, SSL_SESSION_set_protocol_version - get and set the session protocol version

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
+int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version);
+ +

DESCRIPTION

+ +

SSL_SESSION_get_protocol_version() returns the protocol version number used by session s.

+ +

SSL_SESSION_set_protocol_version() sets the protocol version associated with the SSL_SESSION object s to the value version. This value should be a version constant such as TLS1_3_VERSION etc. For example, this could be used to set up a session based PSK (see SSL_CTX_set_psk_use_session_callback(3)).

+ +

RETURN VALUES

+ +

SSL_SESSION_get_protocol_version() returns a number indicating the protocol version used for the session; this number matches the constants e.g. TLS1_VERSION, TLS1_2_VERSION or TLS1_3_VERSION.

+ +

Note that the SSL_SESSION_get_protocol_version() function does not perform a null check on the provided session s pointer.

+ +

SSL_SESSION_set_protocol_version() returns 1 on success or 0 on failure.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_psk_use_session_callback(3)

+ +

HISTORY

+ +

The SSL_SESSION_get_protocol_version() function was added in OpenSSL 1.1.0. The SSL_SESSION_set_protocol_version() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get_time.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get_time.html new file mode 100644 index 00000000..d803e550 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_get_time.html @@ -0,0 +1,81 @@ + + + + +SSL_SESSION_get_time + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_set_timeout, SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout - retrieve and manipulate session time and timeout settings

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_SESSION_get_time(const SSL_SESSION *s);
+long SSL_SESSION_set_time(SSL_SESSION *s, long tm);
+long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm);
+
+long SSL_get_time(const SSL_SESSION *s);
+long SSL_set_time(SSL_SESSION *s, long tm);
+long SSL_get_timeout(const SSL_SESSION *s);
+long SSL_set_timeout(SSL_SESSION *s, long tm);
+ +

DESCRIPTION

+ +

SSL_SESSION_get_time() returns the time at which the session s was established. The time is given in seconds since the Epoch and therefore compatible to the time delivered by the time() call.

+ +

SSL_SESSION_set_time() replaces the creation time of the session s with the chosen value tm.

+ +

SSL_SESSION_get_timeout() returns the timeout value set for session s in seconds.

+ +

SSL_SESSION_set_timeout() sets the timeout value for session s in seconds to tm.

+ +

The SSL_get_time(), SSL_set_time(), SSL_get_timeout(), and SSL_set_timeout() functions are synonyms for the SSL_SESSION_*() counterparts.

+ +

NOTES

+ +

Sessions are expired by examining the creation time and the timeout value. Both are set at creation time of the session to the actual time and the default timeout value at creation, respectively, as set by SSL_CTX_set_timeout(3). Using these functions it is possible to extend or shorten the lifetime of the session.

+ +

RETURN VALUES

+ +

SSL_SESSION_get_time() and SSL_SESSION_get_timeout() return the currently valid values.

+ +

SSL_SESSION_set_time() and SSL_SESSION_set_timeout() return 1 on success.

+ +

If any of the function is passed the NULL pointer for the session s, 0 is returned.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_timeout(3), SSL_get_default_timeout(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_has_ticket.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_has_ticket.html new file mode 100644 index 00000000..6eb48d8a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_has_ticket.html @@ -0,0 +1,70 @@ + + + + +SSL_SESSION_has_ticket + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get0_ticket, SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint - get details about the ticket associated with a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_SESSION_has_ticket(const SSL_SESSION *s);
+unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
+                             size_t *len);
+ +

DESCRIPTION

+ +

SSL_SESSION_has_ticket() returns 1 if there is a Session Ticket associated with this session, and 0 otherwise.

+ +

SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds associated with the session ticket.

+ +

SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a session. The length of the ticket is written to *len. If tick is non NULL then a pointer to the ticket is written to *tick. The pointer is only valid while the connection is in use. The session (and hence the ticket pointer) may also become invalid as a result of a call to SSL_CTX_flush_sessions().

+ +

RETURN VALUES

+ +

SSL_SESSION_has_ticket() returns 1 if session ticket exists or 0 otherwise.

+ +

SSL_SESSION_get_ticket_lifetime_hint() returns the number of seconds.

+ +

SEE ALSO

+ +

ssl(7), d2i_SSL_SESSION(3), SSL_SESSION_get_time(3), SSL_SESSION_free(3)

+ +

HISTORY

+ +

The SSL_SESSION_has_ticket(), SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_get0_ticket() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_is_resumable.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_is_resumable.html new file mode 100644 index 00000000..09309bc5 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_is_resumable.html @@ -0,0 +1,61 @@ + + + + +SSL_SESSION_is_resumable + + + + + + + + + + +

NAME

+ +

SSL_SESSION_is_resumable - determine whether an SSL_SESSION object can be used for resumption

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_SESSION_is_resumable(const SSL_SESSION *s);
+ +

DESCRIPTION

+ +

SSL_SESSION_is_resumable() determines whether an SSL_SESSION object can be used to resume a session or not. Returns 1 if it can or 0 if not. Note that attempting to resume with a non-resumable session will result in a full handshake.

+ +

RETURN VALUES

+ +

SSL_SESSION_is_resumable() returns 1 if the session is resumable or 0 otherwise.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_session(3), SSL_CTX_sess_set_new_cb(3)

+ +

HISTORY

+ +

The SSL_SESSION_is_resumable() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_print.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_print.html new file mode 100644 index 00000000..21a438d7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_print.html @@ -0,0 +1,62 @@ + + + + +SSL_SESSION_print + + + + + + + + + + +

NAME

+ +

SSL_SESSION_print, SSL_SESSION_print_fp, SSL_SESSION_print_keylog - printf information about a session

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
+int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
+int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
+ +

DESCRIPTION

+ +

SSL_SESSION_print() prints summary information about the session provided in ses to the BIO fp.

+ +

SSL_SESSION_print_fp() does the same as SSL_SESSION_print() except it prints it to the FILE fp.

+ +

SSL_SESSION_print_keylog() prints session information to the provided BIO <bp> in NSS keylog format.

+ +

RETURN VALUES

+ +

SSL_SESSION_print(), SSL_SESSION_print_fp() and SSL_SESSION_print_keylog return 1 on success or 0 on error.

+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_set1_id.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_set1_id.html new file mode 100644 index 00000000..1ec260b3 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_SESSION_set1_id.html @@ -0,0 +1,66 @@ + + + + +SSL_SESSION_set1_id + + + + + + + + + + +

NAME

+ +

SSL_SESSION_get_id, SSL_SESSION_set1_id - get and set the SSL session ID

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+                                        unsigned int *len)
+int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+                        unsigned int sid_len);
+ +

DESCRIPTION

+ +

SSL_SESSION_get_id() returns a pointer to the internal session id value for the session s. The length of the id in bytes is stored in *len. The length may be 0. The caller should not free the returned pointer directly.

+ +

SSL_SESSION_set1_id() sets the session ID for the ssl SSL/TLS session to sid of length sid_len.

+ +

RETURN VALUES

+ +

SSL_SESSION_get_id() returns a pointer to the session id value. SSL_SESSION_set1_id() returns 1 for success and 0 for failure, for example if the supplied session ID length exceeds SSL_MAX_SSL_SESSION_ID_LENGTH.

+ +

SEE ALSO

+ +

ssl(7)

+ +

HISTORY

+ +

The SSL_SESSION_set1_id() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_accept.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_accept.html new file mode 100644 index 00000000..856b86b2 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_accept.html @@ -0,0 +1,87 @@ + + + + +SSL_accept + + + + + + + + + + +

NAME

+ +

SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_accept(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake. The communication channel must already have been set and assigned to the ssl by setting an underlying BIO.

+ +

NOTES

+ +

The behaviour of SSL_accept() depends on the underlying BIO.

+ +

If the underlying BIO is blocking, SSL_accept() will only return once the handshake has been finished or an error occurred.

+ +

If the underlying BIO is non-blocking, SSL_accept() will also return when the underlying BIO could not satisfy the needs of SSL_accept() to continue the handshake, indicating the problem by the return value -1. In this case a call to SSL_get_error() with the return value of SSL_accept() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_accept(). The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value ret to find out the reason.

+ +
+
1
+
+ +

The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established.

+ +
+
<0
+
+ +

The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation for non-blocking BIOs. Call SSL_get_error() with the return value ret to find out the reason.

+ +
+
+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_connect(3), SSL_shutdown(3), ssl(7), bio(7), SSL_set_connect_state(3), SSL_do_handshake(3), SSL_CTX_new(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_alert_type_string.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_alert_type_string.html new file mode 100644 index 00000000..a03f3d25 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_alert_type_string.html @@ -0,0 +1,255 @@ + + + + +SSL_alert_type_string + + + + + + + + + + +

NAME

+ +

SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long - get textual description of alert information

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const char *SSL_alert_type_string(int value);
+const char *SSL_alert_type_string_long(int value);
+
+const char *SSL_alert_desc_string(int value);
+const char *SSL_alert_desc_string_long(int value);
+ +

DESCRIPTION

+ +

SSL_alert_type_string() returns a one letter string indicating the type of the alert specified by value.

+ +

SSL_alert_type_string_long() returns a string indicating the type of the alert specified by value.

+ +

SSL_alert_desc_string() returns a two letter string as a short form describing the reason of the alert specified by value.

+ +

SSL_alert_desc_string_long() returns a string describing the reason of the alert specified by value.

+ +

NOTES

+ +

When one side of an SSL/TLS communication wants to inform the peer about a special situation, it sends an alert. The alert is sent as a special message and does not influence the normal data stream (unless its contents results in the communication being canceled).

+ +

A warning alert is sent, when a non-fatal error condition occurs. The "close notify" alert is sent as a warning alert. Other examples for non-fatal errors are certificate errors ("certificate expired", "unsupported certificate"), for which a warning alert may be sent. (The sending party may however decide to send a fatal error.) The receiving side may cancel the connection on reception of a warning alert on it discretion.

+ +

Several alert messages must be sent as fatal alert messages as specified by the TLS RFC. A fatal alert always leads to a connection abort.

+ +

RETURN VALUES

+ +

The following strings can occur for SSL_alert_type_string() or SSL_alert_type_string_long():

+ +
+ +
"W"/"warning"
+
+ +
+
"F"/"fatal"
+
+ +
+
"U"/"unknown"
+
+ +

This indicates that no support is available for this alert type. Probably value does not contain a correct alert message.

+ +
+
+ +

The following strings can occur for SSL_alert_desc_string() or SSL_alert_desc_string_long():

+ +
+ +
"CN"/"close notify"
+
+ +

The connection shall be closed. This is a warning alert.

+ +
+
"UM"/"unexpected message"
+
+ +

An inappropriate message was received. This alert is always fatal and should never be observed in communication between proper implementations.

+ +
+
"BM"/"bad record mac"
+
+ +

This alert is returned if a record is received with an incorrect MAC. This message is always fatal.

+ +
+
"DF"/"decompression failure"
+
+ +

The decompression function received improper input (e.g. data that would expand to excessive length). This message is always fatal.

+ +
+
"HF"/"handshake failure"
+
+ +

Reception of a handshake_failure alert message indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available. This is a fatal error.

+ +
+
"NC"/"no certificate"
+
+ +

A client, that was asked to send a certificate, does not send a certificate (SSLv3 only).

+ +
+
"BC"/"bad certificate"
+
+ +

A certificate was corrupt, contained signatures that did not verify correctly, etc

+ +
+
"UC"/"unsupported certificate"
+
+ +

A certificate was of an unsupported type.

+ +
+
"CR"/"certificate revoked"
+
+ +

A certificate was revoked by its signer.

+ +
+
"CE"/"certificate expired"
+
+ +

A certificate has expired or is not currently valid.

+ +
+
"CU"/"certificate unknown"
+
+ +

Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable.

+ +
+
"IP"/"illegal parameter"
+
+ +

A field in the handshake was out of range or inconsistent with other fields. This is always fatal.

+ +
+
"DC"/"decryption failed"
+
+ +

A TLSCiphertext decrypted in an invalid way: either it wasn't an even multiple of the block length or its padding values, when checked, weren't correct. This message is always fatal.

+ +
+
"RO"/"record overflow"
+
+ +

A TLSCiphertext record was received which had a length more than 2^14+2048 bytes, or a record decrypted to a TLSCompressed record with more than 2^14+1024 bytes. This message is always fatal.

+ +
+
"CA"/"unknown CA"
+
+ +

A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn't be matched with a known, trusted CA. This message is always fatal.

+ +
+
"AD"/"access denied"
+
+ +

A valid certificate was received, but when access control was applied, the sender decided not to proceed with negotiation. This message is always fatal.

+ +
+
"DE"/"decode error"
+
+ +

A message could not be decoded because some field was out of the specified range or the length of the message was incorrect. This message is always fatal.

+ +
+
"CY"/"decrypt error"
+
+ +

A handshake cryptographic operation failed, including being unable to correctly verify a signature, decrypt a key exchange, or validate a finished message.

+ +
+
"ER"/"export restriction"
+
+ +

A negotiation not in compliance with export restrictions was detected; for example, attempting to transfer a 1024 bit ephemeral RSA key for the RSA_EXPORT handshake method. This message is always fatal.

+ +
+
"PV"/"protocol version"
+
+ +

The protocol version the client has attempted to negotiate is recognized, but not supported. (For example, old protocol versions might be avoided for security reasons). This message is always fatal.

+ +
+
"IS"/"insufficient security"
+
+ +

Returned instead of handshake_failure when a negotiation has failed specifically because the server requires ciphers more secure than those supported by the client. This message is always fatal.

+ +
+
"IE"/"internal error"
+
+ +

An internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue (such as a memory allocation failure). This message is always fatal.

+ +
+
"US"/"user canceled"
+
+ +

This handshake is being canceled for some reason unrelated to a protocol failure. If the user cancels an operation after the handshake is complete, just closing the connection by sending a close_notify is more appropriate. This alert should be followed by a close_notify. This message is generally a warning.

+ +
+
"NR"/"no renegotiation"
+
+ +

Sent by the client in response to a hello request or by the server in response to a client hello after initial handshaking. Either of these would normally lead to renegotiation; when that is not appropriate, the recipient should respond with this alert; at that point, the original requester can decide whether to proceed with the connection. One case where this would be appropriate would be where a server has spawned a process to satisfy a request; the process might receive security parameters (key length, authentication, etc.) at startup and it might be difficult to communicate changes to these parameters after that point. This message is always a warning.

+ +
+
"UP"/"unknown PSK identity"
+
+ +

Sent by the server to indicate that it does not recognize a PSK identity or an SRP identity.

+ +
+
"UK"/"unknown"
+
+ +

This indicates that no description is available for this alert type. Probably value does not contain a correct alert message.

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_info_callback(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_alloc_buffers.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_alloc_buffers.html new file mode 100644 index 00000000..85fa8a58 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_alloc_buffers.html @@ -0,0 +1,77 @@ + + + + +SSL_alloc_buffers + + + + + + + + + + +

NAME

+ +

SSL_free_buffers, SSL_alloc_buffers - manage SSL structure buffers

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_free_buffers(SSL *ssl);
+int SSL_alloc_buffers(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_free_buffers() frees the read and write buffers of the given ssl. SSL_alloc_buffers() allocates the read and write buffers of the given ssl.

+ +

The SSL_MODE_RELEASE_BUFFERS mode releases read or write buffers whenever the buffers have been drained. These functions allow applications to manually control when buffers are freed and allocated.

+ +

After freeing the buffers, the buffers are automatically reallocated upon a new read or write. The SSL_alloc_buffers() does not need to be called, but can be used to make sure the buffers are pre-allocated. This can be used to avoid allocation during data processing or with CRYPTO_set_mem_functions() to control where and how buffers are allocated.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0 (Failure)
+
+ +

The SSL_free_buffers() function returns 0 when there is pending data to be read or written. The SSL_alloc_buffers() function returns 0 when there is an allocation failure.

+ +
+
1 (Success)
+
+ +

The SSL_free_buffers() function returns 1 if the buffers have been freed. This value is also returned if the buffers had been freed before calling SSL_free_buffers(). The SSL_alloc_buffers() function returns 1 if the buffers have been allocated. This value is also returned if the buffers had been allocated before calling SSL_alloc_buffers().

+ +
+
+ +

SEE ALSO

+ +

SSL_free(3), SSL_clear(3), SSL_new(3), SSL_CTX_set_mode(3), CRYPTO_set_mem_functions

+ +

COPYRIGHT

+ +

Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_check_chain.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_check_chain.html new file mode 100644 index 00000000..46e56cb3 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_check_chain.html @@ -0,0 +1,89 @@ + + + + +SSL_check_chain + + + + + + + + + + +

NAME

+ +

SSL_check_chain - check certificate chain suitability

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
+ +

DESCRIPTION

+ +

SSL_check_chain() checks whether certificate x, private key pk and certificate chain chain is suitable for use with the current session s.

+ +

RETURN VALUES

+ +

SSL_check_chain() returns a bitmap of flags indicating the validity of the chain.

+ +

CERT_PKEY_VALID: the chain can be used with the current session. If this flag is not set then the certificate will never be used even if the application tries to set it because it is inconsistent with the peer preferences.

+ +

CERT_PKEY_SIGN: the EE key can be used for signing.

+ +

CERT_PKEY_EE_SIGNATURE: the signature algorithm of the EE certificate is acceptable.

+ +

CERT_PKEY_CA_SIGNATURE: the signature algorithms of all CA certificates are acceptable.

+ +

CERT_PKEY_EE_PARAM: the parameters of the end entity certificate are acceptable (e.g. it is a supported curve).

+ +

CERT_PKEY_CA_PARAM: the parameters of all CA certificates are acceptable.

+ +

CERT_PKEY_EXPLICIT_SIGN: the end entity certificate algorithm can be used explicitly for signing (i.e. it is mentioned in the signature algorithms extension).

+ +

CERT_PKEY_ISSUER_NAME: the issuer name is acceptable. This is only meaningful for client authentication.

+ +

CERT_PKEY_CERT_TYPE: the certificate type is acceptable. Only meaningful for client authentication.

+ +

CERT_PKEY_SUITEB: chain is suitable for Suite B use.

+ +

NOTES

+ +

SSL_check_chain() must be called in servers after a client hello message or in clients after a certificate request message. It will typically be called in the certificate callback.

+ +

An application wishing to support multiple certificate chains may call this function on each chain in turn: starting with the one it considers the most secure. It could then use the chain of the first set which returns suitable flags.

+ +

As a minimum the flag CERT_PKEY_VALID must be set for a chain to be usable. An application supporting multiple chains with different CA signature algorithms may also wish to check CERT_PKEY_CA_SIGNATURE too. If no chain is suitable a server should fall back to the most secure chain which sets CERT_PKEY_VALID.

+ +

The validity of a chain is determined by checking if it matches a supported signature algorithm, supported curves and in the case of client authentication certificate types and issuer names.

+ +

Since the supported signature algorithms extension is only used in TLS 1.2, TLS 1.3 and DTLS 1.2 the results for earlier versions of TLS and DTLS may not be very useful. Applications may wish to specify a different "legacy" chain for earlier versions of TLS or DTLS.

+ +

SEE ALSO

+ +

SSL_CTX_set_cert_cb(3), ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_clear.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_clear.html new file mode 100644 index 00000000..5409dbfa --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_clear.html @@ -0,0 +1,81 @@ + + + + +SSL_clear + + + + + + + + + + +

NAME

+ +

SSL_clear - reset SSL object to allow another connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_clear(SSL *ssl);
+ +

DESCRIPTION

+ +

Reset ssl to allow another connection. All settings (method, ciphers, BIOs) are kept.

+ +

NOTES

+ +

SSL_clear is used to prepare an SSL object for a new connection. While all settings are kept, a side effect is the handling of the current SSL session. If a session is still open, it is considered bad and will be removed from the session cache, as required by RFC2246. A session is considered open, if SSL_shutdown(3) was not called for the connection or at least SSL_set_shutdown(3) was used to set the SSL_SENT_SHUTDOWN state.

+ +

If a session was closed cleanly, the session object will be kept and all settings corresponding. This explicitly means, that e.g. the special method used during the session will be kept for the next handshake. So if the session was a TLSv1 session, a SSL client object will use a TLSv1 client method for the next handshake and a SSL server object will use a TLSv1 server method, even if TLS_*_methods were chosen on startup. This will might lead to connection failures (see SSL_new(3)) for a description of the method's properties.

+ +

WARNINGS

+ +

SSL_clear() resets the SSL object to allow for another connection. The reset operation however keeps several settings of the last sessions (some of these settings were made automatically during the last handshake). It only makes sense for a new connection with the exact same peer that shares these settings, and may fail if that peer changes its settings between connections. Use the sequence SSL_get_session(3); SSL_new(3); SSL_set_session(3); SSL_free(3) instead to avoid such failures (or simply SSL_free(3); SSL_new(3) if session reuse is not desired).

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

The SSL_clear() operation could not be performed. Check the error stack to find out the reason.

+ +
+
1
+
+ +

The SSL_clear() operation was successful.

+ +
+
+ +

SSL_new(3), SSL_free(3), SSL_shutdown(3), SSL_set_shutdown(3), SSL_CTX_set_options(3), ssl(7), SSL_CTX_set_client_cert_cb(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_connect.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_connect.html new file mode 100644 index 00000000..ba58ceb3 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_connect.html @@ -0,0 +1,91 @@ + + + + +SSL_connect + + + + + + + + + + +

NAME

+ +

SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_connect(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_connect() initiates the TLS/SSL handshake with a server. The communication channel must already have been set and assigned to the ssl by setting an underlying BIO.

+ +

NOTES

+ +

The behaviour of SSL_connect() depends on the underlying BIO.

+ +

If the underlying BIO is blocking, SSL_connect() will only return once the handshake has been finished or an error occurred.

+ +

If the underlying BIO is non-blocking, SSL_connect() will also return when the underlying BIO could not satisfy the needs of SSL_connect() to continue the handshake, indicating the problem by the return value -1. In this case a call to SSL_get_error() with the return value of SSL_connect() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_connect(). The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue.

+ +

Many systems implement Nagle's algorithm by default which means that it will buffer outgoing TCP data if a TCP packet has already been sent for which no corresponding ACK has been received yet from the peer. This can have performance impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below) resumption handshake, because the last peer to communicate in the handshake is the client. If the client is also the first to send application data (as is typical for many protocols) then this data could be buffered until an ACK has been received for the final handshake message.

+ +

The TCP_NODELAY socket option is often available to disable Nagle's algorithm. If an application opts to disable Nagle's algorithm consideration should be given to turning it back on again later if appropriate. The helper function BIO_set_tcp_ndelay() can be used to turn on or off the TCP_NODELAY option.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value ret to find out the reason.

+ +
+
1
+
+ +

The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established.

+ +
+
<0
+
+ +

The TLS/SSL handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation for non-blocking BIOs. Call SSL_get_error() with the return value ret to find out the reason.

+ +
+
+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_accept(3), SSL_shutdown(3), ssl(7), bio(7), SSL_set_connect_state(3), SSL_do_handshake(3), SSL_CTX_new(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_do_handshake.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_do_handshake.html new file mode 100644 index 00000000..2cd11a5b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_do_handshake.html @@ -0,0 +1,87 @@ + + + + +SSL_do_handshake + + + + + + + + + + +

NAME

+ +

SSL_do_handshake - perform a TLS/SSL handshake

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_do_handshake(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the connection is in client mode, the handshake will be started. The handshake routines may have to be explicitly set in advance using either SSL_set_connect_state(3) or SSL_set_accept_state(3).

+ +

NOTES

+ +

The behaviour of SSL_do_handshake() depends on the underlying BIO.

+ +

If the underlying BIO is blocking, SSL_do_handshake() will only return once the handshake has been finished or an error occurred.

+ +

If the underlying BIO is non-blocking, SSL_do_handshake() will also return when the underlying BIO could not satisfy the needs of SSL_do_handshake() to continue the handshake. In this case a call to SSL_get_error() with the return value of SSL_do_handshake() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_do_handshake(). The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value ret to find out the reason.

+ +
+
1
+
+ +

The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established.

+ +
+
<0
+
+ +

The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation for non-blocking BIOs. Call SSL_get_error() with the return value ret to find out the reason.

+ +
+
+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_connect(3), SSL_accept(3), ssl(7), bio(7), SSL_set_connect_state(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_export_keying_material.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_export_keying_material.html new file mode 100644 index 00000000..f269d1d2 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_export_keying_material.html @@ -0,0 +1,78 @@ + + + + +SSL_export_keying_material + + + + + + + + + + +

NAME

+ +

SSL_export_keying_material, SSL_export_keying_material_early - obtain keying material for application use

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                               const char *label, size_t llen,
+                               const unsigned char *context,
+                               size_t contextlen, int use_context);
+
+int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
+                                     const char *label, size_t llen,
+                                     const unsigned char *context,
+                                     size_t contextlen);
+ +

DESCRIPTION

+ +

During the creation of a TLS or DTLS connection shared keying material is established between the two endpoints. The functions SSL_export_keying_material() and SSL_export_keying_material_early() enable an application to use some of this keying material for its own purposes in accordance with RFC5705 (for TLSv1.2 and below) or RFC8446 (for TLSv1.3).

+ +

SSL_export_keying_material() derives keying material using the exporter_master_secret established in the handshake.

+ +

SSL_export_keying_material_early() is only usable with TLSv1.3, and derives keying material using the early_exporter_master_secret (as defined in the TLS 1.3 RFC). For the client, the early_exporter_master_secret is only available when the client attempts to send 0-RTT data. For the server, it is only available when the server accepts 0-RTT data.

+ +

An application may need to securely establish the context within which this keying material will be used. For example this may include identifiers for the application session, application algorithms or parameters, or the lifetime of the context. The context value is left to the application but must be the same on both sides of the communication.

+ +

For a given SSL connection s, olen bytes of data will be written to out. The application specific context should be supplied in the location pointed to by context and should be contextlen bytes long. Provision of a context is optional. If the context should be omitted entirely then use_context should be set to 0. Otherwise it should be any other value. If use_context is 0 then the values of context and contextlen are ignored. Note that in TLSv1.2 and below a zero length context is treated differently from no context at all, and will result in different keying material being returned. In TLSv1.3 a zero length context is that same as no context at all and will result in the same keying material being returned.

+ +

An application specific label should be provided in the location pointed to by label and should be llen bytes long. Typically this will be a value from the IANA Exporter Label Registry (https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels). Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard to be used without registration. TLSv1.3 imposes a maximum label length of 249 bytes.

+ +

Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and above. Attempting to use it in SSLv3 will result in an error.

+ +

RETURN VALUES

+ +

SSL_export_keying_material() returns 0 or -1 on failure or 1 on success.

+ +

SSL_export_keying_material_early() returns 0 on failure or 1 on success.

+ +

HISTORY

+ +

The SSL_export_keying_material_early() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_extension_supported.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_extension_supported.html new file mode 100644 index 00000000..aa592a55 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_extension_supported.html @@ -0,0 +1,261 @@ + + + + +SSL_extension_supported + + + + + + + + + + +

NAME

+ +

SSL_extension_supported, SSL_CTX_add_custom_ext, SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext, custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb - custom TLS extension handling

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+typedef int (*SSL_custom_ext_add_cb_ex) (SSL *s, unsigned int ext_type,
+                                         unsigned int context,
+                                         const unsigned char **out,
+                                         size_t *outlen, X509 *x,
+                                         size_t chainidx, int *al,
+                                         void *add_arg);
+
+typedef void (*SSL_custom_ext_free_cb_ex) (SSL *s, unsigned int ext_type,
+                                           unsigned int context,
+                                           const unsigned char *out,
+                                           void *add_arg);
+
+typedef int (*SSL_custom_ext_parse_cb_ex) (SSL *s, unsigned int ext_type,
+                                           unsigned int context,
+                                           const unsigned char *in,
+                                           size_t inlen, X509 *x,
+                                           size_t chainidx, int *al,
+                                           void *parse_arg);
+
+int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                           unsigned int context,
+                           SSL_custom_ext_add_cb_ex add_cb,
+                           SSL_custom_ext_free_cb_ex free_cb,
+                           void *add_arg,
+                           SSL_custom_ext_parse_cb_ex parse_cb,
+                           void *parse_arg);
+
+typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type,
+                                 const unsigned char **out,
+                                 size_t *outlen, int *al,
+                                 void *add_arg);
+
+typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type,
+                                   const unsigned char *out,
+                                   void *add_arg);
+
+typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type,
+                                   const unsigned char *in,
+                                   size_t inlen, int *al,
+                                   void *parse_arg);
+
+int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  custom_ext_add_cb add_cb,
+                                  custom_ext_free_cb free_cb, void *add_arg,
+                                  custom_ext_parse_cb parse_cb,
+                                  void *parse_arg);
+
+int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  custom_ext_add_cb add_cb,
+                                  custom_ext_free_cb free_cb, void *add_arg,
+                                  custom_ext_parse_cb parse_cb,
+                                  void *parse_arg);
+
+int SSL_extension_supported(unsigned int ext_type);
+ +

DESCRIPTION

+ +

SSL_CTX_add_custom_ext() adds a custom extension for a TLS/DTLS client or server for all supported protocol versions with extension type ext_type and callbacks add_cb, free_cb and parse_cb (see the "EXTENSION CALLBACKS" section below). The context value determines which messages and under what conditions the extension will be added/parsed (see the "EXTENSION CONTEXTS" section below).

+ +

SSL_CTX_add_client_custom_ext() adds a custom extension for a TLS/DTLS client with extension type ext_type and callbacks add_cb, free_cb and parse_cb. This function is similar to SSL_CTX_add_custom_ext() except it only applies to clients, uses the older style of callbacks, and implicitly sets the context value to:

+ +
SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO
+| SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION
+ +

SSL_CTX_add_server_custom_ext() adds a custom extension for a TLS/DTLS server with extension type ext_type and callbacks add_cb, free_cb and parse_cb. This function is similar to SSL_CTX_add_custom_ext() except it only applies to servers, uses the older style of callbacks, and implicitly sets the context value to the same as for SSL_CTX_add_client_custom_ext() above.

+ +

The ext_type parameter corresponds to the extension_type field of RFC5246 et al. It is not a NID. In all cases the extension type must not be handled by OpenSSL internally or an error occurs.

+ +

SSL_extension_supported() returns 1 if the extension ext_type is handled internally by OpenSSL and 0 otherwise.

+ +

EXTENSION CALLBACKS

+ +

The callback add_cb is called to send custom extension data to be included in various TLS messages. The ext_type parameter is set to the extension type which will be added and add_arg to the value set when the extension handler was added. When using the new style callbacks the context parameter will indicate which message is currently being constructed e.g. for the ClientHello it will be set to SSL_EXT_CLIENT_HELLO.

+ +

If the application wishes to include the extension ext_type it should set *out to the extension data, set *outlen to the length of the extension data and return 1.

+ +

If the add_cb does not wish to include the extension it must return 0.

+ +

If add_cb returns -1 a fatal handshake error occurs using the TLS alert value specified in *al.

+ +

When constructing the ClientHello, if add_cb is set to NULL a zero length extension is added for ext_type. For all other messages if add_cb is set to NULL then no extension is added.

+ +

When constructing a Certificate message the callback will be called for each certificate in the message. The x parameter will indicate the current certificate and the chainidx parameter will indicate the position of the certificate in the message. The first certificate is always the end entity certificate and has a chainidx value of 0. The certificates are in the order that they were received in the Certificate message.

+ +

For all messages except the ServerHello and EncryptedExtensions every registered add_cb is always called to see if the application wishes to add an extension (as long as all requirements of the specified context are met).

+ +

For the ServerHello and EncryptedExtension messages every registered add_cb is called once if and only if the requirements of the specified context are met and the corresponding extension was received in the ClientHello. That is, if no corresponding extension was received in the ClientHello then add_cb will not be called.

+ +

If an extension is added (that is add_cb returns 1) free_cb is called (if it is set) with the value of out set by the add callback. It can be used to free up any dynamic extension data set by add_cb. Since out is constant (to permit use of constant data in add_cb) applications may need to cast away const to free the data.

+ +

The callback parse_cb receives data for TLS extensions. The callback is only called if the extension is present and relevant for the context (see "EXTENSION CONTEXTS" below).

+ +

The extension data consists of inlen bytes in the buffer in for the extension ext_type.

+ +

If the message being parsed is a TLSv1.3 compatible Certificate message then parse_cb will be called for each certificate contained within the message. The x parameter will indicate the current certificate and the chainidx parameter will indicate the position of the certificate in the message. The first certificate is always the end entity certificate and has a chainidx value of 0.

+ +

If the parse_cb considers the extension data acceptable it must return 1. If it returns 0 or a negative value a fatal handshake error occurs using the TLS alert value specified in *al.

+ +

The buffer in is a temporary internal buffer which will not be valid after the callback returns.

+ +

EXTENSION CONTEXTS

+ +

An extension context defines which messages and under which conditions an extension should be added or expected. The context is built up by performing a bitwise OR of multiple pre-defined values together. The valid context values are:

+ +
+ +
SSL_EXT_TLS_ONLY
+
+ +

The extension is only allowed in TLS

+ +
+
SSL_EXT_DTLS_ONLY
+
+ +

The extension is only allowed in DTLS

+ +
+
SSL_EXT_TLS_IMPLEMENTATION_ONLY
+
+ +

The extension is allowed in DTLS, but there is only a TLS implementation available (so it is ignored in DTLS).

+ +
+
SSL_EXT_SSL3_ALLOWED
+
+ +

Extensions are not typically defined for SSLv3. Setting this value will allow the extension in SSLv3. Applications will not typically need to use this.

+ +
+
SSL_EXT_TLS1_2_AND_BELOW_ONLY
+
+ +

The extension is only defined for TLSv1.2/DTLSv1.2 and below. Servers will ignore this extension if it is present in the ClientHello and TLSv1.3 is negotiated.

+ +
+
SSL_EXT_TLS1_3_ONLY
+
+ +

The extension is only defined for TLS1.3 and above. Servers will ignore this extension if it is present in the ClientHello and TLSv1.2 or below is negotiated.

+ +
+
SSL_EXT_IGNORE_ON_RESUMPTION
+
+ +

The extension will be ignored during parsing if a previous session is being successfully resumed.

+ +
+
SSL_EXT_CLIENT_HELLO
+
+ +

The extension may be present in the ClientHello message.

+ +
+
SSL_EXT_TLS1_2_SERVER_HELLO
+
+ +

The extension may be present in a TLSv1.2 or below compatible ServerHello message.

+ +
+
SSL_EXT_TLS1_3_SERVER_HELLO
+
+ +

The extension may be present in a TLSv1.3 compatible ServerHello message.

+ +
+
SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+
+ +

The extension may be present in an EncryptedExtensions message.

+ +
+
SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
+
+ +

The extension may be present in a HelloRetryRequest message.

+ +
+
SSL_EXT_TLS1_3_CERTIFICATE
+
+ +

The extension may be present in a TLSv1.3 compatible Certificate message.

+ +
+
SSL_EXT_TLS1_3_NEW_SESSION_TICKET
+
+ +

The extension may be present in a TLSv1.3 compatible NewSessionTicket message.

+ +
+
SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
+
+ +

The extension may be present in a TLSv1.3 compatible CertificateRequest message.

+ +
+
+ +

The context must include at least one message value (otherwise the extension will never be used).

+ +

NOTES

+ +

The add_arg and parse_arg parameters can be set to arbitrary values which will be passed to the corresponding callbacks. They can, for example, be used to store the extension data received in a convenient structure or pass the extension data to be added or freed when adding extensions.

+ +

If the same custom extension type is received multiple times a fatal decode_error alert is sent and the handshake aborts. If a custom extension is received in a ServerHello/EncryptedExtensions message which was not sent in the ClientHello a fatal unsupported_extension alert is sent and the handshake is aborted. The ServerHello/EncryptedExtensions add_cb callback is only called if the corresponding extension was received in the ClientHello. This is compliant with the TLS specifications. This behaviour ensures that each callback is called at most once and that an application can never send unsolicited extensions.

+ +

RETURN VALUES

+ +

SSL_CTX_add_custom_ext(), SSL_CTX_add_client_custom_ext() and SSL_CTX_add_server_custom_ext() return 1 for success and 0 for failure. A failure can occur if an attempt is made to add the same ext_type more than once, if an attempt is made to use an extension type handled internally by OpenSSL or if an internal error occurs (for example a memory allocation failure).

+ +

SSL_extension_supported() returns 1 if the extension ext_type is handled internally by OpenSSL and 0 otherwise.

+ +

HISTORY

+ +

The SSL_CTX_add_custom_ext() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_free.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_free.html new file mode 100644 index 00000000..6f1ce82a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_free.html @@ -0,0 +1,60 @@ + + + + +SSL_free + + + + + + + + + + +

NAME

+ +

SSL_free - free an allocated SSL structure

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_free(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_free() decrements the reference count of ssl, and removes the SSL structure pointed to by ssl and frees up the allocated memory if the reference count has reached 0. If ssl is NULL nothing is done.

+ +

NOTES

+ +

SSL_free() also calls the free()ing procedures for indirectly affected items, if applicable: the buffering BIO, the read and write BIOs, cipher lists specially created for this ssl, the SSL_SESSION. Do not explicitly free these indirectly freed up items before or after calling SSL_free(), as trying to free things twice may lead to program failure.

+ +

The ssl session has reference counts from two users: the SSL object, for which the reference count is removed by SSL_free() and the internal session cache. If the session is considered bad, because SSL_shutdown(3) was not called for the connection and SSL_set_shutdown(3) was not used to set the SSL_SENT_SHUTDOWN state, the session will also be removed from the session cache as required by RFC2246.

+ +

RETURN VALUES

+ +

SSL_free() does not provide diagnostic information.

+ +

SSL_new(3), SSL_clear(3), SSL_shutdown(3), SSL_set_shutdown(3), ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get0_peer_scts.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get0_peer_scts.html new file mode 100644 index 00000000..79b3c2f7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get0_peer_scts.html @@ -0,0 +1,61 @@ + + + + +SSL_get0_peer_scts + + + + + + + + + + +

NAME

+ +

SSL_get0_peer_scts - get SCTs received

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);
+ +

DESCRIPTION

+ +

SSL_get0_peer_scts() returns the signed certificate timestamps (SCTs) that have been received. If this is the first time that this function has been called for a given SSL instance, it will examine the TLS extensions, OCSP response and the peer's certificate for SCTs. Future calls will return the same SCTs.

+ +

RESTRICTIONS

+ +

If no Certificate Transparency validation callback has been set (using SSL_CTX_set_ct_validation_callback or SSL_set_ct_validation_callback), this function is not guaranteed to return all of the SCTs that the peer is capable of sending.

+ +

RETURN VALUES

+ +

SSL_get0_peer_scts() returns a list of SCTs found, or NULL if an error occurs.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_ct_validation_callback(3)

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_SSL_CTX.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_SSL_CTX.html new file mode 100644 index 00000000..b5248a68 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_SSL_CTX.html @@ -0,0 +1,56 @@ + + + + +SSL_get_SSL_CTX + + + + + + + + + + +

NAME

+ +

SSL_get_SSL_CTX - get the SSL_CTX from which an SSL is created

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_SSL_CTX() returns a pointer to the SSL_CTX object, from which ssl was created with SSL_new(3).

+ +

RETURN VALUES

+ +

The pointer to the SSL_CTX object is returned.

+ +

SEE ALSO

+ +

ssl(7), SSL_new(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_all_async_fds.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_all_async_fds.html new file mode 100644 index 00000000..45d50898 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_all_async_fds.html @@ -0,0 +1,76 @@ + + + + +SSL_get_all_async_fds + + + + + + + + + + +

NAME

+ +

SSL_waiting_for_async, SSL_get_all_async_fds, SSL_get_changed_async_fds - manage asynchronous operations

+ +

SYNOPSIS

+ +
#include <openssl/async.h>
+#include <openssl/ssl.h>
+
+int SSL_waiting_for_async(SSL *s);
+int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fd, size_t *numfds);
+int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
+                              OSSL_ASYNC_FD *delfd, size_t *numdelfds);
+ +

DESCRIPTION

+ +

SSL_waiting_for_async() determines whether an SSL connection is currently waiting for asynchronous operations to complete (see the SSL_MODE_ASYNC mode in SSL_CTX_set_mode(3)).

+ +

SSL_get_all_async_fds() returns a list of file descriptor which can be used in a call to select() or poll() to determine whether the current asynchronous operation has completed or not. A completed operation will result in data appearing as "read ready" on the file descriptor (no actual data should be read from the file descriptor). This function should only be called if the SSL object is currently waiting for asynchronous work to complete (i.e. SSL_ERROR_WANT_ASYNC has been received - see SSL_get_error(3)). Typically the list will only contain one file descriptor. However if multiple asynchronous capable engines are in use then more than one is possible. The number of file descriptors returned is stored in *numfds and the file descriptors themselves are in *fds. The fds parameter may be NULL in which case no file descriptors are returned but *numfds is still populated. It is the callers responsibility to ensure sufficient memory is allocated at *fds so typically this function is called twice (once with a NULL fds parameter and once without).

+ +

SSL_get_changed_async_fds() returns a list of the asynchronous file descriptors that have been added and a list that have been deleted since the last SSL_ERROR_WANT_ASYNC was received (or since the SSL object was created if no SSL_ERROR_WANT_ASYNC has been received). Similar to SSL_get_all_async_fds() it is the callers responsibility to ensure that *addfd and *delfd have sufficient memory allocated, although they may be NULL. The number of added fds and the number of deleted fds are stored in *numaddfds and *numdelfds respectively.

+ +

RETURN VALUES

+ +

SSL_waiting_for_async() will return 1 if the current SSL operation is waiting for an async operation to complete and 0 otherwise.

+ +

SSL_get_all_async_fds() and SSL_get_changed_async_fds() return 1 on success or 0 on error.

+ +

NOTES

+ +

On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as one of the first included headers. Therefore it is defined as an application developer's responsibility to include windows.h prior to async.h.

+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_CTX_set_mode(3)

+ +

HISTORY

+ +

The SSL_waiting_for_async(), SSL_get_all_async_fds() and SSL_get_changed_async_fds() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_ciphers.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_ciphers.html new file mode 100644 index 00000000..2339ce7e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_ciphers.html @@ -0,0 +1,89 @@ + + + + +SSL_get_ciphers + + + + + + + + + + +

NAME

+ +

SSL_get1_supported_ciphers, SSL_get_client_ciphers, SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_bytes_to_cipher_list, SSL_get_cipher_list, SSL_get_shared_ciphers - get list of available SSL_CIPHERs

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
+STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
+STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
+STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl);
+int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
+                             int isv2format, STACK_OF(SSL_CIPHER) **sk,
+                             STACK_OF(SSL_CIPHER) **scsvs);
+const char *SSL_get_cipher_list(const SSL *ssl, int priority);
+char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
+ +

DESCRIPTION

+ +

SSL_get_ciphers() returns the stack of available SSL_CIPHERs for ssl, sorted by preference. If ssl is NULL or no ciphers are available, NULL is returned.

+ +

SSL_CTX_get_ciphers() returns the stack of available SSL_CIPHERs for ctx.

+ +

SSL_get1_supported_ciphers() returns the stack of enabled SSL_CIPHERs for ssl as would be sent in a ClientHello (that is, sorted by preference). The list depends on settings like the cipher list, the supported protocol versions, the security level, and the enabled signature algorithms. SRP and PSK ciphers are only enabled if the appropriate callbacks or settings have been applied. The list of ciphers that would be sent in a ClientHello can differ from the list of ciphers that would be acceptable when acting as a server. For example, additional ciphers may be usable by a server if there is a gap in the list of supported protocols, and some ciphers may not be usable by a server if there is not a suitable certificate configured. If ssl is NULL or no ciphers are available, NULL is returned.

+ +

SSL_get_client_ciphers() returns the stack of available SSL_CIPHERs matching the list received from the client on ssl. If ssl is NULL, no ciphers are available, or ssl is not operating in server mode, NULL is returned.

+ +

SSL_bytes_to_cipher_list() treats the supplied len octets in bytes as a wire-protocol cipher suite specification (in the three-octet-per-cipher SSLv2 wire format if isv2format is nonzero; otherwise the two-octet SSLv3/TLS wire format), and parses the cipher suites supported by the library into the returned stacks of SSL_CIPHER objects sk and Signalling Cipher-Suite Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success and 0 on failure.

+ +

SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER listed for ssl with priority. If ssl is NULL, no ciphers are available, or there are less ciphers than priority available, NULL is returned.

+ +

SSL_get_shared_ciphers() creates a colon separated and NUL terminated list of SSL_CIPHER names that are available in both the client and the server. buf is the buffer that should be populated with the list of names and size is the size of that buffer. A pointer to buf is returned on success or NULL on error. If the supplied buffer is not large enough to contain the complete list of names then a truncated list of names will be returned. Note that just because a ciphersuite is available (i.e. it is configured in the cipher list) and shared by both the client and the server it does not mean that it is enabled (see the description of SSL_get1_supported_ciphers() above). This function will return available shared ciphersuites whether or not they are enabled. This is a server side function only and must only be called after the completion of the initial handshake.

+ +

NOTES

+ +

The details of the ciphers obtained by SSL_get_ciphers(), SSL_CTX_get_ciphers() SSL_get1_supported_ciphers() and SSL_get_client_ciphers() can be obtained using the SSL_CIPHER_get_name(3) family of functions.

+ +

Call SSL_get_cipher_list() with priority starting from 0 to obtain the sorted list of available ciphers, until NULL is returned.

+ +

Note: SSL_get_ciphers(), SSL_CTX_get_ciphers() and SSL_get_client_ciphers() return a pointer to an internal cipher stack, which will be freed later on when the SSL or SSL_SESSION object is freed. Therefore, the calling code MUST NOT free the return value itself.

+ +

The stack returned by SSL_get1_supported_ciphers() should be freed using sk_SSL_CIPHER_free().

+ +

The stacks returned by SSL_bytes_to_cipher_list() should be freed using sk_SSL_CIPHER_free().

+ +

RETURN VALUES

+ +

See DESCRIPTION

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_cipher_list(3), SSL_CIPHER_get_name(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_client_random.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_client_random.html new file mode 100644 index 00000000..f1240106 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_client_random.html @@ -0,0 +1,84 @@ + + + + +SSL_get_client_random + + + + + + + + + + +

NAME

+ +

SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key, SSL_SESSION_set1_master_key - get internal TLS/SSL random values and get/set master key

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen);
+size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen);
+size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+                                  unsigned char *out, size_t outlen);
+int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
+                                size_t len);
+ +

DESCRIPTION

+ +

SSL_get_client_random() extracts the random value sent from the client to the server during the initial SSL/TLS handshake. It copies as many bytes as it can of this value into the buffer provided in out, which must have at least outlen bytes available. It returns the total number of bytes that were actually copied. If outlen is zero, SSL_get_client_random() copies nothing, and returns the total size of the client_random value.

+ +

SSL_get_server_random() behaves the same, but extracts the random value sent from the server to the client during the initial SSL/TLS handshake.

+ +

SSL_SESSION_get_master_key() behaves the same, but extracts the master secret used to guarantee the security of the SSL/TLS session. This one can be dangerous if misused; see NOTES below.

+ +

SSL_SESSION_set1_master_key() sets the master key value associated with the SSL_SESSION sess. For example, this could be used to set up a session based PSK (see SSL_CTX_set_psk_use_session_callback(3)). The master key of length len should be provided at in. The supplied master key is copied by the function, so the caller is responsible for freeing and cleaning any memory associated with in. The caller must ensure that the length of the key is suitable for the ciphersuite associated with the SSL_SESSION.

+ +

NOTES

+ +

You probably shouldn't use these functions.

+ +

These functions expose internal values from the TLS handshake, for use in low-level protocols. You probably should not use them, unless you are implementing something that needs access to the internal protocol details.

+ +

Despite the names of SSL_get_client_random() and SSL_get_server_random(), they ARE NOT random number generators. Instead, they return the mostly-random values that were already generated and used in the TLS protocol. Using them in place of RAND_bytes() would be grossly foolish.

+ +

The security of your TLS session depends on keeping the master key secret: do not expose it, or any information about it, to anybody. If you need to calculate another secret value that depends on the master secret, you should probably use SSL_export_keying_material() instead, and forget that you ever saw these functions.

+ +

In current versions of the TLS protocols, the length of client_random (and also server_random) is always SSL3_RANDOM_SIZE bytes. Support for other outlen arguments to the SSL_get_*_random() functions is provided in case of the unlikely event that a future version or variant of TLS uses some other length there.

+ +

Finally, though the "client_random" and "server_random" values are called "random", many TLS implementations will generate four bytes of those values based on their view of the current time.

+ +

RETURN VALUES

+ +

SSL_SESSION_set1_master_key() returns 1 on success or 0 on failure.

+ +

For the other functions, if outlen is greater than 0 then these functions return the number of bytes actually copied, which will be less than or equal to outlen. If outlen is 0 then these functions return the maximum number of bytes they would copy -- that is, the length of the underlying field.

+ +

SEE ALSO

+ +

ssl(7), RAND_bytes(3), SSL_export_keying_material(3), SSL_CTX_set_psk_use_session_callback(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_current_cipher.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_current_cipher.html new file mode 100644 index 00000000..68b82824 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_current_cipher.html @@ -0,0 +1,73 @@ + + + + +SSL_get_current_cipher + + + + + + + + + + +

NAME

+ +

SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, SSL_get_pending_cipher - get SSL_CIPHER of a connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
+SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl);
+
+const char *SSL_get_cipher_name(const SSL *s);
+const char *SSL_get_cipher(const SSL *s);
+int SSL_get_cipher_bits(const SSL *s, int *np);
+const char *SSL_get_cipher_version(const SSL *s);
+ +

DESCRIPTION

+ +

SSL_get_current_cipher() returns a pointer to an SSL_CIPHER object containing the description of the actually used cipher of a connection established with the ssl object. See SSL_CIPHER_get_name(3) for more details.

+ +

SSL_get_cipher_name() obtains the name of the currently used cipher. SSL_get_cipher() is identical to SSL_get_cipher_name(). SSL_get_cipher_bits() is a macro to obtain the number of secret/algorithm bits used and SSL_get_cipher_version() returns the protocol name.

+ +

SSL_get_pending_cipher() returns a pointer to an SSL_CIPHER object containing the description of the cipher (if any) that has been negotiated for future use on the connection established with the ssl object, but is not yet in use. This may be the case during handshake processing, when control flow can be returned to the application via any of several callback methods. The internal sequencing of handshake processing and callback invocation is not guaranteed to be stable from release to release, and at present only the callback set by SSL_CTX_set_alpn_select_cb() is guaranteed to have a non-NULL return value. Other callbacks may be added to this list over time.

+ +

RETURN VALUES

+ +

SSL_get_current_cipher() returns the cipher actually used, or NULL if no session has been established.

+ +

SSL_get_pending_cipher() returns the cipher to be used at the next change of cipher suite, or NULL if no such cipher is known.

+ +

NOTES

+ +

SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, and SSL_get_cipher_name are implemented as macros.

+ +

SEE ALSO

+ +

ssl(7), SSL_CIPHER_get_name(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_default_timeout.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_default_timeout.html new file mode 100644 index 00000000..7992f3a1 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_default_timeout.html @@ -0,0 +1,63 @@ + + + + +SSL_get_default_timeout + + + + + + + + + + +

NAME

+ +

SSL_get_default_timeout - get default session timeout value

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_get_default_timeout(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_default_timeout() returns the default timeout value assigned to SSL_SESSION objects negotiated for the protocol valid for ssl.

+ +

NOTES

+ +

Whenever a new session is negotiated, it is assigned a timeout value, after which it will not be accepted for session reuse. If the timeout value was not explicitly set using SSL_CTX_set_timeout(3), the hardcoded default timeout for the protocol will be used.

+ +

SSL_get_default_timeout() return this hardcoded value, which is 300 seconds for all currently supported protocols.

+ +

RETURN VALUES

+ +

See description.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_session_cache_mode(3), SSL_SESSION_get_time(3), SSL_CTX_flush_sessions(3), SSL_get_default_timeout(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_error.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_error.html new file mode 100644 index 00000000..20adf416 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_error.html @@ -0,0 +1,150 @@ + + + + +SSL_get_error + + + + + + + + + + +

NAME

+ +

SSL_get_error - obtain result code for TLS/SSL I/O operation

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_get_error(const SSL *ssl, int ret);
+ +

DESCRIPTION

+ +

SSL_get_error() returns a result code (suitable for the C "switch" statement) for a preceding call to SSL_connect(), SSL_accept(), SSL_do_handshake(), SSL_read_ex(), SSL_read(), SSL_peek_ex(), SSL_peek(), SSL_shutdown(), SSL_write_ex() or SSL_write() on ssl. The value returned by that TLS/SSL I/O function must be passed to SSL_get_error() in parameter ret.

+ +

In addition to ssl and ret, SSL_get_error() inspects the current thread's OpenSSL error queue. Thus, SSL_get_error() must be used in the same thread that performed the TLS/SSL I/O operation, and no other OpenSSL function calls should appear in between. The current thread's error queue must be empty before the TLS/SSL I/O operation is attempted, or SSL_get_error() will not work reliably.

+ +

RETURN VALUES

+ +

The following return values can currently occur:

+ +
+ +
SSL_ERROR_NONE
+
+ +

The TLS/SSL I/O operation completed. This result code is returned if and only if ret > 0.

+ +
+
SSL_ERROR_ZERO_RETURN
+
+ +

The TLS/SSL peer has closed the connection for writing by sending the close_notify alert. No more data can be read. Note that SSL_ERROR_ZERO_RETURN does not necessarily indicate that the underlying transport has been closed.

+ +
+
SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
+
+ +

The operation did not complete and can be retried later.

+ +

SSL_ERROR_WANT_READ is returned when the last operation was a read operation from a non-blocking BIO. It means that not enough data was available at this time to complete the operation. If at a later time the underlying BIO has data available for reading the same function can be called again.

+ +

SSL_read() and SSL_read_ex() can also set SSL_ERROR_WANT_READ when there is still unprocessed data available at either the SSL or the BIO layer, even for a blocking BIO. See SSL_read(3) for more information.

+ +

SSL_ERROR_WANT_WRITE is returned when the last operation was a write to a non-blocking BIO and it was unable to sent all data to the BIO. When the BIO is writeable again, the same function can be called again.

+ +

Note that the retry may again lead to an SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition. There is no fixed upper limit for the number of iterations that may be necessary until progress becomes visible at application protocol level.

+ +

It is safe to call SSL_read() or SSL_read_ex() when more data is available even when the call that set this error was an SSL_write() or SSL_write_ex(). However if the call was an SSL_write() or SSL_write_ex(), it should be called again to continue sending the application data.

+ +

For socket BIOs (e.g. when SSL_set_fd() was used), select() or poll() on the underlying socket can be used to find out when the TLS/SSL I/O function should be retried.

+ +

Caveat: Any TLS/SSL I/O function can lead to either of SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE. In particular, SSL_read_ex(), SSL_read(), SSL_peek_ex(), or SSL_peek() may want to write data and SSL_write() or SSL_write_ex() may want to read data. This is mainly because TLS/SSL handshakes may occur at any time during the protocol (initiated by either the client or the server); SSL_read_ex(), SSL_read(), SSL_peek_ex(), SSL_peek(), SSL_write_ex(), and SSL_write() will handle any pending handshakes.

+ +
+
SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT
+
+ +

The operation did not complete; the same TLS/SSL I/O function should be called again later. The underlying BIO was not connected yet to the peer and the call would block in connect()/accept(). The SSL function should be called again when the connection is established. These messages can only appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively. In order to find out, when the connection has been successfully established, on many platforms select() or poll() for writing on the socket file descriptor can be used.

+ +
+
SSL_ERROR_WANT_X509_LOOKUP
+
+ +

The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again. The TLS/SSL I/O function should be called again later. Details depend on the application.

+ +
+
SSL_ERROR_WANT_ASYNC
+
+ +

The operation did not complete because an asynchronous engine is still processing data. This will only occur if the mode has been set to SSL_MODE_ASYNC using SSL_CTX_set_mode(3) or SSL_set_mode(3) and an asynchronous capable engine is being used. An application can determine whether the engine has completed its processing using select() or poll() on the asynchronous wait file descriptor. This file descriptor is available by calling SSL_get_all_async_fds(3) or SSL_get_changed_async_fds(3). The TLS/SSL I/O function should be called again later. The function must be called from the same thread that the original call was made from.

+ +
+
SSL_ERROR_WANT_ASYNC_JOB
+
+ +

The asynchronous job could not be started because there were no async jobs available in the pool (see ASYNC_init_thread(3)). This will only occur if the mode has been set to SSL_MODE_ASYNC using SSL_CTX_set_mode(3) or SSL_set_mode(3) and a maximum limit has been set on the async job pool through a call to ASYNC_init_thread(3). The application should retry the operation after a currently executing asynchronous operation for the current thread has completed.

+ +
+
SSL_ERROR_WANT_CLIENT_HELLO_CB
+
+ +

The operation did not complete because an application callback set by SSL_CTX_set_client_hello_cb() has asked to be called again. The TLS/SSL I/O function should be called again later. Details depend on the application.

+ +
+
SSL_ERROR_SYSCALL
+
+ +

Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may contain more information on the error. For socket I/O on Unix systems, consult errno for details. If this error occurs then no further I/O operations should be performed on the connection and SSL_shutdown() must not be called.

+ +

This value can also be returned for other errors, check the error queue for details.

+ +
+
SSL_ERROR_SSL
+
+ +

A non-recoverable, fatal error in the SSL library occurred, usually a protocol error. The OpenSSL error queue contains more information on the error. If this error occurs then no further I/O operations should be performed on the connection and SSL_shutdown() must not be called.

+ +
+
+ +

BUGS

+ +

The SSL_ERROR_SYSCALL with errno value of 0 indicates unexpected EOF from the peer. This will be properly reported as SSL_ERROR_SSL with reason code SSL_R_UNEXPECTED_EOF_WHILE_READING in the OpenSSL 3.0 release because it is truly a TLS protocol error to terminate the connection without a SSL_shutdown().

+ +

The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications which choose to ignore this protocol error depend on the existing way of reporting the error.

+ +

SEE ALSO

+ +

ssl(7)

+ +

HISTORY

+ +

The SSL_ERROR_WANT_ASYNC error code was added in OpenSSL 1.1.0. The SSL_ERROR_WANT_CLIENT_HELLO_CB error code was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_extms_support.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_extms_support.html new file mode 100644 index 00000000..9b87f203 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_extms_support.html @@ -0,0 +1,58 @@ + + + + +SSL_get_extms_support + + + + + + + + + + +

NAME

+ +

SSL_get_extms_support - extended master secret support

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_get_extms_support(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_extms_support() indicates whether the current session used extended master secret.

+ +

This function is implemented as a macro.

+ +

RETURN VALUES

+ +

SSL_get_extms_support() returns 1 if the current session used extended master secret, 0 if it did not and -1 if a handshake is currently in progress i.e. it is not possible to determine if extended master secret was used.

+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_fd.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_fd.html new file mode 100644 index 00000000..6f35cc0b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_fd.html @@ -0,0 +1,74 @@ + + + + +SSL_get_fd + + + + + + + + + + +

NAME

+ +

SSL_get_fd, SSL_get_rfd, SSL_get_wfd - get file descriptor linked to an SSL object

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_get_fd(const SSL *ssl);
+int SSL_get_rfd(const SSL *ssl);
+int SSL_get_wfd(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_fd() returns the file descriptor which is linked to ssl. SSL_get_rfd() and SSL_get_wfd() return the file descriptors for the read or the write channel, which can be different. If the read and the write channel are different, SSL_get_fd() will return the file descriptor of the read channel.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
-1
+
+ +

The operation failed, because the underlying BIO is not of the correct type (suitable for file descriptors).

+ +
+
>=0
+
+ +

The file descriptor linked to ssl.

+ +
+
+ +

SEE ALSO

+ +

SSL_set_fd(3), ssl(7) , bio(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_peer_cert_chain.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_peer_cert_chain.html new file mode 100644 index 00000000..85c6b1e7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_peer_cert_chain.html @@ -0,0 +1,84 @@ + + + + +SSL_get_peer_cert_chain + + + + + + + + + + +

NAME

+ +

SSL_get_peer_cert_chain, SSL_get0_verified_chain - get the X509 certificate chain of the peer

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
+STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_peer_cert_chain() returns a pointer to STACK_OF(X509) certificates forming the certificate chain sent by the peer. If called on the client side, the stack also contains the peer's certificate; if called on the server side, the peer's certificate must be obtained separately using SSL_get_peer_certificate(3). If the peer did not present a certificate, NULL is returned.

+ +

NB: SSL_get_peer_cert_chain() returns the peer chain as sent by the peer: it only consists of certificates the peer has sent (in the order the peer has sent them) it is not a verified chain.

+ +

SSL_get0_verified_chain() returns the verified certificate chain of the peer including the peer's end entity certificate. It must be called after a session has been successfully established. If peer verification was not successful (as indicated by SSL_get_verify_result() not returning X509_V_OK) the chain may be incomplete or invalid.

+ +

NOTES

+ +

If the session is resumed peers do not send certificates so a NULL pointer is returned by these functions. Applications can call SSL_session_reused() to determine whether a session is resumed.

+ +

The reference count of each certificate in the returned STACK_OF(X509) object is not incremented and the returned stack may be invalidated by renegotiation. If applications wish to use any certificates in the returned chain indefinitely they must increase the reference counts using X509_up_ref() or obtain a copy of the whole chain with X509_chain_up_ref().

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
NULL
+
+ +

No certificate was presented by the peer or no connection was established or the certificate chain is no longer available when a session is reused.

+ +
+
Pointer to a STACK_OF(X509)
+
+ +

The return value points to the certificate chain presented by the peer.

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_get_peer_certificate(3), X509_up_ref(3), X509_chain_up_ref(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_peer_certificate.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_peer_certificate.html new file mode 100644 index 00000000..66a533dc --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_peer_certificate.html @@ -0,0 +1,81 @@ + + + + +SSL_get_peer_certificate + + + + + + + + + + +

NAME

+ +

SSL_get_peer_certificate - get the X509 certificate of the peer

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+X509 *SSL_get_peer_certificate(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_peer_certificate() returns a pointer to the X509 certificate the peer presented. If the peer did not present a certificate, NULL is returned.

+ +

NOTES

+ +

Due to the protocol definition, a TLS/SSL server will always send a certificate, if present. A client will only send a certificate when explicitly requested to do so by the server (see SSL_CTX_set_verify(3)). If an anonymous cipher is used, no certificates are sent.

+ +

That a certificate is returned does not indicate information about the verification state, use SSL_get_verify_result(3) to check the verification state.

+ +

The reference count of the X509 object is incremented by one, so that it will not be destroyed when the session containing the peer certificate is freed. The X509 object must be explicitly freed using X509_free().

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
NULL
+
+ +

No certificate was presented by the peer or no connection was established.

+ +
+
Pointer to an X509 certificate
+
+ +

The return value points to the certificate presented by the peer.

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_get_verify_result(3), SSL_CTX_set_verify(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_peer_signature_nid.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_peer_signature_nid.html new file mode 100644 index 00000000..d902e54f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_peer_signature_nid.html @@ -0,0 +1,63 @@ + + + + +SSL_get_peer_signature_nid + + + + + + + + + + +

NAME

+ +

SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, SSL_get_signature_nid, SSL_get_signature_type_nid - get TLS message signing types

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid);
+int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid);
+int SSL_get_signature_nid(SSL *ssl, int *psig_nid);
+int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid);
+ +

DESCRIPTION

+ +

SSL_get_peer_signature_nid() sets *psig_nid to the NID of the digest used by the peer to sign TLS messages. It is implemented as a macro.

+ +

SSL_get_peer_signature_type_nid() sets *psigtype_nid to the signature type used by the peer to sign TLS messages. Currently the signature type is the NID of the public key type used for signing except for PSS signing where it is EVP_PKEY_RSA_PSS. To differentiate between rsa_pss_rsae_* and rsa_pss_pss_* signatures, it's necessary to check the type of public key in the peer's certificate.

+ +

SSL_get_signature_nid() and SSL_get_signature_type_nid() return the equivalent information for the local end of the connection.

+ +

RETURN VALUES

+ +

These functions return 1 for success and 0 for failure. There are several possible reasons for failure: the cipher suite has no signature (e.g. it uses RSA key exchange or is anonymous), the TLS version is below 1.2 or the functions were called too early, e.g. before the peer signed a message.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_peer_certificate(3),

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_peer_tmp_key.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_peer_tmp_key.html new file mode 100644 index 00000000..0e6bdcce --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_peer_tmp_key.html @@ -0,0 +1,67 @@ + + + + +SSL_get_peer_tmp_key + + + + + + + + + + +

NAME

+ +

SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key - get information about temporary keys used during a handshake

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key);
+long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key);
+long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key);
+ +

DESCRIPTION

+ +

SSL_get_peer_tmp_key() returns the temporary key provided by the peer and used during key exchange. For example, if ECDHE is in use, then this represents the peer's public ECDHE key. On success a pointer to the key is stored in *key. It is the caller's responsibility to free this key after use using EVP_PKEY_free(3).

+ +

SSL_get_server_tmp_key() is a backwards compatibility alias for SSL_get_peer_tmp_key(). Under that name it worked just on the client side of the connection, its behaviour on the server end is release-dependent.

+ +

SSL_get_tmp_key() returns the equivalent information for the local end of the connection.

+ +

RETURN VALUES

+ +

All these functions return 1 on success and 0 otherwise.

+ +

NOTES

+ +

This function is implemented as a macro.

+ +

SEE ALSO

+ +

ssl(7), EVP_PKEY_free(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_psk_identity.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_psk_identity.html new file mode 100644 index 00000000..11536ec3 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_psk_identity.html @@ -0,0 +1,54 @@ + + + + +SSL_get_psk_identity + + + + + + + + + + +

NAME

+ +

SSL_get_psk_identity, SSL_get_psk_identity_hint - get PSK client identity and hint

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const char *SSL_get_psk_identity_hint(const SSL *ssl);
+const char *SSL_get_psk_identity(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_psk_identity_hint() is used to retrieve the PSK identity hint used during the connection setup related to SSL object ssl. Similarly, SSL_get_psk_identity() is used to retrieve the PSK identity used during the connection setup.

+ +

RETURN VALUES

+ +

If non-NULL, SSL_get_psk_identity_hint() returns the PSK identity hint and SSL_get_psk_identity() returns the PSK identity. Both are NULL-terminated. SSL_get_psk_identity_hint() may return NULL if no PSK identity hint was used during the connection setup.

+ +

Note that the return value is valid only during the lifetime of the SSL object ssl.

+ +

COPYRIGHT

+ +

Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_rbio.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_rbio.html new file mode 100644 index 00000000..94874234 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_rbio.html @@ -0,0 +1,73 @@ + + + + +SSL_get_rbio + + + + + + + + + + +

NAME

+ +

SSL_get_rbio, SSL_get_wbio - get BIO linked to an SSL object

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+BIO *SSL_get_rbio(SSL *ssl);
+BIO *SSL_get_wbio(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_rbio() and SSL_get_wbio() return pointers to the BIOs for the read or the write channel, which can be different. The reference count of the BIO is not incremented.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
NULL
+
+ +

No BIO was connected to the SSL object

+ +
+
Any other pointer
+
+ +

The BIO linked to ssl.

+ +
+
+ +

SEE ALSO

+ +

SSL_set_bio(3), ssl(7) , bio(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_session.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_session.html new file mode 100644 index 00000000..11f71929 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_session.html @@ -0,0 +1,97 @@ + + + + +SSL_get_session + + + + + + + + + + +

NAME

+ +

SSL_get_session, SSL_get0_session, SSL_get1_session - retrieve TLS/SSL session data

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL_SESSION *SSL_get_session(const SSL *ssl);
+SSL_SESSION *SSL_get0_session(const SSL *ssl);
+SSL_SESSION *SSL_get1_session(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_session() returns a pointer to the SSL_SESSION actually used in ssl. The reference count of the SSL_SESSION is not incremented, so that the pointer can become invalid by other operations.

+ +

SSL_get0_session() is the same as SSL_get_session().

+ +

SSL_get1_session() is the same as SSL_get_session(), but the reference count of the SSL_SESSION is incremented by one.

+ +

NOTES

+ +

The ssl session contains all information required to re-establish the connection without a full handshake for SSL versions up to and including TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the main handshake has occurred. The server will send the session information to the client at a time of its choosing, which may be some while after the initial connection is established (or never). Calling these functions on the client side in TLSv1.3 before the session has been established will still return an SSL_SESSION object but that object cannot be used for resuming the session. See SSL_SESSION_is_resumable(3) for information on how to determine whether an SSL_SESSION object can be used for resumption or not.

+ +

Additionally, in TLSv1.3, a server can send multiple messages that establish a session for a single connection. In that case the above functions will only return information on the last session that was received.

+ +

The preferred way for applications to obtain a resumable SSL_SESSION object is to use a new session callback as described in SSL_CTX_sess_set_new_cb(3). The new session callback is only invoked when a session is actually established, so this avoids the problem described above where an application obtains an SSL_SESSION object that cannot be used for resumption in TLSv1.3. It also enables applications to obtain information about all sessions sent by the server.

+ +

A session will be automatically removed from the session cache and marked as non-resumable if the connection is not closed down cleanly, e.g. if a fatal error occurs on the connection or SSL_shutdown(3) is not called prior to SSL_free(3).

+ +

In TLSv1.3 it is recommended that each SSL_SESSION object is only used for resumption once.

+ +

SSL_get0_session() returns a pointer to the actual session. As the reference counter is not incremented, the pointer is only valid while the connection is in use. If SSL_clear(3) or SSL_free(3) is called, the session may be removed completely (if considered bad), and the pointer obtained will become invalid. Even if the session is valid, it can be removed at any time due to timeout during SSL_CTX_flush_sessions(3).

+ +

If the data is to be kept, SSL_get1_session() will increment the reference count, so that the session will not be implicitly removed by other operations but stays in memory. In order to remove the session SSL_SESSION_free(3) must be explicitly called once to decrement the reference count again.

+ +

SSL_SESSION objects keep internal link information about the session cache list, when being inserted into one SSL_CTX object's session cache. One SSL_SESSION object, regardless of its reference count, must therefore only be used with one SSL_CTX object (and the SSL objects created from this SSL_CTX object).

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
NULL
+
+ +

There is no session available in ssl.

+ +
+
Pointer to an SSL_SESSION
+
+ +

The return value points to the data of an SSL session.

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_free(3), SSL_clear(3), SSL_SESSION_free(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_shared_sigalgs.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_shared_sigalgs.html new file mode 100644 index 00000000..74b0ff11 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_shared_sigalgs.html @@ -0,0 +1,83 @@ + + + + +SSL_get_shared_sigalgs + + + + + + + + + + +

NAME

+ +

SSL_get_shared_sigalgs, SSL_get_sigalgs - get supported signature algorithms

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_get_shared_sigalgs(SSL *s, int idx,
+                           int *psign, int *phash, int *psignhash,
+                           unsigned char *rsig, unsigned char *rhash);
+
+int SSL_get_sigalgs(SSL *s, int idx,
+                    int *psign, int *phash, int *psignhash,
+                    unsigned char *rsig, unsigned char *rhash);
+ +

DESCRIPTION

+ +

SSL_get_shared_sigalgs() returns information about the shared signature algorithms supported by peer s. The parameter idx indicates the index of the shared signature algorithm to return starting from zero. The signature algorithm NID is written to *psign, the hash NID to *phash and the sign and hash NID to *psignhash. The raw signature and hash values are written to *rsig and *rhash.

+ +

SSL_get_sigalgs() is similar to SSL_get_shared_sigalgs() except it returns information about all signature algorithms supported by s in the order they were sent by the peer.

+ +

RETURN VALUES

+ +

SSL_get_shared_sigalgs() and SSL_get_sigalgs() return the number of signature algorithms or 0 if the idx parameter is out of range.

+ +

NOTES

+ +

These functions are typically called for debugging purposes (to report the peer's preferences) or where an application wants finer control over certificate selection. Most applications will rely on internal handling and will not need to call them.

+ +

If an application is only interested in the highest preference shared signature algorithm it can just set idx to zero.

+ +

Any or all of the parameters psign, phash, psignhash, rsig or rhash can be set to NULL if the value is not required. By setting them all to NULL and setting idx to zero the total number of signature algorithms can be determined: which can be zero.

+ +

These functions must be called after the peer has sent a list of supported signature algorithms: after a client hello (for servers) or a certificate request (for clients). They can (for example) be called in the certificate callback.

+ +

Only TLS 1.2, TLS 1.3 and DTLS 1.2 currently support signature algorithms. If these functions are called on an earlier version of TLS or DTLS zero is returned.

+ +

The shared signature algorithms returned by SSL_get_shared_sigalgs() are ordered according to configuration and peer preferences.

+ +

The raw values correspond to the on the wire form as defined by RFC5246 et al. The NIDs are OpenSSL equivalents. For example if the peer sent sha256(4) and rsa(1) then *rhash would be 4, *rsign 1, *phash NID_sha256, *psig NID_rsaEncryption and *psighash NID_sha256WithRSAEncryption.

+ +

If a signature algorithm is not recognised the corresponding NIDs will be set to NID_undef. This may be because the value is not supported, is not an appropriate combination (for example MD5 and DSA) or the signature algorithm does not use a hash (for example Ed25519).

+ +

SEE ALSO

+ +

SSL_CTX_set_cert_cb(3), ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_verify_result.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_verify_result.html new file mode 100644 index 00000000..ef91b1e1 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_verify_result.html @@ -0,0 +1,84 @@ + + + + +SSL_get_verify_result + + + + + + + + + + +

NAME

+ +

SSL_get_verify_result - get result of peer certificate verification

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+long SSL_get_verify_result(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_get_verify_result() returns the result of the verification of the X509 certificate presented by the peer, if any.

+ +

NOTES

+ +

SSL_get_verify_result() can only return one error code while the verification of a certificate can fail because of many reasons at the same time. Only the last verification error that occurred during the processing is available from SSL_get_verify_result().

+ +

The verification result is part of the established session and is restored when a session is reused.

+ +

BUGS

+ +

If no peer certificate was presented, the returned result code is X509_V_OK. This is because no verification error occurred, it does however not indicate success. SSL_get_verify_result() is only useful in connection with SSL_get_peer_certificate(3).

+ +

RETURN VALUES

+ +

The following return values can currently occur:

+ +
+ +
X509_V_OK
+
+ +

The verification succeeded or no peer certificate was presented.

+ +
+
Any other value
+
+ +

Documented in verify(1).

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_set_verify_result(3), SSL_get_peer_certificate(3), verify(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_version.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_version.html new file mode 100644 index 00000000..98f55b6a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_get_version.html @@ -0,0 +1,145 @@ + + + + +SSL_get_version + + + + + + + + + + +

NAME

+ +

SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version - get the protocol information of a connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_client_version(const SSL *s);
+
+const char *SSL_get_version(const SSL *ssl);
+
+int SSL_is_dtls(const SSL *ssl);
+
+int SSL_version(const SSL *s);
+ +

DESCRIPTION

+ +

SSL_client_version() returns the numeric protocol version advertised by the client in the legacy_version field of the ClientHello when initiating the connection. Note that, for TLS, this value will never indicate a version greater than TLSv1.2 even if TLSv1.3 is subsequently negotiated. SSL_get_version() returns the name of the protocol used for the connection. SSL_version() returns the numeric protocol version used for the connection. They should only be called after the initial handshake has been completed. Prior to that the results returned from these functions may be unreliable.

+ +

SSL_is_dtls() returns one if the connection is using DTLS, zero if not.

+ +

RETURN VALUES

+ +

SSL_get_version() returns one of the following strings:

+ +
+ +
SSLv3
+
+ +

The connection uses the SSLv3 protocol.

+ +
+
TLSv1
+
+ +

The connection uses the TLSv1.0 protocol.

+ +
+
TLSv1.1
+
+ +

The connection uses the TLSv1.1 protocol.

+ +
+
TLSv1.2
+
+ +

The connection uses the TLSv1.2 protocol.

+ +
+
TLSv1.3
+
+ +

The connection uses the TLSv1.3 protocol.

+ +
+
unknown
+
+ +

This indicates an unknown protocol version.

+ +
+
+ +

SSL_version() and SSL_client_version() return an integer which could include any of the following:

+ +
+ +
SSL3_VERSION
+
+ +

The connection uses the SSLv3 protocol.

+ +
+
TLS1_VERSION
+
+ +

The connection uses the TLSv1.0 protocol.

+ +
+
TLS1_1_VERSION
+
+ +

The connection uses the TLSv1.1 protocol.

+ +
+
TLS1_2_VERSION
+
+ +

The connection uses the TLSv1.2 protocol.

+ +
+
TLS1_3_VERSION
+
+ +

The connection uses the TLSv1.3 protocol (never returned for SSL_client_version()).

+ +
+
+ +

SEE ALSO

+ +

ssl(7)

+ +

HISTORY

+ +

The SSL_is_dtls() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_in_init.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_in_init.html new file mode 100644 index 00000000..63fbe249 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_in_init.html @@ -0,0 +1,117 @@ + + + + +SSL_in_init + + + + + + + + + + +

NAME

+ +

SSL_in_before, SSL_in_init, SSL_is_init_finished, SSL_in_connect_init, SSL_in_accept_init, SSL_get_state - retrieve information about the handshake state machine

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_in_init(const SSL *s);
+int SSL_in_before(const SSL *s);
+int SSL_is_init_finished(const SSL *s);
+
+int SSL_in_connect_init(SSL *s);
+int SSL_in_accept_init(SSL *s);
+
+OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_in_init() returns 1 if the SSL/TLS state machine is currently processing or awaiting handshake messages, or 0 otherwise.

+ +

SSL_in_before() returns 1 if no SSL/TLS handshake has yet been initiated, or 0 otherwise.

+ +

SSL_is_init_finished() returns 1 if the SSL/TLS connection is in a state where fully protected application data can be transferred or 0 otherwise.

+ +

Note that in some circumstances (such as when early data is being transferred) SSL_in_init(), SSL_in_before() and SSL_is_init_finished() can all return 0.

+ +

SSL_in_connect_init() returns 1 if s is acting as a client and SSL_in_init() would return 1, or 0 otherwise.

+ +

SSL_in_accept_init() returns 1 if s is acting as a server and SSL_in_init() would return 1, or 0 otherwise.

+ +

SSL_in_connect_init() and SSL_in_accept_init() are implemented as macros.

+ +

SSL_get_state() returns a value indicating the current state of the handshake state machine. OSSL_HANDSHAKE_STATE is an enumerated type where each value indicates a discrete state machine state. Note that future versions of OpenSSL may define more states so applications should expect to receive unrecognised state values. The naming format is made up of a number of elements as follows:

+ +

protocol_ST_role_message

+ +

protocol is one of TLS or DTLS. DTLS is used where a state is specific to the DTLS protocol. Otherwise TLS is used.

+ +

role is one of CR, CW, SR or SW to indicate "client reading", "client writing", "server reading" or "server writing" respectively.

+ +

message is the name of a handshake message that is being or has been sent, or is being or has been processed.

+ +

Additionally there are some special states that do not conform to the above format. These are:

+ +
+ +
TLS_ST_BEFORE
+
+ +

No handshake messages have yet been been sent or received.

+ +
+
TLS_ST_OK
+
+ +

Handshake message sending/processing has completed.

+ +
+
TLS_ST_EARLY_DATA
+
+ +

Early data is being processed

+ +
+
TLS_ST_PENDING_EARLY_DATA_END
+
+ +

Awaiting the end of early data processing

+ +
+
+ +

RETURN VALUES

+ +

SSL_in_init(), SSL_in_before(), SSL_is_init_finished(), SSL_in_connect_init() and SSL_in_accept_init() return values as indicated above.

+ +

SSL_get_state() returns the current handshake state.

+ +

SEE ALSO

+ +

ssl(7), SSL_read_early_data(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_key_update.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_key_update.html new file mode 100644 index 00000000..cb6cab6e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_key_update.html @@ -0,0 +1,86 @@ + + + + +SSL_key_update + + + + + + + + + + +

NAME

+ +

SSL_key_update, SSL_get_key_update_type, SSL_renegotiate, SSL_renegotiate_abbreviated, SSL_renegotiate_pending - initiate and obtain information about updating connection keys

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_key_update(SSL *s, int updatetype);
+int SSL_get_key_update_type(const SSL *s);
+
+int SSL_renegotiate(SSL *s);
+int SSL_renegotiate_abbreviated(SSL *s);
+int SSL_renegotiate_pending(const SSL *s);
+ +

DESCRIPTION

+ +

SSL_key_update() schedules an update of the keys for the current TLS connection. If the updatetype parameter is set to SSL_KEY_UPDATE_NOT_REQUESTED then the sending keys for this connection will be updated and the peer will be informed of the change. If the updatetype parameter is set to SSL_KEY_UPDATE_REQUESTED then the sending keys for this connection will be updated and the peer will be informed of the change along with a request for the peer to additionally update its sending keys. It is an error if updatetype is set to SSL_KEY_UPDATE_NONE.

+ +

SSL_key_update() must only be called after the initial handshake has been completed and TLSv1.3 has been negotiated. The key update will not take place until the next time an IO operation such as SSL_read_ex() or SSL_write_ex() takes place on the connection. Alternatively SSL_do_handshake() can be called to force the update to take place immediately.

+ +

SSL_get_key_update_type() can be used to determine whether a key update operation has been scheduled but not yet performed. The type of the pending key update operation will be returned if there is one, or SSL_KEY_UPDATE_NONE otherwise.

+ +

SSL_renegotiate() and SSL_renegotiate_abbreviated() should only be called for connections that have negotiated TLSv1.2 or less. Calling them on any other connection will result in an error.

+ +

When called from the client side, SSL_renegotiate() schedules a completely new handshake over an existing SSL/TLS connection. The next time an IO operation such as SSL_read_ex() or SSL_write_ex() takes place on the connection a check will be performed to confirm that it is a suitable time to start a renegotiation. If so, then it will be initiated immediately. OpenSSL will not attempt to resume any session associated with the connection in the new handshake.

+ +

When called from the client side, SSL_renegotiate_abbreviated() works in the same was as SSL_renegotiate() except that OpenSSL will attempt to resume the session associated with the current connection in the new handshake.

+ +

When called from the server side, SSL_renegotiate() and SSL_renegotiate_abbreviated() behave identically. They both schedule a request for a new handshake to be sent to the client. The next time an IO operation is performed then the same checks as on the client side are performed and then, if appropriate, the request is sent. The client may or may not respond with a new handshake and it may or may not attempt to resume an existing session. If a new handshake is started then this will be handled transparently by calling any OpenSSL IO function.

+ +

If an OpenSSL client receives a renegotiation request from a server then again this will be handled transparently through calling any OpenSSL IO function. For a TLS connection the client will attempt to resume the current session in the new handshake. For historical reasons, DTLS clients will not attempt to resume the session in the new handshake.

+ +

The SSL_renegotiate_pending() function returns 1 if a renegotiation or renegotiation request has been scheduled but not yet acted on, or 0 otherwise.

+ +

RETURN VALUES

+ +

SSL_key_update(), SSL_renegotiate() and SSL_renegotiate_abbreviated() return 1 on success or 0 on error.

+ +

SSL_get_key_update_type() returns the update type of the pending key update operation or SSL_KEY_UPDATE_NONE if there is none.

+ +

SSL_renegotiate_pending() returns 1 if a renegotiation or renegotiation request has been scheduled but not yet acted on, or 0 otherwise.

+ +

SEE ALSO

+ +

ssl(7), SSL_read_ex(3), SSL_write_ex(3), SSL_do_handshake(3)

+ +

HISTORY

+ +

The SSL_key_update() and SSL_get_key_update_type() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_library_init.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_library_init.html new file mode 100644 index 00000000..e3828037 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_library_init.html @@ -0,0 +1,75 @@ + + + + +SSL_library_init + + + + + + + + + + +

NAME

+ +

SSL_library_init, OpenSSL_add_ssl_algorithms - initialize SSL library by registering algorithms

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_library_init(void);
+
+int OpenSSL_add_ssl_algorithms(void);
+ +

DESCRIPTION

+ +

SSL_library_init() registers the available SSL/TLS ciphers and digests.

+ +

OpenSSL_add_ssl_algorithms() is a synonym for SSL_library_init() and is implemented as a macro.

+ +

NOTES

+ +

SSL_library_init() must be called before any other action takes place. SSL_library_init() is not reentrant.

+ +

WARNINGS

+ +

SSL_library_init() adds ciphers and digests used directly and indirectly by SSL/TLS.

+ +

RETURN VALUES

+ +

SSL_library_init() always returns "1", so it is safe to discard the return value.

+ +

SEE ALSO

+ +

ssl(7), RAND_add(3)

+ +

HISTORY

+ +

The SSL_library_init() and OpenSSL_add_ssl_algorithms() functions were deprecated in OpenSSL 1.1.0 by OPENSSL_init_ssl().

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_load_client_CA_file.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_load_client_CA_file.html new file mode 100644 index 00000000..084b903c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_load_client_CA_file.html @@ -0,0 +1,102 @@ + + + + +SSL_load_client_CA_file + + + + + + + + + + +

NAME

+ +

SSL_load_client_CA_file, SSL_add_file_cert_subjects_to_stack, SSL_add_dir_cert_subjects_to_stack - load certificate names

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+
+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                        const char *file)
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                       const char *dir)
+ +

DESCRIPTION

+ +

SSL_load_client_CA_file() reads certificates from file and returns a STACK_OF(X509_NAME) with the subject names found.

+ +

SSL_add_file_cert_subjects_to_stack() reads certificates from file, and adds their subject name to the already existing stack.

+ +

SSL_add_dir_cert_subjects_to_stack() reads certificates from every file in the directory dir, and adds their subject name to the already existing stack.

+ +

NOTES

+ +

SSL_load_client_CA_file() reads a file of PEM formatted certificates and extracts the X509_NAMES of the certificates found. While the name suggests the specific usage as support function for SSL_CTX_set_client_CA_list(3), it is not limited to CA certificates.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
NULL
+
+ +

The operation failed, check out the error stack for the reason.

+ +
+
Pointer to STACK_OF(X509_NAME)
+
+ +

Pointer to the subject names of the successfully read certificates.

+ +
+
+ +

EXAMPLES

+ +

Load names of CAs from file and use it as a client CA list:

+ +
SSL_CTX *ctx;
+STACK_OF(X509_NAME) *cert_names;
+
+...
+cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
+if (cert_names != NULL)
+    SSL_CTX_set_client_CA_list(ctx, cert_names);
+else
+    /* error */
+...
+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_client_CA_list(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_new.html new file mode 100644 index 00000000..8c4a2dce --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_new.html @@ -0,0 +1,80 @@ + + + + +SSL_new + + + + + + + + + + +

NAME

+ +

SSL_dup, SSL_new, SSL_up_ref - create an SSL structure for a connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL *SSL_dup(SSL *s);
+SSL *SSL_new(SSL_CTX *ctx);
+int SSL_up_ref(SSL *s);
+ +

DESCRIPTION

+ +

SSL_new() creates a new SSL structure which is needed to hold the data for a TLS/SSL connection. The new structure inherits the settings of the underlying context ctx: connection method, options, verification settings, timeout settings. An SSL structure is reference counted. Creating an SSL structure for the first time increments the reference count. Freeing it (using SSL_free) decrements it. When the reference count drops to zero, any memory or resources allocated to the SSL structure are freed.

+ +

SSL_up_ref() increments the reference count for an existing SSL structure.

+ +

SSL_dup() duplicates an existing SSL structure into a new allocated one. All settings are inherited from the original SSL structure. Dynamic data (i.e. existing connection details) are not copied, the new SSL is set into an initial accept (server) or connect (client) state.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
NULL
+
+ +

The creation of a new SSL structure failed. Check the error stack to find out the reason.

+ +
+
Pointer to an SSL structure
+
+ +

The return value points to an allocated SSL structure.

+ +

SSL_up_ref() returns 1 for success and 0 for failure.

+ +
+
+ +

SEE ALSO

+ +

SSL_free(3), SSL_clear(3), SSL_CTX_set_options(3), SSL_get_SSL_CTX(3), ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_pending.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_pending.html new file mode 100644 index 00000000..ed0a2335 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_pending.html @@ -0,0 +1,68 @@ + + + + +SSL_pending + + + + + + + + + + +

NAME

+ +

SSL_pending, SSL_has_pending - check for readable bytes buffered in an SSL object

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_pending(const SSL *ssl);
+int SSL_has_pending(const SSL *s);
+ +

DESCRIPTION

+ +

Data is received in whole blocks known as records from the peer. A whole record is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is read by the application via a call to SSL_read_ex(3) or SSL_read(3).

+ +

SSL_pending() returns the number of bytes which have been processed, buffered and are available inside ssl for immediate read.

+ +

If the SSL object's read_ahead flag is set (see SSL_CTX_set_read_ahead(3)), additional protocol bytes (beyond the current record) may have been read containing more TLS/SSL records. This also applies to DTLS and pipelining (see SSL_CTX_set_split_send_fragment(3)). These additional bytes will be buffered by OpenSSL but will remain unprocessed until they are needed. As these bytes are still in an unprocessed state SSL_pending() will ignore them. Therefore it is possible for no more bytes to be readable from the underlying BIO (because OpenSSL has already read them) and for SSL_pending() to return 0, even though readable application data bytes are available (because the data is in unprocessed buffered records).

+ +

SSL_has_pending() returns 1 if s has buffered data (whether processed or unprocessed) and 0 otherwise. Note that it is possible for SSL_has_pending() to return 1, and then a subsequent call to SSL_read_ex() or SSL_read() to return no data because the unprocessed buffered data when processed yielded no application data (for example this can happen during renegotiation). It is also possible in this scenario for SSL_has_pending() to continue to return 1 even after an SSL_read_ex() or SSL_read() call because the buffered and unprocessed data is not yet processable (e.g. because OpenSSL has only received a partial record so far).

+ +

RETURN VALUES

+ +

SSL_pending() returns the number of buffered and processed application data bytes that are pending and are available for immediate read. SSL_has_pending() returns 1 if there is buffered record data in the SSL object and 0 otherwise.

+ +

SEE ALSO

+ +

SSL_read_ex(3), SSL_read(3), SSL_CTX_set_read_ahead(3), SSL_CTX_set_split_send_fragment(3), ssl(7)

+ +

HISTORY

+ +

The SSL_has_pending() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_read.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_read.html new file mode 100644 index 00000000..9e10f776 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_read.html @@ -0,0 +1,106 @@ + + + + +SSL_read + + + + + + + + + + +

NAME

+ +

SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek - read bytes from a TLS/SSL connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+int SSL_read(SSL *ssl, void *buf, int num);
+
+int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+int SSL_peek(SSL *ssl, void *buf, int num);
+ +

DESCRIPTION

+ +

SSL_read_ex() and SSL_read() try to read num bytes from the specified ssl into the buffer buf. On success SSL_read_ex() will store the number of bytes actually read in *readbytes.

+ +

SSL_peek_ex() and SSL_peek() are identical to SSL_read_ex() and SSL_read() respectively except no bytes are actually removed from the underlying BIO during the read, so that a subsequent call to SSL_read_ex() or SSL_read() will yield at least the same bytes.

+ +

NOTES

+ +

In the paragraphs below a "read function" is defined as one of SSL_read_ex(), SSL_read(), SSL_peek_ex() or SSL_peek().

+ +

If necessary, a read function will negotiate a TLS/SSL session, if not already explicitly performed by SSL_connect(3) or SSL_accept(3). If the peer requests a re-negotiation, it will be performed transparently during the read function operation. The behaviour of the read functions depends on the underlying BIO.

+ +

For the transparent negotiation to succeed, the ssl must have been initialized to client or server mode. This is being done by calling SSL_set_connect_state(3) or SSL_set_accept_state() before the first invocation of a read function.

+ +

The read functions work based on the SSL/TLS records. The data are received in records (with a maximum record size of 16kB). Only when a record has been completely received, can it be processed (decryption and check of integrity). Therefore data that was not retrieved at the last read call can still be buffered inside the SSL layer and will be retrieved on the next read call. If num is higher than the number of bytes buffered then the read functions will return with the bytes buffered. If no more bytes are in the buffer, the read functions will trigger the processing of the next record. Only when the record has been received and processed completely will the read functions return reporting success. At most the contents of one record will be returned. As the size of an SSL/TLS record may exceed the maximum packet size of the underlying transport (e.g. TCP), it may be necessary to read several packets from the transport layer before the record is complete and the read call can succeed.

+ +

If SSL_MODE_AUTO_RETRY has been switched off and a non-application data record has been processed, the read function can return and set the error to SSL_ERROR_WANT_READ. In this case there might still be unprocessed data available in the BIO. If read ahead was set using SSL_CTX_set_read_ahead(3), there might also still be unprocessed data available in the SSL. This behaviour can be controlled using the SSL_CTX_set_mode(3) call.

+ +

If the underlying BIO is blocking, a read function will only return once the read operation has been finished or an error occurred, except when a non-application data record has been processed and SSL_MODE_AUTO_RETRY is not set. Note that if SSL_MODE_AUTO_RETRY is set and only non-application data is available the call will hang.

+ +

If the underlying BIO is non-blocking, a read function will also return when the underlying BIO could not satisfy the needs of the function to continue the operation. In this case a call to SSL_get_error(3) with the return value of the read function will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. As at any time it's possible that non-application data needs to be sent, a read function can also cause write operations. The calling process then must repeat the call after taking appropriate action to satisfy the needs of the read function. The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue.

+ +

SSL_pending(3) can be used to find out whether there are buffered bytes available for immediate retrieval. In this case the read function can be called without blocking or actually receiving new data from the underlying socket.

+ +

RETURN VALUES

+ +

SSL_read_ex() and SSL_peek_ex() will return 1 for success or 0 for failure. Success means that 1 or more application data bytes have been read from the SSL connection. Failure means that no bytes could be read from the SSL connection. Failures can be retryable (e.g. we are waiting for more bytes to be delivered by the network) or non-retryable (e.g. a fatal network error). In the event of a failure call SSL_get_error(3) to find out the reason which indicates whether the call is retryable or not.

+ +

For SSL_read() and SSL_peek() the following return values can occur:

+ +
+ +
> 0
+
+ +

The read operation was successful. The return value is the number of bytes actually read from the TLS/SSL connection.

+ +
+
<= 0
+
+ +

The read operation was not successful, because either the connection was closed, an error occurred or action must be taken by the calling process. Call SSL_get_error(3) with the return value ret to find out the reason.

+ +

Old documentation indicated a difference between 0 and -1, and that -1 was retryable. You should instead call SSL_get_error() to find out if it's retryable.

+ +
+
+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_write_ex(3), SSL_CTX_set_mode(3), SSL_CTX_new(3), SSL_connect(3), SSL_accept(3) SSL_set_connect_state(3), SSL_pending(3), SSL_shutdown(3), SSL_set_shutdown(3), ssl(7), bio(7)

+ +

HISTORY

+ +

The SSL_read_ex() and SSL_peek_ex() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_read_early_data.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_read_early_data.html new file mode 100644 index 00000000..a95d72ef --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_read_early_data.html @@ -0,0 +1,184 @@ + + + + +SSL_read_early_data + + + + + + + + + + +

NAME

+ +

SSL_set_max_early_data, SSL_CTX_set_max_early_data, SSL_get_max_early_data, SSL_CTX_get_max_early_data, SSL_set_recv_max_early_data, SSL_CTX_set_recv_max_early_data, SSL_get_recv_max_early_data, SSL_CTX_get_recv_max_early_data, SSL_SESSION_get_max_early_data, SSL_SESSION_set_max_early_data, SSL_write_early_data, SSL_read_early_data, SSL_get_early_data_status, SSL_allow_early_data_cb_fn, SSL_CTX_set_allow_early_data_cb, SSL_set_allow_early_data_cb - functions for sending and receiving early data

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data);
+uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);
+int SSL_set_max_early_data(SSL *s, uint32_t max_early_data);
+uint32_t SSL_get_max_early_data(const SSL *s);
+
+int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data);
+uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx);
+int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data);
+uint32_t SSL_get_recv_max_early_data(const SSL *s);
+
+uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s);
+int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data);
+
+int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written);
+
+int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes);
+
+int SSL_get_early_data_status(const SSL *s);
+
+
+typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg);
+
+void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
+                                     SSL_allow_early_data_cb_fn cb,
+                                     void *arg);
+void SSL_set_allow_early_data_cb(SSL *s,
+                                 SSL_allow_early_data_cb_fn cb,
+                                 void *arg);
+ +

DESCRIPTION

+ +

These functions are used to send and receive early data where TLSv1.3 has been negotiated. Early data can be sent by the client immediately after its initial ClientHello without having to wait for the server to complete the handshake. Early data can only be sent if a session has previously been established with the server, and the server is known to support it. Additionally these functions can be used to send data from the server to the client when the client has not yet completed the authentication stage of the handshake.

+ +

Early data has weaker security properties than other data sent over an SSL/TLS connection. In particular the data does not have forward secrecy. There are also additional considerations around replay attacks (see "REPLAY PROTECTION" below). For these reasons extreme care should be exercised when using early data. For specific details, consult the TLS 1.3 specification.

+ +

When a server receives early data it may opt to immediately respond by sending application data back to the client. Data sent by the server at this stage is done before the full handshake has been completed. Specifically the client's authentication messages have not yet been received, i.e. the client is unauthenticated at this point and care should be taken when using this capability.

+ +

A server or client can determine whether the full handshake has been completed or not by calling SSL_is_init_finished(3).

+ +

On the client side, the function SSL_SESSION_get_max_early_data() can be used to determine if a session established with a server can be used to send early data. If the session cannot be used then this function will return 0. Otherwise it will return the maximum number of early data bytes that can be sent.

+ +

The function SSL_SESSION_set_max_early_data() sets the maximum number of early data bytes that can be sent for a session. This would typically be used when creating a PSK session file (see SSL_CTX_set_psk_use_session_callback(3)). If using a ticket based PSK then this is set automatically to the value provided by the server.

+ +

A client uses the function SSL_write_early_data() to send early data. This function is similar to the SSL_write_ex(3) function, but with the following differences. See SSL_write_ex(3) for information on how to write bytes to the underlying connection, and how to handle any errors that may arise. This page describes the differences between SSL_write_early_data() and SSL_write_ex(3).

+ +

When called by a client, SSL_write_early_data() must be the first IO function called on a new connection, i.e. it must occur before any calls to SSL_write_ex(3), SSL_read_ex(3), SSL_connect(3), SSL_do_handshake(3) or other similar functions. It may be called multiple times to stream data to the server, but the total number of bytes written must not exceed the value returned from SSL_SESSION_get_max_early_data(). Once the initial SSL_write_early_data() call has completed successfully the client may interleave calls to SSL_read_ex(3) and SSL_read(3) with calls to SSL_write_early_data() as required.

+ +

If SSL_write_early_data() fails you should call SSL_get_error(3) to determine the correct course of action, as for SSL_write_ex(3).

+ +

When the client no longer wishes to send any more early data then it should complete the handshake by calling a function such as SSL_connect(3) or SSL_do_handshake(3). Alternatively you can call a standard write function such as SSL_write_ex(3), which will transparently complete the connection and write the requested data.

+ +

A server may choose to ignore early data that has been sent to it. Once the connection has been completed you can determine whether the server accepted or rejected the early data by calling SSL_get_early_data_status(). This will return SSL_EARLY_DATA_ACCEPTED if the data was accepted, SSL_EARLY_DATA_REJECTED if it was rejected or SSL_EARLY_DATA_NOT_SENT if no early data was sent. This function may be called by either the client or the server.

+ +

A server uses the SSL_read_early_data() function to receive early data on a connection for which early data has been enabled using SSL_CTX_set_max_early_data() or SSL_set_max_early_data(). As for SSL_write_early_data(), this must be the first IO function called on a connection, i.e. it must occur before any calls to SSL_write_ex(3), SSL_read_ex(3), SSL_accept(3), SSL_do_handshake(3), or other similar functions.

+ +

SSL_read_early_data() is similar to SSL_read_ex(3) with the following differences. Refer to SSL_read_ex(3) for full details.

+ +

SSL_read_early_data() may return 3 possible values:

+ +
+ +
SSL_READ_EARLY_DATA_ERROR
+
+ +

This indicates an IO or some other error occurred. This should be treated in the same way as a 0 return value from SSL_read_ex(3).

+ +
+
SSL_READ_EARLY_DATA_SUCCESS
+
+ +

This indicates that early data was successfully read. This should be treated in the same way as a 1 return value from SSL_read_ex(3). You should continue to call SSL_read_early_data() to read more data.

+ +
+
SSL_READ_EARLY_DATA_FINISH
+
+ +

This indicates that no more early data can be read. It may be returned on the first call to SSL_read_early_data() if the client has not sent any early data, or if the early data was rejected.

+ +
+
+ +

Once the initial SSL_read_early_data() call has completed successfully (i.e. it has returned SSL_READ_EARLY_DATA_SUCCESS or SSL_READ_EARLY_DATA_FINISH) then the server may choose to write data immediately to the unauthenticated client using SSL_write_early_data(). If SSL_read_early_data() returned SSL_READ_EARLY_DATA_FINISH then in some situations (e.g. if the client only supports TLSv1.2) the handshake may have already been completed and calls to SSL_write_early_data() are not allowed. Call SSL_is_init_finished(3) to determine whether the handshake has completed or not. If the handshake is still in progress then the server may interleave calls to SSL_write_early_data() with calls to SSL_read_early_data() as required.

+ +

Servers must not call SSL_read_ex(3), SSL_read(3), SSL_write_ex(3) or SSL_write(3) until SSL_read_early_data() has returned with SSL_READ_EARLY_DATA_FINISH. Once it has done so the connection to the client still needs to be completed. Complete the connection by calling a function such as SSL_accept(3) or SSL_do_handshake(3). Alternatively you can call a standard read function such as SSL_read_ex(3), which will transparently complete the connection and read the requested data. Note that it is an error to attempt to complete the connection before SSL_read_early_data() has returned SSL_READ_EARLY_DATA_FINISH.

+ +

Only servers may call SSL_read_early_data().

+ +

Calls to SSL_read_early_data() may, in certain circumstances, complete the connection immediately without further need to call a function such as SSL_accept(3). This can happen if the client is using a protocol version less than TLSv1.3. Applications can test for this by calling SSL_is_init_finished(3). Alternatively, applications may choose to call SSL_accept(3) anyway. Such a call will successfully return immediately with no further action taken.

+ +

When a session is created between a server and a client the server will specify the maximum amount of any early data that it will accept on any future connection attempt. By default the server does not accept early data; a server may indicate support for early data by calling SSL_CTX_set_max_early_data() or SSL_set_max_early_data() to set it for the whole SSL_CTX or an individual SSL object respectively. The max_early_data parameter specifies the maximum amount of early data in bytes that is permitted to be sent on a single connection. Similarly the SSL_CTX_get_max_early_data() and SSL_get_max_early_data() functions can be used to obtain the current maximum early data settings for the SSL_CTX and SSL objects respectively. Generally a server application will either use both of SSL_read_early_data() and SSL_CTX_set_max_early_data() (or SSL_set_max_early_data()), or neither of them, since there is no practical benefit from using only one of them. If the maximum early data setting for a server is non-zero then replay protection is automatically enabled (see "REPLAY PROTECTION" below).

+ +

If the server rejects the early data sent by a client then it will skip over the data that is sent. The maximum amount of received early data that is skipped is controlled by the recv_max_early_data setting. If a client sends more than this then the connection will abort. This value can be set by calling SSL_CTX_set_recv_max_early_data() or SSL_set_recv_max_early_data(). The current value for this setting can be obtained by calling SSL_CTX_get_recv_max_early_data() or SSL_get_recv_max_early_data(). The default value for this setting is 16,384 bytes.

+ +

The recv_max_early_data value also has an impact on early data that is accepted. The amount of data that is accepted will always be the lower of the max_early_data for the session and the recv_max_early_data setting for the server. If a client sends more data than this then the connection will abort.

+ +

The configured value for max_early_data on a server may change over time as required. However clients may have tickets containing the previously configured max_early_data value. The recv_max_early_data should always be equal to or higher than any recently configured max_early_data value in order to avoid aborted connections. The recv_max_early_data should never be set to less than the current configured max_early_data value.

+ +

Some server applications may wish to have more control over whether early data is accepted or not, for example to mitigate replay risks (see "REPLAY PROTECTION" below) or to decline early_data when the server is heavily loaded. The functions SSL_CTX_set_allow_early_data_cb() and SSL_set_allow_early_data_cb() set a callback which is called at a point in the handshake immediately before a decision is made to accept or reject early data. The callback is provided with a pointer to the user data argument that was provided when the callback was first set. Returning 1 from the callback will allow early data and returning 0 will reject it. Note that the OpenSSL library may reject early data for other reasons in which case this callback will not get called. Notably, the built-in replay protection feature will still be used even if a callback is present unless it has been explicitly disabled using the SSL_OP_NO_ANTI_REPLAY option. See "REPLAY PROTECTION" below.

+ +

NOTES

+ +

The whole purpose of early data is to enable a client to start sending data to the server before a full round trip of network traffic has occurred. Application developers should ensure they consider optimisation of the underlying TCP socket to obtain a performant solution. For example Nagle's algorithm is commonly used by operating systems in an attempt to avoid lots of small TCP packets. In many scenarios this is beneficial for performance, but it does not work well with the early data solution as implemented in OpenSSL. In Nagle's algorithm the OS will buffer outgoing TCP data if a TCP packet has already been sent which we have not yet received an ACK for from the peer. The buffered data will only be transmitted if enough data to fill an entire TCP packet is accumulated, or if the ACK is received from the peer. The initial ClientHello will be sent in the first TCP packet along with any data from the first call to SSL_write_early_data(). If the amount of data written will exceed the size of a single TCP packet, or if there are more calls to SSL_write_early_data() then that additional data will be sent in subsequent TCP packets which will be buffered by the OS and not sent until an ACK is received for the first packet containing the ClientHello. This means the early data is not actually sent until a complete round trip with the server has occurred which defeats the objective of early data.

+ +

In many operating systems the TCP_NODELAY socket option is available to disable Nagle's algorithm. If an application opts to disable Nagle's algorithm consideration should be given to turning it back on again after the handshake is complete if appropriate.

+ +

In rare circumstances, it may be possible for a client to have a session that reports a max early data value greater than 0, but where the server does not support this. For example, this can occur if a server has had its configuration changed to accept a lower max early data value such as by calling SSL_CTX_set_recv_max_early_data(). Another example is if a server used to support TLSv1.3 but was later downgraded to TLSv1.2. Sending early data to such a server will cause the connection to abort. Clients that encounter an aborted connection while sending early data may want to retry the connection without sending early data as this does not happen automatically. A client will have to establish a new transport layer connection to the server and attempt the SSL/TLS connection again but without sending early data. Note that it is inadvisable to retry with a lower maximum protocol version.

+ +

REPLAY PROTECTION

+ +

When early data is in use the TLS protocol provides no security guarantees that the same early data was not replayed across multiple connections. As a mitigation for this issue OpenSSL automatically enables replay protection if the server is configured with a non-zero max early data value. With replay protection enabled sessions are forced to be single use only. If a client attempts to reuse a session ticket more than once, then the second and subsequent attempts will fall back to a full handshake (and any early data that was submitted will be ignored). Note that single use tickets are enforced even if a client does not send any early data.

+ +

The replay protection mechanism relies on the internal OpenSSL server session cache (see SSL_CTX_set_session_cache_mode(3)). When replay protection is being used the server will operate as if the SSL_OP_NO_TICKET option had been selected (see SSL_CTX_set_options(3)). Sessions will be added to the cache whenever a session ticket is issued. When a client attempts to resume the session, OpenSSL will check for its presence in the internal cache. If it exists then the resumption is allowed and the session is removed from the cache. If it does not exist then the resumption is not allowed and a full handshake will occur.

+ +

Note that some applications may maintain an external cache of sessions (see SSL_CTX_sess_set_new_cb(3) and similar functions). It is the application's responsibility to ensure that any sessions in the external cache are also populated in the internal cache and that once removed from the internal cache they are similarly removed from the external cache. Failing to do this could result in an application becoming vulnerable to replay attacks. Note that OpenSSL will lock the internal cache while a session is removed but that lock is not held when the remove session callback (see SSL_CTX_sess_set_remove_cb(3)) is called. This could result in a small amount of time where the session has been removed from the internal cache but is still available in the external cache. Applications should be designed with this in mind in order to minimise the possibility of replay attacks.

+ +

The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) (e.g. see SSL_CTX_set_psk_find_session_callback(3)). Therefore extreme caution should be applied when combining external PSKs with early data.

+ +

Some applications may mitigate the replay risks in other ways. For those applications it is possible to turn off the built-in replay protection feature using the SSL_OP_NO_ANTI_REPLAY option. See SSL_CTX_set_options(3) for details. Applications can also set a callback to make decisions about accepting early data or not. See SSL_CTX_set_allow_early_data_cb() above for details.

+ +

RETURN VALUES

+ +

SSL_write_early_data() returns 1 for success or 0 for failure. In the event of a failure call SSL_get_error(3) to determine the correct course of action.

+ +

SSL_read_early_data() returns SSL_READ_EARLY_DATA_ERROR for failure, SSL_READ_EARLY_DATA_SUCCESS for success with more data to read and SSL_READ_EARLY_DATA_FINISH for success with no more to data be read. In the event of a failure call SSL_get_error(3) to determine the correct course of action.

+ +

SSL_get_max_early_data(), SSL_CTX_get_max_early_data() and SSL_SESSION_get_max_early_data() return the maximum number of early data bytes that may be sent.

+ +

SSL_set_max_early_data(), SSL_CTX_set_max_early_data() and SSL_SESSION_set_max_early_data() return 1 for success or 0 for failure.

+ +

SSL_get_early_data_status() returns SSL_EARLY_DATA_ACCEPTED if early data was accepted by the server, SSL_EARLY_DATA_REJECTED if early data was rejected by the server, or SSL_EARLY_DATA_NOT_SENT if no early data was sent.

+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_write_ex(3), SSL_read_ex(3), SSL_connect(3), SSL_accept(3), SSL_do_handshake(3), SSL_CTX_set_psk_use_session_callback(3), ssl(7)

+ +

HISTORY

+ +

All of the functions described above were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_rstate_string.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_rstate_string.html new file mode 100644 index 00000000..74ed3ec0 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_rstate_string.html @@ -0,0 +1,94 @@ + + + + +SSL_rstate_string + + + + + + + + + + +

NAME

+ +

SSL_rstate_string, SSL_rstate_string_long - get textual description of state of an SSL object during read operation

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const char *SSL_rstate_string(SSL *ssl);
+const char *SSL_rstate_string_long(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_rstate_string() returns a 2 letter string indicating the current read state of the SSL object ssl.

+ +

SSL_rstate_string_long() returns a string indicating the current read state of the SSL object ssl.

+ +

NOTES

+ +

When performing a read operation, the SSL/TLS engine must parse the record, consisting of header and body. When working in a blocking environment, SSL_rstate_string[_long]() should always return "RD"/"read done".

+ +

This function should only seldom be needed in applications.

+ +

RETURN VALUES

+ +

SSL_rstate_string() and SSL_rstate_string_long() can return the following values:

+ +
+ +
"RH"/"read header"
+
+ +

The header of the record is being evaluated.

+ +
+
"RB"/"read body"
+
+ +

The body of the record is being evaluated.

+ +
+
"RD"/"read done"
+
+ +

The record has been completely processed.

+ +
+
"unknown"/"unknown"
+
+ +

The read state is unknown. This should never happen.

+ +
+
+ +

SEE ALSO

+ +

ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_session_reused.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_session_reused.html new file mode 100644 index 00000000..7bc845e1 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_session_reused.html @@ -0,0 +1,77 @@ + + + + +SSL_session_reused + + + + + + + + + + +

NAME

+ +

SSL_session_reused - query whether a reused session was negotiated during handshake

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_session_reused(const SSL *ssl);
+ +

DESCRIPTION

+ +

Query, whether a reused session was negotiated during the handshake.

+ +

NOTES

+ +

During the negotiation, a client can propose to reuse a session. The server then looks up the session in its cache. If both client and server agree on the session, it will be reused and a flag is being set that can be queried by the application.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

A new session was negotiated.

+ +
+
1
+
+ +

A session was reused.

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_set_session(3), SSL_CTX_set_session_cache_mode(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set1_host.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set1_host.html new file mode 100644 index 00000000..61a0a507 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set1_host.html @@ -0,0 +1,96 @@ + + + + +SSL_set1_host + + + + + + + + + + +

NAME

+ +

SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername - SSL server verification parameters

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_set1_host(SSL *s, const char *hostname);
+int SSL_add1_host(SSL *s, const char *hostname);
+void SSL_set_hostflags(SSL *s, unsigned int flags);
+const char *SSL_get0_peername(SSL *s);
+ +

DESCRIPTION

+ +

These functions configure server hostname checks in the SSL client.

+ +

SSL_set1_host() sets the expected DNS hostname to name clearing any previously specified host name or names. If name is NULL, or the empty string the list of hostnames is cleared, and name checks are not performed on the peer certificate. When a non-empty name is specified, certificate verification automatically checks the peer hostname via X509_check_host(3) with flags as specified via SSL_set_hostflags(). Clients that enable DANE TLSA authentication via SSL_dane_enable(3) should leave it to that function to set the primary reference identifier of the peer, and should not call SSL_set1_host().

+ +

SSL_add1_host() adds name as an additional reference identifier that can match the peer's certificate. Any previous names set via SSL_set1_host() or SSL_add1_host() are retained, no change is made if name is NULL or empty. When multiple names are configured, the peer is considered verified when any name matches. This function is required for DANE TLSA in the presence of service name indirection via CNAME, MX or SRV records as specified in RFC7671, RFC7672 or RFC7673.

+ +

SSL_set_hostflags() sets the flags that will be passed to X509_check_host(3) when name checks are applicable, by default the flags value is 0. See X509_check_host(3) for the list of available flags and their meaning.

+ +

SSL_get0_peername() returns the DNS hostname or subject CommonName from the peer certificate that matched one of the reference identifiers. When wildcard matching is not disabled, the name matched in the peer certificate may be a wildcard name. When one of the reference identifiers configured via SSL_set1_host() or SSL_add1_host() starts with ".", which indicates a parent domain prefix rather than a fixed name, the matched peer name may be a sub-domain of the reference identifier. The returned string is allocated by the library and is no longer valid once the associated ssl handle is cleared or freed, or a renegotiation takes place. Applications must not free the return value.

+ +

SSL clients are advised to use these functions in preference to explicitly calling X509_check_host(3). Hostname checks may be out of scope with the RFC7671 DANE-EE(3) certificate usage, and the internal check will be suppressed as appropriate when DANE is enabled.

+ +

RETURN VALUES

+ +

SSL_set1_host() and SSL_add1_host() return 1 for success and 0 for failure.

+ +

SSL_get0_peername() returns NULL if peername verification is not applicable (as with RFC7671 DANE-EE(3)), or no trusted peername was matched. Otherwise, it returns the matched peername. To determine whether verification succeeded call SSL_get_verify_result(3).

+ +

EXAMPLES

+ +

Suppose "smtp.example.com" is the MX host of the domain "example.com". The calls below will arrange to match either the MX hostname or the destination domain name in the SMTP server certificate. Wildcards are supported, but must match the entire label. The actual name matched in the certificate (which might be a wildcard) is retrieved, and must be copied by the application if it is to be retained beyond the lifetime of the SSL connection.

+ +
SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+if (!SSL_set1_host(ssl, "smtp.example.com"))
+    /* error */
+if (!SSL_add1_host(ssl, "example.com"))
+    /* error */
+
+/* XXX: Perform SSL_connect() handshake and handle errors here */
+
+if (SSL_get_verify_result(ssl) == X509_V_OK) {
+    const char *peername = SSL_get0_peername(ssl);
+
+    if (peername != NULL)
+        /* Name checks were in scope and matched the peername */
+}
+ +

SEE ALSO

+ +

X509_check_host(3), SSL_get_verify_result(3). SSL_dane_enable(3).

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_bio.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_bio.html new file mode 100644 index 00000000..ec174a6b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_bio.html @@ -0,0 +1,94 @@ + + + + +SSL_set_bio + + + + + + + + + + +

NAME

+ +

SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio - connect the SSL object with a BIO

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
+void SSL_set0_rbio(SSL *s, BIO *rbio);
+void SSL_set0_wbio(SSL *s, BIO *wbio);
+ +

DESCRIPTION

+ +

SSL_set0_rbio() connects the BIO rbio for the read operations of the ssl object. The SSL engine inherits the behaviour of rbio. If the BIO is non-blocking then the ssl object will also have non-blocking behaviour. This function transfers ownership of rbio to ssl. It will be automatically freed using BIO_free_all(3) when the ssl is freed. On calling this function, any existing rbio that was previously set will also be freed via a call to BIO_free_all(3) (this includes the case where the rbio is set to the same value as previously).

+ +

SSL_set0_wbio() works in the same as SSL_set0_rbio() except that it connects the BIO wbio for the write operations of the ssl object. Note that if the rbio and wbio are the same then SSL_set0_rbio() and SSL_set0_wbio() each take ownership of one reference. Therefore it may be necessary to increment the number of references available using BIO_up_ref(3) before calling the set0 functions.

+ +

SSL_set_bio() is similar to SSL_set0_rbio() and SSL_set0_wbio() except that it connects both the rbio and the wbio at the same time, and transfers the ownership of rbio and wbio to ssl according to the following set of rules:

+ +
    + +
  • If neither the rbio or wbio have changed from their previous values then nothing is done.

    + +
  • +
  • If the rbio and wbio parameters are different and both are different to their previously set values then one reference is consumed for the rbio and one reference is consumed for the wbio.

    + +
  • +
  • If the rbio and wbio parameters are the same and the rbio is not the same as the previously set value then one reference is consumed.

    + +
  • +
  • If the rbio and wbio parameters are the same and the rbio is the same as the previously set value, then no additional references are consumed.

    + +
  • +
  • If the rbio and wbio parameters are different and the rbio is the same as the previously set value then one reference is consumed for the wbio and no references are consumed for the rbio.

    + +
  • +
  • If the rbio and wbio parameters are different and the wbio is the same as the previously set value and the old rbio and wbio values were the same as each other then one reference is consumed for the rbio and no references are consumed for the wbio.

    + +
  • +
  • If the rbio and wbio parameters are different and the wbio is the same as the previously set value and the old rbio and wbio values were different to each other then one reference is consumed for the rbio and one reference is consumed for the wbio.

    + +
  • +
+ +

Because of this complexity, this function should be avoided; use SSL_set0_rbio() and SSL_set0_wbio() instead.

+ +

RETURN VALUES

+ +

SSL_set_bio(), SSL_set0_rbio() and SSL_set0_wbio() cannot fail.

+ +

SEE ALSO

+ +

SSL_get_rbio(3), SSL_connect(3), SSL_accept(3), SSL_shutdown(3), ssl(7), bio(7)

+ +

HISTORY

+ +

SSL_set0_rbio() and SSL_set0_wbio() were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_connect_state.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_connect_state.html new file mode 100644 index 00000000..5ff6261f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_connect_state.html @@ -0,0 +1,77 @@ + + + + +SSL_set_connect_state + + + + + + + + + + +

NAME

+ +

SSL_set_connect_state, SSL_set_accept_state, SSL_is_server - functions for manipulating and examining the client or server mode of an SSL object

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_set_connect_state(SSL *ssl);
+
+void SSL_set_accept_state(SSL *ssl);
+
+int SSL_is_server(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_set_connect_state() sets ssl to work in client mode.

+ +

SSL_set_accept_state() sets ssl to work in server mode.

+ +

SSL_is_server() checks if ssl is working in server mode.

+ +

NOTES

+ +

When the SSL_CTX object was created with SSL_CTX_new(3), it was either assigned a dedicated client method, a dedicated server method, or a generic method, that can be used for both client and server connections. (The method might have been changed with SSL_CTX_set_ssl_version(3) or SSL_set_ssl_method(3).)

+ +

When beginning a new handshake, the SSL engine must know whether it must call the connect (client) or accept (server) routines. Even though it may be clear from the method chosen, whether client or server mode was requested, the handshake routines must be explicitly set.

+ +

When using the SSL_connect(3) or SSL_accept(3) routines, the correct handshake routines are automatically set. When performing a transparent negotiation using SSL_write_ex(3), SSL_write(3), SSL_read_ex(3), or SSL_read(3), the handshake routines must be explicitly set in advance using either SSL_set_connect_state() or SSL_set_accept_state().

+ +

If SSL_is_server() is called before SSL_set_connect_state() or SSL_set_accept_state() is called (either automatically or explicitly), the result depends on what method was used when SSL_CTX was created with SSL_CTX_new(3). If a generic method or a dedicated server method was passed to SSL_CTX_new(3), SSL_is_server() returns 1; otherwise, it returns 0.

+ +

RETURN VALUES

+ +

SSL_set_connect_state() and SSL_set_accept_state() do not return diagnostic information.

+ +

SSL_is_server() returns 1 if ssl is working in server mode or 0 for client mode.

+ +

SEE ALSO

+ +

ssl(7), SSL_new(3), SSL_CTX_new(3), SSL_connect(3), SSL_accept(3), SSL_write_ex(3), SSL_write(3), SSL_read_ex(3), SSL_read(3), SSL_do_handshake(3), SSL_CTX_set_ssl_version(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_fd.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_fd.html new file mode 100644 index 00000000..bc1056fe --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_fd.html @@ -0,0 +1,80 @@ + + + + +SSL_set_fd + + + + + + + + + + +

NAME

+ +

SSL_set_fd, SSL_set_rfd, SSL_set_wfd - connect the SSL object with a file descriptor

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_set_fd(SSL *ssl, int fd);
+int SSL_set_rfd(SSL *ssl, int fd);
+int SSL_set_wfd(SSL *ssl, int fd);
+ +

DESCRIPTION

+ +

SSL_set_fd() sets the file descriptor fd as the input/output facility for the TLS/SSL (encrypted) side of ssl. fd will typically be the socket file descriptor of a network connection.

+ +

When performing the operation, a socket BIO is automatically created to interface between the ssl and fd. The BIO and hence the SSL engine inherit the behaviour of fd. If fd is non-blocking, the ssl will also have non-blocking behaviour.

+ +

If there was already a BIO connected to ssl, BIO_free() will be called (for both the reading and writing side, if different).

+ +

SSL_set_rfd() and SSL_set_wfd() perform the respective action, but only for the read channel or the write channel, which can be set independently.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

The operation failed. Check the error stack to find out why.

+ +
+
1
+
+ +

The operation succeeded.

+ +
+
+ +

SEE ALSO

+ +

SSL_get_fd(3), SSL_set_bio(3), SSL_connect(3), SSL_accept(3), SSL_shutdown(3), ssl(7) , bio(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_session.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_session.html new file mode 100644 index 00000000..e8826fef --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_session.html @@ -0,0 +1,79 @@ + + + + +SSL_set_session + + + + + + + + + + +

NAME

+ +

SSL_set_session - set a TLS/SSL session to be used during TLS/SSL connect

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_set_session(SSL *ssl, SSL_SESSION *session);
+ +

DESCRIPTION

+ +

SSL_set_session() sets session to be used when the TLS/SSL connection is to be established. SSL_set_session() is only useful for TLS/SSL clients. When the session is set, the reference count of session is incremented by 1. If the session is not reused, the reference count is decremented again during SSL_connect(). Whether the session was reused can be queried with the SSL_session_reused(3) call.

+ +

If there is already a session set inside ssl (because it was set with SSL_set_session() before or because the same ssl was already used for a connection), SSL_SESSION_free() will be called for that session. If that old session is still open, it is considered bad and will be removed from the session cache (if used). A session is considered open, if SSL_shutdown(3) was not called for the connection (or at least SSL_set_shutdown(3) was used to set the SSL_SENT_SHUTDOWN state).

+ +

NOTES

+ +

SSL_SESSION objects keep internal link information about the session cache list, when being inserted into one SSL_CTX object's session cache. One SSL_SESSION object, regardless of its reference count, must therefore only be used with one SSL_CTX object (and the SSL objects created from this SSL_CTX object).

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

The operation failed; check the error stack to find out the reason.

+ +
+
1
+
+ +

The operation succeeded.

+ +
+
+ +

SEE ALSO

+ +

ssl(7), SSL_SESSION_free(3), SSL_get_session(3), SSL_session_reused(3), SSL_CTX_set_session_cache_mode(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_shutdown.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_shutdown.html new file mode 100644 index 00000000..1d660eb9 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_shutdown.html @@ -0,0 +1,95 @@ + + + + +SSL_set_shutdown + + + + + + + + + + +

NAME

+ +

SSL_set_shutdown, SSL_get_shutdown - manipulate shutdown state of an SSL connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_set_shutdown(SSL *ssl, int mode);
+
+int SSL_get_shutdown(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_set_shutdown() sets the shutdown state of ssl to mode.

+ +

SSL_get_shutdown() returns the shutdown mode of ssl.

+ +

NOTES

+ +

The shutdown state of an ssl connection is a bitmask of:

+ +
+ +
0
+
+ +

No shutdown setting, yet.

+ +
+
SSL_SENT_SHUTDOWN
+
+ +

A close_notify shutdown alert was sent to the peer, the connection is being considered closed and the session is closed and correct.

+ +
+
SSL_RECEIVED_SHUTDOWN
+
+ +

A shutdown alert was received form the peer, either a normal close_notify or a fatal error.

+ +
+
+ +

SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN can be set at the same time.

+ +

The shutdown state of the connection is used to determine the state of the ssl session. If the session is still open, when SSL_clear(3) or SSL_free(3) is called, it is considered bad and removed according to RFC2246. The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN (according to the TLS RFC, it is acceptable to only send the close_notify alert but to not wait for the peer's answer, when the underlying connection is closed). SSL_set_shutdown() can be used to set this state without sending a close alert to the peer (see SSL_shutdown(3)).

+ +

If a close_notify was received, SSL_RECEIVED_SHUTDOWN will be set, for setting SSL_SENT_SHUTDOWN the application must however still call SSL_shutdown(3) or SSL_set_shutdown() itself.

+ +

RETURN VALUES

+ +

SSL_set_shutdown() does not return diagnostic information.

+ +

SSL_get_shutdown() returns the current setting.

+ +

SEE ALSO

+ +

ssl(7), SSL_shutdown(3), SSL_CTX_set_quiet_shutdown(3), SSL_clear(3), SSL_free(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_verify_result.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_verify_result.html new file mode 100644 index 00000000..7f47d6c4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_set_verify_result.html @@ -0,0 +1,63 @@ + + + + +SSL_set_verify_result + + + + + + + + + + +

NAME

+ +

SSL_set_verify_result - override result of peer certificate verification

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+void SSL_set_verify_result(SSL *ssl, long verify_result);
+ +

DESCRIPTION

+ +

SSL_set_verify_result() sets verify_result of the object ssl to be the result of the verification of the X509 certificate presented by the peer, if any.

+ +

NOTES

+ +

SSL_set_verify_result() overrides the verification result. It only changes the verification result of the ssl object. It does not become part of the established session, so if the session is to be reused later, the original value will reappear.

+ +

The valid codes for verify_result are documented in verify(1).

+ +

RETURN VALUES

+ +

SSL_set_verify_result() does not provide a return value.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_verify_result(3), SSL_get_peer_certificate(3), verify(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_shutdown.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_shutdown.html new file mode 100644 index 00000000..5b75df45 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_shutdown.html @@ -0,0 +1,129 @@ + + + + +SSL_shutdown + + + + + + + + + + +

NAME

+ +

SSL_shutdown - shut down a TLS/SSL connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_shutdown(SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_shutdown() shuts down an active TLS/SSL connection. It sends the close_notify shutdown alert to the peer.

+ +

NOTES

+ +

SSL_shutdown() tries to send the close_notify shutdown alert to the peer. Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse.

+ +

Note that SSL_shutdown() must not be called if a previous fatal error has occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL or SSL_ERROR_SSL.

+ +

The shutdown procedure consists of two steps: sending of the close_notify shutdown alert, and reception of the peer's close_notify shutdown alert. The order of those two steps depends on the application.

+ +

It is acceptable for an application to only send its shutdown alert and then close the underlying connection without waiting for the peer's response. This way resources can be saved, as the process can already terminate or serve another connection. This should only be done when it is known that the other side will not send more data, otherwise there is a risk of a truncation attack.

+ +

When a client only writes and never reads from the connection, and the server has sent a session ticket to establish a session, the client might not be able to resume the session because it did not received and process the session ticket from the server. In case the application wants to be able to resume the session, it is recommended to do a complete shutdown procedure (bidirectional close_notify alerts).

+ +

When the underlying connection shall be used for more communications, the complete shutdown procedure must be performed, so that the peers stay synchronized.

+ +

SSL_shutdown() only closes the write direction. It is not possible to call SSL_write() after calling SSL_shutdown(). The read direction is closed by the peer.

+ +

First to close the connection

+ +

When the application is the first party to send the close_notify alert, SSL_shutdown() will only send the alert and then set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in the cache). If successful, SSL_shutdown() will return 0.

+ +

If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first successful call to SSL_shutdown() is sufficient.

+ +

In order to complete the bidirectional shutdown handshake, the peer needs to send back a close_notify alert. The SSL_RECEIVED_SHUTDOWN flag will be set after receiving and processing it.

+ +

The peer is still allowed to send data after receiving the close_notify event. When it is done sending data, it will send the close_notify alert. SSL_read() should be called until all data is received. SSL_read() will indicate the end of the peer data by returning <= 0 and SSL_get_error() returning SSL_ERROR_ZERO_RETURN.

+ +

Peer closes the connection

+ +

If the peer already sent the close_notify alert and it was already processed implicitly inside another function (SSL_read(3)), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_read() will return <= 0 in that case, and SSL_get_error() will return SSL_ERROR_ZERO_RETURN. SSL_shutdown() will send the close_notify alert, set the SSL_SENT_SHUTDOWN flag. If successful, SSL_shutdown() will return 1.

+ +

Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown(3) call.

+ +

NOTES

+ +

The behaviour of SSL_shutdown() additionally depends on the underlying BIO. If the underlying BIO is blocking, SSL_shutdown() will only return once the handshake step has been finished or an error occurred.

+ +

If the underlying BIO is non-blocking, SSL_shutdown() will also return when the underlying BIO could not satisfy the needs of SSL_shutdown() to continue the handshake. In this case a call to SSL_get_error() with the return value of SSL_shutdown() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_shutdown(). The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue.

+ +

After SSL_shutdown() returned 0, it is possible to call SSL_shutdown() again to wait for the peer's close_notify alert. SSL_shutdown() will return 1 in that case. However, it is recommended to wait for it using SSL_read() instead.

+ +

SSL_shutdown() can be modified to only set the connection to "shutdown" state but not actually send the close_notify alert messages, see SSL_CTX_set_quiet_shutdown(3). When "quiet shutdown" is enabled, SSL_shutdown() will always succeed and return 1.

+ +

RETURN VALUES

+ +

The following return values can occur:

+ +
+ +
0
+
+ +

The shutdown is not yet finished: the close_notify was sent but the peer did not send it back yet. Call SSL_read() to do a bidirectional shutdown. The output of SSL_get_error(3) may be misleading, as an erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.

+ +
+
1
+
+ +

The shutdown was successfully completed. The close_notify alert was sent and the peer's close_notify alert was received.

+ +
+
<0
+
+ +

The shutdown was not successful. Call SSL_get_error(3) with the return value ret to find out the reason. It can occur if an action is needed to continue the operation for non-blocking BIOs.

+ +

It can also occur when not all data was read using SSL_read().

+ +
+
+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_connect(3), SSL_accept(3), SSL_set_shutdown(3), SSL_CTX_set_quiet_shutdown(3), SSL_clear(3), SSL_free(3), ssl(7), bio(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_state_string.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_state_string.html new file mode 100644 index 00000000..97f7552d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_state_string.html @@ -0,0 +1,68 @@ + + + + +SSL_state_string + + + + + + + + + + +

NAME

+ +

SSL_state_string, SSL_state_string_long - get textual description of state of an SSL object

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+const char *SSL_state_string(const SSL *ssl);
+const char *SSL_state_string_long(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_state_string() returns a 6 letter string indicating the current state of the SSL object ssl.

+ +

SSL_state_string_long() returns a string indicating the current state of the SSL object ssl.

+ +

NOTES

+ +

During its use, an SSL objects passes several states. The state is internally maintained. Querying the state information is not very informative before or when a connection has been established. It however can be of significant interest during the handshake.

+ +

When using non-blocking sockets, the function call performing the handshake may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition, so that SSL_state_string[_long]() may be called.

+ +

For both blocking or non-blocking sockets, the details state information can be used within the info_callback function set with the SSL_set_info_callback() call.

+ +

RETURN VALUES

+ +

Detailed description of possible states to be included later.

+ +

SEE ALSO

+ +

ssl(7), SSL_CTX_set_info_callback(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_want.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_want.html new file mode 100644 index 00000000..2414cb00 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_want.html @@ -0,0 +1,125 @@ + + + + +SSL_want + + + + + + + + + + +

NAME

+ +

SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, SSL_want_async, SSL_want_async_job, SSL_want_client_hello_cb - obtain state information TLS/SSL I/O operation

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_want(const SSL *ssl);
+int SSL_want_nothing(const SSL *ssl);
+int SSL_want_read(const SSL *ssl);
+int SSL_want_write(const SSL *ssl);
+int SSL_want_x509_lookup(const SSL *ssl);
+int SSL_want_async(const SSL *ssl);
+int SSL_want_async_job(const SSL *ssl);
+int SSL_want_client_hello_cb(const SSL *ssl);
+ +

DESCRIPTION

+ +

SSL_want() returns state information for the SSL object ssl.

+ +

The other SSL_want_*() calls are shortcuts for the possible states returned by SSL_want().

+ +

NOTES

+ +

SSL_want() examines the internal state information of the SSL object. Its return values are similar to that of SSL_get_error(3). Unlike SSL_get_error(3), which also evaluates the error queue, the results are obtained by examining an internal state flag only. The information must therefore only be used for normal operation under non-blocking I/O. Error conditions are not handled and must be treated using SSL_get_error(3).

+ +

The result returned by SSL_want() should always be consistent with the result of SSL_get_error(3).

+ +

RETURN VALUES

+ +

The following return values can currently occur for SSL_want():

+ +
+ +
SSL_NOTHING
+
+ +

There is no data to be written or to be read.

+ +
+
SSL_WRITING
+
+ +

There are data in the SSL buffer that must be written to the underlying BIO layer in order to complete the actual SSL_*() operation. A call to SSL_get_error(3) should return SSL_ERROR_WANT_WRITE.

+ +
+
SSL_READING
+
+ +

More data must be read from the underlying BIO layer in order to complete the actual SSL_*() operation. A call to SSL_get_error(3) should return SSL_ERROR_WANT_READ.

+ +
+
SSL_X509_LOOKUP
+
+ +

The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again. A call to SSL_get_error(3) should return SSL_ERROR_WANT_X509_LOOKUP.

+ +
+
SSL_ASYNC_PAUSED
+
+ +

An asynchronous operation partially completed and was then paused. See SSL_get_all_async_fds(3). A call to SSL_get_error(3) should return SSL_ERROR_WANT_ASYNC.

+ +
+
SSL_ASYNC_NO_JOBS
+
+ +

The asynchronous job could not be started because there were no async jobs available in the pool (see ASYNC_init_thread(3)). A call to SSL_get_error(3) should return SSL_ERROR_WANT_ASYNC_JOB.

+ +
+
SSL_CLIENT_HELLO_CB
+
+ +

The operation did not complete because an application callback set by SSL_CTX_set_client_hello_cb() has asked to be called again. A call to SSL_get_error(3) should return SSL_ERROR_WANT_CLIENT_HELLO_CB.

+ +
+
+ +

SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup(), SSL_want_async(), SSL_want_async_job(), and SSL_want_client_hello_cb() return 1, when the corresponding condition is true or 0 otherwise.

+ +

SEE ALSO

+ +

ssl(7), SSL_get_error(3)

+ +

HISTORY

+ +

The SSL_want_client_hello_cb() function and the SSL_CLIENT_HELLO_CB return value were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_write.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_write.html new file mode 100644 index 00000000..0b9646f0 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/SSL_write.html @@ -0,0 +1,104 @@ + + + + +SSL_write + + + + + + + + + + +

NAME

+ +

SSL_write_ex, SSL_write - write bytes to a TLS/SSL connection

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written);
+int SSL_write(SSL *ssl, const void *buf, int num);
+ +

DESCRIPTION

+ +

SSL_write_ex() and SSL_write() write num bytes from the buffer buf into the specified ssl connection. On success SSL_write_ex() will store the number of bytes written in *written.

+ +

NOTES

+ +

In the paragraphs below a "write function" is defined as one of either SSL_write_ex(), or SSL_write().

+ +

If necessary, a write function will negotiate a TLS/SSL session, if not already explicitly performed by SSL_connect(3) or SSL_accept(3). If the peer requests a re-negotiation, it will be performed transparently during the write function operation. The behaviour of the write functions depends on the underlying BIO.

+ +

For the transparent negotiation to succeed, the ssl must have been initialized to client or server mode. This is being done by calling SSL_set_connect_state(3) or SSL_set_accept_state() before the first call to a write function.

+ +

If the underlying BIO is blocking, the write functions will only return, once the write operation has been finished or an error occurred.

+ +

If the underlying BIO is non-blocking the write functions will also return when the underlying BIO could not satisfy the needs of the function to continue the operation. In this case a call to SSL_get_error(3) with the return value of the write function will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. As at any time a re-negotiation is possible, a call to a write function can also cause read operations! The calling process then must repeat the call after taking appropriate action to satisfy the needs of the write function. The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue.

+ +

The write functions will only return with success when the complete contents of buf of length num has been written. This default behaviour can be changed with the SSL_MODE_ENABLE_PARTIAL_WRITE option of SSL_CTX_set_mode(3). When this flag is set the write functions will also return with success when a partial write has been successfully completed. In this case the write function operation is considered completed. The bytes are sent and a new write call with a new buffer (with the already sent bytes removed) must be started. A partial write is performed with the size of a message block, which is 16kB.

+ +

WARNINGS

+ +

When a write function call has to be repeated because SSL_get_error(3) returned SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, it must be repeated with the same arguments. The data that was passed might have been partially processed. When SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER was set using SSL_CTX_set_mode(3) the pointer can be different, but the data and length should still be the same.

+ +

You should not call SSL_write() with num=0, it will return an error. SSL_write_ex() can be called with num=0, but will not send application data to the peer.

+ +

RETURN VALUES

+ +

SSL_write_ex() will return 1 for success or 0 for failure. Success means that all requested application data bytes have been written to the SSL connection or, if SSL_MODE_ENABLE_PARTIAL_WRITE is in use, at least 1 application data byte has been written to the SSL connection. Failure means that not all the requested bytes have been written yet (if SSL_MODE_ENABLE_PARTIAL_WRITE is not in use) or no bytes could be written to the SSL connection (if SSL_MODE_ENABLE_PARTIAL_WRITE is in use). Failures can be retryable (e.g. the network write buffer has temporarily filled up) or non-retryable (e.g. a fatal network error). In the event of a failure call SSL_get_error(3) to find out the reason which indicates whether the call is retryable or not.

+ +

For SSL_write() the following return values can occur:

+ +
+ +
> 0
+
+ +

The write operation was successful, the return value is the number of bytes actually written to the TLS/SSL connection.

+ +
+
<= 0
+
+ +

The write operation was not successful, because either the connection was closed, an error occurred or action must be taken by the calling process. Call SSL_get_error() with the return value ret to find out the reason.

+ +

Old documentation indicated a difference between 0 and -1, and that -1 was retryable. You should instead call SSL_get_error() to find out if it's retryable.

+ +
+
+ +

SEE ALSO

+ +

SSL_get_error(3), SSL_read_ex(3), SSL_read(3) SSL_CTX_set_mode(3), SSL_CTX_new(3), SSL_connect(3), SSL_accept(3) SSL_set_connect_state(3), ssl(7), bio(7)

+ +

HISTORY

+ +

The SSL_write_ex() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/UI_STRING.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/UI_STRING.html new file mode 100644 index 00000000..fd261591 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/UI_STRING.html @@ -0,0 +1,113 @@ + + + + +UI_STRING + + + + + + + + + + +

NAME

+ +

UI_STRING, UI_string_types, UI_get_string_type, UI_get_input_flags, UI_get0_output_string, UI_get0_action_string, UI_get0_result_string, UI_get_result_string_length, UI_get0_test_string, UI_get_result_minsize, UI_get_result_maxsize, UI_set_result, UI_set_result_ex - User interface string parsing

+ +

SYNOPSIS

+ +
#include <openssl/ui.h>
+
+typedef struct ui_string_st UI_STRING;
+
+enum UI_string_types {
+    UIT_NONE = 0,
+    UIT_PROMPT,                 /* Prompt for a string */
+    UIT_VERIFY,                 /* Prompt for a string and verify */
+    UIT_BOOLEAN,                /* Prompt for a yes/no response */
+    UIT_INFO,                   /* Send info to the user */
+    UIT_ERROR                   /* Send an error message to the user */
+};
+
+enum UI_string_types UI_get_string_type(UI_STRING *uis);
+int UI_get_input_flags(UI_STRING *uis);
+const char *UI_get0_output_string(UI_STRING *uis);
+const char *UI_get0_action_string(UI_STRING *uis);
+const char *UI_get0_result_string(UI_STRING *uis);
+int UI_get_result_string_length(UI_STRING *uis);
+const char *UI_get0_test_string(UI_STRING *uis);
+int UI_get_result_minsize(UI_STRING *uis);
+int UI_get_result_maxsize(UI_STRING *uis);
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
+int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len);
+ +

DESCRIPTION

+ +

The UI_STRING gets created internally and added to a UI whenever one of the functions UI_add_input_string(), UI_dup_input_string(), UI_add_verify_string(), UI_dup_verify_string(), UI_add_input_boolean(), UI_dup_input_boolean(), UI_add_info_string(), UI_dup_info_string(), UI_add_error_string() or UI_dup_error_string() is called. For a UI_METHOD user, there's no need to know more. For a UI_METHOD creator, it is of interest to fetch text from these UI_STRING objects as well as adding results to some of them.

+ +

UI_get_string_type() is used to retrieve the type of the given UI_STRING.

+ +

UI_get_input_flags() is used to retrieve the flags associated with the given UI_STRING.

+ +

UI_get0_output_string() is used to retrieve the actual string to output (prompt, info, error, ...).

+ +

UI_get0_action_string() is used to retrieve the action description associated with a UIT_BOOLEAN type UI_STRING. For all other UI_STRING types, NULL is returned. See UI_add_input_boolean(3).

+ +

UI_get0_result_string() and UI_get_result_string_length() are used to retrieve the result of a prompt and its length. This is only useful for UIT_PROMPT and UIT_VERIFY type strings. For all other UI_STRING types, UI_get0_result_string() returns NULL and UI_get_result_string_length() returns -1.

+ +

UI_get0_test_string() is used to retrieve the string to compare the prompt result with. This is only useful for UIT_VERIFY type strings. For all other UI_STRING types, NULL is returned.

+ +

UI_get_result_minsize() and UI_get_result_maxsize() are used to retrieve the minimum and maximum required size of the result. This is only useful for UIT_PROMPT and UIT_VERIFY type strings. For all other UI_STRING types, -1 is returned.

+ +

UI_set_result_ex() is used to set the result value of a prompt and its length. For UIT_PROMPT and UIT_VERIFY type UI strings, this sets the result retrievable with UI_get0_result_string() by copying the contents of result if its length fits the minimum and maximum size requirements. For UIT_BOOLEAN type UI strings, this sets the first character of the result retrievable with UI_get0_result_string() to the first ok_char given with UI_add_input_boolean() or UI_dup_input_boolean() if the result matched any of them, or the first of the cancel_chars if the result matched any of them, otherwise it's set to the NUL char \0. See UI_add_input_boolean(3) for more information on ok_chars and cancel_chars.

+ +

UI_set_result() does the same thing as UI_set_result_ex(), but calculates its length internally. It expects the string to be terminated with a NUL byte, and is therefore only useful with normal C strings.

+ +

RETURN VALUES

+ +

UI_get_string_type() returns the UI string type.

+ +

UI_get_input_flags() returns the UI string flags.

+ +

UI_get0_output_string() returns the UI string output string.

+ +

UI_get0_action_string() returns the UI string action description string for UIT_BOOLEAN type UI strings, NULL for any other type.

+ +

UI_get0_result_string() returns the UI string result buffer for UIT_PROMPT and UIT_VERIFY type UI strings, NULL for any other type.

+ +

UI_get_result_string_length() returns the UI string result buffer's content length for UIT_PROMPT and UIT_VERIFY type UI strings, -1 for any other type.

+ +

UI_get0_test_string() returns the UI string action description string for UIT_VERIFY type UI strings, NULL for any other type.

+ +

UI_get_result_minsize() returns the minimum allowed result size for the UI string for UIT_PROMPT and UIT_VERIFY type strings, -1 for any other type.

+ +

UI_get_result_maxsize() returns the minimum allowed result size for the UI string for UIT_PROMPT and UIT_VERIFY type strings, -1 for any other type.

+ +

UI_set_result() returns 0 on success or when the UI string is of any type other than UIT_PROMPT, UIT_VERIFY or UIT_BOOLEAN, -1 on error.

+ +

SEE ALSO

+ +

UI(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/UI_UTIL_read_pw.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/UI_UTIL_read_pw.html new file mode 100644 index 00000000..08a54847 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/UI_UTIL_read_pw.html @@ -0,0 +1,73 @@ + + + + +UI_UTIL_read_pw + + + + + + + + + + +

NAME

+ +

UI_UTIL_read_pw_string, UI_UTIL_read_pw, UI_UTIL_wrap_read_pem_callback - user interface utilities

+ +

SYNOPSIS

+ +
#include <openssl/ui.h>
+
+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
+                           int verify);
+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+                    int verify);
+UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag);
+ +

DESCRIPTION

+ +

UI_UTIL_read_pw_string() asks for a passphrase, using prompt as a prompt, and stores it in buf. The maximum allowed size is given with length, including the terminating NUL byte. If verify is non-zero, the password will be verified as well.

+ +

UI_UTIL_read_pw() does the same as UI_UTIL_read_pw_string(), the difference is that you can give it an external buffer buff for the verification passphrase.

+ +

UI_UTIL_wrap_read_pem_callback() can be used to create a temporary UI_METHOD that wraps a given PEM password callback cb. rwflag is used to specify if this method will be used for passphrase entry without (0) or with (1) verification. When not used any more, the returned method should be freed with UI_destroy_method().

+ +

NOTES

+ +

UI_UTIL_read_pw_string() and UI_UTIL_read_pw() use default UI_METHOD. See UI_get_default_method(3) and friends for more information.

+ +

The result from the UI_METHOD created by UI_UTIL_wrap_read_pem_callback() will generate password strings in the encoding that the given password callback generates. The default password prompting functions (apart from UI_UTIL_read_pw_string() and UI_UTIL_read_pw(), there is PEM_def_callback(), EVP_read_pw_string() and EVP_read_pw_string_min()) all use the default UI_METHOD.

+ +

RETURN VALUES

+ +

UI_UTIL_read_pw_string() and UI_UTIL_read_pw() return 0 on success or a negative value on error.

+ +

UI_UTIL_wrap_read_pem_callback() returns a valid UI_METHOD structure or NULL if an error occurred.

+ +

SEE ALSO

+ +

UI_get_default_method(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/UI_create_method.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/UI_create_method.html new file mode 100644 index 00000000..3fa4e33c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/UI_create_method.html @@ -0,0 +1,178 @@ + + + + +UI_create_method + + + + + + + + + + +

NAME

+ +

UI_METHOD, UI_create_method, UI_destroy_method, UI_method_set_opener, UI_method_set_writer, UI_method_set_flusher, UI_method_set_reader, UI_method_set_closer, UI_method_set_data_duplicator, UI_method_set_prompt_constructor, UI_method_set_ex_data, UI_method_get_opener, UI_method_get_writer, UI_method_get_flusher, UI_method_get_reader, UI_method_get_closer, UI_method_get_data_duplicator, UI_method_get_data_destructor, UI_method_get_prompt_constructor, UI_method_get_ex_data - user interface method creation and destruction

+ +

SYNOPSIS

+ +
#include <openssl/ui.h>
+
+typedef struct ui_method_st UI_METHOD;
+
+UI_METHOD *UI_create_method(const char *name);
+void UI_destroy_method(UI_METHOD *ui_method);
+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui));
+int UI_method_set_writer(UI_METHOD *method,
+                         int (*writer) (UI *ui, UI_STRING *uis));
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui));
+int UI_method_set_reader(UI_METHOD *method,
+                         int (*reader) (UI *ui, UI_STRING *uis));
+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui));
+int UI_method_set_data_duplicator(UI_METHOD *method,
+                                  void *(*duplicator) (UI *ui, void *ui_data),
+                                  void (*destructor)(UI *ui, void *ui_data));
+int UI_method_set_prompt_constructor(UI_METHOD *method,
+                                     char *(*prompt_constructor) (UI *ui,
+                                                                  const char
+                                                                  *object_desc,
+                                                                  const char
+                                                                  *object_name));
+int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data);
+int (*UI_method_get_opener(const UI_METHOD *method)) (UI *);
+int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *);
+int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_closer(const UI_METHOD *method)) (UI *);
+char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))
+    (UI *, const char *, const char *);
+void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *);
+void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *);
+const void *UI_method_get_ex_data(const UI_METHOD *method, int idx);
+ +

DESCRIPTION

+ +

A method contains a few functions that implement the low level of the User Interface. These functions are:

+ +
+ +
an opener
+
+ +

This function takes a reference to a UI and starts a session, for example by opening a channel to a tty, or by creating a dialog box.

+ +
+
a writer
+
+ +

This function takes a reference to a UI and a UI String, and writes the string where appropriate, maybe to the tty, maybe added as a field label in a dialog box. Note that this gets fed all strings associated with a UI, one after the other, so care must be taken which ones it actually uses.

+ +
+
a flusher
+
+ +

This function takes a reference to a UI, and flushes everything that has been output so far. For example, if the method builds up a dialog box, this can be used to actually display it and accepting input ended with a pressed button.

+ +
+
a reader
+
+ +

This function takes a reference to a UI and a UI string and reads off the given prompt, maybe from the tty, maybe from a field in a dialog box. Note that this gets fed all strings associated with a UI, one after the other, so care must be taken which ones it actually uses.

+ +
+
a closer
+
+ +

This function takes a reference to a UI, and closes the session, maybe by closing the channel to the tty, maybe by destroying a dialog box.

+ +
+
+ +

All of these functions are expected to return 0 on error, 1 on success, or -1 on out-off-band events, for example if some prompting has been cancelled (by pressing Ctrl-C, for example). Only the flusher or the reader are expected to return -1. If returned by another of the functions, it's treated as if 0 was returned.

+ +

Regarding the writer and the reader, don't assume the former should only write and don't assume the latter should only read. This depends on the needs of the method.

+ +

For example, a typical tty reader wouldn't write the prompts in the write, but would rather do so in the reader, because of the sequential nature of prompting on a tty. This is how the UI_OpenSSL() method does it.

+ +

In contrast, a method that builds up a dialog box would add all prompt text in the writer, have all input read in the flusher and store the results in some temporary buffer, and finally have the reader just fetch those results.

+ +

The central function that uses these method functions is UI_process(), and it does it in five steps:

+ +
    + +
  1. Open the session using the opener function if that one's defined. If an error occurs, jump to 5.

    + +
  2. +
  3. For every UI String associated with the UI, call the writer function if that one's defined. If an error occurs, jump to 5.

    + +
  4. +
  5. Flush everything using the flusher function if that one's defined. If an error occurs, jump to 5.

    + +
  6. +
  7. For every UI String associated with the UI, call the reader function if that one's defined. If an error occurs, jump to 5.

    + +
  8. +
  9. Close the session using the closer function if that one's defined.

    + +
  10. +
+ +

UI_create_method() creates a new UI method with a given name.

+ +

UI_destroy_method() destroys the given UI method ui_method.

+ +

UI_method_set_opener(), UI_method_set_writer(), UI_method_set_flusher(), UI_method_set_reader() and UI_method_set_closer() set the five main method function to the given function pointer.

+ +

UI_method_set_data_duplicator() sets the user data duplicator and destructor. See UI_dup_user_data(3).

+ +

UI_method_set_prompt_constructor() sets the prompt constructor. See UI_construct_prompt(3).

+ +

UI_method_set_ex_data() sets application specific data with a given EX_DATA index. See CRYPTO_get_ex_new_index(3) for general information on how to get that index.

+ +

UI_method_get_opener(), UI_method_get_writer(), UI_method_get_flusher(), UI_method_get_reader(), UI_method_get_closer(), UI_method_get_data_duplicator(), UI_method_get_data_destructor() and UI_method_get_prompt_constructor() return the different method functions.

+ +

UI_method_get_ex_data() returns the application data previously stored with UI_method_set_ex_data().

+ +

RETURN VALUES

+ +

UI_create_method() returns a UI_METHOD pointer on success, NULL on error.

+ +

UI_method_set_opener(), UI_method_set_writer(), UI_method_set_flusher(), UI_method_set_reader(), UI_method_set_closer(), UI_method_set_data_duplicator() and UI_method_set_prompt_constructor() return 0 on success, -1 if the given method is NULL.

+ +

UI_method_set_ex_data() returns 1 on success and 0 on error (because CRYPTO_set_ex_data() does so).

+ +

UI_method_get_opener(), UI_method_get_writer(), UI_method_get_flusher(), UI_method_get_reader(), UI_method_get_closer(), UI_method_get_data_duplicator(), UI_method_get_data_destructor() and UI_method_get_prompt_constructor() return the requested function pointer if it's set in the method, otherwise NULL.

+ +

UI_method_get_ex_data() returns a pointer to the application specific data associated with the method.

+ +

SEE ALSO

+ +

UI(3), CRYPTO_get_ex_data(3), UI_STRING(3)

+ +

HISTORY

+ +

The UI_method_set_data_duplicator(), UI_method_get_data_duplicator() and UI_method_get_data_destructor() functions were added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/UI_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/UI_new.html new file mode 100644 index 00000000..11594b5d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/UI_new.html @@ -0,0 +1,178 @@ + + + + +UI_new + + + + + + + + + + +

NAME

+ +

UI, UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, UI_add_error_string, UI_dup_error_string, UI_construct_prompt, UI_add_user_data, UI_dup_user_data, UI_get0_user_data, UI_get0_result, UI_get_result_length, UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_set_method, UI_OpenSSL, UI_null - user interface

+ +

SYNOPSIS

+ +
#include <openssl/ui.h>
+
+typedef struct ui_st UI;
+
+UI *UI_new(void);
+UI *UI_new_method(const UI_METHOD *method);
+void UI_free(UI *ui);
+
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize);
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize);
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf);
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf);
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf);
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf);
+int UI_add_info_string(UI *ui, const char *text);
+int UI_dup_info_string(UI *ui, const char *text);
+int UI_add_error_string(UI *ui, const char *text);
+int UI_dup_error_string(UI *ui, const char *text);
+
+char *UI_construct_prompt(UI *ui_method,
+       const char *object_desc, const char *object_name);
+
+void *UI_add_user_data(UI *ui, void *user_data);
+int UI_dup_user_data(UI *ui, void *user_data);
+void *UI_get0_user_data(UI *ui);
+
+const char *UI_get0_result(UI *ui, int i);
+int UI_get_result_length(UI *ui, int i);
+
+int UI_process(UI *ui);
+
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
+
+void UI_set_default_method(const UI_METHOD *meth);
+const UI_METHOD *UI_get_default_method(void);
+const UI_METHOD *UI_get_method(UI *ui);
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
+
+UI_METHOD *UI_OpenSSL(void);
+const UI_METHOD *UI_null(void);
+ +

DESCRIPTION

+ +

UI stands for User Interface, and is general purpose set of routines to prompt the user for text-based information. Through user-written methods (see UI_create_method(3)), prompting can be done in any way imaginable, be it plain text prompting, through dialog boxes or from a cell phone.

+ +

All the functions work through a context of the type UI. This context contains all the information needed to prompt correctly as well as a reference to a UI_METHOD, which is an ordered vector of functions that carry out the actual prompting.

+ +

The first thing to do is to create a UI with UI_new() or UI_new_method(), then add information to it with the UI_add or UI_dup functions. Also, user-defined random data can be passed down to the underlying method through calls to UI_add_user_data() or UI_dup_user_data(). The default UI method doesn't care about these data, but other methods might. Finally, use UI_process() to actually perform the prompting and UI_get0_result() and UI_get_result_length() to find the result to the prompt and its length.

+ +

A UI can contain more than one prompt, which are performed in the given sequence. Each prompt gets an index number which is returned by the UI_add and UI_dup functions, and has to be used to get the corresponding result with UI_get0_result() and UI_get_result_length().

+ +

UI_process() can be called more than once on the same UI, thereby allowing a UI to have a long lifetime, but can just as well have a short lifetime.

+ +

The functions are as follows:

+ +

UI_new() creates a new UI using the default UI method. When done with this UI, it should be freed using UI_free().

+ +

UI_new_method() creates a new UI using the given UI method. When done with this UI, it should be freed using UI_free().

+ +

UI_OpenSSL() returns the built-in UI method (note: not necessarily the default one, since the default can be changed. See further on). This method is the most machine/OS dependent part of OpenSSL and normally generates the most problems when porting.

+ +

UI_null() returns a UI method that does nothing. Its use is to avoid getting internal defaults for passed UI_METHOD pointers.

+ +

UI_free() removes a UI from memory, along with all other pieces of memory that's connected to it, like duplicated input strings, results and others. If ui is NULL nothing is done.

+ +

UI_add_input_string() and UI_add_verify_string() add a prompt to the UI, as well as flags and a result buffer and the desired minimum and maximum sizes of the result, not counting the final NUL character. The given information is used to prompt for information, for example a password, and to verify a password (i.e. having the user enter it twice and check that the same string was entered twice). UI_add_verify_string() takes and extra argument that should be a pointer to the result buffer of the input string that it's supposed to verify, or verification will fail.

+ +

UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered in a boolean way, with a single character for yes and a different character for no. A set of characters that can be used to cancel the prompt is given as well. The prompt itself is divided in two, one part being the descriptive text (given through the prompt argument) and one describing the possible answers (given through the action_desc argument).

+ +

UI_add_info_string() and UI_add_error_string() add strings that are shown at the same time as the prompt for extra information or to show an error string. The difference between the two is only conceptual. With the builtin method, there's no technical difference between them. Other methods may make a difference between them, however.

+ +

The flags currently supported are UI_INPUT_FLAG_ECHO, which is relevant for UI_add_input_string() and will have the users response be echoed (when prompting for a password, this flag should obviously not be used, and UI_INPUT_FLAG_DEFAULT_PWD, which means that a default password of some sort will be used (completely depending on the application and the UI method).

+ +

UI_dup_input_string(), UI_dup_verify_string(), UI_dup_input_boolean(), UI_dup_info_string() and UI_dup_error_string() are basically the same as their UI_add counterparts, except that they make their own copies of all strings.

+ +

UI_construct_prompt() is a helper function that can be used to create a prompt from two pieces of information: an description and a name. The default constructor (if there is none provided by the method used) creates a string "Enter description for name:". With the description "pass phrase" and the file name "foo.key", that becomes "Enter pass phrase for foo.key:". Other methods may create whatever string and may include encodings that will be processed by the other method functions.

+ +

UI_add_user_data() adds a user data pointer for the method to use at any time. The builtin UI method doesn't care about this info. Note that several calls to this function doesn't add data, it replaces the previous blob with the one given as argument.

+ +

UI_dup_user_data() duplicates the user data and works as an alternative to UI_add_user_data() when the user data needs to be preserved for a longer duration, perhaps even the lifetime of the application. The UI object takes ownership of this duplicate and will free it whenever it gets replaced or the UI is destroyed. UI_dup_user_data() returns 0 on success, or -1 on memory allocation failure or if the method doesn't have a duplicator function.

+ +

UI_get0_user_data() retrieves the data that has last been given to the UI with UI_add_user_data() or UI_dup_user_data.

+ +

UI_get0_result() returns a pointer to the result buffer associated with the information indexed by i.

+ +

UI_get_result_length() returns the length of the result buffer associated with the information indexed by i.

+ +

UI_process() goes through the information given so far, does all the printing and prompting and returns the final status, which is -2 on out-of-band events (Interrupt, Cancel, ...), -1 on error and 0 on success.

+ +

UI_ctrl() adds extra control for the application author. For now, it understands two commands: UI_CTRL_PRINT_ERRORS, which makes UI_process() print the OpenSSL error stack as part of processing the UI, and UI_CTRL_IS_REDOABLE, which returns a flag saying if the used UI can be used again or not.

+ +

UI_set_default_method() changes the default UI method to the one given. This function is not thread-safe and should not be called at the same time as other OpenSSL functions.

+ +

UI_get_default_method() returns a pointer to the current default UI method.

+ +

UI_get_method() returns the UI method associated with a given UI.

+ +

UI_set_method() changes the UI method associated with a given UI.

+ +

NOTES

+ +

The resulting strings that the built in method UI_OpenSSL() generate are assumed to be encoded according to the current locale or (for Windows) code page. For applications having different demands, these strings need to be converted appropriately by the caller. For Windows, if the OPENSSL_WIN32_UTF8 environment variable is set, the built-in method UI_OpenSSL() will produce UTF-8 encoded strings instead.

+ +

RETURN VALUES

+ +

UI_new() and UI_new_method() return a valid UI structure or NULL if an error occurred.

+ +

UI_add_input_string(), UI_dup_input_string(), UI_add_verify_string(), UI_dup_verify_string(), UI_add_input_boolean(), UI_dup_input_boolean(), UI_add_info_string(), UI_dup_info_string(), UI_add_error_string() and UI_dup_error_string() return a positive number on success or a value which is less than or equal to 0 otherwise.

+ +

UI_construct_prompt() returns a string or NULL if an error occurred.

+ +

UI_dup_user_data() returns 0 on success or -1 on error.

+ +

UI_get0_result() returns a string or NULL on error.

+ +

UI_get_result_length() returns a positive integer or 0 on success; otherwise it returns -1 on error.

+ +

UI_process() returns 0 on success or a negative value on error.

+ +

UI_ctrl() returns a mask on success or -1 on error.

+ +

UI_get_default_method(), UI_get_method(), UI_OpenSSL(), UI_null() and UI_set_method() return either a valid UI_METHOD structure or NULL respectively.

+ +

HISTORY

+ +

The UI_dup_user_data() function was added in OpenSSL 1.1.1.

+ +

COPYRIGHT

+ +

Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509V3_get_d2i.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509V3_get_d2i.html new file mode 100644 index 00000000..356629b7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509V3_get_d2i.html @@ -0,0 +1,214 @@ + + + + +X509V3_get_d2i + + + + + + + + + + +

NAME

+ +

X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d - X509 extension decode and encode functions

+ +

SYNOPSIS

+ +
#include <openssl/x509v3.h>
+
+void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+                     int *idx);
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+                    int crit, unsigned long flags);
+
+void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext);
+
+void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                      unsigned long flags);
+
+void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx);
+int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit,
+                          unsigned long flags);
+
+void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx);
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit,
+                              unsigned long flags);
+
+const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
+const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r);
+ +

DESCRIPTION

+ +

X509V3_get_ext_d2i() looks for an extension with OID nid in the extensions x and, if found, decodes it. If idx is NULL then only one occurrence of an extension is permissible otherwise the first extension after index *idx is returned and *idx updated to the location of the extension. If crit is not NULL then *crit is set to a status value: -2 if the extension occurs multiple times (this is only returned if idx is NULL), -1 if the extension could not be found, 0 if the extension is found and is not critical and 1 if critical. A pointer to an extension specific structure or NULL is returned.

+ +

X509V3_add1_i2d() adds extension value to STACK *x (allocating a new STACK if necessary) using OID nid and criticality crit according to flags.

+ +

X509V3_EXT_d2i() attempts to decode the ASN.1 data contained in extension ext and returns a pointer to an extension specific structure or NULL if the extension could not be decoded (invalid syntax or not supported).

+ +

X509V3_EXT_i2d() encodes the extension specific structure ext with OID ext_nid and criticality crit.

+ +

X509_get_ext_d2i() and X509_add1_ext_i2d() operate on the extensions of certificate x, they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d().

+ +

X509_CRL_get_ext_d2i() and X509_CRL_add1_ext_i2d() operate on the extensions of CRL crl, they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d().

+ +

X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the extensions of X509_REVOKED structure r (i.e for CRL entry extensions), they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d().

+ +

X509_get0_extensions(), X509_CRL_get0_extensions() and X509_REVOKED_get0_extensions() return a stack of all the extensions of a certificate a CRL or a CRL entry respectively.

+ +

NOTES

+ +

In almost all cases an extension can occur at most once and multiple occurrences is an error. Therefore the idx parameter is usually NULL.

+ +

The flags parameter may be one of the following values.

+ +

X509V3_ADD_DEFAULT appends a new extension only if the extension does not already exist. An error is returned if the extension does already exist.

+ +

X509V3_ADD_APPEND appends a new extension, ignoring whether the extension already exists.

+ +

X509V3_ADD_REPLACE replaces an extension if it exists otherwise appends a new extension.

+ +

X509V3_ADD_REPLACE_EXISTING replaces an existing extension if it exists otherwise returns an error.

+ +

X509V3_ADD_KEEP_EXISTING appends a new extension only if the extension does not already exist. An error is not returned if the extension does already exist.

+ +

X509V3_ADD_DELETE extension nid is deleted: no new extension is added.

+ +

If X509V3_ADD_SILENT is ored with flags: any error returned will not be added to the error queue.

+ +

The function X509V3_get_d2i() will return NULL if the extension is not found, occurs multiple times or cannot be decoded. It is possible to determine the precise reason by checking the value of *crit.

+ +

SUPPORTED EXTENSIONS

+ +

The following sections contain a list of all supported extensions including their name and NID.

+ +

PKIX Certificate Extensions

+ +

The following certificate extensions are defined in PKIX standards such as RFC5280.

+ +
Basic Constraints                  NID_basic_constraints
+Key Usage                          NID_key_usage
+Extended Key Usage                 NID_ext_key_usage
+
+Subject Key Identifier             NID_subject_key_identifier
+Authority Key Identifier           NID_authority_key_identifier
+
+Private Key Usage Period           NID_private_key_usage_period
+
+Subject Alternative Name           NID_subject_alt_name
+Issuer Alternative Name            NID_issuer_alt_name
+
+Authority Information Access       NID_info_access
+Subject Information Access         NID_sinfo_access
+
+Name Constraints                   NID_name_constraints
+
+Certificate Policies               NID_certificate_policies
+Policy Mappings                    NID_policy_mappings
+Policy Constraints                 NID_policy_constraints
+Inhibit Any Policy                 NID_inhibit_any_policy
+
+TLS Feature                        NID_tlsfeature
+ +

Netscape Certificate Extensions

+ +

The following are (largely obsolete) Netscape certificate extensions.

+ +
Netscape Cert Type                 NID_netscape_cert_type
+Netscape Base Url                  NID_netscape_base_url
+Netscape Revocation Url            NID_netscape_revocation_url
+Netscape CA Revocation Url         NID_netscape_ca_revocation_url
+Netscape Renewal Url               NID_netscape_renewal_url
+Netscape CA Policy Url             NID_netscape_ca_policy_url
+Netscape SSL Server Name           NID_netscape_ssl_server_name
+Netscape Comment                   NID_netscape_comment
+ +

Miscellaneous Certificate Extensions

+ +
Strong Extranet ID                 NID_sxnet
+Proxy Certificate Information      NID_proxyCertInfo
+ +

PKIX CRL Extensions

+ +

The following are CRL extensions from PKIX standards such as RFC5280.

+ +
CRL Number                         NID_crl_number
+CRL Distribution Points            NID_crl_distribution_points
+Delta CRL Indicator                NID_delta_crl
+Freshest CRL                       NID_freshest_crl
+Invalidity Date                    NID_invalidity_date
+Issuing Distribution Point         NID_issuing_distribution_point
+ +

The following are CRL entry extensions from PKIX standards such as RFC5280.

+ +
CRL Reason Code                    NID_crl_reason
+Certificate Issuer                 NID_certificate_issuer
+ +

OCSP Extensions

+ +
OCSP Nonce                         NID_id_pkix_OCSP_Nonce
+OCSP CRL ID                        NID_id_pkix_OCSP_CrlID
+Acceptable OCSP Responses          NID_id_pkix_OCSP_acceptableResponses
+OCSP No Check                      NID_id_pkix_OCSP_noCheck
+OCSP Archive Cutoff                NID_id_pkix_OCSP_archiveCutoff
+OCSP Service Locator               NID_id_pkix_OCSP_serviceLocator
+Hold Instruction Code              NID_hold_instruction_code
+ +

Certificate Transparency Extensions

+ +

The following extensions are used by certificate transparency, RFC6962

+ +
CT Precertificate SCTs             NID_ct_precert_scts
+CT Certificate SCTs                NID_ct_cert_scts
+ +

RETURN VALUES

+ +

X509V3_EXT_d2i() and *X509V3_get_d2i() return a pointer to an extension specific structure of NULL if an error occurs.

+ +

X509V3_EXT_i2d() returns a pointer to an X509_EXTENSION structure or NULL if an error occurs.

+ +

X509V3_add1_i2d() returns 1 if the operation is successful and 0 if it fails due to a non-fatal error (extension not found, already exists, cannot be encoded) or -1 due to a fatal error such as a memory allocation failure.

+ +

X509_get0_extensions(), X509_CRL_get0_extensions() and X509_REVOKED_get0_extensions() return a stack of extensions. They return NULL if no extensions are present.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509_verify_cert(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_ALGOR_dup.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_ALGOR_dup.html new file mode 100644 index 00000000..62f5c9f1 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_ALGOR_dup.html @@ -0,0 +1,70 @@ + + + + +X509_ALGOR_dup + + + + + + + + + + +

NAME

+ +

X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg);
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
+void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
+                     const void **ppval, const X509_ALGOR *alg);
+void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
+ +

DESCRIPTION

+ +

X509_ALGOR_dup() returns a copy of alg.

+ +

X509_ALGOR_set0() sets the algorithm OID of alg to aobj and the associated parameter type to ptype with value pval. If ptype is V_ASN1_UNDEF the parameter is omitted, otherwise ptype and pval have the same meaning as the type and value parameters to ASN1_TYPE_set(). All the supplied parameters are used internally so must NOT be freed after this call.

+ +

X509_ALGOR_get0() is the inverse of X509_ALGOR_set0(): it returns the algorithm OID in *paobj and the associated parameter in *pptype and *ppval from the AlgorithmIdentifier alg.

+ +

X509_ALGOR_set_md() sets the AlgorithmIdentifier alg to appropriate values for the message digest md.

+ +

X509_ALGOR_cmp() compares a and b and returns 0 if they have identical encodings and non-zero otherwise.

+ +

RETURN VALUES

+ +

X509_ALGOR_dup() returns a valid X509_ALGOR structure or NULL if an error occurred.

+ +

X509_ALGOR_set0() returns 1 on success or 0 on error.

+ +

X509_ALGOR_get0() and X509_ALGOR_set_md() return no values.

+ +

X509_ALGOR_cmp() returns 0 if the two parameters have identical encodings and non-zero otherwise.

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_CRL_get0_by_serial.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_CRL_get0_by_serial.html new file mode 100644 index 00000000..4baeb79e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_CRL_get0_by_serial.html @@ -0,0 +1,99 @@ + + + + +X509_CRL_get0_by_serial + + + + + + + + + + +

NAME

+ +

X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate, X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, X509_CRL_add0_revoked, X509_CRL_sort - CRL revoked entry utility functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_CRL_get0_by_serial(X509_CRL *crl,
+                            X509_REVOKED **ret, ASN1_INTEGER *serial);
+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
+
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
+
+const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *r);
+const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *r);
+
+int X509_REVOKED_set_serialNumber(X509_REVOKED *r, ASN1_INTEGER *serial);
+int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+
+int X509_CRL_sort(X509_CRL *crl);
+ +

DESCRIPTION

+ +

X509_CRL_get0_by_serial() attempts to find a revoked entry in crl for serial number serial. If it is successful it sets *ret to the internal pointer of the matching entry, as a result *ret must not be freed up after the call.

+ +

X509_CRL_get0_by_cert() is similar to X509_get0_by_serial() except it looks for a revoked entry using the serial number of certificate x.

+ +

X509_CRL_get_REVOKED() returns an internal pointer to a stack of all revoked entries for crl.

+ +

X509_REVOKED_get0_serialNumber() returns an internal pointer to the serial number of r.

+ +

X509_REVOKED_get0_revocationDate() returns an internal pointer to the revocation date of r.

+ +

X509_REVOKED_set_serialNumber() sets the serial number of r to serial. The supplied serial pointer is not used internally so it should be freed up after use.

+ +

X509_REVOKED_set_revocationDate() sets the revocation date of r to tm. The supplied tm pointer is not used internally so it should be freed up after use.

+ +

X509_CRL_add0_revoked() appends revoked entry rev to CRL crl. The pointer rev is used internally so it must not be freed up after the call: it is freed when the parent CRL is freed.

+ +

X509_CRL_sort() sorts the revoked entries of crl into ascending serial number order.

+ +

NOTES

+ +

Applications can determine the number of revoked entries returned by X509_CRL_get_revoked() using sk_X509_REVOKED_num() and examine each one in turn using sk_X509_REVOKED_value().

+ +

RETURN VALUES

+ +

X509_CRL_get0_by_serial() and X509_CRL_get0_by_cert() return 0 for failure, 1 on success except if the revoked entry has the reason removeFromCRL (8), in which case 2 is returned.

+ +

X509_REVOKED_set_serialNumber(), X509_REVOKED_set_revocationDate(), X509_CRL_add0_revoked() and X509_CRL_sort() return 1 for success and 0 for failure.

+ +

X509_REVOKED_get0_serialNumber() returns an ASN1_INTEGER pointer.

+ +

X509_REVOKED_get0_revocationDate() returns an ASN1_TIME value.

+ +

X509_CRL_get_REVOKED() returns a STACK of revoked entries.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_EXTENSION_set_object.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_EXTENSION_set_object.html new file mode 100644 index 00000000..9e48143d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_EXTENSION_set_object.html @@ -0,0 +1,96 @@ + + + + +X509_EXTENSION_set_object + + + + + + + + + + +

NAME

+ +

X509_EXTENSION_set_object, X509_EXTENSION_set_critical, X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID, X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object, X509_EXTENSION_get_critical, X509_EXTENSION_get_data - extension utility functions

+ +

SYNOPSIS

+ +
int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);
+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
+
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
+                                             int nid, int crit,
+                                             ASN1_OCTET_STRING *data);
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+                                             const ASN1_OBJECT *obj, int crit,
+                                             ASN1_OCTET_STRING *data);
+
+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
+int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
+ +

DESCRIPTION

+ +

X509_EXTENSION_set_object() sets the extension type of ex to obj. The obj pointer is duplicated internally so obj should be freed up after use.

+ +

X509_EXTENSION_set_critical() sets the criticality of ex to crit. If crit is zero the extension in non-critical otherwise it is critical.

+ +

X509_EXTENSION_set_data() sets the data in extension ex to data. The data pointer is duplicated internally.

+ +

X509_EXTENSION_create_by_NID() creates an extension of type nid, criticality crit using data data. The created extension is returned and written to *ex reusing or allocating a new extension if necessary so *ex should either be NULL or a valid X509_EXTENSION structure it must not be an uninitialised pointer.

+ +

X509_EXTENSION_create_by_OBJ() is identical to X509_EXTENSION_create_by_NID() except it creates and extension using obj instead of a NID.

+ +

X509_EXTENSION_get_object() returns the extension type of ex as an ASN1_OBJECT pointer. The returned pointer is an internal value which must not be freed up.

+ +

X509_EXTENSION_get_critical() returns the criticality of extension ex it returns 1 for critical and 0 for non-critical.

+ +

X509_EXTENSION_get_data() returns the data of extension ex. The returned pointer is an internal value which must not be freed up.

+ +

NOTES

+ +

These functions manipulate the contents of an extension directly. Most applications will want to parse or encode and add an extension: they should use the extension encode and decode functions instead such as X509_add1_ext_i2d() and X509_get_ext_d2i().

+ +

The data associated with an extension is the extension encoding in an ASN1_OCTET_STRING structure.

+ +

RETURN VALUES

+ +

X509_EXTENSION_set_object() X509_EXTENSION_set_critical() and X509_EXTENSION_set_data() return 1 for success and 0 for failure.

+ +

X509_EXTENSION_create_by_NID() and X509_EXTENSION_create_by_OBJ() return an X509_EXTENSION pointer or NULL if an error occurs.

+ +

X509_EXTENSION_get_object() returns an ASN1_OBJECT pointer.

+ +

X509_EXTENSION_get_critical() returns 0 for non-critical and 1 for critical.

+ +

X509_EXTENSION_get_data() returns an ASN1_OCTET_STRING pointer.

+ +

SEE ALSO

+ +

X509V3_get_d2i(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_LOOKUP.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_LOOKUP.html new file mode 100644 index 00000000..b36bfc85 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_LOOKUP.html @@ -0,0 +1,177 @@ + + + + +X509_LOOKUP + + + + + + + + + + +

NAME

+ +

X509_LOOKUP, X509_LOOKUP_TYPE, X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init, X509_LOOKUP_shutdown, X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, X509_LOOKUP_ctrl, X509_LOOKUP_load_file, X509_LOOKUP_add_dir, X509_LOOKUP_get_store, X509_LOOKUP_by_subject, X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint, X509_LOOKUP_by_alias - OpenSSL certificate lookup mechanisms

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+typedef x509_lookup_st X509_LOOKUP;
+
+typedef enum X509_LOOKUP_TYPE;
+
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
+int X509_LOOKUP_init(X509_LOOKUP *ctx);
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
+void X509_LOOKUP_free(X509_LOOKUP *ctx);
+
+int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data);
+void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
+
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+                     long argl, char **ret);
+int X509_LOOKUP_load_file(X509_LOOKUP *ctx, char *name, long type);
+int X509_LOOKUP_add_dir(X509_LOOKUP *ctx, char *name, long type);
+
+X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
+
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                           X509_NAME *name, X509_OBJECT *ret);
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                 X509_NAME *name, ASN1_INTEGER *serial,
+                                 X509_OBJECT *ret);
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const unsigned char *bytes, int len,
+                               X509_OBJECT *ret);
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                         const char *str, int len, X509_OBJECT *ret);
+ +

DESCRIPTION

+ +

The X509_LOOKUP structure holds the information needed to look up certificates and CRLs according to an associated X509_LOOKUP_METHOD(3). Multiple X509_LOOKUP instances can be added to an X509_STORE(3) to enable lookup in that store.

+ +

X509_LOOKUP_new() creates a new X509_LOOKUP using the given lookup method. It can also be created by calling X509_STORE_add_lookup(3), which will associate an X509_STORE with the lookup mechanism.

+ +

X509_LOOKUP_init() initializes the internal state and resources as needed by the given X509_LOOKUP to do its work.

+ +

X509_LOOKUP_shutdown() tears down the internal state and resources of the given X509_LOOKUP.

+ +

X509_LOOKUP_free() destructs the given X509_LOOKUP.

+ +

X509_LOOKUP_set_method_data() associates a pointer to application data to the given X509_LOOKUP.

+ +

X509_LOOKUP_get_method_data() retrieves a pointer to application data from the given X509_LOOKUP.

+ +

X509_LOOKUP_ctrl() is used to set or get additional data to or from an X509_LOOKUP structure or its associated X509_LOOKUP_METHOD(3). The arguments of the control command are passed via argc and argl, its return value via *ret. The meaning of the arguments depends on the cmd number of the control command. In general, this function is not called directly, but wrapped by a macro call, see below. The control cmds known to OpenSSL are discussed in more depth in "Control Commands".

+ +

X509_LOOKUP_load_file() passes a filename to be loaded immediately into the associated X509_STORE. type indicates what type of object is expected. This can only be used with a lookup using the implementation X509_LOOKUP_file(3).

+ +

X509_LOOKUP_add_dir() passes a directory specification from which certificates and CRLs are loaded on demand into the associated X509_STORE. type indicates what type of object is expected. This can only be used with a lookup using the implementation X509_LOOKUP_hash_dir(3).

+ +

X509_LOOKUP_load_file(), X509_LOOKUP_add_dir(), X509_LOOKUP_add_store(), and X509_LOOKUP_load_store() are implemented as macros that use X509_LOOKUP_ctrl().

+ +

X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(), X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() look up certificates and CRLs in the X509_STORE(3) associated with the X509_LOOKUP using different criteria, where the looked up object is stored in ret. Some of the underlying X509_LOOKUP_METHODs will also cache objects matching the criteria in the associated X509_STORE, which makes it possible to handle cases where the criteria have more than one hit.

+ +

File Types

+ +

X509_LOOKUP_load_file() and X509_LOOKUP_add_dir() take a type, which can be one of the following:

+ +
+ +
X509_FILETYPE_PEM
+
+ +

The file or files that are loaded are expected to be in PEM format.

+ +
+
X509_FILETYPE_ASN1
+
+ +

The file or files that are loaded are expected to be in raw DER format.

+ +
+
X509_FILETYPE_DEFAULT
+
+ +

The default certificate file or directory is used. In this case, name is ignored.

+ +
+
+ +

Control Commands

+ +

The X509_LOOKUP_METHODs built into OpenSSL recognise the following X509_LOOKUP_ctrl() cmds:

+ +
+ +
X509_L_FILE_LOAD
+
+ +

This is the command that X509_LOOKUP_load_file() uses. The filename is passed in argc, and the type in argl.

+ +
+
X509_L_ADD_DIR
+
+ +

This is the command that X509_LOOKUP_add_dir() uses. The directory specification is passed in argc, and the type in argl.

+ +
+
X509_L_ADD_STORE
+
+ +

This is the command that X509_LOOKUP_add_store() uses. The URI is passed in argc.

+ +
+
X509_L_LOAD_STORE
+
+ +

This is the command that X509_LOOKUP_load_store() uses. The URI is passed in argc.

+ +
+
+ +

RETURN VALUES

+ +

X509_LOOKUP_new() returns an X509_LOOKUP pointer when successful, or NULL on error.

+ +

X509_LOOKUP_init() and X509_LOOKUP_shutdown() return 1 on success, or 0 on error.

+ +

X509_LOOKUP_ctrl() returns -1 if the X509_LOOKUP doesn't have an associated X509_LOOKUP_METHOD, or 1 if the doesn't have a control function. Otherwise, it returns what the control function in the X509_LOOKUP_METHOD returns, which is usually 1 on success and 0 in error.

+ +

X509_LOOKUP_get_store() returns an X509_STORE pointer if there is one, otherwise NULL.

+ +

X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(), X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() all return 0 if there is no X509_LOOKUP_METHOD or that method doesn't implement the corresponding function. Otherwise, it returns what the corresponding function in the X509_LOOKUP_METHOD returns, which is usually 1 on success and 0 in error.

+ +

SEE ALSO

+ +

X509_LOOKUP_METHOD(3), X509_STORE(3)

+ +

COPYRIGHT

+ +

Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_LOOKUP_hash_dir.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_LOOKUP_hash_dir.html new file mode 100644 index 00000000..f5f09924 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_LOOKUP_hash_dir.html @@ -0,0 +1,106 @@ + + + + +X509_LOOKUP_hash_dir + + + + + + + + + + +

NAME

+ +

X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_load_cert_file, X509_load_crl_file, X509_load_cert_crl_file - Default OpenSSL certificate lookup methods

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+ +

DESCRIPTION

+ +

X509_LOOKUP_hash_dir and X509_LOOKUP_file are two certificate lookup methods to use with X509_STORE, provided by OpenSSL library.

+ +

Users of the library typically do not need to create instances of these methods manually, they would be created automatically by X509_STORE_load_locations(3) or SSL_CTX_load_verify_locations(3) functions.

+ +

Internally loading of certificates and CRLs is implemented via functions X509_load_cert_crl_file, X509_load_cert_file and X509_load_crl_file. These functions support parameter type, which can be one of constants FILETYPE_PEM, FILETYPE_ASN1 and FILETYPE_DEFAULT. They load certificates and/or CRLs from specified file into memory cache of X509_STORE objects which given ctx parameter is associated with.

+ +

Functions X509_load_cert_file and X509_load_crl_file can load both PEM and DER formats depending of type value. Because DER format cannot contain more than one certificate or CRL object (while PEM can contain several concatenated PEM objects) X509_load_cert_crl_file with FILETYPE_ASN1 is equivalent to X509_load_cert_file.

+ +

Constant FILETYPE_DEFAULT with NULL filename causes these functions to load default certificate store file (see X509_STORE_set_default_paths(3).

+ +

Functions return number of objects loaded from file or 0 in case of error.

+ +

Both methods support adding several certificate locations into one X509_STORE.

+ +

This page documents certificate store formats used by these methods and caching policy.

+ +

File Method

+ +

The X509_LOOKUP_file method loads all the certificates or CRLs present in a file into memory at the time the file is added as a lookup source.

+ +

File format is ASCII text which contains concatenated PEM certificates and CRLs.

+ +

This method should be used by applications which work with a small set of CAs.

+ +

Hashed Directory Method

+ +

X509_LOOKUP_hash_dir is a more advanced method, which loads certificates and CRLs on demand, and caches them in memory once they are loaded. As of OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so that newer CRLs are as soon as they appear in the directory.

+ +

The directory should contain one certificate or CRL per file in PEM format, with a file name of the form hash.N for a certificate, or hash.rN for a CRL. The hash is the value returned by the X509_NAME_hash(3) function applied to the subject name for certificates or issuer name for CRLs. The hash can also be obtained via the -hash option of the x509(1) or crl(1) commands.

+ +

The .N or .rN suffix is a sequence number that starts at zero, and is incremented consecutively for each certificate or CRL with the same hash value. Gaps in the sequence numbers are not supported, it is assumed that there are no more objects with the same hash beyond the first missing number in the sequence.

+ +

Sequence numbers make it possible for the directory to contain multiple certificates with same subject name hash value. For example, it is possible to have in the store several certificates with same subject or several CRLs with same issuer (and, for example, different validity period).

+ +

When checking for new CRLs once one CRL for given hash value is loaded, hash_dir lookup method checks only for certificates with sequence number greater than that of the already cached CRL.

+ +

Note that the hash algorithm used for subject name hashing changed in OpenSSL 1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL 0.9.8 to 1.0.0.

+ +

OpenSSL includes a rehash(1) utility which creates symlinks with correct hashed names for all files with .pem suffix in a given directory.

+ +

RETURN VALUES

+ +

X509_LOOKUP_hash_dir() and X509_LOOKUP_file() always return a valid X509_LOOKUP_METHOD structure.

+ +

X509_load_cert_file(), X509_load_crl_file() and X509_load_cert_crl_file() return the number of loaded objects or 0 on error.

+ +

SEE ALSO

+ +

PEM_read_PrivateKey(3), X509_STORE_load_locations(3), X509_store_add_lookup(3), SSL_CTX_load_verify_locations(3), X509_LOOKUP_meth_new(3),

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_LOOKUP_meth_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_LOOKUP_meth_new.html new file mode 100644 index 00000000..99b3a24d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_LOOKUP_meth_new.html @@ -0,0 +1,158 @@ + + + + +X509_LOOKUP_meth_new + + + + + + + + + + +

NAME

+ +

X509_LOOKUP_METHOD, X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, X509_LOOKUP_meth_get_shutdown, X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, X509_LOOKUP_meth_get_get_by_subject, X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, X509_LOOKUP_meth_get_get_by_issuer_serial, X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, X509_LOOKUP_meth_get_get_by_fingerprint, X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, X509_LOOKUP_meth_get_get_by_alias, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL - Routines to build up X509_LOOKUP methods

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+typedef x509_lookup_method_st X509_LOOKUP_METHOD;
+
+X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name);
+void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method,
+                                  int (*new_item) (X509_LOOKUP *ctx));
+int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method,
+                              void (*free) (X509_LOOKUP *ctx));
+void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method,
+                              int (*init) (X509_LOOKUP *ctx));
+int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method,
+                                  int (*shutdown) (X509_LOOKUP *ctx));
+int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc,
+                                   long argl, char **ret);
+int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_ctrl_fn ctrl_fn);
+X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method);
+
+typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx,
+                                             X509_LOOKUP_TYPE type,
+                                             X509_NAME *name,
+                                             X509_OBJECT *ret);
+int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_subject_fn fn);
+X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject(
+    const X509_LOOKUP_METHOD *method);
+
+typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx,
+                                                   X509_LOOKUP_TYPE type,
+                                                   X509_NAME *name,
+                                                   ASN1_INTEGER *serial,
+                                                   X509_OBJECT *ret);
+int X509_LOOKUP_meth_set_get_by_issuer_serial(
+    X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn);
+X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial(
+    const X509_LOOKUP_METHOD *method);
+
+typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx,
+                                                 X509_LOOKUP_TYPE type,
+                                                 const unsigned char* bytes,
+                                                 int len,
+                                                 X509_OBJECT *ret);
+int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_fingerprint_fn fn);
+X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint(
+    const X509_LOOKUP_METHOD *method);
+
+typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx,
+                                           X509_LOOKUP_TYPE type,
+                                           const char *str,
+                                           int len,
+                                           X509_OBJECT *ret);
+int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_alias_fn fn);
+X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
+    const X509_LOOKUP_METHOD *method);
+
+int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
+int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
+ +

DESCRIPTION

+ +

The X509_LOOKUP_METHOD type is a structure used for the implementation of new X509_LOOKUP types. It provides a set of functions used by OpenSSL for the implementation of various X509 and X509_CRL lookup capabilities. One instance of an X509_LOOKUP_METHOD can be associated to many instantiations of an X509_LOOKUP structure.

+ +

X509_LOOKUP_meth_new() creates a new X509_LOOKUP_METHOD structure. It should be given a human-readable string containing a brief description of the lookup method.

+ +

X509_LOOKUP_meth_free() destroys a X509_LOOKUP_METHOD structure.

+ +

X509_LOOKUP_get_new_item() and X509_LOOKUP_set_new_item() get and set the function that is called when an X509_LOOKUP object is created with X509_LOOKUP_new(). If an X509_LOOKUP_METHOD requires any per-X509_LOOKUP specific data, the supplied new_item function should allocate this data and invoke X509_LOOKUP_set_method_data(3).

+ +

X509_LOOKUP_get_free() and X509_LOOKUP_set_free() get and set the function that is used to free any method data that was allocated and set from within new_item function.

+ +

X509_LOOKUP_meth_get_init() and X509_LOOKUP_meth_set_init() get and set the function that is used to initialize the method data that was set with X509_LOOKUP_set_method_data(3) as part of the new_item routine.

+ +

X509_LOOKUP_meth_get_shutdown() and X509_LOOKUP_meth_set_shutdown() get and set the function that is used to shut down the method data whose state was previously initialized in the init function.

+ +

X509_LOOKUP_meth_get_ctrl() and X509_LOOKUP_meth_set_ctrl() get and set a function to be used to handle arbitrary control commands issued by X509_LOOKUP_ctrl(). The control function is given the X509_LOOKUP ctx, along with the arguments passed by X509_LOOKUP_ctrl. cmd is an arbitrary integer that defines some operation. argc is a pointer to an array of characters. argl is an integer. ret, if set, points to a location where any return data should be written to. How argc and argl are used depends entirely on the control function.

+ +

X509_LOOKUP_set_get_by_subject(), X509_LOOKUP_set_get_by_issuer_serial(), X509_LOOKUP_set_get_by_fingerprint(), X509_LOOKUP_set_get_by_alias() set the functions used to retrieve an X509 or X509_CRL object by the object's subject, issuer, fingerprint, and alias respectively. These functions are given the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters related to the lookup, and an X509_OBJECT that will receive the requested object.

+ +

Implementations must add objects they find to the X509_STORE object using X509_STORE_add_cert() or X509_STORE_add_crl(). This increments its reference count. However, the X509_STORE_CTX_get_by_subject() function also increases the reference count which leads to one too many references being held. Therefore applications should additionally call X509_free() or X509_CRL_free() to decrement the reference count again.

+ +

Implementations should also use either X509_OBJECT_set1_X509() or X509_OBJECT_set1_X509_CRL() to set the result. Note that this also increments the result's reference count.

+ +

Any method data that was created as a result of the new_item function set by X509_LOOKUP_meth_set_new_item() can be accessed with X509_LOOKUP_get_method_data(3). The X509_STORE object that owns the X509_LOOKUP may be accessed with X509_LOOKUP_get_store(3). Successful lookups should return 1, and unsuccessful lookups should return 0.

+ +

X509_LOOKUP_get_get_by_subject(), X509_LOOKUP_get_get_by_issuer_serial(), X509_LOOKUP_get_get_by_fingerprint(), X509_LOOKUP_get_get_by_alias() retrieve the function set by the corresponding setter.

+ +

RETURN VALUES

+ +

The X509_LOOKUP_meth_set functions return 1 on success or 0 on error.

+ +

The X509_LOOKUP_meth_get functions return the corresponding function pointers.

+ +

SEE ALSO

+ +

X509_STORE_new(3), SSL_CTX_set_cert_store(3)

+ +

HISTORY

+ +

The functions described here were added in OpenSSL 1.1.0i.

+ +

COPYRIGHT

+ +

Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_NAME_ENTRY_get_object.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_NAME_ENTRY_get_object.html new file mode 100644 index 00000000..b305f83b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_NAME_ENTRY_get_object.html @@ -0,0 +1,94 @@ + + + + +X509_NAME_ENTRY_get_object + + + + + + + + + + +

NAME

+ +

X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
+ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
+
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+                             const unsigned char *bytes, int len);
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field,
+                                               int type, const unsigned char *bytes,
+                                               int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+                                               int type, const unsigned char *bytes,
+                                               int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+                                               const ASN1_OBJECT *obj, int type,
+                                               const unsigned char *bytes, int len);
+ +

DESCRIPTION

+ +

X509_NAME_ENTRY_get_object() retrieves the field name of ne in and ASN1_OBJECT structure.

+ +

X509_NAME_ENTRY_get_data() retrieves the field value of ne in and ASN1_STRING structure.

+ +

X509_NAME_ENTRY_set_object() sets the field name of ne to obj.

+ +

X509_NAME_ENTRY_set_data() sets the field value of ne to string type type and value determined by bytes and len.

+ +

X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_create_by_OBJ() create and return an X509_NAME_ENTRY structure.

+ +

NOTES

+ +

X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be used to examine an X509_NAME_ENTRY function as returned by X509_NAME_get_entry() for example.

+ +

X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(), X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data() are seldom used in practice because X509_NAME_ENTRY structures are almost always part of X509_NAME structures and the corresponding X509_NAME functions are typically used to create and add new entries in a single operation.

+ +

The arguments of these functions support similar options to the similarly named ones of the corresponding X509_NAME functions such as X509_NAME_add_entry_by_txt(). So for example type can be set to MBSTRING_ASC but in the case of X509_set_data() the field name must be set first so the relevant field information can be looked up internally.

+ +

RETURN VALUES

+ +

X509_NAME_ENTRY_get_object() returns a valid ASN1_OBJECT structure if it is set or NULL if an error occurred.

+ +

X509_NAME_ENTRY_get_data() returns a valid ASN1_STRING structure if it is set or NULL if an error occurred.

+ +

X509_NAME_ENTRY_set_object() and X509_NAME_ENTRY_set_data() return 1 on success or 0 on error.

+ +

X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_create_by_OBJ() return a valid X509_NAME_ENTRY on success or NULL if an error occurred.

+ +

SEE ALSO

+ +

ERR_get_error(3), d2i_X509_NAME(3), OBJ_nid2obj(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_NAME_add_entry_by_txt.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_NAME_add_entry_by_txt.html new file mode 100644 index 00000000..b6d53e89 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_NAME_add_entry_by_txt.html @@ -0,0 +1,119 @@ + + + + +X509_NAME_add_entry_by_txt + + + + + + + + + + +

NAME

+ +

X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+                               const unsigned char *bytes, int len, int loc, int set);
+
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
+                               const unsigned char *bytes, int len, int loc, int set);
+
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+                               const unsigned char *bytes, int len, int loc, int set);
+
+int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, int set);
+
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+ +

DESCRIPTION

+ +

X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ() and X509_NAME_add_entry_by_NID() add a field whose name is defined by a string field, an object obj or a NID nid respectively. The field value to be added is in bytes of length len. If len is -1 then the field length is calculated internally using strlen(bytes).

+ +

The type of field is determined by type which can either be a definition of the type of bytes (such as MBSTRING_ASC) or a standard ASN1 type (such as V_ASN1_IA5STRING). The new entry is added to a position determined by loc and set.

+ +

X509_NAME_add_entry() adds a copy of X509_NAME_ENTRY structure ne to name. The new entry is added to a position determined by loc and set. Since a copy of ne is added ne must be freed up after the call.

+ +

X509_NAME_delete_entry() deletes an entry from name at position loc. The deleted entry is returned and must be freed up.

+ +

NOTES

+ +

The use of string types such as MBSTRING_ASC or MBSTRING_UTF8 is strongly recommended for the type parameter. This allows the internal code to correctly determine the type of the field and to apply length checks according to the relevant standards. This is done using ASN1_STRING_set_by_NID().

+ +

If instead an ASN1 type is used no checks are performed and the supplied data in bytes is used directly.

+ +

In X509_NAME_add_entry_by_txt() the field string represents the field name using OBJ_txt2obj(field, 0).

+ +

The loc and set parameters determine where a new entry should be added. For almost all applications loc can be set to -1 and set to 0. This adds a new entry to the end of name as a single valued RelativeDistinguishedName (RDN).

+ +

loc actually determines the index where the new entry is inserted: if it is -1 it is appended.

+ +

set determines how the new type is added. If it is zero a new RDN is created.

+ +

If set is -1 or 1 it is added to the previous or next RDN structure respectively. This will then be a multivalued RDN: since multivalues RDNs are very seldom used set is almost always set to zero.

+ +

RETURN VALUES

+ +

X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ(), X509_NAME_add_entry_by_NID() and X509_NAME_add_entry() return 1 for success of 0 if an error occurred.

+ +

X509_NAME_delete_entry() returns either the deleted X509_NAME_ENTRY structure of NULL if an error occurred.

+ +

EXAMPLES

+ +

Create an X509_NAME structure:

+ +

"C=UK, O=Disorganized Organization, CN=Joe Bloggs"

+ +
X509_NAME *nm;
+
+nm = X509_NAME_new();
+if (nm == NULL)
+    /* Some error */
+if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC,
+                                "UK", -1, -1, 0))
+    /* Error */
+if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC,
+                                "Disorganized Organization", -1, -1, 0))
+    /* Error */
+if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC,
+                                "Joe Bloggs", -1, -1, 0))
+    /* Error */
+ +

BUGS

+ +

type can still be set to V_ASN1_APP_CHOOSE to use a different algorithm to determine field types. Since this form does not understand multicharacter types, performs no length checks and can result in invalid field types its use is strongly discouraged.

+ +

SEE ALSO

+ +

ERR_get_error(3), d2i_X509_NAME(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_NAME_get0_der.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_NAME_get0_der.html new file mode 100644 index 00000000..0d2d29bb --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_NAME_get0_der.html @@ -0,0 +1,57 @@ + + + + +X509_NAME_get0_der + + + + + + + + + + +

NAME

+ +

X509_NAME_get0_der - get X509_NAME DER encoding

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
+                       size_t *pderlen)
+ +

DESCRIPTION

+ +

The function X509_NAME_get0_der() returns an internal pointer to the encoding of an X509_NAME structure in *pder and consisting of *pderlen bytes. It is useful for applications that wish to examine the encoding of an X509_NAME structure without copying it.

+ +

RETURN VALUES

+ +

The function X509_NAME_get0_der() returns 1 for success and 0 if an error occurred.

+ +

SEE ALSO

+ +

d2i_X509(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_NAME_get_index_by_NID.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_NAME_get_index_by_NID.html new file mode 100644 index 00000000..93170e31 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_NAME_get_index_by_NID.html @@ -0,0 +1,112 @@ + + + + +X509_NAME_get_index_by_NID + + + + + + + + + + +

NAME

+ +

X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ - X509_NAME lookup and enumeration functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos);
+
+int X509_NAME_entry_count(const X509_NAME *name);
+X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
+
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len);
+ +

DESCRIPTION

+ +

These functions allow an X509_NAME structure to be examined. The X509_NAME structure is the same as the Name type defined in RFC2459 (and elsewhere) and used for example in certificate subject and issuer names.

+ +

X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve the next index matching nid or obj after lastpos. lastpos should initially be set to -1. If there are no more entries -1 is returned. If nid is invalid (doesn't correspond to a valid OID) then -2 is returned.

+ +

X509_NAME_entry_count() returns the total number of entries in name.

+ +

X509_NAME_get_entry() retrieves the X509_NAME_ENTRY from name corresponding to index loc. Acceptable values for loc run from 0 to (X509_NAME_entry_count(name) - 1). The value returned is an internal pointer which must not be freed.

+ +

X509_NAME_get_text_by_NID(), X509_NAME_get_text_by_OBJ() retrieve the "text" from the first entry in name which matches nid or obj, if no such entry exists -1 is returned. At most len bytes will be written and the text written to buf will be null terminated. The length of the output string written is returned excluding the terminating null. If buf is <NULL> then the amount of space needed in buf (excluding the final null) is returned.

+ +

NOTES

+ +

X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() should be considered deprecated because they have various limitations which make them of minimal use in practice. They can only find the first matching entry and will copy the contents of the field verbatim: this can be highly confusing if the target is a multicharacter string type like a BMPString or a UTF8String.

+ +

For a more general solution X509_NAME_get_index_by_NID() or X509_NAME_get_index_by_OBJ() should be used followed by X509_NAME_get_entry() on any matching indices and then the various X509_NAME_ENTRY utility functions on the result.

+ +

The list of all relevant NID_* and OBJ_* codes can be found in the source code header files <openssl/obj_mac.h> and/or <openssl/objects.h>.

+ +

Applications which could pass invalid NIDs to X509_NAME_get_index_by_NID() should check for the return value of -2. Alternatively the NID validity can be determined first by checking OBJ_nid2obj(nid) is not NULL.

+ +

RETURN VALUES

+ +

X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() return the index of the next matching entry or -1 if not found. X509_NAME_get_index_by_NID() can also return -2 if the supplied NID is invalid.

+ +

X509_NAME_entry_count() returns the total number of entries.

+ +

X509_NAME_get_entry() returns an X509_NAME pointer to the requested entry or NULL if the index is invalid.

+ +

EXAMPLES

+ +

Process all entries:

+ +
int i;
+X509_NAME_ENTRY *e;
+
+for (i = 0; i < X509_NAME_entry_count(nm); i++) {
+    e = X509_NAME_get_entry(nm, i);
+    /* Do something with e */
+}
+ +

Process all commonName entries:

+ +
int lastpos = -1;
+X509_NAME_ENTRY *e;
+
+for (;;) {
+    lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
+    if (lastpos == -1)
+        break;
+    e = X509_NAME_get_entry(nm, lastpos);
+    /* Do something with e */
+}
+ +

SEE ALSO

+ +

ERR_get_error(3), d2i_X509_NAME(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_NAME_print_ex.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_NAME_print_ex.html new file mode 100644 index 00000000..d3d48115 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_NAME_print_ex.html @@ -0,0 +1,106 @@ + + + + +X509_NAME_print_ex + + + + + + + + + + +

NAME

+ +

X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, X509_NAME_oneline - X509_NAME printing routines

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags);
+int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags);
+char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
+int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
+ +

DESCRIPTION

+ +

X509_NAME_print_ex() prints a human readable version of nm to BIO out. Each line (for multiline formats) is indented by indent spaces. The output format can be extensively customised by use of the flags parameter.

+ +

X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output is written to FILE pointer fp.

+ +

X509_NAME_oneline() prints an ASCII version of a to buf. If buf is NULL then a buffer is dynamically allocated and returned, and size is ignored. Otherwise, at most size bytes will be written, including the ending '\0', and buf is returned.

+ +

X509_NAME_print() prints out name to bp indenting each line by obase characters. Multiple lines are used if the output (including indent) exceeds 80 characters.

+ +

NOTES

+ +

The functions X509_NAME_oneline() and X509_NAME_print() produce a non standard output form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications and they could be deprecated in a future release.

+ +

Although there are a large number of possible flags for most purposes XN_FLAG_ONELINE, XN_FLAG_MULTILINE or XN_FLAG_RFC2253 will suffice. As noted on the ASN1_STRING_print_ex(3) manual page for UTF8 terminals the ASN1_STRFLGS_ESC_MSB should be unset: so for example XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB would be used.

+ +

The complete set of the flags supported by X509_NAME_print_ex() is listed below.

+ +

Several options can be ored together.

+ +

The options XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_SPLUS_SPC and XN_FLAG_SEP_MULTILINE determine the field separators to use. Two distinct separators are used between distinct RelativeDistinguishedName components and separate values in the same RDN for a multi-valued RDN. Multi-valued RDNs are currently very rare so the second separator will hardly ever be used.

+ +

XN_FLAG_SEP_COMMA_PLUS uses comma and plus as separators. XN_FLAG_SEP_CPLUS_SPC uses comma and plus with spaces: this is more readable that plain comma and plus. XN_FLAG_SEP_SPLUS_SPC uses spaced semicolon and plus. XN_FLAG_SEP_MULTILINE uses spaced newline and plus respectively.

+ +

If XN_FLAG_DN_REV is set the whole DN is printed in reversed order.

+ +

The fields XN_FLAG_FN_SN, XN_FLAG_FN_LN, XN_FLAG_FN_OID, XN_FLAG_FN_NONE determine how a field name is displayed. It will use the short name (e.g. CN) the long name (e.g. commonName) always use OID numerical form (normally OIDs are only used if the field name is not recognised) and no field name respectively.

+ +

If XN_FLAG_SPC_EQ is set then spaces will be placed around the '=' character separating field names and values.

+ +

If XN_FLAG_DUMP_UNKNOWN_FIELDS is set then the encoding of unknown fields is printed instead of the values.

+ +

If XN_FLAG_FN_ALIGN is set then field names are padded to 20 characters: this is only of use for multiline format.

+ +

Additionally all the options supported by ASN1_STRING_print_ex() can be used to control how each field value is displayed.

+ +

In addition a number options can be set for commonly used formats.

+ +

XN_FLAG_RFC2253 sets options which produce an output compatible with RFC2253 it is equivalent to: ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS

+ +

XN_FLAG_ONELINE is a more readable one line format which is the same as: ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN

+ +

XN_FLAG_MULTILINE is a multiline format which is the same as: ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN

+ +

XN_FLAG_COMPAT uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally.

+ +

RETURN VALUES

+ +

X509_NAME_oneline() returns a valid string on success or NULL on error.

+ +

X509_NAME_print() returns 1 on success or 0 on error.

+ +

X509_NAME_print_ex() and X509_NAME_print_ex_fp() return 1 on success or 0 on error if the XN_FLAG_COMPAT is set, which is the same as X509_NAME_print(). Otherwise, it returns -1 on error or other values on success.

+ +

SEE ALSO

+ +

ASN1_STRING_print_ex(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_PUBKEY_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_PUBKEY_new.html new file mode 100644 index 00000000..171dea2d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_PUBKEY_new.html @@ -0,0 +1,110 @@ + + + + +X509_PUBKEY_new + + + + + + + + + + +

NAME

+ +

X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+X509_PUBKEY *X509_PUBKEY_new(void);
+void X509_PUBKEY_free(X509_PUBKEY *a);
+
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
+
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
+
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
+
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
+
+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                           int ptype, void *pval,
+                           unsigned char *penc, int penclen);
+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                           const unsigned char **pk, int *ppklen,
+                           X509_ALGOR **pa, X509_PUBKEY *pub);
+ +

DESCRIPTION

+ +

The X509_PUBKEY structure represents the ASN.1 SubjectPublicKeyInfo structure defined in RFC5280 and used in certificates and certificate requests.

+ +

X509_PUBKEY_new() allocates and initializes an X509_PUBKEY structure.

+ +

X509_PUBKEY_free() frees up X509_PUBKEY structure a. If a is NULL nothing is done.

+ +

X509_PUBKEY_set() sets the public key in *x to the public key contained in the EVP_PKEY structure pkey. If *x is not NULL any existing public key structure will be freed.

+ +

X509_PUBKEY_get0() returns the public key contained in key. The returned value is an internal pointer which MUST NOT be freed after use.

+ +

X509_PUBKEY_get() is similar to X509_PUBKEY_get0() except the reference count on the returned key is incremented so it MUST be freed using EVP_PKEY_free() after use.

+ +

d2i_PUBKEY() and i2d_PUBKEY() decode and encode an EVP_PKEY structure using SubjectPublicKeyInfo format. They otherwise follow the conventions of other ASN.1 functions such as d2i_X509().

+ +

d2i_PUBKEY_bio(), d2i_PUBKEY_fp(), i2d_PUBKEY_bio() and i2d_PUBKEY_fp() are similar to d2i_PUBKEY() and i2d_PUBKEY() except they decode or encode using a BIO or FILE pointer.

+ +

X509_PUBKEY_set0_param() sets the public key parameters of pub. The OID associated with the algorithm is set to aobj. The type of the algorithm parameters is set to type using the structure pval. The encoding of the public key itself is set to the penclen bytes contained in buffer penc. On success ownership of all the supplied parameters is passed to pub so they must not be freed after the call.

+ +

X509_PUBKEY_get0_param() retrieves the public key parameters from pub, *ppkalg is set to the associated OID and the encoding consists of *ppklen bytes at *pk, *pa is set to the associated AlgorithmIdentifier for the public key. If the value of any of these parameters is not required it can be set to NULL. All of the retrieved pointers are internal and must not be freed after the call.

+ +

NOTES

+ +

The X509_PUBKEY functions can be used to encode and decode public keys in a standard format.

+ +

In many cases applications will not call the X509_PUBKEY functions directly: they will instead call wrapper functions such as X509_get0_pubkey().

+ +

RETURN VALUES

+ +

If the allocation fails, X509_PUBKEY_new() returns NULL and sets an error code that can be obtained by ERR_get_error(3).

+ +

Otherwise it returns a pointer to the newly allocated structure.

+ +

X509_PUBKEY_free() does not return a value.

+ +

X509_PUBKEY_get0() and X509_PUBKEY_get() return a pointer to an EVP_PKEY structure or NULL if an error occurs.

+ +

X509_PUBKEY_set(), X509_PUBKEY_set0_param() and X509_PUBKEY_get0_param() return 1 for success and 0 if an error occurred.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_get_pubkey(3),

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_SIG_get0.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_SIG_get0.html new file mode 100644 index 00000000..887a2ba5 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_SIG_get0.html @@ -0,0 +1,59 @@ + + + + +X509_SIG_get0 + + + + + + + + + + +

NAME

+ +

X509_SIG_get0, X509_SIG_getm - DigestInfo functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
+                   const ASN1_OCTET_STRING **pdigest);
+void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+                   ASN1_OCTET_STRING **pdigest,
+ +

DESCRIPTION

+ +

X509_SIG_get0() returns pointers to the algorithm identifier and digest value in sig. X509_SIG_getm() is identical to X509_SIG_get0() except the pointers returned are not constant and can be modified: for example to initialise them.

+ +

RETURN VALUES

+ +

X509_SIG_get0() and X509_SIG_getm() return no values.

+ +

SEE ALSO

+ +

d2i_X509(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_CTX_get_error.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_CTX_get_error.html new file mode 100644 index 00000000..98ec5ca0 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_CTX_get_error.html @@ -0,0 +1,374 @@ + + + + +X509_STORE_CTX_get_error + + + + + + + + + + +

NAME

+ +

X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set certificate verification status information

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int   X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+void  X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
+int   X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+void  X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+void  X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
+
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
+
+const char *X509_verify_cert_error_string(long n);
+ +

DESCRIPTION

+ +

These functions are typically called after X509_verify_cert() has indicated an error or in a verification callback to determine the nature of an error.

+ +

X509_STORE_CTX_get_error() returns the error code of ctx, see the ERROR CODES section for a full description of all error codes.

+ +

X509_STORE_CTX_set_error() sets the error code of ctx to s. For example it might be used in a verification callback to set an error based on additional checks.

+ +

X509_STORE_CTX_get_error_depth() returns the depth of the error. This is a non-negative integer representing where in the certificate chain the error occurred. If it is zero it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on.

+ +

X509_STORE_CTX_set_error_depth() sets the error depth. This can be used in combination with X509_STORE_CTX_set_error() to set the depth at which an error condition was detected.

+ +

X509_STORE_CTX_get_current_cert() returns the certificate in ctx which caused the error or NULL if no certificate is relevant.

+ +

X509_STORE_CTX_set_current_cert() sets the certificate x in ctx which caused the error. This value is not intended to remain valid for very long, and remains owned by the caller. It may be examined by a verification callback invoked to handle each error encountered during chain verification and is no longer required after such a callback. If a callback wishes the save the certificate for use after it returns, it needs to increment its reference count via X509_up_ref(3). Once such a saved certificate is no longer needed it can be freed with X509_free(3).

+ +

X509_STORE_CTX_get0_cert() retrieves an internal pointer to the certificate being verified by the ctx.

+ +

X509_STORE_CTX_get1_chain() returns a complete validate chain if a previous call to X509_verify_cert() is successful. If the call to X509_verify_cert() is not successful the returned chain may be incomplete or invalid. The returned chain persists after the ctx structure is freed, when it is no longer needed it should be free up using:

+ +
sk_X509_pop_free(chain, X509_free);
+ +

X509_verify_cert_error_string() returns a human readable error string for verification error n.

+ +

RETURN VALUES

+ +

X509_STORE_CTX_get_error() returns X509_V_OK or an error code.

+ +

X509_STORE_CTX_get_error_depth() returns a non-negative error depth.

+ +

X509_STORE_CTX_get_current_cert() returns the certificate which caused the error or NULL if no certificate is relevant to the error.

+ +

X509_verify_cert_error_string() returns a human readable error string for verification error n.

+ +

ERROR CODES

+ +

A list of error codes and messages is shown below. Some of the error codes are defined but currently never returned: these are described as "unused".

+ +
+ +
X509_V_OK: ok
+
+ +

the operation was successful.

+ +
+
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate
+
+ +

the issuer certificate of a locally looked up certificate could not be found. This normally means the list of trusted certificates is not complete.

+ +
+
X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL
+
+ +

the CRL of a certificate could not be found.

+ +
+
X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature
+
+ +

the certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for RSA keys.

+ +
+
X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature
+
+ +

the CRL signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused.

+ +
+
X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key
+
+ +

the public key in the certificate SubjectPublicKeyInfo could not be read.

+ +
+
X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure
+
+ +

the signature of the certificate is invalid.

+ +
+
X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure
+
+ +

the signature of the certificate is invalid.

+ +
+
X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid
+
+ +

the certificate is not yet valid: the notBefore date is after the current time.

+ +
+
X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired
+
+ +

the certificate has expired: that is the notAfter date is before the current time.

+ +
+
X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid
+
+ +

the CRL is not yet valid.

+ +
+
X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired
+
+ +

the CRL has expired.

+ +
+
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field
+
+ +

the certificate notBefore field contains an invalid time.

+ +
+
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field
+
+ +

the certificate notAfter field contains an invalid time.

+ +
+
X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field
+
+ +

the CRL lastUpdate field contains an invalid time.

+ +
+
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field
+
+ +

the CRL nextUpdate field contains an invalid time.

+ +
+
X509_V_ERR_OUT_OF_MEM: out of memory
+
+ +

an error occurred trying to allocate memory. This should never happen.

+ +
+
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate
+
+ +

the passed certificate is self signed and the same certificate cannot be found in the list of trusted certificates.

+ +
+
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain
+
+ +

the certificate chain could be built up using the untrusted certificates but the root could not be found locally.

+ +
+
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
+
+ +

the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found.

+ +
+
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate
+
+ +

no signatures could be verified because the chain contains only one certificate and it is not self signed.

+ +
+
X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long
+
+ +

the certificate chain length is greater than the supplied maximum depth. Unused.

+ +
+
X509_V_ERR_CERT_REVOKED: certificate revoked
+
+ +

the certificate has been revoked.

+ +
+
X509_V_ERR_INVALID_CA: invalid CA certificate
+
+ +

a CA certificate is invalid. Either it is not a CA or its extensions are not consistent with the supplied purpose.

+ +
+
X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded
+
+ +

the basicConstraints path-length parameter has been exceeded.

+ +
+
X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose
+
+ +

the supplied certificate cannot be used for the specified purpose.

+ +
+
X509_V_ERR_CERT_UNTRUSTED: certificate not trusted
+
+ +

the root CA is not marked as trusted for the specified purpose.

+ +
+
X509_V_ERR_CERT_REJECTED: certificate rejected
+
+ +

the root CA is marked to reject the specified purpose.

+ +
+
X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch
+
+ +

the current candidate issuer certificate was rejected because its subject name did not match the issuer name of the current certificate. This is only set if issuer check debugging is enabled it is used for status notification and is not in itself an error.

+ +
+
X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch
+
+ +

the current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate. This is only set if issuer check debugging is enabled it is used for status notification and is not in itself an error.

+ +
+
X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch
+
+ +

the current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. This is only set if issuer check debugging is enabled it is used for status notification and is not in itself an error.

+ +
+
X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing
+
+ +

the current candidate issuer certificate was rejected because its keyUsage extension does not permit certificate signing. This is only set if issuer check debugging is enabled it is used for status notification and is not in itself an error.

+ +
+
X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension
+
+ +

A certificate extension had an invalid value (for example an incorrect encoding) or some value inconsistent with other extensions.

+ +
+
X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension
+
+ +

A certificate policies extension had an invalid value (for example an incorrect encoding) or some value inconsistent with other extensions. This error only occurs if policy processing is enabled.

+ +
+
X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy
+
+ +

The verification flags were set to require and explicit policy but none was present.

+ +
+
X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope
+
+ +

The only CRLs that could be found did not match the scope of the certificate.

+ +
+
X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature
+
+ +

Some feature of a certificate extension is not supported. Unused.

+ +
+
X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation
+
+ +

A name constraint violation occurred in the permitted subtrees.

+ +
+
X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation
+
+ +

A name constraint violation occurred in the excluded subtrees.

+ +
+
X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported
+
+ +

A certificate name constraints extension included a minimum or maximum field: this is not supported.

+ +
+
X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type
+
+ +

An unsupported name constraint type was encountered. OpenSSL currently only supports directory name, DNS name, email and URI types.

+ +
+
X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax
+
+ +

The format of the name constraint is not recognised: for example an email address format of a form not mentioned in RFC3280. This could be caused by a garbage extension or some new feature not currently supported.

+ +
+
X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error
+
+ +

An error occurred when attempting to verify the CRL path. This error can only happen if extended CRL checking is enabled.

+ +
+
X509_V_ERR_APPLICATION_VERIFICATION: application verification failure
+
+ +

an application specific error. This will never be returned unless explicitly set by an application.

+ +
+
+ +

NOTES

+ +

The above functions should be used instead of directly referencing the fields in the X509_VERIFY_CTX structure.

+ +

In versions of OpenSSL before 1.0 the current certificate returned by X509_STORE_CTX_get_current_cert() was never NULL. Applications should check the return value before printing out any debugging information relating to the current certificate.

+ +

If an unrecognised error code is passed to X509_verify_cert_error_string() the numerical value of the unknown code is returned in a static buffer. This is not thread safe but will never happen unless an invalid code is passed.

+ +

SEE ALSO

+ +

X509_verify_cert(3), X509_up_ref(3), X509_free(3).

+ +

COPYRIGHT

+ +

Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_CTX_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_CTX_new.html new file mode 100644 index 00000000..cc1d19c4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_CTX_new.html @@ -0,0 +1,141 @@ + + + + +X509_STORE_CTX_new + + + + + + + + + + +

NAME

+ +

X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, X509_STORE_CTX_get_num_untrusted, X509_STORE_CTX_set_default, X509_STORE_CTX_set_verify, X509_STORE_CTX_verify_fn - X509_STORE_CTX initialisation

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+X509_STORE_CTX *X509_STORE_CTX_new(void);
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
+
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+                        X509 *x509, STACK_OF(X509) *chain);
+
+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x);
+STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain);
+void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
+
+X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
+int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
+
+STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+
+int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx);
+
+typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
+void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify);
+ +

DESCRIPTION

+ +

These functions initialise an X509_STORE_CTX structure for subsequent use by X509_verify_cert().

+ +

X509_STORE_CTX_new() returns a newly initialised X509_STORE_CTX structure.

+ +

X509_STORE_CTX_cleanup() internally cleans up an X509_STORE_CTX structure. The context can then be reused with an new call to X509_STORE_CTX_init().

+ +

X509_STORE_CTX_free() completely frees up ctx. After this call ctx is no longer valid. If ctx is NULL nothing is done.

+ +

X509_STORE_CTX_init() sets up ctx for a subsequent verification operation. It must be called before each call to X509_verify_cert(), i.e. a ctx is only good for one call to X509_verify_cert(); if you want to verify a second certificate with the same ctx then you must call X509_STORE_CTX_cleanup() and then X509_STORE_CTX_init() again before the second call to X509_verify_cert(). The trusted certificate store is set to store, the end entity certificate to be verified is set to x509 and a set of additional certificates (which will be untrusted but may be used to build the chain) in chain. Any or all of the store, x509 and chain parameters can be NULL.

+ +

X509_STORE_CTX_set0_trusted_stack() sets the set of trusted certificates of ctx to sk. This is an alternative way of specifying trusted certificates instead of using an X509_STORE.

+ +

X509_STORE_CTX_set_cert() sets the certificate to be verified in ctx to x.

+ +

X509_STORE_CTX_set0_verified_chain() sets the validated chain used by ctx to be chain. Ownership of the chain is transferred to ctx and should not be free'd by the caller. X509_STORE_CTX_get0_chain() returns a the internal pointer used by the ctx that contains the validated chain.

+ +

X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate verification to sk. These CRLs will only be used if CRL verification is enabled in the associated X509_VERIFY_PARAM structure. This might be used where additional "useful" CRLs are supplied as part of a protocol, for example in a PKCS#7 structure.

+ +

X509_STORE_CTX_get0_param() retrieves an internal pointer to the verification parameters associated with ctx.

+ +

X509_STORE_CTX_get0_untrusted() retrieves an internal pointer to the stack of untrusted certificates associated with ctx.

+ +

X509_STORE_CTX_set0_untrusted() sets the internal point to the stack of untrusted certificates associated with ctx to sk.

+ +

X509_STORE_CTX_set0_param() sets the internal verification parameter pointer to param. After this call param should not be used.

+ +

X509_STORE_CTX_set_default() looks up and sets the default verification method to name. This uses the function X509_VERIFY_PARAM_lookup() to find an appropriate set of parameters from name.

+ +

X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates that were used in building the chain following a call to X509_verify_cert().

+ +

X509_STORE_CTX_set_verify() provides the capability for overriding the default verify function. This function is responsible for verifying chain signatures and expiration times.

+ +

A verify function is defined as an X509_STORE_CTX_verify type which has the following signature:

+ +
int (*verify)(X509_STORE_CTX *);
+ +

This function should receive the current X509_STORE_CTX as a parameter and return 1 on success or 0 on failure.

+ +

NOTES

+ +

The certificates and CRLs in a store are used internally and should not be freed up until after the associated X509_STORE_CTX is freed.

+ +

BUGS

+ +

The certificates and CRLs in a context are used internally and should not be freed up until after the associated X509_STORE_CTX is freed. Copies should be made or reference counts increased instead.

+ +

RETURN VALUES

+ +

X509_STORE_CTX_new() returns an newly allocates context or NULL is an error occurred.

+ +

X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred.

+ +

X509_STORE_CTX_get0_param() returns a pointer to an X509_VERIFY_PARAM structure or NULL if an error occurred.

+ +

X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(), X509_STORE_CTX_set0_trusted_stack(), X509_STORE_CTX_set_cert(), X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return values.

+ +

X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.

+ +

X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates used.

+ +

SEE ALSO

+ +

X509_verify_cert(3) X509_VERIFY_PARAM_set_flags(3)

+ +

HISTORY

+ +

The X509_STORE_CTX_set0_crls() function was added in OpenSSL 1.0.0. The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_CTX_set_verify_cb.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_CTX_set_verify_cb.html new file mode 100644 index 00000000..b0179448 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_CTX_set_verify_cb.html @@ -0,0 +1,184 @@ + + + + +X509_STORE_CTX_set_verify_cb + + + + + + + + + + +

NAME

+ +

X509_STORE_CTX_get_cleanup, X509_STORE_CTX_get_lookup_crls, X509_STORE_CTX_get_lookup_certs, X509_STORE_CTX_get_check_policy, X509_STORE_CTX_get_cert_crl, X509_STORE_CTX_get_check_crl, X509_STORE_CTX_get_get_crl, X509_STORE_CTX_get_check_revocation, X509_STORE_CTX_get_check_issued, X509_STORE_CTX_get_get_issuer, X509_STORE_CTX_get_verify_cb, X509_STORE_CTX_set_verify_cb, X509_STORE_CTX_verify_cb - get and set verification callback

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+
+X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
+
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                  X509_STORE_CTX_verify_cb verify_cb);
+
+X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx);
+X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx);
+X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx);
+X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
+ +

DESCRIPTION

+ +

X509_STORE_CTX_set_verify_cb() sets the verification callback of ctx to verify_cb overwriting any existing callback.

+ +

The verification callback can be used to customise the operation of certificate verification, either by overriding error conditions or logging errors for debugging purposes.

+ +

However a verification callback is not essential and the default operation is often sufficient.

+ +

The ok parameter to the callback indicates the value the callback should return to retain the default behaviour. If it is zero then an error condition is indicated. If it is 1 then no error occurred. If the flag X509_V_FLAG_NOTIFY_POLICY is set then ok is set to 2 to indicate the policy checking is complete.

+ +

The ctx parameter to the callback is the X509_STORE_CTX structure that is performing the verification operation. A callback can examine this structure and receive additional information about the error, for example by calling X509_STORE_CTX_get_current_cert(). Additional application data can be passed to the callback via the ex_data mechanism.

+ +

X509_STORE_CTX_get_verify_cb() returns the value of the current callback for the specific ctx.

+ +

X509_STORE_CTX_get_get_issuer(), X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(), X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(), X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(), X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls() and X509_STORE_CTX_get_cleanup() return the function pointers cached from the corresponding X509_STORE, please see X509_STORE_set_verify(3) for more information.

+ +

WARNINGS

+ +

In general a verification callback should NOT unconditionally return 1 in all circumstances because this will allow verification to succeed no matter what the error. This effectively removes all security from the application because any certificate (including untrusted generated ones) will be accepted.

+ +

NOTES

+ +

The verification callback can be set and inherited from the parent structure performing the operation. In some cases (such as S/MIME verification) the X509_STORE_CTX structure is created and destroyed internally and the only way to set a custom verification callback is by inheriting it from the associated X509_STORE.

+ +

RETURN VALUES

+ +

X509_STORE_CTX_set_verify_cb() does not return a value.

+ +

EXAMPLES

+ +

Default callback operation:

+ +
int verify_callback(int ok, X509_STORE_CTX *ctx) {
+    return ok;
+}
+ +

Simple example, suppose a certificate in the chain is expired and we wish to continue after this error:

+ +
int verify_callback(int ok, X509_STORE_CTX *ctx) {
+    /* Tolerate certificate expiration */
+    if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
+        return 1;
+    /* Otherwise don't override */
+    return ok;
+}
+ +

More complex example, we don't wish to continue after any certificate has expired just one specific case:

+ +
int verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+    int err = X509_STORE_CTX_get_error(ctx);
+    X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
+
+    if (err == X509_V_ERR_CERT_HAS_EXPIRED) {
+        if (check_is_acceptable_expired_cert(err_cert)
+            return 1;
+    }
+    return ok;
+}
+ +

Full featured logging callback. In this case the bio_err is assumed to be a global logging BIO, an alternative would to store a BIO in ctx using ex_data.

+ +
int verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+    X509 *err_cert;
+    int err, depth;
+
+    err_cert = X509_STORE_CTX_get_current_cert(ctx);
+    err = X509_STORE_CTX_get_error(ctx);
+    depth = X509_STORE_CTX_get_error_depth(ctx);
+
+    BIO_printf(bio_err, "depth=%d ", depth);
+    if (err_cert) {
+        X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
+                           0, XN_FLAG_ONELINE);
+        BIO_puts(bio_err, "\n");
+    }
+    else
+        BIO_puts(bio_err, "<no cert>\n");
+    if (!ok)
+        BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
+                   X509_verify_cert_error_string(err));
+    switch (err) {
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+        BIO_puts(bio_err, "issuer= ");
+        X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+                           0, XN_FLAG_ONELINE);
+        BIO_puts(bio_err, "\n");
+        break;
+    case X509_V_ERR_CERT_NOT_YET_VALID:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        BIO_printf(bio_err, "notBefore=");
+        ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
+        BIO_printf(bio_err, "\n");
+        break;
+    case X509_V_ERR_CERT_HAS_EXPIRED:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        BIO_printf(bio_err, "notAfter=");
+        ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
+        BIO_printf(bio_err, "\n");
+        break;
+    case X509_V_ERR_NO_EXPLICIT_POLICY:
+        policies_print(bio_err, ctx);
+        break;
+    }
+    if (err == X509_V_OK && ok == 2)
+        /* print out policies */
+
+    BIO_printf(bio_err, "verify return:%d\n", ok);
+    return(ok);
+}
+ +

SEE ALSO

+ +

X509_STORE_CTX_get_error(3) X509_STORE_set_verify_cb_func(3) X509_STORE_CTX_get_ex_new_index(3)

+ +

HISTORY

+ +

The X509_STORE_CTX_get_get_issuer(), X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(), X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(), X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(), X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls() and X509_STORE_CTX_get_cleanup() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_add_cert.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_add_cert.html new file mode 100644 index 00000000..8e224d64 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_add_cert.html @@ -0,0 +1,86 @@ + + + + +X509_STORE_add_cert + + + + + + + + + + +

NAME

+ +

X509_STORE, X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, X509_STORE_add_lookup, X509_STORE_load_locations, X509_STORE_set_default_paths - X509_STORE manipulation

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+typedef x509_store_st X509_STORE;
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_set_depth(X509_STORE *store, int depth);
+int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
+int X509_STORE_set_trust(X509_STORE *ctx, int trust);
+
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store,
+                                   X509_LOOKUP_METHOD *meth);
+
+int X509_STORE_load_locations(X509_STORE *ctx,
+                              const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *ctx);
+ +

DESCRIPTION

+ +

The X509_STORE structure is intended to be a consolidated mechanism for holding information about X.509 certificates and CRLs, and constructing and validating chains of certificates terminating in trusted roots. It admits multiple lookup mechanisms and efficient scaling performance with large numbers of certificates, and a great deal of flexibility in how validation and policy checks are performed.

+ +

X509_STORE_new(3) creates an empty X509_STORE structure, which contains no information about trusted certificates or where such certificates are located on disk, and is generally not usable. Normally, trusted certificates will be added to the X509_STORE to prepare it for use, via mechanisms such as X509_STORE_add_lookup() and X509_LOOKUP_file(), or PEM_read_bio_X509_AUX() and X509_STORE_add_cert(). CRLs can also be added, and many behaviors configured as desired.

+ +

Once the X509_STORE is suitably configured, X509_STORE_CTX_new() is used to instantiate a single-use X509_STORE_CTX for each chain-building and verification operation. That process includes providing the end-entity certificate to be verified and an additional set of untrusted certificates that may be used in chain-building. As such, it is expected that the certificates included in the X509_STORE are certificates that represent trusted entities such as root certificate authorities (CAs). OpenSSL represents these trusted certificates internally as X509 objects with an associated X509_CERT_AUX, as are produced by PEM_read_bio_X509_AUX() and similar routines that refer to X509_AUX. The public interfaces that operate on such trusted certificates still operate on pointers to X509 objects, though.

+ +

X509_STORE_add_cert() and X509_STORE_add_crl() add the respective object to the X509_STORE's local storage. Untrusted objects should not be added in this way. The added object's reference count is incremented by one, hence the caller retains ownership of the object and needs to free it when it is no longer needed.

+ +

X509_STORE_set_depth(), X509_STORE_set_flags(), X509_STORE_set_purpose(), X509_STORE_set_trust(), and X509_STORE_set1_param() set the default values for the corresponding values used in certificate chain validation. Their behavior is documented in the corresponding X509_VERIFY_PARAM manual pages, e.g., X509_VERIFY_PARAM_set_depth(3).

+ +

X509_STORE_add_lookup() finds or creates a X509_LOOKUP(3) with the X509_LOOKUP_METHOD(3) meth and adds it to the X509_STORE store. This also associates the X509_STORE with the lookup, so X509_LOOKUP functions can look up objects in that store.

+ +

X509_STORE_load_locations() loads trusted certificate(s) into an X509_STORE from a given file and/or directory path. It is permitted to specify just a file, just a directory, or both paths. The certificates in the directory must be in hashed form, as documented in X509_LOOKUP_hash_dir(3).

+ +

X509_STORE_set_default_paths() is somewhat misnamed, in that it does not set what default paths should be used for loading certificates. Instead, it loads certificates into the X509_STORE from the hardcoded default paths.

+ +

RETURN VALUES

+ +

X509_STORE_add_cert(), X509_STORE_add_crl(), X509_STORE_set_depth(), X509_STORE_set_flags(), X509_STORE_set_purpose(), X509_STORE_set_trust(), X509_STORE_load_locations(), and X509_STORE_set_default_paths() return 1 on success or 0 on failure.

+ +

X509_STORE_add_lookup() returns the found or created X509_LOOKUP(3), or NULL on error.

+ +

SEE ALSO

+ +

X509_LOOKUP_hash_dir(3). X509_VERIFY_PARAM_set_depth(3). X509_STORE_new(3), X509_STORE_get0_param(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_get0_param.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_get0_param.html new file mode 100644 index 00000000..274a5b03 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_get0_param.html @@ -0,0 +1,71 @@ + + + + +X509_STORE_get0_param + + + + + + + + + + +

NAME

+ +

X509_STORE_get0_param, X509_STORE_set1_param, X509_STORE_get0_objects - X509_STORE setter and getter functions

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
+int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx);
+ +

DESCRIPTION

+ +

X509_STORE_set1_param() sets the verification parameters to pm for ctx.

+ +

X509_STORE_get0_param() retrieves an internal pointer to the verification parameters for ctx. The returned pointer must not be freed by the calling application

+ +

X509_STORE_get0_objects() retrieve an internal pointer to the store's X509 object cache. The cache contains X509 and X509_CRL objects. The returned pointer must not be freed by the calling application.

+ +

RETURN VALUES

+ +

X509_STORE_get0_param() returns a pointer to an X509_VERIFY_PARAM structure.

+ +

X509_STORE_set1_param() returns 1 for success and 0 for failure.

+ +

X509_STORE_get0_objects() returns a pointer to a stack of X509_OBJECT.

+ +

SEE ALSO

+ +

X509_STORE_new(3)

+ +

HISTORY

+ +

X509_STORE_get0_param and X509_STORE_get0_objects were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_new.html new file mode 100644 index 00000000..3c219a1f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_new.html @@ -0,0 +1,75 @@ + + + + +X509_STORE_new + + + + + + + + + + +

NAME

+ +

X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, X509_STORE_unlock - X509_STORE allocation, freeing and locking functions

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+X509_STORE *X509_STORE_new(void);
+void X509_STORE_free(X509_STORE *v);
+int X509_STORE_lock(X509_STORE *v);
+int X509_STORE_unlock(X509_STORE *v);
+int X509_STORE_up_ref(X509_STORE *v);
+ +

DESCRIPTION

+ +

The X509_STORE_new() function returns a new X509_STORE.

+ +

X509_STORE_up_ref() increments the reference count associated with the X509_STORE object.

+ +

X509_STORE_lock() locks the store from modification by other threads, X509_STORE_unlock() unlocks it.

+ +

X509_STORE_free() frees up a single X509_STORE object.

+ +

RETURN VALUES

+ +

X509_STORE_new() returns a newly created X509_STORE or NULL if the call fails.

+ +

X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() return 1 for success and 0 for failure.

+ +

X509_STORE_free() does not return values.

+ +

SEE ALSO

+ +

X509_STORE_set_verify_cb_func(3) X509_STORE_get0_param(3)

+ +

HISTORY

+ +

The X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_set_verify_cb_func.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_set_verify_cb_func.html new file mode 100644 index 00000000..bfab73c9 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_STORE_set_verify_cb_func.html @@ -0,0 +1,169 @@ + + + + +X509_STORE_set_verify_cb_func + + + + + + + + + + +

NAME

+ +

X509_STORE_set_lookup_crls_cb, X509_STORE_set_verify_func, X509_STORE_get_cleanup, X509_STORE_set_cleanup, X509_STORE_get_lookup_crls, X509_STORE_set_lookup_crls, X509_STORE_get_lookup_certs, X509_STORE_set_lookup_certs, X509_STORE_get_check_policy, X509_STORE_set_check_policy, X509_STORE_get_cert_crl, X509_STORE_set_cert_crl, X509_STORE_get_check_crl, X509_STORE_set_check_crl, X509_STORE_get_get_crl, X509_STORE_set_get_crl, X509_STORE_get_check_revocation, X509_STORE_set_check_revocation, X509_STORE_get_check_issued, X509_STORE_set_check_issued, X509_STORE_get_get_issuer, X509_STORE_set_get_issuer, X509_STORE_CTX_get_verify, X509_STORE_set_verify, X509_STORE_get_verify_cb, X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb, X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn, X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn - set verification callback

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
+                                            X509_STORE_CTX *ctx, X509 *x);
+typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
+                                              X509 *x, X509 *issuer);
+typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
+typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
+                                         X509_CRL **crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
+typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
+                                          X509_CRL *crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
+typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
+                                                          X509_NAME *nm);
+typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
+                                                             X509_NAME *nm);
+typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                              X509_STORE_CTX_verify_cb verify_cb);
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_get_issuer(X509_STORE *ctx,
+                               X509_STORE_CTX_get_issuer_fn get_issuer);
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_check_issued(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_issued_fn check_issued);
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_check_revocation(X509_STORE *ctx,
+                                     X509_STORE_CTX_check_revocation_fn check_revocation);
+X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_get_crl(X509_STORE *ctx,
+                            X509_STORE_CTX_get_crl_fn get_crl);
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_check_crl(X509_STORE *ctx,
+                              X509_STORE_CTX_check_crl_fn check_crl);
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_cert_crl(X509_STORE *ctx,
+                             X509_STORE_CTX_cert_crl_fn cert_crl);
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_check_policy(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_policy_fn check_policy);
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+                                 X509_STORE_CTX_lookup_certs_fn lookup_certs);
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+                                X509_STORE_CTX_lookup_crls_fn lookup_crls);
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx);
+
+void X509_STORE_set_cleanup(X509_STORE *ctx,
+                            X509_STORE_CTX_cleanup_fn cleanup);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx);
+
+/* Aliases */
+void X509_STORE_set_verify_cb_func(X509_STORE *st,
+                                   X509_STORE_CTX_verify_cb verify_cb);
+void X509_STORE_set_verify_func(X509_STORE *ctx,
+                                X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
+                                   X509_STORE_CTX_lookup_crls_fn lookup_crls);
+ +

DESCRIPTION

+ +

X509_STORE_set_verify_cb() sets the verification callback of ctx to verify_cb overwriting the previous callback. The callback assigned with this function becomes a default for the one that can be assigned directly to the corresponding X509_STORE_CTX, please see X509_STORE_CTX_set_verify_cb(3) for further information.

+ +

X509_STORE_set_verify() sets the final chain verification function for ctx to verify. Its purpose is to go through the chain of certificates and check that all signatures are valid and that the current time is within the limits of each certificate's first and last validity time. The final chain verification functions must return 0 on failure and 1 on success. If no chain verification function is provided, the internal default function will be used instead.

+ +

X509_STORE_set_get_issuer() sets the function to get the issuer certificate that verifies the given certificate x. When found, the issuer certificate must be assigned to *issuer. This function must return 0 on failure and 1 on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_check_issued() sets the function to check that a given certificate x is issued with the issuer certificate issuer. This function must return 0 on failure (among others if x hasn't been issued with issuer) and 1 on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_check_revocation() sets the revocation checking function. Its purpose is to look through the final chain and check the revocation status for each certificate. It must return 0 on failure and 1 on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_get_crl() sets the function to get the crl for a given certificate x. When found, the crl must be assigned to *crl. This function must return 0 on failure and 1 on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_check_crl() sets the function to check the validity of the given crl. This function must return 0 on failure and 1 on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_cert_crl() sets the function to check the revocation status of the given certificate x against the given crl. This function must return 0 on failure and 1 on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_check_policy() sets the function to check the policies of all the certificates in the final chain.. This function must return 0 on failure and 1 on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the functions to look up all the certs or all the CRLs that match the given name nm. These functions return NULL on failure and a pointer to a stack of certificates (X509) or to a stack of CRLs (X509_CRL) on success. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_set_cleanup() sets the final cleanup function, which is called when the context (X509_STORE_CTX) is being torn down. This function doesn't return any value. If no function to get the issuer is provided, the internal default function will be used instead.

+ +

X509_STORE_get_verify_cb(), X509_STORE_CTX_get_verify(), X509_STORE_get_get_issuer(), X509_STORE_get_check_issued(), X509_STORE_get_check_revocation(), X509_STORE_get_get_crl(), X509_STORE_get_check_crl(), X509_STORE_set_verify(), X509_STORE_set_get_issuer(), X509_STORE_get_cert_crl(), X509_STORE_get_check_policy(), X509_STORE_get_lookup_certs(), X509_STORE_get_lookup_crls() and X509_STORE_get_cleanup() all return the function pointer assigned with X509_STORE_set_check_issued(), X509_STORE_set_check_revocation(), X509_STORE_set_get_crl(), X509_STORE_set_check_crl(), X509_STORE_set_cert_crl(), X509_STORE_set_check_policy(), X509_STORE_set_lookup_certs(), X509_STORE_set_lookup_crls() and X509_STORE_set_cleanup(), or NULL if no assignment has been made.

+ +

X509_STORE_set_verify_cb_func(), X509_STORE_set_verify_func() and X509_STORE_set_lookup_crls_cb() are aliases for X509_STORE_set_verify_cb(), X509_STORE_set_verify() and X509_STORE_set_lookup_crls, available as macros for backward compatibility.

+ +

NOTES

+ +

All the callbacks from a X509_STORE are inherited by the corresponding X509_STORE_CTX structure when it is initialized. See X509_STORE_CTX_set_verify_cb(3) for further details.

+ +

BUGS

+ +

The macro version of this function was the only one available before OpenSSL 1.0.0.

+ +

RETURN VALUES

+ +

The X509_STORE_set_*() functions do not return a value.

+ +

The X509_STORE_get_*() functions return a pointer of the appropriate function type.

+ +

SEE ALSO

+ +

X509_STORE_CTX_set_verify_cb(3), X509_STORE_CTX_get0_chain(3), X509_STORE_CTX_verify_cb(3), X509_STORE_CTX_verify_fn(3), CMS_verify(3)

+ +

HISTORY

+ +

The X509_STORE_set_verify_cb() function was added in OpenSSL 1.0.0.

+ +

The functions X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(), X509_STORE_set_verify(), X509_STORE_CTX_get_verify(), X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(), X509_STORE_set_check_issued(), X509_STORE_get_check_issued(), X509_STORE_set_check_revocation(), X509_STORE_get_check_revocation(), X509_STORE_set_get_crl(), X509_STORE_get_get_crl(), X509_STORE_set_check_crl(), X509_STORE_get_check_crl(), X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(), X509_STORE_set_check_policy(), X509_STORE_get_check_policy(), X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(), X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(), X509_STORE_set_cleanup() and X509_STORE_get_cleanup() were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_VERIFY_PARAM_set_flags.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_VERIFY_PARAM_set_flags.html new file mode 100644 index 00000000..7a465270 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_VERIFY_PARAM_set_flags.html @@ -0,0 +1,231 @@ + + + + +X509_VERIFY_PARAM_set_flags + + + + + + + + + + +

NAME

+ +

X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_get_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc - X509 verification parameters

+ +

SYNOPSIS

+ +
#include <openssl/x509_vfy.h>
+
+int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
+                                unsigned long flags);
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                  unsigned long flags);
+unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param,
+                                    uint32_t flags);
+uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
+
+void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                  ASN1_OBJECT *policy);
+int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
+                                    STACK_OF(ASN1_OBJECT) *policies);
+
+void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
+
+void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param,
+                                      int auth_level);
+int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen);
+int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen);
+void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+                                     unsigned int flags);
+unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param);
+char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
+                                 const char *email, size_t emaillen);
+int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
+                              const unsigned char *ip, size_t iplen);
+int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
+ +

DESCRIPTION

+ +

These functions manipulate the X509_VERIFY_PARAM structure associated with a certificate verification operation.

+ +

The X509_VERIFY_PARAM_set_flags() function sets the flags in param by oring it with flags. See the VERIFICATION FLAGS section for a complete description of values the flags parameter can take.

+ +

X509_VERIFY_PARAM_get_flags() returns the flags in param.

+ +

X509_VERIFY_PARAM_get_inh_flags() returns the inheritance flags in param which specifies how verification flags are copied from one structure to another. X509_VERIFY_PARAM_set_inh_flags() sets the inheritance flags. See the INHERITANCE FLAGS section for a description of these bits.

+ +

X509_VERIFY_PARAM_clear_flags() clears the flags flags in param.

+ +

X509_VERIFY_PARAM_set_purpose() sets the verification purpose in param to purpose. This determines the acceptable purpose of the certificate chain, for example SSL client or SSL server.

+ +

X509_VERIFY_PARAM_set_trust() sets the trust setting in param to trust.

+ +

X509_VERIFY_PARAM_set_time() sets the verification time in param to t. Normally the current time is used.

+ +

X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled by default) and adds policy to the acceptable policy set.

+ +

X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled by default) and sets the acceptable policy set to policies. Any existing policy set is cleared. The policies parameter can be NULL to clear an existing policy set.

+ +

X509_VERIFY_PARAM_set_depth() sets the maximum verification depth to depth. That is the maximum number of intermediate CA certificates that can appear in a chain. A maximal depth chain contains 2 more certificates than the limit, since neither the end-entity certificate nor the trust-anchor count against this limit. Thus a depth limit of 0 only allows the end-entity certificate to be signed directly by the trust-anchor, while with a depth limit of 1 there can be one intermediate CA certificate between the trust-anchor and the end-entity certificate.

+ +

X509_VERIFY_PARAM_set_auth_level() sets the authentication security level to auth_level. The authentication security level determines the acceptable signature and public key strength when verifying certificate chains. For a certificate chain to validate, the public keys of all the certificates must meet the specified security level. The signature algorithm security level is not enforced for the chain's trust anchor certificate, which is either directly trusted or validated by means other than its signature. See SSL_CTX_set_security_level(3) for the definitions of the available levels. The default security level is -1, or "not set". At security level 0 or lower all algorithms are acceptable. Security level 1 requires at least 80-bit-equivalent security and is broadly interoperable, though it will, for example, reject MD5 signatures or RSA keys shorter than 1024 bits.

+ +

X509_VERIFY_PARAM_set1_host() sets the expected DNS hostname to name clearing any previously specified host name or names. If name is NULL, or empty the list of hostnames is cleared, and name checks are not performed on the peer certificate. If name is NUL-terminated, namelen may be zero, otherwise namelen must be set to the length of name.

+ +

When a hostname is specified, certificate verification automatically invokes X509_check_host(3) with flags equal to the flags argument given to X509_VERIFY_PARAM_set_hostflags() (default zero). Applications are strongly advised to use this interface in preference to explicitly calling X509_check_host(3), hostname checks may be out of scope with the DANE-EE(3) certificate usage, and the internal check will be suppressed as appropriate when DANE verification is enabled.

+ +

When the subject CommonName will not be ignored, whether as a result of the X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT host flag, or because no DNS subject alternative names are present in the certificate, any DNS name constraints in issuer certificates apply to the subject CommonName as well as the subject alternative name extension.

+ +

When the subject CommonName will be ignored, whether as a result of the X509_CHECK_FLAG_NEVER_CHECK_SUBJECT host flag, or because some DNS subject alternative names are present in the certificate, DNS name constraints in issuer certificates will not be applied to the subject DN. As described in X509_check_host(3) the X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag takes precedence over the X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT flag.

+ +

X509_VERIFY_PARAM_get_hostflags() returns any host flags previously set via a call to X509_VERIFY_PARAM_set_hostflags().

+ +

X509_VERIFY_PARAM_add1_host() adds name as an additional reference identifier that can match the peer's certificate. Any previous names set via X509_VERIFY_PARAM_set1_host() or X509_VERIFY_PARAM_add1_host() are retained, no change is made if name is NULL or empty. When multiple names are configured, the peer is considered verified when any name matches.

+ +

X509_VERIFY_PARAM_get0_peername() returns the DNS hostname or subject CommonName from the peer certificate that matched one of the reference identifiers. When wildcard matching is not disabled, or when a reference identifier specifies a parent domain (starts with ".") rather than a hostname, the peer name may be a wildcard name or a sub-domain of the reference identifier respectively. The return string is allocated by the library and is no longer valid once the associated param argument is freed. Applications must not free the return value.

+ +

X509_VERIFY_PARAM_set1_email() sets the expected RFC822 email address to email. If email is NUL-terminated, emaillen may be zero, otherwise emaillen must be set to the length of email. When an email address is specified, certificate verification automatically invokes X509_check_email(3).

+ +

X509_VERIFY_PARAM_set1_ip() sets the expected IP address to ip. The ip argument is in binary format, in network byte-order and iplen must be set to 4 for IPv4 and 16 for IPv6. When an IP address is specified, certificate verification automatically invokes X509_check_ip(3).

+ +

X509_VERIFY_PARAM_set1_ip_asc() sets the expected IP address to ipasc. The ipasc argument is a NUL-terminal ASCII string: dotted decimal quad for IPv4 and colon-separated hexadecimal for IPv6. The condensed "::" notation is supported for IPv6 addresses.

+ +

RETURN VALUES

+ +

X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(), X509_VERIFY_PARAM_set_inh_flags(), X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(), X509_VERIFY_PARAM_add0_policy() X509_VERIFY_PARAM_set1_policies(), X509_VERIFY_PARAM_set1_host(), X509_VERIFY_PARAM_add1_host(), X509_VERIFY_PARAM_set1_email(), X509_VERIFY_PARAM_set1_ip() and X509_VERIFY_PARAM_set1_ip_asc() return 1 for success and 0 for failure.

+ +

X509_VERIFY_PARAM_get_flags() returns the current verification flags.

+ +

X509_VERIFY_PARAM_get_hostflags() returns any current host flags.

+ +

X509_VERIFY_PARAM_get_inh_flags() returns the current inheritance flags.

+ +

X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return values.

+ +

X509_VERIFY_PARAM_get_depth() returns the current verification depth.

+ +

X509_VERIFY_PARAM_get_auth_level() returns the current authentication security level.

+ +

VERIFICATION FLAGS

+ +

The verification flags consists of zero or more of the following flags ored together.

+ +

X509_V_FLAG_CRL_CHECK enables CRL checking for the certificate chain leaf certificate. An error occurs if a suitable CRL cannot be found.

+ +

X509_V_FLAG_CRL_CHECK_ALL enables CRL checking for the entire certificate chain.

+ +

X509_V_FLAG_IGNORE_CRITICAL disabled critical extension checking. By default any unhandled critical extensions in certificates or (if checked) CRLs results in a fatal error. If this flag is set unhandled critical extensions are ignored. WARNING setting this option for anything other than debugging purposes can be a security risk. Finer control over which extensions are supported can be performed in the verification callback.

+ +

The X509_V_FLAG_X509_STRICT flag disables workarounds for some broken certificates and makes the verification strictly apply X509 rules.

+ +

X509_V_FLAG_ALLOW_PROXY_CERTS enables proxy certificate verification.

+ +

X509_V_FLAG_POLICY_CHECK enables certificate policy checking, by default no policy checking is performed. Additional information is sent to the verification callback relating to policy checking.

+ +

X509_V_FLAG_EXPLICIT_POLICY, X509_V_FLAG_INHIBIT_ANY and X509_V_FLAG_INHIBIT_MAP set the require explicit policy, inhibit any policy and inhibit policy mapping flags respectively as defined in RFC3280. Policy checking is automatically enabled if any of these flags are set.

+ +

If X509_V_FLAG_NOTIFY_POLICY is set and the policy checking is successful a special status code is set to the verification callback. This permits it to examine the valid policy tree and perform additional checks or simply log it for debugging purposes.

+ +

By default some additional features such as indirect CRLs and CRLs signed by different keys are disabled. If X509_V_FLAG_EXTENDED_CRL_SUPPORT is set they are enabled.

+ +

If X509_V_FLAG_USE_DELTAS is set delta CRLs (if present) are used to determine certificate status. If not set deltas are ignored.

+ +

X509_V_FLAG_CHECK_SS_SIGNATURE enables checking of the root CA self signed certificate signature. By default this check is disabled because it doesn't add any additional security but in some cases applications might want to check the signature anyway. A side effect of not checking the root CA signature is that disabled or unsupported message digests on the root CA are not treated as fatal errors.

+ +

When X509_V_FLAG_TRUSTED_FIRST is set, construction of the certificate chain in X509_verify_cert(3) will search the trust store for issuer certificates before searching the provided untrusted certificates. Local issuer certificates are often more likely to satisfy local security requirements and lead to a locally trusted root. This is especially important when some certificates in the trust store have explicit trust settings (see "TRUST SETTINGS" in x509(1)). As of OpenSSL 1.1.0 this option is on by default.

+ +

The X509_V_FLAG_NO_ALT_CHAINS flag suppresses checking for alternative chains. By default, unless X509_V_FLAG_TRUSTED_FIRST is set, when building a certificate chain, if the first certificate chain found is not trusted, then OpenSSL will attempt to replace untrusted certificates supplied by the peer with certificates from the trust store to see if an alternative chain can be found that is trusted. As of OpenSSL 1.1.0, with X509_V_FLAG_TRUSTED_FIRST always set, this option has no effect.

+ +

The X509_V_FLAG_PARTIAL_CHAIN flag causes intermediate certificates in the trust store to be treated as trust-anchors, in the same way as the self-signed root CA certificates. This makes it possible to trust certificates issued by an intermediate CA without having to trust its ancestor root CA. With OpenSSL 1.1.0 and later and <X509_V_FLAG_PARTIAL_CHAIN> set, chain construction stops as soon as the first certificate from the trust store is added to the chain, whether that certificate is a self-signed "root" certificate or a not self-signed intermediate certificate. Thus, when an intermediate certificate is found in the trust store, the verified chain passed to callbacks may be shorter than it otherwise would be without the X509_V_FLAG_PARTIAL_CHAIN flag.

+ +

The X509_V_FLAG_NO_CHECK_TIME flag suppresses checking the validity period of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time() is used to specify a verification time, the check is not suppressed.

+ +

INHERITANCE FLAGS

+ +

These flags specify how parameters are "inherited" from one structure to another.

+ +

If X509_VP_FLAG_ONCE is set then the current setting is zeroed after the next call.

+ +

If X509_VP_FLAG_LOCKED is set then no values are copied. This overrides all of the following flags.

+ +

If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied to the destination. Effectively the values in "to" become default values which will be used only if nothing new is set in "from". This is the default.

+ +

If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether they are set or not. Flags is still Ored though.

+ +

If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead of ORed.

+ +

NOTES

+ +

The above functions should be used to manipulate verification parameters instead of functions which work in specific structures such as X509_STORE_CTX_set_flags() which are likely to be deprecated in a future release.

+ +

BUGS

+ +

Delta CRL checking is currently primitive. Only a single delta can be used and (partly due to limitations of X509_STORE) constructed CRLs are not maintained.

+ +

If CRLs checking is enable CRLs are expected to be available in the corresponding X509_STORE structure. No attempt is made to download CRLs from the CRL distribution points extension.

+ +

EXAMPLES

+ +

Enable CRL checking when performing certificate verification during SSL connections associated with an SSL_CTX structure ctx:

+ +
X509_VERIFY_PARAM *param;
+
+param = X509_VERIFY_PARAM_new();
+X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+SSL_CTX_set1_param(ctx, param);
+X509_VERIFY_PARAM_free(param);
+ +

SEE ALSO

+ +

X509_verify_cert(3), X509_check_host(3), X509_check_email(3), X509_check_ip(3), x509(1)

+ +

HISTORY

+ +

The X509_V_FLAG_NO_ALT_CHAINS flag was added in OpenSSL 1.1.0. The flag X509_V_FLAG_CB_ISSUER_CHECK was deprecated in OpenSSL 1.1.0 and has no effect.

+ +

The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.

+ +

COPYRIGHT

+ +

Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_check_ca.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_check_ca.html new file mode 100644 index 00000000..a80f9b83 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_check_ca.html @@ -0,0 +1,58 @@ + + + + +X509_check_ca + + + + + + + + + + +

NAME

+ +

X509_check_ca - check if given certificate is CA certificate

+ +

SYNOPSIS

+ +
#include <openssl/x509v3.h>
+
+int X509_check_ca(X509 *cert);
+ +

DESCRIPTION

+ +

This function checks if given certificate is CA certificate (can be used to sign other certificates).

+ +

RETURN VALUES

+ +

Function return 0, if it is not CA certificate, 1 if it is proper X509v3 CA certificate with basicConstraints extension CA:TRUE, 3, if it is self-signed X509 v1 certificate, 4, if it is certificate with keyUsage extension with bit keyCertSign set, but without basicConstraints, and 5 if it has outdated Netscape Certificate Type extension telling that it is CA certificate.

+ +

Actually, any non-zero value means that this certificate could have been used to sign other certificates.

+ +

SEE ALSO

+ +

X509_verify_cert(3), X509_check_issued(3), X509_check_purpose(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_check_host.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_check_host.html new file mode 100644 index 00000000..c5bbc1d5 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_check_host.html @@ -0,0 +1,128 @@ + + + + +X509_check_host + + + + + + + + + + +

NAME

+ +

X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 certificate matching

+ +

SYNOPSIS

+ +
#include <openssl/x509v3.h>
+
+int X509_check_host(X509 *, const char *name, size_t namelen,
+                    unsigned int flags, char **peername);
+int X509_check_email(X509 *, const char *address, size_t addresslen,
+                     unsigned int flags);
+int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen,
+                  unsigned int flags);
+int X509_check_ip_asc(X509 *, const char *address, unsigned int flags);
+ +

DESCRIPTION

+ +

The certificate matching functions are used to check whether a certificate matches a given host name, email address, or IP address. The validity of the certificate and its trust level has to be checked by other means.

+ +

X509_check_host() checks if the certificate Subject Alternative Name (SAN) or Subject CommonName (CN) matches the specified host name, which must be encoded in the preferred name syntax described in section 3.5 of RFC 1034. By default, wildcards are supported and they match only in the left-most label; but they may match part of that label with an explicit prefix or suffix. For example, by default, the host name "www.example.com" would match a certificate with a SAN or CN value of "*.example.com", "w*.example.com" or "*w.example.com".

+ +

Per section 6.4.2 of RFC 6125, name values representing international domain names must be given in A-label form. The namelen argument must be the number of characters in the name string or zero in which case the length is calculated with strlen(name). When name starts with a dot (e.g ".example.com"), it will be matched by a certificate valid for any sub-domain of name, (see also X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS below).

+ +

When the certificate is matched, and peername is not NULL, a pointer to a copy of the matching SAN or CN from the peer certificate is stored at the address passed in peername. The application is responsible for freeing the peername via OPENSSL_free() when it is no longer needed.

+ +

X509_check_email() checks if the certificate matches the specified email address. Only the mailbox syntax of RFC 822 is supported, comments are not allowed, and no attempt is made to normalize quoted characters. The addresslen argument must be the number of characters in the address string or zero in which case the length is calculated with strlen(address).

+ +

X509_check_ip() checks if the certificate matches a specified IPv4 or IPv6 address. The address array is in binary format, in network byte order. The length is either 4 (IPv4) or 16 (IPv6). Only explicitly marked addresses in the certificates are considered; IP addresses stored in DNS names and Common Names are ignored.

+ +

X509_check_ip_asc() is similar, except that the NUL-terminated string address is first converted to the internal representation.

+ +

The flags argument is usually 0. It can be the bitwise OR of the flags:

+ +
+ +
X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
+
+ +
+
X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
+
+ +
+
X509_CHECK_FLAG_NO_WILDCARDS,
+
+ +
+
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS,
+
+ +
+
X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS.
+
+ +
+
X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS.
+
+ +
+
+ +

The X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT flag causes the function to consider the subject DN even if the certificate contains at least one subject alternative name of the right type (DNS name or email address as appropriate); the default is to ignore the subject DN when at least one corresponding subject alternative names is present.

+ +

The X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag causes the function to never consider the subject DN even if the certificate contains no subject alternative names of the right type (DNS name or email address as appropriate); the default is to use the subject DN when no corresponding subject alternative names are present. If both X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT and X509_CHECK_FLAG_NEVER_CHECK_SUBJECT are specified, the latter takes precedence and the subject DN is not checked for matching names.

+ +

If set, X509_CHECK_FLAG_NO_WILDCARDS disables wildcard expansion; this only applies to X509_check_host.

+ +

If set, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS suppresses support for "*" as wildcard pattern in labels that have a prefix or suffix, such as: "www*" or "*www"; this only applies to X509_check_host.

+ +

If set, X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS allows a "*" that constitutes the complete label of a DNS name (e.g. "*.example.com") to match more than one label in name; this flag only applies to X509_check_host.

+ +

If set, X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS restricts name values which start with ".", that would otherwise match any sub-domain in the peer certificate, to only match direct child sub-domains. Thus, for instance, with this flag set a name of ".example.com" would match a peer certificate with a DNS name of "www.example.com", but would not match a peer certificate with a DNS name of "www.sub.example.com"; this flag only applies to X509_check_host.

+ +

RETURN VALUES

+ +

The functions return 1 for a successful match, 0 for a failed match and -1 for an internal error: typically a memory allocation failure or an ASN.1 decoding error.

+ +

All functions can also return -2 if the input is malformed. For example, X509_check_host() returns -2 if the provided name contains embedded NULs.

+ +

NOTES

+ +

Applications are encouraged to use X509_VERIFY_PARAM_set1_host() rather than explicitly calling X509_check_host(3). Host name checks may be out of scope with the DANE-EE(3) certificate usage, and the internal checks will be suppressed as appropriate when DANE support is enabled.

+ +

SEE ALSO

+ +

SSL_get_verify_result(3), X509_VERIFY_PARAM_set1_host(3), X509_VERIFY_PARAM_add1_host(3), X509_VERIFY_PARAM_set1_email(3), X509_VERIFY_PARAM_set1_ip(3), X509_VERIFY_PARAM_set1_ipasc(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.0.2.

+ +

COPYRIGHT

+ +

Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_check_issued.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_check_issued.html new file mode 100644 index 00000000..ba83e80a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_check_issued.html @@ -0,0 +1,56 @@ + + + + +X509_check_issued + + + + + + + + + + +

NAME

+ +

X509_check_issued - checks if certificate is issued by another certificate

+ +

SYNOPSIS

+ +
#include <openssl/x509v3.h>
+
+int X509_check_issued(X509 *issuer, X509 *subject);
+ +

DESCRIPTION

+ +

This function checks if certificate subject was issued using CA certificate issuer. This function takes into account not only matching of issuer field of subject with subject field of issuer, but also compares authorityKeyIdentifier extension of subject with subjectKeyIdentifier of issuer if authorityKeyIdentifier present in the subject certificate and checks keyUsage field of issuer.

+ +

RETURN VALUES

+ +

Function return X509_V_OK if certificate subject is issued by issuer or some X509_V_ERR* constant to indicate an error.

+ +

SEE ALSO

+ +

X509_verify_cert(3), X509_check_ca(3), verify(1)

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_check_private_key.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_check_private_key.html new file mode 100644 index 00000000..95140d65 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_check_private_key.html @@ -0,0 +1,67 @@ + + + + +X509_check_private_key + + + + + + + + + + +

NAME

+ +

X509_check_private_key, X509_REQ_check_private_key - check the consistency of a private key with the public key in an X509 certificate or certificate request

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_check_private_key(X509 *x, EVP_PKEY *k);
+
+int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k);
+ +

DESCRIPTION

+ +

X509_check_private_key() function checks the consistency of private key k with the public key in x.

+ +

X509_REQ_check_private_key() is equivalent to X509_check_private_key() except that x represents a certificate request of structure X509_REQ.

+ +

RETURN VALUES

+ +

X509_check_private_key() and X509_REQ_check_private_key() return 1 if the keys match each other, and 0 if not.

+ +

If the key is invalid or an error occurred, the reason code can be obtained using ERR_get_error(3).

+ +

BUGS

+ +

The check_private_key functions don't check if k itself is indeed a private key or not. It merely compares the public materials (e.g. exponent and modulus of an RSA key) and/or key parameters (e.g. EC params of an EC key) of a key pair. So if you pass a public key to these functions in k, it will return success.

+ +

SEE ALSO

+ +

ERR_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_check_purpose.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_check_purpose.html new file mode 100644 index 00000000..9d7c7a13 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_check_purpose.html @@ -0,0 +1,111 @@ + + + + +X509_check_purpose + + + + + + + + + + +

NAME

+ +

X509_check_purpose - Check the purpose of a certificate

+ +

SYNOPSIS

+ +
#include <openssl/x509v3.h>
+
+int X509_check_purpose(X509 *x, int id, int ca)
+ +

DESCRIPTION

+ +

This function checks if certificate x was created with the purpose represented by id. If ca is nonzero, then certificate x is checked to determine if it's a possible CA with various levels of certainty possibly returned.

+ +

Below are the potential ID's that can be checked:

+ +
# define X509_PURPOSE_SSL_CLIENT        1
+# define X509_PURPOSE_SSL_SERVER        2
+# define X509_PURPOSE_NS_SSL_SERVER     3
+# define X509_PURPOSE_SMIME_SIGN        4
+# define X509_PURPOSE_SMIME_ENCRYPT     5
+# define X509_PURPOSE_CRL_SIGN          6
+# define X509_PURPOSE_ANY               7
+# define X509_PURPOSE_OCSP_HELPER       8
+# define X509_PURPOSE_TIMESTAMP_SIGN    9
+ +

RETURN VALUES

+ +

For non-CA checks

+ +
+ +
-1 an error condition has occured
+
+ +
+
1 if the certificate was created to perform the purpose represented by id
+
+ +
+
0 if the certificate was not created to perform the purpose represented by id
+
+ +
+
+ +

For CA checks the below integers could be returned with the following meanings:

+ +
+ +
-1 an error condition has occured
+
+ +
+
0 not a CA or does not have the purpose represented by id
+
+ +
+
1 is a CA.
+
+ +
+
2 Only possible in old versions of openSSL when basicConstraints are absent. New versions will not return this value. May be a CA
+
+ +
+
3 basicConstraints absent but self signed V1.
+
+ +
+
4 basicConstraints absent but keyUsage present and keyCertSign asserted.
+
+ +
+
5 legacy Netscape specific CA Flags present
+
+ +
+
+ +

COPYRIGHT

+ +

Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_cmp.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_cmp.html new file mode 100644 index 00000000..5309374f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_cmp.html @@ -0,0 +1,81 @@ + + + + +X509_cmp + + + + + + + + + + +

NAME

+ +

X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp, X509_CRL_match - compare X509 certificates and related values

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_cmp(const X509 *a, const X509 *b);
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
+int X509_issuer_name_cmp(const X509 *a, const X509 *b);
+int X509_subject_name_cmp(const X509 *a, const X509 *b);
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
+ +

DESCRIPTION

+ +

This set of functions are used to compare X509 objects, including X509 certificates, X509 CRL objects and various values in an X509 certificate.

+ +

The X509_cmp() function compares two X509 objects indicated by parameters a and b. The comparison is based on the memcmp result of the hash values of two X509 objects and the canonical (DER) encoding values.

+ +

The X509_NAME_cmp() function compares two X509_NAME objects indicated by parameters a and b. The comparison is based on the memcmp result of the canonical (DER) encoding values of the two objects. i2d_X509_NAME(3) has a more detailed description of the DER encoding of the X509_NAME structure.

+ +

The X509_issuer_and_serial_cmp() function compares the serial number and issuer values in the given X509 objects a and b.

+ +

The X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() functions are effectively wrappers of the X509_NAME_cmp() function. These functions compare issuer names and subject names of the objects, or issuers of X509_CRL objects, respectively.

+ +

The X509_CRL_match() function compares two X509_CRL objects. Unlike the X509_CRL_cmp() function, this function compares the whole CRL content instead of just the issuer name.

+ +

RETURN VALUES

+ +

Like common memory comparison functions, the X509 comparison functions return an integer less than, equal to, or greater than zero if object a is found to be less than, to match, or be greater than object b, respectively.

+ +

X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() may return -2 to indicate an error.

+ +

NOTES

+ +

These functions in fact utilize the underlying memcmp of the C library to do the comparison job. Data to be compared varies from DER encoding data, hash value or ASN1_STRING. The sign of the comparison can be used to order the objects but it does not have a special meaning in some cases.

+ +

X509_NAME_cmp() and wrappers utilize the value -2 to indicate errors in some circumstances, which could cause confusion for the applications.

+ +

SEE ALSO

+ +

i2d_X509_NAME(3), i2d_X509(3)

+ +

COPYRIGHT

+ +

Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_cmp_time.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_cmp_time.html new file mode 100644 index 00000000..7942eac8 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_cmp_time.html @@ -0,0 +1,68 @@ + + + + +X509_cmp_time + + + + + + + + + + +

NAME

+ +

X509_cmp_time, X509_cmp_current_time, X509_time_adj, X509_time_adj_ex - X509 time functions

+ +

SYNOPSIS

+ +
int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm);
+int X509_cmp_current_time(const ASN1_TIME *asn1_time);
+ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm);
+ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long
+                            offset_sec, time_t *in_tm);
+ +

DESCRIPTION

+ +

X509_cmp_time() compares the ASN1_TIME in asn1_time with the time in <cmp_time>. X509_cmp_current_time() compares the ASN1_TIME in asn1_time with the current time, expressed as time_t. asn1_time must satisfy the ASN1_TIME format mandated by RFC 5280, i.e., its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ.

+ +

X509_time_adj_ex() sets the ASN1_TIME structure asn1_time to the time offset_day and offset_sec after in_tm.

+ +

X509_time_adj() sets the ASN1_TIME structure asn1_time to the time offset_sec after in_tm. This method can only handle second offsets up to the capacity of long, so the newer X509_time_adj_ex() API should be preferred.

+ +

In both methods, if asn1_time is NULL, a new ASN1_TIME structure is allocated and returned.

+ +

In all methods, if in_tm is NULL, the current time, expressed as time_t, is used.

+ +

BUGS

+ +

Unlike many standard comparison functions, X509_cmp_time() and X509_cmp_current_time() return 0 on error.

+ +

RETURN VALUES

+ +

X509_cmp_time() and X509_cmp_current_time() return -1 if asn1_time is earlier than, or equal to, cmp_time (resp. current time), and 1 otherwise. These methods return 0 on error.

+ +

X509_time_adj() and X509_time_adj_ex() return a pointer to the updated ASN1_TIME structure, and NULL on error.

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_digest.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_digest.html new file mode 100644 index 00000000..8db63963 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_digest.html @@ -0,0 +1,77 @@ + + + + +X509_digest + + + + + + + + + + +

NAME

+ +

X509_digest, X509_CRL_digest, X509_pubkey_digest, X509_NAME_digest, X509_REQ_digest, PKCS7_ISSUER_AND_SERIAL_digest - get digest of various objects

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+                unsigned int *len);
+
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
+                    unsigned int *len);
+
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+                       unsigned char *md, unsigned int *len);
+
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len);
+
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+                     unsigned char *md, unsigned int *len);
+
+#include <openssl/pkcs7.h>
+
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+                                   const EVP_MD *type, unsigned char *md,
+                                   unsigned int *len);
+ +

DESCRIPTION

+ +

X509_pubkey_digest() returns a digest of the DER representation of the public key in the specified X509 data object. All other functions described here return a digest of the DER representation of their entire data objects.

+ +

The type parameter specifies the digest to be used, such as EVP_sha1(). The md is a pointer to the buffer where the digest will be copied and is assumed to be large enough; the constant EVP_MAX_MD_SIZE is suggested. The len parameter, if not NULL, points to a place where the digest size will be stored.

+ +

RETURN VALUES

+ +

All functions described here return 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

EVP_sha1(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_dup.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_dup.html new file mode 100644 index 00000000..1e36efc0 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_dup.html @@ -0,0 +1,76 @@ + + + + +X509_dup + + + + + + + + + + +

NAME

+ +

DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS, ASN1_ITEM, ACCESS_DESCRIPTION_free, ACCESS_DESCRIPTION_new, ADMISSIONS_free, ADMISSIONS_new, ADMISSION_SYNTAX_free, ADMISSION_SYNTAX_new, ASIdOrRange_free, ASIdOrRange_new, ASIdentifierChoice_free, ASIdentifierChoice_new, ASIdentifiers_free, ASIdentifiers_new, ASRange_free, ASRange_new, AUTHORITY_INFO_ACCESS_free, AUTHORITY_INFO_ACCESS_new, AUTHORITY_KEYID_free, AUTHORITY_KEYID_new, BASIC_CONSTRAINTS_free, BASIC_CONSTRAINTS_new, CERTIFICATEPOLICIES_free, CERTIFICATEPOLICIES_new, CMS_ContentInfo_free, CMS_ContentInfo_new, CMS_ContentInfo_print_ctx, CMS_ReceiptRequest_free, CMS_ReceiptRequest_new, CRL_DIST_POINTS_free, CRL_DIST_POINTS_new, DIRECTORYSTRING_free, DIRECTORYSTRING_new, DISPLAYTEXT_free, DISPLAYTEXT_new, DIST_POINT_NAME_free, DIST_POINT_NAME_new, DIST_POINT_free, DIST_POINT_new, DSAparams_dup, ECPARAMETERS_free, ECPARAMETERS_new, ECPKPARAMETERS_free, ECPKPARAMETERS_new, EDIPARTYNAME_free, EDIPARTYNAME_new, ESS_CERT_ID_dup, ESS_CERT_ID_free, ESS_CERT_ID_new, ESS_ISSUER_SERIAL_dup, ESS_ISSUER_SERIAL_free, ESS_ISSUER_SERIAL_new, ESS_SIGNING_CERT_dup, ESS_SIGNING_CERT_free, ESS_SIGNING_CERT_new, EXTENDED_KEY_USAGE_free, EXTENDED_KEY_USAGE_new, GENERAL_NAMES_free, GENERAL_NAMES_new, GENERAL_NAME_dup, GENERAL_NAME_free, GENERAL_NAME_new, GENERAL_SUBTREE_free, GENERAL_SUBTREE_new, IPAddressChoice_free, IPAddressChoice_new, IPAddressFamily_free, IPAddressFamily_new, IPAddressOrRange_free, IPAddressOrRange_new, IPAddressRange_free, IPAddressRange_new, ISSUING_DIST_POINT_free, ISSUING_DIST_POINT_new, NAME_CONSTRAINTS_free, NAME_CONSTRAINTS_new, NAMING_AUTHORITY_free, NAMING_AUTHORITY_new, NETSCAPE_CERT_SEQUENCE_free, NETSCAPE_CERT_SEQUENCE_new, NETSCAPE_SPKAC_free, NETSCAPE_SPKAC_new, NETSCAPE_SPKI_free, NETSCAPE_SPKI_new, NOTICEREF_free, NOTICEREF_new, OCSP_BASICRESP_free, OCSP_BASICRESP_new, OCSP_CERTID_dup, OCSP_CERTID_new, OCSP_CERTSTATUS_free, OCSP_CERTSTATUS_new, OCSP_CRLID_free, OCSP_CRLID_new, OCSP_ONEREQ_free, OCSP_ONEREQ_new, OCSP_REQINFO_free, OCSP_REQINFO_new, OCSP_RESPBYTES_free, OCSP_RESPBYTES_new, OCSP_RESPDATA_free, OCSP_RESPDATA_new, OCSP_RESPID_free, OCSP_RESPID_new, OCSP_RESPONSE_new, OCSP_REVOKEDINFO_free, OCSP_REVOKEDINFO_new, OCSP_SERVICELOC_free, OCSP_SERVICELOC_new, OCSP_SIGNATURE_free, OCSP_SIGNATURE_new, OCSP_SINGLERESP_free, OCSP_SINGLERESP_new, OTHERNAME_free, OTHERNAME_new, PBE2PARAM_free, PBE2PARAM_new, PBEPARAM_free, PBEPARAM_new, PBKDF2PARAM_free, PBKDF2PARAM_new, PKCS12_BAGS_free, PKCS12_BAGS_new, PKCS12_MAC_DATA_free, PKCS12_MAC_DATA_new, PKCS12_SAFEBAG_free, PKCS12_SAFEBAG_new, PKCS12_free, PKCS12_new, PKCS7_DIGEST_free, PKCS7_DIGEST_new, PKCS7_ENCRYPT_free, PKCS7_ENCRYPT_new, PKCS7_ENC_CONTENT_free, PKCS7_ENC_CONTENT_new, PKCS7_ENVELOPE_free, PKCS7_ENVELOPE_new, PKCS7_ISSUER_AND_SERIAL_free, PKCS7_ISSUER_AND_SERIAL_new, PKCS7_RECIP_INFO_free, PKCS7_RECIP_INFO_new, PKCS7_SIGNED_free, PKCS7_SIGNED_new, PKCS7_SIGNER_INFO_free, PKCS7_SIGNER_INFO_new, PKCS7_SIGN_ENVELOPE_free, PKCS7_SIGN_ENVELOPE_new, PKCS7_dup, PKCS7_free, PKCS7_new, PKCS7_print_ctx, PKCS8_PRIV_KEY_INFO_free, PKCS8_PRIV_KEY_INFO_new, PKEY_USAGE_PERIOD_free, PKEY_USAGE_PERIOD_new, POLICYINFO_free, POLICYINFO_new, POLICYQUALINFO_free, POLICYQUALINFO_new, POLICY_CONSTRAINTS_free, POLICY_CONSTRAINTS_new, POLICY_MAPPING_free, POLICY_MAPPING_new, PROFESSION_INFO_free, PROFESSION_INFO_new, PROFESSION_INFOS_free, PROFESSION_INFOS_new, PROXY_CERT_INFO_EXTENSION_free, PROXY_CERT_INFO_EXTENSION_new, PROXY_POLICY_free, PROXY_POLICY_new, RSAPrivateKey_dup, RSAPublicKey_dup, RSA_OAEP_PARAMS_free, RSA_OAEP_PARAMS_new, RSA_PSS_PARAMS_free, RSA_PSS_PARAMS_new, SCRYPT_PARAMS_free, SCRYPT_PARAMS_new, SXNETID_free, SXNETID_new, SXNET_free, SXNET_new, TLS_FEATURE_free, TLS_FEATURE_new, TS_ACCURACY_dup, TS_ACCURACY_free, TS_ACCURACY_new, TS_MSG_IMPRINT_dup, TS_MSG_IMPRINT_free, TS_MSG_IMPRINT_new, TS_REQ_dup, TS_REQ_free, TS_REQ_new, TS_RESP_dup, TS_RESP_free, TS_RESP_new, TS_STATUS_INFO_dup, TS_STATUS_INFO_free, TS_STATUS_INFO_new, TS_TST_INFO_dup, TS_TST_INFO_free, TS_TST_INFO_new, USERNOTICE_free, USERNOTICE_new, X509_ALGOR_free, X509_ALGOR_new, X509_ATTRIBUTE_dup, X509_ATTRIBUTE_free, X509_ATTRIBUTE_new, X509_CERT_AUX_free, X509_CERT_AUX_new, X509_CINF_free, X509_CINF_new, X509_CRL_INFO_free, X509_CRL_INFO_new, X509_CRL_dup, X509_CRL_free, X509_CRL_new, X509_EXTENSION_dup, X509_EXTENSION_free, X509_EXTENSION_new, X509_NAME_ENTRY_dup, X509_NAME_ENTRY_free, X509_NAME_ENTRY_new, X509_NAME_dup, X509_NAME_free, X509_NAME_new, X509_REQ_INFO_free, X509_REQ_INFO_new, X509_REQ_dup, X509_REQ_free, X509_REQ_new, X509_REVOKED_dup, X509_REVOKED_free, X509_REVOKED_new, X509_SIG_free, X509_SIG_new, X509_VAL_free, X509_VAL_new, X509_dup, - ASN1 object utilities

+ +

SYNOPSIS

+ +
#include <openssl/asn1t.h>
+
+DECLARE_ASN1_FUNCTIONS(type)
+IMPLEMENT_ASN1_FUNCTIONS(stname)
+
+typedef struct ASN1_ITEM_st ASN1_ITEM;
+
+extern const ASN1_ITEM TYPE_it;
+TYPE *TYPE_new(void);
+TYPE *TYPE_dup(TYPE *a);
+void TYPE_free(TYPE *a);
+int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx);
+ +

DESCRIPTION

+ +

In the description below, TYPE is used as a placeholder for any of the OpenSSL datatypes, such as X509.

+ +

The OpenSSL ASN1 parsing library templates are like a data-driven bytecode interpreter. Every ASN1 object as a global variable, TYPE_it, that describes the item such as its fields. (On systems which cannot export variables from shared libraries, the global is instead a function which returns a pointer to a static variable.

+ +

The macro DECLARE_ASN1_FUNCTIONS() is typically used in header files to generate the function declarations.

+ +

The macro IMPLEMENT_ASN1_FUNCTIONS() is used once in a source file to generate the function bodies.

+ +

TYPE_new() allocates an empty object of the indicated type. The object returned must be released by calling TYPE_free().

+ +

TYPE_dup() copies an existing object.

+ +

TYPE_free() releases the object and all pointers and sub-objects within it.

+ +

TYPE_print_ctx() prints the object a on the specified BIO out. Each line will be prefixed with indent spaces. The pctx specifies the printing context and is for internal use; use NULL to get the default behavior. If a print function is user-defined, then pass in any pctx down to any nested calls.

+ +

RETURN VALUES

+ +

TYPE_new() and TYPE_dup() return a pointer to the object or NULL on failure.

+ +

TYPE_print_ctx() returns 1 on success or zero on failure.

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get0_notBefore.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get0_notBefore.html new file mode 100644 index 00000000..3ba34ba8 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get0_notBefore.html @@ -0,0 +1,88 @@ + + + + +X509_get0_notBefore + + + + + + + + + + +

NAME

+ +

X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter, X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, X509_CRL_set1_nextUpdate - get or set certificate or CRL dates

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+const ASN1_TIME *X509_get0_notBefore(const X509 *x);
+const ASN1_TIME *X509_get0_notAfter(const X509 *x);
+
+ASN1_TIME *X509_getm_notBefore(const X509 *x);
+ASN1_TIME *X509_getm_notAfter(const X509 *x);
+
+int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
+int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
+
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
+
+int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
+ +

DESCRIPTION

+ +

X509_get0_notBefore() and X509_get0_notAfter() return the notBefore and notAfter fields of certificate x respectively. The value returned is an internal pointer which must not be freed up after the call.

+ +

X509_getm_notBefore() and X509_getm_notAfter() are similar to X509_get0_notBefore() and X509_get0_notAfter() except they return non-constant mutable references to the associated date field of the certificate.

+ +

X509_set1_notBefore() and X509_set1_notAfter() set the notBefore and notAfter fields of x to tm. Ownership of the passed parameter tm is not transferred by these functions so it must be freed up after the call.

+ +

X509_CRL_get0_lastUpdate() and X509_CRL_get0_nextUpdate() return the lastUpdate and nextUpdate fields of crl. The value returned is an internal pointer which must not be freed up after the call. If the nextUpdate field is absent from crl then NULL is returned.

+ +

X509_CRL_set1_lastUpdate() and X509_CRL_set1_nextUpdate() set the lastUpdate and nextUpdate fields of crl to tm. Ownership of the passed parameter tm is not transferred by these functions so it must be freed up after the call.

+ +

RETURN VALUES

+ +

X509_get0_notBefore(), X509_get0_notAfter() and X509_CRL_get0_lastUpdate() return a pointer to an ASN1_TIME structure.

+ +

X509_CRL_get0_lastUpdate() return a pointer to an ASN1_TIME structure or NULL if the lastUpdate field is absent.

+ +

X509_set1_notBefore(), X509_set1_notAfter(), X509_CRL_set1_lastUpdate() and X509_CRL_set1_nextUpdate() return 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

HISTORY

+ +

These functions are available in all versions of OpenSSL.

+ +

X509_get_notBefore() and X509_get_notAfter() were deprecated in OpenSSL 1.1.0

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get0_signature.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get0_signature.html new file mode 100644 index 00000000..23da8c9b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get0_signature.html @@ -0,0 +1,106 @@ + + + + +X509_get0_signature + + + + + + + + + + +

NAME

+ +

X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set - signature information

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+void X509_get0_signature(const ASN1_BIT_STRING **psig,
+                         const X509_ALGOR **palg,
+                         const X509 *x);
+int X509_get_signature_nid(const X509 *x);
+const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
+
+void X509_REQ_get0_signature(const X509_REQ *crl,
+                             const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg);
+int X509_REQ_get_signature_nid(const X509_REQ *crl);
+
+void X509_CRL_get0_signature(const X509_CRL *crl,
+                             const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg);
+int X509_CRL_get_signature_nid(const X509_CRL *crl);
+
+int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+                            uint32_t *flags);
+
+int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+                     int *secbits, uint32_t *flags);
+void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+                       int secbits, uint32_t flags);
+ +

DESCRIPTION

+ +

X509_get0_signature() sets *psig to the signature of x and *palg to the signature algorithm of x. The values returned are internal pointers which MUST NOT be freed up after the call.

+ +

X509_get0_tbs_sigalg() returns the signature algorithm in the signed portion of x.

+ +

X509_get_signature_nid() returns the NID corresponding to the signature algorithm of x.

+ +

X509_REQ_get0_signature(), X509_REQ_get_signature_nid() X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the same function for certificate requests and CRLs.

+ +

X509_get_signature_info() retrieves information about the signature of certificate x. The NID of the signing digest is written to *mdnid, the public key algorithm to *pknid, the effective security bits to *secbits and flag details to *flags. Any of the parameters can be set to NULL if the information is not required.

+ +

X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information about a signature in an X509_SIG_INFO structure. They are only used by implementations of algorithms which need to set custom signature information: most applications will never need to call them.

+ +

NOTES

+ +

These functions provide lower level access to signatures in certificates where an application wishes to analyse or generate a signature in a form where X509_sign() et al is not appropriate (for example a non standard or unsupported format).

+ +

The security bits returned by X509_get_signature_info() refers to information available from the certificate signature (such as the signing digest). In some cases the actual security of the signature is less because the signing key is less secure: for example a certificate signed using SHA-512 and a 1024 bit RSA key.

+ +

RETURN VALUES

+ +

X509_get_signature_nid(), X509_REQ_get_signature_nid() and X509_CRL_get_signature_nid() return a NID.

+ +

X509_get0_signature(), X509_REQ_get0_signature() and X509_CRL_get0_signature() do not return values.

+ +

X509_get_signature_info() returns 1 if the signature information returned is valid or 0 if the information is not available (e.g. unknown algorithms or malformed parameters).

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

HISTORY

+ +

The X509_get0_signature() and X509_get_signature_nid() functions were added in OpenSSL 1.0.2.

+ +

The X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get0_uids.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get0_uids.html new file mode 100644 index 00000000..9b909932 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get0_uids.html @@ -0,0 +1,62 @@ + + + + +X509_get0_uids + + + + + + + + + + +

NAME

+ +

X509_get0_uids - get certificate unique identifiers

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+                    const ASN1_BIT_STRING **psuid);
+ +

DESCRIPTION

+ +

X509_get0_uids() sets *piuid and *psuid to the issuer and subject unique identifiers of certificate x or NULL if the fields are not present.

+ +

NOTES

+ +

The issuer and subject unique identifier fields are very rarely encountered in practice outside test cases.

+ +

RETURN VALUES

+ +

X509_get0_uids() does not return a value.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get_extension_flags.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get_extension_flags.html new file mode 100644 index 00000000..517df845 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get_extension_flags.html @@ -0,0 +1,184 @@ + + + + +X509_get_extension_flags + + + + + + + + + + +

NAME

+ +

X509_get0_subject_key_id, X509_get0_authority_key_id, X509_get0_authority_issuer, X509_get0_authority_serial, X509_get_pathlen, X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage, X509_set_proxy_flag, X509_set_proxy_pathlen, X509_get_proxy_pathlen - retrieve certificate extension data

+ +

SYNOPSIS

+ +
#include <openssl/x509v3.h>
+
+long X509_get_pathlen(X509 *x);
+uint32_t X509_get_extension_flags(X509 *x);
+uint32_t X509_get_key_usage(X509 *x);
+uint32_t X509_get_extended_key_usage(X509 *x);
+const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
+const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
+const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x);
+const ASN1_INTEGER *X509_get0_authority_serial(X509 *x);
+void X509_set_proxy_flag(X509 *x);
+void X509_set_proxy_pathlen(int l);
+long X509_get_proxy_pathlen(X509 *x);
+ +

DESCRIPTION

+ +

These functions retrieve information related to commonly used certificate extensions.

+ +

X509_get_pathlen() retrieves the path length extension from a certificate. This extension is used to limit the length of a cert chain that may be issued from that CA.

+ +

X509_get_extension_flags() retrieves general information about a certificate, it will return one or more of the following flags ored together.

+ +
+ +
EXFLAG_V1
+
+ +

The certificate is an obsolete version 1 certificate.

+ +
+
EXFLAG_BCONS
+
+ +

The certificate contains a basic constraints extension.

+ +
+
EXFLAG_CA
+
+ +

The certificate contains basic constraints and asserts the CA flag.

+ +
+
EXFLAG_PROXY
+
+ +

The certificate is a valid proxy certificate.

+ +
+
EXFLAG_SI
+
+ +

The certificate is self issued (that is subject and issuer names match).

+ +
+
EXFLAG_SS
+
+ +

The subject and issuer names match and extension values imply it is self signed.

+ +
+
EXFLAG_FRESHEST
+
+ +

The freshest CRL extension is present in the certificate.

+ +
+
EXFLAG_CRITICAL
+
+ +

The certificate contains an unhandled critical extension.

+ +
+
EXFLAG_INVALID
+
+ +

Some certificate extension values are invalid or inconsistent. The certificate should be rejected. This bit may also be raised after an out-of-memory error while processing the X509 object, so it may not be related to the processed ASN1 object itself.

+ +
+
EXFLAG_INVALID_POLICY
+
+ +

The NID_certificate_policies certificate extension is invalid or inconsistent. The certificate should be rejected. This bit may also be raised after an out-of-memory error while processing the X509 object, so it may not be related to the processed ASN1 object itself.

+ +
+
EXFLAG_KUSAGE
+
+ +

The certificate contains a key usage extension. The value can be retrieved using X509_get_key_usage().

+ +
+
EXFLAG_XKUSAGE
+
+ +

The certificate contains an extended key usage extension. The value can be retrieved using X509_get_extended_key_usage().

+ +
+
+ +

X509_get_key_usage() returns the value of the key usage extension. If key usage is present will return zero or more of the flags: KU_DIGITAL_SIGNATURE, KU_NON_REPUDIATION, KU_KEY_ENCIPHERMENT, KU_DATA_ENCIPHERMENT, KU_KEY_AGREEMENT, KU_KEY_CERT_SIGN, KU_CRL_SIGN, KU_ENCIPHER_ONLY or KU_DECIPHER_ONLY corresponding to individual key usage bits. If key usage is absent then UINT32_MAX is returned.

+ +

X509_get_extended_key_usage() returns the value of the extended key usage extension. If extended key usage is present it will return zero or more of the flags: XKU_SSL_SERVER, XKU_SSL_CLIENT, XKU_SMIME, XKU_CODE_SIGN XKU_OCSP_SIGN, XKU_TIMESTAMP, XKU_DVCS or XKU_ANYEKU. These correspond to the OIDs id-kp-serverAuth, id-kp-clientAuth, id-kp-emailProtection, id-kp-codeSigning, id-kp-OCSPSigning, id-kp-timeStamping, id-kp-dvcs and anyExtendedKeyUsage respectively. Additionally XKU_SGC is set if either Netscape or Microsoft SGC OIDs are present.

+ +

X509_get0_subject_key_id() returns an internal pointer to the subject key identifier of x as an ASN1_OCTET_STRING or NULL if the extension is not present or cannot be parsed.

+ +

X509_get0_authority_key_id() returns an internal pointer to the authority key identifier of x as an ASN1_OCTET_STRING or NULL if the extension is not present or cannot be parsed.

+ +

X509_get0_authority_issuer() returns an internal pointer to the authority certificate issuer of x as a stack of GENERAL_NAME structures or NULL if the extension is not present or cannot be parsed.

+ +

X509_get0_authority_serial() returns an internal pointer to the authority certificate serial number of x as an ASN1_INTEGER or NULL if the extension is not present or cannot be parsed.

+ +

X509_set_proxy_flag() marks the certificate with the EXFLAG_PROXY flag. This is for the users who need to mark non-RFC3820 proxy certificates as such, as OpenSSL only detects RFC3820 compliant ones.

+ +

X509_set_proxy_pathlen() sets the proxy certificate path length for the given certificate x. This is for the users who need to mark non-RFC3820 proxy certificates as such, as OpenSSL only detects RFC3820 compliant ones.

+ +

X509_get_proxy_pathlen() returns the proxy certificate path length for the given certificate x if it is a proxy certificate.

+ +

NOTES

+ +

The value of the flags correspond to extension values which are cached in the X509 structure. If the flags returned do not provide sufficient information an application should examine extension values directly for example using X509_get_ext_d2i().

+ +

If the key usage or extended key usage extension is absent then typically usage is unrestricted. For this reason X509_get_key_usage() and X509_get_extended_key_usage() return UINT32_MAX when the corresponding extension is absent. Applications can additionally check the return value of X509_get_extension_flags() and take appropriate action is an extension is absent.

+ +

If X509_get0_subject_key_id() returns NULL then the extension may be absent or malformed. Applications can determine the precise reason using X509_get_ext_d2i().

+ +

RETURN VALUES

+ +

X509_get_pathlen() returns the path length value, or -1 if the extension is not present.

+ +

X509_get_extension_flags(), X509_get_key_usage() and X509_get_extended_key_usage() return sets of flags corresponding to the certificate extension values.

+ +

X509_get0_subject_key_id() returns the subject key identifier as a pointer to an ASN1_OCTET_STRING structure or NULL if the extension is absent or an error occurred during parsing.

+ +

X509_get_proxy_pathlen() returns the path length value if the given certificate is a proxy one and has a path length set, and -1 otherwise.

+ +

SEE ALSO

+ +

X509_check_purpose(3)

+ +

HISTORY

+ +

X509_get_pathlen(), X509_set_proxy_flag(), X509_set_proxy_pathlen() and X509_get_proxy_pathlen() were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get_pubkey.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get_pubkey.html new file mode 100644 index 00000000..52f2ffed --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get_pubkey.html @@ -0,0 +1,77 @@ + + + + +X509_get_pubkey + + + + + + + + + + +

NAME

+ +

X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, X509_REQ_get_X509_PUBKEY - get or set certificate or certificate request public key

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+EVP_PKEY *X509_get_pubkey(X509 *x);
+EVP_PKEY *X509_get0_pubkey(const X509 *x);
+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+X509_PUBKEY *X509_get_X509_PUBKEY(X509 *x);
+
+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
+X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *x);
+ +

DESCRIPTION

+ +

X509_get_pubkey() attempts to decode the public key for certificate x. If successful it returns the public key as an EVP_PKEY pointer with its reference count incremented: this means the returned key must be freed up after use. X509_get0_pubkey() is similar except it does not increment the reference count of the returned EVP_PKEY so it must not be freed up after use.

+ +

X509_get_X509_PUBKEY() returns an internal pointer to the X509_PUBKEY structure which encodes the certificate of x. The returned value must not be freed up after use.

+ +

X509_set_pubkey() attempts to set the public key for certificate x to pkey. The key pkey should be freed up after use.

+ +

X509_REQ_get_pubkey(), X509_REQ_get0_pubkey(), X509_REQ_set_pubkey() and X509_REQ_get_X509_PUBKEY() are similar but operate on certificate request req.

+ +

NOTES

+ +

The first time a public key is decoded the EVP_PKEY structure is cached in the certificate or certificate request itself. Subsequent calls return the cached structure with its reference count incremented to improve performance.

+ +

RETURN VALUES

+ +

X509_get_pubkey(), X509_get0_pubkey(), X509_get_X509_PUBKEY(), X509_REQ_get_pubkey() and X509_REQ_get_X509_PUBKEY() return a public key or NULL if an error occurred.

+ +

X509_set_pubkey() and X509_REQ_set_pubkey() return 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get_serialNumber.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get_serialNumber.html new file mode 100644 index 00000000..3f139675 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get_serialNumber.html @@ -0,0 +1,69 @@ + + + + +X509_get_serialNumber + + + + + + + + + + +

NAME

+ +

X509_get_serialNumber, X509_get0_serialNumber, X509_set_serialNumber - get or set certificate serial number

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
+ +

DESCRIPTION

+ +

X509_get_serialNumber() returns the serial number of certificate x as an ASN1_INTEGER structure which can be examined or initialised. The value returned is an internal pointer which MUST NOT be freed up after the call.

+ +

X509_get0_serialNumber() is the same as X509_get_serialNumber() except it accepts a const parameter and returns a const result.

+ +

X509_set_serialNumber() sets the serial number of certificate x to serial. A copy of the serial number is used internally so serial should be freed up after use.

+ +

RETURN VALUES

+ +

X509_get_serialNumber() and X509_get0_serialNumber() return an ASN1_INTEGER structure.

+ +

X509_set_serialNumber() returns 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

HISTORY

+ +

The X509_get_serialNumber() and X509_set_serialNumber() functions are available in all versions of OpenSSL. The X509_get0_serialNumber() function was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get_subject_name.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get_subject_name.html new file mode 100644 index 00000000..a619eae4 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get_subject_name.html @@ -0,0 +1,81 @@ + + + + +X509_get_subject_name + + + + + + + + + + +

NAME

+ +

X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name, X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name, X509_CRL_get_issuer, X509_CRL_set_issuer_name - get and set issuer or subject names

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+X509_NAME *X509_get_subject_name(const X509 *x);
+int X509_set_subject_name(X509 *x, X509_NAME *name);
+
+X509_NAME *X509_get_issuer_name(const X509 *x);
+int X509_set_issuer_name(X509 *x, X509_NAME *name);
+
+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
+int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
+
+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+ +

DESCRIPTION

+ +

X509_get_subject_name() returns the subject name of certificate x. The returned value is an internal pointer which MUST NOT be freed.

+ +

X509_set_subject_name() sets the issuer name of certificate x to name. The name parameter is copied internally and should be freed up when it is no longer needed.

+ +

X509_get_issuer_name() and X509_set_issuer_name() are identical to X509_get_subject_name() and X509_set_subject_name() except the get and set the issuer name of x.

+ +

Similarly X509_REQ_get_subject_name(), X509_REQ_set_subject_name(), X509_CRL_get_issuer() and X509_CRL_set_issuer_name() get or set the subject or issuer names of certificate requests of CRLs respectively.

+ +

RETURN VALUES

+ +

X509_get_subject_name(), X509_get_issuer_name(), X509_REQ_get_subject_name() and X509_CRL_get_issuer() return an X509_NAME pointer.

+ +

X509_set_subject_name(), X509_set_issuer_name(), X509_REQ_set_subject_name() and X509_CRL_set_issuer_name() return 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), d2i_X509(3) X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

HISTORY

+ +

X509_REQ_get_subject_name() is a function in OpenSSL 1.1.0 and a macro in earlier versions.

+ +

X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was previously added in OpenSSL 1.0.0 as a macro.

+ +

COPYRIGHT

+ +

Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get_version.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get_version.html new file mode 100644 index 00000000..1114bc0d --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_get_version.html @@ -0,0 +1,79 @@ + + + + +X509_get_version + + + + + + + + + + +

NAME

+ +

X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, X509_CRL_get_version, X509_CRL_set_version - get or set certificate, certificate request or CRL version

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+long X509_get_version(const X509 *x);
+int X509_set_version(X509 *x, long version);
+
+long X509_REQ_get_version(const X509_REQ *req);
+int X509_REQ_set_version(X509_REQ *x, long version);
+
+long X509_CRL_get_version(const X509_CRL *crl);
+int X509_CRL_set_version(X509_CRL *x, long version);
+ +

DESCRIPTION

+ +

X509_get_version() returns the numerical value of the version field of certificate x. Note: this is defined by standards (X.509 et al) to be one less than the certificate version. So a version 3 certificate will return 2 and a version 1 certificate will return 0.

+ +

X509_set_version() sets the numerical value of the version field of certificate x to version.

+ +

Similarly X509_REQ_get_version(), X509_REQ_set_version(), X509_CRL_get_version() and X509_CRL_set_version() get and set the version number of certificate requests and CRLs.

+ +

NOTES

+ +

The version field of certificates, certificate requests and CRLs has a DEFAULT value of v1(0) meaning the field should be omitted for version 1. This is handled transparently by these functions.

+ +

RETURN VALUES

+ +

X509_get_version(), X509_REQ_get_version() and X509_CRL_get_version() return the numerical value of the version field.

+ +

X509_set_version(), X509_REQ_set_version() and X509_CRL_set_version() return 1 for success and 0 for failure.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

HISTORY

+ +

X509_get_version(), X509_REQ_get_version() and X509_CRL_get_version() are functions in OpenSSL 1.1.0, in previous versions they were macros.

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_new.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_new.html new file mode 100644 index 00000000..11e343ec --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_new.html @@ -0,0 +1,78 @@ + + + + +X509_new + + + + + + + + + + +

NAME

+ +

X509_chain_up_ref, X509_new, X509_free, X509_up_ref - X509 certificate ASN1 allocation functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+X509 *X509_new(void);
+void X509_free(X509 *a);
+int X509_up_ref(X509 *a);
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x);
+ +

DESCRIPTION

+ +

The X509 ASN1 allocation routines, allocate and free an X509 structure, which represents an X509 certificate.

+ +

X509_new() allocates and initializes a X509 structure with reference count 1.

+ +

X509_free() decrements the reference count of X509 structure a and frees it up if the reference count is zero. If a is NULL nothing is done.

+ +

X509_up_ref() increments the reference count of a.

+ +

X509_chain_up_ref() increases the reference count of all certificates in chain x and returns a copy of the stack.

+ +

NOTES

+ +

The function X509_up_ref() if useful if a certificate structure is being used by several different operations each of which will free it up after use: this avoids the need to duplicate the entire certificate structure.

+ +

The function X509_chain_up_ref() doesn't just up the reference count of each certificate it also returns a copy of the stack, using sk_X509_dup(), but it serves a similar purpose: the returned chain persists after the original has been freed.

+ +

RETURN VALUES

+ +

If the allocation fails, X509_new() returns NULL and sets an error code that can be obtained by ERR_get_error(3). Otherwise it returns a pointer to the newly allocated structure.

+ +

X509_up_ref() returns 1 for success and 0 for failure.

+ +

X509_chain_up_ref() returns a copy of the stack or NULL if an error occurred.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_sign.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_sign.html new file mode 100644 index 00000000..cd5353b6 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_sign.html @@ -0,0 +1,86 @@ + + + + +X509_sign + + + + + + + + + + +

NAME

+ +

X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx, X509_REQ_verify, X509_CRL_sign, X509_CRL_sign_ctx, X509_CRL_verify - sign or verify certificate, certificate request or CRL signature

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
+int X509_verify(X509 *a, EVP_PKEY *r);
+
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
+
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
+int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
+ +

DESCRIPTION

+ +

X509_sign() signs certificate x using private key pkey and message digest md and sets the signature in x. X509_sign_ctx() also signs certificate x but uses the parameters contained in digest context ctx.

+ +

X509_verify() verifies the signature of certificate x using public key pkey. Only the signature is checked: no other checks (such as certificate chain validity) are performed.

+ +

X509_REQ_sign(), X509_REQ_sign_ctx(), X509_REQ_verify(), X509_CRL_sign(), X509_CRL_sign_ctx() and X509_CRL_verify() sign and verify certificate requests and CRLs respectively.

+ +

NOTES

+ +

X509_sign_ctx() is used where the default parameters for the corresponding public key and digest are not suitable. It can be used to sign keys using RSA-PSS for example.

+ +

For efficiency reasons and to work around ASN.1 encoding issues the encoding of the signed portion of a certificate, certificate request and CRL is cached internally. If the signed portion of the structure is modified the encoding is not always updated meaning a stale version is sometimes used. This is not normally a problem because modifying the signed portion will invalidate the signature and signing will always update the encoding.

+ +

RETURN VALUES

+ +

X509_sign(), X509_sign_ctx(), X509_REQ_sign(), X509_REQ_sign_ctx(), X509_CRL_sign() and X509_CRL_sign_ctx() return the size of the signature in bytes for success and zero for failure.

+ +

X509_verify(), X509_REQ_verify() and X509_CRL_verify() return 1 if the signature is valid and 0 if the signature check fails. If the signature could not be checked at all because it was invalid or some other error occurred then -1 is returned.

+ +

SEE ALSO

+ +

d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

HISTORY

+ +

The X509_sign(), X509_REQ_sign() and X509_CRL_sign() functions are available in all versions of OpenSSL.

+ +

The X509_sign_ctx(), X509_REQ_sign_ctx() and X509_CRL_sign_ctx() functions were added OpenSSL 1.0.1.

+ +

COPYRIGHT

+ +

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_verify_cert.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_verify_cert.html new file mode 100644 index 00000000..8c993049 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509_verify_cert.html @@ -0,0 +1,70 @@ + + + + +X509_verify_cert + + + + + + + + + + +

NAME

+ +

X509_verify_cert - discover and verify X509 certificate chain

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509_verify_cert(X509_STORE_CTX *ctx);
+ +

DESCRIPTION

+ +

The X509_verify_cert() function attempts to discover and validate a certificate chain based on parameters in ctx. A complete description of the process is contained in the verify(1) manual page.

+ +

RETURN VALUES

+ +

If a complete chain can be built and validated this function returns 1, otherwise it return zero, in exceptional circumstances it can also return a negative code.

+ +

If the function fails additional error information can be obtained by examining ctx using, for example X509_STORE_CTX_get_error().

+ +

NOTES

+ +

Applications rarely call this function directly but it is used by OpenSSL internally for certificate validation, in both the S/MIME and SSL/TLS code.

+ +

A negative return value from X509_verify_cert() can occur if it is invoked incorrectly, such as with no certificate set in ctx, or when it is called twice in succession without reinitialising ctx for the second call. A negative return value can also happen due to internal resource problems or if a retry operation is requested during internal lookups (which never happens with standard lookup methods). Applications must check for <= 0 return value on error.

+ +

BUGS

+ +

This function uses the header x509.h as opposed to most chain verification functions which use x509_vfy.h.

+ +

SEE ALSO

+ +

X509_STORE_CTX_get_error(3)

+ +

COPYRIGHT

+ +

Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/X509v3_get_ext_by_NID.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509v3_get_ext_by_NID.html new file mode 100644 index 00000000..67599aba --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/X509v3_get_ext_by_NID.html @@ -0,0 +1,123 @@ + + + + +X509v3_get_ext_by_NID + + + + + + + + + + +

NAME

+ +

X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext, X509v3_add_ext, X509_get_ext_count, X509_get_ext, X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical, X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext, X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical, X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count, X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ, X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext, X509_REVOKED_add_ext - extension stack utility functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
+
+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
+                          int nid, int lastpos);
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
+                          const ASN1_OBJECT *obj, int lastpos);
+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
+                               int crit, int lastpos);
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+                                         X509_EXTENSION *ex, int loc);
+
+int X509_get_ext_count(const X509 *x);
+X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
+int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
+int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos);
+int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+
+int X509_CRL_get_ext_count(const X509_CRL *x);
+X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
+int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
+int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos);
+int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+
+int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
+X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
+int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
+int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
+                                int lastpos);
+int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos);
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
+ +

DESCRIPTION

+ +

X509v3_get_ext_count() retrieves the number of extensions in x.

+ +

X509v3_get_ext() retrieves extension loc from x. The index loc can take any value from 0 to X509_get_ext_count(x) - 1. The returned extension is an internal pointer which must not be freed up by the application.

+ +

X509v3_get_ext_by_NID() and X509v3_get_ext_by_OBJ() look for an extension with nid or obj from extension stack x. The search starts from the extension after lastpos or from the beginning if <lastpos> is -1. If the extension is found its index is returned otherwise -1 is returned.

+ +

X509v3_get_ext_by_critical() is similar to X509v3_get_ext_by_NID() except it looks for an extension of criticality crit. A zero value for crit looks for a non-critical extension a non-zero value looks for a critical extension.

+ +

X509v3_delete_ext() deletes the extension with index loc from x. The deleted extension is returned and must be freed by the caller. If loc is in invalid index value NULL is returned.

+ +

X509v3_add_ext() adds extension ex to stack *x at position loc. If loc is -1 the new extension is added to the end. If *x is NULL a new stack will be allocated. The passed extension ex is duplicated internally so it must be freed after use.

+ +

X509_get_ext_count(), X509_get_ext(), X509_get_ext_by_NID(), X509_get_ext_by_OBJ(), X509_get_ext_by_critical(), X509_delete_ext() and X509_add_ext() operate on the extensions of certificate x they are otherwise identical to the X509v3 functions.

+ +

X509_CRL_get_ext_count(), X509_CRL_get_ext(), X509_CRL_get_ext_by_NID(), X509_CRL_get_ext_by_OBJ(), X509_CRL_get_ext_by_critical(), X509_CRL_delete_ext() and X509_CRL_add_ext() operate on the extensions of CRL x they are otherwise identical to the X509v3 functions.

+ +

X509_REVOKED_get_ext_count(), X509_REVOKED_get_ext(), X509_REVOKED_get_ext_by_NID(), X509_REVOKED_get_ext_by_OBJ(), X509_REVOKED_get_ext_by_critical(), X509_REVOKED_delete_ext() and X509_REVOKED_add_ext() operate on the extensions of CRL entry x they are otherwise identical to the X509v3 functions.

+ +

NOTES

+ +

These functions are used to examine stacks of extensions directly. Many applications will want to parse or encode and add an extension: they should use the extension encode and decode functions instead such as X509_add1_ext_i2d() and X509_get_ext_d2i().

+ +

Extension indices start from zero, so a zero index return value is not an error. These search functions start from the extension after the lastpos parameter so it should initially be set to -1, if it is set to zero the initial extension will not be checked.

+ +

RETURN VALUES

+ +

X509v3_get_ext_count() returns the extension count.

+ +

X509v3_get_ext(), X509v3_delete_ext() and X509_delete_ext() return an X509_EXTENSION pointer or NULL if an error occurs.

+ +

X509v3_get_ext_by_NID() X509v3_get_ext_by_OBJ() and X509v3_get_ext_by_critical() return the an extension index or -1 if an error occurs.

+ +

X509v3_add_ext() returns a stack of extensions or NULL on error.

+ +

X509_add_ext() returns 1 on success and 0 on error.

+ +

SEE ALSO

+ +

X509V3_get_d2i(3)

+ +

COPYRIGHT

+ +

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/d2i_DHparams.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/d2i_DHparams.html new file mode 100644 index 00000000..f221f44a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/d2i_DHparams.html @@ -0,0 +1,61 @@ + + + + +d2i_DHparams + + + + + + + + + + +

NAME

+ +

d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions

+ +

SYNOPSIS

+ +
#include <openssl/dh.h>
+
+DH *d2i_DHparams(DH **a, unsigned char **pp, long length);
+int i2d_DHparams(DH *a, unsigned char **pp);
+ +

DESCRIPTION

+ +

These functions decode and encode PKCS#3 DH parameters using the DHparameter structure described in PKCS#3.

+ +

Otherwise these behave in a similar way to d2i_X509() and i2d_X509() described in the d2i_X509(3) manual page.

+ +

RETURN VALUES

+ +

d2i_DHparams() returns a valid DH structure or NULL if an error occurred.

+ +

i2d_DHparams() returns the length of encoded data on success or a value which is less than or equal to 0 on error.

+ +

SEE ALSO

+ +

d2i_X509(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/d2i_PKCS8PrivateKey_bio.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/d2i_PKCS8PrivateKey_bio.html new file mode 100644 index 00000000..4de6d1b1 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/d2i_PKCS8PrivateKey_bio.html @@ -0,0 +1,86 @@ + + + + +d2i_PKCS8PrivateKey_bio + + + + + + + + + + +

NAME

+ +

d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private key functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                            char *kstr, int klen,
+                            pem_password_cb *cb, void *u);
+
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                           char *kstr, int klen,
+                           pem_password_cb *cb, void *u);
+
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+                                char *kstr, int klen,
+                                pem_password_cb *cb, void *u);
+
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+                               char *kstr, int klen,
+                               pem_password_cb *cb, void *u);
+ +

DESCRIPTION

+ +

The PKCS#8 functions encode and decode private keys in PKCS#8 format using both PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms.

+ +

Other than the use of DER as opposed to PEM these functions are identical to the corresponding PEM function as described in PEM_read_PrivateKey(3).

+ +

NOTES

+ +

These functions are currently the only way to store encrypted private keys using DER format.

+ +

Currently all the functions use BIOs or FILE pointers, there are no functions which work directly on memory: this can be readily worked around by converting the buffers to memory BIOs, see BIO_s_mem(3) for details.

+ +

These functions make no assumption regarding the pass phrase received from the password callback. It will simply be treated as a byte sequence.

+ +

RETURN VALUES

+ +

d2i_PKCS8PrivateKey_bio() and d2i_PKCS8PrivateKey_fp() return a valid EVP_PKEY structure or NULL if an error occurred.

+ +

i2d_PKCS8PrivateKey_bio(), i2d_PKCS8PrivateKey_fp(), i2d_PKCS8PrivateKey_nid_bio() and i2d_PKCS8PrivateKey_nid_fp() return 1 on success or 0 on error.

+ +

SEE ALSO

+ +

PEM_read_PrivateKey(3), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/d2i_PrivateKey.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/d2i_PrivateKey.html new file mode 100644 index 00000000..5ff925bb --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/d2i_PrivateKey.html @@ -0,0 +1,83 @@ + + + + +d2i_PrivateKey + + + + + + + + + + +

NAME

+ +

d2i_PrivateKey, d2i_PublicKey, d2i_AutoPrivateKey, i2d_PrivateKey, i2d_PublicKey, d2i_PrivateKey_bio, d2i_PrivateKey_fp - decode and encode functions for reading and saving EVP_PKEY structures

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                         long length);
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                        long length);
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+                             long length);
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
+
+EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
+EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
+ +

DESCRIPTION

+ +

d2i_PrivateKey() decodes a private key using algorithm type. It attempts to use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The type parameter should be a public key algorithm constant such as EVP_PKEY_RSA. An error occurs if the decoded key does not match type. d2i_PublicKey() does the same for public keys.

+ +

d2i_AutoPrivateKey() is similar to d2i_PrivateKey() except it attempts to automatically detect the private key format.

+ +

i2d_PrivateKey() encodes key. It uses a key specific format or, if none is defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format. i2d_PublicKey() does the same for public keys.

+ +

These functions are similar to the d2i_X509() functions; see d2i_X509(3).

+ +

NOTES

+ +

All these functions use DER format and unencrypted keys. Applications wishing to encrypt or decrypt private keys should use other functions such as d2i_PKCS8PrivateKey() instead.

+ +

If the *a is not NULL when calling d2i_PrivateKey() or d2i_AutoPrivateKey() (i.e. an existing structure is being reused) and the key format is PKCS#8 then *a will be freed and replaced on a successful call.

+ +

To decode a key with type EVP_PKEY_EC, d2i_PublicKey() requires *a to be a non-NULL EVP_PKEY structure assigned an EC_KEY structure referencing the proper EC_GROUP.

+ +

RETURN VALUES

+ +

The d2i_PrivateKey(), d2i_AutoPrivateKey(), d2i_PrivateKey_bio(), d2i_PrivateKey_fp(), and d2i_PublicKey() functions return a valid EVP_KEY structure or NULL if an error occurs. The error code can be obtained by calling ERR_get_error(3).

+ +

i2d_PrivateKey() and i2d_PublicKey() return the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by calling ERR_get_error(3).

+ +

SEE ALSO

+ +

crypto(7), d2i_PKCS8PrivateKey_bio(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/d2i_SSL_SESSION.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/d2i_SSL_SESSION.html new file mode 100644 index 00000000..8b2c7c1f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/d2i_SSL_SESSION.html @@ -0,0 +1,62 @@ + + + + +d2i_SSL_SESSION + + + + + + + + + + +

NAME

+ +

d2i_SSL_SESSION, i2d_SSL_SESSION - convert SSL_SESSION object from/to ASN1 representation

+ +

SYNOPSIS

+ +
#include <openssl/ssl.h>
+
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+                             long length);
+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
+ +

DESCRIPTION

+ +

These functions decode and encode an SSL_SESSION object. For encoding details see d2i_X509(3).

+ +

SSL_SESSION objects keep internal link information about the session cache list, when being inserted into one SSL_CTX object's session cache. One SSL_SESSION object, regardless of its reference count, must therefore only be used with one SSL_CTX object (and the SSL objects created from this SSL_CTX object).

+ +

RETURN VALUES

+ +

d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION object. In case of failure the NULL-pointer is returned and the error message can be retrieved from the error stack.

+ +

i2d_SSL_SESSION() returns the size of the ASN1 representation in bytes. When the session is not valid, 0 is returned and no operation is performed.

+ +

SEE ALSO

+ +

ssl(7), SSL_SESSION_free(3), SSL_CTX_sess_set_get_cb(3), d2i_X509(3)

+ +

COPYRIGHT

+ +

Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/d2i_X509.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/d2i_X509.html new file mode 100644 index 00000000..33454690 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/d2i_X509.html @@ -0,0 +1,239 @@ + + + + +d2i_X509 + + + + + + + + + + +

NAME

+ +

d2i_ACCESS_DESCRIPTION, d2i_ADMISSIONS, d2i_ADMISSION_SYNTAX, d2i_ASIdOrRange, d2i_ASIdentifierChoice, d2i_ASIdentifiers, d2i_ASN1_BIT_STRING, d2i_ASN1_BMPSTRING, d2i_ASN1_ENUMERATED, d2i_ASN1_GENERALIZEDTIME, d2i_ASN1_GENERALSTRING, d2i_ASN1_IA5STRING, d2i_ASN1_INTEGER, d2i_ASN1_NULL, d2i_ASN1_OBJECT, d2i_ASN1_OCTET_STRING, d2i_ASN1_PRINTABLE, d2i_ASN1_PRINTABLESTRING, d2i_ASN1_SEQUENCE_ANY, d2i_ASN1_SET_ANY, d2i_ASN1_T61STRING, d2i_ASN1_TIME, d2i_ASN1_TYPE, d2i_ASN1_UINTEGER, d2i_ASN1_UNIVERSALSTRING, d2i_ASN1_UTCTIME, d2i_ASN1_UTF8STRING, d2i_ASN1_VISIBLESTRING, d2i_ASRange, d2i_AUTHORITY_INFO_ACCESS, d2i_AUTHORITY_KEYID, d2i_BASIC_CONSTRAINTS, d2i_CERTIFICATEPOLICIES, d2i_CMS_ContentInfo, d2i_CMS_ReceiptRequest, d2i_CMS_bio, d2i_CRL_DIST_POINTS, d2i_DHxparams, d2i_DIRECTORYSTRING, d2i_DISPLAYTEXT, d2i_DIST_POINT, d2i_DIST_POINT_NAME, d2i_DSAPrivateKey, d2i_DSAPrivateKey_bio, d2i_DSAPrivateKey_fp, d2i_DSAPublicKey, d2i_DSA_PUBKEY, d2i_DSA_PUBKEY_bio, d2i_DSA_PUBKEY_fp, d2i_DSA_SIG, d2i_DSAparams, d2i_ECDSA_SIG, d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio, d2i_ECPrivateKey_fp, d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp, d2i_EDIPARTYNAME, d2i_ESS_CERT_ID, d2i_ESS_ISSUER_SERIAL, d2i_ESS_SIGNING_CERT, d2i_EXTENDED_KEY_USAGE, d2i_GENERAL_NAME, d2i_GENERAL_NAMES, d2i_IPAddressChoice, d2i_IPAddressFamily, d2i_IPAddressOrRange, d2i_IPAddressRange, d2i_ISSUING_DIST_POINT, d2i_NAMING_AUTHORITY, d2i_NETSCAPE_CERT_SEQUENCE, d2i_NETSCAPE_SPKAC, d2i_NETSCAPE_SPKI, d2i_NOTICEREF, d2i_OCSP_BASICRESP, d2i_OCSP_CERTID, d2i_OCSP_CERTSTATUS, d2i_OCSP_CRLID, d2i_OCSP_ONEREQ, d2i_OCSP_REQINFO, d2i_OCSP_REQUEST, d2i_OCSP_RESPBYTES, d2i_OCSP_RESPDATA, d2i_OCSP_RESPID, d2i_OCSP_RESPONSE, d2i_OCSP_REVOKEDINFO, d2i_OCSP_SERVICELOC, d2i_OCSP_SIGNATURE, d2i_OCSP_SINGLERESP, d2i_OTHERNAME, d2i_PBE2PARAM, d2i_PBEPARAM, d2i_PBKDF2PARAM, d2i_PKCS12, d2i_PKCS12_BAGS, d2i_PKCS12_MAC_DATA, d2i_PKCS12_SAFEBAG, d2i_PKCS12_bio, d2i_PKCS12_fp, d2i_PKCS7, d2i_PKCS7_DIGEST, d2i_PKCS7_ENCRYPT, d2i_PKCS7_ENC_CONTENT, d2i_PKCS7_ENVELOPE, d2i_PKCS7_ISSUER_AND_SERIAL, d2i_PKCS7_RECIP_INFO, d2i_PKCS7_SIGNED, d2i_PKCS7_SIGNER_INFO, d2i_PKCS7_SIGN_ENVELOPE, d2i_PKCS7_bio, d2i_PKCS7_fp, d2i_PKCS8_PRIV_KEY_INFO, d2i_PKCS8_PRIV_KEY_INFO_bio, d2i_PKCS8_PRIV_KEY_INFO_fp, d2i_PKCS8_bio, d2i_PKCS8_fp, d2i_PKEY_USAGE_PERIOD, d2i_POLICYINFO, d2i_POLICYQUALINFO, d2i_PROFESSION_INFO, d2i_PROXY_CERT_INFO_EXTENSION, d2i_PROXY_POLICY, d2i_RSAPrivateKey, d2i_RSAPrivateKey_bio, d2i_RSAPrivateKey_fp, d2i_RSAPublicKey, d2i_RSAPublicKey_bio, d2i_RSAPublicKey_fp, d2i_RSA_OAEP_PARAMS, d2i_RSA_PSS_PARAMS, d2i_RSA_PUBKEY, d2i_RSA_PUBKEY_bio, d2i_RSA_PUBKEY_fp, d2i_SCRYPT_PARAMS, d2i_SCT_LIST, d2i_SXNET, d2i_SXNETID, d2i_TS_ACCURACY, d2i_TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT_bio, d2i_TS_MSG_IMPRINT_fp, d2i_TS_REQ, d2i_TS_REQ_bio, d2i_TS_REQ_fp, d2i_TS_RESP, d2i_TS_RESP_bio, d2i_TS_RESP_fp, d2i_TS_STATUS_INFO, d2i_TS_TST_INFO, d2i_TS_TST_INFO_bio, d2i_TS_TST_INFO_fp, d2i_USERNOTICE, d2i_X509, d2i_X509_ALGOR, d2i_X509_ALGORS, d2i_X509_ATTRIBUTE, d2i_X509_CERT_AUX, d2i_X509_CINF, d2i_X509_CRL, d2i_X509_CRL_INFO, d2i_X509_CRL_bio, d2i_X509_CRL_fp, d2i_X509_EXTENSION, d2i_X509_EXTENSIONS, d2i_X509_NAME, d2i_X509_NAME_ENTRY, d2i_X509_PUBKEY, d2i_X509_REQ, d2i_X509_REQ_INFO, d2i_X509_REQ_bio, d2i_X509_REQ_fp, d2i_X509_REVOKED, d2i_X509_SIG, d2i_X509_VAL, i2d_ACCESS_DESCRIPTION, i2d_ADMISSIONS, i2d_ADMISSION_SYNTAX, i2d_ASIdOrRange, i2d_ASIdentifierChoice, i2d_ASIdentifiers, i2d_ASN1_BIT_STRING, i2d_ASN1_BMPSTRING, i2d_ASN1_ENUMERATED, i2d_ASN1_GENERALIZEDTIME, i2d_ASN1_GENERALSTRING, i2d_ASN1_IA5STRING, i2d_ASN1_INTEGER, i2d_ASN1_NULL, i2d_ASN1_OBJECT, i2d_ASN1_OCTET_STRING, i2d_ASN1_PRINTABLE, i2d_ASN1_PRINTABLESTRING, i2d_ASN1_SEQUENCE_ANY, i2d_ASN1_SET_ANY, i2d_ASN1_T61STRING, i2d_ASN1_TIME, i2d_ASN1_TYPE, i2d_ASN1_UNIVERSALSTRING, i2d_ASN1_UTCTIME, i2d_ASN1_UTF8STRING, i2d_ASN1_VISIBLESTRING, i2d_ASN1_bio_stream, i2d_ASRange, i2d_AUTHORITY_INFO_ACCESS, i2d_AUTHORITY_KEYID, i2d_BASIC_CONSTRAINTS, i2d_CERTIFICATEPOLICIES, i2d_CMS_ContentInfo, i2d_CMS_ReceiptRequest, i2d_CMS_bio, i2d_CRL_DIST_POINTS, i2d_DHxparams, i2d_DIRECTORYSTRING, i2d_DISPLAYTEXT, i2d_DIST_POINT, i2d_DIST_POINT_NAME, i2d_DSAPrivateKey, i2d_DSAPrivateKey_bio, i2d_DSAPrivateKey_fp, i2d_DSAPublicKey, i2d_DSA_PUBKEY, i2d_DSA_PUBKEY_bio, i2d_DSA_PUBKEY_fp, i2d_DSA_SIG, i2d_DSAparams, i2d_ECDSA_SIG, i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio, i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio, i2d_EC_PUBKEY_fp, i2d_EDIPARTYNAME, i2d_ESS_CERT_ID, i2d_ESS_ISSUER_SERIAL, i2d_ESS_SIGNING_CERT, i2d_EXTENDED_KEY_USAGE, i2d_GENERAL_NAME, i2d_GENERAL_NAMES, i2d_IPAddressChoice, i2d_IPAddressFamily, i2d_IPAddressOrRange, i2d_IPAddressRange, i2d_ISSUING_DIST_POINT, i2d_NAMING_AUTHORITY, i2d_NETSCAPE_CERT_SEQUENCE, i2d_NETSCAPE_SPKAC, i2d_NETSCAPE_SPKI, i2d_NOTICEREF, i2d_OCSP_BASICRESP, i2d_OCSP_CERTID, i2d_OCSP_CERTSTATUS, i2d_OCSP_CRLID, i2d_OCSP_ONEREQ, i2d_OCSP_REQINFO, i2d_OCSP_REQUEST, i2d_OCSP_RESPBYTES, i2d_OCSP_RESPDATA, i2d_OCSP_RESPID, i2d_OCSP_RESPONSE, i2d_OCSP_REVOKEDINFO, i2d_OCSP_SERVICELOC, i2d_OCSP_SIGNATURE, i2d_OCSP_SINGLERESP, i2d_OTHERNAME, i2d_PBE2PARAM, i2d_PBEPARAM, i2d_PBKDF2PARAM, i2d_PKCS12, i2d_PKCS12_BAGS, i2d_PKCS12_MAC_DATA, i2d_PKCS12_SAFEBAG, i2d_PKCS12_bio, i2d_PKCS12_fp, i2d_PKCS7, i2d_PKCS7_DIGEST, i2d_PKCS7_ENCRYPT, i2d_PKCS7_ENC_CONTENT, i2d_PKCS7_ENVELOPE, i2d_PKCS7_ISSUER_AND_SERIAL, i2d_PKCS7_NDEF, i2d_PKCS7_RECIP_INFO, i2d_PKCS7_SIGNED, i2d_PKCS7_SIGNER_INFO, i2d_PKCS7_SIGN_ENVELOPE, i2d_PKCS7_bio, i2d_PKCS7_fp, i2d_PKCS8PrivateKeyInfo_bio, i2d_PKCS8PrivateKeyInfo_fp, i2d_PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO_bio, i2d_PKCS8_PRIV_KEY_INFO_fp, i2d_PKCS8_bio, i2d_PKCS8_fp, i2d_PKEY_USAGE_PERIOD, i2d_POLICYINFO, i2d_POLICYQUALINFO, i2d_PROFESSION_INFO, i2d_PROXY_CERT_INFO_EXTENSION, i2d_PROXY_POLICY, i2d_RSAPrivateKey, i2d_RSAPrivateKey_bio, i2d_RSAPrivateKey_fp, i2d_RSAPublicKey, i2d_RSAPublicKey_bio, i2d_RSAPublicKey_fp, i2d_RSA_OAEP_PARAMS, i2d_RSA_PSS_PARAMS, i2d_RSA_PUBKEY, i2d_RSA_PUBKEY_bio, i2d_RSA_PUBKEY_fp, i2d_SCRYPT_PARAMS, i2d_SCT_LIST, i2d_SXNET, i2d_SXNETID, i2d_TS_ACCURACY, i2d_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT_bio, i2d_TS_MSG_IMPRINT_fp, i2d_TS_REQ, i2d_TS_REQ_bio, i2d_TS_REQ_fp, i2d_TS_RESP, i2d_TS_RESP_bio, i2d_TS_RESP_fp, i2d_TS_STATUS_INFO, i2d_TS_TST_INFO, i2d_TS_TST_INFO_bio, i2d_TS_TST_INFO_fp, i2d_USERNOTICE, i2d_X509, i2d_X509_ALGOR, i2d_X509_ALGORS, i2d_X509_ATTRIBUTE, i2d_X509_CERT_AUX, i2d_X509_CINF, i2d_X509_CRL, i2d_X509_CRL_INFO, i2d_X509_CRL_bio, i2d_X509_CRL_fp, i2d_X509_EXTENSION, i2d_X509_EXTENSIONS, i2d_X509_NAME, i2d_X509_NAME_ENTRY, i2d_X509_PUBKEY, i2d_X509_REQ, i2d_X509_REQ_INFO, i2d_X509_REQ_bio, i2d_X509_REQ_fp, i2d_X509_REVOKED, i2d_X509_SIG, i2d_X509_VAL, - convert objects from/to ASN.1/DER representation

+ +

SYNOPSIS

+ +
TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length);
+TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a);
+TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a);
+
+int i2d_TYPE(TYPE *a, unsigned char **ppout);
+int i2d_TYPE_fp(FILE *fp, TYPE *a);
+int i2d_TYPE_bio(BIO *bp, TYPE *a);
+ +

DESCRIPTION

+ +

In the description here, TYPE is used a placeholder for any of the OpenSSL datatypes, such as X509_CRL. The function parameters ppin and ppout are generally either both named pp in the headers, or in and out.

+ +

These functions convert OpenSSL objects to and from their ASN.1/DER encoding. Unlike the C structures which can have pointers to sub-objects within, the DER is a serialized encoding, suitable for sending over the network, writing to a file, and so on.

+ +

d2i_TYPE() attempts to decode len bytes at *ppin. If successful a pointer to the TYPE structure is returned and *ppin is incremented to the byte following the parsed data. If a is not NULL then a pointer to the returned structure is also written to *a. If an error occurred then NULL is returned.

+ +

On a successful return, if *a is not NULL then it is assumed that *a contains a valid TYPE structure and an attempt is made to reuse it. This "reuse" capability is present for historical compatibility but its use is strongly discouraged (see BUGS below, and the discussion in the RETURN VALUES section).

+ +

d2i_TYPE_bio() is similar to d2i_TYPE() except it attempts to parse data from BIO bp.

+ +

d2i_TYPE_fp() is similar to d2i_TYPE() except it attempts to parse data from FILE pointer fp.

+ +

i2d_TYPE() encodes the structure pointed to by a into DER format. If ppout is not NULL, it writes the DER encoded data to the buffer at *ppout, and increments it to point after the data just written. If the return value is negative an error occurred, otherwise it returns the length of the encoded data.

+ +

If *ppout is NULL memory will be allocated for a buffer and the encoded data written to it. In this case *ppout is not incremented and it points to the start of the data just written.

+ +

i2d_TYPE_bio() is similar to i2d_TYPE() except it writes the encoding of the structure a to BIO bp and it returns 1 for success and 0 for failure.

+ +

i2d_TYPE_fp() is similar to i2d_TYPE() except it writes the encoding of the structure a to BIO bp and it returns 1 for success and 0 for failure.

+ +

These routines do not encrypt private keys and therefore offer no security; use PEM_write_PrivateKey(3) or similar for writing to files.

+ +

NOTES

+ +

The letters i and d in i2d_TYPE stand for "internal" (that is, an internal C structure) and "DER" respectively. So i2d_TYPE converts from internal to DER.

+ +

The functions can also understand BER forms.

+ +

The actual TYPE structure passed to i2d_TYPE() must be a valid populated TYPE structure -- it cannot simply be fed with an empty structure such as that returned by TYPE_new().

+ +

The encoded data is in binary form and may contain embedded zeroes. Therefore any FILE pointers or BIOs should be opened in binary mode. Functions such as strlen() will not return the correct length of the encoded structure.

+ +

The ways that *ppin and *ppout are incremented after the operation can trap the unwary. See the WARNINGS section for some common errors. The reason for this-auto increment behaviour is to reflect a typical usage of ASN1 functions: after one structure is encoded or decoded another will be processed after it.

+ +

The following points about the data types might be useful:

+ +
+ +
ASN1_OBJECT
+
+ +

Represents an ASN1 OBJECT IDENTIFIER.

+ +
+
DHparams
+
+ +

Represents a PKCS#3 DH parameters structure.

+ +
+
DHxparams
+
+ +

Represents an ANSI X9.42 DH parameters structure.

+ +
+
DSA_PUBKEY
+
+ +

Represents a DSA public key using a SubjectPublicKeyInfo structure.

+ +
+
DSAPublicKey, DSAPrivateKey
+
+ +

Use a non-standard OpenSSL format and should be avoided; use DSA_PUBKEY, PEM_write_PrivateKey(3), or similar instead.

+ +
+
ECDSA_SIG
+
+ +

Represents an ECDSA signature.

+ +
+
RSAPublicKey
+
+ +

Represents a PKCS#1 RSA public key structure.

+ +
+
X509_ALGOR
+
+ +

Represents an AlgorithmIdentifier structure as used in IETF RFC 6960 and elsewhere.

+ +
+
X509_Name
+
+ +

Represents a Name type as used for subject and issuer names in IETF RFC 6960 and elsewhere.

+ +
+
X509_REQ
+
+ +

Represents a PKCS#10 certificate request.

+ +
+
X509_SIG
+
+ +

Represents the DigestInfo structure defined in PKCS#1 and PKCS#7.

+ +
+
+ +

RETURN VALUES

+ +

d2i_TYPE(), d2i_TYPE_bio() and d2i_TYPE_fp() return a valid TYPE structure or NULL if an error occurs. If the "reuse" capability has been used with a valid structure being passed in via a, then the object is freed in the event of error and *a is set to NULL.

+ +

i2d_TYPE() returns the number of bytes successfully encoded or a negative value if an error occurs.

+ +

i2d_TYPE_bio() and i2d_TYPE_fp() return 1 for success and 0 if an error occurs.

+ +

EXAMPLES

+ +

Allocate and encode the DER encoding of an X509 structure:

+ +
int len;
+unsigned char *buf;
+
+buf = NULL;
+len = i2d_X509(x, &buf);
+if (len < 0)
+    /* error */
+ +

Attempt to decode a buffer:

+ +
X509 *x;
+unsigned char *buf, *p;
+int len;
+
+/* Set up buf and len to point to the input buffer. */
+p = buf;
+x = d2i_X509(NULL, &p, len);
+if (x == NULL)
+    /* error */
+ +

Alternative technique:

+ +
X509 *x;
+unsigned char *buf, *p;
+int len;
+
+/* Set up buf and len to point to the input buffer. */
+p = buf;
+x = NULL;
+
+if (d2i_X509(&x, &p, len) == NULL)
+    /* error */
+ +

WARNINGS

+ +

Using a temporary variable is mandatory. A common mistake is to attempt to use a buffer directly as follows:

+ +
int len;
+unsigned char *buf;
+
+len = i2d_X509(x, NULL);
+buf = OPENSSL_malloc(len);
+...
+i2d_X509(x, &buf);
+...
+OPENSSL_free(buf);
+ +

This code will result in buf apparently containing garbage because it was incremented after the call to point after the data just written. Also buf will no longer contain the pointer allocated by OPENSSL_malloc() and the subsequent call to OPENSSL_free() is likely to crash.

+ +

Another trap to avoid is misuse of the a argument to d2i_TYPE():

+ +
X509 *x;
+
+if (d2i_X509(&x, &p, len) == NULL)
+    /* error */
+ +

This will probably crash somewhere in d2i_X509(). The reason for this is that the variable x is uninitialized and an attempt will be made to interpret its (invalid) value as an X509 structure, typically causing a segmentation violation. If x is set to NULL first then this will not happen.

+ +

BUGS

+ +

In some versions of OpenSSL the "reuse" behaviour of d2i_TYPE() when *a is valid is broken and some parts of the reused structure may persist if they are not present in the new one. Additionally, in versions of OpenSSL prior to 1.1.0, when the "reuse" behaviour is used and an error occurs the behaviour is inconsistent. Some functions behaved as described here, while some did not free *a on error and did not set *a to NULL.

+ +

As a result of the above issues the "reuse" behaviour is strongly discouraged.

+ +

i2d_TYPE() will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error then the encoded structure may contain invalid data or omit the fields entirely and will not be parsed by d2i_TYPE(). This may be fixed in future so code should not assume that i2d_TYPE() will always succeed.

+ +

Any function which encodes a structure (i2d_TYPE(), i2d_TYPE() or i2d_TYPE()) may return a stale encoding if the structure has been modified after deserialization or previous serialization. This is because some objects cache the encoding for efficiency reasons.

+ +

COPYRIGHT

+ +

Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/i2d_CMS_bio_stream.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/i2d_CMS_bio_stream.html new file mode 100644 index 00000000..7d909ee1 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/i2d_CMS_bio_stream.html @@ -0,0 +1,73 @@ + + + + +i2d_CMS_bio_stream + + + + + + + + + + +

NAME

+ +

i2d_CMS_bio_stream - output CMS_ContentInfo structure in BER format

+ +

SYNOPSIS

+ +
#include <openssl/cms.h>
+
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+ +

DESCRIPTION

+ +

i2d_CMS_bio_stream() outputs a CMS_ContentInfo structure in BER format.

+ +

It is otherwise identical to the function SMIME_write_CMS().

+ +

NOTES

+ +

This function is effectively a version of the i2d_CMS_bio() supporting streaming.

+ +

BUGS

+ +

The prefix "i2d" is arguably wrong because the function outputs BER format.

+ +

RETURN VALUES

+ +

i2d_CMS_bio_stream() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

ERR_get_error(3), CMS_sign(3), CMS_verify(3), CMS_encrypt(3) CMS_decrypt(3), SMIME_write_CMS(3), PEM_write_bio_CMS_stream(3)

+ +

HISTORY

+ +

The i2d_CMS_bio_stream() function was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/i2d_PKCS7_bio_stream.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/i2d_PKCS7_bio_stream.html new file mode 100644 index 00000000..9fd05884 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/i2d_PKCS7_bio_stream.html @@ -0,0 +1,73 @@ + + + + +i2d_PKCS7_bio_stream + + + + + + + + + + +

NAME

+ +

i2d_PKCS7_bio_stream - output PKCS7 structure in BER format

+ +

SYNOPSIS

+ +
#include <openssl/pkcs7.h>
+
+int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
+ +

DESCRIPTION

+ +

i2d_PKCS7_bio_stream() outputs a PKCS7 structure in BER format.

+ +

It is otherwise identical to the function SMIME_write_PKCS7().

+ +

NOTES

+ +

This function is effectively a version of the d2i_PKCS7_bio() supporting streaming.

+ +

BUGS

+ +

The prefix "i2d" is arguably wrong because the function outputs BER format.

+ +

RETURN VALUES

+ +

i2d_PKCS7_bio_stream() returns 1 for success or 0 for failure.

+ +

SEE ALSO

+ +

ERR_get_error(3), PKCS7_sign(3), PKCS7_verify(3), PKCS7_encrypt(3) PKCS7_decrypt(3), SMIME_write_PKCS7(3), PEM_write_bio_PKCS7_stream(3)

+ +

HISTORY

+ +

The i2d_PKCS7_bio_stream() function was added in OpenSSL 1.0.0.

+ +

COPYRIGHT

+ +

Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/i2d_re_X509_tbs.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/i2d_re_X509_tbs.html new file mode 100644 index 00000000..67e9a3f0 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/i2d_re_X509_tbs.html @@ -0,0 +1,74 @@ + + + + +i2d_re_X509_tbs + + + + + + + + + + +

NAME

+ +

d2i_X509_AUX, i2d_X509_AUX, i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs - X509 encode and decode functions

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+
+X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len);
+int i2d_X509_AUX(X509 *x, unsigned char **out);
+int i2d_re_X509_tbs(X509 *x, unsigned char **out);
+int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp);
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
+ +

DESCRIPTION

+ +

The X509 encode and decode routines encode and parse an X509 structure, which represents an X509 certificate.

+ +

d2i_X509_AUX() is similar to d2i_X509(3) but the input is expected to consist of an X509 certificate followed by auxiliary trust information. This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects. This function should not be called on untrusted input.

+ +

i2d_X509_AUX() is similar to i2d_X509(3), but the encoded output contains both the certificate and any auxiliary trust information. This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects. Note that this is a non-standard OpenSSL-specific data format.

+ +

i2d_re_X509_tbs() is similar to i2d_X509(3) except it encodes only the TBSCertificate portion of the certificate. i2d_re_X509_CRL_tbs() and i2d_re_X509_REQ_tbs() are analogous for CRL and certificate request, respectively. The "re" in i2d_re_X509_tbs stands for "re-encode", and ensures that a fresh encoding is generated in case the object has been modified after creation (see the BUGS section).

+ +

The encoding of the TBSCertificate portion of a certificate is cached in the X509 structure internally to improve encoding performance and to ensure certificate signatures are verified correctly in some certificates with broken (non-DER) encodings.

+ +

If, after modification, the X509 object is re-signed with X509_sign(), the encoding is automatically renewed. Otherwise, the encoding of the TBSCertificate portion of the X509 can be manually renewed by calling i2d_re_X509_tbs().

+ +

RETURN VALUES

+ +

d2i_X509_AUX() returns a valid X509 structure or NULL if an error occurred.

+ +

i2d_X509_AUX() returns the length of encoded data or -1 on error.

+ +

i2d_re_X509_tbs(), i2d_re_X509_CRL_tbs() and i2d_re_X509_REQ_tbs() return the length of encoded data or 0 on error.

+ +

SEE ALSO

+ +

ERR_get_error(3) X509_CRL_get0_by_serial(3), X509_get0_signature(3), X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_get_version(3), X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3), X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3), X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)

+ +

COPYRIGHT

+ +

Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man3/o2i_SCT_LIST.html b/deps/openssl/mingw64/share/doc/openssl/html/man3/o2i_SCT_LIST.html new file mode 100644 index 00000000..4636eb47 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man3/o2i_SCT_LIST.html @@ -0,0 +1,65 @@ + + + + +o2i_SCT_LIST + + + + + + + + + + +

NAME

+ +

o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT - decode and encode Signed Certificate Timestamp lists in TLS wire format

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+
+STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            size_t len);
+int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
+int i2o_SCT(const SCT *sct, unsigned char **out);
+ +

DESCRIPTION

+ +

The SCT_LIST and SCT functions are very similar to the i2d and d2i family of functions, except that they convert to and from TLS wire format, as described in RFC 6962. See d2i_SCT_LIST for more information about how the parameters are treated and the return values.

+ +

RETURN VALUES

+ +

All of the functions have return values consistent with those stated for d2i_SCT_LIST and i2d_SCT_LIST.

+ +

SEE ALSO

+ +

ct(7), d2i_SCT_LIST(3), i2d_SCT_LIST(3)

+ +

HISTORY

+ +

These functions were added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man5/config.html b/deps/openssl/mingw64/share/doc/openssl/html/man5/config.html new file mode 100644 index 00000000..54bca59e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man5/config.html @@ -0,0 +1,362 @@ + + + + +config + + + + + + + + + + +

NAME

+ +

config - OpenSSL CONF library configuration files

+ +

DESCRIPTION

+ +

The OpenSSL CONF library can be used to read configuration files. It is used for the OpenSSL master configuration file openssl.cnf and in a few other places like SPKAC files and certificate extension files for the x509 utility. OpenSSL applications can also use the CONF library for their own purposes.

+ +

A configuration file is divided into a number of sections. Each section starts with a line [ section_name ] and ends when a new section is started or end of file is reached. A section name can consist of alphanumeric characters and underscores.

+ +

The first section of a configuration file is special and is referred to as the default section. This section is usually unnamed and spans from the start of file until the first named section. When a name is being looked up it is first looked up in a named section (if any) and then the default section.

+ +

The environment is mapped onto a section called ENV.

+ +

Comments can be included by preceding them with the # character

+ +

Other files can be included using the .include directive followed by a path. If the path points to a directory all files with names ending with .cnf or .conf are included from the directory. Recursive inclusion of directories from files in such directory is not supported. That means the files in the included directory can also contain .include directives but only inclusion of regular files is supported there. The inclusion of directories is not supported on systems without POSIX IO support.

+ +

It is strongly recommended to use absolute paths with the .include directive. Relative paths are evaluated based on the application current working directory so unless the configuration file containing the .include directive is application specific the inclusion will not work as expected.

+ +

There can be optional = character and whitespace characters between .include directive and the path which can be useful in cases the configuration file needs to be loaded by old OpenSSL versions which do not support the .include syntax. They would bail out with error if the = character is not present but with it they just ignore the include.

+ +

Each section in a configuration file consists of a number of name and value pairs of the form name=value

+ +

The name string can contain any alphanumeric characters as well as a few punctuation symbols such as . , ; and _.

+ +

The value string consists of the string following the = character until end of line with any leading and trailing white space removed.

+ +

The value string undergoes variable expansion. This can be done by including the form $var or ${var}: this will substitute the value of the named variable in the current section. It is also possible to substitute a value from another section using the syntax $section::name or ${section::name}. By using the form $ENV::name environment variables can be substituted. It is also possible to assign values to environment variables by using the name ENV::name, this will work if the program looks up environment variables using the CONF library instead of calling getenv() directly. The value string must not exceed 64k in length after variable expansion. Otherwise an error will occur.

+ +

It is possible to escape certain characters by using any kind of quote or the \ character. By making the last character of a line a \ a value string can be spread across multiple lines. In addition the sequences \n, \r, \b and \t are recognized.

+ +

All expansion and escape rules as described above that apply to value also apply to the path of the .include directive.

+ +

OPENSSL LIBRARY CONFIGURATION

+ +

Applications can automatically configure certain aspects of OpenSSL using the master OpenSSL configuration file, or optionally an alternative configuration file. The openssl utility includes this functionality: any sub command uses the master OpenSSL configuration file unless an option is used in the sub command to use an alternative configuration file.

+ +

To enable library configuration the default section needs to contain an appropriate line which points to the main configuration section. The default name is openssl_conf which is used by the openssl utility. Other applications may use an alternative name such as myapplication_conf. All library configuration lines appear in the default section at the start of the configuration file.

+ +

The configuration section should consist of a set of name value pairs which contain specific module configuration information. The name represents the name of the configuration module. The meaning of the value is module specific: it may, for example, represent a further configuration section containing configuration module specific information. E.g.:

+ +
# This must be in the default section
+openssl_conf = openssl_init
+
+[openssl_init]
+
+oid_section = new_oids
+engines = engine_section
+
+[new_oids]
+
+... new oids here ...
+
+[engine_section]
+
+... engine stuff here ...
+ +

The features of each configuration module are described below.

+ +

ASN1 Object Configuration Module

+ +

This module has the name oid_section. The value of this variable points to a section containing name value pairs of OIDs: the name is the OID short and long name, the value is the numerical form of the OID. Although some of the openssl utility sub commands already have their own ASN1 OBJECT section functionality not all do. By using the ASN1 OBJECT configuration module all the openssl utility sub commands can see the new objects as well as any compliant applications. For example:

+ +
[new_oids]
+
+some_new_oid = 1.2.3.4
+some_other_oid = 1.2.3.5
+ +

It is also possible to set the value to the long name followed by a comma and the numerical OID form. For example:

+ +
shortName = some object long name, 1.2.3.4
+ +

Engine Configuration Module

+ +

This ENGINE configuration module has the name engines. The value of this variable points to a section containing further ENGINE configuration information.

+ +

The section pointed to by engines is a table of engine names (though see engine_id below) and further sections containing configuration information specific to each ENGINE.

+ +

Each ENGINE specific section is used to set default algorithms, load dynamic, perform initialization and send ctrls. The actual operation performed depends on the command name which is the name of the name value pair. The currently supported commands are listed below.

+ +

For example:

+ +
[engine_section]
+
+# Configure ENGINE named "foo"
+foo = foo_section
+# Configure ENGINE named "bar"
+bar = bar_section
+
+[foo_section]
+... foo ENGINE specific commands ...
+
+[bar_section]
+... "bar" ENGINE specific commands ...
+ +

The command engine_id is used to give the ENGINE name. If used this command must be first. For example:

+ +
[engine_section]
+# This would normally handle an ENGINE named "foo"
+foo = foo_section
+
+[foo_section]
+# Override default name and use "myfoo" instead.
+engine_id = myfoo
+ +

The command dynamic_path loads and adds an ENGINE from the given path. It is equivalent to sending the ctrls SO_PATH with the path argument followed by LIST_ADD with value 2 and LOAD to the dynamic ENGINE. If this is not the required behaviour then alternative ctrls can be sent directly to the dynamic ENGINE using ctrl commands.

+ +

The command init determines whether to initialize the ENGINE. If the value is 0 the ENGINE will not be initialized, if 1 and attempt it made to initialized the ENGINE immediately. If the init command is not present then an attempt will be made to initialize the ENGINE after all commands in its section have been processed.

+ +

The command default_algorithms sets the default algorithms an ENGINE will supply using the functions ENGINE_set_default_string().

+ +

If the name matches none of the above command names it is assumed to be a ctrl command which is sent to the ENGINE. The value of the command is the argument to the ctrl command. If the value is the string EMPTY then no value is sent to the command.

+ +

For example:

+ +
[engine_section]
+
+# Configure ENGINE named "foo"
+foo = foo_section
+
+[foo_section]
+# Load engine from DSO
+dynamic_path = /some/path/fooengine.so
+# A foo specific ctrl.
+some_ctrl = some_value
+# Another ctrl that doesn't take a value.
+other_ctrl = EMPTY
+# Supply all default algorithms
+default_algorithms = ALL
+ +

EVP Configuration Module

+ +

This modules has the name alg_section which points to a section containing algorithm commands.

+ +

Currently the only algorithm command supported is fips_mode whose value can only be the boolean string off. If fips_mode is set to on, an error occurs as this library version is not FIPS capable.

+ +

SSL Configuration Module

+ +

This module has the name ssl_conf which points to a section containing SSL configurations.

+ +

Each line in the SSL configuration section contains the name of the configuration and the section containing it.

+ +

Each configuration section consists of command value pairs for SSL_CONF. Each pair will be passed to a SSL_CTX or SSL structure if it calls SSL_CTX_config() or SSL_config() with the appropriate configuration name.

+ +

Note: any characters before an initial dot in the configuration section are ignored so the same command can be used multiple times.

+ +

For example:

+ +
ssl_conf = ssl_sect
+
+[ssl_sect]
+
+server = server_section
+
+[server_section]
+
+RSA.Certificate = server-rsa.pem
+ECDSA.Certificate = server-ecdsa.pem
+Ciphers = ALL:!RC4
+ +

The system default configuration with name system_default if present will be applied during any creation of the SSL_CTX structure.

+ +

Example of a configuration with the system default:

+ +
ssl_conf = ssl_sect
+
+[ssl_sect]
+
+system_default = system_default_sect
+
+[system_default_sect]
+
+MinProtocol = TLSv1.2
+ +

NOTES

+ +

If a configuration file attempts to expand a variable that doesn't exist then an error is flagged and the file will not load. This can happen if an attempt is made to expand an environment variable that doesn't exist. For example in a previous version of OpenSSL the default OpenSSL master configuration file used the value of HOME which may not be defined on non Unix systems and would cause an error.

+ +

This can be worked around by including a default section to provide a default value: then if the environment lookup fails the default value will be used instead. For this to work properly the default value must be defined earlier in the configuration file than the expansion. See the EXAMPLES section for an example of how to do this.

+ +

If the same variable exists in the same section then all but the last value will be silently ignored. In certain circumstances such as with DNs the same field may occur multiple times. This is usually worked around by ignoring any characters before an initial . e.g.

+ +
1.OU="My first OU"
+2.OU="My Second OU"
+ +

EXAMPLES

+ +

Here is a sample configuration file using some of the features mentioned above.

+ +
# This is the default section.
+
+HOME=/temp
+RANDFILE= ${ENV::HOME}/.rnd
+configdir=$ENV::HOME/config
+
+[ section_one ]
+
+# We are now in section one.
+
+# Quotes permit leading and trailing whitespace
+any = " any variable name "
+
+other = A string that can \
+cover several lines \
+by including \\ characters
+
+message = Hello World\n
+
+[ section_two ]
+
+greeting = $section_one::message
+ +

This next example shows how to expand environment variables safely.

+ +

Suppose you want a variable called tmpfile to refer to a temporary filename. The directory it is placed in can determined by the TEMP or TMP environment variables but they may not be set to any value at all. If you just include the environment variable names and the variable doesn't exist then this will cause an error when an attempt is made to load the configuration file. By making use of the default section both values can be looked up with TEMP taking priority and /tmp used if neither is defined:

+ +
TMP=/tmp
+# The above value is used if TMP isn't in the environment
+TEMP=$ENV::TMP
+# The above value is used if TEMP isn't in the environment
+tmpfile=${ENV::TEMP}/tmp.filename
+ +

Simple OpenSSL library configuration example to enter FIPS mode:

+ +
# Default appname: should match "appname" parameter (if any)
+# supplied to CONF_modules_load_file et al.
+openssl_conf = openssl_conf_section
+
+[openssl_conf_section]
+# Configuration module list
+alg_section = evp_sect
+
+[evp_sect]
+# Set to "yes" to enter FIPS mode if supported
+fips_mode = yes
+ +

Note: in the above example you will get an error in non FIPS capable versions of OpenSSL.

+ +

Simple OpenSSL library configuration to make TLS 1.3 the system-default minimum TLS version:

+ +
# Toplevel section for openssl (including libssl)
+openssl_conf = default_conf_section
+
+[default_conf_section]
+# We only specify configuration for the "ssl module"
+ssl_conf = ssl_section
+
+[ssl_section]
+system_default = system_default_section
+
+[system_default_section]
+MinProtocol = TLSv1.3
+ +

More complex OpenSSL library configuration. Add OID and don't enter FIPS mode:

+ +
# Default appname: should match "appname" parameter (if any)
+# supplied to CONF_modules_load_file et al.
+openssl_conf = openssl_conf_section
+
+[openssl_conf_section]
+# Configuration module list
+alg_section = evp_sect
+oid_section = new_oids
+
+[evp_sect]
+# This will have no effect as FIPS mode is off by default.
+# Set to "yes" to enter FIPS mode, if supported
+fips_mode = no
+
+[new_oids]
+# New OID, just short name
+newoid1 = 1.2.3.4.1
+# New OID shortname and long name
+newoid2 = New OID 2 long name, 1.2.3.4.2
+ +

The above examples can be used with any application supporting library configuration if "openssl_conf" is modified to match the appropriate "appname".

+ +

For example if the second sample file above is saved to "example.cnf" then the command line:

+ +
OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1
+ +

will output:

+ +
0:d=0  hl=2 l=   4 prim: OBJECT            :newoid1
+ +

showing that the OID "newoid1" has been added as "1.2.3.4.1".

+ +

ENVIRONMENT

+ +
+ +
OPENSSL_CONF
+
+ +

The path to the config file. Ignored in set-user-ID and set-group-ID programs.

+ +
+
OPENSSL_ENGINES
+
+ +

The path to the engines directory. Ignored in set-user-ID and set-group-ID programs.

+ +
+
+ +

BUGS

+ +

Currently there is no way to include characters using the octal \nnn form. Strings are all null terminated so nulls cannot form part of the value.

+ +

The escaping isn't quite right: if you want to use sequences like \n you can't use any quote escaping on the same line.

+ +

Files are loaded in a single pass. This means that an variable expansion will only work if the variables referenced are defined earlier in the file.

+ +

SEE ALSO

+ +

x509(1), req(1), ca(1)

+ +

COPYRIGHT

+ +

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man5/x509v3_config.html b/deps/openssl/mingw64/share/doc/openssl/html/man5/x509v3_config.html new file mode 100644 index 00000000..3a96990b --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man5/x509v3_config.html @@ -0,0 +1,464 @@ + + + + +x509v3_config + + + + + + + + + + +

NAME

+ +

x509v3_config - X509 V3 certificate extension configuration format

+ +

DESCRIPTION

+ +

Several of the OpenSSL utilities can add extensions to a certificate or certificate request based on the contents of a configuration file.

+ +

Typically the application will contain an option to point to an extension section. Each line of the extension section takes the form:

+ +
extension_name=[critical,] extension_options
+ +

If critical is present then the extension will be critical.

+ +

The format of extension_options depends on the value of extension_name.

+ +

There are four main types of extension: string extensions, multi-valued extensions, raw and arbitrary extensions.

+ +

String extensions simply have a string which contains either the value itself or how it is obtained.

+ +

For example:

+ +
nsComment="This is a Comment"
+ +

Multi-valued extensions have a short form and a long form. The short form is a list of names and values:

+ +
basicConstraints=critical,CA:true,pathlen:1
+ +

The long form allows the values to be placed in a separate section:

+ +
basicConstraints=critical,@bs_section
+
+[bs_section]
+
+CA=true
+pathlen=1
+ +

Both forms are equivalent.

+ +

The syntax of raw extensions is governed by the extension code: it can for example contain data in multiple sections. The correct syntax to use is defined by the extension code itself: check out the certificate policies extension for an example.

+ +

If an extension type is unsupported then the arbitrary extension syntax must be used, see the ARBITRARY EXTENSIONS section for more details.

+ +

STANDARD EXTENSIONS

+ +

The following sections describe each supported extension in detail.

+ +

Basic Constraints.

+ +

This is a multi valued extension which indicates whether a certificate is a CA certificate. The first (mandatory) name is CA followed by TRUE or FALSE. If CA is TRUE then an optional pathlen name followed by an non-negative value can be included.

+ +

For example:

+ +
basicConstraints=CA:TRUE
+
+basicConstraints=CA:FALSE
+
+basicConstraints=critical,CA:TRUE, pathlen:0
+ +

A CA certificate must include the basicConstraints value with the CA field set to TRUE. An end user certificate must either set CA to FALSE or exclude the extension entirely. Some software may require the inclusion of basicConstraints with CA set to FALSE for end entity certificates.

+ +

The pathlen parameter indicates the maximum number of CAs that can appear below this one in a chain. So if you have a CA with a pathlen of zero it can only be used to sign end user certificates and not further CAs.

+ +

Key Usage.

+ +

Key usage is a multi valued extension consisting of a list of names of the permitted key usages.

+ +

The supported names are: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly and decipherOnly.

+ +

Examples:

+ +
keyUsage=digitalSignature, nonRepudiation
+
+keyUsage=critical, keyCertSign
+ +

Extended Key Usage.

+ +

This extensions consists of a list of usages indicating purposes for which the certificate public key can be used for,

+ +

These can either be object short names or the dotted numerical form of OIDs. While any OID can be used only certain values make sense. In particular the following PKIX, NS and MS values are meaningful:

+ +
Value                  Meaning
+-----                  -------
+serverAuth             SSL/TLS Web Server Authentication.
+clientAuth             SSL/TLS Web Client Authentication.
+codeSigning            Code signing.
+emailProtection        E-mail Protection (S/MIME).
+timeStamping           Trusted Timestamping
+OCSPSigning            OCSP Signing
+ipsecIKE               ipsec Internet Key Exchange
+msCodeInd              Microsoft Individual Code Signing (authenticode)
+msCodeCom              Microsoft Commercial Code Signing (authenticode)
+msCTLSign              Microsoft Trust List Signing
+msEFS                  Microsoft Encrypted File System
+ +

Examples:

+ +
extendedKeyUsage=critical,codeSigning,1.2.3.4
+extendedKeyUsage=serverAuth,clientAuth
+ +

Subject Key Identifier.

+ +

This is really a string extension and can take two possible values. Either the word hash which will automatically follow the guidelines in RFC3280 or a hex string giving the extension value to include. The use of the hex string is strongly discouraged.

+ +

Example:

+ +
subjectKeyIdentifier=hash
+ +

Authority Key Identifier.

+ +

The authority key identifier extension permits two options. keyid and issuer: both can take the optional value "always".

+ +

If the keyid option is present an attempt is made to copy the subject key identifier from the parent certificate. If the value "always" is present then an error is returned if the option fails.

+ +

The issuer option copies the issuer and serial number from the issuer certificate. This will only be done if the keyid option fails or is not included unless the "always" flag will always include the value.

+ +

Example:

+ +
authorityKeyIdentifier=keyid,issuer
+ +

Subject Alternative Name.

+ +

The subject alternative name extension allows various literal values to be included in the configuration file. These include email (an email address) URI a uniform resource indicator, DNS (a DNS domain name), RID (a registered ID: OBJECT IDENTIFIER), IP (an IP address), dirName (a distinguished name) and otherName.

+ +

The email option include a special 'copy' value. This will automatically include any email addresses contained in the certificate subject name in the extension.

+ +

The IP address used in the IP options can be in either IPv4 or IPv6 format.

+ +

The value of dirName should point to a section containing the distinguished name to use as a set of name value pairs. Multi values AVAs can be formed by prefacing the name with a + character.

+ +

otherName can include arbitrary data associated with an OID: the value should be the OID followed by a semicolon and the content in standard ASN1_generate_nconf(3) format.

+ +

Examples:

+ +
subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
+subjectAltName=IP:192.168.7.1
+subjectAltName=IP:13::17
+subjectAltName=email:my@other.address,RID:1.2.3.4
+subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
+
+subjectAltName=dirName:dir_sect
+
+[dir_sect]
+C=UK
+O=My Organization
+OU=My Unit
+CN=My Name
+ +

Issuer Alternative Name.

+ +

The issuer alternative name option supports all the literal options of subject alternative name. It does not support the email:copy option because that would not make sense. It does support an additional issuer:copy option that will copy all the subject alternative name values from the issuer certificate (if possible).

+ +

Example:

+ +
issuerAltName = issuer:copy
+ +

Authority Info Access.

+ +

The authority information access extension gives details about how to access certain information relating to the CA. Its syntax is accessOID;location where location has the same syntax as subject alternative name (except that email:copy is not supported). accessOID can be any valid OID but only certain values are meaningful, for example OCSP and caIssuers.

+ +

Example:

+ +
authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
+authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
+ +

CRL distribution points

+ +

This is a multi-valued extension whose options can be either in name:value pair using the same form as subject alternative name or a single value representing a section name containing all the distribution point fields.

+ +

For a name:value pair a new DistributionPoint with the fullName field set to the given value both the cRLissuer and reasons fields are omitted in this case.

+ +

In the single option case the section indicated contains values for each field. In this section:

+ +

If the name is "fullname" the value field should contain the full name of the distribution point in the same format as subject alternative name.

+ +

If the name is "relativename" then the value field should contain a section name whose contents represent a DN fragment to be placed in this field.

+ +

The name "CRLIssuer" if present should contain a value for this field in subject alternative name format.

+ +

If the name is "reasons" the value field should consist of a comma separated field containing the reasons. Valid reasons are: "keyCompromise", "CACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "privilegeWithdrawn" and "AACompromise".

+ +

Simple examples:

+ +
crlDistributionPoints=URI:http://myhost.com/myca.crl
+crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl
+ +

Full distribution point example:

+ +
crlDistributionPoints=crldp1_section
+
+[crldp1_section]
+
+fullname=URI:http://myhost.com/myca.crl
+CRLissuer=dirName:issuer_sect
+reasons=keyCompromise, CACompromise
+
+[issuer_sect]
+C=UK
+O=Organisation
+CN=Some Name
+ +

Issuing Distribution Point

+ +

This extension should only appear in CRLs. It is a multi valued extension whose syntax is similar to the "section" pointed to by the CRL distribution points extension with a few differences.

+ +

The names "reasons" and "CRLissuer" are not recognized.

+ +

The name "onlysomereasons" is accepted which sets this field. The value is in the same format as the CRL distribution point "reasons" field.

+ +

The names "onlyuser", "onlyCA", "onlyAA" and "indirectCRL" are also accepted the values should be a boolean value (TRUE or FALSE) to indicate the value of the corresponding field.

+ +

Example:

+ +
issuingDistributionPoint=critical, @idp_section
+
+[idp_section]
+
+fullname=URI:http://myhost.com/myca.crl
+indirectCRL=TRUE
+onlysomereasons=keyCompromise, CACompromise
+
+[issuer_sect]
+C=UK
+O=Organisation
+CN=Some Name
+ +

Certificate Policies.

+ +

This is a raw extension. All the fields of this extension can be set by using the appropriate syntax.

+ +

If you follow the PKIX recommendations and just using one OID then you just include the value of that OID. Multiple OIDs can be set separated by commas, for example:

+ +
certificatePolicies= 1.2.4.5, 1.1.3.4
+ +

If you wish to include qualifiers then the policy OID and qualifiers need to be specified in a separate section: this is done by using the @section syntax instead of a literal OID value.

+ +

The section referred to must include the policy OID using the name policyIdentifier, cPSuri qualifiers can be included using the syntax:

+ +
CPS.nnn=value
+ +

userNotice qualifiers can be set using the syntax:

+ +
userNotice.nnn=@notice
+ +

The value of the userNotice qualifier is specified in the relevant section. This section can include explicitText, organization and noticeNumbers options. explicitText and organization are text strings, noticeNumbers is a comma separated list of numbers. The organization and noticeNumbers options (if included) must BOTH be present. If you use the userNotice option with IE5 then you need the 'ia5org' option at the top level to modify the encoding: otherwise it will not be interpreted properly.

+ +

Example:

+ +
certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
+
+[polsect]
+
+policyIdentifier = 1.3.5.8
+CPS.1="http://my.host.name/"
+CPS.2="http://my.your.name/"
+userNotice.1=@notice
+
+[notice]
+
+explicitText="Explicit Text Here"
+organization="Organisation Name"
+noticeNumbers=1,2,3,4
+ +

The ia5org option changes the type of the organization field. In RFC2459 it can only be of type DisplayText. In RFC3280 IA5String is also permissible. Some software (for example some versions of MSIE) may require ia5org.

+ +

ASN1 type of explicitText can be specified by prepending UTF8, BMP or VISIBLE prefix followed by colon. For example:

+ +
[notice]
+explicitText="UTF8:Explicit Text Here"
+ +

Policy Constraints

+ +

This is a multi-valued extension which consisting of the names requireExplicitPolicy or inhibitPolicyMapping and a non negative integer value. At least one component must be present.

+ +

Example:

+ +
policyConstraints = requireExplicitPolicy:3
+ +

Inhibit Any Policy

+ +

This is a string extension whose value must be a non negative integer.

+ +

Example:

+ +
inhibitAnyPolicy = 2
+ +

Name Constraints

+ +

The name constraints extension is a multi-valued extension. The name should begin with the word permitted or excluded followed by a ;. The rest of the name and the value follows the syntax of subjectAltName except email:copy is not supported and the IP form should consist of an IP addresses and subnet mask separated by a /.

+ +

Examples:

+ +
nameConstraints=permitted;IP:192.168.0.0/255.255.0.0
+
+nameConstraints=permitted;email:.somedomain.com
+
+nameConstraints=excluded;email:.com
+ +

OCSP No Check

+ +

The OCSP No Check extension is a string extension but its value is ignored.

+ +

Example:

+ +
noCheck = ignored
+ +

TLS Feature (aka Must Staple)

+ +

This is a multi-valued extension consisting of a list of TLS extension identifiers. Each identifier may be a number (0..65535) or a supported name. When a TLS client sends a listed extension, the TLS server is expected to include that extension in its reply.

+ +

The supported names are: status_request and status_request_v2.

+ +

Example:

+ +
tlsfeature = status_request
+ +

DEPRECATED EXTENSIONS

+ +

The following extensions are non standard, Netscape specific and largely obsolete. Their use in new applications is discouraged.

+ +

Netscape String extensions.

+ +

Netscape Comment (nsComment) is a string extension containing a comment which will be displayed when the certificate is viewed in some browsers.

+ +

Example:

+ +
nsComment = "Some Random Comment"
+ +

Other supported extensions in this category are: nsBaseUrl, nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl and nsSslServerName.

+ +

Netscape Certificate Type

+ +

This is a multi-valued extensions which consists of a list of flags to be included. It was used to indicate the purposes for which a certificate could be used. The basicConstraints, keyUsage and extended key usage extensions are now used instead.

+ +

Acceptable values for nsCertType are: client, server, email, objsign, reserved, sslCA, emailCA, objCA.

+ +

ARBITRARY EXTENSIONS

+ +

If an extension is not supported by the OpenSSL code then it must be encoded using the arbitrary extension format. It is also possible to use the arbitrary format for supported extensions. Extreme care should be taken to ensure that the data is formatted correctly for the given extension type.

+ +

There are two ways to encode arbitrary extensions.

+ +

The first way is to use the word ASN1 followed by the extension content using the same syntax as ASN1_generate_nconf(3). For example:

+ +
1.2.3.4=critical,ASN1:UTF8String:Some random data
+
+1.2.3.4=ASN1:SEQUENCE:seq_sect
+
+[seq_sect]
+
+field1 = UTF8:field1
+field2 = UTF8:field2
+ +

It is also possible to use the word DER to include the raw encoded data in any extension.

+ +
1.2.3.4=critical,DER:01:02:03:04
+1.2.3.4=DER:01020304
+ +

The value following DER is a hex dump of the DER encoding of the extension Any extension can be placed in this form to override the default behaviour. For example:

+ +
basicConstraints=critical,DER:00:01:02:03
+ +

WARNINGS

+ +

There is no guarantee that a specific implementation will process a given extension. It may therefore be sometimes possible to use certificates for purposes prohibited by their extensions because a specific application does not recognize or honour the values of the relevant extensions.

+ +

The DER and ASN1 options should be used with caution. It is possible to create totally invalid extensions if they are not used carefully.

+ +

NOTES

+ +

If an extension is multi-value and a field value must contain a comma the long form must be used otherwise the comma would be misinterpreted as a field separator. For example:

+ +
subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
+ +

will produce an error but the equivalent form:

+ +
subjectAltName=@subject_alt_section
+
+[subject_alt_section]
+subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
+ +

is valid.

+ +

Due to the behaviour of the OpenSSL conf library the same field name can only occur once in a section. This means that:

+ +
subjectAltName=@alt_section
+
+[alt_section]
+
+email=steve@here
+email=steve@there
+ +

will only recognize the last value. This can be worked around by using the form:

+ +
[alt_section]
+
+email.1=steve@here
+email.2=steve@there
+ +

SEE ALSO

+ +

req(1), ca(1), x509(1), ASN1_generate_nconf(3)

+ +

COPYRIGHT

+ +

Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/Ed25519.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/Ed25519.html new file mode 100644 index 00000000..0e250b02 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/Ed25519.html @@ -0,0 +1,84 @@ + + + + +Ed25519 + + + + + + + + + + +

NAME

+ +

Ed25519, Ed448 - EVP_PKEY Ed25519 and Ed448 support

+ +

DESCRIPTION

+ +

The Ed25519 and Ed448 EVP_PKEY implementation supports key generation, one-shot digest sign and digest verify using PureEdDSA and Ed25519 or Ed448 (see RFC8032). It has associated private and public key formats compatible with RFC 8410.

+ +

No additional parameters can be set during key generation, one-shot signing or verification. In particular, because PureEdDSA is used, a digest must NOT be specified when signing or verifying.

+ +

NOTES

+ +

The PureEdDSA algorithm does not support the streaming mechanism of other signature algorithms using, for example, EVP_DigestUpdate(). The message to sign or verify must be passed using the one-shot EVP_DigestSign() and EVP_DigestVerify() functions.

+ +

When calling EVP_DigestSignInit() or EVP_DigestVerifyInit(), the digest type parameter MUST be set to NULL.

+ +

Applications wishing to sign certificates (or other structures such as CRLs or certificate requests) using Ed25519 or Ed448 can either use X509_sign() or X509_sign_ctx() in the usual way.

+ +

A context for the Ed25519 algorithm can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
+ +

For the Ed448 algorithm a context can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED448, NULL);
+ +

Ed25519 or Ed448 private keys can be set directly using EVP_PKEY_new_raw_private_key(3) or loaded from a PKCS#8 private key file using PEM_read_bio_PrivateKey(3) (or similar function). Completely new keys can also be generated (see the example below). Setting a private key also sets the associated public key.

+ +

Ed25519 or Ed448 public keys can be set directly using EVP_PKEY_new_raw_public_key(3) or loaded from a SubjectPublicKeyInfo structure in a PEM file using PEM_read_bio_PUBKEY(3) (or similar function).

+ +

Ed25519 and Ed448 can be tested within speed(1) application since version 1.1.1. Valid algorithm names are ed25519, ed448 and eddsa. If eddsa is specified, then both Ed25519 and Ed448 are benchmarked.

+ +

EXAMPLES

+ +

This example generates an ED25519 private key and writes it to standard output in PEM format:

+ +
#include <openssl/evp.h>
+#include <openssl/pem.h>
+...
+EVP_PKEY *pkey = NULL;
+EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
+EVP_PKEY_keygen_init(pctx);
+EVP_PKEY_keygen(pctx, &pkey);
+EVP_PKEY_CTX_free(pctx);
+PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_keygen(3), EVP_DigestSignInit(3), EVP_DigestVerifyInit(3),

+ +

COPYRIGHT

+ +

Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/RAND.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/RAND.html new file mode 100644 index 00000000..ab3d565c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/RAND.html @@ -0,0 +1,64 @@ + + + + +RAND + + + + + + + + + + +

NAME

+ +

RAND - the OpenSSL random generator

+ +

DESCRIPTION

+ +

Random numbers are a vital part of cryptography, they are needed to provide unpredictability for tasks like key generation, creating salts, and many more. Software-based generators must be seeded with external randomness before they can be used as a cryptographically-secure pseudo-random number generator (CSPRNG). The availability of common hardware with special instructions and modern operating systems, which may use items such as interrupt jitter and network packet timings, can be reasonable sources of seeding material.

+ +

OpenSSL comes with a default implementation of the RAND API which is based on the deterministic random bit generator (DRBG) model as described in [NIST SP 800-90A Rev. 1]. The default random generator will initialize automatically on first use and will be fully functional without having to be initialized ('seeded') explicitly. It seeds and reseeds itself automatically using trusted random sources provided by the operating system.

+ +

As a normal application developer, you do not have to worry about any details, just use RAND_bytes(3) to obtain random data. Having said that, there is one important rule to obey: Always check the error return value of RAND_bytes(3) and do not take randomness for granted. Although (re-)seeding is automatic, it can fail because no trusted random source is available or the trusted source(s) temporarily fail to provide sufficient random seed material. In this case the CSPRNG enters an error state and ceases to provide output, until it is able to recover from the error by reseeding itself. For more details on reseeding and error recovery, see RAND_DRBG(7).

+ +

For values that should remain secret, you can use RAND_priv_bytes(3) instead. This method does not provide 'better' randomness, it uses the same type of CSPRNG. The intention behind using a dedicated CSPRNG exclusively for private values is that none of its output should be visible to an attacker (e.g., used as salt value), in order to reveal as little information as possible about its internal state, and that a compromise of the "public" CSPRNG instance will not affect the secrecy of these private values.

+ +

In the rare case where the default implementation does not satisfy your special requirements, there are two options:

+ +
    + +
  • Replace the default RAND method by your own RAND method using RAND_set_rand_method(3).

    + +
  • +
  • Modify the default settings of the OpenSSL RAND method by modifying the security parameters of the underlying DRBG, which is described in detail in RAND_DRBG(7).

    + +
  • +
+ +

Changing the default random generator or its default parameters should be necessary only in exceptional cases and is not recommended, unless you have a profound knowledge of cryptographic principles and understand the implications of your changes.

+ +

SEE ALSO

+ +

RAND_add(3), RAND_bytes(3), RAND_priv_bytes(3), RAND_get_rand_method(3), RAND_set_rand_method(3), RAND_OpenSSL(3), RAND_DRBG(7)

+ +

COPYRIGHT

+ +

Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/RAND_DRBG.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/RAND_DRBG.html new file mode 100644 index 00000000..3913eeda --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/RAND_DRBG.html @@ -0,0 +1,224 @@ + + + + +RAND_DRBG + + + + + + + + + + +

NAME

+ +

RAND_DRBG - the deterministic random bit generator

+ +

SYNOPSIS

+ +
#include <openssl/rand_drbg.h>
+ +

DESCRIPTION

+ +

The default OpenSSL RAND method is based on the RAND_DRBG class, which implements a deterministic random bit generator (DRBG). A DRBG is a certain type of cryptographically-secure pseudo-random number generator (CSPRNG), which is described in [NIST SP 800-90A Rev. 1].

+ +

While the RAND API is the 'frontend' which is intended to be used by application developers for obtaining random bytes, the RAND_DRBG API serves as the 'backend', connecting the former with the operating systems's entropy sources and providing access to the DRBG's configuration parameters.

+ +

Disclaimer

+ +

Unless you have very specific requirements for your random generator, it is in general not necessary to utilize the RAND_DRBG API directly. The usual way to obtain random bytes is to use RAND_bytes(3) or RAND_priv_bytes(3), see also RAND(7).

+ +

Typical Use Cases

+ +

Typical examples for such special use cases are the following:

+ +
    + +
  • You want to use your own private DRBG instances. Multiple DRBG instances which are accessed only by a single thread provide additional security (because their internal states are independent) and better scalability in multithreaded applications (because they don't need to be locked).

    + +
  • +
  • You need to integrate a previously unsupported entropy source.

    + +
  • +
  • You need to change the default settings of the standard OpenSSL RAND implementation to meet specific requirements.

    + +
  • +
+ +

CHAINING

+ +

A DRBG instance can be used as the entropy source of another DRBG instance, provided it has itself access to a valid entropy source. The DRBG instance which acts as entropy source is called the parent DRBG, the other instance the child DRBG.

+ +

This is called chaining. A chained DRBG instance is created by passing a pointer to the parent DRBG as argument to the RAND_DRBG_new() call. It is possible to create chains of more than two DRBG in a row.

+ +

THE THREE SHARED DRBG INSTANCES

+ +

Currently, there are three shared DRBG instances, the <master>, <public>, and <private> DRBG. While the <master> DRBG is a single global instance, the <public> and <private> DRBG are created per thread and accessed through thread-local storage.

+ +

By default, the functions RAND_bytes(3) and RAND_priv_bytes(3) use the thread-local <public> and <private> DRBG instance, respectively.

+ +

The <master> DRBG instance

+ +

The <master> DRBG is not used directly by the application, only for reseeding the two other two DRBG instances. It reseeds itself by obtaining randomness either from os entropy sources or by consuming randomness which was added previously by RAND_add(3).

+ +

The <public> DRBG instance

+ +

This instance is used per default by RAND_bytes(3).

+ +

The <private> DRBG instance

+ +

This instance is used per default by RAND_priv_bytes(3)

+ +

LOCKING

+ +

The <master> DRBG is intended to be accessed concurrently for reseeding by its child DRBG instances. The necessary locking is done internally. It is not thread-safe to access the <master> DRBG directly via the RAND_DRBG interface. The <public> and <private> DRBG are thread-local, i.e. there is an instance of each per thread. So they can safely be accessed without locking via the RAND_DRBG interface.

+ +

Pointers to these DRBG instances can be obtained using RAND_DRBG_get0_master(), RAND_DRBG_get0_public(), and RAND_DRBG_get0_private(), respectively. Note that it is not allowed to store a pointer to one of the thread-local DRBG instances in a variable or other memory location where it will be accessed and used by multiple threads.

+ +

All other DRBG instances created by an application don't support locking, because they are intended to be used by a single thread. Instead of accessing a single DRBG instance concurrently from different threads, it is recommended to instantiate a separate DRBG instance per thread. Using the <master> DRBG as entropy source for multiple DRBG instances on different threads is thread-safe, because the DRBG instance will lock the <master> DRBG automatically for obtaining random input.

+ +

THE OVERALL PICTURE

+ +

The following picture gives an overview over how the DRBG instances work together and are being used.

+ +
           +--------------------+
+           | os entropy sources |
+           +--------------------+
+                    |
+                    v           +-----------------------------+
+  RAND_add() ==> <master>     <-| shared DRBG (with locking)  |
+                  /   \         +-----------------------------+
+                 /     \              +---------------------------+
+          <public>     <private>   <- | per-thread DRBG instances |
+             |             |          +---------------------------+
+             v             v
+           RAND_bytes()   RAND_priv_bytes()
+                |               ^
+                |               |
++------------------+      +------------------------------------+
+| general purpose  |      | used for secrets like session keys |
+| random generator |      | and private keys for certificates  |
++------------------+      +------------------------------------+
+ +

The usual way to obtain random bytes is to call RAND_bytes(...) or RAND_priv_bytes(...). These calls are roughly equivalent to calling RAND_DRBG_bytes(<public>, ...) and RAND_DRBG_bytes(<private>, ...), respectively. The method RAND_DRBG_bytes(3) is a convenience method wrapping the RAND_DRBG_generate(3) function, which serves the actual request for random data.

+ +

RESEEDING

+ +

A DRBG instance seeds itself automatically, pulling random input from its entropy source. The entropy source can be either a trusted operating system entropy source, or another DRBG with access to such a source.

+ +

Automatic reseeding occurs after a predefined number of generate requests. The selection of the trusted entropy sources is configured at build time using the --with-rand-seed option. The following sections explain the reseeding process in more detail.

+ +

Automatic Reseeding

+ +

Before satisfying a generate request (RAND_DRBG_generate(3)), the DRBG reseeds itself automatically, if one of the following conditions holds:

+ +

- the DRBG was not instantiated (=seeded) yet or has been uninstantiated.

+ +

- the number of generate requests since the last reseeding exceeds a certain threshold, the so called reseed_interval. This behaviour can be disabled by setting the reseed_interval to 0.

+ +

- the time elapsed since the last reseeding exceeds a certain time interval, the so called reseed_time_interval. This can be disabled by setting the reseed_time_interval to 0.

+ +

- the DRBG is in an error state.

+ +

Note: An error state is entered if the entropy source fails while the DRBG is seeding or reseeding. The last case ensures that the DRBG automatically recovers from the error as soon as the entropy source is available again.

+ +

Manual Reseeding

+ +

In addition to automatic reseeding, the caller can request an immediate reseeding of the DRBG with fresh entropy by setting the prediction resistance parameter to 1 when calling RAND_DRBG_generate(3).

+ +

The document [NIST SP 800-90C] describes prediction resistance requests in detail and imposes strict conditions on the entropy sources that are approved for providing prediction resistance. Since the default DRBG implementation does not have access to such an approved entropy source, a request for prediction resistance will currently always fail. In other words, prediction resistance is currently not supported yet by the DRBG.

+ +

For the three shared DRBGs (and only for these) there is another way to reseed them manually: If RAND_add(3) is called with a positive randomness argument (or RAND_seed(3)), then this will immediately reseed the <master> DRBG. The <public> and <private> DRBG will detect this on their next generate call and reseed, pulling randomness from <master>.

+ +

The last feature has been added to support the common practice used with previous OpenSSL versions to call RAND_add() before calling RAND_bytes().

+ +

Entropy Input vs. Additional Data

+ +

The DRBG distinguishes two different types of random input: entropy, which comes from a trusted source, and additional input', which can optionally be added by the user and is considered untrusted. It is possible to add additional input not only during reseeding, but also for every generate request. This is in fact done automatically by RAND_DRBG_bytes(3).

+ +

Configuring the Random Seed Source

+ +

In most cases OpenSSL will automatically choose a suitable seed source for automatically seeding and reseeding its <master> DRBG. In some cases however, it will be necessary to explicitly specify a seed source during configuration, using the --with-rand-seed option. For more information, see the INSTALL instructions. There are also operating systems where no seed source is available and automatic reseeding is disabled by default.

+ +

The following two sections describe the reseeding process of the master DRBG, depending on whether automatic reseeding is available or not.

+ +

Reseeding the master DRBG with automatic seeding enabled

+ +

Calling RAND_poll() or RAND_add() is not necessary, because the DRBG pulls the necessary entropy from its source automatically. However, both calls are permitted, and do reseed the RNG.

+ +

RAND_add() can be used to add both kinds of random input, depending on the value of the randomness argument:

+ +
+ +
randomness == 0:
+
+ +

The random bytes are mixed as additional input into the current state of the DRBG. Mixing in additional input is not considered a full reseeding, hence the reseed counter is not reset.

+ +
+
randomness > 0:
+
+ +

The random bytes are used as entropy input for a full reseeding (resp. reinstantiation) if the DRBG is instantiated (resp. uninstantiated or in an error state). The number of random bits required for reseeding is determined by the security strength of the DRBG. Currently it defaults to 256 bits (32 bytes). It is possible to provide less randomness than required. In this case the missing randomness will be obtained by pulling random input from the trusted entropy sources.

+ +
+
+ +

Reseeding the master DRBG with automatic seeding disabled

+ +

Calling RAND_poll() will always fail.

+ +

RAND_add() needs to be called for initial seeding and periodic reseeding. At least 48 bytes (384 bits) of randomness have to be provided, otherwise the (re-)seeding of the DRBG will fail. This corresponds to one and a half times the security strength of the DRBG. The extra half is used for the nonce during instantiation.

+ +

More precisely, the number of bytes needed for seeding depend on the security strength of the DRBG, which is set to 256 by default.

+ +

SEE ALSO

+ +

RAND_DRBG_bytes(3), RAND_DRBG_generate(3), RAND_DRBG_reseed(3), RAND_DRBG_get0_master(3), RAND_DRBG_get0_public(3), RAND_DRBG_get0_private(3), RAND_DRBG_set_reseed_interval(3), RAND_DRBG_set_reseed_time_interval(3), RAND_DRBG_set_reseed_defaults(3), RAND(7),

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/RSA-PSS.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/RSA-PSS.html new file mode 100644 index 00000000..965066d0 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/RSA-PSS.html @@ -0,0 +1,73 @@ + + + + +RSA-PSS + + + + + + + + + + +

NAME

+ +

RSA-PSS - EVP_PKEY RSA-PSS algorithm support

+ +

DESCRIPTION

+ +

The RSA-PSS EVP_PKEY implementation is a restricted version of the RSA algorithm which only supports signing, verification and key generation using PSS padding modes with optional parameter restrictions.

+ +

It has associated private key and public key formats.

+ +

This algorithm shares several control operations with the RSA algorithm but with some restrictions described below.

+ +

Signing and Verification

+ +

Signing and verification is similar to the RSA algorithm except the padding mode is always PSS. If the key in use has parameter restrictions then the corresponding signature parameters are set to the restrictions: for example, if the key can only be used with digest SHA256, MGF1 SHA256 and minimum salt length 32 then the digest, MGF1 digest and salt length will be set to SHA256, SHA256 and 32 respectively.

+ +

Key Generation

+ +

By default no parameter restrictions are placed on the generated key.

+ +

NOTES

+ +

The public key format is documented in RFC4055.

+ +

The PKCS#8 private key format used for RSA-PSS keys is similar to the RSA format except it uses the id-RSASSA-PSS OID and the parameters field, if present, restricts the key parameters in the same way as the public key.

+ +

CONFORMING TO

+ +

RFC 4055

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_set_rsa_pss_keygen_md(3), EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(3), EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(3), EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/SM2.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/SM2.html new file mode 100644 index 00000000..1e379807 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/SM2.html @@ -0,0 +1,84 @@ + + + + +SM2 + + + + + + + + + + +

NAME

+ +

SM2 - Chinese SM2 signature and encryption algorithm support

+ +

DESCRIPTION

+ +

The SM2 algorithm was first defined by the Chinese national standard GM/T 0003-2012 and was later standardized by ISO as ISO/IEC 14888. SM2 is actually an elliptic curve based algorithm. The current implementation in OpenSSL supports both signature and encryption schemes via the EVP interface.

+ +

When doing the SM2 signature algorithm, it requires a distinguishing identifier to form the message prefix which is hashed before the real message is hashed.

+ +

NOTES

+ +

SM2 signatures can be generated by using the 'DigestSign' series of APIs, for instance, EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal(). Ditto for the verification process by calling the 'DigestVerify' series of APIs.

+ +

There are several special steps that need to be done before computing an SM2 signature.

+ +

The EVP_PKEY structure will default to using ECDSA for signatures when it is created. It should be set to EVP_PKEY_SM2 by calling:

+ +
EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
+ +

Then an ID should be set by calling:

+ +
EVP_PKEY_CTX_set1_id(pctx, id, id_len);
+ +

When calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, a pre-allocated EVP_PKEY_CTX should be assigned to the EVP_MD_CTX. This is done by calling:

+ +
EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
+ +

And normally there is no need to pass a pctx parameter to EVP_DigestSignInit() or EVP_DigestVerifyInit() in such a scenario.

+ +

EXAMPLES

+ +

This example demonstrates the calling sequence for using an EVP_PKEY to verify a message with the SM2 signature algorithm and the SM3 hash algorithm:

+ +
#include <openssl/evp.h>
+
+/* obtain an EVP_PKEY using whatever methods... */
+EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
+mctx = EVP_MD_CTX_new();
+pctx = EVP_PKEY_CTX_new(pkey, NULL);
+EVP_PKEY_CTX_set1_id(pctx, id, id_len);
+EVP_MD_CTX_set_pkey_ctx(mctx, pctx);;
+EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey);
+EVP_DigestVerifyUpdate(mctx, msg, msg_len);
+EVP_DigestVerifyFinal(mctx, sig, sig_len)
+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_set_alias_type(3), EVP_DigestSignInit(3), EVP_DigestVerifyInit(3), EVP_PKEY_CTX_set1_id(3), EVP_MD_CTX_set_pkey_ctx(3)

+ +

COPYRIGHT

+ +

Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/X25519.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/X25519.html new file mode 100644 index 00000000..8429f416 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/X25519.html @@ -0,0 +1,80 @@ + + + + +X25519 + + + + + + + + + + +

NAME

+ +

X25519, X448 - EVP_PKEY X25519 and X448 support

+ +

DESCRIPTION

+ +

The X25519 and X448 EVP_PKEY implementation supports key generation and key derivation using X25519 and X448. It has associated private and public key formats compatible with RFC 8410.

+ +

No additional parameters can be set during key generation.

+ +

The peer public key must be set using EVP_PKEY_derive_set_peer() when performing key derivation.

+ +

NOTES

+ +

A context for the X25519 algorithm can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL);
+ +

For the X448 algorithm a context can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL);
+ +

X25519 or X448 private keys can be set directly using EVP_PKEY_new_raw_private_key(3) or loaded from a PKCS#8 private key file using PEM_read_bio_PrivateKey(3) (or similar function). Completely new keys can also be generated (see the example below). Setting a private key also sets the associated public key.

+ +

X25519 or X448 public keys can be set directly using EVP_PKEY_new_raw_public_key(3) or loaded from a SubjectPublicKeyInfo structure in a PEM file using PEM_read_bio_PUBKEY(3) (or similar function).

+ +

EXAMPLES

+ +

This example generates an X25519 private key and writes it to standard output in PEM format:

+ +
#include <openssl/evp.h>
+#include <openssl/pem.h>
+...
+EVP_PKEY *pkey = NULL;
+EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL);
+EVP_PKEY_keygen_init(pctx);
+EVP_PKEY_keygen(pctx, &pkey);
+EVP_PKEY_CTX_free(pctx);
+PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
+ +

The key derivation example in EVP_PKEY_derive(3) can be used with X25519 and X448.

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_new(3), EVP_PKEY_keygen(3), EVP_PKEY_derive(3), EVP_PKEY_derive_set_peer(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/bio.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/bio.html new file mode 100644 index 00000000..b62f6e6c --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/bio.html @@ -0,0 +1,72 @@ + + + + +bio + + + + + + + + + + +

NAME

+ +

bio - Basic I/O abstraction

+ +

SYNOPSIS

+ +
#include <openssl/bio.h>
+ +

DESCRIPTION

+ +

A BIO is an I/O abstraction, it hides many of the underlying I/O details from an application. If an application uses a BIO for its I/O it can transparently handle SSL connections, unencrypted network connections and file I/O.

+ +

There are two type of BIO, a source/sink BIO and a filter BIO.

+ +

As its name implies a source/sink BIO is a source and/or sink of data, examples include a socket BIO and a file BIO.

+ +

A filter BIO takes data from one BIO and passes it through to another, or the application. The data may be left unmodified (for example a message digest BIO) or translated (for example an encryption BIO). The effect of a filter BIO may change according to the I/O operation it is performing: for example an encryption BIO will encrypt data if it is being written to and decrypt data if it is being read from.

+ +

BIOs can be joined together to form a chain (a single BIO is a chain with one component). A chain normally consist of one source/sink BIO and one or more filter BIOs. Data read from or written to the first BIO then traverses the chain to the end (normally a source/sink BIO).

+ +

Some BIOs (such as memory BIOs) can be used immediately after calling BIO_new(). Others (such as file BIOs) need some additional initialization, and frequently a utility function exists to create and initialize such BIOs.

+ +

If BIO_free() is called on a BIO chain it will only free one BIO resulting in a memory leak.

+ +

Calling BIO_free_all() on a single BIO has the same effect as calling BIO_free() on it other than the discarded return value.

+ +

Normally the type argument is supplied by a function which returns a pointer to a BIO_METHOD. There is a naming convention for such functions: a source/sink BIO is normally called BIO_s_*() and a filter BIO BIO_f_*();

+ +

EXAMPLES

+ +

Create a memory BIO:

+ +
BIO *mem = BIO_new(BIO_s_mem());
+ +

SEE ALSO

+ +

BIO_ctrl(3), BIO_f_base64(3), BIO_f_buffer(3), BIO_f_cipher(3), BIO_f_md(3), BIO_f_null(3), BIO_f_ssl(3), BIO_find_type(3), BIO_new(3), BIO_new_bio_pair(3), BIO_push(3), BIO_read_ex(3), BIO_s_accept(3), BIO_s_bio(3), BIO_s_connect(3), BIO_s_fd(3), BIO_s_file(3), BIO_s_mem(3), BIO_s_null(3), BIO_s_socket(3), BIO_set_callback(3), BIO_should_retry(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/crypto.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/crypto.html new file mode 100644 index 00000000..6d7368f8 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/crypto.html @@ -0,0 +1,70 @@ + + + + +crypto + + + + + + + + + + +

NAME

+ +

crypto - OpenSSL cryptographic library

+ +

SYNOPSIS

+ +

See the individual manual pages for details.

+ +

DESCRIPTION

+ +

The OpenSSL crypto library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of SSL, TLS and S/MIME, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards.

+ +

libcrypto consists of a number of sub-libraries that implement the individual algorithms.

+ +

The functionality includes symmetric encryption, public key cryptography and key agreement, certificate handling, cryptographic hash functions, cryptographic pseudo-random number generator, and various utilities.

+ +

NOTES

+ +

Some of the newer functions follow a naming convention using the numbers 0 and 1. For example the functions:

+ +
int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj);
+ +

The 0 version uses the supplied structure pointer directly in the parent and it will be freed up when the parent is freed. In the above example crl would be freed but rev would not.

+ +

The 1 function uses a copy of the supplied structure pointer (or in some cases increases its link count) in the parent and so both (x and obj above) should be freed up.

+ +

RETURN VALUES

+ +

See the individual manual pages for details.

+ +

SEE ALSO

+ +

openssl(1), ssl(7)

+ +

COPYRIGHT

+ +

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/ct.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/ct.html new file mode 100644 index 00000000..2f0c5cd7 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/ct.html @@ -0,0 +1,58 @@ + + + + +ct + + + + + + + + + + +

NAME

+ +

ct - Certificate Transparency

+ +

SYNOPSIS

+ +
#include <openssl/ct.h>
+ +

DESCRIPTION

+ +

This library implements Certificate Transparency (CT) verification for TLS clients, as defined in RFC 6962. This verification can provide some confidence that a certificate has been publicly logged in a set of CT logs.

+ +

By default, these checks are disabled. They can be enabled using SSL_CTX_enable_ct(3) or SSL_enable_ct(3).

+ +

This library can also be used to parse and examine CT data structures, such as Signed Certificate Timestamps (SCTs), or to read a list of CT logs. There are functions for: - decoding and encoding SCTs in DER and TLS wire format. - printing SCTs. - verifying the authenticity of SCTs. - loading a CT log list from a CONF file.

+ +

SEE ALSO

+ +

d2i_SCT_LIST(3), CTLOG_STORE_new(3), CTLOG_STORE_get0_log_by_id(3), SCT_new(3), SCT_print(3), SCT_validate(3), SCT_validate(3), CT_POLICY_EVAL_CTX_new(3), SSL_CTX_set_ct_validation_callback(3)

+ +

HISTORY

+ +

The ct library was added in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/des_modes.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/des_modes.html new file mode 100644 index 00000000..5a9f6463 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/des_modes.html @@ -0,0 +1,214 @@ + + + + +des_modes + + + + + + + + + + +

NAME

+ +

des_modes - the variants of DES and other crypto algorithms of OpenSSL

+ +

DESCRIPTION

+ +

Several crypto algorithms for OpenSSL can be used in a number of modes. Those are used for using block ciphers in a way similar to stream ciphers, among other things.

+ +

OVERVIEW

+ +

Electronic Codebook Mode (ECB)

+ +

Normally, this is found as the function algorithm_ecb_encrypt().

+ +
    + +
  • 64 bits are enciphered at a time.

    + +
  • +
  • The order of the blocks can be rearranged without detection.

    + +
  • +
  • The same plaintext block always produces the same ciphertext block (for the same key) making it vulnerable to a 'dictionary attack'.

    + +
  • +
  • An error will only affect one ciphertext block.

    + +
  • +
+ +

Cipher Block Chaining Mode (CBC)

+ +

Normally, this is found as the function algorithm_cbc_encrypt(). Be aware that des_cbc_encrypt() is not really DES CBC (it does not update the IV); use des_ncbc_encrypt() instead.

+ +
    + +
  • a multiple of 64 bits are enciphered at a time.

    + +
  • +
  • The CBC mode produces the same ciphertext whenever the same plaintext is encrypted using the same key and starting variable.

    + +
  • +
  • The chaining operation makes the ciphertext blocks dependent on the current and all preceding plaintext blocks and therefore blocks can not be rearranged.

    + +
  • +
  • The use of different starting variables prevents the same plaintext enciphering to the same ciphertext.

    + +
  • +
  • An error will affect the current and the following ciphertext blocks.

    + +
  • +
+ +

Cipher Feedback Mode (CFB)

+ +

Normally, this is found as the function algorithm_cfb_encrypt().

+ +
    + +
  • a number of bits (j) <= 64 are enciphered at a time.

    + +
  • +
  • The CFB mode produces the same ciphertext whenever the same plaintext is encrypted using the same key and starting variable.

    + +
  • +
  • The chaining operation makes the ciphertext variables dependent on the current and all preceding variables and therefore j-bit variables are chained together and can not be rearranged.

    + +
  • +
  • The use of different starting variables prevents the same plaintext enciphering to the same ciphertext.

    + +
  • +
  • The strength of the CFB mode depends on the size of k (maximal if j == k). In my implementation this is always the case.

    + +
  • +
  • Selection of a small value for j will require more cycles through the encipherment algorithm per unit of plaintext and thus cause greater processing overheads.

    + +
  • +
  • Only multiples of j bits can be enciphered.

    + +
  • +
  • An error will affect the current and the following ciphertext variables.

    + +
  • +
+ +

Output Feedback Mode (OFB)

+ +

Normally, this is found as the function algorithm_ofb_encrypt().

+ +
    + +
  • a number of bits (j) <= 64 are enciphered at a time.

    + +
  • +
  • The OFB mode produces the same ciphertext whenever the same plaintext enciphered using the same key and starting variable. More over, in the OFB mode the same key stream is produced when the same key and start variable are used. Consequently, for security reasons a specific start variable should be used only once for a given key.

    + +
  • +
  • The absence of chaining makes the OFB more vulnerable to specific attacks.

    + +
  • +
  • The use of different start variables values prevents the same plaintext enciphering to the same ciphertext, by producing different key streams.

    + +
  • +
  • Selection of a small value for j will require more cycles through the encipherment algorithm per unit of plaintext and thus cause greater processing overheads.

    + +
  • +
  • Only multiples of j bits can be enciphered.

    + +
  • +
  • OFB mode of operation does not extend ciphertext errors in the resultant plaintext output. Every bit error in the ciphertext causes only one bit to be in error in the deciphered plaintext.

    + +
  • +
  • OFB mode is not self-synchronizing. If the two operation of encipherment and decipherment get out of synchronism, the system needs to be re-initialized.

    + +
  • +
  • Each re-initialization should use a value of the start variable different from the start variable values used before with the same key. The reason for this is that an identical bit stream would be produced each time from the same parameters. This would be susceptible to a 'known plaintext' attack.

    + +
  • +
+ +

Triple ECB Mode

+ +

Normally, this is found as the function algorithm_ecb3_encrypt().

+ +
    + +
  • Encrypt with key1, decrypt with key2 and encrypt with key3 again.

    + +
  • +
  • As for ECB encryption but increases the key length to 168 bits. There are theoretic attacks that can be used that make the effective key length 112 bits, but this attack also requires 2^56 blocks of memory, not very likely, even for the NSA.

    + +
  • +
  • If both keys are the same it is equivalent to encrypting once with just one key.

    + +
  • +
  • If the first and last key are the same, the key length is 112 bits. There are attacks that could reduce the effective key strength to only slightly more than 56 bits, but these require a lot of memory.

    + +
  • +
  • If all 3 keys are the same, this is effectively the same as normal ecb mode.

    + +
  • +
+ +

Triple CBC Mode

+ +

Normally, this is found as the function algorithm_ede3_cbc_encrypt().

+ +
    + +
  • Encrypt with key1, decrypt with key2 and then encrypt with key3.

    + +
  • +
  • As for CBC encryption but increases the key length to 168 bits with the same restrictions as for triple ecb mode.

    + +
  • +
+ +

NOTES

+ +

This text was been written in large parts by Eric Young in his original documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed it to:

+ +
AS 2805.5.2
+Australian Standard
+Electronic funds transfer - Requirements for interfaces,
+Part 5.2: Modes of operation for an n-bit block cipher algorithm
+Appendix A
+ +

SEE ALSO

+ +

BF_encrypt(3), DES_crypt(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/evp.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/evp.html new file mode 100644 index 00000000..845874ce --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/evp.html @@ -0,0 +1,83 @@ + + + + +evp + + + + + + + + + + +

NAME

+ +

evp - high-level cryptographic functions

+ +

SYNOPSIS

+ +
#include <openssl/evp.h>
+ +

DESCRIPTION

+ +

The EVP library provides a high-level interface to cryptographic functions.

+ +

The EVP_SealXXX and EVP_OpenXXX functions provide public key encryption and decryption to implement digital "envelopes".

+ +

The EVP_DigestSignXXX and EVP_DigestVerifyXXX functions implement digital signatures and Message Authentication Codes (MACs). Also see the older EVP_SignXXX and EVP_VerifyXXX functions.

+ +

Symmetric encryption is available with the EVP_EncryptXXX functions. The EVP_DigestXXX functions provide message digests.

+ +

The EVP_PKEYXXX functions provide a high level interface to asymmetric algorithms. To create a new EVP_PKEY see EVP_PKEY_new(3). EVP_PKEYs can be associated with a private key of a particular algorithm by using the functions described on the EVP_PKEY_set1_RSA(3) page, or new keys can be generated using EVP_PKEY_keygen(3). EVP_PKEYs can be compared using EVP_PKEY_cmp(3), or printed using EVP_PKEY_print_private(3).

+ +

The EVP_PKEY functions support the full range of asymmetric algorithm operations:

+ +
+ +
For key agreement see EVP_PKEY_derive(3)
+
+ +
+
For signing and verifying see EVP_PKEY_sign(3), EVP_PKEY_verify(3) and EVP_PKEY_verify_recover(3). However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the EVP_DigestSignInit(3) functions for this purpose.
+
+ +
+
For encryption and decryption see EVP_PKEY_encrypt(3) and EVP_PKEY_decrypt(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a "digital envelope" using the EVP_SealInit(3) and EVP_OpenInit(3) functions.
+
+ +
+
+ +

The EVP_BytesToKey(3) function provides some limited support for password based encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible implementation. However, new applications should not typically use this (preferring, for example, PBKDF2 from PCKS#5).

+ +

The EVP_EncodeXXX and EVP_DecodeXXX functions implement base 64 encoding and decoding.

+ +

All the symmetric algorithms (ciphers), digests and asymmetric algorithms (public key algorithms) can be replaced by ENGINE modules providing alternative implementations. If ENGINE implementations of ciphers or digests are registered as defaults, then the various EVP functions will automatically use those implementations automatically in preference to built in software implementations. For more information, consult the engine(3) man page.

+ +

Although low level algorithm specific functions exist for many algorithms their use is discouraged. They cannot be used with an ENGINE and ENGINE versions of new algorithms cannot be accessed using the low level functions. Also makes code harder to adapt to new algorithms and some options are not cleanly supported at the low level and some operations are more efficient using the high level interface.

+ +

SEE ALSO

+ +

EVP_DigestInit(3), EVP_EncryptInit(3), EVP_OpenInit(3), EVP_SealInit(3), EVP_DigestSignInit(3), EVP_SignInit(3), EVP_VerifyInit(3), EVP_EncodeInit(3), EVP_PKEY_new(3), EVP_PKEY_set1_RSA(3), EVP_PKEY_keygen(3), EVP_PKEY_print_private(3), EVP_PKEY_decrypt(3), EVP_PKEY_encrypt(3), EVP_PKEY_sign(3), EVP_PKEY_verify(3), EVP_PKEY_verify_recover(3), EVP_PKEY_derive(3), EVP_BytesToKey(3), ENGINE_by_id(3)

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/ossl_store-file.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/ossl_store-file.html new file mode 100644 index 00000000..90cec832 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/ossl_store-file.html @@ -0,0 +1,60 @@ + + + + +ossl_store-file + + + + + + + + + + +

NAME

+ +

ossl_store-file - The store 'file' scheme loader

+ +

SYNOPSIS

+ +

#include <openssl/store.h>

+ +

DESCRIPTION

+ +

Support for the 'file' scheme is built into libcrypto. Since files come in all kinds of formats and content types, the 'file' scheme has its own layer of functionality called "file handlers", which are used to try to decode diverse types of file contents.

+ +

In case a file is formatted as PEM, each called file handler receives the PEM name (everything following any '-----BEGIN ') as well as possible PEM headers, together with the decoded PEM body. Since PEM formatted files can contain more than one object, the file handlers are called upon for each such object.

+ +

If the file isn't determined to be formatted as PEM, the content is loaded in raw form in its entirety and passed to the available file handlers as is, with no PEM name or headers.

+ +

Each file handler is expected to handle PEM and non-PEM content as appropriate. Some may refuse non-PEM content for the sake of determinism (for example, there are keys out in the wild that are represented as an ASN.1 OCTET STRING. In raw form, it's not easily possible to distinguish those from any other data coming as an ASN.1 OCTET STRING, so such keys would naturally be accepted as PEM files only).

+ +

NOTES

+ +

When needed, the 'file' scheme loader will require a pass phrase by using the UI_METHOD that was passed via OSSL_STORE_open(). This pass phrase is expected to be UTF-8 encoded, anything else will give an undefined result. The files made accessible through this loader are expected to be standard compliant with regards to pass phrase encoding. Files that aren't should be re-generated with a correctly encoded pass phrase. See passphrase-encoding(7) for more information.

+ +

SEE ALSO

+ +

ossl_store(7), passphrase-encoding(7)

+ +

COPYRIGHT

+ +

Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/ossl_store.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/ossl_store.html new file mode 100644 index 00000000..92bdfb2e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/ossl_store.html @@ -0,0 +1,105 @@ + + + + +ossl_store + + + + + + + + + + +

NAME

+ +

ossl_store - Store retrieval functions

+ +

SYNOPSIS

+ +

#include <openssl/store.h>

+ +

DESCRIPTION

+ +

General

+ +

A STORE is a layer of functionality to retrieve a number of supported objects from a repository of any kind, addressable as a file name or as a URI.

+ +

The functionality supports the pattern "open a channel to the repository", "loop and retrieve one object at a time", and "finish up by closing the channel".

+ +

The retrieved objects are returned as a wrapper type OSSL_STORE_INFO, from which an OpenSSL type can be retrieved.

+ +

URI schemes and loaders

+ +

Support for a URI scheme is called a STORE "loader", and can be added dynamically from the calling application or from a loadable engine.

+ +

Support for the 'file' scheme is built into libcrypto. See ossl_store-file(7) for more information.

+ +

UI_METHOD and pass phrases

+ +

The OSS_STORE API does nothing to enforce any specific format or encoding on the pass phrase that the UI_METHOD provides. However, the pass phrase is expected to be UTF-8 encoded. The result of any other encoding is undefined.

+ +

EXAMPLES

+ +

A generic call

+ +
OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem");
+
+/*
+ * OSSL_STORE_eof() simulates file semantics for any repository to signal
+ * that no more data can be expected
+ */
+while (!OSSL_STORE_eof(ctx)) {
+    OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
+
+    /*
+     * Do whatever is necessary with the OSSL_STORE_INFO,
+     * here just one example
+     */
+    switch (OSSL_STORE_INFO_get_type(info)) {
+    case OSSL_STORE_INFO_X509:
+        /* Print the X.509 certificate text */
+        X509_print_fp(stdout, OSSL_STORE_INFO_get0_CERT(info));
+        /* Print the X.509 certificate PEM output */
+        PEM_write_X509(stdout, OSSL_STORE_INFO_get0_CERT(info));
+        break;
+    }
+}
+
+OSSL_STORE_close(ctx);
+ +

SEE ALSO

+ +

OSSL_STORE_INFO(3), OSSL_STORE_LOADER(3), OSSL_STORE_open(3), OSSL_STORE_expect(3), OSSL_STORE_SEARCH(3)

+ +

COPYRIGHT

+ +

Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/passphrase-encoding.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/passphrase-encoding.html new file mode 100644 index 00000000..ecb16660 --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/passphrase-encoding.html @@ -0,0 +1,124 @@ + + + + +passphrase-encoding + + + + + + + + + + +

NAME

+ +

passphrase-encoding - How diverse parts of OpenSSL treat pass phrases character encoding

+ +

DESCRIPTION

+ +

In a modern world with all sorts of character encodings, the treatment of pass phrases has become increasingly complex. This manual page attempts to give an overview over how this problem is currently addressed in different parts of the OpenSSL library.

+ +

The general case

+ +

The OpenSSL library doesn't treat pass phrases in any special way as a general rule, and trusts the application or user to choose a suitable character set and stick to that throughout the lifetime of affected objects. This means that for an object that was encrypted using a pass phrase encoded in ISO-8859-1, that object needs to be decrypted using a pass phrase encoded in ISO-8859-1. Using the wrong encoding is expected to cause a decryption failure.

+ +

PKCS#12

+ +

PKCS#12 is a bit different regarding pass phrase encoding. The standard stipulates that the pass phrase shall be encoded as an ASN.1 BMPString, which consists of the code points of the basic multilingual plane, encoded in big endian (UCS-2 BE).

+ +

OpenSSL tries to adapt to this requirements in one of the following manners:

+ +
    + +
  1. Treats the received pass phrase as UTF-8 encoded and tries to re-encode it to UTF-16 (which is the same as UCS-2 for characters U+0000 to U+D7FF and U+E000 to U+FFFF, but becomes an expansion for any other character), or failing that, proceeds with step 2.

    + +
  2. +
  3. Assumes that the pass phrase is encoded in ASCII or ISO-8859-1 and opportunistically prepends each byte with a zero byte to obtain the UCS-2 encoding of the characters, which it stores as a BMPString.

    + +

    Note that since there is no check of your locale, this may produce UCS-2 / UTF-16 characters that do not correspond to the original pass phrase characters for other character sets, such as any ISO-8859-X encoding other than ISO-8859-1 (or for Windows, CP 1252 with exception for the extra "graphical" characters in the 0x80-0x9F range).

    + +
  4. +
+ +

OpenSSL versions older than 1.1.0 do variant 2 only, and that is the reason why OpenSSL still does this, to be able to read files produced with older versions.

+ +

It should be noted that this approach isn't entirely fault free.

+ +

A pass phrase encoded in ISO-8859-2 could very well have a sequence such as 0xC3 0xAF (which is the two characters "LATIN CAPITAL LETTER A WITH BREVE" and "LATIN CAPITAL LETTER Z WITH DOT ABOVE" in ISO-8859-2 encoding), but would be misinterpreted as the perfectly valid UTF-8 encoded code point U+00EF (LATIN SMALL LETTER I WITH DIAERESIS) if the pass phrase doesn't contain anything that would be invalid UTF-8. A pass phrase that contains this kind of byte sequence will give a different outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0.

+ +
0x00 0xC3 0x00 0xAF                    # OpenSSL older than 1.1.0
+0x00 0xEF                              # OpenSSL 1.1.0 and newer
+ +

On the same accord, anything encoded in UTF-8 that was given to OpenSSL older than 1.1.0 was misinterpreted as ISO-8859-1 sequences.

+ +

OSSL_STORE

+ +

ossl_store(7) acts as a general interface to access all kinds of objects, potentially protected with a pass phrase, a PIN or something else. This API stipulates that pass phrases should be UTF-8 encoded, and that any other pass phrase encoding may give undefined results. This API relies on the application to ensure UTF-8 encoding, and doesn't check that this is the case, so what it gets, it will also pass to the underlying loader.

+ +

RECOMMENDATIONS

+ +

This section assumes that you know what pass phrase was used for encryption, but that it may have been encoded in a different character encoding than the one used by your current input method. For example, the pass phrase may have been used at a time when your default encoding was ISO-8859-1 (i.e. "naïve" resulting in the byte sequence 0x6E 0x61 0xEF 0x76 0x65), and you're now in an environment where your default encoding is UTF-8 (i.e. "naïve" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76 0x65). Whenever it's mentioned that you should use a certain character encoding, it should be understood that you either change the input method to use the mentioned encoding when you type in your pass phrase, or use some suitable tool to convert your pass phrase from your default encoding to the target encoding.

+ +

Also note that the sub-sections below discuss human readable pass phrases. This is particularly relevant for PKCS#12 objects, where human readable pass phrases are assumed. For other objects, it's as legitimate to use any byte sequence (such as a sequence of bytes from `/dev/urandom` that's been saved away), which makes any character encoding discussion irrelevant; in such cases, simply use the same byte sequence as it is.

+ +

Creating new objects

+ +

For creating new pass phrase protected objects, make sure the pass phrase is encoded using UTF-8. This is default on most modern Unixes, but may involve an effort on other platforms. Specifically for Windows, setting the environment variable OPENSSL_WIN32_UTF8 will have anything entered on [Windows] console prompt converted to UTF-8 (command line and separately prompted pass phrases alike).

+ +

Opening existing objects

+ +

For opening pass phrase protected objects where you know what character encoding was used for the encryption pass phrase, make sure to use the same encoding again.

+ +

For opening pass phrase protected objects where the character encoding that was used is unknown, or where the producing application is unknown, try one of the following:

+ +
    + +
  1. Try the pass phrase that you have as it is in the character encoding of your environment. It's possible that its byte sequence is exactly right.

    + +
  2. +
  3. Convert the pass phrase to UTF-8 and try with the result. Specifically with PKCS#12, this should open up any object that was created according to the specification.

    + +
  4. +
  5. Do a naïve (i.e. purely mathematical) ISO-8859-1 to UTF-8 conversion and try with the result. This differs from the previous attempt because ISO-8859-1 maps directly to U+0000 to U+00FF, which other non-UTF-8 character sets do not.

    + +

    This also takes care of the case when a UTF-8 encoded string was used with OpenSSL older than 1.1.0. (for example, ï, which is 0xC3 0xAF when encoded in UTF-8, would become 0xC3 0x83 0xC2 0xAF when re-encoded in the naïve manner. The conversion to BMPString would then yield 0x00 0xC3 0x00 0xA4 0x00 0x00, the erroneous/non-compliant encoding used by OpenSSL older than 1.1.0)

    + +
  6. +
+ +

SEE ALSO

+ +

evp(7), ossl_store(7), EVP_BytesToKey(3), EVP_DecryptInit(3), PEM_do_header(3), PKCS12_parse(3), PKCS12_newpass(3), d2i_PKCS8PrivateKey_bio(3)

+ +

COPYRIGHT

+ +

Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/proxy-certificates.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/proxy-certificates.html new file mode 100644 index 00000000..fdb0601f --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/proxy-certificates.html @@ -0,0 +1,345 @@ + + + + +proxy-certificates + + + + + + + + + + +

NAME

+ +

proxy-certificates - Proxy certificates in OpenSSL

+ +

DESCRIPTION

+ +

Proxy certificates are defined in RFC 3820. They are used to extend rights to some other entity (a computer process, typically, or sometimes to the user itself). This allows the entity to perform operations on behalf of the owner of the EE (End Entity) certificate.

+ +

The requirements for a valid proxy certificate are:

+ +
    + +
  • They are issued by an End Entity, either a normal EE certificate, or another proxy certificate.

    + +
  • +
  • They must not have the subjectAltName or issuerAltName extensions.

    + +
  • +
  • They must have the proxyCertInfo extension.

    + +
  • +
  • They must have the subject of their issuer, with one commonName added.

    + +
  • +
+ +

Enabling proxy certificate verification

+ +

OpenSSL expects applications that want to use proxy certificates to be specially aware of them, and make that explicit. This is done by setting an X509 verification flag:

+ +
X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
+ +

or

+ +
X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_ALLOW_PROXY_CERTS);
+ +

See "NOTES" for a discussion on this requirement.

+ +

Creating proxy certificates

+ +

Creating proxy certificates can be done using the openssl-x509(1) command, with some extra extensions:

+ +
[ v3_proxy ]
+# A proxy certificate MUST NEVER be a CA certificate.
+basicConstraints=CA:FALSE
+
+# Usual authority key ID
+authorityKeyIdentifier=keyid,issuer:always
+
+# The extension which marks this certificate as a proxy
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
+ +

It's also possible to specify the proxy extension in a separate section:

+ +
proxyCertInfo=critical,@proxy_ext
+
+[ proxy_ext ]
+language=id-ppl-anyLanguage
+pathlen=0
+policy=text:BC
+ +

The policy value has a specific syntax, syntag:string, where the syntag determines what will be done with the string. The following syntags are recognised:

+ +
+ +
text
+
+ +

indicates that the string is a byte sequence, without any encoding:

+ +
policy=text:räksmörgås
+ +
+
hex
+
+ +

indicates the string is encoded hexadecimal encoded binary data, with colons between each byte (every second hex digit):

+ +
policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73
+ +
+
file
+
+ +

indicates that the text of the policy should be taken from a file. The string is then a filename. This is useful for policies that are large (more than a few lines, e.g. XML documents).

+ +
+
+ +

NOTE: The proxy policy value is what determines the rights granted to the process during the proxy certificate. It's up to the application to interpret and combine these policies.

+ +

With a proxy extension, creating a proxy certificate is a matter of two commands:

+ +
openssl req -new -config proxy.cnf \
+    -out proxy.req -keyout proxy.key \
+    -subj "/DC=org/DC=openssl/DC=users/CN=proxy 1"
+
+openssl x509 -req -CAcreateserial -in proxy.req -out proxy.crt \
+    -CA user.crt -CAkey user.key -days 7 \
+    -extfile proxy.cnf -extensions v3_proxy1
+ +

You can also create a proxy certificate using another proxy certificate as issuer (note: using a different configuration section for the proxy extensions):

+ +
openssl req -new -config proxy.cnf \
+    -out proxy2.req -keyout proxy2.key \
+    -subj "/DC=org/DC=openssl/DC=users/CN=proxy 1/CN=proxy 2"
+
+openssl x509 -req -CAcreateserial -in proxy2.req -out proxy2.crt \
+    -CA proxy.crt -CAkey proxy.key -days 7 \
+    -extfile proxy.cnf -extensions v3_proxy2
+ +

Using proxy certs in applications

+ +

To interpret proxy policies, the application would normally start with some default rights (perhaps none at all), then compute the resulting rights by checking the rights against the chain of proxy certificates, user certificate and CA certificates.

+ +

The complicated part is figuring out how to pass data between your application and the certificate validation procedure.

+ +

The following ingredients are needed for such processing:

+ +
    + +
  • a callback function that will be called for every certificate being validated. The callback is called several times for each certificate, so you must be careful to do the proxy policy interpretation at the right time. You also need to fill in the defaults when the EE certificate is checked.

    + +
  • +
  • a data structure that is shared between your application code and the callback.

    + +
  • +
  • a wrapper function that sets it all up.

    + +
  • +
  • an ex_data index function that creates an index into the generic ex_data store that is attached to an X509 validation context.

    + +
  • +
+ +

The following skeleton code can be used as a starting point:

+ +
#include <string.h>
+#include <netdb.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#define total_rights 25
+
+/*
+ * In this example, I will use a view of granted rights as a bit
+ * array, one bit for each possible right.
+ */
+typedef struct your_rights {
+    unsigned char rights[(total_rights + 7) / 8];
+} YOUR_RIGHTS;
+
+/*
+ * The following procedure will create an index for the ex_data
+ * store in the X509 validation context the first time it's
+ * called.  Subsequent calls will return the same index.
+ */
+static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx)
+{
+    static volatile int idx = -1;
+
+    if (idx < 0) {
+        X509_STORE_lock(X509_STORE_CTX_get0_store(ctx));
+        if (idx < 0) {
+            idx = X509_STORE_CTX_get_ex_new_index(0,
+                                                  "for verify callback",
+                                                  NULL,NULL,NULL);
+        }
+        X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx));
+    }
+    return idx;
+}
+
+/* Callback to be given to the X509 validation procedure.  */
+static int verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+    if (ok == 1) {
+        /*
+         * It's REALLY important you keep the proxy policy check
+         * within this section.  It's important to know that when
+         * ok is 1, the certificates are checked from top to
+         * bottom.  You get the CA root first, followed by the
+         * possible chain of intermediate CAs, followed by the EE
+         * certificate, followed by the possible proxy
+         * certificates. 
+         */
+        X509 *xs = X509_STORE_CTX_get_current_cert(ctx);
+
+        if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
+            YOUR_RIGHTS *rights =
+                (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
+                    get_proxy_auth_ex_data_idx(ctx));
+            PROXY_CERT_INFO_EXTENSION *pci =
+                X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL);
+
+            switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
+            case NID_Independent:
+                /*
+                 * Do whatever you need to grant explicit rights
+                 * to this particular proxy certificate, usually
+                 * by pulling them from some database.  If there
+                 * are none to be found, clear all rights (making
+                 * this and any subsequent proxy certificate void
+                 * of any rights). 
+                 */
+                memset(rights->rights, 0, sizeof(rights->rights));
+                break;
+            case NID_id_ppl_inheritAll:
+                /*
+                 * This is basically a NOP, we simply let the
+                 * current rights stand as they are.
+                 */
+                break;
+            default:
+                /*
+                 * This is usually the most complex section of
+                 * code.  You really do whatever you want as long
+                 * as you follow RFC 3820.  In the example we use
+                 * here, the simplest thing to do is to build
+                 * another, temporary bit array and fill it with
+                 * the rights granted by the current proxy
+                 * certificate, then use it as a mask on the
+                 * accumulated rights bit array, and voilà, you
+                 * now have a new accumulated rights bit array.
+                 */
+                {
+                    int i;
+                    YOUR_RIGHTS tmp_rights;
+                    memset(tmp_rights.rights, 0,
+                           sizeof(tmp_rights.rights));
+
+                    /*
+                     * process_rights() is supposed to be a
+                     * procedure that takes a string and its
+                     * length, interprets it and sets the bits
+                     * in the YOUR_RIGHTS pointed at by the
+                     * third argument.
+                     */
+                    process_rights((char *) pci->proxyPolicy->policy->data,
+                                   pci->proxyPolicy->policy->length,
+                                   &tmp_rights);
+
+                    for(i = 0; i < total_rights / 8; i++)
+                        rights->rights[i] &= tmp_rights.rights[i];
+                }
+                break;
+            }
+            PROXY_CERT_INFO_EXTENSION_free(pci);
+        } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) {
+            /* We have an EE certificate, let's use it to set default! */
+            YOUR_RIGHTS *rights =
+                (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
+                    get_proxy_auth_ex_data_idx(ctx));
+
+            /*
+             * The following procedure finds out what rights the
+             * owner of the current certificate has, and sets them
+             * in the YOUR_RIGHTS structure pointed at by the
+             * second argument.
+             */
+            set_default_rights(xs, rights);
+        }
+    }
+    return ok;
+}
+
+static int my_X509_verify_cert(X509_STORE_CTX *ctx,
+                               YOUR_RIGHTS *needed_rights)
+{
+    int ok;
+    int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) =
+        X509_STORE_CTX_get_verify_cb(ctx);
+    YOUR_RIGHTS rights;
+
+    X509_STORE_CTX_set_verify_cb(ctx, verify_callback);
+    X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx),
+                               &rights);
+    X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
+    ok = X509_verify_cert(ctx);
+
+    if (ok == 1) {
+        ok = check_needed_rights(rights, needed_rights);
+    }
+
+    X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb);
+
+    return ok;
+}
+ +

If you use SSL or TLS, you can easily set up a callback to have the certificates checked properly, using the code above:

+ +
SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert,
+                                 &needed_rights);
+ +

NOTES

+ +

To this date, it seems that proxy certificates have only been used in environments that are aware of them, and no one seems to have investigated how they can be used or misused outside of such an environment.

+ +

For that reason, OpenSSL requires that applications aware of proxy certificates must also make that explicit.

+ +

subjectAltName and issuerAltName are forbidden in proxy certificates, and this is enforced in OpenSSL. The subject must be the same as the issuer, with one commonName added on.

+ +

SEE ALSO

+ +

X509_STORE_CTX_set_flags(3), X509_STORE_CTX_set_verify_cb(3), X509_VERIFY_PARAM_set_flags(3), SSL_CTX_set_cert_verify_callback(3), openssl-req(1), openssl-x509(1), RFC 3820

+ +

COPYRIGHT

+ +

Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/scrypt.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/scrypt.html new file mode 100644 index 00000000..32045c3a --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/scrypt.html @@ -0,0 +1,112 @@ + + + + +scrypt + + + + + + + + + + +

NAME

+ +

scrypt - EVP_PKEY scrypt KDF support

+ +

DESCRIPTION

+ +

The EVP_PKEY_SCRYPT algorithm implements the scrypt password based key derivation function, as described in RFC 7914. It is memory-hard in the sense that it deliberately requires a significant amount of RAM for efficient computation. The intention of this is to render brute forcing of passwords on systems that lack large amounts of main memory (such as GPUs or ASICs) computationally infeasible.

+ +

scrypt provides three work factors that can be customized: N, r and p. N, which has to be a positive power of two, is the general work factor and scales CPU time in an approximately linear fashion. r is the block size of the internally used hash function and p is the parallelization factor. Both r and p need to be greater than zero. The amount of RAM that scrypt requires for its computation is roughly (128 * N * r * p) bytes.

+ +

In the original paper of Colin Percival ("Stronger Key Derivation via Sequential Memory-Hard Functions", 2009), the suggested values that give a computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N = 2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for this computation is roughly 1 GiB. On a more recent CPU (Intel i7-5930K at 3.5 GHz), this computation takes about 3 seconds. When N, r or p are not specified, they default to 1048576, 8, and 1, respectively. The default amount of RAM that may be used by scrypt defaults to 1025 MiB.

+ +

NOTES

+ +

A context for scrypt can be obtained by calling:

+ +
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL);
+ +

The output length of an scrypt key derivation is specified via the length parameter to the EVP_PKEY_derive(3) function.

+ +

EXAMPLES

+ +

This example derives a 64-byte long test vector using scrypt using the password "password", salt "NaCl" and N = 1024, r = 8, p = 16.

+ +
EVP_PKEY_CTX *pctx;
+unsigned char out[64];
+
+size_t outlen = sizeof(out);
+pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL);
+
+if (EVP_PKEY_derive_init(pctx) <= 0) {
+    error("EVP_PKEY_derive_init");
+}
+if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) {
+    error("EVP_PKEY_CTX_set1_pbe_pass");
+}
+if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, "NaCl", 4) <= 0) {
+    error("EVP_PKEY_CTX_set1_scrypt_salt");
+}
+if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) {
+    error("EVP_PKEY_CTX_set_scrypt_N");
+}
+if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) {
+    error("EVP_PKEY_CTX_set_scrypt_r");
+}
+if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) {
+    error("EVP_PKEY_CTX_set_scrypt_p");
+}
+if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
+    error("EVP_PKEY_derive");
+}
+
+{
+    const unsigned char expected[sizeof(out)] = {
+        0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
+        0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
+        0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
+        0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
+        0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
+        0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
+        0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
+        0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
+    };
+
+    assert(!memcmp(out, expected, sizeof(out)));
+}
+
+EVP_PKEY_CTX_free(pctx);
+ +

CONFORMING TO

+ +

RFC 7914

+ +

SEE ALSO

+ +

EVP_PKEY_CTX_set1_scrypt_salt(3), EVP_PKEY_CTX_set_scrypt_N(3), EVP_PKEY_CTX_set_scrypt_r(3), EVP_PKEY_CTX_set_scrypt_p(3), EVP_PKEY_CTX_set_scrypt_maxmem_bytes(3), EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3), EVP_PKEY_derive(3)

+ +

COPYRIGHT

+ +

Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/ssl.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/ssl.html new file mode 100644 index 00000000..5dfbfcdf --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/ssl.html @@ -0,0 +1,1248 @@ + + + + +ssl + + + + + + + + + + +

NAME

+ +

ssl - OpenSSL SSL/TLS library

+ +

SYNOPSIS

+ +

See the individual manual pages for details.

+ +

DESCRIPTION

+ +

The OpenSSL ssl library implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It provides a rich API which is documented here.

+ +

An SSL_CTX object is created as a framework to establish TLS/SSL enabled connections (see SSL_CTX_new(3)). Various options regarding certificates, algorithms etc. can be set in this object.

+ +

When a network connection has been created, it can be assigned to an SSL object. After the SSL object has been created using SSL_new(3), SSL_set_fd(3) or SSL_set_bio(3) can be used to associate the network connection with the object.

+ +

When the TLS/SSL handshake is performed using SSL_accept(3) or SSL_connect(3) respectively. SSL_read_ex(3), SSL_read(3), SSL_write_ex(3) and SSL_write(3) are used to read and write data on the TLS/SSL connection. SSL_shutdown(3) can be used to shut down the TLS/SSL connection.

+ +

DATA STRUCTURES

+ +

Currently the OpenSSL ssl library functions deals with the following data structures:

+ +
+ +
SSL_METHOD (SSL Method)
+
+ +

This is a dispatch structure describing the internal ssl library methods/functions which implement the various protocol versions (SSLv3 TLSv1, ...). It's needed to create an SSL_CTX.

+ +
+
SSL_CIPHER (SSL Cipher)
+
+ +

This structure holds the algorithm information for a particular cipher which are a core part of the SSL/TLS protocol. The available ciphers are configured on a SSL_CTX basis and the actual ones used are then part of the SSL_SESSION.

+ +
+
SSL_CTX (SSL Context)
+
+ +

This is the global context structure which is created by a server or client once per program life-time and which holds mainly default values for the SSL structures which are later created for the connections.

+ +
+
SSL_SESSION (SSL Session)
+
+ +

This is a structure containing the current TLS/SSL session details for a connection: SSL_CIPHERs, client and server certificates, keys, etc.

+ +
+
SSL (SSL Connection)
+
+ +

This is the main SSL/TLS structure which is created by a server or client per established connection. This actually is the core structure in the SSL API. At run-time the application usually deals with this structure which has links to mostly all other structures.

+ +
+
+ +

HEADER FILES

+ +

Currently the OpenSSL ssl library provides the following C header files containing the prototypes for the data structures and functions:

+ +
+ +
ssl.h
+
+ +

This is the common header file for the SSL/TLS API. Include it into your program to make the API of the ssl library available. It internally includes both more private SSL headers and headers from the crypto library. Whenever you need hard-core details on the internals of the SSL API, look inside this header file.

+ +
+
ssl2.h
+
+ +

Unused. Present for backwards compatibility only.

+ +
+
ssl3.h
+
+ +

This is the sub header file dealing with the SSLv3 protocol only. Usually you don't have to include it explicitly because it's already included by ssl.h.

+ +
+
tls1.h
+
+ +

This is the sub header file dealing with the TLSv1 protocol only. Usually you don't have to include it explicitly because it's already included by ssl.h.

+ +
+
+ +

API FUNCTIONS

+ +

Currently the OpenSSL ssl library exports 214 API functions. They are documented in the following:

+ +

Dealing with Protocol Methods

+ +

Here we document the various API functions which deal with the SSL/TLS protocol methods defined in SSL_METHOD structures.

+ +
+ +
const SSL_METHOD *TLS_method(void);
+
+ +

Constructor for the version-flexible SSL_METHOD structure for clients, servers or both. See SSL_CTX_new(3) for details.

+ +
+
const SSL_METHOD *TLS_client_method(void);
+
+ +

Constructor for the version-flexible SSL_METHOD structure for clients. Must be used to support the TLSv1.3 protocol.

+ +
+
const SSL_METHOD *TLS_server_method(void);
+
+ +

Constructor for the version-flexible SSL_METHOD structure for servers. Must be used to support the TLSv1.3 protocol.

+ +
+
const SSL_METHOD *TLSv1_2_method(void);
+
+ +

Constructor for the TLSv1.2 SSL_METHOD structure for clients, servers or both.

+ +
+
const SSL_METHOD *TLSv1_2_client_method(void);
+
+ +

Constructor for the TLSv1.2 SSL_METHOD structure for clients.

+ +
+
const SSL_METHOD *TLSv1_2_server_method(void);
+
+ +

Constructor for the TLSv1.2 SSL_METHOD structure for servers.

+ +
+
const SSL_METHOD *TLSv1_1_method(void);
+
+ +

Constructor for the TLSv1.1 SSL_METHOD structure for clients, servers or both.

+ +
+
const SSL_METHOD *TLSv1_1_client_method(void);
+
+ +

Constructor for the TLSv1.1 SSL_METHOD structure for clients.

+ +
+
const SSL_METHOD *TLSv1_1_server_method(void);
+
+ +

Constructor for the TLSv1.1 SSL_METHOD structure for servers.

+ +
+
const SSL_METHOD *TLSv1_method(void);
+
+ +

Constructor for the TLSv1 SSL_METHOD structure for clients, servers or both.

+ +
+
const SSL_METHOD *TLSv1_client_method(void);
+
+ +

Constructor for the TLSv1 SSL_METHOD structure for clients.

+ +
+
const SSL_METHOD *TLSv1_server_method(void);
+
+ +

Constructor for the TLSv1 SSL_METHOD structure for servers.

+ +
+
const SSL_METHOD *SSLv3_method(void);
+
+ +

Constructor for the SSLv3 SSL_METHOD structure for clients, servers or both.

+ +
+
const SSL_METHOD *SSLv3_client_method(void);
+
+ +

Constructor for the SSLv3 SSL_METHOD structure for clients.

+ +
+
const SSL_METHOD *SSLv3_server_method(void);
+
+ +

Constructor for the SSLv3 SSL_METHOD structure for servers.

+ +
+
+ +

Dealing with Ciphers

+ +

Here we document the various API functions which deal with the SSL/TLS ciphers defined in SSL_CIPHER structures.

+ +
+ +
char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len);
+
+ +

Write a string to buf (with a maximum size of len) containing a human readable description of cipher. Returns buf.

+ +
+
int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);
+
+ +

Determine the number of bits in cipher. Because of export crippled ciphers there are two bits: The bits the algorithm supports in general (stored to alg_bits) and the bits which are actually used (the return value).

+ +
+
const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);
+
+ +

Return the internal name of cipher as a string. These are the various strings defined by the SSL3_TXT_xxx and TLS1_TXT_xxx definitions in the header files.

+ +
+
const char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);
+
+ +

Returns a string like "SSLv3" or "TLSv1.2" which indicates the SSL/TLS protocol version to which cipher belongs (i.e. where it was defined in the specification the first time).

+ +
+
+ +

Dealing with Protocol Contexts

+ +

Here we document the various API functions which deal with the SSL/TLS protocol context defined in the SSL_CTX structure.

+ +
+ +
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
+
+ +
+
long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
+
+ +
+
int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);
+
+ +
+
int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+
+ +
+
long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);
+
+ +
+
void SSL_CTX_flush_sessions(SSL_CTX *s, long t);
+
+ +
+
void SSL_CTX_free(SSL_CTX *a);
+
+ +
+
char *SSL_CTX_get_app_data(SSL_CTX *ctx);
+
+ +
+
X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);
+
+ +
+
STACK *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
+
+ +
+
STACK *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
+
+ +
+
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+ +
+
void SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);
+
+ +
+
char *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx);
+
+ +
+
int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+ +
+
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
+
+ +
+
int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
+
+ +
+
void SSL_CTX_get_read_ahead(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_get_session_cache_mode(SSL_CTX *ctx);
+
+ +
+
long SSL_CTX_get_timeout(const SSL_CTX *ctx);
+
+ +
+
int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
+
+ +
+
int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath);
+
+ +
+
SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
+
+ +
+
int SSL_CTX_up_ref(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
+
+ +
+
int SSL_CTX_sess_accept(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_accept_good(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_cache_full(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_cb_hits(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_connect(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_connect_good(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);
+
+ +
+
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);
+
+ +
+
int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);
+
+ +
+
void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);
+
+ +
+
int SSL_CTX_sess_hits(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_misses(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_sess_number(SSL_CTX *ctx);
+
+ +
+
void SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, t);
+
+ +
+
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
+
+ +
+
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));
+
+ +
+
void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));
+
+ +
+
int SSL_CTX_sess_timeouts(SSL_CTX *ctx);
+
+ +
+
LHASH *SSL_CTX_sessions(SSL_CTX *ctx);
+
+ +
+
int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);
+
+ +
+
void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs);
+
+ +
+
void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *cs);
+
+ +
+
void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg)
+
+ +
+
int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str);
+
+ +
+
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);
+
+ +
+
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+
+ +
+
int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, ssl_ct_validation_cb callback, void *arg);
+
+ +
+
void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void))
+
+ +
+
void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);
+
+ +
+
int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+
+ +

Use the default paths to locate trusted CA certificates. There is one default directory path and one default file path. Both are set via this call.

+ +
+
int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
+
+ +

Use the default directory path to locate trusted CA certificates.

+ +
+
int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
+
+ +

Use the file path to locate trusted CA certificates.

+ +
+
int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);
+
+ +
+
void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
+
+ +
+
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+
+ +
+
void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+
+ +
+
unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);
+
+ +
+
unsigned long SSL_CTX_get_options(SSL_CTX *ctx);
+
+ +
+
unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
+
+ +
+
void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+
+ +
+
void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int m);
+
+ +
+
void SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);
+
+ +
+
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
+
+ +
+
void SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+
+ +
+
long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh);
+
+ +
+
long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void));
+
+ +
+
void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))
+
+ +
+
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+
+ +
+
int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, long len);
+
+ +
+
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+
+ +
+
int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+
+ +
+
int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
+
+ +
+
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+
+ +
+
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+
+ +
+
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
+
+ +
+
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+
+ +
+
int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);
+
+ +
+
X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
+
+ +
+
EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
+
+ +
+
void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
+
+ +
+
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);
+
+ +
+
void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
+
+ +
+
+ +

Dealing with Sessions

+ +

Here we document the various API functions which deal with the SSL/TLS sessions defined in the SSL_SESSION structures.

+ +
+ +
int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b);
+
+ +
+
void SSL_SESSION_free(SSL_SESSION *ss);
+
+ +
+
char *SSL_SESSION_get_app_data(SSL_SESSION *s);
+
+ +
+
char *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx);
+
+ +
+
int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+ +
+
long SSL_SESSION_get_time(const SSL_SESSION *s);
+
+ +
+
long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+
+ +
+
unsigned long SSL_SESSION_hash(const SSL_SESSION *a);
+
+ +
+
SSL_SESSION *SSL_SESSION_new(void);
+
+ +
+
int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x);
+
+ +
+
int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x);
+
+ +
+
int SSL_SESSION_set_app_data(SSL_SESSION *s, char *a);
+
+ +
+
int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg);
+
+ +
+
long SSL_SESSION_set_time(SSL_SESSION *s, long t);
+
+ +
+
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
+
+ +
+
+ +

Dealing with Connections

+ +

Here we document the various API functions which deal with the SSL/TLS connection defined in the SSL structure.

+ +
+ +
int SSL_accept(SSL *ssl);
+
+ +
+
int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir);
+
+ +
+
int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char *file);
+
+ +
+
int SSL_add_client_CA(SSL *ssl, X509 *x);
+
+ +
+
char *SSL_alert_desc_string(int value);
+
+ +
+
char *SSL_alert_desc_string_long(int value);
+
+ +
+
char *SSL_alert_type_string(int value);
+
+ +
+
char *SSL_alert_type_string_long(int value);
+
+ +
+
int SSL_check_private_key(const SSL *ssl);
+
+ +
+
void SSL_clear(SSL *ssl);
+
+ +
+
long SSL_clear_num_renegotiations(SSL *ssl);
+
+ +
+
int SSL_connect(SSL *ssl);
+
+ +
+
int SSL_copy_session_id(SSL *t, const SSL *f);
+
+ +

Sets the session details for t to be the same as in f. Returns 1 on success or 0 on failure.

+ +
+
long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);
+
+ +
+
int SSL_do_handshake(SSL *ssl);
+
+ +
+
SSL *SSL_dup(SSL *ssl);
+
+ +

SSL_dup() allows applications to configure an SSL handle for use in multiple SSL connections, and then duplicate it prior to initiating each connection with the duplicated handle. Use of SSL_dup() avoids the need to repeat the configuration of the handles for each connection.

+ +

For SSL_dup() to work, the connection MUST be in its initial state and MUST NOT have not yet have started the SSL handshake. For connections that are not in their initial state SSL_dup() just increments an internal reference count and returns the same handle. It may be possible to use SSL_clear(3) to recycle an SSL handle that is not in its initial state for re-use, but this is best avoided. Instead, save and restore the session, if desired, and construct a fresh handle for each connection.

+ +
+
STACK *SSL_dup_CA_list(STACK *sk);
+
+ +
+
void SSL_free(SSL *ssl);
+
+ +
+
SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+
+ +
+
char *SSL_get_app_data(SSL *ssl);
+
+ +
+
X509 *SSL_get_certificate(const SSL *ssl);
+
+ +
+
const char *SSL_get_cipher(const SSL *ssl);
+
+ +
+
int SSL_is_dtls(const SSL *ssl);
+
+ +
+
int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits);
+
+ +
+
char *SSL_get_cipher_list(const SSL *ssl, int n);
+
+ +
+
char *SSL_get_cipher_name(const SSL *ssl);
+
+ +
+
char *SSL_get_cipher_version(const SSL *ssl);
+
+ +
+
STACK *SSL_get_ciphers(const SSL *ssl);
+
+ +
+
STACK *SSL_get_client_CA_list(const SSL *ssl);
+
+ +
+
SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);
+
+ +
+
long SSL_get_default_timeout(const SSL *ssl);
+
+ +
+
int SSL_get_error(const SSL *ssl, int i);
+
+ +
+
char *SSL_get_ex_data(const SSL *ssl, int idx);
+
+ +
+
int SSL_get_ex_data_X509_STORE_CTX_idx(void);
+
+ +
+
int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+ +
+
int SSL_get_fd(const SSL *ssl);
+
+ +
+
void (*SSL_get_info_callback(const SSL *ssl);)()
+
+ +
+
int SSL_get_key_update_type(SSL *s);
+
+ +
+
STACK *SSL_get_peer_cert_chain(const SSL *ssl);
+
+ +
+
X509 *SSL_get_peer_certificate(const SSL *ssl);
+
+ +
+
const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);
+
+ +
+
EVP_PKEY *SSL_get_privatekey(const SSL *ssl);
+
+ +
+
int SSL_get_quiet_shutdown(const SSL *ssl);
+
+ +
+
BIO *SSL_get_rbio(const SSL *ssl);
+
+ +
+
int SSL_get_read_ahead(const SSL *ssl);
+
+ +
+
SSL_SESSION *SSL_get_session(const SSL *ssl);
+
+ +
+
char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int size);
+
+ +
+
int SSL_get_shutdown(const SSL *ssl);
+
+ +
+
const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
+
+ +
+
int SSL_get_state(const SSL *ssl);
+
+ +
+
long SSL_get_time(const SSL *ssl);
+
+ +
+
long SSL_get_timeout(const SSL *ssl);
+
+ +
+
int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *)
+
+ +
+
int SSL_get_verify_mode(const SSL *ssl);
+
+ +
+
long SSL_get_verify_result(const SSL *ssl);
+
+ +
+
char *SSL_get_version(const SSL *ssl);
+
+ +
+
BIO *SSL_get_wbio(const SSL *ssl);
+
+ +
+
int SSL_in_accept_init(SSL *ssl);
+
+ +
+
int SSL_in_before(SSL *ssl);
+
+ +
+
int SSL_in_connect_init(SSL *ssl);
+
+ +
+
int SSL_in_init(SSL *ssl);
+
+ +
+
int SSL_is_init_finished(SSL *ssl);
+
+ +
+
int SSL_key_update(SSL *s, int updatetype);
+
+ +
+
STACK *SSL_load_client_CA_file(const char *file);
+
+ +
+
SSL *SSL_new(SSL_CTX *ctx);
+
+ +
+
int SSL_up_ref(SSL *s);
+
+ +
+
long SSL_num_renegotiations(SSL *ssl);
+
+ +
+
int SSL_peek(SSL *ssl, void *buf, int num);
+
+ +
+
int SSL_pending(const SSL *ssl);
+
+ +
+
int SSL_read(SSL *ssl, void *buf, int num);
+
+ +
+
int SSL_renegotiate(SSL *ssl);
+
+ +
+
char *SSL_rstate_string(SSL *ssl);
+
+ +
+
char *SSL_rstate_string_long(SSL *ssl);
+
+ +
+
long SSL_session_reused(SSL *ssl);
+
+ +
+
void SSL_set_accept_state(SSL *ssl);
+
+ +
+
void SSL_set_app_data(SSL *ssl, char *arg);
+
+ +
+
void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
+
+ +
+
int SSL_set_cipher_list(SSL *ssl, char *str);
+
+ +
+
void SSL_set_client_CA_list(SSL *ssl, STACK *list);
+
+ +
+
void SSL_set_connect_state(SSL *ssl);
+
+ +
+
int SSL_set_ct_validation_callback(SSL *ssl, ssl_ct_validation_cb callback, void *arg);
+
+ +
+
int SSL_set_ex_data(SSL *ssl, int idx, char *arg);
+
+ +
+
int SSL_set_fd(SSL *ssl, int fd);
+
+ +
+
void SSL_set_info_callback(SSL *ssl, void (*cb);(void))
+
+ +
+
void SSL_set_msg_callback(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+
+ +
+
void SSL_set_msg_callback_arg(SSL *ctx, void *arg);
+
+ +
+
unsigned long SSL_clear_options(SSL *ssl, unsigned long op);
+
+ +
+
unsigned long SSL_get_options(SSL *ssl);
+
+ +
+
unsigned long SSL_set_options(SSL *ssl, unsigned long op);
+
+ +
+
void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+
+ +
+
void SSL_set_read_ahead(SSL *ssl, int yes);
+
+ +
+
int SSL_set_rfd(SSL *ssl, int fd);
+
+ +
+
int SSL_set_session(SSL *ssl, SSL_SESSION *session);
+
+ +
+
void SSL_set_shutdown(SSL *ssl, int mode);
+
+ +
+
int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *meth);
+
+ +
+
void SSL_set_time(SSL *ssl, long t);
+
+ +
+
void SSL_set_timeout(SSL *ssl, long t);
+
+ +
+
void SSL_set_verify(SSL *ssl, int mode, int (*callback);(void))
+
+ +
+
void SSL_set_verify_result(SSL *ssl, long arg);
+
+ +
+
int SSL_set_wfd(SSL *ssl, int fd);
+
+ +
+
int SSL_shutdown(SSL *ssl);
+
+ +
+
OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
+
+ +

Returns the current handshake state.

+ +
+
char *SSL_state_string(const SSL *ssl);
+
+ +
+
char *SSL_state_string_long(const SSL *ssl);
+
+ +
+
long SSL_total_renegotiations(SSL *ssl);
+
+ +
+
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+
+ +
+
int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len);
+
+ +
+
int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+
+ +
+
int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+
+ +
+
int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+
+ +
+
int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+
+ +
+
int SSL_use_certificate(SSL *ssl, X509 *x);
+
+ +
+
int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);
+
+ +
+
int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+
+ +
+
int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);
+
+ +
+
int SSL_version(const SSL *ssl);
+
+ +
+
int SSL_want(const SSL *ssl);
+
+ +
+
int SSL_want_nothing(const SSL *ssl);
+
+ +
+
int SSL_want_read(const SSL *ssl);
+
+ +
+
int SSL_want_write(const SSL *ssl);
+
+ +
+
int SSL_want_x509_lookup(const SSL *ssl);
+
+ +
+
int SSL_write(SSL *ssl, const void *buf, int num);
+
+ +
+
void SSL_set_psk_client_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
+
+ +
+
int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
+
+ +
+
void SSL_set_psk_server_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
+
+ +
+
const char *SSL_get_psk_identity_hint(SSL *ssl);
+
+ +
+
const char *SSL_get_psk_identity(SSL *ssl);
+
+ +
+
+ +

RETURN VALUES

+ +

See the individual manual pages for details.

+ +

SEE ALSO

+ +

openssl(1), crypto(7), CRYPTO_get_ex_new_index(3), SSL_accept(3), SSL_clear(3), SSL_connect(3), SSL_CIPHER_get_name(3), SSL_COMP_add_compression_method(3), SSL_CTX_add_extra_chain_cert(3), SSL_CTX_add_session(3), SSL_CTX_ctrl(3), SSL_CTX_flush_sessions(3), SSL_CTX_get_verify_mode(3), SSL_CTX_load_verify_locations(3) SSL_CTX_new(3), SSL_CTX_sess_number(3), SSL_CTX_sess_set_cache_size(3), SSL_CTX_sess_set_get_cb(3), SSL_CTX_sessions(3), SSL_CTX_set_cert_store(3), SSL_CTX_set_cert_verify_callback(3), SSL_CTX_set_cipher_list(3), SSL_CTX_set_client_CA_list(3), SSL_CTX_set_client_cert_cb(3), SSL_CTX_set_default_passwd_cb(3), SSL_CTX_set_generate_session_id(3), SSL_CTX_set_info_callback(3), SSL_CTX_set_max_cert_list(3), SSL_CTX_set_mode(3), SSL_CTX_set_msg_callback(3), SSL_CTX_set_options(3), SSL_CTX_set_quiet_shutdown(3), SSL_CTX_set_read_ahead(3), SSL_CTX_set_security_level(3), SSL_CTX_set_session_cache_mode(3), SSL_CTX_set_session_id_context(3), SSL_CTX_set_ssl_version(3), SSL_CTX_set_timeout(3), SSL_CTX_set_tmp_dh_callback(3), SSL_CTX_set_verify(3), SSL_CTX_use_certificate(3), SSL_alert_type_string(3), SSL_do_handshake(3), SSL_enable_ct(3), SSL_get_SSL_CTX(3), SSL_get_ciphers(3), SSL_get_client_CA_list(3), SSL_get_default_timeout(3), SSL_get_error(3), SSL_get_ex_data_X509_STORE_CTX_idx(3), SSL_get_fd(3), SSL_get_peer_cert_chain(3), SSL_get_rbio(3), SSL_get_session(3), SSL_get_verify_result(3), SSL_get_version(3), SSL_load_client_CA_file(3), SSL_new(3), SSL_pending(3), SSL_read_ex(3), SSL_read(3), SSL_rstate_string(3), SSL_session_reused(3), SSL_set_bio(3), SSL_set_connect_state(3), SSL_set_fd(3), SSL_set_session(3), SSL_set_shutdown(3), SSL_shutdown(3), SSL_state_string(3), SSL_want(3), SSL_write_ex(3), SSL_write(3), SSL_SESSION_free(3), SSL_SESSION_get_time(3), d2i_SSL_SESSION(3), SSL_CTX_set_psk_client_callback(3), SSL_CTX_use_psk_identity_hint(3), SSL_get_psk_identity(3), DTLSv1_listen(3)

+ +

HISTORY

+ +

SSLv2_client_method, SSLv2_server_method and SSLv2_method were removed in OpenSSL 1.1.0.

+ +

The return type of SSL_copy_session_id was changed from void to int in OpenSSL 1.1.0.

+ +

COPYRIGHT

+ +

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/doc/openssl/html/man7/x509.html b/deps/openssl/mingw64/share/doc/openssl/html/man7/x509.html new file mode 100644 index 00000000..42546b1e --- /dev/null +++ b/deps/openssl/mingw64/share/doc/openssl/html/man7/x509.html @@ -0,0 +1,67 @@ + + + + +x509 + + + + + + + + + + +

NAME

+ +

x509 - X.509 certificate handling

+ +

SYNOPSIS

+ +
#include <openssl/x509.h>
+ +

DESCRIPTION

+ +

An X.509 certificate is a structured grouping of information about an individual, a device, or anything one can imagine. A X.509 CRL (certificate revocation list) is a tool to help determine if a certificate is still valid. The exact definition of those can be found in the X.509 document from ITU-T, or in RFC3280 from PKIX. In OpenSSL, the type X509 is used to express such a certificate, and the type X509_CRL is used to express a CRL.

+ +

A related structure is a certificate request, defined in PKCS#10 from RSA Security, Inc, also reflected in RFC2896. In OpenSSL, the type X509_REQ is used to express such a certificate request.

+ +

To handle some complex parts of a certificate, there are the types X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express a certificate attributes), X509_EXTENSION (to express a certificate extension) and a few more.

+ +

Finally, there's the supertype X509_INFO, which can contain a CRL, a certificate and a corresponding private key.

+ +

X509_XXX, d2i_X509_XXX, and i2d_X509_XXX functions handle X.509 certificates, with some exceptions, shown below.

+ +

X509_CRL_XXX, d2i_X509_CRL_XXX, and i2d_X509_CRL_XXX functions handle X.509 CRLs.

+ +

X509_REQ_XXX, d2i_X509_REQ_XXX, and i2d_X509_REQ_XXX functions handle PKCS#10 certificate requests.

+ +

X509_NAME_XXX functions handle certificate names.

+ +

X509_ATTRIBUTE_XXX functions handle certificate attributes.

+ +

X509_EXTENSION_XXX functions handle certificate extensions.

+ +

SEE ALSO

+ +

X509_NAME_ENTRY_get_object(3), X509_NAME_add_entry_by_txt(3), X509_NAME_add_entry_by_NID(3), X509_NAME_print_ex(3), X509_NAME_new(3), d2i_X509(3), d2i_X509_ALGOR(3), d2i_X509_CRL(3), d2i_X509_NAME(3), d2i_X509_REQ(3), d2i_X509_SIG(3), X509v3(3), crypto(7)

+ +

COPYRIGHT

+ +

Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.

+ +

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.

+ + + + + + + diff --git a/deps/openssl/mingw64/share/man/man1/CA.pl.1 b/deps/openssl/mingw64/share/man/man1/CA.pl.1 new file mode 100644 index 00000000..5806ee2a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/CA.pl.1 @@ -0,0 +1,341 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CA.PL 1" +.TH CA.PL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CA.pl \- friendlier interface for OpenSSL certificate programs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fB\s-1CA\s0.pl\fR +\&\fB\-?\fR | +\&\fB\-h\fR | +\&\fB\-help\fR +.PP +\&\fB\s-1CA\s0.pl\fR +\&\fB\-newcert\fR | +\&\fB\-newreq\fR | +\&\fB\-newreq\-nodes\fR | +\&\fB\-xsign\fR | +\&\fB\-sign\fR | +\&\fB\-signCA\fR | +\&\fB\-signcert\fR | +\&\fB\-crl\fR | +\&\fB\-newca\fR +[\fB\-extra\-cmd\fR extra\-params] +.PP +\&\fB\s-1CA\s0.pl\fR \fB\-pkcs12\fR [\fB\-extra\-pkcs12\fR extra\-params] [\fBcertname\fR] +.PP +\&\fB\s-1CA\s0.pl\fR \fB\-verify\fR [\fB\-extra\-verify\fR extra\-params] \fBcertfile\fR... +.PP +\&\fB\s-1CA\s0.pl\fR \fB\-revoke\fR [\fB\-extra\-ca\fR extra\-params] \fBcertfile\fR [\fBreason\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1CA\s0.pl\fR script is a perl script that supplies the relevant command line +arguments to the \fBopenssl\fR command for some common certificate operations. +It is intended to simplify the process of certificate creation and management +by the use of some simple options. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB?\fR, \fB\-h\fR, \fB\-help\fR" 4 +.IX Item "?, -h, -help" +Prints a usage message. +.IP "\fB\-newcert\fR" 4 +.IX Item "-newcert" +Creates a new self signed certificate. The private key is written to the file +\&\*(L"newkey.pem\*(R" and the request written to the file \*(L"newreq.pem\*(R". +This argument invokes \fBopenssl req\fR command. +.IP "\fB\-newreq\fR" 4 +.IX Item "-newreq" +Creates a new certificate request. The private key is written to the file +\&\*(L"newkey.pem\*(R" and the request written to the file \*(L"newreq.pem\*(R". +Executes \fBopenssl req\fR command below the hood. +.IP "\fB\-newreq\-nodes\fR" 4 +.IX Item "-newreq-nodes" +Is like \fB\-newreq\fR except that the private key will not be encrypted. +Uses \fBopenssl req\fR command. +.IP "\fB\-newca\fR" 4 +.IX Item "-newca" +Creates a new \s-1CA\s0 hierarchy for use with the \fBca\fR program (or the \fB\-signcert\fR +and \fB\-xsign\fR options). The user is prompted to enter the filename of the \s-1CA\s0 +certificates (which should also contain the private key) or by hitting \s-1ENTER\s0 +details of the \s-1CA\s0 will be prompted for. The relevant files and directories +are created in a directory called \*(L"demoCA\*(R" in the current directory. +\&\fBopenssl req\fR and \fBopenssl ca\fR commands are get invoked. +.IP "\fB\-pkcs12\fR" 4 +.IX Item "-pkcs12" +Create a PKCS#12 file containing the user certificate, private key and \s-1CA\s0 +certificate. It expects the user certificate and private key to be in the +file \*(L"newcert.pem\*(R" and the \s-1CA\s0 certificate to be in the file demoCA/cacert.pem, +it creates a file \*(L"newcert.p12\*(R". This command can thus be called after the +\&\fB\-sign\fR option. The PKCS#12 file can be imported directly into a browser. +If there is an additional argument on the command line it will be used as the +\&\*(L"friendly name\*(R" for the certificate (which is typically displayed in the browser +list box), otherwise the name \*(L"My Certificate\*(R" is used. +Delegates work to \fBopenssl pkcs12\fR command. +.IP "\fB\-sign\fR, \fB\-signcert\fR, \fB\-xsign\fR" 4 +.IX Item "-sign, -signcert, -xsign" +Calls the \fBca\fR program to sign a certificate request. It expects the request +to be in the file \*(L"newreq.pem\*(R". The new certificate is written to the file +\&\*(L"newcert.pem\*(R" except in the case of the \fB\-xsign\fR option when it is written +to standard output. Leverages \fBopenssl ca\fR command. +.IP "\fB\-signCA\fR" 4 +.IX Item "-signCA" +This option is the same as the \fB\-signreq\fR option except it uses the +configuration file section \fBv3_ca\fR and so makes the signed request a +valid \s-1CA\s0 certificate. This is useful when creating intermediate \s-1CA\s0 from +a root \s-1CA.\s0 Extra params are passed on to \fBopenssl ca\fR command. +.IP "\fB\-signcert\fR" 4 +.IX Item "-signcert" +This option is the same as \fB\-sign\fR except it expects a self signed certificate +to be present in the file \*(L"newreq.pem\*(R". +Extra params are passed on to \fBopenssl x509\fR and \fBopenssl ca\fR commands. +.IP "\fB\-crl\fR" 4 +.IX Item "-crl" +Generate a \s-1CRL.\s0 Executes \fBopenssl ca\fR command. +.IP "\fB\-revoke certfile [reason]\fR" 4 +.IX Item "-revoke certfile [reason]" +Revoke the certificate contained in the specified \fBcertfile\fR. An optional +reason may be specified, and must be one of: \fBunspecified\fR, +\&\fBkeyCompromise\fR, \fBCACompromise\fR, \fBaffiliationChanged\fR, \fBsuperseded\fR, +\&\fBcessationOfOperation\fR, \fBcertificateHold\fR, or \fBremoveFromCRL\fR. +Leverages \fBopenssl ca\fR command. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verifies certificates against the \s-1CA\s0 certificate for \*(L"demoCA\*(R". If no +certificates are specified on the command line it tries to verify the file +\&\*(L"newcert.pem\*(R". Invokes \fBopenssl verify\fR command. +.IP "\fB\-extra\-req\fR | \fB\-extra\-ca\fR | \fB\-extra\-pkcs12\fR | \fB\-extra\-x509\fR | \fB\-extra\-verify\fR " 4 +.IX Item "-extra-req | -extra-ca | -extra-pkcs12 | -extra-x509 | -extra-verify " +The purpose of these parameters is to allow optional parameters to be supplied +to \fBopenssl\fR that this command executes. The \fB\-extra\-cmd\fR are specific to the +option being used and the \fBopenssl\fR command getting invoked. For example +when this command invokes \fBopenssl req\fR extra parameters can be passed on +with the \fB\-extra\-req\fR parameter. The +\&\fBopenssl\fR commands being invoked per option are documented below. +Users should consult \fBopenssl\fR command documentation for more information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a \s-1CA\s0 hierarchy: +.PP +.Vb 1 +\& CA.pl \-newca +.Ve +.PP +Complete certificate creation example: create a \s-1CA,\s0 create a request, sign +the request and finally create a PKCS#12 file containing it. +.PP +.Vb 4 +\& CA.pl \-newca +\& CA.pl \-newreq +\& CA.pl \-signreq +\& CA.pl \-pkcs12 "My Test Certificate" +.Ve +.SH "DSA CERTIFICATES" +.IX Header "DSA CERTIFICATES" +Although the \fB\s-1CA\s0.pl\fR creates \s-1RSA\s0 CAs and requests it is still possible to +use it with \s-1DSA\s0 certificates and requests using the \fBreq\fR\|(1) command +directly. The following example shows the steps that would typically be taken. +.PP +Create some \s-1DSA\s0 parameters: +.PP +.Vb 1 +\& openssl dsaparam \-out dsap.pem 1024 +.Ve +.PP +Create a \s-1DSA CA\s0 certificate and private key: +.PP +.Vb 1 +\& openssl req \-x509 \-newkey dsa:dsap.pem \-keyout cacert.pem \-out cacert.pem +.Ve +.PP +Create the \s-1CA\s0 directories and files: +.PP +.Vb 1 +\& CA.pl \-newca +.Ve +.PP +enter cacert.pem when prompted for the \s-1CA\s0 file name. +.PP +Create a \s-1DSA\s0 certificate request and private key (a different set of parameters +can optionally be created first): +.PP +.Vb 1 +\& openssl req \-out newreq.pem \-newkey dsa:dsap.pem +.Ve +.PP +Sign the request: +.PP +.Vb 1 +\& CA.pl \-signreq +.Ve +.SH "NOTES" +.IX Header "NOTES" +Most of the filenames mentioned can be modified by editing the \fB\s-1CA\s0.pl\fR script. +.PP +If the demoCA directory already exists then the \fB\-newca\fR command will not +overwrite it and will do nothing. This can happen if a previous call using +the \fB\-newca\fR option terminated abnormally. To get the correct behaviour +delete the demoCA directory if it already exists. +.PP +Under some environments it may not be possible to run the \fB\s-1CA\s0.pl\fR script +directly (for example Win32) and the default configuration file location may +be wrong. In this case the command: +.PP +.Vb 1 +\& perl \-S CA.pl +.Ve +.PP +can be used and the \fB\s-1OPENSSL_CONF\s0\fR environment variable changed to point to +the correct path of the configuration file. +.PP +The script is intended as a simple front end for the \fBopenssl\fR program for use +by a beginner. Its behaviour isn't always what is wanted. For more control over the +behaviour of the certificate commands call the \fBopenssl\fR command directly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBreq\fR\|(1), \fBpkcs12\fR\|(1), +\&\fBconfig\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/asn1parse.1 b/deps/openssl/mingw64/share/man/man1/asn1parse.1 new file mode 100644 index 00000000..2508fc3b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/asn1parse.1 @@ -0,0 +1,339 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1PARSE 1" +.TH ASN1PARSE 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-asn1parse, asn1parse \- ASN.1 parsing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBasn1parse\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-noout\fR] +[\fB\-offset number\fR] +[\fB\-length number\fR] +[\fB\-i\fR] +[\fB\-oid filename\fR] +[\fB\-dump\fR] +[\fB\-dlimit num\fR] +[\fB\-strparse offset\fR] +[\fB\-genstr string\fR] +[\fB\-genconf file\fR] +[\fB\-strictpem\fR] +[\fB\-item name\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN.1\s0 +structures. It can also be used to extract data from \s-1ASN.1\s0 formatted data. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fBDER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +The input format. \fB\s-1DER\s0\fR is binary format and \fB\s-1PEM\s0\fR (the default) is base64 +encoded. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +The input file, default is standard input. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Output file to place the \s-1DER\s0 encoded data into. If this +option is not present then no data will be output. This is most useful when +combined with the \fB\-strparse\fR option. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the parsed version of the input file. +.IP "\fB\-offset number\fR" 4 +.IX Item "-offset number" +Starting offset to begin parsing, default is start of file. +.IP "\fB\-length number\fR" 4 +.IX Item "-length number" +Number of bytes to parse, default is until end of file. +.IP "\fB\-i\fR" 4 +.IX Item "-i" +Indents the output according to the \*(L"depth\*(R" of the structures. +.IP "\fB\-oid filename\fR" 4 +.IX Item "-oid filename" +A file containing additional \s-1OBJECT\s0 IDENTIFIERs (OIDs). The format of this +file is described in the \s-1NOTES\s0 section below. +.IP "\fB\-dump\fR" 4 +.IX Item "-dump" +Dump unknown data in hex format. +.IP "\fB\-dlimit num\fR" 4 +.IX Item "-dlimit num" +Like \fB\-dump\fR, but only the first \fBnum\fR bytes are output. +.IP "\fB\-strparse offset\fR" 4 +.IX Item "-strparse offset" +Parse the contents octets of the \s-1ASN.1\s0 object starting at \fBoffset\fR. This +option can be used multiple times to \*(L"drill down\*(R" into a nested structure. +.IP "\fB\-genstr string\fR, \fB\-genconf file\fR" 4 +.IX Item "-genstr string, -genconf file" +Generate encoded data based on \fBstring\fR, \fBfile\fR or both using +\&\fBASN1_generate_nconf\fR\|(3) format. If \fBfile\fR only is +present then the string is obtained from the default section using the name +\&\fBasn1\fR. The encoded data is passed through the \s-1ASN1\s0 parser and printed out as +though it came from a file, the contents can thus be examined and written to a +file using the \fBout\fR option. +.IP "\fB\-strictpem\fR" 4 +.IX Item "-strictpem" +If this option is used then \fB\-inform\fR will be ignored. Without this option any +data in a \s-1PEM\s0 format input file will be treated as being base64 encoded and +processed whether it has the normal \s-1PEM BEGIN\s0 and \s-1END\s0 markers or not. This +option will ignore any data prior to the start of the \s-1BEGIN\s0 marker, or after an +\&\s-1END\s0 marker in a \s-1PEM\s0 file. +.IP "\fB\-item name\fR" 4 +.IX Item "-item name" +Attempt to decode and print the data as \fB\s-1ASN1_ITEM\s0 name\fR. This can be used to +print out the fields of any supported \s-1ASN.1\s0 structure if the type is known. +.SS "Output" +.IX Subsection "Output" +The output will typically contain lines like this: +.PP +.Vb 1 +\& 0:d=0 hl=4 l= 681 cons: SEQUENCE +.Ve +.PP +\&..... +.PP +.Vb 10 +\& 229:d=3 hl=3 l= 141 prim: BIT STRING +\& 373:d=2 hl=3 l= 162 cons: cont [ 3 ] +\& 376:d=3 hl=3 l= 159 cons: SEQUENCE +\& 379:d=4 hl=2 l= 29 cons: SEQUENCE +\& 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier +\& 386:d=5 hl=2 l= 22 prim: OCTET STRING +\& 410:d=4 hl=2 l= 112 cons: SEQUENCE +\& 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier +\& 417:d=5 hl=2 l= 105 prim: OCTET STRING +\& 524:d=4 hl=2 l= 12 cons: SEQUENCE +.Ve +.PP +\&..... +.PP +This example is part of a self-signed certificate. Each line starts with the +offset in decimal. \fBd=XX\fR specifies the current depth. The depth is increased +within the scope of any \s-1SET\s0 or \s-1SEQUENCE.\s0 \fBhl=XX\fR gives the header length +(tag and length octets) of the current type. \fBl=XX\fR gives the length of +the contents octets. +.PP +The \fB\-i\fR option can be used to make the output more readable. +.PP +Some knowledge of the \s-1ASN.1\s0 structure is needed to interpret the output. +.PP +In this example the \s-1BIT STRING\s0 at offset 229 is the certificate public key. +The contents octets of this will contain the public key information. This can +be examined using the option \fB\-strparse 229\fR to yield: +.PP +.Vb 3 +\& 0:d=0 hl=3 l= 137 cons: SEQUENCE +\& 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 +\& 135:d=1 hl=2 l= 3 prim: INTEGER :010001 +.Ve +.SH "NOTES" +.IX Header "NOTES" +If an \s-1OID\s0 is not part of OpenSSL's internal table it will be represented in +numerical form (for example 1.2.3.4). The file passed to the \fB\-oid\fR option +allows additional OIDs to be included. Each line consists of three columns, +the first column is the \s-1OID\s0 in numerical format and should be followed by white +space. The second column is the \*(L"short name\*(R" which is a single word followed +by white space. The final column is the rest of the line and is the +\&\*(L"long name\*(R". \fBasn1parse\fR displays the long name. Example: +.PP +\&\f(CW\*(C`1.2.3.4 shortName A long name\*(C'\fR +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Parse a file: +.PP +.Vb 1 +\& openssl asn1parse \-in file.pem +.Ve +.PP +Parse a \s-1DER\s0 file: +.PP +.Vb 1 +\& openssl asn1parse \-inform DER \-in file.der +.Ve +.PP +Generate a simple UTF8String: +.PP +.Vb 1 +\& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq +.Ve +.PP +Generate and write out a UTF8String, don't print parsed output: +.PP +.Vb 1 +\& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq \-noout \-out utf8.der +.Ve +.PP +Generate using a config file: +.PP +.Vb 1 +\& openssl asn1parse \-genconf asn1.cnf \-noout \-out asn1.der +.Ve +.PP +Example config file: +.PP +.Vb 1 +\& asn1=SEQUENCE:seq_sect +\& +\& [seq_sect] +\& +\& field1=BOOL:TRUE +\& field2=EXP:0, UTF8:some random string +.Ve +.SH "BUGS" +.IX Header "BUGS" +There should be options to change the format of output lines. The output of some +\&\s-1ASN.1\s0 types is not well handled (if at all). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBASN1_generate_nconf\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/ca.1 b/deps/openssl/mingw64/share/man/man1/ca.1 new file mode 100644 index 00000000..0c6c0520 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/ca.1 @@ -0,0 +1,823 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CA 1" +.TH CA 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ca, ca \- sample minimal CA application +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBca\fR +[\fB\-help\fR] +[\fB\-verbose\fR] +[\fB\-config filename\fR] +[\fB\-name section\fR] +[\fB\-gencrl\fR] +[\fB\-revoke file\fR] +[\fB\-valid file\fR] +[\fB\-status serial\fR] +[\fB\-updatedb\fR] +[\fB\-crl_reason reason\fR] +[\fB\-crl_hold instruction\fR] +[\fB\-crl_compromise time\fR] +[\fB\-crl_CA_compromise time\fR] +[\fB\-crldays days\fR] +[\fB\-crlhours hours\fR] +[\fB\-crlexts section\fR] +[\fB\-startdate date\fR] +[\fB\-enddate date\fR] +[\fB\-days arg\fR] +[\fB\-md arg\fR] +[\fB\-policy arg\fR] +[\fB\-keyfile arg\fR] +[\fB\-keyform PEM|DER\fR] +[\fB\-key arg\fR] +[\fB\-passin arg\fR] +[\fB\-cert file\fR] +[\fB\-selfsign\fR] +[\fB\-in file\fR] +[\fB\-out file\fR] +[\fB\-notext\fR] +[\fB\-outdir dir\fR] +[\fB\-infiles\fR] +[\fB\-spkac file\fR] +[\fB\-ss_cert file\fR] +[\fB\-preserveDN\fR] +[\fB\-noemailDN\fR] +[\fB\-batch\fR] +[\fB\-msie_hack\fR] +[\fB\-extensions section\fR] +[\fB\-extfile section\fR] +[\fB\-engine id\fR] +[\fB\-subj arg\fR] +[\fB\-utf8\fR] +[\fB\-sigopt nm:v\fR] +[\fB\-create_serial\fR] +[\fB\-rand_serial\fR] +[\fB\-multivalue\-rdn\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBca\fR command is a minimal \s-1CA\s0 application. It can be used +to sign certificate requests in a variety of forms and generate +CRLs it also maintains a text database of issued certificates +and their status. +.PP +The options descriptions will be divided into each purpose. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +This prints extra details about the operations being performed. +.IP "\fB\-config filename\fR" 4 +.IX Item "-config filename" +Specifies the configuration file to use. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). +.IP "\fB\-name section\fR" 4 +.IX Item "-name section" +Specifies the configuration file section to use (overrides +\&\fBdefault_ca\fR in the \fBca\fR section). +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +An input filename containing a single certificate request to be +signed by the \s-1CA.\s0 +.IP "\fB\-ss_cert filename\fR" 4 +.IX Item "-ss_cert filename" +A single self-signed certificate to be signed by the \s-1CA.\s0 +.IP "\fB\-spkac filename\fR" 4 +.IX Item "-spkac filename" +A file containing a single Netscape signed public key and challenge +and additional field values to be signed by the \s-1CA.\s0 See the \fB\s-1SPKAC FORMAT\s0\fR +section for information on the required input and output format. +.IP "\fB\-infiles\fR" 4 +.IX Item "-infiles" +If present this should be the last option, all subsequent arguments +are taken as the names of files containing certificate requests. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +The output file to output certificates to. The default is standard +output. The certificate details will also be printed out to this +file in \s-1PEM\s0 format (except that \fB\-spkac\fR outputs \s-1DER\s0 format). +.IP "\fB\-outdir directory\fR" 4 +.IX Item "-outdir directory" +The directory to output certificates to. The certificate will be +written to a filename consisting of the serial number in hex with +\&\*(L".pem\*(R" appended. +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +The \s-1CA\s0 certificate file. +.IP "\fB\-keyfile filename\fR" 4 +.IX Item "-keyfile filename" +The private key to sign requests with. +.IP "\fB\-keyform PEM|DER\fR" 4 +.IX Item "-keyform PEM|DER" +The format of the data in the private key file. +The default is \s-1PEM.\s0 +.IP "\fB\-sigopt nm:v\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-key password\fR" 4 +.IX Item "-key password" +The password used to encrypt the private key. Since on some +systems the command line arguments are visible (e.g. Unix with +the 'ps' utility) this option should be used with caution. +.IP "\fB\-selfsign\fR" 4 +.IX Item "-selfsign" +Indicates the issued certificates are to be signed with the key +the certificate requests were signed with (given with \fB\-keyfile\fR). +Certificate requests signed with a different key are ignored. If +\&\fB\-spkac\fR, \fB\-ss_cert\fR or \fB\-gencrl\fR are given, \fB\-selfsign\fR is +ignored. +.Sp +A consequence of using \fB\-selfsign\fR is that the self-signed +certificate appears among the entries in the certificate database +(see the configuration option \fBdatabase\fR), and uses the same +serial number counter as all other certificates sign with the +self-signed certificate. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-notext\fR" 4 +.IX Item "-notext" +Don't output the text form of a certificate to the output file. +.IP "\fB\-startdate date\fR" 4 +.IX Item "-startdate date" +This allows the start date to be explicitly set. The format of the +date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure), or +\&\s-1YYYYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 GeneralizedTime structure). In +both formats, seconds \s-1SS\s0 and timezone Z must be present. +.IP "\fB\-enddate date\fR" 4 +.IX Item "-enddate date" +This allows the expiry date to be explicitly set. The format of the +date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure), or +\&\s-1YYYYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 GeneralizedTime structure). In +both formats, seconds \s-1SS\s0 and timezone Z must be present. +.IP "\fB\-days arg\fR" 4 +.IX Item "-days arg" +The number of days to certify the certificate for. +.IP "\fB\-md alg\fR" 4 +.IX Item "-md alg" +The message digest to use. +Any digest supported by the OpenSSL \fBdgst\fR command can be used. For signing +algorithms that do not support a digest (i.e. Ed25519 and Ed448) any message +digest that is set is ignored. This option also applies to CRLs. +.IP "\fB\-policy arg\fR" 4 +.IX Item "-policy arg" +This option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in +the configuration file which decides which fields should be mandatory +or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY FORMAT\s0\fR section +for more information. +.IP "\fB\-msie_hack\fR" 4 +.IX Item "-msie_hack" +This is a deprecated option to make \fBca\fR work with very old versions of +the \s-1IE\s0 certificate enrollment control \*(L"certenr3\*(R". It used UniversalStrings +for almost everything. Since the old control has various security bugs +its use is strongly discouraged. +.IP "\fB\-preserveDN\fR" 4 +.IX Item "-preserveDN" +Normally the \s-1DN\s0 order of a certificate is the same as the order of the +fields in the relevant policy section. When this option is set the order +is the same as the request. This is largely for compatibility with the +older \s-1IE\s0 enrollment control which would only accept certificates if their +DNs match the order of the request. This is not needed for Xenroll. +.IP "\fB\-noemailDN\fR" 4 +.IX Item "-noemailDN" +The \s-1DN\s0 of a certificate can contain the \s-1EMAIL\s0 field if present in the +request \s-1DN,\s0 however it is good policy just having the e\-mail set into +the altName extension of the certificate. When this option is set the +\&\s-1EMAIL\s0 field is removed from the certificate' subject and set only in +the, eventually present, extensions. The \fBemail_in_dn\fR keyword can be +used in the configuration file to enable this behaviour. +.IP "\fB\-batch\fR" 4 +.IX Item "-batch" +This sets the batch mode. In this mode no questions will be asked +and all certificates will be certified automatically. +.IP "\fB\-extensions section\fR" 4 +.IX Item "-extensions section" +The section of the configuration file containing certificate extensions +to be added when a certificate is issued (defaults to \fBx509_extensions\fR +unless the \fB\-extfile\fR option is used). If no extension section is +present then, a V1 certificate is created. If the extension section +is present (even if it is empty), then a V3 certificate is created. See the +\&\fBx509v3_config\fR\|(5) manual page for details of the +extension section format. +.IP "\fB\-extfile file\fR" 4 +.IX Item "-extfile file" +An additional configuration file to read certificate extensions from +(using the default section unless the \fB\-extensions\fR option is also +used). +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBca\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-subj arg\fR" 4 +.IX Item "-subj arg" +Supersedes subject name given in the request. +The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR. +Keyword characters may be escaped by \e (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the resulting certificate. +.IP "\fB\-utf8\fR" 4 +.IX Item "-utf8" +This option causes field values to be interpreted as \s-1UTF8\s0 strings, by +default they are interpreted as \s-1ASCII.\s0 This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid \s-1UTF8\s0 strings. +.IP "\fB\-create_serial\fR" 4 +.IX Item "-create_serial" +If reading serial from the text file as specified in the configuration +fails, specifying this option creates a new random serial to be used as next +serial number. +To get random serial numbers, use the \fB\-rand_serial\fR flag instead; this +should only be used for simple error-recovery. +.IP "\fB\-rand_serial\fR" 4 +.IX Item "-rand_serial" +Generate a large random number to use as the serial number. +This overrides any option or configuration to use a serial number file. +.IP "\fB\-multivalue\-rdn\fR" 4 +.IX Item "-multivalue-rdn" +This option causes the \-subj argument to be interpreted with full +support for multivalued RDNs. Example: +.Sp +\&\fI/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe\fR +.Sp +If \-multi\-rdn is not used then the \s-1UID\s0 value is \fI123456+CN=John Doe\fR. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.SH "CRL OPTIONS" +.IX Header "CRL OPTIONS" +.IP "\fB\-gencrl\fR" 4 +.IX Item "-gencrl" +This option generates a \s-1CRL\s0 based on information in the index file. +.IP "\fB\-crldays num\fR" 4 +.IX Item "-crldays num" +The number of days before the next \s-1CRL\s0 is due. That is the days from +now to place in the \s-1CRL\s0 nextUpdate field. +.IP "\fB\-crlhours num\fR" 4 +.IX Item "-crlhours num" +The number of hours before the next \s-1CRL\s0 is due. +.IP "\fB\-revoke filename\fR" 4 +.IX Item "-revoke filename" +A filename containing a certificate to revoke. +.IP "\fB\-valid filename\fR" 4 +.IX Item "-valid filename" +A filename containing a certificate to add a Valid certificate entry. +.IP "\fB\-status serial\fR" 4 +.IX Item "-status serial" +Displays the revocation status of the certificate with the specified +serial number and exits. +.IP "\fB\-updatedb\fR" 4 +.IX Item "-updatedb" +Updates the database index to purge expired certificates. +.IP "\fB\-crl_reason reason\fR" 4 +.IX Item "-crl_reason reason" +Revocation reason, where \fBreason\fR is one of: \fBunspecified\fR, \fBkeyCompromise\fR, +\&\fBCACompromise\fR, \fBaffiliationChanged\fR, \fBsuperseded\fR, \fBcessationOfOperation\fR, +\&\fBcertificateHold\fR or \fBremoveFromCRL\fR. The matching of \fBreason\fR is case +insensitive. Setting any revocation reason will make the \s-1CRL\s0 v2. +.Sp +In practice \fBremoveFromCRL\fR is not particularly useful because it is only used +in delta CRLs which are not currently implemented. +.IP "\fB\-crl_hold instruction\fR" 4 +.IX Item "-crl_hold instruction" +This sets the \s-1CRL\s0 revocation reason code to \fBcertificateHold\fR and the hold +instruction to \fBinstruction\fR which must be an \s-1OID.\s0 Although any \s-1OID\s0 can be +used only \fBholdInstructionNone\fR (the use of which is discouraged by \s-1RFC2459\s0) +\&\fBholdInstructionCallIssuer\fR or \fBholdInstructionReject\fR will normally be used. +.IP "\fB\-crl_compromise time\fR" 4 +.IX Item "-crl_compromise time" +This sets the revocation reason to \fBkeyCompromise\fR and the compromise time to +\&\fBtime\fR. \fBtime\fR should be in GeneralizedTime format that is \fB\s-1YYYYMMDDHHMMSSZ\s0\fR. +.IP "\fB\-crl_CA_compromise time\fR" 4 +.IX Item "-crl_CA_compromise time" +This is the same as \fBcrl_compromise\fR except the revocation reason is set to +\&\fBCACompromise\fR. +.IP "\fB\-crlexts section\fR" 4 +.IX Item "-crlexts section" +The section of the configuration file containing \s-1CRL\s0 extensions to +include. If no \s-1CRL\s0 extension section is present then a V1 \s-1CRL\s0 is +created, if the \s-1CRL\s0 extension section is present (even if it is +empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are +\&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions. It should be noted +that some software (for example Netscape) can't handle V2 CRLs. See +\&\fBx509v3_config\fR\|(5) manual page for details of the +extension section format. +.SH "CONFIGURATION FILE OPTIONS" +.IX Header "CONFIGURATION FILE OPTIONS" +The section of the configuration file containing options for \fBca\fR +is found as follows: If the \fB\-name\fR command line option is used, +then it names the section to be used. Otherwise the section to +be used must be named in the \fBdefault_ca\fR option of the \fBca\fR section +of the configuration file (or in the default section of the +configuration file). Besides \fBdefault_ca\fR, the following options are +read directly from the \fBca\fR section: + \s-1RANDFILE\s0 + preserve + msie_hack +With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may +change in future releases. +.PP +Many of the configuration file options are identical to command line +options. Where the option is present in the configuration file +and the command line the command line value is used. Where an +option is described as mandatory then it must be present in +the configuration file or the command line equivalent (if +any) used. +.IP "\fBoid_file\fR" 4 +.IX Item "oid_file" +This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. +.IP "\fBoid_section\fR" 4 +.IX Item "oid_section" +This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by \fB=\fR and the numerical form. The short +and long names are the same when this option is used. +.IP "\fBnew_certs_dir\fR" 4 +.IX Item "new_certs_dir" +The same as the \fB\-outdir\fR command line option. It specifies +the directory where new certificates will be placed. Mandatory. +.IP "\fBcertificate\fR" 4 +.IX Item "certificate" +The same as \fB\-cert\fR. It gives the file containing the \s-1CA\s0 +certificate. Mandatory. +.IP "\fBprivate_key\fR" 4 +.IX Item "private_key" +Same as the \fB\-keyfile\fR option. The file containing the +\&\s-1CA\s0 private key. Mandatory. +.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. +.IP "\fBdefault_days\fR" 4 +.IX Item "default_days" +The same as the \fB\-days\fR option. The number of days to certify +a certificate for. +.IP "\fBdefault_startdate\fR" 4 +.IX Item "default_startdate" +The same as the \fB\-startdate\fR option. The start date to certify +a certificate for. If not set the current time is used. +.IP "\fBdefault_enddate\fR" 4 +.IX Item "default_enddate" +The same as the \fB\-enddate\fR option. Either this option or +\&\fBdefault_days\fR (or the command line equivalents) must be +present. +.IP "\fBdefault_crl_hours default_crl_days\fR" 4 +.IX Item "default_crl_hours default_crl_days" +The same as the \fB\-crlhours\fR and the \fB\-crldays\fR options. These +will only be used if neither command line option is present. At +least one of these must be present to generate a \s-1CRL.\s0 +.IP "\fBdefault_md\fR" 4 +.IX Item "default_md" +The same as the \fB\-md\fR option. Mandatory except where the signing algorithm does +not require a digest (i.e. Ed25519 and Ed448). +.IP "\fBdatabase\fR" 4 +.IX Item "database" +The text database file to use. Mandatory. This file must be present +though initially it will be empty. +.IP "\fBunique_subject\fR" 4 +.IX Item "unique_subject" +If the value \fByes\fR is given, the valid certificate entries in the +database must have unique subjects. if the value \fBno\fR is given, +several valid certificate entries may have the exact same subject. +The default value is \fByes\fR, to be compatible with older (pre 0.9.8) +versions of OpenSSL. However, to make \s-1CA\s0 certificate roll-over easier, +it's recommended to use the value \fBno\fR, especially if combined with +the \fB\-selfsign\fR command line option. +.Sp +Note that it is valid in some circumstances for certificates to be created +without any subject. In the case where there are multiple certificates without +subjects this does not count as a duplicate. +.IP "\fBserial\fR" 4 +.IX Item "serial" +A text file containing the next serial number to use in hex. Mandatory. +This file must be present and contain a valid serial number. +.IP "\fBcrlnumber\fR" 4 +.IX Item "crlnumber" +A text file containing the next \s-1CRL\s0 number to use in hex. The crl number +will be inserted in the CRLs only if this file exists. If this file is +present, it must contain a valid \s-1CRL\s0 number. +.IP "\fBx509_extensions\fR" 4 +.IX Item "x509_extensions" +The same as \fB\-extensions\fR. +.IP "\fBcrl_extensions\fR" 4 +.IX Item "crl_extensions" +The same as \fB\-crlexts\fR. +.IP "\fBpreserve\fR" 4 +.IX Item "preserve" +The same as \fB\-preserveDN\fR +.IP "\fBemail_in_dn\fR" 4 +.IX Item "email_in_dn" +The same as \fB\-noemailDN\fR. If you want the \s-1EMAIL\s0 field to be removed +from the \s-1DN\s0 of the certificate simply set this to 'no'. If not present +the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN.\s0 +.IP "\fBmsie_hack\fR" 4 +.IX Item "msie_hack" +The same as \fB\-msie_hack\fR +.IP "\fBpolicy\fR" 4 +.IX Item "policy" +The same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY FORMAT\s0\fR section +for more information. +.IP "\fBname_opt\fR, \fBcert_opt\fR" 4 +.IX Item "name_opt, cert_opt" +These options allow the format used to display the certificate details +when asking the user to confirm signing. All the options supported by +the \fBx509\fR utilities \fB\-nameopt\fR and \fB\-certopt\fR switches can be used +here, except the \fBno_signame\fR and \fBno_sigdump\fR are permanently set +and cannot be disabled (this is because the certificate signature cannot +be displayed because the certificate has not been signed at this point). +.Sp +For convenience the values \fBca_default\fR are accepted by both to produce +a reasonable output. +.Sp +If neither option is present the format used in earlier versions of +OpenSSL is used. Use of the old format is \fBstrongly\fR discouraged because +it only displays fields mentioned in the \fBpolicy\fR section, mishandles +multicharacter string types and does not display extensions. +.IP "\fBcopy_extensions\fR" 4 +.IX Item "copy_extensions" +Determines how extensions in certificate requests should be handled. +If set to \fBnone\fR or this option is not present then extensions are +ignored and not copied to the certificate. If set to \fBcopy\fR then any +extensions present in the request that are not already present are copied +to the certificate. If set to \fBcopyall\fR then all extensions in the +request are copied to the certificate: if the extension is already present +in the certificate it is deleted first. See the \fB\s-1WARNINGS\s0\fR section before +using this option. +.Sp +The main use of this option is to allow a certificate request to supply +values for certain extensions such as subjectAltName. +.SH "POLICY FORMAT" +.IX Header "POLICY FORMAT" +The policy section consists of a set of variables corresponding to +certificate \s-1DN\s0 fields. If the value is \*(L"match\*(R" then the field value +must match the same field in the \s-1CA\s0 certificate. If the value is +\&\*(L"supplied\*(R" then it must be present. If the value is \*(L"optional\*(R" then +it may be present. Any fields not mentioned in the policy section +are silently deleted, unless the \fB\-preserveDN\fR option is set but +this can be regarded more of a quirk than intended behaviour. +.SH "SPKAC FORMAT" +.IX Header "SPKAC FORMAT" +The input to the \fB\-spkac\fR command line option is a Netscape +signed public key and challenge. This will usually come from +the \fB\s-1KEYGEN\s0\fR tag in an \s-1HTML\s0 form to create a new private key. +It is however possible to create SPKACs using the \fBspkac\fR utility. +.PP +The file should contain the variable \s-1SPKAC\s0 set to the value of +the \s-1SPKAC\s0 and also the required \s-1DN\s0 components as name value pairs. +If you need to include the same component twice then it can be +preceded by a number and a '.'. +.PP +When processing \s-1SPKAC\s0 format, the output is \s-1DER\s0 if the \fB\-out\fR +flag is used, but \s-1PEM\s0 format if sending to stdout or the \fB\-outdir\fR +flag is used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Note: these examples assume that the \fBca\fR directory structure is +already set up and the relevant files already exist. This usually +involves creating a \s-1CA\s0 certificate and private key with \fBreq\fR, a +serial number file and an empty index file and placing them in +the relevant directories. +.PP +To use the sample configuration file below the directories demoCA, +demoCA/private and demoCA/newcerts would be created. The \s-1CA\s0 +certificate would be copied to demoCA/cacert.pem and its private +key to demoCA/private/cakey.pem. A file demoCA/serial would be +created containing for example \*(L"01\*(R" and the empty index file +demoCA/index.txt. +.PP +Sign a certificate request: +.PP +.Vb 1 +\& openssl ca \-in req.pem \-out newcert.pem +.Ve +.PP +Sign a certificate request, using \s-1CA\s0 extensions: +.PP +.Vb 1 +\& openssl ca \-in req.pem \-extensions v3_ca \-out newcert.pem +.Ve +.PP +Generate a \s-1CRL\s0 +.PP +.Vb 1 +\& openssl ca \-gencrl \-out crl.pem +.Ve +.PP +Sign several requests: +.PP +.Vb 1 +\& openssl ca \-infiles req1.pem req2.pem req3.pem +.Ve +.PP +Certify a Netscape \s-1SPKAC:\s0 +.PP +.Vb 1 +\& openssl ca \-spkac spkac.txt +.Ve +.PP +A sample \s-1SPKAC\s0 file (the \s-1SPKAC\s0 line has been truncated for clarity): +.PP +.Vb 5 +\& SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5 +\& CN=Steve Test +\& emailAddress=steve@openssl.org +\& 0.OU=OpenSSL Group +\& 1.OU=Another Group +.Ve +.PP +A sample configuration file with the relevant sections for \fBca\fR: +.PP +.Vb 2 +\& [ ca ] +\& default_ca = CA_default # The default ca section +\& +\& [ CA_default ] +\& +\& dir = ./demoCA # top dir +\& database = $dir/index.txt # index file. +\& new_certs_dir = $dir/newcerts # new certs dir +\& +\& certificate = $dir/cacert.pem # The CA cert +\& serial = $dir/serial # serial no file +\& #rand_serial = yes # for random serial#\*(Aqs +\& private_key = $dir/private/cakey.pem# CA private key +\& RANDFILE = $dir/private/.rand # random number file +\& +\& default_days = 365 # how long to certify for +\& default_crl_days= 30 # how long before next CRL +\& default_md = md5 # md to use +\& +\& policy = policy_any # default policy +\& email_in_dn = no # Don\*(Aqt add the email into cert DN +\& +\& name_opt = ca_default # Subject name display option +\& cert_opt = ca_default # Certificate display option +\& copy_extensions = none # Don\*(Aqt copy extensions from request +\& +\& [ policy_any ] +\& countryName = supplied +\& stateOrProvinceName = optional +\& organizationName = optional +\& organizationalUnitName = optional +\& commonName = supplied +\& emailAddress = optional +.Ve +.SH "FILES" +.IX Header "FILES" +Note: the location of all files can change either by compile time options, +configuration file entries, environment variables or command line options. +The values below reflect the default values. +.PP +.Vb 10 +\& /usr/local/ssl/lib/openssl.cnf \- master configuration file +\& ./demoCA \- main CA directory +\& ./demoCA/cacert.pem \- CA certificate +\& ./demoCA/private/cakey.pem \- CA private key +\& ./demoCA/serial \- CA serial number file +\& ./demoCA/serial.old \- CA serial number backup file +\& ./demoCA/index.txt \- CA text database file +\& ./demoCA/index.txt.old \- CA text database backup file +\& ./demoCA/certs \- certificate output file +\& ./demoCA/.rnd \- CA random seed information +.Ve +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +The text database index file is a critical part of the process and +if corrupted it can be difficult to fix. It is theoretically possible +to rebuild the index file from all the issued certificates and a current +\&\s-1CRL:\s0 however there is no option to do this. +.PP +V2 \s-1CRL\s0 features like delta CRLs are not currently supported. +.PP +Although several requests can be input and handled at once it is only +possible to include one \s-1SPKAC\s0 or self-signed certificate. +.SH "BUGS" +.IX Header "BUGS" +The use of an in-memory text database can cause problems when large +numbers of certificates are present because, as the name implies +the database has to be kept in memory. +.PP +The \fBca\fR command really needs rewriting or the required functionality +exposed at either a command or interface level so a more friendly utility +(perl script or \s-1GUI\s0) can handle things properly. The script +\&\fB\s-1CA\s0.pl\fR helps a little but not very much. +.PP +Any fields in a request that are not present in a policy are silently +deleted. This does not happen if the \fB\-preserveDN\fR option is used. To +enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN,\s0 as suggested by +RFCs, regardless the contents of the request' subject the \fB\-noemailDN\fR +option can be used. The behaviour should be more friendly and +configurable. +.PP +Canceling some commands by refusing to certify a certificate can +create an empty file. +.SH "WARNINGS" +.IX Header "WARNINGS" +The \fBca\fR command is quirky and at times downright unfriendly. +.PP +The \fBca\fR utility was originally meant as an example of how to do things +in a \s-1CA.\s0 It was not supposed to be used as a full blown \s-1CA\s0 itself: +nevertheless some people are using it for this purpose. +.PP +The \fBca\fR command is effectively a single user command: no locking is +done on the various files and attempts to run more than one \fBca\fR command +on the same database can have unpredictable results. +.PP +The \fBcopy_extensions\fR option should be used with caution. If care is +not taken then it can be a security risk. For example if a certificate +request contains a basicConstraints extension with \s-1CA:TRUE\s0 and the +\&\fBcopy_extensions\fR value is set to \fBcopyall\fR and the user does not spot +this when the certificate is displayed then this will hand the requester +a valid \s-1CA\s0 certificate. +.PP +This situation can be avoided by setting \fBcopy_extensions\fR to \fBcopy\fR +and including basicConstraints with \s-1CA:FALSE\s0 in the configuration file. +Then if the request contains a basicConstraints extension it will be +ignored. +.PP +It is advisable to also include values for other extensions such +as \fBkeyUsage\fR to prevent a request supplying its own values. +.PP +Additional restrictions can be placed on the \s-1CA\s0 certificate itself. +For example if the \s-1CA\s0 certificate has: +.PP +.Vb 1 +\& basicConstraints = CA:TRUE, pathlen:0 +.Ve +.PP +then even if a certificate is issued with \s-1CA:TRUE\s0 it will not be valid. +.SH "HISTORY" +.IX Header "HISTORY" +Since OpenSSL 1.1.1, the program follows \s-1RFC5280.\s0 Specifically, +certificate validity period (specified by any of \fB\-startdate\fR, +\&\fB\-enddate\fR and \fB\-days\fR) will be encoded as UTCTime if the dates are +earlier than year 2049 (included), and as GeneralizedTime if the dates +are in year 2050 or later. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBreq\fR\|(1), \fBspkac\fR\|(1), \fBx509\fR\|(1), \s-1\fBCA\s0.pl\fR\|(1), +\&\fBconfig\fR\|(5), \fBx509v3_config\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/ciphers.1 b/deps/openssl/mingw64/share/man/man1/ciphers.1 new file mode 100644 index 00000000..9eb5bb0a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/ciphers.1 @@ -0,0 +1,868 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CIPHERS 1" +.TH CIPHERS 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ciphers, ciphers \- SSL cipher display and cipher list tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBciphers\fR +[\fB\-help\fR] +[\fB\-s\fR] +[\fB\-v\fR] +[\fB\-V\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-tls1_1\fR] +[\fB\-tls1_2\fR] +[\fB\-tls1_3\fR] +[\fB\-s\fR] +[\fB\-psk\fR] +[\fB\-srp\fR] +[\fB\-stdname\fR] +[\fB\-convert name\fR] +[\fB\-ciphersuites val\fR] +[\fBcipherlist\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBciphers\fR command converts textual OpenSSL cipher lists into ordered +\&\s-1SSL\s0 cipher preference lists. It can be used as a test tool to determine +the appropriate cipherlist. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print a usage message. +.IP "\fB\-s\fR" 4 +.IX Item "-s" +Only list supported ciphers: those consistent with the security level, and +minimum and maximum protocol version. This is closer to the actual cipher list +an application will support. +.Sp +\&\s-1PSK\s0 and \s-1SRP\s0 ciphers are not enabled by default: they require \fB\-psk\fR or \fB\-srp\fR +to enable them. +.Sp +It also does not change the default list of supported signature algorithms. +.Sp +On a server the list of supported ciphers might also exclude other ciphers +depending on the configured certificates and presence of \s-1DH\s0 parameters. +.Sp +If this option is not used then all ciphers that match the cipherlist will be +listed. +.IP "\fB\-psk\fR" 4 +.IX Item "-psk" +When combined with \fB\-s\fR includes cipher suites which require \s-1PSK.\s0 +.IP "\fB\-srp\fR" 4 +.IX Item "-srp" +When combined with \fB\-s\fR includes cipher suites which require \s-1SRP.\s0 +.IP "\fB\-v\fR" 4 +.IX Item "-v" +Verbose output: For each cipher suite, list details as provided by +\&\fBSSL_CIPHER_description\fR\|(3). +.IP "\fB\-V\fR" 4 +.IX Item "-V" +Like \fB\-v\fR, but include the official cipher suite values in hex. +.IP "\fB\-tls1_3\fR, \fB\-tls1_2\fR, \fB\-tls1_1\fR, \fB\-tls1\fR, \fB\-ssl3\fR" 4 +.IX Item "-tls1_3, -tls1_2, -tls1_1, -tls1, -ssl3" +In combination with the \fB\-s\fR option, list the ciphers which could be used if +the specified protocol were negotiated. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. +.IP "\fB\-stdname\fR" 4 +.IX Item "-stdname" +Precede each cipher suite by its standard name. +.IP "\fB\-convert name\fR" 4 +.IX Item "-convert name" +Convert a standard cipher \fBname\fR to its OpenSSL name. +.IP "\fB\-ciphersuites val\fR" 4 +.IX Item "-ciphersuites val" +Sets the list of TLSv1.3 ciphersuites. This list will be combined with any +TLSv1.2 and below ciphersuites that have been configured. The format for this +list is a simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. By +default this value is: +.Sp +.Vb 1 +\& TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +.Ve +.IP "\fBcipherlist\fR" 4 +.IX Item "cipherlist" +A cipher list of TLSv1.2 and below ciphersuites to convert to a cipher +preference list. This list will be combined with any TLSv1.3 ciphersuites that +have been configured. If it is not included then the default cipher list will be +used. The format is described below. +.SH "CIPHER LIST FORMAT" +.IX Header "CIPHER LIST FORMAT" +The cipher list consists of one or more \fIcipher strings\fR separated by colons. +Commas or spaces are also acceptable separators but colons are normally used. +.PP +The actual cipher string can take several different forms. +.PP +It can consist of a single cipher suite such as \fB\s-1RC4\-SHA\s0\fR. +.PP +It can represent a list of cipher suites containing a certain algorithm, or +cipher suites of a certain type. For example \fB\s-1SHA1\s0\fR represents all ciphers +suites using the digest algorithm \s-1SHA1\s0 and \fBSSLv3\fR represents all \s-1SSL\s0 v3 +algorithms. +.PP +Lists of cipher suites can be combined in a single cipher string using the +\&\fB+\fR character. This is used as a logical \fBand\fR operation. For example +\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0 +algorithms. +.PP +Each cipher string can be optionally preceded by the characters \fB!\fR, +\&\fB\-\fR or \fB+\fR. +.PP +If \fB!\fR is used then the ciphers are permanently deleted from the list. +The ciphers deleted can never reappear in the list even if they are +explicitly stated. +.PP +If \fB\-\fR is used then the ciphers are deleted from the list, but some or +all of the ciphers can be added again by later options. +.PP +If \fB+\fR is used then the ciphers are moved to the end of the list. This +option doesn't add any new ciphers it just moves matching existing ones. +.PP +If none of these characters is present then the string is just interpreted +as a list of ciphers to be appended to the current preference list. If the +list includes any ciphers already present they will be ignored: that is they +will not moved to the end of the list. +.PP +The cipher string \fB\f(CB@STRENGTH\fB\fR can be used at any point to sort the current +cipher list in order of encryption algorithm key length. +.PP +The cipher string \fB\f(CB@SECLEVEL\fB=n\fR can be used at any point to set the security +level to \fBn\fR, which should be a number between zero and five, inclusive. +See SSL_CTX_set_security_level for a description of what each level means. +.PP +The cipher list can be prefixed with the \fB\s-1DEFAULT\s0\fR keyword, which enables +the default cipher list as defined below. Unlike cipher strings, +this prefix may not be combined with other strings using \fB+\fR character. +For example, \fB\s-1DEFAULT+DES\s0\fR is not valid. +.PP +The content of the default list is determined at compile time and normally +corresponds to \fB\s-1ALL:\s0!COMPLEMENTOFDEFAULT:!eNULL\fR. +.SH "CIPHER STRINGS" +.IX Header "CIPHER STRINGS" +The following is a list of all permitted cipher strings and their meanings. +.IP "\fB\s-1COMPLEMENTOFDEFAULT\s0\fR" 4 +.IX Item "COMPLEMENTOFDEFAULT" +The ciphers included in \fB\s-1ALL\s0\fR, but not enabled by default. Currently +this includes all \s-1RC4\s0 and anonymous ciphers. Note that this rule does +not cover \fBeNULL\fR, which is not included by \fB\s-1ALL\s0\fR (use \fB\s-1COMPLEMENTOFALL\s0\fR if +necessary). Note that \s-1RC4\s0 based cipher suites are not built into OpenSSL by +default (see the enable-weak-ssl-ciphers option to Configure). +.IP "\fB\s-1ALL\s0\fR" 4 +.IX Item "ALL" +All cipher suites except the \fBeNULL\fR ciphers (which must be explicitly enabled +if needed). +As of OpenSSL 1.0.0, the \fB\s-1ALL\s0\fR cipher suites are sensibly ordered by default. +.IP "\fB\s-1COMPLEMENTOFALL\s0\fR" 4 +.IX Item "COMPLEMENTOFALL" +The cipher suites not enabled by \fB\s-1ALL\s0\fR, currently \fBeNULL\fR. +.IP "\fB\s-1HIGH\s0\fR" 4 +.IX Item "HIGH" +\&\*(L"High\*(R" encryption cipher suites. This currently means those with key lengths +larger than 128 bits, and some cipher suites with 128\-bit keys. +.IP "\fB\s-1MEDIUM\s0\fR" 4 +.IX Item "MEDIUM" +\&\*(L"Medium\*(R" encryption cipher suites, currently some of those using 128 bit +encryption. +.IP "\fB\s-1LOW\s0\fR" 4 +.IX Item "LOW" +\&\*(L"Low\*(R" encryption cipher suites, currently those using 64 or 56 bit +encryption algorithms but excluding export cipher suites. All these +cipher suites have been removed as of OpenSSL 1.1.0. +.IP "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4 +.IX Item "eNULL, NULL" +The \*(L"\s-1NULL\*(R"\s0 ciphers that is those offering no encryption. Because these offer no +encryption at all and are a security risk they are not enabled via either the +\&\fB\s-1DEFAULT\s0\fR or \fB\s-1ALL\s0\fR cipher strings. +Be careful when building cipherlists out of lower-level primitives such as +\&\fBkRSA\fR or \fBaECDSA\fR as these do overlap with the \fBeNULL\fR ciphers. When in +doubt, include \fB!eNULL\fR in your cipherlist. +.IP "\fBaNULL\fR" 4 +.IX Item "aNULL" +The cipher suites offering no authentication. This is currently the anonymous +\&\s-1DH\s0 algorithms and anonymous \s-1ECDH\s0 algorithms. These cipher suites are vulnerable +to \*(L"man in the middle\*(R" attacks and so their use is discouraged. +These are excluded from the \fB\s-1DEFAULT\s0\fR ciphers, but included in the \fB\s-1ALL\s0\fR +ciphers. +Be careful when building cipherlists out of lower-level primitives such as +\&\fBkDHE\fR or \fB\s-1AES\s0\fR as these do overlap with the \fBaNULL\fR ciphers. +When in doubt, include \fB!aNULL\fR in your cipherlist. +.IP "\fBkRSA\fR, \fBaRSA\fR, \fB\s-1RSA\s0\fR" 4 +.IX Item "kRSA, aRSA, RSA" +Cipher suites using \s-1RSA\s0 key exchange or authentication. \fB\s-1RSA\s0\fR is an alias for +\&\fBkRSA\fR. +.IP "\fBkDHr\fR, \fBkDHd\fR, \fBkDH\fR" 4 +.IX Item "kDHr, kDHd, kDH" +Cipher suites using static \s-1DH\s0 key agreement and \s-1DH\s0 certificates signed by CAs +with \s-1RSA\s0 and \s-1DSS\s0 keys or either respectively. +All these cipher suites have been removed in OpenSSL 1.1.0. +.IP "\fBkDHE\fR, \fBkEDH\fR, \fB\s-1DH\s0\fR" 4 +.IX Item "kDHE, kEDH, DH" +Cipher suites using ephemeral \s-1DH\s0 key agreement, including anonymous cipher +suites. +.IP "\fB\s-1DHE\s0\fR, \fB\s-1EDH\s0\fR" 4 +.IX Item "DHE, EDH" +Cipher suites using authenticated ephemeral \s-1DH\s0 key agreement. +.IP "\fB\s-1ADH\s0\fR" 4 +.IX Item "ADH" +Anonymous \s-1DH\s0 cipher suites, note that this does not include anonymous Elliptic +Curve \s-1DH\s0 (\s-1ECDH\s0) cipher suites. +.IP "\fBkEECDH\fR, \fBkECDHE\fR, \fB\s-1ECDH\s0\fR" 4 +.IX Item "kEECDH, kECDHE, ECDH" +Cipher suites using ephemeral \s-1ECDH\s0 key agreement, including anonymous +cipher suites. +.IP "\fB\s-1ECDHE\s0\fR, \fB\s-1EECDH\s0\fR" 4 +.IX Item "ECDHE, EECDH" +Cipher suites using authenticated ephemeral \s-1ECDH\s0 key agreement. +.IP "\fB\s-1AECDH\s0\fR" 4 +.IX Item "AECDH" +Anonymous Elliptic Curve Diffie-Hellman cipher suites. +.IP "\fBaDSS\fR, \fB\s-1DSS\s0\fR" 4 +.IX Item "aDSS, DSS" +Cipher suites using \s-1DSS\s0 authentication, i.e. the certificates carry \s-1DSS\s0 keys. +.IP "\fBaDH\fR" 4 +.IX Item "aDH" +Cipher suites effectively using \s-1DH\s0 authentication, i.e. the certificates carry +\&\s-1DH\s0 keys. +All these cipher suites have been removed in OpenSSL 1.1.0. +.IP "\fBaECDSA\fR, \fB\s-1ECDSA\s0\fR" 4 +.IX Item "aECDSA, ECDSA" +Cipher suites using \s-1ECDSA\s0 authentication, i.e. the certificates carry \s-1ECDSA\s0 +keys. +.IP "\fBTLSv1.2\fR, \fBTLSv1.0\fR, \fBSSLv3\fR" 4 +.IX Item "TLSv1.2, TLSv1.0, SSLv3" +Lists cipher suites which are only supported in at least \s-1TLS\s0 v1.2, \s-1TLS\s0 v1.0 or +\&\s-1SSL\s0 v3.0 respectively. +Note: there are no cipher suites specific to \s-1TLS\s0 v1.1. +Since this is only the minimum version, if, for example, TLSv1.0 is negotiated +then both TLSv1.0 and SSLv3.0 cipher suites are available. +.Sp +Note: these cipher strings \fBdo not\fR change the negotiated version of \s-1SSL\s0 or +\&\s-1TLS,\s0 they only affect the list of available cipher suites. +.IP "\fB\s-1AES128\s0\fR, \fB\s-1AES256\s0\fR, \fB\s-1AES\s0\fR" 4 +.IX Item "AES128, AES256, AES" +cipher suites using 128 bit \s-1AES, 256\s0 bit \s-1AES\s0 or either 128 or 256 bit \s-1AES.\s0 +.IP "\fB\s-1AESGCM\s0\fR" 4 +.IX Item "AESGCM" +\&\s-1AES\s0 in Galois Counter Mode (\s-1GCM\s0): these cipher suites are only supported +in \s-1TLS\s0 v1.2. +.IP "\fB\s-1AESCCM\s0\fR, \fB\s-1AESCCM8\s0\fR" 4 +.IX Item "AESCCM, AESCCM8" +\&\s-1AES\s0 in Cipher Block Chaining \- Message Authentication Mode (\s-1CCM\s0): these +cipher suites are only supported in \s-1TLS\s0 v1.2. \fB\s-1AESCCM\s0\fR references \s-1CCM\s0 +cipher suites using both 16 and 8 octet Integrity Check Value (\s-1ICV\s0) +while \fB\s-1AESCCM8\s0\fR only references 8 octet \s-1ICV.\s0 +.IP "\fB\s-1ARIA128\s0\fR, \fB\s-1ARIA256\s0\fR, \fB\s-1ARIA\s0\fR" 4 +.IX Item "ARIA128, ARIA256, ARIA" +Cipher suites using 128 bit \s-1ARIA, 256\s0 bit \s-1ARIA\s0 or either 128 or 256 bit +\&\s-1ARIA.\s0 +.IP "\fB\s-1CAMELLIA128\s0\fR, \fB\s-1CAMELLIA256\s0\fR, \fB\s-1CAMELLIA\s0\fR" 4 +.IX Item "CAMELLIA128, CAMELLIA256, CAMELLIA" +Cipher suites using 128 bit \s-1CAMELLIA, 256\s0 bit \s-1CAMELLIA\s0 or either 128 or 256 bit +\&\s-1CAMELLIA.\s0 +.IP "\fB\s-1CHACHA20\s0\fR" 4 +.IX Item "CHACHA20" +Cipher suites using ChaCha20. +.IP "\fB3DES\fR" 4 +.IX Item "3DES" +Cipher suites using triple \s-1DES.\s0 +.IP "\fB\s-1DES\s0\fR" 4 +.IX Item "DES" +Cipher suites using \s-1DES\s0 (not triple \s-1DES\s0). +All these cipher suites have been removed in OpenSSL 1.1.0. +.IP "\fB\s-1RC4\s0\fR" 4 +.IX Item "RC4" +Cipher suites using \s-1RC4.\s0 +.IP "\fB\s-1RC2\s0\fR" 4 +.IX Item "RC2" +Cipher suites using \s-1RC2.\s0 +.IP "\fB\s-1IDEA\s0\fR" 4 +.IX Item "IDEA" +Cipher suites using \s-1IDEA.\s0 +.IP "\fB\s-1SEED\s0\fR" 4 +.IX Item "SEED" +Cipher suites using \s-1SEED.\s0 +.IP "\fB\s-1MD5\s0\fR" 4 +.IX Item "MD5" +Cipher suites using \s-1MD5.\s0 +.IP "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4 +.IX Item "SHA1, SHA" +Cipher suites using \s-1SHA1.\s0 +.IP "\fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR" 4 +.IX Item "SHA256, SHA384" +Cipher suites using \s-1SHA256\s0 or \s-1SHA384.\s0 +.IP "\fBaGOST\fR" 4 +.IX Item "aGOST" +Cipher suites using \s-1GOST R 34.10\s0 (either 2001 or 94) for authentication +(needs an engine supporting \s-1GOST\s0 algorithms). +.IP "\fBaGOST01\fR" 4 +.IX Item "aGOST01" +Cipher suites using \s-1GOST R 34.10\-2001\s0 authentication. +.IP "\fBkGOST\fR" 4 +.IX Item "kGOST" +Cipher suites, using \s-1VKO 34.10\s0 key exchange, specified in the \s-1RFC 4357.\s0 +.IP "\fB\s-1GOST94\s0\fR" 4 +.IX Item "GOST94" +Cipher suites, using \s-1HMAC\s0 based on \s-1GOST R 34.11\-94.\s0 +.IP "\fB\s-1GOST89MAC\s0\fR" 4 +.IX Item "GOST89MAC" +Cipher suites using \s-1GOST 28147\-89 MAC\s0 \fBinstead of\fR \s-1HMAC.\s0 +.IP "\fB\s-1PSK\s0\fR" 4 +.IX Item "PSK" +All cipher suites using pre-shared keys (\s-1PSK\s0). +.IP "\fBkPSK\fR, \fBkECDHEPSK\fR, \fBkDHEPSK\fR, \fBkRSAPSK\fR" 4 +.IX Item "kPSK, kECDHEPSK, kDHEPSK, kRSAPSK" +Cipher suites using \s-1PSK\s0 key exchange, \s-1ECDHE_PSK, DHE_PSK\s0 or \s-1RSA_PSK.\s0 +.IP "\fBaPSK\fR" 4 +.IX Item "aPSK" +Cipher suites using \s-1PSK\s0 authentication (currently all \s-1PSK\s0 modes apart from +\&\s-1RSA_PSK\s0). +.IP "\fB\s-1SUITEB128\s0\fR, \fB\s-1SUITEB128ONLY\s0\fR, \fB\s-1SUITEB192\s0\fR" 4 +.IX Item "SUITEB128, SUITEB128ONLY, SUITEB192" +Enables suite B mode of operation using 128 (permitting 192 bit mode by peer) +128 bit (not permitting 192 bit by peer) or 192 bit level of security +respectively. +If used these cipherstrings should appear first in the cipher +list and anything after them is ignored. +Setting Suite B mode has additional consequences required to comply with +\&\s-1RFC6460.\s0 +In particular the supported signature algorithms is reduced to support only +\&\s-1ECDSA\s0 and \s-1SHA256\s0 or \s-1SHA384,\s0 only the elliptic curves P\-256 and P\-384 can be +used and only the two suite B compliant cipher suites +(\s-1ECDHE\-ECDSA\-AES128\-GCM\-SHA256\s0 and \s-1ECDHE\-ECDSA\-AES256\-GCM\-SHA384\s0) are +permissible. +.SH "CIPHER SUITE NAMES" +.IX Header "CIPHER SUITE NAMES" +The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the +relevant specification and their OpenSSL equivalents. It should be noted, +that several cipher suite names do not include the authentication used, +e.g. \s-1DES\-CBC3\-SHA.\s0 In these cases, \s-1RSA\s0 authentication is used. +.SS "\s-1SSL\s0 v3.0 cipher suites" +.IX Subsection "SSL v3.0 cipher suites" +.Vb 6 +\& SSL_RSA_WITH_NULL_MD5 NULL\-MD5 +\& SSL_RSA_WITH_NULL_SHA NULL\-SHA +\& SSL_RSA_WITH_RC4_128_MD5 RC4\-MD5 +\& SSL_RSA_WITH_RC4_128_SHA RC4\-SHA +\& SSL_RSA_WITH_IDEA_CBC_SHA IDEA\-CBC\-SHA +\& SSL_RSA_WITH_3DES_EDE_CBC_SHA DES\-CBC3\-SHA +\& +\& SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH\-DSS\-DES\-CBC3\-SHA +\& SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH\-RSA\-DES\-CBC3\-SHA +\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE\-DSS\-DES\-CBC3\-SHA +\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE\-RSA\-DES\-CBC3\-SHA +\& +\& SSL_DH_anon_WITH_RC4_128_MD5 ADH\-RC4\-MD5 +\& SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA +\& +\& SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. +\& SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. +\& SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. +.Ve +.SS "\s-1TLS\s0 v1.0 cipher suites" +.IX Subsection "TLS v1.0 cipher suites" +.Vb 6 +\& TLS_RSA_WITH_NULL_MD5 NULL\-MD5 +\& TLS_RSA_WITH_NULL_SHA NULL\-SHA +\& TLS_RSA_WITH_RC4_128_MD5 RC4\-MD5 +\& TLS_RSA_WITH_RC4_128_SHA RC4\-SHA +\& TLS_RSA_WITH_IDEA_CBC_SHA IDEA\-CBC\-SHA +\& TLS_RSA_WITH_3DES_EDE_CBC_SHA DES\-CBC3\-SHA +\& +\& TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. +\& TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. +\& TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE\-DSS\-DES\-CBC3\-SHA +\& TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE\-RSA\-DES\-CBC3\-SHA +\& +\& TLS_DH_anon_WITH_RC4_128_MD5 ADH\-RC4\-MD5 +\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA +.Ve +.SS "\s-1AES\s0 cipher suites from \s-1RFC3268,\s0 extending \s-1TLS\s0 v1.0" +.IX Subsection "AES cipher suites from RFC3268, extending TLS v1.0" +.Vb 2 +\& TLS_RSA_WITH_AES_128_CBC_SHA AES128\-SHA +\& TLS_RSA_WITH_AES_256_CBC_SHA AES256\-SHA +\& +\& TLS_DH_DSS_WITH_AES_128_CBC_SHA DH\-DSS\-AES128\-SHA +\& TLS_DH_DSS_WITH_AES_256_CBC_SHA DH\-DSS\-AES256\-SHA +\& TLS_DH_RSA_WITH_AES_128_CBC_SHA DH\-RSA\-AES128\-SHA +\& TLS_DH_RSA_WITH_AES_256_CBC_SHA DH\-RSA\-AES256\-SHA +\& +\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE\-DSS\-AES128\-SHA +\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE\-DSS\-AES256\-SHA +\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE\-RSA\-AES128\-SHA +\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE\-RSA\-AES256\-SHA +\& +\& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH\-AES128\-SHA +\& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH\-AES256\-SHA +.Ve +.SS "Camellia cipher suites from \s-1RFC4132,\s0 extending \s-1TLS\s0 v1.0" +.IX Subsection "Camellia cipher suites from RFC4132, extending TLS v1.0" +.Vb 2 +\& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128\-SHA +\& TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256\-SHA +\& +\& TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA DH\-DSS\-CAMELLIA128\-SHA +\& TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA DH\-DSS\-CAMELLIA256\-SHA +\& TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA DH\-RSA\-CAMELLIA128\-SHA +\& TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA DH\-RSA\-CAMELLIA256\-SHA +\& +\& TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE\-DSS\-CAMELLIA128\-SHA +\& TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE\-DSS\-CAMELLIA256\-SHA +\& TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE\-RSA\-CAMELLIA128\-SHA +\& TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE\-RSA\-CAMELLIA256\-SHA +\& +\& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH\-CAMELLIA128\-SHA +\& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH\-CAMELLIA256\-SHA +.Ve +.SS "\s-1SEED\s0 cipher suites from \s-1RFC4162,\s0 extending \s-1TLS\s0 v1.0" +.IX Subsection "SEED cipher suites from RFC4162, extending TLS v1.0" +.Vb 1 +\& TLS_RSA_WITH_SEED_CBC_SHA SEED\-SHA +\& +\& TLS_DH_DSS_WITH_SEED_CBC_SHA DH\-DSS\-SEED\-SHA +\& TLS_DH_RSA_WITH_SEED_CBC_SHA DH\-RSA\-SEED\-SHA +\& +\& TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE\-DSS\-SEED\-SHA +\& TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE\-RSA\-SEED\-SHA +\& +\& TLS_DH_anon_WITH_SEED_CBC_SHA ADH\-SEED\-SHA +.Ve +.SS "\s-1GOST\s0 cipher suites from draft-chudov-cryptopro-cptls, extending \s-1TLS\s0 v1.0" +.IX Subsection "GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0" +Note: these ciphers require an engine which including \s-1GOST\s0 cryptographic +algorithms, such as the \fBccgost\fR engine, included in the OpenSSL distribution. +.PP +.Vb 4 +\& TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94\-GOST89\-GOST89 +\& TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001\-GOST89\-GOST89 +\& TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94\-NULL\-GOST94 +\& TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001\-NULL\-GOST94 +.Ve +.SS "Additional Export 1024 and other cipher suites" +.IX Subsection "Additional Export 1024 and other cipher suites" +Note: these ciphers can also be used in \s-1SSL\s0 v3. +.PP +.Vb 1 +\& TLS_DHE_DSS_WITH_RC4_128_SHA DHE\-DSS\-RC4\-SHA +.Ve +.SS "Elliptic curve cipher suites." +.IX Subsection "Elliptic curve cipher suites." +.Vb 5 +\& TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE\-RSA\-NULL\-SHA +\& TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE\-RSA\-RC4\-SHA +\& TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE\-RSA\-DES\-CBC3\-SHA +\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE\-RSA\-AES128\-SHA +\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE\-RSA\-AES256\-SHA +\& +\& TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE\-ECDSA\-NULL\-SHA +\& TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE\-ECDSA\-RC4\-SHA +\& TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE\-ECDSA\-DES\-CBC3\-SHA +\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE\-ECDSA\-AES128\-SHA +\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE\-ECDSA\-AES256\-SHA +\& +\& TLS_ECDH_anon_WITH_NULL_SHA AECDH\-NULL\-SHA +\& TLS_ECDH_anon_WITH_RC4_128_SHA AECDH\-RC4\-SHA +\& TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH\-DES\-CBC3\-SHA +\& TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH\-AES128\-SHA +\& TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH\-AES256\-SHA +.Ve +.SS "\s-1TLS\s0 v1.2 cipher suites" +.IX Subsection "TLS v1.2 cipher suites" +.Vb 1 +\& TLS_RSA_WITH_NULL_SHA256 NULL\-SHA256 +\& +\& TLS_RSA_WITH_AES_128_CBC_SHA256 AES128\-SHA256 +\& TLS_RSA_WITH_AES_256_CBC_SHA256 AES256\-SHA256 +\& TLS_RSA_WITH_AES_128_GCM_SHA256 AES128\-GCM\-SHA256 +\& TLS_RSA_WITH_AES_256_GCM_SHA384 AES256\-GCM\-SHA384 +\& +\& TLS_DH_RSA_WITH_AES_128_CBC_SHA256 DH\-RSA\-AES128\-SHA256 +\& TLS_DH_RSA_WITH_AES_256_CBC_SHA256 DH\-RSA\-AES256\-SHA256 +\& TLS_DH_RSA_WITH_AES_128_GCM_SHA256 DH\-RSA\-AES128\-GCM\-SHA256 +\& TLS_DH_RSA_WITH_AES_256_GCM_SHA384 DH\-RSA\-AES256\-GCM\-SHA384 +\& +\& TLS_DH_DSS_WITH_AES_128_CBC_SHA256 DH\-DSS\-AES128\-SHA256 +\& TLS_DH_DSS_WITH_AES_256_CBC_SHA256 DH\-DSS\-AES256\-SHA256 +\& TLS_DH_DSS_WITH_AES_128_GCM_SHA256 DH\-DSS\-AES128\-GCM\-SHA256 +\& TLS_DH_DSS_WITH_AES_256_GCM_SHA384 DH\-DSS\-AES256\-GCM\-SHA384 +\& +\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE\-RSA\-AES128\-SHA256 +\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE\-RSA\-AES256\-SHA256 +\& TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE\-RSA\-AES128\-GCM\-SHA256 +\& TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE\-RSA\-AES256\-GCM\-SHA384 +\& +\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE\-DSS\-AES128\-SHA256 +\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE\-DSS\-AES256\-SHA256 +\& TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE\-DSS\-AES128\-GCM\-SHA256 +\& TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE\-DSS\-AES256\-GCM\-SHA384 +\& +\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE\-RSA\-AES128\-SHA256 +\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE\-RSA\-AES256\-SHA384 +\& TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE\-RSA\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE\-RSA\-AES256\-GCM\-SHA384 +\& +\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE\-ECDSA\-AES128\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE\-ECDSA\-AES256\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE\-ECDSA\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE\-ECDSA\-AES256\-GCM\-SHA384 +\& +\& TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH\-AES128\-SHA256 +\& TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH\-AES256\-SHA256 +\& TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH\-AES128\-GCM\-SHA256 +\& TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH\-AES256\-GCM\-SHA384 +\& +\& RSA_WITH_AES_128_CCM AES128\-CCM +\& RSA_WITH_AES_256_CCM AES256\-CCM +\& DHE_RSA_WITH_AES_128_CCM DHE\-RSA\-AES128\-CCM +\& DHE_RSA_WITH_AES_256_CCM DHE\-RSA\-AES256\-CCM +\& RSA_WITH_AES_128_CCM_8 AES128\-CCM8 +\& RSA_WITH_AES_256_CCM_8 AES256\-CCM8 +\& DHE_RSA_WITH_AES_128_CCM_8 DHE\-RSA\-AES128\-CCM8 +\& DHE_RSA_WITH_AES_256_CCM_8 DHE\-RSA\-AES256\-CCM8 +\& ECDHE_ECDSA_WITH_AES_128_CCM ECDHE\-ECDSA\-AES128\-CCM +\& ECDHE_ECDSA_WITH_AES_256_CCM ECDHE\-ECDSA\-AES256\-CCM +\& ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE\-ECDSA\-AES128\-CCM8 +\& ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE\-ECDSA\-AES256\-CCM8 +.Ve +.SS "\s-1ARIA\s0 cipher suites from \s-1RFC6209,\s0 extending \s-1TLS\s0 v1.2" +.IX Subsection "ARIA cipher suites from RFC6209, extending TLS v1.2" +Note: the \s-1CBC\s0 modes mentioned in this \s-1RFC\s0 are not supported. +.PP +.Vb 10 +\& TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128\-GCM\-SHA256 +\& TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256\-GCM\-SHA384 +\& TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE\-RSA\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE\-RSA\-ARIA256\-GCM\-SHA384 +\& TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE\-DSS\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE\-DSS\-ARIA256\-GCM\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE\-ECDSA\-ARIA128\-GCM\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE\-ECDSA\-ARIA256\-GCM\-SHA384 +\& TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE\-ARIA128\-GCM\-SHA256 +\& TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE\-ARIA256\-GCM\-SHA384 +\& TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK\-ARIA128\-GCM\-SHA256 +\& TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK\-ARIA256\-GCM\-SHA384 +\& TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE\-PSK\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE\-PSK\-ARIA256\-GCM\-SHA384 +\& TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA\-PSK\-ARIA128\-GCM\-SHA256 +\& TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA\-PSK\-ARIA256\-GCM\-SHA384 +.Ve +.SS "Camellia HMAC-Based cipher suites from \s-1RFC6367,\s0 extending \s-1TLS\s0 v1.2" +.IX Subsection "Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2" +.Vb 4 +\& TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-ECDSA\-CAMELLIA128\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-ECDSA\-CAMELLIA256\-SHA384 +\& TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-RSA\-CAMELLIA128\-SHA256 +\& TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-RSA\-CAMELLIA256\-SHA384 +.Ve +.SS "Pre-shared keying (\s-1PSK\s0) cipher suites" +.IX Subsection "Pre-shared keying (PSK) cipher suites" +.Vb 3 +\& PSK_WITH_NULL_SHA PSK\-NULL\-SHA +\& DHE_PSK_WITH_NULL_SHA DHE\-PSK\-NULL\-SHA +\& RSA_PSK_WITH_NULL_SHA RSA\-PSK\-NULL\-SHA +\& +\& PSK_WITH_RC4_128_SHA PSK\-RC4\-SHA +\& PSK_WITH_3DES_EDE_CBC_SHA PSK\-3DES\-EDE\-CBC\-SHA +\& PSK_WITH_AES_128_CBC_SHA PSK\-AES128\-CBC\-SHA +\& PSK_WITH_AES_256_CBC_SHA PSK\-AES256\-CBC\-SHA +\& +\& DHE_PSK_WITH_RC4_128_SHA DHE\-PSK\-RC4\-SHA +\& DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE\-PSK\-3DES\-EDE\-CBC\-SHA +\& DHE_PSK_WITH_AES_128_CBC_SHA DHE\-PSK\-AES128\-CBC\-SHA +\& DHE_PSK_WITH_AES_256_CBC_SHA DHE\-PSK\-AES256\-CBC\-SHA +\& +\& RSA_PSK_WITH_RC4_128_SHA RSA\-PSK\-RC4\-SHA +\& RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA\-PSK\-3DES\-EDE\-CBC\-SHA +\& RSA_PSK_WITH_AES_128_CBC_SHA RSA\-PSK\-AES128\-CBC\-SHA +\& RSA_PSK_WITH_AES_256_CBC_SHA RSA\-PSK\-AES256\-CBC\-SHA +\& +\& PSK_WITH_AES_128_GCM_SHA256 PSK\-AES128\-GCM\-SHA256 +\& PSK_WITH_AES_256_GCM_SHA384 PSK\-AES256\-GCM\-SHA384 +\& DHE_PSK_WITH_AES_128_GCM_SHA256 DHE\-PSK\-AES128\-GCM\-SHA256 +\& DHE_PSK_WITH_AES_256_GCM_SHA384 DHE\-PSK\-AES256\-GCM\-SHA384 +\& RSA_PSK_WITH_AES_128_GCM_SHA256 RSA\-PSK\-AES128\-GCM\-SHA256 +\& RSA_PSK_WITH_AES_256_GCM_SHA384 RSA\-PSK\-AES256\-GCM\-SHA384 +\& +\& PSK_WITH_AES_128_CBC_SHA256 PSK\-AES128\-CBC\-SHA256 +\& PSK_WITH_AES_256_CBC_SHA384 PSK\-AES256\-CBC\-SHA384 +\& PSK_WITH_NULL_SHA256 PSK\-NULL\-SHA256 +\& PSK_WITH_NULL_SHA384 PSK\-NULL\-SHA384 +\& DHE_PSK_WITH_AES_128_CBC_SHA256 DHE\-PSK\-AES128\-CBC\-SHA256 +\& DHE_PSK_WITH_AES_256_CBC_SHA384 DHE\-PSK\-AES256\-CBC\-SHA384 +\& DHE_PSK_WITH_NULL_SHA256 DHE\-PSK\-NULL\-SHA256 +\& DHE_PSK_WITH_NULL_SHA384 DHE\-PSK\-NULL\-SHA384 +\& RSA_PSK_WITH_AES_128_CBC_SHA256 RSA\-PSK\-AES128\-CBC\-SHA256 +\& RSA_PSK_WITH_AES_256_CBC_SHA384 RSA\-PSK\-AES256\-CBC\-SHA384 +\& RSA_PSK_WITH_NULL_SHA256 RSA\-PSK\-NULL\-SHA256 +\& RSA_PSK_WITH_NULL_SHA384 RSA\-PSK\-NULL\-SHA384 +\& PSK_WITH_AES_128_GCM_SHA256 PSK\-AES128\-GCM\-SHA256 +\& PSK_WITH_AES_256_GCM_SHA384 PSK\-AES256\-GCM\-SHA384 +\& +\& ECDHE_PSK_WITH_RC4_128_SHA ECDHE\-PSK\-RC4\-SHA +\& ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE\-PSK\-3DES\-EDE\-CBC\-SHA +\& ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE\-PSK\-AES128\-CBC\-SHA +\& ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE\-PSK\-AES256\-CBC\-SHA +\& ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE\-PSK\-AES128\-CBC\-SHA256 +\& ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE\-PSK\-AES256\-CBC\-SHA384 +\& ECDHE_PSK_WITH_NULL_SHA ECDHE\-PSK\-NULL\-SHA +\& ECDHE_PSK_WITH_NULL_SHA256 ECDHE\-PSK\-NULL\-SHA256 +\& ECDHE_PSK_WITH_NULL_SHA384 ECDHE\-PSK\-NULL\-SHA384 +\& +\& PSK_WITH_CAMELLIA_128_CBC_SHA256 PSK\-CAMELLIA128\-SHA256 +\& PSK_WITH_CAMELLIA_256_CBC_SHA384 PSK\-CAMELLIA256\-SHA384 +\& +\& DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 DHE\-PSK\-CAMELLIA128\-SHA256 +\& DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 DHE\-PSK\-CAMELLIA256\-SHA384 +\& +\& RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 RSA\-PSK\-CAMELLIA128\-SHA256 +\& RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 RSA\-PSK\-CAMELLIA256\-SHA384 +\& +\& ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-PSK\-CAMELLIA128\-SHA256 +\& ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-PSK\-CAMELLIA256\-SHA384 +\& +\& PSK_WITH_AES_128_CCM PSK\-AES128\-CCM +\& PSK_WITH_AES_256_CCM PSK\-AES256\-CCM +\& DHE_PSK_WITH_AES_128_CCM DHE\-PSK\-AES128\-CCM +\& DHE_PSK_WITH_AES_256_CCM DHE\-PSK\-AES256\-CCM +\& PSK_WITH_AES_128_CCM_8 PSK\-AES128\-CCM8 +\& PSK_WITH_AES_256_CCM_8 PSK\-AES256\-CCM8 +\& DHE_PSK_WITH_AES_128_CCM_8 DHE\-PSK\-AES128\-CCM8 +\& DHE_PSK_WITH_AES_256_CCM_8 DHE\-PSK\-AES256\-CCM8 +.Ve +.SS "ChaCha20\-Poly1305 cipher suites, extending \s-1TLS\s0 v1.2" +.IX Subsection "ChaCha20-Poly1305 cipher suites, extending TLS v1.2" +.Vb 7 +\& TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-RSA\-CHACHA20\-POLY1305 +\& TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-ECDSA\-CHACHA20\-POLY1305 +\& TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE\-RSA\-CHACHA20\-POLY1305 +\& TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK\-CHACHA20\-POLY1305 +\& TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-PSK\-CHACHA20\-POLY1305 +\& TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE\-PSK\-CHACHA20\-POLY1305 +\& TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA\-PSK\-CHACHA20\-POLY1305 +.Ve +.SS "\s-1TLS\s0 v1.3 cipher suites" +.IX Subsection "TLS v1.3 cipher suites" +.Vb 5 +\& TLS_AES_128_GCM_SHA256 TLS_AES_128_GCM_SHA256 +\& TLS_AES_256_GCM_SHA384 TLS_AES_256_GCM_SHA384 +\& TLS_CHACHA20_POLY1305_SHA256 TLS_CHACHA20_POLY1305_SHA256 +\& TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_SHA256 +\& TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_8_SHA256 +.Ve +.SS "Older names used by OpenSSL" +.IX Subsection "Older names used by OpenSSL" +The following names are accepted by older releases: +.PP +.Vb 2 +\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH\-RSA\-DES\-CBC3\-SHA (DHE\-RSA\-DES\-CBC3\-SHA) +\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH\-DSS\-DES\-CBC3\-SHA (DHE\-DSS\-DES\-CBC3\-SHA) +.Ve +.SH "NOTES" +.IX Header "NOTES" +Some compiled versions of OpenSSL may not include all the ciphers +listed here because some ciphers were excluded at compile time. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Verbose listing of all OpenSSL ciphers including \s-1NULL\s0 ciphers: +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqALL:eNULL\*(Aq +.Ve +.PP +Include all ciphers except \s-1NULL\s0 and anonymous \s-1DH\s0 then sort by +strength: +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqALL:!ADH:@STRENGTH\*(Aq +.Ve +.PP +Include all ciphers except ones with no encryption (eNULL) or no +authentication (aNULL): +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqALL:!aNULL\*(Aq +.Ve +.PP +Include only 3DES ciphers and then place \s-1RSA\s0 ciphers last: +.PP +.Vb 1 +\& openssl ciphers \-v \*(Aq3DES:+RSA\*(Aq +.Ve +.PP +Include all \s-1RC4\s0 ciphers but leave out those without authentication: +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqRC4:!COMPLEMENTOFDEFAULT\*(Aq +.Ve +.PP +Include all ciphers with \s-1RSA\s0 authentication but leave out ciphers without +encryption. +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqRSA:!COMPLEMENTOFALL\*(Aq +.Ve +.PP +Set security level to 2 and display all ciphers consistent with level 2: +.PP +.Vb 1 +\& openssl ciphers \-s \-v \*(AqALL:@SECLEVEL=2\*(Aq +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBs_client\fR\|(1), \fBs_server\fR\|(1), \fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-V\fR option for the \fBciphers\fR command was added in OpenSSL 1.0.0. +.PP +The \fB\-stdname\fR is only available if OpenSSL is built with tracing enabled +(\fBenable-ssl-trace\fR argument to Configure) before OpenSSL 1.1.1. +.PP +The \fB\-convert\fR option was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/cms.1 b/deps/openssl/mingw64/share/man/man1/cms.1 new file mode 100644 index 00000000..4623925f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/cms.1 @@ -0,0 +1,820 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS 1" +.TH CMS 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-cms, cms \- CMS utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBcms\fR +[\fB\-help\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-sign\fR] +[\fB\-verify\fR] +[\fB\-cmsout\fR] +[\fB\-resign\fR] +[\fB\-data_create\fR] +[\fB\-data_out\fR] +[\fB\-digest_create\fR] +[\fB\-digest_verify\fR] +[\fB\-compress\fR] +[\fB\-uncompress\fR] +[\fB\-EncryptedData_encrypt\fR] +[\fB\-sign_receipt\fR] +[\fB\-verify_receipt receipt\fR] +[\fB\-in filename\fR] +[\fB\-inform SMIME|PEM|DER\fR] +[\fB\-rctform SMIME|PEM|DER\fR] +[\fB\-out filename\fR] +[\fB\-outform SMIME|PEM|DER\fR] +[\fB\-stream \-indef \-noindef\fR] +[\fB\-noindef\fR] +[\fB\-content filename\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-print\fR] +[\fB\-CAfile file\fR] +[\fB\-CApath dir\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-attime timestamp\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-no_check_time\fR] +[\fB\-partial_chain\fR] +[\fB\-policy arg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose purpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level num\fR] +[\fB\-verify_depth num\fR] +[\fB\-verify_email email\fR] +[\fB\-verify_hostname hostname\fR] +[\fB\-verify_ip ip\fR] +[\fB\-verify_name name\fR] +[\fB\-x509_strict\fR] +[\fB\-md digest\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-nointern\fR] +[\fB\-noverify\fR] +[\fB\-nocerts\fR] +[\fB\-noattr\fR] +[\fB\-nosmimecap\fR] +[\fB\-binary\fR] +[\fB\-crlfeol\fR] +[\fB\-asciicrlf\fR] +[\fB\-nodetach\fR] +[\fB\-certfile file\fR] +[\fB\-certsout file\fR] +[\fB\-signer file\fR] +[\fB\-recip file\fR] +[\fB\-keyid\fR] +[\fB\-receipt_request_all\fR] +[\fB\-receipt_request_first\fR] +[\fB\-receipt_request_from emailaddress\fR] +[\fB\-receipt_request_to emailaddress\fR] +[\fB\-receipt_request_print\fR] +[\fB\-secretkey key\fR] +[\fB\-secretkeyid id\fR] +[\fB\-econtent_type type\fR] +[\fB\-inkey file\fR] +[\fB\-keyopt name:parameter\fR] +[\fB\-passin arg\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fBcert.pem...\fR] +[\fB\-to addr\fR] +[\fB\-from addr\fR] +[\fB\-subject subj\fR] +[cert.pem]... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBcms\fR command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign and +verify, compress and uncompress S/MIME messages. +.SH "OPTIONS" +.IX Header "OPTIONS" +There are fourteen operation options that set the type of operation to be +performed. The meaning of the other options varies according to the operation +type. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt mail for the given recipient certificates. Input file is the message +to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format. The +actual \s-1CMS\s0 type is EnvelopedData. +.Sp +Note that no revocation check is done for the recipient cert, so if that +key has been compromised, others may be able to decrypt the text. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt mail using the supplied certificate and private key. Expects an +encrypted mail message in \s-1MIME\s0 format for the input file. The decrypted mail +is written to the output file. +.IP "\fB\-debug_decrypt\fR" 4 +.IX Item "-debug_decrypt" +This option sets the \fB\s-1CMS_DEBUG_DECRYPT\s0\fR flag. This option should be used +with caution: see the notes section below. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign mail using the supplied certificate and private key. Input file is +the message to be signed. The signed message in \s-1MIME\s0 format is written +to the output file. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify signed mail. Expects a signed mail message on input and outputs +the signed data. Both clear text and opaque signing is supported. +.IP "\fB\-cmsout\fR" 4 +.IX Item "-cmsout" +Takes an input message and writes out a \s-1PEM\s0 encoded \s-1CMS\s0 structure. +.IP "\fB\-resign\fR" 4 +.IX Item "-resign" +Resign a message: take an existing message and one or more new signers. +.IP "\fB\-data_create\fR" 4 +.IX Item "-data_create" +Create a \s-1CMS\s0 \fBData\fR type. +.IP "\fB\-data_out\fR" 4 +.IX Item "-data_out" +\&\fBData\fR type and output the content. +.IP "\fB\-digest_create\fR" 4 +.IX Item "-digest_create" +Create a \s-1CMS\s0 \fBDigestedData\fR type. +.IP "\fB\-digest_verify\fR" 4 +.IX Item "-digest_verify" +Verify a \s-1CMS\s0 \fBDigestedData\fR type and output the content. +.IP "\fB\-compress\fR" 4 +.IX Item "-compress" +Create a \s-1CMS\s0 \fBCompressedData\fR type. OpenSSL must be compiled with \fBzlib\fR +support for this option to work, otherwise it will output an error. +.IP "\fB\-uncompress\fR" 4 +.IX Item "-uncompress" +Uncompress a \s-1CMS\s0 \fBCompressedData\fR type and output the content. OpenSSL must be +compiled with \fBzlib\fR support for this option to work, otherwise it will +output an error. +.IP "\fB\-EncryptedData_encrypt\fR" 4 +.IX Item "-EncryptedData_encrypt" +Encrypt content using supplied symmetric key and algorithm using a \s-1CMS\s0 +\&\fBEncryptedData\fR type and output the content. +.IP "\fB\-sign_receipt\fR" 4 +.IX Item "-sign_receipt" +Generate and output a signed receipt for the supplied message. The input +message \fBmust\fR contain a signed receipt request. Functionality is otherwise +similar to the \fB\-sign\fR operation. +.IP "\fB\-verify_receipt receipt\fR" 4 +.IX Item "-verify_receipt receipt" +Verify a signed receipt in filename \fBreceipt\fR. The input message \fBmust\fR +contain the original receipt request. Functionality is otherwise similar +to the \fB\-verify\fR operation. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +The input message to be encrypted or signed or the message to be decrypted +or verified. +.IP "\fB\-inform SMIME|PEM|DER\fR" 4 +.IX Item "-inform SMIME|PEM|DER" +This specifies the input format for the \s-1CMS\s0 structure. The default +is \fB\s-1SMIME\s0\fR which reads an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR +format change this to expect \s-1PEM\s0 and \s-1DER\s0 format \s-1CMS\s0 structures +instead. This currently only affects the input format of the \s-1CMS\s0 +structure, if no \s-1CMS\s0 structure is being input (for example with +\&\fB\-encrypt\fR or \fB\-sign\fR) this option has no effect. +.IP "\fB\-rctform SMIME|PEM|DER\fR" 4 +.IX Item "-rctform SMIME|PEM|DER" +Specify the format for a signed receipt for use with the \fB\-receipt_verify\fR +operation. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +The message text that has been decrypted or verified or the output \s-1MIME\s0 +format message that has been signed or verified. +.IP "\fB\-outform SMIME|PEM|DER\fR" 4 +.IX Item "-outform SMIME|PEM|DER" +This specifies the output format for the \s-1CMS\s0 structure. The default +is \fB\s-1SMIME\s0\fR which writes an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR +format change this to write \s-1PEM\s0 and \s-1DER\s0 format \s-1CMS\s0 structures +instead. This currently only affects the output format of the \s-1CMS\s0 +structure, if no \s-1CMS\s0 structure is being output (for example with +\&\fB\-verify\fR or \fB\-decrypt\fR) this option has no effect. +.IP "\fB\-stream \-indef \-noindef\fR" 4 +.IX Item "-stream -indef -noindef" +The \fB\-stream\fR and \fB\-indef\fR options are equivalent and enable streaming I/O +for encoding operations. This permits single pass processing of data without +the need to hold the entire contents in memory, potentially supporting very +large files. Streaming is automatically set for S/MIME signing with detached +data if the output format is \fB\s-1SMIME\s0\fR it is currently off by default for all +other operations. +.IP "\fB\-noindef\fR" 4 +.IX Item "-noindef" +Disable streaming I/O where it would produce and indefinite length constructed +encoding. This option currently has no effect. In future streaming will be +enabled by default on all relevant operations and this option will disable it. +.IP "\fB\-content filename\fR" 4 +.IX Item "-content filename" +This specifies a file containing the detached content, this is only +useful with the \fB\-verify\fR command. This is only usable if the \s-1CMS\s0 +structure is using the detached signature form where the content is +not included. This option will override any content if the input format +is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied +message if encrypting or signing. If decrypting or verifying it strips +off text headers: if the decrypted or verified message is not of \s-1MIME\s0 +type text/plain then an error occurs. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +For the \fB\-cmsout\fR operation do not output the parsed \s-1CMS\s0 structure. This +is useful when combined with the \fB\-print\fR option or if the syntax of the \s-1CMS\s0 +structure is being checked. +.IP "\fB\-print\fR" 4 +.IX Item "-print" +For the \fB\-cmsout\fR operation print out all fields of the \s-1CMS\s0 structure. This +is mainly useful for testing purposes. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +A file containing trusted \s-1CA\s0 certificates, only used with \fB\-verify\fR. +.IP "\fB\-CApath dir\fR" 4 +.IX Item "-CApath dir" +A directory containing trusted \s-1CA\s0 certificates, only used with +\&\fB\-verify\fR. This directory must be a standard certificate directory: that +is a hash of each subject name (using \fBx509 \-hash\fR) should be linked +to each certificate. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location +.IP "\fB\-md digest\fR" 4 +.IX Item "-md digest" +Digest algorithm to use when signing or resigning. If not present then the +default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +The encryption algorithm to use. For example triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR +or 256 bit \s-1AES\s0 \- \fB\-aes256\fR. Any standard algorithm name (as used by the +\&\fBEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for +example \fB\-aes\-128\-cbc\fR. See \fBenc\fR\|(1) for a list of ciphers +supported by your version of OpenSSL. +.Sp +If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR and +\&\fB\-EncryptedData_create\fR commands. +.IP "\fB\-nointern\fR" 4 +.IX Item "-nointern" +When verifying a message normally certificates (if any) included in +the message are searched for the signing certificate. With this option +only the certificates specified in the \fB\-certfile\fR option are used. +The supplied certificates can still be used as untrusted CAs however. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Do not verify the signers certificate of a signed message. +.IP "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +When signing a message the signer's certificate is normally included +with this option it is excluded. This will reduce the size of the +signed message but the verifier must have a copy of the signers certificate +available locally (passed using the \fB\-certfile\fR option for example). +.IP "\fB\-noattr\fR" 4 +.IX Item "-noattr" +Normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. With this +option they are not included. +.IP "\fB\-nosmimecap\fR" 4 +.IX Item "-nosmimecap" +Exclude the list of supported algorithms from signed attributes, other options +such as signing time and content type are still included. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Normally the input message is converted to \*(L"canonical\*(R" format which is +effectively using \s-1CR\s0 and \s-1LF\s0 as end of line: as required by the S/MIME +specification. When this option is present no translation occurs. This +is useful when handling binary data which may not be in \s-1MIME\s0 format. +.IP "\fB\-crlfeol\fR" 4 +.IX Item "-crlfeol" +Normally the output file uses a single \fB\s-1LF\s0\fR as end of line. When this +option is present \fB\s-1CRLF\s0\fR is used instead. +.IP "\fB\-asciicrlf\fR" 4 +.IX Item "-asciicrlf" +When signing use \s-1ASCII CRLF\s0 format canonicalisation. This strips trailing +whitespace from all lines, deletes trailing blank lines at \s-1EOF\s0 and sets +the encapsulated content type. This option is normally used with detached +content and an output signature format of \s-1DER.\s0 This option is not normally +needed when verifying as it is enabled automatically if the encapsulated +content format is detected. +.IP "\fB\-nodetach\fR" 4 +.IX Item "-nodetach" +When signing a message use opaque signing: this form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. Without this option cleartext signing with +the \s-1MIME\s0 type multipart/signed is used. +.IP "\fB\-certfile file\fR" 4 +.IX Item "-certfile file" +Allows additional certificates to be specified. When signing these will +be included with the message. When verifying these will be searched for +the signers certificates. The certificates should be in \s-1PEM\s0 format. +.IP "\fB\-certsout file\fR" 4 +.IX Item "-certsout file" +Any certificates contained in the message are written to \fBfile\fR. +.IP "\fB\-signer file\fR" 4 +.IX Item "-signer file" +A signing certificate when signing or resigning a message, this option can be +used multiple times if more than one signer is required. If a message is being +verified then the signers certificates will be written to this file if the +verification was successful. +.IP "\fB\-recip file\fR" 4 +.IX Item "-recip file" +When decrypting a message this specifies the recipients certificate. The +certificate must match one of the recipients of the message or an error +occurs. +.Sp +When encrypting a message this option may be used multiple times to specify +each recipient. This form \fBmust\fR be used if customised parameters are +required (for example to specify RSA-OAEP). +.Sp +Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this +option. +.IP "\fB\-keyid\fR" 4 +.IX Item "-keyid" +Use subject key identifier to identify certificates instead of issuer name and +serial number. The supplied certificate \fBmust\fR include a subject key +identifier extension. Supported by \fB\-sign\fR and \fB\-encrypt\fR options. +.IP "\fB\-receipt_request_all\fR, \fB\-receipt_request_first\fR" 4 +.IX Item "-receipt_request_all, -receipt_request_first" +For \fB\-sign\fR option include a signed receipt request. Indicate requests should +be provided by all recipient or first tier recipients (those mailed directly +and not from a mailing list). Ignored it \fB\-receipt_request_from\fR is included. +.IP "\fB\-receipt_request_from emailaddress\fR" 4 +.IX Item "-receipt_request_from emailaddress" +For \fB\-sign\fR option include a signed receipt request. Add an explicit email +address where receipts should be supplied. +.IP "\fB\-receipt_request_to emailaddress\fR" 4 +.IX Item "-receipt_request_to emailaddress" +Add an explicit email address where signed receipts should be sent to. This +option \fBmust\fR but supplied if a signed receipt it requested. +.IP "\fB\-receipt_request_print\fR" 4 +.IX Item "-receipt_request_print" +For the \fB\-verify\fR operation print out the contents of any signed receipt +requests. +.IP "\fB\-secretkey key\fR" 4 +.IX Item "-secretkey key" +Specify symmetric key to use. The key must be supplied in hex format and be +consistent with the algorithm used. Supported by the \fB\-EncryptedData_encrypt\fR +\&\fB\-EncryptedData_decrypt\fR, \fB\-encrypt\fR and \fB\-decrypt\fR options. When used +with \fB\-encrypt\fR or \fB\-decrypt\fR the supplied key is used to wrap or unwrap the +content encryption key using an \s-1AES\s0 key in the \fBKEKRecipientInfo\fR type. +.IP "\fB\-secretkeyid id\fR" 4 +.IX Item "-secretkeyid id" +The key identifier for the supplied symmetric key for \fBKEKRecipientInfo\fR type. +This option \fBmust\fR be present if the \fB\-secretkey\fR option is used with +\&\fB\-encrypt\fR. With \fB\-decrypt\fR operations the \fBid\fR is used to locate the +relevant key if it is not supplied then an attempt is used to decrypt any +\&\fBKEKRecipientInfo\fR structures. +.IP "\fB\-econtent_type type\fR" 4 +.IX Item "-econtent_type type" +Set the encapsulated content type to \fBtype\fR if not supplied the \fBData\fR type +is used. The \fBtype\fR argument can be any valid \s-1OID\s0 name in either text or +numerical format. +.IP "\fB\-inkey file\fR" 4 +.IX Item "-inkey file" +The private key to use when signing or decrypting. This must match the +corresponding certificate. If this option is not specified then the +private key must be included in the certificate file specified with +the \fB\-recip\fR or \fB\-signer\fR file. When signing this option can be used +multiple times to specify successive keys. +.IP "\fB\-keyopt name:opt\fR" 4 +.IX Item "-keyopt name:opt" +For signing and encryption this option can be used multiple times to +set customised parameters for the preceding key or certificate. It can +currently be used to set RSA-PSS for signing, RSA-OAEP for encryption +or to modify default parameters for \s-1ECDH.\s0 +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The private key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fBcert.pem...\fR" 4 +.IX Item "cert.pem..." +One or more certificates of message recipients: used when encrypting +a message. +.IP "\fB\-to, \-from, \-subject\fR" 4 +.IX Item "-to, -from, -subject" +The relevant mail headers. These are included outside the signed +portion of a message so they may be included manually. If signing +then many S/MIME mail clients check the signers certificate's email +address matches that specified in the From: address. +.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4 +.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict" +Set various certificate chain validation options. See the +\&\fBverify\fR\|(1) manual page for details. +.SH "NOTES" +.IX Header "NOTES" +The \s-1MIME\s0 message must be sent without any blank lines between the +headers and the output. Some mail programs will automatically add +a blank line. Piping the mail directly to sendmail is one way to +achieve the correct format. +.PP +The supplied message to be signed or encrypted must include the +necessary \s-1MIME\s0 headers or many S/MIME clients won't display it +properly (if at all). You can use the \fB\-text\fR option to automatically +add plain text headers. +.PP +A \*(L"signed and encrypted\*(R" message is one where a signed message is +then encrypted. This can be produced by encrypting an already signed +message: see the examples section. +.PP +This version of the program only allows one signer per message but it +will verify multiple signers on received messages. Some S/MIME clients +choke if a message contains multiple signers. It is possible to sign +messages \*(L"in parallel\*(R" by signing an already signed message. +.PP +The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME +clients. Strictly speaking these process \s-1CMS\s0 enveloped data: \s-1CMS\s0 +encrypted data is used for other purposes. +.PP +The \fB\-resign\fR option uses an existing message digest when adding a new +signer. This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail. +.PP +The \fB\-stream\fR and \fB\-indef\fR options enable streaming I/O support. +As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding +and no longer \s-1DER.\s0 Streaming is supported for the \fB\-encrypt\fR operation and the +\&\fB\-sign\fR operation if the content is not detached. +.PP +Streaming is always used for the \fB\-sign\fR operation with detached data but +since the content is no longer part of the \s-1CMS\s0 structure the encoding +remains \s-1DER.\s0 +.PP +If the \fB\-decrypt\fR option is used without a recipient certificate then an +attempt is made to locate the recipient by trying each potential recipient +in turn using the supplied private key. To thwart the \s-1MMA\s0 attack +(Bleichenbacher's attack on \s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are +tried whether they succeed or not and if no recipients match the message +is \*(L"decrypted\*(R" using a random key which will typically output garbage. +The \fB\-debug_decrypt\fR option can be used to disable the \s-1MMA\s0 attack protection +and return an error if no recipient can be found: this option should be used +with caution. For a fuller description see \fBCMS_decrypt\fR\|(3)). +.SH "EXIT CODES" +.IX Header "EXIT CODES" +.IP "0" 4 +The operation was completely successfully. +.IP "1" 4 +.IX Item "1" +An error occurred parsing the command options. +.IP "2" 4 +.IX Item "2" +One of the input files could not be read. +.IP "3" 4 +.IX Item "3" +An error occurred creating the \s-1CMS\s0 file or when reading the \s-1MIME\s0 +message. +.IP "4" 4 +.IX Item "4" +An error occurred decrypting or verifying the message. +.IP "5" 4 +.IX Item "5" +The message was verified correctly but an error occurred writing out +the signers certificates. +.SH "COMPATIBILITY WITH PKCS#7 format." +.IX Header "COMPATIBILITY WITH PKCS#7 format." +The \fBsmime\fR utility can only process the older \fBPKCS#7\fR format. The \fBcms\fR +utility supports Cryptographic Message Syntax format. Use of some features +will result in messages which cannot be processed by applications which only +support the older format. These are detailed below. +.PP +The use of the \fB\-keyid\fR option with \fB\-sign\fR or \fB\-encrypt\fR. +.PP +The \fB\-outform \s-1PEM\s0\fR option uses different headers. +.PP +The \fB\-compress\fR option. +.PP +The \fB\-secretkey\fR option when used with \fB\-encrypt\fR. +.PP +The use of \s-1PSS\s0 with \fB\-sign\fR. +.PP +The use of \s-1OAEP\s0 or non-RSA keys with \fB\-encrypt\fR. +.PP +Additionally the \fB\-EncryptedData_create\fR and \fB\-data_create\fR type cannot +be processed by the older \fBsmime\fR command. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a cleartext signed message: +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem +.Ve +.PP +Create an opaque signed message +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \-nodetach \e +\& \-signer mycert.pem +.Ve +.PP +Create a signed message, include some additional certificates and +read the private key from another file: +.PP +.Vb 2 +\& openssl cms \-sign \-in in.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-inkey mykey.pem \-certfile mycerts.pem +.Ve +.PP +Create a signed message with two signers, use key identifier: +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-signer othercert.pem \-keyid +.Ve +.PP +Send a signed message under Unix directly to sendmail, including headers: +.PP +.Vb 3 +\& openssl cms \-sign \-in in.txt \-text \-signer mycert.pem \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed message" | sendmail someone@somewhere +.Ve +.PP +Verify a message and extract the signer's certificate if successful: +.PP +.Vb 1 +\& openssl cms \-verify \-in mail.msg \-signer user.pem \-out signedtext.txt +.Ve +.PP +Send encrypted mail using triple \s-1DES:\s0 +.PP +.Vb 3 +\& openssl cms \-encrypt \-in in.txt \-from steve@openssl.org \e +\& \-to someone@somewhere \-subject "Encrypted message" \e +\& \-des3 user.pem \-out mail.msg +.Ve +.PP +Sign and encrypt mail: +.PP +.Vb 4 +\& openssl cms \-sign \-in ml.txt \-signer my.pem \-text \e +\& | openssl cms \-encrypt \-out mail.msg \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed and Encrypted message" \-des3 user.pem +.Ve +.PP +Note: the encryption command does not include the \fB\-text\fR option because the +message being encrypted already has \s-1MIME\s0 headers. +.PP +Decrypt mail: +.PP +.Vb 1 +\& openssl cms \-decrypt \-in mail.msg \-recip mycert.pem \-inkey key.pem +.Ve +.PP +The output from Netscape form signing is a PKCS#7 structure with the +detached signature format. You can use this program to verify the +signature by line wrapping the base64 encoded structure and surrounding +it with: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PKCS7\-\-\-\-\- +\& \-\-\-\-\-END PKCS7\-\-\-\-\- +.Ve +.PP +and using the command, +.PP +.Vb 1 +\& openssl cms \-verify \-inform PEM \-in signature.pem \-content content.txt +.Ve +.PP +alternatively you can base64 decode the signature and use +.PP +.Vb 1 +\& openssl cms \-verify \-inform DER \-in signature.der \-content content.txt +.Ve +.PP +Create an encrypted message using 128 bit Camellia: +.PP +.Vb 1 +\& openssl cms \-encrypt \-in plain.txt \-camellia128 \-out mail.msg cert.pem +.Ve +.PP +Add a signer to an existing message: +.PP +.Vb 1 +\& openssl cms \-resign \-in mail.msg \-signer newsign.pem \-out mail2.msg +.Ve +.PP +Sign mail using RSA-PSS: +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-keyopt rsa_padding_mode:pss +.Ve +.PP +Create encrypted mail using RSA-OAEP: +.PP +.Vb 2 +\& openssl cms \-encrypt \-in plain.txt \-out mail.msg \e +\& \-recip cert.pem \-keyopt rsa_padding_mode:oaep +.Ve +.PP +Use \s-1SHA256 KDF\s0 with an \s-1ECDH\s0 certificate: +.PP +.Vb 2 +\& openssl cms \-encrypt \-in plain.txt \-out mail.msg \e +\& \-recip ecdhcert.pem \-keyopt ecdh_kdf_md:sha256 +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've +thrown at it but it may choke on others. +.PP +The code currently will only write out the signer's certificate to a file: if +the signer has a separate encryption certificate this must be manually +extracted. There should be some heuristic that determines the correct +encryption certificate. +.PP +Ideally a database should be maintained of a certificates for each email +address. +.PP +The code doesn't currently take note of the permitted symmetric encryption +algorithms as supplied in the SMIMECapabilities signed attribute. this means the +user has to manually include the correct encryption algorithm. It should store +the list of permitted ciphers in a database and only use those. +.PP +No revocation checking is done on the signer's certificate. +.SH "HISTORY" +.IX Header "HISTORY" +The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first +added in OpenSSL 1.0.0. +.PP +The \fBkeyopt\fR option was added in OpenSSL 1.0.2. +.PP +Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2. +.PP +The use of non-RSA keys with \fB\-encrypt\fR and \fB\-decrypt\fR +was added in OpenSSL 1.0.2. +.PP +The \-no_alt_chains option was added in OpenSSL 1.0.2b. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/crl.1 b/deps/openssl/mingw64/share/man/man1/crl.1 new file mode 100644 index 00000000..ec15114a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/crl.1 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRL 1" +.TH CRL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-crl, crl \- CRL utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBcrl\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-text\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-nameopt option\fR] +[\fB\-noout\fR] +[\fB\-hash\fR] +[\fB\-issuer\fR] +[\fB\-lastupdate\fR] +[\fB\-nextupdate\fR] +[\fB\-CAfile file\fR] +[\fB\-CApath dir\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBcrl\fR command processes \s-1CRL\s0 files in \s-1DER\s0 or \s-1PEM\s0 format. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1CRL\s0 +structure. \fB\s-1PEM\s0\fR (the default) is a base64 encoded version of +the \s-1DER\s0 form with header and footer lines. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read from or standard input if this +option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Print out the \s-1CRL\s0 in text form. +.IP "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +Option which determines how the subject or issuer names are displayed. See +the description of \fB\-nameopt\fR in \fBx509\fR\|(1). +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the encoded version of the \s-1CRL.\s0 +.IP "\fB\-hash\fR" 4 +.IX Item "-hash" +Output a hash of the issuer name. This can be use to lookup CRLs in +a directory by issuer name. +.IP "\fB\-hash_old\fR" 4 +.IX Item "-hash_old" +Outputs the \*(L"hash\*(R" of the \s-1CRL\s0 issuer name using the older algorithm +as used by OpenSSL before version 1.0.0. +.IP "\fB\-issuer\fR" 4 +.IX Item "-issuer" +Output the issuer name. +.IP "\fB\-lastupdate\fR" 4 +.IX Item "-lastupdate" +Output the lastUpdate field. +.IP "\fB\-nextupdate\fR" 4 +.IX Item "-nextupdate" +Output the nextUpdate field. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +Verify the signature on a \s-1CRL\s0 by looking up the issuing certificate in +\&\fBfile\fR. +.IP "\fB\-CApath dir\fR" 4 +.IX Item "-CApath dir" +Verify the signature on a \s-1CRL\s0 by looking up the issuing certificate in +\&\fBdir\fR. This directory must be a standard certificate directory: that +is a hash of each subject name (using \fBx509 \-hash\fR) should be linked +to each certificate. +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM CRL\s0 format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN X509 CRL\-\-\-\-\- +\& \-\-\-\-\-END X509 CRL\-\-\-\-\- +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Convert a \s-1CRL\s0 file from \s-1PEM\s0 to \s-1DER:\s0 +.PP +.Vb 1 +\& openssl crl \-in crl.pem \-outform DER \-out crl.der +.Ve +.PP +Output the text form of a \s-1DER\s0 encoded certificate: +.PP +.Vb 1 +\& openssl crl \-in crl.der \-inform DER \-text \-noout +.Ve +.SH "BUGS" +.IX Header "BUGS" +Ideally it should be possible to create a \s-1CRL\s0 using appropriate options +and files too. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrl2pkcs7\fR\|(1), \fBca\fR\|(1), \fBx509\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/crl2pkcs7.1 b/deps/openssl/mingw64/share/man/man1/crl2pkcs7.1 new file mode 100644 index 00000000..67214af2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/crl2pkcs7.1 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRL2PKCS7 1" +.TH CRL2PKCS7 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-crl2pkcs7, crl2pkcs7 \- Create a PKCS#7 structure from a CRL and certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBcrl2pkcs7\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-certfile filename\fR] +[\fB\-nocrl\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBcrl2pkcs7\fR command takes an optional \s-1CRL\s0 and one or more +certificates and converts them into a PKCS#7 degenerate \*(L"certificates +only\*(R" structure. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the \s-1CRL\s0 input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1CRL\s0 +structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of +the \s-1DER\s0 form with header and footer lines. The default format is \s-1PEM.\s0 +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the PKCS#7 structure output format. \fB\s-1DER\s0\fR format is \s-1DER\s0 +encoded PKCS#7 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of +the \s-1DER\s0 form with header and footer lines. The default format is \s-1PEM.\s0 +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a \s-1CRL\s0 from or standard input if this +option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write the PKCS#7 structure to or standard +output by default. +.IP "\fB\-certfile filename\fR" 4 +.IX Item "-certfile filename" +Specifies a filename containing one or more certificates in \fB\s-1PEM\s0\fR format. +All certificates in the file will be added to the PKCS#7 structure. This +option can be used more than once to read certificates form multiple +files. +.IP "\fB\-nocrl\fR" 4 +.IX Item "-nocrl" +Normally a \s-1CRL\s0 is included in the output file. With this option no \s-1CRL\s0 is +included in the output file and a \s-1CRL\s0 is not read from the input file. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a PKCS#7 structure from a certificate and \s-1CRL:\s0 +.PP +.Vb 1 +\& openssl crl2pkcs7 \-in crl.pem \-certfile cert.pem \-out p7.pem +.Ve +.PP +Creates a PKCS#7 structure in \s-1DER\s0 format with no \s-1CRL\s0 from several +different certificates: +.PP +.Vb 2 +\& openssl crl2pkcs7 \-nocrl \-certfile newcert.pem +\& \-certfile demoCA/cacert.pem \-outform DER \-out p7.der +.Ve +.SH "NOTES" +.IX Header "NOTES" +The output file is a PKCS#7 signed data structure containing no signers and +just certificates and an optional \s-1CRL.\s0 +.PP +This utility can be used to send certificates and CAs to Netscape as part of +the certificate enrollment process. This involves sending the \s-1DER\s0 encoded output +as \s-1MIME\s0 type application/x\-x509\-user\-cert. +.PP +The \fB\s-1PEM\s0\fR encoded form with the header and footer lines removed can be used to +install user certificates and CAs in \s-1MSIE\s0 using the Xenroll control. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBpkcs7\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/dgst.1 b/deps/openssl/mingw64/share/man/man1/dgst.1 new file mode 100644 index 00000000..5899e161 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/dgst.1 @@ -0,0 +1,347 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DGST 1" +.TH DGST 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dgst, dgst \- perform digest operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl dgst\fR +[\fB\-\f(BIdigest\fB\fR] +[\fB\-help\fR] +[\fB\-c\fR] +[\fB\-d\fR] +[\fB\-list\fR] +[\fB\-hex\fR] +[\fB\-binary\fR] +[\fB\-r\fR] +[\fB\-out filename\fR] +[\fB\-sign filename\fR] +[\fB\-keyform arg\fR] +[\fB\-passin arg\fR] +[\fB\-verify filename\fR] +[\fB\-prverify filename\fR] +[\fB\-signature filename\fR] +[\fB\-sigopt nm:v\fR] +[\fB\-hmac key\fR] +[\fB\-fips\-fingerprint\fR] +[\fB\-rand file...\fR] +[\fB\-engine id\fR] +[\fB\-engine_impl\fR] +[\fBfile...\fR] +.PP +\&\fBopenssl\fR \fIdigest\fR [\fB...\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The digest functions output the message digest of a supplied file or files +in hexadecimal. The digest functions also generate and verify digital +signatures using message digests. +.PP +The generic name, \fBdgst\fR, may be used with an option specifying the +algorithm to be used. +The default digest is \fIsha256\fR. +A supported \fIdigest\fR name may also be used as the command name. +To see the list of supported algorithms, use the \fIlist \-\-digest\-commands\fR +command. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +Specifies name of a supported digest to be used. To see the list of +supported digests, use the command \fIlist \-\-digest\-commands\fR. +.IP "\fB\-c\fR" 4 +.IX Item "-c" +Print out the digest in two digit groups separated by colons, only relevant if +\&\fBhex\fR format output is used. +.IP "\fB\-d\fR" 4 +.IX Item "-d" +Print out \s-1BIO\s0 debugging information. +.IP "\fB\-list\fR" 4 +.IX Item "-list" +Prints out a list of supported message digests. +.IP "\fB\-hex\fR" 4 +.IX Item "-hex" +Digest is to be output as a hex dump. This is the default case for a \*(L"normal\*(R" +digest as opposed to a digital signature. See \s-1NOTES\s0 below for digital +signatures using \fB\-hex\fR. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Output the digest or signature in binary form. +.IP "\fB\-r\fR" 4 +.IX Item "-r" +Output the digest in the \*(L"coreutils\*(R" format, including newlines. +Used by programs like \fBsha1sum\fR. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Filename to output to, or standard output by default. +.IP "\fB\-sign filename\fR" 4 +.IX Item "-sign filename" +Digitally sign the digest using the private key in \*(L"filename\*(R". Note this option +does not support Ed25519 or Ed448 private keys. Use the \fBpkeyutl\fR command +instead for this. +.IP "\fB\-keyform arg\fR" 4 +.IX Item "-keyform arg" +Specifies the key format to sign digest with. The \s-1DER, PEM, P12,\s0 +and \s-1ENGINE\s0 formats are supported. +.IP "\fB\-sigopt nm:v\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The private key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-verify filename\fR" 4 +.IX Item "-verify filename" +Verify the signature using the public key in \*(L"filename\*(R". +The output is either \*(L"Verification \s-1OK\*(R"\s0 or \*(L"Verification Failure\*(R". +.IP "\fB\-prverify filename\fR" 4 +.IX Item "-prverify filename" +Verify the signature using the private key in \*(L"filename\*(R". +.IP "\fB\-signature filename\fR" 4 +.IX Item "-signature filename" +The actual signature to verify. +.IP "\fB\-hmac key\fR" 4 +.IX Item "-hmac key" +Create a hashed \s-1MAC\s0 using \*(L"key\*(R". +.IP "\fB\-mac alg\fR" 4 +.IX Item "-mac alg" +Create \s-1MAC\s0 (keyed Message Authentication Code). The most popular \s-1MAC\s0 +algorithm is \s-1HMAC\s0 (hash-based \s-1MAC\s0), but there are other \s-1MAC\s0 algorithms +which are not based on hash, for instance \fBgost-mac\fR algorithm, +supported by \fBccgost\fR engine. \s-1MAC\s0 keys and other options should be set +via \fB\-macopt\fR parameter. +.IP "\fB\-macopt nm:v\fR" 4 +.IX Item "-macopt nm:v" +Passes options to \s-1MAC\s0 algorithm, specified by \fB\-mac\fR key. +Following options are supported by both by \fB\s-1HMAC\s0\fR and \fBgost-mac\fR: +.RS 4 +.IP "\fBkey:string\fR" 4 +.IX Item "key:string" +Specifies \s-1MAC\s0 key as alphanumeric string (use if key contain printable +characters only). String length must conform to any restrictions of +the \s-1MAC\s0 algorithm for example exactly 32 chars for gost-mac. +.IP "\fBhexkey:string\fR" 4 +.IX Item "hexkey:string" +Specifies \s-1MAC\s0 key in hexadecimal form (two hex digits per byte). +Key length must conform to any restrictions of the \s-1MAC\s0 algorithm +for example exactly 32 chars for gost-mac. +.RE +.RS 4 +.RE +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-fips\-fingerprint\fR" 4 +.IX Item "-fips-fingerprint" +Compute \s-1HMAC\s0 using a specific key for certain OpenSSL-FIPS operations. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Use engine \fBid\fR for operations (including private key storage). +This engine is not used as source for digest algorithms, unless it is +also specified in the configuration file or \fB\-engine_impl\fR is also +specified. +.IP "\fB\-engine_impl\fR" 4 +.IX Item "-engine_impl" +When used with the \fB\-engine\fR option, it specifies to also use +engine \fBid\fR for digest operations. +.IP "\fBfile...\fR" 4 +.IX Item "file..." +File or files to digest. If no files are specified then standard input is +used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To create a hex-encoded message digest of a file: + openssl dgst \-md5 \-hex file.txt +.PP +To sign a file using \s-1SHA\-256\s0 with binary file output: + openssl dgst \-sha256 \-sign privatekey.pem \-out signature.sign file.txt +.PP +To verify a signature: + openssl dgst \-sha256 \-verify publickey.pem \e + \-signature signature.sign \e + file.txt +.SH "NOTES" +.IX Header "NOTES" +The digest mechanisms that are available will depend on the options +used when building OpenSSL. +The \fBlist digest-commands\fR command can be used to list them. +.PP +New or agile applications should use probably use \s-1SHA\-256.\s0 Other digests, +particularly \s-1SHA\-1\s0 and \s-1MD5,\s0 are still widely used for interoperating +with existing formats and protocols. +.PP +When signing a file, \fBdgst\fR will automatically determine the algorithm +(\s-1RSA, ECC,\s0 etc) to use for signing based on the private key's \s-1ASN.1\s0 info. +When verifying signatures, it only handles the \s-1RSA, DSA,\s0 or \s-1ECDSA\s0 signature +itself, not the related data to identify the signer and algorithm used in +formats such as x.509, \s-1CMS,\s0 and S/MIME. +.PP +A source of random numbers is required for certain signing algorithms, in +particular \s-1ECDSA\s0 and \s-1DSA.\s0 +.PP +The signing and verify options should only be used if a single file is +being signed or verified. +.PP +Hex signatures cannot be verified using \fBopenssl\fR. Instead, use \*(L"xxd \-r\*(R" +or similar program to transform the hex signature into a binary signature +prior to verification. +.SH "HISTORY" +.IX Header "HISTORY" +The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0. +The FIPS-related options were removed in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/dhparam.1 b/deps/openssl/mingw64/share/man/man1/dhparam.1 new file mode 100644 index 00000000..8c7053bd --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/dhparam.1 @@ -0,0 +1,276 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DHPARAM 1" +.TH DHPARAM 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dhparam, dhparam \- DH parameter manipulation and generation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl dhparam\fR +[\fB\-help\fR] +[\fB\-inform DER|PEM\fR] +[\fB\-outform DER|PEM\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-dsaparam\fR] +[\fB\-check\fR] +[\fB\-noout\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-2\fR] +[\fB\-5\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-engine id\fR] +[\fInumbits\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to manipulate \s-1DH\s0 parameter files. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded +form compatible with the PKCS#3 DHparameter structure. The \s-1PEM\s0 form is the +default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with +additional header and footer lines. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should \fBnot\fR be the same +as the input filename. +.IP "\fB\-dsaparam\fR" 4 +.IX Item "-dsaparam" +If this option is used, \s-1DSA\s0 rather than \s-1DH\s0 parameters are read or created; +they are converted to \s-1DH\s0 format. Otherwise, \*(L"strong\*(R" primes (such +that (p\-1)/2 is also prime) will be used for \s-1DH\s0 parameter generation. +.Sp +\&\s-1DH\s0 parameter generation with the \fB\-dsaparam\fR option is much faster, +and the recommended exponent length is shorter, which makes \s-1DH\s0 key +exchange more efficient. Beware that with such DSA-style \s-1DH\s0 +parameters, a fresh \s-1DH\s0 key should be created for each use to +avoid small-subgroup attacks that may be possible otherwise. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +Performs numerous checks to see if the supplied parameters are valid and +displays a warning if not. +.IP "\fB\-2\fR, \fB\-5\fR" 4 +.IX Item "-2, -5" +The generator to use, either 2 or 5. If present then the +input file is ignored and parameters are generated instead. If not +present but \fBnumbits\fR is present, parameters are generated with the +default generator 2. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fInumbits\fR" 4 +.IX Item "numbits" +This option specifies that a parameter set should be generated of size +\&\fInumbits\fR. It must be the last option. If this option is present then +the input file is ignored and parameters are generated instead. If +this option is not present but a generator (\fB\-2\fR or \fB\-5\fR) is +present, parameters are generated with a default length of 2048 bits. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits the output of the encoded version of the parameters. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option prints out the \s-1DH\s0 parameters in human readable form. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This option converts the parameters into C code. The parameters can then +be loaded by calling the \fBget_dhNNNN()\fR function. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBdhparam\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "WARNINGS" +.IX Header "WARNINGS" +The program \fBdhparam\fR combines the functionality of the programs \fBdh\fR and +\&\fBgendh\fR in previous versions of OpenSSL. The \fBdh\fR and \fBgendh\fR +programs are retained for now but may have different purposes in future +versions of OpenSSL. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1PEM\s0 format \s-1DH\s0 parameters use the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN DH PARAMETERS\-\-\-\-\- +\& \-\-\-\-\-END DH PARAMETERS\-\-\-\-\- +.Ve +.PP +OpenSSL currently only supports the older PKCS#3 \s-1DH,\s0 not the newer X9.42 +\&\s-1DH.\s0 +.PP +This program manipulates \s-1DH\s0 parameters not keys. +.SH "BUGS" +.IX Header "BUGS" +There should be a way to generate and manipulate \s-1DH\s0 keys. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBdsaparam\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/dsa.1 b/deps/openssl/mingw64/share/man/man1/dsa.1 new file mode 100644 index 00000000..abb85c6b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/dsa.1 @@ -0,0 +1,306 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA 1" +.TH DSA 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dsa, dsa \- DSA key processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBdsa\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-modulus\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBdsa\fR command processes \s-1DSA\s0 keys. They can be converted between various +forms and their components printed out. \fBNote\fR This command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the \fBpkcs8\fR +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses +an \s-1ASN1 DER\s0 encoded form of an \s-1ASN.1 SEQUENCE\s0 consisting of the values of +version (currently zero), p, q, g, the public and private key components +respectively as \s-1ASN.1\s0 INTEGERs. When used with a public key it uses a +SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA.\s0 +.Sp +The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 +encoded with additional header and footer lines. In the case of a private key +PKCS#8 format is also accepted. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +The output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that using the \fBdsa\fR utility to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with \s-1PEM\s0 format output files. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the public, private key components and parameters. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the key. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the public key component of the key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default, a private key is read from the input file. With this option a +public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default, a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBdsa\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 private key format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN DSA PRIVATE KEY\-\-\-\-\- +\& \-\-\-\-\-END DSA PRIVATE KEY\-\-\-\-\- +.Ve +.PP +The \s-1PEM\s0 public key format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\- +\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\- +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To remove the pass phrase on a \s-1DSA\s0 private key: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-out keyout.pem +.Ve +.PP +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-text \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-pubout \-out pubkey.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBdsaparam\fR\|(1), \fBgendsa\fR\|(1), \fBrsa\fR\|(1), +\&\fBgenrsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/dsaparam.1 b/deps/openssl/mingw64/share/man/man1/dsaparam.1 new file mode 100644 index 00000000..ac6dd7b8 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/dsaparam.1 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSAPARAM 1" +.TH DSAPARAM 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dsaparam, dsaparam \- DSA parameter manipulation and generation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl dsaparam\fR +[\fB\-help\fR] +[\fB\-inform DER|PEM\fR] +[\fB\-outform DER|PEM\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-noout\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-genkey\fR] +[\fB\-engine id\fR] +[\fBnumbits\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to manipulate or generate \s-1DSA\s0 parameter files. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded +form compatible with \s-1RFC2459\s0 (\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting +of p, q and g respectively. The \s-1PEM\s0 form is the default format: it consists +of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. If the \fBnumbits\fR parameter is included then +this option will be ignored. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should \fBnot\fR be the same +as the input filename. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits the output of the encoded version of the parameters. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option prints out the \s-1DSA\s0 parameters in human readable form. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This option converts the parameters into C code. The parameters can then +be loaded by calling the \fBget_dsaXXX()\fR function. +.IP "\fB\-genkey\fR" 4 +.IX Item "-genkey" +This option will generate a \s-1DSA\s0 either using the specified or generated +parameters. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fBnumbits\fR" 4 +.IX Item "numbits" +This option specifies that a parameter set should be generated of size +\&\fBnumbits\fR. It must be the last option. If this option is included then +the input file (if any) is ignored. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBdsaparam\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1PEM\s0 format \s-1DSA\s0 parameters use the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN DSA PARAMETERS\-\-\-\-\- +\& \-\-\-\-\-END DSA PARAMETERS\-\-\-\-\- +.Ve +.PP +\&\s-1DSA\s0 parameter generation is a slow process and as a result the same set of +\&\s-1DSA\s0 parameters is often used to generate several distinct keys. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBgendsa\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBrsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/ec.1 b/deps/openssl/mingw64/share/man/man1/ec.1 new file mode 100644 index 00000000..84cfa7c2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/ec.1 @@ -0,0 +1,326 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC 1" +.TH EC 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ec, ec \- EC key processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBec\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-param_out\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-conv_form arg\fR] +[\fB\-param_enc arg\fR] +[\fB\-no_public\fR] +[\fB\-check\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBec\fR command processes \s-1EC\s0 keys. They can be converted between various +forms and their components printed out. \fBNote\fR OpenSSL uses the +private key format specified in '\s-1SEC 1:\s0 Elliptic Curve Cryptography' +(http://www.secg.org/). To convert an OpenSSL \s-1EC\s0 private key into the +PKCS#8 private key format use the \fBpkcs8\fR command. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses +an \s-1ASN.1 DER\s0 encoded \s-1SEC1\s0 private key. When used with a public key it +uses the SubjectPublicKeyInfo structure as specified in \s-1RFC 3280.\s0 +The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 +encoded with additional header and footer lines. In the case of a private key +PKCS#8 format is also accepted. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +The output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-des|\-des3|\-idea\fR" 4 +.IX Item "-des|-des3|-idea" +These options encrypt the private key with the \s-1DES,\s0 triple \s-1DES, IDEA\s0 or +any other cipher supported by OpenSSL before outputting it. A pass phrase is +prompted for. +If none of these options is specified the key is written in plain text. This +means that using the \fBec\fR utility to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with \s-1PEM\s0 format output files. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the public, private key components and parameters. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default, a private key is read from the input file. With this option a +public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key. +.IP "\fB\-conv_form\fR" 4 +.IX Item "-conv_form" +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: \fBcompressed\fR (the default +value), \fBuncompressed\fR and \fBhybrid\fR. For more information regarding +the point conversion forms please read the X9.62 standard. +\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time. +.IP "\fB\-param_enc arg\fR" 4 +.IX Item "-param_enc arg" +This specifies how the elliptic curve parameters are encoded. +Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are +specified by an \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are +explicitly given (see \s-1RFC 3279\s0 for the definition of the +\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. +\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in \s-1RFC 3279,\s0 +is currently not implemented in OpenSSL. +.IP "\fB\-no_public\fR" 4 +.IX Item "-no_public" +This option omits the public key components from the private key output. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the consistency of an \s-1EC\s0 private or public key. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBec\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 private key format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN EC PRIVATE KEY\-\-\-\-\- +\& \-\-\-\-\-END EC PRIVATE KEY\-\-\-\-\- +.Ve +.PP +The \s-1PEM\s0 public key format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\- +\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\- +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl ec \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-text \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-pubout \-out pubkey.pem +.Ve +.PP +To change the parameters encoding to \fBexplicit\fR: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-param_enc explicit \-out keyout.pem +.Ve +.PP +To change the point conversion form to \fBcompressed\fR: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-conv_form compressed \-out keyout.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBecparam\fR\|(1), \fBdsa\fR\|(1), \fBrsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/ecparam.1 b/deps/openssl/mingw64/share/man/man1/ecparam.1 new file mode 100644 index 00000000..16376947 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/ecparam.1 @@ -0,0 +1,312 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ECPARAM 1" +.TH ECPARAM 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ecparam, ecparam \- EC parameter manipulation and generation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl ecparam\fR +[\fB\-help\fR] +[\fB\-inform DER|PEM\fR] +[\fB\-outform DER|PEM\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-noout\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-check\fR] +[\fB\-name arg\fR] +[\fB\-list_curves\fR] +[\fB\-conv_form arg\fR] +[\fB\-param_enc arg\fR] +[\fB\-no_seed\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-genkey\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to manipulate or generate \s-1EC\s0 parameter files. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN.1 DER\s0 encoded +form compatible with \s-1RFC 3279\s0 EcpkParameters. The \s-1PEM\s0 form is the default +format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional +header and footer lines. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should \fBnot\fR be the same +as the input filename. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits the output of the encoded version of the parameters. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option prints out the \s-1EC\s0 parameters in human readable form. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This option converts the \s-1EC\s0 parameters into C code. The parameters can then +be loaded by calling the \fBget_ec_group_XXX()\fR function. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +Validate the elliptic curve parameters. +.IP "\fB\-name arg\fR" 4 +.IX Item "-name arg" +Use the \s-1EC\s0 parameters with the specified 'short' name. Use \fB\-list_curves\fR +to get a list of all currently implemented \s-1EC\s0 parameters. +.IP "\fB\-list_curves\fR" 4 +.IX Item "-list_curves" +If this options is specified \fBecparam\fR will print out a list of all +currently implemented \s-1EC\s0 parameters names and exit. +.IP "\fB\-conv_form\fR" 4 +.IX Item "-conv_form" +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: \fBcompressed\fR, \fBuncompressed\fR (the +default value) and \fBhybrid\fR. For more information regarding +the point conversion forms please read the X9.62 standard. +\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time. +.IP "\fB\-param_enc arg\fR" 4 +.IX Item "-param_enc arg" +This specifies how the elliptic curve parameters are encoded. +Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are +specified by an \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are +explicitly given (see \s-1RFC 3279\s0 for the definition of the +\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. +\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in \s-1RFC 3279,\s0 +is currently not implemented in OpenSSL. +.IP "\fB\-no_seed\fR" 4 +.IX Item "-no_seed" +This option inhibits that the 'seed' for the parameter generation +is included in the ECParameters structure (see \s-1RFC 3279\s0). +.IP "\fB\-genkey\fR" 4 +.IX Item "-genkey" +This option will generate an \s-1EC\s0 private key using the specified parameters. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBecparam\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1PEM\s0 format \s-1EC\s0 parameters use the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN EC PARAMETERS\-\-\-\-\- +\& \-\-\-\-\-END EC PARAMETERS\-\-\-\-\- +.Ve +.PP +OpenSSL is currently not able to generate new groups and therefore +\&\fBecparam\fR can only create \s-1EC\s0 parameters from known (named) curves. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To create \s-1EC\s0 parameters with the group 'prime192v1': +.PP +.Vb 1 +\& openssl ecparam \-out ec_param.pem \-name prime192v1 +.Ve +.PP +To create \s-1EC\s0 parameters with explicit parameters: +.PP +.Vb 1 +\& openssl ecparam \-out ec_param.pem \-name prime192v1 \-param_enc explicit +.Ve +.PP +To validate given \s-1EC\s0 parameters: +.PP +.Vb 1 +\& openssl ecparam \-in ec_param.pem \-check +.Ve +.PP +To create \s-1EC\s0 parameters and a private key: +.PP +.Vb 1 +\& openssl ecparam \-out ec_key.pem \-name prime192v1 \-genkey +.Ve +.PP +To change the point encoding to 'compressed': +.PP +.Vb 1 +\& openssl ecparam \-in ec_in.pem \-out ec_out.pem \-conv_form compressed +.Ve +.PP +To print out the \s-1EC\s0 parameters to standard output: +.PP +.Vb 1 +\& openssl ecparam \-in ec_param.pem \-noout \-text +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBec\fR\|(1), \fBdsaparam\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/enc.1 b/deps/openssl/mingw64/share/man/man1/enc.1 new file mode 100644 index 00000000..84c53541 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/enc.1 @@ -0,0 +1,543 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ENC 1" +.TH ENC 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-enc, enc \- symmetric cipher routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl enc \-\f(BIcipher\fB\fR +[\fB\-help\fR] +[\fB\-list\fR] +[\fB\-ciphers\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-pass arg\fR] +[\fB\-e\fR] +[\fB\-d\fR] +[\fB\-a\fR] +[\fB\-base64\fR] +[\fB\-A\fR] +[\fB\-k password\fR] +[\fB\-kfile filename\fR] +[\fB\-K key\fR] +[\fB\-iv \s-1IV\s0\fR] +[\fB\-S salt\fR] +[\fB\-salt\fR] +[\fB\-nosalt\fR] +[\fB\-z\fR] +[\fB\-md digest\fR] +[\fB\-iter count\fR] +[\fB\-pbkdf2\fR] +[\fB\-p\fR] +[\fB\-P\fR] +[\fB\-bufsize number\fR] +[\fB\-nopad\fR] +[\fB\-debug\fR] +[\fB\-none\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-engine id\fR] +.PP +\&\fBopenssl\fR \fI[cipher]\fR [\fB...\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The symmetric cipher commands allow data to be encrypted or decrypted +using various block and stream ciphers using keys based on passwords +or explicitly provided. Base64 encoding or decoding can also be performed +either by itself or in addition to the encryption or decryption. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-list\fR" 4 +.IX Item "-list" +List all supported ciphers. +.IP "\fB\-ciphers\fR" 4 +.IX Item "-ciphers" +Alias of \-list to display all supported ciphers. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +The input filename, standard input by default. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +The output filename, standard output by default. +.IP "\fB\-pass arg\fR" 4 +.IX Item "-pass arg" +The password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-e\fR" 4 +.IX Item "-e" +Encrypt the input data: this is the default. +.IP "\fB\-d\fR" 4 +.IX Item "-d" +Decrypt the input data. +.IP "\fB\-a\fR" 4 +.IX Item "-a" +Base64 process the data. This means that if encryption is taking place +the data is base64 encoded after encryption. If decryption is set then +the input data is base64 decoded before being decrypted. +.IP "\fB\-base64\fR" 4 +.IX Item "-base64" +Same as \fB\-a\fR +.IP "\fB\-A\fR" 4 +.IX Item "-A" +If the \fB\-a\fR option is set then base64 process the data on one line. +.IP "\fB\-k password\fR" 4 +.IX Item "-k password" +The password to derive the key from. This is for compatibility with previous +versions of OpenSSL. Superseded by the \fB\-pass\fR argument. +.IP "\fB\-kfile filename\fR" 4 +.IX Item "-kfile filename" +Read the password to derive the key from the first line of \fBfilename\fR. +This is for compatibility with previous versions of OpenSSL. Superseded by +the \fB\-pass\fR argument. +.IP "\fB\-md digest\fR" 4 +.IX Item "-md digest" +Use the specified digest to create the key from the passphrase. +The default algorithm is sha\-256. +.IP "\fB\-iter count\fR" 4 +.IX Item "-iter count" +Use a given number of iterations on the password in deriving the encryption key. +High values increase the time required to brute-force the resulting file. +This option enables the use of \s-1PBKDF2\s0 algorithm to derive the key. +.IP "\fB\-pbkdf2\fR" 4 +.IX Item "-pbkdf2" +Use \s-1PBKDF2\s0 algorithm with default iteration count unless otherwise specified. +.IP "\fB\-nosalt\fR" 4 +.IX Item "-nosalt" +Don't use a salt in the key derivation routines. This option \fB\s-1SHOULD NOT\s0\fR be +used except for test purposes or compatibility with ancient versions of +OpenSSL. +.IP "\fB\-salt\fR" 4 +.IX Item "-salt" +Use salt (randomly generated or provide with \fB\-S\fR option) when +encrypting, this is the default. +.IP "\fB\-S salt\fR" 4 +.IX Item "-S salt" +The actual salt to use: this must be represented as a string of hex digits. +.IP "\fB\-K key\fR" 4 +.IX Item "-K key" +The actual key to use: this must be represented as a string comprised only +of hex digits. If only the key is specified, the \s-1IV\s0 must additionally specified +using the \fB\-iv\fR option. When both a key and a password are specified, the +key given with the \fB\-K\fR option will be used and the \s-1IV\s0 generated from the +password will be taken. It does not make much sense to specify both key +and password. +.IP "\fB\-iv \s-1IV\s0\fR" 4 +.IX Item "-iv IV" +The actual \s-1IV\s0 to use: this must be represented as a string comprised only +of hex digits. When only the key is specified using the \fB\-K\fR option, the +\&\s-1IV\s0 must explicitly be defined. When a password is being specified using +one of the other options, the \s-1IV\s0 is generated from this password. +.IP "\fB\-p\fR" 4 +.IX Item "-p" +Print out the key and \s-1IV\s0 used. +.IP "\fB\-P\fR" 4 +.IX Item "-P" +Print out the key and \s-1IV\s0 used then immediately exit: don't do any encryption +or decryption. +.IP "\fB\-bufsize number\fR" 4 +.IX Item "-bufsize number" +Set the buffer size for I/O. +.IP "\fB\-nopad\fR" 4 +.IX Item "-nopad" +Disable standard block padding. +.IP "\fB\-debug\fR" 4 +.IX Item "-debug" +Debug the BIOs used for I/O. +.IP "\fB\-z\fR" 4 +.IX Item "-z" +Compress or decompress clear text using zlib before encryption or after +decryption. This option exists only if OpenSSL with compiled with zlib +or zlib-dynamic option. +.IP "\fB\-none\fR" 4 +.IX Item "-none" +Use \s-1NULL\s0 cipher (no encryption or decryption of input). +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.SH "NOTES" +.IX Header "NOTES" +The program can be called either as \fBopenssl cipher\fR or +\&\fBopenssl enc \-cipher\fR. The first form doesn't work with +engine-provided ciphers, because this form is processed before the +configuration file is read and any ENGINEs loaded. +Use the \fBlist\fR command to get a list of supported ciphers. +.PP +Engines which provide entirely new encryption algorithms (such as the ccgost +engine which provides gost89 algorithm) should be configured in the +configuration file. Engines specified on the command line using \-engine +options can only be used for hardware-assisted implementations of +ciphers which are supported by the OpenSSL core or another engine specified +in the configuration file. +.PP +When the enc command lists supported ciphers, ciphers provided by engines, +specified in the configuration files are listed too. +.PP +A password will be prompted for to derive the key and \s-1IV\s0 if necessary. +.PP +The \fB\-salt\fR option should \fB\s-1ALWAYS\s0\fR be used if the key is being derived +from a password unless you want compatibility with previous versions of +OpenSSL. +.PP +Without the \fB\-salt\fR option it is possible to perform efficient dictionary +attacks on the password and to attack stream cipher encrypted data. The reason +for this is that without the salt the same password always generates the same +encryption key. When the salt is being used the first eight bytes of the +encrypted data are reserved for the salt: it is generated at random when +encrypting a file and read from the encrypted file when it is decrypted. +.PP +Some of the ciphers do not have large keys and others have security +implications if not used correctly. A beginner is advised to just use +a strong block cipher, such as \s-1AES,\s0 in \s-1CBC\s0 mode. +.PP +All the block ciphers normally use PKCS#5 padding, also known as standard +block padding. This allows a rudimentary integrity or password check to +be performed. However since the chance of random data passing the test +is better than 1 in 256 it isn't a very good test. +.PP +If padding is disabled then the input data must be a multiple of the cipher +block length. +.PP +All \s-1RC2\s0 ciphers have the same key and effective key length. +.PP +Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. +.SH "SUPPORTED CIPHERS" +.IX Header "SUPPORTED CIPHERS" +Note that some of these ciphers can be disabled at compile time +and some are available only if an appropriate engine is configured +in the configuration file. The output of the \fBenc\fR command run with +the \fB\-ciphers\fR option (that is \fBopenssl enc \-ciphers\fR) produces a +list of ciphers, supported by your version of OpenSSL, including +ones provided by configured engines. +.PP +The \fBenc\fR program does not support authenticated encryption modes +like \s-1CCM\s0 and \s-1GCM,\s0 and will not support such modes in the future. +The \fBenc\fR interface by necessity must begin streaming output (e.g., +to standard output when \fB\-out\fR is not used) before the authentication +tag could be validated, leading to the usage of \fBenc\fR in pipelines +that begin processing untrusted data and are not capable of rolling +back upon authentication failure. The \s-1AEAD\s0 modes currently in common +use also suffer from catastrophic failure of confidentiality and/or +integrity upon reuse of key/iv/nonce, and since \fBenc\fR places the +entire burden of key/iv/nonce management upon the user, the risk of +exposing \s-1AEAD\s0 modes is too great to allow. These key/iv/nonce +management issues also affect other modes currently exposed in \fBenc\fR, +but the failure modes are less extreme in these cases, and the +functionality cannot be removed with a stable release branch. +For bulk encryption of data, whether using authenticated encryption +modes or other modes, \fBcms\fR\|(1) is recommended, as it provides a +standard data format and performs the needed key/iv/nonce management. +.PP +.Vb 1 +\& base64 Base 64 +\& +\& bf\-cbc Blowfish in CBC mode +\& bf Alias for bf\-cbc +\& blowfish Alias for bf\-cbc +\& bf\-cfb Blowfish in CFB mode +\& bf\-ecb Blowfish in ECB mode +\& bf\-ofb Blowfish in OFB mode +\& +\& cast\-cbc CAST in CBC mode +\& cast Alias for cast\-cbc +\& cast5\-cbc CAST5 in CBC mode +\& cast5\-cfb CAST5 in CFB mode +\& cast5\-ecb CAST5 in ECB mode +\& cast5\-ofb CAST5 in OFB mode +\& +\& chacha20 ChaCha20 algorithm +\& +\& des\-cbc DES in CBC mode +\& des Alias for des\-cbc +\& des\-cfb DES in CFB mode +\& des\-ofb DES in OFB mode +\& des\-ecb DES in ECB mode +\& +\& des\-ede\-cbc Two key triple DES EDE in CBC mode +\& des\-ede Two key triple DES EDE in ECB mode +\& des\-ede\-cfb Two key triple DES EDE in CFB mode +\& des\-ede\-ofb Two key triple DES EDE in OFB mode +\& +\& des\-ede3\-cbc Three key triple DES EDE in CBC mode +\& des\-ede3 Three key triple DES EDE in ECB mode +\& des3 Alias for des\-ede3\-cbc +\& des\-ede3\-cfb Three key triple DES EDE CFB mode +\& des\-ede3\-ofb Three key triple DES EDE in OFB mode +\& +\& desx DESX algorithm. +\& +\& gost89 GOST 28147\-89 in CFB mode (provided by ccgost engine) +\& gost89\-cnt \`GOST 28147\-89 in CNT mode (provided by ccgost engine) +\& +\& idea\-cbc IDEA algorithm in CBC mode +\& idea same as idea\-cbc +\& idea\-cfb IDEA in CFB mode +\& idea\-ecb IDEA in ECB mode +\& idea\-ofb IDEA in OFB mode +\& +\& rc2\-cbc 128 bit RC2 in CBC mode +\& rc2 Alias for rc2\-cbc +\& rc2\-cfb 128 bit RC2 in CFB mode +\& rc2\-ecb 128 bit RC2 in ECB mode +\& rc2\-ofb 128 bit RC2 in OFB mode +\& rc2\-64\-cbc 64 bit RC2 in CBC mode +\& rc2\-40\-cbc 40 bit RC2 in CBC mode +\& +\& rc4 128 bit RC4 +\& rc4\-64 64 bit RC4 +\& rc4\-40 40 bit RC4 +\& +\& rc5\-cbc RC5 cipher in CBC mode +\& rc5 Alias for rc5\-cbc +\& rc5\-cfb RC5 cipher in CFB mode +\& rc5\-ecb RC5 cipher in ECB mode +\& rc5\-ofb RC5 cipher in OFB mode +\& +\& seed\-cbc SEED cipher in CBC mode +\& seed Alias for seed\-cbc +\& seed\-cfb SEED cipher in CFB mode +\& seed\-ecb SEED cipher in ECB mode +\& seed\-ofb SEED cipher in OFB mode +\& +\& sm4\-cbc SM4 cipher in CBC mode +\& sm4 Alias for sm4\-cbc +\& sm4\-cfb SM4 cipher in CFB mode +\& sm4\-ctr SM4 cipher in CTR mode +\& sm4\-ecb SM4 cipher in ECB mode +\& sm4\-ofb SM4 cipher in OFB mode +\& +\& aes\-[128|192|256]\-cbc 128/192/256 bit AES in CBC mode +\& aes[128|192|256] Alias for aes\-[128|192|256]\-cbc +\& aes\-[128|192|256]\-cfb 128/192/256 bit AES in 128 bit CFB mode +\& aes\-[128|192|256]\-cfb1 128/192/256 bit AES in 1 bit CFB mode +\& aes\-[128|192|256]\-cfb8 128/192/256 bit AES in 8 bit CFB mode +\& aes\-[128|192|256]\-ctr 128/192/256 bit AES in CTR mode +\& aes\-[128|192|256]\-ecb 128/192/256 bit AES in ECB mode +\& aes\-[128|192|256]\-ofb 128/192/256 bit AES in OFB mode +\& +\& aria\-[128|192|256]\-cbc 128/192/256 bit ARIA in CBC mode +\& aria[128|192|256] Alias for aria\-[128|192|256]\-cbc +\& aria\-[128|192|256]\-cfb 128/192/256 bit ARIA in 128 bit CFB mode +\& aria\-[128|192|256]\-cfb1 128/192/256 bit ARIA in 1 bit CFB mode +\& aria\-[128|192|256]\-cfb8 128/192/256 bit ARIA in 8 bit CFB mode +\& aria\-[128|192|256]\-ctr 128/192/256 bit ARIA in CTR mode +\& aria\-[128|192|256]\-ecb 128/192/256 bit ARIA in ECB mode +\& aria\-[128|192|256]\-ofb 128/192/256 bit ARIA in OFB mode +\& +\& camellia\-[128|192|256]\-cbc 128/192/256 bit Camellia in CBC mode +\& camellia[128|192|256] Alias for camellia\-[128|192|256]\-cbc +\& camellia\-[128|192|256]\-cfb 128/192/256 bit Camellia in 128 bit CFB mode +\& camellia\-[128|192|256]\-cfb1 128/192/256 bit Camellia in 1 bit CFB mode +\& camellia\-[128|192|256]\-cfb8 128/192/256 bit Camellia in 8 bit CFB mode +\& camellia\-[128|192|256]\-ctr 128/192/256 bit Camellia in CTR mode +\& camellia\-[128|192|256]\-ecb 128/192/256 bit Camellia in ECB mode +\& camellia\-[128|192|256]\-ofb 128/192/256 bit Camellia in OFB mode +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Just base64 encode a binary file: +.PP +.Vb 1 +\& openssl base64 \-in file.bin \-out file.b64 +.Ve +.PP +Decode the same file +.PP +.Vb 1 +\& openssl base64 \-d \-in file.b64 \-out file.bin +.Ve +.PP +Encrypt a file using \s-1AES\-128\s0 using a prompted password +and \s-1PBKDF2\s0 key derivation: +.PP +.Vb 1 +\& openssl enc \-aes128 \-pbkdf2 \-in file.txt \-out file.aes128 +.Ve +.PP +Decrypt a file using a supplied password: +.PP +.Vb 2 +\& openssl enc \-aes128 \-pbkdf2 \-d \-in file.aes128 \-out file.txt \e +\& \-pass pass: +.Ve +.PP +Encrypt a file then base64 encode it (so it can be sent via mail for example) +using \s-1AES\-256\s0 in \s-1CTR\s0 mode and \s-1PBKDF2\s0 key derivation: +.PP +.Vb 1 +\& openssl enc \-aes\-256\-ctr \-pbkdf2 \-a \-in file.txt \-out file.aes256 +.Ve +.PP +Base64 decode a file then decrypt it using a password supplied in a file: +.PP +.Vb 2 +\& openssl enc \-aes\-256\-ctr \-pbkdf2 \-d \-a \-in file.aes256 \-out file.txt \e +\& \-pass file: +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \fB\-A\fR option when used with large files doesn't work properly. +.PP +The \fBenc\fR program only supports a fixed number of algorithms with +certain parameters. So if, for example, you want to use \s-1RC2\s0 with a +76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program. +.SH "HISTORY" +.IX Header "HISTORY" +The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0. +.PP +The \fB\-list\fR option was added in OpenSSL 1.1.1e. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/engine.1 b/deps/openssl/mingw64/share/man/man1/engine.1 new file mode 100644 index 00000000..7bbabdaf --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/engine.1 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ENGINE 1" +.TH ENGINE 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-engine, engine \- load and query engines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl engine\fR +[ \fIengine...\fR ] +[\fB\-v\fR] +[\fB\-vv\fR] +[\fB\-vvv\fR] +[\fB\-vvv\fR] +[\fB\-vvv\fR] +[\fB\-c\fR] +[\fB\-t\fR] +[\fB\-tt\fR] +[\fB\-pre\fR \fIcommand\fR] +[\fB\-post\fR \fIcommand\fR] +[ \fIengine...\fR ] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBengine\fR command is used to query the status and capabilities +of the specified \fBengine\fR's. +Engines may be specified before and after all other command-line flags. +Only those specified are queried. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-v\fR \fB\-vv\fR \fB\-vvv\fR \fB\-vvvv\fR" 4 +.IX Item "-v -vv -vvv -vvvv" +Provides information about each specified engine. The first flag lists +all the possible run-time control commands; the second adds a +description of each command; the third adds the input flags, and the +final option adds the internal input flags. +.IP "\fB\-c\fR" 4 +.IX Item "-c" +Lists the capabilities of each engine. +.IP "\fB\-t\fR" 4 +.IX Item "-t" +Tests if each specified engine is available, and displays the answer. +.IP "\fB\-tt\fR" 4 +.IX Item "-tt" +Displays an error trace for any unavailable engine. +.IP "\fB\-pre\fR \fIcommand\fR" 4 +.IX Item "-pre command" +.PD 0 +.IP "\fB\-post\fR \fIcommand\fR" 4 +.IX Item "-post command" +.PD +Command-line configuration of engines. +The \fB\-pre\fR command is given to the engine before it is loaded and +the \fB\-post\fR command is given after the engine is loaded. +The \fIcommand\fR is of the form \fIcmd:val\fR where \fIcmd\fR is the command, +and \fIval\fR is the value for the command. +See the example below. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To list all the commands available to a dynamic engine: +.PP +.Vb 10 +\& $ openssl engine \-t \-tt \-vvvv dynamic +\& (dynamic) Dynamic engine loading support +\& [ unavailable ] +\& SO_PATH: Specifies the path to the new ENGINE shared library +\& (input flags): STRING +\& NO_VCHECK: Specifies to continue even if version checking fails (boolean) +\& (input flags): NUMERIC +\& ID: Specifies an ENGINE id name for loading +\& (input flags): STRING +\& LIST_ADD: Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory) +\& (input flags): NUMERIC +\& DIR_LOAD: Specifies whether to load from \*(AqDIR_ADD\*(Aq directories (0=no,1=yes,2=mandatory) +\& (input flags): NUMERIC +\& DIR_ADD: Adds a directory from which ENGINEs can be loaded +\& (input flags): STRING +\& LOAD: Load up the ENGINE specified by other settings +\& (input flags): NO_INPUT +.Ve +.PP +To list the capabilities of the \fIrsax\fR engine: +.PP +.Vb 4 +\& $ openssl engine \-c +\& (rsax) RSAX engine support +\& [RSA] +\& (dynamic) Dynamic engine loading support +.Ve +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IX Item "OPENSSL_ENGINES" +The path to the engines directory. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/errstr.1 b/deps/openssl/mingw64/share/man/man1/errstr.1 new file mode 100644 index 00000000..d677ab0b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/errstr.1 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERRSTR 1" +.TH ERRSTR 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-errstr, errstr \- lookup error codes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl errstr error_code\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Sometimes an application will not load error message and only +numerical forms will be available. The \fBerrstr\fR utility can be used to +display the meaning of the hex code. The hex code is the hex digits after the +second colon. +.SH "OPTIONS" +.IX Header "OPTIONS" +None. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The error code: +.PP +.Vb 1 +\& 27594:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107: +.Ve +.PP +can be displayed with: +.PP +.Vb 1 +\& openssl errstr 2006D080 +.Ve +.PP +to produce the error message: +.PP +.Vb 1 +\& error:2006D080:BIO routines:BIO_new_file:no such file +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/gendsa.1 b/deps/openssl/mingw64/share/man/man1/gendsa.1 new file mode 100644 index 00000000..8a2bdee5 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/gendsa.1 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "GENDSA 1" +.TH GENDSA 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-gendsa, gendsa \- generate a DSA private key from a set of parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBgendsa\fR +[\fB\-help\fR] +[\fB\-out filename\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-engine id\fR] +[\fBparamfile\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBgendsa\fR command generates a \s-1DSA\s0 private key from a \s-1DSA\s0 parameter file +(which will be typically generated by the \fBopenssl dsaparam\fR command). +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Output the key to the specified file. If this argument is not specified then +standard output is used. +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified no encryption is used. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBgendsa\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fBparamfile\fR" 4 +.IX Item "paramfile" +This option specifies the \s-1DSA\s0 parameter file to use. The parameters in this +file determine the size of the private key. \s-1DSA\s0 parameters can be generated +and examined using the \fBopenssl dsaparam\fR command. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1DSA\s0 key generation is little more than random number generation so it is +much quicker that \s-1RSA\s0 key generation for example. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBdsaparam\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBrsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/genpkey.1 b/deps/openssl/mingw64/share/man/man1/genpkey.1 new file mode 100644 index 00000000..3d43f587 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/genpkey.1 @@ -0,0 +1,434 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "GENPKEY 1" +.TH GENPKEY 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-genpkey, genpkey \- generate a private key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBgenpkey\fR +[\fB\-help\fR] +[\fB\-out filename\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-pass arg\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-engine id\fR] +[\fB\-paramfile file\fR] +[\fB\-algorithm alg\fR] +[\fB\-pkeyopt opt:value\fR] +[\fB\-genparam\fR] +[\fB\-text\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBgenpkey\fR command generates a private key. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Output the key to the specified file. If this argument is not specified then +standard output is used. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format \s-1DER\s0 or \s-1PEM.\s0 The default format is \s-1PEM.\s0 +.IP "\fB\-pass arg\fR" 4 +.IX Item "-pass arg" +The output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +This option encrypts the private key with the supplied cipher. Any algorithm +name accepted by \fBEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBgenpkey\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. If used this option should precede all other +options. +.IP "\fB\-algorithm alg\fR" 4 +.IX Item "-algorithm alg" +Public key algorithm to use such as \s-1RSA, DSA\s0 or \s-1DH.\s0 If used this option must +precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR +are mutually exclusive. Engines may add algorithms in addition to the standard +built-in ones. +.Sp +Valid built-in algorithm names for private key generation are \s-1RSA,\s0 RSA-PSS, \s-1EC, +X25519, X448, ED25519\s0 and \s-1ED448.\s0 +.Sp +Valid built-in algorithm names for parameter generation (see the \fB\-genparam\fR +option) are \s-1DH, DSA\s0 and \s-1EC.\s0 +.Sp +Note that the algorithm name X9.42 \s-1DH\s0 may be used as a synonym for the \s-1DH\s0 +algorithm. These are identical and do not indicate the type of parameters that +will be generated. Use the \fBdh_paramgen_type\fR option to indicate whether PKCS#3 +or X9.42 \s-1DH\s0 parameters are required. See \*(L"\s-1DH\s0 Parameter Generation Options\*(R" +below for more details. +.IP "\fB\-pkeyopt opt:value\fR" 4 +.IX Item "-pkeyopt opt:value" +Set the public key algorithm option \fBopt\fR to \fBvalue\fR. The precise set of +options supported depends on the public key algorithm used and its +implementation. See \*(L"\s-1KEY GENERATION OPTIONS\*(R"\s0 and +\&\*(L"\s-1PARAMETER GENERATION OPTIONS\*(R"\s0 below for more details. +.IP "\fB\-genparam\fR" 4 +.IX Item "-genparam" +Generate a set of parameters instead of a private key. If used this option must +precede any \fB\-algorithm\fR, \fB\-paramfile\fR or \fB\-pkeyopt\fR options. +.IP "\fB\-paramfile filename\fR" 4 +.IX Item "-paramfile filename" +Some public key algorithms generate a private key based on a set of parameters. +They can be supplied using this option. If this option is used the public key +algorithm used is determined by the parameters. If used this option must +precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR +are mutually exclusive. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Print an (unencrypted) text representation of private and public keys and +parameters along with the \s-1PEM\s0 or \s-1DER\s0 structure. +.SH "KEY GENERATION OPTIONS" +.IX Header "KEY GENERATION OPTIONS" +The options supported by each algorithm and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below. There are no key generation options defined for the X25519, X448, \s-1ED25519\s0 +or \s-1ED448\s0 algorithms. +.SS "\s-1RSA\s0 Key Generation Options" +.IX Subsection "RSA Key Generation Options" +.IP "\fBrsa_keygen_bits:numbits\fR" 4 +.IX Item "rsa_keygen_bits:numbits" +The number of bits in the generated key. If not specified 2048 is used. +.IP "\fBrsa_keygen_primes:numprimes\fR" 4 +.IX Item "rsa_keygen_primes:numprimes" +The number of primes in the generated key. If not specified 2 is used. +.IP "\fBrsa_keygen_pubexp:value\fR" 4 +.IX Item "rsa_keygen_pubexp:value" +The \s-1RSA\s0 public exponent value. This can be a large decimal or +hexadecimal value if preceded by \fB0x\fR. Default value is 65537. +.SS "RSA-PSS Key Generation Options" +.IX Subsection "RSA-PSS Key Generation Options" +Note: by default an \fBRSA-PSS\fR key has no parameter restrictions. +.IP "\fBrsa_keygen_bits:numbits\fR, \fBrsa_keygen_primes:numprimes\fR, \fBrsa_keygen_pubexp:value\fR" 4 +.IX Item "rsa_keygen_bits:numbits, rsa_keygen_primes:numprimes, rsa_keygen_pubexp:value" +These options have the same meaning as the \fB\s-1RSA\s0\fR algorithm. +.IP "\fBrsa_pss_keygen_md:digest\fR" 4 +.IX Item "rsa_pss_keygen_md:digest" +If set the key is restricted and can only use \fBdigest\fR for signing. +.IP "\fBrsa_pss_keygen_mgf1_md:digest\fR" 4 +.IX Item "rsa_pss_keygen_mgf1_md:digest" +If set the key is restricted and can only use \fBdigest\fR as it's \s-1MGF1\s0 +parameter. +.IP "\fBrsa_pss_keygen_saltlen:len\fR" 4 +.IX Item "rsa_pss_keygen_saltlen:len" +If set the key is restricted and \fBlen\fR specifies the minimum salt length. +.SS "\s-1EC\s0 Key Generation Options" +.IX Subsection "EC Key Generation Options" +The \s-1EC\s0 key generation options can also be used for parameter generation. +.IP "\fBec_paramgen_curve:curve\fR" 4 +.IX Item "ec_paramgen_curve:curve" +The \s-1EC\s0 curve to use. OpenSSL supports \s-1NIST\s0 curve names such as \*(L"P\-256\*(R". +.IP "\fBec_param_enc:encoding\fR" 4 +.IX Item "ec_param_enc:encoding" +The encoding to use for parameters. The \*(L"encoding\*(R" parameter must be either +\&\*(L"named_curve\*(R" or \*(L"explicit\*(R". The default value is \*(L"named_curve\*(R". +.SH "PARAMETER GENERATION OPTIONS" +.IX Header "PARAMETER GENERATION OPTIONS" +The options supported by each algorithm and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below. +.SS "\s-1DSA\s0 Parameter Generation Options" +.IX Subsection "DSA Parameter Generation Options" +.IP "\fBdsa_paramgen_bits:numbits\fR" 4 +.IX Item "dsa_paramgen_bits:numbits" +The number of bits in the generated prime. If not specified 2048 is used. +.IP "\fBdsa_paramgen_q_bits:numbits\fR" 4 +.IX Item "dsa_paramgen_q_bits:numbits" +The number of bits in the q parameter. Must be one of 160, 224 or 256. If not +specified 224 is used. +.IP "\fBdsa_paramgen_md:digest\fR" 4 +.IX Item "dsa_paramgen_md:digest" +The digest to use during parameter generation. Must be one of \fBsha1\fR, \fBsha224\fR +or \fBsha256\fR. If set, then the number of bits in \fBq\fR will match the output size +of the specified digest and the \fBdsa_paramgen_q_bits\fR parameter will be +ignored. If not set, then a digest will be used that gives an output matching +the number of bits in \fBq\fR, i.e. \fBsha1\fR if q length is 160, \fBsha224\fR if it 224 +or \fBsha256\fR if it is 256. +.SS "\s-1DH\s0 Parameter Generation Options" +.IX Subsection "DH Parameter Generation Options" +.IP "\fBdh_paramgen_prime_len:numbits\fR" 4 +.IX Item "dh_paramgen_prime_len:numbits" +The number of bits in the prime parameter \fBp\fR. The default is 2048. +.IP "\fBdh_paramgen_subprime_len:numbits\fR" 4 +.IX Item "dh_paramgen_subprime_len:numbits" +The number of bits in the sub prime parameter \fBq\fR. The default is 256 if the +prime is at least 2048 bits long or 160 otherwise. Only relevant if used in +conjunction with the \fBdh_paramgen_type\fR option to generate X9.42 \s-1DH\s0 parameters. +.IP "\fBdh_paramgen_generator:value\fR" 4 +.IX Item "dh_paramgen_generator:value" +The value to use for the generator \fBg\fR. The default is 2. +.IP "\fBdh_paramgen_type:value\fR" 4 +.IX Item "dh_paramgen_type:value" +The type of \s-1DH\s0 parameters to generate. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH.\s0 +The default is 0. +.IP "\fBdh_rfc5114:num\fR" 4 +.IX Item "dh_rfc5114:num" +If this option is set, then the appropriate \s-1RFC5114\s0 parameters are used +instead of generating new parameters. The value \fBnum\fR can take the +values 1, 2 or 3 corresponding to \s-1RFC5114 DH\s0 parameters consisting of +1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup +and 2048 bit group with 256 bit subgroup as mentioned in \s-1RFC5114\s0 sections +2.1, 2.2 and 2.3 respectively. If present this overrides all other \s-1DH\s0 parameter +options. +.SS "\s-1EC\s0 Parameter Generation Options" +.IX Subsection "EC Parameter Generation Options" +The \s-1EC\s0 parameter generation options are the same as for key generation. See +\&\*(L"\s-1EC\s0 Key Generation Options\*(R" above. +.SH "NOTES" +.IX Header "NOTES" +The use of the genpkey program is encouraged over the algorithm specific +utilities because additional algorithm options and \s-1ENGINE\s0 provided algorithms +can be used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate an \s-1RSA\s0 private key using default parameters: +.PP +.Vb 1 +\& openssl genpkey \-algorithm RSA \-out key.pem +.Ve +.PP +Encrypt output private key using 128 bit \s-1AES\s0 and the passphrase \*(L"hello\*(R": +.PP +.Vb 1 +\& openssl genpkey \-algorithm RSA \-out key.pem \-aes\-128\-cbc \-pass pass:hello +.Ve +.PP +Generate a 2048 bit \s-1RSA\s0 key using 3 as the public exponent: +.PP +.Vb 2 +\& openssl genpkey \-algorithm RSA \-out key.pem \e +\& \-pkeyopt rsa_keygen_bits:2048 \-pkeyopt rsa_keygen_pubexp:3 +.Ve +.PP +Generate 2048 bit \s-1DSA\s0 parameters: +.PP +.Vb 2 +\& openssl genpkey \-genparam \-algorithm DSA \-out dsap.pem \e +\& \-pkeyopt dsa_paramgen_bits:2048 +.Ve +.PP +Generate \s-1DSA\s0 key from parameters: +.PP +.Vb 1 +\& openssl genpkey \-paramfile dsap.pem \-out dsakey.pem +.Ve +.PP +Generate 2048 bit \s-1DH\s0 parameters: +.PP +.Vb 2 +\& openssl genpkey \-genparam \-algorithm DH \-out dhp.pem \e +\& \-pkeyopt dh_paramgen_prime_len:2048 +.Ve +.PP +Generate 2048 bit X9.42 \s-1DH\s0 parameters: +.PP +.Vb 3 +\& openssl genpkey \-genparam \-algorithm DH \-out dhpx.pem \e +\& \-pkeyopt dh_paramgen_prime_len:2048 \e +\& \-pkeyopt dh_paramgen_type:1 +.Ve +.PP +Output \s-1RFC5114 2048\s0 bit \s-1DH\s0 parameters with 224 bit subgroup: +.PP +.Vb 1 +\& openssl genpkey \-genparam \-algorithm DH \-out dhp.pem \-pkeyopt dh_rfc5114:2 +.Ve +.PP +Generate \s-1DH\s0 key from parameters: +.PP +.Vb 1 +\& openssl genpkey \-paramfile dhp.pem \-out dhkey.pem +.Ve +.PP +Generate \s-1EC\s0 parameters: +.PP +.Vb 3 +\& openssl genpkey \-genparam \-algorithm EC \-out ecp.pem \e +\& \-pkeyopt ec_paramgen_curve:secp384r1 \e +\& \-pkeyopt ec_param_enc:named_curve +.Ve +.PP +Generate \s-1EC\s0 key from parameters: +.PP +.Vb 1 +\& openssl genpkey \-paramfile ecp.pem \-out eckey.pem +.Ve +.PP +Generate \s-1EC\s0 key directly: +.PP +.Vb 3 +\& openssl genpkey \-algorithm EC \-out eckey.pem \e +\& \-pkeyopt ec_paramgen_curve:P\-384 \e +\& \-pkeyopt ec_param_enc:named_curve +.Ve +.PP +Generate an X25519 private key: +.PP +.Vb 1 +\& openssl genpkey \-algorithm X25519 \-out xkey.pem +.Ve +.PP +Generate an \s-1ED448\s0 private key: +.PP +.Vb 1 +\& openssl genpkey \-algorithm ED448 \-out xkey.pem +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +The ability to use \s-1NIST\s0 curve names, and to generate an \s-1EC\s0 key directly, +were added in OpenSSL 1.0.2. +The ability to generate X25519 keys was added in OpenSSL 1.1.0. +The ability to generate X448, \s-1ED25519\s0 and \s-1ED448\s0 keys was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/genrsa.1 b/deps/openssl/mingw64/share/man/man1/genrsa.1 new file mode 100644 index 00000000..1dc02227 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/genrsa.1 @@ -0,0 +1,243 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "GENRSA 1" +.TH GENRSA 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-genrsa, genrsa \- generate an RSA private key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBgenrsa\fR +[\fB\-help\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-f4\fR] +[\fB\-3\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-engine id\fR] +[\fB\-primes num\fR] +[\fBnumbits\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBgenrsa\fR command generates an \s-1RSA\s0 private key. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Output the key to the specified file. If this argument is not specified then +standard output is used. +.IP "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +The output file password source. For more information about the format +of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with specified +cipher before outputting it. If none of these options is +specified no encryption is used. If encryption is used a pass phrase is prompted +for if it is not supplied via the \fB\-passout\fR argument. +.IP "\fB\-F4|\-3\fR" 4 +.IX Item "-F4|-3" +The public exponent to use, either 65537 or 3. The default is 65537. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBgenrsa\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-primes num\fR" 4 +.IX Item "-primes num" +Specify the number of primes to use while generating the \s-1RSA\s0 key. The \fBnum\fR +parameter must be a positive integer that is greater than 1 and less than 16. +If \fBnum\fR is greater than 2, then the generated key is called a 'multi\-prime' +\&\s-1RSA\s0 key, which is defined in \s-1RFC 8017.\s0 +.IP "\fBnumbits\fR" 4 +.IX Item "numbits" +The size of the private key to generate in bits. This must be the last option +specified. The default is 2048 and values less than 512 are not allowed. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1RSA\s0 private key generation essentially involves the generation of two or more +prime numbers. When generating a private key various symbols will be output to +indicate the progress of the generation. A \fB.\fR represents each number which +has passed an initial sieve test, \fB+\fR means a number has passed a single +round of the Miller-Rabin primality test, \fB*\fR means the current prime starts +a regenerating progress due to some failed tests. A newline means that the number +has passed all the prime tests (the actual number depends on the key size). +.PP +Because key generation is a random process the time taken to generate a key +may vary somewhat. But in general, more primes lead to less generation time +of a key. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBgendsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/list.1 b/deps/openssl/mingw64/share/man/man1/list.1 new file mode 100644 index 00000000..72b628e7 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/list.1 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "LIST 1" +.TH LIST 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-list, list \- list algorithms and features +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl list\fR +[\fB\-help\fR] +[\fB\-1\fR] +[\fB\-commands\fR] +[\fB\-digest\-commands\fR] +[\fB\-digest\-algorithms\fR] +[\fB\-cipher\-commands\fR] +[\fB\-cipher\-algorithms\fR] +[\fB\-public\-key\-algorithms\fR] +[\fB\-public\-key\-methods\fR] +[\fB\-disabled\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to generate list of algorithms or disabled +features. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Display a usage message. +.IP "\fB\-1\fR" 4 +.IX Item "-1" +List the commands, digest-commands, or cipher-commands in a single column. +If used, this option must be given first. +.IP "\fB\-commands\fR" 4 +.IX Item "-commands" +Display a list of standard commands. +.IP "\fB\-digest\-commands\fR" 4 +.IX Item "-digest-commands" +Display a list of message digest commands, which are typically used +as input to the \fBdgst\fR\|(1) or \fBspeed\fR\|(1) commands. +.IP "\fB\-digest\-algorithms\fR" 4 +.IX Item "-digest-algorithms" +Display a list of message digest algorithms. +If a line is of the form + foo => bar +then \fBfoo\fR is an alias for the official algorithm name, \fBbar\fR. +.IP "\fB\-cipher\-commands\fR" 4 +.IX Item "-cipher-commands" +Display a list of cipher commands, which are typically used as input +to the \fBdgst\fR\|(1) or \fBspeed\fR\|(1) commands. +.IP "\fB\-cipher\-algorithms\fR" 4 +.IX Item "-cipher-algorithms" +Display a list of cipher algorithms. +If a line is of the form + foo => bar +then \fBfoo\fR is an alias for the official algorithm name, \fBbar\fR. +.IP "\fB\-public\-key\-algorithms\fR" 4 +.IX Item "-public-key-algorithms" +Display a list of public key algorithms, with each algorithm as +a block of multiple lines, all but the first are indented. +.IP "\fB\-public\-key\-methods\fR" 4 +.IX Item "-public-key-methods" +Display a list of public key method OIDs: this also includes public key methods +without an associated \s-1ASN.1\s0 method, for example, \s-1KDF\s0 algorithms. +.IP "\fB\-disabled\fR" 4 +.IX Item "-disabled" +Display a list of disabled features, those that were compiled out +of the installation. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/nseq.1 b/deps/openssl/mingw64/share/man/man1/nseq.1 new file mode 100644 index 00000000..e6d4634c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/nseq.1 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "NSEQ 1" +.TH NSEQ 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-nseq, nseq \- create or examine a Netscape certificate sequence +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBnseq\fR +[\fB\-help\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-toseq\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBnseq\fR command takes a file containing a Netscape certificate +sequence and prints out the certificates contained in it or takes a +file of certificates and converts it into a Netscape certificate +sequence. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read or standard input if this +option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Specifies the output filename or standard output by default. +.IP "\fB\-toseq\fR" 4 +.IX Item "-toseq" +Normally a Netscape certificate sequence will be input and the output +is the certificates contained in it. With the \fB\-toseq\fR option the +situation is reversed: a Netscape certificate sequence is created from +a file of certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Output the certificates in a Netscape certificate sequence +.PP +.Vb 1 +\& openssl nseq \-in nseq.pem \-out certs.pem +.Ve +.PP +Create a Netscape certificate sequence +.PP +.Vb 1 +\& openssl nseq \-in certs.pem \-toseq \-out nseq.pem +.Ve +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1PEM\s0\fR encoded form uses the same headers and footers as a certificate: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.Ve +.PP +A Netscape certificate sequence is a Netscape specific format that can be sent +to browsers as an alternative to the standard PKCS#7 format when several +certificates are sent to the browser: for example during certificate enrollment. +It is used by Netscape certificate server for example. +.SH "BUGS" +.IX Header "BUGS" +This program needs a few more options: like allowing \s-1DER\s0 or \s-1PEM\s0 input and +output files and allowing multiple certificate files to be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/ocsp.1 b/deps/openssl/mingw64/share/man/man1/ocsp.1 new file mode 100644 index 00000000..a306fb43 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/ocsp.1 @@ -0,0 +1,584 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP 1" +.TH OCSP 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ocsp, ocsp \- Online Certificate Status Protocol utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBocsp\fR +[\fB\-help\fR] +[\fB\-out file\fR] +[\fB\-issuer file\fR] +[\fB\-cert file\fR] +[\fB\-serial n\fR] +[\fB\-signer file\fR] +[\fB\-signkey file\fR] +[\fB\-sign_other file\fR] +[\fB\-no_certs\fR] +[\fB\-req_text\fR] +[\fB\-resp_text\fR] +[\fB\-text\fR] +[\fB\-reqout file\fR] +[\fB\-respout file\fR] +[\fB\-reqin file\fR] +[\fB\-respin file\fR] +[\fB\-nonce\fR] +[\fB\-no_nonce\fR] +[\fB\-url \s-1URL\s0\fR] +[\fB\-host host:port\fR] +[\fB\-multi process-count\fR] +[\fB\-header\fR] +[\fB\-path\fR] +[\fB\-CApath dir\fR] +[\fB\-CAfile file\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-attime timestamp\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-no_check_time\fR] +[\fB\-partial_chain\fR] +[\fB\-policy arg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose purpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level num\fR] +[\fB\-verify_depth num\fR] +[\fB\-verify_email email\fR] +[\fB\-verify_hostname hostname\fR] +[\fB\-verify_ip ip\fR] +[\fB\-verify_name name\fR] +[\fB\-x509_strict\fR] +[\fB\-VAfile file\fR] +[\fB\-validity_period n\fR] +[\fB\-status_age n\fR] +[\fB\-noverify\fR] +[\fB\-verify_other file\fR] +[\fB\-trust_other\fR] +[\fB\-no_intern\fR] +[\fB\-no_signature_verify\fR] +[\fB\-no_cert_verify\fR] +[\fB\-no_chain\fR] +[\fB\-no_cert_checks\fR] +[\fB\-no_explicit\fR] +[\fB\-port num\fR] +[\fB\-ignore_err\fR] +[\fB\-index file\fR] +[\fB\-CA file\fR] +[\fB\-rsigner file\fR] +[\fB\-rkey file\fR] +[\fB\-rother file\fR] +[\fB\-rsigopt nm:v\fR] +[\fB\-resp_no_certs\fR] +[\fB\-nmin n\fR] +[\fB\-ndays n\fR] +[\fB\-resp_key_id\fR] +[\fB\-nrequest n\fR] +[\fB\-\f(BIdigest\fB\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Online Certificate Status Protocol (\s-1OCSP\s0) enables applications to +determine the (revocation) state of an identified certificate (\s-1RFC 2560\s0). +.PP +The \fBocsp\fR command performs many common \s-1OCSP\s0 tasks. It can be used +to print out requests and responses, create requests and send queries +to an \s-1OCSP\s0 responder and behave like a mini \s-1OCSP\s0 server itself. +.SH "OPTIONS" +.IX Header "OPTIONS" +This command operates as either a client or a server. +The options are described below, divided into those two modes. +.SS "\s-1OCSP\s0 Client Options" +.IX Subsection "OCSP Client Options" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +specify output filename, default is standard output. +.IP "\fB\-issuer filename\fR" 4 +.IX Item "-issuer filename" +This specifies the current issuer certificate. This option can be used +multiple times. The certificate specified in \fBfilename\fR must be in +\&\s-1PEM\s0 format. This option \fB\s-1MUST\s0\fR come before any \fB\-cert\fR options. +.IP "\fB\-cert filename\fR" 4 +.IX Item "-cert filename" +Add the certificate \fBfilename\fR to the request. The issuer certificate +is taken from the previous \fBissuer\fR option, or an error occurs if no +issuer certificate is specified. +.IP "\fB\-serial num\fR" 4 +.IX Item "-serial num" +Same as the \fBcert\fR option except the certificate with serial number +\&\fBnum\fR is added to the request. The serial number is interpreted as a +decimal integer unless preceded by \fB0x\fR. Negative integers can also +be specified by preceding the value by a \fB\-\fR sign. +.IP "\fB\-signer filename\fR, \fB\-signkey filename\fR" 4 +.IX Item "-signer filename, -signkey filename" +Sign the \s-1OCSP\s0 request using the certificate specified in the \fBsigner\fR +option and the private key specified by the \fBsignkey\fR option. If +the \fBsignkey\fR option is not present then the private key is read +from the same file as the certificate. If neither option is specified then +the \s-1OCSP\s0 request is not signed. +.IP "\fB\-sign_other filename\fR" 4 +.IX Item "-sign_other filename" +Additional certificates to include in the signed request. +.IP "\fB\-nonce\fR, \fB\-no_nonce\fR" 4 +.IX Item "-nonce, -no_nonce" +Add an \s-1OCSP\s0 nonce extension to a request or disable \s-1OCSP\s0 nonce addition. +Normally if an \s-1OCSP\s0 request is input using the \fBreqin\fR option no +nonce is added: using the \fBnonce\fR option will force addition of a nonce. +If an \s-1OCSP\s0 request is being created (using \fBcert\fR and \fBserial\fR options) +a nonce is automatically added specifying \fBno_nonce\fR overrides this. +.IP "\fB\-req_text\fR, \fB\-resp_text\fR, \fB\-text\fR" 4 +.IX Item "-req_text, -resp_text, -text" +Print out the text form of the \s-1OCSP\s0 request, response or both respectively. +.IP "\fB\-reqout file\fR, \fB\-respout file\fR" 4 +.IX Item "-reqout file, -respout file" +Write out the \s-1DER\s0 encoded certificate request or response to \fBfile\fR. +.IP "\fB\-reqin file\fR, \fB\-respin file\fR" 4 +.IX Item "-reqin file, -respin file" +Read \s-1OCSP\s0 request or response file from \fBfile\fR. These option are ignored +if \s-1OCSP\s0 request or response creation is implied by other options (for example +with \fBserial\fR, \fBcert\fR and \fBhost\fR options). +.IP "\fB\-url responder_url\fR" 4 +.IX Item "-url responder_url" +Specify the responder \s-1URL.\s0 Both \s-1HTTP\s0 and \s-1HTTPS\s0 (\s-1SSL/TLS\s0) URLs can be specified. +.IP "\fB\-host hostname:port\fR, \fB\-path pathname\fR" 4 +.IX Item "-host hostname:port, -path pathname" +If the \fBhost\fR option is present then the \s-1OCSP\s0 request is sent to the host +\&\fBhostname\fR on port \fBport\fR. \fBpath\fR specifies the \s-1HTTP\s0 path name to use +or \*(L"/\*(R" by default. This is equivalent to specifying \fB\-url\fR with scheme +http:// and the given hostname, port, and pathname. +.IP "\fB\-header name=value\fR" 4 +.IX Item "-header name=value" +Adds the header \fBname\fR with the specified \fBvalue\fR to the \s-1OCSP\s0 request +that is sent to the responder. +This may be repeated. +.IP "\fB\-timeout seconds\fR" 4 +.IX Item "-timeout seconds" +Connection timeout to the \s-1OCSP\s0 responder in seconds. +On \s-1POSIX\s0 systems, when running as an \s-1OCSP\s0 responder, this option also limits +the time that the responder is willing to wait for the client request. +This time is measured from the time the responder accepts the connection until +the complete request is received. +.IP "\fB\-multi process-count\fR" 4 +.IX Item "-multi process-count" +Run the specified number of \s-1OCSP\s0 responder child processes, with the parent +process respawning child processes as needed. +Child processes will detect changes in the \s-1CA\s0 index file and automatically +reload it. +When running as a responder \fB\-timeout\fR option is recommended to limit the time +each child is willing to wait for the client's \s-1OCSP\s0 response. +This option is available on \s-1POSIX\s0 systems (that support the \fBfork()\fR and other +required unix system-calls). +.IP "\fB\-CAfile file\fR, \fB\-CApath pathname\fR" 4 +.IX Item "-CAfile file, -CApath pathname" +File or pathname containing trusted \s-1CA\s0 certificates. These are used to verify +the signature on the \s-1OCSP\s0 response. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location +.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4 +.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict" +Set different certificate verification options. +See \fBverify\fR\|(1) manual page for details. +.IP "\fB\-verify_other file\fR" 4 +.IX Item "-verify_other file" +File containing additional certificates to search when attempting to locate +the \s-1OCSP\s0 response signing certificate. Some responders omit the actual signer's +certificate from the response: this option can be used to supply the necessary +certificate in such cases. +.IP "\fB\-trust_other\fR" 4 +.IX Item "-trust_other" +The certificates specified by the \fB\-verify_other\fR option should be explicitly +trusted and no additional checks will be performed on them. This is useful +when the complete responder certificate chain is not available or trusting a +root \s-1CA\s0 is not appropriate. +.IP "\fB\-VAfile file\fR" 4 +.IX Item "-VAfile file" +File containing explicitly trusted responder certificates. Equivalent to the +\&\fB\-verify_other\fR and \fB\-trust_other\fR options. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Don't attempt to verify the \s-1OCSP\s0 response signature or the nonce +values. This option will normally only be used for debugging since it +disables all verification of the responders certificate. +.IP "\fB\-no_intern\fR" 4 +.IX Item "-no_intern" +Ignore certificates contained in the \s-1OCSP\s0 response when searching for the +signers certificate. With this option the signers certificate must be specified +with either the \fB\-verify_other\fR or \fB\-VAfile\fR options. +.IP "\fB\-no_signature_verify\fR" 4 +.IX Item "-no_signature_verify" +Don't check the signature on the \s-1OCSP\s0 response. Since this option +tolerates invalid signatures on \s-1OCSP\s0 responses it will normally only be +used for testing purposes. +.IP "\fB\-no_cert_verify\fR" 4 +.IX Item "-no_cert_verify" +Don't verify the \s-1OCSP\s0 response signers certificate at all. Since this +option allows the \s-1OCSP\s0 response to be signed by any certificate it should +only be used for testing purposes. +.IP "\fB\-no_chain\fR" 4 +.IX Item "-no_chain" +Do not use certificates in the response as additional untrusted \s-1CA\s0 +certificates. +.IP "\fB\-no_explicit\fR" 4 +.IX Item "-no_explicit" +Do not explicitly trust the root \s-1CA\s0 if it is set to be trusted for \s-1OCSP\s0 signing. +.IP "\fB\-no_cert_checks\fR" 4 +.IX Item "-no_cert_checks" +Don't perform any additional checks on the \s-1OCSP\s0 response signers certificate. +That is do not make any checks to see if the signers certificate is authorised +to provide the necessary status information: as a result this option should +only be used for testing purposes. +.IP "\fB\-validity_period nsec\fR, \fB\-status_age age\fR" 4 +.IX Item "-validity_period nsec, -status_age age" +These options specify the range of times, in seconds, which will be tolerated +in an \s-1OCSP\s0 response. Each certificate status response includes a \fBnotBefore\fR +time and an optional \fBnotAfter\fR time. The current time should fall between +these two values, but the interval between the two times may be only a few +seconds. In practice the \s-1OCSP\s0 responder and clients clocks may not be precisely +synchronised and so such a check may fail. To avoid this the +\&\fB\-validity_period\fR option can be used to specify an acceptable error range in +seconds, the default value is 5 minutes. +.Sp +If the \fBnotAfter\fR time is omitted from a response then this means that new +status information is immediately available. In this case the age of the +\&\fBnotBefore\fR field is checked to see it is not older than \fBage\fR seconds old. +By default this additional check is not performed. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +This option sets digest algorithm to use for certificate identification in the +\&\s-1OCSP\s0 request. Any digest supported by the OpenSSL \fBdgst\fR command can be used. +The default is \s-1SHA\-1.\s0 This option may be used multiple times to specify the +digest used by subsequent certificate identifiers. +.SS "\s-1OCSP\s0 Server Options" +.IX Subsection "OCSP Server Options" +.IP "\fB\-index indexfile\fR" 4 +.IX Item "-index indexfile" +The \fBindexfile\fR parameter is the name of a text index file in \fBca\fR +format containing certificate revocation information. +.Sp +If the \fBindex\fR option is specified the \fBocsp\fR utility is in responder +mode, otherwise it is in client mode. The request(s) the responder +processes can be either specified on the command line (using \fBissuer\fR +and \fBserial\fR options), supplied in a file (using the \fBreqin\fR option) +or via external \s-1OCSP\s0 clients (if \fBport\fR or \fBurl\fR is specified). +.Sp +If the \fBindex\fR option is present then the \fB\s-1CA\s0\fR and \fBrsigner\fR options +must also be present. +.IP "\fB\-CA file\fR" 4 +.IX Item "-CA file" +\&\s-1CA\s0 certificate corresponding to the revocation information in \fBindexfile\fR. +.IP "\fB\-rsigner file\fR" 4 +.IX Item "-rsigner file" +The certificate to sign \s-1OCSP\s0 responses with. +.IP "\fB\-rother file\fR" 4 +.IX Item "-rother file" +Additional certificates to include in the \s-1OCSP\s0 response. +.IP "\fB\-resp_no_certs\fR" 4 +.IX Item "-resp_no_certs" +Don't include any certificates in the \s-1OCSP\s0 response. +.IP "\fB\-resp_key_id\fR" 4 +.IX Item "-resp_key_id" +Identify the signer certificate using the key \s-1ID,\s0 default is to use the +subject name. +.IP "\fB\-rkey file\fR" 4 +.IX Item "-rkey file" +The private key to sign \s-1OCSP\s0 responses with: if not present the file +specified in the \fBrsigner\fR option is used. +.IP "\fB\-rsigopt nm:v\fR" 4 +.IX Item "-rsigopt nm:v" +Pass options to the signature algorithm when signing \s-1OCSP\s0 responses. +Names and values of these options are algorithm-specific. +.IP "\fB\-port portnum\fR" 4 +.IX Item "-port portnum" +Port to listen for \s-1OCSP\s0 requests on. The port may also be specified +using the \fBurl\fR option. +.IP "\fB\-ignore_err\fR" 4 +.IX Item "-ignore_err" +Ignore malformed requests or responses: When acting as an \s-1OCSP\s0 client, retry if +a malformed response is received. When acting as an \s-1OCSP\s0 responder, continue +running instead of terminating upon receiving a malformed request. +.IP "\fB\-nrequest number\fR" 4 +.IX Item "-nrequest number" +The \s-1OCSP\s0 server will exit after receiving \fBnumber\fR requests, default unlimited. +.IP "\fB\-nmin minutes\fR, \fB\-ndays days\fR" 4 +.IX Item "-nmin minutes, -ndays days" +Number of minutes or days when fresh revocation information is available: +used in the \fBnextUpdate\fR field. If neither option is present then the +\&\fBnextUpdate\fR field is omitted meaning fresh revocation information is +immediately available. +.SH "OCSP Response verification." +.IX Header "OCSP Response verification." +\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560.\s0 +.PP +Initially the \s-1OCSP\s0 responder certificate is located and the signature on +the \s-1OCSP\s0 request checked using the responder certificate's public key. +.PP +Then a normal certificate verify is performed on the \s-1OCSP\s0 responder certificate +building up a certificate chain in the process. The locations of the trusted +certificates used to build the chain can be specified by the \fBCAfile\fR +and \fBCApath\fR options or they will be looked for in the standard OpenSSL +certificates directory. +.PP +If the initial verify fails then the \s-1OCSP\s0 verify process halts with an +error. +.PP +Otherwise the issuing \s-1CA\s0 certificate in the request is compared to the \s-1OCSP\s0 +responder certificate: if there is a match then the \s-1OCSP\s0 verify succeeds. +.PP +Otherwise the \s-1OCSP\s0 responder certificate's \s-1CA\s0 is checked against the issuing +\&\s-1CA\s0 certificate in the request. If there is a match and the OCSPSigning +extended key usage is present in the \s-1OCSP\s0 responder certificate then the +\&\s-1OCSP\s0 verify succeeds. +.PP +Otherwise, if \fB\-no_explicit\fR is \fBnot\fR set the root \s-1CA\s0 of the \s-1OCSP\s0 responders +\&\s-1CA\s0 is checked to see if it is trusted for \s-1OCSP\s0 signing. If it is the \s-1OCSP\s0 +verify succeeds. +.PP +If none of these checks is successful then the \s-1OCSP\s0 verify fails. +.PP +What this effectively means if that if the \s-1OCSP\s0 responder certificate is +authorised directly by the \s-1CA\s0 it is issuing revocation information about +(and it is correctly configured) then verification will succeed. +.PP +If the \s-1OCSP\s0 responder is a \*(L"global responder\*(R" which can give details about +multiple CAs and has its own separate certificate chain then its root +\&\s-1CA\s0 can be trusted for \s-1OCSP\s0 signing. For example: +.PP +.Vb 1 +\& openssl x509 \-in ocspCA.pem \-addtrust OCSPSigning \-out trustedCA.pem +.Ve +.PP +Alternatively the responder certificate itself can be explicitly trusted +with the \fB\-VAfile\fR option. +.SH "NOTES" +.IX Header "NOTES" +As noted, most of the verify options are for testing or debugging purposes. +Normally only the \fB\-CApath\fR, \fB\-CAfile\fR and (if the responder is a 'global +\&\s-1VA\s0') \fB\-VAfile\fR options need to be used. +.PP +The \s-1OCSP\s0 server is only useful for test and demonstration purposes: it is +not really usable as a full \s-1OCSP\s0 responder. It contains only a very +simple \s-1HTTP\s0 request handling and can only handle the \s-1POST\s0 form of \s-1OCSP\s0 +queries. It also handles requests serially meaning it cannot respond to +new requests until it has processed the current one. The text index file +format of revocation is also inefficient for large quantities of revocation +data. +.PP +It is possible to run the \fBocsp\fR application in responder mode via a \s-1CGI\s0 +script using the \fBreqin\fR and \fBrespout\fR options. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \s-1OCSP\s0 request and write it to a file: +.PP +.Vb 1 +\& openssl ocsp \-issuer issuer.pem \-cert c1.pem \-cert c2.pem \-reqout req.der +.Ve +.PP +Send a query to an \s-1OCSP\s0 responder with \s-1URL\s0 http://ocsp.myhost.com/ save the +response to a file, print it out in text form, and verify the response: +.PP +.Vb 2 +\& openssl ocsp \-issuer issuer.pem \-cert c1.pem \-cert c2.pem \e +\& \-url http://ocsp.myhost.com/ \-resp_text \-respout resp.der +.Ve +.PP +Read in an \s-1OCSP\s0 response and print out text form: +.PP +.Vb 1 +\& openssl ocsp \-respin resp.der \-text \-noverify +.Ve +.PP +\&\s-1OCSP\s0 server on port 8888 using a standard \fBca\fR configuration, and a separate +responder certificate. All requests and responses are printed to a file. +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-port 8888 \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-text \-out log.txt +.Ve +.PP +As above but exit after processing one request: +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-port 8888 \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-nrequest 1 +.Ve +.PP +Query status information using an internally generated request: +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-issuer demoCA/cacert.pem \-serial 1 +.Ve +.PP +Query status information using request read from a file, and write the response +to a second file. +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-reqin req.der \-respout resp.der +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +The \-no_alt_chains option was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/openssl.1 b/deps/openssl/mingw64/share/man/man1/openssl.1 new file mode 100644 index 00000000..14d4c770 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/openssl.1 @@ -0,0 +1,583 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL 1" +.TH OPENSSL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl \- OpenSSL command line tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR +\&\fIcommand\fR +[ \fIcommand_opts\fR ] +[ \fIcommand_args\fR ] +.PP +\&\fBopenssl\fR \fBlist\fR [ \fBstandard-commands\fR | \fBdigest-commands\fR | \fBcipher-commands\fR | \fBcipher-algorithms\fR | \fBdigest-algorithms\fR | \fBpublic-key-algorithms\fR] +.PP +\&\fBopenssl\fR \fBno\-\fR\fI\s-1XXX\s0\fR [ \fIarbitrary options\fR ] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (\s-1SSL\s0 +v2/v3) and Transport Layer Security (\s-1TLS\s0 v1) network protocols and related +cryptography standards required by them. +.PP +The \fBopenssl\fR program is a command line tool for using the various +cryptography functions of OpenSSL's \fBcrypto\fR library from the shell. +It can be used for +.PP +.Vb 8 +\& o Creation and management of private keys, public keys and parameters +\& o Public key cryptographic operations +\& o Creation of X.509 certificates, CSRs and CRLs +\& o Calculation of Message Digests +\& o Encryption and Decryption with Ciphers +\& o SSL/TLS Client and Server Tests +\& o Handling of S/MIME signed or encrypted mail +\& o Time Stamp requests, generation and verification +.Ve +.SH "COMMAND SUMMARY" +.IX Header "COMMAND SUMMARY" +The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in the +\&\s-1SYNOPSIS\s0 above), each of which often has a wealth of options and arguments +(\fIcommand_opts\fR and \fIcommand_args\fR in the \s-1SYNOPSIS\s0). +.PP +Detailed documentation and use cases for most standard subcommands are available +(e.g., \fBx509\fR\|(1) or \fBopenssl\-x509\fR\|(1)). +.PP +Many commands use an external configuration file for some or all of their +arguments and have a \fB\-config\fR option to specify that file. +The environment variable \fB\s-1OPENSSL_CONF\s0\fR can be used to specify +the location of the file. +If the environment variable is not specified, then the file is named +\&\fBopenssl.cnf\fR in the default certificate storage area, whose value +depends on the configuration flags specified when the OpenSSL +was built. +.PP +The list parameters \fBstandard-commands\fR, \fBdigest-commands\fR, +and \fBcipher-commands\fR output a list (one entry per line) of the names +of all standard commands, message digest commands, or cipher commands, +respectively, that are available in the present \fBopenssl\fR utility. +.PP +The list parameters \fBcipher-algorithms\fR and +\&\fBdigest-algorithms\fR list all cipher and message digest names, one entry per line. Aliases are listed as: +.PP +.Vb 1 +\& from => to +.Ve +.PP +The list parameter \fBpublic-key-algorithms\fR lists all supported public +key algorithms. +.PP +The command \fBno\-\fR\fI\s-1XXX\s0\fR tests whether a command of the +specified name is available. If no command named \fI\s-1XXX\s0\fR exists, it +returns 0 (success) and prints \fBno\-\fR\fI\s-1XXX\s0\fR; otherwise it returns 1 +and prints \fI\s-1XXX\s0\fR. In both cases, the output goes to \fBstdout\fR and +nothing is printed to \fBstderr\fR. Additional command line arguments +are always ignored. Since for each cipher there is a command of the +same name, this provides an easy way for shell scripts to test for the +availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fI\s-1XXX\s0\fR is +not able to detect pseudo-commands such as \fBquit\fR, +\&\fBlist\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.) +.SS "Standard Commands" +.IX Subsection "Standard Commands" +.IP "\fBasn1parse\fR" 4 +.IX Item "asn1parse" +Parse an \s-1ASN.1\s0 sequence. +.IP "\fBca\fR" 4 +.IX Item "ca" +Certificate Authority (\s-1CA\s0) Management. +.IP "\fBciphers\fR" 4 +.IX Item "ciphers" +Cipher Suite Description Determination. +.IP "\fBcms\fR" 4 +.IX Item "cms" +\&\s-1CMS\s0 (Cryptographic Message Syntax) utility. +.IP "\fBcrl\fR" 4 +.IX Item "crl" +Certificate Revocation List (\s-1CRL\s0) Management. +.IP "\fBcrl2pkcs7\fR" 4 +.IX Item "crl2pkcs7" +\&\s-1CRL\s0 to PKCS#7 Conversion. +.IP "\fBdgst\fR" 4 +.IX Item "dgst" +Message Digest Calculation. +.IP "\fBdh\fR" 4 +.IX Item "dh" +Diffie-Hellman Parameter Management. +Obsoleted by \fBdhparam\fR\|(1). +.IP "\fBdhparam\fR" 4 +.IX Item "dhparam" +Generation and Management of Diffie-Hellman Parameters. Superseded by +\&\fBgenpkey\fR\|(1) and \fBpkeyparam\fR\|(1). +.IP "\fBdsa\fR" 4 +.IX Item "dsa" +\&\s-1DSA\s0 Data Management. +.IP "\fBdsaparam\fR" 4 +.IX Item "dsaparam" +\&\s-1DSA\s0 Parameter Generation and Management. Superseded by +\&\fBgenpkey\fR\|(1) and \fBpkeyparam\fR\|(1). +.IP "\fBec\fR" 4 +.IX Item "ec" +\&\s-1EC\s0 (Elliptic curve) key processing. +.IP "\fBecparam\fR" 4 +.IX Item "ecparam" +\&\s-1EC\s0 parameter manipulation and generation. +.IP "\fBenc\fR" 4 +.IX Item "enc" +Encoding with Ciphers. +.IP "\fBengine\fR" 4 +.IX Item "engine" +Engine (loadable module) information and manipulation. +.IP "\fBerrstr\fR" 4 +.IX Item "errstr" +Error Number to Error String Conversion. +.IP "\fBgendh\fR" 4 +.IX Item "gendh" +Generation of Diffie-Hellman Parameters. +Obsoleted by \fBdhparam\fR\|(1). +.IP "\fBgendsa\fR" 4 +.IX Item "gendsa" +Generation of \s-1DSA\s0 Private Key from Parameters. Superseded by +\&\fBgenpkey\fR\|(1) and \fBpkey\fR\|(1). +.IP "\fBgenpkey\fR" 4 +.IX Item "genpkey" +Generation of Private Key or Parameters. +.IP "\fBgenrsa\fR" 4 +.IX Item "genrsa" +Generation of \s-1RSA\s0 Private Key. Superseded by \fBgenpkey\fR\|(1). +.IP "\fBnseq\fR" 4 +.IX Item "nseq" +Create or examine a Netscape certificate sequence. +.IP "\fBocsp\fR" 4 +.IX Item "ocsp" +Online Certificate Status Protocol utility. +.IP "\fBpasswd\fR" 4 +.IX Item "passwd" +Generation of hashed passwords. +.IP "\fBpkcs12\fR" 4 +.IX Item "pkcs12" +PKCS#12 Data Management. +.IP "\fBpkcs7\fR" 4 +.IX Item "pkcs7" +PKCS#7 Data Management. +.IP "\fBpkcs8\fR" 4 +.IX Item "pkcs8" +PKCS#8 format private key conversion tool. +.IP "\fBpkey\fR" 4 +.IX Item "pkey" +Public and private key management. +.IP "\fBpkeyparam\fR" 4 +.IX Item "pkeyparam" +Public key algorithm parameter management. +.IP "\fBpkeyutl\fR" 4 +.IX Item "pkeyutl" +Public key algorithm cryptographic operation utility. +.IP "\fBprime\fR" 4 +.IX Item "prime" +Compute prime numbers. +.IP "\fBrand\fR" 4 +.IX Item "rand" +Generate pseudo-random bytes. +.IP "\fBrehash\fR" 4 +.IX Item "rehash" +Create symbolic links to certificate and \s-1CRL\s0 files named by the hash values. +.IP "\fBreq\fR" 4 +.IX Item "req" +PKCS#10 X.509 Certificate Signing Request (\s-1CSR\s0) Management. +.IP "\fBrsa\fR" 4 +.IX Item "rsa" +\&\s-1RSA\s0 key management. +.IP "\fBrsautl\fR" 4 +.IX Item "rsautl" +\&\s-1RSA\s0 utility for signing, verification, encryption, and decryption. Superseded +by \fBpkeyutl\fR\|(1). +.IP "\fBs_client\fR" 4 +.IX Item "s_client" +This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent +connection to a remote server speaking \s-1SSL/TLS.\s0 It's intended for testing +purposes only and provides only rudimentary interface functionality but +internally uses mostly all functionality of the OpenSSL \fBssl\fR library. +.IP "\fBs_server\fR" 4 +.IX Item "s_server" +This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote +clients speaking \s-1SSL/TLS.\s0 It's intended for testing purposes only and provides +only rudimentary interface functionality but internally uses mostly all +functionality of the OpenSSL \fBssl\fR library. It provides both an own command +line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response +facility to emulate an SSL/TLS\-aware webserver. +.IP "\fBs_time\fR" 4 +.IX Item "s_time" +\&\s-1SSL\s0 Connection Timer. +.IP "\fBsess_id\fR" 4 +.IX Item "sess_id" +\&\s-1SSL\s0 Session Data Management. +.IP "\fBsmime\fR" 4 +.IX Item "smime" +S/MIME mail processing. +.IP "\fBspeed\fR" 4 +.IX Item "speed" +Algorithm Speed Measurement. +.IP "\fBspkac\fR" 4 +.IX Item "spkac" +\&\s-1SPKAC\s0 printing and generating utility. +.IP "\fBsrp\fR" 4 +.IX Item "srp" +Maintain \s-1SRP\s0 password file. +.IP "\fBstoreutl\fR" 4 +.IX Item "storeutl" +Utility to list and display certificates, keys, CRLs, etc. +.IP "\fBts\fR" 4 +.IX Item "ts" +Time Stamping Authority tool (client/server). +.IP "\fBverify\fR" 4 +.IX Item "verify" +X.509 Certificate Verification. +.IP "\fBversion\fR" 4 +.IX Item "version" +OpenSSL Version Information. +.IP "\fBx509\fR" 4 +.IX Item "x509" +X.509 Certificate Data Management. +.SS "Message Digest Commands" +.IX Subsection "Message Digest Commands" +.IP "\fBblake2b512\fR" 4 +.IX Item "blake2b512" +BLAKE2b\-512 Digest +.IP "\fBblake2s256\fR" 4 +.IX Item "blake2s256" +BLAKE2s\-256 Digest +.IP "\fBmd2\fR" 4 +.IX Item "md2" +\&\s-1MD2\s0 Digest +.IP "\fBmd4\fR" 4 +.IX Item "md4" +\&\s-1MD4\s0 Digest +.IP "\fBmd5\fR" 4 +.IX Item "md5" +\&\s-1MD5\s0 Digest +.IP "\fBmdc2\fR" 4 +.IX Item "mdc2" +\&\s-1MDC2\s0 Digest +.IP "\fBrmd160\fR" 4 +.IX Item "rmd160" +\&\s-1RMD\-160\s0 Digest +.IP "\fBsha1\fR" 4 +.IX Item "sha1" +\&\s-1SHA\-1\s0 Digest +.IP "\fBsha224\fR" 4 +.IX Item "sha224" +\&\s-1SHA\-2 224\s0 Digest +.IP "\fBsha256\fR" 4 +.IX Item "sha256" +\&\s-1SHA\-2 256\s0 Digest +.IP "\fBsha384\fR" 4 +.IX Item "sha384" +\&\s-1SHA\-2 384\s0 Digest +.IP "\fBsha512\fR" 4 +.IX Item "sha512" +\&\s-1SHA\-2 512\s0 Digest +.IP "\fBsha3\-224\fR" 4 +.IX Item "sha3-224" +\&\s-1SHA\-3 224\s0 Digest +.IP "\fBsha3\-256\fR" 4 +.IX Item "sha3-256" +\&\s-1SHA\-3 256\s0 Digest +.IP "\fBsha3\-384\fR" 4 +.IX Item "sha3-384" +\&\s-1SHA\-3 384\s0 Digest +.IP "\fBsha3\-512\fR" 4 +.IX Item "sha3-512" +\&\s-1SHA\-3 512\s0 Digest +.IP "\fBshake128\fR" 4 +.IX Item "shake128" +\&\s-1SHA\-3 SHAKE128\s0 Digest +.IP "\fBshake256\fR" 4 +.IX Item "shake256" +\&\s-1SHA\-3 SHAKE256\s0 Digest +.IP "\fBsm3\fR" 4 +.IX Item "sm3" +\&\s-1SM3\s0 Digest +.SS "Encoding and Cipher Commands" +.IX Subsection "Encoding and Cipher Commands" +The following aliases provide convenient access to the most used encodings +and ciphers. +.PP +Depending on how OpenSSL was configured and built, not all ciphers listed +here may be present. See \fBenc\fR\|(1) for more information and command usage. +.IP "\fBaes128\fR, \fBaes\-128\-cbc\fR, \fBaes\-128\-cfb\fR, \fBaes\-128\-ctr\fR, \fBaes\-128\-ecb\fR, \fBaes\-128\-ofb\fR" 4 +.IX Item "aes128, aes-128-cbc, aes-128-cfb, aes-128-ctr, aes-128-ecb, aes-128-ofb" +\&\s-1AES\-128\s0 Cipher +.IP "\fBaes192\fR, \fBaes\-192\-cbc\fR, \fBaes\-192\-cfb\fR, \fBaes\-192\-ctr\fR, \fBaes\-192\-ecb\fR, \fBaes\-192\-ofb\fR" 4 +.IX Item "aes192, aes-192-cbc, aes-192-cfb, aes-192-ctr, aes-192-ecb, aes-192-ofb" +\&\s-1AES\-192\s0 Cipher +.IP "\fBaes256\fR, \fBaes\-256\-cbc\fR, \fBaes\-256\-cfb\fR, \fBaes\-256\-ctr\fR, \fBaes\-256\-ecb\fR, \fBaes\-256\-ofb\fR" 4 +.IX Item "aes256, aes-256-cbc, aes-256-cfb, aes-256-ctr, aes-256-ecb, aes-256-ofb" +\&\s-1AES\-256\s0 Cipher +.IP "\fBaria128\fR, \fBaria\-128\-cbc\fR, \fBaria\-128\-cfb\fR, \fBaria\-128\-ctr\fR, \fBaria\-128\-ecb\fR, \fBaria\-128\-ofb\fR" 4 +.IX Item "aria128, aria-128-cbc, aria-128-cfb, aria-128-ctr, aria-128-ecb, aria-128-ofb" +Aria\-128 Cipher +.IP "\fBaria192\fR, \fBaria\-192\-cbc\fR, \fBaria\-192\-cfb\fR, \fBaria\-192\-ctr\fR, \fBaria\-192\-ecb\fR, \fBaria\-192\-ofb\fR" 4 +.IX Item "aria192, aria-192-cbc, aria-192-cfb, aria-192-ctr, aria-192-ecb, aria-192-ofb" +Aria\-192 Cipher +.IP "\fBaria256\fR, \fBaria\-256\-cbc\fR, \fBaria\-256\-cfb\fR, \fBaria\-256\-ctr\fR, \fBaria\-256\-ecb\fR, \fBaria\-256\-ofb\fR" 4 +.IX Item "aria256, aria-256-cbc, aria-256-cfb, aria-256-ctr, aria-256-ecb, aria-256-ofb" +Aria\-256 Cipher +.IP "\fBbase64\fR" 4 +.IX Item "base64" +Base64 Encoding +.IP "\fBbf\fR, \fBbf-cbc\fR, \fBbf-cfb\fR, \fBbf-ecb\fR, \fBbf-ofb\fR" 4 +.IX Item "bf, bf-cbc, bf-cfb, bf-ecb, bf-ofb" +Blowfish Cipher +.IP "\fBcamellia128\fR, \fBcamellia\-128\-cbc\fR, \fBcamellia\-128\-cfb\fR, \fBcamellia\-128\-ctr\fR, \fBcamellia\-128\-ecb\fR, \fBcamellia\-128\-ofb\fR" 4 +.IX Item "camellia128, camellia-128-cbc, camellia-128-cfb, camellia-128-ctr, camellia-128-ecb, camellia-128-ofb" +Camellia\-128 Cipher +.IP "\fBcamellia192\fR, \fBcamellia\-192\-cbc\fR, \fBcamellia\-192\-cfb\fR, \fBcamellia\-192\-ctr\fR, \fBcamellia\-192\-ecb\fR, \fBcamellia\-192\-ofb\fR" 4 +.IX Item "camellia192, camellia-192-cbc, camellia-192-cfb, camellia-192-ctr, camellia-192-ecb, camellia-192-ofb" +Camellia\-192 Cipher +.IP "\fBcamellia256\fR, \fBcamellia\-256\-cbc\fR, \fBcamellia\-256\-cfb\fR, \fBcamellia\-256\-ctr\fR, \fBcamellia\-256\-ecb\fR, \fBcamellia\-256\-ofb\fR" 4 +.IX Item "camellia256, camellia-256-cbc, camellia-256-cfb, camellia-256-ctr, camellia-256-ecb, camellia-256-ofb" +Camellia\-256 Cipher +.IP "\fBcast\fR, \fBcast-cbc\fR" 4 +.IX Item "cast, cast-cbc" +\&\s-1CAST\s0 Cipher +.IP "\fBcast5\-cbc\fR, \fBcast5\-cfb\fR, \fBcast5\-ecb\fR, \fBcast5\-ofb\fR" 4 +.IX Item "cast5-cbc, cast5-cfb, cast5-ecb, cast5-ofb" +\&\s-1CAST5\s0 Cipher +.IP "\fBchacha20\fR" 4 +.IX Item "chacha20" +Chacha20 Cipher +.IP "\fBdes\fR, \fBdes-cbc\fR, \fBdes-cfb\fR, \fBdes-ecb\fR, \fBdes-ede\fR, \fBdes-ede-cbc\fR, \fBdes-ede-cfb\fR, \fBdes-ede-ofb\fR, \fBdes-ofb\fR" 4 +.IX Item "des, des-cbc, des-cfb, des-ecb, des-ede, des-ede-cbc, des-ede-cfb, des-ede-ofb, des-ofb" +\&\s-1DES\s0 Cipher +.IP "\fBdes3\fR, \fBdesx\fR, \fBdes\-ede3\fR, \fBdes\-ede3\-cbc\fR, \fBdes\-ede3\-cfb\fR, \fBdes\-ede3\-ofb\fR" 4 +.IX Item "des3, desx, des-ede3, des-ede3-cbc, des-ede3-cfb, des-ede3-ofb" +Triple-DES Cipher +.IP "\fBidea\fR, \fBidea-cbc\fR, \fBidea-cfb\fR, \fBidea-ecb\fR, \fBidea-ofb\fR" 4 +.IX Item "idea, idea-cbc, idea-cfb, idea-ecb, idea-ofb" +\&\s-1IDEA\s0 Cipher +.IP "\fBrc2\fR, \fBrc2\-cbc\fR, \fBrc2\-cfb\fR, \fBrc2\-ecb\fR, \fBrc2\-ofb\fR" 4 +.IX Item "rc2, rc2-cbc, rc2-cfb, rc2-ecb, rc2-ofb" +\&\s-1RC2\s0 Cipher +.IP "\fBrc4\fR" 4 +.IX Item "rc4" +\&\s-1RC4\s0 Cipher +.IP "\fBrc5\fR, \fBrc5\-cbc\fR, \fBrc5\-cfb\fR, \fBrc5\-ecb\fR, \fBrc5\-ofb\fR" 4 +.IX Item "rc5, rc5-cbc, rc5-cfb, rc5-ecb, rc5-ofb" +\&\s-1RC5\s0 Cipher +.IP "\fBseed\fR, \fBseed-cbc\fR, \fBseed-cfb\fR, \fBseed-ecb\fR, \fBseed-ofb\fR" 4 +.IX Item "seed, seed-cbc, seed-cfb, seed-ecb, seed-ofb" +\&\s-1SEED\s0 Cipher +.IP "\fBsm4\fR, \fBsm4\-cbc\fR, \fBsm4\-cfb\fR, \fBsm4\-ctr\fR, \fBsm4\-ecb\fR, \fBsm4\-ofb\fR" 4 +.IX Item "sm4, sm4-cbc, sm4-cfb, sm4-ctr, sm4-ecb, sm4-ofb" +\&\s-1SM4\s0 Cipher +.SH "OPTIONS" +.IX Header "OPTIONS" +Details of which options are available depend on the specific command. +This section describes some common options with common behavior. +.SS "Common Options" +.IX Subsection "Common Options" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Provides a terse summary of all options. +.SS "Pass Phrase Options" +.IX Subsection "Pass Phrase Options" +Several commands accept password arguments, typically using \fB\-passin\fR +and \fB\-passout\fR for input and output passwords respectively. These allow +the password to be obtained from a variety of sources. Both of these +options take a single argument whose format is described below. If no +password argument is given and a password is required then the user is +prompted to enter one: this will typically be read from the current +terminal with echoing turned off. +.PP +Note that character encoding may be relevant, please see +\&\fBpassphrase\-encoding\fR\|(7). +.IP "\fBpass:password\fR" 4 +.IX Item "pass:password" +The actual password is \fBpassword\fR. Since the password is visible +to utilities (like 'ps' under Unix) this form should only be used +where security is not important. +.IP "\fBenv:var\fR" 4 +.IX Item "env:var" +Obtain the password from the environment variable \fBvar\fR. Since +the environment of other processes is visible on certain platforms +(e.g. ps under certain Unix OSes) this option should be used with caution. +.IP "\fBfile:pathname\fR" 4 +.IX Item "file:pathname" +The first line of \fBpathname\fR is the password. If the same \fBpathname\fR +argument is supplied to \fB\-passin\fR and \fB\-passout\fR arguments then the first +line will be used for the input password and the next line for the output +password. \fBpathname\fR need not refer to a regular file: it could for example +refer to a device or named pipe. +.IP "\fBfd:number\fR" 4 +.IX Item "fd:number" +Read the password from the file descriptor \fBnumber\fR. This can be used to +send the data via a pipe for example. +.IP "\fBstdin\fR" 4 +.IX Item "stdin" +Read the password from standard input. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBasn1parse\fR\|(1), \fBca\fR\|(1), \fBciphers\fR\|(1), \fBcms\fR\|(1), \fBconfig\fR\|(5), +\&\fBcrl\fR\|(1), \fBcrl2pkcs7\fR\|(1), \fBdgst\fR\|(1), +\&\fBdhparam\fR\|(1), \fBdsa\fR\|(1), \fBdsaparam\fR\|(1), +\&\fBec\fR\|(1), \fBecparam\fR\|(1), +\&\fBenc\fR\|(1), \fBengine\fR\|(1), \fBerrstr\fR\|(1), \fBgendsa\fR\|(1), \fBgenpkey\fR\|(1), +\&\fBgenrsa\fR\|(1), \fBnseq\fR\|(1), \fBocsp\fR\|(1), +\&\fBpasswd\fR\|(1), +\&\fBpkcs12\fR\|(1), \fBpkcs7\fR\|(1), \fBpkcs8\fR\|(1), +\&\fBpkey\fR\|(1), \fBpkeyparam\fR\|(1), \fBpkeyutl\fR\|(1), \fBprime\fR\|(1), +\&\fBrand\fR\|(1), \fBrehash\fR\|(1), \fBreq\fR\|(1), \fBrsa\fR\|(1), +\&\fBrsautl\fR\|(1), \fBs_client\fR\|(1), +\&\fBs_server\fR\|(1), \fBs_time\fR\|(1), \fBsess_id\fR\|(1), +\&\fBsmime\fR\|(1), \fBspeed\fR\|(1), \fBspkac\fR\|(1), \fBsrp\fR\|(1), \fBstoreutl\fR\|(1), +\&\fBts\fR\|(1), +\&\fBverify\fR\|(1), \fBversion\fR\|(1), \fBx509\fR\|(1), +\&\fBcrypto\fR\|(7), \fBssl\fR\|(7), \fBx509v3_config\fR\|(5) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBlist\-\fR\fI\s-1XXX\s0\fR\fB\-algorithms\fR pseudo-commands were added in OpenSSL 1.0.0; +For notes on the availability of other commands, see their individual +manual pages. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/passwd.1 b/deps/openssl/mingw64/share/man/man1/passwd.1 new file mode 100644 index 00000000..e1166f95 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/passwd.1 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PASSWD 1" +.TH PASSWD 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-passwd, passwd \- compute password hashes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl passwd\fR +[\fB\-help\fR] +[\fB\-crypt\fR] +[\fB\-1\fR] +[\fB\-apr1\fR] +[\fB\-aixmd5\fR] +[\fB\-5\fR] +[\fB\-6\fR] +[\fB\-salt\fR \fIstring\fR] +[\fB\-in\fR \fIfile\fR] +[\fB\-stdin\fR] +[\fB\-noverify\fR] +[\fB\-quiet\fR] +[\fB\-table\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +{\fIpassword\fR} +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpasswd\fR command computes the hash of a password typed at +run-time or the hash of each password in a list. The password list is +taken from the named file for option \fB\-in file\fR, from stdin for +option \fB\-stdin\fR, or from the command line, or from the terminal otherwise. +The Unix standard algorithm \fBcrypt\fR and the MD5\-based \s-1BSD\s0 password +algorithm \fB1\fR, its Apache variant \fBapr1\fR, and its \s-1AIX\s0 variant are available. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-crypt\fR" 4 +.IX Item "-crypt" +Use the \fBcrypt\fR algorithm (default). +.IP "\fB\-1\fR" 4 +.IX Item "-1" +Use the \s-1MD5\s0 based \s-1BSD\s0 password algorithm \fB1\fR. +.IP "\fB\-apr1\fR" 4 +.IX Item "-apr1" +Use the \fBapr1\fR algorithm (Apache variant of the \s-1BSD\s0 algorithm). +.IP "\fB\-aixmd5\fR" 4 +.IX Item "-aixmd5" +Use the \fB\s-1AIX MD5\s0\fR algorithm (\s-1AIX\s0 variant of the \s-1BSD\s0 algorithm). +.IP "\fB\-5\fR" 4 +.IX Item "-5" +.PD 0 +.IP "\fB\-6\fR" 4 +.IX Item "-6" +.PD +Use the \fB\s-1SHA256\s0\fR / \fB\s-1SHA512\s0\fR based algorithms defined by Ulrich Drepper. +See . +.IP "\fB\-salt\fR \fIstring\fR" 4 +.IX Item "-salt string" +Use the specified salt. +When reading a password from the terminal, this implies \fB\-noverify\fR. +.IP "\fB\-in\fR \fIfile\fR" 4 +.IX Item "-in file" +Read passwords from \fIfile\fR. +.IP "\fB\-stdin\fR" 4 +.IX Item "-stdin" +Read passwords from \fBstdin\fR. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Don't verify when reading a password from the terminal. +.IP "\fB\-quiet\fR" 4 +.IX Item "-quiet" +Don't output warnings when passwords given at the command line are truncated. +.IP "\fB\-table\fR" 4 +.IX Item "-table" +In the output list, prepend the cleartext password and a \s-1TAB\s0 character +to each password hash. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.Vb 2 +\& % openssl passwd \-crypt \-salt xx password +\& xxj31ZMTZzkVA +\& +\& % openssl passwd \-1 \-salt xxxxxxxx password +\& $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a. +\& +\& % openssl passwd \-apr1 \-salt xxxxxxxx password +\& $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0 +\& +\& % openssl passwd \-aixmd5 \-salt xxxxxxxx password +\& xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/ +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/pkcs12.1 b/deps/openssl/mingw64/share/man/man1/pkcs12.1 new file mode 100644 index 00000000..2309874a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/pkcs12.1 @@ -0,0 +1,479 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12 1" +.TH PKCS12 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkcs12, pkcs12 \- PKCS#12 file utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs12\fR +[\fB\-help\fR] +[\fB\-export\fR] +[\fB\-chain\fR] +[\fB\-inkey file_or_id\fR] +[\fB\-certfile filename\fR] +[\fB\-name name\fR] +[\fB\-caname name\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-noout\fR] +[\fB\-nomacver\fR] +[\fB\-nocerts\fR] +[\fB\-clcerts\fR] +[\fB\-cacerts\fR] +[\fB\-nokeys\fR] +[\fB\-info\fR] +[\fB\-des | \-des3 | \-idea | \-aes128 | \-aes192 | \-aes256 | \-aria128 | \-aria192 | \-aria256 | \-camellia128 | \-camellia192 | \-camellia256 | \-nodes\fR] +[\fB\-noiter\fR] +[\fB\-maciter | \-nomaciter | \-nomac\fR] +[\fB\-twopass\fR] +[\fB\-descert\fR] +[\fB\-certpbe cipher\fR] +[\fB\-keypbe cipher\fR] +[\fB\-macalg digest\fR] +[\fB\-keyex\fR] +[\fB\-keysig\fR] +[\fB\-password arg\fR] +[\fB\-passin arg\fR] +[\fB\-passout arg\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-CAfile file\fR] +[\fB\-CApath dir\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-CSP name\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkcs12\fR command allows PKCS#12 files (sometimes referred to as +\&\s-1PFX\s0 files) to be created and parsed. PKCS#12 files are used by several +programs including Netscape, \s-1MSIE\s0 and \s-1MS\s0 Outlook. +.SH "OPTIONS" +.IX Header "OPTIONS" +There are a lot of options the meaning of some depends of whether a PKCS#12 file +is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 +file can be created by using the \fB\-export\fR option (see below). +.SH "PARSING OPTIONS" +.IX Header "PARSING OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies filename of the PKCS#12 file to be parsed. Standard input is used +by default. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +The filename to write certificates and private keys to, standard output by +default. They are all written in \s-1PEM\s0 format. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The PKCS#12 file (i.e. input file) password source. For more information about +the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in +\&\fBopenssl\fR\|(1). +.IP "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +Pass phrase source to encrypt any outputted private keys with. For more +information about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section +in \fBopenssl\fR\|(1). +.IP "\fB\-password arg\fR" 4 +.IX Item "-password arg" +With \-export, \-password is equivalent to \-passout. +Otherwise, \-password is equivalent to \-passin. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits output of the keys and certificates to the output file +version of the PKCS#12 file. +.IP "\fB\-clcerts\fR" 4 +.IX Item "-clcerts" +Only output client certificates (not \s-1CA\s0 certificates). +.IP "\fB\-cacerts\fR" 4 +.IX Item "-cacerts" +Only output \s-1CA\s0 certificates (not client certificates). +.IP "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +No certificates at all will be output. +.IP "\fB\-nokeys\fR" 4 +.IX Item "-nokeys" +No private keys will be output. +.IP "\fB\-info\fR" 4 +.IX Item "-info" +Output additional information about the PKCS#12 file structure, algorithms +used and iteration counts. +.IP "\fB\-des\fR" 4 +.IX Item "-des" +Use \s-1DES\s0 to encrypt private keys before outputting. +.IP "\fB\-des3\fR" 4 +.IX Item "-des3" +Use triple \s-1DES\s0 to encrypt private keys before outputting, this is the default. +.IP "\fB\-idea\fR" 4 +.IX Item "-idea" +Use \s-1IDEA\s0 to encrypt private keys before outputting. +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR" 4 +.IX Item "-aes128, -aes192, -aes256" +Use \s-1AES\s0 to encrypt private keys before outputting. +.IP "\fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR" 4 +.IX Item "-aria128, -aria192, -aria256" +Use \s-1ARIA\s0 to encrypt private keys before outputting. +.IP "\fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR" 4 +.IX Item "-camellia128, -camellia192, -camellia256" +Use Camellia to encrypt private keys before outputting. +.IP "\fB\-nodes\fR" 4 +.IX Item "-nodes" +Don't encrypt the private keys at all. +.IP "\fB\-nomacver\fR" 4 +.IX Item "-nomacver" +Don't attempt to verify the integrity \s-1MAC\s0 before reading the file. +.IP "\fB\-twopass\fR" 4 +.IX Item "-twopass" +Prompt for separate integrity and encryption passwords: most software +always assumes these are the same so this option will render such +PKCS#12 files unreadable. Cannot be used in combination with the options +\&\-password, \-passin (if importing) or \-passout (if exporting). +.SH "FILE CREATION OPTIONS" +.IX Header "FILE CREATION OPTIONS" +.IP "\fB\-export\fR" 4 +.IX Item "-export" +This option specifies that a PKCS#12 file will be created rather than +parsed. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies filename to write the PKCS#12 file to. Standard output is used +by default. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +The filename to read certificates and private keys from, standard input by +default. They must all be in \s-1PEM\s0 format. The order doesn't matter but one +private key and its corresponding certificate should be present. If additional +certificates are present they will also be included in the PKCS#12 file. +.IP "\fB\-inkey file_or_id\fR" 4 +.IX Item "-inkey file_or_id" +File to read private key from. If not present then a private key must be present +in the input file. +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier. +.IP "\fB\-name friendlyname\fR" 4 +.IX Item "-name friendlyname" +This specifies the \*(L"friendly name\*(R" for the certificate and private key. This +name is typically displayed in list boxes by software importing the file. +.IP "\fB\-certfile filename\fR" 4 +.IX Item "-certfile filename" +A filename to read additional certificates from. +.IP "\fB\-caname friendlyname\fR" 4 +.IX Item "-caname friendlyname" +This specifies the \*(L"friendly name\*(R" for other certificates. This option may be +used multiple times to specify names for all certificates in the order they +appear. Netscape ignores friendly names on other certificates whereas \s-1MSIE\s0 +displays them. +.IP "\fB\-pass arg\fR, \fB\-passout arg\fR" 4 +.IX Item "-pass arg, -passout arg" +The PKCS#12 file (i.e. output file) password source. For more information about +the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in +\&\fBopenssl\fR\|(1). +.IP "\fB\-passin password\fR" 4 +.IX Item "-passin password" +Pass phrase source to decrypt any input private keys with. For more information +about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in +\&\fBopenssl\fR\|(1). +.IP "\fB\-chain\fR" 4 +.IX Item "-chain" +If this option is present then an attempt is made to include the entire +certificate chain of the user certificate. The standard \s-1CA\s0 store is used +for this search. If the search fails it is considered a fatal error. +.IP "\fB\-descert\fR" 4 +.IX Item "-descert" +Encrypt the certificate using triple \s-1DES,\s0 this may render the PKCS#12 +file unreadable by some \*(L"export grade\*(R" software. By default the private +key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2\s0 +unless \s-1RC2\s0 is disabled in which case triple \s-1DES\s0 is used. +.IP "\fB\-keypbe alg\fR, \fB\-certpbe alg\fR" 4 +.IX Item "-keypbe alg, -certpbe alg" +These options allow the algorithm used to encrypt the private key and +certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 \s-1PBE\s0 algorithm name +can be used (see \fB\s-1NOTES\s0\fR section for more information). If a cipher name +(as output by the \fBlist-cipher-algorithms\fR command is specified then it +is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only +use PKCS#12 algorithms. +.IP "\fB\-keyex|\-keysig\fR" 4 +.IX Item "-keyex|-keysig" +Specifies that the private key is to be used for key exchange or just signing. +This option is only interpreted by \s-1MSIE\s0 and similar \s-1MS\s0 software. Normally +\&\*(L"export grade\*(R" software will only allow 512 bit \s-1RSA\s0 keys to be used for +encryption purposes but arbitrary length keys for signing. The \fB\-keysig\fR +option marks the key for signing only. Signing only keys can be used for +S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client +authentication, however due to a bug only \s-1MSIE 5.0\s0 and later support +the use of signing only keys for \s-1SSL\s0 client authentication. +.IP "\fB\-macalg digest\fR" 4 +.IX Item "-macalg digest" +Specify the \s-1MAC\s0 digest algorithm. If not included them \s-1SHA1\s0 will be used. +.IP "\fB\-nomaciter\fR, \fB\-noiter\fR" 4 +.IX Item "-nomaciter, -noiter" +These options affect the iteration counts on the \s-1MAC\s0 and key algorithms. +Unless you wish to produce files compatible with \s-1MSIE 4.0\s0 you should leave +these options alone. +.Sp +To discourage attacks by using large dictionaries of common passwords the +algorithm that derives keys from passwords can have an iteration count applied +to it: this causes a certain part of the algorithm to be repeated and slows it +down. The \s-1MAC\s0 is used to check the file integrity but since it will normally +have the same password as the keys and certificates it could also be attacked. +By default both \s-1MAC\s0 and encryption iteration counts are set to 2048, using +these options the \s-1MAC\s0 and encryption iteration counts can be set to 1, since +this reduces the file security you should not use these options unless you +really have to. Most software supports both \s-1MAC\s0 and key iteration counts. +\&\s-1MSIE 4.0\s0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR +option. +.IP "\fB\-maciter\fR" 4 +.IX Item "-maciter" +This option is included for compatibility with previous versions, it used +to be needed to use \s-1MAC\s0 iterations counts but they are now used by default. +.IP "\fB\-nomac\fR" 4 +.IX Item "-nomac" +Don't attempt to provide the \s-1MAC\s0 integrity. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +\&\s-1CA\s0 storage as a file. +.IP "\fB\-CApath dir\fR" 4 +.IX Item "-CApath dir" +\&\s-1CA\s0 storage as a directory. This directory must be a standard certificate +directory: that is a hash of each subject name (using \fBx509 \-hash\fR) should be +linked to each certificate. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location. +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location. +.IP "\fB\-CSP name\fR" 4 +.IX Item "-CSP name" +Write \fBname\fR as a Microsoft \s-1CSP\s0 name. +.SH "NOTES" +.IX Header "NOTES" +Although there are a large number of options most of them are very rarely +used. For PKCS#12 file parsing only \fB\-in\fR and \fB\-out\fR need to be used +for PKCS#12 file creation \fB\-export\fR and \fB\-name\fR are also used. +.PP +If none of the \fB\-clcerts\fR, \fB\-cacerts\fR or \fB\-nocerts\fR options are present +then all certificates will be output in the order they appear in the input +PKCS#12 files. There is no guarantee that the first certificate present is +the one corresponding to the private key. Certain software which requires +a private key and certificate and assumes the first certificate in the +file is the one corresponding to the private key: this may not always +be the case. Using the \fB\-clcerts\fR option will solve this problem by only +outputting the certificate corresponding to the private key. If the \s-1CA\s0 +certificates are required then they can be output to a separate file using +the \fB\-nokeys \-cacerts\fR options to just output \s-1CA\s0 certificates. +.PP +The \fB\-keypbe\fR and \fB\-certpbe\fR algorithms allow the precise encryption +algorithms for private keys and certificates to be specified. Normally +the defaults are fine but occasionally software can't handle triple \s-1DES\s0 +encrypted private keys, then the option \fB\-keypbe \s-1PBE\-SHA1\-RC2\-40\s0\fR can +be used to reduce the private key encryption to 40 bit \s-1RC2. A\s0 complete +description of all algorithms is contained in the \fBpkcs8\fR manual page. +.PP +Prior 1.1 release passwords containing non-ASCII characters were encoded +in non-compliant manner, which limited interoperability, in first hand +with Windows. But switching to standard-compliant password encoding +poses problem accessing old data protected with broken encoding. For +this reason even legacy encodings is attempted when reading the +data. If you use PKCS#12 files in production application you are advised +to convert the data, because implemented heuristic approach is not +MT-safe, its sole goal is to facilitate the data upgrade with this +utility. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Parse a PKCS#12 file and output it to a file: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-out file.pem +.Ve +.PP +Output only client certificates to a file: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-clcerts \-out file.pem +.Ve +.PP +Don't encrypt the private key: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-out file.pem \-nodes +.Ve +.PP +Print some info about a PKCS#12 file: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-info \-noout +.Ve +.PP +Create a PKCS#12 file: +.PP +.Vb 1 +\& openssl pkcs12 \-export \-in file.pem \-out file.p12 \-name "My Certificate" +.Ve +.PP +Include some extra certificates: +.PP +.Vb 2 +\& openssl pkcs12 \-export \-in file.pem \-out file.p12 \-name "My Certificate" \e +\& \-certfile othercerts.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBpkcs8\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/pkcs7.1 b/deps/openssl/mingw64/share/man/man1/pkcs7.1 new file mode 100644 index 00000000..7e776577 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/pkcs7.1 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7 1" +.TH PKCS7 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkcs7, pkcs7 \- PKCS#7 utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs7\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-print_certs\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkcs7\fR command processes PKCS#7 files in \s-1DER\s0 or \s-1PEM\s0 format. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded PKCS#7 +v1.5 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of +the \s-1DER\s0 form with header and footer lines. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read from or standard input if this +option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-print_certs\fR" 4 +.IX Item "-print_certs" +Prints out any certificates or CRLs contained in the file. They are +preceded by their subject and issuer names in one line format. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out certificates details in full rather than just subject and +issuer names. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the encoded version of the PKCS#7 structure (or certificates +is \fB\-print_certs\fR is set). +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBpkcs7\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Convert a PKCS#7 file from \s-1PEM\s0 to \s-1DER:\s0 +.PP +.Vb 1 +\& openssl pkcs7 \-in file.pem \-outform DER \-out file.der +.Ve +.PP +Output all certificates in a file: +.PP +.Vb 1 +\& openssl pkcs7 \-in file.pem \-print_certs \-out certs.pem +.Ve +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 PKCS#7 format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PKCS7\-\-\-\-\- +\& \-\-\-\-\-END PKCS7\-\-\-\-\- +.Ve +.PP +For compatibility with some CAs it will also accept: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.Ve +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +There is no option to print out all the fields of a PKCS#7 file. +.PP +This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in \s-1RFC2315\s0 they +cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrl2pkcs7\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/pkcs8.1 b/deps/openssl/mingw64/share/man/man1/pkcs8.1 new file mode 100644 index 00000000..3ee650c4 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/pkcs8.1 @@ -0,0 +1,434 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS8 1" +.TH PKCS8 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkcs8, pkcs8 \- PKCS#8 format private key conversion tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs8\fR +[\fB\-help\fR] +[\fB\-topk8\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-iter count\fR] +[\fB\-noiter\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-nocrypt\fR] +[\fB\-traditional\fR] +[\fB\-v2 alg\fR] +[\fB\-v2prf alg\fR] +[\fB\-v1 alg\fR] +[\fB\-engine id\fR] +[\fB\-scrypt\fR] +[\fB\-scrypt_N N\fR] +[\fB\-scrypt_r r\fR] +[\fB\-scrypt_p p\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkcs8\fR command processes private keys in PKCS#8 format. It can handle +both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo +format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-topk8\fR" 4 +.IX Item "-topk8" +Normally a PKCS#8 private key is expected on input and a private key will be +written to the output file. With the \fB\-topk8\fR option the situation is +reversed: it reads a private key and writes a PKCS#8 format key. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format: see \*(L"\s-1KEY FORMATS\*(R"\s0 for more details. The default +format is \s-1PEM.\s0 +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format: see \*(L"\s-1KEY FORMATS\*(R"\s0 for more details. The default +format is \s-1PEM.\s0 +.IP "\fB\-traditional\fR" 4 +.IX Item "-traditional" +When this option is present and \fB\-topk8\fR is not a traditional format private +key is written. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output by +default. If any encryption options are set then a pass phrase will be +prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +The output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-iter count\fR" 4 +.IX Item "-iter count" +When creating new PKCS#8 containers, use a given number of iterations on +the password in deriving the encryption key for the PKCS#8 output. +High values increase the time required to brute-force a PKCS#8 container. +.IP "\fB\-nocrypt\fR" 4 +.IX Item "-nocrypt" +PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo +structures using an appropriate password based encryption algorithm. With +this option an unencrypted PrivateKeyInfo structure is expected or output. +This option does not encrypt private keys at all and should only be used +when absolutely necessary. Certain software such as some versions of Java +code signing software used unencrypted private keys. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-v2 alg\fR" 4 +.IX Item "-v2 alg" +This option sets the PKCS#5 v2.0 algorithm. +.Sp +The \fBalg\fR argument is the encryption algorithm to use, valid values include +\&\fBaes128\fR, \fBaes256\fR and \fBdes3\fR. If this option isn't specified then \fBaes256\fR +is used. +.IP "\fB\-v2prf alg\fR" 4 +.IX Item "-v2prf alg" +This option sets the \s-1PRF\s0 algorithm to use with PKCS#5 v2.0. A typical value +value would be \fBhmacWithSHA256\fR. If this option isn't set then the default +for the cipher is used or \fBhmacWithSHA256\fR if there is no default. +.Sp +Some implementations may not support custom \s-1PRF\s0 algorithms and may require +the \fBhmacWithSHA1\fR option to work. +.IP "\fB\-v1 alg\fR" 4 +.IX Item "-v1 alg" +This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some +older implementations may not support PKCS#5 v2.0 and may require this option. +If not specified PKCS#5 v2.0 form is used. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBpkcs8\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-scrypt\fR" 4 +.IX Item "-scrypt" +Uses the \fBscrypt\fR algorithm for private key encryption using default +parameters: currently N=16384, r=8 and p=1 and \s-1AES\s0 in \s-1CBC\s0 mode with a 256 bit +key. These parameters can be modified using the \fB\-scrypt_N\fR, \fB\-scrypt_r\fR, +\&\fB\-scrypt_p\fR and \fB\-v2\fR options. +.IP "\fB\-scrypt_N N\fR \fB\-scrypt_r r\fR \fB\-scrypt_p p\fR" 4 +.IX Item "-scrypt_N N -scrypt_r r -scrypt_p p" +Sets the scrypt \fBN\fR, \fBr\fR or \fBp\fR parameters. +.SH "KEY FORMATS" +.IX Header "KEY FORMATS" +Various different formats are used by the pkcs8 utility. These are detailed +below. +.PP +If a key is being converted from PKCS#8 form (i.e. the \fB\-topk8\fR option is +not used) then the input file must be in PKCS#8 format. An encrypted +key is expected unless \fB\-nocrypt\fR is included. +.PP +If \fB\-topk8\fR is not used and \fB\s-1PEM\s0\fR mode is set the output file will be an +unencrypted private key in PKCS#8 format. If the \fB\-traditional\fR option is +used then a traditional format private key is written instead. +.PP +If \fB\-topk8\fR is not used and \fB\s-1DER\s0\fR mode is set the output file will be an +unencrypted private key in traditional \s-1DER\s0 format. +.PP +If \fB\-topk8\fR is used then any supported private key can be used for the input +file in a format specified by \fB\-inform\fR. The output file will be encrypted +PKCS#8 format using the specified encryption parameters unless \fB\-nocrypt\fR +is included. +.SH "NOTES" +.IX Header "NOTES" +By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit +\&\s-1AES\s0 with \s-1HMAC\s0 and \s-1SHA256\s0 is used. +.PP +Some older implementations do not support PKCS#5 v2.0 format and require +the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak +encryption algorithms such as 56 bit \s-1DES.\s0 +.PP +The encrypted form of a \s-1PEM\s0 encode PKCS#8 files uses the following +headers and footers: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN ENCRYPTED PRIVATE KEY\-\-\-\-\- +\& \-\-\-\-\-END ENCRYPTED PRIVATE KEY\-\-\-\-\- +.Ve +.PP +The unencrypted form uses: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- +\& \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- +.Ve +.PP +Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration +counts are more secure that those encrypted using the traditional +SSLeay compatible formats. So if additional security is considered +important the keys should be converted. +.PP +It is possible to write out \s-1DER\s0 encoded encrypted private keys in +PKCS#8 format because the encryption details are included at an \s-1ASN1\s0 +level whereas the traditional format includes them at a \s-1PEM\s0 level. +.SH "PKCS#5 v1.5 and PKCS#12 algorithms." +.IX Header "PKCS#5 v1.5 and PKCS#12 algorithms." +Various algorithms can be used with the \fB\-v1\fR command line option, +including PKCS#5 v1.5 and PKCS#12. These are described in more detail +below. +.IP "\fB\s-1PBE\-MD2\-DES PBE\-MD5\-DES\s0\fR" 4 +.IX Item "PBE-MD2-DES PBE-MD5-DES" +These algorithms were included in the original PKCS#5 v1.5 specification. +They only offer 56 bits of protection since they both use \s-1DES.\s0 +.IP "\fB\s-1PBE\-SHA1\-RC2\-64\s0\fR, \fB\s-1PBE\-MD2\-RC2\-64\s0\fR, \fB\s-1PBE\-MD5\-RC2\-64\s0\fR, \fB\s-1PBE\-SHA1\-DES\s0\fR" 4 +.IX Item "PBE-SHA1-RC2-64, PBE-MD2-RC2-64, PBE-MD5-RC2-64, PBE-SHA1-DES" +These algorithms are not mentioned in the original PKCS#5 v1.5 specification +but they use the same key derivation algorithm and are supported by some +software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or +56 bit \s-1DES.\s0 +.IP "\fB\s-1PBE\-SHA1\-RC4\-128\s0\fR, \fB\s-1PBE\-SHA1\-RC4\-40\s0\fR, \fB\s-1PBE\-SHA1\-3DES\s0\fR, \fB\s-1PBE\-SHA1\-2DES\s0\fR, \fB\s-1PBE\-SHA1\-RC2\-128\s0\fR, \fB\s-1PBE\-SHA1\-RC2\-40\s0\fR" 4 +.IX Item "PBE-SHA1-RC4-128, PBE-SHA1-RC4-40, PBE-SHA1-3DES, PBE-SHA1-2DES, PBE-SHA1-RC2-128, PBE-SHA1-RC2-40" +These algorithms use the PKCS#12 password based encryption algorithm and +allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Convert a private key to PKCS#8 format using default parameters (\s-1AES\s0 with +256 bit key and \fBhmacWithSHA256\fR): +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#8 unencrypted format: +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-nocrypt \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#5 v2.0 format using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v2 des3 \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#5 v2.0 format using \s-1AES\s0 with 256 bits in \s-1CBC\s0 +mode and \fBhmacWithSHA512\fR \s-1PRF:\s0 +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v2 aes\-256\-cbc \-v2prf hmacWithSHA512 \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm +(\s-1DES\s0): +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v1 PBE\-MD5\-DES \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm +(3DES): +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem \-v1 PBE\-SHA1\-3DES +.Ve +.PP +Read a \s-1DER\s0 unencrypted PKCS#8 format private key: +.PP +.Vb 1 +\& openssl pkcs8 \-inform DER \-nocrypt \-in key.der \-out key.pem +.Ve +.PP +Convert a private key from any PKCS#8 encrypted format to traditional format: +.PP +.Vb 1 +\& openssl pkcs8 \-in pk8.pem \-traditional \-out key.pem +.Ve +.PP +Convert a private key to PKCS#8 format, encrypting with \s-1AES\-256\s0 and with +one million iterations of the password: +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v2 aes\-256\-cbc \-iter 1000000 \-out pk8.pem +.Ve +.SH "STANDARDS" +.IX Header "STANDARDS" +Test vectors from this PKCS#5 v2.0 implementation were posted to the +pkcs-tng mailing list using triple \s-1DES, DES\s0 and \s-1RC2\s0 with high iteration +counts, several people confirmed that they could decrypt the private +keys produced and Therefore it can be assumed that the PKCS#5 v2.0 +implementation is reasonably accurate at least as far as these +algorithms are concerned. +.PP +The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented: +it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0 +PKCS#8 private key format complies with this standard. +.SH "BUGS" +.IX Header "BUGS" +There should be an option that prints out the encryption algorithm +in use and other details such as the iteration count. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBdsa\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-iter\fR option was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/pkey.1 b/deps/openssl/mingw64/share/man/man1/pkey.1 new file mode 100644 index 00000000..2bec6341 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/pkey.1 @@ -0,0 +1,288 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKEY 1" +.TH PKEY 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkey, pkey \- public or private key processing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkey\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-traditional\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-text\fR] +[\fB\-text_pub\fR] +[\fB\-noout\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-engine id\fR] +[\fB\-check\fR] +[\fB\-pubcheck\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkey\fR command processes public or private keys. They can be converted +between various forms and their components printed out. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format \s-1DER\s0 or \s-1PEM.\s0 The default format is \s-1PEM.\s0 +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-passout password\fR" 4 +.IX Item "-passout password" +The output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-traditional\fR" 4 +.IX Item "-traditional" +Normally a private key is written using standard format: this is PKCS#8 form +with the appropriate encryption algorithm (if any). If the \fB\-traditional\fR +option is specified then the older \*(L"traditional\*(R" format is used instead. +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +These options encrypt the private key with the supplied cipher. Any algorithm +name accepted by \fBEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the various public or private key components in +plain text in addition to the encoded version. +.IP "\fB\-text_pub\fR" 4 +.IX Item "-text_pub" +Print out only public key components even if a private key is being processed. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Do not output the encoded version of the key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default a private key is read from the input file: with this +option a public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBpkey\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the consistency of a key pair for both public and private +components. +.IP "\fB\-pubcheck\fR" 4 +.IX Item "-pubcheck" +This option checks the correctness of either a public key or the public component +of a key pair. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To remove the pass phrase on an \s-1RSA\s0 private key: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-out keyout.pem +.Ve +.PP +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-text \-noout +.Ve +.PP +To print out the public components of a private key to standard output: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-text_pub \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-pubout \-out pubkey.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBgenpkey\fR\|(1), \fBrsa\fR\|(1), \fBpkcs8\fR\|(1), +\&\fBdsa\fR\|(1), \fBgenrsa\fR\|(1), \fBgendsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/pkeyparam.1 b/deps/openssl/mingw64/share/man/man1/pkeyparam.1 new file mode 100644 index 00000000..b7c07bbd --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/pkeyparam.1 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKEYPARAM 1" +.TH PKEYPARAM 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkeyparam, pkeyparam \- public key algorithm parameter processing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkeyparam\fR +[\fB\-help\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-engine id\fR] +[\fB\-check\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkeyparam\fR command processes public key algorithm parameters. +They can be checked for correctness and their components printed out. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write parameters to or standard output if +this option is not specified. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the parameters in plain text in addition to the encoded version. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Do not output the encoded version of the parameters. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBpkeyparam\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the correctness of parameters. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Print out text version of parameters: +.PP +.Vb 1 +\& openssl pkeyparam \-in param.pem \-text +.Ve +.SH "NOTES" +.IX Header "NOTES" +There are no \fB\-inform\fR or \fB\-outform\fR options for this command because only +\&\s-1PEM\s0 format is supported because the key type is determined by the \s-1PEM\s0 headers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBgenpkey\fR\|(1), \fBrsa\fR\|(1), \fBpkcs8\fR\|(1), +\&\fBdsa\fR\|(1), \fBgenrsa\fR\|(1), \fBgendsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/pkeyutl.1 b/deps/openssl/mingw64/share/man/man1/pkeyutl.1 new file mode 100644 index 00000000..da2873b9 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/pkeyutl.1 @@ -0,0 +1,428 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKEYUTL 1" +.TH PKEYUTL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkeyutl, pkeyutl \- public key algorithm utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkeyutl\fR +[\fB\-help\fR] +[\fB\-in file\fR] +[\fB\-out file\fR] +[\fB\-sigfile file\fR] +[\fB\-inkey file\fR] +[\fB\-keyform PEM|DER|ENGINE\fR] +[\fB\-passin arg\fR] +[\fB\-peerkey file\fR] +[\fB\-peerform PEM|DER|ENGINE\fR] +[\fB\-pubin\fR] +[\fB\-certin\fR] +[\fB\-rev\fR] +[\fB\-sign\fR] +[\fB\-verify\fR] +[\fB\-verifyrecover\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-derive\fR] +[\fB\-kdf algorithm\fR] +[\fB\-kdflen length\fR] +[\fB\-pkeyopt opt:value\fR] +[\fB\-hexdump\fR] +[\fB\-asn1parse\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-engine id\fR] +[\fB\-engine_impl\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkeyutl\fR command can be used to perform low level public key operations +using any supported algorithm. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read data from or standard input +if this option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-sigfile file\fR" 4 +.IX Item "-sigfile file" +Signature file, required for \fBverify\fR operations only +.IP "\fB\-inkey file\fR" 4 +.IX Item "-inkey file" +The input key file, by default it should be a private key. +.IP "\fB\-keyform PEM|DER|ENGINE\fR" 4 +.IX Item "-keyform PEM|DER|ENGINE" +The key format \s-1PEM, DER\s0 or \s-1ENGINE.\s0 Default is \s-1PEM.\s0 +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The input key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-peerkey file\fR" 4 +.IX Item "-peerkey file" +The peer key file, used by key derivation (agreement) operations. +.IP "\fB\-peerform PEM|DER|ENGINE\fR" 4 +.IX Item "-peerform PEM|DER|ENGINE" +The peer key format \s-1PEM, DER\s0 or \s-1ENGINE.\s0 Default is \s-1PEM.\s0 +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +The input file is a public key. +.IP "\fB\-certin\fR" 4 +.IX Item "-certin" +The input is a certificate containing a public key. +.IP "\fB\-rev\fR" 4 +.IX Item "-rev" +Reverse the order of the input buffer. This is useful for some libraries +(such as CryptoAPI) which represent the buffer in little endian format. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign the input data (which must be a hash) and output the signed result. This +requires a private key. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify the input data (which must be a hash) against the signature file and +indicate if the verification succeeded or failed. +.IP "\fB\-verifyrecover\fR" 4 +.IX Item "-verifyrecover" +Verify the input data (which must be a hash) and output the recovered data. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt the input data using a public key. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt the input data using a private key. +.IP "\fB\-derive\fR" 4 +.IX Item "-derive" +Derive a shared secret using the peer key. +.IP "\fB\-kdf algorithm\fR" 4 +.IX Item "-kdf algorithm" +Use key derivation function \fBalgorithm\fR. The supported algorithms are +at present \fB\s-1TLS1\-PRF\s0\fR and \fB\s-1HKDF\s0\fR. +Note: additional parameters and the \s-1KDF\s0 output length will normally have to be +set for this to work. +See \fBEVP_PKEY_CTX_set_hkdf_md\fR\|(3) and \fBEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3) +for the supported string parameters of each algorithm. +.IP "\fB\-kdflen length\fR" 4 +.IX Item "-kdflen length" +Set the output length for \s-1KDF.\s0 +.IP "\fB\-pkeyopt opt:value\fR" 4 +.IX Item "-pkeyopt opt:value" +Public key options specified as opt:value. See \s-1NOTES\s0 below for more details. +.IP "\fB\-hexdump\fR" 4 +.IX Item "-hexdump" +hex dump the output data. +.IP "\fB\-asn1parse\fR" 4 +.IX Item "-asn1parse" +Parse the \s-1ASN.1\s0 output data, this is useful when combined with the +\&\fB\-verifyrecover\fR option when an \s-1ASN1\s0 structure is signed. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBpkeyutl\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-engine_impl\fR" 4 +.IX Item "-engine_impl" +When used with the \fB\-engine\fR option, it specifies to also use +engine \fBid\fR for crypto operations. +.SH "NOTES" +.IX Header "NOTES" +The operations and options supported vary according to the key algorithm +and its implementation. The OpenSSL operations and options are indicated below. +.PP +Unless otherwise mentioned all algorithms support the \fBdigest:alg\fR option +which specifies the digest in use for sign, verify and verifyrecover operations. +The value \fBalg\fR should represent a digest name as used in the +\&\fBEVP_get_digestbyname()\fR function for example \fBsha1\fR. This value is not used to +hash the input data. It is used (by some algorithms) for sanity-checking the +lengths of data passed in to the \fBpkeyutl\fR and for creating the structures that +make up the signature (e.g. \fBDigestInfo\fR in \s-1RSASSA\s0 PKCS#1 v1.5 signatures). +.PP +This utility does not hash the input data but rather it will use the data +directly as input to the signature algorithm. Depending on the key type, +signature type, and mode of padding, the maximum acceptable lengths of input +data differ. The signed data can't be longer than the key modulus with \s-1RSA.\s0 In +case of \s-1ECDSA\s0 and \s-1DSA\s0 the data shouldn't be longer than the field +size, otherwise it will be silently truncated to the field size. In any event +the input size must not be larger than the largest supported digest size. +.PP +In other words, if the value of digest is \fBsha1\fR the input should be the 20 +bytes long binary encoding of the \s-1SHA\-1\s0 hash function output. +.PP +The Ed25519 and Ed448 signature algorithms are not supported by this utility. +They accept non-hashed input, but this utility can only be used to sign hashed +input. +.SH "RSA ALGORITHM" +.IX Header "RSA ALGORITHM" +The \s-1RSA\s0 algorithm generally supports the encrypt, decrypt, sign, +verify and verifyrecover operations. However, some padding modes +support only a subset of these operations. The following additional +\&\fBpkeyopt\fR values are supported: +.IP "\fBrsa_padding_mode:mode\fR" 4 +.IX Item "rsa_padding_mode:mode" +This sets the \s-1RSA\s0 padding mode. Acceptable values for \fBmode\fR are \fBpkcs1\fR for +PKCS#1 padding, \fBsslv23\fR for SSLv23 padding, \fBnone\fR for no padding, \fBoaep\fR +for \fB\s-1OAEP\s0\fR mode, \fBx931\fR for X9.31 mode and \fBpss\fR for \s-1PSS.\s0 +.Sp +In PKCS#1 padding if the message digest is not set then the supplied data is +signed or verified directly instead of using a \fBDigestInfo\fR structure. If a +digest is set then the a \fBDigestInfo\fR structure is used and its the length +must correspond to the digest type. +.Sp +For \fBoaep\fR mode only encryption and decryption is supported. +.Sp +For \fBx931\fR if the digest type is set it is used to format the block data +otherwise the first byte is used to specify the X9.31 digest \s-1ID.\s0 Sign, +verify and verifyrecover are can be performed in this mode. +.Sp +For \fBpss\fR mode only sign and verify are supported and the digest type must be +specified. +.IP "\fBrsa_pss_saltlen:len\fR" 4 +.IX Item "rsa_pss_saltlen:len" +For \fBpss\fR mode only this option specifies the salt length. Three special +values are supported: \*(L"digest\*(R" sets the salt length to the digest length, +\&\*(L"max\*(R" sets the salt length to the maximum permissible value. When verifying +\&\*(L"auto\*(R" causes the salt length to be automatically determined based on the +\&\fB\s-1PSS\s0\fR block structure. +.IP "\fBrsa_mgf1_md:digest\fR" 4 +.IX Item "rsa_mgf1_md:digest" +For \s-1PSS\s0 and \s-1OAEP\s0 padding sets the \s-1MGF1\s0 digest. If the \s-1MGF1\s0 digest is not +explicitly set in \s-1PSS\s0 mode then the signing digest is used. +.SH "RSA-PSS ALGORITHM" +.IX Header "RSA-PSS ALGORITHM" +The RSA-PSS algorithm is a restricted version of the \s-1RSA\s0 algorithm which only +supports the sign and verify operations with \s-1PSS\s0 padding. The following +additional \fBpkeyopt\fR values are supported: +.IP "\fBrsa_padding_mode:mode\fR, \fBrsa_pss_saltlen:len\fR, \fBrsa_mgf1_md:digest\fR" 4 +.IX Item "rsa_padding_mode:mode, rsa_pss_saltlen:len, rsa_mgf1_md:digest" +These have the same meaning as the \fB\s-1RSA\s0\fR algorithm with some additional +restrictions. The padding mode can only be set to \fBpss\fR which is the +default value. +.Sp +If the key has parameter restrictions than the digest, \s-1MGF1\s0 +digest and salt length are set to the values specified in the parameters. +The digest and \s-1MG\s0 cannot be changed and the salt length cannot be set to a +value less than the minimum restriction. +.SH "DSA ALGORITHM" +.IX Header "DSA ALGORITHM" +The \s-1DSA\s0 algorithm supports signing and verification operations only. Currently +there are no additional \fB\-pkeyopt\fR options other than \fBdigest\fR. The \s-1SHA1\s0 +digest is assumed by default. +.SH "DH ALGORITHM" +.IX Header "DH ALGORITHM" +The \s-1DH\s0 algorithm only supports the derivation operation and no additional +\&\fB\-pkeyopt\fR options. +.SH "EC ALGORITHM" +.IX Header "EC ALGORITHM" +The \s-1EC\s0 algorithm supports sign, verify and derive operations. The sign and +verify operations use \s-1ECDSA\s0 and derive uses \s-1ECDH. SHA1\s0 is assumed by default for +the \fB\-pkeyopt\fR \fBdigest\fR option. +.SH "X25519 and X448 ALGORITHMS" +.IX Header "X25519 and X448 ALGORITHMS" +The X25519 and X448 algorithms support key derivation only. Currently there are +no additional options. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Sign some data using a private key: +.PP +.Vb 1 +\& openssl pkeyutl \-sign \-in file \-inkey key.pem \-out sig +.Ve +.PP +Recover the signed data (e.g. if an \s-1RSA\s0 key is used): +.PP +.Vb 1 +\& openssl pkeyutl \-verifyrecover \-in sig \-inkey key.pem +.Ve +.PP +Verify the signature (e.g. a \s-1DSA\s0 key): +.PP +.Vb 1 +\& openssl pkeyutl \-verify \-in file \-sigfile sig \-inkey key.pem +.Ve +.PP +Sign data using a message digest value (this is currently only valid for \s-1RSA\s0): +.PP +.Vb 1 +\& openssl pkeyutl \-sign \-in file \-inkey key.pem \-out sig \-pkeyopt digest:sha256 +.Ve +.PP +Derive a shared secret value: +.PP +.Vb 1 +\& openssl pkeyutl \-derive \-inkey key.pem \-peerkey pubkey.pem \-out secret +.Ve +.PP +Hexdump 48 bytes of \s-1TLS1 PRF\s0 using digest \fB\s-1SHA256\s0\fR and shared secret and +seed consisting of the single byte 0xFF: +.PP +.Vb 2 +\& openssl pkeyutl \-kdf TLS1\-PRF \-kdflen 48 \-pkeyopt md:SHA256 \e +\& \-pkeyopt hexsecret:ff \-pkeyopt hexseed:ff \-hexdump +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBgenpkey\fR\|(1), \fBpkey\fR\|(1), \fBrsautl\fR\|(1) +\&\fBdgst\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBEVP_PKEY_CTX_set_hkdf_md\fR\|(3), \fBEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/prime.1 b/deps/openssl/mingw64/share/man/man1/prime.1 new file mode 100644 index 00000000..3e98744c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/prime.1 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PRIME 1" +.TH PRIME 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-prime, prime \- compute prime numbers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl prime\fR +[\fB\-help\fR] +[\fB\-hex\fR] +[\fB\-generate\fR] +[\fB\-bits\fR] +[\fB\-safe\fR] +[\fB\-checks\fR] +[\fInumber...\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBprime\fR command checks if the specified numbers are prime. +.PP +If no numbers are given on the command line, the \fB\-generate\fR flag should +be used to generate primes according to the requirements specified by the +rest of the flags. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "[\fB\-help\fR]" 4 +.IX Item "[-help]" +Display an option summary. +.IP "[\fB\-hex\fR]" 4 +.IX Item "[-hex]" +Generate hex output. +.IP "[\fB\-generate\fR]" 4 +.IX Item "[-generate]" +Generate a prime number. +.IP "[\fB\-bits num\fR]" 4 +.IX Item "[-bits num]" +Generate a prime with \fBnum\fR bits. +.IP "[\fB\-safe\fR]" 4 +.IX Item "[-safe]" +When used with \fB\-generate\fR, generates a \*(L"safe\*(R" prime. If the number +generated is \fBn\fR, then check that \fB(n\-1)/2\fR is also prime. +.IP "[\fB\-checks num\fR]" 4 +.IX Item "[-checks num]" +Perform the checks \fBnum\fR times to see that the generated number +is prime. The default is 20. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/rand.1 b/deps/openssl/mingw64/share/man/man1/rand.1 new file mode 100644 index 00000000..d6509206 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/rand.1 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND 1" +.TH RAND 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-rand, rand \- generate pseudo\-random bytes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl rand\fR +[\fB\-help\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-base64\fR] +[\fB\-hex\fR] +\&\fInum\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command generates \fInum\fR random bytes using a cryptographically +secure pseudo random number generator (\s-1CSPRNG\s0). +.PP +The random bytes are generated using the \fBRAND_bytes\fR\|(3) function, +which provides a security level of 256 bits, provided it managed to +seed itself successfully from a trusted operating system entropy source. +Otherwise, the command will fail with a nonzero error code. +For more details, see \fBRAND_bytes\fR\|(3), \s-1\fBRAND\s0\fR\|(7), and \s-1\fBRAND_DRBG\s0\fR\|(7). +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out file\fR" 4 +.IX Item "-out file" +Write to \fIfile\fR instead of standard output. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +Explicitly specifying a seed file is in general not necessary, see the +\&\*(L"\s-1NOTES\*(R"\s0 section for more information. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-base64\fR" 4 +.IX Item "-base64" +Perform base64 encoding on the output. +.IP "\fB\-hex\fR" 4 +.IX Item "-hex" +Show the output as a hex string. +.SH "NOTES" +.IX Header "NOTES" +Prior to OpenSSL 1.1.1, it was common for applications to store information +about the state of the random-number generator in a file that was loaded +at startup and rewritten upon exit. On modern operating systems, this is +generally no longer necessary as OpenSSL will seed itself from a trusted +entropy source provided by the operating system. The \fB\-rand\fR and +\&\fB\-writerand\fR flags are still supported for special platforms or +circumstances that might require them. +.PP +It is generally an error to use the same seed file more than once and +every use of \fB\-rand\fR should be paired with \fB\-writerand\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/rehash.1 b/deps/openssl/mingw64/share/man/man1/rehash.1 new file mode 100644 index 00000000..c2fcab28 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/rehash.1 @@ -0,0 +1,259 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "REHASH 1" +.TH REHASH 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-c_rehash, openssl\-rehash, c_rehash, rehash \- Create symbolic links to files named by the hash values +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR +\&\fBrehash\fR +\&\fB[\-h]\fR +\&\fB[\-help]\fR +\&\fB[\-old]\fR +\&\fB[\-n]\fR +\&\fB[\-v]\fR +[ \fIdirectory\fR...] +.PP +\&\fBc_rehash\fR +\&\fIflags...\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +On some platforms, the OpenSSL \fBrehash\fR command is available as +an external script called \fBc_rehash\fR. They are functionally equivalent, +except for minor differences noted below. +.PP +\&\fBrehash\fR scans directories and calculates a hash value of each +\&\f(CW\*(C`.pem\*(C'\fR, \f(CW\*(C`.crt\*(C'\fR, \f(CW\*(C`.cer\*(C'\fR, or \f(CW\*(C`.crl\*(C'\fR +file in the specified directory list and creates symbolic links +for each file, where the name of the link is the hash value. +(If the platform does not support symbolic links, a copy is made.) +This utility is useful as many programs that use OpenSSL require +directories to be set up like this in order to find certificates. +.PP +If any directories are named on the command line, then those are +processed in turn. If not, then the \fB\s-1SSL_CERT_DIR\s0\fR environment variable +is consulted; this should be a colon-separated list of directories, +like the Unix \fB\s-1PATH\s0\fR variable. +If that is not set then the default directory (installation-specific +but often \fB/usr/local/ssl/certs\fR) is processed. +.PP +In order for a directory to be processed, the user must have write +permissions on that directory, otherwise an error will be generated. +.PP +The links created are of the form \f(CW\*(C`HHHHHHHH.D\*(C'\fR, where each \fBH\fR +is a hexadecimal character and \fBD\fR is a single decimal digit. +When processing a directory, \fBrehash\fR will first remove all links +that have a name in that syntax, even if they are being used for some +other purpose. +To skip the removal step, use the \fB\-n\fR flag. +Hashes for \s-1CRL\s0's look similar except the letter \fBr\fR appears after +the period, like this: \f(CW\*(C`HHHHHHHH.rD\*(C'\fR. +.PP +Multiple objects may have the same hash; they will be indicated by +incrementing the \fBD\fR value. Duplicates are found by comparing the +full \s-1SHA\-1\s0 fingerprint. A warning will be displayed if a duplicate +is found. +.PP +A warning will also be displayed if there are files that +cannot be parsed as either a certificate or a \s-1CRL\s0 or if +more than one such object appears in the file. +.SS "Script Configuration" +.IX Subsection "Script Configuration" +The \fBc_rehash\fR script +uses the \fBopenssl\fR program to compute the hashes and +fingerprints. If not found in the user's \fB\s-1PATH\s0\fR, then set the +\&\fB\s-1OPENSSL\s0\fR environment variable to the full pathname. +Any program can be used, it will be invoked as follows for either +a certificate or \s-1CRL:\s0 +.PP +.Vb 2 +\& $OPENSSL x509 \-hash \-fingerprint \-noout \-in FILENAME +\& $OPENSSL crl \-hash \-fingerprint \-noout \-in FILENAME +.Ve +.PP +where \fB\s-1FILENAME\s0\fR is the filename. It must output the hash of the +file on the first line, and the fingerprint on the second, +optionally prefixed with some text and an equals sign. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR \fB\-h\fR" 4 +.IX Item "-help -h" +Display a brief usage message. +.IP "\fB\-old\fR" 4 +.IX Item "-old" +Use old-style hashing (\s-1MD5,\s0 as opposed to \s-1SHA\-1\s0) for generating +links to be used for releases before 1.0.0. +Note that current versions will not use the old style. +.IP "\fB\-n\fR" 4 +.IX Item "-n" +Do not remove existing links. +This is needed when keeping new and old-style links in the same directory. +.IP "\fB\-compat\fR" 4 +.IX Item "-compat" +Generate links for both old-style (\s-1MD5\s0) and new-style (\s-1SHA1\s0) hashing. +This allows releases before 1.0.0 to use these links along-side newer +releases. +.IP "\fB\-v\fR" 4 +.IX Item "-v" +Print messages about old links removed and new links created. +By default, \fBrehash\fR only lists each directory as it is processed. +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL\s0\fR" 4 +.IX Item "OPENSSL" +The path to an executable to use to generate hashes and +fingerprints (see above). +.IP "\fB\s-1SSL_CERT_DIR\s0\fR" 4 +.IX Item "SSL_CERT_DIR" +Colon separated list of directories to operate on. +Ignored if directories are listed on the command line. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\fR\|(1), +\&\fBcrl\fR\|(1). +\&\fBx509\fR\|(1). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/req.1 b/deps/openssl/mingw64/share/man/man1/req.1 new file mode 100644 index 00000000..ac8f2387 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/req.1 @@ -0,0 +1,797 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "REQ 1" +.TH REQ 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-req, req \- PKCS#10 certificate request and certificate generating utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBreq\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-text\fR] +[\fB\-pubkey\fR] +[\fB\-noout\fR] +[\fB\-verify\fR] +[\fB\-modulus\fR] +[\fB\-new\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-newkey rsa:bits\fR] +[\fB\-newkey alg:file\fR] +[\fB\-nodes\fR] +[\fB\-key filename\fR] +[\fB\-keyform PEM|DER\fR] +[\fB\-keyout filename\fR] +[\fB\-keygen_engine id\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-config filename\fR] +[\fB\-multivalue\-rdn\fR] +[\fB\-x509\fR] +[\fB\-days n\fR] +[\fB\-set_serial n\fR] +[\fB\-newhdr\fR] +[\fB\-addext ext\fR] +[\fB\-extensions section\fR] +[\fB\-reqexts section\fR] +[\fB\-precert\fR] +[\fB\-utf8\fR] +[\fB\-nameopt\fR] +[\fB\-reqopt\fR] +[\fB\-subject\fR] +[\fB\-subj arg\fR] +[\fB\-sigopt nm:v\fR] +[\fB\-batch\fR] +[\fB\-verbose\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBreq\fR command primarily creates and processes certificate requests +in PKCS#10 format. It can additionally create self signed certificates +for use as root CAs for example. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded +form compatible with the PKCS#10. The \fB\s-1PEM\s0\fR form is the default format: it +consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and +footer lines. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a request from or standard input +if this option is not specified. A request is only read if the creation +options (\fB\-new\fR and \fB\-newkey\fR) are not specified. +.IP "\fB\-sigopt nm:v\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write to or standard output by +default. +.IP "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +The output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the certificate request in text form. +.IP "\fB\-subject\fR" 4 +.IX Item "-subject" +Prints out the request subject (or certificate subject if \fB\-x509\fR is +specified) +.IP "\fB\-pubkey\fR" 4 +.IX Item "-pubkey" +Outputs the public key. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the request. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the modulus of the public key +contained in the request. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verifies the signature on the request. +.IP "\fB\-new\fR" 4 +.IX Item "-new" +This option generates a new certificate request. It will prompt +the user for the relevant field values. The actual fields +prompted for and their maximum and minimum sizes are specified +in the configuration file and any requested extensions. +.Sp +If the \fB\-key\fR option is not used it will generate a new \s-1RSA\s0 private +key using information specified in the configuration file. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-newkey arg\fR" 4 +.IX Item "-newkey arg" +This option creates a new certificate request and a new private +key. The argument takes one of several forms. \fBrsa:nbits\fR, where +\&\fBnbits\fR is the number of bits, generates an \s-1RSA\s0 key \fBnbits\fR +in size. If \fBnbits\fR is omitted, i.e. \fB\-newkey rsa\fR specified, +the default key size, specified in the configuration file is used. +.Sp +All other algorithms support the \fB\-newkey alg:file\fR form, where file may be +an algorithm parameter file, created by the \fBgenpkey \-genparam\fR command +or and X.509 certificate for a key with appropriate algorithm. +.Sp +\&\fBparam:file\fR generates a key using the parameter file or certificate \fBfile\fR, +the algorithm is determined by the parameters. \fBalgname:file\fR use algorithm +\&\fBalgname\fR and parameter file \fBfile\fR: the two algorithms must match or an +error occurs. \fBalgname\fR just uses algorithm \fBalgname\fR, and parameters, +if necessary should be specified via \fB\-pkeyopt\fR parameter. +.Sp +\&\fBdsa:filename\fR generates a \s-1DSA\s0 key using the parameters +in the file \fBfilename\fR. \fBec:filename\fR generates \s-1EC\s0 key (usable both with +\&\s-1ECDSA\s0 or \s-1ECDH\s0 algorithms), \fBgost2001:filename\fR generates \s-1GOST R +34.10\-2001\s0 key (requires \fBccgost\fR engine configured in the configuration +file). If just \fBgost2001\fR is specified a parameter set should be +specified by \fB\-pkeyopt paramset:X\fR +.IP "\fB\-pkeyopt opt:value\fR" 4 +.IX Item "-pkeyopt opt:value" +Set the public key algorithm option \fBopt\fR to \fBvalue\fR. The precise set of +options supported depends on the public key algorithm used and its +implementation. See \fB\s-1KEY GENERATION OPTIONS\s0\fR in the \fBgenpkey\fR manual page +for more details. +.IP "\fB\-key filename\fR" 4 +.IX Item "-key filename" +This specifies the file to read the private key from. It also +accepts PKCS#8 format private keys for \s-1PEM\s0 format files. +.IP "\fB\-keyform PEM|DER\fR" 4 +.IX Item "-keyform PEM|DER" +The format of the private key file specified in the \fB\-key\fR +argument. \s-1PEM\s0 is the default. +.IP "\fB\-keyout filename\fR" 4 +.IX Item "-keyout filename" +This gives the filename to write the newly created private key to. +If this option is not specified then the filename present in the +configuration file is used. +.IP "\fB\-nodes\fR" 4 +.IX Item "-nodes" +If this option is specified then if a private key is created it +will not be encrypted. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +This specifies the message digest to sign the request. +Any digest supported by the OpenSSL \fBdgst\fR command can be used. +This overrides the digest algorithm specified in +the configuration file. +.Sp +Some public key algorithms may override this choice. For instance, \s-1DSA\s0 +signatures always use \s-1SHA1, GOST R 34.10\s0 signatures always use +\&\s-1GOST R 34.11\-94\s0 (\fB\-md_gost94\fR), Ed25519 and Ed448 never use any digest. +.IP "\fB\-config filename\fR" 4 +.IX Item "-config filename" +This allows an alternative configuration file to be specified. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). +.IP "\fB\-subj arg\fR" 4 +.IX Item "-subj arg" +Sets subject name for new request or supersedes the subject name +when processing a request. +The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR. +Keyword characters may be escaped by \e (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the request. +.IP "\fB\-multivalue\-rdn\fR" 4 +.IX Item "-multivalue-rdn" +This option causes the \-subj argument to be interpreted with full +support for multivalued RDNs. Example: +.Sp +\&\fI/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe\fR +.Sp +If \-multi\-rdn is not used then the \s-1UID\s0 value is \fI123456+CN=John Doe\fR. +.IP "\fB\-x509\fR" 4 +.IX Item "-x509" +This option outputs a self signed certificate instead of a certificate +request. This is typically used to generate a test certificate or +a self signed root \s-1CA.\s0 The extensions added to the certificate +(if any) are specified in the configuration file. Unless specified +using the \fBset_serial\fR option, a large random number will be used for +the serial number. +.Sp +If existing request is specified with the \fB\-in\fR option, it is converted +to the self signed certificate otherwise new request is created. +.IP "\fB\-days n\fR" 4 +.IX Item "-days n" +When the \fB\-x509\fR option is being used this specifies the number of +days to certify the certificate for, otherwise it is ignored. \fBn\fR should +be a positive integer. The default is 30 days. +.IP "\fB\-set_serial n\fR" 4 +.IX Item "-set_serial n" +Serial number to use when outputting a self signed certificate. This +may be specified as a decimal value or a hex value if preceded by \fB0x\fR. +.IP "\fB\-addext ext\fR" 4 +.IX Item "-addext ext" +Add a specific extension to the certificate (if the \fB\-x509\fR option is +present) or certificate request. The argument must have the form of +a key=value pair as it would appear in a config file. +.Sp +This option can be given multiple times. +.IP "\fB\-extensions section\fR" 4 +.IX Item "-extensions section" +.PD 0 +.IP "\fB\-reqexts section\fR" 4 +.IX Item "-reqexts section" +.PD +These options specify alternative sections to include certificate +extensions (if the \fB\-x509\fR option is present) or certificate +request extensions. This allows several different sections to +be used in the same configuration file to specify requests for +a variety of purposes. +.IP "\fB\-precert\fR" 4 +.IX Item "-precert" +A poison extension will be added to the certificate, making it a +\&\*(L"pre-certificate\*(R" (see \s-1RFC6962\s0). This can be submitted to Certificate +Transparency logs in order to obtain signed certificate timestamps (SCTs). +These SCTs can then be embedded into the pre-certificate as an extension, before +removing the poison and signing the certificate. +.Sp +This implies the \fB\-new\fR flag. +.IP "\fB\-utf8\fR" 4 +.IX Item "-utf8" +This option causes field values to be interpreted as \s-1UTF8\s0 strings, by +default they are interpreted as \s-1ASCII.\s0 This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid \s-1UTF8\s0 strings. +.IP "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +Option which determines how the subject or issuer names are displayed. The +\&\fBoption\fR argument can be a single option or multiple options separated by +commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to +set multiple options. See the \fBx509\fR\|(1) manual page for details. +.IP "\fB\-reqopt\fR" 4 +.IX Item "-reqopt" +Customise the output format used with \fB\-text\fR. The \fBoption\fR argument can be +a single option or multiple options separated by commas. +.Sp +See discussion of the \fB\-certopt\fR parameter in the \fBx509\fR\|(1) +command. +.IP "\fB\-newhdr\fR" 4 +.IX Item "-newhdr" +Adds the word \fB\s-1NEW\s0\fR to the \s-1PEM\s0 file header and footer lines on the outputted +request. Some software (Netscape certificate server) and some CAs need this. +.IP "\fB\-batch\fR" 4 +.IX Item "-batch" +Non-interactive mode. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra details about the operations being performed. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBreq\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-keygen_engine id\fR" 4 +.IX Item "-keygen_engine id" +Specifies an engine (by its unique \fBid\fR string) which would be used +for key generation operations. +.SH "CONFIGURATION FILE FORMAT" +.IX Header "CONFIGURATION FILE FORMAT" +The configuration options are specified in the \fBreq\fR section of +the configuration file. As with all configuration files if no +value is specified in the specific section (i.e. \fBreq\fR) then +the initial unnamed or \fBdefault\fR section is searched too. +.PP +The options available are described in detail below. +.IP "\fBinput_password output_password\fR" 4 +.IX Item "input_password output_password" +The passwords for the input private key file (if present) and +the output private key file (if one will be created). The +command line options \fBpassin\fR and \fBpassout\fR override the +configuration file values. +.IP "\fBdefault_bits\fR" 4 +.IX Item "default_bits" +Specifies the default key size in bits. +.Sp +This option is used in conjunction with the \fB\-new\fR option to generate +a new key. It can be overridden by specifying an explicit key size in +the \fB\-newkey\fR option. The smallest accepted key size is 512 bits. If +no key size is specified then 2048 bits is used. +.IP "\fBdefault_keyfile\fR" 4 +.IX Item "default_keyfile" +This is the default filename to write a private key to. If not +specified the key is written to standard output. This can be +overridden by the \fB\-keyout\fR option. +.IP "\fBoid_file\fR" 4 +.IX Item "oid_file" +This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. +.IP "\fBoid_section\fR" 4 +.IX Item "oid_section" +This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by \fB=\fR and the numerical form. The short +and long names are the same when this option is used. +.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. +It is used for private key generation. +.IP "\fBencrypt_key\fR" 4 +.IX Item "encrypt_key" +If this is set to \fBno\fR then if a private key is generated it is +\&\fBnot\fR encrypted. This is equivalent to the \fB\-nodes\fR command line +option. For compatibility \fBencrypt_rsa_key\fR is an equivalent option. +.IP "\fBdefault_md\fR" 4 +.IX Item "default_md" +This option specifies the digest algorithm to use. Any digest supported by the +OpenSSL \fBdgst\fR command can be used. This option can be overridden on the +command line. Certain signing algorithms (i.e. Ed25519 and Ed448) will ignore +any digest that has been set. +.IP "\fBstring_mask\fR" 4 +.IX Item "string_mask" +This option masks out the use of certain string types in certain +fields. Most users will not need to change this option. +.Sp +It can be set to several values \fBdefault\fR which is also the default +option uses PrintableStrings, T61Strings and BMPStrings if the +\&\fBpkix\fR value is used then only PrintableStrings and BMPStrings will +be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459.\s0 If the +\&\fButf8only\fR option is used then only UTF8Strings will be used: this +is the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0 after 2003. Finally the \fBnombstr\fR +option just uses PrintableStrings and T61Strings: certain software has +problems with BMPStrings and UTF8Strings: in particular Netscape. +.IP "\fBreq_extensions\fR" 4 +.IX Item "req_extensions" +This specifies the configuration file section containing a list of +extensions to add to the certificate request. It can be overridden +by the \fB\-reqexts\fR command line switch. See the +\&\fBx509v3_config\fR\|(5) manual page for details of the +extension section format. +.IP "\fBx509_extensions\fR" 4 +.IX Item "x509_extensions" +This specifies the configuration file section containing a list of +extensions to add to certificate generated when the \fB\-x509\fR switch +is used. It can be overridden by the \fB\-extensions\fR command line switch. +.IP "\fBprompt\fR" 4 +.IX Item "prompt" +If set to the value \fBno\fR this disables prompting of certificate fields +and just takes values from the config file directly. It also changes the +expected format of the \fBdistinguished_name\fR and \fBattributes\fR sections. +.IP "\fButf8\fR" 4 +.IX Item "utf8" +If set to the value \fByes\fR then field values to be interpreted as \s-1UTF8\s0 +strings, by default they are interpreted as \s-1ASCII.\s0 This means that +the field values, whether prompted from a terminal or obtained from a +configuration file, must be valid \s-1UTF8\s0 strings. +.IP "\fBattributes\fR" 4 +.IX Item "attributes" +This specifies the section containing any request attributes: its format +is the same as \fBdistinguished_name\fR. Typically these may contain the +challengePassword or unstructuredName types. They are currently ignored +by OpenSSL's request signing utilities but some CAs might want them. +.IP "\fBdistinguished_name\fR" 4 +.IX Item "distinguished_name" +This specifies the section containing the distinguished name fields to +prompt for when generating a certificate or certificate request. The format +is described in the next section. +.SH "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT" +.IX Header "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT" +There are two separate formats for the distinguished name and attribute +sections. If the \fBprompt\fR option is set to \fBno\fR then these sections +just consist of field names and values: for example, +.PP +.Vb 3 +\& CN=My Name +\& OU=My Organization +\& emailAddress=someone@somewhere.org +.Ve +.PP +This allows external programs (e.g. \s-1GUI\s0 based) to generate a template file +with all the field names and values and just pass it to \fBreq\fR. An example +of this kind of configuration file is contained in the \fB\s-1EXAMPLES\s0\fR section. +.PP +Alternatively if the \fBprompt\fR option is absent or not set to \fBno\fR then the +file contains field prompting information. It consists of lines of the form: +.PP +.Vb 4 +\& fieldName="prompt" +\& fieldName_default="default field value" +\& fieldName_min= 2 +\& fieldName_max= 4 +.Ve +.PP +\&\*(L"fieldName\*(R" is the field name being used, for example commonName (or \s-1CN\s0). +The \*(L"prompt\*(R" string is used to ask the user to enter the relevant +details. If the user enters nothing then the default value is used if no +default value is present then the field is omitted. A field can +still be omitted if a default value is present if the user just +enters the '.' character. +.PP +The number of characters entered must be between the fieldName_min and +fieldName_max limits: there may be additional restrictions based +on the field being used (for example countryName can only ever be +two characters long and must fit in a PrintableString). +.PP +Some fields (such as organizationName) can be used more than once +in a \s-1DN.\s0 This presents a problem because configuration files will +not recognize the same name occurring twice. To avoid this problem +if the fieldName contains some characters followed by a full stop +they will be ignored. So for example a second organizationName can +be input by calling it \*(L"1.organizationName\*(R". +.PP +The actual permitted field names are any object identifier short or +long names. These are compiled into OpenSSL and include the usual +values such as commonName, countryName, localityName, organizationName, +organizationalUnitName, stateOrProvinceName. Additionally emailAddress +is included as well as name, surname, givenName, initials, and dnQualifier. +.PP +Additional object identifiers can be defined with the \fBoid_file\fR or +\&\fBoid_section\fR options in the configuration file. Any additional fields +will be treated as though they were a DirectoryString. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Examine and verify certificate request: +.PP +.Vb 1 +\& openssl req \-in req.pem \-text \-verify \-noout +.Ve +.PP +Create a private key and then generate a certificate request from it: +.PP +.Vb 2 +\& openssl genrsa \-out key.pem 2048 +\& openssl req \-new \-key key.pem \-out req.pem +.Ve +.PP +The same but just using req: +.PP +.Vb 1 +\& openssl req \-newkey rsa:2048 \-keyout key.pem \-out req.pem +.Ve +.PP +Generate a self signed root certificate: +.PP +.Vb 1 +\& openssl req \-x509 \-newkey rsa:2048 \-keyout key.pem \-out req.pem +.Ve +.PP +Example of a file pointed to by the \fBoid_file\fR option: +.PP +.Vb 2 +\& 1.2.3.4 shortName A longer Name +\& 1.2.3.6 otherName Other longer Name +.Ve +.PP +Example of a section pointed to by \fBoid_section\fR making use of variable +expansion: +.PP +.Vb 2 +\& testoid1=1.2.3.5 +\& testoid2=${testoid1}.6 +.Ve +.PP +Sample configuration file prompting for field values: +.PP +.Vb 6 +\& [ req ] +\& default_bits = 2048 +\& default_keyfile = privkey.pem +\& distinguished_name = req_distinguished_name +\& attributes = req_attributes +\& req_extensions = v3_ca +\& +\& dirstring_type = nobmp +\& +\& [ req_distinguished_name ] +\& countryName = Country Name (2 letter code) +\& countryName_default = AU +\& countryName_min = 2 +\& countryName_max = 2 +\& +\& localityName = Locality Name (eg, city) +\& +\& organizationalUnitName = Organizational Unit Name (eg, section) +\& +\& commonName = Common Name (eg, YOUR name) +\& commonName_max = 64 +\& +\& emailAddress = Email Address +\& emailAddress_max = 40 +\& +\& [ req_attributes ] +\& challengePassword = A challenge password +\& challengePassword_min = 4 +\& challengePassword_max = 20 +\& +\& [ v3_ca ] +\& +\& subjectKeyIdentifier=hash +\& authorityKeyIdentifier=keyid:always,issuer:always +\& basicConstraints = critical, CA:true +.Ve +.PP +Sample configuration containing all field values: +.PP +.Vb 1 +\& RANDFILE = $ENV::HOME/.rnd +\& +\& [ req ] +\& default_bits = 2048 +\& default_keyfile = keyfile.pem +\& distinguished_name = req_distinguished_name +\& attributes = req_attributes +\& prompt = no +\& output_password = mypass +\& +\& [ req_distinguished_name ] +\& C = GB +\& ST = Test State or Province +\& L = Test Locality +\& O = Organization Name +\& OU = Organizational Unit Name +\& CN = Common Name +\& emailAddress = test@email.address +\& +\& [ req_attributes ] +\& challengePassword = A challenge password +.Ve +.PP +Example of giving the most common attributes (subject and extensions) +on the command line: +.PP +.Vb 4 +\& openssl req \-new \-subj "/C=GB/CN=foo" \e +\& \-addext "subjectAltName = DNS:foo.co.uk" \e +\& \-addext "certificatePolicies = 1.2.3.4" \e +\& \-newkey rsa:2048 \-keyout key.pem \-out req.pem +.Ve +.SH "NOTES" +.IX Header "NOTES" +The header and footer lines in the \fB\s-1PEM\s0\fR format are normally: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN CERTIFICATE REQUEST\-\-\-\-\- +\& \-\-\-\-\-END CERTIFICATE REQUEST\-\-\-\-\- +.Ve +.PP +some software (some versions of Netscape certificate server) instead needs: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN NEW CERTIFICATE REQUEST\-\-\-\-\- +\& \-\-\-\-\-END NEW CERTIFICATE REQUEST\-\-\-\-\- +.Ve +.PP +which is produced with the \fB\-newhdr\fR option but is otherwise compatible. +Either form is accepted transparently on input. +.PP +The certificate requests generated by \fBXenroll\fR with \s-1MSIE\s0 have extensions +added. It includes the \fBkeyUsage\fR extension which determines the type of +key (signature only or general purpose) and any additional OIDs entered +by the script in an extendedKeyUsage extension. +.SH "DIAGNOSTICS" +.IX Header "DIAGNOSTICS" +The following messages are frequently asked about: +.PP +.Vb 2 +\& Using configuration from /some/path/openssl.cnf +\& Unable to load config info +.Ve +.PP +This is followed some time later by... +.PP +.Vb 2 +\& unable to find \*(Aqdistinguished_name\*(Aq in config +\& problems making Certificate Request +.Ve +.PP +The first error message is the clue: it can't find the configuration +file! Certain operations (like examining a certificate request) don't +need a configuration file so its use isn't enforced. Generation of +certificates or requests however does need a configuration file. This +could be regarded as a bug. +.PP +Another puzzling message is this: +.PP +.Vb 2 +\& Attributes: +\& a0:00 +.Ve +.PP +this is displayed when no attributes are present and the request includes +the correct empty \fB\s-1SET OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0 +0x00). If you just see: +.PP +.Vb 1 +\& Attributes: +.Ve +.PP +then the \fB\s-1SET OF\s0\fR is missing and the encoding is technically invalid (but +it is tolerated). See the description of the command line option \fB\-asn1\-kludge\fR +for more information. +.SH "BUGS" +.IX Header "BUGS" +OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively +treats them as \s-1ISO\-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour. +This can cause problems if you need characters that aren't available in +PrintableStrings and you don't want to or can't use BMPStrings. +.PP +As a consequence of the T61String handling the only correct way to represent +accented characters in OpenSSL is to use a BMPString: unfortunately Netscape +currently chokes on these. If you have to use accented characters with Netscape +and \s-1MSIE\s0 then you currently need to use the invalid T61String form. +.PP +The current prompting is not very friendly. It doesn't allow you to confirm what +you've just entered. Other things like extensions in certificate requests are +statically defined in the configuration file. Some of these: like an email +address in subjectAltName should be input by the user. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1), \fBconfig\fR\|(5), +\&\fBx509v3_config\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/rsa.1 b/deps/openssl/mingw64/share/man/man1/rsa.1 new file mode 100644 index 00000000..48d3d829 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/rsa.1 @@ -0,0 +1,330 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA 1" +.TH RSA 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-rsa, rsa \- RSA key processing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBrsa\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-modulus\fR] +[\fB\-check\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-RSAPublicKey_in\fR] +[\fB\-RSAPublicKey_out\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBrsa\fR command processes \s-1RSA\s0 keys. They can be converted between various +forms and their components printed out. \fBNote\fR this command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the \fBpkcs8\fR +utility. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded +form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format. +The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 +encoded with additional header and footer lines. On input PKCS#8 format private +keys are also accepted. +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-passout password\fR" 4 +.IX Item "-passout password" +The output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that using the \fBrsa\fR utility to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with \s-1PEM\s0 format output files. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the various public or private key components in +plain text in addition to the encoded version. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the key. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the modulus of the key. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the consistency of an \s-1RSA\s0 private key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default a private key is read from the input file: with this +option a public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key. +.IP "\fB\-RSAPublicKey_in\fR, \fB\-RSAPublicKey_out\fR" 4 +.IX Item "-RSAPublicKey_in, -RSAPublicKey_out" +Like \fB\-pubin\fR and \fB\-pubout\fR except \fBRSAPublicKey\fR format is used instead. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBrsa\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 private key format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\- +\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- +.Ve +.PP +The \s-1PEM\s0 public key format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\- +\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\- +.Ve +.PP +The \s-1PEM\s0 \fBRSAPublicKey\fR format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN RSA PUBLIC KEY\-\-\-\-\- +\& \-\-\-\-\-END RSA PUBLIC KEY\-\-\-\-\- +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To remove the pass phrase on an \s-1RSA\s0 private key: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-out keyout.pem +.Ve +.PP +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-text \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-pubout \-out pubkey.pem +.Ve +.PP +Output the public part of a private key in \fBRSAPublicKey\fR format: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-RSAPublicKey_out \-out pubkey.pem +.Ve +.SH "BUGS" +.IX Header "BUGS" +There should be an option that automatically handles .key files, +without having to manually edit them. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBpkcs8\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/rsautl.1 b/deps/openssl/mingw64/share/man/man1/rsautl.1 new file mode 100644 index 00000000..74d26faa --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/rsautl.1 @@ -0,0 +1,345 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSAUTL 1" +.TH RSAUTL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-rsautl, rsautl \- RSA utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBrsautl\fR +[\fB\-help\fR] +[\fB\-in file\fR] +[\fB\-out file\fR] +[\fB\-inkey file\fR] +[\fB\-keyform PEM|DER|ENGINE\fR] +[\fB\-pubin\fR] +[\fB\-certin\fR] +[\fB\-sign\fR] +[\fB\-verify\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-pkcs\fR] +[\fB\-ssl\fR] +[\fB\-raw\fR] +[\fB\-hexdump\fR] +[\fB\-asn1parse\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBrsautl\fR command can be used to sign, verify, encrypt and decrypt +data using the \s-1RSA\s0 algorithm. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read data from or standard input +if this option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-inkey file\fR" 4 +.IX Item "-inkey file" +The input key file, by default it should be an \s-1RSA\s0 private key. +.IP "\fB\-keyform PEM|DER|ENGINE\fR" 4 +.IX Item "-keyform PEM|DER|ENGINE" +The key format \s-1PEM, DER\s0 or \s-1ENGINE.\s0 +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +The input file is an \s-1RSA\s0 public key. +.IP "\fB\-certin\fR" 4 +.IX Item "-certin" +The input is a certificate containing an \s-1RSA\s0 public key. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign the input data and output the signed result. This requires +an \s-1RSA\s0 private key. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify the input data and output the recovered data. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt the input data using an \s-1RSA\s0 public key. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt the input data using an \s-1RSA\s0 private key. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-pkcs, \-oaep, \-ssl, \-raw\fR" 4 +.IX Item "-pkcs, -oaep, -ssl, -raw" +The padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP,\s0 +special padding used in \s-1SSL\s0 v2 backwards compatible handshakes, +or no padding, respectively. +For signatures, only \fB\-pkcs\fR and \fB\-raw\fR can be used. +.IP "\fB\-hexdump\fR" 4 +.IX Item "-hexdump" +Hex dump the output data. +.IP "\fB\-asn1parse\fR" 4 +.IX Item "-asn1parse" +Parse the \s-1ASN.1\s0 output data, this is useful when combined with the +\&\fB\-verify\fR option. +.SH "NOTES" +.IX Header "NOTES" +\&\fBrsautl\fR because it uses the \s-1RSA\s0 algorithm directly can only be +used to sign or verify small pieces of data. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Sign some data using a private key: +.PP +.Vb 1 +\& openssl rsautl \-sign \-in file \-inkey key.pem \-out sig +.Ve +.PP +Recover the signed data +.PP +.Vb 1 +\& openssl rsautl \-verify \-in sig \-inkey key.pem +.Ve +.PP +Examine the raw signed data: +.PP +.Vb 1 +\& openssl rsautl \-verify \-in sig \-inkey key.pem \-raw \-hexdump +\& +\& 0000 \- 00 01 ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0010 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0020 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0030 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0040 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0050 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0060 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0070 \- ff ff ff ff 00 68 65 6c\-6c 6f 20 77 6f 72 6c 64 .....hello world +.Ve +.PP +The PKCS#1 block formatting is evident from this. If this was done using +encrypt and decrypt the block would have been of type 2 (the second byte) +and random padding data visible instead of the 0xff bytes. +.PP +It is possible to analyse the signature of certificates using this +utility in conjunction with \fBasn1parse\fR. Consider the self signed +example in certs/pca\-cert.pem . Running \fBasn1parse\fR as follows yields: +.PP +.Vb 1 +\& openssl asn1parse \-in pca\-cert.pem +\& +\& 0:d=0 hl=4 l= 742 cons: SEQUENCE +\& 4:d=1 hl=4 l= 591 cons: SEQUENCE +\& 8:d=2 hl=2 l= 3 cons: cont [ 0 ] +\& 10:d=3 hl=2 l= 1 prim: INTEGER :02 +\& 13:d=2 hl=2 l= 1 prim: INTEGER :00 +\& 16:d=2 hl=2 l= 13 cons: SEQUENCE +\& 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption +\& 29:d=3 hl=2 l= 0 prim: NULL +\& 31:d=2 hl=2 l= 92 cons: SEQUENCE +\& 33:d=3 hl=2 l= 11 cons: SET +\& 35:d=4 hl=2 l= 9 cons: SEQUENCE +\& 37:d=5 hl=2 l= 3 prim: OBJECT :countryName +\& 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU +\& .... +\& 599:d=1 hl=2 l= 13 cons: SEQUENCE +\& 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption +\& 612:d=2 hl=2 l= 0 prim: NULL +\& 614:d=1 hl=3 l= 129 prim: BIT STRING +.Ve +.PP +The final \s-1BIT STRING\s0 contains the actual signature. It can be extracted with: +.PP +.Vb 1 +\& openssl asn1parse \-in pca\-cert.pem \-out sig \-noout \-strparse 614 +.Ve +.PP +The certificate public key can be extracted with: +.PP +.Vb 1 +\& openssl x509 \-in test/testx509.pem \-pubkey \-noout >pubkey.pem +.Ve +.PP +The signature can be analysed with: +.PP +.Vb 1 +\& openssl rsautl \-in sig \-verify \-asn1parse \-inkey pubkey.pem \-pubin +\& +\& 0:d=0 hl=2 l= 32 cons: SEQUENCE +\& 2:d=1 hl=2 l= 12 cons: SEQUENCE +\& 4:d=2 hl=2 l= 8 prim: OBJECT :md5 +\& 14:d=2 hl=2 l= 0 prim: NULL +\& 16:d=1 hl=2 l= 16 prim: OCTET STRING +\& 0000 \- f3 46 9e aa 1a 4a 73 c9\-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. +.Ve +.PP +This is the parsed version of an \s-1ASN1\s0 DigestInfo structure. It can be seen that +the digest used was md5. The actual part of the certificate that was signed can +be extracted with: +.PP +.Vb 1 +\& openssl asn1parse \-in pca\-cert.pem \-out tbs \-noout \-strparse 4 +.Ve +.PP +and its digest computed with: +.PP +.Vb 2 +\& openssl md5 \-c tbs +\& MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 +.Ve +.PP +which it can be seen agrees with the recovered value above. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBdgst\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/s_client.1 b/deps/openssl/mingw64/share/man/man1/s_client.1 new file mode 100644 index 00000000..3ffc7913 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/s_client.1 @@ -0,0 +1,863 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "S_CLIENT 1" +.TH S_CLIENT 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-s_client, s_client \- SSL/TLS client program +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBs_client\fR +[\fB\-help\fR] +[\fB\-connect host:port\fR] +[\fB\-bind host:port\fR] +[\fB\-proxy host:port\fR] +[\fB\-unix path\fR] +[\fB\-4\fR] +[\fB\-6\fR] +[\fB\-servername name\fR] +[\fB\-noservername\fR] +[\fB\-verify depth\fR] +[\fB\-verify_return_error\fR] +[\fB\-cert filename\fR] +[\fB\-certform DER|PEM\fR] +[\fB\-key filename\fR] +[\fB\-keyform DER|PEM\fR] +[\fB\-cert_chain filename\fR] +[\fB\-build_chain\fR] +[\fB\-xkey\fR] +[\fB\-xcert\fR] +[\fB\-xchain\fR] +[\fB\-xchain_build\fR] +[\fB\-xcertform PEM|DER\fR] +[\fB\-xkeyform PEM|DER\fR] +[\fB\-pass arg\fR] +[\fB\-CApath directory\fR] +[\fB\-CAfile filename\fR] +[\fB\-chainCApath directory\fR] +[\fB\-chainCAfile filename\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-requestCAfile filename\fR] +[\fB\-dane_tlsa_domain domain\fR] +[\fB\-dane_tlsa_rrdata rrdata\fR] +[\fB\-dane_ee_no_namechecks\fR] +[\fB\-attime timestamp\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-no_check_time\fR] +[\fB\-partial_chain\fR] +[\fB\-policy arg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose purpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level num\fR] +[\fB\-nameopt option\fR] +[\fB\-verify_depth num\fR] +[\fB\-verify_email email\fR] +[\fB\-verify_hostname hostname\fR] +[\fB\-verify_ip ip\fR] +[\fB\-verify_name name\fR] +[\fB\-build_chain\fR] +[\fB\-x509_strict\fR] +[\fB\-reconnect\fR] +[\fB\-showcerts\fR] +[\fB\-debug\fR] +[\fB\-msg\fR] +[\fB\-nbio_test\fR] +[\fB\-state\fR] +[\fB\-nbio\fR] +[\fB\-crlf\fR] +[\fB\-ign_eof\fR] +[\fB\-no_ign_eof\fR] +[\fB\-psk_identity identity\fR] +[\fB\-psk key\fR] +[\fB\-psk_session file\fR] +[\fB\-quiet\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-tls1_1\fR] +[\fB\-tls1_2\fR] +[\fB\-tls1_3\fR] +[\fB\-no_ssl3\fR] +[\fB\-no_tls1\fR] +[\fB\-no_tls1_1\fR] +[\fB\-no_tls1_2\fR] +[\fB\-no_tls1_3\fR] +[\fB\-dtls\fR] +[\fB\-dtls1\fR] +[\fB\-dtls1_2\fR] +[\fB\-sctp\fR] +[\fB\-sctp_label_bug\fR] +[\fB\-fallback_scsv\fR] +[\fB\-async\fR] +[\fB\-max_send_frag\fR] +[\fB\-split_send_frag\fR] +[\fB\-max_pipelines\fR] +[\fB\-read_buf\fR] +[\fB\-bugs\fR] +[\fB\-comp\fR] +[\fB\-no_comp\fR] +[\fB\-allow_no_dhe_kex\fR] +[\fB\-sigalgs sigalglist\fR] +[\fB\-curves curvelist\fR] +[\fB\-cipher cipherlist\fR] +[\fB\-ciphersuites val\fR] +[\fB\-serverpref\fR] +[\fB\-starttls protocol\fR] +[\fB\-xmpphost hostname\fR] +[\fB\-name hostname\fR] +[\fB\-engine id\fR] +[\fB\-tlsextdebug\fR] +[\fB\-no_ticket\fR] +[\fB\-sess_out filename\fR] +[\fB\-sess_in filename\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-serverinfo types\fR] +[\fB\-status\fR] +[\fB\-alpn protocols\fR] +[\fB\-nextprotoneg protocols\fR] +[\fB\-ct\fR] +[\fB\-noct\fR] +[\fB\-ctlogfile\fR] +[\fB\-keylogfile file\fR] +[\fB\-early_data file\fR] +[\fB\-enable_pha\fR] +[\fBtarget\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects +to a remote host using \s-1SSL/TLS.\s0 It is a \fIvery\fR useful diagnostic tool for +\&\s-1SSL\s0 servers. +.SH "OPTIONS" +.IX Header "OPTIONS" +In addition to the options below the \fBs_client\fR utility also supports the +common and client only options documented +in the \*(L"Supported Command Line Commands\*(R" section of the \fBSSL_CONF_cmd\fR\|(3) +manual page. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-connect host:port\fR" 4 +.IX Item "-connect host:port" +This specifies the host and optional port to connect to. It is possible to +select the host and port using the optional target positional argument instead. +If neither this nor the target positional argument are specified then an attempt +is made to connect to the local host on port 4433. +.IP "\fB\-bind host:port\fR]" 4 +.IX Item "-bind host:port]" +This specifies the host address and or port to bind as the source for the +connection. For Unix-domain sockets the port is ignored and the host is +used as the source socket address. +.IP "\fB\-proxy host:port\fR" 4 +.IX Item "-proxy host:port" +When used with the \fB\-connect\fR flag, the program uses the host and port +specified with this flag and issues an \s-1HTTP CONNECT\s0 command to connect +to the desired server. +.IP "\fB\-unix path\fR" 4 +.IX Item "-unix path" +Connect over the specified Unix-domain socket. +.IP "\fB\-4\fR" 4 +.IX Item "-4" +Use IPv4 only. +.IP "\fB\-6\fR" 4 +.IX Item "-6" +Use IPv6 only. +.IP "\fB\-servername name\fR" 4 +.IX Item "-servername name" +Set the \s-1TLS SNI\s0 (Server Name Indication) extension in the ClientHello message to +the given value. +If \fB\-servername\fR is not provided, the \s-1TLS SNI\s0 extension will be populated with +the name given to \fB\-connect\fR if it follows a \s-1DNS\s0 name format. If \fB\-connect\fR is +not provided either, the \s-1SNI\s0 is set to \*(L"localhost\*(R". +This is the default since OpenSSL 1.1.1. +.Sp +Even though \s-1SNI\s0 should normally be a \s-1DNS\s0 name and not an \s-1IP\s0 address, if +\&\fB\-servername\fR is provided then that name will be sent, regardless of whether +it is a \s-1DNS\s0 name or not. +.Sp +This option cannot be used in conjunction with \fB\-noservername\fR. +.IP "\fB\-noservername\fR" 4 +.IX Item "-noservername" +Suppresses sending of the \s-1SNI\s0 (Server Name Indication) extension in the +ClientHello message. Cannot be used in conjunction with the \fB\-servername\fR or +<\-dane_tlsa_domain> options. +.IP "\fB\-cert certname\fR" 4 +.IX Item "-cert certname" +The certificate to use, if one is requested by the server. The default is +not to use a certificate. +.IP "\fB\-certform format\fR" 4 +.IX Item "-certform format" +The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. +.IP "\fB\-key keyfile\fR" 4 +.IX Item "-key keyfile" +The private key to use. If not specified then the certificate file will +be used. +.IP "\fB\-keyform format\fR" 4 +.IX Item "-keyform format" +The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. +.IP "\fB\-cert_chain\fR" 4 +.IX Item "-cert_chain" +A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +\&\fB\-cert\fR option. +.IP "\fB\-build_chain\fR" 4 +.IX Item "-build_chain" +Specify whether the application should build the certificate chain to be +provided to the server. +.IP "\fB\-xkey infile\fR, \fB\-xcert infile\fR, \fB\-xchain\fR" 4 +.IX Item "-xkey infile, -xcert infile, -xchain" +Specify an extra certificate, private key and certificate chain. These behave +in the same manner as the \fB\-cert\fR, \fB\-key\fR and \fB\-cert_chain\fR options. When +specified, the callback returning the first valid chain will be in use by the +client. +.IP "\fB\-xchain_build\fR" 4 +.IX Item "-xchain_build" +Specify whether the application should build the certificate chain to be +provided to the server for the extra certificates provided via \fB\-xkey infile\fR, +\&\fB\-xcert infile\fR, \fB\-xchain\fR options. +.IP "\fB\-xcertform PEM|DER\fR, \fB\-xkeyform PEM|DER\fR" 4 +.IX Item "-xcertform PEM|DER, -xkeyform PEM|DER" +Extra certificate and private key format respectively. +.IP "\fB\-pass arg\fR" 4 +.IX Item "-pass arg" +the private key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-verify depth\fR" 4 +.IX Item "-verify depth" +The verify depth to use. This specifies the maximum length of the +server certificate chain and turns on server certificate verification. +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. As a side effect the connection +will never fail due to a server certificate verify failure. +.IP "\fB\-verify_return_error\fR" 4 +.IX Item "-verify_return_error" +Return verification errors instead of continuing. This will typically +abort the handshake with a fatal error. +.IP "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +Option which determines how the subject or issuer names are displayed. The +\&\fBoption\fR argument can be a single option or multiple options separated by +commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to +set multiple options. See the \fBx509\fR\|(1) manual page for details. +.IP "\fB\-CApath directory\fR" 4 +.IX Item "-CApath directory" +The directory to use for server certificate verification. This directory +must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. These are +also used when building the client certificate chain. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +A file containing trusted certificates to use during server authentication +and to use when attempting to build the client certificate chain. +.IP "\fB\-chainCApath directory\fR" 4 +.IX Item "-chainCApath directory" +The directory to use for building the chain provided to the server. This +directory must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. +.IP "\fB\-chainCAfile file\fR" 4 +.IX Item "-chainCAfile file" +A file containing trusted certificates to use when attempting to build the +client certificate chain. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location +.IP "\fB\-requestCAfile file\fR" 4 +.IX Item "-requestCAfile file" +A file containing a list of certificates whose subject names will be sent +to the server in the \fBcertificate_authorities\fR extension. Only supported +for \s-1TLS 1.3\s0 +.IP "\fB\-dane_tlsa_domain domain\fR" 4 +.IX Item "-dane_tlsa_domain domain" +Enable \s-1RFC6698/RFC7671 DANE TLSA\s0 authentication and specify the +\&\s-1TLSA\s0 base domain which becomes the default \s-1SNI\s0 hint and the primary +reference identifier for hostname checks. This must be used in +combination with at least one instance of the \fB\-dane_tlsa_rrdata\fR +option below. +.Sp +When \s-1DANE\s0 authentication succeeds, the diagnostic output will include +the lowest (closest to 0) depth at which a \s-1TLSA\s0 record authenticated +a chain certificate. When that \s-1TLSA\s0 record is a \*(L"2 1 0\*(R" trust +anchor public key that signed (rather than matched) the top-most +certificate of the chain, the result is reported as \*(L"\s-1TA\s0 public key +verified\*(R". Otherwise, either the \s-1TLSA\s0 record \*(L"matched \s-1TA\s0 certificate\*(R" +at a positive depth or else \*(L"matched \s-1EE\s0 certificate\*(R" at depth 0. +.IP "\fB\-dane_tlsa_rrdata rrdata\fR" 4 +.IX Item "-dane_tlsa_rrdata rrdata" +Use one or more times to specify the \s-1RRDATA\s0 fields of the \s-1DANE TLSA\s0 +RRset associated with the target service. The \fBrrdata\fR value is +specified in \*(L"presentation form\*(R", that is four whitespace separated +fields that specify the usage, selector, matching type and associated +data, with the last of these encoded in hexadecimal. Optional +whitespace is ignored in the associated data field. For example: +.Sp +.Vb 12 +\& $ openssl s_client \-brief \-starttls smtp \e +\& \-connect smtp.example.com:25 \e +\& \-dane_tlsa_domain smtp.example.com \e +\& \-dane_tlsa_rrdata "2 1 1 +\& B111DD8A1C2091A89BD4FD60C57F0716CCE50FEEFF8137CDBEE0326E 02CF362B" \e +\& \-dane_tlsa_rrdata "2 1 1 +\& 60B87575447DCBA2A36B7D11AC09FB24A9DB406FEE12D2CC90180517 616E8A18" +\& ... +\& Verification: OK +\& Verified peername: smtp.example.com +\& DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1 +\& ... +.Ve +.IP "\fB\-dane_ee_no_namechecks\fR" 4 +.IX Item "-dane_ee_no_namechecks" +This disables server name checks when authenticating via \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 +records. +For some applications, primarily web browsers, it is not safe to disable name +checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can +convince a client that a connection to a victim server is instead a secure +connection to the malicious server. +The malicious server may then be able to violate cross-origin scripting +restrictions. +Thus, despite the text of \s-1RFC7671,\s0 name checks are by default enabled for +\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe +to do so. +In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0 +records already make it possible for a remote domain to redirect client +connections to any server of its choice, and in any case \s-1SMTP\s0 and \s-1XMPP\s0 clients +do not execute scripts downloaded from remote servers. +.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4 +.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict" +Set various certificate chain validation options. See the +\&\fBverify\fR\|(1) manual page for details. +.IP "\fB\-reconnect\fR" 4 +.IX Item "-reconnect" +Reconnects to the same server 5 times using the same session \s-1ID,\s0 this can +be used as a test that session caching is working. +.IP "\fB\-showcerts\fR" 4 +.IX Item "-showcerts" +Displays the server certificate list as sent by the server: it only consists of +certificates the server has sent (in the order the server has sent them). It is +\&\fBnot\fR a verified chain. +.IP "\fB\-prexit\fR" 4 +.IX Item "-prexit" +Print session information when the program exits. This will always attempt +to print out information even if the connection fails. Normally information +will only be printed out once if the connection succeeds. This option is useful +because the cipher in use may be renegotiated or the connection may fail +because a client certificate is required or is requested only after an +attempt is made to access a certain \s-1URL.\s0 Note: the output produced by this +option is not always accurate because a connection might never have been +established. +.IP "\fB\-state\fR" 4 +.IX Item "-state" +Prints out the \s-1SSL\s0 session states. +.IP "\fB\-debug\fR" 4 +.IX Item "-debug" +Print extensive debugging information including a hex dump of all traffic. +.IP "\fB\-msg\fR" 4 +.IX Item "-msg" +Show all protocol messages with hex dump. +.IP "\fB\-trace\fR" 4 +.IX Item "-trace" +Show verbose trace output of protocol messages. OpenSSL needs to be compiled +with \fBenable-ssl-trace\fR for this option to work. +.IP "\fB\-msgfile\fR" 4 +.IX Item "-msgfile" +File to send output of \fB\-msg\fR or \fB\-trace\fR to, default standard output. +.IP "\fB\-nbio_test\fR" 4 +.IX Item "-nbio_test" +Tests non-blocking I/O +.IP "\fB\-nbio\fR" 4 +.IX Item "-nbio" +Turns on non-blocking I/O +.IP "\fB\-crlf\fR" 4 +.IX Item "-crlf" +This option translated a line feed from the terminal into \s-1CR+LF\s0 as required +by some servers. +.IP "\fB\-ign_eof\fR" 4 +.IX Item "-ign_eof" +Inhibit shutting down the connection when end of file is reached in the +input. +.IP "\fB\-quiet\fR" 4 +.IX Item "-quiet" +Inhibit printing of session and certificate information. This implicitly +turns on \fB\-ign_eof\fR as well. +.IP "\fB\-no_ign_eof\fR" 4 +.IX Item "-no_ign_eof" +Shut down the connection when end of file is reached in the input. +Can be used to override the implicit \fB\-ign_eof\fR after \fB\-quiet\fR. +.IP "\fB\-psk_identity identity\fR" 4 +.IX Item "-psk_identity identity" +Use the \s-1PSK\s0 identity \fBidentity\fR when using a \s-1PSK\s0 cipher suite. +The default value is \*(L"Client_identity\*(R" (without the quotes). +.IP "\fB\-psk key\fR" 4 +.IX Item "-psk key" +Use the \s-1PSK\s0 key \fBkey\fR when using a \s-1PSK\s0 cipher suite. The key is +given as a hexadecimal number without leading 0x, for example \-psk +1a2b3c4d. +This option must be provided in order to use a \s-1PSK\s0 cipher. +.IP "\fB\-psk_session file\fR" 4 +.IX Item "-psk_session file" +Use the pem encoded \s-1SSL_SESSION\s0 data stored in \fBfile\fR as the basis of a \s-1PSK.\s0 +Note that this will only work if TLSv1.3 is negotiated. +.IP "\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 +.IX Item "-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" +These options require or disable the use of the specified \s-1SSL\s0 or \s-1TLS\s0 protocols. +By default \fBs_client\fR will negotiate the highest mutually supported protocol +version. +When a specific \s-1TLS\s0 version is required, only that version will be offered to +and accepted from the server. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. +.IP "\fB\-dtls\fR, \fB\-dtls1\fR, \fB\-dtls1_2\fR" 4 +.IX Item "-dtls, -dtls1, -dtls1_2" +These options make \fBs_client\fR use \s-1DTLS\s0 protocols instead of \s-1TLS.\s0 +With \fB\-dtls\fR, \fBs_client\fR will negotiate any supported \s-1DTLS\s0 protocol version, +whilst \fB\-dtls1\fR and \fB\-dtls1_2\fR will only support \s-1DTLS1.0\s0 and \s-1DTLS1.2\s0 +respectively. +.IP "\fB\-sctp\fR" 4 +.IX Item "-sctp" +Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS.\s0 Must be used in +conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-sctp_label_bug\fR" 4 +.IX Item "-sctp_label_bug" +Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for \s-1DTLS/SCTP.\s0 This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-fallback_scsv\fR" 4 +.IX Item "-fallback_scsv" +Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. +.IP "\fB\-async\fR" 4 +.IX Item "-async" +Switch on asynchronous mode. Cryptographic operations will be performed +asynchronously. This will only have an effect if an asynchronous capable engine +is also used via the \fB\-engine\fR option. For test purposes the dummy async engine +(dasync) can be used (if available). +.IP "\fB\-max_send_frag int\fR" 4 +.IX Item "-max_send_frag int" +The maximum size of data fragment to send. +See \fBSSL_CTX_set_max_send_fragment\fR\|(3) for further information. +.IP "\fB\-split_send_frag int\fR" 4 +.IX Item "-split_send_frag int" +The size used to split data for encrypt pipelines. If more data is written in +one go than this value then it will be split into multiple pipelines, up to the +maximum number of pipelines defined by max_pipelines. This only has an effect if +a suitable cipher suite has been negotiated, an engine that supports pipelining +has been loaded, and max_pipelines is greater than 1. See +\&\fBSSL_CTX_set_split_send_fragment\fR\|(3) for further information. +.IP "\fB\-max_pipelines int\fR" 4 +.IX Item "-max_pipelines int" +The maximum number of encrypt/decrypt pipelines to be used. This will only have +an effect if an engine has been loaded that supports pipelining (e.g. the dasync +engine) and a suitable cipher suite has been negotiated. The default value is 1. +See \fBSSL_CTX_set_max_pipelines\fR\|(3) for further information. +.IP "\fB\-read_buf int\fR" 4 +.IX Item "-read_buf int" +The default read buffer size to be used for connections. This will only have an +effect if the buffer size is larger than the size that would otherwise be used +and pipelining is in use (see \fBSSL_CTX_set_default_read_buffer_len\fR\|(3) for +further information). +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +There are several known bugs in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +option enables various workarounds. +.IP "\fB\-comp\fR" 4 +.IX Item "-comp" +Enables support for \s-1SSL/TLS\s0 compression. +This option was introduced in OpenSSL 1.1.0. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-no_comp\fR" 4 +.IX Item "-no_comp" +Disables support for \s-1SSL/TLS\s0 compression. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-brief\fR" 4 +.IX Item "-brief" +Only provide a brief summary of connection parameters instead of the +normal verbose output. +.IP "\fB\-sigalgs sigalglist\fR" 4 +.IX Item "-sigalgs sigalglist" +Specifies the list of signature algorithms that are sent by the client. +The server selects one entry in the list based on its preferences. +For example strings, see \fBSSL_CTX_set1_sigalgs\fR\|(3) +.IP "\fB\-curves curvelist\fR" 4 +.IX Item "-curves curvelist" +Specifies the list of supported curves to be sent by the client. The curve is +ultimately selected by the server. For a list of all curves, use: +.Sp +.Vb 1 +\& $ openssl ecparam \-list_curves +.Ve +.IP "\fB\-cipher cipherlist\fR" 4 +.IX Item "-cipher cipherlist" +This allows the TLSv1.2 and below cipher list sent by the client to be modified. +This list will be combined with any TLSv1.3 ciphersuites that have been +configured. Although the server determines which ciphersuite is used it should +take the first supported cipher in the list sent by the client. See the +\&\fBciphers\fR command for more information. +.IP "\fB\-ciphersuites val\fR" 4 +.IX Item "-ciphersuites val" +This allows the TLSv1.3 ciphersuites sent by the client to be modified. This +list will be combined with any TLSv1.2 and below ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See the +\&\fBciphers\fR command for more information. The format for this list is a simple +colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. +.IP "\fB\-starttls protocol\fR" 4 +.IX Item "-starttls protocol" +Send the protocol-specific message(s) to switch to \s-1TLS\s0 for communication. +\&\fBprotocol\fR is a keyword for the intended protocol. Currently, the only +supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", \*(L"ftp\*(R", \*(L"xmpp\*(R", \*(L"xmpp-server\*(R", +\&\*(L"irc\*(R", \*(L"postgres\*(R", \*(L"mysql\*(R", \*(L"lmtp\*(R", \*(L"nntp\*(R", \*(L"sieve\*(R" and \*(L"ldap\*(R". +.IP "\fB\-xmpphost hostname\fR" 4 +.IX Item "-xmpphost hostname" +This option, when used with \*(L"\-starttls xmpp\*(R" or \*(L"\-starttls xmpp-server\*(R", +specifies the host for the \*(L"to\*(R" attribute of the stream element. +If this option is not specified, then the host specified with \*(L"\-connect\*(R" +will be used. +.Sp +This option is an alias of the \fB\-name\fR option for \*(L"xmpp\*(R" and \*(L"xmpp-server\*(R". +.IP "\fB\-name hostname\fR" 4 +.IX Item "-name hostname" +This option is used to specify hostname information for various protocols +used with \fB\-starttls\fR option. Currently only \*(L"xmpp\*(R", \*(L"xmpp-server\*(R", +\&\*(L"smtp\*(R" and \*(L"lmtp\*(R" can utilize this \fB\-name\fR option. +.Sp +If this option is used with \*(L"\-starttls xmpp\*(R" or \*(L"\-starttls xmpp-server\*(R", +if specifies the host for the \*(L"to\*(R" attribute of the stream element. If this +option is not specified, then the host specified with \*(L"\-connect\*(R" will be used. +.Sp +If this option is used with \*(L"\-starttls lmtp\*(R" or \*(L"\-starttls smtp\*(R", it specifies +the name to use in the \*(L"\s-1LMTP LHLO\*(R"\s0 or \*(L"\s-1SMTP EHLO\*(R"\s0 message, respectively. If +this option is not specified, then \*(L"mail.example.com\*(R" will be used. +.IP "\fB\-tlsextdebug\fR" 4 +.IX Item "-tlsextdebug" +Print out a hex dump of any \s-1TLS\s0 extensions received from the server. +.IP "\fB\-no_ticket\fR" 4 +.IX Item "-no_ticket" +Disable RFC4507bis session ticket support. +.IP "\fB\-sess_out filename\fR" 4 +.IX Item "-sess_out filename" +Output \s-1SSL\s0 session to \fBfilename\fR. +.IP "\fB\-sess_in sess.pem\fR" 4 +.IX Item "-sess_in sess.pem" +Load \s-1SSL\s0 session from \fBfilename\fR. The client will attempt to resume a +connection from this session. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBs_client\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-serverinfo types\fR" 4 +.IX Item "-serverinfo types" +A list of comma-separated \s-1TLS\s0 Extension Types (numbers between 0 and +65535). Each type will be sent as an empty ClientHello \s-1TLS\s0 Extension. +The server's response (if any) will be encoded and displayed as a \s-1PEM\s0 +file. +.IP "\fB\-status\fR" 4 +.IX Item "-status" +Sends a certificate status request to the server (\s-1OCSP\s0 stapling). The server +response (if any) is printed out. +.IP "\fB\-alpn protocols\fR, \fB\-nextprotoneg protocols\fR" 4 +.IX Item "-alpn protocols, -nextprotoneg protocols" +These flags enable the Enable the Application-Layer Protocol Negotiation +or Next Protocol Negotiation (\s-1NPN\s0) extension, respectively. \s-1ALPN\s0 is the +\&\s-1IETF\s0 standard and replaces \s-1NPN.\s0 +The \fBprotocols\fR list is a comma-separated list of protocol names that +the client should advertise support for. The list should contain the most +desirable protocols first. Protocol names are printable \s-1ASCII\s0 strings, +for example \*(L"http/1.1\*(R" or \*(L"spdy/3\*(R". +An empty list of protocols is treated specially and will cause the +client to advertise support for the \s-1TLS\s0 extension but disconnect just +after receiving ServerHello with a list of server supported protocols. +The flag \fB\-nextprotoneg\fR cannot be specified if \fB\-tls1_3\fR is used. +.IP "\fB\-ct\fR, \fB\-noct\fR" 4 +.IX Item "-ct, -noct" +Use one of these two options to control whether Certificate Transparency (\s-1CT\s0) +is enabled (\fB\-ct\fR) or disabled (\fB\-noct\fR). +If \s-1CT\s0 is enabled, signed certificate timestamps (SCTs) will be requested from +the server and reported at handshake completion. +.Sp +Enabling \s-1CT\s0 also enables \s-1OCSP\s0 stapling, as this is one possible delivery method +for SCTs. +.IP "\fB\-ctlogfile\fR" 4 +.IX Item "-ctlogfile" +A file containing a list of known Certificate Transparency logs. See +\&\fBSSL_CTX_set_ctlog_list_file\fR\|(3) for the expected file format. +.IP "\fB\-keylogfile file\fR" 4 +.IX Item "-keylogfile file" +Appends \s-1TLS\s0 secrets to the specified keylog file such that external programs +(like Wireshark) can decrypt \s-1TLS\s0 connections. +.IP "\fB\-early_data file\fR" 4 +.IX Item "-early_data file" +Reads the contents of the specified file and attempts to send it as early data +to the server. This will only work with resumed sessions that support early +data and when the server accepts the early data. +.IP "\fB\-enable_pha\fR" 4 +.IX Item "-enable_pha" +For TLSv1.3 only, send the Post-Handshake Authentication extension. This will +happen whether or not a certificate has been provided via \fB\-cert\fR. +.IP "\fB[target]\fR" 4 +.IX Item "[target]" +Rather than providing \fB\-connect\fR, the target hostname and optional port may +be provided as a single positional argument after all options. If neither this +nor \fB\-connect\fR are provided, falls back to attempting to connect to localhost +on port 4433. +.SH "CONNECTED COMMANDS" +.IX Header "CONNECTED COMMANDS" +If a connection is established with an \s-1SSL\s0 server then any data received +from the server is displayed and any key presses will be sent to the +server. If end of file is reached then the connection will be closed down. When +used interactively (which means neither \fB\-quiet\fR nor \fB\-ign_eof\fR have been +given), then certain commands are also recognized which perform special +operations. These commands are a letter which must appear at the start of a +line. They are listed below. +.IP "\fBQ\fR" 4 +.IX Item "Q" +End the current \s-1SSL\s0 connection and exit. +.IP "\fBR\fR" 4 +.IX Item "R" +Renegotiate the \s-1SSL\s0 session (TLSv1.2 and below only). +.IP "\fBB\fR" 4 +.IX Item "B" +Send a heartbeat message to the server (\s-1DTLS\s0 only) +.IP "\fBk\fR" 4 +.IX Item "k" +Send a key update message to the server (TLSv1.3 only) +.IP "\fBK\fR" 4 +.IX Item "K" +Send a key update message to the server and request one back (TLSv1.3 only) +.SH "NOTES" +.IX Header "NOTES" +\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL HTTP\s0 +server the command: +.PP +.Vb 1 +\& openssl s_client \-connect servername:443 +.Ve +.PP +would typically be used (https uses port 443). If the connection succeeds +then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET /\*(R"\s0 to retrieve a web page. +.PP +If the handshake fails then there are several possible causes, if it is +nothing obvious like no client certificate then the \fB\-bugs\fR, +\&\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR options can be tried +in case it is a buggy server. In particular you should play with these +options \fBbefore\fR submitting a bug report to an OpenSSL mailing list. +.PP +A frequent problem when attempting to get client certificates working +is that a web client complains it has no certificates or gives an empty +list to choose from. This is normally because the server is not sending +the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it +requests a certificate. By using \fBs_client\fR the \s-1CA\s0 list can be viewed +and checked. However some servers only request client authentication +after a specific \s-1URL\s0 is requested. To obtain the list in this case it +is necessary to use the \fB\-prexit\fR option and send an \s-1HTTP\s0 request +for an appropriate page. +.PP +If a certificate is specified on the command line using the \fB\-cert\fR +option it will not be used unless the server specifically requests +a client certificate. Therefor merely including a client certificate +on the command line is no guarantee that the certificate works. +.PP +If there are problems verifying a server certificate then the +\&\fB\-showcerts\fR option can be used to show all the certificates sent by the +server. +.PP +The \fBs_client\fR utility is a test tool and is designed to continue the +handshake after any certificate verification errors. As a result it will +accept any certificate chain (trusted or not) sent by the peer. None test +applications should \fBnot\fR do this as it makes them vulnerable to a \s-1MITM\s0 +attack. This behaviour can be changed by with the \fB\-verify_return_error\fR +option: any verify errors are then returned aborting the handshake. +.PP +The \fB\-bind\fR option may be useful if the server or a firewall requires +connections to come from some particular address and or port. +.SH "BUGS" +.IX Header "BUGS" +Because this program has a lot of options and also because some of the +techniques used are rather old, the C source of \fBs_client\fR is rather hard to +read and not a model of how things should be done. +A typical \s-1SSL\s0 client program would be much simpler. +.PP +The \fB\-prexit\fR option is a bit of a hack. We should really report +information whenever a session is renegotiated. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_cmd\fR\|(3), \fBsess_id\fR\|(1), \fBs_server\fR\|(1), \fBciphers\fR\|(1), +\&\fBSSL_CTX_set_max_send_fragment\fR\|(3), \fBSSL_CTX_set_split_send_fragment\fR\|(3), +\&\fBSSL_CTX_set_max_pipelines\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-no_alt_chains\fR option was added in OpenSSL 1.1.0. +The \fB\-name\fR option was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/s_server.1 b/deps/openssl/mingw64/share/man/man1/s_server.1 new file mode 100644 index 00000000..8528a53e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/s_server.1 @@ -0,0 +1,868 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "S_SERVER 1" +.TH S_SERVER 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-s_server, s_server \- SSL/TLS server program +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBs_server\fR +[\fB\-help\fR] +[\fB\-port +int\fR] +[\fB\-accept val\fR] +[\fB\-unix val\fR] +[\fB\-4\fR] +[\fB\-6\fR] +[\fB\-unlink\fR] +[\fB\-context val\fR] +[\fB\-verify int\fR] +[\fB\-Verify int\fR] +[\fB\-cert infile\fR] +[\fB\-nameopt val\fR] +[\fB\-naccept +int\fR] +[\fB\-serverinfo val\fR] +[\fB\-certform PEM|DER\fR] +[\fB\-key infile\fR] +[\fB\-keyform format\fR] +[\fB\-pass val\fR] +[\fB\-dcert infile\fR] +[\fB\-dcertform PEM|DER\fR] +[\fB\-dkey infile\fR] +[\fB\-dkeyform PEM|DER\fR] +[\fB\-dpass val\fR] +[\fB\-nbio_test\fR] +[\fB\-crlf\fR] +[\fB\-debug\fR] +[\fB\-msg\fR] +[\fB\-msgfile outfile\fR] +[\fB\-state\fR] +[\fB\-CAfile infile\fR] +[\fB\-CApath dir\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-nocert\fR] +[\fB\-quiet\fR] +[\fB\-no_resume_ephemeral\fR] +[\fB\-www\fR] +[\fB\-WWW\fR] +[\fB\-servername\fR] +[\fB\-servername_fatal\fR] +[\fB\-cert2 infile\fR] +[\fB\-key2 infile\fR] +[\fB\-tlsextdebug\fR] +[\fB\-HTTP\fR] +[\fB\-id_prefix val\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-keymatexport val\fR] +[\fB\-keymatexportlen +int\fR] +[\fB\-CRL infile\fR] +[\fB\-crl_download\fR] +[\fB\-cert_chain infile\fR] +[\fB\-dcert_chain infile\fR] +[\fB\-chainCApath dir\fR] +[\fB\-verifyCApath dir\fR] +[\fB\-no_cache\fR] +[\fB\-ext_cache\fR] +[\fB\-CRLform PEM|DER\fR] +[\fB\-verify_return_error\fR] +[\fB\-verify_quiet\fR] +[\fB\-build_chain\fR] +[\fB\-chainCAfile infile\fR] +[\fB\-verifyCAfile infile\fR] +[\fB\-ign_eof\fR] +[\fB\-no_ign_eof\fR] +[\fB\-status\fR] +[\fB\-status_verbose\fR] +[\fB\-status_timeout int\fR] +[\fB\-status_url val\fR] +[\fB\-status_file infile\fR] +[\fB\-trace\fR] +[\fB\-security_debug\fR] +[\fB\-security_debug_verbose\fR] +[\fB\-brief\fR] +[\fB\-rev\fR] +[\fB\-async\fR] +[\fB\-ssl_config val\fR] +[\fB\-max_send_frag +int\fR] +[\fB\-split_send_frag +int\fR] +[\fB\-max_pipelines +int\fR] +[\fB\-read_buf +int\fR] +[\fB\-no_ssl3\fR] +[\fB\-no_tls1\fR] +[\fB\-no_tls1_1\fR] +[\fB\-no_tls1_2\fR] +[\fB\-no_tls1_3\fR] +[\fB\-bugs\fR] +[\fB\-no_comp\fR] +[\fB\-comp\fR] +[\fB\-no_ticket\fR] +[\fB\-num_tickets\fR] +[\fB\-serverpref\fR] +[\fB\-legacy_renegotiation\fR] +[\fB\-no_renegotiation\fR] +[\fB\-legacy_server_connect\fR] +[\fB\-no_resumption_on_reneg\fR] +[\fB\-no_legacy_server_connect\fR] +[\fB\-allow_no_dhe_kex\fR] +[\fB\-prioritize_chacha\fR] +[\fB\-strict\fR] +[\fB\-sigalgs val\fR] +[\fB\-client_sigalgs val\fR] +[\fB\-groups val\fR] +[\fB\-curves val\fR] +[\fB\-named_curve val\fR] +[\fB\-cipher val\fR] +[\fB\-ciphersuites val\fR] +[\fB\-dhparam infile\fR] +[\fB\-record_padding val\fR] +[\fB\-debug_broken_protocol\fR] +[\fB\-policy val\fR] +[\fB\-purpose val\fR] +[\fB\-verify_name val\fR] +[\fB\-verify_depth int\fR] +[\fB\-auth_level int\fR] +[\fB\-attime intmax\fR] +[\fB\-verify_hostname val\fR] +[\fB\-verify_email val\fR] +[\fB\-verify_ip\fR] +[\fB\-ignore_critical\fR] +[\fB\-issuer_checks\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-policy_check\fR] +[\fB\-explicit_policy\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-x509_strict\fR] +[\fB\-extended_crl\fR] +[\fB\-use_deltas\fR] +[\fB\-policy_print\fR] +[\fB\-check_ss_sig\fR] +[\fB\-trusted_first\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_192\fR] +[\fB\-partial_chain\fR] +[\fB\-no_alt_chains\fR] +[\fB\-no_check_time\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-xkey\fR] +[\fB\-xcert\fR] +[\fB\-xchain\fR] +[\fB\-xchain_build\fR] +[\fB\-xcertform PEM|DER\fR] +[\fB\-xkeyform PEM|DER\fR] +[\fB\-nbio\fR] +[\fB\-psk_identity val\fR] +[\fB\-psk_hint val\fR] +[\fB\-psk val\fR] +[\fB\-psk_session file\fR] +[\fB\-srpvfile infile\fR] +[\fB\-srpuserseed val\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-tls1_1\fR] +[\fB\-tls1_2\fR] +[\fB\-tls1_3\fR] +[\fB\-dtls\fR] +[\fB\-timeout\fR] +[\fB\-mtu +int\fR] +[\fB\-listen\fR] +[\fB\-dtls1\fR] +[\fB\-dtls1_2\fR] +[\fB\-sctp\fR] +[\fB\-sctp_label_bug\fR] +[\fB\-no_dhe\fR] +[\fB\-nextprotoneg val\fR] +[\fB\-use_srtp val\fR] +[\fB\-alpn val\fR] +[\fB\-engine val\fR] +[\fB\-keylogfile outfile\fR] +[\fB\-max_early_data int\fR] +[\fB\-early_data\fR] +[\fB\-anti_replay\fR] +[\fB\-no_anti_replay\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens +for connections on a given port using \s-1SSL/TLS.\s0 +.SH "OPTIONS" +.IX Header "OPTIONS" +In addition to the options below the \fBs_server\fR utility also supports the +common and server only options documented +in the \*(L"Supported Command Line Commands\*(R" section of the \fBSSL_CONF_cmd\fR\|(3) +manual page. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-port +int\fR" 4 +.IX Item "-port +int" +The \s-1TCP\s0 port to listen on for connections. If not specified 4433 is used. +.IP "\fB\-accept val\fR" 4 +.IX Item "-accept val" +The optional \s-1TCP\s0 host and port to listen on for connections. If not specified, *:4433 is used. +.IP "\fB\-unix val\fR" 4 +.IX Item "-unix val" +Unix domain socket to accept on. +.IP "\fB\-4\fR" 4 +.IX Item "-4" +Use IPv4 only. +.IP "\fB\-6\fR" 4 +.IX Item "-6" +Use IPv6 only. +.IP "\fB\-unlink\fR" 4 +.IX Item "-unlink" +For \-unix, unlink any existing socket first. +.IP "\fB\-context val\fR" 4 +.IX Item "-context val" +Sets the \s-1SSL\s0 context id. It can be given any string value. If this option +is not present a default value will be used. +.IP "\fB\-verify int\fR, \fB\-Verify int\fR" 4 +.IX Item "-verify int, -Verify int" +The verify depth to use. This specifies the maximum length of the +client certificate chain and makes the server request a certificate from +the client. With the \fB\-verify\fR option a certificate is requested but the +client does not have to send one, with the \fB\-Verify\fR option the client +must supply a certificate or an error occurs. +.Sp +If the cipher suite cannot request a client certificate (for example an +anonymous cipher suite or \s-1PSK\s0) this option has no effect. +.IP "\fB\-cert infile\fR" 4 +.IX Item "-cert infile" +The certificate to use, most servers cipher suites require the use of a +certificate and some require a certificate with a certain public key type: +for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0 +(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used. +.IP "\fB\-cert_chain\fR" 4 +.IX Item "-cert_chain" +A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +\&\fB\-cert\fR option. +.IP "\fB\-build_chain\fR" 4 +.IX Item "-build_chain" +Specify whether the application should build the certificate chain to be +provided to the client. +.IP "\fB\-nameopt val\fR" 4 +.IX Item "-nameopt val" +Option which determines how the subject or issuer names are displayed. The +\&\fBval\fR argument can be a single option or multiple options separated by +commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to +set multiple options. See the \fBx509\fR\|(1) manual page for details. +.IP "\fB\-naccept +int\fR" 4 +.IX Item "-naccept +int" +The server will exit after receiving the specified number of connections, +default unlimited. +.IP "\fB\-serverinfo val\fR" 4 +.IX Item "-serverinfo val" +A file containing one or more blocks of \s-1PEM\s0 data. Each \s-1PEM\s0 block +must encode a \s-1TLS\s0 ServerHello extension (2 bytes type, 2 bytes length, +followed by \*(L"length\*(R" bytes of extension data). If the client sends +an empty \s-1TLS\s0 ClientHello extension matching the type, the corresponding +ServerHello extension will be returned. +.IP "\fB\-certform PEM|DER\fR" 4 +.IX Item "-certform PEM|DER" +The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. +.IP "\fB\-key infile\fR" 4 +.IX Item "-key infile" +The private key to use. If not specified then the certificate file will +be used. +.IP "\fB\-keyform format\fR" 4 +.IX Item "-keyform format" +The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. +.IP "\fB\-pass val\fR" 4 +.IX Item "-pass val" +The private key password source. For more information about the format of \fBval\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-dcert infile\fR, \fB\-dkey infile\fR" 4 +.IX Item "-dcert infile, -dkey infile" +Specify an additional certificate and private key, these behave in the +same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no default +if they are not specified (no additional certificate and key is used). As +noted above some cipher suites require a certificate containing a key of +a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key +and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys +a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites +by using an appropriate certificate. +.IP "\fB\-dcert_chain\fR" 4 +.IX Item "-dcert_chain" +A file containing trusted certificates to use when attempting to build the +server certificate chain when a certificate specified via the \fB\-dcert\fR option +is in use. +.IP "\fB\-dcertform PEM|DER\fR, \fB\-dkeyform PEM|DER\fR, \fB\-dpass val\fR" 4 +.IX Item "-dcertform PEM|DER, -dkeyform PEM|DER, -dpass val" +Additional certificate and private key format and passphrase respectively. +.IP "\fB\-xkey infile\fR, \fB\-xcert infile\fR, \fB\-xchain\fR" 4 +.IX Item "-xkey infile, -xcert infile, -xchain" +Specify an extra certificate, private key and certificate chain. These behave +in the same manner as the \fB\-cert\fR, \fB\-key\fR and \fB\-cert_chain\fR options. When +specified, the callback returning the first valid chain will be in use by +the server. +.IP "\fB\-xchain_build\fR" 4 +.IX Item "-xchain_build" +Specify whether the application should build the certificate chain to be +provided to the client for the extra certificates provided via \fB\-xkey infile\fR, +\&\fB\-xcert infile\fR, \fB\-xchain\fR options. +.IP "\fB\-xcertform PEM|DER\fR, \fB\-xkeyform PEM|DER\fR" 4 +.IX Item "-xcertform PEM|DER, -xkeyform PEM|DER" +Extra certificate and private key format respectively. +.IP "\fB\-nbio_test\fR" 4 +.IX Item "-nbio_test" +Tests non blocking I/O. +.IP "\fB\-crlf\fR" 4 +.IX Item "-crlf" +This option translated a line feed from the terminal into \s-1CR+LF.\s0 +.IP "\fB\-debug\fR" 4 +.IX Item "-debug" +Print extensive debugging information including a hex dump of all traffic. +.IP "\fB\-msg\fR" 4 +.IX Item "-msg" +Show all protocol messages with hex dump. +.IP "\fB\-msgfile outfile\fR" 4 +.IX Item "-msgfile outfile" +File to send output of \fB\-msg\fR or \fB\-trace\fR to, default standard output. +.IP "\fB\-state\fR" 4 +.IX Item "-state" +Prints the \s-1SSL\s0 session states. +.IP "\fB\-CAfile infile\fR" 4 +.IX Item "-CAfile infile" +A file containing trusted certificates to use during client authentication +and to use when attempting to build the server certificate chain. The list +is also used in the list of acceptable client CAs passed to the client when +a certificate is requested. +.IP "\fB\-CApath dir\fR" 4 +.IX Item "-CApath dir" +The directory to use for client certificate verification. This directory +must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. These are +also used when building the server certificate chain. +.IP "\fB\-chainCApath dir\fR" 4 +.IX Item "-chainCApath dir" +The directory to use for building the chain provided to the client. This +directory must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. +.IP "\fB\-chainCAfile file\fR" 4 +.IX Item "-chainCAfile file" +A file containing trusted certificates to use when attempting to build the +server certificate chain. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location. +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location. +.IP "\fB\-nocert\fR" 4 +.IX Item "-nocert" +If this option is set then no certificate is used. This restricts the +cipher suites available to the anonymous ones (currently just anonymous +\&\s-1DH\s0). +.IP "\fB\-quiet\fR" 4 +.IX Item "-quiet" +Inhibit printing of session and certificate information. +.IP "\fB\-www\fR" 4 +.IX Item "-www" +Sends a status message back to the client when it connects. This includes +information about the ciphers used and various session parameters. +The output is in \s-1HTML\s0 format so this option will normally be used with a +web browser. Cannot be used in conjunction with \fB\-early_data\fR. +.IP "\fB\-WWW\fR" 4 +.IX Item "-WWW" +Emulates a simple web server. Pages will be resolved relative to the +current directory, for example if the \s-1URL\s0 https://myhost/page.html is +requested the file ./page.html will be loaded. Cannot be used in conjunction +with \fB\-early_data\fR. +.IP "\fB\-tlsextdebug\fR" 4 +.IX Item "-tlsextdebug" +Print a hex dump of any \s-1TLS\s0 extensions received from the server. +.IP "\fB\-HTTP\fR" 4 +.IX Item "-HTTP" +Emulates a simple web server. Pages will be resolved relative to the +current directory, for example if the \s-1URL\s0 https://myhost/page.html is +requested the file ./page.html will be loaded. The files loaded are +assumed to contain a complete and correct \s-1HTTP\s0 response (lines that +are part of the \s-1HTTP\s0 response line and headers must end with \s-1CRLF\s0). Cannot be +used in conjunction with \fB\-early_data\fR. +.IP "\fB\-id_prefix val\fR" 4 +.IX Item "-id_prefix val" +Generate \s-1SSL/TLS\s0 session IDs prefixed by \fBval\fR. This is mostly useful +for testing any \s-1SSL/TLS\s0 code (eg. proxies) that wish to deal with multiple +servers, when each of which might be generating a unique range of session +IDs (eg. with a certain prefix). +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-verify_return_error\fR" 4 +.IX Item "-verify_return_error" +Verification errors normally just print a message but allow the +connection to continue, for debugging purposes. +If this option is used, then verification errors close the connection. +.IP "\fB\-status\fR" 4 +.IX Item "-status" +Enables certificate status request support (aka \s-1OCSP\s0 stapling). +.IP "\fB\-status_verbose\fR" 4 +.IX Item "-status_verbose" +Enables certificate status request support (aka \s-1OCSP\s0 stapling) and gives +a verbose printout of the \s-1OCSP\s0 response. +.IP "\fB\-status_timeout int\fR" 4 +.IX Item "-status_timeout int" +Sets the timeout for \s-1OCSP\s0 response to \fBint\fR seconds. +.IP "\fB\-status_url val\fR" 4 +.IX Item "-status_url val" +Sets a fallback responder \s-1URL\s0 to use if no responder \s-1URL\s0 is present in the +server certificate. Without this option an error is returned if the server +certificate does not contain a responder address. +.IP "\fB\-status_file infile\fR" 4 +.IX Item "-status_file infile" +Overrides any \s-1OCSP\s0 responder URLs from the certificate and always provides the +\&\s-1OCSP\s0 Response stored in the file. The file must be in \s-1DER\s0 format. +.IP "\fB\-trace\fR" 4 +.IX Item "-trace" +Show verbose trace output of protocol messages. OpenSSL needs to be compiled +with \fBenable-ssl-trace\fR for this option to work. +.IP "\fB\-brief\fR" 4 +.IX Item "-brief" +Provide a brief summary of connection parameters instead of the normal verbose +output. +.IP "\fB\-rev\fR" 4 +.IX Item "-rev" +Simple test server which just reverses the text received from the client +and sends it back to the server. Also sets \fB\-brief\fR. Cannot be used in +conjunction with \fB\-early_data\fR. +.IP "\fB\-async\fR" 4 +.IX Item "-async" +Switch on asynchronous mode. Cryptographic operations will be performed +asynchronously. This will only have an effect if an asynchronous capable engine +is also used via the \fB\-engine\fR option. For test purposes the dummy async engine +(dasync) can be used (if available). +.IP "\fB\-max_send_frag +int\fR" 4 +.IX Item "-max_send_frag +int" +The maximum size of data fragment to send. +See \fBSSL_CTX_set_max_send_fragment\fR\|(3) for further information. +.IP "\fB\-split_send_frag +int\fR" 4 +.IX Item "-split_send_frag +int" +The size used to split data for encrypt pipelines. If more data is written in +one go than this value then it will be split into multiple pipelines, up to the +maximum number of pipelines defined by max_pipelines. This only has an effect if +a suitable cipher suite has been negotiated, an engine that supports pipelining +has been loaded, and max_pipelines is greater than 1. See +\&\fBSSL_CTX_set_split_send_fragment\fR\|(3) for further information. +.IP "\fB\-max_pipelines +int\fR" 4 +.IX Item "-max_pipelines +int" +The maximum number of encrypt/decrypt pipelines to be used. This will only have +an effect if an engine has been loaded that supports pipelining (e.g. the dasync +engine) and a suitable cipher suite has been negotiated. The default value is 1. +See \fBSSL_CTX_set_max_pipelines\fR\|(3) for further information. +.IP "\fB\-read_buf +int\fR" 4 +.IX Item "-read_buf +int" +The default read buffer size to be used for connections. This will only have an +effect if the buffer size is larger than the size that would otherwise be used +and pipelining is in use (see \fBSSL_CTX_set_default_read_buffer_len\fR\|(3) for +further information). +.IP "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 +.IX Item "-ssl2, -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl2, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" +These options require or disable the use of the specified \s-1SSL\s0 or \s-1TLS\s0 protocols. +By default \fBs_server\fR will negotiate the highest mutually supported protocol +version. +When a specific \s-1TLS\s0 version is required, only that version will be accepted +from the client. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +There are several known bugs in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +option enables various workarounds. +.IP "\fB\-no_comp\fR" 4 +.IX Item "-no_comp" +Disable negotiation of \s-1TLS\s0 compression. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-comp\fR" 4 +.IX Item "-comp" +Enable negotiation of \s-1TLS\s0 compression. +This option was introduced in OpenSSL 1.1.0. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-no_ticket\fR" 4 +.IX Item "-no_ticket" +Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3 +is negotiated. See \fB\-num_tickets\fR. +.IP "\fB\-num_tickets\fR" 4 +.IX Item "-num_tickets" +Control the number of tickets that will be sent to the client after a full +handshake in TLSv1.3. The default number of tickets is 2. This option does not +affect the number of tickets sent after a resumption handshake. +.IP "\fB\-serverpref\fR" 4 +.IX Item "-serverpref" +Use the server's cipher preferences, rather than the client's preferences. +.IP "\fB\-prioritize_chacha\fR" 4 +.IX Item "-prioritize_chacha" +Prioritize ChaCha ciphers when preferred by clients. Requires \fB\-serverpref\fR. +.IP "\fB\-no_resumption_on_reneg\fR" 4 +.IX Item "-no_resumption_on_reneg" +Set the \fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR option. +.IP "\fB\-client_sigalgs val\fR" 4 +.IX Item "-client_sigalgs val" +Signature algorithms to support for client certificate authentication +(colon-separated list). +.IP "\fB\-named_curve val\fR" 4 +.IX Item "-named_curve val" +Specifies the elliptic curve to use. \s-1NOTE:\s0 this is single curve, not a list. +For a list of all possible curves, use: +.Sp +.Vb 1 +\& $ openssl ecparam \-list_curves +.Ve +.IP "\fB\-cipher val\fR" 4 +.IX Item "-cipher val" +This allows the list of TLSv1.2 and below ciphersuites used by the server to be +modified. This list is combined with any TLSv1.3 ciphersuites that have been +configured. When the client sends a list of supported ciphers the first client +cipher also included in the server list is used. Because the client specifies +the preference order, the order of the server cipherlist is irrelevant. See +the \fBciphers\fR command for more information. +.IP "\fB\-ciphersuites val\fR" 4 +.IX Item "-ciphersuites val" +This allows the list of TLSv1.3 ciphersuites used by the server to be modified. +This list is combined with any TLSv1.2 and below ciphersuites that have been +configured. When the client sends a list of supported ciphers the first client +cipher also included in the server list is used. Because the client specifies +the preference order, the order of the server cipherlist is irrelevant. See +the \fBciphers\fR command for more information. The format for this list is a +simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. +.IP "\fB\-dhparam infile\fR" 4 +.IX Item "-dhparam infile" +The \s-1DH\s0 parameter file to use. The ephemeral \s-1DH\s0 cipher suites generate keys +using a set of \s-1DH\s0 parameters. If not specified then an attempt is made to +load the parameters from the server certificate file. +If this fails then a static set of parameters hard coded into the \fBs_server\fR +program will be used. +.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4 +.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict" +Set different peer certificate verification options. +See the \fBverify\fR\|(1) manual page for details. +.IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4 +.IX Item "-crl_check, -crl_check_all" +Check the peer certificate has not been revoked by its \s-1CA.\s0 +The \s-1CRL\s0(s) are appended to the certificate file. With the \fB\-crl_check_all\fR +option all CRLs of all CAs in the chain are checked. +.IP "\fB\-nbio\fR" 4 +.IX Item "-nbio" +Turns on non blocking I/O. +.IP "\fB\-psk_identity val\fR" 4 +.IX Item "-psk_identity val" +Expect the client to send \s-1PSK\s0 identity \fBval\fR when using a \s-1PSK\s0 +cipher suite, and warn if they do not. By default, the expected \s-1PSK\s0 +identity is the string \*(L"Client_identity\*(R". +.IP "\fB\-psk_hint val\fR" 4 +.IX Item "-psk_hint val" +Use the \s-1PSK\s0 identity hint \fBval\fR when using a \s-1PSK\s0 cipher suite. +.IP "\fB\-psk val\fR" 4 +.IX Item "-psk val" +Use the \s-1PSK\s0 key \fBval\fR when using a \s-1PSK\s0 cipher suite. The key is +given as a hexadecimal number without leading 0x, for example \-psk +1a2b3c4d. +This option must be provided in order to use a \s-1PSK\s0 cipher. +.IP "\fB\-psk_session file\fR" 4 +.IX Item "-psk_session file" +Use the pem encoded \s-1SSL_SESSION\s0 data stored in \fBfile\fR as the basis of a \s-1PSK.\s0 +Note that this will only work if TLSv1.3 is negotiated. +.IP "\fB\-listen\fR" 4 +.IX Item "-listen" +This option can only be used in conjunction with one of the \s-1DTLS\s0 options above. +With this option \fBs_server\fR will listen on a \s-1UDP\s0 port for incoming connections. +Any ClientHellos that arrive will be checked to see if they have a cookie in +them or not. +Any without a cookie will be responded to with a HelloVerifyRequest. +If a ClientHello with a cookie is received then \fBs_server\fR will connect to +that peer and complete the handshake. +.IP "\fB\-dtls\fR, \fB\-dtls1\fR, \fB\-dtls1_2\fR" 4 +.IX Item "-dtls, -dtls1, -dtls1_2" +These options make \fBs_server\fR use \s-1DTLS\s0 protocols instead of \s-1TLS.\s0 +With \fB\-dtls\fR, \fBs_server\fR will negotiate any supported \s-1DTLS\s0 protocol version, +whilst \fB\-dtls1\fR and \fB\-dtls1_2\fR will only support DTLSv1.0 and DTLSv1.2 +respectively. +.IP "\fB\-sctp\fR" 4 +.IX Item "-sctp" +Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS.\s0 Must be used in +conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-sctp_label_bug\fR" 4 +.IX Item "-sctp_label_bug" +Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for \s-1DTLS/SCTP.\s0 This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-no_dhe\fR" 4 +.IX Item "-no_dhe" +If this option is set then no \s-1DH\s0 parameters will be loaded effectively +disabling the ephemeral \s-1DH\s0 cipher suites. +.IP "\fB\-alpn val\fR, \fB\-nextprotoneg val\fR" 4 +.IX Item "-alpn val, -nextprotoneg val" +These flags enable the Enable the Application-Layer Protocol Negotiation +or Next Protocol Negotiation (\s-1NPN\s0) extension, respectively. \s-1ALPN\s0 is the +\&\s-1IETF\s0 standard and replaces \s-1NPN.\s0 +The \fBval\fR list is a comma-separated list of supported protocol +names. The list should contain the most desirable protocols first. +Protocol names are printable \s-1ASCII\s0 strings, for example \*(L"http/1.1\*(R" or +\&\*(L"spdy/3\*(R". +The flag \fB\-nextprotoneg\fR cannot be specified if \fB\-tls1_3\fR is used. +.IP "\fB\-engine val\fR" 4 +.IX Item "-engine val" +Specifying an engine (by its unique id string in \fBval\fR) will cause \fBs_server\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-keylogfile outfile\fR" 4 +.IX Item "-keylogfile outfile" +Appends \s-1TLS\s0 secrets to the specified keylog file such that external programs +(like Wireshark) can decrypt \s-1TLS\s0 connections. +.IP "\fB\-max_early_data int\fR" 4 +.IX Item "-max_early_data int" +Change the default maximum early data bytes that are specified for new sessions +and any incoming early data (when used in conjunction with the \fB\-early_data\fR +flag). The default value is approximately 16k. The argument must be an integer +greater than or equal to 0. +.IP "\fB\-early_data\fR" 4 +.IX Item "-early_data" +Accept early data where possible. Cannot be used in conjunction with \fB\-www\fR, +\&\fB\-WWW\fR, \fB\-HTTP\fR or \fB\-rev\fR. +.IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4 +.IX Item "-anti_replay, -no_anti_replay" +Switches replay protection on or off, respectively. Replay protection is on by +default unless overridden by a configuration file. When it is on, OpenSSL will +automatically detect if a session ticket has been used more than once, TLSv1.3 +has been negotiated, and early data is enabled on the server. A full handshake +is forced if a session ticket is used a second or subsequent time. Any early +data that was sent will be rejected. +.SH "CONNECTED COMMANDS" +.IX Header "CONNECTED COMMANDS" +If a connection request is established with an \s-1SSL\s0 client and neither the +\&\fB\-www\fR nor the \fB\-WWW\fR option has been used then normally any data received +from the client is displayed and any key presses will be sent to the client. +.PP +Certain commands are also recognized which perform special operations. These +commands are a letter which must appear at the start of a line. They are listed +below. +.IP "\fBq\fR" 4 +.IX Item "q" +End the current \s-1SSL\s0 connection but still accept new connections. +.IP "\fBQ\fR" 4 +.IX Item "Q" +End the current \s-1SSL\s0 connection and exit. +.IP "\fBr\fR" 4 +.IX Item "r" +Renegotiate the \s-1SSL\s0 session (TLSv1.2 and below only). +.IP "\fBR\fR" 4 +.IX Item "R" +Renegotiate the \s-1SSL\s0 session and request a client certificate (TLSv1.2 and below +only). +.IP "\fBP\fR" 4 +.IX Item "P" +Send some plain text down the underlying \s-1TCP\s0 connection: this should +cause the client to disconnect due to a protocol violation. +.IP "\fBS\fR" 4 +.IX Item "S" +Print out some session cache status information. +.IP "\fBB\fR" 4 +.IX Item "B" +Send a heartbeat message to the client (\s-1DTLS\s0 only) +.IP "\fBk\fR" 4 +.IX Item "k" +Send a key update message to the client (TLSv1.3 only) +.IP "\fBK\fR" 4 +.IX Item "K" +Send a key update message to the client and request one back (TLSv1.3 only) +.IP "\fBc\fR" 4 +.IX Item "c" +Send a certificate request to the client (TLSv1.3 only) +.SH "NOTES" +.IX Header "NOTES" +\&\fBs_server\fR can be used to debug \s-1SSL\s0 clients. To accept connections from +a web browser the command: +.PP +.Vb 1 +\& openssl s_server \-accept 443 \-www +.Ve +.PP +can be used for example. +.PP +Although specifying an empty list of CAs when requesting a client certificate +is strictly speaking a protocol violation, some \s-1SSL\s0 clients interpret this to +mean any \s-1CA\s0 is acceptable. This is useful for debugging purposes. +.PP +The session parameters can printed out using the \fBsess_id\fR program. +.SH "BUGS" +.IX Header "BUGS" +Because this program has a lot of options and also because some of the +techniques used are rather old, the C source of \fBs_server\fR is rather hard to +read and not a model of how things should be done. +A typical \s-1SSL\s0 server program would be much simpler. +.PP +The output of common ciphers is wrong: it just gives the list of ciphers that +OpenSSL recognizes and the client supports. +.PP +There should be a way for the \fBs_server\fR program to print out details of any +unknown cipher suites a client says it supports. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_cmd\fR\|(3), \fBsess_id\fR\|(1), \fBs_client\fR\|(1), \fBciphers\fR\|(1) +\&\fBSSL_CTX_set_max_send_fragment\fR\|(3), +\&\fBSSL_CTX_set_split_send_fragment\fR\|(3), +\&\fBSSL_CTX_set_max_pipelines\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \-no_alt_chains option was added in OpenSSL 1.1.0. +.PP +The +\&\-allow\-no\-dhe\-kex and \-prioritize_chacha options were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/s_time.1 b/deps/openssl/mingw64/share/man/man1/s_time.1 new file mode 100644 index 00000000..0cdc5fa3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/s_time.1 @@ -0,0 +1,320 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "S_TIME 1" +.TH S_TIME 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-s_time, s_time \- SSL/TLS performance timing program +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBs_time\fR +[\fB\-help\fR] +[\fB\-connect host:port\fR] +[\fB\-www page\fR] +[\fB\-cert filename\fR] +[\fB\-key filename\fR] +[\fB\-CApath directory\fR] +[\fB\-CAfile filename\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-reuse\fR] +[\fB\-new\fR] +[\fB\-verify depth\fR] +[\fB\-nameopt option\fR] +[\fB\-time seconds\fR] +[\fB\-ssl3\fR] +[\fB\-bugs\fR] +[\fB\-cipher cipherlist\fR] +[\fB\-ciphersuites val\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBs_time\fR command implements a generic \s-1SSL/TLS\s0 client which connects to a +remote host using \s-1SSL/TLS.\s0 It can request a page from the server and includes +the time to transfer the payload data in its timing measurements. It measures +the number of connections within a given timeframe, the amount of data +transferred (if any), and calculates the average time spent for one connection. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-connect host:port\fR" 4 +.IX Item "-connect host:port" +This specifies the host and optional port to connect to. +.IP "\fB\-www page\fR" 4 +.IX Item "-www page" +This specifies the page to \s-1GET\s0 from the server. A value of '/' gets the +index.htm[l] page. If this parameter is not specified, then \fBs_time\fR will only +perform the handshake to establish \s-1SSL\s0 connections but not transfer any +payload data. +.IP "\fB\-cert certname\fR" 4 +.IX Item "-cert certname" +The certificate to use, if one is requested by the server. The default is +not to use a certificate. The file is in \s-1PEM\s0 format. +.IP "\fB\-key keyfile\fR" 4 +.IX Item "-key keyfile" +The private key to use. If not specified then the certificate file will +be used. The file is in \s-1PEM\s0 format. +.IP "\fB\-verify depth\fR" 4 +.IX Item "-verify depth" +The verify depth to use. This specifies the maximum length of the +server certificate chain and turns on server certificate verification. +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. As a side effect the connection +will never fail due to a server certificate verify failure. +.IP "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +Option which determines how the subject or issuer names are displayed. The +\&\fBoption\fR argument can be a single option or multiple options separated by +commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to +set multiple options. See the \fBx509\fR\|(1) manual page for details. +.IP "\fB\-CApath directory\fR" 4 +.IX Item "-CApath directory" +The directory to use for server certificate verification. This directory +must be in \*(L"hash format\*(R", see \fBverify\fR for more information. These are +also used when building the client certificate chain. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +A file containing trusted certificates to use during server authentication +and to use when attempting to build the client certificate chain. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location +.IP "\fB\-new\fR" 4 +.IX Item "-new" +Performs the timing test using a new session \s-1ID\s0 for each connection. +If neither \fB\-new\fR nor \fB\-reuse\fR are specified, they are both on by default +and executed in sequence. +.IP "\fB\-reuse\fR" 4 +.IX Item "-reuse" +Performs the timing test using the same session \s-1ID\s0; this can be used as a test +that session caching is working. If neither \fB\-new\fR nor \fB\-reuse\fR are +specified, they are both on by default and executed in sequence. +.IP "\fB\-ssl3\fR" 4 +.IX Item "-ssl3" +This option disables the use of \s-1SSL\s0 version 3. By default +the initial handshake uses a method which should be compatible with all +servers and permit them to use \s-1SSL\s0 v3 or \s-1TLS\s0 as appropriate. +.Sp +The timing program is not as rich in options to turn protocols on and off as +the \fBs_client\fR\|(1) program and may not connect to all servers. +Unfortunately there are a lot of ancient and broken servers in use which +cannot handle this technique and will fail to connect. Some servers only +work if \s-1TLS\s0 is turned off with the \fB\-ssl3\fR option. +.Sp +Note that this option may not be available, depending on how +OpenSSL was built. +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +There are several known bugs in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +option enables various workarounds. +.IP "\fB\-cipher cipherlist\fR" 4 +.IX Item "-cipher cipherlist" +This allows the TLSv1.2 and below cipher list sent by the client to be modified. +This list will be combined with any TLSv1.3 ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +\&\fBciphers\fR\|(1) for more information. +.IP "\fB\-ciphersuites val\fR" 4 +.IX Item "-ciphersuites val" +This allows the TLSv1.3 ciphersuites sent by the client to be modified. This +list will be combined with any TLSv1.2 and below ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +\&\fBciphers\fR\|(1) for more information. The format for this list is a simple +colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. +.IP "\fB\-time length\fR" 4 +.IX Item "-time length" +Specifies how long (in seconds) \fBs_time\fR should establish connections and +optionally transfer payload data from a server. Server and client performance +and the link speed determine how many connections \fBs_time\fR can establish. +.SH "NOTES" +.IX Header "NOTES" +\&\fBs_time\fR can be used to measure the performance of an \s-1SSL\s0 connection. +To connect to an \s-1SSL HTTP\s0 server and get the default page the command +.PP +.Vb 1 +\& openssl s_time \-connect servername:443 \-www / \-CApath yourdir \-CAfile yourfile.pem \-cipher commoncipher [\-ssl3] +.Ve +.PP +would typically be used (https uses port 443). 'commoncipher' is a cipher to +which both client and server can agree, see the \fBciphers\fR\|(1) command +for details. +.PP +If the handshake fails then there are several possible causes, if it is +nothing obvious like no client certificate then the \fB\-bugs\fR and +\&\fB\-ssl3\fR options can be tried +in case it is a buggy server. In particular you should play with these +options \fBbefore\fR submitting a bug report to an OpenSSL mailing list. +.PP +A frequent problem when attempting to get client certificates working +is that a web client complains it has no certificates or gives an empty +list to choose from. This is normally because the server is not sending +the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it +requests a certificate. By using \fBs_client\fR\|(1) the \s-1CA\s0 list can be +viewed and checked. However some servers only request client authentication +after a specific \s-1URL\s0 is requested. To obtain the list in this case it +is necessary to use the \fB\-prexit\fR option of \fBs_client\fR\|(1) and +send an \s-1HTTP\s0 request for an appropriate page. +.PP +If a certificate is specified on the command line using the \fB\-cert\fR +option it will not be used unless the server specifically requests +a client certificate. Therefor merely including a client certificate +on the command line is no guarantee that the certificate works. +.SH "BUGS" +.IX Header "BUGS" +Because this program does not have all the options of the +\&\fBs_client\fR\|(1) program to turn protocols on and off, you may not be +able to measure the performance of all protocols with all servers. +.PP +The \fB\-verify\fR option should really exit if the server verification +fails. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBs_client\fR\|(1), \fBs_server\fR\|(1), \fBciphers\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/sess_id.1 b/deps/openssl/mingw64/share/man/man1/sess_id.1 new file mode 100644 index 00000000..3df11f66 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/sess_id.1 @@ -0,0 +1,272 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SESS_ID 1" +.TH SESS_ID 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-sess_id, sess_id \- SSL/TLS session handling utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBsess_id\fR +[\fB\-help\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER|NSS\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-context \s-1ID\s0\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBsess_id\fR process the encoded version of the \s-1SSL\s0 session structure +and optionally prints out \s-1SSL\s0 session details (for example the \s-1SSL\s0 session +master key) in human readable format. Since this is a diagnostic tool that +needs some knowledge of the \s-1SSL\s0 protocol to use properly, most users will +not need to use it. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded +format containing session details. The precise format can vary from one version +to the next. The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR +format base64 encoded with additional header and footer lines. +.IP "\fB\-outform DER|PEM|NSS\fR" 4 +.IX Item "-outform DER|PEM|NSS" +This specifies the output format. The \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR options have the same meaning +and default as the \fB\-inform\fR option. The \fB\s-1NSS\s0\fR option outputs the session id and +the master key in \s-1NSS\s0 keylog format. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read session information from or standard +input by default. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write session information to or standard +output if this option is not specified. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the various public or private key components in +plain text in addition to the encoded version. +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +If a certificate is present in the session it will be output using this option, +if the \fB\-text\fR option is also present then it will be printed out in text form. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the session. +.IP "\fB\-context \s-1ID\s0\fR" 4 +.IX Item "-context ID" +This option can set the session id so the output session information uses the +supplied \s-1ID.\s0 The \s-1ID\s0 can be any string of characters. This option won't normally +be used. +.SH "OUTPUT" +.IX Header "OUTPUT" +Typical output: +.PP +.Vb 10 +\& SSL\-Session: +\& Protocol : TLSv1 +\& Cipher : 0016 +\& Session\-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED +\& Session\-ID\-ctx: 01000000 +\& Master\-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD +\& Key\-Arg : None +\& Start Time: 948459261 +\& Timeout : 300 (sec) +\& Verify return code 0 (ok) +.Ve +.PP +These are described below in more detail. +.IP "\fBProtocol\fR" 4 +.IX Item "Protocol" +This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3. +.IP "\fBCipher\fR" 4 +.IX Item "Cipher" +The cipher used this is the actual raw \s-1SSL\s0 or \s-1TLS\s0 cipher code, see the \s-1SSL\s0 +or \s-1TLS\s0 specifications for more information. +.IP "\fBSession-ID\fR" 4 +.IX Item "Session-ID" +The \s-1SSL\s0 session \s-1ID\s0 in hex format. +.IP "\fBSession-ID-ctx\fR" 4 +.IX Item "Session-ID-ctx" +The session \s-1ID\s0 context in hex format. +.IP "\fBMaster-Key\fR" 4 +.IX Item "Master-Key" +This is the \s-1SSL\s0 session master key. +.IP "\fBStart Time\fR" 4 +.IX Item "Start Time" +This is the session start time represented as an integer in standard +Unix format. +.IP "\fBTimeout\fR" 4 +.IX Item "Timeout" +The timeout in seconds. +.IP "\fBVerify return code\fR" 4 +.IX Item "Verify return code" +This is the return code when an \s-1SSL\s0 client certificate is verified. +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 encoded session format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN SSL SESSION PARAMETERS\-\-\-\-\- +\& \-\-\-\-\-END SSL SESSION PARAMETERS\-\-\-\-\- +.Ve +.PP +Since the \s-1SSL\s0 session output contains the master key it is +possible to read the contents of an encrypted session using this +information. Therefore appropriate security precautions should be taken if +the information is being output by a \*(L"real\*(R" application. This is however +strongly discouraged and should only be used for debugging purposes. +.SH "BUGS" +.IX Header "BUGS" +The cipher and start time should be printed out in human readable form. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBciphers\fR\|(1), \fBs_server\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/smime.1 b/deps/openssl/mingw64/share/man/man1/smime.1 new file mode 100644 index 00000000..d61174c9 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/smime.1 @@ -0,0 +1,617 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME 1" +.TH SMIME 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-smime, smime \- S/MIME utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBsmime\fR +[\fB\-help\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-sign\fR] +[\fB\-resign\fR] +[\fB\-verify\fR] +[\fB\-pk7out\fR] +[\fB\-binary\fR] +[\fB\-crlfeol\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-in file\fR] +[\fB\-CAfile file\fR] +[\fB\-CApath dir\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-attime timestamp\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy arg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose purpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level num\fR] +[\fB\-verify_depth num\fR] +[\fB\-verify_email email\fR] +[\fB\-verify_hostname hostname\fR] +[\fB\-verify_ip ip\fR] +[\fB\-verify_name name\fR] +[\fB\-x509_strict\fR] +[\fB\-certfile file\fR] +[\fB\-signer file\fR] +[\fB\-recip file\fR] +[\fB\-inform SMIME|PEM|DER\fR] +[\fB\-passin arg\fR] +[\fB\-inkey file_or_id\fR] +[\fB\-out file\fR] +[\fB\-outform SMIME|PEM|DER\fR] +[\fB\-content file\fR] +[\fB\-to addr\fR] +[\fB\-from ad\fR] +[\fB\-subject s\fR] +[\fB\-text\fR] +[\fB\-indef\fR] +[\fB\-noindef\fR] +[\fB\-stream\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-md digest\fR] +[cert.pem]... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBsmime\fR command handles S/MIME mail. It can encrypt, decrypt, sign and +verify S/MIME messages. +.SH "OPTIONS" +.IX Header "OPTIONS" +There are six operation options that set the type of operation to be performed. +The meaning of the other options varies according to the operation type. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt mail for the given recipient certificates. Input file is the message +to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format. +.Sp +Note that no revocation check is done for the recipient cert, so if that +key has been compromised, others may be able to decrypt the text. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt mail using the supplied certificate and private key. Expects an +encrypted mail message in \s-1MIME\s0 format for the input file. The decrypted mail +is written to the output file. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign mail using the supplied certificate and private key. Input file is +the message to be signed. The signed message in \s-1MIME\s0 format is written +to the output file. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify signed mail. Expects a signed mail message on input and outputs +the signed data. Both clear text and opaque signing is supported. +.IP "\fB\-pk7out\fR" 4 +.IX Item "-pk7out" +Takes an input message and writes out a \s-1PEM\s0 encoded PKCS#7 structure. +.IP "\fB\-resign\fR" 4 +.IX Item "-resign" +Resign a message: take an existing message and one or more new signers. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +The input message to be encrypted or signed or the \s-1MIME\s0 message to +be decrypted or verified. +.IP "\fB\-inform SMIME|PEM|DER\fR" 4 +.IX Item "-inform SMIME|PEM|DER" +This specifies the input format for the PKCS#7 structure. The default +is \fB\s-1SMIME\s0\fR which reads an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR +format change this to expect \s-1PEM\s0 and \s-1DER\s0 format PKCS#7 structures +instead. This currently only affects the input format of the PKCS#7 +structure, if no PKCS#7 structure is being input (for example with +\&\fB\-encrypt\fR or \fB\-sign\fR) this option has no effect. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +The message text that has been decrypted or verified or the output \s-1MIME\s0 +format message that has been signed or verified. +.IP "\fB\-outform SMIME|PEM|DER\fR" 4 +.IX Item "-outform SMIME|PEM|DER" +This specifies the output format for the PKCS#7 structure. The default +is \fB\s-1SMIME\s0\fR which write an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR +format change this to write \s-1PEM\s0 and \s-1DER\s0 format PKCS#7 structures +instead. This currently only affects the output format of the PKCS#7 +structure, if no PKCS#7 structure is being output (for example with +\&\fB\-verify\fR or \fB\-decrypt\fR) this option has no effect. +.IP "\fB\-stream \-indef \-noindef\fR" 4 +.IX Item "-stream -indef -noindef" +The \fB\-stream\fR and \fB\-indef\fR options are equivalent and enable streaming I/O +for encoding operations. This permits single pass processing of data without +the need to hold the entire contents in memory, potentially supporting very +large files. Streaming is automatically set for S/MIME signing with detached +data if the output format is \fB\s-1SMIME\s0\fR it is currently off by default for all +other operations. +.IP "\fB\-noindef\fR" 4 +.IX Item "-noindef" +Disable streaming I/O where it would produce and indefinite length constructed +encoding. This option currently has no effect. In future streaming will be +enabled by default on all relevant operations and this option will disable it. +.IP "\fB\-content filename\fR" 4 +.IX Item "-content filename" +This specifies a file containing the detached content, this is only +useful with the \fB\-verify\fR command. This is only usable if the PKCS#7 +structure is using the detached signature form where the content is +not included. This option will override any content if the input format +is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied +message if encrypting or signing. If decrypting or verifying it strips +off text headers: if the decrypted or verified message is not of \s-1MIME\s0 +type text/plain then an error occurs. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +A file containing trusted \s-1CA\s0 certificates, only used with \fB\-verify\fR. +.IP "\fB\-CApath dir\fR" 4 +.IX Item "-CApath dir" +A directory containing trusted \s-1CA\s0 certificates, only used with +\&\fB\-verify\fR. This directory must be a standard certificate directory: that +is a hash of each subject name (using \fBx509 \-hash\fR) should be linked +to each certificate. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location. +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location. +.IP "\fB\-md digest\fR" 4 +.IX Item "-md digest" +Digest algorithm to use when signing or resigning. If not present then the +default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +The encryption algorithm to use. For example \s-1DES\s0 (56 bits) \- \fB\-des\fR, +triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR, +\&\fBEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for +example \fB\-aes\-128\-cbc\fR. See \fBenc\fR for list of ciphers +supported by your version of OpenSSL. +.Sp +If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR. +.IP "\fB\-nointern\fR" 4 +.IX Item "-nointern" +When verifying a message normally certificates (if any) included in +the message are searched for the signing certificate. With this option +only the certificates specified in the \fB\-certfile\fR option are used. +The supplied certificates can still be used as untrusted CAs however. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Do not verify the signers certificate of a signed message. +.IP "\fB\-nochain\fR" 4 +.IX Item "-nochain" +Do not do chain verification of signers certificates: that is don't +use the certificates in the signed message as untrusted CAs. +.IP "\fB\-nosigs\fR" 4 +.IX Item "-nosigs" +Don't try to verify the signatures on the message. +.IP "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +When signing a message the signer's certificate is normally included +with this option it is excluded. This will reduce the size of the +signed message but the verifier must have a copy of the signers certificate +available locally (passed using the \fB\-certfile\fR option for example). +.IP "\fB\-noattr\fR" 4 +.IX Item "-noattr" +Normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. With this +option they are not included. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Normally the input message is converted to \*(L"canonical\*(R" format which is +effectively using \s-1CR\s0 and \s-1LF\s0 as end of line: as required by the S/MIME +specification. When this option is present no translation occurs. This +is useful when handling binary data which may not be in \s-1MIME\s0 format. +.IP "\fB\-crlfeol\fR" 4 +.IX Item "-crlfeol" +Normally the output file uses a single \fB\s-1LF\s0\fR as end of line. When this +option is present \fB\s-1CRLF\s0\fR is used instead. +.IP "\fB\-nodetach\fR" 4 +.IX Item "-nodetach" +When signing a message use opaque signing: this form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. Without this option cleartext signing with +the \s-1MIME\s0 type multipart/signed is used. +.IP "\fB\-certfile file\fR" 4 +.IX Item "-certfile file" +Allows additional certificates to be specified. When signing these will +be included with the message. When verifying these will be searched for +the signers certificates. The certificates should be in \s-1PEM\s0 format. +.IP "\fB\-signer file\fR" 4 +.IX Item "-signer file" +A signing certificate when signing or resigning a message, this option can be +used multiple times if more than one signer is required. If a message is being +verified then the signers certificates will be written to this file if the +verification was successful. +.IP "\fB\-recip file\fR" 4 +.IX Item "-recip file" +The recipients certificate when decrypting a message. This certificate +must match one of the recipients of the message or an error occurs. +.IP "\fB\-inkey file_or_id\fR" 4 +.IX Item "-inkey file_or_id" +The private key to use when signing or decrypting. This must match the +corresponding certificate. If this option is not specified then the +private key must be included in the certificate file specified with +the \fB\-recip\fR or \fB\-signer\fR file. When signing this option can be used +multiple times to specify successive keys. +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The private key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fBcert.pem...\fR" 4 +.IX Item "cert.pem..." +One or more certificates of message recipients: used when encrypting +a message. +.IP "\fB\-to, \-from, \-subject\fR" 4 +.IX Item "-to, -from, -subject" +The relevant mail headers. These are included outside the signed +portion of a message so they may be included manually. If signing +then many S/MIME mail clients check the signers certificate's email +address matches that specified in the From: address. +.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4 +.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict" +Set various options of certificate chain verification. See +\&\fBverify\fR\|(1) manual page for details. +.SH "NOTES" +.IX Header "NOTES" +The \s-1MIME\s0 message must be sent without any blank lines between the +headers and the output. Some mail programs will automatically add +a blank line. Piping the mail directly to sendmail is one way to +achieve the correct format. +.PP +The supplied message to be signed or encrypted must include the +necessary \s-1MIME\s0 headers or many S/MIME clients won't display it +properly (if at all). You can use the \fB\-text\fR option to automatically +add plain text headers. +.PP +A \*(L"signed and encrypted\*(R" message is one where a signed message is +then encrypted. This can be produced by encrypting an already signed +message: see the examples section. +.PP +This version of the program only allows one signer per message but it +will verify multiple signers on received messages. Some S/MIME clients +choke if a message contains multiple signers. It is possible to sign +messages \*(L"in parallel\*(R" by signing an already signed message. +.PP +The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME +clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 +encrypted data is used for other purposes. +.PP +The \fB\-resign\fR option uses an existing message digest when adding a new +signer. This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail. +.PP +The \fB\-stream\fR and \fB\-indef\fR options enable streaming I/O support. +As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding +and no longer \s-1DER.\s0 Streaming is supported for the \fB\-encrypt\fR operation and the +\&\fB\-sign\fR operation if the content is not detached. +.PP +Streaming is always used for the \fB\-sign\fR operation with detached data but +since the content is no longer part of the PKCS#7 structure the encoding +remains \s-1DER.\s0 +.SH "EXIT CODES" +.IX Header "EXIT CODES" +.IP "0" 4 +The operation was completely successfully. +.IP "1" 4 +.IX Item "1" +An error occurred parsing the command options. +.IP "2" 4 +.IX Item "2" +One of the input files could not be read. +.IP "3" 4 +.IX Item "3" +An error occurred creating the PKCS#7 file or when reading the \s-1MIME\s0 +message. +.IP "4" 4 +.IX Item "4" +An error occurred decrypting or verifying the message. +.IP "5" 4 +.IX Item "5" +The message was verified correctly but an error occurred writing out +the signers certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a cleartext signed message: +.PP +.Vb 2 +\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem +.Ve +.PP +Create an opaque signed message: +.PP +.Vb 2 +\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \-nodetach \e +\& \-signer mycert.pem +.Ve +.PP +Create a signed message, include some additional certificates and +read the private key from another file: +.PP +.Vb 2 +\& openssl smime \-sign \-in in.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-inkey mykey.pem \-certfile mycerts.pem +.Ve +.PP +Create a signed message with two signers: +.PP +.Vb 2 +\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-signer othercert.pem +.Ve +.PP +Send a signed message under Unix directly to sendmail, including headers: +.PP +.Vb 3 +\& openssl smime \-sign \-in in.txt \-text \-signer mycert.pem \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed message" | sendmail someone@somewhere +.Ve +.PP +Verify a message and extract the signer's certificate if successful: +.PP +.Vb 1 +\& openssl smime \-verify \-in mail.msg \-signer user.pem \-out signedtext.txt +.Ve +.PP +Send encrypted mail using triple \s-1DES:\s0 +.PP +.Vb 3 +\& openssl smime \-encrypt \-in in.txt \-from steve@openssl.org \e +\& \-to someone@somewhere \-subject "Encrypted message" \e +\& \-des3 user.pem \-out mail.msg +.Ve +.PP +Sign and encrypt mail: +.PP +.Vb 4 +\& openssl smime \-sign \-in ml.txt \-signer my.pem \-text \e +\& | openssl smime \-encrypt \-out mail.msg \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed and Encrypted message" \-des3 user.pem +.Ve +.PP +Note: the encryption command does not include the \fB\-text\fR option because the +message being encrypted already has \s-1MIME\s0 headers. +.PP +Decrypt mail: +.PP +.Vb 1 +\& openssl smime \-decrypt \-in mail.msg \-recip mycert.pem \-inkey key.pem +.Ve +.PP +The output from Netscape form signing is a PKCS#7 structure with the +detached signature format. You can use this program to verify the +signature by line wrapping the base64 encoded structure and surrounding +it with: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PKCS7\-\-\-\-\- +\& \-\-\-\-\-END PKCS7\-\-\-\-\- +.Ve +.PP +and using the command: +.PP +.Vb 1 +\& openssl smime \-verify \-inform PEM \-in signature.pem \-content content.txt +.Ve +.PP +Alternatively you can base64 decode the signature and use: +.PP +.Vb 1 +\& openssl smime \-verify \-inform DER \-in signature.der \-content content.txt +.Ve +.PP +Create an encrypted message using 128 bit Camellia: +.PP +.Vb 1 +\& openssl smime \-encrypt \-in plain.txt \-camellia128 \-out mail.msg cert.pem +.Ve +.PP +Add a signer to an existing message: +.PP +.Vb 1 +\& openssl smime \-resign \-in mail.msg \-signer newsign.pem \-out mail2.msg +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've +thrown at it but it may choke on others. +.PP +The code currently will only write out the signer's certificate to a file: if +the signer has a separate encryption certificate this must be manually +extracted. There should be some heuristic that determines the correct +encryption certificate. +.PP +Ideally a database should be maintained of a certificates for each email +address. +.PP +The code doesn't currently take note of the permitted symmetric encryption +algorithms as supplied in the SMIMECapabilities signed attribute. This means the +user has to manually include the correct encryption algorithm. It should store +the list of permitted ciphers in a database and only use those. +.PP +No revocation checking is done on the signer's certificate. +.PP +The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 +structures may cause parsing errors. +.SH "HISTORY" +.IX Header "HISTORY" +The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first +added in OpenSSL 1.0.0 +.PP +The \-no_alt_chains option was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/speed.1 b/deps/openssl/mingw64/share/man/man1/speed.1 new file mode 100644 index 00000000..8b6998ff --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/speed.1 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SPEED 1" +.TH SPEED 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-speed, speed \- test library performance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl speed\fR +[\fB\-help\fR] +[\fB\-engine id\fR] +[\fB\-elapsed\fR] +[\fB\-evp algo\fR] +[\fB\-decrypt\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-primes num\fR] +[\fB\-seconds num\fR] +[\fB\-bytes num\fR] +[\fBalgorithm...\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to test the performance of cryptographic algorithms. +To see the list of supported algorithms, use the \fIlist \-\-digest\-commands\fR +or \fIlist \-\-cipher\-commands\fR command. The global \s-1CSPRNG\s0 is denoted by +the \fIrand\fR algorithm name. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBspeed\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-elapsed\fR" 4 +.IX Item "-elapsed" +When calculating operations\- or bytes-per-second, use wall-clock time +instead of \s-1CPU\s0 user time as divisor. It can be useful when testing speed +of hardware engines. +.IP "\fB\-evp algo\fR" 4 +.IX Item "-evp algo" +Use the specified cipher or message digest algorithm via the \s-1EVP\s0 interface. +If \fBalgo\fR is an \s-1AEAD\s0 cipher, then you can pass <\-aead> to benchmark a +TLS-like sequence. And if \fBalgo\fR is a multi-buffer capable cipher, e.g. +aes\-128\-cbc\-hmac\-sha1, then \fB\-mb\fR will time multi-buffer operation. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Time the decryption instead of encryption. Affects only the \s-1EVP\s0 testing. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-primes num\fR" 4 +.IX Item "-primes num" +Generate a \fBnum\fR\-prime \s-1RSA\s0 key and use it to run the benchmarks. This option +is only effective if \s-1RSA\s0 algorithm is specified to test. +.IP "\fB\-seconds num\fR" 4 +.IX Item "-seconds num" +Run benchmarks for \fBnum\fR seconds. +.IP "\fB\-bytes num\fR" 4 +.IX Item "-bytes num" +Run benchmarks on \fBnum\fR\-byte buffers. Affects ciphers, digests and the \s-1CSPRNG.\s0 +.IP "\fB[zero or more test algorithms]\fR" 4 +.IX Item "[zero or more test algorithms]" +If any options are given, \fBspeed\fR tests those algorithms, otherwise a +pre-compiled grand selection is tested. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/spkac.1 b/deps/openssl/mingw64/share/man/man1/spkac.1 new file mode 100644 index 00000000..f5691003 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/spkac.1 @@ -0,0 +1,274 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SPKAC 1" +.TH SPKAC 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-spkac, spkac \- SPKAC printing and generating utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBspkac\fR +[\fB\-help\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-key keyfile\fR] +[\fB\-keyform PEM|DER|ENGINE\fR] +[\fB\-passin arg\fR] +[\fB\-challenge string\fR] +[\fB\-pubkey\fR] +[\fB\-spkac spkacname\fR] +[\fB\-spksect section\fR] +[\fB\-noout\fR] +[\fB\-verify\fR] +[\fB\-engine id\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBspkac\fR command processes Netscape signed public key and challenge +(\s-1SPKAC\s0) files. It can print out their contents, verify the signature and +produce its own SPKACs from a supplied private key. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read from or standard input if this +option is not specified. Ignored if the \fB\-key\fR option is used. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-key keyfile\fR" 4 +.IX Item "-key keyfile" +Create an \s-1SPKAC\s0 file using the private key in \fBkeyfile\fR. The +\&\fB\-in\fR, \fB\-noout\fR, \fB\-spksect\fR and \fB\-verify\fR options are ignored if +present. +.IP "\fB\-keyform PEM|DER|ENGINE\fR" 4 +.IX Item "-keyform PEM|DER|ENGINE" +Whether the key format is \s-1PEM, DER,\s0 or an engine-backed key. +The default is \s-1PEM.\s0 +.IP "\fB\-passin password\fR" 4 +.IX Item "-passin password" +The input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-challenge string\fR" 4 +.IX Item "-challenge string" +Specifies the challenge string if an \s-1SPKAC\s0 is being created. +.IP "\fB\-spkac spkacname\fR" 4 +.IX Item "-spkac spkacname" +Allows an alternative name form the variable containing the +\&\s-1SPKAC.\s0 The default is \*(L"\s-1SPKAC\*(R".\s0 This option affects both +generated and input \s-1SPKAC\s0 files. +.IP "\fB\-spksect section\fR" 4 +.IX Item "-spksect section" +Allows an alternative name form the section containing the +\&\s-1SPKAC.\s0 The default is the default section. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the text version of the \s-1SPKAC\s0 (not used if an +\&\s-1SPKAC\s0 is being created). +.IP "\fB\-pubkey\fR" 4 +.IX Item "-pubkey" +Output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is +being created). +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verifies the digital signature on the supplied \s-1SPKAC.\s0 +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBspkac\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Print out the contents of an \s-1SPKAC:\s0 +.PP +.Vb 1 +\& openssl spkac \-in spkac.cnf +.Ve +.PP +Verify the signature of an \s-1SPKAC:\s0 +.PP +.Vb 1 +\& openssl spkac \-in spkac.cnf \-noout \-verify +.Ve +.PP +Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R": +.PP +.Vb 1 +\& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf +.Ve +.PP +Example of an \s-1SPKAC,\s0 (long lines split up for clarity): +.PP +.Vb 6 +\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\e +\& 1cCoq2Wa3Ixs47uI7FPVwHVIPDx5yso105Y6zpozam135a\e +\& 8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03uPFoQIDAQAB\e +\& FgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJ\e +\& h1bEIYuc2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnD\e +\& dq+NQ3F+X4deMx9AaEglZtULwV4= +.Ve +.SH "NOTES" +.IX Header "NOTES" +A created \s-1SPKAC\s0 with suitable \s-1DN\s0 components appended can be fed into +the \fBca\fR utility. +.PP +SPKACs are typically generated by Netscape when a form is submitted +containing the \fB\s-1KEYGEN\s0\fR tag as part of the certificate enrollment +process. +.PP +The challenge string permits a primitive form of proof of possession +of private key. By checking the \s-1SPKAC\s0 signature and a random challenge +string some guarantee is given that the user knows the private key +corresponding to the public key being certified. This is important in +some applications. Without this it is possible for a previous \s-1SPKAC\s0 +to be used in a \*(L"replay attack\*(R". +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBca\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/srp.1 b/deps/openssl/mingw64/share/man/man1/srp.1 new file mode 100644 index 00000000..7ad993d1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/srp.1 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SRP 1" +.TH SRP 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-srp, srp \- maintain SRP password file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl srp\fR +[\fB\-help\fR] +[\fB\-verbose\fR] +[\fB\-add\fR] +[\fB\-modify\fR] +[\fB\-delete\fR] +[\fB\-list\fR] +[\fB\-name section\fR] +[\fB\-config file\fR] +[\fB\-srpvfile file\fR] +[\fB\-gn identifier\fR] +[\fB\-userinfo text...\fR] +[\fB\-passin arg\fR] +[\fB\-passout arg\fR] +[\fIuser...\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBsrp\fR command is user to maintain an \s-1SRP\s0 (secure remote password) +file. +At most one of the \fB\-add\fR, \fB\-modify\fR, \fB\-delete\fR, and \fB\-list\fR options +can be specified. +These options take zero or more usernames as parameters and perform the +appropriate operation on the \s-1SRP\s0 file. +For \fB\-list\fR, if no \fBuser\fR is given then all users are displayed. +.PP +The configuration file to use, and the section within the file, can be +specified with the \fB\-config\fR and \fB\-name\fR flags, respectively. +If the config file is not specified, the \fB\-srpvfile\fR can be used to +just specify the file to operate on. +.PP +The \fB\-userinfo\fR option specifies additional information to add when +adding or modifying a user. +.PP +The \fB\-gn\fR flag specifies the \fBg\fR and \fBN\fR values, using one of +the strengths defined in \s-1IETF RFC 5054.\s0 +.PP +The \fB\-passin\fR and \fB\-passout\fR arguments are parsed as described in +the \fBopenssl\fR\|(1) command. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "[\fB\-help\fR]" 4 +.IX Item "[-help]" +Display an option summary. +.IP "[\fB\-verbose\fR]" 4 +.IX Item "[-verbose]" +Generate verbose output while processing. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/storeutl.1 b/deps/openssl/mingw64/share/man/man1/storeutl.1 new file mode 100644 index 00000000..a15a3fc6 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/storeutl.1 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "STOREUTL 1" +.TH STOREUTL 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-storeutl, storeutl \- STORE utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBstoreutl\fR +[\fB\-help\fR] +[\fB\-out file\fR] +[\fB\-noout\fR] +[\fB\-passin arg\fR] +[\fB\-text arg\fR] +[\fB\-engine id\fR] +[\fB\-r\fR] +[\fB\-certs\fR] +[\fB\-keys\fR] +[\fB\-crls\fR] +[\fB\-subject arg\fR] +[\fB\-issuer arg\fR] +[\fB\-serial arg\fR] +[\fB\-alias arg\fR] +[\fB\-fingerprint arg\fR] +[\fB\-\f(BIdigest\fB\fR] +\&\fBuri\fR ... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBstoreutl\fR command can be used to display the contents (after decryption +as the case may be) fetched from the given URIs. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +specifies the output filename to write to or standard output by +default. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +this option prevents output of the \s-1PEM\s0 data. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +the key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the objects in text form, similarly to the \fB\-text\fR output from +\&\fBopenssl x509\fR, \fBopenssl pkey\fR, etc. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +specifying an engine (by its unique \fBid\fR string) will cause \fBstoreutl\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. +The engine will then be set as the default for all available algorithms. +.IP "\fB\-r\fR" 4 +.IX Item "-r" +Fetch objects recursively when possible. +.IP "\fB\-certs\fR" 4 +.IX Item "-certs" +.PD 0 +.IP "\fB\-keys\fR" 4 +.IX Item "-keys" +.IP "\fB\-crls\fR" 4 +.IX Item "-crls" +.PD +Only select the certificates, keys or CRLs from the given \s-1URI.\s0 +However, if this \s-1URI\s0 would return a set of names (URIs), those are always +returned. +.IP "\fB\-subject arg\fR" 4 +.IX Item "-subject arg" +Search for an object having the subject name \fBarg\fR. +The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR. +Keyword characters may be escaped by \e (backslash), and whitespace is retained. +Empty values are permitted but are ignored for the search. That is, +a search with an empty value will have the same effect as not specifying +the type at all. +.IP "\fB\-issuer arg\fR" 4 +.IX Item "-issuer arg" +.PD 0 +.IP "\fB\-serial arg\fR" 4 +.IX Item "-serial arg" +.PD +Search for an object having the given issuer name and serial number. +These two options \fImust\fR be used together. +The issuer arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR, +characters may be escaped by \e (backslash), no spaces are skipped. +The serial arg may be specified as a decimal value or a hex value if preceded +by \fB0x\fR. +.IP "\fB\-alias arg\fR" 4 +.IX Item "-alias arg" +Search for an object having the given alias. +.IP "\fB\-fingerprint arg\fR" 4 +.IX Item "-fingerprint arg" +Search for an object having the given fingerprint. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +The digest that was used to compute the fingerprint given with \fB\-fingerprint\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBopenssl\fR \fBstoreutl\fR app was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/ts.1 b/deps/openssl/mingw64/share/man/man1/ts.1 new file mode 100644 index 00000000..e7d59eb3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/ts.1 @@ -0,0 +1,727 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "TS 1" +.TH TS 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ts, ts \- Time Stamping Authority tool (client/server) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBts\fR +\&\fB\-query\fR +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-config\fR configfile] +[\fB\-data\fR file_to_hash] +[\fB\-digest\fR digest_bytes] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-tspolicy\fR object_id] +[\fB\-no_nonce\fR] +[\fB\-cert\fR] +[\fB\-in\fR request.tsq] +[\fB\-out\fR request.tsq] +[\fB\-text\fR] +.PP +\&\fBopenssl\fR \fBts\fR +\&\fB\-reply\fR +[\fB\-config\fR configfile] +[\fB\-section\fR tsa_section] +[\fB\-queryfile\fR request.tsq] +[\fB\-passin\fR password_src] +[\fB\-signer\fR tsa_cert.pem] +[\fB\-inkey\fR file_or_id] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-chain\fR certs_file.pem] +[\fB\-tspolicy\fR object_id] +[\fB\-in\fR response.tsr] +[\fB\-token_in\fR] +[\fB\-out\fR response.tsr] +[\fB\-token_out\fR] +[\fB\-text\fR] +[\fB\-engine\fR id] +.PP +\&\fBopenssl\fR \fBts\fR +\&\fB\-verify\fR +[\fB\-data\fR file_to_hash] +[\fB\-digest\fR digest_bytes] +[\fB\-queryfile\fR request.tsq] +[\fB\-in\fR response.tsr] +[\fB\-token_in\fR] +[\fB\-CApath\fR trusted_cert_path] +[\fB\-CAfile\fR trusted_certs.pem] +[\fB\-untrusted\fR cert_file.pem] +[\fIverify options\fR] +.PP +\&\fIverify options:\fR +[\-attime timestamp] +[\-check_ss_sig] +[\-crl_check] +[\-crl_check_all] +[\-explicit_policy] +[\-extended_crl] +[\-ignore_critical] +[\-inhibit_any] +[\-inhibit_map] +[\-issuer_checks] +[\-no_alt_chains] +[\-no_check_time] +[\-partial_chain] +[\-policy arg] +[\-policy_check] +[\-policy_print] +[\-purpose purpose] +[\-suiteB_128] +[\-suiteB_128_only] +[\-suiteB_192] +[\-trusted_first] +[\-use_deltas] +[\-auth_level num] +[\-verify_depth num] +[\-verify_email email] +[\-verify_hostname hostname] +[\-verify_ip ip] +[\-verify_name name] +[\-x509_strict] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBts\fR command is a basic Time Stamping Authority (\s-1TSA\s0) client and server +application as specified in \s-1RFC 3161\s0 (Time-Stamp Protocol, \s-1TSP\s0). A +\&\s-1TSA\s0 can be part of a \s-1PKI\s0 deployment and its role is to provide long +term proof of the existence of a certain datum before a particular +time. Here is a brief description of the protocol: +.IP "1." 4 +The \s-1TSA\s0 client computes a one-way hash value for a data file and sends +the hash to the \s-1TSA.\s0 +.IP "2." 4 +The \s-1TSA\s0 attaches the current date and time to the received hash value, +signs them and sends the time stamp token back to the client. By +creating this token the \s-1TSA\s0 certifies the existence of the original +data file at the time of response generation. +.IP "3." 4 +The \s-1TSA\s0 client receives the time stamp token and verifies the +signature on it. It also checks if the token contains the same hash +value that it had sent to the \s-1TSA.\s0 +.PP +There is one \s-1DER\s0 encoded protocol data unit defined for transporting a time +stamp request to the \s-1TSA\s0 and one for sending the time stamp response +back to the client. The \fBts\fR command has three main functions: +creating a time stamp request based on a data file, +creating a time stamp response based on a request, verifying if a +response corresponds to a particular request or a data file. +.PP +There is no support for sending the requests/responses automatically +over \s-1HTTP\s0 or \s-1TCP\s0 yet as suggested in \s-1RFC 3161.\s0 The users must send the +requests either by ftp or e\-mail. +.SH "OPTIONS" +.IX Header "OPTIONS" +.SS "Time Stamp Request generation" +.IX Subsection "Time Stamp Request generation" +The \fB\-query\fR switch can be used for creating and printing a time stamp +request with the following options: +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-config\fR configfile" 4 +.IX Item "-config configfile" +The configuration file to use. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). +.IP "\fB\-data\fR file_to_hash" 4 +.IX Item "-data file_to_hash" +The data file for which the time stamp request needs to be +created. stdin is the default if neither the \fB\-data\fR nor the \fB\-digest\fR +parameter is specified. (Optional) +.IP "\fB\-digest\fR digest_bytes" 4 +.IX Item "-digest digest_bytes" +It is possible to specify the message imprint explicitly without the data +file. The imprint must be specified in a hexadecimal format, two characters +per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or +1AF601...). The number of bytes must match the message digest algorithm +in use. (Optional) +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +The message digest to apply to the data file. +Any digest supported by the OpenSSL \fBdgst\fR command can be used. +The default is \s-1SHA\-1.\s0 (Optional) +.IP "\fB\-tspolicy\fR object_id" 4 +.IX Item "-tspolicy object_id" +The policy that the client expects the \s-1TSA\s0 to use for creating the +time stamp token. Either the dotted \s-1OID\s0 notation or \s-1OID\s0 names defined +in the config file can be used. If no policy is requested the \s-1TSA\s0 will +use its own default policy. (Optional) +.IP "\fB\-no_nonce\fR" 4 +.IX Item "-no_nonce" +No nonce is specified in the request if this option is +given. Otherwise a 64 bit long pseudo-random none is +included in the request. It is recommended to use nonce to +protect against replay-attacks. (Optional) +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +The \s-1TSA\s0 is expected to include its signing certificate in the +response. (Optional) +.IP "\fB\-in\fR request.tsq" 4 +.IX Item "-in request.tsq" +This option specifies a previously created time stamp request in \s-1DER\s0 +format that will be printed into the output file. Useful when you need +to examine the content of a request in human-readable +format. (Optional) +.IP "\fB\-out\fR request.tsq" 4 +.IX Item "-out request.tsq" +Name of the output file to which the request will be written. Default +is stdout. (Optional) +.IP "\fB\-text\fR" 4 +.IX Item "-text" +If this option is specified the output is human-readable text format +instead of \s-1DER.\s0 (Optional) +.SS "Time Stamp Response generation" +.IX Subsection "Time Stamp Response generation" +A time stamp response (TimeStampResp) consists of a response status +and the time stamp token itself (ContentInfo), if the token generation was +successful. The \fB\-reply\fR command is for creating a time stamp +response or time stamp token based on a request and printing the +response/token in human-readable format. If \fB\-token_out\fR is not +specified the output is always a time stamp response (TimeStampResp), +otherwise it is a time stamp token (ContentInfo). +.IP "\fB\-config\fR configfile" 4 +.IX Item "-config configfile" +The configuration file to use. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1). +See \fB\s-1CONFIGURATION FILE OPTIONS\s0\fR for configurable variables. +.IP "\fB\-section\fR tsa_section" 4 +.IX Item "-section tsa_section" +The name of the config file section containing the settings for the +response generation. If not specified the default \s-1TSA\s0 section is +used, see \fB\s-1CONFIGURATION FILE OPTIONS\s0\fR for details. (Optional) +.IP "\fB\-queryfile\fR request.tsq" 4 +.IX Item "-queryfile request.tsq" +The name of the file containing a \s-1DER\s0 encoded time stamp request. (Optional) +.IP "\fB\-passin\fR password_src" 4 +.IX Item "-passin password_src" +Specifies the password source for the private key of the \s-1TSA.\s0 See +\&\fB\s-1PASS PHRASE ARGUMENTS\s0\fR in \fBopenssl\fR\|(1). (Optional) +.IP "\fB\-signer\fR tsa_cert.pem" 4 +.IX Item "-signer tsa_cert.pem" +The signer certificate of the \s-1TSA\s0 in \s-1PEM\s0 format. The \s-1TSA\s0 signing +certificate must have exactly one extended key usage assigned to it: +timeStamping. The extended key usage must also be critical, otherwise +the certificate is going to be refused. Overrides the \fBsigner_cert\fR +variable of the config file. (Optional) +.IP "\fB\-inkey\fR file_or_id" 4 +.IX Item "-inkey file_or_id" +The signer private key of the \s-1TSA\s0 in \s-1PEM\s0 format. Overrides the +\&\fBsigner_key\fR config file option. (Optional) +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +Signing digest to use. Overrides the \fBsigner_digest\fR config file +option. (Mandatory unless specified in the config file) +.IP "\fB\-chain\fR certs_file.pem" 4 +.IX Item "-chain certs_file.pem" +The collection of certificates in \s-1PEM\s0 format that will all +be included in the response in addition to the signer certificate if +the \fB\-cert\fR option was used for the request. This file is supposed to +contain the certificate chain for the signer certificate from its +issuer upwards. The \fB\-reply\fR command does not build a certificate +chain automatically. (Optional) +.IP "\fB\-tspolicy\fR object_id" 4 +.IX Item "-tspolicy object_id" +The default policy to use for the response unless the client +explicitly requires a particular \s-1TSA\s0 policy. The \s-1OID\s0 can be specified +either in dotted notation or with its name. Overrides the +\&\fBdefault_policy\fR config file option. (Optional) +.IP "\fB\-in\fR response.tsr" 4 +.IX Item "-in response.tsr" +Specifies a previously created time stamp response or time stamp token +(if \fB\-token_in\fR is also specified) in \s-1DER\s0 format that will be written +to the output file. This option does not require a request, it is +useful e.g. when you need to examine the content of a response or +token or you want to extract the time stamp token from a response. If +the input is a token and the output is a time stamp response a default +\&'granted' status info is added to the token. (Optional) +.IP "\fB\-token_in\fR" 4 +.IX Item "-token_in" +This flag can be used together with the \fB\-in\fR option and indicates +that the input is a \s-1DER\s0 encoded time stamp token (ContentInfo) instead +of a time stamp response (TimeStampResp). (Optional) +.IP "\fB\-out\fR response.tsr" 4 +.IX Item "-out response.tsr" +The response is written to this file. The format and content of the +file depends on other options (see \fB\-text\fR, \fB\-token_out\fR). The default is +stdout. (Optional) +.IP "\fB\-token_out\fR" 4 +.IX Item "-token_out" +The output is a time stamp token (ContentInfo) instead of time stamp +response (TimeStampResp). (Optional) +.IP "\fB\-text\fR" 4 +.IX Item "-text" +If this option is specified the output is human-readable text format +instead of \s-1DER.\s0 (Optional) +.IP "\fB\-engine\fR id" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBts\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. Default is builtin. (Optional) +.SS "Time Stamp Response verification" +.IX Subsection "Time Stamp Response verification" +The \fB\-verify\fR command is for verifying if a time stamp response or time +stamp token is valid and matches a particular time stamp request or +data file. The \fB\-verify\fR command does not use the configuration file. +.IP "\fB\-data\fR file_to_hash" 4 +.IX Item "-data file_to_hash" +The response or token must be verified against file_to_hash. The file +is hashed with the message digest algorithm specified in the token. +The \fB\-digest\fR and \fB\-queryfile\fR options must not be specified with this one. +(Optional) +.IP "\fB\-digest\fR digest_bytes" 4 +.IX Item "-digest digest_bytes" +The response or token must be verified against the message digest specified +with this option. The number of bytes must match the message digest algorithm +specified in the token. The \fB\-data\fR and \fB\-queryfile\fR options must not be +specified with this one. (Optional) +.IP "\fB\-queryfile\fR request.tsq" 4 +.IX Item "-queryfile request.tsq" +The original time stamp request in \s-1DER\s0 format. The \fB\-data\fR and \fB\-digest\fR +options must not be specified with this one. (Optional) +.IP "\fB\-in\fR response.tsr" 4 +.IX Item "-in response.tsr" +The time stamp response that needs to be verified in \s-1DER\s0 format. (Mandatory) +.IP "\fB\-token_in\fR" 4 +.IX Item "-token_in" +This flag can be used together with the \fB\-in\fR option and indicates +that the input is a \s-1DER\s0 encoded time stamp token (ContentInfo) instead +of a time stamp response (TimeStampResp). (Optional) +.IP "\fB\-CApath\fR trusted_cert_path" 4 +.IX Item "-CApath trusted_cert_path" +The name of the directory containing the trusted \s-1CA\s0 certificates of the +client. See the similar option of \fBverify\fR\|(1) for additional +details. Either this option or \fB\-CAfile\fR must be specified. (Optional) +.IP "\fB\-CAfile\fR trusted_certs.pem" 4 +.IX Item "-CAfile trusted_certs.pem" +The name of the file containing a set of trusted self-signed \s-1CA\s0 +certificates in \s-1PEM\s0 format. See the similar option of +\&\fBverify\fR\|(1) for additional details. Either this option +or \fB\-CApath\fR must be specified. +(Optional) +.IP "\fB\-untrusted\fR cert_file.pem" 4 +.IX Item "-untrusted cert_file.pem" +Set of additional untrusted certificates in \s-1PEM\s0 format which may be +needed when building the certificate chain for the \s-1TSA\s0's signing +certificate. This file must contain the \s-1TSA\s0 signing certificate and +all intermediate \s-1CA\s0 certificates unless the response includes them. +(Optional) +.IP "\fIverify options\fR" 4 +.IX Item "verify options" +The options \fB\-attime timestamp\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, +\&\fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, +\&\fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-issuer_checks\fR, \fB\-no_alt_chains\fR, +\&\fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, +\&\fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, +\&\fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, +\&\fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, +\&\fB\-verify_name\fR, and \fB\-x509_strict\fR can be used to control timestamp +verification. See \fBverify\fR\|(1). +.SH "CONFIGURATION FILE OPTIONS" +.IX Header "CONFIGURATION FILE OPTIONS" +The \fB\-query\fR and \fB\-reply\fR commands make use of a configuration file. +See \fBconfig\fR\|(5) +for a general description of the syntax of the config file. The +\&\fB\-query\fR command uses only the symbolic \s-1OID\s0 names section +and it can work without it. However, the \fB\-reply\fR command needs the +config file for its operation. +.PP +When there is a command line switch equivalent of a variable the +switch always overrides the settings in the config file. +.IP "\fBtsa\fR section, \fBdefault_tsa\fR" 4 +.IX Item "tsa section, default_tsa" +This is the main section and it specifies the name of another section +that contains all the options for the \fB\-reply\fR command. This default +section can be overridden with the \fB\-section\fR command line switch. (Optional) +.IP "\fBoid_file\fR" 4 +.IX Item "oid_file" +See \fBca\fR\|(1) for description. (Optional) +.IP "\fBoid_section\fR" 4 +.IX Item "oid_section" +See \fBca\fR\|(1) for description. (Optional) +.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +See \fBca\fR\|(1) for description. (Optional) +.IP "\fBserial\fR" 4 +.IX Item "serial" +The name of the file containing the hexadecimal serial number of the +last time stamp response created. This number is incremented by 1 for +each response. If the file does not exist at the time of response +generation a new file is created with serial number 1. (Mandatory) +.IP "\fBcrypto_device\fR" 4 +.IX Item "crypto_device" +Specifies the OpenSSL engine that will be set as the default for +all available algorithms. The default value is builtin, you can specify +any other engines supported by OpenSSL (e.g. use chil for the NCipher \s-1HSM\s0). +(Optional) +.IP "\fBsigner_cert\fR" 4 +.IX Item "signer_cert" +\&\s-1TSA\s0 signing certificate in \s-1PEM\s0 format. The same as the \fB\-signer\fR +command line option. (Optional) +.IP "\fBcerts\fR" 4 +.IX Item "certs" +A file containing a set of \s-1PEM\s0 encoded certificates that need to be +included in the response. The same as the \fB\-chain\fR command line +option. (Optional) +.IP "\fBsigner_key\fR" 4 +.IX Item "signer_key" +The private key of the \s-1TSA\s0 in \s-1PEM\s0 format. The same as the \fB\-inkey\fR +command line option. (Optional) +.IP "\fBsigner_digest\fR" 4 +.IX Item "signer_digest" +Signing digest to use. The same as the +\&\fB\-\f(BIdigest\fB\fR command line option. (Mandatory unless specified on the command +line) +.IP "\fBdefault_policy\fR" 4 +.IX Item "default_policy" +The default policy to use when the request does not mandate any +policy. The same as the \fB\-tspolicy\fR command line option. (Optional) +.IP "\fBother_policies\fR" 4 +.IX Item "other_policies" +Comma separated list of policies that are also acceptable by the \s-1TSA\s0 +and used only if the request explicitly specifies one of them. (Optional) +.IP "\fBdigests\fR" 4 +.IX Item "digests" +The list of message digest algorithms that the \s-1TSA\s0 accepts. At least +one algorithm must be specified. (Mandatory) +.IP "\fBaccuracy\fR" 4 +.IX Item "accuracy" +The accuracy of the time source of the \s-1TSA\s0 in seconds, milliseconds +and microseconds. E.g. secs:1, millisecs:500, microsecs:100. If any of +the components is missing zero is assumed for that field. (Optional) +.IP "\fBclock_precision_digits\fR" 4 +.IX Item "clock_precision_digits" +Specifies the maximum number of digits, which represent the fraction of +seconds, that need to be included in the time field. The trailing zeroes +must be removed from the time, so there might actually be fewer digits, +or no fraction of seconds at all. Supported only on \s-1UNIX\s0 platforms. +The maximum value is 6, default is 0. +(Optional) +.IP "\fBordering\fR" 4 +.IX Item "ordering" +If this option is yes the responses generated by this \s-1TSA\s0 can always +be ordered, even if the time difference between two responses is less +than the sum of their accuracies. Default is no. (Optional) +.IP "\fBtsa_name\fR" 4 +.IX Item "tsa_name" +Set this option to yes if the subject name of the \s-1TSA\s0 must be included in +the \s-1TSA\s0 name field of the response. Default is no. (Optional) +.IP "\fBess_cert_id_chain\fR" 4 +.IX Item "ess_cert_id_chain" +The SignedData objects created by the \s-1TSA\s0 always contain the +certificate identifier of the signing certificate in a signed +attribute (see \s-1RFC 2634,\s0 Enhanced Security Services). If this option +is set to yes and either the \fBcerts\fR variable or the \fB\-chain\fR option +is specified then the certificate identifiers of the chain will also +be included in the SigningCertificate signed attribute. If this +variable is set to no, only the signing certificate identifier is +included. Default is no. (Optional) +.IP "\fBess_cert_id_alg\fR" 4 +.IX Item "ess_cert_id_alg" +This option specifies the hash function to be used to calculate the \s-1TSA\s0's +public key certificate identifier. Default is sha1. (Optional) +.SH "EXAMPLES" +.IX Header "EXAMPLES" +All the examples below presume that \fB\s-1OPENSSL_CONF\s0\fR is set to a proper +configuration file, e.g. the example configuration file +openssl/apps/openssl.cnf will do. +.SS "Time Stamp Request" +.IX Subsection "Time Stamp Request" +To create a time stamp request for design1.txt with \s-1SHA\-1\s0 +without nonce and policy and no certificate is required in the response: +.PP +.Vb 2 +\& openssl ts \-query \-data design1.txt \-no_nonce \e +\& \-out design1.tsq +.Ve +.PP +To create a similar time stamp request with specifying the message imprint +explicitly: +.PP +.Vb 2 +\& openssl ts \-query \-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e +\& \-no_nonce \-out design1.tsq +.Ve +.PP +To print the content of the previous request in human readable format: +.PP +.Vb 1 +\& openssl ts \-query \-in design1.tsq \-text +.Ve +.PP +To create a time stamp request which includes the \s-1MD\-5\s0 digest +of design2.txt, requests the signer certificate and nonce, +specifies a policy id (assuming the tsa_policy1 name is defined in the +\&\s-1OID\s0 section of the config file): +.PP +.Vb 2 +\& openssl ts \-query \-data design2.txt \-md5 \e +\& \-tspolicy tsa_policy1 \-cert \-out design2.tsq +.Ve +.SS "Time Stamp Response" +.IX Subsection "Time Stamp Response" +Before generating a response a signing certificate must be created for +the \s-1TSA\s0 that contains the \fBtimeStamping\fR critical extended key usage extension +without any other key usage extensions. You can add this line to the +user certificate section of the config file to generate a proper certificate; +.PP +.Vb 1 +\& extendedKeyUsage = critical,timeStamping +.Ve +.PP +See \fBreq\fR\|(1), \fBca\fR\|(1), and \fBx509\fR\|(1) for instructions. The examples +below assume that cacert.pem contains the certificate of the \s-1CA,\s0 +tsacert.pem is the signing certificate issued by cacert.pem and +tsakey.pem is the private key of the \s-1TSA.\s0 +.PP +To create a time stamp response for a request: +.PP +.Vb 2 +\& openssl ts \-reply \-queryfile design1.tsq \-inkey tsakey.pem \e +\& \-signer tsacert.pem \-out design1.tsr +.Ve +.PP +If you want to use the settings in the config file you could just write: +.PP +.Vb 1 +\& openssl ts \-reply \-queryfile design1.tsq \-out design1.tsr +.Ve +.PP +To print a time stamp reply to stdout in human readable format: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1.tsr \-text +.Ve +.PP +To create a time stamp token instead of time stamp response: +.PP +.Vb 1 +\& openssl ts \-reply \-queryfile design1.tsq \-out design1_token.der \-token_out +.Ve +.PP +To print a time stamp token to stdout in human readable format: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1_token.der \-token_in \-text \-token_out +.Ve +.PP +To extract the time stamp token from a response: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1.tsr \-out design1_token.der \-token_out +.Ve +.PP +To add 'granted' status info to a time stamp token thereby creating a +valid response: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1_token.der \-token_in \-out design1.tsr +.Ve +.SS "Time Stamp Verification" +.IX Subsection "Time Stamp Verification" +To verify a time stamp reply against a request: +.PP +.Vb 2 +\& openssl ts \-verify \-queryfile design1.tsq \-in design1.tsr \e +\& \-CAfile cacert.pem \-untrusted tsacert.pem +.Ve +.PP +To verify a time stamp reply that includes the certificate chain: +.PP +.Vb 2 +\& openssl ts \-verify \-queryfile design2.tsq \-in design2.tsr \e +\& \-CAfile cacert.pem +.Ve +.PP +To verify a time stamp token against the original data file: + openssl ts \-verify \-data design2.txt \-in design2.tsr \e + \-CAfile cacert.pem +.PP +To verify a time stamp token against a message imprint: + openssl ts \-verify \-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e + \-in design2.tsr \-CAfile cacert.pem +.PP +You could also look at the 'test' directory for more examples. +.SH "BUGS" +.IX Header "BUGS" +.IP "\(bu" 2 +No support for time stamps over \s-1SMTP,\s0 though it is quite easy +to implement an automatic e\-mail based \s-1TSA\s0 with \fBprocmail\fR\|(1) +and \fBperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of +a separate apache module. \s-1HTTP\s0 client support is provided by +\&\fBtsget\fR\|(1). Pure \s-1TCP/IP\s0 protocol is not supported. +.IP "\(bu" 2 +The file containing the last serial number of the \s-1TSA\s0 is not +locked when being read or written. This is a problem if more than one +instance of \fBopenssl\fR\|(1) is trying to create a time stamp +response at the same time. This is not an issue when using the apache +server module, it does proper locking. +.IP "\(bu" 2 +Look for the \s-1FIXME\s0 word in the source files. +.IP "\(bu" 2 +The source code should really be reviewed by somebody else, too. +.IP "\(bu" 2 +More testing is needed, I have done only some basic tests (see +test/testtsa). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBtsget\fR\|(1), \fBopenssl\fR\|(1), \fBreq\fR\|(1), +\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBconfig\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/tsget.1 b/deps/openssl/mingw64/share/man/man1/tsget.1 new file mode 100644 index 00000000..4129953d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/tsget.1 @@ -0,0 +1,325 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "TSGET 1" +.TH TSGET 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-tsget, tsget \- Time Stamping HTTP/HTTPS client +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBtsget\fR +\&\fB\-h\fR server_url +[\fB\-e\fR extension] +[\fB\-o\fR output] +[\fB\-v\fR] +[\fB\-d\fR] +[\fB\-k\fR private_key.pem] +[\fB\-p\fR key_password] +[\fB\-c\fR client_cert.pem] +[\fB\-C\fR CA_certs.pem] +[\fB\-P\fR CA_path] +[\fB\-r\fR file:file...] +[\fB\-g\fR EGD_socket] +[request]... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBtsget\fR command can be used for sending a time stamp request, as +specified in \fB\s-1RFC 3161\s0\fR, to a time stamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing +the time stamp response in a file. This tool cannot be used for creating the +requests and verifying responses, you can use the OpenSSL \fB\fBts\fB\|(1)\fR command to +do that. \fBtsget\fR can send several requests to the server without closing +the \s-1TCP\s0 connection if more than one requests are specified on the command +line. +.PP +The tool sends the following \s-1HTTP\s0 request for each time stamp request: +.PP +.Vb 7 +\& POST url HTTP/1.1 +\& User\-Agent: OpenTSA tsget.pl/ +\& Host: : +\& Pragma: no\-cache +\& Content\-Type: application/timestamp\-query +\& Accept: application/timestamp\-reply +\& Content\-Length: length of body +\& +\& ...binary request specified by the user... +.Ve +.PP +\&\fBtsget\fR expects a response of type application/timestamp\-reply, which is +written to a file without any interpretation. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-h\fR server_url" 4 +.IX Item "-h server_url" +The \s-1URL\s0 of the \s-1HTTP/HTTPS\s0 server listening for time stamp requests. +.IP "\fB\-e\fR extension" 4 +.IX Item "-e extension" +If the \fB\-o\fR option is not given this argument specifies the extension of the +output files. The base name of the output file will be the same as those of +the input files. Default extension is '.tsr'. (Optional) +.IP "\fB\-o\fR output" 4 +.IX Item "-o output" +This option can be specified only when just one request is sent to the +server. The time stamp response will be written to the given output file. '\-' +means standard output. In case of multiple time stamp requests or the absence +of this argument the names of the output files will be derived from the names +of the input files and the default or specified extension argument. (Optional) +.IP "\fB\-v\fR" 4 +.IX Item "-v" +The name of the currently processed request is printed on standard +error. (Optional) +.IP "\fB\-d\fR" 4 +.IX Item "-d" +Switches on verbose mode for the underlying \fBcurl\fR library. You can see +detailed debug messages for the connection. (Optional) +.IP "\fB\-k\fR private_key.pem" 4 +.IX Item "-k private_key.pem" +(\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS\s0 + must contain the private key of the user. The private key +file can optionally be protected by a passphrase. The \fB\-c\fR option must also +be specified. (Optional) +.IP "\fB\-p\fR key_password" 4 +.IX Item "-p key_password" +(\s-1HTTPS\s0) Specifies the passphrase for the private key specified by the \fB\-k\fR +argument. If this option is omitted and the key is passphrase protected \fBtsget\fR +will ask for it. (Optional) +.IP "\fB\-c\fR client_cert.pem" 4 +.IX Item "-c client_cert.pem" +(\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS\s0 + must contain the X.509 certificate of the user. The \fB\-k\fR +option must also be specified. If this option is not specified no +certificate-based client authentication will take place. (Optional) +.IP "\fB\-C\fR CA_certs.pem" 4 +.IX Item "-C CA_certs.pem" +(\s-1HTTPS\s0) The trusted \s-1CA\s0 certificate store. The certificate chain of the peer's +certificate must include one of the \s-1CA\s0 certificates specified in this file. +Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS.\s0 (Optional) +.IP "\fB\-P\fR CA_path" 4 +.IX Item "-P CA_path" +(\s-1HTTPS\s0) The path containing the trusted \s-1CA\s0 certificates to verify the peer's +certificate. The directory must be prepared with the \fBc_rehash\fR +OpenSSL utility. Either option \fB\-C\fR or option \fB\-P\fR must be given in case of +\&\s-1HTTPS.\s0 (Optional) +.IP "\fB\-rand\fR file:file..." 4 +.IX Item "-rand file:file..." +The files containing random data for seeding the random number +generator. Multiple files can be specified, the separator is \fB;\fR for +MS-Windows, \fB,\fR for \s-1VMS\s0 and \fB:\fR for all other platforms. (Optional) +.IP "\fB\-g\fR EGD_socket" 4 +.IX Item "-g EGD_socket" +The name of an \s-1EGD\s0 socket to get random data from. (Optional) +.IP "[request]..." 4 +.IX Item "[request]..." +List of files containing \fB\s-1RFC 3161\s0\fR DER-encoded time stamp requests. If no +requests are specified only one request will be sent to the server and it will be +read from the standard input. (Optional) +.SH "ENVIRONMENT VARIABLES" +.IX Header "ENVIRONMENT VARIABLES" +The \fB\s-1TSGET\s0\fR environment variable can optionally contain default +arguments. The content of this variable is added to the list of command line +arguments. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The examples below presume that \fBfile1.tsq\fR and \fBfile2.tsq\fR contain valid +time stamp requests, tsa.opentsa.org listens at port 8080 for \s-1HTTP\s0 requests +and at port 8443 for \s-1HTTPS\s0 requests, the \s-1TSA\s0 service is available at the /tsa +absolute path. +.PP +Get a time stamp response for file1.tsq over \s-1HTTP,\s0 output is written to +file1.tsr: +.PP +.Vb 1 +\& tsget \-h http://tsa.opentsa.org:8080/tsa file1.tsq +.Ve +.PP +Get a time stamp response for file1.tsq and file2.tsq over \s-1HTTP\s0 showing +progress, output is written to file1.reply and file2.reply respectively: +.PP +.Vb 2 +\& tsget \-h http://tsa.opentsa.org:8080/tsa \-v \-e .reply \e +\& file1.tsq file2.tsq +.Ve +.PP +Create a time stamp request, write it to file3.tsq, send it to the server and +write the response to file3.tsr: +.PP +.Vb 3 +\& openssl ts \-query \-data file3.txt \-cert | tee file3.tsq \e +\& | tsget \-h http://tsa.opentsa.org:8080/tsa \e +\& \-o file3.tsr +.Ve +.PP +Get a time stamp response for file1.tsq over \s-1HTTPS\s0 without client +authentication: +.PP +.Vb 2 +\& tsget \-h https://tsa.opentsa.org:8443/tsa \e +\& \-C cacerts.pem file1.tsq +.Ve +.PP +Get a time stamp response for file1.tsq over \s-1HTTPS\s0 with certificate-based +client authentication (it will ask for the passphrase if client_key.pem is +protected): +.PP +.Vb 2 +\& tsget \-h https://tsa.opentsa.org:8443/tsa \-C cacerts.pem \e +\& \-k client_key.pem \-c client_cert.pem file1.tsq +.Ve +.PP +You can shorten the previous command line if you make use of the \fB\s-1TSGET\s0\fR +environment variable. The following commands do the same as the previous +example: +.PP +.Vb 4 +\& TSGET=\*(Aq\-h https://tsa.opentsa.org:8443/tsa \-C cacerts.pem \e +\& \-k client_key.pem \-c client_cert.pem\*(Aq +\& export TSGET +\& tsget file1.tsq +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\fR\|(1), \fBts\fR\|(1), \fBcurl\fR\|(1), +\&\fB\s-1RFC 3161\s0\fR +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/verify.1 b/deps/openssl/mingw64/share/man/man1/verify.1 new file mode 100644 index 00000000..65b07720 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/verify.1 @@ -0,0 +1,780 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "VERIFY 1" +.TH VERIFY 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-verify, verify \- Utility to verify certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBverify\fR +[\fB\-help\fR] +[\fB\-CAfile file\fR] +[\fB\-CApath directory\fR] +[\fB\-no\-CAfile\fR] +[\fB\-no\-CApath\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime timestamp\fR] +[\fB\-check_ss_sig\fR] +[\fB\-CRLfile file\fR] +[\fB\-crl_download\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-engine id\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-nameopt option\fR] +[\fB\-no_check_time\fR] +[\fB\-partial_chain\fR] +[\fB\-policy arg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose purpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-untrusted file\fR] +[\fB\-trusted file\fR] +[\fB\-use_deltas\fR] +[\fB\-verbose\fR] +[\fB\-auth_level level\fR] +[\fB\-verify_depth num\fR] +[\fB\-verify_email email\fR] +[\fB\-verify_hostname hostname\fR] +[\fB\-verify_ip ip\fR] +[\fB\-verify_name name\fR] +[\fB\-x509_strict\fR] +[\fB\-show_chain\fR] +[\fB\-\fR] +[certificates] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBverify\fR command verifies certificate chains. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +A \fBfile\fR of trusted certificates. +The file should contain one or more certificates in \s-1PEM\s0 format. +.IP "\fB\-CApath directory\fR" 4 +.IX Item "-CApath directory" +A directory of trusted certificates. The certificates should have names +of the form: hash.0 or have symbolic links to them of this +form (\*(L"hash\*(R" is the hashed certificate subject name: see the \fB\-hash\fR option +of the \fBx509\fR utility). Under Unix the \fBc_rehash\fR script will automatically +create symbolic links to a directory of certificates. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the trusted \s-1CA\s0 certificates from the default file location. +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not load the trusted \s-1CA\s0 certificates from the default directory location. +.IP "\fB\-allow_proxy_certs\fR" 4 +.IX Item "-allow_proxy_certs" +Allow the verification of proxy certificates. +.IP "\fB\-attime timestamp\fR" 4 +.IX Item "-attime timestamp" +Perform validation checks using time specified by \fBtimestamp\fR and not +current system time. \fBtimestamp\fR is the number of seconds since +01.01.1970 (\s-1UNIX\s0 time). +.IP "\fB\-check_ss_sig\fR" 4 +.IX Item "-check_ss_sig" +Verify the signature on the self-signed root \s-1CA.\s0 This is disabled by default +because it doesn't add any security. +.IP "\fB\-CRLfile file\fR" 4 +.IX Item "-CRLfile file" +The \fBfile\fR should contain one or more CRLs in \s-1PEM\s0 format. +This option can be specified more than once to include CRLs from multiple +\&\fBfiles\fR. +.IP "\fB\-crl_download\fR" 4 +.IX Item "-crl_download" +Attempt to download \s-1CRL\s0 information for this certificate. +.IP "\fB\-crl_check\fR" 4 +.IX Item "-crl_check" +Checks end entity certificate validity by attempting to look up a valid \s-1CRL.\s0 +If a valid \s-1CRL\s0 cannot be found an error occurs. +.IP "\fB\-crl_check_all\fR" 4 +.IX Item "-crl_check_all" +Checks the validity of \fBall\fR certificates in the chain by attempting +to look up valid CRLs. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine \fBid\fR will cause \fBverify\fR\|(1) to attempt to load the +specified engine. +The engine will then be set as the default for all its supported algorithms. +If you want to load certificates or CRLs that require engine support via any of +the \fB\-trusted\fR, \fB\-untrusted\fR or \fB\-CRLfile\fR options, the \fB\-engine\fR option +must be specified before those options. +.IP "\fB\-explicit_policy\fR" 4 +.IX Item "-explicit_policy" +Set policy variable require-explicit-policy (see \s-1RFC5280\s0). +.IP "\fB\-extended_crl\fR" 4 +.IX Item "-extended_crl" +Enable extended \s-1CRL\s0 features such as indirect CRLs and alternate \s-1CRL\s0 +signing keys. +.IP "\fB\-ignore_critical\fR" 4 +.IX Item "-ignore_critical" +Normally if an unhandled critical extension is present which is not +supported by OpenSSL the certificate is rejected (as required by \s-1RFC5280\s0). +If this option is set critical extensions are ignored. +.IP "\fB\-inhibit_any\fR" 4 +.IX Item "-inhibit_any" +Set policy variable inhibit-any-policy (see \s-1RFC5280\s0). +.IP "\fB\-inhibit_map\fR" 4 +.IX Item "-inhibit_map" +Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0). +.IP "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +Option which determines how the subject or issuer names are displayed. The +\&\fBoption\fR argument can be a single option or multiple options separated by +commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to +set multiple options. See the \fBx509\fR\|(1) manual page for details. +.IP "\fB\-no_check_time\fR" 4 +.IX Item "-no_check_time" +This option suppresses checking the validity period of certificates and CRLs +against the current time. If option \fB\-attime timestamp\fR is used to specify +a verification time, the check is not suppressed. +.IP "\fB\-partial_chain\fR" 4 +.IX Item "-partial_chain" +Allow verification to succeed even if a \fIcomplete\fR chain cannot be built to a +self-signed trust-anchor, provided it is possible to construct a chain to a +trusted certificate that might not be self-signed. +.IP "\fB\-policy arg\fR" 4 +.IX Item "-policy arg" +Enable policy processing and add \fBarg\fR to the user-initial-policy-set (see +\&\s-1RFC5280\s0). The policy \fBarg\fR can be an object name an \s-1OID\s0 in numeric form. +This argument can appear more than once. +.IP "\fB\-policy_check\fR" 4 +.IX Item "-policy_check" +Enables certificate policy processing. +.IP "\fB\-policy_print\fR" 4 +.IX Item "-policy_print" +Print out diagnostics related to policy processing. +.IP "\fB\-purpose purpose\fR" 4 +.IX Item "-purpose purpose" +The intended use for the certificate. If this option is not specified, +\&\fBverify\fR will not consider certificate purpose during chain verification. +Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, \fBnssslserver\fR, +\&\fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY OPERATION\s0\fR section for more +information. +.IP "\fB\-suiteB_128_only\fR, \fB\-suiteB_128\fR, \fB\-suiteB_192\fR" 4 +.IX Item "-suiteB_128_only, -suiteB_128, -suiteB_192" +Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or +192 bit, or only 192 bit Level of Security respectively. +See \s-1RFC6460\s0 for details. In particular the supported signature algorithms are +reduced to support only \s-1ECDSA\s0 and \s-1SHA256\s0 or \s-1SHA384\s0 and only the elliptic curves +P\-256 and P\-384. +.IP "\fB\-trusted_first\fR" 4 +.IX Item "-trusted_first" +When constructing the certificate chain, use the trusted certificates specified +via \fB\-CAfile\fR, \fB\-CApath\fR or \fB\-trusted\fR before any certificates specified via +\&\fB\-untrusted\fR. +This can be useful in environments with Bridge or Cross-Certified CAs. +As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. +.IP "\fB\-no_alt_chains\fR" 4 +.IX Item "-no_alt_chains" +By default, unless \fB\-trusted_first\fR is specified, when building a certificate +chain, if the first certificate chain found is not trusted, then OpenSSL will +attempt to replace untrusted issuer certificates with certificates from the +trust store to see if an alternative chain can be found that is trusted. +As of OpenSSL 1.1.0, with \fB\-trusted_first\fR always on, this option has no +effect. +.IP "\fB\-untrusted file\fR" 4 +.IX Item "-untrusted file" +A \fBfile\fR of additional untrusted certificates (intermediate issuer CAs) used +to construct a certificate chain from the subject certificate to a trust-anchor. +The \fBfile\fR should contain one or more certificates in \s-1PEM\s0 format. +This option can be specified more than once to include untrusted certificates +from multiple \fBfiles\fR. +.IP "\fB\-trusted file\fR" 4 +.IX Item "-trusted file" +A \fBfile\fR of trusted certificates, which must be self-signed, unless the +\&\fB\-partial_chain\fR option is specified. +The \fBfile\fR contains one or more certificates in \s-1PEM\s0 format. +With this option, no additional (e.g., default) certificate lists are +consulted. +That is, the only trust-anchors are those listed in \fBfile\fR. +This option can be specified more than once to include trusted certificates +from multiple \fBfiles\fR. +This option implies the \fB\-no\-CAfile\fR and \fB\-no\-CApath\fR options. +This option cannot be used in combination with either of the \fB\-CAfile\fR or +\&\fB\-CApath\fR options. +.IP "\fB\-use_deltas\fR" 4 +.IX Item "-use_deltas" +Enable support for delta CRLs. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra information about the operations being performed. +.IP "\fB\-auth_level level\fR" 4 +.IX Item "-auth_level level" +Set the certificate chain authentication security level to \fBlevel\fR. +The authentication security level determines the acceptable signature and +public key strength when verifying certificate chains. +For a certificate chain to validate, the public keys of all the certificates +must meet the specified security \fBlevel\fR. +The signature algorithm security level is enforced for all the certificates in +the chain except for the chain's \fItrust anchor\fR, which is either directly +trusted or validated by means other than its signature. +See \fBSSL_CTX_set_security_level\fR\|(3) for the definitions of the available +levels. +The default security level is \-1, or \*(L"not set\*(R". +At security level 0 or lower all algorithms are acceptable. +Security level 1 requires at least 80\-bit\-equivalent security and is broadly +interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 keys +shorter than 1024 bits. +.IP "\fB\-verify_depth num\fR" 4 +.IX Item "-verify_depth num" +Limit the certificate chain to \fBnum\fR intermediate \s-1CA\s0 certificates. +A maximal depth chain can have up to \fBnum+2\fR certificates, since neither the +end-entity certificate nor the trust-anchor certificate count against the +\&\fB\-verify_depth\fR limit. +.IP "\fB\-verify_email email\fR" 4 +.IX Item "-verify_email email" +Verify if the \fBemail\fR matches the email address in Subject Alternative Name or +the email in the subject Distinguished Name. +.IP "\fB\-verify_hostname hostname\fR" 4 +.IX Item "-verify_hostname hostname" +Verify if the \fBhostname\fR matches \s-1DNS\s0 name in Subject Alternative Name or +Common Name in the subject certificate. +.IP "\fB\-verify_ip ip\fR" 4 +.IX Item "-verify_ip ip" +Verify if the \fBip\fR matches the \s-1IP\s0 address in Subject Alternative Name of +the subject certificate. +.IP "\fB\-verify_name name\fR" 4 +.IX Item "-verify_name name" +Use default verification policies like trust model and required certificate +policies identified by \fBname\fR. +The trust model determines which auxiliary trust or reject OIDs are applicable +to verifying the given certificate chain. +See the \fB\-addtrust\fR and \fB\-addreject\fR options of the \fBx509\fR\|(1) command-line +utility. +Supported policy names include: \fBdefault\fR, \fBpkcs7\fR, \fBsmime_sign\fR, +\&\fBssl_client\fR, \fBssl_server\fR. +These mimics the combinations of purpose and trust settings used in \s-1SSL, CMS\s0 +and S/MIME. +As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not +specified, so the \fB\-verify_name\fR options are functionally equivalent to the +corresponding \fB\-purpose\fR settings. +.IP "\fB\-x509_strict\fR" 4 +.IX Item "-x509_strict" +For strict X.509 compliance, disable non-compliant workarounds for broken +certificates. +.IP "\fB\-show_chain\fR" 4 +.IX Item "-show_chain" +Display information about the certificate chain that has been built (if +successful). Certificates in the chain that came from the untrusted list will be +flagged as \*(L"untrusted\*(R". +.IP "\fB\-\fR" 4 +.IX Item "-" +Indicates the last option. All arguments following this are assumed to be +certificate files. This is useful if the first certificate filename begins +with a \fB\-\fR. +.IP "\fBcertificates\fR" 4 +.IX Item "certificates" +One or more certificates to verify. If no certificates are given, \fBverify\fR +will attempt to read a certificate from standard input. Certificates must be +in \s-1PEM\s0 format. +.SH "VERIFY OPERATION" +.IX Header "VERIFY OPERATION" +The \fBverify\fR program uses the same functions as the internal \s-1SSL\s0 and S/MIME +verification, therefore this description applies to these verify operations +too. +.PP +There is one crucial difference between the verify operations performed +by the \fBverify\fR program: wherever possible an attempt is made to continue +after an error whereas normally the verify operation would halt on the +first error. This allows all the problems with a certificate chain to be +determined. +.PP +The verify operation consists of a number of separate steps. +.PP +Firstly a certificate chain is built up starting from the supplied certificate +and ending in the root \s-1CA.\s0 +It is an error if the whole chain cannot be built up. +The chain is built up by looking up the issuers certificate of the current +certificate. +If a certificate is found which is its own issuer it is assumed to be the root +\&\s-1CA.\s0 +.PP +The process of 'looking up the issuers certificate' itself involves a number of +steps. +After all certificates whose subject name matches the issuer name of the current +certificate are subject to further tests. +The relevant authority key identifier components of the current certificate (if +present) must match the subject key identifier (if present) and issuer and +serial number of the candidate issuer, in addition the keyUsage extension of +the candidate issuer (if present) must permit certificate signing. +.PP +The lookup first looks in the list of untrusted certificates and if no match +is found the remaining lookups are from the trusted certificates. The root \s-1CA\s0 +is always looked up in the trusted certificate list: if the certificate to +verify is a root certificate then an exact match must be found in the trusted +list. +.PP +The second operation is to check every untrusted certificate's extensions for +consistency with the supplied purpose. If the \fB\-purpose\fR option is not included +then no checks are done. The supplied or \*(L"leaf\*(R" certificate must have extensions +compatible with the supplied purpose and all other certificates must also be valid +\&\s-1CA\s0 certificates. The precise extensions required are described in more detail in +the \fB\s-1CERTIFICATE EXTENSIONS\s0\fR section of the \fBx509\fR utility. +.PP +The third operation is to check the trust settings on the root \s-1CA.\s0 The root \s-1CA\s0 +should be trusted for the supplied purpose. +For compatibility with previous versions of OpenSSL, a certificate with no +trust settings is considered to be valid for all purposes. +.PP +The final operation is to check the validity of the certificate chain. The validity +period is checked against the current system time and the notBefore and notAfter +dates in the certificate. The certificate signatures are also checked at this +point. +.PP +If all operations complete successfully then certificate is considered valid. If +any operation fails then the certificate is not valid. +.SH "DIAGNOSTICS" +.IX Header "DIAGNOSTICS" +When a verify operation fails the output messages can be somewhat cryptic. The +general form of the error message is: +.PP +.Vb 2 +\& server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) +\& error 24 at 1 depth lookup:invalid CA certificate +.Ve +.PP +The first line contains the name of the certificate being verified followed by +the subject name of the certificate. The second line contains the error number +and the depth. The depth is number of the certificate being verified when a +problem was detected starting with zero for the certificate being verified itself +then 1 for the \s-1CA\s0 that signed the certificate and so on. Finally a text version +of the error number is presented. +.PP +A partial list of the error codes and messages is shown below, this also +includes the name of the error code as defined in the header file x509_vfy.h +Some of the error codes are defined but never returned: these are described +as \*(L"unused\*(R". +.IP "\fBX509_V_OK\fR" 4 +.IX Item "X509_V_OK" +The operation was successful. +.IP "\fBX509_V_ERR_UNSPECIFIED\fR" 4 +.IX Item "X509_V_ERR_UNSPECIFIED" +Unspecified error; should not happen. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT" +The issuer certificate of a looked up certificate could not be found. This +normally means the list of trusted certificates is not complete. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL" +The \s-1CRL\s0 of a certificate could not be found. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE" +The certificate signature could not be decrypted. This means that the +actual signature value could not be determined rather than it not matching +the expected value, this is only meaningful for \s-1RSA\s0 keys. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE" +The \s-1CRL\s0 signature could not be decrypted: this means that the actual +signature value could not be determined rather than it not matching the +expected value. Unused. +.IP "\fBX509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY" +The public key in the certificate SubjectPublicKeyInfo could not be read. +.IP "\fBX509_V_ERR_CERT_SIGNATURE_FAILURE\fR" 4 +.IX Item "X509_V_ERR_CERT_SIGNATURE_FAILURE" +The signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CRL_SIGNATURE_FAILURE\fR" 4 +.IX Item "X509_V_ERR_CRL_SIGNATURE_FAILURE" +The signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CERT_NOT_YET_VALID\fR" 4 +.IX Item "X509_V_ERR_CERT_NOT_YET_VALID" +The certificate is not yet valid: the notBefore date is after the +current time. +.IP "\fBX509_V_ERR_CERT_HAS_EXPIRED\fR" 4 +.IX Item "X509_V_ERR_CERT_HAS_EXPIRED" +The certificate has expired: that is the notAfter date is before the +current time. +.IP "\fBX509_V_ERR_CRL_NOT_YET_VALID\fR" 4 +.IX Item "X509_V_ERR_CRL_NOT_YET_VALID" +The \s-1CRL\s0 is not yet valid. +.IP "\fBX509_V_ERR_CRL_HAS_EXPIRED\fR" 4 +.IX Item "X509_V_ERR_CRL_HAS_EXPIRED" +The \s-1CRL\s0 has expired. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD" +The certificate notBefore field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD" +The certificate notAfter field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD" +The \s-1CRL\s0 lastUpdate field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD" +The \s-1CRL\s0 nextUpdate field contains an invalid time. +.IP "\fBX509_V_ERR_OUT_OF_MEM\fR" 4 +.IX Item "X509_V_ERR_OUT_OF_MEM" +An error occurred trying to allocate memory. This should never happen. +.IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT\fR" 4 +.IX Item "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT" +The passed certificate is self-signed and the same certificate cannot +be found in the list of trusted certificates. +.IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN\fR" 4 +.IX Item "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN" +The certificate chain could be built up using the untrusted certificates +but the root could not be found locally. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY" +The issuer certificate could not be found: this occurs if the issuer +certificate of an untrusted certificate cannot be found. +.IP "\fBX509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE" +No signatures could be verified because the chain contains only one +certificate and it is not self signed. +.IP "\fBX509_V_ERR_CERT_CHAIN_TOO_LONG\fR" 4 +.IX Item "X509_V_ERR_CERT_CHAIN_TOO_LONG" +The certificate chain length is greater than the supplied maximum +depth. Unused. +.IP "\fBX509_V_ERR_CERT_REVOKED\fR" 4 +.IX Item "X509_V_ERR_CERT_REVOKED" +The certificate has been revoked. +.IP "\fBX509_V_ERR_INVALID_CA\fR" 4 +.IX Item "X509_V_ERR_INVALID_CA" +A \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions +are not consistent with the supplied purpose. +.IP "\fBX509_V_ERR_PATH_LENGTH_EXCEEDED\fR" 4 +.IX Item "X509_V_ERR_PATH_LENGTH_EXCEEDED" +The basicConstraints pathlength parameter has been exceeded. +.IP "\fBX509_V_ERR_INVALID_PURPOSE\fR" 4 +.IX Item "X509_V_ERR_INVALID_PURPOSE" +The supplied certificate cannot be used for the specified purpose. +.IP "\fBX509_V_ERR_CERT_UNTRUSTED\fR" 4 +.IX Item "X509_V_ERR_CERT_UNTRUSTED" +The root \s-1CA\s0 is not marked as trusted for the specified purpose. +.IP "\fBX509_V_ERR_CERT_REJECTED\fR" 4 +.IX Item "X509_V_ERR_CERT_REJECTED" +The root \s-1CA\s0 is marked to reject the specified purpose. +.IP "\fBX509_V_ERR_SUBJECT_ISSUER_MISMATCH\fR" 4 +.IX Item "X509_V_ERR_SUBJECT_ISSUER_MISMATCH" +Not used as of OpenSSL 1.1.0 as a result of the deprecation of the +\&\fB\-issuer_checks\fR option. +.IP "\fBX509_V_ERR_AKID_SKID_MISMATCH\fR" 4 +.IX Item "X509_V_ERR_AKID_SKID_MISMATCH" +Not used as of OpenSSL 1.1.0 as a result of the deprecation of the +\&\fB\-issuer_checks\fR option. +.IP "\fBX509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH\fR" 4 +.IX Item "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH" +Not used as of OpenSSL 1.1.0 as a result of the deprecation of the +\&\fB\-issuer_checks\fR option. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_CERTSIGN\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_CERTSIGN" +Not used as of OpenSSL 1.1.0 as a result of the deprecation of the +\&\fB\-issuer_checks\fR option. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL_ISSUER\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER" +Unable to get \s-1CRL\s0 issuer certificate. +.IP "\fBX509_V_ERR_UNHANDLED_CRITICAL_EXTENSION\fR" 4 +.IX Item "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION" +Unhandled critical extension. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_CRL_SIGN\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN" +Key usage does not include \s-1CRL\s0 signing. +.IP "\fBX509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION\fR" 4 +.IX Item "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION" +Unhandled critical \s-1CRL\s0 extension. +.IP "\fBX509_V_ERR_INVALID_NON_CA\fR" 4 +.IX Item "X509_V_ERR_INVALID_NON_CA" +Invalid non-CA certificate has \s-1CA\s0 markings. +.IP "\fBX509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED\fR" 4 +.IX Item "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED" +Proxy path length constraint exceeded. +.IP "\fBX509_V_ERR_PROXY_SUBJECT_INVALID\fR" 4 +.IX Item "X509_V_ERR_PROXY_SUBJECT_INVALID" +Proxy certificate subject is invalid. It \s-1MUST\s0 be the same as the issuer +with a single \s-1CN\s0 component added. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE" +Key usage does not include digital signature. +.IP "\fBX509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED\fR" 4 +.IX Item "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED" +Proxy certificates not allowed, please use \fB\-allow_proxy_certs\fR. +.IP "\fBX509_V_ERR_INVALID_EXTENSION\fR" 4 +.IX Item "X509_V_ERR_INVALID_EXTENSION" +Invalid or inconsistent certificate extension. +.IP "\fBX509_V_ERR_INVALID_POLICY_EXTENSION\fR" 4 +.IX Item "X509_V_ERR_INVALID_POLICY_EXTENSION" +Invalid or inconsistent certificate policy extension. +.IP "\fBX509_V_ERR_NO_EXPLICIT_POLICY\fR" 4 +.IX Item "X509_V_ERR_NO_EXPLICIT_POLICY" +No explicit policy. +.IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE\fR" 4 +.IX Item "X509_V_ERR_DIFFERENT_CRL_SCOPE" +Different \s-1CRL\s0 scope. +.IP "\fBX509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE" +Unsupported extension feature. +.IP "\fBX509_V_ERR_UNNESTED_RESOURCE\fR" 4 +.IX Item "X509_V_ERR_UNNESTED_RESOURCE" +\&\s-1RFC 3779\s0 resource not subset of parent's resources. +.IP "\fBX509_V_ERR_PERMITTED_VIOLATION\fR" 4 +.IX Item "X509_V_ERR_PERMITTED_VIOLATION" +Permitted subtree violation. +.IP "\fBX509_V_ERR_EXCLUDED_VIOLATION\fR" 4 +.IX Item "X509_V_ERR_EXCLUDED_VIOLATION" +Excluded subtree violation. +.IP "\fBX509_V_ERR_SUBTREE_MINMAX\fR" 4 +.IX Item "X509_V_ERR_SUBTREE_MINMAX" +Name constraints minimum and maximum not supported. +.IP "\fBX509_V_ERR_APPLICATION_VERIFICATION\fR" 4 +.IX Item "X509_V_ERR_APPLICATION_VERIFICATION" +Application verification failure. Unused. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE" +Unsupported name constraint type. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX" +Unsupported or invalid name constraint syntax. +.IP "\fBX509_V_ERR_UNSUPPORTED_NAME_SYNTAX\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX" +Unsupported or invalid name syntax. +.IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR\fR" 4 +.IX Item "X509_V_ERR_CRL_PATH_VALIDATION_ERROR" +\&\s-1CRL\s0 path validation error. +.IP "\fBX509_V_ERR_PATH_LOOP\fR" 4 +.IX Item "X509_V_ERR_PATH_LOOP" +Path loop. +.IP "\fBX509_V_ERR_SUITE_B_INVALID_VERSION\fR" 4 +.IX Item "X509_V_ERR_SUITE_B_INVALID_VERSION" +Suite B: certificate version invalid. +.IP "\fBX509_V_ERR_SUITE_B_INVALID_ALGORITHM\fR" 4 +.IX Item "X509_V_ERR_SUITE_B_INVALID_ALGORITHM" +Suite B: invalid public key algorithm. +.IP "\fBX509_V_ERR_SUITE_B_INVALID_CURVE\fR" 4 +.IX Item "X509_V_ERR_SUITE_B_INVALID_CURVE" +Suite B: invalid \s-1ECC\s0 curve. +.IP "\fBX509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM\fR" 4 +.IX Item "X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM" +Suite B: invalid signature algorithm. +.IP "\fBX509_V_ERR_SUITE_B_LOS_NOT_ALLOWED\fR" 4 +.IX Item "X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED" +Suite B: curve not allowed for this \s-1LOS.\s0 +.IP "\fBX509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256\fR" 4 +.IX Item "X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256" +Suite B: cannot sign P\-384 with P\-256. +.IP "\fBX509_V_ERR_HOSTNAME_MISMATCH\fR" 4 +.IX Item "X509_V_ERR_HOSTNAME_MISMATCH" +Hostname mismatch. +.IP "\fBX509_V_ERR_EMAIL_MISMATCH\fR" 4 +.IX Item "X509_V_ERR_EMAIL_MISMATCH" +Email address mismatch. +.IP "\fBX509_V_ERR_IP_ADDRESS_MISMATCH\fR" 4 +.IX Item "X509_V_ERR_IP_ADDRESS_MISMATCH" +\&\s-1IP\s0 address mismatch. +.IP "\fBX509_V_ERR_DANE_NO_MATCH\fR" 4 +.IX Item "X509_V_ERR_DANE_NO_MATCH" +\&\s-1DANE TLSA\s0 authentication is enabled, but no \s-1TLSA\s0 records matched the +certificate chain. +This error is only possible in \fBs_client\fR\|(1). +.IP "\fBX509_V_ERR_EE_KEY_TOO_SMALL\fR" 4 +.IX Item "X509_V_ERR_EE_KEY_TOO_SMALL" +\&\s-1EE\s0 certificate key too weak. +.IP "\fBX509_ERR_CA_KEY_TOO_SMALL\fR" 4 +.IX Item "X509_ERR_CA_KEY_TOO_SMALL" +\&\s-1CA\s0 certificate key too weak. +.IP "\fBX509_ERR_CA_MD_TOO_WEAK\fR" 4 +.IX Item "X509_ERR_CA_MD_TOO_WEAK" +\&\s-1CA\s0 signature digest algorithm too weak. +.IP "\fBX509_V_ERR_INVALID_CALL\fR" 4 +.IX Item "X509_V_ERR_INVALID_CALL" +nvalid certificate verification context. +.IP "\fBX509_V_ERR_STORE_LOOKUP\fR" 4 +.IX Item "X509_V_ERR_STORE_LOOKUP" +Issuer certificate lookup error. +.IP "\fBX509_V_ERR_NO_VALID_SCTS\fR" 4 +.IX Item "X509_V_ERR_NO_VALID_SCTS" +Certificate Transparency required, but no valid SCTs found. +.IP "\fBX509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION\fR" 4 +.IX Item "X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION" +Proxy subject name violation. +.IP "\fBX509_V_ERR_OCSP_VERIFY_NEEDED\fR" 4 +.IX Item "X509_V_ERR_OCSP_VERIFY_NEEDED" +Returned by the verify callback to indicate an \s-1OCSP\s0 verification is needed. +.IP "\fBX509_V_ERR_OCSP_VERIFY_FAILED\fR" 4 +.IX Item "X509_V_ERR_OCSP_VERIFY_FAILED" +Returned by the verify callback to indicate \s-1OCSP\s0 verification failed. +.IP "\fBX509_V_ERR_OCSP_CERT_UNKNOWN\fR" 4 +.IX Item "X509_V_ERR_OCSP_CERT_UNKNOWN" +Returned by the verify callback to indicate that the certificate is not recognized +by the \s-1OCSP\s0 responder. +.SH "BUGS" +.IX Header "BUGS" +Although the issuer checks are a considerable improvement over the old +technique they still suffer from limitations in the underlying X509_LOOKUP +\&\s-1API.\s0 One consequence of this is that trusted certificates with matching +subject name must either appear in a file (as specified by the \fB\-CAfile\fR +option) or a directory (as specified by \fB\-CApath\fR). If they occur in +both then only the certificates in the file will be recognised. +.PP +Previous versions of OpenSSL assume certificates with matching subject +name are identical and mishandled them. +.PP +Previous versions of this documentation swapped the meaning of the +\&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT\fR and +\&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY\fR error codes. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBx509\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-show_chain\fR option was added in OpenSSL 1.1.0. +.PP +The \fB\-issuer_checks\fR option is deprecated as of OpenSSL 1.1.0 and +is silently ignored. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/version.1 b/deps/openssl/mingw64/share/man/man1/version.1 new file mode 100644 index 00000000..909783b5 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/version.1 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "VERSION 1" +.TH VERSION 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-version, version \- print OpenSSL version information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl version\fR +[\fB\-help\fR] +[\fB\-a\fR] +[\fB\-v\fR] +[\fB\-b\fR] +[\fB\-o\fR] +[\fB\-f\fR] +[\fB\-p\fR] +[\fB\-d\fR] +[\fB\-e\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to print out version information about OpenSSL. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-a\fR" 4 +.IX Item "-a" +All information, this is the same as setting all the other flags. +.IP "\fB\-v\fR" 4 +.IX Item "-v" +The current OpenSSL version. +.IP "\fB\-b\fR" 4 +.IX Item "-b" +The date the current version of OpenSSL was built. +.IP "\fB\-o\fR" 4 +.IX Item "-o" +Option information: various options set when the library was built. +.IP "\fB\-f\fR" 4 +.IX Item "-f" +Compilation flags. +.IP "\fB\-p\fR" 4 +.IX Item "-p" +Platform setting. +.IP "\fB\-d\fR" 4 +.IX Item "-d" +\&\s-1OPENSSLDIR\s0 setting. +.IP "\fB\-e\fR" 4 +.IX Item "-e" +\&\s-1ENGINESDIR\s0 setting. +.SH "NOTES" +.IX Header "NOTES" +The output of \fBopenssl version \-a\fR would typically be used when sending +in a bug report. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man1/x509.1 b/deps/openssl/mingw64/share/man/man1/x509.1 new file mode 100644 index 00000000..a493207e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man1/x509.1 @@ -0,0 +1,955 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509 1" +.TH X509 1 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-x509, x509 \- Certificate display and signing utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBx509\fR +[\fB\-help\fR] +[\fB\-inform DER|PEM\fR] +[\fB\-outform DER|PEM\fR] +[\fB\-keyform DER|PEM|ENGINE\fR] +[\fB\-CAform DER|PEM\fR] +[\fB\-CAkeyform DER|PEM\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-serial\fR] +[\fB\-hash\fR] +[\fB\-subject_hash\fR] +[\fB\-issuer_hash\fR] +[\fB\-ocspid\fR] +[\fB\-subject\fR] +[\fB\-issuer\fR] +[\fB\-nameopt option\fR] +[\fB\-email\fR] +[\fB\-ocsp_uri\fR] +[\fB\-startdate\fR] +[\fB\-enddate\fR] +[\fB\-purpose\fR] +[\fB\-dates\fR] +[\fB\-checkend num\fR] +[\fB\-modulus\fR] +[\fB\-pubkey\fR] +[\fB\-fingerprint\fR] +[\fB\-alias\fR] +[\fB\-noout\fR] +[\fB\-trustout\fR] +[\fB\-clrtrust\fR] +[\fB\-clrreject\fR] +[\fB\-addtrust arg\fR] +[\fB\-addreject arg\fR] +[\fB\-setalias arg\fR] +[\fB\-days arg\fR] +[\fB\-set_serial n\fR] +[\fB\-signkey arg\fR] +[\fB\-passin arg\fR] +[\fB\-x509toreq\fR] +[\fB\-req\fR] +[\fB\-CA filename\fR] +[\fB\-CAkey filename\fR] +[\fB\-CAcreateserial\fR] +[\fB\-CAserial filename\fR] +[\fB\-force_pubkey key\fR] +[\fB\-text\fR] +[\fB\-ext extensions\fR] +[\fB\-certopt option\fR] +[\fB\-C\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-clrext\fR] +[\fB\-extfile filename\fR] +[\fB\-extensions section\fR] +[\fB\-sigopt nm:v\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] +[\fB\-engine id\fR] +[\fB\-preserve_dates\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBx509\fR command is a multi purpose certificate utility. It can be +used to display certificate information, convert certificates to +various forms, sign certificate requests like a \*(L"mini \s-1CA\*(R"\s0 or edit +certificate trust settings. +.PP +Since there are a large number of options they will split up into +various sections. +.SH "OPTIONS" +.IX Header "OPTIONS" +.SS "Input, Output, and General Purpose Options" +.IX Subsection "Input, Output, and General Purpose Options" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format normally the command will expect an X509 +certificate but this can change if other options such as \fB\-req\fR are +present. The \s-1DER\s0 format is the \s-1DER\s0 encoding of the certificate and \s-1PEM\s0 +is the base64 encoding of the \s-1DER\s0 encoding with header and footer lines +added. The default format is \s-1PEM.\s0 +.IP "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning and default +as the \fB\-inform\fR option. +.IP "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a certificate from or standard input +if this option is not specified. +.IP "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write to or standard output by +default. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +The digest to use. +This affects any signing or display option that uses a message +digest, such as the \fB\-fingerprint\fR, \fB\-signkey\fR and \fB\-CA\fR options. +Any digest supported by the OpenSSL \fBdgst\fR command can be used. +If not specified then \s-1SHA1\s0 is used with \fB\-fingerprint\fR or +the default digest for the signing algorithm is used, typically \s-1SHA256.\s0 +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. +.IP "\fB\-engine id\fR" 4 +.IX Item "-engine id" +Specifying an engine (by its unique \fBid\fR string) will cause \fBx509\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.IP "\fB\-preserve_dates\fR" 4 +.IX Item "-preserve_dates" +When signing a certificate, preserve the \*(L"notBefore\*(R" and \*(L"notAfter\*(R" dates instead +of adjusting them to current time and duration. Cannot be used with the \fB\-days\fR option. +.SS "Display Options" +.IX Subsection "Display Options" +Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options +but are described in the \fB\s-1TRUST SETTINGS\s0\fR section. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the certificate in text form. Full details are output including the +public key, signature algorithms, issuer and subject names, serial number +any extensions present and any trust settings. +.IP "\fB\-ext extensions\fR" 4 +.IX Item "-ext extensions" +Prints out the certificate extensions in text form. Extensions are specified +with a comma separated string, e.g., \*(L"subjectAltName,subjectKeyIdentifier\*(R". +See the \fBx509v3_config\fR\|(5) manual page for the extension names. +.IP "\fB\-certopt option\fR" 4 +.IX Item "-certopt option" +Customise the output format used with \fB\-text\fR. The \fBoption\fR argument +can be a single option or multiple options separated by commas. The +\&\fB\-certopt\fR switch may be also be used more than once to set multiple +options. See the \fB\s-1TEXT OPTIONS\s0\fR section for more information. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the certificate. +.IP "\fB\-pubkey\fR" 4 +.IX Item "-pubkey" +Outputs the certificate's SubjectPublicKeyInfo block in \s-1PEM\s0 format. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the modulus of the public key +contained in the certificate. +.IP "\fB\-serial\fR" 4 +.IX Item "-serial" +Outputs the certificate serial number. +.IP "\fB\-subject_hash\fR" 4 +.IX Item "-subject_hash" +Outputs the \*(L"hash\*(R" of the certificate subject name. This is used in OpenSSL to +form an index to allow certificates in a directory to be looked up by subject +name. +.IP "\fB\-issuer_hash\fR" 4 +.IX Item "-issuer_hash" +Outputs the \*(L"hash\*(R" of the certificate issuer name. +.IP "\fB\-ocspid\fR" 4 +.IX Item "-ocspid" +Outputs the \s-1OCSP\s0 hash values for the subject name and public key. +.IP "\fB\-hash\fR" 4 +.IX Item "-hash" +Synonym for \*(L"\-subject_hash\*(R" for backward compatibility reasons. +.IP "\fB\-subject_hash_old\fR" 4 +.IX Item "-subject_hash_old" +Outputs the \*(L"hash\*(R" of the certificate subject name using the older algorithm +as used by OpenSSL before version 1.0.0. +.IP "\fB\-issuer_hash_old\fR" 4 +.IX Item "-issuer_hash_old" +Outputs the \*(L"hash\*(R" of the certificate issuer name using the older algorithm +as used by OpenSSL before version 1.0.0. +.IP "\fB\-subject\fR" 4 +.IX Item "-subject" +Outputs the subject name. +.IP "\fB\-issuer\fR" 4 +.IX Item "-issuer" +Outputs the issuer name. +.IP "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +Option which determines how the subject or issuer names are displayed. The +\&\fBoption\fR argument can be a single option or multiple options separated by +commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to +set multiple options. See the \fB\s-1NAME OPTIONS\s0\fR section for more information. +.IP "\fB\-email\fR" 4 +.IX Item "-email" +Outputs the email address(es) if any. +.IP "\fB\-ocsp_uri\fR" 4 +.IX Item "-ocsp_uri" +Outputs the \s-1OCSP\s0 responder address(es) if any. +.IP "\fB\-startdate\fR" 4 +.IX Item "-startdate" +Prints out the start date of the certificate, that is the notBefore date. +.IP "\fB\-enddate\fR" 4 +.IX Item "-enddate" +Prints out the expiry date of the certificate, that is the notAfter date. +.IP "\fB\-dates\fR" 4 +.IX Item "-dates" +Prints out the start and expiry dates of a certificate. +.IP "\fB\-checkend arg\fR" 4 +.IX Item "-checkend arg" +Checks if the certificate expires within the next \fBarg\fR seconds and exits +non-zero if yes it will expire or zero if not. +.IP "\fB\-fingerprint\fR" 4 +.IX Item "-fingerprint" +Calculates and outputs the digest of the \s-1DER\s0 encoded version of the entire +certificate (see digest options). +This is commonly called a \*(L"fingerprint\*(R". Because of the nature of message +digests, the fingerprint of a certificate is unique to that certificate and +two certificates with the same fingerprint can be considered to be the same. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This outputs the certificate in the form of a C source file. +.SS "Trust Settings" +.IX Subsection "Trust Settings" +A \fBtrusted certificate\fR is an ordinary certificate which has several +additional pieces of information attached to it such as the permitted +and prohibited uses of the certificate and an \*(L"alias\*(R". +.PP +Normally when a certificate is being verified at least one certificate +must be \*(L"trusted\*(R". By default a trusted certificate must be stored +locally and must be a root \s-1CA:\s0 any certificate chain ending in this \s-1CA\s0 +is then usable for any purpose. +.PP +Trust settings currently are only used with a root \s-1CA.\s0 They allow a finer +control over the purposes the root \s-1CA\s0 can be used for. For example a \s-1CA\s0 +may be trusted for \s-1SSL\s0 client but not \s-1SSL\s0 server use. +.PP +See the description of the \fBverify\fR utility for more information on the +meaning of trust settings. +.PP +Future versions of OpenSSL will recognize trust settings on any +certificate: not just root CAs. +.IP "\fB\-trustout\fR" 4 +.IX Item "-trustout" +This causes \fBx509\fR to output a \fBtrusted\fR certificate. An ordinary +or trusted certificate can be input but by default an ordinary +certificate is output and any trust settings are discarded. With the +\&\fB\-trustout\fR option a trusted certificate is output. A trusted +certificate is automatically output if any trust settings are modified. +.IP "\fB\-setalias arg\fR" 4 +.IX Item "-setalias arg" +Sets the alias of the certificate. This will allow the certificate +to be referred to using a nickname for example \*(L"Steve's Certificate\*(R". +.IP "\fB\-alias\fR" 4 +.IX Item "-alias" +Outputs the certificate alias, if any. +.IP "\fB\-clrtrust\fR" 4 +.IX Item "-clrtrust" +Clears all the permitted or trusted uses of the certificate. +.IP "\fB\-clrreject\fR" 4 +.IX Item "-clrreject" +Clears all the prohibited or rejected uses of the certificate. +.IP "\fB\-addtrust arg\fR" 4 +.IX Item "-addtrust arg" +Adds a trusted certificate use. +Any object name can be used here but currently only \fBclientAuth\fR (\s-1SSL\s0 client +use), \fBserverAuth\fR (\s-1SSL\s0 server use), \fBemailProtection\fR (S/MIME email) and +\&\fBanyExtendedKeyUsage\fR are used. +As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or +enables all purposes when trusted. +Other OpenSSL applications may define additional uses. +.IP "\fB\-addreject arg\fR" 4 +.IX Item "-addreject arg" +Adds a prohibited use. It accepts the same values as the \fB\-addtrust\fR +option. +.IP "\fB\-purpose\fR" 4 +.IX Item "-purpose" +This option performs tests on the certificate extensions and outputs +the results. For a more complete description see the \fB\s-1CERTIFICATE +EXTENSIONS\s0\fR section. +.SS "Signing Options" +.IX Subsection "Signing Options" +The \fBx509\fR utility can be used to sign certificates and requests: it +can thus behave like a \*(L"mini \s-1CA\*(R".\s0 +.IP "\fB\-signkey arg\fR" 4 +.IX Item "-signkey arg" +This option causes the input file to be self signed using the supplied +private key or engine. The private key's format is specified with the +\&\fB\-keyform\fR option. +.Sp +If the input file is a certificate it sets the issuer name to the +subject name (i.e. makes it self signed) changes the public key to the +supplied value and changes the start and end dates. The start date is +set to the current time and the end date is set to a value determined +by the \fB\-days\fR option. Any certificate extensions are retained unless +the \fB\-clrext\fR option is supplied; this includes, for example, any existing +key identifier extensions. +.Sp +If the input is a certificate request then a self signed certificate +is created using the supplied private key using the subject name in +the request. +.IP "\fB\-sigopt nm:v\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +The key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1). +.IP "\fB\-clrext\fR" 4 +.IX Item "-clrext" +Delete any extensions from a certificate. This option is used when a +certificate is being created from another certificate (for example with +the \fB\-signkey\fR or the \fB\-CA\fR options). Normally all extensions are +retained. +.IP "\fB\-keyform PEM|DER|ENGINE\fR" 4 +.IX Item "-keyform PEM|DER|ENGINE" +Specifies the format (\s-1DER\s0 or \s-1PEM\s0) of the private key file used in the +\&\fB\-signkey\fR option. +.IP "\fB\-days arg\fR" 4 +.IX Item "-days arg" +Specifies the number of days to make a certificate valid for. The default +is 30 days. Cannot be used with the \fB\-preserve_dates\fR option. +.IP "\fB\-x509toreq\fR" 4 +.IX Item "-x509toreq" +Converts a certificate into a certificate request. The \fB\-signkey\fR option +is used to pass the required private key. +.IP "\fB\-req\fR" 4 +.IX Item "-req" +By default a certificate is expected on input. With this option a +certificate request is expected instead. +.IP "\fB\-set_serial n\fR" 4 +.IX Item "-set_serial n" +Specifies the serial number to use. This option can be used with either +the \fB\-signkey\fR or \fB\-CA\fR options. If used in conjunction with the \fB\-CA\fR +option the serial number file (as specified by the \fB\-CAserial\fR or +\&\fB\-CAcreateserial\fR options) is not used. +.Sp +The serial number can be decimal or hex (if preceded by \fB0x\fR). +.IP "\fB\-CA filename\fR" 4 +.IX Item "-CA filename" +Specifies the \s-1CA\s0 certificate to be used for signing. When this option is +present \fBx509\fR behaves like a \*(L"mini \s-1CA\*(R".\s0 The input file is signed by this +\&\s-1CA\s0 using this option: that is its issuer name is set to the subject name +of the \s-1CA\s0 and it is digitally signed using the CAs private key. +.Sp +This option is normally combined with the \fB\-req\fR option. Without the +\&\fB\-req\fR option the input is a certificate which must be self signed. +.IP "\fB\-CAkey filename\fR" 4 +.IX Item "-CAkey filename" +Sets the \s-1CA\s0 private key to sign a certificate with. If this option is +not specified then it is assumed that the \s-1CA\s0 private key is present in +the \s-1CA\s0 certificate file. +.IP "\fB\-CAserial filename\fR" 4 +.IX Item "-CAserial filename" +Sets the \s-1CA\s0 serial number file to use. +.Sp +When the \fB\-CA\fR option is used to sign a certificate it uses a serial +number specified in a file. This file consists of one line containing +an even number of hex digits with the serial number to use. After each +use the serial number is incremented and written out to the file again. +.Sp +The default filename consists of the \s-1CA\s0 certificate file base name with +\&\*(L".srl\*(R" appended. For example if the \s-1CA\s0 certificate file is called +\&\*(L"mycacert.pem\*(R" it expects to find a serial number file called \*(L"mycacert.srl\*(R". +.IP "\fB\-CAcreateserial\fR" 4 +.IX Item "-CAcreateserial" +With this option the \s-1CA\s0 serial number file is created if it does not exist: +it will contain the serial number \*(L"02\*(R" and the certificate being signed will +have the 1 as its serial number. If the \fB\-CA\fR option is specified +and the serial number file does not exist a random number is generated; +this is the recommended practice. +.IP "\fB\-extfile filename\fR" 4 +.IX Item "-extfile filename" +File containing certificate extensions to use. If not specified then +no extensions are added to the certificate. +.IP "\fB\-extensions section\fR" 4 +.IX Item "-extensions section" +The section to add certificate extensions from. If this option is not +specified then the extensions should either be contained in the unnamed +(default) section or the default section should contain a variable called +\&\*(L"extensions\*(R" which contains the section to use. See the +\&\fBx509v3_config\fR\|(5) manual page for details of the +extension section format. +.IP "\fB\-force_pubkey key\fR" 4 +.IX Item "-force_pubkey key" +When a certificate is created set its public key to \fBkey\fR instead of the +key in the certificate or certificate request. This option is useful for +creating certificates where the algorithm can't normally sign requests, for +example \s-1DH.\s0 +.Sp +The format or \fBkey\fR can be specified using the \fB\-keyform\fR option. +.SS "Name Options" +.IX Subsection "Name Options" +The \fBnameopt\fR command line switch determines how the subject and issuer +names are displayed. If no \fBnameopt\fR switch is present the default \*(L"oneline\*(R" +format is used which is compatible with previous versions of OpenSSL. +Each option is described in detail below, all options can be preceded by +a \fB\-\fR to turn the option off. Only the first four will normally be used. +.IP "\fBcompat\fR" 4 +.IX Item "compat" +Use the old format. +.IP "\fB\s-1RFC2253\s0\fR" 4 +.IX Item "RFC2253" +Displays names compatible with \s-1RFC2253\s0 equivalent to \fBesc_2253\fR, \fBesc_ctrl\fR, +\&\fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR, \fBdump_unknown\fR, \fBdump_der\fR, +\&\fBsep_comma_plus\fR, \fBdn_rev\fR and \fBsname\fR. +.IP "\fBoneline\fR" 4 +.IX Item "oneline" +A oneline format which is more readable than \s-1RFC2253.\s0 It is equivalent to +specifying the \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR, +\&\fBdump_der\fR, \fBuse_quote\fR, \fBsep_comma_plus_space\fR, \fBspace_eq\fR and \fBsname\fR +options. This is the \fIdefault\fR of no name options are given explicitly. +.IP "\fBmultiline\fR" 4 +.IX Item "multiline" +A multiline format. It is equivalent \fBesc_ctrl\fR, \fBesc_msb\fR, \fBsep_multiline\fR, +\&\fBspace_eq\fR, \fBlname\fR and \fBalign\fR. +.IP "\fBesc_2253\fR" 4 +.IX Item "esc_2253" +Escape the \*(L"special\*(R" characters required by \s-1RFC2253\s0 in a field. That is +\&\fB,+"<>;\fR. Additionally \fB#\fR is escaped at the beginning of a string +and a space character at the beginning or end of a string. +.IP "\fBesc_2254\fR" 4 +.IX Item "esc_2254" +Escape the \*(L"special\*(R" characters required by \s-1RFC2254\s0 in a field. That is +the \fB\s-1NUL\s0\fR character as well as and \fB()*\fR. +.IP "\fBesc_ctrl\fR" 4 +.IX Item "esc_ctrl" +Escape control characters. That is those with \s-1ASCII\s0 values less than +0x20 (space) and the delete (0x7f) character. They are escaped using the +\&\s-1RFC2253\s0 \eXX notation (where \s-1XX\s0 are two hex digits representing the +character value). +.IP "\fBesc_msb\fR" 4 +.IX Item "esc_msb" +Escape characters with the \s-1MSB\s0 set, that is with \s-1ASCII\s0 values larger than +127. +.IP "\fBuse_quote\fR" 4 +.IX Item "use_quote" +Escapes some characters by surrounding the whole string with \fB"\fR characters, +without the option all escaping is done with the \fB\e\fR character. +.IP "\fButf8\fR" 4 +.IX Item "utf8" +Convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253.\s0 If +you are lucky enough to have a \s-1UTF8\s0 compatible terminal then the use +of this option (and \fBnot\fR setting \fBesc_msb\fR) may result in the correct +display of multibyte (international) characters. Is this option is not +present then multibyte characters larger than 0xff will be represented +using the format \eUXXXX for 16 bits and \eWXXXXXXXX for 32 bits. +Also if this option is off any UTF8Strings will be converted to their +character form first. +.IP "\fBignore_type\fR" 4 +.IX Item "ignore_type" +This option does not attempt to interpret multibyte characters in any +way. That is their content octets are merely dumped as though one octet +represents each character. This is useful for diagnostic purposes but +will result in rather odd looking output. +.IP "\fBshow_type\fR" 4 +.IX Item "show_type" +Show the type of the \s-1ASN1\s0 character string. The type precedes the +field contents. For example \*(L"\s-1BMPSTRING:\s0 Hello World\*(R". +.IP "\fBdump_der\fR" 4 +.IX Item "dump_der" +When this option is set any fields that need to be hexdumped will +be dumped using the \s-1DER\s0 encoding of the field. Otherwise just the +content octets will be displayed. Both options use the \s-1RFC2253\s0 +\&\fB#XXXX...\fR format. +.IP "\fBdump_nostr\fR" 4 +.IX Item "dump_nostr" +Dump non character string types (for example \s-1OCTET STRING\s0) if this +option is not set then non character string types will be displayed +as though each content octet represents a single character. +.IP "\fBdump_all\fR" 4 +.IX Item "dump_all" +Dump all fields. This option when used with \fBdump_der\fR allows the +\&\s-1DER\s0 encoding of the structure to be unambiguously determined. +.IP "\fBdump_unknown\fR" 4 +.IX Item "dump_unknown" +Dump any field whose \s-1OID\s0 is not recognised by OpenSSL. +.IP "\fBsep_comma_plus\fR, \fBsep_comma_plus_space\fR, \fBsep_semi_plus_space\fR, \fBsep_multiline\fR" 4 +.IX Item "sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space, sep_multiline" +These options determine the field separators. The first character is +between RDNs and the second between multiple AVAs (multiple AVAs are +very rare and their use is discouraged). The options ending in +\&\*(L"space\*(R" additionally place a space after the separator to make it +more readable. The \fBsep_multiline\fR uses a linefeed character for +the \s-1RDN\s0 separator and a spaced \fB+\fR for the \s-1AVA\s0 separator. It also +indents the fields by four characters. If no field separator is specified +then \fBsep_comma_plus_space\fR is used by default. +.IP "\fBdn_rev\fR" 4 +.IX Item "dn_rev" +Reverse the fields of the \s-1DN.\s0 This is required by \s-1RFC2253.\s0 As a side +effect this also reverses the order of multiple AVAs but this is +permissible. +.IP "\fBnofname\fR, \fBsname\fR, \fBlname\fR, \fBoid\fR" 4 +.IX Item "nofname, sname, lname, oid" +These options alter how the field name is displayed. \fBnofname\fR does +not display the field at all. \fBsname\fR uses the \*(L"short name\*(R" form +(\s-1CN\s0 for commonName for example). \fBlname\fR uses the long form. +\&\fBoid\fR represents the \s-1OID\s0 in numerical form and is useful for +diagnostic purpose. +.IP "\fBalign\fR" 4 +.IX Item "align" +Align field values for a more readable output. Only usable with +\&\fBsep_multiline\fR. +.IP "\fBspace_eq\fR" 4 +.IX Item "space_eq" +Places spaces round the \fB=\fR character which follows the field +name. +.SS "Text Options" +.IX Subsection "Text Options" +As well as customising the name output format, it is also possible to +customise the actual fields printed using the \fBcertopt\fR options when +the \fBtext\fR option is present. The default behaviour is to print all fields. +.IP "\fBcompatible\fR" 4 +.IX Item "compatible" +Use the old format. This is equivalent to specifying no output options at all. +.IP "\fBno_header\fR" 4 +.IX Item "no_header" +Don't print header information: that is the lines saying \*(L"Certificate\*(R" +and \*(L"Data\*(R". +.IP "\fBno_version\fR" 4 +.IX Item "no_version" +Don't print out the version number. +.IP "\fBno_serial\fR" 4 +.IX Item "no_serial" +Don't print out the serial number. +.IP "\fBno_signame\fR" 4 +.IX Item "no_signame" +Don't print out the signature algorithm used. +.IP "\fBno_validity\fR" 4 +.IX Item "no_validity" +Don't print the validity, that is the \fBnotBefore\fR and \fBnotAfter\fR fields. +.IP "\fBno_subject\fR" 4 +.IX Item "no_subject" +Don't print out the subject name. +.IP "\fBno_issuer\fR" 4 +.IX Item "no_issuer" +Don't print out the issuer name. +.IP "\fBno_pubkey\fR" 4 +.IX Item "no_pubkey" +Don't print out the public key. +.IP "\fBno_sigdump\fR" 4 +.IX Item "no_sigdump" +Don't give a hexadecimal dump of the certificate signature. +.IP "\fBno_aux\fR" 4 +.IX Item "no_aux" +Don't print out certificate trust information. +.IP "\fBno_extensions\fR" 4 +.IX Item "no_extensions" +Don't print out any X509V3 extensions. +.IP "\fBext_default\fR" 4 +.IX Item "ext_default" +Retain default extension behaviour: attempt to print out unsupported +certificate extensions. +.IP "\fBext_error\fR" 4 +.IX Item "ext_error" +Print an error message for unsupported certificate extensions. +.IP "\fBext_parse\fR" 4 +.IX Item "ext_parse" +\&\s-1ASN1\s0 parse unsupported extensions. +.IP "\fBext_dump\fR" 4 +.IX Item "ext_dump" +Hex dump unsupported extensions. +.IP "\fBca_default\fR" 4 +.IX Item "ca_default" +The value used by the \fBca\fR utility, equivalent to \fBno_issuer\fR, \fBno_pubkey\fR, +\&\fBno_header\fR, and \fBno_version\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Note: in these examples the '\e' means the example should be all on one +line. +.PP +Display the contents of a certificate: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-text +.Ve +.PP +Display the \*(L"Subject Alternative Name\*(R" extension of a certificate: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-ext subjectAltName +.Ve +.PP +Display more extensions of a certificate: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-ext subjectAltName,nsCertType +.Ve +.PP +Display the certificate serial number: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-serial +.Ve +.PP +Display the certificate subject name: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-subject +.Ve +.PP +Display the certificate subject name in \s-1RFC2253\s0 form: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-subject \-nameopt RFC2253 +.Ve +.PP +Display the certificate subject name in oneline form on a terminal +supporting \s-1UTF8:\s0 +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-subject \-nameopt oneline,\-esc_msb +.Ve +.PP +Display the certificate \s-1SHA1\s0 fingerprint: +.PP +.Vb 1 +\& openssl x509 \-sha1 \-in cert.pem \-noout \-fingerprint +.Ve +.PP +Convert a certificate from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-inform PEM \-out cert.der \-outform DER +.Ve +.PP +Convert a certificate to a certificate request: +.PP +.Vb 1 +\& openssl x509 \-x509toreq \-in cert.pem \-out req.pem \-signkey key.pem +.Ve +.PP +Convert a certificate request into a self signed certificate using +extensions for a \s-1CA:\s0 +.PP +.Vb 2 +\& openssl x509 \-req \-in careq.pem \-extfile openssl.cnf \-extensions v3_ca \e +\& \-signkey key.pem \-out cacert.pem +.Ve +.PP +Sign a certificate request using the \s-1CA\s0 certificate above and add user +certificate extensions: +.PP +.Vb 2 +\& openssl x509 \-req \-in req.pem \-extfile openssl.cnf \-extensions v3_usr \e +\& \-CA cacert.pem \-CAkey key.pem \-CAcreateserial +.Ve +.PP +Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to +\&\*(L"Steve's Class 1 \s-1CA\*(R"\s0 +.PP +.Vb 2 +\& openssl x509 \-in cert.pem \-addtrust clientAuth \e +\& \-setalias "Steve\*(Aqs Class 1 CA" \-out trust.pem +.Ve +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 format uses the header and footer lines: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.Ve +.PP +it will also handle files containing: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN X509 CERTIFICATE\-\-\-\-\- +\& \-\-\-\-\-END X509 CERTIFICATE\-\-\-\-\- +.Ve +.PP +Trusted certificates have the lines +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN TRUSTED CERTIFICATE\-\-\-\-\- +\& \-\-\-\-\-END TRUSTED CERTIFICATE\-\-\-\-\- +.Ve +.PP +The conversion to \s-1UTF8\s0 format used with the name options assumes that +T61Strings use the \s-1ISO8859\-1\s0 character set. This is wrong but Netscape +and \s-1MSIE\s0 do this as do many certificates. So although this is incorrect +it is more likely to display the majority of certificates correctly. +.PP +The \fB\-email\fR option searches the subject name and the subject alternative +name extension. Only unique email addresses will be printed out: it will +not print the same address more than once. +.SH "CERTIFICATE EXTENSIONS" +.IX Header "CERTIFICATE EXTENSIONS" +The \fB\-purpose\fR option checks the certificate extensions and determines +what the certificate can be used for. The actual checks done are rather +complex and include various hacks and workarounds to handle broken +certificates and software. +.PP +The same code is used when verifying untrusted certificates in chains +so this section is useful if a chain is rejected by the verify code. +.PP +The basicConstraints extension \s-1CA\s0 flag is used to determine whether the +certificate can be used as a \s-1CA.\s0 If the \s-1CA\s0 flag is true then it is a \s-1CA,\s0 +if the \s-1CA\s0 flag is false then it is not a \s-1CA.\s0 \fBAll\fR CAs should have the +\&\s-1CA\s0 flag set to true. +.PP +If the basicConstraints extension is absent then the certificate is +considered to be a \*(L"possible \s-1CA\*(R"\s0 other extensions are checked according +to the intended use of the certificate. A warning is given in this case +because the certificate should really not be regarded as a \s-1CA:\s0 however +it is allowed to be a \s-1CA\s0 to work around some broken software. +.PP +If the certificate is a V1 certificate (and thus has no extensions) and +it is self signed it is also assumed to be a \s-1CA\s0 but a warning is again +given: this is to work around the problem of Verisign roots which are V1 +self signed certificates. +.PP +If the keyUsage extension is present then additional restraints are +made on the uses of the certificate. A \s-1CA\s0 certificate \fBmust\fR have the +keyCertSign bit set if the keyUsage extension is present. +.PP +The extended key usage extension places additional restrictions on the +certificate uses. If this extension is present (whether critical or not) +the key can only be used for the purposes specified. +.PP +A complete description of each test is given below. The comments about +basicConstraints and keyUsage and V1 certificates above apply to \fBall\fR +\&\s-1CA\s0 certificates. +.IP "\fB\s-1SSL\s0 Client\fR" 4 +.IX Item "SSL Client" +The extended key usage extension must be absent or include the \*(L"web client +authentication\*(R" \s-1OID.\s0 keyUsage must be absent or it must have the +digitalSignature bit set. Netscape certificate type must be absent or it must +have the \s-1SSL\s0 client bit set. +.IP "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4 +.IX Item "SSL Client CA" +The extended key usage extension must be absent or include the \*(L"web client +authentication\*(R" \s-1OID.\s0 Netscape certificate type must be absent or it must have +the \s-1SSL CA\s0 bit set: this is used as a work around if the basicConstraints +extension is absent. +.IP "\fB\s-1SSL\s0 Server\fR" 4 +.IX Item "SSL Server" +The extended key usage extension must be absent or include the \*(L"web server +authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. keyUsage must be absent or it +must have the digitalSignature, the keyEncipherment set or both bits set. +Netscape certificate type must be absent or have the \s-1SSL\s0 server bit set. +.IP "\fB\s-1SSL\s0 Server \s-1CA\s0\fR" 4 +.IX Item "SSL Server CA" +The extended key usage extension must be absent or include the \*(L"web server +authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. Netscape certificate type must +be absent or the \s-1SSL CA\s0 bit must be set: this is used as a work around if the +basicConstraints extension is absent. +.IP "\fBNetscape \s-1SSL\s0 Server\fR" 4 +.IX Item "Netscape SSL Server" +For Netscape \s-1SSL\s0 clients to connect to an \s-1SSL\s0 server it must have the +keyEncipherment bit set if the keyUsage extension is present. This isn't +always valid because some cipher suites use the key for digital signing. +Otherwise it is the same as a normal \s-1SSL\s0 server. +.IP "\fBCommon S/MIME Client Tests\fR" 4 +.IX Item "Common S/MIME Client Tests" +The extended key usage extension must be absent or include the \*(L"email +protection\*(R" \s-1OID.\s0 Netscape certificate type must be absent or should have the +S/MIME bit set. If the S/MIME bit is not set in Netscape certificate type +then the \s-1SSL\s0 client bit is tolerated as an alternative but a warning is shown: +this is because some Verisign certificates don't set the S/MIME bit. +.IP "\fBS/MIME Signing\fR" 4 +.IX Item "S/MIME Signing" +In addition to the common S/MIME client tests the digitalSignature bit or +the nonRepudiation bit must be set if the keyUsage extension is present. +.IP "\fBS/MIME Encryption\fR" 4 +.IX Item "S/MIME Encryption" +In addition to the common S/MIME tests the keyEncipherment bit must be set +if the keyUsage extension is present. +.IP "\fBS/MIME \s-1CA\s0\fR" 4 +.IX Item "S/MIME CA" +The extended key usage extension must be absent or include the \*(L"email +protection\*(R" \s-1OID.\s0 Netscape certificate type must be absent or must have the +S/MIME \s-1CA\s0 bit set: this is used as a work around if the basicConstraints +extension is absent. +.IP "\fB\s-1CRL\s0 Signing\fR" 4 +.IX Item "CRL Signing" +The keyUsage extension must be absent or it must have the \s-1CRL\s0 signing bit +set. +.IP "\fB\s-1CRL\s0 Signing \s-1CA\s0\fR" 4 +.IX Item "CRL Signing CA" +The normal \s-1CA\s0 tests apply. Except in this case the basicConstraints extension +must be present. +.SH "BUGS" +.IX Header "BUGS" +Extensions in certificates are not transferred to certificate requests and +vice versa. +.PP +It is possible to produce invalid certificates or requests by specifying the +wrong private key or using inconsistent options in some cases: these should +be checked. +.PP +There should be options to explicitly set such things as start and end +dates rather than an offset from the current time. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBreq\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1), +\&\fBgendsa\fR\|(1), \fBverify\fR\|(1), +\&\fBx509v3_config\fR\|(5) +.SH "HISTORY" +.IX Header "HISTORY" +The hash algorithm used in the \fB\-subject_hash\fR and \fB\-issuer_hash\fR options +before OpenSSL 1.0.0 was based on the deprecated \s-1MD5\s0 algorithm and the encoding +of the distinguished name. In OpenSSL 1.0.0 and later it is based on a +canonical version of the \s-1DN\s0 using \s-1SHA1.\s0 This means that any directories using +the old form must have their links rebuilt using \fBc_rehash\fR or similar. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ADMISSIONS.3 b/deps/openssl/mingw64/share/man/man3/ADMISSIONS.3 new file mode 100644 index 00000000..7024dc09 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ADMISSIONS.3 @@ -0,0 +1,280 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ADMISSIONS 3" +.TH ADMISSIONS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ADMISSIONS, ADMISSIONS_get0_admissionAuthority, ADMISSIONS_get0_namingAuthority, ADMISSIONS_get0_professionInfos, ADMISSIONS_set0_admissionAuthority, ADMISSIONS_set0_namingAuthority, ADMISSIONS_set0_professionInfos, ADMISSION_SYNTAX, ADMISSION_SYNTAX_get0_admissionAuthority, ADMISSION_SYNTAX_get0_contentsOfAdmissions, ADMISSION_SYNTAX_set0_admissionAuthority, ADMISSION_SYNTAX_set0_contentsOfAdmissions, NAMING_AUTHORITY, NAMING_AUTHORITY_get0_authorityId, NAMING_AUTHORITY_get0_authorityURL, NAMING_AUTHORITY_get0_authorityText, NAMING_AUTHORITY_set0_authorityId, NAMING_AUTHORITY_set0_authorityURL, NAMING_AUTHORITY_set0_authorityText, PROFESSION_INFO, PROFESSION_INFOS, PROFESSION_INFO_get0_addProfessionInfo, PROFESSION_INFO_get0_namingAuthority, PROFESSION_INFO_get0_professionItems, PROFESSION_INFO_get0_professionOIDs, PROFESSION_INFO_get0_registrationNumber, PROFESSION_INFO_set0_addProfessionInfo, PROFESSION_INFO_set0_namingAuthority, PROFESSION_INFO_set0_professionItems, PROFESSION_INFO_set0_professionOIDs, PROFESSION_INFO_set0_registrationNumber \&\- Accessors and settors for ADMISSION_SYNTAX +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 5 +\& typedef struct NamingAuthority_st NAMING_AUTHORITY; +\& typedef struct ProfessionInfo_st PROFESSION_INFO; +\& typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; +\& typedef struct Admissions_st ADMISSIONS; +\& typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; +\& +\& const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( +\& const NAMING_AUTHORITY *n); +\& void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, +\& ASN1_OBJECT* namingAuthorityId); +\& const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( +\& const NAMING_AUTHORITY *n); +\& void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, +\& ASN1_IA5STRING* namingAuthorityUrl); +\& const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( +\& const NAMING_AUTHORITY *n); +\& void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, +\& ASN1_STRING* namingAuthorityText); +\& +\& const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( +\& const ADMISSION_SYNTAX *as); +\& void ADMISSION_SYNTAX_set0_admissionAuthority( +\& ADMISSION_SYNTAX *as, GENERAL_NAME *aa); +\& const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( +\& const ADMISSION_SYNTAX *as); +\& void ADMISSION_SYNTAX_set0_contentsOfAdmissions( +\& ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); +\& +\& const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); +\& void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); +\& const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); +\& void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); +\& const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); +\& void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); +\& +\& const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_addProfessionInfo( +\& PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); +\& const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_namingAuthority( +\& PROFESSION_INFO *pi, NAMING_AUTHORITY *na); +\& const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_professionItems( +\& PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); +\& const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_professionOIDs( +\& PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); +\& const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_registrationNumber( +\& PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1PROFESSION_INFOS\s0\fR, \fB\s-1ADMISSION_SYNTAX\s0\fR, \fB\s-1ADMISSIONS\s0\fR, and +\&\fB\s-1PROFESSION_INFO\s0\fR types are opaque structures representing the +analogous types defined in the Common \s-1PKI\s0 Specification published +by . +Knowledge of those structures and their semantics is assumed. +.PP +The conventional routines to convert between \s-1DER\s0 and the local format +are described in \fBd2i_X509\fR\|(3). +The conventional routines to allocate and free the types are defined +in \fBX509_dup\fR\|(3). +.PP +The \fB\s-1PROFESSION_INFOS\s0\fR type is a stack of \fB\s-1PROFESSION_INFO\s0\fR; see +\&\s-1\fBDEFINE_STACK_OF\s0\fR\|(3) for details. +.PP +The \fB\s-1NAMING_AUTHORITY\s0\fR type has an authority \s-1ID\s0 and \s-1URL,\s0 and text fields. +The \fBNAMING_AUTHORITY_get0_authorityId()\fR, +\&\fBNAMING_AUTHORITY_get0_get0_authorityURL()\fR, and +\&\fBNAMING_AUTHORITY_get0_get0_authorityText()\fR, functions return pointers +to those values within the object. +The \fBNAMING_AUTHORITY_set0_authorityId()\fR, +\&\fBNAMING_AUTHORITY_set0_get0_authorityURL()\fR, and +\&\fBNAMING_AUTHORITY_set0_get0_authorityText()\fR, +functions free any existing value and set the pointer to the specified value. +.PP +The \fB\s-1ADMISSION_SYNTAX\s0\fR type has an authority name and a stack of +\&\fB\s-1ADMISSION\s0\fR objects. +The \fBADMISSION_SYNTAX_get0_admissionAuthority()\fR +and \fBADMISSION_SYNTAX_get0_contentsOfAdmissions()\fR functions return pointers +to those values within the object. +The +\&\fBADMISSION_SYNTAX_set0_admissionAuthority()\fR and +\&\fBADMISSION_SYNTAX_set0_contentsOfAdmissions()\fR +functions free any existing value and set the pointer to the specified value. +.PP +The \fB\s-1ADMISSION\s0\fR type has an authority name, authority object, and a +stack of \fB\s-1PROFESSION_INFO\s0\fR items. +The \fBADMISSIONS_get0_admissionAuthority()\fR, \fBADMISSIONS_get0_namingAuthority()\fR, +and \fBADMISSIONS_get0_professionInfos()\fR +functions return pointers to those values within the object. +The +\&\fBADMISSIONS_set0_admissionAuthority()\fR, +\&\fBADMISSIONS_set0_namingAuthority()\fR, and +\&\fBADMISSIONS_set0_professionInfos()\fR +functions free any existing value and set the pointer to the specified value. +.PP +The \fB\s-1PROFESSION_INFO\s0\fR type has a name authority, stacks of +profession Items and OIDs, a registration number, and additional +profession info. +The functions \fBPROFESSION_INFO_get0_addProfessionInfo()\fR, +\&\fBPROFESSION_INFO_get0_namingAuthority()\fR, \fBPROFESSION_INFO_get0_professionItems()\fR, +\&\fBPROFESSION_INFO_get0_professionOIDs()\fR, and +\&\fBPROFESSION_INFO_get0_registrationNumber()\fR +functions return pointers to those values within the object. +The +\&\fBPROFESSION_INFO_set0_addProfessionInfo()\fR, +\&\fBPROFESSION_INFO_set0_namingAuthority()\fR, +\&\fBPROFESSION_INFO_set0_professionItems()\fR, +\&\fBPROFESSION_INFO_set0_professionOIDs()\fR, and +\&\fBPROFESSION_INFO_set0_registrationNumber()\fR +functions free any existing value and set the pointer to the specified value. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Described above. +Note that all of the \fIget0\fR functions return a pointer to the internal data +structure and must not be freed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_dup\fR\|(3), +\&\fBd2i_X509\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ASN1_INTEGER_get_int64.3 b/deps/openssl/mingw64/share/man/man3/ASN1_INTEGER_get_int64.3 new file mode 100644 index 00000000..2aa52a5d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ASN1_INTEGER_get_int64.3 @@ -0,0 +1,260 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_INTEGER_GET_INT64 3" +.TH ASN1_INTEGER_GET_INT64 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN \&\- ASN.1 INTEGER and ENUMERATED utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +\& long ASN1_INTEGER_get(const ASN1_INTEGER *a); +\& +\& int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +\& int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v); +\& +\& int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +\& int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); +\& +\& ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +\& BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); +\& +\& int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); +\& long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +\& +\& int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); +\& int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +\& +\& ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); +\& BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions convert to and from \fB\s-1ASN1_INTEGER\s0\fR and \fB\s-1ASN1_ENUMERATED\s0\fR +structures. +.PP +\&\fBASN1_INTEGER_get_int64()\fR converts an \fB\s-1ASN1_INTEGER\s0\fR into an \fBint64_t\fR type +If successful it returns 1 and sets \fB*pr\fR to the value of \fBa\fR. If it fails +(due to invalid type or the value being too big to fit into an \fBint64_t\fR type) +it returns 0. +.PP +\&\fBASN1_INTEGER_get_uint64()\fR is similar to \fBASN1_INTEGER_get_int64_t()\fR except it +converts to a \fBuint64_t\fR type and an error is returned if the passed integer +is negative. +.PP +\&\fBASN1_INTEGER_get()\fR also returns the value of \fBa\fR but it returns 0 if \fBa\fR is +\&\s-1NULL\s0 and \-1 on error (which is ambiguous because \-1 is a legitimate value for +an \fB\s-1ASN1_INTEGER\s0\fR). New applications should use \fBASN1_INTEGER_get_int64()\fR +instead. +.PP +\&\fBASN1_INTEGER_set_int64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the +\&\fBint64_t\fR value \fBr\fR. +.PP +\&\fBASN1_INTEGER_set_uint64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the +\&\fBuint64_t\fR value \fBr\fR. +.PP +\&\fBASN1_INTEGER_set()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the \fBlong\fR value +\&\fBv\fR. +.PP +\&\fBBN_to_ASN1_INTEGER()\fR converts \fB\s-1BIGNUM\s0\fR \fBbn\fR to an \fB\s-1ASN1_INTEGER\s0\fR. If \fBai\fR +is \s-1NULL\s0 a new \fB\s-1ASN1_INTEGER\s0\fR structure is returned. If \fBai\fR is not \s-1NULL\s0 then +the existing structure will be used instead. +.PP +\&\fBASN1_INTEGER_to_BN()\fR converts \s-1ASN1_INTEGER\s0 \fBai\fR into a \fB\s-1BIGNUM\s0\fR. If \fBbn\fR is +\&\s-1NULL\s0 a new \fB\s-1BIGNUM\s0\fR structure is returned. If \fBbn\fR is not \s-1NULL\s0 then the +existing structure will be used instead. +.PP +\&\fBASN1_ENUMERATED_get_int64()\fR, \fBASN1_ENUMERATED_set_int64()\fR, +\&\fBASN1_ENUMERATED_set()\fR, \fBBN_to_ASN1_ENUMERATED()\fR and \fBASN1_ENUMERATED_to_BN()\fR +behave in an identical way to their \s-1ASN1_INTEGER\s0 counterparts except they +operate on an \fB\s-1ASN1_ENUMERATED\s0\fR value. +.PP +\&\fBASN1_ENUMERATED_get()\fR returns the value of \fBa\fR in a similar way to +\&\fBASN1_INTEGER_get()\fR but it returns \fB0xffffffffL\fR if the value of \fBa\fR will not +fit in a long type. New applications should use \fBASN1_ENUMERATED_get_int64()\fR +instead. +.SH "NOTES" +.IX Header "NOTES" +In general an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1ASN1_ENUMERATED\s0\fR type can contain an +integer of almost arbitrary size and so cannot always be represented by a C +\&\fBint64_t\fR type. However in many cases (for example version numbers) they +represent small integers which can be more easily manipulated if converted to +an appropriate C integer type. +.SH "BUGS" +.IX Header "BUGS" +The ambiguous return values of \fBASN1_INTEGER_get()\fR and \fBASN1_ENUMERATED_get()\fR +mean these functions should be avoided if possible. They are retained for +compatibility. Normally the ambiguous return values are not legitimate +values for the fields they represent. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_INTEGER_set_int64()\fR, \fBASN1_INTEGER_set()\fR, \fBASN1_ENUMERATED_set_int64()\fR and +\&\fBASN1_ENUMERATED_set()\fR return 1 for success and 0 for failure. They will only +fail if a memory allocation error occurs. +.PP +\&\fBASN1_INTEGER_get_int64()\fR and \fBASN1_ENUMERATED_get_int64()\fR return 1 for success +and 0 for failure. They will fail if the passed type is incorrect (this will +only happen if there is a programming error) or if the value exceeds the range +of an \fBint64_t\fR type. +.PP +\&\fBBN_to_ASN1_INTEGER()\fR and \fBBN_to_ASN1_ENUMERATED()\fR return an \fB\s-1ASN1_INTEGER\s0\fR or +\&\fB\s-1ASN1_ENUMERATED\s0\fR structure respectively or \s-1NULL\s0 if an error occurs. They will +only fail due to a memory allocation error. +.PP +\&\fBASN1_INTEGER_to_BN()\fR and \fBASN1_ENUMERATED_to_BN()\fR return a \fB\s-1BIGNUM\s0\fR structure +of \s-1NULL\s0 if an error occurs. They can fail if the passed type is incorrect +(due to programming error) or due to a memory allocation failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBASN1_INTEGER_set_int64()\fR, \fBASN1_INTEGER_get_int64()\fR, +\&\fBASN1_ENUMERATED_set_int64()\fR and \fBASN1_ENUMERATED_get_int64()\fR +were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ASN1_ITEM_lookup.3 b/deps/openssl/mingw64/share/man/man3/ASN1_ITEM_lookup.3 new file mode 100644 index 00000000..26d5d713 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ASN1_ITEM_lookup.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_ITEM_LOOKUP 3" +.TH ASN1_ITEM_LOOKUP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_ITEM_lookup, ASN1_ITEM_get \- lookup ASN.1 structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); +\& const ASN1_ITEM *ASN1_ITEM_get(size_t i); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBASN1_ITEM_lookup()\fR returns the \fB\s-1ASN1_ITEM\s0 name\fR. +.PP +\&\fBASN1_ITEM_get()\fR returns the \fB\s-1ASN1_ITEM\s0\fR with index \fBi\fR. This function +returns \fB\s-1NULL\s0\fR if the index \fBi\fR is out of range. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_ITEM_lookup()\fR and \fBASN1_ITEM_get()\fR return a valid \fB\s-1ASN1_ITEM\s0\fR structure +or \fB\s-1NULL\s0\fR if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ASN1_OBJECT_new.3 b/deps/openssl/mingw64/share/man/man3/ASN1_OBJECT_new.3 new file mode 100644 index 00000000..bb047dcd --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ASN1_OBJECT_new.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_OBJECT_NEW 3" +.TH ASN1_OBJECT_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_OBJECT_new, ASN1_OBJECT_free \- object allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OBJECT *ASN1_OBJECT_new(void); +\& void ASN1_OBJECT_free(ASN1_OBJECT *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an +\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 +.PP +\&\fBASN1_OBJECT_new()\fR allocates and initializes an \s-1ASN1_OBJECT\s0 structure. +.PP +\&\fBASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR. +If \fBa\fR is \s-1NULL,\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +Although \fBASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it +is almost never used in applications. The \s-1ASN1\s0 object utility functions +such as \fBOBJ_nid2obj()\fR are used instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fBASN1_OBJECT_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBd2i_ASN1_OBJECT\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ASN1_STRING_TABLE_add.3 b/deps/openssl/mingw64/share/man/man3/ASN1_STRING_TABLE_add.3 new file mode 100644 index 00000000..0cc94413 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ASN1_STRING_TABLE_add.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_TABLE_ADD 3" +.TH ASN1_STRING_TABLE_ADD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, ASN1_STRING_TABLE_cleanup \- ASN1_STRING_TABLE manipulation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct asn1_string_table_st ASN1_STRING_TABLE; +\& +\& int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, +\& unsigned long mask, unsigned long flags); +\& ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid); +\& void ASN1_STRING_TABLE_cleanup(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1ASN1_STRING_TABLE\s0\fR is a table which holds string information +(basically minimum size, maximum size, type and etc) for a \s-1NID\s0 object. +.SS "Functions" +.IX Subsection "Functions" +\&\fBASN1_STRING_TABLE_add()\fR adds a new \fB\s-1ASN1_STRING_TABLE\s0\fR item into the +local \s-1ASN1\s0 string table based on the \fBnid\fR along with other parameters. +.PP +If the item is already in the table, fields of \fB\s-1ASN1_STRING_TABLE\s0\fR are +updated (depending on the values of those parameters, e.g., \fBminsize\fR +and \fBmaxsize\fR >= 0, \fBmask\fR and \fBflags\fR != 0). If the \fBnid\fR is standard, +a copy of the standard \fB\s-1ASN1_STRING_TABLE\s0\fR is created and updated with +other parameters. +.PP +\&\fBASN1_STRING_TABLE_get()\fR searches for an \fB\s-1ASN1_STRING_TABLE\s0\fR item based +on \fBnid\fR. It will search the local table first, then the standard one. +.PP +\&\fBASN1_STRING_TABLE_cleanup()\fR frees all \fB\s-1ASN1_STRING_TABLE\s0\fR items added +by \fBASN1_STRING_TABLE_add()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_STRING_TABLE_add()\fR returns 1 on success, 0 if an error occurred. +.PP +\&\fBASN1_STRING_TABLE_get()\fR returns a valid \fB\s-1ASN1_STRING_TABLE\s0\fR structure +or \fB\s-1NULL\s0\fR if nothing is found. +.PP +\&\fBASN1_STRING_TABLE_cleanup()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ASN1_STRING_length.3 b/deps/openssl/mingw64/share/man/man3/ASN1_STRING_length.3 new file mode 100644 index 00000000..8144eae1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ASN1_STRING_length.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_LENGTH 3" +.TH ASN1_STRING_LENGTH 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data, ASN1_STRING_to_UTF8 \- ASN1_STRING utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_STRING_length(ASN1_STRING *x); +\& const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x); +\& unsigned char * ASN1_STRING_data(ASN1_STRING *x); +\& +\& ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); +\& +\& int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); +\& +\& int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +\& +\& int ASN1_STRING_type(const ASN1_STRING *x); +\& +\& int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated. +.PP +\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR. +.PP +\&\fBASN1_STRING_get0_data()\fR returns an internal pointer to the data of \fBx\fR. +Since this is an internal pointer it should \fBnot\fR be freed or +modified in any way. +.PP +\&\fBASN1_STRING_data()\fR is similar to \fBASN1_STRING_get0_data()\fR except the +returned value is not constant. This function is deprecated: +applications should use \fBASN1_STRING_get0_data()\fR instead. +.PP +\&\fBASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR. +.PP +\&\fBASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two +are identical. The string types and content are compared. +.PP +\&\fBASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer +\&\fBdata\fR or length \fBlen\fR. The supplied data is copied. If \fBlen\fR +is \-1 then the length is determined by strlen(data). +.PP +\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants +such as \fBV_ASN1_OCTET_STRING\fR. +.PP +\&\fBASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the +converted data is allocated in a buffer in \fB*out\fR. The length of +\&\fBout\fR is returned or a negative error code. The buffer \fB*out\fR +should be freed using \fBOPENSSL_free()\fR. +.SH "NOTES" +.IX Header "NOTES" +Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR +structure. Other types such as \fB\s-1ASN1_OCTET_STRING\s0\fR are simply typedef'ed +to \fB\s-1ASN1_STRING\s0\fR and the functions call the \fB\s-1ASN1_STRING\s0\fR equivalents. +\&\fB\s-1ASN1_STRING\s0\fR is also used for some \fB\s-1CHOICE\s0\fR types which consist +entirely of primitive string types such as \fBDirectoryString\fR and +\&\fBTime\fR. +.PP +These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGER\s0\fR +or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR +utility functions should be used instead. +.PP +In general it cannot be assumed that the data returned by \fBASN1_STRING_data()\fR +is null terminated or does not contain embedded nulls. The actual format +of the data will depend on the actual string type itself: for example +for an IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per +character in big endian format, and for an UTF8String it will be in \s-1UTF8\s0 format. +.PP +Similar care should be take to ensure the data is in the correct format +when calling \fBASN1_STRING_set()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR. +.PP +\&\fBASN1_STRING_get0_data()\fR and \fBASN1_STRING_data()\fR return an internal pointer to +the data of \fBx\fR. +.PP +\&\fBASN1_STRING_dup()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if an +error occurred. +.PP +\&\fBASN1_STRING_cmp()\fR returns an integer greater than, equal to, or less than 0, +according to whether \fBa\fR is greater than, equal to, or less than \fBb\fR. +.PP +\&\fBASN1_STRING_set()\fR returns 1 on success or 0 on error. +.PP +\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR. +.PP +\&\fBASN1_STRING_to_UTF8()\fR returns the number of bytes in output string \fBout\fR or a +negative value if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ASN1_STRING_new.3 b/deps/openssl/mingw64/share/man/man3/ASN1_STRING_new.3 new file mode 100644 index 00000000..67f58a9d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ASN1_STRING_new.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_NEW 3" +.TH ASN1_STRING_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- ASN1_STRING allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_STRING * ASN1_STRING_new(void); +\& ASN1_STRING * ASN1_STRING_type_new(int type); +\& void ASN1_STRING_free(ASN1_STRING *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type +is undefined. +.PP +\&\fBASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of +type \fBtype\fR. +.PP +\&\fBASN1_STRING_free()\fR frees up \fBa\fR. +If \fBa\fR is \s-1NULL\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example +\&\fBASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_STRING_new()\fR and \fBASN1_STRING_type_new()\fR return a valid +\&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBASN1_STRING_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ASN1_STRING_print_ex.3 b/deps/openssl/mingw64/share/man/man3/ASN1_STRING_print_ex.3 new file mode 100644 index 00000000..d02ee537 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ASN1_STRING_print_ex.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_PRINT_EX 3" +.TH ASN1_STRING_PRINT_EX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print \&\- ASN1_STRING output routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print(BIO *out, const ASN1_STRING *str); +\& +\& const char *ASN1_tag2str(int tag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to +represent all the \s-1ASN1\s0 string types. +.PP +\&\fBASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by +the options \fBflags\fR. \fBASN1_STRING_print_ex_fp()\fR is identical except it outputs +to \fBfp\fR instead. +.PP +\&\fBASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to +\&\fBASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0) +with '.'. +.PP +\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fBASN1_STRING_print()\fR is a deprecated function which should be avoided; use +\&\fBASN1_STRING_print_ex()\fR instead. +.PP +Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is +suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253 &\s0 ~ASN1_STRFLGS_ESC_MSB\fR. +.PP +The complete set of supported options for \fBflags\fR is listed below. +.PP +Various characters can be escaped. If \fB\s-1ASN1_STRFLGS_ESC_2253\s0\fR is set the characters +determined by \s-1RFC2253\s0 are escaped. If \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0\fR is set control +characters are escaped. If \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR is set characters with the +\&\s-1MSB\s0 set are escaped: this option should \fBnot\fR be used if the terminal correctly +interprets \s-1UTF8\s0 sequences. +.PP +Escaping takes several forms. +.PP +If the character being escaped is a 16 bit character then the form \*(L"\eUXXXX\*(R" is used +using exactly four characters for the hex representation. If it is 32 bits then +\&\*(L"\eWXXXXXXXX\*(R" is used using eight characters of its hex representation. These forms +will only be used if \s-1UTF8\s0 conversion is not set (see below). +.PP +Printable characters are normally escaped using the backslash '\e' character. If +\&\fB\s-1ASN1_STRFLGS_ESC_QUOTE\s0\fR is set then the whole string is instead surrounded by +double quote characters: this is arguably more readable than the backslash +notation. Other characters use the \*(L"\eXX\*(R" using exactly two characters of the hex +representation. +.PP +If \fB\s-1ASN1_STRFLGS_UTF8_CONVERT\s0\fR is set then characters are converted to \s-1UTF8\s0 +format first. If the terminal supports the display of \s-1UTF8\s0 sequences then this +option will correctly display multi byte characters. +.PP +If \fB\s-1ASN1_STRFLGS_IGNORE_TYPE\s0\fR is set then the string type is not interpreted at +all: everything is assumed to be one byte per character. This is primarily for +debugging purposes and can result in confusing output in multi character strings. +.PP +If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out +before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fBASN1_tag2str()\fR. +.PP +The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just +outputs the value of the string using the form #XXXX using hex format for each +octet. +.PP +If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped. +.PP +Normally non character string types (such as \s-1OCTET STRING\s0) are assumed to be +one byte per character, if \fB\s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0\fR is set then they will +be dumped instead. +.PP +When a type is dumped normally just the content octets are printed, if +\&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped +instead (including tag and length octets). +.PP +\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253.\s0 It is +equivalent to: + \s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | + \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_STRING_print_ex()\fR and \fBASN1_STRING_print_ex_fp()\fR return the number of +characters written or \-1 if an error occurred. +.PP +\&\fBASN1_STRING_print()\fR returns 1 on success or 0 on error. +.PP +\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBASN1_tag2str\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ASN1_TIME_set.3 b/deps/openssl/mingw64/share/man/man3/ASN1_TIME_set.3 new file mode 100644 index 00000000..ef59456f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ASN1_TIME_set.3 @@ -0,0 +1,380 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_TIME_SET 3" +.TH ASN1_TIME_SET 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, ASN1_TIME_adj, ASN1_UTCTIME_adj, ASN1_GENERALIZEDTIME_adj, ASN1_TIME_check, ASN1_UTCTIME_check, ASN1_GENERALIZEDTIME_check, ASN1_TIME_set_string, ASN1_UTCTIME_set_string, ASN1_GENERALIZEDTIME_set_string, ASN1_TIME_set_string_X509, ASN1_TIME_normalize, ASN1_TIME_to_tm, ASN1_TIME_print, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, ASN1_TIME_diff, ASN1_TIME_cmp_time_t, ASN1_UTCTIME_cmp_time_t, ASN1_TIME_compare, ASN1_TIME_to_generalizedtime \- ASN.1 Time functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +\& ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +\& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, +\& time_t t); +\& +\& ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, +\& long offset_sec); +\& ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, +\& int offset_day, long offset_sec); +\& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, +\& time_t t, int offset_day, +\& long offset_sec); +\& +\& int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +\& int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); +\& int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +\& int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, +\& const char *str); +\& +\& int ASN1_TIME_normalize(ASN1_TIME *s); +\& +\& int ASN1_TIME_check(const ASN1_TIME *t); +\& int ASN1_UTCTIME_check(const ASN1_UTCTIME *t); +\& int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *t); +\& +\& int ASN1_TIME_print(BIO *b, const ASN1_TIME *s); +\& int ASN1_UTCTIME_print(BIO *b, const ASN1_UTCTIME *s); +\& int ASN1_GENERALIZEDTIME_print(BIO *b, const ASN1_GENERALIZEDTIME *s); +\& +\& int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +\& int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, +\& const ASN1_TIME *to); +\& +\& int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); +\& int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); +\& +\& int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); +\& +\& ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, +\& ASN1_GENERALIZEDTIME **out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR and \fBASN1_GENERALIZEDTIME_set()\fR +functions set the structure \fBs\fR to the time represented by the time_t +value \fBt\fR. If \fBs\fR is \s-1NULL\s0 a new time structure is allocated and returned. +.PP +The \fBASN1_TIME_adj()\fR, \fBASN1_UTCTIME_adj()\fR and \fBASN1_GENERALIZEDTIME_adj()\fR +functions set the time structure \fBs\fR to the time represented +by the time \fBoffset_day\fR and \fBoffset_sec\fR after the time_t value \fBt\fR. +The values of \fBoffset_day\fR or \fBoffset_sec\fR can be negative to set a +time before \fBt\fR. The \fBoffset_sec\fR value can also exceed the number of +seconds in a day. If \fBs\fR is \s-1NULL\s0 a new structure is allocated +and returned. +.PP +The \fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR and +\&\fBASN1_GENERALIZEDTIME_set_string()\fR functions set the time structure \fBs\fR +to the time represented by string \fBstr\fR which must be in appropriate \s-1ASN.1\s0 +time format (for example \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0). If \fBs\fR is \s-1NULL\s0 +this function performs a format check on \fBstr\fR only. The string \fBstr\fR +is copied into \fBs\fR. +.PP +\&\fBASN1_TIME_set_string_X509()\fR sets \s-1ASN1_TIME\s0 structure \fBs\fR to the time +represented by string \fBstr\fR which must be in appropriate time format +that \s-1RFC 5280\s0 requires, which means it only allows \s-1YYMMDDHHMMSSZ\s0 and +\&\s-1YYYYMMDDHHMMSSZ\s0 (leap second is rejected), all other \s-1ASN.1\s0 time format +are not allowed. If \fBs\fR is \s-1NULL\s0 this function performs a format check +on \fBstr\fR only. +.PP +The \fBASN1_TIME_normalize()\fR function converts an \s-1ASN1_GENERALIZEDTIME\s0 or +\&\s-1ASN1_UTCTIME\s0 into a time value that can be used in a certificate. It +should be used after the \fBASN1_TIME_set_string()\fR functions and before +\&\fBASN1_TIME_print()\fR functions to get consistent (i.e. \s-1GMT\s0) results. +.PP +The \fBASN1_TIME_check()\fR, \fBASN1_UTCTIME_check()\fR and \fBASN1_GENERALIZEDTIME_check()\fR +functions check the syntax of the time structure \fBs\fR. +.PP +The \fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR +functions print the time structure \fBs\fR to \s-1BIO\s0 \fBb\fR in human readable +format. It will be of the format \s-1MMM DD HH:MM:SS YYYY\s0 [\s-1GMT\s0], for example +\&\*(L"Feb 3 00:55:52 2015 \s-1GMT\*(R"\s0 it does not include a newline. If the time +structure has invalid format it prints out \*(L"Bad time value\*(R" and returns +an error. The output for generalized time may include a fractional part +following the second. +.PP +\&\fBASN1_TIME_to_tm()\fR converts the time \fBs\fR to the standard \fBtm\fR structure. +If \fBs\fR is \s-1NULL,\s0 then the current time is converted. The output time is \s-1GMT.\s0 +The \fBtm_sec\fR, \fBtm_min\fR, \fBtm_hour\fR, \fBtm_mday\fR, \fBtm_wday\fR, \fBtm_yday\fR, +\&\fBtm_mon\fR and \fBtm_year\fR fields of \fBtm\fR structure are set to proper values, +whereas all other fields are set to 0. If \fBtm\fR is \s-1NULL\s0 this function performs +a format check on \fBs\fR only. If \fBs\fR is in Generalized format with fractional +seconds, e.g. \s-1YYYYMMDDHHMMSS.SSSZ,\s0 the fractional seconds will be lost while +converting \fBs\fR to \fBtm\fR structure. +.PP +\&\fBASN1_TIME_diff()\fR sets \fB*pday\fR and \fB*psec\fR to the time difference between +\&\fBfrom\fR and \fBto\fR. If \fBto\fR represents a time later than \fBfrom\fR then +one or both (depending on the time difference) of \fB*pday\fR and \fB*psec\fR +will be positive. If \fBto\fR represents a time earlier than \fBfrom\fR then +one or both of \fB*pday\fR and \fB*psec\fR will be negative. If \fBto\fR and \fBfrom\fR +represent the same time then \fB*pday\fR and \fB*psec\fR will both be zero. +If both \fB*pday\fR and \fB*psec\fR are non-zero they will always have the same +sign. The value of \fB*psec\fR will always be less than the number of seconds +in a day. If \fBfrom\fR or \fBto\fR is \s-1NULL\s0 the current time is used. +.PP +The \fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR functions compare +the two times represented by the time structure \fBs\fR and the time_t \fBt\fR. +.PP +The \fBASN1_TIME_compare()\fR function compares the two times represented by the +time structures \fBa\fR and \fBb\fR. +.PP +The \fBASN1_TIME_to_generalizedtime()\fR function converts an \s-1ASN1_TIME\s0 to an +\&\s-1ASN1_GENERALIZEDTIME,\s0 regardless of year. If either \fBout\fR or +\&\fB*out\fR are \s-1NULL,\s0 then a new object is allocated and must be freed after use. +.SH "NOTES" +.IX Header "NOTES" +The \s-1ASN1_TIME\s0 structure corresponds to the \s-1ASN.1\s0 structure \fBTime\fR +defined in \s-1RFC5280\s0 et al. The time setting functions obey the rules outlined +in \s-1RFC5280:\s0 if the date can be represented by UTCTime it is used, else +GeneralizedTime is used. +.PP +The \s-1ASN1_TIME, ASN1_UTCTIME\s0 and \s-1ASN1_GENERALIZEDTIME\s0 structures are represented +as an \s-1ASN1_STRING\s0 internally and can be freed up using \fBASN1_STRING_free()\fR. +.PP +The \s-1ASN1_TIME\s0 structure can represent years from 0000 to 9999 but no attempt +is made to correct ancient calendar changes (for example from Julian to +Gregorian calendars). +.PP +\&\s-1ASN1_UTCTIME\s0 is limited to a year range of 1950 through 2049. +.PP +Some applications add offset times directly to a time_t value and pass the +results to \fBASN1_TIME_set()\fR (or equivalent). This can cause problems as the +time_t value can overflow on some systems resulting in unexpected results. +New applications should use \fBASN1_TIME_adj()\fR instead and pass the offset value +in the \fBoffset_sec\fR and \fBoffset_day\fR parameters instead of directly +manipulating a time_t value. +.PP +\&\fBASN1_TIME_adj()\fR may change the type from \s-1ASN1_GENERALIZEDTIME\s0 to \s-1ASN1_UTCTIME,\s0 +or vice versa, based on the resulting year. The \fBASN1_GENERALIZEDTIME_adj()\fR and +\&\fBASN1_UTCTIME_adj()\fR functions will not modify the type of the return structure. +.PP +It is recommended that functions starting with \s-1ASN1_TIME\s0 be used instead of +those starting with \s-1ASN1_UTCTIME\s0 or \s-1ASN1_GENERALIZEDTIME.\s0 The functions +starting with \s-1ASN1_UTCTIME\s0 and \s-1ASN1_GENERALIZEDTIME\s0 act only on that specific +time format. The functions starting with \s-1ASN1_TIME\s0 will operate on either +format. +.SH "BUGS" +.IX Header "BUGS" +\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR +do not print out the time zone: it either prints out \*(L"\s-1GMT\*(R"\s0 or nothing. But all +certificates complying with \s-1RFC5280\s0 et al use \s-1GMT\s0 anyway. +.PP +Use the \fBASN1_TIME_normalize()\fR function to normalize the time value before +printing to get \s-1GMT\s0 results. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR, \fBASN1_GENERALIZEDTIME_set()\fR, \fBASN1_TIME_adj()\fR, +ASN1_UTCTIME_adj and ASN1_GENERALIZEDTIME_set return a pointer to a time structure +or \s-1NULL\s0 if an error occurred. +.PP +\&\fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR, \fBASN1_GENERALIZEDTIME_set_string()\fR +\&\fBASN1_TIME_set_string_X509()\fR return 1 if the time value is successfully set and 0 otherwise. +.PP +\&\fBASN1_TIME_normalize()\fR returns 1 on success, and 0 on error. +.PP +\&\fBASN1_TIME_check()\fR, ASN1_UTCTIME_check and \fBASN1_GENERALIZEDTIME_check()\fR return 1 +if the structure is syntactically correct and 0 otherwise. +.PP +\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR return 1 +if the time is successfully printed out and 0 if an error occurred (I/O error or +invalid time format). +.PP +\&\fBASN1_TIME_to_tm()\fR returns 1 if the time is successfully parsed and 0 if an +error occurred (invalid time format). +.PP +\&\fBASN1_TIME_diff()\fR returns 1 for success and 0 for failure. It can fail if the +passed-in time structure has invalid syntax, for example. +.PP +\&\fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR return \-1 if \fBs\fR is +before \fBt\fR, 0 if \fBs\fR equals \fBt\fR, or 1 if \fBs\fR is after \fBt\fR. \-2 is returned +on error. +.PP +\&\fBASN1_TIME_compare()\fR returns \-1 if \fBa\fR is before \fBb\fR, 0 if \fBa\fR equals \fBb\fR, or 1 if \fBa\fR is after \fBb\fR. \-2 is returned on error. +.PP +\&\fBASN1_TIME_to_generalizedtime()\fR returns a pointer to +the appropriate time structure on success or \s-1NULL\s0 if an error occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set a time structure to one hour after the current time and print it out: +.PP +.Vb 2 +\& #include +\& #include +\& +\& ASN1_TIME *tm; +\& time_t t; +\& BIO *b; +\& +\& t = time(NULL); +\& tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60); +\& b = BIO_new_fp(stdout, BIO_NOCLOSE); +\& ASN1_TIME_print(b, tm); +\& ASN1_STRING_free(tm); +\& BIO_free(b); +.Ve +.PP +Determine if one time is later or sooner than the current time: +.PP +.Vb 1 +\& int day, sec; +\& +\& if (!ASN1_TIME_diff(&day, &sec, NULL, to)) +\& /* Invalid time format */ +\& +\& if (day > 0 || sec > 0) +\& printf("Later\en"); +\& else if (day < 0 || sec < 0) +\& printf("Sooner\en"); +\& else +\& printf("Same\en"); +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +The \fBASN1_TIME_to_tm()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_set_string_X509()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_normalize()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_cmp_time_t()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_compare()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ASN1_TYPE_get.3 b/deps/openssl/mingw64/share/man/man3/ASN1_TYPE_get.3 new file mode 100644 index 00000000..7e4d4f53 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ASN1_TYPE_get.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_TYPE_GET 3" +.TH ASN1_TYPE_GET 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_sequence, ASN1_TYPE_pack_sequence \- ASN1_TYPE utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_TYPE_get(const ASN1_TYPE *a); +\& void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +\& int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +\& int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); +\& +\& void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); +\& ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, +\& ASN1_TYPE **t); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \s-1ASN1_TYPE\s0 structure to be manipulated. The +\&\s-1ASN1_TYPE\s0 structure can contain any \s-1ASN.1\s0 type or constructed type +such as a \s-1SEQUENCE:\s0 it is effectively equivalent to the \s-1ASN.1 ANY\s0 type. +.PP +\&\fBASN1_TYPE_get()\fR returns the type of \fBa\fR. +.PP +\&\fBASN1_TYPE_set()\fR sets the value of \fBa\fR to \fBtype\fR and \fBvalue\fR. This +function uses the pointer \fBvalue\fR internally so it must \fBnot\fR be freed +up after the call. +.PP +\&\fBASN1_TYPE_set1()\fR sets the value of \fBa\fR to \fBtype\fR a copy of \fBvalue\fR. +.PP +\&\fBASN1_TYPE_cmp()\fR compares \s-1ASN.1\s0 types \fBa\fR and \fBb\fR and returns 0 if +they are identical and non-zero otherwise. +.PP +\&\fBASN1_TYPE_unpack_sequence()\fR attempts to parse the \s-1SEQUENCE\s0 present in +\&\fBt\fR using the \s-1ASN.1\s0 structure \fBit\fR. If successful it returns a pointer +to the \s-1ASN.1\s0 structure corresponding to \fBit\fR which must be freed by the +caller. If it fails it return \s-1NULL.\s0 +.PP +\&\fBASN1_TYPE_pack_sequence()\fR attempts to encode the \s-1ASN.1\s0 structure \fBs\fR +corresponding to \fBit\fR into an \s-1ASN1_TYPE.\s0 If successful the encoded +\&\s-1ASN1_TYPE\s0 is returned. If \fBt\fR and \fB*t\fR are not \s-1NULL\s0 the encoded type +is written to \fBt\fR overwriting any existing data. If \fBt\fR is not \s-1NULL\s0 +but \fB*t\fR is \s-1NULL\s0 the returned \s-1ASN1_TYPE\s0 is written to \fB*t\fR. +.SH "NOTES" +.IX Header "NOTES" +The type and meaning of the \fBvalue\fR parameter for \fBASN1_TYPE_set()\fR and +\&\fBASN1_TYPE_set1()\fR is determined by the \fBtype\fR parameter. +If \fBtype\fR is V_ASN1_NULL \fBvalue\fR is ignored. If \fBtype\fR is V_ASN1_BOOLEAN +then the boolean is set to \s-1TRUE\s0 if \fBvalue\fR is not \s-1NULL.\s0 If \fBtype\fR is +V_ASN1_OBJECT then value is an \s-1ASN1_OBJECT\s0 structure. Otherwise \fBtype\fR +is and \s-1ASN1_STRING\s0 structure. If \fBtype\fR corresponds to a primitive type +(or a string type) then the contents of the \s-1ASN1_STRING\s0 contain the content +octets of the type. If \fBtype\fR corresponds to a constructed type or +a tagged type (V_ASN1_SEQUENCE, V_ASN1_SET or V_ASN1_OTHER) then the +\&\s-1ASN1_STRING\s0 contains the entire \s-1ASN.1\s0 encoding verbatim (including tag and +length octets). +.PP +\&\fBASN1_TYPE_cmp()\fR may not return zero if two types are equivalent but have +different encodings. For example the single content octet of the boolean \s-1TRUE\s0 +value under \s-1BER\s0 can have any non-zero encoding but \fBASN1_TYPE_cmp()\fR will +only return zero if the values are the same. +.PP +If either or both of the parameters passed to \fBASN1_TYPE_cmp()\fR is \s-1NULL\s0 the +return value is non-zero. Technically if both parameters are \s-1NULL\s0 the two +types could be absent \s-1OPTIONAL\s0 fields and so should match, however passing +\&\s-1NULL\s0 values could also indicate a programming error (for example an +unparsable type which returns \s-1NULL\s0) for types which do \fBnot\fR match. So +applications should handle the case of two absent values separately. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_TYPE_get()\fR returns the type of the \s-1ASN1_TYPE\s0 argument. +.PP +\&\fBASN1_TYPE_set()\fR does not return a value. +.PP +\&\fBASN1_TYPE_set1()\fR returns 1 for success and 0 for failure. +.PP +\&\fBASN1_TYPE_cmp()\fR returns 0 if the types are identical and non-zero otherwise. +.PP +\&\fBASN1_TYPE_unpack_sequence()\fR returns a pointer to an \s-1ASN.1\s0 structure or +\&\s-1NULL\s0 on failure. +.PP +\&\fBASN1_TYPE_pack_sequence()\fR return an \s-1ASN1_TYPE\s0 structure if it succeeds or +\&\s-1NULL\s0 on failure. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ASN1_generate_nconf.3 b/deps/openssl/mingw64/share/man/man3/ASN1_generate_nconf.3 new file mode 100644 index 00000000..6151bdf1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ASN1_generate_nconf.3 @@ -0,0 +1,381 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_GENERATE_NCONF 3" +.TH ASN1_GENERATE_NCONF 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_generate_nconf, ASN1_generate_v3 \- ASN1 generation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +\& ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions generate the \s-1ASN1\s0 encoding of a string +in an \fB\s-1ASN1_TYPE\s0\fR structure. +.PP +\&\fBstr\fR contains the string to encode \fBnconf\fR or \fBcnf\fR contains +the optional configuration information where additional strings +will be read from. \fBnconf\fR will typically come from a config +file whereas \fBcnf\fR is obtained from an \fBX509V3_CTX\fR structure +which will typically be used by X509 v3 certificate extension +functions. \fBcnf\fR or \fBnconf\fR can be set to \fB\s-1NULL\s0\fR if no additional +configuration will be used. +.SH "GENERATION STRING FORMAT" +.IX Header "GENERATION STRING FORMAT" +The actual data encoded is determined by the string \fBstr\fR and +the configuration information. The general format of the string +is: +.IP "\fB[modifier,]type[:value]\fR" 4 +.IX Item "[modifier,]type[:value]" +.PP +That is zero or more comma separated modifiers followed by a type +followed by an optional colon and a value. The formats of \fBtype\fR, +\&\fBvalue\fR and \fBmodifier\fR are explained below. +.SS "Supported Types" +.IX Subsection "Supported Types" +The supported types are listed below. Unless otherwise specified +only the \fB\s-1ASCII\s0\fR format is permissible. +.IP "\fB\s-1BOOLEAN\s0\fR, \fB\s-1BOOL\s0\fR" 4 +.IX Item "BOOLEAN, BOOL" +This encodes a boolean type. The \fBvalue\fR string is mandatory and +should be \fB\s-1TRUE\s0\fR or \fB\s-1FALSE\s0\fR. Additionally \fB\s-1TRUE\s0\fR, \fBtrue\fR, \fBY\fR, +\&\fBy\fR, \fB\s-1YES\s0\fR, \fByes\fR, \fB\s-1FALSE\s0\fR, \fBfalse\fR, \fBN\fR, \fBn\fR, \fB\s-1NO\s0\fR and \fBno\fR +are acceptable. +.IP "\fB\s-1NULL\s0\fR" 4 +.IX Item "NULL" +Encode the \fB\s-1NULL\s0\fR type, the \fBvalue\fR string must not be present. +.IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 4 +.IX Item "INTEGER, INT" +Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents +the value of the integer, it can be prefaced by a minus sign and +is normally interpreted as a decimal value unless the prefix \fB0x\fR +is included. +.IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 4 +.IX Item "ENUMERATED, ENUM" +Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to +\&\fB\s-1INTEGER\s0\fR. +.IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 4 +.IX Item "OBJECT, OID" +Encodes an \s-1ASN1\s0 \fB\s-1OBJECT IDENTIFIER\s0\fR, the \fBvalue\fR string can be +a short name, a long name or numerical format. +.IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 4 +.IX Item "UTCTIME, UTC" +Encodes an \s-1ASN1\s0 \fBUTCTime\fR structure, the value should be in +the format \fB\s-1YYMMDDHHMMSSZ\s0\fR. +.IP "\fB\s-1GENERALIZEDTIME\s0\fR, \fB\s-1GENTIME\s0\fR" 4 +.IX Item "GENERALIZEDTIME, GENTIME" +Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in +the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR. +.IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 4 +.IX Item "OCTETSTRING, OCT" +Encodes an \s-1ASN1\s0 \fB\s-1OCTET STRING\s0\fR. \fBvalue\fR represents the contents +of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be +used to specify the format of \fBvalue\fR. +.IP "\fB\s-1BITSTRING\s0\fR, \fB\s-1BITSTR\s0\fR" 4 +.IX Item "BITSTRING, BITSTR" +Encodes an \s-1ASN1\s0 \fB\s-1BIT STRING\s0\fR. \fBvalue\fR represents the contents +of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR +can be used to specify the format of \fBvalue\fR. +.Sp +If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused +bits is set to zero. +.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR, \fB\s-1NUMERICSTRING\s0\fR, \fB\s-1NUMERIC\s0\fR" 4 +.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC" +These encode the corresponding string types. \fBvalue\fR represents the +contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR. +.IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 4 +.IX Item "SEQUENCE, SEQ, SET" +Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR +should be a section name which will contain the contents. The +field names in the section are ignored and the values are in the +generated string format. If \fBvalue\fR is absent then an empty \s-1SEQUENCE\s0 +will be encoded. +.SS "Modifiers" +.IX Subsection "Modifiers" +Modifiers affect the following structure, they can be used to +add \s-1EXPLICIT\s0 or \s-1IMPLICIT\s0 tagging, add wrappers or to change +the string format of the final type and value. The supported +formats are documented below. +.IP "\fB\s-1EXPLICIT\s0\fR, \fB\s-1EXP\s0\fR" 4 +.IX Item "EXPLICIT, EXP" +Add an explicit tag to the following structure. This string +should be followed by a colon and the tag value to use as a +decimal value. +.Sp +By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL, +APPLICATION, PRIVATE\s0 or \s-1CONTEXT SPECIFIC\s0 tagging can be used, +the default is \s-1CONTEXT SPECIFIC.\s0 +.IP "\fB\s-1IMPLICIT\s0\fR, \fB\s-1IMP\s0\fR" 4 +.IX Item "IMPLICIT, IMP" +This is the same as \fB\s-1EXPLICIT\s0\fR except \s-1IMPLICIT\s0 tagging is used +instead. +.IP "\fB\s-1OCTWRAP\s0\fR, \fB\s-1SEQWRAP\s0\fR, \fB\s-1SETWRAP\s0\fR, \fB\s-1BITWRAP\s0\fR" 4 +.IX Item "OCTWRAP, SEQWRAP, SETWRAP, BITWRAP" +The following structure is surrounded by an \s-1OCTET STRING,\s0 a \s-1SEQUENCE,\s0 +a \s-1SET\s0 or a \s-1BIT STRING\s0 respectively. For a \s-1BIT STRING\s0 the number of unused +bits is set to zero. +.IP "\fB\s-1FORMAT\s0\fR" 4 +.IX Item "FORMAT" +This specifies the format of the ultimate value. It should be followed +by a colon and one of the strings \fB\s-1ASCII\s0\fR, \fB\s-1UTF8\s0\fR, \fB\s-1HEX\s0\fR or \fB\s-1BITLIST\s0\fR. +.Sp +If no format specifier is included then \fB\s-1ASCII\s0\fR is used. If \fB\s-1UTF8\s0\fR is +specified then the value string must be a valid \fB\s-1UTF8\s0\fR string. For \fB\s-1HEX\s0\fR the +output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT +STRING\s0) is a comma separated list of the indices of the set bits, all other +bits are zero. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_generate_nconf()\fR and \fBASN1_generate_v3()\fR return the encoded +data as an \fB\s-1ASN1_TYPE\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +The error codes that can be obtained by \fBERR_get_error\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +A simple IA5String: +.PP +.Vb 1 +\& IA5STRING:Hello World +.Ve +.PP +An IA5String explicitly tagged: +.PP +.Vb 1 +\& EXPLICIT:0,IA5STRING:Hello World +.Ve +.PP +An IA5String explicitly tagged using \s-1APPLICATION\s0 tagging: +.PP +.Vb 1 +\& EXPLICIT:0A,IA5STRING:Hello World +.Ve +.PP +A \s-1BITSTRING\s0 with bits 1 and 5 set and all others zero: +.PP +.Vb 1 +\& FORMAT:BITLIST,BITSTRING:1,5 +.Ve +.PP +A more complex example using a config file to produce a +\&\s-1SEQUENCE\s0 consisting of a \s-1BOOL\s0 an \s-1OID\s0 and a UTF8String: +.PP +.Vb 1 +\& asn1 = SEQUENCE:seq_section +\& +\& [seq_section] +\& +\& field1 = BOOLEAN:TRUE +\& field2 = OID:commonName +\& field3 = UTF8:Third field +.Ve +.PP +This example produces an RSAPrivateKey structure, this is the +key contained in the file client.pem in all OpenSSL distributions +(note: the field names such as 'coeff' are ignored and are present just +for clarity): +.PP +.Vb 3 +\& asn1=SEQUENCE:private_key +\& [private_key] +\& version=INTEGER:0 +\& +\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e +\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 +\& +\& e=INTEGER:0x010001 +\& +\& d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\e +\& F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D +\& +\& p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\e +\& D4BD57 +\& +\& q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\e +\& 46EC4F +\& +\& exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\e +\& 9C0A39B9 +\& +\& exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\e +\& E7B2458F +\& +\& coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\e +\& 628657053A +.Ve +.PP +This example is the corresponding public key in a SubjectPublicKeyInfo +structure: +.PP +.Vb 2 +\& # Start with a SEQUENCE +\& asn1=SEQUENCE:pubkeyinfo +\& +\& # pubkeyinfo contains an algorithm identifier and the public key wrapped +\& # in a BIT STRING +\& [pubkeyinfo] +\& algorithm=SEQUENCE:rsa_alg +\& pubkey=BITWRAP,SEQUENCE:rsapubkey +\& +\& # algorithm ID for RSA is just an OID and a NULL +\& [rsa_alg] +\& algorithm=OID:rsaEncryption +\& parameter=NULL +\& +\& # Actual public key: modulus and exponent +\& [rsapubkey] +\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e +\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 +\& +\& e=INTEGER:0x010001 +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ASYNC_WAIT_CTX_new.3 b/deps/openssl/mingw64/share/man/man3/ASYNC_WAIT_CTX_new.3 new file mode 100644 index 00000000..dde3e6af --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ASYNC_WAIT_CTX_new.3 @@ -0,0 +1,270 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASYNC_WAIT_CTX_NEW 3" +.TH ASYNC_WAIT_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd \- functions to manage waiting for asynchronous jobs to complete +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); +\& void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); +\& int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, +\& OSSL_ASYNC_FD fd, +\& void *custom_data, +\& void (*cleanup)(ASYNC_WAIT_CTX *, const void *, +\& OSSL_ASYNC_FD, void *)); +\& int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, +\& OSSL_ASYNC_FD *fd, void **custom_data); +\& int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, +\& size_t *numfds); +\& int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, +\& size_t *numaddfds, OSSL_ASYNC_FD *delfd, +\& size_t *numdelfds); +\& int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +For an overview of how asynchronous operations are implemented in OpenSSL see +\&\fBASYNC_start_job\fR\|(3). An \s-1ASYNC_WAIT_CTX\s0 object represents an asynchronous +\&\*(L"session\*(R", i.e. a related set of crypto operations. For example in \s-1SSL\s0 terms +this would have a one-to-one correspondence with an \s-1SSL\s0 connection. +.PP +Application code must create an \s-1ASYNC_WAIT_CTX\s0 using the \fBASYNC_WAIT_CTX_new()\fR +function prior to calling \fBASYNC_start_job()\fR (see \fBASYNC_start_job\fR\|(3)). When +the job is started it is associated with the \s-1ASYNC_WAIT_CTX\s0 for the duration of +that job. An \s-1ASYNC_WAIT_CTX\s0 should only be used for one \s-1ASYNC_JOB\s0 at any one +time, but can be reused after an \s-1ASYNC_JOB\s0 has finished for a subsequent +\&\s-1ASYNC_JOB.\s0 When the session is complete (e.g. the \s-1SSL\s0 connection is closed), +application code cleans up with \fBASYNC_WAIT_CTX_free()\fR. +.PP +ASYNC_WAIT_CTXs can have \*(L"wait\*(R" file descriptors associated with them. Calling +\&\fBASYNC_WAIT_CTX_get_all_fds()\fR and passing in a pointer to an \s-1ASYNC_WAIT_CTX\s0 in +the \fBctx\fR parameter will return the wait file descriptors associated with that +job in \fB*fd\fR. The number of file descriptors returned will be stored in +\&\fB*numfds\fR. It is the caller's responsibility to ensure that sufficient memory +has been allocated in \fB*fd\fR to receive all the file descriptors. Calling +\&\fBASYNC_WAIT_CTX_get_all_fds()\fR with a \s-1NULL\s0 \fBfd\fR value will return no file +descriptors but will still populate \fB*numfds\fR. Therefore application code is +typically expected to call this function twice: once to get the number of fds, +and then again when sufficient memory has been allocated. If only one +asynchronous engine is being used then normally this call will only ever return +one fd. If multiple asynchronous engines are being used then more could be +returned. +.PP +The function \fBASYNC_WAIT_CTX_get_changed_fds()\fR can be used to detect if any fds +have changed since the last call time \fBASYNC_start_job()\fR returned an \s-1ASYNC_PAUSE\s0 +result (or since the \s-1ASYNC_WAIT_CTX\s0 was created if no \s-1ASYNC_PAUSE\s0 result has +been received). The \fBnumaddfds\fR and \fBnumdelfds\fR parameters will be populated +with the number of fds added or deleted respectively. \fB*addfd\fR and \fB*delfd\fR +will be populated with the list of added and deleted fds respectively. Similarly +to \fBASYNC_WAIT_CTX_get_all_fds()\fR either of these can be \s-1NULL,\s0 but if they are not +\&\s-1NULL\s0 then the caller is responsible for ensuring sufficient memory is allocated. +.PP +Implementors of async aware code (e.g. engines) are encouraged to return a +stable fd for the lifetime of the \s-1ASYNC_WAIT_CTX\s0 in order to reduce the \*(L"churn\*(R" +of regularly changing fds \- although no guarantees of this are provided to +applications. +.PP +Applications can wait for the file descriptor to be ready for \*(L"read\*(R" using a +system function call such as select or poll (being ready for \*(L"read\*(R" indicates +that the job should be resumed). If no file descriptor is made available then an +application will have to periodically \*(L"poll\*(R" the job by attempting to restart it +to see if it is ready to continue. +.PP +Async aware code (e.g. engines) can get the current \s-1ASYNC_WAIT_CTX\s0 from the job +via \fBASYNC_get_wait_ctx\fR\|(3) and provide a file descriptor to use for waiting +on by calling \fBASYNC_WAIT_CTX_set_wait_fd()\fR. Typically this would be done by an +engine immediately prior to calling \fBASYNC_pause_job()\fR and not by end user code. +An existing association with a file descriptor can be obtained using +\&\fBASYNC_WAIT_CTX_get_fd()\fR and cleared using \fBASYNC_WAIT_CTX_clear_fd()\fR. Both of +these functions requires a \fBkey\fR value which is unique to the async aware +code. This could be any unique value but a good candidate might be the +\&\fB\s-1ENGINE\s0 *\fR for the engine. The \fBcustom_data\fR parameter can be any value, and +will be returned in a subsequent call to \fBASYNC_WAIT_CTX_get_fd()\fR. The +\&\fBASYNC_WAIT_CTX_set_wait_fd()\fR function also expects a pointer to a \*(L"cleanup\*(R" +routine. This can be \s-1NULL\s0 but if provided will automatically get called when +the \s-1ASYNC_WAIT_CTX\s0 is freed, and gives the engine the opportunity to close the +fd or any other resources. Note: The \*(L"cleanup\*(R" routine does not get called if +the fd is cleared directly via a call to \fBASYNC_WAIT_CTX_clear_fd()\fR. +.PP +An example of typical usage might be an async capable engine. User code would +initiate cryptographic operations. The engine would initiate those operations +asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd()\fR followed by +\&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then +perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other +similar function on the wait file descriptor. The engine can signal to the user +code that the job should be resumed by making the wait file descriptor +\&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait +file descriptor. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASYNC_WAIT_CTX_new()\fR returns a pointer to the newly allocated \s-1ASYNC_WAIT_CTX\s0 or +\&\s-1NULL\s0 on error. +.PP +ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, +ASYNC_WAIT_CTX_get_changed_fds and ASYNC_WAIT_CTX_clear_fd all return 1 on +success or 0 on error. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBASYNC_start_job\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBASYNC_WAIT_CTX_new()\fR, \fBASYNC_WAIT_CTX_free()\fR, \fBASYNC_WAIT_CTX_set_wait_fd()\fR, +\&\fBASYNC_WAIT_CTX_get_fd()\fR, \fBASYNC_WAIT_CTX_get_all_fds()\fR, +\&\fBASYNC_WAIT_CTX_get_changed_fds()\fR and \fBASYNC_WAIT_CTX_clear_fd()\fR +were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ASYNC_start_job.3 b/deps/openssl/mingw64/share/man/man3/ASYNC_start_job.3 new file mode 100644 index 00000000..3fc57943 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ASYNC_start_job.3 @@ -0,0 +1,453 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASYNC_START_JOB 3" +.TH ASYNC_START_JOB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASYNC_get_wait_ctx, ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable \&\- asynchronous job management functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASYNC_init_thread(size_t max_size, size_t init_size); +\& void ASYNC_cleanup_thread(void); +\& +\& int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, +\& int (*func)(void *), void *args, size_t size); +\& int ASYNC_pause_job(void); +\& +\& ASYNC_JOB *ASYNC_get_current_job(void); +\& ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); +\& void ASYNC_block_pause(void); +\& void ASYNC_unblock_pause(void); +\& +\& int ASYNC_is_capable(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL implements asynchronous capabilities through an \s-1ASYNC_JOB.\s0 This +represents code that can be started and executes until some event occurs. At +that point the code can be paused and control returns to user code until some +subsequent event indicates that the job can be resumed. +.PP +The creation of an \s-1ASYNC_JOB\s0 is a relatively expensive operation. Therefore, for +efficiency reasons, jobs can be created up front and reused many times. They are +held in a pool until they are needed, at which point they are removed from the +pool, used, and then returned to the pool when the job completes. If the user +application is multi-threaded, then \fBASYNC_init_thread()\fR may be called for each +thread that will initiate asynchronous jobs. Before +user code exits per-thread resources need to be cleaned up. This will normally +occur automatically (see \fBOPENSSL_init_crypto\fR\|(3)) but may be explicitly +initiated by using \fBASYNC_cleanup_thread()\fR. No asynchronous jobs must be +outstanding for the thread when \fBASYNC_cleanup_thread()\fR is called. Failing to +ensure this will result in memory leaks. +.PP +The \fBmax_size\fR argument limits the number of ASYNC_JOBs that will be held in +the pool. If \fBmax_size\fR is set to 0 then no upper limit is set. When an +\&\s-1ASYNC_JOB\s0 is needed but there are none available in the pool already then one +will be automatically created, as long as the total of ASYNC_JOBs managed by the +pool does not exceed \fBmax_size\fR. When the pool is first initialised +\&\fBinit_size\fR ASYNC_JOBs will be created immediately. If \fBASYNC_init_thread()\fR is +not called before the pool is first used then it will be called automatically +with a \fBmax_size\fR of 0 (no upper limit) and an \fBinit_size\fR of 0 (no ASYNC_JOBs +created up front). +.PP +An asynchronous job is started by calling the \fBASYNC_start_job()\fR function. +Initially \fB*job\fR should be \s-1NULL.\s0 \fBctx\fR should point to an \s-1ASYNC_WAIT_CTX\s0 +object created through the \fBASYNC_WAIT_CTX_new\fR\|(3) function. \fBret\fR should +point to a location where the return value of the asynchronous function should +be stored on completion of the job. \fBfunc\fR represents the function that should +be started asynchronously. The data pointed to by \fBargs\fR and of size \fBsize\fR +will be copied and then passed as an argument to \fBfunc\fR when the job starts. +ASYNC_start_job will return one of the following values: +.IP "\fB\s-1ASYNC_ERR\s0\fR" 4 +.IX Item "ASYNC_ERR" +An error occurred trying to start the job. Check the OpenSSL error queue (e.g. +see \fBERR_print_errors\fR\|(3)) for more details. +.IP "\fB\s-1ASYNC_NO_JOBS\s0\fR" 4 +.IX Item "ASYNC_NO_JOBS" +There are no jobs currently available in the pool. This call can be retried +again at a later time. +.IP "\fB\s-1ASYNC_PAUSE\s0\fR" 4 +.IX Item "ASYNC_PAUSE" +The job was successfully started but was \*(L"paused\*(R" before it completed (see +\&\fBASYNC_pause_job()\fR below). A handle to the job is placed in \fB*job\fR. Other work +can be performed (if desired) and the job restarted at a later time. To restart +a job call \fBASYNC_start_job()\fR again passing the job handle in \fB*job\fR. The +\&\fBfunc\fR, \fBargs\fR and \fBsize\fR parameters will be ignored when restarting a job. +When restarting a job \fBASYNC_start_job()\fR \fBmust\fR be called from the same thread +that the job was originally started from. +.IP "\fB\s-1ASYNC_FINISH\s0\fR" 4 +.IX Item "ASYNC_FINISH" +The job completed. \fB*job\fR will be \s-1NULL\s0 and the return value from \fBfunc\fR will +be placed in \fB*ret\fR. +.PP +At any one time there can be a maximum of one job actively running per thread +(you can have many that are paused). \fBASYNC_get_current_job()\fR can be used to get +a pointer to the currently executing \s-1ASYNC_JOB.\s0 If no job is currently executing +then this will return \s-1NULL.\s0 +.PP +If executing within the context of a job (i.e. having been called directly or +indirectly by the function \*(L"func\*(R" passed as an argument to \fBASYNC_start_job()\fR) +then \fBASYNC_pause_job()\fR will immediately return control to the calling +application with \s-1ASYNC_PAUSE\s0 returned from the \fBASYNC_start_job()\fR call. A +subsequent call to ASYNC_start_job passing in the relevant \s-1ASYNC_JOB\s0 in the +\&\fB*job\fR parameter will resume execution from the \fBASYNC_pause_job()\fR call. If +\&\fBASYNC_pause_job()\fR is called whilst not within the context of a job then no +action is taken and \fBASYNC_pause_job()\fR returns immediately. +.PP +\&\fBASYNC_get_wait_ctx()\fR can be used to get a pointer to the \s-1ASYNC_WAIT_CTX\s0 +for the \fBjob\fR. ASYNC_WAIT_CTXs can have a \*(L"wait\*(R" file descriptor associated +with them. Applications can wait for the file descriptor to be ready for \*(L"read\*(R" +using a system function call such as select or poll (being ready for \*(L"read\*(R" +indicates that the job should be resumed). If no file descriptor is made +available then an application will have to periodically \*(L"poll\*(R" the job by +attempting to restart it to see if it is ready to continue. +.PP +An example of typical usage might be an async capable engine. User code would +initiate cryptographic operations. The engine would initiate those operations +asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd\fR\|(3) followed by +\&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then +perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other +similar function on the wait file descriptor. The engine can signal to the user +code that the job should be resumed by making the wait file descriptor +\&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait +file descriptor. +.PP +The \fBASYNC_block_pause()\fR function will prevent the currently active job from +pausing. The block will remain in place until a subsequent call to +\&\fBASYNC_unblock_pause()\fR. These functions can be nested, e.g. if you call +\&\fBASYNC_block_pause()\fR twice then you must call \fBASYNC_unblock_pause()\fR twice in +order to re-enable pausing. If these functions are called while there is no +currently active job then they have no effect. This functionality can be useful +to avoid deadlock scenarios. For example during the execution of an \s-1ASYNC_JOB\s0 an +application acquires a lock. It then calls some cryptographic function which +invokes \fBASYNC_pause_job()\fR. This returns control back to the code that created +the \s-1ASYNC_JOB.\s0 If that code then attempts to acquire the same lock before +resuming the original job then a deadlock can occur. By calling +\&\fBASYNC_block_pause()\fR immediately after acquiring the lock and +\&\fBASYNC_unblock_pause()\fR immediately before releasing it then this situation cannot +occur. +.PP +Some platforms cannot support async operations. The \fBASYNC_is_capable()\fR function +can be used to detect whether the current platform is async capable or not. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +ASYNC_init_thread returns 1 on success or 0 otherwise. +.PP +ASYNC_start_job returns one of \s-1ASYNC_ERR, ASYNC_NO_JOBS, ASYNC_PAUSE\s0 or +\&\s-1ASYNC_FINISH\s0 as described above. +.PP +ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when +not within the context of an \s-1ASYNC_JOB\s0 then this is counted as success so 1 is +returned. +.PP +ASYNC_get_current_job returns a pointer to the currently executing \s-1ASYNC_JOB\s0 or +\&\s-1NULL\s0 if not within the context of a job. +.PP +\&\fBASYNC_get_wait_ctx()\fR returns a pointer to the \s-1ASYNC_WAIT_CTX\s0 for the job. +.PP +\&\fBASYNC_is_capable()\fR returns 1 if the current platform is async capable or 0 +otherwise. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example demonstrates how to use most of the core async APIs: +.PP +.Vb 7 +\& #ifdef _WIN32 +\& # include +\& #endif +\& #include +\& #include +\& #include +\& #include +\& +\& int unique = 0; +\& +\& void cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD r, void *vw) +\& { +\& OSSL_ASYNC_FD *w = (OSSL_ASYNC_FD *)vw; +\& +\& close(r); +\& close(*w); +\& OPENSSL_free(w); +\& } +\& +\& int jobfunc(void *arg) +\& { +\& ASYNC_JOB *currjob; +\& unsigned char *msg; +\& int pipefds[2] = {0, 0}; +\& OSSL_ASYNC_FD *wptr; +\& char buf = \*(AqX\*(Aq; +\& +\& currjob = ASYNC_get_current_job(); +\& if (currjob != NULL) { +\& printf("Executing within a job\en"); +\& } else { +\& printf("Not executing within a job \- should not happen\en"); +\& return 0; +\& } +\& +\& msg = (unsigned char *)arg; +\& printf("Passed in message is: %s\en", msg); +\& +\& if (pipe(pipefds) != 0) { +\& printf("Failed to create pipe\en"); +\& return 0; +\& } +\& wptr = OPENSSL_malloc(sizeof(OSSL_ASYNC_FD)); +\& if (wptr == NULL) { +\& printf("Failed to malloc\en"); +\& return 0; +\& } +\& *wptr = pipefds[1]; +\& ASYNC_WAIT_CTX_set_wait_fd(ASYNC_get_wait_ctx(currjob), &unique, +\& pipefds[0], wptr, cleanup); +\& +\& /* +\& * Normally some external event would cause this to happen at some +\& * later point \- but we do it here for demo purposes, i.e. +\& * immediately signalling that the job is ready to be woken up after +\& * we return to main via ASYNC_pause_job(). +\& */ +\& write(pipefds[1], &buf, 1); +\& +\& /* Return control back to main */ +\& ASYNC_pause_job(); +\& +\& /* Clear the wake signal */ +\& read(pipefds[0], &buf, 1); +\& +\& printf ("Resumed the job after a pause\en"); +\& +\& return 1; +\& } +\& +\& int main(void) +\& { +\& ASYNC_JOB *job = NULL; +\& ASYNC_WAIT_CTX *ctx = NULL; +\& int ret; +\& OSSL_ASYNC_FD waitfd; +\& fd_set waitfdset; +\& size_t numfds; +\& unsigned char msg[13] = "Hello world!"; +\& +\& printf("Starting...\en"); +\& +\& ctx = ASYNC_WAIT_CTX_new(); +\& if (ctx == NULL) { +\& printf("Failed to create ASYNC_WAIT_CTX\en"); +\& abort(); +\& } +\& +\& for (;;) { +\& switch (ASYNC_start_job(&job, ctx, &ret, jobfunc, msg, sizeof(msg))) { +\& case ASYNC_ERR: +\& case ASYNC_NO_JOBS: +\& printf("An error occurred\en"); +\& goto end; +\& case ASYNC_PAUSE: +\& printf("Job was paused\en"); +\& break; +\& case ASYNC_FINISH: +\& printf("Job finished with return value %d\en", ret); +\& goto end; +\& } +\& +\& /* Wait for the job to be woken */ +\& printf("Waiting for the job to be woken up\en"); +\& +\& if (!ASYNC_WAIT_CTX_get_all_fds(ctx, NULL, &numfds) +\& || numfds > 1) { +\& printf("Unexpected number of fds\en"); +\& abort(); +\& } +\& ASYNC_WAIT_CTX_get_all_fds(ctx, &waitfd, &numfds); +\& FD_ZERO(&waitfdset); +\& FD_SET(waitfd, &waitfdset); +\& select(waitfd + 1, &waitfdset, NULL, NULL, NULL); +\& } +\& +\& end: +\& ASYNC_WAIT_CTX_free(ctx); +\& printf("Finishing\en"); +\& +\& return 0; +\& } +.Ve +.PP +The expected output from executing the above example program is: +.PP +.Vb 8 +\& Starting... +\& Executing within a job +\& Passed in message is: Hello world! +\& Job was paused +\& Waiting for the job to be woken up +\& Resumed the job after a pause +\& Job finished with return value 1 +\& Finishing +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBERR_print_errors\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +ASYNC_init_thread, ASYNC_cleanup_thread, +ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, \fBASYNC_get_wait_ctx()\fR, +\&\fBASYNC_block_pause()\fR, \fBASYNC_unblock_pause()\fR and \fBASYNC_is_capable()\fR were first +added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BF_encrypt.3 b/deps/openssl/mingw64/share/man/man3/BF_encrypt.3 new file mode 100644 index 00000000..19fbc380 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BF_encrypt.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BF_ENCRYPT 3" +.TH BF_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options \- Blowfish encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BF_set_key(BF_KEY *key, int len, const unsigned char *data); +\& +\& void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, +\& BF_KEY *key, int enc); +\& void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, +\& unsigned char *ivec, int enc); +\& void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, +\& unsigned char *ivec, int *num, int enc); +\& void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, +\& unsigned char *ivec, int *num); +\& const char *BF_options(void); +\& +\& void BF_encrypt(BF_LONG *data, const BF_KEY *key); +\& void BF_decrypt(BF_LONG *data, const BF_KEY *key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements the Blowfish cipher, which was invented and described +by Counterpane (see http://www.counterpane.com/blowfish.html ). +.PP +Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. +It uses a variable size key, but typically, 128 bit (16 byte) keys are +considered good for strong encryption. Blowfish can be used in the same +modes as \s-1DES\s0 (see \fBdes_modes\fR\|(7)). Blowfish is currently one +of the faster block ciphers. It is quite a bit faster than \s-1DES,\s0 and much +faster than \s-1IDEA\s0 or \s-1RC2.\s0 +.PP +Blowfish consists of a key setup phase and the actual encryption or decryption +phase. +.PP +\&\fBBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key +at \fBdata\fR. +.PP +\&\fBBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function. +It encrypts or decrypts the first 64 bits of \fBin\fR using the key \fBkey\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) +or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. The vector pointed at by +\&\fBin\fR and \fBout\fR must be 64 bits in length, no less. If they are larger, +everything after the first 64 bits is ignored. +.PP +The mode functions \fBBF_cbc_encrypt()\fR, \fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR +all operate on variable length data. They all take an initialization vector +\&\fBivec\fR which needs to be passed along into the next call of the same function +for the same message. \fBivec\fR may be initialized with anything, but the +recipient needs to know what it was initialized with, or it won't be able +to decrypt. Some programs and protocols simplify this, like \s-1SSH,\s0 where +\&\fBivec\fR is simply initialized to zero. +\&\fBBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while +\&\fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR are used to encrypt an variable +number of bytes (the amount does not have to be an exact multiple of 8). The +purpose of the latter two is to simulate stream ciphers, and therefore, they +need the parameter \fBnum\fR, which is a pointer to an integer where the current +offset in \fBivec\fR is stored between calls. This integer must be initialized +to zero when \fBivec\fR is initialized. +.PP +\&\fBBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish. It +encrypts or decrypts the 64 bits chunks of \fBin\fR using the key \fBschedule\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\s-1BF_ENCRYPT\s0) or +decryption (\s-1BF_DECRYPT\s0) shall be performed. \fBivec\fR must point at an 8 byte +long initialization vector. +.PP +\&\fBBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback. +It encrypts or decrypts the bytes in \fBin\fR using the key \fBschedule\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) +or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. \fBivec\fR must point at an +8 byte long initialization vector. \fBnum\fR must point at an integer which must +be initially zero. +.PP +\&\fBBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback. +It uses the same parameters as \fBBF_cfb64_encrypt()\fR, which must be initialized +the same way. +.PP +\&\fBBF_encrypt()\fR and \fBBF_decrypt()\fR are the lowest level functions for Blowfish +encryption. They encrypt/decrypt the first 64 bits of the vector pointed by +\&\fBdata\fR, using the key \fBkey\fR. These functions should not be used unless you +implement 'modes' of Blowfish. The alternative is to use \fBBF_ecb_encrypt()\fR. +If you still want to use these functions, you should be aware that they take +each 32\-bit chunk in host-byte order, which is little-endian on little-endian +platforms and big-endian on big-endian ones. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions presented here return any value. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these +functions directly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBdes_modes\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_ADDR.3 b/deps/openssl/mingw64/share/man/man3/BIO_ADDR.3 new file mode 100644 index 00000000..900b8066 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_ADDR.3 @@ -0,0 +1,253 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_ADDR 3" +.TH BIO_ADDR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_ADDR, BIO_ADDR_new, BIO_ADDR_clear, BIO_ADDR_free, BIO_ADDR_rawmake, BIO_ADDR_family, BIO_ADDR_rawaddress, BIO_ADDR_rawport, BIO_ADDR_hostname_string, BIO_ADDR_service_string, BIO_ADDR_path_string \- BIO_ADDR routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& typedef union bio_addr_st BIO_ADDR; +\& +\& BIO_ADDR *BIO_ADDR_new(void); +\& void BIO_ADDR_free(BIO_ADDR *); +\& void BIO_ADDR_clear(BIO_ADDR *ap); +\& int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, +\& const void *where, size_t wherelen, unsigned short port); +\& int BIO_ADDR_family(const BIO_ADDR *ap); +\& int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); +\& unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); +\& char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); +\& char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); +\& char *BIO_ADDR_path_string(const BIO_ADDR *ap); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1BIO_ADDR\s0\fR type is a wrapper around all types of socket +addresses that OpenSSL deals with, currently transparently +supporting \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX\s0 according to what's +available on the platform at hand. +.PP +\&\fBBIO_ADDR_new()\fR creates a new unfilled \fB\s-1BIO_ADDR\s0\fR, to be used +with routines that will fill it with information, such as +\&\fBBIO_accept_ex()\fR. +.PP +\&\fBBIO_ADDR_free()\fR frees a \fB\s-1BIO_ADDR\s0\fR created with \fBBIO_ADDR_new()\fR. +.PP +\&\fBBIO_ADDR_clear()\fR clears any data held within the provided \fB\s-1BIO_ADDR\s0\fR and sets +it back to an uninitialised state. +.PP +\&\fBBIO_ADDR_rawmake()\fR takes a protocol \fBfamily\fR, an byte array of +size \fBwherelen\fR with an address in network byte order pointed at +by \fBwhere\fR and a port number in network byte order in \fBport\fR (except +for the \fB\s-1AF_UNIX\s0\fR protocol family, where \fBport\fR is meaningless and +therefore ignored) and populates the given \fB\s-1BIO_ADDR\s0\fR with them. +In case this creates a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBwherelen\fR is expected +to be the length of the path string (not including the terminating +\&\s-1NUL,\s0 such as the result of a call to \fBstrlen()\fR). +\&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR. +.PP +\&\fBBIO_ADDR_family()\fR returns the protocol family of the given +\&\fB\s-1BIO_ADDR\s0\fR. The possible non-error results are one of the +constants \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0 It will also return \s-1AF_UNSPEC\s0 if the +\&\s-1BIO_ADDR\s0 has not been initialised. +.PP +\&\fBBIO_ADDR_rawaddress()\fR will write the raw address of the given +\&\fB\s-1BIO_ADDR\s0\fR in the area pointed at by \fBp\fR if \fBp\fR is non-NULL, +and will set \fB*l\fR to be the amount of bytes the raw address +takes up if \fBl\fR is non-NULL. +A technique to only find out the size of the address is a call +with \fBp\fR set to \fB\s-1NULL\s0\fR. The raw address will be in network byte +order, most significant byte first. +In case this is a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBl\fR gets the length of the +path string (not including the terminating \s-1NUL,\s0 such as the result of +a call to \fBstrlen()\fR). +\&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR. +.PP +\&\fBBIO_ADDR_rawport()\fR returns the raw port of the given \fB\s-1BIO_ADDR\s0\fR. +The raw port will be in network byte order. +.PP +\&\fBBIO_ADDR_hostname_string()\fR returns a character string with the +hostname of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR is 1, the string +will contain the numerical form of the address. This only works for +\&\fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0 The +returned string has been allocated on the heap and must be freed +with \fBOPENSSL_free()\fR. +.PP +\&\fBBIO_ADDR_service_string()\fR returns a character string with the +service name of the port of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR +is 1, the string will contain the port number. This only works +for \fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0 The +returned string has been allocated on the heap and must be freed +with \fBOPENSSL_free()\fR. +.PP +\&\fBBIO_ADDR_path_string()\fR returns a character string with the path +of the given \fB\s-1BIO_ADDR\s0\fR. This only works for \fB\s-1BIO_ADDR\s0\fR of the +protocol family \s-1AF_UNIX.\s0 The returned string has been allocated +on the heap and must be freed with \fBOPENSSL_free()\fR. +.SH "RAW ADDRESSES" +.IX Header "RAW ADDRESSES" +Both \fBBIO_ADDR_rawmake()\fR and \fBBIO_ADDR_rawaddress()\fR take a pointer to a +network byte order address of a specific site. Internally, those are +treated as a pointer to \fBstruct in_addr\fR (for \fB\s-1AF_INET\s0\fR), \fBstruct +in6_addr\fR (for \fB\s-1AF_INET6\s0\fR) or \fBchar *\fR (for \fB\s-1AF_UNIX\s0\fR), all +depending on the protocol family the address is for. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The string producing functions \fBBIO_ADDR_hostname_string()\fR, +\&\fBBIO_ADDR_service_string()\fR and \fBBIO_ADDR_path_string()\fR will +return \fB\s-1NULL\s0\fR on error and leave an error indication on the +OpenSSL error stack. +.PP +All other functions described here return 0 or \fB\s-1NULL\s0\fR when the +information they should return isn't available. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_connect\fR\|(3), \fBBIO_s_connect\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_ADDRINFO.3 b/deps/openssl/mingw64/share/man/man3/BIO_ADDRINFO.3 new file mode 100644 index 00000000..f787744d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_ADDRINFO.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_ADDRINFO 3" +.TH BIO_ADDRINFO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_lookup_type, BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free, BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol, BIO_ADDRINFO_address, BIO_lookup_ex, BIO_lookup \&\- BIO_ADDRINFO type and routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& typedef union bio_addrinfo_st BIO_ADDRINFO; +\& +\& enum BIO_lookup_type { +\& BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER +\& }; +\& +\& int BIO_lookup_ex(const char *host, const char *service, int lookup_type, +\& int family, int socktype, int protocol, BIO_ADDRINFO **res); +\& int BIO_lookup(const char *node, const char *service, +\& enum BIO_lookup_type lookup_type, +\& int family, int socktype, BIO_ADDRINFO **res); +\& +\& const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); +\& int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); +\& int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); +\& int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); +\& const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); +\& void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1BIO_ADDRINFO\s0\fR type is a wrapper for address information +types provided on your platform. +.PP +\&\fB\s-1BIO_ADDRINFO\s0\fR normally forms a chain of several that can be +picked at one by one. +.PP +\&\fBBIO_lookup_ex()\fR looks up a specified \fBhost\fR and \fBservice\fR, and +uses \fBlookup_type\fR to determine what the default address should +be if \fBhost\fR is \fB\s-1NULL\s0\fR. \fBfamily\fR, \fBsocktype\fR and \fBprotocol\fR are used to +determine what protocol family, socket type and protocol should be used for +the lookup. \fBfamily\fR can be any of \s-1AF_INET, AF_INET6, AF_UNIX\s0 and +\&\s-1AF_UNSPEC.\s0 \fBsocktype\fR can be \s-1SOCK_STREAM, SOCK_DGRAM\s0 or 0. Specifying 0 +indicates that any type can be used. \fBprotocol\fR specifies a protocol such as +\&\s-1IPPROTO_TCP, IPPROTO_UDP\s0 or \s-1IPPORTO_SCTP.\s0 If set to 0 than any protocol can be +used. \fBres\fR points at a pointer to hold the start of a \fB\s-1BIO_ADDRINFO\s0\fR +chain. +.PP +For the family \fB\s-1AF_UNIX\s0\fR, \fBBIO_lookup_ex()\fR will ignore the \fBservice\fR +parameter and expects the \fBnode\fR parameter to hold the path to the +socket file. +.PP +\&\fBBIO_lookup()\fR does the same as \fBBIO_lookup_ex()\fR but does not provide the ability +to select based on the protocol (any protocol may be returned). +.PP +\&\fBBIO_ADDRINFO_family()\fR returns the family of the given +\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants +\&\s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0 +.PP +\&\fBBIO_ADDRINFO_socktype()\fR returns the socket type of the given +\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants +\&\s-1SOCK_STREAM\s0 and \s-1SOCK_DGRAM.\s0 +.PP +\&\fBBIO_ADDRINFO_protocol()\fR returns the protocol id of the given +\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants +\&\s-1IPPROTO_TCP\s0 and \s-1IPPROTO_UDP.\s0 +.PP +\&\fBBIO_ADDRINFO_address()\fR returns the underlying \fB\s-1BIO_ADDR\s0\fR +of the given \fB\s-1BIO_ADDRINFO\s0\fR. +.PP +\&\fBBIO_ADDRINFO_next()\fR returns the next \fB\s-1BIO_ADDRINFO\s0\fR in the chain +from the given one. +.PP +\&\fBBIO_ADDRINFO_free()\fR frees the chain of \fB\s-1BIO_ADDRINFO\s0\fR starting +with the given one. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_lookup_ex()\fR and \fBBIO_lookup()\fR return 1 on success and 0 when an error +occurred, and will leave an error indication on the OpenSSL error stack in that +case. +.PP +All other functions described here return 0 or \fB\s-1NULL\s0\fR when the +information they should return isn't available. +.SH "NOTES" +.IX Header "NOTES" +The \fBBIO_lookup_ex()\fR implementation uses the platform provided \fBgetaddrinfo()\fR +function. On Linux it is known that specifying 0 for the protocol will not +return any \s-1SCTP\s0 based addresses when calling \fBgetaddrinfo()\fR. Therefore if an \s-1SCTP\s0 +address is required then the \fBprotocol\fR parameter to \fBBIO_lookup_ex()\fR should be +explicitly set to \s-1IPPROTO_SCTP.\s0 The same may be true on other platforms. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBIO_lookup_ex()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_connect.3 b/deps/openssl/mingw64/share/man/man3/BIO_connect.3 new file mode 100644 index 00000000..860f6da6 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_connect.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_CONNECT 3" +.TH BIO_CONNECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket \- BIO socket communication setup routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_socket(int domain, int socktype, int protocol, int options); +\& int BIO_bind(int sock, const BIO_ADDR *addr, int options); +\& int BIO_connect(int sock, const BIO_ADDR *addr, int options); +\& int BIO_listen(int sock, const BIO_ADDR *addr, int options); +\& int BIO_accept_ex(int accept_sock, BIO_ADDR *peer, int options); +\& int BIO_closesocket(int sock); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_socket()\fR creates a socket in the domain \fBdomain\fR, of type +\&\fBsocktype\fR and \fBprotocol\fR. Socket \fBoptions\fR are currently unused, +but is present for future use. +.PP +\&\fBBIO_bind()\fR binds the source address and service to a socket and +may be useful before calling \fBBIO_connect()\fR. The options may include +\&\fB\s-1BIO_SOCK_REUSEADDR\s0\fR, which is described in \*(L"\s-1FLAGS\*(R"\s0 below. +.PP +\&\fBBIO_connect()\fR connects \fBsock\fR to the address and service given by +\&\fBaddr\fR. Connection \fBoptions\fR may be zero or any combination of +\&\fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR and \fB\s-1BIO_SOCK_NODELAY\s0\fR. +The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. +.PP +\&\fBBIO_listen()\fR has \fBsock\fR start listening on the address and service +given by \fBaddr\fR. Connection \fBoptions\fR may be zero or any +combination of \fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, +\&\fB\s-1BIO_SOCK_NODELAY\s0\fR, \fB\s-1BIO_SOCK_REUSEADDR\s0\fR and \fB\s-1BIO_SOCK_V6_ONLY\s0\fR. +The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. +.PP +\&\fBBIO_accept_ex()\fR waits for an incoming connections on the given +socket \fBaccept_sock\fR. When it gets a connection, the address and +port of the peer gets stored in \fBpeer\fR if that one is non-NULL. +Accept \fBoptions\fR may be zero or \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, and is applied +on the accepted socket. The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. +.PP +\&\fBBIO_closesocket()\fR closes \fBsock\fR. +.SH "FLAGS" +.IX Header "FLAGS" +.IP "\s-1BIO_SOCK_KEEPALIVE\s0" 4 +.IX Item "BIO_SOCK_KEEPALIVE" +Enables regular sending of keep-alive messages. +.IP "\s-1BIO_SOCK_NONBLOCK\s0" 4 +.IX Item "BIO_SOCK_NONBLOCK" +Sets the socket to non-blocking mode. +.IP "\s-1BIO_SOCK_NODELAY\s0" 4 +.IX Item "BIO_SOCK_NODELAY" +Corresponds to \fB\s-1TCP_NODELAY\s0\fR, and disables the Nagle algorithm. With +this set, any data will be sent as soon as possible instead of being +buffered until there's enough for the socket to send out in one go. +.IP "\s-1BIO_SOCK_REUSEADDR\s0" 4 +.IX Item "BIO_SOCK_REUSEADDR" +Try to reuse the address and port combination for a recently closed +port. +.IP "\s-1BIO_SOCK_V6_ONLY\s0" 4 +.IX Item "BIO_SOCK_V6_ONLY" +When creating an IPv6 socket, make it only listen for IPv6 addresses +and not IPv4 addresses mapped to IPv6. +.PP +These flags are bit flags, so they are to be combined with the +\&\f(CW\*(C`|\*(C'\fR operator, for example: +.PP +.Vb 1 +\& BIO_connect(sock, addr, BIO_SOCK_KEEPALIVE | BIO_SOCK_NONBLOCK); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_socket()\fR returns the socket number on success or \fB\s-1INVALID_SOCKET\s0\fR +(\-1) on error. When an error has occurred, the OpenSSL error stack +will hold the error data and errno has the system error. +.PP +\&\fBBIO_bind()\fR, \fBBIO_connect()\fR and \fBBIO_listen()\fR return 1 on success or 0 on error. +When an error has occurred, the OpenSSL error stack will hold the error +data and errno has the system error. +.PP +\&\fBBIO_accept_ex()\fR returns the accepted socket on success or +\&\fB\s-1INVALID_SOCKET\s0\fR (\-1) on error. When an error has occurred, the +OpenSSL error stack will hold the error data and errno has the system +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBBIO_ADDR\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBIO_gethostname()\fR, \fBBIO_get_port()\fR, \fBBIO_get_host_ip()\fR, +\&\fBBIO_get_accept_socket()\fR and \fBBIO_accept()\fR were deprecated in OpenSSL 1.1.0. +Use the functions described above instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_ctrl.3 b/deps/openssl/mingw64/share/man/man3/BIO_ctrl.3 new file mode 100644 index 00000000..5a641f8d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_ctrl.3 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_CTRL 3" +.TH BIO_CTRL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb \&\- BIO control operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int BIO_info_cb(BIO *b, int state, int res); +\& +\& long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +\& long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb); +\& char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +\& long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +\& +\& int BIO_reset(BIO *b); +\& int BIO_seek(BIO *b, int ofs); +\& int BIO_tell(BIO *b); +\& int BIO_flush(BIO *b); +\& int BIO_eof(BIO *b); +\& int BIO_set_close(BIO *b, long flag); +\& int BIO_get_close(BIO *b); +\& int BIO_pending(BIO *b); +\& int BIO_wpending(BIO *b); +\& size_t BIO_ctrl_pending(BIO *b); +\& size_t BIO_ctrl_wpending(BIO *b); +\& +\& int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp); +\& int BIO_set_info_callback(BIO *b, BIO_info_cb *cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_ctrl()\fR, \fBBIO_callback_ctrl()\fR, \fBBIO_ptr_ctrl()\fR and \fBBIO_int_ctrl()\fR +are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types. +These functions are not normally called directly, various macros +are used instead. The standard macros are described below, macros +specific to a particular type of \s-1BIO\s0 are described in the specific +BIOs manual page as well as any special features of the standard +calls. +.PP +\&\fBBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case +of file related BIOs for example it rewinds the file pointer to the +start of the file. +.PP +\&\fBBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and +\&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file. +.PP +\&\fBBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0 +.PP +\&\fBBIO_flush()\fR normally writes out any internally buffered data, in some +cases it is used to signal \s-1EOF\s0 and that no more data will be written. +.PP +\&\fBBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of +\&\*(L"\s-1EOF\*(R"\s0 varies according to the \s-1BIO\s0 type. +.PP +\&\fBBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can +take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 Typically \s-1BIO_CLOSE\s0 is used +in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should +be closed when the \s-1BIO\s0 is freed. +.PP +\&\fBBIO_get_close()\fR returns the BIOs close flag. +.PP +\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR +return the number of pending characters in the BIOs read and write buffers. +Not all BIOs support these calls. \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR +return a size_t type and are functions, \fBBIO_pending()\fR and \fBBIO_wpending()\fR are +macros which call \fBBIO_ctrl()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File +BIOs are an exception, they return 0 for success and \-1 for failure. +.PP +\&\fBBIO_seek()\fR and \fBBIO_tell()\fR both return the current file position on success +and \-1 for failure, except file BIOs which for \fBBIO_seek()\fR always return 0 +for success and \-1 for failure. +.PP +\&\fBBIO_flush()\fR returns 1 for success and 0 or \-1 for failure. +.PP +\&\fBBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise. +.PP +\&\fBBIO_set_close()\fR always returns 1. +.PP +\&\fBBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 +.PP +\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR +return the amount of pending data. +.SH "NOTES" +.IX Header "NOTES" +\&\fBBIO_flush()\fR, because it can write data may return 0 or \-1 indicating +that the call should be retried later in a similar manner to \fBBIO_write_ex()\fR. +The \fBBIO_should_retry()\fR call should be used and appropriate action taken +is the call fails. +.PP +The return values of \fBBIO_pending()\fR and \fBBIO_wpending()\fR may not reliably +determine the amount of pending data in all cases. For example in the +case of a file \s-1BIO\s0 some data may be available in the \s-1FILE\s0 structures +internal buffers but it is not possible to determine this in a +portably way. For other types of \s-1BIO\s0 they may not be supported. +.PP +Filter BIOs if they do not internally handle a particular \fBBIO_ctrl()\fR +operation usually pass the operation to the next \s-1BIO\s0 in the chain. +This often means there is no need to locate the required \s-1BIO\s0 for +a particular operation, it can be called on a chain and it will +be automatically passed to the relevant \s-1BIO.\s0 However this can cause +unexpected results: for example no current filter BIOs implement +\&\fBBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 +or file descriptor \s-1BIO.\s0 +.PP +Source/sink BIOs return an 0 if they do not recognize the \fBBIO_ctrl()\fR +operation. +.SH "BUGS" +.IX Header "BUGS" +Some of the return values are ambiguous and care should be taken. In +particular a return value of 0 can be returned if an operation is not +supported, if an error occurred, if \s-1EOF\s0 has not been reached and in +the case of \fBBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_f_base64.3 b/deps/openssl/mingw64/share/man/man3/BIO_f_base64.3 new file mode 100644 index 00000000..c08d55d1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_f_base64.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_BASE64 3" +.TH BIO_F_BASE64 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_base64 \- base64 BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_base64(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that base64 encodes any data written through it and decodes +any data read through it. +.PP +Base64 BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. +.PP +\&\fBBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is +used to signal that no more data is to be encoded: this is used +to flush the final block through the \s-1BIO.\s0 +.PP +The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fBBIO_set_flags()\fR +to encode the data all on one line or expect the data to be all +on one line. +.SH "NOTES" +.IX Header "NOTES" +Because of the format of base64 encoding the end of the encoded +block cannot always be reliably determined. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Base64 encode the string \*(L"Hello World\en\*(R" and write the result +to standard output: +.PP +.Vb 2 +\& BIO *bio, *b64; +\& char message[] = "Hello World \en"; +\& +\& b64 = BIO_new(BIO_f_base64()); +\& bio = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_push(b64, bio); +\& BIO_write(b64, message, strlen(message)); +\& BIO_flush(b64); +\& +\& BIO_free_all(b64); +.Ve +.PP +Read Base64 encoded data from standard input and write the decoded +data to standard output: +.PP +.Vb 3 +\& BIO *bio, *b64, *bio_out; +\& char inbuf[512]; +\& int inlen; +\& +\& b64 = BIO_new(BIO_f_base64()); +\& bio = BIO_new_fp(stdin, BIO_NOCLOSE); +\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_push(b64, bio); +\& while ((inlen = BIO_read(b64, inbuf, 512)) > 0) +\& BIO_write(bio_out, inbuf, inlen); +\& +\& BIO_flush(bio_out); +\& BIO_free_all(b64); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The ambiguity of \s-1EOF\s0 in base64 encoded data can cause additional +data following the base64 encoded block to be misinterpreted. +.PP +There should be some way of specifying a test that the \s-1BIO\s0 can perform +to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_f_buffer.3 b/deps/openssl/mingw64/share/man/man3/BIO_f_buffer.3 new file mode 100644 index 00000000..696ccb70 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_f_buffer.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_BUFFER 3" +.TH BIO_F_BUFFER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_get_buffer_num_lines, BIO_set_read_buffer_size, BIO_set_write_buffer_size, BIO_set_buffer_size, BIO_set_buffer_read_data, BIO_f_buffer \&\- buffering BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_f_buffer(void); +\& +\& long BIO_get_buffer_num_lines(BIO *b); +\& long BIO_set_read_buffer_size(BIO *b, long size); +\& long BIO_set_write_buffer_size(BIO *b, long size); +\& long BIO_set_buffer_size(BIO *b, long size); +\& long BIO_set_buffer_read_data(BIO *b, void *buf, long num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +.PP +Data written to a buffering \s-1BIO\s0 is buffered and periodically written +to the next \s-1BIO\s0 in the chain. Data read from a buffering \s-1BIO\s0 comes from +an internal buffer which is filled from the next \s-1BIO\s0 in the chain. +Both \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported. +.PP +Calling \fBBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data. +.PP +\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered. +.PP +\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR +set the read, write or both read and write buffer sizes to \fBsize\fR. The initial +buffer size is \s-1DEFAULT_BUFFER_SIZE,\s0 currently 4096. Any attempt to reduce the +buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared +when the buffer is resized. +.PP +\&\fBBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR +bytes of \fBbuf\fR. If \fBnum\fR is larger than the current buffer size the buffer +is expanded. +.SH "NOTES" +.IX Header "NOTES" +These functions, other than \fBBIO_f_buffer()\fR, are implemented as macros. +.PP +Buffering BIOs implement \fBBIO_read_ex()\fR and \fBBIO_gets()\fR by using +\&\fBBIO_read_ex()\fR operations on the next \s-1BIO\s0 in the chain and storing the +result in an internal buffer, from which bytes are given back to the +caller as appropriate for the call; a \fBBIO_gets()\fR is guaranteed to give +the caller a whole line, and \fBBIO_read_ex()\fR is guaranteed to give the +caller the number of bytes it asks for, unless there's an error or end +of communication is reached in the next \s-1BIO.\s0 By prepending a +buffering \s-1BIO\s0 to a chain it is therefore possible to provide +\&\fBBIO_gets()\fR or exact size \fBBIO_read_ex()\fR functionality if the following +BIOs do not support it. +.PP +Do not add more than one \fBBIO_f_buffer()\fR to a \s-1BIO\s0 chain. The result of +doing so will force a full read of the size of the internal buffer of +the top \fBBIO_f_buffer()\fR, which is 4 KiB at a minimum. +.PP +Data is only written to the next \s-1BIO\s0 in the chain when the write buffer fills +or when \fBBIO_flush()\fR is called. It is therefore important to call \fBBIO_flush()\fR +whenever any pending data should be written such as when removing a buffering +\&\s-1BIO\s0 using \fBBIO_pop()\fR. \fBBIO_flush()\fR may need to be retried if the ultimate +source/sink \s-1BIO\s0 is non blocking. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +.PP +\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0). +.PP +\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR +return 1 if the buffer was successfully resized or 0 for failure. +.PP +\&\fBBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if +there was an error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBbio\fR\|(7), +\&\fBBIO_reset\fR\|(3), +\&\fBBIO_flush\fR\|(3), +\&\fBBIO_pop\fR\|(3), +\&\fBBIO_ctrl\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_f_cipher.3 b/deps/openssl/mingw64/share/man/man3/BIO_f_cipher.3 new file mode 100644 index 00000000..adebf229 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_f_cipher.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_CIPHER 3" +.TH BIO_F_CIPHER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_cipher(void); +\& void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher, +\& unsigned char *key, unsigned char *iv, int enc); +\& int BIO_get_cipher_status(BIO *b) +\& int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that encrypts any data written through it, and decrypts any data +read from it. It is a \s-1BIO\s0 wrapper for the cipher routines +\&\fBEVP_CipherInit()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal()\fR. +.PP +Cipher BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. +.PP +\&\fBBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is +used to signal that no more data is to be encrypted: this is used +to flush and possibly pad the final block through the \s-1BIO.\s0 +.PP +\&\fBBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR +and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for +decryption. +.PP +When reading from an encryption \s-1BIO\s0 the final block is automatically +decrypted and checked when \s-1EOF\s0 is detected. \fBBIO_get_cipher_status()\fR +is a \fBBIO_ctrl()\fR macro which can be called to determine whether the +decryption operation was successful. +.PP +\&\fBBIO_get_cipher_ctx()\fR is a \fBBIO_ctrl()\fR macro which retrieves the internal +\&\s-1BIO\s0 cipher context. The retrieved context can be used in conjunction +with the standard cipher routines to set it up. This is useful when +\&\fBBIO_set_cipher()\fR is not flexible enough for the applications needs. +.SH "NOTES" +.IX Header "NOTES" +When encrypting \fBBIO_flush()\fR \fBmust\fR be called to flush the final block +through the \s-1BIO.\s0 If it is not then the final block will fail a subsequent +decrypt. +.PP +When decrypting an error on the final block is signaled by a zero +return value from the read operation. A successful decrypt followed +by \s-1EOF\s0 will also return zero for the final read. \fBBIO_get_cipher_status()\fR +should be called to determine if the decrypt was successful. +.PP +As always, if \fBBIO_gets()\fR or \fBBIO_puts()\fR support is needed then it can +be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. +.PP +\&\fBBIO_set_cipher()\fR does not return a value. +.PP +\&\fBBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0 +for failure. +.PP +\&\fBBIO_get_cipher_ctx()\fR currently always returns 1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_f_md.3 b/deps/openssl/mingw64/share/man/man3/BIO_f_md.3 new file mode 100644 index 00000000..c9cb4f11 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_f_md.3 @@ -0,0 +1,295 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_MD 3" +.TH BIO_F_MD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_md(void); +\& int BIO_set_md(BIO *b, EVP_MD *md); +\& int BIO_get_md(BIO *b, EVP_MD **mdp); +\& int BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that digests any data passed through it, it is a \s-1BIO\s0 wrapper +for the digest routines \fBEVP_DigestInit()\fR, \fBEVP_DigestUpdate()\fR +and \fBEVP_DigestFinal()\fR. +.PP +Any data written or read through a digest \s-1BIO\s0 using \fBBIO_read_ex()\fR and +\&\fBBIO_write_ex()\fR is digested. +.PP +\&\fBBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the +digest calculation and returns the digest value. \fBBIO_puts()\fR is +not supported. +.PP +\&\fBBIO_reset()\fR reinitialises a digest \s-1BIO.\s0 +.PP +\&\fBBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this +must be called to initialize a digest \s-1BIO\s0 before any data is +passed through it. It is a \fBBIO_ctrl()\fR macro. +.PP +\&\fBBIO_get_md()\fR places the a pointer to the digest BIOs digest method +in \fBmdp\fR, it is a \fBBIO_ctrl()\fR macro. +.PP +\&\fBBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR. +.SH "NOTES" +.IX Header "NOTES" +The context returned by \fBBIO_get_md_ctx()\fR can be used in calls +to \fBEVP_DigestFinal()\fR and also the signature routines \fBEVP_SignFinal()\fR +and \fBEVP_VerifyFinal()\fR. +.PP +The context returned by \fBBIO_get_md_ctx()\fR is an internal context +structure. Changes made to this context will affect the digest +\&\s-1BIO\s0 itself and the context pointer will become invalid when the digest +\&\s-1BIO\s0 is freed. +.PP +After the digest has been retrieved from a digest \s-1BIO\s0 it must be +reinitialized by calling \fBBIO_reset()\fR, or \fBBIO_set_md()\fR before any more +data is passed through it. +.PP +If an application needs to call \fBBIO_gets()\fR or \fBBIO_puts()\fR through +a chain containing digest BIOs then this can be done by prepending +a buffering \s-1BIO.\s0 +.PP +Calling \fBBIO_get_md_ctx()\fR will return the context and initialize the \s-1BIO\s0 +state. This allows applications to initialize the context externally +if the standard calls such as \fBBIO_set_md()\fR are not sufficiently flexible. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_md()\fR returns the digest \s-1BIO\s0 method. +.PP +\&\fBBIO_set_md()\fR, \fBBIO_get_md()\fR and \fBBIO_md_ctx()\fR return 1 for success and +0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example creates a \s-1BIO\s0 chain containing an \s-1SHA1\s0 and \s-1MD5\s0 +digest \s-1BIO\s0 and passes the string \*(L"Hello World\*(R" through it. Error +checking has been omitted for clarity. +.PP +.Vb 2 +\& BIO *bio, *mdtmp; +\& char message[] = "Hello World"; +\& +\& bio = BIO_new(BIO_s_null()); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_sha1()); +\& /* +\& * For BIO_push() we want to append the sink BIO and keep a note of +\& * the start of the chain. +\& */ +\& bio = BIO_push(mdtmp, bio); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_md5()); +\& bio = BIO_push(mdtmp, bio); +\& /* Note: mdtmp can now be discarded */ +\& BIO_write(bio, message, strlen(message)); +.Ve +.PP +The next example digests data by reading through a chain instead: +.PP +.Vb 3 +\& BIO *bio, *mdtmp; +\& char buf[1024]; +\& int rdlen; +\& +\& bio = BIO_new_file(file, "rb"); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_sha1()); +\& bio = BIO_push(mdtmp, bio); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_md5()); +\& bio = BIO_push(mdtmp, bio); +\& do { +\& rdlen = BIO_read(bio, buf, sizeof(buf)); +\& /* Might want to do something with the data here */ +\& } while (rdlen > 0); +.Ve +.PP +This next example retrieves the message digests from a \s-1BIO\s0 chain and +outputs them. This could be used with the examples above. +.PP +.Vb 4 +\& BIO *mdtmp; +\& unsigned char mdbuf[EVP_MAX_MD_SIZE]; +\& int mdlen; +\& int i; +\& +\& mdtmp = bio; /* Assume bio has previously been set up */ +\& do { +\& EVP_MD *md; +\& +\& mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD); +\& if (!mdtmp) +\& break; +\& BIO_get_md(mdtmp, &md); +\& printf("%s digest", OBJ_nid2sn(EVP_MD_type(md))); +\& mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE); +\& for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]); +\& printf("\en"); +\& mdtmp = BIO_next(mdtmp); +\& } while (mdtmp); +\& +\& BIO_free_all(bio); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The lack of support for \fBBIO_puts()\fR and the non standard behaviour of +\&\fBBIO_gets()\fR could be regarded as anomalous. It could be argued that \fBBIO_gets()\fR +and \fBBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest +the data passed through and that digests should be retrieved using a +separate \fBBIO_ctrl()\fR call. +.SH "HISTORY" +.IX Header "HISTORY" +Before OpenSSL 1.0.0., the call to \fBBIO_get_md_ctx()\fR would only work if the +\&\s-1BIO\s0 was initialized first. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_f_null.3 b/deps/openssl/mingw64/share/man/man3/BIO_f_null.3 new file mode 100644 index 00000000..177aef4a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_f_null.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_NULL 3" +.TH BIO_F_NULL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_null \- null filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_f_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0 +that does nothing. +.PP +All requests to a null filter \s-1BIO\s0 are passed through to the next \s-1BIO\s0 in +the chain: this means that a \s-1BIO\s0 chain containing a null filter \s-1BIO\s0 +behaves just as though the \s-1BIO\s0 was not there. +.SH "NOTES" +.IX Header "NOTES" +As may be apparent a null filter \s-1BIO\s0 is not particularly useful. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_f_ssl.3 b/deps/openssl/mingw64/share/man/man3/BIO_f_ssl.3 new file mode 100644 index 00000000..797b762b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_f_ssl.3 @@ -0,0 +1,435 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_SSL 3" +.TH BIO_F_SSL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_do_handshake, BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, BIO_ssl_shutdown \- SSL BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_ssl(void); +\& +\& long BIO_set_ssl(BIO *b, SSL *ssl, long c); +\& long BIO_get_ssl(BIO *b, SSL **sslp); +\& long BIO_set_ssl_mode(BIO *b, long client); +\& long BIO_set_ssl_renegotiate_bytes(BIO *b, long num); +\& long BIO_set_ssl_renegotiate_timeout(BIO *b, long seconds); +\& long BIO_get_num_renegotiates(BIO *b); +\& +\& BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +\& BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +\& BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +\& int BIO_ssl_copy_session_id(BIO *to, BIO *from); +\& void BIO_ssl_shutdown(BIO *bio); +\& +\& long BIO_do_handshake(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which +is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to +\&\s-1SSL I/O.\s0 +.PP +I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol with +the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established +then an attempt is made to establish one on the first I/O call. +.PP +If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fBBIO_push()\fR it is automatically +used as the \s-1SSL\s0 BIOs read and write BIOs. +.PP +Calling \fBBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection +by calling \fBSSL_shutdown()\fR. \fBBIO_reset()\fR is then sent to the next \s-1BIO\s0 in +the chain: this will typically disconnect the underlying transport. +The \s-1SSL BIO\s0 is then reset to the initial accept or connect state. +.PP +If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal +\&\s-1SSL\s0 structure is also freed using \fBSSL_free()\fR. +.PP +\&\fBBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using +the close flag \fBc\fR. +.PP +\&\fBBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be +manipulated using the standard \s-1SSL\s0 library functions. +.PP +\&\fBBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR +is 1 client mode is set. If \fBclient\fR is 0 server mode is set. +.PP +\&\fBBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count +to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write) +the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at +least 512 bytes. +.PP +\&\fBBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to +\&\fBseconds\fR. When the renegotiate timeout elapses the session is +automatically renegotiated. +.PP +\&\fBBIO_get_num_renegotiates()\fR returns the total number of session +renegotiations due to I/O or timeout. +.PP +\&\fBBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using +client mode if \fBclient\fR is non zero. +.PP +\&\fBBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an +\&\s-1SSL BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO.\s0 +.PP +\&\fBBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting +of a buffering \s-1BIO,\s0 an \s-1SSL BIO\s0 (using \fBctx\fR) and a connect +\&\s-1BIO.\s0 +.PP +\&\fBBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between +\&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the +\&\s-1SSL\s0 BIOs in each chain and calling \fBSSL_copy_session_id()\fR on +the internal \s-1SSL\s0 pointer. +.PP +\&\fBBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 +chain \fBbio\fR. It does this by locating the \s-1SSL BIO\s0 in the +chain and calling \fBSSL_shutdown()\fR on its internal \s-1SSL\s0 +pointer. +.PP +\&\fBBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the +supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs +to determine if the call should be retried. If an \s-1SSL\s0 connection has +already been established this call has no effect. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport +is non blocking they can still request a retry in exceptional +circumstances. Specifically this will happen if a session +renegotiation takes place during a \fBBIO_read_ex()\fR operation, one +case where this happens is when step up occurs. +.PP +The \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be +set to disable this behaviour. That is when this flag is set +an \s-1SSL BIO\s0 using a blocking transport will never request a +retry. +.PP +Since unknown \fBBIO_ctrl()\fR operations are sent through filter +BIOs the servers name and port can be set using \fBBIO_set_host()\fR +on the \s-1BIO\s0 returned by \fBBIO_new_ssl_connect()\fR without having +to locate the connect \s-1BIO\s0 first. +.PP +Applications do not have to call \fBBIO_do_handshake()\fR but may wish +to do so to separate the handshake process from other I/O +processing. +.PP +\&\fBBIO_set_ssl()\fR, \fBBIO_get_ssl()\fR, \fBBIO_set_ssl_mode()\fR, +\&\fBBIO_set_ssl_renegotiate_bytes()\fR, \fBBIO_set_ssl_renegotiate_timeout()\fR, +\&\fBBIO_get_num_renegotiates()\fR, and \fBBIO_do_handshake()\fR are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_ssl()\fR returns the \s-1SSL\s0 \fB\s-1BIO_METHOD\s0\fR structure. +.PP +\&\fBBIO_set_ssl()\fR, \fBBIO_get_ssl()\fR, \fBBIO_set_ssl_mode()\fR, \fBBIO_set_ssl_renegotiate_bytes()\fR, +\&\fBBIO_set_ssl_renegotiate_timeout()\fR and \fBBIO_get_num_renegotiates()\fR return 1 on +success or a value which is less than or equal to 0 if an error occurred. +.PP +\&\fBBIO_new_ssl()\fR, \fBBIO_new_ssl_connect()\fR and \fBBIO_new_buffer_ssl_connect()\fR return +a valid \fB\s-1BIO\s0\fR structure on success or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBBIO_ssl_copy_session_id()\fR returns 1 on success or 0 on error. +.PP +\&\fBBIO_do_handshake()\fR returns 1 if the connection was established successfully. +A zero or negative value is returned if the connection could not be established. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This \s-1SSL/TLS\s0 client example attempts to retrieve a page from an +\&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the +unencrypted example in \fBBIO_s_connect\fR\|(3). +.PP +.Vb 5 +\& BIO *sbio, *out; +\& int len; +\& char tmpbuf[1024]; +\& SSL_CTX *ctx; +\& SSL *ssl; +\& +\& /* XXX Seed the PRNG if needed. */ +\& +\& ctx = SSL_CTX_new(TLS_client_method()); +\& +\& /* XXX Set verify paths and mode here. */ +\& +\& sbio = BIO_new_ssl_connect(ctx); +\& BIO_get_ssl(sbio, &ssl); +\& if (ssl == NULL) { +\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* Don\*(Aqt want any retries */ +\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); +\& +\& /* XXX We might want to do other things with ssl here */ +\& +\& /* An empty host part means the loopback address */ +\& BIO_set_conn_hostname(sbio, ":https"); +\& +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& if (BIO_do_connect(sbio) <= 0) { +\& fprintf(stderr, "Error connecting to server\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& if (BIO_do_handshake(sbio) <= 0) { +\& fprintf(stderr, "Error establishing SSL connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* XXX Could examine ssl here to get connection info */ +\& +\& BIO_puts(sbio, "GET / HTTP/1.0\en\en"); +\& for (;;) { +\& len = BIO_read(sbio, tmpbuf, 1024); +\& if (len <= 0) +\& break; +\& BIO_write(out, tmpbuf, len); +\& } +\& BIO_free_all(sbio); +\& BIO_free(out); +.Ve +.PP +Here is a simple server example. It makes use of a buffering +\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL BIO\s0 using BIO_gets. +It creates a pseudo web page containing the actual request from +a client and also echoes the request to standard output. +.PP +.Vb 5 +\& BIO *sbio, *bbio, *acpt, *out; +\& int len; +\& char tmpbuf[1024]; +\& SSL_CTX *ctx; +\& SSL *ssl; +\& +\& /* XXX Seed the PRNG if needed. */ +\& +\& ctx = SSL_CTX_new(TLS_server_method()); +\& if (!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM) +\& || !SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM) +\& || !SSL_CTX_check_private_key(ctx)) { +\& fprintf(stderr, "Error setting up SSL_CTX\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* XXX Other things like set verify locations, EDH temp callbacks. */ +\& +\& /* New SSL BIO setup as server */ +\& sbio = BIO_new_ssl(ctx, 0); +\& BIO_get_ssl(sbio, &ssl); +\& if (ssl == NULL) { +\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); +\& bbio = BIO_new(BIO_f_buffer()); +\& sbio = BIO_push(bbio, sbio); +\& acpt = BIO_new_accept("4433"); +\& +\& /* +\& * By doing this when a new connection is established +\& * we automatically have sbio inserted into it. The +\& * BIO chain is now \*(Aqswallowed\*(Aq by the accept BIO and +\& * will be freed when the accept BIO is freed. +\& */ +\& BIO_set_accept_bios(acpt, sbio); +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& +\& /* Setup accept BIO */ +\& if (BIO_do_accept(acpt) <= 0) { +\& fprintf(stderr, "Error setting up accept BIO\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* We only want one connection so remove and free accept BIO */ +\& sbio = BIO_pop(acpt); +\& BIO_free_all(acpt); +\& +\& if (BIO_do_handshake(sbio) <= 0) { +\& fprintf(stderr, "Error in SSL handshake\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent\-type: text/plain\er\en\er\en"); +\& BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en"); +\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); +\& +\& for (;;) { +\& len = BIO_gets(sbio, tmpbuf, 1024); +\& if (len <= 0) +\& break; +\& BIO_write(sbio, tmpbuf, len); +\& BIO_write(out, tmpbuf, len); +\& /* Look for blank line signifying end of headers*/ +\& if (tmpbuf[0] == \*(Aq\er\*(Aq || tmpbuf[0] == \*(Aq\en\*(Aq) +\& break; +\& } +\& +\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); +\& BIO_puts(sbio, "\er\en"); +\& BIO_flush(sbio); +\& BIO_free_all(sbio); +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +In OpenSSL before 1.0.0 the \fBBIO_pop()\fR call was handled incorrectly, +the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of +decremented) and dissociated with the \s-1SSL BIO\s0 even if the \s-1SSL BIO\s0 was not +explicitly being popped (e.g. a pop higher up the chain). Applications which +included workarounds for this bug (e.g. freeing BIOs more than once) should +be modified to handle this fix or they may free up an already freed \s-1BIO.\s0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_find_type.3 b/deps/openssl/mingw64/share/man/man3/BIO_find_type.3 new file mode 100644 index 00000000..2ec0d108 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_find_type.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_FIND_TYPE 3" +.TH BIO_FIND_TYPE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_find_type, BIO_next, BIO_method_type \- BIO chain traversal +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *BIO_find_type(BIO *b, int bio_type); +\& BIO *BIO_next(BIO *b); +\& int BIO_method_type(const BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting +at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \fB\s-1BIO_TYPE_MEM\s0\fR) then a search +is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as +\&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is +searched for. \fBBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is +found. +.PP +The following general types are defined: +\&\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR, \fB\s-1BIO_TYPE_FILTER\s0\fR, and \fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR. +.PP +For a list of the specific types, see the \fBopenssl/bio.h\fR header file. +.PP +\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs +in a chain or used in conjunction with \fBBIO_find_type()\fR to find all BIOs of a +certain type. +.PP +\&\fBBIO_method_type()\fR returns the type of a \s-1BIO.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match. +.PP +\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. +.PP +\&\fBBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Traverse a chain looking for digest BIOs: +.PP +.Vb 1 +\& BIO *btmp; +\& +\& btmp = in_bio; /* in_bio is chain to search through */ +\& do { +\& btmp = BIO_find_type(btmp, BIO_TYPE_MD); +\& if (btmp == NULL) +\& break; /* Not found */ +\& /* btmp is a digest BIO, do something with it ...*/ +\& ... +\& +\& btmp = BIO_next(btmp); +\& } while (btmp); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_get_data.3 b/deps/openssl/mingw64/share/man/man3/BIO_get_data.3 new file mode 100644 index 00000000..949d5223 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_get_data.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_GET_DATA 3" +.TH BIO_GET_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, BIO_get_shutdown \- functions for managing BIO state information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BIO_set_data(BIO *a, void *ptr); +\& void *BIO_get_data(BIO *a); +\& void BIO_set_init(BIO *a, int init); +\& int BIO_get_init(BIO *a); +\& void BIO_set_shutdown(BIO *a, int shut); +\& int BIO_get_shutdown(BIO *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are mainly useful when implementing a custom \s-1BIO.\s0 +.PP +The \fBBIO_set_data()\fR function associates the custom data pointed to by \fBptr\fR with +the \s-1BIO.\s0 This data can subsequently be retrieved via a call to \fBBIO_get_data()\fR. +This can be used by custom BIOs for storing implementation specific information. +.PP +The \fBBIO_set_init()\fR function sets the value of the \s-1BIO\s0's \*(L"init\*(R" flag to indicate +whether initialisation has been completed for this \s-1BIO\s0 or not. A non-zero value +indicates that initialisation is complete, whilst zero indicates that it is not. +Often initialisation will complete during initial construction of the \s-1BIO.\s0 For +some BIOs however, initialisation may not complete until after additional steps +have occurred (for example through calling custom ctrls). The \fBBIO_get_init()\fR +function returns the value of the \*(L"init\*(R" flag. +.PP +The \fBBIO_set_shutdown()\fR and \fBBIO_get_shutdown()\fR functions set and get the state of +this \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. If set then the underlying resource +is also closed when the \s-1BIO\s0 is freed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_get_data()\fR returns a pointer to the implementation specific custom data +associated with this \s-1BIO,\s0 or \s-1NULL\s0 if none has been set. +.PP +\&\fBBIO_get_init()\fR returns the state of the \s-1BIO\s0's init flag. +.PP +\&\fBBIO_get_shutdown()\fR returns the stat of the \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bio, BIO_meth_new +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_get_ex_new_index.3 b/deps/openssl/mingw64/share/man/man3/BIO_get_ex_new_index.3 new file mode 100644 index 00000000..532d0414 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_get_ex_new_index.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_GET_EX_NEW_INDEX 3" +.TH BIO_GET_EX_NEW_INDEX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data, UI_get_ex_new_index, UI_set_ex_data, UI_get_ex_data, X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data, X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data, X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data, DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data, EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data, RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \&\- application\-specific data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int TYPE_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +\& +\& int TYPE_set_ex_data(TYPE *d, int idx, void *arg); +\& +\& void *TYPE_get_ex_data(TYPE *d, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description here, \fI\s-1TYPE\s0\fR is used a placeholder +for any of the OpenSSL datatypes listed in +\&\fBCRYPTO_get_ex_new_index\fR\|(3). +.PP +These functions handle application-specific data for OpenSSL data +structures. +.PP +\&\fBTYPE_get_ex_new_index()\fR is a macro that calls \fBCRYPTO_get_ex_new_index()\fR +with the correct \fBindex\fR value. +.PP +\&\fBTYPE_set_ex_data()\fR is a function that calls \fBCRYPTO_set_ex_data()\fR with +an offset into the opaque exdata part of the \s-1TYPE\s0 object. +.PP +\&\fBTYPE_get_ex_data()\fR is a function that calls \fBCRYPTO_get_ex_data()\fR with +an offset into the opaque exdata part of the \s-1TYPE\s0 object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBTYPE_get_ex_new_index()\fR returns a new index on success or \-1 on error. +.PP +\&\fBTYPE_set_ex_data()\fR returns 1 on success or 0 on error. +.PP +\&\fBTYPE_get_ex_data()\fR returns the application data or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBCRYPTO_get_ex_new_index\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_meth_new.3 b/deps/openssl/mingw64/share/man/man3/BIO_meth_new.3 new file mode 100644 index 00000000..afef7268 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_meth_new.3 @@ -0,0 +1,288 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_METH_NEW 3" +.TH BIO_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_get_new_index, BIO_meth_new, BIO_meth_free, BIO_meth_get_read_ex, BIO_meth_set_read_ex, BIO_meth_get_write_ex, BIO_meth_set_write_ex, BIO_meth_get_write, BIO_meth_set_write, BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, BIO_meth_set_puts, BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, BIO_meth_set_ctrl, BIO_meth_get_create, BIO_meth_set_create, BIO_meth_get_destroy, BIO_meth_set_destroy, BIO_meth_get_callback_ctrl, BIO_meth_set_callback_ctrl \- Routines to build up BIO methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_get_new_index(void); +\& +\& BIO_METHOD *BIO_meth_new(int type, const char *name); +\& +\& void BIO_meth_free(BIO_METHOD *biom); +\& +\& int (*BIO_meth_get_write_ex(const BIO_METHOD *biom))(BIO *, const char *, size_t, +\& size_t *); +\& int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int); +\& int BIO_meth_set_write_ex(BIO_METHOD *biom, +\& int (*bwrite)(BIO *, const char *, size_t, size_t *)); +\& int BIO_meth_set_write(BIO_METHOD *biom, +\& int (*write)(BIO *, const char *, int)); +\& +\& int (*BIO_meth_get_read_ex(const BIO_METHOD *biom))(BIO *, char *, size_t, size_t *); +\& int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int); +\& int BIO_meth_set_read_ex(BIO_METHOD *biom, +\& int (*bread)(BIO *, char *, size_t, size_t *)); +\& int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int)); +\& +\& int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *); +\& int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *)); +\& +\& int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int); +\& int BIO_meth_set_gets(BIO_METHOD *biom, +\& int (*gets)(BIO *, char *, int)); +\& +\& long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *); +\& int BIO_meth_set_ctrl(BIO_METHOD *biom, +\& long (*ctrl)(BIO *, int, long, void *)); +\& +\& int (*BIO_meth_get_create(const BIO_METHOD *bion))(BIO *); +\& int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *)); +\& +\& int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *); +\& int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *)); +\& +\& long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *); +\& int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, +\& long (*callback_ctrl)(BIO *, int, BIO_info_cb *)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1BIO_METHOD\s0\fR type is a structure used for the implementation of new \s-1BIO\s0 +types. It provides a set of functions used by OpenSSL for the implementation +of the various \s-1BIO\s0 capabilities. See the bio page for more information. +.PP +\&\fBBIO_meth_new()\fR creates a new \fB\s-1BIO_METHOD\s0\fR structure. It should be given a +unique integer \fBtype\fR and a string that represents its \fBname\fR. +Use \fBBIO_get_new_index()\fR to get the value for \fBtype\fR. +.PP +The set of +standard OpenSSL provided \s-1BIO\s0 types is provided in \fBbio.h\fR. Some examples +include \fB\s-1BIO_TYPE_BUFFER\s0\fR and \fB\s-1BIO_TYPE_CIPHER\s0\fR. Filter BIOs should have a +type which have the \*(L"filter\*(R" bit set (\fB\s-1BIO_TYPE_FILTER\s0\fR). Source/sink BIOs +should have the \*(L"source/sink\*(R" bit set (\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR). File descriptor +based BIOs (e.g. socket, fd, connect, accept etc) should additionally have the +\&\*(L"descriptor\*(R" bit set (\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR). See the BIO_find_type page for +more information. +.PP +\&\fBBIO_meth_free()\fR destroys a \fB\s-1BIO_METHOD\s0\fR structure and frees up any memory +associated with it. +.PP +\&\fBBIO_meth_get_write_ex()\fR and \fBBIO_meth_set_write_ex()\fR get and set the function +used for writing arbitrary length data to the \s-1BIO\s0 respectively. This function +will be called in response to the application calling \fBBIO_write_ex()\fR or +\&\fBBIO_write()\fR. The parameters for the function have the same meaning as for +\&\fBBIO_write_ex()\fR. Older code may call \fBBIO_meth_get_write()\fR and +\&\fBBIO_meth_set_write()\fR instead. Applications should not call both +\&\fBBIO_meth_set_write_ex()\fR and \fBBIO_meth_set_write()\fR or call \fBBIO_meth_get_write()\fR +when the function was set with \fBBIO_meth_set_write_ex()\fR. +.PP +\&\fBBIO_meth_get_read_ex()\fR and \fBBIO_meth_set_read_ex()\fR get and set the function used +for reading arbitrary length data from the \s-1BIO\s0 respectively. This function will +be called in response to the application calling \fBBIO_read_ex()\fR or \fBBIO_read()\fR. +The parameters for the function have the same meaning as for \fBBIO_read_ex()\fR. +Older code may call \fBBIO_meth_get_read()\fR and \fBBIO_meth_set_read()\fR instead. +Applications should not call both \fBBIO_meth_set_read_ex()\fR and \fBBIO_meth_set_read()\fR +or call \fBBIO_meth_get_read()\fR when the function was set with +\&\fBBIO_meth_set_read_ex()\fR. +.PP +\&\fBBIO_meth_get_puts()\fR and \fBBIO_meth_set_puts()\fR get and set the function used for +writing a \s-1NULL\s0 terminated string to the \s-1BIO\s0 respectively. This function will be +called in response to the application calling \fBBIO_puts()\fR. The parameters for +the function have the same meaning as for \fBBIO_puts()\fR. +.PP +\&\fBBIO_meth_get_gets()\fR and \fBBIO_meth_set_gets()\fR get and set the function typically +used for reading a line of data from the \s-1BIO\s0 respectively (see the \fBBIO_gets\fR\|(3) +page for more information). This function will be called in response to the +application calling \fBBIO_gets()\fR. The parameters for the function have the same +meaning as for \fBBIO_gets()\fR. +.PP +\&\fBBIO_meth_get_ctrl()\fR and \fBBIO_meth_set_ctrl()\fR get and set the function used for +processing ctrl messages in the \s-1BIO\s0 respectively. See the BIO_ctrl page for +more information. This function will be called in response to the application +calling \fBBIO_ctrl()\fR. The parameters for the function have the same meaning as for +\&\fBBIO_ctrl()\fR. +.PP +\&\fBBIO_meth_get_create()\fR and \fBBIO_meth_set_create()\fR get and set the function used +for creating a new instance of the \s-1BIO\s0 respectively. This function will be +called in response to the application calling \fBBIO_new()\fR and passing +in a pointer to the current \s-1BIO_METHOD.\s0 The \fBBIO_new()\fR function will allocate the +memory for the new \s-1BIO,\s0 and a pointer to this newly allocated structure will +be passed as a parameter to the function. +.PP +\&\fBBIO_meth_get_destroy()\fR and \fBBIO_meth_set_destroy()\fR get and set the function used +for destroying an instance of a \s-1BIO\s0 respectively. This function will be +called in response to the application calling \fBBIO_free()\fR. A pointer to the \s-1BIO\s0 +to be destroyed is passed as a parameter. The destroy function should be used +for \s-1BIO\s0 specific clean up. The memory for the \s-1BIO\s0 itself should not be freed by +this function. +.PP +\&\fBBIO_meth_get_callback_ctrl()\fR and \fBBIO_meth_set_callback_ctrl()\fR get and set the +function used for processing callback ctrl messages in the \s-1BIO\s0 respectively. See +the \fBBIO_callback_ctrl\fR\|(3) page for more information. This function will be called +in response to the application calling \fBBIO_callback_ctrl()\fR. The parameters for +the function have the same meaning as for \fBBIO_callback_ctrl()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_get_new_index()\fR returns the new \s-1BIO\s0 type value or \-1 if an error occurred. +.PP +BIO_meth_new(int type, const char *name) returns a valid \fB\s-1BIO_METHOD\s0\fR or \s-1NULL\s0 +if an error occurred. +.PP +The \fBBIO_meth_set\fR functions return 1 on success or 0 on error. +.PP +The \fBBIO_meth_get\fR functions return the corresponding function pointers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bio, BIO_find_type, BIO_ctrl, BIO_read_ex, BIO_new +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_new.3 b/deps/openssl/mingw64/share/man/man3/BIO_new.3 new file mode 100644 index 00000000..a2f9290d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_new.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_NEW 3" +.TH BIO_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all \&\- BIO allocation and freeing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO * BIO_new(const BIO_METHOD *type); +\& int BIO_up_ref(BIO *a); +\& int BIO_free(BIO *a); +\& void BIO_vfree(BIO *a); +\& void BIO_free_all(BIO *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR. +.PP +\&\fBBIO_up_ref()\fR increments the reference count associated with the \s-1BIO\s0 object. +.PP +\&\fBBIO_free()\fR frees up a single \s-1BIO,\s0 \fBBIO_vfree()\fR also frees up a single \s-1BIO\s0 +but it does not return a value. +If \fBa\fR is \s-1NULL\s0 nothing is done. +Calling \fBBIO_free()\fR may also have some effect +on the underlying I/O structure, for example it may close the file being +referred to under certain circumstances. For more details see the individual +\&\s-1BIO_METHOD\s0 descriptions. +.PP +\&\fBBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error +occurs freeing up an individual \s-1BIO\s0 in the chain. +If \fBa\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails. +.PP +\&\fBBIO_up_ref()\fR and \fBBIO_free()\fR return 1 for success and 0 for failure. +.PP +\&\fBBIO_free_all()\fR and \fBBIO_vfree()\fR do not return values. +.SH "NOTES" +.IX Header "NOTES" +If \fBBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting +in a memory leak. +.PP +Calling \fBBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling \fBBIO_free()\fR +on it other than the discarded return value. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBIO_set()\fR was removed in OpenSSL 1.1.0 as \s-1BIO\s0 type is now opaque. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a memory \s-1BIO:\s0 +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_new_CMS.3 b/deps/openssl/mingw64/share/man/man3/BIO_new_CMS.3 new file mode 100644 index 00000000..8a468cfd --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_new_CMS.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_NEW_CMS 3" +.TH BIO_NEW_CMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_new_CMS \- CMS streaming filter BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output +of the filter is written to \fBout\fR. Any data written to the chain is +automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appropriate type. +.SH "NOTES" +.IX Header "NOTES" +The chain returned by this function behaves like a standard filter \s-1BIO.\s0 It +supports non blocking I/O. Content is processed and streamed on the fly and not +all held in memory at once: so it is possible to encode very large structures. +After all content has been written through the chain \fBBIO_flush()\fR must be called +to finalise the structure. +.PP +The \fB\s-1CMS_STREAM\s0\fR flag must be included in the corresponding \fBflags\fR +parameter of the \fBcms\fR creation function. +.PP +If an application wishes to write additional data to \fBout\fR BIOs should be +removed from the chain using \fBBIO_pop()\fR and freed with \fBBIO_free()\fR until \fBout\fR +is reached. If no additional data needs to be written \fBBIO_free_all()\fR can be +called to free up the whole chain. +.PP +Any content written through the filter is used verbatim: no canonical +translation is performed. +.PP +It is possible to chain multiple BIOs to, for example, create a triple wrapped +signed, enveloped, signed structure. In this case it is the applications +responsibility to set the inner content type of any outer CMS_ContentInfo +structures. +.PP +Large numbers of small writes through the chain should be avoided as this will +produce an output consisting of lots of \s-1OCTET STRING\s0 structures. Prepending +a \fBBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this. +.SH "BUGS" +.IX Header "BUGS" +There is currently no corresponding inverse \s-1BIO:\s0 i.e. one which can decode +a \s-1CMS\s0 structure on the fly. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBIO_new_CMS()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_parse_hostserv.3 b/deps/openssl/mingw64/share/man/man3/BIO_parse_hostserv.3 new file mode 100644 index 00000000..f344b875 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_parse_hostserv.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_PARSE_HOSTSERV 3" +.TH BIO_PARSE_HOSTSERV 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_hostserv_priorities, BIO_parse_hostserv \&\- utility routines to parse a standard host and service string +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& enum BIO_hostserv_priorities { +\& BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV +\& }; +\& int BIO_parse_hostserv(const char *hostserv, char **host, char **service, +\& enum BIO_hostserv_priorities hostserv_prio); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_parse_hostserv()\fR will parse the information given in \fBhostserv\fR, +create strings with the host name and service name and give those +back via \fBhost\fR and \fBservice\fR. Those will need to be freed after +they are used. \fBhostserv_prio\fR helps determine if \fBhostserv\fR shall +be interpreted primarily as a host name or a service name in ambiguous +cases. +.PP +The syntax the \fBBIO_parse_hostserv()\fR recognises is: +.PP +.Vb 7 +\& host + \*(Aq:\*(Aq + service +\& host + \*(Aq:\*(Aq + \*(Aq*\*(Aq +\& host + \*(Aq:\*(Aq +\& \*(Aq:\*(Aq + service +\& \*(Aq*\*(Aq + \*(Aq:\*(Aq + service +\& host +\& service +.Ve +.PP +The host part can be a name or an \s-1IP\s0 address. If it's a IPv6 +address, it \s-1MUST\s0 be enclosed in brackets, such as '[::1]'. +.PP +The service part can be a service name or its port number. +.PP +The returned values will depend on the given \fBhostserv\fR string +and \fBhostserv_prio\fR, as follows: +.PP +.Vb 5 +\& host + \*(Aq:\*(Aq + service => *host = "host", *service = "service" +\& host + \*(Aq:\*(Aq + \*(Aq*\*(Aq => *host = "host", *service = NULL +\& host + \*(Aq:\*(Aq => *host = "host", *service = NULL +\& \*(Aq:\*(Aq + service => *host = NULL, *service = "service" +\& \*(Aq*\*(Aq + \*(Aq:\*(Aq + service => *host = NULL, *service = "service" +\& +\& in case no \*(Aq:\*(Aq is present in the string, the result depends on +\& hostserv_prio, as follows: +\& +\& when hostserv_prio == BIO_PARSE_PRIO_HOST +\& host => *host = "host", *service untouched +\& +\& when hostserv_prio == BIO_PARSE_PRIO_SERV +\& service => *host untouched, *service = "service" +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_parse_hostserv()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBBIO_ADDRINFO\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_printf.3 b/deps/openssl/mingw64/share/man/man3/BIO_printf.3 new file mode 100644 index 00000000..3d981a14 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_printf.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_PRINTF 3" +.TH BIO_PRINTF 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf \&\- formatted output to a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_printf(BIO *bio, const char *format, ...) +\& int BIO_vprintf(BIO *bio, const char *format, va_list args) +\& +\& int BIO_snprintf(char *buf, size_t n, const char *format, ...) +\& int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_printf()\fR is similar to the standard C \fBprintf()\fR function, except that +the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard +output. All common format specifiers are supported. +.PP +\&\fBBIO_vprintf()\fR is similar to the \fBvprintf()\fR function found on many platforms, +the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard +output. All common format specifiers are supported. The argument +list \fBargs\fR is a stdarg argument list. +.PP +\&\fBBIO_snprintf()\fR is for platforms that do not have the common \fBsnprintf()\fR +function. It is like \fBsprintf()\fR except that the size parameter, \fBn\fR, +specifies the size of the output buffer. +.PP +\&\fBBIO_vsnprintf()\fR is to \fBBIO_snprintf()\fR as \fBBIO_vprintf()\fR is to \fBBIO_printf()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions return the number of bytes written, or \-1 on error. +For \fBBIO_snprintf()\fR and \fBBIO_vsnprintf()\fR this includes when the output +buffer is too small. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_push.3 b/deps/openssl/mingw64/share/man/man3/BIO_push.3 new file mode 100644 index 00000000..e1386735 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_push.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_PUSH 3" +.TH BIO_PUSH 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_push, BIO_pop, BIO_set_next \- add and remove BIOs from a chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *BIO_push(BIO *b, BIO *append); +\& BIO *BIO_pop(BIO *b); +\& void BIO_set_next(BIO *b, BIO *next); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns +\&\fBb\fR. +.PP +\&\fBBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0 +in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 The removed \s-1BIO\s0 then +becomes a single \s-1BIO\s0 with no association with the original chain, +it can thus be freed or attached to a different chain. +.PP +\&\fBBIO_set_next()\fR replaces the existing next \s-1BIO\s0 in a chain with the \s-1BIO\s0 pointed to +by \fBnext\fR. The new chain may include some of the same BIOs from the old chain +or it may be completely different. +.SH "NOTES" +.IX Header "NOTES" +The names of these functions are perhaps a little misleading. \fBBIO_push()\fR +joins two \s-1BIO\s0 chains whereas \fBBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain, +the deleted \s-1BIO\s0 does not need to be at the end of a chain. +.PP +The process of calling \fBBIO_push()\fR and \fBBIO_pop()\fR on a \s-1BIO\s0 may have additional +consequences (a control call is made to the affected BIOs) any effects will +be noted in the descriptions of individual BIOs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_push()\fR returns the end of the chain, \fBb\fR. +.PP +\&\fBBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next +\&\s-1BIO.\s0 +.SH "EXAMPLES" +.IX Header "EXAMPLES" +For these examples suppose \fBmd1\fR and \fBmd2\fR are digest BIOs, \fBb64\fR is +a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO.\s0 +.PP +If the call: +.PP +.Vb 1 +\& BIO_push(b64, f); +.Ve +.PP +is made then the new chain will be \fBb64\-f\fR. After making the calls +.PP +.Vb 2 +\& BIO_push(md2, b64); +\& BIO_push(md1, md2); +.Ve +.PP +the new chain is \fBmd1\-md2\-b64\-f\fR. Data written to \fBmd1\fR will be digested +by \fBmd1\fR and \fBmd2\fR, \fBbase64\fR encoded and written to \fBf\fR. +.PP +It should be noted that reading causes data to pass in the reverse +direction, that is data is read from \fBf\fR, base64 \fBdecoded\fR and digested +by \fBmd1\fR and \fBmd2\fR. If the call: +.PP +.Vb 1 +\& BIO_pop(md2); +.Ve +.PP +The call will return \fBb64\fR and the new chain will be \fBmd1\-b64\-f\fR data can +be written to \fBmd1\fR as before. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bio +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBIO_set_next()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_read.3 b/deps/openssl/mingw64/share/man/man3/BIO_read.3 new file mode 100644 index 00000000..1dad2173 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_read.3 @@ -0,0 +1,226 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_READ 3" +.TH BIO_READ 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts \&\- BIO I/O functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +\& int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +\& +\& int BIO_read(BIO *b, void *data, int dlen); +\& int BIO_gets(BIO *b, char *buf, int size); +\& int BIO_write(BIO *b, const void *data, int dlen); +\& int BIO_puts(BIO *b, const char *buf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_read_ex()\fR attempts to read \fBdlen\fR bytes from \s-1BIO\s0 \fBb\fR and places the data +in \fBdata\fR. If any bytes were successfully read then the number of bytes read is +stored in \fB*readbytes\fR. +.PP +\&\fBBIO_write_ex()\fR attempts to write \fBdlen\fR bytes from \fBdata\fR to \s-1BIO\s0 \fBb\fR. If +successful then the number of bytes written is stored in \fB*written\fR. +.PP +\&\fBBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places +the data in \fBbuf\fR. +.PP +\&\fBBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data +in \fBbuf\fR. Usually this operation will attempt to read a line of data +from the \s-1BIO\s0 of maximum length \fBsize\-1\fR. There are exceptions to this, +however; for example, \fBBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and +return the digest and other BIOs may not support \fBBIO_gets()\fR at all. +The returned string is always NUL-terminated and the '\en' is preserved +if present in the input data. +.PP +\&\fBBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +.PP +\&\fBBIO_puts()\fR attempts to write a NUL-terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR return 1 if data was successfully read or +written, and 0 otherwise. +.PP +All other functions return either the amount of data successfully read or +written (if the return value is positive) or that no data was successfully +read or written if the result is 0 or \-1. If the return value is \-2 then +the operation is not implemented in the specific \s-1BIO\s0 type. The trailing +\&\s-1NUL\s0 is not included in the length returned by \fBBIO_gets()\fR. +.SH "NOTES" +.IX Header "NOTES" +A 0 or \-1 return is not necessarily an indication of an error. In +particular when the source/sink is non-blocking or of a certain type +it may merely be an indication that no data is currently available and that +the application should retry the operation later. +.PP +One technique sometimes used with blocking sockets is to use a system call +(such as \fBselect()\fR, \fBpoll()\fR or equivalent) to determine when data is available +and then call \fBread()\fR to read the data. The equivalent with BIOs (that is call +\&\fBselect()\fR on the underlying I/O structure and then call \fBBIO_read()\fR to +read the data) should \fBnot\fR be used because a single call to \fBBIO_read()\fR +can cause several reads (and writes in the case of \s-1SSL\s0 BIOs) on the underlying +I/O structure and may block as a result. Instead \fBselect()\fR (or equivalent) +should be combined with non blocking I/O so successive reads will request +a retry instead of blocking. +.PP +See \fBBIO_should_retry\fR\|(3) for details of how to +determine the cause of a retry and other I/O issues. +.PP +If the \fBBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to +work around this by adding a buffering \s-1BIO\s0 \fBBIO_f_buffer\fR\|(3) +to the chain. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_should_retry\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBIO_gets()\fR on 1.1.0 and older when called on \fBBIO_fd()\fR based \s-1BIO\s0 does not +keep the '\en' at the end of the line in the buffer. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_s_accept.3 b/deps/openssl/mingw64/share/man/man3/BIO_s_accept.3 new file mode 100644 index 00000000..b65d29f4 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_s_accept.3 @@ -0,0 +1,365 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_ACCEPT 3" +.TH BIO_S_ACCEPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, BIO_get_peer_name, BIO_get_peer_port, BIO_get_accept_ip_family, BIO_set_accept_ip_family, BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept \- accept BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_accept(void); +\& +\& long BIO_set_accept_name(BIO *b, char *name); +\& char *BIO_get_accept_name(BIO *b); +\& +\& long BIO_set_accept_port(BIO *b, char *port); +\& char *BIO_get_accept_port(BIO *b); +\& +\& BIO *BIO_new_accept(char *host_port); +\& +\& long BIO_set_nbio_accept(BIO *b, int n); +\& long BIO_set_accept_bios(BIO *b, char *bio); +\& +\& char *BIO_get_peer_name(BIO *b); +\& char *BIO_get_peer_port(BIO *b); +\& long BIO_get_accept_ip_family(BIO *b); +\& long BIO_set_accept_ip_family(BIO *b, long family); +\& +\& long BIO_set_bind_mode(BIO *b, long mode); +\& long BIO_get_bind_mode(BIO *b); +\& +\& int BIO_do_accept(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper +round the platform's \s-1TCP/IP\s0 socket accept routines. +.PP +Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data +transferred using only \s-1BIO\s0 routines. In this way any platform +specific operations are hidden by the \s-1BIO\s0 abstraction. +.PP +Read and write operations on an accept \s-1BIO\s0 will perform I/O +on the underlying connection. If no connection is established +and the port (see below) is set up properly then the \s-1BIO\s0 +waits for an incoming connection. +.PP +Accept BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. +.PP +If the close flag is set on an accept \s-1BIO\s0 then any active +connection on that chain is shutdown and the socket closed when +the \s-1BIO\s0 is freed. +.PP +Calling \fBBIO_reset()\fR on an accept \s-1BIO\s0 will close any active +connection and reset the \s-1BIO\s0 into a state where it awaits another +incoming connection. +.PP +\&\fBBIO_get_fd()\fR and \fBBIO_set_fd()\fR can be called to retrieve or set +the accept socket. See \fBBIO_s_fd\fR\|(3) +.PP +\&\fBBIO_set_accept_name()\fR uses the string \fBname\fR to set the accept +name. The name is represented as a string of the form \*(L"host:port\*(R", +where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port. +The host can be \*(L"*\*(R" or empty which is interpreted as meaning +any interface. If the host is an IPv6 address, it has to be +enclosed in brackets, for example \*(L"[::1]:https\*(R". \*(L"port\*(R" has the +same syntax as the port specified in \fBBIO_set_conn_port()\fR for +connect BIOs, that is it can be a numerical port string or a +string to lookup using \fBgetservbyname()\fR and a string table. +.PP +\&\fBBIO_set_accept_port()\fR uses the string \fBport\fR to set the accept +port. \*(L"port\*(R" has the same syntax as the port specified in +\&\fBBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical +port string or a string to lookup using \fBgetservbyname()\fR and a string +table. +.PP +\&\fBBIO_new_accept()\fR combines \fBBIO_new()\fR and \fBBIO_set_accept_name()\fR into +a single call: that is it creates a new accept \s-1BIO\s0 with port +\&\fBhost_port\fR. +.PP +\&\fBBIO_set_nbio_accept()\fR sets the accept socket to blocking mode +(the default) if \fBn\fR is 0 or non blocking mode if \fBn\fR is 1. +.PP +\&\fBBIO_set_accept_bios()\fR can be used to set a chain of BIOs which +will be duplicated and prepended to the chain when an incoming +connection is received. This is useful if, for example, a +buffering or \s-1SSL BIO\s0 is required for each connection. The +chain of BIOs must not be freed after this call, they will +be automatically freed when the accept \s-1BIO\s0 is freed. +.PP +\&\fBBIO_set_bind_mode()\fR and \fBBIO_get_bind_mode()\fR set and retrieve +the current bind mode. If \fB\s-1BIO_BIND_NORMAL\s0\fR (the default) is set +then another socket cannot be bound to the same port. If +\&\fB\s-1BIO_BIND_REUSEADDR\s0\fR is set then other sockets can bind to the +same port. If \fB\s-1BIO_BIND_REUSEADDR_IF_UNUSED\s0\fR is set then and +attempt is first made to use \s-1BIO_BIN_NORMAL,\s0 if this fails +and the port is not in use then a second attempt is made +using \fB\s-1BIO_BIND_REUSEADDR\s0\fR. +.PP +\&\fBBIO_do_accept()\fR serves two functions. When it is first +called, after the accept \s-1BIO\s0 has been setup, it will attempt +to create the accept socket and bind an address to it. Second +and subsequent calls to \fBBIO_do_accept()\fR will await an incoming +connection, or request a retry in non blocking mode. +.SH "NOTES" +.IX Header "NOTES" +When an accept \s-1BIO\s0 is at the end of a chain it will await an +incoming connection before processing I/O calls. When an accept +\&\s-1BIO\s0 is not at then end of a chain it passes I/O calls to the next +\&\s-1BIO\s0 in the chain. +.PP +When a connection is established a new socket \s-1BIO\s0 is created for +the connection and appended to the chain. That is the chain is now +accept\->socket. This effectively means that attempting I/O on +an initial accept socket will await an incoming connection then +perform I/O on it. +.PP +If any additional BIOs have been set using \fBBIO_set_accept_bios()\fR +then they are placed between the socket and the accept \s-1BIO,\s0 +that is the chain will be accept\->otherbios\->socket. +.PP +If a server wishes to process multiple connections (as is normally +the case) then the accept \s-1BIO\s0 must be made available for further +incoming connections. This can be done by waiting for a connection and +then calling: +.PP +.Vb 1 +\& connection = BIO_pop(accept); +.Ve +.PP +After this call \fBconnection\fR will contain a \s-1BIO\s0 for the recently +established connection and \fBaccept\fR will now be a single \s-1BIO\s0 +again which can be used to await further incoming connections. +If no further connections will be accepted the \fBaccept\fR can +be freed using \fBBIO_free()\fR. +.PP +If only a single connection will be processed it is possible to +perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable +however because the accept \s-1BIO\s0 will still accept additional incoming +connections. This can be resolved by using \fBBIO_pop()\fR (see above) +and freeing up the accept \s-1BIO\s0 after the initial connection. +.PP +If the underlying accept socket is non-blocking and \fBBIO_do_accept()\fR is +called to await an incoming connection it is possible for +\&\fBBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens +then it is an indication that an accept attempt would block: the application +should take appropriate action to wait until the underlying socket has +accepted a connection and retry the call. +.PP +\&\fBBIO_set_accept_name()\fR, \fBBIO_get_accept_name()\fR, \fBBIO_set_accept_port()\fR, +\&\fBBIO_get_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, \fBBIO_set_accept_bios()\fR, +\&\fBBIO_get_peer_name()\fR, \fBBIO_get_peer_port()\fR, +\&\fBBIO_get_accept_ip_family()\fR, \fBBIO_set_accept_ip_family()\fR, +\&\fBBIO_set_bind_mode()\fR, \fBBIO_get_bind_mode()\fR and \fBBIO_do_accept()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_do_accept()\fR, +\&\fBBIO_set_accept_name()\fR, \fBBIO_set_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, +\&\fBBIO_set_accept_bios()\fR, \fBBIO_set_accept_ip_family()\fR, and \fBBIO_set_bind_mode()\fR +return 1 for success and 0 or \-1 for failure. +.PP +\&\fBBIO_get_accept_name()\fR returns the accept name or \s-1NULL\s0 on error. +\&\fBBIO_get_peer_name()\fR returns the peer name or \s-1NULL\s0 on error. +.PP +\&\fBBIO_get_accept_port()\fR returns the accept port as a string or \s-1NULL\s0 on error. +\&\fBBIO_get_peer_port()\fR returns the peer port as a string or \s-1NULL\s0 on error. +\&\fBBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family or \-1 on error. +.PP +\&\fBBIO_get_bind_mode()\fR returns the set of \fB\s-1BIO_BIND\s0\fR flags, or \-1 on failure. +.PP +\&\fBBIO_new_accept()\fR returns a \s-1BIO\s0 or \s-1NULL\s0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example accepts two connections on port 4444, sends messages +down each and finally closes both down. +.PP +.Vb 1 +\& BIO *abio, *cbio, *cbio2; +\& +\& /* First call to BIO_accept() sets up accept BIO */ +\& abio = BIO_new_accept("4444"); +\& if (BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error setting up accept\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* Wait for incoming connection */ +\& if (BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error accepting connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& fprintf(stderr, "Connection 1 established\en"); +\& +\& /* Retrieve BIO for connection */ +\& cbio = BIO_pop(abio); +\& BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\en"); +\& fprintf(stderr, "Sent out data on connection 1\en"); +\& +\& /* Wait for another connection */ +\& if (BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error accepting connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& fprintf(stderr, "Connection 2 established\en"); +\& +\& /* Close accept BIO to refuse further connections */ +\& cbio2 = BIO_pop(abio); +\& BIO_free(abio); +\& BIO_puts(cbio2, "Connection 2: Sending out Data on second\en"); +\& fprintf(stderr, "Sent out data on connection 2\en"); +\& +\& BIO_puts(cbio, "Connection 1: Second connection established\en"); +\& +\& /* Close the two established connections */ +\& BIO_free(cbio); +\& BIO_free(cbio2); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_s_bio.3 b/deps/openssl/mingw64/share/man/man3/BIO_s_bio.3 new file mode 100644 index 00000000..1ef52461 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_s_bio.3 @@ -0,0 +1,329 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_BIO 3" +.TH BIO_S_BIO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request, BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request \- BIO pair BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_bio(void); +\& +\& int BIO_make_bio_pair(BIO *b1, BIO *b2); +\& int BIO_destroy_bio_pair(BIO *b); +\& int BIO_shutdown_wr(BIO *b); +\& +\& int BIO_set_write_buf_size(BIO *b, long size); +\& size_t BIO_get_write_buf_size(BIO *b, long size); +\& +\& int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); +\& +\& int BIO_get_write_guarantee(BIO *b); +\& size_t BIO_ctrl_get_write_guarantee(BIO *b); +\& int BIO_get_read_request(BIO *b); +\& size_t BIO_ctrl_get_read_request(BIO *b); +\& int BIO_ctrl_reset_read_request(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink +BIOs where data written to either half of the pair is buffered and can be read from +the other half. Both halves must usually by handled by the same application thread +since no locking is done on the internal data structures. +.PP +Since \s-1BIO\s0 chains typically end in a source/sink \s-1BIO\s0 it is possible to make this +one half of a \s-1BIO\s0 pair and have all the data processed by the chain under application +control. +.PP +One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL I/O\s0 under application control, this +can be used when the application wishes to use a non standard transport for +\&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate. +.PP +Calls to \fBBIO_read_ex()\fR will read data from the buffer or request a retry if no +data is available. +.PP +Calls to \fBBIO_write_ex()\fR will place data in the buffer or request a retry if the +buffer is full. +.PP +The standard calls \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR can be used to +determine the amount of pending data in the read or write buffer. +.PP +\&\fBBIO_reset()\fR clears any data in the write buffer. +.PP +\&\fBBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair. +.PP +\&\fBBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing +up any half of the pair will automatically destroy the association. +.PP +\&\fBBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further +writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other +half of the pair will return any pending data or \s-1EOF\s0 when all pending data has +been read. +.PP +\&\fBBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR. +If the size is not initialized a default value is used. This is currently +17K, sufficient for a maximum size \s-1TLS\s0 record. +.PP +\&\fBBIO_get_write_buf_size()\fR returns the size of the write buffer. +.PP +\&\fBBIO_new_bio_pair()\fR combines the calls to \fBBIO_new()\fR, \fBBIO_make_bio_pair()\fR and +\&\fBBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR +with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is +zero then the default size is used. \fBBIO_new_bio_pair()\fR does not check whether +\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO,\s0 the values are overwritten, +\&\fBBIO_free()\fR is not called. +.PP +\&\fBBIO_get_write_guarantee()\fR and \fBBIO_ctrl_get_write_guarantee()\fR return the maximum +length of data that can be currently written to the \s-1BIO.\s0 Writes larger than this +value will return a value from \fBBIO_write_ex()\fR less than the amount requested or +if the buffer is full request a retry. \fBBIO_ctrl_get_write_guarantee()\fR is a +function whereas \fBBIO_get_write_guarantee()\fR is a macro. +.PP +\&\fBBIO_get_read_request()\fR and \fBBIO_ctrl_get_read_request()\fR return the +amount of data requested, or the buffer size if it is less, if the +last read attempt at the other half of the \s-1BIO\s0 pair failed due to an +empty buffer. This can be used to determine how much data should be +written to the \s-1BIO\s0 so the next read will succeed: this is most useful +in \s-1TLS/SSL\s0 applications where the amount of data read is usually +meaningful rather than just a buffer size. After a successful read +this call will return zero. It also will return zero once new data +has been written satisfying the read request or part of it. +Note that \fBBIO_get_read_request()\fR never returns an amount larger +than that returned by \fBBIO_get_write_guarantee()\fR. +.PP +\&\fBBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by +\&\fBBIO_get_read_request()\fR to zero. +.SH "NOTES" +.IX Header "NOTES" +Both halves of a \s-1BIO\s0 pair should be freed. That is even if one half is implicit +freed due to a \fBBIO_free_all()\fR or \fBSSL_free()\fR call the other half needs to be freed. +.PP +When used in bidirectional applications (such as \s-1TLS/SSL\s0) care should be taken to +flush any data in the write buffer. This can be done by calling \fBBIO_pending()\fR +on the other half of the pair and, if any data is pending, reading it and sending +it to the underlying transport. This must be done before any normal processing +(such as calling \fBselect()\fR ) due to a request and \fBBIO_should_read()\fR being true. +.PP +To see why this is important consider a case where a request is sent using +\&\fBBIO_write_ex()\fR and a response read with \fBBIO_read_ex()\fR, this can occur during an +\&\s-1TLS/SSL\s0 handshake for example. \fBBIO_write_ex()\fR will succeed and place data in the +write buffer. \fBBIO_read_ex()\fR will initially fail and \fBBIO_should_read()\fR will be +true. If the application then waits for data to be available on the underlying +transport before flushing the write buffer it will never succeed because the +request was never sent! +.PP +\&\fBBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been +shutdown. +.PP +\&\fBBIO_make_bio_pair()\fR, \fBBIO_destroy_bio_pair()\fR, \fBBIO_shutdown_wr()\fR, +\&\fBBIO_set_write_buf_size()\fR, \fBBIO_get_write_buf_size()\fR, +\&\fBBIO_get_write_guarantee()\fR, and \fBBIO_get_read_request()\fR are implemented +as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in +\&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the +locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information. +.PP +[\s-1XXXXX:\s0 More return values need to be added here] +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The \s-1BIO\s0 pair can be used to have full control over the network access of an +application. The application can call \fBselect()\fR on the socket as required +without having to go through the SSL-interface. +.PP +.Vb 1 +\& BIO *internal_bio, *network_bio; +\& +\& ... +\& BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0); +\& SSL_set_bio(ssl, internal_bio, internal_bio); +\& SSL_operations(); /* e.g SSL_read and SSL_write */ +\& ... +\& +\& application | TLS\-engine +\& | | +\& +\-\-\-\-\-\-\-\-\-\-> SSL_operations() +\& | /\e || +\& | || \e/ +\& | BIO\-pair (internal_bio) +\& | BIO\-pair (network_bio) +\& | || /\e +\& | \e/ || +\& +\-\-\-\-\-\-\-\-\-\-\-< BIO_operations() +\& | | +\& | | +\& socket +\& +\& ... +\& SSL_free(ssl); /* implicitly frees internal_bio */ +\& BIO_free(network_bio); +\& ... +.Ve +.PP +As the \s-1BIO\s0 pair will only buffer the data and never directly access the +connection, it behaves non-blocking and will return as soon as the write +buffer is full or the read buffer is drained. Then the application has to +flush the write buffer and/or fill the read buffer. +.PP +Use the \fBBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 +and must be transferred to the network. Use \fBBIO_ctrl_get_read_request()\fR to +find out, how many bytes must be written into the buffer before the +\&\fBSSL_operation()\fR can successfully be continued. +.SH "WARNINGS" +.IX Header "WARNINGS" +As the data is buffered, \fBSSL_operation()\fR may return with an \s-1ERROR_SSL_WANT_READ\s0 +condition, but there is still data in the write buffer. An application must +not rely on the error value of \fBSSL_operation()\fR but must assure that the +write buffer is always flushed first. Otherwise a deadlock may occur as +the peer might be waiting for the data before being able to continue. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBBIO_should_retry\fR\|(3), \fBBIO_read_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_s_connect.3 b/deps/openssl/mingw64/share/man/man3/BIO_s_connect.3 new file mode 100644 index 00000000..3130dfbd --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_s_connect.3 @@ -0,0 +1,338 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_CONNECT 3" +.TH BIO_S_CONNECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_set_conn_address, BIO_get_conn_address, BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port, BIO_set_conn_ip_family, BIO_get_conn_ip_family, BIO_get_conn_hostname, BIO_get_conn_port, BIO_set_nbio, BIO_do_connect \- connect BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD * BIO_s_connect(void); +\& +\& BIO *BIO_new_connect(char *name); +\& +\& long BIO_set_conn_hostname(BIO *b, char *name); +\& long BIO_set_conn_port(BIO *b, char *port); +\& long BIO_set_conn_address(BIO *b, BIO_ADDR *addr); +\& long BIO_set_conn_ip_family(BIO *b, long family); +\& const char *BIO_get_conn_hostname(BIO *b); +\& const char *BIO_get_conn_port(BIO *b); +\& const BIO_ADDR *BIO_get_conn_address(BIO *b); +\& const long BIO_get_conn_ip_family(BIO *b); +\& +\& long BIO_set_nbio(BIO *b, long n); +\& +\& int BIO_do_connect(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper +round the platform's \s-1TCP/IP\s0 socket connection routines. +.PP +Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data +transferred using only \s-1BIO\s0 routines. In this way any platform +specific operations are hidden by the \s-1BIO\s0 abstraction. +.PP +Read and write operations on a connect \s-1BIO\s0 will perform I/O +on the underlying connection. If no connection is established +and the port and hostname (see below) is set up properly then +a connection is established first. +.PP +Connect BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. +.PP +If the close flag is set on a connect \s-1BIO\s0 then any active +connection is shutdown and the socket closed when the \s-1BIO\s0 +is freed. +.PP +Calling \fBBIO_reset()\fR on a connect \s-1BIO\s0 will close any active +connection and reset the \s-1BIO\s0 into a state where it can connect +to the same host again. +.PP +\&\fBBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0 +it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of +type (int *). +.PP +\&\fBBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. +The hostname can be an \s-1IP\s0 address; if the address is an IPv6 one, it +must be enclosed with brackets. The hostname can also include the +port in the form hostname:port. +.PP +\&\fBBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the +numerical form or a string such as \*(L"http\*(R". A string will be looked +up first using \fBgetservbyname()\fR on the host platform but if that +fails a standard table of port names will be used. This internal +list is http, telnet, socks, https, ssl, ftp, and gopher. +.PP +\&\fBBIO_set_conn_address()\fR sets the address and port information using +a \s-1\fBBIO_ADDR\s0\fR\|(3ssl). +.PP +\&\fBBIO_set_conn_ip_family()\fR sets the \s-1IP\s0 family. +.PP +\&\fBBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or +\&\s-1NULL\s0 if the \s-1BIO\s0 is initialized but no hostname is set. +This return value is an internal pointer which should not be modified. +.PP +\&\fBBIO_get_conn_port()\fR returns the port as a string. +This return value is an internal pointer which should not be modified. +.PP +\&\fBBIO_get_conn_address()\fR returns the address information as a \s-1BIO_ADDR.\s0 +This return value is an internal pointer which should not be modified. +.PP +\&\fBBIO_get_conn_ip_family()\fR returns the \s-1IP\s0 family of the connect \s-1BIO.\s0 +.PP +\&\fBBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is +zero then blocking I/O is set. If \fBn\fR is 1 then non blocking I/O +is set. Blocking I/O is the default. The call to \fBBIO_set_nbio()\fR +should be made before the connection is established because +non blocking I/O is set during the connect process. +.PP +\&\fBBIO_new_connect()\fR combines \fBBIO_new()\fR and \fBBIO_set_conn_hostname()\fR into +a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR. +.PP +\&\fBBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs +to determine if the call should be retried. +.SH "NOTES" +.IX Header "NOTES" +If blocking I/O is set then a non positive return value from any +I/O call is caused by an error condition, although a zero return +will normally mean that the connection was closed. +.PP +If the port name is supplied as part of the host name then this will +override any value set with \fBBIO_set_conn_port()\fR. This may be undesirable +if the application does not wish to allow connection to arbitrary +ports. This can be avoided by checking for the presence of the ':' +character in the passed hostname and either indicating an error or +truncating the string at that point. +.PP +The values returned by \fBBIO_get_conn_hostname()\fR, \fBBIO_get_conn_address()\fR, +and \fBBIO_get_conn_port()\fR are updated when a connection attempt is made. +Before any connection attempt the values returned are those set by the +application itself. +.PP +Applications do not have to call \fBBIO_do_connect()\fR but may wish to do +so to separate the connection process from other I/O processing. +.PP +If non blocking I/O is set then retries will be requested as appropriate. +.PP +It addition to \fBBIO_should_read()\fR and \fBBIO_should_write()\fR it is also +possible for \fBBIO_should_io_special()\fR to be true during the initial +connection process with the reason \s-1BIO_RR_CONNECT.\s0 If this is returned +then this is an indication that a connection attempt would block, +the application should then take appropriate action to wait until +the underlying socket has connected and retry the call. +.PP +\&\fBBIO_set_conn_hostname()\fR, \fBBIO_set_conn_port()\fR, \fBBIO_get_conn_hostname()\fR, +\&\fBBIO_set_conn_address()\fR, \fBBIO_get_conn_port()\fR, \fBBIO_get_conn_address()\fR, +\&\fBBIO_set_conn_ip_family()\fR, \fBBIO_get_conn_ip_family()\fR, +\&\fBBIO_set_nbio()\fR, and \fBBIO_do_connect()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. +.PP +\&\fBBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not +been initialized. +.PP +\&\fBBIO_set_conn_address()\fR, \fBBIO_set_conn_port()\fR, and \fBBIO_set_conn_ip_family()\fR +always return 1. +.PP +\&\fBBIO_set_conn_hostname()\fR returns 1 on success and 0 on failure. +.PP +\&\fBBIO_get_conn_address()\fR returns the address information or \s-1NULL\s0 if none +was set. +.PP +\&\fBBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 if +none was set. +.PP +\&\fBBIO_get_conn_ip_family()\fR returns the address family or \-1 if none was set. +.PP +\&\fBBIO_get_conn_port()\fR returns a string representing the connected +port or \s-1NULL\s0 if not set. +.PP +\&\fBBIO_set_nbio()\fR always returns 1. +.PP +\&\fBBIO_do_connect()\fR returns 1 if the connection was successfully +established and 0 or \-1 if the connection failed. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This is example connects to a webserver on the local host and attempts +to retrieve a page and copy the result to standard output. +.PP +.Vb 3 +\& BIO *cbio, *out; +\& int len; +\& char tmpbuf[1024]; +\& +\& cbio = BIO_new_connect("localhost:http"); +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& if (BIO_do_connect(cbio) <= 0) { +\& fprintf(stderr, "Error connecting to server\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& BIO_puts(cbio, "GET / HTTP/1.0\en\en"); +\& for (;;) { +\& len = BIO_read(cbio, tmpbuf, 1024); +\& if (len <= 0) +\& break; +\& BIO_write(out, tmpbuf, len); +\& } +\& BIO_free(cbio); +\& BIO_free(out); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBBIO_ADDR\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBIO_set_conn_int_port()\fR, \fBBIO_get_conn_int_port()\fR, \fBBIO_set_conn_ip()\fR, and \fBBIO_get_conn_ip()\fR +were removed in OpenSSL 1.1.0. +Use \fBBIO_set_conn_address()\fR and \fBBIO_get_conn_address()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_s_fd.3 b/deps/openssl/mingw64/share/man/man3/BIO_s_fd.3 new file mode 100644 index 00000000..54811459 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_s_fd.3 @@ -0,0 +1,230 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_FD 3" +.TH BIO_S_FD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_fd(void); +\& +\& int BIO_set_fd(BIO *b, int fd, int c); +\& int BIO_get_fd(BIO *b, int *c); +\& +\& BIO *BIO_new_fd(int fd, int close_flag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper +round the platforms file descriptor routines such as \fBread()\fR and \fBwrite()\fR. +.PP +\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying descriptor. +\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. +.PP +If the close flag is set then \fBclose()\fR is called on the underlying +file descriptor when the \s-1BIO\s0 is freed. +.PP +\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file +such as by using \fBlseek(fd, 0, 0)\fR. +.PP +\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +such as by using \fBlseek(fd, ofs, 0)\fR. +.PP +\&\fBBIO_tell()\fR returns the current file position such as by calling +\&\fBlseek(fd, 0, 1)\fR. +.PP +\&\fBBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close +flag to \fBc\fR. +.PP +\&\fBBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also +returns the file descriptor. +.PP +\&\fBBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR depends on the behavior of the +platforms \fBread()\fR and \fBwrite()\fR calls on the descriptor. If the underlying +file descriptor is in a non blocking mode then the \s-1BIO\s0 will behave in the +manner described in the \fBBIO_read_ex\fR\|(3) and \fBBIO_should_retry\fR\|(3) +manual pages. +.PP +File descriptor BIOs should not be used for socket I/O. Use socket BIOs +instead. +.PP +\&\fBBIO_set_fd()\fR and \fBBIO_get_fd()\fR are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. +.PP +\&\fBBIO_set_fd()\fR always returns 1. +.PP +\&\fBBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not +been initialized. +.PP +\&\fBBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This is a file descriptor \s-1BIO\s0 version of \*(L"Hello World\*(R": +.PP +.Vb 1 +\& BIO *out; +\& +\& out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE); +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3), +\&\fBBIO_reset\fR\|(3), \fBBIO_read_ex\fR\|(3), +\&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3), +\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), +\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_s_file.3 b/deps/openssl/mingw64/share/man/man3/BIO_s_file.3 new file mode 100644 index 00000000..e6f478f9 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_s_file.3 @@ -0,0 +1,303 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_FILE 3" +.TH BIO_S_FILE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, BIO_read_filename, BIO_write_filename, BIO_append_filename, BIO_rw_filename \- FILE bio +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_file(void); +\& BIO *BIO_new_file(const char *filename, const char *mode); +\& BIO *BIO_new_fp(FILE *stream, int flags); +\& +\& BIO_set_fp(BIO *b, FILE *fp, int flags); +\& BIO_get_fp(BIO *b, FILE **fpp); +\& +\& int BIO_read_filename(BIO *b, char *name) +\& int BIO_write_filename(BIO *b, char *name) +\& int BIO_append_filename(BIO *b, char *name) +\& int BIO_rw_filename(BIO *b, char *name) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it +is a wrapper round the stdio \s-1FILE\s0 structure and it is a +source/sink \s-1BIO.\s0 +.PP +Calls to \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read and write data to the +underlying stream. \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported on file BIOs. +.PP +\&\fBBIO_flush()\fR on a file \s-1BIO\s0 calls the \fBfflush()\fR function on the wrapped +stream. +.PP +\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file +using fseek(stream, 0, 0). +.PP +\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +using fseek(stream, ofs, 0). +.PP +\&\fBBIO_eof()\fR calls \fBfeof()\fR. +.PP +Setting the \s-1BIO_CLOSE\s0 flag calls \fBfclose()\fR on the stream when the \s-1BIO\s0 +is freed. +.PP +\&\fBBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning +of \fBmode\fR is the same as the stdio function \fBfopen()\fR. The \s-1BIO_CLOSE\s0 +flag is set on the returned \s-1BIO.\s0 +.PP +\&\fBBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be: +\&\s-1BIO_CLOSE, BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying +stream to text mode, default is binary: this only has any effect under +Win32). +.PP +\&\fBBIO_set_fp()\fR sets the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same +meaning as in \fBBIO_new_fp()\fR, it is a macro. +.PP +\&\fBBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro. +.PP +\&\fBBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes +from the start of file. +.PP +\&\fBBIO_tell()\fR returns the value of the position pointer. +.PP +\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and +\&\fBBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for +reading, writing, append or read write respectively. +.SH "NOTES" +.IX Header "NOTES" +When wrapping stdout, stdin or stderr the underlying stream should not +normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set. +.PP +Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks +in stdio behaviour will be mirrored by the corresponding \s-1BIO.\s0 +.PP +On Windows BIO_new_files reserves for the filename argument to be +\&\s-1UTF\-8\s0 encoded. In other words if you have to make it work in multi\- +lingual environment, encode file names in \s-1UTF\-8.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_file()\fR returns the file \s-1BIO\s0 method. +.PP +\&\fBBIO_new_file()\fR and \fBBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error +occurred. +.PP +\&\fBBIO_set_fp()\fR and \fBBIO_get_fp()\fR return 1 for success or 0 for failure +(although the current implementation never return 0). +.PP +\&\fBBIO_seek()\fR returns the same value as the underlying \fBfseek()\fR function: +0 for success or \-1 for failure. +.PP +\&\fBBIO_tell()\fR returns the current file position. +.PP +\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and +\&\fBBIO_rw_filename()\fR return 1 for success or 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +File \s-1BIO\s0 \*(L"hello world\*(R": +.PP +.Vb 1 +\& BIO *bio_out; +\& +\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_printf(bio_out, "Hello World\en"); +.Ve +.PP +Alternative technique: +.PP +.Vb 1 +\& BIO *bio_out; +\& +\& bio_out = BIO_new(BIO_s_file()); +\& if (bio_out == NULL) +\& /* Error */ +\& if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) +\& /* Error */ +\& BIO_printf(bio_out, "Hello World\en"); +.Ve +.PP +Write to a file: +.PP +.Vb 1 +\& BIO *out; +\& +\& out = BIO_new_file("filename.txt", "w"); +\& if (!out) +\& /* Error */ +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.PP +Alternative technique: +.PP +.Vb 1 +\& BIO *out; +\& +\& out = BIO_new(BIO_s_file()); +\& if (out == NULL) +\& /* Error */ +\& if (!BIO_write_filename(out, "filename.txt")) +\& /* Error */ +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fBBIO_reset()\fR and \fBBIO_seek()\fR are implemented using \fBfseek()\fR on the underlying +stream. The return value for \fBfseek()\fR is 0 for success or \-1 if an error +occurred this differs from other types of \s-1BIO\s0 which will typically return +1 for success and a non positive value if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3), +\&\fBBIO_reset\fR\|(3), \fBBIO_flush\fR\|(3), +\&\fBBIO_read_ex\fR\|(3), +\&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3), +\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), +\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_s_mem.3 b/deps/openssl/mingw64/share/man/man3/BIO_s_mem.3 new file mode 100644 index 00000000..9c220924 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_s_mem.3 @@ -0,0 +1,297 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_MEM 3" +.TH BIO_S_MEM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_secmem, BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, BIO_get_mem_ptr, BIO_new_mem_buf \- memory BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_mem(void); +\& const BIO_METHOD *BIO_s_secmem(void); +\& +\& BIO_set_mem_eof_return(BIO *b, int v) +\& long BIO_get_mem_data(BIO *b, char **pp) +\& BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c) +\& BIO_get_mem_ptr(BIO *b, BUF_MEM **pp) +\& +\& BIO *BIO_new_mem_buf(const void *buf, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_mem()\fR returns the memory \s-1BIO\s0 method function. +.PP +A memory \s-1BIO\s0 is a source/sink \s-1BIO\s0 which uses memory for its I/O. Data +written to a memory \s-1BIO\s0 is stored in a \s-1BUF_MEM\s0 structure which is extended +as appropriate to accommodate the stored data. +.PP +\&\fBBIO_s_secmem()\fR is like \fBBIO_s_mem()\fR except that the secure heap is used +for buffer storage. +.PP +Any data written to a memory \s-1BIO\s0 can be recalled by reading from it. +Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from +the \s-1BIO.\s0 +.PP +Memory BIOs support \fBBIO_gets()\fR and \fBBIO_puts()\fR. +.PP +If the \s-1BIO_CLOSE\s0 flag is set when a memory \s-1BIO\s0 is freed then the underlying +\&\s-1BUF_MEM\s0 structure is also freed. +.PP +Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it if the +flag \s-1BIO_FLAGS_NONCLEAR_RST\s0 is not set, otherwise it just restores the read +pointer to the state it was just after the last write was performed and the +data can be read again. On a read only \s-1BIO\s0 it similarly restores the \s-1BIO\s0 to +its original state and the read only data can be read again. +.PP +\&\fBBIO_eof()\fR is true if no data is in the \s-1BIO.\s0 +.PP +\&\fBBIO_ctrl_pending()\fR returns the number of bytes currently stored. +.PP +\&\fBBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is +empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is +it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non +zero then it will return \fBv\fR when it is empty and it will set the read retry +flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal +positive return value \fBv\fR should be set to a negative value, typically \-1. +.PP +\&\fBBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data +and returns the total amount of data available. It is implemented as a macro. +.PP +\&\fBBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the +close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 +It is a macro. +.PP +\&\fBBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is +a macro. +.PP +\&\fBBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR, +if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be nul terminated and its +length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and +as a result cannot be written to. This is useful when some data needs to be +made available from a static area of memory in the form of a \s-1BIO.\s0 The +supplied data is read directly from the supplied buffer: it is \fBnot\fR copied +first, so the supplied area of memory must be unchanged until the \s-1BIO\s0 is freed. +.SH "NOTES" +.IX Header "NOTES" +Writes to memory BIOs will always succeed if memory is available: that is +their size can grow indefinitely. +.PP +Every write after partial read (not all data in the memory buffer was read) +to a read write memory \s-1BIO\s0 will have to move the unread data with an internal +copy operation, if a \s-1BIO\s0 contains a lot of data and it is read in small +chunks intertwined with writes the operation can be very slow. Adding +a buffering \s-1BIO\s0 to the chain can speed up the process. +.PP +Calling \fBBIO_set_mem_buf()\fR on a \s-1BIO\s0 created with \fBBIO_new_secmem()\fR will +give undefined results, including perhaps a program crash. +.PP +Switching the memory \s-1BIO\s0 from read write to read only is not supported and +can give undefined results including a program crash. There are two notable +exceptions to the rule. The first one is to assign a static memory buffer +immediately after \s-1BIO\s0 creation and set the \s-1BIO\s0 as read only. +.PP +The other supported sequence is to start with read write \s-1BIO\s0 then temporarily +switch it to read only and call \fBBIO_reset()\fR on the read only \s-1BIO\s0 immediately +before switching it back to read write. Before the \s-1BIO\s0 is freed it must be +switched back to the read write mode. +.PP +Calling \fBBIO_get_mem_ptr()\fR on read only \s-1BIO\s0 will return a \s-1BUF_MEM\s0 that +contains only the remaining data to be read. If the close status of the +\&\s-1BIO\s0 is set to \s-1BIO_NOCLOSE,\s0 before freeing the \s-1BUF_MEM\s0 the data pointer +in it must be set to \s-1NULL\s0 as the data pointer does not point to an +allocated memory. +.PP +Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 with \s-1BIO_FLAGS_NONCLEAR_RST\s0 +flag set can have unexpected outcome when the reads and writes to the +\&\s-1BIO\s0 are intertwined. As documented above the \s-1BIO\s0 will be reset to the +state after the last completed write operation. The effects of reads +preceding that write operation cannot be undone. +.PP +Calling \fBBIO_get_mem_ptr()\fR prior to a \fBBIO_reset()\fR call with +\&\s-1BIO_FLAGS_NONCLEAR_RST\s0 set has the same effect as a write operation. +.SH "BUGS" +.IX Header "BUGS" +There should be an option to set the maximum size of a memory \s-1BIO.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_mem()\fR and \fBBIO_s_secmem()\fR return a valid memory \fB\s-1BIO_METHOD\s0\fR structure. +.PP +\&\fBBIO_set_mem_eof_return()\fR, \fBBIO_set_mem_buf()\fR and \fBBIO_get_mem_ptr()\fR +return 1 on success or a value which is less than or equal to 0 if an error occurred. +.PP +\&\fBBIO_get_mem_data()\fR returns the total number of bytes available on success, +0 if b is \s-1NULL,\s0 or a negative value in case of other errors. +.PP +\&\fBBIO_new_mem_buf()\fR returns a valid \fB\s-1BIO\s0\fR structure on success or \s-1NULL\s0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a memory \s-1BIO\s0 and write some data to it: +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +\& +\& BIO_puts(mem, "Hello World\en"); +.Ve +.PP +Create a read only memory \s-1BIO:\s0 +.PP +.Vb 2 +\& char data[] = "Hello World"; +\& BIO *mem = BIO_new_mem_buf(data, \-1); +.Ve +.PP +Extract the \s-1BUF_MEM\s0 structure from a memory \s-1BIO\s0 and then free up the \s-1BIO:\s0 +.PP +.Vb 1 +\& BUF_MEM *bptr; +\& +\& BIO_get_mem_ptr(mem, &bptr); +\& BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */ +\& BIO_free(mem); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_s_null.3 b/deps/openssl/mingw64/share/man/man3/BIO_s_null.3 new file mode 100644 index 00000000..4f8becc9 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_s_null.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_NULL 3" +.TH BIO_S_NULL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_null \- null data sink +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to +the null sink is discarded, reads return \s-1EOF.\s0 +.SH "NOTES" +.IX Header "NOTES" +A null sink \s-1BIO\s0 behaves in a similar manner to the Unix /dev/null +device. +.PP +A null bio can be placed on the end of a chain to discard any data +passed through it. +.PP +A null sink is useful if, for example, an application wishes to digest some +data by writing through a digest bio but not send the digested data anywhere. +Since a \s-1BIO\s0 chain must normally include a source/sink \s-1BIO\s0 this can be achieved +by adding a null sink \s-1BIO\s0 to the end of the chain +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_s_socket.3 b/deps/openssl/mingw64/share/man/man3/BIO_s_socket.3 new file mode 100644 index 00000000..5e29cfac --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_s_socket.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_SOCKET 3" +.TH BIO_S_SOCKET 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_socket, BIO_new_socket \- socket BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_socket(void); +\& +\& BIO *BIO_new_socket(int sock, int close_flag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper +round the platform's socket routines. +.PP +\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying socket. +\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. +.PP +If the close flag is set then the socket is shut down and closed +when the \s-1BIO\s0 is freed. +.PP +\&\fBBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. +.SH "NOTES" +.IX Header "NOTES" +Socket BIOs also support any relevant functionality of file descriptor +BIOs. +.PP +The reason for having separate file descriptor and socket BIOs is that on some +platforms sockets are not file descriptors and use distinct I/O routines, +Windows is one such platform. Any code mixing the two will not work on +all platforms. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. +.PP +\&\fBBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +occurred. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_set_callback.3 b/deps/openssl/mingw64/share/man/man3/BIO_set_callback.3 new file mode 100644 index 00000000..6f14d176 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_set_callback.3 @@ -0,0 +1,392 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_SET_CALLBACK 3" +.TH BIO_SET_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback, BIO_callback_fn_ex, BIO_callback_fn \&\- BIO callback functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, +\& size_t len, int argi, +\& long argl, int ret, size_t *processed); +\& typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, +\& long argl, long ret); +\& +\& void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); +\& BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +\& +\& void BIO_set_callback(BIO *b, BIO_callback_fn cb); +\& BIO_callback_fn BIO_get_callback(BIO *b); +\& void BIO_set_callback_arg(BIO *b, char *arg); +\& char *BIO_get_callback_arg(const BIO *b); +\& +\& long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, +\& long argl, long ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_set_callback_ex()\fR and \fBBIO_get_callback_ex()\fR set and retrieve the \s-1BIO\s0 +callback. The callback is called during most high level \s-1BIO\s0 operations. It can +be used for debugging purposes to trace operations on a \s-1BIO\s0 or to modify its +operation. +.PP +\&\fBBIO_set_callback()\fR and \fBBIO_get_callback()\fR set and retrieve the old format \s-1BIO\s0 +callback. New code should not use these functions, but they are retained for +backwards compatibility. Any callback set via \fBBIO_set_callback_ex()\fR will get +called in preference to any set by \fBBIO_set_callback()\fR. +.PP +\&\fBBIO_set_callback_arg()\fR and \fBBIO_get_callback_arg()\fR are macros which can be +used to set and retrieve an argument for use in the callback. +.PP +\&\fBBIO_debug_callback()\fR is a standard debugging callback which prints +out information relating to each \s-1BIO\s0 operation. If the callback +argument is set it is interpreted as a \s-1BIO\s0 to send the information +to, otherwise stderr is used. +.PP +\&\fBBIO_callback_fn_ex()\fR is the type of the callback function and \fBBIO_callback_fn()\fR +is the type of the old format callback function. The meaning of each argument +is described below: +.IP "\fBb\fR" 4 +.IX Item "b" +The \s-1BIO\s0 the callback is attached to is passed in \fBb\fR. +.IP "\fBoper\fR" 4 +.IX Item "oper" +\&\fBoper\fR is set to the operation being performed. For some operations +the callback is called twice, once before and once after the actual +operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN.\s0 +.IP "\fBlen\fR" 4 +.IX Item "len" +The length of the data requested to be read or written. This is only useful if +\&\fBoper\fR is \s-1BIO_CB_READ, BIO_CB_WRITE\s0 or \s-1BIO_CB_GETS.\s0 +.IP "\fBargp\fR \fBargi\fR \fBargl\fR" 4 +.IX Item "argp argi argl" +The meaning of the arguments \fBargp\fR, \fBargi\fR and \fBargl\fR depends on +the value of \fBoper\fR, that is the operation being performed. +.IP "\fBprocessed\fR" 4 +.IX Item "processed" +\&\fBprocessed\fR is a pointer to a location which will be updated with the amount of +data that was actually read or written. Only used for \s-1BIO_CB_READ, BIO_CB_WRITE, +BIO_CB_GETS\s0 and \s-1BIO_CB_PUTS.\s0 +.IP "\fBret\fR" 4 +.IX Item "ret" +\&\fBret\fR is the return value that would be returned to the +application if no callback were present. The actual value returned +is the return value of the callback itself. In the case of callbacks +called before the actual \s-1BIO\s0 operation 1 is placed in \fBret\fR, if +the return value is not positive it will be immediately returned to +the application and the \s-1BIO\s0 operation will not be performed. +.PP +The callback should normally simply return \fBret\fR when it has +finished processing, unless it specifically wishes to modify the +value returned to the application. +.SH "CALLBACK OPERATIONS" +.IX Header "CALLBACK OPERATIONS" +In the notes below, \fBcallback\fR defers to the actual callback +function that is called. +.IP "\fBBIO_free(b)\fR" 4 +.IX Item "BIO_free(b)" +.Vb 1 +\& callback_ex(b, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L) +.Ve +.Sp +is called before the free operation. +.IP "\fBBIO_read_ex(b, data, dlen, readbytes)\fR" 4 +.IX Item "BIO_read_ex(b, data, dlen, readbytes)" +.Vb 1 +\& callback_ex(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_READ, data, dlen, 0L, 1L) +.Ve +.Sp +is called before the read and +.Sp +.Vb 2 +\& callback_ex(b, BIO_CB_READ | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, +\& &readbytes) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_READ|BIO_CB_RETURN, data, dlen, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_write(b, data, dlen, written)\fR" 4 +.IX Item "BIO_write(b, data, dlen, written)" +.Vb 1 +\& callback_ex(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_WRITE, datat, dlen, 0L, 1L) +.Ve +.Sp +is called before the write and +.Sp +.Vb 2 +\& callback_ex(b, BIO_CB_WRITE | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, +\& &written) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_WRITE|BIO_CB_RETURN, data, dlen, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_gets(b, buf, size)\fR" 4 +.IX Item "BIO_gets(b, buf, size)" +.Vb 1 +\& callback_ex(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_GETS, buf, size, 0L, 1L) +.Ve +.Sp +is called before the operation and +.Sp +.Vb 2 +\& callback_ex(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, 0, 0L, retvalue, +\& &readbytes) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_GETS|BIO_CB_RETURN, buf, size, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_puts(b, buf)\fR" 4 +.IX Item "BIO_puts(b, buf)" +.Vb 1 +\& callback_ex(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL); +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_PUTS, buf, 0, 0L, 1L) +.Ve +.Sp +is called before the operation and +.Sp +.Vb 1 +\& callback_ex(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, 0L, retvalue, &written) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_PUTS|BIO_CB_RETURN, buf, 0, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_ctrl(\s-1BIO\s0 *b, int cmd, long larg, void *parg)\fR" 4 +.IX Item "BIO_ctrl(BIO *b, int cmd, long larg, void *parg)" +.Vb 1 +\& callback_ex(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L) +.Ve +.Sp +is called before the call and +.Sp +.Vb 1 +\& callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, larg, ret, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret) +.Ve +.Sp +after. +.Sp +Note: \fBcmd\fR == \fB\s-1BIO_CTRL_SET_CALLBACK\s0\fR is special, because \fBparg\fR is not the +argument of type \fBBIO_info_cb\fR itself. In this case \fBparg\fR is a pointer to +the actual call parameter, see \fBBIO_callback_ctrl\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_get_callback_ex()\fR and \fBBIO_get_callback()\fR return the callback function +previously set by a call to \fBBIO_set_callback_ex()\fR and \fBBIO_set_callback()\fR +respectively. +.PP +\&\fBBIO_get_callback_arg()\fR returns a \fBchar\fR pointer to the value previously set +via a call to \fBBIO_set_callback_arg()\fR. +.PP +\&\fBBIO_debug_callback()\fR returns 1 or \fBret\fR if it's called after specific \s-1BIO\s0 +operations. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The \fBBIO_debug_callback()\fR function is a good example, its source is +in crypto/bio/bio_cb.c +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BIO_should_retry.3 b/deps/openssl/mingw64/share/man/man3/BIO_should_retry.3 new file mode 100644 index 00000000..3b773e3e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BIO_should_retry.3 @@ -0,0 +1,273 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_SHOULD_RETRY 3" +.TH BIO_SHOULD_RETRY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_should_read, BIO_should_write, BIO_should_io_special, BIO_retry_type, BIO_should_retry, BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason \- BIO retry functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_should_read(BIO *b); +\& int BIO_should_write(BIO *b); +\& int BIO_should_io_special(iBIO *b); +\& int BIO_retry_type(BIO *b); +\& int BIO_should_retry(BIO *b); +\& +\& BIO *BIO_get_retry_BIO(BIO *bio, int *reason); +\& int BIO_get_retry_reason(BIO *bio); +\& void BIO_set_retry_reason(BIO *bio, int reason); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions determine why a \s-1BIO\s0 is not able to read or write data. +They will typically be called after a failed \fBBIO_read_ex()\fR or \fBBIO_write_ex()\fR +call. +.PP +\&\fBBIO_should_retry()\fR is true if the call that produced this condition +should then be retried at a later time. +.PP +If \fBBIO_should_retry()\fR is false then the cause is an error condition. +.PP +\&\fBBIO_should_read()\fR is true if the cause of the condition is that the \s-1BIO\s0 +has insufficient data to return. Check for readability and/or retry the +last operation. +.PP +\&\fBBIO_should_write()\fR is true if the cause of the condition is that the \s-1BIO\s0 +has pending data to write. Check for writability and/or retry the +last operation. +.PP +\&\fBBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a +reason other than reading or writing is the cause of the condition. +.PP +\&\fBBIO_retry_type()\fR returns a mask of the cause of a retry condition +consisting of the values \fB\s-1BIO_FLAGS_READ\s0\fR, \fB\s-1BIO_FLAGS_WRITE\s0\fR, +\&\fB\s-1BIO_FLAGS_IO_SPECIAL\s0\fR though current \s-1BIO\s0 types will only set one of +these. +.PP +\&\fBBIO_get_retry_BIO()\fR determines the precise reason for the special +condition, it returns the \s-1BIO\s0 that caused this condition and if +\&\fBreason\fR is not \s-1NULL\s0 it contains the reason code. The meaning of +the reason code and the action that should be taken depends on +the type of \s-1BIO\s0 that resulted in this condition. +.PP +\&\fBBIO_get_retry_reason()\fR returns the reason for a special condition if +passed the relevant \s-1BIO,\s0 for example as returned by \fBBIO_get_retry_BIO()\fR. +.PP +\&\fBBIO_set_retry_reason()\fR sets the retry reason for a special condition for a given +\&\s-1BIO.\s0 This would usually only be called by \s-1BIO\s0 implementations. +.SH "NOTES" +.IX Header "NOTES" +\&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, +\&\fBBIO_retry_type()\fR, and \fBBIO_should_retry()\fR, are implemented as macros. +.PP +If \fBBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R" +depends on the \s-1BIO\s0 type that caused it and the return code of the \s-1BIO\s0 +operation. For example if a call to \fBBIO_read_ex()\fR on a socket \s-1BIO\s0 returns +0 and \fBBIO_should_retry()\fR is false then the cause will be that the +connection closed. A similar condition on a file \s-1BIO\s0 will mean that it +has reached \s-1EOF.\s0 Some \s-1BIO\s0 types may place additional information on +the error queue. For more details see the individual \s-1BIO\s0 type manual +pages. +.PP +If the underlying I/O structure is in a blocking mode almost all current +\&\s-1BIO\s0 types will not request a retry, because the underlying I/O +calls will not. If the application knows that the \s-1BIO\s0 type will never +signal a retry then it need not call \fBBIO_should_retry()\fR after a failed +\&\s-1BIO I/O\s0 call. This is typically done with file BIOs. +.PP +\&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a +retry even if the underlying I/O structure is blocking, if a handshake +occurs during a call to \fBBIO_read()\fR. An application can retry the failed +call immediately or avoid this situation by setting \s-1SSL_MODE_AUTO_RETRY\s0 +on the underlying \s-1SSL\s0 structure. +.PP +While an application may retry a failed non blocking call immediately +this is likely to be very inefficient because the call will fail +repeatedly until data can be processed or is available. An application +will normally wait until the necessary condition is satisfied. How +this is done depends on the underlying I/O structure. +.PP +For example if the cause is ultimately a socket and \fBBIO_should_read()\fR +is true then a call to \fBselect()\fR may be made to wait until data is +available and then retry the \s-1BIO\s0 operation. By combining the retry +conditions of several non blocking BIOs in a single \fBselect()\fR call +it is possible to service several BIOs in a single thread, though +the performance may be poor if \s-1SSL\s0 BIOs are present because long delays +can occur during the initial handshake process. +.PP +It is possible for a \s-1BIO\s0 to block indefinitely if the underlying I/O +structure cannot process or return any data. This depends on the behaviour of +the platforms I/O functions. This is often not desirable: one solution +is to use non blocking I/O and use a timeout on the \fBselect()\fR (or +equivalent) call. +.SH "BUGS" +.IX Header "BUGS" +The OpenSSL \s-1ASN1\s0 functions cannot gracefully deal with non blocking I/O: +that is they cannot retry after a partial read or write. This is usually +worked around by only passing the relevant data to \s-1ASN1\s0 functions when +the entire structure can be read or written. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, and +\&\fBBIO_should_retry()\fR return either 1 or 0 based on the actual conditions +of the \fB\s-1BIO\s0\fR. +.PP +\&\fBBIO_retry_type()\fR returns a flag combination presenting the cause of a retry +condition or false if there is no retry condition. +.PP +\&\fBBIO_get_retry_BIO()\fR returns a valid \fB\s-1BIO\s0\fR structure. +.PP +\&\fBBIO_get_retry_reason()\fR returns the reason for a special condition. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bio +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBIO_get_retry_reason()\fR and \fBBIO_set_retry_reason()\fR functions were added in +OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_BLINDING_new.3 b/deps/openssl/mingw64/share/man/man3/BN_BLINDING_new.3 new file mode 100644 index 00000000..01b756d3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_BLINDING_new.3 @@ -0,0 +1,254 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_BLINDING_NEW 3" +.TH BN_BLINDING_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread, BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags, BN_BLINDING_set_flags, BN_BLINDING_create_param \- blinding related BIGNUM functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, +\& BIGNUM *mod); +\& void BN_BLINDING_free(BN_BLINDING *b); +\& int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, +\& BN_CTX *ctx); +\& int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, +\& BN_CTX *ctx); +\& int BN_BLINDING_is_current_thread(BN_BLINDING *b); +\& void BN_BLINDING_set_current_thread(BN_BLINDING *b); +\& int BN_BLINDING_lock(BN_BLINDING *b); +\& int BN_BLINDING_unlock(BN_BLINDING *b); +\& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +\& void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +\& BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, +\& const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, +\& int (*bn_mod_exp)(BIGNUM *r, +\& const BIGNUM *a, +\& const BIGNUM *p, +\& const BIGNUM *m, +\& BN_CTX *ctx, +\& BN_MONT_CTX *m_ctx), +\& BN_MONT_CTX *m_ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies +the \fBA\fR and \fBAi\fR values into the newly created \fB\s-1BN_BLINDING\s0\fR object. +.PP +\&\fBBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure. +If \fBb\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring +the \fBA\fR and \fBAi\fR or, after specific number of uses and if the +necessary parameters are set, by re-creating the blinding parameters. +.PP +\&\fBBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR. +If \fBr\fR is not \s-1NULL\s0 a copy the inverse blinding factor \fBAi\fR will be +returned in \fBr\fR (this is useful if a \fB\s-1RSA\s0\fR object is shared among +several threads). \fBBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the +inverse blinding factor \fBAi\fR. If \fBr\fR is not \s-1NULL\s0 it will be used as +the inverse blinding. +.PP +\&\fBBN_BLINDING_convert()\fR and \fBBN_BLINDING_invert()\fR are wrapper +functions for \fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR +with \fBr\fR set to \s-1NULL.\s0 +.PP +\&\fBBN_BLINDING_is_current_thread()\fR returns whether the \fB\s-1BN_BLINDING\s0\fR +structure is owned by the current thread. This is to help users +provide proper locking if needed for multi-threaded use. +.PP +\&\fBBN_BLINDING_set_current_thread()\fR sets the current thread as the +owner of the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fBBN_BLINDING_lock()\fR locks the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fBBN_BLINDING_unlock()\fR unlocks the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fBBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently +there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and +\&\fB\s-1BN_BLINDING_NO_RECREATE\s0\fR. \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR inhibits the +automatic update of the \fB\s-1BN_BLINDING\s0\fR parameters after each use +and \fB\s-1BN_BLINDING_NO_RECREATE\s0\fR inhibits the automatic re-creation +of the \fB\s-1BN_BLINDING\s0\fR parameters after a fixed number of uses (currently +32). In newly allocated \fB\s-1BN_BLINDING\s0\fR objects no flags are set. +\&\fBBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags. +.PP +\&\fBBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters +using the exponent \fBe\fR and the modulus \fBm\fR. \fBbn_mod_exp\fR and +\&\fBm_ctx\fR can be used to pass special functions for exponentiation +(normally \fBBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure +or \s-1NULL\s0 in case of an error. +.PP +\&\fBBN_BLINDING_update()\fR, \fBBN_BLINDING_convert()\fR, \fBBN_BLINDING_invert()\fR, +\&\fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR return 1 on +success and 0 if an error occurred. +.PP +\&\fBBN_BLINDING_is_current_thread()\fR returns 1 if the current thread owns +the \fB\s-1BN_BLINDING\s0\fR object, 0 otherwise. +.PP +\&\fBBN_BLINDING_set_current_thread()\fR doesn't return anything. +.PP +\&\fBBN_BLINDING_lock()\fR, \fBBN_BLINDING_unlock()\fR return 1 if the operation +succeeded or 0 on error. +.PP +\&\fBBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags +(a \fBunsigned long\fR value). +.PP +\&\fBBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR +parameters or \s-1NULL\s0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBN_BLINDING_thread_id()\fR was first introduced in OpenSSL 1.0.0, and it +deprecates \fBBN_BLINDING_set_thread_id()\fR and \fBBN_BLINDING_get_thread_id()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2005\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_CTX_new.3 b/deps/openssl/mingw64/share/man/man3/BN_CTX_new.3 new file mode 100644 index 00000000..08b045fd --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_CTX_new.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_CTX_NEW 3" +.TH BN_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_CTX_new, BN_CTX_secure_new, BN_CTX_free \- allocate and free BN_CTX structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_CTX *BN_CTX_new(void); +\& +\& BN_CTX *BN_CTX_secure_new(void); +\& +\& void BN_CTX_free(BN_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1BN_CTX\s0\fR is a structure that holds \fB\s-1BIGNUM\s0\fR temporary variables used by +library functions. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fRs +is rather expensive when used in conjunction with repeated subroutine +calls, the \fB\s-1BN_CTX\s0\fR structure is used. +.PP +\&\fBBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure. +\&\fBBN_CTX_secure_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure +but uses the secure heap (see \fBCRYPTO_secure_malloc\fR\|(3)) to hold the +\&\fB\s-1BIGNUM\s0\fRs. +.PP +\&\fBBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR and the structure itself. +Since \fBBN_CTX_start()\fR is required in order to obtain \fB\s-1BIGNUM\s0\fRs from the +\&\fB\s-1BN_CTX\s0\fR, in most cases \fBBN_CTX_end()\fR must be called before the \fB\s-1BN_CTX\s0\fR may +be freed by \fBBN_CTX_free()\fR. If \fBc\fR is \s-1NULL,\s0 nothing is done. +.PP +A given \fB\s-1BN_CTX\s0\fR must only be used by a single thread of execution. No +locking is performed, and the internal pool allocator will not properly handle +multiple threads of execution. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_CTX_new()\fR and \fBBN_CTX_secure_new()\fR return a pointer to the \fB\s-1BN_CTX\s0\fR. +If the allocation fails, +they return \fB\s-1NULL\s0\fR and sets an error code that can be obtained by +\&\fBERR_get_error\fR\|(3). +.PP +\&\fBBN_CTX_free()\fR has no return values. +.SH "REMOVED FUNCTIONALITY" +.IX Header "REMOVED FUNCTIONALITY" +.Vb 1 +\& void BN_CTX_init(BN_CTX *c); +.Ve +.PP +\&\fBBN_CTX_init()\fR is no longer available as of OpenSSL 1.1.0. Applications should +replace use of BN_CTX_init with BN_CTX_new instead: +.PP +.Vb 6 +\& BN_CTX *ctx; +\& ctx = BN_CTX_new(); +\& if (!ctx) +\& /* error */ +\& ... +\& BN_CTX_free(ctx); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), +\&\fBBN_CTX_start\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBN_CTX_init()\fR was removed in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_CTX_start.3 b/deps/openssl/mingw64/share/man/man3/BN_CTX_start.3 new file mode 100644 index 00000000..3a74b470 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_CTX_start.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_CTX_START 3" +.TH BN_CTX_START 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary BIGNUM variables +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BN_CTX_start(BN_CTX *ctx); +\& +\& BIGNUM *BN_CTX_get(BN_CTX *ctx); +\& +\& void BN_CTX_end(BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to obtain temporary \fB\s-1BIGNUM\s0\fR variables from +a \fB\s-1BN_CTX\s0\fR (which can been created by using \fBBN_CTX_new\fR\|(3)) +in order to save the overhead of repeatedly creating and +freeing \fB\s-1BIGNUM\s0\fRs in functions that are called from inside a loop. +.PP +A function must call \fBBN_CTX_start()\fR first. Then, \fBBN_CTX_get()\fR may be +called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fBBN_CTX_get()\fR +calls must be made before calling any other functions that use the +\&\fBctx\fR as an argument. +.PP +Finally, \fBBN_CTX_end()\fR must be called before returning from the function. +If \fBctx\fR is \s-1NULL,\s0 nothing is done. +When \fBBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from +\&\fBBN_CTX_get()\fR become invalid. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_CTX_start()\fR and \fBBN_CTX_end()\fR return no values. +.PP +\&\fBBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error. +Once \fBBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR +as well, so it is sufficient to check the return value of the last +\&\fBBN_CTX_get()\fR call. In case of an error, an error code is set, which +can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_add.3 b/deps/openssl/mingw64/share/man/man3/BN_add.3 new file mode 100644 index 00000000..640e2080 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_add.3 @@ -0,0 +1,259 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_ADD 3" +.TH BN_ADD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +\& +\& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +\& +\& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& +\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); +\& +\& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, +\& BN_CTX *ctx); +\& +\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& +\& int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& +\& int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& +\& int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); +\& +\& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +.PP +\&\fBBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +.PP +\&\fBBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +For multiplication by powers of 2, use \fBBN_lshift\fR\|(3). +.PP +\&\fBBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR +(\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR. +This function is faster than BN_mul(r,a,a). +.PP +\&\fBBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the +remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may +be \fB\s-1NULL\s0\fR, in which case the respective value is not returned. +The result is rounded towards zero; thus if \fIa\fR is negative, the +remainder will be zero or negative. +For division by powers of 2, use \fBBN_rshift\fR\|(3). +.PP +\&\fBBN_mod()\fR corresponds to \fBBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. +.PP +\&\fBBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative +remainder in \fIr\fR. +.PP +\&\fBBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative +result in \fIr\fR. +.PP +\&\fBBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the +non-negative result in \fIr\fR. +.PP +\&\fBBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative +remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be +the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for +repeated computations using the same modulus, see +\&\fBBN_mod_mul_montgomery\fR\|(3) and +\&\fBBN_mod_mul_reciprocal\fR\|(3). +.PP +\&\fBBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the +result in \fIr\fR. +.PP +\&\fBBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR +(\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of +\&\fBBN_mul()\fR. +.PP +\&\fBBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p % +m\*(C'\fR). This function uses less time and space than \fBBN_exp()\fR. Do not call this +function when \fBm\fR is even and any of the parameters have the +\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set. +.PP +\&\fBBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and +places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or +\&\fIb\fR. +.PP +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +temporary variables; see \fBBN_CTX_new\fR\|(3). +.PP +Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from +the arguments. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For all functions, 1 is returned for success, 0 on error. The return +value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(C'\fR). +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_CTX_new\fR\|(3), +\&\fBBN_add_word\fR\|(3), \fBBN_set_bit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_add_word.3 b/deps/openssl/mingw64/share/man/man3/BN_add_word.3 new file mode 100644 index 00000000..9f4ba410 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_add_word.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_ADD_WORD 3" +.TH BN_ADD_WORD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic functions on BIGNUMs with integers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_add_word(BIGNUM *a, BN_ULONG w); +\& +\& int BN_sub_word(BIGNUM *a, BN_ULONG w); +\& +\& int BN_mul_word(BIGNUM *a, BN_ULONG w); +\& +\& BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +\& +\& BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions perform arithmetic operations on BIGNUMs with unsigned +integers. They are much more efficient than the normal \s-1BIGNUM\s0 +arithmetic operations. +.PP +\&\fBBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR). +.PP +\&\fBBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR). +.PP +\&\fBBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR). +.PP +\&\fBBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder. +.PP +\&\fBBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR). +.PP +For \fBBN_div_word()\fR and \fBBN_mod_word()\fR, \fBw\fR must not be 0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_add_word()\fR, \fBBN_sub_word()\fR and \fBBN_mul_word()\fR return 1 for success, 0 +on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). +.PP +\&\fBBN_mod_word()\fR and \fBBN_div_word()\fR return \fBa\fR%\fBw\fR on success and +\&\fB(\s-1BN_ULONG\s0)\-1\fR if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_bn2bin.3 b/deps/openssl/mingw64/share/man/man3/BN_bn2bin.3 new file mode 100644 index 00000000..17f55b92 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_bn2bin.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_BN2BIN 3" +.TH BN_BN2BIN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_bn2binpad, BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn \- format conversions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_bn2bin(const BIGNUM *a, unsigned char *to); +\& int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +\& BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +\& +\& int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +\& BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +\& +\& char *BN_bn2hex(const BIGNUM *a); +\& char *BN_bn2dec(const BIGNUM *a); +\& int BN_hex2bn(BIGNUM **a, const char *str); +\& int BN_dec2bn(BIGNUM **a, const char *str); +\& +\& int BN_print(BIO *fp, const BIGNUM *a); +\& int BN_print_fp(FILE *fp, const BIGNUM *a); +\& +\& int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +\& BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form +and stores it at \fBto\fR. \fBto\fR must point to BN_num_bytes(\fBa\fR) bytes of +memory. +.PP +\&\fBBN_bn2binpad()\fR also converts the absolute value of \fBa\fR into big-endian form +and stores it at \fBto\fR. \fBtolen\fR indicates the length of the output buffer +\&\fBto\fR. The result is padded with zeroes if necessary. If \fBtolen\fR is less than +BN_num_bytes(\fBa\fR) an error is returned. +.PP +\&\fBBN_bin2bn()\fR converts the positive integer in big-endian form of length +\&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is +\&\s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. +.PP +\&\fBBN_bn2lebinpad()\fR and \fBBN_lebin2bn()\fR are identical to \fBBN_bn2binpad()\fR and +\&\fBBN_bin2bn()\fR except the buffer is in little-endian format. +.PP +\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return printable strings containing the +hexadecimal and decimal encoding of \fBa\fR respectively. For negative +numbers, the string is prefaced with a leading '\-'. The string must be +freed later using \fBOPENSSL_free()\fR. +.PP +\&\fBBN_hex2bn()\fR takes as many characters as possible from the string \fBstr\fR, +including the leading character '\-' which means negative, to form a valid +hexadecimal number representation and converts them to a \fB\s-1BIGNUM\s0\fR and +stores it in **\fBa\fR. If *\fBa\fR is \s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. If +\&\fBa\fR is \s-1NULL,\s0 it only computes the length of valid representation. +A \*(L"negative zero\*(R" is converted to zero. +\&\fBBN_dec2bn()\fR is the same using the decimal system. +.PP +\&\fBBN_print()\fR and \fBBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR, +with a leading '\-' for negative numbers, to the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR +\&\fBfp\fR. +.PP +\&\fBBN_bn2mpi()\fR and \fBBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format +that consists of the number's length in bytes represented as a 4\-byte +big-endian number, and the number itself in big-endian format, where +the most significant bit signals a negative number (the representation +of numbers with the \s-1MSB\s0 set is prefixed with null byte). +.PP +\&\fBBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR +must be large enough to hold the result. The size can be determined by +calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0). +.PP +\&\fBBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to +a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR +if \fBret\fR is \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. +\&\fBBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error. +.PP +\&\fBBN_bn2binpad()\fR returns the number of bytes written or \-1 if the supplied +buffer is too small. +.PP +\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0 +on error. \fBBN_hex2bn()\fR and \fBBN_dec2bn()\fR return the number of characters +used in parsing, or 0 on error, in which +case no new \fB\s-1BIGNUM\s0\fR will be created. +.PP +\&\fBBN_print_fp()\fR and \fBBN_print()\fR return 1 on success, 0 on write errors. +.PP +\&\fBBN_bn2mpi()\fR returns the length of the representation. \fBBN_mpi2bn()\fR +returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_zero\fR\|(3), +\&\fBASN1_INTEGER_to_BN\fR\|(3), +\&\fBBN_num_bytes\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_cmp.3 b/deps/openssl/mingw64/share/man/man3/BN_cmp.3 new file mode 100644 index 00000000..0d949da2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_cmp.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_CMP 3" +.TH BN_CMP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- BIGNUM comparison and test functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_cmp(BIGNUM *a, BIGNUM *b); +\& int BN_ucmp(BIGNUM *a, BIGNUM *b); +\& +\& int BN_is_zero(BIGNUM *a); +\& int BN_is_one(BIGNUM *a); +\& int BN_is_word(BIGNUM *a, BN_ULONG w); +\& int BN_is_odd(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fBBN_ucmp()\fR compares their +absolute values. +.PP +\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR and \fBBN_is_word()\fR test if \fBa\fR equals 0, 1, +or \fBw\fR respectively. \fBBN_is_odd()\fR tests if a is odd. +.PP +\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR, \fBBN_is_word()\fR and \fBBN_is_odd()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if +\&\fBa\fR > \fBb\fR. \fBBN_ucmp()\fR is the same using the absolute values +of \fBa\fR and \fBb\fR. +.PP +\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR \fBBN_is_word()\fR and \fBBN_is_odd()\fR return 1 if +the condition is true, 0 otherwise. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_copy.3 b/deps/openssl/mingw64/share/man/man3/BN_copy.3 new file mode 100644 index 00000000..009cd642 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_copy.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_COPY 3" +.TH BN_COPY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_copy, BN_dup, BN_with_flags \- copy BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from); +\& +\& BIGNUM *BN_dup(const BIGNUM *from); +\& +\& void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fBBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR +containing the value \fBfrom\fR. +.PP +BN_with_flags creates a \fBtemporary\fR shallow copy of \fBb\fR in \fBdest\fR. It places +significant restrictions on the copied data. Applications that do no adhere to +these restrictions may encounter unexpected side effects or crashes. For that +reason use of this function is discouraged. Any flags provided in \fBflags\fR will +be set in \fBdest\fR in addition to any flags already set in \fBb\fR. For example this +might commonly be used to create a temporary copy of a \s-1BIGNUM\s0 with the +\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set for constant time operations. The temporary copy in +\&\fBdest\fR will share some internal state with \fBb\fR. For this reason the following +restrictions apply to the use of \fBdest\fR: +.IP "\(bu" 2 +\&\fBdest\fR should be a newly allocated \s-1BIGNUM\s0 obtained via a call to \fBBN_new()\fR. It +should not have been used for other purposes or initialised in any way. +.IP "\(bu" 2 +\&\fBdest\fR must only be used in \*(L"read-only\*(R" operations, i.e. typically those +functions where the relevant parameter is declared \*(L"const\*(R". +.IP "\(bu" 2 +\&\fBdest\fR must be used and freed before any further subsequent use of \fBb\fR +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fBBN_dup()\fR returns +the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained +by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_generate_prime.3 b/deps/openssl/mingw64/share/man/man3/BN_generate_prime.3 new file mode 100644 index 00000000..1f481ae8 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_generate_prime.3 @@ -0,0 +1,341 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_GENERATE_PRIME 3" +.TH BN_GENERATE_PRIME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, +\& const BIGNUM *rem, BN_GENCB *cb); +\& +\& int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +\& +\& int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, +\& int do_trial_division, BN_GENCB *cb); +\& +\& int BN_GENCB_call(BN_GENCB *cb, int a, int b); +\& +\& BN_GENCB *BN_GENCB_new(void); +\& +\& void BN_GENCB_free(BN_GENCB *cb); +\& +\& void BN_GENCB_set_old(BN_GENCB *gencb, +\& void (*callback)(int, int, void *), void *cb_arg); +\& +\& void BN_GENCB_set(BN_GENCB *gencb, +\& int (*callback)(int, int, BN_GENCB *), void *cb_arg); +\& +\& void *BN_GENCB_get_arg(BN_GENCB *cb); +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& #if OPENSSL_API_COMPAT < 0x00908000L +\& BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add, +\& BIGNUM *rem, void (*callback)(int, int, void *), +\& void *cb_arg); +\& +\& int BN_is_prime(const BIGNUM *a, int checks, +\& void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg); +\& +\& int BN_is_prime_fasttest(const BIGNUM *a, int checks, +\& void (*callback)(int, int, void *), BN_CTX *ctx, +\& void *cb_arg, int do_trial_division); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_generate_prime_ex()\fR generates a pseudo-random prime number of +at least bit length \fBbits\fR. The returned number is probably prime +with a negligible error. If \fBadd\fR is \fB\s-1NULL\s0\fR the returned prime +number will have exact bit length \fBbits\fR with the top most two +bits set. +.PP +If \fBret\fR is not \fB\s-1NULL\s0\fR, it will be used to store the number. +.PP +If \fBcb\fR is not \fB\s-1NULL\s0\fR, it is used as follows: +.IP "\(bu" 2 +\&\fBBN_GENCB_call(cb, 0, i)\fR is called after generating the i\-th +potential prime number. +.IP "\(bu" 2 +While the number is being tested for primality, +\&\fBBN_GENCB_call(cb, 1, j)\fR is called as described below. +.IP "\(bu" 2 +When a prime has been found, \fBBN_GENCB_call(cb, 2, i)\fR is called. +.IP "\(bu" 2 +The callers of \fBBN_generate_prime_ex()\fR may call \fBBN_GENCB_call(cb, i, j)\fR with +other values as described in their respective man pages; see \*(L"\s-1SEE ALSO\*(R"\s0. +.PP +The prime may have to fulfill additional requirements for use in +Diffie-Hellman key exchange: +.PP +If \fBadd\fR is not \fB\s-1NULL\s0\fR, the prime will fulfill the condition p % \fBadd\fR +== \fBrem\fR (p % \fBadd\fR == 1 if \fBrem\fR == \fB\s-1NULL\s0\fR) in order to suit a given +generator. +.PP +If \fBsafe\fR is true, it will be a safe prime (i.e. a prime p so +that (p\-1)/2 is also prime). If \fBsafe\fR is true, and \fBrem\fR == \fB\s-1NULL\s0\fR +the condition will be p % \fBadd\fR == 3. +It is recommended that \fBadd\fR is a multiple of 4. +.PP +The random generator must be seeded prior to calling \fBBN_generate_prime_ex()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +\&\fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR test if the number \fBp\fR is +prime. The following tests are performed until one of them shows that +\&\fBp\fR is composite; if \fBp\fR passes all these tests, it is considered +prime. +.PP +\&\fBBN_is_prime_fasttest_ex()\fR, when called with \fBdo_trial_division == 1\fR, +first attempts trial division by a number of small primes; +if no divisors are found by this test and \fBcb\fR is not \fB\s-1NULL\s0\fR, +\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. +If \fBdo_trial_division == 0\fR, this test is skipped. +.PP +Both \fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR perform a Miller-Rabin +probabilistic primality test with \fBnchecks\fR iterations. If +\&\fBnchecks == BN_prime_checks\fR, a number of iterations is used that +yields a false positive rate of at most 2^\-64 for random input. +The error rate depends on the size of the prime and goes down for bigger primes. +The rate is 2^\-80 starting at 308 bits, 2^\-112 at 852 bits, 2^\-128 at 1080 bits, +2^\-192 at 3747 bits and 2^\-256 at 6394 bits. +.PP +When the source of the prime is not random or not trusted, the number +of checks needs to be much higher to reach the same level of assurance: +It should equal half of the targeted security level in bits (rounded up to the +next integer if necessary). +For instance, to reach the 128 bit security level, \fBnchecks\fR should be set to +64. +.PP +If \fBcb\fR is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, j)\fR is called +after the j\-th iteration (j = 0, 1, ...). \fBctx\fR is a +pre-allocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and +freeing the structure in a loop), or \fB\s-1NULL\s0\fR. +.PP +\&\fBBN_GENCB_call()\fR calls the callback function held in the \fB\s-1BN_GENCB\s0\fR structure +and passes the ints \fBa\fR and \fBb\fR as arguments. There are two types of +\&\fB\s-1BN_GENCB\s0\fR structure that are supported: \*(L"new\*(R" style and \*(L"old\*(R" style. New +programs should prefer the \*(L"new\*(R" style, whilst the \*(L"old\*(R" style is provided +for backwards compatibility purposes. +.PP +A \fB\s-1BN_GENCB\s0\fR structure should be created through a call to \fBBN_GENCB_new()\fR, +and freed through a call to \fBBN_GENCB_free()\fR. +.PP +For \*(L"new\*(R" style callbacks a \s-1BN_GENCB\s0 structure should be initialised with a +call to \fBBN_GENCB_set()\fR, where \fBgencb\fR is a \fB\s-1BN_GENCB\s0 *\fR, \fBcallback\fR is of +type \fBint (*callback)(int, int, \s-1BN_GENCB\s0 *)\fR and \fBcb_arg\fR is a \fBvoid *\fR. +\&\*(L"Old\*(R" style callbacks are the same except they are initialised with a call +to \fBBN_GENCB_set_old()\fR and \fBcallback\fR is of type +\&\fBvoid (*callback)(int, int, void *)\fR. +.PP +A callback is invoked through a call to \fBBN_GENCB_call\fR. This will check +the type of the callback and will invoke \fBcallback(a, b, gencb)\fR for new +style callbacks or \fBcallback(a, b, cb_arg)\fR for old style. +.PP +It is possible to obtain the argument associated with a \s-1BN_GENCB\s0 structure +(set via a call to BN_GENCB_set or BN_GENCB_set_old) using BN_GENCB_get_arg. +.PP +\&\fBBN_generate_prime()\fR (deprecated) works in the same way as +\&\fBBN_generate_prime_ex()\fR but expects an old-style callback function +directly in the \fBcallback\fR parameter, and an argument to pass to it in +the \fBcb_arg\fR. \fBBN_is_prime()\fR and \fBBN_is_prime_fasttest()\fR +can similarly be compared to \fBBN_is_prime_ex()\fR and +\&\fBBN_is_prime_fasttest_ex()\fR, respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_generate_prime_ex()\fR return 1 on success or 0 on error. +.PP +\&\fBBN_is_prime_ex()\fR, \fBBN_is_prime_fasttest_ex()\fR, \fBBN_is_prime()\fR and +\&\fBBN_is_prime_fasttest()\fR return 0 if the number is composite, 1 if it is +prime with an error probability of less than 0.25^\fBnchecks\fR, and +\&\-1 on error. +.PP +\&\fBBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise. +.PP +BN_GENCB_new returns a pointer to a \s-1BN_GENCB\s0 structure on success, or \fB\s-1NULL\s0\fR +otherwise. +.PP +BN_GENCB_get_arg returns the argument previously associated with a \s-1BN_GENCB\s0 +structure. +.PP +Callback functions should return 1 on success or 0 on error. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "REMOVED FUNCTIONALITY" +.IX Header "REMOVED FUNCTIONALITY" +As of OpenSSL 1.1.0 it is no longer possible to create a \s-1BN_GENCB\s0 structure +directly, as in: +.PP +.Vb 1 +\& BN_GENCB callback; +.Ve +.PP +Instead applications should create a \s-1BN_GENCB\s0 structure using BN_GENCB_new: +.PP +.Vb 6 +\& BN_GENCB *callback; +\& callback = BN_GENCB_new(); +\& if (!callback) +\& /* error */ +\& ... +\& BN_GENCB_free(callback); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_generate_parameters\fR\|(3), \fBDSA_generate_parameters\fR\|(3), +\&\fBRSA_generate_key\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBN_GENCB_new()\fR, \fBBN_GENCB_free()\fR, +and \fBBN_GENCB_get_arg()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_mod_inverse.3 b/deps/openssl/mingw64/share/man/man3/BN_mod_inverse.3 new file mode 100644 index 00000000..0ab1f7eb --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_mod_inverse.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_INVERSE 3" +.TH BN_MOD_INVERSE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_inverse \- compute inverse modulo n +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n, +\& BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR +places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL,\s0 +a new \fB\s-1BIGNUM\s0\fR is created. +.PP +\&\fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary +variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and +\&\s-1NULL\s0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_mod_mul_montgomery.3 b/deps/openssl/mingw64/share/man/man3/BN_mod_mul_montgomery.3 new file mode 100644 index 00000000..d8fd3b1a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_mod_mul_montgomery.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_MUL_MONTGOMERY 3" +.TH BN_MOD_MUL_MONTGOMERY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, BN_from_montgomery, BN_to_montgomery \- Montgomery multiplication +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_MONT_CTX *BN_MONT_CTX_new(void); +\& void BN_MONT_CTX_free(BN_MONT_CTX *mont); +\& +\& int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx); +\& BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +\& +\& int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, +\& BN_MONT_CTX *mont, BN_CTX *ctx); +\& +\& int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, +\& BN_CTX *ctx); +\& +\& int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, +\& BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions implement Montgomery multiplication. They are used +automatically when \fBBN_mod_exp\fR\|(3) is called with suitable input, +but they may be useful when several operations are to be performed +using the same modulus. +.PP +\&\fBBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. +.PP +\&\fBBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR +by precomputing its inverse and a value R. +.PP +\&\fBBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR. +.PP +\&\fBBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if +it was created by \fBBN_MONT_CTX_new()\fR, also the structure itself. +If \fBmont\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places +the result in \fIr\fR. +.PP +\&\fBBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1. +.PP +\&\fBBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. +Note that \fIa\fR must be non-negative and smaller than the modulus. +.PP +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +temporary variables. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0 +on error. +.PP +\&\fBBN_MONT_CTX_free()\fR has no return value. +.PP +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +The inputs must be reduced modulo \fBm\fR, otherwise the result will be +outside the expected range. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), +\&\fBBN_CTX_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBN_MONT_CTX_init()\fR was removed in OpenSSL 1.1.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_mod_mul_reciprocal.3 b/deps/openssl/mingw64/share/man/man3/BN_mod_mul_reciprocal.3 new file mode 100644 index 00000000..7a9d3be8 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_mod_mul_reciprocal.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_MUL_RECIPROCAL 3" +.TH BN_MOD_MUL_RECIPROCAL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_free, BN_RECP_CTX_set \- modular multiplication using reciprocal +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_RECP_CTX *BN_RECP_CTX_new(void); +\& void BN_RECP_CTX_free(BN_RECP_CTX *recp); +\& +\& int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp, +\& BN_CTX *ctx); +\& +\& int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b, +\& BN_RECP_CTX *recp, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_mod_mul_reciprocal()\fR can be used to perform an efficient +\&\fBBN_mod_mul\fR\|(3) operation when the operation will be performed +repeatedly with the same modulus. It computes \fBr\fR=(\fBa\fR*\fBb\fR)%\fBm\fR +using \fBrecp\fR=1/\fBm\fR, which is set as described below. \fBctx\fR is a +previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. +.PP +\&\fBBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure. +.PP +\&\fBBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it +was created by \fBBN_RECP_CTX_new()\fR, also the structure itself. +If \fBrecp\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing +1/\fBm\fR and shifting it left by BN_num_bits(\fBm\fR)+1 to make it an +integer. The result and the number of bits it was shifted left will +later be stored in \fBrecp\fR. +.PP +\&\fBBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient +in \fBdv\fR and the remainder in \fBrem\fR. +.PP +The \fB\s-1BN_RECP_CTX\s0\fR structure cannot be shared between threads. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0 +on error. +.PP +\&\fBBN_RECP_CTX_free()\fR has no return value. +.PP +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), +\&\fBBN_CTX_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBN_RECP_CTX_init()\fR was removed in OpenSSL 1.1.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_new.3 b/deps/openssl/mingw64/share/man/man3/BN_new.3 new file mode 100644 index 00000000..2a59e453 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_new.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_NEW 3" +.TH BN_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIGNUM *BN_new(void); +\& +\& BIGNUM *BN_secure_new(void); +\& +\& void BN_clear(BIGNUM *a); +\& +\& void BN_free(BIGNUM *a); +\& +\& void BN_clear_free(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. +\&\fBBN_secure_new()\fR does the same except that the secure heap +\&\fBOPENSSL_secure_malloc\fR\|(3) is used to store the value. +.PP +\&\fBBN_clear()\fR is used to destroy sensitive data such as keys when they +are no longer needed. It erases the memory used by \fBa\fR and sets it +to the value 0. +If \fBa\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created +by \fBBN_new()\fR, also the structure itself. \fBBN_clear_free()\fR additionally +overwrites the data before the memory is returned to the system. +If \fBa\fR is \s-1NULL,\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_new()\fR and \fBBN_secure_new()\fR +return a pointer to the \fB\s-1BIGNUM\s0\fR initialised to the value 0. +If the allocation fails, +they return \fB\s-1NULL\s0\fR and set an error code that can be obtained +by \fBERR_get_error\fR\|(3). +.PP +\&\fBBN_clear()\fR, \fBBN_free()\fR and \fBBN_clear_free()\fR have no return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBOPENSSL_secure_malloc\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBN_init()\fR was removed in OpenSSL 1.1.0; use \fBBN_new()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_num_bytes.3 b/deps/openssl/mingw64/share/man/man3/BN_num_bytes.3 new file mode 100644 index 00000000..a3002753 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_num_bytes.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_NUM_BYTES 3" +.TH BN_NUM_BYTES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_num_bits, BN_num_bytes, BN_num_bits_word \- get BIGNUM size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_num_bytes(const BIGNUM *a); +\& +\& int BN_num_bits(const BIGNUM *a); +\& +\& int BN_num_bits_word(BN_ULONG w); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes. +.PP +\&\fBBN_num_bits_word()\fR returns the number of significant bits in a word. +If we take 0x00000432 as an example, it returns 11, not 16, not 32. +Basically, except for a zero, it returns \fIfloor(log2(w))+1\fR. +.PP +\&\fBBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR, +following the same principle as \fBBN_num_bits_word()\fR. +.PP +\&\fBBN_num_bytes()\fR is a macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The size. +.SH "NOTES" +.IX Header "NOTES" +Some have tried using \fBBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys, +\&\s-1DH\s0 keys and \s-1DSA\s0 keys, and found that they don't always come up with +the number of bits they expected (something like 512, 1024, 2048, +\&...). This is because generating a number with some specific number +of bits doesn't always set the highest bits, thereby making the number +of \fIsignificant\fR bits a little lower. If you want to know the \*(L"key +size\*(R" of such a key, either use functions like \fBRSA_size()\fR, \fBDH_size()\fR +and \fBDSA_size()\fR, or use \fBBN_num_bytes()\fR and multiply with 8 (although +there's no real guarantee that will match the \*(L"key size\*(R", just a lot +more probability). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_size\fR\|(3), \fBDSA_size\fR\|(3), +\&\fBRSA_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_rand.3 b/deps/openssl/mingw64/share/man/man3/BN_rand.3 new file mode 100644 index 00000000..a022b1f9 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_rand.3 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_RAND 3" +.TH BN_RAND 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_rand, BN_priv_rand, BN_pseudo_rand, BN_rand_range, BN_priv_rand_range, BN_pseudo_rand_range \&\- generate pseudo\-random number +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& +\& int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& +\& int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& +\& int BN_rand_range(BIGNUM *rnd, BIGNUM *range); +\& +\& int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range); +\& +\& int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_rand()\fR generates a cryptographically strong pseudo-random number of +\&\fBbits\fR in length and stores it in \fBrnd\fR. +If \fBbits\fR is less than zero, or too small to +accommodate the requirements specified by the \fBtop\fR and \fBbottom\fR +parameters, an error is returned. +The \fBtop\fR parameters specifies +requirements on the most significant bit of the generated number. +If it is \fB\s-1BN_RAND_TOP_ANY\s0\fR, there is no constraint. +If it is \fB\s-1BN_RAND_TOP_ONE\s0\fR, the top bit must be one. +If it is \fB\s-1BN_RAND_TOP_TWO\s0\fR, the two most significant bits of +the number will be set to 1, so that the product of two such random +numbers will always have 2*\fBbits\fR length. +If \fBbottom\fR is \fB\s-1BN_RAND_BOTTOM_ODD\s0\fR, the number will be odd; if it +is \fB\s-1BN_RAND_BOTTOM_ANY\s0\fR it can be odd or even. +If \fBbits\fR is 1 then \fBtop\fR cannot also be \fB\s-1BN_RAND_FLG_TOPTWO\s0\fR. +.PP +\&\fBBN_rand_range()\fR generates a cryptographically strong pseudo-random +number \fBrnd\fR in the range 0 <= \fBrnd\fR < \fBrange\fR. +.PP +\&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR have the same semantics as +\&\fBBN_rand()\fR and \fBBN_rand_range()\fR respectively. They are intended to be +used for generating values that should remain private, and mirror the +same difference between \fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +Always check the error return value of these functions and do not take +randomness for granted: an error occurs if the \s-1CSPRNG\s0 has not been +seeded with enough randomness to ensure an unpredictable byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return 1 on success, 0 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_priv_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +.IP "\(bu" 2 +Starting with OpenSSL release 1.1.0, \fBBN_pseudo_rand()\fR has been identical +to \fBBN_rand()\fR and \fBBN_pseudo_rand_range()\fR has been identical to +\&\fBBN_rand_range()\fR. +The \*(L"pseudo\*(R" functions should not be used and may be deprecated in +a future release. +.IP "\(bu" 2 +The +\&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_security_bits.3 b/deps/openssl/mingw64/share/man/man3/BN_security_bits.3 new file mode 100644 index 00000000..b767c21f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_security_bits.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_SECURITY_BITS 3" +.TH BN_SECURITY_BITS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_security_bits \- returns bits of security based on given numbers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_security_bits(int L, int N); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_security_bits()\fR returns the number of bits of security provided by a +specific algorithm and a particular key size. The bits of security is +defined in \s-1NIST SP800\-57.\s0 Currently, \fBBN_security_bits()\fR support two types +of asymmetric algorithms: the \s-1FFC\s0 (Finite Field Cryptography) and \s-1IFC\s0 +(Integer Factorization Cryptography). For \s-1FFC,\s0 e.g., \s-1DSA\s0 and \s-1DH,\s0 both +parameters \fBL\fR and \fBN\fR are used to decide the bits of security, where +\&\fBL\fR is the size of the public key and \fBN\fR is the size of the private +key. For \s-1IFC,\s0 e.g., \s-1RSA,\s0 only \fBL\fR is used and it's commonly considered +to be the key size (modulus). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Number of security bits. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1ECC\s0 (Elliptic Curve Cryptography) is not covered by the \fBBN_security_bits()\fR +function. The symmetric algorithms are not covered neither. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_security_bits\fR\|(3), \fBDSA_security_bits\fR\|(3), \fBRSA_security_bits\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBN_security_bits()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_set_bit.3 b/deps/openssl/mingw64/share/man/man3/BN_set_bit.3 new file mode 100644 index 00000000..3ed23ffa --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_set_bit.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_SET_BIT 3" +.TH BN_SET_BIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, BN_lshift1, BN_rshift, BN_rshift1 \- bit operations on BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_set_bit(BIGNUM *a, int n); +\& int BN_clear_bit(BIGNUM *a, int n); +\& +\& int BN_is_bit_set(const BIGNUM *a, int n); +\& +\& int BN_mask_bits(BIGNUM *a, int n); +\& +\& int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +\& int BN_lshift1(BIGNUM *r, BIGNUM *a); +\& +\& int BN_rshift(BIGNUM *r, BIGNUM *a, int n); +\& int BN_rshift1(BIGNUM *r, BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<>n)\*(C'\fR). An error occurs if \fBa\fR already is +shorter than \fBn\fR bits. +.PP +\&\fBBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_lshift1()\fR shifts +\&\fBa\fR left by one and places the result in \fBr\fR (\f(CW\*(C`r=2*a\*(C'\fR). +.PP +\&\fBBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_rshift1()\fR shifts +\&\fBa\fR right by one and places the result in \fBr\fR (\f(CW\*(C`r=a/2\*(C'\fR). +.PP +For the shift functions, \fBr\fR and \fBa\fR may be the same variable. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise. +.PP +All other functions return 1 for success, 0 on error. The error codes +can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_num_bytes\fR\|(3), \fBBN_add\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_swap.3 b/deps/openssl/mingw64/share/man/man3/BN_swap.3 new file mode 100644 index 00000000..0b1fcd5c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_swap.3 @@ -0,0 +1,163 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_SWAP 3" +.TH BN_SWAP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_swap \- exchange BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BN_swap(BIGNUM *a, BIGNUM *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_swap()\fR does not return a value. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BN_zero.3 b/deps/openssl/mingw64/share/man/man3/BN_zero.3 new file mode 100644 index 00000000..bf442191 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BN_zero.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_ZERO 3" +.TH BN_ZERO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- BIGNUM assignment operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BN_zero(BIGNUM *a); +\& int BN_one(BIGNUM *a); +\& +\& const BIGNUM *BN_value_one(void); +\& +\& int BN_set_word(BIGNUM *a, BN_ULONG w); +\& unsigned BN_ULONG BN_get_word(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1BN_ULONG\s0\fR is a macro that will be an unsigned integral type optimized +for the most efficient implementation on the local platform. +.PP +\&\fBBN_zero()\fR, \fBBN_one()\fR and \fBBN_set_word()\fR set \fBa\fR to the values 0, 1 and +\&\fBw\fR respectively. \fBBN_zero()\fR and \fBBN_one()\fR are macros. +.PP +\&\fBBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant +is useful for use in comparisons and assignment. +.PP +\&\fBBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot +be represented as a single integer. +.PP +\&\fBBN_one()\fR and \fBBN_set_word()\fR return 1 on success, 0 otherwise. +\&\fBBN_value_one()\fR returns the constant. +\&\fBBN_zero()\fR never fails and returns no value. +.SH "BUGS" +.IX Header "BUGS" +If a \fB\s-1BIGNUM\s0\fR is equal to the value of all-bits-set, it will collide +with the error condition returned by \fBBN_get_word()\fR which uses that +as an error value. +.PP +\&\fB\s-1BN_ULONG\s0\fR should probably be a typedef. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_bn2bin\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +In OpenSSL 0.9.8, \fBBN_zero()\fR was changed to not return a value; previous +versions returned an int. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/BUF_MEM_new.3 b/deps/openssl/mingw64/share/man/man3/BUF_MEM_new.3 new file mode 100644 index 00000000..9cf92773 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/BUF_MEM_new.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BUF_MEM_NEW 3" +.TH BUF_MEM_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, BUF_MEM_grow_clean, BUF_reverse \&\- simple character array structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BUF_MEM *BUF_MEM_new(void); +\& +\& BUF_MEM *BUF_MEM_new_ex(unsigned long flags); +\& +\& void BUF_MEM_free(BUF_MEM *a); +\& +\& int BUF_MEM_grow(BUF_MEM *str, int len); +\& size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +\& +\& void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The buffer library handles simple character arrays. Buffers are used for +various purposes in the library, most notably memory BIOs. +.PP +\&\fBBUF_MEM_new()\fR allocates a new buffer of zero size. +.PP +\&\fBBUF_MEM_new_ex()\fR allocates a buffer with the specified flags. +The flag \fB\s-1BUF_MEM_FLAG_SECURE\s0\fR specifies that the \fBdata\fR pointer +should be allocated on the secure heap; see \fBCRYPTO_secure_malloc\fR\|(3). +.PP +\&\fBBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed +before freeing up in case the buffer contains sensitive data. +.PP +\&\fBBUF_MEM_grow()\fR changes the size of an already existing buffer to +\&\fBlen\fR. Any data already in the buffer is preserved if it increases in +size. +.PP +\&\fBBUF_MEM_grow_clean()\fR is similar to \fBBUF_MEM_grow()\fR but it sets any free'd +or additionally-allocated memory to zero. +.PP +\&\fBBUF_reverse()\fR reverses \fBsize\fR bytes at \fBin\fR into \fBout\fR. If \fBin\fR +is \s-1NULL,\s0 the array is reversed in-place. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error. +.PP +\&\fBBUF_MEM_free()\fR has no return value. +.PP +\&\fBBUF_MEM_grow()\fR and \fBBUF_MEM_grow_clean()\fR return +zero on error or the new size (i.e., \fBlen\fR). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBbio\fR\|(7), +\&\fBCRYPTO_secure_malloc\fR\|(3). +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBUF_MEM_new_ex()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_add0_cert.3 b/deps/openssl/mingw64/share/man/man3/CMS_add0_cert.3 new file mode 100644 index 00000000..e0b7505f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_add0_cert.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ADD0_CERT 3" +.TH CMS_ADD0_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls \&\- CMS certificate and CRL utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +\& int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +\& STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); +\& +\& int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +\& int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +\& STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_add0_cert()\fR and \fBCMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR. +must be of type signed data or enveloped data. +.PP +\&\fBCMS_get1_certs()\fR returns all certificates in \fBcms\fR. +.PP +\&\fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fBCMS_get1_crls()\fR +returns any CRLs in \fBcms\fR. +.SH "NOTES" +.IX Header "NOTES" +The CMS_ContentInfo structure \fBcms\fR must be of type signed data or enveloped +data or an error will be returned. +.PP +For signed data certificates and CRLs are added to the \fBcertificates\fR and +\&\fBcrls\fR fields of SignedData structure. For enveloped data they are added to +\&\fBOriginatorInfo\fR. +.PP +As the \fB0\fR implies \fBCMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it +must not be freed up after the call as opposed to \fBCMS_add1_cert()\fR where \fBcert\fR +must be freed up. +.PP +The same certificate or \s-1CRL\s0 must not be added to the same cms structure more +than once. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_add0_cert()\fR, \fBCMS_add1_cert()\fR and \fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR return +1 for success and 0 for failure. +.PP +\&\fBCMS_get1_certs()\fR and \fBCMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs +or \s-1NULL\s0 if there are none or an error occurs. The only error which will occur +in practice is if the \fBcms\fR type is invalid. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_add1_recipient_cert.3 b/deps/openssl/mingw64/share/man/man3/CMS_add1_recipient_cert.3 new file mode 100644 index 00000000..909c19b7 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_add1_recipient_cert.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ADD1_RECIPIENT_CERT 3" +.TH CMS_ADD1_RECIPIENT_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_add1_recipient_cert, CMS_add0_recipient_key \- add recipients to a CMS enveloped data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, +\& X509 *recip, unsigned int flags); +\& +\& CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, +\& unsigned char *key, size_t keylen, +\& unsigned char *id, size_t idlen, +\& ASN1_GENERALIZEDTIME *date, +\& ASN1_OBJECT *otherTypeId, +\& ASN1_TYPE *otherType); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped +data structure \fBcms\fR as a KeyTransRecipientInfo structure. +.PP +\&\fBCMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using +wrapping algorithm \fBnid\fR, identifier \fBid\fR of length \fBidlen\fR and optional +values \fBdate\fR, \fBotherTypeId\fR and \fBotherType\fR to CMS_ContentInfo enveloped +data structure \fBcms\fR as a KEKRecipientInfo structure. +.PP +The CMS_ContentInfo structure should be obtained from an initial call to +\&\fBCMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of this function is to provide finer control over a \s-1CMS\s0 +enveloped data structure where the simpler \fBCMS_encrypt()\fR function defaults are +not appropriate. For example if one or more KEKRecipientInfo structures +need to be added. New attributes can also be added using the returned +CMS_RecipientInfo structure and the \s-1CMS\s0 attribute utility functions. +.PP +OpenSSL will by default identify recipient certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension. +.PP +Currently only \s-1AES\s0 based key wrapping algorithms are supported for \fBnid\fR, +specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. +If \fBnid\fR is set to \fBNID_undef\fR then an \s-1AES\s0 wrap algorithm will be used +consistent with \fBkeylen\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_add1_recipient_cert()\fR and \fBCMS_add0_recipient_key()\fR return an internal +pointer to the CMS_RecipientInfo structure just added or \s-1NULL\s0 if an error +occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3), +\&\fBCMS_final\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_add1_signer.3 b/deps/openssl/mingw64/share/man/man3/CMS_add1_signer.3 new file mode 100644 index 00000000..0969ff62 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_add1_signer.3 @@ -0,0 +1,238 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ADD1_SIGNER 3" +.TH CMS_ADD1_SIGNER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert, +\& EVP_PKEY *pkey, const EVP_MD *md, +\& unsigned int flags); +\& +\& int CMS_SignerInfo_sign(CMS_SignerInfo *si); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private +key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData +structure \fBcms\fR. +.PP +The CMS_ContentInfo structure should be obtained from an initial call to +\&\fBCMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a +valid CMS_ContentInfo SignedData structure. +.PP +If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public +key algorithm will be used. +.PP +Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo +structure is not complete and must be finalized either by streaming (if +applicable) or a call to \fBCMS_final()\fR. +.PP +The \fBCMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo +structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags +are both set. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of \fBCMS_add1_signer()\fR is to provide finer control +over a \s-1CMS\s0 signed data structure where the simpler \fBCMS_sign()\fR function defaults +are not appropriate. For example if multiple signers or non default digest +algorithms are needed. New attributes can also be added using the returned +CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the +\&\s-1CMS\s0 signed receipt request functions. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +If \fB\s-1CMS_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content +digest value from the CMS_ContentInfo structure: to add a signer to an existing +structure. An error occurs if a matching digest value cannot be found to copy. +The returned CMS_ContentInfo structure will be valid and finalized when this +flag is set. +.PP +If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the +CMS_SignerInfo structure will not be finalized so additional attributes +can be added. In this case an explicit call to \fBCMS_SignerInfo_sign()\fR is +needed to finalize it. +.PP +If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the \fBsigncert\fR parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. +.PP +The SignedData structure includes several \s-1CMS\s0 signedAttributes including the +signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an +SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes +will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +OpenSSL will by default identify signing certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit \s-1AES,\s0 Gost R3411\-94, Gost 28147\-89, 192 +bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 +If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is +not loaded. +.PP +\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +structure just added, this can be used to set additional attributes +before it is finalized. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +structure just added or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_final\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_compress.3 b/deps/openssl/mingw64/share/man/man3/CMS_compress.3 new file mode 100644 index 00000000..b3097108 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_compress.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_COMPRESS 3" +.TH CMS_COMPRESS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_compress \- create a CMS CompressedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR +is the compression algorithm to use or \fBNID_undef\fR to use the default +algorithm (zlib compression). \fBin\fR is the content to be compressed. +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +The only currently supported compression algorithm is zlib using the \s-1NID\s0 +NID_zlib_compression. +.PP +If zlib support is not compiled into OpenSSL then \fBCMS_compress()\fR will return +an error. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then +\&\fB\s-1CMS_TEXT\s0\fR is ignored. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.PP +The compressed data is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in +practice and is not supported by \fBSMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, +\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fBBIO_new_CMS()\fR. +.PP +Additional compression parameters such as the zlib compression level cannot +currently be set. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_uncompress\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1CMS_STREAM\s0\fR flag was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_decrypt.3 b/deps/openssl/mingw64/share/man/man3/CMS_decrypt.3 new file mode 100644 index 00000000..d0c8c8f3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_decrypt.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_DECRYPT 3" +.TH CMS_DECRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_decrypt \- decrypt content from a CMS envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, +\& BIO *dcont, BIO *out, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData +structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the +recipient's certificate, \fBout\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.PP +The \fBdcont\fR parameter is used in the rare case where the encrypted content +is detached. It will normally be set to \s-1NULL.\s0 +.SH "NOTES" +.IX Header "NOTES" +Although the recipients certificate is not needed to decrypt the data it is +needed to locate the appropriate (of possible several) recipients in the \s-1CMS\s0 +structure. +.PP +If \fBcert\fR is set to \s-1NULL\s0 all possible recipients are tried. This case however +is problematic. To thwart the \s-1MMA\s0 attack (Bleichenbacher's attack on +\&\s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are tried whether they succeed or +not. If no recipient succeeds then a random symmetric key is used to decrypt +the content: this will typically output garbage and may (but is not guaranteed +to) ultimately return a padding error only. If \fBCMS_decrypt()\fR just returned an +error when all recipient encrypted keys failed to decrypt an attacker could +use this in a timing attack. If the special flag \fB\s-1CMS_DEBUG_DECRYPT\s0\fR is set +then the above behaviour is modified and an error \fBis\fR returned if no +recipient encrypted key can be decrypted \fBwithout\fR generating a random +content encryption key. Applications should use this flag with +\&\fBextreme caution\fR especially in automated gateways as it can leave them +open to attack. +.PP +It is possible to determine the correct recipient key by other means (for +example looking them up in a database) and setting them in the \s-1CMS\s0 structure +in advance using the \s-1CMS\s0 utility functions such as \fBCMS_set1_pkey()\fR. In this +case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL.\s0 +.PP +To process KEKRecipientInfo types \fBCMS_set1_key()\fR or \fBCMS_RecipientInfo_set0_key()\fR +and \fBCMS_RecipientInfo_decrypt()\fR should be called before \fBCMS_decrypt()\fR and +\&\fBcert\fR and \fBpkey\fR set to \s-1NULL.\s0 +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The lack of single pass processing and the need to hold all data in memory as +mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decrypt()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_encrypt.3 b/deps/openssl/mingw64/share/man/man3/CMS_encrypt.3 new file mode 100644 index 00000000..ed9ef4d1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_encrypt.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ENCRYPT 3" +.TH CMS_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_encrypt \- create a CMS envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, +\& const EVP_CIPHER *cipher, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR +is a list of recipient certificates. \fBin\fR is the content to be encrypted. +\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this +function. +.PP +\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +because most clients will support it. +.PP +The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of +its parameters. +.PP +Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to +\&\fBCMS_encrypt()\fR. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then +\&\fB\s-1CMS_TEXT\s0\fR is ignored. +.PP +OpenSSL will by default identify recipient certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.PP +If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned to which additional recipients and attributes can be added before +finalization. +.PP +The data being encrypted is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in +practice and is not supported by \fBSMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, +\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fBBIO_new_CMS()\fR. +.PP +The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info +structure. KEKRecipientInfo is also supported using the flag \fB\s-1CMS_PARTIAL\s0\fR +and \fBCMS_add0_recipient_key()\fR. +.PP +The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients +added later using \fBCMS_add1_recipient_cert()\fR or \fBCMS_add0_recipient_key()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_final.3 b/deps/openssl/mingw64/share/man/man3/CMS_final.3 new file mode 100644 index 00000000..61d65fc8 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_final.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_FINAL 3" +.TH CMS_FINAL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_final \- finalise a CMS_ContentInfo structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_final()\fR finalises the structure \fBcms\fR. Its purpose is to perform any +operations necessary on \fBcms\fR (digest computation for example) and set the +appropriate fields. The parameter \fBdata\fR contains the content to be +processed. The \fBdcont\fR parameter contains a \s-1BIO\s0 to write content to after +processing: this is only used with detached data and will usually be set to +\&\s-1NULL.\s0 +.SH "NOTES" +.IX Header "NOTES" +This function will normally be called when the \fB\s-1CMS_PARTIAL\s0\fR flag is used. It +should only be used when streaming is not performed because the streaming +I/O functions perform finalisation operations internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_final()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_get0_RecipientInfos.3 b/deps/openssl/mingw64/share/man/man3/CMS_get0_RecipientInfos.3 new file mode 100644 index 00000000..07bf5d24 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_get0_RecipientInfos.3 @@ -0,0 +1,265 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET0_RECIPIENTINFOS 3" +.TH CMS_GET0_RECIPIENTINFOS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt \&\- CMS envelopedData RecipientInfo routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +\& int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +\& +\& int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, +\& ASN1_OCTET_STRING **keyid, +\& X509_NAME **issuer, +\& ASN1_INTEGER **sno); +\& int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +\& int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +\& +\& int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, +\& ASN1_OCTET_STRING **pid, +\& ASN1_GENERALIZEDTIME **pdate, +\& ASN1_OBJECT **potherid, +\& ASN1_TYPE **pothertype); +\& int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, +\& const unsigned char *id, size_t idlen); +\& int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, +\& unsigned char *key, size_t keylen); +\& +\& int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +\& int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBCMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo +structures associated with a \s-1CMS\s0 EnvelopedData structure. +.PP +\&\fBCMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR. +It will currently return \s-1CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, +CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS,\s0 or \s-1CMS_RECIPINFO_OTHER.\s0 +.PP +\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient +identifier associated with a specific CMS_RecipientInfo structure \fBri\fR, which +must be of type \s-1CMS_RECIPINFO_TRANS.\s0 Either the keyidentifier will be set in +\&\fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR. +.PP +\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the +CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS.\s0 +It returns zero if the comparison is successful and non zero if not. +.PP +\&\fBCMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with +the CMS_RecipientInfo structure \fBri\fR, which must be of type +\&\s-1CMS_RECIPINFO_TRANS.\s0 +.PP +\&\fBCMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the +CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK.\s0 Any +of the remaining parameters can be \s-1NULL\s0 if the application is not interested in +the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written +to the corresponding parameter. The keyEncryptionAlgorithm field is written to +\&\fBpalg\fR, the \fBkeyIdentifier\fR field is written to \fBpid\fR, the \fBdate\fR field if +present is written to \fBpdate\fR, if the \fBother\fR field is present the components +\&\fBkeyAttrId\fR and \fBkeyAttr\fR are written to parameters \fBpotherid\fR and +\&\fBpothertype\fR. +.PP +\&\fBCMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR +parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR, +which must be of type \s-1CMS_RECIPINFO_KEK.\s0 It returns zero if the comparison is +successful and non zero if not. +.PP +\&\fBCMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length +\&\fBkeylen\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type +\&\s-1CMS_RECIPINFO_KEK.\s0 +.PP +\&\fBCMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure +\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure +first. +.PP +\&\fBCMS_RecipientInfo_encrypt()\fR attempts to encrypt CMS_RecipientInfo structure +\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure +first and the content encryption key must be available: for example by a +previous call to \fBCMS_RecipientInfo_decrypt()\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of these functions is to enable an application to lookup +recipient keys using any appropriate technique when the simpler method +of \fBCMS_decrypt()\fR is not appropriate. +.PP +In typical usage and application will retrieve all CMS_RecipientInfo structures +using \fBCMS_get0_RecipientInfos()\fR and check the type of each using +\&\fBCMS_RecipientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure +can be ignored or its key identifier data retrieved using an appropriate +function. Then if the corresponding secret or private key can be obtained by +any appropriate means it can then associated with the structure and +\&\fBCMS_RecipientInfo_decrypt()\fR called. If successful \fBCMS_decrypt()\fR can be called +with a \s-1NULL\s0 key to decrypt the enveloped content. +.PP +The \fBCMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an +existing enveloped data structure. Typically an application will first decrypt +an appropriate CMS_RecipientInfo structure to make the content encrypt key +available, it will then add a new recipient using a function such as +\&\fBCMS_add1_recipient_cert()\fR and finally encrypt the content encryption key +using \fBCMS_RecipientInfo_encrypt()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if +an error occurs. +.PP +\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR, \fBCMS_RecipientInfo_set0_pkey()\fR, +\&\fBCMS_RecipientInfo_kekri_get0_id()\fR, \fBCMS_RecipientInfo_set0_key()\fR and +\&\fBCMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs. +\&\fBCMS_RecipientInfo_encrypt()\fR return 1 for success or 0 if an error occurs. +.PP +\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR and \fBCMS_RecipientInfo_kekri_cmp()\fR return 0 +for a successful comparison and non zero otherwise. +.PP +Any error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_get0_SignerInfos.3 b/deps/openssl/mingw64/share/man/man3/CMS_get0_SignerInfos.3 new file mode 100644 index 00000000..c57544f3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_get0_SignerInfos.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET0_SIGNERINFOS 3" +.TH CMS_GET0_SIGNERINFOS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_SignerInfo_set1_signer_cert, CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp \&\- CMS signedData signer functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); +\& +\& int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, +\& X509_NAME **issuer, ASN1_INTEGER **sno); +\& ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +\& int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +\& void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBCMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures +associated with a \s-1CMS\s0 signedData structure. +.PP +\&\fBCMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier +associated with a specific CMS_SignerInfo structure \fBsi\fR. Either the +keyidentifier will be set in \fBkeyid\fR or \fBboth\fR issuer name and serial number +in \fBissuer\fR and \fBsno\fR. +.PP +\&\fBCMS_SignerInfo_get0_signature()\fR retrieves the signature associated with +\&\fBsi\fR in a pointer to an \s-1ASN1_OCTET_STRING\s0 structure. This pointer returned +corresponds to the internal signature value if \fBsi\fR so it may be read or +modified. +.PP +\&\fBCMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer +identifier \fBsi\fR. It returns zero if the comparison is successful and non zero +if not. +.PP +\&\fBCMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to +\&\fBsigner\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of these functions is to enable an application to lookup +signers certificates using any appropriate technique when the simpler method +of \fBCMS_verify()\fR is not appropriate. +.PP +In typical usage and application will retrieve all CMS_SignerInfo structures +using \fBCMS_get0_SignerInfo()\fR and retrieve the identifier information using +\&\s-1CMS.\s0 It will then obtain the signer certificate by some unspecified means +(or return and error if it cannot be found) and set it using +\&\fBCMS_SignerInfo_set1_signer_cert()\fR. +.PP +Once all signer certificates have been set \fBCMS_verify()\fR can be used. +.PP +Although \fBCMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if +there are no signers this is not a problem in practice because the only +error which can occur is if the \fBcms\fR structure is not of type signedData +due to application error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there +are no signers or an error occurs. +.PP +\&\fBCMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure. +.PP +\&\fBCMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non +zero otherwise. +.PP +\&\fBCMS_SignerInfo_set1_signer_cert()\fR does not return a value. +.PP +Any error can be obtained from \fBERR_get_error\fR\|(3) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_get0_type.3 b/deps/openssl/mingw64/share/man/man3/CMS_get0_type.3 new file mode 100644 index 00000000..ff3079d2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_get0_type.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET0_TYPE 3" +.TH CMS_GET0_TYPE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content \- get and set CMS content types and content +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); +\& int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +\& const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); +\& ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as +an \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the +CMS_ContentInfo structure based on this value. +.PP +\&\fBCMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo +structure. It should be called with \s-1CMS\s0 functions (such as CMS_sign, CMS_encrypt) +with the \fB\s-1CMS_PARTIAL\s0\fR +flag and \fBbefore\fR the structure is finalised, otherwise the results are +undefined. +.PP +\&\s-1ASN1_OBJECT\s0 *\fBCMS_get0_eContentType()\fR returns a pointer to the embedded +content type. +.PP +\&\fBCMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer +containing the embedded content. +.SH "NOTES" +.IX Header "NOTES" +As the \fB0\fR implies \fBCMS_get0_type()\fR, \fBCMS_get0_eContentType()\fR and +\&\fBCMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up. +\&\fBCMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up +after use. +.PP +The \fB\s-1ASN1_OBJECT\s0\fR values returned can be converted to an integer \fB\s-1NID\s0\fR value +using \fBOBJ_obj2nid()\fR. For the currently supported content types the following +values are returned: +.PP +.Vb 6 +\& NID_pkcs7_data +\& NID_pkcs7_signed +\& NID_pkcs7_digest +\& NID_id_smime_ct_compressedData: +\& NID_pkcs7_encrypted +\& NID_pkcs7_enveloped +.Ve +.PP +The return value of \fBCMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR +content pointer. That means that for example: +.PP +.Vb 1 +\& ASN1_OCTET_STRING **pconf = CMS_get0_content(cms); +.Ve +.PP +\&\fB*pconf\fR could be \s-1NULL\s0 if there is no embedded content. Applications can +access, modify or create the embedded content in a \fBCMS_ContentInfo\fR structure +using this function. Applications usually will not need to modify the +embedded content as it is normally set by higher level functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_get0_type()\fR and \fBCMS_get0_eContentType()\fR return an \s-1ASN1_OBJECT\s0 structure. +.PP +\&\fBCMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred. The +error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_get1_ReceiptRequest.3 b/deps/openssl/mingw64/share/man/man3/CMS_get1_ReceiptRequest.3 new file mode 100644 index 00000000..614de9df --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_get1_ReceiptRequest.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET1_RECEIPTREQUEST 3" +.TH CMS_GET1_RECEIPTREQUEST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values \- CMS signed receipt request functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, +\& int allorfirst, +\& STACK_OF(GENERAL_NAMES) *receiptList, +\& STACK_OF(GENERAL_NAMES) *receiptsTo); +\& int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +\& int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +\& void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, +\& int *pallorfirst, +\& STACK_OF(GENERAL_NAMES) **plist, +\& STACK_OF(GENERAL_NAMES) **prto); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The +\&\fBsignedContentIdentifier\fR field is set using \fBid\fR and \fBidlen\fR, or it is set +to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL.\s0 If \fBreceiptList\fR is \s-1NULL\s0 +the allOrFirstTier option in \fBreceiptsFrom\fR is used and set to the value of +the \fBallorfirst\fR parameter. If \fBreceiptList\fR is not \s-1NULL\s0 the \fBreceiptList\fR +option in \fBreceiptsFrom\fR is used. The \fBreceiptsTo\fR parameter specifies the +\&\fBreceiptsTo\fR field value. +.PP +The \fBCMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR +to SignerInfo structure \fBsi\fR. +.PP +int \fBCMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if +any is found it is decoded and written to \fBprr\fR. +.PP +\&\fBCMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request. +The signedContentIdentifier is copied to \fBpcid\fR. If the \fBallOrFirstTier\fR +option of \fBreceiptsFrom\fR is used its value is copied to \fBpallorfirst\fR +otherwise the \fBreceiptList\fR field is copied to \fBplist\fR. The \fBreceiptsTo\fR +parameter is copied to \fBprto\fR. +.SH "NOTES" +.IX Header "NOTES" +For more details of the meaning of the fields see \s-1RFC2634.\s0 +.PP +The contents of a signed receipt should only be considered meaningful if the +corresponding CMS_ContentInfo structure can be successfully verified using +\&\fBCMS_verify()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or +\&\s-1NULL\s0 if an error occurred. +.PP +\&\fBCMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fBCMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and +decoded. It returns 0 if a signed receipt request is not present and \-1 if +it is present but malformed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_sign_receipt\fR\|(3), \fBCMS_verify\fR\|(3) +\&\fBCMS_verify_receipt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_sign.3 b/deps/openssl/mingw64/share/man/man3/CMS_sign.3 new file mode 100644 index 00000000..70af1898 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_sign.3 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_SIGN 3" +.TH CMS_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_sign \- create a CMS SignedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& BIO *data, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is +the certificate to sign with, \fBpkey\fR is the corresponding private key. +\&\fBcerts\fR is an optional additional set of certificates to include in the \s-1CMS\s0 +structure (for example any intermediate CAs in the chain). Any or all of +these parameters can be \fB\s-1NULL\s0\fR, see \fB\s-1NOTES\s0\fR below. +.PP +The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If +the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. +.PP +If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the \fBsigncert\fR parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. +.PP +The data being signed is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is used for +CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed +messages for example. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. +.PP +The SignedData structure includes several \s-1CMS\s0 signedAttributes including the +signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an +SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes +will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit \s-1AES,\s0 Gost R3411\-94, Gost 28147\-89, 192 +bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 +If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is +not loaded. +.PP +OpenSSL will by default identify signing certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. +.PP +If the flags \fB\s-1CMS_STREAM\s0\fR is set then the returned \fBCMS_ContentInfo\fR +structure is just initialized ready to perform the signing operation. The +signing is however \fBnot\fR performed and the data to be signed is not read from +the \fBdata\fR parameter. Signing is deferred until after the data has been +written. In this way data can be signed in a single pass. +.PP +If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +output to which additional signers and capabilities can be added before +finalization. +.PP +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, +\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fBBIO_new_CMS()\fR. +.PP +If a signer is specified it will use the default digest for the signing +algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. +.PP +If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only \s-1CMS\s0 structure is +output. +.PP +The function \fBCMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be +suitable for many purposes. For finer control of the output format the +\&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fB\s-1NULL\s0\fR and the +\&\fB\s-1CMS_PARTIAL\s0\fR flag set. Then one or more signers can be added using the +function \fBCMS_sign_add1_signer()\fR, non default digests can be used and custom +attributes added. \fBCMS_final()\fR must then be called to finalize the +structure if streaming is not enabled. +.SH "BUGS" +.IX Header "BUGS" +Some attributes such as counter signatures are not supported. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1CMS_STREAM\s0\fR flag is only supported for detached data in OpenSSL 0.9.8, +it is supported for embedded data in OpenSSL 1.0.0 and later. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_sign_receipt.3 b/deps/openssl/mingw64/share/man/man3/CMS_sign_receipt.3 new file mode 100644 index 00000000..4b68eb8e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_sign_receipt.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_SIGN_RECEIPT 3" +.TH CMS_SIGN_RECEIPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_sign_receipt \- create a CMS signed receipt +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, +\& EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is +the \fBCMS_SignerInfo\fR structure containing the signed receipt request. +\&\fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding +private key. \fBcerts\fR is an optional additional set of certificates to include +in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +This functions behaves in a similar way to \fBCMS_sign()\fR except the flag values +\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_NOATTR\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR +are not supported since they do not make sense in the context of signed +receipts. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if +an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_verify_receipt\fR\|(3), +\&\fBCMS_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_uncompress.3 b/deps/openssl/mingw64/share/man/man3/CMS_uncompress.3 new file mode 100644 index 00000000..d6e86c15 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_uncompress.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_UNCOMPRESS 3" +.TH CMS_UNCOMPRESS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_uncompress \- uncompress a CMS CompressedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0 +CompressedData structure \fBcms\fR. \fBdata\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.PP +The \fBdcont\fR parameter is used in the rare case where the compressed content +is detached. It will normally be set to \s-1NULL.\s0 +.SH "NOTES" +.IX Header "NOTES" +The only currently supported compression algorithm is zlib: if the structure +indicates the use of any other algorithm an error is returned. +.PP +If zlib support is not compiled into OpenSSL then \fBCMS_uncompress()\fR will always +return an error. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can +be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The lack of single pass processing and the need to hold all data in memory as +mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decompress()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_compress\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_verify.3 b/deps/openssl/mingw64/share/man/man3/CMS_verify.3 new file mode 100644 index 00000000..c1cdbe42 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_verify.3 @@ -0,0 +1,261 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_VERIFY 3" +.TH CMS_VERIFY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_verify, CMS_get0_signers \- verify a CMS SignedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store, +\& BIO *indata, BIO *out, unsigned int flags); +\& +\& STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo +structure to verify. \fBcerts\fR is a set of certificates in which to search for +the signing certificate(s). \fBstore\fR is a trusted certificate store used for +chain verification. \fBindata\fR is the detached content if the content is not +present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL.\s0 +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.PP +\&\fBCMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must +be called after a successful \fBCMS_verify()\fR operation. +.SH "VERIFY PROCESS" +.IX Header "VERIFY PROCESS" +Normally the verify process proceeds as follows. +.PP +Initially some sanity checks are performed on \fBcms\fR. The type of \fBcms\fR must +be SignedData. There must be at least one signature on the data and if +the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. +.PP +An attempt is made to locate all the signing certificate(s), first looking in +the \fBcerts\fR parameter (if it is not \s-1NULL\s0) and then looking in any +certificates contained in the \fBcms\fR structure itself. If any signing +certificate cannot be located the operation fails. +.PP +Each signing certificate is chain verified using the \fBsmimesign\fR purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If \s-1CRL\s0 checking is enabled in \fBstore\fR any internal +CRLs are used in addition to attempting to look them up in \fBstore\fR. If any +chain verify fails an error code is returned. +.PP +Finally the signed content is read (and written to \fBout\fR if it is not \s-1NULL\s0) +and the signature's checked. +.PP +If all signature's verify correctly then the function is successful. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter to change the default verify behaviour. +.PP +If \fB\s-1CMS_NOINTERN\s0\fR is set the certificates in the message itself are not +searched when locating the signing certificate(s). This means that all the +signing certificates must be in the \fBcerts\fR parameter. +.PP +If \fB\s-1CMS_NOCRL\s0\fR is set and \s-1CRL\s0 checking is enabled in \fBstore\fR then any +CRLs in the message itself are ignored. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.PP +If \fB\s-1CMS_NO_SIGNER_CERT_VERIFY\s0\fR is set the signing certificates are not +verified. +.PP +If \fB\s-1CMS_NO_ATTR_VERIFY\s0\fR is set the signed attributes signature is not +verified. +.PP +If \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR is set then the content digest is not checked. +.SH "NOTES" +.IX Header "NOTES" +One application of \fB\s-1CMS_NOINTERN\s0\fR is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the \fBcerts\fR parameter. In this case if the signer is not one of the +certificates supplied in \fBcerts\fR then the verify will fail because the +signer cannot be found. +.PP +In some cases the standard techniques for looking up and validating +certificates are not appropriate: for example an application may wish to +lookup certificates in a database or perform customised verification. This +can be achieved by setting and verifying the signers certificates manually +using the signed data utility functions. +.PP +Care should be taken when modifying the default verify behaviour, for example +setting \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR will totally disable all content verification +and any modified content will be considered valid. This combination is however +useful if one merely wishes to write the content to \fBout\fR and its validity +is not considered important. +.PP +Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_verify()\fR returns 1 for a successful verification and zero if an error +occurred. +.PP +\&\fBCMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. +.PP +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The trusted certificate store is not searched for the signing certificate, +this is primarily due to the inadequacies of the current \fBX509_STORE\fR +functionality. +.PP +The lack of single pass processing means that the signed content must all +be held in memory if it is not detached. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CMS_verify_receipt.3 b/deps/openssl/mingw64/share/man/man3/CMS_verify_receipt.3 new file mode 100644 index 00000000..b2a48605 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CMS_verify_receipt.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_VERIFY_RECEIPT 3" +.TH CMS_VERIFY_RECEIPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_verify_receipt \- verify a CMS signed receipt +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, +\& STACK_OF(X509) *certs, X509_STORE *store, +\& unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed +receipt to verify. \fBocms\fR is the original SignedData structure containing the +receipt request. \fBcerts\fR is a set of certificates in which to search for the +signing certificate. \fBstore\fR is a trusted certificate store (used for chain +verification). +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.SH "NOTES" +.IX Header "NOTES" +This functions behaves in a similar way to \fBCMS_verify()\fR except the flag values +\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not +supported since they do not make sense in the context of signed receipts. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_verify_receipt()\fR returns 1 for a successful verification and zero if an +error occurred. +.PP +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_sign_receipt\fR\|(3), +\&\fBCMS_verify\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CONF_modules_free.3 b/deps/openssl/mingw64/share/man/man3/CONF_modules_free.3 new file mode 100644 index 00000000..4bad492e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CONF_modules_free.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CONF_MODULES_FREE 3" +.TH CONF_MODULES_FREE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CONF_modules_free, CONF_modules_finish, CONF_modules_unload \- OpenSSL configuration cleanup functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void CONF_modules_finish(void); +\& void CONF_modules_unload(int all); +.Ve +.PP +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void CONF_modules_free(void) +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCONF_modules_free()\fR closes down and frees up all memory allocated by all +configuration modules. Normally, in versions of OpenSSL prior to 1.1.0, +applications called +\&\fBCONF_modules_free()\fR at exit to tidy up any configuration performed. +.PP +\&\fBCONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler +to free up any configuration that module may have performed. +.PP +\&\fBCONF_modules_unload()\fR finishes and unloads configuration modules. If +\&\fBall\fR is set to \fB0\fR only modules loaded from DSOs will be unloads. If +\&\fBall\fR is \fB1\fR all modules, including builtin modules will be unloaded. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3), +\&\fBCONF_modules_load_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBCONF_modules_free()\fR was deprecated in OpenSSL 1.1.0; do not use it. +For more information see \fBOPENSSL_init_crypto\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CONF_modules_load_file.3 b/deps/openssl/mingw64/share/man/man3/CONF_modules_load_file.3 new file mode 100644 index 00000000..e25a82df --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CONF_modules_load_file.3 @@ -0,0 +1,282 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CONF_MODULES_LOAD_FILE 3" +.TH CONF_MODULES_LOAD_FILE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CONF_modules_load_file, CONF_modules_load \- OpenSSL configuration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CONF_modules_load_file(const char *filename, const char *appname, +\& unsigned long flags); +\& int CONF_modules_load(const CONF *cnf, const char *appname, +\& unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBCONF_modules_load_file()\fR configures OpenSSL using file +\&\fBfilename\fR and application name \fBappname\fR. If \fBfilename\fR is \s-1NULL\s0 +the standard OpenSSL configuration file is used. If \fBappname\fR is +\&\s-1NULL\s0 the standard OpenSSL application name \fBopenssl_conf\fR is used. +The behaviour can be customized using \fBflags\fR. +.PP +\&\fBCONF_modules_load()\fR is identical to \fBCONF_modules_load_file()\fR except it +reads configuration information from \fBcnf\fR. +.SH "NOTES" +.IX Header "NOTES" +The following \fBflags\fR are currently recognized: +.PP +If \fB\s-1CONF_MFLAGS_IGNORE_ERRORS\s0\fR is set errors returned by individual +configuration modules are ignored. If not set the first module error is +considered fatal and no further modules are loaded. +.PP +Normally any modules errors will add error information to the error queue. If +\&\fB\s-1CONF_MFLAGS_SILENT\s0\fR is set no error information is added. +.PP +If \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR is set the function unconditionally +returns success. +This is used by default in \fBOPENSSL_init_crypto\fR\|(3) to ignore any errors in +the default system-wide configuration file, as having all OpenSSL applications +fail to start when there are potentially minor issues in the file is too risky. +Applications calling \fBCONF_modules_load_file\fR explicitly should not generally +set this flag. +.PP +If \fB\s-1CONF_MFLAGS_NO_DSO\s0\fR is set configuration module loading from DSOs is +disabled. +.PP +\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fBCONF_load_modules_file()\fR +ignore missing configuration files. Normally a missing configuration file +return an error. +.PP +\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR if set and \fBappname\fR is not \s-1NULL\s0 will use the +default section pointed to by \fBopenssl_conf\fR if \fBappname\fR does not exist. +.PP +By using \fBCONF_modules_load_file()\fR with appropriate flags an application can +customise application configuration to best suit its needs. In some cases the +use of a configuration file is optional and its absence is not an error: in +this case \fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR would be set. +.PP +Errors during configuration may also be handled differently by different +applications. For example in some cases an error may simply print out a warning +message and the application continue. In other cases an application might +consider a configuration file error as fatal and exit immediately. +.PP +Applications can use the \fBCONF_modules_load()\fR function if they wish to load a +configuration file themselves and have finer control over how errors are +treated. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 for success and a zero or negative value for +failure. If module errors are not ignored the return code will reflect the +return value of the failing module (this will always be zero or negative). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Load a configuration file and print out any errors and exit (missing file +considered fatal): +.PP +.Vb 5 +\& if (CONF_modules_load_file(NULL, NULL, 0) <= 0) { +\& fprintf(stderr, "FATAL: error loading configuration file\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +.Ve +.PP +Load default configuration file using the section indicated by \*(L"myapp\*(R", +tolerate missing files, but exit on other errors: +.PP +.Vb 6 +\& if (CONF_modules_load_file(NULL, "myapp", +\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { +\& fprintf(stderr, "FATAL: error loading configuration file\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +.Ve +.PP +Load custom configuration file and section, only print warnings on error, +missing configuration file ignored: +.PP +.Vb 5 +\& if (CONF_modules_load_file("/something/app.cnf", "myapp", +\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { +\& fprintf(stderr, "WARNING: error loading configuration file\en"); +\& ERR_print_errors_fp(stderr); +\& } +.Ve +.PP +Load and parse configuration file manually, custom error handling: +.PP +.Vb 3 +\& FILE *fp; +\& CONF *cnf = NULL; +\& long eline; +\& +\& fp = fopen("/somepath/app.cnf", "r"); +\& if (fp == NULL) { +\& fprintf(stderr, "Error opening configuration file\en"); +\& /* Other missing configuration file behaviour */ +\& } else { +\& cnf = NCONF_new(NULL); +\& if (NCONF_load_fp(cnf, fp, &eline) == 0) { +\& fprintf(stderr, "Error on line %ld of configuration file\en", eline); +\& ERR_print_errors_fp(stderr); +\& /* Other malformed configuration file behaviour */ +\& } else if (CONF_modules_load(cnf, "appname", 0) <= 0) { +\& fprintf(stderr, "Error configuring application\en"); +\& ERR_print_errors_fp(stderr); +\& /* Other configuration error behaviour */ +\& } +\& fclose(fp); +\& NCONF_free(cnf); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CRYPTO_THREAD_run_once.3 b/deps/openssl/mingw64/share/man/man3/CRYPTO_THREAD_run_once.3 new file mode 100644 index 00000000..fff4237c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CRYPTO_THREAD_run_once.3 @@ -0,0 +1,283 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO_THREAD_RUN_ONCE 3" +.TH CRYPTO_THREAD_RUN_ONCE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_THREAD_run_once, CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock, CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add \- OpenSSL thread support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT; +\& int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); +\& +\& CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); +\& int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); +\& int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); +\& int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); +\& void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); +\& +\& int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL can be safely used in multi-threaded applications provided that +support for the underlying \s-1OS\s0 threading \s-1API\s0 is built-in. Currently, OpenSSL +supports the pthread and Windows APIs. OpenSSL can also be built without +any multi-threading support, for example on platforms that don't provide +any threading support or that provide a threading \s-1API\s0 that is not yet +supported by OpenSSL. +.PP +The following multi-threading function are provided: +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_run_once()\fR can be used to perform one-time initialization. +The \fBonce\fR argument must be a pointer to a static object of type +\&\fB\s-1CRYPTO_ONCE\s0\fR that was statically initialized to the value +\&\fB\s-1CRYPTO_ONCE_STATIC_INIT\s0\fR. +The \fBinit\fR argument is a pointer to a function that performs the desired +exactly once initialization. +In particular, this can be used to allocate locks in a thread-safe manner, +which can then be used with the locking functions below. +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_lock_new()\fR allocates, initializes and returns a new read/write +lock. +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_read_lock()\fR locks the provided \fBlock\fR for reading. +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_write_lock()\fR locks the provided \fBlock\fR for writing. +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_unlock()\fR unlocks the previously locked \fBlock\fR. +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_lock_free()\fR frees the provided \fBlock\fR. +.IP "\(bu" 2 +\&\fBCRYPTO_atomic_add()\fR atomically adds \fBamount\fR to \fBval\fR and returns the +result of the operation in \fBret\fR. \fBlock\fR will be locked, unless atomic +operations are supported on the specific platform. Because of this, if a +variable is modified by \fBCRYPTO_atomic_add()\fR then \fBCRYPTO_atomic_add()\fR must +be the only way that the variable is modified. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCRYPTO_THREAD_run_once()\fR returns 1 on success, or 0 on error. +.PP +\&\fBCRYPTO_THREAD_lock_new()\fR returns the allocated lock, or \s-1NULL\s0 on error. +.PP +\&\fBCRYPTO_THREAD_lock_free()\fR returns no value. +.PP +The other functions return 1 on success, or 0 on error. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the CRYPTO_THREAD_* types and functions in the +openssl/crypto.h header are dependent on some of the types customarily +made available by including windows.h. The application developer is +likely to require control over when the latter is included, commonly as +one of the first included headers. Therefore it is defined as an +application developer's responsibility to include windows.h prior to +crypto.h where use of CRYPTO_THREAD_* types and functions is required. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example safely initializes and uses a lock. +.PP +.Vb 4 +\& #ifdef _WIN32 +\& # include +\& #endif +\& #include +\& +\& static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT; +\& static CRYPTO_RWLOCK *lock; +\& +\& static void myinit(void) +\& { +\& lock = CRYPTO_THREAD_lock_new(); +\& } +\& +\& static int mylock(void) +\& { +\& if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL) +\& return 0; +\& return CRYPTO_THREAD_write_lock(lock); +\& } +\& +\& static int myunlock(void) +\& { +\& return CRYPTO_THREAD_unlock(lock); +\& } +\& +\& int serialized(void) +\& { +\& int ret = 0; +\& +\& if (mylock()) { +\& /* Your code here, do not return without releasing the lock! */ +\& ret = ... ; +\& } +\& myunlock(); +\& return ret; +\& } +.Ve +.PP +Finalization of locks is an advanced topic, not covered in this example. +This can only be done at process exit or when a dynamically loaded library is +no longer in use and is unloaded. +The simplest solution is to just \*(L"leak\*(R" the lock in applications and not +repeatedly load/unload shared libraries that allocate locks. +.SH "NOTES" +.IX Header "NOTES" +You can find out if OpenSSL was configured with thread support: +.PP +.Vb 6 +\& #include +\& #if defined(OPENSSL_THREADS) +\& /* thread support enabled */ +\& #else +\& /* no thread support */ +\& #endif +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CRYPTO_get_ex_new_index.3 b/deps/openssl/mingw64/share/man/man3/CRYPTO_get_ex_new_index.3 new file mode 100644 index 00000000..3ca05a17 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CRYPTO_get_ex_new_index.3 @@ -0,0 +1,298 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO_GET_EX_NEW_INDEX 3" +.TH CRYPTO_GET_EX_NEW_INDEX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup, CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, CRYPTO_set_ex_data, CRYPTO_get_ex_data, CRYPTO_free_ex_data, CRYPTO_new_ex_data \&\- functions supporting application\-specific data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CRYPTO_get_ex_new_index(int class_index, +\& long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +\& +\& typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, +\& void *from_d, int idx, long argl, void *argp); +\& +\& int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) +\& +\& int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg); +\& +\& void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx); +\& +\& void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *r); +\& +\& int CRYPTO_free_ex_index(int class_index, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several OpenSSL structures can have application-specific data attached to them, +known as \*(L"exdata.\*(R" +The specific structures are: +.PP +.Vb 10 +\& APP +\& BIO +\& DH +\& DRBG +\& DSA +\& EC_KEY +\& ENGINE +\& RSA +\& SSL +\& SSL_CTX +\& SSL_SESSION +\& UI +\& UI_METHOD +\& X509 +\& X509_STORE +\& X509_STORE_CTX +.Ve +.PP +Each is identified by an \fBCRYPTO_EX_INDEX_xxx\fR define in the \fBcrypto.h\fR +header file. In addition, \fB\s-1CRYPTO_EX_INDEX_APP\s0\fR is reserved for +applications to use this facility for their own structures. +.PP +The \s-1API\s0 described here is used by OpenSSL to manipulate exdata for specific +structures. Since the application data can be anything at all it is passed +and retrieved as a \fBvoid *\fR type. +.PP +The \fB\s-1CRYPTO_EX_DATA\s0\fR type is opaque. To initialize the exdata part of +a structure, call \fBCRYPTO_new_ex_data()\fR. This is only necessary for +\&\fB\s-1CRYPTO_EX_INDEX_APP\s0\fR objects. +.PP +Exdata types are identified by an \fBindex\fR, an integer guaranteed to be +unique within structures for the lifetime of the program. Applications +using exdata typically call \fBCRYPTO_get_ex_new_index\fR at startup, and +store the result in a global variable, or write a wrapper function to +provide lazy evaluation. The \fBclass_index\fR should be one of the +\&\fBCRYPTO_EX_INDEX_xxx\fR values. The \fBargl\fR and \fBargp\fR parameters are saved +to be passed to the callbacks but are otherwise not used. In order to +transparently manipulate exdata, three callbacks must be provided. The +semantics of those callbacks are described below. +.PP +When copying or releasing objects with exdata, the callback functions +are called in increasing order of their \fBindex\fR value. +.PP +If a dynamic library can be unloaded, it should call \fBCRYPTO_free_ex_index()\fR +when this is done. +This will replace the callbacks with no-ops +so that applications don't crash. Any existing exdata will be leaked. +.PP +To set or get the exdata on an object, the appropriate type-specific +routine must be used. This is because the containing structure is opaque +and the \fB\s-1CRYPTO_EX_DATA\s0\fR field is not accessible. In both \s-1API\s0's, the +\&\fBidx\fR parameter should be an already-created index value. +.PP +When setting exdata, the pointer specified with a particular index is saved, +and returned on a subsequent \*(L"get\*(R" call. If the application is going to +release the data, it must make sure to set a \fB\s-1NULL\s0\fR value at the index, +to avoid likely double-free crashes. +.PP +The function \fBCRYPTO_free_ex_data\fR is used to free all exdata attached +to a structure. The appropriate type-specific routine must be used. +The \fBclass_index\fR identifies the structure type, the \fBobj\fR is +a pointer to the actual structure, and \fBr\fR is a pointer to the +structure's exdata field. +.SS "Callback Functions" +.IX Subsection "Callback Functions" +This section describes how the callback functions are used. Applications +that are defining their own exdata using \fB\s-1CYPRTO_EX_INDEX_APP\s0\fR must +call them as described here. +.PP +When a structure is initially allocated (such as \fBRSA_new()\fR) then the +\&\fBnew_func()\fR is called for every defined index. There is no requirement +that the entire parent, or containing, structure has been set up. +The \fBnew_func()\fR is typically used only to allocate memory to store the +exdata, and perhaps an \*(L"initialized\*(R" flag within that memory. +The exdata value should be set by calling \fBCRYPTO_set_ex_data()\fR. +.PP +When a structure is free'd (such as \fBSSL_CTX_free()\fR) then the +\&\fBfree_func()\fR is called for every defined index. Again, the state of the +parent structure is not guaranteed. The \fBfree_func()\fR may be called with a +\&\s-1NULL\s0 pointer. +.PP +Both \fBnew_func()\fR and \fBfree_func()\fR take the same parameters. +The \fBparent\fR is the pointer to the structure that contains the exdata. +The \fBptr\fR is the current exdata item; for \fBnew_func()\fR this will typically +be \s-1NULL.\s0 The \fBr\fR parameter is a pointer to the exdata field of the object. +The \fBidx\fR is the index and is the value returned when the callbacks were +initially registered via \fBCRYPTO_get_ex_new_index()\fR and can be used if +the same callback handles different types of exdata. +.PP +\&\fBdup_func()\fR is called when a structure is being copied. This is only done +for \fB\s-1SSL\s0\fR, \fB\s-1SSL_SESSION\s0\fR, \fB\s-1EC_KEY\s0\fR objects and \fB\s-1BIO\s0\fR chains via +\&\fBBIO_dup_chain()\fR. The \fBto\fR and \fBfrom\fR parameters +are pointers to the destination and source \fB\s-1CRYPTO_EX_DATA\s0\fR structures, +respectively. The \fBfrom_d\fR parameter needs to be cast to a \fBvoid **pptr\fR +as the \s-1API\s0 has currently the wrong signature; that will be changed in a +future version. The \fB*pptr\fR is a pointer to the source exdata. +When the \fBdup_func()\fR returns, the value in \fB*pptr\fR is copied to the +destination ex_data. If the pointer contained in \fB*pptr\fR is not modified +by the \fBdup_func()\fR, then both \fBto\fR and \fBfrom\fR will point to the same data. +The \fBidx\fR, \fBargl\fR and \fBargp\fR parameters are as described for the other +two callbacks. If the \fBdup_func()\fR returns \fB0\fR the whole \fBCRYPTO_dup_ex_data()\fR +will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCRYPTO_get_ex_new_index()\fR returns a new index or \-1 on failure. +.PP +\&\fBCRYPTO_free_ex_index()\fR and +\&\fBCRYPTO_set_ex_data()\fR return 1 on success or 0 on failure. +.PP +\&\fBCRYPTO_get_ex_data()\fR returns the application data or \s-1NULL\s0 on failure; +note that \s-1NULL\s0 may be a valid value. +.PP +\&\fBdup_func()\fR should return 0 for failure and 1 for success. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CRYPTO_memcmp.3 b/deps/openssl/mingw64/share/man/man3/CRYPTO_memcmp.3 new file mode 100644 index 00000000..cb3fc228 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CRYPTO_memcmp.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO_MEMCMP 3" +.TH CRYPTO_MEMCMP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_memcmp \- Constant time memory comparison +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CRYPTO_memcmp(const void *a, const void *b, size_t len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The CRYPTO_memcmp function compares the \fBlen\fR bytes pointed to by \fBa\fR and \fBb\fR +for equality. +It takes an amount of time dependent on \fBlen\fR, but independent of the +contents of the memory regions pointed to by \fBa\fR and \fBb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCRYPTO_memcmp()\fR returns 0 if the memory regions are equal and non-zero +otherwise. +.SH "NOTES" +.IX Header "NOTES" +Unlike \fBmemcmp\fR\|(2), this function cannot be used to order the two memory regions +as the return value when they differ is undefined, other than being non-zero. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CTLOG_STORE_get0_log_by_id.3 b/deps/openssl/mingw64/share/man/man3/CTLOG_STORE_get0_log_by_id.3 new file mode 100644 index 00000000..e1415ea4 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CTLOG_STORE_get0_log_by_id.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CTLOG_STORE_GET0_LOG_BY_ID 3" +.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CTLOG_STORE_get0_log_by_id \- Get a Certificate Transparency log from a CTLOG_STORE +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, +\& const uint8_t *log_id, +\& size_t log_id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A Signed Certificate Timestamp (\s-1SCT\s0) identifies the Certificate Transparency +(\s-1CT\s0) log that issued it using the log's LogID (see \s-1RFC 6962,\s0 Section 3.2). +Therefore, it is useful to be able to look up more information about a log +(e.g. its public key) using this LogID. +.PP +\&\fBCTLOG_STORE_get0_log_by_id()\fR provides a way to do this. It will find a \s-1CTLOG\s0 +in a \s-1CTLOG_STORE\s0 that has a given LogID. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCTLOG_STORE_get0_log_by_id\fR returns a \s-1CTLOG\s0 with the given LogID, if it +exists in the given \s-1CTLOG_STORE,\s0 otherwise it returns \s-1NULL.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7), +\&\fBCTLOG_STORE_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBCTLOG_STORE_get0_log_by_id()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CTLOG_STORE_new.3 b/deps/openssl/mingw64/share/man/man3/CTLOG_STORE_new.3 new file mode 100644 index 00000000..6b3067e7 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CTLOG_STORE_new.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CTLOG_STORE_NEW 3" +.TH CTLOG_STORE_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CTLOG_STORE_new, CTLOG_STORE_free, CTLOG_STORE_load_default_file, CTLOG_STORE_load_file \- Create and populate a Certificate Transparency log list +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CTLOG_STORE *CTLOG_STORE_new(void); +\& void CTLOG_STORE_free(CTLOG_STORE *store); +\& +\& int CTLOG_STORE_load_default_file(CTLOG_STORE *store); +\& int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1CTLOG_STORE\s0 is a container for a list of CTLOGs (Certificate Transparency +logs). The list can be loaded from one or more files and then searched by LogID +(see \s-1RFC 6962,\s0 Section 3.2, for the definition of a LogID). +.PP +\&\fBCTLOG_STORE_new()\fR creates an empty list of \s-1CT\s0 logs. This is then populated +by \fBCTLOG_STORE_load_default_file()\fR or \fBCTLOG_STORE_load_file()\fR. +\&\fBCTLOG_STORE_load_default_file()\fR loads from the default file, which is named +\&\*(L"ct_log_list.cnf\*(R" in \s-1OPENSSLDIR\s0 (see the output of version). This can be +overridden using an environment variable named \*(L"\s-1CTLOG_FILE\*(R".\s0 +\&\fBCTLOG_STORE_load_file()\fR loads from a caller-specified file path instead. +Both of these functions append any loaded \s-1CT\s0 logs to the \s-1CTLOG_STORE.\s0 +.PP +The expected format of the file is: +.PP +.Vb 1 +\& enabled_logs=foo,bar +\& +\& [foo] +\& description = Log 1 +\& key = +\& +\& [bar] +\& description = Log 2 +\& key = +.Ve +.PP +Once a \s-1CTLOG_STORE\s0 is no longer required, it should be passed to +\&\fBCTLOG_STORE_free()\fR. This will delete all of the CTLOGs stored within, along +with the \s-1CTLOG_STORE\s0 itself. +.SH "NOTES" +.IX Header "NOTES" +If there are any invalid \s-1CT\s0 logs in a file, they are skipped and the remaining +valid logs will still be added to the \s-1CTLOG_STORE. A CT\s0 log will be considered +invalid if it is missing a \*(L"key\*(R" or \*(L"description\*(R" field. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Both \fBCTLOG_STORE_load_default_file\fR and \fBCTLOG_STORE_load_file\fR return 1 if +all \s-1CT\s0 logs in the file are successfully parsed and loaded, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7), +\&\fBCTLOG_STORE_get0_log_by_id\fR\|(3), +\&\fBSSL_CTX_set_ctlog_list_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CTLOG_new.3 b/deps/openssl/mingw64/share/man/man3/CTLOG_new.3 new file mode 100644 index 00000000..90dd3e49 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CTLOG_new.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CTLOG_NEW 3" +.TH CTLOG_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CTLOG_new, CTLOG_new_from_base64, CTLOG_free, CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key \- encapsulates information about a Certificate Transparency log +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); +\& int CTLOG_new_from_base64(CTLOG ** ct_log, +\& const char *pkey_base64, const char *name); +\& void CTLOG_free(CTLOG *log); +\& const char *CTLOG_get0_name(const CTLOG *log); +\& void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, +\& size_t *log_id_len); +\& EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCTLOG_new()\fR returns a new \s-1CTLOG\s0 that represents the Certificate Transparency +(\s-1CT\s0) log with the given public key. A name must also be provided that can be +used to help users identify this log. Ownership of the public key is +transferred. +.PP +\&\fBCTLOG_new_from_base64()\fR also creates a new \s-1CTLOG,\s0 but takes the public key in +base64\-encoded \s-1DER\s0 form and sets the ct_log pointer to point to the new \s-1CTLOG.\s0 +The base64 will be decoded and the public key parsed. +.PP +Regardless of whether \fBCTLOG_new()\fR or \fBCTLOG_new_from_base64()\fR is used, it is the +caller's responsibility to pass the \s-1CTLOG\s0 to \fBCTLOG_free()\fR once it is no longer +needed. This will delete it and, if created by \fBCTLOG_new()\fR, the \s-1EVP_PKEY\s0 that +was passed to it. +.PP +\&\fBCTLOG_get0_name()\fR returns the name of the log, as provided when the \s-1CTLOG\s0 was +created. Ownership of the string remains with the \s-1CTLOG.\s0 +.PP +\&\fBCTLOG_get0_log_id()\fR sets *log_id to point to a string containing that log's +LogID (see \s-1RFC 6962\s0). It sets *log_id_len to the length of that LogID. For a +v1 \s-1CT\s0 log, the LogID will be a \s-1SHA\-256\s0 hash (i.e. 32 bytes long). Ownership of +the string remains with the \s-1CTLOG.\s0 +.PP +\&\fBCTLOG_get0_public_key()\fR returns the public key of the \s-1CT\s0 log. Ownership of the +\&\s-1EVP_PKEY\s0 remains with the \s-1CTLOG.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCTLOG_new()\fR will return \s-1NULL\s0 if an error occurs. +.PP +\&\fBCTLOG_new_from_base64()\fR will return 1 on success, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/CT_POLICY_EVAL_CTX_new.3 b/deps/openssl/mingw64/share/man/man3/CT_POLICY_EVAL_CTX_new.3 new file mode 100644 index 00000000..0dc57ec3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/CT_POLICY_EVAL_CTX_new.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CT_POLICY_EVAL_CTX_NEW 3" +.TH CT_POLICY_EVAL_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free, CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert, CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer, CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE, CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time \- Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); +\& void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); +\& X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); +\& int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); +\& X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); +\& int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); +\& const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); +\& void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, +\& CTLOG_STORE *log_store); +\& uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); +\& void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1CT_POLICY_EVAL_CTX\s0\fR is used by functions that evaluate whether Signed +Certificate Timestamps (SCTs) fulfil a Certificate Transparency (\s-1CT\s0) policy. +This policy may be, for example, that at least one valid \s-1SCT\s0 is available. To +determine this, an \s-1SCT\s0's timestamp and signature must be verified. +This requires: +.IP "\(bu" 2 +the public key of the log that issued the \s-1SCT\s0 +.IP "\(bu" 2 +the certificate that the \s-1SCT\s0 was issued for +.IP "\(bu" 2 +the issuer certificate (if the \s-1SCT\s0 was issued for a pre-certificate) +.IP "\(bu" 2 +the current time +.PP +The above requirements are met using the setters described below. +.PP +\&\fBCT_POLICY_EVAL_CTX_new()\fR creates an empty policy evaluation context. This +should then be populated using: +.IP "\(bu" 2 +\&\fBCT_POLICY_EVAL_CTX_set1_cert()\fR to provide the certificate the SCTs were issued for +.Sp +Increments the reference count of the certificate. +.IP "\(bu" 2 +\&\fBCT_POLICY_EVAL_CTX_set1_issuer()\fR to provide the issuer certificate +.Sp +Increments the reference count of the certificate. +.IP "\(bu" 2 +\&\fBCT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE()\fR to provide a list of logs that are trusted as sources of SCTs +.Sp +Holds a pointer to the \s-1CTLOG_STORE,\s0 so the \s-1CTLOG_STORE\s0 must outlive the +\&\s-1CT_POLICY_EVAL_CTX.\s0 +.IP "\(bu" 2 +\&\fBCT_POLICY_EVAL_CTX_set_time()\fR to set the time SCTs should be compared with to determine if they are valid +.Sp +The \s-1SCT\s0 timestamp will be compared to this time to check whether the \s-1SCT\s0 was +issued in the future. \s-1RFC6962\s0 states that \*(L"\s-1TLS\s0 clients \s-1MUST\s0 reject SCTs whose +timestamp is in the future\*(R". By default, this will be set to 5 minutes in the +future (e.g. (\fBtime()\fR + 300) * 1000), to allow for clock drift. +.Sp +The time should be in milliseconds since the Unix epoch. +.PP +Each setter has a matching getter for accessing the current value. +.PP +When no longer required, the \fB\s-1CT_POLICY_EVAL_CTX\s0\fR should be passed to +\&\fBCT_POLICY_EVAL_CTX_free()\fR to delete it. +.SH "NOTES" +.IX Header "NOTES" +The issuer certificate only needs to be provided if at least one of the SCTs +was issued for a pre-certificate. This will be the case for SCTs embedded in a +certificate (i.e. those in an X.509 extension), but may not be the case for SCTs +found in the \s-1TLS SCT\s0 extension or \s-1OCSP\s0 response. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCT_POLICY_EVAL_CTX_new()\fR will return \s-1NULL\s0 if malloc fails. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DEFINE_STACK_OF.3 b/deps/openssl/mingw64/share/man/man3/DEFINE_STACK_OF.3 new file mode 100644 index 00000000..cee5b495 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DEFINE_STACK_OF.3 @@ -0,0 +1,404 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DEFINE_STACK_OF 3" +.TH DEFINE_STACK_OF 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, DEFINE_SPECIAL_STACK_OF_CONST, sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, sk_TYPE_reserve, sk_TYPE_free, sk_TYPE_zero, sk_TYPE_delete, sk_TYPE_delete_ptr, sk_TYPE_push, sk_TYPE_unshift, sk_TYPE_pop, sk_TYPE_shift, sk_TYPE_pop_free, sk_TYPE_insert, sk_TYPE_set, sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort, sk_TYPE_is_sorted, sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func, sk_TYPE_new_reserve \&\- stack container +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(TYPE) +\& DEFINE_STACK_OF(TYPE) +\& DEFINE_STACK_OF_CONST(TYPE) +\& DEFINE_SPECIAL_STACK_OF(FUNCTYPE, TYPE) +\& DEFINE_SPECIAL_STACK_OF_CONST(FUNCTYPE, TYPE) +\& +\& typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b); +\& typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a); +\& typedef void (*sk_TYPE_freefunc)(TYPE *a); +\& +\& int sk_TYPE_num(const STACK_OF(TYPE) *sk); +\& TYPE *sk_TYPE_value(const STACK_OF(TYPE) *sk, int idx); +\& STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare); +\& STACK_OF(TYPE) *sk_TYPE_new_null(void); +\& int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n); +\& void sk_TYPE_free(const STACK_OF(TYPE) *sk); +\& void sk_TYPE_zero(const STACK_OF(TYPE) *sk); +\& TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i); +\& TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr); +\& int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr); +\& int sk_TYPE_unshift(STACK_OF(TYPE) *sk, const TYPE *ptr); +\& TYPE *sk_TYPE_pop(STACK_OF(TYPE) *sk); +\& TYPE *sk_TYPE_shift(STACK_OF(TYPE) *sk); +\& void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc); +\& int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx); +\& TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, const TYPE *ptr); +\& int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr); +\& int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr); +\& void sk_TYPE_sort(const STACK_OF(TYPE) *sk); +\& int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk); +\& STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk); +\& STACK_OF(TYPE) *sk_TYPE_deep_copy(const STACK_OF(TYPE) *sk, +\& sk_TYPE_copyfunc copyfunc, +\& sk_TYPE_freefunc freefunc); +\& sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk, +\& sk_TYPE_compfunc compare)); +\& STACK_OF(TYPE) *sk_TYPE_new_reserve(sk_TYPE_compfunc compare, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Applications can create and use their own stacks by placing any of the macros +described below in a header file. These macros define typesafe inline +functions that wrap around the utility \fBOPENSSL_sk_\fR \s-1API.\s0 +In the description here, \fI\s-1TYPE\s0\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. +.PP +\&\s-1\fBSTACK_OF\s0()\fR returns the name for a stack of the specified \fB\s-1TYPE\s0\fR. +\&\s-1\fBDEFINE_STACK_OF\s0()\fR creates set of functions for a stack of \fB\s-1TYPE\s0\fR. This +will mean that type \fB\s-1TYPE\s0\fR is stored in each stack, the type is referenced by +\&\s-1STACK_OF\s0(\s-1TYPE\s0) and each function name begins with \fIsk_TYPE_\fR. For example: +.PP +.Vb 1 +\& TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\s-1\fBDEFINE_STACK_OF_CONST\s0()\fR is identical to \s-1\fBDEFINE_STACK_OF\s0()\fR except +each element is constant. For example: +.PP +.Vb 1 +\& const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR defines a stack of \fB\s-1TYPE\s0\fR but +each function uses \fB\s-1FUNCNAME\s0\fR in the function name. For example: +.PP +.Vb 1 +\& TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\s-1\fBDEFINE_SPECIAL_STACK_OF_CONST\s0()\fR is similar except that each element is +constant: +.PP +.Vb 1 +\& const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\fBsk_TYPE_num()\fR returns the number of elements in \fBsk\fR or \-1 if \fBsk\fR is +\&\fB\s-1NULL\s0\fR. +.PP +\&\fBsk_TYPE_value()\fR returns element \fBidx\fR in \fBsk\fR, where \fBidx\fR starts at +zero. If \fBidx\fR is out of range then \fB\s-1NULL\s0\fR is returned. +.PP +\&\fBsk_TYPE_new()\fR allocates a new empty stack using comparison function \fBcompare\fR. +If \fBcompare\fR is \fB\s-1NULL\s0\fR then no comparison function is used. This function is +equivalent to sk_TYPE_new_reserve(compare, 0). +.PP +\&\fBsk_TYPE_new_null()\fR allocates a new empty stack with no comparison function. This +function is equivalent to sk_TYPE_new_reserve(\s-1NULL, 0\s0). +.PP +\&\fBsk_TYPE_reserve()\fR allocates additional memory in the \fBsk\fR structure +such that the next \fBn\fR calls to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR +or \fBsk_TYPE_unshift()\fR will not fail or cause memory to be allocated +or reallocated. If \fBn\fR is zero, any excess space allocated in the +\&\fBsk\fR structure is freed. On error \fBsk\fR is unchanged. +.PP +\&\fBsk_TYPE_new_reserve()\fR allocates a new stack. The new stack will have additional +memory allocated to hold \fBn\fR elements if \fBn\fR is positive. The next \fBn\fR calls +to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR or \fBsk_TYPE_unshift()\fR will not fail or cause +memory to be allocated or reallocated. If \fBn\fR is zero or less than zero, no +memory is allocated. \fBsk_TYPE_new_reserve()\fR also sets the comparison function +\&\fBcompare\fR to the newly created stack. If \fBcompare\fR is \fB\s-1NULL\s0\fR then no +comparison function is used. +.PP +\&\fBsk_TYPE_set_cmp_func()\fR sets the comparison function of \fBsk\fR to \fBcompare\fR. +The previous comparison function is returned or \fB\s-1NULL\s0\fR if there was +no previous comparison function. +.PP +\&\fBsk_TYPE_free()\fR frees up the \fBsk\fR structure. It does \fBnot\fR free up any +elements of \fBsk\fR. After this call \fBsk\fR is no longer valid. +.PP +\&\fBsk_TYPE_zero()\fR sets the number of elements in \fBsk\fR to zero. It does not free +\&\fBsk\fR so after this call \fBsk\fR is still valid. +.PP +\&\fBsk_TYPE_pop_free()\fR frees up all elements of \fBsk\fR and \fBsk\fR itself. The +free function \fBfreefunc()\fR is called on each element to free it. +.PP +\&\fBsk_TYPE_delete()\fR deletes element \fBi\fR from \fBsk\fR. It returns the deleted +element or \fB\s-1NULL\s0\fR if \fBi\fR is out of range. +.PP +\&\fBsk_TYPE_delete_ptr()\fR deletes element matching \fBptr\fR from \fBsk\fR. It returns +the deleted element or \fB\s-1NULL\s0\fR if no element matching \fBptr\fR was found. +.PP +\&\fBsk_TYPE_insert()\fR inserts \fBptr\fR into \fBsk\fR at position \fBidx\fR. Any existing +elements at or after \fBidx\fR are moved downwards. If \fBidx\fR is out of range +the new element is appended to \fBsk\fR. \fBsk_TYPE_insert()\fR either returns the +number of elements in \fBsk\fR after the new element is inserted or zero if +an error (such as memory allocation failure) occurred. +.PP +\&\fBsk_TYPE_push()\fR appends \fBptr\fR to \fBsk\fR it is equivalent to: +.PP +.Vb 1 +\& sk_TYPE_insert(sk, ptr, \-1); +.Ve +.PP +\&\fBsk_TYPE_unshift()\fR inserts \fBptr\fR at the start of \fBsk\fR it is equivalent to: +.PP +.Vb 1 +\& sk_TYPE_insert(sk, ptr, 0); +.Ve +.PP +\&\fBsk_TYPE_pop()\fR returns and removes the last element from \fBsk\fR. +.PP +\&\fBsk_TYPE_shift()\fR returns and removes the first element from \fBsk\fR. +.PP +\&\fBsk_TYPE_set()\fR sets element \fBidx\fR of \fBsk\fR to \fBptr\fR replacing the current +element. The new element value is returned or \fB\s-1NULL\s0\fR if an error occurred: +this will only happen if \fBsk\fR is \fB\s-1NULL\s0\fR or \fBidx\fR is out of range. +.PP +\&\fBsk_TYPE_find()\fR searches \fBsk\fR for the element \fBptr\fR. In the case +where no comparison function has been specified, the function performs +a linear search for a pointer equal to \fBptr\fR. The index of the first +matching element is returned or \fB\-1\fR if there is no match. In the case +where a comparison function has been specified, \fBsk\fR is sorted then +\&\fBsk_TYPE_find()\fR returns the index of a matching element or \fB\-1\fR if there +is no match. Note that, in this case, the matching element returned is +not guaranteed to be the first; the comparison function will usually +compare the values pointed to rather than the pointers themselves and +the order of elements in \fBsk\fR could change. +.PP +\&\fBsk_TYPE_find_ex()\fR operates like \fBsk_TYPE_find()\fR except when a comparison +function has been specified and no matching element is found. Instead +of returning \fB\-1\fR, \fBsk_TYPE_find_ex()\fR returns the index of the element +either before or after the location where \fBptr\fR would be if it were +present in \fBsk\fR. +.PP +\&\fBsk_TYPE_sort()\fR sorts \fBsk\fR using the supplied comparison function. +.PP +\&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if \fBsk\fR is sorted and \fB0\fR otherwise. +.PP +\&\fBsk_TYPE_dup()\fR returns a copy of \fBsk\fR. Note the pointers in the copy +are identical to the original. +.PP +\&\fBsk_TYPE_deep_copy()\fR returns a new stack where each element has been copied. +Copying is performed by the supplied \fBcopyfunc()\fR and freeing by \fBfreefunc()\fR. The +function \fBfreefunc()\fR is only called if an error occurs. +.SH "NOTES" +.IX Header "NOTES" +Care should be taken when accessing stacks in multi-threaded environments. +Any operation which increases the size of a stack such as \fBsk_TYPE_insert()\fR or +\&\fBsk_push()\fR can \*(L"grow\*(R" the size of an internal array and cause race conditions +if the same stack is accessed in a different thread. Operations such as +\&\fBsk_find()\fR and \fBsk_sort()\fR can also reorder the stack. +.PP +Any comparison function supplied should use a metric suitable +for use in a binary search operation. That is it should return zero, a +positive or negative value if \fBa\fR is equal to, greater than +or less than \fBb\fR respectively. +.PP +Care should be taken when checking the return values of the functions +\&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR. They return an index to the +matching element. In particular \fB0\fR indicates a matching first element. +A failed search is indicated by a \fB\-1\fR return value. +.PP +\&\s-1\fBSTACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF_CONST\s0()\fR, and +\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR are implemented as macros. +.PP +The underlying utility \fBOPENSSL_sk_\fR \s-1API\s0 should not be used directly. +It defines these functions: \fBOPENSSL_sk_deep_copy()\fR, +\&\fBOPENSSL_sk_delete()\fR, \fBOPENSSL_sk_delete_ptr()\fR, \fBOPENSSL_sk_dup()\fR, +\&\fBOPENSSL_sk_find()\fR, \fBOPENSSL_sk_find_ex()\fR, \fBOPENSSL_sk_free()\fR, +\&\fBOPENSSL_sk_insert()\fR, \fBOPENSSL_sk_is_sorted()\fR, \fBOPENSSL_sk_new()\fR, +\&\fBOPENSSL_sk_new_null()\fR, \fBOPENSSL_sk_num()\fR, \fBOPENSSL_sk_pop()\fR, +\&\fBOPENSSL_sk_pop_free()\fR, \fBOPENSSL_sk_push()\fR, \fBOPENSSL_sk_reserve()\fR, +\&\fBOPENSSL_sk_set()\fR, \fBOPENSSL_sk_set_cmp_func()\fR, \fBOPENSSL_sk_shift()\fR, +\&\fBOPENSSL_sk_sort()\fR, \fBOPENSSL_sk_unshift()\fR, \fBOPENSSL_sk_value()\fR, +\&\fBOPENSSL_sk_zero()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBsk_TYPE_num()\fR returns the number of elements in the stack or \fB\-1\fR if the +passed stack is \fB\s-1NULL\s0\fR. +.PP +\&\fBsk_TYPE_value()\fR returns a pointer to a stack element or \fB\s-1NULL\s0\fR if the +index is out of range. +.PP +\&\fBsk_TYPE_new()\fR, \fBsk_TYPE_new_null()\fR and \fBsk_TYPE_new_reserve()\fR return an empty +stack or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBsk_TYPE_reserve()\fR returns \fB1\fR on successful allocation of the required memory +or \fB0\fR on error. +.PP +\&\fBsk_TYPE_set_cmp_func()\fR returns the old comparison function or \fB\s-1NULL\s0\fR if +there was no old comparison function. +.PP +\&\fBsk_TYPE_free()\fR, \fBsk_TYPE_zero()\fR, \fBsk_TYPE_pop_free()\fR and \fBsk_TYPE_sort()\fR do +not return values. +.PP +\&\fBsk_TYPE_pop()\fR, \fBsk_TYPE_shift()\fR, \fBsk_TYPE_delete()\fR and \fBsk_TYPE_delete_ptr()\fR +return a pointer to the deleted element or \fB\s-1NULL\s0\fR on error. +.PP +\&\fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR and \fBsk_TYPE_unshift()\fR return the total +number of elements in the stack and 0 if an error occurred. +.PP +\&\fBsk_TYPE_set()\fR returns a pointer to the replacement element or \fB\s-1NULL\s0\fR on +error. +.PP +\&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR return an index to the found element +or \fB\-1\fR on error. +.PP +\&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if the stack is sorted and \fB0\fR if it is +not. +.PP +\&\fBsk_TYPE_dup()\fR and \fBsk_TYPE_deep_copy()\fR return a pointer to the copy of the +stack. +.SH "HISTORY" +.IX Header "HISTORY" +Before OpenSSL 1.1.0, this was implemented via macros and not inline functions +and was not a public \s-1API.\s0 +.PP +\&\fBsk_TYPE_reserve()\fR and \fBsk_TYPE_new_reserve()\fR were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DES_random_key.3 b/deps/openssl/mingw64/share/man/man3/DES_random_key.3 new file mode 100644 index 00000000..debdb963 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DES_random_key.3 @@ -0,0 +1,444 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DES_RANDOM_KEY 3" +.TH DES_RANDOM_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, DES_fcrypt, DES_crypt \- DES encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DES_random_key(DES_cblock *ret); +\& +\& int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); +\& void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); +\& +\& void DES_set_odd_parity(DES_cblock *key); +\& int DES_is_weak_key(const_DES_cblock *key); +\& +\& void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks, int enc); +\& void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, int enc); +\& void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, +\& DES_key_schedule *ks3, int enc); +\& +\& void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int enc); +\& void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec, int enc); +\& void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec); +\& void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int enc); +\& void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int *num, int enc); +\& void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int *num); +\& +\& void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& const_DES_cblock *inw, const_DES_cblock *outw, int enc); +\& +\& void DES_ede2_cbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int enc); +\& void DES_ede2_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, +\& int *num, int enc); +\& void DES_ede2_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int *num); +\& +\& void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int enc); +\& void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int *num, int enc); +\& void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int *num); +\& +\& DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, +\& long length, DES_key_schedule *schedule, +\& const_DES_cblock *ivec); +\& DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], +\& long length, int out_count, DES_cblock *seed); +\& void DES_string_to_key(const char *str, DES_cblock *key); +\& void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); +\& +\& char *DES_fcrypt(const char *buf, const char *salt, char *ret); +\& char *DES_crypt(const char *buf, const char *salt); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library contains a fast implementation of the \s-1DES\s0 encryption +algorithm. +.PP +There are two phases to the use of \s-1DES\s0 encryption. The first is the +generation of a \fIDES_key_schedule\fR from a key, the second is the +actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type +consists of 8 bytes with odd parity. The least significant bit in +each byte is the parity bit. The key schedule is an expanded form of +the key; it is used to speed the encryption process. +.PP +\&\fBDES_random_key()\fR generates a random key. The random generator must be +seeded when calling this function. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +If the function fails, 0 is returned. +.PP +Before a \s-1DES\s0 key can be used, it must be converted into the +architecture dependent \fIDES_key_schedule\fR via the +\&\fBDES_set_key_checked()\fR or \fBDES_set_key_unchecked()\fR function. +.PP +\&\fBDES_set_key_checked()\fR will check that the key passed is of odd parity +and is not a weak or semi-weak key. If the parity is wrong, then \-1 +is returned. If the key is a weak key, then \-2 is returned. If an +error is returned, the key schedule is not generated. +.PP +\&\fBDES_set_key()\fR works like +\&\fBDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero, +otherwise like \fBDES_set_key_unchecked()\fR. These functions are available +for compatibility; it is recommended to use a function that does not +depend on a global variable. +.PP +\&\fBDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. +.PP +\&\fBDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it +is ok. +.PP +The following routines mostly operate on an input and output stream of +\&\fIDES_cblock\fRs. +.PP +\&\fBDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or +decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR +(\s-1ECB\s0) mode. It always transforms the input data, pointed to by +\&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument. +If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR +(cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the +key_schedule specified by the \fIschedule\fR argument, previously set via +\&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now +ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input +and output may overlap. \fBDES_ecb_encrypt()\fR does not return a value. +.PP +\&\fBDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using +three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting +the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and +then encrypting with \fIks3\fR. This routine greatly reduces the chances +of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR, +\&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption +using \s-1ECB\s0 mode and \fIks1\fR as the key. +.PP +The macro \fBDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES +encryption by using \fIks1\fR for the final encryption. +.PP +\&\fBDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR +(\s-1CBC\s0) mode of \s-1DES.\s0 If the \fIencrypt\fR argument is non-zero, the +routine cipher-block-chain encrypts the cleartext data pointed to by +the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR +argument, using the key schedule provided by the \fIschedule\fR argument, +and initialization vector provided by the \fIivec\fR argument. If the +\&\fIlength\fR argument is not an integral multiple of eight bytes, the +last block is copied to a temporary area and zero filled. The output +is always an integral multiple of eight bytes. +.PP +\&\fBDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES.\s0 It uses \fIinw\fR and +\&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret +(unlike the iv) and are as such, part of the key. So the key is sort +of 24 bytes. This is much better than \s-1CBC DES.\s0 +.PP +\&\fBDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with +three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is +\&\f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0 +.PP +The \fBDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by +reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. +This form of Triple-DES is used by the \s-1RSAREF\s0 library. +.PP +\&\fBDES_pcbc_encrypt()\fR encrypts/decrypts using the propagating cipher block +chaining mode used by Kerberos v4. Its parameters are the same as +\&\fBDES_ncbc_encrypt()\fR. +.PP +\&\fBDES_cfb_encrypt()\fR encrypts/decrypts using cipher feedback mode. This +method takes an array of characters as input and outputs an array of +characters. It does not require any padding to 8 character groups. +Note: the \fIivec\fR variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only +suggested for use when sending a small number of characters. +.PP +\&\fBDES_cfb64_encrypt()\fR +implements \s-1CFB\s0 mode of \s-1DES\s0 with 64\-bit feedback. Why is this +useful you ask? Because this routine will allow you to encrypt an +arbitrary number of bytes, without 8 byte padding. Each call to this +routine will encrypt the input bytes to output and then update ivec +and num. num contains 'how far' we are though ivec. If this does +not make much sense, read more about \s-1CFB\s0 mode of \s-1DES.\s0 +.PP +\&\fBDES_ede3_cfb64_encrypt()\fR and \fBDES_ede2_cfb64_encrypt()\fR is the same as +\&\fBDES_cfb64_encrypt()\fR except that Triple-DES is used. +.PP +\&\fBDES_ofb_encrypt()\fR encrypts using output feedback mode. This method +takes an array of characters as input and outputs an array of +characters. It does not require any padding to 8 character groups. +Note: the \fIivec\fR variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only +suggested for use when sending a small number of characters. +.PP +\&\fBDES_ofb64_encrypt()\fR is the same as \fBDES_cfb64_encrypt()\fR using Output +Feed Back mode. +.PP +\&\fBDES_ede3_ofb64_encrypt()\fR and \fBDES_ede2_ofb64_encrypt()\fR is the same as +\&\fBDES_ofb64_encrypt()\fR, using Triple-DES. +.PP +The following functions are included in the \s-1DES\s0 library for +compatibility with the \s-1MIT\s0 Kerberos library. +.PP +\&\fBDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream +(via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned +and the complete 8 bytes are placed in \fIoutput\fR. This function is +used by Kerberos v4. Other applications should use +\&\fBEVP_DigestInit\fR\|(3) etc. instead. +.PP +\&\fBDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte +checksum from the input bytes. The algorithm can be iterated over the +input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is +non-NULL, the 8 bytes generated by each pass are written into +\&\fIoutput\fR. +.PP +The following are DES-based transformations: +.PP +\&\fBDES_fcrypt()\fR is a fast version of the Unix \fBcrypt\fR\|(3) function. This +version takes only a small amount of space relative to other fast +\&\fBcrypt()\fR implementations. This is different to the normal \fBcrypt()\fR in +that the third parameter is the buffer that the return value is +written into. It needs to be at least 14 bytes long. This function +is thread safe, unlike the normal \fBcrypt()\fR. +.PP +\&\fBDES_crypt()\fR is a faster replacement for the normal system \fBcrypt()\fR. +This function calls \fBDES_fcrypt()\fR with a static array passed as the +third parameter. This mostly emulates the normal non-thread-safe semantics +of \fBcrypt\fR\|(3). +The \fBsalt\fR must be two \s-1ASCII\s0 characters. +.PP +The values returned by \fBDES_fcrypt()\fR and \fBDES_crypt()\fR are terminated by \s-1NUL\s0 +character. +.PP +\&\fBDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from +buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default) +using \fIsched\fR for the key and \fIiv\fR as a starting vector. The actual +data send down \fIfd\fR consists of 4 bytes (in network byte order) +containing the length of the following encrypted data. The encrypted +data then follows, padded with random data out to a multiple of 8 +bytes. +.SH "BUGS" +.IX Header "BUGS" +\&\fBDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fBDES_ncbc_encrypt()\fR +instead. +.PP +\&\fBDES_cfb_encrypt()\fR and \fBDES_ofb_encrypt()\fR operates on input of 8 bits. +What this means is that if you set numbits to 12, and length to 2, the +first 12 bits will come from the 1st input byte and the low half of +the second input byte. The second 12 bits will have the low 8 bits +taken from the 3rd input byte and the top 4 bits taken from the 4th +input byte. The same holds for output. This function has been +implemented this way because most people will be using a multiple of 8 +and because once you get into pulling bytes input bytes apart things +get ugly! +.PP +\&\fBDES_string_to_key()\fR is available for backward compatibility with the +\&\s-1MIT\s0 library. New applications should use a cryptographic hash function. +The same applies for \fBDES_string_to_2key()\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fBdes\fR library was written to be source code compatible with +the \s-1MIT\s0 Kerberos library. +.PP +Applications should use the higher level functions +\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these +functions directly. +.PP +Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is +not suitable for most applications; see \fBdes_modes\fR\|(7). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDES_set_key()\fR, \fBDES_key_sched()\fR, \fBDES_set_key_checked()\fR and \fBDES_is_weak_key()\fR +return 0 on success or negative values on error. +.PP +\&\fBDES_cbc_cksum()\fR and \fBDES_quad_cksum()\fR return 4\-byte integer representing the +last 4 bytes of the checksum of the input. +.PP +\&\fBDES_fcrypt()\fR returns a pointer to the caller-provided buffer and \fBDES_crypt()\fR \- +to a static buffer on success; otherwise they return \s-1NULL.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBdes_modes\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The requirement that the \fBsalt\fR parameter to \fBDES_crypt()\fR and \fBDES_fcrypt()\fR +be two \s-1ASCII\s0 characters was first enforced in +OpenSSL 1.1.0. Previous versions tried to use the letter uppercase \fBA\fR +if both character were not present, and could crash when given non-ASCII +on some platforms. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DH_generate_key.3 b/deps/openssl/mingw64/share/man/man3/DH_generate_key.3 new file mode 100644 index 00000000..637d4a87 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DH_generate_key.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GENERATE_KEY 3" +.TH DH_GENERATE_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_generate_key, DH_compute_key \- perform Diffie\-Hellman key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DH_generate_key(DH *dh); +\& +\& int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_generate_key()\fR performs the first step of a Diffie-Hellman key +exchange by generating private and public \s-1DH\s0 values. By calling +\&\fBDH_compute_key()\fR, these are combined with the other party's public +value to compute the shared key. +.PP +\&\fBDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters +\&\fBdh\->p\fR and \fBdh\->g\fR. It generates a random private \s-1DH\s0 value +unless \fBdh\->priv_key\fR is already set, and computes the +corresponding public value \fBdh\->pub_key\fR, which can then be +published. +.PP +\&\fBDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value +in \fBdh\fR and the other party's public value in \fBpub_key\fR and stores +it in \fBkey\fR. \fBkey\fR must point to \fBDH_size(dh)\fR bytes of memory. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_generate_key()\fR returns 1 on success, 0 otherwise. +.PP +\&\fBDH_compute_key()\fR returns the size of the shared secret on success, \-1 +on error. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBDH_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DH_generate_parameters.3 b/deps/openssl/mingw64/share/man/man3/DH_generate_parameters.3 new file mode 100644 index 00000000..3de6f6de --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DH_generate_parameters.3 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GENERATE_PARAMETERS 3" +.TH DH_GENERATE_PARAMETERS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_generate_parameters_ex, DH_generate_parameters, DH_check, DH_check_params, DH_check_ex, DH_check_params_ex, DH_check_pub_key_ex \&\- generate and check Diffie\-Hellman parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb); +\& +\& int DH_check(DH *dh, int *codes); +\& int DH_check_params(DH *dh, int *codes); +\& +\& int DH_check_ex(const DH *dh); +\& int DH_check_params_ex(const DH *dh); +\& int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& #if OPENSSL_API_COMPAT < 0x00908000L +\& DH *DH_generate_parameters(int prime_len, int generator, +\& void (*callback)(int, int, void *), void *cb_arg); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can +be shared among a group of users, and stores them in the provided \fB\s-1DH\s0\fR +structure. The pseudo-random number generator must be +seeded before calling it. +The parameters generated by \fBDH_generate_parameters_ex()\fR should not be used in +signature schemes. +.PP +\&\fBprime_len\fR is the length in bits of the safe prime to be generated. +\&\fBgenerator\fR is a small number > 1, typically 2 or 5. +.PP +A callback function may be used to provide feedback about the progress +of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be +called as described in \fBBN_generate_prime\fR\|(3) while a random prime +number is generated, and when a prime has been found, \fBBN_GENCB_call(cb, 3, 0)\fR +is called. See \fBBN_generate_prime_ex\fR\|(3) for information on +the \fBBN_GENCB_call()\fR function. +.PP +\&\fBDH_generate_parameters()\fR is similar to \fBDH_generate_prime_ex()\fR but +expects an old-style callback function; see +\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. +.PP +\&\fBDH_check_params()\fR confirms that the \fBp\fR and \fBg\fR are likely enough to +be valid. +This is a lightweight check, if a more thorough check is needed, use +\&\fBDH_check()\fR. +The value of \fB*codes\fR is updated with any problems found. +If \fB*codes\fR is zero then no problems were found, otherwise the +following bits may be set: +.IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 +.IX Item "DH_CHECK_P_NOT_PRIME" +The parameter \fBp\fR has been determined to not being an odd prime. +Note that the lack of this bit doesn't guarantee that \fBp\fR is a +prime. +.IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 +.IX Item "DH_NOT_SUITABLE_GENERATOR" +The generator \fBg\fR is not suitable. +Note that the lack of this bit doesn't guarantee that \fBg\fR is +suitable, unless \fBp\fR is known to be a strong prime. +.PP +\&\fBDH_check()\fR confirms that the Diffie-Hellman parameters \fBdh\fR are valid. The +value of \fB*codes\fR is updated with any problems found. If \fB*codes\fR is zero then +no problems were found, otherwise the following bits may be set: +.IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 +.IX Item "DH_CHECK_P_NOT_PRIME" +The parameter \fBp\fR is not prime. +.IP "\s-1DH_CHECK_P_NOT_SAFE_PRIME\s0" 4 +.IX Item "DH_CHECK_P_NOT_SAFE_PRIME" +The parameter \fBp\fR is not a safe prime and no \fBq\fR value is present. +.IP "\s-1DH_UNABLE_TO_CHECK_GENERATOR\s0" 4 +.IX Item "DH_UNABLE_TO_CHECK_GENERATOR" +The generator \fBg\fR cannot be checked for suitability. +.IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 +.IX Item "DH_NOT_SUITABLE_GENERATOR" +The generator \fBg\fR is not suitable. +.IP "\s-1DH_CHECK_Q_NOT_PRIME\s0" 4 +.IX Item "DH_CHECK_Q_NOT_PRIME" +The parameter \fBq\fR is not prime. +.IP "\s-1DH_CHECK_INVALID_Q_VALUE\s0" 4 +.IX Item "DH_CHECK_INVALID_Q_VALUE" +The parameter \fBq\fR is invalid. +.IP "\s-1DH_CHECK_INVALID_J_VALUE\s0" 4 +.IX Item "DH_CHECK_INVALID_J_VALUE" +The parameter \fBj\fR is invalid. +.PP +\&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR are similar to +\&\fBDH_check()\fR and \fBDH_check_params()\fR respectively, but the error reasons are added +to the thread's error queue instead of provided as return values from the +function. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_generate_parameters_ex()\fR, \fBDH_check()\fR and \fBDH_check_params()\fR return 1 +if the check could be performed, 0 otherwise. +.PP +\&\fBDH_generate_parameters()\fR returns a pointer to the \s-1DH\s0 structure or \s-1NULL\s0 if +the parameter generation fails. +.PP +\&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR return 1 if the +check is successful, 0 for failed. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDH_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBDH_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use +\&\fBDH_generate_parameters_ex()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DH_get0_pqg.3 b/deps/openssl/mingw64/share/man/man3/DH_get0_pqg.3 new file mode 100644 index 00000000..0a226aef --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DH_get0_pqg.3 @@ -0,0 +1,254 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GET0_PQG 3" +.TH DH_GET0_PQG 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, DH_get0_p, DH_get0_q, DH_get0_g, DH_get0_priv_key, DH_get0_pub_key, DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, DH_get_length, DH_set_length \- Routines for getting and setting data in a DH object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DH_get0_pqg(const DH *dh, +\& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +\& int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +\& void DH_get0_key(const DH *dh, +\& const BIGNUM **pub_key, const BIGNUM **priv_key); +\& int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +\& const BIGNUM *DH_get0_p(const DH *dh); +\& const BIGNUM *DH_get0_q(const DH *dh); +\& const BIGNUM *DH_get0_g(const DH *dh); +\& const BIGNUM *DH_get0_priv_key(const DH *dh); +\& const BIGNUM *DH_get0_pub_key(const DH *dh); +\& void DH_clear_flags(DH *dh, int flags); +\& int DH_test_flags(const DH *dh, int flags); +\& void DH_set_flags(DH *dh, int flags); +\& ENGINE *DH_get0_engine(DH *d); +\& long DH_get_length(const DH *dh); +\& int DH_set_length(DH *dh, long length); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1DH\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. Note that the \fBq\fR +parameter is optional. It also contains a public key (\fBpub_key\fR) and +(optionally) a private key (\fBpriv_key\fR). +.PP +The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDH_get0_pqg()\fR. +If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set +to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These +point directly to the internal representations of the values and therefore +should not be freed directly. +Any of the out parameters \fBp\fR, \fBq\fR, and \fBg\fR can be \s-1NULL,\s0 in which case no +value will be returned for that parameter. +.PP +The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDH_set0_pqg()\fR and passing +the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling +this function transfers the memory management of the values to the \s-1DH\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. The \fBq\fR parameter may be \s-1NULL.\s0 +.PP +To get the public and private key values use the \fBDH_get0_key()\fR function. A +pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the +private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not +been set yet, although if the private key has been set then the public key must +be. The values point to the internal representation of the public key and +private key values. This memory should not be freed directly. +Any of the out parameters \fBpub_key\fR and \fBpriv_key\fR can be \s-1NULL,\s0 in which case +no value will be returned for that parameter. +.PP +The public and private key values can be set using \fBDH_set0_key()\fR. Either +parameter may be \s-1NULL,\s0 which means the corresponding \s-1DH\s0 field is left +untouched. As with \fBDH_set0_pqg()\fR this function transfers the memory management +of the key values to the \s-1DH\s0 object, and therefore they should not be freed +directly after this function has been called. +.PP +Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be +retrieved separately by the corresponding function \fBDH_get0_p()\fR, \fBDH_get0_q()\fR, +\&\fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR, respectively. +.PP +\&\fBDH_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DH\s0 object. +Multiple flags can be passed in one go (bitwise ORed together). Any flags that +are already set are left set. \fBDH_test_flags()\fR tests to see whether the flags +passed in the \fBflags\fR parameter are currently set in the \s-1DH\s0 object. Multiple +flags can be tested in one go. All flags that are currently set are returned, or +zero if none of the flags are set. \fBDH_clear_flags()\fR clears the specified flags +within the \s-1DH\s0 object. +.PP +\&\fBDH_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DH\s0 +object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. +.PP +The \fBDH_get_length()\fR and \fBDH_set_length()\fR functions get and set the optional +length parameter associated with this \s-1DH\s0 object. If the length is non-zero then +it is used, otherwise it is ignored. The \fBlength\fR parameter indicates the +length of the secret exponent (private key) in bits. +.SH "NOTES" +.IX Header "NOTES" +Values retrieved with \fBDH_get0_key()\fR are owned by the \s-1DH\s0 object used +in the call and may therefore \fInot\fR be passed to \fBDH_set0_key()\fR. If +needed, duplicate the received value using \fBBN_dup()\fR and pass the +duplicate. The same applies to \fBDH_get0_pqg()\fR and \fBDH_set0_pqg()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_set0_pqg()\fR and \fBDH_set0_key()\fR return 1 on success or 0 on failure. +.PP +\&\fBDH_get0_p()\fR, \fBDH_get0_q()\fR, \fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR +return the respective value, or \s-1NULL\s0 if it is unset. +.PP +\&\fBDH_test_flags()\fR returns the current state of the flags in the \s-1DH\s0 object. +.PP +\&\fBDH_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DH\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 +has been set. +.PP +\&\fBDH_get_length()\fR returns the length of the secret exponent (private key) in bits, +or zero if no such length has been explicitly set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3), +\&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DH_get_1024_160.3 b/deps/openssl/mingw64/share/man/man3/DH_get_1024_160.3 new file mode 100644 index 00000000..03513428 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DH_get_1024_160.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GET_1024_160 3" +.TH DH_GET_1024_160 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_get_1024_160, DH_get_2048_224, DH_get_2048_256, BN_get0_nist_prime_192, BN_get0_nist_prime_224, BN_get0_nist_prime_256, BN_get0_nist_prime_384, BN_get0_nist_prime_521, BN_get_rfc2409_prime_768, BN_get_rfc2409_prime_1024, BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192 \&\- Create standardized public primes or DH pairs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& #include +\& DH *DH_get_1024_160(void) +\& DH *DH_get_2048_224(void) +\& DH *DH_get_2048_256(void) +\& +\& const BIGNUM *BN_get0_nist_prime_192(void) +\& const BIGNUM *BN_get0_nist_prime_224(void) +\& const BIGNUM *BN_get0_nist_prime_256(void) +\& const BIGNUM *BN_get0_nist_prime_384(void) +\& const BIGNUM *BN_get0_nist_prime_521(void) +\& +\& BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) +\& BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_get_1024_160()\fR, \fBDH_get_2048_224()\fR, and \fBDH_get_2048_256()\fR each return +a \s-1DH\s0 object for the \s-1IETF RFC 5114\s0 value. +.PP +\&\fBBN_get0_nist_prime_192()\fR, \fBBN_get0_nist_prime_224()\fR, \fBBN_get0_nist_prime_256()\fR, +\&\fBBN_get0_nist_prime_384()\fR, and \fBBN_get0_nist_prime_521()\fR functions return +a \s-1BIGNUM\s0 for the specific \s-1NIST\s0 prime curve (e.g., P\-256). +.PP +\&\fBBN_get_rfc2409_prime_768()\fR, \fBBN_get_rfc2409_prime_1024()\fR, +\&\fBBN_get_rfc3526_prime_1536()\fR, \fBBN_get_rfc3526_prime_2048()\fR, +\&\fBBN_get_rfc3526_prime_3072()\fR, \fBBN_get_rfc3526_prime_4096()\fR, +\&\fBBN_get_rfc3526_prime_6144()\fR, and \fBBN_get_rfc3526_prime_8192()\fR functions +return a \s-1BIGNUM\s0 for the specified size from \s-1IETF RFC 2409.\s0 If \fBbn\fR +is not \s-1NULL,\s0 the \s-1BIGNUM\s0 will be set into that location as well. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Defined above. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DH_meth_new.3 b/deps/openssl/mingw64/share/man/man3/DH_meth_new.3 new file mode 100644 index 00000000..15172015 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DH_meth_new.3 @@ -0,0 +1,294 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_METH_NEW 3" +.TH DH_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data, DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key, DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp, DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish, DH_meth_get_generate_params, DH_meth_set_generate_params \- Routines to build up DH methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH_METHOD *DH_meth_new(const char *name, int flags); +\& +\& void DH_meth_free(DH_METHOD *dhm); +\& +\& DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); +\& +\& const char *DH_meth_get0_name(const DH_METHOD *dhm); +\& int DH_meth_set1_name(DH_METHOD *dhm, const char *name); +\& +\& int DH_meth_get_flags(const DH_METHOD *dhm); +\& int DH_meth_set_flags(DH_METHOD *dhm, int flags); +\& +\& void *DH_meth_get0_app_data(const DH_METHOD *dhm); +\& int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); +\& +\& int (*DH_meth_get_generate_key(const DH_METHOD *dhm))(DH *); +\& int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key)(DH *)); +\& +\& int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) +\& (unsigned char *key, const BIGNUM *pub_key, DH *dh); +\& int DH_meth_set_compute_key(DH_METHOD *dhm, +\& int (*compute_key)(unsigned char *key, const BIGNUM *pub_key, DH *dh)); +\& +\& int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) +\& (const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +\& int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, +\& int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *m_ctx)); +\& +\& int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); +\& int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); +\& +\& int (*DH_meth_get_finish(const DH_METHOD *dhm))(DH *); +\& int DH_meth_set_finish(DH_METHOD *dhm, int (*finish)(DH *)); +\& +\& int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) +\& (DH *, int, int, BN_GENCB *); +\& int DH_meth_set_generate_params(DH_METHOD *dhm, +\& int (*generate_params)(DH *, int, int, BN_GENCB *)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1DH_METHOD\s0\fR type is a structure used for the provision of custom \s-1DH\s0 +implementations. It provides a set of functions used by OpenSSL for the +implementation of the various \s-1DH\s0 capabilities. +.PP +\&\fBDH_meth_new()\fR creates a new \fB\s-1DH_METHOD\s0\fR structure. It should be given a +unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated +string, which will be duplicated and stored in the \fB\s-1DH_METHOD\s0\fR object. It is +the callers responsibility to free the original string. The flags will be used +during the construction of a new \fB\s-1DH\s0\fR object based on this \fB\s-1DH_METHOD\s0\fR. Any +new \fB\s-1DH\s0\fR object will have those flags set by default. +.PP +\&\fBDH_meth_dup()\fR creates a duplicate copy of the \fB\s-1DH_METHOD\s0\fR object passed as a +parameter. This might be useful for creating a new \fB\s-1DH_METHOD\s0\fR based on an +existing one, but with some differences. +.PP +\&\fBDH_meth_free()\fR destroys a \fB\s-1DH_METHOD\s0\fR structure and frees up any memory +associated with it. +.PP +\&\fBDH_meth_get0_name()\fR will return a pointer to the name of this \s-1DH_METHOD.\s0 This +is a pointer to the internal name string and so should not be freed by the +caller. \fBDH_meth_set1_name()\fR sets the name of the \s-1DH_METHOD\s0 to \fBname\fR. The +string is duplicated and the copy is stored in the \s-1DH_METHOD\s0 structure, so the +caller remains responsible for freeing the memory associated with the name. +.PP +\&\fBDH_meth_get_flags()\fR returns the current value of the flags associated with this +\&\s-1DH_METHOD.\s0 \fBDH_meth_set_flags()\fR provides the ability to set these flags. +.PP +The functions \fBDH_meth_get0_app_data()\fR and \fBDH_meth_set0_app_data()\fR provide the +ability to associate implementation specific data with the \s-1DH_METHOD.\s0 It is +the application's responsibility to free this data before the \s-1DH_METHOD\s0 is +freed via a call to \fBDH_meth_free()\fR. +.PP +\&\fBDH_meth_get_generate_key()\fR and \fBDH_meth_set_generate_key()\fR get and set the +function used for generating a new \s-1DH\s0 key pair respectively. This function will +be called in response to the application calling \fBDH_generate_key()\fR. The +parameter for the function has the same meaning as for \fBDH_generate_key()\fR. +.PP +\&\fBDH_meth_get_compute_key()\fR and \fBDH_meth_set_compute_key()\fR get and set the +function used for computing a new \s-1DH\s0 shared secret respectively. This function +will be called in response to the application calling \fBDH_compute_key()\fR. The +parameters for the function have the same meaning as for \fBDH_compute_key()\fR. +.PP +\&\fBDH_meth_get_bn_mod_exp()\fR and \fBDH_meth_set_bn_mod_exp()\fR get and set the function +used for computing the following value: +.PP +.Vb 1 +\& r = a ^ p mod m +.Ve +.PP +This function will be called by the default OpenSSL function for +\&\fBDH_generate_key()\fR. The result is stored in the \fBr\fR parameter. This function +may be \s-1NULL\s0 unless using the default generate key function, in which case it +must be present. +.PP +\&\fBDH_meth_get_init()\fR and \fBDH_meth_set_init()\fR get and set the function used +for creating a new \s-1DH\s0 instance respectively. This function will be +called in response to the application calling \fBDH_new()\fR (if the current default +\&\s-1DH_METHOD\s0 is this one) or \fBDH_new_method()\fR. The \fBDH_new()\fR and \fBDH_new_method()\fR +functions will allocate the memory for the new \s-1DH\s0 object, and a pointer to this +newly allocated structure will be passed as a parameter to the function. This +function may be \s-1NULL.\s0 +.PP +\&\fBDH_meth_get_finish()\fR and \fBDH_meth_set_finish()\fR get and set the function used +for destroying an instance of a \s-1DH\s0 object respectively. This function will be +called in response to the application calling \fBDH_free()\fR. A pointer to the \s-1DH\s0 +to be destroyed is passed as a parameter. The destroy function should be used +for \s-1DH\s0 implementation specific clean up. The memory for the \s-1DH\s0 itself should +not be freed by this function. This function may be \s-1NULL.\s0 +.PP +\&\fBDH_meth_get_generate_params()\fR and \fBDH_meth_set_generate_params()\fR get and set the +function used for generating \s-1DH\s0 parameters respectively. This function will be +called in response to the application calling \fBDH_generate_parameters_ex()\fR (or +\&\fBDH_generate_parameters()\fR). The parameters for the function have the same +meaning as for \fBDH_generate_parameters_ex()\fR. This function may be \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_meth_new()\fR and \fBDH_meth_dup()\fR return the newly allocated \s-1DH_METHOD\s0 object +or \s-1NULL\s0 on failure. +.PP +\&\fBDH_meth_get0_name()\fR and \fBDH_meth_get_flags()\fR return the name and flags +associated with the \s-1DH_METHOD\s0 respectively. +.PP +All other DH_meth_get_*() functions return the appropriate function pointer +that has been set in the \s-1DH_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been +set. +.PP +\&\fBDH_meth_set1_name()\fR and all DH_meth_set_*() functions return 1 on success or +0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3), +\&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_get0_pqg\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DH_new.3 b/deps/openssl/mingw64/share/man/man3/DH_new.3 new file mode 100644 index 00000000..f765fc81 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DH_new.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_NEW 3" +.TH DH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_new, DH_free \- allocate and free DH objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH* DH_new(void); +\& +\& void DH_free(DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure. +.PP +\&\fBDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are +erased before the memory is returned to the system. +If \fBdh\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns +a pointer to the newly allocated structure. +.PP +\&\fBDH_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBDH_generate_parameters\fR\|(3), +\&\fBDH_generate_key\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DH_new_by_nid.3 b/deps/openssl/mingw64/share/man/man3/DH_new_by_nid.3 new file mode 100644 index 00000000..c993ebe4 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DH_new_by_nid.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_NEW_BY_NID 3" +.TH DH_NEW_BY_NID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_new_by_nid, DH_get_nid \- get or find DH named parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& #include +\& DH *DH_new_by_nid(int nid); +\& int *DH_get_nid(const DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_new_by_nid()\fR creates and returns a \s-1DH\s0 structure containing named parameters +\&\fBnid\fR. Currently \fBnid\fR must be \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, +\&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR or \fBNID_ffdhe8192\fR. +.PP +\&\fBDH_get_nid()\fR determines if the parameters contained in \fBdh\fR match +any named set. It returns the \s-1NID\s0 corresponding to the matching parameters or +\&\fBNID_undef\fR if there is no match. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_new_by_nid()\fR returns a set of \s-1DH\s0 parameters or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBDH_get_nid()\fR returns the \s-1NID\s0 of the matching set of parameters or +\&\fBNID_undef\fR if there is no match. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DH_set_method.3 b/deps/openssl/mingw64/share/man/man3/DH_set_method.3 new file mode 100644 index 00000000..f9f0c1f0 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DH_set_method.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_SET_METHOD 3" +.TH DH_SET_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_set_default_method, DH_get_default_method, DH_set_method, DH_new_method, DH_OpenSSL \- select DH method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DH_set_default_method(const DH_METHOD *meth); +\& +\& const DH_METHOD *DH_get_default_method(void); +\& +\& int DH_set_method(DH *dh, const DH_METHOD *meth); +\& +\& DH *DH_new_method(ENGINE *engine); +\& +\& const DH_METHOD *DH_OpenSSL(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DH API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +.PP +Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as +returned by \fBDH_OpenSSL()\fR. +.PP +\&\fBDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 +structures created later. +\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set +as a default for \s-1DH,\s0 so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fBDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0 +However, the meaningfulness of this result is dependent on whether the \s-1ENGINE +API\s0 is being used, so this function is no longer recommended. +.PP +\&\fBDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. +This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method +was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the +change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 +implementations (eg. from an \s-1ENGINE\s0 module that supports embedded +hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 +for the key can have unexpected results. +.PP +\&\fBDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will +be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1DH\s0 +operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by +\&\fBDH_set_default_method()\fR is used. +.PP +A new \s-1DH_METHOD\s0 object may be constructed using \fBDH_meth_new()\fR (see +\&\fBDH_meth_new\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_OpenSSL()\fR and \fBDH_get_default_method()\fR return pointers to the respective +\&\fB\s-1DH_METHOD\s0\fRs. +.PP +\&\fBDH_set_default_method()\fR returns no value. +.PP +\&\fBDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). +.PP +\&\fBDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by +\&\fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it +returns a pointer to the newly allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DH_size.3 b/deps/openssl/mingw64/share/man/man3/DH_size.3 new file mode 100644 index 00000000..ecdc0b9a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DH_size.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_SIZE 3" +.TH DH_SIZE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_size, DH_bits, DH_security_bits \- get Diffie\-Hellman prime size and security bits +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DH_size(const DH *dh); +\& +\& int DH_bits(const DH *dh); +\& +\& int DH_security_bits(const DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_size()\fR returns the Diffie-Hellman prime size in bytes. It can be used +to determine how much memory must be allocated for the shared secret +computed by \fBDH_compute_key\fR\|(3). +.PP +\&\fBDH_bits()\fR returns the number of significant bits. +.PP +\&\fBdh\fR and \fBdh\->p\fR must not be \fB\s-1NULL\s0\fR. +.PP +\&\fBDH_security_bits()\fR returns the number of security bits of the given \fBdh\fR +key. See \fBBN_security_bits\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_size()\fR returns the prime size of Diffie-Hellman in bytes. +.PP +\&\fBDH_bits()\fR returns the number of bits in the key. +.PP +\&\fBDH_security_bits()\fR returns the number of security bits. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBDH_generate_key\fR\|(3), +\&\fBBN_num_bits\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBDH_bits()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DSA_SIG_new.3 b/deps/openssl/mingw64/share/man/man3/DSA_SIG_new.3 new file mode 100644 index 00000000..023b20af --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DSA_SIG_new.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SIG_NEW 3" +.TH DSA_SIG_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_SIG_get0, DSA_SIG_set0, DSA_SIG_new, DSA_SIG_free \- allocate and free DSA signature objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA_SIG *DSA_SIG_new(void); +\& void DSA_SIG_free(DSA_SIG *a); +\& void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +\& int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_SIG_new()\fR allocates an empty \fB\s-1DSA_SIG\s0\fR structure. +.PP +\&\fBDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The +values are erased before the memory is returned to the system. +.PP +\&\fBDSA_SIG_get0()\fR returns internal pointers to the \fBr\fR and \fBs\fR values contained +in \fBsig\fR. +.PP +The \fBr\fR and \fBs\fR values can be set by calling \fBDSA_SIG_set0()\fR and passing the +new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this +function transfers the memory management of the values to the \s-1DSA_SIG\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an +error code that can be obtained by +\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer +to the newly allocated structure. +.PP +\&\fBDSA_SIG_free()\fR returns no value. +.PP +\&\fBDSA_SIG_set0()\fR returns 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBDSA_do_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DSA_do_sign.3 b/deps/openssl/mingw64/share/man/man3/DSA_do_sign.3 new file mode 100644 index 00000000..b0e978c3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DSA_do_sign.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_DO_SIGN 3" +.TH DSA_DO_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_do_sign, DSA_do_verify \- raw DSA signature operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +\& +\& int DSA_do_verify(const unsigned char *dgst, int dgst_len, +\& DSA_SIG *sig, DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message +digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a +newly allocated \fB\s-1DSA_SIG\s0\fR structure. +.PP +\&\fBDSA_sign_setup\fR\|(3) may be used to precompute part +of the signing operation in case signature generation is +time-critical. +.PP +\&\fBDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given +message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer's public +key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fBDSA_do_verify()\fR +returns 1 for a valid signature, 0 for an incorrect signature and \-1 +on error. The error codes can be obtained by +\&\fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_SIG_new\fR\|(3), +\&\fBDSA_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DSA_dup_DH.3 b/deps/openssl/mingw64/share/man/man3/DSA_dup_DH.3 new file mode 100644 index 00000000..862a5977 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DSA_dup_DH.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_DUP_DH 3" +.TH DSA_DUP_DH 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_dup_DH \- create a DH structure out of DSA structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH *DSA_dup_DH(const DSA *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q +is lost during that conversion, but the resulting \s-1DH\s0 parameters +contain its length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The +error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "NOTE" +.IX Header "NOTE" +Be careful to avoid small subgroup attacks when using this. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DSA_generate_key.3 b/deps/openssl/mingw64/share/man/man3/DSA_generate_key.3 new file mode 100644 index 00000000..7b62ff98 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DSA_generate_key.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_GENERATE_KEY 3" +.TH DSA_GENERATE_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_generate_key \- generate DSA key pair +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_generate_key(DSA *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates +a new key pair and stores it in \fBa\->pub_key\fR and \fBa\->priv_key\fR. +.PP +The random generator must be seeded prior to calling \fBDSA_generate_key()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_generate_key()\fR returns 1 on success, 0 otherwise. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_generate_parameters_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DSA_generate_parameters.3 b/deps/openssl/mingw64/share/man/man3/DSA_generate_parameters.3 new file mode 100644 index 00000000..62466b66 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DSA_generate_parameters.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_GENERATE_PARAMETERS 3" +.TH DSA_GENERATE_PARAMETERS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_generate_parameters_ex, DSA_generate_parameters \- generate DSA parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_generate_parameters_ex(DSA *dsa, int bits, +\& const unsigned char *seed, int seed_len, +\& int *counter_ret, unsigned long *h_ret, +\& BN_GENCB *cb); +.Ve +.PP +Deprecated: +.PP +.Vb 5 +\& #if OPENSSL_API_COMPAT < 0x00908000L +\& DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, +\& int *counter_ret, unsigned long *h_ret, +\& void (*callback)(int, int, void *), void *cb_arg); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_generate_parameters_ex()\fR generates primes p and q and a generator g +for use in the \s-1DSA\s0 and stores the result in \fBdsa\fR. +.PP +\&\fBbits\fR is the length of the prime p to be generated. +For lengths under 2048 bits, the length of q is 160 bits; for lengths +greater than or equal to 2048 bits, the length of q is set to 256 bits. +.PP +If \fBseed\fR is \s-1NULL,\s0 the primes will be generated at random. +If \fBseed_len\fR is less than the length of q, an error is returned. +.PP +\&\fBDSA_generate_parameters_ex()\fR places the iteration count in +*\fBcounter_ret\fR and a counter used for finding a generator in +*\fBh_ret\fR, unless these are \fB\s-1NULL\s0\fR. +.PP +A callback function may be used to provide feedback about the progress +of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be +called as shown below. For information on the \s-1BN_GENCB\s0 structure and the +BN_GENCB_call function discussed below, refer to +\&\fBBN_generate_prime\fR\|(3). +.PP +\&\fBDSA_generate_prime()\fR is similar to \fBDSA_generate_prime_ex()\fR but +expects an old-style callback function; see +\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. +.IP "\(bu" 2 +When a candidate for q is generated, \fBBN_GENCB_call(cb, 0, m++)\fR is called +(m is 0 for the first candidate). +.IP "\(bu" 2 +When a candidate for q has passed a test by trial division, +\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. +While a candidate for q is tested by Miller-Rabin primality tests, +\&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop +(once for each witness that confirms that the candidate may be prime); +i is the loop counter (starting at 0). +.IP "\(bu" 2 +When a prime q has been found, \fBBN_GENCB_call(cb, 2, 0)\fR and +\&\fBBN_GENCB_call(cb, 3, 0)\fR are called. +.IP "\(bu" 2 +Before a candidate for p (other than the first) is generated and tested, +\&\fBBN_GENCB_call(cb, 0, counter)\fR is called. +.IP "\(bu" 2 +When a candidate for p has passed the test by trial division, +\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. +While it is tested by the Miller-Rabin primality test, +\&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop +(once for each witness that confirms that the candidate may be prime). +i is the loop counter (starting at 0). +.IP "\(bu" 2 +When p has been found, \fBBN_GENCB_call(cb, 2, 1)\fR is called. +.IP "\(bu" 2 +When the generator has been found, \fBBN_GENCB_call(cb, 3, 1)\fR is called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.PP +\&\fBDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure or +\&\fB\s-1NULL\s0\fR if the parameter generation fails. +.SH "BUGS" +.IX Header "BUGS" +Seed lengths greater than 20 are not supported. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_free\fR\|(3), \fBBN_generate_prime\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBDSA_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use +\&\fBDSA_generate_parameters_ex()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DSA_get0_pqg.3 b/deps/openssl/mingw64/share/man/man3/DSA_get0_pqg.3 new file mode 100644 index 00000000..033b873e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DSA_get0_pqg.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_GET0_PQG 3" +.TH DSA_GET0_PQG 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, DSA_get0_g, DSA_get0_pub_key, DSA_get0_priv_key, DSA_clear_flags, DSA_test_flags, DSA_set_flags, DSA_get0_engine \- Routines for getting and setting data in a DSA object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DSA_get0_pqg(const DSA *d, +\& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +\& int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +\& void DSA_get0_key(const DSA *d, +\& const BIGNUM **pub_key, const BIGNUM **priv_key); +\& int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +\& const BIGNUM *DSA_get0_p(const DSA *d); +\& const BIGNUM *DSA_get0_q(const DSA *d); +\& const BIGNUM *DSA_get0_g(const DSA *d); +\& const BIGNUM *DSA_get0_pub_key(const DSA *d); +\& const BIGNUM *DSA_get0_priv_key(const DSA *d); +\& void DSA_clear_flags(DSA *d, int flags); +\& int DSA_test_flags(const DSA *d, int flags); +\& void DSA_set_flags(DSA *d, int flags); +\& ENGINE *DSA_get0_engine(DSA *d); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1DSA\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. It also contains a +public key (\fBpub_key\fR) and (optionally) a private key (\fBpriv_key\fR). +.PP +The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDSA_get0_pqg()\fR. +If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set +to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These +point directly to the internal representations of the values and therefore +should not be freed directly. +.PP +The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDSA_set0_pqg()\fR and passing +the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling +this function transfers the memory management of the values to the \s-1DSA\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. +.PP +To get the public and private key values use the \fBDSA_get0_key()\fR function. A +pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the +private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not +been set yet, although if the private key has been set then the public key must +be. The values point to the internal representation of the public key and +private key values. This memory should not be freed directly. +.PP +The public and private key values can be set using \fBDSA_set0_key()\fR. The public +key must be non-NULL the first time this function is called on a given \s-1DSA\s0 +object. The private key may be \s-1NULL.\s0 On subsequent calls, either may be \s-1NULL,\s0 +which means the corresponding \s-1DSA\s0 field is left untouched. As for \fBDSA_set0_pqg()\fR +this function transfers the memory management of the key values to the \s-1DSA\s0 +object, and therefore they should not be freed directly after this function has +been called. +.PP +Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be +retrieved separately by the corresponding function \fBDSA_get0_p()\fR, \fBDSA_get0_q()\fR, +\&\fBDSA_get0_g()\fR, \fBDSA_get0_priv_key()\fR, and \fBDSA_get0_pub_key()\fR, respectively. +.PP +\&\fBDSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DSA\s0 object. +Multiple flags can be passed in one go (bitwise ORed together). Any flags that +are already set are left set. \fBDSA_test_flags()\fR tests to see whether the flags +passed in the \fBflags\fR parameter are currently set in the \s-1DSA\s0 object. Multiple +flags can be tested in one go. All flags that are currently set are returned, or +zero if none of the flags are set. \fBDSA_clear_flags()\fR clears the specified flags +within the \s-1DSA\s0 object. +.PP +\&\fBDSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DSA\s0 +object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. +.SH "NOTES" +.IX Header "NOTES" +Values retrieved with \fBDSA_get0_key()\fR are owned by the \s-1DSA\s0 object used +in the call and may therefore \fInot\fR be passed to \fBDSA_set0_key()\fR. If +needed, duplicate the received value using \fBBN_dup()\fR and pass the +duplicate. The same applies to \fBDSA_get0_pqg()\fR and \fBDSA_set0_pqg()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_set0_pqg()\fR and \fBDSA_set0_key()\fR return 1 on success or 0 on failure. +.PP +\&\fBDSA_test_flags()\fR returns the current state of the flags in the \s-1DSA\s0 object. +.PP +\&\fBDSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DSA\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 +has been set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3), +\&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3), +\&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DSA_meth_new.3 b/deps/openssl/mingw64/share/man/man3/DSA_meth_new.3 new file mode 100644 index 00000000..aca06aeb --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DSA_meth_new.3 @@ -0,0 +1,342 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_METH_NEW 3" +.TH DSA_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign, DSA_meth_set_sign, DSA_meth_get_sign_setup, DSA_meth_set_sign_setup, DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen, DSA_meth_set_keygen \- Routines to build up DSA methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA_METHOD *DSA_meth_new(const char *name, int flags); +\& +\& void DSA_meth_free(DSA_METHOD *dsam); +\& +\& DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth); +\& +\& const char *DSA_meth_get0_name(const DSA_METHOD *dsam); +\& int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); +\& +\& int DSA_meth_get_flags(const DSA_METHOD *dsam); +\& int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); +\& +\& void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); +\& int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); +\& +\& DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))(const unsigned char *, +\& int, DSA *); +\& int DSA_meth_set_sign(DSA_METHOD *dsam, DSA_SIG *(*sign)(const unsigned char *, +\& int, DSA *)); +\& +\& int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))(DSA *, BN_CTX *,$ +\& BIGNUM **, BIGNUM **); +\& int DSA_meth_set_sign_setup(DSA_METHOD *dsam, int (*sign_setup)(DSA *, BN_CTX *, +\& BIGNUM **, BIGNUM **)); +\& +\& int (*DSA_meth_get_verify(const DSA_METHOD *dsam))(const unsigned char *, +\& int, DSA_SIG *, DSA *); +\& int DSA_meth_set_verify(DSA_METHOD *dsam, int (*verify)(const unsigned char *, +\& int, DSA_SIG *, DSA *)); +\& +\& int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *rr, BIGNUM *a1, +\& BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, +\& BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *in_mont); +\& int DSA_meth_set_mod_exp(DSA_METHOD *dsam, int (*mod_exp)(DSA *dsa, BIGNUM *rr, +\& BIGNUM *a1, BIGNUM *p1, +\& BIGNUM *a2, BIGNUM *p2, +\& BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *mont)); +\& +\& int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *r, BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *mont); +\& int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, int (*bn_mod_exp)(DSA *dsa, +\& BIGNUM *r, +\& BIGNUM *a, +\& const BIGNUM *p, +\& const BIGNUM *m, +\& BN_CTX *ctx, +\& BN_MONT_CTX *mont)); +\& +\& int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); +\& int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); +\& +\& int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *); +\& int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish)(DSA *)); +\& +\& int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))(DSA *, int, +\& const unsigned char *, +\& int, int *, unsigned long *, +\& BN_GENCB *); +\& int DSA_meth_set_paramgen(DSA_METHOD *dsam, +\& int (*paramgen)(DSA *, int, const unsigned char *, +\& int, int *, unsigned long *, BN_GENCB *)); +\& +\& int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *); +\& int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen)(DSA *)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1DSA_METHOD\s0\fR type is a structure used for the provision of custom \s-1DSA\s0 +implementations. It provides a set of functions used by OpenSSL for the +implementation of the various \s-1DSA\s0 capabilities. See the dsa page for more +information. +.PP +\&\fBDSA_meth_new()\fR creates a new \fB\s-1DSA_METHOD\s0\fR structure. It should be given a +unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated +string, which will be duplicated and stored in the \fB\s-1DSA_METHOD\s0\fR object. It is +the callers responsibility to free the original string. The flags will be used +during the construction of a new \fB\s-1DSA\s0\fR object based on this \fB\s-1DSA_METHOD\s0\fR. Any +new \fB\s-1DSA\s0\fR object will have those flags set by default. +.PP +\&\fBDSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1DSA_METHOD\s0\fR object passed as a +parameter. This might be useful for creating a new \fB\s-1DSA_METHOD\s0\fR based on an +existing one, but with some differences. +.PP +\&\fBDSA_meth_free()\fR destroys a \fB\s-1DSA_METHOD\s0\fR structure and frees up any memory +associated with it. +.PP +\&\fBDSA_meth_get0_name()\fR will return a pointer to the name of this \s-1DSA_METHOD.\s0 This +is a pointer to the internal name string and so should not be freed by the +caller. \fBDSA_meth_set1_name()\fR sets the name of the \s-1DSA_METHOD\s0 to \fBname\fR. The +string is duplicated and the copy is stored in the \s-1DSA_METHOD\s0 structure, so the +caller remains responsible for freeing the memory associated with the name. +.PP +\&\fBDSA_meth_get_flags()\fR returns the current value of the flags associated with this +\&\s-1DSA_METHOD.\s0 \fBDSA_meth_set_flags()\fR provides the ability to set these flags. +.PP +The functions \fBDSA_meth_get0_app_data()\fR and \fBDSA_meth_set0_app_data()\fR provide the +ability to associate implementation specific data with the \s-1DSA_METHOD.\s0 It is +the application's responsibility to free this data before the \s-1DSA_METHOD\s0 is +freed via a call to \fBDSA_meth_free()\fR. +.PP +\&\fBDSA_meth_get_sign()\fR and \fBDSA_meth_set_sign()\fR get and set the function used for +creating a \s-1DSA\s0 signature respectively. This function will be +called in response to the application calling \fBDSA_do_sign()\fR (or \fBDSA_sign()\fR). The +parameters for the function have the same meaning as for \fBDSA_do_sign()\fR. +.PP +\&\fBDSA_meth_get_sign_setup()\fR and \fBDSA_meth_set_sign_setup()\fR get and set the function +used for precalculating the \s-1DSA\s0 signature values \fBk^\-1\fR and \fBr\fR. This function +will be called in response to the application calling \fBDSA_sign_setup()\fR. The +parameters for the function have the same meaning as for \fBDSA_sign_setup()\fR. +.PP +\&\fBDSA_meth_get_verify()\fR and \fBDSA_meth_set_verify()\fR get and set the function used +for verifying a \s-1DSA\s0 signature respectively. This function will be called in +response to the application calling \fBDSA_do_verify()\fR (or \fBDSA_verify()\fR). The +parameters for the function have the same meaning as for \fBDSA_do_verify()\fR. +.PP +\&\fBDSA_meth_get_mod_exp()\fR and \fBDSA_meth_set_mod_exp()\fR get and set the function used +for computing the following value: +.PP +.Vb 1 +\& rr = a1^p1 * a2^p2 mod m +.Ve +.PP +This function will be called by the default OpenSSL method during verification +of a \s-1DSA\s0 signature. The result is stored in the \fBrr\fR parameter. This function +may be \s-1NULL.\s0 +.PP +\&\fBDSA_meth_get_bn_mod_exp()\fR and \fBDSA_meth_set_bn_mod_exp()\fR get and set the function +used for computing the following value: +.PP +.Vb 1 +\& r = a ^ p mod m +.Ve +.PP +This function will be called by the default OpenSSL function for +\&\fBDSA_sign_setup()\fR. The result is stored in the \fBr\fR parameter. This function +may be \s-1NULL.\s0 +.PP +\&\fBDSA_meth_get_init()\fR and \fBDSA_meth_set_init()\fR get and set the function used +for creating a new \s-1DSA\s0 instance respectively. This function will be +called in response to the application calling \fBDSA_new()\fR (if the current default +\&\s-1DSA_METHOD\s0 is this one) or \fBDSA_new_method()\fR. The \fBDSA_new()\fR and \fBDSA_new_method()\fR +functions will allocate the memory for the new \s-1DSA\s0 object, and a pointer to this +newly allocated structure will be passed as a parameter to the function. This +function may be \s-1NULL.\s0 +.PP +\&\fBDSA_meth_get_finish()\fR and \fBDSA_meth_set_finish()\fR get and set the function used +for destroying an instance of a \s-1DSA\s0 object respectively. This function will be +called in response to the application calling \fBDSA_free()\fR. A pointer to the \s-1DSA\s0 +to be destroyed is passed as a parameter. The destroy function should be used +for \s-1DSA\s0 implementation specific clean up. The memory for the \s-1DSA\s0 itself should +not be freed by this function. This function may be \s-1NULL.\s0 +.PP +\&\fBDSA_meth_get_paramgen()\fR and \fBDSA_meth_set_paramgen()\fR get and set the function +used for generating \s-1DSA\s0 parameters respectively. This function will be called in +response to the application calling \fBDSA_generate_parameters_ex()\fR (or +\&\fBDSA_generate_parameters()\fR). The parameters for the function have the same +meaning as for \fBDSA_generate_parameters_ex()\fR. +.PP +\&\fBDSA_meth_get_keygen()\fR and \fBDSA_meth_set_keygen()\fR get and set the function +used for generating a new \s-1DSA\s0 key pair respectively. This function will be +called in response to the application calling \fBDSA_generate_key()\fR. The parameter +for the function has the same meaning as for \fBDSA_generate_key()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_meth_new()\fR and \fBDSA_meth_dup()\fR return the newly allocated \s-1DSA_METHOD\s0 object +or \s-1NULL\s0 on failure. +.PP +\&\fBDSA_meth_get0_name()\fR and \fBDSA_meth_get_flags()\fR return the name and flags +associated with the \s-1DSA_METHOD\s0 respectively. +.PP +All other DSA_meth_get_*() functions return the appropriate function pointer +that has been set in the \s-1DSA_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been +set. +.PP +\&\fBDSA_meth_set1_name()\fR and all DSA_meth_set_*() functions return 1 on success or +0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3), +\&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3), +\&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_get0_pqg\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DSA_new.3 b/deps/openssl/mingw64/share/man/man3/DSA_new.3 new file mode 100644 index 00000000..6043d3b1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DSA_new.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_NEW 3" +.TH DSA_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_new, DSA_free \- allocate and free DSA objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA* DSA_new(void); +\& +\& void DSA_free(DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to +calling DSA_new_method(\s-1NULL\s0). +.PP +\&\fBDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are +erased before the memory is returned to the system. +If \fBdsa\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by +\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer +to the newly allocated structure. +.PP +\&\fBDSA_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBDSA_generate_parameters\fR\|(3), +\&\fBDSA_generate_key\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DSA_set_method.3 b/deps/openssl/mingw64/share/man/man3/DSA_set_method.3 new file mode 100644 index 00000000..3aa3b047 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DSA_set_method.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SET_METHOD 3" +.TH DSA_SET_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_set_default_method, DSA_get_default_method, DSA_set_method, DSA_new_method, DSA_OpenSSL \- select DSA method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DSA_set_default_method(const DSA_METHOD *meth); +\& +\& const DSA_METHOD *DSA_get_default_method(void); +\& +\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth); +\& +\& DSA *DSA_new_method(ENGINE *engine); +\& +\& DSA_METHOD *DSA_OpenSSL(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0 +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DSA API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +.PP +Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fBDSA_OpenSSL()\fR. +.PP +\&\fBDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 +structures created later. +\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1DSA,\s0 so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fBDSA_get_default_method()\fR returns a pointer to the current default +\&\s-1DSA_METHOD.\s0 However, the meaningfulness of this result is dependent on +whether the \s-1ENGINE API\s0 is being used, so this function is no longer +recommended. +.PP +\&\fBDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the +previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1DSA\s0 keys that only +work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected +results. See DSA_meth_new for information on constructing custom \s-1DSA_METHOD\s0 +objects; +.PP +\&\fBDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR +will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default engine +for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0 +controlled by \fBDSA_set_default_method()\fR is used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_OpenSSL()\fR and \fBDSA_get_default_method()\fR return pointers to the respective +\&\fB\s-1DSA_METHOD\s0\fRs. +.PP +\&\fBDSA_set_default_method()\fR returns no value. +.PP +\&\fBDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). +.PP +\&\fBDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be +obtained by \fBERR_get_error\fR\|(3) if the allocation +fails. Otherwise it returns a pointer to the newly allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DSA_sign.3 b/deps/openssl/mingw64/share/man/man3/DSA_sign.3 new file mode 100644 index 00000000..2d6df2d4 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DSA_sign.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SIGN 3" +.TH DSA_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_sign(int type, const unsigned char *dgst, int len, +\& unsigned char *sigret, unsigned int *siglen, DSA *dsa); +\& +\& int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, BIGNUM **rp); +\& +\& int DSA_verify(int type, const unsigned char *dgst, int len, +\& unsigned char *sigbuf, int siglen, DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message +digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0 +encoding at \fBsigret\fR. The length of the signature is places in +*\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory. +.PP +\&\fBDSA_sign_setup()\fR is defined only for backward binary compatibility and +should not be used. +Since OpenSSL 1.1.0 the \s-1DSA\s0 type is opaque and the output of +\&\fBDSA_sign_setup()\fR cannot be used anyway: calling this function will only +cause overhead, and does not affect the actual signature +(pre\-)computation. +.PP +\&\fBDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +matches a given message digest \fBdgst\fR of size \fBlen\fR. +\&\fBdsa\fR is the signer's public key. +.PP +The \fBtype\fR parameter is ignored. +.PP +The random generator must be seeded when \fBDSA_sign()\fR (or \fBDSA_sign_setup()\fR) +is called. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_sign()\fR and \fBDSA_sign_setup()\fR return 1 on success, 0 on error. +\&\fBDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect +signature and \-1 on error. The error codes can be obtained by +\&\fBERR_get_error\fR\|(3). +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186\s0 (Digital Signature +Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_do_sign\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DSA_size.3 b/deps/openssl/mingw64/share/man/man3/DSA_size.3 new file mode 100644 index 00000000..f678c6c5 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DSA_size.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SIZE 3" +.TH DSA_SIZE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_size, DSA_bits, DSA_security_bits \- get DSA signature size, key bits or security bits +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_size(const DSA *dsa); +\& int DSA_bits(const DSA *dsa); +\& int DSA_security_bits(const DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_size()\fR returns the maximum size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature +for key \fBdsa\fR in bytes. It can be used to determine how much memory must +be allocated for a \s-1DSA\s0 signature. +.PP +\&\fBdsa\->q\fR must not be \fB\s-1NULL\s0\fR. +.PP +\&\fBDSA_bits()\fR returns the number of bits in key \fBdsa\fR: this is the number +of bits in the \fBp\fR parameter. +.PP +\&\fBDSA_security_bits()\fR returns the number of security bits of the given \fBdsa\fR +key. See \fBBN_security_bits\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_size()\fR returns the signature size in bytes. +.PP +\&\fBDSA_bits()\fR returns the number of bits in the key. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBDSA_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DTLS_get_data_mtu.3 b/deps/openssl/mingw64/share/man/man3/DTLS_get_data_mtu.3 new file mode 100644 index 00000000..c26592e0 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DTLS_get_data_mtu.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DTLS_GET_DATA_MTU 3" +.TH DTLS_GET_DATA_MTU 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DTLS_get_data_mtu \- Get maximum data payload size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& size_t DTLS_get_data_mtu(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function obtains the maximum data payload size for the established +\&\s-1DTLS\s0 connection \fBssl\fR, based on the \s-1DTLS\s0 record \s-1MTU\s0 and the overhead +of the \s-1DTLS\s0 record header, encryption and authentication currently in use. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns the maximum data payload size on success, or 0 on failure. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBDTLS_get_data_mtu()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DTLS_set_timer_cb.3 b/deps/openssl/mingw64/share/man/man3/DTLS_set_timer_cb.3 new file mode 100644 index 00000000..bc03d54d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DTLS_set_timer_cb.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DTLS_SET_TIMER_CB 3" +.TH DTLS_SET_TIMER_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DTLS_timer_cb, DTLS_set_timer_cb \&\- Set callback for controlling DTLS timer duration +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); +\& +\& void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function sets an optional callback function for controlling the +timeout interval on the \s-1DTLS\s0 protocol. The callback function will be +called by \s-1DTLS\s0 for every new \s-1DTLS\s0 packet that is sent. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns void. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBDTLS_set_timer_cb()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/DTLSv1_listen.3 b/deps/openssl/mingw64/share/man/man3/DTLSv1_listen.3 new file mode 100644 index 00000000..00e9bb2f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/DTLSv1_listen.3 @@ -0,0 +1,264 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DTLSV1_LISTEN 3" +.TH DTLSV1_LISTEN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_stateless, DTLSv1_listen \&\- Statelessly listen for incoming connections +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_stateless(SSL *s); +\& int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_stateless()\fR statelessly listens for new incoming TLSv1.3 connections. +\&\fBDTLSv1_listen()\fR statelessly listens for new incoming \s-1DTLS\s0 connections. If a +ClientHello is received that does not contain a cookie, then they respond with a +request for a new ClientHello that does contain a cookie. If a ClientHello is +received with a cookie that is verified then the function returns in order to +enable the handshake to be completed (for example by using \fBSSL_accept()\fR). +.SH "NOTES" +.IX Header "NOTES" +Some transport protocols (such as \s-1UDP\s0) can be susceptible to amplification +attacks. Unlike \s-1TCP\s0 there is no initial connection setup in \s-1UDP\s0 that +validates that the client can actually receive messages on its advertised source +address. An attacker could forge its source \s-1IP\s0 address and then send handshake +initiation messages to the server. The server would then send its response to +the forged source \s-1IP.\s0 If the response messages are larger than the original +message then the amplification attack has succeeded. +.PP +If \s-1DTLS\s0 is used over \s-1UDP\s0 (or any datagram based protocol that does not validate +the source \s-1IP\s0) then it is susceptible to this type of attack. TLSv1.3 is +designed to operate over a stream-based transport protocol (such as \s-1TCP\s0). +If \s-1TCP\s0 is being used then there is no need to use \fBSSL_stateless()\fR. However some +stream-based transport protocols (e.g. \s-1QUIC\s0) may not validate the source +address. In this case a TLSv1.3 application would be susceptible to this attack. +.PP +As a countermeasure to this issue TLSv1.3 and \s-1DTLS\s0 include a stateless cookie +mechanism. The idea is that when a client attempts to connect to a server it +sends a ClientHello message. The server responds with a HelloRetryRequest (in +TLSv1.3) or a HelloVerifyRequest (in \s-1DTLS\s0) which contains a unique cookie. The +client then resends the ClientHello, but this time includes the cookie in the +message thus proving that the client is capable of receiving messages sent to +that address. All of this can be done by the server without allocating any +state, and thus without consuming expensive resources. +.PP +OpenSSL implements this capability via the \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR +functions. The \fBssl\fR parameter should be a newly allocated \s-1SSL\s0 object with its +read and write BIOs set, in the same way as might be done for a call to +\&\fBSSL_accept()\fR. Typically, for \s-1DTLS,\s0 the read \s-1BIO\s0 will be in an \*(L"unconnected\*(R" +state and thus capable of receiving messages from any peer. +.PP +When a ClientHello is received that contains a cookie that has been verified, +then these functions will return with the \fBssl\fR parameter updated into a state +where the handshake can be continued by a call to (for example) \fBSSL_accept()\fR. +Additionally, for \fBDTLSv1_listen()\fR, the \fB\s-1BIO_ADDR\s0\fR pointed to by \fBpeer\fR will be +filled in with details of the peer that sent the ClientHello. If the underlying +\&\s-1BIO\s0 is unable to obtain the \fB\s-1BIO_ADDR\s0\fR of the peer (for example because the \s-1BIO\s0 +does not support this), then \fB*peer\fR will be cleared and the family set to +\&\s-1AF_UNSPEC.\s0 Typically user code is expected to \*(L"connect\*(R" the underlying socket to +the peer and continue the handshake in a connected state. +.PP +Prior to calling \fBDTLSv1_listen()\fR user code must ensure that cookie generation +and verification callbacks have been set up using +\&\fBSSL_CTX_set_cookie_generate_cb\fR\|(3) and \fBSSL_CTX_set_cookie_verify_cb\fR\|(3) +respectively. For \fBSSL_stateless()\fR, \fBSSL_CTX_set_stateless_cookie_generate_cb\fR\|(3) +and \fBSSL_CTX_set_stateless_cookie_verify_cb\fR\|(3) must be used instead. +.PP +Since \fBDTLSv1_listen()\fR operates entirely statelessly whilst processing incoming +ClientHellos it is unable to process fragmented messages (since this would +require the allocation of state). An implication of this is that \fBDTLSv1_listen()\fR +\&\fBonly\fR supports ClientHellos that fit inside a single datagram. +.PP +For \fBSSL_stateless()\fR if an entire ClientHello message cannot be read without the +\&\*(L"read\*(R" \s-1BIO\s0 becoming empty then the \fBSSL_stateless()\fR call will fail. It is the +application's responsibility to ensure that data read from the \*(L"read\*(R" \s-1BIO\s0 during +a single \fBSSL_stateless()\fR call is all from the same peer. +.PP +\&\fBSSL_stateless()\fR will fail (with a 0 return value) if some \s-1TLS\s0 version less than +TLSv1.3 is used. +.PP +Both \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR will clear the error queue when they +start. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For \fBSSL_stateless()\fR a return value of 1 indicates success and the \fBssl\fR object +will be set up ready to continue the handshake. A return value of 0 or \-1 +indicates failure. If the value is 0 then a HelloRetryRequest was sent. A value +of \-1 indicates any other error. User code may retry the \fBSSL_stateless()\fR call. +.PP +For \fBDTLSv1_listen()\fR a return value of >= 1 indicates success. The \fBssl\fR object +will be set up ready to continue the handshake. the \fBpeer\fR value will also be +filled in. +.PP +A return value of 0 indicates a non-fatal error. This could (for +example) be because of non-blocking \s-1IO,\s0 or some invalid message having been +received from a peer. Errors may be placed on the OpenSSL error queue with +further information if appropriate. Typically user code is expected to retry the +call to \fBDTLSv1_listen()\fR in the event of a non-fatal error. +.PP +A return value of <0 indicates a fatal error. This could (for example) be +because of a failure to allocate sufficient memory for the operation. +.PP +For \fBDTLSv1_listen()\fR, prior to OpenSSL 1.1.0, fatal and non-fatal errors both +produce return codes <= 0 (in typical implementations user code treats all +errors as non-fatal), whilst return codes >0 indicate success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_cookie_generate_cb\fR\|(3), \fBSSL_CTX_set_cookie_verify_cb\fR\|(3), +\&\fBSSL_CTX_set_stateless_cookie_generate_cb\fR\|(3), +\&\fBSSL_CTX_set_stateless_cookie_verify_cb\fR\|(3), \fBSSL_get_error\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_stateless()\fR function was added in OpenSSL 1.1.1. +.PP +The \fBDTLSv1_listen()\fR return codes were clarified in OpenSSL 1.1.0. +The type of \*(L"peer\*(R" also changed in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ECDSA_SIG_new.3 b/deps/openssl/mingw64/share/man/man3/ECDSA_SIG_new.3 new file mode 100644 index 00000000..04e1bba2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ECDSA_SIG_new.3 @@ -0,0 +1,347 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ECDSA_SIG_NEW 3" +.TH ECDSA_SIG_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, ECDSA_do_sign_ex \- low level elliptic curve digital signature algorithm (ECDSA) functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ECDSA_SIG *ECDSA_SIG_new(void); +\& void ECDSA_SIG_free(ECDSA_SIG *sig); +\& void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +\& const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); +\& const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); +\& int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); +\& int ECDSA_size(const EC_KEY *eckey); +\& +\& int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, +\& unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); +\& ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, +\& EC_KEY *eckey); +\& +\& int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, +\& const unsigned char *sig, int siglen, EC_KEY *eckey); +\& int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, +\& const ECDSA_SIG *sig, EC_KEY* eckey); +\& +\& ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, +\& const BIGNUM *kinv, const BIGNUM *rp, +\& EC_KEY *eckey); +\& int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); +\& int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, +\& unsigned char *sig, unsigned int *siglen, +\& const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Note: these functions provide a low level interface to \s-1ECDSA.\s0 Most +applications should use the higher level \fB\s-1EVP\s0\fR interface such as +\&\fBEVP_DigestSignInit\fR\|(3) or \fBEVP_DigestVerifyInit\fR\|(3) instead. +.PP +\&\fB\s-1ECDSA_SIG\s0\fR is an opaque structure consisting of two BIGNUMs for the +\&\fBr\fR and \fBs\fR value of an \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS 186\-2\s0). +.PP +\&\fBECDSA_SIG_new()\fR allocates an empty \fB\s-1ECDSA_SIG\s0\fR structure. Note: before +OpenSSL 1.1.0 the: the \fBr\fR and \fBs\fR components were initialised. +.PP +\&\fBECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR. +.PP +\&\fBECDSA_SIG_get0()\fR returns internal pointers the \fBr\fR and \fBs\fR values contained +in \fBsig\fR and stores them in \fB*pr\fR and \fB*ps\fR, respectively. +The pointer \fBpr\fR or \fBps\fR can be \s-1NULL,\s0 in which case the corresponding value +is not returned. +.PP +The values \fBr\fR, \fBs\fR can also be retrieved separately by the corresponding +function \fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR, respectively. +.PP +The \fBr\fR and \fBs\fR values can be set by calling \fBECDSA_SIG_set0()\fR and passing the +new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this +function transfers the memory management of the values to the \s-1ECDSA_SIG\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. +.PP +See \fBi2d_ECDSA_SIG\fR\|(3) and \fBd2i_ECDSA_SIG\fR\|(3) for information about encoding +and decoding \s-1ECDSA\s0 signatures to/from \s-1DER.\s0 +.PP +\&\fBECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded \s-1ECDSA\s0 signature +created with the private \s-1EC\s0 key \fBeckey\fR. +.PP +\&\fBECDSA_sign()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value +\&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR. The \s-1DER\s0 encoded signatures is +stored in \fBsig\fR and its length is returned in \fBsig_len\fR. Note: \fBsig\fR must +point to ECDSA_size(eckey) bytes of memory. The parameter \fBtype\fR is currently +ignored. \fBECDSA_sign()\fR is wrapper function for \fBECDSA_sign_ex()\fR with \fBkinv\fR +and \fBrp\fR set to \s-1NULL.\s0 +.PP +\&\fBECDSA_do_sign()\fR is similar to \fBECDSA_sign()\fR except the signature is returned +as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). \fBECDSA_do_sign()\fR +is a wrapper function for \fBECDSA_do_sign_ex()\fR with \fBkinv\fR and \fBrp\fR set to +\&\s-1NULL.\s0 +.PP +\&\fBECDSA_verify()\fR verifies that the signature in \fBsig\fR of size \fBsiglen\fR is a +valid \s-1ECDSA\s0 signature of the hash value \fBdgst\fR of size \fBdgstlen\fR using the +public key \fBeckey\fR. The parameter \fBtype\fR is ignored. +.PP +\&\fBECDSA_do_verify()\fR is similar to \fBECDSA_verify()\fR except the signature is +presented in the form of a pointer to an \fB\s-1ECDSA_SIG\s0\fR structure. +.PP +The remaining functions utilise the internal \fBkinv\fR and \fBr\fR values used +during signature computation. Most applications will never need to call these +and some external \s-1ECDSA ENGINE\s0 implementations may not support them at all if +either \fBkinv\fR or \fBr\fR is not \fB\s-1NULL\s0\fR. +.PP +\&\fBECDSA_sign_setup()\fR may be used to precompute parts of the signing operation. +\&\fBeckey\fR is the private \s-1EC\s0 key and \fBctx\fR is a pointer to \fB\s-1BN_CTX\s0\fR structure +(or \s-1NULL\s0). The precomputed values or returned in \fBkinv\fR and \fBrp\fR and can be +used in a later call to \fBECDSA_sign_ex()\fR or \fBECDSA_do_sign_ex()\fR. +.PP +\&\fBECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value +\&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional pre-computed values +\&\fBkinv\fR and \fBrp\fR. The \s-1DER\s0 encoded signature is stored in \fBsig\fR and its +length is returned in \fBsig_len\fR. Note: \fBsig\fR must point to ECDSA_size(eckey) +bytes of memory. The parameter \fBtype\fR is ignored. +.PP +\&\fBECDSA_do_sign_ex()\fR is similar to \fBECDSA_sign_ex()\fR except the signature is +returned as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails. +.PP +\&\fBECDSA_SIG_set0()\fR returns 1 on success or 0 on failure. +.PP +\&\fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR return the corresponding value, +or \s-1NULL\s0 if it is unset. +.PP +\&\fBECDSA_size()\fR returns the maximum length signature or 0 on error. +.PP +\&\fBECDSA_sign()\fR, \fBECDSA_sign_ex()\fR and \fBECDSA_sign_setup()\fR return 1 if successful +or 0 on error. +.PP +\&\fBECDSA_do_sign()\fR and \fBECDSA_do_sign_ex()\fR return a pointer to an allocated +\&\fB\s-1ECDSA_SIG\s0\fR structure or \s-1NULL\s0 on error. +.PP +\&\fBECDSA_verify()\fR and \fBECDSA_do_verify()\fR return 1 for a valid +signature, 0 for an invalid signature and \-1 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Creating an \s-1ECDSA\s0 signature of a given \s-1SHA\-256\s0 hash value using the +named curve prime256v1 (aka P\-256). +.PP +First step: create an \s-1EC_KEY\s0 object (note: this part is \fBnot\fR \s-1ECDSA\s0 +specific) +.PP +.Vb 3 +\& int ret; +\& ECDSA_SIG *sig; +\& EC_KEY *eckey; +\& +\& eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +\& if (eckey == NULL) +\& /* error */ +\& if (EC_KEY_generate_key(eckey) == 0) +\& /* error */ +.Ve +.PP +Second step: compute the \s-1ECDSA\s0 signature of a \s-1SHA\-256\s0 hash value +using \fBECDSA_do_sign()\fR: +.PP +.Vb 3 +\& sig = ECDSA_do_sign(digest, 32, eckey); +\& if (sig == NULL) +\& /* error */ +.Ve +.PP +or using \fBECDSA_sign()\fR: +.PP +.Vb 2 +\& unsigned char *buffer, *pp; +\& int buf_len; +\& +\& buf_len = ECDSA_size(eckey); +\& buffer = OPENSSL_malloc(buf_len); +\& pp = buffer; +\& if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) +\& /* error */ +.Ve +.PP +Third step: verify the created \s-1ECDSA\s0 signature using \fBECDSA_do_verify()\fR: +.PP +.Vb 1 +\& ret = ECDSA_do_verify(digest, 32, sig, eckey); +.Ve +.PP +or using \fBECDSA_verify()\fR: +.PP +.Vb 1 +\& ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey); +.Ve +.PP +and finally evaluate the return value: +.PP +.Vb 6 +\& if (ret == 1) +\& /* signature ok */ +\& else if (ret == 0) +\& /* incorrect signature */ +\& else +\& /* error */ +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ANSI X9.62, US\s0 Federal Information Processing Standard \s-1FIPS 186\-2\s0 +(Digital Signature Standard, \s-1DSS\s0) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEC_KEY_new\fR\|(3), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestVerifyInit\fR\|(3), +\&\fBi2d_ECDSA_SIG\fR\|(3), +\&\fBd2i_ECDSA_SIG\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ECPKParameters_print.3 b/deps/openssl/mingw64/share/man/man3/ECPKParameters_print.3 new file mode 100644 index 00000000..de918ece --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ECPKParameters_print.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ECPKPARAMETERS_PRINT 3" +.TH ECPKPARAMETERS_PRINT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ECPKParameters_print, ECPKParameters_print_fp \- Functions for decoding and encoding ASN1 representations of elliptic curve entities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +\& int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The ECPKParameters represent the public parameters for an +\&\fB\s-1EC_GROUP\s0\fR structure, which represents a curve. +.PP +The \fBECPKParameters_print()\fR and \fBECPKParameters_print_fp()\fR functions print +a human-readable output of the public parameters of the \s-1EC_GROUP\s0 to \fBbp\fR +or \fBfp\fR. The output lines are indented by \fBoff\fR spaces. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBECPKParameters_print()\fR and \fBECPKParameters_print_fp()\fR +return 1 for success and 0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EC_GFp_simple_method.3 b/deps/openssl/mingw64/share/man/man3/EC_GFp_simple_method.3 new file mode 100644 index 00000000..a3f36dc3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EC_GFp_simple_method.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_GFP_SIMPLE_METHOD 3" +.TH EC_GFP_SIMPLE_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type \- Functions for obtaining EC_METHOD objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EC_METHOD *EC_GFp_simple_method(void); +\& const EC_METHOD *EC_GFp_mont_method(void); +\& const EC_METHOD *EC_GFp_nist_method(void); +\& const EC_METHOD *EC_GFp_nistp224_method(void); +\& const EC_METHOD *EC_GFp_nistp256_method(void); +\& const EC_METHOD *EC_GFp_nistp521_method(void); +\& +\& const EC_METHOD *EC_GF2m_simple_method(void); +\& +\& int EC_METHOD_get_field_type(const EC_METHOD *meth); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Elliptic Curve library provides a number of different implementations through a single common interface. +When constructing a curve using EC_GROUP_new (see \fBEC_GROUP_new\fR\|(3)) an +implementation method must be provided. The functions described here all return a const pointer to an +\&\fB\s-1EC_METHOD\s0\fR structure that can be passed to \s-1EC_GROUP_NEW.\s0 It is important that the correct implementation +type for the form of curve selected is used. +.PP +For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method. +.PP +For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All +other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the +use of montgomery multiplication (see \fBBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method +offers an implementation optimised for use with \s-1NIST\s0 recommended curves (\s-1NIST\s0 curves are available through +EC_GROUP_new_by_curve_name as described in \fBEC_GROUP_new\fR\|(3)). +.PP +The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit +optimised implementations for the \s-1NIST P224, P256\s0 and P521 curves respectively. Note, however, that these +implementations are not available on all platforms. +.PP +EC_METHOD_get_field_type identifies what type of field the \s-1EC_METHOD\s0 structure supports, which will be either +F2^m or Fp. If the field type is Fp then the value \fBNID_X9_62_prime_field\fR is returned. If the field type is +F2^m then the value \fBNID_X9_62_characteristic_two_field\fR is returned. These values are defined in the +obj_mac.h header file. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an \s-1EC_METHOD\s0 structure. +.PP +EC_METHOD_get_field_type returns an integer that identifies the type of field the \s-1EC_METHOD\s0 structure supports. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBd2i_ECPKParameters\fR\|(3), +\&\fBBN_mod_mul_montgomery\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EC_GROUP_copy.3 b/deps/openssl/mingw64/share/man/man3/EC_GROUP_copy.3 new file mode 100644 index 00000000..f41a962d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EC_GROUP_copy.3 @@ -0,0 +1,345 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_GROUP_COPY 3" +.TH EC_GROUP_COPY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis \&\- Functions for manipulating EC_GROUP objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); +\& EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); +\& +\& const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); +\& +\& int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, +\& const BIGNUM *order, const BIGNUM *cofactor); +\& const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); +\& +\& int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); +\& const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); +\& int EC_GROUP_order_bits(const EC_GROUP *group); +\& int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); +\& const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); +\& +\& void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); +\& int EC_GROUP_get_curve_name(const EC_GROUP *group); +\& +\& void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +\& int EC_GROUP_get_asn1_flag(const EC_GROUP *group); +\& +\& void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); +\& point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group); +\& +\& unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +\& size_t EC_GROUP_get_seed_len(const EC_GROUP *); +\& size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); +\& +\& int EC_GROUP_get_degree(const EC_GROUP *group); +\& +\& int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); +\& +\& int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); +\& +\& int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); +\& +\& int EC_GROUP_get_basis_type(const EC_GROUP *); +\& int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +\& int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, +\& unsigned int *k2, unsigned int *k3); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEC_GROUP_copy()\fR copies the curve \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR must use the same \s-1EC_METHOD.\s0 +.PP +\&\fBEC_GROUP_dup()\fR creates a new \s-1EC_GROUP\s0 object and copies the content from \fBsrc\fR to the newly created +\&\s-1EC_GROUP\s0 object. +.PP +\&\fBEC_GROUP_method_of()\fR obtains the \s-1EC_METHOD\s0 of \fBgroup\fR. +.PP +\&\fBEC_GROUP_set_generator()\fR sets curve parameters that must be agreed by all participants using the curve. These +parameters include the \fBgenerator\fR, the \fBorder\fR and the \fBcofactor\fR. The \fBgenerator\fR is a well defined point on the +curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and +n\-1 where n is the \fBorder\fR. The \fBorder\fR multiplied by the \fBcofactor\fR gives the number of points on the curve. +.PP +\&\fBEC_GROUP_get0_generator()\fR returns the generator for the identified \fBgroup\fR. +.PP +\&\fBEC_GROUP_get_order()\fR retrieves the order of \fBgroup\fR and copies its value into +\&\fBorder\fR. It fails in case \fBgroup\fR is not fully initialized (i.e., its order +is not set or set to zero). +.PP +\&\fBEC_GROUP_get_cofactor()\fR retrieves the cofactor of \fBgroup\fR and copies its value +into \fBcofactor\fR. It fails in case \fBgroup\fR is not fully initialized or if the +cofactor is not set (or set to zero). +.PP +The functions \fBEC_GROUP_set_curve_name()\fR and \fBEC_GROUP_get_curve_name()\fR, set and get the \s-1NID\s0 for the curve respectively +(see \fBEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name +will return NID_undef. +.PP +The asn1_flag value is used to determine whether the curve encoding uses +explicit parameters or a named curve using an \s-1ASN1 OID:\s0 many applications only +support the latter form. If asn1_flag is \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR then the +named curve form is used and the parameters must have a corresponding +named curve \s-1NID\s0 set. If asn1_flags is \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR the +parameters are explicitly encoded. The functions \fBEC_GROUP_get_asn1_flag()\fR and +\&\fBEC_GROUP_set_asn1_flag()\fR get and set the status of the asn1_flag for the curve. +Note: \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR was added in OpenSSL 1.1.0, for +previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL +1.1.0 the default form was to use explicit parameters (meaning that +applications would have to explicitly set the named curve form) in OpenSSL +1.1.0 and later the named curve form is the default. +.PP +The point_conversion_form for a curve controls how \s-1EC_POINT\s0 data is encoded as \s-1ASN1\s0 as defined in X9.62 (\s-1ECDSA\s0). +point_conversion_form_t is an enum defined as follows: +.PP +.Vb 10 +\& typedef enum { +\& /** the point is encoded as z||x, where the octet z specifies +\& * which solution of the quadratic equation y is */ +\& POINT_CONVERSION_COMPRESSED = 2, +\& /** the point is encoded as z||x||y, where z is the octet 0x04 */ +\& POINT_CONVERSION_UNCOMPRESSED = 4, +\& /** the point is encoded as z||x||y, where the octet z specifies +\& * which solution of the quadratic equation y is */ +\& POINT_CONVERSION_HYBRID = 6 +\& } point_conversion_form_t; +.Ve +.PP +For \s-1POINT_CONVERSION_UNCOMPRESSED\s0 the point is encoded as an octet signifying the \s-1UNCOMPRESSED\s0 form has been used followed by +the octets for x, followed by the octets for y. +.PP +For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For +\&\s-1POINT_CONVERSION_COMPRESSED\s0 the point is encoded as an octet signifying that the \s-1COMPRESSED\s0 form has been used \s-1AND\s0 which of +the two possible solutions for y has been used, followed by the octets for x. +.PP +For \s-1POINT_CONVERSION_HYBRID\s0 the point is encoded as an octet signifying the \s-1HYBRID\s0 form has been used \s-1AND\s0 which of the two +possible solutions for y has been used, followed by the octets for x, followed by the octets for y. +.PP +The functions \fBEC_GROUP_set_point_conversion_form()\fR and \fBEC_GROUP_get_point_conversion_form()\fR, set and get the point_conversion_form +for the curve respectively. +.PP +\&\s-1ANSI X9.62\s0 (\s-1ECDSA\s0 standard) defines a method of generating the curve parameter b from a random number. This provides advantages +in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it. +If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL \s-1EC\s0 library +does not use this seed value but does enable you to inspect it using \fBEC_GROUP_get0_seed()\fR. This returns a pointer to a memory block +containing the seed that was used. The length of the memory block can be obtained using \fBEC_GROUP_get_seed_len()\fR. A number of the +built-in curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using +\&\fBEC_GROUP_set_seed()\fR and passing a pointer to a memory block, along with the length of the seed. Again, the \s-1EC\s0 library will not use +this seed value, although it will be preserved in any \s-1ASN1\s0 based communications. +.PP +\&\fBEC_GROUP_get_degree()\fR gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be +the value m. +.PP +The function \fBEC_GROUP_check_discriminant()\fR calculates the discriminant for the curve and verifies that it is valid. +For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is +simply b. In either case for the curve to be valid the discriminant must be non zero. +.PP +The function \fBEC_GROUP_check()\fR performs a number of checks on a curve to verify that it is valid. Checks performed include +verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has +the correct order. +.PP +\&\fBEC_GROUP_cmp()\fR compares \fBa\fR and \fBb\fR to determine whether they represent the same curve or not. +.PP +The functions \fBEC_GROUP_get_basis_type()\fR, \fBEC_GROUP_get_trinomial_basis()\fR and \fBEC_GROUP_get_pentanomial_basis()\fR should only be called for curves +defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial +function f(x). This function is either a trinomial of the form: +.PP +f(x) = x^m + x^k + 1 with m > k >= 1 +.PP +or a pentanomial of the form: +.PP +f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1 +.PP +The function \fBEC_GROUP_get_basis_type()\fR returns a \s-1NID\s0 identifying whether a trinomial or pentanomial is in use for the field. The +function \fBEC_GROUP_get_trinomial_basis()\fR must only be called where f(x) is of the trinomial form, and returns the value of \fBk\fR. Similarly +the function \fBEC_GROUP_get_pentanomial_basis()\fR must only be called where f(x) is of the pentanomial form, and returns the values of \fBk1\fR, +\&\fBk2\fR and \fBk3\fR respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following functions return 1 on success or 0 on error: \fBEC_GROUP_copy()\fR, \fBEC_GROUP_set_generator()\fR, \fBEC_GROUP_check()\fR, +\&\fBEC_GROUP_check_discriminant()\fR, \fBEC_GROUP_get_trinomial_basis()\fR and \fBEC_GROUP_get_pentanomial_basis()\fR. +.PP +\&\fBEC_GROUP_dup()\fR returns a pointer to the duplicated curve, or \s-1NULL\s0 on error. +.PP +\&\fBEC_GROUP_method_of()\fR returns the \s-1EC_METHOD\s0 implementation in use for the given curve or \s-1NULL\s0 on error. +.PP +\&\fBEC_GROUP_get0_generator()\fR returns the generator for the given curve or \s-1NULL\s0 on error. +.PP +\&\fBEC_GROUP_get_order()\fR returns 0 if the order is not set (or set to zero) for +\&\fBgroup\fR or if copying into \fBorder\fR fails, 1 otherwise. +.PP +\&\fBEC_GROUP_get_cofactor()\fR returns 0 if the cofactor is not set (or is set to zero) for \fBgroup\fR or if copying into \fBcofactor\fR fails, 1 otherwise. +.PP +\&\fBEC_GROUP_get_curve_name()\fR returns the curve name (\s-1NID\s0) for \fBgroup\fR or will return NID_undef if no curve name is associated. +.PP +\&\fBEC_GROUP_get_asn1_flag()\fR returns the \s-1ASN1\s0 flag for the specified \fBgroup\fR . +.PP +\&\fBEC_GROUP_get_point_conversion_form()\fR returns the point_conversion_form for \fBgroup\fR. +.PP +\&\fBEC_GROUP_get_degree()\fR returns the degree for \fBgroup\fR or 0 if the operation is not supported by the underlying group implementation. +.PP +\&\fBEC_GROUP_get0_order()\fR returns an internal pointer to the group order. +\&\fBEC_GROUP_order_bits()\fR returns the number of bits in the group order. +\&\fBEC_GROUP_get0_cofactor()\fR returns an internal pointer to the group cofactor. +.PP +\&\fBEC_GROUP_get0_seed()\fR returns a pointer to the seed that was used to generate the parameter b, or \s-1NULL\s0 if the seed is not +specified. \fBEC_GROUP_get_seed_len()\fR returns the length of the seed or 0 if the seed is not specified. +.PP +\&\fBEC_GROUP_set_seed()\fR returns the length of the seed that has been set. If the supplied seed is \s-1NULL,\s0 or the supplied seed length is +0, the return value will be 1. On error 0 is returned. +.PP +\&\fBEC_GROUP_cmp()\fR returns 0 if the curves are equal, 1 if they are not equal, or \-1 on error. +.PP +\&\fBEC_GROUP_get_basis_type()\fR returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in ) for a +trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EC_GROUP_new.3 b/deps/openssl/mingw64/share/man/man3/EC_GROUP_new.3 new file mode 100644 index 00000000..3373ace3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EC_GROUP_new.3 @@ -0,0 +1,279 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_GROUP_NEW 3" +.TH EC_GROUP_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters, EC_GROUP_new, EC_GROUP_new_from_ecparameters, EC_GROUP_new_from_ecpkparameters, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp, EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve, EC_GROUP_get_curve, EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m, EC_get_builtin_curves \- Functions for creating and destroying EC_GROUP objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); +\& EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) +\& EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) +\& void EC_GROUP_free(EC_GROUP *group); +\& void EC_GROUP_clear_free(EC_GROUP *group); +\& +\& EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, +\& const BIGNUM *b, BN_CTX *ctx); +\& EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, +\& const BIGNUM *b, BN_CTX *ctx); +\& EC_GROUP *EC_GROUP_new_by_curve_name(int nid); +\& +\& int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, +\& const BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, +\& BN_CTX *ctx); +\& int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, +\& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, +\& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, +\& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, +\& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& +\& ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params) +\& ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params) +\& +\& size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Within the library there are two forms of elliptic curve that are of interest. +The first form is those defined over the prime field Fp. The elements of Fp are +the integers 0 to p\-1, where p is a prime number. This gives us a revised +elliptic curve equation as follows: +.PP +y^2 mod p = x^3 +ax + b mod p +.PP +The second form is those defined over a binary field F2^m where the elements of +the field are integers of length at most m bits. For this form the elliptic +curve equation is modified to: +.PP +y^2 + xy = x^3 + ax^2 + b (where b != 0) +.PP +Operations in a binary field are performed relative to an \fBirreducible +polynomial\fR. All such curves with OpenSSL use a trinomial or a pentanomial for +this parameter. +.PP +A new curve can be constructed by calling \fBEC_GROUP_new()\fR, using the +implementation provided by \fBmeth\fR (see \fBEC_GFp_simple_method\fR\|(3)). It is then +necessary to call \fBEC_GROUP_set_curve()\fR to set the curve parameters. +\&\fBEC_GROUP_new_from_ecparameters()\fR will create a group from the specified +\&\fBparams\fR and \fBEC_GROUP_new_from_ecpkparameters()\fR will create a group from the +specific \s-1PK\s0 \fBparams\fR. +.PP +\&\fBEC_GROUP_set_curve()\fR sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR. For a curve +over Fp \fBp\fR is the prime for the field. For a curve over F2^m \fBp\fR represents +the irreducible polynomial \- each bit represents a term in the polynomial. +Therefore there will either be three or five bits set dependent on whether the +polynomial is a trinomial or a pentanomial. +In either case, \fBa\fR and \fBb\fR represents the coefficients a and b from the +relevant equation introduced above. +.PP +\&\fBEC_group_get_curve()\fR obtains the previously set curve parameters. +.PP +\&\fBEC_GROUP_set_curve_GFp()\fR and \fBEC_GROUP_set_curve_GF2m()\fR are synonyms for +\&\fBEC_GROUP_set_curve()\fR. They are defined for backwards compatibility only and +should not be used. +.PP +\&\fBEC_GROUP_get_curve_GFp()\fR and \fBEC_GROUP_get_curve_GF2m()\fR are synonyms for +\&\fBEC_GROUP_get_curve()\fR. They are defined for backwards compatibility only and +should not be used. +.PP +The functions \fBEC_GROUP_new_curve_GFp()\fR and \fBEC_GROUP_new_curve_GF2m()\fR are +shortcuts for calling \fBEC_GROUP_new()\fR and then the \fBEC_GROUP_set_curve()\fR function. +An appropriate default implementation method will be used. +.PP +Whilst the library can be used to create any curve using the functions described +above, there are also a number of predefined curves that are available. In order +to obtain a list of all of the predefined curves, call the function +\&\fBEC_get_builtin_curves()\fR. The parameter \fBr\fR should be an array of +EC_builtin_curve structures of size \fBnitems\fR. The function will populate the +\&\fBr\fR array with information about the builtin curves. If \fBnitems\fR is less than +the total number of curves available, then the first \fBnitems\fR curves will be +returned. Otherwise the total number of curves will be provided. The return +value is the total number of curves available (whether that number has been +populated in \fBr\fR or not). Passing a \s-1NULL\s0 \fBr\fR, or setting \fBnitems\fR to 0 will +do nothing other than return the total number of curves available. +The EC_builtin_curve structure is defined as follows: +.PP +.Vb 4 +\& typedef struct { +\& int nid; +\& const char *comment; +\& } EC_builtin_curve; +.Ve +.PP +Each EC_builtin_curve item has a unique integer id (\fBnid\fR), and a human +readable comment string describing the curve. +.PP +In order to construct a builtin curve use the function +\&\fBEC_GROUP_new_by_curve_name()\fR and provide the \fBnid\fR of the curve to +be constructed. +.PP +\&\fBEC_GROUP_free()\fR frees the memory associated with the \s-1EC_GROUP.\s0 +If \fBgroup\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBEC_GROUP_clear_free()\fR destroys any sensitive data held within the \s-1EC_GROUP\s0 and +then frees its memory. If \fBgroup\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All EC_GROUP_new* functions return a pointer to the newly constructed group, or +\&\s-1NULL\s0 on error. +.PP +\&\fBEC_get_builtin_curves()\fR returns the number of builtin curves that are available. +.PP +\&\fBEC_GROUP_set_curve_GFp()\fR, \fBEC_GROUP_get_curve_GFp()\fR, \fBEC_GROUP_set_curve_GF2m()\fR, +\&\fBEC_GROUP_get_curve_GF2m()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EC_KEY_get_enc_flags.3 b/deps/openssl/mingw64/share/man/man3/EC_KEY_get_enc_flags.3 new file mode 100644 index 00000000..8c62fdd2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EC_KEY_get_enc_flags.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_KEY_GET_ENC_FLAGS 3" +.TH EC_KEY_GET_ENC_FLAGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_KEY_get_enc_flags, EC_KEY_set_enc_flags \&\- Get and set flags for encoding EC_KEY structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int EC_KEY_get_enc_flags(const EC_KEY *key); +\& void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The format of the external representation of the public key written by +\&\fBi2d_ECPrivateKey()\fR (such as whether it is stored in a compressed form or not) is +described by the point_conversion_form. See \fBEC_GROUP_copy\fR\|(3) +for a description of point_conversion_form. +.PP +When reading a private key encoded without an associated public key (e.g. if +\&\s-1EC_PKEY_NO_PUBKEY\s0 has been used \- see below), then \fBd2i_ECPrivateKey()\fR generates +the missing public key automatically. Private keys encoded without parameters +(e.g. if \s-1EC_PKEY_NO_PARAMETERS\s0 has been used \- see below) cannot be loaded using +\&\fBd2i_ECPrivateKey()\fR. +.PP +The functions \fBEC_KEY_get_enc_flags()\fR and \fBEC_KEY_set_enc_flags()\fR get and set the +value of the encoding flags for the \fBkey\fR. There are two encoding flags +currently defined \- \s-1EC_PKEY_NO_PARAMETERS\s0 and \s-1EC_PKEY_NO_PUBKEY.\s0 These flags +define the behaviour of how the \fBkey\fR is converted into \s-1ASN1\s0 in a call to +\&\fBi2d_ECPrivateKey()\fR. If \s-1EC_PKEY_NO_PARAMETERS\s0 is set then the public parameters for +the curve are not encoded along with the private key. If \s-1EC_PKEY_NO_PUBKEY\s0 is +set then the public key is not encoded along with the private key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEC_KEY_get_enc_flags()\fR returns the value of the current encoding flags for the +\&\s-1EC_KEY.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), +\&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), +\&\fBEC_POINT_add\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), +\&\fBd2i_ECPKParameters\fR\|(3), +\&\fBd2i_ECPrivateKey\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EC_KEY_new.3 b/deps/openssl/mingw64/share/man/man3/EC_KEY_new.3 new file mode 100644 index 00000000..91d4d8e8 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EC_KEY_new.3 @@ -0,0 +1,309 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_KEY_NEW 3" +.TH EC_KEY_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_conv_form, EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, EC_KEY_priv2buf \- Functions for creating, destroying and manipulating EC_KEY objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EC_KEY *EC_KEY_new(void); +\& int EC_KEY_get_flags(const EC_KEY *key); +\& void EC_KEY_set_flags(EC_KEY *key, int flags); +\& void EC_KEY_clear_flags(EC_KEY *key, int flags); +\& EC_KEY *EC_KEY_new_by_curve_name(int nid); +\& void EC_KEY_free(EC_KEY *key); +\& EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); +\& EC_KEY *EC_KEY_dup(const EC_KEY *src); +\& int EC_KEY_up_ref(EC_KEY *key); +\& ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); +\& const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); +\& int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); +\& const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); +\& int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); +\& const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); +\& int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); +\& point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +\& void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); +\& void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); +\& int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); +\& int EC_KEY_generate_key(EC_KEY *key); +\& int EC_KEY_check_key(const EC_KEY *key); +\& int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); +\& const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +\& int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +\& +\& int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len, BN_CTX *ctx); +\& size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form, +\& unsigned char **pbuf, BN_CTX *ctx); +\& +\& int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len); +\& size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len); +\& +\& size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \s-1EC_KEY\s0 represents a public key and, optionally, the associated private +key. A new \s-1EC_KEY\s0 with no associated curve can be constructed by calling +\&\fBEC_KEY_new()\fR. The reference count for the newly created \s-1EC_KEY\s0 is initially +set to 1. A curve can be associated with the \s-1EC_KEY\s0 by calling +\&\fBEC_KEY_set_group()\fR. +.PP +Alternatively a new \s-1EC_KEY\s0 can be constructed by calling +\&\fBEC_KEY_new_by_curve_name()\fR and supplying the nid of the associated curve. See +\&\fBEC_GROUP_new\fR\|(3) for a description of curve names. This function simply +wraps calls to \fBEC_KEY_new()\fR and \fBEC_GROUP_new_by_curve_name()\fR. +.PP +Calling \fBEC_KEY_free()\fR decrements the reference count for the \s-1EC_KEY\s0 object, +and if it has dropped to zero then frees the memory associated with it. If +\&\fBkey\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fBsrc\fR into \fBdest\fR. +.PP +\&\fBEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fBec_key\fR into it. +.PP +\&\fBEC_KEY_up_ref()\fR increments the reference count associated with the \s-1EC_KEY\s0 +object. +.PP +\&\fBEC_KEY_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for +this \s-1EC_KEY\s0 object. +.PP +\&\fBEC_KEY_generate_key()\fR generates a new public and private key for the supplied +\&\fBeckey\fR object. \fBeckey\fR must have an \s-1EC_GROUP\s0 object associated with it +before calling this function. The private key is a random integer (0 < priv_key +< order, where \fIorder\fR is the order of the \s-1EC_GROUP\s0 object). The public key is +an \s-1EC_POINT\s0 on the curve calculated by multiplying the generator for the +curve by the private key. +.PP +\&\fBEC_KEY_check_key()\fR performs various sanity checks on the \s-1EC_KEY\s0 object to +confirm that it is valid. +.PP +\&\fBEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fBkey\fR based +on its affine co-ordinates; i.e., it constructs an \s-1EC_POINT\s0 object based on +the supplied \fBx\fR and \fBy\fR values and sets the public key to be this +\&\s-1EC_POINT.\s0 It also performs certain sanity checks on the key to confirm +that it is valid. +.PP +The functions \fBEC_KEY_get0_group()\fR, \fBEC_KEY_set_group()\fR, +\&\fBEC_KEY_get0_private_key()\fR, \fBEC_KEY_set_private_key()\fR, \fBEC_KEY_get0_public_key()\fR, +and \fBEC_KEY_set_public_key()\fR get and set the \s-1EC_GROUP\s0 object, the private key, +and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively. +.PP +The functions \fBEC_KEY_get_conv_form()\fR and \fBEC_KEY_set_conv_form()\fR get and set the +point_conversion_form for the \fBkey\fR. For a description of +point_conversion_forms please see \fBEC_POINT_new\fR\|(3). +.PP +\&\fBEC_KEY_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0 +object. Any flags that are already set are left set. The flags currently +defined are \s-1EC_FLAG_NON_FIPS_ALLOW\s0 and \s-1EC_FLAG_FIPS_CHECKED.\s0 In +addition there is the flag \s-1EC_FLAG_COFACTOR_ECDH\s0 which is specific to \s-1ECDH.\s0 +\&\fBEC_KEY_get_flags()\fR returns the current flags that are set for this \s-1EC_KEY.\s0 +\&\fBEC_KEY_clear_flags()\fR clears the flags indicated by the \fBflags\fR parameter; all +other flags are left in their existing state. +.PP +\&\fBEC_KEY_set_asn1_flag()\fR sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object +(if set). Refer to \fBEC_GROUP_copy\fR\|(3) for further information on the +asn1_flag. +.PP +\&\fBEC_KEY_precompute_mult()\fR stores multiples of the underlying \s-1EC_GROUP\s0 generator +for faster point multiplication. See also \fBEC_POINT_add\fR\|(3). +.PP +\&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_key2buf()\fR are identical to the functions +\&\fBEC_POINT_oct2point()\fR and \fBEC_KEY_point2buf()\fR except they use the public key +\&\s-1EC_POINT\s0 in \fBeckey\fR. +.PP +\&\fBEC_KEY_oct2priv()\fR and \fBEC_KEY_priv2oct()\fR convert between the private key +component of \fBeckey\fR and octet form. The octet form consists of the content +octets of the \fBprivateKey\fR \s-1OCTET STRING\s0 in an \fBECPrivateKey\fR \s-1ASN.1\s0 structure. +.PP +The function \fBEC_KEY_priv2oct()\fR must be supplied with a buffer long enough to +store the octet form. The return value provides the number of octets stored. +Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but +will just return the required buffer length. +.PP +The function \fBEC_KEY_priv2buf()\fR allocates a buffer of suitable length and writes +an \s-1EC_KEY\s0 to it in octet format. The allocated buffer is written to \fB*pbuf\fR +and its length is returned. The caller must free up the allocated buffer with a +call to \fBOPENSSL_free()\fR. Since the allocated buffer value is written to \fB*pbuf\fR +the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. +.PP +\&\fBEC_KEY_priv2buf()\fR converts an \s-1EC_KEY\s0 private key into an allocated buffer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEC_KEY_new()\fR, \fBEC_KEY_new_by_curve_name()\fR and \fBEC_KEY_dup()\fR return a pointer to +the newly created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error. +.PP +\&\fBEC_KEY_get_flags()\fR returns the flags associated with the \s-1EC_KEY\s0 object as an +integer. +.PP +\&\fBEC_KEY_copy()\fR returns a pointer to the destination key, or \s-1NULL\s0 on error. +.PP +\&\fBEC_KEY_get0_engine()\fR returns a pointer to an \s-1ENGINE,\s0 or \s-1NULL\s0 if it wasn't set. +.PP +\&\fBEC_KEY_up_ref()\fR, \fBEC_KEY_set_group()\fR, \fBEC_KEY_set_private_key()\fR, +\&\fBEC_KEY_set_public_key()\fR, \fBEC_KEY_precompute_mult()\fR, \fBEC_KEY_generate_key()\fR, +\&\fBEC_KEY_check_key()\fR, \fBEC_KEY_set_public_key_affine_coordinates()\fR, +\&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_oct2priv()\fR return 1 on success or 0 on error. +.PP +\&\fBEC_KEY_get0_group()\fR returns the \s-1EC_GROUP\s0 associated with the \s-1EC_KEY.\s0 +.PP +\&\fBEC_KEY_get0_private_key()\fR returns the private key associated with the \s-1EC_KEY.\s0 +.PP +\&\fBEC_KEY_get_conv_form()\fR return the point_conversion_form for the \s-1EC_KEY.\s0 +.PP +\&\fBEC_KEY_key2buf()\fR, \fBEC_KEY_priv2oct()\fR and \fBEC_KEY_priv2buf()\fR return the length +of the buffer or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), +\&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), +\&\fBEC_POINT_add\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), +\&\fBd2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EC_POINT_add.3 b/deps/openssl/mingw64/share/man/man3/EC_POINT_add.3 new file mode 100644 index 00000000..763a1095 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EC_POINT_add.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_POINT_ADD 3" +.TH EC_POINT_ADD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult \- Functions for performing mathematical operations and tests on EC_POINT objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, +\& const EC_POINT *b, BN_CTX *ctx); +\& int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); +\& int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); +\& int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); +\& int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); +\& int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); +\& int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +\& int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, +\& EC_POINT *points[], BN_CTX *ctx); +\& int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, +\& const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); +\& int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, +\& const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); +\& int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +\& int EC_GROUP_have_precompute_mult(const EC_GROUP *group); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +EC_POINT_add adds the two points \fBa\fR and \fBb\fR and places the result in \fBr\fR. Similarly EC_POINT_dbl doubles the point \fBa\fR and places the +result in \fBr\fR. In both cases it is valid for \fBr\fR to be one of \fBa\fR or \fBb\fR. +.PP +EC_POINT_invert calculates the inverse of the supplied point \fBa\fR. The result is placed back in \fBa\fR. +.PP +The function EC_POINT_is_at_infinity tests whether the supplied point is at infinity or not. +.PP +EC_POINT_is_on_curve tests whether the supplied point is on the curve or not. +.PP +EC_POINT_cmp compares the two supplied points and tests whether or not they are equal. +.PP +The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the \s-1EC_POINT\s0(s) into the affine +co-ordinate system. In the case of EC_POINTs_make_affine the value \fBnum\fR provides the number of points in the array \fBpoints\fR to be +forced. +.PP +EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * \fBn\fR + \fBq\fR * \fBm\fR and stores the result in \fBr\fR. +The value \fBn\fR may be \s-1NULL\s0 in which case the result is just \fBq\fR * \fBm\fR (variable point multiplication). Alternatively, both \fBq\fR and \fBm\fR may be \s-1NULL,\s0 and \fBn\fR non-NULL, in which case the result is just generator * \fBn\fR (fixed point multiplication). +When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm\fR) is in the range [0, ec_group_order). +.PP +EC_POINTs_mul calculates the value generator * \fBn\fR + \fBq[0]\fR * \fBm[0]\fR + ... + \fBq[num\-1]\fR * \fBm[num\-1]\fR. As for EC_POINT_mul the value \fBn\fR may be \s-1NULL\s0 or \fBnum\fR may be zero. +When performing a fixed point multiplication (\fBn\fR is non-NULL and \fBnum\fR is 0) or a variable point multiplication (\fBn\fR is \s-1NULL\s0 and \fBnum\fR is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm[0]\fR) is in the range [0, ec_group_order). +.PP +The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst +EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fBEC_GROUP_copy\fR\|(3) for information +about the generator. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine, +EC_POINTs_make_affine, EC_POINTs_make_affine, EC_POINT_mul, EC_POINTs_mul and EC_GROUP_precompute_mult. +.PP +EC_POINT_is_at_infinity returns 1 if the point is at infinity, or 0 otherwise. +.PP +EC_POINT_is_on_curve returns 1 if the point is on the curve, 0 if not, or \-1 on error. +.PP +EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or \-1 on error. +.PP +EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EC_POINT_new.3 b/deps/openssl/mingw64/share/man/man3/EC_POINT_new.3 new file mode 100644 index 00000000..238a372a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EC_POINT_new.3 @@ -0,0 +1,359 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_POINT_NEW 3" +.TH EC_POINT_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of, EC_POINT_set_to_infinity, EC_POINT_get_Jprojective_coordinates_GFp, EC_POINT_set_affine_coordinates, EC_POINT_get_affine_coordinates, EC_POINT_set_compressed_coordinates, EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m, EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex, EC_POINT_hex2point \&\- Functions for creating, destroying and manipulating EC_POINT objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EC_POINT *EC_POINT_new(const EC_GROUP *group); +\& void EC_POINT_free(EC_POINT *point); +\& void EC_POINT_clear_free(EC_POINT *point); +\& int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); +\& EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); +\& const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); +\& int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); +\& int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& const BIGNUM *z, BN_CTX *ctx); +\& int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BIGNUM *z, +\& BN_CTX *ctx); +\& int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& BN_CTX *ctx); +\& int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +\& int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, int y_bit, +\& BN_CTX *ctx); +\& int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& BN_CTX *ctx); +\& int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +\& int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, int y_bit, +\& BN_CTX *ctx); +\& int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& BN_CTX *ctx); +\& int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +\& int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, int y_bit, +\& BN_CTX *ctx); +\& size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, +\& unsigned char *buf, size_t len, BN_CTX *ctx); +\& size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, +\& point_conversion_form_t form, +\& unsigned char **pbuf, BN_CTX *ctx); +\& int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, +\& const unsigned char *buf, size_t len, BN_CTX *ctx); +\& BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, BIGNUM *bn, +\& BN_CTX *ctx); +\& EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn, +\& EC_POINT *p, BN_CTX *ctx); +\& char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, BN_CTX *ctx); +\& EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex, +\& EC_POINT *p, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \fB\s-1EC_POINT\s0\fR structure represents a point on a curve. A new point is +constructed by calling the function \fBEC_POINT_new()\fR and providing the +\&\fBgroup\fR object that the point relates to. +.PP +\&\fBEC_POINT_free()\fR frees the memory associated with the \fB\s-1EC_POINT\s0\fR. +if \fBpoint\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBEC_POINT_clear_free()\fR destroys any sensitive data held within the \s-1EC_POINT\s0 and +then frees its memory. If \fBpoint\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBEC_POINT_copy()\fR copies the point \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR +must use the same \fB\s-1EC_METHOD\s0\fR. +.PP +\&\fBEC_POINT_dup()\fR creates a new \fB\s-1EC_POINT\s0\fR object and copies the content from +\&\fBsrc\fR to the newly created \fB\s-1EC_POINT\s0\fR object. +.PP +\&\fBEC_POINT_method_of()\fR obtains the \fB\s-1EC_METHOD\s0\fR associated with \fBpoint\fR. +.PP +A valid point on a curve is the special point at infinity. A point is set to +be at infinity by calling \fBEC_POINT_set_to_infinity()\fR. +.PP +The affine co-ordinates for a point describe a point in terms of its x and y +position. The function \fBEC_POINT_set_affine_coordinates()\fR sets the \fBx\fR and \fBy\fR +co-ordinates for the point \fBp\fR defined over the curve given in \fBgroup\fR. The +function \fBEC_POINT_get_affine_coordinates()\fR sets \fBx\fR and \fBy\fR, either of which +may be \s-1NULL,\s0 to the corresponding coordinates of \fBp\fR. +.PP +The functions \fBEC_POINT_set_affine_coordinates_GFp()\fR and +\&\fBEC_POINT_set_affine_coordinates_GF2m()\fR are synonyms for +\&\fBEC_POINT_set_affine_coordinates()\fR. They are defined for backwards compatibility +only and should not be used. +.PP +The functions \fBEC_POINT_get_affine_coordinates_GFp()\fR and +\&\fBEC_POINT_get_affine_coordinates_GF2m()\fR are synonyms for +\&\fBEC_POINT_get_affine_coordinates()\fR. They are defined for backwards compatibility +only and should not be used. +.PP +As well as the affine co-ordinates, a point can alternatively be described in +terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian +projective co-ordinates are expressed as three values x, y and z. Working in +this co-ordinate system provides more efficient point multiplication +operations. A mapping exists between Jacobian projective co-ordinates and +affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written +as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian +projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped +to (x, y, 1). To set or get the projective co-ordinates use +\&\fBEC_POINT_set_Jprojective_coordinates_GFp()\fR and +\&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR respectively. +.PP +Points can also be described in terms of their compressed co-ordinates. For a +point (x, y), for any given value for x such that the point is on the curve +there will only ever be two possible values for y. Therefore a point can be set +using the \fBEC_POINT_set_compressed_coordinates()\fR function where \fBx\fR is the x +co-ordinate and \fBy_bit\fR is a value 0 or 1 to identify which of the two +possible values for y should be used. +.PP +The functions \fBEC_POINT_set_compressed_coordinates_GFp()\fR and +\&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR are synonyms for +\&\fBEC_POINT_set_compressed_coordinates()\fR. They are defined for backwards +compatibility only and should not be used. +.PP +In addition \fB\s-1EC_POINT\s0\fR can be converted to and from various external +representations. The octet form is the binary encoding of the \fBECPoint\fR +structure (as defined in \s-1RFC5480\s0 and used in certificates and \s-1TLS\s0 records): +only the content octets are present, the \fB\s-1OCTET STRING\s0\fR tag and length are +not included. \fB\s-1BIGNUM\s0\fR form is the octet form interpreted as a big endian +integer converted to a \fB\s-1BIGNUM\s0\fR structure. Hexadecimal form is the octet +form converted to a \s-1NULL\s0 terminated character string where each character +is one of the printable values 0\-9 or A\-F (or a\-f). +.PP +The functions \fBEC_POINT_point2oct()\fR, \fBEC_POINT_oct2point()\fR, \fBEC_POINT_point2bn()\fR, +\&\fBEC_POINT_bn2point()\fR, \fBEC_POINT_point2hex()\fR and \fBEC_POINT_hex2point()\fR convert from +and to EC_POINTs for the formats: octet, \s-1BIGNUM\s0 and hexadecimal respectively. +.PP +The function \fBEC_POINT_point2oct()\fR encodes the given curve point \fBp\fR as an +octet string into the buffer \fBbuf\fR of size \fBlen\fR, using the specified +conversion form \fBform\fR. +The encoding conforms with Sec. 2.3.3 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic Curve +Cryptography\*(R") standard. +Similarly the function \fBEC_POINT_oct2point()\fR decodes a curve point into \fBp\fR from +the octet string contained in the given buffer \fBbuf\fR of size \fBlen\fR, conforming +to Sec. 2.3.4 of the \s-1SECG SEC 1\s0 (\*(L"Elliptic Curve Cryptography\*(R") standard. +.PP +The functions \fBEC_POINT_point2hex()\fR and \fBEC_POINT_point2bn()\fR convert a point \fBp\fR, +respectively, to the hexadecimal or \s-1BIGNUM\s0 representation of the same +encoding of the function \fBEC_POINT_point2oct()\fR. +Vice versa, similarly to the function \fBEC_POINT_oct2point()\fR, the functions +\&\fBEC_POINT_hex2point()\fR and \fBEC_POINT_point2bn()\fR decode the hexadecimal or +\&\s-1BIGNUM\s0 representation into the \s-1EC_POINT\s0 \fBp\fR. +.PP +Notice that, according to the standard, the octet string encoding of the point +at infinity for a given curve is fixed to a single octet of value zero and that, +vice versa, a single octet of size zero is decoded as the point at infinity. +.PP +The function \fBEC_POINT_point2oct()\fR must be supplied with a buffer long enough to +store the octet form. The return value provides the number of octets stored. +Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but +will still return the required buffer length. +.PP +The function \fBEC_POINT_point2buf()\fR allocates a buffer of suitable length and +writes an \s-1EC_POINT\s0 to it in octet format. The allocated buffer is written to +\&\fB*pbuf\fR and its length is returned. The caller must free up the allocated +buffer with a call to \fBOPENSSL_free()\fR. Since the allocated buffer value is +written to \fB*pbuf\fR the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. +.PP +The function \fBEC_POINT_point2hex()\fR will allocate sufficient memory to store the +hexadecimal string. It is the caller's responsibility to free this memory with +a subsequent call to \fBOPENSSL_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEC_POINT_new()\fR and \fBEC_POINT_dup()\fR return the newly allocated \s-1EC_POINT\s0 or \s-1NULL\s0 +on error. +.PP +The following functions return 1 on success or 0 on error: \fBEC_POINT_copy()\fR, +\&\fBEC_POINT_set_to_infinity()\fR, \fBEC_POINT_set_Jprojective_coordinates_GFp()\fR, +\&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR, +\&\fBEC_POINT_set_affine_coordinates_GFp()\fR, \fBEC_POINT_get_affine_coordinates_GFp()\fR, +\&\fBEC_POINT_set_compressed_coordinates_GFp()\fR, +\&\fBEC_POINT_set_affine_coordinates_GF2m()\fR, \fBEC_POINT_get_affine_coordinates_GF2m()\fR, +\&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR and \fBEC_POINT_oct2point()\fR. +.PP +EC_POINT_method_of returns the \s-1EC_METHOD\s0 associated with the supplied \s-1EC_POINT.\s0 +.PP +\&\fBEC_POINT_point2oct()\fR and \fBEC_POINT_point2buf()\fR return the length of the required +buffer or 0 on error. +.PP +\&\fBEC_POINT_point2bn()\fR returns the pointer to the \s-1BIGNUM\s0 supplied, or \s-1NULL\s0 on +error. +.PP +\&\fBEC_POINT_bn2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on +error. +.PP +\&\fBEC_POINT_point2hex()\fR returns a pointer to the hex string, or \s-1NULL\s0 on error. +.PP +\&\fBEC_POINT_hex2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ENGINE_add.3 b/deps/openssl/mingw64/share/man/man3/ENGINE_add.3 new file mode 100644 index 00000000..369d8e25 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ENGINE_add.3 @@ -0,0 +1,767 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ENGINE_ADD 3" +.TH ENGINE_ADD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ENGINE_get_DH, ENGINE_get_DSA, ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH, ENGINE_get_default_DSA, ENGINE_get_default_RAND, ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first, ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new, ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests, ENGINE_get_destroy_function, ENGINE_get_finish_function, ENGINE_get_init_function, ENGINE_get_load_privkey_function, ENGINE_get_load_pubkey_function, ENGINE_load_private_key, ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id, ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher, ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable, ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string, ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init, ENGINE_register_DH, ENGINE_register_DSA, ENGINE_register_RAND, ENGINE_register_RSA, ENGINE_register_all_complete, ENGINE_register_ciphers, ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove, ENGINE_set_DH, ENGINE_set_DSA, ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers, ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default, ENGINE_set_default_DH, ENGINE_set_default_DSA, ENGINE_set_default_RAND, ENGINE_set_default_RSA, ENGINE_set_default_ciphers, ENGINE_set_default_digests, ENGINE_set_default_string, ENGINE_set_destroy_function, ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags, ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function, ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref, ENGINE_get_table_flags, ENGINE_cleanup, ENGINE_load_builtin_engines, ENGINE_register_all_DH, ENGINE_register_all_DSA, ENGINE_register_all_RAND, ENGINE_register_all_RSA, ENGINE_register_all_ciphers, ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH, ENGINE_unregister_DSA, ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers, ENGINE_unregister_digests \&\- ENGINE cryptographic module support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ENGINE *ENGINE_get_first(void); +\& ENGINE *ENGINE_get_last(void); +\& ENGINE *ENGINE_get_next(ENGINE *e); +\& ENGINE *ENGINE_get_prev(ENGINE *e); +\& +\& int ENGINE_add(ENGINE *e); +\& int ENGINE_remove(ENGINE *e); +\& +\& ENGINE *ENGINE_by_id(const char *id); +\& +\& int ENGINE_init(ENGINE *e); +\& int ENGINE_finish(ENGINE *e); +\& +\& void ENGINE_load_builtin_engines(void); +\& +\& ENGINE *ENGINE_get_default_RSA(void); +\& ENGINE *ENGINE_get_default_DSA(void); +\& ENGINE *ENGINE_get_default_DH(void); +\& ENGINE *ENGINE_get_default_RAND(void); +\& ENGINE *ENGINE_get_cipher_engine(int nid); +\& ENGINE *ENGINE_get_digest_engine(int nid); +\& +\& int ENGINE_set_default_RSA(ENGINE *e); +\& int ENGINE_set_default_DSA(ENGINE *e); +\& int ENGINE_set_default_DH(ENGINE *e); +\& int ENGINE_set_default_RAND(ENGINE *e); +\& int ENGINE_set_default_ciphers(ENGINE *e); +\& int ENGINE_set_default_digests(ENGINE *e); +\& int ENGINE_set_default_string(ENGINE *e, const char *list); +\& +\& int ENGINE_set_default(ENGINE *e, unsigned int flags); +\& +\& unsigned int ENGINE_get_table_flags(void); +\& void ENGINE_set_table_flags(unsigned int flags); +\& +\& int ENGINE_register_RSA(ENGINE *e); +\& void ENGINE_unregister_RSA(ENGINE *e); +\& void ENGINE_register_all_RSA(void); +\& int ENGINE_register_DSA(ENGINE *e); +\& void ENGINE_unregister_DSA(ENGINE *e); +\& void ENGINE_register_all_DSA(void); +\& int ENGINE_register_DH(ENGINE *e); +\& void ENGINE_unregister_DH(ENGINE *e); +\& void ENGINE_register_all_DH(void); +\& int ENGINE_register_RAND(ENGINE *e); +\& void ENGINE_unregister_RAND(ENGINE *e); +\& void ENGINE_register_all_RAND(void); +\& int ENGINE_register_ciphers(ENGINE *e); +\& void ENGINE_unregister_ciphers(ENGINE *e); +\& void ENGINE_register_all_ciphers(void); +\& int ENGINE_register_digests(ENGINE *e); +\& void ENGINE_unregister_digests(ENGINE *e); +\& void ENGINE_register_all_digests(void); +\& int ENGINE_register_complete(ENGINE *e); +\& int ENGINE_register_all_complete(void); +\& +\& int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); +\& int ENGINE_cmd_is_executable(ENGINE *e, int cmd); +\& int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, +\& long i, void *p, void (*f)(void), int cmd_optional); +\& int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, +\& int cmd_optional); +\& +\& ENGINE *ENGINE_new(void); +\& int ENGINE_free(ENGINE *e); +\& int ENGINE_up_ref(ENGINE *e); +\& +\& int ENGINE_set_id(ENGINE *e, const char *id); +\& int ENGINE_set_name(ENGINE *e, const char *name); +\& int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +\& int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +\& int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +\& int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +\& int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +\& int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +\& int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +\& int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +\& int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); +\& int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +\& int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +\& int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +\& int ENGINE_set_flags(ENGINE *e, int flags); +\& int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +\& +\& const char *ENGINE_get_id(const ENGINE *e); +\& const char *ENGINE_get_name(const ENGINE *e); +\& const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +\& const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +\& const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +\& const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +\& ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +\& ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +\& ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +\& const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +\& const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +\& int ENGINE_get_flags(const ENGINE *e); +\& const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +\& +\& EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +\& EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +.Ve +.PP +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void ENGINE_cleanup(void) +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions create, manipulate, and use cryptographic modules in the +form of \fB\s-1ENGINE\s0\fR objects. These objects act as containers for +implementations of cryptographic algorithms, and support a +reference-counted mechanism to allow them to be dynamically loaded in and +out of the running application. +.PP +The cryptographic functionality that can be provided by an \fB\s-1ENGINE\s0\fR +implementation includes the following abstractions; +.PP +.Vb 6 +\& RSA_METHOD \- for providing alternative RSA implementations +\& DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD, +\& \- similarly for other OpenSSL APIs +\& EVP_CIPHER \- potentially multiple cipher algorithms (indexed by \*(Aqnid\*(Aq) +\& EVP_DIGEST \- potentially multiple hash algorithms (indexed by \*(Aqnid\*(Aq) +\& key\-loading \- loading public and/or private EVP_PKEY keys +.Ve +.SS "Reference counting and handles" +.IX Subsection "Reference counting and handles" +Due to the modular nature of the \s-1ENGINE API,\s0 pointers to ENGINEs need to be +treated as handles \- ie. not only as pointers, but also as references to +the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when +making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and +released) independently. +.PP +\&\s-1ENGINE\s0 objects have two levels of reference-counting to match the way in +which the objects are used. At the most basic level, each \s-1ENGINE\s0 pointer is +inherently a \fBstructural\fR reference \- a structural reference is required +to use the pointer value at all, as this kind of reference is a guarantee +that the structure can not be deallocated until the reference is released. +.PP +However, a structural reference provides no guarantee that the \s-1ENGINE\s0 is +initialised and able to use any of its cryptographic +implementations. Indeed it's quite possible that most ENGINEs will not +initialise at all in typical environments, as ENGINEs are typically used to +support specialised hardware. To use an \s-1ENGINE\s0's functionality, you need a +\&\fBfunctional\fR reference. This kind of reference can be considered a +specialised form of structural reference, because each functional reference +implicitly contains a structural reference as well \- however to avoid +difficult-to-find programming bugs, it is recommended to treat the two +kinds of reference independently. If you have a functional reference to an +\&\s-1ENGINE,\s0 you have a guarantee that the \s-1ENGINE\s0 has been initialised and +is ready to perform cryptographic operations, and will remain initialised +until after you have released your reference. +.PP +\&\fIStructural references\fR +.PP +This basic type of reference is used for instantiating new ENGINEs, +iterating across OpenSSL's internal linked-list of loaded +ENGINEs, reading information about an \s-1ENGINE,\s0 etc. Essentially a structural +reference is sufficient if you only need to query or manipulate the data of +an \s-1ENGINE\s0 implementation rather than use its functionality. +.PP +The \fBENGINE_new()\fR function returns a structural reference to a new (empty) +\&\s-1ENGINE\s0 object. There are other \s-1ENGINE API\s0 functions that return structural +references such as; \fBENGINE_by_id()\fR, \fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, +\&\fBENGINE_get_next()\fR, \fBENGINE_get_prev()\fR. All structural references should be +released by a corresponding to call to the \fBENGINE_free()\fR function \- the +\&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when +the last structural reference is released. +.PP +It should also be noted that many \s-1ENGINE API\s0 function calls that accept a +structural reference will internally obtain another reference \- typically +this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after +the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to +OpenSSL's internal list is \fBENGINE_add()\fR \- if this function returns success, +then OpenSSL will have stored a new structural reference internally so the +caller is still responsible for freeing their own reference with +\&\fBENGINE_free()\fR when they are finished with it. In a similar way, some +functions will automatically release the structural reference passed to it +if part of the function's job is to do so. Eg. the \fBENGINE_get_next()\fR and +\&\fBENGINE_get_prev()\fR functions are used for iterating across the internal +\&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or +previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the +list, but in either case the structural reference passed to the function is +released on behalf of the caller. +.PP +To clarify a particular function's handling of references, one should +always consult that function's documentation \*(L"man\*(R" page, or failing that +the openssl/engine.h header file includes some hints. +.PP +\&\fIFunctional references\fR +.PP +As mentioned, functional references exist when the cryptographic +functionality of an \s-1ENGINE\s0 is required to be available. A functional +reference can be obtained in one of two ways; from an existing structural +reference to the required \s-1ENGINE,\s0 or by asking OpenSSL for the default +operational \s-1ENGINE\s0 for a given cryptographic purpose. +.PP +To obtain a functional reference from an existing structural reference, +call the \fBENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not +already operational and couldn't be successfully initialised (eg. lack of +system drivers, no special hardware attached, etc), otherwise it will +return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will +have allocated a new \fBfunctional\fR reference to the \s-1ENGINE.\s0 All functional +references are released by calling \fBENGINE_finish()\fR (which removes the +implicit structural reference as well). +.PP +The second way to get a functional reference is by asking OpenSSL for a +default implementation for a given task, eg. by \fBENGINE_get_default_RSA()\fR, +\&\fBENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next +section, though they are not usually required by application programmers as +they are used automatically when creating and using the relevant +algorithm-specific types in OpenSSL, such as \s-1RSA, DSA, EVP_CIPHER_CTX,\s0 etc. +.SS "Default implementations" +.IX Subsection "Default implementations" +For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table +of state to control which implementations are available for a given +abstraction and which should be used by default. These implementations are +registered in the tables and indexed by an 'nid' value, because +abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct +algorithms and modes, and ENGINEs can support arbitrarily many of them. +In the case of other abstractions like \s-1RSA, DSA,\s0 etc, there is only one +\&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid' +index. +.PP +When a default \s-1ENGINE\s0 is requested for a given abstraction/algorithm/mode, (eg. +when calling RSA_new_method(\s-1NULL\s0)), a \*(L"get_default\*(R" call will be made to the +\&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a +functional reference to an initialised \s-1ENGINE\s0 whose implementation should be +used. If no \s-1ENGINE\s0 should (or can) be used, it will return \s-1NULL\s0 and the caller +will operate with a \s-1NULL ENGINE\s0 handle \- this usually equates to using the +conventional software implementation. In the latter case, OpenSSL will from +then on behave the way it used to before the \s-1ENGINE API\s0 existed. +.PP +Each state table has a flag to note whether it has processed this +\&\*(L"get_default\*(R" query since the table was last modified, because to process +this question it must iterate across all the registered ENGINEs in the +table trying to initialise each of them in turn, in case one of them is +operational. If it returns a functional reference to an \s-1ENGINE,\s0 it will +also cache another reference to speed up processing future queries (without +needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0 +response if no \s-1ENGINE\s0 was available so that future queries won't repeat the +same iteration unless the state table changes. This behaviour can also be +changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using +\&\fBENGINE_set_table_flags()\fR), no attempted initialisations will take place, +instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the +\&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. +\&\fBENGINE_set_default_RSA()\fR does the same job as \fBENGINE_register_RSA()\fR except +that it also sets the state table's cached response for the \*(L"get_default\*(R" +query. In the case of abstractions like \s-1EVP_CIPHER,\s0 where implementations are +indexed by 'nid', these flags and cached-responses are distinct for each 'nid' +value. +.SS "Application requirements" +.IX Subsection "Application requirements" +This section will explain the basic things an application programmer should +support to make the most useful elements of the \s-1ENGINE\s0 functionality +available to the user. The first thing to consider is whether the +programmer wishes to make alternative \s-1ENGINE\s0 modules available to the +application and user. OpenSSL maintains an internal linked list of +\&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is +empty and in fact if an application does not call any \s-1ENGINE API\s0 calls and +it uses static linking against openssl, then the resulting application +binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first +consideration is whether any/all available \s-1ENGINE\s0 implementations should be +made visible to OpenSSL \- this is controlled by calling the various \*(L"load\*(R" +functions. +.PP +The fact that ENGINEs are made visible to OpenSSL (and thus are linked into +the program and loaded into memory at run-time) does not mean they are +\&\*(L"registered\*(R" or called into use by OpenSSL automatically \- that behaviour +is something for the application to control. Some applications +will want to allow the user to specify exactly which \s-1ENGINE\s0 they want used +if any is to be used at all. Others may prefer to load all support and have +OpenSSL automatically use at run-time any \s-1ENGINE\s0 that is able to +successfully initialise \- ie. to assume that this corresponds to +acceleration hardware attached to the machine or some such thing. There are +probably numerous other ways in which applications may prefer to handle +things, so we will simply illustrate the consequences as they apply to a +couple of simple cases and leave developers to consider these and the +source code to openssl's builtin utilities as guides. +.PP +If no \s-1ENGINE API\s0 functions are called within an application, then OpenSSL +will not allocate any internal resources. Prior to OpenSSL 1.1.0, however, +if any ENGINEs are loaded, even if not registered or used, it was necessary to +call \fBENGINE_cleanup()\fR before the program exits. +.PP +\&\fIUsing a specific \s-1ENGINE\s0 implementation\fR +.PP +Here we'll assume an application has been configured by its user or admin +to want to use the \*(L"\s-1ACME\*(R" ENGINE\s0 if it is available in the version of +OpenSSL the application was compiled with. If it is available, it should be +used by default for all \s-1RSA, DSA,\s0 and symmetric cipher operations, otherwise +OpenSSL should use its builtin software as per usual. The following code +illustrates how to approach this; +.PP +.Vb 10 +\& ENGINE *e; +\& const char *engine_id = "ACME"; +\& ENGINE_load_builtin_engines(); +\& e = ENGINE_by_id(engine_id); +\& if (!e) +\& /* the engine isn\*(Aqt available */ +\& return; +\& if (!ENGINE_init(e)) { +\& /* the engine couldn\*(Aqt initialise, release \*(Aqe\*(Aq */ +\& ENGINE_free(e); +\& return; +\& } +\& if (!ENGINE_set_default_RSA(e)) +\& /* +\& * This should only happen when \*(Aqe\*(Aq can\*(Aqt initialise, but the previous +\& * statement suggests it did. +\& */ +\& abort(); +\& ENGINE_set_default_DSA(e); +\& ENGINE_set_default_ciphers(e); +\& /* Release the functional reference from ENGINE_init() */ +\& ENGINE_finish(e); +\& /* Release the structural reference from ENGINE_by_id() */ +\& ENGINE_free(e); +.Ve +.PP +\&\fIAutomatically using builtin \s-1ENGINE\s0 implementations\fR +.PP +Here we'll assume we want to load and register all \s-1ENGINE\s0 implementations +bundled with OpenSSL, such that for any cryptographic algorithm required by +OpenSSL \- if there is an \s-1ENGINE\s0 that implements it and can be initialised, +it should be used. The following code illustrates how this can work; +.PP +.Vb 4 +\& /* Load all bundled ENGINEs into memory and make them visible */ +\& ENGINE_load_builtin_engines(); +\& /* Register all of them for every algorithm they collectively implement */ +\& ENGINE_register_all_complete(); +.Ve +.PP +That's all that's required. Eg. the next time OpenSSL tries to set up an +\&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to +\&\fBENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the +default for \s-1RSA\s0 use from then on. +.SS "Advanced configuration support" +.IX Subsection "Advanced configuration support" +There is a mechanism supported by the \s-1ENGINE\s0 framework that allows each +\&\s-1ENGINE\s0 implementation to define an arbitrary set of configuration +\&\*(L"commands\*(R" and expose them to OpenSSL and any applications based on +OpenSSL. This mechanism is entirely based on the use of name-value pairs +and assumes \s-1ASCII\s0 input (no unicode or \s-1UTF\s0 for now!), so it is ideal if +applications want to provide a transparent way for users to provide +arbitrary configuration \*(L"directives\*(R" directly to such ENGINEs. It is also +possible for the application to dynamically interrogate the loaded \s-1ENGINE\s0 +implementations for the names, descriptions, and input flags of their +available \*(L"control commands\*(R", providing a more flexible configuration +scheme. However, if the user is expected to know which \s-1ENGINE\s0 device he/she +is using (in the case of specialised hardware, this goes without saying) +then applications may not need to concern themselves with discovering the +supported control commands and simply prefer to pass settings into ENGINEs +exactly as they are provided by the user. +.PP +Before illustrating how control commands work, it is worth mentioning what +they are typically used for. Broadly speaking there are two uses for +control commands; the first is to provide the necessary details to the +implementation (which may know nothing at all specific to the host system) +so that it can be initialised for use. This could include the path to any +driver or config files it needs to load, required network addresses, +smart-card identifiers, passwords to initialise protected devices, +logging information, etc etc. This class of commands typically needs to be +passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before +calling \fBENGINE_init()\fR. The other class of commands consist of settings or +operations that tweak certain behaviour or cause certain operations to take +place, and these commands may work either before or after \fBENGINE_init()\fR, or +in some cases both. \s-1ENGINE\s0 implementations should provide indications of +this in the descriptions attached to builtin control commands and/or in +external product documentation. +.PP +\&\fIIssuing control commands to an \s-1ENGINE\s0\fR +.PP +Let's illustrate by example; a function for which the caller supplies the +name of the \s-1ENGINE\s0 it wishes to use, a table of string-pairs for use before +initialisation, and another table for use after initialisation. Note that +the string-pairs used for control commands consist of a command \*(L"name\*(R" +followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some +cases but the name can not. This function should initialise the \s-1ENGINE\s0 +(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards) +and set it as the default for everything except \s-1RAND\s0 and then return a +boolean success or failure. +.PP +.Vb 10 +\& int generic_load_engine_fn(const char *engine_id, +\& const char **pre_cmds, int pre_num, +\& const char **post_cmds, int post_num) +\& { +\& ENGINE *e = ENGINE_by_id(engine_id); +\& if (!e) return 0; +\& while (pre_num\-\-) { +\& if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id, +\& pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)"); +\& ENGINE_free(e); +\& return 0; +\& } +\& pre_cmds += 2; +\& } +\& if (!ENGINE_init(e)) { +\& fprintf(stderr, "Failed initialisation\en"); +\& ENGINE_free(e); +\& return 0; +\& } +\& /* +\& * ENGINE_init() returned a functional reference, so free the structural +\& * reference from ENGINE_by_id(). +\& */ +\& ENGINE_free(e); +\& while (post_num\-\-) { +\& if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id, +\& post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)"); +\& ENGINE_finish(e); +\& return 0; +\& } +\& post_cmds += 2; +\& } +\& ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND); +\& /* Success */ +\& return 1; +\& } +.Ve +.PP +Note that \fBENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can +relax the semantics of the function \- if set non-zero it will only return +failure if the \s-1ENGINE\s0 supported the given command name but failed while +executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply +return success without doing anything. In this case we assume the user is +only supplying commands specific to the given \s-1ENGINE\s0 so we set this to +\&\s-1FALSE.\s0 +.PP +\&\fIDiscovering supported control commands\fR +.PP +It is possible to discover at run-time the names, numerical-ids, descriptions +and input parameters of the control commands supported by an \s-1ENGINE\s0 using a +structural reference. Note that some control commands are defined by OpenSSL +itself and it will intercept and handle these control commands on behalf of the +\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fBctrl()\fR handler is not used for the control command. +openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control commands +implemented by ENGINEs should be numbered from. Any command value lower than +this symbol is considered a \*(L"generic\*(R" command is handled directly by the +OpenSSL core routines. +.PP +It is using these \*(L"core\*(R" control commands that one can discover the control +commands implemented by a given \s-1ENGINE,\s0 specifically the commands: +.PP +.Vb 9 +\& ENGINE_HAS_CTRL_FUNCTION +\& ENGINE_CTRL_GET_FIRST_CMD_TYPE +\& ENGINE_CTRL_GET_NEXT_CMD_TYPE +\& ENGINE_CTRL_GET_CMD_FROM_NAME +\& ENGINE_CTRL_GET_NAME_LEN_FROM_CMD +\& ENGINE_CTRL_GET_NAME_FROM_CMD +\& ENGINE_CTRL_GET_DESC_LEN_FROM_CMD +\& ENGINE_CTRL_GET_DESC_FROM_CMD +\& ENGINE_CTRL_GET_CMD_FLAGS +.Ve +.PP +Whilst these commands are automatically processed by the OpenSSL framework code, +they use various properties exposed by each \s-1ENGINE\s0 to process these +queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect how this behaves; +it can supply a \fBctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in +the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions. +If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will +simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fBctrl()\fR +handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to +reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the +OpenSSL framework code will work with the following rules: +.PP +.Vb 9 +\& if no ctrl() handler supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero), +\& all other commands fail. +\& if a ctrl() handler was supplied but no array of control commands; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands fail. +\& if a ctrl() handler and array of control commands was supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands proceed processing ... +.Ve +.PP +If the \s-1ENGINE\s0's array of control commands is empty then all other commands will +fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of +the first command supported by the \s-1ENGINE, ENGINE_GET_NEXT_CMD_TYPE\s0 takes the +identifier of a command supported by the \s-1ENGINE\s0 and returns the next command +identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string +name for a command and returns the corresponding identifier or fails if no such +command name exists, and the remaining commands take a command identifier and +return properties of the corresponding commands. All except +\&\s-1ENGINE_CTRL_GET_FLAGS\s0 return the string length of a command name or description, +or populate a supplied character buffer with a copy of the command name or +description. \s-1ENGINE_CTRL_GET_FLAGS\s0 returns a bitwise-OR'd mask of the following +possible values: +.PP +.Vb 4 +\& ENGINE_CMD_FLAG_NUMERIC +\& ENGINE_CMD_FLAG_STRING +\& ENGINE_CMD_FLAG_NO_INPUT +\& ENGINE_CMD_FLAG_INTERNAL +.Ve +.PP +If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely +informational to the caller \- this flag will prevent the command being usable +for any higher-level \s-1ENGINE\s0 functions such as \fBENGINE_ctrl_cmd_string()\fR. +\&\*(L"\s-1INTERNAL\*(R"\s0 commands are not intended to be exposed to text-based configuration +by applications, administrations, users, etc. These can support arbitrary +operations via \fBENGINE_ctrl()\fR, including passing to and/or from the control +commands data of any arbitrary type. These commands are supported in the +discovery mechanisms simply to allow applications to determine if an \s-1ENGINE\s0 +supports certain specific commands it might want to use (eg. application \*(L"foo\*(R" +might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\*(R"\s0 \- +and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific +extension). +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IX Item "OPENSSL_ENGINES" +The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, \fBENGINE_get_next()\fR and \fBENGINE_get_prev()\fR +return a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBENGINE_add()\fR and \fBENGINE_remove()\fR return 1 on success or 0 on error. +.PP +\&\fBENGINE_by_id()\fR returns a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBENGINE_init()\fR and \fBENGINE_finish()\fR return 1 on success or 0 on error. +.PP +All \fBENGINE_get_default_TYPE()\fR functions, \fBENGINE_get_cipher_engine()\fR and +\&\fBENGINE_get_digest_engine()\fR return a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 +if an error occurred. +.PP +All \fBENGINE_set_default_TYPE()\fR functions return 1 on success or 0 on error. +.PP +\&\fBENGINE_set_default()\fR returns 1 on success or 0 on error. +.PP +\&\fBENGINE_get_table_flags()\fR returns an unsigned integer value representing the +global table flags which are used to control the registration behaviour of +\&\fB\s-1ENGINE\s0\fR implementations. +.PP +All \fBENGINE_register_TYPE()\fR functions return 1 on success or 0 on error. +.PP +\&\fBENGINE_register_complete()\fR and \fBENGINE_register_all_complete()\fR return 1 on success +or 0 on error. +.PP +\&\fBENGINE_ctrl()\fR returns a positive value on success or others on error. +.PP +\&\fBENGINE_cmd_is_executable()\fR returns 1 if \fBcmd\fR is executable or 0 otherwise. +.PP +\&\fBENGINE_ctrl_cmd()\fR and \fBENGINE_ctrl_cmd_string()\fR return 1 on success or 0 on error. +.PP +\&\fBENGINE_new()\fR returns a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 if an error +occurred. +.PP +\&\fBENGINE_free()\fR returns 1 on success or 0 on error. +.PP +\&\fBENGINE_up_ref()\fR returns 1 on success or 0 on error. +.PP +\&\fBENGINE_set_id()\fR and \fBENGINE_set_name()\fR return 1 on success or 0 on error. +.PP +All other \fBENGINE_set_*\fR functions return 1 on success or 0 on error. +.PP +\&\fBENGINE_get_id()\fR and \fBENGINE_get_name()\fR return a string representing the identifier +and the name of the \s-1ENGINE\s0 \fBe\fR respectively. +.PP +\&\fBENGINE_get_RSA()\fR, \fBENGINE_get_DSA()\fR, \fBENGINE_get_DH()\fR and \fBENGINE_get_RAND()\fR +return corresponding method structures for each algorithms. +.PP +\&\fBENGINE_get_destroy_function()\fR, \fBENGINE_get_init_function()\fR, +\&\fBENGINE_get_finish_function()\fR, \fBENGINE_get_ctrl_function()\fR, +\&\fBENGINE_get_load_privkey_function()\fR, \fBENGINE_get_load_pubkey_function()\fR, +\&\fBENGINE_get_ciphers()\fR and \fBENGINE_get_digests()\fR return corresponding function +pointers of the callbacks. +.PP +\&\fBENGINE_get_cipher()\fR returns a valid \fB\s-1EVP_CIPHER\s0\fR structure on success or \s-1NULL\s0 +if an error occurred. +.PP +\&\fBENGINE_get_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure on success or \s-1NULL\s0 if an +error occurred. +.PP +\&\fBENGINE_get_flags()\fR returns an integer representing the \s-1ENGINE\s0 flags which are +used to control various behaviours of an \s-1ENGINE.\s0 +.PP +\&\fBENGINE_get_cmd_defns()\fR returns an \fB\s-1ENGINE_CMD_DEFN\s0\fR structure or \s-1NULL\s0 if it's +not set. +.PP +\&\fBENGINE_load_private_key()\fR and \fBENGINE_load_public_key()\fR return a valid \fB\s-1EVP_PKEY\s0\fR +structure on success or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_init_crypto\fR\|(3), \fBRSA_new_method\fR\|(3), \fBDSA_new\fR\|(3), \fBDH_new\fR\|(3), +\&\fBRAND_bytes\fR\|(3), \fBconfig\fR\|(5) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBENGINE_cleanup()\fR was deprecated in OpenSSL 1.1.0 by the automatic cleanup +done by \fBOPENSSL_cleanup()\fR +and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ERR_GET_LIB.3 b/deps/openssl/mingw64/share/man/man3/ERR_GET_LIB.3 new file mode 100644 index 00000000..326a6965 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ERR_GET_LIB.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_GET_LIB 3" +.TH ERR_GET_LIB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR \&\- get information from error codes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ERR_GET_LIB(unsigned long e); +\& +\& int ERR_GET_FUNC(unsigned long e); +\& +\& int ERR_GET_REASON(unsigned long e); +\& +\& int ERR_FATAL_ERROR(unsigned long e); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The error code returned by \fBERR_get_error()\fR consists of a library +number, function code and reason code. \s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR +and \s-1\fBERR_GET_REASON\s0()\fR can be used to extract these. +.PP +\&\s-1\fBERR_FATAL_ERROR\s0()\fR indicates whether a given error code is a fatal error. +.PP +The library number and function code describe where the error +occurred, the reason code is the information about what went wrong. +.PP +Each sub-library of OpenSSL has a unique library number; function and +reason codes are unique within each sub-library. Note that different +libraries may use the same value to signal different functions and +reasons. +.PP +\&\fB\s-1ERR_R_...\s0\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally +unique. However, when checking for sub-library specific reason codes, +be sure to also compare the library number. +.PP +\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR, \s-1\fBERR_GET_REASON\s0()\fR, and \s-1\fBERR_FATAL_ERROR\s0()\fR + are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The library number, function code, reason code, and whether the error +is fatal, respectively. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR are available in +all versions of OpenSSL. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ERR_clear_error.3 b/deps/openssl/mingw64/share/man/man3/ERR_clear_error.3 new file mode 100644 index 00000000..9e5cec6a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ERR_clear_error.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_CLEAR_ERROR 3" +.TH ERR_CLEAR_ERROR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_clear_error \- clear the error queue +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_clear_error(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_clear_error()\fR empties the current thread's error queue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_clear_error()\fR has no return value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ERR_error_string.3 b/deps/openssl/mingw64/share/man/man3/ERR_error_string.3 new file mode 100644 index 00000000..7b2b946e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ERR_error_string.3 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_ERROR_STRING 3" +.TH ERR_ERROR_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_error_string, ERR_error_string_n, ERR_lib_error_string, ERR_func_error_string, ERR_reason_error_string \- obtain human\-readable error message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& char *ERR_error_string(unsigned long e, char *buf); +\& void ERR_error_string_n(unsigned long e, char *buf, size_t len); +\& +\& const char *ERR_lib_error_string(unsigned long e); +\& const char *ERR_func_error_string(unsigned long e); +\& const char *ERR_reason_error_string(unsigned long e); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_error_string()\fR generates a human-readable string representing the +error code \fIe\fR, and places it at \fIbuf\fR. \fIbuf\fR must be at least 256 +bytes long. If \fIbuf\fR is \fB\s-1NULL\s0\fR, the error string is placed in a +static buffer. +Note that this function is not thread-safe and does no checks on the size +of the buffer; use \fBERR_error_string_n()\fR instead. +.PP +\&\fBERR_error_string_n()\fR is a variant of \fBERR_error_string()\fR that writes +at most \fIlen\fR characters (including the terminating 0) +and truncates the string if necessary. +For \fBERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR. +.PP +The string will have the following format: +.PP +.Vb 1 +\& error:[error code]:[library name]:[function name]:[reason string] +.Ve +.PP +\&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR, +\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text. +.PP +\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and +\&\fBERR_reason_error_string()\fR return the library name, function +name and reason string respectively. +.PP +If there is no text string registered for the given error code, +the error string will contain the numeric code. +.PP +\&\fBERR_print_errors\fR\|(3) can be used to print +all error codes currently in the queue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_error_string()\fR returns a pointer to a static buffer containing the +string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise. +.PP +\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and +\&\fBERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if +none is registered for the error code. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBERR_print_errors\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ERR_get_error.3 b/deps/openssl/mingw64/share/man/man3/ERR_get_error.3 new file mode 100644 index 00000000..010fdc02 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ERR_get_error.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_GET_ERROR 3" +.TH ERR_GET_ERROR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data \- obtain error code and data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned long ERR_get_error(void); +\& unsigned long ERR_peek_error(void); +\& unsigned long ERR_peek_last_error(void); +\& +\& unsigned long ERR_get_error_line(const char **file, int *line); +\& unsigned long ERR_peek_error_line(const char **file, int *line); +\& unsigned long ERR_peek_last_error_line(const char **file, int *line); +\& +\& unsigned long ERR_get_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +\& unsigned long ERR_peek_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +\& unsigned long ERR_peek_last_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_get_error()\fR returns the earliest error code from the thread's error +queue and removes the entry. This function can be called repeatedly +until there are no more error codes to return. +.PP +\&\fBERR_peek_error()\fR returns the earliest error code from the thread's +error queue without modifying it. +.PP +\&\fBERR_peek_last_error()\fR returns the latest error code from the thread's +error queue without modifying it. +.PP +See \s-1\fBERR_GET_LIB\s0\fR\|(3) for obtaining information about +location and reason of the error, and +\&\fBERR_error_string\fR\|(3) for human-readable error +messages. +.PP +\&\fBERR_get_error_line()\fR, \fBERR_peek_error_line()\fR and +\&\fBERR_peek_last_error_line()\fR are the same as the above, but they +additionally store the file name and line number where +the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. +.PP +\&\fBERR_get_error_line_data()\fR, \fBERR_peek_error_line_data()\fR and +\&\fBERR_peek_last_error_line_data()\fR store additional data and flags +associated with the error code in *\fBdata\fR +and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string +if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true. +.PP +An application \fB\s-1MUST NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers +returned by these functions) with \fBOPENSSL_free()\fR as freeing is handled +automatically by the error library. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The error code, or 0 if there is no error in the queue. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_error_string\fR\|(3), +\&\s-1\fBERR_GET_LIB\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ERR_load_crypto_strings.3 b/deps/openssl/mingw64/share/man/man3/ERR_load_crypto_strings.3 new file mode 100644 index 00000000..9dc2e3b9 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ERR_load_crypto_strings.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_LOAD_CRYPTO_STRINGS 3" +.TH ERR_LOAD_CRYPTO_STRINGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \- load and free error strings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +Deprecated: +.PP +.Vb 1 +\& #include +\& +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void ERR_load_crypto_strings(void); +\& void ERR_free_strings(void); +\& #endif +\& +\& #include +\& +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void SSL_load_error_strings(void); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_load_crypto_strings()\fR registers the error strings for all +\&\fBlibcrypto\fR functions. \fBSSL_load_error_strings()\fR does the same, +but also registers the \fBlibssl\fR error strings. +.PP +In versions prior to OpenSSL 1.1.0, +\&\fBERR_free_strings()\fR releases any resources created by the above functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR and +\&\fBERR_free_strings()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_error_string\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR, and +\&\fBERR_free_strings()\fR functions were deprecated in OpenSSL 1.1.0 by +\&\fBOPENSSL_init_crypto()\fR and \fBOPENSSL_init_ssl()\fR and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ERR_load_strings.3 b/deps/openssl/mingw64/share/man/man3/ERR_load_strings.3 new file mode 100644 index 00000000..6235ee38 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ERR_load_strings.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_LOAD_STRINGS 3" +.TH ERR_LOAD_STRINGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load arbitrary error strings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_load_strings(int lib, ERR_STRING_DATA str[]); +\& +\& int ERR_get_next_error_library(void); +\& +\& unsigned long ERR_PACK(int lib, int func, int reason); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_load_strings()\fR registers error strings for library number \fBlib\fR. +.PP +\&\fBstr\fR is an array of error string data: +.PP +.Vb 5 +\& typedef struct ERR_string_data_st +\& { +\& unsigned long error; +\& char *string; +\& } ERR_STRING_DATA; +.Ve +.PP +The error code is generated from the library number and a function and +reason code: \fBerror\fR = \s-1ERR_PACK\s0(\fBlib\fR, \fBfunc\fR, \fBreason\fR). +\&\s-1\fBERR_PACK\s0()\fR is a macro. +.PP +The last entry in the array is {0,0}. +.PP +\&\fBERR_get_next_error_library()\fR can be used to assign library numbers +to user libraries at runtime. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_load_strings()\fR returns no value. \s-1\fBERR_PACK\s0()\fR return the error code. +\&\fBERR_get_next_error_library()\fR returns zero on failure, otherwise a new +library number. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_load_strings\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ERR_print_errors.3 b/deps/openssl/mingw64/share/man/man3/ERR_print_errors.3 new file mode 100644 index 00000000..8cc56c93 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ERR_print_errors.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_PRINT_ERRORS 3" +.TH ERR_PRINT_ERRORS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb \&\- print error messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_print_errors(BIO *bp); +\& void ERR_print_errors_fp(FILE *fp); +\& void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_print_errors()\fR is a convenience function that prints the error +strings for all errors that OpenSSL has recorded to \fBbp\fR, thus +emptying the error queue. +.PP +\&\fBERR_print_errors_fp()\fR is the same, except that the output goes to a +\&\fB\s-1FILE\s0\fR. +.PP +\&\fBERR_print_errors_cb()\fR is the same, except that the callback function, +\&\fBcb\fR, is called for each error line with the string, length, and userdata +\&\fBu\fR as the callback parameters. +.PP +The error strings will have the following format: +.PP +.Vb 1 +\& [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message] +.Ve +.PP +\&\fIerror code\fR is an 8 digit hexadecimal number. \fIlibrary name\fR, +\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text, as is \fIoptional +text message\fR if one was set for the respective error code. +.PP +If there is no text string registered for the given error code, +the error string will contain the numeric code. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_print_errors()\fR and \fBERR_print_errors_fp()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_error_string\fR\|(3), +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ERR_put_error.3 b/deps/openssl/mingw64/share/man/man3/ERR_put_error.3 new file mode 100644 index 00000000..a2973c18 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ERR_put_error.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_PUT_ERROR 3" +.TH ERR_PUT_ERROR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_put_error, ERR_add_error_data, ERR_add_error_vdata \- record an error +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_put_error(int lib, int func, int reason, const char *file, int line); +\& +\& void ERR_add_error_data(int num, ...); +\& void ERR_add_error_vdata(int num, va_list arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_put_error()\fR adds an error code to the thread's error queue. It +signals that the error of reason code \fBreason\fR occurred in function +\&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR. +This function is usually called by a macro. +.PP +\&\fBERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string +arguments with the error code added last. +\&\fBERR_add_error_vdata()\fR is similar except the argument is a \fBva_list\fR. +.PP +\&\fBERR_load_strings\fR\|(3) can be used to register +error strings so that the application can a generate human-readable +error messages for the error code. +.SS "Reporting errors" +.IX Subsection "Reporting errors" +Each sub-library has a specific macro \fBXXXerr()\fR that is used to report +errors. Its first argument is a function code \fB\s-1XXX_F_...\s0\fR, the second +argument is a reason code \fB\s-1XXX_R_...\s0\fR. Function codes are derived +from the function names; reason codes consist of textual error +descriptions. For example, the function \fBssl3_read_bytes()\fR reports a +\&\*(L"handshake failure\*(R" as follows: +.PP +.Vb 1 +\& SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); +.Ve +.PP +Function and reason codes should consist of upper case characters, +numbers and underscores only. The error file generation script translates +function codes into function names by looking in the header files +for an appropriate function name, if none is found it just uses +the capitalized form such as \*(L"\s-1SSL3_READ_BYTES\*(R"\s0 in the above example. +.PP +The trailing section of a reason code (after the \*(L"_R_\*(R") is translated +into lower case and underscores changed to spaces. +.PP +Although a library will normally report errors using its own specific +XXXerr macro, another library's macro can be used. This is normally +only done when a library wants to include \s-1ASN1\s0 code which must use +the \fBASN1err()\fR macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_put_error()\fR and \fBERR_add_error_data()\fR return +no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_load_strings\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ERR_remove_state.3 b/deps/openssl/mingw64/share/man/man3/ERR_remove_state.3 new file mode 100644 index 00000000..21a7e031 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ERR_remove_state.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_REMOVE_STATE 3" +.TH ERR_REMOVE_STATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_remove_thread_state, ERR_remove_state \- DEPRECATED +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10000000L +\& void ERR_remove_state(unsigned long tid); +\& #endif +\& +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void ERR_remove_thread_state(void *tid); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_remove_state()\fR frees the error queue associated with the specified +thread, identified by \fBtid\fR. +\&\fBERR_remove_thread_state()\fR does the same thing, except the identifier is +an opaque pointer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_remove_state()\fR and \fBERR_remove_thread_state()\fR return no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +L\fBOPENSSL_init_crypto\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBERR_remove_state()\fR was deprecated in OpenSSL 1.0.0 and +\&\fBERR_remove_thread_state()\fR was deprecated in OpenSSL 1.1.0; these functions +and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/ERR_set_mark.3 b/deps/openssl/mingw64/share/man/man3/ERR_set_mark.3 new file mode 100644 index 00000000..65ab4cab --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/ERR_set_mark.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_SET_MARK 3" +.TH ERR_SET_MARK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_set_mark, ERR_pop_to_mark \- set marks and pop errors until mark +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ERR_set_mark(void); +\& +\& int ERR_pop_to_mark(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_set_mark()\fR sets a mark on the current topmost error record if there +is one. +.PP +\&\fBERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found. +The mark is then removed. If there is no mark, the whole stack is removed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1. +.PP +\&\fBERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which +implies that the stack became empty, otherwise 1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_BytesToKey.3 b/deps/openssl/mingw64/share/man/man3/EVP_BytesToKey.3 new file mode 100644 index 00000000..f5fefedd --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_BytesToKey.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_BYTESTOKEY 3" +.TH EVP_BYTESTOKEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_BytesToKey \- password based encryption routine +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, +\& const unsigned char *salt, +\& const unsigned char *data, int datal, int count, +\& unsigned char *key, unsigned char *iv); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is +the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. +The \fBsalt\fR parameter is used as a salt in the derivation: it should point to +an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing +\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the +iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR +and \fBiv\fR respectively. +.SH "NOTES" +.IX Header "NOTES" +A typical application of this function is to derive keying material for an +encryption algorithm from a password in the \fBdata\fR parameter. +.PP +Increasing the \fBcount\fR parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords. +.PP +If the total key and \s-1IV\s0 length is less than the digest length and +\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 +otherwise a non standard extension is used to derive the extra data. +.PP +Newer applications should use a more modern algorithm such as \s-1PBKDF2\s0 as +defined in PKCS#5v2.1 and provided by \s-1PKCS5_PBKDF2_HMAC.\s0 +.SH "KEY DERIVATION ALGORITHM" +.IX Header "KEY DERIVATION ALGORITHM" +The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until +enough data is available for the key and \s-1IV.\s0 D_i is defined as: +.PP +.Vb 1 +\& D_i = HASH^count(D_(i\-1) || data || salt) +.Ve +.PP +where || denotes concatenation, D_0 is empty, \s-1HASH\s0 is the digest +algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data) +is \s-1HASH\s0(\s-1HASH\s0(data)) and so on. +.PP +The initial bytes are used for the key and the subsequent bytes for +the \s-1IV.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If \fBdata\fR is \s-1NULL,\s0 then \fBEVP_BytesToKey()\fR returns the number of bytes +needed to store the derived key. +Otherwise, \fBEVP_BytesToKey()\fR returns the size of the derived key in bytes, +or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 b/deps/openssl/mingw64/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 new file mode 100644 index 00000000..1333ef4b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CIPHER_CTX_GET_CIPHER_DATA 3" +.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data \- Routines to inspect and modify EVP_CIPHER_CTX objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +\& void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the cipher +data relevant to \s-1EVP_CIPHER_CTX.\s0 The contents of this data is specific to the +particular implementation of the cipher. For example this data can be used by +engines to store engine specific information. The data is automatically +allocated and freed by OpenSSL, so applications and engines should not normally +free this directly (but see below). +.PP +The \fBEVP_CIPHER_CTX_set_cipher_data()\fR function allows an application or engine to +replace the cipher data with new data. A pointer to any existing cipher data is +returned from this function. If the old data is no longer required then it +should be freed through a call to \fBOPENSSL_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the current +cipher data for the \s-1EVP_CIPHER_CTX.\s0 +.PP +The \fBEVP_CIPHER_CTX_set_cipher_data()\fR function returns a pointer to the old +cipher data for the \s-1EVP_CIPHER_CTX.\s0 +.SH "HISTORY" +.IX Header "HISTORY" +The \fBEVP_CIPHER_CTX_get_cipher_data()\fR and \fBEVP_CIPHER_CTX_set_cipher_data()\fR +functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_CIPHER_meth_new.3 b/deps/openssl/mingw64/share/man/man3/EVP_CIPHER_meth_new.3 new file mode 100644 index 00000000..28c75d85 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_CIPHER_meth_new.3 @@ -0,0 +1,343 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CIPHER_METH_NEW 3" +.TH EVP_CIPHER_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags, EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init, EVP_CIPHER_meth_set_do_cipher, EVP_CIPHER_meth_set_cleanup, EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params, EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init, EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup, EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, EVP_CIPHER_meth_get_ctrl \- Routines to build up EVP_CIPHER methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +\& EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +\& void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); +\& +\& int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +\& int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +\& int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +\& int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, +\& int (*init)(EVP_CIPHER_CTX *ctx, +\& const unsigned char *key, +\& const unsigned char *iv, +\& int enc)); +\& int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, +\& int (*do_cipher)(EVP_CIPHER_CTX *ctx, +\& unsigned char *out, +\& const unsigned char *in, +\& size_t inl)); +\& int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, +\& int (*cleanup)(EVP_CIPHER_CTX *)); +\& int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, +\& int (*set_asn1_parameters)(EVP_CIPHER_CTX *, +\& ASN1_TYPE *)); +\& int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, +\& int (*get_asn1_parameters)(EVP_CIPHER_CTX *, +\& ASN1_TYPE *)); +\& int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, +\& int (*ctrl)(EVP_CIPHER_CTX *, int type, +\& int arg, void *ptr)); +\& +\& int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, +\& const unsigned char *key, +\& const unsigned char *iv, +\& int enc); +\& int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, +\& unsigned char *out, +\& const unsigned char *in, +\& size_t inl); +\& int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +\& int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +\& ASN1_TYPE *); +\& int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +\& ASN1_TYPE *); +\& int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +\& int type, int arg, +\& void *ptr); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1EVP_CIPHER\s0\fR type is a structure for symmetric cipher method +implementation. +.PP +\&\fBEVP_CIPHER_meth_new()\fR creates a new \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fBEVP_CIPHER_meth_dup()\fR creates a copy of \fBcipher\fR. +.PP +\&\fBEVP_CIPHER_meth_free()\fR destroys a \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fBEVP_CIPHER_meth_set_iv_length()\fR sets the length of the \s-1IV.\s0 +This is only needed when the implemented cipher mode requires it. +.PP +\&\fBEVP_CIPHER_meth_set_flags()\fR sets the flags to describe optional +behaviours in the particular \fBcipher\fR. +With the exception of cipher modes, of which only one may be present, +several flags can be or'd together. +The available flags are: +.IP "\s-1EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE\s0" 4 +.IX Item "EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE" +The cipher mode. +.IP "\s-1EVP_CIPH_VARIABLE_LENGTH\s0" 4 +.IX Item "EVP_CIPH_VARIABLE_LENGTH" +This cipher is of variable length. +.IP "\s-1EVP_CIPH_CUSTOM_IV\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_IV" +Storing and initialising the \s-1IV\s0 is left entirely to the +implementation. +.IP "\s-1EVP_CIPH_ALWAYS_CALL_INIT\s0" 4 +.IX Item "EVP_CIPH_ALWAYS_CALL_INIT" +Set this if the implementation's \fBinit()\fR function should be called even +if \fBkey\fR is \fB\s-1NULL\s0\fR. +.IP "\s-1EVP_CIPH_CTRL_INIT\s0" 4 +.IX Item "EVP_CIPH_CTRL_INIT" +Set this to have the implementation's \fBctrl()\fR function called with +command code \fB\s-1EVP_CTRL_INIT\s0\fR early in its setup. +.IP "\s-1EVP_CIPH_CUSTOM_KEY_LENGTH\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_KEY_LENGTH" +Checking and setting the key length after creating the \fB\s-1EVP_CIPHER\s0\fR +is left to the implementation. +Whenever someone uses \fBEVP_CIPHER_CTX_set_key_length()\fR on a +\&\fB\s-1EVP_CIPHER\s0\fR with this flag set, the implementation's \fBctrl()\fR function +will be called with the control code \fB\s-1EVP_CTRL_SET_KEY_LENGTH\s0\fR and +the key length in \fBarg\fR. +.IP "\s-1EVP_CIPH_NO_PADDING\s0" 4 +.IX Item "EVP_CIPH_NO_PADDING" +Don't use standard block padding. +.IP "\s-1EVP_CIPH_RAND_KEY\s0" 4 +.IX Item "EVP_CIPH_RAND_KEY" +Making a key with random content is left to the implementation. +This is done by calling the implementation's \fBctrl()\fR function with the +control code \fB\s-1EVP_CTRL_RAND_KEY\s0\fR and the pointer to the key memory +storage in \fBptr\fR. +.IP "\s-1EVP_CIPH_CUSTOM_COPY\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_COPY" +Set this to have the implementation's \fBctrl()\fR function called with +command code \fB\s-1EVP_CTRL_COPY\s0\fR at the end of \fBEVP_CIPHER_CTX_copy()\fR. +The intended use is for further things to deal with after the +implementation specific data block has been copied. +The destination \fB\s-1EVP_CIPHER_CTX\s0\fR is passed to the control with the +\&\fBptr\fR parameter. +The implementation specific data block is reached with +\&\fBEVP_CIPHER_CTX_get_cipher_data()\fR. +.IP "\s-1EVP_CIPH_FLAG_DEFAULT_ASN1\s0" 4 +.IX Item "EVP_CIPH_FLAG_DEFAULT_ASN1" +Use the default \s-1EVP\s0 routines to pass \s-1IV\s0 to and from \s-1ASN.1.\s0 +.IP "\s-1EVP_CIPH_FLAG_LENGTH_BITS\s0" 4 +.IX Item "EVP_CIPH_FLAG_LENGTH_BITS" +Signals that the length of the input buffer for encryption / +decryption is to be understood as the number of bits instead of +bytes for this implementation. +This is only useful for \s-1CFB1\s0 ciphers. +.IP "\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0" 4 +.IX Item "EVP_CIPH_FLAG_CUSTOM_CIPHER" +This indicates that the implementation takes care of everything, +including padding, buffering and finalization. +The \s-1EVP\s0 routines will simply give them control and do nothing more. +.IP "\s-1EVP_CIPH_FLAG_AEAD_CIPHER\s0" 4 +.IX Item "EVP_CIPH_FLAG_AEAD_CIPHER" +This indicates that this is an \s-1AEAD\s0 cipher implementation. +.IP "\s-1EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK\s0" 4 +.IX Item "EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK" +Allow interleaving of crypto blocks, a particular optimization only applicable +to certain \s-1TLS\s0 ciphers. +.PP +\&\fBEVP_CIPHER_meth_set_impl_ctx_size()\fR sets the size of the \s-1EVP_CIPHER\s0's +implementation context so that it can be automatically allocated. +.PP +\&\fBEVP_CIPHER_meth_set_init()\fR sets the cipher init function for +\&\fBcipher\fR. +The cipher init function is called by \fBEVP_CipherInit()\fR, +\&\fBEVP_CipherInit_ex()\fR, \fBEVP_EncryptInit()\fR, \fBEVP_EncryptInit_ex()\fR, +\&\fBEVP_DecryptInit()\fR, \fBEVP_DecryptInit_ex()\fR. +.PP +\&\fBEVP_CIPHER_meth_set_do_cipher()\fR sets the cipher function for +\&\fBcipher\fR. +The cipher function is called by \fBEVP_CipherUpdate()\fR, +\&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR, \fBEVP_CipherFinal()\fR, +\&\fBEVP_EncryptFinal()\fR, \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal()\fR and +\&\fBEVP_DecryptFinal_ex()\fR. +.PP +\&\fBEVP_CIPHER_meth_set_cleanup()\fR sets the function for \fBcipher\fR to do +extra cleanup before the method's private data structure is cleaned +out and freed. +Note that the cleanup function is passed a \fB\s-1EVP_CIPHER_CTX\s0 *\fR, the +private data structure is then available with +\&\fBEVP_CIPHER_CTX_get_cipher_data()\fR. +This cleanup function is called by \fBEVP_CIPHER_CTX_reset()\fR and +\&\fBEVP_CIPHER_CTX_free()\fR. +.PP +\&\fBEVP_CIPHER_meth_set_set_asn1_params()\fR sets the function for \fBcipher\fR +to set the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher. +This function is called by \fBEVP_CIPHER_param_to_asn1()\fR. +\&\fBEVP_CIPHER_meth_set_get_asn1_params()\fR sets the function for \fBcipher\fR +that sets the cipher parameters based on an \s-1ASN.1\s0 AlgorithmIdentifier +\&\*(L"parameter\*(R". +Both these functions are needed when there is a need for custom data +(more or other than the cipher \s-1IV\s0). +They are called by \fBEVP_CIPHER_param_to_asn1()\fR and +\&\fBEVP_CIPHER_asn1_to_param()\fR respectively if defined. +.PP +\&\fBEVP_CIPHER_meth_set_ctrl()\fR sets the control function for \fBcipher\fR. +.PP +\&\fBEVP_CIPHER_meth_get_init()\fR, \fBEVP_CIPHER_meth_get_do_cipher()\fR, +\&\fBEVP_CIPHER_meth_get_cleanup()\fR, \fBEVP_CIPHER_meth_get_set_asn1_params()\fR, +\&\fBEVP_CIPHER_meth_get_get_asn1_params()\fR and \fBEVP_CIPHER_meth_get_ctrl()\fR +are all used to retrieve the method data given with the +EVP_CIPHER_meth_set_*() functions above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_CIPHER_meth_new()\fR and \fBEVP_CIPHER_meth_dup()\fR return a pointer to a +newly created \fB\s-1EVP_CIPHER\s0\fR, or \s-1NULL\s0 on failure. +All EVP_CIPHER_meth_set_*() functions return 1. +All EVP_CIPHER_meth_get_*() functions return pointers to their +respective \fBcipher\fR function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +EVP_EncryptInit +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_DigestInit.3 b/deps/openssl/mingw64/share/man/man3/EVP_DigestInit.3 new file mode 100644 index 00000000..d7b5c311 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_DigestInit.3 @@ -0,0 +1,497 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DIGESTINIT 3" +.TH EVP_DIGESTINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, EVP_md_null, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx \- EVP digest routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_MD_CTX *EVP_MD_CTX_new(void); +\& int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2); +\& void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +\& void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +\& int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); +\& +\& int EVP_Digest(const void *data, size_t count, unsigned char *md, +\& unsigned int *size, const EVP_MD *type, ENGINE *impl); +\& int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +\& int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +\& int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len); +\& +\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +\& +\& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +\& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +\& +\& int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in); +\& +\& int EVP_MD_type(const EVP_MD *md); +\& int EVP_MD_pkey_type(const EVP_MD *md); +\& int EVP_MD_size(const EVP_MD *md); +\& int EVP_MD_block_size(const EVP_MD *md); +\& unsigned long EVP_MD_flags(const EVP_MD *md); +\& +\& const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_size(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_type(const EVP_MD_CTX *ctx); +\& void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); +\& int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, +\& const void *data, size_t count); +\& void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, +\& int (*update)(EVP_MD_CTX *ctx, +\& const void *data, size_t count)); +\& +\& const EVP_MD *EVP_md_null(void); +\& +\& const EVP_MD *EVP_get_digestbyname(const char *name); +\& const EVP_MD *EVP_get_digestbynid(int type); +\& const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o); +\& +\& EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 digest routines are a high level interface to message digests, +and should be used instead of the cipher-specific functions. +.IP "\fBEVP_MD_CTX_new()\fR" 4 +.IX Item "EVP_MD_CTX_new()" +Allocates and returns a digest context. +.IP "\fBEVP_MD_CTX_reset()\fR" 4 +.IX Item "EVP_MD_CTX_reset()" +Resets the digest context \fBctx\fR. This can be used to reuse an already +existing context. +.IP "\fBEVP_MD_CTX_free()\fR" 4 +.IX Item "EVP_MD_CTX_free()" +Cleans up digest context \fBctx\fR and frees up the space allocated to it. +.IP "\fBEVP_MD_CTX_ctrl()\fR" 4 +.IX Item "EVP_MD_CTX_ctrl()" +Performs digest-specific control actions on context \fBctx\fR. The control command +is indicated in \fBcmd\fR and any additional arguments in \fBp1\fR and \fBp2\fR. +\&\fBEVP_MD_CTX_ctrl()\fR must be called after \fBEVP_DigestInit_ex()\fR. Other restrictions +may apply depending on the control type and digest implementation. +See \*(L"\s-1CONTROLS\*(R"\s0 below for more information. +.IP "\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR, \fBEVP_MD_CTX_test_flags()\fR" 4 +.IX Item "EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()" +Sets, clears and tests \fBctx\fR flags. See \*(L"\s-1FLAGS\*(R"\s0 below for more information. +.IP "\fBEVP_Digest()\fR" 4 +.IX Item "EVP_Digest()" +A wrapper around the Digest Init_ex, Update and Final_ex functions. +Hashes \fBcount\fR bytes of data at \fBdata\fR using a digest \fBtype\fR from \s-1ENGINE\s0 +\&\fBimpl\fR. The digest value is placed in \fBmd\fR and its length is written at \fBsize\fR +if the pointer is not \s-1NULL.\s0 At most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. +If \fBimpl\fR is \s-1NULL\s0 the default implementation of digest \fBtype\fR is used. +.IP "\fBEVP_DigestInit_ex()\fR" 4 +.IX Item "EVP_DigestInit_ex()" +Sets up digest context \fBctx\fR to use a digest \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. +\&\fBtype\fR will typically be supplied by a function such as \fBEVP_sha1()\fR. If +\&\fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used. +.IP "\fBEVP_DigestUpdate()\fR" 4 +.IX Item "EVP_DigestUpdate()" +Hashes \fBcnt\fR bytes of data at \fBd\fR into the digest context \fBctx\fR. This +function can be called several times on the same \fBctx\fR to hash additional +data. +.IP "\fBEVP_DigestFinal_ex()\fR" 4 +.IX Item "EVP_DigestFinal_ex()" +Retrieves the digest value from \fBctx\fR and places it in \fBmd\fR. If the \fBs\fR +parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the +length of the digest) will be written to the integer at \fBs\fR, at most +\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. After calling \fBEVP_DigestFinal_ex()\fR +no additional calls to \fBEVP_DigestUpdate()\fR can be made, but +\&\fBEVP_DigestInit_ex()\fR can be called to initialize a new digest operation. +.IP "\fBEVP_DigestFinalXOF()\fR" 4 +.IX Item "EVP_DigestFinalXOF()" +Interfaces to extendable-output functions, XOFs, such as \s-1SHAKE128\s0 and \s-1SHAKE256.\s0 +It retrieves the digest value from \fBctx\fR and places it in \fBlen\fR\-sized md. +After calling this function no additional calls to \fBEVP_DigestUpdate()\fR can be +made, but \fBEVP_DigestInit_ex()\fR can be called to initialize a new operation. +.IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 +.IX Item "EVP_MD_CTX_copy_ex()" +Can be used to copy the message digest state from \fBin\fR to \fBout\fR. This is +useful if large amounts of data are to be hashed which only differ in the last +few bytes. +.IP "\fBEVP_DigestInit()\fR" 4 +.IX Item "EVP_DigestInit()" +Behaves in the same way as \fBEVP_DigestInit_ex()\fR except it always uses the +default digest implementation and calls \fBEVP_MD_CTX_reset()\fR. +.IP "\fBEVP_DigestFinal()\fR" 4 +.IX Item "EVP_DigestFinal()" +Similar to \fBEVP_DigestFinal_ex()\fR except the digest context \fBctx\fR is +automatically cleaned up. +.IP "\fBEVP_MD_CTX_copy()\fR" 4 +.IX Item "EVP_MD_CTX_copy()" +Similar to \fBEVP_MD_CTX_copy_ex()\fR except the destination \fBout\fR does not have to +be initialized. +.IP "\fBEVP_MD_size()\fR, \fBEVP_MD_CTX_size()\fR" 4 +.IX Item "EVP_MD_size(), EVP_MD_CTX_size()" +Return the size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an +\&\fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the hash. +.IP "\fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4 +.IX Item "EVP_MD_block_size(), EVP_MD_CTX_block_size()" +Return the block size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an +\&\fB\s-1EVP_MD_CTX\s0\fR structure. +.IP "\fBEVP_MD_type()\fR, \fBEVP_MD_CTX_type()\fR" 4 +.IX Item "EVP_MD_type(), EVP_MD_CTX_type()" +Return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0 representing the given message digest +when passed an \fB\s-1EVP_MD\s0\fR structure. For example, \f(CW\*(C`EVP_MD_type(EVP_sha1())\*(C'\fR +returns \fBNID_sha1\fR. This function is normally used when setting \s-1ASN1\s0 OIDs. +.IP "\fBEVP_MD_CTX_md_data()\fR" 4 +.IX Item "EVP_MD_CTX_md_data()" +Return the digest method private data for the passed \fB\s-1EVP_MD_CTX\s0\fR. +The space is allocated by OpenSSL and has the size originally set with +\&\fBEVP_MD_meth_set_app_datasize()\fR. +.IP "\fBEVP_MD_CTX_md()\fR" 4 +.IX Item "EVP_MD_CTX_md()" +Returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed \fB\s-1EVP_MD_CTX\s0\fR. +.IP "\fBEVP_MD_CTX_set_update_fn()\fR" 4 +.IX Item "EVP_MD_CTX_set_update_fn()" +Sets the update function for \fBctx\fR to \fBupdate\fR. +This is the function that is called by EVP_DigestUpdate. If not set, the +update function from the \fB\s-1EVP_MD\s0\fR type specified at initialization is used. +.IP "\fBEVP_MD_CTX_update_fn()\fR" 4 +.IX Item "EVP_MD_CTX_update_fn()" +Returns the update function for \fBctx\fR. +.IP "\fBEVP_MD_flags()\fR" 4 +.IX Item "EVP_MD_flags()" +Returns the \fBmd\fR flags. Note that these are different from the \fB\s-1EVP_MD_CTX\s0\fR +ones. See \fBEVP_MD_meth_set_flags\fR\|(3) for more information. +.IP "\fBEVP_MD_pkey_type()\fR" 4 +.IX Item "EVP_MD_pkey_type()" +Returns the \s-1NID\s0 of the public key signing algorithm associated with this +digest. For example \fBEVP_sha1()\fR is associated with \s-1RSA\s0 so this will return +\&\fBNID_sha1WithRSAEncryption\fR. Since digests and signature algorithms are no +longer linked this function is only retained for compatibility reasons. +.IP "\fBEVP_md_null()\fR" 4 +.IX Item "EVP_md_null()" +A \*(L"null\*(R" message digest that does nothing: i.e. the hash it returns is of zero +length. +.IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4 +.IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" +Returns an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \fB\s-1NID\s0\fR or an +\&\fB\s-1ASN1_OBJECT\s0\fR structure respectively. +.IP "\fBEVP_MD_CTX_pkey_ctx()\fR" 4 +.IX Item "EVP_MD_CTX_pkey_ctx()" +Returns the \fB\s-1EVP_PKEY_CTX\s0\fR assigned to \fBctx\fR. The returned pointer should not +be freed by the caller. +.IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 +.IX Item "EVP_MD_CTX_set_pkey_ctx()" +Assigns an \fB\s-1EVP_PKEY_CTX\s0\fR to \fB\s-1EVP_MD_CTX\s0\fR. This is usually used to provide +a customized \fB\s-1EVP_PKEY_CTX\s0\fR to \fBEVP_DigestSignInit\fR\|(3) or +\&\fBEVP_DigestVerifyInit\fR\|(3). The \fBpctx\fR passed to this function should be freed +by the caller. A \s-1NULL\s0 \fBpctx\fR pointer is also allowed to clear the \fB\s-1EVP_PKEY_CTX\s0\fR +assigned to \fBctx\fR. In such case, freeing the cleared \fB\s-1EVP_PKEY_CTX\s0\fR or not +depends on how the \fB\s-1EVP_PKEY_CTX\s0\fR is created. +.SH "CONTROLS" +.IX Header "CONTROLS" +\&\fBEVP_MD_CTX_ctrl()\fR can be used to send the following standard controls: +.IP "\s-1EVP_MD_CTRL_MICALG\s0" 4 +.IX Item "EVP_MD_CTRL_MICALG" +Gets the digest Message Integrity Check algorithm string. This is used when +creating S/MIME multipart/signed messages, as specified in \s-1RFC 3851.\s0 +The string value is written to \fBp2\fR. +.IP "\s-1EVP_MD_CTRL_XOF_LEN\s0" 4 +.IX Item "EVP_MD_CTRL_XOF_LEN" +This control sets the digest length for extendable output functions to \fBp1\fR. +Sending this control directly should not be necessary, the use of +\&\f(CW\*(C`EVP_DigestFinalXOF()\*(C'\fR is preferred. +Currently used by \s-1SHAKE.\s0 +.SH "FLAGS" +.IX Header "FLAGS" +\&\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR and \fBEVP_MD_CTX_test_flags()\fR +can be used the manipulate and test these \fB\s-1EVP_MD_CTX\s0\fR flags: +.IP "\s-1EVP_MD_CTX_FLAG_ONESHOT\s0" 4 +.IX Item "EVP_MD_CTX_FLAG_ONESHOT" +This flag instructs the digest to optimize for one update only, if possible. +.IP "\s-1EVP_MD_CTX_FLAG_NO_INIT\s0" 4 +.IX Item "EVP_MD_CTX_FLAG_NO_INIT" +This flag instructs \fBEVP_DigestInit()\fR and similar not to initialise the +implementation specific data. +.IP "\s-1EVP_MD_CTX_FLAG_FINALISE\s0" 4 +.IX Item "EVP_MD_CTX_FLAG_FINALISE" +Some functions such as EVP_DigestSign only finalise copies of internal +contexts so additional data can be included after the finalisation call. +This is inefficient if this functionality is not required, and can be +disabled with this flag. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +.IP "\fBEVP_DigestInit_ex()\fR, \fBEVP_DigestUpdate()\fR, \fBEVP_DigestFinal_ex()\fR" 4 +.IX Item "EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex()" +Returns 1 for +success and 0 for failure. +.IP "\fBEVP_MD_CTX_ctrl()\fR" 4 +.IX Item "EVP_MD_CTX_ctrl()" +Returns 1 if successful or 0 for failure. +.IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 +.IX Item "EVP_MD_CTX_copy_ex()" +Returns 1 if successful or 0 for failure. +.IP "\fBEVP_MD_type()\fR, \fBEVP_MD_pkey_type()\fR" 4 +.IX Item "EVP_MD_type(), EVP_MD_pkey_type()" +Returns the \s-1NID\s0 of the corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none +exists. +.IP "\fBEVP_MD_size()\fR, \fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4 +.IX Item "EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size()" +Returns the digest or block size in bytes. +.IP "\fBEVP_md_null()\fR" 4 +.IX Item "EVP_md_null()" +Returns a pointer to the \fB\s-1EVP_MD\s0\fR structure of the \*(L"null\*(R" message digest. +.IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4 +.IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" +Returns either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs. +.IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 +.IX Item "EVP_MD_CTX_set_pkey_ctx()" +This function has no return value. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to message digests should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the digest used and much more flexible. +.PP +New applications should use the \s-1SHA\-2\s0 (such as \fBEVP_sha256\fR\|(3)) or the \s-1SHA\-3\s0 +digest algorithms (such as \fBEVP_sha3_512\fR\|(3)). The other digest algorithms +are still in common use. +.PP +For most applications the \fBimpl\fR parameter to \fBEVP_DigestInit_ex()\fR will be +set to \s-1NULL\s0 to use the default digest implementation. +.PP +The functions \fBEVP_DigestInit()\fR, \fBEVP_DigestFinal()\fR and \fBEVP_MD_CTX_copy()\fR are +obsolete but are retained to maintain compatibility with existing code. New +applications should use \fBEVP_DigestInit_ex()\fR, \fBEVP_DigestFinal_ex()\fR and +\&\fBEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context +instead of initializing and cleaning it up on each call and allow non default +implementations of digests to be specified. +.PP +If digest contexts are not cleaned up after use, +memory leaks will occur. +.PP +\&\fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR, \fBEVP_MD_CTX_type()\fR, +\&\fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR are defined as +macros. +.PP +\&\fBEVP_MD_CTX_ctrl()\fR sends commands to message digests for additional configuration +or control. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the +digest name passed on the command line. +.PP +.Vb 3 +\& #include +\& #include +\& #include +\& +\& int main(int argc, char *argv[]) +\& { +\& EVP_MD_CTX *mdctx; +\& const EVP_MD *md; +\& char mess1[] = "Test Message\en"; +\& char mess2[] = "Hello World\en"; +\& unsigned char md_value[EVP_MAX_MD_SIZE]; +\& unsigned int md_len, i; +\& +\& if (argv[1] == NULL) { +\& printf("Usage: mdtest digestname\en"); +\& exit(1); +\& } +\& +\& md = EVP_get_digestbyname(argv[1]); +\& if (md == NULL) { +\& printf("Unknown message digest %s\en", argv[1]); +\& exit(1); +\& } +\& +\& mdctx = EVP_MD_CTX_new(); +\& EVP_DigestInit_ex(mdctx, md, NULL); +\& EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); +\& EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); +\& EVP_DigestFinal_ex(mdctx, md_value, &md_len); +\& EVP_MD_CTX_free(mdctx); +\& +\& printf("Digest is: "); +\& for (i = 0; i < md_len; i++) +\& printf("%02x", md_value[i]); +\& printf("\en"); +\& +\& exit(0); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_MD_meth_new\fR\|(3), +\&\fBdgst\fR\|(1), +\&\fBevp\fR\|(7) +.PP +The full list of digest algorithms are provided below. +.PP +\&\fBEVP_blake2b512\fR\|(3), +\&\fBEVP_md2\fR\|(3), +\&\fBEVP_md4\fR\|(3), +\&\fBEVP_md5\fR\|(3), +\&\fBEVP_mdc2\fR\|(3), +\&\fBEVP_ripemd160\fR\|(3), +\&\fBEVP_sha1\fR\|(3), +\&\fBEVP_sha224\fR\|(3), +\&\fBEVP_sha3_224\fR\|(3), +\&\fBEVP_sm3\fR\|(3), +\&\fBEVP_whirlpool\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBEVP_MD_CTX_create()\fR and \fBEVP_MD_CTX_destroy()\fR functions were renamed to +\&\fBEVP_MD_CTX_new()\fR and \fBEVP_MD_CTX_free()\fR in OpenSSL 1.1.0, respectively. +.PP +The link between digests and signing algorithms was fixed in OpenSSL 1.0 and +later, so now \fBEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA.\s0 +.PP +The \fBEVP_dss1()\fR function was removed in OpenSSL 1.1.0. +.PP +The \fBEVP_MD_CTX_set_pkey_ctx()\fR function was added in 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_DigestSignInit.3 b/deps/openssl/mingw64/share/man/man3/EVP_DigestSignInit.3 new file mode 100644 index 00000000..55c3aab1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_DigestSignInit.3 @@ -0,0 +1,283 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DIGESTSIGNINIT 3" +.TH EVP_DIGESTSIGNINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal, EVP_DigestSign \- EVP signing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +\& int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +\& int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); +\& +\& int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, +\& size_t *siglen, const unsigned char *tbs, +\& size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital signatures. +.PP +\&\fBEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from +\&\s-1ENGINE\s0 \fBe\fR and private key \fBpkey\fR. \fBctx\fR must be created with +\&\fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the +\&\s-1EVP_PKEY_CTX\s0 of the signing operation will be written to \fB*pctx\fR: this can +be used to set alternative signing options. Note that any existing value in +\&\fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed +directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before +being passed to \fBEVP_DigestSignInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created +inside \fBEVP_DigestSignInit()\fR and it will be freed automatically when the +\&\s-1EVP_MD_CTX\s0 is freed). +.PP +The digest \fBtype\fR may be \s-1NULL\s0 if the signing algorithm supports it. +.PP +No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestSignInit()\fR if the passed \fBctx\fR +has already been assigned one via \fBEVP_MD_CTX_set_pkey_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7). +.PP +Only \s-1EVP_PKEY\s0 types that support signing can be used with these functions. This +includes \s-1MAC\s0 algorithms where the \s-1MAC\s0 generation is considered as a form of +\&\*(L"signing\*(R". Built-in \s-1EVP_PKEY\s0 types supported by these functions are \s-1CMAC,\s0 +Poly1305, \s-1DSA, ECDSA, HMAC, RSA,\s0 SipHash, Ed25519 and Ed448. +.PP +Not all digests can be used for all key types. The following combinations apply. +.IP "\s-1DSA\s0" 4 +.IX Item "DSA" +Supports \s-1SHA1, SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 +.IP "\s-1ECDSA\s0" 4 +.IX Item "ECDSA" +Supports \s-1SHA1, SHA224, SHA256, SHA384, SHA512\s0 and \s-1SM3\s0 +.IP "\s-1RSA\s0 with no padding" 4 +.IX Item "RSA with no padding" +Supports no digests (the digest \fBtype\fR must be \s-1NULL\s0) +.IP "\s-1RSA\s0 with X931 padding" 4 +.IX Item "RSA with X931 padding" +Supports \s-1SHA1, SHA256, SHA384\s0 and \s-1SHA512\s0 +.IP "All other \s-1RSA\s0 padding types" 4 +.IX Item "All other RSA padding types" +Support \s-1SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, +SHA3\-224, SHA3\-256, SHA3\-384, SHA3\-512\s0 +.IP "Ed25519 and Ed448" 4 +.IX Item "Ed25519 and Ed448" +Support no digests (the digest \fBtype\fR must be \s-1NULL\s0) +.IP "\s-1HMAC\s0" 4 +.IX Item "HMAC" +Supports any digest +.IP "\s-1CMAC,\s0 Poly1305 and SipHash" 4 +.IX Item "CMAC, Poly1305 and SipHash" +Will ignore any digest provided. +.PP +If RSA-PSS is used and restrictions apply then the digest must match. +.PP +\&\fBEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +signature context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. This function is currently implemented +using a macro. +.PP +\&\fBEVP_DigestSignFinal()\fR signs the data in \fBctx\fR and places the signature in \fBsig\fR. +If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to +the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then before the call the +\&\fBsiglen\fR parameter should contain the length of the \fBsig\fR buffer. If the +call is successful the signature is written to \fBsig\fR and the amount of data +written to \fBsiglen\fR. +.PP +\&\fBEVP_DigestSign()\fR signs \fBtbslen\fR bytes of data at \fBtbs\fR and places the +signature in \fBsig\fR and its length in \fBsiglen\fR in a similar way to +\&\fBEVP_DigestSignFinal()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR, \fBEVP_DigestSignFinal()\fR and +\&\fBEVP_DigestSign()\fR return 1 for success and 0 for failure. +.PP +The error codes can be obtained from \fBERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +\&\fBEVP_DigestSign()\fR is a one shot operation which signs a single block of data +in one function. For algorithms that support streaming it is equivalent to +calling \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR. For algorithms which +do not support streaming (e.g. PureEdDSA) it is the only way to sign data. +.PP +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR +needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and +the use of clone digest is now discouraged. +.PP +For some key types and parameters the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +The call to \fBEVP_DigestSignFinal()\fR internally finalizes a copy of the digest +context. This means that calls to \fBEVP_DigestSignUpdate()\fR and +\&\fBEVP_DigestSignFinal()\fR can be called later to digest and sign additional data. +.PP +Since only a copy of the digest context is ever finalized, the context must +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak +will occur. +.PP +The use of \fBEVP_PKEY_size()\fR with these functions is discouraged because some +signature operations may have a signature length which depends on the +parameters set. As a result \fBEVP_PKEY_size()\fR would have to return a value +which indicates the maximum possible signature for any set of parameters. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestVerifyInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR +were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_DigestVerifyInit.3 b/deps/openssl/mingw64/share/man/man3/EVP_DigestVerifyInit.3 new file mode 100644 index 00000000..4ba9b171 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_DigestVerifyInit.3 @@ -0,0 +1,243 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DIGESTVERIFYINIT 3" +.TH EVP_DIGESTVERIFYINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_DigestVerify \- EVP signature verification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +\& int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +\& int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, +\& size_t siglen); +\& int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, +\& size_t siglen, const unsigned char *tbs, size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital signatures. +.PP +\&\fBEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBe\fR and public key \fBpkey\fR. \fBctx\fR must be created +with \fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the +\&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this +can be used to set alternative verification options. Note that any existing +value in \fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed +directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before +being passed to \fBEVP_DigestVerifyInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created +inside \fBEVP_DigestVerifyInit()\fR and it will be freed automatically when the +\&\s-1EVP_MD_CTX\s0 is freed). +.PP +No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestSignInit()\fR if the passed \fBctx\fR +has already been assigned one via \fBEVP_MD_CTX_set_pkey_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7). +.PP +\&\fBEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +verification context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. This function is currently implemented +using a macro. +.PP +\&\fBEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in +\&\fBsig\fR of length \fBsiglen\fR. +.PP +\&\fBEVP_DigestVerify()\fR verifies \fBtbslen\fR bytes at \fBtbs\fR against the signature +in \fBsig\fR of length \fBsiglen\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_DigestVerifyInit()\fR and \fBEVP_DigestVerifyUpdate()\fR return 1 for success and 0 +for failure. +.PP +\&\fBEVP_DigestVerifyFinal()\fR and \fBEVP_DigestVerify()\fR return 1 for success; any other +value indicates failure. A return value of zero indicates that the signature +did not verify successfully (that is, \fBtbs\fR did not match the original data or +the signature had an invalid form), while other values indicate a more serious +error (and sometimes also indicate an invalid signature form). +.PP +The error codes can be obtained from \fBERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +\&\fBEVP_DigestVerify()\fR is a one shot operation which verifies a single block of +data in one function. For algorithms that support streaming it is equivalent +to calling \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR. For +algorithms which do not support streaming (e.g. PureEdDSA) it is the only way +to verify data. +.PP +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR +needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and +the use of clone digest is now discouraged. +.PP +For some key types and parameters the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +The call to \fBEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest +context. This means that \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can +be called later to digest and verify additional data. +.PP +Since only a copy of the digest context is ever finalized, the context must +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak +will occur. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEVP_DigestVerifyInit()\fR, \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR +were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_EncodeInit.3 b/deps/openssl/mingw64/share/man/man3/EVP_EncodeInit.3 new file mode 100644 index 00000000..e989c398 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_EncodeInit.3 @@ -0,0 +1,290 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ENCODEINIT 3" +.TH EVP_ENCODEINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy, EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock \- EVP base 64 encode/decode routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +\& void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +\& int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx); +\& int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); +\& void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +\& int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, +\& const unsigned char *in, int inl); +\& void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +\& int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); +\& +\& void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +\& int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, +\& const unsigned char *in, int inl); +\& int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +\& int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 encode routines provide a high level interface to base 64 encoding and +decoding. Base 64 encoding converts binary data into a printable form that uses +the characters A\-Z, a\-z, 0\-9, \*(L"+\*(R" and \*(L"/\*(R" to represent the data. For every 3 +bytes of binary data provided 4 bytes of base 64 encoded data will be produced +plus some occasional newlines (see below). If the input data length is not a +multiple of 3 then the output data will be padded at the end using the \*(L"=\*(R" +character. +.PP +\&\fBEVP_ENCODE_CTX_new()\fR allocates, initializes and returns a context to be used for +the encode/decode functions. +.PP +\&\fBEVP_ENCODE_CTX_free()\fR cleans up an encode/decode context \fBctx\fR and frees up the +space allocated to it. +.PP +Encoding of binary data is performed in blocks of 48 input bytes (or less for +the final block). For each 48 byte input block encoded 64 bytes of base 64 data +is output plus an additional newline character (i.e. 65 bytes in total). The +final block (which may be less than 48 bytes) will output 4 bytes for every 3 +bytes of input. If the data length is not divisible by 3 then a full 4 bytes is +still output for the final 1 or 2 bytes of input. Similarly a newline character +will also be output. +.PP +\&\fBEVP_EncodeInit()\fR initialises \fBctx\fR for the start of a new encoding operation. +.PP +\&\fBEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by +\&\fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes output +is stored in \fB*outl\fR. It is the caller's responsibility to ensure that the +buffer at \fBout\fR is sufficiently large to accommodate the output data. Only full +blocks of data (48 bytes) will be immediately processed and output by this +function. Any remainder is held in the \fBctx\fR object and will be processed by a +subsequent call to \fBEVP_EncodeUpdate()\fR or \fBEVP_EncodeFinal()\fR. To calculate the +required size of the output buffer add together the value of \fBinl\fR with the +amount of unprocessed data held in \fBctx\fR and divide the result by 48 (ignore +any remainder). This gives the number of blocks of data that will be processed. +Ensure the output buffer contains 65 bytes of storage for each block, plus an +additional byte for a \s-1NUL\s0 terminator. \fBEVP_EncodeUpdate()\fR may be called +repeatedly to process large amounts of input data. In the event of an error +\&\fBEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0 and return 0. On success 1 will be +returned. +.PP +\&\fBEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will +process any partial block of data remaining in the \fBctx\fR object. The output +data will be stored in \fBout\fR and the length of the data written will be stored +in \fB*outl\fR. It is the caller's responsibility to ensure that \fBout\fR is +sufficiently large to accommodate the output data which will never be more than +65 bytes plus an additional \s-1NUL\s0 terminator (i.e. 66 bytes in total). +.PP +\&\fBEVP_ENCODE_CTX_copy()\fR can be used to copy a context \fBsctx\fR to a context +\&\fBdctx\fR. \fBdctx\fR must be initialized before calling this function. +.PP +\&\fBEVP_ENCODE_CTX_num()\fR will return the number of as yet unprocessed bytes still to +be encoded or decoded that are pending in the \fBctx\fR object. +.PP +\&\fBEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length +\&\fBdlen\fR and stores it in \fBt\fR. For every 3 bytes of input provided 4 bytes of +output data will be produced. If \fBdlen\fR is not divisible by 3 then the block is +encoded as a final block of data and the output is padded such that it is always +divisible by 4. Additionally a \s-1NUL\s0 terminator character will be added. For +example if 16 bytes of input data is provided then 24 bytes of encoded data is +created plus 1 byte for a \s-1NUL\s0 terminator (i.e. 25 bytes in total). The length of +the data generated \fIwithout\fR the \s-1NUL\s0 terminator is returned from the function. +.PP +\&\fBEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation. +.PP +\&\fBEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed +to by \fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes +output is stored in \fB*outl\fR. It is the caller's responsibility to ensure that +the buffer at \fBout\fR is sufficiently large to accommodate the output data. This +function will attempt to decode as much data as possible in 4 byte chunks. Any +whitespace, newline or carriage return characters are ignored. Any partial chunk +of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in +the \fBctx\fR object and processed by a subsequent call to \fBEVP_DecodeUpdate()\fR. If +any illegal base 64 characters are encountered or if the base 64 padding +character \*(L"=\*(R" is encountered in the middle of the data then the function returns +\&\-1 to indicate an error. A return value of 0 or 1 indicates successful +processing of the data. A return value of 0 additionally indicates that the last +input data characters processed included the base 64 padding character \*(L"=\*(R" and +therefore no more non-padding character data is expected to be processed. For +every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and +line feeds), 3 bytes of binary output data will be produced (or less at the end +of the data where the padding character \*(L"=\*(R" has been used). +.PP +\&\fBEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there +is any unprocessed data still in \fBctx\fR then the input data must not have been +a multiple of 4 and therefore an error has occurred. The function will return \-1 +in this case. Otherwise the function returns 1 on success. +.PP +\&\fBEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data +contained in \fBf\fR and store the result in \fBt\fR. Any leading whitespace will be +trimmed as will any trailing whitespace, newlines, carriage returns or \s-1EOF\s0 +characters. After such trimming the length of the data in \fBf\fR must be divisible +by 4. For every 4 input bytes exactly 3 output bytes will be produced. The +output will be padded with 0 bits if necessary to ensure that the output is +always 3 bytes for every 4 input bytes. This function will return the length of +the data decoded or \-1 on error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_ENCODE_CTX_new()\fR returns a pointer to the newly allocated \s-1EVP_ENCODE_CTX\s0 +object or \s-1NULL\s0 on error. +.PP +\&\fBEVP_ENCODE_CTX_num()\fR returns the number of bytes pending encoding or decoding in +\&\fBctx\fR. +.PP +\&\fBEVP_EncodeUpdate()\fR returns 0 on error or 1 on success. +.PP +\&\fBEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0 +terminator. +.PP +\&\fBEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned +then no more non-padding base 64 characters are expected. +.PP +\&\fBEVP_DecodeFinal()\fR returns \-1 on error or 1 on success. +.PP +\&\fBEVP_DecodeBlock()\fR returns the length of the data decoded or \-1 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_EncryptInit.3 b/deps/openssl/mingw64/share/man/man3/EVP_EncryptInit.3 new file mode 100644 index 00000000..83753d88 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_EncryptInit.3 @@ -0,0 +1,720 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ENCRYPTINIT 3" +.TH EVP_ENCRYPTINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl, EVP_EncryptInit, EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, EVP_CIPHER_CTX_set_padding, EVP_enc_null \&\- EVP cipher routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +\& int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); +\& void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); +\& +\& int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, const unsigned char *key, const unsigned char *iv); +\& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, const unsigned char *in, int inl); +\& int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +\& +\& int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, const unsigned char *key, const unsigned char *iv); +\& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, const unsigned char *in, int inl); +\& int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); +\& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, const unsigned char *in, int inl); +\& int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv); +\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +\& +\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv); +\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv, int enc); +\& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); +\& int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +\& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +\& int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); +\& +\& const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +\& const EVP_CIPHER *EVP_get_cipherbynid(int nid); +\& const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); +\& +\& int EVP_CIPHER_nid(const EVP_CIPHER *e); +\& int EVP_CIPHER_block_size(const EVP_CIPHER *e); +\& int EVP_CIPHER_key_length(const EVP_CIPHER *e); +\& int EVP_CIPHER_iv_length(const EVP_CIPHER *e); +\& unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e); +\& unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e); +\& int EVP_CIPHER_type(const EVP_CIPHER *ctx); +\& +\& const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +\& void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +\& void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data); +\& int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx); +\& +\& int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +\& int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 cipher routines are a high level interface to certain +symmetric ciphers. +.PP +\&\fBEVP_CIPHER_CTX_new()\fR creates a cipher context. +.PP +\&\fBEVP_CIPHER_CTX_free()\fR clears all information from a cipher context +and free up any allocated memory associate with it, including \fBctx\fR +itself. This function should be called after all operations using a +cipher are complete so sensitive information does not remain in +memory. +.PP +\&\fBEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption +with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created +before calling this function. \fBtype\fR is normally supplied +by a function such as \fBEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the +default implementation is used. \fBkey\fR is the symmetric key to use +and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes +used for the key and \s-1IV\s0 depends on the cipher. It is possible to set +all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply +the remaining parameters in subsequent calls, all of which have \fBtype\fR +set to \s-1NULL.\s0 This is done when the default cipher parameters are not +appropriate. +.PP +\&\fBEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and +writes the encrypted version to \fBout\fR. This function can be called +multiple times to encrypt successive blocks of data. The amount +of data written depends on the block alignment of the encrypted data: +as a result the amount of data written may be anything from zero bytes +to (inl + cipher_block_size \- 1) so \fBout\fR should contain sufficient +room. The actual number of bytes written is placed in \fBoutl\fR. It also +checks if \fBin\fR and \fBout\fR are partially overlapping, and if they are +0 is returned to indicate failure. +.PP +If padding is enabled (the default) then \fBEVP_EncryptFinal_ex()\fR encrypts +the \*(L"final\*(R" data, that is any data that remains in a partial block. +It uses standard block padding (aka \s-1PKCS\s0 padding) as described in +the \s-1NOTES\s0 section, below. The encrypted +final data is written to \fBout\fR which should have sufficient space for +one cipher block. The number of bytes written is placed in \fBoutl\fR. After +this function is called the encryption operation is finished and no further +calls to \fBEVP_EncryptUpdate()\fR should be made. +.PP +If padding is disabled then \fBEVP_EncryptFinal_ex()\fR will not encrypt any more +data and it will return an error if any data remains in a partial block: +that is if the total data length is not a multiple of the block size. +.PP +\&\fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal_ex()\fR are the +corresponding decryption operations. \fBEVP_DecryptFinal()\fR will return an +error code if padding is enabled and the final block is not correctly +formatted. The parameters and restrictions are identical to the encryption +operations except that if padding is enabled the decrypted data buffer \fBout\fR +passed to \fBEVP_DecryptUpdate()\fR should have sufficient room for +(\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in +which case \fBinl\fR bytes is sufficient. +.PP +\&\fBEVP_CipherInit_ex()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal_ex()\fR are +functions that can be used for decryption or encryption. The operation +performed depends on the value of the \fBenc\fR parameter. It should be set +to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged +(the actual value of 'enc' being supplied in a previous call). +.PP +\&\fBEVP_CIPHER_CTX_reset()\fR clears all information from a cipher context +and free up any allocated memory associate with it, except the \fBctx\fR +itself. This function should be called anytime \fBctx\fR is to be reused +for another \fBEVP_CipherInit()\fR / \fBEVP_CipherUpdate()\fR / \fBEVP_CipherFinal()\fR +series of calls. +.PP +\&\fBEVP_EncryptInit()\fR, \fBEVP_DecryptInit()\fR and \fBEVP_CipherInit()\fR behave in a +similar way to \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR and +\&\fBEVP_CipherInit_ex()\fR except they always use the default cipher implementation. +.PP +\&\fBEVP_EncryptFinal()\fR, \fBEVP_DecryptFinal()\fR and \fBEVP_CipherFinal()\fR are +identical to \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal_ex()\fR and +\&\fBEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up +the \fBctx\fR, but this is no longer done and \fBEVP_CIPHER_CTX_clean()\fR +must be called to free any context resources. +.PP +\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR +return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an +\&\s-1ASN1_OBJECT\s0 structure. +.PP +\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when +passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0 +value is an internal value which may not have a corresponding \s-1OBJECT +IDENTIFIER.\s0 +.PP +\&\fBEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. This +function should be called after the context is set up for encryption +or decryption with \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR or +\&\fBEVP_CipherInit_ex()\fR. By default encryption operations are padded using +standard block padding and the padding is checked and removed when +decrypting. If the \fBpad\fR parameter is zero then no padding is +performed, the total amount of data encrypted or decrypted must then +be a multiple of the block size or an error will occur. +.PP +\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key +length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR +structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length +for all ciphers. Note: although \fBEVP_CIPHER_key_length()\fR is fixed for a +given cipher, the value of \fBEVP_CIPHER_CTX_key_length()\fR may be different +for variable key length ciphers. +.PP +\&\fBEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx. +If the cipher is a fixed length cipher then attempting to set the key +length to any value other than the fixed value is an error. +.PP +\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR. +It will return zero if the cipher does not use an \s-1IV.\s0 The constant +\&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers. +.PP +\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block +size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR +structure. The constant \fB\s-1EVP_MAX_BLOCK_LENGTH\s0\fR is also the maximum block +length for all ciphers. +.PP +\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the type of the passed +cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT +IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and +128 bit \s-1RC2\s0 have the same \s-1NID.\s0 If the cipher does not have an object +identifier or does not have \s-1ASN1\s0 support this function will return +\&\fBNID_undef\fR. +.PP +\&\fBEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed +an \fB\s-1EVP_CIPHER_CTX\s0\fR structure. +.PP +\&\fBEVP_CIPHER_mode()\fR and \fBEVP_CIPHER_CTX_mode()\fR return the block cipher mode: +\&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, +EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, +EVP_CIPH_WRAP_MODE\s0 or \s-1EVP_CIPH_OCB_MODE.\s0 If the cipher is a stream cipher then +\&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned. +.PP +\&\fBEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based +on the passed cipher. This will typically include any parameters and an +\&\s-1IV.\s0 The cipher \s-1IV\s0 (if any) must be set when this call is made. This call +should be made before the cipher is actually \*(L"used\*(R" (before any +\&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR calls for example). This function +may fail if the cipher does not have any \s-1ASN1\s0 support. +.PP +\&\fBEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0 +AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher +In the case of \s-1RC2,\s0 for example, it will set the \s-1IV\s0 and effective key length. +This function should be called after the base cipher type is set but before +the key is set. For example \fBEVP_CipherInit()\fR will be called with the \s-1IV\s0 and +key set to \s-1NULL,\s0 \fBEVP_CIPHER_asn1_to_param()\fR will be called and finally +\&\fBEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is +possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support +or the parameters cannot be set (for example the \s-1RC2\s0 effective key length +is not supported. +.PP +\&\fBEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined +and set. +.PP +\&\fBEVP_CIPHER_CTX_rand_key()\fR generates a random key of the appropriate length +based on the cipher context. The \s-1EVP_CIPHER\s0 can provide its own random key +generation routine to support keys of a specific form. \fBKey\fR must point to a +buffer at least as big as the value returned by \fBEVP_CIPHER_CTX_key_length()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_CIPHER_CTX_new()\fR returns a pointer to a newly created +\&\fB\s-1EVP_CIPHER_CTX\s0\fR for success and \fB\s-1NULL\s0\fR for failure. +.PP +\&\fBEVP_EncryptInit_ex()\fR, \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal_ex()\fR +return 1 for success and 0 for failure. +.PP +\&\fBEVP_DecryptInit_ex()\fR and \fBEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. +\&\fBEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. +.PP +\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherUpdate()\fR return 1 for success and 0 for failure. +\&\fBEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. +.PP +\&\fBEVP_CIPHER_CTX_reset()\fR returns 1 for success and 0 for failure. +.PP +\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR +return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error. +.PP +\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0 +.PP +\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block +size. +.PP +\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key +length. +.PP +\&\fBEVP_CIPHER_CTX_set_padding()\fR always returns 1. +.PP +\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +length or zero if the cipher does not use an \s-1IV.\s0 +.PP +\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's +\&\s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT IDENTIFIER.\s0 +.PP +\&\fBEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fBEVP_CIPHER_param_to_asn1()\fR and \fBEVP_CIPHER_asn1_to_param()\fR return greater +than zero for success and zero or a negative number on failure. +.PP +\&\fBEVP_CIPHER_CTX_rand_key()\fR returns 1 for success. +.SH "CIPHER LISTING" +.IX Header "CIPHER LISTING" +All algorithms have a fixed key length unless otherwise stated. +.PP +Refer to \*(L"\s-1SEE ALSO\*(R"\s0 for the full list of ciphers available through the \s-1EVP\s0 +interface. +.IP "\fBEVP_enc_null()\fR" 4 +.IX Item "EVP_enc_null()" +Null cipher: does nothing. +.SH "AEAD Interface" +.IX Header "AEAD Interface" +The \s-1EVP\s0 interface for Authenticated Encryption with Associated Data (\s-1AEAD\s0) +modes are subtly altered and several additional \fIctrl\fR operations are supported +depending on the mode specified. +.PP +To specify additional authenticated data (\s-1AAD\s0), a call to \fBEVP_CipherUpdate()\fR, +\&\fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR should be made with the output +parameter \fBout\fR set to \fB\s-1NULL\s0\fR. +.PP +When decrypting, the return value of \fBEVP_DecryptFinal()\fR or \fBEVP_CipherFinal()\fR +indicates whether the operation was successful. If it does not indicate success, +the authentication operation has failed and any output data \fB\s-1MUST NOT\s0\fR be used +as it is corrupted. +.SS "\s-1GCM\s0 and \s-1OCB\s0 Modes" +.IX Subsection "GCM and OCB Modes" +The following \fIctrl\fRs are supported in \s-1GCM\s0 and \s-1OCB\s0 modes. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" +Sets the \s-1IV\s0 length. This call can only be made before specifying an \s-1IV.\s0 If +not called a default \s-1IV\s0 length is used. +.Sp +For \s-1GCM AES\s0 and \s-1OCB AES\s0 the default is 12 (i.e. 96 bits). For \s-1OCB\s0 mode the +maximum is 15. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" +Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. +This call can only be made when encrypting data and \fBafter\fR all data has been +processed (e.g. after an \fBEVP_EncryptFinal()\fR call). +.Sp +For \s-1OCB,\s0 \f(CW\*(C`taglen\*(C'\fR must either be 16 or the value previously set via +\&\fB\s-1EVP_CTRL_AEAD_SET_TAG\s0\fR. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" +Sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. +The tag length can only be set before specifying an \s-1IV.\s0 +\&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 inclusive. +.Sp +For \s-1GCM,\s0 this call is only valid when decrypting data. +.Sp +For \s-1OCB,\s0 this call is valid when decrypting data to set the expected tag, +and before encryption to set the desired tag length. +.Sp +In \s-1OCB\s0 mode, calling this before encryption with \f(CW\*(C`tag\*(C'\fR set to \f(CW\*(C`NULL\*(C'\fR sets the +tag length. If this is not called prior to encryption, a default tag length is +used. +.Sp +For \s-1OCB AES,\s0 the default tag length is 16 (i.e. 128 bits). It is also the +maximum tag length for \s-1OCB.\s0 +.SS "\s-1CCM\s0 Mode" +.IX Subsection "CCM Mode" +The \s-1EVP\s0 interface for \s-1CCM\s0 mode is similar to that of the \s-1GCM\s0 mode but with a +few additional requirements and different \fIctrl\fR values. +.PP +For \s-1CCM\s0 mode, the total plaintext or ciphertext length \fB\s-1MUST\s0\fR be passed to +\&\fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR with the output +and input parameters (\fBin\fR and \fBout\fR) set to \fB\s-1NULL\s0\fR and the length passed in +the \fBinl\fR parameter. +.PP +The following \fIctrl\fRs are supported in \s-1CCM\s0 mode. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" +This call is made to set the expected \fB\s-1CCM\s0\fR tag value when decrypting or +the length of the tag (with the \f(CW\*(C`tag\*(C'\fR parameter set to \s-1NULL\s0) when encrypting. +The tag length is often referred to as \fBM\fR. If not set a default value is +used (12 for \s-1AES\s0). When decrypting, the tag needs to be set before passing +in data to be decrypted, but as in \s-1GCM\s0 and \s-1OCB\s0 mode, it can be set after +passing additional authenticated data (see \*(L"\s-1AEAD\s0 Interface\*(R"). +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_CCM_SET_L,\s0 ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)" +Sets the \s-1CCM\s0 \fBL\fR value. If not set a default is used (8 for \s-1AES\s0). +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" +Sets the \s-1CCM\s0 nonce (\s-1IV\s0) length. This call can only be made before specifying an +nonce value. The nonce length is given by \fB15 \- L\fR so it is 7 by default for +\&\s-1AES.\s0 +.SS "ChaCha20\-Poly1305" +.IX Subsection "ChaCha20-Poly1305" +The following \fIctrl\fRs are supported for the ChaCha20\-Poly1305 \s-1AEAD\s0 algorithm. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" +Sets the nonce length. This call can only be made before specifying the nonce. +If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum +nonce length is 12 bytes (i.e. 96\-bits). If a nonce of less than 12 bytes is set +then the nonce is automatically padded with leading 0 bytes to make it 12 bytes +in length. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" +Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. +This call can only be made when encrypting data and \fBafter\fR all data has been +processed (e.g. after an \fBEVP_EncryptFinal()\fR call). +.Sp +\&\f(CW\*(C`taglen\*(C'\fR specified here must be 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR, i.e. 128\-bits) or +less. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" +Sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. +The tag length can only be set before specifying an \s-1IV.\s0 +\&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR) inclusive. +This call is only valid when decrypting data. +.SH "NOTES" +.IX Header "NOTES" +Where possible the \fB\s-1EVP\s0\fR interface to symmetric ciphers should be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the cipher used and much more flexible. Additionally, the +\&\fB\s-1EVP\s0\fR interface will ensure the use of platform specific cryptographic +acceleration such as AES-NI (the low level interfaces do not provide the +guarantee). +.PP +\&\s-1PKCS\s0 padding works by adding \fBn\fR padding bytes of value \fBn\fR to make the total +length of the encrypted data a multiple of the block size. Padding is always +added so if the data is already a multiple of the block size \fBn\fR will equal +the block size. For example if the block size is 8 and 11 bytes are to be +encrypted then 5 padding bytes of value 5 will be added. +.PP +When decrypting the final block is checked to see if it has the correct form. +.PP +Although the decryption operation can produce an error if padding is enabled, +it is not a strong test that the input data or key is correct. A random block +has better than 1 in 256 chance of being of the correct format and problems with +the input data earlier on will not produce a final decrypt error. +.PP +If padding is disabled then the decryption operation will always succeed if +the total amount of data decrypted is a multiple of the block size. +.PP +The functions \fBEVP_EncryptInit()\fR, \fBEVP_EncryptFinal()\fR, \fBEVP_DecryptInit()\fR, +\&\fBEVP_CipherInit()\fR and \fBEVP_CipherFinal()\fR are obsolete but are retained for +compatibility with existing code. New code should use \fBEVP_EncryptInit_ex()\fR, +\&\fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptFinal_ex()\fR, +\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherFinal_ex()\fR because they can reuse an +existing context without allocating and freeing it up on each call. +.PP +There are some differences between functions \fBEVP_CipherInit()\fR and +\&\fBEVP_CipherInit_ex()\fR, significant in some circumstances. \fBEVP_CipherInit()\fR fills +the passed context object with zeros. As a consequence, \fBEVP_CipherInit()\fR does +not allow step-by-step initialization of the ctx when the \fIkey\fR and \fIiv\fR are +passed in separate calls. It also means that the flags set for the \s-1CTX\s0 are +removed, and it is especially important for the +\&\fB\s-1EVP_CIPHER_CTX_FLAG_WRAP_ALLOW\s0\fR flag treated specially in +\&\fBEVP_CipherInit_ex()\fR. +.PP +\&\fBEVP_get_cipherbynid()\fR, and \fBEVP_get_cipherbyobj()\fR are implemented as macros. +.SH "BUGS" +.IX Header "BUGS" +\&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR and \fB\s-1EVP_MAX_IV_LENGTH\s0\fR only refer to the internal +ciphers with default key lengths. If custom ciphers exceed these values the +results are unpredictable. This is because it has become standard practice to +define a generic key as a fixed unsigned char array containing +\&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR bytes. +.PP +The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested +for certain common S/MIME ciphers (\s-1RC2, DES,\s0 triple \s-1DES\s0) in \s-1CBC\s0 mode. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Encrypt a string using \s-1IDEA:\s0 +.PP +.Vb 10 +\& int do_crypt(char *outfile) +\& { +\& unsigned char outbuf[1024]; +\& int outlen, tmplen; +\& /* +\& * Bogus key and IV: we\*(Aqd normally set these from +\& * another source. +\& */ +\& unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; +\& unsigned char iv[] = {1,2,3,4,5,6,7,8}; +\& char intext[] = "Some Crypto Text"; +\& EVP_CIPHER_CTX *ctx; +\& FILE *out; +\& +\& ctx = EVP_CIPHER_CTX_new(); +\& EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv); +\& +\& if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) { +\& /* Error */ +\& EVP_CIPHER_CTX_free(ctx); +\& return 0; +\& } +\& /* +\& * Buffer passed to EVP_EncryptFinal() must be after data just +\& * encrypted to avoid overwriting it. +\& */ +\& if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { +\& /* Error */ +\& EVP_CIPHER_CTX_free(ctx); +\& return 0; +\& } +\& outlen += tmplen; +\& EVP_CIPHER_CTX_free(ctx); +\& /* +\& * Need binary mode for fopen because encrypted data is +\& * binary data. Also cannot use strlen() on it because +\& * it won\*(Aqt be NUL terminated and may contain embedded +\& * NULs. +\& */ +\& out = fopen(outfile, "wb"); +\& if (out == NULL) { +\& /* Error */ +\& return 0; +\& } +\& fwrite(outbuf, 1, outlen, out); +\& fclose(out); +\& return 1; +\& } +.Ve +.PP +The ciphertext from the above example can be decrypted using the \fBopenssl\fR +utility with the command line (shown on two lines for clarity): +.PP +.Vb 2 +\& openssl idea \-d \e +\& \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 . diff --git a/deps/openssl/mingw64/share/man/man3/EVP_MD_meth_new.3 b/deps/openssl/mingw64/share/man/man3/EVP_MD_meth_new.3 new file mode 100644 index 00000000..baea6040 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_MD_meth_new.3 @@ -0,0 +1,301 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD_METH_NEW 3" +.TH EVP_MD_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MD_meth_dup, EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize, EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update, EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup, EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, EVP_MD_meth_get_ctrl \&\- Routines to build up EVP_MD methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +\& void EVP_MD_meth_free(EVP_MD *md); +\& EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +\& +\& int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +\& int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +\& int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +\& int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +\& int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +\& int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, +\& const void *data, +\& size_t count)); +\& int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, +\& unsigned char *md)); +\& int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, +\& const EVP_MD_CTX *from)); +\& int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +\& int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, +\& int p1, void *p2)); +\& +\& int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +\& int EVP_MD_meth_get_result_size(const EVP_MD *md); +\& int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +\& unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +\& int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +\& int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, +\& const void *data, +\& size_t count); +\& int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, +\& unsigned char *md); +\& int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, +\& const EVP_MD_CTX *from); +\& int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +\& int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, +\& int p1, void *p2); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1EVP_MD\s0\fR type is a structure for digest method implementation. +It can also have associated public/private key signing and verifying +routines. +.PP +\&\fBEVP_MD_meth_new()\fR creates a new \fB\s-1EVP_MD\s0\fR structure. +.PP +\&\fBEVP_MD_meth_dup()\fR creates a copy of \fBmd\fR. +.PP +\&\fBEVP_MD_meth_free()\fR destroys a \fB\s-1EVP_MD\s0\fR structure. +.PP +\&\fBEVP_MD_meth_set_input_blocksize()\fR sets the internal input block size +for the method \fBmd\fR to \fBblocksize\fR bytes. +.PP +\&\fBEVP_MD_meth_set_result_size()\fR sets the size of the result that the +digest method in \fBmd\fR is expected to produce to \fBresultsize\fR bytes. +.PP +The digest method may have its own private data, which OpenSSL will +allocate for it. \fBEVP_MD_meth_set_app_datasize()\fR should be used to +set the size for it to \fBdatasize\fR. +.PP +\&\fBEVP_MD_meth_set_flags()\fR sets the flags to describe optional +behaviours in the particular \fBmd\fR. Several flags can be or'd +together. The available flags are: +.IP "\s-1EVP_MD_FLAG_ONESHOT\s0" 4 +.IX Item "EVP_MD_FLAG_ONESHOT" +This digest method can only handle one block of input. +.IP "\s-1EVP_MD_FLAG_XOF\s0" 4 +.IX Item "EVP_MD_FLAG_XOF" +This digest method is an extensible-output function (\s-1XOF\s0) and supports +the \fB\s-1EVP_MD_CTRL_XOF_LEN\s0\fR control. +.IP "\s-1EVP_MD_FLAG_DIGALGID_NULL\s0" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_NULL" +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter set to \s-1NULL\s0 by default. Use this for PKCS#1. \fINote: if +combined with \s-1EVP_MD_FLAG_DIGALGID_ABSENT,\s0 the latter will override.\fR +.IP "\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_ABSENT" +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter be left absent by default. \fINote: if combined with +\&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR +.IP "\s-1EVP_MD_FLAG_DIGALGID_CUSTOM\s0" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_CUSTOM" +Custom DigestAlgorithmIdentifier handling via ctrl, with +\&\fB\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0\fR as default. \fINote: if combined with +\&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR +Currently unused. +.IP "\s-1EVP_MD_FLAG_FIPS\s0" 4 +.IX Item "EVP_MD_FLAG_FIPS" +This digest method is suitable for use in \s-1FIPS\s0 mode. +Currently unused. +.PP +\&\fBEVP_MD_meth_set_init()\fR sets the digest init function for \fBmd\fR. +The digest init function is called by \fBEVP_Digest()\fR, \fBEVP_DigestInit()\fR, +\&\fBEVP_DigestInit_ex()\fR, EVP_SignInit, \fBEVP_SignInit_ex()\fR, \fBEVP_VerifyInit()\fR +and \fBEVP_VerifyInit_ex()\fR. +.PP +\&\fBEVP_MD_meth_set_update()\fR sets the digest update function for \fBmd\fR. +The digest update function is called by \fBEVP_Digest()\fR, \fBEVP_DigestUpdate()\fR and +\&\fBEVP_SignUpdate()\fR. +.PP +\&\fBEVP_MD_meth_set_final()\fR sets the digest final function for \fBmd\fR. +The digest final function is called by \fBEVP_Digest()\fR, \fBEVP_DigestFinal()\fR, +\&\fBEVP_DigestFinal_ex()\fR, \fBEVP_SignFinal()\fR and \fBEVP_VerifyFinal()\fR. +.PP +\&\fBEVP_MD_meth_set_copy()\fR sets the function for \fBmd\fR to do extra +computations after the method's private data structure has been copied +from one \fB\s-1EVP_MD_CTX\s0\fR to another. If all that's needed is to copy +the data, there is no need for this copy function. +Note that the copy function is passed two \fB\s-1EVP_MD_CTX\s0 *\fR, the private +data structure is then available with \fBEVP_MD_CTX_md_data()\fR. +This copy function is called by \fBEVP_MD_CTX_copy()\fR and +\&\fBEVP_MD_CTX_copy_ex()\fR. +.PP +\&\fBEVP_MD_meth_set_cleanup()\fR sets the function for \fBmd\fR to do extra +cleanup before the method's private data structure is cleaned out and +freed. +Note that the cleanup function is passed a \fB\s-1EVP_MD_CTX\s0 *\fR, the +private data structure is then available with \fBEVP_MD_CTX_md_data()\fR. +This cleanup function is called by \fBEVP_MD_CTX_reset()\fR and +\&\fBEVP_MD_CTX_free()\fR. +.PP +\&\fBEVP_MD_meth_set_ctrl()\fR sets the control function for \fBmd\fR. +See \fBEVP_MD_CTX_ctrl\fR\|(3) for the available controls. +.PP +\&\fBEVP_MD_meth_get_input_blocksize()\fR, \fBEVP_MD_meth_get_result_size()\fR, +\&\fBEVP_MD_meth_get_app_datasize()\fR, \fBEVP_MD_meth_get_flags()\fR, +\&\fBEVP_MD_meth_get_init()\fR, \fBEVP_MD_meth_get_update()\fR, +\&\fBEVP_MD_meth_get_final()\fR, \fBEVP_MD_meth_get_copy()\fR, +\&\fBEVP_MD_meth_get_cleanup()\fR and \fBEVP_MD_meth_get_ctrl()\fR are all used +to retrieve the method data given with the EVP_MD_meth_set_*() +functions above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_MD_meth_new()\fR and \fBEVP_MD_meth_dup()\fR return a pointer to a newly +created \fB\s-1EVP_MD\s0\fR, or \s-1NULL\s0 on failure. +All EVP_MD_meth_set_*() functions return 1. +\&\fBEVP_MD_get_input_blocksize()\fR, \fBEVP_MD_meth_get_result_size()\fR, +\&\fBEVP_MD_meth_get_app_datasize()\fR and \fBEVP_MD_meth_get_flags()\fR return the +indicated sizes or flags. +All other EVP_CIPHER_meth_get_*() functions return pointers to their +respective \fBmd\fR function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3), \fBEVP_SignInit\fR\|(3), \fBEVP_VerifyInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1EVP_MD\s0\fR structure was openly available in OpenSSL before version +1.1. The functions described here were added in OpenSSL 1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_OpenInit.3 b/deps/openssl/mingw64/share/man/man3/EVP_OpenInit.3 new file mode 100644 index 00000000..4a3117aa --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_OpenInit.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_OPENINIT 3" +.TH EVP_OPENINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- EVP envelope decryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek, +\& int ekl, unsigned char *iv, EVP_PKEY *priv); +\& int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, unsigned char *in, int inl); +\& int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 envelope routines are a high level interface to envelope +decryption. They decrypt a public key encrypted symmetric key and +then decrypt data using it. +.PP +\&\fBEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption +with cipher \fBtype\fR. It decrypts the encrypted symmetric key of length +\&\fBekl\fR bytes passed in the \fBek\fR parameter using the private key \fBpriv\fR. +The \s-1IV\s0 is supplied in the \fBiv\fR parameter. +.PP +\&\fBEVP_OpenUpdate()\fR and \fBEVP_OpenFinal()\fR have exactly the same properties +as the \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal()\fR routines, as +documented on the \fBEVP_EncryptInit\fR\|(3) manual +page. +.SH "NOTES" +.IX Header "NOTES" +It is possible to call \fBEVP_OpenInit()\fR twice in the same way as +\&\fBEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 +and (after setting any cipher parameters) it should be called again +with \fBtype\fR set to \s-1NULL.\s0 +.PP +If the cipher passed in the \fBtype\fR parameter is a variable length +cipher then the key length will be set to the value of the recovered +key length. If the cipher is a fixed length cipher then the recovered +key length must match the fixed cipher length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the +recovered secret key size) if successful. +.PP +\&\fBEVP_OpenUpdate()\fR returns 1 for success or 0 for failure. +.PP +\&\fBEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_SealInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_ASN1_METHOD.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_ASN1_METHOD.3 new file mode 100644 index 00000000..e5a29c54 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_ASN1_METHOD.3 @@ -0,0 +1,553 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ASN1_METHOD 3" +.TH EVP_PKEY_ASN1_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_ASN1_METHOD, EVP_PKEY_asn1_new, EVP_PKEY_asn1_copy, EVP_PKEY_asn1_free, EVP_PKEY_asn1_add0, EVP_PKEY_asn1_add_alias, EVP_PKEY_asn1_set_public, EVP_PKEY_asn1_set_private, EVP_PKEY_asn1_set_param, EVP_PKEY_asn1_set_free, EVP_PKEY_asn1_set_ctrl, EVP_PKEY_asn1_set_item, EVP_PKEY_asn1_set_siginf, EVP_PKEY_asn1_set_check, EVP_PKEY_asn1_set_public_check, EVP_PKEY_asn1_set_param_check, EVP_PKEY_asn1_set_security_bits, EVP_PKEY_asn1_set_set_priv_key, EVP_PKEY_asn1_set_set_pub_key, EVP_PKEY_asn1_set_get_priv_key, EVP_PKEY_asn1_set_get_pub_key, EVP_PKEY_get0_asn1 \&\- manipulating and registering EVP_PKEY_ASN1_METHOD structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; +\& +\& EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, +\& const char *pem_str, +\& const char *info); +\& void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, +\& const EVP_PKEY_ASN1_METHOD *src); +\& void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +\& int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +\& int EVP_PKEY_asn1_add_alias(int to, int from); +\& +\& void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pub_decode) (EVP_PKEY *pk, +\& X509_PUBKEY *pub), +\& int (*pub_encode) (X509_PUBKEY *pub, +\& const EVP_PKEY *pk), +\& int (*pub_cmp) (const EVP_PKEY *a, +\& const EVP_PKEY *b), +\& int (*pub_print) (BIO *out, +\& const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx), +\& int (*pkey_size) (const EVP_PKEY *pk), +\& int (*pkey_bits) (const EVP_PKEY *pk)); +\& void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*priv_decode) (EVP_PKEY *pk, +\& const PKCS8_PRIV_KEY_INFO +\& *p8inf), +\& int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, +\& const EVP_PKEY *pk), +\& int (*priv_print) (BIO *out, +\& const EVP_PKEY *pkey, +\& int indent, +\& ASN1_PCTX *pctx)); +\& void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*param_decode) (EVP_PKEY *pkey, +\& const unsigned char **pder, +\& int derlen), +\& int (*param_encode) (const EVP_PKEY *pkey, +\& unsigned char **pder), +\& int (*param_missing) (const EVP_PKEY *pk), +\& int (*param_copy) (EVP_PKEY *to, +\& const EVP_PKEY *from), +\& int (*param_cmp) (const EVP_PKEY *a, +\& const EVP_PKEY *b), +\& int (*param_print) (BIO *out, +\& const EVP_PKEY *pkey, +\& int indent, +\& ASN1_PCTX *pctx)); +\& +\& void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, +\& void (*pkey_free) (EVP_PKEY *pkey)); +\& void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, +\& long arg1, void *arg2)); +\& void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*item_verify) (EVP_MD_CTX *ctx, +\& const ASN1_ITEM *it, +\& void *asn, +\& X509_ALGOR *a, +\& ASN1_BIT_STRING *sig, +\& EVP_PKEY *pkey), +\& int (*item_sign) (EVP_MD_CTX *ctx, +\& const ASN1_ITEM *it, +\& void *asn, +\& X509_ALGOR *alg1, +\& X509_ALGOR *alg2, +\& ASN1_BIT_STRING *sig)); +\& +\& void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*siginf_set) (X509_SIG_INFO *siginf, +\& const X509_ALGOR *alg, +\& const ASN1_STRING *sig)); +\& +\& void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_check) (const EVP_PKEY *pk)); +\& +\& void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_pub_check) (const EVP_PKEY *pk)); +\& +\& void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_param_check) (const EVP_PKEY *pk)); +\& +\& void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_security_bits) (const EVP_PKEY +\& *pk)); +\& +\& void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*set_priv_key) (EVP_PKEY *pk, +\& const unsigned char +\& *priv, +\& size_t len)); +\& +\& void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*set_pub_key) (EVP_PKEY *pk, +\& const unsigned char *pub, +\& size_t len)); +\& +\& void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*get_priv_key) (const EVP_PKEY *pk, +\& unsigned char *priv, +\& size_t *len)); +\& +\& void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*get_pub_key) (const EVP_PKEY *pk, +\& unsigned char *pub, +\& size_t *len)); +\& +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR is a structure which holds a set of \s-1ASN.1\s0 +conversion, printing and information methods for a specific public key +algorithm. +.PP +There are two places where the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are +stored: one is a built-in array representing the standard methods for +different algorithms, and the other one is a stack of user-defined +application-specific methods, which can be manipulated by using +\&\fBEVP_PKEY_asn1_add0\fR\|(3). +.SS "Methods" +.IX Subsection "Methods" +The methods are the underlying implementations of a particular public +key algorithm present by the \fB\s-1EVP_PKEY\s0\fR object. +.PP +.Vb 5 +\& int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); +\& int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); +\& int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); +\& int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, +\& ASN1_PCTX *pctx); +.Ve +.PP +The \fBpub_decode()\fR and \fBpub_encode()\fR methods are called to decode / +encode \fBX509_PUBKEY\fR \s-1ASN.1\s0 parameters to / from \fBpk\fR. +They \s-1MUST\s0 return 0 on error, 1 on success. +They're called by \fBX509_PUBKEY_get0\fR\|(3) and \fBX509_PUBKEY_set\fR\|(3). +.PP +The \fBpub_cmp()\fR method is called when two public keys are to be +compared. +It \s-1MUST\s0 return 1 when the keys are equal, 0 otherwise. +It's called by \fBEVP_PKEY_cmp\fR\|(3). +.PP +The \fBpub_print()\fR method is called to print a public key in humanly +readable text to \fBout\fR, indented \fBindent\fR spaces. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fBEVP_PKEY_print_public\fR\|(3). +.PP +.Vb 4 +\& int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); +\& int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); +\& int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, +\& ASN1_PCTX *pctx); +.Ve +.PP +The \fBpriv_decode()\fR and \fBpriv_encode()\fR methods are called to decode / +encode \fB\s-1PKCS8_PRIV_KEY_INFO\s0\fR form private key to / from \fBpk\fR. +They \s-1MUST\s0 return 0 on error, 1 on success. +They're called by \s-1\fBEVP_PKCS82PKEY\s0\fR\|(3) and \s-1\fBEVP_PKEY2PKCS8\s0\fR\|(3). +.PP +The \fBpriv_print()\fR method is called to print a private key in humanly +readable text to \fBout\fR, indented \fBindent\fR spaces. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fBEVP_PKEY_print_private\fR\|(3). +.PP +.Vb 3 +\& int (*pkey_size) (const EVP_PKEY *pk); +\& int (*pkey_bits) (const EVP_PKEY *pk); +\& int (*pkey_security_bits) (const EVP_PKEY *pk); +.Ve +.PP +The \fBpkey_size()\fR method returns the key size in bytes. +It's called by \fBEVP_PKEY_size\fR\|(3). +.PP +The \fBpkey_bits()\fR method returns the key size in bits. +It's called by \fBEVP_PKEY_bits\fR\|(3). +.PP +.Vb 8 +\& int (*param_decode) (EVP_PKEY *pkey, +\& const unsigned char **pder, int derlen); +\& int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); +\& int (*param_missing) (const EVP_PKEY *pk); +\& int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); +\& int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); +\& int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, +\& ASN1_PCTX *pctx); +.Ve +.PP +The \fBparam_decode()\fR and \fBparam_encode()\fR methods are called to decode / +encode \s-1DER\s0 formatted parameters to / from \fBpk\fR. +They \s-1MUST\s0 return 0 on error, 1 on success. +They're called by \fBPEM_read_bio_Parameters\fR\|(3) and the \fBfile:\fR +\&\s-1\fBOSSL_STORE_LOADER\s0\fR\|(3). +.PP +The \fBparam_missing()\fR method returns 0 if a key parameter is missing, +otherwise 1. +It's called by \fBEVP_PKEY_missing_parameters\fR\|(3). +.PP +The \fBparam_copy()\fR method copies key parameters from \fBfrom\fR to \fBto\fR. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fBEVP_PKEY_copy_parameters\fR\|(3). +.PP +The \fBparam_cmp()\fR method compares the parameters of keys \fBa\fR and \fBb\fR. +It \s-1MUST\s0 return 1 when the keys are equal, 0 when not equal, or a +negative number on error. +It's called by \fBEVP_PKEY_cmp_parameters\fR\|(3). +.PP +The \fBparam_print()\fR method prints the private key parameters in humanly +readable text to \fBout\fR, indented \fBindent\fR spaces. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fBEVP_PKEY_print_params\fR\|(3). +.PP +.Vb 3 +\& int (*sig_print) (BIO *out, +\& const X509_ALGOR *sigalg, const ASN1_STRING *sig, +\& int indent, ASN1_PCTX *pctx); +.Ve +.PP +The \fBsig_print()\fR method prints a signature in humanly readable text to +\&\fBout\fR, indented \fBindent\fR spaces. +\&\fBsigalg\fR contains the exact signature algorithm. +If the signature in \fBsig\fR doesn't correspond to what this method +expects, \fBX509_signature_dump()\fR must be used as a last resort. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fBX509_signature_print\fR\|(3). +.PP +.Vb 1 +\& void (*pkey_free) (EVP_PKEY *pkey); +.Ve +.PP +The \fBpkey_free()\fR method helps freeing the internals of \fBpkey\fR. +It's called by \fBEVP_PKEY_free\fR\|(3), \fBEVP_PKEY_set_type\fR\|(3), +\&\fBEVP_PKEY_set_type_str\fR\|(3), and \fBEVP_PKEY_assign\fR\|(3). +.PP +.Vb 1 +\& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); +.Ve +.PP +The \fBpkey_ctrl()\fR method adds extra algorithm specific control. +It's called by \fBEVP_PKEY_get_default_digest_nid\fR\|(3), +\&\fBEVP_PKEY_set1_tls_encodedpoint\fR\|(3), +\&\fBEVP_PKEY_get1_tls_encodedpoint\fR\|(3), \fBPKCS7_SIGNER_INFO_set\fR\|(3), +\&\fBPKCS7_RECIP_INFO_set\fR\|(3), ... +.PP +.Vb 3 +\& int (*old_priv_decode) (EVP_PKEY *pkey, +\& const unsigned char **pder, int derlen); +\& int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); +.Ve +.PP +The \fBold_priv_decode()\fR and \fBold_priv_encode()\fR methods decode / encode +they private key \fBpkey\fR from / to a \s-1DER\s0 formatted array. +These are exclusively used to help decoding / encoding older (pre +PKCS#8) \s-1PEM\s0 formatted encrypted private keys. +\&\fBold_priv_decode()\fR \s-1MUST\s0 return 0 on error, 1 on success. +\&\fBold_priv_encode()\fR \s-1MUST\s0 the return same kind of values as +\&\fBi2d_PrivateKey()\fR. +They're called by \fBd2i_PrivateKey\fR\|(3) and \fBi2d_PrivateKey\fR\|(3). +.PP +.Vb 5 +\& int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, +\& X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); +\& int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, +\& X509_ALGOR *alg1, X509_ALGOR *alg2, +\& ASN1_BIT_STRING *sig); +.Ve +.PP +The \fBitem_sign()\fR and \fBitem_verify()\fR methods make it possible to have +algorithm specific signatures and verification of them. +.PP +\&\fBitem_sign()\fR \s-1MUST\s0 return one of: +.IP "<=0" 4 +.IX Item "<=0" +error +.IP "1" 4 +.IX Item "1" +\&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the +signature length back. +.IP "2" 4 +.IX Item "2" +\&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production. +.IP "3" 4 +.IX Item "3" +\&\fBitem_sign()\fR set the algorithm identifier \fBalgor1\fR and \fBalgor2\fR, +OpenSSL internals should just sign using those algorithms. +.PP +\&\fBitem_verify()\fR \s-1MUST\s0 return one of: +.IP "<=0" 4 +.IX Item "<=0" +error +.IP "1" 4 +.IX Item "1" +\&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the +signature length back. +.IP "2" 4 +.IX Item "2" +\&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production. +.PP +\&\fBitem_verify()\fR and \fBitem_sign()\fR are called by \fBASN1_item_verify\fR\|(3) and +\&\fBASN1_item_sign\fR\|(3), and by extension, \fBX509_verify\fR\|(3), +\&\fBX509_REQ_verify\fR\|(3), \fBX509_sign\fR\|(3), \fBX509_REQ_sign\fR\|(3), ... +.PP +.Vb 2 +\& int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, +\& const ASN1_STRING *sig); +.Ve +.PP +The \fBsiginf_set()\fR method is used to set custom \fBX509_SIG_INFO\fR +parameters. +It \s-1MUST\s0 return 0 on error, or 1 on success. +It's called as part of \fBX509_check_purpose\fR\|(3), \fBX509_check_ca\fR\|(3) +and \fBX509_check_issued\fR\|(3). +.PP +.Vb 3 +\& int (*pkey_check) (const EVP_PKEY *pk); +\& int (*pkey_public_check) (const EVP_PKEY *pk); +\& int (*pkey_param_check) (const EVP_PKEY *pk); +.Ve +.PP +The \fBpkey_check()\fR, \fBpkey_public_check()\fR and \fBpkey_param_check()\fR methods are used +to check the validity of \fBpk\fR for key-pair, public component and parameters, +respectively. +They \s-1MUST\s0 return 0 for an invalid key, or 1 for a valid key. +They are called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and +\&\fBEVP_PKEY_param_check\fR\|(3) respectively. +.PP +.Vb 2 +\& int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); +\& int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); +.Ve +.PP +The \fBset_priv_key()\fR and \fBset_pub_key()\fR methods are used to set the raw private and +public key data for an \s-1EVP_PKEY.\s0 They \s-1MUST\s0 return 0 on error, or 1 on success. +They are called by \fBEVP_PKEY_new_raw_private_key\fR\|(3), and +\&\fBEVP_PKEY_new_raw_public_key\fR\|(3) respectively. +.SS "Functions" +.IX Subsection "Functions" +\&\fBEVP_PKEY_asn1_new()\fR creates and returns a new \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR +object, and associates the given \fBid\fR, \fBflags\fR, \fBpem_str\fR and +\&\fBinfo\fR. +\&\fBid\fR is a \s-1NID,\s0 \fBpem_str\fR is the \s-1PEM\s0 type string, \fBinfo\fR is a +descriptive string. +The following \fBflags\fR are supported: +.PP +.Vb 1 +\& ASN1_PKEY_SIGPARAM_NULL +.Ve +.PP +If \fB\s-1ASN1_PKEY_SIGPARAM_NULL\s0\fR is set, then the signature algorithm +parameters are given the type \fBV_ASN1_NULL\fR by default, otherwise +they will be given the type \fBV_ASN1_UNDEF\fR (i.e. the parameter is +omitted). +See \fBX509_ALGOR_set0\fR\|(3) for more information. +.PP +\&\fBEVP_PKEY_asn1_copy()\fR copies an \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object from +\&\fBsrc\fR to \fBdst\fR. +This function is not thread safe, it's recommended to only use this +when initializing the application. +.PP +\&\fBEVP_PKEY_asn1_free()\fR frees an existing \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR pointed +by \fBameth\fR. +.PP +\&\fBEVP_PKEY_asn1_add0()\fR adds \fBameth\fR to the user defined stack of +methods unless another \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is +already there. +This function is not thread safe, it's recommended to only use this +when initializing the application. +.PP +\&\fBEVP_PKEY_asn1_add_alias()\fR creates an alias with the \s-1NID\s0 \fBto\fR for the +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 \fBfrom\fR unless another +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is already added. +This function is not thread safe, it's recommended to only use this +when initializing the application. +.PP +\&\fBEVP_PKEY_asn1_set_public()\fR, \fBEVP_PKEY_asn1_set_private()\fR, +\&\fBEVP_PKEY_asn1_set_param()\fR, \fBEVP_PKEY_asn1_set_free()\fR, +\&\fBEVP_PKEY_asn1_set_ctrl()\fR, \fBEVP_PKEY_asn1_set_item()\fR, +\&\fBEVP_PKEY_asn1_set_siginf()\fR, \fBEVP_PKEY_asn1_set_check()\fR, +\&\fBEVP_PKEY_asn1_set_public_check()\fR, \fBEVP_PKEY_asn1_set_param_check()\fR, +\&\fBEVP_PKEY_asn1_set_security_bits()\fR, \fBEVP_PKEY_asn1_set_set_priv_key()\fR, +\&\fBEVP_PKEY_asn1_set_set_pub_key()\fR, \fBEVP_PKEY_asn1_set_get_priv_key()\fR and +\&\fBEVP_PKEY_asn1_set_get_pub_key()\fR set the diverse methods of the given +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object. +.PP +\&\fBEVP_PKEY_get0_asn1()\fR finds the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR associated +with the key \fBpkey\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_asn1_new()\fR returns \s-1NULL\s0 on error, or a pointer to an +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. +.PP +\&\fBEVP_PKEY_asn1_add0()\fR and \fBEVP_PKEY_asn1_add_alias()\fR return 0 on error, +or 1 on success. +.PP +\&\fBEVP_PKEY_get0_asn1()\fR returns \s-1NULL\s0 on error, or a pointer to a constant +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_ctrl.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_ctrl.3 new file mode 100644 index 00000000..9667e7b7 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_ctrl.3 @@ -0,0 +1,538 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_CTRL 3" +.TH EVP_PKEY_CTX_CTRL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX_md, EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_get_signature_md, EVP_PKEY_CTX_set_mac_key, EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_CTX_get_rsa_padding, EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_get_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits, EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_rsa_keygen_primes, EVP_PKEY_CTX_set_rsa_mgf1_md, EVP_PKEY_CTX_get_rsa_mgf1_md, EVP_PKEY_CTX_set_rsa_oaep_md, EVP_PKEY_CTX_get_rsa_oaep_md, EVP_PKEY_CTX_set0_rsa_oaep_label, EVP_PKEY_CTX_get0_rsa_oaep_label, EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dsa_paramgen_q_bits, EVP_PKEY_CTX_set_dsa_paramgen_md, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_subprime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, EVP_PKEY_CTX_set_dh_paramgen_type, EVP_PKEY_CTX_set_dh_rfc5114, EVP_PKEY_CTX_set_dhx_rfc5114, EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid, EVP_PKEY_CTX_set_dh_kdf_type, EVP_PKEY_CTX_get_dh_kdf_type, EVP_PKEY_CTX_set0_dh_kdf_oid, EVP_PKEY_CTX_get0_dh_kdf_oid, EVP_PKEY_CTX_set_dh_kdf_md, EVP_PKEY_CTX_get_dh_kdf_md, EVP_PKEY_CTX_set_dh_kdf_outlen, EVP_PKEY_CTX_get_dh_kdf_outlen, EVP_PKEY_CTX_set0_dh_kdf_ukm, EVP_PKEY_CTX_get0_dh_kdf_ukm, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc, EVP_PKEY_CTX_set_ecdh_cofactor_mode, EVP_PKEY_CTX_get_ecdh_cofactor_mode, EVP_PKEY_CTX_set_ecdh_kdf_type, EVP_PKEY_CTX_get_ecdh_kdf_type, EVP_PKEY_CTX_set_ecdh_kdf_md, EVP_PKEY_CTX_get_ecdh_kdf_md, EVP_PKEY_CTX_set_ecdh_kdf_outlen, EVP_PKEY_CTX_get_ecdh_kdf_outlen, EVP_PKEY_CTX_set0_ecdh_kdf_ukm, EVP_PKEY_CTX_get0_ecdh_kdf_ukm, EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len \&\- algorithm specific control operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, +\& int cmd, int p1, void *p2); +\& int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, +\& int cmd, uint64_t value); +\& int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, +\& const char *value); +\& +\& int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); +\& +\& int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd); +\& +\& int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, unsigned char *key, int len); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); +\& int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad); +\& int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits); +\& int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); +\& int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); +\& int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len); +\& int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); +\& int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits); +\& int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); +\& int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type); +\& int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); +\& int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid); +\& int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); +\& int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); +\& int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +\& int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid); +\& int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid); +\& int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); +\& int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); +\& int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc); +\& int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode); +\& int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +\& int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); +\& int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); +\& +\& int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len); +\& int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id); +\& int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context +\&\fBctx\fR. The key type used must match \fBkeytype\fR if it is not \-1. The parameter +\&\fBoptype\fR is a mask indicating which operations the control can be applied to. +The control command is indicated in \fBcmd\fR and any additional arguments in +\&\fBp1\fR and \fBp2\fR. +.PP +For \fBcmd\fR = \fB\s-1EVP_PKEY_CTRL_SET_MAC_KEY\s0\fR, \fBp1\fR is the length of the \s-1MAC\s0 key, +and \fBp2\fR is \s-1MAC\s0 key. This is used by Poly1305, SipHash, \s-1HMAC\s0 and \s-1CMAC.\s0 +.PP +Applications will not normally call \fBEVP_PKEY_CTX_ctrl()\fR directly but will +instead call one of the algorithm specific macros below. +.PP +The function \fBEVP_PKEY_CTX_ctrl_uint64()\fR is a wrapper that directly passes a +uint64 value as \fBp2\fR to \fBEVP_PKEY_CTX_ctrl()\fR. +.PP +The function \fBEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm +specific control operation to a context \fBctx\fR in string form. This is +intended to be used for options specified on the command line or in text +files. The commands supported are documented in the openssl utility +command line pages for the option \fB\-pkeyopt\fR which is supported by the +\&\fBpkeyutl\fR, \fBgenpkey\fR and \fBreq\fR commands. +.PP +The function \fBEVP_PKEY_CTX_md()\fR sends a message digest control operation +to the context \fBctx\fR. The message digest is specified by its name \fBmd\fR. +.PP +All the remaining \*(L"functions\*(R" are implemented as macros. +.PP +The \fBEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used +in a signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. +.PP +The \fBEVP_PKEY_CTX_get_signature_md()\fR macro gets the message digest type used in a +signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. +.PP +Key generation typically involves setting up parameters to be used and +generating the private and public key data. Some algorithm implementations +allow private key data to be set explicitly using the \fBEVP_PKEY_CTX_set_mac_key()\fR +macro. In this case key generation is simply the process of setting up the +parameters for the key and then setting the raw key data to the value explicitly +provided by that macro. Normally applications would call +\&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or similar functions instead of this macro. +.PP +The \fBEVP_PKEY_CTX_set_mac_key()\fR macro can be used with any of the algorithms +supported by the \fBEVP_PKEY_new_raw_private_key\fR\|(3) function. +.SS "\s-1RSA\s0 parameters" +.IX Subsection "RSA parameters" +The \fBEVP_PKEY_CTX_set_rsa_padding()\fR macro sets the \s-1RSA\s0 padding mode for \fBctx\fR. +The \fBpad\fR parameter can take the value \fB\s-1RSA_PKCS1_PADDING\s0\fR for PKCS#1 +padding, \fB\s-1RSA_SSLV23_PADDING\s0\fR for SSLv23 padding, \fB\s-1RSA_NO_PADDING\s0\fR for +no padding, \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR for \s-1OAEP\s0 padding (encrypt and +decrypt only), \fB\s-1RSA_X931_PADDING\s0\fR for X9.31 padding (signature operations +only) and \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR (sign and verify only). +.PP +Two \s-1RSA\s0 padding modes behave differently if \fBEVP_PKEY_CTX_set_signature_md()\fR +is used. If this macro is called for PKCS#1 padding the plaintext buffer is +an actual digest value and is encapsulated in a DigestInfo structure according +to PKCS#1 when signing and this structure is expected (and stripped off) when +verifying. If this control is not used with \s-1RSA\s0 and PKCS#1 padding then the +supplied data is used directly and not encapsulated. In the case of X9.31 +padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and removed +if this control is called. If it is not called then the first byte of the plaintext +buffer is expected to be the algorithm identifier byte. +.PP +The \fBEVP_PKEY_CTX_get_rsa_padding()\fR macro gets the \s-1RSA\s0 padding mode for \fBctx\fR. +.PP +The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to +\&\fBlen\fR. As its name implies it is only supported for \s-1PSS\s0 padding. Three special +values are supported: \fB\s-1RSA_PSS_SALTLEN_DIGEST\s0\fR sets the salt length to the +digest length, \fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR sets the salt length to the maximum +permissible value. When verifying \fB\s-1RSA_PSS_SALTLEN_AUTO\s0\fR causes the salt length +to be automatically determined based on the \fB\s-1PSS\s0\fR block structure. If this +macro is not called maximum salt length is used when signing and auto detection +when verifying is used by default. +.PP +The \fBEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR macro gets the \s-1RSA PSS\s0 salt length +for \fBctx\fR. The padding mode must have been set to \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for +\&\s-1RSA\s0 key generation to \fBbits\fR. If not specified 1024 bits is used. +.PP +The \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value +for \s-1RSA\s0 key generation to \fBpubexp\fR. Currently it should be an odd integer. The +\&\fBpubexp\fR pointer is used internally by this function so it should not be +modified or freed after the call. If not specified 65537 is used. +.PP +The \fBEVP_PKEY_CTX_set_rsa_keygen_primes()\fR macro sets the number of primes for +\&\s-1RSA\s0 key generation to \fBprimes\fR. If not specified 2 is used. +.PP +The \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macro sets the \s-1MGF1\s0 digest for \s-1RSA\s0 padding +schemes to \fBmd\fR. If not explicitly set the signing digest is used. The +padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR +or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_get_rsa_mgf1_md()\fR macro gets the \s-1MGF1\s0 digest for \fBctx\fR. +If not explicitly set the signing digest is used. The padding mode must have +been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_set_rsa_oaep_md()\fR macro sets the message digest type used +in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to +\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_get_rsa_oaep_md()\fR macro gets the message digest type used +in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to +\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_set0_rsa_oaep_label()\fR macro sets the \s-1RSA OAEP\s0 label to +\&\fBlabel\fR and its length to \fBlen\fR. If \fBlabel\fR is \s-1NULL\s0 or \fBlen\fR is 0, +the label is cleared. The library takes ownership of the label so the +caller should not free the original memory pointed to by \fBlabel\fR. +The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_get0_rsa_oaep_label()\fR macro gets the \s-1RSA OAEP\s0 label to +\&\fBlabel\fR. The return value is the label length. The padding mode +must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "\s-1DSA\s0 parameters" +.IX Subsection "DSA parameters" +The \fBEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR macro sets the number of bits used +for \s-1DSA\s0 parameter generation to \fBnbits\fR. If not specified, 1024 is used. +.PP +The \fBEVP_PKEY_CTX_set_dsa_paramgen_q_bits()\fR macro sets the number of bits in the +subprime parameter \fBq\fR for \s-1DSA\s0 parameter generation to \fBqbits\fR. If not +specified, 160 is used. If a digest function is specified below, this parameter +is ignored and instead, the number of bits in \fBq\fR matches the size of the +digest. +.PP +The \fBEVP_PKEY_CTX_set_dsa_paramgen_md()\fR macro sets the digest function used for +\&\s-1DSA\s0 parameter generation to \fBmd\fR. If not specified, one of \s-1SHA\-1, SHA\-224,\s0 or +\&\s-1SHA\-256\s0 is selected to match the bit length of \fBq\fR above. +.SS "\s-1DH\s0 parameters" +.IX Subsection "DH parameters" +The \fBEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR macro sets the length of the \s-1DH\s0 +prime parameter \fBp\fR for \s-1DH\s0 parameter generation. If this macro is not called +then 1024 is used. Only accepts lengths greater than or equal to 256. +.PP +The \fBEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR macro sets the length of the \s-1DH\s0 +optional subprime parameter \fBq\fR for \s-1DH\s0 parameter generation. The default is +256 if the prime is at least 2048 bits long or 160 otherwise. The \s-1DH\s0 +paramgen type must have been set to x9.42. +.PP +The \fBEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR +for \s-1DH\s0 parameter generation. If not specified 2 is used. +.PP +The \fBEVP_PKEY_CTX_set_dh_paramgen_type()\fR macro sets the key type for \s-1DH\s0 +parameter generation. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH.\s0 +The default is 0. +.PP +The \fBEVP_PKEY_CTX_set_dh_pad()\fR macro sets the \s-1DH\s0 padding mode. If \fBpad\fR is +1 the shared secret is padded with zeroes up to the size of the \s-1DH\s0 prime \fBp\fR. +If \fBpad\fR is zero (the default) then no padding is performed. +.PP +\&\fBEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to +\&\fBnid\fR as defined in \s-1RFC7919.\s0 The \fBnid\fR parameter must be \fBNID_ffdhe2048\fR, +\&\fBNID_ffdhe3072\fR, \fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, \fBNID_ffdhe8192\fR +or \fBNID_undef\fR to clear the stored value. This macro can be called during +parameter or key generation. +The nid parameter and the rfc5114 parameter are mutually exclusive. +.PP +The \fBEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fBEVP_PKEY_CTX_set_dhx_rfc5114()\fR macros are +synonymous. They set the \s-1DH\s0 parameters to the values defined in \s-1RFC5114.\s0 The +\&\fBrfc5114\fR parameter must be 1, 2 or 3 corresponding to \s-1RFC5114\s0 sections +2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called +during parameter generation. The \fBctx\fR must have a key type of +\&\fB\s-1EVP_PKEY_DHX\s0\fR. +The rfc5114 parameter and the nid parameter are mutually exclusive. +.SS "\s-1DH\s0 key derivation function parameters" +.IX Subsection "DH key derivation function parameters" +Note that all of the following functions require that the \fBctx\fR parameter has +a private key type of \fB\s-1EVP_PKEY_DHX\s0\fR. When using key derivation, the output of +\&\fBEVP_PKEY_derive()\fR is the output of the \s-1KDF\s0 instead of the \s-1DH\s0 shared secret. +The \s-1KDF\s0 output is typically used as a Key Encryption Key (\s-1KEK\s0) that in turn +encrypts a Content Encryption Key (\s-1CEK\s0). +.PP +The \fBEVP_PKEY_CTX_set_dh_kdf_type()\fR macro sets the key derivation function type +to \fBkdf\fR for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR which uses the key derivation specified in \s-1RFC2631\s0 +(based on the keying algorithm described in X9.42). When using key derivation, +the \fBkdf_oid\fR, \fBkdf_md\fR and \fBkdf_outlen\fR parameters must also be specified. +.PP +The \fBEVP_PKEY_CTX_get_dh_kdf_type()\fR macro gets the key derivation function type +for \fBctx\fR used for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR. +.PP +The \fBEVP_PKEY_CTX_set0_dh_kdf_oid()\fR macro sets the key derivation function +object identifier to \fBoid\fR for \s-1DH\s0 key derivation. This \s-1OID\s0 should identify +the algorithm to be used with the Content Encryption Key. +The library takes ownership of the object identifier so the caller should not +free the original memory pointed to by \fBoid\fR. +.PP +The \fBEVP_PKEY_CTX_get0_dh_kdf_oid()\fR macro gets the key derivation function oid +for \fBctx\fR used for \s-1DH\s0 key derivation. The resulting pointer is owned by the +library and should not be freed by the caller. +.PP +The \fBEVP_PKEY_CTX_set_dh_kdf_md()\fR macro sets the key derivation function +message digest to \fBmd\fR for \s-1DH\s0 key derivation. Note that \s-1RFC2631\s0 specifies +that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. +.PP +The \fBEVP_PKEY_CTX_get_dh_kdf_md()\fR macro gets the key derivation function +message digest for \fBctx\fR used for \s-1DH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_set_dh_kdf_outlen()\fR macro sets the key derivation function +output length to \fBlen\fR for \s-1DH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_get_dh_kdf_outlen()\fR macro gets the key derivation function +output length for \fBctx\fR used for \s-1DH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR macro sets the user key material to +\&\fBukm\fR and its length to \fBlen\fR for \s-1DH\s0 key derivation. This parameter is optional +and corresponds to the partyAInfo field in \s-1RFC2631\s0 terms. The specification +requires that it is 512 bits long but this is not enforced by OpenSSL. +The library takes ownership of the user key material so the caller should not +free the original memory pointed to by \fBukm\fR. +.PP +The \fBEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "\s-1EC\s0 parameters" +.IX Subsection "EC parameters" +The \fBEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter +generation to \fBnid\fR. For \s-1EC\s0 parameter generation this macro must be called +or an error occurs because there is no default curve. +This function can also be called to set the curve explicitly when +generating an \s-1EC\s0 key. +.PP +The \fBEVP_PKEY_CTX_set_ec_param_enc()\fR macro sets the \s-1EC\s0 parameter encoding to +\&\fBparam_enc\fR when generating \s-1EC\s0 parameters or an \s-1EC\s0 key. The encoding can be +\&\fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR for explicit parameters (the default in versions +of OpenSSL before 1.1.0) or \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR to use named curve form. +For maximum compatibility the named curve form should be used. Note: the +\&\fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR value was added in OpenSSL 1.1.0; previous +versions should use 0 instead. +.SS "\s-1ECDH\s0 parameters" +.IX Subsection "ECDH parameters" +The \fBEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR macro sets the cofactor mode to +\&\fBcofactor_mode\fR for \s-1ECDH\s0 key derivation. Possible values are 1 to enable +cofactor key derivation, 0 to disable it and \-1 to clear the stored cofactor +mode and fallback to the private key cofactor mode. +.PP +The \fBEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR macro returns the cofactor mode for +\&\fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are 1 when cofactor key +derivation is enabled and 0 otherwise. +.SS "\s-1ECDH\s0 key derivation function parameters" +.IX Subsection "ECDH key derivation function parameters" +The \fBEVP_PKEY_CTX_set_ecdh_kdf_type()\fR macro sets the key derivation function type +to \fBkdf\fR for \s-1ECDH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR which uses the key derivation specified in X9.63. +When using key derivation, the \fBkdf_md\fR and \fBkdf_outlen\fR parameters must +also be specified. +.PP +The \fBEVP_PKEY_CTX_get_ecdh_kdf_type()\fR macro returns the key derivation function +type for \fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are +\&\fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR. +.PP +The \fBEVP_PKEY_CTX_set_ecdh_kdf_md()\fR macro sets the key derivation function +message digest to \fBmd\fR for \s-1ECDH\s0 key derivation. Note that X9.63 specifies +that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. +.PP +The \fBEVP_PKEY_CTX_get_ecdh_kdf_md()\fR macro gets the key derivation function +message digest for \fBctx\fR used for \s-1ECDH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR macro sets the key derivation function +output length to \fBlen\fR for \s-1ECDH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR macro gets the key derivation function +output length for \fBctx\fR used for \s-1ECDH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR macro sets the user key material to \fBukm\fR +for \s-1ECDH\s0 key derivation. This parameter is optional and corresponds to the +shared info in X9.63 terms. The library takes ownership of the user key material +so the caller should not free the original memory pointed to by \fBukm\fR. +.PP +The \fBEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "Other parameters" +.IX Subsection "Other parameters" +The \fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR +macros are used to manipulate the special identifier field for specific signature +algorithms such as \s-1SM2.\s0 The \fBEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fBid\fR with +the length \fBid_len\fR to the library. The library takes a copy of the id so that +the caller can safely free the original memory pointed to by \fBid\fR. The +\&\fBEVP_PKEY_CTX_get1_id_len()\fR macro returns the length of the \s-1ID\s0 set via a previous +call to \fBEVP_PKEY_CTX_set1_id()\fR. The length is usually used to allocate adequate +memory for further calls to \fBEVP_PKEY_CTX_get1_id()\fR. The \fBEVP_PKEY_CTX_get1_id()\fR +macro returns the previously set \s-1ID\s0 value to caller in \fBid\fR. The caller should +allocate adequate memory space for the \fBid\fR before calling \fBEVP_PKEY_CTX_get1_id()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_CTX_ctrl()\fR and its macros return a positive value for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR +macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_new.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_new.3 new file mode 100644 index 00000000..7e25d761 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_new.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_NEW 3" +.TH EVP_PKEY_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free \- public key algorithm context functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +\& void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using +the algorithm specified in \fBpkey\fR and \s-1ENGINE\s0 \fBe\fR. +.PP +The \fBEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context +using the algorithm specified by \fBid\fR and \s-1ENGINE\s0 \fBe\fR. It is normally used +when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, for example +during parameter generation of key generation for some algorithms. +.PP +\&\fBEVP_PKEY_CTX_dup()\fR duplicates the context \fBctx\fR. +.PP +\&\fBEVP_PKEY_CTX_free()\fR frees up the context \fBctx\fR. +If \fBctx\fR is \s-1NULL,\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP_PKEY_CTX\s0\fR structure is an opaque public key algorithm context used +by the OpenSSL high level public key \s-1API.\s0 Contexts \fB\s-1MUST NOT\s0\fR be shared between +threads: that is it is not permissible to use the same context simultaneously +in two threads. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_CTX_new()\fR, \fBEVP_PKEY_CTX_new_id()\fR, \fBEVP_PKEY_CTX_dup()\fR returns either +the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure of \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBEVP_PKEY_CTX_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 new file mode 100644 index 00000000..fe5cd1c7 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET1_PBE_PASS 3" +.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set1_pbe_pass \&\- generic KDF support functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *pctx, unsigned char *pass, +\& int passlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are generic support functions for all \s-1KDF\s0 algorithms. +.PP +\&\fBEVP_PKEY_CTX_set1_pbe_pass()\fR sets the password to the \fBpasslen\fR first +bytes from \fBpass\fR. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +There is also support for string based control operations via +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). +The \fBpassword\fR can be directly specified using the \fBtype\fR parameter +\&\*(L"pass\*(R" or given in hex encoding using the \*(L"hexpass\*(R" parameter. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 new file mode 100644 index 00000000..6542c750 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 @@ -0,0 +1,288 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_HKDF_MD 3" +.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, EVP_PKEY_CTX_hkdf_mode \- HMAC\-based Extract\-and\-Expand key derivation algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode); +\& +\& int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); +\& +\& int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, +\& int saltlen); +\& +\& int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key, +\& int keylen); +\& +\& int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info, +\& int infolen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_PKEY_HKDF\s0 algorithm implements the \s-1HKDF\s0 key derivation function. +\&\s-1HKDF\s0 follows the \*(L"extract-then-expand\*(R" paradigm, where the \s-1KDF\s0 logically +consists of two modules. The first stage takes the input keying material +and \*(L"extracts\*(R" from it a fixed-length pseudorandom key K. The second stage +\&\*(L"expands\*(R" the key K into several additional pseudorandom keys (the output +of the \s-1KDF\s0). +.PP +\&\fBEVP_PKEY_CTX_hkdf_mode()\fR sets the mode for the \s-1HKDF\s0 operation. There are three +modes that are currently defined: +.IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND\s0" 4 +.IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND" +This is the default mode. Calling \fBEVP_PKEY_derive\fR\|(3) on an \s-1EVP_PKEY_CTX\s0 set +up for \s-1HKDF\s0 will perform an extract followed by an expand operation in one go. +The derived key returned will be the result after the expand operation. The +intermediate fixed-length pseudorandom key K is not returned. +.Sp +In this mode the digest, key, salt and info values must be set before a key is +derived or an error occurs. +.IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\s0" 4 +.IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY" +In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the extract +operation. The value returned will be the intermediate fixed-length pseudorandom +key K. +.Sp +The digest, key and salt values must be set before a key is derived or an +error occurs. +.IP "\s-1EVP_PKEY_HKDEF_MODE_EXPAND_ONLY\s0" 4 +.IX Item "EVP_PKEY_HKDEF_MODE_EXPAND_ONLY" +In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the expand +operation. The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation. +.Sp +The digest, key and info values must be set before a key is derived or an +error occurs. +.PP +\&\fBEVP_PKEY_CTX_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF.\s0 +.PP +\&\fBEVP_PKEY_CTX_set1_hkdf_salt()\fR sets the salt to \fBsaltlen\fR bytes of the +buffer \fBsalt\fR. Any existing value is replaced. +.PP +\&\fBEVP_PKEY_CTX_set1_hkdf_key()\fR sets the key to \fBkeylen\fR bytes of the buffer +\&\fBkey\fR. Any existing value is replaced. +.PP +\&\fBEVP_PKEY_CTX_add1_hkdf_info()\fR sets the info value to \fBinfolen\fR bytes of the +buffer \fBinfo\fR. If a value is already set, it is appended to the existing +value. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +\&\s-1HKDF\s0 also supports string based control operations via +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). +The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest +algorithm to use. +The \fBtype\fR parameter \*(L"mode\*(R" uses the values \*(L"\s-1EXTRACT_AND_EXPAND\*(R", +\&\*(L"EXTRACT_ONLY\*(R"\s0 and \*(L"\s-1EXPAND_ONLY\*(R"\s0 to determine the mode to use. +The \fBtype\fR parameters \*(L"salt\*(R", \*(L"key\*(R" and \*(L"info\*(R" use the supplied \fBvalue\fR +parameter as a \fBseed\fR, \fBkey\fR or \fBinfo\fR value. +The names \*(L"hexsalt\*(R", \*(L"hexkey\*(R" and \*(L"hexinfo\*(R" are similar except they take a hex +string which is converted to binary. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented as macros. +.PP +A context for \s-1HKDF\s0 can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); +.Ve +.PP +The total length of the info buffer cannot exceed 1024 bytes in length: this +should be more than enough for any normal use of \s-1HKDF.\s0 +.PP +The output length of an \s-1HKDF\s0 expand operation is specified via the length +parameter to the \fBEVP_PKEY_derive\fR\|(3) function. +Since the \s-1HKDF\s0 output length is variable, passing a \fB\s-1NULL\s0\fR buffer as a means +to obtain the requisite length is not meaningful with \s-1HKDF\s0 in any mode that +performs an expand operation. Instead, the caller must allocate a buffer of the +desired length, and pass that buffer to \fBEVP_PKEY_derive\fR\|(3) along with (a +pointer initialized to) the desired length. Passing a \fB\s-1NULL\s0\fR buffer to obtain +the length is allowed when using \s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY.\s0 +.PP +Optimised versions of \s-1HKDF\s0 can be implemented in an \s-1ENGINE.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R", +salt value \*(L"salt\*(R" and info value \*(L"label\*(R": +.PP +.Vb 4 +\& EVP_PKEY_CTX *pctx; +\& unsigned char out[10]; +\& size_t outlen = sizeof(out); +\& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); +\& +\& if (EVP_PKEY_derive_init(pctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) +\& /* Error */ +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 5869\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 new file mode 100644 index 00000000..19461385 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 @@ -0,0 +1,222 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3" +.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_rsa_pss_keygen_md, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen \&\- EVP_PKEY RSA\-PSS algorithm support functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx, +\& const EVP_MD *md); +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx, +\& const EVP_MD *md); +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx, +\& int saltlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These are the functions that implement \s-1\fBRSA\-PSS\s0\fR\|(7). +.SS "Signing and Verification" +.IX Subsection "Signing and Verification" +The macro \fBEVP_PKEY_CTX_set_rsa_padding()\fR is supported but an error is +returned if an attempt is made to set the padding mode to anything other +than \fB\s-1PSS\s0\fR. It is otherwise similar to the \fB\s-1RSA\s0\fR version. +.PP +The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro is used to set the salt length. +If the key has usage restrictions then an error is returned if an attempt is +made to set the salt length below the minimum value. It is otherwise similar +to the \fB\s-1RSA\s0\fR operation except detection of the salt length (using +\&\s-1RSA_PSS_SALTLEN_AUTO\s0) is not supported for verification if the key has +usage restrictions. +.PP +The \fBEVP_PKEY_CTX_set_signature_md()\fR and \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macros +are used to set the digest and \s-1MGF1\s0 algorithms respectively. If the key has +usage restrictions then an error is returned if an attempt is made to set the +digest to anything other than the restricted value. Otherwise these are +similar to the \fB\s-1RSA\s0\fR versions. +.SS "Key Generation" +.IX Subsection "Key Generation" +As with \s-1RSA\s0 key generation the \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR +and \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macros are supported for RSA-PSS: +they have exactly the same meaning as for the \s-1RSA\s0 algorithm. +.PP +Optional parameter restrictions can be specified when generating a \s-1PSS\s0 key. +If any restrictions are set (using the macros described below) then \fBall\fR +parameters are restricted. For example, setting a minimum salt length also +restricts the digest and \s-1MGF1\s0 algorithms. If any restrictions are in place +then they are reflected in the corresponding parameters of the public key +when (for example) a certificate request is signed. +.PP +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md()\fR restricts the digest algorithm the +generated key can use to \fBmd\fR. +.PP +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md()\fR restricts the \s-1MGF1\s0 algorithm the +generated key can use to \fBmd\fR. +.PP +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen()\fR restricts the minimum salt length +to \fBsaltlen\fR. +.SH "NOTES" +.IX Header "NOTES" +A context for the \fBRSA-PSS\fR algorithm can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBRSA\-PSS\s0\fR\|(7), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 new file mode 100644 index 00000000..60716e99 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_SCRYPT_N 3" +.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set1_scrypt_salt, EVP_PKEY_CTX_set_scrypt_N, EVP_PKEY_CTX_set_scrypt_r, EVP_PKEY_CTX_set_scrypt_p, EVP_PKEY_CTX_set_scrypt_maxmem_bytes \&\- EVP_PKEY scrypt KDF support functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, +\& int saltlen); +\& +\& int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *pctx, uint64_t N); +\& +\& int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *pctx, uint64_t r); +\& +\& int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *pctx, uint64_t p); +\& +\& int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx, +\& uint64_t maxmem); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to set up the necessary data to use the +scrypt \s-1KDF.\s0 +For more information on scrypt, see \fBscrypt\fR\|(7). +.PP +\&\fBEVP_PKEY_CTX_set1_scrypt_salt()\fR sets the \fBsaltlen\fR bytes long salt +value. +.PP +\&\fBEVP_PKEY_CTX_set_scrypt_N()\fR, \fBEVP_PKEY_CTX_set_scrypt_r()\fR and +\&\fBEVP_PKEY_CTX_set_scrypt_p()\fR configure the work factors N, r and p. +.PP +\&\fBEVP_PKEY_CTX_set_scrypt_maxmem_bytes()\fR sets how much \s-1RAM\s0 key +derivation may maximally use, given in bytes. +If \s-1RAM\s0 is exceeded because the load factors are chosen too high, the +key derivation will fail. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +scrypt also supports string based control operations via +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). +Similarly, the \fBsalt\fR can either be specified using the \fBtype\fR +parameter \*(L"salt\*(R" or in hex encoding by using the \*(L"hexsalt\*(R" parameter. +The work factors \fBN\fR, \fBr\fR and \fBp\fR as well as \fBmaxmem_bytes\fR can be +set by using the parameters \*(L"N\*(R", \*(L"r\*(R", \*(L"p\*(R" and \*(L"maxmem_bytes\*(R", +respectively. +.SH "NOTES" +.IX Header "NOTES" +The scrypt \s-1KDF\s0 also uses \fBEVP_PKEY_CTX_set1_pbe_pass()\fR as well as +the value from the string controls \*(L"pass\*(R" and \*(L"hexpass\*(R". +See \fBEVP_PKEY_CTX_set1_pbe_pass\fR\|(3). +.PP +All the functions described here are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for +failure. +In particular a return value of \-2 indicates the operation is not +supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBscrypt\fR\|(7), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 new file mode 100644 index 00000000..fab8f310 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_TLS1_PRF_MD 3" +.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_tls1_prf_md, EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed \- TLS PRF key derivation algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx, +\& unsigned char *sec, int seclen); +\& int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, +\& unsigned char *seed, int seedlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1EVP_PKEY_TLS1_PRF\s0\fR algorithm implements the \s-1PRF\s0 key derivation function for +\&\s-1TLS.\s0 It has no associated private key and only implements key derivation +using \fBEVP_PKEY_derive\fR\|(3). +.PP +\&\fBEVP_PKEY_set_tls1_prf_md()\fR sets the message digest associated with the +\&\s-1TLS PRF.\s0 \fBEVP_md5_sha1()\fR is treated as a special case which uses the \s-1PRF\s0 +algorithm using both \fB\s-1MD5\s0\fR and \fB\s-1SHA1\s0\fR as used in \s-1TLS 1.0\s0 and 1.1. +.PP +\&\fBEVP_PKEY_CTX_set_tls1_prf_secret()\fR sets the secret value of the \s-1TLS PRF\s0 +to \fBseclen\fR bytes of the buffer \fBsec\fR. Any existing secret value is replaced +and any seed is reset. +.PP +\&\fBEVP_PKEY_CTX_add1_tls1_prf_seed()\fR sets the seed to \fBseedlen\fR bytes of \fBseed\fR. +If a seed is already set it is appended to the existing value. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +The \s-1TLS PRF\s0 also supports string based control operations using +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). +The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest +algorithm to use. +The \fBtype\fR parameters \*(L"secret\*(R" and \*(L"seed\*(R" use the supplied \fBvalue\fR parameter +as a secret or seed value. +The names \*(L"hexsecret\*(R" and \*(L"hexseed\*(R" are similar except they take a hex string +which is converted to binary. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented as macros. +.PP +A context for the \s-1TLS PRF\s0 can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); +.Ve +.PP +The digest, secret value and seed must be set before a key is derived or an +error occurs. +.PP +The total length of all seeds cannot exceed 1024 bytes in length: this should +be more than enough for any normal use of the \s-1TLS PRF.\s0 +.PP +The output length of the \s-1PRF\s0 is specified by the length parameter in the +\&\fBEVP_PKEY_derive()\fR function. Since the output length is variable, setting +the buffer to \fB\s-1NULL\s0\fR is not meaningful for the \s-1TLS PRF.\s0 +.PP +Optimised versions of the \s-1TLS PRF\s0 can be implemented in an \s-1ENGINE.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R" +and seed value \*(L"seed\*(R": +.PP +.Vb 3 +\& EVP_PKEY_CTX *pctx; +\& unsigned char out[10]; +\& size_t outlen = sizeof(out); +\& +\& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); +\& if (EVP_PKEY_derive_init(pctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) +\& /* Error */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_asn1_get_count.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_asn1_get_count.3 new file mode 100644 index 00000000..d10444c4 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_asn1_get_count.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ASN1_GET_COUNT 3" +.TH EVP_PKEY_ASN1_GET_COUNT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_asn1_find, EVP_PKEY_asn1_find_str, EVP_PKEY_asn1_get_count, EVP_PKEY_asn1_get0, EVP_PKEY_asn1_get0_info \&\- enumerate public key ASN.1 methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_asn1_get_count(void); +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, +\& const char *str, int len); +\& int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, +\& int *ppkey_flags, const char **pinfo, +\& const char **ppem_str, +\& const EVP_PKEY_ASN1_METHOD *ameth); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_asn1_count()\fR returns a count of the number of public key +\&\s-1ASN.1\s0 methods available: it includes standard methods and any methods +added by the application. +.PP +\&\fBEVP_PKEY_asn1_get0()\fR returns the public key \s-1ASN.1\s0 method \fBidx\fR. +The value of \fBidx\fR must be between zero and \fBEVP_PKEY_asn1_get_count()\fR +\&\- 1. +.PP +\&\fBEVP_PKEY_asn1_find()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 +\&\fBtype\fR. +If \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will look up an engine implementing a +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 \fBtype\fR and return that instead, +and also set \fB*pe\fR to point at the engine that implements it. +.PP +\&\fBEVP_PKEY_asn1_find_str()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1PEM\s0 +type string \fBstr\fR. +Just like \fBEVP_PKEY_asn1_find()\fR, if \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will +look up an engine implementing a \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 +\&\fBtype\fR and return that instead, and also set \fB*pe\fR to point at the +engine that implements it. +.PP +\&\fBEVP_PKEY_asn1_get0_info()\fR returns the public key \s-1ID,\s0 base public key +\&\s-1ID\s0 (both NIDs), any flags, the method description and \s-1PEM\s0 type string +associated with the public key \s-1ASN.1\s0 method \fB*ameth\fR. +.PP +\&\fBEVP_PKEY_asn1_count()\fR, \fBEVP_PKEY_asn1_get0()\fR, \fBEVP_PKEY_asn1_find()\fR and +\&\fBEVP_PKEY_asn1_find_str()\fR are not thread safe, but as long as all +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are added before the application gets +threaded, using them is safe. See \fBEVP_PKEY_asn1_add0\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_asn1_count()\fR returns the number of available public key methods. +.PP +\&\fBEVP_PKEY_asn1_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is +out of range. +.PP +\&\fBEVP_PKEY_asn1_get0_info()\fR returns 0 on failure, 1 on success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_asn1_new\fR\|(3), \fBEVP_PKEY_asn1_add0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_cmp.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_cmp.3 new file mode 100644 index 00000000..05a5601c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_cmp.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CMP 3" +.TH EVP_PKEY_CMP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp \- public key parameter and comparison functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +\& int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +\& +\& int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); +\& int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key +parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm +doesn't use parameters. +.PP +The function \fBEVP_PKEY_copy_parameters()\fR copies the parameters from key +\&\fBfrom\fR to key \fBto\fR. An error is returned if the parameters are missing in +\&\fBfrom\fR or present in both \fBfrom\fR and \fBto\fR and mismatch. If the parameters +in \fBfrom\fR and \fBto\fR are both present and match this function has no effect. +.PP +The function \fBEVP_PKEY_cmp_parameters()\fR compares the parameters of keys +\&\fBa\fR and \fBb\fR. +.PP +The function \fBEVP_PKEY_cmp()\fR compares the public key components and parameters +(if present) of keys \fBa\fR and \fBb\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of the functions \fBEVP_PKEY_missing_parameters()\fR and +\&\fBEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the +parameters are sometimes omitted from a public key if they are inherited from +the \s-1CA\s0 that signed it. +.PP +Since OpenSSL private keys contain public key components too the function +\&\fBEVP_PKEY_cmp()\fR can also be used to determine if a private key matches +a public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key +parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm +doesn't use parameters. +.PP +These functions \fBEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for +failure. +.PP +The function \fBEVP_PKEY_cmp_parameters()\fR and \fBEVP_PKEY_cmp()\fR return 1 if the +keys match, 0 if they don't match, \-1 if the key types are different and +\&\-2 if the operation is not supported. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_decrypt.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_decrypt.3 new file mode 100644 index 00000000..4c0e322e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_decrypt.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_DECRYPT 3" +.TH EVP_PKEY_DECRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_decrypt_init, EVP_PKEY_decrypt \- decrypt using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, +\& unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a decryption operation. +.PP +The \fBEVP_PKEY_decrypt()\fR function performs a public key decryption operation +using \fBctx\fR. The data to be decrypted is specified using the \fBin\fR and +\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBoutlen\fR parameter should contain the length of the +\&\fBout\fR buffer, if the call is successful the decrypted data is written to +\&\fBout\fR and the amount of data written to \fBoutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_decrypt_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fBEVP_PKEY_decrypt()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_decrypt_init()\fR and \fBEVP_PKEY_decrypt()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys): +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& unsigned char *out, *in; +\& size_t outlen, inlen; +\& EVP_PKEY *key; +\& +\& /* +\& * NB: assumes key, eng, in, inlen are already set up +\& * and that key is an RSA private key +\& */ +\& ctx = EVP_PKEY_CTX_new(key, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_decrypt_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& out = OPENSSL_malloc(outlen); +\& +\& if (!out) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& /* Decrypted data is outlen bytes written to buffer out */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_derive.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_derive.3 new file mode 100644 index 00000000..334b4f5f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_derive.3 @@ -0,0 +1,234 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_DERIVE 3" +.TH EVP_PKEY_DERIVE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive \- derive public key algorithm shared secret +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +\& int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_derive_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for shared secret derivation. +.PP +The \fBEVP_PKEY_derive_set_peer()\fR function sets the peer key: this will normally +be a public key. +.PP +The \fBEVP_PKEY_derive()\fR derives a shared secret using \fBctx\fR. +If \fBkey\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to +the \fBkeylen\fR parameter. If \fBkey\fR is not \fB\s-1NULL\s0\fR then before the call the +\&\fBkeylen\fR parameter should contain the length of the \fBkey\fR buffer, if the call +is successful the shared secret is written to \fBkey\fR and the amount of data +written to \fBkeylen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_derive_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fBEVP_PKEY_derive()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_derive_init()\fR and \fBEVP_PKEY_derive()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys): +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& unsigned char *skey; +\& size_t skeylen; +\& EVP_PKEY *pkey, *peerkey; +\& /* NB: assumes pkey, eng, peerkey have been already set up */ +\& +\& ctx = EVP_PKEY_CTX_new(pkey, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_derive_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) +\& /* Error */ +\& +\& skey = OPENSSL_malloc(skeylen); +\& +\& if (!skey) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) +\& /* Error */ +\& +\& /* Shared secret is skey bytes written to buffer skey */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_encrypt.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_encrypt.3 new file mode 100644 index 00000000..3989dd05 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_encrypt.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ENCRYPT 3" +.TH EVP_PKEY_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, +\& unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for an encryption operation. +.PP +The \fBEVP_PKEY_encrypt()\fR function performs a public key encryption operation +using \fBctx\fR. The data to be encrypted is specified using the \fBin\fR and +\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBoutlen\fR parameter should contain the length of the +\&\fBout\fR buffer, if the call is successful the encrypted data is written to +\&\fBout\fR and the amount of data written to \fBoutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_encrypt_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fBEVP_PKEY_encrypt()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_encrypt_init()\fR and \fBEVP_PKEY_encrypt()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fBPEM_read_PUBKEY\fR\|(3) or +\&\fBd2i_X509\fR\|(3) for means to load a public key. You may also simply +set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementation: +.PP +.Vb 3 +\& #include +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& unsigned char *out, *in; +\& size_t outlen, inlen; +\& EVP_PKEY *key; +\& +\& /* +\& * NB: assumes eng, key, in, inlen are already set up, +\& * and that key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(key, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_encrypt_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& out = OPENSSL_malloc(outlen); +\& +\& if (!out) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& /* Encrypted data is outlen bytes written to buffer out */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBENGINE_by_id\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_get_default_digest_nid.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_get_default_digest_nid.3 new file mode 100644 index 00000000..192fdfc4 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_get_default_digest_nid.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_GET_DEFAULT_DIGEST_NID 3" +.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_get_default_digest_nid \- get default signature digest +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_get_default_digest_nid()\fR function sets \fBpnid\fR to the default +message digest \s-1NID\s0 for the public key signature operations associated with key +\&\fBpkey\fR. Note that some signature algorithms (i.e. Ed25519 and Ed448) do not use +a digest during signing. In this case \fBpnid\fR will be set to NID_undef. +.SH "NOTES" +.IX Header "NOTES" +For all current standard OpenSSL public key algorithms \s-1SHA1\s0 is returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBEVP_PKEY_get_default_digest_nid()\fR function returns 1 if the message digest +is advisory (that is other digests can be used) and 2 if it is mandatory (other +digests can not be used). It returns 0 or a negative value for failure. In +particular a return value of \-2 indicates the operation is not supported by the +public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +This function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_keygen.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_keygen.3 new file mode 100644 index 00000000..bfc30e78 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_keygen.3 @@ -0,0 +1,335 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_KEYGEN 3" +.TH EVP_PKEY_KEYGEN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data, EVP_PKEY_gen_cb, EVP_PKEY_check, EVP_PKEY_public_check, EVP_PKEY_param_check \&\- key and parameter generation and check functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +\& int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +\& +\& typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); +\& +\& void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +\& EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); +\& +\& int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); +\& +\& void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +\& void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); +\& +\& int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_keygen_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a key generation operation. +.PP +The \fBEVP_PKEY_keygen()\fR function performs a key generation operation, the +generated key is written to \fBppkey\fR. +.PP +The functions \fBEVP_PKEY_paramgen_init()\fR and \fBEVP_PKEY_paramgen()\fR are similar +except parameters are generated. +.PP +The function \fBEVP_PKEY_set_cb()\fR sets the key or parameter generation callback +to \fBcb\fR. The function \fBEVP_PKEY_CTX_get_cb()\fR returns the key or parameter +generation callback. +.PP +The function \fBEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated +with the generation operation. If \fBidx\fR is \-1 the total number of +parameters available is returned. Any non negative value returns the value of +that parameter. \fBEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for +\&\fBidx\fR should only be called within the generation callback. +.PP +If the callback returns 0 then the key generation operation is aborted and an +error occurs. This might occur during a time consuming operation where +a user clicks on a \*(L"cancel\*(R" button. +.PP +The functions \fBEVP_PKEY_CTX_set_app_data()\fR and \fBEVP_PKEY_CTX_get_app_data()\fR set +and retrieve an opaque pointer. This can be used to set some application +defined value which can be retrieved in the callback: for example a handle +which is used to update a \*(L"progress dialog\*(R". +.PP +\&\fBEVP_PKEY_check()\fR validates the key-pair given by \fBctx\fR. This function first tries +to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR if it's present; otherwise +it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. +.PP +\&\fBEVP_PKEY_public_check()\fR validates the public component of the key-pair given by \fBctx\fR. +This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR +if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. +.PP +\&\fBEVP_PKEY_param_check()\fR validates the algorithm parameters of the key-pair given by \fBctx\fR. +This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR +if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_keygen_init()\fR or \fBEVP_PKEY_paramgen_init()\fR algorithm +specific control operations can be performed to set any appropriate parameters +for the operation. +.PP +The functions \fBEVP_PKEY_keygen()\fR and \fBEVP_PKEY_paramgen()\fR can be called more than +once on the same context if several operations are performed using the same +parameters. +.PP +The meaning of the parameters passed to the callback will depend on the +algorithm and the specific implementation of the algorithm. Some might not +give any useful information at all during key or parameter generation. Others +might not even call the callback. +.PP +The operation performed by key or parameter generation depends on the algorithm +used. In some cases (e.g. \s-1EC\s0 with a supplied named curve) the \*(L"generation\*(R" +option merely sets the appropriate fields in an \s-1EVP_PKEY\s0 structure. +.PP +In OpenSSL an \s-1EVP_PKEY\s0 structure containing a private key also contains the +public key components and parameters (if any). An OpenSSL private key is +equivalent to what some libraries call a \*(L"key pair\*(R". A private key can be used +in functions which require the use of a public key or parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_keygen_init()\fR, \fBEVP_PKEY_paramgen_init()\fR, \fBEVP_PKEY_keygen()\fR and +\&\fBEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.PP +\&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR return 1 +for success or others for failure. They return \-2 if the operation is not supported +for the specific algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate a 2048 bit \s-1RSA\s0 key: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& EVP_PKEY *pkey = NULL; +\& +\& ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_keygen_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) +\& /* Error */ +\& +\& /* Generate key */ +\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) +\& /* Error */ +.Ve +.PP +Generate a key from a set of parameters: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& EVP_PKEY *pkey = NULL, *param; +\& +\& /* Assumed param, eng are set up already */ +\& ctx = EVP_PKEY_CTX_new(param, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_keygen_init(ctx) <= 0) +\& /* Error */ +\& +\& /* Generate key */ +\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) +\& /* Error */ +.Ve +.PP +Example of generation callback for OpenSSL public key implementations: +.PP +.Vb 1 +\& /* Application data is a BIO to output status to */ +\& +\& EVP_PKEY_CTX_set_app_data(ctx, status_bio); +\& +\& static int genpkey_cb(EVP_PKEY_CTX *ctx) +\& { +\& char c = \*(Aq*\*(Aq; +\& BIO *b = EVP_PKEY_CTX_get_app_data(ctx); +\& int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); +\& +\& if (p == 0) +\& c = \*(Aq.\*(Aq; +\& if (p == 1) +\& c = \*(Aq+\*(Aq; +\& if (p == 2) +\& c = \*(Aq*\*(Aq; +\& if (p == 3) +\& c = \*(Aq\en\*(Aq; +\& BIO_write(b, &c, 1); +\& (void)BIO_flush(b); +\& return 1; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.PP +\&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR were added +in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_meth_get_count.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_meth_get_count.3 new file mode 100644 index 00000000..d814b2e6 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_meth_get_count.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_METH_GET_COUNT 3" +.TH EVP_PKEY_METH_GET_COUNT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info \- enumerate public key methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& size_t EVP_PKEY_meth_get_count(void); +\& const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); +\& void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, +\& const EVP_PKEY_METHOD *meth); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_meth_count()\fR returns a count of the number of public key methods +available: it includes standard methods and any methods added by the +application. +.PP +\&\fBEVP_PKEY_meth_get0()\fR returns the public key method \fBidx\fR. The value of \fBidx\fR +must be between zero and \fBEVP_PKEY_meth_get_count()\fR \- 1. +.PP +\&\fBEVP_PKEY_meth_get0_info()\fR returns the public key \s-1ID\s0 (a \s-1NID\s0) and any flags +associated with the public key method \fB*meth\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_meth_count()\fR returns the number of available public key methods. +.PP +\&\fBEVP_PKEY_meth_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is +out of range. +.PP +\&\fBEVP_PKEY_meth_get0_info()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_meth_new.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_meth_new.3 new file mode 100644 index 00000000..fd9daff1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_meth_new.3 @@ -0,0 +1,594 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_METH_NEW 3" +.TH EVP_PKEY_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, EVP_PKEY_meth_add0, EVP_PKEY_METHOD, EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, EVP_PKEY_meth_set_digestsign, EVP_PKEY_meth_set_digestverify, EVP_PKEY_meth_set_check, EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, EVP_PKEY_meth_set_digest_custom, EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, EVP_PKEY_meth_get_digestsign, EVP_PKEY_meth_get_digestverify, EVP_PKEY_meth_get_check, EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, EVP_PKEY_meth_get_digest_custom, EVP_PKEY_meth_remove \&\- manipulating EVP_PKEY_METHOD structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +\& +\& EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); +\& void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +\& void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +\& const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +\& int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); +\& int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); +\& +\& void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, +\& int (*init) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, +\& int (*copy) (EVP_PKEY_CTX *dst, +\& EVP_PKEY_CTX *src)); +\& void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, +\& void (*cleanup) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, +\& int (*paramgen_init) (EVP_PKEY_CTX *ctx), +\& int (*paramgen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, +\& int (*keygen_init) (EVP_PKEY_CTX *ctx), +\& int (*keygen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, +\& int (*sign_init) (EVP_PKEY_CTX *ctx), +\& int (*sign) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, +\& int (*verify_init) (EVP_PKEY_CTX *ctx), +\& int (*verify) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, +\& int (*verify_recover_init) (EVP_PKEY_CTX +\& *ctx), +\& int (*verify_recover) (EVP_PKEY_CTX +\& *ctx, +\& unsigned char +\& *sig, +\& size_t *siglen, +\& const unsigned +\& char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, +\& int (*signctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (*signctx) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, +\& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (*verifyctx) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& int siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, +\& int (*encrypt_init) (EVP_PKEY_CTX *ctx), +\& int (*encryptfn) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, +\& int (*decrypt_init) (EVP_PKEY_CTX *ctx), +\& int (*decrypt) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, +\& int (*derive_init) (EVP_PKEY_CTX *ctx), +\& int (*derive) (EVP_PKEY_CTX *ctx, +\& unsigned char *key, +\& size_t *keylen)); +\& void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, +\& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, +\& void *p2), +\& int (*ctrl_str) (EVP_PKEY_CTX *ctx, +\& const char *type, +\& const char *value)); +\& void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, +\& int (*digestsign) (EVP_MD_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, +\& int (*digestverify) (EVP_MD_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, +\& int (*check) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, +\& int (*check) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, +\& int (*check) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, +\& int (*digest_custom) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx)); +\& +\& void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, +\& int (**pinit) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, +\& int (**pcopy) (EVP_PKEY_CTX *dst, +\& EVP_PKEY_CTX *src)); +\& void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, +\& void (**pcleanup) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, +\& int (**pparamgen_init) (EVP_PKEY_CTX *ctx), +\& int (**pparamgen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, +\& int (**pkeygen_init) (EVP_PKEY_CTX *ctx), +\& int (**pkeygen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, +\& int (**psign_init) (EVP_PKEY_CTX *ctx), +\& int (**psign) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, +\& int (**pverify_init) (EVP_PKEY_CTX *ctx), +\& int (**pverify) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, +\& int (**pverify_recover_init) (EVP_PKEY_CTX +\& *ctx), +\& int (**pverify_recover) (EVP_PKEY_CTX +\& *ctx, +\& unsigned char +\& *sig, +\& size_t *siglen, +\& const unsigned +\& char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, +\& int (**psignctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (**psignctx) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, +\& int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (**pverifyctx) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& int siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, +\& int (**pencrypt_init) (EVP_PKEY_CTX *ctx), +\& int (**pencryptfn) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, +\& int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), +\& int (**pdecrypt) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, +\& int (**pderive_init) (EVP_PKEY_CTX *ctx), +\& int (**pderive) (EVP_PKEY_CTX *ctx, +\& unsigned char *key, +\& size_t *keylen)); +\& void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, +\& int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, +\& void *p2), +\& int (**pctrl_str) (EVP_PKEY_CTX *ctx, +\& const char *type, +\& const char *value)); +\& void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, +\& int (**digestsign) (EVP_MD_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, +\& int (**digestverify) (EVP_MD_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, +\& int (**pcheck) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, +\& int (**pcheck) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, +\& int (**pcheck) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, +\& int (**pdigest_custom) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1EVP_PKEY_METHOD\s0\fR is a structure which holds a set of methods for a +specific public key cryptographic algorithm. Those methods are usually +used to perform different jobs, such as generating a key, signing or +verifying, encrypting or decrypting, etc. +.PP +There are two places where the \fB\s-1EVP_PKEY_METHOD\s0\fR objects are stored: one +is a built-in static array representing the standard methods for different +algorithms, and the other one is a stack of user-defined application-specific +methods, which can be manipulated by using \fBEVP_PKEY_meth_add0\fR\|(3). +.PP +The \fB\s-1EVP_PKEY_METHOD\s0\fR objects are usually referenced by \fB\s-1EVP_PKEY_CTX\s0\fR +objects. +.SS "Methods" +.IX Subsection "Methods" +The methods are the underlying implementations of a particular public key +algorithm present by the \fB\s-1EVP_PKEY_CTX\s0\fR object. +.PP +.Vb 3 +\& int (*init) (EVP_PKEY_CTX *ctx); +\& int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); +\& void (*cleanup) (EVP_PKEY_CTX *ctx); +.Ve +.PP +The \fBinit()\fR method is called to initialize algorithm-specific data when a new +\&\fB\s-1EVP_PKEY_CTX\s0\fR is created. As opposed to \fBinit()\fR, the \fBcleanup()\fR method is called +when an \fB\s-1EVP_PKEY_CTX\s0\fR is freed. The \fBcopy()\fR method is called when an \fB\s-1EVP_PKEY_CTX\s0\fR +is being duplicated. Refer to \fBEVP_PKEY_CTX_new\fR\|(3), \fBEVP_PKEY_CTX_new_id\fR\|(3), +\&\fBEVP_PKEY_CTX_free\fR\|(3) and \fBEVP_PKEY_CTX_dup\fR\|(3). +.PP +.Vb 2 +\& int (*paramgen_init) (EVP_PKEY_CTX *ctx); +\& int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); +.Ve +.PP +The \fBparamgen_init()\fR and \fBparamgen()\fR methods deal with key parameter generation. +They are called by \fBEVP_PKEY_paramgen_init\fR\|(3) and \fBEVP_PKEY_paramgen\fR\|(3) to +handle the parameter generation process. +.PP +.Vb 2 +\& int (*keygen_init) (EVP_PKEY_CTX *ctx); +\& int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); +.Ve +.PP +The \fBkeygen_init()\fR and \fBkeygen()\fR methods are used to generate the actual key for +the specified algorithm. They are called by \fBEVP_PKEY_keygen_init\fR\|(3) and +\&\fBEVP_PKEY_keygen\fR\|(3). +.PP +.Vb 3 +\& int (*sign_init) (EVP_PKEY_CTX *ctx); +\& int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.PP +The \fBsign_init()\fR and \fBsign()\fR methods are used to generate the signature of a +piece of data using a private key. They are called by \fBEVP_PKEY_sign_init\fR\|(3) +and \fBEVP_PKEY_sign\fR\|(3). +.PP +.Vb 4 +\& int (*verify_init) (EVP_PKEY_CTX *ctx); +\& int (*verify) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, size_t siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.PP +The \fBverify_init()\fR and \fBverify()\fR methods are used to verify whether a signature is +valid. They are called by \fBEVP_PKEY_verify_init\fR\|(3) and \fBEVP_PKEY_verify\fR\|(3). +.PP +.Vb 4 +\& int (*verify_recover_init) (EVP_PKEY_CTX *ctx); +\& int (*verify_recover) (EVP_PKEY_CTX *ctx, +\& unsigned char *rout, size_t *routlen, +\& const unsigned char *sig, size_t siglen); +.Ve +.PP +The \fBverify_recover_init()\fR and \fBverify_recover()\fR methods are used to verify a +signature and then recover the digest from the signature (for instance, a +signature that was generated by \s-1RSA\s0 signing algorithm). They are called by +\&\fBEVP_PKEY_verify_recover_init\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). +.PP +.Vb 3 +\& int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +\& int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, +\& EVP_MD_CTX *mctx); +.Ve +.PP +The \fBsignctx_init()\fR and \fBsignctx()\fR methods are used to sign a digest present by +a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the EVP_DigestSign functions. See +\&\fBEVP_DigestSignInit\fR\|(3) for details. +.PP +.Vb 3 +\& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +\& int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, +\& EVP_MD_CTX *mctx); +.Ve +.PP +The \fBverifyctx_init()\fR and \fBverifyctx()\fR methods are used to verify a signature +against the data in a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the various +EVP_DigestVerify functions. See \fBEVP_DigestVerifyInit\fR\|(3) for details. +.PP +.Vb 3 +\& int (*encrypt_init) (EVP_PKEY_CTX *ctx); +\& int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.PP +The \fBencrypt_init()\fR and \fBencrypt()\fR methods are used to encrypt a piece of data. +They are called by \fBEVP_PKEY_encrypt_init\fR\|(3) and \fBEVP_PKEY_encrypt\fR\|(3). +.PP +.Vb 3 +\& int (*decrypt_init) (EVP_PKEY_CTX *ctx); +\& int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.PP +The \fBdecrypt_init()\fR and \fBdecrypt()\fR methods are used to decrypt a piece of data. +They are called by \fBEVP_PKEY_decrypt_init\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3). +.PP +.Vb 2 +\& int (*derive_init) (EVP_PKEY_CTX *ctx); +\& int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); +.Ve +.PP +The \fBderive_init()\fR and \fBderive()\fR methods are used to derive the shared secret +from a public key algorithm (for instance, the \s-1DH\s0 algorithm). They are called by +\&\fBEVP_PKEY_derive_init\fR\|(3) and \fBEVP_PKEY_derive\fR\|(3). +.PP +.Vb 2 +\& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); +\& int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); +.Ve +.PP +The \fBctrl()\fR and \fBctrl_str()\fR methods are used to adjust algorithm-specific +settings. See \fBEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for details. +.PP +.Vb 5 +\& int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); +\& int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, +\& size_t siglen, const unsigned char *tbs, +\& size_t tbslen); +.Ve +.PP +The \fBdigestsign()\fR and \fBdigestverify()\fR methods are used to generate or verify +a signature in a one-shot mode. They could be called by \fBEVP_DigestSign\fR\|(3) +and \fBEVP_DigestVerify\fR\|(3). +.PP +.Vb 3 +\& int (*check) (EVP_PKEY *pkey); +\& int (*public_check) (EVP_PKEY *pkey); +\& int (*param_check) (EVP_PKEY *pkey); +.Ve +.PP +The \fBcheck()\fR, \fBpublic_check()\fR and \fBparam_check()\fR methods are used to validate a +key-pair, the public component and parameters respectively for a given \fBpkey\fR. +They could be called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and +\&\fBEVP_PKEY_param_check\fR\|(3) respectively. +.PP +.Vb 1 +\& int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +.Ve +.PP +The \fBdigest_custom()\fR method is used to generate customized digest content before +the real message is passed to functions like \fBEVP_DigestSignUpdate\fR\|(3) or +\&\fBEVP_DigestVerifyInit\fR\|(3). This is usually required by some public key +signature algorithms like \s-1SM2\s0 which requires a hashed prefix to the message to +be signed. The \fBdigest_custom()\fR function will be called by \fBEVP_DigestSignInit\fR\|(3) +and \fBEVP_DigestVerifyInit\fR\|(3). +.SS "Functions" +.IX Subsection "Functions" +\&\fBEVP_PKEY_meth_new()\fR creates and returns a new \fB\s-1EVP_PKEY_METHOD\s0\fR object, +and associates the given \fBid\fR and \fBflags\fR. The following flags are +supported: +.PP +.Vb 2 +\& EVP_PKEY_FLAG_AUTOARGLEN +\& EVP_PKEY_FLAG_SIGCTX_CUSTOM +.Ve +.PP +If an \fB\s-1EVP_PKEY_METHOD\s0\fR is set with the \fB\s-1EVP_PKEY_FLAG_AUTOARGLEN\s0\fR flag, the +maximum size of the output buffer will be automatically calculated or checked +in corresponding \s-1EVP\s0 methods by the \s-1EVP\s0 framework. Thus the implementations of +these methods don't need to care about handling the case of returning output +buffer size by themselves. For details on the output buffer size, refer to +\&\fBEVP_PKEY_sign\fR\|(3). +.PP +The \fB\s-1EVP_PKEY_FLAG_SIGCTX_CUSTOM\s0\fR is used to indicate the \fBsignctx()\fR method +of an \fB\s-1EVP_PKEY_METHOD\s0\fR is always called by the \s-1EVP\s0 framework while doing a +digest signing operation by calling \fBEVP_DigestSignFinal\fR\|(3). +.PP +\&\fBEVP_PKEY_meth_free()\fR frees an existing \fB\s-1EVP_PKEY_METHOD\s0\fR pointed by +\&\fBpmeth\fR. +.PP +\&\fBEVP_PKEY_meth_copy()\fR copies an \fB\s-1EVP_PKEY_METHOD\s0\fR object from \fBsrc\fR +to \fBdst\fR. +.PP +\&\fBEVP_PKEY_meth_find()\fR finds an \fB\s-1EVP_PKEY_METHOD\s0\fR object with the \fBid\fR. +This function first searches through the user-defined method objects and +then the built-in objects. +.PP +\&\fBEVP_PKEY_meth_add0()\fR adds \fBpmeth\fR to the user defined stack of methods. +.PP +\&\fBEVP_PKEY_meth_remove()\fR removes an \fB\s-1EVP_PKEY_METHOD\s0\fR object added by +\&\fBEVP_PKEY_meth_add0()\fR. +.PP +The EVP_PKEY_meth_set functions set the corresponding fields of +\&\fB\s-1EVP_PKEY_METHOD\s0\fR structure with the arguments passed. +.PP +The EVP_PKEY_meth_get functions get the corresponding fields of +\&\fB\s-1EVP_PKEY_METHOD\s0\fR structure to the arguments provided. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_meth_new()\fR returns a pointer to a new \fB\s-1EVP_PKEY_METHOD\s0\fR +object or returns \s-1NULL\s0 on error. +.PP +\&\fBEVP_PKEY_meth_free()\fR and \fBEVP_PKEY_meth_copy()\fR do not return values. +.PP +\&\fBEVP_PKEY_meth_find()\fR returns a pointer to the found \fB\s-1EVP_PKEY_METHOD\s0\fR +object or returns \s-1NULL\s0 if not found. +.PP +\&\fBEVP_PKEY_meth_add0()\fR returns 1 if method is added successfully or 0 +if an error occurred. +.PP +\&\fBEVP_PKEY_meth_remove()\fR returns 1 if method is removed successfully or +0 if an error occurred. +.PP +All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return +values. For the 'get' functions, function pointers are returned by +arguments. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_new.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_new.3 new file mode 100644 index 00000000..3f76152f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_new.3 @@ -0,0 +1,260 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_NEW 3" +.TH EVP_PKEY_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free, EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key, EVP_PKEY_new_CMAC_key, EVP_PKEY_new_mac_key, EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key \&\- public/private key allocation and raw key handling functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *EVP_PKEY_new(void); +\& int EVP_PKEY_up_ref(EVP_PKEY *key); +\& void EVP_PKEY_free(EVP_PKEY *key); +\& +\& EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, +\& const unsigned char *key, size_t keylen); +\& EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, +\& const unsigned char *key, size_t keylen); +\& EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, +\& size_t len, const EVP_CIPHER *cipher); +\& EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, +\& int keylen); +\& +\& int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, +\& size_t *len); +\& int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, +\& size_t *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR structure which is +used by OpenSSL to store public and private keys. The reference count is set to +\&\fB1\fR. +.PP +\&\fBEVP_PKEY_up_ref()\fR increments the reference count of \fBkey\fR. +.PP +\&\fBEVP_PKEY_free()\fR decrements the reference count of \fBkey\fR and, if the reference +count is zero, frees it up. If \fBkey\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBEVP_PKEY_new_raw_private_key()\fR allocates a new \fB\s-1EVP_PKEY\s0\fR. If \fBe\fR is non-NULL +then the new \fB\s-1EVP_PKEY\s0\fR structure is associated with the engine \fBe\fR. The +\&\fBtype\fR argument indicates what kind of key this is. The value should be a \s-1NID\s0 +for a public key algorithm that supports raw private keys, i.e. one of +\&\fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR, +\&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. \fBkey\fR points to the +raw private key data for this \fB\s-1EVP_PKEY\s0\fR which should be of length \fBkeylen\fR. +The length should be appropriate for the type of the key. The public key data +will be automatically derived from the given private key data (if appropriate +for the algorithm type). +.PP +\&\fBEVP_PKEY_new_raw_public_key()\fR works in the same way as +\&\fBEVP_PKEY_new_raw_private_key()\fR except that \fBkey\fR points to the raw public key +data. The \fB\s-1EVP_PKEY\s0\fR structure will be initialised without any private key +information. Algorithm types that support raw public keys are +\&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +.PP +\&\fBEVP_PKEY_new_CMAC_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR +except it is only for the \fB\s-1EVP_PKEY_CMAC\s0\fR algorithm type. In addition to the +raw private key data, it also takes a cipher algorithm to be used during +creation of a \s-1CMAC\s0 in the \fBcipher\fR argument. +.PP +\&\fBEVP_PKEY_new_mac_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR. +New applications should use \fBEVP_PKEY_new_raw_private_key()\fR instead. +.PP +\&\fBEVP_PKEY_get_raw_private_key()\fR fills the buffer provided by \fBpriv\fR with raw +private key data. The size of the \fBpriv\fR buffer should be in \fB*len\fR on entry +to the function, and on exit \fB*len\fR is updated with the number of bytes +actually written. If the buffer \fBpriv\fR is \s-1NULL\s0 then \fB*len\fR is populated with +the number of bytes required to hold the key. The calling application is +responsible for ensuring that the buffer is large enough to receive the private +key data. This function only works for algorithms that support raw private keys. +Currently this is: \fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, +\&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +.PP +\&\fBEVP_PKEY_get_raw_public_key()\fR fills the buffer provided by \fBpub\fR with raw +public key data. The size of the \fBpub\fR buffer should be in \fB*len\fR on entry +to the function, and on exit \fB*len\fR is updated with the number of bytes +actually written. If the buffer \fBpub\fR is \s-1NULL\s0 then \fB*len\fR is populated with +the number of bytes required to hold the key. The calling application is +responsible for ensuring that the buffer is large enough to receive the public +key data. This function only works for algorithms that support raw public keys. +Currently this is: \fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or +\&\fB\s-1EVP_PKEY_ED448\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions which require a +general private key without reference to any particular algorithm. +.PP +The structure returned by \fBEVP_PKEY_new()\fR is empty. To add a private or public +key to this empty structure use the appropriate functions described in +\&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or +EVP_PKEY_set1_EC_KEY. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_new()\fR, \fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR, +\&\fBEVP_PKEY_new_CMAC_key()\fR and \fBEVP_PKEY_new_mac_key()\fR return either the newly +allocated \fB\s-1EVP_PKEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBEVP_PKEY_up_ref()\fR, \fBEVP_PKEY_get_raw_private_key()\fR and +\&\fBEVP_PKEY_get_raw_public_key()\fR return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or +EVP_PKEY_set1_EC_KEY +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fBEVP_PKEY_new()\fR and \fBEVP_PKEY_free()\fR functions exist in all versions of OpenSSL. +.PP +The \fBEVP_PKEY_up_ref()\fR function was added in OpenSSL 1.1.0. +.PP +The +\&\fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR, +\&\fBEVP_PKEY_new_CMAC_key()\fR, \fBEVP_PKEY_new_raw_private_key()\fR and +\&\fBEVP_PKEY_get_raw_public_key()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_print_private.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_print_private.3 new file mode 100644 index 00000000..a7c08745 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_print_private.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_PRINT_PRIVATE 3" +.TH EVP_PKEY_PRINT_PRIVATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public key algorithm printing routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +\& int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +\& int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions \fBEVP_PKEY_print_public()\fR, \fBEVP_PKEY_print_private()\fR and +\&\fBEVP_PKEY_print_params()\fR print out the public, private or parameter components +of key \fBpkey\fR respectively. The key is sent to \s-1BIO\s0 \fBout\fR in human readable +form. The parameter \fBindent\fR indicated how far the printout should be indented. +.PP +The \fBpctx\fR parameter allows the print output to be finely tuned by using +\&\s-1ASN1\s0 printing options. If \fBpctx\fR is set to \s-1NULL\s0 then default values will +be used. +.SH "NOTES" +.IX Header "NOTES" +Currently no public key algorithms include any options in the \fBpctx\fR parameter. +.PP +If the key does not include all the components indicated by the function then +only those contained in the key will be printed. For example passing a public +key to \fBEVP_PKEY_print_private()\fR will only print the public components. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions all return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_set1_RSA.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_set1_RSA.3 new file mode 100644 index 00000000..48e151ef --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_set1_RSA.3 @@ -0,0 +1,282 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SET1_RSA 3" +.TH EVP_PKEY_SET1_RSA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine, EVP_PKEY_get0_engine \- EVP_PKEY assignment functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key); +\& int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key); +\& int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key); +\& int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); +\& +\& RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +\& DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +\& DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +\& EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +\& +\& const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); +\& const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); +\& const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); +\& RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); +\& DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); +\& DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey); +\& EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); +\& +\& int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key); +\& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); +\& int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key); +\& int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); +\& int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); +\& int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); +\& +\& int EVP_PKEY_id(const EVP_PKEY *pkey); +\& int EVP_PKEY_base_id(const EVP_PKEY *pkey); +\& int EVP_PKEY_type(int type); +\& int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); +\& +\& ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); +\& int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and +\&\fBEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR. +.PP +\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and +\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or +\&\fB\s-1NULL\s0\fR if the key is not of the correct type. +.PP +\&\fBEVP_PKEY_get0_hmac()\fR, \fBEVP_PKEY_get0_poly1305()\fR, \fBEVP_PKEY_get0_siphash()\fR, +\&\fBEVP_PKEY_get0_RSA()\fR, \fBEVP_PKEY_get0_DSA()\fR, \fBEVP_PKEY_get0_DH()\fR +and \fBEVP_PKEY_get0_EC_KEY()\fR also return the referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR +if the key is not of the correct type but the reference count of the +returned key is \fBnot\fR incremented and so must not be freed up after use. +.PP +\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, +\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR and +\&\fBEVP_PKEY_assign_SIPHASH()\fR also set the referenced key to \fBkey\fR +however these use the supplied \fBkey\fR internally and so \fBkey\fR +will be freed when the parent \fBpkey\fR is freed. +.PP +\&\fBEVP_PKEY_base_id()\fR returns the type of \fBpkey\fR. For example +an \s-1RSA\s0 key will return \fB\s-1EVP_PKEY_RSA\s0\fR. +.PP +\&\fBEVP_PKEY_id()\fR returns the actual \s-1OID\s0 associated with \fBpkey\fR. Historically keys +using the same algorithm could use different OIDs. For example an \s-1RSA\s0 key could +use the OIDs corresponding to the NIDs \fBNID_rsaEncryption\fR (equivalent to +\&\fB\s-1EVP_PKEY_RSA\s0\fR) or \fBNID_rsa\fR (equivalent to \fB\s-1EVP_PKEY_RSA2\s0\fR). The use of +alternative non-standard OIDs is now rare so \fB\s-1EVP_PKEY_RSA2\s0\fR et al are not +often seen in practice. +.PP +\&\fBEVP_PKEY_type()\fR returns the underlying type of the \s-1NID\s0 \fBtype\fR. For example +EVP_PKEY_type(\s-1EVP_PKEY_RSA2\s0) will return \fB\s-1EVP_PKEY_RSA\s0\fR. +.PP +\&\fBEVP_PKEY_get0_engine()\fR returns a reference to the \s-1ENGINE\s0 handling \fBpkey\fR. +.PP +\&\fBEVP_PKEY_set1_engine()\fR sets the \s-1ENGINE\s0 handling \fBpkey\fR to \fBengine\fR. It +must be called after the key algorithm and components are set up. +If \fBengine\fR does not include an \fB\s-1EVP_PKEY_METHOD\s0\fR for \fBpkey\fR an +error occurs. +.PP +\&\fBEVP_PKEY_set_alias_type()\fR allows modifying a \s-1EVP_PKEY\s0 to use a +different set of algorithms than the default. This is currently used +to support \s-1SM2\s0 keys, which use an identical encoding to \s-1ECDSA.\s0 +.SH "NOTES" +.IX Header "NOTES" +In accordance with the OpenSSL naming convention the key obtained +from or assigned to the \fBpkey\fR using the \fB1\fR functions must be +freed as well as \fBpkey\fR. +.PP +\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, +\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR +and \fBEVP_PKEY_assign_SIPHASH()\fR are implemented as macros. +.PP +Most applications wishing to know a key type will simply call +\&\fBEVP_PKEY_base_id()\fR and will not care about the actual type: +which will be identical in almost all cases. +.PP +Previous versions of this document suggested using EVP_PKEY_type(pkey\->type) +to determine the type of a key. Since \fB\s-1EVP_PKEY\s0\fR is now opaque this +is no longer possible: the equivalent is EVP_PKEY_base_id(pkey). +.PP +\&\fBEVP_PKEY_set1_engine()\fR is typically used by an \s-1ENGINE\s0 returning an \s-1HSM\s0 +key as part of its routine to load a private key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and +\&\fBEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. +.PP +\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and +\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, +\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR +and \fBEVP_PKEY_assign_SIPHASH()\fR return 1 for success and 0 for failure. +.PP +\&\fBEVP_PKEY_base_id()\fR, \fBEVP_PKEY_id()\fR and \fBEVP_PKEY_type()\fR return a key +type or \fBNID_undef\fR (equivalently \fB\s-1EVP_PKEY_NONE\s0\fR) on error. +.PP +\&\fBEVP_PKEY_set1_engine()\fR returns 1 for success and 0 for failure. +.PP +\&\fBEVP_PKEY_set_alias_type()\fR returns 1 for success and 0 for error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +After loading an \s-1ECC\s0 key, it is possible to convert it to using \s-1SM2\s0 +algorithms with EVP_PKEY_set_alias_type: +.PP +.Vb 1 +\& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_sign.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_sign.3 new file mode 100644 index 00000000..3b2733c9 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_sign.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SIGN 3" +.TH EVP_PKEY_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_sign_init, EVP_PKEY_sign \- sign using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_sign_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a signing operation. +.PP +The \fBEVP_PKEY_sign()\fR function performs a public key signing operation +using \fBctx\fR. The data to be signed is specified using the \fBtbs\fR and +\&\fBtbslen\fR parameters. If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBsiglen\fR parameter should contain the length of the +\&\fBsig\fR buffer, if the call is successful the signature is written to +\&\fBsig\fR and the amount of data written to \fBsiglen\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fBEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is +normally used to sign digests. For signing arbitrary messages, see the +\&\fBEVP_DigestSignInit\fR\|(3) and +\&\fBEVP_SignInit\fR\|(3) signing interfaces instead. +.PP +After the call to \fBEVP_PKEY_sign_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation (see \fBEVP_PKEY_CTX_ctrl\fR\|(3)). +.PP +The function \fBEVP_PKEY_sign()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_sign_init()\fR and \fBEVP_PKEY_sign()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& /* md is a SHA\-256 digest in this example. */ +\& unsigned char *md, *sig; +\& size_t mdlen = 32, siglen; +\& EVP_PKEY *signing_key; +\& +\& /* +\& * NB: assumes signing_key and md are set up before the next +\& * step. signing_key must be an RSA private key and md must +\& * point to the SHA\-256 digest to be signed. +\& */ +\& ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_sign_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) +\& /* Error */ +\& +\& sig = OPENSSL_malloc(siglen); +\& +\& if (!sig) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) +\& /* Error */ +\& +\& /* Signature is siglen bytes written to buffer sig */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_size.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_size.3 new file mode 100644 index 00000000..06a8243f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_size.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SIZE 3" +.TH EVP_PKEY_SIZE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits \&\- EVP_PKEY information functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_size(const EVP_PKEY *pkey); +\& int EVP_PKEY_bits(const EVP_PKEY *pkey); +\& int EVP_PKEY_security_bits(const EVP_PKEY *pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_size()\fR returns the maximum suitable size for the output +buffers for almost all operations that can be done with \fIpkey\fR. +The primary documented use is with \fBEVP_SignFinal\fR\|(3) and +\&\fBEVP_SealInit\fR\|(3), but it isn't limited there. The returned size is +also large enough for the output buffer of \fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), \fBEVP_PKEY_decrypt\fR\|(3), \fBEVP_PKEY_derive\fR\|(3). +.PP +It must be stressed that, unless the documentation for the operation +that's being performed says otherwise, the size returned by +\&\fBEVP_PKEY_size()\fR is only preliminary and not exact, so the final +contents of the target buffer may be smaller. It is therefore crucial +to take note of the size given back by the function that performs the +operation, such as \fBEVP_PKEY_sign\fR\|(3) (the \fIsiglen\fR argument will +receive that length), to avoid bugs. +.PP +\&\fBEVP_PKEY_bits()\fR returns the cryptographic length of the cryptosystem +to which the key in \fIpkey\fR belongs, in bits. Note that the definition +of cryptographic length is specific to the key cryptosystem. +.PP +\&\fBEVP_PKEY_security_bits()\fR returns the number of security bits of the given +\&\fIpkey\fR, bits of security is defined in \s-1NIST SP800\-57.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_size()\fR, \fBEVP_PKEY_bits()\fR and \fBEVP_PKEY_security_bits()\fR return a +positive number, or 0 if this size isn't available. +.SH "NOTES" +.IX Header "NOTES" +Most functions that have an output buffer and are mentioned with +\&\fBEVP_PKEY_size()\fR have a functionality where you can pass \s-1NULL\s0 for the +buffer and still pass a pointer to an integer and get the exact size +that this function call delivers in the context that it's called in. +This allows those functions to be called twice, once to find out the +exact buffer size, then allocate the buffer in between, and call that +function again actually output the data. For those functions, it +isn't strictly necessary to call \fBEVP_PKEY_size()\fR to find out the +buffer size, but may be useful in cases where it's desirable to know +the upper limit in advance. +.PP +It should also be especially noted that \fBEVP_PKEY_size()\fR shouldn't be +used to get the output size for \fBEVP_DigestSignFinal()\fR, according to +\&\*(L"\s-1NOTES\*(R"\s0 in \fBEVP_DigestSignFinal\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_SignFinal\fR\|(3), +\&\fBEVP_SealInit\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_verify.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_verify.3 new file mode 100644 index 00000000..ecbb5fc2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_verify.3 @@ -0,0 +1,234 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_VERIFY 3" +.TH EVP_PKEY_VERIFY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_verify_init, EVP_PKEY_verify \- signature verification using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, size_t siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_verify_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a signature verification operation. +.PP +The \fBEVP_PKEY_verify()\fR function performs a public key verification operation +using \fBctx\fR. The signature is specified using the \fBsig\fR and +\&\fBsiglen\fR parameters. The verified data (i.e. the data believed originally +signed) is specified using the \fBtbs\fR and \fBtbslen\fR parameters. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_verify_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fBEVP_PKEY_verify()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_verify_init()\fR and \fBEVP_PKEY_verify()\fR return 1 if the verification was +successful and 0 if it failed. Unlike other functions the return value 0 from +\&\fBEVP_PKEY_verify()\fR only indicates that the signature did not verify +successfully (that is tbs did not match the original data or the signature was +of invalid form) it is not an indication of a more serious error. +.PP +A negative value indicates an error other that signature verification failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Verify signature using PKCS#1 and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *md, *sig; +\& size_t mdlen, siglen; +\& EVP_PKEY *verify_key; +\& +\& /* +\& * NB: assumes verify_key, sig, siglen md and mdlen are already set up +\& * and that verify_key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_verify_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Perform operation */ +\& ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); +\& +\& /* +\& * ret == 1 indicates success, 0 verify failure and < 0 for some +\& * other error. +\& */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_PKEY_verify_recover.3 b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_verify_recover.3 new file mode 100644 index 00000000..44d05a5b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_PKEY_verify_recover.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_VERIFY_RECOVER 3" +.TH EVP_PKEY_VERIFY_RECOVER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover \- recover signature using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, +\& unsigned char *rout, size_t *routlen, +\& const unsigned char *sig, size_t siglen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_verify_recover_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a verify recover operation. +.PP +The \fBEVP_PKEY_verify_recover()\fR function recovers signed data +using \fBctx\fR. The signature is specified using the \fBsig\fR and +\&\fBsiglen\fR parameters. If \fBrout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBroutlen\fR parameter. If \fBrout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBroutlen\fR parameter should contain the length of the +\&\fBrout\fR buffer, if the call is successful recovered data is written to +\&\fBrout\fR and the amount of data written to \fBroutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +Normally an application is only interested in whether a signature verification +operation is successful in those cases the \fBEVP_verify()\fR function should be +used. +.PP +Sometimes however it is useful to obtain the data originally signed using a +signing operation. Only certain public key algorithms can recover a signature +in this way (for example \s-1RSA\s0 in \s-1PKCS\s0 padding mode). +.PP +After the call to \fBEVP_PKEY_verify_recover_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fBEVP_PKEY_verify_recover()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_verify_recover_init()\fR and \fBEVP_PKEY_verify_recover()\fR return 1 for success +and 0 or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Recover digest originally signed using PKCS#1 and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *rout, *sig; +\& size_t routlen, siglen; +\& EVP_PKEY *verify_key; +\& +\& /* +\& * NB: assumes verify_key, sig and siglen are already set up +\& * and that verify_key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_verify_recover_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0) +\& /* Error */ +\& +\& rout = OPENSSL_malloc(routlen); +\& +\& if (!rout) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0) +\& /* Error */ +\& +\& /* Recovered data is routlen bytes written to buffer rout */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_SealInit.3 b/deps/openssl/mingw64/share/man/man3/EVP_SealInit.3 new file mode 100644 index 00000000..cb48d5e3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_SealInit.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SEALINIT 3" +.TH EVP_SEALINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char **ek, int *ekl, unsigned char *iv, +\& EVP_PKEY **pubk, int npubk); +\& int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, unsigned char *in, int inl); +\& int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 envelope routines are a high level interface to envelope +encryption. They generate a random key and \s-1IV\s0 (if required) then +\&\*(L"envelope\*(R" it by using public key encryption. Data can then be +encrypted using this key. +.PP +\&\fBEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption +with cipher \fBtype\fR using a random secret key and \s-1IV.\s0 \fBtype\fR is normally +supplied by a function such as \fBEVP_aes_256_cbc()\fR. The secret key is encrypted +using one or more public keys, this allows the same encrypted data to be +decrypted using any of the corresponding private keys. \fBek\fR is an array of +buffers where the public key encrypted secret key will be written, each buffer +must contain enough room for the corresponding encrypted key: that is +\&\fBek[i]\fR must have room for \fBEVP_PKEY_size(pubk[i])\fR bytes. The actual +size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is +an array of \fBnpubk\fR public keys. +.PP +The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must +contain enough room for the corresponding cipher's \s-1IV,\s0 as determined by (for +example) EVP_CIPHER_iv_length(type). +.PP +If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored +and can be \fB\s-1NULL\s0\fR. +.PP +\&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR have exactly the same properties +as the \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal()\fR routines, as +documented on the \fBEVP_EncryptInit\fR\|(3) manual +page. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful. +.PP +\&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR return 1 for success and 0 for +failure. +.SH "NOTES" +.IX Header "NOTES" +Because a random secret key is generated the random number generator +must be seeded when \fBEVP_SealInit()\fR is called. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +The public key must be \s-1RSA\s0 because it is the only OpenSSL public key +algorithm that supports key transport. +.PP +Envelope encryption is the usual method of using public key encryption +on large amounts of data, this is because public key encryption is slow +but symmetric encryption is fast. So symmetric encryption is used for +bulk encryption and the small random symmetric key used is transferred +using public key encryption. +.PP +It is possible to call \fBEVP_SealInit()\fR twice in the same way as +\&\fBEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0 +and (after setting any cipher parameters) it should be called again +with \fBtype\fR set to \s-1NULL.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_OpenInit\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_SignInit.3 b/deps/openssl/mingw64/share/man/man3/EVP_SignInit.3 new file mode 100644 index 00000000..5ec46b7f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_SignInit.3 @@ -0,0 +1,228 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SIGNINIT 3" +.TH EVP_SIGNINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal \&\- EVP signing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey); +\& +\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital +signatures. +.PP +\&\fBEVP_SignInit_ex()\fR sets up signing context \fIctx\fR to use digest +\&\fItype\fR from \fB\s-1ENGINE\s0\fR \fIimpl\fR. \fIctx\fR must be created with +\&\fBEVP_MD_CTX_new()\fR before calling this function. +.PP +\&\fBEVP_SignUpdate()\fR hashes \fIcnt\fR bytes of data at \fId\fR into the +signature context \fIctx\fR. This function can be called several times on the +same \fIctx\fR to include additional data. +.PP +\&\fBEVP_SignFinal()\fR signs the data in \fIctx\fR using the private key \fIpkey\fR and +places the signature in \fIsig\fR. \fIsig\fR must be at least \f(CW\*(C`EVP_PKEY_size(pkey)\*(C'\fR +bytes in size. \fIs\fR is an \s-1OUT\s0 parameter, and not used as an \s-1IN\s0 parameter. +The number of bytes of data written (i.e. the length of the signature) +will be written to the integer at \fIs\fR, at most \f(CW\*(C`EVP_PKEY_size(pkey)\*(C'\fR bytes +will be written. +.PP +\&\fBEVP_SignInit()\fR initializes a signing context \fIctx\fR to use the default +implementation of digest \fItype\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_SignInit_ex()\fR, \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR return 1 +for success and 0 for failure. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +When signing with \s-1DSA\s0 private keys the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +This requirement does not hold for \s-1RSA\s0 signatures. +.PP +The call to \fBEVP_SignFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR can be called +later to digest and sign additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak +will occur. +.SH "BUGS" +.IX Header "BUGS" +Older versions of this documentation wrongly stated that calls to +\&\fBEVP_SignUpdate()\fR could not be made after calling \fBEVP_SignFinal()\fR. +.PP +Since the private key is passed in the call to \fBEVP_SignFinal()\fR any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through \fBEVP_SignUpdate()\fR. +.PP +It is not possible to change the signing parameters using these function. +.PP +The previous two bugs are fixed in the newer EVP_SignDigest*() function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_size\fR\|(3), \fBEVP_PKEY_bits\fR\|(3), \fBEVP_PKEY_security_bits\fR\|(3), +\&\fBEVP_VerifyInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_VerifyInit.3 b/deps/openssl/mingw64/share/man/man3/EVP_VerifyInit.3 new file mode 100644 index 00000000..e270d75b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_VerifyInit.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_VERIFYINIT 3" +.TH EVP_VERIFYINIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_VerifyInit_ex, EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \&\- EVP signature verification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, +\& EVP_PKEY *pkey); +\& +\& int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature verification routines are a high level interface to digital +signatures. +.PP +\&\fBEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created by calling +\&\fBEVP_MD_CTX_new()\fR before calling this function. +.PP +\&\fBEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +verification context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. +.PP +\&\fBEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR +and against the \fBsiglen\fR bytes at \fBsigbuf\fR. +.PP +\&\fBEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default +implementation of digest \fBtype\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_VerifyInit_ex()\fR and \fBEVP_VerifyUpdate()\fR return 1 for success and 0 for +failure. +.PP +\&\fBEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some +other error occurred. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +The call to \fBEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can be called +later to digest and verify additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak +will occur. +.SH "BUGS" +.IX Header "BUGS" +Older versions of this documentation wrongly stated that calls to +\&\fBEVP_VerifyUpdate()\fR could not be made after calling \fBEVP_VerifyFinal()\fR. +.PP +Since the public key is passed in the call to \fBEVP_SignFinal()\fR any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through \fBEVP_SignUpdate()\fR. +.PP +It is not possible to change the signing parameters using these function. +.PP +The previous two bugs are fixed in the newer EVP_DigestVerify*() function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_SignInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_aes.3 b/deps/openssl/mingw64/share/man/man3/EVP_aes.3 new file mode 100644 index 00000000..ca024fcd --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_aes.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_AES 3" +.TH EVP_AES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_aes_128_cbc, EVP_aes_192_cbc, EVP_aes_256_cbc, EVP_aes_128_cfb, EVP_aes_192_cfb, EVP_aes_256_cfb, EVP_aes_128_cfb1, EVP_aes_192_cfb1, EVP_aes_256_cfb1, EVP_aes_128_cfb8, EVP_aes_192_cfb8, EVP_aes_256_cfb8, EVP_aes_128_cfb128, EVP_aes_192_cfb128, EVP_aes_256_cfb128, EVP_aes_128_ctr, EVP_aes_192_ctr, EVP_aes_256_ctr, EVP_aes_128_ecb, EVP_aes_192_ecb, EVP_aes_256_ecb, EVP_aes_128_ofb, EVP_aes_192_ofb, EVP_aes_256_ofb, EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1, EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256, EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ocb, EVP_aes_192_ocb, EVP_aes_256_ocb, EVP_aes_128_wrap, EVP_aes_192_wrap, EVP_aes_256_wrap, EVP_aes_128_wrap_pad, EVP_aes_192_wrap_pad, EVP_aes_256_wrap_pad, EVP_aes_128_xts, EVP_aes_256_xts \&\- EVP AES cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_aes_128_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1AES\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_aes_128_cbc()\fR, \fBEVP_aes_192_cbc()\fR, \fBEVP_aes_256_cbc()\fR, \fBEVP_aes_128_cfb()\fR, \fBEVP_aes_192_cfb()\fR, \fBEVP_aes_256_cfb()\fR, \fBEVP_aes_128_cfb1()\fR, \fBEVP_aes_192_cfb1()\fR, \fBEVP_aes_256_cfb1()\fR, \fBEVP_aes_128_cfb8()\fR, \fBEVP_aes_192_cfb8()\fR, \fBEVP_aes_256_cfb8()\fR, \fBEVP_aes_128_cfb128()\fR, \fBEVP_aes_192_cfb128()\fR, \fBEVP_aes_256_cfb128()\fR, \fBEVP_aes_128_ctr()\fR, \fBEVP_aes_192_ctr()\fR, \fBEVP_aes_256_ctr()\fR, \fBEVP_aes_128_ecb()\fR, \fBEVP_aes_192_ecb()\fR, \fBEVP_aes_256_ecb()\fR, \fBEVP_aes_128_ofb()\fR, \fBEVP_aes_192_ofb()\fR, \fBEVP_aes_256_ofb()\fR" 4 +.IX Item "EVP_aes_128_cbc(), EVP_aes_192_cbc(), EVP_aes_256_cbc(), EVP_aes_128_cfb(), EVP_aes_192_cfb(), EVP_aes_256_cfb(), EVP_aes_128_cfb1(), EVP_aes_192_cfb1(), EVP_aes_256_cfb1(), EVP_aes_128_cfb8(), EVP_aes_192_cfb8(), EVP_aes_256_cfb8(), EVP_aes_128_cfb128(), EVP_aes_192_cfb128(), EVP_aes_256_cfb128(), EVP_aes_128_ctr(), EVP_aes_192_ctr(), EVP_aes_256_ctr(), EVP_aes_128_ecb(), EVP_aes_192_ecb(), EVP_aes_256_ecb(), EVP_aes_128_ofb(), EVP_aes_192_ofb(), EVP_aes_256_ofb()" +\&\s-1AES\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit +shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB,\s0 and \s-1OFB.\s0 +.IP "\fBEVP_aes_128_cbc_hmac_sha1()\fR, \fBEVP_aes_256_cbc_hmac_sha1()\fR" 4 +.IX Item "EVP_aes_128_cbc_hmac_sha1(), EVP_aes_256_cbc_hmac_sha1()" +Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA\-1\s0 as \s-1HMAC,\s0 with keys of +128 and 256 bits length respectively. The authentication tag is 160 bits long. +.Sp +\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 +interface. +.IP "\fBEVP_aes_128_cbc_hmac_sha256()\fR, \fBEVP_aes_256_cbc_hmac_sha256()\fR" 4 +.IX Item "EVP_aes_128_cbc_hmac_sha256(), EVP_aes_256_cbc_hmac_sha256()" +Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA256\s0 (\s-1SHA\-2,\s0 256\-bits) as +\&\s-1HMAC,\s0 with keys of 128 and 256 bits length respectively. The authentication tag +is 256 bits long. +.Sp +\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 +interface. +.IP "\fBEVP_aes_128_ccm()\fR, \fBEVP_aes_192_ccm()\fR, \fBEVP_aes_256_ccm()\fR, \fBEVP_aes_128_gcm()\fR, \fBEVP_aes_192_gcm()\fR, \fBEVP_aes_256_gcm()\fR, \fBEVP_aes_128_ocb()\fR, \fBEVP_aes_192_ocb()\fR, \fBEVP_aes_256_ocb()\fR" 4 +.IX Item "EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm(), EVP_aes_128_gcm(), EVP_aes_192_gcm(), EVP_aes_256_gcm(), EVP_aes_128_ocb(), EVP_aes_192_ocb(), EVP_aes_256_ocb()" +\&\s-1AES\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0), Galois Counter Mode +(\s-1GCM\s0) and \s-1OCB\s0 Mode respectively. These ciphers require additional control +operations to function correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) +section for details. +.IP "\fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_128_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_192_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_256_wrap_pad()\fR" 4 +.IX Item "EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_256_wrap_pad()" +\&\s-1AES\s0 key wrap with 128, 192 and 256 bit keys, as according to \s-1RFC 3394\s0 section +2.2.1 (\*(L"wrap\*(R") and \s-1RFC 5649\s0 section 4.1 (\*(L"wrap with padding\*(R") respectively. +.IP "\fBEVP_aes_128_xts()\fR, \fBEVP_aes_256_xts()\fR" 4 +.IX Item "EVP_aes_128_xts(), EVP_aes_256_xts()" +\&\s-1AES XTS\s0 mode (XTS-AES) is standardized in \s-1IEEE\s0 Std. 1619\-2007 and described in \s-1NIST +SP 800\-38E.\s0 The \s-1XTS\s0 (XEX-based tweaked-codebook mode with ciphertext stealing) +mode was designed by Prof. Phillip Rogaway of University of California, Davis, +intended for encrypting data on a storage device. +.Sp +XTS-AES provides confidentiality but not authentication of data. It also +requires a key of double-length for protection of a certain key size. +In particular, \s-1XTS\-AES\-128\s0 (\fBEVP_aes_128_xts\fR) takes input of a 256\-bit key to +achieve \s-1AES\s0 128\-bit security, and \s-1XTS\-AES\-256\s0 (\fBEVP_aes_256_xts\fR) takes input +of a 512\-bit key to achieve \s-1AES\s0 256\-bit security. +.Sp +The \s-1XTS\s0 implementation in OpenSSL does not support streaming. That is there must +only be one \fBEVP_EncryptUpdate\fR\|(3) call per \fBEVP_EncryptInit_ex\fR\|(3) call (and +similarly with the \*(L"Decrypt\*(R" functions). +.Sp +The \fIiv\fR parameter to \fBEVP_EncryptInit_ex\fR\|(3) or \fBEVP_DecryptInit_ex\fR\|(3) is +the \s-1XTS\s0 \*(L"tweak\*(R" value. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_aria.3 b/deps/openssl/mingw64/share/man/man3/EVP_aria.3 new file mode 100644 index 00000000..a75afbcf --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_aria.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ARIA 3" +.TH EVP_ARIA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_aria_128_cbc, EVP_aria_192_cbc, EVP_aria_256_cbc, EVP_aria_128_cfb, EVP_aria_192_cfb, EVP_aria_256_cfb, EVP_aria_128_cfb1, EVP_aria_192_cfb1, EVP_aria_256_cfb1, EVP_aria_128_cfb8, EVP_aria_192_cfb8, EVP_aria_256_cfb8, EVP_aria_128_cfb128, EVP_aria_192_cfb128, EVP_aria_256_cfb128, EVP_aria_128_ctr, EVP_aria_192_ctr, EVP_aria_256_ctr, EVP_aria_128_ecb, EVP_aria_192_ecb, EVP_aria_256_ecb, EVP_aria_128_ofb, EVP_aria_192_ofb, EVP_aria_256_ofb, EVP_aria_128_ccm, EVP_aria_192_ccm, EVP_aria_256_ccm, EVP_aria_128_gcm, EVP_aria_192_gcm, EVP_aria_256_gcm, \&\- EVP ARIA cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_aria_128_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ARIA\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_aria_128_cbc()\fR, \fBEVP_aria_192_cbc()\fR, \fBEVP_aria_256_cbc()\fR, \fBEVP_aria_128_cfb()\fR, \fBEVP_aria_192_cfb()\fR, \fBEVP_aria_256_cfb()\fR, \fBEVP_aria_128_cfb1()\fR, \fBEVP_aria_192_cfb1()\fR, \fBEVP_aria_256_cfb1()\fR, \fBEVP_aria_128_cfb8()\fR, \fBEVP_aria_192_cfb8()\fR, \fBEVP_aria_256_cfb8()\fR, \fBEVP_aria_128_cfb128()\fR, \fBEVP_aria_192_cfb128()\fR, \fBEVP_aria_256_cfb128()\fR, \fBEVP_aria_128_ctr()\fR, \fBEVP_aria_192_ctr()\fR, \fBEVP_aria_256_ctr()\fR, \fBEVP_aria_128_ecb()\fR, \fBEVP_aria_192_ecb()\fR, \fBEVP_aria_256_ecb()\fR, \fBEVP_aria_128_ofb()\fR, \fBEVP_aria_192_ofb()\fR, \fBEVP_aria_256_ofb()\fR" 4 +.IX Item "EVP_aria_128_cbc(), EVP_aria_192_cbc(), EVP_aria_256_cbc(), EVP_aria_128_cfb(), EVP_aria_192_cfb(), EVP_aria_256_cfb(), EVP_aria_128_cfb1(), EVP_aria_192_cfb1(), EVP_aria_256_cfb1(), EVP_aria_128_cfb8(), EVP_aria_192_cfb8(), EVP_aria_256_cfb8(), EVP_aria_128_cfb128(), EVP_aria_192_cfb128(), EVP_aria_256_cfb128(), EVP_aria_128_ctr(), EVP_aria_192_ctr(), EVP_aria_256_ctr(), EVP_aria_128_ecb(), EVP_aria_192_ecb(), EVP_aria_256_ecb(), EVP_aria_128_ofb(), EVP_aria_192_ofb(), EVP_aria_256_ofb()" +\&\s-1ARIA\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with +128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 +.IP "\fBEVP_aria_128_ccm()\fR, \fBEVP_aria_192_ccm()\fR, \fBEVP_aria_256_ccm()\fR, \fBEVP_aria_128_gcm()\fR, \fBEVP_aria_192_gcm()\fR, \fBEVP_aria_256_gcm()\fR," 4 +.IX Item "EVP_aria_128_ccm(), EVP_aria_192_ccm(), EVP_aria_256_ccm(), EVP_aria_128_gcm(), EVP_aria_192_gcm(), EVP_aria_256_gcm()," +\&\s-1ARIA\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0) and Galois Counter +Mode (\s-1GCM\s0). These ciphers require additional control operations to function +correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_bf_cbc.3 b/deps/openssl/mingw64/share/man/man3/EVP_bf_cbc.3 new file mode 100644 index 00000000..40c2ae1f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_bf_cbc.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_BF_CBC 3" +.TH EVP_BF_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_bf_cbc, EVP_bf_cfb, EVP_bf_cfb64, EVP_bf_ecb, EVP_bf_ofb \&\- EVP Blowfish cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_bf_cbc(void) +\& const EVP_CIPHER *EVP_bf_cfb(void) +\& const EVP_CIPHER *EVP_bf_cfb64(void) +\& const EVP_CIPHER *EVP_bf_ecb(void) +\& const EVP_CIPHER *EVP_bf_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Blowfish encryption algorithm for \s-1EVP.\s0 +.PP +This is a variable key length cipher. +.IP "\fBEVP_bf_cbc()\fR, \fBEVP_bf_cfb()\fR, \fBEVP_bf_cfb64()\fR, \fBEVP_bf_ecb()\fR, \fBEVP_bf_ofb()\fR" 4 +.IX Item "EVP_bf_cbc(), EVP_bf_cfb(), EVP_bf_cfb64(), EVP_bf_ecb(), EVP_bf_ofb()" +Blowfish encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_blake2b512.3 b/deps/openssl/mingw64/share/man/man3/EVP_blake2b512.3 new file mode 100644 index 00000000..a46b8902 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_blake2b512.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_BLAKE2B512 3" +.TH EVP_BLAKE2B512 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_blake2b512, EVP_blake2s256 \&\- BLAKE2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_blake2b512(void); +\& const EVP_MD *EVP_blake2s256(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1BLAKE2\s0 is an improved version of \s-1BLAKE,\s0 which was submitted to the \s-1NIST SHA\-3\s0 +algorithm competition. The BLAKE2s and BLAKE2b algorithms are described in +\&\s-1RFC 7693.\s0 +.IP "\fBEVP_blake2s256()\fR" 4 +.IX Item "EVP_blake2s256()" +The BLAKE2s algorithm that produces a 256\-bit output from a given input. +.IP "\fBEVP_blake2b512()\fR" 4 +.IX Item "EVP_blake2b512()" +The BLAKE2b algorithm that produces a 512\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 7693.\s0 +.SH "NOTES" +.IX Header "NOTES" +While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, +this implementation outputs a digest of a fixed length (the maximum length +supported), which is 512\-bits for BLAKE2b and 256\-bits for BLAKE2s. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_camellia.3 b/deps/openssl/mingw64/share/man/man3/EVP_camellia.3 new file mode 100644 index 00000000..4eefb923 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_camellia.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CAMELLIA 3" +.TH EVP_CAMELLIA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_camellia_128_cbc, EVP_camellia_192_cbc, EVP_camellia_256_cbc, EVP_camellia_128_cfb, EVP_camellia_192_cfb, EVP_camellia_256_cfb, EVP_camellia_128_cfb1, EVP_camellia_192_cfb1, EVP_camellia_256_cfb1, EVP_camellia_128_cfb8, EVP_camellia_192_cfb8, EVP_camellia_256_cfb8, EVP_camellia_128_cfb128, EVP_camellia_192_cfb128, EVP_camellia_256_cfb128, EVP_camellia_128_ctr, EVP_camellia_192_ctr, EVP_camellia_256_ctr, EVP_camellia_128_ecb, EVP_camellia_192_ecb, EVP_camellia_256_ecb, EVP_camellia_128_ofb, EVP_camellia_192_ofb, EVP_camellia_256_ofb \&\- EVP Camellia cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_camellia_128_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Camellia encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_camellia_128_cbc()\fR, \fBEVP_camellia_192_cbc()\fR, \fBEVP_camellia_256_cbc()\fR, \fBEVP_camellia_128_cfb()\fR, \fBEVP_camellia_192_cfb()\fR, \fBEVP_camellia_256_cfb()\fR, \fBEVP_camellia_128_cfb1()\fR, \fBEVP_camellia_192_cfb1()\fR, \fBEVP_camellia_256_cfb1()\fR, \fBEVP_camellia_128_cfb8()\fR, \fBEVP_camellia_192_cfb8()\fR, \fBEVP_camellia_256_cfb8()\fR, \fBEVP_camellia_128_cfb128()\fR, \fBEVP_camellia_192_cfb128()\fR, \fBEVP_camellia_256_cfb128()\fR, \fBEVP_camellia_128_ctr()\fR, \fBEVP_camellia_192_ctr()\fR, \fBEVP_camellia_256_ctr()\fR, \fBEVP_camellia_128_ecb()\fR, \fBEVP_camellia_192_ecb()\fR, \fBEVP_camellia_256_ecb()\fR, \fBEVP_camellia_128_ofb()\fR, \fBEVP_camellia_192_ofb()\fR, \fBEVP_camellia_256_ofb()\fR" 4 +.IX Item "EVP_camellia_128_cbc(), EVP_camellia_192_cbc(), EVP_camellia_256_cbc(), EVP_camellia_128_cfb(), EVP_camellia_192_cfb(), EVP_camellia_256_cfb(), EVP_camellia_128_cfb1(), EVP_camellia_192_cfb1(), EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), EVP_camellia_128_cfb128(), EVP_camellia_192_cfb128(), EVP_camellia_256_cfb128(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), EVP_camellia_128_ecb(), EVP_camellia_192_ecb(), EVP_camellia_256_ecb(), EVP_camellia_128_ofb(), EVP_camellia_192_ofb(), EVP_camellia_256_ofb()" +Camellia for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with +128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_cast5_cbc.3 b/deps/openssl/mingw64/share/man/man3/EVP_cast5_cbc.3 new file mode 100644 index 00000000..05e420aa --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_cast5_cbc.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CAST5_CBC 3" +.TH EVP_CAST5_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_cast5_cbc, EVP_cast5_cfb, EVP_cast5_cfb64, EVP_cast5_ecb, EVP_cast5_ofb \&\- EVP CAST cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_cast5_cbc(void) +\& const EVP_CIPHER *EVP_cast5_cfb(void) +\& const EVP_CIPHER *EVP_cast5_cfb64(void) +\& const EVP_CIPHER *EVP_cast5_ecb(void) +\& const EVP_CIPHER *EVP_cast5_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1CAST\s0 encryption algorithm for \s-1EVP.\s0 +.PP +This is a variable key length cipher. +.IP "\fBEVP_cast5_cbc()\fR, \fBEVP_cast5_ecb()\fR, \fBEVP_cast5_cfb()\fR, \fBEVP_cast5_cfb64()\fR, \fBEVP_cast5_ofb()\fR" 4 +.IX Item "EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_cfb64(), EVP_cast5_ofb()" +\&\s-1CAST\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_chacha20.3 b/deps/openssl/mingw64/share/man/man3/EVP_chacha20.3 new file mode 100644 index 00000000..305cd63d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_chacha20.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CHACHA20 3" +.TH EVP_CHACHA20 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_chacha20, EVP_chacha20_poly1305 \&\- EVP ChaCha20 stream cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_chacha20(void) +\& const EVP_CIPHER *EVP_chacha20_poly1305(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The ChaCha20 stream cipher for \s-1EVP.\s0 +.IP "\fBEVP_chacha20()\fR" 4 +.IX Item "EVP_chacha20()" +The ChaCha20 stream cipher. The key length is 256 bits, the \s-1IV\s0 is 128 bits long. +The first 32 bits consists of a counter in little-endian order followed by a 96 +bit nonce. For example a nonce of: +.Sp +000000000000000000000002 +.Sp +With an initial counter of 42 (2a in hex) would be expressed as: +.Sp +2a000000000000000000000000000002 +.IP "\fBEVP_chacha20_poly1305()\fR" 4 +.IX Item "EVP_chacha20_poly1305()" +Authenticated encryption with ChaCha20\-Poly1305. Like \fBEVP_chacha20()\fR, the key +is 256 bits and the \s-1IV\s0 is 96 bits. This supports additional authenticated data +(\s-1AAD\s0) and produces a 128\-bit authentication tag. See the +\&\*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for more information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_des.3 b/deps/openssl/mingw64/share/man/man3/EVP_des.3 new file mode 100644 index 00000000..ece46dd0 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_des.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DES 3" +.TH EVP_DES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_des_cbc, EVP_des_cfb, EVP_des_cfb1, EVP_des_cfb8, EVP_des_cfb64, EVP_des_ecb, EVP_des_ofb, EVP_des_ede, EVP_des_ede_cbc, EVP_des_ede_cfb, EVP_des_ede_cfb64, EVP_des_ede_ecb, EVP_des_ede_ofb, EVP_des_ede3, EVP_des_ede3_cbc, EVP_des_ede3_cfb, EVP_des_ede3_cfb1, EVP_des_ede3_cfb8, EVP_des_ede3_cfb64, EVP_des_ede3_ecb, EVP_des_ede3_ofb, EVP_des_ede3_wrap \&\- EVP DES cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_des_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1DES\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_des_cbc()\fR, \fBEVP_des_ecb()\fR, \fBEVP_des_cfb()\fR, \fBEVP_des_cfb1()\fR, \fBEVP_des_cfb8()\fR, \fBEVP_des_cfb64()\fR, \fBEVP_des_ofb()\fR" 4 +.IX Item "EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), EVP_des_cfb64(), EVP_des_ofb()" +\&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit +shift and \s-1OFB\s0 modes. +.IP "\fBEVP_des_ede()\fR, \fBEVP_des_ede_cbc()\fR, \fBEVP_des_ede_cfb()\fR, \fBEVP_des_ede_cfb64()\fR, \fBEVP_des_ede_ecb()\fR, \fBEVP_des_ede_ofb()\fR" 4 +.IX Item "EVP_des_ede(), EVP_des_ede_cbc(), EVP_des_ede_cfb(), EVP_des_ede_cfb64(), EVP_des_ede_ecb(), EVP_des_ede_ofb()" +Two key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift and \s-1OFB\s0 modes. +.IP "\fBEVP_des_ede3()\fR, \fBEVP_des_ede3_cbc()\fR, \fBEVP_des_ede3_cfb()\fR, \fBEVP_des_ede3_cfb1()\fR, \fBEVP_des_ede3_cfb8()\fR, \fBEVP_des_ede3_cfb64()\fR, \fBEVP_des_ede3_ecb()\fR, \fBEVP_des_ede3_ofb()\fR" 4 +.IX Item "EVP_des_ede3(), EVP_des_ede3_cbc(), EVP_des_ede3_cfb(), EVP_des_ede3_cfb1(), EVP_des_ede3_cfb8(), EVP_des_ede3_cfb64(), EVP_des_ede3_ecb(), EVP_des_ede3_ofb()" +Three-key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, +\&\s-1CFB\s0 with 8\-bit shift and \s-1OFB\s0 modes. +.IP "\fBEVP_des_ede3_wrap()\fR" 4 +.IX Item "EVP_des_ede3_wrap()" +Triple-DES key wrap according to \s-1RFC 3217\s0 Section 3. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_desx_cbc.3 b/deps/openssl/mingw64/share/man/man3/EVP_desx_cbc.3 new file mode 100644 index 00000000..1b14f62f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_desx_cbc.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DESX_CBC 3" +.TH EVP_DESX_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_desx_cbc \&\- EVP DES\-X cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_desx_cbc(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The DES-X encryption algorithm for \s-1EVP.\s0 +.PP +All modes below use a key length of 128 bits and acts on blocks of 128\-bits. +.IP "\fBEVP_desx_cbc()\fR" 4 +.IX Item "EVP_desx_cbc()" +The DES-X algorithm in \s-1CBC\s0 mode. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_idea_cbc.3 b/deps/openssl/mingw64/share/man/man3/EVP_idea_cbc.3 new file mode 100644 index 00000000..570fe2cf --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_idea_cbc.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_IDEA_CBC 3" +.TH EVP_IDEA_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_idea_cbc, EVP_idea_cfb, EVP_idea_cfb64, EVP_idea_ecb, EVP_idea_ofb \&\- EVP IDEA cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_idea_cbc(void) +\& const EVP_CIPHER *EVP_idea_cfb(void) +\& const EVP_CIPHER *EVP_idea_cfb64(void) +\& const EVP_CIPHER *EVP_idea_ecb(void) +\& const EVP_CIPHER *EVP_idea_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1IDEA\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_idea_cbc()\fR, \fBEVP_idea_cfb()\fR, \fBEVP_idea_cfb64()\fR, \fBEVP_idea_ecb()\fR, \fBEVP_idea_ofb()\fR" 4 +.IX Item "EVP_idea_cbc(), EVP_idea_cfb(), EVP_idea_cfb64(), EVP_idea_ecb(), EVP_idea_ofb()" +The \s-1IDEA\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_md2.3 b/deps/openssl/mingw64/share/man/man3/EVP_md2.3 new file mode 100644 index 00000000..549fd02c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_md2.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD2 3" +.TH EVP_MD2 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_md2 \&\- MD2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_md2(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD2\s0 is a cryptographic hash function standardized in \s-1RFC 1319\s0 and designed by +Ronald Rivest. +.IP "\fBEVP_md2()\fR" 4 +.IX Item "EVP_md2()" +The \s-1MD2\s0 algorithm which produces a 128\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 1319.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_md4.3 b/deps/openssl/mingw64/share/man/man3/EVP_md4.3 new file mode 100644 index 00000000..1456dbc6 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_md4.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD4 3" +.TH EVP_MD4 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_md4 \&\- MD4 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_md4(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD4\s0 is a cryptographic hash function standardized in \s-1RFC 1320\s0 and designed by +Ronald Rivest, first published in 1990. +.IP "\fBEVP_md4()\fR" 4 +.IX Item "EVP_md4()" +The \s-1MD4\s0 algorithm which produces a 128\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 1320.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_md5.3 b/deps/openssl/mingw64/share/man/man3/EVP_md5.3 new file mode 100644 index 00000000..81a54988 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_md5.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD5 3" +.TH EVP_MD5 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_md5, EVP_md5_sha1 \&\- MD5 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_md5(void); +\& const EVP_MD *EVP_md5_sha1(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD5\s0 is a cryptographic hash function standardized in \s-1RFC 1321\s0 and designed by +Ronald Rivest. +.PP +The \s-1CMU\s0 Software Engineering Institute considers \s-1MD5\s0 unsuitable for further +use since its security has been severely compromised. +.IP "\fBEVP_md5()\fR" 4 +.IX Item "EVP_md5()" +The \s-1MD5\s0 algorithm which produces a 128\-bit output from a given input. +.IP "\fBEVP_md5_sha1()\fR" 4 +.IX Item "EVP_md5_sha1()" +A hash algorithm of \s-1SSL\s0 v3 that combines \s-1MD5\s0 with \s-1SHA\-1\s0 as described in \s-1RFC +6101.\s0 +.Sp +\&\s-1WARNING:\s0 this algorithm is not intended for non-SSL usage. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 1321.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_mdc2.3 b/deps/openssl/mingw64/share/man/man3/EVP_mdc2.3 new file mode 100644 index 00000000..c6152723 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_mdc2.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MDC2 3" +.TH EVP_MDC2 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_mdc2 \&\- MDC\-2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_mdc2(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MDC\-2\s0 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic +hash function based on a block cipher. +.IP "\fBEVP_mdc2()\fR" 4 +.IX Item "EVP_mdc2()" +The \s-1MDC\-2DES\s0 algorithm of using \s-1MDC\-2\s0 with the \s-1DES\s0 block cipher. It produces a +128\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_rc2_cbc.3 b/deps/openssl/mingw64/share/man/man3/EVP_rc2_cbc.3 new file mode 100644 index 00000000..1a355df8 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_rc2_cbc.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RC2_CBC 3" +.TH EVP_RC2_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_rc2_cbc, EVP_rc2_cfb, EVP_rc2_cfb64, EVP_rc2_ecb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc \&\- EVP RC2 cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_rc2_cbc(void) +\& const EVP_CIPHER *EVP_rc2_cfb(void) +\& const EVP_CIPHER *EVP_rc2_cfb64(void) +\& const EVP_CIPHER *EVP_rc2_ecb(void) +\& const EVP_CIPHER *EVP_rc2_ofb(void) +\& const EVP_CIPHER *EVP_rc2_40_cbc(void) +\& const EVP_CIPHER *EVP_rc2_64_cbc(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1RC2\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_rc2_cbc()\fR, \fBEVP_rc2_cfb()\fR, \fBEVP_rc2_cfb64()\fR, \fBEVP_rc2_ecb()\fR, \fBEVP_rc2_ofb()\fR" 4 +.IX Item "EVP_rc2_cbc(), EVP_rc2_cfb(), EVP_rc2_cfb64(), EVP_rc2_ecb(), EVP_rc2_ofb()" +\&\s-1RC2\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a +variable key length cipher with an additional parameter called \*(L"effective key +bits\*(R" or \*(L"effective key length\*(R". By default both are set to 128 bits. +.IP "\fBEVP_rc2_40_cbc()\fR, \fBEVP_rc2_64_cbc()\fR" 4 +.IX Item "EVP_rc2_40_cbc(), EVP_rc2_64_cbc()" +\&\s-1RC2\s0 algorithm in \s-1CBC\s0 mode with a default key length and effective key length of +40 and 64 bits. +.Sp +\&\s-1WARNING:\s0 these functions are obsolete. Their usage should be replaced with the +\&\fBEVP_rc2_cbc()\fR, \fBEVP_CIPHER_CTX_set_key_length()\fR and \fBEVP_CIPHER_CTX_ctrl()\fR +functions to set the key length and effective key length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_rc4.3 b/deps/openssl/mingw64/share/man/man3/EVP_rc4.3 new file mode 100644 index 00000000..5cb98510 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_rc4.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RC4 3" +.TH EVP_RC4 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_rc4, EVP_rc4_40, EVP_rc4_hmac_md5 \&\- EVP RC4 stream cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_rc4(void) +\& const EVP_CIPHER *EVP_rc4_40(void) +\& const EVP_CIPHER *EVP_rc4_hmac_md5(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1RC4\s0 stream cipher for \s-1EVP.\s0 +.IP "\fBEVP_rc4()\fR" 4 +.IX Item "EVP_rc4()" +\&\s-1RC4\s0 stream cipher. This is a variable key length cipher with a default key +length of 128 bits. +.IP "\fBEVP_rc4_40()\fR" 4 +.IX Item "EVP_rc4_40()" +\&\s-1RC4\s0 stream cipher with 40 bit key length. +.Sp +\&\s-1WARNING:\s0 this function is obsolete. Its usage should be replaced with the +\&\fBEVP_rc4()\fR and the \fBEVP_CIPHER_CTX_set_key_length()\fR functions. +.IP "\fBEVP_rc4_hmac_md5()\fR" 4 +.IX Item "EVP_rc4_hmac_md5()" +Authenticated encryption with the \s-1RC4\s0 stream cipher with \s-1MD5\s0 as \s-1HMAC.\s0 +.Sp +\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 +interface. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_rc5_32_12_16_cbc.3 b/deps/openssl/mingw64/share/man/man3/EVP_rc5_32_12_16_cbc.3 new file mode 100644 index 00000000..45cc8af1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_rc5_32_12_16_cbc.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RC5_32_12_16_CBC 3" +.TH EVP_RC5_32_12_16_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_cfb64, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb \&\- EVP RC5 cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1RC5\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_rc5_32_12_16_cbc()\fR, \fBEVP_rc5_32_12_16_cfb()\fR, \fBEVP_rc5_32_12_16_cfb64()\fR, \fBEVP_rc5_32_12_16_ecb()\fR, \fBEVP_rc5_32_12_16_ofb()\fR" 4 +.IX Item "EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_cfb64(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_ofb()" +\&\s-1RC5\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a +variable key length cipher with an additional \*(L"number of rounds\*(R" parameter. By +default the key length is set to 128 bits and 12 rounds. Alternative key lengths +can be set using \fBEVP_CIPHER_CTX_set_key_length\fR\|(3). The maximum key length is +2040 bits. +.Sp +The following rc5 specific \fIctrl\fRs are supported (see +\&\fBEVP_CIPHER_CTX_ctrl\fR\|(3)). +.RS 4 +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_SET_RC5_ROUNDS,\s0 rounds, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)" +Sets the number of rounds to \fBrounds\fR. This must be one of \s-1RC5_8_ROUNDS, +RC5_12_ROUNDS\s0 or \s-1RC5_16_ROUNDS.\s0 +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_GET_RC5_ROUNDS, 0,\s0 &rounds)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds)" +Stores the number of rounds currently configured in \fB*rounds\fR where \fB*rounds\fR +is an int. +.RE +.RS 4 +.RE +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_ripemd160.3 b/deps/openssl/mingw64/share/man/man3/EVP_ripemd160.3 new file mode 100644 index 00000000..4582df97 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_ripemd160.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RIPEMD160 3" +.TH EVP_RIPEMD160 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_ripemd160 \&\- RIPEMD160 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_ripemd160(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1RIPEMD\-160\s0 is a cryptographic hash function first published in 1996 belonging +to the \s-1RIPEMD\s0 family (\s-1RACE\s0 Integrity Primitives Evaluation Message Digest). +.IP "\fBEVP_ripemd160()\fR" 4 +.IX Item "EVP_ripemd160()" +The \s-1RIPEMD\-160\s0 algorithm which produces a 160\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_seed_cbc.3 b/deps/openssl/mingw64/share/man/man3/EVP_seed_cbc.3 new file mode 100644 index 00000000..5f70a6dc --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_seed_cbc.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SEED_CBC 3" +.TH EVP_SEED_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_seed_cbc, EVP_seed_cfb, EVP_seed_cfb128, EVP_seed_ecb, EVP_seed_ofb \&\- EVP SEED cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_seed_cbc(void) +\& const EVP_CIPHER *EVP_seed_cfb(void) +\& const EVP_CIPHER *EVP_seed_cfb128(void) +\& const EVP_CIPHER *EVP_seed_ecb(void) +\& const EVP_CIPHER *EVP_seed_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SEED\s0 encryption algorithm for \s-1EVP.\s0 +.PP +All modes below use a key length of 128 bits and acts on blocks of 128\-bits. +.IP "\fBEVP_seed_cbc()\fR, \fBEVP_seed_cfb()\fR, \fBEVP_seed_cfb128()\fR, \fBEVP_seed_ecb()\fR, \fBEVP_seed_ofb()\fR" 4 +.IX Item "EVP_seed_cbc(), EVP_seed_cfb(), EVP_seed_cfb128(), EVP_seed_ecb(), EVP_seed_ofb()" +The \s-1SEED\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_sha1.3 b/deps/openssl/mingw64/share/man/man3/EVP_sha1.3 new file mode 100644 index 00000000..56f3a047 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_sha1.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SHA1 3" +.TH EVP_SHA1 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sha1 \&\- SHA\-1 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sha1(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA\-1\s0 (Secure Hash Algorithm 1) is a cryptographic hash function standardized +in \s-1NIST FIPS 180\-4.\s0 The algorithm was designed by the United States National +Security Agency and initially published in 1995. +.IP "\fBEVP_sha1()\fR" 4 +.IX Item "EVP_sha1()" +The \s-1SHA\-1\s0 algorithm which produces a 160\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST FIPS 180\-4.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_sha224.3 b/deps/openssl/mingw64/share/man/man3/EVP_sha224.3 new file mode 100644 index 00000000..dc53e606 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_sha224.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SHA224 3" +.TH EVP_SHA224 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sha224, EVP_sha256, EVP_sha512_224, EVP_sha512_256, EVP_sha384, EVP_sha512 \&\- SHA\-2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sha224(void); +\& const EVP_MD *EVP_sha256(void); +\& const EVP_MD *EVP_sha512_224(void); +\& const EVP_MD *EVP_sha512_256(void); +\& const EVP_MD *EVP_sha384(void); +\& const EVP_MD *EVP_sha512(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA\-2\s0 (Secure Hash Algorithm 2) is a family of cryptographic hash functions +standardized in \s-1NIST FIPS 180\-4,\s0 first published in 2001. +.IP "\fBEVP_sha224()\fR, \fBEVP_sha256()\fR, EVP_sha512_224, EVP_sha512_256, \fBEVP_sha384()\fR, \fBEVP_sha512()\fR" 4 +.IX Item "EVP_sha224(), EVP_sha256(), EVP_sha512_224, EVP_sha512_256, EVP_sha384(), EVP_sha512()" +The \s-1SHA\-2 SHA\-224, SHA\-256, SHA\-512/224, SHA512/256, SHA\-384\s0 and \s-1SHA\-512\s0 +algorithms, which generate 224, 256, 224, 256, 384 and 512 bits +respectively of output from a given input. +.Sp +The two algorithms: \s-1SHA\-512/224\s0 and \s-1SHA512/256\s0 are truncated forms of the +\&\s-1SHA\-512\s0 algorithm. They are distinct from \s-1SHA\-224\s0 and \s-1SHA\-256\s0 even though +their outputs are of the same size. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST FIPS 180\-4.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_sha3_224.3 b/deps/openssl/mingw64/share/man/man3/EVP_sha3_224.3 new file mode 100644 index 00000000..8e89e334 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_sha3_224.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SHA3_224 3" +.TH EVP_SHA3_224 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sha3_224, EVP_sha3_256, EVP_sha3_384, EVP_sha3_512, EVP_shake128, EVP_shake256 \&\- SHA\-3 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sha3_224(void); +\& const EVP_MD *EVP_sha3_256(void); +\& const EVP_MD *EVP_sha3_384(void); +\& const EVP_MD *EVP_sha3_512(void); +\& +\& const EVP_MD *EVP_shake128(void); +\& const EVP_MD *EVP_shake256(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA\-3\s0 (Secure Hash Algorithm 3) is a family of cryptographic hash functions +standardized in \s-1NIST FIPS 202,\s0 first published in 2015. It is based on the +Keccak algorithm. +.IP "\fBEVP_sha3_224()\fR, \fBEVP_sha3_256()\fR, \fBEVP_sha3_384()\fR, \fBEVP_sha3_512()\fR" 4 +.IX Item "EVP_sha3_224(), EVP_sha3_256(), EVP_sha3_384(), EVP_sha3_512()" +The \s-1SHA\-3 SHA\-3\-224, SHA\-3\-256, SHA\-3\-384,\s0 and \s-1SHA\-3\-512\s0 algorithms +respectively. They produce 224, 256, 384 and 512 bits of output from a given +input. +.IP "\fBEVP_shake128()\fR, \fBEVP_shake256()\fR" 4 +.IX Item "EVP_shake128(), EVP_shake256()" +The \s-1SHAKE\-128\s0 and \s-1SHAKE\-256\s0 Extendable Output Functions (\s-1XOF\s0) that can generate +a variable hash length. +.Sp +Specifically, \fBEVP_shake128\fR provides an overall security of 128 bits, while +\&\fBEVP_shake256\fR provides that of 256 bits. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST FIPS 202.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_sm3.3 b/deps/openssl/mingw64/share/man/man3/EVP_sm3.3 new file mode 100644 index 00000000..697478e4 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_sm3.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SM3 3" +.TH EVP_SM3 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sm3 \&\- SM3 for EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sm3(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SM3\s0 is a cryptographic hash function with a 256\-bit output, defined in \s-1GB/T +32905\-2016.\s0 +.IP "\fBEVP_sm3()\fR" 4 +.IX Item "EVP_sm3()" +The \s-1SM3\s0 hash function. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1GB/T 32905\-2016\s0 and \s-1GM/T 0004\-2012.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_sm4_cbc.3 b/deps/openssl/mingw64/share/man/man3/EVP_sm4_cbc.3 new file mode 100644 index 00000000..2fd1645f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_sm4_cbc.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SM4_CBC 3" +.TH EVP_SM4_CBC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, EVP_sm4_cfb128, EVP_sm4_ofb, EVP_sm4_ctr \&\- EVP SM4 cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_sm4_cbc(void); +\& const EVP_CIPHER *EVP_sm4_ecb(void); +\& const EVP_CIPHER *EVP_sm4_cfb(void); +\& const EVP_CIPHER *EVP_sm4_cfb128(void); +\& const EVP_CIPHER *EVP_sm4_ofb(void); +\& const EVP_CIPHER *EVP_sm4_ctr(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SM4\s0 blockcipher (\s-1GB/T 32907\-2016\s0) for \s-1EVP.\s0 +.PP +All modes below use a key length of 128 bits and acts on blocks of 128 bits. +.IP "\fBEVP_sm4_cbc()\fR, \fBEVP_sm4_ecb()\fR, \fBEVP_sm4_cfb()\fR, \fBEVP_sm4_cfb128()\fR, \fBEVP_sm4_ofb()\fR, \fBEVP_sm4_ctr()\fR" 4 +.IX Item "EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), EVP_sm4_cfb128(), EVP_sm4_ofb(), EVP_sm4_ctr()" +The \s-1SM4\s0 blockcipher with a 128\-bit key in \s-1CBC, ECB, CFB, OFB\s0 and \s-1CTR\s0 modes +respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/EVP_whirlpool.3 b/deps/openssl/mingw64/share/man/man3/EVP_whirlpool.3 new file mode 100644 index 00000000..219f91a4 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/EVP_whirlpool.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_WHIRLPOOL 3" +.TH EVP_WHIRLPOOL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_whirlpool \&\- WHIRLPOOL For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_whirlpool(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1WHIRLPOOL\s0 is a cryptographic hash function standardized in \s-1ISO/IEC 10118\-3:2004\s0 +designed by Vincent Rijmen and Paulo S. L. M. Barreto. +.IP "\fBEVP_whirlpool()\fR" 4 +.IX Item "EVP_whirlpool()" +The \s-1WHIRLPOOL\s0 algorithm that produces a message digest of 512\-bits from a given +input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC 10118\-3:2004.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/HMAC.3 b/deps/openssl/mingw64/share/man/man3/HMAC.3 new file mode 100644 index 00000000..06596730 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/HMAC.3 @@ -0,0 +1,279 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "HMAC 3" +.TH HMAC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags, HMAC_CTX_get_md, HMAC_size \&\- HMAC message authentication code +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned char *HMAC(const EVP_MD *evp_md, const void *key, +\& int key_len, const unsigned char *d, int n, +\& unsigned char *md, unsigned int *md_len); +\& +\& HMAC_CTX *HMAC_CTX_new(void); +\& int HMAC_CTX_reset(HMAC_CTX *ctx); +\& +\& int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, +\& const EVP_MD *md, ENGINE *impl); +\& int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); +\& int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); +\& +\& void HMAC_CTX_free(HMAC_CTX *ctx); +\& +\& int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); +\& void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); +\& const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); +\& +\& size_t HMAC_size(const HMAC_CTX *e); +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, +\& const EVP_MD *md); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash +function used for message authentication, which is based on a hash +function. +.PP +\&\s-1\fBHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at +\&\fBd\fR using the hash function \fBevp_md\fR and the key \fBkey\fR which is +\&\fBkey_len\fR bytes long. +.PP +It places the result in \fBmd\fR (which must have space for the output of +the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes). +If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. The size of +the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. Note: passing a \s-1NULL\s0 +value for \fBmd\fR to use the static array is not thread safe. +.PP +\&\fBevp_md\fR is a message digest such as \fBEVP_sha1()\fR, \fBEVP_ripemd160()\fR etc. \s-1HMAC\s0 does +not support variable output length digests such as \fBEVP_shake128()\fR and +\&\fBEVP_shake256()\fR. +.PP +\&\fBHMAC_CTX_new()\fR creates a new \s-1HMAC_CTX\s0 in heap memory. +.PP +\&\fBHMAC_CTX_reset()\fR zeroes an existing \fB\s-1HMAC_CTX\s0\fR and associated +resources, making it suitable for new computations as if it was newly +created with \fBHMAC_CTX_new()\fR. +.PP +\&\fBHMAC_CTX_free()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR, +releases any associated resources and finally frees the \fB\s-1HMAC_CTX\s0\fR +itself. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fBHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +function \fBevp_md\fR and key \fBkey\fR. If both are \s-1NULL,\s0 or if \fBkey\fR is \s-1NULL\s0 +and \fBevp_md\fR is the same as the previous call, then the +existing key is +reused. \fBctx\fR must have been created with \fBHMAC_CTX_new()\fR before the first use +of an \fB\s-1HMAC_CTX\s0\fR in this function. +.PP +If \fBHMAC_Init_ex()\fR is called with \fBkey\fR \s-1NULL\s0 and \fBevp_md\fR is not the +same as the previous digest used by \fBctx\fR then an error is returned +because reuse of an existing key with a different digest is not supported. +.PP +\&\fBHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes +long. +.PP +\&\fBHMAC_Update()\fR can be called repeatedly with chunks of the message to +be authenticated (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fBHMAC_Final()\fR places the message authentication code in \fBmd\fR, which +must have space for the hash function output. +.PP +\&\fBHMAC_CTX_copy()\fR copies all of the internal state from \fBsctx\fR into \fBdctx\fR. +.PP +\&\fBHMAC_CTX_set_flags()\fR applies the specified flags to the internal EVP_MD_CTXs. +These flags have the same meaning as for \fBEVP_MD_CTX_set_flags\fR\|(3). +.PP +\&\fBHMAC_CTX_get_md()\fR returns the \s-1EVP_MD\s0 that has previously been set for the +supplied \s-1HMAC_CTX.\s0 +.PP +\&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if +an error occurred. +.PP +\&\fBHMAC_CTX_new()\fR returns a pointer to a new \fB\s-1HMAC_CTX\s0\fR on success or +\&\fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBHMAC_CTX_reset()\fR, \fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR, \fBHMAC_Final()\fR and +\&\fBHMAC_CTX_copy()\fR return 1 for success or 0 if an error occurred. +.PP +\&\fBHMAC_CTX_get_md()\fR return the \s-1EVP_MD\s0 previously set for the supplied \s-1HMAC_CTX\s0 or +\&\s-1NULL\s0 if no \s-1EVP_MD\s0 has been set. +.PP +\&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output +or zero on error. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 2104\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBSHA1\s0\fR\|(3), \fBevp\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBHMAC_CTX_init()\fR was replaced with \fBHMAC_CTX_reset()\fR in OpenSSL 1.1.0. +.PP +\&\fBHMAC_CTX_cleanup()\fR existed in OpenSSL before version 1.1.0. +.PP +\&\fBHMAC_CTX_new()\fR, \fBHMAC_CTX_free()\fR and \fBHMAC_CTX_get_md()\fR are new in OpenSSL 1.1.0. +.PP +\&\fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR and \fBHMAC_Final()\fR did not return values in +OpenSSL before version 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/MD5.3 b/deps/openssl/mingw64/share/man/man3/MD5.3 new file mode 100644 index 00000000..e6768f8f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/MD5.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "MD5 3" +.TH MD5 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, MD4, and MD5 hash functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md); +\& +\& int MD2_Init(MD2_CTX *c); +\& int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); +\& int MD2_Final(unsigned char *md, MD2_CTX *c); +\& +\& +\& #include +\& +\& unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); +\& +\& int MD4_Init(MD4_CTX *c); +\& int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); +\& int MD4_Final(unsigned char *md, MD4_CTX *c); +\& +\& +\& #include +\& +\& unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); +\& +\& int MD5_Init(MD5_CTX *c); +\& int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); +\& int MD5_Final(unsigned char *md, MD5_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. +.PP +\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest +of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space +for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16 +bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static +array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fBMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure. +.PP +\&\fBMD2_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fBMD2_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1MD2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MD2_CTX\s0\fR. +.PP +\&\fBMD4_Init()\fR, \fBMD4_Update()\fR, \fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and +\&\fBMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure. +.PP +Applications should use the higher level functions +\&\fBEVP_DigestInit\fR\|(3) +etc. instead of calling the hash functions directly. +.SH "NOTE" +.IX Header "NOTE" +\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are recommended only for compatibility with existing +applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be +preferred. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR return pointers to the hash value. +.PP +\&\fBMD2_Init()\fR, \fBMD2_Update()\fR, \fBMD2_Final()\fR, \fBMD4_Init()\fR, \fBMD4_Update()\fR, +\&\fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and \fBMD5_Final()\fR return 1 for +success, 0 otherwise. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 1319, RFC 1320, RFC 1321\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/MDC2_Init.3 b/deps/openssl/mingw64/share/man/man3/MDC2_Init.3 new file mode 100644 index 00000000..3cb010f0 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/MDC2_Init.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "MDC2_INIT 3" +.TH MDC2_INIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned char *MDC2(const unsigned char *d, unsigned long n, +\& unsigned char *md); +\& +\& int MDC2_Init(MDC2_CTX *c); +\& int MDC2_Update(MDC2_CTX *c, const unsigned char *data, +\& unsigned long len); +\& int MDC2_Final(unsigned char *md, MDC2_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MDC2\s0 is a method to construct hash functions with 128 bit output from +block ciphers. These functions are an implementation of \s-1MDC2\s0 with +\&\s-1DES.\s0 +.PP +\&\s-1\fBMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest +is placed in a static array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fBMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure. +.PP +\&\fBMDC2_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fBMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MDC2_CTX\s0\fR. +.PP +Applications should use the higher level functions +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the +hash functions directly. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBMDC2\s0()\fR returns a pointer to the hash value. +.PP +\&\fBMDC2_Init()\fR, \fBMDC2_Update()\fR and \fBMDC2_Final()\fR return 1 for success, 0 otherwise. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OBJ_nid2obj.3 b/deps/openssl/mingw64/share/man/man3/OBJ_nid2obj.3 new file mode 100644 index 00000000..82749e85 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OBJ_nid2obj.3 @@ -0,0 +1,327 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OBJ_NID2OBJ 3" +.TH OBJ_NID2OBJ 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2t_ASN1_OBJECT, OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup \&\- ASN1 object utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OBJECT *OBJ_nid2obj(int n); +\& const char *OBJ_nid2ln(int n); +\& const char *OBJ_nid2sn(int n); +\& +\& int OBJ_obj2nid(const ASN1_OBJECT *o); +\& int OBJ_ln2nid(const char *ln); +\& int OBJ_sn2nid(const char *sn); +\& +\& int OBJ_txt2nid(const char *s); +\& +\& ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); +\& int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +\& +\& int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); +\& +\& int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +\& ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o); +\& +\& int OBJ_create(const char *oid, const char *sn, const char *ln); +\& +\& size_t OBJ_length(const ASN1_OBJECT *obj); +\& const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); +.Ve +.PP +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void OBJ_cleanup(void) +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are +a representation of the \s-1ASN1 OBJECT IDENTIFIER\s0 (\s-1OID\s0) type. +For convenience, OIDs are usually represented in source code as numeric +identifiers, or \fB\s-1NID\s0\fRs. OpenSSL has an internal table of OIDs that +are generated when the library is built, and their corresponding NIDs +are available as defined constants. For the functions below, application +code should treat all returned values \*(-- OIDs, NIDs, or names \*(-- as +constants. +.PP +\&\fBOBJ_nid2obj()\fR, \fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to +an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, +or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 +for the object \fBo\fR, the long name or the short name respectively +or NID_undef if an error occurred. +.PP +\&\fBOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string . \fBs\fR can be +a long name, a short name or the numerical representation of an object. +.PP +\&\fBOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure. +If \fBno_name\fR is 0 then long names and short names will be interpreted +as well as numerical forms. If \fBno_name\fR is 1 only the numerical form +is acceptable. +.PP +\&\fBOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation. +The representation is written as a null terminated string to \fBbuf\fR +at most \fBbuf_len\fR bytes are written, truncating the result if necessary. +The total amount of space required is returned. If \fBno_name\fR is 0 then +if the object has a long or short name then that will be used, otherwise +the numerical form will be used. If \fBno_name\fR is 1 then the numerical +form will always be used. +.PP +\&\fBi2t_ASN1_OBJECT()\fR is the same as \fBOBJ_obj2txt()\fR with the \fBno_name\fR set to zero. +.PP +\&\fBOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned. +.PP +\&\fBOBJ_dup()\fR returns a copy of \fBo\fR. +.PP +\&\fBOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the +numerical form of the object, \fBsn\fR the short name and \fBln\fR the +long name. A new \s-1NID\s0 is returned for the created object in case of +success and NID_undef in case of failure. +.PP +\&\fBOBJ_length()\fR returns the size of the content octets of \fBobj\fR. +.PP +\&\fBOBJ_get0_data()\fR returns a pointer to the content octets of \fBobj\fR. +The returned pointer is an internal pointer which \fBmust not\fR be freed. +.PP +\&\fBOBJ_cleanup()\fR releases any resources allocated by creating new objects. +.SH "NOTES" +.IX Header "NOTES" +Objects in OpenSSL can have a short name, a long name and a numerical +identifier (\s-1NID\s0) associated with them. A standard set of objects is +represented in an internal table. The appropriate values are defined +in the header file \fBobjects.h\fR. +.PP +For example the \s-1OID\s0 for commonName has the following definitions: +.PP +.Vb 3 +\& #define SN_commonName "CN" +\& #define LN_commonName "commonName" +\& #define NID_commonName 13 +.Ve +.PP +New objects can be added by calling \fBOBJ_create()\fR. +.PP +Table objects have certain advantages over other objects: for example +their NIDs can be used in a C language switch statement. They are +also static constant structures which are shared: that is there +is only a single constant structure for each table object. +.PP +Objects which are not in the table have the \s-1NID\s0 value NID_undef. +.PP +Objects do not need to be in the internal tables to be processed, +the functions \fBOBJ_txt2obj()\fR and \fBOBJ_obj2txt()\fR can process the numerical +form of an \s-1OID.\s0 +.PP +Some objects are used to represent algorithms which do not have a +corresponding \s-1ASN.1 OBJECT IDENTIFIER\s0 encoding (for example no \s-1OID\s0 currently +exists for a particular algorithm). As a result they \fBcannot\fR be encoded or +decoded as part of \s-1ASN.1\s0 structures. Applications can determine if there +is a corresponding \s-1OBJECT IDENTIFIER\s0 by checking \fBOBJ_length()\fR is not zero. +.PP +These functions cannot return \fBconst\fR because an \fB\s-1ASN1_OBJECT\s0\fR can +represent both an internal, constant, \s-1OID\s0 and a dynamically-created one. +The latter cannot be constant because it needs to be freed after use. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an +error occurred. +.PP +\&\fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR +on error. +.PP +\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR and \fBOBJ_txt2nid()\fR return +a \s-1NID\s0 or \fBNID_undef\fR on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an object for \fBcommonName\fR: +.PP +.Vb 1 +\& ASN1_OBJECT *o = OBJ_nid2obj(NID_commonName); +.Ve +.PP +Check if an object is \fBcommonName\fR +.PP +.Vb 2 +\& if (OBJ_obj2nid(obj) == NID_commonName) +\& /* Do something */ +.Ve +.PP +Create a new \s-1NID\s0 and initialize an object from it: +.PP +.Vb 2 +\& int new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); +\& ASN1_OBJECT *obj = OBJ_nid2obj(new_nid); +.Ve +.PP +Create a new object directly: +.PP +.Vb 1 +\& obj = OBJ_txt2obj("1.2.3.4", 1); +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fBOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the +convention of other OpenSSL functions where the buffer can be set +to \fB\s-1NULL\s0\fR to determine the amount of data that should be written. +Instead \fBbuf\fR must point to a valid buffer and \fBbuf_len\fR should +be set to a positive value. A buffer length of 80 should be more +than enough to handle any \s-1OID\s0 encountered in practice. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBOBJ_cleanup()\fR was deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto\fR\|(3) +and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OCSP_REQUEST_new.3 b/deps/openssl/mingw64/share/man/man3/OCSP_REQUEST_new.3 new file mode 100644 index 00000000..bc543976 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OCSP_REQUEST_new.3 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_REQUEST_NEW 3" +.TH OCSP_REQUEST_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, OCSP_request_add1_cert, OCSP_request_onereq_count, OCSP_request_onereq_get0 \- OCSP request functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OCSP_REQUEST *OCSP_REQUEST_new(void); +\& void OCSP_REQUEST_free(OCSP_REQUEST *req); +\& +\& OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); +\& +\& int OCSP_request_sign(OCSP_REQUEST *req, +\& X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, +\& STACK_OF(X509) *certs, unsigned long flags); +\& +\& int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); +\& +\& int OCSP_request_onereq_count(OCSP_REQUEST *req); +\& OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOCSP_REQUEST_new()\fR allocates and returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure. +.PP +\&\fBOCSP_REQUEST_free()\fR frees up the request structure \fBreq\fR. +.PP +\&\fBOCSP_request_add0_id()\fR adds certificate \s-1ID\s0 \fBcid\fR to \fBreq\fR. It returns +the \fB\s-1OCSP_ONEREQ\s0\fR structure added so an application can add additional +extensions to the request. The \fBid\fR parameter \fB\s-1MUST NOT\s0\fR be freed up after +the operation. +.PP +\&\fBOCSP_request_sign()\fR signs \s-1OCSP\s0 request \fBreq\fR using certificate +\&\fBsigner\fR, private key \fBkey\fR, digest \fBdgst\fR and additional certificates +\&\fBcerts\fR. If the \fBflags\fR option \fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates +will be included in the request. +.PP +\&\fBOCSP_request_add1_cert()\fR adds certificate \fBcert\fR to request \fBreq\fR. The +application is responsible for freeing up \fBcert\fR after use. +.PP +\&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR +structures in \fBreq\fR. +.PP +\&\fBOCSP_request_onereq_get0()\fR returns an internal pointer to the \fB\s-1OCSP_ONEREQ\s0\fR +contained in \fBreq\fR of index \fBi\fR. The index value \fBi\fR runs from 0 to +OCSP_request_onereq_count(req) \- 1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_REQUEST_new()\fR returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fBOCSP_request_add0_id()\fR returns the \fB\s-1OCSP_ONEREQ\s0\fR structure containing \fBcid\fR +or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBOCSP_request_sign()\fR and \fBOCSP_request_add1_cert()\fR return 1 for success and 0 +for failure. +.PP +\&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR +structures in \fBreq\fR. +.PP +\&\fBOCSP_request_onereq_get0()\fR returns a pointer to an \fB\s-1OCSP_ONEREQ\s0\fR structure +or \fB\s-1NULL\s0\fR if the index value is out or range. +.SH "NOTES" +.IX Header "NOTES" +An \s-1OCSP\s0 request structure contains one or more \fB\s-1OCSP_ONEREQ\s0\fR structures +corresponding to each certificate. +.PP +\&\fBOCSP_request_onereq_count()\fR and \fBOCSP_request_onereq_get0()\fR are mainly used by +\&\s-1OCSP\s0 responders. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \fB\s-1OCSP_REQUEST\s0\fR structure for certificate \fBcert\fR with issuer +\&\fBissuer\fR: +.PP +.Vb 2 +\& OCSP_REQUEST *req; +\& OCSP_ID *cid; +\& +\& req = OCSP_REQUEST_new(); +\& if (req == NULL) +\& /* error */ +\& cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); +\& if (cid == NULL) +\& /* error */ +\& +\& if (OCSP_REQUEST_add0_id(req, cid) == NULL) +\& /* error */ +\& +\& /* Do something with req, e.g. query responder */ +\& +\& OCSP_REQUEST_free(req); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OCSP_cert_to_id.3 b/deps/openssl/mingw64/share/man/man3/OCSP_cert_to_id.3 new file mode 100644 index 00000000..589f14eb --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OCSP_cert_to_id.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_CERT_TO_ID 3" +.TH OCSP_CERT_TO_ID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, OCSP_id_cmp, OCSP_id_get0_info \- OCSP certificate ID utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, +\& X509 *subject, X509 *issuer); +\& +\& OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, +\& X509_NAME *issuerName, +\& ASN1_BIT_STRING *issuerKey, +\& ASN1_INTEGER *serialNumber); +\& +\& void OCSP_CERTID_free(OCSP_CERTID *id); +\& +\& int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +\& int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +\& +\& int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, +\& ASN1_OCTET_STRING **pikeyHash, +\& ASN1_INTEGER **pserial, OCSP_CERTID *cid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOCSP_cert_to_id()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR structure using +message digest \fBdgst\fR for certificate \fBsubject\fR with issuer \fBissuer\fR. If +\&\fBdgst\fR is \fB\s-1NULL\s0\fR then \s-1SHA1\s0 is used. +.PP +\&\fBOCSP_cert_id_new()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR using \fBdgst\fR and +issuer name \fBissuerName\fR, issuer key hash \fBissuerKey\fR and serial number +\&\fBserialNumber\fR. +.PP +\&\fBOCSP_CERTID_free()\fR frees up \fBid\fR. +.PP +\&\fBOCSP_id_cmp()\fR compares \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. +.PP +\&\fBOCSP_id_issuer_cmp()\fR compares only the issuer name of \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. +.PP +\&\fBOCSP_id_get0_info()\fR returns the issuer name hash, hash \s-1OID,\s0 issuer key hash and +serial number contained in \fBcid\fR. If any of the values are not required the +corresponding parameter can be set to \fB\s-1NULL\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_cert_to_id()\fR and \fBOCSP_cert_id_new()\fR return either a pointer to a valid +\&\fB\s-1OCSP_CERTID\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBOCSP_id_cmp()\fR and \fBOCSP_id_issuer_cmp()\fR returns zero for a match and non-zero +otherwise. +.PP +\&\fBOCSP_CERTID_free()\fR does not return a value. +.PP +\&\fBOCSP_id_get0_info()\fR returns 1 for success and 0 for failure. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1OCSP\s0 clients will typically only use \fBOCSP_cert_to_id()\fR or \fBOCSP_cert_id_new()\fR: +the other functions are used by responder applications. +.PP +The values returned by \fBOCSP_id_get0_info()\fR are internal pointers and \fB\s-1MUST +NOT\s0\fR be freed up by an application: they will be freed when the corresponding +\&\fB\s-1OCSP_CERTID\s0\fR structure is freed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OCSP_request_add1_nonce.3 b/deps/openssl/mingw64/share/man/man3/OCSP_request_add1_nonce.3 new file mode 100644 index 00000000..274d9338 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OCSP_request_add1_nonce.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_REQUEST_ADD1_NONCE 3" +.TH OCSP_REQUEST_ADD1_NONCE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce \- OCSP nonce functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +\& int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +\& int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); +\& int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOCSP_request_add1_nonce()\fR adds a nonce of value \fBval\fR and length \fBlen\fR to +\&\s-1OCSP\s0 request \fBreq\fR. If \fBval\fR is \fB\s-1NULL\s0\fR a random nonce is used. If \fBlen\fR +is zero or negative a default length will be used (currently 16 bytes). +.PP +\&\fBOCSP_basic_add1_nonce()\fR is identical to \fBOCSP_request_add1_nonce()\fR except +it adds a nonce to \s-1OCSP\s0 basic response \fBresp\fR. +.PP +\&\fBOCSP_check_nonce()\fR compares the nonce value in \fBreq\fR and \fBresp\fR. +.PP +\&\fBOCSP_copy_nonce()\fR copies any nonce value present in \fBreq\fR to \fBresp\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_request_add1_nonce()\fR and \fBOCSP_basic_add1_nonce()\fR return 1 for success +and 0 for failure. +.PP +\&\fBOCSP_copy_nonce()\fR returns 1 if a nonce was successfully copied, 2 if no nonce +was present in \fBreq\fR and 0 if an error occurred. +.PP +\&\fBOCSP_check_nonce()\fR returns the result of the nonce comparison between \fBreq\fR +and \fBresp\fR. The return value indicates the result of the comparison. If +nonces are present and equal 1 is returned. If the nonces are absent 2 is +returned. If a nonce is present in the response only 3 is returned. If nonces +are present and unequal 0 is returned. If the nonce is present in the request +only then \-1 is returned. +.SH "NOTES" +.IX Header "NOTES" +For most purposes the nonce value in a request is set to a random value so +the \fBval\fR parameter in \fBOCSP_request_add1_nonce()\fR is usually \s-1NULL.\s0 +.PP +An \s-1OCSP\s0 nonce is typically added to an \s-1OCSP\s0 request to thwart replay attacks +by checking the same nonce value appears in the response. +.PP +Some responders may include a nonce in all responses even if one is not +supplied. +.PP +Some responders cache \s-1OCSP\s0 responses and do not sign each response for +performance reasons. As a result they do not support nonces. +.PP +The return values of \fBOCSP_check_nonce()\fR can be checked to cover each case. A +positive return value effectively indicates success: nonces are both present +and match, both absent or present in the response only. A non-zero return +additionally covers the case where the nonce is present in the request only: +this will happen if the responder doesn't support nonces. A zero return value +indicates present and mismatched nonces: this should be treated as an error +condition. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OCSP_resp_find_status.3 b/deps/openssl/mingw64/share/man/man3/OCSP_resp_find_status.3 new file mode 100644 index 00000000..9e19d1f0 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OCSP_resp_find_status.3 @@ -0,0 +1,319 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_RESP_FIND_STATUS 3" +.TH OCSP_RESP_FIND_STATUS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_resp_get0_certs, OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get1_id, OCSP_resp_get0_produced_at, OCSP_resp_get0_signature, OCSP_resp_get0_tbs_sigalg, OCSP_resp_get0_respdata, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity, OCSP_basic_verify \&\- OCSP response utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, +\& int *reason, +\& ASN1_GENERALIZEDTIME **revtime, +\& ASN1_GENERALIZEDTIME **thisupd, +\& ASN1_GENERALIZEDTIME **nextupd); +\& +\& int OCSP_resp_count(OCSP_BASICRESP *bs); +\& OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +\& int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +\& int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, +\& ASN1_GENERALIZEDTIME **revtime, +\& ASN1_GENERALIZEDTIME **thisupd, +\& ASN1_GENERALIZEDTIME **nextupd); +\& +\& const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( +\& const OCSP_BASICRESP* single); +\& +\& const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +\& const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +\& const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +\& const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +\& +\& int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, +\& STACK_OF(X509) *extra_certs); +\& +\& int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, +\& const ASN1_OCTET_STRING **pid, +\& const X509_NAME **pname); +\& int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, +\& ASN1_OCTET_STRING **pid, +\& X509_NAME **pname); +\& +\& int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, +\& ASN1_GENERALIZEDTIME *nextupd, +\& long sec, long maxsec); +\& +\& int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, +\& X509_STORE *st, unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOCSP_resp_find_status()\fR searches \fBbs\fR for an \s-1OCSP\s0 response for \fBid\fR. If it is +successful the fields of the response are returned in \fB*status\fR, \fB*reason\fR, +\&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. The \fB*status\fR value will be one of +\&\fBV_OCSP_CERTSTATUS_GOOD\fR, \fBV_OCSP_CERTSTATUS_REVOKED\fR or +\&\fBV_OCSP_CERTSTATUS_UNKNOWN\fR. The \fB*reason\fR and \fB*revtime\fR fields are only +set if the status is \fBV_OCSP_CERTSTATUS_REVOKED\fR. If set the \fB*reason\fR field +will be set to the revocation reason which will be one of +\&\fB\s-1OCSP_REVOKED_STATUS_NOSTATUS\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_UNSPECIFIED\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_KEYCOMPROMISE\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_CACOMPROMISE\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_AFFILIATIONCHANGED\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_SUPERSEDED\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_CESSATIONOFOPERATION\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_CERTIFICATEHOLD\s0\fR or \fB\s-1OCSP_REVOKED_STATUS_REMOVEFROMCRL\s0\fR. +.PP +\&\fBOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fBbs\fR. +.PP +\&\fBOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fBbs\fR +corresponding to index \fBidx\fR. Where \fBidx\fR runs from 0 to +OCSP_resp_count(bs) \- 1. +.PP +\&\fBOCSP_resp_find()\fR searches \fBbs\fR for \fBid\fR and returns the index of the first +matching entry after \fBlast\fR or starting from the beginning if \fBlast\fR is \-1. +.PP +\&\fBOCSP_single_get0_status()\fR extracts the fields of \fBsingle\fR in \fB*reason\fR, +\&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. +.PP +\&\fBOCSP_resp_get0_produced_at()\fR extracts the \fBproducedAt\fR field from the +single response \fBbs\fR. +.PP +\&\fBOCSP_resp_get0_signature()\fR returns the signature from \fBbs\fR. +.PP +\&\fBOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR from \fBbs\fR. +.PP +\&\fBOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR from \fBbs\fR. +.PP +\&\fBOCSP_resp_get0_certs()\fR returns any certificates included in \fBbs\fR. +.PP +\&\fBOCSP_resp_get0_signer()\fR attempts to retrieve the certificate that directly +signed \fBbs\fR. The \s-1OCSP\s0 protocol does not require that this certificate +is included in the \fBcerts\fR field of the response, so additional certificates +can be supplied in \fBextra_certs\fR if the certificates that may have +signed the response are known via some out-of-band mechanism. +.PP +\&\fBOCSP_resp_get0_id()\fR gets the responder id of \fBbs\fR. If the responder \s-1ID\s0 is +a name then <*pname> is set to the name and \fB*pid\fR is set to \s-1NULL.\s0 If the +responder \s-1ID\s0 is by key \s-1ID\s0 then \fB*pid\fR is set to the key \s-1ID\s0 and \fB*pname\fR +is set to \s-1NULL.\s0 \fBOCSP_resp_get1_id()\fR leaves ownership of \fB*pid\fR and \fB*pname\fR +with the caller, who is responsible for freeing them. Both functions return 1 +in case of success and 0 in case of failure. If \fBOCSP_resp_get1_id()\fR returns 0, +no freeing of the results is necessary. +.PP +\&\fBOCSP_check_validity()\fR checks the validity of \fBthisupd\fR and \fBnextupd\fR values +which will be typically obtained from \fBOCSP_resp_find_status()\fR or +\&\fBOCSP_single_get0_status()\fR. If \fBsec\fR is non-zero it indicates how many seconds +leeway should be allowed in the check. If \fBmaxsec\fR is positive it indicates +the maximum age of \fBthisupd\fR in seconds. +.PP +\&\fBOCSP_basic_verify()\fR checks that the basic response message \fBbs\fR is correctly +signed and that the signer certificate can be validated. It takes \fBst\fR as +the trusted store and \fBcerts\fR as a set of untrusted intermediate certificates. +The function first tries to find the signer certificate of the response +in . It also searches the certificates the responder may have included +in \fBbs\fR unless the \fBflags\fR contain \fB\s-1OCSP_NOINTERN\s0\fR. +It fails if the signer certificate cannot be found. +Next, the function checks the signature of \fBbs\fR and fails on error +unless the \fBflags\fR contain \fB\s-1OCSP_NOSIGS\s0\fR. Then the function already returns +success if the \fBflags\fR contain \fB\s-1OCSP_NOVERIFY\s0\fR or if the signer certificate +was found in \fBcerts\fR and the \fBflags\fR contain \fB\s-1OCSP_TRUSTOTHER\s0\fR. +Otherwise the function continues by validating the signer certificate. +To this end, all certificates in \fBcert\fR and in \fBbs\fR are considered as +untrusted certificates for the construction of the validation path for the +signer certificate unless the \fB\s-1OCSP_NOCHAIN\s0\fR flag is set. After successful path +validation the function returns success if the \fB\s-1OCSP_NOCHECKS\s0\fR flag is set. +Otherwise it verifies that the signer certificate meets the \s-1OCSP\s0 issuer +criteria including potential delegation. If this does not succeed and the +\&\fBflags\fR do not contain \fB\s-1OCSP_NOEXPLICIT\s0\fR the function checks for explicit +trust for \s-1OCSP\s0 signing in the root \s-1CA\s0 certificate. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_resp_find_status()\fR returns 1 if \fBid\fR is found in \fBbs\fR and 0 otherwise. +.PP +\&\fBOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in +\&\fBbs\fR. +.PP +\&\fBOCSP_resp_get0()\fR returns a pointer to an \fB\s-1OCSP_SINGLERESP\s0\fR structure or +\&\fB\s-1NULL\s0\fR if \fBidx\fR is out of range. +.PP +\&\fBOCSP_resp_find()\fR returns the index of \fBid\fR in \fBbs\fR (which may be 0) or \-1 if +\&\fBid\fR was not found. +.PP +\&\fBOCSP_single_get0_status()\fR returns the status of \fBsingle\fR or \-1 if an error +occurred. +.PP +\&\fBOCSP_resp_get0_signer()\fR returns 1 if the signing certificate was located, +or 0 on error. +.PP +\&\fBOCSP_basic_verify()\fR returns 1 on success, 0 on error, or \-1 on fatal error such +as malloc failure. +.SH "NOTES" +.IX Header "NOTES" +Applications will typically call \fBOCSP_resp_find_status()\fR using the certificate +\&\s-1ID\s0 of interest and then check its validity using \fBOCSP_check_validity()\fR. They +can then take appropriate action based on the status of the certificate. +.PP +An \s-1OCSP\s0 response for a certificate contains \fBthisUpdate\fR and \fBnextUpdate\fR +fields. Normally the current time should be between these two values. To +account for clock skew the \fBmaxsec\fR field can be set to non-zero in +\&\fBOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this +would otherwise mean an ancient response would be considered valid: the +\&\fBmaxsec\fR parameter to \fBOCSP_check_validity()\fR can be used to limit the permitted +age of responses. +.PP +The values written to \fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR by +\&\fBOCSP_resp_find_status()\fR and \fBOCSP_single_get0_status()\fR are internal pointers +which \fB\s-1MUST NOT\s0\fR be freed up by the calling application. Any or all of these +parameters can be set to \s-1NULL\s0 if their value is not required. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OCSP_response_status.3 b/deps/openssl/mingw64/share/man/man3/OCSP_response_status.3 new file mode 100644 index 00000000..63908154 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OCSP_response_status.3 @@ -0,0 +1,244 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_RESPONSE_STATUS 3" +.TH OCSP_RESPONSE_STATUS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, OCSP_RESPID_set_by_key, OCSP_RESPID_match, OCSP_basic_sign, OCSP_basic_sign_ctx \- OCSP response functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OCSP_response_status(OCSP_RESPONSE *resp); +\& OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); +\& OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +\& void OCSP_RESPONSE_free(OCSP_RESPONSE *resp); +\& +\& int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); +\& int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); +\& int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); +\& +\& int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, +\& const EVP_MD *dgst, STACK_OF(X509) *certs, +\& unsigned long flags); +\& int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx, +\& STACK_OF(X509) *certs, unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOCSP_response_status()\fR returns the \s-1OCSP\s0 response status of \fBresp\fR. It returns +one of the values: \fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR, +\&\fB\s-1OCSP_RESPONSE_STATUS_MALFORMEDREQUEST\s0\fR, +\&\fB\s-1OCSP_RESPONSE_STATUS_INTERNALERROR\s0\fR, \fB\s-1OCSP_RESPONSE_STATUS_TRYLATER\s0\fR +\&\fB\s-1OCSP_RESPONSE_STATUS_SIGREQUIRED\s0\fR, or \fB\s-1OCSP_RESPONSE_STATUS_UNAUTHORIZED\s0\fR. +.PP +\&\fBOCSP_response_get1_basic()\fR decodes and returns the \fB\s-1OCSP_BASICRESP\s0\fR structure +contained in \fBresp\fR. +.PP +\&\fBOCSP_response_create()\fR creates and returns an \fB\s-1OCSP_RESPONSE\s0\fR structure for +\&\fBstatus\fR and optionally including basic response \fBbs\fR. +.PP +\&\fBOCSP_RESPONSE_free()\fR frees up \s-1OCSP\s0 response \fBresp\fR. +.PP +\&\fBOCSP_RESPID_set_by_name()\fR sets the name of the \s-1OCSP_RESPID\s0 to be the same as the +subject name in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. +.PP +\&\fBOCSP_RESPID_set_by_key()\fR sets the key of the \s-1OCSP_RESPID\s0 to be the same as the +key in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. The key is +stored as a \s-1SHA1\s0 hash. +.PP +Note that an \s-1OCSP_RESPID\s0 can only have one of the name, or the key set. Calling +\&\fBOCSP_RESPID_set_by_name()\fR or \fBOCSP_RESPID_set_by_key()\fR will clear any existing +setting. +.PP +\&\fBOCSP_RESPID_match()\fR tests whether the \s-1OCSP_RESPID\s0 given in \fBrespid\fR matches +with the X509 certificate \fBcert\fR. +.PP +\&\fBOCSP_basic_sign()\fR signs \s-1OCSP\s0 response \fBbrsp\fR using certificate \fBsigner\fR, private key +\&\fBkey\fR, digest \fBdgst\fR and additional certificates \fBcerts\fR. If the \fBflags\fR option +\&\fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates will be included in the response. If the +\&\fBflags\fR option \fB\s-1OCSP_RESPID_KEY\s0\fR is set then the responder is identified by key \s-1ID\s0 +rather than by name. \fBOCSP_basic_sign_ctx()\fR also signs \s-1OCSP\s0 response \fBbrsp\fR but +uses the parameters contained in digest context \fBctx\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_RESPONSE_status()\fR returns a status value. +.PP +\&\fBOCSP_response_get1_basic()\fR returns an \fB\s-1OCSP_BASICRESP\s0\fR structure pointer or +\&\fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBOCSP_response_create()\fR returns an \fB\s-1OCSP_RESPONSE\s0\fR structure pointer or \fB\s-1NULL\s0\fR +if an error occurred. +.PP +\&\fBOCSP_RESPONSE_free()\fR does not return a value. +.PP +\&\fBOCSP_RESPID_set_by_name()\fR, \fBOCSP_RESPID_set_by_key()\fR, \fBOCSP_basic_sign()\fR, and +\&\fBOCSP_basic_sign_ctx()\fR return 1 on success or 0 +on failure. +.PP +\&\fBOCSP_RESPID_match()\fR returns 1 if the \s-1OCSP_RESPID\s0 and the X509 certificate match +or 0 otherwise. +.SH "NOTES" +.IX Header "NOTES" +\&\fBOCSP_response_get1_basic()\fR is only called if the status of a response is +\&\fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7) +\&\fBOCSP_cert_to_id\fR\|(3) +\&\fBOCSP_request_add1_nonce\fR\|(3) +\&\fBOCSP_REQUEST_new\fR\|(3) +\&\fBOCSP_resp_find_status\fR\|(3) +\&\fBOCSP_sendreq_new\fR\|(3) +\&\fBOCSP_RESPID_new\fR\|(3) +\&\fBOCSP_RESPID_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOCSP_RESPID_set_by_name()\fR, \fBOCSP_RESPID_set_by_key()\fR and \fBOCSP_RESPID_match()\fR +functions were added in OpenSSL 1.1.0a. +.PP +The \fBOCSP_basic_sign_ctx()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OCSP_sendreq_new.3 b/deps/openssl/mingw64/share/man/man3/OCSP_sendreq_new.3 new file mode 100644 index 00000000..0ea775a5 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OCSP_sendreq_new.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_SENDREQ_NEW 3" +.TH OCSP_SENDREQ_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio \- OCSP responder query functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, +\& int maxline); +\& +\& int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +\& +\& void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +\& +\& void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); +\& +\& int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, +\& const char *name, const char *value); +\& +\& int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); +\& +\& OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBOCSP_sendreq_new()\fR returns an \fB\s-1OCSP_CTX\s0\fR structure using the +responder \fBio\fR, the \s-1URL\s0 path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a +response header maximum line length of \fBmaxline\fR. If \fBmaxline\fR is zero a +default value of 4k is used. The \s-1OCSP\s0 request \fBreq\fR may be set to \fB\s-1NULL\s0\fR +and provided later if required. +.PP +\&\fBOCSP_sendreq_nbio()\fR performs non-blocking I/O on the \s-1OCSP\s0 request context +\&\fBrctx\fR. When the operation is complete it returns the response in \fB*presp\fR. +.PP +\&\fBOCSP_REQ_CTX_free()\fR frees up the \s-1OCSP\s0 context \fBrctx\fR. +.PP +\&\fBOCSP_set_max_response_length()\fR sets the maximum response length for \fBrctx\fR +to \fBlen\fR. If the response exceeds this length an error occurs. If not +set a default value of 100k is used. +.PP +\&\fBOCSP_REQ_CTX_add1_header()\fR adds header \fBname\fR with value \fBvalue\fR to the +context \fBrctx\fR. It can be called more than once to add multiple headers. +It \fB\s-1MUST\s0\fR be called before any calls to \fBOCSP_sendreq_nbio()\fR. The \fBreq\fR +parameter in the initial to \fBOCSP_sendreq_new()\fR call \s-1MUST\s0 be set to \fB\s-1NULL\s0\fR if +additional headers are set. +.PP +\&\fBOCSP_REQ_CTX_set1_req()\fR sets the \s-1OCSP\s0 request in \fBrctx\fR to \fBreq\fR. This +function should be called after any calls to \fBOCSP_REQ_CTX_add1_header()\fR. +.PP +\&\fBOCSP_sendreq_bio()\fR performs an \s-1OCSP\s0 request using the responder \fBio\fR, the \s-1URL\s0 +path \fBpath\fR, and the \s-1OCSP\s0 request \fBreq\fR with a response header maximum line +length 4k. It waits indefinitely on a response. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_sendreq_new()\fR returns a valid \fB\s-1OCSP_REQ_CTX\s0\fR structure or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fBOCSP_sendreq_nbio()\fR returns \fB1\fR if the operation was completed successfully, +\&\fB\-1\fR if the operation should be retried and \fB0\fR if an error occurred. +.PP +\&\fBOCSP_REQ_CTX_add1_header()\fR and \fBOCSP_REQ_CTX_set1_req()\fR return \fB1\fR for success +and \fB0\fR for failure. +.PP +\&\fBOCSP_sendreq_bio()\fR returns the \fB\s-1OCSP_RESPONSE\s0\fR structure sent by the +responder or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBOCSP_REQ_CTX_free()\fR and \fBOCSP_set_max_response_length()\fR do not return values. +.SH "NOTES" +.IX Header "NOTES" +These functions only perform a minimal \s-1HTTP\s0 query to a responder. If an +application wishes to support more advanced features it should use an +alternative more complete \s-1HTTP\s0 library. +.PP +Currently only \s-1HTTP POST\s0 queries to responders are supported. +.PP +The arguments to \fBOCSP_sendreq_new()\fR correspond to the components of the \s-1URL.\s0 +For example if the responder \s-1URL\s0 is \fBhttp://ocsp.com/ocspreq\fR the \s-1BIO\s0 +\&\fBio\fR should be connected to host \fBocsp.com\fR on port 80 and \fBpath\fR +should be set to \fB\*(L"/ocspreq\*(R"\fR +.PP +The headers added with \fBOCSP_REQ_CTX_add1_header()\fR are of the form +"\fBname\fR: \fBvalue\fR\*(L" or just \*(R"\fBname\fR" if \fBvalue\fR is \fB\s-1NULL\s0\fR. So to add +a Host header for \fBocsp.com\fR you would call: +.PP +.Vb 1 +\& OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com"); +.Ve +.PP +If \fBOCSP_sendreq_nbio()\fR indicates an operation should be retried the +corresponding \s-1BIO\s0 can be examined to determine which operation (read or +write) should be retried and appropriate action taken (for example a \fBselect()\fR +call on the underlying socket). +.PP +\&\fBOCSP_sendreq_bio()\fR does not support retries and so cannot handle non-blocking +I/O efficiently. It is retained for compatibility and its use in new +applications is not recommended. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OPENSSL_Applink.3 b/deps/openssl/mingw64/share/man/man3/OPENSSL_Applink.3 new file mode 100644 index 00000000..a9d6378d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OPENSSL_Applink.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_APPLINK 3" +.TH OPENSSL_APPLINK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_Applink \- glue between OpenSSL BIO and Win32 compiler run\-time +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& _\|_declspec(dllexport) void **OPENSSL_Applink(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OPENSSL_Applink is application-side interface which provides a glue +between OpenSSL \s-1BIO\s0 layer and Win32 compiler run-time environment. +Even though it appears at application side, it's essentially OpenSSL +private interface. For this reason application developers are not +expected to implement it, but to compile provided module with +compiler of their choice and link it into the target application. +The referred module is available as \fIapplink.c\fR, located alongside +the public header files (only on the platforms where applicable). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Not available. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OPENSSL_LH_COMPFUNC.3 b/deps/openssl/mingw64/share/man/man3/OPENSSL_LH_COMPFUNC.3 new file mode 100644 index 00000000..048ece95 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OPENSSL_LH_COMPFUNC.3 @@ -0,0 +1,369 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_LH_COMPFUNC 3" +.TH OPENSSL_LH_COMPFUNC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +LHASH, DECLARE_LHASH_OF, OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC, LHASH_DOALL_ARG_FN_TYPE, IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, lh_TYPE_new, lh_TYPE_free, lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error \- dynamic hash table +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DECLARE_LHASH_OF(TYPE); +\& +\& LHASH *lh_TYPE_new(OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC compare); +\& void lh_TYPE_free(LHASH_OF(TYPE) *table); +\& +\& TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data); +\& TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data); +\& TYPE *lh_retrieve(LHASH_OF(TYPE) *table, TYPE *data); +\& +\& void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func); +\& void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func, +\& TYPE *arg); +\& +\& int lh_TYPE_error(LHASH_OF(TYPE) *table); +\& +\& typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *); +\& typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *); +\& typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *); +\& typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements type-checked dynamic hash tables. The hash +table entries can be arbitrary structures. Usually they consist of key +and value fields. In the description here, \fI\s-1TYPE\s0\fR is used a placeholder +for any of the OpenSSL datatypes, such as \fI\s-1SSL_SESSION\s0\fR. +.PP +\&\fBlh_TYPE_new()\fR creates a new \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure to store +arbitrary data entries, and specifies the 'hash' and 'compare' +callbacks to be used in organising the table's entries. The \fBhash\fR +callback takes a pointer to a table entry as its argument and returns +an unsigned long hash value for its key field. The hash value is +normally truncated to a power of 2, so make sure that your hash +function returns well mixed low order bits. The \fBcompare\fR callback +takes two arguments (pointers to two hash table entries), and returns +0 if their keys are equal, non-zero otherwise. +.PP +If your hash table +will contain items of some particular type and the \fBhash\fR and +\&\fBcompare\fR callbacks hash/compare these types, then the +\&\fB\s-1IMPLEMENT_LHASH_HASH_FN\s0\fR and \fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be +used to create callback wrappers of the prototypes required by +\&\fBlh_TYPE_new()\fR as shown in this example: +.PP +.Vb 11 +\& /* +\& * Implement the hash and compare functions; "stuff" can be any word. +\& */ +\& static unsigned long stuff_hash(const TYPE *a) +\& { +\& ... +\& } +\& static int stuff_cmp(const TYPE *a, const TYPE *b) +\& { +\& ... +\& } +\& +\& /* +\& * Implement the wrapper functions. +\& */ +\& static IMPLEMENT_LHASH_HASH_FN(stuff, TYPE) +\& static IMPLEMENT_LHASH_COMP_FN(stuff, TYPE) +.Ve +.PP +If the type is going to be used in several places, the following macros +can be used in a common header file to declare the function wrappers: +.PP +.Vb 2 +\& DECLARE_LHASH_HASH_FN(stuff, TYPE) +\& DECLARE_LHASH_COMP_FN(stuff, TYPE) +.Ve +.PP +Then a hash table of \s-1TYPE\s0 objects can be created using this: +.PP +.Vb 1 +\& LHASH_OF(TYPE) *htable; +\& +\& htable = lh_TYPE_new(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff)); +.Ve +.PP +\&\fBlh_TYPE_free()\fR frees the \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure +\&\fBtable\fR. Allocated hash table entries will not be freed; consider +using \fBlh_TYPE_doall()\fR to deallocate any remaining entries in the +hash table (see below). +.PP +\&\fBlh_TYPE_insert()\fR inserts the structure pointed to by \fBdata\fR into +\&\fBtable\fR. If there already is an entry with the same key, the old +value is replaced. Note that \fBlh_TYPE_insert()\fR stores pointers, the +data are not copied. +.PP +\&\fBlh_TYPE_delete()\fR deletes an entry from \fBtable\fR. +.PP +\&\fBlh_TYPE_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR +is a structure with the key field(s) set; the function will return a +pointer to a fully populated structure. +.PP +\&\fBlh_TYPE_doall()\fR will, for every entry in the hash table, call +\&\fBfunc\fR with the data item as its parameter. +For example: +.PP +.Vb 2 +\& /* Cleans up resources belonging to \*(Aqa\*(Aq (this is implemented elsewhere) */ +\& void TYPE_cleanup_doall(TYPE *a); +\& +\& /* Implement a prototype\-compatible wrapper for "TYPE_cleanup" */ +\& IMPLEMENT_LHASH_DOALL_FN(TYPE_cleanup, TYPE) +\& +\& /* Call "TYPE_cleanup" against all items in a hash table. */ +\& lh_TYPE_doall(hashtable, LHASH_DOALL_FN(TYPE_cleanup)); +\& +\& /* Then the hash table itself can be deallocated */ +\& lh_TYPE_free(hashtable); +.Ve +.PP +When doing this, be careful if you delete entries from the hash table +in your callbacks: the table may decrease in size, moving the item +that you are currently on down lower in the hash table \- this could +cause some entries to be skipped during the iteration. The second +best solution to this problem is to set hash\->down_load=0 before +you start (which will stop the hash table ever decreasing in size). +The best solution is probably to avoid deleting items from the hash +table inside a \*(L"doall\*(R" callback! +.PP +\&\fBlh_TYPE_doall_arg()\fR is the same as \fBlh_TYPE_doall()\fR except that +\&\fBfunc\fR will be called with \fBarg\fR as the second argument and \fBfunc\fR +should be of type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype +that is passed both the table entry and an extra argument). As with +\&\fBlh_doall()\fR, you can instead choose to declare your callback with a +prototype matching the types you are dealing with and use the +declare/implement macros to create compatible wrappers that cast +variables before calling your type-specific callbacks. An example of +this is demonstrated here (printing all hash table entries to a \s-1BIO\s0 +that is provided by the caller): +.PP +.Vb 2 +\& /* Prints item \*(Aqa\*(Aq to \*(Aqoutput_bio\*(Aq (this is implemented elsewhere) */ +\& void TYPE_print_doall_arg(const TYPE *a, BIO *output_bio); +\& +\& /* Implement a prototype\-compatible wrapper for "TYPE_print" */ +\& static IMPLEMENT_LHASH_DOALL_ARG_FN(TYPE, const TYPE, BIO) +\& +\& /* Print out the entire hashtable to a particular BIO */ +\& lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO, +\& logging_bio); +.Ve +.PP +\&\fBlh_TYPE_error()\fR can be used to determine if an error occurred in the last +operation. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBlh_TYPE_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new +\&\fB\s-1LHASH\s0\fR structure. +.PP +When a hash table entry is replaced, \fBlh_TYPE_insert()\fR returns the value +being replaced. \fB\s-1NULL\s0\fR is returned on normal operation and on error. +.PP +\&\fBlh_TYPE_delete()\fR returns the entry being deleted. \fB\s-1NULL\s0\fR is returned if +there is no such value in the hash table. +.PP +\&\fBlh_TYPE_retrieve()\fR returns the hash table entry if it has been found, +\&\fB\s-1NULL\s0\fR otherwise. +.PP +\&\fBlh_TYPE_error()\fR returns 1 if an error occurred in the last operation, 0 +otherwise. It's meaningful only after non-retrieve operations. +.PP +\&\fBlh_TYPE_free()\fR, \fBlh_TYPE_doall()\fR and \fBlh_TYPE_doall_arg()\fR return no values. +.SH "NOTE" +.IX Header "NOTE" +The \s-1LHASH\s0 code is not thread safe. All updating operations, as well as +lh_TYPE_error call must be performed under a write lock. All retrieve +operations should be performed under a read lock, \fIunless\fR accurate +usage statistics are desired. In which case, a write lock should be used +for retrieve operations as well. For output of the usage statistics, +using the functions from \fBOPENSSL_LH_stats\fR\|(3), a read lock suffices. +.PP +The \s-1LHASH\s0 code regards table entries as constant data. As such, it +internally represents \fBlh_insert()\fR'd items with a \*(L"const void *\*(R" +pointer type. This is why callbacks such as those used by \fBlh_doall()\fR +and \fBlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the +parameters that pass back the table items' data pointers \- for +consistency, user-provided data is \*(L"const\*(R" at all times as far as the +\&\s-1LHASH\s0 code is concerned. However, as callers are themselves providing +these pointers, they can choose whether they too should be treating +all such parameters as constant. +.PP +As an example, a hash table may be maintained by code that, for +reasons of encapsulation, has only \*(L"const\*(R" access to the data being +indexed in the hash table (ie. it is returned as \*(L"const\*(R" from +elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are +appropriate as-is. Conversely, if the caller is responsible for the +life-time of the data in question, then they may well wish to make +modifications to table item passed back in the \fBlh_doall()\fR or +\&\fBlh_doall_arg()\fR callbacks (see the \*(L"TYPE_cleanup\*(R" example above). If +so, the caller can either cast the \*(L"const\*(R" away (if they're providing +the raw callbacks themselves) or use the macros to declare/implement +the wrapper functions without \*(L"const\*(R" types. +.PP +Callers that only have \*(L"const\*(R" access to data they're indexing in a +table, yet declare callbacks without constant types (or cast the +\&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs +without being encouraged to do so by the \s-1API.\s0 On a related note, +those auditing code should pay special attention to any instances of +DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types +without any \*(L"const\*(R" qualifiers. +.SH "BUGS" +.IX Header "BUGS" +\&\fBlh_TYPE_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_LH_stats\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +In OpenSSL 1.0.0, the lhash interface was revamped for better +type checking. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OPENSSL_LH_stats.3 b/deps/openssl/mingw64/share/man/man3/OPENSSL_LH_stats.3 new file mode 100644 index 00000000..8d54597b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OPENSSL_LH_stats.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_LH_STATS 3" +.TH OPENSSL_LH_STATS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio \- LHASH statistics +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_LH_stats(LHASH *table, FILE *out); +\& void OPENSSL_LH_node_stats(LHASH *table, FILE *out); +\& void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out); +\& +\& void OPENSSL_LH_stats_bio(LHASH *table, BIO *out); +\& void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out); +\& void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1LHASH\s0\fR structure records statistics about most aspects of +accessing the hash table. +.PP +\&\fBOPENSSL_LH_stats()\fR prints out statistics on the size of the hash table, how +many entries are in it, and the number and result of calls to the +routines in this library. +.PP +\&\fBOPENSSL_LH_node_stats()\fR prints the number of entries for each 'bucket' in the +hash table. +.PP +\&\fBOPENSSL_LH_node_usage_stats()\fR prints out a short summary of the state of the +hash table. It prints the 'load' and the 'actual load'. The load is +the average number of data items per 'bucket' in the hash table. The +\&'actual load' is the average number of items per 'bucket', but only +for buckets which contain entries. So the 'actual load' is the +average number of searches that will need to find an item in the hash +table, while the 'load' is the average number that will be done to +record a miss. +.PP +\&\fBOPENSSL_LH_stats_bio()\fR, \fBOPENSSL_LH_node_stats_bio()\fR and \fBOPENSSL_LH_node_usage_stats_bio()\fR +are the same as the above, except that the output goes to a \fB\s-1BIO\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions do not return values. +.SH "NOTE" +.IX Header "NOTE" +These calls should be made under a read lock. Refer to +\&\*(L"\s-1NOTE\*(R"\s0 in \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) for more details about the locks required +when using the \s-1LHASH\s0 data structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBbio\fR\|(7), \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OPENSSL_VERSION_NUMBER.3 b/deps/openssl/mingw64/share/man/man3/OPENSSL_VERSION_NUMBER.3 new file mode 100644 index 00000000..c94c2459 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OPENSSL_VERSION_NUMBER.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_VERSION_NUMBER 3" +.TH OPENSSL_VERSION_NUMBER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version, OpenSSL_version_num \- get OpenSSL version number +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& #include +\& #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL +\& #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx" +\& +\& #include +\& +\& unsigned long OpenSSL_version_num(); +\& const char *OpenSSL_version(int t); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1OPENSSL_VERSION_NUMBER\s0 is a numeric release version identifier: +.PP +.Vb 1 +\& MNNFFPPS: major minor fix patch status +.Ve +.PP +The status nibble has one of the values 0 for development, 1 to e for betas +1 to 14, and f for release. +.PP +for example +.PP +.Vb 3 +\& 0x000906000 == 0.9.6 dev +\& 0x000906023 == 0.9.6b beta 3 +\& 0x00090605f == 0.9.6e release +.Ve +.PP +Versions prior to 0.9.3 have identifiers < 0x0930. +Versions between 0.9.3 and 0.9.5 had a version identifier with this +interpretation: +.PP +.Vb 1 +\& MMNNFFRBB major minor fix final beta/patch +.Ve +.PP +for example +.PP +.Vb 2 +\& 0x000904100 == 0.9.4 release +\& 0x000905000 == 0.9.5 dev +.Ve +.PP +Version 0.9.5a had an interim interpretation that is like the current one, +except the patch level got the highest bit set, to keep continuity. The +number was therefore 0x0090581f. +.PP +\&\s-1OPENSSL_VERSION_TEXT\s0 is the text variant of the version number and the +release date. For example, +\&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R". +.PP +\&\fBOpenSSL_version_num()\fR returns the version number. +.PP +\&\fBOpenSSL_version()\fR returns different strings depending on \fBt\fR: +.IP "\s-1OPENSSL_VERSION\s0" 4 +.IX Item "OPENSSL_VERSION" +The text variant of the version number and the release date. For example, +\&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R". +.IP "\s-1OPENSSL_CFLAGS\s0" 4 +.IX Item "OPENSSL_CFLAGS" +The compiler flags set for the compilation process in the form +\&\*(L"compiler: ...\*(R" if available or \*(L"compiler: information not available\*(R" +otherwise. +.IP "\s-1OPENSSL_BUILT_ON\s0" 4 +.IX Item "OPENSSL_BUILT_ON" +The date of the build process in the form \*(L"built on: ...\*(R" if available +or \*(L"built on: date not available\*(R" otherwise. +.IP "\s-1OPENSSL_PLATFORM\s0" 4 +.IX Item "OPENSSL_PLATFORM" +The \*(L"Configure\*(R" target of the library build in the form \*(L"platform: ...\*(R" +if available or \*(L"platform: information not available\*(R" otherwise. +.IP "\s-1OPENSSL_DIR\s0" 4 +.IX Item "OPENSSL_DIR" +The \*(L"\s-1OPENSSLDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1OPENSSLDIR: \*(R"..."\*(L"\s0 +if available or \*(R"\s-1OPENSSLDIR: N/A"\s0 otherwise. +.IP "\s-1OPENSSL_ENGINES_DIR\s0" 4 +.IX Item "OPENSSL_ENGINES_DIR" +The \*(L"\s-1ENGINESDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1ENGINESDIR: \*(R"..."\*(L"\s0 +if available or \*(R"\s-1ENGINESDIR: N/A"\s0 otherwise. +.PP +For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOpenSSL_version_num()\fR returns the version number. +.PP +\&\fBOpenSSL_version()\fR returns requested version strings. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OPENSSL_config.3 b/deps/openssl/mingw64/share/man/man3/OPENSSL_config.3 new file mode 100644 index 00000000..8ffee227 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OPENSSL_config.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_CONFIG 3" +.TH OPENSSL_CONFIG 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_config, OPENSSL_no_config \- simple OpenSSL configuration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void OPENSSL_config(const char *appname); +\& void OPENSSL_no_config(void); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR and +reads from the application section \fBappname\fR. If \fBappname\fR is \s-1NULL\s0 then +the default section, \fBopenssl_conf\fR, will be used. +Errors are silently ignored. +Multiple calls have no effect. +.PP +\&\fBOPENSSL_no_config()\fR disables configuration. If called before \fBOPENSSL_config()\fR +no configuration takes place. +.PP +If the application is built with \fB\s-1OPENSSL_LOAD_CONF\s0\fR defined, then a +call to \fBOpenSSL_add_all_algorithms()\fR will implicitly call \fBOPENSSL_config()\fR +first. +.SH "NOTES" +.IX Header "NOTES" +The \fBOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and +forget it\*(R" function. +It is however \fBmuch\fR better than nothing. Applications which need finer +control over their configuration functionality should use the configuration +functions such as \fBCONF_modules_load()\fR directly. This function is deprecated +and its use should be avoided. +Applications should instead call \fBCONF_modules_load()\fR during +initialization (that is before starting any threads). +.PP +There are several reasons why calling the OpenSSL configuration routines is +advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). +However very few applications currently support the control interface and so +very few can load and use dynamic ENGINEs. Equally in future more sophisticated +ENGINEs will require certain control operations to customize them. If an +application calls \fBOPENSSL_config()\fR it doesn't need to know or care about +\&\s-1ENGINE\s0 control operations because they can be performed by editing a +configuration file. +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_CONF\s0\fR" 4 +.IX Item "OPENSSL_CONF" +The path to the config file. +Ignored in set-user-ID and set-group-ID programs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Neither \fBOPENSSL_config()\fR nor \fBOPENSSL_no_config()\fR return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5), +\&\fBCONF_modules_load_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOPENSSL_no_config()\fR and \fBOPENSSL_config()\fR functions were +deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OPENSSL_fork_prepare.3 b/deps/openssl/mingw64/share/man/man3/OPENSSL_fork_prepare.3 new file mode 100644 index 00000000..d5d3e7a6 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OPENSSL_fork_prepare.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_FORK_PREPARE 3" +.TH OPENSSL_FORK_PREPARE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_fork_prepare, OPENSSL_fork_parent, OPENSSL_fork_child \&\- OpenSSL fork handlers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_fork_prepare(void); +\& void OPENSSL_fork_parent(void); +\& void OPENSSL_fork_child(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL has state that should be reset when a process forks. For example, +the entropy pool used to generate random numbers (and therefore encryption +keys) should not be shared across multiple programs. +The \fBOPENSSL_fork_prepare()\fR, \fBOPENSSL_fork_parent()\fR, and \fBOPENSSL_fork_child()\fR +functions are used to reset this internal state. +.PP +Platforms without \fBfork\fR\|(2) will probably not need to use these functions. +Platforms with \fBfork\fR\|(2) but without \fBpthread_atfork\fR\|(3) will probably need +to call them manually, as described in the following paragraph. Platforms +such as Linux that have both functions will normally not need to call these +functions as the OpenSSL library will do so automatically. +.PP +\&\fBOPENSSL_init_crypto\fR\|(3) will register these functions with the appropriate +handler, when the \fB\s-1OPENSSL_INIT_ATFORK\s0\fR flag is used. For other +applications, these functions can be called directly. They should be used +according to the calling sequence described by the \fBpthread_atfork\fR\|(3) +documentation, which is summarized here. \fBOPENSSL_fork_prepare()\fR should +be called before a \fBfork()\fR is done. After the \fBfork()\fR returns, the parent +process should call \fBOPENSSL_fork_parent()\fR and the child process should +call \fBOPENSSL_fork_child()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOPENSSL_fork_prepare()\fR, \fBOPENSSL_fork_parent()\fR and \fBOPENSSL_fork_child()\fR do not +return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_init_crypto\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OPENSSL_ia32cap.3 b/deps/openssl/mingw64/share/man/man3/OPENSSL_ia32cap.3 new file mode 100644 index 00000000..663eee7f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OPENSSL_ia32cap.3 @@ -0,0 +1,295 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_IA32CAP 3" +.TH OPENSSL_IA32CAP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_ia32cap \- the x86[_64] processor capabilities vector +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& env OPENSSL_ia32cap=... +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL supports a range of x86[_64] instruction set extensions. These +extensions are denoted by individual bits in capability vector returned +by processor in \s-1EDX:ECX\s0 register pair after executing \s-1CPUID\s0 instruction +with EAX=1 input value (see Intel Application Note #241618). This vector +is copied to memory upon toolkit initialization and used to choose +between different code paths to provide optimal performance across wide +range of processors. For the moment of this writing following bits are +significant: +.IP "bit #4 denoting presence of Time-Stamp Counter." 4 +.IX Item "bit #4 denoting presence of Time-Stamp Counter." +.PD 0 +.IP "bit #19 denoting availability of \s-1CLFLUSH\s0 instruction;" 4 +.IX Item "bit #19 denoting availability of CLFLUSH instruction;" +.IP "bit #20, reserved by Intel, is used to choose among \s-1RC4\s0 code paths;" 4 +.IX Item "bit #20, reserved by Intel, is used to choose among RC4 code paths;" +.IP "bit #23 denoting \s-1MMX\s0 support;" 4 +.IX Item "bit #23 denoting MMX support;" +.IP "bit #24, \s-1FXSR\s0 bit, denoting availability of \s-1XMM\s0 registers;" 4 +.IX Item "bit #24, FXSR bit, denoting availability of XMM registers;" +.IP "bit #25 denoting \s-1SSE\s0 support;" 4 +.IX Item "bit #25 denoting SSE support;" +.IP "bit #26 denoting \s-1SSE2\s0 support;" 4 +.IX Item "bit #26 denoting SSE2 support;" +.IP "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" 4 +.IX Item "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" +.IP "bit #30, reserved by Intel, denotes specifically Intel CPUs;" 4 +.IX Item "bit #30, reserved by Intel, denotes specifically Intel CPUs;" +.IP "bit #33 denoting availability of \s-1PCLMULQDQ\s0 instruction;" 4 +.IX Item "bit #33 denoting availability of PCLMULQDQ instruction;" +.IP "bit #41 denoting \s-1SSSE3,\s0 Supplemental \s-1SSE3,\s0 support;" 4 +.IX Item "bit #41 denoting SSSE3, Supplemental SSE3, support;" +.IP "bit #43 denoting \s-1AMD XOP\s0 support (forced to zero on non-AMD CPUs);" 4 +.IX Item "bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);" +.IP "bit #54 denoting availability of \s-1MOVBE\s0 instruction;" 4 +.IX Item "bit #54 denoting availability of MOVBE instruction;" +.IP "bit #57 denoting AES-NI instruction set extension;" 4 +.IX Item "bit #57 denoting AES-NI instruction set extension;" +.IP "bit #58, \s-1XSAVE\s0 bit, lack of which in combination with \s-1MOVBE\s0 is used to identify Atom Silvermont core;" 4 +.IX Item "bit #58, XSAVE bit, lack of which in combination with MOVBE is used to identify Atom Silvermont core;" +.IP "bit #59, \s-1OSXSAVE\s0 bit, denoting availability of \s-1YMM\s0 registers;" 4 +.IX Item "bit #59, OSXSAVE bit, denoting availability of YMM registers;" +.IP "bit #60 denoting \s-1AVX\s0 extension;" 4 +.IX Item "bit #60 denoting AVX extension;" +.IP "bit #62 denoting availability of \s-1RDRAND\s0 instruction;" 4 +.IX Item "bit #62 denoting availability of RDRAND instruction;" +.PD +.PP +For example, in 32\-bit application context clearing bit #26 at run-time +disables high-performance \s-1SSE2\s0 code present in the crypto library, while +clearing bit #24 disables \s-1SSE2\s0 code operating on 128\-bit \s-1XMM\s0 register +bank. You might have to do the latter if target OpenSSL application is +executed on \s-1SSE2\s0 capable \s-1CPU,\s0 but under control of \s-1OS\s0 that does not +enable \s-1XMM\s0 registers. Historically address of the capability vector copy +was exposed to application through \fBOPENSSL_ia32cap_loc()\fR, but not +anymore. Now the only way to affect the capability detection is to set +OPENSSL_ia32cap environment variable prior target application start. To +give a specific example, on Intel P4 processor 'env +OPENSSL_ia32cap=0x16980010 apps/openssl', or better yet 'env +OPENSSL_ia32cap=~0x1000000 apps/openssl' would achieve the desired +effect. Alternatively you can reconfigure the toolkit with no\-sse2 +option and recompile. +.PP +Less intuitive is clearing bit #28, or ~0x10000000 in the \*(L"environment +variable\*(R" terms. The truth is that it's not copied from \s-1CPUID\s0 output +verbatim, but is adjusted to reflect whether or not the data cache is +actually shared between logical cores. This in turn affects the decision +on whether or not expensive countermeasures against cache-timing attacks +are applied, most notably in \s-1AES\s0 assembler module. +.PP +The capability vector is further extended with \s-1EBX\s0 value returned by +\&\s-1CPUID\s0 with EAX=7 and ECX=0 as input. Following bits are significant: +.IP "bit #64+3 denoting availability of \s-1BMI1\s0 instructions, e.g. \s-1ANDN\s0;" 4 +.IX Item "bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;" +.PD 0 +.IP "bit #64+5 denoting availability of \s-1AVX2\s0 instructions;" 4 +.IX Item "bit #64+5 denoting availability of AVX2 instructions;" +.IP "bit #64+8 denoting availability of \s-1BMI2\s0 instructions, e.g. \s-1MULX\s0 and \s-1RORX\s0;" 4 +.IX Item "bit #64+8 denoting availability of BMI2 instructions, e.g. MULX and RORX;" +.IP "bit #64+16 denoting availability of \s-1AVX512F\s0 extension;" 4 +.IX Item "bit #64+16 denoting availability of AVX512F extension;" +.IP "bit #64+18 denoting availability of \s-1RDSEED\s0 instruction;" 4 +.IX Item "bit #64+18 denoting availability of RDSEED instruction;" +.IP "bit #64+19 denoting availability of \s-1ADCX\s0 and \s-1ADOX\s0 instructions;" 4 +.IX Item "bit #64+19 denoting availability of ADCX and ADOX instructions;" +.IP "bit #64+21 denoting availability of VPMADD52[\s-1LH\s0]UQ instructions, a.k.a. \s-1AVX512IFMA\s0 extension;" 4 +.IX Item "bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, a.k.a. AVX512IFMA extension;" +.IP "bit #64+29 denoting availability of \s-1SHA\s0 extension;" 4 +.IX Item "bit #64+29 denoting availability of SHA extension;" +.IP "bit #64+30 denoting availability of \s-1AVX512BW\s0 extension;" 4 +.IX Item "bit #64+30 denoting availability of AVX512BW extension;" +.IP "bit #64+31 denoting availability of \s-1AVX512VL\s0 extension;" 4 +.IX Item "bit #64+31 denoting availability of AVX512VL extension;" +.IP "bit #64+41 denoting availability of \s-1VAES\s0 extension;" 4 +.IX Item "bit #64+41 denoting availability of VAES extension;" +.IP "bit #64+42 denoting availability of \s-1VPCLMULQDQ\s0 extension;" 4 +.IX Item "bit #64+42 denoting availability of VPCLMULQDQ extension;" +.PD +.PP +To control this extended capability word use ':' as delimiter when +setting up OPENSSL_ia32cap environment variable. For example assigning +\&':~0x20' would disable \s-1AVX2\s0 code paths, and ':0' \- all post-AVX +extensions. +.PP +It should be noted that whether or not some of the most \*(L"fancy\*(R" +extension code paths are actually assembled depends on current assembler +version. Base minimum of \s-1AES\-NI/PCLMULQDQ, SSSE3\s0 and \s-1SHA\s0 extension code +paths are always assembled. Apart from that, minimum assembler version +requirements are summarized in below table: +.PP +.Vb 8 +\& Extension | GNU as | nasm | llvm +\& \-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\- +\& AVX | 2.19 | 2.09 | 3.0 +\& AVX2 | 2.22 | 2.10 | 3.1 +\& ADCX/ADOX | 2.23 | 2.10 | 3.3 +\& AVX512 | 2.25 | 2.11.8 | see NOTES +\& AVX512IFMA | 2.26 | 2.11.8 | see NOTES +\& VAES | 2.30 | 2.13.3 | +.Ve +.SH "NOTES" +.IX Header "NOTES" +Even though \s-1AVX512\s0 support was implemented in llvm 3.6, compilation of +assembly modules apparently requires explicit \-march flag. But then +compiler generates processor-specific code, which in turn contradicts +the mere idea of run-time switch execution facilitated by the variable +in question. Till the limitation is lifted, it's possible to work around +the problem by making build procedure use following script: +.PP +.Vb 2 +\& #!/bin/sh +\& exec clang \-no\-integrated\-as "$@" +.Ve +.PP +instead of real clang. In which case it doesn't matter which clang +version is used, as it is \s-1GNU\s0 assembler version that will be checked. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Not available. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OPENSSL_init_crypto.3 b/deps/openssl/mingw64/share/man/man3/OPENSSL_init_crypto.3 new file mode 100644 index 00000000..534d12ad --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OPENSSL_init_crypto.3 @@ -0,0 +1,379 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INIT_CRYPTO 3" +.TH OPENSSL_INIT_CRYPTO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, OPENSSL_thread_stop \- OpenSSL initialisation and deinitialisation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_cleanup(void); +\& int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +\& int OPENSSL_atexit(void (*handler)(void)); +\& void OPENSSL_thread_stop(void); +\& +\& OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +\& int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, +\& const char* filename); +\& int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, +\& unsigned long flags); +\& int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init, +\& const char* name); +\& void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During normal operation OpenSSL (libcrypto) will allocate various resources at +start up that must, subsequently, be freed on close down of the library. +Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing. +.PP +As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required. +.PP +However, there may be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function \fBOPENSSL_init_crypto()\fR can be used for this purpose for +libcrypto (see also \fBOPENSSL_init_ssl\fR\|(3) for the libssl +equivalent). +.PP +Numerous internal OpenSSL functions call \fBOPENSSL_init_crypto()\fR. +Therefore, in order to perform non-default initialisation, +\&\fBOPENSSL_init_crypto()\fR \s-1MUST\s0 be called by application code prior to +any other OpenSSL function calls. +.PP +The \fBopts\fR parameter specifies which aspects of libcrypto should be +initialised. Valid options are: +.IP "\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS" +Suppress automatic loading of the libcrypto error strings. This option is +not a default option. Once selected subsequent calls to +\&\fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_CRYPTO_STRINGS" +Automatic loading of the libcrypto error strings. With this option the +library will automatically load the libcrypto error strings. +This option is a default option. Once selected subsequent calls to +\&\fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0" 4 +.IX Item "OPENSSL_INIT_ADD_ALL_CIPHERS" +With this option the library will automatically load and make available all +libcrypto ciphers. This option is a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0" 4 +.IX Item "OPENSSL_INIT_ADD_ALL_DIGESTS" +With this option the library will automatically load and make available all +libcrypto digests. This option is a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0" 4 +.IX Item "OPENSSL_INIT_NO_ADD_ALL_CIPHERS" +With this option the library will suppress automatic loading of libcrypto +ciphers. This option is not a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_DIGESTS\s0" 4 +.IX Item "OPENSSL_INIT_NO_ADD_ALL_DIGESTS" +With this option the library will suppress automatic loading of libcrypto +digests. This option is not a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_CONFIG\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_CONFIG" +With this option an OpenSSL configuration file will be automatically loaded and +used by calling \fBOPENSSL_config()\fR. This is not a default option for libcrypto. +As of OpenSSL 1.1.1 this is a default option for libssl (see +\&\fBOPENSSL_init_ssl\fR\|(3) for further details about libssl initialisation). See the +description of \fBOPENSSL_INIT_new()\fR, below. +.IP "\s-1OPENSSL_INIT_NO_LOAD_CONFIG\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_CONFIG" +With this option the loading of OpenSSL configuration files will be suppressed. +It is the equivalent of calling \fBOPENSSL_no_config()\fR. This is not a default +option. +.IP "\s-1OPENSSL_INIT_ASYNC\s0" 4 +.IX Item "OPENSSL_INIT_ASYNC" +With this option the library with automatically initialise the libcrypto async +sub-library (see \fBASYNC_start_job\fR\|(3)). This is a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_RDRAND\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_RDRAND" +With this option the library will automatically load and initialise the +\&\s-1RDRAND\s0 engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_DYNAMIC\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_DYNAMIC" +With this option the library will automatically load and initialise the +dynamic engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_OPENSSL\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_OPENSSL" +With this option the library will automatically load and initialise the +openssl engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_CRYPTODEV\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_CRYPTODEV" +With this option the library will automatically load and initialise the +cryptodev engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_CAPI\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_CAPI" +With this option the library will automatically load and initialise the +\&\s-1CAPI\s0 engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_PADLOCK\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_PADLOCK" +With this option the library will automatically load and initialise the +padlock engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_AFALG\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_AFALG" +With this option the library will automatically load and initialise the +\&\s-1AFALG\s0 engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_ALL_BUILTIN\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_ALL_BUILTIN" +With this option the library will automatically load and initialise all the +built in engines listed above with the exception of the openssl and afalg +engines. This not a default option. +.IP "\s-1OPENSSL_INIT_ATFORK\s0" 4 +.IX Item "OPENSSL_INIT_ATFORK" +With this option the library will register its fork handlers. +See \fBOPENSSL_fork_prepare\fR\|(3) for details. +.IP "\s-1OPENSSL_INIT_NO_ATEXIT\s0" 4 +.IX Item "OPENSSL_INIT_NO_ATEXIT" +By default OpenSSL will attempt to clean itself up when the process exits via an +\&\*(L"atexit\*(R" handler. Using this option suppresses that behaviour. This means that +the application will have to clean up OpenSSL explicitly using +\&\fBOPENSSL_cleanup()\fR. +.PP +Multiple options may be combined together in a single call to +\&\fBOPENSSL_init_crypto()\fR. For example: +.PP +.Vb 2 +\& OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS +\& | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL); +.Ve +.PP +The \fBOPENSSL_cleanup()\fR function deinitialises OpenSSL (both libcrypto +and libssl). All resources allocated by OpenSSL are freed. Typically there +should be no need to call this function directly as it is initiated +automatically on application exit. This is done via the standard C library +\&\fBatexit()\fR function. In the event that the application will close in a manner +that will not call the registered \fBatexit()\fR handlers then the application should +call \fBOPENSSL_cleanup()\fR directly. Developers of libraries using OpenSSL +are discouraged from calling this function and should instead, typically, rely +on auto-deinitialisation. This is to avoid error conditions where both an +application and a library it depends on both use OpenSSL, and the library +deinitialises it before the application has finished using it. +.PP +Once \fBOPENSSL_cleanup()\fR has been called the library cannot be reinitialised. +Attempts to call \fBOPENSSL_init_crypto()\fR will fail and an \s-1ERR_R_INIT_FAIL\s0 error +will be added to the error stack. Note that because initialisation has failed +OpenSSL error strings will not be available, only an error code. This code can +be put through the openssl errstr command line application to produce a human +readable error (see \fBerrstr\fR\|(1)). +.PP +The \fBOPENSSL_atexit()\fR function enables the registration of a +function to be called during \fBOPENSSL_cleanup()\fR. Stop handlers are +called after deinitialisation of resources local to a thread, but before other +process wide resources are freed. In the event that multiple stop handlers are +registered, no guarantees are made about the order of execution. +.PP +The \fBOPENSSL_thread_stop()\fR function deallocates resources associated +with the current thread. Typically this function will be called automatically by +the library when the thread exits. This should only be called directly if +resources should be freed at an earlier time, or under the circumstances +described in the \s-1NOTES\s0 section below. +.PP +The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a configuration file, as with +\&\fBCONF_modules_load_file\fR\|(3) with \s-1NULL\s0 filename and application name and the +\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR, \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR and +\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR flags. +The filename, application name, and flags can be customized by providing a +non-null \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR object. +The object can be allocated via \fB\fBOPENSSL_init_new()\fB\fR. +The \fB\fBOPENSSL_INIT_set_config_filename()\fB\fR function can be used to specify a +non-default filename, which is copied and need not refer to persistent storage. +Similarly, \fBOPENSSL_INIT_set_config_appname()\fR can be used to specify a +non-default application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +If the \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR flag is not included, any errors in +the configuration file will cause an error return from \fBOPENSSL_init_crypto\fR +or indirectly \fBOPENSSL_init_ssl\fR\|(3). +The object can be released with \fBOPENSSL_INIT_free()\fR when done. +.SH "NOTES" +.IX Header "NOTES" +Resources local to a thread are deallocated automatically when the thread exits +(e.g. in a pthreads environment, when \fBpthread_exit()\fR is called). On Windows +platforms this is done in response to a \s-1DLL_THREAD_DETACH\s0 message being sent to +the libcrypto32.dll entry point. Some windows functions may cause threads to exit +without sending this message (for example \fBExitProcess()\fR). If the application +uses such functions, then the application must free up OpenSSL resources +directly via a call to \fBOPENSSL_thread_stop()\fR on each thread. Similarly this +message will also not be sent if OpenSSL is linked statically, and therefore +applications using static linking should also call \fBOPENSSL_thread_stop()\fR on each +thread. Additionally if OpenSSL is loaded dynamically via \fBLoadLibrary()\fR and the +threads are not destroyed until after \fBFreeLibrary()\fR is called then each thread +should call \fBOPENSSL_thread_stop()\fR prior to the \fBFreeLibrary()\fR call. +.PP +On Linux/Unix where OpenSSL has been loaded via \fBdlopen()\fR and the application is +multi-threaded and if \fBdlclose()\fR is subsequently called prior to the threads +being destroyed then OpenSSL will not be able to deallocate resources associated +with those threads. The application should either call \fBOPENSSL_thread_stop()\fR on +each thread prior to the \fBdlclose()\fR call, or alternatively the original \fBdlopen()\fR +call should use the \s-1RTLD_NODELETE\s0 flag (where available on the platform). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions OPENSSL_init_crypto, \fBOPENSSL_atexit()\fR and +\&\fBOPENSSL_INIT_set_config_appname()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_init_ssl\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOPENSSL_init_crypto()\fR, \fBOPENSSL_cleanup()\fR, \fBOPENSSL_atexit()\fR, +\&\fBOPENSSL_thread_stop()\fR, \fBOPENSSL_INIT_new()\fR, \fBOPENSSL_INIT_set_config_appname()\fR +and \fBOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OPENSSL_init_ssl.3 b/deps/openssl/mingw64/share/man/man3/OPENSSL_init_ssl.3 new file mode 100644 index 00000000..8933c157 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OPENSSL_init_ssl.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INIT_SSL 3" +.TH OPENSSL_INIT_SSL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_init_ssl \- OpenSSL (libssl and libcrypto) initialisation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During normal operation OpenSSL (libssl and libcrypto) will allocate various +resources at start up that must, subsequently, be freed on close down of the +library. Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing. +.PP +As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required. +.PP +However, there may be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function \fBOPENSSL_init_ssl()\fR can be used for this purpose. Calling +this function will explicitly initialise \s-1BOTH\s0 libcrypto and libssl. To +explicitly initialise \s-1ONLY\s0 libcrypto see the +\&\fBOPENSSL_init_crypto\fR\|(3) function. +.PP +Numerous internal OpenSSL functions call \fBOPENSSL_init_ssl()\fR. +Therefore, in order to perform non-default initialisation, +\&\fBOPENSSL_init_ssl()\fR \s-1MUST\s0 be called by application code prior to +any other OpenSSL function calls. +.PP +The \fBopts\fR parameter specifies which aspects of libssl and libcrypto should be +initialised. Valid options for libcrypto are described on the +\&\fBOPENSSL_init_crypto\fR\|(3) page. In addition to any libcrypto +specific option the following libssl options can also be used: +.IP "\s-1OPENSSL_INIT_NO_LOAD_SSL_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_SSL_STRINGS" +Suppress automatic loading of the libssl error strings. This option is +not a default option. Once selected subsequent calls to +\&\fBOPENSSL_init_ssl()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_SSL_STRINGS" +Automatic loading of the libssl error strings. This option is a +default option. Once selected subsequent calls to +\&\fBOPENSSL_init_ssl()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. +.PP +\&\fBOPENSSL_init_ssl()\fR takes a \fBsettings\fR parameter which can be used to +set parameter values. See \fBOPENSSL_init_crypto\fR\|(3) for details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The function \fBOPENSSL_init_ssl()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_init_crypto\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOPENSSL_init_ssl()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OPENSSL_instrument_bus.3 b/deps/openssl/mingw64/share/man/man3/OPENSSL_instrument_bus.3 new file mode 100644 index 00000000..482178f2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OPENSSL_instrument_bus.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INSTRUMENT_BUS 3" +.TH OPENSSL_INSTRUMENT_BUS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_instrument_bus, OPENSSL_instrument_bus2 \- instrument references to memory bus +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& #ifdef OPENSSL_CPUID_OBJ +\& size_t OPENSSL_instrument_bus(int *vector, size_t num); +\& size_t OPENSSL_instrument_bus2(int *vector, size_t num, size_t max); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +It was empirically found that timings of references to primary memory +are subject to irregular, apparently non-deterministic variations. The +subroutines in question instrument these references for purposes of +gathering randomness for random number generator. In order to make it +bus-bound a 'flush cache line' instruction is used between probes. In +addition probes are added to \fBvector\fR elements in atomic or +interlocked manner, which should contribute additional noise on +multi-processor systems. This also means that \fBvector[num]\fR should be +zeroed upon invocation (if you want to retrieve actual probe values). +.PP +\&\fBOPENSSL_instrument_bus()\fR performs \fBnum\fR probes and records the number of +oscillator cycles every probe took. +.PP +\&\fBOPENSSL_instrument_bus2()\fR on the other hand \fBaccumulates\fR consecutive +probes with the same value, i.e. in a way it records duration of +periods when probe values appeared deterministic. The subroutine +performs at most \fBmax\fR probes in attempt to fill the \fBvector[num]\fR, +with \fBmax\fR value of 0 meaning \*(L"as many as it takes.\*(R" +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Return value of 0 indicates that \s-1CPU\s0 is not capable of performing the +benchmark, either because oscillator counter or 'flush cache line' is +not available on current platform. For reference, on x86 'flush cache +line' was introduced with the \s-1SSE2\s0 extensions. +.PP +Otherwise number of recorded values is returned. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2011\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OPENSSL_load_builtin_modules.3 b/deps/openssl/mingw64/share/man/man3/OPENSSL_load_builtin_modules.3 new file mode 100644 index 00000000..4ee9b4ff --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OPENSSL_load_builtin_modules.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_LOAD_BUILTIN_MODULES 3" +.TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module \- add standard configuration modules +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_load_builtin_modules(void); +\& void ASN1_add_oid_module(void); +\& void ENGINE_add_conf_module(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL +configuration modules to the internal list. They can then be used by the +OpenSSL configuration code. +.PP +\&\fBASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module. +.PP +\&\fBENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module. +.SH "NOTES" +.IX Header "NOTES" +If the simple configuration function \fBOPENSSL_config()\fR is called then +\&\fBOPENSSL_load_builtin_modules()\fR is called automatically. +.PP +Applications which use the configuration functions directly will need to +call \fBOPENSSL_load_builtin_modules()\fR themselves \fIbefore\fR any other +configuration code. +.PP +Applications should call \fBOPENSSL_load_builtin_modules()\fR to load all +configuration modules instead of adding modules selectively: otherwise +functionality may be missing from the application if an when new +modules are added. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OPENSSL_malloc.3 b/deps/openssl/mingw64/share/man/man3/OPENSSL_malloc.3 new file mode 100644 index 00000000..aad0a031 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OPENSSL_malloc.3 @@ -0,0 +1,371 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_MALLOC 3" +.TH OPENSSL_MALLOC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_malloc_init, OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free, OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse, CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free, OPENSSL_strdup, OPENSSL_strndup, OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat, OPENSSL_hexstr2buf, OPENSSL_buf2hexstr, OPENSSL_hexchar2int, CRYPTO_strdup, CRYPTO_strndup, OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop, CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop, CRYPTO_clear_realloc, CRYPTO_clear_free, CRYPTO_get_mem_functions, CRYPTO_set_mem_functions, CRYPTO_get_alloc_counts, CRYPTO_set_mem_debug, CRYPTO_mem_ctrl, CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp, CRYPTO_mem_leaks_cb, OPENSSL_MALLOC_FAILURES, OPENSSL_MALLOC_FD \&\- Memory allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OPENSSL_malloc_init(void) +\& +\& void *OPENSSL_malloc(size_t num) +\& void *OPENSSL_zalloc(size_t num) +\& void *OPENSSL_realloc(void *addr, size_t num) +\& void OPENSSL_free(void *addr) +\& char *OPENSSL_strdup(const char *str) +\& char *OPENSSL_strndup(const char *str, size_t s) +\& size_t OPENSSL_strlcat(char *dst, const char *src, size_t size); +\& size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size); +\& void *OPENSSL_memdup(void *data, size_t s) +\& void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num) +\& void OPENSSL_clear_free(void *str, size_t num) +\& void OPENSSL_cleanse(void *ptr, size_t len); +\& +\& unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); +\& char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len); +\& int OPENSSL_hexchar2int(unsigned char c); +\& +\& void *CRYPTO_malloc(size_t num, const char *file, int line) +\& void *CRYPTO_zalloc(size_t num, const char *file, int line) +\& void *CRYPTO_realloc(void *p, size_t num, const char *file, int line) +\& void CRYPTO_free(void *str, const char *, int) +\& char *CRYPTO_strdup(const char *p, const char *file, int line) +\& char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line) +\& void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num, +\& const char *file, int line) +\& void CRYPTO_clear_free(void *str, size_t num, const char *, int) +\& +\& void CRYPTO_get_mem_functions( +\& void *(**m)(size_t, const char *, int), +\& void *(**r)(void *, size_t, const char *, int), +\& void (**f)(void *, const char *, int)) +\& int CRYPTO_set_mem_functions( +\& void *(*m)(size_t, const char *, int), +\& void *(*r)(void *, size_t, const char *, int), +\& void (*f)(void *, const char *, int)) +\& +\& void CRYPTO_get_alloc_counts(int *m, int *r, int *f) +\& +\& int CRYPTO_set_mem_debug(int onoff) +\& +\& env OPENSSL_MALLOC_FAILURES=... +\& env OPENSSL_MALLOC_FD=... +\& +\& int CRYPTO_mem_ctrl(int mode); +\& +\& int OPENSSL_mem_debug_push(const char *info) +\& int OPENSSL_mem_debug_pop(void); +\& +\& int CRYPTO_mem_debug_push(const char *info, const char *file, int line); +\& int CRYPTO_mem_debug_pop(void); +\& +\& int CRYPTO_mem_leaks(BIO *b); +\& int CRYPTO_mem_leaks_fp(FILE *fp); +\& int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), +\& void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL memory allocation is handled by the \fBOPENSSL_xxx\fR \s-1API.\s0 These are +generally macro's that add the standard C \fB_\|_FILE_\|_\fR and \fB_\|_LINE_\|_\fR +parameters and call a lower-level \fBCRYPTO_xxx\fR \s-1API.\s0 +Some functions do not add those parameters, but exist for consistency. +.PP +\&\fBOPENSSL_malloc_init()\fR does nothing and does not need to be called. It is +included for compatibility with older versions of OpenSSL. +.PP +\&\fBOPENSSL_malloc()\fR, \fBOPENSSL_realloc()\fR, and \fBOPENSSL_free()\fR are like the +C \fBmalloc()\fR, \fBrealloc()\fR, and \fBfree()\fR functions. +\&\fBOPENSSL_zalloc()\fR calls \fBmemset()\fR to zero the memory before returning. +.PP +\&\fBOPENSSL_clear_realloc()\fR and \fBOPENSSL_clear_free()\fR should be used +when the buffer at \fBaddr\fR holds sensitive information. +The old buffer is filled with zero's by calling \fBOPENSSL_cleanse()\fR +before ultimately calling \fBOPENSSL_free()\fR. +.PP +\&\fBOPENSSL_cleanse()\fR fills \fBptr\fR of size \fBlen\fR with a string of 0's. +Use \fBOPENSSL_cleanse()\fR with care if the memory is a mapping of a file. +If the storage controller uses write compression, then its possible +that sensitive tail bytes will survive zeroization because the block of +zeros will be compressed. If the storage controller uses wear leveling, +then the old sensitive data will not be overwritten; rather, a block of +0's will be written at a new physical location. +.PP +\&\fBOPENSSL_strdup()\fR, \fBOPENSSL_strndup()\fR and \fBOPENSSL_memdup()\fR are like the +equivalent C functions, except that memory is allocated by calling the +\&\fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR. +.PP +\&\fBOPENSSL_strlcpy()\fR, +\&\fBOPENSSL_strlcat()\fR and \fBOPENSSL_strnlen()\fR are equivalents of the common C +library functions and are provided for portability. +.PP +\&\fBOPENSSL_hexstr2buf()\fR parses \fBstr\fR as a hex string and returns a +pointer to the parsed value. The memory is allocated by calling +\&\fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR. +If \fBlen\fR is not \s-1NULL,\s0 it is filled in with the output length. +Colons between two-character hex \*(L"bytes\*(R" are ignored. +An odd number of hex digits is an error. +.PP +\&\fBOPENSSL_buf2hexstr()\fR takes the specified buffer and length, and returns +a hex string for value, or \s-1NULL\s0 on error. +\&\fBBuffer\fR cannot be \s-1NULL\s0; if \fBlen\fR is 0 an empty string is returned. +.PP +\&\fBOPENSSL_hexchar2int()\fR converts a character to the hexadecimal equivalent, +or returns \-1 on error. +.PP +If no allocations have been done, it is possible to \*(L"swap out\*(R" the default +implementations for \fBOPENSSL_malloc()\fR, OPENSSL_realloc and \fBOPENSSL_free()\fR +and replace them with alternate versions (hooks). +\&\fBCRYPTO_get_mem_functions()\fR function fills in the given arguments with the +function pointers for the current implementations. +With \fBCRYPTO_set_mem_functions()\fR, you can specify a different set of functions. +If any of \fBm\fR, \fBr\fR, or \fBf\fR are \s-1NULL,\s0 then the function is not changed. +.PP +The default implementation can include some debugging capability (if enabled +at build-time). +This adds some overhead by keeping a list of all memory allocations, and +removes items from the list when they are free'd. +This is most useful for identifying memory leaks. +\&\fBCRYPTO_set_mem_debug()\fR turns this tracking on and off. In order to have +any effect, is must be called before any of the allocation functions +(e.g., \fBCRYPTO_malloc()\fR) are called, and is therefore normally one of the +first lines of \fBmain()\fR in an application. +\&\fBCRYPTO_mem_ctrl()\fR provides fine-grained control of memory leak tracking. +To enable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of +the \fB\s-1CRYPTO_MEM_CHECK_ON\s0\fR. +To disable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of +the \fB\s-1CRYPTO_MEM_CHECK_OFF\s0\fR. +.PP +While checking memory, it can be useful to store additional context +about what is being done. +For example, identifying the field names when parsing a complicated +data structure. +\&\fBOPENSSL_mem_debug_push()\fR (which calls \fBCRYPTO_mem_debug_push()\fR) +attaches an identifying string to the allocation stack. +This must be a global or other static string; it is not copied. +\&\fBOPENSSL_mem_debug_pop()\fR removes identifying state from the stack. +.PP +At the end of the program, calling \fBCRYPTO_mem_leaks()\fR or +\&\fBCRYPTO_mem_leaks_fp()\fR will report all \*(L"leaked\*(R" memory, writing it +to the specified \s-1BIO\s0 \fBb\fR or \s-1FILE\s0 \fBfp\fR. These functions return 1 if +there are no leaks, 0 if there are leaks and \-1 if an error occurred. +.PP +\&\fBCRYPTO_mem_leaks_cb()\fR does the same as \fBCRYPTO_mem_leaks()\fR, but instead +of writing to a given \s-1BIO,\s0 the callback function is called for each +output string with the string, length, and userdata \fBu\fR as the callback +parameters. +.PP +If the library is built with the \f(CW\*(C`crypto\-mdebug\*(C'\fR option, then one +function, \fBCRYPTO_get_alloc_counts()\fR, and two additional environment +variables, \fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR and \fB\s-1OPENSSL_MALLOC_FD\s0\fR, +are available. +.PP +The function \fBCRYPTO_get_alloc_counts()\fR fills in the number of times +each of \fBCRYPTO_malloc()\fR, \fBCRYPTO_realloc()\fR, and \fBCRYPTO_free()\fR have been +called, into the values pointed to by \fBmcount\fR, \fBrcount\fR, and \fBfcount\fR, +respectively. If a pointer is \s-1NULL,\s0 then the corresponding count is not stored. +.PP +The variable +\&\fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR controls how often allocations should fail. +It is a set of fields separated by semicolons, which each field is a count +(defaulting to zero) and an optional atsign and percentage (defaulting +to 100). If the count is zero, then it lasts forever. For example, +\&\f(CW\*(C`100;@25\*(C'\fR or \f(CW\*(C`100@0;0@25\*(C'\fR means the first 100 allocations pass, then all +other allocations (until the program exits or crashes) have a 25% chance of +failing. +.PP +If the variable \fB\s-1OPENSSL_MALLOC_FD\s0\fR is parsed as a positive integer, then +it is taken as an open file descriptor, and a record of all allocations is +written to that descriptor. If an allocation will fail, and the platform +supports it, then a backtrace will be written to the descriptor. This can +be useful because a malloc may fail but not be checked, and problems will +only occur later. The following example in classic shell syntax shows how +to use this (will not work on all platforms): +.PP +.Vb 5 +\& OPENSSL_MALLOC_FAILURES=\*(Aq200;@10\*(Aq +\& export OPENSSL_MALLOC_FAILURES +\& OPENSSL_MALLOC_FD=3 +\& export OPENSSL_MALLOC_FD +\& ...app invocation... 3>/tmp/log$$ +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOPENSSL_malloc_init()\fR, \fBOPENSSL_free()\fR, \fBOPENSSL_clear_free()\fR +\&\fBCRYPTO_free()\fR, \fBCRYPTO_clear_free()\fR and \fBCRYPTO_get_mem_functions()\fR +return no value. +.PP +\&\fBCRYPTO_mem_leaks()\fR, \fBCRYPTO_mem_leaks_fp()\fR and \fBCRYPTO_mem_leaks_cb()\fR return 1 if +there are no leaks, 0 if there are leaks and \-1 if an error occurred. +.PP +\&\fBOPENSSL_malloc()\fR, \fBOPENSSL_zalloc()\fR, \fBOPENSSL_realloc()\fR, +\&\fBOPENSSL_clear_realloc()\fR, +\&\fBCRYPTO_malloc()\fR, \fBCRYPTO_zalloc()\fR, \fBCRYPTO_realloc()\fR, +\&\fBCRYPTO_clear_realloc()\fR, +\&\fBOPENSSL_buf2hexstr()\fR, \fBOPENSSL_hexstr2buf()\fR, +\&\fBOPENSSL_strdup()\fR, and \fBOPENSSL_strndup()\fR +return a pointer to allocated memory or \s-1NULL\s0 on error. +.PP +\&\fBCRYPTO_set_mem_functions()\fR and \fBCRYPTO_set_mem_debug()\fR +return 1 on success or 0 on failure (almost +always because allocations have already happened). +.PP +\&\fBCRYPTO_mem_ctrl()\fR returns \-1 if an error occurred, otherwise the +previous value of the mode. +.PP +\&\fBOPENSSL_mem_debug_push()\fR and \fBOPENSSL_mem_debug_pop()\fR +return 1 on success or 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +While it's permitted to swap out only a few and not all the functions +with \fBCRYPTO_set_mem_functions()\fR, it's recommended to swap them all out +at once. \fIThis applies specially if OpenSSL was built with the +configuration option\fR \f(CW\*(C`crypto\-mdebug\*(C'\fR \fIenabled. In case, swapping out +only, say, the \f(BImalloc()\fI implementation is outright dangerous.\fR +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OPENSSL_secure_malloc.3 b/deps/openssl/mingw64/share/man/man3/OPENSSL_secure_malloc.3 new file mode 100644 index 00000000..cc1ecb47 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OPENSSL_secure_malloc.3 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_SECURE_MALLOC 3" +.TH OPENSSL_SECURE_MALLOC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, CRYPTO_secure_free, OPENSSL_secure_clear_free, CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, CRYPTO_secure_allocated, CRYPTO_secure_used \- secure heap storage +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CRYPTO_secure_malloc_init(size_t size, int minsize); +\& +\& int CRYPTO_secure_malloc_initialized(); +\& +\& int CRYPTO_secure_malloc_done(); +\& +\& void *OPENSSL_secure_malloc(size_t num); +\& void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +\& +\& void *OPENSSL_secure_zalloc(size_t num); +\& void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +\& +\& void OPENSSL_secure_free(void* ptr); +\& void CRYPTO_secure_free(void *ptr, const char *, int); +\& +\& void OPENSSL_secure_clear_free(void* ptr, size_t num); +\& void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int); +\& +\& size_t OPENSSL_secure_actual_size(const void *ptr); +\& +\& int CRYPTO_secure_allocated(const void *ptr); +\& size_t CRYPTO_secure_used(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In order to help protect applications (particularly long-running servers) +from pointer overruns or underruns that could return arbitrary data from +the program's dynamic memory area, where keys and other sensitive +information might be stored, OpenSSL supports the concept of a \*(L"secure heap.\*(R" +The level and type of security guarantees depend on the operating system. +It is a good idea to review the code and see if it addresses your +threat model and concerns. +.PP +If a secure heap is used, then private key \fB\s-1BIGNUM\s0\fR values are stored there. +This protects long-term storage of private keys, but will not necessarily +put all intermediate values and computations there. +.PP +\&\fBCRYPTO_secure_malloc_init()\fR creates the secure heap, with the specified +\&\f(CW\*(C`size\*(C'\fR in bytes. The \f(CW\*(C`minsize\*(C'\fR parameter is the minimum size to +allocate from the heap. Both \f(CW\*(C`size\*(C'\fR and \f(CW\*(C`minsize\*(C'\fR must be a power +of two. +.PP +\&\fBCRYPTO_secure_malloc_initialized()\fR indicates whether or not the secure +heap as been initialized and is available. +.PP +\&\fBCRYPTO_secure_malloc_done()\fR releases the heap and makes the memory unavailable +to the process if all secure memory has been freed. +It can take noticeably long to complete. +.PP +\&\fBOPENSSL_secure_malloc()\fR allocates \f(CW\*(C`num\*(C'\fR bytes from the heap. +If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fBOPENSSL_malloc()\fR. +It is a macro that expands to +\&\fBCRYPTO_secure_malloc()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters. +.PP +\&\fBOPENSSL_secure_zalloc()\fR and \fBCRYPTO_secure_zalloc()\fR are like +\&\fBOPENSSL_secure_malloc()\fR and \fBCRYPTO_secure_malloc()\fR, respectively, +except that they call \fBmemset()\fR to zero the memory before returning. +.PP +\&\fBOPENSSL_secure_free()\fR releases the memory at \f(CW\*(C`ptr\*(C'\fR back to the heap. +It must be called with a value previously obtained from +\&\fBOPENSSL_secure_malloc()\fR. +If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fBOPENSSL_free()\fR. +It exists for consistency with \fBOPENSSL_secure_malloc()\fR , and +is a macro that expands to \fBCRYPTO_secure_free()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR +and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters.. +.PP +\&\fBOPENSSL_secure_clear_free()\fR is similar to \fBOPENSSL_secure_free()\fR except +that it has an additional \f(CW\*(C`num\*(C'\fR parameter which is used to clear +the memory if it was not allocated from the secure heap. +If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fBOPENSSL_clear_free()\fR. +.PP +\&\fBOPENSSL_secure_actual_size()\fR tells the actual size allocated to the +pointer; implementations may allocate more space than initially +requested, in order to \*(L"round up\*(R" and reduce secure heap fragmentation. +.PP +\&\fBOPENSSL_secure_allocated()\fR tells if a pointer is allocated in the secure heap. +.PP +\&\fBCRYPTO_secure_used()\fR returns the number of bytes allocated in the +secure heap. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCRYPTO_secure_malloc_init()\fR returns 0 on failure, 1 if successful, +and 2 if successful but the heap could not be protected by memory +mapping. +.PP +\&\fBCRYPTO_secure_malloc_initialized()\fR returns 1 if the secure heap is +available (that is, if \fBCRYPTO_secure_malloc_init()\fR has been called, +but \fBCRYPTO_secure_malloc_done()\fR has not been called or failed) or 0 if not. +.PP +\&\fBOPENSSL_secure_malloc()\fR and \fBOPENSSL_secure_zalloc()\fR return a pointer into +the secure heap of the requested size, or \f(CW\*(C`NULL\*(C'\fR if memory could not be +allocated. +.PP +\&\fBCRYPTO_secure_allocated()\fR returns 1 if the pointer is in the secure heap, or 0 if not. +.PP +\&\fBCRYPTO_secure_malloc_done()\fR returns 1 if the secure memory area is released, or 0 if not. +.PP +\&\fBOPENSSL_secure_free()\fR and \fBOPENSSL_secure_clear_free()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_malloc\fR\|(3), +\&\fBBN_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOPENSSL_secure_clear_free()\fR function was added in OpenSSL 1.1.0g. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OSSL_STORE_INFO.3 b/deps/openssl/mingw64/share/man/man3/OSSL_STORE_INFO.3 new file mode 100644 index 00000000..e196b728 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OSSL_STORE_INFO.3 @@ -0,0 +1,314 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_INFO 3" +.TH OSSL_STORE_INFO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, OSSL_STORE_INFO_get0_NAME_description, OSSL_STORE_INFO_get0_PARAMS, OSSL_STORE_INFO_get0_PKEY, OSSL_STORE_INFO_get0_CERT, OSSL_STORE_INFO_get0_CRL, OSSL_STORE_INFO_get1_NAME, OSSL_STORE_INFO_get1_NAME_description, OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PKEY, OSSL_STORE_INFO_get1_CERT, OSSL_STORE_INFO_get1_CRL, OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free, OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description, OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL \- Functions to manipulate OSSL_STORE_INFO objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_info_st OSSL_STORE_INFO; +\& +\& int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *store_info); +\& const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *store_info); +\& char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *store_info); +\& const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO +\& *store_info); +\& char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *store_info); +\& X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *store_info); +\& X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *store_info); +\& X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *store_info); +\& X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *store_info); +\& +\& const char *OSSL_STORE_INFO_type_string(int type); +\& +\& void OSSL_STORE_INFO_free(OSSL_STORE_INFO *store_info); +\& +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); +\& int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(DSA *dsa_params); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are primarily useful for applications to retrieve +supported objects from \fB\s-1OSSL_STORE_INFO\s0\fR objects and for scheme specific +loaders to create \fB\s-1OSSL_STORE_INFO\s0\fR holders. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_INFO\s0\fR is an opaque type that's just an intermediary holder for +the objects that have been retrieved by \fBOSSL_STORE_load()\fR and similar +functions. +Supported OpenSSL type object can be extracted using one of +\&\fBSTORE_INFO_get0_TYPE()\fR. +The life time of this extracted object is as long as the life time of +the \fB\s-1OSSL_STORE_INFO\s0\fR it was extracted from, so care should be taken not +to free the latter too early. +As an alternative, \fBSTORE_INFO_get1_TYPE()\fR extracts a duplicate (or the +same object with its reference count increased), which can be used +after the containing \fB\s-1OSSL_STORE_INFO\s0\fR has been freed. +The object returned by \fBSTORE_INFO_get1_TYPE()\fR must be freed separately +by the caller. +See \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 for more information on the types that are +supported. +.SS "Functions" +.IX Subsection "Functions" +\&\fBOSSL_STORE_INFO_get_type()\fR takes a \fB\s-1OSSL_STORE_INFO\s0\fR and returns the \s-1STORE\s0 +type number for the object inside. +\&\fBSTORE_INFO_get_type_string()\fR takes a \s-1STORE\s0 type number and returns a +short string describing it. +.PP +\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all take a +\&\fB\s-1OSSL_STORE_INFO\s0\fR and return the held object of the appropriate OpenSSL +type provided that's what's held. +.PP +\&\fBOSSL_STORE_INFO_get1_NAME()\fR, \fBOSSL_STORE_INFO_get1_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get1_PARAMS()\fR, \fBOSSL_STORE_INFO_get1_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get1_CERT()\fR and \fBOSSL_STORE_INFO_get1_CRL()\fR all take a +\&\fB\s-1OSSL_STORE_INFO\s0\fR and return a duplicate of the held object of the +appropriate OpenSSL type provided that's what's held. +.PP +\&\fBOSSL_STORE_INFO_free()\fR frees a \fB\s-1OSSL_STORE_INFO\s0\fR and its contained type. +.PP +\&\fBOSSL_STORE_INFO_new_NAME()\fR , \fBOSSL_STORE_INFO_new_PARAMS()\fR, +\&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and +\&\fBOSSL_STORE_INFO_new_CRL()\fR create a \fB\s-1OSSL_STORE_INFO\s0\fR +object to hold the given input object. +Additionally, for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR` objects, +\&\fBOSSL_STORE_INFO_set0_NAME_description()\fR can be used to add an extra +description. +This description is meant to be human readable and should be used for +information printout. +.SH "SUPPORTED OBJECTS" +.IX Header "SUPPORTED OBJECTS" +Currently supported object types are: +.IP "\s-1OSSL_STORE_INFO_NAME\s0" 4 +.IX Item "OSSL_STORE_INFO_NAME" +A name is exactly that, a name. +It's like a name in a directory, but formatted as a complete \s-1URI.\s0 +For example, the path in \s-1URI\s0 \f(CW\*(C`file:/foo/bar/\*(C'\fR could include a file +named \f(CW\*(C`cookie.pem\*(C'\fR, and in that case, the returned \fB\s-1OSSL_STORE_INFO_NAME\s0\fR +object would have the \s-1URI\s0 \f(CW\*(C`file:/foo/bar/cookie.pem\*(C'\fR, which can be +used by the application to get the objects in that file. +This can be applied to all schemes that can somehow support a listing +of object URIs. +.Sp +For \f(CW\*(C`file:\*(C'\fR URIs that are used without the explicit scheme, the +returned name will be the path of each object, so if \f(CW\*(C`/foo/bar\*(C'\fR was +given and that path has the file \f(CW\*(C`cookie.pem\*(C'\fR, the name +\&\f(CW\*(C`/foo/bar/cookie.pem\*(C'\fR will be returned. +.Sp +The returned \s-1URI\s0 is considered canonical and must be unique and permanent +for the storage where the object (or collection of objects) resides. +Each loader is responsible for ensuring that it only returns canonical +URIs. +However, it's possible that certain schemes allow an object (or collection +thereof) to be reached with alternative URIs; just because one \s-1URI\s0 is +canonical doesn't mean that other variants can't be used. +.Sp +At the discretion of the loader that was used to get these names, an +extra description may be attached as well. +.IP "\s-1OSSL_STORE_INFO_PARAMS\s0" 4 +.IX Item "OSSL_STORE_INFO_PARAMS" +Key parameters. +.IP "\s-1OSSL_STORE_INFO_PKEY\s0" 4 +.IX Item "OSSL_STORE_INFO_PKEY" +A private/public key of some sort. +.IP "\s-1OSSL_STORE_INFO_CERT\s0" 4 +.IX Item "OSSL_STORE_INFO_CERT" +An X.509 certificate. +.IP "\s-1OSSL_STORE_INFO_CRL\s0" 4 +.IX Item "OSSL_STORE_INFO_CRL" +A X.509 certificate revocation list. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_STORE_INFO_get_type()\fR returns the \s-1STORE\s0 type number of the given +\&\fB\s-1OSSL_STORE_INFO\s0\fR. +There is no error value. +.PP +\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return +a pointer to the OpenSSL object on success, \s-1NULL\s0 otherwise. +.PP +\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return +a pointer to a duplicate of the OpenSSL object on success, \s-1NULL\s0 otherwise. +.PP +\&\fBOSSL_STORE_INFO_type_string()\fR returns a string on success, or \fB\s-1NULL\s0\fR on +failure. +.PP +\&\fBOSSL_STORE_INFO_new_NAME()\fR, \fBOSSL_STORE_INFO_new_PARAMS()\fR, +\&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and +\&\fBOSSL_STORE_INFO_new_CRL()\fR return a \fB\s-1OSSL_STORE_INFO\s0\fR +pointer on success, or \fB\s-1NULL\s0\fR on failure. +.PP +\&\fBOSSL_STORE_INFO_set0_NAME_description()\fR returns 1 on success, or 0 on +failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fBOSSL_STORE_INFO\s0()\fR, \fBOSSL_STORE_INFO_get_type()\fR, \fBOSSL_STORE_INFO_get0_NAME()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR, \fBOSSL_STORE_INFO_get0_CRL()\fR, +\&\fBOSSL_STORE_INFO_type_string()\fR, \fBOSSL_STORE_INFO_free()\fR, \fBOSSL_STORE_INFO_new_NAME()\fR, +\&\fBOSSL_STORE_INFO_new_PARAMS()\fR, \fBOSSL_STORE_INFO_new_PKEY()\fR, +\&\fBOSSL_STORE_INFO_new_CERT()\fR and \fBOSSL_STORE_INFO_new_CRL()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OSSL_STORE_LOADER.3 b/deps/openssl/mingw64/share/man/man3/OSSL_STORE_LOADER.3 new file mode 100644 index 00000000..41f7d6e2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OSSL_STORE_LOADER.3 @@ -0,0 +1,362 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_LOADER 3" +.TH OSSL_STORE_LOADER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme, OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_ctrl, OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find, OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof, OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close, OSSL_STORE_LOADER_free, OSSL_STORE_register_loader, OSSL_STORE_unregister_loader, OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, OSSL_STORE_expect_fn, OSSL_STORE_find_fn, OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, OSSL_STORE_close_fn \- Types and functions to manipulate, register and unregister STORE loaders for different URI schemes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_loader_st OSSL_STORE_LOADER; +\& +\& OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); +\& const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER +\& *store_loader); +\& const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER +\& *store_loader); +\& +\& /* struct ossl_store_loader_ctx_st is defined differently by each loader */ +\& typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; +\& +\& typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const char *uri, +\& const UI_METHOD *ui_method, +\& void *ui_data); +\& int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_open_fn store_open_function); +\& typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, +\& va_list args); +\& int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_ctrl_fn store_ctrl_function); +\& typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); +\& int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, +\& OSSL_STORE_expect_fn expect_function); +\& typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, +\& OSSL_STORE_SEARCH *criteria); +\& int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, +\& OSSL_STORE_find_fn find_function); +\& typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, +\& UI_METHOD *ui_method, +\& void *ui_data); +\& int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_load_fn store_load_function); +\& typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); +\& int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_eof_fn store_eof_function); +\& typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); +\& int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_error_fn store_error_function); +\& typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); +\& int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_close_fn store_close_function); +\& void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *store_loader); +\& +\& int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); +\& OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions help applications and engines to create loaders for +schemes they support. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_LOADER\s0\fR is the type to hold a loader. +It contains a scheme and the functions needed to implement +\&\fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR, \fBOSSL_STORE_error()\fR and +\&\fBOSSL_STORE_close()\fR for this scheme. +.PP +\&\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR is a type template, to be defined by each loader +using \fBstruct ossl_store_loader_ctx_st { ... }\fR. +.PP +\&\fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, \fBOSSL_STORE_expect_fn\fR, +\&\fBOSSL_STORE_find_fn\fR, \fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR, +and \fBOSSL_STORE_close_fn\fR +are the function pointer types used within a \s-1STORE\s0 loader. +The functions pointed at define the functionality of the given loader. +.IP "\fBOSSL_STORE_open_fn\fR" 4 +.IX Item "OSSL_STORE_open_fn" +This function takes a \s-1URI\s0 and is expected to interpret it in the best +manner possible according to the scheme the loader implements, it also +takes a \fB\s-1UI_METHOD\s0\fR and associated data, to be used any time +something needs to be prompted for. +Furthermore, this function is expected to initialize what needs to be +initialized, to create a private data store (\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR, see +above), and to return it. +If something goes wrong, this function is expected to return \s-1NULL.\s0 +.IP "\fBOSSL_STORE_ctrl_fn\fR" 4 +.IX Item "OSSL_STORE_ctrl_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer, a command number +\&\fBcmd\fR and a \fBva_list\fR \fBargs\fR and is used to manipulate loader +specific parameters. +.Sp +Loader specific command numbers must begin at \fB\s-1OSSL_STORE_C_CUSTOM_START\s0\fR. +Any number below that is reserved for future globally known command +numbers. +.Sp +This function is expected to return 1 on success, 0 on error. +.IP "\fBOSSL_STORE_expect_fn\fR" 4 +.IX Item "OSSL_STORE_expect_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1OSSL_STORE_INFO\s0\fR +identity \fBexpected\fR, and is used to tell the loader what object type is +expected. +\&\fBexpected\fR may be zero to signify that no specific object type is expected. +.Sp +This function is expected to return 1 on success, 0 on error. +.IP "\fBOSSL_STORE_find_fn\fR" 4 +.IX Item "OSSL_STORE_find_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR search criterion, and is used to tell the loader what +to search for. +.Sp +When called with the loader context being \fB\s-1NULL\s0\fR, this function is expected +to return 1 if the loader supports the criterion, otherwise 0. +.Sp +When called with the loader context being something other than \fB\s-1NULL\s0\fR, this +function is expected to return 1 on success, 0 on error. +.IP "\fBOSSL_STORE_load_fn\fR" 4 +.IX Item "OSSL_STORE_load_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1UI_METHOD\s0\fR +with associated data. +It's expected to load the next available data, mold it into a data +structure that can be wrapped in a \fB\s-1OSSL_STORE_INFO\s0\fR using one of the +\&\s-1\fBOSSL_STORE_INFO\s0\fR\|(3) functions. +If no more data is available or an error occurs, this function is +expected to return \s-1NULL.\s0 +The \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_error_fn\fR functions must indicate if +it was in fact the end of data or if an error occurred. +.Sp +Note that this function retrieves \fIone\fR data item only. +.IP "\fBOSSL_STORE_eof_fn\fR" 4 +.IX Item "OSSL_STORE_eof_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +return 1 to indicate that the end of available data has been reached. +It is otherwise expected to return 0. +.IP "\fBOSSL_STORE_error_fn\fR" 4 +.IX Item "OSSL_STORE_error_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +return 1 to indicate that an error occurred in a previous call to the +\&\fBOSSL_STORE_load_fn\fR function. +It is otherwise expected to return 0. +.IP "\fBOSSL_STORE_close_fn\fR" 4 +.IX Item "OSSL_STORE_close_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +close or shut down what needs to be closed, and finally free the +contents of the \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer. +It returns 1 on success and 0 on error. +.SS "Functions" +.IX Subsection "Functions" +\&\fBOSSL_STORE_LOADER_new()\fR creates a new \fB\s-1OSSL_STORE_LOADER\s0\fR. +It takes an \fB\s-1ENGINE\s0\fR \fBe\fR and a string \fBscheme\fR. +\&\fBscheme\fR must \fIalways\fR be set. +Both \fBe\fR and \fBscheme\fR are used as is and must therefore be alive as +long as the created loader is. +.PP +\&\fBOSSL_STORE_LOADER_get0_engine()\fR returns the engine of the \fBstore_loader\fR. +\&\fBOSSL_STORE_LOADER_get0_scheme()\fR returns the scheme of the \fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_open()\fR sets the opener function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_ctrl()\fR sets the control function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_expect()\fR sets the expect function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_load()\fR sets the loader function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_eof()\fR sets the end of file checker function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_close()\fR sets the closing function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_free()\fR frees the given \fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_register_loader()\fR register the given \fBstore_loader\fR and thereby +makes it available for use with \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, +\&\fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR. +.PP +\&\fBOSSL_STORE_unregister_loader()\fR unregister the store loader for the given +\&\fBscheme\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fBfile:\fR scheme has built in support. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions with the types \fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, +\&\fBOSSL_STORE_expect_fn\fR, +\&\fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_close_fn\fR have the +same return values as \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_expect()\fR, +\&\fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR, respectively. +.PP +\&\fBOSSL_STORE_LOADER_new()\fR returns a pointer to a \fB\s-1OSSL_STORE_LOADER\s0\fR on success, +or \fB\s-1NULL\s0\fR on failure. +.PP +\&\fBOSSL_STORE_LOADER_set_open()\fR, \fBOSSL_STORE_LOADER_set_ctrl()\fR, +\&\fBOSSL_STORE_LOADER_set_load()\fR, \fBOSSL_STORE_LOADER_set_eof()\fR and +\&\fBOSSL_STORE_LOADER_set_close()\fR return 1 on success, or 0 on failure. +.PP +\&\fBOSSL_STORE_register_loader()\fR returns 1 on success, or 0 on failure. +.PP +\&\fBOSSL_STORE_unregister_loader()\fR returns the unregistered loader on success, +or \fB\s-1NULL\s0\fR on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fBOSSL_STORE_LOADER\s0()\fR, \s-1\fBOSSL_STORE_LOADER_CTX\s0()\fR, \fBOSSL_STORE_LOADER_new()\fR, +\&\fBOSSL_STORE_LOADER_set0_scheme()\fR, \fBOSSL_STORE_LOADER_set_open()\fR, +\&\fBOSSL_STORE_LOADER_set_ctrl()\fR, \fBOSSL_STORE_LOADER_set_load()\fR, +\&\fBOSSL_STORE_LOADER_set_eof()\fR, \fBOSSL_STORE_LOADER_set_close()\fR, +\&\fBOSSL_STORE_LOADER_free()\fR, \fBOSSL_STORE_register_loader()\fR, +\&\fBOSSL_STORE_unregister_loader()\fR, \fBOSSL_STORE_open_fn()\fR, \fBOSSL_STORE_ctrl_fn()\fR, +\&\fBOSSL_STORE_load_fn()\fR, \fBOSSL_STORE_eof_fn()\fR and \fBOSSL_STORE_close_fn()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OSSL_STORE_SEARCH.3 b/deps/openssl/mingw64/share/man/man3/OSSL_STORE_SEARCH.3 new file mode 100644 index 00000000..6fe50199 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OSSL_STORE_SEARCH.3 @@ -0,0 +1,300 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_SEARCH 3" +.TH OSSL_STORE_SEARCH 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_SEARCH, OSSL_STORE_SEARCH_by_name, OSSL_STORE_SEARCH_by_issuer_serial, OSSL_STORE_SEARCH_by_key_fingerprint, OSSL_STORE_SEARCH_by_alias, OSSL_STORE_SEARCH_free, OSSL_STORE_SEARCH_get_type, OSSL_STORE_SEARCH_get0_name, OSSL_STORE_SEARCH_get0_serial, OSSL_STORE_SEARCH_get0_bytes, OSSL_STORE_SEARCH_get0_string, OSSL_STORE_SEARCH_get0_digest \&\- Type and functions to create OSSL_STORE search criteria +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_search_st OSSL_STORE_SEARCH; +\& +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, +\& const ASN1_INTEGER +\& *serial); +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, +\& const unsigned char +\& *bytes, int len); +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); +\& +\& void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); +\& +\& int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); +\& X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion); +\& const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH +\& *criterion); +\& const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH +\& *criterion, size_t *length); +\& const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); +\& const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH +\& *criterion); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to specify search criteria to help search for specific +objects through other names than just the \s-1URI\s0 that's given to \fBOSSL_STORE_open()\fR. +For example, this can be useful for an application that has received a \s-1URI\s0 +and then wants to add on search criteria in a uniform and supported manner. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR is an opaque type that holds the constructed search +criterion, and that can be given to an \s-1OSSL_STORE\s0 context with +\&\fBOSSL_STORE_find()\fR. +.PP +The calling application owns the allocation of an \fB\s-1OSSL_STORE_SEARCH\s0\fR at all +times, and should therefore be careful not to deallocate it before +\&\fBOSSL_STORE_close()\fR has been called for the \s-1OSSL_STORE\s0 context it was given +to. +.SS "Application Functions" +.IX Subsection "Application Functions" +\&\fBOSSL_STORE_SEARCH_by_name()\fR, +\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +and \fBOSSL_STORE_SEARCH_by_alias()\fR +are used to create an \fB\s-1OSSL_STORE_SEARCH\s0\fR from a subject name, an issuer name +and serial number pair, a key fingerprint, and an alias (for example a friendly +name). +The parameters that are provided are not copied, only referred to in a +criterion, so they must have at least the same life time as the created +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +.PP +\&\fBOSSL_STORE_SEARCH_free()\fR is used to free the \fB\s-1OSSL_STORE_SEARCH\s0\fR. +.SS "Loader Functions" +.IX Subsection "Loader Functions" +\&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type for the given +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +.PP +\&\fBOSSL_STORE_SEARCH_get0_name()\fR, \fBOSSL_STORE_SEARCH_get0_serial()\fR, +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR, \fBOSSL_STORE_SEARCH_get0_string()\fR, +and \fBOSSL_STORE_SEARCH_get0_digest()\fR +are used to retrieve different data from a \fB\s-1OSSL_STORE_SEARCH\s0\fR, as +available for each type. +For more information, see \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 below. +.SH "SUPPORTED CRITERION TYPES" +.IX Header "SUPPORTED CRITERION TYPES" +Currently supported criterion types are: +.IP "\s-1OSSL_STORE_SEARCH_BY_NAME\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_NAME" +This criterion supports a search by exact match of subject name. +The subject name itself is a \fBX509_NAME\fR pointer. +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_name()\fR, +and the actual subject name is retrieved with \fBOSSL_STORE_SEARCH_get0_name()\fR. +.IP "\s-1OSSL_STORE_SEARCH_BY_ISSUER_SERIAL\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_ISSUER_SERIAL" +This criterion supports a search by exact match of both issuer name and serial +number. +The issuer name itself is a \fBX509_NAME\fR pointer, and the serial number is +a \fB\s-1ASN1_INTEGER\s0\fR pointer. +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_issuer_serial()\fR +and the actual issuer name and serial number are retrieved with +\&\fBOSSL_STORE_SEARCH_get0_name()\fR and \fBOSSL_STORE_SEARCH_get0_serial()\fR. +.IP "\s-1OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT" +This criterion supports a search by exact match of key fingerprint. +The key fingerprint in itself is a string of bytes and its length, as +well as the algorithm that was used to compute the fingerprint. +The digest may be left unspecified (\s-1NULL\s0), and in that case, the +loader has to decide on a default digest and compare fingerprints +accordingly. +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR +and the actual fingerprint and its length can be retrieved with +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR. +The digest can be retrieved with \fBOSSL_STORE_SEARCH_get0_digest()\fR. +.IP "\s-1OSSL_STORE_SEARCH_BY_ALIAS\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_ALIAS" +This criterion supports a search by match of an alias of some kind. +The alias in itself is a simple C string. +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_alias()\fR +and the actual alias is retrieved with \fBOSSL_STORE_SEARCH_get0_string()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_STORE_SEARCH_by_name()\fR, +\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +and \fBOSSL_STORE_SEARCH_by_alias()\fR +return a \fB\s-1OSSL_STORE_SEARCH\s0\fR pointer on success, or \fB\s-1NULL\s0\fR on failure. +.PP +\&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type of the given +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +There is no error value. +.PP +\&\fBOSSL_STORE_SEARCH_get0_name()\fR returns a \fBX509_NAME\fR pointer on success, +or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fBOSSL_STORE_SEARCH_get0_serial()\fR returns a \fB\s-1ASN1_INTEGER\s0\fR pointer on success, +or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR returns a \fBconst unsigned char\fR pointer and +sets \fB*length\fR to the strings length on success, or \fB\s-1NULL\s0\fR when the given +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fBOSSL_STORE_SEARCH_get0_string()\fR returns a \fBconst char\fR pointer on success, +or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fBOSSL_STORE_SEARCH_get0_digest()\fR returns a \fBconst \s-1EVP_MD\s0\fR pointer. +\&\fB\s-1NULL\s0\fR is a valid value and means that the store loader default will +be used when applicable. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_supports_search\fR\|(3), \fBOSSL_STORE_find\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR, +\&\fBOSSL_STORE_SEARCH_by_name()\fR, +\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +\&\fBOSSL_STORE_SEARCH_by_alias()\fR, +\&\fBOSSL_STORE_SEARCH_free()\fR, +\&\fBOSSL_STORE_SEARCH_get_type()\fR, +\&\fBOSSL_STORE_SEARCH_get0_name()\fR, +\&\fBOSSL_STORE_SEARCH_get0_serial()\fR, +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR, +and \fBOSSL_STORE_SEARCH_get0_string()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OSSL_STORE_expect.3 b/deps/openssl/mingw64/share/man/man3/OSSL_STORE_expect.3 new file mode 100644 index 00000000..730d152e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OSSL_STORE_expect.3 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_EXPECT 3" +.TH OSSL_STORE_EXPECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_expect, OSSL_STORE_supports_search, OSSL_STORE_find \&\- Specify what object type is expected +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); +\& +\& int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int criterion_type); +\& +\& int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_STORE_expect()\fR helps applications filter what \fBOSSL_STORE_load()\fR returns +by specifying a \fB\s-1OSSL_STORE_INFO\s0\fR type. +For example, if \f(CW\*(C`file:/foo/bar/store.pem\*(C'\fR contains several different objects +and only the certificates are interesting, the application can simply say +that it expects the type \fB\s-1OSSL_STORE_INFO_CERT\s0\fR. +All known object types (see \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3)) +except for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR are supported. +.PP +\&\fBOSSL_STORE_find()\fR helps applications specify a criterion for a more fine +grained search of objects. +.PP +\&\fBOSSL_STORE_supports_search()\fR checks if the loader of the given \s-1OSSL_STORE\s0 +context supports the given search type. +See \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 in \s-1OSSL_STORE_SEARCH\s0 for information on the +supported search criterion types. +.PP +\&\fBOSSL_STORE_expect()\fR and OSSL_STORE_find \fImust\fR be called before the first +\&\fBOSSL_STORE_load()\fR of a given session, or they will fail. +.SH "NOTES" +.IX Header "NOTES" +If a more elaborate filter is required by the application, a better choice +would be to use a post-processing function. +See \fBOSSL_STORE_open\fR\|(3) for more information. +.PP +However, some loaders may take advantage of the knowledge of an expected type +to make object retrieval more efficient, so if a single type is expected, this +method is usually preferable. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_STORE_expect()\fR returns 1 on success, or 0 on failure. +.PP +\&\fBOSSL_STORE_supports_search()\fR returns 1 if the criterion is supported, or 0 +otherwise. +.PP +\&\fBOSSL_STORE_find()\fR returns 1 on success, or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3), +\&\fBOSSL_STORE_load\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBOSSL_STORE_expect()\fR, \fBOSSL_STORE_supports_search()\fR and \fBOSSL_STORE_find()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OSSL_STORE_open.3 b/deps/openssl/mingw64/share/man/man3/OSSL_STORE_open.3 new file mode 100644 index 00000000..121ba5dc --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OSSL_STORE_open.3 @@ -0,0 +1,281 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_OPEN 3" +.TH OSSL_STORE_OPEN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, OSSL_STORE_error, OSSL_STORE_close \- Types and functions to read objects from a URI +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_ctx_st OSSL_STORE_CTX; +\& +\& typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, +\& void *); +\& +\& OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, +\& void *ui_data, +\& OSSL_STORE_post_process_info_fn post_process, +\& void *post_process_data); +\& int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); +\& OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); +\& int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); +\& int OSSL_STORE_error(OSSL_STORE_CTX *ctx); +\& int OSSL_STORE_close(OSSL_STORE_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions help the application to fetch supported objects (see +\&\*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3) for information on which those are) +from a given \s-1URI\s0 (see \*(L"\s-1SUPPORTED SCHEMES\*(R"\s0 for more information on +the supported \s-1URI\s0 schemes). +The general method to do so is to \*(L"open\*(R" the \s-1URI\s0 using \fBOSSL_STORE_open()\fR, +read each available and supported object using \fBOSSL_STORE_load()\fR as long as +\&\fBOSSL_STORE_eof()\fR hasn't been reached, and finish it off with \fBOSSL_STORE_close()\fR. +.PP +The retrieved information is stored in a \fB\s-1OSSL_STORE_INFO\s0\fR, which is further +described in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3). +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_CTX\s0\fR is a context variable that holds all the internal +information for \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and +\&\fBOSSL_STORE_close()\fR to work together. +.SS "Functions" +.IX Subsection "Functions" +\&\fBOSSL_STORE_open()\fR takes a uri or path \fBuri\fR, password \s-1UI\s0 method +\&\fBui_method\fR with associated data \fBui_data\fR, and post processing +callback \fBpost_process\fR with associated data \fBpost_process_data\fR, +opens a channel to the data located at that \s-1URI\s0 and returns a +\&\fB\s-1OSSL_STORE_CTX\s0\fR with all necessary internal information. +The given \fBui_method\fR and \fBui_data_data\fR will be reused by all +functions that use \fB\s-1OSSL_STORE_CTX\s0\fR when interaction is needed. +The given \fBpost_process\fR and \fBpost_process_data\fR will be reused by +\&\fBOSSL_STORE_load()\fR to manipulate or drop the value to be returned. +The \fBpost_process\fR function drops values by returning \fB\s-1NULL\s0\fR, which +will cause \fBOSSL_STORE_load()\fR to start its process over with loading +the next object, until \fBpost_process\fR returns something other than +\&\fB\s-1NULL\s0\fR, or the end of data is reached as indicated by \fBOSSL_STORE_eof()\fR. +.PP +\&\fBOSSL_STORE_ctrl()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, and command number \fBcmd\fR and +more arguments not specified here. +The available loader specific command numbers and arguments they each +take depends on the loader that's used and is documented together with +that loader. +.PP +There are also global controls available: +.IP "\fB\s-1OSSL_STORE_C_USE_SECMEM\s0\fR" 4 +.IX Item "OSSL_STORE_C_USE_SECMEM" +Controls if the loader should attempt to use secure memory for any +allocated \fB\s-1OSSL_STORE_INFO\s0\fR and its contents. +This control expects one argument, a pointer to an \fBint\fR that is expected to +have the value 1 (yes) or 0 (no). +Any other value is an error. +.PP +\&\fBOSSL_STORE_load()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, tries to load the next available +object and return it wrapped with \fB\s-1OSSL_STORE_INFO\s0\fR. +.PP +\&\fBOSSL_STORE_eof()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if we've reached the end +of data. +.PP +\&\fBOSSL_STORE_error()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if an error occurred in +the last \fBOSSL_STORE_load()\fR call. +Note that it may still be meaningful to try and load more objects, unless +\&\fBOSSL_STORE_eof()\fR shows that the end of data has been reached. +.PP +\&\fBOSSL_STORE_close()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, closes the channel that was opened +by \fBOSSL_STORE_open()\fR and frees all other information that was stored in the +\&\fB\s-1OSSL_STORE_CTX\s0\fR, as well as the \fB\s-1OSSL_STORE_CTX\s0\fR itself. +.SH "SUPPORTED SCHEMES" +.IX Header "SUPPORTED SCHEMES" +The basic supported scheme is \fBfile:\fR. +Any other scheme can be added dynamically, using +\&\fBOSSL_STORE_register_loader()\fR. +.SH "NOTES" +.IX Header "NOTES" +A string without a scheme prefix (that is, a non-URI string) is +implicitly interpreted as using the \fIfile:\fR scheme. +.PP +There are some tools that can be used together with +\&\fBOSSL_STORE_open()\fR to determine if any failure is caused by an unparsable +\&\s-1URI,\s0 or if it's a different error (such as memory allocation +failures); if the \s-1URI\s0 was parsable but the scheme unregistered, the +top error will have the reason \f(CW\*(C`OSSL_STORE_R_UNREGISTERED_SCHEME\*(C'\fR. +.PP +These functions make no direct assumption regarding the pass phrase received +from the password callback. +The loaders may make assumptions, however. +For example, the \fBfile:\fR scheme loader inherits the assumptions made by +OpenSSL functionality that handles the different file types; this is mostly +relevant for PKCS#12 objects. +See \fBpassphrase\-encoding\fR\|(7) for further information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_STORE_open()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or +\&\fB\s-1NULL\s0\fR on failure. +.PP +\&\fBOSSL_STORE_load()\fR returns a pointer to a \fB\s-1OSSL_STORE_INFO\s0\fR on success, or +\&\fB\s-1NULL\s0\fR on error or when end of data is reached. +Use \fBOSSL_STORE_error()\fR and \fBOSSL_STORE_eof()\fR to determine the meaning of a +returned \fB\s-1NULL\s0\fR. +.PP +\&\fBOSSL_STORE_eof()\fR returns 1 if the end of data has been reached, otherwise +0. +.PP +\&\fBOSSL_STORE_error()\fR returns 1 if an error occurred in an \fBOSSL_STORE_load()\fR call, +otherwise 0. +.PP +\&\fBOSSL_STORE_ctrl()\fR and \fBOSSL_STORE_close()\fR returns 1 on success, or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fBOSSL_STORE_CTX\s0()\fR, \fBOSSL_STORE_post_process_info_fn()\fR, \fBOSSL_STORE_open()\fR, +\&\fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/OpenSSL_add_all_algorithms.3 b/deps/openssl/mingw64/share/man/man3/OpenSSL_add_all_algorithms.3 new file mode 100644 index 00000000..e8c7a65b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/OpenSSL_add_all_algorithms.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_ADD_ALL_ALGORITHMS 3" +.TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup \- add algorithms to internal table +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& # if OPENSSL_API_COMPAT < 0x10100000L +\& void OpenSSL_add_all_algorithms(void); +\& void OpenSSL_add_all_ciphers(void); +\& void OpenSSL_add_all_digests(void); +\& +\& void EVP_cleanup(void) +\&# endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL keeps an internal table of digest algorithms and ciphers. It uses +this table to lookup ciphers via functions such as \fBEVP_get_cipher_byname()\fR. +.PP +\&\fBOpenSSL_add_all_digests()\fR adds all digest algorithms to the table. +.PP +\&\fBOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and +ciphers). +.PP +\&\fBOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including +password based encryption algorithms. +.PP +In versions prior to 1.1.0 \fBEVP_cleanup()\fR removed all ciphers and digests from +the table. It no longer has any effect in OpenSSL 1.1.0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), \fBEVP_DigestInit\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOpenSSL_add_all_algorithms()\fR, \fBOpenSSL_add_all_ciphers()\fR, +\&\fBOpenSSL_add_all_digests()\fR, and \fBEVP_cleanup()\fR, functions +were deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR and should +not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PEM_bytes_read_bio.3 b/deps/openssl/mingw64/share/man/man3/PEM_bytes_read_bio.3 new file mode 100644 index 00000000..593c2c80 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PEM_bytes_read_bio.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_BYTES_READ_BIO 3" +.TH PEM_BYTES_READ_BIO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_bytes_read_bio, PEM_bytes_read_bio_secmem \- read a PEM\-encoded data structure from a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, +\& const char *name, BIO *bp, pem_password_cb *cb, +\& void *u); +\& int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, +\& const char *name, BIO *bp, pem_password_cb *cb, +\& void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPEM_bytes_read_bio()\fR reads PEM-formatted (\s-1IETF RFC 1421\s0 and \s-1IETF RFC 7468\s0) +data from the \s-1BIO\s0 +\&\fIbp\fR for the data type given in \fIname\fR (\s-1RSA PRIVATE KEY, CERTIFICATE,\s0 +etc.). If multiple PEM-encoded data structures are present in the same +stream, \fBPEM_bytes_read_bio()\fR will skip non-matching data types and +continue reading. Non-PEM data present in the stream may cause an +error. +.PP +The \s-1PEM\s0 header may indicate that the following data is encrypted; if so, +the data will be decrypted, waiting on user input to supply a passphrase +if needed. The password callback \fIcb\fR and rock \fIu\fR are used to obtain +the decryption passphrase, if applicable. +.PP +Some data types have compatibility aliases, such as a file containing +X509 \s-1CERTIFICATE\s0 matching a request for the deprecated type \s-1CERTIFICATE.\s0 +The actual type indicated by the file is returned in \fI*pnm\fR if \fIpnm\fR is +non-NULL. The caller must free the storage pointed to by \fI*pnm\fR. +.PP +The returned data is the DER-encoded form of the requested type, in +\&\fI*pdata\fR with length \fI*plen\fR. The caller must free the storage pointed +to by \fI*pdata\fR. +.PP +\&\fBPEM_bytes_read_bio_secmem()\fR is similar to \fBPEM_bytes_read_bio()\fR, but uses +memory from the secure heap for its temporary buffers and the storage +returned in \fI*pdata\fR and \fI*pnm\fR. Accordingly, the caller must use +\&\fBOPENSSL_secure_free()\fR to free that storage. +.SH "NOTES" +.IX Header "NOTES" +\&\fBPEM_bytes_read_bio_secmem()\fR only enforces that the secure heap is used for +storage allocated within the \s-1PEM\s0 processing stack. The \s-1BIO\s0 stack from +which input is read may also use temporary buffers, which are not necessarily +allocated from the secure heap. In cases where it is desirable to ensure +that the contents of the \s-1PEM\s0 file only appears in memory from the secure heap, +care is needed in generating the \s-1BIO\s0 passed as \fIbp\fR. In particular, the +use of \fBBIO_s_file()\fR indicates the use of the operating system stdio +functionality, which includes buffering as a feature; \fBBIO_s_fd()\fR is likely +to be more appropriate in such cases. +.PP +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_bytes_read_bio()\fR and \fBPEM_bytes_read_bio_secmem()\fR return 1 for success or +0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPEM_read_bio_ex\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBPEM_bytes_read_bio_secmem()\fR was introduced in OpenSSL 1.1.1 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PEM_read.3 b/deps/openssl/mingw64/share/man/man3/PEM_read.3 new file mode 100644 index 00000000..864f6f9a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PEM_read.3 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ 3" +.TH PEM_READ 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_write, PEM_write_bio, PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO \&\- PEM encoding routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_write(FILE *fp, const char *name, const char *header, +\& const unsigned char *data, long len) +\& int PEM_write_bio(BIO *bp, const char *name, const char *header, +\& const unsigned char *data, long len) +\& +\& int PEM_read(FILE *fp, char **name, char **header, +\& unsigned char **data, long *len); +\& int PEM_read_bio(BIO *bp, char **name, char **header, +\& unsigned char **data, long *len); +\& +\& int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo); +\& int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len, +\& pem_password_cb *cb, void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions read and write PEM-encoded objects, using the \s-1PEM\s0 +type \fBname\fR, any additional \fBheader\fR information, and the raw +\&\fBdata\fR of length \fBlen\fR. +.PP +\&\s-1PEM\s0 is the term used for binary content encoding first defined in \s-1IETF +RFC 1421.\s0 The content is a series of base64\-encoded lines, surrounded +by begin/end markers each on their own line. For example: +.PP +.Vb 4 +\& \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- +\& MIICdg.... +\& ... bhTQ== +\& \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- +.Ve +.PP +Optional header line(s) may appear after the begin line, and their +existence depends on the type of object being written or read. +.PP +\&\fBPEM_write()\fR writes to the file \fBfp\fR, while \fBPEM_write_bio()\fR writes to +the \s-1BIO\s0 \fBbp\fR. The \fBname\fR is the name to use in the marker, the +\&\fBheader\fR is the header value or \s-1NULL,\s0 and \fBdata\fR and \fBlen\fR specify +the data and its length. +.PP +The final \fBdata\fR buffer is typically an \s-1ASN.1\s0 object which can be decoded with +the \fBd2i\fR function appropriate to the type \fBname\fR; see \fBd2i_X509\fR\|(3) +for examples. +.PP +\&\fBPEM_read()\fR reads from the file \fBfp\fR, while \fBPEM_read_bio()\fR reads +from the \s-1BIO\s0 \fBbp\fR. +Both skip any non-PEM data that precedes the start of the next \s-1PEM\s0 object. +When an object is successfully retrieved, the type name from the \*(L"\-\-\-\-BEGIN +\-\-\-\-\-\*(R" is returned via the \fBname\fR argument, any encapsulation headers +are returned in \fBheader\fR and the base64\-decoded content and its length are +returned via \fBdata\fR and \fBlen\fR respectively. +The \fBname\fR, \fBheader\fR and \fBdata\fR pointers are allocated via \fBOPENSSL_malloc()\fR +and should be freed by the caller via \fBOPENSSL_free()\fR when no longer needed. +.PP +\&\fBPEM_get_EVP_CIPHER_INFO()\fR can be used to determine the \fBdata\fR returned by +\&\fBPEM_read()\fR or \fBPEM_read_bio()\fR is encrypted and to retrieve the associated cipher +and \s-1IV.\s0 +The caller passes a pointer to structure of type \fB\s-1EVP_CIPHER_INFO\s0\fR via the +\&\fBcinfo\fR argument and the \fBheader\fR returned via \fBPEM_read()\fR or \fBPEM_read_bio()\fR. +If the call is successful 1 is returned and the cipher and \s-1IV\s0 are stored at the +address pointed to by \fBcinfo\fR. +When the header is malformed, or not supported or when the cipher is unknown +or some internal error happens 0 is returned. +This function is deprecated, see \fB\s-1NOTES\s0\fR below. +.PP +\&\fBPEM_do_header()\fR can then be used to decrypt the data if the header +indicates encryption. +The \fBcinfo\fR argument is a pointer to the structure initialized by the previous +call to \fBPEM_get_EVP_CIPHER_INFO()\fR. +The \fBdata\fR and \fBlen\fR arguments are those returned by the previous call to +\&\fBPEM_read()\fR or \fBPEM_read_bio()\fR. +The \fBcb\fR and \fBu\fR arguments make it possible to override the default password +prompt function as described in \fBPEM_read_PrivateKey\fR\|(3). +On successful completion the \fBdata\fR is decrypted in place, and \fBlen\fR is +updated to indicate the plaintext length. +This function is deprecated, see \fB\s-1NOTES\s0\fR below. +.PP +If the data is a priori known to not be encrypted, then neither \fBPEM_do_header()\fR +nor \fBPEM_get_EVP_CIPHER_INFO()\fR need be called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_read()\fR and \fBPEM_read_bio()\fR return 1 on success and 0 on failure, the latter +includes the case when no more \s-1PEM\s0 objects remain in the input file. +To distinguish end of file from more serious errors the caller must peek at the +error stack and check for \fB\s-1PEM_R_NO_START_LINE\s0\fR, which indicates that no more +\&\s-1PEM\s0 objects were found. See \fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_REASON\s0\fR\|(3). +.PP +\&\fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR return 1 on success, and 0 on +failure. +The \fBdata\fR is likely meaningless if these functions fail. +.SH "NOTES" +.IX Header "NOTES" +The \fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR functions are deprecated. +This is because the underlying \s-1PEM\s0 encryption format is obsolete, and should +be avoided. +It uses an encryption format with an OpenSSL-specific key-derivation function, +which employs \s-1MD5\s0 with an iteration count of 1! +Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 +v2.0 \s-1PBE.\s0 +See \fBPEM_write_PrivateKey\fR\|(3) and \fBd2i_PKCS8PrivateKey_bio\fR\|(3). +.PP +\&\fBPEM_do_header()\fR makes no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_LIB\s0\fR\|(3), +\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PEM_read_CMS.3 b/deps/openssl/mingw64/share/man/man3/PEM_read_CMS.3 new file mode 100644 index 00000000..1bfc8c2e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PEM_read_CMS.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ_CMS 3" +.TH PEM_READ_CMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DECLARE_PEM_rw, PEM_read_CMS, PEM_read_bio_CMS, PEM_write_CMS, PEM_write_bio_CMS, PEM_write_DHxparams, PEM_write_bio_DHxparams, PEM_read_ECPKParameters, PEM_read_bio_ECPKParameters, PEM_write_ECPKParameters, PEM_write_bio_ECPKParameters, PEM_read_ECPrivateKey, PEM_write_ECPrivateKey, PEM_write_bio_ECPrivateKey, PEM_read_EC_PUBKEY, PEM_read_bio_EC_PUBKEY, PEM_write_EC_PUBKEY, PEM_write_bio_EC_PUBKEY, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_PKCS8, PEM_read_bio_PKCS8, PEM_write_PKCS8, PEM_write_bio_PKCS8, PEM_write_PKCS8_PRIV_KEY_INFO, PEM_read_bio_PKCS8_PRIV_KEY_INFO, PEM_read_PKCS8_PRIV_KEY_INFO, PEM_write_bio_PKCS8_PRIV_KEY_INFO, PEM_read_SSL_SESSION, PEM_read_bio_SSL_SESSION, PEM_write_SSL_SESSION, PEM_write_bio_SSL_SESSION \&\- PEM object encoding routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DECLARE_PEM_rw(name, TYPE) +\& +\& TYPE *PEM_read_TYPE(FILE *fp, TYPE **a, pem_password_cb *cb, void *u); +\& TYPE *PEM_read_bio_TYPE(BIO *bp, TYPE **a, pem_password_cb *cb, void *u); +\& int PEM_write_TYPE(FILE *fp, const TYPE *a); +\& int PEM_write_bio_TYPE(BIO *bp, const TYPE *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description below, \fI\s-1TYPE\s0\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. +The macro \fBDECLARE_PEM_rw\fR expands to the set of declarations shown in +the next four lines of the synopsis. +.PP +These routines convert between local instances of \s-1ASN1\s0 datatypes and +the \s-1PEM\s0 encoding. For more information on the templates, see +\&\s-1\fBASN1_ITEM\s0\fR\|(3). For more information on the lower-level routines used +by the functions here, see \fBPEM_read\fR\|(3). +.PP +\&\fBPEM_read_TYPE()\fR reads a PEM-encoded object of \fI\s-1TYPE\s0\fR from the file \fBfp\fR +and returns it. The \fBcb\fR and \fBu\fR parameters are as described in +\&\fBpem_password_cb\fR\|(3). +.PP +\&\fBPEM_read_bio_TYPE()\fR is similar to \fBPEM_read_TYPE()\fR but reads from the \s-1BIO\s0 \fBbp\fR. +.PP +\&\fBPEM_write_TYPE()\fR writes the \s-1PEM\s0 encoding of the object \fBa\fR to the file \fBfp\fR. +.PP +\&\fBPEM_write_bio_TYPE()\fR similarly writes to the \s-1BIO\s0 \fBbp\fR. +.SH "NOTES" +.IX Header "NOTES" +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_read_TYPE()\fR and \fBPEM_read_bio_TYPE()\fR return a pointer to an allocated +object, which should be released by calling \fBTYPE_free()\fR, or \s-1NULL\s0 on error. +.PP +\&\fBPEM_write_TYPE()\fR and \fBPEM_write_bio_TYPE()\fR return the number of bytes written +or zero on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPEM_read\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PEM_read_bio_PrivateKey.3 b/deps/openssl/mingw64/share/man/man3/PEM_read_bio_PrivateKey.3 new file mode 100644 index 00000000..8917f4be --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PEM_read_bio_PrivateKey.3 @@ -0,0 +1,622 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ_BIO_PRIVATEKEY 3" +.TH PEM_READ_BIO_PRIVATEKEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +pem_password_cb, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7 \- PEM routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int pem_password_cb(char *buf, int size, int rwflag, void *u); +\& +\& EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, +\& const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x); +\& int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x); +\& +\& RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +\& RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +\& RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x); +\& int PEM_write_RSAPublicKey(FILE *fp, RSA *x); +\& +\& RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +\& RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x); +\& int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x); +\& +\& DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +\& DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +\& DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x); +\& int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x); +\& +\& EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +\& int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x); +\& +\& DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u); +\& DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_DSAparams(BIO *bp, DSA *x); +\& int PEM_write_DSAparams(FILE *fp, DSA *x); +\& +\& DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u); +\& DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_DHparams(BIO *bp, DH *x); +\& int PEM_write_DHparams(FILE *fp, DH *x); +\& +\& X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +\& X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509(BIO *bp, X509 *x); +\& int PEM_write_X509(FILE *fp, X509 *x); +\& +\& X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +\& X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_AUX(BIO *bp, X509 *x); +\& int PEM_write_X509_AUX(FILE *fp, X509 *x); +\& +\& X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +\& X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x); +\& int PEM_write_X509_REQ(FILE *fp, X509_REQ *x); +\& int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x); +\& int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x); +\& +\& X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x); +\& int PEM_write_X509_CRL(FILE *fp, X509_CRL *x); +\& +\& PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u); +\& PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x); +\& int PEM_write_PKCS7(FILE *fp, PKCS7 *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1PEM\s0 functions read or write structures in \s-1PEM\s0 format. In +this sense \s-1PEM\s0 format is simply base64 encoded data surrounded +by header lines. +.PP +For more details about the meaning of arguments see the +\&\fB\s-1PEM FUNCTION ARGUMENTS\s0\fR section. +.PP +Each operation has four functions associated with it. For +brevity the term "\fB\s-1TYPE\s0\fR functions" will be used below to collectively +refer to the \fBPEM_read_bio_TYPE()\fR, \fBPEM_read_TYPE()\fR, +\&\fBPEM_write_bio_TYPE()\fR, and \fBPEM_write_TYPE()\fR functions. +.PP +The \fBPrivateKey\fR functions read or write a private key in \s-1PEM\s0 format using an +\&\s-1EVP_PKEY\s0 structure. The write routines use PKCS#8 private key format and are +equivalent to \fBPEM_write_bio_PKCS8PrivateKey()\fR.The read functions transparently +handle traditional and PKCS#8 format encrypted and unencrypted keys. +.PP +\&\fBPEM_write_bio_PrivateKey_traditional()\fR writes out a private key in the +\&\*(L"traditional\*(R" format with a simple private key marker and should only +be used for compatibility with legacy programs. +.PP +\&\fBPEM_write_bio_PKCS8PrivateKey()\fR and \fBPEM_write_PKCS8PrivateKey()\fR write a private +key in an \s-1EVP_PKEY\s0 structure in PKCS#8 EncryptedPrivateKeyInfo format using +PKCS#5 v2.0 password based encryption algorithms. The \fBcipher\fR argument +specifies the encryption algorithm to use: unlike some other \s-1PEM\s0 routines the +encryption is applied at the PKCS#8 level and not in the \s-1PEM\s0 headers. If +\&\fBcipher\fR is \s-1NULL\s0 then no encryption is used and a PKCS#8 PrivateKeyInfo +structure is used instead. +.PP +\&\fBPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fBPEM_write_PKCS8PrivateKey_nid()\fR +also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however +it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm +to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the +corresponding \s-1OBJECT IDENTIFIER\s0 (see \s-1NOTES\s0 section). +.PP +The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0 +structure. The public key is encoded as a SubjectPublicKeyInfo +structure. +.PP +The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an +\&\s-1RSA\s0 structure. The write routines uses traditional format. The read +routines handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1RSA.\s0 +.PP +The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an +\&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey +structure. +.PP +The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using +an \s-1RSA\s0 structure. However the public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1RSA.\s0 +.PP +The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a +\&\s-1DSA\s0 structure. The write routines uses traditional format. The read +routines handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1DSA.\s0 +.PP +The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using +a \s-1DSA\s0 structure. The public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1DSA.\s0 +.PP +The \fBParameters\fR functions read or write key parameters in \s-1PEM\s0 format using +an \s-1EVP_PKEY\s0 structure. The encoding depends on the type of key; for \s-1DSA\s0 key +parameters, it will be a Dss-Parms structure as defined in \s-1RFC2459,\s0 and for \s-1DH\s0 +key parameters, it will be a PKCS#3 DHparameter structure. \fIThese functions +only exist for the \f(BI\s-1BIO\s0\fI type\fR. +.PP +The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0 +structure. The parameters are encoded using a Dss-Parms structure +as defined in \s-1RFC2459.\s0 +.PP +The \fBDHparams\fR functions process \s-1DH\s0 parameters using a \s-1DH\s0 +structure. The parameters are encoded using a PKCS#3 DHparameter +structure. +.PP +The \fBX509\fR functions process an X509 certificate using an X509 +structure. They will also process a trusted X509 certificate but +any trust settings are discarded. +.PP +The \fBX509_AUX\fR functions process a trusted X509 certificate using +an X509 structure. +.PP +The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10 +certificate request using an X509_REQ structure. The \fBX509_REQ\fR +write functions use \fB\s-1CERTIFICATE REQUEST\s0\fR in the header whereas +the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW CERTIFICATE REQUEST\s0\fR +(as required by some CAs). The \fBX509_REQ\fR read functions will +handle either form so there are no \fBX509_REQ_NEW\fR read functions. +.PP +The \fBX509_CRL\fR functions process an X509 \s-1CRL\s0 using an X509_CRL +structure. +.PP +The \fB\s-1PKCS7\s0\fR functions process a PKCS#7 ContentInfo using a \s-1PKCS7\s0 +structure. +.SH "PEM FUNCTION ARGUMENTS" +.IX Header "PEM FUNCTION ARGUMENTS" +The \s-1PEM\s0 functions have many common arguments. +.PP +The \fBbp\fR \s-1BIO\s0 parameter (if present) specifies the \s-1BIO\s0 to read from +or write to. +.PP +The \fBfp\fR \s-1FILE\s0 parameter (if present) specifies the \s-1FILE\s0 pointer to +read from or write to. +.PP +The \s-1PEM\s0 read functions all take an argument \fB\s-1TYPE\s0 **x\fR and return +a \fB\s-1TYPE\s0 *\fR pointer. Where \fB\s-1TYPE\s0\fR is whatever structure the function +uses. If \fBx\fR is \s-1NULL\s0 then the parameter is ignored. If \fBx\fR is not +\&\s-1NULL\s0 but \fB*x\fR is \s-1NULL\s0 then the structure returned will be written +to \fB*x\fR. If neither \fBx\fR nor \fB*x\fR is \s-1NULL\s0 then an attempt is made +to reuse the structure at \fB*x\fR (but see \s-1BUGS\s0 and \s-1EXAMPLES\s0 sections). +Irrespective of the value of \fBx\fR a pointer to the structure is always +returned (or \s-1NULL\s0 if an error occurred). +.PP +The \s-1PEM\s0 functions which write private keys take an \fBenc\fR parameter +which specifies the encryption algorithm to use, encryption is done +at the \s-1PEM\s0 level. If this parameter is set to \s-1NULL\s0 then the private +key is written in unencrypted form. +.PP +The \fBcb\fR argument is the callback to use when querying for the pass +phrase used for encrypted \s-1PEM\s0 structures (normally only private keys). +.PP +For the \s-1PEM\s0 write routines if the \fBkstr\fR parameter is not \s-1NULL\s0 then +\&\fBklen\fR bytes at \fBkstr\fR are used as the passphrase and \fBcb\fR is +ignored. +.PP +If the \fBcb\fR parameters is set to \s-1NULL\s0 and the \fBu\fR parameter is not +\&\s-1NULL\s0 then the \fBu\fR parameter is interpreted as a null terminated string +to use as the passphrase. If both \fBcb\fR and \fBu\fR are \s-1NULL\s0 then the +default callback routine is used which will typically prompt for the +passphrase on the current terminal with echoing turned off. +.PP +The default passphrase callback is sometimes inappropriate (for example +in a \s-1GUI\s0 application) so an alternative can be supplied. The callback +routine has the following form: +.PP +.Vb 1 +\& int cb(char *buf, int size, int rwflag, void *u); +.Ve +.PP +\&\fBbuf\fR is the buffer to write the passphrase to. \fBsize\fR is the maximum +length of the passphrase (i.e. the size of buf). \fBrwflag\fR is a flag +which is set to 0 when reading and 1 when writing. A typical routine +will ask the user to verify the passphrase (for example by prompting +for it twice) if \fBrwflag\fR is 1. The \fBu\fR parameter has the same +value as the \fBu\fR parameter passed to the \s-1PEM\s0 routine. It allows +arbitrary data to be passed to the callback by the application +(for example a window handle in a \s-1GUI\s0 application). The callback +\&\fBmust\fR return the number of characters in the passphrase or \-1 if +an error occurred. +.SH "NOTES" +.IX Header "NOTES" +The old \fBPrivateKey\fR write routines are retained for compatibility. +New applications should write private keys using the +\&\fBPEM_write_bio_PKCS8PrivateKey()\fR or \fBPEM_write_PKCS8PrivateKey()\fR routines +because they are more secure (they use an iteration count of 2048 whereas +the traditional routines use a count of 1) unless compatibility with older +versions of OpenSSL is important. +.PP +The \fBPrivateKey\fR read routines can be used in all applications because +they handle all formats transparently. +.PP +A frequent cause of problems is attempting to use the \s-1PEM\s0 routines like +this: +.PP +.Vb 1 +\& X509 *x; +\& +\& PEM_read_bio_X509(bp, &x, 0, NULL); +.Ve +.PP +this is a bug because an attempt will be made to reuse the data at \fBx\fR +which is an uninitialised pointer. +.PP +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "PEM ENCRYPTION FORMAT" +.IX Header "PEM ENCRYPTION FORMAT" +These old \fBPrivateKey\fR routines use a non standard technique for encryption. +.PP +The private key (or other data) takes the following form: +.PP +.Vb 3 +\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\- +\& Proc\-Type: 4,ENCRYPTED +\& DEK\-Info: DES\-EDE3\-CBC,3F17F5316E2BAC89 +\& +\& ...base64 encoded data... +\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- +.Ve +.PP +The line beginning with \fIProc-Type\fR contains the version and the +protection on the encapsulated data. The line beginning \fIDEK-Info\fR +contains two comma separated values: the encryption algorithm name as +used by \fBEVP_get_cipherbyname()\fR and an initialization vector used by the +cipher encoded as a set of hexadecimal digits. After those two lines is +the base64\-encoded encrypted data. +.PP +The encryption key is derived using \fBEVP_BytesToKey()\fR. The cipher's +initialization vector is passed to \fBEVP_BytesToKey()\fR as the \fBsalt\fR +parameter. Internally, \fB\s-1PKCS5_SALT_LEN\s0\fR bytes of the salt are used +(regardless of the size of the initialization vector). The user's +password is passed to \fBEVP_BytesToKey()\fR using the \fBdata\fR and \fBdatal\fR +parameters. Finally, the library uses an iteration count of 1 for +\&\fBEVP_BytesToKey()\fR. +.PP +The \fBkey\fR derived by \fBEVP_BytesToKey()\fR along with the original initialization +vector is then used to decrypt the encrypted data. The \fBiv\fR produced by +\&\fBEVP_BytesToKey()\fR is not utilized or needed, and \s-1NULL\s0 should be passed to +the function. +.PP +The pseudo code to derive the key would look similar to: +.PP +.Vb 2 +\& EVP_CIPHER* cipher = EVP_des_ede3_cbc(); +\& EVP_MD* md = EVP_md5(); +\& +\& unsigned int nkey = EVP_CIPHER_key_length(cipher); +\& unsigned int niv = EVP_CIPHER_iv_length(cipher); +\& unsigned char key[nkey]; +\& unsigned char iv[niv]; +\& +\& memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv); +\& rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/); +\& if (rc != nkey) +\& /* Error */ +\& +\& /* On success, use key and iv to initialize the cipher */ +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse +an existing structure. Therefore the following: +.PP +.Vb 1 +\& PEM_read_bio_X509(bp, &x, 0, NULL); +.Ve +.PP +where \fBx\fR already contains a valid certificate, may not work, whereas: +.PP +.Vb 2 +\& X509_free(x); +\& x = PEM_read_bio_X509(bp, NULL, 0, NULL); +.Ve +.PP +is guaranteed to work. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The read routines return either a pointer to the structure read or \s-1NULL\s0 +if an error occurred. +.PP +The write routines return 1 for success or 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Although the \s-1PEM\s0 routines take several arguments in almost all applications +most of them are set to 0 or \s-1NULL.\s0 +.PP +Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0 +.PP +.Vb 1 +\& X509 *x; +\& +\& x = PEM_read_bio_X509(bp, NULL, 0, NULL); +\& if (x == NULL) +\& /* Error */ +.Ve +.PP +Alternative method: +.PP +.Vb 1 +\& X509 *x = NULL; +\& +\& if (!PEM_read_bio_X509(bp, &x, 0, NULL)) +\& /* Error */ +.Ve +.PP +Write a certificate to a \s-1BIO:\s0 +.PP +.Vb 2 +\& if (!PEM_write_bio_X509(bp, x)) +\& /* Error */ +.Ve +.PP +Write a private key (using traditional format) to a \s-1BIO\s0 using +triple \s-1DES\s0 encryption, the pass phrase is prompted for: +.PP +.Vb 2 +\& if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) +\& /* Error */ +.Ve +.PP +Write a private key (using PKCS#8 format) to a \s-1BIO\s0 using triple +\&\s-1DES\s0 encryption, using the pass phrase \*(L"hello\*(R": +.PP +.Vb 3 +\& if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), +\& NULL, 0, 0, "hello")) +\& /* Error */ +.Ve +.PP +Read a private key from a \s-1BIO\s0 using a pass phrase callback: +.PP +.Vb 3 +\& key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); +\& if (key == NULL) +\& /* Error */ +.Ve +.PP +Skeleton pass phrase callback: +.PP +.Vb 2 +\& int pass_cb(char *buf, int size, int rwflag, void *u) +\& { +\& +\& /* We\*(Aqd probably do something else if \*(Aqrwflag\*(Aq is 1 */ +\& printf("Enter pass phrase for \e"%s\e"\en", (char *)u); +\& +\& /* get pass phrase, length \*(Aqlen\*(Aq into \*(Aqtmp\*(Aq */ +\& char *tmp = "hello"; +\& if (tmp == NULL) /* An error occurred */ +\& return \-1; +\& +\& size_t len = strlen(tmp); +\& +\& if (len > size) +\& len = size; +\& memcpy(buf, tmp, len); +\& return len; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_EncryptInit\fR\|(3), \fBEVP_BytesToKey\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The old Netscape certificate sequences were no longer documented +in OpenSSL 1.1.0; applications should use the \s-1PKCS7\s0 standard instead +as they will be formally deprecated in a future releases. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PEM_read_bio_ex.3 b/deps/openssl/mingw64/share/man/man3/PEM_read_bio_ex.3 new file mode 100644 index 00000000..759bf7d7 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PEM_read_bio_ex.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ_BIO_EX 3" +.TH PEM_READ_BIO_EX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, PEM_FLAG_ONLY_B64 \- read PEM format files with custom processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #define PEM_FLAG_SECURE 0x1 +\& #define PEM_FLAG_EAY_COMPATIBLE 0x2 +\& #define PEM_FLAG_ONLY_B64 0x4 +\& int PEM_read_bio_ex(BIO *in, char **name, char **header, +\& unsigned char **data, long *len, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPEM_read_bio_ex()\fR reads in \s-1PEM\s0 formatted data from an input \s-1BIO,\s0 outputting +the name of the type of contained data, the header information regarding +the possibly encrypted data, and the binary data payload (after base64 decoding). +It should generally only be used to implement PEM_read_bio_\-family functions +for specific data types or other usage, but is exposed to allow greater flexibility +over how processing is performed, if needed. +.PP +If \s-1PEM_FLAG_SECURE\s0 is set, the intermediate buffers used to read in lines of +input are allocated from the secure heap. +.PP +If \s-1PEM_FLAG_EAY_COMPATIBLE\s0 is set, a simple algorithm is used to remove whitespace +and control characters from the end of each line, so as to be compatible with +the historical behavior of \fBPEM_read_bio()\fR. +.PP +If \s-1PEM_FLAG_ONLY_B64\s0 is set, all characters are required to be valid base64 +characters (or newlines); non\-base64 characters are treated as end of input. +.PP +If neither \s-1PEM_FLAG_EAY_COMPATIBLE\s0 or \s-1PEM_FLAG_ONLY_B64\s0 is set, control characters +are ignored. +.PP +If both \s-1PEM_FLAG_EAY_COMPATIBLE\s0 and \s-1PEM_FLAG_ONLY_B64\s0 are set, an error is returned; +these options are not compatible with each other. +.SH "NOTES" +.IX Header "NOTES" +The caller must release the storage allocated for *name, *header, and *data. +If \s-1PEM_FLAG_SECURE\s0 was set, use \fBOPENSSL_secure_free()\fR; otherwise, +\&\fBOPENSSL_free()\fR is used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_read_bio_ex()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPEM_bytes_read_bio\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBPEM_read_bio_ex()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PEM_write_bio_CMS_stream.3 b/deps/openssl/mingw64/share/man/man3/PEM_write_bio_CMS_stream.3 new file mode 100644 index 00000000..43f9bb24 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PEM_write_bio_CMS_stream.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_WRITE_BIO_CMS_STREAM 3" +.TH PEM_WRITE_BIO_CMS_STREAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_write_bio_CMS_stream \- output CMS_ContentInfo structure in PEM format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format. +.PP +It is otherwise identical to the function \fBSMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fBPEM_write_bio_CMS()\fR supporting +streaming. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3), +\&\fBPEM_write\fR\|(3), +\&\fBSMIME_write_CMS\fR\|(3), +\&\fBi2d_CMS_bio_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBPEM_write_bio_CMS_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PEM_write_bio_PKCS7_stream.3 b/deps/openssl/mingw64/share/man/man3/PEM_write_bio_PKCS7_stream.3 new file mode 100644 index 00000000..d09ac382 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PEM_write_bio_PKCS7_stream.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_WRITE_BIO_PKCS7_STREAM 3" +.TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_write_bio_PKCS7_stream \- output PKCS7 structure in PEM format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format. +.PP +It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fBPEM_write_bio_PKCS7()\fR supporting +streaming. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3), +\&\fBSMIME_write_PKCS7\fR\|(3), +\&\fBi2d_PKCS7_bio_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBPEM_write_bio_PKCS7_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PKCS12_create.3 b/deps/openssl/mingw64/share/man/man3/PKCS12_create.3 new file mode 100644 index 00000000..0c1d700b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PKCS12_create.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_CREATE 3" +.TH PKCS12_CREATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_create \- create a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, +\& X509 *cert, STACK_OF(X509) *ca, +\& int nid_key, int nid_cert, int iter, int mac_iter, int keytype); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_create()\fR creates a PKCS#12 structure. +.PP +\&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for +the supplied certificate and key. \fBpkey\fR is the private key to include in +the structure and \fBcert\fR its corresponding certificates. \fBca\fR, if not \fB\s-1NULL\s0\fR +is an optional set of certificates to also include in the structure. +.PP +\&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used +for the key and certificate respectively. The modes +\&\s-1GCM, CCM, XTS,\s0 and \s-1OCB\s0 are unsupported. \fBiter\fR is the encryption algorithm +iteration count to use and \fBmac_iter\fR is the \s-1MAC\s0 iteration count to use. +\&\fBkeytype\fR is the type of key. +.SH "NOTES" +.IX Header "NOTES" +The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR +can all be set to zero and sensible defaults will be used. +.PP +These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0 +encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0 +(currently 2048) and a \s-1MAC\s0 iteration count of 1. +.PP +The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with +old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility +is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER.\s0 +.PP +\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension +that is only currently interpreted by \s-1MSIE.\s0 If set to zero the flag is omitted, +if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR +it can be used for signing and encryption. This option was useful for old +export grade software which could use signing only keys of arbitrary size but +had restrictions on the permissible sizes of keys which could be used for +encryption. +.PP +If a certificate contains an \fBalias\fR or \fBkeyid\fR then this will be +used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the +\&\s-1PKCS12\s0 structure. +.PP +Either \fBpkey\fR, \fBcert\fR or both can be \fB\s-1NULL\s0\fR to indicate that no key or +certificate is required. In previous versions both had to be present or +a fatal error is returned. +.PP +\&\fBnid_key\fR or \fBnid_cert\fR can be set to \-1 indicating that no encryption +should be used. +.PP +\&\fBmac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely. +.PP +\&\fBPKCS12_create()\fR makes assumptions regarding the encoding of the given pass +phrase. +See \fBpassphrase\-encoding\fR\|(7) for more information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS12_create()\fR returns a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_PKCS12\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PKCS12_newpass.3 b/deps/openssl/mingw64/share/man/man3/PKCS12_newpass.3 new file mode 100644 index 00000000..2206b422 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PKCS12_newpass.3 @@ -0,0 +1,246 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_NEWPASS 3" +.TH PKCS12_NEWPASS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_newpass \- change the password of a PKCS12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_newpass()\fR changes the password of a \s-1PKCS12\s0 structure. +.PP +\&\fBp12\fR is a pointer to a \s-1PKCS12\s0 structure. \fBoldpass\fR is the existing password +and \fBnewpass\fR is the new password. +.SH "NOTES" +.IX Header "NOTES" +Each of \fBoldpass\fR and \fBnewpass\fR is independently interpreted as a string in +the \s-1UTF\-8\s0 encoding. If it is not valid \s-1UTF\-8,\s0 it is assumed to be \s-1ISO8859\-1\s0 +instead. +.PP +In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +\&\fBUI_OpenSSL\fR\|(3), for example. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS12_newpass()\fR returns 1 on success or 0 on failure. Applications can +retrieve the most recent error from \fBPKCS12_newpass()\fR with \fBERR_get_error()\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example loads a PKCS#12 file, changes its password and writes out +the result to a new file. +.PP +.Vb 5 +\& #include +\& #include +\& #include +\& #include +\& #include +\& +\& int main(int argc, char **argv) +\& { +\& FILE *fp; +\& PKCS12 *p12; +\& +\& if (argc != 5) { +\& fprintf(stderr, "Usage: pkread p12file password newpass opfile\en"); +\& return 1; +\& } +\& if ((fp = fopen(argv[1], "rb")) == NULL) { +\& fprintf(stderr, "Error opening file %s\en", argv[1]); +\& return 1; +\& } +\& p12 = d2i_PKCS12_fp(fp, NULL); +\& fclose(fp); +\& if (p12 == NULL) { +\& fprintf(stderr, "Error reading PKCS#12 file\en"); +\& ERR_print_errors_fp(stderr); +\& return 1; +\& } +\& if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) { +\& fprintf(stderr, "Error changing password\en"); +\& ERR_print_errors_fp(stderr); +\& PKCS12_free(p12); +\& return 1; +\& } +\& if ((fp = fopen(argv[4], "wb")) == NULL) { +\& fprintf(stderr, "Error opening file %s\en", argv[4]); +\& PKCS12_free(p12); +\& return 1; +\& } +\& i2d_PKCS12_fp(fp, p12); +\& PKCS12_free(p12); +\& fclose(fp); +\& return 0; +\& } +.Ve +.SH "NOTES" +.IX Header "NOTES" +If the PKCS#12 structure does not have a password, then you must use the empty +string "" for \fBoldpass\fR. Using \s-1NULL\s0 for \fBoldpass\fR will result in a +\&\fBPKCS12_newpass()\fR failure. +.PP +If the wrong password is used for \fBoldpass\fR then the function will fail, +with a \s-1MAC\s0 verification error. In rare cases the \s-1PKCS12\s0 structure does not +contain a \s-1MAC:\s0 in this case it will usually fail with a decryption padding +error. +.SH "BUGS" +.IX Header "BUGS" +The password format is a \s-1NULL\s0 terminated \s-1ASCII\s0 string which is converted to +Unicode form internally. As a result some passwords cannot be supplied to +this function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_create\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PKCS12_parse.3 b/deps/openssl/mingw64/share/man/man3/PKCS12_parse.3 new file mode 100644 index 00000000..2d8e8ae8 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PKCS12_parse.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_PARSE 3" +.TH PKCS12_PARSE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_parse \- parse a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, +\& STACK_OF(X509) **ca); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure. +.PP +\&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use. +If successful the private key will be written to \fB*pkey\fR, the corresponding +certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR. +.SH "NOTES" +.IX Header "NOTES" +The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0> in +which case additional certificates will be discarded. \fB*ca\fR can also be a +valid \s-1STACK\s0 in which case additional certificates are appended to \fB*ca\fR. If +\&\fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated. +.PP +The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each +certificate will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the +\&\fBX509\fR structure. +.PP +The parameter \fBpass\fR is interpreted as a string in the \s-1UTF\-8\s0 encoding. If it +is not valid \s-1UTF\-8,\s0 then it is assumed to be \s-1ISO8859\-1\s0 instead. +.PP +In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +\&\fBUI_OpenSSL\fR\|(3), for example. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS12_parse()\fR returns 1 for success and zero if an error occurred. +.PP +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +Only a single private key and corresponding certificate is returned by this +function. More complex PKCS#12 files with multiple private keys will only +return the first match. +.PP +Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in +certificates. Other attributes are discarded. +.PP +Attributes currently cannot be stored in the private key \fB\s-1EVP_PKEY\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_PKCS12\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PKCS5_PBKDF2_HMAC.3 b/deps/openssl/mingw64/share/man/man3/PKCS5_PBKDF2_HMAC.3 new file mode 100644 index 00000000..5c80f624 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PKCS5_PBKDF2_HMAC.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS5_PBKDF2_HMAC 3" +.TH PKCS5_PBKDF2_HMAC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 \- password based derivation routines with salt and iteration count +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, +\& const unsigned char *salt, int saltlen, int iter, +\& const EVP_MD *digest, +\& int keylen, unsigned char *out); +\& +\& int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, +\& const unsigned char *salt, int saltlen, int iter, +\& int keylen, unsigned char *out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR derives a key from a password using a salt and iteration count +as specified in \s-1RFC 2898.\s0 +.PP +\&\fBpass\fR is the password used in the derivation of length \fBpasslen\fR. \fBpass\fR +is an optional parameter and can be \s-1NULL.\s0 If \fBpasslen\fR is \-1, then the +function will calculate the length of \fBpass\fR using \fBstrlen()\fR. +.PP +\&\fBsalt\fR is the salt used in the derivation of length \fBsaltlen\fR. If the +\&\fBsalt\fR is \s-1NULL,\s0 then \fBsaltlen\fR must be 0. The function will not +attempt to calculate the length of the \fBsalt\fR because it is not assumed to +be \s-1NULL\s0 terminated. +.PP +\&\fBiter\fR is the iteration count and its value should be greater than or +equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any +\&\fBiter\fR less than 1 is treated as a single iteration. +.PP +\&\fBdigest\fR is the message digest function used in the derivation. Values include +any of the EVP_* message digests. \s-1\fBPKCS5_PBKDF2_HMAC_SHA1\s0()\fR calls +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR with \fBEVP_sha1()\fR. +.PP +The derived key will be written to \fBout\fR. The size of the \fBout\fR buffer +is specified via \fBkeylen\fR. +.SH "NOTES" +.IX Header "NOTES" +A typical application of this function is to derive keying material for an +encryption algorithm from a password in the \fBpass\fR, a salt in \fBsalt\fR, +and an iteration count. +.PP +Increasing the \fBiter\fR parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords. +.PP +These functions make no assumption regarding the given password. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR and \s-1\fBPBKCS5_PBKDF2_HMAC_SHA1\s0()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\fBEVP_BytesToKey\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PKCS7_decrypt.3 b/deps/openssl/mingw64/share/man/man3/PKCS7_decrypt.3 new file mode 100644 index 00000000..365a0a62 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PKCS7_decrypt.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_DECRYPT 3" +.TH PKCS7_DECRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData +structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the +recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Although the recipients certificate is not needed to decrypt the data it is needed +to locate the appropriate (of possible several) recipients in the PKCS#7 structure. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +\&\fBPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would +be better if it could look up the correct key and certificate from a database. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PKCS7_encrypt.3 b/deps/openssl/mingw64/share/man/man3/PKCS7_encrypt.3 new file mode 100644 index 00000000..dadf4b2c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PKCS7_encrypt.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_ENCRYPT 3" +.TH PKCS7_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_encrypt \- create a PKCS#7 envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, +\& int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR +is a list of recipient certificates. \fBin\fR is the content to be encrypted. +\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient +certificates supplied to this function must all contain \s-1RSA\s0 public keys, though +they do not have to be signed using the \s-1RSA\s0 algorithm. +.PP +\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +because most clients will support it. +.PP +Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 +bit \s-1RC2.\s0 These can be used by passing \fBEVP_rc2_40_cbc()\fR and \fBEVP_rc2_64_cbc()\fR +respectively. +.PP +The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of +its parameters. +.PP +Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to +\&\fBPKCS7_encrypt()\fR. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then +\&\fB\s-1PKCS7_TEXT\s0\fR is ignored. +.PP +If the \fB\s-1PKCS7_STREAM\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output +suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.SH "NOTES" +.IX Header "NOTES" +If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR +complete and outputting its contents via a function that does not +properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable +results. +.PP +Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, +\&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fBBIO_new_PKCS7()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. +The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PKCS7_sign.3 b/deps/openssl/mingw64/share/man/man3/PKCS7_sign.3 new file mode 100644 index 00000000..a94d19b3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PKCS7_sign.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_SIGN 3" +.TH PKCS7_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_sign \- create a PKCS#7 signedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is +the certificate to sign with, \fBpkey\fR is the corresponding private key. +\&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7 +structure (for example any intermediate CAs in the chain). +.PP +The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If +the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. +.PP +If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the +\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the +\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. +.PP +The data being signed is included in the \s-1PKCS7\s0 structure, unless +\&\fB\s-1PKCS7_DETACHED\s0\fR is set in which case it is omitted. This is used for \s-1PKCS7\s0 +detached signatures which are used in S/MIME plaintext signed messages for +example. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. +.PP +The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no +authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just +the SMIMECapabilities are omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of +these algorithms is disabled then it will not be included. +.PP +If the flags \fB\s-1PKCS7_STREAM\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure is +just initialized ready to perform the signing operation. The signing is however +\&\fBnot\fR performed and the data to be signed is not read from the \fBdata\fR +parameter. Signing is deferred until after the data has been written. In this +way data can be signed in a single pass. +.PP +If the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output to +which additional signers and capabilities can be added before finalization. +.SH "NOTES" +.IX Header "NOTES" +If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR +complete and outputting its contents via a function that does not properly +finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results. +.PP +Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, +\&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fBBIO_new_PKCS7()\fR. +.PP +If a signer is specified it will use the default digest for the signing +algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. +.PP +The \fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be +\&\fB\s-1NULL\s0\fR if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added +using the function \fBPKCS7_sign_add_signer()\fR. \fBPKCS7_final()\fR must also be +called to finalize the structure if streaming is not enabled. Alternative +signing digests can also be specified using this method. +.PP +If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only +PKCS#7 structure is output. +.PP +In versions of OpenSSL before 1.0.0 the \fBsigncert\fR and \fBpkey\fR parameters must +\&\fB\s-1NOT\s0\fR be \s-1NULL.\s0 +.SH "BUGS" +.IX Header "BUGS" +Some advanced attributes such as counter signatures are not supported. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1PKCS7_PARTIAL\s0\fR flag, and the ability for \fBcerts\fR, \fBsigncert\fR, +and \fBpkey\fR parameters to be \fB\s-1NULL\s0\fR were added in OpenSSL 1.0.0. +.PP +The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PKCS7_sign_add_signer.3 b/deps/openssl/mingw64/share/man/man3/PKCS7_sign_add_signer.3 new file mode 100644 index 00000000..ce45fd52 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PKCS7_sign_add_signer.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_SIGN_ADD_SIGNER 3" +.TH PKCS7_SIGN_ADD_SIGNER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_sign_add_signer \- add a signer PKCS7 signed data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, +\& EVP_PKEY *pkey, const EVP_MD *md, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private +key \fBpkey\fR using message digest \fBmd\fR to a \s-1PKCS7\s0 signed data structure +\&\fBp7\fR. +.PP +The \s-1PKCS7\s0 structure should be obtained from an initial call to \fBPKCS7_sign()\fR +with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid \s-1PKCS7\s0 +signed data structure. +.PP +If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public +key algorithm will be used. +.PP +Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \s-1PKCS7\s0 structure +is not complete and must be finalized either by streaming (if applicable) or +a call to \fBPKCS7_final()\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of this function is to provide finer control over a PKCS#7 +signed data structure where the simpler \fBPKCS7_sign()\fR function defaults are +not appropriate. For example if multiple signers or non default digest +algorithms are needed. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +If \fB\s-1PKCS7_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content +digest value from the \s-1PKCS7\s0 structure: to add a signer to an existing structure. +An error occurs if a matching digest value cannot be found to copy. The +returned \s-1PKCS7\s0 structure will be valid and finalized when this flag is set. +.PP +If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the +\&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes +can be added. In this case an explicit call to \fBPKCS7_SIGNER_INFO_sign()\fR is +needed to finalize it. +.PP +If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the +\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the +\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. +.PP +The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no +authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just +the SMIMECapabilities are omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of +these algorithms is disabled then it will not be included. +.PP +\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +structure just added, this can be used to set additional attributes +before it is finalized. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +structure just added or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_final\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +The \fBPPKCS7_sign_add_signer()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/PKCS7_verify.3 b/deps/openssl/mingw64/share/man/man3/PKCS7_verify.3 new file mode 100644 index 00000000..dc01ebc6 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/PKCS7_verify.3 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_VERIFY 3" +.TH PKCS7_VERIFY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_verify, PKCS7_get0_signers \- verify a PKCS#7 signedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, +\& BIO *indata, BIO *out, int flags); +\& +\& STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 +structure to verify. \fBcerts\fR is a set of certificates in which to search for +the signer's certificate. \fBstore\fR is a trusted certificate store (used for +chain verification). \fBindata\fR is the signed data if the content is not +present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR +if it is not \s-1NULL.\s0 +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.PP +\&\fBPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does +\&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR +and \fBflags\fR parameters have the same meanings as in \fBPKCS7_verify()\fR. +.SH "VERIFY PROCESS" +.IX Header "VERIFY PROCESS" +Normally the verify process proceeds as follows. +.PP +Initially some sanity checks are performed on \fBp7\fR. The type of \fBp7\fR must +be signedData. There must be at least one signature on the data and if +the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. If the content is +not detached and \fBindata\fR is not \fB\s-1NULL\s0\fR, then the structure has both +embedded and external content. To treat this as an error, use the flag +\&\fB\s-1PKCS7_NO_DUAL_CONTENT\s0\fR. +The default behavior allows this, for compatibility with older +versions of OpenSSL. +.PP +An attempt is made to locate all the signer's certificates, first looking in +the \fBcerts\fR parameter (if it is not \fB\s-1NULL\s0\fR) and then looking in any certificates +contained in the \fBp7\fR structure itself. If any signer's certificates cannot be +located the operation fails. +.PP +Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If any chain verify fails an error code is returned. +.PP +Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) and +the signature's checked. +.PP +If all signature's verify correctly then the function is successful. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR parameter +to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is +meaningful to \fBPKCS7_get0_signers()\fR. +.PP +If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not +searched when locating the signer's certificate. This means that all the signers +certificates must be in the \fBcerts\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.PP +If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified. +.PP +If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are +not used as untrusted CAs. This means that the whole verify chain (apart from +the signer's certificate) must be contained in the trusted store. +.PP +If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked. +.SH "NOTES" +.IX Header "NOTES" +One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the \fBcerts\fR parameter. In this case if the signer is not one of the +certificates supplied in \fBcerts\fR then the verify will fail because the +signer cannot be found. +.PP +Care should be taken when modifying the default verify behaviour, for example +setting \fBPKCS7_NOVERIFY|PKCS7_NOSIGS\fR will totally disable all verification +and any signed message will be considered valid. This combination is however +useful if one merely wishes to write the content to \fBout\fR and its validity +is not considered important. +.PP +Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_verify()\fR returns one for a successful verification and zero +if an error occurs. +.PP +\&\fBPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. +.PP +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The trusted certificate store is not searched for the signers certificate, +this is primarily due to the inadequacies of the current \fBX509_STORE\fR +functionality. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RAND_DRBG_generate.3 b/deps/openssl/mingw64/share/man/man3/RAND_DRBG_generate.3 new file mode 100644 index 00000000..504d206b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RAND_DRBG_generate.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_GENERATE 3" +.TH RAND_DRBG_GENERATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_generate, RAND_DRBG_bytes \&\- generate random bytes using the given drbg instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_DRBG_generate(RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen, +\& int prediction_resistance, +\& const unsigned char *adin, size_t adinlen); +\& +\& int RAND_DRBG_bytes(RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_DRBG_generate()\fR generates \fBoutlen\fR random bytes using the given +\&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. +.PP +Before generating the output, the \s-1DRBG\s0 instance checks whether the maximum +number of generate requests (\fIreseed interval\fR) or the maximum timespan +(\fIreseed time interval\fR) since its last seeding have been reached. +If this is the case, the \s-1DRBG\s0 reseeds automatically. +Additionally, an immediate reseeding can be requested by setting the +\&\fBprediction_resistance\fR flag to 1. See \s-1NOTES\s0 section for more details. +.PP +The caller can optionally provide additional data to be used for reseeding +by passing a pointer \fBadin\fR to a buffer of length \fBadinlen\fR. +This additional data is mixed into the internal state of the random +generator but does not contribute to the entropy count. +The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and +\&\fBadinlen\fR to 0; +.PP +\&\fBRAND_DRBG_bytes()\fR generates \fBoutlen\fR random bytes using the given +\&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. +This function is a wrapper around the \fBRAND_DRBG_generate()\fR call, +which collects some additional data from low entropy sources +(e.g., a high resolution timer) and calls +RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_generate()\fR and \fBRAND_DRBG_bytes()\fR return 1 on success, +and 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The \fIreseed interval\fR and \fIreseed time interval\fR of the \fBdrbg\fR are set to +reasonable default values, which in general do not have to be adjusted. +If necessary, they can be changed using \fBRAND_DRBG_set_reseed_interval\fR\|(3) +and \fBRAND_DRBG_set_reseed_time_interval\fR\|(3), respectively. +.PP +A request for prediction resistance can only be satisfied by pulling fresh +entropy from one of the approved entropy sources listed in section 5.5.2 of +[\s-1NIST SP 800\-90C\s0]. +Since the default \s-1DRBG\s0 implementation does not have access to such an approved +entropy source, a request for prediction resistance will always fail. +In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RAND_DRBG_get0_master.3 b/deps/openssl/mingw64/share/man/man3/RAND_DRBG_get0_master.3 new file mode 100644 index 00000000..516e4ec1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RAND_DRBG_get0_master.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_GET0_MASTER 3" +.TH RAND_DRBG_GET0_MASTER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_get0_master, RAND_DRBG_get0_public, RAND_DRBG_get0_private \&\- get access to the global RAND_DRBG instances +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RAND_DRBG *RAND_DRBG_get0_master(void); +\& RAND_DRBG *RAND_DRBG_get0_public(void); +\& RAND_DRBG *RAND_DRBG_get0_private(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The default \s-1RAND API\s0 implementation (\fBRAND_OpenSSL()\fR) utilizes three +shared \s-1DRBG\s0 instances which are accessed via the \s-1RAND API:\s0 +.PP +The and \s-1DRBG\s0 are thread-local instances, which are used +by \fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR, respectively. +The \s-1DRBG\s0 is a global instance, which is not intended to be used +directly, but is used internally to reseed the other two instances. +.PP +These functions here provide access to the shared \s-1DRBG\s0 instances. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_get0_master()\fR returns a pointer to the \s-1DRBG\s0 instance. +.PP +\&\fBRAND_DRBG_get0_public()\fR returns a pointer to the \s-1DRBG\s0 instance. +.PP +\&\fBRAND_DRBG_get0_private()\fR returns a pointer to the \s-1DRBG\s0 instance. +.SH "NOTES" +.IX Header "NOTES" +It is not thread-safe to access the \s-1DRBG\s0 instance. +The and \s-1DRBG\s0 instance can be accessed safely, because +they are thread-local. Note however, that changes to these two instances +apply only to the current thread. +.PP +For that reason it is recommended not to change the settings of these +three instances directly. +Instead, an application should change the default settings for new \s-1DRBG\s0 instances +at initialization time, before creating additional threads. +.PP +During initialization, it is possible to change the reseed interval +and reseed time interval. +It is also possible to exchange the reseeding callbacks entirely. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_DRBG_set_callbacks\fR\|(3), +\&\fBRAND_DRBG_set_reseed_defaults\fR\|(3), +\&\fBRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\fBRAND_DRBG_set_callbacks\fR\|(3), +\&\fBRAND_DRBG_generate\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RAND_DRBG_new.3 b/deps/openssl/mingw64/share/man/man3/RAND_DRBG_new.3 new file mode 100644 index 00000000..7f06df32 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RAND_DRBG_new.3 @@ -0,0 +1,247 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_NEW 3" +.TH RAND_DRBG_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_new, RAND_DRBG_secure_new, RAND_DRBG_set, RAND_DRBG_set_defaults, RAND_DRBG_instantiate, RAND_DRBG_uninstantiate, RAND_DRBG_free \&\- initialize and cleanup a RAND_DRBG instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& +\& RAND_DRBG *RAND_DRBG_new(int type, +\& unsigned int flags, +\& RAND_DRBG *parent); +\& +\& RAND_DRBG *RAND_DRBG_secure_new(int type, +\& unsigned int flags, +\& RAND_DRBG *parent); +\& +\& int RAND_DRBG_set(RAND_DRBG *drbg, +\& int type, unsigned int flags); +\& +\& int RAND_DRBG_set_defaults(int type, unsigned int flags); +\& +\& int RAND_DRBG_instantiate(RAND_DRBG *drbg, +\& const unsigned char *pers, size_t perslen); +\& +\& int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); +\& +\& void RAND_DRBG_free(RAND_DRBG *drbg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR +create a new \s-1DRBG\s0 instance of the given \fBtype\fR, allocated from the heap resp. +the secure heap +(using \fBOPENSSL_zalloc()\fR resp. \fBOPENSSL_secure_zalloc()\fR). +.PP +\&\fBRAND_DRBG_set()\fR initializes the \fBdrbg\fR with the given \fBtype\fR and \fBflags\fR. +.PP +\&\fBRAND_DRBG_set_defaults()\fR sets the default \fBtype\fR and \fBflags\fR for new \s-1DRBG\s0 +instances. +.PP +Currently, all \s-1DRBG\s0 types are based on AES-CTR, so \fBtype\fR can be one of the +following values: NID_aes_128_ctr, NID_aes_192_ctr, NID_aes_256_ctr. +Before the \s-1DRBG\s0 can be used to generate random bits, it is necessary to set +its type and to instantiate it. +.PP +The optional \fBflags\fR argument specifies a set of bit flags which can be +joined using the | operator. Currently, the only flag is +\&\s-1RAND_DRBG_FLAG_CTR_NO_DF,\s0 which disables the use of a the derivation function +ctr_df. For an explanation, see [\s-1NIST SP 800\-90A\s0 Rev. 1]. +.PP +If a \fBparent\fR instance is specified then this will be used instead of +the default entropy source for reseeding the \fBdrbg\fR. It is said that the +\&\fBdrbg\fR is \fIchained\fR to its \fBparent\fR. +For more information, see the \s-1NOTES\s0 section. +.PP +\&\fBRAND_DRBG_instantiate()\fR +seeds the \fBdrbg\fR instance using random input from trusted entropy sources. +Optionally, a personalization string \fBpers\fR of length \fBperslen\fR can be +specified. +To omit the personalization string, set \fBpers\fR=NULL and \fBperslen\fR=0; +.PP +\&\fBRAND_DRBG_uninstantiate()\fR +clears the internal state of the \fBdrbg\fR and puts it back in the +uninstantiated state. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR return a pointer to a \s-1DRBG\s0 +instance allocated on the heap, resp. secure heap. +.PP +\&\fBRAND_DRBG_set()\fR, +\&\fBRAND_DRBG_instantiate()\fR, and +\&\fBRAND_DRBG_uninstantiate()\fR +return 1 on success, and 0 on failure. +.PP +\&\fBRAND_DRBG_free()\fR does not return a value. +.SH "NOTES" +.IX Header "NOTES" +The \s-1DRBG\s0 design supports \fIchaining\fR, which means that a \s-1DRBG\s0 instance can +use another \fBparent\fR \s-1DRBG\s0 instance instead of the default entropy source +to obtain fresh random input for reseeding, provided that \fBparent\fR \s-1DRBG\s0 +instance was properly instantiated, either from a trusted entropy source, +or from yet another parent \s-1DRBG\s0 instance. +For a detailed description of the reseeding process, see \s-1\fBRAND_DRBG\s0\fR\|(7). +.PP +The default \s-1DRBG\s0 type and flags are applied only during creation of a \s-1DRBG\s0 +instance. +To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances +(, resp. and ), it is necessary to call +\&\fBRAND_DRBG_set_defaults()\fR before creating any thread and before calling any +cryptographic routines that obtain random data directly or indirectly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_zalloc\fR\|(3), +\&\fBOPENSSL_secure_zalloc\fR\|(3), +\&\fBRAND_DRBG_generate\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RAND_DRBG_reseed.3 b/deps/openssl/mingw64/share/man/man3/RAND_DRBG_reseed.3 new file mode 100644 index 00000000..1c2fab7f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RAND_DRBG_reseed.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_RESEED 3" +.TH RAND_DRBG_RESEED 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_reseed, RAND_DRBG_set_reseed_interval, RAND_DRBG_set_reseed_time_interval, RAND_DRBG_set_reseed_defaults \&\- reseed a RAND_DRBG instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_DRBG_reseed(RAND_DRBG *drbg, +\& const unsigned char *adin, size_t adinlen, +\& int prediction_resistance); +\& +\& int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, +\& unsigned int interval); +\& +\& int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, +\& time_t interval); +\& +\& int RAND_DRBG_set_reseed_defaults( +\& unsigned int master_reseed_interval, +\& unsigned int slave_reseed_interval, +\& time_t master_reseed_time_interval, +\& time_t slave_reseed_time_interval +\& ); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_DRBG_reseed()\fR +reseeds the given \fBdrbg\fR, obtaining entropy input from its entropy source +and mixing in the specified additional data provided in the buffer \fBadin\fR +of length \fBadinlen\fR. +The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and \fBadinlen\fR +to 0. +An immediate reseeding from a live entropy source can be requested by setting +the \fBprediction_resistance\fR flag to 1. +This feature is not implemented yet, so reseeding with prediction resistance +requested will always fail. +.PP +\&\fBRAND_DRBG_set_reseed_interval()\fR +sets the reseed interval of the \fBdrbg\fR, which is the maximum allowed number +of generate requests between consecutive reseedings. +If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the +number of generate requests since its last seeding exceeds the given reseed +interval. +If \fBinterval\fR == 0, then this feature is disabled. +.PP +\&\fBRAND_DRBG_set_reseed_time_interval()\fR +sets the reseed time interval of the \fBdrbg\fR, which is the maximum allowed +number of seconds between consecutive reseedings. +If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the +elapsed time since its last reseeding exceeds the given reseed time interval. +If \fBinterval\fR == 0, then this feature is disabled. +.PP +\&\fBRAND_DRBG_set_reseed_defaults()\fR sets the default values for the reseed interval +(\fBmaster_reseed_interval\fR and \fBslave_reseed_interval\fR) +and the reseed time interval +(\fBmaster_reseed_time_interval\fR and \fBslave_reseed_tme_interval\fR) +of \s-1DRBG\s0 instances. +The default values are set independently for master \s-1DRBG\s0 instances (which don't +have a parent) and slave \s-1DRBG\s0 instances (which are chained to a parent \s-1DRBG\s0). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_reseed()\fR, +\&\fBRAND_DRBG_set_reseed_interval()\fR, and +\&\fBRAND_DRBG_set_reseed_time_interval()\fR, +return 1 on success, 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The default OpenSSL random generator is already set up for automatic reseeding, +so in general it is not necessary to reseed it explicitly, or to modify +its reseeding thresholds. +.PP +Normally, the entropy input for seeding a \s-1DRBG\s0 is either obtained from a +trusted os entropy source or from a parent \s-1DRBG\s0 instance, which was seeded +(directly or indirectly) from a trusted os entropy source. +In exceptional cases it is possible to replace the reseeding mechanism entirely +by providing application defined callbacks using \fBRAND_DRBG_set_callbacks()\fR. +.PP +The reseeding default values are applied only during creation of a \s-1DRBG\s0 instance. +To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances +(, resp. and ), it is necessary to call +\&\fBRAND_DRBG_set_reseed_defaults()\fR before creating any thread and before calling any + cryptographic routines that obtain random data directly or indirectly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_DRBG_generate\fR\|(3), +\&\fBRAND_DRBG_bytes\fR\|(3), +\&\fBRAND_DRBG_set_callbacks\fR\|(3). +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RAND_DRBG_set_callbacks.3 b/deps/openssl/mingw64/share/man/man3/RAND_DRBG_set_callbacks.3 new file mode 100644 index 00000000..ade4a681 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RAND_DRBG_set_callbacks.3 @@ -0,0 +1,268 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_SET_CALLBACKS 3" +.TH RAND_DRBG_SET_CALLBACKS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_set_callbacks, RAND_DRBG_get_entropy_fn, RAND_DRBG_cleanup_entropy_fn, RAND_DRBG_get_nonce_fn, RAND_DRBG_cleanup_nonce_fn \&\- set callbacks for reseeding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& +\& int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, +\& RAND_DRBG_get_entropy_fn get_entropy, +\& RAND_DRBG_cleanup_entropy_fn cleanup_entropy, +\& RAND_DRBG_get_nonce_fn get_nonce, +\& RAND_DRBG_cleanup_nonce_fn cleanup_nonce); +.Ve +.SS "Callback Functions" +.IX Subsection "Callback Functions" +.Vb 6 +\& typedef size_t (*RAND_DRBG_get_entropy_fn)( +\& RAND_DRBG *drbg, +\& unsigned char **pout, +\& int entropy, +\& size_t min_len, size_t max_len, +\& int prediction_resistance); +\& +\& typedef void (*RAND_DRBG_cleanup_entropy_fn)( +\& RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen); +\& +\& typedef size_t (*RAND_DRBG_get_nonce_fn)( +\& RAND_DRBG *drbg, +\& unsigned char **pout, +\& int entropy, +\& size_t min_len, size_t max_len); +\& +\& typedef void (*RAND_DRBG_cleanup_nonce_fn)( +\& RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_DRBG_set_callbacks()\fR sets the callbacks for obtaining fresh entropy and +the nonce when reseeding the given \fBdrbg\fR. +The callback functions are implemented and provided by the caller. +Their parameter lists need to match the function prototypes above. +.PP +Setting the callbacks is allowed only if the \s-1DRBG\s0 has not been initialized yet. +Otherwise, the operation will fail. +To change the settings for one of the three shared DRBGs it is necessary to call +\&\fBRAND_DRBG_uninstantiate()\fR first. +.PP +The \fBget_entropy\fR() callback is called by the \fBdrbg\fR when it requests fresh +random input. +It is expected that the callback allocates and fills a random buffer of size +\&\fBmin_len\fR <= size <= \fBmax_len\fR (in bytes) which contains at least \fBentropy\fR +bits of randomness. +The \fBprediction_resistance\fR flag indicates whether the reseeding was +triggered by a prediction resistance request. +.PP +The buffer's address is to be returned in *\fBpout\fR and the number of collected +randomness bytes as return value. +.PP +If the callback fails to acquire at least \fBentropy\fR bits of randomness, +it must indicate an error by returning a buffer length of 0. +.PP +If \fBprediction_resistance\fR was requested and the random source of the \s-1DRBG\s0 +does not satisfy the conditions requested by [\s-1NIST SP 800\-90C\s0], then +it must also indicate an error by returning a buffer length of 0. +See \s-1NOTES\s0 section for more details. +.PP +The \fBcleanup_entropy\fR() callback is called from the \fBdrbg\fR to to clear and +free the buffer allocated previously by \fBget_entropy()\fR. +The values \fBout\fR and \fBoutlen\fR are the random buffer's address and length, +as returned by the \fBget_entropy()\fR callback. +.PP +The \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks are used to obtain a nonce +and free it again. A nonce is only required for instantiation (not for reseeding) +and only in the case where the \s-1DRBG\s0 uses a derivation function. +The callbacks are analogous to \fBget_entropy()\fR and \fBcleanup_entropy()\fR, +except for the missing prediction_resistance flag. +.PP +If the derivation function is disabled, then no nonce is used for instantiation, +and the \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks can be omitted by +setting them to \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_set_callbacks()\fR return 1 on success, and 0 on failure +.SH "NOTES" +.IX Header "NOTES" +It is important that \fBcleanup_entropy\fR() and \fBcleanup_nonce\fR() clear the buffer +contents safely before freeing it, in order not to leave sensitive information +about the \s-1DRBG\s0's state in memory. +.PP +A request for prediction resistance can only be satisfied by pulling fresh +entropy from one of the approved entropy sources listed in section 5.5.2 of +[\s-1NIST SP 800\-90C\s0]. +Since the default implementation of the get_entropy callback does not have access +to such an approved entropy source, a request for prediction resistance will +always fail. +In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 +.PP +The derivation function is disabled during initialization by calling the +\&\fBRAND_DRBG_set()\fR function with the \s-1RAND_DRBG_FLAG_CTR_NO_DF\s0 flag. +For more information on the derivation function and when it can be omitted, +see [\s-1NIST SP 800\-90A\s0 Rev. 1]. Roughly speaking it can be omitted if the random +source has \*(L"full entropy\*(R", i.e., contains 8 bits of entropy per byte. +.PP +Even if a nonce is required, the \fBget_nonce\fR() and \fBcleanup_nonce\fR() +callbacks can be omitted by setting them to \s-1NULL.\s0 +In this case the \s-1DRBG\s0 will automatically request an extra amount of entropy +(using the \fBget_entropy\fR() and \fBcleanup_entropy\fR() callbacks) which it will +utilize for the nonce, following the recommendations of [\s-1NIST SP 800\-90A\s0 Rev. 1], +section 8.6.7. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_DRBG_new\fR\|(3), +\&\fBRAND_DRBG_reseed\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RAND_DRBG_set_ex_data.3 b/deps/openssl/mingw64/share/man/man3/RAND_DRBG_set_ex_data.3 new file mode 100644 index 00000000..5349bda3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RAND_DRBG_set_ex_data.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_SET_EX_DATA 3" +.TH RAND_DRBG_SET_EX_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_set_ex_data, RAND_DRBG_get_ex_data, RAND_DRBG_get_ex_new_index \&\- store and retrieve extra data from the DRBG instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *data); +\& +\& void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx); +\& +\& int RAND_DRBG_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_DRBG_set_ex_data()\fR enables an application to store arbitrary application +specific data \fBdata\fR in a \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The index \fBidx\fR should +be a value previously returned from a call to \fBRAND_DRBG_get_ex_new_index()\fR. +.PP +\&\fBRAND_DRBG_get_ex_data()\fR retrieves application specific data previously stored +in an \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The \fBidx\fR value should be the same as that +used when originally storing the data. +.PP +For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and +\&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and +\&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_set_ex_data()\fR returns 1 for success or 0 for failure. +.PP +\&\fBRAND_DRBG_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on +failure. \s-1NULL\s0 may also be a valid value. +.SH "NOTES" +.IX Header "NOTES" +RAND_DRBG_get_ex_new_index(...) is implemented as a macro and equivalent to +CRYPTO_get_ex_new_index(\s-1CRYPTO_EX_INDEX_DRBG,...\s0). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBCRYPTO_get_ex_data\fR\|(3), +\&\fBCRYPTO_set_ex_data\fR\|(3), +\&\fBCRYPTO_get_ex_new_index\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RAND_add.3 b/deps/openssl/mingw64/share/man/man3/RAND_add.3 new file mode 100644 index 00000000..9aa0d697 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RAND_add.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_ADD 3" +.TH RAND_ADD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, RAND_keep_random_devices_open \&\- add randomness to the PRNG or get its status +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_status(void); +\& int RAND_poll(); +\& +\& void RAND_add(const void *buf, int num, double randomness); +\& void RAND_seed(const void *buf, int num); +\& +\& void RAND_keep_random_devices_open(int keep); +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); +\& void RAND_screen(void); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions can be used to seed the random generator and to check its +seeded state. +In general, manual (re\-)seeding of the default OpenSSL random generator +(\fBRAND_OpenSSL\fR\|(3)) is not necessary (but allowed), since it does (re\-)seed +itself automatically using trusted system entropy sources. +This holds unless the default \s-1RAND_METHOD\s0 has been replaced or OpenSSL was +built with automatic reseeding disabled, see \s-1\fBRAND\s0\fR\|(7) for more details. +.PP +\&\fBRAND_status()\fR indicates whether or not the random generator has been sufficiently +seeded. If not, functions such as \fBRAND_bytes\fR\|(3) will fail. +.PP +\&\fBRAND_poll()\fR uses the system's capabilities to seed the random generator using +random input obtained from polling various trusted entropy sources. +The default choice of the entropy source can be modified at build time, +see \s-1\fBRAND\s0\fR\|(7) for more details. +.PP +\&\fBRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the internal state +of the random generator. +This function will not normally be needed, as mentioned above. +The \fBrandomness\fR argument is an estimate of how much randomness is +contained in +\&\fBbuf\fR, in bytes, and should be a number between zero and \fBnum\fR. +Details about sources of randomness and how to estimate their randomness +can be found in the literature; for example [\s-1NIST SP 800\-90B\s0]. +The content of \fBbuf\fR cannot be recovered from subsequent random generator output. +Applications that intend to save and restore random state in an external file +should consider using \fBRAND_load_file\fR\|(3) instead. +.PP +\&\fBRAND_seed()\fR is equivalent to \fBRAND_add()\fR with \fBrandomness\fR set to \fBnum\fR. +.PP +\&\fBRAND_keep_random_devices_open()\fR is used to control file descriptor +usage by the random seed sources. Some seed sources maintain open file +descriptors by default, which allows such sources to operate in a +\&\fBchroot\fR\|(2) jail without the associated device nodes being available. When +the \fBkeep\fR argument is zero, this call disables the retention of file +descriptors. Conversely, a non-zero argument enables the retention of +file descriptors. This function is usually called during initialization +and it takes effect immediately. +.PP +\&\fBRAND_event()\fR and \fBRAND_screen()\fR are equivalent to \fBRAND_poll()\fR and exist +for compatibility reasons only. See \s-1HISTORY\s0 section below. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_status()\fR returns 1 if the random generator has been seeded +with enough data, 0 otherwise. +.PP +\&\fBRAND_poll()\fR returns 1 if it generated seed data, 0 otherwise. +.PP +\&\fBRAND_event()\fR returns \fBRAND_status()\fR. +.PP +The other functions do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_egd\fR\|(3), +\&\fBRAND_load_file\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBRAND_event()\fR and \fBRAND_screen()\fR were deprecated in OpenSSL 1.1.0 and should +not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RAND_bytes.3 b/deps/openssl/mingw64/share/man/man3/RAND_bytes.3 new file mode 100644 index 00000000..78210930 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RAND_bytes.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_BYTES 3" +.TH RAND_BYTES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_bytes, RAND_priv_bytes, RAND_pseudo_bytes \- generate random data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_bytes(unsigned char *buf, int num); +\& int RAND_priv_bytes(unsigned char *buf, int num); +.Ve +.PP +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& int RAND_pseudo_bytes(unsigned char *buf, int num); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_bytes()\fR generates \fBnum\fR random bytes using a cryptographically +secure pseudo random generator (\s-1CSPRNG\s0) and stores them in \fBbuf\fR. +.PP +\&\fBRAND_priv_bytes()\fR has the same semantics as \fBRAND_bytes()\fR. It is intended to +be used for generating values that should remain private. If using the +default \s-1RAND_METHOD,\s0 this function uses a separate \*(L"private\*(R" \s-1PRNG\s0 +instance so that a compromise of the \*(L"public\*(R" \s-1PRNG\s0 instance will not +affect the secrecy of these private values, as described in \s-1\fBRAND\s0\fR\|(7) +and \s-1\fBRAND_DRBG\s0\fR\|(7). +.SH "NOTES" +.IX Header "NOTES" +By default, the OpenSSL \s-1CSPRNG\s0 supports a security level of 256 bits, provided it +was able to seed itself from a trusted entropy source. +On all major platforms supported by OpenSSL (including the Unix-like platforms +and Windows), OpenSSL is configured to automatically seed the \s-1CSPRNG\s0 on first use +using the operating systems's random generator. +.PP +If the entropy source fails or is not available, the \s-1CSPRNG\s0 will enter an +error state and refuse to generate random bytes. For that reason, it is important +to always check the error return value of \fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR and +not take randomness for granted. +.PP +On other platforms, there might not be a trusted entropy source available +or OpenSSL might have been explicitly configured to use different entropy sources. +If you are in doubt about the quality of the entropy source, don't hesitate to ask +your operating system vendor or post a question on GitHub or the openssl-users +mailing list. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR +return 1 on success, \-1 if not supported by the current +\&\s-1RAND\s0 method, or 0 on other failure. The error code can be +obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_priv_bytes\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +.IP "\(bu" 2 +\&\fBRAND_pseudo_bytes()\fR was deprecated in OpenSSL 1.1.0; use \fBRAND_bytes()\fR instead. +.IP "\(bu" 2 +The \fBRAND_priv_bytes()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RAND_cleanup.3 b/deps/openssl/mingw64/share/man/man3/RAND_cleanup.3 new file mode 100644 index 00000000..d0a8370f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RAND_cleanup.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_CLEANUP 3" +.TH RAND_CLEANUP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_cleanup \- erase the PRNG state +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void RAND_cleanup(void) +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Prior to OpenSSL 1.1.0, \fBRAND_cleanup()\fR released all resources used by +the \s-1PRNG.\s0 As of version 1.1.0, it does nothing and should not be called, +since no explicit initialisation or de-initialisation is necessary. See +\&\fBOPENSSL_init_crypto\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_cleanup()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBRAND_cleanup()\fR was deprecated in OpenSSL 1.1.0; do not use it. +See \fBOPENSSL_init_crypto\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RAND_egd.3 b/deps/openssl/mingw64/share/man/man3/RAND_egd.3 new file mode 100644 index 00000000..61b4ca48 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RAND_egd.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_EGD 3" +.TH RAND_EGD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes \- query entropy gathering daemon +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_egd_bytes(const char *path, int num); +\& int RAND_egd(const char *path); +\& +\& int RAND_query_egd_bytes(const char *path, unsigned char *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +On older platforms without a good source of randomness such as \f(CW\*(C`/dev/urandom\*(C'\fR, +it is possible to query an Entropy Gathering Daemon (\s-1EGD\s0) over a local +socket to obtain randomness and seed the OpenSSL \s-1RNG.\s0 +The protocol used is defined by the EGDs available at + or . +.PP +\&\fBRAND_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at the +specified socket \fBpath\fR, and passes the data it receives into \fBRAND_add()\fR. +\&\fBRAND_egd()\fR is equivalent to \fBRAND_egd_bytes()\fR with \fBnum\fR set to 255. +.PP +\&\fBRAND_query_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at +the specified socket \fBpath\fR, where \fBnum\fR must be less than 256. +If \fBbuf\fR is \fB\s-1NULL\s0\fR, it is equivalent to \fBRAND_egd_bytes()\fR. +If \fBbuf\fR is not \fB\s-1NULL\s0\fR, then the data is copied to the buffer and +\&\fBRAND_add()\fR is not called. +.PP +OpenSSL can be configured at build time to try to use the \s-1EGD\s0 for seeding +automatically. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_egd()\fR and \fBRAND_egd_bytes()\fR return the number of bytes read from the +daemon on success, or \-1 if the connection failed or the daemon did not +return enough data to fully seed the \s-1PRNG.\s0 +.PP +\&\fBRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on +success, or \-1 if the connection failed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RAND_load_file.3 b/deps/openssl/mingw64/share/man/man3/RAND_load_file.3 new file mode 100644 index 00000000..14fc5450 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RAND_load_file.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_LOAD_FILE 3" +.TH RAND_LOAD_FILE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_load_file(const char *filename, long max_bytes); +\& +\& int RAND_write_file(const char *filename); +\& +\& const char *RAND_file_name(char *buf, size_t num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and +adds them to the \s-1PRNG.\s0 If \fBmax_bytes\fR is non-negative, +up to \fBmax_bytes\fR are read; +if \fBmax_bytes\fR is \-1, the complete file is read. +Do not load the same file multiple times unless its contents have +been updated by \fBRAND_write_file()\fR between reads. +Also, note that \fBfilename\fR should be adequately protected so that an +attacker cannot replace or examine the contents. +If \fBfilename\fR is not a regular file, then user is considered to be +responsible for any side effects, e.g. non-anticipated blocking or +capture of controlling terminal. +.PP +\&\fBRAND_write_file()\fR writes a number of random bytes (currently 128) to +file \fBfilename\fR which can be used to initialize the \s-1PRNG\s0 by calling +\&\fBRAND_load_file()\fR in a later session. +.PP +\&\fBRAND_file_name()\fR generates a default path for the random seed +file. \fBbuf\fR points to a buffer of size \fBnum\fR in which to store the +filename. +.PP +On all systems, if the environment variable \fB\s-1RANDFILE\s0\fR is set, its +value will be used as the seed file name. +Otherwise, the file is called \f(CW\*(C`.rnd\*(C'\fR, found in platform dependent locations: +.IP "On Windows (in order of preference)" 4 +.IX Item "On Windows (in order of preference)" +.Vb 1 +\& %HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\e +.Ve +.IP "On \s-1VMS\s0" 4 +.IX Item "On VMS" +.Vb 1 +\& SYS$LOGIN: +.Ve +.IP "On all other systems" 4 +.IX Item "On all other systems" +.Vb 1 +\& $HOME +.Ve +.PP +If \f(CW$HOME\fR (on non-Windows and non-VMS system) is not set either, or +\&\fBnum\fR is too small for the path name, an error occurs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_load_file()\fR returns the number of bytes read or \-1 on error. +.PP +\&\fBRAND_write_file()\fR returns the number of bytes written, or \-1 if the +bytes written were generated without appropriate seeding. +.PP +\&\fBRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RAND_set_rand_method.3 b/deps/openssl/mingw64/share/man/man3/RAND_set_rand_method.3 new file mode 100644 index 00000000..a3aed58d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RAND_set_rand_method.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_SET_RAND_METHOD 3" +.TH RAND_SET_RAND_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL \- select RAND method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RAND_METHOD *RAND_OpenSSL(void); +\& +\& int RAND_set_rand_method(const RAND_METHOD *meth); +\& +\& const RAND_METHOD *RAND_get_rand_method(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number +generation. +.PP +\&\fBRAND_OpenSSL()\fR returns the default \fB\s-1RAND_METHOD\s0\fR implementation by OpenSSL. +This implementation ensures that the \s-1PRNG\s0 state is unique for each thread. +.PP +If an \fB\s-1ENGINE\s0\fR is loaded that provides the \s-1RAND API,\s0 however, it will +be used instead of the method returned by \fBRAND_OpenSSL()\fR. +.PP +\&\fBRAND_set_rand_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. If an +\&\s-1ENGINE\s0 was providing the method, it will be released first. +.PP +\&\fBRAND_get_rand_method()\fR returns a pointer to the current \fB\s-1RAND_METHOD\s0\fR. +.SH "THE RAND_METHOD STRUCTURE" +.IX Header "THE RAND_METHOD STRUCTURE" +.Vb 8 +\& typedef struct rand_meth_st { +\& int (*seed)(const void *buf, int num); +\& int (*bytes)(unsigned char *buf, int num); +\& void (*cleanup)(void); +\& int (*add)(const void *buf, int num, double entropy); +\& int (*pseudorand)(unsigned char *buf, int num); +\& int (*status)(void); +\& } RAND_METHOD; +.Ve +.PP +The fields point to functions that are used by, in order, +\&\fBRAND_seed()\fR, \fBRAND_bytes()\fR, internal \s-1RAND\s0 cleanup, \fBRAND_add()\fR, \fBRAND_pseudo_rand()\fR +and \fBRAND_status()\fR. +Each pointer may be \s-1NULL\s0 if the function is not implemented. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_set_rand_method()\fR returns 1 on success and 0 on failure. +\&\fBRAND_get_rand_method()\fR and \fBRAND_OpenSSL()\fR return pointers to the respective +methods. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_bytes\fR\|(3), +\&\fBENGINE_by_id\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RC4_set_key.3 b/deps/openssl/mingw64/share/man/man3/RC4_set_key.3 new file mode 100644 index 00000000..8a4c262c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RC4_set_key.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RC4_SET_KEY 3" +.TH RC4_SET_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RC4_set_key, RC4 \- RC4 encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +\& +\& void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, +\& unsigned char *outdata); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements the Alleged \s-1RC4\s0 cipher, which is described for +example in \fIApplied Cryptography\fR. It is believed to be compatible +with RC4[\s-1TM\s0], a proprietary cipher of \s-1RSA\s0 Security Inc. +.PP +\&\s-1RC4\s0 is a stream cipher with variable key length. Typically, 128 bit +(16 byte) keys are used for strong encryption, but shorter insecure +key sizes have been widely used due to export restrictions. +.PP +\&\s-1RC4\s0 consists of a key setup phase and the actual encryption or +decryption phase. +.PP +\&\fBRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long +key at \fBdata\fR. +.PP +\&\s-1\fBRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using +\&\fBkey\fR and places the result at \fBoutdata\fR. Repeated \s-1\fBRC4\s0()\fR calls with +the same \fBkey\fR yield a continuous key stream. +.PP +Since \s-1RC4\s0 is a stream cipher (the input is XORed with a pseudo-random +key stream to produce the output), decryption uses the same function +calls as encryption. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRC4_set_key()\fR and \s-1\fBRC4\s0()\fR do not return values. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these +functions directly. +.PP +It is difficult to securely use stream ciphers. For example, do not perform +multiple encryptions using the same key stream. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_EncryptInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RIPEMD160_Init.3 b/deps/openssl/mingw64/share/man/man3/RIPEMD160_Init.3 new file mode 100644 index 00000000..8805a6c1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RIPEMD160_Init.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RIPEMD160_INIT 3" +.TH RIPEMD160_INIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- RIPEMD\-160 hash function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, +\& unsigned char *md); +\& +\& int RIPEMD160_Init(RIPEMD160_CTX *c); +\& int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); +\& int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1RIPEMD\-160\s0 is a cryptographic hash function with a +160 bit output. +.PP +\&\s-1\fBRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest +is placed in a static array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fBRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure. +.PP +\&\fBRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fBRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have +space for \s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output, and erases +the \fB\s-1RIPEMD160_CTX\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBRIPEMD160\s0()\fR returns a pointer to the hash value. +.PP +\&\fBRIPEMD160_Init()\fR, \fBRIPEMD160_Update()\fR and \fBRIPEMD160_Final()\fR return 1 for +success, 0 otherwise. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling these +functions directly. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RSA_blinding_on.3 b/deps/openssl/mingw64/share/man/man3/RSA_blinding_on.3 new file mode 100644 index 00000000..1f9633a1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RSA_blinding_on.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_BLINDING_ON 3" +.TH RSA_BLINDING_ON 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_blinding_on, RSA_blinding_off \- protect the RSA operation from timing attacks +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +\& +\& void RSA_blinding_off(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1RSA\s0 is vulnerable to timing attacks. In a setup where attackers can +measure the time of \s-1RSA\s0 decryption or signature operations, blinding +must be used to protect the \s-1RSA\s0 operation from that attack. +.PP +\&\fBRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a +random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a pre-allocated and +initialized \fB\s-1BN_CTX\s0\fR. +.PP +\&\fBRSA_blinding_off()\fR turns blinding off and frees the memory used for +the blinding factor. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred. +.PP +\&\fBRSA_blinding_off()\fR returns no value. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RSA_check_key.3 b/deps/openssl/mingw64/share/man/man3/RSA_check_key.3 new file mode 100644 index 00000000..9a48b418 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RSA_check_key.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_CHECK_KEY 3" +.TH RSA_CHECK_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_check_key_ex, RSA_check_key \- validate private RSA keys +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb); +\& +\& int RSA_check_key(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_check_key_ex()\fR function validates \s-1RSA\s0 keys. +It checks that \fBp\fR and \fBq\fR are +in fact prime, and that \fBn = p*q\fR. +.PP +It does not work on \s-1RSA\s0 public keys that have only the modulus +and public exponent elements populated. +It also checks that \fBd*e = 1 mod (p\-1*q\-1)\fR, +and that \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR are set correctly or are \fB\s-1NULL\s0\fR. +It performs integrity checks on all +the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private +key data too. +Therefore, it cannot be used with any arbitrary \s-1RSA\s0 key object, +even if it is otherwise fit for regular \s-1RSA\s0 operation. +.PP +The \fBcb\fR parameter is a callback that will be invoked in the same +manner as \fBBN_is_prime_ex\fR\|(3). +.PP +\&\fBRSA_check_key()\fR is equivalent to \fBRSA_check_key_ex()\fR with a \s-1NULL\s0 \fBcb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_check_key_ex()\fR and \fBRSA_check_key()\fR +return 1 if \fBrsa\fR is a valid \s-1RSA\s0 key, and 0 otherwise. +They return \-1 if an error occurs while checking the key. +.PP +If the key is invalid or an error occurred, the reason code can be +obtained using \fBERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work +transparently with any underlying \s-1ENGINE\s0 implementation because it uses the +key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can +override the way key data is stored and handled, and can even provide +support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR +key data at all! If the \s-1ENGINE\s0 in question is only being used for +acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data +is complete and untouched, but this can't be assumed in the general case. +.SH "BUGS" +.IX Header "BUGS" +A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA API\s0 functions might need +to be considered. Right now \fBRSA_check_key()\fR simply uses the \s-1RSA\s0 structure +elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and +completely violating encapsulation and object-orientation in the process). +The best fix will probably be to introduce a \*(L"\fBcheck_key()\fR\*(R" handler to the +\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also +provide their own verifiers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_is_prime_ex\fR\|(3), +\&\fBERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBRSA_check_key_ex()\fR appeared after OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RSA_generate_key.3 b/deps/openssl/mingw64/share/man/man3/RSA_generate_key.3 new file mode 100644 index 00000000..49d633c3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RSA_generate_key.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_GENERATE_KEY 3" +.TH RSA_GENERATE_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_generate_key_ex, RSA_generate_key, RSA_generate_multi_prime_key \- generate RSA key pair +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +\& int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& #if OPENSSL_API_COMPAT < 0x00908000L +\& RSA *RSA_generate_key(int bits, unsigned long e, +\& void (*callback)(int, int, void *), void *cb_arg); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_generate_key_ex()\fR generates a 2\-prime \s-1RSA\s0 key pair and stores it in the +\&\fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The pseudo-random number generator must +be seeded prior to calling \fBRSA_generate_key_ex()\fR. +.PP +\&\fBRSA_generate_multi_prime_key()\fR generates a multi-prime \s-1RSA\s0 key pair and stores +it in the \fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The number of primes is given by +the \fBprimes\fR parameter. The random number generator must be seeded when +calling \fBRSA_generate_multi_prime_key()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +The modulus size will be of length \fBbits\fR, the number of primes to form the +modulus will be \fBprimes\fR, and the public exponent will be \fBe\fR. Key sizes +with \fBnum\fR < 1024 should be considered insecure. The exponent is an odd +number, typically 3, 17 or 65537. +.PP +In order to maintain adequate security level, the maximum number of permitted +\&\fBprimes\fR depends on modulus bit length: +.PP +.Vb 3 +\& <1024 | >=1024 | >=4096 | >=8192 +\& \-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\- +\& 2 | 3 | 4 | 5 +.Ve +.PP +A callback function may be used to provide feedback about the +progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it +will be called as follows using the \fBBN_GENCB_call()\fR function +described on the \fBBN_generate_prime\fR\|(3) page. +.PP +\&\fBRSA_generate_key()\fR is similar to \fBRSA_generate_key_ex()\fR but +expects an old-style callback function; see +\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. +.IP "\(bu" 2 +While a random prime number is generated, it is called as +described in \fBBN_generate_prime\fR\|(3). +.IP "\(bu" 2 +When the n\-th randomly generated prime is rejected as not +suitable for the key, \fBBN_GENCB_call(cb, 2, n)\fR is called. +.IP "\(bu" 2 +When a random p has been found with p\-1 relatively prime to \fBe\fR, +it is called as \fBBN_GENCB_call(cb, 3, 0)\fR. +.PP +The process is then repeated for prime q and other primes (if any) +with \fBBN_GENCB_call(cb, 3, i)\fR where \fBi\fR indicates the i\-th prime. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_generate_multi_prime_key()\fR returns 1 on success or 0 on error. +\&\fBRSA_generate_key_ex()\fR returns 1 on success or 0 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.PP +\&\fBRSA_generate_key()\fR returns a pointer to the \s-1RSA\s0 structure or +\&\fB\s-1NULL\s0\fR if the key generation fails. +.SH "BUGS" +.IX Header "BUGS" +\&\fBBN_GENCB_call(cb, 2, x)\fR is used with two different meanings. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBBN_generate_prime\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBRSA_generate_key()\fR was deprecated in OpenSSL 0.9.8; use +\&\fBRSA_generate_key_ex()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RSA_get0_key.3 b/deps/openssl/mingw64/share/man/man3/RSA_get0_key.3 new file mode 100644 index 00000000..b4a7c49c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RSA_get0_key.3 @@ -0,0 +1,303 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_GET0_KEY 3" +.TH RSA_GET0_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_get0_pss_params, RSA_clear_flags, RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, RSA_set0_multi_prime_params, RSA_get_version \&\- Routines for getting and setting data in an RSA object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +\& int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +\& int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +\& void RSA_get0_key(const RSA *r, +\& const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); +\& void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +\& void RSA_get0_crt_params(const RSA *r, +\& const BIGNUM **dmp1, const BIGNUM **dmq1, +\& const BIGNUM **iqmp); +\& const BIGNUM *RSA_get0_n(const RSA *d); +\& const BIGNUM *RSA_get0_e(const RSA *d); +\& const BIGNUM *RSA_get0_d(const RSA *d); +\& const BIGNUM *RSA_get0_p(const RSA *d); +\& const BIGNUM *RSA_get0_q(const RSA *d); +\& const BIGNUM *RSA_get0_dmp1(const RSA *r); +\& const BIGNUM *RSA_get0_dmq1(const RSA *r); +\& const BIGNUM *RSA_get0_iqmp(const RSA *r); +\& const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); +\& void RSA_clear_flags(RSA *r, int flags); +\& int RSA_test_flags(const RSA *r, int flags); +\& void RSA_set_flags(RSA *r, int flags); +\& ENGINE *RSA_get0_engine(RSA *r); +\& int RSA_get_multi_prime_extra_count(const RSA *r); +\& int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); +\& int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], +\& const BIGNUM *coeffs[]); +\& int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], +\& BIGNUM *coeffs[], int pnum); +\& int RSA_get_version(RSA *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \s-1RSA\s0 object contains the components for the public and private key, +\&\fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR. \fBn\fR is +the modulus common to both public and private key, \fBe\fR is the public +exponent and \fBd\fR is the private exponent. \fBp\fR, \fBq\fR, \fBdmp1\fR, +\&\fBdmq1\fR and \fBiqmp\fR are the factors for the second representation of a +private key (see PKCS#1 section 3 Key Types), where \fBp\fR and \fBq\fR are +the first and second factor of \fBn\fR and \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR +are the exponents and coefficient for \s-1CRT\s0 calculations. +.PP +For multi-prime \s-1RSA\s0 (defined in \s-1RFC 8017\s0), there are also one or more +\&'triplet' in an \s-1RSA\s0 object. A triplet contains three members, \fBr\fR, \fBd\fR +and \fBt\fR. \fBr\fR is the additional prime besides \fBp\fR and \fBq\fR. \fBd\fR and +\&\fBt\fR are the exponent and coefficient for \s-1CRT\s0 calculations. +.PP +The \fBn\fR, \fBe\fR and \fBd\fR parameters can be obtained by calling +\&\fBRSA_get0_key()\fR. If they have not been set yet, then \fB*n\fR, \fB*e\fR and +\&\fB*d\fR will be set to \s-1NULL.\s0 Otherwise, they are set to pointers to +their respective values. These point directly to the internal +representations of the values and therefore should not be freed +by the caller. +.PP +The \fBn\fR, \fBe\fR and \fBd\fR parameter values can be set by calling +\&\fBRSA_set0_key()\fR and passing the new values for \fBn\fR, \fBe\fR and \fBd\fR as +parameters to the function. The values \fBn\fR and \fBe\fR must be non-NULL +the first time this function is called on a given \s-1RSA\s0 object. The +value \fBd\fR may be \s-1NULL.\s0 On subsequent calls any of these values may be +\&\s-1NULL\s0 which means the corresponding \s-1RSA\s0 field is left untouched. +Calling this function transfers the memory management of the values to +the \s-1RSA\s0 object, and therefore the values that have been passed in +should not be freed by the caller after this function has been called. +.PP +In a similar fashion, the \fBp\fR and \fBq\fR parameters can be obtained and +set with \fBRSA_get0_factors()\fR and \fBRSA_set0_factors()\fR, and the \fBdmp1\fR, +\&\fBdmq1\fR and \fBiqmp\fR parameters can be obtained and set with +\&\fBRSA_get0_crt_params()\fR and \fBRSA_set0_crt_params()\fR. +.PP +For \fBRSA_get0_key()\fR, \fBRSA_get0_factors()\fR, and \fBRSA_get0_crt_params()\fR, +\&\s-1NULL\s0 value \s-1BIGNUM\s0 ** output parameters are permitted. The functions +ignore \s-1NULL\s0 parameters but return values for other, non-NULL, parameters. +.PP +For multi-prime \s-1RSA,\s0 \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR +can be used to obtain other primes and related \s-1CRT\s0 parameters. The +return values are stored in an array of \fB\s-1BIGNUM\s0 *\fR. \fBRSA_set0_multi_prime_params()\fR +sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient) +into an \s-1RSA\s0 object. +.PP +Any of the values \fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR, and \fBiqmp\fR can also be +retrieved separately by the corresponding function +\&\fBRSA_get0_n()\fR, \fBRSA_get0_e()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_p()\fR, \fBRSA_get0_q()\fR, +\&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR, respectively. +.PP +\&\fBRSA_get0_pss_params()\fR is used to retrieve the RSA-PSS parameters. +.PP +\&\fBRSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1RSA\s0 +object. Multiple flags can be passed in one go (bitwise ORed together). +Any flags that are already set are left set. \fBRSA_test_flags()\fR tests to +see whether the flags passed in the \fBflags\fR parameter are currently +set in the \s-1RSA\s0 object. Multiple flags can be tested in one go. All +flags that are currently set are returned, or zero if none of the +flags are set. \fBRSA_clear_flags()\fR clears the specified flags within the +\&\s-1RSA\s0 object. +.PP +\&\fBRSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for +this \s-1RSA\s0 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. +.PP +\&\fBRSA_get_version()\fR returns the version of an \s-1RSA\s0 object \fBr\fR. +.SH "NOTES" +.IX Header "NOTES" +Values retrieved with \fBRSA_get0_key()\fR are owned by the \s-1RSA\s0 object used +in the call and may therefore \fInot\fR be passed to \fBRSA_set0_key()\fR. If +needed, duplicate the received value using \fBBN_dup()\fR and pass the +duplicate. The same applies to \fBRSA_get0_factors()\fR and \fBRSA_set0_factors()\fR +as well as \fBRSA_get0_crt_params()\fR and \fBRSA_set0_crt_params()\fR. +.PP +The caller should obtain the size by calling \fBRSA_get_multi_prime_extra_count()\fR +in advance and allocate sufficient buffer to store the return values before +calling \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR. +.PP +\&\fBRSA_set0_multi_prime_params()\fR always clears the original multi-prime +triplets in \s-1RSA\s0 object \fBr\fR and assign the new set of triplets into it. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_set0_key()\fR, \fBRSA_set0_factors()\fR, \fBRSA_set0_crt_params()\fR and +\&\fBRSA_set0_multi_prime_params()\fR return 1 on success or 0 on failure. +.PP +\&\fBRSA_get0_n()\fR, \fBRSA_get0_e()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_p()\fR, \fBRSA_get0_q()\fR, +\&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR +return the respective value. +.PP +\&\fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_crt_params()\fR return +1 on success or 0 on failure. +.PP +\&\fBRSA_get_multi_prime_extra_count()\fR returns two less than the number of primes +in use, which is 0 for traditional \s-1RSA\s0 and the number of extra primes for +multi-prime \s-1RSA.\s0 +.PP +\&\fBRSA_get_version()\fR returns \fB\s-1RSA_ASN1_VERSION_MULTI\s0\fR for multi-prime \s-1RSA\s0 and +\&\fB\s-1RSA_ASN1_VERSION_DEFAULT\s0\fR for normal two-prime \s-1RSA,\s0 as defined in \s-1RFC 8017.\s0 +.PP +\&\fBRSA_test_flags()\fR returns the current state of the flags in the \s-1RSA\s0 object. +.PP +\&\fBRSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1RSA\s0 object or \s-1NULL\s0 if no +\&\s-1ENGINE\s0 has been set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRSA_new\fR\|(3), \fBRSA_size\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBRSA_get0_pss_params()\fR function was added in OpenSSL 1.1.1e. +.PP +The +\&\fBRSA_get_multi_prime_extra_count()\fR, \fBRSA_get0_multi_prime_factors()\fR, +\&\fBRSA_get0_multi_prime_crt_params()\fR, \fBRSA_set0_multi_prime_params()\fR, +and \fBRSA_get_version()\fR functions were added in OpenSSL 1.1.1. +.PP +Other functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RSA_meth_new.3 b/deps/openssl/mingw64/share/man/man3/RSA_meth_new.3 new file mode 100644 index 00000000..d851f675 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RSA_meth_new.3 @@ -0,0 +1,382 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_METH_NEW 3" +.TH RSA_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, RSA_meth_get_pub_enc, RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen \&\- Routines to build up RSA methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RSA_METHOD *RSA_meth_new(const char *name, int flags); +\& void RSA_meth_free(RSA_METHOD *meth); +\& +\& RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +\& +\& const char *RSA_meth_get0_name(const RSA_METHOD *meth); +\& int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +\& +\& int RSA_meth_get_flags(const RSA_METHOD *meth); +\& int RSA_meth_set_flags(RSA_METHOD *meth, int flags); +\& +\& void *RSA_meth_get0_app_data(const RSA_METHOD *meth); +\& int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); +\& +\& int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& int RSA_meth_set_pub_enc(RSA_METHOD *rsa, +\& int (*pub_enc)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding)); +\& +\& int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) +\& (int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& int RSA_meth_set_pub_dec(RSA_METHOD *rsa, +\& int (*pub_dec)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding)); +\& +\& int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding); +\& int RSA_meth_set_priv_enc(RSA_METHOD *rsa, +\& int (*priv_enc)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding)); +\& +\& int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding); +\& int RSA_meth_set_priv_dec(RSA_METHOD *rsa, +\& int (*priv_dec)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding)); +\& +\& /* Can be null */ +\& int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i, +\& RSA *rsa, BN_CTX *ctx); +\& int RSA_meth_set_mod_exp(RSA_METHOD *rsa, +\& int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa, +\& BN_CTX *ctx)); +\& +\& /* Can be null */ +\& int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, const BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *m_ctx); +\& int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, +\& int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *m_ctx)); +\& +\& /* called at new */ +\& int (*RSA_meth_get_init(const RSA_METHOD *meth) (RSA *rsa); +\& int RSA_meth_set_init(RSA_METHOD *rsa, int (*init (RSA *rsa)); +\& +\& /* called at free */ +\& int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); +\& int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish)(RSA *rsa)); +\& +\& int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, const unsigned char *m, +\& unsigned int m_length, +\& unsigned char *sigret, +\& unsigned int *siglen, const RSA *rsa); +\& int RSA_meth_set_sign(RSA_METHOD *rsa, +\& int (*sign)(int type, const unsigned char *m, +\& unsigned int m_length, unsigned char *sigret, +\& unsigned int *siglen, const RSA *rsa)); +\& +\& int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, const unsigned char *m, +\& unsigned int m_length, +\& const unsigned char *sigbuf, +\& unsigned int siglen, const RSA *rsa); +\& int RSA_meth_set_verify(RSA_METHOD *rsa, +\& int (*verify)(int dtype, const unsigned char *m, +\& unsigned int m_length, +\& const unsigned char *sigbuf, +\& unsigned int siglen, const RSA *rsa)); +\& +\& int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e, +\& BN_GENCB *cb); +\& int RSA_meth_set_keygen(RSA_METHOD *rsa, +\& int (*keygen)(RSA *rsa, int bits, BIGNUM *e, +\& BN_GENCB *cb)); +\& +\& int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, +\& int primes, BIGNUM *e, +\& BN_GENCB *cb); +\& +\& int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, +\& int (*keygen) (RSA *rsa, int bits, +\& int primes, BIGNUM *e, +\& BN_GENCB *cb)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1RSA_METHOD\s0\fR type is a structure used for the provision of custom +\&\s-1RSA\s0 implementations. It provides a set of functions used by OpenSSL +for the implementation of the various \s-1RSA\s0 capabilities. See the rsa +page for more information. +.PP +\&\fBRSA_meth_new()\fR creates a new \fB\s-1RSA_METHOD\s0\fR structure. It should be +given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a +\&\s-1NULL\s0 terminated string, which will be duplicated and stored in the +\&\fB\s-1RSA_METHOD\s0\fR object. It is the callers responsibility to free the +original string. The flags will be used during the construction of a +new \fB\s-1RSA\s0\fR object based on this \fB\s-1RSA_METHOD\s0\fR. Any new \fB\s-1RSA\s0\fR object +will have those flags set by default. +.PP +\&\fBRSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1RSA_METHOD\s0\fR object +passed as a parameter. This might be useful for creating a new +\&\fB\s-1RSA_METHOD\s0\fR based on an existing one, but with some differences. +.PP +\&\fBRSA_meth_free()\fR destroys an \fB\s-1RSA_METHOD\s0\fR structure and frees up any +memory associated with it. +.PP +\&\fBRSA_meth_get0_name()\fR will return a pointer to the name of this +\&\s-1RSA_METHOD.\s0 This is a pointer to the internal name string and so +should not be freed by the caller. \fBRSA_meth_set1_name()\fR sets the name +of the \s-1RSA_METHOD\s0 to \fBname\fR. The string is duplicated and the copy is +stored in the \s-1RSA_METHOD\s0 structure, so the caller remains responsible +for freeing the memory associated with the name. +.PP +\&\fBRSA_meth_get_flags()\fR returns the current value of the flags associated +with this \s-1RSA_METHOD.\s0 \fBRSA_meth_set_flags()\fR provides the ability to set +these flags. +.PP +The functions \fBRSA_meth_get0_app_data()\fR and \fBRSA_meth_set0_app_data()\fR +provide the ability to associate implementation specific data with the +\&\s-1RSA_METHOD.\s0 It is the application's responsibility to free this data +before the \s-1RSA_METHOD\s0 is freed via a call to \fBRSA_meth_free()\fR. +.PP +\&\fBRSA_meth_get_sign()\fR and \fBRSA_meth_set_sign()\fR get and set the function +used for creating an \s-1RSA\s0 signature respectively. This function will be +called in response to the application calling \fBRSA_sign()\fR. The +parameters for the function have the same meaning as for \fBRSA_sign()\fR. +.PP +\&\fBRSA_meth_get_verify()\fR and \fBRSA_meth_set_verify()\fR get and set the +function used for verifying an \s-1RSA\s0 signature respectively. This +function will be called in response to the application calling +\&\fBRSA_verify()\fR. The parameters for the function have the same meaning as +for \fBRSA_verify()\fR. +.PP +\&\fBRSA_meth_get_mod_exp()\fR and \fBRSA_meth_set_mod_exp()\fR get and set the +function used for \s-1CRT\s0 computations. +.PP +\&\fBRSA_meth_get_bn_mod_exp()\fR and \fBRSA_meth_set_bn_mod_exp()\fR get and set +the function used for \s-1CRT\s0 computations, specifically the following +value: +.PP +.Vb 1 +\& r = a ^ p mod m +.Ve +.PP +Both the \fBmod_exp()\fR and \fBbn_mod_exp()\fR functions are called by the +default OpenSSL method during encryption, decryption, signing and +verification. +.PP +\&\fBRSA_meth_get_init()\fR and \fBRSA_meth_set_init()\fR get and set the function +used for creating a new \s-1RSA\s0 instance respectively. This function will +be called in response to the application calling \fBRSA_new()\fR (if the +current default \s-1RSA_METHOD\s0 is this one) or \fBRSA_new_method()\fR. The +\&\fBRSA_new()\fR and \fBRSA_new_method()\fR functions will allocate the memory for +the new \s-1RSA\s0 object, and a pointer to this newly allocated structure +will be passed as a parameter to the function. This function may be +\&\s-1NULL.\s0 +.PP +\&\fBRSA_meth_get_finish()\fR and \fBRSA_meth_set_finish()\fR get and set the +function used for destroying an instance of an \s-1RSA\s0 object respectively. +This function will be called in response to the application calling +\&\fBRSA_free()\fR. A pointer to the \s-1RSA\s0 to be destroyed is passed as a +parameter. The destroy function should be used for \s-1RSA\s0 implementation +specific clean up. The memory for the \s-1RSA\s0 itself should not be freed +by this function. This function may be \s-1NULL.\s0 +.PP +\&\fBRSA_meth_get_keygen()\fR and \fBRSA_meth_set_keygen()\fR get and set the +function used for generating a new \s-1RSA\s0 key pair respectively. This +function will be called in response to the application calling +\&\fBRSA_generate_key_ex()\fR. The parameter for the function has the same +meaning as for \fBRSA_generate_key_ex()\fR. +.PP +\&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR get +and set the function used for generating a new multi-prime \s-1RSA\s0 key pair +respectively. This function will be called in response to the application calling +\&\fBRSA_generate_multi_prime_key()\fR. The parameter for the function has the same +meaning as for \fBRSA_generate_multi_prime_key()\fR. +.PP +\&\fBRSA_meth_get_pub_enc()\fR, \fBRSA_meth_set_pub_enc()\fR, +\&\fBRSA_meth_get_pub_dec()\fR, \fBRSA_meth_set_pub_dec()\fR, +\&\fBRSA_meth_get_priv_enc()\fR, \fBRSA_meth_set_priv_enc()\fR, +\&\fBRSA_meth_get_priv_dec()\fR, \fBRSA_meth_set_priv_dec()\fR get and set the +functions used for public and private key encryption and decryption. +These functions will be called in response to the application calling +\&\fBRSA_public_encrypt()\fR, \fBRSA_private_decrypt()\fR, \fBRSA_private_encrypt()\fR and +\&\fBRSA_public_decrypt()\fR and take the same parameters as those. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_meth_new()\fR and \fBRSA_meth_dup()\fR return the newly allocated +\&\s-1RSA_METHOD\s0 object or \s-1NULL\s0 on failure. +.PP +\&\fBRSA_meth_get0_name()\fR and \fBRSA_meth_get_flags()\fR return the name and +flags associated with the \s-1RSA_METHOD\s0 respectively. +.PP +All other RSA_meth_get_*() functions return the appropriate function +pointer that has been set in the \s-1RSA_METHOD,\s0 or \s-1NULL\s0 if no such +pointer has yet been set. +.PP +RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on +success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRSA_new\fR\|(3), \fBRSA_generate_key_ex\fR\|(3), \fBRSA_sign\fR\|(3), +\&\fBRSA_set_method\fR\|(3), \fBRSA_size\fR\|(3), \fBRSA_get0_key\fR\|(3), +\&\fBRSA_generate_multi_prime_key\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR were +added in OpenSSL 1.1.1. +.PP +Other functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RSA_new.3 b/deps/openssl/mingw64/share/man/man3/RSA_new.3 new file mode 100644 index 00000000..f39ddfe7 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RSA_new.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_NEW 3" +.TH RSA_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_new, RSA_free \- allocate and free RSA objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RSA *RSA_new(void); +\& +\& void RSA_free(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to +calling RSA_new_method(\s-1NULL\s0). +.PP +\&\fBRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is +erased before the memory is returned to the system. +If \fBrsa\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns +a pointer to the newly allocated structure. +.PP +\&\fBRSA_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBRSA_generate_key\fR\|(3), +\&\fBRSA_new_method\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RSA_padding_add_PKCS1_type_1.3 b/deps/openssl/mingw64/share/man/man3/RSA_padding_add_PKCS1_type_1.3 new file mode 100644 index 00000000..c1c10b61 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RSA_padding_add_PKCS1_type_1.3 @@ -0,0 +1,276 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PADDING_ADD_PKCS1_TYPE_1 3" +.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, RSA_padding_add_none, RSA_padding_check_none \- asymmetric encryption padding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +\& +\& int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +\& +\& int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, +\& const unsigned char *p, int pl); +\& +\& int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len, +\& const unsigned char *p, int pl); +\& +\& int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, +\& const unsigned char *p, int pl, +\& const EVP_MD *md, const EVP_MD *mgf1md); +\& +\& int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len, +\& const unsigned char *p, int pl, +\& const EVP_MD *md, const EVP_MD *mgf1md); +\& +\& int RSA_padding_add_SSLv23(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_SSLv23(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +\& +\& int RSA_padding_add_none(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_none(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt, +decrypt, sign and verify functions. Normally they should not be called +from application programs. +.PP +However, they can also be called directly to implement padding for other +asymmetric ciphers. \fBRSA_padding_add_PKCS1_OAEP()\fR and +\&\fBRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined +with \fB\s-1RSA_NO_PADDING\s0\fR in order to implement \s-1OAEP\s0 with an encoding +parameter. +.PP +\&\fBRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into +\&\fBtlen\fR bytes and stores the result at \fBto\fR. An error occurs if \fBfl\fR +does not meet the size requirements of the encoding method. +.PP +The following encoding methods are implemented: +.IP "PKCS1_type_1" 4 +.IX Item "PKCS1_type_1" +\&\s-1PKCS\s0 #1 v2.0 EMSA\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 1); used for signatures +.IP "PKCS1_type_2" 4 +.IX Item "PKCS1_type_2" +\&\s-1PKCS\s0 #1 v2.0 EME\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 2) +.IP "\s-1PKCS1_OAEP\s0" 4 +.IX Item "PKCS1_OAEP" +\&\s-1PKCS\s0 #1 v2.0 EME-OAEP +.IP "SSLv23" 4 +.IX Item "SSLv23" +\&\s-1PKCS\s0 #1 EME\-PKCS1\-v1_5 with SSL-specific modification +.IP "none" 4 +.IX Item "none" +simply copy the data +.PP +The random number generator must be seeded prior to calling +\&\fBRSA_padding_add_xxx()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +\&\fBRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain +a valid encoding for a \fBrsa_len\fR byte \s-1RSA\s0 key in the respective +encoding method and stores the recovered data of at most \fBtlen\fR bytes +(for \fB\s-1RSA_NO_PADDING\s0\fR: of size \fBtlen\fR) +at \fBto\fR. +.PP +For \fBRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter +of length \fBpl\fR. \fBp\fR may be \fB\s-1NULL\s0\fR if \fBpl\fR is 0. +.PP +For \fBRSA_padding_xxx_OAEP_mgf1()\fR, \fBmd\fR points to the md hash, +if \fBmd\fR is \fB\s-1NULL\s0\fR that means md=sha1, and \fBmgf1md\fR points to +the mgf1 hash, if \fBmgf1md\fR is \fB\s-1NULL\s0\fR that means mgf1md=md. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error. +The \fBRSA_padding_check_xxx()\fR functions return the length of the +recovered data, \-1 on error. Error codes can be obtained by calling +\&\fBERR_get_error\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +The result of \fBRSA_padding_check_PKCS1_type_2()\fR is a very sensitive +information which can potentially be used to mount a Bleichenbacher +padding oracle attack. This is an inherent weakness in the \s-1PKCS\s0 #1 +v1.5 padding design. Prefer \s-1PKCS1_OAEP\s0 padding. If that is not +possible, the result of \fBRSA_padding_check_PKCS1_type_2()\fR should be +checked in constant time if it matches the expected length of the +plaintext and additionally some application specific consistency +checks on the plaintext need to be performed in constant time. +If the plaintext is rejected it must be kept secret which of the +checks caused the application to reject the message. +Do not remove the zero-padding from the decrypted raw \s-1RSA\s0 data +which was computed by \fBRSA_private_decrypt()\fR with \fB\s-1RSA_NO_PADDING\s0\fR, +as this would create a small timing side channel which could be +used to mount a Bleichenbacher attack against any padding mode +including \s-1PKCS1_OAEP.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRSA_public_encrypt\fR\|(3), +\&\fBRSA_private_decrypt\fR\|(3), +\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RSA_print.3 b/deps/openssl/mingw64/share/man/man3/RSA_print.3 new file mode 100644 index 00000000..895ebe65 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RSA_print.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PRINT 3" +.TH RSA_PRINT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_print, RSA_print_fp, DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, DHparams_print, DHparams_print_fp \- print cryptographic parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_print(BIO *bp, RSA *x, int offset); +\& int RSA_print_fp(FILE *fp, RSA *x, int offset); +\& +\& #include +\& +\& int DSAparams_print(BIO *bp, DSA *x); +\& int DSAparams_print_fp(FILE *fp, DSA *x); +\& int DSA_print(BIO *bp, DSA *x, int offset); +\& int DSA_print_fp(FILE *fp, DSA *x, int offset); +\& +\& #include +\& +\& int DHparams_print(BIO *bp, DH *x); +\& int DHparams_print_fp(FILE *fp, DH *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A human-readable hexadecimal output of the components of the \s-1RSA\s0 +key, \s-1DSA\s0 parameters or key or \s-1DH\s0 parameters is printed to \fBbp\fR or \fBfp\fR. +.PP +The output lines are indented by \fBoffset\fR spaces. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 on success, 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_bn2bin\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RSA_private_encrypt.3 b/deps/openssl/mingw64/share/man/man3/RSA_private_encrypt.3 new file mode 100644 index 00000000..2b1121c0 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RSA_private_encrypt.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PRIVATE_ENCRYPT 3" +.TH RSA_PRIVATE_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_private_encrypt, RSA_public_decrypt \- low level signature operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_private_encrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& int RSA_public_decrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions handle \s-1RSA\s0 signatures at a low level. +.PP +\&\fBRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a +message digest with an algorithm identifier) using the private key +\&\fBrsa\fR and stores the signature in \fBto\fR. \fBto\fR must point to +\&\fBRSA_size(rsa)\fR bytes of memory. +.PP +\&\fBpadding\fR denotes one of the following modes: +.IP "\s-1RSA_PKCS1_PADDING\s0" 4 +.IX Item "RSA_PKCS1_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding. This function does not handle the +\&\fBalgorithmIdentifier\fR specified in \s-1PKCS\s0 #1. When generating or +verifying \s-1PKCS\s0 #1 signatures, \fBRSA_sign\fR\|(3) and \fBRSA_verify\fR\|(3) should be +used. +.IP "\s-1RSA_NO_PADDING\s0" 4 +.IX Item "RSA_NO_PADDING" +Raw \s-1RSA\s0 signature. This mode should \fIonly\fR be used to implement +cryptographically sound padding modes in the application code. +Signing user data directly with \s-1RSA\s0 is insecure. +.PP +\&\fBRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR +bytes long signature at \fBfrom\fR using the signer's public key +\&\fBrsa\fR. \fBto\fR must point to a memory section large enough to hold the +message digest (which is smaller than \fBRSA_size(rsa) \- +11\fR). \fBpadding\fR is the padding mode that was used to sign the data. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_private_encrypt()\fR returns the size of the signature (i.e., +RSA_size(rsa)). \fBRSA_public_decrypt()\fR returns the size of the +recovered message digest. +.PP +On error, \-1 is returned; the error codes can be +obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RSA_public_encrypt.3 b/deps/openssl/mingw64/share/man/man3/RSA_public_encrypt.3 new file mode 100644 index 00000000..23adf064 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RSA_public_encrypt.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PUBLIC_ENCRYPT 3" +.TH RSA_PUBLIC_ENCRYPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_public_encrypt(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& int RSA_private_decrypt(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a +session key) using the public key \fBrsa\fR and stores the ciphertext in +\&\fBto\fR. \fBto\fR must point to RSA_size(\fBrsa\fR) bytes of memory. +.PP +\&\fBpadding\fR denotes one of the following modes: +.IP "\s-1RSA_PKCS1_PADDING\s0" 4 +.IX Item "RSA_PKCS1_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding. This currently is the most widely used mode. +However, it is highly recommended to use \s-1RSA_PKCS1_OAEP_PADDING\s0 in +new applications. \s-1SEE WARNING BELOW.\s0 +.IP "\s-1RSA_PKCS1_OAEP_PADDING\s0" 4 +.IX Item "RSA_PKCS1_OAEP_PADDING" +EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1, MGF1\s0 and an empty +encoding parameter. This mode is recommended for all new applications. +.IP "\s-1RSA_SSLV23_PADDING\s0" 4 +.IX Item "RSA_SSLV23_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding with an SSL-specific modification that denotes +that the server is \s-1SSL3\s0 capable. +.IP "\s-1RSA_NO_PADDING\s0" 4 +.IX Item "RSA_NO_PADDING" +Raw \s-1RSA\s0 encryption. This mode should \fIonly\fR be used to implement +cryptographically sound padding modes in the application code. +Encrypting user data directly with \s-1RSA\s0 is insecure. +.PP +\&\fBflen\fR must not be more than RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 +based padding modes, not more than RSA_size(\fBrsa\fR) \- 42 for +\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING.\s0 +When a padding mode other than \s-1RSA_NO_PADDING\s0 is in use, then +\&\fBRSA_public_encrypt()\fR will include some random bytes into the ciphertext +and therefore the ciphertext will be different each time, even if the +plaintext and the public key are exactly identical. +The returned ciphertext in \fBto\fR will always be zero padded to exactly +RSA_size(\fBrsa\fR) bytes. +\&\fBto\fR and \fBfrom\fR may overlap. +.PP +\&\fBRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the +private key \fBrsa\fR and stores the plaintext in \fBto\fR. \fBflen\fR should +be equal to RSA_size(\fBrsa\fR) but may be smaller, when leading zero +bytes are in the ciphertext. Those are not important and may be removed, +but \fBRSA_public_encrypt()\fR does not do that. \fBto\fR must point +to a memory section large enough to hold the maximal possible decrypted +data (which is equal to RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING,\s0 +RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 based padding modes and +RSA_size(\fBrsa\fR) \- 42 for \s-1RSA_PKCS1_OAEP_PADDING\s0). +\&\fBpadding\fR is the padding mode that was used to encrypt the data. +\&\fBto\fR and \fBfrom\fR may overlap. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_public_encrypt()\fR returns the size of the encrypted data (i.e., +RSA_size(\fBrsa\fR)). \fBRSA_private_decrypt()\fR returns the size of the +recovered plaintext. A return value of 0 is not an error and +means only that the plaintext was empty. +.PP +On error, \-1 is returned; the error codes can be +obtained by \fBERR_get_error\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +Decryption failures in the \s-1RSA_PKCS1_PADDING\s0 mode leak information +which can potentially be used to mount a Bleichenbacher padding oracle +attack. This is an inherent weakness in the \s-1PKCS\s0 #1 v1.5 padding +design. Prefer \s-1RSA_PKCS1_OAEP_PADDING.\s0 +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SSL, PKCS\s0 #1 v2.0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBRSA_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RSA_set_method.3 b/deps/openssl/mingw64/share/man/man3/RSA_set_method.3 new file mode 100644 index 00000000..f38fd8d9 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RSA_set_method.3 @@ -0,0 +1,315 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SET_METHOD 3" +.TH RSA_SET_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_set_default_method, RSA_get_default_method, RSA_set_method, RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, RSA_new_method \- select RSA method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void RSA_set_default_method(const RSA_METHOD *meth); +\& +\& RSA_METHOD *RSA_get_default_method(void); +\& +\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); +\& +\& RSA_METHOD *RSA_get_method(const RSA *rsa); +\& +\& RSA_METHOD *RSA_PKCS1_OpenSSL(void); +\& +\& int RSA_flags(const RSA *rsa); +\& +\& RSA *RSA_new_method(ENGINE *engine); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0 +operations. By modifying the method, alternative implementations such as +hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1RSA API\s0 functions are affected by the +use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +.PP +Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fBRSA_PKCS1_OpenSSL()\fR. +.PP +\&\fBRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 +structures created later. +\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1RSA,\s0 so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fBRSA_get_default_method()\fR returns a pointer to the current default +\&\s-1RSA_METHOD.\s0 However, the meaningfulness of this result is dependent on +whether the \s-1ENGINE API\s0 is being used, so this function is no longer +recommended. +.PP +\&\fBRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the +previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1RSA\s0 keys that only +work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected +results. +.PP +\&\fBRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR. +This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if +it is, the return value can only be guaranteed to be valid as long as the +\&\s-1RSA\s0 key itself is valid and does not have its implementation changed by +\&\fBRSA_set_method()\fR. +.PP +\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current +\&\s-1RSA_METHOD.\s0 See the \s-1BUGS\s0 section. +.PP +\&\fBRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that +\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the +default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, +the \s-1RSA_METHOD\s0 controlled by \fBRSA_set_default_method()\fR is used. +.PP +\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. +.PP +\&\fBRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that +\&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, +the default method is used. +.SH "THE RSA_METHOD STRUCTURE" +.IX Header "THE RSA_METHOD STRUCTURE" +.Vb 4 +\& typedef struct rsa_meth_st +\& { +\& /* name of the implementation */ +\& const char *name; +\& +\& /* encrypt */ +\& int (*rsa_pub_enc)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* verify arbitrary data */ +\& int (*rsa_pub_dec)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* sign arbitrary data */ +\& int (*rsa_priv_enc)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* decrypt */ +\& int (*rsa_priv_dec)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* compute r0 = r0 ^ I mod rsa\->n (May be NULL for some implementations) */ +\& int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); +\& +\& /* compute r = a ^ p mod m (May be NULL for some implementations) */ +\& int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +\& +\& /* called at RSA_new */ +\& int (*init)(RSA *rsa); +\& +\& /* called at RSA_free */ +\& int (*finish)(RSA *rsa); +\& +\& /* +\& * RSA_FLAG_EXT_PKEY \- rsa_mod_exp is called for private key +\& * operations, even if p,q,dmp1,dmq1,iqmp +\& * are NULL +\& * RSA_METHOD_FLAG_NO_CHECK \- don\*(Aqt check pub/private match +\& */ +\& int flags; +\& +\& char *app_data; /* ?? */ +\& +\& int (*rsa_sign)(int type, +\& const unsigned char *m, unsigned int m_length, +\& unsigned char *sigret, unsigned int *siglen, const RSA *rsa); +\& int (*rsa_verify)(int dtype, +\& const unsigned char *m, unsigned int m_length, +\& const unsigned char *sigbuf, unsigned int siglen, +\& const RSA *rsa); +\& /* keygen. If NULL builtin RSA key generation will be used */ +\& int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +\& +\& } RSA_METHOD; +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_PKCS1_OpenSSL()\fR, \fBRSA_PKCS1_null_method()\fR, \fBRSA_get_default_method()\fR +and \fBRSA_get_method()\fR return pointers to the respective RSA_METHODs. +.PP +\&\fBRSA_set_default_method()\fR returns no value. +.PP +\&\fBRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation +that was replaced. However, this return value should probably be ignored +because if it was supplied by an \s-1ENGINE,\s0 the pointer could be invalidated +at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a +result of the \fBRSA_set_method()\fR function releasing its handle to the +\&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR +declaration in a future release. +.PP +\&\fBRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained +by \fBERR_get_error\fR\|(3) if the allocation fails. Otherwise +it returns a pointer to the newly allocated structure. +.SH "BUGS" +.IX Header "BUGS" +The behaviour of \fBRSA_flags()\fR is a mis-feature that is left as-is for now +to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the +encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key +itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key +(which is what this function returns). If the flags element of an \s-1RSA\s0 key +is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not +be reflected in the return value of the \fBRSA_flags()\fR function \- in effect +\&\fBRSA_flags()\fR behaves more like an \fBRSA_default_flags()\fR function (which does +not currently exist). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRSA_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBRSA_null_method()\fR, which was a partial attempt to avoid patent issues, +was replaced to always return \s-1NULL\s0 in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RSA_sign.3 b/deps/openssl/mingw64/share/man/man3/RSA_sign.3 new file mode 100644 index 00000000..5132f493 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RSA_sign.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SIGN 3" +.TH RSA_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_sign, RSA_verify \- RSA signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_sign(int type, const unsigned char *m, unsigned int m_len, +\& unsigned char *sigret, unsigned int *siglen, RSA *rsa); +\& +\& int RSA_verify(int type, const unsigned char *m, unsigned int m_len, +\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the +private key \fBrsa\fR using RSASSA\-PKCS1\-v1_5 as specified in \s-1RFC 3447.\s0 It +stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. +\&\fBsigret\fR must point to RSA_size(\fBrsa\fR) bytes of memory. +Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the +key that can be used. +See \fBRSA_private_encrypt\fR\|(3) for lower-level +operations. +.PP +\&\fBtype\fR denotes the message digest algorithm that was used to generate +\&\fBm\fR. +If \fBtype\fR is \fBNID_md5_sha1\fR, +an \s-1SSL\s0 signature (\s-1MD5\s0 and \s-1SHA1\s0 message digests with \s-1PKCS\s0 #1 padding +and no algorithm identifier) is created. +.PP +\&\fBRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +matches a given message digest \fBm\fR of size \fBm_len\fR. \fBtype\fR denotes +the message digest algorithm that was used to generate the signature. +\&\fBrsa\fR is the signer's public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_sign()\fR returns 1 on success. +\&\fBRSA_verify()\fR returns 1 on successful verification. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SSL, PKCS\s0 #1 v2.0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBRSA_private_encrypt\fR\|(3), +\&\fBRSA_public_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RSA_sign_ASN1_OCTET_STRING.3 b/deps/openssl/mingw64/share/man/man3/RSA_sign_ASN1_OCTET_STRING.3 new file mode 100644 index 00000000..1637d9bf --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RSA_sign_ASN1_OCTET_STRING.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SIGN_ASN1_OCTET_STRING 3" +.TH RSA_SIGN_ASN1_OCTET_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, +\& unsigned int m_len, unsigned char *sigret, +\& unsigned int *siglen, RSA *rsa); +\& +\& int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m, +\& unsigned int m_len, unsigned char *sigbuf, +\& unsigned int siglen, RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size +\&\fBm_len\fR using the private key \fBrsa\fR represented in \s-1DER\s0 using \s-1PKCS\s0 #1 +padding. It stores the signature in \fBsigret\fR and the signature size +in \fBsiglen\fR. \fBsigret\fR must point to \fBRSA_size(rsa)\fR bytes of +memory. +.PP +\&\fBdummy\fR is ignored. +.PP +The random number generator must be seeded when calling +\&\fBRSA_sign_ASN1_OCTET_STRING()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +\&\fBRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR +of size \fBsiglen\fR is the \s-1DER\s0 representation of a given octet string +\&\fBm\fR of size \fBm_len\fR. \fBdummy\fR is ignored. \fBrsa\fR is the signer's +public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise. +\&\fBRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0 +otherwise. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "BUGS" +.IX Header "BUGS" +These functions serve no recognizable purpose. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBRAND_bytes\fR\|(3), \fBRSA_sign\fR\|(3), +\&\fBRSA_verify\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/RSA_size.3 b/deps/openssl/mingw64/share/man/man3/RSA_size.3 new file mode 100644 index 00000000..681b3a15 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/RSA_size.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SIZE 3" +.TH RSA_SIZE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_size, RSA_bits, RSA_security_bits \- get RSA modulus size or security bits +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_size(const RSA *rsa); +\& +\& int RSA_bits(const RSA *rsa); +\& +\& int RSA_security_bits(const RSA *rsa) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_size()\fR returns the \s-1RSA\s0 modulus size in bytes. It can be used to +determine how much memory must be allocated for an \s-1RSA\s0 encrypted +value. +.PP +\&\fBRSA_bits()\fR returns the number of significant bits. +.PP +\&\fBrsa\fR and \fBrsa\->n\fR must not be \fB\s-1NULL\s0\fR. +.PP +\&\fBRSA_security_bits()\fR returns the number of security bits of the given \fBrsa\fR +key. See \fBBN_security_bits\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_size()\fR returns the size of modulus in bytes. +.PP +\&\fBDSA_bits()\fR returns the number of bits in the key. +.PP +\&\fBRSA_security_bits()\fR returns the number of security bits. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_num_bits\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBRSA_bits()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SCT_new.3 b/deps/openssl/mingw64/share/man/man3/SCT_new.3 new file mode 100644 index 00000000..afbfcf04 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SCT_new.3 @@ -0,0 +1,306 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCT_NEW 3" +.TH SCT_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SCT_new, SCT_new_from_base64, SCT_free, SCT_LIST_free, SCT_get_version, SCT_set_version, SCT_get_log_entry_type, SCT_set_log_entry_type, SCT_get0_log_id, SCT_set0_log_id, SCT_set1_log_id, SCT_get_timestamp, SCT_set_timestamp, SCT_get_signature_nid, SCT_set_signature_nid, SCT_get0_signature, SCT_set0_signature, SCT_set1_signature, SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions, SCT_get_source, SCT_set_source \&\- A Certificate Transparency Signed Certificate Timestamp +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef enum { +\& CT_LOG_ENTRY_TYPE_NOT_SET = \-1, +\& CT_LOG_ENTRY_TYPE_X509 = 0, +\& CT_LOG_ENTRY_TYPE_PRECERT = 1 +\& } ct_log_entry_type_t; +\& +\& typedef enum { +\& SCT_VERSION_NOT_SET = \-1, +\& SCT_VERSION_V1 = 0 +\& } sct_version_t; +\& +\& typedef enum { +\& SCT_SOURCE_UNKNOWN, +\& SCT_SOURCE_TLS_EXTENSION, +\& SCT_SOURCE_X509V3_EXTENSION, +\& SCT_SOURCE_OCSP_STAPLED_RESPONSE +\& } sct_source_t; +\& +\& SCT *SCT_new(void); +\& SCT *SCT_new_from_base64(unsigned char version, +\& const char *logid_base64, +\& ct_log_entry_type_t entry_type, +\& uint64_t timestamp, +\& const char *extensions_base64, +\& const char *signature_base64); +\& +\& void SCT_free(SCT *sct); +\& void SCT_LIST_free(STACK_OF(SCT) *a); +\& +\& sct_version_t SCT_get_version(const SCT *sct); +\& int SCT_set_version(SCT *sct, sct_version_t version); +\& +\& ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); +\& int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); +\& +\& size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); +\& int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); +\& int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len); +\& +\& uint64_t SCT_get_timestamp(const SCT *sct); +\& void SCT_set_timestamp(SCT *sct, uint64_t timestamp); +\& +\& int SCT_get_signature_nid(const SCT *sct); +\& int SCT_set_signature_nid(SCT *sct, int nid); +\& +\& size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); +\& void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); +\& int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len); +\& +\& size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); +\& void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); +\& int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len); +\& +\& sct_source_t SCT_get_source(const SCT *sct); +\& int SCT_set_source(SCT *sct, sct_source_t source); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Signed Certificate Timestamps (SCTs) are defined by \s-1RFC 6962,\s0 Section 3.2. +They constitute a promise by a Certificate Transparency (\s-1CT\s0) log to publicly +record a certificate. By cryptographically verifying that a log did indeed issue +an \s-1SCT,\s0 some confidence can be gained that the certificate is publicly known. +.PP +An internal representation of an \s-1SCT\s0 can be created in one of two ways. +The first option is to create a blank \s-1SCT,\s0 using \fBSCT_new()\fR, and then populate +it using: +.IP "\(bu" 2 +\&\fBSCT_set_version()\fR to set the \s-1SCT\s0 version. +.Sp +Only \s-1SCT_VERSION_V1\s0 is currently supported. +.IP "\(bu" 2 +\&\fBSCT_set_log_entry_type()\fR to set the type of certificate the \s-1SCT\s0 was issued for: +.Sp +\&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. +\&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. +.IP "\(bu" 2 +\&\fBSCT_set0_log_id()\fR or \fBSCT_set1_log_id()\fR to set the LogID of the \s-1CT\s0 log that the \s-1SCT\s0 came from. +.Sp +The former takes ownership, whereas the latter makes a copy. +See \s-1RFC 6962,\s0 Section 3.2 for the definition of LogID. +.IP "\(bu" 2 +\&\fBSCT_set_timestamp()\fR to set the time the \s-1SCT\s0 was issued (epoch time in milliseconds). +.IP "\(bu" 2 +\&\fBSCT_set_signature_nid()\fR to set the \s-1NID\s0 of the signature. +.IP "\(bu" 2 +\&\fBSCT_set0_signature()\fR or \fBSCT_set1_signature()\fR to set the raw signature value. +.Sp +The former takes ownership, whereas the latter makes a copy. +.IP "\(bu" 2 +\&\fBSCT_set0_extensions()\fR or \fBSCT_set1_extensions\fR to provide \s-1SCT\s0 extensions. +.Sp +The former takes ownership, whereas the latter makes a copy. +.PP +Alternatively, the \s-1SCT\s0 can be pre-populated from the following data using +\&\fBSCT_new_from_base64()\fR: +.IP "\(bu" 2 +The \s-1SCT\s0 version (only \s-1SCT_VERSION_V1\s0 is currently supported). +.IP "\(bu" 2 +The LogID (see \s-1RFC 6962,\s0 Section 3.2), base64 encoded. +.IP "\(bu" 2 +The type of certificate the \s-1SCT\s0 was issued for: +\&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. +\&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. +.IP "\(bu" 2 +The time that the \s-1SCT\s0 was issued (epoch time in milliseconds). +.IP "\(bu" 2 +The \s-1SCT\s0 extensions, base64 encoded. +.IP "\(bu" 2 +The \s-1SCT\s0 signature, base64 encoded. +.PP +\&\fBSCT_set_source()\fR can be used to record where the \s-1SCT\s0 was found +(\s-1TLS\s0 extension, X.509 certificate extension or \s-1OCSP\s0 response). This is not +required for verifying the \s-1SCT.\s0 +.SH "NOTES" +.IX Header "NOTES" +Some of the setters return int, instead of void. These will all return 1 on +success, 0 on failure. They will not make changes on failure. +.PP +All of the setters will reset the validation status of the \s-1SCT\s0 to +\&\s-1SCT_VALIDATION_STATUS_NOT_SET\s0 (see \fBSCT_validate\fR\|(3)). +.PP +\&\fBSCT_set_source()\fR will call \fBSCT_set_log_entry_type()\fR if the type of +certificate the \s-1SCT\s0 was issued for can be inferred from where the \s-1SCT\s0 was found. +For example, an \s-1SCT\s0 found in an X.509 extension must have been issued for a pre\- +certificate. +.PP +\&\fBSCT_set_source()\fR will not refuse unknown values. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSCT_set_version()\fR returns 1 if the specified version is supported, 0 otherwise. +.PP +\&\fBSCT_set_log_entry_type()\fR returns 1 if the specified log entry type is supported, 0 otherwise. +.PP +\&\fBSCT_set0_log_id()\fR and \fBSCT_set1_log_id\fR return 1 if the specified LogID is a +valid \s-1SHA\-256\s0 hash, 0 otherwise. Additionally, \fBSCT_set1_log_id\fR returns 0 if +malloc fails. +.PP +\&\fBSCT_set_signature_nid\fR returns 1 if the specified \s-1NID\s0 is supported, 0 otherwise. +.PP +\&\fBSCT_set1_extensions\fR and \fBSCT_set1_signature\fR return 1 if the supplied buffer +is copied successfully, 0 otherwise (i.e. if malloc fails). +.PP +\&\fBSCT_set_source\fR returns 1 on success, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7), +\&\fBSCT_validate\fR\|(3), +\&\fBOBJ_nid2obj\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SCT_print.3 b/deps/openssl/mingw64/share/man/man3/SCT_print.3 new file mode 100644 index 00000000..5bae3be3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SCT_print.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCT_PRINT 3" +.TH SCT_PRINT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SCT_print, SCT_LIST_print, SCT_validation_status_string \- Prints Signed Certificate Timestamps in a human\-readable way +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); +\& void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, +\& const char *separator, const CTLOG_STORE *logs); +\& const char *SCT_validation_status_string(const SCT *sct); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSCT_print()\fR prints a single Signed Certificate Timestamp (\s-1SCT\s0) to a bio in +a human-readable format. \fBSCT_LIST_print()\fR prints an entire list of SCTs in a +similar way. A separator can be specified to delimit each \s-1SCT\s0 in the output. +.PP +The output can be indented by a specified number of spaces. If a \fB\s-1CTLOG_STORE\s0\fR +is provided, it will be used to print the description of the \s-1CT\s0 log that issued +each \s-1SCT\s0 (if that log is in the \s-1CTLOG_STORE\s0). Alternatively, \s-1NULL\s0 can be passed +as the \s-1CTLOG_STORE\s0 parameter to disable this feature. +.PP +\&\fBSCT_validation_status_string()\fR will return the validation status of an \s-1SCT\s0 as +a human-readable string. Call \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR +beforehand in order to set the validation status of an \s-1SCT\s0 first. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSCT_validation_status_string()\fR returns a null-terminated string representing +the validation status of an \fB\s-1SCT\s0\fR object. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7), +\&\fBbio\fR\|(7), +\&\fBCTLOG_STORE_new\fR\|(3), +\&\fBSCT_validate\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SCT_validate.3 b/deps/openssl/mingw64/share/man/man3/SCT_validate.3 new file mode 100644 index 00000000..444eee6b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SCT_validate.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCT_VALIDATE 3" +.TH SCT_VALIDATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SCT_validate, SCT_LIST_validate, SCT_get_validation_status \- checks Signed Certificate Timestamps (SCTs) are valid +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef enum { +\& SCT_VALIDATION_STATUS_NOT_SET, +\& SCT_VALIDATION_STATUS_UNKNOWN_LOG, +\& SCT_VALIDATION_STATUS_VALID, +\& SCT_VALIDATION_STATUS_INVALID, +\& SCT_VALIDATION_STATUS_UNVERIFIED, +\& SCT_VALIDATION_STATUS_UNKNOWN_VERSION +\& } sct_validation_status_t; +\& +\& int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); +\& int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx); +\& sct_validation_status_t SCT_get_validation_status(const SCT *sct); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSCT_validate()\fR will check that an \s-1SCT\s0 is valid and verify its signature. +\&\fBSCT_LIST_validate()\fR performs the same checks on an entire stack of SCTs. +The result of the validation checks can be obtained by passing the \s-1SCT\s0 to +\&\fBSCT_get_validation_status()\fR. +.PP +A \s-1CT_POLICY_EVAL_CTX\s0 must be provided that specifies: +.IP "\(bu" 2 +The certificate the \s-1SCT\s0 was issued for. +.Sp +Failure to provide the certificate will result in the validation status being +\&\s-1SCT_VALIDATION_STATUS_UNVERIFIED.\s0 +.IP "\(bu" 2 +The issuer of that certificate. +.Sp +This is only required if the \s-1SCT\s0 was issued for a pre-certificate +(see \s-1RFC 6962\s0). If it is required but not provided, the validation status will +be \s-1SCT_VALIDATION_STATUS_UNVERIFIED.\s0 +.IP "\(bu" 2 +A \s-1CTLOG_STORE\s0 that contains the \s-1CT\s0 log that issued this \s-1SCT.\s0 +.Sp +If the \s-1SCT\s0 was issued by a log that is not in this \s-1CTLOG_STORE,\s0 the validation +status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_LOG.\s0 +.PP +If the \s-1SCT\s0 is of an unsupported version (only v1 is currently supported), the +validation status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_VERSION.\s0 +.PP +If the \s-1SCT\s0's signature is incorrect, its timestamp is in the future (relative to +the time in \s-1CT_POLICY_EVAL_CTX\s0), or if it is otherwise invalid, the validation +status will be \s-1SCT_VALIDATION_STATUS_INVALID.\s0 +.PP +If all checks pass, the validation status will be \s-1SCT_VALIDATION_STATUS_VALID.\s0 +.SH "NOTES" +.IX Header "NOTES" +A return value of 0 from \fBSCT_LIST_validate()\fR should not be interpreted as a +failure. At a minimum, only one valid \s-1SCT\s0 may provide sufficient confidence +that a certificate has been publicly logged. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSCT_validate()\fR returns a negative integer if an internal error occurs, 0 if the +\&\s-1SCT\s0 fails validation, or 1 if the \s-1SCT\s0 passes validation. +.PP +\&\fBSCT_LIST_validate()\fR returns a negative integer if an internal error occurs, 0 +if any of SCTs fails validation, or 1 if they all pass validation. +.PP +\&\fBSCT_get_validation_status()\fR returns the validation status of the \s-1SCT.\s0 +If \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR have not been passed that \s-1SCT,\s0 the +returned value will be \s-1SCT_VALIDATION_STATUS_NOT_SET.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SHA256_Init.3 b/deps/openssl/mingw64/share/man/man3/SHA256_Init.3 new file mode 100644 index 00000000..7be13128 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SHA256_Init.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SHA256_INIT 3" +.TH SHA256_INIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, SHA512_Final \- Secure Hash Algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SHA1_Init(SHA_CTX *c); +\& int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +\& int SHA1_Final(unsigned char *md, SHA_CTX *c); +\& unsigned char *SHA1(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA224_Init(SHA256_CTX *c); +\& int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +\& int SHA224_Final(unsigned char *md, SHA256_CTX *c); +\& unsigned char *SHA224(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA256_Init(SHA256_CTX *c); +\& int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +\& int SHA256_Final(unsigned char *md, SHA256_CTX *c); +\& unsigned char *SHA256(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA384_Init(SHA512_CTX *c); +\& int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +\& int SHA384_Final(unsigned char *md, SHA512_CTX *c); +\& unsigned char *SHA384(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA512_Init(SHA512_CTX *c); +\& int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +\& int SHA512_Final(unsigned char *md, SHA512_CTX *c); +\& unsigned char *SHA512(const unsigned char *d, size_t n, +\& unsigned char *md); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Applications should use the higher level functions +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash +functions directly. +.PP +\&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a +160 bit output. +.PP +\&\s-1\fBSHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest +is placed in a static array. Note: setting \fBmd\fR to \s-1NULL\s0 is \fBnot thread safe\fR. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fBSHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure. +.PP +\&\fBSHA1_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fBSHA1_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1SHA_CTX\s0\fR. +.PP +The \s-1SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 families of functions operate in the +same way as for the \s-1SHA1\s0 functions. Note that \s-1SHA224\s0 and \s-1SHA256\s0 use a +\&\fB\s-1SHA256_CTX\s0\fR object instead of \fB\s-1SHA_CTX\s0\fR. \s-1SHA384\s0 and \s-1SHA512\s0 use \fB\s-1SHA512_CTX\s0\fR. +The buffer \fBmd\fR must have space for the output from the \s-1SHA\s0 variant being used +(defined by \s-1SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH\s0 and +\&\s-1SHA512_DIGEST_LENGTH\s0). Also note that, as for the \s-1\fBSHA1\s0()\fR function above, the +\&\s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR functions are not thread safe if +\&\fBmd\fR is \s-1NULL.\s0 +.PP +The predecessor of \s-1SHA\-1, SHA,\s0 is also implemented, but it should be +used only when backward compatibility is required. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBSHA1\s0()\fR, \s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR return a pointer to the hash +value. +.PP +\&\fBSHA1_Init()\fR, \fBSHA1_Update()\fR and \fBSHA1_Final()\fR and equivalent \s-1SHA224, SHA256, +SHA384\s0 and \s-1SHA512\s0 functions return 1 for success, 0 otherwise. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS PUB 180\-4\s0 (Secure Hash +Standard), +\&\s-1ANSI X9.30\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SMIME_read_CMS.3 b/deps/openssl/mingw64/share/man/man3/SMIME_read_CMS.3 new file mode 100644 index 00000000..da2c3b2e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SMIME_read_CMS.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_READ_CMS 3" +.TH SMIME_READ_CMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_read_CMS \- parse S/MIME message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSMIME_read_CMS()\fR parses a message in S/MIME format. +.PP +\&\fBin\fR is a \s-1BIO\s0 to read the message from. +.PP +If cleartext signing is used then the content is saved in a memory bio which is +written to \fB*bcont\fR, otherwise \fB*bcont\fR is set to \s-1NULL.\s0 +.PP +The parsed CMS_ContentInfo structure is returned or \s-1NULL\s0 if an +error occurred. +.SH "NOTES" +.IX Header "NOTES" +If \fB*bcont\fR is not \s-1NULL\s0 then the message is clear text signed. \fB*bcont\fR can +then be passed to \fBCMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set. +.PP +Otherwise the type of the returned structure can be determined +using \fBCMS_get0_type()\fR. +.PP +To support future functionality if \fBbcont\fR is not \s-1NULL\s0 \fB*bcont\fR should be +initialized to \s-1NULL.\s0 For example: +.PP +.Vb 2 +\& BIO *cont = NULL; +\& CMS_ContentInfo *cms; +\& +\& cms = SMIME_read_CMS(in, &cont); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser used by \fBSMIME_read_CMS()\fR is somewhat primitive. While it will +handle most S/MIME messages more complex compound formats may not work. +.PP +The parser assumes that the CMS_ContentInfo structure is always base64 encoded +and will not handle the case where it is in binary format or uses quoted +printable format. +.PP +The use of a memory \s-1BIO\s0 to hold the signed content limits the size of message +which can be processed due to memory restraints: a streaming single pass option +should be available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_type\fR\|(3), +\&\fBSMIME_read_CMS\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3), +\&\fBCMS_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SMIME_read_PKCS7.3 b/deps/openssl/mingw64/share/man/man3/SMIME_read_PKCS7.3 new file mode 100644 index 00000000..bc94d0a4 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SMIME_read_PKCS7.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_READ_PKCS7 3" +.TH SMIME_READ_PKCS7 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_read_PKCS7 \- parse S/MIME message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSMIME_read_PKCS7()\fR parses a message in S/MIME format. +.PP +\&\fBin\fR is a \s-1BIO\s0 to read the message from. +.PP +If cleartext signing is used then the content is saved in +a memory bio which is written to \fB*bcont\fR, otherwise +\&\fB*bcont\fR is set to \fB\s-1NULL\s0\fR. +.PP +The parsed PKCS#7 structure is returned or \fB\s-1NULL\s0\fR if an +error occurred. +.SH "NOTES" +.IX Header "NOTES" +If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text +signed. \fB*bcont\fR can then be passed to \fBPKCS7_verify()\fR with +the \fB\s-1PKCS7_DETACHED\s0\fR flag set. +.PP +Otherwise the type of the returned structure can be determined +using \fBPKCS7_type_is_enveloped()\fR, etc. +.PP +To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR +\&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example: +.PP +.Vb 2 +\& BIO *cont = NULL; +\& PKCS7 *p7; +\& +\& p7 = SMIME_read_PKCS7(in, &cont); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser used by \fBSMIME_read_PKCS7()\fR is somewhat primitive. +While it will handle most S/MIME messages more complex compound +formats may not work. +.PP +The parser assumes that the \s-1PKCS7\s0 structure is always base64 +encoded and will not handle the case where it is in binary format +or uses quoted printable format. +.PP +The use of a memory \s-1BIO\s0 to hold the signed content limits the size +of message which can be processed due to memory restraints: a +streaming single pass option should be available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBSMIME_read_PKCS7\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SMIME_write_CMS.3 b/deps/openssl/mingw64/share/man/man3/SMIME_write_CMS.3 new file mode 100644 index 00000000..47ff5ac1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SMIME_write_CMS.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_WRITE_CMS 3" +.TH SMIME_WRITE_CMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_write_CMS \- convert CMS structure to S/MIME format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0 +structure to produce an S/MIME message. +.PP +\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBcms\fR is the appropriate +\&\fBCMS_ContentInfo\fR structure. If streaming is enabled then the content must be +supplied in the \fBdata\fR argument. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +The following flags can be passed in the \fBflags\fR parameter. +.PP +If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only +makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fBCMS_sign()\fR is +called. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to +the content, this only makes sense if \fB\s-1CMS_DETACHED\s0\fR is also set. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set streaming is performed. This flag should only +be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_ContentInfo +creation function. +.PP +If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must +be read twice: once to compute the signature in \fBCMS_sign()\fR and once to output +the S/MIME message. +.PP +If streaming is performed the content is output in \s-1BER\s0 format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and \s-1DER\s0 format is used. +.SH "BUGS" +.IX Header "BUGS" +\&\fBSMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an +option to disable this. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSMIME_write_CMS()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SMIME_write_PKCS7.3 b/deps/openssl/mingw64/share/man/man3/SMIME_write_PKCS7.3 new file mode 100644 index 00000000..fece0d90 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SMIME_write_PKCS7.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_WRITE_PKCS7 3" +.TH SMIME_WRITE_PKCS7 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 +structure to produce an S/MIME message. +.PP +\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate \fB\s-1PKCS7\s0\fR +structure. If streaming is enabled then the content must be supplied in the +\&\fBdata\fR argument. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +The following flags can be passed in the \fBflags\fR parameter. +.PP +If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used, +this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR +is also set when \fBPKCS7_sign()\fR is also called. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR +are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR +is also set. +.PP +If the \fB\s-1PKCS7_STREAM\s0\fR flag is set streaming is performed. This flag should +only be set if \fB\s-1PKCS7_STREAM\s0\fR was also set in the previous call to +\&\fBPKCS7_sign()\fR or \fBPKCS7_encrypt()\fR. +.PP +If cleartext signing is being used and \fB\s-1PKCS7_STREAM\s0\fR not set then +the data must be read twice: once to compute the signature in \fBPKCS7_sign()\fR +and once to output the S/MIME message. +.PP +If streaming is performed the content is output in \s-1BER\s0 format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and \s-1DER\s0 format is used. +.SH "BUGS" +.IX Header "BUGS" +\&\fBSMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there +should be an option to disable this. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CIPHER_get_name.3 b/deps/openssl/mingw64/share/man/man3/SSL_CIPHER_get_name.3 new file mode 100644 index 00000000..e97ed590 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CIPHER_get_name.3 @@ -0,0 +1,325 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CIPHER_GET_NAME 3" +.TH SSL_CIPHER_GET_NAME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CIPHER_get_name, SSL_CIPHER_standard_name, OPENSSL_cipher_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description, SSL_CIPHER_get_cipher_nid, SSL_CIPHER_get_digest_nid, SSL_CIPHER_get_handshake_digest, SSL_CIPHER_get_kx_nid, SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead, SSL_CIPHER_find, SSL_CIPHER_get_id, SSL_CIPHER_get_protocol_id \&\- get SSL_CIPHER properties +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); +\& const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher); +\& const char *OPENSSL_cipher_name(const char *stdname); +\& int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); +\& char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); +\& char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); +\& int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +\& int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); +\& const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); +\& int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +\& int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +\& int SSL_CIPHER_is_aead(const SSL_CIPHER *c); +\& const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +\& uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +\& uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the +\&\fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". +.PP +\&\fBSSL_CIPHER_standard_name()\fR returns a pointer to the standard \s-1RFC\s0 name of +\&\fBcipher\fR. If the \fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". If the \fBcipher\fR +has no standard name, it returns \fB\s-1NULL\s0\fR. If \fBcipher\fR was defined in both +SSLv3 and \s-1TLS,\s0 it returns the \s-1TLS\s0 name. +.PP +\&\fBOPENSSL_cipher_name()\fR returns a pointer to the OpenSSL name of \fBstdname\fR. +If the \fBstdname\fR is \s-1NULL,\s0 or \fBstdname\fR has no corresponding OpenSSL name, +it returns \*(L"(\s-1NONE\s0)\*(R". Where both exist, \fBstdname\fR should be the \s-1TLS\s0 name rather +than the SSLv3 name. +.PP +\&\fBSSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. +If \fBcipher\fR is \s-1NULL, 0\s0 is returned. +.PP +\&\fBSSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol +version that first defined the cipher. It returns \*(L"(\s-1NONE\s0)\*(R" if \fBcipher\fR is \s-1NULL.\s0 +.PP +\&\fBSSL_CIPHER_get_cipher_nid()\fR returns the cipher \s-1NID\s0 corresponding to \fBc\fR. +If there is no cipher (e.g. for cipher suites with no encryption) then +\&\fBNID_undef\fR is returned. +.PP +\&\fBSSL_CIPHER_get_digest_nid()\fR returns the digest \s-1NID\s0 corresponding to the \s-1MAC\s0 +used by \fBc\fR during record encryption/decryption. If there is no digest (e.g. +for \s-1AEAD\s0 cipher suites) then \fBNID_undef\fR is returned. +.PP +\&\fBSSL_CIPHER_get_handshake_digest()\fR returns an \s-1EVP_MD\s0 for the digest used during +the \s-1SSL/TLS\s0 handshake when using the \s-1SSL_CIPHER\s0 \fBc\fR. Note that this may be +different to the digest used to calculate the \s-1MAC\s0 for encrypted records. +.PP +\&\fBSSL_CIPHER_get_kx_nid()\fR returns the key exchange \s-1NID\s0 corresponding to the method +used by \fBc\fR. If there is no key exchange, then \fBNID_undef\fR is returned. +If any appropriate key exchange algorithm can be used (as in the case of \s-1TLS 1.3\s0 +cipher suites) \fBNID_kx_any\fR is returned. Examples (not comprehensive): +.PP +.Vb 4 +\& NID_kx_rsa +\& NID_kx_ecdhe +\& NID_kx_dhe +\& NID_kx_psk +.Ve +.PP +\&\fBSSL_CIPHER_get_auth_nid()\fR returns the authentication \s-1NID\s0 corresponding to the method +used by \fBc\fR. If there is no authentication, then \fBNID_undef\fR is returned. +If any appropriate authentication algorithm can be used (as in the case of +\&\s-1TLS 1.3\s0 cipher suites) \fBNID_auth_any\fR is returned. Examples (not comprehensive): +.PP +.Vb 3 +\& NID_auth_rsa +\& NID_auth_ecdsa +\& NID_auth_psk +.Ve +.PP +\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher \fBc\fR is \s-1AEAD\s0 (e.g. \s-1GCM\s0 or +ChaCha20/Poly1305), and 0 if it is not \s-1AEAD.\s0 +.PP +\&\fBSSL_CIPHER_find()\fR returns a \fB\s-1SSL_CIPHER\s0\fR structure which has the cipher \s-1ID\s0 stored +in \fBptr\fR. The \fBptr\fR parameter is a two element array of \fBchar\fR, which stores the +two-byte \s-1TLS\s0 cipher \s-1ID\s0 (as allocated by \s-1IANA\s0) in network byte order. This parameter +is usually retrieved from a \s-1TLS\s0 packet by using functions like +\&\fBSSL_client_hello_get0_ciphers\fR\|(3). \fBSSL_CIPHER_find()\fR returns \s-1NULL\s0 if an +error occurs or the indicated cipher is not found. +.PP +\&\fBSSL_CIPHER_get_id()\fR returns the OpenSSL-specific \s-1ID\s0 of the given cipher \fBc\fR. That \s-1ID\s0 is +not the same as the IANA-specific \s-1ID.\s0 +.PP +\&\fBSSL_CIPHER_get_protocol_id()\fR returns the two-byte \s-1ID\s0 used in the \s-1TLS\s0 protocol of the given +cipher \fBc\fR. +.PP +\&\fBSSL_CIPHER_description()\fR returns a textual description of the cipher used +into the buffer \fBbuf\fR of length \fBlen\fR provided. If \fBbuf\fR is provided, it +must be at least 128 bytes, otherwise a buffer will be allocated using +\&\fBOPENSSL_malloc()\fR. If the provided buffer is too small, or the allocation fails, +\&\fB\s-1NULL\s0\fR is returned. +.PP +The string returned by \fBSSL_CIPHER_description()\fR consists of several fields +separated by whitespace: +.IP "" 4 +.IX Item "" +Textual representation of the cipher name. +.IP "" 4 +.IX Item "" +The minimum protocol version that the ciphersuite supports, such as \fBTLSv1.2\fR. +Note that this is not always the same as the protocol version in which the +ciphersuite was first defined because some ciphersuites are backwards compatible +with earlier protocol versions. +.IP "Kx=" 4 +.IX Item "Kx=" +Key exchange method such as \fB\s-1RSA\s0\fR, \fB\s-1ECDHE\s0\fR, etc. +.IP "Au=" 4 +.IX Item "Au=" +Authentication method such as \fB\s-1RSA\s0\fR, \fBNone\fR, etc.. None is the +representation of anonymous ciphers. +.IP "Enc=" 4 +.IX Item "Enc=" +Encryption method, with number of secret bits, such as \fB\s-1AESGCM\s0(128)\fR. +.IP "Mac=" 4 +.IX Item "Mac=" +Message digest, such as \fB\s-1SHA256\s0\fR. +.PP +Some examples for the output of \fBSSL_CIPHER_description()\fR: +.PP +.Vb 2 +\& ECDHE\-RSA\-AES256\-GCM\-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD +\& RSA\-PSK\-AES256\-CBC\-SHA384 TLSv1.0 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CIPHER_get_name()\fR, \fBSSL_CIPHER_standard_name()\fR, \fBOPENSSL_cipher_name()\fR, +\&\fBSSL_CIPHER_get_version()\fR and \fBSSL_CIPHER_description()\fR return the corresponding +value in a null-terminated string for a specific cipher or \*(L"(\s-1NONE\s0)\*(R" +if the cipher is not found. +.PP +\&\fBSSL_CIPHER_get_bits()\fR returns a positive integer representing the number of +secret bits or 0 if an error occurred. +.PP +\&\fBSSL_CIPHER_get_cipher_nid()\fR, \fBSSL_CIPHER_get_digest_nid()\fR, +\&\fBSSL_CIPHER_get_kx_nid()\fR and \fBSSL_CIPHER_get_auth_nid()\fR return the \s-1NID\s0 value or +\&\fBNID_undef\fR if an error occurred. +.PP +\&\fBSSL_CIPHER_get_handshake_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 +if an error occurred. +.PP +\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher is \s-1AEAD\s0 or 0 otherwise. +.PP +\&\fBSSL_CIPHER_find()\fR returns a valid \fB\s-1SSL_CIPHER\s0\fR structure or \s-1NULL\s0 if an error +occurred. +.PP +\&\fBSSL_CIPHER_get_id()\fR returns a 4\-byte integer representing the OpenSSL-specific \s-1ID.\s0 +.PP +\&\fBSSL_CIPHER_get_protocol_id()\fR returns a 2\-byte integer representing the \s-1TLS\s0 +protocol-specific \s-1ID.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_current_cipher\fR\|(3), +\&\fBSSL_get_ciphers\fR\|(3), \fBciphers\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CIPHER_get_version()\fR function was updated to always return the +correct protocol string in OpenSSL 1.1.0. +.PP +The \fBSSL_CIPHER_description()\fR function was changed to return \fB\s-1NULL\s0\fR on error, +rather than a fixed string, in OpenSSL 1.1.0. +.PP +The \fBSSL_CIPHER_get_handshake_digest()\fR function was added in OpenSSL 1.1.1. +.PP +The \fBSSL_CIPHER_standard_name()\fR function was globally available in OpenSSL 1.1.1. + Before OpenSSL 1.1.1, tracing (\fBenable-ssl-trace\fR argument to Configure) was +required to enable this function. +.PP +The \fBOPENSSL_cipher_name()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_COMP_add_compression_method.3 b/deps/openssl/mingw64/share/man/man3/SSL_COMP_add_compression_method.3 new file mode 100644 index 00000000..c7eb49f9 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_COMP_add_compression_method.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_COMP_ADD_COMPRESSION_METHOD 3" +.TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods \&\- handle SSL/TLS integrated compression methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); +\& STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +\& const char *SSL_COMP_get0_name(const SSL_COMP *comp); +\& int SSL_COMP_get_id(const SSL_COMP *comp); +.Ve +.PP +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void SSL_COMP_free_compression_methods(void) +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with +the identifier \fBid\fR to the list of available compression methods. This +list is globally maintained for all \s-1SSL\s0 operations within this application. +It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects. +.PP +\&\fBSSL_COMP_get_compression_methods()\fR returns a stack of all of the available +compression methods or \s-1NULL\s0 on error. +.PP +\&\fBSSL_COMP_get0_name()\fR returns the name of the compression method \fBcomp\fR. +.PP +\&\fBSSL_COMP_get_id()\fR returns the id of the compression method \fBcomp\fR. +.PP +\&\fBSSL_COMP_free_compression_methods()\fR releases any resources acquired to +maintain the internal table of compression methods. +.SH "NOTES" +.IX Header "NOTES" +The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods +into the communication. The \s-1TLS RFC\s0 does however not specify compression +methods or their corresponding identifiers, so there is currently no compatible +way to integrate compression with unknown peers. It is therefore currently not +recommended to integrate compression into applications. Applications for +non-public use may agree on certain compression methods. Using different +compression methods with the same identifier will lead to connection failure. +.PP +An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) +will unconditionally send the list of all compression methods enabled with +\&\fBSSL_COMP_add_compression_method()\fR to the server during the handshake. +Unlike the mechanisms to set a cipher list, there is no method available to +restrict the list of compression method on a per connection basis. +.PP +An OpenSSL server will match the identifiers listed by a client against +its own compression methods and will unconditionally activate compression +when a matching identifier is found. There is no way to restrict the list +of compression methods supported on a per connection basis. +.PP +If enabled during compilation, the OpenSSL library will have the +\&\fBCOMP_zlib()\fR compression method available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_COMP_add_compression_method()\fR may return the following values: +.IP "0" 4 +The operation succeeded. +.IP "1" 4 +.IX Item "1" +The operation failed. Check the error queue to find out the reason. +.PP +\&\fBSSL_COMP_get_compression_methods()\fR returns the stack of compressions methods or +\&\s-1NULL\s0 on error. +.PP +\&\fBSSL_COMP_get0_name()\fR returns the name of the compression method or \s-1NULL\s0 on error. +.PP +\&\fBSSL_COMP_get_id()\fR returns the name of the compression method or \-1 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_COMP_free_compression_methods()\fR function was deprecated in OpenSSL 1.1.0. +The \fBSSL_COMP_get0_name()\fR and \fBSSL_comp_get_id()\fR functions were added in OpenSSL 1.1.0d. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CONF_CTX_new.3 b/deps/openssl/mingw64/share/man/man3/SSL_CONF_CTX_new.3 new file mode 100644 index 00000000..28a9ddf5 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CONF_CTX_new.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_NEW 3" +.TH SSL_CONF_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_new, SSL_CONF_CTX_free \- SSL configuration allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CONF_CTX *SSL_CONF_CTX_new(void); +\& void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBSSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR +structure for use with the \s-1SSL_CONF\s0 functions. +.PP +The function \fBSSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR. +If \fBcctx\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBSSL_CONF_CTX_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CONF_CTX_set1_prefix.3 b/deps/openssl/mingw64/share/man/man3/SSL_CONF_CTX_set1_prefix.3 new file mode 100644 index 00000000..350e5c0c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CONF_CTX_set1_prefix.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_SET1_PREFIX 3" +.TH SSL_CONF_CTX_SET1_PREFIX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set1_prefix \- Set configuration context command prefix +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBSSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR +to \fBprefix\fR. If \fBprefix\fR is \fB\s-1NULL\s0\fR it is restored to the default value. +.SH "NOTES" +.IX Header "NOTES" +Command prefixes alter the commands recognised by subsequent \fBSSL_CONF_cmd()\fR +calls. For example for files, if the prefix \*(L"\s-1SSL\*(R"\s0 is set then command names +such as \*(L"SSLProtocol\*(R", \*(L"SSLOptions\*(R" etc. are recognised instead of \*(L"Protocol\*(R" +and \*(L"Options\*(R". Similarly for command lines if the prefix is \*(L"\-\-ssl\-\*(R" then +\&\*(L"\-\-ssl\-no_tls1_2\*(R" is recognised instead of \*(L"\-no_tls1_2\*(R". +.PP +If the \fB\s-1SSL_CONF_FLAG_CMDLINE\s0\fR flag is set then prefix checks are case +sensitive and \*(L"\-\*(R" is the default. In the unlikely even an application +explicitly wants to set no prefix it must be explicitly set to "". +.PP +If the \fB\s-1SSL_CONF_FLAG_FILE\s0\fR flag is set then prefix checks are case +insensitive and no prefix is the default. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CONF_CTX_set_flags.3 b/deps/openssl/mingw64/share/man/man3/SSL_CONF_CTX_set_flags.3 new file mode 100644 index 00000000..16d1b24a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CONF_CTX_set_flags.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_SET_FLAGS 3" +.TH SSL_CONF_CTX_SET_FLAGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags \- Set or clear SSL configuration context flags +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +\& unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBSSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR. +.PP +The function \fBSSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR. +.SH "NOTES" +.IX Header "NOTES" +The flags set affect how subsequent calls to \fBSSL_CONF_cmd()\fR or +\&\fBSSL_CONF_argv()\fR behave. +.PP +Currently the following \fBflags\fR values are recognised: +.IP "\s-1SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE\s0" 4 +.IX Item "SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE" +recognise options intended for command line or configuration file use. At +least one of these flags must be set. +.IP "\s-1SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER\s0" 4 +.IX Item "SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER" +recognise options intended for use in \s-1SSL/TLS\s0 clients or servers. One or +both of these flags must be set. +.IP "\s-1SSL_CONF_FLAG_CERTIFICATE\s0" 4 +.IX Item "SSL_CONF_FLAG_CERTIFICATE" +recognise certificate and private key options. +.IP "\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0" 4 +.IX Item "SSL_CONF_FLAG_REQUIRE_PRIVATE" +If this option is set then if a private key is not specified for a certificate +it will attempt to load a private key from the certificate file when +\&\fBSSL_CONF_CTX_finish()\fR is called. If a key cannot be loaded from the certificate +file an error occurs. +.IP "\s-1SSL_CONF_FLAG_SHOW_ERRORS\s0" 4 +.IX Item "SSL_CONF_FLAG_SHOW_ERRORS" +indicate errors relating to unrecognised options or missing arguments in +the error queue. If this option isn't set such errors are only reflected +in the return values of \fBSSL_CONF_set_cmd()\fR or \fBSSL_CONF_set_argv()\fR +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_CTX_set_flags()\fR and \fBSSL_CONF_CTX_clear_flags()\fR returns the new flags +value after setting or clearing flags. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 b/deps/openssl/mingw64/share/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 new file mode 100644 index 00000000..5b8be317 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_SET_SSL_CTX 3" +.TH SSL_CONF_CTX_SET_SSL_CTX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl \- set context to configure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); +\& void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the +\&\fB\s-1SSL_CTX\s0\fR structure \fBctx\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with +\&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to +\&\fBctx\fR. +.PP +\&\fBSSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the +\&\fB\s-1SSL\s0\fR structure \fBssl\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with +\&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to +\&\fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The context need not be set or it can be set to \fB\s-1NULL\s0\fR in which case only +syntax checking of commands is performed, where possible. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_CTX_set_ssl_ctx()\fR and \fBSSL_CTX_set_ssl()\fR do not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CONF_cmd.3 b/deps/openssl/mingw64/share/man/man3/SSL_CONF_cmd.3 new file mode 100644 index 00000000..c19beba3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CONF_cmd.3 @@ -0,0 +1,777 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CMD 3" +.TH SSL_CONF_CMD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_cmd_value_type, SSL_CONF_cmd \- send configuration command +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +\& int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBSSL_CONF_cmd()\fR performs configuration operation \fBcmd\fR with +optional parameter \fBvalue\fR on \fBctx\fR. Its purpose is to simplify application +configuration of \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structures by providing a common +framework for command line options or configuration files. +.PP +\&\fBSSL_CONF_cmd_value_type()\fR returns the type of value that \fBcmd\fR refers to. +.SH "SUPPORTED COMMAND LINE COMMANDS" +.IX Header "SUPPORTED COMMAND LINE COMMANDS" +Currently supported \fBcmd\fR names for command lines (i.e. when the +flag \fB\s-1SSL_CONF_CMDLINE\s0\fR is set) are listed below. Note: all \fBcmd\fR names +are case sensitive. Unless otherwise stated commands can be used by +both clients and servers and the \fBvalue\fR parameter is not used. The default +prefix for command line commands is \fB\-\fR and that is reflected below. +.IP "\fB\-sigalgs\fR" 4 +.IX Item "-sigalgs" +This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this +value is used directly for the supported signature algorithms extension. For +servers it is used to determine which signature algorithms to support. +.Sp +The \fBvalue\fR argument should be a colon separated list of signature algorithms +in order of decreasing preference of the form \fBalgorithm+hash\fR or +\&\fBsignature_scheme\fR. \fBalgorithm\fR +is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm +\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. +Note: algorithm and hash names are case sensitive. +\&\fBsignature_scheme\fR is one of the signature schemes defined in TLSv1.3, +specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, \fBed25519\fR, +or \fBrsa_pss_pss_sha256\fR. +.Sp +If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible. +.Sp +Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR +identifiers) are ignored in TLSv1.3 and will not be negotiated. +.IP "\fB\-client_sigalgs\fR" 4 +.IX Item "-client_sigalgs" +This sets the supported signature algorithms associated with client +authentication for TLSv1.2 and TLSv1.3. +For servers the value is used in the +\&\fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. +For clients it is +used to determine which signature algorithm to use with the client certificate. +If a server does not request a certificate this option has no effect. +.Sp +The syntax of \fBvalue\fR is identical to \fB\-sigalgs\fR. If not set then +the value set for \fB\-sigalgs\fR will be used instead. +.IP "\fB\-groups\fR" 4 +.IX Item "-groups" +This sets the supported groups. For clients, the groups are +sent using the supported groups extension. For servers, it is used +to determine which group to use. This setting affects groups used for +signatures (in TLSv1.2 and earlier) and key exchange. The first group listed +will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 +\&\fBClientHello\fR. +.Sp +The \fBvalue\fR argument is a colon separated list of groups. The group can be +either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where +applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g \fBprime256v1\fR). Group +names are case sensitive. The list should be in order of preference with the +most preferred group first. +.IP "\fB\-curves\fR" 4 +.IX Item "-curves" +This is a synonym for the \*(L"\-groups\*(R" command. +.IP "\fB\-named_curve\fR" 4 +.IX Item "-named_curve" +This sets the temporary curve used for ephemeral \s-1ECDH\s0 modes. Only used by +servers +.Sp +The \fBvalue\fR argument is a curve name or the special value \fBauto\fR which +picks an appropriate curve based on client and server preferences. The curve +can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name +(e.g \fBprime256v1\fR). Curve names are case sensitive. +.IP "\fB\-cipher\fR" 4 +.IX Item "-cipher" +Sets the TLSv1.2 and below ciphersuite list to \fBvalue\fR. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax checking +of \fBvalue\fR is currently not performed unless a \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR structure is +associated with \fBcctx\fR. +.IP "\fB\-ciphersuites\fR" 4 +.IX Item "-ciphersuites" +Sets the available ciphersuites for TLSv1.3 to value. This is a simple colon +(\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See \fBciphers\fR\|(1) for more information. +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +Attempts to use the file \fBvalue\fR as the certificate for the appropriate +context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR +structure is set. This option is only supported if certificate operations +are permitted. +.IP "\fB\-key\fR" 4 +.IX Item "-key" +Attempts to use the file \fBvalue\fR as the private key for the appropriate +context. This option is only supported if certificate operations +are permitted. Note: if no \fB\-key\fR option is set then a private key is +not loaded unless the flag \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. +.IP "\fB\-dhparam\fR" 4 +.IX Item "-dhparam" +Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for +the appropriate context. This option is only supported if certificate +operations are permitted. +.IP "\fB\-record_padding\fR" 4 +.IX Item "-record_padding" +Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in +length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the +\&\fBvalue\fR must be >1 or <=16384. +.IP "\fB\-no_renegotiation\fR" 4 +.IX Item "-no_renegotiation" +Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting +\&\fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. +.IP "\fB\-min_protocol\fR, \fB\-max_protocol\fR" 4 +.IX Item "-min_protocol, -max_protocol" +Sets the minimum and maximum supported protocol. +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, +\&\fBTLSv1.1\fR, \fBTLSv1.2\fR, \fBTLSv1.3\fR for \s-1TLS\s0 and \fBDTLSv1\fR, \fBDTLSv1.2\fR for \s-1DTLS,\s0 +and \fBNone\fR for no limit. +If either bound is not specified then only the other bound applies, +if specified. +To restrict the supported protocol versions use these commands rather +than the deprecated alternative commands below. +.IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 +.IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" +Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by +setting the corresponding options \fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, +\&\fBSSL_OP_NO_TLSv1_1\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR +respectively. These options are deprecated, instead use \fB\-min_protocol\fR and +\&\fB\-max_protocol\fR. +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +Various bug workarounds are set, same as setting \fB\s-1SSL_OP_ALL\s0\fR. +.IP "\fB\-comp\fR" 4 +.IX Item "-comp" +Enables support for \s-1SSL/TLS\s0 compression, same as clearing +\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +This command was introduced in OpenSSL 1.1.0. +As of OpenSSL 1.1.0, compression is off by default. +.IP "\fB\-no_comp\fR" 4 +.IX Item "-no_comp" +Disables support for \s-1SSL/TLS\s0 compression, same as setting +\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +As of OpenSSL 1.1.0, compression is off by default. +.IP "\fB\-no_ticket\fR" 4 +.IX Item "-no_ticket" +Disables support for session tickets, same as setting \fB\s-1SSL_OP_NO_TICKET\s0\fR. +.IP "\fB\-serverpref\fR" 4 +.IX Item "-serverpref" +Use server and not client preference order when determining which cipher suite, +signature algorithm or elliptic curve to use for an incoming connection. +Equivalent to \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. +.IP "\fB\-prioritize_chacha\fR" 4 +.IX Item "-prioritize_chacha" +Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of +its preference list. This usually indicates a client without \s-1AES\s0 hardware +acceleration (e.g. mobile) is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. +Only used by servers. Requires \fB\-serverpref\fR. +.IP "\fB\-no_resumption_on_reneg\fR" 4 +.IX Item "-no_resumption_on_reneg" +set \s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0 flag. Only used by servers. +.IP "\fB\-legacyrenegotiation\fR" 4 +.IX Item "-legacyrenegotiation" +permits the use of unsafe legacy renegotiation. Equivalent to setting +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. +.IP "\fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR" 4 +.IX Item "-legacy_server_connect, -no_legacy_server_connect" +permits or prohibits the use of unsafe legacy renegotiation for OpenSSL +clients only. Equivalent to setting or clearing \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. +Set by default. +.IP "\fB\-allow_no_dhe_kex\fR" 4 +.IX Item "-allow_no_dhe_kex" +In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. +.IP "\fB\-strict\fR" 4 +.IX Item "-strict" +enables strict mode protocol handling. Equivalent to setting +\&\fB\s-1SSL_CERT_FLAG_TLS_STRICT\s0\fR. +.IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4 +.IX Item "-anti_replay, -no_anti_replay" +Switches replay protection, on or off respectively. With replay protection on, +OpenSSL will automatically detect if a session ticket has been used more than +once, TLSv1.3 has been negotiated, and early data is enabled on the server. A +full handshake is forced if a session ticket is used a second or subsequent +time. Anti-Replay is on by default unless overridden by a configuration file and +is only used by servers. Anti-replay measures are required for compliance with +the TLSv1.3 specification. Some applications may be able to mitigate the replay +risks in other ways and in such cases the built-in OpenSSL functionality is not +required. Switching off anti-replay is equivalent to \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. +.SH "SUPPORTED CONFIGURATION FILE COMMANDS" +.IX Header "SUPPORTED CONFIGURATION FILE COMMANDS" +Currently supported \fBcmd\fR names for configuration files (i.e. when the +flag \fB\s-1SSL_CONF_FLAG_FILE\s0\fR is set) are listed below. All configuration file +\&\fBcmd\fR names are case insensitive so \fBsignaturealgorithms\fR is recognised +as well as \fBSignatureAlgorithms\fR. Unless otherwise stated the \fBvalue\fR names +are also case insensitive. +.PP +Note: the command prefix (if set) alters the recognised \fBcmd\fR values. +.IP "\fBCipherString\fR" 4 +.IX Item "CipherString" +Sets the ciphersuite list for TLSv1.2 and below to \fBvalue\fR. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax +checking of \fBvalue\fR is currently not performed unless an \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR +structure is associated with \fBcctx\fR. +.IP "\fBCiphersuites\fR" 4 +.IX Item "Ciphersuites" +Sets the available ciphersuites for TLSv1.3 to \fBvalue\fR. This is a simple colon +(\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See \fBciphers\fR\|(1) for more information. +.IP "\fBCertificate\fR" 4 +.IX Item "Certificate" +Attempts to use the file \fBvalue\fR as the certificate for the appropriate +context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR +structure is set. This option is only supported if certificate operations +are permitted. +.IP "\fBPrivateKey\fR" 4 +.IX Item "PrivateKey" +Attempts to use the file \fBvalue\fR as the private key for the appropriate +context. This option is only supported if certificate operations +are permitted. Note: if no \fBPrivateKey\fR option is set then a private key is +not loaded unless the \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. +.IP "\fBChainCAFile\fR, \fBChainCAPath\fR, \fBVerifyCAFile\fR, \fBVerifyCAPath\fR" 4 +.IX Item "ChainCAFile, ChainCAPath, VerifyCAFile, VerifyCAPath" +These options indicate a file or directory used for building certificate +chains or verifying certificate chains. These options are only supported +if certificate operations are permitted. +.IP "\fBRequestCAFile\fR" 4 +.IX Item "RequestCAFile" +This option indicates a file containing a set of certificates in \s-1PEM\s0 form. +The subject names of the certificates are sent to the peer in the +\&\fBcertificate_authorities\fR extension for \s-1TLS 1.3\s0 (in ClientHello or +CertificateRequest) or in a certificate request for previous versions or +\&\s-1TLS.\s0 +.IP "\fBServerInfoFile\fR" 4 +.IX Item "ServerInfoFile" +Attempts to use the file \fBvalue\fR in the \*(L"serverinfo\*(R" extension using the +function SSL_CTX_use_serverinfo_file. +.IP "\fBDHParameters\fR" 4 +.IX Item "DHParameters" +Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for +the appropriate context. This option is only supported if certificate +operations are permitted. +.IP "\fBRecordPadding\fR" 4 +.IX Item "RecordPadding" +Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in +length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the +\&\fBvalue\fR must be >1 or <=16384. +.IP "\fBSignatureAlgorithms\fR" 4 +.IX Item "SignatureAlgorithms" +This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this +value is used directly for the supported signature algorithms extension. For +servers it is used to determine which signature algorithms to support. +.Sp +The \fBvalue\fR argument should be a colon separated list of signature algorithms +in order of decreasing preference of the form \fBalgorithm+hash\fR or +\&\fBsignature_scheme\fR. \fBalgorithm\fR +is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm +\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. +Note: algorithm and hash names are case sensitive. +\&\fBsignature_scheme\fR is one of the signature schemes defined in TLSv1.3, +specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, \fBed25519\fR, +or \fBrsa_pss_pss_sha256\fR. +.Sp +If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible. +.Sp +Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR +identifiers) are ignored in TLSv1.3 and will not be negotiated. +.IP "\fBClientSignatureAlgorithms\fR" 4 +.IX Item "ClientSignatureAlgorithms" +This sets the supported signature algorithms associated with client +authentication for TLSv1.2 and TLSv1.3. +For servers the value is used in the +\&\fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. +For clients it is +used to determine which signature algorithm to use with the client certificate. +If a server does not request a certificate this option has no effect. +.Sp +The syntax of \fBvalue\fR is identical to \fBSignatureAlgorithms\fR. If not set then +the value set for \fBSignatureAlgorithms\fR will be used instead. +.IP "\fBGroups\fR" 4 +.IX Item "Groups" +This sets the supported groups. For clients, the groups are +sent using the supported groups extension. For servers, it is used +to determine which group to use. This setting affects groups used for +signatures (in TLSv1.2 and earlier) and key exchange. The first group listed +will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 +\&\fBClientHello\fR. +.Sp +The \fBvalue\fR argument is a colon separated list of groups. The group can be +either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where +applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g \fBprime256v1\fR). Group +names are case sensitive. The list should be in order of preference with the +most preferred group first. +.IP "\fBCurves\fR" 4 +.IX Item "Curves" +This is a synonym for the \*(L"Groups\*(R" command. +.IP "\fBMinProtocol\fR" 4 +.IX Item "MinProtocol" +This sets the minimum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. +.Sp +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. +The value \fBNone\fR will disable the limit. +.IP "\fBMaxProtocol\fR" 4 +.IX Item "MaxProtocol" +This sets the maximum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. +.Sp +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. +The value \fBNone\fR will disable the limit. +.IP "\fBProtocol\fR" 4 +.IX Item "Protocol" +This can be used to enable or disable certain versions of the \s-1SSL, +TLS\s0 or \s-1DTLS\s0 protocol. +.Sp +The \fBvalue\fR argument is a comma separated list of supported protocols +to enable or disable. +If a protocol is preceded by \fB\-\fR that version is disabled. +.Sp +All protocol versions are enabled by default. +You need to disable at least one protocol version for this setting have any +effect. +Only enabling some protocol versions does not disable the other protocol +versions. +.Sp +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. +The special value \fB\s-1ALL\s0\fR refers to all supported versions. +.Sp +This can't enable protocols that are disabled using \fBMinProtocol\fR +or \fBMaxProtocol\fR, but can disable protocols that are still allowed +by them. +.Sp +The \fBProtocol\fR command is fragile and deprecated; do not use it. +Use \fBMinProtocol\fR and \fBMaxProtocol\fR instead. +If you do use \fBProtocol\fR, make sure that the resulting range of enabled +protocols has no \*(L"holes\*(R", e.g. if \s-1TLS 1.0\s0 and \s-1TLS 1.2\s0 are both enabled, make +sure to also leave \s-1TLS 1.1\s0 enabled. +.IP "\fBOptions\fR" 4 +.IX Item "Options" +The \fBvalue\fR argument is a comma separated list of various flags to set. +If a flag string is preceded \fB\-\fR it is disabled. +See the \fBSSL_CTX_set_options\fR\|(3) function for more details of +individual options. +.Sp +Each option is listed below. Where an operation is enabled by default +the \fB\-flag\fR syntax is needed to disable it. +.Sp +\&\fBSessionTicket\fR: session ticket support, enabled by default. Inverse of +\&\fB\s-1SSL_OP_NO_TICKET\s0\fR: that is \fB\-SessionTicket\fR is the same as setting +\&\fB\s-1SSL_OP_NO_TICKET\s0\fR. +.Sp +\&\fBCompression\fR: \s-1SSL/TLS\s0 compression support, enabled by default. Inverse +of \fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +.Sp +\&\fBEmptyFragments\fR: use empty fragments as a countermeasure against a +\&\s-1SSL 3.0/TLS 1.0\s0 protocol vulnerability affecting \s-1CBC\s0 ciphers. It +is set by default. Inverse of \fB\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0\fR. +.Sp +\&\fBBugs\fR: enable various bug workarounds. Same as \fB\s-1SSL_OP_ALL\s0\fR. +.Sp +\&\fBDHSingle\fR: enable single use \s-1DH\s0 keys, set by default. Inverse of +\&\fB\s-1SSL_OP_DH_SINGLE\s0\fR. Only used by servers. +.Sp +\&\fBECDHSingle\fR: enable single use \s-1ECDH\s0 keys, set by default. Inverse of +\&\fB\s-1SSL_OP_ECDH_SINGLE\s0\fR. Only used by servers. +.Sp +\&\fBServerPreference\fR: use server and not client preference order when +determining which cipher suite, signature algorithm or elliptic curve +to use for an incoming connection. Equivalent to +\&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. +.Sp +\&\fBPrioritizeChaCha\fR: prioritizes ChaCha ciphers when the client has a +ChaCha20 cipher at the top of its preference list. This usually indicates +a mobile client is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. +Only used by servers. +.Sp +\&\fBNoResumptionOnRenegotiation\fR: set +\&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR flag. Only used by servers. +.Sp +\&\fBNoRenegotiation\fR: disables all attempts at renegotiation in TLSv1.2 and +earlier, same as setting \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. +.Sp +\&\fBUnsafeLegacyRenegotiation\fR: permits the use of unsafe legacy renegotiation. +Equivalent to \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. +.Sp +\&\fBUnsafeLegacyServerConnect\fR: permits the use of unsafe legacy renegotiation +for OpenSSL clients only. Equivalent to \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. +Set by default. +.Sp +\&\fBEncryptThenMac\fR: use encrypt-then-mac extension, enabled by +default. Inverse of \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR: that is, +\&\fB\-EncryptThenMac\fR is the same as setting \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR. +.Sp +\&\fBAllowNoDHEKEX\fR: In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on +resumption. This means that there will be no forward secrecy for the resumed +session. Equivalent to \fB\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0\fR. +.Sp +\&\fBMiddleboxCompat\fR: If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent +in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that +middleboxes that do not understand TLSv1.3 will not drop the connection. This +option is set by default. A future version of OpenSSL may not set this by +default. Equivalent to \fB\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0\fR. +.Sp +\&\fBAntiReplay\fR: If set then OpenSSL will automatically detect if a session ticket +has been used more than once, TLSv1.3 has been negotiated, and early data is +enabled on the server. A full handshake is forced if a session ticket is used a +second or subsequent time. This option is set by default and is only used by +servers. Anti-replay measures are required to comply with the TLSv1.3 +specification. Some applications may be able to mitigate the replay risks in +other ways and in such cases the built-in OpenSSL functionality is not required. +Disabling anti-replay is equivalent to setting \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. +.IP "\fBVerifyMode\fR" 4 +.IX Item "VerifyMode" +The \fBvalue\fR argument is a comma separated list of flags to set. +.Sp +\&\fBPeer\fR enables peer verification: for clients only. +.Sp +\&\fBRequest\fR requests but does not require a certificate from the client. +Servers only. +.Sp +\&\fBRequire\fR requests and requires a certificate from the client: an error +occurs if the client does not present a certificate. Servers only. +.Sp +\&\fBOnce\fR requests a certificate from a client only on the initial connection: +not when renegotiating. Servers only. +.Sp +\&\fBRequestPostHandshake\fR configures the connection to support requests but does +not require a certificate from the client post-handshake. A certificate will +not be requested during the initial handshake. The server application must +provide a mechanism to request a certificate post-handshake. Servers only. +TLSv1.3 only. +.Sp +\&\fBRequiresPostHandshake\fR configures the connection to support requests and +requires a certificate from the client post-handshake: an error occurs if the +client does not present a certificate. A certificate will not be requested +during the initial handshake. The server application must provide a mechanism +to request a certificate post-handshake. Servers only. TLSv1.3 only. +.IP "\fBClientCAFile\fR, \fBClientCAPath\fR" 4 +.IX Item "ClientCAFile, ClientCAPath" +A file or directory of certificates in \s-1PEM\s0 format whose names are used as the +set of acceptable names for client CAs. Servers only. This option is only +supported if certificate operations are permitted. +.SH "SUPPORTED COMMAND TYPES" +.IX Header "SUPPORTED COMMAND TYPES" +The function \fBSSL_CONF_cmd_value_type()\fR currently returns one of the following +types: +.IP "\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_UNKNOWN" +The \fBcmd\fR string is unrecognised, this return value can be use to flag +syntax errors. +.IP "\fB\s-1SSL_CONF_TYPE_STRING\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_STRING" +The value is a string without any specific structure. +.IP "\fB\s-1SSL_CONF_TYPE_FILE\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_FILE" +The value is a file name. +.IP "\fB\s-1SSL_CONF_TYPE_DIR\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_DIR" +The value is a directory name. +.IP "\fB\s-1SSL_CONF_TYPE_NONE\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_NONE" +The value string is not used e.g. a command line option which doesn't take an +argument. +.SH "NOTES" +.IX Header "NOTES" +The order of operations is significant. This can be used to set either defaults +or values which cannot be overridden. For example if an application calls: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); +\& SSL_CONF_cmd(ctx, userparam, uservalue); +.Ve +.PP +it will disable SSLv3 support by default but the user can override it. If +however the call sequence is: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, userparam, uservalue); +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); +.Ve +.PP +SSLv3 is \fBalways\fR disabled and attempt to override this by the user are +ignored. +.PP +By checking the return code of \fBSSL_CONF_cmd()\fR it is possible to query if a +given \fBcmd\fR is recognised, this is useful if \fBSSL_CONF_cmd()\fR values are +mixed with additional application specific operations. +.PP +For example an application might call \fBSSL_CONF_cmd()\fR and if it returns +\&\-2 (unrecognised command) continue with processing of application specific +commands. +.PP +Applications can also use \fBSSL_CONF_cmd()\fR to process command lines though the +utility function \fBSSL_CONF_cmd_argv()\fR is normally used instead. One way +to do this is to set the prefix to an appropriate value using +\&\fBSSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBcmd\fR and the +following argument to \fBvalue\fR (which may be \s-1NULL\s0). +.PP +In this case if the return value is positive then it is used to skip that +number of arguments as they have been processed by \fBSSL_CONF_cmd()\fR. If \-2 is +returned then \fBcmd\fR is not recognised and application specific arguments +can be checked instead. If \-3 is returned a required argument is missing +and an error is indicated. If 0 is returned some other error occurred and +this can be reported back to the user. +.PP +The function \fBSSL_CONF_cmd_value_type()\fR can be used by applications to +check for the existence of a command or to perform additional syntax +checking or translation of the command value. For example if the return +value is \fB\s-1SSL_CONF_TYPE_FILE\s0\fR an application could translate a relative +pathname to an absolute pathname. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_cmd()\fR returns 1 if the value of \fBcmd\fR is recognised and \fBvalue\fR is +\&\fB\s-1NOT\s0\fR used and 2 if both \fBcmd\fR and \fBvalue\fR are used. In other words it +returns the number of arguments processed. This is useful when processing +command lines. +.PP +A return value of \-2 means \fBcmd\fR is not recognised. +.PP +A return value of \-3 means \fBcmd\fR is recognised and the command requires a +value but \fBvalue\fR is \s-1NULL.\s0 +.PP +A return code of 0 indicates that both \fBcmd\fR and \fBvalue\fR are valid but an +error occurred attempting to perform the operation: for example due to an +error in the syntax of \fBvalue\fR in this case the error queue may provide +additional information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set supported signature algorithms: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256"); +.Ve +.PP +There are various ways to select the supported protocols. +.PP +This set the minimum protocol version to TLSv1, and so disables SSLv3. +This is the recommended way to disable protocols. +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1"); +.Ve +.PP +The following also disables SSLv3: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); +.Ve +.PP +The following will first enable all protocols, and then disable +SSLv3. +If no protocol versions were disabled before this has the same effect as +\&\*(L"\-SSLv3\*(R", but if some versions were disables this will re-enable them before +disabling SSLv3. +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "ALL,\-SSLv3"); +.Ve +.PP +Only enable TLSv1.2: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1.2"); +\& SSL_CONF_cmd(ctx, "MaxProtocol", "TLSv1.2"); +.Ve +.PP +This also only enables TLSv1.2: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "\-ALL,TLSv1.2"); +.Ve +.PP +Disable \s-1TLS\s0 session tickets: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Options", "\-SessionTicket"); +.Ve +.PP +Enable compression: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Options", "Compression"); +.Ve +.PP +Set supported curves to P\-256, P\-384: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Curves", "P\-256:P\-384"); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CONF_cmd()\fR function was added in OpenSSL 1.0.2. +.PP +The \fB\s-1SSL_OP_NO_SSL2\s0\fR option doesn't have effect since 1.1.0, but the macro +is retained for backwards compatibility. +.PP +The \fB\s-1SSL_CONF_TYPE_NONE\s0\fR was added in OpenSSL 1.1.0. In earlier versions of +OpenSSL passing a command which didn't take an argument would return +\&\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR. +.PP +\&\fBMinProtocol\fR and \fBMaxProtocol\fR where added in OpenSSL 1.1.0. +.PP +\&\fBAllowNoDHEKEX\fR and \fBPrioritizeChaCha\fR were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CONF_cmd_argv.3 b/deps/openssl/mingw64/share/man/man3/SSL_CONF_cmd_argv.3 new file mode 100644 index 00000000..0c585f73 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CONF_cmd_argv.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CMD_ARGV 3" +.TH SSL_CONF_CMD_ARGV 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_cmd_argv \- SSL configuration command line processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBSSL_CONF_cmd_argv()\fR processes at most two command line +arguments from \fBpargv\fR and \fBpargc\fR. The values of \fBpargv\fR and \fBpargc\fR +are updated to reflect the number of command options processed. The \fBpargc\fR +argument can be set to \fB\s-1NULL\s0\fR if it is not used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2 +or a negative error code. +.PP +If \-2 is returned then an argument for a command is missing. +.PP +If \-1 is returned the command is recognised but couldn't be processed due +to an error: for example a syntax error in the argument. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_add1_chain_cert.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_add1_chain_cert.3 new file mode 100644 index 00000000..0bb0119e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_add1_chain_cert.3 @@ -0,0 +1,282 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_ADD1_CHAIN_CERT 3" +.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, SSL_build_cert_chain, SSL_CTX_select_current_cert, SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert \- extra chain certificate processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); +\& int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); +\& int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk); +\& int SSL_CTX_clear_chain_certs(SSL_CTX *ctx); +\& +\& int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *sk); +\& int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *sk); +\& int SSL_add0_chain_cert(SSL *ssl, X509 *x509); +\& int SSL_add1_chain_cert(SSL *ssl, X509 *x509); +\& int SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **sk); +\& int SSL_clear_chain_certs(SSL *ssl); +\& +\& int SSL_CTX_build_cert_chain(SSL_CTX *ctx, flags); +\& int SSL_build_cert_chain(SSL *ssl, flags); +\& +\& int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_select_current_cert(SSL *ssl, X509 *x509); +\& int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op); +\& int SSL_set_current_cert(SSL *ssl, long op); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set0_chain()\fR and \fBSSL_CTX_set1_chain()\fR set the certificate chain +associated with the current certificate of \fBctx\fR to \fBsk\fR. +.PP +\&\fBSSL_CTX_add0_chain_cert()\fR and \fBSSL_CTX_add1_chain_cert()\fR append the single +certificate \fBx509\fR to the chain associated with the current certificate of +\&\fBctx\fR. +.PP +\&\fBSSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current +certificate of \fBctx\fR. +.PP +\&\fBSSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the +current certificate of \fBctx\fR. (This is implemented by calling +\&\fBSSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). +.PP +\&\fBSSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally +this uses the chain store or the verify store if the chain store is not set. +If the function is successful the built chain will replace any existing chain. +The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use +existing chain certificates as untrusted CAs, \fB\s-1SSL_BUILD_CHAIN_FLAG_NO_ROOT\s0\fR +to omit the root \s-1CA\s0 from the built chain, \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to +use all existing chain certificates only to build the chain (effectively +sanity checking and rearranging them if necessary), the flag +\&\fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR ignores any errors during verification: +if flag \fB\s-1SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR\s0\fR is also set verification errors +are cleared from the error queue. +.PP +Each of these functions operates on the \fIcurrent\fR end entity +(i.e. server or client) certificate. This is the last certificate loaded or +selected on the corresponding \fBctx\fR structure. +.PP +\&\fBSSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity +certificate, but only if \fBx509\fR has already been loaded into \fBctx\fR using a +function such as \fBSSL_CTX_use_certificate()\fR. +.PP +\&\fBSSL_set0_chain()\fR, \fBSSL_set1_chain()\fR, \fBSSL_add0_chain_cert()\fR, +\&\fBSSL_add1_chain_cert()\fR, \fBSSL_get0_chain_certs()\fR, \fBSSL_clear_chain_certs()\fR, +\&\fBSSL_build_cert_chain()\fR, \fBSSL_select_current_cert()\fR and \fBSSL_set_current_cert()\fR +are similar except they apply to \s-1SSL\s0 structure \fBssl\fR. +.PP +\&\fBSSL_CTX_set_current_cert()\fR changes the current certificate to a value based +on the \fBop\fR argument. Currently \fBop\fR can be \fB\s-1SSL_CERT_SET_FIRST\s0\fR to use +the first valid certificate or \fB\s-1SSL_CERT_SET_NEXT\s0\fR to set the next valid +certificate after the current certificate. These two operations can be +used to iterate over all certificates in an \fB\s-1SSL_CTX\s0\fR structure. +.PP +\&\fBSSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR. +If \fBssl\fR is a server and has sent a certificate to a connected client +this option sets that certificate to the current certificate and returns 1. +If the negotiated cipher suite is anonymous (and thus no certificate will +be sent) 2 is returned and the current certificate is unchanged. If \fBssl\fR +is not a server or a certificate has not been sent 0 is returned and +the current certificate is unchanged. +.PP +All these functions are implemented as macros. Those containing a \fB1\fR +increment the reference count of the supplied certificate or chain so it must +be freed at some point after the operation. Those containing a \fB0\fR do +not increment reference counts and the supplied certificate or chain +\&\fB\s-1MUST NOT\s0\fR be freed after the operation. +.SH "NOTES" +.IX Header "NOTES" +The chains associate with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 +structures when \fBSSL_new()\fR is called. \s-1SSL\s0 structures will not be affected +by any chains subsequently changed in the parent \s-1SSL_CTX.\s0 +.PP +One chain can be set for each key type supported by a server. So, for example, +an \s-1RSA\s0 and a \s-1DSA\s0 certificate can (and often will) have different chains. +.PP +The functions \fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR can +be used to check application configuration and to ensure any necessary +subordinate CAs are sent in the correct order. Misconfigured applications +sending incorrect certificate chains often cause problems with peers. +.PP +For example an application can add any set of certificates using +\&\fBSSL_CTX_use_certificate_chain_file()\fR then call \fBSSL_CTX_build_cert_chain()\fR +with the option \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to check and reorder them. +.PP +Applications can issue non fatal warnings when checking chains by setting +the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\s0\fR and checking the return +value. +.PP +Calling \fBSSL_CTX_build_cert_chain()\fR or \fBSSL_build_cert_chain()\fR is more +efficient than the automatic chain building as it is only performed once. +Automatic chain building is performed on each new session. +.PP +If any certificates are added using these functions no certificates added +using \fBSSL_CTX_add_extra_chain_cert()\fR will be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if +no server certificate is used because the cipher suites is anonymous and 0 +for failure. +.PP +\&\fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR return 1 for success +and 0 for failure. If the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR and +a verification error occurs then 2 is returned. +.PP +All other functions return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_add_extra_chain_cert.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_add_extra_chain_cert.3 new file mode 100644 index 00000000..5a755e88 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_add_extra_chain_cert.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_ADD_EXTRA_CHAIN_CERT 3" +.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs \- add or clear extra chain certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); +\& long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the extra chain +certificates associated with \fBctx\fR. Several certificates can be added one +after another. +.PP +\&\fBSSL_CTX_clear_extra_chain_certs()\fR clears all extra chain certificates +associated with \fBctx\fR. +.PP +These functions are implemented as macros. +.SH "NOTES" +.IX Header "NOTES" +When sending a certificate chain, extra chain certificates are sent in order +following the end entity certificate. +.PP +If no chain is specified, the library will try to complete the chain from the +available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see +\&\fBSSL_CTX_load_verify_locations\fR\|(3). +.PP +The \fBx509\fR certificate provided to \fBSSL_CTX_add_extra_chain_cert()\fR will be +freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application +\&\fBshould not\fR free the \fBx509\fR object. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0 +structure. Different chains for different certificates (for example if both +\&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0 +structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this +function. For more flexibility functions such as \fBSSL_add1_chain_cert()\fR should +be used instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_add_extra_chain_cert()\fR and \fBSSL_CTX_clear_extra_chain_certs()\fR return +1 on success and 0 for failure. Check out the error stack to find out the +reason for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +\&\fBSSL_CTX_set0_chain\fR\|(3) +\&\fBSSL_CTX_set1_chain\fR\|(3) +\&\fBSSL_CTX_add0_chain_cert\fR\|(3) +\&\fBSSL_CTX_add1_chain_cert\fR\|(3) +\&\fBSSL_set0_chain\fR\|(3) +\&\fBSSL_set1_chain\fR\|(3) +\&\fBSSL_add0_chain_cert\fR\|(3) +\&\fBSSL_add1_chain_cert\fR\|(3) +\&\fBSSL_CTX_build_cert_chain\fR\|(3) +\&\fBSSL_build_cert_chain\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_add_session.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_add_session.3 new file mode 100644 index 00000000..fc9a9d01 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_add_session.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_ADD_SESSION 3" +.TH SSL_CTX_ADD_SESSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_add_session, SSL_CTX_remove_session \- manipulate session cache +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c); +\& +\& int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The +reference count for session \fBc\fR is incremented by 1. If a session with +the same session id already exists, the old session is removed by calling +\&\fBSSL_SESSION_free\fR\|(3). +.PP +\&\fBSSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR and +marks it as non-resumable. \fBSSL_SESSION_free\fR\|(3) is called once for \fBc\fR. +.SH "NOTES" +.IX Header "NOTES" +When adding a new session to the internal session cache, it is examined +whether a session with the same session id already exists. In this case +it is assumed that both sessions are identical. If the same session is +stored in a different \s-1SSL_SESSION\s0 object, The old session is +removed and replaced by the new session. If the session is actually +identical (the \s-1SSL_SESSION\s0 object is identical), \fBSSL_CTX_add_session()\fR +is a no-op, and the return value is 0. +.PP +If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 +flag then the internal cache will not be populated automatically by new +sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal +cache will be searched automatically for session-resume requests (the +latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the +application can use \fBSSL_CTX_add_session()\fR directly to have full control +over the sessions that can be resumed if desired. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following values are returned by all functions: +.IP "0" 4 +The operation failed. In case of the add operation, it was tried to add +the same (identical) session twice. In case of the remove operation, the +session was not found in the cache. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_config.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_config.3 new file mode 100644 index 00000000..c893d218 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_config.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_CONFIG 3" +.TH SSL_CTX_CONFIG 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_config, SSL_config \- configure SSL_CTX or SSL structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_config(SSL_CTX *ctx, const char *name); +\& int SSL_config(SSL *s, const char *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions \fBSSL_CTX_config()\fR and \fBSSL_config()\fR configure an \fB\s-1SSL_CTX\s0\fR or +\&\fB\s-1SSL\s0\fR structure using the configuration \fBname\fR. +.SH "NOTES" +.IX Header "NOTES" +By calling \fBSSL_CTX_config()\fR or \fBSSL_config()\fR an application can perform many +complex tasks based on the contents of the configuration file: greatly +simplifying application configuration code. A degree of future proofing +can also be achieved: an application can support configuration features +in newer versions of OpenSSL automatically. +.PP +A configuration file must have been previously loaded, for example using +\&\fBCONF_modules_load_file()\fR. See \fBconfig\fR\|(5) for details of the configuration +file syntax. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_config()\fR and \fBSSL_config()\fR return 1 for success or 0 if an error +occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +If the file \*(L"config.cnf\*(R" contains the following: +.PP +.Vb 1 +\& testapp = test_sect +\& +\& [test_sect] +\& # list of configuration modules +\& +\& ssl_conf = ssl_sect +\& +\& [ssl_sect] +\& server = server_section +\& +\& [server_section] +\& RSA.Certificate = server\-rsa.pem +\& ECDSA.Certificate = server\-ecdsa.pem +\& Ciphers = ALL:!RC4 +.Ve +.PP +An application could call: +.PP +.Vb 4 +\& if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) { +\& fprintf(stderr, "Error processing config file\en"); +\& goto err; +\& } +\& +\& ctx = SSL_CTX_new(TLS_server_method()); +\& +\& if (SSL_CTX_config(ctx, "server") == 0) { +\& fprintf(stderr, "Error configuring server.\en"); +\& goto err; +\& } +.Ve +.PP +In this example two certificates and the cipher list are configured without +the need for any additional application code. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBCONF_modules_load_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CTX_config()\fR and \fBSSL_config()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_ctrl.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_ctrl.3 new file mode 100644 index 00000000..46a97405 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_ctrl.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_CTRL 3" +.TH SSL_CTX_CTRL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for SSL_CTX and SSL objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +\& long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); +\& +\& long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +\& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The SSL_*\fB_ctrl()\fR family of functions is used to manipulate settings of +the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects. Depending on the command \fBcmd\fR the arguments +\&\fBlarg\fR, \fBparg\fR, or \fBfp\fR are evaluated. These functions should never +be called directly. All functionalities needed are made available via +other functions or macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The return values of the SSL*\fB_ctrl()\fR functions depend on the command +supplied via the \fBcmd\fR parameter. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_dane_enable.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_dane_enable.3 new file mode 100644 index 00000000..04f6ef9d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_dane_enable.3 @@ -0,0 +1,508 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_DANE_ENABLE 3" +.TH SSL_CTX_DANE_ENABLE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa, SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, SSL_dane_set_flags, SSL_dane_clear_flags \&\- enable DANE TLS authentication of the remote TLS server in the local TLS client +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_dane_enable(SSL_CTX *ctx); +\& int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, +\& uint8_t mtype, uint8_t ord); +\& int SSL_dane_enable(SSL *s, const char *basedomain); +\& int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, +\& uint8_t mtype, unsigned const char *data, size_t dlen); +\& int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); +\& int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, +\& uint8_t *mtype, unsigned const char **data, +\& size_t *dlen); +\& unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); +\& unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); +\& unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); +\& unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions implement support for \s-1DANE TLSA\s0 (\s-1RFC6698\s0 and \s-1RFC7671\s0) +peer authentication. +.PP +\&\fBSSL_CTX_dane_enable()\fR must be called first to initialize the shared state +required for \s-1DANE\s0 support. +Individual connections associated with the context can then enable +per-connection \s-1DANE\s0 support as appropriate. +\&\s-1DANE\s0 authentication is implemented in the \fBX509_verify_cert\fR\|(3) function, and +applications that override \fBX509_verify_cert\fR\|(3) via +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3) are responsible to authenticate the peer +chain in whatever manner they see fit. +.PP +\&\fBSSL_CTX_dane_mtype_set()\fR may then be called zero or more times to adjust the +supported digest algorithms. +This must be done before any \s-1SSL\s0 handles are created for the context. +.PP +The \fBmtype\fR argument specifies a \s-1DANE TLSA\s0 matching type and the \fBmd\fR +argument specifies the associated digest algorithm handle. +The \fBord\fR argument specifies a strength ordinal. +Algorithms with a larger strength ordinal are considered more secure. +Strength ordinals are used to implement \s-1RFC7671\s0 digest algorithm agility. +Specifying a \fB\s-1NULL\s0\fR digest algorithm for a matching type disables +support for that matching type. +Matching type \fBFull\fR\|(0) cannot be modified or disabled. +.PP +By default, matching type \f(CW\*(C`SHA2\-256(1)\*(C'\fR (see \s-1RFC7218\s0 for definitions +of the \s-1DANE TLSA\s0 parameter acronyms) is mapped to \f(CW\*(C`EVP_sha256()\*(C'\fR +with a strength ordinal of \f(CW1\fR and matching type \f(CW\*(C`SHA2\-512(2)\*(C'\fR +is mapped to \f(CW\*(C`EVP_sha512()\*(C'\fR with a strength ordinal of \f(CW2\fR. +.PP +\&\fBSSL_dane_enable()\fR must be called before the \s-1SSL\s0 handshake is initiated with +\&\fBSSL_connect\fR\|(3) if (and only if) you want to enable \s-1DANE\s0 for that connection. +(The connection must be associated with a DANE-enabled \s-1SSL\s0 context). +The \fBbasedomain\fR argument specifies the \s-1RFC7671 TLSA\s0 base domain, +which will be the primary peer reference identifier for certificate +name checks. +Additional server names can be specified via \fBSSL_add1_host\fR\|(3). +The \fBbasedomain\fR is used as the default \s-1SNI\s0 hint if none has yet been +specified via \fBSSL_set_tlsext_host_name\fR\|(3). +.PP +\&\fBSSL_dane_tlsa_add()\fR may then be called one or more times, to load each of the +\&\s-1TLSA\s0 records that apply to the remote \s-1TLS\s0 peer. +(This too must be done prior to the beginning of the \s-1SSL\s0 handshake). +The arguments specify the fields of the \s-1TLSA\s0 record. +The \fBdata\fR field is provided in binary (wire \s-1RDATA\s0) form, not the hexadecimal +\&\s-1ASCII\s0 presentation form, with an explicit length passed via \fBdlen\fR. +The library takes a copy of the \fBdata\fR buffer contents and the caller may +free the original \fBdata\fR buffer when convenient. +A return value of 0 indicates that \*(L"unusable\*(R" \s-1TLSA\s0 records (with invalid or +unsupported parameters) were provided. +A negative return value indicates an internal error in processing the record. +.PP +The caller is expected to check the return value of each \fBSSL_dane_tlsa_add()\fR +call and take appropriate action if none are usable or an internal error +is encountered in processing some records. +.PP +If no \s-1TLSA\s0 records are added successfully, \s-1DANE\s0 authentication is not enabled, +and authentication will be based on any configured traditional trust-anchors; +authentication success in this case does not mean that the peer was +DANE-authenticated. +.PP +\&\fBSSL_get0_dane_authority()\fR can be used to get more detailed information about +the matched \s-1DANE\s0 trust-anchor after successful connection completion. +The return value is negative if \s-1DANE\s0 verification failed (or was not enabled), +0 if an \s-1EE TLSA\s0 record directly matched the leaf certificate, or a positive +number indicating the depth at which a \s-1TA\s0 record matched an issuer certificate. +The complete verified chain can be retrieved via \fBSSL_get0_verified_chain\fR\|(3). +The return value is an index into this verified chain, rather than the list of +certificates sent by the peer as returned by \fBSSL_get_peer_cert_chain\fR\|(3). +.PP +If the \fBmcert\fR argument is not \fB\s-1NULL\s0\fR and a \s-1TLSA\s0 record matched a chain +certificate, a pointer to the matching certificate is returned via \fBmcert\fR. +The returned address is a short-term internal reference to the certificate and +must not be freed by the application. +Applications that want to retain access to the certificate can call +\&\fBX509_up_ref\fR\|(3) to obtain a long-term reference which must then be freed via +\&\fBX509_free\fR\|(3) once no longer needed. +.PP +If no \s-1TLSA\s0 records directly matched any elements of the certificate chain, but +a \s-1\fBDANE\-TA\s0\fR\|(2) \s-1\fBSPKI\s0\fR\|(1) \fBFull\fR\|(0) record provided the public key that signed an +element of the chain, then that key is returned via \fBmspki\fR argument (if not +\&\s-1NULL\s0). +In this case the return value is the depth of the top-most element of the +validated certificate chain. +As with \fBmcert\fR this is a short-term internal reference, and +\&\fBEVP_PKEY_up_ref\fR\|(3) and \fBEVP_PKEY_free\fR\|(3) can be used to acquire and +release long-term references respectively. +.PP +\&\fBSSL_get0_dane_tlsa()\fR can be used to retrieve the fields of the \s-1TLSA\s0 record that +matched the peer certificate chain. +The return value indicates the match depth or failure to match just as with +\&\fBSSL_get0_dane_authority()\fR. +When the return value is non-negative, the storage pointed to by the \fBusage\fR, +\&\fBselector\fR, \fBmtype\fR and \fBdata\fR parameters is updated to the corresponding +\&\s-1TLSA\s0 record fields. +The \fBdata\fR field is in binary wire form, and is therefore not NUL-terminated, +its length is returned via the \fBdlen\fR parameter. +If any of these parameters is \s-1NULL,\s0 the corresponding field is not returned. +The \fBdata\fR parameter is set to a short-term internal-copy of the associated +data field and must not be freed by the application. +Applications that need long-term access to this field need to copy the content. +.PP +\&\fBSSL_CTX_dane_set_flags()\fR and \fBSSL_dane_set_flags()\fR can be used to enable +optional \s-1DANE\s0 verification features. +\&\fBSSL_CTX_dane_clear_flags()\fR and \fBSSL_dane_clear_flags()\fR can be used to disable +the same features. +The \fBflags\fR argument is a bitmask of the features to enable or disable. +The \fBflags\fR set for an \fB\s-1SSL_CTX\s0\fR context are copied to each \fB\s-1SSL\s0\fR handle +associated with that context at the time the handle is created. +Subsequent changes in the context's \fBflags\fR have no effect on the \fBflags\fR set +for the handle. +.PP +At present, the only available option is \fB\s-1DANE_FLAG_NO_DANE_EE_NAMECHECKS\s0\fR +which can be used to disable server name checks when authenticating via +\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records. +For some applications, primarily web browsers, it is not safe to disable name +checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can +convince a client that a connection to a victim server is instead a secure +connection to the malicious server. +The malicious server may then be able to violate cross-origin scripting +restrictions. +Thus, despite the text of \s-1RFC7671,\s0 name checks are by default enabled for +\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe +to do so. +In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0 +records already make it possible for a remote domain to redirect client +connections to any server of its choice, and in any case \s-1SMTP\s0 and \s-1XMPP\s0 clients +do not execute scripts downloaded from remote servers. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions \fBSSL_CTX_dane_enable()\fR, \fBSSL_CTX_dane_mtype_set()\fR, +\&\fBSSL_dane_enable()\fR and \fBSSL_dane_tlsa_add()\fR return a positive value on success. +Negative return values indicate resource problems (out of memory, etc.) in the +\&\s-1SSL\s0 library, while a return value of \fB0\fR indicates incorrect usage or invalid +input, such as an unsupported \s-1TLSA\s0 record certificate usage, selector or +matching type. +Invalid input also includes malformed data, either a digest length that does +not match the digest algorithm, or a \f(CWFull(0)\fR (binary \s-1ASN.1 DER\s0 form) +certificate or a public key that fails to parse. +.PP +The functions \fBSSL_get0_dane_authority()\fR and \fBSSL_get0_dane_tlsa()\fR return a +negative value when \s-1DANE\s0 authentication failed or was not enabled, a +non-negative value indicates the chain depth at which the \s-1TLSA\s0 record matched a +chain certificate, or the depth of the top-most certificate, when the \s-1TLSA\s0 +record is a full public key that is its signer. +.PP +The functions \fBSSL_CTX_dane_set_flags()\fR, \fBSSL_CTX_dane_clear_flags()\fR, +\&\fBSSL_dane_set_flags()\fR and \fBSSL_dane_clear_flags()\fR return the \fBflags\fR in effect +before they were called. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R", and has +DNSSEC-validated \s-1TLSA\s0 records. +The calls below will perform \s-1DANE\s0 authentication and arrange to match either +the \s-1MX\s0 hostname or the destination domain name in the \s-1SMTP\s0 server certificate. +Wildcards are supported, but must match the entire label. +The actual name matched in the certificate (which might be a wildcard) is +retrieved, and must be copied by the application if it is to be retained beyond +the lifetime of the \s-1SSL\s0 connection. +.PP +.Vb 7 +\& SSL_CTX *ctx; +\& SSL *ssl; +\& int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL; +\& int num_usable = 0; +\& const char *nexthop_domain = "example.com"; +\& const char *dane_tlsa_domain = "smtp.example.com"; +\& uint8_t usage, selector, mtype; +\& +\& if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) +\& /* error */ +\& if (SSL_CTX_dane_enable(ctx) <= 0) +\& /* error */ +\& if ((ssl = SSL_new(ctx)) == NULL) +\& /* error */ +\& if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0) +\& /* error */ +\& +\& /* +\& * For many applications it is safe to skip DANE\-EE(3) namechecks. Do not +\& * disable the checks unless "unknown key share" attacks pose no risk for +\& * your application. +\& */ +\& SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS); +\& +\& if (!SSL_add1_host(ssl, nexthop_domain)) +\& /* error */ +\& SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); +\& +\& for (... each TLSA record ...) { +\& unsigned char *data; +\& size_t len; +\& int ret; +\& +\& /* set usage, selector, mtype, data, len */ +\& +\& /* +\& * Opportunistic DANE TLS clients support only DANE\-TA(2) or DANE\-EE(3). +\& * They treat all other certificate usages, and in particular PKIX\-TA(0) +\& * and PKIX\-EE(1), as unusable. +\& */ +\& switch (usage) { +\& default: +\& case 0: /* PKIX\-TA(0) */ +\& case 1: /* PKIX\-EE(1) */ +\& continue; +\& case 2: /* DANE\-TA(2) */ +\& case 3: /* DANE\-EE(3) */ +\& break; +\& } +\& +\& ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len); +\& /* free data as appropriate */ +\& +\& if (ret < 0) +\& /* handle SSL library internal error */ +\& else if (ret == 0) +\& /* handle unusable TLSA record */ +\& else +\& ++num_usable; +\& } +\& +\& /* +\& * At this point, the verification mode is still the default SSL_VERIFY_NONE. +\& * Opportunistic DANE clients use unauthenticated TLS when all TLSA records +\& * are unusable, so continue the handshake even if authentication fails. +\& */ +\& if (num_usable == 0) { +\& /* Log all records unusable? */ +\& +\& /* Optionally set verify_cb to a suitable non\-NULL callback. */ +\& SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb); +\& } else { +\& /* At least one usable record. We expect to verify the peer */ +\& +\& /* Optionally set verify_cb to a suitable non\-NULL callback. */ +\& +\& /* +\& * Below we elect to fail the handshake when peer verification fails. +\& * Alternatively, use the permissive SSL_VERIFY_NONE verification mode, +\& * complete the handshake, check the verification status, and if not +\& * verified disconnect gracefully at the application layer, especially if +\& * application protocol supports informing the server that authentication +\& * failed. +\& */ +\& SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb); +\& } +\& +\& /* +\& * Load any saved session for resumption, making sure that the previous +\& * session applied the same security and authentication requirements that +\& * would be expected of a fresh connection. +\& */ +\& +\& /* Perform SSL_connect() handshake and handle errors here */ +\& +\& if (SSL_session_reused(ssl)) { +\& if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& /* +\& * Resumed session was originally verified, this connection is +\& * authenticated. +\& */ +\& } else { +\& /* +\& * Resumed session was not originally verified, this connection is not +\& * authenticated. +\& */ +\& } +\& } else if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& const char *peername = SSL_get0_peername(ssl); +\& EVP_PKEY *mspki = NULL; +\& +\& int depth = SSL_get0_dane_authority(ssl, NULL, &mspki); +\& if (depth >= 0) { +\& (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL); +\& printf("DANE TLSA %d %d %d %s at depth %d\en", usage, selector, mtype, +\& (mspki != NULL) ? "TA public key verified certificate" : +\& depth ? "matched TA certificate" : "matched EE certificate", +\& depth); +\& } +\& if (peername != NULL) { +\& /* Name checks were in scope and matched the peername */ +\& printf("Verified peername: %s\en", peername); +\& } +\& } else { +\& /* +\& * Not authenticated, presumably all TLSA rrs unusable, but possibly a +\& * callback suppressed connection termination despite the presence of +\& * usable TLSA RRs none of which matched. Do whatever is appropriate for +\& * fresh unauthenticated connections. +\& */ +\& } +.Ve +.SH "NOTES" +.IX Header "NOTES" +It is expected that the majority of clients employing \s-1DANE TLS\s0 will be doing +\&\*(L"opportunistic \s-1DANE TLS\*(R"\s0 in the sense of \s-1RFC7672\s0 and \s-1RFC7435.\s0 +That is, they will use \s-1DANE\s0 authentication when DNSSEC-validated \s-1TLSA\s0 records +are published for a given peer, and otherwise will use unauthenticated \s-1TLS\s0 or +even cleartext. +.PP +Such applications should generally treat any \s-1TLSA\s0 records published by the peer +with usages \s-1\fBPKIX\-TA\s0\fR\|(0) and \s-1\fBPKIX\-EE\s0\fR\|(1) as \*(L"unusable\*(R", and should not include +them among the \s-1TLSA\s0 records used to authenticate peer connections. +In addition, some \s-1TLSA\s0 records with supported usages may be \*(L"unusable\*(R" as a +result of invalid or unsupported parameters. +.PP +When a peer has \s-1TLSA\s0 records, but none are \*(L"usable\*(R", an opportunistic +application must avoid cleartext, but cannot authenticate the peer, +and so should generally proceed with an unauthenticated connection. +Opportunistic applications need to note the return value of each +call to \fBSSL_dane_tlsa_add()\fR, and if all return 0 (due to invalid +or unsupported parameters) disable peer authentication by calling +\&\fBSSL_set_verify\fR\|(3) with \fBmode\fR equal to \fB\s-1SSL_VERIFY_NONE\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_new\fR\|(3), +\&\fBSSL_add1_host\fR\|(3), +\&\fBSSL_set_hostflags\fR\|(3), +\&\fBSSL_set_tlsext_host_name\fR\|(3), +\&\fBSSL_set_verify\fR\|(3), +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBSSL_get0_verified_chain\fR\|(3), +\&\fBSSL_get_peer_cert_chain\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_connect\fR\|(3), +\&\fBSSL_get0_peername\fR\|(3), +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_up_ref\fR\|(3), +\&\fBX509_free\fR\|(3), +\&\fBEVP_get_digestbyname\fR\|(3), +\&\fBEVP_PKEY_up_ref\fR\|(3), +\&\fBEVP_PKEY_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_flush_sessions.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_flush_sessions.3 new file mode 100644 index 00000000..7695e0b0 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_flush_sessions.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_FLUSH_SESSIONS 3" +.TH SSL_CTX_FLUSH_SESSIONS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_flush_sessions \- remove expired sessions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_flush_sessions()\fR causes a run through the session cache of +\&\fBctx\fR to remove sessions expired at time \fBtm\fR. +.SH "NOTES" +.IX Header "NOTES" +If enabled, the internal session cache will collect all sessions established +up to the specified maximum number (see \fBSSL_CTX_sess_set_cache_size()\fR). +As sessions will not be reused ones they are expired, they should be +removed from the cache to save resources. This can either be done +automatically whenever 255 new sessions were established (see +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)) +or manually by calling \fBSSL_CTX_flush_sessions()\fR. +.PP +The parameter \fBtm\fR specifies the time which should be used for the +expiration test, in most cases the actual time given by \fBtime\fR\|(0) +will be used. +.PP +\&\fBSSL_CTX_flush_sessions()\fR will only check sessions stored in the internal +cache. When a session is found and removed, the remove_session_cb is however +called to synchronize with the external cache (see +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_flush_sessions()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_free.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_free.3 new file mode 100644 index 00000000..1691d43f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_free.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_FREE 3" +.TH SSL_CTX_FREE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_free \- free an allocated SSL_CTX object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_free(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the +\&\s-1SSL_CTX\s0 object pointed to by \fBctx\fR and frees up the allocated memory if the reference count has reached 0. +.PP +It also calls the \fBfree()\fRing procedures for indirectly affected items, if +applicable: the session cache, the list of ciphers, the list of Client CAs, +the certificates and keys. +.PP +If \fBctx\fR is \s-1NULL\s0 nothing is done. +.SH "WARNINGS" +.IX Header "WARNINGS" +If a session-remove callback is set (\fBSSL_CTX_sess_set_remove_cb()\fR), this +callback will be called for each session being freed from \fBctx\fR's +session cache. This implies, that all corresponding sessions from an +external session cache are removed as well. If this is not desired, the user +should explicitly unset the callback by calling +SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fBSSL_CTX_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_free()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_new\fR\|(3), \fBssl\fR\|(7), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_get0_param.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_get0_param.3 new file mode 100644 index 00000000..b73bc6da --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_get0_param.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_GET0_PARAM 3" +.TH SSL_CTX_GET0_PARAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param \- get and set verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) +\& X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) +\& int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) +\& int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR retrieve an internal pointer to +the verification parameters for \fBctx\fR or \fBssl\fR respectively. The returned +pointer must not be freed by the calling application. +.PP +\&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR set the verification parameters +to \fBvpm\fR for \fBctx\fR or \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Typically parameters are retrieved from an \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure +using \fBSSL_CTX_get0_param()\fR or \fBSSL_get0_param()\fR and an application modifies +them to suit its needs: for example to add a hostname check. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR return a pointer to an +\&\fBX509_VERIFY_PARAM\fR structure. +.PP +\&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR return 1 for success and 0 +for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Check hostname matches \*(L"www.foo.com\*(R" in peer certificate: +.PP +.Vb 2 +\& X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); +\& X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_get_verify_mode.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_get_verify_mode.3 new file mode 100644 index 00000000..fe95a275 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_get_verify_mode.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_GET_VERIFY_MODE 3" +.TH SSL_CTX_GET_VERIFY_MODE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +\& int SSL_get_verify_mode(const SSL *ssl); +\& int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +\& int SSL_get_verify_depth(const SSL *ssl); +\& int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); +\& int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_get_verify_mode()\fR returns the verification mode currently set in +\&\fBctx\fR. +.PP +\&\fBSSL_get_verify_mode()\fR returns the verification mode currently set in +\&\fBssl\fR. +.PP +\&\fBSSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set +in \fBctx\fR. If no limit has been explicitly set, \-1 is returned and the +default value will be used. +.PP +\&\fBSSL_get_verify_depth()\fR returns the verification depth limit currently set +in \fBssl\fR. If no limit has been explicitly set, \-1 is returned and the +default value will be used. +.PP +\&\fBSSL_CTX_get_verify_callback()\fR returns a function pointer to the verification +callback currently set in \fBctx\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned and the default callback will be used. +.PP +\&\fBSSL_get_verify_callback()\fR returns a function pointer to the verification +callback currently set in \fBssl\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned and the default callback will be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_has_client_custom_ext.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_has_client_custom_ext.3 new file mode 100644 index 00000000..21e30307 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_has_client_custom_ext.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3" +.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_has_client_custom_ext \- check whether a handler exists for a particular client extension type +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_has_client_custom_ext()\fR checks whether a handler has been set for a +client extension of type \fBext_type\fR using \fBSSL_CTX_add_client_custom_ext()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns 1 if a handler has been set, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_add_client_custom_ext\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_load_verify_locations.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_load_verify_locations.3 new file mode 100644 index 00000000..6b1a2791 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_load_verify_locations.3 @@ -0,0 +1,287 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_LOAD_VERIFY_LOCATIONS 3" +.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_load_verify_locations, SSL_CTX_set_default_verify_paths, SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file \- set default locations for trusted CA certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, +\& const char *CApath); +\& +\& int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +\& +\& int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +\& +\& int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at +which \s-1CA\s0 certificates for verification purposes are located. The certificates +available via \fBCAfile\fR and \fBCApath\fR are trusted. +.PP +\&\fBSSL_CTX_set_default_verify_paths()\fR specifies that the default locations from +which \s-1CA\s0 certificates are loaded should be used. There is one default directory +and one default file. The default \s-1CA\s0 certificates directory is called \*(L"certs\*(R" in +the default OpenSSL directory. Alternatively the \s-1SSL_CERT_DIR\s0 environment +variable can be defined to override this location. The default \s-1CA\s0 certificates +file is called \*(L"cert.pem\*(R" in the default OpenSSL directory. Alternatively the +\&\s-1SSL_CERT_FILE\s0 environment variable can be defined to override this location. +.PP +\&\fBSSL_CTX_set_default_verify_dir()\fR is similar to +\&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default directory is +used. +.PP +\&\fBSSL_CTX_set_default_verify_file()\fR is similar to +\&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default file is +used. +.SH "NOTES" +.IX Header "NOTES" +If \fBCAfile\fR is not \s-1NULL,\s0 it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 +format. The file can contain several \s-1CA\s0 certificates identified by +.PP +.Vb 3 +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& ... (CA certificate in base64 encoding) ... +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.Ve +.PP +sequences. Before, between, and after the certificates text is allowed +which can be used e.g. for descriptions of the certificates. +.PP +The \fBCAfile\fR is processed on execution of the \fBSSL_CTX_load_verify_locations()\fR +function. +.PP +If \fBCApath\fR is not \s-1NULL,\s0 it points to a directory containing \s-1CA\s0 certificates +in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are +looked up by the \s-1CA\s0 subject name hash value, which must hence be available. +If more than one \s-1CA\s0 certificate with the same name hash value exist, the +extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search +is performed in the ordering of the extension number, regardless of other +properties of the certificates. +Use the \fBc_rehash\fR utility to create the necessary links. +.PP +The certificates in \fBCApath\fR are only looked up when required, e.g. when +building the certificate chain or when actually performing the verification +of a peer certificate. +.PP +When looking up \s-1CA\s0 certificates, the OpenSSL library will first search the +certificates in \fBCAfile\fR, then those in \fBCApath\fR. Certificate matching +is done based on the subject name, the key identifier (if present), and the +serial number as taken from the certificate to be verified. If these data +do not match, the next certificate will be tried. If a first certificate +matching the parameters is found, the verification process will be performed; +no other certificates for the same parameters will be searched in case of +failure. +.PP +In server mode, when requesting a client certificate, the server must send +the list of CAs of which it will accept client certificates. This list +is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must +explicitly be set using the +\&\fBSSL_CTX_set_client_CA_list\fR\|(3) +family of functions. +.PP +When building its own certificate chain, an OpenSSL client/server will +try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the +certificate chain was not explicitly specified (see +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +If several \s-1CA\s0 certificates matching the name, key identifier, and serial +number condition are available, only the first one will be examined. This +may lead to unexpected results if the same \s-1CA\s0 certificate is available +with different expiration dates. If a \*(L"certificate expired\*(R" verification +error occurs, no other certificate will be searched. Make sure to not +have expired certificates mixed with valid ones. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For SSL_CTX_load_verify_locations the following return values can occur: +.IP "0" 4 +The operation failed because \fBCAfile\fR and \fBCApath\fR are \s-1NULL\s0 or the +processing at one of the locations specified failed. Check the error +stack to find out the reason. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.PP +\&\fBSSL_CTX_set_default_verify_paths()\fR, \fBSSL_CTX_set_default_verify_dir()\fR and +\&\fBSSL_CTX_set_default_verify_file()\fR all return 1 on success or 0 on failure. A +missing default location is still treated as a success. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate a \s-1CA\s0 certificate file with descriptive text from the \s-1CA\s0 certificates +ca1.pem ca2.pem ca3.pem: +.PP +.Vb 5 +\& #!/bin/sh +\& rm CAfile.pem +\& for i in ca1.pem ca2.pem ca3.pem ; do +\& openssl x509 \-in $i \-text >> CAfile.pem +\& done +.Ve +.PP +Prepare the directory /some/where/certs containing several \s-1CA\s0 certificates +for use as \fBCApath\fR: +.PP +.Vb 2 +\& cd /some/where/certs +\& c_rehash . +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_CTX_set_cert_store\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_new.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_new.3 new file mode 100644 index 00000000..2013e685 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_new.3 @@ -0,0 +1,326 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_NEW 3" +.TH SSL_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method \&\- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); +\& int SSL_CTX_up_ref(SSL_CTX *ctx); +\& +\& const SSL_METHOD *TLS_method(void); +\& const SSL_METHOD *TLS_server_method(void); +\& const SSL_METHOD *TLS_client_method(void); +\& +\& const SSL_METHOD *SSLv23_method(void); +\& const SSL_METHOD *SSLv23_server_method(void); +\& const SSL_METHOD *SSLv23_client_method(void); +\& +\& #ifndef OPENSSL_NO_SSL3_METHOD +\& const SSL_METHOD *SSLv3_method(void); +\& const SSL_METHOD *SSLv3_server_method(void); +\& const SSL_METHOD *SSLv3_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_TLS1_METHOD +\& const SSL_METHOD *TLSv1_method(void); +\& const SSL_METHOD *TLSv1_server_method(void); +\& const SSL_METHOD *TLSv1_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_TLS1_1_METHOD +\& const SSL_METHOD *TLSv1_1_method(void); +\& const SSL_METHOD *TLSv1_1_server_method(void); +\& const SSL_METHOD *TLSv1_1_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_TLS1_2_METHOD +\& const SSL_METHOD *TLSv1_2_method(void); +\& const SSL_METHOD *TLSv1_2_server_method(void); +\& const SSL_METHOD *TLSv1_2_client_method(void); +\& #endif +\& +\& const SSL_METHOD *DTLS_method(void); +\& const SSL_METHOD *DTLS_server_method(void); +\& const SSL_METHOD *DTLS_client_method(void); +\& +\& #ifndef OPENSSL_NO_DTLS1_METHOD +\& const SSL_METHOD *DTLSv1_method(void); +\& const SSL_METHOD *DTLSv1_server_method(void); +\& const SSL_METHOD *DTLSv1_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_DTLS1_2_METHOD +\& const SSL_METHOD *DTLSv1_2_method(void); +\& const SSL_METHOD *DTLSv1_2_server_method(void); +\& const SSL_METHOD *DTLSv1_2_client_method(void); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to +establish \s-1TLS/SSL\s0 or \s-1DTLS\s0 enabled connections. An \fB\s-1SSL_CTX\s0\fR object is +reference counted. Creating an \fB\s-1SSL_CTX\s0\fR object for the first time increments +the reference count. Freeing it (using SSL_CTX_free) decrements it. When the +reference count drops to zero, any memory or resources allocated to the +\&\fB\s-1SSL_CTX\s0\fR object are freed. \fBSSL_CTX_up_ref()\fR increments the reference count for +an existing \fB\s-1SSL_CTX\s0\fR structure. +.SH "NOTES" +.IX Header "NOTES" +The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. +The methods exist in a generic type (for client and server use), a server only +type, and a client only type. +\&\fBmethod\fR can be of the following types: +.IP "\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR" 4 +.IX Item "TLS_method(), TLS_server_method(), TLS_client_method()" +These are the general-purpose \fIversion-flexible\fR \s-1SSL/TLS\s0 methods. +The actual protocol version used will be negotiated to the highest version +mutually supported by the client and the server. +The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. +Applications should use these methods, and avoid the version-specific +methods described below, which are deprecated. +.IP "\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR, \fBSSLv23_client_method()\fR" 4 +.IX Item "SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()" +These functions do not exist anymore, they have been renamed to +\&\fBTLS_method()\fR, \fBTLS_server_method()\fR and \fBTLS_client_method()\fR respectively. +Currently, the old function calls are renamed to the corresponding new +ones by preprocessor macros, to ensure that existing code which uses the +old function names still compiles. However, using the old function names +is deprecated and new code should call the new functions instead. +.IP "\fBTLSv1_2_method()\fR, \fBTLSv1_2_server_method()\fR, \fBTLSv1_2_client_method()\fR" 4 +.IX Item "TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1.2 protocol. These methods are deprecated. +.IP "\fBTLSv1_1_method()\fR, \fBTLSv1_1_server_method()\fR, \fBTLSv1_1_client_method()\fR" 4 +.IX Item "TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1.1 protocol. These methods are deprecated. +.IP "\fBTLSv1_method()\fR, \fBTLSv1_server_method()\fR, \fBTLSv1_client_method()\fR" 4 +.IX Item "TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1 protocol. These methods are deprecated. +.IP "\fBSSLv3_method()\fR, \fBSSLv3_server_method()\fR, \fBSSLv3_client_method()\fR" 4 +.IX Item "SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +SSLv3 protocol. +The SSLv3 protocol is deprecated and should not be used. +.IP "\fBDTLS_method()\fR, \fBDTLS_server_method()\fR, \fBDTLS_client_method()\fR" 4 +.IX Item "DTLS_method(), DTLS_server_method(), DTLS_client_method()" +These are the version-flexible \s-1DTLS\s0 methods. +Currently supported protocols are \s-1DTLS 1.0\s0 and \s-1DTLS 1.2.\s0 +.IP "\fBDTLSv1_2_method()\fR, \fBDTLSv1_2_server_method()\fR, \fBDTLSv1_2_client_method()\fR" 4 +.IX Item "DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()" +These are the version-specific methods for DTLSv1.2. +These methods are deprecated. +.IP "\fBDTLSv1_method()\fR, \fBDTLSv1_server_method()\fR, \fBDTLSv1_client_method()\fR" 4 +.IX Item "DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()" +These are the version-specific methods for DTLSv1. +These methods are deprecated. +.PP +\&\fBSSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the +callbacks, the keys and certificates and the options to their default values. +.PP +\&\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR, \fBDTLS_method()\fR, +\&\fBDTLS_server_method()\fR and \fBDTLS_client_method()\fR are the \fIversion-flexible\fR +methods. +All other methods only support one specific protocol version. +Use the \fIversion-flexible\fR methods instead of the version specific methods. +.PP +If you want to limit the supported protocols for the version flexible +methods you can use \fBSSL_CTX_set_min_proto_version\fR\|(3), +\&\fBSSL_set_min_proto_version\fR\|(3), \fBSSL_CTX_set_max_proto_version\fR\|(3) and +\&\fBSSL_set_max_proto_version\fR\|(3) functions. +Using these functions it is possible to choose e.g. \fBTLS_server_method()\fR +and be able to negotiate with all possible clients, but to only +allow newer protocols like \s-1TLS 1.0, TLS 1.1, TLS 1.2\s0 or \s-1TLS 1.3.\s0 +.PP +The list of protocols available can also be limited using the +\&\fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, \fBSSL_OP_NO_TLSv1_1\fR, +\&\fBSSL_OP_NO_TLSv1_3\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR +options of the +\&\fBSSL_CTX_set_options\fR\|(3) or \fBSSL_set_options\fR\|(3) functions, but this approach +is not recommended. Clients should avoid creating \*(L"holes\*(R" in the set of +protocols they support. When disabling a protocol, make sure that you also +disable either all previous or all subsequent protocol versions. +In clients, when a protocol version is disabled without disabling \fIall\fR +previous protocol versions, the effect is to also disable all subsequent +protocol versions. +.PP +The SSLv3 protocol is deprecated and should generally not be used. +Applications should typically use \fBSSL_CTX_set_min_proto_version\fR\|(3) to set +the minimum protocol to at least \fB\s-1TLS1_VERSION\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to find out +the reason. +.IP "Pointer to an \s-1SSL_CTX\s0 object" 4 +.IX Item "Pointer to an SSL_CTX object" +The return value points to an allocated \s-1SSL_CTX\s0 object. +.Sp +\&\fBSSL_CTX_up_ref()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_free\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_CTX_set_min_proto_version\fR\|(3), \fBssl\fR\|(7), \fBSSL_set_connect_state\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +Support for SSLv2 and the corresponding \fBSSLv2_method()\fR, +\&\fBSSLv2_server_method()\fR and \fBSSLv2_client_method()\fR functions where +removed in OpenSSL 1.1.0. +.PP +\&\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR and \fBSSLv23_client_method()\fR +were deprecated and the preferred \fBTLS_method()\fR, \fBTLS_server_method()\fR +and \fBTLS_client_method()\fR functions were added in OpenSSL 1.1.0. +.PP +All version-specific methods were deprecated in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_sess_number.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_sess_number.3 new file mode 100644 index 00000000..62f33a69 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_sess_number.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESS_NUMBER 3" +.TH SSL_CTX_SESS_NUMBER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_sess_number(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect_good(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept_good(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx); +\& long SSL_CTX_sess_hits(SSL_CTX *ctx); +\& long SSL_CTX_sess_cb_hits(SSL_CTX *ctx); +\& long SSL_CTX_sess_misses(SSL_CTX *ctx); +\& long SSL_CTX_sess_timeouts(SSL_CTX *ctx); +\& long SSL_CTX_sess_cache_full(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_sess_number()\fR returns the current number of sessions in the internal +session cache. +.PP +\&\fBSSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +client mode. +.PP +\&\fBSSL_CTX_sess_connect_good()\fR returns the number of successfully established +\&\s-1SSL/TLS\s0 sessions in client mode. +.PP +\&\fBSSL_CTX_sess_connect_renegotiate()\fR returns the number of started renegotiations +in client mode. +.PP +\&\fBSSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +server mode. +.PP +\&\fBSSL_CTX_sess_accept_good()\fR returns the number of successfully established +\&\s-1SSL/TLS\s0 sessions in server mode. +.PP +\&\fBSSL_CTX_sess_accept_renegotiate()\fR returns the number of started renegotiations +in server mode. +.PP +\&\fBSSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. +In client mode a session set with \fBSSL_set_session\fR\|(3) +successfully reused is counted as a hit. In server mode a session successfully +retrieved from internal or external cache is counted as a hit. +.PP +\&\fBSSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions +from the external session cache in server mode. +.PP +\&\fBSSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients +that were not found in the internal session cache in server mode. +.PP +\&\fBSSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients +and either found in the internal or external session cache in server mode, + but that were invalid due to timeout. These sessions are not included in +the \fBSSL_CTX_sess_hits()\fR count. +.PP +\&\fBSSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed +because the maximum session cache size was exceeded. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return the values indicated in the \s-1DESCRIPTION\s0 section. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) +\&\fBSSL_CTX_sess_set_cache_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_sess_set_cache_size.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_sess_set_cache_size.3 new file mode 100644 index 00000000..7b591bc9 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_sess_set_cache_size.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESS_SET_CACHE_SIZE 3" +.TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t); +\& long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache +of context \fBctx\fR to \fBt\fR. +This value is a hint and not an absolute; see the notes below. +.PP +\&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. +.SH "NOTES" +.IX Header "NOTES" +The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,\s0 +currently 1024*20, so that up to 20000 sessions can be held. This size +can be modified using the \fBSSL_CTX_sess_set_cache_size()\fR call. A special +case is the size 0, which is used for unlimited size. +.PP +If adding the session makes the cache exceed its size, then unused +sessions are dropped from the end of the cache. +Cache space may also be reclaimed by calling +\&\fBSSL_CTX_flush_sessions\fR\|(3) to remove +expired sessions. +.PP +If the size of the session cache is reduced and more sessions are already +in the session cache, old session will be removed at the next time a +session shall be added. This removal is not synchronized with the +expiration of sessions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_sess_set_cache_size()\fR returns the previously valid size. +.PP +\&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid size. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_sess_set_get_cb.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_sess_set_get_cb.3 new file mode 100644 index 00000000..783e57f6 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_sess_set_get_cb.3 @@ -0,0 +1,254 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESS_SET_GET_CB 3" +.TH SSL_CTX_SESS_SET_GET_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, +\& int (*new_session_cb)(SSL *, SSL_SESSION *)); +\& void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, +\& void (*remove_session_cb)(SSL_CTX *ctx, +\& SSL_SESSION *)); +\& void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, +\& SSL_SESSION (*get_session_cb)(SSL *, +\& const unsigned char *, +\& int, int *)); +\& +\& int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, +\& SSL_SESSION *sess); +\& void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, +\& SSL_SESSION *sess); +\& SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, +\& const unsigned char *data, +\& int len, int *copy); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_sess_set_new_cb()\fR sets the callback function that is +called whenever a new session was negotiated. +.PP +\&\fBSSL_CTX_sess_set_remove_cb()\fR sets the callback function that is +called whenever a session is removed by the \s-1SSL\s0 engine. For example, +this can occur because a session is considered faulty or has become obsolete +because of exceeding the timeout value. +.PP +\&\fBSSL_CTX_sess_set_get_cb()\fR sets the callback function that is called +whenever a \s-1TLS\s0 client proposed to resume a session but the session +could not be found in the internal session cache (see +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)). +(\s-1TLS\s0 server only.) +.PP +\&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR, and +\&\fBSSL_CTX_sess_get_get_cb()\fR retrieve the function pointers set by the +corresponding set callback functions. If a callback function has not been +set, the \s-1NULL\s0 pointer is returned. +.SH "NOTES" +.IX Header "NOTES" +In order to allow external session caching, synchronization with the internal +session cache is realized via callback functions. Inside these callback +functions, session can be saved to disk or put into a database using the +\&\fBd2i_SSL_SESSION\fR\|(3) interface. +.PP +The \fBnew_session_cb()\fR is called whenever a new session has been negotiated and +session caching is enabled (see \fBSSL_CTX_set_session_cache_mode\fR\|(3)). The +\&\fBnew_session_cb()\fR is passed the \fBssl\fR connection and the nascent +ssl session \fBsess\fR. +Since sessions are reference-counted objects, the reference count on the +session is incremented before the callback, on behalf of the application. If +the callback returns \fB0\fR, the session will be immediately removed from the +internal cache and the reference count released. If the callback returns \fB1\fR, +the application retains the reference (for an entry in the +application-maintained \*(L"external session cache\*(R"), and is responsible for +calling \fBSSL_SESSION_free()\fR when the session reference is no longer in use. +.PP +Note that in TLSv1.3, sessions are established after the main +handshake has completed. The server decides when to send the client the session +information and this may occur some time after the end of the handshake (or not +at all). This means that applications should expect the \fBnew_session_cb()\fR +function to be invoked during the handshake (for <= TLSv1.2) or after the +handshake (for TLSv1.3). It is also possible in TLSv1.3 for multiple sessions to +be established with a single connection. In these case the \fBnew_session_cb()\fR +function will be invoked multiple times. +.PP +In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for +resumption once. One way of enforcing that is for applications to call +\&\fBSSL_CTX_remove_session\fR\|(3) after a session has been used. +.PP +The \fBremove_session_cb()\fR is called whenever the \s-1SSL\s0 engine removes a session +from the internal cache. This can happen when the session is removed because +it is expired or when a connection was not shutdown cleanly. It also happens +for all sessions in the internal session cache when +\&\fBSSL_CTX_free\fR\|(3) is called. The \fBremove_session_cb()\fR is passed +the \fBctx\fR and the ssl session \fBsess\fR. It does not provide any feedback. +.PP +The \fBget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers, and is given +the session id +proposed by the client. The \fBget_session_cb()\fR is always called, even when +session caching was disabled. The \fBget_session_cb()\fR is passed the +\&\fBssl\fR connection and the session id of length \fBlength\fR at the memory location +\&\fBdata\fR. By setting the parameter \fBcopy\fR to \fB1\fR, the callback can require the +\&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object; +setting \fBcopy\fR to \fB0\fR causes the reference count to remain unchanged. +If the \fBget_session_cb()\fR does not write to \fBcopy\fR, the reference count +is incremented and the session must be explicitly freed with +\&\fBSSL_SESSION_free\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR and \fBSSL_CTX_sess_get_get_cb()\fR +return different callback function pointers respectively. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_CTX_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_sessions.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_sessions.3 new file mode 100644 index 00000000..ea1ef03e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_sessions.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESSIONS 3" +.TH SSL_CTX_SESSIONS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sessions \- access internal session cache +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the +internal session cache for \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +The sessions in the internal session cache are kept in an +\&\s-1\fBLHASH\s0\fR\|(3) type database. It is possible to directly +access this database e.g. for searching. In parallel, the sessions +form a linked list which is maintained separately from the +\&\s-1\fBLHASH\s0\fR\|(3) operations, so that the database must not be +modified directly but by using the +\&\fBSSL_CTX_add_session\fR\|(3) family of functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash of \fB\s-1SSL_SESSION\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \s-1\fBLHASH\s0\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set0_CA_list.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set0_CA_list.3 new file mode 100644 index 00000000..d1495065 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set0_CA_list.3 @@ -0,0 +1,307 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET0_CA_LIST 3" +.TH SSL_CTX_SET0_CA_LIST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_get_client_CA_list, SSL_CTX_get_client_CA_list, SSL_CTX_add_client_CA, SSL_add_client_CA, SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list, SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list, SSL_get0_peer_CA_list \&\- get or set CA list +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); +\& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); +\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); +\& int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); +\& int SSL_add_client_CA(SSL *ssl, X509 *cacert); +\& +\& void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +\& void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +\& const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); +\& const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); +\& int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); +\& int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); +\& +\& const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions described here set and manage the list of \s-1CA\s0 names that are sent +between two communicating peers. +.PP +For \s-1TLS\s0 versions 1.2 and earlier the list of \s-1CA\s0 names is only sent from the +server to the client when requesting a client certificate. So any list of \s-1CA\s0 +names set is never sent from client to server and the list of \s-1CA\s0 names retrieved +by \fBSSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR. +.PP +For \s-1TLS 1.3\s0 the list of \s-1CA\s0 names is sent using the \fBcertificate_authorities\fR +extension and may be sent by a client (in the ClientHello message) or by +a server (when requesting a certificate). +.PP +In most cases it is not necessary to set \s-1CA\s0 names on the client side. The list +of \s-1CA\s0 names that are acceptable to the client will be sent in plaintext to the +server. This has privacy implications and may also have performance implications +if the list is large. This optional capability was introduced as part of TLSv1.3 +and therefore setting \s-1CA\s0 names on the client side will have no impact if that +protocol version has been disabled. Most servers do not need this and so this +should be avoided unless required. +.PP +The \*(L"client \s-1CA\s0 list\*(R" functions below only have an effect when called on the +server side. +.PP +\&\fBSSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for \fBctx\fR. Ownership of \fBlist\fR is transferred +to \fBctx\fR and it should not be freed by the caller. +.PP +\&\fBSSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for the chosen \fBssl\fR, overriding the +setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. Ownership of \fBlist\fR is transferred +to \fBs\fR and it should not be freed by the caller. +.PP +\&\fBSSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for +\&\fBctx\fR using \fBSSL_CTX_set_client_CA_list()\fR. The returned list should not be freed +by the caller. +.PP +\&\fBSSL_get_client_CA_list()\fR returns the list of client CAs explicitly +set for \fBssl\fR using \fBSSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with +\&\fBSSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode, +SSL_get_client_CA_list returns the list of client CAs sent from the server, if +any. The returned list should not be freed by the caller. +.PP +\&\fBSSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +\&\fBctx\fR. +.PP +\&\fBSSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. +.PP +\&\fBSSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer +has sent. This can be called on either the server or the client side. The +returned list should not be freed by the caller. +.PP +The \*(L"generic \s-1CA\s0 list\*(R" functions below are very similar to the \*(L"client \s-1CA\s0 +list\*(R" functions except that they have an effect on both the server and client +sides. The lists of \s-1CA\s0 names managed are separate \- so you cannot (for example) +set \s-1CA\s0 names using the \*(L"client \s-1CA\s0 list\*(R" functions and then get them using the +\&\*(L"generic \s-1CA\s0 list\*(R" functions. Where a mix of the two types of functions has been +used on the server side then the \*(L"client \s-1CA\s0 list\*(R" functions take precedence. +Typically, on the server side, the \*(L"client \s-1CA\s0 list \*(R" functions should be used in +preference. As noted above in most cases it is not necessary to set \s-1CA\s0 names on +the client side. +.PP +\&\fBSSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to +\&\fBname_list\fR. Ownership of \fBname_list\fR is transferred to \fBctx\fR and +it should not be freed by the caller. +.PP +\&\fBSSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR +overriding any list set in the parent \fB\s-1SSL_CTX\s0\fR of \fBs\fR. Ownership of +\&\fBname_list\fR is transferred to \fBs\fR and it should not be freed by the caller. +.PP +\&\fBSSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for +\&\fBctx\fR. The returned list should not be freed by the caller. +.PP +\&\fBSSL_get0_CA_list()\fR retrieves any previously set list of CAs set for +\&\fBs\fR or if none are set the list from the parent \fB\s-1SSL_CTX\s0\fR is retrieved. The +returned list should not be freed by the caller. +.PP +\&\fBSSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +list of CAs sent to peer for \fBctx\fR. +.PP +\&\fBSSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +list of CAs sent to the peer for \fBs\fR, overriding the setting in the parent +\&\fB\s-1SSL_CTX\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +When a \s-1TLS/SSL\s0 server requests a client certificate (see +\&\fB\fBSSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept +certificates, to the client. +.PP +This list must explicitly be set using \fBSSL_CTX_set_client_CA_list()\fR or +\&\fBSSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fBSSL_set_client_CA_list()\fR or +\&\fBSSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified +overrides the previous setting. The CAs listed do not become trusted (\fBlist\fR +only contains the names, not the complete certificates); use +\&\fBSSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification. +.PP +If the list of acceptable CAs is compiled in a file, the +\&\fBSSL_load_client_CA_file\fR\|(3) function can be used to help to import the +necessary data. +.PP +\&\fBSSL_CTX_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR, \fBSSL_add_client_CA()\fR and +\&\fBSSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no +list was specified before using \fBSSL_CTX_set_client_CA_list()\fR, +\&\fBSSL_CTX_set0_CA_list()\fR, \fBSSL_set_client_CA_list()\fR or \fBSSL_set0_CA_list()\fR, a +new \s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, +\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, \fBSSL_CTX_set0_CA_list()\fR +and \fBSSL_set0_CA_list()\fR do not return a value. +.PP +\&\fBSSL_CTX_get_client_CA_list()\fR, \fBSSL_get_client_CA_list()\fR, \fBSSL_CTX_get0_CA_list()\fR +and \fBSSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are +set. +.PP +\&\fBSSL_CTX_add_client_CA()\fR,\fBSSL_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR and +\&\fBSSL_add1_to_CA_list()\fR return 1 for success and 0 for failure. +.PP +\&\fBSSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or +\&\fB\s-1NULL\s0\fR or an empty stack if no list was sent. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: +.PP +.Vb 1 +\& SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_load_client_CA_file\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set1_curves.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set1_curves.3 new file mode 100644 index 00000000..dff3f482 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set1_curves.3 @@ -0,0 +1,238 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET1_CURVES 3" +.TH SSL_CTX_SET1_CURVES 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve \&\- EC supported curve functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen); +\& int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list); +\& +\& int SSL_set1_groups(SSL *ssl, int *glist, int glistlen); +\& int SSL_set1_groups_list(SSL *ssl, char *list); +\& +\& int SSL_get1_groups(SSL *ssl, int *groups); +\& int SSL_get_shared_group(SSL *s, int n); +\& +\& int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); +\& int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); +\& +\& int SSL_set1_curves(SSL *ssl, int *clist, int clistlen); +\& int SSL_set1_curves_list(SSL *ssl, char *list); +\& +\& int SSL_get1_curves(SSL *ssl, int *curves); +\& int SSL_get_shared_curve(SSL *s, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +For all of the functions below that set the supported groups there must be at +least one group in the list. +.PP +\&\fBSSL_CTX_set1_groups()\fR sets the supported groups for \fBctx\fR to \fBglistlen\fR +groups in the array \fBglist\fR. The array consist of all NIDs of groups in +preference order. For a \s-1TLS\s0 client the groups are used directly in the +supported groups extension. For a \s-1TLS\s0 server the groups are used to +determine the set of shared groups. +.PP +\&\fBSSL_CTX_set1_groups_list()\fR sets the supported groups for \fBctx\fR to +string \fBlist\fR. The string is a colon separated list of group NIDs or +names, for example \*(L"P\-521:P\-384:P\-256\*(R". +.PP +\&\fBSSL_set1_groups()\fR and \fBSSL_set1_groups_list()\fR are similar except they set +supported groups for the \s-1SSL\s0 structure \fBssl\fR. +.PP +\&\fBSSL_get1_groups()\fR returns the set of supported groups sent by a client +in the supported groups extension. It returns the total number of +supported groups. The \fBgroups\fR parameter can be \fB\s-1NULL\s0\fR to simply +return the number of groups for memory allocation purposes. The +\&\fBgroups\fR array is in the form of a set of group NIDs in preference +order. It can return zero if the client did not send a supported groups +extension. +.PP +\&\fBSSL_get_shared_group()\fR returns shared group \fBn\fR for a server-side +\&\s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared groups is +returned, which may be zero. Other than for diagnostic purposes, +most applications will only be interested in the first shared group +so \fBn\fR is normally set to zero. If the value \fBn\fR is out of range, +NID_undef is returned. +.PP +All these functions are implemented as macros. +.PP +The curve functions are synonyms for the equivalently named group functions and +are identical in every respect. They exist because, prior to \s-1TLS1.3,\s0 there was +only the concept of supported curves. In \s-1TLS1.3\s0 this was renamed to supported +groups, and extended to include Diffie Hellman groups. The group functions +should be used in preference. +.SH "NOTES" +.IX Header "NOTES" +If an application wishes to make use of several of these functions for +configuration purposes either on a command line or in a file it should +consider using the \s-1SSL_CONF\s0 interface instead of manually parsing options. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set1_groups()\fR, \fBSSL_CTX_set1_groups_list()\fR, \fBSSL_set1_groups()\fR and +\&\fBSSL_set1_groups_list()\fR, return 1 for success and 0 for failure. +.PP +\&\fBSSL_get1_groups()\fR returns the number of groups, which may be zero. +.PP +\&\fBSSL_get_shared_group()\fR returns the \s-1NID\s0 of shared group \fBn\fR or NID_undef if there +is no shared group \fBn\fR; or the total number of shared groups if \fBn\fR +is \-1. +.PP +When called on a client \fBssl\fR, \fBSSL_get_shared_group()\fR has no meaning and +returns \-1. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The curve functions were added in OpenSSL 1.0.2. The equivalent group +functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set1_sigalgs.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set1_sigalgs.3 new file mode 100644 index 00000000..55fd3d09 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set1_sigalgs.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET1_SIGALGS 3" +.TH SSL_CTX_SET1_SIGALGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs, SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list, SSL_set1_client_sigalgs_list \- set supported signature algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set1_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); +\& long SSL_set1_sigalgs(SSL *ssl, const int *slist, long slistlen); +\& long SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str); +\& long SSL_set1_sigalgs_list(SSL *ssl, const char *str); +\& +\& long SSL_CTX_set1_client_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); +\& long SSL_set1_client_sigalgs(SSL *ssl, const int *slist, long slistlen); +\& long SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str); +\& long SSL_set1_client_sigalgs_list(SSL *ssl, const char *str); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set1_sigalgs()\fR and \fBSSL_set1_sigalgs()\fR set the supported signature +algorithms for \fBctx\fR or \fBssl\fR. The array \fBslist\fR of length \fBslistlen\fR +must consist of pairs of NIDs corresponding to digest and public key +algorithms. +.PP +\&\fBSSL_CTX_set1_sigalgs_list()\fR and \fBSSL_set1_sigalgs_list()\fR set the supported +signature algorithms for \fBctx\fR or \fBssl\fR. The \fBstr\fR parameter +must be a null terminated string consisting of a colon separated list of +elements, where each element is either a combination of a public key +algorithm and a digest separated by \fB+\fR, or a \s-1TLS 1\s0.3\-style named +SignatureScheme such as rsa_pss_pss_sha256. +.PP +\&\fBSSL_CTX_set1_client_sigalgs()\fR, \fBSSL_set1_client_sigalgs()\fR, +\&\fBSSL_CTX_set1_client_sigalgs_list()\fR and \fBSSL_set1_client_sigalgs_list()\fR set +signature algorithms related to client authentication, otherwise they are +identical to \fBSSL_CTX_set1_sigalgs()\fR, \fBSSL_set1_sigalgs()\fR, +\&\fBSSL_CTX_set1_sigalgs_list()\fR and \fBSSL_set1_sigalgs_list()\fR. +.PP +All these functions are implemented as macros. The signature algorithm +parameter (integer array or string) is not freed: the application should +free it, if necessary. +.SH "NOTES" +.IX Header "NOTES" +If an application wishes to allow the setting of signature algorithms +as one of many user configurable options it should consider using the more +flexible \s-1SSL_CONF API\s0 instead. +.PP +The signature algorithms set by a client are used directly in the supported +signature algorithm in the client hello message. +.PP +The supported signature algorithms set by a server are not sent to the +client but are used to determine the set of shared signature algorithms +and (if server preferences are set with \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0) +their order. +.PP +The client authentication signature algorithms set by a server are sent +in a certificate request message if client authentication is enabled, +otherwise they are unused. +.PP +Similarly client authentication signature algorithms set by a client are +used to determined the set of client authentication shared signature +algorithms. +.PP +Signature algorithms will neither be advertised nor used if the security level +prohibits them (for example \s-1SHA1\s0 if the security level is 4 or more). +.PP +Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and +NID_sha512 digest NIDs are supported and the public key algorithm NIDs +\&\s-1EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_DSA\s0 and \s-1EVP_PKEY_EC.\s0 +.PP +The short or long name values for digests can be used in a string (for +example \*(L"\s-1MD5\*(R", \*(L"SHA1\*(R", \*(L"SHA224\*(R", \*(L"SHA256\*(R", \*(L"SHA384\*(R", \*(L"SHA512\*(R"\s0) and +the public key algorithm strings \*(L"\s-1RSA\*(R",\s0 \*(L"RSA-PSS\*(R", \*(L"\s-1DSA\*(R"\s0 or \*(L"\s-1ECDSA\*(R".\s0 +.PP +The \s-1TLS 1.3\s0 signature scheme names (such as \*(L"rsa_pss_pss_sha256\*(R") can also +be used with the \fB_list\fR forms of the \s-1API.\s0 +.PP +The use of \s-1MD5\s0 as a digest is strongly discouraged due to security weaknesses. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 +using an array: +.PP +.Vb 1 +\& const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA}; +\& +\& SSL_CTX_set1_sigalgs(ctx, slist, 4); +.Ve +.PP +Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 +using a string: +.PP +.Vb 1 +\& SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256"); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_shared_sigalgs\fR\|(3), +\&\fBSSL_CONF_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set1_verify_cert_store.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set1_verify_cert_store.3 new file mode 100644 index 00000000..1c513207 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set1_verify_cert_store.3 @@ -0,0 +1,226 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET1_VERIFY_CERT_STORE 3" +.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, SSL_set0_chain_cert_store, SSL_set1_chain_cert_store \- set certificate verification or chain store +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& +\& int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); +\& int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); +\& int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); +\& int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set0_verify_cert_store()\fR and \fBSSL_CTX_set1_verify_cert_store()\fR +set the certificate store used for certificate verification to \fBst\fR. +.PP +\&\fBSSL_CTX_set0_chain_cert_store()\fR and \fBSSL_CTX_set1_chain_cert_store()\fR +set the certificate store used for certificate chain building to \fBst\fR. +.PP +\&\fBSSL_set0_verify_cert_store()\fR, \fBSSL_set1_verify_cert_store()\fR, +\&\fBSSL_set0_chain_cert_store()\fR and \fBSSL_set1_chain_cert_store()\fR are similar +except they apply to \s-1SSL\s0 structure \fBssl\fR. +.PP +All these functions are implemented as macros. Those containing a \fB1\fR +increment the reference count of the supplied store so it must +be freed at some point after the operation. Those containing a \fB0\fR do +not increment reference counts and the supplied store \fB\s-1MUST NOT\s0\fR be freed +after the operation. +.SH "NOTES" +.IX Header "NOTES" +The stores pointers associated with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 +structures when \fBSSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be +affected if the parent \s-1SSL_CTX\s0 store pointer is set to a new value. +.PP +The verification store is used to verify the certificate chain sent by the +peer: that is an \s-1SSL/TLS\s0 client will use the verification store to verify +the server's certificate chain and a \s-1SSL/TLS\s0 server will use it to verify +any client certificate chain. +.PP +The chain store is used to build the certificate chain. +.PP +If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set or a certificate chain is +configured already (for example using the functions such as +\&\fBSSL_CTX_add1_chain_cert\fR\|(3) or +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)) then +automatic chain building is disabled. +.PP +If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set then automatic chain building +is disabled. +.PP +If the chain or the verification store is not set then the store associated +with the parent \s-1SSL_CTX\s0 is used instead to retain compatibility with previous +versions of OpenSSL. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBSSL_CTX_set0_chain\fR\|(3) +\&\fBSSL_CTX_set1_chain\fR\|(3) +\&\fBSSL_CTX_add0_chain_cert\fR\|(3) +\&\fBSSL_CTX_add1_chain_cert\fR\|(3) +\&\fBSSL_set0_chain\fR\|(3) +\&\fBSSL_set1_chain\fR\|(3) +\&\fBSSL_add0_chain_cert\fR\|(3) +\&\fBSSL_add1_chain_cert\fR\|(3) +\&\fBSSL_CTX_build_cert_chain\fR\|(3) +\&\fBSSL_build_cert_chain\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_alpn_select_cb.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_alpn_select_cb.3 new file mode 100644 index 00000000..895d73a3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_alpn_select_cb.3 @@ -0,0 +1,314 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_ALPN_SELECT_CB 3" +.TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb, SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated \&\- handle application layer protocol negotiation (ALPN) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, +\& unsigned int protos_len); +\& int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, +\& unsigned int protos_len); +\& void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, +\& int (*cb) (SSL *ssl, +\& const unsigned char **out, +\& unsigned char *outlen, +\& const unsigned char *in, +\& unsigned int inlen, +\& void *arg), void *arg); +\& void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, +\& unsigned int *len); +\& +\& void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, +\& int (*cb)(SSL *ssl, +\& const unsigned char **out, +\& unsigned int *outlen, +\& void *arg), +\& void *arg); +\& void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, +\& int (*cb)(SSL *s, +\& unsigned char **out, +\& unsigned char *outlen, +\& const unsigned char *in, +\& unsigned int inlen, +\& void *arg), +\& void *arg); +\& int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, +\& const unsigned char *server, +\& unsigned int server_len, +\& const unsigned char *client, +\& unsigned int client_len) +\& void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, +\& unsigned *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR are used by the client to +set the list of protocols available to be negotiated. The \fBprotos\fR must be in +protocol-list format, described below. The length of \fBprotos\fR is specified in +\&\fBprotos_len\fR. +.PP +\&\fBSSL_CTX_set_alpn_select_cb()\fR sets the application callback \fBcb\fR used by a +server to select which protocol to use for the incoming connection. When \fBcb\fR +is \s-1NULL, ALPN\s0 is not used. The \fBarg\fR value is a pointer which is passed to +the application callback. +.PP +\&\fBcb\fR is the application defined callback. The \fBin\fR, \fBinlen\fR parameters are a +vector in protocol-list format. The value of the \fBout\fR, \fBoutlen\fR vector +should be set to the value of a single protocol selected from the \fBin\fR, +\&\fBinlen\fR vector. The \fBout\fR buffer may point directly into \fBin\fR, or to a +buffer that outlives the handshake. The \fBarg\fR parameter is the pointer set via +\&\fBSSL_CTX_set_alpn_select_cb()\fR. +.PP +\&\fBSSL_select_next_proto()\fR is a helper function used to select protocols. It +implements the standard protocol selection. It is expected that this function +is called from the application callback \fBcb\fR. The protocol data in \fBserver\fR, +\&\fBserver_len\fR and \fBclient\fR, \fBclient_len\fR must be in the protocol-list format +described below. The first item in the \fBserver\fR, \fBserver_len\fR list that +matches an item in the \fBclient\fR, \fBclient_len\fR list is selected, and returned +in \fBout\fR, \fBoutlen\fR. The \fBout\fR value will point into either \fBserver\fR or +\&\fBclient\fR, so it should be copied immediately. If no match is found, the first +item in \fBclient\fR, \fBclient_len\fR is returned in \fBout\fR, \fBoutlen\fR. This +function can also be used in the \s-1NPN\s0 callback. +.PP +\&\fBSSL_CTX_set_next_proto_select_cb()\fR sets a callback \fBcb\fR that is called when a +client needs to select a protocol from the server's provided list, and a +user-defined pointer argument \fBarg\fR which will be passed to this callback. +For the callback itself, \fBout\fR +must be set to point to the selected protocol (which may be within \fBin\fR). +The length of the protocol name must be written into \fBoutlen\fR. The +server's advertised protocols are provided in \fBin\fR and \fBinlen\fR. The +callback can assume that \fBin\fR is syntactically valid. The client must +select a protocol. It is fatal to the connection if this callback returns +a value other than \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR. The \fBarg\fR parameter is the pointer +set via \fBSSL_CTX_set_next_proto_select_cb()\fR. +.PP +\&\fBSSL_CTX_set_next_protos_advertised_cb()\fR sets a callback \fBcb\fR that is called +when a \s-1TLS\s0 server needs a list of supported protocols for Next Protocol +Negotiation. The returned list must be in protocol-list format, described +below. The list is +returned by setting \fBout\fR to point to it and \fBoutlen\fR to its length. This +memory will not be modified, but the \fB\s-1SSL\s0\fR does keep a +reference to it. The callback should return \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it +wishes to advertise. Otherwise, no such extension will be included in the +ServerHello. +.PP +\&\fBSSL_get0_alpn_selected()\fR returns a pointer to the selected protocol in \fBdata\fR +with length \fBlen\fR. It is not NUL-terminated. \fBdata\fR is set to \s-1NULL\s0 and \fBlen\fR +is set to 0 if no protocol has been selected. \fBdata\fR must not be freed. +.PP +\&\fBSSL_get0_next_proto_negotiated()\fR sets \fBdata\fR and \fBlen\fR to point to the +client's requested protocol for this connection. If the client did not +request any protocol or \s-1NPN\s0 is not enabled, then \fBdata\fR is set to \s-1NULL\s0 and +\&\fBlen\fR to 0. Note that +the client can request any protocol it chooses. The value returned from +this function need not be a member of the list of supported protocols +provided by the callback. +.SH "NOTES" +.IX Header "NOTES" +The protocol-lists must be in wire-format, which is defined as a vector of +non-empty, 8\-bit length-prefixed, byte strings. The length-prefix byte is not +included in the length. Each string is limited to 255 bytes. A byte-string +length of 0 is invalid. A truncated byte-string is invalid. The length of the +vector is not in the vector itself, but in a separate variable. +.PP +Example: +.PP +.Vb 5 +\& unsigned char vector[] = { +\& 6, \*(Aqs\*(Aq, \*(Aqp\*(Aq, \*(Aqd\*(Aq, \*(Aqy\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq, +\& 8, \*(Aqh\*(Aq, \*(Aqt\*(Aq, \*(Aqt\*(Aq, \*(Aqp\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq, \*(Aq.\*(Aq, \*(Aq1\*(Aq +\& }; +\& unsigned int length = sizeof(vector); +.Ve +.PP +The \s-1ALPN\s0 callback is executed after the servername callback; as that servername +callback may update the \s-1SSL_CTX,\s0 and subsequently, the \s-1ALPN\s0 callback. +.PP +If there is no \s-1ALPN\s0 proposed in the ClientHello, the \s-1ALPN\s0 callback is not +invoked. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR return 0 on success, and +non\-0 on failure. \s-1WARNING:\s0 these functions reverse the return value convention. +.PP +\&\fBSSL_select_next_proto()\fR returns one of the following: +.IP "\s-1OPENSSL_NPN_NEGOTIATED\s0" 4 +.IX Item "OPENSSL_NPN_NEGOTIATED" +A match was found and is returned in \fBout\fR, \fBoutlen\fR. +.IP "\s-1OPENSSL_NPN_NO_OVERLAP\s0" 4 +.IX Item "OPENSSL_NPN_NO_OVERLAP" +No match was found. The first item in \fBclient\fR, \fBclient_len\fR is returned in +\&\fBout\fR, \fBoutlen\fR. +.PP +The \s-1ALPN\s0 select callback \fBcb\fR, must return one of the following: +.IP "\s-1SSL_TLSEXT_ERR_OK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_OK" +\&\s-1ALPN\s0 protocol selected. +.IP "\s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0" 4 +.IX Item "SSL_TLSEXT_ERR_ALERT_FATAL" +There was no overlap between the client's supplied list and the server +configuration. +.IP "\s-1SSL_TLSEXT_ERR_NOACK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_NOACK" +\&\s-1ALPN\s0 protocol not selected, e.g., because no \s-1ALPN\s0 protocols are configured for +this connection. +.PP +The callback set using \fBSSL_CTX_set_next_proto_select_cb()\fR should return +\&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if successful. Any other value is fatal to the connection. +.PP +The callback set using \fBSSL_CTX_set_next_protos_advertised_cb()\fR should return +\&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it wishes to advertise. Otherwise, no such extension +will be included in the ServerHello. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), +\&\fBSSL_CTX_set_tlsext_servername_arg\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_cert_cb.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_cert_cb.3 new file mode 100644 index 00000000..42583adb --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_cert_cb.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_CB 3" +.TH SSL_CTX_SET_CERT_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_cb, SSL_set_cert_cb \- handle certificate callback function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), +\& void *arg); +\& void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg); +\& +\& int (*cert_cb)(SSL *ssl, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR sets the \fBcert_cb()\fR callback, +\&\fBarg\fR value is pointer which is passed to the application callback. +.PP +When \fBcert_cb()\fR is \s-1NULL,\s0 no callback function is used. +.PP +\&\fBcert_cb()\fR is the application defined callback. It is called before a +certificate will be used by a client or server. The callback can then inspect +the passed \fBssl\fR structure and set or clear any appropriate certificates. If +the callback is successful it \fB\s-1MUST\s0\fR return 1 even if no certificates have +been set. A zero is returned on error which will abort the handshake with a +fatal internal error alert. A negative return value will suspend the handshake +and the handshake function will return immediately. +\&\fBSSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to +indicate, that the handshake was suspended. The next call to the handshake +function will again lead to the call of \fBcert_cb()\fR. It is the job of the +\&\fBcert_cb()\fR to store information about the state of the last call, +if required to continue. +.SH "NOTES" +.IX Header "NOTES" +An application will typically call \fBSSL_use_certificate()\fR and +\&\fBSSL_use_PrivateKey()\fR to set the end entity certificate and private key. +It can add intermediate and optionally the root \s-1CA\s0 certificates using +\&\fBSSL_add1_chain_cert()\fR. +.PP +It might also call \fBSSL_certs_clear()\fR to delete any certificates associated +with the \fB\s-1SSL\s0\fR object. +.PP +The certificate callback functionality supersedes the (largely broken) +functionality provided by the old client certificate callback interface. +It is \fBalways\fR called even is a certificate is already set so the callback +can modify or delete the existing certificate. +.PP +A more advanced callback might examine the handshake parameters and set +whatever chain is appropriate. For example a legacy client supporting only +TLSv1.0 might receive a certificate chain signed using \s-1SHA1\s0 whereas a +TLSv1.2 or later client which advertises support for \s-1SHA256\s0 could receive a +chain using \s-1SHA256.\s0 +.PP +Normal server sanity checks are performed on any certificates set +by the callback. So if an \s-1EC\s0 chain is set for a curve the client does not +support it will \fBnot\fR be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_use_certificate\fR\|(3), +\&\fBSSL_add1_chain_cert\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_cert_store.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_cert_store.3 new file mode 100644 index 00000000..41d9f44a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_cert_store.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_STORE 3" +.TH SSL_CTX_SET_CERT_STORE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); +\& void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store); +\& X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage +of \fBctx\fR to/with \fBstore\fR. If another X509_STORE object is currently +set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. +.PP +\&\fBSSL_CTX_set1_cert_store()\fR sets/replaces the certificate verification storage +of \fBctx\fR to/with \fBstore\fR. The \fBstore\fR's reference count is incremented. +If another X509_STORE object is currently set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. +.PP +\&\fBSSL_CTX_get_cert_store()\fR returns a pointer to the current certificate +verification storage. +.SH "NOTES" +.IX Header "NOTES" +In order to verify the certificates presented by the peer, trusted \s-1CA\s0 +certificates must be accessed. These \s-1CA\s0 certificates are made available +via lookup methods, handled inside the X509_STORE. From the X509_STORE +the X509_STORE_CTX used when verifying certificates is created. +.PP +Typically the trusted certificate store is handled indirectly via using +\&\fBSSL_CTX_load_verify_locations\fR\|(3). +Using the \fBSSL_CTX_set_cert_store()\fR and \fBSSL_CTX_get_cert_store()\fR functions +it is possible to manipulate the X509_STORE object beyond the +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +call. +.PP +Currently no detailed documentation on how to use the X509_STORE +object is available. Not all members of the X509_STORE are used when +the verification takes place. So will e.g. the \fBverify_callback()\fR be +overridden with the \fBverify_callback()\fR set via the +\&\fBSSL_CTX_set_verify\fR\|(3) family of functions. +This document must therefore be updated when documentation about the +X509_STORE object and its handling becomes available. +.PP +\&\fBSSL_CTX_set_cert_store()\fR does not increment the \fBstore\fR's reference +count, so it should not be used to assign an X509_STORE that is owned +by another \s-1SSL_CTX.\s0 +.PP +To share X509_STOREs between two SSL_CTXs, use \fBSSL_CTX_get_cert_store()\fR +to get the X509_STORE from the first \s-1SSL_CTX,\s0 and then use +\&\fBSSL_CTX_set1_cert_store()\fR to assign to the second \s-1SSL_CTX\s0 and +increment the reference count of the X509_STORE. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +The X509_STORE structure used by an \s-1SSL_CTX\s0 is used for verifying peer +certificates and building certificate chains, it is also shared by +every child \s-1SSL\s0 structure. Applications wanting finer control can use +functions such as \fBSSL_CTX_set1_verify_cert_store()\fR instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_cert_store()\fR does not return diagnostic output. +.PP +\&\fBSSL_CTX_set1_cert_store()\fR does not return diagnostic output. +.PP +\&\fBSSL_CTX_get_cert_store()\fR returns the current setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_cert_verify_callback.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_cert_verify_callback.3 new file mode 100644 index 00000000..77386a6a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_cert_verify_callback.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_VERIFY_CALLBACK 3" +.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, +\& int (*callback)(X509_STORE_CTX *, void *), +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for +\&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at +the time when \fBSSL_new\fR\|(3) is called. +.SH "NOTES" +.IX Header "NOTES" +Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification +function is called. If the application does not explicitly specify a +verification callback function, the built-in verification function is used. +If a verification callback \fIcallback\fR is specified via +\&\fBSSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called +instead. By setting \fIcallback\fR to \s-1NULL,\s0 the default behaviour is restored. +.PP +When the verification must be performed, \fIcallback\fR will be called with +the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The +argument \fIarg\fR is specified by the application when setting \fIcallback\fR. +.PP +\&\fIcallback\fR should return 1 to indicate verification success and 0 to +indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fIcallback\fR +returns 0, the handshake will fail. As the verification procedure may +allow the connection to continue in the case of failure (by always +returning 1) the verification result must be set in any case using the +\&\fBerror\fR member of \fIx509_store_ctx\fR so that the calling application +will be informed about the detailed result of the verification procedure! +.PP +Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR +function set using \fBSSL_CTX_set_verify\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_cert_verify_callback()\fR does not return a value. +.SH "WARNINGS" +.IX Header "WARNINGS" +Do not mix the verification callback described in this function with the +\&\fBverify_callback\fR function called during the verification process. The +latter is set using the \fBSSL_CTX_set_verify\fR\|(3) +family of functions. +.PP +Providing a complete verification procedure including certificate purpose +settings etc is a complex task. The built-in procedure is quite powerful +and in most cases it should be sufficient to modify its behaviour using +the \fBverify_callback\fR function. +.SH "BUGS" +.IX Header "BUGS" +\&\fBSSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_cipher_list.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_cipher_list.3 new file mode 100644 index 00000000..bb4965c5 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_cipher_list.3 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CIPHER_LIST 3" +.TH SSL_CTX_SET_CIPHER_LIST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cipher_list, SSL_set_cipher_list, SSL_CTX_set_ciphersuites, SSL_set_ciphersuites \&\- choose list of available SSL_CIPHERs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); +\& int SSL_set_cipher_list(SSL *ssl, const char *str); +\& +\& int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +\& int SSL_set_ciphersuites(SSL *s, const char *str); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_cipher_list()\fR sets the list of available ciphers (TLSv1.2 and below) +for \fBctx\fR using the control string \fBstr\fR. The format of the string is described +in \fBciphers\fR\|(1). The list of ciphers is inherited by all +\&\fBssl\fR objects created from \fBctx\fR. This function does not impact TLSv1.3 +ciphersuites. Use \fBSSL_CTX_set_ciphersuites()\fR to configure those. +.PP +\&\fBSSL_set_cipher_list()\fR sets the list of ciphers (TLSv1.2 and below) only for +\&\fBssl\fR. +.PP +\&\fBSSL_CTX_set_ciphersuites()\fR is used to configure the available TLSv1.3 +ciphersuites for \fBctx\fR. This is a simple colon (\*(L":\*(R") separated list of TLSv1.3 +ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are: +.IP "\s-1TLS_AES_128_GCM_SHA256\s0" 4 +.IX Item "TLS_AES_128_GCM_SHA256" +.PD 0 +.IP "\s-1TLS_AES_256_GCM_SHA384\s0" 4 +.IX Item "TLS_AES_256_GCM_SHA384" +.IP "\s-1TLS_CHACHA20_POLY1305_SHA256\s0" 4 +.IX Item "TLS_CHACHA20_POLY1305_SHA256" +.IP "\s-1TLS_AES_128_CCM_SHA256\s0" 4 +.IX Item "TLS_AES_128_CCM_SHA256" +.IP "\s-1TLS_AES_128_CCM_8_SHA256\s0" 4 +.IX Item "TLS_AES_128_CCM_8_SHA256" +.PD +.PP +An empty list is permissible. The default value for the this setting is: +.PP +\&\*(L"\s-1TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256\*(R"\s0 +.PP +\&\fBSSL_set_ciphersuites()\fR is the same as \fBSSL_CTX_set_ciphersuites()\fR except it +configures the ciphersuites for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The control string \fBstr\fR for \fBSSL_CTX_set_cipher_list()\fR and +\&\fBSSL_set_cipher_list()\fR should be universally usable and not depend +on details of the library configuration (ciphers compiled in). Thus no +syntax checking takes place. Items that are not recognized, because the +corresponding ciphers are not compiled in or because they are mistyped, +are simply ignored. Failure is only flagged if no ciphers could be collected +at all. +.PP +It should be noted, that inclusion of a cipher to be used into the list is +a necessary condition. On the client side, the inclusion into the list is +also sufficient unless the security level excludes it. On the server side, +additional restrictions apply. All ciphers have additional requirements. +\&\s-1ADH\s0 ciphers don't need a certificate, but DH-parameters must have been set. +All other ciphers need a corresponding certificate and key. +.PP +A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is available. +\&\s-1RSA\s0 ciphers using \s-1DHE\s0 need a certificate and key and additional DH-parameters +(see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). +.PP +A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. +\&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters +(see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). +.PP +When these conditions are not met for any cipher in the list (e.g. a +client only supports export \s-1RSA\s0 ciphers with an asymmetric key length +of 512 bits and the server is not configured to use temporary \s-1RSA\s0 +keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated +and the handshake will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_cipher_list()\fR and \fBSSL_set_cipher_list()\fR return 1 if any cipher +could be selected and 0 on complete failure. +.PP +\&\fBSSL_CTX_set_ciphersuites()\fR and \fBSSL_set_ciphersuites()\fR return 1 if the requested +ciphersuite list was configured, and 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_ciphers\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBciphers\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_client_cert_cb.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_client_cert_cb.3 new file mode 100644 index 00000000..e565dc6d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_client_cert_cb.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CLIENT_CERT_CB 3" +.TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, +\& int (*client_cert_cb)(SSL *ssl, X509 **x509, +\& EVP_PKEY **pkey)); +\& int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, +\& EVP_PKEY **pkey); +\& int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_client_cert_cb()\fR sets the \fBclient_cert_cb()\fR callback, that is +called when a client certificate is requested by a server and no certificate +was yet set for the \s-1SSL\s0 object. +.PP +When \fBclient_cert_cb()\fR is \s-1NULL,\s0 no callback function is used. +.PP +\&\fBSSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback +function. +.PP +\&\fBclient_cert_cb()\fR is the application defined callback. If it wants to +set a certificate, a certificate/private key combination must be set +using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. The +certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. +If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate +will be sent. A negative return value will suspend the handshake and the +handshake function will return immediately. \fBSSL_get_error\fR\|(3) +will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was +suspended. The next call to the handshake function will again lead to the call +of \fBclient_cert_cb()\fR. It is the job of the \fBclient_cert_cb()\fR to store information +about the state of the last call, if required to continue. +.SH "NOTES" +.IX Header "NOTES" +During a handshake (or renegotiation) a server may request a certificate +from the client. A client certificate must only be sent, when the server +did send the request. +.PP +When a certificate was set using the +\&\fBSSL_CTX_use_certificate\fR\|(3) family of functions, +it will be sent to the server. The \s-1TLS\s0 standard requires that only a +certificate is sent, if it matches the list of acceptable CAs sent by the +server. This constraint is violated by the default behavior of the OpenSSL +library. Using the callback function it is possible to implement a proper +selection routine or to allow a user interaction to choose the certificate to +be sent. +.PP +If a callback function is defined and no certificate was yet defined for the +\&\s-1SSL\s0 object, the callback function will be called. +If the callback function returns a certificate, the OpenSSL library +will try to load the private key and certificate data into the \s-1SSL\s0 +object using the \fBSSL_use_certificate()\fR and \fBSSL_use_private_key()\fR functions. +Thus it will permanently install the certificate and key for this \s-1SSL\s0 +object. It will not be reset by calling \fBSSL_clear\fR\|(3). +If the callback returns no certificate, the OpenSSL library will not send +a certificate. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_get_client_cert_cb()\fR returns function pointer of \fBclient_cert_cb()\fR or +\&\s-1NULL\s0 if the callback is not set. +.SH "BUGS" +.IX Header "BUGS" +The \fBclient_cert_cb()\fR cannot return a complete certificate chain, it can +only return one client certificate. If the chain only has a length of 2, +the root \s-1CA\s0 certificate may be omitted according to the \s-1TLS\s0 standard and +thus a standard conforming answer can be sent to the server. For a +longer chain, the client must send the complete chain (with the option +to leave out the root \s-1CA\s0 certificate). This can only be accomplished by +either adding the intermediate \s-1CA\s0 certificates into the trusted +certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add +\&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding +the chain certificates using the +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that +therefore probably can only apply for one client certificate, making +the concept of the callback function (to allow the choice from several +certificates) questionable. +.PP +Once the \s-1SSL\s0 object has been used in conjunction with the callback function, +the certificate will be set for the \s-1SSL\s0 object and will not be cleared +even when \fBSSL_clear\fR\|(3) is being called. It is therefore +mandatory to destroy the \s-1SSL\s0 object using \fBSSL_free\fR\|(3) +and create a new one to return to the previous state. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_client_hello_cb.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_client_hello_cb.3 new file mode 100644 index 00000000..0ed9b053 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_client_hello_cb.3 @@ -0,0 +1,262 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CLIENT_HELLO_CB 3" +.TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext \- callback functions for early server\-side ClientHello processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 10 +\& typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg); +\& void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn *f, +\& void *arg); +\& int SSL_client_hello_isv2(SSL *s); +\& unsigned int SSL_client_hello_get0_legacy_version(SSL *s); +\& size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); +\& size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); +\& size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); +\& size_t SSL_client_hello_get0_compression_methods(SSL *s, +\& const unsigned char **out); +\& int SSL_client_hello_get1_extensions_present(SSL *s, int **out, +\& size_t *outlen); +\& int SSL_client_hello_get0_ext(SSL *s, int type, const unsigned char **out, +\& size_t *outlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_client_hello_cb()\fR sets the callback function, which is automatically +called during the early stages of ClientHello processing on the server. +The argument supplied when setting the callback is passed back to the +callback at runtime. A callback that returns failure (0) will cause the +connection to terminate, and callbacks returning failure should indicate +what alert value is to be sent in the \fBal\fR parameter. A callback may +also return a negative value to suspend the handshake, and the handshake +function will return immediately. \fBSSL_get_error\fR\|(3) will return +\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 to indicate that the handshake was suspended. +It is the job of the ClientHello callback to store information about the state +of the last call if needed to continue. On the next call into the handshake +function, the ClientHello callback will be called again, and, if it returns +success, normal handshake processing will continue from that point. +.PP +\&\fBSSL_client_hello_isv2()\fR indicates whether the ClientHello was carried in a +SSLv2 record and is in the SSLv2 format. The SSLv2 format has substantial +differences from the normal SSLv3 format, including using three bytes per +cipher suite, and not allowing extensions. Additionally, the SSLv2 format +\&'challenge' field is exposed via \fBSSL_client_hello_get0_random()\fR, padded to +\&\s-1SSL3_RANDOM_SIZE\s0 bytes with zeros if needed. For SSLv2 format ClientHellos, +\&\fBSSL_client_hello_get0_compression_methods()\fR returns a dummy list that only includes +the null compression method, since the SSLv2 format does not include a +mechanism by which to negotiate compression. +.PP +\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, +\&\fBSSL_client_hello_get0_ciphers()\fR, and +\&\fBSSL_client_hello_get0_compression_methods()\fR provide access to the corresponding +ClientHello fields, returning the field length and optionally setting an out +pointer to the octets of that field. +.PP +Similarly, \fBSSL_client_hello_get0_ext()\fR provides access to individual extensions +from the ClientHello on a per-extension basis. For the provided wire +protocol extension type value, the extension value and length are returned +in the output parameters (if present). +.PP +\&\fBSSL_client_hello_get1_extensions_present()\fR can be used prior to +\&\fBSSL_client_hello_get0_ext()\fR, to determine which extensions are present in the +ClientHello before querying for them. The \fBout\fR and \fBoutlen\fR parameters are +both required, and on success the caller must release the storage allocated for +\&\fB*out\fR using \fBOPENSSL_free()\fR. The contents of \fB*out\fR is an array of integers +holding the numerical value of the \s-1TLS\s0 extension types in the order they appear +in the ClientHello. \fB*outlen\fR contains the number of elements in the array. +In situations when the ClientHello has no extensions, the function will return +success with \fB*out\fR set to \s-1NULL\s0 and \fB*outlen\fR set to 0. +.SH "NOTES" +.IX Header "NOTES" +The ClientHello callback provides a vast window of possibilities for application +code to affect the \s-1TLS\s0 handshake. A primary use of the callback is to +allow the server to examine the server name indication extension provided +by the client in order to select an appropriate certificate to present, +and make other configuration adjustments relevant to that server name +and its configuration. Such configuration changes can include swapping out +the associated \s-1SSL_CTX\s0 pointer, modifying the server's list of permitted \s-1TLS\s0 +versions, changing the server's cipher list in response to the client's +cipher list, etc. +.PP +It is also recommended that applications utilize a ClientHello callback and +not use a servername callback, in order to avoid unexpected behavior that +occurs due to the relative order of processing between things like session +resumption and the historical servername callback. +.PP +The SSL_client_hello_* family of functions may only be called from code executing +within a ClientHello callback. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The application's supplied ClientHello callback returns +\&\s-1SSL_CLIENT_HELLO_SUCCESS\s0 on success, \s-1SSL_CLIENT_HELLO_ERROR\s0 on failure, and +\&\s-1SSL_CLIENT_HELLO_RETRY\s0 to suspend processing. +.PP +\&\fBSSL_client_hello_isv2()\fR returns 1 for SSLv2\-format ClientHellos and 0 otherwise. +.PP +\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, +\&\fBSSL_client_hello_get0_ciphers()\fR, and +\&\fBSSL_client_hello_get0_compression_methods()\fR return the length of the +corresponding ClientHello fields. If zero is returned, the output pointer +should not be assumed to be valid. +.PP +\&\fBSSL_client_hello_get0_ext()\fR returns 1 if the extension of type 'type' is present, and +0 otherwise. +.PP +\&\fBSSL_client_hello_get1_extensions_present()\fR returns 1 on success and 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), +SSL_bytes_to_cipher_list +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SSL\s0 ClientHello callback, \fBSSL_client_hello_isv2()\fR, +\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, +\&\fBSSL_client_hello_get0_ciphers()\fR, \fBSSL_client_hello_get0_compression_methods()\fR, +\&\fBSSL_client_hello_get0_ext()\fR, and \fBSSL_client_hello_get1_extensions_present()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_ct_validation_callback.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_ct_validation_callback.3 new file mode 100644 index 00000000..0a0e84e6 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_ct_validation_callback.3 @@ -0,0 +1,271 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CT_VALIDATION_CALLBACK 3" +.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ssl_ct_validation_cb, SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_disable_ct, SSL_set_ct_validation_callback, SSL_CTX_set_ct_validation_callback, SSL_ct_is_enabled, SSL_CTX_ct_is_enabled \- control Certificate Transparency policy +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, +\& const STACK_OF(SCT) *scts, void *arg); +\& +\& int SSL_enable_ct(SSL *s, int validation_mode); +\& int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); +\& int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, +\& void *arg); +\& int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, +\& ssl_ct_validation_cb callback, +\& void *arg); +\& void SSL_disable_ct(SSL *s); +\& void SSL_CTX_disable_ct(SSL_CTX *ctx); +\& int SSL_ct_is_enabled(const SSL *s); +\& int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_enable_ct()\fR and \fBSSL_CTX_enable_ct()\fR enable the processing of signed +certificate timestamps (SCTs) either for a given \s-1SSL\s0 connection or for all +connections that share the given \s-1SSL\s0 context, respectively. +This is accomplished by setting a built-in \s-1CT\s0 validation callback. +The behaviour of the callback is determined by the \fBvalidation_mode\fR argument, +which can be either of \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR or +\&\fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR as described below. +.PP +If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR, then in a full +\&\s-1TLS\s0 handshake with the verification mode set to \fB\s-1SSL_VERIFY_PEER\s0\fR, if the peer +presents no valid SCTs the handshake will be aborted. +If the verification mode is \fB\s-1SSL_VERIFY_NONE\s0\fR, the handshake will continue +despite lack of valid SCTs. +However, in that case if the verification status before the built-in callback +was \fBX509_V_OK\fR it will be set to \fBX509_V_ERR_NO_VALID_SCTS\fR after the +callback. +Applications can call \fBSSL_get_verify_result\fR\|(3) to check the status at +handshake completion, even after session resumption since the verification +status is part of the saved session state. +See \fBSSL_set_verify\fR\|(3), <\fBSSL_get_verify_result\fR\|(3)>, \fBSSL_session_reused\fR\|(3). +.PP +If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR, then the +handshake continues, and the verification status is not modified, regardless of +the validation status of any SCTs. +The application can still inspect the validation status of the SCTs at +handshake completion. +Note that with session resumption there will not be any SCTs presented during +the handshake. +Therefore, in applications that delay \s-1SCT\s0 policy enforcement until after +handshake completion, such delayed \s-1SCT\s0 checks should only be performed when the +session is not resumed. +.PP +\&\fBSSL_set_ct_validation_callback()\fR and \fBSSL_CTX_set_ct_validation_callback()\fR +register a custom callback that may implement a different policy than either of +the above. +This callback can examine the peer's SCTs and determine whether they are +sufficient to allow the connection to continue. +The \s-1TLS\s0 handshake is aborted if the verification mode is not \fB\s-1SSL_VERIFY_NONE\s0\fR +and the callback returns a non-positive result. +.PP +An arbitrary callback context argument, \fBarg\fR, can be passed in when setting +the callback. +This will be passed to the callback whenever it is invoked. +Ownership of this context remains with the caller. +.PP +If no callback is set, SCTs will not be requested and Certificate Transparency +validation will not occur. +.PP +No callback will be invoked when the peer presents no certificate, e.g. by +employing an anonymous (aNULL) cipher suite. +In that case the handshake continues as it would had no callback been +requested. +Callbacks are also not invoked when the peer certificate chain is invalid or +validated via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records which use a private X.509 +\&\s-1PKI,\s0 or no X.509 \s-1PKI\s0 at all, respectively. +Clients that require SCTs are expected to not have enabled any aNULL ciphers +nor to have specified server verification via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 +records. +.PP +\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR turn off \s-1CT\s0 processing, whether +enabled via the built-in or the custom callbacks, by setting a \s-1NULL\s0 callback. +These may be implemented as macros. +.PP +\&\fBSSL_ct_is_enabled()\fR and \fBSSL_CTX_ct_is_enabled()\fR return 1 if \s-1CT\s0 processing is +enabled via either \fBSSL_enable_ct()\fR or a non-null custom callback, and 0 +otherwise. +.SH "NOTES" +.IX Header "NOTES" +When \s-1SCT\s0 processing is enabled, \s-1OCSP\s0 stapling will be enabled. This is because +one possible source of SCTs is the \s-1OCSP\s0 response from a server. +.PP +The time returned by \fBSSL_SESSION_get_time()\fR will be used to evaluate whether any +presented SCTs have timestamps that are in the future (and therefore invalid). +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +Certificate Transparency validation cannot be enabled and so a callback cannot +be set if a custom client extension handler has been registered to handle \s-1SCT\s0 +extensions (\fBTLSEXT_TYPE_signed_certificate_timestamp\fR). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_enable_ct()\fR, \fBSSL_CTX_enable_ct()\fR, \fBSSL_CTX_set_ct_validation_callback()\fR and +\&\fBSSL_set_ct_validation_callback()\fR return 1 if the \fBcallback\fR is successfully +set. +They return 0 if an error occurs, e.g. a custom client extension handler has +been setup to handle SCTs. +.PP +\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR do not return a result. +.PP +\&\fBSSL_CTX_ct_is_enabled()\fR and \fBSSL_ct_is_enabled()\fR return a 1 if a non-null \s-1CT\s0 +validation callback is set, or 0 if no callback (or equivalently a \s-1NULL\s0 +callback) is set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +<\fBSSL_get_verify_result\fR\|(3)>, +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_set_verify\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_ctlog_list_file.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_ctlog_list_file.3 new file mode 100644 index 00000000..1944734b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_ctlog_list_file.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CTLOG_LIST_FILE 3" +.TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file \- load a Certificate Transparency log list from a file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); +\& int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_default_ctlog_list_file()\fR loads a list of Certificate Transparency +(\s-1CT\s0) logs from the default file location, \*(L"ct_log_list.cnf\*(R", found in the +directory where OpenSSL is installed. +.PP +\&\fBSSL_CTX_set_ctlog_list_file()\fR loads a list of \s-1CT\s0 logs from a specific path. +See \fBCTLOG_STORE_new\fR\|(3) for the file format. +.SH "NOTES" +.IX Header "NOTES" +These functions will not clear the existing \s-1CT\s0 log list \- it will be appended +to. To replace the existing list, use SSL_CTX_set0_ctlog_store first. +.PP +If an error occurs whilst parsing a particular log entry in the file, that log +entry will be skipped. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_default_ctlog_list_file()\fR and \fBSSL_CTX_set_ctlog_list_file()\fR +return 1 if the log list is successfully loaded, and 0 if an error occurs. In +the case of an error, the log list may have been partially loaded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_ct_validation_callback\fR\|(3), +\&\fBCTLOG_STORE_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_default_passwd_cb.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_default_passwd_cb.3 new file mode 100644 index 00000000..647e80b1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_default_passwd_cb.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_DEFAULT_PASSWD_CB 3" +.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata, SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata, SSL_get_default_passwd_cb, SSL_get_default_passwd_cb_userdata \- set or get passwd callback for encrypted PEM file handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +\& void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +\& pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +\& void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +\& +\& void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +\& void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); +\& pem_password_cb *SSL_get_default_passwd_cb(SSL *s); +\& void *SSL_get_default_passwd_cb_userdata(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_default_passwd_cb()\fR sets the default password callback called +when loading/storing a \s-1PEM\s0 certificate with encryption. +.PP +\&\fBSSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to userdata, \fBu\fR, +which will be provided to the password callback on invocation. +.PP +\&\fBSSL_CTX_get_default_passwd_cb()\fR returns a function pointer to the password +callback currently set in \fBctx\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned. +.PP +\&\fBSSL_CTX_get_default_passwd_cb_userdata()\fR returns a pointer to the userdata +currently set in \fBctx\fR. If no userdata was explicitly set, the \s-1NULL\s0 pointer +is returned. +.PP +\&\fBSSL_set_default_passwd_cb()\fR, \fBSSL_set_default_passwd_cb_userdata()\fR, +\&\fBSSL_get_default_passwd_cb()\fR and \fBSSL_get_default_passwd_cb_userdata()\fR perform +the same function as their \s-1SSL_CTX\s0 counterparts, but using an \s-1SSL\s0 object. +.PP +The password callback, which must be provided by the application, hands back the +password to be used during decryption. +On invocation a pointer to userdata +is provided. The function must store the password into the provided buffer +\&\fBbuf\fR which is of size \fBsize\fR. The actual length of the password must +be returned to the calling function. \fBrwflag\fR indicates whether the +callback is used for reading/decryption (rwflag=0) or writing/encryption +(rwflag=1). +For more details, see \fBpem_password_cb\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +When loading or storing private keys, a password might be supplied to +protect the private key. The way this password can be supplied may depend +on the application. If only one private key is handled, it can be practical +to have the callback handle the password dialog interactively. If several +keys have to be handled, it can be practical to ask for the password once, +then keep it in memory and use it several times. In the last case, the +password could be stored into the userdata storage and the +callback only returns the password already stored. +.PP +When asking for the password interactively, the callback can use +\&\fBrwflag\fR to check, whether an item shall be encrypted (rwflag=1). +In this case the password dialog may ask for the same password twice +for comparison in order to catch typos, that would make decryption +impossible. +.PP +Other items in \s-1PEM\s0 formatting (certificates) can also be encrypted, it is +however not usual, as certificate information is considered public. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions do not provide diagnostic information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example returns the password provided as userdata to the +calling function. The password is considered to be a '\e0' terminated +string. If the password does not fit into the buffer, the password is +truncated. +.PP +.Vb 6 +\& int my_cb(char *buf, int size, int rwflag, void *u) +\& { +\& strncpy(buf, (char *)u, size); +\& buf[size \- 1] = \*(Aq\e0\*(Aq; +\& return strlen(buf); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_use_certificate\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_CTX_get_default_passwd_cb()\fR, \fBSSL_CTX_get_default_passwd_cb_userdata()\fR, +\&\fBSSL_set_default_passwd_cb()\fR and \fBSSL_set_default_passwd_cb_userdata()\fR were +added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_ex_data.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_ex_data.3 new file mode 100644 index 00000000..cc82b5b2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_ex_data.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_EX_DATA 3" +.TH SSL_CTX_SET_EX_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_get_ex_data, SSL_CTX_set_ex_data, SSL_get_ex_data, SSL_set_ex_data \&\- Store and retrieve extra data from the SSL_CTX, SSL or SSL_SESSION +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx); +\& +\& int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg); +\& +\& void *SSL_get_ex_data(const SSL *s, int idx); +\& +\& int SSL_set_ex_data(SSL *s, int idx, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +SSL*\fB_set_ex_data()\fR functions can be used to store arbitrary user data into the +\&\fB\s-1SSL_CTX\s0\fR, or \fB\s-1SSL\s0\fR object. The user must supply a unique index +which they can subsequently use to retrieve the data using SSL*\fB_get_ex_data()\fR. +.PP +For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and +\&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and +\&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The SSL*\fB_set_ex_data()\fR functions return 1 if the item is successfully stored +and 0 if it is not. +The SSL*\fB_get_ex_data()\fR functions return the ex_data pointer if successful, +otherwise \s-1NULL.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBCRYPTO_get_ex_data\fR\|(3), \fBCRYPTO_set_ex_data\fR\|(3), +\&\fBCRYPTO_get_ex_new_index\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_generate_session_id.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_generate_session_id.3 new file mode 100644 index 00000000..def1175e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_generate_session_id.3 @@ -0,0 +1,267 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_GENERATE_SESSION_ID 3" +.TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id, GEN_SESSION_CB \&\- manipulate generation of SSL session IDs (server only) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*GEN_SESSION_CB)(SSL *ssl, unsigned char *id, +\& unsigned int *id_len); +\& +\& int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +\& int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb); +\& int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, +\& unsigned int id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBctx\fR to be \fBcb\fR. +.PP +\&\fBSSL_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBssl\fR to be \fBcb\fR. +.PP +\&\fBSSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR +(of length \fBid_len\fR) is already contained in the internal session cache +of the parent context of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When a new session is established between client and server, the server +generates a session id. The session id is an arbitrary sequence of bytes. +The length of the session id is between 1 and 32 bytes. The session id is not +security critical but must be unique for the server. Additionally, the session id is +transmitted in the clear when reusing the session so it must not contain +sensitive information. +.PP +Without a callback being set, an OpenSSL server will generate a unique +session id from pseudo random numbers of the maximum possible length. +Using the callback function, the session id can be changed to contain +additional information like e.g. a host id in order to improve load balancing +or external caching techniques. +.PP +The callback function receives a pointer to the memory location to put +\&\fBid\fR into and a pointer to the maximum allowed length \fBid_len\fR. The +buffer at location \fBid\fR is only guaranteed to have the size \fBid_len\fR. +The callback is only allowed to generate a shorter id and reduce \fBid_len\fR; +the callback \fBmust never\fR increase \fBid_len\fR or write to the location +\&\fBid\fR exceeding the given limit. +.PP +The location \fBid\fR is filled with 0x00 before the callback is called, so the +callback may only fill part of the possible length and leave \fBid_len\fR +untouched while maintaining reproducibility. +.PP +Since the sessions must be distinguished, session ids must be unique. +Without the callback a random number is used, so that the probability +of generating the same session id is extremely small (2^256 for SSLv3/TLSv1). +In order to assure the uniqueness of the generated session id, the callback must call +\&\fBSSL_has_matching_session_id()\fR and generate another id if a conflict occurs. +If an id conflict is not resolved, the handshake will fail. +If the application codes e.g. a unique host id, a unique process number, and +a unique sequence number into the session id, uniqueness could easily be +achieved without randomness added (it should however be taken care that +no confidential information is leaked this way). If the application can not +guarantee uniqueness, it is recommended to use the maximum \fBid_len\fR and +fill in the bytes not used to code special information with random data +to avoid collisions. +.PP +\&\fBSSL_has_matching_session_id()\fR will only query the internal session cache, +not the external one. Since the session id is generated before the +handshake is completed, it is not immediately added to the cache. If +another thread is using the same internal session cache, a race condition +can occur in that another thread generates the same session id. +Collisions can also occur when using an external session cache, since +the external cache is not tested with \fBSSL_has_matching_session_id()\fR +and the same race condition applies. +.PP +The callback must return 0 if it cannot generate a session id for whatever +reason and return 1 on success. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_generate_session_id()\fR and \fBSSL_set_generate_session_id()\fR +always return 1. +.PP +\&\fBSSL_has_matching_session_id()\fR returns 1 if another session with the +same id is already in the cache. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The callback function listed will generate a session id with the +server id given, and will fill the rest with pseudo random bytes: +.PP +.Vb 1 +\& const char session_id_prefix = "www\-18"; +\& +\& #define MAX_SESSION_ID_ATTEMPTS 10 +\& static int generate_session_id(SSL *ssl, unsigned char *id, +\& unsigned int *id_len) +\& { +\& unsigned int count = 0; +\& +\& do { +\& RAND_pseudo_bytes(id, *id_len); +\& /* +\& * Prefix the session_id with the required prefix. NB: If our +\& * prefix is too long, clip it \- but there will be worse effects +\& * anyway, eg. the server could only possibly create 1 session +\& * ID (ie. the prefix!) so all future session negotiations will +\& * fail due to conflicts. +\& */ +\& memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ? +\& strlen(session_id_prefix) : *id_len); +\& } while (SSL_has_matching_session_id(ssl, id, *id_len) +\& && ++count < MAX_SESSION_ID_ATTEMPTS); +\& if (count >= MAX_SESSION_ID_ATTEMPTS) +\& return 0; +\& return 1; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_version\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_info_callback.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_info_callback.3 new file mode 100644 index 00000000..7077198e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_info_callback.3 @@ -0,0 +1,285 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_INFO_CALLBACK 3" +.TH SSL_CTX_SET_INFO_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \&\- handle information callback for SSL connections +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); +\& void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); +\& +\& void SSL_set_info_callback(SSL *ssl, void (*callback)()); +\& void (*SSL_get_info_callback(const SSL *ssl))(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection +setup and use. The setting for \fBctx\fR is overridden from the setting for +a specific \s-1SSL\s0 object, if specified. +When \fBcallback\fR is \s-1NULL,\s0 no callback function is used. +.PP +\&\fBSSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +obtain state information for \fBssl\fR during connection setup and use. +When \fBcallback\fR is \s-1NULL,\s0 the callback setting currently valid for +\&\fBctx\fR is used. +.PP +\&\fBSSL_CTX_get_info_callback()\fR returns a pointer to the currently set information +callback function for \fBctx\fR. +.PP +\&\fBSSL_get_info_callback()\fR returns a pointer to the currently set information +callback function for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When setting up a connection and during use, it is possible to obtain state +information from the \s-1SSL/TLS\s0 engine. When set, an information callback function +is called whenever a significant event occurs such as: the state changes, +an alert appears, or an error occurs. +.PP +The callback function is called as \fBcallback(\s-1SSL\s0 *ssl, int where, int ret)\fR. +The \fBwhere\fR argument specifies information about where (in which context) +the callback function was called. If \fBret\fR is 0, an error condition occurred. +If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the alert +information. +.PP +\&\fBwhere\fR is a bitmask made up of the following bits: +.IP "\s-1SSL_CB_LOOP\s0" 4 +.IX Item "SSL_CB_LOOP" +Callback has been called to indicate state change or some other significant +state machine event. This may mean that the callback gets invoked more than once +per state in some situations. +.IP "\s-1SSL_CB_EXIT\s0" 4 +.IX Item "SSL_CB_EXIT" +Callback has been called to indicate exit of a handshake function. This will +happen after the end of a handshake, but may happen at other times too such as +on error or when \s-1IO\s0 might otherwise block and non-blocking is being used. +.IP "\s-1SSL_CB_READ\s0" 4 +.IX Item "SSL_CB_READ" +Callback has been called during read operation. +.IP "\s-1SSL_CB_WRITE\s0" 4 +.IX Item "SSL_CB_WRITE" +Callback has been called during write operation. +.IP "\s-1SSL_CB_ALERT\s0" 4 +.IX Item "SSL_CB_ALERT" +Callback has been called due to an alert being sent or received. +.IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 +.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" +.PD 0 +.IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 +.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" +.IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" +.IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" +.IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" +.IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" +.IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4 +.IX Item "SSL_CB_HANDSHAKE_START" +.PD +Callback has been called because a new handshake is started. It also occurs when +resuming a handshake following a pause to handle early data. +.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0" 4 +.IX Item "SSL_CB_HANDSHAKE_DONE" +Callback has been called because a handshake is finished. It also occurs if the +handshake is paused to allow the exchange of early data. +.PP +The current state information can be obtained using the +\&\fBSSL_state_string\fR\|(3) family of functions. +.PP +The \fBret\fR information can be evaluated using the +\&\fBSSL_alert_type_string\fR\|(3) family of functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_info_callback()\fR does not provide diagnostic information. +.PP +\&\fBSSL_get_info_callback()\fR returns the current setting. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example callback function prints state strings, information +about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO.\s0 +.PP +.Vb 4 +\& void apps_ssl_info_callback(SSL *s, int where, int ret) +\& { +\& const char *str; +\& int w = where & ~SSL_ST_MASK; +\& +\& if (w & SSL_ST_CONNECT) +\& str = "SSL_connect"; +\& else if (w & SSL_ST_ACCEPT) +\& str = "SSL_accept"; +\& else +\& str = "undefined"; +\& +\& if (where & SSL_CB_LOOP) { +\& BIO_printf(bio_err, "%s:%s\en", str, SSL_state_string_long(s)); +\& } else if (where & SSL_CB_ALERT) { +\& str = (where & SSL_CB_READ) ? "read" : "write"; +\& BIO_printf(bio_err, "SSL3 alert %s:%s:%s\en", str, +\& SSL_alert_type_string_long(ret), +\& SSL_alert_desc_string_long(ret)); +\& } else if (where & SSL_CB_EXIT) { +\& if (ret == 0) { +\& BIO_printf(bio_err, "%s:failed in %s\en", +\& str, SSL_state_string_long(s)); +\& } else if (ret < 0) { +\& BIO_printf(bio_err, "%s:error in %s\en", +\& str, SSL_state_string_long(s)); +\& } +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_state_string\fR\|(3), +\&\fBSSL_alert_type_string\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_keylog_callback.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_keylog_callback.3 new file mode 100644 index 00000000..65e3c423 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_keylog_callback.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_KEYLOG_CALLBACK 3" +.TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, SSL_CTX_keylog_cb_func \- logging TLS key material +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); +\& +\& void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); +\& SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_keylog_callback()\fR sets the \s-1TLS\s0 key logging callback. This callback +is called whenever \s-1TLS\s0 key material is generated or received, in order to allow +applications to store this keying material for debugging purposes. +.PP +\&\fBSSL_CTX_get_keylog_callback()\fR retrieves the previously set \s-1TLS\s0 key logging +callback. If no callback has been set, this will return \s-1NULL.\s0 When there is no +key logging callback, or if SSL_CTX_set_keylog_callback is called with \s-1NULL\s0 as +the value of cb, no logging of key material will be done. +.PP +The key logging callback is called with two items: the \fBssl\fR object associated +with the connection, and \fBline\fR, a string containing the key material in the +format used by \s-1NSS\s0 for its \fB\s-1SSLKEYLOGFILE\s0\fR debugging output. To recreate that +file, the key logging callback should log \fBline\fR, followed by a newline. +\&\fBline\fR will always be a NULL-terminated string. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_get_keylog_callback()\fR returns a pointer to \fBSSL_CTX_keylog_cb_func\fR or +\&\s-1NULL\s0 if the callback is not set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_max_cert_list.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_max_cert_list.3 new file mode 100644 index 00000000..fa5251df --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_max_cert_list.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MAX_CERT_LIST 3" +.TH SSL_CTX_SET_MAX_CERT_LIST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list \- manipulate allowed size for the peer's certificate chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size); +\& long SSL_CTX_get_max_cert_list(SSL_CTX *ctx); +\& +\& long SSL_set_max_cert_list(SSL *ssl, long size); +\& long SSL_get_max_cert_list(SSL *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be bytes. +The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time +\&\fBSSL_new\fR\|(3) is being called. +.PP +\&\fBSSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. +.PP +\&\fBSSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for \fBssl\fR to be bytes. This setting stays valid +until a new value is set. +.PP +\&\fBSSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +During the handshake process, the peer may send a certificate chain. +The \s-1TLS/SSL\s0 standard does not give any maximum size of the certificate chain. +The OpenSSL library handles incoming data by a dynamically allocated buffer. +In order to prevent this buffer from growing without bounds due to data +received from a faulty or malicious peer, a maximum size for the certificate +chain is set. +.PP +The default value for the maximum certificate chain size is 100kB (30kB +on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate +chains (OpenSSL's default maximum chain length is 10, see +\&\fBSSL_CTX_set_verify\fR\|(3), and certificates +without special extensions have a typical size of 1\-2kB). +.PP +For special applications it can be necessary to extend the maximum certificate +chain size allowed to be sent by the peer, see e.g. the work on +\&\*(L"Internet X.509 Public Key Infrastructure Proxy Certificate Profile\*(R" +and \*(L"\s-1TLS\s0 Delegation Protocol\*(R" at http://www.ietf.org/ and +http://www.globus.org/ . +.PP +Under normal conditions it should never be necessary to set a value smaller +than the default, as the buffer is handled dynamically and only uses the +memory actually required by the data sent by the peer. +.PP +If the maximum certificate chain size allowed is exceeded, the handshake will +fail with a \s-1SSL_R_EXCESSIVE_MESSAGE_SIZE\s0 error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_max_cert_list()\fR and \fBSSL_set_max_cert_list()\fR return the previously +set value. +.PP +\&\fBSSL_CTX_get_max_cert_list()\fR and \fBSSL_get_max_cert_list()\fR return the currently +set value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_min_proto_version.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_min_proto_version.3 new file mode 100644 index 00000000..47a68acf --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_min_proto_version.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MIN_PROTO_VERSION 3" +.TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, SSL_set_min_proto_version, SSL_set_max_proto_version, SSL_get_min_proto_version, SSL_get_max_proto_version \- Get and set minimum and maximum supported protocol version +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version); +\& int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version); +\& int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); +\& int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); +\& +\& int SSL_set_min_proto_version(SSL *ssl, int version); +\& int SSL_set_max_proto_version(SSL *ssl, int version); +\& int SSL_get_min_proto_version(SSL *ssl); +\& int SSL_get_max_proto_version(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions get or set the minimum and maximum supported protocol versions +for the \fBctx\fR or \fBssl\fR. +This works in combination with the options set via +\&\fBSSL_CTX_set_options\fR\|(3) that also make it possible to disable +specific protocol versions. +Use these functions instead of disabling specific protocol versions. +.PP +Setting the minimum or maximum version to 0, will enable protocol +versions down to the lowest version, or up to the highest version +supported by the library, respectively. +.PP +Getters return 0 in case \fBctx\fR or \fBssl\fR have been configured to +automatically use the lowest or highest version supported by the library. +.PP +Currently supported versions are \fB\s-1SSL3_VERSION\s0\fR, \fB\s-1TLS1_VERSION\s0\fR, +\&\fB\s-1TLS1_1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR, \fB\s-1TLS1_3_VERSION\s0\fR for \s-1TLS\s0 and +\&\fB\s-1DTLS1_VERSION\s0\fR, \fB\s-1DTLS1_2_VERSION\s0\fR for \s-1DTLS.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These setter functions return 1 on success and 0 on failure. The getter +functions return the configured version or 0 for auto-configuration of +lowest or highest protocol, respectively. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented using macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CONF_cmd\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The setter functions were added in OpenSSL 1.1.0. The getter functions +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_mode.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_mode.3 new file mode 100644 index 00000000..734f718e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_mode.3 @@ -0,0 +1,266 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MODE 3" +.TH SSL_CTX_SET_MODE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate SSL engine mode +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); +\& long SSL_CTX_clear_mode(SSL_CTX *ctx, long mode); +\& long SSL_set_mode(SSL *ssl, long mode); +\& long SSL_clear_mode(SSL *ssl, long mode); +\& +\& long SSL_CTX_get_mode(SSL_CTX *ctx); +\& long SSL_get_mode(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBctx\fR. +Options already set before are not cleared. +\&\fBSSL_CTX_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBctx\fR. +.PP +\&\fBSSL_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBssl\fR. +Options already set before are not cleared. +\&\fBSSL_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBssl\fR. +.PP +\&\fBSSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. +.PP +\&\fBSSL_get_mode()\fR returns the mode set for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The following mode changes are available: +.IP "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4 +.IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE" +Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success +when just a single record has been written). This works in a similar way for +\&\fBSSL_write()\fR. When not set (the default), \fBSSL_write_ex()\fR or \fBSSL_write()\fR will only +report success once the complete chunk was written. Once \fBSSL_write_ex()\fR or +\&\fBSSL_write()\fR returns successful, \fBr\fR bytes have been written and the next call +to \fBSSL_write_ex()\fR or \fBSSL_write()\fR must only send the n\-r bytes left, imitating +the behaviour of \fBwrite()\fR. +.IP "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 +.IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" +Make it possible to retry \fBSSL_write_ex()\fR or \fBSSL_write()\fR with changed buffer +location (the buffer contents must stay the same). This is not the default to +avoid the misconception that non-blocking \fBSSL_write()\fR behaves like +non-blocking \fBwrite()\fR. +.IP "\s-1SSL_MODE_AUTO_RETRY\s0" 4 +.IX Item "SSL_MODE_AUTO_RETRY" +During normal operations, non-application data records might need to be sent or +received that the application is not aware of. +If a non-application data record was processed, +\&\fBSSL_read_ex\fR\|(3) and \fBSSL_read\fR\|(3) can return with a failure and indicate the +need to retry with \fB\s-1SSL_ERROR_WANT_READ\s0\fR. +If such a non-application data record was processed, the flag +\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR causes it to try to process the next record instead of +returning. +.Sp +In a non-blocking environment applications must be prepared to handle +incomplete read/write operations. +Setting \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR for a non-blocking \fB\s-1BIO\s0\fR will process +non-application data records until either no more data is available or +an application data record has been processed. +.Sp +In a blocking environment, applications are not always prepared to +deal with the functions returning intermediate reports such as retry +requests, and setting the \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR flag will cause the functions +to only return after successfully processing an application data record or a +failure. +.Sp +Turning off \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR can be useful with blocking \fB\s-1BIO\s0\fRs in case +they are used in combination with something like \fBselect()\fR or \fBpoll()\fR. +Otherwise the call to \fBSSL_read()\fR or \fBSSL_read_ex()\fR might hang when a +non-application record was sent and no application data was sent. +.IP "\s-1SSL_MODE_RELEASE_BUFFERS\s0" 4 +.IX Item "SSL_MODE_RELEASE_BUFFERS" +When we no longer need a read buffer or a write buffer for a given \s-1SSL,\s0 +then release the memory we were using to hold it. +Using this flag can +save around 34k per idle \s-1SSL\s0 connection. +This flag has no effect on \s-1SSL\s0 v2 connections, or on \s-1DTLS\s0 connections. +.IP "\s-1SSL_MODE_SEND_FALLBACK_SCSV\s0" 4 +.IX Item "SSL_MODE_SEND_FALLBACK_SCSV" +Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. +To be set only by applications that reconnect with a downgraded protocol +version; see draft\-ietf\-tls\-downgrade\-scsv\-00 for details. +.Sp +\&\s-1DO NOT ENABLE THIS\s0 if your application attempts a normal handshake. +Only use this in explicit fallback retries, following the guidance +in draft\-ietf\-tls\-downgrade\-scsv\-00. +.IP "\s-1SSL_MODE_ASYNC\s0" 4 +.IX Item "SSL_MODE_ASYNC" +Enable asynchronous processing. \s-1TLS I/O\s0 operations may indicate a retry with +\&\s-1SSL_ERROR_WANT_ASYNC\s0 with this mode set if an asynchronous capable engine is +used to perform cryptographic operations. See \fBSSL_get_error\fR\|(3). +.IP "\s-1SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG\s0" 4 +.IX Item "SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG" +Older versions of OpenSSL had a bug in the computation of the label length +used for computing the endpoint-pair shared secret. The bug was that the +terminating zero was included in the length of the label. Setting this option +enables this behaviour to allow interoperability with such broken +implementations. Please note that setting this option breaks interoperability +with correct implementations. This option only applies to \s-1DTLS\s0 over \s-1SCTP.\s0 +.PP +All modes are off by default except for \s-1SSL_MODE_AUTO_RETRY\s0 which is on by +default since 1.1.1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_mode()\fR and \fBSSL_set_mode()\fR return the new mode bitmask +after adding \fBmode\fR. +.PP +\&\fBSSL_CTX_get_mode()\fR and \fBSSL_get_mode()\fR return the current bitmask. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or +\&\fBSSL_write\fR\|(3), \fBSSL_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1SSL_MODE_ASYNC\s0 was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_msg_callback.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_msg_callback.3 new file mode 100644 index 00000000..5bc174a8 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_msg_callback.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MSG_CALLBACK 3" +.TH SSL_CTX_SET_MSG_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_set_msg_callback_arg \&\- install callback for observing protocol messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_msg_callback(SSL_CTX *ctx, +\& void (*cb)(int write_p, int version, +\& int content_type, const void *buf, +\& size_t len, SSL *ssl, void *arg)); +\& void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); +\& +\& void SSL_set_msg_callback(SSL *ssl, +\& void (*cb)(int write_p, int version, +\& int content_type, const void *buf, +\& size_t len, SSL *ssl, void *arg)); +\& void SSL_set_msg_callback_arg(SSL *ssl, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_msg_callback()\fR or \fBSSL_set_msg_callback()\fR can be used to +define a message callback function \fIcb\fR for observing all \s-1SSL/TLS\s0 +protocol messages (such as handshake messages) that are received or +sent, as well as other events that occur during processing. +\&\fBSSL_CTX_set_msg_callback_arg()\fR and \fBSSL_set_msg_callback_arg()\fR +can be used to set argument \fIarg\fR to the callback function, which is +available for arbitrary application use. +.PP +\&\fBSSL_CTX_set_msg_callback()\fR and \fBSSL_CTX_set_msg_callback_arg()\fR specify +default settings that will be copied to new \fB\s-1SSL\s0\fR objects by +\&\fBSSL_new\fR\|(3). \fBSSL_set_msg_callback()\fR and +\&\fBSSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR +object. Using a \fB\s-1NULL\s0\fR pointer for \fIcb\fR disables the message callback. +.PP +When \fIcb\fR is called by the \s-1SSL/TLS\s0 library the function arguments have the +following meaning: +.IP "\fIwrite_p\fR" 4 +.IX Item "write_p" +This flag is \fB0\fR when a protocol message has been received and \fB1\fR +when a protocol message has been sent. +.IP "\fIversion\fR" 4 +.IX Item "version" +The protocol version according to which the protocol message is +interpreted by the library such as \fB\s-1TLS1_3_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR etc. +This is set to 0 for the \s-1SSL3_RT_HEADER\s0 pseudo content type (see \s-1NOTES\s0 below). +.IP "\fIcontent_type\fR" 4 +.IX Item "content_type" +This is one of the content type values defined in the protocol specification +(\fB\s-1SSL3_RT_CHANGE_CIPHER_SPEC\s0\fR, \fB\s-1SSL3_RT_ALERT\s0\fR, \fB\s-1SSL3_RT_HANDSHAKE\s0\fR; but never +\&\fB\s-1SSL3_RT_APPLICATION_DATA\s0\fR because the callback will only be called for protocol +messages). Alternatively it may be a \*(L"pseudo\*(R" content type. These pseudo +content types are used to signal some other event in the processing of data (see +\&\s-1NOTES\s0 below). +.IP "\fIbuf\fR, \fIlen\fR" 4 +.IX Item "buf, len" +\&\fIbuf\fR points to a buffer containing the protocol message or other data (in the +case of pseudo content types), which consists of \fIlen\fR bytes. The buffer is no +longer valid after the callback function has returned. +.IP "\fIssl\fR" 4 +.IX Item "ssl" +The \fB\s-1SSL\s0\fR object that received or sent the message. +.IP "\fIarg\fR" 4 +.IX Item "arg" +The user-defined argument optionally defined by +\&\fBSSL_CTX_set_msg_callback_arg()\fR or \fBSSL_set_msg_callback_arg()\fR. +.SH "NOTES" +.IX Header "NOTES" +Protocol messages are passed to the callback function after decryption +and fragment collection where applicable. (Thus record boundaries are +not visible.) +.PP +If processing a received protocol message results in an error, +the callback function may not be called. For example, the callback +function will never see messages that are considered too large to be +processed. +.PP +Due to automatic protocol version negotiation, \fIversion\fR is not +necessarily the protocol version used by the sender of the message: If +a \s-1TLS 1.0\s0 ClientHello message is received by an \s-1SSL 3\s0.0\-only server, +\&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. +.PP +Pseudo content type values may be sent at various points during the processing +of data. The following pseudo content types are currently defined: +.IP "\fB\s-1SSL3_RT_HEADER\s0\fR" 4 +.IX Item "SSL3_RT_HEADER" +Used when a record is sent or received. The \fBbuf\fR contains the record header +bytes only. +.IP "\fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR" 4 +.IX Item "SSL3_RT_INNER_CONTENT_TYPE" +Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3 +records the content type in the record header is always +\&\s-1SSL3_RT_APPLICATION_DATA.\s0 The real content type for the record is contained in +an \*(L"inner\*(R" content type. \fBbuf\fR contains the encoded \*(L"inner\*(R" content type byte. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_msg_callback()\fR, \fBSSL_CTX_set_msg_callback_arg()\fR, \fBSSL_set_msg_callback()\fR +and \fBSSL_set_msg_callback_arg()\fR do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The pseudo content type \fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_num_tickets.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_num_tickets.3 new file mode 100644 index 00000000..1b7ec7f4 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_num_tickets.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_NUM_TICKETS 3" +.TH SSL_CTX_SET_NUM_TICKETS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_num_tickets, SSL_get_num_tickets, SSL_CTX_set_num_tickets, SSL_CTX_get_num_tickets \&\- control the number of TLSv1.3 session tickets that are issued +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set_num_tickets(SSL *s, size_t num_tickets); +\& size_t SSL_get_num_tickets(SSL *s); +\& int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +\& size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR can be called for a server +application and set the number of TLSv1.3 session tickets that will be sent to +the client after a full handshake. Set the desired value (which could be 0) in +the \fBnum_tickets\fR argument. Typically these functions should be called before +the start of the handshake. +.PP +The default number of tickets is 2; the default number of tickets sent following +a resumption handshake is 1 but this cannot be changed using these functions. +The number of tickets following a resumption handshake can be reduced to 0 using +custom session ticket callbacks (see \fBSSL_CTX_set_session_ticket_cb\fR\|(3)). +.PP +Tickets are also issued on receipt of a post-handshake certificate from the +client following a request by the server using +\&\fBSSL_verify_client_post_handshake\fR\|(3). These new tickets will be associated +with the updated client identity (i.e. including their certificate and +verification status). The number of tickets issued will normally be the same as +was used for the initial handshake. If the initial handshake was a full +handshake then \fBSSL_set_num_tickets()\fR can be called again prior to calling +\&\fBSSL_verify_client_post_handshake()\fR to update the number of tickets that will be +sent. +.PP +\&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of +tickets set by a previous call to \fBSSL_CTX_set_num_tickets()\fR or +\&\fBSSL_set_num_tickets()\fR, or 2 if no such call has been made. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR return 1 on success or 0 on +failure. +.PP +\&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of tickets +that have been previously set. +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_options.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_options.3 new file mode 100644 index 00000000..ed899f11 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_options.3 @@ -0,0 +1,471 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_OPTIONS 3" +.TH SSL_CTX_SET_OPTIONS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support \- manipulate SSL options +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_options(SSL_CTX *ctx, long options); +\& long SSL_set_options(SSL *ssl, long options); +\& +\& long SSL_CTX_clear_options(SSL_CTX *ctx, long options); +\& long SSL_clear_options(SSL *ssl, long options); +\& +\& long SSL_CTX_get_options(SSL_CTX *ctx); +\& long SSL_get_options(SSL *ssl); +\& +\& long SSL_get_secure_renegotiation_support(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR. +Options already set before are not cleared! +.PP +\&\fBSSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR. +Options already set before are not cleared! +.PP +\&\fBSSL_CTX_clear_options()\fR clears the options set via bitmask in \fBoptions\fR +to \fBctx\fR. +.PP +\&\fBSSL_clear_options()\fR clears the options set via bitmask in \fBoptions\fR to \fBssl\fR. +.PP +\&\fBSSL_CTX_get_options()\fR returns the options set for \fBctx\fR. +.PP +\&\fBSSL_get_options()\fR returns the options set for \fBssl\fR. +.PP +\&\fBSSL_get_secure_renegotiation_support()\fR indicates whether the peer supports +secure renegotiation. +Note, this is implemented via a macro. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of the \s-1SSL\s0 library can be changed by setting several options. +The options are coded as bitmasks and can be combined by a bitwise \fBor\fR +operation (|). +.PP +\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR affect the (external) +protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of +the \s-1API\s0 can be changed by using the similar +\&\fBSSL_CTX_set_mode\fR\|(3) and \fBSSL_set_mode()\fR functions. +.PP +During a handshake, the option settings of the \s-1SSL\s0 object are used. When +a new \s-1SSL\s0 object is created from a context using \fBSSL_new()\fR, the current +option setting is copied. Changes to \fBctx\fR do not affect already created +\&\s-1SSL\s0 objects. \fBSSL_clear()\fR does not affect the settings. +.PP +The following \fBbug workaround\fR options are available: +.IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4 +.IX Item "SSL_OP_SAFARI_ECDHE_ECDSA_BUG" +Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS X. +OS X 10.8..10.8.3\s0 has broken support for ECDHE-ECDSA ciphers. +.IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 +.IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" +Disables a countermeasure against a \s-1SSL 3.0/TLS 1.0\s0 protocol +vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some +broken \s-1SSL\s0 implementations. This option has no effect for connections +using other ciphers. +.IP "\s-1SSL_OP_TLSEXT_PADDING\s0" 4 +.IX Item "SSL_OP_TLSEXT_PADDING" +Adds a padding extension to ensure the ClientHello size is never between +256 and 511 bytes in length. This is needed as a workaround for some +implementations. +.IP "\s-1SSL_OP_ALL\s0" 4 +.IX Item "SSL_OP_ALL" +All of the above bug workarounds plus \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR as +mentioned below. +.PP +It is usually safe to use \fB\s-1SSL_OP_ALL\s0\fR to enable the bug workaround +options if compatibility with somewhat broken implementations is +desired. +.PP +The following \fBmodifying\fR options are available: +.IP "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 +.IX Item "SSL_OP_TLS_ROLLBACK_BUG" +Disable version rollback attack detection. +.Sp +During the client key exchange, the client must send the same information +about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some +clients violate this rule by adapting to the server's answer. (Example: +the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server +only understands up to SSLv3. In this case the client must still use the +same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect +to the server's answer and violate the version rollback protection.) +.IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 +.IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" +When choosing a cipher, use the server's preferences instead of the client +preferences. When not set, the \s-1SSL\s0 server will always follow the clients +preferences. When set, the \s-1SSL/TLS\s0 server will choose following its +own preferences. +.IP "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" 4 +.IX Item "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" +These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol +versions with \s-1TLS\s0 or the DTLSv1, DTLSv1.2 versions with \s-1DTLS,\s0 +respectively. +As of OpenSSL 1.1.0, these options are deprecated, use +\&\fBSSL_CTX_set_min_proto_version\fR\|(3) and +\&\fBSSL_CTX_set_max_proto_version\fR\|(3) instead. +.IP "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" +When performing renegotiation as a server, always start a new session +(i.e., session resumption requests are only accepted in the initial +handshake). This option is not needed for clients. +.IP "\s-1SSL_OP_NO_COMPRESSION\s0" 4 +.IX Item "SSL_OP_NO_COMPRESSION" +Do not use compression even if it is supported. +.IP "\s-1SSL_OP_NO_QUERY_MTU\s0" 4 +.IX Item "SSL_OP_NO_QUERY_MTU" +Do not query the \s-1MTU.\s0 Only affects \s-1DTLS\s0 connections. +.IP "\s-1SSL_OP_COOKIE_EXCHANGE\s0" 4 +.IX Item "SSL_OP_COOKIE_EXCHANGE" +Turn on Cookie Exchange as described in \s-1RFC4347\s0 Section 4.2.1. Only affects +\&\s-1DTLS\s0 connections. +.IP "\s-1SSL_OP_NO_TICKET\s0" 4 +.IX Item "SSL_OP_NO_TICKET" +\&\s-1SSL/TLS\s0 supports two mechanisms for resuming sessions: session ids and stateless +session tickets. +.Sp +When using session ids a copy of the session information is +cached on the server and a unique id is sent to the client. When the client +wishes to resume it provides the unique id so that the server can retrieve the +session information from its cache. +.Sp +When using stateless session tickets the server uses a session ticket encryption +key to encrypt the session information. This encrypted data is sent to the +client as a \*(L"ticket\*(R". When the client wishes to resume it sends the encrypted +data back to the server. The server uses its key to decrypt the data and resume +the session. In this way the server can operate statelessly \- no session +information needs to be cached locally. +.Sp +The TLSv1.3 protocol only supports tickets and does not directly support session +ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful +and stateless. Stateless tickets work the same way as in TLSv1.2 and below. +Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. +The session information is cached on the server and the session id is wrapped up +in a ticket and sent back to the client. When the client wishes to resume, it +presents a ticket in the same way as for stateless tickets. The server can then +extract the session id from the ticket and retrieve the session information from +its cache. +.Sp +By default OpenSSL will use stateless tickets. The \s-1SSL_OP_NO_TICKET\s0 option will +cause stateless tickets to not be issued. In TLSv1.2 and below this means no +ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be +sent. This is a server-side option only. +.Sp +In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from +being sent by calling \fBSSL_CTX_set_num_tickets\fR\|(3) or +\&\fBSSL_set_num_tickets\fR\|(3). +.IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" +Allow legacy insecure renegotiation between OpenSSL and unpatched clients or +servers. See the \fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. +.IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4 +.IX Item "SSL_OP_LEGACY_SERVER_CONNECT" +Allow legacy insecure renegotiation between OpenSSL and unpatched servers +\&\fBonly\fR: this option is currently set by default. See the +\&\fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. +.IP "\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0" 4 +.IX Item "SSL_OP_NO_ENCRYPT_THEN_MAC" +Normally clients and servers will transparently attempt to negotiate the +\&\s-1RFC7366\s0 Encrypt-then-MAC option on \s-1TLS\s0 and \s-1DTLS\s0 connection. +.Sp +If this option is set, Encrypt-then-MAC is disabled. Clients will not +propose, and servers will not accept the extension. +.IP "\s-1SSL_OP_NO_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_NO_RENEGOTIATION" +Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest +messages, and ignore renegotiation requests via ClientHello. +.IP "\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0" 4 +.IX Item "SSL_OP_ALLOW_NO_DHE_KEX" +In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. +.IP "\s-1SSL_OP_PRIORITIZE_CHACHA\s0" 4 +.IX Item "SSL_OP_PRIORITIZE_CHACHA" +When \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0 is set, temporarily reprioritize +ChaCha20\-Poly1305 ciphers to the top of the server cipher list if a +ChaCha20\-Poly1305 cipher is at the top of the client cipher list. This helps +those clients (e.g. mobile) use ChaCha20\-Poly1305 if that cipher is anywhere +in the server cipher list; but still allows other clients to use \s-1AES\s0 and other +ciphers. Requires \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. +.IP "\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0" 4 +.IX Item "SSL_OP_ENABLE_MIDDLEBOX_COMPAT" +If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent in TLSv1.3. This +has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that +do not understand TLSv1.3 will not drop the connection. Regardless of whether +this option is set or not \s-1CCS\s0 messages received from the peer will always be +ignored in TLSv1.3. This option is set by default. To switch it off use +\&\fBSSL_clear_options()\fR. A future version of OpenSSL may not set this by default. +.IP "\s-1SSL_OP_NO_ANTI_REPLAY\s0" 4 +.IX Item "SSL_OP_NO_ANTI_REPLAY" +By default, when a server is configured for early data (i.e., max_early_data > 0), +OpenSSL will switch on replay protection. See \fBSSL_read_early_data\fR\|(3) for a +description of the replay protection feature. Anti-replay measures are required +to comply with the TLSv1.3 specification. Some applications may be able to +mitigate the replay risks in other ways and in such cases the built in OpenSSL +functionality is not required. Those applications can turn this feature off by +setting this option. This is a server-side opton only. It is ignored by +clients. +.PP +The following options no longer have any effect but their identifiers are +retained for compatibility purposes: +.IP "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" +.PD 0 +.IP "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4 +.IX Item "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" +.IP "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 +.IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" +.IP "\s-1SSL_OP_TLS_D5_BUG\s0" 4 +.IX Item "SSL_OP_TLS_D5_BUG" +.IP "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 +.IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG" +.IP "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4 +.IX Item "SSL_OP_MSIE_SSLV2_RSA_PADDING" +.IP "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4 +.IX Item "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" +.IP "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 +.IX Item "SSL_OP_MICROSOFT_SESS_ID_BUG" +.IP "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_CHALLENGE_BUG" +.IP "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 +.IX Item "SSL_OP_PKCS1_CHECK_1" +.IP "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4 +.IX Item "SSL_OP_PKCS1_CHECK_2" +.IP "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 +.IX Item "SSL_OP_SINGLE_DH_USE" +.IP "\s-1SSL_OP_SINGLE_ECDH_USE\s0" 4 +.IX Item "SSL_OP_SINGLE_ECDH_USE" +.IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 +.IX Item "SSL_OP_EPHEMERAL_RSA" +.PD +.SH "SECURE RENEGOTIATION" +.IX Header "SECURE RENEGOTIATION" +OpenSSL always attempts to use secure renegotiation as +described in \s-1RFC5746.\s0 This counters the prefix attack described in +\&\s-1CVE\-2009\-3555\s0 and elsewhere. +.PP +This attack has far reaching consequences which application writers should be +aware of. In the description below an implementation supporting secure +renegotiation is referred to as \fIpatched\fR. A server not supporting secure +renegotiation is referred to as \fIunpatched\fR. +.PP +The following sections describe the operations permitted by OpenSSL's secure +renegotiation implementation. +.SS "Patched client and server" +.IX Subsection "Patched client and server" +Connections and renegotiation are always permitted by OpenSSL implementations. +.SS "Unpatched client and patched OpenSSL server" +.IX Subsection "Unpatched client and patched OpenSSL server" +The initial connection succeeds but client renegotiation is denied by the +server with a \fBno_renegotiation\fR warning alert if \s-1TLS\s0 v1.0 is used or a fatal +\&\fBhandshake_failure\fR alert in \s-1SSL\s0 v3.0. +.PP +If the patched OpenSSL server attempts to renegotiate a fatal +\&\fBhandshake_failure\fR alert is sent. This is because the server code may be +unaware of the unpatched nature of the client. +.PP +If the option \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then +renegotiation \fBalways\fR succeeds. +.SS "Patched OpenSSL client and unpatched server." +.IX Subsection "Patched OpenSSL client and unpatched server." +If the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR or +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then initial connections +and renegotiation between patched OpenSSL clients and unpatched servers +succeeds. If neither option is set then initial connections to unpatched +servers will fail. +.PP +The option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR is currently set by default even +though it has security implications: otherwise it would be impossible to +connect to unpatched servers (i.e. all of them initially) and this is clearly +not acceptable. Renegotiation is permitted because this does not add any +additional security issues: during an attack clients do not see any +renegotiations anyway. +.PP +As more servers become patched the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR will +\&\fBnot\fR be set by default in a future version of OpenSSL. +.PP +OpenSSL client applications wishing to ensure they can connect to unpatched +servers should always \fBset\fR \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR +.PP +OpenSSL client applications that want to ensure they can \fBnot\fR connect to +unpatched servers (and thus avoid any security issues) should always \fBclear\fR +\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fBSSL_CTX_clear_options()\fR or +\&\fBSSL_clear_options()\fR. +.PP +The difference between the \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR and +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR options is that +\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR enables initial connections and secure +renegotiation between OpenSSL clients and unpatched servers \fBonly\fR, while +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR allows initial connections +and renegotiation between OpenSSL and unpatched clients or servers. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR return the new options bitmask +after adding \fBoptions\fR. +.PP +\&\fBSSL_CTX_clear_options()\fR and \fBSSL_clear_options()\fR return the new options bitmask +after clearing \fBoptions\fR. +.PP +\&\fBSSL_CTX_get_options()\fR and \fBSSL_get_options()\fR return the current bitmask. +.PP +\&\fBSSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports +secure renegotiation and 0 if it does not. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBSSL_CTX_set_min_proto_version\fR\|(3), +\&\fBdhparam\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The attempt to always try to use secure renegotiation was added in +OpenSSL 0.9.8m. +.PP +The \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR and \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR options +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_psk_client_callback.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_psk_client_callback.3 new file mode 100644 index 00000000..a32c90d3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_psk_client_callback.3 @@ -0,0 +1,292 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_PSK_CLIENT_CALLBACK 3" +.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_psk_client_cb_func, SSL_psk_use_session_cb_func, SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback, SSL_CTX_set_psk_use_session_callback, SSL_set_psk_use_session_callback \&\- set PSK client callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, +\& const unsigned char **id, +\& size_t *idlen, +\& SSL_SESSION **sess); +\& +\& +\& void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, +\& SSL_psk_use_session_cb_func cb); +\& void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +\& +\& +\& typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, +\& const char *hint, +\& char *identity, +\& unsigned int max_identity_len, +\& unsigned char *psk, +\& unsigned int max_psk_len); +\& +\& void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); +\& void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A client application wishing to use TLSv1.3 PSKs should use either +\&\fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR as +appropriate. These functions cannot be used for TLSv1.2 and below PSKs. +.PP +The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR. +.PP +The first time the callback is called for a connection the \fBmd\fR parameter is +\&\s-1NULL.\s0 In some circumstances the callback will be called a second time. In that +case the server will have specified a ciphersuite to use already and the \s-1PSK\s0 +must be compatible with the digest for that ciphersuite. The digest will be +given in \fBmd\fR. The \s-1PSK\s0 returned by the callback is allowed to be different +between the first and second time it is called. +.PP +On successful completion the callback must store a pointer to an identifier for +the \s-1PSK\s0 in \fB*id\fR. The identifier length in bytes should be stored in \fB*idlen\fR. +The memory pointed to by \fB*id\fR remains owned by the application and should +be freed by it as required at any point after the handshake is complete. +.PP +Additionally the callback should store a pointer to an \s-1SSL_SESSION\s0 object in +\&\fB*sess\fR. This is used as the basis for the \s-1PSK,\s0 and should, at a minimum, have +the following fields set: +.IP "The master key" 4 +.IX Item "The master key" +This can be set via a call to \fBSSL_SESSION_set1_master_key\fR\|(3). +.IP "A ciphersuite" 4 +.IX Item "A ciphersuite" +Only the handshake digest associated with the ciphersuite is relevant for the +\&\s-1PSK\s0 (the server may go on to negotiate any ciphersuite which is compatible with +the digest). The application can use any TLSv1.3 ciphersuite. If \fBmd\fR is +not \s-1NULL\s0 the handshake digest for the ciphersuite should be the same. +The ciphersuite can be set via a call to <\fBSSL_SESSION_set_cipher\fR\|(3)>. The +handshake digest of an \s-1SSL_CIPHER\s0 object can be checked using +<\fBSSL_CIPHER_get_handshake_digest\fR\|(3)>. +.IP "The protocol version" 4 +.IX Item "The protocol version" +This can be set via a call to \fBSSL_SESSION_set_protocol_version\fR\|(3) and should +be \s-1TLS1_3_VERSION.\s0 +.PP +Additionally the maximum early data value should be set via a call to +\&\fBSSL_SESSION_set_max_early_data\fR\|(3) if the \s-1PSK\s0 will be used for sending early +data. +.PP +Alternatively an \s-1SSL_SESSION\s0 created from a previous non-PSK handshake may also +be used as the basis for a \s-1PSK.\s0 +.PP +Ownership of the \s-1SSL_SESSION\s0 object is passed to the OpenSSL library and so it +should not be freed by the application. +.PP +It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this +case no \s-1PSK\s0 will be sent to the server but the handshake will continue. To do +this the callback should return successfully and ensure that \fB*sess\fR is +\&\s-1NULL.\s0 The contents of \fB*id\fR and \fB*idlen\fR will be ignored. +.PP +A client application wishing to use \s-1PSK\s0 ciphersuites for TLSv1.2 and below must +provide a different callback function. This function will be called when the +client is sending the ClientKeyExchange message to the server. +.PP +The purpose of the callback function is to select the \s-1PSK\s0 identity and +the pre-shared key to use during the connection setup phase. +.PP +The callback is set using functions \fBSSL_CTX_set_psk_client_callback()\fR +or \fBSSL_set_psk_client_callback()\fR. The callback function is given the +connection in parameter \fBssl\fR, a \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 identity hint +sent by the server in parameter \fBhint\fR, a buffer \fBidentity\fR of +length \fBmax_identity_len\fR bytes where the resulting +\&\fB\s-1NUL\s0\fR\-terminated identity is to be stored, and a buffer \fBpsk\fR of +length \fBmax_psk_len\fR bytes where the resulting pre-shared key is to +be stored. +.PP +The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use \fBSSL_CTX_set_psk_use_session_callback()\fR +or \fBSSL_set_psk_use_session_callback()\fR for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via \fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via \fBSSL_CTX_set_psk_client_callback()\fR or +\&\fBSSL_set_psk_client_callback()\fR and use that. In this case the \fBhint\fR value will +always be \s-1NULL\s0 and the handshake digest will default to \s-1SHA\-256\s0 for any returned +\&\s-1PSK.\s0 +.SH "NOTES" +.IX Header "NOTES" +Note that parameter \fBhint\fR given to the callback may be \fB\s-1NULL\s0\fR. +.PP +A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption +has occurred so that \fBSSL_session_reused\fR\|(3) will return true. +.PP +There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or +below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution: +.PP +\&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +\&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Return values from the \fBSSL_psk_client_cb_func\fR callback are interpreted as +follows: +.PP +On success (callback found a \s-1PSK\s0 identity and a pre-shared key to use) +the length (> 0) of \fBpsk\fR in bytes is returned. +.PP +Otherwise or on errors the callback should return 0. In this case +the connection setup fails. +.PP +The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_psk_find_session_callback\fR\|(3), +\&\fBSSL_set_psk_find_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_CTX_set_psk_use_session_callback()\fR and \fBSSL_set_psk_use_session_callback()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_quiet_shutdown.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_quiet_shutdown.3 new file mode 100644 index 00000000..4421cb79 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_quiet_shutdown.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_QUIET_SHUTDOWN 3" +.TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +\& int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +\& +\& void SSL_set_quiet_shutdown(SSL *ssl, int mode); +\& int SSL_get_quiet_shutdown(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be +\&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time +\&\fBSSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1. +.PP +\&\fBSSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. +.PP +\&\fBSSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be +\&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with +\&\fBSSL_free\fR\|(3) or \fBSSL_set_quiet_shutdown()\fR is called again. +It is not changed when \fBSSL_clear\fR\|(3) is called. +\&\fBmode\fR may be 0 or 1. +.PP +\&\fBSSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Normally when a \s-1SSL\s0 connection is finished, the parties must send out +close_notify alert messages using \fBSSL_shutdown\fR\|(3) +for a clean shutdown. +.PP +When setting the \*(L"quiet shutdown\*(R" flag to 1, \fBSSL_shutdown\fR\|(3) +will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. +(\fBSSL_shutdown\fR\|(3) then behaves like +\&\fBSSL_set_shutdown\fR\|(3) called with +SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) +The session is thus considered to be shutdown, but no close_notify alert +is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. +.PP +The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_quiet_shutdown()\fR and \fBSSL_set_quiet_shutdown()\fR do not return +diagnostic information. +.PP +\&\fBSSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current +setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3), +\&\fBSSL_set_shutdown\fR\|(3), \fBSSL_new\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_read_ahead.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_read_ahead.3 new file mode 100644 index 00000000..50c19e47 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_read_ahead.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_READ_AHEAD 3" +.TH SSL_CTX_SET_READ_AHEAD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead, SSL_CTX_get_default_read_ahead \&\- manage whether to read as many input bytes as possible +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_read_ahead(SSL *s, int yes); +\& int SSL_get_read_ahead(const SSL *s); +\& +\& SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); +\& long SSL_CTX_get_read_ahead(SSL_CTX *ctx); +\& long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_read_ahead()\fR and \fBSSL_set_read_ahead()\fR set whether we should read as +many input bytes as possible (for non-blocking reads) or not. For example if +\&\fBx\fR bytes are currently required by OpenSSL, but \fBy\fR bytes are available from +the underlying \s-1BIO\s0 (where \fBy\fR > \fBx\fR), then OpenSSL will read all \fBy\fR bytes +into its buffer (providing that the buffer is large enough) if reading ahead is +on, or \fBx\fR bytes otherwise. +Setting the parameter \fByes\fR to 0 turns reading ahead is off, other values turn +it on. +\&\fBSSL_CTX_set_default_read_ahead()\fR is identical to \fBSSL_CTX_set_read_ahead()\fR. +.PP +\&\fBSSL_CTX_get_read_ahead()\fR and \fBSSL_get_read_ahead()\fR indicate whether reading +ahead has been set or not. +\&\fBSSL_CTX_get_default_read_ahead()\fR is identical to \fBSSL_CTX_get_read_ahead()\fR. +.SH "NOTES" +.IX Header "NOTES" +These functions have no impact when used with \s-1DTLS.\s0 The return values for +\&\fBSSL_CTX_get_read_head()\fR and \fBSSL_get_read_ahead()\fR are undefined for \s-1DTLS.\s0 Setting +\&\fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR function +(see \fBSSL_pending\fR\|(3)). +.PP +Since \fBSSL_read()\fR can return \fB\s-1SSL_ERROR_WANT_READ\s0\fR for non-application data +records, and \fBSSL_has_pending()\fR can't tell the difference between processed and +unprocessed data, it's recommended that if read ahead is turned on that +\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is not turned off using \fBSSL_CTX_clear_mode()\fR. +That will prevent getting \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is still a complete +record available that hasn't been processed. +.PP +If the application wants to continue to use the underlying transport (e.g. \s-1TCP\s0 +connection) after the \s-1SSL\s0 connection is finished using \fBSSL_shutdown()\fR reading +ahead should be turned off. +Otherwise the \s-1SSL\s0 structure might read data that it shouldn't. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get_read_ahead()\fR and \fBSSL_CTX_get_read_ahead()\fR return 0 if reading ahead is off, +and non zero otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_pending\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_record_padding_callback.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_record_padding_callback.3 new file mode 100644 index 00000000..e8276205 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_record_padding_callback.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_RECORD_PADDING_CALLBACK 3" +.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_record_padding_callback, SSL_set_record_padding_callback, SSL_CTX_set_record_padding_callback_arg, SSL_set_record_padding_callback_arg, SSL_CTX_get_record_padding_callback_arg, SSL_get_record_padding_callback_arg, SSL_CTX_set_block_padding, SSL_set_block_padding \- install callback to specify TLS 1.3 record padding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); +\& void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); +\& +\& void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); +\& void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); +\& +\& void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); +\& void *SSL_get_record_padding_callback_arg(const SSL *ssl); +\& +\& int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); +\& int SSL_set_block_padding(SSL *ssl, size_t block_size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_record_padding_callback()\fR or \fBSSL_set_record_padding_callback()\fR +can be used to assign a callback function \fIcb\fR to specify the padding +for \s-1TLS 1.3\s0 records. The value set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR. +.PP +\&\fBSSL_CTX_set_record_padding_callback_arg()\fR and \fBSSL_set_record_padding_callback_arg()\fR +assign a value \fBarg\fR that is passed to the callback when it is invoked. The value +set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR. +.PP +\&\fBSSL_CTX_get_record_padding_callback_arg()\fR and \fBSSL_get_record_padding_callback_arg()\fR +retrieve the \fBarg\fR value that is passed to the callback. +.PP +\&\fBSSL_CTX_set_block_padding()\fR and \fBSSL_set_block_padding()\fR pads the record to a multiple +of the \fBblock_size\fR. A \fBblock_size\fR of 0 or 1 disables block padding. The limit of +\&\fBblock_size\fR is \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0 +.PP +The callback is invoked for every record before encryption. +The \fBtype\fR parameter is the \s-1TLS\s0 record type that is being processed; may be +one of \s-1SSL3_RT_APPLICATION_DATA, SSL3_RT_HANDSHAKE,\s0 or \s-1SSL3_RT_ALERT.\s0 +The \fBlen\fR parameter is the current plaintext length of the record before encryption. +The \fBarg\fR parameter is the value set via \fBSSL_CTX_set_record_padding_callback_arg()\fR +or \fBSSL_set_record_padding_callback_arg()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBSSL_CTX_get_record_padding_callback_arg()\fR and \fBSSL_get_record_padding_callback_arg()\fR +functions return the \fBarg\fR value assigned in the corresponding set functions. +.PP +The \fBSSL_CTX_set_block_padding()\fR and \fBSSL_set_block_padding()\fR functions return 1 on success +or 0 if \fBblock_size\fR is too large. +.PP +The \fBcb\fR returns the number of padding bytes to add to the record. A return of 0 +indicates no padding will be added. A return value that causes the record to +exceed the maximum record size (\s-1SSL3_RT_MAX_PLAIN_LENGTH\s0) will pad out to the +maximum record size. +.SH "NOTES" +.IX Header "NOTES" +The default behavior is to add no padding to the record. +.PP +A user-supplied padding callback function will override the behavior set by +\&\fBSSL_set_block_padding()\fR or \fBSSL_CTX_set_block_padding()\fR. Setting the user-supplied +callback to \s-1NULL\s0 will restore the configured block padding behavior. +.PP +These functions only apply to \s-1TLS 1.3\s0 records being written. +.PP +Padding bytes are not added in constant-time. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The record padding \s-1API\s0 was added for \s-1TLS 1.3\s0 support in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_security_level.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_security_level.3 new file mode 100644 index 00000000..10224d96 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_security_level.3 @@ -0,0 +1,309 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SECURITY_LEVEL 3" +.TH SSL_CTX_SET_SECURITY_LEVEL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, SSL_get_security_level, SSL_CTX_set_security_callback, SSL_set_security_callback, SSL_CTX_get_security_callback, SSL_get_security_callback, SSL_CTX_set0_security_ex_data, SSL_set0_security_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data \- SSL/TLS security framework +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +\& void SSL_set_security_level(SSL *s, int level); +\& +\& int SSL_CTX_get_security_level(const SSL_CTX *ctx); +\& int SSL_get_security_level(const SSL *s); +\& +\& void SSL_CTX_set_security_callback(SSL_CTX *ctx, +\& int (*cb)(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, +\& void *other, void *ex)); +\& +\& void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, +\& void *other, void *ex)); +\& +\& int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, void *other, +\& void *ex); +\& int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, void *other, +\& void *ex); +\& +\& void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +\& void SSL_set0_security_ex_data(SSL *s, void *ex); +\& +\& void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); +\& void *SSL_get0_security_ex_data(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions \fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR set +the security level to \fBlevel\fR. If not set the library default security level +is used. +.PP +The functions \fBSSL_CTX_get_security_level()\fR and \fBSSL_get_security_level()\fR +retrieve the current security level. +.PP +\&\fBSSL_CTX_set_security_callback()\fR, \fBSSL_set_security_callback()\fR, +\&\fBSSL_CTX_get_security_callback()\fR and \fBSSL_get_security_callback()\fR get or set +the security callback associated with \fBctx\fR or \fBs\fR. If not set a default +security callback is used. The meaning of the parameters and the behaviour +of the default callbacks is described below. +.PP +\&\fBSSL_CTX_set0_security_ex_data()\fR, \fBSSL_set0_security_ex_data()\fR, +\&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR set the +extra data pointer passed to the \fBex\fR parameter of the callback. This +value is passed to the callback verbatim and can be set to any convenient +application specific value. +.SH "DEFAULT CALLBACK BEHAVIOUR" +.IX Header "DEFAULT CALLBACK BEHAVIOUR" +If an application doesn't set its own security callback the default +callback is used. It is intended to provide sane defaults. The meaning +of each level is described below. +.IP "\fBLevel 0\fR" 4 +.IX Item "Level 0" +Everything is permitted. This retains compatibility with previous versions of +OpenSSL. +.IP "\fBLevel 1\fR" 4 +.IX Item "Level 1" +The security level corresponds to a minimum of 80 bits of security. Any +parameters offering below 80 bits of security are excluded. As a result \s-1RSA, +DSA\s0 and \s-1DH\s0 keys shorter than 1024 bits and \s-1ECC\s0 keys shorter than 160 bits +are prohibited. All export cipher suites are prohibited since they all offer +less than 80 bits of security. \s-1SSL\s0 version 2 is prohibited. Any cipher suite +using \s-1MD5\s0 for the \s-1MAC\s0 is also prohibited. +.IP "\fBLevel 2\fR" 4 +.IX Item "Level 2" +Security level set to 112 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 2048 bits and \s-1ECC\s0 keys shorter than 224 bits are prohibited. +In addition to the level 1 exclusions any cipher suite using \s-1RC4\s0 is also +prohibited. \s-1SSL\s0 version 3 is also not allowed. Compression is disabled. +.IP "\fBLevel 3\fR" 4 +.IX Item "Level 3" +Security level set to 128 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 3072 bits and \s-1ECC\s0 keys shorter than 256 bits are prohibited. +In addition to the level 2 exclusions cipher suites not offering forward +secrecy are prohibited. \s-1TLS\s0 versions below 1.1 are not permitted. Session +tickets are disabled. +.IP "\fBLevel 4\fR" 4 +.IX Item "Level 4" +Security level set to 192 bits of security. As a result \s-1RSA, DSA\s0 and +\&\s-1DH\s0 keys shorter than 7680 bits and \s-1ECC\s0 keys shorter than 384 bits are +prohibited. Cipher suites using \s-1SHA1\s0 for the \s-1MAC\s0 are prohibited. \s-1TLS\s0 +versions below 1.2 are not permitted. +.IP "\fBLevel 5\fR" 4 +.IX Item "Level 5" +Security level set to 256 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 15360 bits and \s-1ECC\s0 keys shorter than 512 bits are prohibited. +.SH "APPLICATION DEFINED SECURITY CALLBACKS" +.IX Header "APPLICATION DEFINED SECURITY CALLBACKS" +\&\fIDocumentation to be provided.\fR +.SH "NOTES" +.IX Header "NOTES" +\&\fB\s-1WARNING\s0\fR at this time setting the security level higher than 1 for +general internet use is likely to cause \fBconsiderable\fR interoperability +issues and is not recommended. This is because the \fB\s-1SHA1\s0\fR algorithm +is very widely used in certificates and will be rejected at levels +higher than 1 because it only offers 80 bits of security. +.PP +The default security level can be configured when OpenSSL is compiled by +setting \fB\-DOPENSSL_TLS_SECURITY_LEVEL=level\fR. If not set then 1 is used. +.PP +The security framework disables or reject parameters inconsistent with the +set security level. In the past this was difficult as applications had to set +a number of distinct parameters (supported ciphers, supported curves supported +signature algorithms) to achieve this end and some cases (\s-1DH\s0 parameter size +for example) could not be checked at all. +.PP +By setting an appropriate security level much of this complexity can be +avoided. +.PP +The bits of security limits affect all relevant parameters including +cipher suite encryption algorithms, supported \s-1ECC\s0 curves, supported +signature algorithms, \s-1DH\s0 parameter sizes, certificate key sizes and +signature algorithms. This limit applies no matter what other custom +settings an application has set: so if the cipher suite is set to \fB\s-1ALL\s0\fR +then only cipher suites consistent with the security level are permissible. +.PP +See \s-1SP800\-57\s0 for how the security limits are related to individual +algorithms. +.PP +Some security levels require large key sizes for non-ECC public key +algorithms which can severely degrade performance. For example 256 bits +of security requires the use of \s-1RSA\s0 keys of at least 15360 bits in size. +.PP +Some restrictions can be gracefully handled: for example cipher suites +offering insufficient security are not sent by the client and will not +be selected by the server. Other restrictions such as the peer certificate +key size or the \s-1DH\s0 parameter size will abort the handshake with a fatal +alert. +.PP +Attempts to set certificates or parameters with insufficient security are +also blocked. For example trying to set a certificate using a 512 bit \s-1RSA\s0 +key using \fBSSL_CTX_use_certificate()\fR at level 1. Applications which do not +check the return values for errors will misbehave: for example it might +appear that a certificate is not set at all because it had been rejected. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR do not return values. +.PP +\&\fBSSL_CTX_get_security_level()\fR and \fBSSL_get_security_level()\fR return a integer that +represents the security level with \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR, respectively. +.PP +\&\fBSSL_CTX_set_security_callback()\fR and \fBSSL_set_security_callback()\fR do not return +values. +.PP +\&\fBSSL_CTX_get_security_callback()\fR and \fBSSL_get_security_callback()\fR return the pointer +to the security callback or \s-1NULL\s0 if the callback is not set. +.PP +\&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR return the extra +data pointer or \s-1NULL\s0 if the ex data is not set. +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_session_cache_mode.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_session_cache_mode.3 new file mode 100644 index 00000000..d5a42665 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_session_cache_mode.3 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_CACHE_MODE 3" +.TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode); +\& long SSL_CTX_get_session_cache_mode(SSL_CTX ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_session_cache_mode()\fR enables/disables session caching +by setting the operational mode for \fBctx\fR to . +.PP +\&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode. +.SH "NOTES" +.IX Header "NOTES" +The OpenSSL library can store/retrieve \s-1SSL/TLS\s0 sessions for later reuse. +The sessions can be held in memory for each \fBctx\fR, if more than one +\&\s-1SSL_CTX\s0 object is being maintained, the sessions are unique for each \s-1SSL_CTX\s0 +object. +.PP +In order to reuse a session, a client must send the session's id to the +server. It can only send exactly one id. The server then either +agrees to reuse the session or it starts a full handshake (to create a new +session). +.PP +A server will look up the session in its internal session storage. If the +session is not found in internal storage or lookups for the internal storage +have been deactivated (\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0), the server will try +the external storage if available. +.PP +Since a client may try to reuse a session intended for use in a different +context, the session id context must be set by the server (see +\&\fBSSL_CTX_set_session_id_context\fR\|(3)). +.PP +The following session cache modes and modifiers are available: +.IP "\s-1SSL_SESS_CACHE_OFF\s0" 4 +.IX Item "SSL_SESS_CACHE_OFF" +No session caching for client or server takes place. +.IP "\s-1SSL_SESS_CACHE_CLIENT\s0" 4 +.IX Item "SSL_SESS_CACHE_CLIENT" +Client sessions are added to the session cache. As there is no reliable way +for the OpenSSL library to know whether a session should be reused or which +session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not +have details about the connection), the application must select the session +to be reused by using the \fBSSL_set_session\fR\|(3) +function. This option is not activated by default. +.IP "\s-1SSL_SESS_CACHE_SERVER\s0" 4 +.IX Item "SSL_SESS_CACHE_SERVER" +Server sessions are added to the session cache. When a client proposes a +session to be reused, the server looks for the corresponding session in (first) +the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set), +then (second) in the external cache if available. If the session is found, the +server will try to reuse the session. This is the default. +.IP "\s-1SSL_SESS_CACHE_BOTH\s0" 4 +.IX Item "SSL_SESS_CACHE_BOTH" +Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time. +.IP "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR" +Normally the session cache is checked for expired sessions every +255 connections using the +\&\fBSSL_CTX_flush_sessions\fR\|(3) function. Since +this may lead to a delay which cannot be controlled, the automatic +flushing may be disabled and +\&\fBSSL_CTX_flush_sessions\fR\|(3) can be called +explicitly by the application. +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" +By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not +automatically look up sessions in the internal cache, even if sessions are +automatically stored there. If external session caching callbacks are in use, +this flag guarantees that all lookups are directed to the external cache. +As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on +clients. +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE" +Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER,\s0 +sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse. +Normally a new session is added to the internal cache as well as any external +session caching (callback) that is configured for the \s-1SSL_CTX.\s0 This flag will +prevent sessions being stored in the internal cache (though the application can +add them manually using \fBSSL_CTX_add_session\fR\|(3)). Note: +in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful +session lookups in the external cache (ie. for session-resume requests) would +normally be copied into the local cache before processing continues \- this flag +prevents these additions to the internal cache as well. +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL" +Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and +\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. +.PP +The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. +.PP +\&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_sess_set_cache_size\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBSSL_CTX_set_session_id_context\fR\|(3), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_session_id_context.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_session_id_context.3 new file mode 100644 index 00000000..79e5b307 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_session_id_context.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_ID_CONTEXT 3" +.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +\& int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object. +.PP +\&\fBSSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object. +.SH "NOTES" +.IX Header "NOTES" +Sessions are generated within a certain context. When exporting/importing +sessions with \fBi2d_SSL_SESSION\fR/\fBd2i_SSL_SESSION\fR it would be possible, +to re-import a session generated from another context (e.g. another +application), which might lead to malfunctions. Therefore each application +must set its own session id context \fBsid_ctx\fR which is used to distinguish +the contexts and is stored in exported sessions. The \fBsid_ctx\fR can be +any kind of binary data with a given length, it is therefore possible +to use e.g. the name of the application and/or the hostname and/or service +name ... +.PP +The session id context becomes part of the session. The session id context +is set by the \s-1SSL/TLS\s0 server. The \fBSSL_CTX_set_session_id_context()\fR and +\&\fBSSL_set_session_id_context()\fR functions are therefore only useful on the +server side. +.PP +OpenSSL clients will check the session id context returned by the server +when reusing a session. +.PP +The maximum length of the \fBsid_ctx\fR is limited to +\&\fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. +.SH "WARNINGS" +.IX Header "WARNINGS" +If the session id context is not set on an \s-1SSL/TLS\s0 server and client +certificates are used, stored sessions +will not be reused but a fatal error will be flagged and the handshake +will fail. +.PP +If a server returns a different session id context to an OpenSSL client +when reusing a session, an error will be flagged and the handshake will +fail. OpenSSL servers will always return the correct session id context, +as an OpenSSL server checks the session id context itself before reusing +a session as described above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_session_id_context()\fR and \fBSSL_set_session_id_context()\fR +return the following values: +.IP "0" 4 +The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded +the maximum allowed length of \fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. The error +is logged to the error stack. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_session_ticket_cb.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_session_ticket_cb.3 new file mode 100644 index 00000000..bc3f1e3b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_session_ticket_cb.3 @@ -0,0 +1,301 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_TICKET_CB 3" +.TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_session_ticket_cb, SSL_SESSION_get0_ticket_appdata, SSL_SESSION_set1_ticket_appdata, SSL_CTX_generate_session_ticket_fn, SSL_CTX_decrypt_session_ticket_fn \- manage session ticket application data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); +\& typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, +\& const unsigned char *keyname, +\& size_t keyname_len, +\& SSL_TICKET_STATUS status, +\& void *arg); +\& int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, +\& SSL_CTX_generate_session_ticket_fn gen_cb, +\& SSL_CTX_decrypt_session_ticket_fn dec_cb, +\& void *arg); +\& int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); +\& int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_set_session_ticket_cb()\fR sets the application callbacks \fBgen_cb\fR +and \fBdec_cb\fR that are used by a server to set and get application data stored +with a session, and placed into a session ticket. Either callback function may +be set to \s-1NULL.\s0 The value of \fBarg\fR is passed to the callbacks. +.PP +\&\fBgen_cb\fR is the application defined callback invoked when a session ticket is +about to be created. The application can call \fBSSL_SESSION_set1_ticket_appdata()\fR +at this time to add application data to the session ticket. The value of \fBarg\fR +is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The \fBgen_cb\fR +callback is defined as type \fBSSL_CTX_generate_session_ticket_fn\fR. +.PP +\&\fBdec_cb\fR is the application defined callback invoked after session ticket +decryption has been attempted and any session ticket application data is +available. If ticket decryption was successful then the \fBss\fR argument contains +the session data. The \fBkeyname\fR and \fBkeyname_len\fR arguments identify the key +used to decrypt the session ticket. The \fBstatus\fR argument is the result of the +ticket decryption. See the \s-1NOTES\s0 section below for further details. The value +of \fBarg\fR is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The +\&\fBdec_cb\fR callback is defined as type \fBSSL_CTX_decrypt_session_ticket_fn\fR. +.PP +\&\fBSSL_SESSION_set1_ticket_appdata()\fR sets the application data specified by +\&\fBdata\fR and \fBlen\fR into \fBss\fR which is then placed into any generated session +tickets. It can be called at any time before a session ticket is created to +update the data placed into the session ticket. However, given that sessions +and tickets are created by the handshake, the \fBgen_cb\fR is provided to notify +the application that a session ticket is about to be generated. +.PP +\&\fBSSL_SESSION_get0_ticket_appdata()\fR assigns \fBdata\fR to the session ticket +application data and assigns \fBlen\fR to the length of the session ticket +application data from \fBss\fR. The application data can be set via +\&\fBSSL_SESSION_set1_ticket_appdata()\fR or by a session ticket. \s-1NULL\s0 will be assigned +to \fBdata\fR and 0 will be assigned to \fBlen\fR if there is no session ticket +application data. \fBSSL_SESSION_get0_ticket_appdata()\fR can be called any time +after a session has been created. The \fBdec_cb\fR is provided to notify the +application that a session ticket has just been decrypted. +.SH "NOTES" +.IX Header "NOTES" +When the \fBdec_cb\fR callback is invoked, the \s-1SSL_SESSION\s0 \fBss\fR has not yet been +assigned to the \s-1SSL\s0 \fBs\fR. The \fBstatus\fR indicates the result of the ticket +decryption. The callback must check the \fBstatus\fR value before performing any +action, as it is called even if ticket decryption fails. +.PP +The \fBkeyname\fR and \fBkeyname_len\fR arguments to \fBdec_cb\fR may be used to identify +the key that was used to encrypt the session ticket. +.PP +The \fBstatus\fR argument can be any of these values: +.IP "\s-1SSL_TICKET_EMPTY\s0" 4 +.IX Item "SSL_TICKET_EMPTY" +Empty ticket present. No ticket data will be used and a new ticket should be +sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not +valid for a client to send an empty ticket. +.IP "\s-1SSL_TICKET_NO_DECRYPT\s0" 4 +.IX Item "SSL_TICKET_NO_DECRYPT" +The ticket couldn't be decrypted. No ticket data will be used and a new ticket +should be sent to the client. +.IP "\s-1SSL_TICKET_SUCCESS\s0" 4 +.IX Item "SSL_TICKET_SUCCESS" +A ticket was successfully decrypted, any session ticket application data should +be available. A new ticket should not be sent to the client. +.IP "\s-1SSL_TICKET_SUCCESS_RENEW\s0" 4 +.IX Item "SSL_TICKET_SUCCESS_RENEW" +Same as \fB\s-1SSL_TICKET_SUCCESS\s0\fR, but a new ticket should be sent to the client. +.PP +The return value can be any of these values: +.IP "\s-1SSL_TICKET_RETURN_ABORT\s0" 4 +.IX Item "SSL_TICKET_RETURN_ABORT" +The handshake should be aborted, either because of an error or because of some +policy. Note that in TLSv1.3 a client may send more than one ticket in a single +handshake. Therefore just because one ticket is unacceptable it does not mean +that all of them are. For this reason this option should be used with caution. +.IP "\s-1SSL_TICKET_RETURN_IGNORE\s0" 4 +.IX Item "SSL_TICKET_RETURN_IGNORE" +Do not use a ticket (if one was available). Do not send a renewed ticket to the +client. +.IP "\s-1SSL_TICKET_RETURN_IGNORE_RENEW\s0" 4 +.IX Item "SSL_TICKET_RETURN_IGNORE_RENEW" +Do not use a ticket (if one was available). Send a renewed ticket to the client. +.Sp +If the callback does not wish to change the default ticket behaviour then it +should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_EMPTY\s0\fR or +\&\fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR. +.IP "\s-1SSL_TICKET_RETURN_USE\s0" 4 +.IX Item "SSL_TICKET_RETURN_USE" +Use the ticket. Do not send a renewed ticket to the client. It is an error for +the callback to return this value if \fBstatus\fR has a value other than +\&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +.Sp +If the callback does not wish to change the default ticket behaviour then it +should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS\s0\fR. +.IP "\s-1SSL_TICKET_RETURN_USE_RENEW\s0" 4 +.IX Item "SSL_TICKET_RETURN_USE_RENEW" +Use the ticket. Send a renewed ticket to the client. It is an error for the +callback to return this value if \fBstatus\fR has a value other than +\&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +.Sp +If the callback does not wish to change the default ticket behaviour then it +should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +.PP +If \fBstatus\fR has the value \fB\s-1SSL_TICKET_EMPTY\s0\fR or \fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR then +no session data will be available and the callback must not use the \fBss\fR +argument. If \fBstatus\fR has the value \fB\s-1SSL_TICKET_SUCCESS\s0\fR or +\&\fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR then the application can call +\&\fBSSL_SESSION_get0_ticket_appdata()\fR using the session provided in the \fBss\fR +argument to retrieve the application data. +.PP +When the \fBgen_cb\fR callback is invoked, the \fBSSL_get_session()\fR function can be +used to retrieve the \s-1SSL_SESSION\s0 for \fBSSL_SESSION_set1_ticket_appdata()\fR. +.PP +By default, in TLSv1.2 and below, a new session ticket is not issued on a +successful resumption and therefore \fBgen_cb\fR will not be called. In TLSv1.3 the +default behaviour is to always issue a new ticket on resumption. In both cases +this behaviour can be changed if a ticket key callback is in use (see +\&\fBSSL_CTX_set_tlsext_ticket_key_cb\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSL_SESSION_set1_ticket_appdata()\fR and +\&\fBSSL_SESSION_get0_ticket_appdata()\fR functions return 1 on success and 0 on +failure. +.PP +The \fBgen_cb\fR callback must return 1 to continue the connection. A return of 0 +will terminate the connection with an \s-1INTERNAL_ERROR\s0 alert. +.PP +The \fBdec_cb\fR callback must return a value as described in \s-1NOTES\s0 above. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_get_session\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSSL_SESSION_set1_ticket_appdata()\fR +and \fBSSL_SESSION_get_ticket_appdata()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_split_send_fragment.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_split_send_fragment.3 new file mode 100644 index 00000000..ba85a7db --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_split_send_fragment.3 @@ -0,0 +1,303 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3" +.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len, SSL_CTX_set_tlsext_max_fragment_length, SSL_set_tlsext_max_fragment_length, SSL_SESSION_get_max_fragment_length \- Control fragment size settings and pipelining operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, long); +\& long SSL_set_max_send_fragment(SSL *ssl, long m); +\& +\& long SSL_CTX_set_max_pipelines(SSL_CTX *ctx, long m); +\& long SSL_set_max_pipelines(SSL_CTX *ssl, long m); +\& +\& long SSL_CTX_set_split_send_fragment(SSL_CTX *ctx, long m); +\& long SSL_set_split_send_fragment(SSL *ssl, long m); +\& +\& void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +\& void SSL_set_default_read_buffer_len(SSL *s, size_t len); +\& +\& int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); +\& int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); +\& uint8_t SSL_SESSION_get_max_fragment_length(SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Some engines are able to process multiple simultaneous crypto operations. This +capability could be utilised to parallelise the processing of a single +connection. For example a single write can be split into multiple records and +each one encrypted independently and in parallel. Note: this will only work in +\&\s-1TLS1.1+.\s0 There is no support in SSLv3, TLSv1.0 or \s-1DTLS\s0 (any version). This +capability is known as \*(L"pipelining\*(R" within OpenSSL. +.PP +In order to benefit from the pipelining capability. You need to have an engine +that provides ciphers that support this. The OpenSSL \*(L"dasync\*(R" engine provides +\&\s-1AES128\-SHA\s0 based ciphers that have this capability. However these are for +development and test purposes only. +.PP +\&\fBSSL_CTX_set_max_send_fragment()\fR and \fBSSL_set_max_send_fragment()\fR set the +\&\fBmax_send_fragment\fR parameter for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. This +value restricts the amount of plaintext bytes that will be sent in any one +\&\s-1SSL/TLS\s0 record. By default its value is \s-1SSL3_RT_MAX_PLAIN_LENGTH\s0 (16384). These +functions will only accept a value in the range 512 \- \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0 +.PP +\&\fBSSL_CTX_set_max_pipelines()\fR and \fBSSL_set_max_pipelines()\fR set the maximum number +of pipelines that will be used at any one time. This value applies to both +\&\*(L"read\*(R" pipelining and \*(L"write\*(R" pipelining. By default only one pipeline will be +used (i.e. normal non-parallel operation). The number of pipelines set must be +in the range 1 \- \s-1SSL_MAX_PIPELINES\s0 (32). Setting this to a value > 1 will also +automatically turn on \*(L"read_ahead\*(R" (see \fBSSL_CTX_set_read_ahead\fR\|(3)). This is +explained further below. OpenSSL will only every use more than one pipeline if +a cipher suite is negotiated that uses a pipeline capable cipher provided by an +engine. +.PP +Pipelining operates slightly differently for reading encrypted data compared to +writing encrypted data. \fBSSL_CTX_set_split_send_fragment()\fR and +\&\fBSSL_set_split_send_fragment()\fR define how data is split up into pipelines when +writing encrypted data. The number of pipelines used will be determined by the +amount of data provided to the \fBSSL_write_ex()\fR or \fBSSL_write()\fR call divided by +\&\fBsplit_send_fragment\fR. +.PP +For example if \fBsplit_send_fragment\fR is set to 2000 and \fBmax_pipelines\fR is 4 +then: +.PP +SSL_write/SSL_write_ex called with 0\-2000 bytes == 1 pipeline used +.PP +SSL_write/SSL_write_ex called with 2001\-4000 bytes == 2 pipelines used +.PP +SSL_write/SSL_write_ex called with 4001\-6000 bytes == 3 pipelines used +.PP +SSL_write/SSL_write_ex called with 6001+ bytes == 4 pipelines used +.PP +\&\fBsplit_send_fragment\fR must always be less than or equal to +\&\fBmax_send_fragment\fR. By default it is set to be equal to \fBmax_send_fragment\fR. +This will mean that the same number of records will always be created as would +have been created in the non-parallel case, although the data will be +apportioned differently. In the parallel case data will be spread equally +between the pipelines. +.PP +Read pipelining is controlled in a slightly different way than with write +pipelining. While reading we are constrained by the number of records that the +peer (and the network) can provide to us in one go. The more records we can get +in one go the more opportunity we have to parallelise the processing. As noted +above when setting \fBmax_pipelines\fR to a value greater than one, \fBread_ahead\fR +is automatically set. The \fBread_ahead\fR parameter causes OpenSSL to attempt to +read as much data into the read buffer as the network can provide and will fit +into the buffer. Without this set data is read into the read buffer one record +at a time. The more data that can be read, the more opportunity there is for +parallelising the processing at the cost of increased memory overhead per +connection. Setting \fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR +function (see \fBSSL_pending\fR\|(3)). +.PP +The \fBSSL_CTX_set_default_read_buffer_len()\fR and \fBSSL_set_default_read_buffer_len()\fR +functions control the size of the read buffer that will be used. The \fBlen\fR +parameter sets the size of the buffer. The value will only be used if it is +greater than the default that would have been used anyway. The normal default +value depends on a number of factors but it will be at least +\&\s-1SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD\s0 (16704) bytes. +.PP +\&\fBSSL_CTX_set_tlsext_max_fragment_length()\fR sets the default maximum fragment +length negotiation mode via value \fBmode\fR to \fBctx\fR. +This setting affects only \s-1SSL\s0 instances created after this function is called. +It affects the client-side as only its side may initiate this extension use. +.PP +\&\fBSSL_set_tlsext_max_fragment_length()\fR sets the maximum fragment length +negotiation mode via value \fBmode\fR to \fBssl\fR. +This setting will be used during a handshake when extensions are exchanged +between client and server. +So it only affects \s-1SSL\s0 sessions created after this function is called. +It affects the client-side as only its side may initiate this extension use. +.PP +\&\fBSSL_SESSION_get_max_fragment_length()\fR gets the maximum fragment length +negotiated in \fBsession\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All non-void functions return 1 on success and 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The Maximum Fragment Length extension support is optional on the server side. +If the server does not support this extension then +\&\fBSSL_SESSION_get_max_fragment_length()\fR will return: +TLSEXT_max_fragment_length_DISABLED. +.PP +The following modes are available: +.IP "TLSEXT_max_fragment_length_DISABLED" 4 +.IX Item "TLSEXT_max_fragment_length_DISABLED" +Disables Maximum Fragment Length Negotiation (default). +.IP "TLSEXT_max_fragment_length_512" 4 +.IX Item "TLSEXT_max_fragment_length_512" +Sets Maximum Fragment Length to 512 bytes. +.IP "TLSEXT_max_fragment_length_1024" 4 +.IX Item "TLSEXT_max_fragment_length_1024" +Sets Maximum Fragment Length to 1024. +.IP "TLSEXT_max_fragment_length_2048" 4 +.IX Item "TLSEXT_max_fragment_length_2048" +Sets Maximum Fragment Length to 2048. +.IP "TLSEXT_max_fragment_length_4096" 4 +.IX Item "TLSEXT_max_fragment_length_4096" +Sets Maximum Fragment Length to 4096. +.PP +With the exception of \fBSSL_CTX_set_default_read_buffer_len()\fR +\&\fBSSL_set_default_read_buffer_len()\fR, \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, +\&\fBSSL_set_tlsext_max_fragment_length()\fR and \fBSSL_SESSION_get_max_fragment_length()\fR +all these functions are implemented using macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_read_ahead\fR\|(3), \fBSSL_pending\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CTX_set_max_pipelines()\fR, \fBSSL_set_max_pipelines()\fR, +\&\fBSSL_CTX_set_split_send_fragment()\fR, \fBSSL_set_split_send_fragment()\fR, +\&\fBSSL_CTX_set_default_read_buffer_len()\fR and \fBSSL_set_default_read_buffer_len()\fR +functions were added in OpenSSL 1.1.0. +.PP +The \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, \fBSSL_set_tlsext_max_fragment_length()\fR +and \fBSSL_SESSION_get_max_fragment_length()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_ssl_version.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_ssl_version.3 new file mode 100644 index 00000000..39712589 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_ssl_version.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SSL_VERSION 3" +.TH SSL_CTX_SET_SSL_VERSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method \&\- choose a new TLS/SSL method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); +\& int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +\& const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects +newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with +\&\fBSSL_new\fR\|(3) are not affected, except when +\&\fBSSL_clear\fR\|(3) is being called. +.PP +\&\fBSSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR +object. It may be reset, when \fBSSL_clear()\fR is called. +.PP +\&\fBSSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method +set in \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The available \fBmethod\fR choices are described in +\&\fBSSL_CTX_new\fR\|(3). +.PP +When \fBSSL_clear\fR\|(3) is called and no session is connected to +an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently +set in the corresponding \s-1SSL_CTX\s0 object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur for \fBSSL_CTX_set_ssl_version()\fR +and \fBSSL_set_ssl_method()\fR: +.IP "0" 4 +The new choice failed, check the error stack to find out the reason. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_new\fR\|(3), \fBSSL_new\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBssl\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 new file mode 100644 index 00000000..46a3d973 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 @@ -0,0 +1,222 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3" +.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_stateless_cookie_generate_cb, SSL_CTX_set_stateless_cookie_verify_cb, SSL_CTX_set_cookie_generate_cb, SSL_CTX_set_cookie_verify_cb \&\- Callback functions for stateless TLS1.3 cookies +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_stateless_cookie_generate_cb( +\& SSL_CTX *ctx, +\& int (*gen_stateless_cookie_cb) (SSL *ssl, +\& unsigned char *cookie, +\& size_t *cookie_len)); +\& void SSL_CTX_set_stateless_cookie_verify_cb( +\& SSL_CTX *ctx, +\& int (*verify_stateless_cookie_cb) (SSL *ssl, +\& const unsigned char *cookie, +\& size_t cookie_len)); +\& +\& void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, +\& int (*app_gen_cookie_cb) (SSL *ssl, +\& unsigned char +\& *cookie, +\& unsigned int +\& *cookie_len)); +\& void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, +\& int (*app_verify_cookie_cb) (SSL *ssl, +\& const unsigned +\& char *cookie, +\& unsigned int +\& cookie_len)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_stateless_cookie_generate_cb()\fR sets the callback used by +\&\fBSSL_stateless\fR\|(3) to generate the application-controlled portion of the cookie +provided to clients in the HelloRetryRequest transmitted as a response to a +ClientHello with a missing or invalid cookie. \fBgen_stateless_cookie_cb()\fR must +write at most \s-1SSL_COOKIE_LENGTH\s0 bytes into \fBcookie\fR, and must write the number +of bytes written to \fBcookie_len\fR. If a cookie cannot be generated, a zero +return value can be used to abort the handshake. +.PP +\&\fBSSL_CTX_set_stateless_cookie_verify_cb()\fR sets the callback used by +\&\fBSSL_stateless\fR\|(3) to determine whether the application-controlled portion of a +ClientHello cookie is valid. The cookie data is pointed to by \fBcookie\fR and is of +length \fBcookie_len\fR. A nonzero return value from \fBverify_stateless_cookie_cb()\fR +communicates that the cookie is valid. The integrity of the entire cookie, +including the application-controlled portion, is automatically verified by \s-1HMAC\s0 +before \fBverify_stateless_cookie_cb()\fR is called. +.PP +\&\fBSSL_CTX_set_cookie_generate_cb()\fR sets the callback used by \fBDTLSv1_listen\fR\|(3) +to generate the cookie provided to clients in the HelloVerifyRequest transmitted +as a response to a ClientHello with a missing or invalid cookie. +\&\fBapp_gen_cookie_cb()\fR must write at most \s-1DTLS1_COOKIE_LENGTH\s0 bytes into +\&\fBcookie\fR, and must write the number of bytes written to \fBcookie_len\fR. If a +cookie cannot be generated, a zero return value can be used to abort the +handshake. +.PP +\&\fBSSL_CTX_set_cookie_verify_cb()\fR sets the callback used by \fBDTLSv1_listen\fR\|(3) to +determine whether the cookie in a ClientHello is valid. The cookie data is +pointed to by \fBcookie\fR and is of length \fBcookie_len\fR. A nonzero return value +from \fBapp_verify_cookie_cb()\fR communicates that the cookie is valid. The +integrity of the cookie is not verified by OpenSSL. This is an application +responsibility. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Neither function returns a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_stateless\fR\|(3), +\&\fBDTLSv1_listen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_CTX_set_stateless_cookie_generate_cb()\fR and +\&\fBSSL_CTX_set_stateless_cookie_verify_cb()\fR were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_timeout.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_timeout.3 new file mode 100644 index 00000000..0fc580c9 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_timeout.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TIMEOUT 3" +.TH SSL_CTX_SET_TIMEOUT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +\& long SSL_CTX_get_timeout(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for +\&\fBctx\fR to \fBt\fR. The timeout value \fBt\fR must be given in seconds. +.PP +\&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +Whenever a new session is created, it is assigned a maximum lifetime. This +lifetime is specified by storing the creation time of the session and the +timeout value valid at this time. If the actual time is later than creation +time plus timeout, the session is not reused. +.PP +Due to this realization, all sessions behave according to the timeout value +valid at the time of the session negotiation. Changes of the timeout value +do not affect already established sessions. +.PP +The expiration time of a single session can be modified using the +\&\fBSSL_SESSION_get_time\fR\|(3) family of functions. +.PP +Expired sessions are removed from the internal session cache, whenever +\&\fBSSL_CTX_flush_sessions\fR\|(3) is called, either +directly by the application or automatically (see +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)) +.PP +The default value for session timeout is decided on a per protocol +basis, see \fBSSL_get_default_timeout\fR\|(3). +All currently supported protocols have the same default timeout value +of 300 seconds. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_timeout()\fR returns the previously set timeout value. +.PP +\&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_tlsext_servername_callback.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_tlsext_servername_callback.3 new file mode 100644 index 00000000..da10a437 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_tlsext_servername_callback.3 @@ -0,0 +1,285 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3" +.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, SSL_get_servername_type, SSL_get_servername, SSL_set_tlsext_host_name \- handle server name indication (SNI) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx, +\& int (*cb)(SSL *s, int *al, void *arg)); +\& long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); +\& +\& const char *SSL_get_servername(const SSL *s, const int type); +\& int SSL_get_servername_type(const SSL *s); +\& +\& int SSL_set_tlsext_host_name(const SSL *s, const char *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functionality provided by the servername callback is mostly superseded by +the ClientHello callback, which can be set using \fBSSL_CTX_set_client_hello_cb()\fR. +However, even where the ClientHello callback is used, the servername callback is +still necessary in order to acknowledge the servername requested by the client. +.PP +\&\fBSSL_CTX_set_tlsext_servername_callback()\fR sets the application callback \fBcb\fR +used by a server to perform any actions or configuration required based on +the servername extension received in the incoming connection. When \fBcb\fR +is \s-1NULL, SNI\s0 is not used. +.PP +The servername callback should return one of the following values: +.IP "\s-1SSL_TLSEXT_ERR_OK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_OK" +This is used to indicate that the servername requested by the client has been +accepted. Typically a server will call \fBSSL_set_SSL_CTX()\fR in the callback to set +up a different configuration for the selected servername in this case. +.IP "\s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0" 4 +.IX Item "SSL_TLSEXT_ERR_ALERT_FATAL" +In this case the servername requested by the client is not accepted and the +handshake will be aborted. The value of the alert to be used should be stored in +the location pointed to by the \fBal\fR parameter to the callback. By default this +value is initialised to \s-1SSL_AD_UNRECOGNIZED_NAME.\s0 +.IP "\s-1SSL_TLSEXT_ERR_ALERT_WARNING\s0" 4 +.IX Item "SSL_TLSEXT_ERR_ALERT_WARNING" +If this value is returned then the servername is not accepted by the server. +However the handshake will continue and send a warning alert instead. The value +of the alert should be stored in the location pointed to by the \fBal\fR parameter +as for \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 above. Note that TLSv1.3 does not support +warning alerts, so if TLSv1.3 has been negotiated then this return value is +treated the same way as \s-1SSL_TLSEXT_ERR_NOACK.\s0 +.IP "\s-1SSL_TLSEXT_ERR_NOACK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_NOACK" +This return value indicates that the servername is not accepted by the server. +No alerts are sent and the server will not acknowledge the requested servername. +.PP +\&\fBSSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be +passed into the callback (via the \fBarg\fR parameter) for this \fB\s-1SSL_CTX\s0\fR. +.PP +The behaviour of \fBSSL_get_servername()\fR depends on a number of different factors. +In particular note that in TLSv1.3 the servername is negotiated in every +handshake. In TLSv1.2 the servername is only negotiated on initial handshakes +and not on resumption handshakes. +.IP "On the client, before the handshake" 4 +.IX Item "On the client, before the handshake" +If a servername has been set via a call to \fBSSL_set_tlsext_host_name()\fR then it +will return that servername. +.Sp +If one has not been set, but a TLSv1.2 resumption is being attempted and the +session from the original handshake had a servername accepted by the server then +it will return that servername. +.Sp +Otherwise it returns \s-1NULL.\s0 +.IP "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred" 4 +.IX Item "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred" +If the session from the orignal handshake had a servername accepted by the +server then it will return that servername. +.Sp +Otherwise it returns the servername set via \fBSSL_set_tlsext_host_name()\fR or \s-1NULL\s0 +if it was not called. +.IP "On the client, during or after the handshake and a TLSv1.2 (or below) resumption did not occur" 4 +.IX Item "On the client, during or after the handshake and a TLSv1.2 (or below) resumption did not occur" +It will return the servername set via \fBSSL_set_tlsext_host_name()\fR or \s-1NULL\s0 if it +was not called. +.IP "On the server, before the handshake" 4 +.IX Item "On the server, before the handshake" +The function will always return \s-1NULL\s0 before the handshake +.IP "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred" 4 +.IX Item "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred" +If a servername was accepted by the server in the original handshake then it +will return that servername, or \s-1NULL\s0 otherwise. +.IP "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur" 4 +.IX Item "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur" +The function will return the servername requested by the client in this +handshake or \s-1NULL\s0 if none was requested. +.PP +Note that the ClientHello callback occurs before a servername extension from the +client is processed. The servername, certificate and \s-1ALPN\s0 callbacks occur after +a servername extension from the client is processed. +.PP +\&\fBSSL_get_servername_type()\fR returns the servername type or \-1 if no servername +is present. Currently the only supported type (defined in \s-1RFC3546\s0) is +\&\fBTLSEXT_NAMETYPE_host_name\fR. +.PP +\&\fBSSL_set_tlsext_host_name()\fR sets the server name indication ClientHello extension +to contain the value \fBname\fR. The type of server name indication extension is set +to \fBTLSEXT_NAMETYPE_host_name\fR (defined in \s-1RFC3546\s0). +.SH "NOTES" +.IX Header "NOTES" +Several callbacks are executed during ClientHello processing, including +the ClientHello, \s-1ALPN,\s0 and servername callbacks. The ClientHello callback is +executed first, then the servername callback, followed by the \s-1ALPN\s0 callback. +.PP +The \fBSSL_set_tlsext_host_name()\fR function should only be called on \s-1SSL\s0 objects +that will act as clients; otherwise the configured \fBname\fR will be ignored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_tlsext_servername_callback()\fR and +\&\fBSSL_CTX_set_tlsext_servername_arg()\fR both always return 1 indicating success. +\&\fBSSL_set_tlsext_host_name()\fR returns 1 on success, 0 in case of error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_alpn_select_cb\fR\|(3), +\&\fBSSL_get0_alpn_selected\fR\|(3), \fBSSL_CTX_set_client_hello_cb\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_get_servername()\fR historically provided some unexpected results in certain +corner cases. This has been fixed from OpenSSL 1.1.1e. +.PP +Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2 +handshake, the server accepted it, and then the client successfully resumed but +set a different explict servername in the second handshake then when called by +the client it returned the servername from the second handshake. This has now +been changed to return the servername requested in the original handshake. +.PP +Also prior to 1.1.1e, if the client sent a servername in the first handshake but +the server did not accept it, and then a second handshake occured where TLSv1.2 +resumption was successful then when called by the server it returned the +servername requested in the original handshake. This has now been changed to +\&\s-1NULL.\s0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_tlsext_status_cb.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_tlsext_status_cb.3 new file mode 100644 index 00000000..8b06e4e1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_tlsext_status_cb.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_STATUS_CB 3" +.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_status_cb, SSL_CTX_get_tlsext_status_cb, SSL_CTX_set_tlsext_status_arg, SSL_CTX_get_tlsext_status_arg, SSL_CTX_set_tlsext_status_type, SSL_CTX_get_tlsext_status_type, SSL_set_tlsext_status_type, SSL_get_tlsext_status_type, SSL_get_tlsext_status_ocsp_resp, SSL_set_tlsext_status_ocsp_resp \&\- OCSP Certificate Status Request functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *)); +\& long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *)); +\& +\& long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); +\& long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg); +\& +\& long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type); +\& long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx); +\& +\& long SSL_set_tlsext_status_type(SSL *s, int type); +\& long SSL_get_tlsext_status_type(SSL *s); +\& +\& long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp); +\& long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A client application may request that a server send back an \s-1OCSP\s0 status response +(also known as \s-1OCSP\s0 stapling). To do so the client should call the +\&\fBSSL_CTX_set_tlsext_status_type()\fR function prior to the creation of any \s-1SSL\s0 +objects. Alternatively an application can call the \fBSSL_set_tlsext_status_type()\fR +function on an individual \s-1SSL\s0 object prior to the start of the handshake. +Currently the only supported type is \fBTLSEXT_STATUSTYPE_ocsp\fR. This value +should be passed in the \fBtype\fR argument. Calling +\&\fBSSL_CTX_get_tlsext_status_type()\fR will return the type \fBTLSEXT_STATUSTYPE_ocsp\fR +previously set via \fBSSL_CTX_set_tlsext_status_type()\fR or \-1 if not set. +.PP +The client should additionally provide a callback function to decide what to do +with the returned \s-1OCSP\s0 response by calling \fBSSL_CTX_set_tlsext_status_cb()\fR. The +callback function should determine whether the returned \s-1OCSP\s0 response is +acceptable or not. The callback will be passed as an argument the value +previously set via a call to \fBSSL_CTX_set_tlsext_status_arg()\fR. Note that the +callback will not be called in the event of a handshake where session resumption +occurs (because there are no Certificates exchanged in such a handshake). +The callback previously set via \fBSSL_CTX_set_tlsext_status_cb()\fR can be retrieved +by calling \fBSSL_CTX_get_tlsext_status_cb()\fR, and the argument by calling +\&\fBSSL_CTX_get_tlsext_status_arg()\fR. +.PP +On the client side \fBSSL_get_tlsext_status_type()\fR can be used to determine whether +the client has previously called \fBSSL_set_tlsext_status_type()\fR. It will return +\&\fBTLSEXT_STATUSTYPE_ocsp\fR if it has been called or \-1 otherwise. On the server +side \fBSSL_get_tlsext_status_type()\fR can be used to determine whether the client +requested \s-1OCSP\s0 stapling. If the client requested it then this function will +return \fBTLSEXT_STATUSTYPE_ocsp\fR, or \-1 otherwise. +.PP +The response returned by the server can be obtained via a call to +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR. The value \fB*resp\fR will be updated to point +to the \s-1OCSP\s0 response data and the return value will be the length of that data. +Typically a callback would obtain an \s-1OCSP_RESPONSE\s0 object from this data via a +call to the \fBd2i_OCSP_RESPONSE()\fR function. If the server has not provided any +response data then \fB*resp\fR will be \s-1NULL\s0 and the return value from +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR will be \-1. +.PP +A server application must also call the \fBSSL_CTX_set_tlsext_status_cb()\fR function +if it wants to be able to provide clients with \s-1OCSP\s0 Certificate Status +responses. Typically the server callback would obtain the server certificate +that is being sent back to the client via a call to \fBSSL_get_certificate()\fR; +obtain the \s-1OCSP\s0 response to be sent back; and then set that response data by +calling \fBSSL_set_tlsext_status_ocsp_resp()\fR. A pointer to the response data should +be provided in the \fBresp\fR argument, and the length of that data should be in +the \fBlen\fR argument. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The callback when used on the client side should return a negative value on +error; 0 if the response is not acceptable (in which case the handshake will +fail) or a positive value if it is acceptable. +.PP +The callback when used on the server side should return with either +\&\s-1SSL_TLSEXT_ERR_OK\s0 (meaning that the \s-1OCSP\s0 response that has been set should be +returned), \s-1SSL_TLSEXT_ERR_NOACK\s0 (meaning that an \s-1OCSP\s0 response should not be +returned) or \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 (meaning that a fatal error has +occurred). +.PP +\&\fBSSL_CTX_set_tlsext_status_cb()\fR, \fBSSL_CTX_set_tlsext_status_arg()\fR, +\&\fBSSL_CTX_set_tlsext_status_type()\fR, \fBSSL_set_tlsext_status_type()\fR and +\&\fBSSL_set_tlsext_status_ocsp_resp()\fR return 0 on error or 1 on success. +.PP +\&\fBSSL_CTX_get_tlsext_status_type()\fR returns the value previously set by +\&\fBSSL_CTX_set_tlsext_status_type()\fR, or \-1 if not set. +.PP +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR returns the length of the \s-1OCSP\s0 response data +or \-1 if there is no \s-1OCSP\s0 response data. +.PP +\&\fBSSL_get_tlsext_status_type()\fR returns \fBTLSEXT_STATUSTYPE_ocsp\fR on the client +side if \fBSSL_set_tlsext_status_type()\fR was previously called, or on the server +side if the client requested \s-1OCSP\s0 stapling. Otherwise \-1 is returned. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_get_tlsext_status_type()\fR, \fBSSL_CTX_get_tlsext_status_type()\fR +and \fBSSL_CTX_set_tlsext_status_type()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 new file mode 100644 index 00000000..6b0f5f3f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -0,0 +1,323 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3" +.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_ticket_key_cb \- set a callback for session ticket processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx, +\& int (*cb)(SSL *s, unsigned char key_name[16], +\& unsigned char iv[EVP_MAX_IV_LENGTH], +\& EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback function \fIcb\fR for handling +session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in +\&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server +implementation is not required to maintain per session state. It only applies +to \s-1TLS\s0 and there is no SSLv3 implementation. +.PP +The callback function \fIcb\fR will be called for every client instigated \s-1TLS\s0 +session when session ticket extension is presented in the \s-1TLS\s0 hello +message. It is the responsibility of this function to create or retrieve the +cryptographic parameters and to maintain their state. +.PP +The OpenSSL library uses your callback function to help implement a common \s-1TLS\s0 +ticket construction state according to \s-1RFC5077\s0 Section 4 such that per session +state is unnecessary and a small set of cryptographic variables needs to be +maintained by the callback function implementation. +.PP +In order to reuse a session, a \s-1TLS\s0 client must send the a session ticket +extension to the server. The client can only send exactly one session ticket. +The server, through the callback function, either agrees to reuse the session +ticket information or it starts a full \s-1TLS\s0 handshake to create a new session +ticket. +.PP +Before the callback function is started \fIctx\fR and \fIhctx\fR have been +initialised with \fBEVP_CIPHER_CTX_reset\fR\|(3) and \fBHMAC_CTX_reset\fR\|(3) respectively. +.PP +For new sessions tickets, when the client doesn't present a session ticket, or +an attempted retrieval of the ticket failed, or a renew option was indicated, +the callback function will be called with \fIenc\fR equal to 1. The OpenSSL +library expects that the function will set an arbitrary \fIname\fR, initialize +\&\fIiv\fR, and set the cipher context \fIctx\fR and the hash context \fIhctx\fR. +.PP +The \fIname\fR is 16 characters long and is used as a key identifier. +.PP +The \fIiv\fR length is the length of the \s-1IV\s0 of the corresponding cipher. The +maximum \s-1IV\s0 length is \fB\s-1EVP_MAX_IV_LENGTH\s0\fR bytes defined in \fBevp.h\fR. +.PP +The initialization vector \fIiv\fR should be a random value. The cipher context +\&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be +set using \fBEVP_EncryptInit_ex\fR\|(3). The hmac context can be set using +\&\fBHMAC_Init_ex\fR\|(3). +.PP +When the client presents a session ticket, the callback function with be called +with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retrieve a set +of parameters. In this case \fIname\fR and \fIiv\fR have already been parsed out of +the session ticket. The OpenSSL library expects that the \fIname\fR will be used +to retrieve a cryptographic parameters and that the cryptographic context +\&\fIctx\fR will be set with the retrieved parameters and the initialization vector +\&\fIiv\fR. using a function like \fBEVP_DecryptInit_ex\fR\|(3). The \fIhctx\fR needs to be +set using \fBHMAC_Init_ex\fR\|(3). +.PP +If the \fIname\fR is still valid but a renewal of the ticket is required the +callback function should return 2. The library will call the callback again +with an argument of enc equal to 1 to set the new ticket. +.PP +The return value of the \fIcb\fR function is used by OpenSSL to determine what +further processing will occur. The following return values have meaning: +.IP "2" 4 +.IX Item "2" +This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can +continue on those parameters. Additionally it indicates that the session +ticket is in a renewal period and should be replaced. The OpenSSL library will +call \fIcb\fR again with an enc argument of 1 to set the new ticket (see \s-1RFC5077 +3.3\s0 paragraph 2). +.IP "1" 4 +.IX Item "1" +This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can +continue on those parameters. +.IP "0" 4 +This indicates that it was not possible to set/retrieve a session ticket and +the \s-1SSL/TLS\s0 session will continue by negotiating a set of cryptographic +parameters or using the alternate \s-1SSL/TLS\s0 resumption mechanism, session ids. +.Sp +If called with enc equal to 0 the library will call the \fIcb\fR again to get +a new set of parameters. +.IP "less than 0" 4 +.IX Item "less than 0" +This indicates an error. +.SH "NOTES" +.IX Header "NOTES" +Session resumption shortcuts the \s-1TLS\s0 so that the client certificate +negotiation don't occur. It makes up for this by storing client certificate +an all other negotiated state information encrypted within the ticket. In a +resumed session the applications will have all this state information available +exactly as if a full negotiation had occurred. +.PP +If an attacker can obtain the key used to encrypt a session ticket, they can +obtain the master secret for any ticket using that key and decrypt any traffic +using that session: even if the cipher suite supports forward secrecy. As +a result applications may wish to use multiple keys and avoid using long term +keys stored in files. +.PP +Applications can use longer keys to maintain a consistent level of security. +For example if a cipher suite uses 256 bit ciphers but only a 128 bit ticket key +the overall security is only 128 bits because breaking the ticket key will +enable an attacker to obtain the session keys. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +returns 0 to indicate the callback function was set. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Reference Implementation: +.PP +.Vb 2 +\& SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb); +\& ... +\& +\& static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], +\& unsigned char *iv, EVP_CIPHER_CTX *ctx, +\& HMAC_CTX *hctx, int enc) +\& { +\& if (enc) { /* create new session */ +\& if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) +\& return \-1; /* insufficient random */ +\& +\& key = currentkey(); /* something that you need to implement */ +\& if (key == NULL) { +\& /* current key doesn\*(Aqt exist or isn\*(Aqt valid */ +\& key = createkey(); /* +\& * Something that you need to implement. +\& * createkey needs to initialise a name, +\& * an aes_key, a hmac_key and optionally +\& * an expire time. +\& */ +\& if (key == NULL) /* key couldn\*(Aqt be created */ +\& return 0; +\& } +\& memcpy(key_name, key\->name, 16); +\& +\& EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); +\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); +\& +\& return 1; +\& +\& } else { /* retrieve session */ +\& key = findkey(name); +\& +\& if (key == NULL || key\->expire < now()) +\& return 0; +\& +\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); +\& EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); +\& +\& if (key\->expire < now() \- RENEW_TIME) { +\& /* +\& * return 2 \- This session will get a new ticket even though the +\& * current one is still valid. +\& */ +\& return 2; +\& } +\& return 1; +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBSSL_CTX_set_session_id_context\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_tlsext_use_srtp.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_tlsext_use_srtp.3 new file mode 100644 index 00000000..eb4ee508 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_tlsext_use_srtp.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_USE_SRTP 3" +.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_use_srtp, SSL_set_tlsext_use_srtp, SSL_get_srtp_profiles, SSL_get_selected_srtp_profile \&\- Configure and query SRTP support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +\& int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); +\& +\& STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +\& SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SRTP\s0 is the Secure Real-Time Transport Protocol. OpenSSL implements support for +the \*(L"use_srtp\*(R" \s-1DTLS\s0 extension defined in \s-1RFC5764.\s0 This provides a mechanism for +establishing \s-1SRTP\s0 keying material, algorithms and parameters using \s-1DTLS.\s0 This +capability may be used as part of an implementation that conforms to \s-1RFC5763.\s0 +OpenSSL does not implement \s-1SRTP\s0 itself or \s-1RFC5763.\s0 Note that OpenSSL does not +support the use of \s-1SRTP\s0 Master Key Identifiers (MKIs). Also note that this +extension is only supported in \s-1DTLS.\s0 Any \s-1SRTP\s0 configuration will be ignored if a +\&\s-1TLS\s0 connection is attempted. +.PP +An OpenSSL client wishing to send the \*(L"use_srtp\*(R" extension should call +\&\fBSSL_CTX_set_tlsext_use_srtp()\fR to set its use for all \s-1SSL\s0 objects subsequently +created from an \s-1SSL_CTX.\s0 Alternatively a client may call +\&\fBSSL_set_tlsext_use_srtp()\fR to set its use for an individual \s-1SSL\s0 object. The +\&\fBprofiles\fR parameters should point to a NUL-terminated, colon delimited list of +\&\s-1SRTP\s0 protection profile names. +.PP +The currently supported protection profile names are: +.IP "\s-1SRTP_AES128_CM_SHA1_80\s0" 4 +.IX Item "SRTP_AES128_CM_SHA1_80" +This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_80\s0 defined in \s-1RFC5764.\s0 +.IP "\s-1SRTP_AES128_CM_SHA1_32\s0" 4 +.IX Item "SRTP_AES128_CM_SHA1_32" +This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_32\s0 defined in \s-1RFC5764.\s0 +.IP "\s-1SRTP_AEAD_AES_128_GCM\s0" 4 +.IX Item "SRTP_AEAD_AES_128_GCM" +This corresponds to the profile of the same name defined in \s-1RFC7714.\s0 +.IP "\s-1SRTP_AEAD_AES_256_GCM\s0" 4 +.IX Item "SRTP_AEAD_AES_256_GCM" +This corresponds to the profile of the same name defined in \s-1RFC7714.\s0 +.PP +Supplying an unrecognised protection profile name will result in an error. +.PP +An OpenSSL server wishing to support the \*(L"use_srtp\*(R" extension should also call +\&\fBSSL_CTX_set_tlsext_use_srtp()\fR or \fBSSL_set_tlsext_use_srtp()\fR to indicate the +protection profiles that it is willing to negotiate. +.PP +The currently configured list of protection profiles for either a client or a +server can be obtained by calling \fBSSL_get_srtp_profiles()\fR. This returns a stack +of \s-1SRTP_PROTECTION_PROFILE\s0 objects. The memory pointed to in the return value of +this function should not be freed by the caller. +.PP +After a handshake has been completed the negotiated \s-1SRTP\s0 protection profile (if +any) can be obtained (on the client or the server) by calling +\&\fBSSL_get_selected_srtp_profile()\fR. This function will return \s-1NULL\s0 if no \s-1SRTP\s0 +protection profile was negotiated. The memory returned from this function should +not be freed by the caller. +.PP +If an \s-1SRTP\s0 protection profile has been successfully negotiated then the \s-1SRTP\s0 +keying material (on both the client and server) should be obtained via a call to +\&\fBSSL_export_keying_material\fR\|(3). This call should provide a label value of +\&\*(L"EXTRACTOR\-dtls_srtp\*(R" and a \s-1NULL\s0 context value (use_context is 0). The total +length of keying material obtained should be equal to two times the sum of the +master key length and the salt length as defined for the protection profile in +use. This provides the client write master key, the server write master key, the +client write master salt and the server write master salt in that order. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_tlsext_use_srtp()\fR and \fBSSL_set_tlsext_use_srtp()\fR return 0 on success +or 1 on error. +.PP +\&\fBSSL_get_srtp_profiles()\fR returns a stack of \s-1SRTP_PROTECTION_PROFILE\s0 objects on +success or \s-1NULL\s0 on error or if no protection profiles have been configured. +.PP +\&\fBSSL_get_selected_srtp_profile()\fR returns a pointer to an \s-1SRTP_PROTECTION_PROFILE\s0 +object if one has been negotiated or \s-1NULL\s0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_export_keying_material\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_tmp_dh_callback.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_tmp_dh_callback.3 new file mode 100644 index 00000000..7ae149d8 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_tmp_dh_callback.3 @@ -0,0 +1,269 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3" +.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle DH keys for ephemeral key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, +\& int keylength)); +\& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); +\& +\& void SSL_set_tmp_dh_callback(SSL *ctx, +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, +\& int keylength)); +\& long SSL_set_tmp_dh(SSL *ssl, DH *dh) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be +used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. +The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. +.PP +\&\fBSSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. +The key is inherited by all \fBssl\fR objects created from \fBctx\fR. +.PP +\&\fBSSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. +.PP +\&\fBSSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. +.PP +These functions apply to \s-1SSL/TLS\s0 servers only. +.SH "NOTES" +.IX Header "NOTES" +When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1DH\s0 key exchange +can take place. Ciphers with \s-1DSA\s0 keys always use ephemeral \s-1DH\s0 keys as well. +In these cases, the session data are negotiated using the +ephemeral/temporary \s-1DH\s0 key and the key supplied and certified +by the certificate chain is only used for signing. +Anonymous ciphers (without a permanent server key) also use ephemeral \s-1DH\s0 keys. +.PP +Using ephemeral \s-1DH\s0 key exchange yields forward secrecy, as the connection +can only be decrypted, when the \s-1DH\s0 key is known. By generating a temporary +\&\s-1DH\s0 key inside the server application that is lost when the application +is left, it becomes impossible for an attacker to decrypt past sessions, +even if he gets hold of the normal (certified) key, as this key was +only used for signing. +.PP +In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group +(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate +a new \s-1DH\s0 key during the negotiation. +.PP +As generating \s-1DH\s0 parameters is extremely time consuming, an application +should not generate the parameters on the fly but supply the parameters. +\&\s-1DH\s0 parameters can be reused, as the actual key is newly generated during +the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker +may specialize on a very often used \s-1DH\s0 group. Applications should therefore +generate their own \s-1DH\s0 parameters during the installation process using the +openssl \fBdhparam\fR\|(1) application. This application +guarantees that \*(L"strong\*(R" primes are used. +.PP +Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current +version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, +which use safe primes and were generated verifiably pseudo-randomly. +These files can be converted into C code using the \fB\-C\fR option of the +\&\fBdhparam\fR\|(1) application. Generation of custom \s-1DH\s0 +parameters during installation should still be preferred to stop an +attacker from specializing on a commonly used group. File dh1024.pem +contains old parameters that must not be used by applications. +.PP +An application may either directly specify the \s-1DH\s0 parameters or +can supply the \s-1DH\s0 parameters via a callback function. +.PP +Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR +parameters to control parameter generation for export and non-export +cipher suites. Modern servers that do not support export cipher suites +are advised to either use \fBSSL_CTX_set_tmp_dh()\fR or alternatively, use +the callback but ignore \fBkeylength\fR and \fBis_export\fR and simply +supply at least 2048\-bit parameters in the callback. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_tmp_dh_callback()\fR and \fBSSL_set_tmp_dh_callback()\fR do not return +diagnostic output. +.PP +\&\fBSSL_CTX_set_tmp_dh()\fR and \fBSSL_set_tmp_dh()\fR do return 1 on success and 0 +on failure. Check the error queue to find out the reason of failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Setup \s-1DH\s0 parameters with a key length of 2048 bits. (Error handling +partly left out.) +.PP +Command-line parameter generation: +.PP +.Vb 1 +\& $ openssl dhparam \-out dh_param_2048.pem 2048 +.Ve +.PP +Code for setting up parameters during server initialization: +.PP +.Vb 1 +\& SSL_CTX ctx = SSL_CTX_new(); +\& +\& DH *dh_2048 = NULL; +\& FILE *paramfile = fopen("dh_param_2048.pem", "r"); +\& +\& if (paramfile) { +\& dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); +\& fclose(paramfile); +\& } else { +\& /* Error. */ +\& } +\& if (dh_2048 == NULL) +\& /* Error. */ +\& if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) +\& /* Error. */ +\& ... +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBciphers\fR\|(1), \fBdhparam\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_verify.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_verify.3 new file mode 100644 index 00000000..f4445077 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_set_verify.3 @@ -0,0 +1,472 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_VERIFY 3" +.TH SSL_CTX_SET_VERIFY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_ex_data_X509_STORE_CTX_idx, SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth, SSL_verify_cb, SSL_verify_client_post_handshake, SSL_set_post_handshake_auth, SSL_CTX_set_post_handshake_auth \&\- set peer certificate verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); +\& +\& void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback); +\& void SSL_set_verify(SSL *ssl, int mode, SSL_verify_cb verify_callback); +\& SSL_get_ex_data_X509_STORE_CTX_idx(void); +\& +\& void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +\& void SSL_set_verify_depth(SSL *ssl, int depth); +\& +\& int SSL_verify_client_post_handshake(SSL *ssl); +\& void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +\& void SSL_set_post_handshake_auth(SSL *ssl, int val); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and +specifies the \fBverify_callback\fR function to be used. If no callback function +shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. +.PP +\&\fBSSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and +specifies the \fBverify_callback\fR function to be used. If no callback function +shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In +this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If +no special \fBcallback\fR was set before, the default callback for the underlying +\&\fBctx\fR is used, that was valid at the time \fBssl\fR was created with +\&\fBSSL_new\fR\|(3). Within the callback function, +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR can be called to get the data index +of the current \s-1SSL\s0 object that is doing the verification. +.PP +\&\fBSSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +verification that shall be allowed for \fBctx\fR. +.PP +\&\fBSSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +verification that shall be allowed for \fBssl\fR. +.PP +\&\fBSSL_CTX_set_post_handshake_auth()\fR and \fBSSL_set_post_handshake_auth()\fR enable the +Post-Handshake Authentication extension to be added to the ClientHello such that +post-handshake authentication can be requested by the server. If \fBval\fR is 0 +then the extension is not sent, otherwise it is. By default the extension is not +sent. A certificate callback will need to be set via +\&\fBSSL_CTX_set_client_cert_cb()\fR if no certificate is provided at initialization. +.PP +\&\fBSSL_verify_client_post_handshake()\fR causes a CertificateRequest message to be +sent by a server on the given \fBssl\fR connection. The \s-1SSL_VERIFY_PEER\s0 flag must +be set; the \s-1SSL_VERIFY_POST_HANDSHAKE\s0 flag is optional. +.SH "NOTES" +.IX Header "NOTES" +The verification of certificates can be controlled by a set of logically +or'ed \fBmode\fR flags: +.IP "\s-1SSL_VERIFY_NONE\s0" 4 +.IX Item "SSL_VERIFY_NONE" +\&\fBServer mode:\fR the server will not send a client certificate request to the +client, so the client will not send a certificate. +.Sp +\&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the +server will send a certificate which will be checked. The result of the +certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake +using the \fBSSL_get_verify_result\fR\|(3) function. +The handshake will be continued regardless of the verification result. +.IP "\s-1SSL_VERIFY_PEER\s0" 4 +.IX Item "SSL_VERIFY_PEER" +\&\fBServer mode:\fR the server sends a client certificate request to the client. +The certificate returned (if any) is checked. If the verification process +fails, the \s-1TLS/SSL\s0 handshake is +immediately terminated with an alert message containing the reason for +the verification failure. +The behaviour can be controlled by the additional +\&\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSL_VERIFY_CLIENT_ONCE\s0 and +\&\s-1SSL_VERIFY_POST_HANDSHAKE\s0 flags. +.Sp +\&\fBClient mode:\fR the server certificate is verified. If the verification process +fails, the \s-1TLS/SSL\s0 handshake is +immediately terminated with an alert message containing the reason for +the verification failure. If no server certificate is sent, because an +anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored. +.IP "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4 +.IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" +\&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0 +handshake is immediately terminated with a \*(L"handshake failure\*(R" alert. +This flag must be used together with \s-1SSL_VERIFY_PEER.\s0 +.Sp +\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +.IP "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 +.IX Item "SSL_VERIFY_CLIENT_ONCE" +\&\fBServer mode:\fR only request a client certificate once during the +connection. Do not ask for a client certificate again during +renegotiation or post-authentication if a certificate was requested +during the initial handshake. This flag must be used together with +\&\s-1SSL_VERIFY_PEER.\s0 +.Sp +\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +.IP "\s-1SSL_VERIFY_POST_HANDSHAKE\s0" 4 +.IX Item "SSL_VERIFY_POST_HANDSHAKE" +\&\fBServer mode:\fR the server will not send a client certificate request +during the initial handshake, but will send the request via +\&\fBSSL_verify_client_post_handshake()\fR. This allows the \s-1SSL_CTX\s0 or \s-1SSL\s0 +to be configured for post-handshake peer verification before the +handshake occurs. This flag must be used together with +\&\s-1SSL_VERIFY_PEER.\s0 TLSv1.3 only; no effect on pre\-TLSv1.3 connections. +.Sp +\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +.PP +If the \fBmode\fR is \s-1SSL_VERIFY_NONE\s0 none of the other flags may be set. +.PP +The actual verification procedure is performed either using the built-in +verification procedure or using another application provided verification +function set with +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3). +The following descriptions apply in the case of the built-in procedure. An +application provided procedure also has access to the verify depth information +and the \fBverify_callback()\fR function, but the way this information is used +may be different. +.PP +\&\fBSSL_CTX_set_verify_depth()\fR and \fBSSL_set_verify_depth()\fR set a limit on the +number of certificates between the end-entity and trust-anchor certificates. +Neither the +end-entity nor the trust-anchor certificates count against \fBdepth\fR. If the +certificate chain needed to reach a trusted issuer is longer than \fBdepth+2\fR, +X509_V_ERR_CERT_CHAIN_TOO_LONG will be issued. +The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R", +\&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum +depth to 2 allows the levels 0, 1, 2 and 3 (0 being the end-entity and 3 the +trust-anchor). +The default depth limit is 100, +allowing for the peer certificate, at most 100 intermediate \s-1CA\s0 certificates and +a final trust anchor certificate. +.PP +The \fBverify_callback\fR function is used to control the behaviour when the +\&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and +receives two arguments: \fBpreverify_ok\fR indicates, whether the verification of +the certificate in question was passed (preverify_ok=1) or not +(preverify_ok=0). \fBx509_ctx\fR is a pointer to the complete context used +for the certificate chain verification. +.PP +The certificate chain is checked starting with the deepest nesting level +(the root \s-1CA\s0 certificate) and worked upward to the peer's certificate. +At each level signatures and issuer attributes are checked. Whenever +a verification error is found, the error number is stored in \fBx509_ctx\fR +and \fBverify_callback\fR is called with \fBpreverify_ok\fR=0. By applying +X509_CTX_store_* functions \fBverify_callback\fR can locate the certificate +in question and perform additional steps (see \s-1EXAMPLES\s0). If no error is +found for a certificate, \fBverify_callback\fR is called with \fBpreverify_ok\fR=1 +before advancing to the next level. +.PP +The return value of \fBverify_callback\fR controls the strategy of the further +verification process. If \fBverify_callback\fR returns 0, the verification +process is immediately stopped with \*(L"verification failed\*(R" state. If +\&\s-1SSL_VERIFY_PEER\s0 is set, a verification failure alert is sent to the peer and +the \s-1TLS/SSL\s0 handshake is terminated. If \fBverify_callback\fR returns 1, +the verification process is continued. If \fBverify_callback\fR always returns +1, the \s-1TLS/SSL\s0 handshake will not be terminated with respect to verification +failures and the connection will be established. The calling process can +however retrieve the error code of the last verification error using +\&\fBSSL_get_verify_result\fR\|(3) or by maintaining its +own error storage managed by \fBverify_callback\fR. +.PP +If no \fBverify_callback\fR is specified, the default callback will be used. +Its return value is identical to \fBpreverify_ok\fR, so that any verification +failure will lead to a termination of the \s-1TLS/SSL\s0 handshake with an +alert message, if \s-1SSL_VERIFY_PEER\s0 is set. +.PP +After calling \fBSSL_set_post_handshake_auth()\fR, the client will need to add a +certificate or certificate callback to its configuration before it can +successfully authenticate. This must be called before \fBSSL_connect()\fR. +.PP +\&\fBSSL_verify_client_post_handshake()\fR requires that verify flags have been +previously set, and that a client sent the post-handshake authentication +extension. When the client returns a certificate the verify callback will be +invoked. A write operation must take place for the Certificate Request to be +sent to the client, this can be done with \fBSSL_do_handshake()\fR or \fBSSL_write_ex()\fR. +Only one certificate request may be outstanding at any time. +.PP +When post-handshake authentication occurs, a refreshed NewSessionTicket +message is sent to the client. +.SH "BUGS" +.IX Header "BUGS" +In client mode, it is not checked whether the \s-1SSL_VERIFY_PEER\s0 flag +is set, but whether any flags other than \s-1SSL_VERIFY_NONE\s0 are set. This can +lead to unexpected behaviour if \s-1SSL_VERIFY_PEER\s0 and other flags are not used as +required. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The SSL*_set_verify*() functions do not provide diagnostic information. +.PP +The \fBSSL_verify_client_post_handshake()\fR function returns 1 if the request +succeeded, and 0 if the request failed. The error stack can be examined +to determine the failure reason. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following code sequence realizes an example \fBverify_callback\fR function +that will always continue the \s-1TLS/SSL\s0 handshake regardless of verification +failure, if wished. The callback realizes a verification depth limit with +more informational output. +.PP +All verification errors are printed; information about the certificate chain +is printed on request. +The example is realized for a server that does allow but not require client +certificates. +.PP +The example makes use of the ex_data technique to store application data +into/retrieve application data from the \s-1SSL\s0 structure +(see \fBCRYPTO_get_ex_new_index\fR\|(3), +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)). +.PP +.Vb 7 +\& ... +\& typedef struct { +\& int verbose_mode; +\& int verify_depth; +\& int always_continue; +\& } mydata_t; +\& int mydata_index; +\& +\& ... +\& static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) +\& { +\& char buf[256]; +\& X509 *err_cert; +\& int err, depth; +\& SSL *ssl; +\& mydata_t *mydata; +\& +\& err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& err = X509_STORE_CTX_get_error(ctx); +\& depth = X509_STORE_CTX_get_error_depth(ctx); +\& +\& /* +\& * Retrieve the pointer to the SSL of the connection currently treated +\& * and the application specific data stored into the SSL object. +\& */ +\& ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); +\& mydata = SSL_get_ex_data(ssl, mydata_index); +\& +\& X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); +\& +\& /* +\& * Catch a too long certificate chain. The depth limit set using +\& * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so +\& * that whenever the "depth>verify_depth" condition is met, we +\& * have violated the limit and want to log this error condition. +\& * We must do it here, because the CHAIN_TOO_LONG error would not +\& * be found explicitly; only errors introduced by cutting off the +\& * additional certificates would be logged. +\& */ +\& if (depth > mydata\->verify_depth) { +\& preverify_ok = 0; +\& err = X509_V_ERR_CERT_CHAIN_TOO_LONG; +\& X509_STORE_CTX_set_error(ctx, err); +\& } +\& if (!preverify_ok) { +\& printf("verify error:num=%d:%s:depth=%d:%s\en", err, +\& X509_verify_cert_error_string(err), depth, buf); +\& } else if (mydata\->verbose_mode) { +\& printf("depth=%d:%s\en", depth, buf); +\& } +\& +\& /* +\& * At this point, err contains the last verification error. We can use +\& * it for something special +\& */ +\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) { +\& X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256); +\& printf("issuer= %s\en", buf); +\& } +\& +\& if (mydata\->always_continue) +\& return 1; +\& else +\& return preverify_ok; +\& } +\& ... +\& +\& mydata_t mydata; +\& +\& ... +\& mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); +\& +\& ... +\& SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, +\& verify_callback); +\& +\& /* +\& * Let the verify_callback catch the verify_depth error so that we get +\& * an appropriate error in the logfile. +\& */ +\& SSL_CTX_set_verify_depth(verify_depth + 1); +\& +\& /* +\& * Set up the SSL specific data into "mydata" and store it into th SSL +\& * structure. +\& */ +\& mydata.verify_depth = verify_depth; ... +\& SSL_set_ex_data(ssl, mydata_index, &mydata); +\& +\& ... +\& SSL_accept(ssl); /* check of success left out for clarity */ +\& if (peer = SSL_get_peer_certificate(ssl)) { +\& if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& /* The client sent a certificate which verified OK */ +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), +\&\fBSSL_CTX_get_verify_mode\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBSSL_get_peer_certificate\fR\|(3), +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBCRYPTO_get_ex_new_index\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SSL_VERIFY_POST_HANDSHAKE\s0 option, and the \fBSSL_verify_client_post_handshake()\fR +and \fBSSL_set_post_handshake_auth()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_use_certificate.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_use_certificate.3 new file mode 100644 index 00000000..3fbc6bd3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_use_certificate.3 @@ -0,0 +1,324 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_USE_CERTIFICATE 3" +.TH SSL_CTX_USE_CERTIFICATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, SSL_CTX_use_cert_and_key, SSL_use_cert_and_key \&\- load certificate and key data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +\& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); +\& int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_use_certificate(SSL *ssl, X509 *x); +\& int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); +\& int SSL_use_certificate_file(SSL *ssl, const char *file, int type); +\& +\& int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +\& int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +\& +\& int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +\& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, +\& long len); +\& int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +\& int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); +\& int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +\& int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len); +\& int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +\& int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +\& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); +\& int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +\& +\& int SSL_CTX_check_private_key(const SSL_CTX *ctx); +\& int SSL_check_private_key(const SSL *ssl); +\& +\& int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); +\& int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions load the certificates and private keys into the \s-1SSL_CTX\s0 +or \s-1SSL\s0 object, respectively. +.PP +The SSL_CTX_* class of functions loads the certificates and keys into the +\&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR +created from \fBctx\fR with \fBSSL_new\fR\|(3) by copying, so that +changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects. +.PP +The SSL_* class of functions only loads certificates and keys into a +specific \s-1SSL\s0 object. The specific information is kept, when +\&\fBSSL_clear\fR\|(3) is called for this \s-1SSL\s0 object. +.PP +\&\fBSSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, +\&\fBSSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the +certificates needed to form the complete certificate chain can be +specified using the +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +function. +.PP +\&\fBSSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from +the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR, +\&\fBSSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR. +.PP +\&\fBSSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR +into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified +from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 +\&\fBSSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. +See the \s-1NOTES\s0 section on why \fBSSL_CTX_use_certificate_chain_file()\fR +should be preferred. +.PP +\&\fBSSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from +\&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must +be sorted starting with the subject's certificate (actual client or server +certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and +ending at the highest level (root) \s-1CA.\s0 \fBSSL_use_certificate_chain_file()\fR is +similar except it loads the certificate chain into \fBssl\fR. +.PP +\&\fBSSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. +\&\fBSSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 +to \fBctx\fR. \fBSSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; +\&\fBSSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. +If a certificate has already been set and the private does not belong +to the certificate an error is returned. To change a certificate, private +key pair the new certificate needs to be set with \fBSSL_use_certificate()\fR +or \fBSSL_CTX_use_certificate()\fR before setting the private key with +\&\fBSSL_CTX_use_PrivateKey()\fR or \fBSSL_use_PrivateKey()\fR. +.PP +\&\fBSSL_CTX_use_cert_and_key()\fR and \fBSSL_use_cert_and_key()\fR assign the X.509 +certificate \fBx\fR, private key \fBkey\fR, and certificate \fBchain\fR onto the +corresponding \fBssl\fR or \fBctx\fR. The \fBpkey\fR argument must be the private +key of the X.509 certificate \fBx\fR. If the \fBoverride\fR argument is 0, then +\&\fBx\fR, \fBpkey\fR and \fBchain\fR are set only if all were not previously set. +If \fBoverride\fR is non\-0, then the certificate, private key and chain certs +are always set. If \fBpkey\fR is \s-1NULL,\s0 then the public key of \fBx\fR is used as +the private key. This is intended to be used with hardware (via the \s-1ENGINE\s0 +interface) that stores the private key securely, such that it cannot be +accessed by OpenSSL. The reference count of the public key is incremented +(twice if there is no private key); it is not copied nor duplicated. This +allows all private key validations checks to succeed without an actual +private key being assigned via \fBSSL_CTX_use_PrivateKey()\fR, etc. +.PP +\&\fBSSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR +stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. +\&\fBSSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0 +stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. +\&\fBSSL_use_PrivateKey_ASN1()\fR and \fBSSL_use_RSAPrivateKey_ASN1()\fR add the private +key to \fBssl\fR. +.PP +\&\fBSSL_CTX_use_PrivateKey_file()\fR adds the first private key found in +\&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the private key must be specified +from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 +\&\fBSSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in +\&\fBfile\fR to \fBctx\fR. \fBSSL_use_PrivateKey_file()\fR adds the first private key found +in \fBfile\fR to \fBssl\fR; \fBSSL_use_RSAPrivateKey_file()\fR adds the first private +\&\s-1RSA\s0 key found to \fBssl\fR. +.PP +\&\fBSSL_CTX_check_private_key()\fR checks the consistency of a private key with +the corresponding certificate loaded into \fBctx\fR. If more than one +key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will +be checked. If e.g. the last item was a \s-1RSA\s0 certificate or key, the \s-1RSA\s0 +key/certificate pair will be checked. \fBSSL_check_private_key()\fR performs +the same check for \fBssl\fR. If no key/certificate was explicitly added for +this \fBssl\fR, the last item added into \fBctx\fR will be checked. +.SH "NOTES" +.IX Header "NOTES" +The internal certificate store of OpenSSL can hold several private +key/certificate pairs at a time. The certificate used depends on the +cipher selected, see also \fBSSL_CTX_set_cipher_list\fR\|(3). +.PP +When reading certificates and private keys from file, files of type +\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain +one certificate or private key, consequently +\&\fBSSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. +Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. +.PP +\&\fBSSL_CTX_use_certificate_chain_file()\fR adds the first certificate found +in the file to the certificate store. The other certificates are added +to the store of chain certificates using \fBSSL_CTX_add1_chain_cert\fR\|(3). Note: versions of OpenSSL before 1.0.2 only had a single +certificate chain store for all certificate types, OpenSSL 1.0.2 and later +have a separate chain store for each type. \fBSSL_CTX_use_certificate_chain_file()\fR +should be used instead of the \fBSSL_CTX_use_certificate_file()\fR function in order +to allow the use of complete certificate chains even when no trusted \s-1CA\s0 +storage is used or when the \s-1CA\s0 issuing the certificate shall not be added to +the trusted \s-1CA\s0 storage. +.PP +If additional certificates are needed to complete the chain during the +\&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the +locations of trusted \s-1CA\s0 certificates, see +\&\fBSSL_CTX_load_verify_locations\fR\|(3). +.PP +The private keys loaded from file can be encrypted. In order to successfully +load encrypted keys, a function returning the passphrase must have been +supplied, see +\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3). +(Certificate files might be encrypted as well from the technical point +of view, it however does not make sense as the data in the certificate +is considered public anyway.) +.PP +All of the functions to set a new certificate will replace any existing +certificate of the same type that has already been set. Similarly all of the +functions to set a new private key will replace any private key that has already +been set. Applications should call \fBSSL_CTX_check_private_key\fR\|(3) or +\&\fBSSL_check_private_key\fR\|(3) as appropriate after loading a new certificate and +private key to confirm that the certificate and key match. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success, the functions return 1. +Otherwise check out the error stack to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3), +\&\fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_use_psk_identity_hint.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_use_psk_identity_hint.3 new file mode 100644 index 00000000..213311c9 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_use_psk_identity_hint.3 @@ -0,0 +1,269 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3" +.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_psk_server_cb_func, SSL_psk_find_session_cb_func, SSL_CTX_use_psk_identity_hint, SSL_use_psk_identity_hint, SSL_CTX_set_psk_server_callback, SSL_set_psk_server_callback, SSL_CTX_set_psk_find_session_callback, SSL_set_psk_find_session_callback \&\- set PSK identity hint to use +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, +\& const unsigned char *identity, +\& size_t identity_len, +\& SSL_SESSION **sess); +\& +\& +\& void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, +\& SSL_psk_find_session_cb_func cb); +\& void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); +\& +\& typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, +\& const char *identity, +\& unsigned char *psk, +\& unsigned int max_psk_len); +\& +\& int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); +\& int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); +\& +\& void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); +\& void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A server application wishing to use TLSv1.3 PSKs should set a callback +using either \fBSSL_CTX_set_psk_find_session_callback()\fR or +\&\fBSSL_set_psk_find_session_callback()\fR as appropriate. +.PP +The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR and +an identity in \fBidentity\fR of length \fBidentity_len\fR. The callback function +should identify an \s-1SSL_SESSION\s0 object that provides the \s-1PSK\s0 details and store it +in \fB*sess\fR. The \s-1SSL_SESSION\s0 object should, as a minimum, set the master key, +the ciphersuite and the protocol version. See +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) for details. +.PP +It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this +case no \s-1PSK\s0 will be used but the handshake will continue. To do this the +callback should return successfully and ensure that \fB*sess\fR is +\&\s-1NULL.\s0 +.PP +Identity hints are not relevant for TLSv1.3. A server application wishing to use +\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fBSSL_CTX_use_psk_identity_hint()\fR +to set the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for \s-1SSL\s0 context +object \fBctx\fR. \fBSSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 +identity hint \fBhint\fR for the \s-1SSL\s0 connection object \fBssl\fR. If \fBhint\fR is +\&\fB\s-1NULL\s0\fR the current hint from \fBctx\fR or \fBssl\fR is deleted. +.PP +In the case where \s-1PSK\s0 identity hint is \fB\s-1NULL\s0\fR, the server does not send the +ServerKeyExchange message to the client. +.PP +A server application wishing to use PSKs for TLSv1.2 and below must provide a +callback function which is called when the server receives the +ClientKeyExchange message from the client. The purpose of the callback function +is to validate the received \s-1PSK\s0 identity and to fetch the pre-shared key used +during the connection setup phase. The callback is set using the functions +\&\fBSSL_CTX_set_psk_server_callback()\fR or \fBSSL_set_psk_server_callback()\fR. The callback +function is given the connection in parameter \fBssl\fR, \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 +identity sent by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of +length \fBmax_psk_len\fR bytes where the pre-shared key is to be stored. +.PP +The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use \fBSSL_CTX_set_psk_find_session_callback()\fR +or \fBSSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via \fBSSL_CTX_set_psk_find_session_callback()\fR or \fBSSL_set_psk_find_session_callback()\fR +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via \fBSSL_CTX_set_psk_server_callback()\fR or +\&\fBSSL_set_psk_server_callback()\fR and use that. In this case the handshake digest +will default to \s-1SHA\-256\s0 for any returned \s-1PSK.\s0 +.SH "NOTES" +.IX Header "NOTES" +A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption +has occurred so that \fBSSL_session_reused\fR\|(3) will return true. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fB\fBSSL_CTX_use_psk_identity_hint()\fB\fR and \fB\fBSSL_use_psk_identity_hint()\fB\fR return +1 on success, 0 otherwise. +.PP +Return values from the TLSv1.2 and below server callback are interpreted as +follows: +.IP "0" 4 +\&\s-1PSK\s0 identity was not found. An \*(L"unknown_psk_identity\*(R" alert message +will be sent and the connection setup fails. +.IP ">0" 4 +.IX Item ">0" +\&\s-1PSK\s0 identity was found and the server callback has provided the \s-1PSK\s0 +successfully in parameter \fBpsk\fR. Return value is the length of +\&\fBpsk\fR in bytes. It is an error to return a value greater than +\&\fBmax_psk_len\fR. +.Sp +If the \s-1PSK\s0 identity was not found but the callback instructs the +protocol to continue anyway, the callback must provide some random +data to \fBpsk\fR and return the length of the random data, so the +connection will fail with decryption_error before it will be finished +completely. +.PP +The \fBSSL_psk_find_session_cb_func\fR callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails. +.SH "NOTES" +.IX Header "NOTES" +There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or +below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution: +.PP +\&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +\&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), +\&\fBSSL_set_psk_use_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_CTX_set_psk_find_session_callback()\fR and \fBSSL_set_psk_find_session_callback()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_CTX_use_serverinfo.3 b/deps/openssl/mingw64/share/man/man3/SSL_CTX_use_serverinfo.3 new file mode 100644 index 00000000..c8b3d327 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_CTX_use_serverinfo.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_USE_SERVERINFO 3" +.TH SSL_CTX_USE_SERVERINFO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_use_serverinfo_ex, SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file \&\- use serverinfo extension +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, +\& const unsigned char *serverinfo, +\& size_t serverinfo_length); +\& +\& int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, +\& size_t serverinfo_length); +\& +\& int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions load \*(L"serverinfo\*(R" \s-1TLS\s0 extensions into the \s-1SSL_CTX. A\s0 +\&\*(L"serverinfo\*(R" extension is returned in response to an empty ClientHello +Extension. +.PP +\&\fBSSL_CTX_use_serverinfo_ex()\fR loads one or more serverinfo extensions from +a byte array into \fBctx\fR. The \fBversion\fR parameter specifies the format of the +byte array provided in \fB*serverinfo\fR which is of length \fBserverinfo_length\fR. +.PP +If \fBversion\fR is \fB\s-1SSL_SERVERINFOV2\s0\fR then the extensions in the array must +consist of a 4\-byte context, a 2\-byte Extension Type, a 2\-byte length, and then +length bytes of extension_data. The context and type values have the same +meaning as for \fBSSL_CTX_add_custom_ext\fR\|(3). If serverinfo is being loaded for +extensions to be added to a Certificate message, then the extension will only +be added for the first certificate in the message (which is always the +end-entity certificate). +.PP +If \fBversion\fR is \fB\s-1SSL_SERVERINFOV1\s0\fR then the extensions in the array must +consist of a 2\-byte Extension Type, a 2\-byte length, and then length bytes of +extension_data. The type value has the same meaning as for +\&\fBSSL_CTX_add_custom_ext\fR\|(3). The following default context value will be used +in this case: +.PP +.Vb 2 +\& SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO +\& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION +.Ve +.PP +\&\fBSSL_CTX_use_serverinfo()\fR does the same thing as \fBSSL_CTX_use_serverinfo_ex()\fR +except that there is no \fBversion\fR parameter so a default version of +\&\s-1SSL_SERVERINFOV1\s0 is used instead. +.PP +\&\fBSSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from +\&\fBfile\fR into \fBctx\fR. The extensions must be in \s-1PEM\s0 format. Each extension +must be in a format as described above for \fBSSL_CTX_use_serverinfo_ex()\fR. Each +\&\s-1PEM\s0 extension name must begin with the phrase \*(L"\s-1BEGIN SERVERINFOV2 FOR \*(R"\s0 for +\&\s-1SSL_SERVERINFOV2\s0 data or \*(L"\s-1BEGIN SERVERINFO FOR \*(R"\s0 for \s-1SSL_SERVERINFOV1\s0 data. +.PP +If more than one certificate (\s-1RSA/DSA\s0) is installed using +\&\fBSSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the +last certificate installed. If e.g. the last item was a \s-1RSA\s0 certificate, the +loaded serverinfo extension data will be loaded for that certificate. To +use the serverinfo extension for multiple certificates, +\&\fBSSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR +each time a certificate is loaded via a call to \fBSSL_CTX_use_certificate()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success, the functions return 1. +On failure, the functions return 0. Check out the error stack to find out +the reason. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_SESSION_free.3 b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_free.3 new file mode 100644 index 00000000..517f97de --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_free.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_FREE 3" +.TH SSL_SESSION_FREE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_new, SSL_SESSION_dup, SSL_SESSION_up_ref, SSL_SESSION_free \- create, free and manage SSL_SESSION structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_SESSION *SSL_SESSION_new(void); +\& SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); +\& int SSL_SESSION_up_ref(SSL_SESSION *ses); +\& void SSL_SESSION_free(SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_new()\fR creates a new \s-1SSL_SESSION\s0 structure and returns a pointer to +it. +.PP +\&\fBSSL_SESSION_dup()\fR copies the contents of the \s-1SSL_SESSION\s0 structure in \fBsrc\fR +and returns a pointer to it. +.PP +\&\fBSSL_SESSION_up_ref()\fR increments the reference count on the given \s-1SSL_SESSION\s0 +structure. +.PP +\&\fBSSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes +the \fB\s-1SSL_SESSION\s0\fR structure pointed to by \fBsession\fR and frees up the allocated +memory, if the reference count has reached 0. +If \fBsession\fR is \s-1NULL\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation +is successfully completed. Depending on the settings, see +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and +linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object; +as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0 +object at the same time. It is therefore crucial to keep the reference +count (usage information) correct and not delete a \s-1SSL_SESSION\s0 object +that is still used, as this may lead to program failures due to +dangling pointers. These failures may also appear delayed, e.g. +when an \s-1SSL_SESSION\s0 object was completely freed as the reference count +incorrectly became 0, but it is still referenced in the internal +session cache and the cache list is processed during a +\&\fBSSL_CTX_flush_sessions\fR\|(3) operation. +.PP +\&\fBSSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for +which the reference count was explicitly incremented (e.g. +by calling \fBSSL_get1_session()\fR, see \fBSSL_get_session\fR\|(3)) +or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake +operation, e.g. by using \fBd2i_SSL_SESSION\fR\|(3). +It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause +incorrect reference counts and therefore program failures. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +SSL_SESSION_new returns a pointer to the newly allocated \s-1SSL_SESSION\s0 structure +or \s-1NULL\s0 on error. +.PP +SSL_SESSION_up_ref returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBd2i_SSL_SESSION\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_dup()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get0_cipher.3 b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get0_cipher.3 new file mode 100644 index 00000000..e71a3690 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get0_cipher.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_CIPHER 3" +.TH SSL_SESSION_GET0_CIPHER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_cipher, SSL_SESSION_set_cipher \&\- set and retrieve the SSL cipher associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); +\& int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get0_cipher()\fR retrieves the cipher that was used by the +connection when the session was created, or \s-1NULL\s0 if it cannot be determined. +.PP +The value returned is a pointer to an object maintained within \fBs\fR and +should not be released. +.PP +\&\fBSSL_SESSION_set_cipher()\fR can be used to set the ciphersuite associated with the +\&\s-1SSL_SESSION\s0 \fBs\fR to \fBcipher\fR. For example, this could be used to set up a +session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get0_cipher()\fR returns the \s-1SSL_CIPHER\s0 associated with the \s-1SSL_SESSION\s0 +or \s-1NULL\s0 if it cannot be determined. +.PP +\&\fBSSL_SESSION_set_cipher()\fR returns 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_SESSION_get0_hostname\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_get0_cipher()\fR function was added in OpenSSL 1.1.0. +The \fBSSL_SESSION_set_cipher()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get0_hostname.3 b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get0_hostname.3 new file mode 100644 index 00000000..1f5c4755 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get0_hostname.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_HOSTNAME 3" +.TH SSL_SESSION_GET0_HOSTNAME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_hostname, SSL_SESSION_set1_hostname, SSL_SESSION_get0_alpn_selected, SSL_SESSION_set1_alpn_selected \&\- get and set SNI and ALPN data associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +\& int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +\& +\& void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, +\& const unsigned char **alpn, +\& size_t *len); +\& int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, +\& size_t len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get0_hostname()\fR retrieves the \s-1SNI\s0 value that was sent by the +client when the session was created if it was accepted by the server and TLSv1.2 +or below was negotiated. Otherwise \s-1NULL\s0 is returned. Note that in TLSv1.3 the +\&\s-1SNI\s0 hostname is negotiated with each handshake including resumption handshakes +and is therefore never associated with the session. +.PP +The value returned is a pointer to memory maintained within \fBs\fR and +should not be free'd. +.PP +\&\fBSSL_SESSION_set1_hostname()\fR sets the \s-1SNI\s0 value for the hostname to a copy of +the string provided in hostname. +.PP +\&\fBSSL_SESSION_get0_alpn_selected()\fR retrieves the selected \s-1ALPN\s0 protocol for this +session and its associated length in bytes. The returned value of \fB*alpn\fR is a +pointer to memory maintained within \fBs\fR and should not be free'd. +.PP +\&\fBSSL_SESSION_set1_alpn_selected()\fR sets the \s-1ALPN\s0 protocol for this session to the +value in \fBalpn\fR which should be of length \fBlen\fR bytes. A copy of the input +value is made, and the caller retains ownership of the memory pointed to by +\&\fBalpn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get0_hostname()\fR returns either a string or \s-1NULL\s0 based on if there +is the \s-1SNI\s0 value sent by client. +.PP +\&\fBSSL_SESSION_set1_hostname()\fR returns 1 on success or 0 on error. +.PP +\&\fBSSL_SESSION_set1_alpn_selected()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_set1_hostname()\fR, \fBSSL_SESSION_get0_alpn_selected()\fR and +\&\fBSSL_SESSION_set1_alpn_selected()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get0_id_context.3 b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get0_id_context.3 new file mode 100644 index 00000000..415113f2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get0_id_context.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_ID_CONTEXT 3" +.TH SSL_SESSION_GET0_ID_CONTEXT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_id_context, SSL_SESSION_set1_id_context \&\- get and set the SSL ID context associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, +\& unsigned int *len) +\& int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +See \fBSSL_CTX_set_session_id_context\fR\|(3) for further details on session \s-1ID\s0 +contexts. +.PP +\&\fBSSL_SESSION_get0_id_context()\fR returns the \s-1ID\s0 context associated with +the \s-1SSL/TLS\s0 session \fBs\fR. The length of the \s-1ID\s0 context is written to +\&\fB*len\fR if \fBlen\fR is not \s-1NULL.\s0 +.PP +The value returned is a pointer to an object maintained within \fBs\fR and +should not be released. +.PP +\&\fBSSL_SESSION_set1_id_context()\fR takes a copy of the provided \s-1ID\s0 context given in +\&\fBsid_ctx\fR and associates it with the session \fBs\fR. The length of the \s-1ID\s0 context +is given by \fBsid_ctx_len\fR which must not exceed \s-1SSL_MAX_SID_CTX_LENGTH\s0 bytes. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_set1_id_context()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_set_session_id_context\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_get0_id_context()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get0_peer.3 b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get0_peer.3 new file mode 100644 index 00000000..55155fc3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get0_peer.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_PEER 3" +.TH SSL_SESSION_GET0_PEER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_peer \&\- get details about peer's certificate for a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get0_peer()\fR returns the peer certificate associated with the session +\&\fBs\fR or \s-1NULL\s0 if no peer certificate is available. The caller should not free the +returned value (unless \fBX509_up_ref\fR\|(3) has also been called). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get0_peer()\fR returns a pointer to the peer certificate or \s-1NULL\s0 if +no peer certificate is available. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get_compress_id.3 b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get_compress_id.3 new file mode 100644 index 00000000..1bcdb163 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get_compress_id.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_COMPRESS_ID 3" +.TH SSL_SESSION_GET_COMPRESS_ID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_compress_id \&\- get details about the compression associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +If compression has been negotiated for an ssl session then +\&\fBSSL_SESSION_get_compress_id()\fR will return the id for the compression method or +0 otherwise. The only built-in supported compression method is zlib which has an +id of 1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get_compress_id()\fR returns the id of the compression method or 0 if +none. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get_ex_data.3 b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get_ex_data.3 new file mode 100644 index 00000000..039a60b1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get_ex_data.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_EX_DATA 3" +.TH SSL_SESSION_GET_EX_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \&\- get and set application specific data on a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); +\& void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_set_ex_data()\fR enables an application to store arbitrary application +specific data \fBdata\fR in an \s-1SSL_SESSION\s0 structure \fBss\fR. The index \fBidx\fR should +be a value previously returned from a call to \fBCRYPTO_get_ex_new_index\fR\|(3). +.PP +\&\fBSSL_SESSION_get_ex_data()\fR retrieves application specific data previously stored +in an \s-1SSL_SESSION\s0 structure \fBs\fR. The \fBidx\fR value should be the same as that +used when originally storing the data. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_set_ex_data()\fR returns 1 for success or 0 for failure. +.PP +\&\fBSSL_SESSION_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on +failure. \s-1NULL\s0 may also be a valid value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBCRYPTO_get_ex_new_index\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get_protocol_version.3 b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get_protocol_version.3 new file mode 100644 index 00000000..aa5f8996 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get_protocol_version.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_PROTOCOL_VERSION 3" +.TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_protocol_version, SSL_SESSION_set_protocol_version \&\- get and set the session protocol version +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +\& int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get_protocol_version()\fR returns the protocol version number used +by session \fBs\fR. +.PP +\&\fBSSL_SESSION_set_protocol_version()\fR sets the protocol version associated with the +\&\s-1SSL_SESSION\s0 object \fBs\fR to the value \fBversion\fR. This value should be a version +constant such as \fB\s-1TLS1_3_VERSION\s0\fR etc. For example, this could be used to set +up a session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get_protocol_version()\fR returns a number indicating the protocol +version used for the session; this number matches the constants \fIe.g.\fR +\&\fB\s-1TLS1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR or \fB\s-1TLS1_3_VERSION\s0\fR. +.PP +Note that the \fBSSL_SESSION_get_protocol_version()\fR function +does \fBnot\fR perform a null check on the provided session \fBs\fR pointer. +.PP +\&\fBSSL_SESSION_set_protocol_version()\fR returns 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_get_protocol_version()\fR function was added in OpenSSL 1.1.0. +The \fBSSL_SESSION_set_protocol_version()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get_time.3 b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get_time.3 new file mode 100644 index 00000000..daf0671c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_get_time.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_TIME 3" +.TH SSL_SESSION_GET_TIME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_set_timeout, SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout \&\- retrieve and manipulate session time and timeout settings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_SESSION_get_time(const SSL_SESSION *s); +\& long SSL_SESSION_set_time(SSL_SESSION *s, long tm); +\& long SSL_SESSION_get_timeout(const SSL_SESSION *s); +\& long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm); +\& +\& long SSL_get_time(const SSL_SESSION *s); +\& long SSL_set_time(SSL_SESSION *s, long tm); +\& long SSL_get_timeout(const SSL_SESSION *s); +\& long SSL_set_timeout(SSL_SESSION *s, long tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was +established. The time is given in seconds since the Epoch and therefore +compatible to the time delivered by the \fBtime()\fR call. +.PP +\&\fBSSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with +the chosen value \fBtm\fR. +.PP +\&\fBSSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR +in seconds. +.PP +\&\fBSSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds +to \fBtm\fR. +.PP +The \fBSSL_get_time()\fR, \fBSSL_set_time()\fR, \fBSSL_get_timeout()\fR, and \fBSSL_set_timeout()\fR +functions are synonyms for the SSL_SESSION_*() counterparts. +.SH "NOTES" +.IX Header "NOTES" +Sessions are expired by examining the creation time and the timeout value. +Both are set at creation time of the session to the actual time and the +default timeout value at creation, respectively, as set by +\&\fBSSL_CTX_set_timeout\fR\|(3). +Using these functions it is possible to extend or shorten the lifetime +of the session. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get_time()\fR and \fBSSL_SESSION_get_timeout()\fR return the currently +valid values. +.PP +\&\fBSSL_SESSION_set_time()\fR and \fBSSL_SESSION_set_timeout()\fR return 1 on success. +.PP +If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR, +0 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_SESSION_has_ticket.3 b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_has_ticket.3 new file mode 100644 index 00000000..67bac9d2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_has_ticket.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_HAS_TICKET 3" +.TH SSL_SESSION_HAS_TICKET 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_ticket, SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint \&\- get details about the ticket associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_has_ticket(const SSL_SESSION *s); +\& unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +\& void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, +\& size_t *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_has_ticket()\fR returns 1 if there is a Session Ticket associated with +this session, and 0 otherwise. +.PP +SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds +associated with the session ticket. +.PP +SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a +session. The length of the ticket is written to \fB*len\fR. If \fBtick\fR is non +\&\s-1NULL\s0 then a pointer to the ticket is written to \fB*tick\fR. The pointer is only +valid while the connection is in use. The session (and hence the ticket pointer) +may also become invalid as a result of a call to \fBSSL_CTX_flush_sessions()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_has_ticket()\fR returns 1 if session ticket exists or 0 otherwise. +.PP +\&\fBSSL_SESSION_get_ticket_lifetime_hint()\fR returns the number of seconds. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_has_ticket()\fR, \fBSSL_SESSION_get_ticket_lifetime_hint()\fR +and \fBSSL_SESSION_get0_ticket()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_SESSION_is_resumable.3 b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_is_resumable.3 new file mode 100644 index 00000000..5fba8af1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_is_resumable.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_IS_RESUMABLE 3" +.TH SSL_SESSION_IS_RESUMABLE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_is_resumable \&\- determine whether an SSL_SESSION object can be used for resumption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_is_resumable(const SSL_SESSION *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_is_resumable()\fR determines whether an \s-1SSL_SESSION\s0 object can be used +to resume a session or not. Returns 1 if it can or 0 if not. Note that +attempting to resume with a non-resumable session will result in a full +handshake. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_is_resumable()\fR returns 1 if the session is resumable or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_get_session\fR\|(3), +\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_is_resumable()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_SESSION_print.3 b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_print.3 new file mode 100644 index 00000000..ca5568fb --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_print.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_PRINT 3" +.TH SSL_SESSION_PRINT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_print, SSL_SESSION_print_fp, SSL_SESSION_print_keylog \&\- printf information about a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +\& int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); +\& int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_print()\fR prints summary information about the session provided in +\&\fBses\fR to the \s-1BIO\s0 \fBfp\fR. +.PP +\&\fBSSL_SESSION_print_fp()\fR does the same as \fBSSL_SESSION_print()\fR except it prints it +to the \s-1FILE\s0 \fBfp\fR. +.PP +\&\fBSSL_SESSION_print_keylog()\fR prints session information to the provided \s-1BIO\s0 +in \s-1NSS\s0 keylog format. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_print()\fR, \fBSSL_SESSION_print_fp()\fR and SSL_SESSION_print_keylog return +1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_SESSION_set1_id.3 b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_set1_id.3 new file mode 100644 index 00000000..1cc5d613 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_SESSION_set1_id.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_SET1_ID 3" +.TH SSL_SESSION_SET1_ID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_id, SSL_SESSION_set1_id \&\- get and set the SSL session ID +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, +\& unsigned int *len) +\& int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, +\& unsigned int sid_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get_id()\fR returns a pointer to the internal session id value for the +session \fBs\fR. The length of the id in bytes is stored in \fB*len\fR. The length may +be 0. The caller should not free the returned pointer directly. +.PP +\&\fBSSL_SESSION_set1_id()\fR sets the session \s-1ID\s0 for the \fBssl\fR \s-1SSL/TLS\s0 session +to \fBsid\fR of length \fBsid_len\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get_id()\fR returns a pointer to the session id value. +\&\fBSSL_SESSION_set1_id()\fR returns 1 for success and 0 for failure, for example +if the supplied session \s-1ID\s0 length exceeds \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_set1_id()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_accept.3 b/deps/openssl/mingw64/share/man/man3/SSL_accept.3 new file mode 100644 index 00000000..1ae4a174 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_accept.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_ACCEPT 3" +.TH SSL_ACCEPT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_accept \- wait for a TLS/SSL client to initiate a TLS/SSL handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_accept(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake. +The communication channel must already have been set and assigned to the +\&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fBSSL_accept()\fR depends on the underlying \s-1BIO.\s0 +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_accept()\fR will only return once the +handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_accept()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_accept()\fR +to continue the handshake, indicating the problem by the return value \-1. +In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fBSSL_accept()\fR. +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +nothing is to be done, but \fBselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.IP "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.IP "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur if action is needed to continue the operation +for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_alert_type_string.3 b/deps/openssl/mingw64/share/man/man3/SSL_alert_type_string.3 new file mode 100644 index 00000000..b07c7814 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_alert_type_string.3 @@ -0,0 +1,369 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_ALERT_TYPE_STRING 3" +.TH SSL_ALERT_TYPE_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_alert_type_string(int value); +\& const char *SSL_alert_type_string_long(int value); +\& +\& const char *SSL_alert_desc_string(int value); +\& const char *SSL_alert_desc_string_long(int value); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_alert_type_string()\fR returns a one letter string indicating the +type of the alert specified by \fBvalue\fR. +.PP +\&\fBSSL_alert_type_string_long()\fR returns a string indicating the type of the alert +specified by \fBvalue\fR. +.PP +\&\fBSSL_alert_desc_string()\fR returns a two letter string as a short form +describing the reason of the alert specified by \fBvalue\fR. +.PP +\&\fBSSL_alert_desc_string_long()\fR returns a string describing the reason +of the alert specified by \fBvalue\fR. +.SH "NOTES" +.IX Header "NOTES" +When one side of an \s-1SSL/TLS\s0 communication wants to inform the peer about +a special situation, it sends an alert. The alert is sent as a special message +and does not influence the normal data stream (unless its contents results +in the communication being canceled). +.PP +A warning alert is sent, when a non-fatal error condition occurs. The +\&\*(L"close notify\*(R" alert is sent as a warning alert. Other examples for +non-fatal errors are certificate errors (\*(L"certificate expired\*(R", +\&\*(L"unsupported certificate\*(R"), for which a warning alert may be sent. +(The sending party may however decide to send a fatal error.) The +receiving side may cancel the connection on reception of a warning +alert on it discretion. +.PP +Several alert messages must be sent as fatal alert messages as specified +by the \s-1TLS RFC. A\s0 fatal alert always leads to a connection abort. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following strings can occur for \fBSSL_alert_type_string()\fR or +\&\fBSSL_alert_type_string_long()\fR: +.ie n .IP """W""/""warning""" 4 +.el .IP "``W''/``warning''" 4 +.IX Item "W/warning" +.PD 0 +.ie n .IP """F""/""fatal""" 4 +.el .IP "``F''/``fatal''" 4 +.IX Item "F/fatal" +.ie n .IP """U""/""unknown""" 4 +.el .IP "``U''/``unknown''" 4 +.IX Item "U/unknown" +.PD +This indicates that no support is available for this alert type. +Probably \fBvalue\fR does not contain a correct alert message. +.PP +The following strings can occur for \fBSSL_alert_desc_string()\fR or +\&\fBSSL_alert_desc_string_long()\fR: +.ie n .IP """\s-1CN""/\s0""close notify""" 4 +.el .IP "``\s-1CN''/\s0``close notify''" 4 +.IX Item "CN/close notify" +The connection shall be closed. This is a warning alert. +.ie n .IP """\s-1UM""/\s0""unexpected message""" 4 +.el .IP "``\s-1UM''/\s0``unexpected message''" 4 +.IX Item "UM/unexpected message" +An inappropriate message was received. This alert is always fatal +and should never be observed in communication between proper +implementations. +.ie n .IP """\s-1BM""/\s0""bad record mac""" 4 +.el .IP "``\s-1BM''/\s0``bad record mac''" 4 +.IX Item "BM/bad record mac" +This alert is returned if a record is received with an incorrect +\&\s-1MAC.\s0 This message is always fatal. +.ie n .IP """\s-1DF""/\s0""decompression failure""" 4 +.el .IP "``\s-1DF''/\s0``decompression failure''" 4 +.IX Item "DF/decompression failure" +The decompression function received improper input (e.g. data +that would expand to excessive length). This message is always +fatal. +.ie n .IP """\s-1HF""/\s0""handshake failure""" 4 +.el .IP "``\s-1HF''/\s0``handshake failure''" 4 +.IX Item "HF/handshake failure" +Reception of a handshake_failure alert message indicates that the +sender was unable to negotiate an acceptable set of security +parameters given the options available. This is a fatal error. +.ie n .IP """\s-1NC""/\s0""no certificate""" 4 +.el .IP "``\s-1NC''/\s0``no certificate''" 4 +.IX Item "NC/no certificate" +A client, that was asked to send a certificate, does not send a certificate +(SSLv3 only). +.ie n .IP """\s-1BC""/\s0""bad certificate""" 4 +.el .IP "``\s-1BC''/\s0``bad certificate''" 4 +.IX Item "BC/bad certificate" +A certificate was corrupt, contained signatures that did not +verify correctly, etc +.ie n .IP """\s-1UC""/\s0""unsupported certificate""" 4 +.el .IP "``\s-1UC''/\s0``unsupported certificate''" 4 +.IX Item "UC/unsupported certificate" +A certificate was of an unsupported type. +.ie n .IP """\s-1CR""/\s0""certificate revoked""" 4 +.el .IP "``\s-1CR''/\s0``certificate revoked''" 4 +.IX Item "CR/certificate revoked" +A certificate was revoked by its signer. +.ie n .IP """\s-1CE""/\s0""certificate expired""" 4 +.el .IP "``\s-1CE''/\s0``certificate expired''" 4 +.IX Item "CE/certificate expired" +A certificate has expired or is not currently valid. +.ie n .IP """\s-1CU""/\s0""certificate unknown""" 4 +.el .IP "``\s-1CU''/\s0``certificate unknown''" 4 +.IX Item "CU/certificate unknown" +Some other (unspecified) issue arose in processing the +certificate, rendering it unacceptable. +.ie n .IP """\s-1IP""/\s0""illegal parameter""" 4 +.el .IP "``\s-1IP''/\s0``illegal parameter''" 4 +.IX Item "IP/illegal parameter" +A field in the handshake was out of range or inconsistent with +other fields. This is always fatal. +.ie n .IP """\s-1DC""/\s0""decryption failed""" 4 +.el .IP "``\s-1DC''/\s0``decryption failed''" 4 +.IX Item "DC/decryption failed" +A TLSCiphertext decrypted in an invalid way: either it wasn't an +even multiple of the block length or its padding values, when +checked, weren't correct. This message is always fatal. +.ie n .IP """\s-1RO""/\s0""record overflow""" 4 +.el .IP "``\s-1RO''/\s0``record overflow''" 4 +.IX Item "RO/record overflow" +A TLSCiphertext record was received which had a length more than +2^14+2048 bytes, or a record decrypted to a TLSCompressed record +with more than 2^14+1024 bytes. This message is always fatal. +.ie n .IP """\s-1CA""/\s0""unknown \s-1CA""\s0" 4 +.el .IP "``\s-1CA''/\s0``unknown \s-1CA''\s0" 4 +.IX Item "CA/unknown CA" +A valid certificate chain or partial chain was received, but the +certificate was not accepted because the \s-1CA\s0 certificate could not +be located or couldn't be matched with a known, trusted \s-1CA.\s0 This +message is always fatal. +.ie n .IP """\s-1AD""/\s0""access denied""" 4 +.el .IP "``\s-1AD''/\s0``access denied''" 4 +.IX Item "AD/access denied" +A valid certificate was received, but when access control was +applied, the sender decided not to proceed with negotiation. +This message is always fatal. +.ie n .IP """\s-1DE""/\s0""decode error""" 4 +.el .IP "``\s-1DE''/\s0``decode error''" 4 +.IX Item "DE/decode error" +A message could not be decoded because some field was out of the +specified range or the length of the message was incorrect. This +message is always fatal. +.ie n .IP """\s-1CY""/\s0""decrypt error""" 4 +.el .IP "``\s-1CY''/\s0``decrypt error''" 4 +.IX Item "CY/decrypt error" +A handshake cryptographic operation failed, including being +unable to correctly verify a signature, decrypt a key exchange, +or validate a finished message. +.ie n .IP """\s-1ER""/\s0""export restriction""" 4 +.el .IP "``\s-1ER''/\s0``export restriction''" 4 +.IX Item "ER/export restriction" +A negotiation not in compliance with export restrictions was +detected; for example, attempting to transfer a 1024 bit +ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This +message is always fatal. +.ie n .IP """\s-1PV""/\s0""protocol version""" 4 +.el .IP "``\s-1PV''/\s0``protocol version''" 4 +.IX Item "PV/protocol version" +The protocol version the client has attempted to negotiate is +recognized, but not supported. (For example, old protocol +versions might be avoided for security reasons). This message is +always fatal. +.ie n .IP """\s-1IS""/\s0""insufficient security""" 4 +.el .IP "``\s-1IS''/\s0``insufficient security''" 4 +.IX Item "IS/insufficient security" +Returned instead of handshake_failure when a negotiation has +failed specifically because the server requires ciphers more +secure than those supported by the client. This message is always +fatal. +.ie n .IP """\s-1IE""/\s0""internal error""" 4 +.el .IP "``\s-1IE''/\s0``internal error''" 4 +.IX Item "IE/internal error" +An internal error unrelated to the peer or the correctness of the +protocol makes it impossible to continue (such as a memory +allocation failure). This message is always fatal. +.ie n .IP """\s-1US""/\s0""user canceled""" 4 +.el .IP "``\s-1US''/\s0``user canceled''" 4 +.IX Item "US/user canceled" +This handshake is being canceled for some reason unrelated to a +protocol failure. If the user cancels an operation after the +handshake is complete, just closing the connection by sending a +close_notify is more appropriate. This alert should be followed +by a close_notify. This message is generally a warning. +.ie n .IP """\s-1NR""/\s0""no renegotiation""" 4 +.el .IP "``\s-1NR''/\s0``no renegotiation''" 4 +.IX Item "NR/no renegotiation" +Sent by the client in response to a hello request or by the +server in response to a client hello after initial handshaking. +Either of these would normally lead to renegotiation; when that +is not appropriate, the recipient should respond with this alert; +at that point, the original requester can decide whether to +proceed with the connection. One case where this would be +appropriate would be where a server has spawned a process to +satisfy a request; the process might receive security parameters +(key length, authentication, etc.) at startup and it might be +difficult to communicate changes to these parameters after that +point. This message is always a warning. +.ie n .IP """\s-1UP""/\s0""unknown \s-1PSK\s0 identity""" 4 +.el .IP "``\s-1UP''/\s0``unknown \s-1PSK\s0 identity''" 4 +.IX Item "UP/unknown PSK identity" +Sent by the server to indicate that it does not recognize a \s-1PSK\s0 +identity or an \s-1SRP\s0 identity. +.ie n .IP """\s-1UK""/\s0""unknown""" 4 +.el .IP "``\s-1UK''/\s0``unknown''" 4 +.IX Item "UK/unknown" +This indicates that no description is available for this alert type. +Probably \fBvalue\fR does not contain a correct alert message. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_alloc_buffers.3 b/deps/openssl/mingw64/share/man/man3/SSL_alloc_buffers.3 new file mode 100644 index 00000000..5d8b6383 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_alloc_buffers.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_ALLOC_BUFFERS 3" +.TH SSL_ALLOC_BUFFERS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_free_buffers, SSL_alloc_buffers \- manage SSL structure buffers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_free_buffers(SSL *ssl); +\& int SSL_alloc_buffers(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_free_buffers()\fR frees the read and write buffers of the given \fBssl\fR. +\&\fBSSL_alloc_buffers()\fR allocates the read and write buffers of the given \fBssl\fR. +.PP +The \fB\s-1SSL_MODE_RELEASE_BUFFERS\s0\fR mode releases read or write buffers whenever +the buffers have been drained. These functions allow applications to manually +control when buffers are freed and allocated. +.PP +After freeing the buffers, the buffers are automatically reallocated upon a +new read or write. The \fBSSL_alloc_buffers()\fR does not need to be called, but +can be used to make sure the buffers are pre-allocated. This can be used to +avoid allocation during data processing or with \fBCRYPTO_set_mem_functions()\fR +to control where and how buffers are allocated. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0 (Failure)" 4 +.IX Item "0 (Failure)" +The \fBSSL_free_buffers()\fR function returns 0 when there is pending data to be +read or written. The \fBSSL_alloc_buffers()\fR function returns 0 when there is +an allocation failure. +.IP "1 (Success)" 4 +.IX Item "1 (Success)" +The \fBSSL_free_buffers()\fR function returns 1 if the buffers have been freed. This +value is also returned if the buffers had been freed before calling +\&\fBSSL_free_buffers()\fR. +The \fBSSL_alloc_buffers()\fR function returns 1 if the buffers have been allocated. +This value is also returned if the buffers had been allocated before calling +\&\fBSSL_alloc_buffers()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_new\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3), +CRYPTO_set_mem_functions +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_check_chain.3 b/deps/openssl/mingw64/share/man/man3/SSL_check_chain.3 new file mode 100644 index 00000000..2fd273a6 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_check_chain.3 @@ -0,0 +1,225 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CHECK_CHAIN 3" +.TH SSL_CHECK_CHAIN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_check_chain \- check certificate chain suitability +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_check_chain()\fR checks whether certificate \fBx\fR, private key \fBpk\fR and +certificate chain \fBchain\fR is suitable for use with the current session +\&\fBs\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_check_chain()\fR returns a bitmap of flags indicating the validity of the +chain. +.PP +\&\fB\s-1CERT_PKEY_VALID\s0\fR: the chain can be used with the current session. +If this flag is \fBnot\fR set then the certificate will never be used even +if the application tries to set it because it is inconsistent with the +peer preferences. +.PP +\&\fB\s-1CERT_PKEY_SIGN\s0\fR: the \s-1EE\s0 key can be used for signing. +.PP +\&\fB\s-1CERT_PKEY_EE_SIGNATURE\s0\fR: the signature algorithm of the \s-1EE\s0 certificate is +acceptable. +.PP +\&\fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR: the signature algorithms of all \s-1CA\s0 certificates +are acceptable. +.PP +\&\fB\s-1CERT_PKEY_EE_PARAM\s0\fR: the parameters of the end entity certificate are +acceptable (e.g. it is a supported curve). +.PP +\&\fB\s-1CERT_PKEY_CA_PARAM\s0\fR: the parameters of all \s-1CA\s0 certificates are acceptable. +.PP +\&\fB\s-1CERT_PKEY_EXPLICIT_SIGN\s0\fR: the end entity certificate algorithm +can be used explicitly for signing (i.e. it is mentioned in the signature +algorithms extension). +.PP +\&\fB\s-1CERT_PKEY_ISSUER_NAME\s0\fR: the issuer name is acceptable. This is only +meaningful for client authentication. +.PP +\&\fB\s-1CERT_PKEY_CERT_TYPE\s0\fR: the certificate type is acceptable. Only meaningful +for client authentication. +.PP +\&\fB\s-1CERT_PKEY_SUITEB\s0\fR: chain is suitable for Suite B use. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_check_chain()\fR must be called in servers after a client hello message or in +clients after a certificate request message. It will typically be called +in the certificate callback. +.PP +An application wishing to support multiple certificate chains may call this +function on each chain in turn: starting with the one it considers the +most secure. It could then use the chain of the first set which returns +suitable flags. +.PP +As a minimum the flag \fB\s-1CERT_PKEY_VALID\s0\fR must be set for a chain to be +usable. An application supporting multiple chains with different \s-1CA\s0 signature +algorithms may also wish to check \fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR too. If no +chain is suitable a server should fall back to the most secure chain which +sets \fB\s-1CERT_PKEY_VALID\s0\fR. +.PP +The validity of a chain is determined by checking if it matches a supported +signature algorithm, supported curves and in the case of client authentication +certificate types and issuer names. +.PP +Since the supported signature algorithms extension is only used in \s-1TLS 1.2, +TLS 1.3\s0 and \s-1DTLS 1.2\s0 the results for earlier versions of \s-1TLS\s0 and \s-1DTLS\s0 may not +be very useful. Applications may wish to specify a different \*(L"legacy\*(R" chain +for earlier versions of \s-1TLS\s0 or \s-1DTLS.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_cert_cb\fR\|(3), +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_clear.3 b/deps/openssl/mingw64/share/man/man3/SSL_clear.3 new file mode 100644 index 00000000..7a619ba3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_clear.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CLEAR 3" +.TH SSL_CLEAR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_clear \- reset SSL object to allow another connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_clear(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Reset \fBssl\fR to allow another connection. All settings (method, ciphers, +BIOs) are kept. +.SH "NOTES" +.IX Header "NOTES" +SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all +settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. +If a session is still \fBopen\fR, it is considered bad and will be removed +from the session cache, as required by \s-1RFC2246. A\s0 session is considered open, +if \fBSSL_shutdown\fR\|(3) was not called for the connection +or at least \fBSSL_set_shutdown\fR\|(3) was used to +set the \s-1SSL_SENT_SHUTDOWN\s0 state. +.PP +If a session was closed cleanly, the session object will be kept and all +settings corresponding. This explicitly means, that e.g. the special method +used during the session will be kept for the next handshake. So if the +session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client +method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1 +server method, even if TLS_*_methods were chosen on startup. This +will might lead to connection failures (see \fBSSL_new\fR\|(3)) +for a description of the method's properties. +.SH "WARNINGS" +.IX Header "WARNINGS" +\&\fBSSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The +reset operation however keeps several settings of the last sessions +(some of these settings were made automatically during the last +handshake). It only makes sense for a new connection with the exact +same peer that shares these settings, and may fail if that peer +changes its settings between connections. Use the sequence +\&\fBSSL_get_session\fR\|(3); +\&\fBSSL_new\fR\|(3); +\&\fBSSL_set_session\fR\|(3); +\&\fBSSL_free\fR\|(3) +instead to avoid such failures +(or simply \fBSSL_free\fR\|(3); \fBSSL_new\fR\|(3) +if session reuse is not desired). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \fBSSL_clear()\fR operation could not be performed. Check the error stack to +find out the reason. +.IP "1" 4 +.IX Item "1" +The \fBSSL_clear()\fR operation was successful. +.PP +\&\fBSSL_new\fR\|(3), \fBSSL_free\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), \fBssl\fR\|(7), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_connect.3 b/deps/openssl/mingw64/share/man/man3/SSL_connect.3 new file mode 100644 index 00000000..43684f8b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_connect.3 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONNECT 3" +.TH SSL_CONNECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_connect(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication +channel must already have been set and assigned to the \fBssl\fR by setting an +underlying \fB\s-1BIO\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fBSSL_connect()\fR depends on the underlying \s-1BIO.\s0 +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_connect()\fR will only return once the +handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_connect()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_connect()\fR +to continue the handshake, indicating the problem by the return value \-1. +In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fBSSL_connect()\fR. +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +nothing is to be done, but \fBselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +Many systems implement Nagle's algorithm by default which means that it will +buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent for which no +corresponding \s-1ACK\s0 has been received yet from the peer. This can have performance +impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below) +resumption handshake, because the last peer to communicate in the handshake is +the client. If the client is also the first to send application data (as is +typical for many protocols) then this data could be buffered until an \s-1ACK\s0 has +been received for the final handshake message. +.PP +The \fB\s-1TCP_NODELAY\s0\fR socket option is often available to disable Nagle's +algorithm. If an application opts to disable Nagle's algorithm consideration +should be given to turning it back on again later if appropriate. The helper +function \fBBIO_set_tcp_ndelay()\fR can be used to turn on or off the \fB\s-1TCP_NODELAY\s0\fR +option. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.IP "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.IP "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur if action is needed to continue the operation +for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_do_handshake.3 b/deps/openssl/mingw64/share/man/man3/SSL_do_handshake.3 new file mode 100644 index 00000000..d3e222dc --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_do_handshake.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_DO_HANDSHAKE 3" +.TH SSL_DO_HANDSHAKE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_do_handshake \- perform a TLS/SSL handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_do_handshake(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the +connection is in client mode, the handshake will be started. The handshake +routines may have to be explicitly set in advance using either +\&\fBSSL_set_connect_state\fR\|(3) or +\&\fBSSL_set_accept_state\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fBSSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0 +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_do_handshake()\fR will only return +once the handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_do_handshake()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_do_handshake()\fR +to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fBSSL_do_handshake()\fR. +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +nothing is to be done, but \fBselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.IP "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.IP "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur if action is needed to continue the operation +for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_export_keying_material.3 b/deps/openssl/mingw64/share/man/man3/SSL_export_keying_material.3 new file mode 100644 index 00000000..98b112da --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_export_keying_material.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_EXPORT_KEYING_MATERIAL 3" +.TH SSL_EXPORT_KEYING_MATERIAL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_export_keying_material, SSL_export_keying_material_early \&\- obtain keying material for application use +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, +\& const char *label, size_t llen, +\& const unsigned char *context, +\& size_t contextlen, int use_context); +\& +\& int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, +\& const char *label, size_t llen, +\& const unsigned char *context, +\& size_t contextlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During the creation of a \s-1TLS\s0 or \s-1DTLS\s0 connection shared keying material is +established between the two endpoints. The functions +\&\fBSSL_export_keying_material()\fR and \fBSSL_export_keying_material_early()\fR enable an +application to use some of this keying material for its own purposes in +accordance with \s-1RFC5705\s0 (for TLSv1.2 and below) or \s-1RFC8446\s0 (for TLSv1.3). +.PP +\&\fBSSL_export_keying_material()\fR derives keying material using +the \fIexporter_master_secret\fR established in the handshake. +.PP +\&\fBSSL_export_keying_material_early()\fR is only usable with TLSv1.3, and derives +keying material using the \fIearly_exporter_master_secret\fR (as defined in the +\&\s-1TLS 1.3 RFC\s0). For the client, the \fIearly_exporter_master_secret\fR is only +available when the client attempts to send 0\-RTT data. For the server, it is +only available when the server accepts 0\-RTT data. +.PP +An application may need to securely establish the context within which this +keying material will be used. For example this may include identifiers for the +application session, application algorithms or parameters, or the lifetime of +the context. The context value is left to the application but must be the same +on both sides of the communication. +.PP +For a given \s-1SSL\s0 connection \fBs\fR, \fBolen\fR bytes of data will be written to +\&\fBout\fR. The application specific context should be supplied in the location +pointed to by \fBcontext\fR and should be \fBcontextlen\fR bytes long. Provision of +a context is optional. If the context should be omitted entirely then +\&\fBuse_context\fR should be set to 0. Otherwise it should be any other value. If +\&\fBuse_context\fR is 0 then the values of \fBcontext\fR and \fBcontextlen\fR are ignored. +Note that in TLSv1.2 and below a zero length context is treated differently from +no context at all, and will result in different keying material being returned. +In TLSv1.3 a zero length context is that same as no context at all and will +result in the same keying material being returned. +.PP +An application specific label should be provided in the location pointed to by +\&\fBlabel\fR and should be \fBllen\fR bytes long. Typically this will be a value from +the \s-1IANA\s0 Exporter Label Registry +(). +Alternatively labels beginning with \*(L"\s-1EXPERIMENTAL\*(R"\s0 are permitted by the standard +to be used without registration. TLSv1.3 imposes a maximum label length of +249 bytes. +.PP +Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and +above. Attempting to use it in SSLv3 will result in an error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_export_keying_material()\fR returns 0 or \-1 on failure or 1 on success. +.PP +\&\fBSSL_export_keying_material_early()\fR returns 0 on failure or 1 on success. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_export_keying_material_early()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_extension_supported.3 b/deps/openssl/mingw64/share/man/man3/SSL_extension_supported.3 new file mode 100644 index 00000000..93e5eef4 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_extension_supported.3 @@ -0,0 +1,399 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_EXTENSION_SUPPORTED 3" +.TH SSL_EXTENSION_SUPPORTED 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_extension_supported, SSL_CTX_add_custom_ext, SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext, custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb \&\- custom TLS extension handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_custom_ext_add_cb_ex) (SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char **out, +\& size_t *outlen, X509 *x, +\& size_t chainidx, int *al, +\& void *add_arg); +\& +\& typedef void (*SSL_custom_ext_free_cb_ex) (SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char *out, +\& void *add_arg); +\& +\& typedef int (*SSL_custom_ext_parse_cb_ex) (SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char *in, +\& size_t inlen, X509 *x, +\& size_t chainidx, int *al, +\& void *parse_arg); +\& +\& int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& unsigned int context, +\& SSL_custom_ext_add_cb_ex add_cb, +\& SSL_custom_ext_free_cb_ex free_cb, +\& void *add_arg, +\& SSL_custom_ext_parse_cb_ex parse_cb, +\& void *parse_arg); +\& +\& typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char **out, +\& size_t *outlen, int *al, +\& void *add_arg); +\& +\& typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char *out, +\& void *add_arg); +\& +\& typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char *in, +\& size_t inlen, int *al, +\& void *parse_arg); +\& +\& int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& custom_ext_add_cb add_cb, +\& custom_ext_free_cb free_cb, void *add_arg, +\& custom_ext_parse_cb parse_cb, +\& void *parse_arg); +\& +\& int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& custom_ext_add_cb add_cb, +\& custom_ext_free_cb free_cb, void *add_arg, +\& custom_ext_parse_cb parse_cb, +\& void *parse_arg); +\& +\& int SSL_extension_supported(unsigned int ext_type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_add_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client or server +for all supported protocol versions with extension type \fBext_type\fR and +callbacks \fBadd_cb\fR, \fBfree_cb\fR and \fBparse_cb\fR (see the +\&\*(L"\s-1EXTENSION CALLBACKS\*(R"\s0 section below). The \fBcontext\fR value determines +which messages and under what conditions the extension will be added/parsed (see +the \*(L"\s-1EXTENSION CONTEXTS\*(R"\s0 section below). +.PP +\&\fBSSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client +with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and +\&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it only +applies to clients, uses the older style of callbacks, and implicitly sets the +\&\fBcontext\fR value to: +.PP +.Vb 2 +\& SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO +\& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION +.Ve +.PP +\&\fBSSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 server +with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and +\&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it +only applies to servers, uses the older style of callbacks, and implicitly sets +the \fBcontext\fR value to the same as for \fBSSL_CTX_add_client_custom_ext()\fR above. +.PP +The \fBext_type\fR parameter corresponds to the \fBextension_type\fR field of +\&\s-1RFC5246\s0 et al. It is \fBnot\fR a \s-1NID.\s0 In all cases the extension type must not be +handled by OpenSSL internally or an error occurs. +.PP +\&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +internally by OpenSSL and 0 otherwise. +.SH "EXTENSION CALLBACKS" +.IX Header "EXTENSION CALLBACKS" +The callback \fBadd_cb\fR is called to send custom extension data to be +included in various \s-1TLS\s0 messages. The \fBext_type\fR parameter is set to the +extension type which will be added and \fBadd_arg\fR to the value set when the +extension handler was added. When using the new style callbacks the \fBcontext\fR +parameter will indicate which message is currently being constructed e.g. for +the ClientHello it will be set to \fB\s-1SSL_EXT_CLIENT_HELLO\s0\fR. +.PP +If the application wishes to include the extension \fBext_type\fR it should +set \fB*out\fR to the extension data, set \fB*outlen\fR to the length of the +extension data and return 1. +.PP +If the \fBadd_cb\fR does not wish to include the extension it must return 0. +.PP +If \fBadd_cb\fR returns \-1 a fatal handshake error occurs using the \s-1TLS\s0 +alert value specified in \fB*al\fR. +.PP +When constructing the ClientHello, if \fBadd_cb\fR is set to \s-1NULL\s0 a zero length +extension is added for \fBext_type\fR. For all other messages if \fBadd_cb\fR is set +to \s-1NULL\s0 then no extension is added. +.PP +When constructing a Certificate message the callback will be called for each +certificate in the message. The \fBx\fR parameter will indicate the +current certificate and the \fBchainidx\fR parameter will indicate the position +of the certificate in the message. The first certificate is always the end +entity certificate and has a \fBchainidx\fR value of 0. The certificates are in the +order that they were received in the Certificate message. +.PP +For all messages except the ServerHello and EncryptedExtensions every +registered \fBadd_cb\fR is always called to see if the application wishes to add an +extension (as long as all requirements of the specified \fBcontext\fR are met). +.PP +For the ServerHello and EncryptedExtension messages every registered \fBadd_cb\fR +is called once if and only if the requirements of the specified \fBcontext\fR are +met and the corresponding extension was received in the ClientHello. That is, if +no corresponding extension was received in the ClientHello then \fBadd_cb\fR will +not be called. +.PP +If an extension is added (that is \fBadd_cb\fR returns 1) \fBfree_cb\fR is called +(if it is set) with the value of \fBout\fR set by the add callback. It can be +used to free up any dynamic extension data set by \fBadd_cb\fR. Since \fBout\fR is +constant (to permit use of constant data in \fBadd_cb\fR) applications may need to +cast away const to free the data. +.PP +The callback \fBparse_cb\fR receives data for \s-1TLS\s0 extensions. The callback is only +called if the extension is present and relevant for the context (see +\&\*(L"\s-1EXTENSION CONTEXTS\*(R"\s0 below). +.PP +The extension data consists of \fBinlen\fR bytes in the buffer \fBin\fR for the +extension \fBext_type\fR. +.PP +If the message being parsed is a TLSv1.3 compatible Certificate message then +\&\fBparse_cb\fR will be called for each certificate contained within the message. +The \fBx\fR parameter will indicate the current certificate and the \fBchainidx\fR +parameter will indicate the position of the certificate in the message. The +first certificate is always the end entity certificate and has a \fBchainidx\fR +value of 0. +.PP +If the \fBparse_cb\fR considers the extension data acceptable it must return +1. If it returns 0 or a negative value a fatal handshake error occurs +using the \s-1TLS\s0 alert value specified in \fB*al\fR. +.PP +The buffer \fBin\fR is a temporary internal buffer which will not be valid after +the callback returns. +.SH "EXTENSION CONTEXTS" +.IX Header "EXTENSION CONTEXTS" +An extension context defines which messages and under which conditions an +extension should be added or expected. The context is built up by performing +a bitwise \s-1OR\s0 of multiple pre-defined values together. The valid context values +are: +.IP "\s-1SSL_EXT_TLS_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS_ONLY" +The extension is only allowed in \s-1TLS\s0 +.IP "\s-1SSL_EXT_DTLS_ONLY\s0" 4 +.IX Item "SSL_EXT_DTLS_ONLY" +The extension is only allowed in \s-1DTLS\s0 +.IP "\s-1SSL_EXT_TLS_IMPLEMENTATION_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS_IMPLEMENTATION_ONLY" +The extension is allowed in \s-1DTLS,\s0 but there is only a \s-1TLS\s0 implementation +available (so it is ignored in \s-1DTLS\s0). +.IP "\s-1SSL_EXT_SSL3_ALLOWED\s0" 4 +.IX Item "SSL_EXT_SSL3_ALLOWED" +Extensions are not typically defined for SSLv3. Setting this value will allow +the extension in SSLv3. Applications will not typically need to use this. +.IP "\s-1SSL_EXT_TLS1_2_AND_BELOW_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS1_2_AND_BELOW_ONLY" +The extension is only defined for TLSv1.2/DTLSv1.2 and below. Servers will +ignore this extension if it is present in the ClientHello and TLSv1.3 is +negotiated. +.IP "\s-1SSL_EXT_TLS1_3_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS1_3_ONLY" +The extension is only defined for \s-1TLS1.3\s0 and above. Servers will ignore this +extension if it is present in the ClientHello and TLSv1.2 or below is +negotiated. +.IP "\s-1SSL_EXT_IGNORE_ON_RESUMPTION\s0" 4 +.IX Item "SSL_EXT_IGNORE_ON_RESUMPTION" +The extension will be ignored during parsing if a previous session is being +successfully resumed. +.IP "\s-1SSL_EXT_CLIENT_HELLO\s0" 4 +.IX Item "SSL_EXT_CLIENT_HELLO" +The extension may be present in the ClientHello message. +.IP "\s-1SSL_EXT_TLS1_2_SERVER_HELLO\s0" 4 +.IX Item "SSL_EXT_TLS1_2_SERVER_HELLO" +The extension may be present in a TLSv1.2 or below compatible ServerHello +message. +.IP "\s-1SSL_EXT_TLS1_3_SERVER_HELLO\s0" 4 +.IX Item "SSL_EXT_TLS1_3_SERVER_HELLO" +The extension may be present in a TLSv1.3 compatible ServerHello message. +.IP "\s-1SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS\s0" 4 +.IX Item "SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS" +The extension may be present in an EncryptedExtensions message. +.IP "\s-1SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST\s0" 4 +.IX Item "SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST" +The extension may be present in a HelloRetryRequest message. +.IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE\s0" 4 +.IX Item "SSL_EXT_TLS1_3_CERTIFICATE" +The extension may be present in a TLSv1.3 compatible Certificate message. +.IP "\s-1SSL_EXT_TLS1_3_NEW_SESSION_TICKET\s0" 4 +.IX Item "SSL_EXT_TLS1_3_NEW_SESSION_TICKET" +The extension may be present in a TLSv1.3 compatible NewSessionTicket message. +.IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE_REQUEST\s0" 4 +.IX Item "SSL_EXT_TLS1_3_CERTIFICATE_REQUEST" +The extension may be present in a TLSv1.3 compatible CertificateRequest message. +.PP +The context must include at least one message value (otherwise the extension +will never be used). +.SH "NOTES" +.IX Header "NOTES" +The \fBadd_arg\fR and \fBparse_arg\fR parameters can be set to arbitrary values +which will be passed to the corresponding callbacks. They can, for example, +be used to store the extension data received in a convenient structure or +pass the extension data to be added or freed when adding extensions. +.PP +If the same custom extension type is received multiple times a fatal +\&\fBdecode_error\fR alert is sent and the handshake aborts. If a custom extension +is received in a ServerHello/EncryptedExtensions message which was not sent in +the ClientHello a fatal \fBunsupported_extension\fR alert is sent and the +handshake is aborted. The ServerHello/EncryptedExtensions \fBadd_cb\fR callback is +only called if the corresponding extension was received in the ClientHello. This +is compliant with the \s-1TLS\s0 specifications. This behaviour ensures that each +callback is called at most once and that an application can never send +unsolicited extensions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_add_custom_ext()\fR, \fBSSL_CTX_add_client_custom_ext()\fR and +\&\fBSSL_CTX_add_server_custom_ext()\fR return 1 for success and 0 for failure. A +failure can occur if an attempt is made to add the same \fBext_type\fR more than +once, if an attempt is made to use an extension type handled internally by +OpenSSL or if an internal error occurs (for example a memory allocation +failure). +.PP +\&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +internally by OpenSSL and 0 otherwise. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CTX_add_custom_ext()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_free.3 b/deps/openssl/mingw64/share/man/man3/SSL_free.3 new file mode 100644 index 00000000..55059475 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_free.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_FREE 3" +.TH SSL_FREE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_free \- free an allocated SSL structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_free(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0 +structure pointed to by \fBssl\fR and frees up the allocated memory if the +reference count has reached 0. +If \fBssl\fR is \s-1NULL\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_free()\fR also calls the \fBfree()\fRing procedures for indirectly affected items, if +applicable: the buffering \s-1BIO,\s0 the read and write BIOs, +cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR. +Do not explicitly free these indirectly freed up items before or after +calling \fBSSL_free()\fR, as trying to free things twice may lead to program +failure. +.PP +The ssl session has reference counts from two users: the \s-1SSL\s0 object, for +which the reference count is removed by \fBSSL_free()\fR and the internal +session cache. If the session is considered bad, because +\&\fBSSL_shutdown\fR\|(3) was not called for the connection +and \fBSSL_set_shutdown\fR\|(3) was not used to set the +\&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed +from the session cache as required by \s-1RFC2246.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_free()\fR does not provide diagnostic information. +.PP +\&\fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get0_peer_scts.3 b/deps/openssl/mingw64/share/man/man3/SSL_get0_peer_scts.3 new file mode 100644 index 00000000..9c5d0645 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get0_peer_scts.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET0_PEER_SCTS 3" +.TH SSL_GET0_PEER_SCTS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get0_peer_scts \- get SCTs received +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get0_peer_scts()\fR returns the signed certificate timestamps (SCTs) that have +been received. If this is the first time that this function has been called for +a given \fB\s-1SSL\s0\fR instance, it will examine the \s-1TLS\s0 extensions, \s-1OCSP\s0 response and +the peer's certificate for SCTs. Future calls will return the same SCTs. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +If no Certificate Transparency validation callback has been set (using +\&\fBSSL_CTX_set_ct_validation_callback\fR or \fBSSL_set_ct_validation_callback\fR), +this function is not guaranteed to return all of the SCTs that the peer is +capable of sending. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get0_peer_scts()\fR returns a list of SCTs found, or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_ct_validation_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_SSL_CTX.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_SSL_CTX.3 new file mode 100644 index 00000000..08750218 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_SSL_CTX.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_SSL_CTX 3" +.TH SSL_GET_SSL_CTX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_SSL_CTX \- get the SSL_CTX from which an SSL is created +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which +\&\fBssl\fR was created with \fBSSL_new\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The pointer to the \s-1SSL_CTX\s0 object is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_all_async_fds.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_all_async_fds.3 new file mode 100644 index 00000000..c544fcb5 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_all_async_fds.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_ALL_ASYNC_FDS 3" +.TH SSL_GET_ALL_ASYNC_FDS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_waiting_for_async, SSL_get_all_async_fds, SSL_get_changed_async_fds \&\- manage asynchronous operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& int SSL_waiting_for_async(SSL *s); +\& int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fd, size_t *numfds); +\& int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, +\& OSSL_ASYNC_FD *delfd, size_t *numdelfds); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_waiting_for_async()\fR determines whether an \s-1SSL\s0 connection is currently +waiting for asynchronous operations to complete (see the \s-1SSL_MODE_ASYNC\s0 mode in +\&\fBSSL_CTX_set_mode\fR\|(3)). +.PP +\&\fBSSL_get_all_async_fds()\fR returns a list of file descriptor which can be used in a +call to \fBselect()\fR or \fBpoll()\fR to determine whether the current asynchronous +operation has completed or not. A completed operation will result in data +appearing as \*(L"read ready\*(R" on the file descriptor (no actual data should be read +from the file descriptor). This function should only be called if the \s-1SSL\s0 object +is currently waiting for asynchronous work to complete (i.e. +\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received \- see \fBSSL_get_error\fR\|(3)). Typically the +list will only contain one file descriptor. However if multiple asynchronous +capable engines are in use then more than one is possible. The number of file +descriptors returned is stored in \fB*numfds\fR and the file descriptors themselves +are in \fB*fds\fR. The \fBfds\fR parameter may be \s-1NULL\s0 in which case no file +descriptors are returned but \fB*numfds\fR is still populated. It is the callers +responsibility to ensure sufficient memory is allocated at \fB*fds\fR so typically +this function is called twice (once with a \s-1NULL\s0 \fBfds\fR parameter and once +without). +.PP +\&\fBSSL_get_changed_async_fds()\fR returns a list of the asynchronous file descriptors +that have been added and a list that have been deleted since the last +\&\s-1SSL_ERROR_WANT_ASYNC\s0 was received (or since the \s-1SSL\s0 object was created if no +\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received). Similar to \fBSSL_get_all_async_fds()\fR it +is the callers responsibility to ensure that \fB*addfd\fR and \fB*delfd\fR have +sufficient memory allocated, although they may be \s-1NULL.\s0 The number of added fds +and the number of deleted fds are stored in \fB*numaddfds\fR and \fB*numdelfds\fR +respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_waiting_for_async()\fR will return 1 if the current \s-1SSL\s0 operation is waiting +for an async operation to complete and 0 otherwise. +.PP +\&\fBSSL_get_all_async_fds()\fR and \fBSSL_get_changed_async_fds()\fR return 1 on success or +0 on error. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_waiting_for_async()\fR, \fBSSL_get_all_async_fds()\fR +and \fBSSL_get_changed_async_fds()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_ciphers.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_ciphers.3 new file mode 100644 index 00000000..3f38eeab --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_ciphers.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CIPHERS 3" +.TH SSL_GET_CIPHERS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get1_supported_ciphers, SSL_get_client_ciphers, SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_bytes_to_cipher_list, SSL_get_cipher_list, SSL_get_shared_ciphers \&\- get list of available SSL_CIPHERs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); +\& STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); +\& STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); +\& STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); +\& int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, +\& int isv2format, STACK_OF(SSL_CIPHER) **sk, +\& STACK_OF(SSL_CIPHER) **scsvs); +\& const char *SSL_get_cipher_list(const SSL *ssl, int priority); +\& char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR, +sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 +is returned. +.PP +\&\fBSSL_CTX_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBctx\fR. +.PP +\&\fBSSL_get1_supported_ciphers()\fR returns the stack of enabled SSL_CIPHERs for +\&\fBssl\fR as would be sent in a ClientHello (that is, sorted by preference). +The list depends on settings like the cipher list, the supported protocol +versions, the security level, and the enabled signature algorithms. +\&\s-1SRP\s0 and \s-1PSK\s0 ciphers are only enabled if the appropriate callbacks or settings +have been applied. +The list of ciphers that would be sent in a ClientHello can differ from +the list of ciphers that would be acceptable when acting as a server. +For example, additional ciphers may be usable by a server if there is +a gap in the list of supported protocols, and some ciphers may not be +usable by a server if there is not a suitable certificate configured. +If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 is returned. +.PP +\&\fBSSL_get_client_ciphers()\fR returns the stack of available SSL_CIPHERs matching the +list received from the client on \fBssl\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are +available, or \fBssl\fR is not operating in server mode, \s-1NULL\s0 is returned. +.PP +\&\fBSSL_bytes_to_cipher_list()\fR treats the supplied \fBlen\fR octets in \fBbytes\fR +as a wire-protocol cipher suite specification (in the three-octet-per-cipher +SSLv2 wire format if \fBisv2format\fR is nonzero; otherwise the two-octet +SSLv3/TLS wire format), and parses the cipher suites supported by the library +into the returned stacks of \s-1SSL_CIPHER\s0 objects sk and Signalling Cipher-Suite +Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success +and 0 on failure. +.PP +\&\fBSSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 +listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are +available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0 +is returned. +.PP +\&\fBSSL_get_shared_ciphers()\fR creates a colon separated and \s-1NUL\s0 terminated list of +\&\s-1SSL_CIPHER\s0 names that are available in both the client and the server. \fBbuf\fR is +the buffer that should be populated with the list of names and \fBsize\fR is the +size of that buffer. A pointer to \fBbuf\fR is returned on success or \s-1NULL\s0 on +error. If the supplied buffer is not large enough to contain the complete list +of names then a truncated list of names will be returned. Note that just because +a ciphersuite is available (i.e. it is configured in the cipher list) and shared +by both the client and the server it does not mean that it is enabled (see the +description of \fBSSL_get1_supported_ciphers()\fR above). This function will return +available shared ciphersuites whether or not they are enabled. This is a server +side function only and must only be called after the completion of the initial +handshake. +.SH "NOTES" +.IX Header "NOTES" +The details of the ciphers obtained by \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR +\&\fBSSL_get1_supported_ciphers()\fR and \fBSSL_get_client_ciphers()\fR can be obtained using +the \fBSSL_CIPHER_get_name\fR\|(3) family of functions. +.PP +Call \fBSSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the +sorted list of available ciphers, until \s-1NULL\s0 is returned. +.PP +Note: \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR and \fBSSL_get_client_ciphers()\fR +return a pointer to an internal cipher stack, which will be freed later on when +the \s-1SSL\s0 or \s-1SSL_SESSION\s0 object is freed. Therefore, the calling code \fB\s-1MUST NOT\s0\fR +free the return value itself. +.PP +The stack returned by \fBSSL_get1_supported_ciphers()\fR should be freed using +\&\fBsk_SSL_CIPHER_free()\fR. +.PP +The stacks returned by \fBSSL_bytes_to_cipher_list()\fR should be freed using +\&\fBsk_SSL_CIPHER_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CIPHER_get_name\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_client_random.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_client_random.3 new file mode 100644 index 00000000..8194dbcf --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_client_random.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CLIENT_RANDOM 3" +.TH SSL_GET_CLIENT_RANDOM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key, SSL_SESSION_set1_master_key \&\- get internal TLS/SSL random values and get/set master key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen); +\& size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen); +\& size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, +\& unsigned char *out, size_t outlen); +\& int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, +\& size_t len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_client_random()\fR extracts the random value sent from the client +to the server during the initial \s-1SSL/TLS\s0 handshake. It copies as many +bytes as it can of this value into the buffer provided in \fBout\fR, +which must have at least \fBoutlen\fR bytes available. It returns the +total number of bytes that were actually copied. If \fBoutlen\fR is +zero, \fBSSL_get_client_random()\fR copies nothing, and returns the +total size of the client_random value. +.PP +\&\fBSSL_get_server_random()\fR behaves the same, but extracts the random value +sent from the server to the client during the initial \s-1SSL/TLS\s0 handshake. +.PP +\&\fBSSL_SESSION_get_master_key()\fR behaves the same, but extracts the master +secret used to guarantee the security of the \s-1SSL/TLS\s0 session. This one +can be dangerous if misused; see \s-1NOTES\s0 below. +.PP +\&\fBSSL_SESSION_set1_master_key()\fR sets the master key value associated with the +\&\s-1SSL_SESSION\s0 \fBsess\fR. For example, this could be used to set up a session based +\&\s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). The master key of length +\&\fBlen\fR should be provided at \fBin\fR. The supplied master key is copied by the +function, so the caller is responsible for freeing and cleaning any memory +associated with \fBin\fR. The caller must ensure that the length of the key is +suitable for the ciphersuite associated with the \s-1SSL_SESSION.\s0 +.SH "NOTES" +.IX Header "NOTES" +You probably shouldn't use these functions. +.PP +These functions expose internal values from the \s-1TLS\s0 handshake, for +use in low-level protocols. You probably should not use them, unless +you are implementing something that needs access to the internal protocol +details. +.PP +Despite the names of \fBSSL_get_client_random()\fR and \fBSSL_get_server_random()\fR, they +\&\s-1ARE NOT\s0 random number generators. Instead, they return the mostly-random values that +were already generated and used in the \s-1TLS\s0 protocol. Using them +in place of \fBRAND_bytes()\fR would be grossly foolish. +.PP +The security of your \s-1TLS\s0 session depends on keeping the master key secret: +do not expose it, or any information about it, to anybody. +If you need to calculate another secret value that depends on the master +secret, you should probably use \fBSSL_export_keying_material()\fR instead, and +forget that you ever saw these functions. +.PP +In current versions of the \s-1TLS\s0 protocols, the length of client_random +(and also server_random) is always \s-1SSL3_RANDOM_SIZE\s0 bytes. Support for +other outlen arguments to the SSL_get_*\fB_random()\fR functions is provided +in case of the unlikely event that a future version or variant of \s-1TLS\s0 +uses some other length there. +.PP +Finally, though the \*(L"client_random\*(R" and \*(L"server_random\*(R" values are called +\&\*(L"random\*(R", many \s-1TLS\s0 implementations will generate four bytes of those +values based on their view of the current time. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_set1_master_key()\fR returns 1 on success or 0 on failure. +.PP +For the other functions, if \fBoutlen\fR is greater than 0 then these functions +return the number of bytes actually copied, which will be less than or equal to +\&\fBoutlen\fR. If \fBoutlen\fR is 0 then these functions return the maximum number +of bytes they would copy \*(-- that is, the length of the underlying field. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBRAND_bytes\fR\|(3), +\&\fBSSL_export_keying_material\fR\|(3), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_current_cipher.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_current_cipher.3 new file mode 100644 index 00000000..9ab87fb5 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_current_cipher.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CURRENT_CIPHER 3" +.TH SSL_GET_CURRENT_CIPHER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, SSL_get_pending_cipher \- get SSL_CIPHER of a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); +\& SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl); +\& +\& const char *SSL_get_cipher_name(const SSL *s); +\& const char *SSL_get_cipher(const SSL *s); +\& int SSL_get_cipher_bits(const SSL *s, int *np); +\& const char *SSL_get_cipher_version(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +the description of the actually used cipher of a connection established with +the \fBssl\fR object. +See \fBSSL_CIPHER_get_name\fR\|(3) for more details. +.PP +\&\fBSSL_get_cipher_name()\fR obtains the +name of the currently used cipher. +\&\fBSSL_get_cipher()\fR is identical to \fBSSL_get_cipher_name()\fR. +\&\fBSSL_get_cipher_bits()\fR is a +macro to obtain the number of secret/algorithm bits used and +\&\fBSSL_get_cipher_version()\fR returns the protocol name. +.PP +\&\fBSSL_get_pending_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +the description of the cipher (if any) that has been negotiated for future use +on the connection established with the \fBssl\fR object, but is not yet in use. +This may be the case during handshake processing, when control flow can be +returned to the application via any of several callback methods. The internal +sequencing of handshake processing and callback invocation is not guaranteed +to be stable from release to release, and at present only the callback set +by \fBSSL_CTX_set_alpn_select_cb()\fR is guaranteed to have a non-NULL return value. +Other callbacks may be added to this list over time. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get_current_cipher()\fR returns the cipher actually used, or \s-1NULL\s0 if +no session has been established. +.PP +\&\fBSSL_get_pending_cipher()\fR returns the cipher to be used at the next change +of cipher suite, or \s-1NULL\s0 if no such cipher is known. +.SH "NOTES" +.IX Header "NOTES" +SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, and +SSL_get_cipher_name are implemented as macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CIPHER_get_name\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_default_timeout.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_default_timeout.3 new file mode 100644 index 00000000..496bfaf7 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_default_timeout.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_DEFAULT_TIMEOUT 3" +.TH SSL_GET_DEFAULT_TIMEOUT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_default_timeout \- get default session timeout value +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_get_default_timeout(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_default_timeout()\fR returns the default timeout value assigned to +\&\s-1SSL_SESSION\s0 objects negotiated for the protocol valid for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Whenever a new session is negotiated, it is assigned a timeout value, +after which it will not be accepted for session reuse. If the timeout +value was not explicitly set using +\&\fBSSL_CTX_set_timeout\fR\|(3), the hardcoded default +timeout for the protocol will be used. +.PP +\&\fBSSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds +for all currently supported protocols. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See description. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_error.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_error.3 new file mode 100644 index 00000000..2f9fcdef --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_error.3 @@ -0,0 +1,304 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_ERROR 3" +.TH SSL_GET_ERROR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_error \- obtain result code for TLS/SSL I/O operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_error(const SSL *ssl, int ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" +statement) for a preceding call to \fBSSL_connect()\fR, \fBSSL_accept()\fR, \fBSSL_do_handshake()\fR, +\&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, \fBSSL_peek()\fR, \fBSSL_shutdown()\fR, +\&\fBSSL_write_ex()\fR or \fBSSL_write()\fR on \fBssl\fR. The value returned by that \s-1TLS/SSL I/O\s0 +function must be passed to \fBSSL_get_error()\fR in parameter \fBret\fR. +.PP +In addition to \fBssl\fR and \fBret\fR, \fBSSL_get_error()\fR inspects the +current thread's OpenSSL error queue. Thus, \fBSSL_get_error()\fR must be +used in the same thread that performed the \s-1TLS/SSL I/O\s0 operation, and no +other OpenSSL function calls should appear in between. The current +thread's error queue must be empty before the \s-1TLS/SSL I/O\s0 operation is +attempted, or \fBSSL_get_error()\fR will not work reliably. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur: +.IP "\s-1SSL_ERROR_NONE\s0" 4 +.IX Item "SSL_ERROR_NONE" +The \s-1TLS/SSL I/O\s0 operation completed. This result code is returned +if and only if \fBret > 0\fR. +.IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 +.IX Item "SSL_ERROR_ZERO_RETURN" +The \s-1TLS/SSL\s0 peer has closed the connection for writing by sending the +close_notify alert. +No more data can be read. +Note that \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR does not necessarily +indicate that the underlying transport has been closed. +.IP "\s-1SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE\s0" 4 +.IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" +The operation did not complete and can be retried later. +.Sp +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR is returned when the last operation was a read +operation from a non-blocking \fB\s-1BIO\s0\fR. +It means that not enough data was available at this time to complete the +operation. +If at a later time the underlying \fB\s-1BIO\s0\fR has data available for reading the same +function can be called again. +.Sp +\&\fBSSL_read()\fR and \fBSSL_read_ex()\fR can also set \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is +still unprocessed data available at either the \fB\s-1SSL\s0\fR or the \fB\s-1BIO\s0\fR layer, even +for a blocking \fB\s-1BIO\s0\fR. +See \fBSSL_read\fR\|(3) for more information. +.Sp +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR is returned when the last operation was a write +to a non-blocking \fB\s-1BIO\s0\fR and it was unable to sent all data to the \fB\s-1BIO\s0\fR. +When the \fB\s-1BIO\s0\fR is writeable again, the same function can be called again. +.Sp +Note that the retry may again lead to an \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR condition. +There is no fixed upper limit for the number of iterations that +may be necessary until progress becomes visible at application +protocol level. +.Sp +It is safe to call \fBSSL_read()\fR or \fBSSL_read_ex()\fR when more data is available +even when the call that set this error was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR. +However if the call was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR, it should be called +again to continue sending the application data. +.Sp +For socket \fB\s-1BIO\s0\fRs (e.g. when \fBSSL_set_fd()\fR was used), \fBselect()\fR or +\&\fBpoll()\fR on the underlying socket can be used to find out when the +\&\s-1TLS/SSL I/O\s0 function should be retried. +.Sp +Caveat: Any \s-1TLS/SSL I/O\s0 function can lead to either of +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. +In particular, +\&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, or \fBSSL_peek()\fR may want to write data +and \fBSSL_write()\fR or \fBSSL_write_ex()\fR may want to read data. +This is mainly because +\&\s-1TLS/SSL\s0 handshakes may occur at any time during the protocol (initiated by +either the client or the server); \fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, +\&\fBSSL_peek()\fR, \fBSSL_write_ex()\fR, and \fBSSL_write()\fR will handle any pending handshakes. +.IP "\s-1SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT\s0" 4 +.IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" +The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be +called again later. The underlying \s-1BIO\s0 was not connected yet to the peer +and the call would block in \fBconnect()\fR/\fBaccept()\fR. The \s-1SSL\s0 function should be +called again when the connection is established. These messages can only +appear with a \fBBIO_s_connect()\fR or \fBBIO_s_accept()\fR \s-1BIO,\s0 respectively. +In order to find out, when the connection has been successfully established, +on many platforms \fBselect()\fR or \fBpoll()\fR for writing on the socket file descriptor +can be used. +.IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 +.IX Item "SSL_ERROR_WANT_X509_LOOKUP" +The operation did not complete because an application callback set by +\&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. +The \s-1TLS/SSL I/O\s0 function should be called again later. +Details depend on the application. +.IP "\s-1SSL_ERROR_WANT_ASYNC\s0" 4 +.IX Item "SSL_ERROR_WANT_ASYNC" +The operation did not complete because an asynchronous engine is still +processing data. This will only occur if the mode has been set to \s-1SSL_MODE_ASYNC\s0 +using \fBSSL_CTX_set_mode\fR\|(3) or \fBSSL_set_mode\fR\|(3) and an asynchronous capable +engine is being used. An application can determine whether the engine has +completed its processing using \fBselect()\fR or \fBpoll()\fR on the asynchronous wait file +descriptor. This file descriptor is available by calling +\&\fBSSL_get_all_async_fds\fR\|(3) or \fBSSL_get_changed_async_fds\fR\|(3). The \s-1TLS/SSL I/O\s0 +function should be called again later. The function \fBmust\fR be called from the +same thread that the original call was made from. +.IP "\s-1SSL_ERROR_WANT_ASYNC_JOB\s0" 4 +.IX Item "SSL_ERROR_WANT_ASYNC_JOB" +The asynchronous job could not be started because there were no async jobs +available in the pool (see \fBASYNC_init_thread\fR\|(3)). This will only occur if the +mode has been set to \s-1SSL_MODE_ASYNC\s0 using \fBSSL_CTX_set_mode\fR\|(3) or +\&\fBSSL_set_mode\fR\|(3) and a maximum limit has been set on the async job pool +through a call to \fBASYNC_init_thread\fR\|(3). The application should retry the +operation after a currently executing asynchronous operation for the current +thread has completed. +.IP "\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0" 4 +.IX Item "SSL_ERROR_WANT_CLIENT_HELLO_CB" +The operation did not complete because an application callback set by +\&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again. +The \s-1TLS/SSL I/O\s0 function should be called again later. +Details depend on the application. +.IP "\s-1SSL_ERROR_SYSCALL\s0" 4 +.IX Item "SSL_ERROR_SYSCALL" +Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may +contain more information on the error. For socket I/O on Unix systems, consult +\&\fBerrno\fR for details. If this error occurs then no further I/O operations should +be performed on the connection and \fBSSL_shutdown()\fR must not be called. +.Sp +This value can also be returned for other errors, check the error queue for +details. +.IP "\s-1SSL_ERROR_SSL\s0" 4 +.IX Item "SSL_ERROR_SSL" +A non-recoverable, fatal error in the \s-1SSL\s0 library occurred, usually a protocol +error. The OpenSSL error queue contains more information on the error. If this +error occurs then no further I/O operations should be performed on the +connection and \fBSSL_shutdown()\fR must not be called. +.SH "BUGS" +.IX Header "BUGS" +The \fB\s-1SSL_ERROR_SYSCALL\s0\fR with \fBerrno\fR value of 0 indicates unexpected \s-1EOF\s0 from +the peer. This will be properly reported as \fB\s-1SSL_ERROR_SSL\s0\fR with reason +code \fB\s-1SSL_R_UNEXPECTED_EOF_WHILE_READING\s0\fR in the OpenSSL 3.0 release because +it is truly a \s-1TLS\s0 protocol error to terminate the connection without +a \fBSSL_shutdown()\fR. +.PP +The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications +which choose to ignore this protocol error depend on the existing way of +reporting the error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SSL_ERROR_WANT_ASYNC\s0 error code was added in OpenSSL 1.1.0. +The \s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 error code was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_extms_support.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_extms_support.3 new file mode 100644 index 00000000..2d6d0486 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_extms_support.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_EXTMS_SUPPORT 3" +.TH SSL_GET_EXTMS_SUPPORT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_extms_support \- extended master secret support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_extms_support(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_extms_support()\fR indicates whether the current session used extended +master secret. +.PP +This function is implemented as a macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get_extms_support()\fR returns 1 if the current session used extended +master secret, 0 if it did not and \-1 if a handshake is currently in +progress i.e. it is not possible to determine if extended master secret +was used. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_fd.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_fd.3 new file mode 100644 index 00000000..5aa53f72 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_fd.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_FD 3" +.TH SSL_GET_FD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_fd, SSL_get_rfd, SSL_get_wfd \- get file descriptor linked to an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_fd(const SSL *ssl); +\& int SSL_get_rfd(const SSL *ssl); +\& int SSL_get_wfd(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR. +\&\fBSSL_get_rfd()\fR and \fBSSL_get_wfd()\fR return the file descriptors for the +read or the write channel, which can be different. If the read and the +write channel are different, \fBSSL_get_fd()\fR will return the file descriptor +of the read channel. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\-1" 4 +.IX Item "-1" +The operation failed, because the underlying \s-1BIO\s0 is not of the correct type +(suitable for file descriptors). +.IP ">=0" 4 +.IX Item ">=0" +The file descriptor linked to \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_set_fd\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_peer_cert_chain.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_peer_cert_chain.3 new file mode 100644 index 00000000..bfd5cf72 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_peer_cert_chain.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_CERT_CHAIN 3" +.TH SSL_GET_PEER_CERT_CHAIN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_cert_chain, SSL_get0_verified_chain \- get the X509 certificate chain of the peer +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl); +\& STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACK_OF\s0(X509) certificates +forming the certificate chain sent by the peer. If called on the client side, +the stack also contains the peer's certificate; if called on the server +side, the peer's certificate must be obtained separately using +\&\fBSSL_get_peer_certificate\fR\|(3). +If the peer did not present a certificate, \s-1NULL\s0 is returned. +.PP +\&\s-1NB:\s0 \fBSSL_get_peer_cert_chain()\fR returns the peer chain as sent by the peer: it +only consists of certificates the peer has sent (in the order the peer +has sent them) it is \fBnot\fR a verified chain. +.PP +\&\fBSSL_get0_verified_chain()\fR returns the \fBverified\fR certificate chain +of the peer including the peer's end entity certificate. It must be called +after a session has been successfully established. If peer verification was +not successful (as indicated by \fBSSL_get_verify_result()\fR not returning +X509_V_OK) the chain may be incomplete or invalid. +.SH "NOTES" +.IX Header "NOTES" +If the session is resumed peers do not send certificates so a \s-1NULL\s0 pointer +is returned by these functions. Applications can call \fBSSL_session_reused()\fR +to determine whether a session is resumed. +.PP +The reference count of each certificate in the returned \s-1STACK_OF\s0(X509) object +is not incremented and the returned stack may be invalidated by renegotiation. +If applications wish to use any certificates in the returned chain +indefinitely they must increase the reference counts using \fBX509_up_ref()\fR or +obtain a copy of the whole chain with \fBX509_chain_up_ref()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +No certificate was presented by the peer or no connection was established +or the certificate chain is no longer available when a session is reused. +.IP "Pointer to a \s-1STACK_OF\s0(X509)" 4 +.IX Item "Pointer to a STACK_OF(X509)" +The return value points to the certificate chain presented by the peer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3), \fBX509_up_ref\fR\|(3), +\&\fBX509_chain_up_ref\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_peer_certificate.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_peer_certificate.3 new file mode 100644 index 00000000..0c8b8df9 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_peer_certificate.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_CERTIFICATE 3" +.TH SSL_GET_PEER_CERTIFICATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_certificate \- get the X509 certificate of the peer +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *SSL_get_peer_certificate(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the +peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned. +.SH "NOTES" +.IX Header "NOTES" +Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a +certificate, if present. A client will only send a certificate when +explicitly requested to do so by the server (see +\&\fBSSL_CTX_set_verify\fR\|(3)). If an anonymous cipher +is used, no certificates are sent. +.PP +That a certificate is returned does not indicate information about the +verification state, use \fBSSL_get_verify_result\fR\|(3) +to check the verification state. +.PP +The reference count of the X509 object is incremented by one, so that it +will not be destroyed when the session containing the peer certificate is +freed. The X509 object must be explicitly freed using \fBX509_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +No certificate was presented by the peer or no connection was established. +.IP "Pointer to an X509 certificate" 4 +.IX Item "Pointer to an X509 certificate" +The return value points to the certificate presented by the peer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_peer_signature_nid.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_peer_signature_nid.3 new file mode 100644 index 00000000..22c86351 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_peer_signature_nid.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_SIGNATURE_NID 3" +.TH SSL_GET_PEER_SIGNATURE_NID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, SSL_get_signature_nid, SSL_get_signature_type_nid \- get TLS message signing types +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid); +\& int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid); +\& int SSL_get_signature_nid(SSL *ssl, int *psig_nid); +\& int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_peer_signature_nid()\fR sets \fB*psig_nid\fR to the \s-1NID\s0 of the digest used +by the peer to sign \s-1TLS\s0 messages. It is implemented as a macro. +.PP +\&\fBSSL_get_peer_signature_type_nid()\fR sets \fB*psigtype_nid\fR to the signature +type used by the peer to sign \s-1TLS\s0 messages. Currently the signature type +is the \s-1NID\s0 of the public key type used for signing except for \s-1PSS\s0 signing +where it is \fB\s-1EVP_PKEY_RSA_PSS\s0\fR. To differentiate between +\&\fBrsa_pss_rsae_*\fR and \fBrsa_pss_pss_*\fR signatures, it's necessary to check +the type of public key in the peer's certificate. +.PP +\&\fBSSL_get_signature_nid()\fR and \fBSSL_get_signature_type_nid()\fR return the equivalent +information for the local end of the connection. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 for success and 0 for failure. There are several +possible reasons for failure: the cipher suite has no signature (e.g. it +uses \s-1RSA\s0 key exchange or is anonymous), the \s-1TLS\s0 version is below 1.2 or +the functions were called too early, e.g. before the peer signed a message. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_peer_tmp_key.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_peer_tmp_key.3 new file mode 100644 index 00000000..810d2c59 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_peer_tmp_key.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_TMP_KEY 3" +.TH SSL_GET_PEER_TMP_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key \- get information about temporary keys used during a handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key); +\& long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key); +\& long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_peer_tmp_key()\fR returns the temporary key provided by the peer and +used during key exchange. For example, if \s-1ECDHE\s0 is in use, then this represents +the peer's public \s-1ECDHE\s0 key. On success a pointer to the key is stored in +\&\fB*key\fR. It is the caller's responsibility to free this key after use using +\&\fBEVP_PKEY_free\fR\|(3). +.PP +\&\fBSSL_get_server_tmp_key()\fR is a backwards compatibility alias for +\&\fBSSL_get_peer_tmp_key()\fR. +Under that name it worked just on the client side of the connection, its +behaviour on the server end is release-dependent. +.PP +\&\fBSSL_get_tmp_key()\fR returns the equivalent information for the local +end of the connection. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 on success and 0 otherwise. +.SH "NOTES" +.IX Header "NOTES" +This function is implemented as a macro. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBEVP_PKEY_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_psk_identity.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_psk_identity.3 new file mode 100644 index 00000000..89b08785 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_psk_identity.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PSK_IDENTITY 3" +.TH SSL_GET_PSK_IDENTITY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_psk_identity, SSL_get_psk_identity_hint \- get PSK client identity and hint +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_get_psk_identity_hint(const SSL *ssl); +\& const char *SSL_get_psk_identity(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_psk_identity_hint()\fR is used to retrieve the \s-1PSK\s0 identity hint +used during the connection setup related to \s-1SSL\s0 object +\&\fBssl\fR. Similarly, \fBSSL_get_psk_identity()\fR is used to retrieve the \s-1PSK\s0 +identity used during the connection setup. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If non\-\fB\s-1NULL\s0\fR, \fBSSL_get_psk_identity_hint()\fR returns the \s-1PSK\s0 identity +hint and \fBSSL_get_psk_identity()\fR returns the \s-1PSK\s0 identity. Both are +\&\fB\s-1NULL\s0\fR\-terminated. \fBSSL_get_psk_identity_hint()\fR may return \fB\s-1NULL\s0\fR if +no \s-1PSK\s0 identity hint was used during the connection setup. +.PP +Note that the return value is valid only during the lifetime of the +\&\s-1SSL\s0 object \fBssl\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_rbio.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_rbio.3 new file mode 100644 index 00000000..3bf26207 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_rbio.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_RBIO 3" +.TH SSL_GET_RBIO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_rbio, SSL_get_wbio \- get BIO linked to an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *SSL_get_rbio(SSL *ssl); +\& BIO *SSL_get_wbio(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_rbio()\fR and \fBSSL_get_wbio()\fR return pointers to the BIOs for the +read or the write channel, which can be different. The reference count +of the \s-1BIO\s0 is not incremented. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +No \s-1BIO\s0 was connected to the \s-1SSL\s0 object +.IP "Any other pointer" 4 +.IX Item "Any other pointer" +The \s-1BIO\s0 linked to \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_session.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_session.3 new file mode 100644 index 00000000..96249e2e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_session.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_SESSION 3" +.TH SSL_GET_SESSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_session, SSL_get0_session, SSL_get1_session \- retrieve TLS/SSL session data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_SESSION *SSL_get_session(const SSL *ssl); +\& SSL_SESSION *SSL_get0_session(const SSL *ssl); +\& SSL_SESSION *SSL_get1_session(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in +\&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so +that the pointer can become invalid by other operations. +.PP +\&\fBSSL_get0_session()\fR is the same as \fBSSL_get_session()\fR. +.PP +\&\fBSSL_get1_session()\fR is the same as \fBSSL_get_session()\fR, but the reference +count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one. +.SH "NOTES" +.IX Header "NOTES" +The ssl session contains all information required to re-establish the +connection without a full handshake for \s-1SSL\s0 versions up to and including +TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the +main handshake has occurred. The server will send the session information to the +client at a time of its choosing, which may be some while after the initial +connection is established (or never). Calling these functions on the client side +in TLSv1.3 before the session has been established will still return an +\&\s-1SSL_SESSION\s0 object but that object cannot be used for resuming the session. See +\&\fBSSL_SESSION_is_resumable\fR\|(3) for information on how to determine whether an +\&\s-1SSL_SESSION\s0 object can be used for resumption or not. +.PP +Additionally, in TLSv1.3, a server can send multiple messages that establish a +session for a single connection. In that case the above functions will only +return information on the last session that was received. +.PP +The preferred way for applications to obtain a resumable \s-1SSL_SESSION\s0 object is +to use a new session callback as described in \fBSSL_CTX_sess_set_new_cb\fR\|(3). +The new session callback is only invoked when a session is actually established, +so this avoids the problem described above where an application obtains an +\&\s-1SSL_SESSION\s0 object that cannot be used for resumption in TLSv1.3. It also +enables applications to obtain information about all sessions sent by the +server. +.PP +A session will be automatically removed from the session cache and marked as +non-resumable if the connection is not closed down cleanly, e.g. if a fatal +error occurs on the connection or \fBSSL_shutdown\fR\|(3) is not called prior to +\&\fBSSL_free\fR\|(3). +.PP +In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for +resumption once. +.PP +\&\fBSSL_get0_session()\fR returns a pointer to the actual session. As the +reference counter is not incremented, the pointer is only valid while +the connection is in use. If \fBSSL_clear\fR\|(3) or +\&\fBSSL_free\fR\|(3) is called, the session may be removed completely +(if considered bad), and the pointer obtained will become invalid. Even +if the session is valid, it can be removed at any time due to timeout +during \fBSSL_CTX_flush_sessions\fR\|(3). +.PP +If the data is to be kept, \fBSSL_get1_session()\fR will increment the reference +count, so that the session will not be implicitly removed by other operations +but stays in memory. In order to remove the session +\&\fBSSL_SESSION_free\fR\|(3) must be explicitly called once +to decrement the reference count again. +.PP +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +There is no session available in \fBssl\fR. +.IP "Pointer to an \s-1SSL_SESSION\s0" 4 +.IX Item "Pointer to an SSL_SESSION" +The return value points to the data of an \s-1SSL\s0 session. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_free\fR\|(3), +\&\fBSSL_clear\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_shared_sigalgs.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_shared_sigalgs.3 new file mode 100644 index 00000000..056e8543 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_shared_sigalgs.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_SHARED_SIGALGS 3" +.TH SSL_GET_SHARED_SIGALGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_shared_sigalgs, SSL_get_sigalgs \- get supported signature algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_shared_sigalgs(SSL *s, int idx, +\& int *psign, int *phash, int *psignhash, +\& unsigned char *rsig, unsigned char *rhash); +\& +\& int SSL_get_sigalgs(SSL *s, int idx, +\& int *psign, int *phash, int *psignhash, +\& unsigned char *rsig, unsigned char *rhash); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_shared_sigalgs()\fR returns information about the shared signature +algorithms supported by peer \fBs\fR. The parameter \fBidx\fR indicates the index +of the shared signature algorithm to return starting from zero. The signature +algorithm \s-1NID\s0 is written to \fB*psign\fR, the hash \s-1NID\s0 to \fB*phash\fR and the +sign and hash \s-1NID\s0 to \fB*psignhash\fR. The raw signature and hash values +are written to \fB*rsig\fR and \fB*rhash\fR. +.PP +\&\fBSSL_get_sigalgs()\fR is similar to \fBSSL_get_shared_sigalgs()\fR except it returns +information about all signature algorithms supported by \fBs\fR in the order +they were sent by the peer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get_shared_sigalgs()\fR and \fBSSL_get_sigalgs()\fR return the number of +signature algorithms or \fB0\fR if the \fBidx\fR parameter is out of range. +.SH "NOTES" +.IX Header "NOTES" +These functions are typically called for debugging purposes (to report +the peer's preferences) or where an application wants finer control over +certificate selection. Most applications will rely on internal handling +and will not need to call them. +.PP +If an application is only interested in the highest preference shared +signature algorithm it can just set \fBidx\fR to zero. +.PP +Any or all of the parameters \fBpsign\fR, \fBphash\fR, \fBpsignhash\fR, \fBrsig\fR or +\&\fBrhash\fR can be set to \fB\s-1NULL\s0\fR if the value is not required. By setting +them all to \fB\s-1NULL\s0\fR and setting \fBidx\fR to zero the total number of +signature algorithms can be determined: which can be zero. +.PP +These functions must be called after the peer has sent a list of supported +signature algorithms: after a client hello (for servers) or a certificate +request (for clients). They can (for example) be called in the certificate +callback. +.PP +Only \s-1TLS 1.2, TLS 1.3\s0 and \s-1DTLS 1.2\s0 currently support signature algorithms. +If these +functions are called on an earlier version of \s-1TLS\s0 or \s-1DTLS\s0 zero is returned. +.PP +The shared signature algorithms returned by \fBSSL_get_shared_sigalgs()\fR are +ordered according to configuration and peer preferences. +.PP +The raw values correspond to the on the wire form as defined by \s-1RFC5246\s0 et al. +The NIDs are OpenSSL equivalents. For example if the peer sent \fBsha256\fR\|(4) and +\&\fBrsa\fR\|(1) then \fB*rhash\fR would be 4, \fB*rsign\fR 1, \fB*phash\fR NID_sha256, \fB*psig\fR +NID_rsaEncryption and \fB*psighash\fR NID_sha256WithRSAEncryption. +.PP +If a signature algorithm is not recognised the corresponding NIDs +will be set to \fBNID_undef\fR. This may be because the value is not supported, +is not an appropriate combination (for example \s-1MD5\s0 and \s-1DSA\s0) or the +signature algorithm does not use a hash (for example Ed25519). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_cert_cb\fR\|(3), +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_verify_result.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_verify_result.3 new file mode 100644 index 00000000..cff20d38 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_verify_result.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_VERIFY_RESULT 3" +.TH SSL_GET_VERIFY_RESULT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_verify_result \- get result of peer certificate verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_get_verify_result(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_verify_result()\fR returns the result of the verification of the +X509 certificate presented by the peer, if any. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_get_verify_result()\fR can only return one error code while the verification +of a certificate can fail because of many reasons at the same time. Only +the last verification error that occurred during the processing is available +from \fBSSL_get_verify_result()\fR. +.PP +The verification result is part of the established session and is restored +when a session is reused. +.SH "BUGS" +.IX Header "BUGS" +If no peer certificate was presented, the returned result code is +X509_V_OK. This is because no verification error occurred, it does however +not indicate success. \fBSSL_get_verify_result()\fR is only useful in connection +with \fBSSL_get_peer_certificate\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur: +.IP "X509_V_OK" 4 +.IX Item "X509_V_OK" +The verification succeeded or no peer certificate was presented. +.IP "Any other value" 4 +.IX Item "Any other value" +Documented in \fBverify\fR\|(1). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_set_verify_result\fR\|(3), +\&\fBSSL_get_peer_certificate\fR\|(3), +\&\fBverify\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_get_version.3 b/deps/openssl/mingw64/share/man/man3/SSL_get_version.3 new file mode 100644 index 00000000..e0268c26 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_get_version.3 @@ -0,0 +1,221 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_VERSION 3" +.TH SSL_GET_VERSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version \- get the protocol information of a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_client_version(const SSL *s); +\& +\& const char *SSL_get_version(const SSL *ssl); +\& +\& int SSL_is_dtls(const SSL *ssl); +\& +\& int SSL_version(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_client_version()\fR returns the numeric protocol version advertised by the +client in the legacy_version field of the ClientHello when initiating the +connection. Note that, for \s-1TLS,\s0 this value will never indicate a version greater +than TLSv1.2 even if TLSv1.3 is subsequently negotiated. \fBSSL_get_version()\fR +returns the name of the protocol used for the connection. \fBSSL_version()\fR returns +the numeric protocol version used for the connection. They should only be called +after the initial handshake has been completed. Prior to that the results +returned from these functions may be unreliable. +.PP +\&\fBSSL_is_dtls()\fR returns one if the connection is using \s-1DTLS,\s0 zero if not. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get_version()\fR returns one of the following strings: +.IP "SSLv3" 4 +.IX Item "SSLv3" +The connection uses the SSLv3 protocol. +.IP "TLSv1" 4 +.IX Item "TLSv1" +The connection uses the TLSv1.0 protocol. +.IP "TLSv1.1" 4 +.IX Item "TLSv1.1" +The connection uses the TLSv1.1 protocol. +.IP "TLSv1.2" 4 +.IX Item "TLSv1.2" +The connection uses the TLSv1.2 protocol. +.IP "TLSv1.3" 4 +.IX Item "TLSv1.3" +The connection uses the TLSv1.3 protocol. +.IP "unknown" 4 +.IX Item "unknown" +This indicates an unknown protocol version. +.PP +\&\fBSSL_version()\fR and \fBSSL_client_version()\fR return an integer which could include any +of the following: +.IP "\s-1SSL3_VERSION\s0" 4 +.IX Item "SSL3_VERSION" +The connection uses the SSLv3 protocol. +.IP "\s-1TLS1_VERSION\s0" 4 +.IX Item "TLS1_VERSION" +The connection uses the TLSv1.0 protocol. +.IP "\s-1TLS1_1_VERSION\s0" 4 +.IX Item "TLS1_1_VERSION" +The connection uses the TLSv1.1 protocol. +.IP "\s-1TLS1_2_VERSION\s0" 4 +.IX Item "TLS1_2_VERSION" +The connection uses the TLSv1.2 protocol. +.IP "\s-1TLS1_3_VERSION\s0" 4 +.IX Item "TLS1_3_VERSION" +The connection uses the TLSv1.3 protocol (never returned for +\&\fBSSL_client_version()\fR). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_is_dtls()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_in_init.3 b/deps/openssl/mingw64/share/man/man3/SSL_in_init.3 new file mode 100644 index 00000000..8c7b909a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_in_init.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_IN_INIT 3" +.TH SSL_IN_INIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_in_before, SSL_in_init, SSL_is_init_finished, SSL_in_connect_init, SSL_in_accept_init, SSL_get_state \&\- retrieve information about the handshake state machine +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_in_init(const SSL *s); +\& int SSL_in_before(const SSL *s); +\& int SSL_is_init_finished(const SSL *s); +\& +\& int SSL_in_connect_init(SSL *s); +\& int SSL_in_accept_init(SSL *s); +\& +\& OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_in_init()\fR returns 1 if the \s-1SSL/TLS\s0 state machine is currently processing or +awaiting handshake messages, or 0 otherwise. +.PP +\&\fBSSL_in_before()\fR returns 1 if no \s-1SSL/TLS\s0 handshake has yet been initiated, or 0 +otherwise. +.PP +\&\fBSSL_is_init_finished()\fR returns 1 if the \s-1SSL/TLS\s0 connection is in a state where +fully protected application data can be transferred or 0 otherwise. +.PP +Note that in some circumstances (such as when early data is being transferred) +\&\fBSSL_in_init()\fR, \fBSSL_in_before()\fR and \fBSSL_is_init_finished()\fR can all return 0. +.PP +\&\fBSSL_in_connect_init()\fR returns 1 if \fBs\fR is acting as a client and \fBSSL_in_init()\fR +would return 1, or 0 otherwise. +.PP +\&\fBSSL_in_accept_init()\fR returns 1 if \fBs\fR is acting as a server and \fBSSL_in_init()\fR +would return 1, or 0 otherwise. +.PP +\&\fBSSL_in_connect_init()\fR and \fBSSL_in_accept_init()\fR are implemented as macros. +.PP +\&\fBSSL_get_state()\fR returns a value indicating the current state of the handshake +state machine. \s-1OSSL_HANDSHAKE_STATE\s0 is an enumerated type where each value +indicates a discrete state machine state. Note that future versions of OpenSSL +may define more states so applications should expect to receive unrecognised +state values. The naming format is made up of a number of elements as follows: +.PP +\&\fBprotocol\fR_ST_\fBrole\fR_\fBmessage\fR +.PP +\&\fBprotocol\fR is one of \s-1TLS\s0 or \s-1DTLS. DTLS\s0 is used where a state is specific to the +\&\s-1DTLS\s0 protocol. Otherwise \s-1TLS\s0 is used. +.PP +\&\fBrole\fR is one of \s-1CR, CW, SR\s0 or \s-1SW\s0 to indicate \*(L"client reading\*(R", +\&\*(L"client writing\*(R", \*(L"server reading\*(R" or \*(L"server writing\*(R" respectively. +.PP +\&\fBmessage\fR is the name of a handshake message that is being or has been sent, or +is being or has been processed. +.PP +Additionally there are some special states that do not conform to the above +format. These are: +.IP "\s-1TLS_ST_BEFORE\s0" 4 +.IX Item "TLS_ST_BEFORE" +No handshake messages have yet been been sent or received. +.IP "\s-1TLS_ST_OK\s0" 4 +.IX Item "TLS_ST_OK" +Handshake message sending/processing has completed. +.IP "\s-1TLS_ST_EARLY_DATA\s0" 4 +.IX Item "TLS_ST_EARLY_DATA" +Early data is being processed +.IP "\s-1TLS_ST_PENDING_EARLY_DATA_END\s0" 4 +.IX Item "TLS_ST_PENDING_EARLY_DATA_END" +Awaiting the end of early data processing +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_in_init()\fR, \fBSSL_in_before()\fR, \fBSSL_is_init_finished()\fR, \fBSSL_in_connect_init()\fR +and \fBSSL_in_accept_init()\fR return values as indicated above. +.PP +\&\fBSSL_get_state()\fR returns the current handshake state. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_read_early_data\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_key_update.3 b/deps/openssl/mingw64/share/man/man3/SSL_key_update.3 new file mode 100644 index 00000000..1f02530a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_key_update.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_KEY_UPDATE 3" +.TH SSL_KEY_UPDATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_key_update, SSL_get_key_update_type, SSL_renegotiate, SSL_renegotiate_abbreviated, SSL_renegotiate_pending \&\- initiate and obtain information about updating connection keys +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_key_update(SSL *s, int updatetype); +\& int SSL_get_key_update_type(const SSL *s); +\& +\& int SSL_renegotiate(SSL *s); +\& int SSL_renegotiate_abbreviated(SSL *s); +\& int SSL_renegotiate_pending(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_key_update()\fR schedules an update of the keys for the current \s-1TLS\s0 connection. +If the \fBupdatetype\fR parameter is set to \fB\s-1SSL_KEY_UPDATE_NOT_REQUESTED\s0\fR then +the sending keys for this connection will be updated and the peer will be +informed of the change. If the \fBupdatetype\fR parameter is set to +\&\fB\s-1SSL_KEY_UPDATE_REQUESTED\s0\fR then the sending keys for this connection will be +updated and the peer will be informed of the change along with a request for the +peer to additionally update its sending keys. It is an error if \fBupdatetype\fR is +set to \fB\s-1SSL_KEY_UPDATE_NONE\s0\fR. +.PP +\&\fBSSL_key_update()\fR must only be called after the initial handshake has been +completed and TLSv1.3 has been negotiated. The key update will not take place +until the next time an \s-1IO\s0 operation such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR +takes place on the connection. Alternatively \fBSSL_do_handshake()\fR can be called to +force the update to take place immediately. +.PP +\&\fBSSL_get_key_update_type()\fR can be used to determine whether a key update +operation has been scheduled but not yet performed. The type of the pending key +update operation will be returned if there is one, or \s-1SSL_KEY_UPDATE_NONE\s0 +otherwise. +.PP +\&\fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR should only be called for +connections that have negotiated TLSv1.2 or less. Calling them on any other +connection will result in an error. +.PP +When called from the client side, \fBSSL_renegotiate()\fR schedules a completely new +handshake over an existing \s-1SSL/TLS\s0 connection. The next time an \s-1IO\s0 operation +such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR takes place on the connection a check +will be performed to confirm that it is a suitable time to start a +renegotiation. If so, then it will be initiated immediately. OpenSSL will not +attempt to resume any session associated with the connection in the new +handshake. +.PP +When called from the client side, \fBSSL_renegotiate_abbreviated()\fR works in the +same was as \fBSSL_renegotiate()\fR except that OpenSSL will attempt to resume the +session associated with the current connection in the new handshake. +.PP +When called from the server side, \fBSSL_renegotiate()\fR and +\&\fBSSL_renegotiate_abbreviated()\fR behave identically. They both schedule a request +for a new handshake to be sent to the client. The next time an \s-1IO\s0 operation is +performed then the same checks as on the client side are performed and then, if +appropriate, the request is sent. The client may or may not respond with a new +handshake and it may or may not attempt to resume an existing session. If +a new handshake is started then this will be handled transparently by calling +any OpenSSL \s-1IO\s0 function. +.PP +If an OpenSSL client receives a renegotiation request from a server then again +this will be handled transparently through calling any OpenSSL \s-1IO\s0 function. For +a \s-1TLS\s0 connection the client will attempt to resume the current session in the +new handshake. For historical reasons, \s-1DTLS\s0 clients will not attempt to resume +the session in the new handshake. +.PP +The \fBSSL_renegotiate_pending()\fR function returns 1 if a renegotiation or +renegotiation request has been scheduled but not yet acted on, or 0 otherwise. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_key_update()\fR, \fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR return 1 +on success or 0 on error. +.PP +\&\fBSSL_get_key_update_type()\fR returns the update type of the pending key update +operation or \s-1SSL_KEY_UPDATE_NONE\s0 if there is none. +.PP +\&\fBSSL_renegotiate_pending()\fR returns 1 if a renegotiation or renegotiation request +has been scheduled but not yet acted on, or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_key_update()\fR and \fBSSL_get_key_update_type()\fR functions were added in +OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_library_init.3 b/deps/openssl/mingw64/share/man/man3/SSL_library_init.3 new file mode 100644 index 00000000..ecdc410b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_library_init.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_LIBRARY_INIT 3" +.TH SSL_LIBRARY_INIT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_library_init, OpenSSL_add_ssl_algorithms \&\- initialize SSL library by registering algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_library_init(void); +\& +\& int OpenSSL_add_ssl_algorithms(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests. +.PP +\&\fBOpenSSL_add_ssl_algorithms()\fR is a synonym for \fBSSL_library_init()\fR and is +implemented as a macro. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_library_init()\fR must be called before any other action takes place. +\&\fBSSL_library_init()\fR is not reentrant. +.SH "WARNINGS" +.IX Header "WARNINGS" +\&\fBSSL_library_init()\fR adds ciphers and digests used directly and indirectly by +\&\s-1SSL/TLS.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return +value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBRAND_add\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_library_init()\fR and \fBOpenSSL_add_ssl_algorithms()\fR functions were +deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_ssl()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_load_client_CA_file.3 b/deps/openssl/mingw64/share/man/man3/SSL_load_client_CA_file.3 new file mode 100644 index 00000000..ab03e310 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_load_client_CA_file.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_LOAD_CLIENT_CA_FILE 3" +.TH SSL_LOAD_CLIENT_CA_FILE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_load_client_CA_file, SSL_add_file_cert_subjects_to_stack, SSL_add_dir_cert_subjects_to_stack \&\- load certificate names +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +\& +\& int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, +\& const char *file) +\& int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, +\& const char *dir) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_load_client_CA_file()\fR reads certificates from \fIfile\fR and returns +a \s-1STACK_OF\s0(X509_NAME) with the subject names found. +.PP +\&\fBSSL_add_file_cert_subjects_to_stack()\fR reads certificates from \fIfile\fR, +and adds their subject name to the already existing \fIstack\fR. +.PP +\&\fBSSL_add_dir_cert_subjects_to_stack()\fR reads certificates from every +file in the directory \fIdir\fR, and adds their subject name to the +already existing \fIstack\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and +extracts the X509_NAMES of the certificates found. While the name suggests +the specific usage as support function for +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +it is not limited to \s-1CA\s0 certificates. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +The operation failed, check out the error stack for the reason. +.IP "Pointer to \s-1STACK_OF\s0(X509_NAME)" 4 +.IX Item "Pointer to STACK_OF(X509_NAME)" +Pointer to the subject names of the successfully read certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Load names of CAs from file and use it as a client \s-1CA\s0 list: +.PP +.Vb 2 +\& SSL_CTX *ctx; +\& STACK_OF(X509_NAME) *cert_names; +\& +\& ... +\& cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); +\& if (cert_names != NULL) +\& SSL_CTX_set_client_CA_list(ctx, cert_names); +\& else +\& /* error */ +\& ... +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_new.3 b/deps/openssl/mingw64/share/man/man3/SSL_new.3 new file mode 100644 index 00000000..54cb214f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_new.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_NEW 3" +.TH SSL_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_dup, SSL_new, SSL_up_ref \- create an SSL structure for a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL *SSL_dup(SSL *s); +\& SSL *SSL_new(SSL_CTX *ctx); +\& int SSL_up_ref(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the +data for a \s-1TLS/SSL\s0 connection. The new structure inherits the settings +of the underlying context \fBctx\fR: connection method, +options, verification settings, timeout settings. An \fB\s-1SSL\s0\fR structure is +reference counted. Creating an \fB\s-1SSL\s0\fR structure for the first time increments +the reference count. Freeing it (using SSL_free) decrements it. When the +reference count drops to zero, any memory or resources allocated to the \fB\s-1SSL\s0\fR +structure are freed. +.PP +\&\fBSSL_up_ref()\fR increments the reference count for an +existing \fB\s-1SSL\s0\fR structure. +.PP +\&\fBSSL_dup()\fR duplicates an existing \fB\s-1SSL\s0\fR structure into a new allocated one. All +settings are inherited from the original \fB\s-1SSL\s0\fR structure. Dynamic data (i.e. +existing connection details) are not copied, the new \fB\s-1SSL\s0\fR is set into an +initial accept (server) or connect (client) state. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +The creation of a new \s-1SSL\s0 structure failed. Check the error stack to +find out the reason. +.IP "Pointer to an \s-1SSL\s0 structure" 4 +.IX Item "Pointer to an SSL structure" +The return value points to an allocated \s-1SSL\s0 structure. +.Sp +\&\fBSSL_up_ref()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBSSL_get_SSL_CTX\fR\|(3), +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_pending.3 b/deps/openssl/mingw64/share/man/man3/SSL_pending.3 new file mode 100644 index 00000000..d8fa1675 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_pending.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_PENDING 3" +.TH SSL_PENDING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_pending, SSL_has_pending \- check for readable bytes buffered in an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_pending(const SSL *ssl); +\& int SSL_has_pending(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Data is received in whole blocks known as records from the peer. A whole record +is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is +read by the application via a call to \fBSSL_read_ex\fR\|(3) or \fBSSL_read\fR\|(3). +.PP +\&\fBSSL_pending()\fR returns the number of bytes which have been processed, buffered +and are available inside \fBssl\fR for immediate read. +.PP +If the \fB\s-1SSL\s0\fR object's \fIread_ahead\fR flag is set (see +\&\fBSSL_CTX_set_read_ahead\fR\|(3)), additional protocol bytes (beyond the current +record) may have been read containing more \s-1TLS/SSL\s0 records. This also applies to +\&\s-1DTLS\s0 and pipelining (see \fBSSL_CTX_set_split_send_fragment\fR\|(3)). These +additional bytes will be buffered by OpenSSL but will remain unprocessed until +they are needed. As these bytes are still in an unprocessed state \fBSSL_pending()\fR +will ignore them. Therefore it is possible for no more bytes to be readable from +the underlying \s-1BIO\s0 (because OpenSSL has already read them) and for \fBSSL_pending()\fR +to return 0, even though readable application data bytes are available (because +the data is in unprocessed buffered records). +.PP +\&\fBSSL_has_pending()\fR returns 1 if \fBs\fR has buffered data (whether processed or +unprocessed) and 0 otherwise. Note that it is possible for \fBSSL_has_pending()\fR to +return 1, and then a subsequent call to \fBSSL_read_ex()\fR or \fBSSL_read()\fR to return no +data because the unprocessed buffered data when processed yielded no application +data (for example this can happen during renegotiation). It is also possible in +this scenario for \fBSSL_has_pending()\fR to continue to return 1 even after an +\&\fBSSL_read_ex()\fR or \fBSSL_read()\fR call because the buffered and unprocessed data is +not yet processable (e.g. because OpenSSL has only received a partial record so +far). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_pending()\fR returns the number of buffered and processed application data +bytes that are pending and are available for immediate read. \fBSSL_has_pending()\fR +returns 1 if there is buffered record data in the \s-1SSL\s0 object and 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_CTX_set_read_ahead\fR\|(3), +\&\fBSSL_CTX_set_split_send_fragment\fR\|(3), \fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_has_pending()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_read.3 b/deps/openssl/mingw64/share/man/man3/SSL_read.3 new file mode 100644 index 00000000..099374ac --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_read.3 @@ -0,0 +1,275 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_READ 3" +.TH SSL_READ 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek \&\- read bytes from a TLS/SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +\& int SSL_read(SSL *ssl, void *buf, int num); +\& +\& int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +\& int SSL_peek(SSL *ssl, void *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_read_ex()\fR and \fBSSL_read()\fR try to read \fBnum\fR bytes from the specified \fBssl\fR +into the buffer \fBbuf\fR. On success \fBSSL_read_ex()\fR will store the number of bytes +actually read in \fB*readbytes\fR. +.PP +\&\fBSSL_peek_ex()\fR and \fBSSL_peek()\fR are identical to \fBSSL_read_ex()\fR and \fBSSL_read()\fR +respectively except no bytes are actually removed from the underlying \s-1BIO\s0 during +the read, so that a subsequent call to \fBSSL_read_ex()\fR or \fBSSL_read()\fR will yield +at least the same bytes. +.SH "NOTES" +.IX Header "NOTES" +In the paragraphs below a \*(L"read function\*(R" is defined as one of \fBSSL_read_ex()\fR, +\&\fBSSL_read()\fR, \fBSSL_peek_ex()\fR or \fBSSL_peek()\fR. +.PP +If necessary, a read function will negotiate a \s-1TLS/SSL\s0 session, if not already +explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the +peer requests a re-negotiation, it will be performed transparently during +the read function operation. The behaviour of the read functions depends on the +underlying \s-1BIO.\s0 +.PP +For the transparent negotiation to succeed, the \fBssl\fR must have been +initialized to client or server mode. This is being done by calling +\&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR before the first +invocation of a read function. +.PP +The read functions work based on the \s-1SSL/TLS\s0 records. The data are received in +records (with a maximum record size of 16kB). Only when a record has been +completely received, can it be processed (decryption and check of integrity). +Therefore data that was not retrieved at the last read call can still be +buffered inside the \s-1SSL\s0 layer and will be retrieved on the next read +call. If \fBnum\fR is higher than the number of bytes buffered then the read +functions will return with the bytes buffered. If no more bytes are in the +buffer, the read functions will trigger the processing of the next record. +Only when the record has been received and processed completely will the read +functions return reporting success. At most the contents of one record will +be returned. As the size of an \s-1SSL/TLS\s0 record may exceed the maximum packet size +of the underlying transport (e.g. \s-1TCP\s0), it may be necessary to read several +packets from the transport layer before the record is complete and the read call +can succeed. +.PP +If \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR has been switched off and a non-application data +record has been processed, the read function can return and set the error to +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR. +In this case there might still be unprocessed data available in the \fB\s-1BIO\s0\fR. +If read ahead was set using \fBSSL_CTX_set_read_ahead\fR\|(3), there might also still +be unprocessed data available in the \fB\s-1SSL\s0\fR. +This behaviour can be controlled using the \fBSSL_CTX_set_mode\fR\|(3) call. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, a read function will only return once the +read operation has been finished or an error occurred, except when a +non-application data record has been processed and \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is +not set. +Note that if \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is set and only non-application data is +available the call will hang. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, a read function will also return when +the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue the +operation. +In this case a call to \fBSSL_get_error\fR\|(3) with the +return value of the read function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. +As at any time it's possible that non-application data needs to be sent, +a read function can also cause write operations. +The calling process then must repeat the call after taking appropriate action +to satisfy the needs of the read function. +The action depends on the underlying \s-1BIO.\s0 +When using a non-blocking socket, nothing is to be done, but \fBselect()\fR can be +used to check for the required condition. +When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or +retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +\&\fBSSL_pending\fR\|(3) can be used to find out whether there +are buffered bytes available for immediate retrieval. +In this case the read function can be called without blocking or actually +receiving new data from the underlying socket. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR will return 1 for success or 0 for failure. +Success means that 1 or more application data bytes have been read from the \s-1SSL\s0 +connection. +Failure means that no bytes could be read from the \s-1SSL\s0 connection. +Failures can be retryable (e.g. we are waiting for more bytes to +be delivered by the network) or non-retryable (e.g. a fatal network error). +In the event of a failure call \fBSSL_get_error\fR\|(3) to find out the reason which +indicates whether the call is retryable or not. +.PP +For \fBSSL_read()\fR and \fBSSL_peek()\fR the following return values can occur: +.IP "> 0" 4 +.IX Item "> 0" +The read operation was successful. +The return value is the number of bytes actually read from the \s-1TLS/SSL\s0 +connection. +.IP "<= 0" 4 +.IX Item "<= 0" +The read operation was not successful, because either the connection was closed, +an error occurred or action must be taken by the calling process. +Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. +.Sp +Old documentation indicated a difference between 0 and \-1, and that \-1 was +retryable. +You should instead call \fBSSL_get_error()\fR to find out if it's retryable. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_write_ex\fR\|(3), +\&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3) +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_pending\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBssl\fR\|(7), \fBbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_read_early_data.3 b/deps/openssl/mingw64/share/man/man3/SSL_read_early_data.3 new file mode 100644 index 00000000..9dd64a0e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_read_early_data.3 @@ -0,0 +1,480 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_READ_EARLY_DATA 3" +.TH SSL_READ_EARLY_DATA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_max_early_data, SSL_CTX_set_max_early_data, SSL_get_max_early_data, SSL_CTX_get_max_early_data, SSL_set_recv_max_early_data, SSL_CTX_set_recv_max_early_data, SSL_get_recv_max_early_data, SSL_CTX_get_recv_max_early_data, SSL_SESSION_get_max_early_data, SSL_SESSION_set_max_early_data, SSL_write_early_data, SSL_read_early_data, SSL_get_early_data_status, SSL_allow_early_data_cb_fn, SSL_CTX_set_allow_early_data_cb, SSL_set_allow_early_data_cb \&\- functions for sending and receiving early data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); +\& uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); +\& int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); +\& uint32_t SSL_get_max_early_data(const SSL *s); +\& +\& int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); +\& uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); +\& int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); +\& uint32_t SSL_get_recv_max_early_data(const SSL *s); +\& +\& uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); +\& int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data); +\& +\& int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written); +\& +\& int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes); +\& +\& int SSL_get_early_data_status(const SSL *s); +\& +\& +\& typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); +\& +\& void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, +\& SSL_allow_early_data_cb_fn cb, +\& void *arg); +\& void SSL_set_allow_early_data_cb(SSL *s, +\& SSL_allow_early_data_cb_fn cb, +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to send and receive early data where TLSv1.3 has been +negotiated. Early data can be sent by the client immediately after its initial +ClientHello without having to wait for the server to complete the handshake. +Early data can only be sent if a session has previously been established with +the server, and the server is known to support it. Additionally these functions +can be used to send data from the server to the client when the client has not +yet completed the authentication stage of the handshake. +.PP +Early data has weaker security properties than other data sent over an \s-1SSL/TLS\s0 +connection. In particular the data does not have forward secrecy. There are also +additional considerations around replay attacks (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 +below). For these reasons extreme care should be exercised when using early +data. For specific details, consult the \s-1TLS 1.3\s0 specification. +.PP +When a server receives early data it may opt to immediately respond by sending +application data back to the client. Data sent by the server at this stage is +done before the full handshake has been completed. Specifically the client's +authentication messages have not yet been received, i.e. the client is +unauthenticated at this point and care should be taken when using this +capability. +.PP +A server or client can determine whether the full handshake has been completed +or not by calling \fBSSL_is_init_finished\fR\|(3). +.PP +On the client side, the function \fBSSL_SESSION_get_max_early_data()\fR can be used to +determine if a session established with a server can be used to send early data. +If the session cannot be used then this function will return 0. Otherwise it +will return the maximum number of early data bytes that can be sent. +.PP +The function \fBSSL_SESSION_set_max_early_data()\fR sets the maximum number of early +data bytes that can be sent for a session. This would typically be used when +creating a \s-1PSK\s0 session file (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). If +using a ticket based \s-1PSK\s0 then this is set automatically to the value provided by +the server. +.PP +A client uses the function \fBSSL_write_early_data()\fR to send early data. This +function is similar to the \fBSSL_write_ex\fR\|(3) function, but with the following +differences. See \fBSSL_write_ex\fR\|(3) for information on how to write bytes to +the underlying connection, and how to handle any errors that may arise. This +page describes the differences between \fBSSL_write_early_data()\fR and +\&\fBSSL_write_ex\fR\|(3). +.PP +When called by a client, \fBSSL_write_early_data()\fR must be the first \s-1IO\s0 function +called on a new connection, i.e. it must occur before any calls to +\&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_connect\fR\|(3), \fBSSL_do_handshake\fR\|(3) +or other similar functions. It may be called multiple times to stream data to +the server, but the total number of bytes written must not exceed the value +returned from \fBSSL_SESSION_get_max_early_data()\fR. Once the initial +\&\fBSSL_write_early_data()\fR call has completed successfully the client may interleave +calls to \fBSSL_read_ex\fR\|(3) and \fBSSL_read\fR\|(3) with calls to +\&\fBSSL_write_early_data()\fR as required. +.PP +If \fBSSL_write_early_data()\fR fails you should call \fBSSL_get_error\fR\|(3) to determine +the correct course of action, as for \fBSSL_write_ex\fR\|(3). +.PP +When the client no longer wishes to send any more early data then it should +complete the handshake by calling a function such as \fBSSL_connect\fR\|(3) or +\&\fBSSL_do_handshake\fR\|(3). Alternatively you can call a standard write function +such as \fBSSL_write_ex\fR\|(3), which will transparently complete the connection and +write the requested data. +.PP +A server may choose to ignore early data that has been sent to it. Once the +connection has been completed you can determine whether the server accepted or +rejected the early data by calling \fBSSL_get_early_data_status()\fR. This will return +\&\s-1SSL_EARLY_DATA_ACCEPTED\s0 if the data was accepted, \s-1SSL_EARLY_DATA_REJECTED\s0 if it +was rejected or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. This function +may be called by either the client or the server. +.PP +A server uses the \fBSSL_read_early_data()\fR function to receive early data on a +connection for which early data has been enabled using +\&\fBSSL_CTX_set_max_early_data()\fR or \fBSSL_set_max_early_data()\fR. As for +\&\fBSSL_write_early_data()\fR, this must be the first \s-1IO\s0 function +called on a connection, i.e. it must occur before any calls to +\&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_accept\fR\|(3), \fBSSL_do_handshake\fR\|(3), +or other similar functions. +.PP +\&\fBSSL_read_early_data()\fR is similar to \fBSSL_read_ex\fR\|(3) with the following +differences. Refer to \fBSSL_read_ex\fR\|(3) for full details. +.PP +\&\fBSSL_read_early_data()\fR may return 3 possible values: +.IP "\s-1SSL_READ_EARLY_DATA_ERROR\s0" 4 +.IX Item "SSL_READ_EARLY_DATA_ERROR" +This indicates an \s-1IO\s0 or some other error occurred. This should be treated in the +same way as a 0 return value from \fBSSL_read_ex\fR\|(3). +.IP "\s-1SSL_READ_EARLY_DATA_SUCCESS\s0" 4 +.IX Item "SSL_READ_EARLY_DATA_SUCCESS" +This indicates that early data was successfully read. This should be treated in +the same way as a 1 return value from \fBSSL_read_ex\fR\|(3). You should continue to +call \fBSSL_read_early_data()\fR to read more data. +.IP "\s-1SSL_READ_EARLY_DATA_FINISH\s0" 4 +.IX Item "SSL_READ_EARLY_DATA_FINISH" +This indicates that no more early data can be read. It may be returned on the +first call to \fBSSL_read_early_data()\fR if the client has not sent any early data, +or if the early data was rejected. +.PP +Once the initial \fBSSL_read_early_data()\fR call has completed successfully (i.e. it +has returned \s-1SSL_READ_EARLY_DATA_SUCCESS\s0 or \s-1SSL_READ_EARLY_DATA_FINISH\s0) then the +server may choose to write data immediately to the unauthenticated client using +\&\fBSSL_write_early_data()\fR. If \fBSSL_read_early_data()\fR returned +\&\s-1SSL_READ_EARLY_DATA_FINISH\s0 then in some situations (e.g. if the client only +supports TLSv1.2) the handshake may have already been completed and calls +to \fBSSL_write_early_data()\fR are not allowed. Call \fBSSL_is_init_finished\fR\|(3) to +determine whether the handshake has completed or not. If the handshake is still +in progress then the server may interleave calls to \fBSSL_write_early_data()\fR with +calls to \fBSSL_read_early_data()\fR as required. +.PP +Servers must not call \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or +\&\fBSSL_write\fR\|(3) until \fBSSL_read_early_data()\fR has returned with +\&\s-1SSL_READ_EARLY_DATA_FINISH.\s0 Once it has done so the connection to the client +still needs to be completed. Complete the connection by calling a function such +as \fBSSL_accept\fR\|(3) or \fBSSL_do_handshake\fR\|(3). Alternatively you can call a +standard read function such as \fBSSL_read_ex\fR\|(3), which will transparently +complete the connection and read the requested data. Note that it is an error to +attempt to complete the connection before \fBSSL_read_early_data()\fR has returned +\&\s-1SSL_READ_EARLY_DATA_FINISH.\s0 +.PP +Only servers may call \fBSSL_read_early_data()\fR. +.PP +Calls to \fBSSL_read_early_data()\fR may, in certain circumstances, complete the +connection immediately without further need to call a function such as +\&\fBSSL_accept\fR\|(3). This can happen if the client is using a protocol version less +than TLSv1.3. Applications can test for this by calling +\&\fBSSL_is_init_finished\fR\|(3). Alternatively, applications may choose to call +\&\fBSSL_accept\fR\|(3) anyway. Such a call will successfully return immediately with no +further action taken. +.PP +When a session is created between a server and a client the server will specify +the maximum amount of any early data that it will accept on any future +connection attempt. By default the server does not accept early data; a +server may indicate support for early data by calling +\&\fBSSL_CTX_set_max_early_data()\fR or +\&\fBSSL_set_max_early_data()\fR to set it for the whole \s-1SSL_CTX\s0 or an individual \s-1SSL\s0 +object respectively. The \fBmax_early_data\fR parameter specifies the maximum +amount of early data in bytes that is permitted to be sent on a single +connection. Similarly the \fBSSL_CTX_get_max_early_data()\fR and +\&\fBSSL_get_max_early_data()\fR functions can be used to obtain the current maximum +early data settings for the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. Generally a +server application will either use both of \fBSSL_read_early_data()\fR and +\&\fBSSL_CTX_set_max_early_data()\fR (or \fBSSL_set_max_early_data()\fR), or neither of them, +since there is no practical benefit from using only one of them. If the maximum +early data setting for a server is non-zero then replay protection is +automatically enabled (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 below). +.PP +If the server rejects the early data sent by a client then it will skip over +the data that is sent. The maximum amount of received early data that is skipped +is controlled by the recv_max_early_data setting. If a client sends more than +this then the connection will abort. This value can be set by calling +\&\fBSSL_CTX_set_recv_max_early_data()\fR or \fBSSL_set_recv_max_early_data()\fR. The current +value for this setting can be obtained by calling +\&\fBSSL_CTX_get_recv_max_early_data()\fR or \fBSSL_get_recv_max_early_data()\fR. The default +value for this setting is 16,384 bytes. +.PP +The recv_max_early_data value also has an impact on early data that is accepted. +The amount of data that is accepted will always be the lower of the +max_early_data for the session and the recv_max_early_data setting for the +server. If a client sends more data than this then the connection will abort. +.PP +The configured value for max_early_data on a server may change over time as +required. However clients may have tickets containing the previously configured +max_early_data value. The recv_max_early_data should always be equal to or +higher than any recently configured max_early_data value in order to avoid +aborted connections. The recv_max_early_data should never be set to less than +the current configured max_early_data value. +.PP +Some server applications may wish to have more control over whether early data +is accepted or not, for example to mitigate replay risks (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 +below) or to decline early_data when the server is heavily loaded. The functions +\&\fBSSL_CTX_set_allow_early_data_cb()\fR and \fBSSL_set_allow_early_data_cb()\fR set a +callback which is called at a point in the handshake immediately before a +decision is made to accept or reject early data. The callback is provided with a +pointer to the user data argument that was provided when the callback was first +set. Returning 1 from the callback will allow early data and returning 0 will +reject it. Note that the OpenSSL library may reject early data for other reasons +in which case this callback will not get called. Notably, the built-in replay +protection feature will still be used even if a callback is present unless it +has been explicitly disabled using the \s-1SSL_OP_NO_ANTI_REPLAY\s0 option. See +\&\*(L"\s-1REPLAY PROTECTION\*(R"\s0 below. +.SH "NOTES" +.IX Header "NOTES" +The whole purpose of early data is to enable a client to start sending data to +the server before a full round trip of network traffic has occurred. Application +developers should ensure they consider optimisation of the underlying \s-1TCP\s0 socket +to obtain a performant solution. For example Nagle's algorithm is commonly used +by operating systems in an attempt to avoid lots of small \s-1TCP\s0 packets. In many +scenarios this is beneficial for performance, but it does not work well with the +early data solution as implemented in OpenSSL. In Nagle's algorithm the \s-1OS\s0 will +buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent which we have not +yet received an \s-1ACK\s0 for from the peer. The buffered data will only be +transmitted if enough data to fill an entire \s-1TCP\s0 packet is accumulated, or if +the \s-1ACK\s0 is received from the peer. The initial ClientHello will be sent in the +first \s-1TCP\s0 packet along with any data from the first call to +\&\fBSSL_write_early_data()\fR. If the amount of data written will exceed the size of a +single \s-1TCP\s0 packet, or if there are more calls to \fBSSL_write_early_data()\fR then +that additional data will be sent in subsequent \s-1TCP\s0 packets which will be +buffered by the \s-1OS\s0 and not sent until an \s-1ACK\s0 is received for the first packet +containing the ClientHello. This means the early data is not actually +sent until a complete round trip with the server has occurred which defeats the +objective of early data. +.PP +In many operating systems the \s-1TCP_NODELAY\s0 socket option is available to disable +Nagle's algorithm. If an application opts to disable Nagle's algorithm +consideration should be given to turning it back on again after the handshake is +complete if appropriate. +.PP +In rare circumstances, it may be possible for a client to have a session that +reports a max early data value greater than 0, but where the server does not +support this. For example, this can occur if a server has had its configuration +changed to accept a lower max early data value such as by calling +\&\fBSSL_CTX_set_recv_max_early_data()\fR. Another example is if a server used to +support TLSv1.3 but was later downgraded to TLSv1.2. Sending early data to such +a server will cause the connection to abort. Clients that encounter an aborted +connection while sending early data may want to retry the connection without +sending early data as this does not happen automatically. A client will have to +establish a new transport layer connection to the server and attempt the \s-1SSL/TLS\s0 +connection again but without sending early data. Note that it is inadvisable to +retry with a lower maximum protocol version. +.SH "REPLAY PROTECTION" +.IX Header "REPLAY PROTECTION" +When early data is in use the \s-1TLS\s0 protocol provides no security guarantees that +the same early data was not replayed across multiple connections. As a +mitigation for this issue OpenSSL automatically enables replay protection if the +server is configured with a non-zero max early data value. With replay +protection enabled sessions are forced to be single use only. If a client +attempts to reuse a session ticket more than once, then the second and +subsequent attempts will fall back to a full handshake (and any early data that +was submitted will be ignored). Note that single use tickets are enforced even +if a client does not send any early data. +.PP +The replay protection mechanism relies on the internal OpenSSL server session +cache (see \fBSSL_CTX_set_session_cache_mode\fR\|(3)). When replay protection is +being used the server will operate as if the \s-1SSL_OP_NO_TICKET\s0 option had been +selected (see \fBSSL_CTX_set_options\fR\|(3)). Sessions will be added to the cache +whenever a session ticket is issued. When a client attempts to resume the +session, OpenSSL will check for its presence in the internal cache. If it exists +then the resumption is allowed and the session is removed from the cache. If it +does not exist then the resumption is not allowed and a full handshake will +occur. +.PP +Note that some applications may maintain an external cache of sessions (see +\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) and similar functions). It is the application's +responsibility to ensure that any sessions in the external cache are also +populated in the internal cache and that once removed from the internal cache +they are similarly removed from the external cache. Failing to do this could +result in an application becoming vulnerable to replay attacks. Note that +OpenSSL will lock the internal cache while a session is removed but that lock is +not held when the remove session callback (see \fBSSL_CTX_sess_set_remove_cb\fR\|(3)) +is called. This could result in a small amount of time where the session has +been removed from the internal cache but is still available in the external +cache. Applications should be designed with this in mind in order to minimise +the possibility of replay attacks. +.PP +The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) +(e.g. see \fBSSL_CTX_set_psk_find_session_callback\fR\|(3)). Therefore extreme caution +should be applied when combining external PSKs with early data. +.PP +Some applications may mitigate the replay risks in other ways. For those +applications it is possible to turn off the built-in replay protection feature +using the \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR option. See \fBSSL_CTX_set_options\fR\|(3) for +details. Applications can also set a callback to make decisions about accepting +early data or not. See \fBSSL_CTX_set_allow_early_data_cb()\fR above for details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_write_early_data()\fR returns 1 for success or 0 for failure. In the event of a +failure call \fBSSL_get_error\fR\|(3) to determine the correct course of action. +.PP +\&\fBSSL_read_early_data()\fR returns \s-1SSL_READ_EARLY_DATA_ERROR\s0 for failure, +\&\s-1SSL_READ_EARLY_DATA_SUCCESS\s0 for success with more data to read and +\&\s-1SSL_READ_EARLY_DATA_FINISH\s0 for success with no more to data be read. In the +event of a failure call \fBSSL_get_error\fR\|(3) to determine the correct course of +action. +.PP +\&\fBSSL_get_max_early_data()\fR, \fBSSL_CTX_get_max_early_data()\fR and +\&\fBSSL_SESSION_get_max_early_data()\fR return the maximum number of early data bytes +that may be sent. +.PP +\&\fBSSL_set_max_early_data()\fR, \fBSSL_CTX_set_max_early_data()\fR and +\&\fBSSL_SESSION_set_max_early_data()\fR return 1 for success or 0 for failure. +.PP +\&\fBSSL_get_early_data_status()\fR returns \s-1SSL_EARLY_DATA_ACCEPTED\s0 if early data was +accepted by the server, \s-1SSL_EARLY_DATA_REJECTED\s0 if early data was rejected by +the server, or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), +\&\fBSSL_read_ex\fR\|(3), +\&\fBSSL_connect\fR\|(3), +\&\fBSSL_accept\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of the functions described above were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_rstate_string.3 b/deps/openssl/mingw64/share/man/man3/SSL_rstate_string.3 new file mode 100644 index 00000000..52aeafca --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_rstate_string.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_RSTATE_STRING 3" +.TH SSL_RSTATE_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an SSL object during read operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_rstate_string(SSL *ssl); +\& const char *SSL_rstate_string_long(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_rstate_string()\fR returns a 2 letter string indicating the current read state +of the \s-1SSL\s0 object \fBssl\fR. +.PP +\&\fBSSL_rstate_string_long()\fR returns a string indicating the current read state of +the \s-1SSL\s0 object \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record, +consisting of header and body. When working in a blocking environment, +SSL_rstate_string[_long]() should always return \*(L"\s-1RD\*(R"/\s0\*(L"read done\*(R". +.PP +This function should only seldom be needed in applications. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_rstate_string()\fR and \fBSSL_rstate_string_long()\fR can return the following +values: +.ie n .IP """\s-1RH""/\s0""read header""" 4 +.el .IP "``\s-1RH''/\s0``read header''" 4 +.IX Item "RH/read header" +The header of the record is being evaluated. +.ie n .IP """\s-1RB""/\s0""read body""" 4 +.el .IP "``\s-1RB''/\s0``read body''" 4 +.IX Item "RB/read body" +The body of the record is being evaluated. +.ie n .IP """\s-1RD""/\s0""read done""" 4 +.el .IP "``\s-1RD''/\s0``read done''" 4 +.IX Item "RD/read done" +The record has been completely processed. +.ie n .IP """unknown""/""unknown""" 4 +.el .IP "``unknown''/``unknown''" 4 +.IX Item "unknown/unknown" +The read state is unknown. This should never happen. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_session_reused.3 b/deps/openssl/mingw64/share/man/man3/SSL_session_reused.3 new file mode 100644 index 00000000..1a97bac0 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_session_reused.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_REUSED 3" +.TH SSL_SESSION_REUSED 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_session_reused \- query whether a reused session was negotiated during handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_session_reused(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Query, whether a reused session was negotiated during the handshake. +.SH "NOTES" +.IX Header "NOTES" +During the negotiation, a client can propose to reuse a session. The server +then looks up the session in its cache. If both client and server agree +on the session, it will be reused and a flag is being set that can be +queried by the application. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +A new session was negotiated. +.IP "1" 4 +.IX Item "1" +A session was reused. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_set1_host.3 b/deps/openssl/mingw64/share/man/man3/SSL_set1_host.3 new file mode 100644 index 00000000..8363fcce --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_set1_host.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET1_HOST 3" +.TH SSL_SET1_HOST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername \- SSL server verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set1_host(SSL *s, const char *hostname); +\& int SSL_add1_host(SSL *s, const char *hostname); +\& void SSL_set_hostflags(SSL *s, unsigned int flags); +\& const char *SSL_get0_peername(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions configure server hostname checks in the \s-1SSL\s0 client. +.PP +\&\fBSSL_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \fBname\fR clearing +any previously specified host name or names. If \fBname\fR is \s-1NULL,\s0 +or the empty string the list of hostnames is cleared, and name +checks are not performed on the peer certificate. When a non-empty +\&\fBname\fR is specified, certificate verification automatically checks +the peer hostname via \fBX509_check_host\fR\|(3) with \fBflags\fR as specified +via \fBSSL_set_hostflags()\fR. Clients that enable \s-1DANE TLSA\s0 authentication +via \fBSSL_dane_enable\fR\|(3) should leave it to that function to set +the primary reference identifier of the peer, and should not call +\&\fBSSL_set1_host()\fR. +.PP +\&\fBSSL_add1_host()\fR adds \fBname\fR as an additional reference identifier +that can match the peer's certificate. Any previous names set via +\&\fBSSL_set1_host()\fR or \fBSSL_add1_host()\fR are retained, no change is made +if \fBname\fR is \s-1NULL\s0 or empty. When multiple names are configured, +the peer is considered verified when any name matches. This function +is required for \s-1DANE TLSA\s0 in the presence of service name indirection +via \s-1CNAME, MX\s0 or \s-1SRV\s0 records as specified in \s-1RFC7671, RFC7672\s0 or +\&\s-1RFC7673.\s0 +.PP +\&\fBSSL_set_hostflags()\fR sets the \fBflags\fR that will be passed to +\&\fBX509_check_host\fR\|(3) when name checks are applicable, by default +the \fBflags\fR value is 0. See \fBX509_check_host\fR\|(3) for the list +of available flags and their meaning. +.PP +\&\fBSSL_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject CommonName +from the peer certificate that matched one of the reference +identifiers. When wildcard matching is not disabled, the name +matched in the peer certificate may be a wildcard name. When one +of the reference identifiers configured via \fBSSL_set1_host()\fR or +\&\fBSSL_add1_host()\fR starts with \*(L".\*(R", which indicates a parent domain prefix +rather than a fixed name, the matched peer name may be a sub-domain +of the reference identifier. The returned string is allocated by +the library and is no longer valid once the associated \fBssl\fR handle +is cleared or freed, or a renegotiation takes place. Applications +must not free the return value. +.PP +\&\s-1SSL\s0 clients are advised to use these functions in preference to +explicitly calling \fBX509_check_host\fR\|(3). Hostname checks may be out +of scope with the \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3) certificate usage, and the +internal check will be suppressed as appropriate when \s-1DANE\s0 is +enabled. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set1_host()\fR and \fBSSL_add1_host()\fR return 1 for success and 0 for +failure. +.PP +\&\fBSSL_get0_peername()\fR returns \s-1NULL\s0 if peername verification is not +applicable (as with \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3)), or no trusted peername was +matched. Otherwise, it returns the matched peername. To determine +whether verification succeeded call \fBSSL_get_verify_result\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R". +The calls below will arrange to match either the \s-1MX\s0 hostname or the +destination domain name in the \s-1SMTP\s0 server certificate. Wildcards +are supported, but must match the entire label. The actual name +matched in the certificate (which might be a wildcard) is retrieved, +and must be copied by the application if it is to be retained beyond +the lifetime of the \s-1SSL\s0 connection. +.PP +.Vb 5 +\& SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); +\& if (!SSL_set1_host(ssl, "smtp.example.com")) +\& /* error */ +\& if (!SSL_add1_host(ssl, "example.com")) +\& /* error */ +\& +\& /* XXX: Perform SSL_connect() handshake and handle errors here */ +\& +\& if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& const char *peername = SSL_get0_peername(ssl); +\& +\& if (peername != NULL) +\& /* Name checks were in scope and matched the peername */ +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_check_host\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3). +\&\fBSSL_dane_enable\fR\|(3). +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_set_bio.3 b/deps/openssl/mingw64/share/man/man3/SSL_set_bio.3 new file mode 100644 index 00000000..427ccdbd --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_set_bio.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_BIO 3" +.TH SSL_SET_BIO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio \- connect the SSL object with a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); +\& void SSL_set0_rbio(SSL *s, BIO *rbio); +\& void SSL_set0_wbio(SSL *s, BIO *wbio); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set0_rbio()\fR connects the \s-1BIO\s0 \fBrbio\fR for the read operations of the \fBssl\fR +object. The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR. If the \s-1BIO\s0 is +non-blocking then the \fBssl\fR object will also have non-blocking behaviour. This +function transfers ownership of \fBrbio\fR to \fBssl\fR. It will be automatically +freed using \fBBIO_free_all\fR\|(3) when the \fBssl\fR is freed. On calling this +function, any existing \fBrbio\fR that was previously set will also be freed via a +call to \fBBIO_free_all\fR\|(3) (this includes the case where the \fBrbio\fR is set to +the same value as previously). +.PP +\&\fBSSL_set0_wbio()\fR works in the same as \fBSSL_set0_rbio()\fR except that it connects +the \s-1BIO\s0 \fBwbio\fR for the write operations of the \fBssl\fR object. Note that if the +rbio and wbio are the same then \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR each take +ownership of one reference. Therefore it may be necessary to increment the +number of references available using \fBBIO_up_ref\fR\|(3) before calling the set0 +functions. +.PP +\&\fBSSL_set_bio()\fR is similar to \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR except +that it connects both the \fBrbio\fR and the \fBwbio\fR at the same time, and +transfers the ownership of \fBrbio\fR and \fBwbio\fR to \fBssl\fR according to +the following set of rules: +.IP "\(bu" 2 +If neither the \fBrbio\fR or \fBwbio\fR have changed from their previous values +then nothing is done. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and both are different +to their +previously set values then one reference is consumed for the rbio and one +reference is consumed for the wbio. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is not +the same as the previously set value then one reference is consumed. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is the +same as the previously set value, then no additional references are consumed. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBrbio\fR is the +same as the +previously set value then one reference is consumed for the \fBwbio\fR and no +references are consumed for the \fBrbio\fR. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR is the +same as the previously set value and the old \fBrbio\fR and \fBwbio\fR values +were the same as each other then one reference is consumed for the \fBrbio\fR +and no references are consumed for the \fBwbio\fR. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR +is the same as the +previously set value and the old \fBrbio\fR and \fBwbio\fR values were different +to each +other then one reference is consumed for the \fBrbio\fR and one reference +is consumed +for the \fBwbio\fR. +.PP +Because of this complexity, this function should be avoided; +use \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_bio()\fR, \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR cannot fail. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_rbio\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_set_connect_state.3 b/deps/openssl/mingw64/share/man/man3/SSL_set_connect_state.3 new file mode 100644 index 00000000..66a93a83 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_set_connect_state.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_CONNECT_STATE 3" +.TH SSL_SET_CONNECT_STATE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_connect_state, SSL_set_accept_state, SSL_is_server \&\- functions for manipulating and examining the client or server mode of an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_connect_state(SSL *ssl); +\& +\& void SSL_set_accept_state(SSL *ssl); +\& +\& int SSL_is_server(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set_connect_state()\fR sets \fBssl\fR to work in client mode. +.PP +\&\fBSSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. +.PP +\&\fBSSL_is_server()\fR checks if \fBssl\fR is working in server mode. +.SH "NOTES" +.IX Header "NOTES" +When the \s-1SSL_CTX\s0 object was created with \fBSSL_CTX_new\fR\|(3), +it was either assigned a dedicated client method, a dedicated server +method, or a generic method, that can be used for both client and +server connections. (The method might have been changed with +\&\fBSSL_CTX_set_ssl_version\fR\|(3) or +\&\fBSSL_set_ssl_method\fR\|(3).) +.PP +When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must +call the connect (client) or accept (server) routines. Even though it may +be clear from the method chosen, whether client or server mode was +requested, the handshake routines must be explicitly set. +.PP +When using the \fBSSL_connect\fR\|(3) or +\&\fBSSL_accept\fR\|(3) routines, the correct handshake +routines are automatically set. When performing a transparent negotiation +using \fBSSL_write_ex\fR\|(3), \fBSSL_write\fR\|(3), \fBSSL_read_ex\fR\|(3), or \fBSSL_read\fR\|(3), +the handshake routines must be explicitly set in advance using either +\&\fBSSL_set_connect_state()\fR or \fBSSL_set_accept_state()\fR. +.PP +If \fBSSL_is_server()\fR is called before \fBSSL_set_connect_state()\fR or +\&\fBSSL_set_accept_state()\fR is called (either automatically or explicitly), +the result depends on what method was used when \s-1SSL_CTX\s0 was created with +\&\fBSSL_CTX_new\fR\|(3). If a generic method or a dedicated server method was +passed to \fBSSL_CTX_new\fR\|(3), \fBSSL_is_server()\fR returns 1; otherwise, it returns 0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_connect_state()\fR and \fBSSL_set_accept_state()\fR do not return diagnostic +information. +.PP +\&\fBSSL_is_server()\fR returns 1 if \fBssl\fR is working in server mode or 0 for client mode. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_CTX_new\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), \fBSSL_write\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_set_ssl_version\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_set_fd.3 b/deps/openssl/mingw64/share/man/man3/SSL_set_fd.3 new file mode 100644 index 00000000..de7fd78b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_set_fd.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_FD 3" +.TH SSL_SET_FD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_fd, SSL_set_rfd, SSL_set_wfd \- connect the SSL object with a file descriptor +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set_fd(SSL *ssl, int fd); +\& int SSL_set_rfd(SSL *ssl, int fd); +\& int SSL_set_wfd(SSL *ssl, int fd); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility +for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the +socket file descriptor of a network connection. +.PP +When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to +interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1SSL\s0 engine +inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will +also have non-blocking behaviour. +.PP +If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fBBIO_free()\fR will be called +(for both the reading and writing side, if different). +.PP +\&\fBSSL_set_rfd()\fR and \fBSSL_set_wfd()\fR perform the respective action, but only +for the read channel or the write channel, which can be set independently. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The operation failed. Check the error stack to find out why. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_fd\fR\|(3), \fBSSL_set_bio\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_set_session.3 b/deps/openssl/mingw64/share/man/man3/SSL_set_session.3 new file mode 100644 index 00000000..0eaa2f30 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_set_session.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_SESSION 3" +.TH SSL_SET_SESSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_session \- set a TLS/SSL session to be used during TLS/SSL connect +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set_session(SSL *ssl, SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection +is to be established. \fBSSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients. +When the session is set, the reference count of \fBsession\fR is incremented +by 1. If the session is not reused, the reference count is decremented +again during \fBSSL_connect()\fR. Whether the session was reused can be queried +with the \fBSSL_session_reused\fR\|(3) call. +.PP +If there is already a session set inside \fBssl\fR (because it was set with +\&\fBSSL_set_session()\fR before or because the same \fBssl\fR was already used for +a connection), \fBSSL_SESSION_free()\fR will be called for that session. If that old +session is still \fBopen\fR, it is considered bad and will be removed from the +session cache (if used). A session is considered open, if \fBSSL_shutdown\fR\|(3) was +not called for the connection (or at least \fBSSL_set_shutdown\fR\|(3) was used to +set the \s-1SSL_SENT_SHUTDOWN\s0 state). +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The operation failed; check the error stack to find out the reason. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_get_session\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_set_shutdown.3 b/deps/openssl/mingw64/share/man/man3/SSL_set_shutdown.3 new file mode 100644 index 00000000..46ad0f20 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_set_shutdown.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_SHUTDOWN 3" +.TH SSL_SET_SHUTDOWN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_shutdown(SSL *ssl, int mode); +\& +\& int SSL_get_shutdown(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR. +.PP +\&\fBSSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The shutdown state of an ssl connection is a bitmask of: +.IP "0" 4 +No shutdown setting, yet. +.IP "\s-1SSL_SENT_SHUTDOWN\s0" 4 +.IX Item "SSL_SENT_SHUTDOWN" +A close_notify shutdown alert was sent to the peer, the connection is being +considered closed and the session is closed and correct. +.IP "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 +.IX Item "SSL_RECEIVED_SHUTDOWN" +A shutdown alert was received form the peer, either a normal close_notify +or a fatal error. +.PP +\&\s-1SSL_SENT_SHUTDOWN\s0 and \s-1SSL_RECEIVED_SHUTDOWN\s0 can be set at the same time. +.PP +The shutdown state of the connection is used to determine the state of +the ssl session. If the session is still open, when +\&\fBSSL_clear\fR\|(3) or \fBSSL_free\fR\|(3) is called, +it is considered bad and removed according to \s-1RFC2246.\s0 +The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 +(according to the \s-1TLS RFC,\s0 it is acceptable to only send the close_notify +alert but to not wait for the peer's answer, when the underlying connection +is closed). +\&\fBSSL_set_shutdown()\fR can be used to set this state without sending a +close alert to the peer (see \fBSSL_shutdown\fR\|(3)). +.PP +If a close_notify was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, +for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call +\&\fBSSL_shutdown\fR\|(3) or \fBSSL_set_shutdown()\fR itself. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_shutdown()\fR does not return diagnostic information. +.PP +\&\fBSSL_get_shutdown()\fR returns the current setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3), +\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_set_verify_result.3 b/deps/openssl/mingw64/share/man/man3/SSL_set_verify_result.3 new file mode 100644 index 00000000..516c7df2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_set_verify_result.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_VERIFY_RESULT 3" +.TH SSL_SET_VERIFY_RESULT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_verify_result \- override result of peer certificate verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_verify_result(SSL *ssl, long verify_result); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the +result of the verification of the X509 certificate presented by the peer, +if any. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_set_verify_result()\fR overrides the verification result. It only changes +the verification result of the \fBssl\fR object. It does not become part of the +established session, so if the session is to be reused later, the original +value will reappear. +.PP +The valid codes for \fBverify_result\fR are documented in \fBverify\fR\|(1). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_verify_result()\fR does not provide a return value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_get_peer_certificate\fR\|(3), +\&\fBverify\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_shutdown.3 b/deps/openssl/mingw64/share/man/man3/SSL_shutdown.3 new file mode 100644 index 00000000..c2f127eb --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_shutdown.3 @@ -0,0 +1,287 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SHUTDOWN 3" +.TH SSL_SHUTDOWN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_shutdown \- shut down a TLS/SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_shutdown(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the +close_notify shutdown alert to the peer. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_shutdown()\fR tries to send the close_notify shutdown alert to the peer. +Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and +a currently open session is considered closed and good and will be kept in the +session cache for further reuse. +.PP +Note that \fBSSL_shutdown()\fR must not be called if a previous fatal error has +occurred on a connection i.e. if \fBSSL_get_error()\fR has returned \s-1SSL_ERROR_SYSCALL\s0 +or \s-1SSL_ERROR_SSL.\s0 +.PP +The shutdown procedure consists of two steps: sending of the close_notify +shutdown alert, and reception of the peer's close_notify shutdown alert. +The order of those two steps depends on the application. +.PP +It is acceptable for an application to only send its shutdown alert and +then close the underlying connection without waiting for the peer's response. +This way resources can be saved, as the process can already terminate or +serve another connection. +This should only be done when it is known that the other side will not send more +data, otherwise there is a risk of a truncation attack. +.PP +When a client only writes and never reads from the connection, and the server +has sent a session ticket to establish a session, the client might not be able +to resume the session because it did not received and process the session ticket +from the server. +In case the application wants to be able to resume the session, it is recommended to +do a complete shutdown procedure (bidirectional close_notify alerts). +.PP +When the underlying connection shall be used for more communications, the +complete shutdown procedure must be performed, so that the peers stay +synchronized. +.PP +\&\fBSSL_shutdown()\fR only closes the write direction. +It is not possible to call \fBSSL_write()\fR after calling \fBSSL_shutdown()\fR. +The read direction is closed by the peer. +.SS "First to close the connection" +.IX Subsection "First to close the connection" +When the application is the first party to send the close_notify +alert, \fBSSL_shutdown()\fR will only send the alert and then set the +\&\s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will +be kept in the cache). +If successful, \fBSSL_shutdown()\fR will return 0. +.PP +If a unidirectional shutdown is enough (the underlying connection shall be +closed anyway), this first successful call to \fBSSL_shutdown()\fR is sufficient. +.PP +In order to complete the bidirectional shutdown handshake, the peer needs +to send back a close_notify alert. +The \s-1SSL_RECEIVED_SHUTDOWN\s0 flag will be set after receiving and processing +it. +.PP +The peer is still allowed to send data after receiving the close_notify +event. +When it is done sending data, it will send the close_notify alert. +\&\fBSSL_read()\fR should be called until all data is received. +\&\fBSSL_read()\fR will indicate the end of the peer data by returning <= 0 +and \fBSSL_get_error()\fR returning \s-1SSL_ERROR_ZERO_RETURN.\s0 +.SS "Peer closes the connection" +.IX Subsection "Peer closes the connection" +If the peer already sent the close_notify alert \fBand\fR it was +already processed implicitly inside another function +(\fBSSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. +\&\fBSSL_read()\fR will return <= 0 in that case, and \fBSSL_get_error()\fR will return +\&\s-1SSL_ERROR_ZERO_RETURN.\s0 +\&\fBSSL_shutdown()\fR will send the close_notify alert, set the \s-1SSL_SENT_SHUTDOWN\s0 +flag. +If successful, \fBSSL_shutdown()\fR will return 1. +.PP +Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the +\&\fBSSL_get_shutdown()\fR (see also \fBSSL_set_shutdown\fR\|(3) call. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fBSSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0 +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_shutdown()\fR will only return once the +handshake step has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_shutdown()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_shutdown()\fR +to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fBSSL_shutdown()\fR. +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +nothing is to be done, but \fBselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +After \fBSSL_shutdown()\fR returned 0, it is possible to call \fBSSL_shutdown()\fR again +to wait for the peer's close_notify alert. +\&\fBSSL_shutdown()\fR will return 1 in that case. +However, it is recommended to wait for it using \fBSSL_read()\fR instead. +.PP +\&\fBSSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" +state but not actually send the close_notify alert messages, +see \fBSSL_CTX_set_quiet_shutdown\fR\|(3). +When \*(L"quiet shutdown\*(R" is enabled, \fBSSL_shutdown()\fR will always succeed +and return 1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The shutdown is not yet finished: the close_notify was sent but the peer +did not send it back yet. +Call \fBSSL_read()\fR to do a bidirectional shutdown. +The output of \fBSSL_get_error\fR\|(3) may be misleading, as an +erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. +.IP "1" 4 +.IX Item "1" +The shutdown was successfully completed. The close_notify alert was sent +and the peer's close_notify alert was received. +.IP "<0" 4 +.IX Item "<0" +The shutdown was not successful. +Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. +It can occur if an action is needed to continue the operation for non-blocking +BIOs. +.Sp +It can also occur when not all data was read using \fBSSL_read()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3), +\&\fBssl\fR\|(7), \fBbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_state_string.3 b/deps/openssl/mingw64/share/man/man3/SSL_state_string.3 new file mode 100644 index 00000000..a1e19c1b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_state_string.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_STATE_STRING 3" +.TH SSL_STATE_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_state_string, SSL_state_string_long \- get textual description of state of an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_state_string(const SSL *ssl); +\& const char *SSL_state_string_long(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_state_string()\fR returns a 6 letter string indicating the current state +of the \s-1SSL\s0 object \fBssl\fR. +.PP +\&\fBSSL_state_string_long()\fR returns a string indicating the current state of +the \s-1SSL\s0 object \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +During its use, an \s-1SSL\s0 objects passes several states. The state is internally +maintained. Querying the state information is not very informative before +or when a connection has been established. It however can be of significant +interest during the handshake. +.PP +When using non-blocking sockets, the function call performing the handshake +may return with \s-1SSL_ERROR_WANT_READ\s0 or \s-1SSL_ERROR_WANT_WRITE\s0 condition, +so that SSL_state_string[_long]() may be called. +.PP +For both blocking or non-blocking sockets, the details state information +can be used within the info_callback function set with the +\&\fBSSL_set_info_callback()\fR call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Detailed description of possible states to be included later. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_want.3 b/deps/openssl/mingw64/share/man/man3/SSL_want.3 new file mode 100644 index 00000000..5a8d917f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_want.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_WANT 3" +.TH SSL_WANT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, SSL_want_async, SSL_want_async_job, SSL_want_client_hello_cb \- obtain state information TLS/SSL I/O operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_want(const SSL *ssl); +\& int SSL_want_nothing(const SSL *ssl); +\& int SSL_want_read(const SSL *ssl); +\& int SSL_want_write(const SSL *ssl); +\& int SSL_want_x509_lookup(const SSL *ssl); +\& int SSL_want_async(const SSL *ssl); +\& int SSL_want_async_job(const SSL *ssl); +\& int SSL_want_client_hello_cb(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR. +.PP +The other SSL_want_*() calls are shortcuts for the possible states returned +by \fBSSL_want()\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its +return values are similar to that of \fBSSL_get_error\fR\|(3). +Unlike \fBSSL_get_error\fR\|(3), which also evaluates the +error queue, the results are obtained by examining an internal state flag +only. The information must therefore only be used for normal operation under +non-blocking I/O. Error conditions are not handled and must be treated +using \fBSSL_get_error\fR\|(3). +.PP +The result returned by \fBSSL_want()\fR should always be consistent with +the result of \fBSSL_get_error\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur for \fBSSL_want()\fR: +.IP "\s-1SSL_NOTHING\s0" 4 +.IX Item "SSL_NOTHING" +There is no data to be written or to be read. +.IP "\s-1SSL_WRITING\s0" 4 +.IX Item "SSL_WRITING" +There are data in the \s-1SSL\s0 buffer that must be written to the underlying +\&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. +A call to \fBSSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_WRITE.\s0 +.IP "\s-1SSL_READING\s0" 4 +.IX Item "SSL_READING" +More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to +complete the actual SSL_*() operation. +A call to \fBSSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_READ.\s0 +.IP "\s-1SSL_X509_LOOKUP\s0" 4 +.IX Item "SSL_X509_LOOKUP" +The operation did not complete because an application callback set by +\&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. +A call to \fBSSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_X509_LOOKUP.\s0 +.IP "\s-1SSL_ASYNC_PAUSED\s0" 4 +.IX Item "SSL_ASYNC_PAUSED" +An asynchronous operation partially completed and was then paused. See +\&\fBSSL_get_all_async_fds\fR\|(3). A call to \fBSSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_ASYNC.\s0 +.IP "\s-1SSL_ASYNC_NO_JOBS\s0" 4 +.IX Item "SSL_ASYNC_NO_JOBS" +The asynchronous job could not be started because there were no async jobs +available in the pool (see \fBASYNC_init_thread\fR\|(3)). A call to \fBSSL_get_error\fR\|(3) +should return \s-1SSL_ERROR_WANT_ASYNC_JOB.\s0 +.IP "\s-1SSL_CLIENT_HELLO_CB\s0" 4 +.IX Item "SSL_CLIENT_HELLO_CB" +The operation did not complete because an application callback set by +\&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again. +A call to \fBSSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB.\s0 +.PP +\&\fBSSL_want_nothing()\fR, \fBSSL_want_read()\fR, \fBSSL_want_write()\fR, \fBSSL_want_x509_lookup()\fR, +\&\fBSSL_want_async()\fR, \fBSSL_want_async_job()\fR, and \fBSSL_want_client_hello_cb()\fR return +1, when the corresponding condition is true or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_want_client_hello_cb()\fR function and the \s-1SSL_CLIENT_HELLO_CB\s0 return value +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/SSL_write.3 b/deps/openssl/mingw64/share/man/man3/SSL_write.3 new file mode 100644 index 00000000..a2b8b73e --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/SSL_write.3 @@ -0,0 +1,251 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_WRITE 3" +.TH SSL_WRITE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_write_ex, SSL_write \- write bytes to a TLS/SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); +\& int SSL_write(SSL *ssl, const void *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_write_ex()\fR and \fBSSL_write()\fR write \fBnum\fR bytes from the buffer \fBbuf\fR into +the specified \fBssl\fR connection. On success \fBSSL_write_ex()\fR will store the number +of bytes written in \fB*written\fR. +.SH "NOTES" +.IX Header "NOTES" +In the paragraphs below a \*(L"write function\*(R" is defined as one of either +\&\fBSSL_write_ex()\fR, or \fBSSL_write()\fR. +.PP +If necessary, a write function will negotiate a \s-1TLS/SSL\s0 session, if not already +explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the peer +requests a re-negotiation, it will be performed transparently during +the write function operation. The behaviour of the write functions depends on the +underlying \s-1BIO.\s0 +.PP +For the transparent negotiation to succeed, the \fBssl\fR must have been +initialized to client or server mode. This is being done by calling +\&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR +before the first call to a write function. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, the write functions will only return, once +the write operation has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR the write functions will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue +the operation. In this case a call to \fBSSL_get_error\fR\|(3) with the +return value of the write function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR +or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a +call to a write function can also cause read operations! The calling process +then must repeat the call after taking appropriate action to satisfy the needs +of the write function. The action depends on the underlying \s-1BIO.\s0 When using a +non-blocking socket, nothing is to be done, but \fBselect()\fR can be used to check +for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data +must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +The write functions will only return with success when the complete contents of +\&\fBbuf\fR of length \fBnum\fR has been written. This default behaviour can be changed +with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of \fBSSL_CTX_set_mode\fR\|(3). When +this flag is set the write functions will also return with success when a +partial write has been successfully completed. In this case the write function +operation is considered completed. The bytes are sent and a new write call with +a new buffer (with the already sent bytes removed) must be started. A partial +write is performed with the size of a message block, which is 16kB. +.SH "WARNINGS" +.IX Header "WARNINGS" +When a write function call has to be repeated because \fBSSL_get_error\fR\|(3) +returned \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated +with the same arguments. +The data that was passed might have been partially processed. +When \fB\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0\fR was set using \fBSSL_CTX_set_mode\fR\|(3) +the pointer can be different, but the data and length should still be the same. +.PP +You should not call \fBSSL_write()\fR with num=0, it will return an error. +\&\fBSSL_write_ex()\fR can be called with num=0, but will not send application data to +the peer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_write_ex()\fR will return 1 for success or 0 for failure. Success means that +all requested application data bytes have been written to the \s-1SSL\s0 connection or, +if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use, at least 1 application data byte has +been written to the \s-1SSL\s0 connection. Failure means that not all the requested +bytes have been written yet (if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is not in use) or +no bytes could be written to the \s-1SSL\s0 connection (if +\&\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use). Failures can be retryable (e.g. the +network write buffer has temporarily filled up) or non-retryable (e.g. a fatal +network error). In the event of a failure call \fBSSL_get_error\fR\|(3) to find out +the reason which indicates whether the call is retryable or not. +.PP +For \fBSSL_write()\fR the following return values can occur: +.IP "> 0" 4 +.IX Item "> 0" +The write operation was successful, the return value is the number of +bytes actually written to the \s-1TLS/SSL\s0 connection. +.IP "<= 0" 4 +.IX Item "<= 0" +The write operation was not successful, because either the connection was +closed, an error occurred or action must be taken by the calling process. +Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. +.Sp +Old documentation indicated a difference between 0 and \-1, and that \-1 was +retryable. +You should instead call \fBSSL_get_error()\fR to find out if it's retryable. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3) +\&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3) +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBssl\fR\|(7), \fBbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_write_ex()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/UI_STRING.3 b/deps/openssl/mingw64/share/man/man3/UI_STRING.3 new file mode 100644 index 00000000..e6d0ab48 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/UI_STRING.3 @@ -0,0 +1,274 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_STRING 3" +.TH UI_STRING 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI_STRING, UI_string_types, UI_get_string_type, UI_get_input_flags, UI_get0_output_string, UI_get0_action_string, UI_get0_result_string, UI_get_result_string_length, UI_get0_test_string, UI_get_result_minsize, UI_get_result_maxsize, UI_set_result, UI_set_result_ex \&\- User interface string parsing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ui_string_st UI_STRING; +\& +\& enum UI_string_types { +\& UIT_NONE = 0, +\& UIT_PROMPT, /* Prompt for a string */ +\& UIT_VERIFY, /* Prompt for a string and verify */ +\& UIT_BOOLEAN, /* Prompt for a yes/no response */ +\& UIT_INFO, /* Send info to the user */ +\& UIT_ERROR /* Send an error message to the user */ +\& }; +\& +\& enum UI_string_types UI_get_string_type(UI_STRING *uis); +\& int UI_get_input_flags(UI_STRING *uis); +\& const char *UI_get0_output_string(UI_STRING *uis); +\& const char *UI_get0_action_string(UI_STRING *uis); +\& const char *UI_get0_result_string(UI_STRING *uis); +\& int UI_get_result_string_length(UI_STRING *uis); +\& const char *UI_get0_test_string(UI_STRING *uis); +\& int UI_get_result_minsize(UI_STRING *uis); +\& int UI_get_result_maxsize(UI_STRING *uis); +\& int UI_set_result(UI *ui, UI_STRING *uis, const char *result); +\& int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1UI_STRING\s0\fR gets created internally and added to a \fB\s-1UI\s0\fR whenever +one of the functions \fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR, +\&\fBUI_add_verify_string()\fR, \fBUI_dup_verify_string()\fR, +\&\fBUI_add_input_boolean()\fR, \fBUI_dup_input_boolean()\fR, \fBUI_add_info_string()\fR, +\&\fBUI_dup_info_string()\fR, \fBUI_add_error_string()\fR or \fBUI_dup_error_string()\fR +is called. +For a \fB\s-1UI_METHOD\s0\fR user, there's no need to know more. +For a \fB\s-1UI_METHOD\s0\fR creator, it is of interest to fetch text from these +\&\fB\s-1UI_STRING\s0\fR objects as well as adding results to some of them. +.PP +\&\fBUI_get_string_type()\fR is used to retrieve the type of the given +\&\fB\s-1UI_STRING\s0\fR. +.PP +\&\fBUI_get_input_flags()\fR is used to retrieve the flags associated with the +given \fB\s-1UI_STRING\s0\fR. +.PP +\&\fBUI_get0_output_string()\fR is used to retrieve the actual string to +output (prompt, info, error, ...). +.PP +\&\fBUI_get0_action_string()\fR is used to retrieve the action description +associated with a \fB\s-1UIT_BOOLEAN\s0\fR type \fB\s-1UI_STRING\s0\fR. +For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. +See \fBUI_add_input_boolean\fR\|(3). +.PP +\&\fBUI_get0_result_string()\fR and \fBUI_get_result_string_length()\fR are used to +retrieve the result of a prompt and its length. +This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. +For all other \fB\s-1UI_STRING\s0\fR types, \fBUI_get0_result_string()\fR returns \s-1NULL\s0 +and \fBUI_get_result_string_length()\fR returns \-1. +.PP +\&\fBUI_get0_test_string()\fR is used to retrieve the string to compare the +prompt result with. +This is only useful for \fB\s-1UIT_VERIFY\s0\fR type strings. +For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. +.PP +\&\fBUI_get_result_minsize()\fR and \fBUI_get_result_maxsize()\fR are used to +retrieve the minimum and maximum required size of the result. +This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. +For all other \fB\s-1UI_STRING\s0\fR types, \-1 is returned. +.PP +\&\fBUI_set_result_ex()\fR is used to set the result value of a prompt and its length. +For \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, this sets the +result retrievable with \fBUI_get0_result_string()\fR by copying the +contents of \fBresult\fR if its length fits the minimum and maximum size +requirements. +For \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, this sets the first character of +the result retrievable with \fBUI_get0_result_string()\fR to the first +\&\fBok_char\fR given with \fBUI_add_input_boolean()\fR or \fBUI_dup_input_boolean()\fR +if the \fBresult\fR matched any of them, or the first of the +\&\fBcancel_chars\fR if the \fBresult\fR matched any of them, otherwise it's +set to the \s-1NUL\s0 char \f(CW\*(C`\e0\*(C'\fR. +See \fBUI_add_input_boolean\fR\|(3) for more information on \fBok_chars\fR and +\&\fBcancel_chars\fR. +.PP +\&\fBUI_set_result()\fR does the same thing as \fBUI_set_result_ex()\fR, but calculates +its length internally. +It expects the string to be terminated with a \s-1NUL\s0 byte, and is therefore +only useful with normal C strings. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBUI_get_string_type()\fR returns the \s-1UI\s0 string type. +.PP +\&\fBUI_get_input_flags()\fR returns the \s-1UI\s0 string flags. +.PP +\&\fBUI_get0_output_string()\fR returns the \s-1UI\s0 string output string. +.PP +\&\fBUI_get0_action_string()\fR returns the \s-1UI\s0 string action description +string for \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. +.PP +\&\fBUI_get0_result_string()\fR returns the \s-1UI\s0 string result buffer for +\&\fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other +type. +.PP +\&\fBUI_get_result_string_length()\fR returns the \s-1UI\s0 string result buffer's +content length for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, +\&\-1 for any other type. +.PP +\&\fBUI_get0_test_string()\fR returns the \s-1UI\s0 string action description +string for \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. +.PP +\&\fBUI_get_result_minsize()\fR returns the minimum allowed result size for +the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, +\&\-1 for any other type. +.PP +\&\fBUI_get_result_maxsize()\fR returns the minimum allowed result size for +the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, +\&\-1 for any other type. +.PP +\&\fBUI_set_result()\fR returns 0 on success or when the \s-1UI\s0 string is of any +type other than \fB\s-1UIT_PROMPT\s0\fR, \fB\s-1UIT_VERIFY\s0\fR or \fB\s-1UIT_BOOLEAN\s0\fR, \-1 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBUI\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/UI_UTIL_read_pw.3 b/deps/openssl/mingw64/share/man/man3/UI_UTIL_read_pw.3 new file mode 100644 index 00000000..5a35dcff --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/UI_UTIL_read_pw.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_UTIL_READ_PW 3" +.TH UI_UTIL_READ_PW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI_UTIL_read_pw_string, UI_UTIL_read_pw, UI_UTIL_wrap_read_pem_callback \- user interface utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, +\& int verify); +\& int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, +\& int verify); +\& UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBUI_UTIL_read_pw_string()\fR asks for a passphrase, using \fBprompt\fR as a +prompt, and stores it in \fBbuf\fR. +The maximum allowed size is given with \fBlength\fR, including the +terminating \s-1NUL\s0 byte. +If \fBverify\fR is non-zero, the password will be verified as well. +.PP +\&\fBUI_UTIL_read_pw()\fR does the same as \fBUI_UTIL_read_pw_string()\fR, the +difference is that you can give it an external buffer \fBbuff\fR for the +verification passphrase. +.PP +\&\fBUI_UTIL_wrap_read_pem_callback()\fR can be used to create a temporary +\&\fB\s-1UI_METHOD\s0\fR that wraps a given \s-1PEM\s0 password callback \fBcb\fR. +\&\fBrwflag\fR is used to specify if this method will be used for +passphrase entry without (0) or with (1) verification. +When not used any more, the returned method should be freed with +\&\fBUI_destroy_method()\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR use default +\&\fB\s-1UI_METHOD\s0\fR. +See \fBUI_get_default_method\fR\|(3) and friends for more information. +.PP +The result from the \fB\s-1UI_METHOD\s0\fR created by +\&\fBUI_UTIL_wrap_read_pem_callback()\fR will generate password strings in the +encoding that the given password callback generates. +The default password prompting functions (apart from +\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR, there is +\&\fBPEM_def_callback()\fR, \fBEVP_read_pw_string()\fR and \fBEVP_read_pw_string_min()\fR) +all use the default \fB\s-1UI_METHOD\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR return 0 on success or a negative +value on error. +.PP +\&\fBUI_UTIL_wrap_read_pem_callback()\fR returns a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 +if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBUI_get_default_method\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/UI_create_method.3 b/deps/openssl/mingw64/share/man/man3/UI_create_method.3 new file mode 100644 index 00000000..b5a6a043 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/UI_create_method.3 @@ -0,0 +1,319 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_CREATE_METHOD 3" +.TH UI_CREATE_METHOD 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI_METHOD, UI_create_method, UI_destroy_method, UI_method_set_opener, UI_method_set_writer, UI_method_set_flusher, UI_method_set_reader, UI_method_set_closer, UI_method_set_data_duplicator, UI_method_set_prompt_constructor, UI_method_set_ex_data, UI_method_get_opener, UI_method_get_writer, UI_method_get_flusher, UI_method_get_reader, UI_method_get_closer, UI_method_get_data_duplicator, UI_method_get_data_destructor, UI_method_get_prompt_constructor, UI_method_get_ex_data \- user interface method creation and destruction +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ui_method_st UI_METHOD; +\& +\& UI_METHOD *UI_create_method(const char *name); +\& void UI_destroy_method(UI_METHOD *ui_method); +\& int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +\& int UI_method_set_writer(UI_METHOD *method, +\& int (*writer) (UI *ui, UI_STRING *uis)); +\& int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); +\& int UI_method_set_reader(UI_METHOD *method, +\& int (*reader) (UI *ui, UI_STRING *uis)); +\& int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +\& int UI_method_set_data_duplicator(UI_METHOD *method, +\& void *(*duplicator) (UI *ui, void *ui_data), +\& void (*destructor)(UI *ui, void *ui_data)); +\& int UI_method_set_prompt_constructor(UI_METHOD *method, +\& char *(*prompt_constructor) (UI *ui, +\& const char +\& *object_desc, +\& const char +\& *object_name)); +\& int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); +\& int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); +\& int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); +\& int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); +\& int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); +\& int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); +\& char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) +\& (UI *, const char *, const char *); +\& void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); +\& void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +\& const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A method contains a few functions that implement the low level of the +User Interface. +These functions are: +.IP "an opener" 4 +.IX Item "an opener" +This function takes a reference to a \s-1UI\s0 and starts a session, for +example by opening a channel to a tty, or by creating a dialog box. +.IP "a writer" 4 +.IX Item "a writer" +This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 String, and writes +the string where appropriate, maybe to the tty, maybe added as a field +label in a dialog box. +Note that this gets fed all strings associated with a \s-1UI,\s0 one after +the other, so care must be taken which ones it actually uses. +.IP "a flusher" 4 +.IX Item "a flusher" +This function takes a reference to a \s-1UI,\s0 and flushes everything that +has been output so far. +For example, if the method builds up a dialog box, this can be used to +actually display it and accepting input ended with a pressed button. +.IP "a reader" 4 +.IX Item "a reader" +This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 string and reads off +the given prompt, maybe from the tty, maybe from a field in a dialog +box. +Note that this gets fed all strings associated with a \s-1UI,\s0 one after +the other, so care must be taken which ones it actually uses. +.IP "a closer" 4 +.IX Item "a closer" +This function takes a reference to a \s-1UI,\s0 and closes the session, maybe +by closing the channel to the tty, maybe by destroying a dialog box. +.PP +All of these functions are expected to return 0 on error, 1 on +success, or \-1 on out-off-band events, for example if some prompting +has been cancelled (by pressing Ctrl-C, for example). +Only the flusher or the reader are expected to return \-1. +If returned by another of the functions, it's treated as if 0 was +returned. +.PP +Regarding the writer and the reader, don't assume the former should +only write and don't assume the latter should only read. +This depends on the needs of the method. +.PP +For example, a typical tty reader wouldn't write the prompts in the +write, but would rather do so in the reader, because of the sequential +nature of prompting on a tty. +This is how the \fBUI_OpenSSL()\fR method does it. +.PP +In contrast, a method that builds up a dialog box would add all prompt +text in the writer, have all input read in the flusher and store the +results in some temporary buffer, and finally have the reader just +fetch those results. +.PP +The central function that uses these method functions is \fBUI_process()\fR, +and it does it in five steps: +.IP "1." 4 +Open the session using the opener function if that one's defined. +If an error occurs, jump to 5. +.IP "2." 4 +For every \s-1UI\s0 String associated with the \s-1UI,\s0 call the writer function +if that one's defined. +If an error occurs, jump to 5. +.IP "3." 4 +Flush everything using the flusher function if that one's defined. +If an error occurs, jump to 5. +.IP "4." 4 +For every \s-1UI\s0 String associated with the \s-1UI,\s0 call the reader function +if that one's defined. +If an error occurs, jump to 5. +.IP "5." 4 +Close the session using the closer function if that one's defined. +.PP +\&\fBUI_create_method()\fR creates a new \s-1UI\s0 method with a given \fBname\fR. +.PP +\&\fBUI_destroy_method()\fR destroys the given \s-1UI\s0 method \fBui_method\fR. +.PP +\&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR, +\&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR and +\&\fBUI_method_set_closer()\fR set the five main method function to the given +function pointer. +.PP +\&\fBUI_method_set_data_duplicator()\fR sets the user data duplicator and destructor. +See \fBUI_dup_user_data\fR\|(3). +.PP +\&\fBUI_method_set_prompt_constructor()\fR sets the prompt constructor. +See \fBUI_construct_prompt\fR\|(3). +.PP +\&\fBUI_method_set_ex_data()\fR sets application specific data with a given +\&\s-1EX_DATA\s0 index. +See \fBCRYPTO_get_ex_new_index\fR\|(3) for general information on how to +get that index. +.PP +\&\fBUI_method_get_opener()\fR, \fBUI_method_get_writer()\fR, +\&\fBUI_method_get_flusher()\fR, \fBUI_method_get_reader()\fR, +\&\fBUI_method_get_closer()\fR, \fBUI_method_get_data_duplicator()\fR, +\&\fBUI_method_get_data_destructor()\fR and \fBUI_method_get_prompt_constructor()\fR +return the different method functions. +.PP +\&\fBUI_method_get_ex_data()\fR returns the application data previously stored +with \fBUI_method_set_ex_data()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBUI_create_method()\fR returns a \s-1UI_METHOD\s0 pointer on success, \s-1NULL\s0 on +error. +.PP +\&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR, +\&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR, +\&\fBUI_method_set_closer()\fR, \fBUI_method_set_data_duplicator()\fR and +\&\fBUI_method_set_prompt_constructor()\fR +return 0 on success, \-1 if the given \fBmethod\fR is \s-1NULL.\s0 +.PP +\&\fBUI_method_set_ex_data()\fR returns 1 on success and 0 on error (because +\&\fBCRYPTO_set_ex_data()\fR does so). +.PP +\&\fBUI_method_get_opener()\fR, \fBUI_method_get_writer()\fR, +\&\fBUI_method_get_flusher()\fR, \fBUI_method_get_reader()\fR, +\&\fBUI_method_get_closer()\fR, \fBUI_method_get_data_duplicator()\fR, +\&\fBUI_method_get_data_destructor()\fR and \fBUI_method_get_prompt_constructor()\fR +return the requested function pointer if it's set in the method, +otherwise \s-1NULL.\s0 +.PP +\&\fBUI_method_get_ex_data()\fR returns a pointer to the application specific +data associated with the method. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBUI\s0\fR\|(3), \fBCRYPTO_get_ex_data\fR\|(3), \s-1\fBUI_STRING\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBUI_method_set_data_duplicator()\fR, \fBUI_method_get_data_duplicator()\fR +and \fBUI_method_get_data_destructor()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/UI_new.3 b/deps/openssl/mingw64/share/man/man3/UI_new.3 new file mode 100644 index 00000000..923d1523 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/UI_new.3 @@ -0,0 +1,376 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_NEW 3" +.TH UI_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI, UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, UI_add_error_string, UI_dup_error_string, UI_construct_prompt, UI_add_user_data, UI_dup_user_data, UI_get0_user_data, UI_get0_result, UI_get_result_length, UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_set_method, UI_OpenSSL, UI_null \- user interface +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ui_st UI; +\& +\& UI *UI_new(void); +\& UI *UI_new_method(const UI_METHOD *method); +\& void UI_free(UI *ui); +\& +\& int UI_add_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_dup_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_add_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, +\& const char *test_buf); +\& int UI_dup_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, +\& const char *test_buf); +\& int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_add_info_string(UI *ui, const char *text); +\& int UI_dup_info_string(UI *ui, const char *text); +\& int UI_add_error_string(UI *ui, const char *text); +\& int UI_dup_error_string(UI *ui, const char *text); +\& +\& char *UI_construct_prompt(UI *ui_method, +\& const char *object_desc, const char *object_name); +\& +\& void *UI_add_user_data(UI *ui, void *user_data); +\& int UI_dup_user_data(UI *ui, void *user_data); +\& void *UI_get0_user_data(UI *ui); +\& +\& const char *UI_get0_result(UI *ui, int i); +\& int UI_get_result_length(UI *ui, int i); +\& +\& int UI_process(UI *ui); +\& +\& int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()); +\& +\& void UI_set_default_method(const UI_METHOD *meth); +\& const UI_METHOD *UI_get_default_method(void); +\& const UI_METHOD *UI_get_method(UI *ui); +\& const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); +\& +\& UI_METHOD *UI_OpenSSL(void); +\& const UI_METHOD *UI_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1UI\s0 stands for User Interface, and is general purpose set of routines to +prompt the user for text-based information. Through user-written methods +(see \fBUI_create_method\fR\|(3)), prompting can be done in any way +imaginable, be it plain text prompting, through dialog boxes or from a +cell phone. +.PP +All the functions work through a context of the type \s-1UI.\s0 This context +contains all the information needed to prompt correctly as well as a +reference to a \s-1UI_METHOD,\s0 which is an ordered vector of functions that +carry out the actual prompting. +.PP +The first thing to do is to create a \s-1UI\s0 with \fBUI_new()\fR or \fBUI_new_method()\fR, +then add information to it with the UI_add or UI_dup functions. Also, +user-defined random data can be passed down to the underlying method +through calls to \fBUI_add_user_data()\fR or \fBUI_dup_user_data()\fR. The default +\&\s-1UI\s0 method doesn't care about these data, but other methods might. Finally, +use \fBUI_process()\fR to actually perform the prompting and \fBUI_get0_result()\fR +and \fBUI_get_result_length()\fR to find the result to the prompt and its length. +.PP +A \s-1UI\s0 can contain more than one prompt, which are performed in the given +sequence. Each prompt gets an index number which is returned by the +UI_add and UI_dup functions, and has to be used to get the corresponding +result with \fBUI_get0_result()\fR and \fBUI_get_result_length()\fR. +.PP +\&\fBUI_process()\fR can be called more than once on the same \s-1UI,\s0 thereby allowing +a \s-1UI\s0 to have a long lifetime, but can just as well have a short lifetime. +.PP +The functions are as follows: +.PP +\&\fBUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with +this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. +.PP +\&\fBUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with +this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. +.PP +\&\fBUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not necessarily the +default one, since the default can be changed. See further on). This +method is the most machine/OS dependent part of OpenSSL and normally +generates the most problems when porting. +.PP +\&\fBUI_null()\fR returns a \s-1UI\s0 method that does nothing. Its use is to avoid +getting internal defaults for passed \s-1UI_METHOD\s0 pointers. +.PP +\&\fBUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory +that's connected to it, like duplicated input strings, results and others. +If \fBui\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBUI_add_input_string()\fR and \fBUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0 +as well as flags and a result buffer and the desired minimum and maximum +sizes of the result, not counting the final \s-1NUL\s0 character. The given +information is used to prompt for information, for example a password, +and to verify a password (i.e. having the user enter it twice and check +that the same string was entered twice). \fBUI_add_verify_string()\fR takes +and extra argument that should be a pointer to the result buffer of the +input string that it's supposed to verify, or verification will fail. +.PP +\&\fBUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered +in a boolean way, with a single character for yes and a different character +for no. A set of characters that can be used to cancel the prompt is given +as well. The prompt itself is divided in two, one part being the +descriptive text (given through the \fIprompt\fR argument) and one describing +the possible answers (given through the \fIaction_desc\fR argument). +.PP +\&\fBUI_add_info_string()\fR and \fBUI_add_error_string()\fR add strings that are shown at +the same time as the prompt for extra information or to show an error string. +The difference between the two is only conceptual. With the builtin method, +there's no technical difference between them. Other methods may make a +difference between them, however. +.PP +The flags currently supported are \fB\s-1UI_INPUT_FLAG_ECHO\s0\fR, which is relevant for +\&\fBUI_add_input_string()\fR and will have the users response be echoed (when +prompting for a password, this flag should obviously not be used, and +\&\fB\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0\fR, which means that a default password of some +sort will be used (completely depending on the application and the \s-1UI\s0 +method). +.PP +\&\fBUI_dup_input_string()\fR, \fBUI_dup_verify_string()\fR, \fBUI_dup_input_boolean()\fR, +\&\fBUI_dup_info_string()\fR and \fBUI_dup_error_string()\fR are basically the same +as their UI_add counterparts, except that they make their own copies +of all strings. +.PP +\&\fBUI_construct_prompt()\fR is a helper function that can be used to create +a prompt from two pieces of information: an description and a name. +The default constructor (if there is none provided by the method used) +creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L". With the +description \*(R"pass phrase\*(L" and the file name \*(R"foo.key\*(L", that becomes +\&\*(R"Enter pass phrase for foo.key:". Other methods may create whatever +string and may include encodings that will be processed by the other +method functions. +.PP +\&\fBUI_add_user_data()\fR adds a user data pointer for the method to use at any +time. The builtin \s-1UI\s0 method doesn't care about this info. Note that several +calls to this function doesn't add data, it replaces the previous blob +with the one given as argument. +.PP +\&\fBUI_dup_user_data()\fR duplicates the user data and works as an alternative +to \fBUI_add_user_data()\fR when the user data needs to be preserved for a longer +duration, perhaps even the lifetime of the application. The \s-1UI\s0 object takes +ownership of this duplicate and will free it whenever it gets replaced or +the \s-1UI\s0 is destroyed. \fBUI_dup_user_data()\fR returns 0 on success, or \-1 on memory +allocation failure or if the method doesn't have a duplicator function. +.PP +\&\fBUI_get0_user_data()\fR retrieves the data that has last been given to the +\&\s-1UI\s0 with \fBUI_add_user_data()\fR or UI_dup_user_data. +.PP +\&\fBUI_get0_result()\fR returns a pointer to the result buffer associated with +the information indexed by \fIi\fR. +.PP +\&\fBUI_get_result_length()\fR returns the length of the result buffer associated with +the information indexed by \fIi\fR. +.PP +\&\fBUI_process()\fR goes through the information given so far, does all the printing +and prompting and returns the final status, which is \-2 on out-of-band events +(Interrupt, Cancel, ...), \-1 on error and 0 on success. +.PP +\&\fBUI_ctrl()\fR adds extra control for the application author. For now, it +understands two commands: \fB\s-1UI_CTRL_PRINT_ERRORS\s0\fR, which makes \fBUI_process()\fR +print the OpenSSL error stack as part of processing the \s-1UI,\s0 and +\&\fB\s-1UI_CTRL_IS_REDOABLE\s0\fR, which returns a flag saying if the used \s-1UI\s0 can +be used again or not. +.PP +\&\fBUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fBUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. +.PP +\&\fBUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0 +.PP +\&\fBUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0 +.SH "NOTES" +.IX Header "NOTES" +The resulting strings that the built in method \fBUI_OpenSSL()\fR generate +are assumed to be encoded according to the current locale or (for +Windows) code page. +For applications having different demands, these strings need to be +converted appropriately by the caller. +For Windows, if the \s-1OPENSSL_WIN32_UTF8\s0 environment variable is set, +the built-in method \fBUI_OpenSSL()\fR will produce \s-1UTF\-8\s0 encoded strings +instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBUI_new()\fR and \fBUI_new_method()\fR return a valid \fB\s-1UI\s0\fR structure or \s-1NULL\s0 if an error +occurred. +.PP +\&\fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR, \fBUI_add_verify_string()\fR, +\&\fBUI_dup_verify_string()\fR, \fBUI_add_input_boolean()\fR, \fBUI_dup_input_boolean()\fR, +\&\fBUI_add_info_string()\fR, \fBUI_dup_info_string()\fR, \fBUI_add_error_string()\fR +and \fBUI_dup_error_string()\fR return a positive number on success or a value which +is less than or equal to 0 otherwise. +.PP +\&\fBUI_construct_prompt()\fR returns a string or \s-1NULL\s0 if an error occurred. +.PP +\&\fBUI_dup_user_data()\fR returns 0 on success or \-1 on error. +.PP +\&\fBUI_get0_result()\fR returns a string or \s-1NULL\s0 on error. +.PP +\&\fBUI_get_result_length()\fR returns a positive integer or 0 on success; otherwise it +returns \-1 on error. +.PP +\&\fBUI_process()\fR returns 0 on success or a negative value on error. +.PP +\&\fBUI_ctrl()\fR returns a mask on success or \-1 on error. +.PP +\&\fBUI_get_default_method()\fR, \fBUI_get_method()\fR, \fBUI_OpenSSL()\fR, \fBUI_null()\fR and +\&\fBUI_set_method()\fR return either a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 +respectively. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBUI_dup_user_data()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509V3_get_d2i.3 b/deps/openssl/mingw64/share/man/man3/X509V3_get_d2i.3 new file mode 100644 index 00000000..3180bf51 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509V3_get_d2i.3 @@ -0,0 +1,375 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_GET_D2I 3" +.TH X509V3_GET_D2I 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d \- X509 extension decode and encode functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, +\& int *idx); +\& int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, +\& int crit, unsigned long flags); +\& +\& void *X509V3_EXT_d2i(X509_EXTENSION *ext); +\& X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext); +\& +\& void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); +\& int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, +\& unsigned long flags); +\& +\& void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx); +\& int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit, +\& unsigned long flags); +\& +\& void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx); +\& int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit, +\& unsigned long flags); +\& +\& const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +\& const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +\& const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509V3_get_ext_d2i()\fR looks for an extension with \s-1OID\s0 \fBnid\fR in the extensions +\&\fBx\fR and, if found, decodes it. If \fBidx\fR is \fB\s-1NULL\s0\fR then only one +occurrence of an extension is permissible otherwise the first extension after +index \fB*idx\fR is returned and \fB*idx\fR updated to the location of the extension. +If \fBcrit\fR is not \fB\s-1NULL\s0\fR then \fB*crit\fR is set to a status value: \-2 if the +extension occurs multiple times (this is only returned if \fBidx\fR is \fB\s-1NULL\s0\fR), +\&\-1 if the extension could not be found, 0 if the extension is found and is +not critical and 1 if critical. A pointer to an extension specific structure +or \fB\s-1NULL\s0\fR is returned. +.PP +\&\fBX509V3_add1_i2d()\fR adds extension \fBvalue\fR to \s-1STACK\s0 \fB*x\fR (allocating a new +\&\s-1STACK\s0 if necessary) using \s-1OID\s0 \fBnid\fR and criticality \fBcrit\fR according +to \fBflags\fR. +.PP +\&\fBX509V3_EXT_d2i()\fR attempts to decode the \s-1ASN.1\s0 data contained in extension +\&\fBext\fR and returns a pointer to an extension specific structure or \fB\s-1NULL\s0\fR +if the extension could not be decoded (invalid syntax or not supported). +.PP +\&\fBX509V3_EXT_i2d()\fR encodes the extension specific structure \fBext\fR +with \s-1OID\s0 \fBext_nid\fR and criticality \fBcrit\fR. +.PP +\&\fBX509_get_ext_d2i()\fR and \fBX509_add1_ext_i2d()\fR operate on the extensions of +certificate \fBx\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and +\&\fBX509V3_add_i2d()\fR. +.PP +\&\fBX509_CRL_get_ext_d2i()\fR and \fBX509_CRL_add1_ext_i2d()\fR operate on the extensions +of \s-1CRL\s0 \fBcrl\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and +\&\fBX509V3_add_i2d()\fR. +.PP +\&\fBX509_REVOKED_get_ext_d2i()\fR and \fBX509_REVOKED_add1_ext_i2d()\fR operate on the +extensions of \fBX509_REVOKED\fR structure \fBr\fR (i.e for \s-1CRL\s0 entry extensions), +they are otherwise identical to \fBX509V3_get_d2i()\fR and \fBX509V3_add_i2d()\fR. +.PP +\&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and +\&\fBX509_REVOKED_get0_extensions()\fR return a stack of all the extensions +of a certificate a \s-1CRL\s0 or a \s-1CRL\s0 entry respectively. +.SH "NOTES" +.IX Header "NOTES" +In almost all cases an extension can occur at most once and multiple +occurrences is an error. Therefore the \fBidx\fR parameter is usually \fB\s-1NULL\s0\fR. +.PP +The \fBflags\fR parameter may be one of the following values. +.PP +\&\fBX509V3_ADD_DEFAULT\fR appends a new extension only if the extension does +not already exist. An error is returned if the extension does already +exist. +.PP +\&\fBX509V3_ADD_APPEND\fR appends a new extension, ignoring whether the extension +already exists. +.PP +\&\fBX509V3_ADD_REPLACE\fR replaces an extension if it exists otherwise appends +a new extension. +.PP +\&\fBX509V3_ADD_REPLACE_EXISTING\fR replaces an existing extension if it exists +otherwise returns an error. +.PP +\&\fBX509V3_ADD_KEEP_EXISTING\fR appends a new extension only if the extension does +not already exist. An error \fBis not\fR returned if the extension does already +exist. +.PP +\&\fBX509V3_ADD_DELETE\fR extension \fBnid\fR is deleted: no new extension is added. +.PP +If \fBX509V3_ADD_SILENT\fR is ored with \fBflags\fR: any error returned will not +be added to the error queue. +.PP +The function \fBX509V3_get_d2i()\fR will return \fB\s-1NULL\s0\fR if the extension is not +found, occurs multiple times or cannot be decoded. It is possible to +determine the precise reason by checking the value of \fB*crit\fR. +.SH "SUPPORTED EXTENSIONS" +.IX Header "SUPPORTED EXTENSIONS" +The following sections contain a list of all supported extensions +including their name and \s-1NID.\s0 +.SS "\s-1PKIX\s0 Certificate Extensions" +.IX Subsection "PKIX Certificate Extensions" +The following certificate extensions are defined in \s-1PKIX\s0 standards such as +\&\s-1RFC5280.\s0 +.PP +.Vb 3 +\& Basic Constraints NID_basic_constraints +\& Key Usage NID_key_usage +\& Extended Key Usage NID_ext_key_usage +\& +\& Subject Key Identifier NID_subject_key_identifier +\& Authority Key Identifier NID_authority_key_identifier +\& +\& Private Key Usage Period NID_private_key_usage_period +\& +\& Subject Alternative Name NID_subject_alt_name +\& Issuer Alternative Name NID_issuer_alt_name +\& +\& Authority Information Access NID_info_access +\& Subject Information Access NID_sinfo_access +\& +\& Name Constraints NID_name_constraints +\& +\& Certificate Policies NID_certificate_policies +\& Policy Mappings NID_policy_mappings +\& Policy Constraints NID_policy_constraints +\& Inhibit Any Policy NID_inhibit_any_policy +\& +\& TLS Feature NID_tlsfeature +.Ve +.SS "Netscape Certificate Extensions" +.IX Subsection "Netscape Certificate Extensions" +The following are (largely obsolete) Netscape certificate extensions. +.PP +.Vb 8 +\& Netscape Cert Type NID_netscape_cert_type +\& Netscape Base Url NID_netscape_base_url +\& Netscape Revocation Url NID_netscape_revocation_url +\& Netscape CA Revocation Url NID_netscape_ca_revocation_url +\& Netscape Renewal Url NID_netscape_renewal_url +\& Netscape CA Policy Url NID_netscape_ca_policy_url +\& Netscape SSL Server Name NID_netscape_ssl_server_name +\& Netscape Comment NID_netscape_comment +.Ve +.SS "Miscellaneous Certificate Extensions" +.IX Subsection "Miscellaneous Certificate Extensions" +.Vb 2 +\& Strong Extranet ID NID_sxnet +\& Proxy Certificate Information NID_proxyCertInfo +.Ve +.SS "\s-1PKIX CRL\s0 Extensions" +.IX Subsection "PKIX CRL Extensions" +The following are \s-1CRL\s0 extensions from \s-1PKIX\s0 standards such as \s-1RFC5280.\s0 +.PP +.Vb 6 +\& CRL Number NID_crl_number +\& CRL Distribution Points NID_crl_distribution_points +\& Delta CRL Indicator NID_delta_crl +\& Freshest CRL NID_freshest_crl +\& Invalidity Date NID_invalidity_date +\& Issuing Distribution Point NID_issuing_distribution_point +.Ve +.PP +The following are \s-1CRL\s0 entry extensions from \s-1PKIX\s0 standards such as \s-1RFC5280.\s0 +.PP +.Vb 2 +\& CRL Reason Code NID_crl_reason +\& Certificate Issuer NID_certificate_issuer +.Ve +.SS "\s-1OCSP\s0 Extensions" +.IX Subsection "OCSP Extensions" +.Vb 7 +\& OCSP Nonce NID_id_pkix_OCSP_Nonce +\& OCSP CRL ID NID_id_pkix_OCSP_CrlID +\& Acceptable OCSP Responses NID_id_pkix_OCSP_acceptableResponses +\& OCSP No Check NID_id_pkix_OCSP_noCheck +\& OCSP Archive Cutoff NID_id_pkix_OCSP_archiveCutoff +\& OCSP Service Locator NID_id_pkix_OCSP_serviceLocator +\& Hold Instruction Code NID_hold_instruction_code +.Ve +.SS "Certificate Transparency Extensions" +.IX Subsection "Certificate Transparency Extensions" +The following extensions are used by certificate transparency, \s-1RFC6962\s0 +.PP +.Vb 2 +\& CT Precertificate SCTs NID_ct_precert_scts +\& CT Certificate SCTs NID_ct_cert_scts +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509V3_EXT_d2i()\fR and *\fBX509V3_get_d2i()\fR return a pointer to an extension +specific structure of \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBX509V3_EXT_i2d()\fR returns a pointer to an \fBX509_EXTENSION\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBX509V3_add1_i2d()\fR returns 1 if the operation is successful and 0 if it +fails due to a non-fatal error (extension not found, already exists, +cannot be encoded) or \-1 due to a fatal error such as a memory allocation +failure. +.PP +\&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and +\&\fBX509_REVOKED_get0_extensions()\fR return a stack of extensions. They return +\&\s-1NULL\s0 if no extensions are present. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_ALGOR_dup.3 b/deps/openssl/mingw64/share/man/man3/X509_ALGOR_dup.3 new file mode 100644 index 00000000..d4088eee --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_ALGOR_dup.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_ALGOR_DUP 3" +.TH X509_ALGOR_DUP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp \- AlgorithmIdentifier functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg); +\& int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); +\& void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, +\& const void **ppval, const X509_ALGOR *alg); +\& void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +\& int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_ALGOR_dup()\fR returns a copy of \fBalg\fR. +.PP +\&\fBX509_ALGOR_set0()\fR sets the algorithm \s-1OID\s0 of \fBalg\fR to \fBaobj\fR and the +associated parameter type to \fBptype\fR with value \fBpval\fR. If \fBptype\fR is +\&\fBV_ASN1_UNDEF\fR the parameter is omitted, otherwise \fBptype\fR and \fBpval\fR have +the same meaning as the \fBtype\fR and \fBvalue\fR parameters to \fBASN1_TYPE_set()\fR. +All the supplied parameters are used internally so must \fB\s-1NOT\s0\fR be freed after +this call. +.PP +\&\fBX509_ALGOR_get0()\fR is the inverse of \fBX509_ALGOR_set0()\fR: it returns the +algorithm \s-1OID\s0 in \fB*paobj\fR and the associated parameter in \fB*pptype\fR +and \fB*ppval\fR from the \fBAlgorithmIdentifier\fR \fBalg\fR. +.PP +\&\fBX509_ALGOR_set_md()\fR sets the \fBAlgorithmIdentifier\fR \fBalg\fR to appropriate +values for the message digest \fBmd\fR. +.PP +\&\fBX509_ALGOR_cmp()\fR compares \fBa\fR and \fBb\fR and returns 0 if they have identical +encodings and non-zero otherwise. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_ALGOR_dup()\fR returns a valid \fBX509_ALGOR\fR structure or \s-1NULL\s0 if an error +occurred. +.PP +\&\fBX509_ALGOR_set0()\fR returns 1 on success or 0 on error. +.PP +\&\fBX509_ALGOR_get0()\fR and \fBX509_ALGOR_set_md()\fR return no values. +.PP +\&\fBX509_ALGOR_cmp()\fR returns 0 if the two parameters have identical encodings and +non-zero otherwise. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_CRL_get0_by_serial.3 b/deps/openssl/mingw64/share/man/man3/X509_CRL_get0_by_serial.3 new file mode 100644 index 00000000..43535225 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_CRL_get0_by_serial.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CRL_GET0_BY_SERIAL 3" +.TH X509_CRL_GET0_BY_SERIAL 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate, X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, X509_CRL_add0_revoked, X509_CRL_sort \- CRL revoked entry utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_CRL_get0_by_serial(X509_CRL *crl, +\& X509_REVOKED **ret, ASN1_INTEGER *serial); +\& int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); +\& +\& STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +\& +\& const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *r); +\& const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *r); +\& +\& int X509_REVOKED_set_serialNumber(X509_REVOKED *r, ASN1_INTEGER *serial); +\& int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +\& +\& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +\& +\& int X509_CRL_sort(X509_CRL *crl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_CRL_get0_by_serial()\fR attempts to find a revoked entry in \fBcrl\fR for +serial number \fBserial\fR. If it is successful it sets \fB*ret\fR to the internal +pointer of the matching entry, as a result \fB*ret\fR must not be freed up +after the call. +.PP +\&\fBX509_CRL_get0_by_cert()\fR is similar to \fBX509_get0_by_serial()\fR except it +looks for a revoked entry using the serial number of certificate \fBx\fR. +.PP +\&\fBX509_CRL_get_REVOKED()\fR returns an internal pointer to a stack of all +revoked entries for \fBcrl\fR. +.PP +\&\fBX509_REVOKED_get0_serialNumber()\fR returns an internal pointer to the +serial number of \fBr\fR. +.PP +\&\fBX509_REVOKED_get0_revocationDate()\fR returns an internal pointer to the +revocation date of \fBr\fR. +.PP +\&\fBX509_REVOKED_set_serialNumber()\fR sets the serial number of \fBr\fR to \fBserial\fR. +The supplied \fBserial\fR pointer is not used internally so it should be +freed up after use. +.PP +\&\fBX509_REVOKED_set_revocationDate()\fR sets the revocation date of \fBr\fR to +\&\fBtm\fR. The supplied \fBtm\fR pointer is not used internally so it should be +freed up after use. +.PP +\&\fBX509_CRL_add0_revoked()\fR appends revoked entry \fBrev\fR to \s-1CRL\s0 \fBcrl\fR. The +pointer \fBrev\fR is used internally so it must not be freed up after the call: +it is freed when the parent \s-1CRL\s0 is freed. +.PP +\&\fBX509_CRL_sort()\fR sorts the revoked entries of \fBcrl\fR into ascending serial +number order. +.SH "NOTES" +.IX Header "NOTES" +Applications can determine the number of revoked entries returned by +\&\fBX509_CRL_get_revoked()\fR using \fBsk_X509_REVOKED_num()\fR and examine each one +in turn using \fBsk_X509_REVOKED_value()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_CRL_get0_by_serial()\fR and \fBX509_CRL_get0_by_cert()\fR return 0 for failure, +1 on success except if the revoked entry has the reason \f(CW\*(C`removeFromCRL\*(C'\fR (8), +in which case 2 is returned. +.PP +\&\fBX509_REVOKED_set_serialNumber()\fR, \fBX509_REVOKED_set_revocationDate()\fR, +\&\fBX509_CRL_add0_revoked()\fR and \fBX509_CRL_sort()\fR return 1 for success and 0 for +failure. +.PP +\&\fBX509_REVOKED_get0_serialNumber()\fR returns an \fB\s-1ASN1_INTEGER\s0\fR pointer. +.PP +\&\fBX509_REVOKED_get0_revocationDate()\fR returns an \fB\s-1ASN1_TIME\s0\fR value. +.PP +\&\fBX509_CRL_get_REVOKED()\fR returns a \s-1STACK\s0 of revoked entries. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_EXTENSION_set_object.3 b/deps/openssl/mingw64/share/man/man3/X509_EXTENSION_set_object.3 new file mode 100644 index 00000000..83464846 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_EXTENSION_set_object.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_EXTENSION_SET_OBJECT 3" +.TH X509_EXTENSION_SET_OBJECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_EXTENSION_set_object, X509_EXTENSION_set_critical, X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID, X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object, X509_EXTENSION_get_critical, X509_EXTENSION_get_data \- extension utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); +\& int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +\& int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); +\& +\& X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, +\& int nid, int crit, +\& ASN1_OCTET_STRING *data); +\& X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, +\& const ASN1_OBJECT *obj, int crit, +\& ASN1_OCTET_STRING *data); +\& +\& ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); +\& int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); +\& ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_EXTENSION_set_object()\fR sets the extension type of \fBex\fR to \fBobj\fR. The +\&\fBobj\fR pointer is duplicated internally so \fBobj\fR should be freed up after use. +.PP +\&\fBX509_EXTENSION_set_critical()\fR sets the criticality of \fBex\fR to \fBcrit\fR. If +\&\fBcrit\fR is zero the extension in non-critical otherwise it is critical. +.PP +\&\fBX509_EXTENSION_set_data()\fR sets the data in extension \fBex\fR to \fBdata\fR. The +\&\fBdata\fR pointer is duplicated internally. +.PP +\&\fBX509_EXTENSION_create_by_NID()\fR creates an extension of type \fBnid\fR, +criticality \fBcrit\fR using data \fBdata\fR. The created extension is returned and +written to \fB*ex\fR reusing or allocating a new extension if necessary so \fB*ex\fR +should either be \fB\s-1NULL\s0\fR or a valid \fBX509_EXTENSION\fR structure it must +\&\fBnot\fR be an uninitialised pointer. +.PP +\&\fBX509_EXTENSION_create_by_OBJ()\fR is identical to \fBX509_EXTENSION_create_by_NID()\fR +except it creates and extension using \fBobj\fR instead of a \s-1NID.\s0 +.PP +\&\fBX509_EXTENSION_get_object()\fR returns the extension type of \fBex\fR as an +\&\fB\s-1ASN1_OBJECT\s0\fR pointer. The returned pointer is an internal value which must +not be freed up. +.PP +\&\fBX509_EXTENSION_get_critical()\fR returns the criticality of extension \fBex\fR it +returns \fB1\fR for critical and \fB0\fR for non-critical. +.PP +\&\fBX509_EXTENSION_get_data()\fR returns the data of extension \fBex\fR. The returned +pointer is an internal value which must not be freed up. +.SH "NOTES" +.IX Header "NOTES" +These functions manipulate the contents of an extension directly. Most +applications will want to parse or encode and add an extension: they should +use the extension encode and decode functions instead such as +\&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR. +.PP +The \fBdata\fR associated with an extension is the extension encoding in an +\&\fB\s-1ASN1_OCTET_STRING\s0\fR structure. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_EXTENSION_set_object()\fR \fBX509_EXTENSION_set_critical()\fR and +\&\fBX509_EXTENSION_set_data()\fR return \fB1\fR for success and \fB0\fR for failure. +.PP +\&\fBX509_EXTENSION_create_by_NID()\fR and \fBX509_EXTENSION_create_by_OBJ()\fR return +an \fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBX509_EXTENSION_get_object()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR pointer. +.PP +\&\fBX509_EXTENSION_get_critical()\fR returns \fB0\fR for non-critical and \fB1\fR for +critical. +.PP +\&\fBX509_EXTENSION_get_data()\fR returns an \fB\s-1ASN1_OCTET_STRING\s0\fR pointer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509V3_get_d2i\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_LOOKUP.3 b/deps/openssl/mingw64/share/man/man3/X509_LOOKUP.3 new file mode 100644 index 00000000..31d81b2f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_LOOKUP.3 @@ -0,0 +1,310 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOOKUP 3" +.TH X509_LOOKUP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_LOOKUP, X509_LOOKUP_TYPE, X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init, X509_LOOKUP_shutdown, X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, X509_LOOKUP_ctrl, X509_LOOKUP_load_file, X509_LOOKUP_add_dir, X509_LOOKUP_get_store, X509_LOOKUP_by_subject, X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint, X509_LOOKUP_by_alias \&\- OpenSSL certificate lookup mechanisms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef x509_lookup_st X509_LOOKUP; +\& +\& typedef enum X509_LOOKUP_TYPE; +\& +\& X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +\& int X509_LOOKUP_init(X509_LOOKUP *ctx); +\& int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); +\& void X509_LOOKUP_free(X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +\& void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, +\& long argl, char **ret); +\& int X509_LOOKUP_load_file(X509_LOOKUP *ctx, char *name, long type); +\& int X509_LOOKUP_add_dir(X509_LOOKUP *ctx, char *name, long type); +\& +\& X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& X509_NAME *name, X509_OBJECT *ret); +\& int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& X509_NAME *name, ASN1_INTEGER *serial, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& const unsigned char *bytes, int len, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& const char *str, int len, X509_OBJECT *ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_LOOKUP\fR structure holds the information needed to look up +certificates and CRLs according to an associated \fBX509_LOOKUP_METHOD\fR\|(3). +Multiple \fBX509_LOOKUP\fR instances can be added to an \fBX509_STORE\fR\|(3) +to enable lookup in that store. +.PP +\&\fBX509_LOOKUP_new()\fR creates a new \fBX509_LOOKUP\fR using the given lookup +\&\fImethod\fR. +It can also be created by calling \fBX509_STORE_add_lookup\fR\|(3), which +will associate an \fBX509_STORE\fR with the lookup mechanism. +.PP +\&\fBX509_LOOKUP_init()\fR initializes the internal state and resources as +needed by the given \fBX509_LOOKUP\fR to do its work. +.PP +\&\fBX509_LOOKUP_shutdown()\fR tears down the internal state and resources of +the given \fBX509_LOOKUP\fR. +.PP +\&\fBX509_LOOKUP_free()\fR destructs the given \fBX509_LOOKUP\fR. +.PP +\&\fBX509_LOOKUP_set_method_data()\fR associates a pointer to application data +to the given \fBX509_LOOKUP\fR. +.PP +\&\fBX509_LOOKUP_get_method_data()\fR retrieves a pointer to application data +from the given \fBX509_LOOKUP\fR. +.PP +\&\fBX509_LOOKUP_ctrl()\fR is used to set or get additional data to or from an +\&\fBX509_LOOKUP\fR structure or its associated \fBX509_LOOKUP_METHOD\fR\|(3). +The arguments of the control command are passed via \fIargc\fR and \fIargl\fR, +its return value via \fI*ret\fR. +The meaning of the arguments depends on the \fIcmd\fR number of the +control command. In general, this function is not called directly, but +wrapped by a macro call, see below. +The control \fIcmd\fRs known to OpenSSL are discussed in more depth +in \*(L"Control Commands\*(R". +.PP +\&\fBX509_LOOKUP_load_file()\fR passes a filename to be loaded immediately +into the associated \fBX509_STORE\fR. +\&\fItype\fR indicates what type of object is expected. +This can only be used with a lookup using the implementation +\&\fBX509_LOOKUP_file\fR\|(3). +.PP +\&\fBX509_LOOKUP_add_dir()\fR passes a directory specification from which +certificates and CRLs are loaded on demand into the associated +\&\fBX509_STORE\fR. +\&\fItype\fR indicates what type of object is expected. +This can only be used with a lookup using the implementation +\&\fBX509_LOOKUP_hash_dir\fR\|(3). +.PP +\&\fBX509_LOOKUP_load_file()\fR, \fBX509_LOOKUP_add_dir()\fR, +\&\fBX509_LOOKUP_add_store()\fR, and \fBX509_LOOKUP_load_store()\fR are implemented +as macros that use \fBX509_LOOKUP_ctrl()\fR. +.PP +\&\fBX509_LOOKUP_by_subject()\fR, \fBX509_LOOKUP_by_issuer_serial()\fR, +\&\fBX509_LOOKUP_by_fingerprint()\fR, and \fBX509_LOOKUP_by_alias()\fR look up +certificates and CRLs in the \fBX509_STORE\fR\|(3) associated with the +\&\fBX509_LOOKUP\fR using different criteria, where the looked up object is +stored in \fIret\fR. +Some of the underlying \fBX509_LOOKUP_METHOD\fRs will also cache objects +matching the criteria in the associated \fBX509_STORE\fR, which makes it +possible to handle cases where the criteria have more than one hit. +.SS "File Types" +.IX Subsection "File Types" +\&\fBX509_LOOKUP_load_file()\fR and \fBX509_LOOKUP_add_dir()\fR take a \fItype\fR, +which can be one of the following: +.IP "\fBX509_FILETYPE_PEM\fR" 4 +.IX Item "X509_FILETYPE_PEM" +The file or files that are loaded are expected to be in \s-1PEM\s0 format. +.IP "\fBX509_FILETYPE_ASN1\fR" 4 +.IX Item "X509_FILETYPE_ASN1" +The file or files that are loaded are expected to be in raw \s-1DER\s0 format. +.IP "\fBX509_FILETYPE_DEFAULT\fR" 4 +.IX Item "X509_FILETYPE_DEFAULT" +The default certificate file or directory is used. In this case, +\&\fIname\fR is ignored. +.SS "Control Commands" +.IX Subsection "Control Commands" +The \fBX509_LOOKUP_METHOD\fRs built into OpenSSL recognise the following +\&\fBX509_LOOKUP_ctrl()\fR \fIcmd\fRs: +.IP "\fBX509_L_FILE_LOAD\fR" 4 +.IX Item "X509_L_FILE_LOAD" +This is the command that \fBX509_LOOKUP_load_file()\fR uses. +The filename is passed in \fIargc\fR, and the type in \fIargl\fR. +.IP "\fBX509_L_ADD_DIR\fR" 4 +.IX Item "X509_L_ADD_DIR" +This is the command that \fBX509_LOOKUP_add_dir()\fR uses. +The directory specification is passed in \fIargc\fR, and the type in +\&\fIargl\fR. +.IP "\fBX509_L_ADD_STORE\fR" 4 +.IX Item "X509_L_ADD_STORE" +This is the command that \fBX509_LOOKUP_add_store()\fR uses. +The \s-1URI\s0 is passed in \fIargc\fR. +.IP "\fBX509_L_LOAD_STORE\fR" 4 +.IX Item "X509_L_LOAD_STORE" +This is the command that \fBX509_LOOKUP_load_store()\fR uses. +The \s-1URI\s0 is passed in \fIargc\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_LOOKUP_new()\fR returns an \fBX509_LOOKUP\fR pointer when successful, +or \s-1NULL\s0 on error. +.PP +\&\fBX509_LOOKUP_init()\fR and \fBX509_LOOKUP_shutdown()\fR return 1 on success, or +0 on error. +.PP +\&\fBX509_LOOKUP_ctrl()\fR returns \-1 if the \fBX509_LOOKUP\fR doesn't have an +associated \fBX509_LOOKUP_METHOD\fR, or 1 if the +doesn't have a control function. +Otherwise, it returns what the control function in the +\&\fBX509_LOOKUP_METHOD\fR returns, which is usually 1 on success and 0 in +error. +.IX Xref "509_LOOKUP_METHOD" +.PP +\&\fBX509_LOOKUP_get_store()\fR returns an \fBX509_STORE\fR pointer if there is +one, otherwise \s-1NULL.\s0 +.PP +\&\fBX509_LOOKUP_by_subject()\fR, \fBX509_LOOKUP_by_issuer_serial()\fR, +\&\fBX509_LOOKUP_by_fingerprint()\fR, and \fBX509_LOOKUP_by_alias()\fR all return 0 +if there is no \fBX509_LOOKUP_METHOD\fR or that method doesn't implement +the corresponding function. +Otherwise, it returns what the corresponding function in the +\&\fBX509_LOOKUP_METHOD\fR returns, which is usually 1 on success and 0 in +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_LOOKUP_METHOD\fR\|(3), \fBX509_STORE\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_LOOKUP_hash_dir.3 b/deps/openssl/mingw64/share/man/man3/X509_LOOKUP_hash_dir.3 new file mode 100644 index 00000000..8ca6fa90 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_LOOKUP_hash_dir.3 @@ -0,0 +1,264 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOOKUP_HASH_DIR 3" +.TH X509_LOOKUP_HASH_DIR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_load_cert_file, X509_load_crl_file, X509_load_cert_crl_file \- Default OpenSSL certificate lookup methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +\& X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +\& +\& int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +\& int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +\& int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_LOOKUP_hash_dir\fR and \fBX509_LOOKUP_file\fR are two certificate +lookup methods to use with \fBX509_STORE\fR, provided by OpenSSL library. +.PP +Users of the library typically do not need to create instances of these +methods manually, they would be created automatically by +\&\fBX509_STORE_load_locations\fR\|(3) or +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +functions. +.PP +Internally loading of certificates and CRLs is implemented via functions +\&\fBX509_load_cert_crl_file\fR, \fBX509_load_cert_file\fR and +\&\fBX509_load_crl_file\fR. These functions support parameter \fItype\fR, which +can be one of constants \fB\s-1FILETYPE_PEM\s0\fR, \fB\s-1FILETYPE_ASN1\s0\fR and +\&\fB\s-1FILETYPE_DEFAULT\s0\fR. They load certificates and/or CRLs from specified +file into memory cache of \fBX509_STORE\fR objects which given \fBctx\fR +parameter is associated with. +.PP +Functions \fBX509_load_cert_file\fR and +\&\fBX509_load_crl_file\fR can load both \s-1PEM\s0 and \s-1DER\s0 formats depending of +type value. Because \s-1DER\s0 format cannot contain more than one certificate +or \s-1CRL\s0 object (while \s-1PEM\s0 can contain several concatenated \s-1PEM\s0 objects) +\&\fBX509_load_cert_crl_file\fR with \fB\s-1FILETYPE_ASN1\s0\fR is equivalent to +\&\fBX509_load_cert_file\fR. +.PP +Constant \fB\s-1FILETYPE_DEFAULT\s0\fR with \s-1NULL\s0 filename causes these functions +to load default certificate store file (see +\&\fBX509_STORE_set_default_paths\fR\|(3). +.PP +Functions return number of objects loaded from file or 0 in case of +error. +.PP +Both methods support adding several certificate locations into one +\&\fBX509_STORE\fR. +.PP +This page documents certificate store formats used by these methods and +caching policy. +.SS "File Method" +.IX Subsection "File Method" +The \fBX509_LOOKUP_file\fR method loads all the certificates or CRLs +present in a file into memory at the time the file is added as a +lookup source. +.PP +File format is \s-1ASCII\s0 text which contains concatenated \s-1PEM\s0 certificates +and CRLs. +.PP +This method should be used by applications which work with a small +set of CAs. +.SS "Hashed Directory Method" +.IX Subsection "Hashed Directory Method" +\&\fBX509_LOOKUP_hash_dir\fR is a more advanced method, which loads +certificates and CRLs on demand, and caches them in memory once +they are loaded. As of OpenSSL 1.0.0, it also checks for newer CRLs +upon each lookup, so that newer CRLs are as soon as they appear in +the directory. +.PP +The directory should contain one certificate or \s-1CRL\s0 per file in \s-1PEM\s0 format, +with a file name of the form \fIhash\fR.\fIN\fR for a certificate, or +\&\fIhash\fR.\fBr\fR\fIN\fR for a \s-1CRL.\s0 +The \fIhash\fR is the value returned by the \fBX509_NAME_hash\fR\|(3) function applied +to the subject name for certificates or issuer name for CRLs. +The hash can also be obtained via the \fB\-hash\fR option of the \fBx509\fR\|(1) or +\&\fBcrl\fR\|(1) commands. +.PP +The .\fIN\fR or .\fBr\fR\fIN\fR suffix is a sequence number that starts at zero, and is +incremented consecutively for each certificate or \s-1CRL\s0 with the same \fIhash\fR +value. +Gaps in the sequence numbers are not supported, it is assumed that there are no +more objects with the same hash beyond the first missing number in the +sequence. +.PP +Sequence numbers make it possible for the directory to contain multiple +certificates with same subject name hash value. +For example, it is possible to have in the store several certificates with same +subject or several CRLs with same issuer (and, for example, different validity +period). +.PP +When checking for new CRLs once one \s-1CRL\s0 for given hash value is +loaded, hash_dir lookup method checks only for certificates with +sequence number greater than that of the already cached \s-1CRL.\s0 +.PP +Note that the hash algorithm used for subject name hashing changed in OpenSSL +1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL +0.9.8 to 1.0.0. +.PP +OpenSSL includes a \fBrehash\fR\|(1) utility which creates symlinks with correct +hashed names for all files with .pem suffix in a given directory. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_LOOKUP_hash_dir()\fR and \fBX509_LOOKUP_file()\fR always return a valid +\&\fBX509_LOOKUP_METHOD\fR structure. +.PP +\&\fBX509_load_cert_file()\fR, \fBX509_load_crl_file()\fR and \fBX509_load_cert_crl_file()\fR return +the number of loaded objects or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPEM_read_PrivateKey\fR\|(3), +\&\fBX509_STORE_load_locations\fR\|(3), +\&\fBX509_store_add_lookup\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBX509_LOOKUP_meth_new\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_LOOKUP_meth_new.3 b/deps/openssl/mingw64/share/man/man3/X509_LOOKUP_meth_new.3 new file mode 100644 index 00000000..ffef831f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_LOOKUP_meth_new.3 @@ -0,0 +1,310 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOOKUP_METH_NEW 3" +.TH X509_LOOKUP_METH_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_LOOKUP_METHOD, X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, X509_LOOKUP_meth_get_shutdown, X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, X509_LOOKUP_meth_get_get_by_subject, X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, X509_LOOKUP_meth_get_get_by_issuer_serial, X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, X509_LOOKUP_meth_get_get_by_fingerprint, X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, X509_LOOKUP_meth_get_get_by_alias, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL \&\- Routines to build up X509_LOOKUP methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef x509_lookup_method_st X509_LOOKUP_METHOD; +\& +\& X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +\& void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); +\& +\& int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, +\& int (*new_item) (X509_LOOKUP *ctx)); +\& int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, +\& void (*free) (X509_LOOKUP *ctx)); +\& void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, +\& int (*init) (X509_LOOKUP *ctx)); +\& int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, +\& int (*shutdown) (X509_LOOKUP *ctx)); +\& int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, +\& long argl, char **ret); +\& int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_ctrl_fn ctrl_fn); +\& X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& X509_NAME *name, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_get_by_subject_fn fn); +\& X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( +\& const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& X509_NAME *name, +\& ASN1_INTEGER *serial, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_issuer_serial( +\& X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn); +\& X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( +\& const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& const unsigned char* bytes, +\& int len, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_get_by_fingerprint_fn fn); +\& X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( +\& const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& const char *str, +\& int len, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_get_by_alias_fn fn); +\& X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( +\& const X509_LOOKUP_METHOD *method); +\& +\& int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); +\& int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_LOOKUP_METHOD\fR type is a structure used for the implementation of new +X509_LOOKUP types. It provides a set of functions used by OpenSSL for the +implementation of various X509 and X509_CRL lookup capabilities. One instance +of an X509_LOOKUP_METHOD can be associated to many instantiations of an +\&\fBX509_LOOKUP\fR structure. +.PP +\&\fBX509_LOOKUP_meth_new()\fR creates a new \fBX509_LOOKUP_METHOD\fR structure. It should +be given a human-readable string containing a brief description of the lookup +method. +.PP +\&\fBX509_LOOKUP_meth_free()\fR destroys a \fBX509_LOOKUP_METHOD\fR structure. +.PP +\&\fBX509_LOOKUP_get_new_item()\fR and \fBX509_LOOKUP_set_new_item()\fR get and set the +function that is called when an \fBX509_LOOKUP\fR object is created with +\&\fBX509_LOOKUP_new()\fR. If an X509_LOOKUP_METHOD requires any per\-X509_LOOKUP +specific data, the supplied new_item function should allocate this data and +invoke \fBX509_LOOKUP_set_method_data\fR\|(3). +.PP +\&\fBX509_LOOKUP_get_free()\fR and \fBX509_LOOKUP_set_free()\fR get and set the function +that is used to free any method data that was allocated and set from within +new_item function. +.PP +\&\fBX509_LOOKUP_meth_get_init()\fR and \fBX509_LOOKUP_meth_set_init()\fR get and set the +function that is used to initialize the method data that was set with +\&\fBX509_LOOKUP_set_method_data\fR\|(3) as part of the new_item routine. +.PP +\&\fBX509_LOOKUP_meth_get_shutdown()\fR and \fBX509_LOOKUP_meth_set_shutdown()\fR get and set +the function that is used to shut down the method data whose state was +previously initialized in the init function. +.PP +\&\fBX509_LOOKUP_meth_get_ctrl()\fR and \fBX509_LOOKUP_meth_set_ctrl()\fR get and set a +function to be used to handle arbitrary control commands issued by +\&\fBX509_LOOKUP_ctrl()\fR. The control function is given the X509_LOOKUP +\&\fBctx\fR, along with the arguments passed by X509_LOOKUP_ctrl. \fBcmd\fR is +an arbitrary integer that defines some operation. \fBargc\fR is a pointer +to an array of characters. \fBargl\fR is an integer. \fBret\fR, if set, +points to a location where any return data should be written to. How +\&\fBargc\fR and \fBargl\fR are used depends entirely on the control function. +.PP +\&\fBX509_LOOKUP_set_get_by_subject()\fR, \fBX509_LOOKUP_set_get_by_issuer_serial()\fR, +\&\fBX509_LOOKUP_set_get_by_fingerprint()\fR, \fBX509_LOOKUP_set_get_by_alias()\fR set +the functions used to retrieve an X509 or X509_CRL object by the object's +subject, issuer, fingerprint, and alias respectively. These functions are given +the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters +related to the lookup, and an X509_OBJECT that will receive the requested +object. +.PP +Implementations must add objects they find to the \fBX509_STORE\fR object +using \fBX509_STORE_add_cert()\fR or \fBX509_STORE_add_crl()\fR. This increments +its reference count. However, the \fBX509_STORE_CTX_get_by_subject()\fR +function also increases the reference count which leads to one too +many references being held. Therefore applications should +additionally call \fBX509_free()\fR or \fBX509_CRL_free()\fR to decrement the +reference count again. +.PP +Implementations should also use either \fBX509_OBJECT_set1_X509()\fR or +\&\fBX509_OBJECT_set1_X509_CRL()\fR to set the result. Note that this also +increments the result's reference count. +.PP +Any method data that was created as a result of the new_item function +set by \fBX509_LOOKUP_meth_set_new_item()\fR can be accessed with +\&\fBX509_LOOKUP_get_method_data\fR\|(3). The \fBX509_STORE\fR object that owns the +X509_LOOKUP may be accessed with \fBX509_LOOKUP_get_store\fR\|(3). Successful +lookups should return 1, and unsuccessful lookups should return 0. +.PP +\&\fBX509_LOOKUP_get_get_by_subject()\fR, \fBX509_LOOKUP_get_get_by_issuer_serial()\fR, +\&\fBX509_LOOKUP_get_get_by_fingerprint()\fR, \fBX509_LOOKUP_get_get_by_alias()\fR retrieve +the function set by the corresponding setter. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBX509_LOOKUP_meth_set\fR functions return 1 on success or 0 on error. +.PP +The \fBX509_LOOKUP_meth_get\fR functions return the corresponding function +pointers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_new\fR\|(3), \fBSSL_CTX_set_cert_store\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0i. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_NAME_ENTRY_get_object.3 b/deps/openssl/mingw64/share/man/man3/X509_NAME_ENTRY_get_object.3 new file mode 100644 index 00000000..68955b3b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_NAME_ENTRY_get_object.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_ENTRY_GET_OBJECT 3" +.TH X509_NAME_ENTRY_GET_OBJECT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +\& ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +\& +\& int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); +\& int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, +\& const unsigned char *bytes, int len); +\& +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, +\& int type, const unsigned char *bytes, +\& int len); +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, +\& int type, const unsigned char *bytes, +\& int len); +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, +\& const ASN1_OBJECT *obj, int type, +\& const unsigned char *bytes, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in +and \fB\s-1ASN1_OBJECT\s0\fR structure. +.PP +\&\fBX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in +and \fB\s-1ASN1_STRING\s0\fR structure. +.PP +\&\fBX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR. +.PP +\&\fBX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type +\&\fBtype\fR and value determined by \fBbytes\fR and \fBlen\fR. +.PP +\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR +and \fBX509_NAME_ENTRY_create_by_OBJ()\fR create and return an +\&\fBX509_NAME_ENTRY\fR structure. +.SH "NOTES" +.IX Header "NOTES" +\&\fBX509_NAME_ENTRY_get_object()\fR and \fBX509_NAME_ENTRY_get_data()\fR can be +used to examine an \fBX509_NAME_ENTRY\fR function as returned by +\&\fBX509_NAME_get_entry()\fR for example. +.PP +\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_OBJ()\fR, +\&\fBX509_NAME_ENTRY_create_by_NID()\fR and \fBX509_NAME_ENTRY_set_data()\fR +are seldom used in practice because \fBX509_NAME_ENTRY\fR structures +are almost always part of \fBX509_NAME\fR structures and the +corresponding \fBX509_NAME\fR functions are typically used to +create and add new entries in a single operation. +.PP +The arguments of these functions support similar options to the similarly +named ones of the corresponding \fBX509_NAME\fR functions such as +\&\fBX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to +\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fBX509_set_data()\fR the field name must be +set first so the relevant field information can be looked up internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_NAME_ENTRY_get_object()\fR returns a valid \fB\s-1ASN1_OBJECT\s0\fR structure if it is +set or \s-1NULL\s0 if an error occurred. +.PP +\&\fBX509_NAME_ENTRY_get_data()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure if it is set +or \s-1NULL\s0 if an error occurred. +.PP +\&\fBX509_NAME_ENTRY_set_object()\fR and \fBX509_NAME_ENTRY_set_data()\fR return 1 on success +or 0 on error. +.PP +\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR and +\&\fBX509_NAME_ENTRY_create_by_OBJ()\fR return a valid \fBX509_NAME_ENTRY\fR on success or +\&\s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3), +\&\fBOBJ_nid2obj\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_NAME_add_entry_by_txt.3 b/deps/openssl/mingw64/share/man/man3/X509_NAME_add_entry_by_txt.3 new file mode 100644 index 00000000..8719140d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_NAME_add_entry_by_txt.3 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_ADD_ENTRY_BY_TXT 3" +.TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, +\& const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, +\& const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, +\& const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, int set); +\& +\& X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR and +\&\fBX509_NAME_add_entry_by_NID()\fR add a field whose name is defined +by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively. +The field value to be added is in \fBbytes\fR of length \fBlen\fR. If +\&\fBlen\fR is \-1 then the field length is calculated internally using +strlen(bytes). +.PP +The type of field is determined by \fBtype\fR which can either be a +definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a +standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is +added to a position determined by \fBloc\fR and \fBset\fR. +.PP +\&\fBX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR +to \fBname\fR. The new entry is added to a position determined by \fBloc\fR +and \fBset\fR. Since a copy of \fBne\fR is added \fBne\fR must be freed up after +the call. +.PP +\&\fBX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position +\&\fBloc\fR. The deleted entry is returned and must be freed up. +.SH "NOTES" +.IX Header "NOTES" +The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF8\s0\fR +is strongly recommended for the \fBtype\fR parameter. This allows the +internal code to correctly determine the type of the field and to +apply length checks according to the relevant standards. This is +done using \fBASN1_STRING_set_by_NID()\fR. +.PP +If instead an \s-1ASN1\s0 type is used no checks are performed and the +supplied data in \fBbytes\fR is used directly. +.PP +In \fBX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents +the field name using OBJ_txt2obj(field, 0). +.PP +The \fBloc\fR and \fBset\fR parameters determine where a new entry should +be added. For almost all applications \fBloc\fR can be set to \-1 and \fBset\fR +to 0. This adds a new entry to the end of \fBname\fR as a single valued +RelativeDistinguishedName (\s-1RDN\s0). +.PP +\&\fBloc\fR actually determines the index where the new entry is inserted: +if it is \-1 it is appended. +.PP +\&\fBset\fR determines how the new type is added. If it is zero a +new \s-1RDN\s0 is created. +.PP +If \fBset\fR is \-1 or 1 it is added to the previous or next \s-1RDN\s0 +structure respectively. This will then be a multivalued \s-1RDN:\s0 +since multivalues RDNs are very seldom used \fBset\fR is almost +always set to zero. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR, +\&\fBX509_NAME_add_entry_by_NID()\fR and \fBX509_NAME_add_entry()\fR return 1 for +success of 0 if an error occurred. +.PP +\&\fBX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR +structure of \fB\s-1NULL\s0\fR if an error occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \fBX509_NAME\fR structure: +.PP +\&\*(L"C=UK, O=Disorganized Organization, CN=Joe Bloggs\*(R" +.PP +.Vb 1 +\& X509_NAME *nm; +\& +\& nm = X509_NAME_new(); +\& if (nm == NULL) +\& /* Some error */ +\& if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC, +\& "UK", \-1, \-1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC, +\& "Disorganized Organization", \-1, \-1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, +\& "Joe Bloggs", \-1, \-1, 0)) +\& /* Error */ +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fBtype\fR can still be set to \fBV_ASN1_APP_CHOOSE\fR to use a +different algorithm to determine field types. Since this form does +not understand multicharacter types, performs no length checks and +can result in invalid field types its use is strongly discouraged. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_NAME_get0_der.3 b/deps/openssl/mingw64/share/man/man3/X509_NAME_get0_der.3 new file mode 100644 index 00000000..153d392b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_NAME_get0_der.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_GET0_DER 3" +.TH X509_NAME_GET0_DER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_get0_der \- get X509_NAME DER encoding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, +\& size_t *pderlen) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBX509_NAME_get0_der()\fR returns an internal pointer to the +encoding of an \fBX509_NAME\fR structure in \fB*pder\fR and consisting of +\&\fB*pderlen\fR bytes. It is useful for applications that wish to examine +the encoding of an \fBX509_NAME\fR structure without copying it. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The function \fBX509_NAME_get0_der()\fR returns 1 for success and 0 if an error +occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_NAME_get_index_by_NID.3 b/deps/openssl/mingw64/share/man/man3/X509_NAME_get_index_by_NID.3 new file mode 100644 index 00000000..158153a4 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_NAME_get_index_by_NID.3 @@ -0,0 +1,254 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_GET_INDEX_BY_NID 3" +.TH X509_NAME_GET_INDEX_BY_NID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \- X509_NAME lookup and enumeration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); +\& int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos); +\& +\& int X509_NAME_entry_count(const X509_NAME *name); +\& X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); +\& +\& int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); +\& int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fBX509_NAME\fR structure to be examined. The +\&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in +\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject +and issuer names. +.PP +\&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR retrieve +the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR +should initially be set to \-1. If there are no more entries \-1 is returned. +If \fBnid\fR is invalid (doesn't correspond to a valid \s-1OID\s0) then \-2 is returned. +.PP +\&\fBX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR. +.PP +\&\fBX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR +corresponding to index \fBloc\fR. Acceptable values for \fBloc\fR run from +0 to (X509_NAME_entry_count(name) \- 1). The value returned is an +internal pointer which must not be freed. +.PP +\&\fBX509_NAME_get_text_by_NID()\fR, \fBX509_NAME_get_text_by_OBJ()\fR retrieve +the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or +\&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes +will be written and the text written to \fBbuf\fR will be null +terminated. The length of the output string written is returned +excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount +of space needed in \fBbuf\fR (excluding the final null) is returned. +.SH "NOTES" +.IX Header "NOTES" +\&\fBX509_NAME_get_text_by_NID()\fR and \fBX509_NAME_get_text_by_OBJ()\fR should be +considered deprecated because they +have various limitations which make them +of minimal use in practice. They can only find the first matching +entry and will copy the contents of the field verbatim: this can +be highly confusing if the target is a multicharacter string type +like a BMPString or a UTF8String. +.PP +For a more general solution \fBX509_NAME_get_index_by_NID()\fR or +\&\fBX509_NAME_get_index_by_OBJ()\fR should be used followed by +\&\fBX509_NAME_get_entry()\fR on any matching indices and then the +various \fBX509_NAME_ENTRY\fR utility functions on the result. +.PP +The list of all relevant \fBNID_*\fR and \fBOBJ_* codes\fR can be found in +the source code header files and/or +. +.PP +Applications which could pass invalid NIDs to \fBX509_NAME_get_index_by_NID()\fR +should check for the return value of \-2. Alternatively the \s-1NID\s0 validity +can be determined first by checking OBJ_nid2obj(nid) is not \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR +return the index of the next matching entry or \-1 if not found. +\&\fBX509_NAME_get_index_by_NID()\fR can also return \-2 if the supplied +\&\s-1NID\s0 is invalid. +.PP +\&\fBX509_NAME_entry_count()\fR returns the total number of entries. +.PP +\&\fBX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the +requested entry or \fB\s-1NULL\s0\fR if the index is invalid. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Process all entries: +.PP +.Vb 2 +\& int i; +\& X509_NAME_ENTRY *e; +\& +\& for (i = 0; i < X509_NAME_entry_count(nm); i++) { +\& e = X509_NAME_get_entry(nm, i); +\& /* Do something with e */ +\& } +.Ve +.PP +Process all commonName entries: +.PP +.Vb 2 +\& int lastpos = \-1; +\& X509_NAME_ENTRY *e; +\& +\& for (;;) { +\& lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos); +\& if (lastpos == \-1) +\& break; +\& e = X509_NAME_get_entry(nm, lastpos); +\& /* Do something with e */ +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_NAME_print_ex.3 b/deps/openssl/mingw64/share/man/man3/X509_NAME_print_ex.3 new file mode 100644 index 00000000..e4b8884c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_NAME_print_ex.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_PRINT_EX 3" +.TH X509_NAME_PRINT_EX 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, X509_NAME_oneline \- X509_NAME printing routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags); +\& int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags); +\& char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); +\& int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each +line (for multiline formats) is indented by \fBindent\fR spaces. The output format +can be extensively customised by use of the \fBflags\fR parameter. +.PP +\&\fBX509_NAME_print_ex_fp()\fR is identical to \fBX509_NAME_print_ex()\fR except the output is +written to \s-1FILE\s0 pointer \fBfp\fR. +.PP +\&\fBX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. +If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated and returned, and +\&\fBsize\fR is ignored. +Otherwise, at most \fBsize\fR bytes will be written, including the ending '\e0', +and \fBbuf\fR is returned. +.PP +\&\fBX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR +characters. Multiple lines are used if the output (including indent) exceeds +80 characters. +.SH "NOTES" +.IX Header "NOTES" +The functions \fBX509_NAME_oneline()\fR and \fBX509_NAME_print()\fR +produce a non standard output form, they don't handle multi character fields and +have various quirks and inconsistencies. +Their use is strongly discouraged in new applications and they could +be deprecated in a future release. +.PP +Although there are a large number of possible flags for most purposes +\&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. +As noted on the \fBASN1_STRING_print_ex\fR\|(3) manual page +for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example +\&\fB\s-1XN_FLAG_ONELINE &\s0 ~ASN1_STRFLGS_ESC_MSB\fR would be used. +.PP +The complete set of the flags supported by \fBX509_NAME_print_ex()\fR is listed below. +.PP +Several options can be ored together. +.PP +The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR, +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators +to use. Two distinct separators are used between distinct RelativeDistinguishedName +components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN.\s0 Multi-valued +RDNs are currently very rare so the second separator will hardly ever be used. +.PP +\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR +uses comma and plus with spaces: this is more readable that plain comma and plus. +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR uses spaced semicolon and plus. \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR uses +spaced newline and plus respectively. +.PP +If \fB\s-1XN_FLAG_DN_REV\s0\fR is set the whole \s-1DN\s0 is printed in reversed order. +.PP +The fields \fB\s-1XN_FLAG_FN_SN\s0\fR, \fB\s-1XN_FLAG_FN_LN\s0\fR, \fB\s-1XN_FLAG_FN_OID\s0\fR, +\&\fB\s-1XN_FLAG_FN_NONE\s0\fR determine how a field name is displayed. It will +use the short name (e.g. \s-1CN\s0) the long name (e.g. commonName) always +use \s-1OID\s0 numerical form (normally OIDs are only used if the field name is not +recognised) and no field name respectively. +.PP +If \fB\s-1XN_FLAG_SPC_EQ\s0\fR is set then spaces will be placed around the '=' character +separating field names and values. +.PP +If \fB\s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR is set then the encoding of unknown fields is +printed instead of the values. +.PP +If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this +is only of use for multiline format. +.PP +Additionally all the options supported by \fBASN1_STRING_print_ex()\fR can be used to +control how each field value is displayed. +.PP +In addition a number options can be set for commonly used formats. +.PP +\&\fB\s-1XN_FLAG_RFC2253\s0\fR sets options which produce an output compatible with \s-1RFC2253\s0 it +is equivalent to: + \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1XN_FLAG_SEP_COMMA_PLUS\s0 | \s-1XN_FLAG_DN_REV\s0 | \s-1XN_FLAG_FN_SN\s0 | \s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR +.PP +\&\fB\s-1XN_FLAG_ONELINE\s0\fR is a more readable one line format which is the same as: + \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1ASN1_STRFLGS_ESC_QUOTE\s0 | \s-1XN_FLAG_SEP_CPLUS_SPC\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_SN\s0\fR +.PP +\&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format which is the same as: + \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | \s-1XN_FLAG_SEP_MULTILINE\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_LN\s0 | \s-1XN_FLAG_FN_ALIGN\s0\fR +.PP +\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fBX509_NAME_print()\fR: in fact it calls \fBX509_NAME_print()\fR internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_NAME_oneline()\fR returns a valid string on success or \s-1NULL\s0 on error. +.PP +\&\fBX509_NAME_print()\fR returns 1 on success or 0 on error. +.PP +\&\fBX509_NAME_print_ex()\fR and \fBX509_NAME_print_ex_fp()\fR return 1 on success or 0 on error +if the \fB\s-1XN_FLAG_COMPAT\s0\fR is set, which is the same as \fBX509_NAME_print()\fR. Otherwise, +it returns \-1 on error or other values on success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBASN1_STRING_print_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_PUBKEY_new.3 b/deps/openssl/mingw64/share/man/man3/X509_PUBKEY_new.3 new file mode 100644 index 00000000..bff3d52d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_PUBKEY_new.3 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_PUBKEY_NEW 3" +.TH X509_PUBKEY_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, X509_PUBKEY_get0_param \- SubjectPublicKeyInfo public key functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_PUBKEY *X509_PUBKEY_new(void); +\& void X509_PUBKEY_free(X509_PUBKEY *a); +\& +\& int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +\& EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); +\& EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +\& +\& EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); +\& int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); +\& +\& EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); +\& EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +\& +\& int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); +\& int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); +\& +\& int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, +\& int ptype, void *pval, +\& unsigned char *penc, int penclen); +\& int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, +\& const unsigned char **pk, int *ppklen, +\& X509_ALGOR **pa, X509_PUBKEY *pub); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_PUBKEY\fR structure represents the \s-1ASN.1\s0 \fBSubjectPublicKeyInfo\fR +structure defined in \s-1RFC5280\s0 and used in certificates and certificate requests. +.PP +\&\fBX509_PUBKEY_new()\fR allocates and initializes an \fBX509_PUBKEY\fR structure. +.PP +\&\fBX509_PUBKEY_free()\fR frees up \fBX509_PUBKEY\fR structure \fBa\fR. If \fBa\fR is \s-1NULL\s0 +nothing is done. +.PP +\&\fBX509_PUBKEY_set()\fR sets the public key in \fB*x\fR to the public key contained +in the \fB\s-1EVP_PKEY\s0\fR structure \fBpkey\fR. If \fB*x\fR is not \s-1NULL\s0 any existing +public key structure will be freed. +.PP +\&\fBX509_PUBKEY_get0()\fR returns the public key contained in \fBkey\fR. The returned +value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed after use. +.PP +\&\fBX509_PUBKEY_get()\fR is similar to \fBX509_PUBKEY_get0()\fR except the reference +count on the returned key is incremented so it \fB\s-1MUST\s0\fR be freed using +\&\fBEVP_PKEY_free()\fR after use. +.PP +\&\fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR decode and encode an \fB\s-1EVP_PKEY\s0\fR structure +using \fBSubjectPublicKeyInfo\fR format. They otherwise follow the conventions of +other \s-1ASN.1\s0 functions such as \fBd2i_X509()\fR. +.PP +\&\fBd2i_PUBKEY_bio()\fR, \fBd2i_PUBKEY_fp()\fR, \fBi2d_PUBKEY_bio()\fR and \fBi2d_PUBKEY_fp()\fR are +similar to \fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR except they decode or encode using a +\&\fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR pointer. +.PP +\&\fBX509_PUBKEY_set0_param()\fR sets the public key parameters of \fBpub\fR. The +\&\s-1OID\s0 associated with the algorithm is set to \fBaobj\fR. The type of the +algorithm parameters is set to \fBtype\fR using the structure \fBpval\fR. +The encoding of the public key itself is set to the \fBpenclen\fR +bytes contained in buffer \fBpenc\fR. On success ownership of all the supplied +parameters is passed to \fBpub\fR so they must not be freed after the +call. +.PP +\&\fBX509_PUBKEY_get0_param()\fR retrieves the public key parameters from \fBpub\fR, +\&\fB*ppkalg\fR is set to the associated \s-1OID\s0 and the encoding consists of +\&\fB*ppklen\fR bytes at \fB*pk\fR, \fB*pa\fR is set to the associated +AlgorithmIdentifier for the public key. If the value of any of these +parameters is not required it can be set to \fB\s-1NULL\s0\fR. All of the +retrieved pointers are internal and must not be freed after the +call. +.SH "NOTES" +.IX Header "NOTES" +The \fBX509_PUBKEY\fR functions can be used to encode and decode public keys +in a standard format. +.PP +In many cases applications will not call the \fBX509_PUBKEY\fR functions +directly: they will instead call wrapper functions such as \fBX509_get0_pubkey()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBX509_PUBKEY_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). +.PP +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fBX509_PUBKEY_free()\fR does not return a value. +.PP +\&\fBX509_PUBKEY_get0()\fR and \fBX509_PUBKEY_get()\fR return a pointer to an \fB\s-1EVP_PKEY\s0\fR +structure or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBX509_PUBKEY_set()\fR, \fBX509_PUBKEY_set0_param()\fR and \fBX509_PUBKEY_get0_param()\fR +return 1 for success and 0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_SIG_get0.3 b/deps/openssl/mingw64/share/man/man3/X509_SIG_get0.3 new file mode 100644 index 00000000..b65a7e0d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_SIG_get0.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_SIG_GET0 3" +.TH X509_SIG_GET0 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_SIG_get0, X509_SIG_getm \- DigestInfo functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, +\& const ASN1_OCTET_STRING **pdigest); +\& void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, +\& ASN1_OCTET_STRING **pdigest, +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_SIG_get0()\fR returns pointers to the algorithm identifier and digest +value in \fBsig\fR. \fBX509_SIG_getm()\fR is identical to \fBX509_SIG_get0()\fR +except the pointers returned are not constant and can be modified: +for example to initialise them. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_SIG_get0()\fR and \fBX509_SIG_getm()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_STORE_CTX_get_error.3 b/deps/openssl/mingw64/share/man/man3/X509_STORE_CTX_get_error.3 new file mode 100644 index 00000000..763684bd --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_STORE_CTX_get_error.3 @@ -0,0 +1,416 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_GET_ERROR 3" +.TH X509_STORE_CTX_GET_ERROR 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string \- get or set certificate verification status information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); +\& int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); +\& X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); +\& X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +\& +\& STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +\& +\& const char *X509_verify_cert_error_string(long n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are typically called after \fBX509_verify_cert()\fR has indicated +an error or in a verification callback to determine the nature of an error. +.PP +\&\fBX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see +the \fB\s-1ERROR CODES\s0\fR section for a full description of all error codes. +.PP +\&\fBX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example +it might be used in a verification callback to set an error based on additional +checks. +.PP +\&\fBX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a +non-negative integer representing where in the certificate chain the error +occurred. If it is zero it occurred in the end entity certificate, one if +it is the certificate which signed the end entity certificate and so on. +.PP +\&\fBX509_STORE_CTX_set_error_depth()\fR sets the error \fBdepth\fR. +This can be used in combination with \fBX509_STORE_CTX_set_error()\fR to set the +depth at which an error condition was detected. +.PP +\&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which +caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant. +.PP +\&\fBX509_STORE_CTX_set_current_cert()\fR sets the certificate \fBx\fR in \fBctx\fR which +caused the error. +This value is not intended to remain valid for very long, and remains owned by +the caller. +It may be examined by a verification callback invoked to handle each error +encountered during chain verification and is no longer required after such a +callback. +If a callback wishes the save the certificate for use after it returns, it +needs to increment its reference count via \fBX509_up_ref\fR\|(3). +Once such a \fIsaved\fR certificate is no longer needed it can be freed with +\&\fBX509_free\fR\|(3). +.PP +\&\fBX509_STORE_CTX_get0_cert()\fR retrieves an internal pointer to the +certificate being verified by the \fBctx\fR. +.PP +\&\fBX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous +call to \fBX509_verify_cert()\fR is successful. If the call to \fBX509_verify_cert()\fR +is \fBnot\fR successful the returned chain may be incomplete or invalid. The +returned chain persists after the \fBctx\fR structure is freed, when it is +no longer needed it should be free up using: +.PP +.Vb 1 +\& sk_X509_pop_free(chain, X509_free); +.Ve +.PP +\&\fBX509_verify_cert_error_string()\fR returns a human readable error string for +verification error \fBn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code. +.PP +\&\fBX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth. +.PP +\&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate which caused the +error or \fB\s-1NULL\s0\fR if no certificate is relevant to the error. +.PP +\&\fBX509_verify_cert_error_string()\fR returns a human readable error string for +verification error \fBn\fR. +.SH "ERROR CODES" +.IX Header "ERROR CODES" +A list of error codes and messages is shown below. Some of the +error codes are defined but currently never returned: these are described as +\&\*(L"unused\*(R". +.IP "\fBX509_V_OK: ok\fR" 4 +.IX Item "X509_V_OK: ok" +the operation was successful. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate" +the issuer certificate of a locally looked up certificate could not be found. +This normally means the list of trusted certificates is not complete. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL" +the \s-1CRL\s0 of a certificate could not be found. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" +the certificate signature could not be decrypted. This means that the actual +signature value could not be determined rather than it not matching the +expected value, this is only meaningful for \s-1RSA\s0 keys. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature" +the \s-1CRL\s0 signature could not be decrypted: this means that the actual signature +value could not be determined rather than it not matching the expected value. +Unused. +.IP "\fBX509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key" +the public key in the certificate SubjectPublicKeyInfo could not be read. +.IP "\fBX509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4 +.IX Item "X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure" +the signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 +.IX Item "X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" +the signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 +.IX Item "X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" +the certificate is not yet valid: the notBefore date is after the current time. +.IP "\fBX509_V_ERR_CERT_HAS_EXPIRED: certificate has expired\fR" 4 +.IX Item "X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired" +the certificate has expired: that is the notAfter date is before the current time. +.IP "\fBX509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 +.IX Item "X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" +the \s-1CRL\s0 is not yet valid. +.IP "\fBX509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 +.IX Item "X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" +the \s-1CRL\s0 has expired. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" +the certificate notBefore field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field" +the certificate notAfter field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" +the \s-1CRL\s0 lastUpdate field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" +the \s-1CRL\s0 nextUpdate field contains an invalid time. +.IP "\fBX509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 +.IX Item "X509_V_ERR_OUT_OF_MEM: out of memory" +an error occurred trying to allocate memory. This should never happen. +.IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate\fR" 4 +.IX Item "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate" +the passed certificate is self signed and the same certificate cannot be found +in the list of trusted certificates. +.IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain\fR" 4 +.IX Item "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain" +the certificate chain could be built up using the untrusted certificates but +the root could not be found locally. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate" +the issuer certificate could not be found: this occurs if the issuer certificate +of an untrusted certificate cannot be found. +.IP "\fBX509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate" +no signatures could be verified because the chain contains only one certificate +and it is not self signed. +.IP "\fBX509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4 +.IX Item "X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long" +the certificate chain length is greater than the supplied maximum depth. Unused. +.IP "\fBX509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 +.IX Item "X509_V_ERR_CERT_REVOKED: certificate revoked" +the certificate has been revoked. +.IP "\fBX509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 +.IX Item "X509_V_ERR_INVALID_CA: invalid CA certificate" +a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not +consistent with the supplied purpose. +.IP "\fBX509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4 +.IX Item "X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded" +the basicConstraints path-length parameter has been exceeded. +.IP "\fBX509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose\fR" 4 +.IX Item "X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose" +the supplied certificate cannot be used for the specified purpose. +.IP "\fBX509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4 +.IX Item "X509_V_ERR_CERT_UNTRUSTED: certificate not trusted" +the root \s-1CA\s0 is not marked as trusted for the specified purpose. +.IP "\fBX509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4 +.IX Item "X509_V_ERR_CERT_REJECTED: certificate rejected" +the root \s-1CA\s0 is marked to reject the specified purpose. +.IP "\fBX509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4 +.IX Item "X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch" +the current candidate issuer certificate was rejected because its subject name +did not match the issuer name of the current certificate. This is only set +if issuer check debugging is enabled it is used for status notification and +is \fBnot\fR in itself an error. +.IP "\fBX509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch\fR" 4 +.IX Item "X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch" +the current candidate issuer certificate was rejected because its subject key +identifier was present and did not match the authority key identifier current +certificate. This is only set if issuer check debugging is enabled it is used +for status notification and is \fBnot\fR in itself an error. +.IP "\fBX509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch\fR" 4 +.IX Item "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch" +the current candidate issuer certificate was rejected because its issuer name +and serial number was present and did not match the authority key identifier of +the current certificate. This is only set if issuer check debugging is enabled +it is used for status notification and is \fBnot\fR in itself an error. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing" +the current candidate issuer certificate was rejected because its keyUsage +extension does not permit certificate signing. This is only set if issuer check +debugging is enabled it is used for status notification and is \fBnot\fR in itself +an error. +.IP "\fBX509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension\fR" 4 +.IX Item "X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension" +A certificate extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. +.IP "\fBX509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension\fR" 4 +.IX Item "X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension" +A certificate policies extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. This error only +occurs if policy processing is enabled. +.IP "\fBX509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy\fR" 4 +.IX Item "X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy" +The verification flags were set to require and explicit policy but none was +present. +.IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE: Different \s-1CRL\s0 scope\fR" 4 +.IX Item "X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope" +The only CRLs that could be found did not match the scope of the certificate. +.IP "\fBX509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature" +Some feature of a certificate extension is not supported. Unused. +.IP "\fBX509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation\fR" 4 +.IX Item "X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation" +A name constraint violation occurred in the permitted subtrees. +.IP "\fBX509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation\fR" 4 +.IX Item "X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation" +A name constraint violation occurred in the excluded subtrees. +.IP "\fBX509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported\fR" 4 +.IX Item "X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported" +A certificate name constraints extension included a minimum or maximum field: +this is not supported. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type" +An unsupported name constraint type was encountered. OpenSSL currently only +supports directory name, \s-1DNS\s0 name, email and \s-1URI\s0 types. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax" +The format of the name constraint is not recognised: for example an email +address format of a form not mentioned in \s-1RFC3280.\s0 This could be caused by +a garbage extension or some new feature not currently supported. +.IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR: \s-1CRL\s0 path validation error\fR" 4 +.IX Item "X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error" +An error occurred when attempting to verify the \s-1CRL\s0 path. This error can only +happen if extended \s-1CRL\s0 checking is enabled. +.IP "\fBX509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4 +.IX Item "X509_V_ERR_APPLICATION_VERIFICATION: application verification failure" +an application specific error. This will never be returned unless explicitly +set by an application. +.SH "NOTES" +.IX Header "NOTES" +The above functions should be used instead of directly referencing the fields +in the \fBX509_VERIFY_CTX\fR structure. +.PP +In versions of OpenSSL before 1.0 the current certificate returned by +\&\fBX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should +check the return value before printing out any debugging information relating +to the current certificate. +.PP +If an unrecognised error code is passed to \fBX509_verify_cert_error_string()\fR the +numerical value of the unknown code is returned in a static buffer. This is not +thread safe but will never happen unless an invalid code is passed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_up_ref\fR\|(3), +\&\fBX509_free\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_STORE_CTX_new.3 b/deps/openssl/mingw64/share/man/man3/X509_STORE_CTX_new.3 new file mode 100644 index 00000000..5d5a0b1c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_STORE_CTX_new.3 @@ -0,0 +1,295 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_NEW 3" +.TH X509_STORE_CTX_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, X509_STORE_CTX_get_num_untrusted, X509_STORE_CTX_set_default, X509_STORE_CTX_set_verify, X509_STORE_CTX_verify_fn \&\- X509_STORE_CTX initialisation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_STORE_CTX *X509_STORE_CTX_new(void); +\& void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +\& +\& int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, +\& X509 *x509, STACK_OF(X509) *chain); +\& +\& void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +\& +\& void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x); +\& STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain); +\& void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); +\& +\& X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +\& int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); +\& +\& STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +\& +\& int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); +\& +\& typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); +\& void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use +by \fBX509_verify_cert()\fR. +.PP +\&\fBX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure. +.PP +\&\fBX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure. +The context can then be reused with an new call to \fBX509_STORE_CTX_init()\fR. +.PP +\&\fBX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR +is no longer valid. +If \fBctx\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation. +It must be called before each call to \fBX509_verify_cert()\fR, i.e. a \fBctx\fR is only +good for one call to \fBX509_verify_cert()\fR; if you want to verify a second +certificate with the same \fBctx\fR then you must call \fBX509_STORE_CTX_cleanup()\fR +and then \fBX509_STORE_CTX_init()\fR again before the second call to +\&\fBX509_verify_cert()\fR. The trusted certificate store is set to \fBstore\fR, the end +entity certificate to be verified is set to \fBx509\fR and a set of additional +certificates (which will be untrusted but may be used to build the chain) in +\&\fBchain\fR. Any or all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be +\&\fB\s-1NULL\s0\fR. +.PP +\&\fBX509_STORE_CTX_set0_trusted_stack()\fR sets the set of trusted certificates of +\&\fBctx\fR to \fBsk\fR. This is an alternative way of specifying trusted certificates +instead of using an \fBX509_STORE\fR. +.PP +\&\fBX509_STORE_CTX_set_cert()\fR sets the certificate to be verified in \fBctx\fR to +\&\fBx\fR. +.PP +\&\fBX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain used +by \fBctx\fR to be \fBchain\fR. +Ownership of the chain is transferred to \fBctx\fR and should not be +free'd by the caller. +\&\fBX509_STORE_CTX_get0_chain()\fR returns a the internal pointer used by the +\&\fBctx\fR that contains the validated chain. +.PP +\&\fBX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate +verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is +enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be +used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol, +for example in a PKCS#7 structure. +.PP +\&\fBX509_STORE_CTX_get0_param()\fR retrieves an internal pointer +to the verification parameters associated with \fBctx\fR. +.PP +\&\fBX509_STORE_CTX_get0_untrusted()\fR retrieves an internal pointer to the +stack of untrusted certificates associated with \fBctx\fR. +.PP +\&\fBX509_STORE_CTX_set0_untrusted()\fR sets the internal point to the stack +of untrusted certificates associated with \fBctx\fR to \fBsk\fR. +.PP +\&\fBX509_STORE_CTX_set0_param()\fR sets the internal verification parameter pointer +to \fBparam\fR. After this call \fBparam\fR should not be used. +.PP +\&\fBX509_STORE_CTX_set_default()\fR looks up and sets the default verification +method to \fBname\fR. This uses the function \fBX509_VERIFY_PARAM_lookup()\fR to +find an appropriate set of parameters from \fBname\fR. +.PP +\&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates +that were used in building the chain following a call to \fBX509_verify_cert()\fR. +.PP +\&\fBX509_STORE_CTX_set_verify()\fR provides the capability for overriding the default +verify function. This function is responsible for verifying chain signatures and +expiration times. +.PP +A verify function is defined as an X509_STORE_CTX_verify type which has the +following signature: +.PP +.Vb 1 +\& int (*verify)(X509_STORE_CTX *); +.Ve +.PP +This function should receive the current X509_STORE_CTX as a parameter and +return 1 on success or 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The certificates and CRLs in a store are used internally and should \fBnot\fR +be freed up until after the associated \fBX509_STORE_CTX\fR is freed. +.SH "BUGS" +.IX Header "BUGS" +The certificates and CRLs in a context are used internally and should \fBnot\fR +be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies +should be made or reference counts increased instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an +error occurred. +.PP +\&\fBX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fBX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR +structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBX509_STORE_CTX_cleanup()\fR, \fBX509_STORE_CTX_free()\fR, +\&\fBX509_STORE_CTX_set0_trusted_stack()\fR, +\&\fBX509_STORE_CTX_set_cert()\fR, +\&\fBX509_STORE_CTX_set0_crls()\fR and \fBX509_STORE_CTX_set0_param()\fR do not return +values. +.PP +\&\fBX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates +used. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify_cert\fR\|(3) +\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_STORE_CTX_set0_crls()\fR function was added in OpenSSL 1.0.0. +The \fBX509_STORE_CTX_get_num_untrusted()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_STORE_CTX_set_verify_cb.3 b/deps/openssl/mingw64/share/man/man3/X509_STORE_CTX_set_verify_cb.3 new file mode 100644 index 00000000..1312285f --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_STORE_CTX_set_verify_cb.3 @@ -0,0 +1,334 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_SET_VERIFY_CB 3" +.TH X509_STORE_CTX_SET_VERIFY_CB 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_get_cleanup, X509_STORE_CTX_get_lookup_crls, X509_STORE_CTX_get_lookup_certs, X509_STORE_CTX_get_check_policy, X509_STORE_CTX_get_cert_crl, X509_STORE_CTX_get_check_crl, X509_STORE_CTX_get_get_crl, X509_STORE_CTX_get_check_revocation, X509_STORE_CTX_get_check_issued, X509_STORE_CTX_get_get_issuer, X509_STORE_CTX_get_verify_cb, X509_STORE_CTX_set_verify_cb, X509_STORE_CTX_verify_cb \&\- get and set verification callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +\& +\& X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, +\& X509_STORE_CTX_verify_cb verify_cb); +\& +\& X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBverify_cb\fR overwriting any existing callback. +.PP +The verification callback can be used to customise the operation of certificate +verification, either by overriding error conditions or logging errors for +debugging purposes. +.PP +However a verification callback is \fBnot\fR essential and the default operation +is often sufficient. +.PP +The \fBok\fR parameter to the callback indicates the value the callback should +return to retain the default behaviour. If it is zero then an error condition +is indicated. If it is 1 then no error occurred. If the flag +\&\fBX509_V_FLAG_NOTIFY_POLICY\fR is set then \fBok\fR is set to 2 to indicate the +policy checking is complete. +.PP +The \fBctx\fR parameter to the callback is the \fBX509_STORE_CTX\fR structure that +is performing the verification operation. A callback can examine this +structure and receive additional information about the error, for example +by calling \fBX509_STORE_CTX_get_current_cert()\fR. Additional application data can +be passed to the callback via the \fBex_data\fR mechanism. +.PP +\&\fBX509_STORE_CTX_get_verify_cb()\fR returns the value of the current callback +for the specific \fBctx\fR. +.PP +\&\fBX509_STORE_CTX_get_get_issuer()\fR, +\&\fBX509_STORE_CTX_get_check_issued()\fR, \fBX509_STORE_CTX_get_check_revocation()\fR, +\&\fBX509_STORE_CTX_get_get_crl()\fR, \fBX509_STORE_CTX_get_check_crl()\fR, +\&\fBX509_STORE_CTX_get_cert_crl()\fR, \fBX509_STORE_CTX_get_check_policy()\fR, +\&\fBX509_STORE_CTX_get_lookup_certs()\fR, \fBX509_STORE_CTX_get_lookup_crls()\fR +and \fBX509_STORE_CTX_get_cleanup()\fR return the function pointers cached +from the corresponding \fBX509_STORE\fR, please see +\&\fBX509_STORE_set_verify\fR\|(3) for more information. +.SH "WARNINGS" +.IX Header "WARNINGS" +In general a verification callback should \fB\s-1NOT\s0\fR unconditionally return 1 in +all circumstances because this will allow verification to succeed no matter +what the error. This effectively removes all security from the application +because \fBany\fR certificate (including untrusted generated ones) will be +accepted. +.SH "NOTES" +.IX Header "NOTES" +The verification callback can be set and inherited from the parent structure +performing the operation. In some cases (such as S/MIME verification) the +\&\fBX509_STORE_CTX\fR structure is created and destroyed internally and the +only way to set a custom verification callback is by inheriting it from the +associated \fBX509_STORE\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_CTX_set_verify_cb()\fR does not return a value. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Default callback operation: +.PP +.Vb 3 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) { +\& return ok; +\& } +.Ve +.PP +Simple example, suppose a certificate in the chain is expired and we wish +to continue after this error: +.PP +.Vb 7 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) { +\& /* Tolerate certificate expiration */ +\& if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED) +\& return 1; +\& /* Otherwise don\*(Aqt override */ +\& return ok; +\& } +.Ve +.PP +More complex example, we don't wish to continue after \fBany\fR certificate has +expired just one specific case: +.PP +.Vb 4 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& int err = X509_STORE_CTX_get_error(ctx); +\& X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& +\& if (err == X509_V_ERR_CERT_HAS_EXPIRED) { +\& if (check_is_acceptable_expired_cert(err_cert) +\& return 1; +\& } +\& return ok; +\& } +.Ve +.PP +Full featured logging callback. In this case the \fBbio_err\fR is assumed to be +a global logging \fB\s-1BIO\s0\fR, an alternative would to store a \s-1BIO\s0 in \fBctx\fR using +\&\fBex_data\fR. +.PP +.Vb 4 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& X509 *err_cert; +\& int err, depth; +\& +\& err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& err = X509_STORE_CTX_get_error(ctx); +\& depth = X509_STORE_CTX_get_error_depth(ctx); +\& +\& BIO_printf(bio_err, "depth=%d ", depth); +\& if (err_cert) { +\& X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), +\& 0, XN_FLAG_ONELINE); +\& BIO_puts(bio_err, "\en"); +\& } +\& else +\& BIO_puts(bio_err, "\en"); +\& if (!ok) +\& BIO_printf(bio_err, "verify error:num=%d:%s\en", err, +\& X509_verify_cert_error_string(err)); +\& switch (err) { +\& case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: +\& BIO_puts(bio_err, "issuer= "); +\& X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), +\& 0, XN_FLAG_ONELINE); +\& BIO_puts(bio_err, "\en"); +\& break; +\& case X509_V_ERR_CERT_NOT_YET_VALID: +\& case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: +\& BIO_printf(bio_err, "notBefore="); +\& ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); +\& BIO_printf(bio_err, "\en"); +\& break; +\& case X509_V_ERR_CERT_HAS_EXPIRED: +\& case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: +\& BIO_printf(bio_err, "notAfter="); +\& ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); +\& BIO_printf(bio_err, "\en"); +\& break; +\& case X509_V_ERR_NO_EXPLICIT_POLICY: +\& policies_print(bio_err, ctx); +\& break; +\& } +\& if (err == X509_V_OK && ok == 2) +\& /* print out policies */ +\& +\& BIO_printf(bio_err, "verify return:%d\en", ok); +\& return(ok); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_CTX_get_error\fR\|(3) +\&\fBX509_STORE_set_verify_cb_func\fR\|(3) +\&\fBX509_STORE_CTX_get_ex_new_index\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fBX509_STORE_CTX_get_get_issuer()\fR, +\&\fBX509_STORE_CTX_get_check_issued()\fR, \fBX509_STORE_CTX_get_check_revocation()\fR, +\&\fBX509_STORE_CTX_get_get_crl()\fR, \fBX509_STORE_CTX_get_check_crl()\fR, +\&\fBX509_STORE_CTX_get_cert_crl()\fR, \fBX509_STORE_CTX_get_check_policy()\fR, +\&\fBX509_STORE_CTX_get_lookup_certs()\fR, \fBX509_STORE_CTX_get_lookup_crls()\fR +and \fBX509_STORE_CTX_get_cleanup()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_STORE_add_cert.3 b/deps/openssl/mingw64/share/man/man3/X509_STORE_add_cert.3 new file mode 100644 index 00000000..e787ec45 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_STORE_add_cert.3 @@ -0,0 +1,243 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_ADD_CERT 3" +.TH X509_STORE_ADD_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE, X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, X509_STORE_add_lookup, X509_STORE_load_locations, X509_STORE_set_default_paths \&\- X509_STORE manipulation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef x509_store_st X509_STORE; +\& +\& int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +\& int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); +\& int X509_STORE_set_depth(X509_STORE *store, int depth); +\& int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +\& int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); +\& int X509_STORE_set_trust(X509_STORE *ctx, int trust); +\& +\& X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store, +\& X509_LOOKUP_METHOD *meth); +\& +\& int X509_STORE_load_locations(X509_STORE *ctx, +\& const char *file, const char *dir); +\& int X509_STORE_set_default_paths(X509_STORE *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_STORE\fR structure is intended to be a consolidated mechanism for +holding information about X.509 certificates and CRLs, and constructing +and validating chains of certificates terminating in trusted roots. +It admits multiple lookup mechanisms and efficient scaling performance +with large numbers of certificates, and a great deal of flexibility in +how validation and policy checks are performed. +.PP +\&\fBX509_STORE_new\fR\|(3) creates an empty \fBX509_STORE\fR structure, which contains +no information about trusted certificates or where such certificates +are located on disk, and is generally not usable. Normally, trusted +certificates will be added to the \fBX509_STORE\fR to prepare it for use, +via mechanisms such as \fBX509_STORE_add_lookup()\fR and \fBX509_LOOKUP_file()\fR, or +\&\fBPEM_read_bio_X509_AUX()\fR and \fBX509_STORE_add_cert()\fR. CRLs can also be added, +and many behaviors configured as desired. +.PP +Once the \fBX509_STORE\fR is suitably configured, \fBX509_STORE_CTX_new()\fR is +used to instantiate a single-use \fBX509_STORE_CTX\fR for each chain-building +and verification operation. That process includes providing the end-entity +certificate to be verified and an additional set of untrusted certificates +that may be used in chain-building. As such, it is expected that the +certificates included in the \fBX509_STORE\fR are certificates that represent +trusted entities such as root certificate authorities (CAs). +OpenSSL represents these trusted certificates internally as \fBX509\fR objects +with an associated \fBX509_CERT_AUX\fR, as are produced by +\&\fBPEM_read_bio_X509_AUX()\fR and similar routines that refer to X509_AUX. +The public interfaces that operate on such trusted certificates still +operate on pointers to \fBX509\fR objects, though. +.PP +\&\fBX509_STORE_add_cert()\fR and \fBX509_STORE_add_crl()\fR add the respective object +to the \fBX509_STORE\fR's local storage. Untrusted objects should not be +added in this way. The added object's reference count is incremented by one, +hence the caller retains ownership of the object and needs to free it when it +is no longer needed. +.PP +\&\fBX509_STORE_set_depth()\fR, \fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, +\&\fBX509_STORE_set_trust()\fR, and \fBX509_STORE_set1_param()\fR set the default values +for the corresponding values used in certificate chain validation. Their +behavior is documented in the corresponding \fBX509_VERIFY_PARAM\fR manual +pages, e.g., \fBX509_VERIFY_PARAM_set_depth\fR\|(3). +.PP +\&\fBX509_STORE_add_lookup()\fR finds or creates a \fBX509_LOOKUP\fR\|(3) with the +\&\fBX509_LOOKUP_METHOD\fR\|(3) \fImeth\fR and adds it to the \fBX509_STORE\fR +\&\fIstore\fR. This also associates the \fBX509_STORE\fR with the lookup, so +\&\fBX509_LOOKUP\fR functions can look up objects in that store. +.PP +\&\fBX509_STORE_load_locations()\fR loads trusted certificate(s) into an +\&\fBX509_STORE\fR from a given file and/or directory path. It is permitted +to specify just a file, just a directory, or both paths. The certificates +in the directory must be in hashed form, as documented in +\&\fBX509_LOOKUP_hash_dir\fR\|(3). +.PP +\&\fBX509_STORE_set_default_paths()\fR is somewhat misnamed, in that it does not +set what default paths should be used for loading certificates. Instead, +it loads certificates into the \fBX509_STORE\fR from the hardcoded default +paths. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_add_cert()\fR, \fBX509_STORE_add_crl()\fR, \fBX509_STORE_set_depth()\fR, +\&\fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, +\&\fBX509_STORE_set_trust()\fR, \fBX509_STORE_load_locations()\fR, and +\&\fBX509_STORE_set_default_paths()\fR return 1 on success or 0 on failure. +.PP +\&\fBX509_STORE_add_lookup()\fR returns the found or created +\&\fBX509_LOOKUP\fR\|(3), or \s-1NULL\s0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_LOOKUP_hash_dir\fR\|(3). +\&\fBX509_VERIFY_PARAM_set_depth\fR\|(3). +\&\fBX509_STORE_new\fR\|(3), +\&\fBX509_STORE_get0_param\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_STORE_get0_param.3 b/deps/openssl/mingw64/share/man/man3/X509_STORE_get0_param.3 new file mode 100644 index 00000000..325d199a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_STORE_get0_param.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_GET0_PARAM 3" +.TH X509_STORE_GET0_PARAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_get0_param, X509_STORE_set1_param, X509_STORE_get0_objects \- X509_STORE setter and getter functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); +\& int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +\& STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_STORE_set1_param()\fR sets the verification parameters +to \fBpm\fR for \fBctx\fR. +.PP +\&\fBX509_STORE_get0_param()\fR retrieves an internal pointer to the verification +parameters for \fBctx\fR. The returned pointer must not be freed by the +calling application +.PP +\&\fBX509_STORE_get0_objects()\fR retrieve an internal pointer to the store's +X509 object cache. The cache contains \fBX509\fR and \fBX509_CRL\fR objects. The +returned pointer must not be freed by the calling application. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_get0_param()\fR returns a pointer to an +\&\fBX509_VERIFY_PARAM\fR structure. +.PP +\&\fBX509_STORE_set1_param()\fR returns 1 for success and 0 for failure. +.PP +\&\fBX509_STORE_get0_objects()\fR returns a pointer to a stack of \fBX509_OBJECT\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_STORE_get0_param\fR and \fBX509_STORE_get0_objects\fR were added in +OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_STORE_new.3 b/deps/openssl/mingw64/share/man/man3/X509_STORE_new.3 new file mode 100644 index 00000000..7f7fcfa2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_STORE_new.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_NEW 3" +.TH X509_STORE_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, X509_STORE_unlock \- X509_STORE allocation, freeing and locking functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_STORE *X509_STORE_new(void); +\& void X509_STORE_free(X509_STORE *v); +\& int X509_STORE_lock(X509_STORE *v); +\& int X509_STORE_unlock(X509_STORE *v); +\& int X509_STORE_up_ref(X509_STORE *v); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_STORE_new()\fR function returns a new X509_STORE. +.PP +\&\fBX509_STORE_up_ref()\fR increments the reference count associated with the +X509_STORE object. +.PP +\&\fBX509_STORE_lock()\fR locks the store from modification by other threads, +\&\fBX509_STORE_unlock()\fR unlocks it. +.PP +\&\fBX509_STORE_free()\fR frees up a single X509_STORE object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_new()\fR returns a newly created X509_STORE or \s-1NULL\s0 if the call fails. +.PP +\&\fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR return +1 for success and 0 for failure. +.PP +\&\fBX509_STORE_free()\fR does not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_set_verify_cb_func\fR\|(3) +\&\fBX509_STORE_get0_param\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR +functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_STORE_set_verify_cb_func.3 b/deps/openssl/mingw64/share/man/man3/X509_STORE_set_verify_cb_func.3 new file mode 100644 index 00000000..15ccb7c6 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_STORE_set_verify_cb_func.3 @@ -0,0 +1,364 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_SET_VERIFY_CB_FUNC 3" +.TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_set_lookup_crls_cb, X509_STORE_set_verify_func, X509_STORE_get_cleanup, X509_STORE_set_cleanup, X509_STORE_get_lookup_crls, X509_STORE_set_lookup_crls, X509_STORE_get_lookup_certs, X509_STORE_set_lookup_certs, X509_STORE_get_check_policy, X509_STORE_set_check_policy, X509_STORE_get_cert_crl, X509_STORE_set_cert_crl, X509_STORE_get_check_crl, X509_STORE_set_check_crl, X509_STORE_get_get_crl, X509_STORE_set_get_crl, X509_STORE_get_check_revocation, X509_STORE_set_check_revocation, X509_STORE_get_check_issued, X509_STORE_set_check_issued, X509_STORE_get_get_issuer, X509_STORE_set_get_issuer, X509_STORE_CTX_get_verify, X509_STORE_set_verify, X509_STORE_get_verify_cb, X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb, X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn, X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn \&\- set verification callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, +\& X509_STORE_CTX *ctx, X509 *x); +\& typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, +\& X509 *x, X509 *issuer); +\& typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); +\& typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, +\& X509_CRL **crl, X509 *x); +\& typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); +\& typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, +\& X509_CRL *crl, X509 *x); +\& typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); +\& typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, +\& X509_NAME *nm); +\& typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, +\& X509_NAME *nm); +\& typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_verify_cb(X509_STORE *ctx, +\& X509_STORE_CTX_verify_cb verify_cb); +\& X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +\& X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_get_issuer(X509_STORE *ctx, +\& X509_STORE_CTX_get_issuer_fn get_issuer); +\& X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_issued(X509_STORE *ctx, +\& X509_STORE_CTX_check_issued_fn check_issued); +\& X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_revocation(X509_STORE *ctx, +\& X509_STORE_CTX_check_revocation_fn check_revocation); +\& X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_get_crl(X509_STORE *ctx, +\& X509_STORE_CTX_get_crl_fn get_crl); +\& X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_crl(X509_STORE *ctx, +\& X509_STORE_CTX_check_crl_fn check_crl); +\& X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_cert_crl(X509_STORE *ctx, +\& X509_STORE_CTX_cert_crl_fn cert_crl); +\& X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_policy(X509_STORE *ctx, +\& X509_STORE_CTX_check_policy_fn check_policy); +\& X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_lookup_certs(X509_STORE *ctx, +\& X509_STORE_CTX_lookup_certs_fn lookup_certs); +\& X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_lookup_crls(X509_STORE *ctx, +\& X509_STORE_CTX_lookup_crls_fn lookup_crls); +\& X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_cleanup(X509_STORE *ctx, +\& X509_STORE_CTX_cleanup_fn cleanup); +\& X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx); +\& +\& /* Aliases */ +\& void X509_STORE_set_verify_cb_func(X509_STORE *st, +\& X509_STORE_CTX_verify_cb verify_cb); +\& void X509_STORE_set_verify_func(X509_STORE *ctx, +\& X509_STORE_CTX_verify_fn verify); +\& void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, +\& X509_STORE_CTX_lookup_crls_fn lookup_crls); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBverify_cb\fR overwriting the previous callback. +The callback assigned with this function becomes a default for the one +that can be assigned directly to the corresponding \fBX509_STORE_CTX\fR, +please see \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further information. +.PP +\&\fBX509_STORE_set_verify()\fR sets the final chain verification function for +\&\fBctx\fR to \fBverify\fR. +Its purpose is to go through the chain of certificates and check that +all signatures are valid and that the current time is within the +limits of each certificate's first and last validity time. +The final chain verification functions must return 0 on failure and 1 +on success. +\&\fIIf no chain verification function is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_get_issuer()\fR sets the function to get the issuer +certificate that verifies the given certificate \fBx\fR. +When found, the issuer certificate must be assigned to \fB*issuer\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_check_issued()\fR sets the function to check that a given +certificate \fBx\fR is issued with the issuer certificate \fBissuer\fR. +This function must return 0 on failure (among others if \fBx\fR hasn't +been issued with \fBissuer\fR) and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_check_revocation()\fR sets the revocation checking +function. +Its purpose is to look through the final chain and check the +revocation status for each certificate. +It must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_get_crl()\fR sets the function to get the crl for a given +certificate \fBx\fR. +When found, the crl must be assigned to \fB*crl\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_check_crl()\fR sets the function to check the validity of +the given \fBcrl\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_cert_crl()\fR sets the function to check the revocation +status of the given certificate \fBx\fR against the given \fBcrl\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_check_policy()\fR sets the function to check the policies +of all the certificates in the final chain.. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_lookup_certs()\fR and \fBX509_STORE_set_lookup_crls()\fR set the +functions to look up all the certs or all the CRLs that match the +given name \fBnm\fR. +These functions return \s-1NULL\s0 on failure and a pointer to a stack of +certificates (\fBX509\fR) or to a stack of CRLs (\fBX509_CRL\fR) on +success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_cleanup()\fR sets the final cleanup function, which is +called when the context (\fBX509_STORE_CTX\fR) is being torn down. +This function doesn't return any value. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_get_verify_cb()\fR, \fBX509_STORE_CTX_get_verify()\fR, +\&\fBX509_STORE_get_get_issuer()\fR, \fBX509_STORE_get_check_issued()\fR, +\&\fBX509_STORE_get_check_revocation()\fR, \fBX509_STORE_get_get_crl()\fR, +\&\fBX509_STORE_get_check_crl()\fR, \fBX509_STORE_set_verify()\fR, +\&\fBX509_STORE_set_get_issuer()\fR, \fBX509_STORE_get_cert_crl()\fR, +\&\fBX509_STORE_get_check_policy()\fR, \fBX509_STORE_get_lookup_certs()\fR, +\&\fBX509_STORE_get_lookup_crls()\fR and \fBX509_STORE_get_cleanup()\fR all return +the function pointer assigned with \fBX509_STORE_set_check_issued()\fR, +\&\fBX509_STORE_set_check_revocation()\fR, \fBX509_STORE_set_get_crl()\fR, +\&\fBX509_STORE_set_check_crl()\fR, \fBX509_STORE_set_cert_crl()\fR, +\&\fBX509_STORE_set_check_policy()\fR, \fBX509_STORE_set_lookup_certs()\fR, +\&\fBX509_STORE_set_lookup_crls()\fR and \fBX509_STORE_set_cleanup()\fR, or \s-1NULL\s0 if +no assignment has been made. +.PP +\&\fBX509_STORE_set_verify_cb_func()\fR, \fBX509_STORE_set_verify_func()\fR and +\&\fBX509_STORE_set_lookup_crls_cb()\fR are aliases for +\&\fBX509_STORE_set_verify_cb()\fR, \fBX509_STORE_set_verify()\fR and +X509_STORE_set_lookup_crls, available as macros for backward +compatibility. +.SH "NOTES" +.IX Header "NOTES" +All the callbacks from a \fBX509_STORE\fR are inherited by the +corresponding \fBX509_STORE_CTX\fR structure when it is initialized. +See \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further details. +.SH "BUGS" +.IX Header "BUGS" +The macro version of this function was the only one available before +OpenSSL 1.0.0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The X509_STORE_set_*() functions do not return a value. +.PP +The X509_STORE_get_*() functions return a pointer of the appropriate +function type. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_CTX_set_verify_cb\fR\|(3), \fBX509_STORE_CTX_get0_chain\fR\|(3), +\&\fBX509_STORE_CTX_verify_cb\fR\|(3), \fBX509_STORE_CTX_verify_fn\fR\|(3), +\&\fBCMS_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_STORE_set_verify_cb()\fR function was added in OpenSSL 1.0.0. +.PP +The functions +\&\fBX509_STORE_set_verify_cb()\fR, \fBX509_STORE_get_verify_cb()\fR, +\&\fBX509_STORE_set_verify()\fR, \fBX509_STORE_CTX_get_verify()\fR, +\&\fBX509_STORE_set_get_issuer()\fR, \fBX509_STORE_get_get_issuer()\fR, +\&\fBX509_STORE_set_check_issued()\fR, \fBX509_STORE_get_check_issued()\fR, +\&\fBX509_STORE_set_check_revocation()\fR, \fBX509_STORE_get_check_revocation()\fR, +\&\fBX509_STORE_set_get_crl()\fR, \fBX509_STORE_get_get_crl()\fR, +\&\fBX509_STORE_set_check_crl()\fR, \fBX509_STORE_get_check_crl()\fR, +\&\fBX509_STORE_set_cert_crl()\fR, \fBX509_STORE_get_cert_crl()\fR, +\&\fBX509_STORE_set_check_policy()\fR, \fBX509_STORE_get_check_policy()\fR, +\&\fBX509_STORE_set_lookup_certs()\fR, \fBX509_STORE_get_lookup_certs()\fR, +\&\fBX509_STORE_set_lookup_crls()\fR, \fBX509_STORE_get_lookup_crls()\fR, +\&\fBX509_STORE_set_cleanup()\fR and \fBX509_STORE_get_cleanup()\fR +were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_VERIFY_PARAM_set_flags.3 b/deps/openssl/mingw64/share/man/man3/X509_VERIFY_PARAM_set_flags.3 new file mode 100644 index 00000000..edd57c00 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_VERIFY_PARAM_set_flags.3 @@ -0,0 +1,500 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_VERIFY_PARAM_SET_FLAGS 3" +.TH X509_VERIFY_PARAM_SET_FLAGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_get_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc \&\- X509 verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, +\& unsigned long flags); +\& int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, +\& unsigned long flags); +\& unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, +\& uint32_t flags); +\& uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +\& int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +\& +\& void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +\& time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, +\& ASN1_OBJECT *policy); +\& int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, +\& STACK_OF(ASN1_OBJECT) *policies); +\& +\& void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +\& int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +\& +\& void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, +\& int auth_level); +\& int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, +\& const char *name, size_t namelen); +\& int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, +\& const char *name, size_t namelen); +\& void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, +\& unsigned int flags); +\& unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); +\& char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); +\& int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, +\& const char *email, size_t emaillen); +\& int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, +\& const unsigned char *ip, size_t iplen); +\& int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with +a certificate verification operation. +.PP +The \fBX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring +it with \fBflags\fR. See the \fB\s-1VERIFICATION FLAGS\s0\fR section for a complete +description of values the \fBflags\fR parameter can take. +.PP +\&\fBX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR. +.PP +\&\fBX509_VERIFY_PARAM_get_inh_flags()\fR returns the inheritance flags in \fBparam\fR +which specifies how verification flags are copied from one structure to +another. \fBX509_VERIFY_PARAM_set_inh_flags()\fR sets the inheritance flags. +See the \fB\s-1INHERITANCE FLAGS\s0\fR section for a description of these bits. +.PP +\&\fBX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR. +.PP +\&\fBX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR +to \fBpurpose\fR. This determines the acceptable purpose of the certificate +chain, for example \s-1SSL\s0 client or \s-1SSL\s0 server. +.PP +\&\fBX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to +\&\fBtrust\fR. +.PP +\&\fBX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to +\&\fBt\fR. Normally the current time is used. +.PP +\&\fBX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled +by default) and adds \fBpolicy\fR to the acceptable policy set. +.PP +\&\fBX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled +by default) and sets the acceptable policy set to \fBpolicies\fR. Any existing +policy set is cleared. The \fBpolicies\fR parameter can be \fB\s-1NULL\s0\fR to clear +an existing policy set. +.PP +\&\fBX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR. +That is the maximum number of intermediate \s-1CA\s0 certificates that can appear in a +chain. +A maximal depth chain contains 2 more certificates than the limit, since +neither the end-entity certificate nor the trust-anchor count against this +limit. +Thus a \fBdepth\fR limit of 0 only allows the end-entity certificate to be signed +directly by the trust-anchor, while with a \fBdepth\fR limit of 1 there can be one +intermediate \s-1CA\s0 certificate between the trust-anchor and the end-entity +certificate. +.PP +\&\fBX509_VERIFY_PARAM_set_auth_level()\fR sets the authentication security level to +\&\fBauth_level\fR. +The authentication security level determines the acceptable signature and public +key strength when verifying certificate chains. +For a certificate chain to validate, the public keys of all the certificates +must meet the specified security level. +The signature algorithm security level is not enforced for the chain's \fItrust +anchor\fR certificate, which is either directly trusted or validated by means other +than its signature. +See \fBSSL_CTX_set_security_level\fR\|(3) for the definitions of the available +levels. +The default security level is \-1, or \*(L"not set\*(R". +At security level 0 or lower all algorithms are acceptable. +Security level 1 requires at least 80\-bit\-equivalent security and is broadly +interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 keys +shorter than 1024 bits. +.PP +\&\fBX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to +\&\fBname\fR clearing any previously specified host name or names. If +\&\fBname\fR is \s-1NULL,\s0 or empty the list of hostnames is cleared, and +name checks are not performed on the peer certificate. If \fBname\fR +is NUL-terminated, \fBnamelen\fR may be zero, otherwise \fBnamelen\fR +must be set to the length of \fBname\fR. +.PP +When a hostname is specified, +certificate verification automatically invokes \fBX509_check_host\fR\|(3) +with flags equal to the \fBflags\fR argument given to +\&\fBX509_VERIFY_PARAM_set_hostflags()\fR (default zero). Applications +are strongly advised to use this interface in preference to explicitly +calling \fBX509_check_host\fR\|(3), hostname checks may be out of scope +with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will +be suppressed as appropriate when \s-1DANE\s0 verification is enabled. +.PP +When the subject CommonName will not be ignored, whether as a result of the +\&\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR host flag, or because no \s-1DNS\s0 subject +alternative names are present in the certificate, any \s-1DNS\s0 name constraints in +issuer certificates apply to the subject CommonName as well as the subject +alternative name extension. +.PP +When the subject CommonName will be ignored, whether as a result of the +\&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR host flag, or because some \s-1DNS\s0 subject +alternative names are present in the certificate, \s-1DNS\s0 name constraints in +issuer certificates will not be applied to the subject \s-1DN.\s0 +As described in \fBX509_check_host\fR\|(3) the \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR +flag takes precedence over the \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag. +.PP +\&\fBX509_VERIFY_PARAM_get_hostflags()\fR returns any host flags previously set via a +call to \fBX509_VERIFY_PARAM_set_hostflags()\fR. +.PP +\&\fBX509_VERIFY_PARAM_add1_host()\fR adds \fBname\fR as an additional reference +identifier that can match the peer's certificate. Any previous names +set via \fBX509_VERIFY_PARAM_set1_host()\fR or \fBX509_VERIFY_PARAM_add1_host()\fR +are retained, no change is made if \fBname\fR is \s-1NULL\s0 or empty. When +multiple names are configured, the peer is considered verified when +any name matches. +.PP +\&\fBX509_VERIFY_PARAM_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject +CommonName from the peer certificate that matched one of the reference +identifiers. When wildcard matching is not disabled, or when a +reference identifier specifies a parent domain (starts with \*(L".\*(R") +rather than a hostname, the peer name may be a wildcard name or a +sub-domain of the reference identifier respectively. The return +string is allocated by the library and is no longer valid once the +associated \fBparam\fR argument is freed. Applications must not free +the return value. +.PP +\&\fBX509_VERIFY_PARAM_set1_email()\fR sets the expected \s-1RFC822\s0 email address to +\&\fBemail\fR. If \fBemail\fR is NUL-terminated, \fBemaillen\fR may be zero, otherwise +\&\fBemaillen\fR must be set to the length of \fBemail\fR. When an email address +is specified, certificate verification automatically invokes +\&\fBX509_check_email\fR\|(3). +.PP +\&\fBX509_VERIFY_PARAM_set1_ip()\fR sets the expected \s-1IP\s0 address to \fBip\fR. +The \fBip\fR argument is in binary format, in network byte-order and +\&\fBiplen\fR must be set to 4 for IPv4 and 16 for IPv6. When an \s-1IP\s0 +address is specified, certificate verification automatically invokes +\&\fBX509_check_ip\fR\|(3). +.PP +\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR sets the expected \s-1IP\s0 address to +\&\fBipasc\fR. The \fBipasc\fR argument is a NUL-terminal \s-1ASCII\s0 string: +dotted decimal quad for IPv4 and colon-separated hexadecimal for +IPv6. The condensed \*(L"::\*(R" notation is supported for IPv6 addresses. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_VERIFY_PARAM_set_flags()\fR, \fBX509_VERIFY_PARAM_clear_flags()\fR, +\&\fBX509_VERIFY_PARAM_set_inh_flags()\fR, +\&\fBX509_VERIFY_PARAM_set_purpose()\fR, \fBX509_VERIFY_PARAM_set_trust()\fR, +\&\fBX509_VERIFY_PARAM_add0_policy()\fR \fBX509_VERIFY_PARAM_set1_policies()\fR, +\&\fBX509_VERIFY_PARAM_set1_host()\fR, \fBX509_VERIFY_PARAM_add1_host()\fR, +\&\fBX509_VERIFY_PARAM_set1_email()\fR, \fBX509_VERIFY_PARAM_set1_ip()\fR and +\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR return 1 for success and 0 for +failure. +.PP +\&\fBX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags. +.PP +\&\fBX509_VERIFY_PARAM_get_hostflags()\fR returns any current host flags. +.PP +\&\fBX509_VERIFY_PARAM_get_inh_flags()\fR returns the current inheritance flags. +.PP +\&\fBX509_VERIFY_PARAM_set_time()\fR and \fBX509_VERIFY_PARAM_set_depth()\fR do not return +values. +.PP +\&\fBX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth. +.PP +\&\fBX509_VERIFY_PARAM_get_auth_level()\fR returns the current authentication security +level. +.SH "VERIFICATION FLAGS" +.IX Header "VERIFICATION FLAGS" +The verification flags consists of zero or more of the following flags +ored together. +.PP +\&\fBX509_V_FLAG_CRL_CHECK\fR enables \s-1CRL\s0 checking for the certificate chain leaf +certificate. An error occurs if a suitable \s-1CRL\s0 cannot be found. +.PP +\&\fBX509_V_FLAG_CRL_CHECK_ALL\fR enables \s-1CRL\s0 checking for the entire certificate +chain. +.PP +\&\fBX509_V_FLAG_IGNORE_CRITICAL\fR disabled critical extension checking. By default +any unhandled critical extensions in certificates or (if checked) CRLs results +in a fatal error. If this flag is set unhandled critical extensions are +ignored. \fB\s-1WARNING\s0\fR setting this option for anything other than debugging +purposes can be a security risk. Finer control over which extensions are +supported can be performed in the verification callback. +.PP +The \fBX509_V_FLAG_X509_STRICT\fR flag disables workarounds for some broken +certificates and makes the verification strictly apply \fBX509\fR rules. +.PP +\&\fBX509_V_FLAG_ALLOW_PROXY_CERTS\fR enables proxy certificate verification. +.PP +\&\fBX509_V_FLAG_POLICY_CHECK\fR enables certificate policy checking, by default +no policy checking is performed. Additional information is sent to the +verification callback relating to policy checking. +.PP +\&\fBX509_V_FLAG_EXPLICIT_POLICY\fR, \fBX509_V_FLAG_INHIBIT_ANY\fR and +\&\fBX509_V_FLAG_INHIBIT_MAP\fR set the \fBrequire explicit policy\fR, \fBinhibit any +policy\fR and \fBinhibit policy mapping\fR flags respectively as defined in +\&\fB\s-1RFC3280\s0\fR. Policy checking is automatically enabled if any of these flags +are set. +.PP +If \fBX509_V_FLAG_NOTIFY_POLICY\fR is set and the policy checking is successful +a special status code is set to the verification callback. This permits it +to examine the valid policy tree and perform additional checks or simply +log it for debugging purposes. +.PP +By default some additional features such as indirect CRLs and CRLs signed by +different keys are disabled. If \fBX509_V_FLAG_EXTENDED_CRL_SUPPORT\fR is set +they are enabled. +.PP +If \fBX509_V_FLAG_USE_DELTAS\fR is set delta CRLs (if present) are used to +determine certificate status. If not set deltas are ignored. +.PP +\&\fBX509_V_FLAG_CHECK_SS_SIGNATURE\fR enables checking of the root \s-1CA\s0 self signed +certificate signature. By default this check is disabled because it doesn't +add any additional security but in some cases applications might want to +check the signature anyway. A side effect of not checking the root \s-1CA\s0 +signature is that disabled or unsupported message digests on the root \s-1CA\s0 +are not treated as fatal errors. +.PP +When \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, construction of the certificate chain +in \fBX509_verify_cert\fR\|(3) will search the trust store for issuer certificates +before searching the provided untrusted certificates. +Local issuer certificates are often more likely to satisfy local security +requirements and lead to a locally trusted root. +This is especially important when some certificates in the trust store have +explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fBx509\fR\|(1)). +As of OpenSSL 1.1.0 this option is on by default. +.PP +The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag suppresses checking for alternative +chains. +By default, unless \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, when building a +certificate chain, if the first certificate chain found is not trusted, then +OpenSSL will attempt to replace untrusted certificates supplied by the peer +with certificates from the trust store to see if an alternative chain can be +found that is trusted. +As of OpenSSL 1.1.0, with \fBX509_V_FLAG_TRUSTED_FIRST\fR always set, this option +has no effect. +.PP +The \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag causes intermediate certificates in the +trust store to be treated as trust-anchors, in the same way as the self-signed +root \s-1CA\s0 certificates. +This makes it possible to trust certificates issued by an intermediate \s-1CA\s0 +without having to trust its ancestor root \s-1CA.\s0 +With OpenSSL 1.1.0 and later and set, chain +construction stops as soon as the first certificate from the trust store is +added to the chain, whether that certificate is a self-signed \*(L"root\*(R" +certificate or a not self-signed intermediate certificate. +Thus, when an intermediate certificate is found in the trust store, the +verified chain passed to callbacks may be shorter than it otherwise would +be without the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag. +.PP +The \fBX509_V_FLAG_NO_CHECK_TIME\fR flag suppresses checking the validity period +of certificates and CRLs against the current time. If \fBX509_VERIFY_PARAM_set_time()\fR +is used to specify a verification time, the check is not suppressed. +.SH "INHERITANCE FLAGS" +.IX Header "INHERITANCE FLAGS" +These flags specify how parameters are \*(L"inherited\*(R" from one structure to +another. +.PP +If \fBX509_VP_FLAG_ONCE\fR is set then the current setting is zeroed +after the next call. +.PP +If \fBX509_VP_FLAG_LOCKED\fR is set then no values are copied. This overrides +all of the following flags. +.PP +If \fBX509_VP_FLAG_DEFAULT\fR is set then anything set in the source is copied +to the destination. Effectively the values in \*(L"to\*(R" become default values +which will be used only if nothing new is set in \*(L"from\*(R". This is the +default. +.PP +If \fBX509_VP_FLAG_OVERWRITE\fR is set then all value are copied across whether +they are set or not. Flags is still Ored though. +.PP +If \fBX509_VP_FLAG_RESET_FLAGS\fR is set then the flags value is copied instead +of ORed. +.SH "NOTES" +.IX Header "NOTES" +The above functions should be used to manipulate verification parameters +instead of functions which work in specific structures such as +\&\fBX509_STORE_CTX_set_flags()\fR which are likely to be deprecated in a future +release. +.SH "BUGS" +.IX Header "BUGS" +Delta \s-1CRL\s0 checking is currently primitive. Only a single delta can be used and +(partly due to limitations of \fBX509_STORE\fR) constructed CRLs are not +maintained. +.PP +If CRLs checking is enable CRLs are expected to be available in the +corresponding \fBX509_STORE\fR structure. No attempt is made to download +CRLs from the \s-1CRL\s0 distribution points extension. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Enable \s-1CRL\s0 checking when performing certificate verification during \s-1SSL\s0 +connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR: +.PP +.Vb 1 +\& X509_VERIFY_PARAM *param; +\& +\& param = X509_VERIFY_PARAM_new(); +\& X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); +\& SSL_CTX_set1_param(ctx, param); +\& X509_VERIFY_PARAM_free(param); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_check_host\fR\|(3), +\&\fBX509_check_email\fR\|(3), +\&\fBX509_check_ip\fR\|(3), +\&\fBx509\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.1.0. +The flag \fBX509_V_FLAG_CB_ISSUER_CHECK\fR was deprecated in OpenSSL 1.1.0 +and has no effect. +.PP +The \fBX509_VERIFY_PARAM_get_hostflags()\fR function was added in OpenSSL 1.1.0i. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_check_ca.3 b/deps/openssl/mingw64/share/man/man3/X509_check_ca.3 new file mode 100644 index 00000000..548e6e93 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_check_ca.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_CA 3" +.TH X509_CHECK_CA 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_ca \- check if given certificate is CA certificate +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_ca(X509 *cert); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function checks if given certificate is \s-1CA\s0 certificate (can be used +to sign other certificates). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Function return 0, if it is not \s-1CA\s0 certificate, 1 if it is proper X509v3 +\&\s-1CA\s0 certificate with \fBbasicConstraints\fR extension \s-1CA:TRUE, +3,\s0 if it is self-signed X509 v1 certificate, 4, if it is certificate with +\&\fBkeyUsage\fR extension with bit \fBkeyCertSign\fR set, but without +\&\fBbasicConstraints\fR, and 5 if it has outdated Netscape Certificate Type +extension telling that it is \s-1CA\s0 certificate. +.PP +Actually, any non-zero value means that this certificate could have been +used to sign other certificates. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_check_issued\fR\|(3), +\&\fBX509_check_purpose\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_check_host.3 b/deps/openssl/mingw64/share/man/man3/X509_check_host.3 new file mode 100644 index 00000000..c708f84c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_check_host.3 @@ -0,0 +1,288 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_HOST 3" +.TH X509_CHECK_HOST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc \- X.509 certificate matching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_host(X509 *, const char *name, size_t namelen, +\& unsigned int flags, char **peername); +\& int X509_check_email(X509 *, const char *address, size_t addresslen, +\& unsigned int flags); +\& int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen, +\& unsigned int flags); +\& int X509_check_ip_asc(X509 *, const char *address, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The certificate matching functions are used to check whether a +certificate matches a given host name, email address, or \s-1IP\s0 address. +The validity of the certificate and its trust level has to be checked by +other means. +.PP +\&\fBX509_check_host()\fR checks if the certificate Subject Alternative +Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified host +name, which must be encoded in the preferred name syntax described +in section 3.5 of \s-1RFC 1034.\s0 By default, wildcards are supported +and they match only in the left-most label; but they may match +part of that label with an explicit prefix or suffix. For example, +by default, the host \fBname\fR \*(L"www.example.com\*(R" would match a +certificate with a \s-1SAN\s0 or \s-1CN\s0 value of \*(L"*.example.com\*(R", \*(L"w*.example.com\*(R" +or \*(L"*w.example.com\*(R". +.PP +Per section 6.4.2 of \s-1RFC 6125,\s0 \fBname\fR values representing international +domain names must be given in A\-label form. The \fBnamelen\fR argument +must be the number of characters in the name string or zero in which +case the length is calculated with strlen(\fBname\fR). When \fBname\fR starts +with a dot (e.g \*(L".example.com\*(R"), it will be matched by a certificate +valid for any sub-domain of \fBname\fR, (see also +\&\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR below). +.PP +When the certificate is matched, and \fBpeername\fR is not \s-1NULL,\s0 a +pointer to a copy of the matching \s-1SAN\s0 or \s-1CN\s0 from the peer certificate +is stored at the address passed in \fBpeername\fR. The application +is responsible for freeing the peername via \fBOPENSSL_free()\fR when it +is no longer needed. +.PP +\&\fBX509_check_email()\fR checks if the certificate matches the specified +email \fBaddress\fR. Only the mailbox syntax of \s-1RFC 822\s0 is supported, +comments are not allowed, and no attempt is made to normalize quoted +characters. The \fBaddresslen\fR argument must be the number of +characters in the address string or zero in which case the length +is calculated with strlen(\fBaddress\fR). +.PP +\&\fBX509_check_ip()\fR checks if the certificate matches a specified IPv4 or +IPv6 address. The \fBaddress\fR array is in binary format, in network +byte order. The length is either 4 (IPv4) or 16 (IPv6). Only +explicitly marked addresses in the certificates are considered; \s-1IP\s0 +addresses stored in \s-1DNS\s0 names and Common Names are ignored. +.PP +\&\fBX509_check_ip_asc()\fR is similar, except that the NUL-terminated +string \fBaddress\fR is first converted to the internal representation. +.PP +The \fBflags\fR argument is usually 0. It can be the bitwise \s-1OR\s0 of the +flags: +.IP "\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR," 4 +.IX Item "X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT," +.PD 0 +.IP "\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR," 4 +.IX Item "X509_CHECK_FLAG_NEVER_CHECK_SUBJECT," +.IP "\fBX509_CHECK_FLAG_NO_WILDCARDS\fR," 4 +.IX Item "X509_CHECK_FLAG_NO_WILDCARDS," +.IP "\fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR," 4 +.IX Item "X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS," +.IP "\fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR." 4 +.IX Item "X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS." +.IP "\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR." 4 +.IX Item "X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS." +.PD +.PP +The \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag causes the function +to consider the subject \s-1DN\s0 even if the certificate contains at least +one subject alternative name of the right type (\s-1DNS\s0 name or email +address as appropriate); the default is to ignore the subject \s-1DN\s0 +when at least one corresponding subject alternative names is present. +.PP +The \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR flag causes the function to never +consider the subject \s-1DN\s0 even if the certificate contains no subject alternative +names of the right type (\s-1DNS\s0 name or email address as appropriate); the default +is to use the subject \s-1DN\s0 when no corresponding subject alternative names are +present. +If both \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR and +\&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR are specified, the latter takes +precedence and the subject \s-1DN\s0 is not checked for matching names. +.PP +If set, \fBX509_CHECK_FLAG_NO_WILDCARDS\fR disables wildcard +expansion; this only applies to \fBX509_check_host\fR. +.PP +If set, \fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR suppresses support +for \*(L"*\*(R" as wildcard pattern in labels that have a prefix or suffix, +such as: \*(L"www*\*(R" or \*(L"*www\*(R"; this only applies to \fBX509_check_host\fR. +.PP +If set, \fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR allows a \*(L"*\*(R" that +constitutes the complete label of a \s-1DNS\s0 name (e.g. \*(L"*.example.com\*(R") +to match more than one label in \fBname\fR; this flag only applies +to \fBX509_check_host\fR. +.PP +If set, \fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR restricts \fBname\fR +values which start with \*(L".\*(R", that would otherwise match any sub-domain +in the peer certificate, to only match direct child sub-domains. +Thus, for instance, with this flag set a \fBname\fR of \*(L".example.com\*(R" +would match a peer certificate with a \s-1DNS\s0 name of \*(L"www.example.com\*(R", +but would not match a peer certificate with a \s-1DNS\s0 name of +\&\*(L"www.sub.example.com\*(R"; this flag only applies to \fBX509_check_host\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return 1 for a successful match, 0 for a failed match +and \-1 for an internal error: typically a memory allocation failure +or an \s-1ASN.1\s0 decoding error. +.PP +All functions can also return \-2 if the input is malformed. For example, +\&\fBX509_check_host()\fR returns \-2 if the provided \fBname\fR contains embedded +NULs. +.SH "NOTES" +.IX Header "NOTES" +Applications are encouraged to use \fBX509_VERIFY_PARAM_set1_host()\fR +rather than explicitly calling \fBX509_check_host\fR\|(3). Host name +checks may be out of scope with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, +and the internal checks will be suppressed as appropriate when +\&\s-1DANE\s0 support is enabled. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_host\fR\|(3), +\&\fBX509_VERIFY_PARAM_add1_host\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_email\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_ip\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_ipasc\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_check_issued.3 b/deps/openssl/mingw64/share/man/man3/X509_check_issued.3 new file mode 100644 index 00000000..a3f58496 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_check_issued.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_ISSUED 3" +.TH X509_CHECK_ISSUED 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_issued \- checks if certificate is issued by another certificate +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_issued(X509 *issuer, X509 *subject); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function checks if certificate \fIsubject\fR was issued using \s-1CA\s0 +certificate \fIissuer\fR. This function takes into account not only +matching of issuer field of \fIsubject\fR with subject field of \fIissuer\fR, +but also compares \fBauthorityKeyIdentifier\fR extension of \fIsubject\fR with +\&\fBsubjectKeyIdentifier\fR of \fIissuer\fR if \fBauthorityKeyIdentifier\fR +present in the \fIsubject\fR certificate and checks \fBkeyUsage\fR field of +\&\fIissuer\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Function return \fBX509_V_OK\fR if certificate \fIsubject\fR is issued by +\&\fIissuer\fR or some \fBX509_V_ERR*\fR constant to indicate an error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_check_ca\fR\|(3), +\&\fBverify\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_check_private_key.3 b/deps/openssl/mingw64/share/man/man3/X509_check_private_key.3 new file mode 100644 index 00000000..fe51bda3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_check_private_key.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_PRIVATE_KEY 3" +.TH X509_CHECK_PRIVATE_KEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_private_key, X509_REQ_check_private_key \- check the consistency of a private key with the public key in an X509 certificate or certificate request +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_private_key(X509 *x, EVP_PKEY *k); +\& +\& int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_check_private_key()\fR function checks the consistency of private +key \fBk\fR with the public key in \fBx\fR. +.PP +\&\fBX509_REQ_check_private_key()\fR is equivalent to \fBX509_check_private_key()\fR +except that \fBx\fR represents a certificate request of structure \fBX509_REQ\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_check_private_key()\fR and \fBX509_REQ_check_private_key()\fR return 1 if +the keys match each other, and 0 if not. +.PP +If the key is invalid or an error occurred, the reason code can be +obtained using \fBERR_get_error\fR\|(3). +.SH "BUGS" +.IX Header "BUGS" +The \fBcheck_private_key\fR functions don't check if \fBk\fR itself is indeed +a private key or not. It merely compares the public materials (e.g. exponent +and modulus of an \s-1RSA\s0 key) and/or key parameters (e.g. \s-1EC\s0 params of an \s-1EC\s0 key) +of a key pair. So if you pass a public key to these functions in \fBk\fR, it will +return success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_check_purpose.3 b/deps/openssl/mingw64/share/man/man3/X509_check_purpose.3 new file mode 100644 index 00000000..754ab172 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_check_purpose.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_PURPOSE 3" +.TH X509_CHECK_PURPOSE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_purpose \- Check the purpose of a certificate +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_purpose(X509 *x, int id, int ca) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function checks if certificate \fIx\fR was created with the purpose +represented by \fIid\fR. If \fIca\fR is nonzero, then certificate \fIx\fR is +checked to determine if it's a possible \s-1CA\s0 with various levels of certainty +possibly returned. +.PP +Below are the potential \s-1ID\s0's that can be checked: +.PP +.Vb 9 +\& # define X509_PURPOSE_SSL_CLIENT 1 +\& # define X509_PURPOSE_SSL_SERVER 2 +\& # define X509_PURPOSE_NS_SSL_SERVER 3 +\& # define X509_PURPOSE_SMIME_SIGN 4 +\& # define X509_PURPOSE_SMIME_ENCRYPT 5 +\& # define X509_PURPOSE_CRL_SIGN 6 +\& # define X509_PURPOSE_ANY 7 +\& # define X509_PURPOSE_OCSP_HELPER 8 +\& # define X509_PURPOSE_TIMESTAMP_SIGN 9 +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For non-CA checks +.IP "\-1 an error condition has occured" 4 +.IX Item "-1 an error condition has occured" +.PD 0 +.IP " 1 if the certificate was created to perform the purpose represented by \fIid\fR" 4 +.IX Item " 1 if the certificate was created to perform the purpose represented by id" +.IP " 0 if the certificate was not created to perform the purpose represented by \fIid\fR" 4 +.IX Item " 0 if the certificate was not created to perform the purpose represented by id" +.PD +.PP +For \s-1CA\s0 checks the below integers could be returned with the following meanings: +.IP "\-1 an error condition has occured" 4 +.IX Item "-1 an error condition has occured" +.PD 0 +.IP " 0 not a \s-1CA\s0 or does not have the purpose represented by \fIid\fR" 4 +.IX Item " 0 not a CA or does not have the purpose represented by id" +.IP " 1 is a \s-1CA.\s0" 4 +.IX Item " 1 is a CA." +.IP " 2 Only possible in old versions of openSSL when basicConstraints are absent. New versions will not return this value. May be a \s-1CA\s0" 4 +.IX Item " 2 Only possible in old versions of openSSL when basicConstraints are absent. New versions will not return this value. May be a CA" +.IP " 3 basicConstraints absent but self signed V1." 4 +.IX Item " 3 basicConstraints absent but self signed V1." +.IP " 4 basicConstraints absent but keyUsage present and keyCertSign asserted." 4 +.IX Item " 4 basicConstraints absent but keyUsage present and keyCertSign asserted." +.IP " 5 legacy Netscape specific \s-1CA\s0 Flags present" 4 +.IX Item " 5 legacy Netscape specific CA Flags present" +.PD +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this +file except in compliance with the License. You can obtain a copy in the file +\&\s-1LICENSE\s0 in the source distribution or at . diff --git a/deps/openssl/mingw64/share/man/man3/X509_cmp.3 b/deps/openssl/mingw64/share/man/man3/X509_cmp.3 new file mode 100644 index 00000000..b0dde283 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_cmp.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CMP 3" +.TH X509_CMP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp, X509_CRL_match \&\- compare X509 certificates and related values +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_cmp(const X509 *a, const X509 *b); +\& int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +\& int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +\& int X509_issuer_name_cmp(const X509 *a, const X509 *b); +\& int X509_subject_name_cmp(const X509 *a, const X509 *b); +\& int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +\& int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This set of functions are used to compare X509 objects, including X509 +certificates, X509 \s-1CRL\s0 objects and various values in an X509 certificate. +.PP +The \fBX509_cmp()\fR function compares two \fBX509\fR objects indicated by parameters +\&\fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of the hash +values of two \fBX509\fR objects and the canonical (\s-1DER\s0) encoding values. +.PP +The \fBX509_NAME_cmp()\fR function compares two \fBX509_NAME\fR objects indicated by +parameters \fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of +the canonical (\s-1DER\s0) encoding values of the two objects. \fBi2d_X509_NAME\fR\|(3) +has a more detailed description of the \s-1DER\s0 encoding of the \fBX509_NAME\fR structure. +.PP +The \fBX509_issuer_and_serial_cmp()\fR function compares the serial number and issuer +values in the given \fBX509\fR objects \fBa\fR and \fBb\fR. +.PP +The \fBX509_issuer_name_cmp()\fR, \fBX509_subject_name_cmp()\fR and \fBX509_CRL_cmp()\fR functions +are effectively wrappers of the \fBX509_NAME_cmp()\fR function. These functions compare +issuer names and subject names of the objects, or issuers of \fBX509_CRL\fR +objects, respectively. +.IX Xref "509" +.PP +The \fBX509_CRL_match()\fR function compares two \fBX509_CRL\fR objects. Unlike the +\&\fBX509_CRL_cmp()\fR function, this function compares the whole \s-1CRL\s0 content instead +of just the issuer name. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Like common memory comparison functions, the \fBX509\fR comparison functions return +an integer less than, equal to, or greater than zero if object \fBa\fR is found to +be less than, to match, or be greater than object \fBb\fR, respectively. +.PP +\&\fBX509_NAME_cmp()\fR, \fBX509_issuer_and_serial_cmp()\fR, \fBX509_issuer_name_cmp()\fR, +\&\fBX509_subject_name_cmp()\fR and \fBX509_CRL_cmp()\fR may return \fB\-2\fR to indicate an error. +.SH "NOTES" +.IX Header "NOTES" +These functions in fact utilize the underlying \fBmemcmp\fR of the C library to do +the comparison job. Data to be compared varies from \s-1DER\s0 encoding data, hash +value or \fB\s-1ASN1_STRING\s0\fR. The sign of the comparison can be used to order the +objects but it does not have a special meaning in some cases. +.PP +\&\fBX509_NAME_cmp()\fR and wrappers utilize the value \fB\-2\fR to indicate errors in some +circumstances, which could cause confusion for the applications. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBi2d_X509_NAME\fR\|(3), \fBi2d_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_cmp_time.3 b/deps/openssl/mingw64/share/man/man3/X509_cmp_time.3 new file mode 100644 index 00000000..f9745c9c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_cmp_time.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CMP_TIME 3" +.TH X509_CMP_TIME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_cmp_time, X509_cmp_current_time, X509_time_adj, X509_time_adj_ex \&\- X509 time functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 5 +\& int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm); +\& int X509_cmp_current_time(const ASN1_TIME *asn1_time); +\& ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm); +\& ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long +\& offset_sec, time_t *in_tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fBasn1_time\fR with the time +in . \fBX509_cmp_current_time()\fR compares the \s-1ASN1_TIME\s0 in +\&\fBasn1_time\fR with the current time, expressed as time_t. \fBasn1_time\fR +must satisfy the \s-1ASN1_TIME\s0 format mandated by \s-1RFC 5280,\s0 i.e., its +format must be either \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ.\s0 +.PP +\&\fBX509_time_adj_ex()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time +\&\fBoffset_day\fR and \fBoffset_sec\fR after \fBin_tm\fR. +.PP +\&\fBX509_time_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time +\&\fBoffset_sec\fR after \fBin_tm\fR. This method can only handle second +offsets up to the capacity of long, so the newer \fBX509_time_adj_ex()\fR +\&\s-1API\s0 should be preferred. +.PP +In both methods, if \fBasn1_time\fR is \s-1NULL,\s0 a new \s-1ASN1_TIME\s0 structure +is allocated and returned. +.PP +In all methods, if \fBin_tm\fR is \s-1NULL,\s0 the current time, expressed as +time_t, is used. +.SH "BUGS" +.IX Header "BUGS" +Unlike many standard comparison functions, \fBX509_cmp_time()\fR and +\&\fBX509_cmp_current_time()\fR return 0 on error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_cmp_time()\fR and \fBX509_cmp_current_time()\fR return \-1 if \fBasn1_time\fR +is earlier than, or equal to, \fBcmp_time\fR (resp. current time), and 1 +otherwise. These methods return 0 on error. +.PP +\&\fBX509_time_adj()\fR and \fBX509_time_adj_ex()\fR return a pointer to the updated +\&\s-1ASN1_TIME\s0 structure, and \s-1NULL\s0 on error. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_digest.3 b/deps/openssl/mingw64/share/man/man3/X509_digest.3 new file mode 100644 index 00000000..5a5ce8a0 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_digest.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_DIGEST 3" +.TH X509_DIGEST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_digest, X509_CRL_digest, X509_pubkey_digest, X509_NAME_digest, X509_REQ_digest, PKCS7_ISSUER_AND_SERIAL_digest \&\- get digest of various objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, +\& unsigned int *len); +\& +\& int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, +\& unsigned int *len); +\& +\& int X509_pubkey_digest(const X509 *data, const EVP_MD *type, +\& unsigned char *md, unsigned int *len); +\& +\& int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, +\& unsigned char *md, unsigned int *len); +\& +\& int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, +\& unsigned char *md, unsigned int *len); +\& +\& #include +\& +\& int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, +\& const EVP_MD *type, unsigned char *md, +\& unsigned int *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_pubkey_digest()\fR returns a digest of the \s-1DER\s0 representation of the public +key in the specified X509 \fBdata\fR object. +All other functions described here return a digest of the \s-1DER\s0 representation +of their entire \fBdata\fR objects. +.PP +The \fBtype\fR parameter specifies the digest to +be used, such as \fBEVP_sha1()\fR. The \fBmd\fR is a pointer to the buffer where the +digest will be copied and is assumed to be large enough; the constant +\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR is suggested. The \fBlen\fR parameter, if not \s-1NULL,\s0 points +to a place where the digest size will be stored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions described here return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_sha1\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_dup.3 b/deps/openssl/mingw64/share/man/man3/X509_dup.3 new file mode 100644 index 00000000..6166bc98 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_dup.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_DUP 3" +.TH X509_DUP 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS, ASN1_ITEM, ACCESS_DESCRIPTION_free, ACCESS_DESCRIPTION_new, ADMISSIONS_free, ADMISSIONS_new, ADMISSION_SYNTAX_free, ADMISSION_SYNTAX_new, ASIdOrRange_free, ASIdOrRange_new, ASIdentifierChoice_free, ASIdentifierChoice_new, ASIdentifiers_free, ASIdentifiers_new, ASRange_free, ASRange_new, AUTHORITY_INFO_ACCESS_free, AUTHORITY_INFO_ACCESS_new, AUTHORITY_KEYID_free, AUTHORITY_KEYID_new, BASIC_CONSTRAINTS_free, BASIC_CONSTRAINTS_new, CERTIFICATEPOLICIES_free, CERTIFICATEPOLICIES_new, CMS_ContentInfo_free, CMS_ContentInfo_new, CMS_ContentInfo_print_ctx, CMS_ReceiptRequest_free, CMS_ReceiptRequest_new, CRL_DIST_POINTS_free, CRL_DIST_POINTS_new, DIRECTORYSTRING_free, DIRECTORYSTRING_new, DISPLAYTEXT_free, DISPLAYTEXT_new, DIST_POINT_NAME_free, DIST_POINT_NAME_new, DIST_POINT_free, DIST_POINT_new, DSAparams_dup, ECPARAMETERS_free, ECPARAMETERS_new, ECPKPARAMETERS_free, ECPKPARAMETERS_new, EDIPARTYNAME_free, EDIPARTYNAME_new, ESS_CERT_ID_dup, ESS_CERT_ID_free, ESS_CERT_ID_new, ESS_ISSUER_SERIAL_dup, ESS_ISSUER_SERIAL_free, ESS_ISSUER_SERIAL_new, ESS_SIGNING_CERT_dup, ESS_SIGNING_CERT_free, ESS_SIGNING_CERT_new, EXTENDED_KEY_USAGE_free, EXTENDED_KEY_USAGE_new, GENERAL_NAMES_free, GENERAL_NAMES_new, GENERAL_NAME_dup, GENERAL_NAME_free, GENERAL_NAME_new, GENERAL_SUBTREE_free, GENERAL_SUBTREE_new, IPAddressChoice_free, IPAddressChoice_new, IPAddressFamily_free, IPAddressFamily_new, IPAddressOrRange_free, IPAddressOrRange_new, IPAddressRange_free, IPAddressRange_new, ISSUING_DIST_POINT_free, ISSUING_DIST_POINT_new, NAME_CONSTRAINTS_free, NAME_CONSTRAINTS_new, NAMING_AUTHORITY_free, NAMING_AUTHORITY_new, NETSCAPE_CERT_SEQUENCE_free, NETSCAPE_CERT_SEQUENCE_new, NETSCAPE_SPKAC_free, NETSCAPE_SPKAC_new, NETSCAPE_SPKI_free, NETSCAPE_SPKI_new, NOTICEREF_free, NOTICEREF_new, OCSP_BASICRESP_free, OCSP_BASICRESP_new, OCSP_CERTID_dup, OCSP_CERTID_new, OCSP_CERTSTATUS_free, OCSP_CERTSTATUS_new, OCSP_CRLID_free, OCSP_CRLID_new, OCSP_ONEREQ_free, OCSP_ONEREQ_new, OCSP_REQINFO_free, OCSP_REQINFO_new, OCSP_RESPBYTES_free, OCSP_RESPBYTES_new, OCSP_RESPDATA_free, OCSP_RESPDATA_new, OCSP_RESPID_free, OCSP_RESPID_new, OCSP_RESPONSE_new, OCSP_REVOKEDINFO_free, OCSP_REVOKEDINFO_new, OCSP_SERVICELOC_free, OCSP_SERVICELOC_new, OCSP_SIGNATURE_free, OCSP_SIGNATURE_new, OCSP_SINGLERESP_free, OCSP_SINGLERESP_new, OTHERNAME_free, OTHERNAME_new, PBE2PARAM_free, PBE2PARAM_new, PBEPARAM_free, PBEPARAM_new, PBKDF2PARAM_free, PBKDF2PARAM_new, PKCS12_BAGS_free, PKCS12_BAGS_new, PKCS12_MAC_DATA_free, PKCS12_MAC_DATA_new, PKCS12_SAFEBAG_free, PKCS12_SAFEBAG_new, PKCS12_free, PKCS12_new, PKCS7_DIGEST_free, PKCS7_DIGEST_new, PKCS7_ENCRYPT_free, PKCS7_ENCRYPT_new, PKCS7_ENC_CONTENT_free, PKCS7_ENC_CONTENT_new, PKCS7_ENVELOPE_free, PKCS7_ENVELOPE_new, PKCS7_ISSUER_AND_SERIAL_free, PKCS7_ISSUER_AND_SERIAL_new, PKCS7_RECIP_INFO_free, PKCS7_RECIP_INFO_new, PKCS7_SIGNED_free, PKCS7_SIGNED_new, PKCS7_SIGNER_INFO_free, PKCS7_SIGNER_INFO_new, PKCS7_SIGN_ENVELOPE_free, PKCS7_SIGN_ENVELOPE_new, PKCS7_dup, PKCS7_free, PKCS7_new, PKCS7_print_ctx, PKCS8_PRIV_KEY_INFO_free, PKCS8_PRIV_KEY_INFO_new, PKEY_USAGE_PERIOD_free, PKEY_USAGE_PERIOD_new, POLICYINFO_free, POLICYINFO_new, POLICYQUALINFO_free, POLICYQUALINFO_new, POLICY_CONSTRAINTS_free, POLICY_CONSTRAINTS_new, POLICY_MAPPING_free, POLICY_MAPPING_new, PROFESSION_INFO_free, PROFESSION_INFO_new, PROFESSION_INFOS_free, PROFESSION_INFOS_new, PROXY_CERT_INFO_EXTENSION_free, PROXY_CERT_INFO_EXTENSION_new, PROXY_POLICY_free, PROXY_POLICY_new, RSAPrivateKey_dup, RSAPublicKey_dup, RSA_OAEP_PARAMS_free, RSA_OAEP_PARAMS_new, RSA_PSS_PARAMS_free, RSA_PSS_PARAMS_new, SCRYPT_PARAMS_free, SCRYPT_PARAMS_new, SXNETID_free, SXNETID_new, SXNET_free, SXNET_new, TLS_FEATURE_free, TLS_FEATURE_new, TS_ACCURACY_dup, TS_ACCURACY_free, TS_ACCURACY_new, TS_MSG_IMPRINT_dup, TS_MSG_IMPRINT_free, TS_MSG_IMPRINT_new, TS_REQ_dup, TS_REQ_free, TS_REQ_new, TS_RESP_dup, TS_RESP_free, TS_RESP_new, TS_STATUS_INFO_dup, TS_STATUS_INFO_free, TS_STATUS_INFO_new, TS_TST_INFO_dup, TS_TST_INFO_free, TS_TST_INFO_new, USERNOTICE_free, USERNOTICE_new, X509_ALGOR_free, X509_ALGOR_new, X509_ATTRIBUTE_dup, X509_ATTRIBUTE_free, X509_ATTRIBUTE_new, X509_CERT_AUX_free, X509_CERT_AUX_new, X509_CINF_free, X509_CINF_new, X509_CRL_INFO_free, X509_CRL_INFO_new, X509_CRL_dup, X509_CRL_free, X509_CRL_new, X509_EXTENSION_dup, X509_EXTENSION_free, X509_EXTENSION_new, X509_NAME_ENTRY_dup, X509_NAME_ENTRY_free, X509_NAME_ENTRY_new, X509_NAME_dup, X509_NAME_free, X509_NAME_new, X509_REQ_INFO_free, X509_REQ_INFO_new, X509_REQ_dup, X509_REQ_free, X509_REQ_new, X509_REVOKED_dup, X509_REVOKED_free, X509_REVOKED_new, X509_SIG_free, X509_SIG_new, X509_VAL_free, X509_VAL_new, X509_dup, \&\- ASN1 object utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DECLARE_ASN1_FUNCTIONS(type) +\& IMPLEMENT_ASN1_FUNCTIONS(stname) +\& +\& typedef struct ASN1_ITEM_st ASN1_ITEM; +\& +\& extern const ASN1_ITEM TYPE_it; +\& TYPE *TYPE_new(void); +\& TYPE *TYPE_dup(TYPE *a); +\& void TYPE_free(TYPE *a); +\& int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description below, \fI\s-1TYPE\s0\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. +.PP +The OpenSSL \s-1ASN1\s0 parsing library templates are like a data-driven bytecode +interpreter. +Every \s-1ASN1\s0 object as a global variable, TYPE_it, that describes the item +such as its fields. (On systems which cannot export variables from shared +libraries, the global is instead a function which returns a pointer to a +static variable. +.PP +The macro \s-1\fBDECLARE_ASN1_FUNCTIONS\s0()\fR is typically used in header files +to generate the function declarations. +.PP +The macro \s-1\fBIMPLEMENT_ASN1_FUNCTIONS\s0()\fR is used once in a source file +to generate the function bodies. +.PP +\&\fBTYPE_new()\fR allocates an empty object of the indicated type. +The object returned must be released by calling \fBTYPE_free()\fR. +.PP +\&\fBTYPE_dup()\fR copies an existing object. +.PP +\&\fBTYPE_free()\fR releases the object and all pointers and sub-objects +within it. +.PP +\&\fBTYPE_print_ctx()\fR prints the object \fBa\fR on the specified \s-1BIO\s0 \fBout\fR. +Each line will be prefixed with \fBindent\fR spaces. +The \fBpctx\fR specifies the printing context and is for internal +use; use \s-1NULL\s0 to get the default behavior. If a print function is +user-defined, then pass in any \fBpctx\fR down to any nested calls. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBTYPE_new()\fR and \fBTYPE_dup()\fR return a pointer to the object or \s-1NULL\s0 on failure. +.PP +\&\fBTYPE_print_ctx()\fR returns 1 on success or zero on failure. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_get0_notBefore.3 b/deps/openssl/mingw64/share/man/man3/X509_get0_notBefore.3 new file mode 100644 index 00000000..ed8ed2e3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_get0_notBefore.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_NOTBEFORE 3" +.TH X509_GET0_NOTBEFORE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter, X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, X509_CRL_set1_nextUpdate \- get or set certificate or CRL dates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const ASN1_TIME *X509_get0_notBefore(const X509 *x); +\& const ASN1_TIME *X509_get0_notAfter(const X509 *x); +\& +\& ASN1_TIME *X509_getm_notBefore(const X509 *x); +\& ASN1_TIME *X509_getm_notAfter(const X509 *x); +\& +\& int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +\& int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +\& +\& const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +\& const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +\& +\& int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +\& int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR return the \fBnotBefore\fR +and \fBnotAfter\fR fields of certificate \fBx\fR respectively. The value +returned is an internal pointer which must not be freed up after +the call. +.PP +\&\fBX509_getm_notBefore()\fR and \fBX509_getm_notAfter()\fR are similar to +\&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR except they return +non-constant mutable references to the associated date field of +the certificate. +.PP +\&\fBX509_set1_notBefore()\fR and \fBX509_set1_notAfter()\fR set the \fBnotBefore\fR +and \fBnotAfter\fR fields of \fBx\fR to \fBtm\fR. Ownership of the passed +parameter \fBtm\fR is not transferred by these functions so it must +be freed up after the call. +.PP +\&\fBX509_CRL_get0_lastUpdate()\fR and \fBX509_CRL_get0_nextUpdate()\fR return the +\&\fBlastUpdate\fR and \fBnextUpdate\fR fields of \fBcrl\fR. The value +returned is an internal pointer which must not be freed up after +the call. If the \fBnextUpdate\fR field is absent from \fBcrl\fR then +\&\fB\s-1NULL\s0\fR is returned. +.PP +\&\fBX509_CRL_set1_lastUpdate()\fR and \fBX509_CRL_set1_nextUpdate()\fR set the \fBlastUpdate\fR +and \fBnextUpdate\fR fields of \fBcrl\fR to \fBtm\fR. Ownership of the passed parameter +\&\fBtm\fR is not transferred by these functions so it must be freed up after the +call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get0_notBefore()\fR, \fBX509_get0_notAfter()\fR and \fBX509_CRL_get0_lastUpdate()\fR +return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure. +.PP +\&\fBX509_CRL_get0_lastUpdate()\fR return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure +or \s-1NULL\s0 if the \fBlastUpdate\fR field is absent. +.PP +\&\fBX509_set1_notBefore()\fR, \fBX509_set1_notAfter()\fR, \fBX509_CRL_set1_lastUpdate()\fR and +\&\fBX509_CRL_set1_nextUpdate()\fR return 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions are available in all versions of OpenSSL. +.PP +\&\fBX509_get_notBefore()\fR and \fBX509_get_notAfter()\fR were deprecated in OpenSSL +1.1.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_get0_signature.3 b/deps/openssl/mingw64/share/man/man3/X509_get0_signature.3 new file mode 100644 index 00000000..d1712b45 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_get0_signature.3 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_SIGNATURE 3" +.TH X509_GET0_SIGNATURE 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set \- signature information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_get0_signature(const ASN1_BIT_STRING **psig, +\& const X509_ALGOR **palg, +\& const X509 *x); +\& int X509_get_signature_nid(const X509 *x); +\& const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); +\& +\& void X509_REQ_get0_signature(const X509_REQ *crl, +\& const ASN1_BIT_STRING **psig, +\& const X509_ALGOR **palg); +\& int X509_REQ_get_signature_nid(const X509_REQ *crl); +\& +\& void X509_CRL_get0_signature(const X509_CRL *crl, +\& const ASN1_BIT_STRING **psig, +\& const X509_ALGOR **palg); +\& int X509_CRL_get_signature_nid(const X509_CRL *crl); +\& +\& int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, +\& uint32_t *flags); +\& +\& int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, +\& int *secbits, uint32_t *flags); +\& void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, +\& int secbits, uint32_t flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get0_signature()\fR sets \fB*psig\fR to the signature of \fBx\fR and \fB*palg\fR +to the signature algorithm of \fBx\fR. The values returned are internal +pointers which \fB\s-1MUST NOT\s0\fR be freed up after the call. +.PP +\&\fBX509_get0_tbs_sigalg()\fR returns the signature algorithm in the signed +portion of \fBx\fR. +.PP +\&\fBX509_get_signature_nid()\fR returns the \s-1NID\s0 corresponding to the signature +algorithm of \fBx\fR. +.PP +\&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR +\&\fBX509_CRL_get0_signature()\fR and \fBX509_CRL_get_signature_nid()\fR perform the +same function for certificate requests and CRLs. +.PP +\&\fBX509_get_signature_info()\fR retrieves information about the signature of +certificate \fBx\fR. The \s-1NID\s0 of the signing digest is written to \fB*mdnid\fR, +the public key algorithm to \fB*pknid\fR, the effective security bits to +\&\fB*secbits\fR and flag details to \fB*flags\fR. Any of the parameters can +be set to \fB\s-1NULL\s0\fR if the information is not required. +.PP +\&\fBX509_SIG_INFO_get()\fR and \fBX509_SIG_INFO_set()\fR get and set information +about a signature in an \fBX509_SIG_INFO\fR structure. They are only +used by implementations of algorithms which need to set custom +signature information: most applications will never need to call +them. +.SH "NOTES" +.IX Header "NOTES" +These functions provide lower level access to signatures in certificates +where an application wishes to analyse or generate a signature in a form +where \fBX509_sign()\fR et al is not appropriate (for example a non standard +or unsupported format). +.PP +The security bits returned by \fBX509_get_signature_info()\fR refers to information +available from the certificate signature (such as the signing digest). In some +cases the actual security of the signature is less because the signing +key is less secure: for example a certificate signed using \s-1SHA\-512\s0 and a +1024 bit \s-1RSA\s0 key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_signature_nid()\fR, \fBX509_REQ_get_signature_nid()\fR and +\&\fBX509_CRL_get_signature_nid()\fR return a \s-1NID.\s0 +.PP +\&\fBX509_get0_signature()\fR, \fBX509_REQ_get0_signature()\fR and +\&\fBX509_CRL_get0_signature()\fR do not return values. +.PP +\&\fBX509_get_signature_info()\fR returns 1 if the signature information +returned is valid or 0 if the information is not available (e.g. +unknown algorithms or malformed parameters). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fBX509_get0_signature()\fR and \fBX509_get_signature_nid()\fR functions were +added in OpenSSL 1.0.2. +.PP +The +\&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR, +\&\fBX509_CRL_get0_signature()\fR and \fBX509_CRL_get_signature_nid()\fR were +added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_get0_uids.3 b/deps/openssl/mingw64/share/man/man3/X509_get0_uids.3 new file mode 100644 index 00000000..07d33add --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_get0_uids.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_UIDS 3" +.TH X509_GET0_UIDS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_uids \- get certificate unique identifiers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, +\& const ASN1_BIT_STRING **psuid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get0_uids()\fR sets \fB*piuid\fR and \fB*psuid\fR to the issuer and subject unique +identifiers of certificate \fBx\fR or \s-1NULL\s0 if the fields are not present. +.SH "NOTES" +.IX Header "NOTES" +The issuer and subject unique identifier fields are very rarely encountered in +practice outside test cases. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get0_uids()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_get_extension_flags.3 b/deps/openssl/mingw64/share/man/man3/X509_get_extension_flags.3 new file mode 100644 index 00000000..de563373 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_get_extension_flags.3 @@ -0,0 +1,308 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_EXTENSION_FLAGS 3" +.TH X509_GET_EXTENSION_FLAGS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_subject_key_id, X509_get0_authority_key_id, X509_get0_authority_issuer, X509_get0_authority_serial, X509_get_pathlen, X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage, X509_set_proxy_flag, X509_set_proxy_pathlen, X509_get_proxy_pathlen \- retrieve certificate extension data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long X509_get_pathlen(X509 *x); +\& uint32_t X509_get_extension_flags(X509 *x); +\& uint32_t X509_get_key_usage(X509 *x); +\& uint32_t X509_get_extended_key_usage(X509 *x); +\& const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +\& const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); +\& const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); +\& const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); +\& void X509_set_proxy_flag(X509 *x); +\& void X509_set_proxy_pathlen(int l); +\& long X509_get_proxy_pathlen(X509 *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions retrieve information related to commonly used certificate extensions. +.PP +\&\fBX509_get_pathlen()\fR retrieves the path length extension from a certificate. +This extension is used to limit the length of a cert chain that may be +issued from that \s-1CA.\s0 +.PP +\&\fBX509_get_extension_flags()\fR retrieves general information about a certificate, +it will return one or more of the following flags ored together. +.IP "\fB\s-1EXFLAG_V1\s0\fR" 4 +.IX Item "EXFLAG_V1" +The certificate is an obsolete version 1 certificate. +.IP "\fB\s-1EXFLAG_BCONS\s0\fR" 4 +.IX Item "EXFLAG_BCONS" +The certificate contains a basic constraints extension. +.IP "\fB\s-1EXFLAG_CA\s0\fR" 4 +.IX Item "EXFLAG_CA" +The certificate contains basic constraints and asserts the \s-1CA\s0 flag. +.IP "\fB\s-1EXFLAG_PROXY\s0\fR" 4 +.IX Item "EXFLAG_PROXY" +The certificate is a valid proxy certificate. +.IP "\fB\s-1EXFLAG_SI\s0\fR" 4 +.IX Item "EXFLAG_SI" +The certificate is self issued (that is subject and issuer names match). +.IP "\fB\s-1EXFLAG_SS\s0\fR" 4 +.IX Item "EXFLAG_SS" +The subject and issuer names match and extension values imply it is self +signed. +.IP "\fB\s-1EXFLAG_FRESHEST\s0\fR" 4 +.IX Item "EXFLAG_FRESHEST" +The freshest \s-1CRL\s0 extension is present in the certificate. +.IP "\fB\s-1EXFLAG_CRITICAL\s0\fR" 4 +.IX Item "EXFLAG_CRITICAL" +The certificate contains an unhandled critical extension. +.IP "\fB\s-1EXFLAG_INVALID\s0\fR" 4 +.IX Item "EXFLAG_INVALID" +Some certificate extension values are invalid or inconsistent. The +certificate should be rejected. +This bit may also be raised after an out-of-memory error while +processing the X509 object, so it may not be related to the processed +\&\s-1ASN1\s0 object itself. +.IP "\fB\s-1EXFLAG_INVALID_POLICY\s0\fR" 4 +.IX Item "EXFLAG_INVALID_POLICY" +The NID_certificate_policies certificate extension is invalid or +inconsistent. The certificate should be rejected. +This bit may also be raised after an out-of-memory error while +processing the X509 object, so it may not be related to the processed +\&\s-1ASN1\s0 object itself. +.IP "\fB\s-1EXFLAG_KUSAGE\s0\fR" 4 +.IX Item "EXFLAG_KUSAGE" +The certificate contains a key usage extension. The value can be retrieved +using \fBX509_get_key_usage()\fR. +.IP "\fB\s-1EXFLAG_XKUSAGE\s0\fR" 4 +.IX Item "EXFLAG_XKUSAGE" +The certificate contains an extended key usage extension. The value can be +retrieved using \fBX509_get_extended_key_usage()\fR. +.PP +\&\fBX509_get_key_usage()\fR returns the value of the key usage extension. If key +usage is present will return zero or more of the flags: +\&\fB\s-1KU_DIGITAL_SIGNATURE\s0\fR, \fB\s-1KU_NON_REPUDIATION\s0\fR, \fB\s-1KU_KEY_ENCIPHERMENT\s0\fR, +\&\fB\s-1KU_DATA_ENCIPHERMENT\s0\fR, \fB\s-1KU_KEY_AGREEMENT\s0\fR, \fB\s-1KU_KEY_CERT_SIGN\s0\fR, +\&\fB\s-1KU_CRL_SIGN\s0\fR, \fB\s-1KU_ENCIPHER_ONLY\s0\fR or \fB\s-1KU_DECIPHER_ONLY\s0\fR corresponding to +individual key usage bits. If key usage is absent then \fB\s-1UINT32_MAX\s0\fR is +returned. +.PP +\&\fBX509_get_extended_key_usage()\fR returns the value of the extended key usage +extension. If extended key usage is present it will return zero or more of the +flags: \fB\s-1XKU_SSL_SERVER\s0\fR, \fB\s-1XKU_SSL_CLIENT\s0\fR, \fB\s-1XKU_SMIME\s0\fR, \fB\s-1XKU_CODE_SIGN\s0\fR +\&\fB\s-1XKU_OCSP_SIGN\s0\fR, \fB\s-1XKU_TIMESTAMP\s0\fR, \fB\s-1XKU_DVCS\s0\fR or \fB\s-1XKU_ANYEKU\s0\fR. These +correspond to the OIDs \fBid-kp-serverAuth\fR, \fBid-kp-clientAuth\fR, +\&\fBid-kp-emailProtection\fR, \fBid-kp-codeSigning\fR, \fBid-kp-OCSPSigning\fR, +\&\fBid-kp-timeStamping\fR, \fBid-kp-dvcs\fR and \fBanyExtendedKeyUsage\fR respectively. +Additionally \fB\s-1XKU_SGC\s0\fR is set if either Netscape or Microsoft \s-1SGC\s0 OIDs are +present. +.PP +\&\fBX509_get0_subject_key_id()\fR returns an internal pointer to the subject key +identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension +is not present or cannot be parsed. +.PP +\&\fBX509_get0_authority_key_id()\fR returns an internal pointer to the authority key +identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension +is not present or cannot be parsed. +.PP +\&\fBX509_get0_authority_issuer()\fR returns an internal pointer to the authority +certificate issuer of \fBx\fR as a stack of \fB\s-1GENERAL_NAME\s0\fR structures or +\&\fB\s-1NULL\s0\fR if the extension is not present or cannot be parsed. +.PP +\&\fBX509_get0_authority_serial()\fR returns an internal pointer to the authority +certificate serial number of \fBx\fR as an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1NULL\s0\fR if the +extension is not present or cannot be parsed. +.PP +\&\fBX509_set_proxy_flag()\fR marks the certificate with the \fB\s-1EXFLAG_PROXY\s0\fR flag. +This is for the users who need to mark non\-RFC3820 proxy certificates as +such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. +.PP +\&\fBX509_set_proxy_pathlen()\fR sets the proxy certificate path length for the given +certificate \fBx\fR. This is for the users who need to mark non\-RFC3820 proxy +certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. +.PP +\&\fBX509_get_proxy_pathlen()\fR returns the proxy certificate path length for the +given certificate \fBx\fR if it is a proxy certificate. +.SH "NOTES" +.IX Header "NOTES" +The value of the flags correspond to extension values which are cached +in the \fBX509\fR structure. If the flags returned do not provide sufficient +information an application should examine extension values directly +for example using \fBX509_get_ext_d2i()\fR. +.PP +If the key usage or extended key usage extension is absent then typically usage +is unrestricted. For this reason \fBX509_get_key_usage()\fR and +\&\fBX509_get_extended_key_usage()\fR return \fB\s-1UINT32_MAX\s0\fR when the corresponding +extension is absent. Applications can additionally check the return value of +\&\fBX509_get_extension_flags()\fR and take appropriate action is an extension is +absent. +.PP +If \fBX509_get0_subject_key_id()\fR returns \fB\s-1NULL\s0\fR then the extension may be +absent or malformed. Applications can determine the precise reason using +\&\fBX509_get_ext_d2i()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_pathlen()\fR returns the path length value, or \-1 if the extension +is not present. +.PP +\&\fBX509_get_extension_flags()\fR, \fBX509_get_key_usage()\fR and +\&\fBX509_get_extended_key_usage()\fR return sets of flags corresponding to the +certificate extension values. +.PP +\&\fBX509_get0_subject_key_id()\fR returns the subject key identifier as a +pointer to an \fB\s-1ASN1_OCTET_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if the extension +is absent or an error occurred during parsing. +.PP +\&\fBX509_get_proxy_pathlen()\fR returns the path length value if the given +certificate is a proxy one and has a path length set, and \-1 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_check_purpose\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_get_pathlen()\fR, \fBX509_set_proxy_flag()\fR, \fBX509_set_proxy_pathlen()\fR and +\&\fBX509_get_proxy_pathlen()\fR were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_get_pubkey.3 b/deps/openssl/mingw64/share/man/man3/X509_get_pubkey.3 new file mode 100644 index 00000000..27ccbb10 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_get_pubkey.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_PUBKEY 3" +.TH X509_GET_PUBKEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, X509_REQ_get_X509_PUBKEY \- get or set certificate or certificate request public key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *X509_get_pubkey(X509 *x); +\& EVP_PKEY *X509_get0_pubkey(const X509 *x); +\& int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +\& X509_PUBKEY *X509_get_X509_PUBKEY(X509 *x); +\& +\& EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +\& EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +\& int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +\& X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get_pubkey()\fR attempts to decode the public key for certificate \fBx\fR. If +successful it returns the public key as an \fB\s-1EVP_PKEY\s0\fR pointer with its +reference count incremented: this means the returned key must be freed up +after use. \fBX509_get0_pubkey()\fR is similar except it does \fBnot\fR increment +the reference count of the returned \fB\s-1EVP_PKEY\s0\fR so it must not be freed up +after use. +.PP +\&\fBX509_get_X509_PUBKEY()\fR returns an internal pointer to the \fBX509_PUBKEY\fR +structure which encodes the certificate of \fBx\fR. The returned value +must not be freed up after use. +.PP +\&\fBX509_set_pubkey()\fR attempts to set the public key for certificate \fBx\fR to +\&\fBpkey\fR. The key \fBpkey\fR should be freed up after use. +.PP +\&\fBX509_REQ_get_pubkey()\fR, \fBX509_REQ_get0_pubkey()\fR, \fBX509_REQ_set_pubkey()\fR and +\&\fBX509_REQ_get_X509_PUBKEY()\fR are similar but operate on certificate request \fBreq\fR. +.SH "NOTES" +.IX Header "NOTES" +The first time a public key is decoded the \fB\s-1EVP_PKEY\s0\fR structure is +cached in the certificate or certificate request itself. Subsequent calls +return the cached structure with its reference count incremented to +improve performance. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_pubkey()\fR, \fBX509_get0_pubkey()\fR, \fBX509_get_X509_PUBKEY()\fR, +\&\fBX509_REQ_get_pubkey()\fR and \fBX509_REQ_get_X509_PUBKEY()\fR return a public key or +\&\fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBX509_set_pubkey()\fR and \fBX509_REQ_set_pubkey()\fR return 1 for success and 0 +for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_get_serialNumber.3 b/deps/openssl/mingw64/share/man/man3/X509_get_serialNumber.3 new file mode 100644 index 00000000..7aecb0a6 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_get_serialNumber.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_SERIALNUMBER 3" +.TH X509_GET_SERIALNUMBER 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_serialNumber, X509_get0_serialNumber, X509_set_serialNumber \&\- get or set certificate serial number +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_INTEGER *X509_get_serialNumber(X509 *x); +\& const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); +\& int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get_serialNumber()\fR returns the serial number of certificate \fBx\fR as an +\&\fB\s-1ASN1_INTEGER\s0\fR structure which can be examined or initialised. The value +returned is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed up after the call. +.PP +\&\fBX509_get0_serialNumber()\fR is the same as \fBX509_get_serialNumber()\fR except it +accepts a const parameter and returns a const result. +.PP +\&\fBX509_set_serialNumber()\fR sets the serial number of certificate \fBx\fR to +\&\fBserial\fR. A copy of the serial number is used internally so \fBserial\fR should +be freed up after use. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_serialNumber()\fR and \fBX509_get0_serialNumber()\fR return an \fB\s-1ASN1_INTEGER\s0\fR +structure. +.PP +\&\fBX509_set_serialNumber()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_get_serialNumber()\fR and \fBX509_set_serialNumber()\fR functions are +available in all versions of OpenSSL. +The \fBX509_get0_serialNumber()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_get_subject_name.3 b/deps/openssl/mingw64/share/man/man3/X509_get_subject_name.3 new file mode 100644 index 00000000..971b7b21 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_get_subject_name.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_SUBJECT_NAME 3" +.TH X509_GET_SUBJECT_NAME 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name, X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name, X509_CRL_get_issuer, X509_CRL_set_issuer_name \- get and set issuer or subject names +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_NAME *X509_get_subject_name(const X509 *x); +\& int X509_set_subject_name(X509 *x, X509_NAME *name); +\& +\& X509_NAME *X509_get_issuer_name(const X509 *x); +\& int X509_set_issuer_name(X509 *x, X509_NAME *name); +\& +\& X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); +\& int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +\& +\& X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +\& int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get_subject_name()\fR returns the subject name of certificate \fBx\fR. The +returned value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed. +.PP +\&\fBX509_set_subject_name()\fR sets the issuer name of certificate \fBx\fR to +\&\fBname\fR. The \fBname\fR parameter is copied internally and should be freed +up when it is no longer needed. +.PP +\&\fBX509_get_issuer_name()\fR and \fBX509_set_issuer_name()\fR are identical to +\&\fBX509_get_subject_name()\fR and \fBX509_set_subject_name()\fR except the get and +set the issuer name of \fBx\fR. +.PP +Similarly \fBX509_REQ_get_subject_name()\fR, \fBX509_REQ_set_subject_name()\fR, +\&\fBX509_CRL_get_issuer()\fR and \fBX509_CRL_set_issuer_name()\fR get or set the subject +or issuer names of certificate requests of CRLs respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_subject_name()\fR, \fBX509_get_issuer_name()\fR, \fBX509_REQ_get_subject_name()\fR +and \fBX509_CRL_get_issuer()\fR return an \fBX509_NAME\fR pointer. +.PP +\&\fBX509_set_subject_name()\fR, \fBX509_set_issuer_name()\fR, \fBX509_REQ_set_subject_name()\fR +and \fBX509_CRL_set_issuer_name()\fR return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), \fBd2i_X509\fR\|(3) +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_REQ_get_subject_name()\fR is a function in OpenSSL 1.1.0 and a macro in +earlier versions. +.PP +\&\fBX509_CRL_get_issuer()\fR is a function in OpenSSL 1.1.0. It was previously +added in OpenSSL 1.0.0 as a macro. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_get_version.3 b/deps/openssl/mingw64/share/man/man3/X509_get_version.3 new file mode 100644 index 00000000..f62c7aa9 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_get_version.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_VERSION 3" +.TH X509_GET_VERSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, X509_CRL_get_version, X509_CRL_set_version \- get or set certificate, certificate request or CRL version +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long X509_get_version(const X509 *x); +\& int X509_set_version(X509 *x, long version); +\& +\& long X509_REQ_get_version(const X509_REQ *req); +\& int X509_REQ_set_version(X509_REQ *x, long version); +\& +\& long X509_CRL_get_version(const X509_CRL *crl); +\& int X509_CRL_set_version(X509_CRL *x, long version); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get_version()\fR returns the numerical value of the version field of +certificate \fBx\fR. Note: this is defined by standards (X.509 et al) to be one +less than the certificate version. So a version 3 certificate will return 2 and +a version 1 certificate will return 0. +.PP +\&\fBX509_set_version()\fR sets the numerical value of the version field of certificate +\&\fBx\fR to \fBversion\fR. +.PP +Similarly \fBX509_REQ_get_version()\fR, \fBX509_REQ_set_version()\fR, +\&\fBX509_CRL_get_version()\fR and \fBX509_CRL_set_version()\fR get and set the version +number of certificate requests and CRLs. +.SH "NOTES" +.IX Header "NOTES" +The version field of certificates, certificate requests and CRLs has a +\&\s-1DEFAULT\s0 value of \fB\fBv1\fB\|(0)\fR meaning the field should be omitted for version +1. This is handled transparently by these functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_version()\fR, \fBX509_REQ_get_version()\fR and \fBX509_CRL_get_version()\fR +return the numerical value of the version field. +.PP +\&\fBX509_set_version()\fR, \fBX509_REQ_set_version()\fR and \fBX509_CRL_set_version()\fR +return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_get_version()\fR, \fBX509_REQ_get_version()\fR and \fBX509_CRL_get_version()\fR are +functions in OpenSSL 1.1.0, in previous versions they were macros. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_new.3 b/deps/openssl/mingw64/share/man/man3/X509_new.3 new file mode 100644 index 00000000..ca35a8cd --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_new.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NEW 3" +.TH X509_NEW 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_chain_up_ref, X509_new, X509_free, X509_up_ref \- X509 certificate ASN1 allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *X509_new(void); +\& void X509_free(X509 *a); +\& int X509_up_ref(X509 *a); +\& STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 \s-1ASN1\s0 allocation routines, allocate and free an +X509 structure, which represents an X509 certificate. +.PP +\&\fBX509_new()\fR allocates and initializes a X509 structure with reference count +\&\fB1\fR. +.PP +\&\fBX509_free()\fR decrements the reference count of \fBX509\fR structure \fBa\fR and +frees it up if the reference count is zero. If \fBa\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBX509_up_ref()\fR increments the reference count of \fBa\fR. +.PP +\&\fBX509_chain_up_ref()\fR increases the reference count of all certificates in +chain \fBx\fR and returns a copy of the stack. +.SH "NOTES" +.IX Header "NOTES" +The function \fBX509_up_ref()\fR if useful if a certificate structure is being +used by several different operations each of which will free it up after +use: this avoids the need to duplicate the entire certificate structure. +.PP +The function \fBX509_chain_up_ref()\fR doesn't just up the reference count of +each certificate it also returns a copy of the stack, using \fBsk_X509_dup()\fR, +but it serves a similar purpose: the returned chain persists after the +original has been freed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fBX509_up_ref()\fR returns 1 for success and 0 for failure. +.PP +\&\fBX509_chain_up_ref()\fR returns a copy of the stack or \fB\s-1NULL\s0\fR if an error +occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_sign.3 b/deps/openssl/mingw64/share/man/man3/X509_sign.3 new file mode 100644 index 00000000..3944b6fa --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_sign.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_SIGN 3" +.TH X509_SIGN 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx, X509_REQ_verify, X509_CRL_sign, X509_CRL_sign_ctx, X509_CRL_verify \- sign or verify certificate, certificate request or CRL signature +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +\& int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +\& int X509_verify(X509 *a, EVP_PKEY *r); +\& +\& int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +\& int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +\& int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +\& +\& int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +\& int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +\& int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_sign()\fR signs certificate \fBx\fR using private key \fBpkey\fR and message +digest \fBmd\fR and sets the signature in \fBx\fR. \fBX509_sign_ctx()\fR also signs +certificate \fBx\fR but uses the parameters contained in digest context \fBctx\fR. +.PP +\&\fBX509_verify()\fR verifies the signature of certificate \fBx\fR using public key +\&\fBpkey\fR. Only the signature is checked: no other checks (such as certificate +chain validity) are performed. +.PP +\&\fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, \fBX509_REQ_verify()\fR, +\&\fBX509_CRL_sign()\fR, \fBX509_CRL_sign_ctx()\fR and \fBX509_CRL_verify()\fR sign and verify +certificate requests and CRLs respectively. +.SH "NOTES" +.IX Header "NOTES" +\&\fBX509_sign_ctx()\fR is used where the default parameters for the corresponding +public key and digest are not suitable. It can be used to sign keys using +RSA-PSS for example. +.PP +For efficiency reasons and to work around \s-1ASN.1\s0 encoding issues the encoding +of the signed portion of a certificate, certificate request and \s-1CRL\s0 is cached +internally. If the signed portion of the structure is modified the encoding +is not always updated meaning a stale version is sometimes used. This is not +normally a problem because modifying the signed portion will invalidate the +signature and signing will always update the encoding. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_sign()\fR, \fBX509_sign_ctx()\fR, \fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, +\&\fBX509_CRL_sign()\fR and \fBX509_CRL_sign_ctx()\fR return the size of the signature +in bytes for success and zero for failure. +.PP +\&\fBX509_verify()\fR, \fBX509_REQ_verify()\fR and \fBX509_CRL_verify()\fR return 1 if the +signature is valid and 0 if the signature check fails. If the signature +could not be checked at all because it was invalid or some other error +occurred then \-1 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_sign()\fR, \fBX509_REQ_sign()\fR and \fBX509_CRL_sign()\fR functions are +available in all versions of OpenSSL. +.PP +The \fBX509_sign_ctx()\fR, \fBX509_REQ_sign_ctx()\fR +and \fBX509_CRL_sign_ctx()\fR functions were added OpenSSL 1.0.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509_verify_cert.3 b/deps/openssl/mingw64/share/man/man3/X509_verify_cert.3 new file mode 100644 index 00000000..e8df16cc --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509_verify_cert.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_VERIFY_CERT 3" +.TH X509_VERIFY_CERT 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_verify_cert \- discover and verify X509 certificate chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_verify_cert(X509_STORE_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_verify_cert()\fR function attempts to discover and validate a +certificate chain based on parameters in \fBctx\fR. A complete description of +the process is contained in the \fBverify\fR\|(1) manual page. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If a complete chain can be built and validated this function returns 1, +otherwise it return zero, in exceptional circumstances it can also +return a negative code. +.PP +If the function fails additional error information can be obtained by +examining \fBctx\fR using, for example \fBX509_STORE_CTX_get_error()\fR. +.SH "NOTES" +.IX Header "NOTES" +Applications rarely call this function directly but it is used by +OpenSSL internally for certificate validation, in both the S/MIME and +\&\s-1SSL/TLS\s0 code. +.PP +A negative return value from \fBX509_verify_cert()\fR can occur if it is invoked +incorrectly, such as with no certificate set in \fBctx\fR, or when it is called +twice in succession without reinitialising \fBctx\fR for the second call. +A negative return value can also happen due to internal resource problems or if +a retry operation is requested during internal lookups (which never happens +with standard lookup methods). +Applications must check for <= 0 return value on error. +.SH "BUGS" +.IX Header "BUGS" +This function uses the header \fBx509.h\fR as opposed to most chain verification +functions which use \fBx509_vfy.h\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_CTX_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/X509v3_get_ext_by_NID.3 b/deps/openssl/mingw64/share/man/man3/X509v3_get_ext_by_NID.3 new file mode 100644 index 00000000..db05b485 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/X509v3_get_ext_by_NID.3 @@ -0,0 +1,264 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_GET_EXT_BY_NID 3" +.TH X509V3_GET_EXT_BY_NID 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext, X509v3_add_ext, X509_get_ext_count, X509_get_ext, X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical, X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext, X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical, X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count, X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ, X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext, X509_REVOKED_add_ext \- extension stack utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +\& X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +\& +\& int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, +\& int nid, int lastpos); +\& int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, +\& const ASN1_OBJECT *obj, int lastpos); +\& int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, +\& int crit, int lastpos); +\& X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +\& STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, +\& X509_EXTENSION *ex, int loc); +\& +\& int X509_get_ext_count(const X509 *x); +\& X509_EXTENSION *X509_get_ext(const X509 *x, int loc); +\& int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +\& int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); +\& int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +\& X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +\& int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +\& +\& int X509_CRL_get_ext_count(const X509_CRL *x); +\& X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); +\& int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +\& int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos); +\& int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); +\& X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +\& int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +\& +\& int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +\& X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); +\& int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); +\& int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, +\& int lastpos); +\& int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos); +\& X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +\& int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509v3_get_ext_count()\fR retrieves the number of extensions in \fBx\fR. +.PP +\&\fBX509v3_get_ext()\fR retrieves extension \fBloc\fR from \fBx\fR. The index \fBloc\fR +can take any value from \fB0\fR to X509_get_ext_count(x) \- 1. The returned +extension is an internal pointer which \fBmust not\fR be freed up by the +application. +.PP +\&\fBX509v3_get_ext_by_NID()\fR and \fBX509v3_get_ext_by_OBJ()\fR look for an extension +with \fBnid\fR or \fBobj\fR from extension stack \fBx\fR. The search starts from the +extension after \fBlastpos\fR or from the beginning if is \fB\-1\fR. If +the extension is found its index is returned otherwise \fB\-1\fR is returned. +.PP +\&\fBX509v3_get_ext_by_critical()\fR is similar to \fBX509v3_get_ext_by_NID()\fR except it +looks for an extension of criticality \fBcrit\fR. A zero value for \fBcrit\fR +looks for a non-critical extension a non-zero value looks for a critical +extension. +.PP +\&\fBX509v3_delete_ext()\fR deletes the extension with index \fBloc\fR from \fBx\fR. The +deleted extension is returned and must be freed by the caller. If \fBloc\fR +is in invalid index value \fB\s-1NULL\s0\fR is returned. +.PP +\&\fBX509v3_add_ext()\fR adds extension \fBex\fR to stack \fB*x\fR at position \fBloc\fR. If +\&\fBloc\fR is \fB\-1\fR the new extension is added to the end. If \fB*x\fR is \fB\s-1NULL\s0\fR +a new stack will be allocated. The passed extension \fBex\fR is duplicated +internally so it must be freed after use. +.PP +\&\fBX509_get_ext_count()\fR, \fBX509_get_ext()\fR, \fBX509_get_ext_by_NID()\fR, +\&\fBX509_get_ext_by_OBJ()\fR, \fBX509_get_ext_by_critical()\fR, \fBX509_delete_ext()\fR +and \fBX509_add_ext()\fR operate on the extensions of certificate \fBx\fR they are +otherwise identical to the X509v3 functions. +.PP +\&\fBX509_CRL_get_ext_count()\fR, \fBX509_CRL_get_ext()\fR, \fBX509_CRL_get_ext_by_NID()\fR, +\&\fBX509_CRL_get_ext_by_OBJ()\fR, \fBX509_CRL_get_ext_by_critical()\fR, +\&\fBX509_CRL_delete_ext()\fR and \fBX509_CRL_add_ext()\fR operate on the extensions of +\&\s-1CRL\s0 \fBx\fR they are otherwise identical to the X509v3 functions. +.PP +\&\fBX509_REVOKED_get_ext_count()\fR, \fBX509_REVOKED_get_ext()\fR, +\&\fBX509_REVOKED_get_ext_by_NID()\fR, \fBX509_REVOKED_get_ext_by_OBJ()\fR, +\&\fBX509_REVOKED_get_ext_by_critical()\fR, \fBX509_REVOKED_delete_ext()\fR and +\&\fBX509_REVOKED_add_ext()\fR operate on the extensions of \s-1CRL\s0 entry \fBx\fR +they are otherwise identical to the X509v3 functions. +.SH "NOTES" +.IX Header "NOTES" +These functions are used to examine stacks of extensions directly. Many +applications will want to parse or encode and add an extension: they should +use the extension encode and decode functions instead such as +\&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR. +.PP +Extension indices start from zero, so a zero index return value is \fBnot\fR an +error. These search functions start from the extension \fBafter\fR the \fBlastpos\fR +parameter so it should initially be set to \fB\-1\fR, if it is set to zero the +initial extension will not be checked. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509v3_get_ext_count()\fR returns the extension count. +.PP +\&\fBX509v3_get_ext()\fR, \fBX509v3_delete_ext()\fR and \fBX509_delete_ext()\fR return an +\&\fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBX509v3_get_ext_by_NID()\fR \fBX509v3_get_ext_by_OBJ()\fR and +\&\fBX509v3_get_ext_by_critical()\fR return the an extension index or \fB\-1\fR if an +error occurs. +.PP +\&\fBX509v3_add_ext()\fR returns a stack of extensions or \fB\s-1NULL\s0\fR on error. +.PP +\&\fBX509_add_ext()\fR returns 1 on success and 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509V3_get_d2i\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/d2i_DHparams.3 b/deps/openssl/mingw64/share/man/man3/d2i_DHparams.3 new file mode 100644 index 00000000..9638ab72 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/d2i_DHparams.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_DHPARAMS 3" +.TH D2I_DHPARAMS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_DHparams, i2d_DHparams \- PKCS#3 DH parameter functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH *d2i_DHparams(DH **a, unsigned char **pp, long length); +\& int i2d_DHparams(DH *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the +DHparameter structure described in PKCS#3. +.PP +Otherwise these behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR +described in the \fBd2i_X509\fR\|(3) manual page. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_DHparams()\fR returns a valid \fB\s-1DH\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBi2d_DHparams()\fR returns the length of encoded data on success or a value which +is less than or equal to 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/d2i_PKCS8PrivateKey_bio.3 b/deps/openssl/mingw64/share/man/man3/d2i_PKCS8PrivateKey_bio.3 new file mode 100644 index 00000000..da9f8399 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/d2i_PKCS8PrivateKey_bio.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_PKCS8PRIVATEKEY_BIO 3" +.TH D2I_PKCS8PRIVATEKEY_BIO 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp \- PKCS#8 format private key functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); +\& EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The PKCS#8 functions encode and decode private keys in PKCS#8 format using both +PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms. +.PP +Other than the use of \s-1DER\s0 as opposed to \s-1PEM\s0 these functions are identical to the +corresponding \fB\s-1PEM\s0\fR function as described in \fBPEM_read_PrivateKey\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +These functions are currently the only way to store encrypted private keys using \s-1DER\s0 format. +.PP +Currently all the functions use BIOs or \s-1FILE\s0 pointers, there are no functions which +work directly on memory: this can be readily worked around by converting the buffers +to memory BIOs, see \fBBIO_s_mem\fR\|(3) for details. +.PP +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_PKCS8PrivateKey_bio()\fR and \fBd2i_PKCS8PrivateKey_fp()\fR return a valid \fB\s-1EVP_PKEY\s0\fR +structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBi2d_PKCS8PrivateKey_bio()\fR, \fBi2d_PKCS8PrivateKey_fp()\fR, \fBi2d_PKCS8PrivateKey_nid_bio()\fR +and \fBi2d_PKCS8PrivateKey_nid_fp()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPEM_read_PrivateKey\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/d2i_PrivateKey.3 b/deps/openssl/mingw64/share/man/man3/d2i_PrivateKey.3 new file mode 100644 index 00000000..e09b748d --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/d2i_PrivateKey.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_PRIVATEKEY 3" +.TH D2I_PRIVATEKEY 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_PrivateKey, d2i_PublicKey, d2i_AutoPrivateKey, i2d_PrivateKey, i2d_PublicKey, d2i_PrivateKey_bio, d2i_PrivateKey_fp \&\- decode and encode functions for reading and saving EVP_PKEY structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); +\& int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); +\& +\& EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +\& EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBd2i_PrivateKey()\fR decodes a private key using algorithm \fBtype\fR. It attempts to +use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The +\&\fBtype\fR parameter should be a public key algorithm constant such as +\&\fB\s-1EVP_PKEY_RSA\s0\fR. An error occurs if the decoded key does not match \fBtype\fR. +\&\fBd2i_PublicKey()\fR does the same for public keys. +.PP +\&\fBd2i_AutoPrivateKey()\fR is similar to \fBd2i_PrivateKey()\fR except it attempts to +automatically detect the private key format. +.PP +\&\fBi2d_PrivateKey()\fR encodes \fBkey\fR. It uses a key specific format or, if none is +defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format. +\&\fBi2d_PublicKey()\fR does the same for public keys. +.PP +These functions are similar to the \fBd2i_X509()\fR functions; see \fBd2i_X509\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +All these functions use \s-1DER\s0 format and unencrypted keys. Applications wishing +to encrypt or decrypt private keys should use other functions such as +\&\fBd2i_PKCS8PrivateKey()\fR instead. +.PP +If the \fB*a\fR is not \s-1NULL\s0 when calling \fBd2i_PrivateKey()\fR or \fBd2i_AutoPrivateKey()\fR +(i.e. an existing structure is being reused) and the key format is PKCS#8 +then \fB*a\fR will be freed and replaced on a successful call. +.PP +To decode a key with type \fB\s-1EVP_PKEY_EC\s0\fR, \fBd2i_PublicKey()\fR requires \fB*a\fR to be +a non-NULL \s-1EVP_PKEY\s0 structure assigned an \s-1EC_KEY\s0 structure referencing the proper +\&\s-1EC_GROUP.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBd2i_PrivateKey()\fR, \fBd2i_AutoPrivateKey()\fR, \fBd2i_PrivateKey_bio()\fR, \fBd2i_PrivateKey_fp()\fR, +and \fBd2i_PublicKey()\fR functions return a valid \fB\s-1EVP_KEY\s0\fR structure or \fB\s-1NULL\s0\fR if an +error occurs. The error code can be obtained by calling \fBERR_get_error\fR\|(3). +.PP +\&\fBi2d_PrivateKey()\fR and \fBi2d_PublicKey()\fR return the number of bytes successfully +encoded or a negative value if an error occurs. The error code can be obtained +by calling \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/d2i_SSL_SESSION.3 b/deps/openssl/mingw64/share/man/man3/d2i_SSL_SESSION.3 new file mode 100644 index 00000000..4f9aab76 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/d2i_SSL_SESSION.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_SSL_SESSION 3" +.TH D2I_SSL_SESSION 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_SSL_SESSION, i2d_SSL_SESSION \- convert SSL_SESSION object from/to ASN1 representation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, +\& long length); +\& int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an \s-1SSL_SESSION\s0 object. +For encoding details see \fBd2i_X509\fR\|(3). +.PP +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 +object. In case of failure the NULL-pointer is returned and the error message +can be retrieved from the error stack. +.PP +\&\fBi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes. +When the session is not valid, \fB0\fR is returned and no operation is performed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBd2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/d2i_X509.3 b/deps/openssl/mingw64/share/man/man3/d2i_X509.3 new file mode 100644 index 00000000..704c93b2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/d2i_X509.3 @@ -0,0 +1,385 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_X509 3" +.TH D2I_X509 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_ACCESS_DESCRIPTION, d2i_ADMISSIONS, d2i_ADMISSION_SYNTAX, d2i_ASIdOrRange, d2i_ASIdentifierChoice, d2i_ASIdentifiers, d2i_ASN1_BIT_STRING, d2i_ASN1_BMPSTRING, d2i_ASN1_ENUMERATED, d2i_ASN1_GENERALIZEDTIME, d2i_ASN1_GENERALSTRING, d2i_ASN1_IA5STRING, d2i_ASN1_INTEGER, d2i_ASN1_NULL, d2i_ASN1_OBJECT, d2i_ASN1_OCTET_STRING, d2i_ASN1_PRINTABLE, d2i_ASN1_PRINTABLESTRING, d2i_ASN1_SEQUENCE_ANY, d2i_ASN1_SET_ANY, d2i_ASN1_T61STRING, d2i_ASN1_TIME, d2i_ASN1_TYPE, d2i_ASN1_UINTEGER, d2i_ASN1_UNIVERSALSTRING, d2i_ASN1_UTCTIME, d2i_ASN1_UTF8STRING, d2i_ASN1_VISIBLESTRING, d2i_ASRange, d2i_AUTHORITY_INFO_ACCESS, d2i_AUTHORITY_KEYID, d2i_BASIC_CONSTRAINTS, d2i_CERTIFICATEPOLICIES, d2i_CMS_ContentInfo, d2i_CMS_ReceiptRequest, d2i_CMS_bio, d2i_CRL_DIST_POINTS, d2i_DHxparams, d2i_DIRECTORYSTRING, d2i_DISPLAYTEXT, d2i_DIST_POINT, d2i_DIST_POINT_NAME, d2i_DSAPrivateKey, d2i_DSAPrivateKey_bio, d2i_DSAPrivateKey_fp, d2i_DSAPublicKey, d2i_DSA_PUBKEY, d2i_DSA_PUBKEY_bio, d2i_DSA_PUBKEY_fp, d2i_DSA_SIG, d2i_DSAparams, d2i_ECDSA_SIG, d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio, d2i_ECPrivateKey_fp, d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp, d2i_EDIPARTYNAME, d2i_ESS_CERT_ID, d2i_ESS_ISSUER_SERIAL, d2i_ESS_SIGNING_CERT, d2i_EXTENDED_KEY_USAGE, d2i_GENERAL_NAME, d2i_GENERAL_NAMES, d2i_IPAddressChoice, d2i_IPAddressFamily, d2i_IPAddressOrRange, d2i_IPAddressRange, d2i_ISSUING_DIST_POINT, d2i_NAMING_AUTHORITY, d2i_NETSCAPE_CERT_SEQUENCE, d2i_NETSCAPE_SPKAC, d2i_NETSCAPE_SPKI, d2i_NOTICEREF, d2i_OCSP_BASICRESP, d2i_OCSP_CERTID, d2i_OCSP_CERTSTATUS, d2i_OCSP_CRLID, d2i_OCSP_ONEREQ, d2i_OCSP_REQINFO, d2i_OCSP_REQUEST, d2i_OCSP_RESPBYTES, d2i_OCSP_RESPDATA, d2i_OCSP_RESPID, d2i_OCSP_RESPONSE, d2i_OCSP_REVOKEDINFO, d2i_OCSP_SERVICELOC, d2i_OCSP_SIGNATURE, d2i_OCSP_SINGLERESP, d2i_OTHERNAME, d2i_PBE2PARAM, d2i_PBEPARAM, d2i_PBKDF2PARAM, d2i_PKCS12, d2i_PKCS12_BAGS, d2i_PKCS12_MAC_DATA, d2i_PKCS12_SAFEBAG, d2i_PKCS12_bio, d2i_PKCS12_fp, d2i_PKCS7, d2i_PKCS7_DIGEST, d2i_PKCS7_ENCRYPT, d2i_PKCS7_ENC_CONTENT, d2i_PKCS7_ENVELOPE, d2i_PKCS7_ISSUER_AND_SERIAL, d2i_PKCS7_RECIP_INFO, d2i_PKCS7_SIGNED, d2i_PKCS7_SIGNER_INFO, d2i_PKCS7_SIGN_ENVELOPE, d2i_PKCS7_bio, d2i_PKCS7_fp, d2i_PKCS8_PRIV_KEY_INFO, d2i_PKCS8_PRIV_KEY_INFO_bio, d2i_PKCS8_PRIV_KEY_INFO_fp, d2i_PKCS8_bio, d2i_PKCS8_fp, d2i_PKEY_USAGE_PERIOD, d2i_POLICYINFO, d2i_POLICYQUALINFO, d2i_PROFESSION_INFO, d2i_PROXY_CERT_INFO_EXTENSION, d2i_PROXY_POLICY, d2i_RSAPrivateKey, d2i_RSAPrivateKey_bio, d2i_RSAPrivateKey_fp, d2i_RSAPublicKey, d2i_RSAPublicKey_bio, d2i_RSAPublicKey_fp, d2i_RSA_OAEP_PARAMS, d2i_RSA_PSS_PARAMS, d2i_RSA_PUBKEY, d2i_RSA_PUBKEY_bio, d2i_RSA_PUBKEY_fp, d2i_SCRYPT_PARAMS, d2i_SCT_LIST, d2i_SXNET, d2i_SXNETID, d2i_TS_ACCURACY, d2i_TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT_bio, d2i_TS_MSG_IMPRINT_fp, d2i_TS_REQ, d2i_TS_REQ_bio, d2i_TS_REQ_fp, d2i_TS_RESP, d2i_TS_RESP_bio, d2i_TS_RESP_fp, d2i_TS_STATUS_INFO, d2i_TS_TST_INFO, d2i_TS_TST_INFO_bio, d2i_TS_TST_INFO_fp, d2i_USERNOTICE, d2i_X509, d2i_X509_ALGOR, d2i_X509_ALGORS, d2i_X509_ATTRIBUTE, d2i_X509_CERT_AUX, d2i_X509_CINF, d2i_X509_CRL, d2i_X509_CRL_INFO, d2i_X509_CRL_bio, d2i_X509_CRL_fp, d2i_X509_EXTENSION, d2i_X509_EXTENSIONS, d2i_X509_NAME, d2i_X509_NAME_ENTRY, d2i_X509_PUBKEY, d2i_X509_REQ, d2i_X509_REQ_INFO, d2i_X509_REQ_bio, d2i_X509_REQ_fp, d2i_X509_REVOKED, d2i_X509_SIG, d2i_X509_VAL, i2d_ACCESS_DESCRIPTION, i2d_ADMISSIONS, i2d_ADMISSION_SYNTAX, i2d_ASIdOrRange, i2d_ASIdentifierChoice, i2d_ASIdentifiers, i2d_ASN1_BIT_STRING, i2d_ASN1_BMPSTRING, i2d_ASN1_ENUMERATED, i2d_ASN1_GENERALIZEDTIME, i2d_ASN1_GENERALSTRING, i2d_ASN1_IA5STRING, i2d_ASN1_INTEGER, i2d_ASN1_NULL, i2d_ASN1_OBJECT, i2d_ASN1_OCTET_STRING, i2d_ASN1_PRINTABLE, i2d_ASN1_PRINTABLESTRING, i2d_ASN1_SEQUENCE_ANY, i2d_ASN1_SET_ANY, i2d_ASN1_T61STRING, i2d_ASN1_TIME, i2d_ASN1_TYPE, i2d_ASN1_UNIVERSALSTRING, i2d_ASN1_UTCTIME, i2d_ASN1_UTF8STRING, i2d_ASN1_VISIBLESTRING, i2d_ASN1_bio_stream, i2d_ASRange, i2d_AUTHORITY_INFO_ACCESS, i2d_AUTHORITY_KEYID, i2d_BASIC_CONSTRAINTS, i2d_CERTIFICATEPOLICIES, i2d_CMS_ContentInfo, i2d_CMS_ReceiptRequest, i2d_CMS_bio, i2d_CRL_DIST_POINTS, i2d_DHxparams, i2d_DIRECTORYSTRING, i2d_DISPLAYTEXT, i2d_DIST_POINT, i2d_DIST_POINT_NAME, i2d_DSAPrivateKey, i2d_DSAPrivateKey_bio, i2d_DSAPrivateKey_fp, i2d_DSAPublicKey, i2d_DSA_PUBKEY, i2d_DSA_PUBKEY_bio, i2d_DSA_PUBKEY_fp, i2d_DSA_SIG, i2d_DSAparams, i2d_ECDSA_SIG, i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio, i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio, i2d_EC_PUBKEY_fp, i2d_EDIPARTYNAME, i2d_ESS_CERT_ID, i2d_ESS_ISSUER_SERIAL, i2d_ESS_SIGNING_CERT, i2d_EXTENDED_KEY_USAGE, i2d_GENERAL_NAME, i2d_GENERAL_NAMES, i2d_IPAddressChoice, i2d_IPAddressFamily, i2d_IPAddressOrRange, i2d_IPAddressRange, i2d_ISSUING_DIST_POINT, i2d_NAMING_AUTHORITY, i2d_NETSCAPE_CERT_SEQUENCE, i2d_NETSCAPE_SPKAC, i2d_NETSCAPE_SPKI, i2d_NOTICEREF, i2d_OCSP_BASICRESP, i2d_OCSP_CERTID, i2d_OCSP_CERTSTATUS, i2d_OCSP_CRLID, i2d_OCSP_ONEREQ, i2d_OCSP_REQINFO, i2d_OCSP_REQUEST, i2d_OCSP_RESPBYTES, i2d_OCSP_RESPDATA, i2d_OCSP_RESPID, i2d_OCSP_RESPONSE, i2d_OCSP_REVOKEDINFO, i2d_OCSP_SERVICELOC, i2d_OCSP_SIGNATURE, i2d_OCSP_SINGLERESP, i2d_OTHERNAME, i2d_PBE2PARAM, i2d_PBEPARAM, i2d_PBKDF2PARAM, i2d_PKCS12, i2d_PKCS12_BAGS, i2d_PKCS12_MAC_DATA, i2d_PKCS12_SAFEBAG, i2d_PKCS12_bio, i2d_PKCS12_fp, i2d_PKCS7, i2d_PKCS7_DIGEST, i2d_PKCS7_ENCRYPT, i2d_PKCS7_ENC_CONTENT, i2d_PKCS7_ENVELOPE, i2d_PKCS7_ISSUER_AND_SERIAL, i2d_PKCS7_NDEF, i2d_PKCS7_RECIP_INFO, i2d_PKCS7_SIGNED, i2d_PKCS7_SIGNER_INFO, i2d_PKCS7_SIGN_ENVELOPE, i2d_PKCS7_bio, i2d_PKCS7_fp, i2d_PKCS8PrivateKeyInfo_bio, i2d_PKCS8PrivateKeyInfo_fp, i2d_PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO_bio, i2d_PKCS8_PRIV_KEY_INFO_fp, i2d_PKCS8_bio, i2d_PKCS8_fp, i2d_PKEY_USAGE_PERIOD, i2d_POLICYINFO, i2d_POLICYQUALINFO, i2d_PROFESSION_INFO, i2d_PROXY_CERT_INFO_EXTENSION, i2d_PROXY_POLICY, i2d_RSAPrivateKey, i2d_RSAPrivateKey_bio, i2d_RSAPrivateKey_fp, i2d_RSAPublicKey, i2d_RSAPublicKey_bio, i2d_RSAPublicKey_fp, i2d_RSA_OAEP_PARAMS, i2d_RSA_PSS_PARAMS, i2d_RSA_PUBKEY, i2d_RSA_PUBKEY_bio, i2d_RSA_PUBKEY_fp, i2d_SCRYPT_PARAMS, i2d_SCT_LIST, i2d_SXNET, i2d_SXNETID, i2d_TS_ACCURACY, i2d_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT_bio, i2d_TS_MSG_IMPRINT_fp, i2d_TS_REQ, i2d_TS_REQ_bio, i2d_TS_REQ_fp, i2d_TS_RESP, i2d_TS_RESP_bio, i2d_TS_RESP_fp, i2d_TS_STATUS_INFO, i2d_TS_TST_INFO, i2d_TS_TST_INFO_bio, i2d_TS_TST_INFO_fp, i2d_USERNOTICE, i2d_X509, i2d_X509_ALGOR, i2d_X509_ALGORS, i2d_X509_ATTRIBUTE, i2d_X509_CERT_AUX, i2d_X509_CINF, i2d_X509_CRL, i2d_X509_CRL_INFO, i2d_X509_CRL_bio, i2d_X509_CRL_fp, i2d_X509_EXTENSION, i2d_X509_EXTENSIONS, i2d_X509_NAME, i2d_X509_NAME_ENTRY, i2d_X509_PUBKEY, i2d_X509_REQ, i2d_X509_REQ_INFO, i2d_X509_REQ_bio, i2d_X509_REQ_fp, i2d_X509_REVOKED, i2d_X509_SIG, i2d_X509_VAL, \&\- convert objects from/to ASN.1/DER representation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length); +\& TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a); +\& TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a); +\& +\& int i2d_TYPE(TYPE *a, unsigned char **ppout); +\& int i2d_TYPE_fp(FILE *fp, TYPE *a); +\& int i2d_TYPE_bio(BIO *bp, TYPE *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description here, \fI\s-1TYPE\s0\fR is used a placeholder +for any of the OpenSSL datatypes, such as \fIX509_CRL\fR. +The function parameters \fIppin\fR and \fIppout\fR are generally +either both named \fIpp\fR in the headers, or \fIin\fR and \fIout\fR. +.PP +These functions convert OpenSSL objects to and from their \s-1ASN.1/DER\s0 +encoding. Unlike the C structures which can have pointers to sub-objects +within, the \s-1DER\s0 is a serialized encoding, suitable for sending over the +network, writing to a file, and so on. +.PP +\&\fBd2i_TYPE()\fR attempts to decode \fBlen\fR bytes at \fB*ppin\fR. If successful a +pointer to the \fB\s-1TYPE\s0\fR structure is returned and \fB*ppin\fR is incremented to +the byte following the parsed data. If \fBa\fR is not \fB\s-1NULL\s0\fR then a pointer +to the returned structure is also written to \fB*a\fR. If an error occurred +then \fB\s-1NULL\s0\fR is returned. +.PP +On a successful return, if \fB*a\fR is not \fB\s-1NULL\s0\fR then it is assumed that \fB*a\fR +contains a valid \fB\s-1TYPE\s0\fR structure and an attempt is made to reuse it. This +\&\*(L"reuse\*(R" capability is present for historical compatibility but its use is +\&\fBstrongly discouraged\fR (see \s-1BUGS\s0 below, and the discussion in the \s-1RETURN +VALUES\s0 section). +.PP +\&\fBd2i_TYPE_bio()\fR is similar to \fBd2i_TYPE()\fR except it attempts +to parse data from \s-1BIO\s0 \fBbp\fR. +.PP +\&\fBd2i_TYPE_fp()\fR is similar to \fBd2i_TYPE()\fR except it attempts +to parse data from \s-1FILE\s0 pointer \fBfp\fR. +.PP +\&\fBi2d_TYPE()\fR encodes the structure pointed to by \fBa\fR into \s-1DER\s0 format. +If \fBppout\fR is not \fB\s-1NULL\s0\fR, it writes the \s-1DER\s0 encoded data to the buffer +at \fB*ppout\fR, and increments it to point after the data just written. +If the return value is negative an error occurred, otherwise it +returns the length of the encoded data. +.PP +If \fB*ppout\fR is \fB\s-1NULL\s0\fR memory will be allocated for a buffer and the encoded +data written to it. In this case \fB*ppout\fR is not incremented and it points +to the start of the data just written. +.PP +\&\fBi2d_TYPE_bio()\fR is similar to \fBi2d_TYPE()\fR except it writes +the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it +returns 1 for success and 0 for failure. +.PP +\&\fBi2d_TYPE_fp()\fR is similar to \fBi2d_TYPE()\fR except it writes +the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it +returns 1 for success and 0 for failure. +.PP +These routines do not encrypt private keys and therefore offer no +security; use \fBPEM_write_PrivateKey\fR\|(3) or similar for writing to files. +.SH "NOTES" +.IX Header "NOTES" +The letters \fBi\fR and \fBd\fR in \fBi2d_TYPE\fR stand for +\&\*(L"internal\*(R" (that is, an internal C structure) and \*(L"\s-1DER\*(R"\s0 respectively. +So \fBi2d_TYPE\fR converts from internal to \s-1DER.\s0 +.PP +The functions can also understand \fB\s-1BER\s0\fR forms. +.PP +The actual \s-1TYPE\s0 structure passed to \fBi2d_TYPE()\fR must be a valid +populated \fB\s-1TYPE\s0\fR structure \*(-- it \fBcannot\fR simply be fed with an +empty structure such as that returned by \fBTYPE_new()\fR. +.PP +The encoded data is in binary form and may contain embedded zeroes. +Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. +Functions such as \fBstrlen()\fR will \fBnot\fR return the correct length +of the encoded structure. +.PP +The ways that \fB*ppin\fR and \fB*ppout\fR are incremented after the operation +can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section for some common +errors. +The reason for this-auto increment behaviour is to reflect a typical +usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded +another will be processed after it. +.PP +The following points about the data types might be useful: +.IP "\fB\s-1ASN1_OBJECT\s0\fR" 4 +.IX Item "ASN1_OBJECT" +Represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 +.IP "\fBDHparams\fR" 4 +.IX Item "DHparams" +Represents a PKCS#3 \s-1DH\s0 parameters structure. +.IP "\fBDHxparams\fR" 4 +.IX Item "DHxparams" +Represents an \s-1ANSI X9.42 DH\s0 parameters structure. +.IP "\fB\s-1DSA_PUBKEY\s0\fR" 4 +.IX Item "DSA_PUBKEY" +Represents a \s-1DSA\s0 public key using a \fBSubjectPublicKeyInfo\fR structure. +.IP "\fBDSAPublicKey, DSAPrivateKey\fR" 4 +.IX Item "DSAPublicKey, DSAPrivateKey" +Use a non-standard OpenSSL format and should be avoided; use \fB\s-1DSA_PUBKEY\s0\fR, +\&\fB\fBPEM_write_PrivateKey\fB\|(3)\fR, or similar instead. +.IP "\fB\s-1ECDSA_SIG\s0\fR" 4 +.IX Item "ECDSA_SIG" +Represents an \s-1ECDSA\s0 signature. +.IP "\fBRSAPublicKey\fR" 4 +.IX Item "RSAPublicKey" +Represents a PKCS#1 \s-1RSA\s0 public key structure. +.IP "\fBX509_ALGOR\fR" 4 +.IX Item "X509_ALGOR" +Represents an \fBAlgorithmIdentifier\fR structure as used in \s-1IETF RFC 6960\s0 and +elsewhere. +.IP "\fBX509_Name\fR" 4 +.IX Item "X509_Name" +Represents a \fBName\fR type as used for subject and issuer names in +\&\s-1IETF RFC 6960\s0 and elsewhere. +.IP "\fBX509_REQ\fR" 4 +.IX Item "X509_REQ" +Represents a PKCS#10 certificate request. +.IP "\fBX509_SIG\fR" 4 +.IX Item "X509_SIG" +Represents the \fBDigestInfo\fR structure defined in PKCS#1 and PKCS#7. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_TYPE()\fR, \fBd2i_TYPE_bio()\fR and \fBd2i_TYPE_fp()\fR return a valid \fB\s-1TYPE\s0\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. If the \*(L"reuse\*(R" capability has been used with +a valid structure being passed in via \fBa\fR, then the object is freed in +the event of error and \fB*a\fR is set to \s-1NULL.\s0 +.PP +\&\fBi2d_TYPE()\fR returns the number of bytes successfully encoded or a negative +value if an error occurs. +.PP +\&\fBi2d_TYPE_bio()\fR and \fBi2d_TYPE_fp()\fR return 1 for success and 0 if an error +occurs. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Allocate and encode the \s-1DER\s0 encoding of an X509 structure: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +\& +\& buf = NULL; +\& len = i2d_X509(x, &buf); +\& if (len < 0) +\& /* error */ +.Ve +.PP +Attempt to decode a buffer: +.PP +.Vb 3 +\& X509 *x; +\& unsigned char *buf, *p; +\& int len; +\& +\& /* Set up buf and len to point to the input buffer. */ +\& p = buf; +\& x = d2i_X509(NULL, &p, len); +\& if (x == NULL) +\& /* error */ +.Ve +.PP +Alternative technique: +.PP +.Vb 3 +\& X509 *x; +\& unsigned char *buf, *p; +\& int len; +\& +\& /* Set up buf and len to point to the input buffer. */ +\& p = buf; +\& x = NULL; +\& +\& if (d2i_X509(&x, &p, len) == NULL) +\& /* error */ +.Ve +.SH "WARNINGS" +.IX Header "WARNINGS" +Using a temporary variable is mandatory. A common +mistake is to attempt to use a buffer directly as follows: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +\& +\& len = i2d_X509(x, NULL); +\& buf = OPENSSL_malloc(len); +\& ... +\& i2d_X509(x, &buf); +\& ... +\& OPENSSL_free(buf); +.Ve +.PP +This code will result in \fBbuf\fR apparently containing garbage because +it was incremented after the call to point after the data just written. +Also \fBbuf\fR will no longer contain the pointer allocated by \fBOPENSSL_malloc()\fR +and the subsequent call to \fBOPENSSL_free()\fR is likely to crash. +.PP +Another trap to avoid is misuse of the \fBa\fR argument to \fBd2i_TYPE()\fR: +.PP +.Vb 1 +\& X509 *x; +\& +\& if (d2i_X509(&x, &p, len) == NULL) +\& /* error */ +.Ve +.PP +This will probably crash somewhere in \fBd2i_X509()\fR. The reason for this +is that the variable \fBx\fR is uninitialized and an attempt will be made to +interpret its (invalid) value as an \fBX509\fR structure, typically causing +a segmentation violation. If \fBx\fR is set to \s-1NULL\s0 first then this will not +happen. +.SH "BUGS" +.IX Header "BUGS" +In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fBd2i_TYPE()\fR when +\&\fB*a\fR is valid is broken and some parts of the reused structure may +persist if they are not present in the new one. Additionally, in versions of +OpenSSL prior to 1.1.0, when the \*(L"reuse\*(R" behaviour is used and an error occurs +the behaviour is inconsistent. Some functions behaved as described here, while +some did not free \fB*a\fR on error and did not set \fB*a\fR to \s-1NULL.\s0 +.PP +As a result of the above issues the \*(L"reuse\*(R" behaviour is strongly discouraged. +.PP +\&\fBi2d_TYPE()\fR will not return an error in many versions of OpenSSL, +if mandatory fields are not initialized due to a programming error +then the encoded structure may contain invalid data or omit the +fields entirely and will not be parsed by \fBd2i_TYPE()\fR. This may be +fixed in future so code should not assume that \fBi2d_TYPE()\fR will +always succeed. +.PP +Any function which encodes a structure (\fBi2d_TYPE()\fR, +\&\fBi2d_TYPE()\fR or \fBi2d_TYPE()\fR) may return a stale encoding if the +structure has been modified after deserialization or previous +serialization. This is because some objects cache the encoding for +efficiency reasons. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 1998\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/i2d_CMS_bio_stream.3 b/deps/openssl/mingw64/share/man/man3/i2d_CMS_bio_stream.3 new file mode 100644 index 00000000..e0451405 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/i2d_CMS_bio_stream.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "I2D_CMS_BIO_STREAM 3" +.TH I2D_CMS_BIO_STREAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2d_CMS_bio_stream \- output CMS_ContentInfo structure in BER format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format. +.PP +It is otherwise identical to the function \fBSMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fBi2d_CMS_bio()\fR supporting +streaming. +.SH "BUGS" +.IX Header "BUGS" +The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3), +\&\fBSMIME_write_CMS\fR\|(3), +\&\fBPEM_write_bio_CMS_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBi2d_CMS_bio_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/i2d_PKCS7_bio_stream.3 b/deps/openssl/mingw64/share/man/man3/i2d_PKCS7_bio_stream.3 new file mode 100644 index 00000000..657ed5d7 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/i2d_PKCS7_bio_stream.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "I2D_PKCS7_BIO_STREAM 3" +.TH I2D_PKCS7_BIO_STREAM 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2d_PKCS7_bio_stream \- output PKCS7 structure in BER format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format. +.PP +It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fBd2i_PKCS7_bio()\fR supporting +streaming. +.SH "BUGS" +.IX Header "BUGS" +The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3), +\&\fBSMIME_write_PKCS7\fR\|(3), +\&\fBPEM_write_bio_PKCS7_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBi2d_PKCS7_bio_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/i2d_re_X509_tbs.3 b/deps/openssl/mingw64/share/man/man3/i2d_re_X509_tbs.3 new file mode 100644 index 00000000..e9cb58d3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/i2d_re_X509_tbs.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "I2D_RE_X509_TBS 3" +.TH I2D_RE_X509_TBS 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_X509_AUX, i2d_X509_AUX, i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs \&\- X509 encode and decode functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len); +\& int i2d_X509_AUX(X509 *x, unsigned char **out); +\& int i2d_re_X509_tbs(X509 *x, unsigned char **out); +\& int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp); +\& int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 encode and decode routines encode and parse an +\&\fBX509\fR structure, which represents an X509 certificate. +.PP +\&\fBd2i_X509_AUX()\fR is similar to \fBd2i_X509\fR\|(3) but the input is expected to +consist of an X509 certificate followed by auxiliary trust information. +This is used by the \s-1PEM\s0 routines to read \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. +This function should not be called on untrusted input. +.PP +\&\fBi2d_X509_AUX()\fR is similar to \fBi2d_X509\fR\|(3), but the encoded output +contains both the certificate and any auxiliary trust information. +This is used by the \s-1PEM\s0 routines to write \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. +Note that this is a non-standard OpenSSL-specific data format. +.PP +\&\fBi2d_re_X509_tbs()\fR is similar to \fBi2d_X509\fR\|(3) except it encodes only +the TBSCertificate portion of the certificate. \fBi2d_re_X509_CRL_tbs()\fR +and \fBi2d_re_X509_REQ_tbs()\fR are analogous for \s-1CRL\s0 and certificate request, +respectively. The \*(L"re\*(R" in \fBi2d_re_X509_tbs\fR stands for \*(L"re-encode\*(R", +and ensures that a fresh encoding is generated in case the object has been +modified after creation (see the \s-1BUGS\s0 section). +.PP +The encoding of the TBSCertificate portion of a certificate is cached +in the \fBX509\fR structure internally to improve encoding performance +and to ensure certificate signatures are verified correctly in some +certificates with broken (non-DER) encodings. +.PP +If, after modification, the \fBX509\fR object is re-signed with \fBX509_sign()\fR, +the encoding is automatically renewed. Otherwise, the encoding of the +TBSCertificate portion of the \fBX509\fR can be manually renewed by calling +\&\fBi2d_re_X509_tbs()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_X509_AUX()\fR returns a valid \fBX509\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBi2d_X509_AUX()\fR returns the length of encoded data or \-1 on error. +.PP +\&\fBi2d_re_X509_tbs()\fR, \fBi2d_re_X509_CRL_tbs()\fR and \fBi2d_re_X509_REQ_tbs()\fR return the +length of encoded data or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man3/o2i_SCT_LIST.3 b/deps/openssl/mingw64/share/man/man3/o2i_SCT_LIST.3 new file mode 100644 index 00000000..b1120f9b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man3/o2i_SCT_LIST.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "O2I_SCT_LIST 3" +.TH O2I_SCT_LIST 3 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT \- decode and encode Signed Certificate Timestamp lists in TLS wire format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, +\& size_t len); +\& int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); +\& SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); +\& int i2o_SCT(const SCT *sct, unsigned char **out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SCT_LIST\s0 and \s-1SCT\s0 functions are very similar to the i2d and d2i family of +functions, except that they convert to and from \s-1TLS\s0 wire format, as described in +\&\s-1RFC 6962.\s0 See d2i_SCT_LIST for more information about how the parameters are +treated and the return values. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All of the functions have return values consistent with those stated for +d2i_SCT_LIST and i2d_SCT_LIST. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7), +\&\fBd2i_SCT_LIST\fR\|(3), +\&\fBi2d_SCT_LIST\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man5/config.5 b/deps/openssl/mingw64/share/man/man5/config.5 new file mode 100644 index 00000000..f9664b73 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man5/config.5 @@ -0,0 +1,600 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CONFIG 5" +.TH CONFIG 5 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +config \- OpenSSL CONF library configuration files +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL \s-1CONF\s0 library can be used to read configuration files. +It is used for the OpenSSL master configuration file \fBopenssl.cnf\fR +and in a few other places like \fB\s-1SPKAC\s0\fR files and certificate extension +files for the \fBx509\fR utility. OpenSSL applications can also use the +\&\s-1CONF\s0 library for their own purposes. +.PP +A configuration file is divided into a number of sections. Each section +starts with a line \fB[ section_name ]\fR and ends when a new section is +started or end of file is reached. A section name can consist of +alphanumeric characters and underscores. +.PP +The first section of a configuration file is special and is referred +to as the \fBdefault\fR section. This section is usually unnamed and spans from the +start of file until the first named section. When a name is being looked up +it is first looked up in a named section (if any) and then the +default section. +.PP +The environment is mapped onto a section called \fB\s-1ENV\s0\fR. +.PP +Comments can be included by preceding them with the \fB#\fR character +.PP +Other files can be included using the \fB.include\fR directive followed +by a path. If the path points to a directory all files with +names ending with \fB.cnf\fR or \fB.conf\fR are included from the directory. +Recursive inclusion of directories from files in such directory is not +supported. That means the files in the included directory can also contain +\&\fB.include\fR directives but only inclusion of regular files is supported +there. The inclusion of directories is not supported on systems without +\&\s-1POSIX IO\s0 support. +.PP +It is strongly recommended to use absolute paths with the \fB.include\fR +directive. Relative paths are evaluated based on the application current +working directory so unless the configuration file containing the +\&\fB.include\fR directive is application specific the inclusion will not +work as expected. +.PP +There can be optional \fB=\fR character and whitespace characters between +\&\fB.include\fR directive and the path which can be useful in cases the +configuration file needs to be loaded by old OpenSSL versions which do +not support the \fB.include\fR syntax. They would bail out with error +if the \fB=\fR character is not present but with it they just ignore +the include. +.PP +Each section in a configuration file consists of a number of name and +value pairs of the form \fBname=value\fR +.PP +The \fBname\fR string can contain any alphanumeric characters as well as +a few punctuation symbols such as \fB.\fR \fB,\fR \fB;\fR and \fB_\fR. +.PP +The \fBvalue\fR string consists of the string following the \fB=\fR character +until end of line with any leading and trailing white space removed. +.PP +The value string undergoes variable expansion. This can be done by +including the form \fB\f(CB$var\fB\fR or \fB${var}\fR: this will substitute the value +of the named variable in the current section. It is also possible to +substitute a value from another section using the syntax \fB\f(CB$section::name\fB\fR +or \fB${section::name}\fR. By using the form \fB\f(CB$ENV::name\fB\fR environment +variables can be substituted. It is also possible to assign values to +environment variables by using the name \fBENV::name\fR, this will work +if the program looks up environment variables using the \fB\s-1CONF\s0\fR library +instead of calling \fBgetenv()\fR directly. The value string must not exceed 64k in +length after variable expansion. Otherwise an error will occur. +.PP +It is possible to escape certain characters by using any kind of quote +or the \fB\e\fR character. By making the last character of a line a \fB\e\fR +a \fBvalue\fR string can be spread across multiple lines. In addition +the sequences \fB\en\fR, \fB\er\fR, \fB\eb\fR and \fB\et\fR are recognized. +.PP +All expansion and escape rules as described above that apply to \fBvalue\fR +also apply to the path of the \fB.include\fR directive. +.SH "OPENSSL LIBRARY CONFIGURATION" +.IX Header "OPENSSL LIBRARY CONFIGURATION" +Applications can automatically configure certain +aspects of OpenSSL using the master OpenSSL configuration file, or optionally +an alternative configuration file. The \fBopenssl\fR utility includes this +functionality: any sub command uses the master OpenSSL configuration file +unless an option is used in the sub command to use an alternative configuration +file. +.PP +To enable library configuration the default section needs to contain an +appropriate line which points to the main configuration section. The default +name is \fBopenssl_conf\fR which is used by the \fBopenssl\fR utility. Other +applications may use an alternative name such as \fBmyapplication_conf\fR. +All library configuration lines appear in the default section at the start +of the configuration file. +.PP +The configuration section should consist of a set of name value pairs which +contain specific module configuration information. The \fBname\fR represents +the name of the \fIconfiguration module\fR. The meaning of the \fBvalue\fR is +module specific: it may, for example, represent a further configuration +section containing configuration module specific information. E.g.: +.PP +.Vb 2 +\& # This must be in the default section +\& openssl_conf = openssl_init +\& +\& [openssl_init] +\& +\& oid_section = new_oids +\& engines = engine_section +\& +\& [new_oids] +\& +\& ... new oids here ... +\& +\& [engine_section] +\& +\& ... engine stuff here ... +.Ve +.PP +The features of each configuration module are described below. +.SS "\s-1ASN1\s0 Object Configuration Module" +.IX Subsection "ASN1 Object Configuration Module" +This module has the name \fBoid_section\fR. The value of this variable points +to a section containing name value pairs of OIDs: the name is the \s-1OID\s0 short +and long name, the value is the numerical form of the \s-1OID.\s0 Although some of +the \fBopenssl\fR utility sub commands already have their own \s-1ASN1 OBJECT\s0 section +functionality not all do. By using the \s-1ASN1 OBJECT\s0 configuration module +\&\fBall\fR the \fBopenssl\fR utility sub commands can see the new objects as well +as any compliant applications. For example: +.PP +.Vb 1 +\& [new_oids] +\& +\& some_new_oid = 1.2.3.4 +\& some_other_oid = 1.2.3.5 +.Ve +.PP +It is also possible to set the value to the long name followed +by a comma and the numerical \s-1OID\s0 form. For example: +.PP +.Vb 1 +\& shortName = some object long name, 1.2.3.4 +.Ve +.SS "Engine Configuration Module" +.IX Subsection "Engine Configuration Module" +This \s-1ENGINE\s0 configuration module has the name \fBengines\fR. The value of this +variable points to a section containing further \s-1ENGINE\s0 configuration +information. +.PP +The section pointed to by \fBengines\fR is a table of engine names (though see +\&\fBengine_id\fR below) and further sections containing configuration information +specific to each \s-1ENGINE.\s0 +.PP +Each \s-1ENGINE\s0 specific section is used to set default algorithms, load +dynamic, perform initialization and send ctrls. The actual operation performed +depends on the \fIcommand\fR name which is the name of the name value pair. The +currently supported commands are listed below. +.PP +For example: +.PP +.Vb 1 +\& [engine_section] +\& +\& # Configure ENGINE named "foo" +\& foo = foo_section +\& # Configure ENGINE named "bar" +\& bar = bar_section +\& +\& [foo_section] +\& ... foo ENGINE specific commands ... +\& +\& [bar_section] +\& ... "bar" ENGINE specific commands ... +.Ve +.PP +The command \fBengine_id\fR is used to give the \s-1ENGINE\s0 name. If used this +command must be first. For example: +.PP +.Vb 3 +\& [engine_section] +\& # This would normally handle an ENGINE named "foo" +\& foo = foo_section +\& +\& [foo_section] +\& # Override default name and use "myfoo" instead. +\& engine_id = myfoo +.Ve +.PP +The command \fBdynamic_path\fR loads and adds an \s-1ENGINE\s0 from the given path. It +is equivalent to sending the ctrls \fB\s-1SO_PATH\s0\fR with the path argument followed +by \fB\s-1LIST_ADD\s0\fR with value 2 and \fB\s-1LOAD\s0\fR to the dynamic \s-1ENGINE.\s0 If this is +not the required behaviour then alternative ctrls can be sent directly +to the dynamic \s-1ENGINE\s0 using ctrl commands. +.PP +The command \fBinit\fR determines whether to initialize the \s-1ENGINE.\s0 If the value +is \fB0\fR the \s-1ENGINE\s0 will not be initialized, if \fB1\fR and attempt it made to +initialized the \s-1ENGINE\s0 immediately. If the \fBinit\fR command is not present +then an attempt will be made to initialize the \s-1ENGINE\s0 after all commands in +its section have been processed. +.PP +The command \fBdefault_algorithms\fR sets the default algorithms an \s-1ENGINE\s0 will +supply using the functions \fBENGINE_set_default_string()\fR. +.PP +If the name matches none of the above command names it is assumed to be a +ctrl command which is sent to the \s-1ENGINE.\s0 The value of the command is the +argument to the ctrl command. If the value is the string \fB\s-1EMPTY\s0\fR then no +value is sent to the command. +.PP +For example: +.PP +.Vb 1 +\& [engine_section] +\& +\& # Configure ENGINE named "foo" +\& foo = foo_section +\& +\& [foo_section] +\& # Load engine from DSO +\& dynamic_path = /some/path/fooengine.so +\& # A foo specific ctrl. +\& some_ctrl = some_value +\& # Another ctrl that doesn\*(Aqt take a value. +\& other_ctrl = EMPTY +\& # Supply all default algorithms +\& default_algorithms = ALL +.Ve +.SS "\s-1EVP\s0 Configuration Module" +.IX Subsection "EVP Configuration Module" +This modules has the name \fBalg_section\fR which points to a section containing +algorithm commands. +.PP +Currently the only algorithm command supported is \fBfips_mode\fR whose +value can only be the boolean string \fBoff\fR. If \fBfips_mode\fR is set to \fBon\fR, +an error occurs as this library version is not \s-1FIPS\s0 capable. +.SS "\s-1SSL\s0 Configuration Module" +.IX Subsection "SSL Configuration Module" +This module has the name \fBssl_conf\fR which points to a section containing +\&\s-1SSL\s0 configurations. +.PP +Each line in the \s-1SSL\s0 configuration section contains the name of the +configuration and the section containing it. +.PP +Each configuration section consists of command value pairs for \fB\s-1SSL_CONF\s0\fR. +Each pair will be passed to a \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure if it calls +\&\fBSSL_CTX_config()\fR or \fBSSL_config()\fR with the appropriate configuration name. +.PP +Note: any characters before an initial dot in the configuration section are +ignored so the same command can be used multiple times. +.PP +For example: +.PP +.Vb 1 +\& ssl_conf = ssl_sect +\& +\& [ssl_sect] +\& +\& server = server_section +\& +\& [server_section] +\& +\& RSA.Certificate = server\-rsa.pem +\& ECDSA.Certificate = server\-ecdsa.pem +\& Ciphers = ALL:!RC4 +.Ve +.PP +The system default configuration with name \fBsystem_default\fR if present will +be applied during any creation of the \fB\s-1SSL_CTX\s0\fR structure. +.PP +Example of a configuration with the system default: +.PP +.Vb 1 +\& ssl_conf = ssl_sect +\& +\& [ssl_sect] +\& +\& system_default = system_default_sect +\& +\& [system_default_sect] +\& +\& MinProtocol = TLSv1.2 +.Ve +.SH "NOTES" +.IX Header "NOTES" +If a configuration file attempts to expand a variable that doesn't exist +then an error is flagged and the file will not load. This can happen +if an attempt is made to expand an environment variable that doesn't +exist. For example in a previous version of OpenSSL the default OpenSSL +master configuration file used the value of \fB\s-1HOME\s0\fR which may not be +defined on non Unix systems and would cause an error. +.PP +This can be worked around by including a \fBdefault\fR section to provide +a default value: then if the environment lookup fails the default value +will be used instead. For this to work properly the default value must +be defined earlier in the configuration file than the expansion. See +the \fB\s-1EXAMPLES\s0\fR section for an example of how to do this. +.PP +If the same variable exists in the same section then all but the last +value will be silently ignored. In certain circumstances such as with +DNs the same field may occur multiple times. This is usually worked +around by ignoring any characters before an initial \fB.\fR e.g. +.PP +.Vb 2 +\& 1.OU="My first OU" +\& 2.OU="My Second OU" +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Here is a sample configuration file using some of the features +mentioned above. +.PP +.Vb 1 +\& # This is the default section. +\& +\& HOME=/temp +\& RANDFILE= ${ENV::HOME}/.rnd +\& configdir=$ENV::HOME/config +\& +\& [ section_one ] +\& +\& # We are now in section one. +\& +\& # Quotes permit leading and trailing whitespace +\& any = " any variable name " +\& +\& other = A string that can \e +\& cover several lines \e +\& by including \e\e characters +\& +\& message = Hello World\en +\& +\& [ section_two ] +\& +\& greeting = $section_one::message +.Ve +.PP +This next example shows how to expand environment variables safely. +.PP +Suppose you want a variable called \fBtmpfile\fR to refer to a +temporary filename. The directory it is placed in can determined by +the \fB\s-1TEMP\s0\fR or \fB\s-1TMP\s0\fR environment variables but they may not be +set to any value at all. If you just include the environment variable +names and the variable doesn't exist then this will cause an error when +an attempt is made to load the configuration file. By making use of the +default section both values can be looked up with \fB\s-1TEMP\s0\fR taking +priority and \fB/tmp\fR used if neither is defined: +.PP +.Vb 5 +\& TMP=/tmp +\& # The above value is used if TMP isn\*(Aqt in the environment +\& TEMP=$ENV::TMP +\& # The above value is used if TEMP isn\*(Aqt in the environment +\& tmpfile=${ENV::TEMP}/tmp.filename +.Ve +.PP +Simple OpenSSL library configuration example to enter \s-1FIPS\s0 mode: +.PP +.Vb 3 +\& # Default appname: should match "appname" parameter (if any) +\& # supplied to CONF_modules_load_file et al. +\& openssl_conf = openssl_conf_section +\& +\& [openssl_conf_section] +\& # Configuration module list +\& alg_section = evp_sect +\& +\& [evp_sect] +\& # Set to "yes" to enter FIPS mode if supported +\& fips_mode = yes +.Ve +.PP +Note: in the above example you will get an error in non \s-1FIPS\s0 capable versions +of OpenSSL. +.PP +Simple OpenSSL library configuration to make \s-1TLS 1.3\s0 the system-default +minimum \s-1TLS\s0 version: +.PP +.Vb 2 +\& # Toplevel section for openssl (including libssl) +\& openssl_conf = default_conf_section +\& +\& [default_conf_section] +\& # We only specify configuration for the "ssl module" +\& ssl_conf = ssl_section +\& +\& [ssl_section] +\& system_default = system_default_section +\& +\& [system_default_section] +\& MinProtocol = TLSv1.3 +.Ve +.PP +More complex OpenSSL library configuration. Add \s-1OID\s0 and don't enter \s-1FIPS\s0 mode: +.PP +.Vb 3 +\& # Default appname: should match "appname" parameter (if any) +\& # supplied to CONF_modules_load_file et al. +\& openssl_conf = openssl_conf_section +\& +\& [openssl_conf_section] +\& # Configuration module list +\& alg_section = evp_sect +\& oid_section = new_oids +\& +\& [evp_sect] +\& # This will have no effect as FIPS mode is off by default. +\& # Set to "yes" to enter FIPS mode, if supported +\& fips_mode = no +\& +\& [new_oids] +\& # New OID, just short name +\& newoid1 = 1.2.3.4.1 +\& # New OID shortname and long name +\& newoid2 = New OID 2 long name, 1.2.3.4.2 +.Ve +.PP +The above examples can be used with any application supporting library +configuration if \*(L"openssl_conf\*(R" is modified to match the appropriate \*(L"appname\*(R". +.PP +For example if the second sample file above is saved to \*(L"example.cnf\*(R" then +the command line: +.PP +.Vb 1 +\& OPENSSL_CONF=example.cnf openssl asn1parse \-genstr OID:1.2.3.4.1 +.Ve +.PP +will output: +.PP +.Vb 1 +\& 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1 +.Ve +.PP +showing that the \s-1OID\s0 \*(L"newoid1\*(R" has been added as \*(L"1.2.3.4.1\*(R". +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_CONF\s0\fR" 4 +.IX Item "OPENSSL_CONF" +The path to the config file. +Ignored in set-user-ID and set-group-ID programs. +.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IX Item "OPENSSL_ENGINES" +The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs. +.SH "BUGS" +.IX Header "BUGS" +Currently there is no way to include characters using the octal \fB\ennn\fR +form. Strings are all null terminated so nulls cannot form part of +the value. +.PP +The escaping isn't quite right: if you want to use sequences like \fB\en\fR +you can't use any quote escaping on the same line. +.PP +Files are loaded in a single pass. This means that an variable expansion +will only work if the variables referenced are defined earlier in the +file. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBx509\fR\|(1), \fBreq\fR\|(1), \fBca\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man5/x509v3_config.5 b/deps/openssl/mingw64/share/man/man5/x509v3_config.5 new file mode 100644 index 00000000..17df7432 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man5/x509v3_config.5 @@ -0,0 +1,704 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_CONFIG 5" +.TH X509V3_CONFIG 5 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +x509v3_config \- X509 V3 certificate extension configuration format +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several of the OpenSSL utilities can add extensions to a certificate or +certificate request based on the contents of a configuration file. +.PP +Typically the application will contain an option to point to an extension +section. Each line of the extension section takes the form: +.PP +.Vb 1 +\& extension_name=[critical,] extension_options +.Ve +.PP +If \fBcritical\fR is present then the extension will be critical. +.PP +The format of \fBextension_options\fR depends on the value of \fBextension_name\fR. +.PP +There are four main types of extension: \fIstring\fR extensions, \fImulti-valued\fR +extensions, \fIraw\fR and \fIarbitrary\fR extensions. +.PP +String extensions simply have a string which contains either the value itself +or how it is obtained. +.PP +For example: +.PP +.Vb 1 +\& nsComment="This is a Comment" +.Ve +.PP +Multi-valued extensions have a short form and a long form. The short form +is a list of names and values: +.PP +.Vb 1 +\& basicConstraints=critical,CA:true,pathlen:1 +.Ve +.PP +The long form allows the values to be placed in a separate section: +.PP +.Vb 1 +\& basicConstraints=critical,@bs_section +\& +\& [bs_section] +\& +\& CA=true +\& pathlen=1 +.Ve +.PP +Both forms are equivalent. +.PP +The syntax of raw extensions is governed by the extension code: it can +for example contain data in multiple sections. The correct syntax to +use is defined by the extension code itself: check out the certificate +policies extension for an example. +.PP +If an extension type is unsupported then the \fIarbitrary\fR extension syntax +must be used, see the \s-1ARBITRARY EXTENSIONS\s0 section for more details. +.SH "STANDARD EXTENSIONS" +.IX Header "STANDARD EXTENSIONS" +The following sections describe each supported extension in detail. +.SS "Basic Constraints." +.IX Subsection "Basic Constraints." +This is a multi valued extension which indicates whether a certificate is +a \s-1CA\s0 certificate. The first (mandatory) name is \fB\s-1CA\s0\fR followed by \fB\s-1TRUE\s0\fR or +\&\fB\s-1FALSE\s0\fR. If \fB\s-1CA\s0\fR is \fB\s-1TRUE\s0\fR then an optional \fBpathlen\fR name followed by an +non-negative value can be included. +.PP +For example: +.PP +.Vb 1 +\& basicConstraints=CA:TRUE +\& +\& basicConstraints=CA:FALSE +\& +\& basicConstraints=critical,CA:TRUE, pathlen:0 +.Ve +.PP +A \s-1CA\s0 certificate \fBmust\fR include the basicConstraints value with the \s-1CA\s0 field +set to \s-1TRUE.\s0 An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the +extension entirely. Some software may require the inclusion of basicConstraints +with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates. +.PP +The pathlen parameter indicates the maximum number of CAs that can appear +below this one in a chain. So if you have a \s-1CA\s0 with a pathlen of zero it can +only be used to sign end user certificates and not further CAs. +.SS "Key Usage." +.IX Subsection "Key Usage." +Key usage is a multi valued extension consisting of a list of names of the +permitted key usages. +.PP +The supported names are: digitalSignature, nonRepudiation, keyEncipherment, +dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly +and decipherOnly. +.PP +Examples: +.PP +.Vb 1 +\& keyUsage=digitalSignature, nonRepudiation +\& +\& keyUsage=critical, keyCertSign +.Ve +.SS "Extended Key Usage." +.IX Subsection "Extended Key Usage." +This extensions consists of a list of usages indicating purposes for which +the certificate public key can be used for, +.PP +These can either be object short names or the dotted numerical form of OIDs. +While any \s-1OID\s0 can be used only certain values make sense. In particular the +following \s-1PKIX, NS\s0 and \s-1MS\s0 values are meaningful: +.PP +.Vb 10 +\& Value Meaning +\& \-\-\-\-\- \-\-\-\-\-\-\- +\& serverAuth SSL/TLS Web Server Authentication. +\& clientAuth SSL/TLS Web Client Authentication. +\& codeSigning Code signing. +\& emailProtection E\-mail Protection (S/MIME). +\& timeStamping Trusted Timestamping +\& OCSPSigning OCSP Signing +\& ipsecIKE ipsec Internet Key Exchange +\& msCodeInd Microsoft Individual Code Signing (authenticode) +\& msCodeCom Microsoft Commercial Code Signing (authenticode) +\& msCTLSign Microsoft Trust List Signing +\& msEFS Microsoft Encrypted File System +.Ve +.PP +Examples: +.PP +.Vb 2 +\& extendedKeyUsage=critical,codeSigning,1.2.3.4 +\& extendedKeyUsage=serverAuth,clientAuth +.Ve +.SS "Subject Key Identifier." +.IX Subsection "Subject Key Identifier." +This is really a string extension and can take two possible values. Either +the word \fBhash\fR which will automatically follow the guidelines in \s-1RFC3280\s0 +or a hex string giving the extension value to include. The use of the hex +string is strongly discouraged. +.PP +Example: +.PP +.Vb 1 +\& subjectKeyIdentifier=hash +.Ve +.SS "Authority Key Identifier." +.IX Subsection "Authority Key Identifier." +The authority key identifier extension permits two options. keyid and issuer: +both can take the optional value \*(L"always\*(R". +.PP +If the keyid option is present an attempt is made to copy the subject key +identifier from the parent certificate. If the value \*(L"always\*(R" is present +then an error is returned if the option fails. +.PP +The issuer option copies the issuer and serial number from the issuer +certificate. This will only be done if the keyid option fails or +is not included unless the \*(L"always\*(R" flag will always include the value. +.PP +Example: +.PP +.Vb 1 +\& authorityKeyIdentifier=keyid,issuer +.Ve +.SS "Subject Alternative Name." +.IX Subsection "Subject Alternative Name." +The subject alternative name extension allows various literal values to be +included in the configuration file. These include \fBemail\fR (an email address) +\&\fB\s-1URI\s0\fR a uniform resource indicator, \fB\s-1DNS\s0\fR (a \s-1DNS\s0 domain name), \fB\s-1RID\s0\fR (a +registered \s-1ID: OBJECT IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR +(a distinguished name) and otherName. +.PP +The email option include a special 'copy' value. This will automatically +include any email addresses contained in the certificate subject name in +the extension. +.PP +The \s-1IP\s0 address used in the \fB\s-1IP\s0\fR options can be in either IPv4 or IPv6 format. +.PP +The value of \fBdirName\fR should point to a section containing the distinguished +name to use as a set of name value pairs. Multi values AVAs can be formed by +prefacing the name with a \fB+\fR character. +.PP +otherName can include arbitrary data associated with an \s-1OID:\s0 the value +should be the \s-1OID\s0 followed by a semicolon and the content in standard +\&\fBASN1_generate_nconf\fR\|(3) format. +.PP +Examples: +.PP +.Vb 5 +\& subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ +\& subjectAltName=IP:192.168.7.1 +\& subjectAltName=IP:13::17 +\& subjectAltName=email:my@other.address,RID:1.2.3.4 +\& subjectAltName=otherName:1.2.3.4;UTF8:some other identifier +\& +\& subjectAltName=dirName:dir_sect +\& +\& [dir_sect] +\& C=UK +\& O=My Organization +\& OU=My Unit +\& CN=My Name +.Ve +.SS "Issuer Alternative Name." +.IX Subsection "Issuer Alternative Name." +The issuer alternative name option supports all the literal options of +subject alternative name. It does \fBnot\fR support the email:copy option because +that would not make sense. It does support an additional issuer:copy option +that will copy all the subject alternative name values from the issuer +certificate (if possible). +.PP +Example: +.PP +.Vb 1 +\& issuerAltName = issuer:copy +.Ve +.SS "Authority Info Access." +.IX Subsection "Authority Info Access." +The authority information access extension gives details about how to access +certain information relating to the \s-1CA.\s0 Its syntax is accessOID;location +where \fIlocation\fR has the same syntax as subject alternative name (except +that email:copy is not supported). accessOID can be any valid \s-1OID\s0 but only +certain values are meaningful, for example \s-1OCSP\s0 and caIssuers. +.PP +Example: +.PP +.Vb 2 +\& authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ +\& authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html +.Ve +.SS "\s-1CRL\s0 distribution points" +.IX Subsection "CRL distribution points" +This is a multi-valued extension whose options can be either in name:value pair +using the same form as subject alternative name or a single value representing +a section name containing all the distribution point fields. +.PP +For a name:value pair a new DistributionPoint with the fullName field set to +the given value both the cRLissuer and reasons fields are omitted in this case. +.PP +In the single option case the section indicated contains values for each +field. In this section: +.PP +If the name is \*(L"fullname\*(R" the value field should contain the full name +of the distribution point in the same format as subject alternative name. +.PP +If the name is \*(L"relativename\*(R" then the value field should contain a section +name whose contents represent a \s-1DN\s0 fragment to be placed in this field. +.PP +The name \*(L"CRLIssuer\*(R" if present should contain a value for this field in +subject alternative name format. +.PP +If the name is \*(L"reasons\*(R" the value field should consist of a comma +separated field containing the reasons. Valid reasons are: \*(L"keyCompromise\*(R", +\&\*(L"CACompromise\*(R", \*(L"affiliationChanged\*(R", \*(L"superseded\*(R", \*(L"cessationOfOperation\*(R", +\&\*(L"certificateHold\*(R", \*(L"privilegeWithdrawn\*(R" and \*(L"AACompromise\*(R". +.PP +Simple examples: +.PP +.Vb 2 +\& crlDistributionPoints=URI:http://myhost.com/myca.crl +\& crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl +.Ve +.PP +Full distribution point example: +.PP +.Vb 1 +\& crlDistributionPoints=crldp1_section +\& +\& [crldp1_section] +\& +\& fullname=URI:http://myhost.com/myca.crl +\& CRLissuer=dirName:issuer_sect +\& reasons=keyCompromise, CACompromise +\& +\& [issuer_sect] +\& C=UK +\& O=Organisation +\& CN=Some Name +.Ve +.SS "Issuing Distribution Point" +.IX Subsection "Issuing Distribution Point" +This extension should only appear in CRLs. It is a multi valued extension +whose syntax is similar to the \*(L"section\*(R" pointed to by the \s-1CRL\s0 distribution +points extension with a few differences. +.PP +The names \*(L"reasons\*(R" and \*(L"CRLissuer\*(R" are not recognized. +.PP +The name \*(L"onlysomereasons\*(R" is accepted which sets this field. The value is +in the same format as the \s-1CRL\s0 distribution point \*(L"reasons\*(R" field. +.PP +The names \*(L"onlyuser\*(R", \*(L"onlyCA\*(R", \*(L"onlyAA\*(R" and \*(L"indirectCRL\*(R" are also accepted +the values should be a boolean value (\s-1TRUE\s0 or \s-1FALSE\s0) to indicate the value of +the corresponding field. +.PP +Example: +.PP +.Vb 1 +\& issuingDistributionPoint=critical, @idp_section +\& +\& [idp_section] +\& +\& fullname=URI:http://myhost.com/myca.crl +\& indirectCRL=TRUE +\& onlysomereasons=keyCompromise, CACompromise +\& +\& [issuer_sect] +\& C=UK +\& O=Organisation +\& CN=Some Name +.Ve +.SS "Certificate Policies." +.IX Subsection "Certificate Policies." +This is a \fIraw\fR extension. All the fields of this extension can be set by +using the appropriate syntax. +.PP +If you follow the \s-1PKIX\s0 recommendations and just using one \s-1OID\s0 then you just +include the value of that \s-1OID.\s0 Multiple OIDs can be set separated by commas, +for example: +.PP +.Vb 1 +\& certificatePolicies= 1.2.4.5, 1.1.3.4 +.Ve +.PP +If you wish to include qualifiers then the policy \s-1OID\s0 and qualifiers need to +be specified in a separate section: this is done by using the \f(CW@section\fR syntax +instead of a literal \s-1OID\s0 value. +.PP +The section referred to must include the policy \s-1OID\s0 using the name +policyIdentifier, cPSuri qualifiers can be included using the syntax: +.PP +.Vb 1 +\& CPS.nnn=value +.Ve +.PP +userNotice qualifiers can be set using the syntax: +.PP +.Vb 1 +\& userNotice.nnn=@notice +.Ve +.PP +The value of the userNotice qualifier is specified in the relevant section. +This section can include explicitText, organization and noticeNumbers +options. explicitText and organization are text strings, noticeNumbers is a +comma separated list of numbers. The organization and noticeNumbers options +(if included) must \s-1BOTH\s0 be present. If you use the userNotice option with \s-1IE5\s0 +then you need the 'ia5org' option at the top level to modify the encoding: +otherwise it will not be interpreted properly. +.PP +Example: +.PP +.Vb 1 +\& certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect +\& +\& [polsect] +\& +\& policyIdentifier = 1.3.5.8 +\& CPS.1="http://my.host.name/" +\& CPS.2="http://my.your.name/" +\& userNotice.1=@notice +\& +\& [notice] +\& +\& explicitText="Explicit Text Here" +\& organization="Organisation Name" +\& noticeNumbers=1,2,3,4 +.Ve +.PP +The \fBia5org\fR option changes the type of the \fIorganization\fR field. In \s-1RFC2459\s0 +it can only be of type DisplayText. In \s-1RFC3280\s0 IA5String is also permissible. +Some software (for example some versions of \s-1MSIE\s0) may require ia5org. +.PP +\&\s-1ASN1\s0 type of explicitText can be specified by prepending \fB\s-1UTF8\s0\fR, +\&\fB\s-1BMP\s0\fR or \fB\s-1VISIBLE\s0\fR prefix followed by colon. For example: +.PP +.Vb 2 +\& [notice] +\& explicitText="UTF8:Explicit Text Here" +.Ve +.SS "Policy Constraints" +.IX Subsection "Policy Constraints" +This is a multi-valued extension which consisting of the names +\&\fBrequireExplicitPolicy\fR or \fBinhibitPolicyMapping\fR and a non negative integer +value. At least one component must be present. +.PP +Example: +.PP +.Vb 1 +\& policyConstraints = requireExplicitPolicy:3 +.Ve +.SS "Inhibit Any Policy" +.IX Subsection "Inhibit Any Policy" +This is a string extension whose value must be a non negative integer. +.PP +Example: +.PP +.Vb 1 +\& inhibitAnyPolicy = 2 +.Ve +.SS "Name Constraints" +.IX Subsection "Name Constraints" +The name constraints extension is a multi-valued extension. The name should +begin with the word \fBpermitted\fR or \fBexcluded\fR followed by a \fB;\fR. The rest of +the name and the value follows the syntax of subjectAltName except email:copy +is not supported and the \fB\s-1IP\s0\fR form should consist of an \s-1IP\s0 addresses and +subnet mask separated by a \fB/\fR. +.PP +Examples: +.PP +.Vb 1 +\& nameConstraints=permitted;IP:192.168.0.0/255.255.0.0 +\& +\& nameConstraints=permitted;email:.somedomain.com +\& +\& nameConstraints=excluded;email:.com +.Ve +.SS "\s-1OCSP\s0 No Check" +.IX Subsection "OCSP No Check" +The \s-1OCSP\s0 No Check extension is a string extension but its value is ignored. +.PP +Example: +.PP +.Vb 1 +\& noCheck = ignored +.Ve +.SS "\s-1TLS\s0 Feature (aka Must Staple)" +.IX Subsection "TLS Feature (aka Must Staple)" +This is a multi-valued extension consisting of a list of \s-1TLS\s0 extension +identifiers. Each identifier may be a number (0..65535) or a supported name. +When a \s-1TLS\s0 client sends a listed extension, the \s-1TLS\s0 server is expected to +include that extension in its reply. +.PP +The supported names are: \fBstatus_request\fR and \fBstatus_request_v2\fR. +.PP +Example: +.PP +.Vb 1 +\& tlsfeature = status_request +.Ve +.SH "DEPRECATED EXTENSIONS" +.IX Header "DEPRECATED EXTENSIONS" +The following extensions are non standard, Netscape specific and largely +obsolete. Their use in new applications is discouraged. +.SS "Netscape String extensions." +.IX Subsection "Netscape String extensions." +Netscape Comment (\fBnsComment\fR) is a string extension containing a comment +which will be displayed when the certificate is viewed in some browsers. +.PP +Example: +.PP +.Vb 1 +\& nsComment = "Some Random Comment" +.Ve +.PP +Other supported extensions in this category are: \fBnsBaseUrl\fR, +\&\fBnsRevocationUrl\fR, \fBnsCaRevocationUrl\fR, \fBnsRenewalUrl\fR, \fBnsCaPolicyUrl\fR +and \fBnsSslServerName\fR. +.SS "Netscape Certificate Type" +.IX Subsection "Netscape Certificate Type" +This is a multi-valued extensions which consists of a list of flags to be +included. It was used to indicate the purposes for which a certificate could +be used. The basicConstraints, keyUsage and extended key usage extensions are +now used instead. +.PP +Acceptable values for nsCertType are: \fBclient\fR, \fBserver\fR, \fBemail\fR, +\&\fBobjsign\fR, \fBreserved\fR, \fBsslCA\fR, \fBemailCA\fR, \fBobjCA\fR. +.SH "ARBITRARY EXTENSIONS" +.IX Header "ARBITRARY EXTENSIONS" +If an extension is not supported by the OpenSSL code then it must be encoded +using the arbitrary extension format. It is also possible to use the arbitrary +format for supported extensions. Extreme care should be taken to ensure that +the data is formatted correctly for the given extension type. +.PP +There are two ways to encode arbitrary extensions. +.PP +The first way is to use the word \s-1ASN1\s0 followed by the extension content +using the same syntax as \fBASN1_generate_nconf\fR\|(3). +For example: +.PP +.Vb 1 +\& 1.2.3.4=critical,ASN1:UTF8String:Some random data +\& +\& 1.2.3.4=ASN1:SEQUENCE:seq_sect +\& +\& [seq_sect] +\& +\& field1 = UTF8:field1 +\& field2 = UTF8:field2 +.Ve +.PP +It is also possible to use the word \s-1DER\s0 to include the raw encoded data in any +extension. +.PP +.Vb 2 +\& 1.2.3.4=critical,DER:01:02:03:04 +\& 1.2.3.4=DER:01020304 +.Ve +.PP +The value following \s-1DER\s0 is a hex dump of the \s-1DER\s0 encoding of the extension +Any extension can be placed in this form to override the default behaviour. +For example: +.PP +.Vb 1 +\& basicConstraints=critical,DER:00:01:02:03 +.Ve +.SH "WARNINGS" +.IX Header "WARNINGS" +There is no guarantee that a specific implementation will process a given +extension. It may therefore be sometimes possible to use certificates for +purposes prohibited by their extensions because a specific application does +not recognize or honour the values of the relevant extensions. +.PP +The \s-1DER\s0 and \s-1ASN1\s0 options should be used with caution. It is possible to create +totally invalid extensions if they are not used carefully. +.SH "NOTES" +.IX Header "NOTES" +If an extension is multi-value and a field value must contain a comma the long +form must be used otherwise the comma would be misinterpreted as a field +separator. For example: +.PP +.Vb 1 +\& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar +.Ve +.PP +will produce an error but the equivalent form: +.PP +.Vb 1 +\& subjectAltName=@subject_alt_section +\& +\& [subject_alt_section] +\& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar +.Ve +.PP +is valid. +.PP +Due to the behaviour of the OpenSSL \fBconf\fR library the same field name +can only occur once in a section. This means that: +.PP +.Vb 1 +\& subjectAltName=@alt_section +\& +\& [alt_section] +\& +\& email=steve@here +\& email=steve@there +.Ve +.PP +will only recognize the last value. This can be worked around by using the form: +.PP +.Vb 1 +\& [alt_section] +\& +\& email.1=steve@here +\& email.2=steve@there +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBreq\fR\|(1), \fBca\fR\|(1), \fBx509\fR\|(1), +\&\fBASN1_generate_nconf\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/Ed25519.7 b/deps/openssl/mingw64/share/man/man7/Ed25519.7 new file mode 100644 index 00000000..d61e6831 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/Ed25519.7 @@ -0,0 +1,221 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ED25519 7" +.TH ED25519 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +Ed25519, Ed448 \&\- EVP_PKEY Ed25519 and Ed448 support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEd25519\fR and \fBEd448\fR \s-1EVP_PKEY\s0 implementation supports key generation, +one-shot digest sign and digest verify using PureEdDSA and \fBEd25519\fR or \fBEd448\fR +(see \s-1RFC8032\s0). It has associated private and public key formats compatible with +\&\s-1RFC 8410.\s0 +.PP +No additional parameters can be set during key generation, one-shot signing or +verification. In particular, because PureEdDSA is used, a digest must \fB\s-1NOT\s0\fR be +specified when signing or verifying. +.SH "NOTES" +.IX Header "NOTES" +The PureEdDSA algorithm does not support the streaming mechanism +of other signature algorithms using, for example, \fBEVP_DigestUpdate()\fR. +The message to sign or verify must be passed using the one-shot +\&\fBEVP_DigestSign()\fR and \fBEVP_DigestVerify()\fR functions. +.PP +When calling \fBEVP_DigestSignInit()\fR or \fBEVP_DigestVerifyInit()\fR, the +digest \fBtype\fR parameter \fB\s-1MUST\s0\fR be set to \fB\s-1NULL\s0\fR. +.PP +Applications wishing to sign certificates (or other structures such as +CRLs or certificate requests) using Ed25519 or Ed448 can either use \fBX509_sign()\fR +or \fBX509_sign_ctx()\fR in the usual way. +.PP +A context for the \fBEd25519\fR algorithm can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); +.Ve +.PP +For the \fBEd448\fR algorithm a context can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED448, NULL); +.Ve +.PP +Ed25519 or Ed448 private keys can be set directly using +\&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or loaded from a PKCS#8 private key file +using \fBPEM_read_bio_PrivateKey\fR\|(3) (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key. +.PP +Ed25519 or Ed448 public keys can be set directly using +\&\fBEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo +structure in a \s-1PEM\s0 file using \fBPEM_read_bio_PUBKEY\fR\|(3) (or similar function). +.PP +Ed25519 and Ed448 can be tested within \fBspeed\fR\|(1) application since version 1.1.1. +Valid algorithm names are \fBed25519\fR, \fBed448\fR and \fBeddsa\fR. If \fBeddsa\fR is +specified, then both Ed25519 and Ed448 are benchmarked. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example generates an \fB\s-1ED25519\s0\fR private key and writes it to standard +output in \s-1PEM\s0 format: +.PP +.Vb 9 +\& #include +\& #include +\& ... +\& EVP_PKEY *pkey = NULL; +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); +\& EVP_PKEY_keygen_init(pctx); +\& EVP_PKEY_keygen(pctx, &pkey); +\& EVP_PKEY_CTX_free(pctx); +\& PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestVerifyInit\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/RAND.7 b/deps/openssl/mingw64/share/man/man7/RAND.7 new file mode 100644 index 00000000..5c82830a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/RAND.7 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND 7" +.TH RAND 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND \&\- the OpenSSL random generator +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Random numbers are a vital part of cryptography, they are needed to provide +unpredictability for tasks like key generation, creating salts, and many more. +Software-based generators must be seeded with external randomness before they +can be used as a cryptographically-secure pseudo-random number generator +(\s-1CSPRNG\s0). +The availability of common hardware with special instructions and +modern operating systems, which may use items such as interrupt jitter +and network packet timings, can be reasonable sources of seeding material. +.PP +OpenSSL comes with a default implementation of the \s-1RAND API\s0 which is based on +the deterministic random bit generator (\s-1DRBG\s0) model as described in +[\s-1NIST SP 800\-90A\s0 Rev. 1]. The default random generator will initialize +automatically on first use and will be fully functional without having +to be initialized ('seeded') explicitly. +It seeds and reseeds itself automatically using trusted random sources +provided by the operating system. +.PP +As a normal application developer, you do not have to worry about any details, +just use \fBRAND_bytes\fR\|(3) to obtain random data. +Having said that, there is one important rule to obey: Always check the error +return value of \fBRAND_bytes\fR\|(3) and do not take randomness for granted. +Although (re\-)seeding is automatic, it can fail because no trusted random source +is available or the trusted source(s) temporarily fail to provide sufficient +random seed material. +In this case the \s-1CSPRNG\s0 enters an error state and ceases to provide output, +until it is able to recover from the error by reseeding itself. +For more details on reseeding and error recovery, see \s-1\fBRAND_DRBG\s0\fR\|(7). +.PP +For values that should remain secret, you can use \fBRAND_priv_bytes\fR\|(3) +instead. +This method does not provide 'better' randomness, it uses the same type of \s-1CSPRNG.\s0 +The intention behind using a dedicated \s-1CSPRNG\s0 exclusively for private +values is that none of its output should be visible to an attacker (e.g., +used as salt value), in order to reveal as little information as +possible about its internal state, and that a compromise of the \*(L"public\*(R" +\&\s-1CSPRNG\s0 instance will not affect the secrecy of these private values. +.PP +In the rare case where the default implementation does not satisfy your special +requirements, there are two options: +.IP "\(bu" 2 +Replace the default \s-1RAND\s0 method by your own \s-1RAND\s0 method using +\&\fBRAND_set_rand_method\fR\|(3). +.IP "\(bu" 2 +Modify the default settings of the OpenSSL \s-1RAND\s0 method by modifying the security +parameters of the underlying \s-1DRBG,\s0 which is described in detail in \s-1\fBRAND_DRBG\s0\fR\|(7). +.PP +Changing the default random generator or its default parameters should be necessary +only in exceptional cases and is not recommended, unless you have a profound knowledge +of cryptographic principles and understand the implications of your changes. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_priv_bytes\fR\|(3), +\&\fBRAND_get_rand_method\fR\|(3), +\&\fBRAND_set_rand_method\fR\|(3), +\&\fBRAND_OpenSSL\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/RAND_DRBG.7 b/deps/openssl/mingw64/share/man/man7/RAND_DRBG.7 new file mode 100644 index 00000000..c87fe511 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/RAND_DRBG.7 @@ -0,0 +1,396 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG 7" +.TH RAND_DRBG 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG \- the deterministic random bit generator +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The default OpenSSL \s-1RAND\s0 method is based on the \s-1RAND_DRBG\s0 class, +which implements a deterministic random bit generator (\s-1DRBG\s0). +A \s-1DRBG\s0 is a certain type of cryptographically-secure pseudo-random +number generator (\s-1CSPRNG\s0), which is described in +[\s-1NIST SP 800\-90A\s0 Rev. 1]. +.PP +While the \s-1RAND API\s0 is the 'frontend' which is intended to be used by +application developers for obtaining random bytes, the \s-1RAND_DRBG API\s0 +serves as the 'backend', connecting the former with the operating +systems's entropy sources and providing access to the \s-1DRBG\s0's +configuration parameters. +.SS "Disclaimer" +.IX Subsection "Disclaimer" +Unless you have very specific requirements for your random generator, +it is in general not necessary to utilize the \s-1RAND_DRBG API\s0 directly. +The usual way to obtain random bytes is to use \fBRAND_bytes\fR\|(3) or +\&\fBRAND_priv_bytes\fR\|(3), see also \s-1\fBRAND\s0\fR\|(7). +.SS "Typical Use Cases" +.IX Subsection "Typical Use Cases" +Typical examples for such special use cases are the following: +.IP "\(bu" 2 +You want to use your own private \s-1DRBG\s0 instances. +Multiple \s-1DRBG\s0 instances which are accessed only by a single thread provide +additional security (because their internal states are independent) and +better scalability in multithreaded applications (because they don't need +to be locked). +.IP "\(bu" 2 +You need to integrate a previously unsupported entropy source. +.IP "\(bu" 2 +You need to change the default settings of the standard OpenSSL \s-1RAND\s0 +implementation to meet specific requirements. +.SH "CHAINING" +.IX Header "CHAINING" +A \s-1DRBG\s0 instance can be used as the entropy source of another \s-1DRBG\s0 instance, +provided it has itself access to a valid entropy source. +The \s-1DRBG\s0 instance which acts as entropy source is called the \fIparent\fR \s-1DRBG,\s0 +the other instance the \fIchild\fR \s-1DRBG.\s0 +.PP +This is called chaining. A chained \s-1DRBG\s0 instance is created by passing +a pointer to the parent \s-1DRBG\s0 as argument to the \fBRAND_DRBG_new()\fR call. +It is possible to create chains of more than two \s-1DRBG\s0 in a row. +.SH "THE THREE SHARED DRBG INSTANCES" +.IX Header "THE THREE SHARED DRBG INSTANCES" +Currently, there are three shared \s-1DRBG\s0 instances, +the , , and \s-1DRBG.\s0 +While the \s-1DRBG\s0 is a single global instance, the and +\&\s-1DRBG\s0 are created per thread and accessed through thread-local storage. +.PP +By default, the functions \fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3) use +the thread-local and \s-1DRBG\s0 instance, respectively. +.SS "The \s-1DRBG\s0 instance" +.IX Subsection "The DRBG instance" +The \s-1DRBG\s0 is not used directly by the application, only for reseeding +the two other two \s-1DRBG\s0 instances. It reseeds itself by obtaining randomness +either from os entropy sources or by consuming randomness which was added +previously by \fBRAND_add\fR\|(3). +.SS "The \s-1DRBG\s0 instance" +.IX Subsection "The DRBG instance" +This instance is used per default by \fBRAND_bytes\fR\|(3). +.SS "The \s-1DRBG\s0 instance" +.IX Subsection "The DRBG instance" +This instance is used per default by \fBRAND_priv_bytes\fR\|(3) +.SH "LOCKING" +.IX Header "LOCKING" +The \s-1DRBG\s0 is intended to be accessed concurrently for reseeding +by its child \s-1DRBG\s0 instances. The necessary locking is done internally. +It is \fInot\fR thread-safe to access the \s-1DRBG\s0 directly via the +\&\s-1RAND_DRBG\s0 interface. +The and \s-1DRBG\s0 are thread-local, i.e. there is an +instance of each per thread. So they can safely be accessed without +locking via the \s-1RAND_DRBG\s0 interface. +.PP +Pointers to these \s-1DRBG\s0 instances can be obtained using +\&\fBRAND_DRBG_get0_master()\fR, +\&\fBRAND_DRBG_get0_public()\fR, and +\&\fBRAND_DRBG_get0_private()\fR, respectively. +Note that it is not allowed to store a pointer to one of the thread-local +\&\s-1DRBG\s0 instances in a variable or other memory location where it will be +accessed and used by multiple threads. +.PP +All other \s-1DRBG\s0 instances created by an application don't support locking, +because they are intended to be used by a single thread. +Instead of accessing a single \s-1DRBG\s0 instance concurrently from different +threads, it is recommended to instantiate a separate \s-1DRBG\s0 instance per +thread. Using the \s-1DRBG\s0 as entropy source for multiple \s-1DRBG\s0 +instances on different threads is thread-safe, because the \s-1DRBG\s0 instance +will lock the \s-1DRBG\s0 automatically for obtaining random input. +.SH "THE OVERALL PICTURE" +.IX Header "THE OVERALL PICTURE" +The following picture gives an overview over how the \s-1DRBG\s0 instances work +together and are being used. +.PP +.Vb 10 +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& | os entropy sources | +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& | +\& v +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& RAND_add() ==> <\-| shared DRBG (with locking) | +\& / \e +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& / \e +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& <\- | per\-thread DRBG instances | +\& | | +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& v v +\& RAND_bytes() RAND_priv_bytes() +\& | ^ +\& | | +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& | general purpose | | used for secrets like session keys | +\& | random generator | | and private keys for certificates | +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +.Ve +.PP +The usual way to obtain random bytes is to call RAND_bytes(...) or +RAND_priv_bytes(...). These calls are roughly equivalent to calling +RAND_DRBG_bytes(, ...) and RAND_DRBG_bytes(, ...), +respectively. The method \fBRAND_DRBG_bytes\fR\|(3) is a convenience method +wrapping the \fBRAND_DRBG_generate\fR\|(3) function, which serves the actual +request for random data. +.SH "RESEEDING" +.IX Header "RESEEDING" +A \s-1DRBG\s0 instance seeds itself automatically, pulling random input from +its entropy source. The entropy source can be either a trusted operating +system entropy source, or another \s-1DRBG\s0 with access to such a source. +.PP +Automatic reseeding occurs after a predefined number of generate requests. +The selection of the trusted entropy sources is configured at build +time using the \-\-with\-rand\-seed option. The following sections explain +the reseeding process in more detail. +.SS "Automatic Reseeding" +.IX Subsection "Automatic Reseeding" +Before satisfying a generate request (\fBRAND_DRBG_generate\fR\|(3)), the \s-1DRBG\s0 +reseeds itself automatically, if one of the following conditions holds: +.PP +\&\- the \s-1DRBG\s0 was not instantiated (=seeded) yet or has been uninstantiated. +.PP +\&\- the number of generate requests since the last reseeding exceeds a +certain threshold, the so called \fIreseed_interval\fR. +This behaviour can be disabled by setting the \fIreseed_interval\fR to 0. +.PP +\&\- the time elapsed since the last reseeding exceeds a certain time +interval, the so called \fIreseed_time_interval\fR. +This can be disabled by setting the \fIreseed_time_interval\fR to 0. +.PP +\&\- the \s-1DRBG\s0 is in an error state. +.PP +\&\fBNote\fR: An error state is entered if the entropy source fails while +the \s-1DRBG\s0 is seeding or reseeding. +The last case ensures that the \s-1DRBG\s0 automatically recovers +from the error as soon as the entropy source is available again. +.SS "Manual Reseeding" +.IX Subsection "Manual Reseeding" +In addition to automatic reseeding, the caller can request an immediate +reseeding of the \s-1DRBG\s0 with fresh entropy by setting the +\&\fIprediction resistance\fR parameter to 1 when calling \fBRAND_DRBG_generate\fR\|(3). +.PP +The document [\s-1NIST SP 800\-90C\s0] describes prediction resistance requests +in detail and imposes strict conditions on the entropy sources that are +approved for providing prediction resistance. +Since the default \s-1DRBG\s0 implementation does not have access to such an approved +entropy source, a request for prediction resistance will currently always fail. +In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 +.PP +For the three shared DRBGs (and only for these) there is another way to +reseed them manually: +If \fBRAND_add\fR\|(3) is called with a positive \fIrandomness\fR argument +(or \fBRAND_seed\fR\|(3)), then this will immediately reseed the \s-1DRBG.\s0 +The and \s-1DRBG\s0 will detect this on their next generate +call and reseed, pulling randomness from . +.PP +The last feature has been added to support the common practice used with +previous OpenSSL versions to call \fBRAND_add()\fR before calling \fBRAND_bytes()\fR. +.SS "Entropy Input vs. Additional Data" +.IX Subsection "Entropy Input vs. Additional Data" +The \s-1DRBG\s0 distinguishes two different types of random input: \fIentropy\fR, +which comes from a trusted source, and \fIadditional input\fR', +which can optionally be added by the user and is considered untrusted. +It is possible to add \fIadditional input\fR not only during reseeding, +but also for every generate request. +This is in fact done automatically by \fBRAND_DRBG_bytes\fR\|(3). +.SS "Configuring the Random Seed Source" +.IX Subsection "Configuring the Random Seed Source" +In most cases OpenSSL will automatically choose a suitable seed source +for automatically seeding and reseeding its \s-1DRBG.\s0 In some cases +however, it will be necessary to explicitly specify a seed source during +configuration, using the \-\-with\-rand\-seed option. For more information, +see the \s-1INSTALL\s0 instructions. There are also operating systems where no +seed source is available and automatic reseeding is disabled by default. +.PP +The following two sections describe the reseeding process of the master +\&\s-1DRBG,\s0 depending on whether automatic reseeding is available or not. +.SS "Reseeding the master \s-1DRBG\s0 with automatic seeding enabled" +.IX Subsection "Reseeding the master DRBG with automatic seeding enabled" +Calling \fBRAND_poll()\fR or \fBRAND_add()\fR is not necessary, because the \s-1DRBG\s0 +pulls the necessary entropy from its source automatically. +However, both calls are permitted, and do reseed the \s-1RNG.\s0 +.PP +\&\fBRAND_add()\fR can be used to add both kinds of random input, depending on the +value of the \fBrandomness\fR argument: +.IP "randomness == 0:" 4 +.IX Item "randomness == 0:" +The random bytes are mixed as additional input into the current state of +the \s-1DRBG.\s0 +Mixing in additional input is not considered a full reseeding, hence the +reseed counter is not reset. +.IP "randomness > 0:" 4 +.IX Item "randomness > 0:" +The random bytes are used as entropy input for a full reseeding +(resp. reinstantiation) if the \s-1DRBG\s0 is instantiated +(resp. uninstantiated or in an error state). +The number of random bits required for reseeding is determined by the +security strength of the \s-1DRBG.\s0 Currently it defaults to 256 bits (32 bytes). +It is possible to provide less randomness than required. +In this case the missing randomness will be obtained by pulling random input +from the trusted entropy sources. +.SS "Reseeding the master \s-1DRBG\s0 with automatic seeding disabled" +.IX Subsection "Reseeding the master DRBG with automatic seeding disabled" +Calling \fBRAND_poll()\fR will always fail. +.PP +\&\fBRAND_add()\fR needs to be called for initial seeding and periodic reseeding. +At least 48 bytes (384 bits) of randomness have to be provided, otherwise +the (re\-)seeding of the \s-1DRBG\s0 will fail. This corresponds to one and a half +times the security strength of the \s-1DRBG.\s0 The extra half is used for the +nonce during instantiation. +.PP +More precisely, the number of bytes needed for seeding depend on the +\&\fIsecurity strength\fR of the \s-1DRBG,\s0 which is set to 256 by default. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_DRBG_bytes\fR\|(3), +\&\fBRAND_DRBG_generate\fR\|(3), +\&\fBRAND_DRBG_reseed\fR\|(3), +\&\fBRAND_DRBG_get0_master\fR\|(3), +\&\fBRAND_DRBG_get0_public\fR\|(3), +\&\fBRAND_DRBG_get0_private\fR\|(3), +\&\fBRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\fBRAND_DRBG_set_reseed_defaults\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/RSA-PSS.7 b/deps/openssl/mingw64/share/man/man7/RSA-PSS.7 new file mode 100644 index 00000000..1b6ddf10 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/RSA-PSS.7 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA-PSS 7" +.TH RSA-PSS 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA\-PSS \- EVP_PKEY RSA\-PSS algorithm support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBRSA-PSS\fR \s-1EVP_PKEY\s0 implementation is a restricted version of the \s-1RSA\s0 +algorithm which only supports signing, verification and key generation +using \s-1PSS\s0 padding modes with optional parameter restrictions. +.PP +It has associated private key and public key formats. +.PP +This algorithm shares several control operations with the \fB\s-1RSA\s0\fR algorithm +but with some restrictions described below. +.SS "Signing and Verification" +.IX Subsection "Signing and Verification" +Signing and verification is similar to the \fB\s-1RSA\s0\fR algorithm except the +padding mode is always \s-1PSS.\s0 If the key in use has parameter restrictions then +the corresponding signature parameters are set to the restrictions: +for example, if the key can only be used with digest \s-1SHA256, MGF1 SHA256\s0 +and minimum salt length 32 then the digest, \s-1MGF1\s0 digest and salt length +will be set to \s-1SHA256, SHA256\s0 and 32 respectively. +.SS "Key Generation" +.IX Subsection "Key Generation" +By default no parameter restrictions are placed on the generated key. +.SH "NOTES" +.IX Header "NOTES" +The public key format is documented in \s-1RFC4055.\s0 +.PP +The PKCS#8 private key format used for RSA-PSS keys is similar to the \s-1RSA\s0 +format except it uses the \fBid-RSASSA-PSS\fR \s-1OID\s0 and the parameters field, if +present, restricts the key parameters in the same way as the public key. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 4055\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md\fR\|(3), +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md\fR\|(3), +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/SM2.7 b/deps/openssl/mingw64/share/man/man7/SM2.7 new file mode 100644 index 00000000..66122c0a --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/SM2.7 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SM2 7" +.TH SM2 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SM2 \- Chinese SM2 signature and encryption algorithm support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1SM2\s0\fR algorithm was first defined by the Chinese national standard \s-1GM/T +0003\-2012\s0 and was later standardized by \s-1ISO\s0 as \s-1ISO/IEC 14888.\s0 \fB\s-1SM2\s0\fR is actually +an elliptic curve based algorithm. The current implementation in OpenSSL supports +both signature and encryption schemes via the \s-1EVP\s0 interface. +.PP +When doing the \fB\s-1SM2\s0\fR signature algorithm, it requires a distinguishing identifier +to form the message prefix which is hashed before the real message is hashed. +.SH "NOTES" +.IX Header "NOTES" +\&\fB\s-1SM2\s0\fR signatures can be generated by using the 'DigestSign' series of APIs, for +instance, \fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR. +Ditto for the verification process by calling the 'DigestVerify' series of APIs. +.PP +There are several special steps that need to be done before computing an \fB\s-1SM2\s0\fR +signature. +.PP +The \fB\s-1EVP_PKEY\s0\fR structure will default to using \s-1ECDSA\s0 for signatures when it is +created. It should be set to \fB\s-1EVP_PKEY_SM2\s0\fR by calling: +.PP +.Vb 1 +\& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); +.Ve +.PP +Then an \s-1ID\s0 should be set by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX_set1_id(pctx, id, id_len); +.Ve +.PP +When calling the \fBEVP_DigestSignInit()\fR or \fBEVP_DigestVerifyInit()\fR functions, a +pre-allocated \fB\s-1EVP_PKEY_CTX\s0\fR should be assigned to the \fB\s-1EVP_MD_CTX\s0\fR. This is +done by calling: +.PP +.Vb 1 +\& EVP_MD_CTX_set_pkey_ctx(mctx, pctx); +.Ve +.PP +And normally there is no need to pass a \fBpctx\fR parameter to \fBEVP_DigestSignInit()\fR +or \fBEVP_DigestVerifyInit()\fR in such a scenario. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example demonstrates the calling sequence for using an \fB\s-1EVP_PKEY\s0\fR to verify +a message with the \s-1SM2\s0 signature algorithm and the \s-1SM3\s0 hash algorithm: +.PP +.Vb 1 +\& #include +\& +\& /* obtain an EVP_PKEY using whatever methods... */ +\& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); +\& mctx = EVP_MD_CTX_new(); +\& pctx = EVP_PKEY_CTX_new(pkey, NULL); +\& EVP_PKEY_CTX_set1_id(pctx, id, id_len); +\& EVP_MD_CTX_set_pkey_ctx(mctx, pctx);; +\& EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey); +\& EVP_DigestVerifyUpdate(mctx, msg, msg_len); +\& EVP_DigestVerifyFinal(mctx, sig, sig_len) +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_set_alias_type\fR\|(3), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestVerifyInit\fR\|(3), +\&\fBEVP_PKEY_CTX_set1_id\fR\|(3), +\&\fBEVP_MD_CTX_set_pkey_ctx\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/X25519.7 b/deps/openssl/mingw64/share/man/man7/X25519.7 new file mode 100644 index 00000000..d3802985 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/X25519.7 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X25519 7" +.TH X25519 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X25519, X448 \&\- EVP_PKEY X25519 and X448 support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX25519\fR and \fBX448\fR \s-1EVP_PKEY\s0 implementation supports key generation and +key derivation using \fBX25519\fR and \fBX448\fR. It has associated private and public +key formats compatible with \s-1RFC 8410.\s0 +.PP +No additional parameters can be set during key generation. +.PP +The peer public key must be set using \fBEVP_PKEY_derive_set_peer()\fR when +performing key derivation. +.SH "NOTES" +.IX Header "NOTES" +A context for the \fBX25519\fR algorithm can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); +.Ve +.PP +For the \fBX448\fR algorithm a context can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL); +.Ve +.PP +X25519 or X448 private keys can be set directly using +\&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or loaded from a PKCS#8 private key file +using \fBPEM_read_bio_PrivateKey\fR\|(3) (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key. +.PP +X25519 or X448 public keys can be set directly using +\&\fBEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo +structure in a \s-1PEM\s0 file using \fBPEM_read_bio_PUBKEY\fR\|(3) (or similar function). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example generates an \fBX25519\fR private key and writes it to standard +output in \s-1PEM\s0 format: +.PP +.Vb 9 +\& #include +\& #include +\& ... +\& EVP_PKEY *pkey = NULL; +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); +\& EVP_PKEY_keygen_init(pctx); +\& EVP_PKEY_keygen(pctx, &pkey); +\& EVP_PKEY_CTX_free(pctx); +\& PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); +.Ve +.PP +The key derivation example in \fBEVP_PKEY_derive\fR\|(3) can be used with +\&\fBX25519\fR and \fBX448\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3), +\&\fBEVP_PKEY_derive_set_peer\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/bio.7 b/deps/openssl/mingw64/share/man/man7/bio.7 new file mode 100644 index 00000000..02d835cb --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/bio.7 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO 7" +.TH BIO 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +bio \- Basic I/O abstraction +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1BIO\s0 is an I/O abstraction, it hides many of the underlying I/O +details from an application. If an application uses a \s-1BIO\s0 for its +I/O it can transparently handle \s-1SSL\s0 connections, unencrypted network +connections and file I/O. +.PP +There are two type of \s-1BIO,\s0 a source/sink \s-1BIO\s0 and a filter \s-1BIO.\s0 +.PP +As its name implies a source/sink \s-1BIO\s0 is a source and/or sink of data, +examples include a socket \s-1BIO\s0 and a file \s-1BIO.\s0 +.PP +A filter \s-1BIO\s0 takes data from one \s-1BIO\s0 and passes it through to +another, or the application. The data may be left unmodified (for +example a message digest \s-1BIO\s0) or translated (for example an +encryption \s-1BIO\s0). The effect of a filter \s-1BIO\s0 may change according +to the I/O operation it is performing: for example an encryption +\&\s-1BIO\s0 will encrypt data if it is being written to and decrypt data +if it is being read from. +.PP +BIOs can be joined together to form a chain (a single \s-1BIO\s0 is a chain +with one component). A chain normally consist of one source/sink +\&\s-1BIO\s0 and one or more filter BIOs. Data read from or written to the +first \s-1BIO\s0 then traverses the chain to the end (normally a source/sink +\&\s-1BIO\s0). +.PP +Some BIOs (such as memory BIOs) can be used immediately after calling +\&\fBBIO_new()\fR. Others (such as file BIOs) need some additional initialization, +and frequently a utility function exists to create and initialize such BIOs. +.PP +If \fBBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting +in a memory leak. +.PP +Calling \fBBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling +\&\fBBIO_free()\fR on it other than the discarded return value. +.PP +Normally the \fBtype\fR argument is supplied by a function which returns a +pointer to a \s-1BIO_METHOD.\s0 There is a naming convention for such functions: +a source/sink \s-1BIO\s0 is normally called BIO_s_*() and a filter \s-1BIO\s0 +BIO_f_*(); +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a memory \s-1BIO:\s0 +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_ctrl\fR\|(3), +\&\fBBIO_f_base64\fR\|(3), \fBBIO_f_buffer\fR\|(3), +\&\fBBIO_f_cipher\fR\|(3), \fBBIO_f_md\fR\|(3), +\&\fBBIO_f_null\fR\|(3), \fBBIO_f_ssl\fR\|(3), +\&\fBBIO_find_type\fR\|(3), \fBBIO_new\fR\|(3), +\&\fBBIO_new_bio_pair\fR\|(3), +\&\fBBIO_push\fR\|(3), \fBBIO_read_ex\fR\|(3), +\&\fBBIO_s_accept\fR\|(3), \fBBIO_s_bio\fR\|(3), +\&\fBBIO_s_connect\fR\|(3), \fBBIO_s_fd\fR\|(3), +\&\fBBIO_s_file\fR\|(3), \fBBIO_s_mem\fR\|(3), +\&\fBBIO_s_null\fR\|(3), \fBBIO_s_socket\fR\|(3), +\&\fBBIO_set_callback\fR\|(3), +\&\fBBIO_should_retry\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/crypto.7 b/deps/openssl/mingw64/share/man/man7/crypto.7 new file mode 100644 index 00000000..be52881c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/crypto.7 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO 7" +.TH CRYPTO 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +crypto \- OpenSSL cryptographic library +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +See the individual manual pages for details. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL \fBcrypto\fR library implements a wide range of cryptographic +algorithms used in various Internet standards. The services provided +by this library are used by the OpenSSL implementations of \s-1SSL, TLS\s0 +and S/MIME, and they have also been used to implement \s-1SSH,\s0 OpenPGP, and +other cryptographic standards. +.PP +\&\fBlibcrypto\fR consists of a number of sub-libraries that implement the +individual algorithms. +.PP +The functionality includes symmetric encryption, public key +cryptography and key agreement, certificate handling, cryptographic +hash functions, cryptographic pseudo-random number generator, and +various utilities. +.SH "NOTES" +.IX Header "NOTES" +Some of the newer functions follow a naming convention using the numbers +\&\fB0\fR and \fB1\fR. For example the functions: +.PP +.Vb 2 +\& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +\& int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +.Ve +.PP +The \fB0\fR version uses the supplied structure pointer directly +in the parent and it will be freed up when the parent is freed. +In the above example \fBcrl\fR would be freed but \fBrev\fR would not. +.PP +The \fB1\fR function uses a copy of the supplied structure pointer +(or in some cases increases its link count) in the parent and +so both (\fBx\fR and \fBobj\fR above) should be freed up. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See the individual manual pages for details. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\fR\|(1), \fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/ct.7 b/deps/openssl/mingw64/share/man/man7/ct.7 new file mode 100644 index 00000000..173906df --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/ct.7 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CT 7" +.TH CT 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ct \- Certificate Transparency +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements Certificate Transparency (\s-1CT\s0) verification for \s-1TLS\s0 +clients, as defined in \s-1RFC 6962.\s0 This verification can provide some confidence +that a certificate has been publicly logged in a set of \s-1CT\s0 logs. +.PP +By default, these checks are disabled. They can be enabled using +\&\fBSSL_CTX_enable_ct\fR\|(3) or \fBSSL_enable_ct\fR\|(3). +.PP +This library can also be used to parse and examine \s-1CT\s0 data structures, such as +Signed Certificate Timestamps (SCTs), or to read a list of \s-1CT\s0 logs. There are +functions for: +\&\- decoding and encoding SCTs in \s-1DER\s0 and \s-1TLS\s0 wire format. +\&\- printing SCTs. +\&\- verifying the authenticity of SCTs. +\&\- loading a \s-1CT\s0 log list from a \s-1CONF\s0 file. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_SCT_LIST\fR\|(3), +\&\fBCTLOG_STORE_new\fR\|(3), +\&\fBCTLOG_STORE_get0_log_by_id\fR\|(3), +\&\fBSCT_new\fR\|(3), +\&\fBSCT_print\fR\|(3), +\&\fBSCT_validate\fR\|(3), +\&\fBSCT_validate\fR\|(3), +\&\fBCT_POLICY_EVAL_CTX_new\fR\|(3), +\&\fBSSL_CTX_set_ct_validation_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The ct library was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/des_modes.7 b/deps/openssl/mingw64/share/man/man7/des_modes.7 new file mode 100644 index 00000000..3fd9a7c2 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/des_modes.7 @@ -0,0 +1,295 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DES_MODES 7" +.TH DES_MODES 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +des_modes \- the variants of DES and other crypto algorithms of OpenSSL +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several crypto algorithms for OpenSSL can be used in a number of modes. Those +are used for using block ciphers in a way similar to stream ciphers, among +other things. +.SH "OVERVIEW" +.IX Header "OVERVIEW" +.SS "Electronic Codebook Mode (\s-1ECB\s0)" +.IX Subsection "Electronic Codebook Mode (ECB)" +Normally, this is found as the function \fIalgorithm\fR\fB_ecb_encrypt()\fR. +.IP "\(bu" 2 +64 bits are enciphered at a time. +.IP "\(bu" 2 +The order of the blocks can be rearranged without detection. +.IP "\(bu" 2 +The same plaintext block always produces the same ciphertext block +(for the same key) making it vulnerable to a 'dictionary attack'. +.IP "\(bu" 2 +An error will only affect one ciphertext block. +.SS "Cipher Block Chaining Mode (\s-1CBC\s0)" +.IX Subsection "Cipher Block Chaining Mode (CBC)" +Normally, this is found as the function \fIalgorithm\fR\fB_cbc_encrypt()\fR. +Be aware that \fBdes_cbc_encrypt()\fR is not really \s-1DES CBC\s0 (it does +not update the \s-1IV\s0); use \fBdes_ncbc_encrypt()\fR instead. +.IP "\(bu" 2 +a multiple of 64 bits are enciphered at a time. +.IP "\(bu" 2 +The \s-1CBC\s0 mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable. +.IP "\(bu" 2 +The chaining operation makes the ciphertext blocks dependent on the +current and all preceding plaintext blocks and therefore blocks can not +be rearranged. +.IP "\(bu" 2 +The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext. +.IP "\(bu" 2 +An error will affect the current and the following ciphertext blocks. +.SS "Cipher Feedback Mode (\s-1CFB\s0)" +.IX Subsection "Cipher Feedback Mode (CFB)" +Normally, this is found as the function \fIalgorithm\fR\fB_cfb_encrypt()\fR. +.IP "\(bu" 2 +a number of bits (j) <= 64 are enciphered at a time. +.IP "\(bu" 2 +The \s-1CFB\s0 mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable. +.IP "\(bu" 2 +The chaining operation makes the ciphertext variables dependent on the +current and all preceding variables and therefore j\-bit variables are +chained together and can not be rearranged. +.IP "\(bu" 2 +The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext. +.IP "\(bu" 2 +The strength of the \s-1CFB\s0 mode depends on the size of k (maximal if +j == k). In my implementation this is always the case. +.IP "\(bu" 2 +Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads. +.IP "\(bu" 2 +Only multiples of j bits can be enciphered. +.IP "\(bu" 2 +An error will affect the current and the following ciphertext variables. +.SS "Output Feedback Mode (\s-1OFB\s0)" +.IX Subsection "Output Feedback Mode (OFB)" +Normally, this is found as the function \fIalgorithm\fR\fB_ofb_encrypt()\fR. +.IP "\(bu" 2 +a number of bits (j) <= 64 are enciphered at a time. +.IP "\(bu" 2 +The \s-1OFB\s0 mode produces the same ciphertext whenever the same +plaintext enciphered using the same key and starting variable. More +over, in the \s-1OFB\s0 mode the same key stream is produced when the same +key and start variable are used. Consequently, for security reasons +a specific start variable should be used only once for a given key. +.IP "\(bu" 2 +The absence of chaining makes the \s-1OFB\s0 more vulnerable to specific attacks. +.IP "\(bu" 2 +The use of different start variables values prevents the same +plaintext enciphering to the same ciphertext, by producing different +key streams. +.IP "\(bu" 2 +Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads. +.IP "\(bu" 2 +Only multiples of j bits can be enciphered. +.IP "\(bu" 2 +\&\s-1OFB\s0 mode of operation does not extend ciphertext errors in the +resultant plaintext output. Every bit error in the ciphertext causes +only one bit to be in error in the deciphered plaintext. +.IP "\(bu" 2 +\&\s-1OFB\s0 mode is not self-synchronizing. If the two operation of +encipherment and decipherment get out of synchronism, the system needs +to be re-initialized. +.IP "\(bu" 2 +Each re-initialization should use a value of the start variable +different from the start variable values used before with the same +key. The reason for this is that an identical bit stream would be +produced each time from the same parameters. This would be +susceptible to a 'known plaintext' attack. +.SS "Triple \s-1ECB\s0 Mode" +.IX Subsection "Triple ECB Mode" +Normally, this is found as the function \fIalgorithm\fR\fB_ecb3_encrypt()\fR. +.IP "\(bu" 2 +Encrypt with key1, decrypt with key2 and encrypt with key3 again. +.IP "\(bu" 2 +As for \s-1ECB\s0 encryption but increases the key length to 168 bits. +There are theoretic attacks that can be used that make the effective +key length 112 bits, but this attack also requires 2^56 blocks of +memory, not very likely, even for the \s-1NSA.\s0 +.IP "\(bu" 2 +If both keys are the same it is equivalent to encrypting once with +just one key. +.IP "\(bu" 2 +If the first and last key are the same, the key length is 112 bits. +There are attacks that could reduce the effective key strength +to only slightly more than 56 bits, but these require a lot of memory. +.IP "\(bu" 2 +If all 3 keys are the same, this is effectively the same as normal +ecb mode. +.SS "Triple \s-1CBC\s0 Mode" +.IX Subsection "Triple CBC Mode" +Normally, this is found as the function \fIalgorithm\fR\fB_ede3_cbc_encrypt()\fR. +.IP "\(bu" 2 +Encrypt with key1, decrypt with key2 and then encrypt with key3. +.IP "\(bu" 2 +As for \s-1CBC\s0 encryption but increases the key length to 168 bits with +the same restrictions as for triple ecb mode. +.SH "NOTES" +.IX Header "NOTES" +This text was been written in large parts by Eric Young in his original +documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed +it to: +.PP +.Vb 5 +\& AS 2805.5.2 +\& Australian Standard +\& Electronic funds transfer \- Requirements for interfaces, +\& Part 5.2: Modes of operation for an n\-bit block cipher algorithm +\& Appendix A +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBF_encrypt\fR\|(3), \fBDES_crypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/evp.7 b/deps/openssl/mingw64/share/man/man7/evp.7 new file mode 100644 index 00000000..13122df3 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/evp.7 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP 7" +.TH EVP 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +evp \- high\-level cryptographic functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 library provides a high-level interface to cryptographic +functions. +.PP +The \fBEVP_Seal\fR\fI\s-1XXX\s0\fR and \fBEVP_Open\fR\fI\s-1XXX\s0\fR +functions provide public key encryption and decryption to implement digital \*(L"envelopes\*(R". +.PP +The \fBEVP_DigestSign\fR\fI\s-1XXX\s0\fR and +\&\fBEVP_DigestVerify\fR\fI\s-1XXX\s0\fR functions implement +digital signatures and Message Authentication Codes (MACs). Also see the older +\&\fBEVP_Sign\fR\fI\s-1XXX\s0\fR and \fBEVP_Verify\fR\fI\s-1XXX\s0\fR +functions. +.PP +Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI\s-1XXX\s0\fR +functions. The \fBEVP_Digest\fR\fI\s-1XXX\s0\fR functions provide message digests. +.PP +The \fB\s-1EVP_PKEY\s0\fR\fI\s-1XXX\s0\fR functions provide a high level interface to +asymmetric algorithms. To create a new \s-1EVP_PKEY\s0 see +\&\fBEVP_PKEY_new\fR\|(3). EVP_PKEYs can be associated +with a private key of a particular algorithm by using the functions +described on the \fBEVP_PKEY_set1_RSA\fR\|(3) page, or +new keys can be generated using \fBEVP_PKEY_keygen\fR\|(3). +EVP_PKEYs can be compared using \fBEVP_PKEY_cmp\fR\|(3), or printed using +\&\fBEVP_PKEY_print_private\fR\|(3). +.PP +The \s-1EVP_PKEY\s0 functions support the full range of asymmetric algorithm operations: +.IP "For key agreement see \fBEVP_PKEY_derive\fR\|(3)" 4 +.IX Item "For key agreement see EVP_PKEY_derive" +.PD 0 +.IP "For signing and verifying see \fBEVP_PKEY_sign\fR\|(3), \fBEVP_PKEY_verify\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the \fBEVP_DigestSignInit\fR\|(3) functions for this purpose." 4 +.IX Item "For signing and verifying see EVP_PKEY_sign, EVP_PKEY_verify and EVP_PKEY_verify_recover. However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the EVP_DigestSignInit functions for this purpose." +.ie n .IP "For encryption and decryption see \fBEVP_PKEY_encrypt\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ""digital envelope"" using the \fBEVP_SealInit\fR\|(3) and \fBEVP_OpenInit\fR\|(3) functions." 4 +.el .IP "For encryption and decryption see \fBEVP_PKEY_encrypt\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ``digital envelope'' using the \fBEVP_SealInit\fR\|(3) and \fBEVP_OpenInit\fR\|(3) functions." 4 +.IX Item "For encryption and decryption see EVP_PKEY_encrypt and EVP_PKEY_decrypt respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a digital envelope using the EVP_SealInit and EVP_OpenInit functions." +.PD +.PP +The \fBEVP_BytesToKey\fR\|(3) function provides some limited support for password +based encryption. Careful selection of the parameters will provide a PKCS#5 \s-1PBKDF1\s0 compatible +implementation. However, new applications should not typically use this (preferring, for example, +\&\s-1PBKDF2\s0 from PCKS#5). +.PP +The \fBEVP_Encode\fR\fI\s-1XXX\s0\fR and +\&\fBEVP_Decode\fR\fI\s-1XXX\s0\fR functions implement base 64 encoding +and decoding. +.PP +All the symmetric algorithms (ciphers), digests and asymmetric algorithms +(public key algorithms) can be replaced by \s-1ENGINE\s0 modules providing alternative +implementations. If \s-1ENGINE\s0 implementations of ciphers or digests are registered +as defaults, then the various \s-1EVP\s0 functions will automatically use those +implementations automatically in preference to built in software +implementations. For more information, consult the \fBengine\fR\|(3) man page. +.PP +Although low level algorithm specific functions exist for many algorithms +their use is discouraged. They cannot be used with an \s-1ENGINE\s0 and \s-1ENGINE\s0 +versions of new algorithms cannot be accessed using the low level functions. +Also makes code harder to adapt to new algorithms and some options are not +cleanly supported at the low level and some operations are more efficient +using the high level interface. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_OpenInit\fR\|(3), +\&\fBEVP_SealInit\fR\|(3), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_SignInit\fR\|(3), +\&\fBEVP_VerifyInit\fR\|(3), +\&\fBEVP_EncodeInit\fR\|(3), +\&\fBEVP_PKEY_new\fR\|(3), +\&\fBEVP_PKEY_set1_RSA\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3), +\&\fBEVP_PKEY_print_private\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3), +\&\fBEVP_BytesToKey\fR\|(3), +\&\fBENGINE_by_id\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/ossl_store-file.7 b/deps/openssl/mingw64/share/man/man7/ossl_store-file.7 new file mode 100644 index 00000000..3aec5be5 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/ossl_store-file.7 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE-FILE 7" +.TH OSSL_STORE-FILE 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ossl_store\-file \- The store 'file' scheme loader +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +#include +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for the 'file' scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. +Since files come in all kinds of formats and content types, the 'file' +scheme has its own layer of functionality called \*(L"file handlers\*(R", +which are used to try to decode diverse types of file contents. +.PP +In case a file is formatted as \s-1PEM,\s0 each called file handler receives +the \s-1PEM\s0 name (everything following any '\f(CW\*(C`\-\-\-\-\-BEGIN \*(C'\fR') as well as +possible \s-1PEM\s0 headers, together with the decoded \s-1PEM\s0 body. Since \s-1PEM\s0 +formatted files can contain more than one object, the file handlers +are called upon for each such object. +.PP +If the file isn't determined to be formatted as \s-1PEM,\s0 the content is +loaded in raw form in its entirety and passed to the available file +handlers as is, with no \s-1PEM\s0 name or headers. +.PP +Each file handler is expected to handle \s-1PEM\s0 and non-PEM content as +appropriate. Some may refuse non-PEM content for the sake of +determinism (for example, there are keys out in the wild that are +represented as an \s-1ASN.1 OCTET STRING.\s0 In raw form, it's not easily +possible to distinguish those from any other data coming as an \s-1ASN.1 +OCTET STRING,\s0 so such keys would naturally be accepted as \s-1PEM\s0 files +only). +.SH "NOTES" +.IX Header "NOTES" +When needed, the 'file' scheme loader will require a pass phrase by +using the \f(CW\*(C`UI_METHOD\*(C'\fR that was passed via \fBOSSL_STORE_open()\fR. +This pass phrase is expected to be \s-1UTF\-8\s0 encoded, anything else will +give an undefined result. +The files made accessible through this loader are expected to be +standard compliant with regards to pass phrase encoding. +Files that aren't should be re-generated with a correctly encoded pass +phrase. +See \fBpassphrase\-encoding\fR\|(7) for more information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/ossl_store.7 b/deps/openssl/mingw64/share/man/man7/ossl_store.7 new file mode 100644 index 00000000..e66149bd --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/ossl_store.7 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE 7" +.TH OSSL_STORE 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ossl_store \- Store retrieval functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +#include +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "General" +.IX Subsection "General" +A \s-1STORE\s0 is a layer of functionality to retrieve a number of supported +objects from a repository of any kind, addressable as a file name or +as a \s-1URI.\s0 +.PP +The functionality supports the pattern \*(L"open a channel to the +repository\*(R", \*(L"loop and retrieve one object at a time\*(R", and \*(L"finish up +by closing the channel\*(R". +.PP +The retrieved objects are returned as a wrapper type \fB\s-1OSSL_STORE_INFO\s0\fR, +from which an OpenSSL type can be retrieved. +.SS "\s-1URI\s0 schemes and loaders" +.IX Subsection "URI schemes and loaders" +Support for a \s-1URI\s0 scheme is called a \s-1STORE\s0 \*(L"loader\*(R", and can be added +dynamically from the calling application or from a loadable engine. +.PP +Support for the 'file' scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. +See \fBossl_store\-file\fR\|(7) for more information. +.SS "\s-1UI_METHOD\s0 and pass phrases" +.IX Subsection "UI_METHOD and pass phrases" +The \fB\s-1OSS_STORE\s0\fR \s-1API\s0 does nothing to enforce any specific format or +encoding on the pass phrase that the \fB\s-1UI_METHOD\s0\fR provides. However, +the pass phrase is expected to be \s-1UTF\-8\s0 encoded. The result of any +other encoding is undefined. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.SS "A generic call" +.IX Subsection "A generic call" +.Vb 1 +\& OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem"); +\& +\& /* +\& * OSSL_STORE_eof() simulates file semantics for any repository to signal +\& * that no more data can be expected +\& */ +\& while (!OSSL_STORE_eof(ctx)) { +\& OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); +\& +\& /* +\& * Do whatever is necessary with the OSSL_STORE_INFO, +\& * here just one example +\& */ +\& switch (OSSL_STORE_INFO_get_type(info)) { +\& case OSSL_STORE_INFO_X509: +\& /* Print the X.509 certificate text */ +\& X509_print_fp(stdout, OSSL_STORE_INFO_get0_CERT(info)); +\& /* Print the X.509 certificate PEM output */ +\& PEM_write_X509(stdout, OSSL_STORE_INFO_get0_CERT(info)); +\& break; +\& } +\& } +\& +\& OSSL_STORE_close(ctx); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \s-1\fBOSSL_STORE_LOADER\s0\fR\|(3), +\&\fBOSSL_STORE_open\fR\|(3), \fBOSSL_STORE_expect\fR\|(3), +\&\s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/passphrase-encoding.7 b/deps/openssl/mingw64/share/man/man7/passphrase-encoding.7 new file mode 100644 index 00000000..a9b5de4c --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/passphrase-encoding.7 @@ -0,0 +1,287 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PASSPHRASE-ENCODING 7" +.TH PASSPHRASE-ENCODING 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +passphrase\-encoding \&\- How diverse parts of OpenSSL treat pass phrases character encoding +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In a modern world with all sorts of character encodings, the treatment of pass +phrases has become increasingly complex. +This manual page attempts to give an overview over how this problem is +currently addressed in different parts of the OpenSSL library. +.SS "The general case" +.IX Subsection "The general case" +The OpenSSL library doesn't treat pass phrases in any special way as a general +rule, and trusts the application or user to choose a suitable character set +and stick to that throughout the lifetime of affected objects. +This means that for an object that was encrypted using a pass phrase encoded in +\&\s-1ISO\-8859\-1,\s0 that object needs to be decrypted using a pass phrase encoded in +\&\s-1ISO\-8859\-1.\s0 +Using the wrong encoding is expected to cause a decryption failure. +.SS "PKCS#12" +.IX Subsection "PKCS#12" +PKCS#12 is a bit different regarding pass phrase encoding. +The standard stipulates that the pass phrase shall be encoded as an \s-1ASN.1\s0 +BMPString, which consists of the code points of the basic multilingual plane, +encoded in big endian (\s-1UCS\-2 BE\s0). +.PP +OpenSSL tries to adapt to this requirements in one of the following manners: +.IP "1." 4 +Treats the received pass phrase as \s-1UTF\-8\s0 encoded and tries to re-encode it to +\&\s-1UTF\-16\s0 (which is the same as \s-1UCS\-2\s0 for characters U+0000 to U+D7FF and U+E000 +to U+FFFF, but becomes an expansion for any other character), or failing that, +proceeds with step 2. +.IP "2." 4 +Assumes that the pass phrase is encoded in \s-1ASCII\s0 or \s-1ISO\-8859\-1\s0 and +opportunistically prepends each byte with a zero byte to obtain the \s-1UCS\-2\s0 +encoding of the characters, which it stores as a BMPString. +.Sp +Note that since there is no check of your locale, this may produce \s-1UCS\-2 / +UTF\-16\s0 characters that do not correspond to the original pass phrase characters +for other character sets, such as any \s-1ISO\-8859\-X\s0 encoding other than +\&\s-1ISO\-8859\-1\s0 (or for Windows, \s-1CP 1252\s0 with exception for the extra \*(L"graphical\*(R" +characters in the 0x80\-0x9F range). +.PP +OpenSSL versions older than 1.1.0 do variant 2 only, and that is the reason why +OpenSSL still does this, to be able to read files produced with older versions. +.PP +It should be noted that this approach isn't entirely fault free. +.PP +A pass phrase encoded in \s-1ISO\-8859\-2\s0 could very well have a sequence such as +0xC3 0xAF (which is the two characters \*(L"\s-1LATIN CAPITAL LETTER A WITH BREVE\*(R"\s0 +and \*(L"\s-1LATIN CAPITAL LETTER Z WITH DOT ABOVE\*(R"\s0 in \s-1ISO\-8859\-2\s0 encoding), but would +be misinterpreted as the perfectly valid \s-1UTF\-8\s0 encoded code point U+00EF (\s-1LATIN +SMALL LETTER I WITH DIAERESIS\s0) \fIif the pass phrase doesn't contain anything that +would be invalid \s-1UTF\-8\s0\fR. +A pass phrase that contains this kind of byte sequence will give a different +outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0. +.PP +.Vb 2 +\& 0x00 0xC3 0x00 0xAF # OpenSSL older than 1.1.0 +\& 0x00 0xEF # OpenSSL 1.1.0 and newer +.Ve +.PP +On the same accord, anything encoded in \s-1UTF\-8\s0 that was given to OpenSSL older +than 1.1.0 was misinterpreted as \s-1ISO\-8859\-1\s0 sequences. +.SS "\s-1OSSL_STORE\s0" +.IX Subsection "OSSL_STORE" +\&\fBossl_store\fR\|(7) acts as a general interface to access all kinds of objects, +potentially protected with a pass phrase, a \s-1PIN\s0 or something else. +This \s-1API\s0 stipulates that pass phrases should be \s-1UTF\-8\s0 encoded, and that any +other pass phrase encoding may give undefined results. +This \s-1API\s0 relies on the application to ensure \s-1UTF\-8\s0 encoding, and doesn't check +that this is the case, so what it gets, it will also pass to the underlying +loader. +.SH "RECOMMENDATIONS" +.IX Header "RECOMMENDATIONS" +This section assumes that you know what pass phrase was used for encryption, +but that it may have been encoded in a different character encoding than the +one used by your current input method. +For example, the pass phrase may have been used at a time when your default +encoding was \s-1ISO\-8859\-1\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61 +0xEF 0x76 0x65), and you're now in an environment where your default encoding +is \s-1UTF\-8\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76 +0x65). +Whenever it's mentioned that you should use a certain character encoding, it +should be understood that you either change the input method to use the +mentioned encoding when you type in your pass phrase, or use some suitable tool +to convert your pass phrase from your default encoding to the target encoding. +.PP +Also note that the sub-sections below discuss human readable pass phrases. +This is particularly relevant for PKCS#12 objects, where human readable pass +phrases are assumed. +For other objects, it's as legitimate to use any byte sequence (such as a +sequence of bytes from `/dev/urandom` that's been saved away), which makes any +character encoding discussion irrelevant; in such cases, simply use the same +byte sequence as it is. +.SS "Creating new objects" +.IX Subsection "Creating new objects" +For creating new pass phrase protected objects, make sure the pass phrase is +encoded using \s-1UTF\-8.\s0 +This is default on most modern Unixes, but may involve an effort on other +platforms. +Specifically for Windows, setting the environment variable +\&\f(CW\*(C`OPENSSL_WIN32_UTF8\*(C'\fR will have anything entered on [Windows] console prompt +converted to \s-1UTF\-8\s0 (command line and separately prompted pass phrases alike). +.SS "Opening existing objects" +.IX Subsection "Opening existing objects" +For opening pass phrase protected objects where you know what character +encoding was used for the encryption pass phrase, make sure to use the same +encoding again. +.PP +For opening pass phrase protected objects where the character encoding that was +used is unknown, or where the producing application is unknown, try one of the +following: +.IP "1." 4 +Try the pass phrase that you have as it is in the character encoding of your +environment. +It's possible that its byte sequence is exactly right. +.IP "2." 4 +Convert the pass phrase to \s-1UTF\-8\s0 and try with the result. +Specifically with PKCS#12, this should open up any object that was created +according to the specification. +.IP "3." 4 +Do a nai\*:ve (i.e. purely mathematical) \s-1ISO\-8859\-1\s0 to \s-1UTF\-8\s0 conversion and try +with the result. +This differs from the previous attempt because \s-1ISO\-8859\-1\s0 maps directly to +U+0000 to U+00FF, which other non\-UTF\-8 character sets do not. +.Sp +This also takes care of the case when a \s-1UTF\-8\s0 encoded string was used with +OpenSSL older than 1.1.0. +(for example, \f(CW\*(C`i\*:\*(C'\fR, which is 0xC3 0xAF when encoded in \s-1UTF\-8,\s0 would become 0xC3 +0x83 0xC2 0xAF when re-encoded in the nai\*:ve manner. +The conversion to BMPString would then yield 0x00 0xC3 0x00 0xA4 0x00 0x00, the +erroneous/non\-compliant encoding used by OpenSSL older than 1.1.0) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBossl_store\fR\|(7), +\&\fBEVP_BytesToKey\fR\|(3), \fBEVP_DecryptInit\fR\|(3), +\&\fBPEM_do_header\fR\|(3), +\&\fBPKCS12_parse\fR\|(3), \fBPKCS12_newpass\fR\|(3), +\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/proxy-certificates.7 b/deps/openssl/mingw64/share/man/man7/proxy-certificates.7 new file mode 100644 index 00000000..23823c56 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/proxy-certificates.7 @@ -0,0 +1,478 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROXY-CERTIFICATES 7" +.TH PROXY-CERTIFICATES 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +proxy\-certificates \- Proxy certificates in OpenSSL +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Proxy certificates are defined in \s-1RFC 3820.\s0 They are used to +extend rights to some other entity (a computer process, typically, or +sometimes to the user itself). This allows the entity to perform +operations on behalf of the owner of the \s-1EE\s0 (End Entity) certificate. +.PP +The requirements for a valid proxy certificate are: +.IP "\(bu" 4 +They are issued by an End Entity, either a normal \s-1EE\s0 certificate, or +another proxy certificate. +.IP "\(bu" 4 +They must not have the \fBsubjectAltName\fR or \fBissuerAltName\fR +extensions. +.IP "\(bu" 4 +They must have the \fBproxyCertInfo\fR extension. +.IP "\(bu" 4 +They must have the subject of their issuer, with one \fBcommonName\fR +added. +.SS "Enabling proxy certificate verification" +.IX Subsection "Enabling proxy certificate verification" +OpenSSL expects applications that want to use proxy certificates to be +specially aware of them, and make that explicit. This is done by +setting an X509 verification flag: +.PP +.Vb 1 +\& X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); +.Ve +.PP +or +.PP +.Vb 1 +\& X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_ALLOW_PROXY_CERTS); +.Ve +.PP +See \*(L"\s-1NOTES\*(R"\s0 for a discussion on this requirement. +.SS "Creating proxy certificates" +.IX Subsection "Creating proxy certificates" +Creating proxy certificates can be done using the \fBopenssl\-x509\fR\|(1) +command, with some extra extensions: +.PP +.Vb 3 +\& [ v3_proxy ] +\& # A proxy certificate MUST NEVER be a CA certificate. +\& basicConstraints=CA:FALSE +\& +\& # Usual authority key ID +\& authorityKeyIdentifier=keyid,issuer:always +\& +\& # The extension which marks this certificate as a proxy +\& proxyCertInfo=critical,language:id\-ppl\-anyLanguage,pathlen:1,policy:text:AB +.Ve +.PP +It's also possible to specify the proxy extension in a separate section: +.PP +.Vb 1 +\& proxyCertInfo=critical,@proxy_ext +\& +\& [ proxy_ext ] +\& language=id\-ppl\-anyLanguage +\& pathlen=0 +\& policy=text:BC +.Ve +.PP +The policy value has a specific syntax, \fIsyntag\fR:\fIstring\fR, where the +\&\fIsyntag\fR determines what will be done with the string. The following +\&\fIsyntag\fRs are recognised: +.IP "\fBtext\fR" 4 +.IX Item "text" +indicates that the string is a byte sequence, without any encoding: +.Sp +.Vb 1 +\& policy=text:ra\*:ksmo\*:rga\*os +.Ve +.IP "\fBhex\fR" 4 +.IX Item "hex" +indicates the string is encoded hexadecimal encoded binary data, with +colons between each byte (every second hex digit): +.Sp +.Vb 1 +\& policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73 +.Ve +.IP "\fBfile\fR" 4 +.IX Item "file" +indicates that the text of the policy should be taken from a file. +The string is then a filename. This is useful for policies that are +large (more than a few lines, e.g. \s-1XML\s0 documents). +.PP +\&\fI\s-1NOTE:\s0 The proxy policy value is what determines the rights granted +to the process during the proxy certificate. It's up to the +application to interpret and combine these policies.\fR +.PP +With a proxy extension, creating a proxy certificate is a matter of +two commands: +.PP +.Vb 3 +\& openssl req \-new \-config proxy.cnf \e +\& \-out proxy.req \-keyout proxy.key \e +\& \-subj "/DC=org/DC=openssl/DC=users/CN=proxy 1" +\& +\& openssl x509 \-req \-CAcreateserial \-in proxy.req \-out proxy.crt \e +\& \-CA user.crt \-CAkey user.key \-days 7 \e +\& \-extfile proxy.cnf \-extensions v3_proxy1 +.Ve +.PP +You can also create a proxy certificate using another proxy +certificate as issuer (note: using a different configuration +section for the proxy extensions): +.PP +.Vb 3 +\& openssl req \-new \-config proxy.cnf \e +\& \-out proxy2.req \-keyout proxy2.key \e +\& \-subj "/DC=org/DC=openssl/DC=users/CN=proxy 1/CN=proxy 2" +\& +\& openssl x509 \-req \-CAcreateserial \-in proxy2.req \-out proxy2.crt \e +\& \-CA proxy.crt \-CAkey proxy.key \-days 7 \e +\& \-extfile proxy.cnf \-extensions v3_proxy2 +.Ve +.SS "Using proxy certs in applications" +.IX Subsection "Using proxy certs in applications" +To interpret proxy policies, the application would normally start with +some default rights (perhaps none at all), then compute the resulting +rights by checking the rights against the chain of proxy certificates, +user certificate and \s-1CA\s0 certificates. +.PP +The complicated part is figuring out how to pass data between your +application and the certificate validation procedure. +.PP +The following ingredients are needed for such processing: +.IP "\(bu" 4 +a callback function that will be called for every certificate being +validated. The callback is called several times for each certificate, +so you must be careful to do the proxy policy interpretation at the +right time. You also need to fill in the defaults when the \s-1EE\s0 +certificate is checked. +.IP "\(bu" 4 +a data structure that is shared between your application code and the +callback. +.IP "\(bu" 4 +a wrapper function that sets it all up. +.IP "\(bu" 4 +an ex_data index function that creates an index into the generic +ex_data store that is attached to an X509 validation context. +.PP +The following skeleton code can be used as a starting point: +.PP +.Vb 4 +\& #include +\& #include +\& #include +\& #include +\& +\& #define total_rights 25 +\& +\& /* +\& * In this example, I will use a view of granted rights as a bit +\& * array, one bit for each possible right. +\& */ +\& typedef struct your_rights { +\& unsigned char rights[(total_rights + 7) / 8]; +\& } YOUR_RIGHTS; +\& +\& /* +\& * The following procedure will create an index for the ex_data +\& * store in the X509 validation context the first time it\*(Aqs +\& * called. Subsequent calls will return the same index. +\& */ +\& static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx) +\& { +\& static volatile int idx = \-1; +\& +\& if (idx < 0) { +\& X509_STORE_lock(X509_STORE_CTX_get0_store(ctx)); +\& if (idx < 0) { +\& idx = X509_STORE_CTX_get_ex_new_index(0, +\& "for verify callback", +\& NULL,NULL,NULL); +\& } +\& X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx)); +\& } +\& return idx; +\& } +\& +\& /* Callback to be given to the X509 validation procedure. */ +\& static int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& if (ok == 1) { +\& /* +\& * It\*(Aqs REALLY important you keep the proxy policy check +\& * within this section. It\*(Aqs important to know that when +\& * ok is 1, the certificates are checked from top to +\& * bottom. You get the CA root first, followed by the +\& * possible chain of intermediate CAs, followed by the EE +\& * certificate, followed by the possible proxy +\& * certificates. +\& */ +\& X509 *xs = X509_STORE_CTX_get_current_cert(ctx); +\& +\& if (X509_get_extension_flags(xs) & EXFLAG_PROXY) { +\& YOUR_RIGHTS *rights = +\& (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, +\& get_proxy_auth_ex_data_idx(ctx)); +\& PROXY_CERT_INFO_EXTENSION *pci = +\& X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL); +\& +\& switch (OBJ_obj2nid(pci\->proxyPolicy\->policyLanguage)) { +\& case NID_Independent: +\& /* +\& * Do whatever you need to grant explicit rights +\& * to this particular proxy certificate, usually +\& * by pulling them from some database. If there +\& * are none to be found, clear all rights (making +\& * this and any subsequent proxy certificate void +\& * of any rights). +\& */ +\& memset(rights\->rights, 0, sizeof(rights\->rights)); +\& break; +\& case NID_id_ppl_inheritAll: +\& /* +\& * This is basically a NOP, we simply let the +\& * current rights stand as they are. +\& */ +\& break; +\& default: +\& /* +\& * This is usually the most complex section of +\& * code. You really do whatever you want as long +\& * as you follow RFC 3820. In the example we use +\& * here, the simplest thing to do is to build +\& * another, temporary bit array and fill it with +\& * the rights granted by the current proxy +\& * certificate, then use it as a mask on the +\& * accumulated rights bit array, and voila\*`, you +\& * now have a new accumulated rights bit array. +\& */ +\& { +\& int i; +\& YOUR_RIGHTS tmp_rights; +\& memset(tmp_rights.rights, 0, +\& sizeof(tmp_rights.rights)); +\& +\& /* +\& * process_rights() is supposed to be a +\& * procedure that takes a string and its +\& * length, interprets it and sets the bits +\& * in the YOUR_RIGHTS pointed at by the +\& * third argument. +\& */ +\& process_rights((char *) pci\->proxyPolicy\->policy\->data, +\& pci\->proxyPolicy\->policy\->length, +\& &tmp_rights); +\& +\& for(i = 0; i < total_rights / 8; i++) +\& rights\->rights[i] &= tmp_rights.rights[i]; +\& } +\& break; +\& } +\& PROXY_CERT_INFO_EXTENSION_free(pci); +\& } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) { +\& /* We have an EE certificate, let\*(Aqs use it to set default! */ +\& YOUR_RIGHTS *rights = +\& (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, +\& get_proxy_auth_ex_data_idx(ctx)); +\& +\& /* +\& * The following procedure finds out what rights the +\& * owner of the current certificate has, and sets them +\& * in the YOUR_RIGHTS structure pointed at by the +\& * second argument. +\& */ +\& set_default_rights(xs, rights); +\& } +\& } +\& return ok; +\& } +\& +\& static int my_X509_verify_cert(X509_STORE_CTX *ctx, +\& YOUR_RIGHTS *needed_rights) +\& { +\& int ok; +\& int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) = +\& X509_STORE_CTX_get_verify_cb(ctx); +\& YOUR_RIGHTS rights; +\& +\& X509_STORE_CTX_set_verify_cb(ctx, verify_callback); +\& X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx), +\& &rights); +\& X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); +\& ok = X509_verify_cert(ctx); +\& +\& if (ok == 1) { +\& ok = check_needed_rights(rights, needed_rights); +\& } +\& +\& X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb); +\& +\& return ok; +\& } +.Ve +.PP +If you use \s-1SSL\s0 or \s-1TLS,\s0 you can easily set up a callback to have the +certificates checked properly, using the code above: +.PP +.Vb 2 +\& SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, +\& &needed_rights); +.Ve +.SH "NOTES" +.IX Header "NOTES" +To this date, it seems that proxy certificates have only been used in +environments that are aware of them, and no one seems to have +investigated how they can be used or misused outside of such an +environment. +.PP +For that reason, OpenSSL requires that applications aware of proxy +certificates must also make that explicit. +.PP +\&\fBsubjectAltName\fR and \fBissuerAltName\fR are forbidden in proxy +certificates, and this is enforced in OpenSSL. The subject must be +the same as the issuer, with one commonName added on. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_CTX_set_flags\fR\|(3), +\&\fBX509_STORE_CTX_set_verify_cb\fR\|(3), +\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3), +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBopenssl\-req\fR\|(1), \fBopenssl\-x509\fR\|(1), +\&\s-1RFC 3820\s0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/scrypt.7 b/deps/openssl/mingw64/share/man/man7/scrypt.7 new file mode 100644 index 00000000..7819d7d1 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/scrypt.7 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCRYPT 7" +.TH SCRYPT 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +scrypt \- EVP_PKEY scrypt KDF support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_PKEY_SCRYPT\s0 algorithm implements the scrypt password based key +derivation function, as described in \s-1RFC 7914.\s0 It is memory-hard in the sense +that it deliberately requires a significant amount of \s-1RAM\s0 for efficient +computation. The intention of this is to render brute forcing of passwords on +systems that lack large amounts of main memory (such as GPUs or ASICs) +computationally infeasible. +.PP +scrypt provides three work factors that can be customized: N, r and p. N, which +has to be a positive power of two, is the general work factor and scales \s-1CPU\s0 +time in an approximately linear fashion. r is the block size of the internally +used hash function and p is the parallelization factor. Both r and p need to be +greater than zero. The amount of \s-1RAM\s0 that scrypt requires for its computation +is roughly (128 * N * r * p) bytes. +.PP +In the original paper of Colin Percival (\*(L"Stronger Key Derivation via +Sequential Memory-Hard Functions\*(R", 2009), the suggested values that give a +computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N = +2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for +this computation is roughly 1 GiB. On a more recent \s-1CPU\s0 (Intel i7\-5930K at 3.5 +GHz), this computation takes about 3 seconds. When N, r or p are not specified, +they default to 1048576, 8, and 1, respectively. The default amount of \s-1RAM\s0 that +may be used by scrypt defaults to 1025 MiB. +.SH "NOTES" +.IX Header "NOTES" +A context for scrypt can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL); +.Ve +.PP +The output length of an scrypt key derivation is specified via the +length parameter to the \fBEVP_PKEY_derive\fR\|(3) function. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives a 64\-byte long test vector using scrypt using the password +\&\*(L"password\*(R", salt \*(L"NaCl\*(R" and N = 1024, r = 8, p = 16. +.PP +.Vb 2 +\& EVP_PKEY_CTX *pctx; +\& unsigned char out[64]; +\& +\& size_t outlen = sizeof(out); +\& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL); +\& +\& if (EVP_PKEY_derive_init(pctx) <= 0) { +\& error("EVP_PKEY_derive_init"); +\& } +\& if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) { +\& error("EVP_PKEY_CTX_set1_pbe_pass"); +\& } +\& if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, "NaCl", 4) <= 0) { +\& error("EVP_PKEY_CTX_set1_scrypt_salt"); +\& } +\& if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) { +\& error("EVP_PKEY_CTX_set_scrypt_N"); +\& } +\& if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) { +\& error("EVP_PKEY_CTX_set_scrypt_r"); +\& } +\& if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) { +\& error("EVP_PKEY_CTX_set_scrypt_p"); +\& } +\& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { +\& error("EVP_PKEY_derive"); +\& } +\& +\& { +\& const unsigned char expected[sizeof(out)] = { +\& 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, +\& 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, +\& 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, +\& 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, +\& 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, +\& 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, +\& 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, +\& 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 +\& }; +\& +\& assert(!memcmp(out, expected, sizeof(out))); +\& } +\& +\& EVP_PKEY_CTX_free(pctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 7914\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_set1_scrypt_salt\fR\|(3), +\&\fBEVP_PKEY_CTX_set_scrypt_N\fR\|(3), +\&\fBEVP_PKEY_CTX_set_scrypt_r\fR\|(3), +\&\fBEVP_PKEY_CTX_set_scrypt_p\fR\|(3), +\&\fBEVP_PKEY_CTX_set_scrypt_maxmem_bytes\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/ssl.7 b/deps/openssl/mingw64/share/man/man7/ssl.7 new file mode 100644 index 00000000..95f18f7b --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/ssl.7 @@ -0,0 +1,914 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL 7" +.TH SSL 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ssl \- OpenSSL SSL/TLS library +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +See the individual manual pages for details. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL \fBssl\fR library implements the Secure Sockets Layer (\s-1SSL\s0 v2/v3) and +Transport Layer Security (\s-1TLS\s0 v1) protocols. It provides a rich \s-1API\s0 which is +documented here. +.PP +An \fB\s-1SSL_CTX\s0\fR object is created as a framework to establish +\&\s-1TLS/SSL\s0 enabled connections (see \fBSSL_CTX_new\fR\|(3)). +Various options regarding certificates, algorithms etc. can be set +in this object. +.PP +When a network connection has been created, it can be assigned to an +\&\fB\s-1SSL\s0\fR object. After the \fB\s-1SSL\s0\fR object has been created using +\&\fBSSL_new\fR\|(3), \fBSSL_set_fd\fR\|(3) or +\&\fBSSL_set_bio\fR\|(3) can be used to associate the network +connection with the object. +.PP +When the \s-1TLS/SSL\s0 handshake is performed using +\&\fBSSL_accept\fR\|(3) or \fBSSL_connect\fR\|(3) +respectively. +\&\fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) and \fBSSL_write\fR\|(3) are +used to read and write data on the \s-1TLS/SSL\s0 connection. +\&\fBSSL_shutdown\fR\|(3) can be used to shut down the +\&\s-1TLS/SSL\s0 connection. +.SH "DATA STRUCTURES" +.IX Header "DATA STRUCTURES" +Currently the OpenSSL \fBssl\fR library functions deals with the following data +structures: +.IP "\fB\s-1SSL_METHOD\s0\fR (\s-1SSL\s0 Method)" 4 +.IX Item "SSL_METHOD (SSL Method)" +This is a dispatch structure describing the internal \fBssl\fR library +methods/functions which implement the various protocol versions (SSLv3 +TLSv1, ...). It's needed to create an \fB\s-1SSL_CTX\s0\fR. +.IP "\fB\s-1SSL_CIPHER\s0\fR (\s-1SSL\s0 Cipher)" 4 +.IX Item "SSL_CIPHER (SSL Cipher)" +This structure holds the algorithm information for a particular cipher which +are a core part of the \s-1SSL/TLS\s0 protocol. The available ciphers are configured +on a \fB\s-1SSL_CTX\s0\fR basis and the actual ones used are then part of the +\&\fB\s-1SSL_SESSION\s0\fR. +.IP "\fB\s-1SSL_CTX\s0\fR (\s-1SSL\s0 Context)" 4 +.IX Item "SSL_CTX (SSL Context)" +This is the global context structure which is created by a server or client +once per program life-time and which holds mainly default values for the +\&\fB\s-1SSL\s0\fR structures which are later created for the connections. +.IP "\fB\s-1SSL_SESSION\s0\fR (\s-1SSL\s0 Session)" 4 +.IX Item "SSL_SESSION (SSL Session)" +This is a structure containing the current \s-1TLS/SSL\s0 session details for a +connection: \fB\s-1SSL_CIPHER\s0\fRs, client and server certificates, keys, etc. +.IP "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 +.IX Item "SSL (SSL Connection)" +This is the main \s-1SSL/TLS\s0 structure which is created by a server or client per +established connection. This actually is the core structure in the \s-1SSL API.\s0 +At run-time the application usually deals with this structure which has +links to mostly all other structures. +.SH "HEADER FILES" +.IX Header "HEADER FILES" +Currently the OpenSSL \fBssl\fR library provides the following C header files +containing the prototypes for the data structures and functions: +.IP "\fBssl.h\fR" 4 +.IX Item "ssl.h" +This is the common header file for the \s-1SSL/TLS API.\s0 Include it into your +program to make the \s-1API\s0 of the \fBssl\fR library available. It internally +includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library. +Whenever you need hard-core details on the internals of the \s-1SSL API,\s0 look +inside this header file. +.IP "\fBssl2.h\fR" 4 +.IX Item "ssl2.h" +Unused. Present for backwards compatibility only. +.IP "\fBssl3.h\fR" 4 +.IX Item "ssl3.h" +This is the sub header file dealing with the SSLv3 protocol only. +\&\fIUsually you don't have to include it explicitly because +it's already included by ssl.h\fR. +.IP "\fBtls1.h\fR" 4 +.IX Item "tls1.h" +This is the sub header file dealing with the TLSv1 protocol only. +\&\fIUsually you don't have to include it explicitly because +it's already included by ssl.h\fR. +.SH "API FUNCTIONS" +.IX Header "API FUNCTIONS" +Currently the OpenSSL \fBssl\fR library exports 214 \s-1API\s0 functions. +They are documented in the following: +.SS "Dealing with Protocol Methods" +.IX Subsection "Dealing with Protocol Methods" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures. +.IP "const \s-1SSL_METHOD\s0 *\fBTLS_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLS_method(void);" +Constructor for the \fIversion-flexible\fR \s-1SSL_METHOD\s0 structure for clients, +servers or both. +See \fBSSL_CTX_new\fR\|(3) for details. +.IP "const \s-1SSL_METHOD\s0 *\fBTLS_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLS_client_method(void);" +Constructor for the \fIversion-flexible\fR \s-1SSL_METHOD\s0 structure for clients. +Must be used to support the TLSv1.3 protocol. +.IP "const \s-1SSL_METHOD\s0 *\fBTLS_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLS_server_method(void);" +Constructor for the \fIversion-flexible\fR \s-1SSL_METHOD\s0 structure for servers. +Must be used to support the TLSv1.3 protocol. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_2_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_2_method(void);" +Constructor for the TLSv1.2 \s-1SSL_METHOD\s0 structure for clients, servers or both. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_2_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_2_client_method(void);" +Constructor for the TLSv1.2 \s-1SSL_METHOD\s0 structure for clients. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_2_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_2_server_method(void);" +Constructor for the TLSv1.2 \s-1SSL_METHOD\s0 structure for servers. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_1_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_1_method(void);" +Constructor for the TLSv1.1 \s-1SSL_METHOD\s0 structure for clients, servers or both. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_1_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_1_client_method(void);" +Constructor for the TLSv1.1 \s-1SSL_METHOD\s0 structure for clients. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_1_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_1_server_method(void);" +Constructor for the TLSv1.1 \s-1SSL_METHOD\s0 structure for servers. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_method(void);" +Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for clients, servers or both. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_client_method(void);" +Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for clients. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_server_method(void);" +Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for servers. +.IP "const \s-1SSL_METHOD\s0 *\fBSSLv3_method\fR(void);" 4 +.IX Item "const SSL_METHOD *SSLv3_method(void);" +Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for clients, servers or both. +.IP "const \s-1SSL_METHOD\s0 *\fBSSLv3_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *SSLv3_client_method(void);" +Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for clients. +.IP "const \s-1SSL_METHOD\s0 *\fBSSLv3_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *SSLv3_server_method(void);" +Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for servers. +.SS "Dealing with Ciphers" +.IX Subsection "Dealing with Ciphers" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +ciphers defined in \fB\s-1SSL_CIPHER\s0\fR structures. +.IP "char *\fBSSL_CIPHER_description\fR(\s-1SSL_CIPHER\s0 *cipher, char *buf, int len);" 4 +.IX Item "char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len);" +Write a string to \fIbuf\fR (with a maximum size of \fIlen\fR) containing a human +readable description of \fIcipher\fR. Returns \fIbuf\fR. +.IP "int \fBSSL_CIPHER_get_bits\fR(\s-1SSL_CIPHER\s0 *cipher, int *alg_bits);" 4 +.IX Item "int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);" +Determine the number of bits in \fIcipher\fR. Because of export crippled ciphers +there are two bits: The bits the algorithm supports in general (stored to +\&\fIalg_bits\fR) and the bits which are actually used (the return value). +.IP "const char *\fBSSL_CIPHER_get_name\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 +.IX Item "const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);" +Return the internal name of \fIcipher\fR as a string. These are the various +strings defined by the \fISSL3_TXT_xxx\fR and \fITLS1_TXT_xxx\fR +definitions in the header files. +.IP "const char *\fBSSL_CIPHER_get_version\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 +.IX Item "const char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);" +Returns a string like "\f(CW\*(C`SSLv3\*(C'\fR\*(L" or \*(R"\f(CW\*(C`TLSv1.2\*(C'\fR" which indicates the +\&\s-1SSL/TLS\s0 protocol version to which \fIcipher\fR belongs (i.e. where it was defined +in the specification the first time). +.SS "Dealing with Protocol Contexts" +.IX Subsection "Dealing with Protocol Contexts" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. +.IP "int \fBSSL_CTX_add_client_CA\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 +.IX Item "int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);" +.PD 0 +.IP "long \fBSSL_CTX_add_extra_chain_cert\fR(\s-1SSL_CTX\s0 *ctx, X509 *x509);" 4 +.IX Item "long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);" +.IP "int \fBSSL_CTX_add_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 +.IX Item "int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);" +.IP "int \fBSSL_CTX_check_private_key\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_check_private_key(const SSL_CTX *ctx);" +.IP "long \fBSSL_CTX_ctrl\fR(\s-1SSL_CTX\s0 *ctx, int cmd, long larg, char *parg);" 4 +.IX Item "long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);" +.IP "void \fBSSL_CTX_flush_sessions\fR(\s-1SSL_CTX\s0 *s, long t);" 4 +.IX Item "void SSL_CTX_flush_sessions(SSL_CTX *s, long t);" +.IP "void \fBSSL_CTX_free\fR(\s-1SSL_CTX\s0 *a);" 4 +.IX Item "void SSL_CTX_free(SSL_CTX *a);" +.IP "char *\fBSSL_CTX_get_app_data\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "char *SSL_CTX_get_app_data(SSL_CTX *ctx);" +.IP "X509_STORE *\fBSSL_CTX_get_cert_store\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);" +.IP "\s-1STACK\s0 *\fBSSL_CTX_get_ciphers\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "STACK *SSL_CTX_get_ciphers(const SSL_CTX *ctx);" +.IP "\s-1STACK\s0 *\fBSSL_CTX_get_client_CA_list\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "STACK *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);" +.IP "int (*\fBSSL_CTX_get_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey);" 4 +.IX Item "int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);" +.IP "void \fBSSL_CTX_get_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "void SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);" +.IP "char *\fBSSL_CTX_get_ex_data\fR(const \s-1SSL_CTX\s0 *s, int idx);" 4 +.IX Item "char *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx);" +.IP "int \fBSSL_CTX_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IX Item "int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" +.IP "void (*\fBSSL_CTX_get_info_callback\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, int cb, int ret);" 4 +.IX Item "void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);" +.IP "int \fBSSL_CTX_get_quiet_shutdown\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);" +.IP "void \fBSSL_CTX_get_read_ahead\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "void SSL_CTX_get_read_ahead(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_get_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_session_cache_mode(SSL_CTX *ctx);" +.IP "long \fBSSL_CTX_get_timeout\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "long SSL_CTX_get_timeout(const SSL_CTX *ctx);" +.IP "int (*\fBSSL_CTX_get_verify_callback\fR(const \s-1SSL_CTX\s0 *ctx))(int ok, X509_STORE_CTX *ctx);" 4 +.IX Item "int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);" +.IP "int \fBSSL_CTX_get_verify_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_verify_mode(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_load_verify_locations\fR(\s-1SSL_CTX\s0 *ctx, const char *CAfile, const char *CApath);" 4 +.IX Item "int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath);" +.IP "\s-1SSL_CTX\s0 *\fBSSL_CTX_new\fR(const \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);" +.IP "int SSL_CTX_up_ref(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_up_ref(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_remove_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 +.IX Item "int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);" +.IP "int \fBSSL_CTX_sess_accept\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_accept(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_accept_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_accept_good(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_accept_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_cache_full\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_cache_full(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_cb_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_cb_hits(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_connect\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_connect(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_connect_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_connect_good(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_connect_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_get_cache_size\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);" +.IP "\s-1SSL_SESSION\s0 *(*\fBSSL_CTX_sess_get_get_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy);" 4 +.IX Item "SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);" +.IP "int (*\fBSSL_CTX_sess_get_new_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess);" 4 +.IX Item "int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);" +.IP "void (*\fBSSL_CTX_sess_get_remove_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess);" 4 +.IX Item "void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);" +.IP "int \fBSSL_CTX_sess_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_hits(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_misses\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_misses(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_number\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_number(SSL_CTX *ctx);" +.IP "void \fBSSL_CTX_sess_set_cache_size\fR(\s-1SSL_CTX\s0 *ctx, t);" 4 +.IX Item "void SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, t);" +.IP "void \fBSSL_CTX_sess_set_get_cb\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *(*cb)(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy));" 4 +.IX Item "void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));" +.IP "void \fBSSL_CTX_sess_set_new_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess));" 4 +.IX Item "void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));" +.IP "void \fBSSL_CTX_sess_set_remove_cb\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess));" 4 +.IX Item "void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));" +.IP "int \fBSSL_CTX_sess_timeouts\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_timeouts(SSL_CTX *ctx);" +.IP "\s-1LHASH\s0 *\fBSSL_CTX_sessions\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "LHASH *SSL_CTX_sessions(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_set_app_data\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 +.IX Item "int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);" +.IP "void \fBSSL_CTX_set_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4 +.IX Item "void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs);" +.IP "void \fBSSL_CTX_set1_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4 +.IX Item "void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *cs);" +.IP "void \fBSSL_CTX_set_cert_verify_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(), char *arg)" 4 +.IX Item "void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg)" +.IP "int \fBSSL_CTX_set_cipher_list\fR(\s-1SSL_CTX\s0 *ctx, char *str);" 4 +.IX Item "int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str);" +.IP "void \fBSSL_CTX_set_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx, \s-1STACK\s0 *list);" 4 +.IX Item "void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);" +.IP "void \fBSSL_CTX_set_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey));" 4 +.IX Item "void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));" +.IP "int \fBSSL_CTX_set_ct_validation_callback\fR(\s-1SSL_CTX\s0 *ctx, ssl_ct_validation_cb callback, void *arg);" 4 +.IX Item "int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, ssl_ct_validation_cb callback, void *arg);" +.IP "void \fBSSL_CTX_set_default_passwd_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb);(void))" 4 +.IX Item "void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void))" +.IP "void \fBSSL_CTX_set_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4 +.IX Item "void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);" +.IP "int \fBSSL_CTX_set_default_verify_paths\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);" +.PD +Use the default paths to locate trusted \s-1CA\s0 certificates. There is one default +directory path and one default file path. Both are set via this call. +.IP "int \fBSSL_CTX_set_default_verify_dir\fR(\s-1SSL_CTX\s0 *ctx)" 4 +.IX Item "int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)" +Use the default directory path to locate trusted \s-1CA\s0 certificates. +.IP "int \fBSSL_CTX_set_default_verify_file\fR(\s-1SSL_CTX\s0 *ctx)" 4 +.IX Item "int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)" +Use the file path to locate trusted \s-1CA\s0 certificates. +.IP "int \fBSSL_CTX_set_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx, char *arg);" 4 +.IX Item "int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);" +.PD 0 +.IP "void \fBSSL_CTX_set_info_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL\s0 *ssl, int cb, int ret));" 4 +.IX Item "void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));" +.IP "void \fBSSL_CTX_set_msg_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IX Item "void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" +.IP "void \fBSSL_CTX_set_msg_callback_arg\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 +.IX Item "void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);" +.IP "unsigned long \fBSSL_CTX_clear_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 +.IX Item "unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);" +.IP "unsigned long \fBSSL_CTX_get_options\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "unsigned long SSL_CTX_get_options(SSL_CTX *ctx);" +.IP "unsigned long \fBSSL_CTX_set_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 +.IX Item "unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);" +.IP "void \fBSSL_CTX_set_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 +.IX Item "void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);" +.IP "void \fBSSL_CTX_set_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4 +.IX Item "void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int m);" +.IP "void \fBSSL_CTX_set_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 +.IX Item "void SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);" +.IP "int \fBSSL_CTX_set_ssl_version\fR(\s-1SSL_CTX\s0 *ctx, const \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);" +.IP "void \fBSSL_CTX_set_timeout\fR(\s-1SSL_CTX\s0 *ctx, long t);" 4 +.IX Item "void SSL_CTX_set_timeout(SSL_CTX *ctx, long t);" +.IP "long \fBSSL_CTX_set_tmp_dh\fR(SSL_CTX* ctx, \s-1DH\s0 *dh);" 4 +.IX Item "long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh);" +.IP "long \fBSSL_CTX_set_tmp_dh_callback\fR(\s-1SSL_CTX\s0 *ctx, \s-1DH\s0 *(*cb)(void));" 4 +.IX Item "long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void));" +.IP "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4 +.IX Item "void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))" +.IP "int \fBSSL_CTX_use_PrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1EVP_PKEY\s0 *pkey);" 4 +.IX Item "int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);" +.IP "int \fBSSL_CTX_use_PrivateKey_ASN1\fR(int type, \s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 +.IX Item "int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, long len);" +.IP "int \fBSSL_CTX_use_PrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, const char *file, int type);" 4 +.IX Item "int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);" +.IP "int \fBSSL_CTX_use_RSAPrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 +.IX Item "int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);" +.IP "int \fBSSL_CTX_use_RSAPrivateKey_ASN1\fR(\s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 +.IX Item "int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);" +.IP "int \fBSSL_CTX_use_RSAPrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, const char *file, int type);" 4 +.IX Item "int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);" +.IP "int \fBSSL_CTX_use_certificate\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 +.IX Item "int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);" +.IP "int \fBSSL_CTX_use_certificate_ASN1\fR(\s-1SSL_CTX\s0 *ctx, int len, unsigned char *d);" 4 +.IX Item "int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);" +.IP "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, const char *file, int type);" 4 +.IX Item "int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);" +.IP "int \fBSSL_CTX_use_cert_and_key\fR(\s-1SSL_CTX\s0 *ctx, X509 *x, \s-1EVP_PKEY\s0 *pkey, \s-1STACK_OF\s0(X509) *chain, int override);" 4 +.IX Item "int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);" +.IP "X509 *\fBSSL_CTX_get0_certificate\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);" +.IP "\s-1EVP_PKEY\s0 *\fBSSL_CTX_get0_privatekey\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);" +.IP "void \fBSSL_CTX_set_psk_client_callback\fR(\s-1SSL_CTX\s0 *ctx, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" 4 +.IX Item "void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" +.IP "int \fBSSL_CTX_use_psk_identity_hint\fR(\s-1SSL_CTX\s0 *ctx, const char *hint);" 4 +.IX Item "int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);" +.IP "void \fBSSL_CTX_set_psk_server_callback\fR(\s-1SSL_CTX\s0 *ctx, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *identity, unsigned char *psk, int max_psk_len));" 4 +.IX Item "void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));" +.PD +.SS "Dealing with Sessions" +.IX Subsection "Dealing with Sessions" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures. +.IP "int \fBSSL_SESSION_cmp\fR(const \s-1SSL_SESSION\s0 *a, const \s-1SSL_SESSION\s0 *b);" 4 +.IX Item "int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b);" +.PD 0 +.IP "void \fBSSL_SESSION_free\fR(\s-1SSL_SESSION\s0 *ss);" 4 +.IX Item "void SSL_SESSION_free(SSL_SESSION *ss);" +.IP "char *\fBSSL_SESSION_get_app_data\fR(\s-1SSL_SESSION\s0 *s);" 4 +.IX Item "char *SSL_SESSION_get_app_data(SSL_SESSION *s);" +.IP "char *\fBSSL_SESSION_get_ex_data\fR(const \s-1SSL_SESSION\s0 *s, int idx);" 4 +.IX Item "char *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx);" +.IP "int \fBSSL_SESSION_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IX Item "int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" +.IP "long \fBSSL_SESSION_get_time\fR(const \s-1SSL_SESSION\s0 *s);" 4 +.IX Item "long SSL_SESSION_get_time(const SSL_SESSION *s);" +.IP "long \fBSSL_SESSION_get_timeout\fR(const \s-1SSL_SESSION\s0 *s);" 4 +.IX Item "long SSL_SESSION_get_timeout(const SSL_SESSION *s);" +.IP "unsigned long \fBSSL_SESSION_hash\fR(const \s-1SSL_SESSION\s0 *a);" 4 +.IX Item "unsigned long SSL_SESSION_hash(const SSL_SESSION *a);" +.IP "\s-1SSL_SESSION\s0 *\fBSSL_SESSION_new\fR(void);" 4 +.IX Item "SSL_SESSION *SSL_SESSION_new(void);" +.IP "int \fBSSL_SESSION_print\fR(\s-1BIO\s0 *bp, const \s-1SSL_SESSION\s0 *x);" 4 +.IX Item "int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x);" +.IP "int \fBSSL_SESSION_print_fp\fR(\s-1FILE\s0 *fp, const \s-1SSL_SESSION\s0 *x);" 4 +.IX Item "int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x);" +.IP "int \fBSSL_SESSION_set_app_data\fR(\s-1SSL_SESSION\s0 *s, char *a);" 4 +.IX Item "int SSL_SESSION_set_app_data(SSL_SESSION *s, char *a);" +.IP "int \fBSSL_SESSION_set_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx, char *arg);" 4 +.IX Item "int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg);" +.IP "long \fBSSL_SESSION_set_time\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 +.IX Item "long SSL_SESSION_set_time(SSL_SESSION *s, long t);" +.IP "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 +.IX Item "long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);" +.PD +.SS "Dealing with Connections" +.IX Subsection "Dealing with Connections" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +connection defined in the \fB\s-1SSL\s0\fR structure. +.IP "int \fBSSL_accept\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_accept(SSL *ssl);" +.PD 0 +.IP "int \fBSSL_add_dir_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *dir);" 4 +.IX Item "int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir);" +.IP "int \fBSSL_add_file_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *file);" 4 +.IX Item "int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char *file);" +.IP "int \fBSSL_add_client_CA\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 +.IX Item "int SSL_add_client_CA(SSL *ssl, X509 *x);" +.IP "char *\fBSSL_alert_desc_string\fR(int value);" 4 +.IX Item "char *SSL_alert_desc_string(int value);" +.IP "char *\fBSSL_alert_desc_string_long\fR(int value);" 4 +.IX Item "char *SSL_alert_desc_string_long(int value);" +.IP "char *\fBSSL_alert_type_string\fR(int value);" 4 +.IX Item "char *SSL_alert_type_string(int value);" +.IP "char *\fBSSL_alert_type_string_long\fR(int value);" 4 +.IX Item "char *SSL_alert_type_string_long(int value);" +.IP "int \fBSSL_check_private_key\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_check_private_key(const SSL *ssl);" +.IP "void \fBSSL_clear\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_clear(SSL *ssl);" +.IP "long \fBSSL_clear_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_clear_num_renegotiations(SSL *ssl);" +.IP "int \fBSSL_connect\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_connect(SSL *ssl);" +.IP "int \fBSSL_copy_session_id\fR(\s-1SSL\s0 *t, const \s-1SSL\s0 *f);" 4 +.IX Item "int SSL_copy_session_id(SSL *t, const SSL *f);" +.PD +Sets the session details for \fBt\fR to be the same as in \fBf\fR. Returns 1 on +success or 0 on failure. +.IP "long \fBSSL_ctrl\fR(\s-1SSL\s0 *ssl, int cmd, long larg, char *parg);" 4 +.IX Item "long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);" +.PD 0 +.IP "int \fBSSL_do_handshake\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_do_handshake(SSL *ssl);" +.IP "\s-1SSL\s0 *\fBSSL_dup\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL *SSL_dup(SSL *ssl);" +.PD +\&\fBSSL_dup()\fR allows applications to configure an \s-1SSL\s0 handle for use +in multiple \s-1SSL\s0 connections, and then duplicate it prior to initiating +each connection with the duplicated handle. +Use of \fBSSL_dup()\fR avoids the need to repeat the configuration of the +handles for each connection. +.Sp +For \fBSSL_dup()\fR to work, the connection \s-1MUST\s0 be in its initial state +and \s-1MUST NOT\s0 have not yet have started the \s-1SSL\s0 handshake. +For connections that are not in their initial state \fBSSL_dup()\fR just +increments an internal reference count and returns the \fIsame\fR +handle. +It may be possible to use \fBSSL_clear\fR\|(3) to recycle an \s-1SSL\s0 handle +that is not in its initial state for re-use, but this is best +avoided. +Instead, save and restore the session, if desired, and construct a +fresh handle for each connection. +.IP "\s-1STACK\s0 *\fBSSL_dup_CA_list\fR(\s-1STACK\s0 *sk);" 4 +.IX Item "STACK *SSL_dup_CA_list(STACK *sk);" +.PD 0 +.IP "void \fBSSL_free\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_free(SSL *ssl);" +.IP "\s-1SSL_CTX\s0 *\fBSSL_get_SSL_CTX\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);" +.IP "char *\fBSSL_get_app_data\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_app_data(SSL *ssl);" +.IP "X509 *\fBSSL_get_certificate\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "X509 *SSL_get_certificate(const SSL *ssl);" +.IP "const char *\fBSSL_get_cipher\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "const char *SSL_get_cipher(const SSL *ssl);" +.IP "int \fBSSL_is_dtls\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_is_dtls(const SSL *ssl);" +.IP "int \fBSSL_get_cipher_bits\fR(const \s-1SSL\s0 *ssl, int *alg_bits);" 4 +.IX Item "int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits);" +.IP "char *\fBSSL_get_cipher_list\fR(const \s-1SSL\s0 *ssl, int n);" 4 +.IX Item "char *SSL_get_cipher_list(const SSL *ssl, int n);" +.IP "char *\fBSSL_get_cipher_name\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_cipher_name(const SSL *ssl);" +.IP "char *\fBSSL_get_cipher_version\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_cipher_version(const SSL *ssl);" +.IP "\s-1STACK\s0 *\fBSSL_get_ciphers\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_ciphers(const SSL *ssl);" +.IP "\s-1STACK\s0 *\fBSSL_get_client_CA_list\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_client_CA_list(const SSL *ssl);" +.IP "\s-1SSL_CIPHER\s0 *\fBSSL_get_current_cipher\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);" +.IP "long \fBSSL_get_default_timeout\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_default_timeout(const SSL *ssl);" +.IP "int \fBSSL_get_error\fR(const \s-1SSL\s0 *ssl, int i);" 4 +.IX Item "int SSL_get_error(const SSL *ssl, int i);" +.IP "char *\fBSSL_get_ex_data\fR(const \s-1SSL\s0 *ssl, int idx);" 4 +.IX Item "char *SSL_get_ex_data(const SSL *ssl, int idx);" +.IP "int \fBSSL_get_ex_data_X509_STORE_CTX_idx\fR(void);" 4 +.IX Item "int SSL_get_ex_data_X509_STORE_CTX_idx(void);" +.IP "int \fBSSL_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IX Item "int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" +.IP "int \fBSSL_get_fd\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_fd(const SSL *ssl);" +.IP "void (*\fBSSL_get_info_callback\fR(const \s-1SSL\s0 *ssl);)()" 4 +.IX Item "void (*SSL_get_info_callback(const SSL *ssl);)()" +.IP "int \fBSSL_get_key_update_type\fR(\s-1SSL\s0 *s);" 4 +.IX Item "int SSL_get_key_update_type(SSL *s);" +.IP "\s-1STACK\s0 *\fBSSL_get_peer_cert_chain\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_peer_cert_chain(const SSL *ssl);" +.IP "X509 *\fBSSL_get_peer_certificate\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "X509 *SSL_get_peer_certificate(const SSL *ssl);" +.IP "const \s-1STACK_OF\s0(\s-1SCT\s0) *\fBSSL_get0_peer_scts\fR(\s-1SSL\s0 *s);" 4 +.IX Item "const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);" +.IP "\s-1EVP_PKEY\s0 *\fBSSL_get_privatekey\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "EVP_PKEY *SSL_get_privatekey(const SSL *ssl);" +.IP "int \fBSSL_get_quiet_shutdown\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_quiet_shutdown(const SSL *ssl);" +.IP "\s-1BIO\s0 *\fBSSL_get_rbio\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "BIO *SSL_get_rbio(const SSL *ssl);" +.IP "int \fBSSL_get_read_ahead\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_read_ahead(const SSL *ssl);" +.IP "\s-1SSL_SESSION\s0 *\fBSSL_get_session\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_SESSION *SSL_get_session(const SSL *ssl);" +.IP "char *\fBSSL_get_shared_ciphers\fR(const \s-1SSL\s0 *ssl, char *buf, int size);" 4 +.IX Item "char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int size);" +.IP "int \fBSSL_get_shutdown\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_shutdown(const SSL *ssl);" +.IP "const \s-1SSL_METHOD\s0 *\fBSSL_get_ssl_method\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);" +.IP "int \fBSSL_get_state\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_state(const SSL *ssl);" +.IP "long \fBSSL_get_time\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_time(const SSL *ssl);" +.IP "long \fBSSL_get_timeout\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_timeout(const SSL *ssl);" +.IP "int (*\fBSSL_get_verify_callback\fR(const \s-1SSL\s0 *ssl))(int, X509_STORE_CTX *)" 4 +.IX Item "int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *)" +.IP "int \fBSSL_get_verify_mode\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_verify_mode(const SSL *ssl);" +.IP "long \fBSSL_get_verify_result\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_verify_result(const SSL *ssl);" +.IP "char *\fBSSL_get_version\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_version(const SSL *ssl);" +.IP "\s-1BIO\s0 *\fBSSL_get_wbio\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "BIO *SSL_get_wbio(const SSL *ssl);" +.IP "int \fBSSL_in_accept_init\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_accept_init(SSL *ssl);" +.IP "int \fBSSL_in_before\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_before(SSL *ssl);" +.IP "int \fBSSL_in_connect_init\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_connect_init(SSL *ssl);" +.IP "int \fBSSL_in_init\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_init(SSL *ssl);" +.IP "int \fBSSL_is_init_finished\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_is_init_finished(SSL *ssl);" +.IP "int \fBSSL_key_update\fR(\s-1SSL\s0 *s, int updatetype);" 4 +.IX Item "int SSL_key_update(SSL *s, int updatetype);" +.IP "\s-1STACK\s0 *\fBSSL_load_client_CA_file\fR(const char *file);" 4 +.IX Item "STACK *SSL_load_client_CA_file(const char *file);" +.IP "\s-1SSL\s0 *\fBSSL_new\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "SSL *SSL_new(SSL_CTX *ctx);" +.IP "int SSL_up_ref(\s-1SSL\s0 *s);" 4 +.IX Item "int SSL_up_ref(SSL *s);" +.IP "long \fBSSL_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_num_renegotiations(SSL *ssl);" +.IP "int \fBSSL_peek\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 +.IX Item "int SSL_peek(SSL *ssl, void *buf, int num);" +.IP "int \fBSSL_pending\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_pending(const SSL *ssl);" +.IP "int \fBSSL_read\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 +.IX Item "int SSL_read(SSL *ssl, void *buf, int num);" +.IP "int \fBSSL_renegotiate\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_renegotiate(SSL *ssl);" +.IP "char *\fBSSL_rstate_string\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_rstate_string(SSL *ssl);" +.IP "char *\fBSSL_rstate_string_long\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_rstate_string_long(SSL *ssl);" +.IP "long \fBSSL_session_reused\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_session_reused(SSL *ssl);" +.IP "void \fBSSL_set_accept_state\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_set_accept_state(SSL *ssl);" +.IP "void \fBSSL_set_app_data\fR(\s-1SSL\s0 *ssl, char *arg);" 4 +.IX Item "void SSL_set_app_data(SSL *ssl, char *arg);" +.IP "void \fBSSL_set_bio\fR(\s-1SSL\s0 *ssl, \s-1BIO\s0 *rbio, \s-1BIO\s0 *wbio);" 4 +.IX Item "void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);" +.IP "int \fBSSL_set_cipher_list\fR(\s-1SSL\s0 *ssl, char *str);" 4 +.IX Item "int SSL_set_cipher_list(SSL *ssl, char *str);" +.IP "void \fBSSL_set_client_CA_list\fR(\s-1SSL\s0 *ssl, \s-1STACK\s0 *list);" 4 +.IX Item "void SSL_set_client_CA_list(SSL *ssl, STACK *list);" +.IP "void \fBSSL_set_connect_state\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_set_connect_state(SSL *ssl);" +.IP "int \fBSSL_set_ct_validation_callback\fR(\s-1SSL\s0 *ssl, ssl_ct_validation_cb callback, void *arg);" 4 +.IX Item "int SSL_set_ct_validation_callback(SSL *ssl, ssl_ct_validation_cb callback, void *arg);" +.IP "int \fBSSL_set_ex_data\fR(\s-1SSL\s0 *ssl, int idx, char *arg);" 4 +.IX Item "int SSL_set_ex_data(SSL *ssl, int idx, char *arg);" +.IP "int \fBSSL_set_fd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IX Item "int SSL_set_fd(SSL *ssl, int fd);" +.IP "void \fBSSL_set_info_callback\fR(\s-1SSL\s0 *ssl, void (*cb);(void))" 4 +.IX Item "void SSL_set_info_callback(SSL *ssl, void (*cb);(void))" +.IP "void \fBSSL_set_msg_callback\fR(\s-1SSL\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IX Item "void SSL_set_msg_callback(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" +.IP "void \fBSSL_set_msg_callback_arg\fR(\s-1SSL\s0 *ctx, void *arg);" 4 +.IX Item "void SSL_set_msg_callback_arg(SSL *ctx, void *arg);" +.IP "unsigned long \fBSSL_clear_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 +.IX Item "unsigned long SSL_clear_options(SSL *ssl, unsigned long op);" +.IP "unsigned long \fBSSL_get_options\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "unsigned long SSL_get_options(SSL *ssl);" +.IP "unsigned long \fBSSL_set_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 +.IX Item "unsigned long SSL_set_options(SSL *ssl, unsigned long op);" +.IP "void \fBSSL_set_quiet_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 +.IX Item "void SSL_set_quiet_shutdown(SSL *ssl, int mode);" +.IP "void \fBSSL_set_read_ahead\fR(\s-1SSL\s0 *ssl, int yes);" 4 +.IX Item "void SSL_set_read_ahead(SSL *ssl, int yes);" +.IP "int \fBSSL_set_rfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IX Item "int SSL_set_rfd(SSL *ssl, int fd);" +.IP "int \fBSSL_set_session\fR(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *session);" 4 +.IX Item "int SSL_set_session(SSL *ssl, SSL_SESSION *session);" +.IP "void \fBSSL_set_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 +.IX Item "void SSL_set_shutdown(SSL *ssl, int mode);" +.IP "int \fBSSL_set_ssl_method\fR(\s-1SSL\s0 *ssl, const \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *meth);" +.IP "void \fBSSL_set_time\fR(\s-1SSL\s0 *ssl, long t);" 4 +.IX Item "void SSL_set_time(SSL *ssl, long t);" +.IP "void \fBSSL_set_timeout\fR(\s-1SSL\s0 *ssl, long t);" 4 +.IX Item "void SSL_set_timeout(SSL *ssl, long t);" +.IP "void \fBSSL_set_verify\fR(\s-1SSL\s0 *ssl, int mode, int (*callback);(void))" 4 +.IX Item "void SSL_set_verify(SSL *ssl, int mode, int (*callback);(void))" +.IP "void \fBSSL_set_verify_result\fR(\s-1SSL\s0 *ssl, long arg);" 4 +.IX Item "void SSL_set_verify_result(SSL *ssl, long arg);" +.IP "int \fBSSL_set_wfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IX Item "int SSL_set_wfd(SSL *ssl, int fd);" +.IP "int \fBSSL_shutdown\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_shutdown(SSL *ssl);" +.IP "\s-1OSSL_HANDSHAKE_STATE\s0 \fBSSL_get_state\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);" +.PD +Returns the current handshake state. +.IP "char *\fBSSL_state_string\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_state_string(const SSL *ssl);" +.PD 0 +.IP "char *\fBSSL_state_string_long\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_state_string_long(const SSL *ssl);" +.IP "long \fBSSL_total_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_total_renegotiations(SSL *ssl);" +.IP "int \fBSSL_use_PrivateKey\fR(\s-1SSL\s0 *ssl, \s-1EVP_PKEY\s0 *pkey);" 4 +.IX Item "int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);" +.IP "int \fBSSL_use_PrivateKey_ASN1\fR(int type, \s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 +.IX Item "int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len);" +.IP "int \fBSSL_use_PrivateKey_file\fR(\s-1SSL\s0 *ssl, const char *file, int type);" 4 +.IX Item "int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);" +.IP "int \fBSSL_use_RSAPrivateKey\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *rsa);" 4 +.IX Item "int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);" +.IP "int \fBSSL_use_RSAPrivateKey_ASN1\fR(\s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 +.IX Item "int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);" +.IP "int \fBSSL_use_RSAPrivateKey_file\fR(\s-1SSL\s0 *ssl, const char *file, int type);" 4 +.IX Item "int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);" +.IP "int \fBSSL_use_certificate\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 +.IX Item "int SSL_use_certificate(SSL *ssl, X509 *x);" +.IP "int \fBSSL_use_certificate_ASN1\fR(\s-1SSL\s0 *ssl, int len, unsigned char *d);" 4 +.IX Item "int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);" +.IP "int \fBSSL_use_certificate_file\fR(\s-1SSL\s0 *ssl, const char *file, int type);" 4 +.IX Item "int SSL_use_certificate_file(SSL *ssl, const char *file, int type);" +.IP "int \fBSSL_use_cert_and_key\fR(\s-1SSL\s0 *ssl, X509 *x, \s-1EVP_PKEY\s0 *pkey, \s-1STACK_OF\s0(X509) *chain, int override);" 4 +.IX Item "int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);" +.IP "int \fBSSL_version\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_version(const SSL *ssl);" +.IP "int \fBSSL_want\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want(const SSL *ssl);" +.IP "int \fBSSL_want_nothing\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_nothing(const SSL *ssl);" +.IP "int \fBSSL_want_read\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_read(const SSL *ssl);" +.IP "int \fBSSL_want_write\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_write(const SSL *ssl);" +.IP "int \fBSSL_want_x509_lookup\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_x509_lookup(const SSL *ssl);" +.IP "int \fBSSL_write\fR(\s-1SSL\s0 *ssl, const void *buf, int num);" 4 +.IX Item "int SSL_write(SSL *ssl, const void *buf, int num);" +.IP "void \fBSSL_set_psk_client_callback\fR(\s-1SSL\s0 *ssl, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" 4 +.IX Item "void SSL_set_psk_client_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" +.IP "int \fBSSL_use_psk_identity_hint\fR(\s-1SSL\s0 *ssl, const char *hint);" 4 +.IX Item "int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);" +.IP "void \fBSSL_set_psk_server_callback\fR(\s-1SSL\s0 *ssl, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *identity, unsigned char *psk, int max_psk_len));" 4 +.IX Item "void SSL_set_psk_server_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));" +.IP "const char *\fBSSL_get_psk_identity_hint\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "const char *SSL_get_psk_identity_hint(SSL *ssl);" +.IP "const char *\fBSSL_get_psk_identity\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "const char *SSL_get_psk_identity(SSL *ssl);" +.PD +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See the individual manual pages for details. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\fR\|(1), \fBcrypto\fR\|(7), +\&\fBCRYPTO_get_ex_new_index\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_connect\fR\|(3), +\&\fBSSL_CIPHER_get_name\fR\|(3), +\&\fBSSL_COMP_add_compression_method\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_ctrl\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_CTX_get_verify_mode\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +\&\fBSSL_CTX_new\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_sess_set_cache_size\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBSSL_CTX_sessions\fR\|(3), +\&\fBSSL_CTX_set_cert_store\fR\|(3), +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3), +\&\fBSSL_CTX_set_generate_session_id\fR\|(3), +\&\fBSSL_CTX_set_info_callback\fR\|(3), +\&\fBSSL_CTX_set_max_cert_list\fR\|(3), +\&\fBSSL_CTX_set_mode\fR\|(3), +\&\fBSSL_CTX_set_msg_callback\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fBSSL_CTX_set_read_ahead\fR\|(3), +\&\fBSSL_CTX_set_security_level\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_set_session_id_context\fR\|(3), +\&\fBSSL_CTX_set_ssl_version\fR\|(3), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_alert_type_string\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_enable_ct\fR\|(3), +\&\fBSSL_get_SSL_CTX\fR\|(3), +\&\fBSSL_get_ciphers\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3), +\&\fBSSL_get_error\fR\|(3), +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), +\&\fBSSL_get_fd\fR\|(3), +\&\fBSSL_get_peer_cert_chain\fR\|(3), +\&\fBSSL_get_rbio\fR\|(3), +\&\fBSSL_get_session\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_get_version\fR\|(3), +\&\fBSSL_load_client_CA_file\fR\|(3), +\&\fBSSL_new\fR\|(3), +\&\fBSSL_pending\fR\|(3), +\&\fBSSL_read_ex\fR\|(3), +\&\fBSSL_read\fR\|(3), +\&\fBSSL_rstate_string\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_set_bio\fR\|(3), +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_set_fd\fR\|(3), +\&\fBSSL_set_session\fR\|(3), +\&\fBSSL_set_shutdown\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), +\&\fBSSL_state_string\fR\|(3), +\&\fBSSL_want\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), +\&\fBSSL_write\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_CTX_set_psk_client_callback\fR\|(3), +\&\fBSSL_CTX_use_psk_identity_hint\fR\|(3), +\&\fBSSL_get_psk_identity\fR\|(3), +\&\fBDTLSv1_listen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSLv2_client_method\fR, \fBSSLv2_server_method\fR and \fBSSLv2_method\fR were removed +in OpenSSL 1.1.0. +.PP +The return type of \fBSSL_copy_session_id\fR was changed from void to int in +OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/deps/openssl/mingw64/share/man/man7/x509.7 b/deps/openssl/mingw64/share/man/man7/x509.7 new file mode 100644 index 00000000..6823b768 --- /dev/null +++ b/deps/openssl/mingw64/share/man/man7/x509.7 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509 7" +.TH X509 7 "2020-04-21" "1.1.1g" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +x509 \- X.509 certificate handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An X.509 certificate is a structured grouping of information about +an individual, a device, or anything one can imagine. A X.509 \s-1CRL\s0 +(certificate revocation list) is a tool to help determine if a +certificate is still valid. The exact definition of those can be +found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX.\s0 +In OpenSSL, the type X509 is used to express such a certificate, and +the type X509_CRL is used to express a \s-1CRL.\s0 +.PP +A related structure is a certificate request, defined in PKCS#10 from +\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896.\s0 In OpenSSL, the type +X509_REQ is used to express such a certificate request. +.PP +To handle some complex parts of a certificate, there are the types +X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express +a certificate attributes), X509_EXTENSION (to express a certificate +extension) and a few more. +.PP +Finally, there's the supertype X509_INFO, which can contain a \s-1CRL,\s0 a +certificate and a corresponding private key. +.PP +\&\fBX509_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_\fR\fI\s-1XXX\s0\fR functions +handle X.509 certificates, with some exceptions, shown below. +.PP +\&\fBX509_CRL_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_CRL_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_CRL_\fR\fI\s-1XXX\s0\fR +functions handle X.509 CRLs. +.PP +\&\fBX509_REQ_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_REQ_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_REQ_\fR\fI\s-1XXX\s0\fR +functions handle PKCS#10 certificate requests. +.PP +\&\fBX509_NAME_\fR\fI\s-1XXX\s0\fR functions handle certificate names. +.PP +\&\fBX509_ATTRIBUTE_\fR\fI\s-1XXX\s0\fR functions handle certificate attributes. +.PP +\&\fBX509_EXTENSION_\fR\fI\s-1XXX\s0\fR functions handle certificate extensions. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_add_entry_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_NAME_new\fR\|(3), +\&\fBd2i_X509\fR\|(3), +\&\fBd2i_X509_ALGOR\fR\|(3), +\&\fBd2i_X509_CRL\fR\|(3), +\&\fBd2i_X509_NAME\fR\|(3), +\&\fBd2i_X509_REQ\fR\|(3), +\&\fBd2i_X509_SIG\fR\|(3), +\&\fBX509v3\fR\|(3), +\&\fBcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/src/tls.c b/src/tls.c index 5ac976b1..587c2125 100644 --- a/src/tls.c +++ b/src/tls.c @@ -2,27 +2,15 @@ #include "mem.h" -#if defined(_WIN32) -#define TF_TLS_SCHANNEL -#elif defined(__MACH__) -#define TF_TLS_APPLE -#else -#define TF_TLS_OPENSSL -#endif - #include #include -#if defined(TF_TLS_OPENSSL) #include #include #include #include #include #include -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) -#endif typedef enum _direction_t { k_direction_undetermined, @@ -31,1042 +19,31 @@ typedef enum _direction_t { } direction_t; typedef struct _tf_tls_context_t { -#if defined(TF_TLS_OPENSSL) SSL_CTX* context; -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) -#endif } tf_tls_context_t; typedef struct _tf_tls_session_t { -#if defined(TF_TLS_OPENSSL) tf_tls_context_t* context; BIO* bio_in; BIO* bio_out; SSL* ssl; const char* hostname; direction_t direction; -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) -#endif } tf_tls_session_t; -#if !defined (_WIN32) && !defined (__MACH__) -#elif defined (__MACH__) -#include -#include -#include -#include -#include -#include - -extern "C" SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey); - -class TlsContext_osx : public TlsContext { -public: - ~TlsContext_osx() override; - TlsSession* createSession() override; - bool setCertificate(const char* certificate) override; - bool setPrivateKey(const char* privateKey) override; - bool addTrustedCertificate(const char* certificate) override; - - SecKeyRef& getPrivateKey() - { - return _privateKey; - } - SecCertificateRef& getCertificate() - { - return _certificate; - - CFArrayRef getTrustedCertificates() - { - return _trustedCertificates; - } - -private: - SecKeyRef _privateKey = 0; - SecCertificateRef _certificate = 0; - CFMutableArrayRef _trustedCertificates = 0; -}; - -class TlsSession_osx : public TlsSession { -public: - TlsSession_osx(TlsContext_osx* context); - ~TlsSession_osx(); - - void startConnect() override; - void startAccept() override; - void shutdown() override; - HandshakeResult handshake() override; - - int readPlain(char* buffer, size_t bytes) override; - int writePlain(const char* buffer, size_t bytes) override; - - int readEncrypted(char* buffer, size_t bytes) override; - int writeEncrypted(const char* buffer, size_t bytes) override; - - void setHostname(const char* hostname) override { _hostname = hostname; } - virtual int getPeerCertificate(char* buffer, size_t bytes) override; - -private: - static OSStatus writeCallback(SSLConnectionRef connection, const void* data, size_t* dataLength); - static OSStatus readCallback(SSLConnectionRef connection, void* data, size_t* dataLength); - - TlsContext_osx* _context = 0; - SSLContextRef _session = 0; - std::vector _inBuffer; - std::vector _outBuffer; - std::string _hostname; - bool _shutdown = false; -}; - -TlsContext_osx::~TlsContext_osx() -{ - if (_privateKey) - { - CFRelease(_privateKey); - _privateKey = 0; - } - if (_certificate) - { - CFRelease(_certificate); - _certificate = 0; - } - if (_trustedCertificates) - { - CFRelease(_trustedCertificates); - _trustedCertificates = 0; - } -} - -TlsSession* TlsContext_osx::createSession() -{ - return new TlsSession_osx(this); -} - -bool TlsContext_osx::setCertificate(const char* certificate) -{ - if (_certificate) - { - CFRelease(_certificate); - _certificate = 0; - } - CFDataRef data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, reinterpret_cast(certificate), std::strlen(certificate), kCFAllocatorDefault); - CFArrayRef items = 0; - SecExternalFormat format = kSecFormatPEMSequence; - SecExternalItemType itemType = kSecItemTypeCertificate; - OSStatus status = SecItemImport(data, 0, &format, &itemType, 0, 0, 0, &items); - if (status == noErr && CFArrayGetCount(items) > 0) - { - _certificate = (SecCertificateRef)CFArrayGetValueAtIndex(items, 0); - } - return _certificate != 0; -} - -bool TlsContext_osx::setPrivateKey(const char* privateKey) -{ - if (_privateKey) - { - CFRelease(_privateKey); - _privateKey = 0; - } - - CFDataRef data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, reinterpret_cast(privateKey), std::strlen(privateKey), kCFAllocatorDefault); - CFArrayRef items = 0; - SecExternalFormat format = kSecFormatPEMSequence; - SecExternalItemType itemType = kSecItemTypePrivateKey; - OSStatus status = SecItemImport(data, 0, &format, &itemType, 0, 0, 0, &items); - if (status == noErr && CFArrayGetCount(items) > 0) - { - _privateKey = (SecKeyRef)CFArrayGetValueAtIndex(items, 0); - } - return _privateKey != 0; -} - -bool TlsContext_osx::addTrustedCertificate(const char* certificate) -{ - if (!_trustedCertificates) - { - _trustedCertificates = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); - } - SecCertificateRef certificateItem = 0; - CFDataRef data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, reinterpret_cast(certificate), std::strlen(certificate), kCFAllocatorDefault); - CFArrayRef items = 0; - SecExternalFormat format = kSecFormatPEMSequence; - SecExternalItemType itemType = kSecItemTypeCertificate; - OSStatus status = SecItemImport(data, 0, &format, &itemType, 0, 0, 0, &items); - if (status == noErr && CFArrayGetCount(items) > 0) - { - certificateItem = (SecCertificateRef)CFArrayGetValueAtIndex(items, 0); - } - if (certificateItem) - { - CFArrayAppendValue(_trustedCertificates, certificateItem); - } - return certificateItem != 0; -} - -TlsSession_osx::TlsSession_osx(TlsContext_osx* context) -{ - _context = context; -} - -TlsSession_osx::~TlsSession_osx() -{ - if (_session) - { - CFRelease(_session); - _session = 0; - } -} - -void TlsSession_osx::startAccept() -{ - _session = SSLCreateContext(0, kSSLServerSide, kSSLStreamType); - if (_context->getCertificate() && _context->getPrivateKey()) - { - SecIdentityRef identity = SecIdentityCreate(kCFAllocatorDefault, _context->getCertificate(), _context->getPrivateKey()); - CFArrayRef array = CFArrayCreate(kCFAllocatorDefault, (const void**)&identity, 1, &kCFTypeArrayCallBacks); - SSLSetCertificate(_session, array); - } - SSLSetIOFuncs(_session, readCallback, writeCallback); - SSLSetConnection(_session, this); - handshake(); -} - -void TlsSession_osx::startConnect() -{ - _session = SSLCreateContext(0, kSSLClientSide, kSSLStreamType); - if (_context->getTrustedCertificates()) - { - // XXX: SSLSetTrustedRoots(_session, _context->getTrustedCertificates(), false); - } - SSLSetIOFuncs(_session, readCallback, writeCallback); - SSLSetConnection(_session, this); - SSLSetPeerDomainName(_session, _hostname.c_str(), _hostname.size()); - handshake(); -} - -void TlsSession_osx::shutdown() -{ - if (!_outBuffer.size()) - { - SSLClose(_session); - _shutdown = false; - } - else - { - _shutdown = true; - } -} - -TlsSession::HandshakeResult TlsSession_osx::handshake() -{ - TlsSession::HandshakeResult result = TlsSession::kFailed; - OSStatus status = SSLHandshake(_session); - switch (status) - { - case noErr: - result = TlsSession::kDone; - break; - case errSSLWouldBlock: - result = TlsSession::kMore; - break; - default: - result = TlsSession::kFailed; - break; - } - return result; -} - -int TlsSession_osx::readPlain(char* buffer, size_t bytes) -{ - int result = 0; - size_t processed = bytes; - OSStatus status = SSLRead(_session, buffer, bytes, &processed); - if (status == noErr) - { - result = processed; - } - else if (status == errSSLWouldBlock) - { - result = processed; - } - else if (status == errSSLClosedGraceful) - { - result = kReadZero; - } - else - { - result = kReadFailed; - } - return result; -} - -int TlsSession_osx::writePlain(const char* buffer, size_t bytes) -{ - int result = 0; - size_t processed; - OSStatus status = SSLWrite(_session, buffer, bytes, &processed); - if (status == noErr) - { - result = processed; - } - else - { - result = -1; - } - return result; -} - -OSStatus TlsSession_osx::writeCallback(SSLConnectionRef connection, const void* data, size_t* dataLength) -{ - TlsSession_osx* tls = reinterpret_cast(const_cast(connection)); - tls->_outBuffer.insert(tls->_outBuffer.end(), reinterpret_cast(data), reinterpret_cast(data) + *dataLength); - if (tls->_shutdown && !tls->_outBuffer.size()) - { - SSLClose(tls->_session); - tls->_shutdown = false; - } - return noErr; -} - -OSStatus TlsSession_osx::readCallback(SSLConnectionRef connection, void* data, size_t* dataLength) -{ - TlsSession_osx* tls = reinterpret_cast(const_cast(connection)); - OSStatus result = noErr; - size_t bytes = std::min(tls->_inBuffer.size(), *dataLength); - if (bytes > 0) - { - std::memcpy(data, tls->_inBuffer.data(), bytes); - tls->_inBuffer.erase(tls->_inBuffer.begin(), tls->_inBuffer.begin() + bytes); - } - if (bytes < *dataLength) - { - result = errSSLWouldBlock; - } - *dataLength = bytes; - return result; -} - -int TlsSession_osx::readEncrypted(char* buffer, size_t bytes) -{ - size_t size = std::min(bytes, _outBuffer.size()); - if (size > 0) - { - std::memcpy(buffer, _outBuffer.data(), size); - _outBuffer.erase(_outBuffer.begin(), _outBuffer.begin() + size); - } - return size; -} - -int TlsSession_osx::writeEncrypted(const char* buffer, size_t bytes) -{ - _inBuffer.insert(_inBuffer.end(), buffer, buffer + bytes); - return bytes; -} - -int TlsSession_osx::getPeerCertificate(char* buffer, size_t size) -{ - int result = -1; - SecTrustRef trust = 0; - if (SSLCopyPeerTrust(_session, &trust) == noErr) - { - if (SecTrustGetCertificateCount(trust) > 0) - { - SecCertificateRef certificate = SecTrustGetCertificateAtIndex(trust, 0); - CFDataRef data = 0; - if (SecItemExport(certificate, kSecFormatX509Cert, kSecItemPemArmour, nil, &data) == noErr) - { - size_t actualSize = CFDataGetLength(data); - if (actualSize <= size) - { - CFDataGetBytes(data, CFRangeMake(0, actualSize), reinterpret_cast(buffer)); - result = actualSize; - } - } - } - CFRelease(trust); - } - return result; -} - -TlsContext* TlsContext::create() -{ - return new TlsContext_osx(); -} -#elif defined (_WIN32) -#if 0 -#include -#include -#include -#include -#include - -#define SECURITY_WIN32 -#define NOMINMAX -#include -#include -#include -#undef SECURITY_WIN32 -#undef NOMINMAX - -PSecurityFunctionTable getSecurityLibrary(); - -class TlsContext_sspi : public TlsContext { -public: - TlsContext_sspi(); - ~TlsContext_sspi(); - - TlsSession* createSession() override; - bool setCertificate(const char* certificate) override; - bool setPrivateKey(const char* privateKey) override; - bool addTrustedCertificate(const char* certificate) - { - return false; - } - - PCCERT_CONTEXT& getCertificate() - { - return _certificate; - } - -private: - static const char* kContainerName; - void importKeyAndCertificate(); - - HCRYPTPROV _provider = 0; - HCERTSTORE _store = INVALID_HANDLE_VALUE; - PCCERT_CONTEXT _certificate = 0; - bool _dirty = true; -}; - -const char* TlsContext_sspi::kContainerName = "_tmp0"; - -class TlsSession_sspi : public TlsSession { -public: - TlsSession_sspi(TlsContext_sspi* context); - ~TlsSession_sspi(); - - void startConnect() override; - void startAccept() override; - int getPeerCertificate(char* buffer, size_t size) override; - void shutdown() override; - HandshakeResult handshake() override; - - int readPlain(char* buffer, size_t bytes) override; - int writePlain(const char* buffer, size_t bytes) override; - - int readEncrypted(char* buffer, size_t bytes) override; - int writeEncrypted(const char* buffer, size_t bytes) override; - - void setHostname(const char* hostname) - { - _hostname = hostname; - } - - static void setError(HRESULT error); - bool getError(char* buffer, size_t bytes) override; - -private: - HandshakeResult handshakeInternal(bool initial); - - TlsContext_sspi* _context; - CredHandle _credentialsHandle; - CtxtHandle _securityContext; - SecPkgContext_StreamSizes _sizes; - enum { k_direction_undetermined, k_direction_connect, k_direction_accept } _direction = k_direction_undetermined; - bool _initial = false; - static HRESULT _lastError; - - std::vector _inBuffer; - std::vector _outBuffer; - std::vector _decryptedBuffer; - std::string _hostname; -}; - -HRESULT TlsSession_sspi::_lastError = S_OK; - -PSecurityFunctionTable getSecurityLibrary() -{ - PSecurityFunctionTable (*table)(); - static PSecurityFunctionTable security; - static bool loaded; - if (!loaded) - { - HMODULE module = LoadLibrary("security.dll"); - table = (PSecurityFunctionTable(*)())GetProcAddress(module, "InitSecurityInterfaceA"); - assert(table && "failed to load security.dll"); - security = table(); - assert(security && "No function table in security.dll"); - loaded = true; - } - return security; -} - -TlsContext_sspi::TlsContext_sspi() -{ - if (!CryptAcquireContext(&_provider, kContainerName, MS_DEF_RSA_SCHANNEL_PROV, PROV_RSA_SCHANNEL, CRYPT_NEWKEYSET)) - { - if (GetLastError() != NTE_EXISTS || !CryptAcquireContext(&_provider, kContainerName, MS_DEF_RSA_SCHANNEL_PROV, PROV_RSA_SCHANNEL, 0)) - { - TlsSession_sspi::setError(GetLastError()); - } - } - - _store = CertOpenStore(CERT_STORE_PROV_SYSTEM, - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - _provider, - CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_NO_CRYPT_RELEASE_FLAG | CERT_STORE_OPEN_EXISTING_FLAG, - L"MY"); -} - -TlsContext_sspi::~TlsContext_sspi() -{ - if (_store) - { - CertCloseStore(_store, 0); - _store = INVALID_HANDLE_VALUE; - } - if (_provider) - { - CryptReleaseContext(_provider, 0); - _provider = 0; - } - if (_certificate) - { - CertFreeCertificateContext(_certificate); - _certificate = 0; - } -} - -bool TlsContext_sspi::setCertificate(const char* certificate) -{ - if (_certificate) - { - CertFreeCertificateContext(_certificate); - _certificate = 0; - } - - std::vector certificateBuffer; - DWORD size = 0; - if (CryptStringToBinary(certificate, 0, CRYPT_STRING_BASE64HEADER, 0, &size, 0, 0)) - { - certificateBuffer.resize(size); - if (!CryptStringToBinary(certificate, 0, CRYPT_STRING_BASE64HEADER, certificateBuffer.data(), &size, 0, 0)) - { - certificateBuffer.resize(0); - } - } - - if (certificateBuffer.size()) - { - _certificate = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, certificateBuffer.data(), certificateBuffer.size()); - } - - if (!CertAddCertificateContextToStore(_store, _certificate, CERT_STORE_ADD_REPLACE_EXISTING, 0)) - { - TlsSession_sspi::setError(GetLastError()); - } - - _dirty = true; - - return _certificate != 0; -} - -bool TlsContext_sspi::setPrivateKey(const char* privateKey) -{ - bool result = false; - std::vector keyBuffer; - std::vector keyBlob; - - DWORD size = 0; - if (CryptStringToBinary(privateKey, 0, CRYPT_STRING_BASE64HEADER, 0, &size, 0, 0)) - { - keyBuffer.resize(size); - if (!CryptStringToBinary(privateKey, 0, CRYPT_STRING_BASE64HEADER, keyBuffer.data(), &size, 0, 0)) - { - TlsSession_sspi::setError(GetLastError()); - keyBuffer.resize(0); - } - } - - size = 0; - if (CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, keyBuffer.data(), keyBuffer.size(), 0, 0, 0, &size)) - { - keyBlob.resize(size); - if (!CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, keyBuffer.data(), keyBuffer.size(), 0, 0, keyBlob.data(), &size)) - { - TlsSession_sspi::setError(GetLastError()); - keyBlob.resize(0); - } - } - - HCRYPTKEY cryptKey = 0; - if (CryptImportKey(_provider, keyBlob.data(), keyBlob.size(), 0, 0, &cryptKey)) - { - CryptDestroyKey(cryptKey); - cryptKey = 0; - result = true; - } - else - { - TlsSession_sspi::setError(GetLastError()); - } - - _dirty = true; - - return result; -} - -void TlsContext_sspi::importKeyAndCertificate() -{ - if (_certificate) - { - WCHAR wname[32]; - mbstowcs(wname, kContainerName, sizeof(kContainerName) + 1); - - CRYPT_KEY_PROV_INFO info; - ZeroMemory(&info, sizeof(info)); - info.pwszContainerName = wname; - info.pwszProvName = MS_DEF_RSA_SCHANNEL_PROV_W; - info.dwProvType = PROV_RSA_SCHANNEL; - info.dwKeySpec = AT_KEYEXCHANGE; - - if (!CertSetCertificateContextProperty(_certificate, CERT_KEY_PROV_INFO_PROP_ID, 0, reinterpret_cast(&info))) - { - TlsSession_sspi::setError(GetLastError()); - } - } - _dirty = false; -} - -TlsSession* TlsContext_sspi::createSession() -{ - if (_dirty) - { - importKeyAndCertificate(); - } - return new TlsSession_sspi(this); -} - -TlsSession_sspi::TlsSession_sspi(TlsContext_sspi* context) -{ - _context = context; - ZeroMemory(&_credentialsHandle, sizeof(_credentialsHandle)); - ZeroMemory(&_securityContext, sizeof(_securityContext)); - ZeroMemory(&_sizes, sizeof(_sizes)); -} - -TlsSession_sspi::~TlsSession_sspi() -{ - getSecurityLibrary()->FreeCredentialsHandle(&_credentialsHandle); - getSecurityLibrary()->DeleteSecurityContext(&_securityContext); -} - -void TlsSession_sspi::startAccept() -{ - _direction = k_direction_accept; - _initial = true; - SCHANNEL_CRED credentials; - ZeroMemory(&credentials, sizeof(credentials)); - credentials.dwVersion = SCHANNEL_CRED_VERSION; - credentials.cCreds = 1; - credentials.paCred = &_context->getCertificate(); - _lastError = getSecurityLibrary()->AcquireCredentialsHandleA(0, UNISP_NAME_A, SECPKG_CRED_INBOUND, 0, &credentials, 0, 0, &_credentialsHandle, 0); - if (_lastError == S_OK) - { - handshakeInternal(true); - } -} - -void TlsSession_sspi::startConnect() -{ - _direction = k_direction_connect; - _initial = true; - SCHANNEL_CRED credentials; - ZeroMemory(&credentials, sizeof(credentials)); - credentials.dwVersion = SCHANNEL_CRED_VERSION; - credentials.dwFlags = SCH_CRED_NO_DEFAULT_CREDS; - _lastError = getSecurityLibrary()->AcquireCredentialsHandleA(0, UNISP_NAME_A, SECPKG_CRED_OUTBOUND, 0, &credentials, 0, 0, &_credentialsHandle, 0); - if (_lastError == S_OK) - { - handshakeInternal(true); - } -} - -int TlsSession_sspi::getPeerCertificate(char* buffer, size_t size) -{ - int result = -1; - PCCERT_CONTEXT certificate; - HRESULT status = getSecurityLibrary()->QueryContextAttributesA(&_securityContext, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &certificate); - if (FAILED(status)) - { - _lastError = status; - } - else - { - DWORD bufferSize = size; - if (CryptBinaryToString(certificate->pbCertEncoded, certificate->cbCertEncoded, CRYPT_STRING_BASE64HEADER, buffer, &bufferSize)) - { - return bufferSize; - } - } - return result; -} - -void TlsSession_sspi::shutdown() -{ - DWORD type = SCHANNEL_SHUTDOWN; - SecBufferDesc bufferDesc; - SecBuffer buffers[1]; - buffers[0].pvBuffer = &type; - buffers[0].BufferType = SECBUFFER_TOKEN; - buffers[0].cbBuffer = sizeof(type); - bufferDesc.cBuffers = 1; - bufferDesc.pBuffers = buffers; - bufferDesc.ulVersion = SECBUFFER_TOKEN; - - SECURITY_STATUS status = getSecurityLibrary()->ApplyControlToken(&_securityContext, &bufferDesc); - if (!FAILED(status)) - { - buffers[0].pvBuffer = 0; - buffers[0].BufferType = SECBUFFER_TOKEN; - buffers[0].cbBuffer = 0; - bufferDesc.cBuffers = 1; - bufferDesc.pBuffers = buffers; - bufferDesc.ulVersion = SECBUFFER_VERSION; - - DWORD outFlags = 0; - - status = getSecurityLibrary()->InitializeSecurityContextA( - &_credentialsHandle, - &_securityContext, - 0, - ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT | ISC_REQ_CONFIDENTIALITY | ISC_RET_EXTENDED_ERROR | ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_STREAM, - 0, - 0, - 0, - 0, - &_securityContext, - &bufferDesc, - &outFlags, - 0); - - if (!FAILED(status) && buffers[0].pvBuffer && buffers[0].cbBuffer) - { - const char* data = reinterpret_cast(buffers[0].pvBuffer); - _outBuffer.insert(_outBuffer.end(), data, data + buffers[0].cbBuffer); - } - } -} - -TlsSession::HandshakeResult TlsSession_sspi::handshake() -{ - return handshakeInternal(_initial); -} - -TlsSession::HandshakeResult TlsSession_sspi::handshakeInternal(bool initial) -{ - SecBufferDesc outBuffer; - SecBuffer outBuffers[1]; - SecBufferDesc inBuffer; - SecBuffer inBuffers[2]; - DWORD outFlags = 0; - outBuffers[0].pvBuffer = 0; - outBuffers[0].BufferType = SECBUFFER_TOKEN; - outBuffers[0].cbBuffer = 0; - outBuffer.cBuffers = 1; - outBuffer.pBuffers = outBuffers; - outBuffer.ulVersion = SECBUFFER_VERSION; - std::vector buffer(_inBuffer); - inBuffers[0].pvBuffer = buffer.data(); - inBuffers[0].cbBuffer = buffer.size(); - inBuffers[0].BufferType = SECBUFFER_TOKEN; - inBuffers[1].pvBuffer = 0; - inBuffers[1].cbBuffer = 0; - inBuffers[1].BufferType = SECBUFFER_EMPTY; - inBuffer.cBuffers = 2; - inBuffer.pBuffers = inBuffers; - inBuffer.ulVersion = SECBUFFER_VERSION; - - SECURITY_STATUS status = SEC_E_OK; - - if (_direction == k_direction_connect) - { - status = getSecurityLibrary()->InitializeSecurityContextA( - &_credentialsHandle, - initial ? 0 : &_securityContext, - _hostname.size() ? const_cast(_hostname.c_str()) : 0, - ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT | ISC_REQ_CONFIDENTIALITY | ISC_RET_EXTENDED_ERROR | ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_STREAM, - 0, - 0, - &inBuffer, - 0, - &_securityContext, - &outBuffer, - &outFlags, - 0); - } - else if (_direction = k_direction_accept) - { - status = getSecurityLibrary()->AcceptSecurityContext( - &_credentialsHandle, - initial ? 0 : &_securityContext, - &inBuffer, - ASC_REQ_SEQUENCE_DETECT | ASC_REQ_REPLAY_DETECT | ASC_REQ_CONFIDENTIALITY | ASC_REQ_EXTENDED_ERROR | ASC_REQ_ALLOCATE_MEMORY | ASC_REQ_STREAM, - 0, - &_securityContext, - &outBuffer, - &outFlags, - 0); - } - - if (!FAILED(status)) - { - _initial = false; - } - - TlsSession::HandshakeResult result = TlsSession::kFailed; - - size_t extra = 0; - for (int i = 0; i < inBuffer.cBuffers; ++i) - { - if (inBuffers[i].BufferType == SECBUFFER_EXTRA && inBuffers[i].cbBuffer) - { - extra += inBuffers[i].cbBuffer; - } - } - size_t missing = 0; - for (int i = 0; i < inBuffer.cBuffers; ++i) - { - if (inBuffers[i].BufferType == SECBUFFER_MISSING && inBuffers[i].cbBuffer) - { - missing += inBuffers[i].cbBuffer; - } - } - - if (outBuffers[0].cbBuffer && outBuffers[0].pvBuffer) - { - const char* data = reinterpret_cast(outBuffers[0].pvBuffer); - _outBuffer.insert(_outBuffer.end(), data, data + outBuffers[0].cbBuffer); - getSecurityLibrary()->FreeContextBuffer(outBuffers[0].pvBuffer); - } - - if (status == SEC_E_OK) - { - result = TlsSession::kDone; - } - else if (status == SEC_E_INCOMPLETE_MESSAGE - || status == SEC_I_CONTINUE_NEEDED) - { - result = TlsSession::kMore; - } - else if (FAILED(status)) - { - result = TlsSession::kFailed; - } - - _inBuffer.erase(_inBuffer.begin(), _inBuffer.end() - extra); - - if (result == TlsSession::kDone) - { - status = getSecurityLibrary()->QueryContextAttributesA(&_securityContext, SECPKG_ATTR_STREAM_SIZES, &_sizes); - if (FAILED(status)) - { - result = TlsSession::kFailed; - } - } - - return result; -} - -int TlsSession_sspi::readPlain(char* buffer, size_t bytes) -{ - int result = TlsSession::kReadFailed; - if (bytes <= _decryptedBuffer.size()) - { - std::memcpy(buffer, _decryptedBuffer.data(), bytes); - _decryptedBuffer.erase(_decryptedBuffer.begin(), _decryptedBuffer.begin() + bytes); - result = bytes; - } - else if (_inBuffer.size()) - { - SecBufferDesc bufferDesc; - SecBuffer buffers[4]; - std::vector data(_inBuffer); - buffers[0].pvBuffer = data.data(); - buffers[0].cbBuffer = data.size(); - buffers[0].BufferType = SECBUFFER_DATA; - buffers[1].BufferType = SECBUFFER_EMPTY; - buffers[2].BufferType = SECBUFFER_EMPTY; - buffers[3].BufferType = SECBUFFER_EMPTY; - bufferDesc.ulVersion = SECBUFFER_VERSION; - bufferDesc.cBuffers = 4; - bufferDesc.pBuffers = buffers; - SECURITY_STATUS status = getSecurityLibrary()->DecryptMessage(&_securityContext, &bufferDesc, 0, 0); - - if (status == SEC_I_CONTEXT_EXPIRED) - { - _inBuffer.clear(); - result = TlsSession::kReadZero; - } - else if (status == SEC_E_INCOMPLETE_MESSAGE) - { - result = 0; - } - else if (status == SEC_E_OK) - { - result = 0; - size_t extra = 0; - for (int i = 0; i < bufferDesc.cBuffers; ++i) - { - if (buffers[i].BufferType == SECBUFFER_DATA) - { - const char* decrypted = reinterpret_cast(buffers[i].pvBuffer); - _decryptedBuffer.insert(_decryptedBuffer.end(), decrypted, decrypted + buffers[i].cbBuffer); - } - else if (buffers[i].BufferType == SECBUFFER_EXTRA) - { - extra += buffers[i].cbBuffer; - } - } - _inBuffer.erase(_inBuffer.begin(), _inBuffer.end() - extra); - - size_t actual = std::min(_decryptedBuffer.size(), bytes); - if (actual > 0) - { - std::memcpy(buffer, _decryptedBuffer.data(), actual); - _decryptedBuffer.erase(_decryptedBuffer.begin(), _decryptedBuffer.begin() + actual); - result = actual; - } - } - else - { - _inBuffer.clear(); - result = TlsSession::kReadFailed; - } - } - else - { - size_t actual = std::min(_decryptedBuffer.size(), bytes); - if (actual > 0) - { - std::memcpy(buffer, _decryptedBuffer.data(), actual); - _decryptedBuffer.erase(_decryptedBuffer.begin(), _decryptedBuffer.begin() + actual); - result = actual; - } - else - { - result = 0; - } - } - return result; -} - -int TlsSession_sspi::writePlain(const char* buffer, size_t bytes) -{ - SecBufferDesc bufferDesc; - SecBuffer buffers[4]; - std::vector data(_sizes.cbHeader + _sizes.cbTrailer + bytes); - std::memcpy(data.data() + _sizes.cbHeader, buffer, bytes); - - buffers[0].pvBuffer = data.data(); - buffers[0].cbBuffer = _sizes.cbHeader; - buffers[0].BufferType = SECBUFFER_STREAM_HEADER; - - buffers[1].pvBuffer = data.data() + _sizes.cbHeader; - buffers[1].cbBuffer = bytes; - buffers[1].BufferType = SECBUFFER_DATA; - - buffers[2].pvBuffer = data.data() + _sizes.cbHeader + bytes; - buffers[2].cbBuffer = _sizes.cbTrailer; - buffers[2].BufferType = SECBUFFER_STREAM_TRAILER; - - buffers[3].BufferType = SECBUFFER_EMPTY; - - bufferDesc.ulVersion = SECBUFFER_VERSION; - bufferDesc.cBuffers = 4; - bufferDesc.pBuffers = buffers; - SECURITY_STATUS status = getSecurityLibrary()->EncryptMessage(&_securityContext, 0, &bufferDesc, 0); - for (int i = 0; i < bufferDesc.cBuffers; ++i) - { - if (buffers[i].BufferType != SECBUFFER_EMPTY && buffers[i].pvBuffer && buffers[i].cbBuffer) - { - const char* bufferData = reinterpret_cast(buffers[i].pvBuffer); - _outBuffer.insert(_outBuffer.end(), bufferData, bufferData + buffers[i].cbBuffer); - } - } - return 0; -} - -int TlsSession_sspi::readEncrypted(char* buffer, size_t bytes) -{ - size_t size = std::min(bytes, _outBuffer.size()); - if (size > 0) - { - std::memcpy(buffer, _outBuffer.data(), size); - _outBuffer.erase(_outBuffer.begin(), _outBuffer.begin() + size); - } - return size; -} - -int TlsSession_sspi::writeEncrypted(const char* buffer, size_t bytes) -{ - _inBuffer.insert(_inBuffer.end(), buffer, buffer + bytes); - return bytes; -} - -void TlsSession_sspi::setError(HRESULT error) -{ - _lastError = error; -} - -bool TlsSession_sspi::getError(char* buffer, size_t bytes) -{ - bool result = false; - if (_lastError != S_OK) - { - DWORD length = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, 0, _lastError, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPSTR)buffer, bytes, 0); - _lastError = S_OK; - if (length > 0) - { - result = true; - } - } - return result; -} - -TlsContext* TlsContext::create() -{ - return new TlsContext_sspi(); -} -#endif -#else -TlsContext* TlsContext::create() -{ - return 0; -} -#endif - tf_tls_context_t* tf_tls_context_create() { tf_tls_context_t* context = tf_malloc(sizeof(tf_tls_context_t)); memset(context, 0, sizeof(*context)); -#if defined(TF_TLS_OPENSSL) SSL_library_init(); SSL_load_error_strings(); context->context = SSL_CTX_new(SSLv23_method()); SSL_CTX_set_default_verify_paths(context->context); -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) -#endif return context; } bool tf_tls_context_set_certificate(tf_tls_context_t* context, const char* certificate) { -#if defined(TF_TLS_OPENSSL) int result = 0; BIO* bio = BIO_new(BIO_s_mem()); BIO_puts(bio, certificate); @@ -1086,15 +63,10 @@ bool tf_tls_context_set_certificate(tf_tls_context_t* context, const char* certi } BIO_free(bio); return result == 1; -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) - return false; -#endif } bool tf_tls_context_set_private_key(tf_tls_context_t* context, const char* private_key) { -#if defined(TF_TLS_OPENSSL) int result = 0; BIO* bio = BIO_new(BIO_s_mem()); BIO_puts(bio, private_key); @@ -1102,15 +74,10 @@ bool tf_tls_context_set_private_key(tf_tls_context_t* context, const char* priva result = SSL_CTX_use_PrivateKey(context->context, key); BIO_free(bio); return result == 1; -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) - return false; -#endif } bool tf_tls_context_add_trusted_certificate(tf_tls_context_t* context, const char* certificate) { -#if defined(TF_TLS_OPENSSL) bool result = false; BIO* bio = BIO_new_mem_buf(certificate, -1); X509* x509 = PEM_read_bio_X509(bio, 0, 0, 0); @@ -1127,40 +94,26 @@ bool tf_tls_context_add_trusted_certificate(tf_tls_context_t* context, const cha } return result; -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) - return false; -#endif } tf_tls_session_t* tf_tls_context_create_session(tf_tls_context_t* context) { -#if defined(TF_TLS_OPENSSL) tf_tls_session_t* session = tf_malloc(sizeof(tf_tls_session_t)); memset(session, 0, sizeof(*session)); session->context = context; session->bio_in = BIO_new(BIO_s_mem()); session->bio_out = BIO_new(BIO_s_mem()); return session; -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) - return NULL; -#endif } void tf_tls_context_destroy(tf_tls_context_t* context) { -#if defined(TF_TLS_OPENSSL) SSL_CTX_free(context->context); tf_free(context); -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) -#endif } void tf_tls_session_destroy(tf_tls_session_t* session) { -#if defined(TF_TLS_OPENSSL) if (session->ssl) { SSL_free(session->ssl); @@ -1170,14 +123,10 @@ void tf_tls_session_destroy(tf_tls_session_t* session) tf_free((void*)session->hostname); } tf_free(session); -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) -#endif } void tf_tls_session_set_hostname(tf_tls_session_t* session, const char* hostname) { -#if defined(TF_TLS_OPENSSL) if (session->hostname) { tf_free((void*)session->hostname); @@ -1187,27 +136,19 @@ void tf_tls_session_set_hostname(tf_tls_session_t* session, const char* hostname { session->hostname = tf_strdup(hostname); } -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) -#endif } void tf_tls_session_start_accept(tf_tls_session_t* session) { -#if defined(TF_TLS_OPENSSL) session->direction = k_direction_accept; session->ssl = SSL_new(session->context->context); SSL_set_bio(session->ssl, session->bio_in, session->bio_out); SSL_accept(session->ssl); tf_tls_session_handshake(session); -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) -#endif } void tf_tls_session_start_connect(tf_tls_session_t* session) { -#if defined(TF_TLS_OPENSSL) session->direction = k_direction_connect; session->ssl = SSL_new(session->context->context); X509_VERIFY_PARAM* param = SSL_get0_param(session->ssl); @@ -1216,24 +157,16 @@ void tf_tls_session_start_connect(tf_tls_session_t* session) SSL_set_bio(session->ssl, session->bio_in, session->bio_out); SSL_connect(session->ssl); tf_tls_session_handshake(session); -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) -#endif } void tf_tls_session_shutdown(tf_tls_session_t* session) { -#if defined(TF_TLS_OPENSSL) SSL_shutdown(session->ssl); -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) -#endif } int tf_tls_session_get_peer_certificate(tf_tls_session_t* session, char* buffer, size_t bytes) { int result = -1; -#if defined(TF_TLS_OPENSSL) X509* certificate = SSL_get_peer_certificate(session->ssl); BIO* bio = BIO_new(BIO_s_mem()); PEM_write_bio_X509(bio, certificate); @@ -1245,13 +178,9 @@ int tf_tls_session_get_peer_certificate(tf_tls_session_t* session, char* buffer, result = mem->length; } BIO_free(bio); -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) -#endif return result; } -#if defined(TF_TLS_OPENSSL) #if OPENSSL_VERSION_NUMBER < 0x10100000L bool _tls_session_wildcard_match(const char* pattern, size_t pattern_length, const char* name) { @@ -1359,11 +288,9 @@ static bool _tls_session_verify_peer_certificate(tf_tls_session_t* session) } return verified; } -#endif tf_tls_handshake_t tf_tls_session_handshake(tf_tls_session_t* session) { -#if defined(TF_TLS_OPENSSL) tf_tls_handshake_t result = k_tls_handshake_done; if (!SSL_is_init_finished(session->ssl)) { @@ -1386,15 +313,10 @@ tf_tls_handshake_t tf_tls_session_handshake(tf_tls_session_t* session) result = k_tls_handshake_failed; } return result; -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) - return k_tls_handshake_failed; -#endif } int tf_tls_session_read_plain(tf_tls_session_t* session, char* buffer, size_t bytes) { -#if defined(TF_TLS_OPENSSL) int result = SSL_read(session->ssl, buffer, bytes); if (result <= 0) { @@ -1420,53 +342,29 @@ int tf_tls_session_read_plain(tf_tls_session_t* session, char* buffer, size_t by } } return result; -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) - return k_tls_read_failed; -#endif } int tf_tls_session_write_plain(tf_tls_session_t* session, const char* buffer, size_t bytes) { -#if defined(TF_TLS_OPENSSL) return SSL_write(session->ssl, buffer, bytes); -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) - return -1; -#endif } int tf_tls_session_read_encrypted(tf_tls_session_t* session, char* buffer, size_t bytes) { -#if defined(TF_TLS_OPENSSL) return BIO_read(session->bio_out, buffer, bytes); -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) - return -1; -#endif } int tf_tls_session_write_encrypted(tf_tls_session_t* session, const char* buffer, size_t bytes) { -#if defined(TF_TLS_OPENSSL) return BIO_write(session->bio_in, buffer, bytes); -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) - return -1; -#endif } bool tf_tls_session_get_error(tf_tls_session_t* session, char* buffer, size_t bytes) { -#if defined(TF_TLS_OPENSSL) unsigned long error = ERR_get_error(); if (error != 0) { ERR_error_string_n(error, buffer, bytes); } return error != 0; -#elif defined(TF_TLS_APPLE) -#elif defined(TF_TLS_SCHANNEL) - return false; -#endif }